--- freetype-2.4.8.orig/debian/rules
+++ freetype-2.4.8/debian/rules
@@ -0,0 +1,142 @@
+#!/usr/bin/make -f
+#
+# This is free software; see the GNU General Public Licence
+# version 2 or later for copying conditions. There is NO warranty.
+
+DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
+DEB_HOST_ARCH ?= $(shell dpkg-architecture -qDEB_HOST_ARCH)
+
+# Workaround for spurious error when building with gcc-4.4
+ifeq (,$(filter m68k alpha,$(DEB_HOST_ARCH)))
+export DEB_CFLAGS_MAINT_APPEND := -Werror
+endif
+
+# always abort if there are any problems with the symbols file
+DPKG_GENSYMBOLS_CHECK_LEVEL = 4
+export DPKG_GENSYMBOLS_CHECK_LEVEL
+
+VERSION = $(shell dpkg-parsechangelog | sed -n -e's/^Version: //p')
+ver := $(shell dpkg-parsechangelog | sed -n -e's/^Version: \(.*\)-[^-]\+/\1/p')
+
+freetype_ver := $(ver)
+ftdocs_ver := $(ver)
+ft2demos_ver := $(ver)
+dependency = $(libpkg) (>= 2.4.0)
+
+freetype_u := freetype-$(freetype_ver)
+ftdocs_u := freetype-doc-$(ftdocs_ver)
+ftdocs_d := $(freetype_u)
+ft2demos_u := ft2demos-$(ft2demos_ver)
+
+libpkg := libfreetype6
+devpkg := $(libpkg)-dev
+docpkg := $(libpkg)-doc
+demospkg := freetype2-demos
+udebpkg := libfreetype6-udeb
+docdir := usr/share/doc
+freetype_config_man := $(CURDIR)/debian/freetype-config.man
+freetype_config_sgml := $(CURDIR)/debian/freetype-config.man.sgml
+
+libdoc = FTL.TXT CHANGES TODO ft2faq.html
+
+%:
+ dh $@
+
+unpack:: unpack-stamp
+unpack-stamp::
+ # Unpack upstream tarballs
+ @for i in $(freetype_u) $(ftdocs_u) $(ft2demos_u); do \
+ if [ -f $$i.tar.bz2 ]; then \
+ echo "Unpacking $$i.tar.bz2 ..."; \
+ tar -x --bzip2 -f $$i.tar.bz2; \
+ elif [ -f $$i.tar.gz ]; then \
+ echo "Unpacking $$i.tar.gz ..."; \
+ tar -x --gzip -f $$i.tar.gz; \
+ else \
+ echo "Error! $$i.tar.{bz2,gz} not found!"; \
+ exit 1; \
+ fi \
+ done
+ ln -s $(ftdocs_d)/docs docs
+ touch unpack-stamp
+
+patch: unpack patch-stamp
+patch-stamp:
+ cd $(freetype_u) \
+ && QUILT_PATCHES=../debian/patches-freetype quilt push -a
+ cd $(ft2demos_u) \
+ && QUILT_PATCHES=../debian/patches-ft2demos quilt push -a
+ touch patch-stamp
+
+override_dh_auto_configure: patch
+ dh_auto_configure -D $(freetype_u) -- --without-bzip2
+
+override_dh_auto_build:
+ dh_auto_build -D $(freetype_u)
+ dh_auto_build -D $(ft2demos_u) -- TOP_DIR=../$(freetype_u) \
+ OBJ_DIR=../$(freetype_u)/objs
+ docbook-to-man $(freetype_config_sgml) > $(freetype_config_man)
+
+override_dh_auto_clean:
+ rm -f $(freetype_config_man)
+ rm -f unpack-stamp patch-stamp
+ rm -rf $(freetype_u) $(ft2demos_u) docs
+
+override_dh_auto_install:
+ dh_auto_install -D $(freetype_u) --destdir=$(CURDIR)/debian/tmp
+ $(freetype_u)/builds/unix/libtool --mode=install \
+ cp -av `find $(ft2demos_u)/bin -type f -perm -u=x -maxdepth 1` \
+ $(CURDIR)/debian/$(demospkg)/usr/bin/
+ sed -i -e'/dependency_libs/s/'.*'//' debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libfreetype.la
+
+override_dh_install:
+ dh_install --fail-missing
+
+override_dh_installdocs:
+ifneq (,$(findstring $(libpkg), $(shell dh_listpackages)))
+ dh_installdocs -p$(libpkg) $(addprefix $(freetype_u)/docs/,$(libdoc))
+ mkdir debian/$(libpkg)/$(docdir)/$(libpkg)/pcf
+ cp -a $(freetype_u)/src/pcf/README debian/$(libpkg)/$(docdir)/$(libpkg)/pcf/
+endif
+ifneq (,$(findstring $(devpkg), $(shell dh_listpackages)))
+ dh_installdocs --link-doc=$(libpkg) -p$(devpkg) \
+ -Xreference/README -Xreference/.gitignore \
+ -XLICENSE.TXT -XGPL.TXT -XBUILD -XINSTALL \
+ $(addprefix -X,$(libdoc)) \
+ $(ftdocs_d)/docs/*
+endif
+ dh_installdocs -N$(devpkg) -N$(libpkg) --link-doc=$(libpkg)
+
+override_dh_installchangelogs:
+ifneq (,$(findstring $(libpkg), $(shell dh_listpackages)))
+ dh_installchangelogs -p$(libpkg) $(freetype_u)/ChangeLog
+endif
+
+override_dh_makeshlibs:
+ dh_makeshlibs -V '$(dependency)' --add-udeb '$(udebpkg)'
+
+# This variable is used only by get-orig-source, which will normally only
+# be run by maintainers.
+URL = http://savannah.nongnu.org/download/freetype/
+
+# Download the various upstream source tarballs and pack them into a
+# single orig.tar.gz. Assumes wget and gpg are available.
+get-orig-source:
+ @if [ ! -d "debian" ] ; then \
+ echo 'Run this from the top directory of the Debian source' >&2; \
+ exit 1; \
+ fi
+ mkdir freetype-$(ver)
+ set -e; \
+ cd freetype-$(ver); \
+ for i in freetype freetype-doc ft2demos; do \
+ wget $(URL)/$$i-$(ver).tar.bz2; \
+ wget $(URL)/$$i-$(ver).tar.bz2.sig; \
+ gpg --verify $$i-$(ver).tar.bz2.sig $$i-$(ver).tar.bz2 \
+ && rm $$i-$(ver).tar.bz2.sig; \
+ done
+ tar cf freetype_$(ver).orig.tar freetype-$(ver)
+ rm -rf freetype-$(ver)
+ gzip -9 freetype_$(ver).orig.tar
+
+.PHONY: unpack patch get-orig-source
--- freetype-2.4.8.orig/debian/freetype-config.man.sgml
+++ freetype-2.4.8/debian/freetype-config.man.sgml
@@ -0,0 +1,174 @@
+ manpage.1'. You may view
+ the manual page with: `docbook-to-man manpage.sgml | nroff -man |
+ less'. A typical entry in a Makefile or Makefile.am is:
+
+manpage.1: manpage.sgml
+ docbook-to-man $< > $@
+
+
+ The docbook-to-man binary is found in the docbook-to-man package.
+ Please remember that if you create the nroff version in one of the
+ debian/rules file targets (such as build), you will need to include
+ docbook-to-man in your Build-Depends control field.
+
+ -->
+
+ Will">
+ Newton">
+ 2005-06-09">
+ 1">
+ will@debian.org">
+
+ FREETYPE-CONFIG">
+
+
+ Debian">
+ GNU">
+]>
+
+
+
+
+ &dhemail;
+
+
+ &dhfirstname;
+ &dhsurname;
+
+
+ 2005
+ &dhusername;
+
+ &dhdate;
+
+
+ &dhucpackage;
+
+ &dhsection;
+
+
+ &dhpackage;
+
+ show information about installed freetype2 libraries
+
+
+
+ &dhpackage;
+
+
+
+
+
+
+
+
+
+
+
+
+ DESCRIPTION
+
+ This manual page documents briefly the
+ &dhpackage; command,
+
+ &dhpackage; is a program that shows information
+ about the installed freetype2 libraries.
+
+
+
+ OPTIONS
+
+ The following options are supported:
+
+
+
+
+
+
+
+ Show the prefix freetype2 was built with. The prefix may
+ be overridden by passing the argument PREFIX.
+
+
+
+
+
+
+
+ Show the executable prefix freetype2 was built with. The
+ executable prefix may be overridden by passing the argument
+ EPREFIX.
+
+
+
+
+
+
+ Show the libtool version of the installed freetype2.
+
+
+
+
+
+
+ Show the FreeType version of the installed freetype2.
+
+
+
+
+
+
+ Show the compiler flags for linking to the installed freetype2.
+
+
+
+
+
+
+ Show the library name for linking with libtool.
+
+
+
+
+
+
+ Show the compiler flags for compiling against the installed freetype2.
+
+
+
+
+
+ AUTHOR
+
+ This manual page was written by &dhusername; &dhemail; for
+ the &debian; system (but may be used by others). Permission is
+ granted to copy, distribute and/or modify this document under
+ the terms of the GNU Free Documentation
+ License, Version 1.1 or any later version published by the Free
+ Software Foundation; with no Invariant Sections, no Front-Cover
+ Texts and no Back-Cover Texts.
+
+
+
+
+
+
+
--- freetype-2.4.8.orig/debian/libfreetype6-dev.doc-base
+++ freetype-2.4.8/debian/libfreetype6-dev.doc-base
@@ -0,0 +1,10 @@
+Document: libfreetype6-dev
+Title: FreeType 2 Development Documentation
+Author: Various
+Abstract: Development documentatin for FreeType 2.
+Section: Programming/C
+
+Format: HTML
+Index: /usr/share/doc/libfreetype6/reference/ft2-index.html
+Files: /usr/share/doc/libfreetype6/reference/*.html
+
--- freetype-2.4.8.orig/debian/control
+++ freetype-2.4.8/debian/control
@@ -0,0 +1,85 @@
+Source: freetype
+Section: libs
+Priority: optional
+Maintainer: Ubuntu Developers
+XSBC-Original-Maintainer: Steve Langasek
+Uploaders: Anthony Fok , Keith Packard
+Build-Depends: bzip2, debhelper (>= 8.9.4), docbook-to-man, gettext (>= 0.10.36-2), libx11-dev, x11proto-core-dev, libz-dev, quilt
+Standards-Version: 3.9.2
+Homepage: http://www.freetype.org
+
+Package: libfreetype6
+Architecture: any
+Section: libs
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Pre-Depends: ${misc:Pre-Depends}
+Multi-Arch: same
+Description: FreeType 2 font engine, shared library files
+ The FreeType project is a team of volunteers who develop free,
+ portable and high-quality software solutions for digital typography.
+ They specifically target embedded systems and focus on bringing small,
+ efficient and ubiquitous products.
+ .
+ The FreeType 2 library is their new software font engine. It has been
+ designed to provide the following important features:
+ * A universal and simple API to manage font files
+ * Support for several font formats through loadable modules
+ * High-quality anti-aliasing
+ * High portability & performance
+ .
+ Supported font formats include:
+ * TrueType files (.ttf) and collections (.ttc)
+ * Type 1 font files both in ASCII (.pfa) or binary (.pfb) format
+ * Type 1 Multiple Master fonts. The FreeType 2 API also provides
+ routines to manage design instances easily
+ * Type 1 CID-keyed fonts
+ * OpenType/CFF (.otf) fonts
+ * CFF/Type 2 fonts
+ * Adobe CEF fonts (.cef), used to embed fonts in SVG documents with
+ the Adobe SVG viewer plugin.
+ * Windows FNT/FON bitmap fonts
+ .
+ This package contains the files needed to run programs that use the
+ FreeType 2 library.
+ .
+ Home Page: http://www.freetype.org/
+ Authors: David Turner
+ Robert Wilhelm
+ Werner Lemberg
+
+Package: libfreetype6-dev
+Architecture: any
+Section: libdevel
+Depends: libfreetype6 (= ${binary:Version}), libc6-dev | libc-dev, zlib1g-dev | libz-dev, ${misc:Depends}
+Description: FreeType 2 font engine, development files
+ The FreeType project is a team of volunteers who develop free,
+ portable and high-quality software solutions for digital typography.
+ They specifically target embedded systems and focus on bringing small,
+ efficient and ubiquitous products.
+ .
+ This package contains all supplementary files (static library, headers
+ and documentation) you need to develop your own programs using the
+ FreeType 2 library.
+
+Package: freetype2-demos
+Architecture: any
+Section: utils
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Replaces: freetype-tools
+Description: FreeType 2 demonstration programs
+ This package contains some demonstration programs and utilities
+ which showcase the features of the FreeType 2 font engine.
+
+Package: libfreetype6-udeb
+XC-Package-Type: udeb
+Priority: extra
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Section: debian-installer
+Description: FreeType 2 font engine for the debian-installer
+ The FreeType project is a team of volunteers who develop free,
+ portable and high-quality software solutions for digital typography.
+ They specifically target embedded systems and focus on bringing small,
+ efficient and ubiquitous products.
+ .
+ This is the udeb package for use with the debian-installer.
--- freetype-2.4.8.orig/debian/libfreetype6-dev.install
+++ freetype-2.4.8/debian/libfreetype6-dev.install
@@ -0,0 +1,7 @@
+usr/bin/freetype-config
+usr/include/
+usr/lib/*/*.so
+usr/lib/*/*.la
+usr/lib/*/*.a
+usr/lib/*/pkgconfig/
+usr/share/aclocal/
--- freetype-2.4.8.orig/debian/libfreetype6-udeb.dirs
+++ freetype-2.4.8/debian/libfreetype6-udeb.dirs
@@ -0,0 +1 @@
+usr/lib
--- freetype-2.4.8.orig/debian/libfreetype6-udeb.install
+++ freetype-2.4.8/debian/libfreetype6-udeb.install
@@ -0,0 +1 @@
+usr/lib/*/*.so.* usr/lib
--- freetype-2.4.8.orig/debian/README.source
+++ freetype-2.4.8/debian/README.source
@@ -0,0 +1,22 @@
+Because FreeType upstream distributes the source as a set of multiple
+tarballs, the Debian package currently uses a tar-in-tar format, with
+Debian changes managed using quilt and stored in two different
+directories corresponding to the respective upstream tarballs:
+debian/patches-freetype and debian/patches-ft2demos.
+
+To unpack the patched sources, run './debian/rules patch'.
+
+For general information on how to apply patches, modify patches, or
+remove a patch, please see:
+
+ /usr/share/doc/quilt/README.source
+
+To edit patches after unpacking, cd to the subdirectory for the
+corresponding upstream tarball and use for QUILT_PATCHES either
+QUILT_PATCHES=../debian/patches-freetype or
+QUILT_PATCHES=../debian/patches-ft2demos.
+
+To upgrade to a new upstream version, run
+./debian/rules get-orig-source ver=, which will
+download the upstream tarballs and pack them into an .orig.tar.gz
+according to the scheme used here.
--- freetype-2.4.8.orig/debian/copyright
+++ freetype-2.4.8/debian/copyright
@@ -0,0 +1,356 @@
+This package was Debianized by Christoph Lameter on
+Thu, 7 Nov 1996 11:51:45 -0800. It was then picked up by
+Anthony Fok on Mon, 11 Aug 1997 08:10:02 -0600
+
+It was downloaded from
+ ftp://ftp.freetype.org/freetype/freetype2/
+
+Upstream Authors:
+
+ The FreeType Project
+ David Turner
+ Robert Wilhelm
+ Werner Lemberg
+
+ The FreeType 2 auto-hinter
+ Designed and implemented by David Turner under contract
+ for Catharon Productions, Inc. http://www.catharon.com/
+
+ FreeType font driver for PCF fonts
+ Francesco Zappa Nardelli
+
+
+Copyright:
+
+FreeType comes with two licenses from which you can choose the one which
+fits your needs best:
+
+ . The FreeType License, in file `FTL.txt'.
+
+ . The GNU General Public License version 2 or later. On Debian systems,
+ the complete text of the GNU General Public License version 2 can be
+ found in `/usr/share/common-licenses/GPL-2'.
+
+The contributed PCF driver comes with a license similar to that of
+X Window System which is compatible to the above two licenses
+(see file src/pcf/readme).
+
+
+The FreeType License, the Catharon Open Source License and the
+license of the contributed PCF driver are listed below:
+
+
+ The FreeType Project LICENSE
+ ----------------------------
+
+ 2000-Feb-08
+
+ Copyright 1996-2000 by
+ David Turner, Robert Wilhelm, and Werner Lemberg
+
+
+
+Introduction
+============
+
+ The FreeType Project is distributed in several archive packages;
+ some of them may contain, in addition to the FreeType font engine,
+ various tools and contributions which rely on, or relate to, the
+ FreeType Project.
+
+ This license applies to all files found in such packages, and
+ which do not fall under their own explicit license. The license
+ affects thus the FreeType font engine, the test programs,
+ documentation and makefiles, at the very least.
+
+ This license was inspired by the BSD, Artistic, and IJG
+ (Independent JPEG Group) licenses, which all encourage inclusion
+ and use of free software in commercial and freeware products
+ alike. As a consequence, its main points are that:
+
+ o We don't promise that this software works. However, we will be
+ interested in any kind of bug reports. (`as is' distribution)
+
+ o You can use this software for whatever you want, in parts or
+ full form, without having to pay us. (`royalty-free' usage)
+
+ o You may not pretend that you wrote this software. If you use
+ it, or only parts of it, in a program, you must acknowledge
+ somewhere in your documentation that you have used the
+ FreeType code. (`credits')
+
+ We specifically permit and encourage the inclusion of this
+ software, with or without modifications, in commercial products.
+ We disclaim all warranties covering The FreeType Project and
+ assume no liability related to The FreeType Project.
+
+
+Legal Terms
+===========
+
+0. Definitions
+--------------
+
+ Throughout this license, the terms `package', `FreeType Project',
+ and `FreeType archive' refer to the set of files originally
+ distributed by the authors (David Turner, Robert Wilhelm, and
+ Werner Lemberg) as the `FreeType Project', be they named as alpha,
+ beta or final release.
+
+ `You' refers to the licensee, or person using the project, where
+ `using' is a generic term including compiling the project's source
+ code as well as linking it to form a `program' or `executable'.
+ This program is referred to as `a program using the FreeType
+ engine'.
+
+ This license applies to all files distributed in the original
+ FreeType Project, including all source code, binaries and
+ documentation, unless otherwise stated in the file in its
+ original, unmodified form as distributed in the original archive.
+ If you are unsure whether or not a particular file is covered by
+ this license, you must contact us to verify this.
+
+ The FreeType Project is copyright (C) 1996-2000 by David Turner,
+ Robert Wilhelm, and Werner Lemberg. All rights reserved except as
+ specified below.
+
+1. No Warranty
+--------------
+
+ THE FREETYPE PROJECT IS PROVIDED `AS IS' WITHOUT WARRANTY OF ANY
+ KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+ WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ PURPOSE. IN NO EVENT WILL ANY OF THE AUTHORS OR COPYRIGHT HOLDERS
+ BE LIABLE FOR ANY DAMAGES CAUSED BY THE USE OR THE INABILITY TO
+ USE, OF THE FREETYPE PROJECT.
+
+2. Redistribution
+-----------------
+
+ This license grants a worldwide, royalty-free, perpetual and
+ irrevocable right and license to use, execute, perform, compile,
+ display, copy, create derivative works of, distribute and
+ sublicense the FreeType Project (in both source and object code
+ forms) and derivative works thereof for any purpose; and to
+ authorize others to exercise some or all of the rights granted
+ herein, subject to the following conditions:
+
+ o Redistribution of source code must retain this license file
+ (`LICENSE.TXT') unaltered; any additions, deletions or changes
+ to the original files must be clearly indicated in
+ accompanying documentation. The copyright notices of the
+ unaltered, original files must be preserved in all copies of
+ source files.
+
+ o Redistribution in binary form must provide a disclaimer that
+ states that the software is based in part of the work of the
+ FreeType Team, in the distribution documentation. We also
+ encourage you to put an URL to the FreeType web page in your
+ documentation, though this isn't mandatory.
+
+ These conditions apply to any software derived from or based on
+ the FreeType Project, not just the unmodified files. If you use
+ our work, you must acknowledge us. However, no fee need be paid
+ to us.
+
+3. Advertising
+--------------
+
+ Neither the FreeType authors and contributors nor you shall use
+ the name of the other for commercial, advertising, or promotional
+ purposes without specific prior written permission.
+
+ We suggest, but do not require, that you use one or more of the
+ following phrases to refer to this software in your documentation
+ or advertising materials: `FreeType Project', `FreeType Engine',
+ `FreeType library', or `FreeType Distribution'.
+
+ As you have not signed this license, you are not required to
+ accept it. However, as the FreeType Project is copyrighted
+ material, only this license, or another one contracted with the
+ authors, grants you the right to use, distribute, and modify it.
+ Therefore, by using, distributing, or modifying the FreeType
+ Project, you indicate that you understand and accept all the terms
+ of this license.
+
+4. Contacts
+-----------
+
+ There are two mailing lists related to FreeType:
+
+ o freetype@freetype.org
+
+ Discusses general use and applications of FreeType, as well as
+ future and wanted additions to the library and distribution.
+ If you are looking for support, start in this list if you
+ haven't found anything to help you in the documentation.
+
+ o devel@freetype.org
+
+ Discusses bugs, as well as engine internals, design issues,
+ specific licenses, porting, etc.
+
+ o http://www.freetype.org
+
+ Holds the current FreeType web page, which will allow you to
+ download our latest development version and read online
+ documentation.
+
+ You can also contact us individually at:
+
+ David Turner
+ Robert Wilhelm
+ Werner Lemberg
+
+
+--- end of LICENSE.TXT ---
+
+
+ The Catharon Open Source LICENSE
+ ----------------------------
+
+ 2000-Jul-04
+
+ Copyright (C) 2000 by Catharon Productions, Inc.
+
+
+
+Introduction
+============
+
+ This license applies to source files distributed by Catharon
+ Productions, Inc. in several archive packages. This license
+ applies to all files found in such packages which do not fall
+ under their own explicit license.
+
+ This license was inspired by the BSD, Artistic, and IJG
+ (Independent JPEG Group) licenses, which all encourage inclusion
+ and use of free software in commercial and freeware products
+ alike. As a consequence, its main points are that:
+
+ o We don't promise that this software works. However, we are
+ interested in any kind of bug reports. (`as is' distribution)
+
+ o You can use this software for whatever you want, in parts or
+ full form, without having to pay us. (`royalty-free' usage)
+
+ o You may not pretend that you wrote this software. If you use
+ it, or only parts of it, in a program, you must acknowledge
+ somewhere in your documentation that you have used the
+ Catharon Code. (`credits')
+
+ We specifically permit and encourage the inclusion of this
+ software, with or without modifications, in commercial products.
+ We disclaim all warranties covering the packages distributed by
+ Catharon Productions, Inc. and assume no liability related to
+ their use.
+
+
+Legal Terms
+===========
+
+0. Definitions
+--------------
+
+ Throughout this license, the terms `Catharon Package', `package',
+ and `Catharon Code' refer to the set of files originally
+ distributed by Catharon Productions, Inc.
+
+ `You' refers to the licensee, or person using the project, where
+ `using' is a generic term including compiling the project's source
+ code as well as linking it to form a `program' or `executable'.
+ This program is referred to as `a program using one of the
+ Catharon Packages'.
+
+ This license applies to all files distributed in the original
+ Catharon Package(s), including all source code, binaries and
+ documentation, unless otherwise stated in the file in its
+ original, unmodified form as distributed in the original archive.
+ If you are unsure whether or not a particular file is covered by
+ this license, you must contact us to verify this.
+
+ The Catharon Packages are copyright (C) 2000 by Catharon
+ Productions, Inc. All rights reserved except as specified below.
+
+1. No Warranty
+--------------
+
+ THE CATHARON PACKAGES ARE PROVIDED `AS IS' WITHOUT WARRANTY OF ANY
+ KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+ WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ PURPOSE. IN NO EVENT WILL ANY OF THE AUTHORS OR COPYRIGHT HOLDERS
+ BE LIABLE FOR ANY DAMAGES CAUSED BY THE USE OF OR THE INABILITY TO
+ USE THE CATHARON PACKAGE.
+
+2. Redistribution
+-----------------
+
+ This license grants a worldwide, royalty-free, perpetual and
+ irrevocable right and license to use, execute, perform, compile,
+ display, copy, create derivative works of, distribute and
+ sublicense the Catharon Packages (in both source and object code
+ forms) and derivative works thereof for any purpose; and to
+ authorize others to exercise some or all of the rights granted
+ herein, subject to the following conditions:
+
+ o Redistribution of source code must retain this license file
+ (`license.txt') unaltered; any additions, deletions or changes
+ to the original files must be clearly indicated in
+ accompanying documentation. The copyright notices of the
+ unaltered, original files must be preserved in all copies of
+ source files.
+
+ o Redistribution in binary form must provide a disclaimer that
+ states that the software is based in part on the work of
+ Catharon Productions, Inc. in the distribution documentation.
+
+ These conditions apply to any software derived from or based on
+ the Catharon Packages, not just the unmodified files. If you use
+ our work, you must acknowledge us. However, no fee need be paid
+ to us.
+
+3. Advertising
+--------------
+
+ Neither Catharon Productions, Inc. and contributors nor you shall
+ use the name of the other for commercial, advertising, or
+ promotional purposes without specific prior written permission.
+
+ We suggest, but do not require, that you use the following phrase
+ to refer to this software in your documentation: 'this software is
+ based in part on the Catharon Typography Project'.
+
+ As you have not signed this license, you are not required to
+ accept it. However, as the Catharon Packages are copyrighted
+ material, only this license, or another one contracted with the
+ authors, grants you the right to use, distribute, and modify it.
+ Therefore, by using, distributing, or modifying the Catharon
+ Packages, you indicate that you understand and accept all the
+ terms of this license.
+
+--- end of license.txt ---
+
+
+License for FreeType font driver for PCF fonts
+*******
+
+Copyright (C) 2000 by Francesco Zappa Nardelli
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
--- freetype-2.4.8.orig/debian/freetype2-demos.dirs
+++ freetype-2.4.8/debian/freetype2-demos.dirs
@@ -0,0 +1 @@
+usr/bin
--- freetype-2.4.8.orig/debian/compat
+++ freetype-2.4.8/debian/compat
@@ -0,0 +1 @@
+9
--- freetype-2.4.8.orig/debian/libfreetype6-dev.manpages
+++ freetype-2.4.8/debian/libfreetype6-dev.manpages
@@ -0,0 +1 @@
+debian/freetype-config.man
--- freetype-2.4.8.orig/debian/changelog
+++ freetype-2.4.8/debian/changelog
@@ -0,0 +1,1643 @@
+freetype (2.4.8-1ubuntu2.7) precise-security; urgency=medium
+
+ * SECURITY UPDATE: heap-based buffer over-read
+ - debian/patches-freetype/CVE-2015-9381.patch: check
+ if 'eexec' doesn't exceed 'limit' in src/type1/t1parse.c
+ - CVE-2015-9381
+ * SECURITY UPDATE: buffer over-read
+ - debian/patches-freetype/CVE-2015-9382.patch: ensure that
+ the cursor position doesn't get larger than the current limit
+ in src/psaux/psobjs.c.
+ - CVE-2015-9382
+ * SECURITY UPDATE: heap-based buffer over-read
+ - debian/patches-freetype/CVE-2015-9383.patch: check
+ limit before accessing 'numRanges' and numMappings in
+ src/sfnt/ttcmap.c.
+ - CVE-2015-9383
+
+ -- Leonidas S. Barbosa Fri, 06 Sep 2019 11:05:06 -0300
+
+freetype (2.4.8-1ubuntu2.6) precise-security; urgency=medium
+
+ [ Marc Deslauriers ]
+ * SECURITY UPDATE: out-of-bounds write in t1_decoder_parse_charstrings
+ - debian/patches-freetype/CVE-2017-8105.patch: add a check to
+ src/psaux/t1decode.c.
+ - CVE-2017-8105
+ * SECURITY UPDATE: out-of-bounds write in t1_builder_close_contour
+ - debian/patches-freetype/CVE-2017-8287.patch: add a check to
+ src/psaux/psobjs.c.
+ - CVE-2017-8287
+
+ -- Emily Ratliff Mon, 15 May 2017 20:31:15 -0500
+
+freetype (2.4.8-1ubuntu2.5) precise-security; urgency=medium
+
+ * SECURITY UPDATE: heap based buffer overflow in cff_parser_run()
+ - debian/patches-freetype/CVE-2016-10328.patch: add additional check
+ to parser stack size in src/cff/cffparse.c
+ - CVE-2016-10328
+
+ -- Steve Beattie Tue, 18 Apr 2017 14:35:42 -0700
+
+freetype (2.4.8-1ubuntu2.4) precise-security; urgency=medium
+
+ * SECURITY UPDATE: DoS and possible code execution via missing glyph name
+ - debian/patches/CVE-2016-10244.patch: add check to src/type1/t1load.c.
+ - CVE-2016-10244
+
+ -- Marc Deslauriers Thu, 16 Mar 2017 13:42:14 -0400
+
+freetype (2.4.8-1ubuntu2.3) precise-security; urgency=medium
+
+ * SECURITY UPDATE: uninitialized memory reads (LP: #1449225)
+ - debian/patches-freetype/savannah-bug-41309.patch: fix use of
+ uninitialized data in src/cid/cidload.c, src/psaux/psobjs.c,
+ src/type1/t1load.c, src/type42/t42parse.c.
+ - No CVE number
+ * SECURITY UPDATE: denial of service via infinite loop in parse_encode
+ (LP: #1492124)
+ - debian/patches-freetype/savannah-bug-41590.patch: protect against
+ invalid charcode in src/type1/t1load.c.
+ - No CVE number
+
+ -- Marc Deslauriers Thu, 10 Sep 2015 07:10:41 -0400
+
+freetype (2.4.8-1ubuntu2.2) precise-security; urgency=medium
+
+ * SECURITY UPDATE: denial of service and possible code execution via
+ multiple security issues
+ - debian/patches-freetype/CVE-2014-96xx/*.patch: backport a large
+ quantity of upstream commits to fix multiple security issues.
+ - CVE-2014-9656
+ - CVE-2014-9657
+ - CVE-2014-9658
+ - CVE-2014-9660
+ - CVE-2014-9661
+ - CVE-2014-9663
+ - CVE-2014-9664
+ - CVE-2014-9666
+ - CVE-2014-9667
+ - CVE-2014-9669
+ - CVE-2014-9670
+ - CVE-2014-9671
+ - CVE-2014-9672
+ - CVE-2014-9673
+ - CVE-2014-9674
+ - CVE-2014-9675
+
+ -- Marc Deslauriers Tue, 24 Feb 2015 10:35:56 -0500
+
+freetype (2.4.8-1ubuntu2.1) precise-security; urgency=low
+
+ * SECURITY UPDATE: denial of service and possible code execution via NULL
+ pointer dereference
+ - debian/patches-freetype/CVE-2012-5668.patch: reset props_size in case
+ of allocation error in src/bdf/bdflib.c.
+ - CVE-2012-5668
+ * SECURITY UPDATE: denial of service and possible code execution via heap
+ buffer over-read in BDF parsing
+ - debian/patches-freetype/CVE-2012-5669.patch: use correct array size
+ in src/bdf/bdflib.c.
+ - CVE-2012-5669
+
+ -- Marc Deslauriers Fri, 11 Jan 2013 13:45:45 -0500
+
+freetype (2.4.8-1ubuntu2) precise; urgency=low
+
+ * debian/patches-freetype/revert_scalable_fonts_metric.patch:
+ - revert commit "Fix metrics on size request for scalable fonts.",
+ it's breaking gtk underlining markups and creating some other
+ issues as well (lp: #972223)
+
+ -- Sebastien Bacher Tue, 03 Apr 2012 10:42:05 +0200
+
+freetype (2.4.8-1ubuntu1) precise; urgency=low
+
+ * SECURITY UPDATE: Denial of service via crafted BDF font (LP: #963283)
+ - debian/patches-freetype/CVE-2012-1126.patch: Perform better input
+ sanitization when parsing properties. Based on upstream patch.
+ - CVE-2012-1126
+ * SECURITY UPDATE: Denial of service via crafted BDF font
+ - debian/patches-freetype/CVE-2012-1127.patch: Perform better input
+ sanitization when parsing glyphs. Based on upstream patch.
+ - CVE-2012-1127
+ * SECURITY UPDATE: Denial of service via crafted TrueType font
+ - debian/patches-freetype/CVE-2012-1128.patch: Improve loop logic to avoid
+ NULL pointer dereference. Based on upstream patch.
+ - CVE-2012-1128
+ * SECURITY UPDATE: Denial of service via crafted Type42 font
+ - debian/patches-freetype/CVE-2012-1129.patch: Perform better input
+ sanitization when parsing SFNT strings. Based on upstream patch.
+ - CVE-2012-1129
+ * SECURITY UPDATE: Denial of service via crafted PCF font
+ - debian/patches-freetype/CVE-2012-1130.patch: Allocate enough memory to
+ properly NULL-terminate parsed properties strings. Based on upstream
+ patch.
+ - CVE-2012-1130
+ * SECURITY UPDATE: Denial of service via crafted TrueType font
+ - debian/patches-freetype/CVE-2012-1131.patch: Use appropriate data type to
+ prevent integer truncation on 64 bit systems when rendering fonts. Based
+ on upstream patch.
+ - CVE-2012-1131
+ * SECURITY UPDATE: Denial of service via crafted Type1 font
+ - debian/patches-freetype/CVE-2012-1132.patch: Ensure strings are of
+ appropriate length when loading Type1 fonts. Based on upstream patch.
+ - CVE-2012-1132
+ * SECURITY UPDATE: Denial of service and arbitrary code execution via
+ crafted BDF font
+ - debian/patches-freetype/CVE-2012-1133.patch: Limit range of negative
+ glyph encoding values to prevent invalid array indexes. Based on
+ upstream patch.
+ - CVE-2012-1133
+ * SECURITY UPDATE: Denial of service and arbitrary code execution via
+ crafted Type1 font
+ - debian/patches-freetype/CVE-2012-1134.patch: Enforce a minimum Type1
+ private dictionary size to prevent writing past array bounds. Based on
+ upstream patch.
+ - CVE-2012-1134
+ * SECURITY UPDATE: Denial of service via crafted TrueType font
+ - debian/patches-freetype/CVE-2012-1135.patch: Perform proper bounds
+ checks when interpreting TrueType bytecode. Based on upstream patch.
+ - CVE-2012-1135
+ * SECURITY UPDATE: Denial of service and arbitrary code execution via
+ crafted BDF font
+ - debian/patches-freetype/CVE-2012-1136.patch: Ensure encoding field is
+ defined when parsing glyphs. Based on upstream patch.
+ - CVE-2012-1136
+ * SECURITY UPDATE: Denial of service via crafted BDF font
+ - debian/patches-freetype/CVE-2012-1137.patch: Allocate sufficient number
+ of array elements to prevent reading past array bounds. Based on
+ upstream patch.
+ - CVE-2012-1137
+ * SECURITY UPDATE: Denial of service via crafted TrueType font
+ - debian/patches-freetype/CVE-2012-1138.patch: Correct typo resulting in
+ invalid read from wrong memory location. Based on upstream patch.
+ - CVE-2012-1138
+ * SECURITY UPDATE: Denial of service via crafted BDF font
+ - debian/patches-freetype/CVE-2012-1139.patch: Check array index values to
+ prevent reading invalid memory. Based on upstream patch.
+ - CVE-2012-1139
+ * SECURITY UPDATE: Denial of service via crafted PostScript font
+ - debian/patches-freetype/CVE-2012-1140.patch: Fix off-by-one error in
+ boundary checks. Based on upstream patch.
+ - CVE-2012-1140
+ * SECURITY UPDATE: Denial of service via crafted BDF font
+ - debian/patches-freetype/CVE-2012-1141.patch: Initialize field elements
+ to prevent invalid read. Based on upstream patch.
+ - CVE-2012-1141
+ * SECURITY UPDATE: Denial of service via crafted Windows FNT/FON font
+ - debian/patches-freetype/CVE-2012-1142.patch: Perform input sanitization
+ on first and last character code fields. Based on upstream patch.
+ - CVE-2012-1142
+ * SECURITY UPDATE: Denial of service via crafted font
+ - debian/patches-freetype/CVE-2012-1143.patch: Protect against divide by
+ zero when dealing with 32 bit types. Based on upstream patch.
+ - CVE-2012-1143
+ * SECURITY UPDATE: Denial of service and arbitrary code execution via
+ crafted TrueType font
+ - debian/patches-freetype/CVE-2012-1144.patch: Perform input sanitization
+ on the first glyph outline point value. Based on upstream patch.
+ - CVE-2012-1144
+
+ -- Tyler Hicks Fri, 23 Mar 2012 12:13:46 -0500
+
+freetype (2.4.8-1) unstable; urgency=high
+
+ * New upstream release
+ - upstream fix for CVE-2011-3439. Closes: #649122.
+ - adjust libfreetype6.symbols for a newly-exported function.
+
+ -- Steve Langasek Thu, 17 Nov 2011 22:28:14 +0000
+
+freetype (2.4.7-2) unstable; urgency=low
+
+ * Use dpkg-buildflags through debhelper.
+ * Don't set -Werror in CFLAGS on alpha or m68k, to work around a compiler
+ bug. Closes: #646334.
+
+ -- Steve Langasek Mon, 24 Oct 2011 22:02:32 +0000
+
+freetype (2.4.7-1) unstable; urgency=low
+
+ * New upstream release
+ - upstream fix for CVE-2011-3256. Closes: #646120.
+ - drop debian/patches-freetype/0001-Fix-Savannah-bug-33992.patch,
+ included upstream.
+ * Pass --without-bzip2 to configure, to avoid unwanted dependency on
+ libbz2. Closes: #639638.
+ * Standards-Version 3.9.2.
+
+ -- Steve Langasek Sat, 22 Oct 2011 20:18:59 +0000
+
+freetype (2.4.6-2) unstable; urgency=low
+
+ * debian/patches-freetype/0001-Fix-Savannah-bug-33992.patch: [PATCH]
+ Fix Savannah bug #33992. Thanks to David Bevan
+ . Closes: #638348.
+
+ -- Steve Langasek Sat, 20 Aug 2011 06:30:18 +0000
+
+freetype (2.4.6-1) unstable; urgency=low
+
+ * New upstream release
+ - fixes CVE-2011-0226, a vulnerability in parsing of Type 1 fonts.
+ Closes: #635871.
+ - upstream now builds cleanly with -Werror and the new gcc-4.6 upstream
+ warnings. Closes: #625328.
+
+ -- Steve Langasek Thu, 04 Aug 2011 05:49:09 +0000
+
+freetype (2.4.4-2) unstable; urgency=low
+
+ * Build for multiarch, using debhelper compat 9.
+ * Add Pre-Depends: ${misc:Pre-Depends} to pick up multiarch-support
+ dependency.
+
+ -- Steve Langasek Wed, 22 Jun 2011 14:38:12 -0700
+
+freetype (2.4.4-1) unstable; urgency=low
+
+ * Acknowledge security NMU - thanks, Moritz!
+ * New upstream release, closes: #606286, #600321
+ - fixes PDF rendering issues. Closes: #612484, LP: #709229.
+ - fixes a rendering issue with 'S' glyphs in certain fonts.
+ LP: #654010.
+ - drop patches for CVE-2010-3855 and CVE-2010-3814, applied upstream.
+ - drop patch ft2demos-2.1.7-ftbench.patch; doesn't apply cleanly, the
+ code has changed significantly, patch never forwarded upstream. If
+ this is still an issue, someone will provide a fixed patch.
+ - drop patch ft2demos-grkey.patch, fixed upstream.
+ * debian/patches-freetype/enable-gxvalid-otvalid.patch: enable the
+ otvalid and gxvalid table validation modules. Thanks to Paul Wise
+ . Closes: #520879, LP: #239626.
+ * debian/libfreetype6.symbols: update the symbols file for the same.
+ * debian/rules et al.: convert to dh 7
+ * drop INSTALL.* from the libfreetype6-dev docs. Closes: #550971.
+ * move homepage out of debian/copyright and into debian/control.
+ * fix GPL link to point to GPL-2 explicitly.
+ * clean up long-obsolete conflicts/replaces.
+ * drop debian/README.quilt, redundant with debian/README.source.
+ * drop debian/README.Debian, which talks about the long-finished transition
+ from freetype1.
+ * strip dependency_libs out of /usr/lib/libfreetype.la.
+ * bump standards-version to 3.9.1.
+
+ -- Steve Langasek Mon, 21 Feb 2011 14:10:46 -0800
+
+freetype (2.4.2-2.1) unstable; urgency=medium
+
+ * Non-maintainer upload by the Security Team.
+ * Fix CVE-2010-3855 and CVE-2010-3814 (Closes: #602221)
+
+ -- Moritz Muehlenhoff Thu, 18 Nov 2010 21:16:12 +0100
+
+freetype (2.4.2-2) unstable; urgency=low
+
+ * debian/patches-ft2demos/f2tdemos-grkey.patch: update to fix another
+ problem when building under gcc-4.5 that was overlooked in the previous
+ version of the patch. LP: #624740.
+
+ -- Steve Langasek Sat, 28 Aug 2010 02:27:15 +0000
+
+freetype (2.4.2-1) unstable; urgency=high
+
+ * New upstream release
+ - High urgency upload for RC security bugfix.
+ - Corrects a stack overflow in the interpreter for CFF fonts
+ (CVE-2010-1797). Closes: #592399.
+ - drop debian/patches-freetype/opentype-missing-glyphs, included
+ upstream.
+ * Update libfreetype6.symbols for two new functions.
+
+ -- Steve Langasek Tue, 10 Aug 2010 00:19:04 -0700
+
+freetype (2.4.0-2) unstable; urgency=medium
+
+ * debian/patches-freetype/opentype-missing-glyphs: fix from upstream for
+ glyphs from OpenType fonts failing to render. Closes: #589256,
+ LP: #605858.
+ * Medium-urgency upload to fix important regression.
+
+ -- Steve Langasek Fri, 16 Jul 2010 12:37:03 -0700
+
+freetype (2.4.0-1) unstable; urgency=high
+
+ * New upstream release (closes: #572576).
+ - fixes CVE-2010-2497, CVE-2010-2498, CVE-2010-2499, CVE-2010-2500,
+ CVE-2010-2519, and CVE-2010-2520
+ - high-urgency upload for security bugfixes.
+ - drop debian/patches-freetype/freetype-bytecode-interpreter.patch and
+ debian/patches-freetype/enable-full-bytecode-interpreter - the
+ bytecode interpreter is now enabled by default upstream at last!
+ - drop debian/patches-freetype/freetype-bdflib-large-encodings.patch and
+ debian/patches-freetype/uninitialized-vars.patch, applied upstream.
+ - drop debian/patches-freetype/331-hmtx-no-shorts.diff, implemented
+ differently upstream.
+ - new symbol FT_Library_SetLcdFilterWeights added to the symbols table,
+ bump the shlibs.
+ - fixes problem with outlines for some OpenType fonts. Closes; #583868.
+ * Add a debian/watch file - though we won't use it internally due to the
+ multiple tarball issues.
+ * Begin to simplify debian/rules a little by trimming dead code.
+ * Don't set SHELL = /bin/bash in debian/rules, no bashisms found in
+ the current package.
+ * debian/patches/ft2demos-grkey.patch: don't point grKEY() at an enum when
+ it's being passed values that aren't defined in that enum, fixing a build
+ failure with gcc 4.5. Thanks to Brian M. Carlson for the preliminary
+ patch. Closes: #564989.
+ * docs/PATENTS no longer exists, so we don't install it.
+ * Add ${misc:Depends} substitutions to all packages, per lintian.
+ * Standards-Version to 3.8.4, no changes required.
+ * Clarify in debian/copyright that freetype can be used under GPLv2 or
+ later.
+
+ -- Steve Langasek Tue, 13 Jul 2010 17:09:32 -0700
+
+freetype (2.3.11-1) unstable; urgency=low
+
+ * New upstream release
+ - drop debian/patches-freetype/proper-armel-asm-declaration.patch and
+ debian/patches-freetype/CVE-2009-0946.patch, applied upstream.
+ - new symbol tt_cmap13_class_rec added to the symbols table, bump the
+ shlibs.
+
+ -- Steve Langasek Mon, 12 Oct 2009 14:14:49 -0700
+
+freetype (2.3.9-5) unstable; urgency=low
+
+ * Pass proper --host/--build args to ./configure, to support
+ cross-building. Closes: #465292.
+ * clean up a number of unused variables in debian/rules; maybe someday
+ we'll get this package to converge on debhelper 7... :)
+ * Fix the doc-base section for libfreetype6-dev. Closes: #315845.
+ * Remove one final reference to /usr/X11R6 in debian/rules.
+ * Drop incorrect Replaces: freetype0, freetype1
+ * Add debian/README.source, documenting the madness that is this source
+ package.
+ * Standards-Version to 3.8.0.
+ * Fix multiple integer overflows leading to arbitrary code execution
+ or DoS (CVE-2009-0946; Closes: #524925). Thanks to Nico Golde for the
+ NMU.
+
+ -- Steve Langasek Mon, 01 Jun 2009 04:37:19 -0700
+
+freetype (2.3.9-4) unstable; urgency=low
+
+ * debian/patches-ft2demos/compiler-hardening-fixes.patch: always check the
+ return value of fread(), to appease hardened compilers such as what's
+ used in Ubuntu by default. Set a good example, even if these demos
+ shouldn't be security-sensitive! Also, along the way catch and fix a
+ small memory leak on error. :)
+ * debian/patches-freetype/proper-armel-asm-declaration.patch: use __asm__
+ for declaring assembly instead of asm, fixing a build failure on armel.
+
+ -- Steve Langasek Sat, 14 Mar 2009 14:35:23 -0700
+
+freetype (2.3.9-3) unstable; urgency=low
+
+ * Drop spurious Suggests: on libfreetype6-dev. Closes: #363937.
+ * debian/patches-freetype/enable-subpixel-rendering.patch: enable subpixel
+ rendering features, used by libcairo and xft to provide LCD colour
+ filtering. This is considered no more or less evil than the bytecode
+ interpreter which we also enable.
+ * Move debian/libfreetype6.copyright to debian/copyright, and selectively
+ install it to the single binary package in debian/rules; the same
+ copyright file is used for all the binaries anyway via symlinks, so
+ there's no reason it shouldn't ship as debian/copyright.
+ Closes: #381228.
+ * Clip redundant LICENSE.TXT and GPL.TXT files from the
+ libfreetype6-dev package. Closes: #459802.
+
+ -- Steve Langasek Fri, 13 Mar 2009 23:09:50 -0700
+
+freetype (2.3.9-2) unstable; urgency=low
+
+ * debian/rules: bump the shlibs version, since 2.3.9 introduces a handful
+ of new symbols
+ * debian/libfreetype6.symbols: add a new symbols file, which should cause
+ most packages to have relaxed dependencies of libfreetype6 now.
+
+ -- Steve Langasek Fri, 13 Mar 2009 16:57:23 -0700
+
+freetype (2.3.9-1) unstable; urgency=low
+
+ * New upstream version; closes: #519168.
+ * fixes a SIGFPE in evince when displaying some PDFs. Closes: #494350,
+ LP: #277294.
+ * fix a rendering issue with embedded Myriad_Pro fonts in some PDFs.
+ LP: #330438.
+ * fix a rendering issue with some glyphs not rendering in PDFs when
+ an embedded font uses CID 0. LP: #252250.
+ * drop patches-freetype/no-segfault-on-load_mac_face, included
+ upstream.
+ * patches-ft2demos/ft2demos-2.1.7-ftbench.patch: drop unused
+ patch chunk
+ * fix up the get-orig-source target to autodetect the upstream version
+ using the changelog by default.
+
+ -- Steve Langasek Fri, 13 Mar 2009 01:07:28 -0700
+
+freetype (2.3.7-2) unstable; urgency=high
+
+ * High-urgency upload for RC bugfix.
+ * Add debian/patches-freetype/no-segfault-on-load_mac_face, patch from
+ upstream to fix a segfault due to uninitialized memory in certain
+ failures of FT_Stream_New. Closes: #487101.
+
+ -- Steve Langasek Thu, 21 Aug 2008 12:09:17 -0700
+
+freetype (2.3.7-1) unstable; urgency=low
+
+ * New upstream release
+ * Add a new get-orig-source rule to handle downloading & packing the bits
+ for us
+ * Build-depend on x11proto-core-dev instead of the obsolete x-dev.
+ * Unset DH_VERBOSE when redirecting the output of dh_shlibdeps,
+ otherwise the substvars are kinda messed up.
+ * Fix a typo that caused debhelper log junk to be dumped into /usr.
+ * Replace ${Source-Version} with ${binary:Version} in debian/control.
+ * Don't install useless copies of /usr/share/doc/libfreetype6 in the
+ other packages, the symlink is all we need.
+
+ -- Steve Langasek Mon, 30 Jun 2008 17:57:56 -0700
+
+freetype (2.3.6-1) unstable; urgency=low
+
+ * New upstream release
+ - Fixes multiple vulnerabilities in the PFB font parser (CVE-2008-1806,
+ CVE-2008-1807, CVE-2008-1808). Closes: #485841.
+ * Fix some very bizarre quoting of $CFLAGS in debian/rules
+
+ -- Steve Langasek Sun, 15 Jun 2008 23:52:53 -0700
+
+freetype (2.3.5-1) unstable; urgency=low
+
+ * New upstream release
+ - Drop patches 374902-composite-glyphs, CVE-2006-3467_pcf-strlen,
+ and CVE-2007-2754_ttgload, merged upstream.
+ - Bump the shlibs to 2.3.5 for new symbols.
+
+ -- Steve Langasek Sat, 07 Jul 2007 00:19:30 -0700
+
+freetype (2.2.1-6) unstable; urgency=high
+
+ * High-urgency upload for security fix.
+ * Remove spurious patch file from the package diff, sigh.
+ * Add debian/patches-freetype/CVE-2007-2754_ttgfload to address
+ CVE-2007-2754, a bug allowing execution of arbitrary code via a crafted
+ TTF image by way of an integer overflow. Closes: #425625.
+
+ -- Steve Langasek Wed, 23 May 2007 03:26:25 -0700
+
+freetype (2.2.1-5) unstable; urgency=high
+
+ * High-urgency upload for RC bugfix.
+ * Add debian/patches-freetype/CVE-2006-3467_pcf-strlen.patch to
+ address CVE-2006-3467, a missing string length check in PCF files that
+ leads to a possibly exploitable integer overflow. Thanks to Martin
+ Pitt for the patch. Closes: #379920.
+
+ -- Steve Langasek Tue, 12 Sep 2006 15:04:42 -0700
+
+freetype (2.2.1-4) unstable; urgency=low
+
+ * Drop libfreetype6.postinst code for cleaning up /usr/X11R6/lib;
+ whatever version it applied to is pre-sarge, and this code is
+ sufficiently blunt that I don't think it should be kept around.
+ Closes: #386379.
+
+ -- Steve Langasek Fri, 8 Sep 2006 13:35:30 -0700
+
+freetype (2.2.1-3) unstable; urgency=low
+
+ * Apply patch from Eugeniy Meshcheryakov , applied
+ upstream, to fix bug in rendering of composite glyphs.
+ Closes: #374902.
+
+ -- Steve Langasek Sun, 3 Sep 2006 04:21:43 -0500
+
+freetype (2.2.1-2) unstable; urgency=low
+
+ * Enable full bytecode interpreter instead of just the
+ "non-patented portions".
+ * Use $(CURDIR) instead of $(PWD) to build with sudo. Closes: #367579.
+
+ -- Keith Packard Wed, 17 May 2006 00:00:35 -0500
+
+freetype (2.2.1-1) unstable; urgency=low
+
+ * New upstream release
+ - Supersedes patches freetype-2.1.10-cvsfixes.patch,
+ freetype-2.1.10-fixaliasing.patch, freetype-2.1.10-fixautofit.patch,
+ freetype-2.1.10-fixkerning.patch, freetype-2.1.10-memleak.patch,
+ freetype-2.1.10-xorgfix.patch
+
+ -- Steve Langasek Sat, 13 May 2006 13:57:54 -0700
+
+freetype (2.2~rc4-1) unstable; urgency=low
+
+ * New upstream release
+ - this version should restore binary compatibility with version
+ 2.1.7. Closes: #314385.
+ - use the old ft2demos and freetype-docs for now; patch ft2demos
+ (temporarily only!) to still use the internal headers, which are
+ now no longer exported as part of the API
+ * Patch to handle empty short metrics, as seen in BitStream Vera.
+ * Bump shlibs to 2.2~rc4-1. Closes: #316031.
+ * Replace debian/rules patch handling with quilt; thanks to Jurij
+ Smakov for the patch.
+
+ -- Steve Langasek Sat, 4 Mar 2006 22:06:38 -0800
+
+freetype (2.1.10-3) unstable; urgency=low
+
+ * Removed freetype-2.1.10-fixaliasing.patch to restore proper sub-pixel
+ anti-aliased hinted rendering. Thanks to Michael Biebl for reporting
+ the bug. I was able to reproduce the bug setting gnome-font-properties
+ to: 96 dpi, sub-pixel anti-aliasing, full hinting, with Bitstream Vera
+ Sans Roman 11 as desktop font. (Closes: Bug#359104)
+ * Added more fixes to debian/patches/freetype-2.1.10-cvsfixes.patch:
+ * 2006-03-27 David Turner
+ * src/sfnt/ttkern.c (tt_face_get_kerning): Fix a serious bug that
+ causes some programs to go into an infinite loop when dealing with
+ fonts that don't have a properly sorted kerning sub-table.
+ * 2006-03-21 Zhe Su
+ * src/base/ftoutln.c (FT_Outline_Get_Orientation): Improve algorithm.
+ This is to prevent certain emboldened and hinted glyphs from becoming
+ "weird". See https://bugzilla.novell.com/show_bug.cgi?id=158573
+ for details.
+ * Oops, I inadvertently set the shlibs dependency to (>= 2.1.10-1)
+ in 2.1.10-2. Reverted to (>= 2.1.5-1).
+
+ -- Anthony Fok Fri, 31 Mar 2006 04:11:27 +0800
+
+freetype (2.1.10-2) unstable; urgency=low
+
+ * Will Newton has agreed to let Steve Langasek adopt the package.
+ Therefore, I have taken the liberty to set the Maintainer field
+ to Steve, and to add myself as an uploader. :-) (See Bug#351821)
+
+ * Acknowledge NMUs by Frans Pop (shlibs for udeb, Closes: Bug#355939)
+ and by Joey Hess (xlibs-dev removal, Closes: Bug#346706).
+ Thank you all!
+
+ * Merge fixes from 2.1.10-1ubuntu1 (Many thanks!):
+ * Patches for Malone #5560.
+ [debian/patches/freetype-2.1.10-cvsfixes.patch]:
+ - various fixes (mostly embolding which caused characters to
+ slant upward, most evident for CJK users in KDE and icewm.
+ (Closes: Bug#356495, Bug#356854)
+ [debian/patches/freetype-2.1.10-xorgfix.patch]:
+ - put back internal API used by xorg-x11
+ [debian/patches/freetype-2.1.10-fixautofit.patch]:
+ - fix autofit render setup
+ [debian/patches/freetype-2.1.10-memleak.patch]:
+ - fix memleak
+ [debian/patches/freetype-2.1.10-fixkerning.patch]:
+ - fix disabled kerning
+ [debian/patches/freetype-2.1.10-fixaliasing.patch]:
+ - fix anti-aliasing rendering
+ * Changes by Jun Kobayashi
+ -- Jonathan Riddell Mon, 16 Jan 2006 17:45:50 +0900
+
+ -- Anthony Fok Sat, 25 Mar 2006 13:03:09 +0800
+
+freetype (2.1.10-1.2) unstable; urgency=low
+
+ * Non Maintainer Upload (closes: #355939)
+ * Add support for udeb dependency resolution in shlibs file
+ * Simplify debian/rules by making use of udeb support in debhelper
+ * Update debhelper compatibility to level 5
+
+ -- Frans Pop Sat, 18 Mar 2006 17:07:46 +0100
+
+freetype (2.1.10-1.1) unstable; urgency=low
+
+ * NMU
+ * Patch from Ben Hutchings for xlibs-dev transition. Closes: #346706
+
+ -- Joey Hess Sun, 5 Mar 2006 20:31:17 -0500
+
+freetype (2.1.10-1) unstable; urgency=low
+
+ * New upstream (Closes: #298660, #245532).
+ * New maintainer, co-maintainer required!
+ * Disable CJK autohinting patch due to incompatability with this version
+ of freetype.
+ * Remove some very old unapplied patches.
+ * Add freetype-config.1 manpage.
+ * Add doc-base file for development docs. (Closes: #280827)
+ * Fix build with non-default umask. (Closes: #307464, #166511)
+ * Patch merged upstream. (Closes: #252673)
+ * Acknowledge NMUS.
+ (Closes: #221597, #225119, #226380, #249443, #251473, #302269, #259875)
+
+ -- Will Newton Mon, 13 Jun 2005 00:44:29 +0100
+
+freetype (2.1.9-1) unstable; urgency=low
+
+ * New upstream.
+
+ -- Will Newton Sat, 28 May 2005 14:49:00 +0100
+
+freetype (2.1.7-2.4) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * freetype-2.1.7/src/bdf/bdflib.c: When a glyph has zero width or height,
+ a bitmap is not actually allocated for it, but the code used to try to
+ use it anyway. Now it no longer does that. Fix by Steve Langasek,
+ based on something I did earlier. Added
+ debian/patches/300-bdflib-zero-width-glyphs.diff. Closes: #302269
+ (Segmentation fault with certain bdf fonts).
+ * freetype-2.1.7/src/bdf/bdflib.c: BDF font files with glyphs with an
+ encoding value of at least 65536 would overflow the bitmap with
+ 65536 bits which bdflib.c uses to keep track of whether it has seen
+ an encoding already. Changed things so that encodings above the
+ limit cause an error code to be returned instead of a segfault
+ happening. Ideally, the bitmap should be replaced with a more
+ compact representation, but that is too big a change for something
+ this small. I will, however, only lower the severity of the bug
+ (305413) to normal, instead of marking it fixed. Added
+ debian/patches/300-bdflib-large-encodings.diff.
+
+ -- Lars Wirzenius Sun, 24 Apr 2005 15:42:00 +0300
+
+freetype (2.1.7-2.3) unstable; urgency=low
+
+ * NMU
+ * debian/patches/090-freetype-2.1.7-normalize-fix.diff: Patch
+ by David Mossberger. Backport from freetype2 CVS that fixes an
+ off-by-order-of-magnitude performance issue in the normalization code.
+ (Closes: #259875)
+
+ -- dann frazier Mon, 08 Nov 2004 19:06:57 -0700
+
+freetype (2.1.7-2.2) unstable; urgency=low
+
+ * NMU
+ * debian/patches/080-freetype-2.1.7-backwards-compat.diff: Patch
+ by Shaun Jackman, integration by Thom May. Fixes backwards
+ compatibility (Closes: #251473)
+
+ -- Frank Lichtenheld Fri, 6 Aug 2004 01:03:36 +0200
+
+freetype (2.1.7-2.1) unstable; urgency=medium
+
+ * NMU
+ * [debian/patches/patches/t1load-eexec.diff, debian/rules] Patch from
+ upstream CVS
+ (http://cvs.freetype.org/cgi-bin/viewcvs.cgi/freetype2/src/type1/t1load.c.diff?r1=text&tr2=1.89&tr1=1.88&r2=text&diff_format=u)
+ to fix hanging gpdf processes. (Closes: #249443, #233255)
+
+ -- J.H.M. Dassen (Ray) Fri, 4 Jun 2004 18:56:41 +0200
+
+freetype (2.1.7-2) unstable; urgency=low
+
+ * Acknowledging 2.1.7-1.1. Many thanks to David Mosberger-Tang and
+ fellow Debian developer J.H.M. Dassen (Ray) for fixing the
+ gnumeric and abiword crashing problem on powerpc and ia64
+ by compiling with -fno-strict-aliasing. Will report upstream.
+ * Applied Akito Hirai's freetype-2.1.7-autohint-cjkfonts-20031130.patch.
+ Thanks to Firefly's detailed testing and development, and to Shuke
+ (Fan Xiaoju) and Tetralet for building unofficial debs. :-)
+ - http://firefly.idv.tw/test/Forum.php?Board=1&Article=72498077a4859413781ed6885760caa7&Func=view&History=0
+ - http://www.linuxfans.org/nuke/modules.php?name=Forums&file=viewtopic&t=51830
+ * Converted changelog.Debian.gz to UTF-8.
+ * Removed /usr/share/doc/libfreetype6/reference/.cvsignore.
+
+ -- Anthony Fok Sat, 24 Jan 2004 08:00:31 +0800
+
+freetype (2.1.7-1.1) unstable; urgency=high
+
+ * NMU
+ * [debian/control] Applied patch by David Mosberger-Tang
+ to compile -fno-strict-aliasing. Freetype
+ is apparently known to be unsafe for strict-aliasing rules defined
+ by ANSI (and the compiler configuration files in the upstream
+ source package itself reflect that), which caused crashes on ia64
+ and powerpc. This patch has been confirmed to fix the gnumeric and
+ abiword crashes on powerpc. (Closes: #221597, #225119, #226380).
+
+ -- J.H.M. Dassen (Ray) Tue, 6 Jan 2004 11:35:55 +0100
+
+freetype (2.1.7-1) unstable; urgency=low
+
+ * New upstream version.
+
+ -- Anthony Fok Sat, 15 Nov 2003 00:49:55 +0800
+
+freetype (2.1.5-3) unstable; urgency=high
+
+ * debian/patches/freetype-2.1.5-type1-crash.diff: prevents
+ crashes when opening Type1 fonts with PaintType != 0 or
+ StrokeWidth != 0, exhibited with e.g. Hershey fonts in gsfonts-other.
+ Many thanks to Josselin Mouette (Debian fontconfig maintainer) for
+ analysis and patch! (Closes: Bug#216605, #216649, #216761)
+ * FTC_SBit_Cache_Lookup() exhibits a bug in ah_hinter_load_glyph
+ where FT_Render_Glyph may be called twice under some circumstances.
+ Many thanks to Ralf for reporting and upstream author Werner Lemberg
+ for fixing the bug. (Closes: Bug#213232, #208943, #209715)
+ * Added Conflicts: xpdf-reader (<< 1.00-4) to avoid problems with users
+ upgrading from Debian 3.0. Thanks to Adrian Bunk for the bug report.
+ (Partially fixes Bug#214732)
+
+ -- Anthony Fok Wed, 22 Oct 2003 10:58:14 +0800
+
+freetype (2.1.5-2) unstable; urgency=low
+
+ * Added patch by David Bevan ([devel] 2003-09-19) to fix read_pfb_tag()
+ so it does not fail on end-of-file indicated (0x8003).
+ * Do not install the irrelevant docs/reference/README. (Closes: Bug#211755)
+
+ -- Anthony Fok Sun, 21 Sep 2003 01:35:44 +0800
+
+freetype (2.1.5-1) unstable; urgency=low
+
+ * New upstream official 2.1.5 release. (ftdocs is still 2.1.4.)
+ * Set libfreetype6-udeb to Priority: extra to fix override disparity.
+
+ -- Anthony Fok Tue, 16 Sep 2003 23:43:48 +0800
+
+freetype (2.1.4-5) unstable; urgency=low
+
+ * CVS updates as of 2003-08-18. Upstream has restored binary
+ compatibility with the FreeType 2.1.4 and previous releases.
+ * Applied patch by Mike Fabian (2003-08-27): check bdf properties
+ WEIGHT_NAME and SLANT case insensitively. Many thanks! :-)
+ * Reversed YAMANO-UCHI Hidetoshi's 2003-06-13 change to ft2demos
+ graph/x11/rules.mk; Debian shys away from setting rpath.
+
+ -- Anthony Fok Thu, 28 Aug 2003 02:10:29 +0800
+
+freetype (2.1.4-4) unstable; urgency=low
+
+ * CVS updates as of 2003-06-07 with many fixes, including:
+ - Werner Lemberg has fixed the problem FreeType 2 had with
+ HuaTian multiple-level subglyphs fonts like htst3.ttf.
+ Many thanks! :-)
+ * TT_CONFIG_OPTION_FORCE_UNPATENTED_HINTING is left undefined for now.
+ (MS web core fonts like MonoType Arial would become distorted.)
+ * Disable Firefly's GRAYS_USE_GAMMA patch for now: I have received
+ several bug reports about "ugly fonts" or jaggies already, and I am
+ not sure whether it is due to the adjusted gamma values or
+ the new unpatented hinting in CVS. Let's see what happens. :-)
+ (Closes: Bug#196029, #196048, #196086)
+ * Yikes, Werner's number to pointer changes broke binary compatibility
+ with XFree86 4.3.0. I hope the patch
+ 100-freetype-2.1.4-CVS-int-fixed_p-incompatibility.diff
+ correctly reverts the problem. My apologies to the Debian XFree86
+ for my oversight.
+ * FreeType 2.1.4 was unable to read some gzip'ed fonts Many thanks to
+ "Alexis S. L. Carvalho" for diagnosing and
+ correcting the problem. (Closes: Bug#184355)
+ * Note to self: Debian's file/libmagic1 (4.02-4) misdetects
+ libfreetype.so.6.3.3 as "Linux/i386 core" file on i386 platforms.
+
+ -- Anthony Fok Sun, 8 Jun 2003 13:42:26 +0800
+
+freetype (2.1.4-3) unstable; urgency=low
+
+ * CVS updates as of 2003-06-01:
+ - Removed my 010-ft2demos-2.1.4-ucs4.diff and
+ Akito's 011-freetype-2.1.4-ttcmap4.diff: already applied upstream.
+ * [ftoption.h] Enabled Graham Asher's unpatented hinting:
+ #define TT_CONFIG_OPTION_BYTECODE_INTERPRETER
+ #define TT_CONFIG_OPTION_COMPILE_UNPATENTED_HINTING
+ Many thanks to Graham Asher and Artifex for their contribution!
+ * Temporary disable Akito Hirai's CJK autohinting enhancement: it
+ currently does not apply cleanly to FreeType CVS.
+ * [libfreetype6-dev.files]: Added usr/lib/pkgconfig/ for freetype2.pc.
+ * Added Firefly's patch to #define GRAYS_USE_GAMMA with finetune.
+
+ -- Anthony Fok Tue, 3 Jun 2003 02:54:40 +0800
+
+freetype (2.1.4-2) unstable; urgency=low
+
+ * Applied CVS fixes as of 2003-04-09.
+ * Applied freetype-2.1.3-ttcmap4.patch by Akito Hirai to handle buggy
+ Unicode CMap (cmap4) in CJK Dyna fonts.
+ * Applied Akito Hirai's autohinting enhancement for CJK fonts (2003-04-16).
+
+ -- Anthony Fok Mon, 21 Apr 2003 01:48:07 +0800
+
+freetype (2.1.4-1) unstable; urgency=low
+
+ * New upstream release.
+ * The Section for libfreetype6-dev has been changed from devel to libdevel.
+
+ -- Anthony Fok Tue, 8 Apr 2003 23:28:21 +0800
+
+freetype (2.1.3+2.1.4rc2-5) unstable; urgency=low
+
+ * FreeType 2.1.4 release candidate as of 2003-03-27.
+ * The rounding code in FT_Set_Char_Size() has been changed slightly
+ from 2.1.3+2.1.4rc2-4. Please test to see if native TrueType hinting
+ (with bytecode interpreter) still looks good. Thanks!
+ * Fine-tuned font->num_indices in ft2demos/src/ftcommon.i by encoding.
+
+ -- Anthony Fok Mon, 31 Mar 2003 03:47:29 +0800
+
+freetype (2.1.3+2.1.4rc2-4) unstable; urgency=low
+
+ * FreeType 2.1.4rc2 with CVS update as of 2003-03-20.
+ * More rounding fixes from Artur Zaprzala.
+ * Reverted FT_Set_Char_Size() to forced rounding as before. This is
+ a temporary measure to get bytecode-interpreter hinted fonts display
+ properly.
+
+ -- Anthony Fok Tue, 25 Mar 2003 01:34:15 +0800
+
+freetype (2.1.3+2.1.4rc2-3) unstable; urgency=medium
+
+ * The "Welcome to the world, Lucie Turner!" release. :-)
+ * FreeType 2.1.4rc2 with CVS update as of 2003-03-15.
+ * Upstream author David Turner has fixed src/truetype/ttdriver.c
+ (Set_Char_Sizes) rounding issues. The fonts on the screen should
+ look good as before now. (Closes: Bug#181938, #183794, #182674)
+
+ -- Anthony Fok Sun, 16 Mar 2003 00:05:22 +0800
+
+freetype (2.1.3+2.1.4rc2-2) unstable; urgency=medium
+
+ * Reversed upstream author's 2003-02-25 patch on ttdriver.c:
+ - src/truetype/ttdriver.c (Set_Char_Sizes): fixed a rounding bug when
+ computing the scale factors for a given character size in points with
+ resolution.
+
+ Not sure what how undoing this would affect autohinting, but at least
+ rendering with bytecode interpreter is back to normal. :-)
+ (Follow-up: Bug#181938, #183794, #182674, etc.)
+
+ * Tests with David Chester's suggested patches, e.g. symmetric "m".
+
+ * Added a fix for double free in the embedded bitmap code in freetype.
+ The bug was crashing OpenOffice.org. Thanks to Mandrake's Gwenole
+ Beauchesne for his suggested fix! (Follow-up: Bug#183272)
+
+ -- Anthony Fok Thu, 13 Mar 2003 00:51:09 +0800
+
+freetype (2.1.3+2.1.4rc2-1) unstable; urgency=low
+
+ * FreeType 2.1.4rc2 with CVS update as of 2003-02-28:
+ - ft_gzip_file_done memory leak fix. (May fix #175889, #176138)
+ - scaling round-off error fix. May fix #182674, #181938.
+ - infinite loop fix in ftgzip.c. (Closes: Bug#177439)
+ * libfreetype6.postinst: Remove /usr/X11R6/lib/libfreetype.so* leftover
+ by some old version of XFree86 package.
+ * Added libfreetype6-udeb for the GTK frontend of the debian-installer.
+ Many thanks to Sebastian Ley for providing the appropriate patch!
+ (Closes: Bug#182208)
+ * freetype2-demos now depends on the exact version of libfreetype6.
+ (Closes: Bug#151233)
+
+ -- Anthony Fok Wed, 5 Mar 2003 02:21:46 +0800
+
+freetype (2.1.3-10) unstable; urgency=low
+
+ * FreeType 2.1.4rc1 with CVS update as of 2003-02-18. (Closes: Bug#179450)
+ * Made 008-freetype-2.1.4rc1-ftccmap-ucs4.patch:
+ ftc_cmap_family_init() now, like find_unicode_charmap() in ftobjs.c,
+ favours UCS-4 charmap if there is one.
+ * Made 009-freetype-2.1.4rc1-typo.patch:
+ Minor typographical fixes, e.g. asian -> Asian.
+ * Made 010-ft2demos-2.1.4rc1-ucs4.patch:
+ Let ft2demos handle up to U+10FFFF.
+
+ -- Anthony Fok Fri, 21 Feb 2003 02:59:12 +0800
+
+freetype (2.1.3-9) unstable; urgency=low
+
+ * Backed out David Turner's modified bluescale implementation (2.1.3-8)
+ and put back David Chester's original patch (2.1.3-7) until rendering
+ with bytecode interpreter turned on is improved. (See Bug#179450)
+
+ -- Anthony Fok Mon, 3 Feb 2003 03:44:56 +0800
+
+freetype (2.1.3-8) unstable; urgency=low
+
+ * CVS update as of 2003-01-31. David Chester's bluescale patch is now
+ implemented upstream. Also, the excessive debug messages in 2.1.3-7
+ should be gone now.
+
+ -- Anthony Fok Sat, 1 Feb 2003 16:19:44 +0800
+
+freetype (2.1.3-7) unstable; urgency=low
+
+ * CVS update as of 2003-01-22.
+ * Added David Chester's latest bluescale2 patch. (2003-01-23 on the
+ FreeType devel mailing list.)
+
+ -- Anthony Fok Sat, 25 Jan 2003 02:16:52 +0800
+
+freetype (2.1.3-6) unstable; urgency=low
+
+ * Oops, forgot to run aclocal as "aclocal -I ." to search for
+ ft-munmap.m4. Thanks to Werner Lemberg for the note.
+
+ -- Anthony Fok Sat, 18 Jan 2003 22:45:19 +0800
+
+freetype (2.1.3-5) unstable; urgency=low
+
+ * CVS update as of 2003-01-17.
+ * Added a patch to relax table.Length checking because some buggy software
+ pads it to a multiple of 4 bytes.
+ (007-freetype-2.1.3-ttload-table-length.patch)
+ * Updated to latest libtool and regenerate configure so it builds properly
+ on mips/mipsel. Thanks to Ryan Murray for reporting the issue.
+ Also forwarded upstream. (Closes: Bug#176044)
+
+ -- Anthony Fok Fri, 17 Jan 2003 07:52:25 +0800
+
+freetype (2.1.3-4) unstable; urgency=high
+
+ * Oops, forgot to add the corresponding Depends: zlib1g-dev | libz-dev
+ to libfreetype6-dev. Fixed. Thanks to Colin Walters for the reminder!
+ (Closes: Bug#174019)
+
+ -- Anthony Fok Mon, 23 Dec 2002 12:51:41 +0800
+
+freetype (2.1.3-3) unstable; urgency=high
+
+ * With the previous CVS update, configure.ac was revised, but autoconf
+ was not run, leading to an unsubstituted @LIBZ@ in freetype-config.
+ My apologies for the problems it caused. (Closes: Bug#173834)
+ * Patched configure.ac and unix-cc.in to set LDFLAGS=-lz and to ensure
+ that libfreetype.so.* is explicitly linked with zlib.
+ * Added Build-Dependency: libz-dev, autoconf. (Note to self: remove
+ autoconf later.)
+
+ -- Anthony Fok Sun, 22 Dec 2002 06:03:03 +0800
+
+freetype (2.1.3-2) unstable; urgency=low
+
+ * CVS updates as of 2002-12-18.
+
+ -- Anthony Fok Sat, 21 Dec 2002 01:28:23 +0800
+
+freetype (2.1.3-1) unstable; urgency=low
+
+ * New upstream release.
+ * Revised my freetype-2.1.3-ttgload-monospace-halfwidth.patch to use
+ 52% as the threshold.
+ * New version supports gzipped PCF fonts. (Closes: Bug#163207)
+
+ -- Anthony Fok Mon, 9 Dec 2002 01:36:21 +0800
+
+freetype (2.1.2-10) unstable; urgency=low
+
+ * Turning back on the bytecode interpreter. Too tired to care now.
+ May turn it off again when Xft2 and fontconfig are in Debian.
+ * Removed libkpathsea-dev build-dependency. It was used for the the
+ FreeType 1 contributed tools, but those tools were not yet ported
+ to FreeType 2. Also removed the 'debian/\' file. Thanks to
+ P. Doblerman for the bug report. (Closes: Bug#166064)
+
+ -- Anthony Fok Thu, 24 Oct 2002 10:17:18 +0800
+
+freetype (2.1.2-9) unstable; urgency=medium
+
+ * By popular demand, disabled the ft-slight patch. Let's see what happens.
+ (Closes: Bug#164477)
+
+ -- Anthony Fok Thu, 17 Oct 2002 23:37:36 +0800
+
+freetype (2.1.2-8) unstable; urgency=low
+
+ * CVS updates as of 2002-10-07
+ * Applied David Chester's ft-slight patch. Thanks to Roger So for the
+ suggestion. (Closes: Bug#163900)
+ * Turned off the bytecode interpreter.
+
+ -- Anthony Fok Fri, 11 Oct 2002 02:00:18 +0800
+
+freetype (2.1.2-7) unstable; urgency=medium
+
+ * CVS updates as of 2002-09-25
+ * Revised ftbench.c to count by num_charcodes (cmap entries) instead of
+ face->num_glyphs.
+ * Oops, I forgot to uncomment dh_strip after a debug session!
+ Thanks to Daniel Burrows for catching this! (Closes: Bug#162346)
+
+ -- Anthony Fok Thu, 26 Sep 2002 15:46:31 +0800
+
+freetype (2.1.2-6) unstable; urgency=medium
+
+ * CVS updates as of 2002-09-21 (after VER-2-1-3-RC2)
+ * Backported patches that I made for Thiz Linux, as listed below.
+ * Do not force horizontal.advance_Width_Max even when
+ postscript.isFixedPitch is true so that the ASCII characters in some
+ CJK fonts are displayed correctly.
+ * Revised my CMap4 patch to take care of tt_cmap4_char_index() and
+ tt_cmap4_char_next() too. (Closes: Bug#161933)
+ * ftbench allocates face->num_glyphs, but number of codepoints read
+ from CMap4 may be more, causing it to segfault with opens___.ttf.
+ Fixed.
+
+ -- Anthony Fok Wed, 25 Sep 2002 09:45:14 +0800
+
+freetype (2.1.2-5) unstable; urgency=high
+
+ * CVS updates as of 2002-09-05
+ * Fixed some typos in ftimage.h introduced in VER-2-1-3-RC1,
+ e.g. s/zft_outline_reverse_fill/ft_outline_reverse_fill/
+ so that gnome-print may be built properly. Thanks to
+ Rick Younie, Christian Marillat and Kalle Olavi Niemitalo
+ for the bug report. (Closes: Bug#159806)
+
+ -- Anthony Fok Sun, 8 Sep 2002 23:18:29 +0800
+
+freetype (2.1.2-4) unstable; urgency=high
+
+ * s/FT_ENCODING_SYMBOL/FT_ENCODING_MS_SYMBOL/ (typo) in freetype.h .
+ Thanks to Branden Robinson for tracking down the error.
+ (Closes: Bug#159375)
+
+ -- Anthony Fok Tue, 3 Sep 2002 11:35:42 +0800
+
+freetype (2.1.2-3) unstable; urgency=low
+
+ * CVS updates as of 2002-08-29 (around VER-2-1-3-RC1)
+ * Make FreeType less strict when some slightly buggy fonts set
+ the CMap format 4 last segment idRangeOffset to 0xFFFF.
+ Thanks to Werner Lemberg and George Williams for pinpointing the bug.
+ (Fixes: Bug#150678, #155864)
+
+ -- Anthony Fok Mon, 2 Sep 2002 05:53:48 +0800
+
+freetype (2.1.2-2) unstable; urgency=low
+
+ * Added CVS updates as of 2002-08-06.
+ * Werner Lemberg (one of the upstream authors) has fixed TTC reading
+ problem. Thanks to Kenshi Muto and Ishikawa Mutsumi for the report.
+ (Closes: Bug#154221)
+ * An extraneous /usr/X11R6/lib/libfreetype.so (not from this package)
+ was the culprit to some of the mysterious segmentation faults
+ that some users were experiencing. Thanks to Akira TAGOH for tracking
+ down the problem. (Closes: Bug#142674, #149472, #149759, #150596)
+
+ -- Anthony Fok Fri, 9 Aug 2002 02:22:00 +0800
+
+freetype (2.1.2-1) unstable; urgency=low
+
+ * New upstream release with CVS updates as of 2002-07-11.
+
+ -- Anthony Fok Mon, 15 Jul 2002 02:24:09 +0800
+
+freetype (2.1.1-3) unstable; urgency=medium
+
+ * Sync'ed with CVS as of 2002-06-16.
+ * "New version breaks Pango" was fixed by the newly recompiled
+ Pango package. (Thanks, Akira TAGOH! :-) (Closes: Bug#150039)
+ * Applied patches from Detlef Würkner (003-freetype-type1-cmap.patch,
+ 004-freetype-select-charmap.patch): the latter one fixes
+ the icon-text-disappears-in-Nautilus problem. Many thanks!
+ (Closes: Bug#150084)
+ * Applied patch from Sven Neumann (005-freetype-pfr-direction.patch).
+ Many thanks!
+
+ -- Anthony Fok Wed, 19 Jun 2002 01:37:48 +0800
+
+freetype (2.1.1-2) unstable; urgency=low
+
+ * Up'ed versioned dependency to libfreetype6 (>= 2.1.1) because 2.1.1
+ introduced some changes that is binary incompatible (but source
+ compatible) with previous versions, and Pango needs to be recompiled.
+ * Added fixes from CVS as of 2002-06-14.
+ * TOP became TOP_DIR
+
+ -- Anthony Fok Sun, 16 Jun 2002 13:28:33 +0800
+
+freetype (2.1.1-1) unstable; urgency=medium
+
+ * New upstream release.
+ * Added versioned dependency to libfreetype6 (>= 2.1.0). Thanks to
+ Akira TAGOH for the suggestion. (Closes: Bug#140772, Bug#140821)
+
+ -- Anthony Fok Fri, 14 Jun 2002 00:51:01 +0800
+
+freetype (2.0.9-1) unstable; urgency=high
+
+ * New upstream release. Among other enhancements, it contains this
+ important fix:
+
+ - Certain fonts, like "foxjump.ttf" contain broken name tables with
+ invalid entries and wild offsets. This caused FreeType to crash when
+ trying to load them.
+
+ Kudos to upstream author David Turner for fixing the bug so quickly!
+
+ This bug causes gnome-print to crash for users with certain freeware
+ or shareware fonts, so please put in woody. Thanks!
+ (Closes: Bug#135654, Bug#135896)
+
+ -- Anthony Fok Tue, 12 Mar 2002 01:43:14 +0800
+
+freetype (2.0.8-1) unstable; urgency=medium
+
+ * New upstream version. Contains a few more important bug fixes.
+ Please put in woody. Thanks!
+ * libfreetype6-dev now Depends on libc6-dev | libc-dev
+ (Closes: Bug#132640)
+ * Uses new configure script so that it builds on the netbsd-i386
+ Debian port too. (Closes: Bug#132693)
+
+ -- Anthony Fok Wed, 13 Feb 2002 03:35:52 +0800
+
+freetype (2.0.7-1) unstable; urgency=medium
+
+ * New upstream version. Reportedly fixes a problem that may KDE to
+ crash upon reading certain fonts. (Yes, please put in Debian 3.0).
+ * Applied upstream fix to freetype-config.
+
+ -- Anthony Fok Tue, 5 Feb 2002 03:44:27 +0800
+
+freetype (2.0.6-1) unstable; urgency=low
+
+ * New upstream release with important bug fixes.
+ * Removed two Debian small patches as they have been applied upstream.
+
+ -- Anthony Fok Mon, 14 Jan 2002 01:25:06 +0800
+
+freetype (2.0.5-2) unstable; urgency=low
+
+ * Oops, README and .cvsignore were erroneously placed in /usr/bin in
+ freetype2-demos. Thanks to YAMASHITA Junji for the bug report.
+ (Closes: Bug#119119)
+
+ -- Anthony Fok Sun, 11 Nov 2001 23:55:40 +0800
+
+freetype (2.0.5-1) unstable; urgency=low
+
+ * New upstream release.
+ * Updated libfreetype6.copyright.
+ * Applied patch to builds/unix/freetype-config.in to prevent
+ /usr/bin/freetype-config from providing gcc with -L/usr/lib.
+ Thanks to Gordon Sadler for providing the patch. (Closes: Bug#101391)
+ * Added /usr/share/aclocal/freetype2.m4 for autoconf and friends.
+ in libfreetype6-dev. Thanks to Marcelo E. Magallon for contributing
+ this file. (Closes: Bug#117156)
+
+ -- Anthony Fok Sat, 10 Nov 2001 13:10:25 +0800
+
+freetype (2.0.2.20010514-1) unstable; urgency=low
+
+ * New upstream snapshot, post-2.0.2 freetype2-current as of 2001-05-14.
+ * Silly me! I fixed the `missing "xlibs-dev" in Build-Depends'
+ in 2.0.2.20010422-2, but closed the wrong bug report!?
+ Thanks to Martin Schmitz for the bug report. (Closes: Bug#95328)
+ * libtool-1.4 is not 100% compatible with the libtool-1.3.5 included
+ in the upstream source. Also, it seems to be unnecessary to
+ Build-Depends on libtool, therefore removed.
+ Thanks to Laurent Bonnaud for the bug report. (Closes: Bug#97552)
+ * [ftoption.h]: #define TT_CONFIG_OPTION_BYTECODE_INTERPRETER
+
+ -- Anthony Fok Tue, 15 May 2001 16:49:26 -0600
+
+freetype (2.0.2.20010422-2) unstable; urgency=medium
+
+ * Hehe, silly me, I forgot to add "xlibs-dev" to Build-Depends
+ when I merged in freetype2-demos. Thanks to Martin Michlmayr
+ for the notice. Closes: Bug#94569.
+
+ -- Anthony Fok Thu, 26 Apr 2001 21:20:17 -0600
+
+freetype (2.0.2.20010422-1) unstable; urgency=low
+
+ * Updated to post-2.0.2 freetype2-current as of 2001-04-22.
+ * On i386, freetype2-demos is rebuilt with xlibs_4.0.2-13 instead of the
+ pre-release xlibs_4.0.3. My apologies.
+ * Replaced "tetex-dev" with "libkpathsea-dev" in Build-Depends.
+ Thanks to Michael Schmitz for the bug report. Closes: Bug#91897.
+ * Updated README.Debian to reflect the FreeType 1.x package name
+ change from freetype2{,-dev} [sic] to libttf{2,-dev}.
+
+ -- Anthony Fok Mon, 23 Apr 2001 23:08:51 -0600
+
+freetype (2.0.2.20010412-1) unstable; urgency=low
+
+ * New upstream release, post-2.0.2 freetype2-current as of 2001-04-12.
+ * Arnd Bergmann, Tom Kacvinsky et al. pinpointed and fixed a bug
+ in FreeType-2.0.2 which caused KDE and "xterm -fa" to segfault.
+ Thanks guys! :-) Closes: Bug#89326.
+ * New binary package: freetype2-demos.
+ * The source package reorganized to include three upstream tarballs
+ (freetype, ftdocs, ft2demos) in one *.orig.tar.gz.
+
+ -- Anthony Fok Fri, 13 Apr 2001 02:02:42 -0600
+
+freetype (2.0.1.20010317-1) unstable; urgency=low
+
+ * Updated to freetype2-current as of 2001-03-17.
+ * [builds/unix/install.mk]:
+ - IMHO, the current upstream source caters too much to broken
+ compilers that the Unix build suffers somewhat.
+ - Use sed to replace all instances of
+
+ with FT2_{PUBLIC,CONFIG,INTERNAL}_FILE(*.h), which currently
+ expands to
+ in freetype/config/ftheader.h and freetype/internal/internal.h.
+ - This fix, without sacrificing compatibility on some brain-dead
+ compilers on other platforms, may mean that
+ "-I/usr/include/freetype2" is no longer needed on Unix/Linux/Hurd
+ platforms.
+ - But it would be very foolish to remove "-I/usr/include/freetype2".
+ Thou shalt always use $(shell freetype-config --cflags).
+ - Thanks to Gordon Sadler for the suggestion. :-)
+ Closes: Bug#79951.
+ * [builds/unix/ft2unix.h]:
+ - Removed the FT2_{PUBLIC,CONFIG,INTERNAL}_FILE macros because
+ they are already defined in freetype/config/ftheader.h.
+ - Use FT2_ROOT instead. Afterall, cpp on Unix is not broken. ;-)
+ - Thanks to Takuo Kitame for reporting the conflicting #define's.
+ Closes: Bug#89363.
+ * [debian/rules]: Moved out some old cruft to rules.museum.
+
+ -- Anthony Fok Mon, 19 Mar 2001 03:27:14 -0700
+
+freetype (2.0.1.20010312-1) unstable; urgency=low
+
+ * Updated to freetype2-current as of 2001-03-12.
+ * [debian/control]:
+ - Build-Depends: debhelper (>= 3.0.0), ...
+ - Standards-Version: 3.5.2
+
+ -- Anthony Fok Fri, 16 Mar 2001 02:21:31 -0700
+
+freetype (2.0.1.20010308-1) unstable; urgency=low
+
+ * Updated to freetype2-current as of 2001-03-08.
+ * Corrected platform detection on Hurd. Thanks to Jeff Bailey,
+ Werner and David for the fix. Closes: Bug#87691.
+
+ -- Anthony Fok Fri, 9 Mar 2001 00:50:12 -0700
+
+freetype (2.0.1-1) unstable; urgency=low
+
+ * New upstream release.
+
+ -- Anthony Fok Fri, 1 Dec 2000 17:58:32 -0700
+
+freetype (2.0-1) unstable; urgency=low
+
+ * New upstream FreeType 2 official release.
+ - Source package: freetype
+ - Binary packages: libfreetype6 and libfreetype6-dev.
+ The source package of FreeType 1.3.1 has been renamed to freetype1.
+ * [README.Debian]: Documents the source and binary package names,
+ and recommends users to migrate to FreeType 2.
+
+ -- Anthony Fok Mon, 20 Nov 2000 05:16:13 -0700
+
+freetype (1.3.1-1) unstable; urgency=low
+
+ * New official upstream release.
+ * [contrib/ttf2pfb/ttf2pfb.c]: Applied patch by fellow Debian developer
+ Daniel Jacobowitz to fix a va_arg problem that prevents it from
+ building on powerpc. Thanks a million! :-) (closes: Bug#54539)
+
+ -- Anthony Fok Mon, 10 Jan 2000 06:12:51 -0700
+
+freetype (1.3.1-0) unstable; urgency=low
+
+ * New upstream release candidate (1999-12-08).
+ * [debian/rules]: Uses "dh_makeshlibs -V 'freetype2 (>= 1.3.1)'"
+ because 1.3 have some new APIs not in 1.2. Thanks to suggestion
+ by ISHIKAWA Mutsumi (closes: Bug#52319).
+ * Added new entries for Arphic PL fonts in /etc/ttf2pk/ttfonts.map
+ * Modified UBig5.sfd to suit the Big5 Arphic PL fonts.
+
+ -- Anthony Fok Sun, 12 Dec 1999 11:13:20 -0700
+
+freetype (1.3-2) unstable; urgency=low
+
+ * Corrected the symlink
+ /usr/share/doc/freetype2/changelog.gz -> docs/changes.txt
+ to -> docs/changes.txt.gz. (Hehe, major oversight. :-)
+ Thanks to Michael Osamu Shiobara for the bug report.
+ (closes: Bug#50428)
+
+ -- Anthony Fok Wed, 17 Nov 1999 04:10:41 -0700
+
+freetype (1.3-1) unstable; urgency=low
+
+ * New upstream release (libttf.so.2.2.0) with patches as of 1999-10-21.
+ * Standards-Version: 3.1.0
+ * Removed debian/freetype2-dev.compress because debhelper-2.0.69
+ no longer compresses *.png.
+ * Backed out the patch applied by Anthony Wong to
+ contrib/ttf2pfb/configure in freetype_1.2-6.1 because upstream fixed
+ ttf2pfb.c to #include "extend/ftxpost.h" rather than "ftxpost.h".
+ Nonetheless, thanks for the NMU! :-)
+ * [debian/rules]: FHS-compliancy and general clean-up
+ - s/pre-binary/install/g; and removed install-stamp.
+ - s!usr/doc!usr/share/doc!g;
+ - Referred to the latest /usr/doc/debhelper/examples/rules*
+ and used DH_OPTIONS to reduce clutter.
+ - Oops! I used bashism but set "SHELL = /bin/sh". Changed to
+ "SHELL = /bin/bash". :-)
+ - Install upstream docs/changes.txt as changelog.gz in the
+ freetype2 (shared library) package.
+
+ -- Anthony Fok Sun, 14 Nov 1999 01:15:21 -0700
+
+freetype (1.2-6.1) unstable; urgency=low
+
+ * Non-maintainer upload (see bug #38813)
+ * Added 'CPPFLAGS= ... -I$srcdir/../../lib/extend' to
+ contrib/ttf2pfb/configure, otherwise compile will fail for
+ ftxpost.h cannot be found.
+ * license.txt.gz is not shipped (lintian complains)
+
+ -- Anthony Wong Thu, 3 Jun 1999 02:04:44 +0800
+
+freetype (1.2-6) unstable; urgency=low
+
+ * Copied debian/postinst to debian/freetype-tools.postinst
+ so mktexlsr is (only) run for the freetype-tools package.
+ Thanks to Andrew for reporting this bug. (closes: Bug#36502)
+ * Added some more font entries to /etc/ttf2pk/ttfonts.map.
+
+ -- Anthony Fok Thu, 22 Apr 1999 17:54:53 -0600
+
+freetype (1.2-5) unstable; urgency=low
+
+ * Applied upstream freetype-1.2-current.diff.gz as of 1999-04-09.
+ * [contrib/ttf2pfb/t1asm.c]: Incorporated patch for glibc 2.1
+ donated by Hartmut Koptein .
+ (Taken from the t1utils package. :-) (closes: Bug#35742)
+ * [contrib/ttf2pk/filesrch.c]: Changed "DllImport" to "KPSEDLL"
+ (changes between kpathsea 3.2 and 3.3). Thanks Werner! :-)
+ * [debian/rules]:
+ - Replaced the for loop with a more verbose alternative to ensure
+ make stops when it encounters an error when building one of the
+ contrib programs.
+ - Renamed t1asm to t1asm-freetype, and getafm to getafm-freetype,
+ until they are merged with the ones in t1utils and psutils.
+ * freetype-tools now also Suggests: psutils (>= 1.17-7)
+
+ -- Anthony Fok Mon, 12 Apr 1999 01:08:23 -0600
+
+freetype (1.2-4) unstable; urgency=low
+
+ * Rebuilt with glibc-2.1 and tetex-lib (shared kpathsea library).
+ * [debian/rules]: Changed usr/share/texmf to usr/lib/texmf
+ for the new FHS-compliant directory layout in teTeX.
+ * [debian/control]: freetype-tools now Suggests: tetex-bin
+ (>= 0.9.990310-1), t1utils (>= 1.2-2)
+
+ -- Anthony Fok Mon, 5 Apr 1999 16:39:08 -0600
+
+freetype (1.2-3) frozen unstable; urgency=low
+
+ * Applied the upstream freetype-1.2-current.diff.gz as of 1999-01-18
+ which fixes a nasty Raster bug occurs only when clipping very large
+ outlines to a small target bitmap or pixmap.
+
+ -- Anthony Fok Tue, 19 Jan 1999 22:04:32 -0700
+
+freetype (1.2-2) frozen unstable; urgency=low
+
+ * Applied the upstream freetype-1.2-current.diff.gz as of 1998-12-27
+ Mostly bug fixes.
+ * Added configure.in and Makefile.in for contrib/{ttf2pfb,ttfbanner},
+ so these tools are now included in the freetype-tools package.
+ * [debian/control]:
+ - Removed the "<" and ">", and added a suggestion
+ to Debian-JP's X server with X-TT support in freetype2's
+ package description.
+ - Now freetype-tools also Suggests: t1utils, which contains
+ /usr/bin/t1asm that helps ttf2pfb create real .pfa and .pfb
+ files. (Also added a note in README.Debian.)
+ * Updated the upstream authors' e-mail addresses in "control" and
+ "copyright."
+ * [debian/changelog]: Add the changelog of the freetype (1.1-0.1)
+ non-maintainer release done by Marcelo E. Magallon
+ in June 1998. I forgot to do so back
+ then. Sorry! :-)
+ * Renamed debian/compress to debian/freetype2-dev.compress, so *.png
+ are no longer compressed to *.png.gz.
+
+ -- Anthony Fok Tue, 29 Dec 1998 02:16:07 -0700
+
+freetype (1.2-1) frozen unstable; urgency=low
+
+ * New upstream release.
+ * Recompiled with libc6 (2.0.7u-7).
+ * [debian/control]: Updated to standards version 2.5.0.0 (no changes).
+ * [contrib/ttf2pk/configure.in]: Modified the order of the header
+ include paths to ensure that "-I./../../lib" is placed before
+ "-I/usr/include". Thanks to Roman.Hodek@informatik.uni-erlangen.de
+ for the bug report (forwarded upstream). (Fixes: #27920)
+
+ -- Anthony Fok Sat, 5 Dec 1998 15:13:48 -0700
+
+freetype (1.1-1998-09-12-2) unstable; urgency=low
+
+ * [debian/postinst]: Oops, the command "ldconfig" somehow disappeared
+ in the last upload. Fixed. :-)
+
+ -- Anthony Fok Sun, 11 Oct 1998 19:58:32 -0600
+
+freetype (1.1-1998-09-12-1) unstable; urgency=low
+
+ * New upstream development snapshot.
+ * Added "--with-kpathsea-dir=/usr" to ttf2pk's configure.
+ * [debian/rules]:
+ - TTF2PKINPUTS = usr/lib/texmf/ttf2pk
+ - TTF2TFMINPUTS = usr/lib/texmf/ttf2tfm
+ - *.sfd are now installed in $(TTF2PKINPUTS) and $(TTF2TFMINPUTS).
+ - $(TTF2PKINPUTS)/ttfonts.map is a symlink to /etc/ttf2pk/ttfonts.map.
+ * [debian/freetype-tools.conffiles]: Added /etc/ttf2pk/ttfonts.map.
+ * [debian/postinst]: Added #DEBHELPER#.
+ * [debian/freetype-tools.postinst]: Runs /usr/bin/mktexlsr if it exists.
+ * [debian/control]: freetype-tools now Suggests: tetex-bin (>= 0.9-1).
+
+ -- Anthony Fok Sat, 12 Sep 1998 19:55:17 -0600
+
+freetype (1.1-1998-08-29-1) unstable; urgency=low
+
+ * New upstream development snapshot.
+ * Now installs ttf2bdf and ttf2pk's documentation.
+ ttf2pk/ttf2tfm's *.sfd files are now placed in /usr/lib/ttf2tfm.
+ * changelog.gz now points to the re-added commitlog.gz.
+ * Changed "numGlymphId" to "cmap4->numGlyphId" in lib/extend/ftxcmap.c.
+
+ -- Anthony Fok Mon, 31 Aug 1998 04:37:57 -0600
+
+freetype (1.1-1) unstable; urgency=low
+
+ * New upstream release. The old freetype-1.0 source package has been
+ renamed to "freetype1" and is now obsolete.
+ * Upgraded to standards version 2.4.1.0 (no changes).
+ * The package soname has been upgraded from 1 to 2. (libttf.2)
+ * Updated the package descriptions according to freetype.spec.
+ * Since teTeX 0.9 and the new is in Debian,
+ ttf2pk is now compiled and included in freetype-tools.
+ * Added postinst to run ldconfig as per Debian Policy. (Lintian)
+ * [debian/control]: Added some package relationships w.r.t. freetype1:
+ - freetype2 -- Replaces: freetype1
+ - freetype2-dev -- Conflicts: freetype1-dev
+ * [debian/rules]:
+ - /usr/lib/libttf.la is now installed in the freetype2-dev package.
+ - Moved the developer's documentation into the freetype2-dev package.
+ Thanks to "Marcelo E. Magallon" for suggestion.
+ - Added "--dpkg-shlibdeps-params=-Ldebian/tmp/DEBIAN/shlibs" to
+ dh_shlibdeps when packaging freetype-tools.
+ - Added patch from /usr/doc/lintian/libtool-workarounds.txt
+ to solve the -rpath problem. Debian's libtool-1.2 handles the -lc
+ problem quite nicely already, so that part of the patch is not used.
+ - Added a GNU GPL copyright statement at the top. :-)
+ * Ran libtoolize from the Debian libtool-1.2 package. This solves the
+ -lc problem. :-) config.guess and config.sub are taken from the ones
+ in /usr/share/automake/ though because they are newer. (Thanks to
+ the libtool bug report filed by Jim Pick for hints.)
+ * Removed debian/README.Debian.
+
+ -- Anthony Fok Fri, 28 Aug 1998 03:49:21 -0600
+
+freetype (1.1-0.1) unstable; urgency=low
+
+ * New upstream version. Non-maintainer upload (I need this in order to
+ build new upstream version of gltt!)
+ * Applied patches from previous version.
+ * Applied libtool rpath fix patch and removed rpath from compilation
+ parameters. Changed ltconfig to provide inter-library dependencies.
+ * Upgraded to Standards 2.4.1
+ * Changed package name to freetype2 and other control fields accordingly
+ (this could be a problem... what about packages that depend on
+ freetype1?)
+ * Added "Conflitcs: freetype1 (<= 1.0.0.1998-03-22-1)" to freetype-tools
+ because of the mo files freetype1 contains and that are now in
+ freetype-tools, alogn-side the programs that use the files.
+
+ -- Marcelo E. Magallon Sat, 27 Jun 1998 15:59:36 -0600
+
+freetype (1.0.0.1998-03-22-1) frozen unstable; urgency=low
+
+ * New upstream snapshot bugfix release as of 1998-03-22.
+ - ttobjs.c: The storage area is now freed in Instance_Destroy,
+ because it's the place it should have been from the very start.
+ A very sick bug spotted by Ram. Thanks again !! - DavidT
+ - fixed a nasty allocation bug in ttf2tfm.c
+ - corrected a spelling error (strcpy->strcmp) in ttf2pk.c
+ - new email address for Werner Lemberg (wl@gnu.org)
+ - (again) a stupid error fixed in ttf2pk.c
+ - Some fixes to make the package compile smoothless with the make
+ program of Solaris.
+ - too much fixed in po/Makefile.in.in :-)
+ * /usr/doc/freetype/README.gz and /usr/lib/libttf.la are now installed.
+
+ -- Anthony Fok Wed, 25 Mar 1998 16:18:50 -0700
+
+freetype (1.0.0.1998-03-13-1) unstable; urgency=low
+
+ * New upstream snapshot including upstream patch as of 1998-03-13.
+
+ -- Anthony Fok Sun, 15 Mar 1998 15:04:10 -0700
+
+freetype (1.0-1) unstable; urgency=low
+
+ * New upstream release (including upstream patch as of 1998-02-17).
+ * Updated copyright and README.Debian.
+ * Upgraded to standards version 2.4.0.0 (no changes).
+ * Enabled gettext support.
+ * Added .PHONY targets in Makefile.in's.
+ * Added -lc for linking libttf.so* (Reported by Lintian).
+ * Various FreeType test programs now have man pages linked to
+ /usr/man/man7/undocumented.7.gz (Reported by Lintian).
+ * debian/control: Revised package description.
+ * debian/rules: Commented out dh_du.
+ * Moved /usr/include/freetype/freetype.h to /usr/include/freetype.h.
+
+ -- Anthony Fok Wed, 18 Feb 1998 01:12:03 -0700
+
+freetype (0.beta.1998.01.06-1) unstable; urgency=low
+
+ * New upstream snapshot release.
+ * Thanks to the libtool patch posted by Hirotsugu Kakugawa
+ on the freetype-devel mailing list
+ (and some local tweaking), the Debian freetype package finally
+ provides the library and header files! Hurray! (Fixes Bug#16365)
+ * Splitted the package into freetype0, freetype0-dev and freetype-tools.
+ * Added debian/compress to ensure that /usr/doc/freetype0/image/*.png
+ are not compressed.
+ * Revised README.Debian.
+
+ -- Anthony Fok Thu, 8 Jan 1998 20:46:14 -0700
+
+freetype (0.beta.1997.12.25-1) unstable; urgency=low
+
+ * New upstream snapshot release.
+ * Modified /usr/doc/freetype/copyright to include the new license.txt.
+ (Yes, FreeType's license has changed.)
+ * Have a blessed Merry Christmas!
+
+ -- Anthony Fok Fri, 26 Dec 1997 11:26:25 -0700
+
+freetype (0.beta.1997.12.16-1) unstable; urgency=low
+
+ * New upstream release.
+ * /usr/bin/ttf_{lint,timer,view,zoom} no longer exists. The upstream
+ authors have renamed them as /usr/bin/{ftlint,fttimer,ftview,ftzoom}
+ and have also added other nifty test programs! :)
+ * debian/rules: Switched to debhelper.
+ * debian/control: Upgraded Standards-Version to 2.3.0.1 and increased
+ Priority to optional. :)
+ * Revised /usr/doc/freetype/copyright. FreeType is now truly DFSG-free!
+ (Fixes Bug#16030)
+ * Revised README.Debian.
+ * Changed my maintainer e-mail address to . :)
+ * Sorry, the library and header files are not yet included.
+ I have yet to learn how. :)
+
+ -- Anthony Fok Wed, 17 Dec 1997 03:02:49 -0700
+
+freetype (0.4-4) unstable; urgency=low
+
+ * Corrected the freetype mailing-list server's address from
+ "@lists.tu-muenchen.de" to "@lists.lrz-muenchen.de" in the files
+ /usr/doc/freetype/readme.1st and license.txt.
+ * Improved the package description and added a URL link to the
+ FreeType Project Home Page
+ * Removed "Keywords", "Primary-site" and "Original-site" from the package's
+ description, but kept "Authors" and "Maintained-by" (Closed bug #12510).
+
+ -- Anthony Fok Sun, 21 Sep 1997 18:24:42 -0600
+
+freetype (0.4-3) unstable; urgency=low
+
+ * Rebuilt with both libc6 and xlib6g (Fixes bug #12784).
+ * Updated to Standards-Version: 2.3.0.0.
+
+ -- Anthony Fok Wed, 10 Sep 1997 21:57:20 -0600
+
+freetype (0.4-2) unstable; urgency=low
+
+ * Renamed /usr/bin/{lint,timer,view,zoom} to
+ /usr/bin/ttf_{lint,timer,view,zoom} to avoid name conflicts with other
+ programs (Fixes bugs #12096, #12136).
+ * Closed bug #11193 (freetype AR4 available).
+
+ -- Anthony Fok Tue, 19 Aug 1997 17:53:32 -0600
+
+freetype (0.4-1) unstable; urgency=low
+
+ * New maintainer.
+ * New upstream release.
+ * Updated to Standards-Version: 2.2.0.0.
+
+ -- Anthony Fok Mon, 11 Aug 1997 08:26:17 -0600
+
+freetype (0.3-1) unstable; urgency=low
+
+ * Upstream update. Sadly the envisioned Christmas target of an X truetype
+ rasterizer has been abandoned.
+
+ -- Christoph Lameter Tue, 24 Dec 1996 12:52:24 -0800
+
+freetype (0.1-1) unstable; urgency=low
+
+ * Initial Release.
+
+ -- Christoph Lameter Thu, 7 Nov 1996 11:51:45 -0800
--- freetype-2.4.8.orig/debian/libfreetype6.install
+++ freetype-2.4.8/debian/libfreetype6.install
@@ -0,0 +1 @@
+usr/lib/*/*.so.*
--- freetype-2.4.8.orig/debian/libfreetype6.symbols
+++ freetype-2.4.8/debian/libfreetype6.symbols
@@ -0,0 +1,364 @@
+libfreetype.so.6 libfreetype6 #MINVER#
+ FTC_CMapCache_Lookup@Base 2.2.1
+ FTC_CMapCache_New@Base 2.2.1
+ FTC_ImageCache_Lookup@Base 2.2.1
+ FTC_ImageCache_LookupScaler@Base 2.3.5
+ FTC_ImageCache_New@Base 2.2.1
+ FTC_Image_Cache_Lookup@Base 2.2.1
+ FTC_Image_Cache_New@Base 2.2.1
+ FTC_Manager_Done@Base 2.2.1
+ FTC_Manager_LookupFace@Base 2.2.1
+ FTC_Manager_LookupSize@Base 2.2.1
+ FTC_Manager_Lookup_Face@Base 2.2.1
+ FTC_Manager_Lookup_Size@Base 2.2.1
+ FTC_Manager_New@Base 2.2.1
+ FTC_Manager_RemoveFaceID@Base 2.2.1
+ FTC_Manager_Reset@Base 2.2.1
+ FTC_Node_Unref@Base 2.2.1
+ FTC_SBitCache_Lookup@Base 2.2.1
+ FTC_SBitCache_LookupScaler@Base 2.3.5
+ FTC_SBitCache_New@Base 2.2.1
+ FTC_SBit_Cache_Lookup@Base 2.2.1
+ FTC_SBit_Cache_New@Base 2.2.1
+ FT_Access_Frame@Base 2.2.1
+ FT_Activate_Size@Base 2.2.1
+ FT_Add_Default_Modules@Base 2.2.1
+ FT_Add_Module@Base 2.2.1
+ FT_Alloc@Base 2.2.1
+ FT_Angle_Diff@Base 2.2.1
+ FT_Atan2@Base 2.2.1
+ FT_Attach_File@Base 2.2.1
+ FT_Attach_Stream@Base 2.2.1
+ FT_Bitmap_Convert@Base 2.2.1
+ FT_Bitmap_Copy@Base 2.2.1
+ FT_Bitmap_Done@Base 2.2.1
+ FT_Bitmap_Embolden@Base 2.2.1
+ FT_Bitmap_New@Base 2.2.1
+ FT_CMap_Done@Base 2.2.1
+ FT_CMap_New@Base 2.2.1
+ FT_CeilFix@Base 2.2.1
+ FT_ClassicKern_Free@Base 2.2.1
+ FT_ClassicKern_Validate@Base 2.2.1
+ FT_Cos@Base 2.2.1
+ FT_DivFix@Base 2.2.1
+ FT_Done_Face@Base 2.2.1
+ FT_Done_FreeType@Base 2.2.1
+ FT_Done_Glyph@Base 2.2.1
+ FT_Done_GlyphSlot@Base 2.2.1
+ FT_Done_Library@Base 2.2.1
+ FT_Done_Memory@Base 2.2.1
+ FT_Done_Size@Base 2.2.1
+ FT_Extract_Frame@Base 2.2.1
+ FT_Face_CheckTrueTypePatents@Base 2.3.5
+ FT_Face_GetCharVariantIndex@Base 2.3.5
+ FT_Face_GetCharVariantIsDefault@Base 2.3.5
+ FT_Face_GetCharsOfVariant@Base 2.3.5
+ FT_Face_GetVariantSelectors@Base 2.3.5
+ FT_Face_GetVariantsOfChar@Base 2.3.5
+ FT_Face_SetUnpatentedHinting@Base 2.3.5
+ FT_FloorFix@Base 2.2.1
+ FT_Forget_Frame@Base 2.2.1
+ FT_Free@Base 2.2.1
+ FT_Get_Advance@Base 2.3.9
+ FT_Get_Advances@Base 2.3.9
+ FT_Get_BDF_Charset_ID@Base 2.2.1
+ FT_Get_BDF_Property@Base 2.2.1
+ FT_Get_CID_From_Glyph_Index@Base 2.3.9
+ FT_Get_CID_Is_Internally_CID_Keyed@Base 2.3.9
+ FT_Get_CID_Registry_Ordering_Supplement@Base 2.3.5
+ FT_Get_CMap_Format@Base 2.3.5
+ FT_Get_CMap_Language_ID@Base 2.2.1
+ FT_Get_Char_Index@Base 2.2.1
+ FT_Get_Charmap_Index@Base 2.2.1
+ FT_Get_FSType_Flags@Base 2.3.9
+ FT_Get_First_Char@Base 2.2.1
+ FT_Get_Gasp@Base 2.3.5
+ FT_Get_Glyph@Base 2.2.1
+ FT_Get_Glyph_Name@Base 2.2.1
+ FT_Get_Kerning@Base 2.2.1
+ FT_Get_Long@Base 2.2.1
+ FT_Get_MM_Var@Base 2.2.1
+ FT_Get_Module@Base 2.2.1
+ FT_Get_Module_Interface@Base 2.2.1
+ FT_Get_Multi_Master@Base 2.2.1
+ FT_Get_Name_Index@Base 2.2.1
+ FT_Get_Next_Char@Base 2.2.1
+ FT_Get_PFR_Advance@Base 2.2.1
+ FT_Get_PFR_Kerning@Base 2.2.1
+ FT_Get_PFR_Metrics@Base 2.2.1
+ FT_Get_PS_Font_Info@Base 2.2.1
+ FT_Get_PS_Font_Value@Base 2.4.8
+ FT_Get_PS_Font_Private@Base 2.2.1
+ FT_Get_Postscript_Name@Base 2.2.1
+ FT_Get_Renderer@Base 2.2.1
+ FT_Get_Sfnt_Name@Base 2.2.1
+ FT_Get_Sfnt_Name_Count@Base 2.2.1
+ FT_Get_Sfnt_Table@Base 2.2.1
+ FT_Get_Short@Base 2.2.1
+ FT_Get_SubGlyph_Info@Base 2.2.1
+ FT_Get_Track_Kerning@Base 2.2.1
+ FT_Get_TrueType_Engine_Type@Base 2.2.1
+ FT_Get_WinFNT_Header@Base 2.2.1
+ FT_Get_X11_Font_Format@Base 2.2.1
+ FT_GlyphLoader_Add@Base 2.2.1
+ FT_GlyphLoader_CheckPoints@Base 2.2.1
+ FT_GlyphLoader_CheckSubGlyphs@Base 2.2.1
+ FT_GlyphLoader_CopyPoints@Base 2.2.1
+ FT_GlyphLoader_CreateExtra@Base 2.2.1
+ FT_GlyphLoader_Done@Base 2.2.1
+ FT_GlyphLoader_New@Base 2.2.1
+ FT_GlyphLoader_Prepare@Base 2.2.1
+ FT_GlyphLoader_Reset@Base 2.2.1
+ FT_GlyphLoader_Rewind@Base 2.2.1
+ FT_GlyphSlot_Embolden@Base 2.2.1
+ FT_GlyphSlot_Oblique@Base 2.2.1
+ FT_GlyphSlot_Own_Bitmap@Base 2.2.1
+ FT_Glyph_Copy@Base 2.2.1
+ FT_Glyph_Get_CBox@Base 2.2.1
+ FT_Glyph_Stroke@Base 2.2.1
+ FT_Glyph_StrokeBorder@Base 2.2.1
+ FT_Glyph_To_Bitmap@Base 2.2.1
+ FT_Glyph_Transform@Base 2.2.1
+ FT_Has_PS_Glyph_Names@Base 2.2.1
+ FT_Init_FreeType@Base 2.2.1
+ FT_Library_SetLcdFilter@Base 2.3.5
+ FT_Library_SetLcdFilterWeights@Base 2.4.0
+ FT_Library_Version@Base 2.2.1
+ FT_List_Add@Base 2.2.1
+ FT_List_Finalize@Base 2.2.1
+ FT_List_Find@Base 2.2.1
+ FT_List_Insert@Base 2.2.1
+ FT_List_Iterate@Base 2.2.1
+ FT_List_Remove@Base 2.2.1
+ FT_List_Up@Base 2.2.1
+ FT_Load_Char@Base 2.2.1
+ FT_Load_Glyph@Base 2.2.1
+ FT_Load_Sfnt_Table@Base 2.2.1
+ FT_Lookup_Renderer@Base 2.2.1
+ FT_Match_Size@Base 2.2.1
+ FT_Matrix_Invert@Base 2.2.1
+ FT_Matrix_Multiply@Base 2.2.1
+ FT_Matrix_Multiply_Scaled@Base 2.3.5
+ FT_MulDiv@Base 2.2.1
+ FT_MulDiv_No_Round@Base 2.2.1
+ FT_MulFix@Base 2.2.1
+ FT_New_Face@Base 2.2.1
+ FT_New_GlyphSlot@Base 2.2.1
+ FT_New_Library@Base 2.2.1
+ FT_New_Memory@Base 2.2.1
+ FT_New_Memory_Face@Base 2.2.1
+ FT_New_Memory_Stream@Base 2.2.1
+ FT_New_Size@Base 2.2.1
+ FT_OpenType_Free@Base 2.2.1
+ FT_OpenType_Validate@Base 2.2.1
+ FT_Open_Face@Base 2.2.1
+ FT_Outline_Check@Base 2.2.1
+ FT_Outline_Copy@Base 2.2.1
+ FT_Outline_Decompose@Base 2.2.1
+ FT_Outline_Done@Base 2.2.1
+ FT_Outline_Done_Internal@Base 2.2.1
+ FT_Outline_Embolden@Base 2.2.1
+ FT_Outline_GetInsideBorder@Base 2.2.1
+ FT_Outline_GetOutsideBorder@Base 2.2.1
+ FT_Outline_Get_BBox@Base 2.2.1
+ FT_Outline_Get_Bitmap@Base 2.2.1
+ FT_Outline_Get_CBox@Base 2.2.1
+ FT_Outline_Get_Orientation@Base 2.2.1
+ FT_Outline_New@Base 2.2.1
+ FT_Outline_New_Internal@Base 2.2.1
+ FT_Outline_Render@Base 2.2.1
+ FT_Outline_Reverse@Base 2.2.1
+ FT_Outline_Transform@Base 2.2.1
+ FT_Outline_Translate@Base 2.2.1
+ FT_QAlloc@Base 2.2.1
+ FT_QRealloc@Base 2.2.1
+ FT_Raccess_Get_DataOffsets@Base 2.2.1
+ FT_Raccess_Get_HeaderInfo@Base 2.2.1
+ FT_Raccess_Guess@Base 2.2.1
+ FT_Read_Stream@Base 2.2.1
+ FT_Read_Stream_At@Base 2.2.1
+ FT_Realloc@Base 2.2.1
+ FT_Reference_Face@Base 2.4.2
+ FT_Reference_Library@Base 2.4.2
+ FT_Release_Frame@Base 2.2.1
+ FT_Remove_Module@Base 2.2.1
+ FT_Render_Glyph@Base 2.2.1
+ FT_Render_Glyph_Internal@Base 2.2.1
+ FT_Request_Metrics@Base 2.2.1
+ FT_Request_Size@Base 2.2.1
+ FT_RoundFix@Base 2.2.1
+ FT_Seek_Stream@Base 2.2.1
+ FT_Select_Charmap@Base 2.2.1
+ FT_Select_Metrics@Base 2.2.1
+ FT_Select_Size@Base 2.2.1
+ FT_Set_Char_Size@Base 2.2.1
+ FT_Set_Charmap@Base 2.2.1
+ FT_Set_Debug_Hook@Base 2.2.1
+ FT_Set_MM_Blend_Coordinates@Base 2.2.1
+ FT_Set_MM_Design_Coordinates@Base 2.2.1
+ FT_Set_Pixel_Sizes@Base 2.2.1
+ FT_Set_Renderer@Base 2.2.1
+ FT_Set_Transform@Base 2.2.1
+ FT_Set_Var_Blend_Coordinates@Base 2.2.1
+ FT_Set_Var_Design_Coordinates@Base 2.2.1
+ FT_Sfnt_Table_Info@Base 2.2.1
+ FT_Sin@Base 2.2.1
+ FT_Skip_Stream@Base 2.2.1
+ FT_Sqrt32@Base 2.2.1
+ FT_SqrtFixed@Base 2.2.1
+ FT_Stream_Close@Base 2.2.1
+ FT_Stream_EnterFrame@Base 2.2.1
+ FT_Stream_ExitFrame@Base 2.2.1
+ FT_Stream_ExtractFrame@Base 2.2.1
+ FT_Stream_Free@Base 2.2.1
+ FT_Stream_GetChar@Base 2.2.1
+ FT_Stream_GetULong@Base 2.4.5
+ FT_Stream_GetULongLE@Base 2.4.5
+ FT_Stream_GetUOffset@Base 2.4.5
+ FT_Stream_GetUShort@Base 2.4.5
+ FT_Stream_GetUShortLE@Base 2.4.5
+ FT_Stream_New@Base 2.2.1
+ FT_Stream_Open@Base 2.2.1
+ FT_Stream_OpenBzip2@Base 2.4.5
+ FT_Stream_OpenGzip@Base 2.2.1
+ FT_Stream_OpenLZW@Base 2.2.1
+ FT_Stream_OpenMemory@Base 2.2.1
+ FT_Stream_Pos@Base 2.2.1
+ FT_Stream_Read@Base 2.2.1
+ FT_Stream_ReadAt@Base 2.2.1
+ FT_Stream_ReadChar@Base 2.2.1
+ FT_Stream_ReadFields@Base 2.2.1
+ FT_Stream_ReadULong@Base 2.4.5
+ FT_Stream_ReadULongLE@Base 2.4.5
+ FT_Stream_ReadUOffset@Base 2.4.5
+ FT_Stream_ReadUShort@Base 2.4.5
+ FT_Stream_ReadUShortLE@Base 2.4.5
+ FT_Stream_ReleaseFrame@Base 2.4.5
+ FT_Stream_Seek@Base 2.2.1
+ FT_Stream_Skip@Base 2.2.1
+ FT_Stream_TryRead@Base 2.2.1
+ FT_Stroker_BeginSubPath@Base 2.2.1
+ FT_Stroker_ConicTo@Base 2.2.1
+ FT_Stroker_CubicTo@Base 2.2.1
+ FT_Stroker_Done@Base 2.2.1
+ FT_Stroker_EndSubPath@Base 2.2.1
+ FT_Stroker_Export@Base 2.2.1
+ FT_Stroker_ExportBorder@Base 2.2.1
+ FT_Stroker_GetBorderCounts@Base 2.2.1
+ FT_Stroker_GetCounts@Base 2.2.1
+ FT_Stroker_LineTo@Base 2.2.1
+ FT_Stroker_New@Base 2.2.1
+ FT_Stroker_ParseOutline@Base 2.2.1
+ FT_Stroker_Rewind@Base 2.2.1
+ FT_Stroker_Set@Base 2.2.1
+ FT_Tan@Base 2.2.1
+ FT_Trace_Get_Count@Base 2.2.1
+ FT_Trace_Get_Name@Base 2.2.1
+ FT_TrueTypeGX_Free@Base 2.2.1
+ FT_TrueTypeGX_Validate@Base 2.2.1
+ FT_Vector_From_Polar@Base 2.2.1
+ FT_Vector_Length@Base 2.2.1
+ FT_Vector_Polarize@Base 2.2.1
+ FT_Vector_Rotate@Base 2.2.1
+ FT_Vector_Transform@Base 2.2.1
+ FT_Vector_Transform_Scaled@Base 2.3.5
+ FT_Vector_Unit@Base 2.2.1
+ TT_New_Context@Base 2.2.1
+ TT_RunIns@Base 2.2.1
+ af_autofitter_service@Base 2.2.1
+ af_cjk_script_class@Base 2.2.1
+ af_dummy_script_class@Base 2.2.1
+ af_glyph_hints_dump_edges@Base 2.3.5
+ af_glyph_hints_dump_points@Base 2.3.5
+ af_glyph_hints_dump_segments@Base 2.3.5
+ af_glyph_hints_get_num_segments@Base 2.4.5
+ af_glyph_hints_get_segment_offset@Base 2.4.5
+ af_indic_script_class@Base 2.3.5
+ af_latin_script_class@Base 2.2.1
+ afm_parser_funcs@Base 2.2.1
+ autofit_module_class@Base 2.2.1
+ bdf_cmap_class@Base 2.2.1
+ bdf_driver_class@Base 2.2.1
+ cff_cmap_encoding_class_rec@Base 2.2.1
+ cff_cmap_unicode_class_rec@Base 2.2.1
+ cff_driver_class@Base 2.2.1
+ ft_bitmap_glyph_class@Base 2.2.1
+ ft_corner_is_flat@Base 2.3.5
+ ft_corner_orientation@Base 2.3.5
+ ft_debug_init@Base 2.2.1
+ ft_glyphslot_alloc_bitmap@Base 2.2.1
+ ft_glyphslot_free_bitmap@Base 2.2.1
+ ft_glyphslot_set_bitmap@Base 2.2.1
+ ft_grays_raster@Base 2.2.1
+ ft_highpow2@Base 2.2.1
+ ft_lzwstate_done@Base 2.2.1
+ ft_lzwstate_init@Base 2.2.1
+ ft_lzwstate_io@Base 2.2.1
+ ft_lzwstate_reset@Base 2.2.1
+ ft_mem_alloc@Base 2.2.1
+ ft_mem_dup@Base 2.3.5
+ ft_mem_free@Base 2.2.1
+ ft_mem_qalloc@Base 2.2.1
+ ft_mem_qrealloc@Base 2.2.1
+ ft_mem_realloc@Base 2.2.1
+ ft_mem_strcpyn@Base 2.3.5
+ ft_mem_strdup@Base 2.3.5
+ ft_module_get_service@Base 2.2.1
+ ft_outline_glyph_class@Base 2.2.1
+ ft_raster1_renderer_class@Base 2.2.1
+ ft_raster5_renderer_class@Base 2.2.1
+ ft_service_list_lookup@Base 2.2.1
+ ft_smooth_lcd_renderer_class@Base 2.2.1
+ ft_smooth_lcdv_renderer_class@Base 2.2.1
+ ft_smooth_renderer_class@Base 2.2.1
+ ft_standard_raster@Base 2.2.1
+ ft_stub_set_char_sizes@Base 2.2.1
+ ft_stub_set_pixel_sizes@Base 2.2.1
+ ft_synthesize_vertical_metrics@Base 2.2.1
+ ft_validator_error@Base 2.2.1
+ ft_validator_init@Base 2.2.1
+ ft_validator_run@Base 2.2.1
+ ftc_basic_image_cache_class@Base 2.2.1
+ ftc_basic_image_family_class@Base 2.2.1
+ ftc_basic_sbit_cache_class@Base 2.2.1
+ ftc_basic_sbit_family_class@Base 2.2.1
+ ftc_cmap_cache_class@Base 2.2.1
+ ftc_face_list_class@Base 2.2.1
+ ftc_node_destroy@Base 2.2.1
+ ftc_size_list_class@Base 2.2.1
+ gxv_module_class@Base 2.4.4
+ otv_module_class@Base 2.4.4
+ pcf_cmap_class@Base 2.2.1
+ pcf_driver_class@Base 2.2.1
+ pfr_cmap_class_rec@Base 2.2.1
+ pfr_driver_class@Base 2.2.1
+ pfr_metrics_service_rec@Base 2.2.1
+ ps_hints_apply@Base 2.2.1
+ ps_parser_funcs@Base 2.2.1
+ ps_table_funcs@Base 2.2.1
+ psaux_module_class@Base 2.2.1
+ pshinter_module_class@Base 2.2.1
+ psnames_module_class@Base 2.2.1
+ sfnt_module_class@Base 2.2.1
+ t1_builder_funcs@Base 2.2.1
+ t1_cmap_classes@Base 2.2.1
+ t1_cmap_custom_class_rec@Base 2.2.1
+ t1_cmap_expert_class_rec@Base 2.2.1
+ t1_cmap_standard_class_rec@Base 2.2.1
+ t1_cmap_unicode_class_rec@Base 2.2.1
+ t1_decoder_funcs@Base 2.2.1
+ t1_driver_class@Base 2.2.1
+ t1cid_driver_class@Base 2.2.1
+ t42_driver_class@Base 2.2.1
+ tt_cmap0_class_rec@Base 2.2.1
+ tt_cmap10_class_rec@Base 2.2.1
+ tt_cmap12_class_rec@Base 2.2.1
+ tt_cmap13_class_rec@Base 2.3.11
+ tt_cmap14_class_rec@Base 2.3.5
+ tt_cmap2_class_rec@Base 2.2.1
+ tt_cmap4_class_rec@Base 2.2.1
+ tt_cmap6_class_rec@Base 2.2.1
+ tt_cmap8_class_rec@Base 2.2.1
+ tt_default_graphics_state@Base 2.2.1
+ tt_driver_class@Base 2.2.1
+ winfnt_driver_class@Base 2.2.1
--- freetype-2.4.8.orig/debian/source/lintian-overrides
+++ freetype-2.4.8/debian/source/lintian-overrides
@@ -0,0 +1,4 @@
+# two separate series files; not getting fixed without extensive changes
+# upstream
+freetype source: quilt-build-dep-but-no-series-file
+
--- freetype-2.4.8.orig/debian/patches-ft2demos/ft2demos-2.1.7-no-rpath.patch
+++ freetype-2.4.8/debian/patches-ft2demos/ft2demos-2.1.7-no-rpath.patch
@@ -0,0 +1,19 @@
+Index: graph/x11/rules.mk
+===================================================================
+--- graph/x11/rules.mk.orig 2003-06-16 01:37:10.000000000 -0700
++++ graph/x11/rules.mk 2006-03-05 11:57:36.000000000 -0800
+@@ -67,9 +67,11 @@
+ # The GRAPH_LINK variable is expanded each time an executable is linked
+ # against the graphics library.
+ #
+- ifeq ($(PLATFORM),unix)
+- GRAPH_LINK += $(X11_LIB:%=-R%)
+- endif
++ # No, we do not want rpath on Debian; reversing YAMANO-UCHI Hidetoshi's
++ # 2003-06-13 change. (Anthony Fok, 2003-08-28)
++ #ifeq ($(PLATFORM),unix)
++ # GRAPH_LINK += $(X11_LIB:%=-R%)
++ #endif
+ GRAPH_LINK += $(X11_LIB:%=-L%) -lX11
+
+ # Solaris needs a -lsocket in GRAPH_LINK.
--- freetype-2.4.8.orig/debian/patches-ft2demos/series
+++ freetype-2.4.8/debian/patches-ft2demos/series
@@ -0,0 +1,2 @@
+ft2demos-2.1.7-no-rpath.patch -p0
+compiler_hardening_fixes.patch
--- freetype-2.4.8.orig/debian/patches-ft2demos/ft2demos-ftview-wrong-types
+++ freetype-2.4.8/debian/patches-ft2demos/ft2demos-ftview-wrong-types
@@ -0,0 +1,47 @@
+Index: ft2demos-2.1.10/src/ftview.c
+===================================================================
+--- ft2demos-2.1.10.orig/src/ftview.c 2005-05-25 11:31:14.000000000 -0700
++++ ft2demos-2.1.10/src/ftview.c 2006-04-28 01:44:44.000000000 -0700
+@@ -865,10 +865,6 @@
+ debug = 1;
+ break;
+
+- case 'D':
+- dump_cache_stats = 1;
+- break;
+-
+ case 'e':
+ encoding = (FT_Encoding)make_tag( optarg );
+ break;
+@@ -1053,19 +1049,6 @@
+ grWriteCellString( &bit, 0, 8, Header, fore_color );
+ grRefreshSurface( surface );
+
+- if ( dump_cache_stats )
+- {
+- /* dump simple cache manager statistics */
+- fprintf( stderr, "cache manager [ nodes, bytes, average ] = "
+- " [ %d, %ld, %f ]\n",
+- cache_manager->num_nodes,
+- cache_manager->cur_weight,
+- cache_manager->num_nodes > 0
+- ? cache_manager->cur_weight * 1.0 /
+- cache_manager->num_nodes
+- : 0.0 );
+- }
+-
+ grListenSurface( surface, 0, &event );
+ if ( !( key = Process_Event( &event ) ) )
+ goto End;
+Index: ft2demos-2.1.10/src/ftcommon.i
+===================================================================
+--- ft2demos-2.1.10.orig/src/ftcommon.i 2006-04-27 23:46:09.000000000 -0700
++++ ft2demos-2.1.10/src/ftcommon.i 2006-04-28 01:45:41.000000000 -0700
+@@ -186,7 +186,6 @@
+
+ FTC_ImageTypeRec current_font;
+
+- int dump_cache_stats = 0; /* do we need to dump cache statistics? */
+ int use_sbits_cache = 1;
+
+ int num_indices; /* number of glyphs or characters */
--- freetype-2.4.8.orig/debian/patches-ft2demos/ft2demos-broken-internal-includes.patch
+++ freetype-2.4.8/debian/patches-ft2demos/ft2demos-broken-internal-includes.patch
@@ -0,0 +1,41 @@
+Index: src/ftcommon.i
+===================================================================
+--- src/ftcommon.i.orig 2005-05-26 22:49:41.000000000 -0700
++++ src/ftcommon.i 2006-03-05 11:54:24.000000000 -0800
+@@ -21,9 +21,6 @@
+ #include FT_BITMAP_H
+ #include FT_SYNTHESIS_H
+
+- /* the following header shouldn't be used in normal programs */
+-#include FT_INTERNAL_DEBUG_H
+-
+ #include "common.h"
+
+ #include
+Index: src/ftdump.c
+===================================================================
+--- src/ftdump.c.orig 2004-05-10 13:54:54.000000000 -0700
++++ src/ftdump.c 2006-03-05 11:54:24.000000000 -0800
+@@ -13,7 +13,8 @@
+ #include FT_SFNT_NAMES_H
+ #include FT_TRUETYPE_IDS_H
+
+- /* the following header shouldn't be used in normal programs */
++ /* the following headers shouldn't be used in normal programs */
++#include "freetype/internal/internal.h"
+ #include FT_INTERNAL_DEBUG_H
+
+ /* showing driver name */
+Index: src/ftvalid.c
+===================================================================
+--- src/ftvalid.c.orig 2005-05-23 13:42:39.000000000 -0700
++++ src/ftvalid.c 2006-03-05 11:54:24.000000000 -0800
+@@ -17,6 +17,8 @@
+ #include
+
+ #include FT_FREETYPE_H
++/* XXX: these are internal headers and should never be used */
++#include "freetype/internal/internal.h"
+ #include FT_INTERNAL_DEBUG_H
+ #include FT_INTERNAL_VALIDATE_H
+ #include FT_TRUETYPE_TABLES_H
--- freetype-2.4.8.orig/debian/patches-ft2demos/compiler_hardening_fixes.patch
+++ freetype-2.4.8/debian/patches-ft2demos/compiler_hardening_fixes.patch
@@ -0,0 +1,49 @@
+Index: ft2demos-2.3.9/src/ftcommon.c
+===================================================================
+--- ft2demos-2.3.9.orig/src/ftcommon.c
++++ ft2demos-2.3.9/src/ftcommon.c
+@@ -445,6 +445,7 @@
+
+ if ( file == NULL ) /* shouldn't happen */
+ {
++ free( (void *)font->filepathname );
+ free( font );
+ return FT_Err_Invalid_Argument;
+ }
+@@ -454,7 +455,15 @@
+ fseek( file, 0, SEEK_SET );
+
+ font->file_address = malloc( file_size );
+- fread( font->file_address, 1, file_size, file );
++
++ if (fread( font->file_address, 1, file_size, file ) < file_size)
++ {
++ fclose( file );
++ free( font->file_address );
++ free( (void *)font->filepathname );
++ free( font );
++ return FT_Err_Invalid_Argument;
++ }
+
+ font->file_size = file_size;
+
+Index: ft2demos-2.3.9/src/ftdiff.c
+===================================================================
+--- ft2demos-2.3.9.orig/src/ftdiff.c
++++ ft2demos-2.3.9/src/ftdiff.c
+@@ -1138,8 +1138,13 @@
+
+ if ( text != NULL )
+ {
+- fread( text, tsize, 1, tfile );
+- text[tsize] = 0;
++ if (fread( text, tsize, 1, tfile ) < 1) {
++ fprintf( stderr, "could not read '%s'\n", textfile );
++ free( text );
++ text = (unsigned char *)default_text;
++ } else {
++ text[tsize] = 0;
++ }
+ }
+ else
+ {
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2012-1127.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2012-1127.patch
@@ -0,0 +1,48 @@
+Description: Verify line length when parsing glyphs
+Origin: upstream, http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0b1c0c6b20bf121096afff206d570f26183402b3
+
+Index: freetype-2.4.8/src/bdf/bdflib.c
+===================================================================
+--- freetype-2.4.8.orig/src/bdf/bdflib.c 2012-03-20 15:33:13.016353434 -0500
++++ freetype-2.4.8/src/bdf/bdflib.c 2012-03-20 15:33:55.028354433 -0500
+@@ -1098,6 +1098,7 @@
+ #define ACMSG13 "Glyph %ld extra rows removed.\n"
+ #define ACMSG14 "Glyph %ld extra columns removed.\n"
+ #define ACMSG15 "Incorrect glyph count: %ld indicated but %ld found.\n"
++#define ACMSG16 "Glyph %ld missing columns padded with zero bits.\n"
+
+ /* Error messages. */
+ #define ERRMSG1 "[line %ld] Missing \"%s\" line.\n"
+@@ -1703,18 +1704,31 @@
+ for ( i = 0; i < nibbles; i++ )
+ {
+ c = line[i];
++ if ( !c )
++ break;
+ *bp = (FT_Byte)( ( *bp << 4 ) + a2i[c] );
+ if ( i + 1 < nibbles && ( i & 1 ) )
+ *++bp = 0;
+ }
+
++ /* If any line has not enough columns, */
++ /* indicate they have been padded with zero bits. */
++ if ( i < nibbles &&
++ !( p->flags & _BDF_GLYPH_WIDTH_CHECK ) )
++ {
++ FT_TRACE2(( "_bdf_parse_glyphs: " ACMSG16, glyph->encoding ));
++ p->flags |= _BDF_GLYPH_WIDTH_CHECK;
++ font->modified = 1;
++ }
++
+ /* Remove possible garbage at the right. */
+ mask_index = ( glyph->bbx.width * p->font->bpp ) & 7;
+ if ( glyph->bbx.width )
+ *bp &= nibble_mask[mask_index];
+
+ /* If any line has extra columns, indicate they have been removed. */
+- if ( ( line[nibbles] == '0' || a2i[(int)line[nibbles]] != 0 ) &&
++ if ( i == nibbles &&
++ ( line[nibbles] == '0' || a2i[(int)line[nibbles]] != 0 ) &&
+ !( p->flags & _BDF_GLYPH_WIDTH_CHECK ) )
+ {
+ FT_TRACE2(( "_bdf_parse_glyphs: " ACMSG14, glyph->encoding ));
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2012-1128.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2012-1128.patch
@@ -0,0 +1,46 @@
+Description: Fix logic to prevent NULL pointer dereference
+Origin: upstream, http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=96cddb8d1d32d6738b06552083db9d6cee5b5cb4
+
+Index: freetype-2.4.8/src/truetype/ttinterp.c
+===================================================================
+--- freetype-2.4.8.orig/src/truetype/ttinterp.c 2011-10-25 13:17:23.000000000 -0500
++++ freetype-2.4.8/src/truetype/ttinterp.c 2012-03-20 15:34:02.568354610 -0500
+@@ -5826,7 +5826,7 @@
+ FT_F26Dot6 dx,
+ dy;
+
+- FT_UShort last_point, i;
++ FT_UShort limit, i;
+
+
+ if ( BOUNDS( args[0], 2 ) )
+@@ -5843,24 +5843,15 @@
+ /* Twilight zone has no contours, so use `n_points'. */
+ /* Normal zone's `n_points' includes phantoms, so must */
+ /* use end of last contour. */
+- if ( CUR.GS.gep2 == 0 && CUR.zp2.n_points > 0 )
+- last_point = (FT_UShort)( CUR.zp2.n_points - 1 );
++ if ( CUR.GS.gep2 == 0 )
++ limit = (FT_UShort)CUR.zp2.n_points;
+ else if ( CUR.GS.gep2 == 1 && CUR.zp2.n_contours > 0 )
+- {
+- last_point = (FT_UShort)( CUR.zp2.contours[CUR.zp2.n_contours - 1] );
+-
+- if ( BOUNDS( last_point, CUR.zp2.n_points ) )
+- {
+- if ( CUR.pedantic_hinting )
+- CUR.error = TT_Err_Invalid_Reference;
+- return;
+- }
+- }
++ limit = (FT_UShort)( CUR.zp2.contours[CUR.zp2.n_contours - 1] + 1 );
+ else
+- last_point = 0;
++ limit = 0;
+
+ /* XXX: UNDOCUMENTED! SHZ doesn't touch the points */
+- for ( i = 0; i <= last_point; i++ )
++ for ( i = 0; i < limit; i++ )
+ {
+ if ( zp.cur != CUR.zp2.cur || refp != i )
+ MOVE_Zp2_Point( i, dx, dy, FALSE );
--- freetype-2.4.8.orig/debian/patches-freetype/revert_scalable_fonts_metric.patch
+++ freetype-2.4.8/debian/patches-freetype/revert_scalable_fonts_metric.patch
@@ -0,0 +1,16 @@
+# Description: revert commit which creates regressions in gtk
+# Ubuntu: https://bugs.launchpad.net/freetype/+bug/972223
+# Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=636776
+--- a/src/truetype/ttdriver.c
++++ b/src/truetype/ttdriver.c
+@@ -246,10 +246,7 @@
+ FT_Request_Metrics( size->face, req );
+
+ if ( FT_IS_SCALABLE( size->face ) )
+- {
+ error = tt_size_reset( ttsize );
+- ttsize->root.metrics = ttsize->metrics;
+- }
+
+ return error;
+ }
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2015-9383.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2015-9383.patch
@@ -0,0 +1,57 @@
+Backported of:
+
+From 57cbb8c148999ba8f14ed53435fc071ac9953afd Mon Sep 17 00:00:00 2001
+From: Werner Lemberg
+Date: Sat, 31 Oct 2015 18:47:26 +0100
+Subject: [PATCH] [sfnt] Fix cmap 14 validation (#46346).
+
+* src/sfnt/ttcmap.c (tt_cmap14_validate): Check limit before
+accessing `numRanges' and `numMappings'.
+Fix size check for non-default UVS table.
+diff --git a/src/sfnt/ttcmap.c b/src/sfnt/ttcmap.c
+index 89590f7..ba0320d 100644
+--- a/src/sfnt/ttcmap.c
++++ b/src/sfnt/ttcmap.c
+@@ -2780,10 +2780,15 @@
+ /* through the normal Unicode cmap, no GIDs, just check order) */
+ if ( defOff != 0 )
+ {
+- FT_Byte* defp = table + defOff;
+- FT_ULong numRanges = TT_NEXT_ULONG( defp );
++ FT_Byte* defp = table + defOff;
++ FT_ULong numRanges;
+ FT_ULong i;
+- FT_ULong lastBase = 0;
++ FT_ULong lastBase = 0;
++
++ if ( defp + 4 > valid->limit )
++ FT_INVALID_TOO_SHORT;
++
++ numRanges = TT_NEXT_ULONG( defp );
+
+
+ /* defp + numRanges * 4 > valid->limit ? */
+@@ -2809,13 +2814,19 @@
+ /* and the non-default table (these glyphs are specified here) */
+ if ( nondefOff != 0 )
+ {
+- FT_Byte* ndp = table + nondefOff;
+- FT_ULong numMappings = TT_NEXT_ULONG( ndp );
++ FT_Byte* ndp = table + nondefOff;
++ FT_ULong numMappings;
+ FT_ULong i, lastUni = 0;
+
+
+- /* numMappings * 4 > (FT_ULong)( valid->limit - ndp ) ? */
+- if ( numMappings > ( (FT_ULong)( valid->limit - ndp ) ) / 4 )
++ if ( ndp + 4 > valid->limit )
++ FT_INVALID_TOO_SHORT;
++
++ numMappings = TT_NEXT_ULONG( ndp );
++
++
++ /* numMappings * 5 > (FT_ULong)( valid->limit - ndp ) ? */
++ if ( numMappings > ( (FT_ULong)( valid->limit - ndp ) ) / 5 )
+ FT_INVALID_TOO_SHORT;
+
+ for ( i = 0; i < numMappings; ++i )
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2012-1136.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2012-1136.patch
@@ -0,0 +1,54 @@
+Description: Ensure encoding field is defined
+Origin: upstream, http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=4086fb7caf41e33137e548e43a49a97b127cd369
+
+Index: freetype-2.4.8/src/bdf/bdflib.c
+===================================================================
+--- freetype-2.4.8.orig/src/bdf/bdflib.c 2012-03-20 15:44:43.560369850 -0500
++++ freetype-2.4.8/src/bdf/bdflib.c 2012-03-20 15:45:05.928370374 -0500
+@@ -1749,12 +1749,7 @@
+ if ( ft_memcmp( line, "SWIDTH", 6 ) == 0 )
+ {
+ if ( !( p->flags & _BDF_ENCODING ) )
+- {
+- /* Missing ENCODING field. */
+- FT_ERROR(( "_bdf_parse_glyphs: " ERRMSG1, lineno, "ENCODING" ));
+- error = BDF_Err_Missing_Encoding_Field;
+- goto Exit;
+- }
++ goto Missing_Encoding;
+
+ error = _bdf_list_split( &p->list, (char *)" +", line, linelen );
+ if ( error )
+@@ -1769,6 +1764,9 @@
+ /* Expect the DWIDTH (scalable width) field next. */
+ if ( ft_memcmp( line, "DWIDTH", 6 ) == 0 )
+ {
++ if ( !( p->flags & _BDF_ENCODING ) )
++ goto Missing_Encoding;
++
+ error = _bdf_list_split( &p->list, (char *)" +", line, linelen );
+ if ( error )
+ goto Exit;
+@@ -1794,6 +1792,9 @@
+ /* Expect the BBX field next. */
+ if ( ft_memcmp( line, "BBX", 3 ) == 0 )
+ {
++ if ( !( p->flags & _BDF_ENCODING ) )
++ goto Missing_Encoding;
++
+ error = _bdf_list_split( &p->list, (char *)" +", line, linelen );
+ if ( error )
+ goto Exit;
+@@ -1893,6 +1894,12 @@
+ }
+
+ error = BDF_Err_Invalid_File_Format;
++ goto Exit;
++
++ Missing_Encoding:
++ /* Missing ENCODING field. */
++ FT_ERROR(( "_bdf_parse_glyphs: " ERRMSG1, lineno, "ENCODING" ));
++ error = BDF_Err_Missing_Encoding_Field;
+
+ Exit:
+ if ( error && ( p->flags & _BDF_GLYPH ) )
--- freetype-2.4.8.orig/debian/patches-freetype/series
+++ freetype-2.4.8/debian/patches-freetype/series
@@ -0,0 +1,60 @@
+freetype-2.1.7-backwards.compat.patch -p0
+enable-subpixel-rendering.patch
+enable-gxvalid-otvalid.patch
+CVE-2012-1126.patch
+CVE-2012-1127.patch
+CVE-2012-1128.patch
+CVE-2012-1129.patch
+CVE-2012-1130.patch
+CVE-2012-1131.patch
+CVE-2012-1132.patch
+CVE-2012-1133.patch
+CVE-2012-1134.patch
+CVE-2012-1135.patch
+CVE-2012-1136.patch
+CVE-2012-1137.patch
+CVE-2012-1138.patch
+CVE-2012-1139.patch
+CVE-2012-1140.patch
+CVE-2012-1141.patch
+CVE-2012-1142.patch
+CVE-2012-1143.patch
+CVE-2012-1144.patch
+revert_scalable_fonts_metric.patch
+CVE-2012-5668.patch
+CVE-2012-5669.patch
+CVE-2014-96xx/CVE-2014-9656-bp-1.patch
+CVE-2014-96xx/CVE-2014-9656.patch
+CVE-2014-96xx/CVE-2014-9657.patch
+CVE-2014-96xx/CVE-2014-9658.patch
+CVE-2014-96xx/CVE-2014-9660.patch
+CVE-2014-96xx/CVE-2014-9661-1.patch
+CVE-2014-96xx/CVE-2014-9661-2.patch
+CVE-2014-96xx/CVE-2014-9663.patch
+CVE-2014-96xx/CVE-2014-9664-1.patch
+CVE-2014-96xx/CVE-2014-9664-2.patch
+CVE-2014-96xx/CVE-2014-9666.patch
+CVE-2014-96xx/CVE-2014-9667.patch
+CVE-2014-96xx/CVE-2014-9669.patch
+CVE-2014-96xx/CVE-2014-9670-1.patch
+CVE-2014-96xx/CVE-2014-9670-2.patch
+CVE-2014-96xx/CVE-2014-9671-1.patch
+CVE-2014-96xx/CVE-2014-9671-2.patch
+CVE-2014-96xx/CVE-2014-9671-3.patch
+CVE-2014-96xx/CVE-2014-9672.patch
+CVE-2014-96xx/CVE-2014-9673.patch
+CVE-2014-96xx/CVE-2014-9674-1.patch
+CVE-2014-96xx/CVE-2014-9674-2.patch
+CVE-2014-96xx/CVE-2014-9674-3.patch
+CVE-2014-96xx/CVE-2014-9674-4.patch
+CVE-2014-96xx/CVE-2014-9675-1.patch
+CVE-2014-96xx/CVE-2014-9675-2.patch
+savannah-bug-41590.patch
+savannah-bug-41309.patch
+CVE-2016-10244.patch
+CVE-2016-10328.patch
+CVE-2017-8105.patch
+CVE-2017-8287.patch
+CVE-2015-9381.patch
+CVE-2015-9382.patch
+CVE-2015-9383.patch
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2012-1133.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2012-1133.patch
@@ -0,0 +1,19 @@
+Description: Force negative encoding values to follow the spec
+Origin: upstream, http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=28dd2c45957278e962f95633157b6139de8170aa
+
+Index: freetype-2.4.8/src/bdf/bdflib.c
+===================================================================
+--- freetype-2.4.8.orig/src/bdf/bdflib.c 2012-03-20 15:33:55.000000000 -0500
++++ freetype-2.4.8/src/bdf/bdflib.c 2012-03-20 15:44:43.560369850 -0500
+@@ -1587,6 +1587,11 @@
+
+ p->glyph_enc = _bdf_atol( p->list.field[1], 0, 10 );
+
++ /* Normalize negative encoding values. The specification only */
++ /* allows -1, but we can be more generous here. */
++ if ( p->glyph_enc < -1 )
++ p->glyph_enc = -1;
++
+ /* Check that the encoding is in the range [0,65536] because */
+ /* otherwise p->have (a bitmap with static size) overflows. */
+ if ( p->glyph_enc > 0 &&
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2016-10244.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2016-10244.patch
@@ -0,0 +1,35 @@
+Backport of:
+
+From a660e3de422731b94d4a134d27555430cbb6fb39 Mon Sep 17 00:00:00 2001
+From: Werner Lemberg
+Date: Fri, 26 Aug 2016 00:23:27 +0200
+Subject: [type1] Fix heap buffer overflow.
+
+Reported as
+
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36
+
+* src/type1/t1load.c (parse_charstrings): Reject fonts that don't
+contain glyph names.
+---
+ ChangeLog | 11 +++++++++++
+ src/type1/t1load.c | 6 ++++++
+ 2 files changed, 17 insertions(+)
+
+Index: freetype-2.4.8/src/type1/t1load.c
+===================================================================
+--- freetype-2.4.8.orig/src/type1/t1load.c 2017-03-16 13:52:12.794224350 -0400
++++ freetype-2.4.8/src/type1/t1load.c 2017-03-16 13:52:49.002642651 -0400
+@@ -1663,6 +1663,12 @@
+ }
+ }
+
++ if ( !n )
++ {
++ error = T1_Err_Invalid_File_Format;
++ goto Fail;
++ }
++
+ loader->num_glyphs = n;
+
+ /* if /.notdef is found but does not occupy index 0, do our magic. */
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2012-5669.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2012-5669.patch
@@ -0,0 +1,22 @@
+Description: fix denial of service and possible code execution via heap
+ buffer over-read in BDF parsing
+Origin: upstream, http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=07bdb6e289c7954e2a533039dc93c1c136099d2d
+Bug: https://savannah.nongnu.org/bugs/?37906
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696691
+
+Index: freetype-2.4.8/src/bdf/bdflib.c
+===================================================================
+--- freetype-2.4.8.orig/src/bdf/bdflib.c 2013-01-11 13:49:30.000000000 -0500
++++ freetype-2.4.8/src/bdf/bdflib.c 2013-01-11 13:50:22.407209080 -0500
+@@ -1602,8 +1602,9 @@
+
+ /* Check that the encoding is in the range [0,65536] because */
+ /* otherwise p->have (a bitmap with static size) overflows. */
+- if ( p->glyph_enc > 0 &&
+- (size_t)p->glyph_enc >= sizeof ( p->have ) * 8 )
++ if ( p->glyph_enc > 0 &&
++ (size_t)p->glyph_enc >= sizeof ( p->have ) /
++ sizeof ( unsigned long ) * 32 )
+ {
+ error = BDF_Err_Invalid_File_Format;
+ goto Exit;
--- freetype-2.4.8.orig/debian/patches-freetype/savannah-bug-41309.patch
+++ freetype-2.4.8/debian/patches-freetype/savannah-bug-41309.patch
@@ -0,0 +1,227 @@
+Backport of:
+
+From 8b281f83e8516535756f92dbf90940ac44bd45e1 Mon Sep 17 00:00:00 2001
+From: Werner Lemberg
+Date: Thu, 23 Jan 2014 07:14:53 +0000
+Subject: Fix Savannah bug #41309.
+
+* src/type1/t1load.c (t1_parse_font_matrix): Properly handle result
+of `T1_ToFixedArray'.
+
+* src/cid/cidload.c (cid_parse_font_matrix): Synchronize with
+`t1_parse_font_matrix'.
+
+* src/type42/t42parse.c (t42_parse_font_matrix): Synchronize with
+`t1_parse_font_matrix'.
+(t42_parse_encoding): Synchronize with `t1_parse_encoding'.
+
+* src/psaux/psobjs.c (ps_parser_load_field) ,
+: Properly handle result of `ps_tofixedarray'.
+---
+Index: freetype-2.4.8/src/cid/cidload.c
+===================================================================
+--- freetype-2.4.8.orig/src/cid/cidload.c 2015-09-10 07:42:08.789889883 -0400
++++ freetype-2.4.8/src/cid/cidload.c 2015-09-10 07:46:37.224648431 -0400
+@@ -152,6 +152,7 @@
+ {
+ FT_Matrix* matrix;
+ FT_Vector* offset;
++ FT_Int result;
+ CID_FaceDict dict;
+ FT_Face root = (FT_Face)&face->root;
+ FT_Fixed temp[6];
+@@ -164,10 +165,19 @@
+ matrix = &dict->font_matrix;
+ offset = &dict->font_offset;
+
+- (void)cid_parser_to_fixed_array( parser, 6, temp, 3 );
++ result = cid_parser_to_fixed_array( parser, 6, temp, 3 );
++
++ if ( result < 6 )
++ return CID_Err_Syntax_Error;
+
+ temp_scale = FT_ABS( temp[3] );
+
++ if ( temp_scale == 0 )
++ {
++ FT_ERROR(( "cid_parse_font_matrix: invalid font matrix\n" ));
++ return CID_Err_Syntax_Error;
++ }
++
+ /* Set units per EM based on FontMatrix values. We set the value to */
+ /* `1000/temp_scale', because temp_scale was already multiplied by */
+ /* 1000 (in `t1_tofixed', from psobjs.c). */
+@@ -182,7 +192,7 @@
+ temp[2] = FT_DivFix( temp[2], temp_scale );
+ temp[4] = FT_DivFix( temp[4], temp_scale );
+ temp[5] = FT_DivFix( temp[5], temp_scale );
+- temp[3] = 0x10000L;
++ temp[3] = temp[3] < 0 ? -0x10000L : 0x10000L;
+ }
+
+ matrix->xx = temp[0];
+@@ -195,8 +205,7 @@
+ offset->y = temp[5] >> 16;
+ }
+
+- return CID_Err_Ok; /* this is a callback function; */
+- /* we must return an error code */
++ return CID_Err_Ok;
+ }
+
+
+Index: freetype-2.4.8/src/psaux/psobjs.c
+===================================================================
+--- freetype-2.4.8.orig/src/psaux/psobjs.c 2015-09-10 07:42:08.789889883 -0400
++++ freetype-2.4.8/src/psaux/psobjs.c 2015-09-10 07:42:08.785889843 -0400
+@@ -847,6 +847,8 @@
+ /* first character must be a delimiter or a part of a number */
+ /* NB: `values' can be NULL if we just want to skip the */
+ /* array; in this case we ignore `max_values' */
++ /* */
++ /* return number of successfully parsed values */
+
+ static FT_Int
+ ps_tofixedarray( FT_Byte* *acur,
+@@ -1193,7 +1195,7 @@
+
+ result = ps_tofixedarray( &cur, limit, 4, temp, 0 );
+
+- if ( result < 0 )
++ if ( result < 4 )
+ {
+ FT_ERROR(( "ps_parser_load_field:"
+ " expected four integers in bounding box\n" ));
+Index: freetype-2.4.8/src/type1/t1load.c
+===================================================================
+--- freetype-2.4.8.orig/src/type1/t1load.c 2015-09-10 07:42:08.789889883 -0400
++++ freetype-2.4.8/src/type1/t1load.c 2015-09-10 07:42:08.785889843 -0400
+@@ -1101,7 +1101,7 @@
+
+ result = T1_ToFixedArray( parser, 6, temp, 3 );
+
+- if ( result < 0 )
++ if ( result < 6 )
+ {
+ parser->root.error = T1_Err_Invalid_File_Format;
+ return;
+Index: freetype-2.4.8/src/type42/t42parse.c
+===================================================================
+--- freetype-2.4.8.orig/src/type42/t42parse.c 2015-09-10 07:42:08.789889883 -0400
++++ freetype-2.4.8/src/type42/t42parse.c 2015-09-10 07:51:35.691858110 -0400
+@@ -255,12 +255,26 @@
+ FT_Face root = (FT_Face)&face->root;
+ FT_Fixed temp[6];
+ FT_Fixed temp_scale;
++ FT_Int result;
+
+
+- (void)T1_ToFixedArray( parser, 6, temp, 3 );
++ result = T1_ToFixedArray( parser, 6, temp, 3 );
++
++ if ( result < 6 )
++ {
++ parser->root.error = T42_Err_Invalid_File_Format;
++ return;
++ }
+
+ temp_scale = FT_ABS( temp[3] );
+
++ if ( temp_scale == 0 )
++ {
++ FT_ERROR(( "t1_parse_font_matrix: invalid font matrix\n" ));
++ parser->root.error = T42_Err_Invalid_File_Format;
++ return;
++ }
++
+ /* Set Units per EM based on FontMatrix values. We set the value to */
+ /* 1000 / temp_scale, because temp_scale was already multiplied by */
+ /* 1000 (in t1_tofixed, from psobjs.c). */
+@@ -276,7 +290,7 @@
+ temp[2] = FT_DivFix( temp[2], temp_scale );
+ temp[4] = FT_DivFix( temp[4], temp_scale );
+ temp[5] = FT_DivFix( temp[5], temp_scale );
+- temp[3] = 0x10000L;
++ temp[3] = temp[3] < 0 ? -0x10000L : 0x10000L;
+ }
+
+ matrix->xx = temp[0];
+@@ -315,7 +329,7 @@
+ if ( ft_isdigit( *cur ) || *cur == '[' )
+ {
+ T1_Encoding encode = &face->type1.encoding;
+- FT_UInt count, n;
++ FT_Int count, n;
+ PS_Table char_table = &loader->encoding_table;
+ FT_Memory memory = parser->root.memory;
+ FT_Error error;
+@@ -330,7 +344,7 @@
+ parser->root.cursor++;
+ }
+ else
+- count = (FT_UInt)T1_ToInt( parser );
++ count = (FT_Int)T1_ToInt( parser );
+
+ T1_Skip_Spaces( parser );
+ if ( parser->root.cursor >= limit )
+@@ -418,7 +432,7 @@
+
+ cur = parser->root.cursor;
+
+- if ( *cur == '/' && cur + 2 < limit && n < count )
++ if ( cur + 2 < limit && *cur == '/' && n < count )
+ {
+ FT_PtrDist len;
+
+@@ -427,6 +441,8 @@
+
+ parser->root.cursor = cur;
+ T1_Skip_PS_Token( parser );
++ if ( parser->root.cursor >= limit )
++ return;
+ if ( parser->root.error )
+ return;
+
+@@ -440,6 +456,19 @@
+
+ n++;
+ }
++ else if ( only_immediates )
++ {
++ /* Since the current position is not updated for */
++ /* immediates-only mode we would get an infinite loop if */
++ /* we don't do anything here. */
++ /* */
++ /* This encoding array is not valid according to the type1 */
++ /* specification (it might be an encoding for a CID type1 */
++ /* font, however), so we conclude that this font is NOT a */
++ /* type1 font. */
++ parser->root.error = T42_Err_Unknown_File_Format;
++ return;
++ }
+ }
+ else
+ {
+@@ -451,8 +480,8 @@
+ T1_Skip_Spaces( parser );
+ }
+
+- face->type1.encoding_type = T1_ENCODING_TYPE_ARRAY;
+- parser->root.cursor = cur;
++ face->type1.encoding_type = T1_ENCODING_TYPE_ARRAY;
++ parser->root.cursor = cur;
+ }
+
+ /* Otherwise, we should have either `StandardEncoding', */
+@@ -472,10 +501,7 @@
+ face->type1.encoding_type = T1_ENCODING_TYPE_ISOLATIN1;
+
+ else
+- {
+- FT_ERROR(( "t42_parse_encoding: invalid token\n" ));
+- parser->root.error = T42_Err_Invalid_File_Format;
+- }
++ parser->root.error = T42_Err_Ignore;
+ }
+ }
+
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2012-1143.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2012-1143.patch
@@ -0,0 +1,63 @@
+Description: Fix divide by zero checks when casting to 32 bit ints
+Origin: upstream, http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=ba67957d5ead443f4b6b31805d6e780d54361ca4
+
+Index: freetype-2.4.8/src/base/ftcalc.c
+===================================================================
+--- freetype-2.4.8.orig/src/base/ftcalc.c 2009-07-31 11:45:18.000000000 -0500
++++ freetype-2.4.8/src/base/ftcalc.c 2012-03-20 15:48:23.200375064 -0500
+@@ -307,7 +307,7 @@
+ q <<= 1;
+ r |= lo >> 31;
+
+- if ( r >= (FT_UInt32)y )
++ if ( r >= y )
+ {
+ r -= y;
+ q |= 1;
+@@ -373,7 +373,7 @@
+ if ( a <= 46340L && b <= 46340L && c <= 176095L && c > 0 )
+ a = ( a * b + ( c >> 1 ) ) / c;
+
+- else if ( c > 0 )
++ else if ( (FT_Int32)c > 0 )
+ {
+ FT_Int64 temp, temp2;
+
+@@ -412,7 +412,7 @@
+ if ( a <= 46340L && b <= 46340L && c > 0 )
+ a = a * b / c;
+
+- else if ( c > 0 )
++ else if ( (FT_Int32)c > 0 )
+ {
+ FT_Int64 temp;
+
+@@ -544,7 +544,7 @@
+ s = (FT_Int32)a; a = FT_ABS( a );
+ s ^= (FT_Int32)b; b = FT_ABS( b );
+
+- if ( b == 0 )
++ if ( (FT_UInt32)b == 0 )
+ {
+ /* check for division by 0 */
+ q = (FT_UInt32)0x7FFFFFFFL;
+@@ -552,15 +552,16 @@
+ else if ( ( a >> 16 ) == 0 )
+ {
+ /* compute result directly */
+- q = (FT_UInt32)( (a << 16) + (b >> 1) ) / (FT_UInt32)b;
++ q = (FT_UInt32)( ( a << 16 ) + ( b >> 1 ) ) / (FT_UInt32)b;
+ }
+ else
+ {
+ /* we need more bits; we have to do it by hand */
+ FT_Int64 temp, temp2;
+
+- temp.hi = (FT_Int32) (a >> 16);
+- temp.lo = (FT_UInt32)(a << 16);
++
++ temp.hi = (FT_Int32) ( a >> 16 );
++ temp.lo = (FT_UInt32)( a << 16 );
+ temp2.hi = 0;
+ temp2.lo = (FT_UInt32)( b >> 1 );
+ FT_Add64( &temp, &temp2, &temp );
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2012-1131.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2012-1131.patch
@@ -0,0 +1,46 @@
+Description: Use appropriate types to avoid integer truncation on 64 bit systems
+Origin: upstream, http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=fcbc82e69e7b114b0db75e955896107d611898e6
+
+Index: freetype-2.4.8/src/smooth/ftsmooth.c
+===================================================================
+--- freetype-2.4.8.orig/src/smooth/ftsmooth.c 2011-05-29 23:46:55.000000000 -0500
++++ freetype-2.4.8/src/smooth/ftsmooth.c 2012-03-20 15:39:03.956361778 -0500
+@@ -105,9 +105,9 @@
+ FT_Error error;
+ FT_Outline* outline = NULL;
+ FT_BBox cbox;
+- FT_UInt width, height, pitch;
++ FT_Pos width, height, pitch;
+ #ifndef FT_CONFIG_OPTION_SUBPIXEL_RENDERING
+- FT_UInt height_org, width_org;
++ FT_Pos height_org, width_org;
+ #endif
+ FT_Bitmap* bitmap;
+ FT_Memory memory;
+@@ -151,7 +151,7 @@
+ return Smooth_Err_Raster_Overflow;
+ }
+ else
+- width = (FT_UInt)( ( cbox.xMax - cbox.xMin ) >> 6 );
++ width = ( cbox.xMax - cbox.xMin ) >> 6;
+
+ if ( cbox.yMin < 0 && cbox.yMax > FT_INT_MAX + cbox.yMin )
+ {
+@@ -161,7 +161,7 @@
+ return Smooth_Err_Raster_Overflow;
+ }
+ else
+- height = (FT_UInt)( ( cbox.yMax - cbox.yMin ) >> 6 );
++ height = ( cbox.yMax - cbox.yMin ) >> 6;
+
+ bitmap = &slot->bitmap;
+ memory = render->root.memory;
+@@ -223,7 +223,7 @@
+
+ /* Required check is ( pitch * height < FT_ULONG_MAX ), */
+ /* but we care realistic cases only. Always pitch <= width. */
+- if ( width > 0x7FFFU || height > 0x7FFFU )
++ if ( width > 0x7FFF || height > 0x7FFF )
+ {
+ FT_ERROR(( "ft_smooth_render_generic: glyph too large: %u x %u\n",
+ width, height ));
--- freetype-2.4.8.orig/debian/patches-freetype/savannah-bug-41590.patch
+++ freetype-2.4.8/debian/patches-freetype/savannah-bug-41590.patch
@@ -0,0 +1,46 @@
+Backport of:
+
+From df14e6c0b9592cbb24d5381dfc6106b14f915e75 Mon Sep 17 00:00:00 2001
+From: Simon Bünzli
+Date: Wed, 19 Feb 2014 07:42:52 +0000
+Subject: Fix Savannah bug #41590.
+
+* src/type1/t1load.c (parse_encoding): Protect against invalid
+number.
+---
+#diff --git a/ChangeLog b/ChangeLog
+#index 945962f..c1d5aea 100644
+#--- a/ChangeLog
+#+++ b/ChangeLog
+#@@ -4,6 +4,13 @@
+#
+# * src/autofit/hbshim.c: Include `afglobal.h' and `aftypes.h'.
+#
+#+2014-02-19 Simon Bünzli
+#+
+#+ Fix Savannah bug #41590.
+#+
+#+ * src/type1/t1load.c (parse_encoding): Protect against invalid
+#+ number.
+#+
+# 2014-02-12 Dave Arnold
+#
+# [cff] Optimize by using `FT_MulDiv'.
+Index: freetype-2.4.8/src/type1/t1load.c
+===================================================================
+--- freetype-2.4.8.orig/src/type1/t1load.c 2015-09-10 07:22:11.769725638 -0400
++++ freetype-2.4.8/src/type1/t1load.c 2015-09-10 07:23:11.678334444 -0400
+@@ -1269,6 +1269,13 @@
+ {
+ charcode = (FT_Int)T1_ToInt( parser );
+ T1_Skip_Spaces( parser );
++
++ /* protect against invalid charcode */
++ if ( cur == parser->root.cursor )
++ {
++ parser->root.error = FT_Err_Unknown_File_Format;
++ return;
++ }
+ }
+
+ cur = parser->root.cursor;
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2012-1130.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2012-1130.patch
@@ -0,0 +1,17 @@
+Description: Leave room for final NULL byte
+Origin: upstream, http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=c776fc17bfeaa607405fc96620e9445e7a0965c3
+
+Index: freetype-2.4.8/src/pcf/pcfread.c
+===================================================================
+--- freetype-2.4.8.orig/src/pcf/pcfread.c 2011-06-14 16:02:57.000000000 -0500
++++ freetype-2.4.8/src/pcf/pcfread.c 2012-03-20 15:34:12.956354861 -0500
+@@ -496,7 +496,8 @@
+ goto Bail;
+ }
+
+- if ( FT_NEW_ARRAY( strings, string_size ) )
++ /* allocate one more byte so that we have a final null byte */
++ if ( FT_NEW_ARRAY( strings, string_size + 1 ) )
+ goto Bail;
+
+ error = FT_Stream_Read( stream, (FT_Byte*)strings, string_size );
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2012-1144.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2012-1144.patch
@@ -0,0 +1,27 @@
+Description: Validate first glyph outline point value
+Origin: upstream, http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0fc8debeb6c2f6a8a9a2b97332a7c8a0a1bd9e85
+
+Index: freetype-2.4.8/src/truetype/ttgload.c
+===================================================================
+--- freetype-2.4.8.orig/src/truetype/ttgload.c 2011-04-21 00:31:48.000000000 -0500
++++ freetype-2.4.8/src/truetype/ttgload.c 2012-03-20 16:00:37.600392524 -0500
+@@ -362,14 +362,17 @@
+ if ( n_contours >= 0xFFF || p + ( n_contours + 1 ) * 2 > limit )
+ goto Invalid_Outline;
+
+- prev_cont = FT_NEXT_USHORT( p );
++ prev_cont = FT_NEXT_SHORT( p );
+
+ if ( n_contours > 0 )
+ cont[0] = prev_cont;
+
++ if ( prev_cont < 0 )
++ goto Invalid_Outline;
++
+ for ( cont++; cont < cont_limit; cont++ )
+ {
+- cont[0] = FT_NEXT_USHORT( p );
++ cont[0] = FT_NEXT_SHORT( p );
+ if ( cont[0] <= prev_cont )
+ {
+ /* unordered contours: this is invalid */
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2012-1142.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2012-1142.patch
@@ -0,0 +1,23 @@
+Description: Validate first and last character code fields
+Origin: upstream, http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7d35a7dc7cc621538a1f4a63c83ebf223aace0b0
+
+Index: freetype-2.4.8/src/winfonts/winfnt.c
+===================================================================
+--- freetype-2.4.8.orig/src/winfonts/winfnt.c 2010-09-11 01:06:45.000000000 -0500
++++ freetype-2.4.8/src/winfonts/winfnt.c 2012-03-20 15:48:19.604374979 -0500
+@@ -827,7 +827,14 @@
+ root->charmap = root->charmaps[0];
+ }
+
+- /* setup remaining flags */
++ /* set up remaining flags */
++
++ if ( font->header.last_char < font->header.first_char )
++ {
++ FT_TRACE2(( "invalid number of glyphs\n" ));
++ error = FNT_Err_Invalid_File_Format;
++ goto Fail;
++ }
+
+ /* reserve one slot for the .notdef glyph at index 0 */
+ root->num_glyphs = font->header.last_char -
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2015-9381.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2015-9381.patch
@@ -0,0 +1,50 @@
+Backported of:
+
+From 7962a15d64c876870ca0ae435ea2467d9be268d9 Mon Sep 17 00:00:00 2001
+From: Werner Lemberg
+Date: Mon, 14 Sep 2015 00:38:26 +0200
+Subject: [PATCH] [type1] Fix another potential buffer overflow (#45955).
+
+* src/type1/t1parse (T1_Get_Private_Dict): Assure that check for
+`eexec' doesn't exceed `limit'.
+diff --git a/src/type1/t1parse.c b/src/type1/t1parse.c
+index cc75de9..0f5cb03 100644
+--- a/src/type1/t1parse.c
++++ b/src/type1/t1parse.c
+@@ -334,15 +334,14 @@
+ /* first of all, look at the `eexec' keyword */
+ FT_Byte* cur = parser->base_dict;
+ FT_Byte* limit = cur + parser->base_len;
+- FT_Byte c;
+
+
+ Again:
+ for (;;)
+ {
+- c = cur[0];
+- if ( c == 'e' && cur + 9 < limit ) /* 9 = 5 letters for `eexec' + */
+- /* newline + 4 chars */
++ if ( cur[0] == 'e' &&
++ cur + 9 < limit ) /* 9 = 5 letters for `eexec' + */
++ /* whitespace + 4 chars */
+ {
+ if ( cur[1] == 'e' &&
+ cur[2] == 'x' &&
+@@ -371,8 +370,15 @@
+
+ while ( cur < limit )
+ {
+- if ( *cur == 'e' && ft_strncmp( (char*)cur, "eexec", 5 ) == 0 )
+- goto Found;
++ if ( cur[0] == 'e' &&
++ cur + 5 < limit )
++ {
++ if ( cur[1] == 'e' &&
++ cur[2] == 'x' &&
++ cur[3] == 'e' &&
++ cur[4] == 'c' )
++ goto Found;
++ }
+
+ T1_Skip_PS_Token( parser );
+ if ( parser->root.error )
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2015-9382.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2015-9382.patch
@@ -0,0 +1,24 @@
+Backported of:
+
+From db5a4a9ae7b0048f033361744421da8569642f73 Mon Sep 17 00:00:00 2001
+From: Werner Lemberg
+Date: Sat, 12 Sep 2015 08:32:55 +0200
+Subject: [PATCH] [psaux] Fix potential buffer overflow (#45922).
+
+* src/psaux/psobjs.c (ps_parser_skip_PS_token): If a token is
+enclosed in balanced expressions, ensure that the cursor position
+doesn't get larger than the current limit.
+diff --git a/src/psaux/psobjs.c b/src/psaux/psobjs.c
+index 89660ca..3160eba 100644
+--- a/src/psaux/psobjs.c
++++ b/src/psaux/psobjs.c
+@@ -600,6 +600,9 @@
+ error = PSaux_Err_Invalid_File_Format;
+ }
+
++ if ( cur > limit )
++ cur = limit;
++
+ parser->error = error;
+ parser->cursor = cur;
+ }
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2012-1140.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2012-1140.patch
@@ -0,0 +1,49 @@
+Description: Fix incorrect boundary checks
+Origin: upstream, http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=292144b44a15c1a72f2ef76475d65b7a3a3fba67
+
+Index: freetype-2.4.8/src/psaux/psconv.c
+===================================================================
+--- freetype-2.4.8.orig/src/psaux/psconv.c 2009-07-31 11:45:18.000000000 -0500
++++ freetype-2.4.8/src/psaux/psconv.c 2012-03-20 15:48:13.296374827 -0500
+@@ -79,7 +79,7 @@
+ FT_Bool sign = 0;
+
+
+- if ( p == limit || base < 2 || base > 36 )
++ if ( p >= limit || base < 2 || base > 36 )
+ return 0;
+
+ if ( *p == '-' || *p == '+' )
+@@ -150,7 +150,7 @@
+ FT_Bool sign = 0;
+
+
+- if ( p == limit )
++ if ( p >= limit )
+ return 0;
+
+ if ( *p == '-' || *p == '+' )
+@@ -346,7 +346,11 @@
+
+ #if 1
+
+- p = *cursor;
++ p = *cursor;
++
++ if ( p >= limit )
++ return 0;
++
+ if ( n > (FT_UInt)( limit - p ) )
+ n = (FT_UInt)( limit - p );
+
+@@ -434,6 +438,10 @@
+ #if 1
+
+ p = *cursor;
++
++ if ( p >= limit )
++ return 0;
++
+ if ( n > (FT_UInt)(limit - p) )
+ n = (FT_UInt)(limit - p);
+
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2017-8105.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2017-8105.patch
@@ -0,0 +1,69 @@
+From f958c48ee431bef8d4d466b40c9cb2d4dbcb7791 Mon Sep 17 00:00:00 2001
+From: Werner Lemberg
+Date: Fri, 24 Mar 2017 09:15:10 +0100
+Subject: [psaux] Better protect `flex' handling.
+
+Reported as
+
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935
+
+* src/psaux/t1decode.c (t1_decoder_parse_charstrings)
+: Since there is not a single flex operator but a
+series of subroutine calls, malformed fonts can call arbitrary other
+operators after the start of a flex, possibly adding points. For
+this reason we have to check the available number of points before
+inserting a point.
+---
+ ChangeLog | 15 +++++++++++++++
+ src/psaux/t1decode.c | 9 +++++++++
+ 2 files changed, 24 insertions(+)
+
+#diff --git a/ChangeLog b/ChangeLog
+#index a98267a..01e9a7b 100644
+#--- a/ChangeLog
+#+++ b/ChangeLog
+#@@ -1,5 +1,20 @@
+# 2017-03-23 Werner Lemberg
+#
+#+ [psaux] Better protect `flex' handling.
+#+
+#+ Reported as
+#+
+#+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935
+#+
+#+ * src/psaux/t1decode.c (t1_decoder_parse_charstrings)
+#+ : Since there is not a single flex operator but a
+#+ series of subroutine calls, malformed fonts can call arbitrary other
+#+ operators after the start of a flex, possibly adding points. For
+#+ this reason we have to check the available number of points before
+#+ inserting a point.
+#+
+#+2017-03-23 Werner Lemberg
+#+
+# [sfnt] Fix check for default named instance.
+#
+# * src/sfnt/sfobjs.c (sfnt_init_face): A `fixed' number needs four
+Index: freetype-2.6.1/src/psaux/t1decode.c
+===================================================================
+--- freetype-2.6.1.orig/src/psaux/t1decode.c 2017-05-04 11:55:57.774650248 -0400
++++ freetype-2.6.1/src/psaux/t1decode.c 2017-05-04 11:55:57.774650248 -0400
+@@ -782,10 +782,19 @@
+ /* point without adding any point to the outline */
+ idx = decoder->num_flex_vectors++;
+ if ( idx > 0 && idx < 7 )
++ {
++ /* in malformed fonts it is possible to have other */
++ /* opcodes in the middle of a flex (which don't */
++ /* increase `num_flex_vectors'); we thus have to */
++ /* check whether we can add a point */
++ if ( FT_SET_ERROR( t1_builder_check_points( builder, 1 ) ) )
++ goto Syntax_Error;
++
+ t1_builder_add_point( builder,
+ x,
+ y,
+ (FT_Byte)( idx == 3 || idx == 6 ) );
++ }
+ }
+ break;
+
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2016-10328.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2016-10328.patch
@@ -0,0 +1,45 @@
+Origin: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=beecf80a6deecbaf5d264d4f864451bde4fe98b8
+From beecf80a6deecbaf5d264d4f864451bde4fe98b8 Mon Sep 17 00:00:00 2001
+From: Werner Lemberg
+Date: Fri, 16 Dec 2016 08:52:03 +0100
+Subject: [cff] Fix heap buffer overflow (#49858).
+
+* src/cff/cffparse.c (cff_parser_run): Add one more stack size
+check.
+
+CVE-2016-10328
+
+[Dropped modification to Changelog to avoid conflicts. Converted dynamic
+ parser stack size limit to CFF_MAX_STACK_DEPTH, change thanks to
+ Markus Koschany . --sbeattie]
+
+---
+ ChangeLog | 7 +++++++
+ src/cff/cffparse.c | 10 +++++++---
+ 2 files changed, 14 insertions(+), 3 deletions(-)
+
+Index: freetype-2.4.8/src/cff/cffparse.c
+===================================================================
+--- freetype-2.4.8.orig/src/cff/cffparse.c
++++ freetype-2.4.8/src/cff/cffparse.c
+@@ -926,13 +926,17 @@
+ /* and look for it in our current list. */
+
+ FT_UInt code;
+- FT_UInt num_args = (FT_UInt)
+- ( parser->top - parser->stack );
++ FT_UInt num_args;
+ const CFF_Field_Handler* field;
+
+
++ if ( (FT_UInt)( parser->top - parser->stack ) >= CFF_MAX_STACK_DEPTH )
++ goto Stack_Overflow;
++
++ num_args = (FT_UInt)( parser->top - parser->stack );
+ *parser->top = p;
+- code = v;
++ code = v;
++
+ if ( v == 12 )
+ {
+ /* two byte operator */
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2012-1132.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2012-1132.patch
@@ -0,0 +1,130 @@
+Description: Verify string length to prevent invalid reads during comparison
+Origin: upstream, http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=58cbc465d2ccd904dee755cff791fbb3a866646d
+Origin: upstream, http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9a55cb7a71286154cb62e947ed1c183450a8004d
+Origin: upstream, http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=b43e0f4413b2aafb88be8cb3fb7aaa84ac0b9102
+
+Index: freetype-2.4.8/src/psaux/psobjs.c
+===================================================================
+--- freetype-2.4.8.orig/src/psaux/psobjs.c 2011-04-13 06:34:22.000000000 -0500
++++ freetype-2.4.8/src/psaux/psobjs.c 2012-03-20 15:39:31.188362425 -0500
+@@ -589,7 +589,7 @@
+ }
+
+ Exit:
+- if ( cur == parser->cursor )
++ if ( cur < limit && cur == parser->cursor )
+ {
+ FT_ERROR(( "ps_parser_skip_PS_token:"
+ " current token is `%c' which is self-delimiting\n"
+Index: freetype-2.4.8/src/type1/t1load.c
+===================================================================
+--- freetype-2.4.8.orig/src/type1/t1load.c 2011-09-27 07:34:40.000000000 -0500
++++ freetype-2.4.8/src/type1/t1load.c 2012-03-20 15:39:31.192362426 -0500
+@@ -71,6 +71,13 @@
+ #include "t1errors.h"
+
+
++#ifdef FT_CONFIG_OPTION_INCREMENTAL
++#define IS_INCREMENTAL ( face->root.internal->incremental_interface != 0 )
++#else
++#define IS_INCREMENTAL 0
++#endif
++
++
+ /*************************************************************************/
+ /* */
+ /* The macro FT_COMPONENT is used in trace mode. It is an implicit */
+@@ -1030,7 +1037,8 @@
+ static int
+ read_binary_data( T1_Parser parser,
+ FT_Long* size,
+- FT_Byte** base )
++ FT_Byte** base,
++ FT_Bool incremental )
+ {
+ FT_Byte* cur;
+ FT_Byte* limit = parser->root.limit;
+@@ -1065,8 +1073,12 @@
+ }
+ }
+
+- FT_ERROR(( "read_binary_data: invalid size field\n" ));
+- parser->root.error = T1_Err_Invalid_File_Format;
++ if( !incremental )
++ {
++ FT_ERROR(( "read_binary_data: invalid size field\n" ));
++ parser->root.error = T1_Err_Invalid_File_Format;
++ }
++
+ return 0;
+ }
+
+@@ -1387,15 +1399,17 @@
+ FT_Byte* base;
+
+
+- /* If the next token isn't `dup' we are done. */
+- if ( ft_strncmp( (char*)parser->root.cursor, "dup", 3 ) != 0 )
++ /* If we are out of data, or if the next token isn't `dup', */
++ /* we are done. */
++ if ( parser->root.cursor + 4 >= parser->root.limit ||
++ ft_strncmp( (char*)parser->root.cursor, "dup", 3 ) != 0 )
+ break;
+
+ T1_Skip_PS_Token( parser ); /* `dup' */
+
+ idx = T1_ToInt( parser );
+
+- if ( !read_binary_data( parser, &size, &base ) )
++ if ( !read_binary_data( parser, &size, &base, IS_INCREMENTAL ) )
+ return;
+
+ /* The binary string is followed by one token, e.g. `NP' */
+@@ -1407,7 +1421,8 @@
+ return;
+ T1_Skip_Spaces ( parser );
+
+- if ( ft_strncmp( (char*)parser->root.cursor, "put", 3 ) == 0 )
++ if ( parser->root.cursor + 4 < parser->root.limit &&
++ ft_strncmp( (char*)parser->root.cursor, "put", 3 ) == 0 )
+ {
+ T1_Skip_PS_Token( parser ); /* skip `put' */
+ T1_Skip_Spaces ( parser );
+@@ -1580,7 +1595,7 @@
+ cur++; /* skip `/' */
+ len = parser->root.cursor - cur;
+
+- if ( !read_binary_data( parser, &size, &base ) )
++ if ( !read_binary_data( parser, &size, &base, IS_INCREMENTAL ) )
+ return;
+
+ /* for some non-standard fonts like `Optima' which provides */
+@@ -1869,7 +1884,7 @@
+
+
+ parser->root.cursor = start_binary;
+- if ( !read_binary_data( parser, &s, &b ) )
++ if ( !read_binary_data( parser, &s, &b, IS_INCREMENTAL ) )
+ return T1_Err_Invalid_File_Format;
+ have_integer = 0;
+ }
+@@ -1882,7 +1897,7 @@
+
+
+ parser->root.cursor = start_binary;
+- if ( !read_binary_data( parser, &s, &b ) )
++ if ( !read_binary_data( parser, &s, &b, IS_INCREMENTAL ) )
+ return T1_Err_Invalid_File_Format;
+ have_integer = 0;
+ }
+@@ -2158,9 +2173,7 @@
+ type1->subrs_len = loader.subrs.lengths;
+ }
+
+-#ifdef FT_CONFIG_OPTION_INCREMENTAL
+- if ( !face->root.internal->incremental_interface )
+-#endif
++ if ( !IS_INCREMENTAL )
+ if ( !loader.charstrings.init )
+ {
+ FT_ERROR(( "T1_Open_Face: no `/CharStrings' array in face\n" ));
--- freetype-2.4.8.orig/debian/patches-freetype/freetype-2.1.7-backwards.compat.patch
+++ freetype-2.4.8/debian/patches-freetype/freetype-2.1.7-backwards.compat.patch
@@ -0,0 +1,35 @@
+Index: src/base/ftapi.c
+===================================================================
+--- src/base/ftapi.c.orig
++++ src/base/ftapi.c
+@@ -118,4 +118,18 @@
+ }
+
+
++ FT_BASE_DEF( FT_Short )
++ FT_Get_Short( FT_Stream stream )
++ {
++ return FT_GET_SHORT();
++ }
++
++
++ FT_BASE_DEF( FT_Long )
++ FT_Get_Long( FT_Stream stream )
++ {
++ return FT_GET_LONG();
++ }
++
++
+ /* END */
+Index: src/base/ftbase.c
+===================================================================
+--- src/base/ftbase.c.orig
++++ src/base/ftbase.c
+@@ -33,6 +33,7 @@
+ #include "ftstream.c"
+ #include "fttrigon.c"
+ #include "ftutil.c"
++#include "ftapi.c"
+
+ #if defined( FT_MACINTOSH ) && !defined ( DARWIN_NO_CARBON )
+ #include "ftmac.c"
--- freetype-2.4.8.orig/debian/patches-freetype/enable-subpixel-rendering.patch
+++ freetype-2.4.8/debian/patches-freetype/enable-subpixel-rendering.patch
@@ -0,0 +1,13 @@
+Index: freetype-2.4.0/include/freetype/config/ftoption.h
+===================================================================
+--- freetype-2.4.0.orig/include/freetype/config/ftoption.h
++++ freetype-2.4.0/include/freetype/config/ftoption.h
+@@ -93,7 +93,7 @@
+ /* This is done to allow FreeType clients to run unmodified, forcing */
+ /* them to display normal gray-level anti-aliased glyphs. */
+ /* */
+-/* #define FT_CONFIG_OPTION_SUBPIXEL_RENDERING */
++#define FT_CONFIG_OPTION_SUBPIXEL_RENDERING
+
+
+ /*************************************************************************/
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2012-1137.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2012-1137.patch
@@ -0,0 +1,16 @@
+Description: Allocate the number of field elements expected elsewhere in code
+Origin: upstream, http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=cee5d593582801f65c5e127d9de9ca24ebcdc747
+
+Index: freetype-2.4.8/src/bdf/bdflib.c
+===================================================================
+--- freetype-2.4.8.orig/src/bdf/bdflib.c 2012-03-20 15:45:05.928370374 -0500
++++ freetype-2.4.8/src/bdf/bdflib.c 2012-03-20 15:45:09.288370460 -0500
+@@ -424,7 +424,7 @@
+ if ( num_items > list->size )
+ {
+ unsigned long oldsize = list->size; /* same as _bdf_list_t.size */
+- unsigned long newsize = oldsize + ( oldsize >> 1 ) + 4;
++ unsigned long newsize = oldsize + ( oldsize >> 1 ) + 5;
+ unsigned long bigsize = (unsigned long)( FT_INT_MAX / sizeof ( char* ) );
+ FT_Memory memory = list->memory;
+
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2012-1139.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2012-1139.patch
@@ -0,0 +1,39 @@
+Description: Validate array index value
+Origin: upstream, http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=6ac022dc750d95296a6f731b9594f2e751d997fa
+Origin: upstream, http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=37b5c92f83e5da53707b20c10ef8e0d7a24924d9
+
+Index: freetype-2.4.8/src/bdf/bdflib.c
+===================================================================
+--- freetype-2.4.8.orig/src/bdf/bdflib.c 2012-03-20 15:45:09.288370460 -0500
++++ freetype-2.4.8/src/bdf/bdflib.c 2012-03-20 15:48:08.584374723 -0500
+@@ -791,7 +791,7 @@
+ };
+
+
+-#define isdigok( m, d ) (m[(d) >> 3] & ( 1 << ( (d) & 7 ) ) )
++#define isdigok( m, d ) (m[(unsigned char)(d) >> 3] & ( 1 << ( (d) & 7 ) ) )
+
+
+ /* Routine to convert an ASCII string into an unsigned long integer. */
+@@ -1709,7 +1709,7 @@
+ for ( i = 0; i < nibbles; i++ )
+ {
+ c = line[i];
+- if ( !c )
++ if ( !isdigok( hdigits, c ) )
+ break;
+ *bp = (FT_Byte)( ( *bp << 4 ) + a2i[c] );
+ if ( i + 1 < nibbles && ( i & 1 ) )
+@@ -1732,9 +1732,9 @@
+ *bp &= nibble_mask[mask_index];
+
+ /* If any line has extra columns, indicate they have been removed. */
+- if ( i == nibbles &&
+- ( line[nibbles] == '0' || a2i[(int)line[nibbles]] != 0 ) &&
+- !( p->flags & _BDF_GLYPH_WIDTH_CHECK ) )
++ if ( i == nibbles &&
++ isdigok( hdigits, line[nibbles] ) &&
++ !( p->flags & _BDF_GLYPH_WIDTH_CHECK ) )
+ {
+ FT_TRACE2(( "_bdf_parse_glyphs: " ACMSG14, glyph->encoding ));
+ p->flags |= _BDF_GLYPH_WIDTH_CHECK;
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2012-1135.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2012-1135.patch
@@ -0,0 +1,25 @@
+Description: Fix off-by-one boundary check error
+Origin: upstream, http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=5dddcc45a03b336860436a180aec5b358517336b
+
+Index: freetype-2.4.8/src/truetype/ttinterp.c
+===================================================================
+--- freetype-2.4.8.orig/src/truetype/ttinterp.c 2012-03-20 15:34:02.568354610 -0500
++++ freetype-2.4.8/src/truetype/ttinterp.c 2012-03-20 15:45:02.140370287 -0500
+@@ -4471,7 +4471,7 @@
+ CUR.length = opcode_length[CUR.opcode];
+ if ( CUR.length < 0 )
+ {
+- if ( CUR.IP + 1 > CUR.codeSize )
++ if ( CUR.IP + 1 >= CUR.codeSize )
+ goto Fail_Overflow;
+ CUR.length = 2 - CUR.length * CUR.code[CUR.IP + 1];
+ }
+@@ -7512,7 +7512,7 @@
+
+ if ( ( CUR.length = opcode_length[CUR.opcode] ) < 0 )
+ {
+- if ( CUR.IP + 1 > CUR.codeSize )
++ if ( CUR.IP + 1 >= CUR.codeSize )
+ goto LErrorCodeOverflow_;
+
+ CUR.length = 2 - CUR.length * CUR.code[CUR.IP + 1];
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2012-1126.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2012-1126.patch
@@ -0,0 +1,17 @@
+Description: Ensure pointer is non-NULL before dereferencing
+Origin: upstream, http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=320d4976d1d010b5abe9d61a7423d8ca06bc34df
+
+Index: freetype-2.4.8/src/bdf/bdflib.c
+===================================================================
+--- freetype-2.4.8.orig/src/bdf/bdflib.c 2011-06-29 02:11:06.000000000 -0500
++++ freetype-2.4.8/src/bdf/bdflib.c 2012-03-20 15:33:13.016353434 -0500
+@@ -1241,7 +1241,8 @@
+ ep = line + linelen;
+
+ /* Trim the leading whitespace if it exists. */
+- *sp++ = 0;
++ if ( *sp )
++ *sp++ = 0;
+ while ( *sp &&
+ ( *sp == ' ' || *sp == '\t' ) )
+ sp++;
--- freetype-2.4.8.orig/debian/patches-freetype/enable-gxvalid-otvalid.patch
+++ freetype-2.4.8/debian/patches-freetype/enable-gxvalid-otvalid.patch
@@ -0,0 +1,31 @@
+Description: enable the otvalid and gxvalid table validation modules
+ The 'ftvalid' demo in the freetype2-demos package is only useful if certain
+ extra extensions are enabled in freetype. These extensions are not enabled
+ upstream by default, but there's no reason for us not to enable them.
+Author: Paul Wise
+Bug-Debian: http://bugs.debian.org/520879
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/239626
+Forwarded: not-needed
+
+Index: freetype-2.4.4/modules.cfg
+===================================================================
+--- freetype-2.4.4.orig/modules.cfg
++++ freetype-2.4.4/modules.cfg
+@@ -110,7 +110,7 @@
+ AUX_MODULES += cache
+
+ # TrueType GX/AAT table validation. Needs ftgxval.c below.
+-# AUX_MODULES += gxvalid
++AUX_MODULES += gxvalid
+
+ # Support for streams compressed with gzip (files with suffix .gz).
+ #
+@@ -124,7 +124,7 @@
+
+ # OpenType table validation. Needs ftotval.c below.
+ #
+-# AUX_MODULES += otvalid
++AUX_MODULES += otvalid
+
+ # Auxiliary PostScript driver component to share common code.
+ #
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2012-1141.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2012-1141.patch
@@ -0,0 +1,23 @@
+Description: Initialize elements to prevent invalid read
+Origin: upstream, http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=d9c1659610f9cd5e103790cb5963483d65cf0d2d
+Origin: upstream, http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=649c673a8fc1795536c5b9a48503568d9e2a75c6
+
+Index: freetype-2.4.8/src/bdf/bdflib.c
+===================================================================
+--- freetype-2.4.8.orig/src/bdf/bdflib.c 2012-03-20 15:48:08.584374723 -0500
++++ freetype-2.4.8/src/bdf/bdflib.c 2012-03-20 15:48:16.456374910 -0500
+@@ -521,6 +521,14 @@
+
+ /* Initialize the list. */
+ list->used = 0;
++ if ( list->size )
++ {
++ list->field[0] = (char*)empty;
++ list->field[1] = (char*)empty;
++ list->field[2] = (char*)empty;
++ list->field[3] = (char*)empty;
++ list->field[4] = (char*)empty;
++ }
+
+ /* If the line is empty, then simply return. */
+ if ( linelen == 0 || line[0] == 0 )
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2012-1134.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2012-1134.patch
@@ -0,0 +1,22 @@
+Description: Ensure dictionaries meet minimum size requirements
+Origin: upstream, http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=d9577add645c8c05460c7d60ad486c021394b82e
+
+Index: freetype-2.4.8/src/type1/t1parse.c
+===================================================================
+--- freetype-2.4.8.orig/src/type1/t1parse.c 2009-11-25 16:46:15.000000000 -0600
++++ freetype-2.4.8/src/type1/t1parse.c 2012-03-20 15:44:57.984370190 -0500
+@@ -467,6 +467,14 @@
+ /* we now decrypt the encoded binary private dictionary */
+ psaux->t1_decrypt( parser->private_dict, parser->private_len, 55665U );
+
++ if ( parser->private_len < 4 )
++ {
++ FT_ERROR(( "T1_Get_Private_Dict:"
++ " invalid private dictionary section\n" ));
++ error = T1_Err_Invalid_File_Format;
++ goto Fail;
++ }
++
+ /* replace the four random bytes at the beginning with whitespace */
+ parser->private_dict[0] = ' ';
+ parser->private_dict[1] = ' ';
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2012-1129.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2012-1129.patch
@@ -0,0 +1,17 @@
+Description: Prevent invalid memory read outside of string_buf bounds
+Origin: upstream, http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=82365c0dead99dd119d9e7117cf4f36ce1d1cbe1
+
+Index: freetype-2.4.8/src/type42/t42parse.c
+===================================================================
+--- freetype-2.4.8.orig/src/type42/t42parse.c 2010-08-05 16:07:21.000000000 -0500
++++ freetype-2.4.8/src/type42/t42parse.c 2012-03-20 15:34:07.112354724 -0500
+@@ -608,7 +608,8 @@
+ }
+
+ /* A string can have a trailing zero byte for padding. Ignore it. */
+- if ( string_buf[string_size - 1] == 0 && ( string_size % 2 == 1 ) )
++ if ( string_size &&
++ string_buf[string_size - 1] == 0 && ( string_size % 2 == 1 ) )
+ string_size--;
+
+ if ( !string_size )
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2012-1138.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2012-1138.patch
@@ -0,0 +1,16 @@
+Description: Fix typo to prevent invalid read
+Origin: upstream, http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a33c013fe2dc6e65de2879682201d9c155292349
+
+Index: freetype-2.4.8/src/truetype/ttinterp.c
+===================================================================
+--- freetype-2.4.8.orig/src/truetype/ttinterp.c 2012-03-20 15:45:02.000000000 -0500
++++ freetype-2.4.8/src/truetype/ttinterp.c 2012-03-20 15:47:50.412374290 -0500
+@@ -6257,7 +6257,7 @@
+ CUR.zp1.org[point].y = CUR.zp0.org[CUR.GS.rp0].y +
+ TT_MulFix14( (FT_UInt32)cvt_dist,
+ CUR.GS.freeVector.y );
+- CUR.zp1.cur[point] = CUR.zp0.cur[point];
++ CUR.zp1.cur[point] = CUR.zp1.org[point];
+ }
+
+ org_dist = CUR_Func_dualproj( &CUR.zp1.org[point],
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2017-8287.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2017-8287.patch
@@ -0,0 +1,48 @@
+From 3774fc08b502c3e685afca098b6e8a195aded6a0 Mon Sep 17 00:00:00 2001
+From: Werner Lemberg
+Date: Sun, 26 Mar 2017 08:32:09 +0200
+Subject: * src/psaux/psobjs.c (t1_builder_close_contour): Add safety guard.
+
+Reported as
+
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941
+---
+ ChangeLog | 8 ++++++++
+ src/psaux/psobjs.c | 8 ++++++++
+ 2 files changed, 16 insertions(+)
+
+#diff --git a/ChangeLog b/ChangeLog
+#index 01e9a7b..3d782e9 100644
+#--- a/ChangeLog
+#+++ b/ChangeLog
+#@@ -1,3 +1,11 @@
+#+2017-03-26 Werner Lemberg
+#+
+#+ * src/psaux/psobjs.c (t1_builder_close_contour): Add safety guard.
+#+
+#+ Reported as
+#+
+#+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941
+#+
+# 2017-03-23 Werner Lemberg
+#
+# [psaux] Better protect `flex' handling.
+Index: freetype-2.5.2/src/psaux/psobjs.c
+===================================================================
+--- freetype-2.5.2.orig/src/psaux/psobjs.c 2017-05-04 11:57:05.239240725 -0400
++++ freetype-2.5.2/src/psaux/psobjs.c 2017-05-04 11:57:05.239240725 -0400
+@@ -1711,6 +1711,14 @@
+ first = outline->n_contours <= 1
+ ? 0 : outline->contours[outline->n_contours - 2] + 1;
+
++ /* in malformed fonts it can happen that a contour was started */
++ /* but no points were added */
++ if ( outline->n_contours && first == outline->n_points )
++ {
++ outline->n_contours--;
++ return;
++ }
++
+ /* We must not include the last point in the path if it */
+ /* is located on the first point. */
+ if ( outline->n_points > 1 )
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2012-5668.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2012-5668.patch
@@ -0,0 +1,21 @@
+Description: fix denial of service and possible code execution via NULL
+ pointer dereference
+Origin: upstream, http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9b6b5754b57c12b820e01305eb69b8863a161e5a
+Bug: https://savannah.nongnu.org/bugs/?37905
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696691
+
+Index: freetype-2.4.8/src/bdf/bdflib.c
+===================================================================
+--- freetype-2.4.8.orig/src/bdf/bdflib.c 2013-01-11 13:49:19.327207460 -0500
++++ freetype-2.4.8/src/bdf/bdflib.c 2013-01-11 13:49:19.000000000 -0500
+@@ -2138,7 +2138,10 @@
+ p->cnt = p->font->props_size = _bdf_atoul( p->list.field[1], 0, 10 );
+
+ if ( FT_NEW_ARRAY( p->font->props, p->cnt ) )
++ {
++ p->font->props_size = 0;
+ goto Exit;
++ }
+
+ p->flags |= _BDF_PROPS;
+ *next = _bdf_parse_properties;
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9664-2.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9664-2.patch
@@ -0,0 +1,43 @@
+Backport of:
+
+From 73be9f9ab67842cfbec36ee99e8d2301434c84ca Mon Sep 17 00:00:00 2001
+From: Werner Lemberg
+Date: Mon, 24 Nov 2014 06:30:05 +0000
+Subject: [type1, type42] Another fix for Savannah bug #43655.
+
+* src/type1/t1load.c (parse_charstrings), src/type42/t42parse.c
+(t42_parse_charstrings): Add another boundary testing.
+---
+Index: freetype-2.4.8/src/type1/t1load.c
+===================================================================
+--- freetype-2.4.8.orig/src/type1/t1load.c 2015-02-24 10:05:06.351024392 -0500
++++ freetype-2.4.8/src/type1/t1load.c 2015-02-24 10:05:06.347024361 -0500
+@@ -1578,6 +1578,11 @@
+ }
+
+ T1_Skip_PS_Token( parser );
++ if ( parser->root.cursor >= limit )
++ {
++ error = T1_Err_Invalid_File_Format;
++ goto Fail;
++ }
+ if ( parser->root.error )
+ return;
+
+Index: freetype-2.4.8/src/type42/t42parse.c
+===================================================================
+--- freetype-2.4.8.orig/src/type42/t42parse.c 2015-02-24 10:05:06.351024392 -0500
++++ freetype-2.4.8/src/type42/t42parse.c 2015-02-24 10:05:06.347024361 -0500
+@@ -824,6 +824,12 @@
+ break;
+
+ T1_Skip_PS_Token( parser );
++ if ( parser->root.cursor >= limit )
++ {
++ FT_ERROR(( "t42_parse_charstrings: out of bounds\n" ));
++ error = T42_Err_Invalid_File_Format;
++ goto Fail;
++ }
+ if ( parser->root.error )
+ return;
+
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9656.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9656.patch
@@ -0,0 +1,27 @@
+Backport of:
+
+From f0292bb9920aa1dbfed5f53861e7c7a89b35833a Mon Sep 17 00:00:00 2001
+From: Werner Lemberg
+Date: Mon, 24 Nov 2014 09:51:21 +0000
+Subject: [sfnt] Fix Savannah bug #43680.
+
+This adds an additional constraint to make the fix from 2013-01-25
+really work.
+
+* src/sfnt/ttsbit.c (tt_sbit_decoder_load_image) :
+Check `p' before `num_glyphs'.
+---
+Index: freetype-2.4.8/src/sfnt/ttsbit0.c
+===================================================================
+--- freetype-2.4.8.orig/src/sfnt/ttsbit0.c 2015-02-24 09:41:01.959628041 -0500
++++ freetype-2.4.8/src/sfnt/ttsbit0.c 2015-02-24 09:41:01.959628041 -0500
+@@ -891,7 +891,8 @@
+ num_glyphs = FT_NEXT_ULONG( p );
+
+ /* overflow check for p + ( num_glyphs + 1 ) * 4 */
+- if ( num_glyphs > (FT_ULong)( ( ( p_limit - p ) >> 2 ) - 1 ) )
++ if ( p + 4 > p_limit ||
++ num_glyphs > (FT_ULong)( ( ( p_limit - p ) >> 2 ) - 1 ) )
+ goto NoBitmap;
+
+ for ( mm = 0; mm < num_glyphs; mm++ )
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9675-1.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9675-1.patch
@@ -0,0 +1,229 @@
+Backport of:
+
+From 9a56764037dfc01a89fe61f5c67971bf50343d00 Mon Sep 17 00:00:00 2001
+From: Werner Lemberg
+Date: Wed, 26 Feb 2014 12:08:07 +0000
+Subject: [bdf] Fix Savannah bug #41692.
+
+bdflib puts data from the input stream into a buffer in chunks of
+1024 bytes. The data itself gets then parsed line by line, simply
+increasing the current pointer into the buffer; if the search for
+the final newline character exceeds the buffer size, more data gets
+read.
+
+However, in case the current line's end is very near to the buffer
+end, and the keyword to compare with is longer than the current
+line's length, an out-of-bounds read might happen since `memcmp'
+doesn't stop properly at the string end.
+
+* src/bdf/bdflib.c: s/ft_memcmp/ft_strncmp/ to make comparisons
+stop at string ends.
+---
+Index: freetype-2.4.8/src/bdf/bdflib.c
+===================================================================
+--- freetype-2.4.8.orig/src/bdf/bdflib.c 2015-02-24 10:32:21.201160957 -0500
++++ freetype-2.4.8/src/bdf/bdflib.c 2015-02-24 10:32:21.201160957 -0500
+@@ -1387,7 +1387,7 @@
+
+ /* If the property happens to be a comment, then it doesn't need */
+ /* to be added to the internal hash table. */
+- if ( ft_memcmp( name, "COMMENT", 7 ) != 0 )
++ if ( ft_strncmp( name, "COMMENT", 7 ) != 0 )
+ {
+ /* Add the property to the font property table. */
+ error = hash_insert( fp->name,
+@@ -1405,13 +1405,13 @@
+ /* FONT_ASCENT and FONT_DESCENT need to be assigned if they are */
+ /* present, and the SPACING property should override the default */
+ /* spacing. */
+- if ( ft_memcmp( name, "DEFAULT_CHAR", 12 ) == 0 )
++ if ( ft_strncmp( name, "DEFAULT_CHAR", 12 ) == 0 )
+ font->default_char = fp->value.l;
+- else if ( ft_memcmp( name, "FONT_ASCENT", 11 ) == 0 )
++ else if ( ft_strncmp( name, "FONT_ASCENT", 11 ) == 0 )
+ font->font_ascent = fp->value.l;
+- else if ( ft_memcmp( name, "FONT_DESCENT", 12 ) == 0 )
++ else if ( ft_strncmp( name, "FONT_DESCENT", 12 ) == 0 )
+ font->font_descent = fp->value.l;
+- else if ( ft_memcmp( name, "SPACING", 7 ) == 0 )
++ else if ( ft_strncmp( name, "SPACING", 7 ) == 0 )
+ {
+ if ( !fp->value.atom )
+ {
+@@ -1468,7 +1468,7 @@
+ memory = font->memory;
+
+ /* Check for a comment. */
+- if ( ft_memcmp( line, "COMMENT", 7 ) == 0 )
++ if ( ft_strncmp( line, "COMMENT", 7 ) == 0 )
+ {
+ linelen -= 7;
+
+@@ -1485,7 +1485,7 @@
+ /* The very first thing expected is the number of glyphs. */
+ if ( !( p->flags & _BDF_GLYPHS ) )
+ {
+- if ( ft_memcmp( line, "CHARS", 5 ) != 0 )
++ if ( ft_strncmp( line, "CHARS", 5 ) != 0 )
+ {
+ FT_ERROR(( "_bdf_parse_glyphs: " ERRMSG1, lineno, "CHARS" ));
+ error = BDF_Err_Missing_Chars_Field;
+@@ -1518,7 +1518,7 @@
+ }
+
+ /* Check for the ENDFONT field. */
+- if ( ft_memcmp( line, "ENDFONT", 7 ) == 0 )
++ if ( ft_strncmp( line, "ENDFONT", 7 ) == 0 )
+ {
+ if ( p->flags & _BDF_GLYPH_BITS )
+ {
+@@ -1540,7 +1540,7 @@
+ }
+
+ /* Check for the ENDCHAR field. */
+- if ( ft_memcmp( line, "ENDCHAR", 7 ) == 0 )
++ if ( ft_strncmp( line, "ENDCHAR", 7 ) == 0 )
+ {
+ p->glyph_enc = 0;
+ p->flags &= ~_BDF_GLYPH_BITS;
+@@ -1556,7 +1556,7 @@
+ goto Exit;
+
+ /* Check for the STARTCHAR field. */
+- if ( ft_memcmp( line, "STARTCHAR", 9 ) == 0 )
++ if ( ft_strncmp( line, "STARTCHAR", 9 ) == 0 )
+ {
+ /* Set the character name in the parse info first until the */
+ /* encoding can be checked for an unencoded character. */
+@@ -1587,7 +1587,7 @@
+ }
+
+ /* Check for the ENCODING field. */
+- if ( ft_memcmp( line, "ENCODING", 8 ) == 0 )
++ if ( ft_strncmp( line, "ENCODING", 8 ) == 0 )
+ {
+ if ( !( p->flags & _BDF_GLYPH ) )
+ {
+@@ -1763,7 +1763,7 @@
+ }
+
+ /* Expect the SWIDTH (scalable width) field next. */
+- if ( ft_memcmp( line, "SWIDTH", 6 ) == 0 )
++ if ( ft_strncmp( line, "SWIDTH", 6 ) == 0 )
+ {
+ if ( !( p->flags & _BDF_ENCODING ) )
+ goto Missing_Encoding;
+@@ -1779,7 +1779,7 @@
+ }
+
+ /* Expect the DWIDTH (scalable width) field next. */
+- if ( ft_memcmp( line, "DWIDTH", 6 ) == 0 )
++ if ( ft_strncmp( line, "DWIDTH", 6 ) == 0 )
+ {
+ if ( !( p->flags & _BDF_ENCODING ) )
+ goto Missing_Encoding;
+@@ -1807,7 +1807,7 @@
+ }
+
+ /* Expect the BBX field next. */
+- if ( ft_memcmp( line, "BBX", 3 ) == 0 )
++ if ( ft_strncmp( line, "BBX", 3 ) == 0 )
+ {
+ if ( !( p->flags & _BDF_ENCODING ) )
+ goto Missing_Encoding;
+@@ -1875,7 +1875,7 @@
+ }
+
+ /* And finally, gather up the bitmap. */
+- if ( ft_memcmp( line, "BITMAP", 6 ) == 0 )
++ if ( ft_strncmp( line, "BITMAP", 6 ) == 0 )
+ {
+ unsigned long bitmap_size;
+
+@@ -1949,7 +1949,7 @@
+ p = (_bdf_parse_t *) client_data;
+
+ /* Check for the end of the properties. */
+- if ( ft_memcmp( line, "ENDPROPERTIES", 13 ) == 0 )
++ if ( ft_strncmp( line, "ENDPROPERTIES", 13 ) == 0 )
+ {
+ /* If the FONT_ASCENT or FONT_DESCENT properties have not been */
+ /* encountered yet, then make sure they are added as properties and */
+@@ -1988,12 +1988,12 @@
+ }
+
+ /* Ignore the _XFREE86_GLYPH_RANGES properties. */
+- if ( ft_memcmp( line, "_XFREE86_GLYPH_RANGES", 21 ) == 0 )
++ if ( ft_strncmp( line, "_XFREE86_GLYPH_RANGES", 21 ) == 0 )
+ goto Exit;
+
+ /* Handle COMMENT fields and properties in a special way to preserve */
+ /* the spacing. */
+- if ( ft_memcmp( line, "COMMENT", 7 ) == 0 )
++ if ( ft_strncmp( line, "COMMENT", 7 ) == 0 )
+ {
+ name = value = line;
+ value += 7;
+@@ -2057,7 +2057,7 @@
+
+ /* Check for a comment. This is done to handle those fonts that have */
+ /* comments before the STARTFONT line for some reason. */
+- if ( ft_memcmp( line, "COMMENT", 7 ) == 0 )
++ if ( ft_strncmp( line, "COMMENT", 7 ) == 0 )
+ {
+ if ( p->opts->keep_comments != 0 && p->font != 0 )
+ {
+@@ -2083,7 +2083,7 @@
+ {
+ memory = p->memory;
+
+- if ( ft_memcmp( line, "STARTFONT", 9 ) != 0 )
++ if ( ft_strncmp( line, "STARTFONT", 9 ) != 0 )
+ {
+ /* No STARTFONT field is a good indication of a problem. */
+ error = BDF_Err_Missing_Startfont_Field;
+@@ -2130,7 +2130,7 @@
+ }
+
+ /* Check for the start of the properties. */
+- if ( ft_memcmp( line, "STARTPROPERTIES", 15 ) == 0 )
++ if ( ft_strncmp( line, "STARTPROPERTIES", 15 ) == 0 )
+ {
+ if ( !( p->flags & _BDF_FONT_BBX ) )
+ {
+@@ -2159,7 +2159,7 @@
+ }
+
+ /* Check for the FONTBOUNDINGBOX field. */
+- if ( ft_memcmp( line, "FONTBOUNDINGBOX", 15 ) == 0 )
++ if ( ft_strncmp( line, "FONTBOUNDINGBOX", 15 ) == 0 )
+ {
+ if ( !( p->flags & _BDF_SIZE ) )
+ {
+@@ -2190,7 +2190,7 @@
+ }
+
+ /* The next thing to check for is the FONT field. */
+- if ( ft_memcmp( line, "FONT", 4 ) == 0 )
++ if ( ft_strncmp( line, "FONT", 4 ) == 0 )
+ {
+ error = _bdf_list_split( &p->list, (char *)" +", line, linelen );
+ if ( error )
+@@ -2224,7 +2224,7 @@
+ }
+
+ /* Check for the SIZE field. */
+- if ( ft_memcmp( line, "SIZE", 4 ) == 0 )
++ if ( ft_strncmp( line, "SIZE", 4 ) == 0 )
+ {
+ if ( !( p->flags & _BDF_FONT_NAME ) )
+ {
+@@ -2278,7 +2278,7 @@
+ }
+
+ /* Check for the CHARS field -- font properties are optional */
+- if ( ft_memcmp( line, "CHARS", 5 ) == 0 )
++ if ( ft_strncmp( line, "CHARS", 5 ) == 0 )
+ {
+ char nbuf[128];
+
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9661-1.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9661-1.patch
@@ -0,0 +1,108 @@
+Backport of:
+
+From 3788187e0c396952cd7d905c6c61f3ff8e84b2b4 Mon Sep 17 00:00:00 2001
+From: Werner Lemberg
+Date: Sat, 22 Nov 2014 09:46:47 +0000
+Subject: [type42] Fix Savannah bug #43659.
+
+* src/type42/t42objs.c (T42_Open_Face): Initialize `face->ttf_size'.
+
+* src/type42/t42parse.c (t42_parse_sfnts): Always set
+`face->ttf_size' directly. This ensures a correct stream size in
+the call to `FT_Open_Face', which follows after parsing, even for
+buggy input data.
+Fix error messages.
+---
+Index: freetype-2.4.8/src/type42/t42objs.c
+===================================================================
+--- freetype-2.4.8.orig/src/type42/t42objs.c 2015-02-24 09:57:33.071500298 -0500
++++ freetype-2.4.8/src/type42/t42objs.c 2015-02-24 09:57:33.067500267 -0500
+@@ -47,6 +47,12 @@
+ if ( FT_ALLOC( face->ttf_data, 12 ) )
+ goto Exit;
+
++ /* while parsing the font we always update `face->ttf_size' so that */
++ /* even in case of buggy data (which might lead to premature end of */
++ /* scanning without causing an error) the call to `FT_Open_Face' in */
++ /* `T42_Face_Init' passes the correct size */
++ face->ttf_size = 12;
++
+ error = t42_parser_init( parser,
+ face->root.stream,
+ memory,
+Index: freetype-2.4.8/src/type42/t42parse.c
+===================================================================
+--- freetype-2.4.8.orig/src/type42/t42parse.c 2015-02-24 09:57:33.071500298 -0500
++++ freetype-2.4.8/src/type42/t42parse.c 2015-02-24 10:00:32.536900770 -0500
+@@ -499,7 +499,7 @@
+ FT_Byte* limit = parser->root.limit;
+ FT_Error error;
+ FT_Int num_tables = 0;
+- FT_ULong count, ttf_size = 0;
++ FT_ULong count;
+
+ FT_Long n, string_size, old_string_size, real_size;
+ FT_Byte* string_buf = NULL;
+@@ -592,7 +592,7 @@
+
+ if ( limit - parser->root.cursor < string_size )
+ {
+- FT_ERROR(( "t42_parse_sfnts: too many binary data\n" ));
++ FT_ERROR(( "t42_parse_sfnts: too much binary data\n" ));
+ error = T42_Err_Invalid_File_Format;
+ goto Fail;
+ }
+@@ -632,18 +632,18 @@
+ }
+ else
+ {
+- num_tables = 16 * face->ttf_data[4] + face->ttf_data[5];
+- status = BEFORE_TABLE_DIR;
+- ttf_size = 12 + 16 * num_tables;
++ num_tables = 16 * face->ttf_data[4] + face->ttf_data[5];
++ status = BEFORE_TABLE_DIR;
++ face->ttf_size = 12 + 16 * num_tables;
+
+- if ( FT_REALLOC( face->ttf_data, 12, ttf_size ) )
++ if ( FT_REALLOC( face->ttf_data, 12, face->ttf_size ) )
+ goto Fail;
+ }
+ /* fall through */
+
+ case BEFORE_TABLE_DIR:
+ /* the offset table is read; read the table directory */
+- if ( count < ttf_size )
++ if ( count < face->ttf_size )
+ {
+ face->ttf_data[count++] = string_buf[n];
+ continue;
+@@ -662,24 +662,23 @@
+ len = FT_PEEK_ULONG( p );
+
+ /* Pad to a 4-byte boundary length */
+- ttf_size += ( len + 3 ) & ~3;
++ face->ttf_size += ( len + 3 ) & ~3;
+ }
+
+- status = OTHER_TABLES;
+- face->ttf_size = ttf_size;
++ status = OTHER_TABLES;
+
+ /* there are no more than 256 tables, so no size check here */
+ if ( FT_REALLOC( face->ttf_data, 12 + 16 * num_tables,
+- ttf_size + 1 ) )
++ face->ttf_size + 1 ) )
+ goto Fail;
+ }
+ /* fall through */
+
+ case OTHER_TABLES:
+ /* all other tables are just copied */
+- if ( count >= ttf_size )
++ if ( count >= face->ttf_size )
+ {
+- FT_ERROR(( "t42_parse_sfnts: too many binary data\n" ));
++ FT_ERROR(( "t42_parse_sfnts: too much binary data\n" ));
+ error = T42_Err_Invalid_File_Format;
+ goto Fail;
+ }
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9672.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9672.patch
@@ -0,0 +1,34 @@
+From 18a8f0d9943369449bc4de92d411c78fb08d616c Mon Sep 17 00:00:00 2001
+From: suzuki toshiya
+Date: Wed, 26 Nov 2014 07:11:38 +0000
+Subject: Fix Savannah bug #43540.
+
+* src/base/ftmac.c (parse_fond): Prevent a buffer overrun
+caused by a font including too many (> 63) strings to store
+names[] table.
+---
+Index: freetype-2.4.8/src/base/ftmac.c
+===================================================================
+--- freetype-2.4.8.orig/src/base/ftmac.c 2015-02-24 10:24:27.301058666 -0500
++++ freetype-2.4.8/src/base/ftmac.c 2015-02-24 10:24:27.297058631 -0500
+@@ -441,9 +441,10 @@
+ style = (StyleTable*)p;
+ p += sizeof ( StyleTable );
+ string_count = EndianS16_BtoN( *(short*)(p) );
++ string_count = FT_MIN( 64, string_count );
+ p += sizeof ( short );
+
+- for ( i = 0; i < string_count && i < 64; i++ )
++ for ( i = 0; i < string_count; i++ )
+ {
+ names[i] = p;
+ p += names[i][0];
+@@ -460,7 +461,7 @@
+ ps_name[ps_name_len] = 0;
+ }
+ if ( style->indexes[face_index] > 1 &&
+- style->indexes[face_index] <= FT_MIN( string_count, 64 ) )
++ style->indexes[face_index] <= string_count )
+ {
+ unsigned char* suffixes = names[style->indexes[face_index] - 1];
+
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9674-2.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9674-2.patch
@@ -0,0 +1,159 @@
+Backport of:
+
+From 453316792fee912cfced48e9e270e9eb19892e64 Mon Sep 17 00:00:00 2001
+From: suzuki toshiya
+Date: Wed, 26 Nov 2014 07:02:17 +0000
+Subject: * src/base/ftobjs.c (Mac_Read_POST_Resource): Use unsigned long
+
+variables to read the lengths in POST fragments. Suggested by
+Mateusz Jurczyk .
+---
+Index: freetype-2.4.8/src/base/ftobjs.c
+===================================================================
+--- freetype-2.4.8.orig/src/base/ftobjs.c 2015-02-24 10:29:31.883701687 -0500
++++ freetype-2.4.8/src/base/ftobjs.c 2015-02-24 10:31:04.332499317 -0500
+@@ -1540,9 +1540,9 @@
+ FT_Memory memory = library->memory;
+ FT_Byte* pfb_data = NULL;
+ int i, type, flags;
+- FT_Long len;
+- FT_Long pfb_len, pfb_pos, pfb_lenpos;
+- FT_Long rlen, temp;
++ FT_ULong len;
++ FT_ULong pfb_len, pfb_pos, pfb_lenpos;
++ FT_ULong rlen, temp;
+
+
+ if ( face_index == -1 )
+@@ -1558,25 +1558,27 @@
+ error = FT_Stream_Seek( stream, offsets[i] );
+ if ( error )
+ goto Exit;
+- if ( FT_READ_LONG( temp ) )
++ if ( FT_READ_ULONG( temp ) )
+ goto Exit;
+- if ( 0 > temp )
++#if 0
++ FT_TRACE4(( " POST fragment #%d: length=0x%08x\n", i, temp));
++ if ( 0x7FFFFFFFUL < temp )
++ {
+ error = FT_Err_Invalid_Offset;
+- else if ( 0x7FFFFFFFL - 6 - pfb_len < temp )
+- error = FT_Err_Array_Too_Large;
+-
+- if ( error )
+ goto Exit;
++ }
++#endif
+
+ pfb_len += temp + 6;
+ }
+
+- if ( 0x7FFFFFFFL - 2 < pfb_len )
++ FT_TRACE2(( " total buffer size to concatenate %d POST fragments: 0x%08x\n",
++ resource_cnt, pfb_len + 2));
++ if ( pfb_len + 2 < 6 ) {
+ error = FT_Err_Array_Too_Large;
+- else
+- error = FT_ALLOC( pfb_data, (FT_Long)pfb_len + 2 );
+-
+- if ( error )
++ goto Exit;
++ }
++ if ( FT_ALLOC( pfb_data, (FT_Long)pfb_len + 2 ) )
+ goto Exit;
+
+ pfb_data[0] = 0x80;
+@@ -1595,21 +1597,27 @@
+ error = FT_Stream_Seek( stream, offsets[i] );
+ if ( error )
+ goto Exit2;
+- if ( FT_READ_LONG( rlen ) )
++ if ( FT_READ_ULONG( rlen ) )
+ goto Exit2;
+- if ( rlen < 0 )
++#if 0
++ if ( 0x7FFFFFFFUL < rlen )
+ {
+ error = FT_Err_Invalid_Offset;
+ goto Exit2;
+ }
++#endif
+ if ( FT_READ_USHORT( flags ) )
+ goto Exit2;
+ FT_TRACE3(( "POST fragment[%d]: offsets=0x%08x, rlen=0x%08x, flags=0x%04x\n",
+ i, offsets[i], rlen, flags ));
+
++ error = FT_Err_Array_Too_Large;
+ /* postpone the check of rlen longer than buffer until FT_Stream_Read() */
+ if ( ( flags >> 8 ) == 0 ) /* Comment, should not be loaded */
++ {
++ FT_TRACE3(( " Skip POST fragment #%d because it is a comment\n", i ));
+ continue;
++ }
+
+ /* the flags are part of the resource, so rlen >= 2. */
+ /* but some fonts declare rlen = 0 for empty fragment */
+@@ -1619,16 +1627,10 @@
+ rlen = 0;
+
+ if ( ( flags >> 8 ) == type )
+- {
+- if ( 0x7FFFFFFFL - rlen < len )
+- {
+- error = FT_Err_Array_Too_Large;
+- goto Exit2;
+- }
+ len += rlen;
+- }
+ else
+ {
++ FT_TRACE3(( " Write POST fragment #%d header (4-byte) to buffer 0x%p + 0x%08x\n", i, pfb_data, pfb_lenpos ));
+ if ( pfb_lenpos + 3 > pfb_len + 2 )
+ goto Exit2;
+ pfb_data[pfb_lenpos ] = (FT_Byte)( len );
+@@ -1639,6 +1641,7 @@
+ if ( ( flags >> 8 ) == 5 ) /* End of font mark */
+ break;
+
++ FT_TRACE3(( " Write POST fragment #%d header (6-byte) to buffer 0x%p + 0x%08x\n", i, pfb_data, pfb_pos ));
+ if ( pfb_pos + 6 > pfb_len + 2 )
+ goto Exit2;
+ pfb_data[pfb_pos++] = 0x80;
+@@ -1654,21 +1657,17 @@
+ pfb_data[pfb_pos++] = 0;
+ }
+
+- error = FT_Err_Cannot_Open_Resource;
+- if ( rlen > 0x7FFFFFFFL - pfb_pos )
+- {
+- error = FT_Err_Array_Too_Large;
+- goto Exit2;
+- }
+ if ( pfb_pos > pfb_len || pfb_pos + rlen > pfb_len )
+ goto Exit2;
+
++ FT_TRACE3(( " Load POST fragment #%d (%d byte) to buffer 0x%p + 0x%08x\n", i, rlen, pfb_data, pfb_pos ));
+ error = FT_Stream_Read( stream, (FT_Byte *)pfb_data + pfb_pos, rlen );
+ if ( error )
+ goto Exit2;
+ pfb_pos += rlen;
+ }
+
++ error = FT_Err_Array_Too_Large;
+ if ( pfb_pos + 2 > pfb_len + 2 )
+ goto Exit2;
+ pfb_data[pfb_pos++] = 0x80;
+@@ -1689,6 +1688,12 @@
+ aface );
+
+ Exit2:
++ if ( error == FT_Err_Array_Too_Large )
++ FT_TRACE2(( " Abort due to too-short buffer to store all POST fragments\n" ));
++ else if ( error == FT_Err_Invalid_Offset )
++ FT_TRACE2(( " Abort due to invalid offset in a POST fragment\n" ));
++ if ( error )
++ error = FT_Err_Cannot_Open_Resource;
+ FT_FREE( pfb_data );
+
+ Exit:
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9673.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9673.patch
@@ -0,0 +1,63 @@
+Backport of:
+
+From 35252ae9aa1dd9343e9f4884e9ddb1fee10ef415 Mon Sep 17 00:00:00 2001
+From: suzuki toshiya
+Date: Wed, 26 Nov 2014 06:52:23 +0000
+Subject: Fix Savannah bug #43539.
+
+* src/base/ftobjs.c (Mac_Read_POST_Resource): Fix integer overflow
+by a broken POST table in resource-fork.
+
+Also includes:
+
+http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/base/ftobjs.c?id=5aff85301bdce7677766fa1367c82ff41a739637
+
+---
+Index: freetype-2.4.8/src/base/ftobjs.c
+===================================================================
+--- freetype-2.4.8.orig/src/base/ftobjs.c 2015-02-24 10:24:43.501199846 -0500
++++ freetype-2.4.8/src/base/ftobjs.c 2015-02-24 10:26:50.298302479 -0500
+@@ -1583,9 +1583,14 @@
+ if ( error )
+ goto Exit2;
+ if ( FT_READ_LONG( rlen ) )
+- goto Exit;
++ goto Exit2;
++ if ( rlen < 0 )
++ {
++ error = FT_Err_Invalid_Offset;
++ goto Exit2;
++ }
+ if ( FT_READ_USHORT( flags ) )
+- goto Exit;
++ goto Exit2;
+ FT_TRACE3(( "POST fragment[%d]: offsets=0x%08x, rlen=0x%08x, flags=0x%04x\n",
+ i, offsets[i], rlen, flags ));
+
+@@ -1601,7 +1606,14 @@
+ rlen = 0;
+
+ if ( ( flags >> 8 ) == type )
++ {
++ if ( 0x7FFFFFFFL - rlen < len )
++ {
++ error = FT_Err_Array_Too_Large;
++ goto Exit2;
++ }
+ len += rlen;
++ }
+ else
+ {
+ if ( pfb_lenpos + 3 > pfb_len + 2 )
+@@ -1630,6 +1642,11 @@
+ }
+
+ error = FT_Err_Cannot_Open_Resource;
++ if ( rlen > 0x7FFFFFFFL - pfb_pos )
++ {
++ error = FT_Err_Array_Too_Large;
++ goto Exit2;
++ }
+ if ( pfb_pos > pfb_len || pfb_pos + rlen > pfb_len )
+ goto Exit2;
+
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9671-3.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9671-3.patch
@@ -0,0 +1,31 @@
+Backport of:
+
+From 06842c7b49c21f13c0ab61201daab6ff5a358fcc Mon Sep 17 00:00:00 2001
+From: Werner Lemberg
+Date: Sat, 13 Dec 2014 06:42:51 +0000
+Subject: * src/pcf/pcfread.c (pcf_read_TOC): Improve fix from 2014-12-08.
+
+---
+Index: freetype-2.4.8/src/pcf/pcfread.c
+===================================================================
+--- freetype-2.4.8.orig/src/pcf/pcfread.c 2015-02-24 10:24:09.628904580 -0500
++++ freetype-2.4.8/src/pcf/pcfread.c 2015-02-24 10:24:09.624904545 -0500
+@@ -190,14 +190,15 @@
+ tables++;
+ }
+
+- /* no check of `tables->size' for last table element ... */
++ /* only check `tables->offset' for last table element ... */
+ if ( ( tables->offset > size ) )
+ {
+ error = PCF_Err_Invalid_Table;
+ goto Exit;
+ }
+- /* ... instead, we adjust `tables->size' to the real value */
+- tables->size = size - tables->offset;
++ /* ... and adjust `tables->size' to the real value if necessary */
++ if ( tables->size > size - tables->offset )
++ tables->size = size - tables->offset;
+
+ #ifdef FT_DEBUG_LEVEL_TRACE
+
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9660.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9660.patch
@@ -0,0 +1,29 @@
+Backport of:
+
+From af8346172a7b573715134f7a51e6c5c60fa7f2ab Mon Sep 17 00:00:00 2001
+From: Werner Lemberg
+Date: Sat, 22 Nov 2014 12:29:10 +0000
+Subject: [bdf] Fix Savannah bug #43660.
+
+* src/bdf/bdflib.c (_bdf_parse_glyphs) <"ENDFONT">: Check
+`_BDF_GLYPH_BITS'.
+---
+Index: freetype-2.4.8/src/bdf/bdflib.c
+===================================================================
+--- freetype-2.4.8.orig/src/bdf/bdflib.c 2015-02-24 09:57:16.323369242 -0500
++++ freetype-2.4.8/src/bdf/bdflib.c 2015-02-24 09:57:16.319369210 -0500
+@@ -1520,6 +1520,14 @@
+ /* Check for the ENDFONT field. */
+ if ( ft_memcmp( line, "ENDFONT", 7 ) == 0 )
+ {
++ if ( p->flags & _BDF_GLYPH_BITS )
++ {
++ /* Missing ENDCHAR field. */
++ FT_ERROR(( "_bdf_parse_glyphs: " ERRMSG1, lineno, "ENDCHAR" ));
++ error = BDF_Err_Corrupted_Font_Glyphs;
++ goto Exit;
++ }
++
+ /* Sort the glyphs by encoding. */
+ ft_qsort( (char *)font->glyphs,
+ font->glyphs_used,
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9658.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9658.patch
@@ -0,0 +1,23 @@
+From f70d9342e65cd2cb44e9f26b6d7edeedf191fc6c Mon Sep 17 00:00:00 2001
+From: Werner Lemberg
+Date: Mon, 24 Nov 2014 08:31:32 +0000
+Subject: [sfnt] Fix Savannah bug #43672.
+
+* src/sfnt/ttkern.c (tt_face_load_kern): Use correct value for
+minimum table length test.
+---
+diff --git a/src/sfnt/ttkern.c b/src/sfnt/ttkern.c
+index 32c4008..455e7b5 100644
+--- a/src/sfnt/ttkern.c
++++ b/src/sfnt/ttkern.c
+@@ -99,7 +99,7 @@
+ length = FT_NEXT_USHORT( p );
+ coverage = FT_NEXT_USHORT( p );
+
+- if ( length <= 6 )
++ if ( length <= 6 + 8 )
+ break;
+
+ p_next += length;
+--
+cgit v0.9.0.2
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9664-1.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9664-1.patch
@@ -0,0 +1,36 @@
+Backport of:
+
+From dd89710f0f643eb0f99a3830e0712d26c7642acd Mon Sep 17 00:00:00 2001
+From: Werner Lemberg
+Date: Fri, 21 Nov 2014 21:19:28 +0000
+Subject: [type1, type42] Fix Savannah bug #43655.
+
+* src/type1/t1load.c (parse_charstrings), src/type42/t42parse.c
+(t42_parse_charstrings): Fix boundary testing.
+---
+Index: freetype-2.4.8/src/type1/t1load.c
+===================================================================
+--- freetype-2.4.8.orig/src/type1/t1load.c 2015-02-24 10:04:02.782532741 -0500
++++ freetype-2.4.8/src/type1/t1load.c 2015-02-24 10:04:02.778532710 -0500
+@@ -1586,7 +1586,7 @@
+ FT_PtrDist len;
+
+
+- if ( cur + 1 >= limit )
++ if ( cur + 2 >= limit )
+ {
+ error = T1_Err_Invalid_File_Format;
+ goto Fail;
+Index: freetype-2.4.8/src/type42/t42parse.c
+===================================================================
+--- freetype-2.4.8.orig/src/type42/t42parse.c 2015-02-24 10:04:02.782532741 -0500
++++ freetype-2.4.8/src/type42/t42parse.c 2015-02-24 10:04:02.778532710 -0500
+@@ -832,7 +832,7 @@
+ FT_PtrDist len;
+
+
+- if ( cur + 1 >= limit )
++ if ( cur + 2 >= limit )
+ {
+ FT_ERROR(( "t42_parse_charstrings: out of bounds\n" ));
+ error = T42_Err_Invalid_File_Format;
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9669.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9669.patch
@@ -0,0 +1,117 @@
+Backport of:
+
+From 602040b1112c9f94d68e200be59ea7ac3d104565 Mon Sep 17 00:00:00 2001
+From: Werner Lemberg
+Date: Wed, 12 Nov 2014 19:51:20 +0000
+Subject: [sfnt] Fix Savannah bug #43588.
+
+* src/sfnt/ttcmap.c (tt_cmap8_validate, tt_cmap10_validate,
+tt_cmap12_validate, tt_cmap13_validate, tt_cmap14_validate): Protect
+against overflow in additions and multiplications.
+---
+Index: freetype-2.4.8/src/sfnt/ttcmap.c
+===================================================================
+--- freetype-2.4.8.orig/src/sfnt/ttcmap.c 2015-02-24 10:19:08.646267170 -0500
++++ freetype-2.4.8/src/sfnt/ttcmap.c 2015-02-24 10:19:08.642267135 -0500
+@@ -1631,7 +1631,8 @@
+ p = is32 + 8192; /* skip `is32' array */
+ num_groups = TT_NEXT_ULONG( p );
+
+- if ( p + num_groups * 12 > valid->limit )
++ /* p + num_groups * 12 > valid->limit ? */
++ if ( num_groups > (FT_UInt32)( valid->limit - p ) / 12 )
+ FT_INVALID_TOO_SHORT;
+
+ /* check groups, they must be in increasing order */
+@@ -1656,7 +1657,12 @@
+
+ if ( valid->level >= FT_VALIDATE_TIGHT )
+ {
+- if ( start_id + end - start >= TT_VALID_GLYPH_COUNT( valid ) )
++ FT_UInt32 d = end - start;
++
++
++ /* start_id + end - start >= TT_VALID_GLYPH_COUNT( valid ) ? */
++ if ( d > TT_VALID_GLYPH_COUNT( valid ) ||
++ start_id >= TT_VALID_GLYPH_COUNT( valid ) - d )
+ FT_INVALID_GLYPH_ID;
+
+ count = (FT_UInt32)( end - start + 1 );
+@@ -1850,7 +1856,9 @@
+ count = TT_NEXT_ULONG( p );
+
+ if ( length > (FT_ULong)( valid->limit - table ) ||
+- length < 20 + count * 2 )
++ /* length < 20 + count * 2 ? */
++ length < 20 ||
++ ( length - 20 ) / 2 < count )
+ FT_INVALID_TOO_SHORT;
+
+ /* check glyph indices */
+@@ -2033,7 +2041,9 @@
+ num_groups = TT_NEXT_ULONG( p );
+
+ if ( length > (FT_ULong)( valid->limit - table ) ||
+- length < 16 + 12 * num_groups )
++ /* length < 16 + 12 * num_groups ? */
++ length < 16 ||
++ ( length - 16 ) / 12 < num_groups )
+ FT_INVALID_TOO_SHORT;
+
+ /* check groups, they must be in increasing order */
+@@ -2055,7 +2065,12 @@
+
+ if ( valid->level >= FT_VALIDATE_TIGHT )
+ {
+- if ( start_id + end - start >= TT_VALID_GLYPH_COUNT( valid ) )
++ FT_UInt32 d = end - start;
++
++
++ /* start_id + end - start >= TT_VALID_GLYPH_COUNT( valid ) ? */
++ if ( d > TT_VALID_GLYPH_COUNT( valid ) ||
++ start_id >= TT_VALID_GLYPH_COUNT( valid ) - d )
+ FT_INVALID_GLYPH_ID;
+ }
+
+@@ -2353,7 +2368,9 @@
+ num_groups = TT_NEXT_ULONG( p );
+
+ if ( length > (FT_ULong)( valid->limit - table ) ||
+- length < 16 + 12 * num_groups )
++ /* length < 16 + 12 * num_groups ? */
++ length < 16 ||
++ ( length - 16 ) / 12 < num_groups )
+ FT_INVALID_TOO_SHORT;
+
+ /* check groups, they must be in increasing order */
+@@ -2731,7 +2748,9 @@
+
+
+ if ( length > (FT_ULong)( valid->limit - table ) ||
+- length < 10 + 11 * num_selectors )
++ /* length < 10 + 11 * num_selectors ? */
++ length < 10 ||
++ ( length - 10 ) / 11 < num_selectors )
+ FT_INVALID_TOO_SHORT;
+
+ /* check selectors, they must be in increasing order */
+@@ -2767,7 +2786,8 @@
+ FT_ULong lastBase = 0;
+
+
+- if ( defp + numRanges * 4 > valid->limit )
++ /* defp + numRanges * 4 > valid->limit ? */
++ if ( numRanges > (FT_ULong)( valid->limit - defp ) / 4 )
+ FT_INVALID_TOO_SHORT;
+
+ for ( i = 0; i < numRanges; ++i )
+@@ -2794,7 +2814,8 @@
+ FT_ULong i, lastUni = 0;
+
+
+- if ( numMappings * 4 > (FT_ULong)( valid->limit - ndp ) )
++ /* numMappings * 4 > (FT_ULong)( valid->limit - ndp ) ? */
++ if ( numMappings > ( (FT_ULong)( valid->limit - ndp ) ) / 4 )
+ FT_INVALID_TOO_SHORT;
+
+ for ( i = 0; i < numMappings; ++i )
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9670-1.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9670-1.patch
@@ -0,0 +1,30 @@
+Backport of:
+
+From ef1eba75187adfac750f326b563fe543dd5ff4e6 Mon Sep 17 00:00:00 2001
+From: Werner Lemberg
+Date: Thu, 06 Nov 2014 22:25:05 +0000
+Subject: Fix Savannah bug #43548.
+
+* src/pcf/pcfread (pcf_get_encodings): Add sanity checks for row and
+column values.
+---
+Index: freetype-2.4.8/src/pcf/pcfread.c
+===================================================================
+--- freetype-2.4.8.orig/src/pcf/pcfread.c 2015-02-24 10:19:55.706681208 -0500
++++ freetype-2.4.8/src/pcf/pcfread.c 2015-02-24 10:19:55.702681174 -0500
+@@ -813,6 +813,15 @@
+ if ( !PCF_FORMAT_MATCH( format, PCF_DEFAULT_FORMAT ) )
+ return PCF_Err_Invalid_File_Format;
+
++ /* sanity checks */
++ if ( firstCol < 0 ||
++ firstCol > lastCol ||
++ lastCol > 0xFF ||
++ firstRow < 0 ||
++ firstRow > lastRow ||
++ lastRow > 0xFF )
++ return PCF_Err_Invalid_Table;
++
+ FT_TRACE4(( "pdf_get_encodings:\n" ));
+
+ FT_TRACE4(( " firstCol %d, lastCol %d, firstRow %d, lastRow %d\n",
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9661-2.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9661-2.patch
@@ -0,0 +1,26 @@
+From 42fcd6693ec7bd6ffc65ddc63e74287a65dda669 Mon Sep 17 00:00:00 2001
+From: Werner Lemberg
+Date: Sat, 22 Nov 2014 11:44:33 +0000
+Subject: [type42] Allow only embedded TrueType fonts.
+
+This is a follow-up to Savannah bug #43659.
+
+* src/type42/t42objs.c (T42_Face_Init): Exclusively use the
+`truetype' font driver for loading the font contained in the `sfnts'
+array.
+---
+Index: freetype-2.4.8/src/type42/t42objs.c
+===================================================================
+--- freetype-2.4.8.orig/src/type42/t42objs.c 2015-02-24 10:01:57.037557787 -0500
++++ freetype-2.4.8/src/type42/t42objs.c 2015-02-24 10:01:57.033557755 -0500
+@@ -280,7 +280,9 @@
+ FT_Open_Args args;
+
+
+- args.flags = FT_OPEN_MEMORY;
++ args.flags = FT_OPEN_MEMORY | FT_OPEN_DRIVER;
++ args.driver = FT_Get_Module( FT_FACE_LIBRARY( face ),
++ "truetype" );
+ args.memory_base = face->ttf_data;
+ args.memory_size = face->ttf_size;
+
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9675-2.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9675-2.patch
@@ -0,0 +1,238 @@
+Backport of:
+
+From 2c4832d30939b45c05757f0a05128ce64c4cacc7 Mon Sep 17 00:00:00 2001
+From: Werner Lemberg
+Date: Fri, 07 Nov 2014 06:42:33 +0000
+Subject: Fix Savannah bug #43535.
+
+* src/bdf/bdflib.c (_bdf_strncmp): New macro that checks one
+character more than `strncmp'.
+s/ft_strncmp/_bdf_strncmp/ everywhere.
+---
+Index: freetype-2.4.8/src/bdf/bdflib.c
+===================================================================
+--- freetype-2.4.8.orig/src/bdf/bdflib.c 2015-02-24 10:33:07.221556404 -0500
++++ freetype-2.4.8/src/bdf/bdflib.c 2015-02-24 10:33:07.217556370 -0500
+@@ -1087,6 +1087,18 @@
+ #define _BDF_GLYPH_HEIGHT_CHECK 0x80000000UL
+
+
++ /* An auxiliary macro to parse properties, to be used in conditionals. */
++ /* It behaves like `strncmp' but also tests the following character */
++ /* whether it is a whitespace or NULL. */
++ /* `property' is a constant string of length `n' to compare with. */
++#define _bdf_strncmp( name, property, n ) \
++ ( ft_strncmp( name, property, n ) || \
++ !( name[n] == ' ' || \
++ name[n] == '\0' || \
++ name[n] == '\n' || \
++ name[n] == '\r' || \
++ name[n] == '\t' ) )
++
+ /* Auto correction messages. */
+ #define ACMSG1 "FONT_ASCENT property missing. " \
+ "Added \"FONT_ASCENT %hd\".\n"
+@@ -1387,7 +1399,7 @@
+
+ /* If the property happens to be a comment, then it doesn't need */
+ /* to be added to the internal hash table. */
+- if ( ft_strncmp( name, "COMMENT", 7 ) != 0 )
++ if ( _bdf_strncmp( name, "COMMENT", 7 ) != 0 )
+ {
+ /* Add the property to the font property table. */
+ error = hash_insert( fp->name,
+@@ -1405,13 +1417,13 @@
+ /* FONT_ASCENT and FONT_DESCENT need to be assigned if they are */
+ /* present, and the SPACING property should override the default */
+ /* spacing. */
+- if ( ft_strncmp( name, "DEFAULT_CHAR", 12 ) == 0 )
++ if ( _bdf_strncmp( name, "DEFAULT_CHAR", 12 ) == 0 )
+ font->default_char = fp->value.l;
+- else if ( ft_strncmp( name, "FONT_ASCENT", 11 ) == 0 )
++ else if ( _bdf_strncmp( name, "FONT_ASCENT", 11 ) == 0 )
+ font->font_ascent = fp->value.l;
+- else if ( ft_strncmp( name, "FONT_DESCENT", 12 ) == 0 )
++ else if ( _bdf_strncmp( name, "FONT_DESCENT", 12 ) == 0 )
+ font->font_descent = fp->value.l;
+- else if ( ft_strncmp( name, "SPACING", 7 ) == 0 )
++ else if ( _bdf_strncmp( name, "SPACING", 7 ) == 0 )
+ {
+ if ( !fp->value.atom )
+ {
+@@ -1468,7 +1480,7 @@
+ memory = font->memory;
+
+ /* Check for a comment. */
+- if ( ft_strncmp( line, "COMMENT", 7 ) == 0 )
++ if ( _bdf_strncmp( line, "COMMENT", 7 ) == 0 )
+ {
+ linelen -= 7;
+
+@@ -1485,7 +1497,7 @@
+ /* The very first thing expected is the number of glyphs. */
+ if ( !( p->flags & _BDF_GLYPHS ) )
+ {
+- if ( ft_strncmp( line, "CHARS", 5 ) != 0 )
++ if ( _bdf_strncmp( line, "CHARS", 5 ) != 0 )
+ {
+ FT_ERROR(( "_bdf_parse_glyphs: " ERRMSG1, lineno, "CHARS" ));
+ error = BDF_Err_Missing_Chars_Field;
+@@ -1518,7 +1530,7 @@
+ }
+
+ /* Check for the ENDFONT field. */
+- if ( ft_strncmp( line, "ENDFONT", 7 ) == 0 )
++ if ( _bdf_strncmp( line, "ENDFONT", 7 ) == 0 )
+ {
+ if ( p->flags & _BDF_GLYPH_BITS )
+ {
+@@ -1540,7 +1552,7 @@
+ }
+
+ /* Check for the ENDCHAR field. */
+- if ( ft_strncmp( line, "ENDCHAR", 7 ) == 0 )
++ if ( _bdf_strncmp( line, "ENDCHAR", 7 ) == 0 )
+ {
+ p->glyph_enc = 0;
+ p->flags &= ~_BDF_GLYPH_BITS;
+@@ -1556,7 +1568,7 @@
+ goto Exit;
+
+ /* Check for the STARTCHAR field. */
+- if ( ft_strncmp( line, "STARTCHAR", 9 ) == 0 )
++ if ( _bdf_strncmp( line, "STARTCHAR", 9 ) == 0 )
+ {
+ /* Set the character name in the parse info first until the */
+ /* encoding can be checked for an unencoded character. */
+@@ -1587,7 +1599,7 @@
+ }
+
+ /* Check for the ENCODING field. */
+- if ( ft_strncmp( line, "ENCODING", 8 ) == 0 )
++ if ( _bdf_strncmp( line, "ENCODING", 8 ) == 0 )
+ {
+ if ( !( p->flags & _BDF_GLYPH ) )
+ {
+@@ -1763,7 +1775,7 @@
+ }
+
+ /* Expect the SWIDTH (scalable width) field next. */
+- if ( ft_strncmp( line, "SWIDTH", 6 ) == 0 )
++ if ( _bdf_strncmp( line, "SWIDTH", 6 ) == 0 )
+ {
+ if ( !( p->flags & _BDF_ENCODING ) )
+ goto Missing_Encoding;
+@@ -1779,7 +1791,7 @@
+ }
+
+ /* Expect the DWIDTH (scalable width) field next. */
+- if ( ft_strncmp( line, "DWIDTH", 6 ) == 0 )
++ if ( _bdf_strncmp( line, "DWIDTH", 6 ) == 0 )
+ {
+ if ( !( p->flags & _BDF_ENCODING ) )
+ goto Missing_Encoding;
+@@ -1807,7 +1819,7 @@
+ }
+
+ /* Expect the BBX field next. */
+- if ( ft_strncmp( line, "BBX", 3 ) == 0 )
++ if ( _bdf_strncmp( line, "BBX", 3 ) == 0 )
+ {
+ if ( !( p->flags & _BDF_ENCODING ) )
+ goto Missing_Encoding;
+@@ -1875,7 +1887,7 @@
+ }
+
+ /* And finally, gather up the bitmap. */
+- if ( ft_strncmp( line, "BITMAP", 6 ) == 0 )
++ if ( _bdf_strncmp( line, "BITMAP", 6 ) == 0 )
+ {
+ unsigned long bitmap_size;
+
+@@ -1949,7 +1961,7 @@
+ p = (_bdf_parse_t *) client_data;
+
+ /* Check for the end of the properties. */
+- if ( ft_strncmp( line, "ENDPROPERTIES", 13 ) == 0 )
++ if ( _bdf_strncmp( line, "ENDPROPERTIES", 13 ) == 0 )
+ {
+ /* If the FONT_ASCENT or FONT_DESCENT properties have not been */
+ /* encountered yet, then make sure they are added as properties and */
+@@ -1988,12 +2000,12 @@
+ }
+
+ /* Ignore the _XFREE86_GLYPH_RANGES properties. */
+- if ( ft_strncmp( line, "_XFREE86_GLYPH_RANGES", 21 ) == 0 )
++ if ( _bdf_strncmp( line, "_XFREE86_GLYPH_RANGES", 21 ) == 0 )
+ goto Exit;
+
+ /* Handle COMMENT fields and properties in a special way to preserve */
+ /* the spacing. */
+- if ( ft_strncmp( line, "COMMENT", 7 ) == 0 )
++ if ( _bdf_strncmp( line, "COMMENT", 7 ) == 0 )
+ {
+ name = value = line;
+ value += 7;
+@@ -2057,7 +2069,7 @@
+
+ /* Check for a comment. This is done to handle those fonts that have */
+ /* comments before the STARTFONT line for some reason. */
+- if ( ft_strncmp( line, "COMMENT", 7 ) == 0 )
++ if ( _bdf_strncmp( line, "COMMENT", 7 ) == 0 )
+ {
+ if ( p->opts->keep_comments != 0 && p->font != 0 )
+ {
+@@ -2083,7 +2095,7 @@
+ {
+ memory = p->memory;
+
+- if ( ft_strncmp( line, "STARTFONT", 9 ) != 0 )
++ if ( _bdf_strncmp( line, "STARTFONT", 9 ) != 0 )
+ {
+ /* No STARTFONT field is a good indication of a problem. */
+ error = BDF_Err_Missing_Startfont_Field;
+@@ -2130,7 +2142,7 @@
+ }
+
+ /* Check for the start of the properties. */
+- if ( ft_strncmp( line, "STARTPROPERTIES", 15 ) == 0 )
++ if ( _bdf_strncmp( line, "STARTPROPERTIES", 15 ) == 0 )
+ {
+ if ( !( p->flags & _BDF_FONT_BBX ) )
+ {
+@@ -2159,7 +2171,7 @@
+ }
+
+ /* Check for the FONTBOUNDINGBOX field. */
+- if ( ft_strncmp( line, "FONTBOUNDINGBOX", 15 ) == 0 )
++ if ( _bdf_strncmp( line, "FONTBOUNDINGBOX", 15 ) == 0 )
+ {
+ if ( !( p->flags & _BDF_SIZE ) )
+ {
+@@ -2190,7 +2202,7 @@
+ }
+
+ /* The next thing to check for is the FONT field. */
+- if ( ft_strncmp( line, "FONT", 4 ) == 0 )
++ if ( _bdf_strncmp( line, "FONT", 4 ) == 0 )
+ {
+ error = _bdf_list_split( &p->list, (char *)" +", line, linelen );
+ if ( error )
+@@ -2224,7 +2236,7 @@
+ }
+
+ /* Check for the SIZE field. */
+- if ( ft_strncmp( line, "SIZE", 4 ) == 0 )
++ if ( _bdf_strncmp( line, "SIZE", 4 ) == 0 )
+ {
+ if ( !( p->flags & _BDF_FONT_NAME ) )
+ {
+@@ -2278,7 +2290,7 @@
+ }
+
+ /* Check for the CHARS field -- font properties are optional */
+- if ( ft_strncmp( line, "CHARS", 5 ) == 0 )
++ if ( _bdf_strncmp( line, "CHARS", 5 ) == 0 )
+ {
+ char nbuf[128];
+
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9671-2.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9671-2.patch
@@ -0,0 +1,111 @@
+Backport of:
+
+From 74af85c4b62b35e55b0ce9dec55ee10cbc4962a2 Mon Sep 17 00:00:00 2001
+From: Werner Lemberg
+Date: Mon, 08 Dec 2014 15:01:50 +0000
+Subject: [pcf] Fix Savannah bug #43774.
+
+Work around `features' of X11's `pcfWriteFont' and `pcfReadFont'
+functions. Since the PCF format doesn't have an official
+specification, we have to exactly follow these functions' behaviour.
+
+The problem was unveiled with a patch from 2014-11-06, fixing issue #43547.
+
+* src/pcf/pcfread.c (pcf_read_TOC): Don't check table size for last
+element. Instead, assign real size.
+---
+Index: freetype-2.4.8/src/pcf/pcfread.c
+===================================================================
+--- freetype-2.4.8.orig/src/pcf/pcfread.c 2015-02-24 10:22:15.847910487 -0500
++++ freetype-2.4.8/src/pcf/pcfread.c 2015-02-24 10:23:29.960558397 -0500
+@@ -79,7 +79,7 @@
+ FT_FRAME_START( 16 ),
+ FT_FRAME_ULONG_LE( type ),
+ FT_FRAME_ULONG_LE( format ),
+- FT_FRAME_ULONG_LE( size ),
++ FT_FRAME_ULONG_LE( size ), /* rounded up to a multiple of 4 */
+ FT_FRAME_ULONG_LE( offset ),
+ FT_FRAME_END
+ };
+@@ -96,9 +96,11 @@
+ FT_Memory memory = FT_FACE(face)->memory;
+ FT_UInt n;
+
++ FT_ULong size;
+
+- if ( FT_STREAM_SEEK ( 0 ) ||
+- FT_STREAM_READ_FIELDS ( pcf_toc_header, toc ) )
++
++ if ( FT_STREAM_SEEK( 0 ) ||
++ FT_STREAM_READ_FIELDS( pcf_toc_header, toc ) )
+ return PCF_Err_Cannot_Open_Resource;
+
+ if ( toc->version != PCF_FILE_VERSION ||
+@@ -152,14 +154,35 @@
+ break;
+ }
+
+- /* we now check whether the `size' and `offset' values are reasonable: */
+- /* `offset' + `size' must not exceed the stream size */
++ /*
++ * We now check whether the `size' and `offset' values are reasonable:
++ * `offset' + `size' must not exceed the stream size.
++ *
++ * Note, however, that X11's `pcfWriteFont' routine (used by the
++ * `bdftopcf' program to create PDF font files) has two special
++ * features.
++ *
++ * - It always assigns the accelerator table a size of 100 bytes in the
++ * TOC, regardless of its real size, which can vary between 34 and 72
++ * bytes.
++ *
++ * - Due to the way the routine is designed, it ships out the last font
++ * table with its real size, ignoring the TOC's size value. Since
++ * the TOC size values are always rounded up to a multiple of 4, the
++ * difference can be up to three bytes for all tables except the
++ * accelerator table, for which the difference can be as large as 66
++ * bytes.
++ *
++ */
++
+ tables = face->toc.tables;
+- for ( n = 0; n < toc->count; n++ )
++ size = stream->size;
++
++ for ( n = 0; n < toc->count - 1; n++ )
+ {
+ /* we need two checks to avoid overflow */
+- if ( ( tables->size > stream->size ) ||
+- ( tables->offset > stream->size - tables->size ) )
++ if ( ( tables->size > size ) ||
++ ( tables->offset > size - tables->size ) )
+ {
+ error = PCF_Err_Invalid_Table;
+ goto Exit;
+@@ -167,6 +190,15 @@
+ tables++;
+ }
+
++ /* no check of `tables->size' for last table element ... */
++ if ( ( tables->offset > size ) )
++ {
++ error = PCF_Err_Invalid_Table;
++ goto Exit;
++ }
++ /* ... instead, we adjust `tables->size' to the real value */
++ tables->size = size - tables->offset;
++
+ #ifdef FT_DEBUG_LEVEL_TRACE
+
+ {
+@@ -731,8 +763,8 @@
+
+ FT_TRACE4(( " number of bitmaps: %d\n", nbitmaps ));
+
+- /* XXX: PCF_Face->nmetrics is singed FT_Long, see pcf.h */
+- if ( face->nmetrics < 0 || nbitmaps != ( FT_ULong )face->nmetrics )
++ /* XXX: PCF_Face->nmetrics is signed FT_Long, see pcf.h */
++ if ( face->nmetrics < 0 || nbitmaps != (FT_ULong)face->nmetrics )
+ return PCF_Err_Invalid_File_Format;
+
+ if ( FT_NEW_ARRAY( offsets, nbitmaps ) )
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9663.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9663.patch
@@ -0,0 +1,34 @@
+Backport of:
+
+From 9bd20b7304aae61de5d50ac359cf27132bafd4c1 Mon Sep 17 00:00:00 2001
+From: Werner Lemberg
+Date: Sat, 22 Nov 2014 05:24:45 +0000
+Subject: [sfnt] Fix Savannah bug #43656.
+
+* src/sfnt/ttcmap.c (tt_cmap4_validate): Fix order of validity
+tests.
+---
+Index: freetype-2.4.8/src/sfnt/ttcmap.c
+===================================================================
+--- freetype-2.4.8.orig/src/sfnt/ttcmap.c 2015-02-24 10:03:07.162101891 -0500
++++ freetype-2.4.8/src/sfnt/ttcmap.c 2015-02-24 10:03:07.158101860 -0500
+@@ -815,9 +815,6 @@
+ FT_Error error = SFNT_Err_Ok;
+
+
+- if ( length < 16 )
+- FT_INVALID_TOO_SHORT;
+-
+ /* in certain fonts, the `length' field is invalid and goes */
+ /* out of bound. We try to correct this here... */
+ if ( table + length > valid->limit )
+@@ -828,6 +825,9 @@
+ length = (FT_UInt)( valid->limit - table );
+ }
+
++ if ( length < 16 )
++ FT_INVALID_TOO_SHORT;
++
+ p = table + 6;
+ num_segs = TT_NEXT_USHORT( p ); /* read segCountX2 */
+
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9666.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9666.patch
@@ -0,0 +1,29 @@
+Backport of:
+
+From 257c270bd25e15890190a28a1456e7623bba4439 Mon Sep 17 00:00:00 2001
+From: Werner Lemberg
+Date: Wed, 12 Nov 2014 20:42:13 +0000
+Subject: [sfnt] Fix Savannah bug #43591.
+
+* src/sfnt/ttsbit.c (tt_sbit_decoder_init): Protect against addition
+and multiplication overflow.
+---
+Index: freetype-2.4.8/src/sfnt/ttsbit0.c
+===================================================================
+--- freetype-2.4.8.orig/src/sfnt/ttsbit0.c 2015-02-24 10:07:20.932062631 -0500
++++ freetype-2.4.8/src/sfnt/ttsbit0.c 2015-02-24 10:10:20.225572786 -0500
+@@ -228,9 +228,11 @@
+ p += 34;
+ decoder->bit_depth = *p;
+
+- if ( decoder->strike_index_array > face->sbit_table_size ||
+- decoder->strike_index_array + 8 * decoder->strike_index_count >
+- face->sbit_table_size )
++ /* decoder->strike_index_array + */
++ /* 8 * decoder->strike_index_count > face->sbit_table_size ? */
++ if ( decoder->strike_index_array > face->sbit_table_size ||
++ decoder->strike_index_count >
++ ( face->sbit_table_size - decoder->strike_index_array ) / 8 )
+ error = SFNT_Err_Invalid_File_Format;
+ }
+
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9674-3.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9674-3.patch
@@ -0,0 +1,105 @@
+Backport of:
+
+From 1720e81e3ecc7c266e54fe40175cc39c47117bf5 Mon Sep 17 00:00:00 2001
+From: suzuki toshiya
+Date: Wed, 26 Nov 2014 07:39:00 +0000
+Subject: * src/base/ftobjs.c (Mac_Read_POST_Resource): Insert comments
+
+and fold too long tracing messages.
+---
+Index: freetype-2.4.8/src/base/ftobjs.c
+===================================================================
+--- freetype-2.4.8.orig/src/base/ftobjs.c 2015-02-24 10:31:56.016944341 -0500
++++ freetype-2.4.8/src/base/ftobjs.c 2015-02-24 10:31:56.012944308 -0500
+@@ -1560,21 +1560,28 @@
+ goto Exit;
+ if ( FT_READ_ULONG( temp ) )
+ goto Exit;
+-#if 0
+- FT_TRACE4(( " POST fragment #%d: length=0x%08x\n", i, temp));
++
++ /* FT2 allocator takes signed long buffer length,
++ * too large value causing overflow should be checked
++ */
++ FT_TRACE4(( " POST fragment #%d: length=0x%08x\n",
++ i, temp));
+ if ( 0x7FFFFFFFUL < temp )
+ {
+ error = FT_Err_Invalid_Offset;
+ goto Exit;
+ }
+-#endif
+
+ pfb_len += temp + 6;
+ }
+
+- FT_TRACE2(( " total buffer size to concatenate %d POST fragments: 0x%08x\n",
++ FT_TRACE2(( " total buffer size to concatenate %d"
++ " POST fragments: 0x%08x\n",
+ resource_cnt, pfb_len + 2));
+ if ( pfb_len + 2 < 6 ) {
++ FT_TRACE2(( " too long fragment length makes"
++ " pfb_len confused: 0x%08x\n",
++ pfb_len ));
+ error = FT_Err_Array_Too_Large;
+ goto Exit;
+ }
+@@ -1599,13 +1606,16 @@
+ goto Exit2;
+ if ( FT_READ_ULONG( rlen ) )
+ goto Exit2;
+-#if 0
++
++ /* FT2 allocator takes signed long buffer length,
++ * too large fragment length causing overflow should be checked
++ */
+ if ( 0x7FFFFFFFUL < rlen )
+ {
+ error = FT_Err_Invalid_Offset;
+ goto Exit2;
+ }
+-#endif
++
+ if ( FT_READ_USHORT( flags ) )
+ goto Exit2;
+ FT_TRACE3(( "POST fragment[%d]: offsets=0x%08x, rlen=0x%08x, flags=0x%04x\n",
+@@ -1630,7 +1640,8 @@
+ len += rlen;
+ else
+ {
+- FT_TRACE3(( " Write POST fragment #%d header (4-byte) to buffer 0x%p + 0x%08x\n", i, pfb_data, pfb_lenpos ));
++ FT_TRACE3(( " Write POST fragment #%d header (4-byte) to buffer"
++ " 0x%p + 0x%08x\n", i, pfb_data, pfb_lenpos ));
+ if ( pfb_lenpos + 3 > pfb_len + 2 )
+ goto Exit2;
+ pfb_data[pfb_lenpos ] = (FT_Byte)( len );
+@@ -1641,7 +1652,8 @@
+ if ( ( flags >> 8 ) == 5 ) /* End of font mark */
+ break;
+
+- FT_TRACE3(( " Write POST fragment #%d header (6-byte) to buffer 0x%p + 0x%08x\n", i, pfb_data, pfb_pos ));
++ FT_TRACE3(( " Write POST fragment #%d header (6-byte) to buffer"
++ " 0x%p + 0x%08x\n", i, pfb_data, pfb_pos ));
+ if ( pfb_pos + 6 > pfb_len + 2 )
+ goto Exit2;
+ pfb_data[pfb_pos++] = 0x80;
+@@ -1660,7 +1672,8 @@
+ if ( pfb_pos > pfb_len || pfb_pos + rlen > pfb_len )
+ goto Exit2;
+
+- FT_TRACE3(( " Load POST fragment #%d (%d byte) to buffer 0x%p + 0x%08x\n", i, rlen, pfb_data, pfb_pos ));
++ FT_TRACE3(( " Load POST fragment #%d (%d byte) to buffer"
++ " 0x%p + 0x%08x\n", i, rlen, pfb_data, pfb_pos ));
+ error = FT_Stream_Read( stream, (FT_Byte *)pfb_data + pfb_pos, rlen );
+ if ( error )
+ goto Exit2;
+@@ -1689,7 +1702,8 @@
+
+ Exit2:
+ if ( error == FT_Err_Array_Too_Large )
+- FT_TRACE2(( " Abort due to too-short buffer to store all POST fragments\n" ));
++ FT_TRACE2(( " Abort due to too-short buffer to store"
++ " all POST fragments\n" ));
+ else if ( error == FT_Err_Invalid_Offset )
+ FT_TRACE2(( " Abort due to invalid offset in a POST fragment\n" ));
+ if ( error )
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9670-2.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9670-2.patch
@@ -0,0 +1,62 @@
+Backport of:
+
+From b1fc00d5dc0e89432c58367477b6d9d63b6b0be9 Mon Sep 17 00:00:00 2001
+From: Werner Lemberg
+Date: Fri, 21 Nov 2014 11:06:40 +0000
+Subject: * src/pcf/pcfread.c (pcf_get_metrics): Sanitize invalid metrics.
+
+---
+Index: freetype-2.4.8/src/pcf/pcfread.c
+===================================================================
+--- freetype-2.4.8.orig/src/pcf/pcfread.c 2015-02-24 10:20:42.163089318 -0500
++++ freetype-2.4.8/src/pcf/pcfread.c 2015-02-24 10:20:42.159089283 -0500
+@@ -632,24 +632,40 @@
+ return PCF_Err_Out_Of_Memory;
+
+ metrics = face->metrics;
+- for ( i = 0; i < nmetrics; i++ )
++ for ( i = 0; i < nmetrics; i++, metrics++ )
+ {
+- error = pcf_get_metric( stream, format, metrics + i );
++ error = pcf_get_metric( stream, format, metrics );
+
+- metrics[i].bits = 0;
++ metrics->bits = 0;
+
+ FT_TRACE5(( " idx %d: width=%d, "
+ "lsb=%d, rsb=%d, ascent=%d, descent=%d, swidth=%d\n",
+ i,
+- ( metrics + i )->characterWidth,
+- ( metrics + i )->leftSideBearing,
+- ( metrics + i )->rightSideBearing,
+- ( metrics + i )->ascent,
+- ( metrics + i )->descent,
+- ( metrics + i )->attributes ));
++ metrics->characterWidth,
++ metrics->leftSideBearing,
++ metrics->rightSideBearing,
++ metrics->ascent,
++ metrics->descent,
++ metrics->attributes ));
+
+ if ( error )
+ break;
++
++ /* sanity checks -- those values are used in `PCF_Glyph_Load' to */
++ /* compute a glyph's bitmap dimensions, thus setting them to zero in */
++ /* case of an error disables this particular glyph only */
++ if ( metrics->rightSideBearing < metrics->leftSideBearing ||
++ metrics->ascent + metrics->descent < 0 )
++ {
++ metrics->characterWidth = 0;
++ metrics->leftSideBearing = 0;
++ metrics->rightSideBearing = 0;
++ metrics->ascent = 0;
++ metrics->descent = 0;
++
++ FT_TRACE0(( "pcf_get_metrics:"
++ " invalid metrics for glyph %d\n", i ));
++ }
+ }
+
+ if ( error )
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9674-1.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9674-1.patch
@@ -0,0 +1,39 @@
+Backport of:
+
+From 240c94a185cd8dae7d03059abec8a5662c35ecd3 Mon Sep 17 00:00:00 2001
+From: suzuki toshiya
+Date: Wed, 26 Nov 2014 06:43:29 +0000
+Subject: Fix Savannah bug #43538.
+
+* src/base/ftobjs.c (Mac_Read_POST_Resource): Fix integer overflow
+by a broken POST table in resource-fork.
+---
+Index: freetype-2.4.8/src/base/ftobjs.c
+===================================================================
+--- freetype-2.4.8.orig/src/base/ftobjs.c 2015-02-24 10:29:22.135617460 -0500
++++ freetype-2.4.8/src/base/ftobjs.c 2015-02-24 10:29:22.131617426 -0500
+@@ -1560,10 +1560,23 @@
+ goto Exit;
+ if ( FT_READ_LONG( temp ) )
+ goto Exit;
++ if ( 0 > temp )
++ error = FT_Err_Invalid_Offset;
++ else if ( 0x7FFFFFFFL - 6 - pfb_len < temp )
++ error = FT_Err_Array_Too_Large;
++
++ if ( error )
++ goto Exit;
++
+ pfb_len += temp + 6;
+ }
+
+- if ( FT_ALLOC( pfb_data, (FT_Long)pfb_len + 2 ) )
++ if ( 0x7FFFFFFFL - 2 < pfb_len )
++ error = FT_Err_Array_Too_Large;
++ else
++ error = FT_ALLOC( pfb_data, (FT_Long)pfb_len + 2 );
++
++ if ( error )
+ goto Exit;
+
+ pfb_data[0] = 0x80;
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9671-1.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9671-1.patch
@@ -0,0 +1,36 @@
+Backport of:
+
+From 0e2f5d518c60e2978f26400d110eff178fa7e3c3 Mon Sep 17 00:00:00 2001
+From: Werner Lemberg
+Date: Thu, 06 Nov 2014 21:32:46 +0000
+Subject: Fix Savannah bug #43547.
+
+* src/pcf/pcfread.c (pcf_read_TOC): Check `size' and `offset'
+values.
+---
+Index: freetype-2.4.8/src/pcf/pcfread.c
+===================================================================
+--- freetype-2.4.8.orig/src/pcf/pcfread.c 2015-02-24 10:22:06.163825716 -0500
++++ freetype-2.4.8/src/pcf/pcfread.c 2015-02-24 10:22:06.159825681 -0500
+@@ -152,6 +152,21 @@
+ break;
+ }
+
++ /* we now check whether the `size' and `offset' values are reasonable: */
++ /* `offset' + `size' must not exceed the stream size */
++ tables = face->toc.tables;
++ for ( n = 0; n < toc->count; n++ )
++ {
++ /* we need two checks to avoid overflow */
++ if ( ( tables->size > stream->size ) ||
++ ( tables->offset > stream->size - tables->size ) )
++ {
++ error = PCF_Err_Invalid_Table;
++ goto Exit;
++ }
++ tables++;
++ }
++
+ #ifdef FT_DEBUG_LEVEL_TRACE
+
+ {
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9674-4.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9674-4.patch
@@ -0,0 +1,36 @@
+Backport of:
+
+From cd4a5a26e591d01494567df9dec7f72d59551f6e Mon Sep 17 00:00:00 2001
+From: suzuki toshiya
+Date: Wed, 26 Nov 2014 15:20:48 +0000
+Subject: * src/base/ftobj.c (Mac_Read_POST_Resource): Additional
+
+overflow check in the summation of POST fragment lengths,
+suggested by Mateusz Jurczyk .
+---
+Index: freetype-2.4.8/src/base/ftobjs.c
+===================================================================
+--- freetype-2.4.8.orig/src/base/ftobjs.c 2015-02-24 10:32:04.941021117 -0500
++++ freetype-2.4.8/src/base/ftobjs.c 2015-02-24 10:32:04.941021117 -0500
+@@ -1566,8 +1566,10 @@
+ */
+ FT_TRACE4(( " POST fragment #%d: length=0x%08x\n",
+ i, temp));
+- if ( 0x7FFFFFFFUL < temp )
++ if ( 0x7FFFFFFFUL < temp || pfb_len + temp + 6 < pfb_len )
+ {
++ FT_TRACE2(( " too long fragment length makes"
++ " pfb_len confused: temp=0x%08x\n", temp ));
+ error = FT_Err_Invalid_Offset;
+ goto Exit;
+ }
+@@ -1580,8 +1582,7 @@
+ resource_cnt, pfb_len + 2));
+ if ( pfb_len + 2 < 6 ) {
+ FT_TRACE2(( " too long fragment length makes"
+- " pfb_len confused: 0x%08x\n",
+- pfb_len ));
++ " pfb_len confused: pfb_len=0x%08x\n", pfb_len ));
+ error = FT_Err_Array_Too_Large;
+ goto Exit;
+ }
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9667.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9667.patch
@@ -0,0 +1,38 @@
+Backport of:
+
+From 677ddf4f1dc1b36cef7c7ddd59a14c508f4b1891 Mon Sep 17 00:00:00 2001
+From: Werner Lemberg
+Date: Wed, 12 Nov 2014 20:26:44 +0000
+Subject: [sfnt] Fix Savannah bug #43590.
+
+* src/sfnt/ttload.c (check_table_dir, tt_face_load_font_dir):
+Protect against addition overflow.
+---
+Index: freetype-2.4.8/src/sfnt/ttload.c
+===================================================================
+--- freetype-2.4.8.orig/src/sfnt/ttload.c 2015-02-24 10:11:31.606211984 -0500
++++ freetype-2.4.8/src/sfnt/ttload.c 2015-02-24 10:11:31.606211984 -0500
+@@ -208,7 +208,10 @@
+ }
+
+ /* we ignore invalid tables */
+- if ( table.Offset + table.Length > stream->size )
++
++ /* table.Offset + table.Length > stream->size ? */
++ if ( table.Length > stream->size ||
++ table.Offset > stream->size - table.Length )
+ {
+ FT_TRACE2(( "check_table_dir: table entry %d invalid\n", nn ));
+ continue;
+@@ -396,7 +399,10 @@
+ entry->Length = FT_GET_LONG();
+
+ /* ignore invalid tables */
+- if ( entry->Offset + entry->Length > stream->size )
++
++ /* entry->Offset + entry->Length > stream->size ? */
++ if ( entry->Length > stream->size ||
++ entry->Offset > stream->size - entry->Length )
+ continue;
+ else
+ {
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9657.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9657.patch
@@ -0,0 +1,40 @@
+Backport of:
+
+From eca0f067068020870a429fe91f6329e499390d55 Mon Sep 17 00:00:00 2001
+From: Werner Lemberg
+Date: Mon, 24 Nov 2014 09:22:08 +0000
+Subject: [truetype] Fix Savannah bug #43679.
+
+* src/truetype/ttpload.c (tt_face_load_hdmx): Check minimum size of
+`record_size'.
+---
+Index: freetype-2.4.8/src/truetype/ttpload.c
+===================================================================
+--- freetype-2.4.8.orig/src/truetype/ttpload.c 2015-02-24 09:51:49.696800517 -0500
++++ freetype-2.4.8/src/truetype/ttpload.c 2015-02-24 09:51:49.692800485 -0500
+@@ -508,9 +508,9 @@
+ record_size = FT_NEXT_ULONG( p );
+
+ /* The maximum number of bytes in an hdmx device record is the */
+- /* maximum number of glyphs + 2; this is 0xFFFF + 2; this is */
+- /* the reason why `record_size' is a long (which we read as */
+- /* unsigned long for convenience). In practice, two bytes */
++ /* maximum number of glyphs + 2; this is 0xFFFF + 2, thus */
++ /* explaining why `record_size' is a long (which we read as */
++ /* unsigned long for convenience). In practice, two bytes are */
+ /* sufficient to hold the size value. */
+ /* */
+ /* There are at least two fonts, HANNOM-A and HANNOM-B version */
+@@ -522,8 +522,10 @@
+ record_size &= 0xFFFFU;
+
+ /* The limit for `num_records' is a heuristic value. */
+-
+- if ( version != 0 || num_records > 255 || record_size > 0x10001L )
++ if ( version != 0 ||
++ num_records > 255 ||
++ record_size > 0x10001L ||
++ record_size < 4 )
+ {
+ error = TT_Err_Invalid_File_Format;
+ goto Fail;
--- freetype-2.4.8.orig/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9656-bp-1.patch
+++ freetype-2.4.8/debian/patches-freetype/CVE-2014-96xx/CVE-2014-9656-bp-1.patch
@@ -0,0 +1,62 @@
+From ba931be2af19a2a37ad55d66cd7bc53dbc0c18dc Mon Sep 17 00:00:00 2001
+From: Xi Wang
+Date: Thu, 24 Jan 2013 23:57:09 +0000
+Subject: [sfnt] Fix broken pointer overflow checks.
+
+Many compilers such as gcc and clang optimize away pointer overflow
+checks `p + n < p', because pointer overflow is undefined behavior.
+Use a safe form `n > p_limit - p' instead.
+
+Also avoid possible integer overflow issues, for example, using
+`num_glyphs > ( p_limit - p ) / 2' rather than `num_glyphs * 2'
+given a large `num_glyphs'.
+
+* src/sfnt/ttsbit0.c (tt_sbit_decoder_load_image): Implement it.
+---
+Index: freetype-2.4.8/src/sfnt/ttsbit0.c
+===================================================================
+--- freetype-2.4.8.orig/src/sfnt/ttsbit0.c 2015-02-24 09:40:50.039531796 -0500
++++ freetype-2.4.8/src/sfnt/ttsbit0.c 2015-02-24 09:40:50.039531796 -0500
+@@ -819,11 +819,11 @@
+ image_offset = FT_NEXT_ULONG( p );
+
+ /* overflow check */
+- if ( decoder->eblc_base + decoder->strike_index_array + image_offset <
+- decoder->eblc_base )
++ p = decoder->eblc_base + decoder->strike_index_array;
++ if ( image_offset > (FT_ULong)( p_limit - p ) )
+ goto Failure;
+
+- p = decoder->eblc_base + decoder->strike_index_array + image_offset;
++ p += image_offset;
+ if ( p + 8 > p_limit )
+ goto NoBitmap;
+
+@@ -890,11 +890,8 @@
+
+ num_glyphs = FT_NEXT_ULONG( p );
+
+- /* overflow check */
+- if ( p + ( num_glyphs + 1 ) * 4 < p )
+- goto Failure;
+-
+- if ( p + ( num_glyphs + 1 ) * 4 > p_limit )
++ /* overflow check for p + ( num_glyphs + 1 ) * 4 */
++ if ( num_glyphs > (FT_ULong)( ( ( p_limit - p ) >> 2 ) - 1 ) )
+ goto NoBitmap;
+
+ for ( mm = 0; mm < num_glyphs; mm++ )
+@@ -932,11 +929,8 @@
+
+ num_glyphs = FT_NEXT_ULONG( p );
+
+- /* overflow check */
+- if ( p + 2 * num_glyphs < p )
+- goto Failure;
+-
+- if ( p + 2 * num_glyphs > p_limit )
++ /* overflow check for p + 2 * num_glyphs */
++ if ( num_glyphs > (FT_ULong)( ( p_limit - p ) >> 1 ) )
+ goto NoBitmap;
+
+ for ( mm = 0; mm < num_glyphs; mm++ )