Author: Marc Deslauriers
Revision Date: 2015-09-10 07:07:57 UTC

* SECURITY UPDATE: uninitialized memory reads (LP: #1449225)
  - debian/patches-freetype/savannah-bug-41309.patch: fix use of
    uninitialized data in src/cid/cidload.c, src/psaux/psobjs.c,
    src/type1/t1load.c, src/type42/t42parse.c.
  - No CVE number
* SECURITY UPDATE: denial of service via infinite loop in parse_encode
  (LP: #1492124)
  - debian/patches-freetype/savannah-bug-41590.patch: protect against
    invalid charcode in src/type1/t1load.c.
  - No CVE number

Author: Marc Deslauriers
Revision Date: 2015-09-10 07:10:41 UTC

* SECURITY UPDATE: uninitialized memory reads (LP: #1449225)
  - debian/patches-freetype/savannah-bug-41309.patch: fix use of
    uninitialized data in src/cid/cidload.c, src/psaux/psobjs.c,
    src/type1/t1load.c, src/type42/t42parse.c.
  - No CVE number
* SECURITY UPDATE: denial of service via infinite loop in parse_encode
  (LP: #1492124)
  - debian/patches-freetype/savannah-bug-41590.patch: protect against
    invalid charcode in src/type1/t1load.c.
  - No CVE number

Author: Marc Deslauriers
Revision Date: 2015-09-10 07:09:04 UTC

* SECURITY UPDATE: uninitialized memory reads (LP: #1449225)
  - debian/patches-freetype/savannah-bug-41309.patch: fix use of
    uninitialized data in src/cid/cidload.c, src/psaux/psobjs.c,
    src/type1/t1load.c, src/type42/t42parse.c.
  - No CVE number
* SECURITY UPDATE: denial of service via infinite loop in parse_encode
  (LP: #1492124)
  - debian/patches-freetype/savannah-bug-41590.patch: protect against
    invalid charcode in src/type1/t1load.c.
  - No CVE number

Author: Marc Deslauriers
Revision Date: 2015-09-10 07:07:57 UTC

* SECURITY UPDATE: uninitialized memory reads (LP: #1449225)
  - debian/patches-freetype/savannah-bug-41309.patch: fix use of
    uninitialized data in src/cid/cidload.c, src/psaux/psobjs.c,
    src/type1/t1load.c, src/type42/t42parse.c.
  - No CVE number
* SECURITY UPDATE: denial of service via infinite loop in parse_encode
  (LP: #1492124)
  - debian/patches-freetype/savannah-bug-41590.patch: protect against
    invalid charcode in src/type1/t1load.c.
  - No CVE number

Author: Marc Deslauriers
Revision Date: 2015-09-10 07:05:53 UTC

* SECURITY UPDATE: denial of service via infinite loop in parse_encode
  (LP: #1492124)
  - debian/patches-freetype/savannah-bug-41590.patch: protect against
    invalid charcode in src/type1/t1load.c.
  - No CVE number

Author: Marc Deslauriers
Revision Date: 2015-09-10 07:10:41 UTC

* SECURITY UPDATE: uninitialized memory reads (LP: #1449225)
  - debian/patches-freetype/savannah-bug-41309.patch: fix use of
    uninitialized data in src/cid/cidload.c, src/psaux/psobjs.c,
    src/type1/t1load.c, src/type42/t42parse.c.
  - No CVE number
* SECURITY UPDATE: denial of service via infinite loop in parse_encode
  (LP: #1492124)
  - debian/patches-freetype/savannah-bug-41590.patch: protect against
    invalid charcode in src/type1/t1load.c.
  - No CVE number

Author: Marc Deslauriers
Revision Date: 2015-09-10 07:09:04 UTC

* SECURITY UPDATE: uninitialized memory reads (LP: #1449225)
  - debian/patches-freetype/savannah-bug-41309.patch: fix use of
    uninitialized data in src/cid/cidload.c, src/psaux/psobjs.c,
    src/type1/t1load.c, src/type42/t42parse.c.
  - No CVE number
* SECURITY UPDATE: denial of service via infinite loop in parse_encode
  (LP: #1492124)
  - debian/patches-freetype/savannah-bug-41590.patch: protect against
    invalid charcode in src/type1/t1load.c.
  - No CVE number

Author: Marc Deslauriers
Revision Date: 2015-09-10 07:05:53 UTC

* SECURITY UPDATE: denial of service via infinite loop in parse_encode
  (LP: #1492124)
  - debian/patches-freetype/savannah-bug-41590.patch: protect against
    invalid charcode in src/type1/t1load.c.
  - No CVE number

Author: Marc Deslauriers
Revision Date: 2015-02-24 08:41:04 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  multiple security issues
  - debian/patches-freetype/CVE-2014-96xx/*.patch: backport a large
    quantity of upstream commits to fix multiple security issues.
  - CVE-2014-9656
  - CVE-2014-9657
  - CVE-2014-9658
  - CVE-2014-9659
  - CVE-2014-9660
  - CVE-2014-9661
  - CVE-2014-9662
  - CVE-2014-9663
  - CVE-2014-9664
  - CVE-2014-9665
  - CVE-2014-9666
  - CVE-2014-9667
  - CVE-2014-9668
  - CVE-2014-9669
  - CVE-2014-9670
  - CVE-2014-9671
  - CVE-2014-9672
  - CVE-2014-9673
  - CVE-2014-9674
  - CVE-2014-9675

Author: Marc Deslauriers
Revision Date: 2015-02-24 08:41:04 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  multiple security issues
  - debian/patches-freetype/CVE-2014-96xx/*.patch: backport a large
    quantity of upstream commits to fix multiple security issues.
  - CVE-2014-9656
  - CVE-2014-9657
  - CVE-2014-9658
  - CVE-2014-9659
  - CVE-2014-9660
  - CVE-2014-9661
  - CVE-2014-9662
  - CVE-2014-9663
  - CVE-2014-9664
  - CVE-2014-9665
  - CVE-2014-9666
  - CVE-2014-9667
  - CVE-2014-9668
  - CVE-2014-9669
  - CVE-2014-9670
  - CVE-2014-9671
  - CVE-2014-9672
  - CVE-2014-9673
  - CVE-2014-9674
  - CVE-2014-9675

Author: Marc Deslauriers
Revision Date: 2015-02-24 11:28:03 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  multiple security issues
  - debian/patches-freetype/CVE-2014-96xx/*.patch: backport a large
    quantity of upstream commits to fix multiple security issues.
  - CVE-2014-9656
  - CVE-2014-9657
  - CVE-2014-9658
  - CVE-2014-9659
  - CVE-2014-9660
  - CVE-2014-9661
  - CVE-2014-9662
  - CVE-2014-9663
  - CVE-2014-9664
  - CVE-2014-9665
  - CVE-2014-9666
  - CVE-2014-9667
  - CVE-2014-9668
  - CVE-2014-9669
  - CVE-2014-9670
  - CVE-2014-9671
  - CVE-2014-9672
  - CVE-2014-9673
  - CVE-2014-9674
  - CVE-2014-9675

Author: Marc Deslauriers
Revision Date: 2015-02-24 11:28:03 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  multiple security issues
  - debian/patches-freetype/CVE-2014-96xx/*.patch: backport a large
    quantity of upstream commits to fix multiple security issues.
  - CVE-2014-9656
  - CVE-2014-9657
  - CVE-2014-9658
  - CVE-2014-9659
  - CVE-2014-9660
  - CVE-2014-9661
  - CVE-2014-9662
  - CVE-2014-9663
  - CVE-2014-9664
  - CVE-2014-9665
  - CVE-2014-9666
  - CVE-2014-9667
  - CVE-2014-9668
  - CVE-2014-9669
  - CVE-2014-9670
  - CVE-2014-9671
  - CVE-2014-9672
  - CVE-2014-9673
  - CVE-2014-9674
  - CVE-2014-9675

Author: Marc Deslauriers
Revision Date: 2015-02-24 11:22:14 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  multiple security issues
  - debian/patches-freetype/CVE-2014-96xx/*.patch: backport a large
    quantity of upstream commits to fix multiple security issues.
  - CVE-2014-9656
  - CVE-2014-9657
  - CVE-2014-9658
  - CVE-2014-9660
  - CVE-2014-9661
  - CVE-2014-9663
  - CVE-2014-9664
  - CVE-2014-9666
  - CVE-2014-9667
  - CVE-2014-9669
  - CVE-2014-9670
  - CVE-2014-9671
  - CVE-2014-9672
  - CVE-2014-9673
  - CVE-2014-9674
  - CVE-2014-9675

Author: Marc Deslauriers
Revision Date: 2015-02-24 11:22:14 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  multiple security issues
  - debian/patches-freetype/CVE-2014-96xx/*.patch: backport a large
    quantity of upstream commits to fix multiple security issues.
  - CVE-2014-9656
  - CVE-2014-9657
  - CVE-2014-9658
  - CVE-2014-9660
  - CVE-2014-9661
  - CVE-2014-9663
  - CVE-2014-9664
  - CVE-2014-9666
  - CVE-2014-9667
  - CVE-2014-9669
  - CVE-2014-9670
  - CVE-2014-9671
  - CVE-2014-9672
  - CVE-2014-9673
  - CVE-2014-9674
  - CVE-2014-9675

Author: Marco Trevisan (Treviño)
Revision Date: 2015-01-23 03:38:04 UTC

* Added patchset to fix multithread violations, LP: #1199571
  - debian/patches-freetype/multi-thread-violations.patch

Author: Steve Langasek
Revision Date: 2014-09-19 17:11:19 UTC

releasing package freetype version 2.5.2-2ubuntu1

Author: Steve Langasek
Revision Date: 2014-09-19 10:11:16 UTC

* Merge from Debian unstable, remaining changes:
  - debian/patches-freetype/revert_scalable_fonts_metric.patch:
    revert commit "Fix metrics on size request for scalable fonts.",
    which breaks gtk underlining markups
  - Make libfreetype6-dev M-A: same.
  - Error out on the use of the freetype-config --libtool option.
  - Don't add multiarch libdirs for freetype-config --libs.
  - Install the freetype2/config headers into the multiarch include path
    and provide symlinks in /usr/include.
* Dropped changes, included in Debian:
  - debian/patches/CVE-2014-2240.patch: validate hintMask in
    src/cff/cf2hints.c.
  - debian/patches/CVE-2014-2241.patch: don't trigger asserts in
    src/cff/cf2ft.c.
  - debian/patches-freetype/0001-Fix-Savannah-bug-40997.patch: Cherry-pick
    upstream patch to fix a double free.
  - debian/patches-freetype/0002-Fix-Savannah-bug-42418.patch: Cherry-pick
    upstream patch to fix cjk font rendering issue.

Author: Jinkyu Yi
Revision Date: 2014-05-05 17:47:27 UTC

debian/patches-freetype/0002-Fix-Savannah-bug-42418.patch: Cherry-pick
upstream patch to fix cjk font rendering issue. (LP: #1310017)

Author: Jinkyu Yi
Revision Date: 2014-05-05 14:29:50 UTC

debian/patches-freetype/0002-Fix-Savannah-bug-42418.patch: Cherry-pick
upstream patch to fix cjk font rendering issue. (LP: #1310017)

Author: Jinkyu Yi
Revision Date: 2014-04-27 13:15:54 UTC

* Fix incorrect Korean Fonts rendering. (LP: #1310017)
  - debian/patches-freetype/fix-incorrect-korean-fonts-rendering.patch

Author: Marc Deslauriers
Revision Date: 2014-03-13 12:52:16 UTC

* SECURITY UPDATE: denial of service and possible code execution in
  CFF rasterizer
  - debian/patches-freetype/CVE-2014-2240.patch: validate hintMask in
    src/cff/cf2hints.c.
  - CVE-2014-2240
* SECURITY UPDATE: denial of service in CFF rasterizer
  - debian/patches-freetype/CVE-2014-2241.patch: don't trigger asserts in
    src/cff/cf2ft.c.
  - CVE-2014-2241

Author: Marc Deslauriers
Revision Date: 2014-03-13 12:52:16 UTC

* SECURITY UPDATE: denial of service and possible code execution in
  CFF rasterizer
  - debian/patches-freetype/CVE-2014-2240.patch: validate hintMask in
    src/cff/cf2hints.c.
  - CVE-2014-2240
* SECURITY UPDATE: denial of service in CFF rasterizer
  - debian/patches-freetype/CVE-2014-2241.patch: don't trigger asserts in
    src/cff/cf2ft.c.
  - CVE-2014-2241

Author: Marc Deslauriers
Revision Date: 2014-03-13 12:47:17 UTC

* SECURITY UPDATE: denial of service and possible code execution in
  CFF rasterizer
  - debian/patches/CVE-2014-2240.patch: validate hintMask in
    src/cff/cf2hints.c.
  - CVE-2014-2240
* SECURITY UPDATE: denial of service in CFF rasterizer
  - debian/patches/CVE-2014-2241.patch: don't trigger asserts in
    src/cff/cf2ft.c.
  - CVE-2014-2241

Author: Sebastien Bacher
Revision Date: 2013-05-13 13:12:42 UTC

* New upstream version (lp: #1179523)
* debian/patches-freetype/git_unitialized_variable.patch,
  debian/patches-ft2demos/init_variables.patch:
  - fix an unitialized variable warnings which were breaking the build
* debian/libfreetype6.symbols: updated

Author: Sebastien Bacher
Revision Date: 2013-05-13 13:12:42 UTC

* New upstream version (lp: #1179523)
* debian/patches-freetype/git_unitialized_variable.patch,
  debian/patches-ft2demos/init_variables.patch:
  - fix an unitialized variable warnings which were breaking the build
* debian/libfreetype6.symbols: updated

Author: Sebastien Bacher
Revision Date: 2013-02-08 12:50:09 UTC

* New upstream version
* debian/patches-freetype/CVE-2012-5668.patch,
  debian/patches-freetype/CVE-2012-5669.patch,
  debian/patches-freetype/CVE-2012-5670.patch:
  - dropped, those fixes are in the new version
* debian/patches-ft2demos/compiler_hardening_fixes.patch:
  - changed unsigned char* to char* to fix "pointer targets in assignment
    differ in signedness" build error
* debian/libfreetype6.symbols: updated for the new version

Author: Sebastien Bacher
Revision Date: 2013-02-08 12:50:09 UTC

* New upstream version
* debian/patches-freetype/CVE-2012-5668.patch,
  debian/patches-freetype/CVE-2012-5669.patch,
  debian/patches-freetype/CVE-2012-5670.patch:
  - dropped, those fixes are in the new version
* debian/patches-ft2demos/compiler_hardening_fixes.patch:
  - changed unsigned char* to char* to fix "pointer targets in assignment
    differ in signedness" build error
* debian/libfreetype6.symbols: updated for the new version

Author: Marc Deslauriers
Revision Date: 2013-01-11 13:38:01 UTC

* SECURITY UPDATE: denial of service and possible code execution via NULL
  pointer dereference
  - debian/patches-freetype/CVE-2012-5668.patch: reset props_size in case
    of allocation error in src/bdf/bdflib.c.
  - CVE-2012-5668
* SECURITY UPDATE: denial of service and possible code execution via heap
  buffer over-read in BDF parsing
  - debian/patches-freetype/CVE-2012-5669.patch: use correct array size
    in src/bdf/bdflib.c.
  - CVE-2012-5669
* SECURITY UPDATE: denial of service and possible code execution via out-
  of-bounds write
  - debian/patches-freetype/CVE-2012-5670.patch: normalize negative
    parameter in src/bdf/bdflib.c.
  - CVE-2012-5670

Author: Marc Deslauriers
Revision Date: 2013-01-11 13:38:01 UTC

* SECURITY UPDATE: denial of service and possible code execution via NULL
  pointer dereference
  - debian/patches-freetype/CVE-2012-5668.patch: reset props_size in case
    of allocation error in src/bdf/bdflib.c.
  - CVE-2012-5668
* SECURITY UPDATE: denial of service and possible code execution via heap
  buffer over-read in BDF parsing
  - debian/patches-freetype/CVE-2012-5669.patch: use correct array size
    in src/bdf/bdflib.c.
  - CVE-2012-5669
* SECURITY UPDATE: denial of service and possible code execution via out-
  of-bounds write
  - debian/patches-freetype/CVE-2012-5670.patch: normalize negative
    parameter in src/bdf/bdflib.c.
  - CVE-2012-5670

Author: Marc Deslauriers
Revision Date: 2013-01-11 15:18:51 UTC

* SECURITY UPDATE: denial of service and possible code execution via NULL
  pointer dereference
  - debian/patches-freetype/CVE-2012-5668.patch: reset props_size in case
    of allocation error in src/bdf/bdflib.c.
  - CVE-2012-5668
* SECURITY UPDATE: denial of service and possible code execution via heap
  buffer over-read in BDF parsing
  - debian/patches-freetype/CVE-2012-5669.patch: use correct array size
    in src/bdf/bdflib.c.
  - CVE-2012-5669

Author: Marc Deslauriers
Revision Date: 2013-01-11 15:18:51 UTC

* SECURITY UPDATE: denial of service and possible code execution via NULL
  pointer dereference
  - debian/patches-freetype/CVE-2012-5668.patch: reset props_size in case
    of allocation error in src/bdf/bdflib.c.
  - CVE-2012-5668
* SECURITY UPDATE: denial of service and possible code execution via heap
  buffer over-read in BDF parsing
  - debian/patches-freetype/CVE-2012-5669.patch: use correct array size
    in src/bdf/bdflib.c.
  - CVE-2012-5669

Author: Marc Deslauriers
Revision Date: 2013-01-11 13:47:14 UTC

* SECURITY UPDATE: denial of service and possible code execution via NULL
  pointer dereference
  - debian/patches-freetype/CVE-2012-5668.patch: reset props_size in case
    of allocation error in src/bdf/bdflib.c.
  - CVE-2012-5668
* SECURITY UPDATE: denial of service and possible code execution via heap
  buffer over-read in BDF parsing
  - debian/patches-freetype/CVE-2012-5669.patch: use correct array size
    in src/bdf/bdflib.c.
  - CVE-2012-5669

Author: Marc Deslauriers
Revision Date: 2013-01-11 13:47:14 UTC

* SECURITY UPDATE: denial of service and possible code execution via NULL
  pointer dereference
  - debian/patches-freetype/CVE-2012-5668.patch: reset props_size in case
    of allocation error in src/bdf/bdflib.c.
  - CVE-2012-5668
* SECURITY UPDATE: denial of service and possible code execution via heap
  buffer over-read in BDF parsing
  - debian/patches-freetype/CVE-2012-5669.patch: use correct array size
    in src/bdf/bdflib.c.
  - CVE-2012-5669

Author: Sebastien Bacher
Revision Date: 2012-08-03 13:57:01 UTC

* New upstream version
* debian/libfreetype6.symbols:
  - new version update
* debian/patches-freetype/savannah-bug-35847.patch,
  debian/patches-freetype/savannah-bug-35833.patch:
  - dropped, the fixes are in the new version
* Resynchronize on Debian, remaining diff:
* debian/patches-freetype/revert_scalable_fonts_metric.patch:
  - revert commit "Fix metrics on size request for scalable fonts.",
    it's breaking gtk underlining markups and creating some other
    issues as well (lp: #972223)

Author: Sebastien Bacher
Revision Date: 2012-04-03 10:42:05 UTC

* debian/patches-freetype/revert_scalable_fonts_metric.patch:
  - revert commit "Fix metrics on size request for scalable fonts.",
    it's breaking gtk underlining markups and creating some other
    issues as well (lp: #972223)

Author: Tyler Hicks
Revision Date: 2012-03-21 19:57:51 UTC

* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1126.patch: Perform better input
    sanitization when parsing properties. Based on upstream patch.
  - CVE-2012-1126
* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1127.patch: Perform better input
    sanitization when parsing glyphs. Based on upstream patch.
  - CVE-2012-1127
* SECURITY UPDATE: Denial of service via crafted TrueType font
  - debian/patches-freetype/CVE-2012-1128.patch: Improve loop logic to avoid
    NULL pointer dereference. Based on upstream patch.
  - CVE-2012-1128
* SECURITY UPDATE: Denial of service via crafted Type42 font
  - debian/patches-freetype/CVE-2012-1129.patch: Perform better input
    sanitization when parsing SFNT strings. Based on upstream patch.
  - CVE-2012-1129
* SECURITY UPDATE: Denial of service via crafted PCF font
  - debian/patches-freetype/CVE-2012-1130.patch: Allocate enough memory to
    properly NULL-terminate parsed properties strings. Based on upstream
    patch.
  - CVE-2012-1130
* SECURITY UPDATE: Denial of service via crafted TrueType font
  - debian/patches-freetype/CVE-2012-1131.patch: Use appropriate data type to
    prevent integer truncation on 64 bit systems when rendering fonts. Based
    on upstream patch.
  - CVE-2012-1131
* SECURITY UPDATE: Denial of service via crafted Type1 font
  - debian/patches-freetype/CVE-2012-1132.patch: Ensure strings are of
    appropriate length when loading Type1 fonts. Based on upstream patch.
  - CVE-2012-1132
* SECURITY UPDATE: Denial of service and arbitrary code execution via
  crafted BDF font
  - debian/patches-freetype/CVE-2012-1133.patch: Limit range of negative
    glyph encoding values to prevent invalid array indexes. Based on
    upstream patch.
  - CVE-2012-1133
* SECURITY UPDATE: Denial of service and arbitrary code execution via
  crafted Type1 font
  - debian/patches-freetype/CVE-2012-1134.patch: Enforce a minimum Type1
    private dictionary size to prevent writing past array bounds. Based on
    upstream patch.
  - CVE-2012-1134
* SECURITY UPDATE: Denial of service via crafted TrueType font
  - debian/patches-freetype/CVE-2012-1135.patch: Perform proper bounds
    checks when interpreting TrueType bytecode. Based on upstream patch.
  - CVE-2012-1135
* SECURITY UPDATE: Denial of service and arbitrary code execution via
  crafted BDF font
  - debian/patches-freetype/CVE-2012-1136.patch: Ensure encoding field is
    defined when parsing glyphs. Based on upstream patch.
  - CVE-2012-1136
* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1137.patch: Allocate sufficient number
    of array elements to prevent reading past array bounds. Based on
    upstream patch.
  - CVE-2012-1137
* SECURITY UPDATE: Denial of service via crafted TrueType font
  - debian/patches-freetype/CVE-2012-1138.patch: Correct typo resulting in
    invalid read from wrong memory location. Based on upstream patch.
  - CVE-2012-1138
* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1139.patch: Check array index values to
    prevent reading invalid memory. Based on upstream patch.
  - CVE-2012-1139
* SECURITY UPDATE: Denial of service via crafted PostScript font
  - debian/patches-freetype/CVE-2012-1140.patch: Fix off-by-one error in
    boundary checks. Based on upstream patch.
  - CVE-2012-1140
* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1141.patch: Initialize field elements
    to prevent invalid read. Based on upstream patch.
  - CVE-2012-1141
* SECURITY UPDATE: Denial of service via crafted Windows FNT/FON font
  - debian/patches-freetype/CVE-2012-1142.patch: Perform input sanitization
    on first and last character code fields. Based on upstream patch.
  - CVE-2012-1142
* SECURITY UPDATE: Denial of service via crafted font
  - debian/patches-freetype/CVE-2012-1143.patch: Protect against divide by
    zero when dealing with 32 bit types. Based on upstream patch.
  - CVE-2012-1143
* SECURITY UPDATE: Denial of service and arbitrary code execution via
  crafted TrueType font
  - debian/patches-freetype/CVE-2012-1144.patch: Perform input sanitization
    on the first glyph outline point value. Based on upstream patch.
  - CVE-2012-1144

Author: Tyler Hicks
Revision Date: 2012-03-21 19:57:51 UTC

* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1126.patch: Perform better input
    sanitization when parsing properties. Based on upstream patch.
  - CVE-2012-1126
* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1127.patch: Perform better input
    sanitization when parsing glyphs. Based on upstream patch.
  - CVE-2012-1127
* SECURITY UPDATE: Denial of service via crafted TrueType font
  - debian/patches-freetype/CVE-2012-1128.patch: Improve loop logic to avoid
    NULL pointer dereference. Based on upstream patch.
  - CVE-2012-1128
* SECURITY UPDATE: Denial of service via crafted Type42 font
  - debian/patches-freetype/CVE-2012-1129.patch: Perform better input
    sanitization when parsing SFNT strings. Based on upstream patch.
  - CVE-2012-1129
* SECURITY UPDATE: Denial of service via crafted PCF font
  - debian/patches-freetype/CVE-2012-1130.patch: Allocate enough memory to
    properly NULL-terminate parsed properties strings. Based on upstream
    patch.
  - CVE-2012-1130
* SECURITY UPDATE: Denial of service via crafted TrueType font
  - debian/patches-freetype/CVE-2012-1131.patch: Use appropriate data type to
    prevent integer truncation on 64 bit systems when rendering fonts. Based
    on upstream patch.
  - CVE-2012-1131
* SECURITY UPDATE: Denial of service via crafted Type1 font
  - debian/patches-freetype/CVE-2012-1132.patch: Ensure strings are of
    appropriate length when loading Type1 fonts. Based on upstream patch.
  - CVE-2012-1132
* SECURITY UPDATE: Denial of service and arbitrary code execution via
  crafted BDF font
  - debian/patches-freetype/CVE-2012-1133.patch: Limit range of negative
    glyph encoding values to prevent invalid array indexes. Based on
    upstream patch.
  - CVE-2012-1133
* SECURITY UPDATE: Denial of service and arbitrary code execution via
  crafted Type1 font
  - debian/patches-freetype/CVE-2012-1134.patch: Enforce a minimum Type1
    private dictionary size to prevent writing past array bounds. Based on
    upstream patch.
  - CVE-2012-1134
* SECURITY UPDATE: Denial of service via crafted TrueType font
  - debian/patches-freetype/CVE-2012-1135.patch: Perform proper bounds
    checks when interpreting TrueType bytecode. Based on upstream patch.
  - CVE-2012-1135
* SECURITY UPDATE: Denial of service and arbitrary code execution via
  crafted BDF font
  - debian/patches-freetype/CVE-2012-1136.patch: Ensure encoding field is
    defined when parsing glyphs. Based on upstream patch.
  - CVE-2012-1136
* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1137.patch: Allocate sufficient number
    of array elements to prevent reading past array bounds. Based on
    upstream patch.
  - CVE-2012-1137
* SECURITY UPDATE: Denial of service via crafted TrueType font
  - debian/patches-freetype/CVE-2012-1138.patch: Correct typo resulting in
    invalid read from wrong memory location. Based on upstream patch.
  - CVE-2012-1138
* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1139.patch: Check array index values to
    prevent reading invalid memory. Based on upstream patch.
  - CVE-2012-1139
* SECURITY UPDATE: Denial of service via crafted PostScript font
  - debian/patches-freetype/CVE-2012-1140.patch: Fix off-by-one error in
    boundary checks. Based on upstream patch.
  - CVE-2012-1140
* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1141.patch: Initialize field elements
    to prevent invalid read. Based on upstream patch.
  - CVE-2012-1141
* SECURITY UPDATE: Denial of service via crafted Windows FNT/FON font
  - debian/patches-freetype/CVE-2012-1142.patch: Perform input sanitization
    on first and last character code fields. Based on upstream patch.
  - CVE-2012-1142
* SECURITY UPDATE: Denial of service via crafted font
  - debian/patches-freetype/CVE-2012-1143.patch: Protect against divide by
    zero when dealing with 32 bit types. Based on upstream patch.
  - CVE-2012-1143
* SECURITY UPDATE: Denial of service and arbitrary code execution via
  crafted TrueType font
  - debian/patches-freetype/CVE-2012-1144.patch: Perform input sanitization
    on the first glyph outline point value. Based on upstream patch.
  - CVE-2012-1144

Author: Tyler Hicks
Revision Date: 2012-03-21 19:57:51 UTC

* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1126.patch: Perform better input
    sanitization when parsing properties. Based on upstream patch.
  - CVE-2012-1126
* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1127.patch: Perform better input
    sanitization when parsing glyphs. Based on upstream patch.
  - CVE-2012-1127
* SECURITY UPDATE: Denial of service via crafted TrueType font
  - debian/patches-freetype/CVE-2012-1128.patch: Improve loop logic to avoid
    NULL pointer dereference. Based on upstream patch.
  - CVE-2012-1128
* SECURITY UPDATE: Denial of service via crafted Type42 font
  - debian/patches-freetype/CVE-2012-1129.patch: Perform better input
    sanitization when parsing SFNT strings. Based on upstream patch.
  - CVE-2012-1129
* SECURITY UPDATE: Denial of service via crafted PCF font
  - debian/patches-freetype/CVE-2012-1130.patch: Allocate enough memory to
    properly NULL-terminate parsed properties strings. Based on upstream
    patch.
  - CVE-2012-1130
* SECURITY UPDATE: Denial of service via crafted TrueType font
  - debian/patches-freetype/CVE-2012-1131.patch: Use appropriate data type to
    prevent integer truncation on 64 bit systems when rendering fonts. Based
    on upstream patch.
  - CVE-2012-1131
* SECURITY UPDATE: Denial of service via crafted Type1 font
  - debian/patches-freetype/CVE-2012-1132.patch: Ensure strings are of
    appropriate length when loading Type1 fonts. Based on upstream patch.
  - CVE-2012-1132
* SECURITY UPDATE: Denial of service and arbitrary code execution via
  crafted BDF font
  - debian/patches-freetype/CVE-2012-1133.patch: Limit range of negative
    glyph encoding values to prevent invalid array indexes. Based on
    upstream patch.
  - CVE-2012-1133
* SECURITY UPDATE: Denial of service and arbitrary code execution via
  crafted Type1 font
  - debian/patches-freetype/CVE-2012-1134.patch: Enforce a minimum Type1
    private dictionary size to prevent writing past array bounds. Based on
    upstream patch.
  - CVE-2012-1134
* SECURITY UPDATE: Denial of service via crafted TrueType font
  - debian/patches-freetype/CVE-2012-1135.patch: Perform proper bounds
    checks when interpreting TrueType bytecode. Based on upstream patch.
  - CVE-2012-1135
* SECURITY UPDATE: Denial of service and arbitrary code execution via
  crafted BDF font
  - debian/patches-freetype/CVE-2012-1136.patch: Ensure encoding field is
    defined when parsing glyphs. Based on upstream patch.
  - CVE-2012-1136
* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1137.patch: Allocate sufficient number
    of array elements to prevent reading past array bounds. Based on
    upstream patch.
  - CVE-2012-1137
* SECURITY UPDATE: Denial of service via crafted TrueType font
  - debian/patches-freetype/CVE-2012-1138.patch: Correct typo resulting in
    invalid read from wrong memory location. Based on upstream patch.
  - CVE-2012-1138
* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1139.patch: Check array index values to
    prevent reading invalid memory. Based on upstream patch.
  - CVE-2012-1139
* SECURITY UPDATE: Denial of service via crafted PostScript font
  - debian/patches-freetype/CVE-2012-1140.patch: Fix off-by-one error in
    boundary checks. Based on upstream patch.
  - CVE-2012-1140
* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1141.patch: Initialize field elements
    to prevent invalid read. Based on upstream patch.
  - CVE-2012-1141
* SECURITY UPDATE: Denial of service via crafted Windows FNT/FON font
  - debian/patches-freetype/CVE-2012-1142.patch: Perform input sanitization
    on first and last character code fields. Based on upstream patch.
  - CVE-2012-1142
* SECURITY UPDATE: Denial of service via crafted font
  - debian/patches-freetype/CVE-2012-1143.patch: Protect against divide by
    zero when dealing with 32 bit types. Based on upstream patch.
  - CVE-2012-1143
* SECURITY UPDATE: Denial of service and arbitrary code execution via
  crafted TrueType font
  - debian/patches-freetype/CVE-2012-1144.patch: Perform input sanitization
    on the first glyph outline point value. Based on upstream patch.
  - CVE-2012-1144

Author: Tyler Hicks
Revision Date: 2012-03-21 19:57:51 UTC

* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1126.patch: Perform better input
    sanitization when parsing properties. Based on upstream patch.
  - CVE-2012-1126
* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1127.patch: Perform better input
    sanitization when parsing glyphs. Based on upstream patch.
  - CVE-2012-1127
* SECURITY UPDATE: Denial of service via crafted TrueType font
  - debian/patches-freetype/CVE-2012-1128.patch: Improve loop logic to avoid
    NULL pointer dereference. Based on upstream patch.
  - CVE-2012-1128
* SECURITY UPDATE: Denial of service via crafted Type42 font
  - debian/patches-freetype/CVE-2012-1129.patch: Perform better input
    sanitization when parsing SFNT strings. Based on upstream patch.
  - CVE-2012-1129
* SECURITY UPDATE: Denial of service via crafted PCF font
  - debian/patches-freetype/CVE-2012-1130.patch: Allocate enough memory to
    properly NULL-terminate parsed properties strings. Based on upstream
    patch.
  - CVE-2012-1130
* SECURITY UPDATE: Denial of service via crafted TrueType font
  - debian/patches-freetype/CVE-2012-1131.patch: Use appropriate data type to
    prevent integer truncation on 64 bit systems when rendering fonts. Based
    on upstream patch.
  - CVE-2012-1131
* SECURITY UPDATE: Denial of service via crafted Type1 font
  - debian/patches-freetype/CVE-2012-1132.patch: Ensure strings are of
    appropriate length when loading Type1 fonts. Based on upstream patch.
  - CVE-2012-1132
* SECURITY UPDATE: Denial of service and arbitrary code execution via
  crafted BDF font
  - debian/patches-freetype/CVE-2012-1133.patch: Limit range of negative
    glyph encoding values to prevent invalid array indexes. Based on
    upstream patch.
  - CVE-2012-1133
* SECURITY UPDATE: Denial of service and arbitrary code execution via
  crafted Type1 font
  - debian/patches-freetype/CVE-2012-1134.patch: Enforce a minimum Type1
    private dictionary size to prevent writing past array bounds. Based on
    upstream patch.
  - CVE-2012-1134
* SECURITY UPDATE: Denial of service via crafted TrueType font
  - debian/patches-freetype/CVE-2012-1135.patch: Perform proper bounds
    checks when interpreting TrueType bytecode. Based on upstream patch.
  - CVE-2012-1135
* SECURITY UPDATE: Denial of service and arbitrary code execution via
  crafted BDF font
  - debian/patches-freetype/CVE-2012-1136.patch: Ensure encoding field is
    defined when parsing glyphs. Based on upstream patch.
  - CVE-2012-1136
* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1137.patch: Allocate sufficient number
    of array elements to prevent reading past array bounds. Based on
    upstream patch.
  - CVE-2012-1137
* SECURITY UPDATE: Denial of service via crafted TrueType font
  - debian/patches-freetype/CVE-2012-1138.patch: Correct typo resulting in
    invalid read from wrong memory location. Based on upstream patch.
  - CVE-2012-1138
* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1139.patch: Check array index values to
    prevent reading invalid memory. Based on upstream patch.
  - CVE-2012-1139
* SECURITY UPDATE: Denial of service via crafted PostScript font
  - debian/patches-freetype/CVE-2012-1140.patch: Fix off-by-one error in
    boundary checks. Based on upstream patch.
  - CVE-2012-1140
* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1141.patch: Initialize field elements
    to prevent invalid read. Based on upstream patch.
  - CVE-2012-1141
* SECURITY UPDATE: Denial of service via crafted Windows FNT/FON font
  - debian/patches-freetype/CVE-2012-1142.patch: Perform input sanitization
    on first and last character code fields. Based on upstream patch.
  - CVE-2012-1142
* SECURITY UPDATE: Denial of service via crafted font
  - debian/patches-freetype/CVE-2012-1143.patch: Protect against divide by
    zero when dealing with 32 bit types. Based on upstream patch.
  - CVE-2012-1143
* SECURITY UPDATE: Denial of service and arbitrary code execution via
  crafted TrueType font
  - debian/patches-freetype/CVE-2012-1144.patch: Perform input sanitization
    on the first glyph outline point value. Based on upstream patch.
  - CVE-2012-1144

Author: Marc Deslauriers
Revision Date: 2011-08-08 08:13:07 UTC

* SECURITY UPDATE: arbitrary code execution via crafted Type 1 font
  - debian/patches-freetype/CVE-2011-0226.patch: check for proper
    signedness in src/psaux/t1decode.c.
  - CVE-2011-0226
* debian/rules: fix FTBFS with gcc 4.6 by adding
  -Wno-unused-but-set-variable to CFLAGS to downgrade it to a warning.

Author: Steve Langasek
Revision Date: 2011-03-22 05:50:49 UTC

No-change rebuild against fixed pkgbinarymangler, to get correct
multiarch-safe changelogs

Author: Steve Langasek
Revision Date: 2011-03-15 23:58:02 UTC

releasing version 2.4.4-1multiarch.4

Author: Marc Deslauriers
Revision Date: 2010-11-02 15:17:07 UTC

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via libXft overflow.
  - debian/patches/425-CVE-2010-3311.patch: correctly validate position
    in src/base/ftstream.c.
  - CVE-2010-3311
* SECURITY UPDATE: denial of service and possible code execution via
  TrueType GX font
  - debian/patches/426-CVE-2010-3855.patch: add bounds checks to
    src/truetype/ttgxvar.c.
  - CVE-2010-3855

Author: Marc Deslauriers
Revision Date: 2010-11-02 15:17:07 UTC

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via libXft overflow.
  - debian/patches/425-CVE-2010-3311.patch: correctly validate position
    in src/base/ftstream.c.
  - CVE-2010-3311
* SECURITY UPDATE: denial of service and possible code execution via
  TrueType GX font
  - debian/patches/426-CVE-2010-3855.patch: add bounds checks to
    src/truetype/ttgxvar.c.
  - CVE-2010-3855

Author: Marc Deslauriers
Revision Date: 2010-11-02 14:54:40 UTC

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via libXft overflow.
  - debian/patches/CVE-2010-3311.patch: correctly validate position in
    src/base/ftstream.c.
  - CVE-2010-3311
* SECURITY UPDATE: denial of service and possible code execution via
  improper error handling of SHZ bytecode instruction
  - debian/patches/CVE-2010-3814.patch: add bounds check to
    src/truetype/ttinterp.c.
  - CVE-2010-3814
* SECURITY UPDATE: denial of service and possible code execution via
  TrueType GX font
  - debian/patches/CVE-2010-3855.patch: add bounds checks to
    src/truetype/ttgxvar.c.
  - CVE-2010-3855

Author: Marc Deslauriers
Revision Date: 2010-11-02 14:54:40 UTC

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via libXft overflow.
  - debian/patches/CVE-2010-3311.patch: correctly validate position in
    src/base/ftstream.c.
  - CVE-2010-3311
* SECURITY UPDATE: denial of service and possible code execution via
  improper error handling of SHZ bytecode instruction
  - debian/patches/CVE-2010-3814.patch: add bounds check to
    src/truetype/ttinterp.c.
  - CVE-2010-3814
* SECURITY UPDATE: denial of service and possible code execution via
  TrueType GX font
  - debian/patches/CVE-2010-3855.patch: add bounds checks to
    src/truetype/ttgxvar.c.
  - CVE-2010-3855

Author: Steve Langasek
Revision Date: 2010-08-28 02:27:15 UTC

debian/patches-ft2demos/f2tdemos-grkey.patch: update to fix another
problem when building under gcc-4.5 that was overlooked in the previous
version of the patch. LP: #624740.

Author: Marc Deslauriers
Revision Date: 2010-08-13 10:23:02 UTC

* SECURITY UPDATE: possible arbitrary code execution via buffer overflow
  in CFF Type2 CharStrings interpreter (LP: #617019)
  - debian/patches-freetype/CVE-2010-1797.patch: check number of operands
    in src/cff/cffgload.c.
  - CVE-2010-1797
* SECURITY UPDATE: possible arbitrary code execution via buffer overflow
  in the ftmulti demo program (LP: #617019)
  - debian/patches-ft2demos/CVE-2010-2541.patch: use strncat and adjust
    sizes in src/ftmulti.c.
  - CVE-2010-2541
* SECURITY UPDATE: possible arbitrary code execution via improper bounds
  checking (LP: #617019)
  - debian/patches-freetype/CVE-2010-2805.patch: fix calculation in
    src/base/ftstream.c.
  - CVE-2010-2805
* SECURITY UPDATE: possible arbitrary code execution via improper bounds
  checking (LP: #617019)
  - debian/patches-freetype/CVE-2010-2806.patch: check string sizes in
    src/type42/t42parse.c.
  - CVE-2010-2806
* SECURITY UPDATE: possible arbitrary code execution via improper type
  comparisons (LP: #617019)
  - debian/patches-freetype/CVE-2010-2807.patch: perform better bounds
    checking in src/smooth/ftsmooth.c, src/truetype/ttinterp.*.
  - CVE-2010-2807
* SECURITY UPDATE: possible arbitrary code execution via memory
  corruption in Adobe Type 1 Mac Font File (LWFN) fonts (LP: #617019)
  - debian/patches-freetype/CVE-2010-2808.patch: check rlen in
    src/base/ftobjs.c.
  - CVE-2010-2808
* SECURITY UPDATE: denial of service via bdf font (LP: #617019)
  - debian/patches-freetype/bug30135.patch: don't modify value in static
    string in src/bdf/bdflib.c.
* SECURITY UPDATE: denial of service via nested "seac" calls
  - debian/patches-freetype/nested-seac.patch: handle nested calls
    correctly in include/freetype/internal/psaux.h, src/cff/cffgload.c,
    src/cff/cffgload.h, src/psaux/t1decode.c.

Author: Marc Deslauriers
Revision Date: 2010-08-13 10:23:02 UTC

* SECURITY UPDATE: possible arbitrary code execution via buffer overflow
  in CFF Type2 CharStrings interpreter (LP: #617019)
  - debian/patches-freetype/CVE-2010-1797.patch: check number of operands
    in src/cff/cffgload.c.
  - CVE-2010-1797
* SECURITY UPDATE: possible arbitrary code execution via buffer overflow
  in the ftmulti demo program (LP: #617019)
  - debian/patches-ft2demos/CVE-2010-2541.patch: use strncat and adjust
    sizes in src/ftmulti.c.
  - CVE-2010-2541
* SECURITY UPDATE: possible arbitrary code execution via improper bounds
  checking (LP: #617019)
  - debian/patches-freetype/CVE-2010-2805.patch: fix calculation in
    src/base/ftstream.c.
  - CVE-2010-2805
* SECURITY UPDATE: possible arbitrary code execution via improper bounds
  checking (LP: #617019)
  - debian/patches-freetype/CVE-2010-2806.patch: check string sizes in
    src/type42/t42parse.c.
  - CVE-2010-2806
* SECURITY UPDATE: possible arbitrary code execution via improper type
  comparisons (LP: #617019)
  - debian/patches-freetype/CVE-2010-2807.patch: perform better bounds
    checking in src/smooth/ftsmooth.c, src/truetype/ttinterp.*.
  - CVE-2010-2807
* SECURITY UPDATE: possible arbitrary code execution via memory
  corruption in Adobe Type 1 Mac Font File (LWFN) fonts (LP: #617019)
  - debian/patches-freetype/CVE-2010-2808.patch: check rlen in
    src/base/ftobjs.c.
  - CVE-2010-2808
* SECURITY UPDATE: denial of service via bdf font (LP: #617019)
  - debian/patches-freetype/bug30135.patch: don't modify value in static
    string in src/bdf/bdflib.c.
* SECURITY UPDATE: denial of service via nested "seac" calls
  - debian/patches-freetype/nested-seac.patch: handle nested calls
    correctly in include/freetype/internal/psaux.h, src/cff/cffgload.c,
    src/cff/cffgload.h, src/psaux/t1decode.c.

Author: Steve Langasek
Revision Date: 2009-06-01 04:37:19 UTC

* Pass proper --host/--build args to ./configure, to support
  cross-building. Closes: #465292.
* clean up a number of unused variables in debian/rules; maybe someday
  we'll get this package to converge on debhelper 7... :)
* Fix the doc-base section for libfreetype6-dev. Closes: #315845.
* Remove one final reference to /usr/X11R6 in debian/rules.
* Drop incorrect Replaces: freetype0, freetype1
* Add debian/README.source, documenting the madness that is this source
  package.
* Standards-Version to 3.8.0.
* Fix multiple integer overflows leading to arbitrary code execution
  or DoS (CVE-2009-0946; Closes: #524925). Thanks to Nico Golde for the
  NMU.

Author: Colin Watson
Revision Date: 2009-03-19 01:58:27 UTC

No-change rebuild to fix lpia shared library dependencies.

Author: Marc Deslauriers
Revision Date: 2009-04-22 09:41:39 UTC

* SECURITY UPDATE: possible code execution via multiple integer overflows
  - debian/patches-freetype/security-CVE-2009-0946.patch: validate sid
    values in src/cff/cffload.c, check state->prefix in src/lzw/ftzopen.c,
    don't overflow int with table + length or ndp + numMappings * 4 in
    src/sfnt/ttcmap.c, validate glyph width and height in
    src/smooth/ftsmooth.c.
  - CVE-2009-0946

Author: Marc Deslauriers
Revision Date: 2009-04-22 09:41:39 UTC

* SECURITY UPDATE: possible code execution via multiple integer overflows
  - debian/patches-freetype/security-CVE-2009-0946.patch: validate sid
    values in src/cff/cffload.c, check state->prefix in src/lzw/ftzopen.c,
    don't overflow int with table + length or ndp + numMappings * 4 in
    src/sfnt/ttcmap.c, validate glyph width and height in
    src/smooth/ftsmooth.c.
  - CVE-2009-0946

Author: Steve Langasek
Revision Date: 2008-08-28 00:39:24 UTC

* Merge from Debian unstable, remaining changes:
  - debian/patches-freetype/enable-subpixel-rendering.patch:
    + enable subpixel rendering features, used by libcairo and xft to
      provide LCD colour filtering. This is considered no more or less
      evil than the bytecode interpreter which we also enable.

Author: Scott James Remnant (Canonical)
Revision Date: 2007-09-20 20:51:00 UTC

* debian/patches-freetype/enable-subpixel-rendering.patch:
  - Restore patch that enables subpixel rendering features, now that
    libcairo and xft provide the ability for the specific lcd filter
    to be changed.

Author: Kees Cook
Revision Date: 2008-09-10 16:28:22 UTC

* SECURITY UPDATE: arbitrary code execution via integer overflows.
* Add debian/patches-freetype/CVE-2008-1806_7_8.patch: upstream fixes
  thanks to Steffen Joeris.
* References
  CVE-2008-1806 CVE-2008-1807 CVE-2008-1808

Author: Kees Cook
Revision Date: 2008-09-10 16:28:22 UTC

* SECURITY UPDATE: arbitrary code execution via integer overflows.
* Add debian/patches-freetype/CVE-2008-1806_7_8.patch: upstream fixes
  thanks to Steffen Joeris.
* References
  CVE-2008-1806 CVE-2008-1807 CVE-2008-1808

Author: Scott James Remnant (Canonical)
Revision Date: 2007-09-20 20:51:00 UTC

* debian/patches-freetype/enable-subpixel-rendering.patch:
  - Restore patch that enables subpixel rendering features, now that
    libcairo and xft provide the ability for the specific lcd filter
    to be changed.

Author: Kees Cook
Revision Date: 2008-09-10 16:29:25 UTC

* SECURITY UPDATE: arbitrary code execution via integer overflows.
* Add debian/patches-freetype/CVE-2008-1806_7_8.patch: upstream fixes
  thanks to Steffen Joeris.
* References
  CVE-2008-1806 CVE-2008-1807 CVE-2008-1808

Author: Kees Cook
Revision Date: 2008-09-10 16:29:25 UTC

* SECURITY UPDATE: arbitrary code execution via integer overflows.
* Add debian/patches-freetype/CVE-2008-1806_7_8.patch: upstream fixes
  thanks to Steffen Joeris.
* References
  CVE-2008-1806 CVE-2008-1807 CVE-2008-1808

Author: Kees Cook
Revision Date: 2007-04-02 15:31:32 UTC

* SECURITY UPDATE: arbitrary code execution via integer overflows.
* Add debian/patches-freetype/CVE-2007-1351_bdf_integer.patch from
  upstream changes.
* References
  CVE-2007-1351

Author: Kees Cook
Revision Date: 2007-05-22 14:58:50 UTC

* SECURITY UPDATE: arbitrary code execution via integer overflows.
* Add debian/patches-freetype/security-ttgload-overflow.patch from
  upstream changes.
* References
  CVE-2007-2754

Author: Kees Cook
Revision Date: 2007-05-22 14:58:50 UTC

* SECURITY UPDATE: arbitrary code execution via integer overflows.
* Add debian/patches-freetype/security-ttgload-overflow.patch from
  upstream changes.
* References
  CVE-2007-2754

Author: Steve Langasek
Revision Date: 2006-09-12 15:04:42 UTC

* High-urgency upload for RC bugfix.
* Add debian/patches-freetype/CVE-2006-3467_pcf-strlen.patch to
  address CVE-2006-3467, a missing string length check in PCF files that
  leads to a possibly exploitable integer overflow. Thanks to Martin
  Pitt for the patch. Closes: #379920.

Author: Scott James Remnant (Canonical)
Revision Date: 2006-04-06 05:58:24 UTC

Update shlibs dependency. Ubuntu: #5901.

Author: Kees Cook
Revision Date: 2007-04-02 15:53:16 UTC

* SECURITY UPDATE: arbitrary code execution via integer overflows.
* Add debian/patches/404-bdf-integer.patch from upstream changes.
* References
  CVE-2007-1351

Author: Daniel Stone
Revision Date: 2005-05-12 12:41:38 UTC

Slightly relax the header check on Type1 fonts, enabling wider display of
PDFs, et al; based on a change to FreeType CVS (closes: Ubuntu#10087).

Author: Martin Pitt
Revision Date: 2006-07-26 10:57:39 UTC

* SECURITY UPDATE: Arbitrary code execution and DoS with crafted font files.
* Add debian/patches/403-pcf-strlen.patch:
  - src/pcf/pcfread.c: Detect invalid string lengths.
  - CVE-2006-3467

Author: dann frazier
Revision Date: 2004-11-08 19:06:57 UTC

* NMU
* debian/patches/090-freetype-2.1.7-normalize-fix.diff: Patch
  by David Mossberger. Backport from freetype2 CVS that fixes an
  off-by-order-of-magnitude performance issue in the normalization code.
  (Closes: #259875)

Author: Thom May
Revision Date: 2004-07-28 15:45:35 UTC

Add backwards compatability API fixes (Closes: #417)

Author: Mario Limonciello
Revision Date: 2009-12-01 02:25:21 UTC

Revert last change. I really did have a FTBFS that "looked" like this
was the cause, but it's actually something else that dropped it's
dependency on libfreetype6-dev.