lp:ubuntu/saucy-proposed/freetype
- Get this branch:
- bzr branch lp:ubuntu/saucy-proposed/freetype
Branch merges
Branch information
Recent revisions
- 51. By Sebastien Bacher
-
* New upstream version (lp: #1179523)
* debian/patches- freetype/ git_unitialized _variable. patch,
debian/patches- ft2demos/ init_variables. patch:
- fix an unitialized variable warnings which were breaking the build
* debian/libfreetype6. symbols: updated - 50. By Sebastien Bacher
-
* New upstream version
* debian/patches- freetype/ CVE-2012- 5668.patch,
debian/patches- freetype/ CVE-2012- 5669.patch,
debian/patches- freetype/ CVE-2012- 5670.patch:
- dropped, those fixes are in the new version
* debian/patches- ft2demos/ compiler_ hardening_ fixes.patch:
- changed unsigned char* to char* to fix "pointer targets in assignment
differ in signedness" build error
* debian/libfreetype6. symbols: updated for the new version - 49. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible code execution via NULL
pointer dereference
- debian/patches- freetype/ CVE-2012- 5668.patch: reset props_size in case
of allocation error in src/bdf/bdflib.c.
- CVE-2012-5668
* SECURITY UPDATE: denial of service and possible code execution via heap
buffer over-read in BDF parsing
- debian/patches- freetype/ CVE-2012- 5669.patch: use correct array size
in src/bdf/bdflib.c.
- CVE-2012-5669
* SECURITY UPDATE: denial of service and possible code execution via out-
of-bounds write
- debian/patches- freetype/ CVE-2012- 5670.patch: normalize negative
parameter in src/bdf/bdflib.c.
- CVE-2012-5670 - 48. By Sebastien Bacher
-
* New upstream version
* debian/libfreetype6. symbols:
- new version update
* debian/patches- freetype/ savannah-bug-35847.patch,
debian/patches- freetype/ savannah-bug-35833.patch:
- dropped, the fixes are in the new version
* Resynchronize on Debian, remaining diff:
* debian/patches- freetype/ revert_ scalable_ fonts_metric. patch:
- revert commit "Fix metrics on size request for scalable fonts.",
it's breaking gtk underlining markups and creating some other
issues as well (lp: #972223) - 47. By Sebastien Bacher
-
* debian/
patches- freetype/ revert_ scalable_ fonts_metric. patch:
- revert commit "Fix metrics on size request for scalable fonts.",
it's breaking gtk underlining markups and creating some other
issues as well (lp: #972223) - 46. By Tyler Hicks
-
* SECURITY UPDATE: Denial of service via crafted BDF font (LP: #963283)
- debian/patches- freetype/ CVE-2012- 1126.patch: Perform better input
sanitization when parsing properties. Based on upstream patch.
- CVE-2012-1126
* SECURITY UPDATE: Denial of service via crafted BDF font
- debian/patches- freetype/ CVE-2012- 1127.patch: Perform better input
sanitization when parsing glyphs. Based on upstream patch.
- CVE-2012-1127
* SECURITY UPDATE: Denial of service via crafted TrueType font
- debian/patches- freetype/ CVE-2012- 1128.patch: Improve loop logic to avoid
NULL pointer dereference. Based on upstream patch.
- CVE-2012-1128
* SECURITY UPDATE: Denial of service via crafted Type42 font
- debian/patches- freetype/ CVE-2012- 1129.patch: Perform better input
sanitization when parsing SFNT strings. Based on upstream patch.
- CVE-2012-1129
* SECURITY UPDATE: Denial of service via crafted PCF font
- debian/patches- freetype/ CVE-2012- 1130.patch: Allocate enough memory to
properly NULL-terminate parsed properties strings. Based on upstream
patch.
- CVE-2012-1130
* SECURITY UPDATE: Denial of service via crafted TrueType font
- debian/patches- freetype/ CVE-2012- 1131.patch: Use appropriate data type to
prevent integer truncation on 64 bit systems when rendering fonts. Based
on upstream patch.
- CVE-2012-1131
* SECURITY UPDATE: Denial of service via crafted Type1 font
- debian/patches- freetype/ CVE-2012- 1132.patch: Ensure strings are of
appropriate length when loading Type1 fonts. Based on upstream patch.
- CVE-2012-1132
* SECURITY UPDATE: Denial of service and arbitrary code execution via
crafted BDF font
- debian/patches- freetype/ CVE-2012- 1133.patch: Limit range of negative
glyph encoding values to prevent invalid array indexes. Based on
upstream patch.
- CVE-2012-1133
* SECURITY UPDATE: Denial of service and arbitrary code execution via
crafted Type1 font
- debian/patches- freetype/ CVE-2012- 1134.patch: Enforce a minimum Type1
private dictionary size to prevent writing past array bounds. Based on
upstream patch.
- CVE-2012-1134
* SECURITY UPDATE: Denial of service via crafted TrueType font
- debian/patches- freetype/ CVE-2012- 1135.patch: Perform proper bounds
checks when interpreting TrueType bytecode. Based on upstream patch.
- CVE-2012-1135
* SECURITY UPDATE: Denial of service and arbitrary code execution via
crafted BDF font
- debian/patches- freetype/ CVE-2012- 1136.patch: Ensure encoding field is
defined when parsing glyphs. Based on upstream patch.
- CVE-2012-1136
* SECURITY UPDATE: Denial of service via crafted BDF font
- debian/patches- freetype/ CVE-2012- 1137.patch: Allocate sufficient number
of array elements to prevent reading past array bounds. Based on
upstream patch.
- CVE-2012-1137
* SECURITY UPDATE: Denial of service via crafted TrueType font
- debian/patches- freetype/ CVE-2012- 1138.patch: Correct typo resulting in
invalid read from wrong memory location. Based on upstream patch.
- CVE-2012-1138
* SECURITY UPDATE: Denial of service via crafted BDF font
- debian/patches- freetype/ CVE-2012- 1139.patch: Check array index values to
prevent reading invalid memory. Based on upstream patch.
- CVE-2012-1139
* SECURITY UPDATE: Denial of service via crafted PostScript font
- debian/patches- freetype/ CVE-2012- 1140.patch: Fix off-by-one error in
boundary checks. Based on upstream patch.
- CVE-2012-1140
* SECURITY UPDATE: Denial of service via crafted BDF font
- debian/patches- freetype/ CVE-2012- 1141.patch: Initialize field elements
to prevent invalid read. Based on upstream patch.
- CVE-2012-1141
* SECURITY UPDATE: Denial of service via crafted Windows FNT/FON font
- debian/patches- freetype/ CVE-2012- 1142.patch: Perform input sanitization
on first and last character code fields. Based on upstream patch.
- CVE-2012-1142
* SECURITY UPDATE: Denial of service via crafted font
- debian/patches- freetype/ CVE-2012- 1143.patch: Protect against divide by
zero when dealing with 32 bit types. Based on upstream patch.
- CVE-2012-1143
* SECURITY UPDATE: Denial of service and arbitrary code execution via
crafted TrueType font
- debian/patches- freetype/ CVE-2012- 1144.patch: Perform input sanitization
on the first glyph outline point value. Based on upstream patch.
- CVE-2012-1144 - 45. By Steve Langasek
-
* New upstream release
- upstream fix for CVE-2011-3439. Closes: #649122.
- adjust libfreetype6.symbols for a newly-exported function. - 44. By Steve Langasek
-
* Use dpkg-buildflags through debhelper.
* Don't set -Werror in CFLAGS on alpha or m68k, to work around a compiler
bug. Closes: #646334. - 43. By Steve Langasek
-
* New upstream release
- upstream fix for CVE-2011-3256. Closes: #646120.
- drop debian/patches- freetype/ 0001-Fix- Savannah-bug-33992.patch,
included upstream.
* Pass --without-bzip2 to configure, to avoid unwanted dependency on
libbz2. Closes: #639638.
* Standards-Version 3.9.2. - 42. By Steve Langasek
-
debian/
patches- freetype/ 0001-Fix- Savannah-bug-33992.patch: [PATCH]
Fix Savannah bug #33992. Thanks to David Bevan
<email address hidden>. Closes: #638348.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/trusty/freetype