Change log for freetype package in Ubuntu
151 → 193 of 193 results | First • Previous • Next • Last |
freetype (2.3.9-4.1) unstable; urgency=high * Non-maintainer upload by the Security Team. * Fix multiple integer overflows leading to arbitrary code execution or DoS (CVE-2009-0946; Closes: #524925). -- Ubuntu Archive Auto-Sync <email address hidden> Tue, 28 Apr 2009 23:04:48 +0100
Available diffs
- diff from 2.3.9-4build1 to 2.3.9-4.1 (1.9 KiB)
freetype (2.3.9-4ubuntu0.1) jaunty-security; urgency=low * SECURITY UPDATE: possible code execution via multiple integer overflows - debian/patches-freetype/security-CVE-2009-0946.patch: validate sid values in src/cff/cffload.c, check state->prefix in src/lzw/ftzopen.c, don't overflow int with table + length or ndp + numMappings * 4 in src/sfnt/ttcmap.c, validate glyph width and height in src/smooth/ftsmooth.c. - CVE-2009-0946 -- Marc Deslauriers <email address hidden> Wed, 22 Apr 2009 09:16:27 -0400
Available diffs
freetype (2.3.5-1ubuntu4.8.04.2) hardy-security; urgency=low * SECURITY UPDATE: possible code execution via multiple integer overflows - debian/patches-freetype/security-CVE-2009-0946.patch: validate sid values in src/cff/cffload.c, check state->prefix in src/lzw/ftzopen.c, don't overflow int with table + length in src/sfnt/ttcmap.c, validate glyph width and height in src/smooth/ftsmooth.c. - CVE-2009-0946 -- Marc Deslauriers <email address hidden> Wed, 22 Apr 2009 10:02:21 -0400
Available diffs
freetype (2.1.10-1ubuntu2.6) dapper-security; urgency=low * SECURITY UPDATE: possible code execution via multiple integer overflows - debian/patches/411-CVE-2009-0946.patch: validate sid values in src/cff/cffload.c, don't overflow int with table + length in src/sfnt/ttcmap.c, validate glyph width and height in src/smooth/ftsmooth.c. - CVE-2009-0946 -- Marc Deslauriers <email address hidden> Wed, 22 Apr 2009 10:37:05 -0400
Available diffs
freetype (2.3.7-2ubuntu1.1) intrepid-security; urgency=low * SECURITY UPDATE: possible code execution via multiple integer overflows - debian/patches-freetype/security-CVE-2009-0946.patch: validate sid values in src/cff/cffload.c, check state->prefix in src/lzw/ftzopen.c, don't overflow int with table + length or ndp + numMappings * 4 in src/sfnt/ttcmap.c, validate glyph width and height in src/smooth/ftsmooth.c. - CVE-2009-0946 -- Marc Deslauriers <email address hidden> Wed, 22 Apr 2009 09:41:39 -0400
Available diffs
freetype (2.3.9-4build1) jaunty; urgency=low * No-change rebuild to fix lpia shared library dependencies. -- Colin Watson <email address hidden> Thu, 19 Mar 2009 01:58:27 +0000
Available diffs
- diff from 2.3.9-4 to 2.3.9-4build1 (334 bytes)
freetype (2.3.9-4) unstable; urgency=low * debian/patches-ft2demos/compiler-hardening-fixes.patch: always check the return value of fread(), to appease hardened compilers such as what's used in Ubuntu by default. Set a good example, even if these demos shouldn't be security-sensitive! Also, along the way catch and fix a small memory leak on error. :) * debian/patches-freetype/proper-armel-asm-declaration.patch: use __asm__ for declaring assembly instead of asm, fixing a build failure on armel. -- Steve Langasek <email address hidden> Sat, 14 Mar 2009 14:35:23 -0700
Available diffs
- diff from 2.3.9-3 to 2.3.9-4 (1.3 KiB)
freetype (2.3.9-3) unstable; urgency=low * Drop spurious Suggests: on libfreetype6-dev. Closes: #363937. * debian/patches-freetype/enable-subpixel-rendering.patch: enable subpixel rendering features, used by libcairo and xft to provide LCD colour filtering. This is considered no more or less evil than the bytecode interpreter which we also enable. * Move debian/libfreetype6.copyright to debian/copyright, and selectively install it to the single binary package in debian/rules; the same copyright file is used for all the binaries anyway via symlinks, so there's no reason it shouldn't ship as debian/copyright. Closes: #381228. * Clip redundant LICENSE.TXT and GPL.TXT files from the libfreetype6-dev package. Closes: #459802.
Available diffs
- diff from 2.3.7-2ubuntu1 to 2.3.9-3 (11.5 KiB)
freetype (2.3.5-1ubuntu4.8.04.1) hardy-security; urgency=low * SECURITY UPDATE: arbitrary code execution via integer overflows. * Add debian/patches-freetype/CVE-2008-1806_7_8.patch: upstream fixes thanks to Steffen Joeris. * References CVE-2008-1806 CVE-2008-1807 CVE-2008-1808 -- Kees Cook <email address hidden> Wed, 10 Sep 2008 16:15:54 -0700
Available diffs
freetype (2.3.5-1ubuntu4.7.10.1) gutsy-security; urgency=low * SECURITY UPDATE: arbitrary code execution via integer overflows. * Add debian/patches-freetype/CVE-2008-1806_7_8.patch: upstream fixes thanks to Steffen Joeris. * References CVE-2008-1806 CVE-2008-1807 CVE-2008-1808 -- Kees Cook <email address hidden> Wed, 10 Sep 2008 16:28:22 -0700
Available diffs
freetype (2.2.1-5ubuntu1.2) feisty-security; urgency=low * SECURITY UPDATE: arbitrary code execution via integer overflows. * Add debian/patches-freetype/CVE-2008-1806_7_8.patch: upstream fixes thanks to Steffen Joeris. * References CVE-2008-1806 CVE-2008-1807 CVE-2008-1808 -- Kees Cook <email address hidden> Wed, 10 Sep 2008 16:29:25 -0700
Available diffs
freetype (2.1.10-1ubuntu2.5) dapper-security; urgency=low * SECURITY UPDATE: arbitrary code execution via integer overflows. * Add debian/patches/410-CVE-2008-1806_7_8.patch: upstream fixes thanks to Steffen Joeris. * References CVE-2008-1806 CVE-2008-1807 CVE-2008-1808 -- Kees Cook <email address hidden> Wed, 10 Sep 2008 16:29:25 -0700
Available diffs
freetype (2.3.7-2ubuntu1) intrepid; urgency=low * Merge from Debian unstable, remaining changes: - debian/patches-freetype/enable-subpixel-rendering.patch: + enable subpixel rendering features, used by libcairo and xft to provide LCD colour filtering. This is considered no more or less evil than the bytecode interpreter which we also enable. -- Steve Langasek <email address hidden> Thu, 28 Aug 2008 00:39:24 -0700
Available diffs
Superseded in intrepid-release |
freetype (2.3.7-1ubuntu1) intrepid; urgency=low * Merge from debian testing (LP: #251369) , remaining changes: - debian/patches-freetype/enable-subpixel-rendering.patch: + enable subpixel rendering features, used by libcairo and xft to provide LCD colour filtering. This is considered no more or less evil than the bytecode interpreter which we also enable. - Work around Soyuz breakage.
Available diffs
- diff from 2.3.6-1ubuntu1 to 2.3.7-1ubuntu1 (184.4 KiB)
Superseded in intrepid-release |
freetype (2.3.6-1ubuntu1) intrepid; urgency=low * Merge from debian unstable, remaining changes: - debian/patches-freetype/enable-subpixel-rendering.patch: + enable subpixel rendering features, used by libcairo and xft to provide LCD colour filtering. This is considered no more or less evil than the bytecode interpreter which we also enable. - Work around Soyuz breakage. * Modify Maintainer value to match the DebianMaintainerField specification.
Available diffs
- diff from 2.3.5-1ubuntu4 to 2.3.6-1ubuntu1 (183.7 KiB)
freetype (2.3.5-1ubuntu4) gutsy; urgency=low * debian/patches-freetype/enable-subpixel-rendering.patch: - Restore patch that enables subpixel rendering features, now that libcairo and xft provide the ability for the specific lcd filter to be changed. -- Scott James Remnant <email address hidden> Thu, 20 Sep 2007 20:51:00 +0100
Superseded in gutsy-release |
freetype (2.3.5-1ubuntu3) gutsy; urgency=low * debian/patches-freetype/series - Fix the removal of enable-subpixel-rendering.patch -- Matthew Garrett <email address hidden> Thu, 20 Sep 2007 15:19:56 +0100
Superseded in gutsy-release |
freetype (2.3.5-1ubuntu2) gutsy; urgency=low * debian/patches-freetype/enable-subpixel-rendering.patch: - remove - not needed with the bytecode interpreter enabled, and results in incorrect rendering -- Matthew Garrett <email address hidden> Thu, 20 Sep 2007 05:07:09 +0100
Superseded in gutsy-release |
freetype (2.3.5-1ubuntu1) gutsy; urgency=low [ Matti Lindell ] * debian/patches-freetype/enable-subpixel-rendering.patch: - enable subpixel rendering features, used by libcairo and xft to provide LCD colour filtering. This is considered no more or less evil than the bytecode interpreter which we also enable. [ Scott James Remnant ] * Work around Soyuz breakage. -- Scott James Remnant <email address hidden> Tue, 18 Sep 2007 19:42:32 +0100
freetype (2.3.5-1) unstable; urgency=low * New upstream release - Drop patches 374902-composite-glyphs, CVE-2006-3467_pcf-strlen, and CVE-2007-2754_ttgload, merged upstream. - Bump the shlibs to 2.3.5 for new symbols. -- Matthias Klose <email address hidden> Fri, 13 Jul 2007 15:12:02 +0100
freetype (2.2.1-5ubuntu1.1) feisty-security; urgency=low * SECURITY UPDATE: arbitrary code execution via integer overflows. * Add debian/patches-freetype/security-ttgload-overflow.patch from upstream changes. * References CVE-2007-2754 -- Kees Cook <email address hidden> Tue, 22 May 2007 14:58:50 -0700
freetype (2.2.1-5ubuntu0.2) edgy-security; urgency=low * SECURITY UPDATE: arbitrary code execution via integer overflows. * Add debian/patches-freetype/security-ttgload-overflow.patch from upstream changes. * References CVE-2007-2754 -- Kees Cook <email address hidden> Tue, 22 May 2007 14:58:50 -0700
freetype (2.1.10-1ubuntu2.4) dapper-security; urgency=low * SECURITY UPDATE: arbitrary code execution via integer overflows. * Add debian/patches/freetype-2.1.10-security-ttgload-fix.patch from upstream changes. * References CVE-2007-2754 -- Kees Cook <email address hidden> Tue, 22 May 2007 15:38:49 -0700
Superseded in gutsy-release |
freetype (2.2.1-6ubuntu1) gutsy; urgency=low * Merge from debian unstable, remaining changes: - debian/patches-freetype/CVE-2007-1351_bdf_integer.patch: still needed from prior security update.
Superseded in edgy-security |
freetype (2.2.1-5ubuntu0.1) edgy-security; urgency=low * SECURITY UPDATE: arbitrary code execution via integer overflows. * Add debian/patches-freetype/CVE-2007-1351_bdf_integer.patch from upstream changes. * References CVE-2007-1351 -- Kees Cook <email address hidden> Mon, 2 Apr 2007 15:37:21 -0700
Obsolete in breezy-security |
freetype (2.1.7-2.4ubuntu1.3) breezy-security; urgency=low * SECURITY UPDATE: arbitrary code execution via integer overflows. * Add debian/patches/404-bdf-integer.patch from upstream changes. * References CVE-2007-1351 -- Kees Cook <email address hidden> Mon, 2 Apr 2007 15:53:16 -0700
Superseded in dapper-security |
freetype (2.1.10-1ubuntu2.3) dapper-security; urgency=low * SECURITY UPDATE: arbitrary code execution via integer overflows. * Add debian/patches/404-bdf-integer.patch from upstream changes. * References CVE-2007-1351 -- Kees Cook <email address hidden> Mon, 2 Apr 2007 15:52:43 -0700
freetype (2.2.1-5ubuntu1) feisty; urgency=low * SECURITY UPDATE: arbitrary code execution via integer overflows. * Add debian/patches-freetype/CVE-2007-1351_bdf_integer.patch from upstream changes. * References CVE-2007-1351 -- Kees Cook <email address hidden> Mon, 2 Apr 2007 15:31:32 -0700
freetype (2.2.1-5) unstable; urgency=high * High-urgency upload for RC bugfix. * Add debian/patches-freetype/CVE-2006-3467_pcf-strlen.patch to address CVE-2006-3467, a missing string length check in PCF files that leads to a possibly exploitable integer overflow. Thanks to Martin Pitt for the patch. Closes: #379920.
Superseded in breezy-security |
freetype (2.1.7-2.4ubuntu1.2) breezy-security; urgency=low * SECURITY UPDATE: Arbitrary code execution and DoS with crafted font files. * Add debian/patches/403-pcf-strlen.patch: - src/pcf/pcfread.c: Detect invalid string lengths. - CVE-2006-3467 -- Martin Pitt <email address hidden> Wed, 26 Jul 2006 10:53:25 +0000
Obsolete in hoary-security |
freetype (2.1.7-2.3ubuntu0.2) hoary-security; urgency=low * SECURITY UPDATE: Arbitrary code execution and DoS with crafted font files. * Add debian/patches/403-pcf-strlen.patch: - src/pcf/pcfread.c: Detect invalid string lengths. - CVE-2006-3467 -- Martin Pitt <email address hidden> Wed, 26 Jul 2006 10:57:39 +0000
Superseded in dapper-security |
freetype (2.1.10-1ubuntu2.2) dapper-security; urgency=low * SECURITY UPDATE: Arbitrary code execution and DoS with crafted font files. * Add debian/patches/403-pcf-strlen.patch: - src/pcf/pcfread.c: Detect invalid string lengths. - CVE-2006-3467 -- Martin Pitt <email address hidden> Wed, 26 Jul 2006 10:43:52 +0000
Superseded in edgy-release |
freetype (2.2.1-2ubuntu1) edgy; urgency=low * SECURITY UPDATE: Arbitrary code execution and DoS with crafted font files. * Add debian/patches-freetype/pcf-strlen.patch: - src/pcf/pcfread.c: Detect invalid string lengths. - CVE-2006-3467 -- Martin Pitt <email address hidden> Wed, 26 Jul 2006 13:01:04 +0200
freetype (2.2.1-2) unstable; urgency=low * Enable full bytecode interpreter instead of just the "non-patented portions". * Use $(CURDIR) instead of $(PWD) to build with sudo. Closes: #367579.
Superseded in breezy-security |
freetype (2.1.7-2.4ubuntu1.1) breezy-security; urgency=low * SECURITY UPDATE: Arbitrary code execution and DoS with crafted font files. * Add debian/patches/401-odd_blue_num-safe_alloc.patch: - src/pshinter/pshglob.c: Prevent integer underflow with malformed fonts which have an odd number of blue values (these are broken according to the specs). [CVE-2006-0747] - src/base/ftutil.c: Fail with an 'invalid argument' error on negative allocations, just to make double sure. [CVE-2006-2661] - Patches taken from upstream CVS. * Add debian/patches/402-int-overflows.patch: - Various int overflow protections. [CVE-2006-1861, CVE-2006-2493] - Patches taken from upstream CVS. * Many thanks to Josh Bressers for extracting the patches! -- Martin Pitt <email address hidden> Fri, 2 Jun 2006 13:56:03 +0000
Superseded in hoary-security |
freetype (2.1.7-2.3ubuntu0.1) hoary-security; urgency=low * SECURITY UPDATE: Arbitrary code execution and DoS with crafted font files. * Add debian/patches/401-odd_blue_num-safe_alloc.patch: - src/pshinter/pshglob.c: Prevent integer underflow with malformed fonts which have an odd number of blue values (these are broken according to the specs). [CVE-2006-0747] - src/base/ftutil.c: Fail with an 'invalid argument' error on negative allocations, just to make double sure. [CVE-2006-2661] - Patches taken from upstream CVS. * Add debian/patches/402-int-overflows.patch: - Various int overflow protections. [CVE-2006-1861, CVE-2006-2493] - Patches taken from upstream CVS. * Many thanks to Josh Bressers for extracting the patches! -- Martin Pitt <email address hidden> Fri, 2 Jun 2006 15:19:18 +0000
Superseded in dapper-security |
freetype (2.1.10-1ubuntu2.1) dapper-security; urgency=low * SECURITY UPDATE: Arbitrary code execution and DoS with crafted font files. * Add debian/patches/400-ttkern-loop-variable.patch: - src/sfnt/ttkern.c, tt_face_get_kerning(): Fix inner loop to use a new variable instead of destroying the outer loop variable. - Fixes infinite loop with fonts that don't have a properly sorted kerning sub-table. - Patch taken from upstream CVS. * Add debian/patches/401-odd_blue_num-safe_alloc.patch: - src/pshinter/pshglob.c: Prevent integer underflow with malformed fonts which have an odd number of blue values (these are broken according to the specs). [CVE-2006-0747] - src/base/ftutil.c: Fail with an 'invalid argument' error on negative allocations, just to make double sure. [CVE-2006-2661] - Patches taken from upstream CVS. * Add debian/patches/402-int-overflows.patch: - Various int overflow protections. [CVE-2006-1861, CVE-2006-2493] - Patches taken from upstream CVS. * Many thanks to Josh Bressers for extracting the patches! -- Martin Pitt <email address hidden> Tue, 30 May 2006 17:38:12 +0200
freetype (2.1.10-1ubuntu2) dapper; urgency=low * Update shlibs dependency. Ubuntu: #5901. -- Scott James Remnant <email address hidden> Thu, 6 Apr 2006 05:58:24 +0100
freetype (2.1.10-1ubuntu1) dapper; urgency=low * Patches for Malone #5560. [debian/patches/freetype-2.1.10-cvsfixes.patch]: - various fixes (mostly embolding) [debian/patches/freetype-2.1.10-xorgfix.patch]: - put back internal API used by xorg-x11 [debian/patches/freetype-2.1.10-fixautofit.patch]: - fix autofit render setup [debian/patches/freetype-2.1.10-memleak.patch]: - fix memleak [debian/patches/freetype-2.1.10-fixkerning.patch]: - fix disabled kerning [debian/patches/freetype-2.1.10-fixaliasing.patch]: - fix anti-aliasing rendering * Changes by Jun Kobayashi <email address hidden> -- Jonathan Riddell <email address hidden> Mon, 16 Jan 2006 17:45:50 +0900
freetype (2.1.10-1) unstable; urgency=low * New upstream (Closes: #298660, #245532). * New maintainer, co-maintainer required! * Disable CJK autohinting patch due to incompatability with this version of freetype. * Remove some very old unapplied patches. * Add freetype-config.1 manpage. * Add doc-base file for development docs. (Closes: #280827) * Fix build with non-default umask. (Closes: #307464, #166511) * Patch merged upstream. (Closes: #252673) * Acknowledge NMUS. (Closes: #221597, #225119, #226380, #249443, #251473, #302269, #259875) -- Will Newton <email address hidden> Mon, 13 Jun 2005 00:44:29 +0100
Obsolete in breezy-release |
freetype (2.1.7-2.4ubuntu1) breezy; urgency=low * Slightly relax the header check on Type1 fonts, enabling wider display of PDFs, et al; based on a change to FreeType CVS (closes: Ubuntu#10087). -- Daniel Stone <email address hidden> Thu, 12 May 2005 12:41:38 +1000
freetype (2.1.7-2.3) unstable; urgency=low * NMU * debian/patches/090-freetype-2.1.7-normalize-fix.diff: Patch by David Mossberger. Backport from freetype2 CVS that fixes an off-by-order-of-magnitude performance issue in the normalization code. (Closes: #259875) -- dann frazier <email address hidden> Mon, 08 Nov 2004 19:06:57 -0700
Obsolete in warty-release |
freetype (2.1.7-2.1ubuntu1) warty; urgency=low * Add backwards compatability API fixes (Closes: #417) -- Thom May <email address hidden> Wed, 28 Jul 2004 15:45:35 +0100
151 → 193 of 193 results | First • Previous • Next • Last |