ubuntu/+source/freetype:ubuntu/zesty-security

Last commit made on 2017-05-09
Get this branch:
git clone -b ubuntu/zesty-security https://git.launchpad.net/ubuntu/+source/freetype
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/zesty-security
Repository:
lp:ubuntu/+source/freetype

Recent commits

f635af4... by Marc Deslauriers on 2017-05-04

Import patches-unapplied version 2.6.3-3ubuntu2.2 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 6b56cb548231d14f5112e4af58798b0ad3ce7465

New changelog entries:
  * SECURITY UPDATE: out-of-bounds write in t1_decoder_parse_charstrings
    - debian/patches-freetype/CVE-2017-8105.patch: add a check to
      src/psaux/t1decode.c.
    - CVE-2017-8105
  * SECURITY UPDATE: out-of-bounds write in t1_builder_close_contour
    - debian/patches-freetype/CVE-2017-8287.patch: add a check to
      src/psaux/psobjs.c.
    - CVE-2017-8287

6b56cb5... by Steve Beattie on 2017-04-20

Import patches-unapplied version 2.6.3-3ubuntu2.1 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 879257fd65f0081fb6ed586a9fba173afd1271c5

New changelog entries:
  * SECURITY UPDATE: heap based buffer overflow in cff_parser_run()
    - debian/patches-freetype/CVE-2016-10328.patch: add additional check
      to parser stack size in src/cff/cffparse.c
    - CVE-2016-10328

879257f... by Marc Deslauriers on 2017-03-16

Import patches-unapplied version 2.6.3-3ubuntu2 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 984d34c200e9b76a948514f4def0b76a94139fa5

New changelog entries:
  * SECURITY UPDATE: DoS and possible code execution via missing glyph name
    - debian/patches/CVE-2016-10244.patch: add check to src/type1/t1load.c.
    - CVE-2016-10244

984d34c... by Matthias Klose on 2016-04-27

Import patches-unapplied version 2.6.3-3ubuntu1 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 49b19bad1056e84bd0f5cafdd89e7f02543c6419

New changelog entries:
  * Merge with Debian; remaining changes:
    - Make libfreetype6-dev M-A: same.
    - Error out on the use of the freetype-config --libtool option.
    - Don't add multiarch libdirs for freetype-config --libs.
    - Install the freetype2/freetype/config headers into the multiarch
      include path and provide symlinks in /usr/include.
    - debian/patches/0001-Revert-pcf-Signedness-fixes.patch: revert signedness
      fixes in pcf which break grub-mkfont (limits glyphs to 32768, which drops
      most zh_CN glyphs and probably others). (LP: #1559933)

49b19ba... by Steve Langasek on 2016-03-01

Import patches-unapplied version 2.6.3-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 8216aa5a00e59200504ed5fe1c31b4f0bc4bda42

New changelog entries:
  * Install the now-available-upstream manpages for freetype-demos.
    Closes: #131137.
  * Register all of the HTML documentation with doc-base. Closes: #451660.
  * Suppress lintian warning about symbols file declaring dependency on
    other package, which is entirely by design.
  * Adjust symbols file to actually produce invalid dependencies when
    internal symbols are used, as intended.
  * New upstream release. Closes: #812518, LP: #1521299
    - stem darkening now disabled by default. Closes: #801370.
  * Avoid marking private symbols as supported from 2.6.1 on. Apparently
    dpkg-gensymbols doesn't do what I expected for this kind of declaration
    anyway, but we should at least avoid marking them wrong in the source.
  * Update to Standards-Version 3.9.7.

8216aa5... by "Matteo F. Vescovi" <email address hidden> on 2015-11-10

Import patches-unapplied version 2.6.1-0.1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f4a9e1bd1a81e0dcde9d589b78b41c243c3c48ee

New changelog entries:
  * Non-maintainer upload.
  * New upstream release (Closes: #804050)

f4a9e1b... by Steve Langasek on 2015-09-19

Import patches-unapplied version 2.6-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: ebb3bd6d8051cce42fd8367452f8d09f4e33bc3d

New changelog entries:
  * Adjust symbols references for private symbols to sort to a higher (fake)
    version number instead of a lower, so that when linking against
    libfreetype without using its symbols, we don't get a wrong dependency on
    libfreetype6 (>= 1.PRIVATE.1). Closes: #799445.
  * Pass --without-harfbuzz in debian/rules, to avoid opportunistically
    picking this up as a dependency if libharfbuzz-dev is installed.

ebb3bd6... by Steve Langasek on 2015-09-12

Import patches-unapplied version 2.6-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: c427bbb9d32c1855ade11c526b23137bde9fe7b8

New changelog entries:
  * New upstream release. Closes: #793751.
    * Includes a fix for a spurious error in FT_Get_SubGlyph_Info.
      Closes: #778493.
    * Includes a fix for an infinite loop in T1 font loading.
      Closes: #798620.
    * Includes a fix for an uninitialized memory bug in font parsers.
      Closes: #798619.
    * Includes fix for an out-of-bounds rate in the Adobe CFF implementation
      (which was not previously enabled in the package build).
      Closes: #773084.
    * Includes a fix for a crasher in xdvi. Closes: #733894.
    * Fixes support for compressed pcf fonts. Closes: #780340.
    * Drop various cherrypicked upstream patches from the package.
    * Ship upstream freetype-config manpage in place of our own.
      Closes LP: #1390767.
  * Update symbols file. Includes dropping various private symbols that
    don't appear to have ever been part of the API.
  * Fix exclusion of redundant license file (txt -> TXT)
  * Re-enable the CFF driver, now that most related fonts have been fixed.
    Closes: #795653.
  * Enable stage1 build without X library dependencies for bootstrapping.
    Closes: #752270, #752271.

c427bbb... by Keith Packard on 2015-03-16

Import patches-unapplied version 2.5.2-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: e6a2a6de51e8cde1ac2191cf4fde18d6c6ff7770

New changelog entries:
  * Fix Savannah bug #43774. Closes #780143.
  * Release 2.5.2-4

e6a2a6d... by Keith Packard on 2015-02-24

Import patches-unapplied version 2.5.2-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f3322a2a517a4d7c07e5ad5c4d939a778f8ad3e1

New changelog entries:
  * Fix Savannah bug #43535. CVE-2014-9675
  * [bdf] Fix Savannah bug #41692. CVE-2014-9675-fixup-1
  * src/base/ftobj.c (Mac_Read_POST_Resource): Additional overflow check
    in the summation of POST fragment lengths. CVE-2014-0674-part-2
  * src/base/ftobjs.c (Mac_Read_POST_Resource): Insert comments and fold
    too long tracing messages. CVS-2014-9674-fixup-2
  * src/base/ftobjs.c (Mac_Read_POST_Resource): Use unsigned long variables to read the lengths in POST fragments. CVE-2014-9674-fixup-1
  * Fix Savannah bug #43538. CVE-2014-9674-part-1
  * Fix Savannah bug #43539. CVE-2014-9673
  * src/base/ftobjs.c (Mac_Read_POST_Resource): Avoid memory leak by
    a broken POST table in resource-fork. CVE-2014-9673-fixup
  * Fix Savannah bug #43540. CVE-2014-9672
  * Fix Savannah bug #43547. CVE-2014-9671
  * Fix Savannah bug #43548. CVE-2014-9670
  * [sfnt] Fix Savannah bug #43588. CVE-2014-9669
  * [sfnt] Fix Savannah bug #43589. CVE-2014-9668
  * [sfnt] Fix Savannah bug #43590. CVE-2014-9667
  * [sfnt] Fix Savannah bug #43591. CVE-2014-9666
  * Change some fields in `FT_Bitmap' to unsigned type. CVE-2014-9665
  * Fix uninitialized variable warning. CVE-2014-9665-fixup-2
  * Make `FT_Bitmap_Convert' correctly handle negative `pitch' values.
    CVE-2014-9665-fixup
  * [type1, type42] Fix Savannah bug #43655. CVE-2014-9664
  * [sfnt] Fix Savannah bug #43656. CVE-2014-9663
  * [cff] Fix Savannah bug #43658. CVE-2014-9662
  * [type42] Allow only embedded TrueType fonts. CVE-2014-9661
  * [bdf] Fix Savannah bug #43660. CVE-2014-9660
  * [cff] Fix Savannah bug #43661. CVE-2014-9659
  * [sfnt] Fix Savannah bug #43672. CVE-2014-9658
  * [truetype] Fix Savannah bug #43679. CVE-2014-9657
  * [sfnt] Fix Savannah bug #43680. CVE-2014-9656
  * All CVEs patched. Closes: #777656.