ubuntu/+source/freetype:ubuntu/jaunty-updates

Last commit made on 2010-08-17
Get this branch:
git clone -b ubuntu/jaunty-updates https://git.launchpad.net/ubuntu/+source/freetype
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/jaunty-updates
Repository:
lp:ubuntu/+source/freetype

Recent commits

82199a7... by Marc Deslauriers on 2010-08-13

Import patches-unapplied version 2.3.9-4ubuntu0.3 to ubuntu/jaunty-security

Imported using git-ubuntu import.

Changelog parent: 5b4f42862ac9e57b454f8eef569c436b1ece4276

New changelog entries:
  * SECURITY UPDATE: possible arbitrary code execution via buffer overflow
    in CFF Type2 CharStrings interpreter (LP: #617019)
    - debian/patches-freetype/CVE-2010-1797.patch: check number of operands
      in src/cff/cffgload.c.
    - CVE-2010-1797
  * SECURITY UPDATE: possible arbitrary code execution via buffer overflow
    in the ftmulti demo program (LP: #617019)
    - debian/patches-ft2demos/CVE-2010-2541.patch: use strncat and adjust
      sizes in src/ftmulti.c.
    - CVE-2010-2541
  * SECURITY UPDATE: possible arbitrary code execution via improper bounds
    checking (LP: #617019)
    - debian/patches-freetype/CVE-2010-2805.patch: fix calculation in
      src/base/ftstream.c.
    - CVE-2010-2805
  * SECURITY UPDATE: possible arbitrary code execution via improper bounds
    checking (LP: #617019)
    - debian/patches-freetype/CVE-2010-2806.patch: check string sizes in
      src/type42/t42parse.c.
    - CVE-2010-2806
  * SECURITY UPDATE: possible arbitrary code execution via improper type
    comparisons (LP: #617019)
    - debian/patches-freetype/CVE-2010-2807.patch: perform better bounds
      checking in src/smooth/ftsmooth.c, src/truetype/ttinterp.*.
    - CVE-2010-2807
  * SECURITY UPDATE: possible arbitrary code execution via memory
    corruption in Adobe Type 1 Mac Font File (LWFN) fonts (LP: #617019)
    - debian/patches-freetype/CVE-2010-2808.patch: check rlen in
      src/base/ftobjs.c.
    - CVE-2010-2808
  * SECURITY UPDATE: denial of service via bdf font (LP: #617019)
    - debian/patches-freetype/bug30135.patch: don't modify value in static
      string in src/bdf/bdflib.c.
  * SECURITY UPDATE: denial of service via nested "seac" calls
    - debian/patches-freetype/nested-seac.patch: handle nested calls
      correctly in include/freetype/internal/psaux.h, src/cff/cffgload.c,
      src/cff/cffgload.h, src/psaux/t1decode.c.

5b4f428... by Marc Deslauriers on 2010-07-15

Import patches-unapplied version 2.3.9-4ubuntu0.2 to ubuntu/jaunty-security

Imported using git-ubuntu import.

Changelog parent: c9be42a588a8d2678046ffc179e1acf5d3a7a717

New changelog entries:
  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via invalid free
    - debian/patches/CVE-2010-2498.patch: validate number of points in
      src/pshinter/pshalgo.c.
    - CVE-2010-2498
  * SECURITY UPDATE: arbitrary code execution via buffer overflow
    - debian/patches/CVE-2010-2499.patch: check positions and return code
      in src/base/ftobjs.c.
    - CVE-2010-2499
  * SECURITY UPDATE: arbitrary code execution via integer overflow
    - debian/patches/CVE-2010-2500.patch: switch to unsigned in
      src/smooth/ftgrays.c, check signed width and height in
      src/smooth/ftsmooth.c.
    - CVE-2010-2500
  * SECURITY UPDATE: arbitrary code execution via heap buffer overflow
    - debian/patches/CVE-2010-2519.patch: correctly calculate length in
      src/base/ftobjs.c.
    - CVE-2010-2519
  * SECURITY UPDATE: arbitrary code execution via invalid realloc
    - debian/patches/CVE-2010-2520.patch: perform bounds checking in
      src/truetype/ttinterp.c.
    - CVE-2010-2520
  * SECURITY UPDATE: arbitrary code execution via buffer overflows
    - debian/patches/CVE-2010-2527.patch: change buffer sizes in
      src/{ftdiff,ftgrid,ftmulti,ftstring,ftview}.c.
    - CVE-2010-2527

c9be42a... by Marc Deslauriers on 2009-04-22

Import patches-unapplied version 2.3.9-4ubuntu0.1 to ubuntu/jaunty-security

Imported using git-ubuntu import.

Changelog parent: ef4d061cc53b8d29bf606f4b592f460a18ff3486

New changelog entries:
  * SECURITY UPDATE: possible code execution via multiple integer overflows
    - debian/patches-freetype/security-CVE-2009-0946.patch: validate sid
      values in src/cff/cffload.c, check state->prefix in src/lzw/ftzopen.c,
      don't overflow int with table + length or ndp + numMappings * 4 in
      src/sfnt/ttcmap.c, validate glyph width and height in
      src/smooth/ftsmooth.c.
    - CVE-2009-0946

ef4d061... by Colin Watson on 2009-03-19

Import patches-unapplied version 2.3.9-4build1 to ubuntu/jaunty

Imported using git-ubuntu import.

Changelog parent: 4033d96486ed9e1d40415e9bf20c6baf083ab416

New changelog entries:
  * No-change rebuild to fix lpia shared library dependencies.

4033d96... by Steve Langasek on 2009-03-14

Import patches-unapplied version 2.3.9-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: ddc43b817ac9c8904e19dff186d4ee9dede9023b

New changelog entries:
  * debian/patches-ft2demos/compiler-hardening-fixes.patch: always check the
    return value of fread(), to appease hardened compilers such as what's
    used in Ubuntu by default. Set a good example, even if these demos
    shouldn't be security-sensitive! Also, along the way catch and fix a
    small memory leak on error. :)
  * debian/patches-freetype/proper-armel-asm-declaration.patch: use __asm__
    for declaring assembly instead of asm, fixing a build failure on armel.

ddc43b8... by Steve Langasek on 2009-03-14

Import patches-unapplied version 2.3.9-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 3a399908f5897bd682b90edc4553d6da1d473345

New changelog entries:
  * Drop spurious Suggests: on libfreetype6-dev. Closes: #363937.
  * debian/patches-freetype/enable-subpixel-rendering.patch: enable subpixel
    rendering features, used by libcairo and xft to provide LCD colour
    filtering. This is considered no more or less evil than the bytecode
    interpreter which we also enable.
  * Move debian/libfreetype6.copyright to debian/copyright, and selectively
    install it to the single binary package in debian/rules; the same
    copyright file is used for all the binaries anyway via symlinks, so
    there's no reason it shouldn't ship as debian/copyright.
    Closes: #381228.
  * Clip redundant LICENSE.TXT and GPL.TXT files from the
    libfreetype6-dev package. Closes: #459802.
  * debian/rules: bump the shlibs version, since 2.3.9 introduces a handful
    of new symbols
  * debian/libfreetype6.symbols: add a new symbols file, which should cause
    most packages to have relaxed dependencies of libfreetype6 now.
  * New upstream version; closes: #519168.
    * fixes a SIGFPE in evince when displaying some PDFs. Closes: #494350,
      LP: #277294.
    * fix a rendering issue with embedded Myriad_Pro fonts in some PDFs.
      LP: #330438.
    * fix a rendering issue with some glyphs not rendering in PDFs when
      an embedded font uses CID 0. LP: #252250.
    * drop patches-freetype/no-segfault-on-load_mac_face, included
      upstream.
    * patches-ft2demos/ft2demos-2.1.7-ftbench.patch: drop unused
      patch chunk
  * fix up the get-orig-source target to autodetect the upstream version
    using the changelog by default.

3a39990... by Steve Langasek on 2008-08-21

Import patches-unapplied version 2.3.7-2 to debian/lenny

Imported using git-ubuntu import.