ubuntu/+source/freetype:ubuntu/breezy-devel

Last commit made on 2007-04-03
Get this branch:
git clone -b ubuntu/breezy-devel https://git.launchpad.net/ubuntu/+source/freetype
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/breezy-devel
Repository:
lp:ubuntu/+source/freetype

Recent commits

d26506e... by Kees Cook on 2007-04-02

Import patches-unapplied version 2.1.7-2.4ubuntu1.3 to ubuntu/breezy-security

Imported using git-ubuntu import.

Changelog parent: 7537dab3cffb46ae96fe0642bde08aee19975f09

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via integer overflows.
  * Add debian/patches/404-bdf-integer.patch from upstream changes.
  * References
    CVE-2007-1351

7537dab... by Martin Pitt on 2006-07-26

Import patches-unapplied version 2.1.7-2.4ubuntu1.2 to ubuntu/breezy-security

Imported using git-ubuntu import.

Changelog parent: 67be229cde1d9dc33679cc62328c99c505dcd9a7

New changelog entries:
  * SECURITY UPDATE: Arbitrary code execution and DoS with crafted font files.
  * Add debian/patches/403-pcf-strlen.patch:
    - src/pcf/pcfread.c: Detect invalid string lengths.
    - CVE-2006-3467

67be229... by Martin Pitt on 2006-06-02

Import patches-unapplied version 2.1.7-2.4ubuntu1.1 to ubuntu/breezy-security

Imported using git-ubuntu import.

Changelog parent: 296d7cb025f80d5c3e05dced642c538c65ee876a

New changelog entries:
  * SECURITY UPDATE: Arbitrary code execution and DoS with crafted font files.
  * Add debian/patches/401-odd_blue_num-safe_alloc.patch:
    - src/pshinter/pshglob.c: Prevent integer underflow with malformed fonts
      which have an odd number of blue values (these are broken according to
      the specs). [CVE-2006-0747]
    - src/base/ftutil.c: Fail with an 'invalid argument' error on negative
      allocations, just to make double sure. [CVE-2006-2661]
    - Patches taken from upstream CVS.
  * Add debian/patches/402-int-overflows.patch:
    - Various int overflow protections. [CVE-2006-1861, CVE-2006-2493]
    - Patches taken from upstream CVS.
  * Many thanks to Josh Bressers for extracting the patches!

296d7cb... by Daniel Stone <email address hidden> on 2005-05-12

Import patches-unapplied version 2.1.7-2.4ubuntu1 to ubuntu/breezy

Imported using git-ubuntu import.

Changelog parent: ed1857717df4783dc58f19dc1862d4f08cf2d15e

New changelog entries:
  * Slightly relax the header check on Type1 fonts, enabling wider display of
    PDFs, et al; based on a change to FreeType CVS (closes: Ubuntu#10087).
  * Non-maintainer upload.
  * freetype-2.1.7/src/bdf/bdflib.c: When a glyph has zero width or height,
    a bitmap is not actually allocated for it, but the code used to try to
    use it anyway. Now it no longer does that. Fix by Steve Langasek,
    based on something I did earlier. Added
    debian/patches/300-bdflib-zero-width-glyphs.diff. Closes: #302269
    (Segmentation fault with certain bdf fonts).
  * freetype-2.1.7/src/bdf/bdflib.c: BDF font files with glyphs with an
    encoding value of at least 65536 would overflow the bitmap with
    65536 bits which bdflib.c uses to keep track of whether it has seen
    an encoding already. Changed things so that encodings above the
    limit cause an error code to be returned instead of a segfault
    happening. Ideally, the bitmap should be replaced with a more
    compact representation, but that is too big a change for something
    this small. I will, however, only lower the severity of the bug
    (305413) to normal, instead of marking it fixed. Added
    debian/patches/300-bdflib-large-encodings.diff.

ed18577... by dann frazier on 2004-11-09

Import patches-unapplied version 2.1.7-2.3 to ubuntu/hoary

Imported using git-ubuntu import.