lp:debian/stretch/freetype

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

51. By Steve Langasek on 2015-09-19

* Adjust symbols references for private symbols to sort to a higher (fake)
  version number instead of a lower, so that when linking against
  libfreetype without using its symbols, we don't get a wrong dependency on
  libfreetype6 (>= 1.PRIVATE.1). Closes: #799445.
* Pass --without-harfbuzz in debian/rules, to avoid opportunistically
  picking this up as a dependency if libharfbuzz-dev is installed.

50. By Steve Langasek on 2015-09-12

* New upstream release. Closes: #793751.
  * Includes a fix for a spurious error in FT_Get_SubGlyph_Info.
    Closes: #778493.
  * Includes a fix for an infinite loop in T1 font loading.
    Closes: #798620.
  * Includes a fix for an uninitialized memory bug in font parsers.
    Closes: #798619.
  * Includes fix for an out-of-bounds rate in the Adobe CFF implementation
    (which was not previously enabled in the package build).
    Closes: #773084.
  * Includes a fix for a crasher in xdvi. Closes: #733894.
  * Fixes support for compressed pcf fonts. Closes: #780340.
  * Drop various cherrypicked upstream patches from the package.
  * Ship upstream freetype-config manpage in place of our own.
    Closes LP: #1390767.
* Update symbols file. Includes dropping various private symbols that
  don't appear to have ever been part of the API.
* Fix exclusion of redundant license file (txt -> TXT)
* Re-enable the CFF driver, now that most related fonts have been fixed.
  Closes: #795653.
* Enable stage1 build without X library dependencies for bootstrapping.
  Closes: #752270, #752271.

49. By Keith Packard on 2015-03-15

* Fix Savannah bug #43774. Closes #780143.
* Release 2.5.2-4

48. By Keith Packard on 2015-02-23

* Fix Savannah bug #43535. CVE-2014-9675
* [bdf] Fix Savannah bug #41692. CVE-2014-9675-fixup-1
* src/base/ftobj.c (Mac_Read_POST_Resource): Additional overflow check
  in the summation of POST fragment lengths. CVE-2014-0674-part-2
* src/base/ftobjs.c (Mac_Read_POST_Resource): Insert comments and fold
  too long tracing messages. CVS-2014-9674-fixup-2
* src/base/ftobjs.c (Mac_Read_POST_Resource): Use unsigned long variables to read the lengths in POST fragments. CVE-2014-9674-fixup-1
* Fix Savannah bug #43538. CVE-2014-9674-part-1
* Fix Savannah bug #43539. CVE-2014-9673
* src/base/ftobjs.c (Mac_Read_POST_Resource): Avoid memory leak by
  a broken POST table in resource-fork. CVE-2014-9673-fixup
* Fix Savannah bug #43540. CVE-2014-9672
* Fix Savannah bug #43547. CVE-2014-9671
* Fix Savannah bug #43548. CVE-2014-9670
* [sfnt] Fix Savannah bug #43588. CVE-2014-9669
* [sfnt] Fix Savannah bug #43589. CVE-2014-9668
* [sfnt] Fix Savannah bug #43590. CVE-2014-9667
* [sfnt] Fix Savannah bug #43591. CVE-2014-9666
* Change some fields in `FT_Bitmap' to unsigned type. CVE-2014-9665
* Fix uninitialized variable warning. CVE-2014-9665-fixup-2
* Make `FT_Bitmap_Convert' correctly handle negative `pitch' values.
  CVE-2014-9665-fixup
* [type1, type42] Fix Savannah bug #43655. CVE-2014-9664
* [sfnt] Fix Savannah bug #43656. CVE-2014-9663
* [cff] Fix Savannah bug #43658. CVE-2014-9662
* [type42] Allow only embedded TrueType fonts. CVE-2014-9661
* [bdf] Fix Savannah bug #43660. CVE-2014-9660
* [cff] Fix Savannah bug #43661. CVE-2014-9659
* [sfnt] Fix Savannah bug #43672. CVE-2014-9658
* [truetype] Fix Savannah bug #43679. CVE-2014-9657
* [sfnt] Fix Savannah bug #43680. CVE-2014-9656
* All CVEs patched. Closes: #777656.

47. By Steve Langasek on 2014-09-19

* Acknowledge security NMU; thanks to Michael Gilbert.
* Standards-Version 3.9.6.
* Bump debhelper build-dependency to 9.
* debian/patches/enable-old-cff.patch: disable the new CFF hinter from
  Adobe, working around wrong hinting with some toolkits on Linux. Thanks
  to Samat K Jain <email address hidden> for preparing the patch.
  Closes: #730742.
* debian/patches-freetype/0001-Fix-Savannah-bug-40997.patch: Cherry-pick
  upstream patch to fix a double free. Closes: #747002, LP: #1310728.
* debian/patches-freetype/0002-Fix-Savannah-bug-42418.patch: Cherry-pick
  upstream patch to fix cjk font rendering issue. LP: #1310017.
* debian/patches-freetype/verbose-libtool.patch: don't let libtool
  suppress compiler output.
* debian/patches-freetype/no-uninitialized-bbox.patch: ensure that our
  variable is reliably initialized before use, fixing a build failure on
  ppc64el when building with -O3.

46. By Michael Gilbert <email address hidden> on 2014-07-28

* Non-maintainer upload by the Security Team.
* Fix two security issues in the CFF rasterizer (closes: #741299)
  - CVE-2014-2240: out-of-bounds read/write in cf2hints.c.
  - CVE-2014-2241: denial-of-service in cf2ft.c.

45. By Steve Langasek on 2013-12-25

* New upstream release
  - fixes a crasher bug with certain fonts. Closes: #733052.
  - drop of additional symbols which were previously exported but are only
    meant for debugging and upstream recommends not enabling them when
    building in "release mode". If this impacts users of freetype, we can
    re-enable these symbols later.
* Call autogen.sh on build to refresh autotools; not using dh-autoreconf
  because the upstream directory structure is non-standard and it's a
  throw-away dir, so there's no advantage to dh-autoreconf's rollback
  support.
* Fix symbols file with respect to more complete version info found in
  Ubuntu.
* Drop debian/patches-ft2demos/compiler-warning-fixes.patch, which is
  actually a bug in the compiler_hardening_fixes.patch; fix it there
  instead.
* Fix libpng detection when cross-building.

44. By Steve Langasek on 2013-12-17

* Drop unnecessary GPLv2.txt from libfreetype6-dev.
* Add missing dependency on libpng-dev to libfreetype6-dev.
  Closes: #732062.

43. By Steve Langasek on 2013-11-28

* New upstream release. Closes: #717952, #729231.
  - Add build-dependency on libpng-dev.
  - Dropped patches, included upstream: savannah-bug-35847.patch,
    savannah-bug-35833.patch, savannah-bug-37905.patch,
    savannah-bug-37906.patch, savannah-bug-37907.patch
  - Internal symbols have been dropped in this version. No soname change
    because the symbols are not supposed to be used, but past experience
    suggests that this may break some third-party software anyway.
* compiler_hardening_fixes.patch: fix wrong snprintf() calls in ttdebug.c
  that cause an overflow 100% of the time.
* debian/patches-ft2demos/compiler-warning-fixes.patch: Fix a wrong
  cast that triggers a compiler warning.
* debian/patches-ft2demos/revert-wrong-extern.patch: revert wrong
  upstream commit that causes a build failure.

42. By Salvatore Bonaccorso on 2012-12-28

* Non-maintainer upload.
  Upload ACKed by Steve Langasek <email address hidden> on #debian-devel.
* Add savannah-bug-37905.patch patch
  [SECURITY] CVE-2012-5668: NULL Pointer Dereference in bdf_free_font.
  (Closes: #696691)
* Add savannah-bug-37906.patch patch
  [SECURITY] CVE-2012-5669: Out-of-bounds read in _bdf_parse_glyphs.
  (Closes: #696691)
* Add savannah-bug-37907.patch patch
  [SECURITY] CVE-2012-5670: Out-of-bounds write in _bdf_parse_glyphs.
  (Closes: #696691)