ubuntu/+source/freetype:ubuntu/vivid-updates

Last commit made on 2015-09-10
Get this branch:
git clone -b ubuntu/vivid-updates https://git.launchpad.net/ubuntu/+source/freetype
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/vivid-updates
Repository:
lp:ubuntu/+source/freetype

Recent commits

25274b5... by Marc Deslauriers on 2015-09-10

Import patches-unapplied version 2.5.2-2ubuntu3.1 to ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: bfc948a8e42902d23b726663ed3683a1921cf13e

New changelog entries:
  * SECURITY UPDATE: uninitialized memory reads (LP: #1449225)
    - debian/patches-freetype/savannah-bug-41309.patch: fix use of
      uninitialized data in src/cid/cidload.c, src/psaux/psobjs.c,
      src/type1/t1load.c, src/type42/t42parse.c.
    - No CVE number
  * SECURITY UPDATE: denial of service via infinite loop in parse_encode
    (LP: #1492124)
    - debian/patches-freetype/savannah-bug-41590.patch: protect against
      invalid charcode in src/type1/t1load.c.
    - No CVE number

bfc948a... by Marc Deslauriers on 2015-02-24

Import patches-unapplied version 2.5.2-2ubuntu3 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: b7bd7afcfc6ff71066bc1872b66a9000ea9948d1

New changelog entries:
  * SECURITY UPDATE: denial of service and possible code execution via
    multiple security issues
    - debian/patches-freetype/CVE-2014-96xx/*.patch: backport a large
      quantity of upstream commits to fix multiple security issues.
    - CVE-2014-9656
    - CVE-2014-9657
    - CVE-2014-9658
    - CVE-2014-9659
    - CVE-2014-9660
    - CVE-2014-9661
    - CVE-2014-9662
    - CVE-2014-9663
    - CVE-2014-9664
    - CVE-2014-9665
    - CVE-2014-9666
    - CVE-2014-9667
    - CVE-2014-9668
    - CVE-2014-9669
    - CVE-2014-9670
    - CVE-2014-9671
    - CVE-2014-9672
    - CVE-2014-9673
    - CVE-2014-9674
    - CVE-2014-9675

b7bd7af... by Marco Trevisan (TreviƱo) on 2015-01-23

Import patches-unapplied version 2.5.2-2ubuntu2 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: 3a3f368db20528927049c5e5cd8477f1002475b0

New changelog entries:
  * Added patchset to fix multithread violations, LP: #1199571
    - debian/patches-freetype/multi-thread-violations.patch

3a3f368... by Steve Langasek on 2014-09-19

Import patches-unapplied version 2.5.2-2ubuntu1 to ubuntu/utopic-proposed

Imported using git-ubuntu import.

Changelog parent: f3322a2a517a4d7c07e5ad5c4d939a778f8ad3e1

New changelog entries:
  * Merge from Debian unstable, remaining changes:
    - debian/patches-freetype/revert_scalable_fonts_metric.patch:
      revert commit "Fix metrics on size request for scalable fonts.",
      which breaks gtk underlining markups
    - Make libfreetype6-dev M-A: same.
    - Error out on the use of the freetype-config --libtool option.
    - Don't add multiarch libdirs for freetype-config --libs.
    - Install the freetype2/config headers into the multiarch include path
      and provide symlinks in /usr/include.
  * Dropped changes, included in Debian:
    - debian/patches/CVE-2014-2240.patch: validate hintMask in
      src/cff/cf2hints.c.
    - debian/patches/CVE-2014-2241.patch: don't trigger asserts in
      src/cff/cf2ft.c.
    - debian/patches-freetype/0001-Fix-Savannah-bug-40997.patch: Cherry-pick
      upstream patch to fix a double free.
    - debian/patches-freetype/0002-Fix-Savannah-bug-42418.patch: Cherry-pick
      upstream patch to fix cjk font rendering issue.

f3322a2... by Steve Langasek on 2014-09-19

Import patches-unapplied version 2.5.2-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 48a23f0c520e4737228c922dfa21b063dcccdfca

New changelog entries:
  * Acknowledge security NMU; thanks to Michael Gilbert.
  * Standards-Version 3.9.6.
  * Bump debhelper build-dependency to 9.
  * debian/patches/enable-old-cff.patch: disable the new CFF hinter from
    Adobe, working around wrong hinting with some toolkits on Linux. Thanks
    to Samat K Jain <email address hidden> for preparing the patch.
    Closes: #730742.
  * debian/patches-freetype/0001-Fix-Savannah-bug-40997.patch: Cherry-pick
    upstream patch to fix a double free. Closes: #747002, LP: #1310728.
  * debian/patches-freetype/0002-Fix-Savannah-bug-42418.patch: Cherry-pick
    upstream patch to fix cjk font rendering issue. LP: #1310017.
  * debian/patches-freetype/verbose-libtool.patch: don't let libtool
    suppress compiler output.
  * debian/patches-freetype/no-uninitialized-bbox.patch: ensure that our
    variable is reliably initialized before use, fixing a build failure on
    ppc64el when building with -O3.

48a23f0... by Michael Gilbert <email address hidden> on 2014-07-28

Import patches-unapplied version 2.5.2-1.1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: a5a137006c02461b219e7af2464799a18c86a0a0

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * Fix two security issues in the CFF rasterizer (closes: #741299)
    - CVE-2014-2240: out-of-bounds read/write in cf2hints.c.
    - CVE-2014-2241: denial-of-service in cf2ft.c.

a5a1370... by Steve Langasek on 2013-12-25

Import patches-unapplied version 2.5.2-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 50883c0137a49255552a3a621f32d400ff759b87

New changelog entries:
  * New upstream release
    - fixes a crasher bug with certain fonts. Closes: #733052.
    - drop of additional symbols which were previously exported but are only
      meant for debugging and upstream recommends not enabling them when
      building in "release mode". If this impacts users of freetype, we can
      re-enable these symbols later.
  * Call autogen.sh on build to refresh autotools; not using dh-autoreconf
    because the upstream directory structure is non-standard and it's a
    throw-away dir, so there's no advantage to dh-autoreconf's rollback
    support.
  * Fix symbols file with respect to more complete version info found in
    Ubuntu.
  * Drop debian/patches-ft2demos/compiler-warning-fixes.patch, which is
    actually a bug in the compiler_hardening_fixes.patch; fix it there
    instead.
  * Fix libpng detection when cross-building.

50883c0... by Steve Langasek on 2013-12-18

Import patches-unapplied version 2.5.1-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: a77e71f0087e398bcbc0bb9313cb9f167a410bd6

New changelog entries:
  * Drop unnecessary GPLv2.txt from libfreetype6-dev.
  * Add missing dependency on libpng-dev to libfreetype6-dev.
    Closes: #732062.

a77e71f... by Steve Langasek on 2013-11-28

Import patches-unapplied version 2.5.1-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 8110cfe5e60879ecf5ec6de779431c25199b1522

New changelog entries:
  * New upstream release. Closes: #717952, #729231.
    - Add build-dependency on libpng-dev.
    - Dropped patches, included upstream: savannah-bug-35847.patch,
      savannah-bug-35833.patch, savannah-bug-37905.patch,
      savannah-bug-37906.patch, savannah-bug-37907.patch
    - Internal symbols have been dropped in this version. No soname change
      because the symbols are not supposed to be used, but past experience
      suggests that this may break some third-party software anyway.
  * compiler_hardening_fixes.patch: fix wrong snprintf() calls in ttdebug.c
    that cause an overflow 100% of the time.
  * debian/patches-ft2demos/compiler-warning-fixes.patch: Fix a wrong
    cast that triggers a compiler warning.
  * debian/patches-ft2demos/revert-wrong-extern.patch: revert wrong
    upstream commit that causes a build failure.

8110cfe... by Salvatore Bonaccorso on 2012-12-28

Import patches-unapplied version 2.4.9-1.1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f10a4e18007dab06198b7881c6dcde3bdd949746

New changelog entries:
  * Non-maintainer upload.
    Upload ACKed by Steve Langasek <email address hidden> on #debian-devel.
  * Add savannah-bug-37905.patch patch
    [SECURITY] CVE-2012-5668: NULL Pointer Dereference in bdf_free_font.
    (Closes: #696691)
  * Add savannah-bug-37906.patch patch
    [SECURITY] CVE-2012-5669: Out-of-bounds read in _bdf_parse_glyphs.
    (Closes: #696691)
  * Add savannah-bug-37907.patch patch
    [SECURITY] CVE-2012-5670: Out-of-bounds write in _bdf_parse_glyphs.
    (Closes: #696691)