ubuntu/+source/freetype:ubuntu/xenial-security

Last commit made on 2019-09-09
Get this branch:
git clone -b ubuntu/xenial-security https://git.launchpad.net/ubuntu/+source/freetype
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/xenial-security
Repository:
lp:ubuntu/+source/freetype

Recent commits

9b4a870... by Leonidas S. Barbosa on 2019-09-05

Import patches-unapplied version 2.6.1-0.1ubuntu2.4 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 637f5db9d7be19ae91c2b695c394d0de7b5f2812

New changelog entries:
  * SECURITY UPDATE: heap-based buffer over-read
    - debian/patches-freetype/CVE-2015-9383.patch: check
      limit before accessing 'numRanges' and numMappings in
      src/sfnt/ttcmap.c.
    - CVE-2015-9383

637f5db... by Marc Deslauriers on 2017-05-04

Import patches-unapplied version 2.6.1-0.1ubuntu2.3 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: d1be815d163db2728dd23a7931d97640812d0b46

New changelog entries:
  * SECURITY UPDATE: out-of-bounds write in t1_decoder_parse_charstrings
    - debian/patches-freetype/CVE-2017-8105.patch: add a check to
      src/psaux/t1decode.c.
    - CVE-2017-8105
  * SECURITY UPDATE: out-of-bounds write in t1_builder_close_contour
    - debian/patches-freetype/CVE-2017-8287.patch: add a check to
      src/psaux/psobjs.c.
    - CVE-2017-8287

d1be815... by Steve Beattie on 2017-04-20

Import patches-unapplied version 2.6.1-0.1ubuntu2.2 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: ae0c803a410baa4fa7040ef1db17b92950404ef5

New changelog entries:
  * SECURITY UPDATE: heap based buffer overflow in cff_parser_run()
    - debian/patches-freetype/CVE-2016-10328.patch: add additional check
      to parser stack size in src/cff/cffparse.c
    - CVE-2016-10328

ae0c803... by Marc Deslauriers on 2017-03-16

Import patches-unapplied version 2.6.1-0.1ubuntu2.1 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: ee19457d9c11f4b3af9c90653d2bbe87ead5a44a

New changelog entries:
  * SECURITY UPDATE: DoS and possible code execution via missing glyph name
    - debian/patches/CVE-2016-10244.patch: add check to src/type1/t1load.c.
    - CVE-2016-10244

ee19457... by Mathieu Trudel-Lapierre on 2016-04-15

Import patches-unapplied version 2.6.1-0.1ubuntu2 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: efaf1321169e8d1f1233b2de9209a2b166d04364

New changelog entries:
  * debian/patches/0001-Revert-pcf-Signedness-fixes.patch: revert signedness
    fixes in pcf which break grub-mkfont (limits glyphs to 32768, which drops
    most zh_CN glyphs and probably others). (LP: #1559933)

efaf132... by Marc Deslauriers on 2016-02-17

Import patches-unapplied version 2.6.1-0.1ubuntu1 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 8216aa5a00e59200504ed5fe1c31b4f0bc4bda42

New changelog entries:
  * Merge from Debian unstable, remaining changes:
    - Make libfreetype6-dev M-A: same.
    - Error out on the use of the freetype-config --libtool option.
    - Don't add multiarch libdirs for freetype-config --libs.
    - Install the freetype2/freetype/config headers into the multiarch
      include path and provide symlinks in /usr/include.
  * Dropped patches, included upstream:
    - debian/patches-freetype/multi-thread-violations.patch
    - debian/patches-freetype/savannah-bug-41309.patch
    - debian/patches-freetype/savannah-bug-41590.patch
  * debian/patches-freetype/revert_scalable_fonts_metric.patch: dropped,
    can no longer reproduce the issue originally reported in precise, and
    upstream doesn't think this is an appropriate fix.

8216aa5... by "Matteo F. Vescovi" <email address hidden> on 2015-11-10

Import patches-unapplied version 2.6.1-0.1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f4a9e1bd1a81e0dcde9d589b78b41c243c3c48ee

New changelog entries:
  * Non-maintainer upload.
  * New upstream release (Closes: #804050)

f4a9e1b... by Steve Langasek on 2015-09-19

Import patches-unapplied version 2.6-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: ebb3bd6d8051cce42fd8367452f8d09f4e33bc3d

New changelog entries:
  * Adjust symbols references for private symbols to sort to a higher (fake)
    version number instead of a lower, so that when linking against
    libfreetype without using its symbols, we don't get a wrong dependency on
    libfreetype6 (>= 1.PRIVATE.1). Closes: #799445.
  * Pass --without-harfbuzz in debian/rules, to avoid opportunistically
    picking this up as a dependency if libharfbuzz-dev is installed.

ebb3bd6... by Steve Langasek on 2015-09-12

Import patches-unapplied version 2.6-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: c427bbb9d32c1855ade11c526b23137bde9fe7b8

New changelog entries:
  * New upstream release. Closes: #793751.
    * Includes a fix for a spurious error in FT_Get_SubGlyph_Info.
      Closes: #778493.
    * Includes a fix for an infinite loop in T1 font loading.
      Closes: #798620.
    * Includes a fix for an uninitialized memory bug in font parsers.
      Closes: #798619.
    * Includes fix for an out-of-bounds rate in the Adobe CFF implementation
      (which was not previously enabled in the package build).
      Closes: #773084.
    * Includes a fix for a crasher in xdvi. Closes: #733894.
    * Fixes support for compressed pcf fonts. Closes: #780340.
    * Drop various cherrypicked upstream patches from the package.
    * Ship upstream freetype-config manpage in place of our own.
      Closes LP: #1390767.
  * Update symbols file. Includes dropping various private symbols that
    don't appear to have ever been part of the API.
  * Fix exclusion of redundant license file (txt -> TXT)
  * Re-enable the CFF driver, now that most related fonts have been fixed.
    Closes: #795653.
  * Enable stage1 build without X library dependencies for bootstrapping.
    Closes: #752270, #752271.

c427bbb... by Keith Packard on 2015-03-16

Import patches-unapplied version 2.5.2-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: e6a2a6de51e8cde1ac2191cf4fde18d6c6ff7770

New changelog entries:
  * Fix Savannah bug #43774. Closes #780143.
  * Release 2.5.2-4