ubuntu/+source/freetype:applied/ubuntu/breezy-devel

Last commit made on 2007-04-03
Get this branch:
git clone -b applied/ubuntu/breezy-devel https://git.launchpad.net/ubuntu/+source/freetype
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/breezy-devel
Repository:
lp:ubuntu/+source/freetype

Recent commits

8f65d3b... by Kees Cook on 2007-04-02

Import patches-applied version 2.1.7-2.4ubuntu1.3 to applied/ubuntu/breezy-security

Imported using git-ubuntu import.

Changelog parent: fed918d7c04f995d4e18c32e90e44b82e854ace8
Unapplied parent: d26506efafdd0f58d03f4845d59d23e9cdfe9838

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via integer overflows.
  * Add debian/patches/404-bdf-integer.patch from upstream changes.
  * References
    CVE-2007-1351

d26506e... by Kees Cook on 2007-04-02

Import patches-unapplied version 2.1.7-2.4ubuntu1.3 to ubuntu/breezy-security

Imported using git-ubuntu import.

Changelog parent: 7537dab3cffb46ae96fe0642bde08aee19975f09

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via integer overflows.
  * Add debian/patches/404-bdf-integer.patch from upstream changes.
  * References
    CVE-2007-1351

fed918d... by Martin Pitt on 2006-07-26

Import patches-applied version 2.1.7-2.4ubuntu1.2 to applied/ubuntu/breezy-security

Imported using git-ubuntu import.

Changelog parent: 8b0d57ab9be687fde2582ee8022847e769f34205
Unapplied parent: 7537dab3cffb46ae96fe0642bde08aee19975f09

New changelog entries:
  * SECURITY UPDATE: Arbitrary code execution and DoS with crafted font files.
  * Add debian/patches/403-pcf-strlen.patch:
    - src/pcf/pcfread.c: Detect invalid string lengths.
    - CVE-2006-3467

7537dab... by Martin Pitt on 2006-07-26

Import patches-unapplied version 2.1.7-2.4ubuntu1.2 to ubuntu/breezy-security

Imported using git-ubuntu import.

Changelog parent: 67be229cde1d9dc33679cc62328c99c505dcd9a7

New changelog entries:
  * SECURITY UPDATE: Arbitrary code execution and DoS with crafted font files.
  * Add debian/patches/403-pcf-strlen.patch:
    - src/pcf/pcfread.c: Detect invalid string lengths.
    - CVE-2006-3467

8b0d57a... by Martin Pitt on 2006-06-02

Import patches-applied version 2.1.7-2.4ubuntu1.1 to applied/ubuntu/breezy-security

Imported using git-ubuntu import.

Changelog parent: 679f29de702c936c76f520ba435988315e4210c9
Unapplied parent: 67be229cde1d9dc33679cc62328c99c505dcd9a7

New changelog entries:
  * SECURITY UPDATE: Arbitrary code execution and DoS with crafted font files.
  * Add debian/patches/401-odd_blue_num-safe_alloc.patch:
    - src/pshinter/pshglob.c: Prevent integer underflow with malformed fonts
      which have an odd number of blue values (these are broken according to
      the specs). [CVE-2006-0747]
    - src/base/ftutil.c: Fail with an 'invalid argument' error on negative
      allocations, just to make double sure. [CVE-2006-2661]
    - Patches taken from upstream CVS.
  * Add debian/patches/402-int-overflows.patch:
    - Various int overflow protections. [CVE-2006-1861, CVE-2006-2493]
    - Patches taken from upstream CVS.
  * Many thanks to Josh Bressers for extracting the patches!

67be229... by Martin Pitt on 2006-06-02

Import patches-unapplied version 2.1.7-2.4ubuntu1.1 to ubuntu/breezy-security

Imported using git-ubuntu import.

Changelog parent: 296d7cb025f80d5c3e05dced642c538c65ee876a

New changelog entries:
  * SECURITY UPDATE: Arbitrary code execution and DoS with crafted font files.
  * Add debian/patches/401-odd_blue_num-safe_alloc.patch:
    - src/pshinter/pshglob.c: Prevent integer underflow with malformed fonts
      which have an odd number of blue values (these are broken according to
      the specs). [CVE-2006-0747]
    - src/base/ftutil.c: Fail with an 'invalid argument' error on negative
      allocations, just to make double sure. [CVE-2006-2661]
    - Patches taken from upstream CVS.
  * Add debian/patches/402-int-overflows.patch:
    - Various int overflow protections. [CVE-2006-1861, CVE-2006-2493]
    - Patches taken from upstream CVS.
  * Many thanks to Josh Bressers for extracting the patches!

679f29d... by Daniel Stone <email address hidden> on 2005-05-12

Import patches-applied version 2.1.7-2.4ubuntu1 to applied/ubuntu/breezy

Imported using git-ubuntu import.

Changelog parent: 874a20e42e3ec83742e1cbdf830694d5ae06b6ba
Unapplied parent: 296d7cb025f80d5c3e05dced642c538c65ee876a

New changelog entries:
  * Slightly relax the header check on Type1 fonts, enabling wider display of
    PDFs, et al; based on a change to FreeType CVS (closes: Ubuntu#10087).
  * Non-maintainer upload.
  * freetype-2.1.7/src/bdf/bdflib.c: When a glyph has zero width or height,
    a bitmap is not actually allocated for it, but the code used to try to
    use it anyway. Now it no longer does that. Fix by Steve Langasek,
    based on something I did earlier. Added
    debian/patches/300-bdflib-zero-width-glyphs.diff. Closes: #302269
    (Segmentation fault with certain bdf fonts).
  * freetype-2.1.7/src/bdf/bdflib.c: BDF font files with glyphs with an
    encoding value of at least 65536 would overflow the bitmap with
    65536 bits which bdflib.c uses to keep track of whether it has seen
    an encoding already. Changed things so that encodings above the
    limit cause an error code to be returned instead of a segfault
    happening. Ideally, the bitmap should be replaced with a more
    compact representation, but that is too big a change for something
    this small. I will, however, only lower the severity of the bug
    (305413) to normal, instead of marking it fixed. Added
    debian/patches/300-bdflib-large-encodings.diff.

296d7cb... by Daniel Stone <email address hidden> on 2005-05-12

Import patches-unapplied version 2.1.7-2.4ubuntu1 to ubuntu/breezy

Imported using git-ubuntu import.

Changelog parent: ed1857717df4783dc58f19dc1862d4f08cf2d15e

New changelog entries:
  * Slightly relax the header check on Type1 fonts, enabling wider display of
    PDFs, et al; based on a change to FreeType CVS (closes: Ubuntu#10087).
  * Non-maintainer upload.
  * freetype-2.1.7/src/bdf/bdflib.c: When a glyph has zero width or height,
    a bitmap is not actually allocated for it, but the code used to try to
    use it anyway. Now it no longer does that. Fix by Steve Langasek,
    based on something I did earlier. Added
    debian/patches/300-bdflib-zero-width-glyphs.diff. Closes: #302269
    (Segmentation fault with certain bdf fonts).
  * freetype-2.1.7/src/bdf/bdflib.c: BDF font files with glyphs with an
    encoding value of at least 65536 would overflow the bitmap with
    65536 bits which bdflib.c uses to keep track of whether it has seen
    an encoding already. Changed things so that encodings above the
    limit cause an error code to be returned instead of a segfault
    happening. Ideally, the bitmap should be replaced with a more
    compact representation, but that is too big a change for something
    this small. I will, however, only lower the severity of the bug
    (305413) to normal, instead of marking it fixed. Added
    debian/patches/300-bdflib-large-encodings.diff.

874a20e... by dann frazier on 2004-11-09

Import patches-applied version 2.1.7-2.3 to applied/ubuntu/hoary

Imported using git-ubuntu import.

Unapplied parent: ed1857717df4783dc58f19dc1862d4f08cf2d15e

ed18577... by dann frazier on 2004-11-09

Import patches-unapplied version 2.1.7-2.3 to ubuntu/hoary

Imported using git-ubuntu import.