Change log for freetype package in Ubuntu

76118 of 193 results
Superseded in karmic-release
freetype (2.3.9-4.1) unstable; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fix multiple integer overflows leading to arbitrary code execution
    or DoS (CVE-2009-0946; Closes: #524925).

 -- Ubuntu Archive Auto-Sync <email address hidden>   Tue,  28 Apr 2009 23:04:48 +0100

Available diffs

Superseded in jaunty-updates
Superseded in jaunty-security
freetype (2.3.9-4ubuntu0.1) jaunty-security; urgency=low

  * SECURITY UPDATE: possible code execution via multiple integer overflows
    - debian/patches-freetype/security-CVE-2009-0946.patch: validate sid
      values in src/cff/cffload.c, check state->prefix in src/lzw/ftzopen.c,
      don't overflow int with table + length or ndp + numMappings * 4 in
      src/sfnt/ttcmap.c, validate glyph width and height in
      src/smooth/ftsmooth.c.
    - CVE-2009-0946

 -- Marc Deslauriers <email address hidden>   Wed, 22 Apr 2009 09:16:27 -0400
Superseded in hardy-updates
Superseded in hardy-security
freetype (2.3.5-1ubuntu4.8.04.2) hardy-security; urgency=low

  * SECURITY UPDATE: possible code execution via multiple integer overflows
    - debian/patches-freetype/security-CVE-2009-0946.patch: validate sid
      values in src/cff/cffload.c, check state->prefix in src/lzw/ftzopen.c,
      don't overflow int with table + length in src/sfnt/ttcmap.c, validate
      glyph width and height in src/smooth/ftsmooth.c.
    - CVE-2009-0946

 -- Marc Deslauriers <email address hidden>   Wed, 22 Apr 2009 10:02:21 -0400
Superseded in dapper-updates
Superseded in dapper-security
freetype (2.1.10-1ubuntu2.6) dapper-security; urgency=low

  * SECURITY UPDATE: possible code execution via multiple integer overflows
    - debian/patches/411-CVE-2009-0946.patch: validate sid values in
      src/cff/cffload.c, don't overflow int with table + length in
      src/sfnt/ttcmap.c, validate glyph width and height in
      src/smooth/ftsmooth.c.
    - CVE-2009-0946

 -- Marc Deslauriers <email address hidden>   Wed, 22 Apr 2009 10:37:05 -0400
Obsolete in intrepid-updates
Obsolete in intrepid-security
freetype (2.3.7-2ubuntu1.1) intrepid-security; urgency=low

  * SECURITY UPDATE: possible code execution via multiple integer overflows
    - debian/patches-freetype/security-CVE-2009-0946.patch: validate sid
      values in src/cff/cffload.c, check state->prefix in src/lzw/ftzopen.c,
      don't overflow int with table + length or ndp + numMappings * 4 in
      src/sfnt/ttcmap.c, validate glyph width and height in
      src/smooth/ftsmooth.c.
    - CVE-2009-0946

 -- Marc Deslauriers <email address hidden>   Wed, 22 Apr 2009 09:41:39 -0400
Superseded in karmic-release
Obsolete in jaunty-release
freetype (2.3.9-4build1) jaunty; urgency=low

  * No-change rebuild to fix lpia shared library dependencies.

 -- Colin Watson <email address hidden>   Thu, 19 Mar 2009 01:58:27 +0000

Available diffs

Superseded in jaunty-release
freetype (2.3.9-4) unstable; urgency=low

  * debian/patches-ft2demos/compiler-hardening-fixes.patch: always check the
    return value of fread(), to appease hardened compilers such as what's
    used in Ubuntu by default.  Set a good example, even if these demos
    shouldn't be security-sensitive!  Also, along the way catch and fix a
    small memory leak on error. :)
  * debian/patches-freetype/proper-armel-asm-declaration.patch: use __asm__
    for declaring assembly instead of asm, fixing a build failure on armel.

 -- Steve Langasek <email address hidden>   Sat, 14 Mar 2009 14:35:23 -0700

Available diffs

Superseded in jaunty-release
freetype (2.3.9-3) unstable; urgency=low

  * Drop spurious Suggests: on libfreetype6-dev.  Closes: #363937.
  * debian/patches-freetype/enable-subpixel-rendering.patch: enable subpixel
    rendering features, used by libcairo and xft to provide LCD colour
    filtering.  This is considered no more or less evil than the bytecode
    interpreter which we also enable.
  * Move debian/libfreetype6.copyright to debian/copyright, and selectively
    install it to the single binary package in debian/rules; the same
    copyright file is used for all the binaries anyway via symlinks, so
    there's no reason it shouldn't ship as debian/copyright.
    Closes: #381228.
  * Clip redundant LICENSE.TXT and GPL.TXT files from the
    libfreetype6-dev package.  Closes: #459802.

Available diffs

Superseded in hardy-updates
Superseded in hardy-security
freetype (2.3.5-1ubuntu4.8.04.1) hardy-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via integer overflows.
  * Add debian/patches-freetype/CVE-2008-1806_7_8.patch: upstream fixes
    thanks to Steffen Joeris.
  * References
    CVE-2008-1806 CVE-2008-1807 CVE-2008-1808

 -- Kees Cook <email address hidden>   Wed, 10 Sep 2008 16:15:54 -0700
Obsolete in gutsy-updates
Obsolete in gutsy-security
freetype (2.3.5-1ubuntu4.7.10.1) gutsy-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via integer overflows.
  * Add debian/patches-freetype/CVE-2008-1806_7_8.patch: upstream fixes
    thanks to Steffen Joeris.
  * References
    CVE-2008-1806 CVE-2008-1807 CVE-2008-1808

 -- Kees Cook <email address hidden>   Wed, 10 Sep 2008 16:28:22 -0700
Obsolete in feisty-updates
Obsolete in feisty-security
freetype (2.2.1-5ubuntu1.2) feisty-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via integer overflows.
  * Add debian/patches-freetype/CVE-2008-1806_7_8.patch: upstream fixes
    thanks to Steffen Joeris.
  * References
    CVE-2008-1806 CVE-2008-1807 CVE-2008-1808

 -- Kees Cook <email address hidden>   Wed, 10 Sep 2008 16:29:25 -0700
Superseded in dapper-updates
Superseded in dapper-security
freetype (2.1.10-1ubuntu2.5) dapper-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via integer overflows.
  * Add debian/patches/410-CVE-2008-1806_7_8.patch: upstream fixes
    thanks to Steffen Joeris.
  * References
    CVE-2008-1806 CVE-2008-1807 CVE-2008-1808

 -- Kees Cook <email address hidden>   Wed, 10 Sep 2008 16:29:25 -0700
Superseded in jaunty-release
Obsolete in intrepid-release
freetype (2.3.7-2ubuntu1) intrepid; urgency=low

  * Merge from Debian unstable, remaining changes:
    - debian/patches-freetype/enable-subpixel-rendering.patch:
      + enable subpixel rendering features, used by libcairo and xft to
        provide LCD colour filtering.  This is considered no more or less
        evil than the bytecode interpreter which we also enable.

 -- Steve Langasek <email address hidden>   Thu, 28 Aug 2008 00:39:24 -0700

Available diffs

Superseded in intrepid-release
freetype (2.3.7-1ubuntu1) intrepid; urgency=low

  * Merge from debian testing (LP: #251369) , remaining changes:
    - debian/patches-freetype/enable-subpixel-rendering.patch:
      + enable subpixel rendering features, used by libcairo and xft to
        provide LCD colour filtering.  This is considered no more or less
        evil than the bytecode interpreter which we also enable.
    - Work around Soyuz breakage.

Available diffs

Superseded in intrepid-release
freetype (2.3.6-1ubuntu1) intrepid; urgency=low

  * Merge from debian unstable, remaining changes:
    - debian/patches-freetype/enable-subpixel-rendering.patch:
      + enable subpixel rendering features, used by libcairo and xft to
        provide LCD colour filtering.  This is considered no more or less
        evil than the bytecode interpreter which we also enable.
    - Work around Soyuz breakage.
  * Modify Maintainer value to match the DebianMaintainerField
    specification.

Available diffs

Superseded in intrepid-release
Obsolete in hardy-release
Obsolete in gutsy-release
freetype (2.3.5-1ubuntu4) gutsy; urgency=low

  * debian/patches-freetype/enable-subpixel-rendering.patch:
    - Restore patch that enables subpixel rendering features, now that
      libcairo and xft provide the ability for the specific lcd filter
      to be changed.

 -- Scott James Remnant <email address hidden>   Thu, 20 Sep 2007 20:51:00 +0100
Superseded in gutsy-release
freetype (2.3.5-1ubuntu3) gutsy; urgency=low

  * debian/patches-freetype/series
   - Fix the removal of enable-subpixel-rendering.patch

 -- Matthew Garrett <email address hidden>   Thu, 20 Sep 2007 15:19:56 +0100
Superseded in gutsy-release
freetype (2.3.5-1ubuntu2) gutsy; urgency=low

  * debian/patches-freetype/enable-subpixel-rendering.patch:
    - remove - not needed with the bytecode interpreter enabled, and
      results in incorrect rendering

 -- Matthew Garrett <email address hidden>   Thu, 20 Sep 2007 05:07:09 +0100
Superseded in gutsy-release
freetype (2.3.5-1ubuntu1) gutsy; urgency=low

  [ Matti Lindell ]
  * debian/patches-freetype/enable-subpixel-rendering.patch:
    - enable subpixel rendering features, used by libcairo and xft to
      provide LCD colour filtering.  This is considered no more or less
      evil than the bytecode interpreter which we also enable.

  [ Scott James Remnant ]
  * Work around Soyuz breakage.

 -- Scott James Remnant <email address hidden>   Tue, 18 Sep 2007 19:42:32 +0100
Superseded in gutsy-release
freetype (2.3.5-1) unstable; urgency=low

  * New upstream release
    - Drop patches 374902-composite-glyphs, CVE-2006-3467_pcf-strlen,
      and CVE-2007-2754_ttgload, merged upstream.
    - Bump the shlibs to 2.3.5 for new symbols.

 -- Matthias Klose <email address hidden>   Fri,  13 Jul 2007 15:12:02 +0100
Superseded in feisty-updates
Superseded in feisty-security
freetype (2.2.1-5ubuntu1.1) feisty-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via integer overflows.
  * Add debian/patches-freetype/security-ttgload-overflow.patch from
    upstream changes.
  * References
    CVE-2007-2754

 -- Kees Cook <email address hidden>   Tue, 22 May 2007 14:58:50 -0700
Obsolete in edgy-updates
Obsolete in edgy-security
freetype (2.2.1-5ubuntu0.2) edgy-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via integer overflows.
  * Add debian/patches-freetype/security-ttgload-overflow.patch from
    upstream changes.
  * References
    CVE-2007-2754

 -- Kees Cook <email address hidden>   Tue, 22 May 2007 14:58:50 -0700
Superseded in dapper-updates
Superseded in dapper-security
freetype (2.1.10-1ubuntu2.4) dapper-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via integer overflows.
  * Add debian/patches/freetype-2.1.10-security-ttgload-fix.patch from
    upstream changes.
  * References
    CVE-2007-2754

 -- Kees Cook <email address hidden>   Tue, 22 May 2007 15:38:49 -0700
Superseded in gutsy-release
freetype (2.2.1-6ubuntu1) gutsy; urgency=low

  * Merge from debian unstable, remaining changes:
    - debian/patches-freetype/CVE-2007-1351_bdf_integer.patch: still needed
      from prior security update.

Superseded in edgy-security
freetype (2.2.1-5ubuntu0.1) edgy-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via integer overflows.
  * Add debian/patches-freetype/CVE-2007-1351_bdf_integer.patch from
    upstream changes.
  * References
    CVE-2007-1351

 -- Kees Cook <email address hidden>   Mon,  2 Apr 2007 15:37:21 -0700
Obsolete in breezy-security
freetype (2.1.7-2.4ubuntu1.3) breezy-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via integer overflows.
  * Add debian/patches/404-bdf-integer.patch from upstream changes.
  * References
    CVE-2007-1351

 -- Kees Cook <email address hidden>   Mon,  2 Apr 2007 15:53:16 -0700
Superseded in dapper-security
freetype (2.1.10-1ubuntu2.3) dapper-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via integer overflows.
  * Add debian/patches/404-bdf-integer.patch from upstream changes.
  * References
    CVE-2007-1351

 -- Kees Cook <email address hidden>   Mon,  2 Apr 2007 15:52:43 -0700
Superseded in gutsy-release
Obsolete in feisty-release
freetype (2.2.1-5ubuntu1) feisty; urgency=low

  * SECURITY UPDATE: arbitrary code execution via integer overflows.
  * Add debian/patches-freetype/CVE-2007-1351_bdf_integer.patch from
    upstream changes.
  * References
    CVE-2007-1351

 -- Kees Cook <email address hidden>   Mon,  2 Apr 2007 15:31:32 -0700
Superseded in feisty-release
Obsolete in edgy-release
freetype (2.2.1-5) unstable; urgency=high

  * High-urgency upload for RC bugfix.
  * Add debian/patches-freetype/CVE-2006-3467_pcf-strlen.patch to
    address CVE-2006-3467, a missing string length check in PCF files that
    leads to a possibly exploitable integer overflow.  Thanks to Martin 
    Pitt for the patch.  Closes: #379920.

Superseded in breezy-security
freetype (2.1.7-2.4ubuntu1.2) breezy-security; urgency=low

  * SECURITY UPDATE: Arbitrary code execution and DoS with crafted font files.
  * Add debian/patches/403-pcf-strlen.patch:
    - src/pcf/pcfread.c: Detect invalid string lengths.
    - CVE-2006-3467

 -- Martin Pitt <email address hidden>   Wed, 26 Jul 2006 10:53:25 +0000
Obsolete in hoary-security
freetype (2.1.7-2.3ubuntu0.2) hoary-security; urgency=low

  * SECURITY UPDATE: Arbitrary code execution and DoS with crafted font files.
  * Add debian/patches/403-pcf-strlen.patch:
    - src/pcf/pcfread.c: Detect invalid string lengths.
    - CVE-2006-3467

 -- Martin Pitt <email address hidden>   Wed, 26 Jul 2006 10:57:39 +0000
Superseded in dapper-security
freetype (2.1.10-1ubuntu2.2) dapper-security; urgency=low

  * SECURITY UPDATE: Arbitrary code execution and DoS with crafted font files.
  * Add debian/patches/403-pcf-strlen.patch:
    - src/pcf/pcfread.c: Detect invalid string lengths.
    - CVE-2006-3467

 -- Martin Pitt <email address hidden>   Wed, 26 Jul 2006 10:43:52 +0000
Superseded in edgy-release
freetype (2.2.1-2ubuntu1) edgy; urgency=low

  * SECURITY UPDATE: Arbitrary code execution and DoS with crafted font files.
  * Add debian/patches-freetype/pcf-strlen.patch:
    - src/pcf/pcfread.c: Detect invalid string lengths.
    - CVE-2006-3467

 -- Martin Pitt <email address hidden>   Wed, 26 Jul 2006 13:01:04 +0200
Superseded in edgy-release
freetype (2.2.1-2) unstable; urgency=low
  * Enable full bytecode interpreter instead of just the
    "non-patented portions".
  * Use $(CURDIR) instead of $(PWD) to build with sudo. Closes: #367579.

Superseded in breezy-security
freetype (2.1.7-2.4ubuntu1.1) breezy-security; urgency=low

  * SECURITY UPDATE: Arbitrary code execution and DoS with crafted font files.
  * Add debian/patches/401-odd_blue_num-safe_alloc.patch:
    - src/pshinter/pshglob.c: Prevent integer underflow with malformed fonts
      which have an odd number of blue values (these are broken according to
      the specs). [CVE-2006-0747]
    - src/base/ftutil.c: Fail with an 'invalid argument' error on negative
      allocations, just to make double sure. [CVE-2006-2661]
    - Patches taken from upstream CVS.
  * Add debian/patches/402-int-overflows.patch:
    - Various int overflow protections. [CVE-2006-1861, CVE-2006-2493]
    - Patches taken from upstream CVS.
  * Many thanks to Josh Bressers for extracting the patches!

 -- Martin Pitt <email address hidden>   Fri,  2 Jun 2006 13:56:03 +0000
Superseded in hoary-security
freetype (2.1.7-2.3ubuntu0.1) hoary-security; urgency=low

  * SECURITY UPDATE: Arbitrary code execution and DoS with crafted font files.
  * Add debian/patches/401-odd_blue_num-safe_alloc.patch:
    - src/pshinter/pshglob.c: Prevent integer underflow with malformed fonts
      which have an odd number of blue values (these are broken according to
      the specs). [CVE-2006-0747]
    - src/base/ftutil.c: Fail with an 'invalid argument' error on negative
      allocations, just to make double sure. [CVE-2006-2661]
    - Patches taken from upstream CVS.
  * Add debian/patches/402-int-overflows.patch:
    - Various int overflow protections. [CVE-2006-1861, CVE-2006-2493]
    - Patches taken from upstream CVS.
  * Many thanks to Josh Bressers for extracting the patches!

 -- Martin Pitt <email address hidden>   Fri,  2 Jun 2006 15:19:18 +0000
Superseded in dapper-security
freetype (2.1.10-1ubuntu2.1) dapper-security; urgency=low

  * SECURITY UPDATE: Arbitrary code execution and DoS with crafted font files.
  * Add debian/patches/400-ttkern-loop-variable.patch:
    - src/sfnt/ttkern.c, tt_face_get_kerning(): Fix inner loop to use a new
      variable instead of destroying the outer loop variable.
    - Fixes infinite loop with fonts that don't have a properly sorted kerning
      sub-table.
    - Patch taken from upstream CVS.
  * Add debian/patches/401-odd_blue_num-safe_alloc.patch:
    - src/pshinter/pshglob.c: Prevent integer underflow with malformed fonts
      which have an odd number of blue values (these are broken according to
      the specs). [CVE-2006-0747]
    - src/base/ftutil.c: Fail with an 'invalid argument' error on negative
      allocations, just to make double sure. [CVE-2006-2661]
    - Patches taken from upstream CVS.
  * Add debian/patches/402-int-overflows.patch:
    - Various int overflow protections. [CVE-2006-1861, CVE-2006-2493]
    - Patches taken from upstream CVS.
  * Many thanks to Josh Bressers for extracting the patches!

 -- Martin Pitt <email address hidden>   Tue, 30 May 2006 17:38:12 +0200
Superseded in edgy-release
Obsolete in dapper-release
freetype (2.1.10-1ubuntu2) dapper; urgency=low

  * Update shlibs dependency.  Ubuntu: #5901.

 -- Scott James Remnant <email address hidden>   Thu,  6 Apr 2006 05:58:24 +0100
Superseded in dapper-release
Superseded in dapper-release
freetype (2.1.10-1ubuntu1) dapper; urgency=low


  * Patches for Malone #5560.
    [debian/patches/freetype-2.1.10-cvsfixes.patch]:
      - various fixes (mostly embolding)
    [debian/patches/freetype-2.1.10-xorgfix.patch]:
      - put back internal API used by xorg-x11
    [debian/patches/freetype-2.1.10-fixautofit.patch]:
      - fix autofit render setup
    [debian/patches/freetype-2.1.10-memleak.patch]:
      - fix memleak
    [debian/patches/freetype-2.1.10-fixkerning.patch]:
      - fix disabled kerning
    [debian/patches/freetype-2.1.10-fixaliasing.patch]:
      - fix anti-aliasing rendering
  * Changes by Jun Kobayashi <email address hidden>

 -- Jonathan Riddell <email address hidden>  Mon, 16 Jan 2006 17:45:50 +0900
Superseded in dapper-release
freetype (2.1.10-1) unstable; urgency=low


  * New upstream (Closes: #298660, #245532).
  * New maintainer, co-maintainer required!
  * Disable CJK autohinting patch due to incompatability with this version
    of freetype.
  * Remove some very old unapplied patches.
  * Add freetype-config.1 manpage.
  * Add doc-base file for development docs. (Closes: #280827)
  * Fix build with non-default umask. (Closes: #307464, #166511)
  * Patch merged upstream. (Closes: #252673)
  * Acknowledge NMUS.
    (Closes: #221597, #225119, #226380, #249443, #251473, #302269, #259875)

 -- Will Newton <email address hidden>  Mon, 13 Jun 2005 00:44:29 +0100
Obsolete in breezy-release
freetype (2.1.7-2.4ubuntu1) breezy; urgency=low


  * Slightly relax the header check on Type1 fonts, enabling wider display of
    PDFs, et al; based on a change to FreeType CVS (closes: Ubuntu#10087).

 -- Daniel Stone <email address hidden>  Thu, 12 May 2005 12:41:38 +1000
Obsolete in hoary-release
freetype (2.1.7-2.3) unstable; urgency=low


  * NMU
  * debian/patches/090-freetype-2.1.7-normalize-fix.diff: Patch
    by David Mossberger.  Backport from freetype2 CVS that fixes an
    off-by-order-of-magnitude performance issue in the normalization code.
    (Closes: #259875)
  
 -- dann frazier <email address hidden>  Mon, 08 Nov 2004 19:06:57 -0700
Obsolete in warty-release
freetype (2.1.7-2.1ubuntu1) warty; urgency=low


  * Add backwards compatability API fixes (Closes: #417)

 -- Thom May <email address hidden>  Wed, 28 Jul 2004 15:45:35 +0100
76118 of 193 results