icu (3.8-6ubuntu0.2) hardy-security; urgency=low * SECURITY UPDATE: fix improper handling of invalid byte sequences during Unicode conversion - debian/07-CVE-2009-0153.patch: backported patch thanks to RedHat via Debian - 03-redhat.icu5797.patch, 04-redhat.icu6001.patch, and 05-redhat.icu6002.patch required for applying 07-CVE-2009-0153.patch with 06-CVE-2008-1036.patch needing adjustments. Patch from Debian. - CVE-2009-0153 -- Jamie Strandboge Wed, 07 Oct 2009 11:33:48 -0500 icu (3.8-6ubuntu0.1) hardy-security; urgency=low * SECURITY UPDATE: Cross-site scripting attack via invalid character sequences (LP: #341834) - debian/patches/03-cve-2008-1036.patch: Improve parsing logic in source/common/{ucnv2022.c,ucnv_bld.*,ucnv.c,ucnvhz.c} to replace invalid character sequences. Also, add test case to source/test/{cintltst/nucnvtst.c,testdata/conversion.txt}. - CVE-2008-1036 -- Marc Deslauriers Wed, 25 Mar 2009 09:55:21 -0400 icu (3.8-6) unstable; urgency=high * Add debian/patches/00-cve-2007-4770-4771.patch created from with svn diff -c 23292 \ http://source.icu-project.org/repos/icu/icu/branches/maint/maint-3-8 to address the following security vulnerablilities: - CVE-2007-4770: reference to non-existent capture group may cause access to invalid memory - CVE-2007-4771: buffer overflow in regexcmp.cpp (Closes: #463688) * Updated standards version to 3.7.3: no changes required. -- Jay Berkenbilt Thu, 07 Feb 2008 12:58:34 -0500 icu (3.8-5) unstable; urgency=low * Filter out extraneous dependencies among different versions of the library packages. (Closes: #451767, 451978) -- Jay Berkenbilt Sat, 01 Dec 2007 09:47:32 -0500 icu (3.8-4) experimental; urgency=low * Include changes from 3.6-10. -- Jay Berkenbilt Sun, 18 Nov 2007 11:04:16 -0500 icu (3.6-10) unstable; urgency=low * It appears that amd64 requires 32-bit libraries to be in /emul/ia32-linux/usr/lib instead of /usr/lib32. Following zlib's example of moving them around for amd64 only. (Closes: #451495) -- Jay Berkenbilt Sun, 18 Nov 2007 11:03:10 -0500 icu (3.8-3) experimental; urgency=low * Include changes from 3.6-9. * Include -dbg package with unstripped versions of the libraries. -- Jay Berkenbilt Sat, 17 Nov 2007 15:02:36 -0500 icu (3.6-9) unstable; urgency=low * Yet another 32-bit library fix. Files were installed in /32 because of the debian/tmp32 thing. How did this ever work? (Closes: #451495) -- Jay Berkenbilt Sat, 17 Nov 2007 12:12:18 -0500 icu (3.8-2) experimental; urgency=low * Include changes from 3.6-8. (Closes: #448747) -- Jay Berkenbilt Tue, 06 Nov 2007 20:58:09 -0500 icu (3.6-8) unstable; urgency=low * Clean up 32-bit library patch to avoid excessive and unnecessary runs of configure. (Closes: #447771) * make setBreakType public in rbbi.h; needed by OpenOffice.org. This patch is included in OpenOffice.org's internal ICU. Including it here allows OpenOffice.org to continue to use this ICU package. Thanks Rene Engelhard. (Closes: #448745) * Rename debian/watch.not-yet to debian/no-watch so it won't get picked up even though it's not supposed to. ICU's ftp site uses a structure that isn't supported by uscan. (Closes: #449701) -- Jay Berkenbilt Tue, 06 Nov 2007 20:56:38 -0500 icu (3.8-1) experimental; urgency=low * New upstream release. All previously included patches have been incorporated into upstream. -- Jay Berkenbilt Sat, 20 Oct 2007 11:53:32 -0400 icu (3.6-7) unstable; urgency=low * Fix bug in which 32-bit library installs were overwriting files for 64-bit libraries on amd64. Thanks Robert Millan for the patch. (Closes: #447275) -- Jay Berkenbilt Sat, 20 Oct 2007 11:30:12 -0400 icu (3.6-6) unstable; urgency=low * Oops: fixed one more problem with 32-bit builds on a 64-bit platform. Thanks Aaron Ucko. (Closes: #398778) -- Jay Berkenbilt Mon, 17 Sep 2007 15:19:59 -0400 icu (3.6-5) unstable; urgency=low * Add additional Build-Depends for 64-bit platforms. Thanks Robert Millan. (Closes: #398778) -- Jay Berkenbilt Mon, 17 Sep 2007 10:42:32 -0400 icu (3.6-4) unstable; urgency=low * Accepted patch from Robert Millan (with very slight, mostly cosmetic modifications) to build 32-bit libraries on 64-bit architectures. Many thanks to Robert Millan for supplying this patch! (Closes: #398778) -- Jay Berkenbilt Sat, 15 Sep 2007 21:42:33 -0400 icu (3.8~d01-1) experimental; urgency=low * New upstream release * Configure with weak reference to thread library. (Closes: #389260) * The development package no longer has the library soname in its name. It is now just libicu-dev. -- Jay Berkenbilt Sat, 04 Aug 2007 11:04:49 -0400 icu (3.6-3) unstable; urgency=low * Include patch from Samuel Thibault to allow icu to build on gnu hurd. (Closes: #414446) -- Jay Berkenbilt Tue, 10 Jul 2007 17:31:56 -0400 icu (3.6-2) unstable; urgency=low * Include patch to fix error in IndicClassTables to fix worstCaseExpansion for Sinhala. Thanks to Harshula for forwarding this. -- Jay Berkenbilt Mon, 27 Nov 2006 21:19:09 -0500 icu (3.6-1) unstable; urgency=low * New upstream release * Provide libicu34-dev since ICU 3.6 provides backward compatible interfaces in addition to new ones. -- Jay Berkenbilt Tue, 19 Sep 2006 12:10:41 -0400 icu (3.6~d02-1) experimental; urgency=low * New upstream release. * Remove special optimization hack to work around now-fixed m68k build problems. (Closes: #360743) * Update standards version. No changes required. -- Jay Berkenbilt Tue, 15 Aug 2006 16:34:34 -0400 icu (3.4.1a-1) unstable; urgency=low * Upstream re-released 3.4.1 without changing the version number because the header file with 3.4.1 still said it was 3.4. Unfortunately, the debian 3.4.1 package had already been uploaded. This "3.4.1a" release now matches upstream's 3.4.1. -- Jay Berkenbilt Wed, 29 Mar 2006 22:19:08 -0500 icu (3.4.1-1) unstable; urgency=low * New upstream release -- Jay Berkenbilt Fri, 3 Mar 2006 23:07:52 -0500 icu (3.4-4) unstable; urgency=low * Build with g++ 4.0 with -fno-strict-aliasing to work around g++ 4.0 bugs that impact ICU. Future versions should work properly with the latest g++ without any special flags. (Closes: #342970) * Enable static libraries. -- Jay Berkenbilt Sun, 22 Jan 2006 11:36:59 -0500 icu (3.4-3) unstable; urgency=low * Explicitly build with g++ 3.4. The current ICU fails its test suite with 4.0 but not with 3.4. Future versions should work properly with 4.0. -- Jay Berkenbilt Sat, 19 Nov 2005 11:29:31 -0500 icu (3.4-2) unstable; urgency=low * Remove some extraneous build steps that may cause problems with autobuilders. -- Jay Berkenbilt Sat, 13 Aug 2005 12:41:35 -0400 icu (3.4-1) unstable; urgency=low * New upstream release * Completely new packaging -- Jay Berkenbilt Fri, 5 Aug 2005 21:57:15 -0400 icu (2.1-3) unstable; urgency=low * New maintainer as per discussion with Ivo. * g++ 4.0 transition: libicu21c102 is now libicu21c2. * Accepted changes from NMU below for now. This change will be reversed soon when icu is updated to the current upstream version. The icu28 package will also be removed at that time, as per discussion with the icu28 maintainer. Closes: #301316 * Add shlibs files -- Jay Berkenbilt Sat, 9 Jul 2005 13:33:35 -0400 icu (2.1-2.1) unstable; urgency=medium * Rename icu-doc to icu21-doc. icu-doc is built by the icu28 package. -- Matthias Klose Sat, 21 May 2005 22:44:31 +0200 icu (2.1-2) unstable; urgency=low * debian/control: Changed maintainer, added Daniel Glassey as Uploader. (Reference: http://lists.debian.org/debian-devel/2003/debian-devel-200308/msg01963.html) -- Ivo Timmermans Sun, 18 Jan 2004 23:52:03 +0100 icu (2.6.1-1) experimental; urgency=low * New upstream version. * Ivo Timmermans: * debian/rules Don't create arch-all packages in the binary-arch target. Closes: #184403 -- Ivo Timmermans Thu, 6 Nov 2003 09:03:44 +0100 icu (2.6-1) experimental; urgency=low * New upstream version. Closes: #162975 * debian/control: New maintainers * Daniel Glassey: * debian/rules Don't use --enable-static as it bloats the packages * debian/rules Change the optimisations to -O3 and -O to get it to build * debian/rules get the latest config.{sub,guess} from /usr/share/misc so add build-dep on autotools-dev * debian/postinst gencnval is now in {prefix}/bin * Ivo Timmermans: * debian/control Tightened debhelper build dependency * debian/control Update Standards-Version -- Daniel Glassey Wed, 3 Sep 2003 12:39:35 +0200 icu (2.1-1.2) unstable; urgency=low * NMU. * Updated source/config.{sub,guess}. Closes: #182697 -- Ivo Timmermans Fri, 7 Mar 2003 20:58:23 +0100 icu (2.1-1.1) unstable; urgency=low * NMU. * debian/control: Go through G++ ABI transition. Closes: #180124 * source/common/unicode/docmain.h: Fix \mainpage and \section tags, so doxygen doesn't get confused any more. Closes: #178344 * debian/copyright: Added upstream URL. Closes: #165780 -- Ivo Timmermans Fri, 14 Feb 2003 15:21:56 +0100 icu (2.1-1) unstable; urgency=low * ICU 2.1 release. * Changed the icu package description. Closes: 142886 * Use -O1 for CXXFLAGS for OS/390. Closes: 143021 -- Yves Arrouye Mon, 15 Apr 2002 14:03:12 -0700 icu (2.0.2-1) unstable; urgency=low * Minor release of ICU with fixes for threading and strTo/FromWCS -- Yves Arrouye Tue, 2 Apr 2002 09:06:00 -0800 icu (2.0-2.1pre20020318-1) unstable; urgency=low * Use the library number in the development package too. * ICU changed to version 2.1. -- Yves Arrouye Tue, 19 Mar 2002 18:38:37 -0800 icu (2.0-2.1pre20020303-1) unstable; urgency=low * Fixed a crash in uconv when no argument is passed to -f or -t. * Other upstream changes. * Fresh upload with an up to date orig tar file so that future diffs won't be 6 megabytes long! -- Yves Arrouye Sun, 3 Mar 2002 15:31:13 -0800 icu (2.0-2.1pre-1) unstable; urgency=low * Prerelease of 2.1 with a working upgraded uconv(1). -- Yves Arrouye Fri, 1 Mar 2002 21:51:47 -0800 icu (2.0-3) unstable; urgency=low * Renamed doc-base to icu-doc.doc-base. Closes: 127487 -- Yves Arrouye Fri, 18 Jan 2002 22:33:53 -0800 icu (2.0-2) unstable; urgency=low * Fixed a bug in uprv_uca_cloneTempTable(). Closes: 128484 * Update Debian bugs status. Closes: 104642 * Use the official 2.0 tarball as the original tar. * Added manual pages for every tool. -- Yves Arrouye Wed, 16 Jan 2002 20:45:42 -0800 icu (2.0-1) unstable; urgency=low * Update to ICU version 2.0. -- Yves Arrouye Sat, 10 Nov 2001 21:58:19 -0800 icu (1.8.1-2) unstable; urgency=low * Updated copyright file. Closes: 112488 * Updated icu-locales description. Closes: 75499 -- Yves Arrouye Sat, 10 Nov 2001 21:24:58 -0800 icu (1.8.1-1.1) unstable; urgency=low * NMU to resolve build failures on ia64 and (hopefully) hppa. * config.{sub|guess} update * source/tools/ctestfw/ctest.c: Add static declaration to global variables local to that module to avoid @gprel relocation errors. Closes: 104642 -- Yves Arrouye Sat, 10 Nov 2001 21:24:44 -0800 icu (1.8.1-1) unstable; urgency=low * Update to ICU version 1.8.1. -- root Mon, 21 May 2001 15:27:36 -0700 icu (1.7-1) unstable; urgency=low * Update to ICU version 1.7. -- Yves Arrouye Tue, 21 Nov 2000 22:54:52 -0800 icu (1.6.0.1-20001113-2) unstable; urgency=low * New snapshot with better ISO-2022. -- Yves Arrouye Mon, 13 Nov 2000 21:05:00 -0800 icu (1.6.0.1-20001027-1) unstable; urgency=low * Move architecture-dependent files into /usr/lib, instead of /usr/share. * Move convrtrs.txt into /etc/icu, make it a conffile, and generate /usr/lib/icu/1.6.0.1/cnvalias.dat from it at postinst time. * Manage a /usr/lib/icu/current symbolic link across installations of the libicuXX packages. The symlink will always point to the highest numbered version of ICU. -- Yves Arrouye Fri, 27 Oct 2000 15:40:12 -0700 icu (1.6.0.1-20001017-1) unstable; urgency=low * Initial Release. -- Yves Arrouye Tue, 24 Oct 2000 16:14:12 -0700