rlottie (0.1+dfsg-2+deb11u1) bullseye-security; urgency=high

  * Non-maintainer upload by the LTS Team.
  * CVE-2025-0634 (Closes: #1109341)
    CVE-2025-53074
    CVE-2025-53075
    Most patches to fix these issues are already part of:
      Fix-crash-on-invalid-data.patch
    The remaining boundary check is left in:
      CVE-2025-0634-CVE-2025-53074-CVE-2025-53075.patch
    For the sake of completeness, the whole upstream patch
    for these CVEs is added in:
      CVE-2025-0634-CVE-2025-53074-CVE-2025-53075.patch.org

 -- Thorsten Alteholz <debian@alteholz.de>  Sun, 08 Feb 2026 10:05:10 +0100

rlottie (0.1+dfsg-2) unstable; urgency=medium

  * Update patches.
    - Sync patches with John Preston's fork.
      + New Freetype-raster.patch for fix CVE-2021-31321. (Closes: #988885)
      + New Fortify-lottie-parser.patch for fix crashes on invalid input.
    - New Extend-mDash-array.patch for fix CVE-2021-31317. (Closes: #988885)
    - New Include-limits-header.patch for fix build with the latest GCC.
      (Closes: #984323)
    - New Zero-corrupt-point.patch for fix crash on inappropriate shape.
      (Closes: #974095)
    - New Avoid-nullptr-in-solidColor.patch fixes null pointer dereferencing.
    - Fix error handling of broken JSON that led to crashes.
  * Skip RAPIDJSON_ASSERT as in Telegram or in upstream rLottie.

 -- Nicholas Guriev <guriev-ns@ya.ru>  Wed, 02 Jun 2021 09:23:26 +0300

rlottie (0.1+dfsg-1) unstable; urgency=medium

  * New upstream release.
  * Add upstream metadata.
  * Update debian/watch file for the first release.
  * Apply John Preston's fixes for improve stability.
    - Check-buffer-length.patch
    - Fix-crash-in-malformed-animations.patch
    - Fix-crash-on-invalid-data.patch

 -- Nicholas Guriev <guriev-ns@ya.ru>  Sun, 19 Jul 2020 21:43:03 +0300

rlottie (0~git20200305.a717479+dfsg-1) unstable; urgency=medium

  * Merge the latest upstream commit.
  * Fix some crashes on corrupted input.
  * Activate in-library cache support.
  * Bump Standards Version to 4.5.0, no related changes.

 -- Nicholas Guriev <guriev-ns@ya.ru>  Thu, 05 Mar 2020 22:16:05 +0300

rlottie (0~git20190721.24346d0+dfsg-2) unstable; urgency=medium

  * Copy full text of The FreeType Project License to debian/copyright file.

 -- Nicholas Guriev <guriev-ns@ya.ru>  Sun, 11 Aug 2019 14:19:58 +0300

rlottie (0~git20190721.24346d0+dfsg-1) unstable; urgency=low

  * Initial upload. (Closes: #931832)

 -- Nicholas Guriev <guriev-ns@ya.ru>  Tue, 23 Jul 2019 08:21:50 +0300
