Last commit made on 2017-05-07
Get this branch:
git clone -b debian/jessie https://git.launchpad.net/ubuntu/+source/freetype
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information


Recent commits

7647f4a... by Salvatore Bonaccorso on 2017-04-27

Import patches-unapplied version 2.5.2-3+deb8u2 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: b997f4bbf3994afd1e07d57dace6d3fa9fd6dfad

New changelog entries:
  * Non-maintainer upload by the Security Team.
  [ Moritz Mühlenhoff ]
  * CVE-2016-10244 (Closes: #856971)
  [ Salvatore Bonaccorso ]
  * [psaux] Better protect `flex' handling (CVE-2017-8105) (Closes: #861220)
  * t1_builder_close_contour: Add safety guard (CVE-2017-8287)
    (Closes: #861308)

b997f4b... by Santiago Ruano Rincón on 2015-10-05

Import patches-unapplied version 2.5.2-3+deb8u1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: e6a2a6de51e8cde1ac2191cf4fde18d6c6ff7770

New changelog entries:
  * Non-maintainer upload.
  * CVE-2014-9745: Fix Savannah bug #41590. Protect against invalid number in
    t1load.c parse_encoding().
  * CVE-2014-9746, CVE-2014-9747: Fix Savannah bug #41309. Correct use of
    uninitialized data in t1load.c, cidload.c, t42parse.c and psobjs.c.

e6a2a6d... by Keith Packard on 2015-02-24

Import patches-unapplied version 2.5.2-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f3322a2a517a4d7c07e5ad5c4d939a778f8ad3e1

New changelog entries:
  * Fix Savannah bug #43535. CVE-2014-9675
  * [bdf] Fix Savannah bug #41692. CVE-2014-9675-fixup-1
  * src/base/ftobj.c (Mac_Read_POST_Resource): Additional overflow check
    in the summation of POST fragment lengths. CVE-2014-0674-part-2
  * src/base/ftobjs.c (Mac_Read_POST_Resource): Insert comments and fold
    too long tracing messages. CVS-2014-9674-fixup-2
  * src/base/ftobjs.c (Mac_Read_POST_Resource): Use unsigned long variables to read the lengths in POST fragments. CVE-2014-9674-fixup-1
  * Fix Savannah bug #43538. CVE-2014-9674-part-1
  * Fix Savannah bug #43539. CVE-2014-9673
  * src/base/ftobjs.c (Mac_Read_POST_Resource): Avoid memory leak by
    a broken POST table in resource-fork. CVE-2014-9673-fixup
  * Fix Savannah bug #43540. CVE-2014-9672
  * Fix Savannah bug #43547. CVE-2014-9671
  * Fix Savannah bug #43548. CVE-2014-9670
  * [sfnt] Fix Savannah bug #43588. CVE-2014-9669
  * [sfnt] Fix Savannah bug #43589. CVE-2014-9668
  * [sfnt] Fix Savannah bug #43590. CVE-2014-9667
  * [sfnt] Fix Savannah bug #43591. CVE-2014-9666
  * Change some fields in `FT_Bitmap' to unsigned type. CVE-2014-9665
  * Fix uninitialized variable warning. CVE-2014-9665-fixup-2
  * Make `FT_Bitmap_Convert' correctly handle negative `pitch' values.
  * [type1, type42] Fix Savannah bug #43655. CVE-2014-9664
  * [sfnt] Fix Savannah bug #43656. CVE-2014-9663
  * [cff] Fix Savannah bug #43658. CVE-2014-9662
  * [type42] Allow only embedded TrueType fonts. CVE-2014-9661
  * [bdf] Fix Savannah bug #43660. CVE-2014-9660
  * [cff] Fix Savannah bug #43661. CVE-2014-9659
  * [sfnt] Fix Savannah bug #43672. CVE-2014-9658
  * [truetype] Fix Savannah bug #43679. CVE-2014-9657
  * [sfnt] Fix Savannah bug #43680. CVE-2014-9656
  * All CVEs patched. Closes: #777656.

f3322a2... by Steve Langasek on 2014-09-19

Import patches-unapplied version 2.5.2-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 48a23f0c520e4737228c922dfa21b063dcccdfca

New changelog entries:
  * Acknowledge security NMU; thanks to Michael Gilbert.
  * Standards-Version 3.9.6.
  * Bump debhelper build-dependency to 9.
  * debian/patches/enable-old-cff.patch: disable the new CFF hinter from
    Adobe, working around wrong hinting with some toolkits on Linux. Thanks
    to Samat K Jain <email address hidden> for preparing the patch.
    Closes: #730742.
  * debian/patches-freetype/0001-Fix-Savannah-bug-40997.patch: Cherry-pick
    upstream patch to fix a double free. Closes: #747002, LP: #1310728.
  * debian/patches-freetype/0002-Fix-Savannah-bug-42418.patch: Cherry-pick
    upstream patch to fix cjk font rendering issue. LP: #1310017.
  * debian/patches-freetype/verbose-libtool.patch: don't let libtool
    suppress compiler output.
  * debian/patches-freetype/no-uninitialized-bbox.patch: ensure that our
    variable is reliably initialized before use, fixing a build failure on
    ppc64el when building with -O3.

48a23f0... by Michael Gilbert <email address hidden> on 2014-07-28

Import patches-unapplied version 2.5.2-1.1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: a5a137006c02461b219e7af2464799a18c86a0a0

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * Fix two security issues in the CFF rasterizer (closes: #741299)
    - CVE-2014-2240: out-of-bounds read/write in cf2hints.c.
    - CVE-2014-2241: denial-of-service in cf2ft.c.

a5a1370... by Steve Langasek on 2013-12-25

Import patches-unapplied version 2.5.2-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 50883c0137a49255552a3a621f32d400ff759b87

New changelog entries:
  * New upstream release
    - fixes a crasher bug with certain fonts. Closes: #733052.
    - drop of additional symbols which were previously exported but are only
      meant for debugging and upstream recommends not enabling them when
      building in "release mode". If this impacts users of freetype, we can
      re-enable these symbols later.
  * Call autogen.sh on build to refresh autotools; not using dh-autoreconf
    because the upstream directory structure is non-standard and it's a
    throw-away dir, so there's no advantage to dh-autoreconf's rollback
  * Fix symbols file with respect to more complete version info found in
  * Drop debian/patches-ft2demos/compiler-warning-fixes.patch, which is
    actually a bug in the compiler_hardening_fixes.patch; fix it there
  * Fix libpng detection when cross-building.

50883c0... by Steve Langasek on 2013-12-18

Import patches-unapplied version 2.5.1-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: a77e71f0087e398bcbc0bb9313cb9f167a410bd6

New changelog entries:
  * Drop unnecessary GPLv2.txt from libfreetype6-dev.
  * Add missing dependency on libpng-dev to libfreetype6-dev.
    Closes: #732062.

a77e71f... by Steve Langasek on 2013-11-28

Import patches-unapplied version 2.5.1-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 8110cfe5e60879ecf5ec6de779431c25199b1522

New changelog entries:
  * New upstream release. Closes: #717952, #729231.
    - Add build-dependency on libpng-dev.
    - Dropped patches, included upstream: savannah-bug-35847.patch,
      savannah-bug-35833.patch, savannah-bug-37905.patch,
      savannah-bug-37906.patch, savannah-bug-37907.patch
    - Internal symbols have been dropped in this version. No soname change
      because the symbols are not supposed to be used, but past experience
      suggests that this may break some third-party software anyway.
  * compiler_hardening_fixes.patch: fix wrong snprintf() calls in ttdebug.c
    that cause an overflow 100% of the time.
  * debian/patches-ft2demos/compiler-warning-fixes.patch: Fix a wrong
    cast that triggers a compiler warning.
  * debian/patches-ft2demos/revert-wrong-extern.patch: revert wrong
    upstream commit that causes a build failure.

8110cfe... by Salvatore Bonaccorso on 2012-12-28

Import patches-unapplied version 2.4.9-1.1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f10a4e18007dab06198b7881c6dcde3bdd949746

New changelog entries:
  * Non-maintainer upload.
    Upload ACKed by Steve Langasek <email address hidden> on #debian-devel.
  * Add savannah-bug-37905.patch patch
    [SECURITY] CVE-2012-5668: NULL Pointer Dereference in bdf_free_font.
    (Closes: #696691)
  * Add savannah-bug-37906.patch patch
    [SECURITY] CVE-2012-5669: Out-of-bounds read in _bdf_parse_glyphs.
    (Closes: #696691)
  * Add savannah-bug-37907.patch patch
    [SECURITY] CVE-2012-5670: Out-of-bounds write in _bdf_parse_glyphs.
    (Closes: #696691)

f10a4e1... by Steve Langasek on 2012-03-24

Import patches-unapplied version 2.4.9-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: cf2752aeaa90e51c3cfc5e78116fed80b7cecd15

New changelog entries:
  * New upstream release
    - upstream fix for multiple vulnerabilities: CVE-2012-1126,
      CVE-2012-1133, CVE-2012-1134, CVE-2012-1136, CVE-2012-1142,
      CVE-2012-1144. and others. Closes: #662864.
    - update symbols file for a new symbol, ft_raccess_guess_table
  * debian/patches-freetype/savannah-bug-35847.patch,
    debian/patches-freetype/savannah-bug-35833.patch: pull two bugfixes from
    upstream git on top of 2.4.9, to address regressions affecting
    ghostscript. Thanks to Till Kamppeter for pointing this out.
  * push CPPFLAGS into CFLAGS for ft2demos, so our demos will be secure.
    Closes: #663613.
  * don't let a quiltrc override our QUILT_PATCHES settings in debian/rules.
    Closes: #617217.
  * Migrate debian/copyright to copyright-format 1.0, and fix up the upstream
    URL. Closes: #642059.