-
freetype (2.5.2-1ubuntu2.8) trusty-security; urgency=medium
* SECURITY UPDATE: out-of-bounds write in t1_decoder_parse_charstrings
- debian/patches-freetype/CVE-2017-8105.patch: add a check to
src/psaux/t1decode.c.
- CVE-2017-8105
* SECURITY UPDATE: out-of-bounds write in t1_builder_close_contour
- debian/patches-freetype/CVE-2017-8287.patch: add a check to
src/psaux/psobjs.c.
- CVE-2017-8287
-- Marc Deslauriers <email address hidden> Thu, 04 May 2017 11:57:17 -0400
-
freetype (2.5.2-1ubuntu2.7) trusty-security; urgency=medium
* SECURITY UPDATE: heap based buffer overflow in cff_parser_run()
- debian/patches-freetype/CVE-2016-10328.patch: add additional check
to parser stack size in src/cff/cffparse.c
- CVE-2016-10328
-- Steve Beattie <email address hidden> Wed, 19 Apr 2017 09:24:10 -0700
-
freetype (2.5.2-1ubuntu2.6) trusty-security; urgency=medium
* SECURITY UPDATE: DoS and possible code execution via missing glyph name
- debian/patches/CVE-2016-10244.patch: add check to src/type1/t1load.c.
- CVE-2016-10244
-- Marc Deslauriers <email address hidden> Thu, 16 Mar 2017 13:39:54 -0400
-
freetype (2.5.2-1ubuntu2.5) trusty-security; urgency=medium
* SECURITY UPDATE: uninitialized memory reads (LP: #1449225)
- debian/patches-freetype/savannah-bug-41309.patch: fix use of
uninitialized data in src/cid/cidload.c, src/psaux/psobjs.c,
src/type1/t1load.c, src/type42/t42parse.c.
- No CVE number
* SECURITY UPDATE: denial of service via infinite loop in parse_encode
(LP: #1492124)
- debian/patches-freetype/savannah-bug-41590.patch: protect against
invalid charcode in src/type1/t1load.c.
- No CVE number
-- Marc Deslauriers <email address hidden> Thu, 10 Sep 2015 07:09:04 -0400
-
freetype (2.5.2-1ubuntu2.4) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service and possible code execution via
multiple security issues
- debian/patches-freetype/CVE-2014-96xx/*.patch: backport a large
quantity of upstream commits to fix multiple security issues.
- CVE-2014-9656
- CVE-2014-9657
- CVE-2014-9658
- CVE-2014-9659
- CVE-2014-9660
- CVE-2014-9661
- CVE-2014-9662
- CVE-2014-9663
- CVE-2014-9664
- CVE-2014-9665
- CVE-2014-9666
- CVE-2014-9667
- CVE-2014-9668
- CVE-2014-9669
- CVE-2014-9670
- CVE-2014-9671
- CVE-2014-9672
- CVE-2014-9673
- CVE-2014-9674
- CVE-2014-9675
-- Marc Deslauriers <email address hidden> Tue, 24 Feb 2015 09:06:36 -0500
-
freetype (2.5.2-1ubuntu2.3) trusty; urgency=medium
* Added patchset to fix multithread violations, LP: #1199571
- debian/patches-freetype/multi-thread-violations.patch
-- Marco Trevisan (Trevino) <email address hidden> Fri, 23 Jan 2015 03:38:04 +0100
-
freetype (2.5.2-1ubuntu2.2) trusty; urgency=medium
* Fix incorrect Korean Fonts rendering. (LP: #1310017)
- debian/patches-freetype/fix-incorrect-korean-fonts-rendering.patch
-- Jinkyu Yi <email address hidden> Sun, 27 Apr 2014 22:05:39 +0900
-
freetype (2.5.2-1ubuntu2.1) trusty; urgency=medium
* debian/patches-freetype/0001-Fix-Savannah-bug-40997.patch: Cherry-pick
upstream patch to fix a double free. (LP: #1310728)
-- Iain Lane <email address hidden> Thu, 01 May 2014 12:53:39 +0100
-
freetype (2.5.2-1ubuntu2) trusty; urgency=medium
* SECURITY UPDATE: denial of service and possible code execution in
CFF rasterizer
- debian/patches/CVE-2014-2240.patch: validate hintMask in
src/cff/cf2hints.c.
- CVE-2014-2240
* SECURITY UPDATE: denial of service in CFF rasterizer
- debian/patches/CVE-2014-2241.patch: don't trigger asserts in
src/cff/cf2ft.c.
- CVE-2014-2241
-- Marc Deslauriers <email address hidden> Thu, 13 Mar 2014 12:47:17 -0400
-
freetype (2.5.2-1ubuntu1) trusty; urgency=medium
* Merge from Debian unstable, remaining changes:
- debian/patches-freetype/revert_scalable_fonts_metric.patch:
revert commit "Fix metrics on size request for scalable fonts.",
which breaks gtk underlining markups
* Dropped changes, included in Debian:
- Fix png configuration for cross builds.
- Run aclocal and autoconf.
freetype (2.5.2-1) unstable; urgency=low
* New upstream release
- fixes a crasher bug with certain fonts. Closes: #733052.
- drop of additional symbols which were previously exported but are only
meant for debugging and upstream recommends not enabling them when
building in "release mode". If this impacts users of freetype, we can
re-enable these symbols later.
* Call autogen.sh on build to refresh autotools; not using dh-autoreconf
because the upstream directory structure is non-standard and it's a
throw-away dir, so there's no advantage to dh-autoreconf's rollback
support.
* Fix symbols file with respect to more complete version info found in
Ubuntu.
* Drop debian/patches-ft2demos/compiler-warning-fixes.patch, which is
actually a bug in the compiler_hardening_fixes.patch; fix it there
instead.
* Fix libpng detection when cross-building.
-- Steve Langasek <email address hidden> Sat, 28 Dec 2013 18:54:38 -0800
-
freetype (2.5.1-2ubuntu1) trusty; urgency=medium
* Merge from Debian unstable, remaining changes:
- debian/patches-freetype/revert_scalable_fonts_metric.patch:
revert commit "Fix metrics on size request for scalable fonts.",
which breaks gtk underlining markups
- Fix png configuration for cross builds.
- Run aclocal and autoconf.
freetype (2.5.1-2) unstable; urgency=low
* Drop unnecessary GPLv2.txt from libfreetype6-dev.
* Add missing dependency on libpng-dev to libfreetype6-dev.
Closes: #732062.
-- Steve Langasek <email address hidden> Tue, 17 Dec 2013 23:18:19 -0800
-
freetype (2.5.1-1ubuntu2) trusty; urgency=medium
* Fix png configuration for cross builds.
* Run aclocal and autoconf.
-- Matthias Klose <email address hidden> Fri, 06 Dec 2013 13:01:17 +0100
-
freetype (2.5.1-1ubuntu1) trusty; urgency=low
* Merge from Debian unstable (LP: #1256114), remaining changes:
- debian/patches-freetype/revert_scalable_fonts_metric.patch:
revert commit "Fix metrics on size request for scalable fonts.",
which breaks gtk underlining markups
* Dropped changes, included in Debian:
- debian/control: build-depends on libpng-dev
- debian/libfreetype6.symbols: new version update
* Drop debian/patches-ft2demos/compiler-warning-fixes.patch, which is
actually a bug in the compiler_hardening_fixes.patch and has been fixed
there in the Ubuntu version.
freetype (2.5.1-1) unstable; urgency=low
* New upstream release. Closes: #717952, #729231.
- Add build-dependency on libpng-dev.
- Dropped patches, included upstream: savannah-bug-35847.patch,
savannah-bug-35833.patch, savannah-bug-37905.patch,
savannah-bug-37906.patch, savannah-bug-37907.patch
- Internal symbols have been dropped in this version. No soname change
because the symbols are not supposed to be used, but past experience
suggests that this may break some third-party software anyway.
* compiler_hardening_fixes.patch: fix wrong snprintf() calls in ttdebug.c
that cause an overflow 100% of the time.
* debian/patches-ft2demos/compiler-warning-fixes.patch: Fix a wrong
cast that triggers a compiler warning.
* debian/patches-ft2demos/revert-wrong-extern.patch: revert wrong
upstream commit that causes a build failure.
-- Steve Langasek <email address hidden> Thu, 28 Nov 2013 23:10:19 +0000
-
freetype (2.5.0.1-0ubuntu2) trusty; urgency=low
* debian/control: build-depends on libpng12-dev
-- Sebastien Bacher <email address hidden> Mon, 11 Nov 2013 12:03:49 +0100
-
freetype (2.5.0.1-0ubuntu1) trusty; urgency=low
* New upstream version (lp: #1203012)
* debian/patches-freetype/git_unitialized_variable.patch,
debian/patches-ft2demos/init_variables.patch:
- dropped, the fixes are in the new version
* debian/libfreetype6.symbols: new version update
-- Sebastien Bacher <email address hidden> Mon, 11 Nov 2013 11:52:19 +0100
-
freetype (2.4.12-0ubuntu1) saucy; urgency=low
* New upstream version (lp: #1179523)
* debian/patches-freetype/git_unitialized_variable.patch,
debian/patches-ft2demos/init_variables.patch:
- fix an unitialized variable warnings which were breaking the build
* debian/libfreetype6.symbols: updated
-- Sebastien Bacher <email address hidden> Mon, 13 May 2013 13:12:42 +0200
