lp:debian/stretch/freetype
- Get this branch:
- bzr branch lp:debian/stretch/freetype
Branch information
- Owner:
- Ubuntu branches
- Status:
- Development
Recent revisions
- 51. By Steve Langasek
-
* Adjust symbols references for private symbols to sort to a higher (fake)
version number instead of a lower, so that when linking against
libfreetype without using its symbols, we don't get a wrong dependency on
libfreetype6 (>= 1.PRIVATE.1). Closes: #799445.
* Pass --without-harfbuzz in debian/rules, to avoid opportunistically
picking this up as a dependency if libharfbuzz-dev is installed. - 50. By Steve Langasek
-
* New upstream release. Closes: #793751.
* Includes a fix for a spurious error in FT_Get_SubGlyph_ Info.
Closes: #778493.
* Includes a fix for an infinite loop in T1 font loading.
Closes: #798620.
* Includes a fix for an uninitialized memory bug in font parsers.
Closes: #798619.
* Includes fix for an out-of-bounds rate in the Adobe CFF implementation
(which was not previously enabled in the package build).
Closes: #773084.
* Includes a fix for a crasher in xdvi. Closes: #733894.
* Fixes support for compressed pcf fonts. Closes: #780340.
* Drop various cherrypicked upstream patches from the package.
* Ship upstream freetype-config manpage in place of our own.
Closes LP: #1390767.
* Update symbols file. Includes dropping various private symbols that
don't appear to have ever been part of the API.
* Fix exclusion of redundant license file (txt -> TXT)
* Re-enable the CFF driver, now that most related fonts have been fixed.
Closes: #795653.
* Enable stage1 build without X library dependencies for bootstrapping.
Closes: #752270, #752271. - 48. By Keith Packard
-
* Fix Savannah bug #43535. CVE-2014-9675
* [bdf] Fix Savannah bug #41692. CVE-2014-9675-fixup- 1
* src/base/ftobj.c (Mac_Read_POST_Resource) : Additional overflow check
in the summation of POST fragment lengths. CVE-2014-0674-part- 2
* src/base/ftobjs.c (Mac_Read_POST_Resource) : Insert comments and fold
too long tracing messages. CVS-2014-9674-fixup- 2
* src/base/ftobjs.c (Mac_Read_POST_Resource) : Use unsigned long variables to read the lengths in POST fragments. CVE-2014- 9674-fixup- 1
* Fix Savannah bug #43538. CVE-2014-9674-part- 1
* Fix Savannah bug #43539. CVE-2014-9673
* src/base/ftobjs.c (Mac_Read_POST_Resource) : Avoid memory leak by
a broken POST table in resource-fork. CVE-2014-9673-fixup
* Fix Savannah bug #43540. CVE-2014-9672
* Fix Savannah bug #43547. CVE-2014-9671
* Fix Savannah bug #43548. CVE-2014-9670
* [sfnt] Fix Savannah bug #43588. CVE-2014-9669
* [sfnt] Fix Savannah bug #43589. CVE-2014-9668
* [sfnt] Fix Savannah bug #43590. CVE-2014-9667
* [sfnt] Fix Savannah bug #43591. CVE-2014-9666
* Change some fields in `FT_Bitmap' to unsigned type. CVE-2014-9665
* Fix uninitialized variable warning. CVE-2014-9665-fixup- 2
* Make `FT_Bitmap_Convert' correctly handle negative `pitch' values.
CVE-2014-9665-fixup
* [type1, type42] Fix Savannah bug #43655. CVE-2014-9664
* [sfnt] Fix Savannah bug #43656. CVE-2014-9663
* [cff] Fix Savannah bug #43658. CVE-2014-9662
* [type42] Allow only embedded TrueType fonts. CVE-2014-9661
* [bdf] Fix Savannah bug #43660. CVE-2014-9660
* [cff] Fix Savannah bug #43661. CVE-2014-9659
* [sfnt] Fix Savannah bug #43672. CVE-2014-9658
* [truetype] Fix Savannah bug #43679. CVE-2014-9657
* [sfnt] Fix Savannah bug #43680. CVE-2014-9656
* All CVEs patched. Closes: #777656. - 47. By Steve Langasek
-
* Acknowledge security NMU; thanks to Michael Gilbert.
* Standards-Version 3.9.6.
* Bump debhelper build-dependency to 9.
* debian/patches/ enable- old-cff. patch: disable the new CFF hinter from
Adobe, working around wrong hinting with some toolkits on Linux. Thanks
to Samat K Jain <email address hidden> for preparing the patch.
Closes: #730742.
* debian/patches- freetype/ 0001-Fix- Savannah-bug-40997.patch: Cherry-pick
upstream patch to fix a double free. Closes: #747002, LP: #1310728.
* debian/patches- freetype/ 0002-Fix- Savannah-bug-42418.patch: Cherry-pick
upstream patch to fix cjk font rendering issue. LP: #1310017.
* debian/patches- freetype/ verbose- libtool. patch: don't let libtool
suppress compiler output.
* debian/patches- freetype/ no-uninitialize d-bbox. patch: ensure that our
variable is reliably initialized before use, fixing a build failure on
ppc64el when building with -O3. - 46. By Michael Gilbert <email address hidden>
-
* Non-maintainer upload by the Security Team.
* Fix two security issues in the CFF rasterizer (closes: #741299)
- CVE-2014-2240: out-of-bounds read/write in cf2hints.c.
- CVE-2014-2241: denial-of-service in cf2ft.c. - 45. By Steve Langasek
-
* New upstream release
- fixes a crasher bug with certain fonts. Closes: #733052.
- drop of additional symbols which were previously exported but are only
meant for debugging and upstream recommends not enabling them when
building in "release mode". If this impacts users of freetype, we can
re-enable these symbols later.
* Call autogen.sh on build to refresh autotools; not using dh-autoreconf
because the upstream directory structure is non-standard and it's a
throw-away dir, so there's no advantage to dh-autoreconf's rollback
support.
* Fix symbols file with respect to more complete version info found in
Ubuntu.
* Drop debian/patches- ft2demos/ compiler- warning- fixes.patch, which is
actually a bug in the compiler_hardening_ fixes.patch; fix it there
instead.
* Fix libpng detection when cross-building. - 44. By Steve Langasek
-
* Drop unnecessary GPLv2.txt from libfreetype6-dev.
* Add missing dependency on libpng-dev to libfreetype6-dev.
Closes: #732062. - 43. By Steve Langasek
-
* New upstream release. Closes: #717952, #729231.
- Add build-dependency on libpng-dev.
- Dropped patches, included upstream: savannah-bug-35847.patch,
savannah-bug-35833.patch, savannah-bug-37905.patch,
savannah-bug-37906.patch, savannah-bug-37907.patch
- Internal symbols have been dropped in this version. No soname change
because the symbols are not supposed to be used, but past experience
suggests that this may break some third-party software anyway.
* compiler_hardening_ fixes.patch: fix wrong snprintf() calls in ttdebug.c
that cause an overflow 100% of the time.
* debian/patches- ft2demos/ compiler- warning- fixes.patch: Fix a wrong
cast that triggers a compiler warning.
* debian/patches- ft2demos/ revert- wrong-extern. patch: revert wrong
upstream commit that causes a build failure. - 42. By Salvatore Bonaccorso
-
* Non-maintainer upload.
Upload ACKed by Steve Langasek <email address hidden> on #debian-devel.
* Add savannah-bug-37905.patch patch
[SECURITY] CVE-2012-5668: NULL Pointer Dereference in bdf_free_font.
(Closes: #696691)
* Add savannah-bug-37906.patch patch
[SECURITY] CVE-2012-5669: Out-of-bounds read in _bdf_parse_glyphs.
(Closes: #696691)
* Add savannah-bug-37907.patch patch
[SECURITY] CVE-2012-5670: Out-of-bounds write in _bdf_parse_glyphs.
(Closes: #696691)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:debian/freetype