ubuntu/+source/freetype:applied/debian/jessie

Last commit made on 2017-05-07
Get this branch:
git clone -b applied/debian/jessie https://git.launchpad.net/ubuntu/+source/freetype
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/debian/jessie
Repository:
lp:ubuntu/+source/freetype

Recent commits

4656b78... by Salvatore Bonaccorso on 2017-04-27

Import patches-applied version 2.5.2-3+deb8u2 to applied/debian/jessie

Imported using git-ubuntu import.

Changelog parent: 1facfe62223be32ba3f380b184d235eab85f0317
Unapplied parent: 1ce2e076be1b0543a5dd217d2a635827aae344dd

New changelog entries:
  * Non-maintainer upload by the Security Team.
  [ Moritz Mühlenhoff ]
  * CVE-2016-10244 (Closes: #856971)
  [ Salvatore Bonaccorso ]
  * [psaux] Better protect `flex' handling (CVE-2017-8105) (Closes: #861220)
  * t1_builder_close_contour: Add safety guard (CVE-2017-8287)
    (Closes: #861308)

1ce2e07... by Salvatore Bonaccorso on 2017-04-27

Remove .pc directory from source package.

7647f4a... by Salvatore Bonaccorso on 2017-04-27

Import patches-unapplied version 2.5.2-3+deb8u2 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: b997f4bbf3994afd1e07d57dace6d3fa9fd6dfad

New changelog entries:
  * Non-maintainer upload by the Security Team.
  [ Moritz Mühlenhoff ]
  * CVE-2016-10244 (Closes: #856971)
  [ Salvatore Bonaccorso ]
  * [psaux] Better protect `flex' handling (CVE-2017-8105) (Closes: #861220)
  * t1_builder_close_contour: Add safety guard (CVE-2017-8287)
    (Closes: #861308)

1facfe6... by Santiago Ruano Rincón on 2015-10-05

Import patches-applied version 2.5.2-3+deb8u1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 265c4ddab952eb81afc456b875d8e8ccdf70ef5d
Unapplied parent: bc0eaec535db85dac28fffad2a695efdf4063bf0

New changelog entries:
  * Non-maintainer upload.
  * CVE-2014-9745: Fix Savannah bug #41590. Protect against invalid number in
    t1load.c parse_encoding().
  * CVE-2014-9746, CVE-2014-9747: Fix Savannah bug #41309. Correct use of
    uninitialized data in t1load.c, cidload.c, t42parse.c and psobjs.c.

b997f4b... by Santiago Ruano Rincón on 2015-10-05

Import patches-unapplied version 2.5.2-3+deb8u1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: e6a2a6de51e8cde1ac2191cf4fde18d6c6ff7770

New changelog entries:
  * Non-maintainer upload.
  * CVE-2014-9745: Fix Savannah bug #41590. Protect against invalid number in
    t1load.c parse_encoding().
  * CVE-2014-9746, CVE-2014-9747: Fix Savannah bug #41309. Correct use of
    uninitialized data in t1load.c, cidload.c, t42parse.c and psobjs.c.

bc0eaec... by Santiago Ruano Rincón on 2015-10-05

Remove .pc directory from source package.

265c4dd... by Keith Packard on 2015-02-24

Import patches-applied version 2.5.2-3 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 71b5c71ac25b9c96701fa548eb5b535ff2d30bdf
Unapplied parent: 2f38330779209bd0927df79c3d513e1335276eaf

New changelog entries:
  * Fix Savannah bug #43535. CVE-2014-9675
  * [bdf] Fix Savannah bug #41692. CVE-2014-9675-fixup-1
  * src/base/ftobj.c (Mac_Read_POST_Resource): Additional overflow check
    in the summation of POST fragment lengths. CVE-2014-0674-part-2
  * src/base/ftobjs.c (Mac_Read_POST_Resource): Insert comments and fold
    too long tracing messages. CVS-2014-9674-fixup-2
  * src/base/ftobjs.c (Mac_Read_POST_Resource): Use unsigned long variables to read the lengths in POST fragments. CVE-2014-9674-fixup-1
  * Fix Savannah bug #43538. CVE-2014-9674-part-1
  * Fix Savannah bug #43539. CVE-2014-9673
  * src/base/ftobjs.c (Mac_Read_POST_Resource): Avoid memory leak by
    a broken POST table in resource-fork. CVE-2014-9673-fixup
  * Fix Savannah bug #43540. CVE-2014-9672
  * Fix Savannah bug #43547. CVE-2014-9671
  * Fix Savannah bug #43548. CVE-2014-9670
  * [sfnt] Fix Savannah bug #43588. CVE-2014-9669
  * [sfnt] Fix Savannah bug #43589. CVE-2014-9668
  * [sfnt] Fix Savannah bug #43590. CVE-2014-9667
  * [sfnt] Fix Savannah bug #43591. CVE-2014-9666
  * Change some fields in `FT_Bitmap' to unsigned type. CVE-2014-9665
  * Fix uninitialized variable warning. CVE-2014-9665-fixup-2
  * Make `FT_Bitmap_Convert' correctly handle negative `pitch' values.
    CVE-2014-9665-fixup
  * [type1, type42] Fix Savannah bug #43655. CVE-2014-9664
  * [sfnt] Fix Savannah bug #43656. CVE-2014-9663
  * [cff] Fix Savannah bug #43658. CVE-2014-9662
  * [type42] Allow only embedded TrueType fonts. CVE-2014-9661
  * [bdf] Fix Savannah bug #43660. CVE-2014-9660
  * [cff] Fix Savannah bug #43661. CVE-2014-9659
  * [sfnt] Fix Savannah bug #43672. CVE-2014-9658
  * [truetype] Fix Savannah bug #43679. CVE-2014-9657
  * [sfnt] Fix Savannah bug #43680. CVE-2014-9656
  * All CVEs patched. Closes: #777656.

e6a2a6d... by Keith Packard on 2015-02-24

Import patches-unapplied version 2.5.2-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f3322a2a517a4d7c07e5ad5c4d939a778f8ad3e1

New changelog entries:
  * Fix Savannah bug #43535. CVE-2014-9675
  * [bdf] Fix Savannah bug #41692. CVE-2014-9675-fixup-1
  * src/base/ftobj.c (Mac_Read_POST_Resource): Additional overflow check
    in the summation of POST fragment lengths. CVE-2014-0674-part-2
  * src/base/ftobjs.c (Mac_Read_POST_Resource): Insert comments and fold
    too long tracing messages. CVS-2014-9674-fixup-2
  * src/base/ftobjs.c (Mac_Read_POST_Resource): Use unsigned long variables to read the lengths in POST fragments. CVE-2014-9674-fixup-1
  * Fix Savannah bug #43538. CVE-2014-9674-part-1
  * Fix Savannah bug #43539. CVE-2014-9673
  * src/base/ftobjs.c (Mac_Read_POST_Resource): Avoid memory leak by
    a broken POST table in resource-fork. CVE-2014-9673-fixup
  * Fix Savannah bug #43540. CVE-2014-9672
  * Fix Savannah bug #43547. CVE-2014-9671
  * Fix Savannah bug #43548. CVE-2014-9670
  * [sfnt] Fix Savannah bug #43588. CVE-2014-9669
  * [sfnt] Fix Savannah bug #43589. CVE-2014-9668
  * [sfnt] Fix Savannah bug #43590. CVE-2014-9667
  * [sfnt] Fix Savannah bug #43591. CVE-2014-9666
  * Change some fields in `FT_Bitmap' to unsigned type. CVE-2014-9665
  * Fix uninitialized variable warning. CVE-2014-9665-fixup-2
  * Make `FT_Bitmap_Convert' correctly handle negative `pitch' values.
    CVE-2014-9665-fixup
  * [type1, type42] Fix Savannah bug #43655. CVE-2014-9664
  * [sfnt] Fix Savannah bug #43656. CVE-2014-9663
  * [cff] Fix Savannah bug #43658. CVE-2014-9662
  * [type42] Allow only embedded TrueType fonts. CVE-2014-9661
  * [bdf] Fix Savannah bug #43660. CVE-2014-9660
  * [cff] Fix Savannah bug #43661. CVE-2014-9659
  * [sfnt] Fix Savannah bug #43672. CVE-2014-9658
  * [truetype] Fix Savannah bug #43679. CVE-2014-9657
  * [sfnt] Fix Savannah bug #43680. CVE-2014-9656
  * All CVEs patched. Closes: #777656.

2f38330... by Keith Packard on 2015-02-24

Remove .pc directory from source package.

71b5c71... by Steve Langasek on 2014-09-19

Import patches-applied version 2.5.2-2 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 1f733ba60ba64da9ef3a825ba4daec01462ab879
Unapplied parent: 3fc5c1d60a5d1baf56f73a93f3be35d0a963142b

New changelog entries:
  * Acknowledge security NMU; thanks to Michael Gilbert.
  * Standards-Version 3.9.6.
  * Bump debhelper build-dependency to 9.
  * debian/patches/enable-old-cff.patch: disable the new CFF hinter from
    Adobe, working around wrong hinting with some toolkits on Linux. Thanks
    to Samat K Jain <email address hidden> for preparing the patch.
    Closes: #730742.
  * debian/patches-freetype/0001-Fix-Savannah-bug-40997.patch: Cherry-pick
    upstream patch to fix a double free. Closes: #747002, LP: #1310728.
  * debian/patches-freetype/0002-Fix-Savannah-bug-42418.patch: Cherry-pick
    upstream patch to fix cjk font rendering issue. LP: #1310017.
  * debian/patches-freetype/verbose-libtool.patch: don't let libtool
    suppress compiler output.
  * debian/patches-freetype/no-uninitialized-bbox.patch: ensure that our
    variable is reliably initialized before use, fixing a build failure on
    ppc64el when building with -O3.