Change log for freetype package in Ubuntu
| 1 → 75 of 194 results | First • Previous • Next • Last |
| Published in oracular-release |
| Published in noble-release |
| Deleted in noble-proposed (Reason: Moved to noble) |
freetype (2.13.2+dfsg-1build3) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- Steve Langasek <email address hidden> Sun, 31 Mar 2024 05:23:47 +0000
Available diffs
freetype (2.13.2+dfsg-1build2) noble; urgency=medium * Rebuild against new libpng16-16t64. -- Gianfranco Costamagna <email address hidden> Tue, 19 Mar 2024 14:17:17 +0100
Available diffs
| Superseded in noble-proposed |
freetype (2.13.2+dfsg-1build1) noble; urgency=medium * No-change rebuild against libpng16-16t64 -- Steve Langasek <email address hidden> Thu, 29 Feb 2024 06:34:02 +0000
Available diffs
| Deleted in noble-updates (Reason: superseded by release) |
| Superseded in noble-release |
| Deleted in noble-proposed (Reason: Moved to noble) |
freetype (2.13.2+dfsg-1) unstable; urgency=medium
* New upstream version 2.13.2:
+ Better support for CFF2 variation fonts.
+ TrueType interpreter version 38 has been removed.
* debian/patches: Drop ftlint.patch and ftmulti.patch (applied upstream).
-- Hugh McMaster <email address hidden> Mon, 28 Aug 2023 21:12:08 +1000
Available diffs
- diff from 2.13.1+dfsg-1 to 2.13.2+dfsg-1 (381.1 KiB)
| Superseded in noble-release |
| Published in mantic-release |
| Deleted in mantic-proposed (Reason: Moved to mantic) |
freetype (2.13.1+dfsg-1) unstable; urgency=medium
* New upstream version 2.13.1:
+ TrueType interpreter version 38 has been deactivated.
+ Updates to the 'ftbench', 'ftview' and 'ftmulti' demo programs.
* debian/control: Drop transitional package libfreetype6-dev
(Closes: #1038235).
* debian/copyright: Update for FreeType 2.13.1.
* debian/patches:
+ Refresh ftoption.patch.
+ ftlint.patch: Instruct man(1) to run the `tbl` preprocessor.
+ ftmulti.patch: Fix spelling and comments in src/ftmulti.c.
* libfreetype6: Update symbols file.
* debian/rules: Exclude sitemap.xml.gz during dh_installdocs-indep.
-- Hugh McMaster <email address hidden> Thu, 17 Aug 2023 21:53:14 +1000
Available diffs
- diff from 2.13.0+dfsg-1 to 2.13.1+dfsg-1 (704.1 KiB)
freetype (2.13.0+dfsg-1) unstable; urgency=medium
* New upstream version 2.13.0:
+ The 'COLR' v1 API is now considered stable.
+ TrueType interpreter version 38 (also known as 'Infinality') has been
deprecated and will be removed in the next upstream version.
+ TrueType interpreter version 40 remains the default.
+ Various updates to the demo programs.
* debian/control:
+ Update Maintainer email address.
+ {Build-}Depend on libbz2-dev.
* debian/copyright: Update for FreeType 2.13.0 and 2023.
* debian/patches:
+ Drop CVE-*, fix-wild-free-svg and hardening patches.
+ Refresh hide-donations-information.patch.
+ Rename enable-subpixel-rendering.patch to ftoption.patch.
+ Enable long PCF font family names in ftoption.h.
* debian/rules: Update configure flags for main and udeb builds.
* freetype2-doc: Update Lintian overrides.
* libfreetype6: Update symbols file.
-- Hugh McMaster <email address hidden> Thu, 13 Jul 2023 21:39:06 +1000
Available diffs
- diff from 2.12.1+dfsg-5 to 2.13.0+dfsg-1 (834.0 KiB)
freetype (2.12.1+dfsg-4ubuntu0.1) lunar-security; urgency=medium
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2023-2004.patch: fix a integer overflow
in src/truetype/ttgxvar.c.
- CVE-2023-2004
-- Leonidas Da Silva Barbosa <email address hidden> Tue, 02 May 2023 06:56:00 -0300
Available diffs
freetype (2.11.1+dfsg-1ubuntu0.2) jammy-security; urgency=medium
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2023-2004.patch: fix a integer overflow
in src/truetype/ttgxvar.c.
- CVE-2023-2004
-- Leonidas Da Silva Barbosa <email address hidden> Tue, 02 May 2023 08:19:28 -0300
Available diffs
freetype (2.12.1+dfsg-3ubuntu0.1) kinetic-security; urgency=medium
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2023-2004.patch: fix a integer overflow
in src/truetype/ttgxvar.c.
- CVE-2023-2004
-- Leonidas Da Silva Barbosa <email address hidden> Tue, 02 May 2023 07:22:49 -0300
Available diffs
freetype (2.10.1-2ubuntu0.3) focal-security; urgency=medium
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2023-2004.patch: fix a integer overflow
in src/truetype/ttgxvar.c.
- CVE-2023-2004
-- Leonidas Da Silva Barbosa <email address hidden> Tue, 02 May 2023 08:24:45 -0300
Available diffs
- diff from 2.10.1-2ubuntu0.2 to 2.10.1-2ubuntu0.3 (992 bytes)
freetype (2.12.1+dfsg-5) unstable; urgency=medium
* debian/patches: Add a patch to fix CVE-2023-2004 (Closes: #1034612).
- Integer overflow in tt_hvadvance_adjust().
-- Hugh McMaster <email address hidden> Thu, 20 Apr 2023 21:08:03 +1000
Available diffs
- diff from 2.12.1+dfsg-4 to 2.12.1+dfsg-5 (1.0 KiB)
| Superseded in mantic-release |
| Published in lunar-release |
| Deleted in lunar-proposed (Reason: Moved to lunar) |
freetype (2.12.1+dfsg-4) unstable; urgency=medium
[ Debian Janitor ]
* Update Lintian override info format in freetype2-demos.lintian-overrides.
* Re-export upstream signing key without extra signatures.
* Raise Standards-Version to 4.6.2 (no changes needed).
[ Hugh McMaster ]
* debian/control: Update Homepage URL.
* debian/control, debian/rules:
+ Add the 'pkg.freetype.nodemos' build profile (Closes: #1011049).
+ Support the 'noudeb' build profile (Closes: #1024949).
+ Drop support for the deprecated 'stage1' build profile.
* debian/copyright:
+ Update Source URL.
+ Update 'debian' copyright block for 2023.
* debian/rules: Remove un-needed dh_install exclusion from the override.
* debian/upstream/metadata: Add upstream repositories and update values.
* freetype2-demos: Update typo-in-manual-page Lintian override.
* lintian-overrides: Drop source-contains-prebuilt-javascript-object.
* freetype2-demos: Install binaries and man pages via upstream Makefile.
-- Hugh McMaster <email address hidden> Thu, 12 Jan 2023 23:05:22 +1100
Available diffs
- diff from 2.12.1+dfsg-3 to 2.12.1+dfsg-4 (7.9 KiB)
freetype (2.8.1-2ubuntu2.2) bionic-security; urgency=medium
* SECURITY UPDATE: Heap buffer overflow in sfnt_init_face
- debian/patches-freetype/CVE-2022-27404.patch: avoid invalid face
index in src/sfnt/sfobjs.c.
- CVE-2022-27404
* SECURITY UPDATE: Segmentation violation in FNT_Size_Request
- debian/patches-freetype/CVE-2022-27405.patch: properly guard
face_index in src/base/ftobjs.c.
- CVE-2022-27405
* SECURITY UPDATE: Segmentation violation in FT_Request_Size
- debian/patches-freetype/CVE-2022-27406.patch: guard face->size in
src/base/ftobjs.c.
- CVE-2022-27406
* SECURITY UPDATE: Heap-based buffer overflow in ftbench demo
- debian/patches-ft2demos/CVE-2022-31782.patch: check the number of
glyphs in src/ftbench.c.
- CVE-2022-31782
-- Marc Deslauriers <email address hidden> Tue, 19 Jul 2022 12:39:11 -0400
Available diffs
freetype (2.11.1+dfsg-1ubuntu0.1) jammy-security; urgency=medium
* SECURITY UPDATE: Heap buffer overflow in sfnt_init_face
- debian/patches/CVE-2022-27404.patch: avoid invalid face index in
src/sfnt/sfobjs.c, src/sfnt/sfwoff2.c.
- CVE-2022-27404
* SECURITY UPDATE: Segmentation violation in FNT_Size_Request
- debian/patches/CVE-2022-27405.patch: properly guard face_index in
src/base/ftobjs.c.
- CVE-2022-27405
* SECURITY UPDATE: Segmentation violation in FT_Request_Size
- debian/patches/CVE-2022-27406.patch: guard face->size in
src/base/ftobjs.c.
- CVE-2022-27406
* SECURITY UPDATE: Heap-based buffer overflow in ftbench demo
- debian/patches/CVE-2022-31782.patch: check the number of glyphs in
ft2demos/src/ftbench.c.
- CVE-2022-31782
-- Marc Deslauriers <email address hidden> Tue, 19 Jul 2022 11:13:32 -0400
freetype (2.10.1-2ubuntu0.2) focal-security; urgency=medium
* SECURITY UPDATE: Heap buffer overflow in sfnt_init_face
- debian/patches/CVE-2022-27404.patch: avoid invalid face index in
src/sfnt/sfobjs.c.
- CVE-2022-27404
* SECURITY UPDATE: Segmentation violation in FNT_Size_Request
- debian/patches/CVE-2022-27405.patch: properly guard face_index in
src/base/ftobjs.c.
- CVE-2022-27405
* SECURITY UPDATE: Segmentation violation in FT_Request_Size
- debian/patches/CVE-2022-27406.patch: guard face->size in
src/base/ftobjs.c.
- CVE-2022-27406
* SECURITY UPDATE: Heap-based buffer overflow in ftbench demo
- debian/patches/CVE-2022-31782.patch: check the number of glyphs in
ft2demos/src/ftbench.c.
- CVE-2022-31782
-- Marc Deslauriers <email address hidden> Tue, 19 Jul 2022 11:28:34 -0400
Available diffs
| Superseded in lunar-release |
| Obsolete in kinetic-release |
| Deleted in kinetic-proposed (Reason: Moved to kinetic) |
freetype (2.12.1+dfsg-3) unstable; urgency=medium
* debian/control: Raise Standards-Version to 4.6.1 (no changes needed).
* debian/patches:
- ftbench: Exit if the number of glyphs is zero (CVE-2022-31782).
- Fix a wild free in certain OT-SVG fonts (Closes: #1013094).
Thanks to Ben Wagner for providing a patch.
- Harden the demos by appending CPPFLAGS to CFLAGS.
-- Hugh McMaster <email address hidden> Sun, 19 Jun 2022 21:55:46 +1000
Available diffs
- diff from 2.12.1+dfsg-2 to 2.12.1+dfsg-3 (1.9 KiB)
freetype (2.12.1+dfsg-2) unstable; urgency=medium
* Revert "debian/control: Build-Depend on librsvg2-dev".
- Avoid breaking cross-architecture bootstrap.
-- Hugh McMaster <email address hidden> Mon, 16 May 2022 21:58:31 +1000
Available diffs
- diff from 2.11.1+dfsg-2 to 2.12.1+dfsg-2 (860.1 KiB)
- diff from 2.12.1+dfsg-1 to 2.12.1+dfsg-2 (507 bytes)
| Superseded in kinetic-proposed |
freetype (2.12.1+dfsg-1) unstable; urgency=medium
* New upstream version: Support for OpenType SVG fonts in the demo programs.
* debian/copyright: Update for FreeType 2.12.1.
* debian/patches: Drop cff-segfault, integer-overflow, reset-iup-flags,
sdf-invisible-glyphs and set-ft-face-flag-color patches.
* debian/control: Build-Depend on librsvg2-dev.
* debian/rules: Build the udeb package without librsvg.
* Update upstream's GPG public signing key.
-- Hugh McMaster <email address hidden> Fri, 13 May 2022 19:46:58 +1000
Available diffs
- diff from 2.12.0+dfsg-1 to 2.12.1+dfsg-1 (650.9 KiB)
| Superseded in kinetic-proposed |
freetype (2.12.0+dfsg-1) unstable; urgency=medium
* New upstream version:
- Support for OpenType SVG fonts. By default, FreeType will only load
the 'SVG' table of an OpenType font. Please note: OT-SVG support will
be enabled in Debian when FreeType 2.12.1 is released.
- Improved handling of fonts with an 'sbix' table.
* Update upstream's GPG signing key.
* debian/control: freetype-doc no longer Depends on libjs-jquery.
* debian/copyright: Update for FreeType 2.12.0.
* debian/patches:
- Drop CVE-2022-27404, CVE-2022-27405, CVE-2022-27406 and jquery patches.
- Refresh enable-gxvalid-otvalid and hide-donations-information patches.
- Cherry-pick upstream patches:
+ Set FT_FACE_FLAG_COLOR
+ Properly handle invisible glyphs
+ Fix rendering of certain glyphs
+ Prevent an integer overflow
+ Fix a segfault when size is NULL.
* Update a comment in the Lintian source-overrides file.
-- Hugh McMaster <email address hidden> Sun, 08 May 2022 19:03:37 +1000
Available diffs
- diff from 2.11.1+dfsg-2 to 2.12.0+dfsg-1 (609.4 KiB)
freetype (2.11.1+dfsg-2) unstable; urgency=high
* Add upstream patches to fix multiple vulnerabilities. Closes: #1010183.
- CVE-2022-27404: heap buffer overflow via invalid integer decrement in
sfnt_init_face() and woff2_open_font().
- CVE-2022-27405: segmentation violation via ft_open_face_internal() when
attempting to read the value of FT_LONG face_index.
- CVE-2022-27406: segmentation violation via FT_Request_Size() when
attempting to read the value of an unguarded face size handle.
* debian/copyright: Update debian/* section for 2022.
-- Hugh McMaster <email address hidden> Tue, 26 Apr 2022 23:16:58 +1000
Available diffs
| Superseded in kinetic-release |
| Published in jammy-release |
| Deleted in jammy-proposed (Reason: Moved to jammy) |
freetype (2.11.1+dfsg-1build1) jammy; urgency=medium * No-change rebuild for ppc64el baseline bump. -- Ćukasz 'sil2100' Zemczak <email address hidden> Wed, 23 Mar 2022 14:52:51 +0100
Available diffs
freetype (2.11.1+dfsg-1) unstable; urgency=medium
* New upstream version:
- Experimental COLR v1 API updated to OpenType standard 1.9.
- Some fields in the 'CID_FaceDictRec', 'CID_FaceInfoRec' and 'FT_Data'
structures have been changed from signed to unsigned types.
- Removal of legacy blitter from graph-based demos.
* freetype2-doc:
- Remove links file. The tutorial documentation no longer uses jQuery.
- Don't install the CMAKE file.
* libfreetype6: Update symbols file for FreeType 2.11.1.
* Remove all files in debian/missing-sources (no longer needed).
* debian/control:
- libfreetype-dev now Provides libfreetype6-dev (Closes: #1002049).
Thanks to Jochen Sprickerhof for supplying a patch.
- No longer Build-Depend on libjs-jquery.
* debian/copyright: Update for FreeType 2.11.1.
* debian/patches:
- Drop autogen-no-git.patch (applied upstream).
- Drop ft2demos-no-rpath.patch and fix-js-doc-paths.patch.
Neither patch is needed due to upstream changes.
- Add a patch to remove remaining jQuery script tags.
- use-donation-button.patch: Use a button instead of an image for
donations. Thanks to Paul Wise for the patch. (Closes: #998065).
* debian/rules:
- Update files excluded during the dh_installdocs-indep override.
- Trim relative folder paths in the tutorial documentation.
- Drop string substitution of the #defined value of SIZEOF_LONG.
This is no longer needed due to upstream changes.
* debian/upstream/metadata: Update for FreeType 2.11.1.
-- Hugh McMaster <email address hidden> Wed, 29 Dec 2021 10:22:50 +1100
Available diffs
- diff from 2.11.0+dfsg-1 to 2.11.1+dfsg-1 (931.0 KiB)
freetype (2.11.0+dfsg-1) unstable; urgency=medium
* New upstream version:
- Support for creating 8-bit Signed Distance Field (SDF) bitmaps for both
outline and bitmap glyphs via a new rendering module.
- Access to surfacing properties of 'COLR' v1 color fonts via a new
experimental API.
- Further demotion of the legacy Type 1 and CFF engines due to a lack of
support for CFF2 charstrings.
- Correct handling of PCF bitmap fonts compressed with LZW.
- Enhancements to various demo programs.
* Subpixel rendering re-enabled for release builds.
* debian/control:
- Raise Standards-Version to 4.6.0 from 4.5.1 (no changes needed).
- Replace fonts-material-design-icons-iconfont with fonts-dejavu-core.
* debian/copyright: Update for FreeType 2.11.0.
* debian/gbp.conf: Use DEP-14 branch naming.
* debian/libfreetype6.symbols: Update for FreeType 2.11.0.
* debian/patches:
- autogen-no-git.patch: Only use git commands if building from a branch.
- Drop remove-gstatic-code.patch (replaced by sed commands in d/rules).
- Update and refresh other patches.
* debian/rules:
- Include /usr/share/dpkg/architecture.mk.
- Update file exclusions in dh_installdocs-indep.
- Remove specific lines from the HTML reference documentation to prevent
Lintian privacy-* warnings.
* debian/source/lintian-overrides: Silence errors about long lines in the
HTML documentation.
* freetyp2-demos: Add wildcard line context to the typo-in-manual-page tag.
* Remove legacy maintscripts (freetype2-demos, libfreetype6-dev).
-- Hugh McMaster <email address hidden> Thu, 14 Oct 2021 22:06:22 +1100
Available diffs
| Superseded in jammy-release |
| Deleted in jammy-proposed (Reason: Moved to jammy) |
| Deleted in impish-proposed (Reason: Moved ot jammy) |
freetype (2.10.4+dfsg-1build2) impish; urgency=medium * No-change rebuild to build packages with zstd compression. -- Matthias Klose <email address hidden> Thu, 07 Oct 2021 12:11:42 +0200
Available diffs
| Superseded in jammy-release |
| Obsolete in impish-release |
| Obsolete in hirsute-release |
| Deleted in hirsute-proposed (Reason: moved to Release) |
freetype (2.10.4+dfsg-1build1) hirsute; urgency=medium * No-change rebuild to drop the udeb package. -- Matthias Klose <email address hidden> Mon, 22 Feb 2021 10:33:10 +0100
Available diffs
freetype (2.10.4+dfsg-1) unstable; urgency=medium
* New upstream version:
- Fix for CVE-2020-15999 (heap buffer overflow) now included.
- New flag `FT_OUTLINE_OVERLAP' available to make the smooth rasterizer do
4x4 oversampling to mitigate artifacts in pixels partially covered by
overlapping contours. This at least quadruples the rendering time.
FreeType automatically uses this rendering mode if a glyph in a TrueType
font has the `OVERLAP_SIMPLE' or `OVERLAP_COMPOUND' bit set.
- Including FreeType header files via FT_*_H macros is no longer required.
Downstream packages are encouraged to include the FreeType headers via
standard paths, e.g. #include <freetype/freetype.h>.
- Support for building with Meson.
- Fixes for various memory leaks, primarily in the CFF driver module.
- Jam support has been removed.
- Many improvements to demo programs.
- The obsolete `HAVE_STDINT_H' probing macro has been removed.
- Public macro definitions required by the FreeType API have been moved to
include/freetype/config/public-macros.h.
- Private macro definitions used by the FreeType API have been moved to
include/freetype/config/compiler-macros.h.
- New common header for integer data types added.
* debian/control:
- Build-Depend on zlib1g-dev | libz-dev.
- Raise Standards-Version from 4.5.0 to 4.5.1 (no changes needed).
* debian/copyright:
- Update for FreeType 2.10.4.
- Remove redundant globbing patterns.
* debian/patches:
- Drop cve-2020-15999.patch (fix included in FreeType 2.10.4).
- Refresh enable-subpixel-rendering.patch.
- Refresh hide-donations-information.patch.
* debian/rules: Remove debian/udeb directory before building.
* debian/tests/libfreetype-dev: Replace the FT_FREETYPE_H macro with a
standard header inclusion.
-- Hugh McMaster <email address hidden> Sat, 05 Dec 2020 19:20:58 +1100
Available diffs
- diff from 2.10.2+dfsg-4 to 2.10.4+dfsg-1 (482.5 KiB)
freetype (2.10.2+dfsg-4) unstable; urgency=high
* debian/patches: Add upstream patch for CVE-2020-15999 (Closes: #972586).
- Prevent heap buffer overflow when handling embedded PNG bitmaps
in malformed TrueType font files.
-- Hugh McMaster <email address hidden> Wed, 21 Oct 2020 09:39:47 +1100
Available diffs
freetype (2.6.1-0.1ubuntu2.5) xenial-security; urgency=medium
* SECURITY UPDATE: heap buffer overflow via integer truncation in
Load_SBit_Png
- debian/patches-freetype/CVE-2020-15999.patch: Update
src/sfnt/pngshim.c to test and reject invalid bitmap size earlier in
Load_SBit_Png. Based on upstream patch.
- CVE-2020-15999
-- Alex Murray <email address hidden> Tue, 20 Oct 2020 12:53:06 +1030
Available diffs
freetype (2.8.1-2ubuntu2.1) bionic-security; urgency=medium
* SECURITY UPDATE: heap buffer overflow via integer truncation in
Load_SBit_Png
- debian/patches-freetype/CVE-2020-15999.patch: Update
src/sfnt/pngshim.c to test and reject invalid bitmap size earlier in
Load_SBit_Png. Based on upstream patch.
- CVE-2020-15999
-- Alex Murray <email address hidden> Tue, 20 Oct 2020 12:49:06 +1030
Available diffs
freetype (2.10.1-2ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: heap buffer overflow via integer truncation in
Load_SBit_Png
- debian/patches/CVE-2020-15999.patch: Update src/sfnt/pngshim.c to
test and reject invalid bitmap size earlier in Load_SBit_Png. Based on
upstream patch.
- CVE-2020-15999
-- Alex Murray <email address hidden> Tue, 20 Oct 2020 12:37:23 +1030
Available diffs
| Superseded in hirsute-release |
| Deleted in hirsute-proposed (Reason: moved to Release) |
| Superseded in hirsute-proposed |
| Obsolete in groovy-updates |
| Obsolete in groovy-security |
freetype (2.10.2+dfsg-3ubuntu1) groovy; urgency=medium
* SECURITY UPDATE: heap buffer overflow via integer truncation in
Load_SBit_Png
- debian/patches/CVE-2020-15999.patch: Update src/sfnt/pngshim.c to
test and reject invalid bitmap size earlier in Load_SBit_Png. Based on
upstream patch.
- CVE-2020-15999
-- Alex Murray <email address hidden> Tue, 20 Oct 2020 12:28:06 +1030
Available diffs
| Superseded in hirsute-release |
| Obsolete in groovy-release |
| Deleted in groovy-proposed (Reason: moved to Release) |
freetype (2.10.2+dfsg-3) unstable; urgency=medium
[ Simon McVittie ]
* d/tests: Add a superficial compile/link/run autopkgtest (Closes: #964246).
[ Hugh McMaster ]
* debian/rules:
- Update a comment.
- Fix whitespace formatting.
- Override dh_auto_clean to clean up ft2demos.
- Override dh_auto_clean to remove objs/.libs/libfreetype.ver.
- Run a separate build sequence for libfreetype6-udeb, which should not
depend on libbrotli1 (Closes: #964774).
* Minor stylistic changes to d/tests/libfreetype-dev.
- Thanks to Simon McVittie for writing the autopkgtest.
-- Hugh McMaster <email address hidden> Wed, 15 Jul 2020 22:10:01 +1000
Available diffs
- diff from 2.10.2+dfsg-2 to 2.10.2+dfsg-3 (1.9 KiB)
freetype (2.10.2+dfsg-2) unstable; urgency=medium
* debian/control: Add libbrotli-dev as a dependency of libfreetype-dev
(Closes: #964185).
-- Hugh McMaster <email address hidden> Fri, 03 Jul 2020 22:40:45 +1000
Available diffs
freetype (2.10.2+dfsg-1ubuntu1) groovy; urgency=medium * Add missing dependency on libbrotli-dev (Closes: #964185) -- Gianfranco Costamagna <email address hidden> Fri, 03 Jul 2020 12:47:13 +0200
Available diffs
| Superseded in groovy-proposed |
freetype (2.10.2+dfsg-1) unstable; urgency=medium
* New upstream version:
- Support for WOFF2 fonts.
- Type 1 fonts with non-integer metrics are now supported by the new
(CFF) engine introduced in FreeType 2.9.
- Auto-hinter support for Hanifi Rohingya.
* Repack to remove non-DFSG-compatible minified JavaScript files from the
main upstream tarball.
* debian/control:
- Raise Standards-Version to 4.5.0 from 4.4.1.
- Sort Build-Depends list.
- Use debhelper-compat version 13.
- Build-Depend on libbrotli-dev to support WOFF2 fonts.
- Sort the libfreetype-dev Depends field.
- Recommend fonts-material-design-icons-iconfont with freetype2-doc.
* debian/copyright:
- Update for FreeType 2.10.2.
- Add Files-Excluded field.
- Remove copyright information for Excluded files.
* debian/gbp.conf:
- Always use pristine-tar.
- Add component option for import-orig and export-orig.
* Add debian/not-installed.
* debian/patches:
- Drop scale-phantom-points.patch and verbose-libtool.patch.
- remove-gstatic-code.patch: Update file paths and patch content.
- fix-js-doc-paths.patch: Add missing HTML files.
- hide-donations-information.patch: Refresh patch.
- Update patch order in the series file.
* debian/rules:
- Remove the dh_auto_install override.
- Stop moving the HTML documentation (problem fixed upstream).
- Force installation of correct ChangeLog for freetype2-demos.
- Install the HTML documentation in libfreetype-dev but package the files
in freetype2-doc (as preferred by Debian Policy section 12.3).
- Install the CHANGES and PCF README files in libfreetype-dev.
- Do not install docs/reference/assets/images. These files are not used.
- Drop the reference/README installation exclusion in freetype2-docs.
* debian/watch:
- Download xz-compressed tarballs (Closes: #952973).
- Update the filenamemangle used with the ft2docs tarball component.
- Don't call uupdate.
- Repack the main upstream source tarball to comply with the DFSG.
* freetype2-demos:
- Update manpage source path.
- Use renamed lintian tag.
* freetype2-doc:
- Update doc-base registration paths.
- Install jQuery symlink in libfreetype-dev.
- Update paths in lintian overrides.
-- Hugh McMaster <email address hidden> Thu, 02 Jul 2020 22:00:01 +1000
| Superseded in groovy-release |
| Published in focal-release |
| Deleted in focal-proposed (Reason: moved to Release) |
freetype (2.10.1-2) unstable; urgency=medium
* Release to unstable.
* debian/control:
- Raise Standards-Version to 4.4.1 from 4.4.0 (no changes needed).
- Add Rules-Requires-Root: no.
* debian/rules:
- Move the FreeType API Reference location to docs/reference to revert an
incorrect upstream change introduced in FreeType 2.10.
- Update dh_installdocs-indep path exclusion to account for the change to
the API Reference path.
* debian/patches:
- Drop fix-api-reference-hyperlink.patch.
- Add a patch to fix broken JavaScript paths in the documentation.
* freetype2-doc:
- Update the API Reference path in the doc-base file.
- Update Lintian overrides.
-- Hugh McMaster <email address hidden> Mon, 07 Oct 2019 23:42:48 +1100
Available diffs
- diff from 2.9.1-4 to 2.10.1-2 (1.6 MiB)
freetype (2.4.8-1ubuntu2.7) precise-security; urgency=medium
* SECURITY UPDATE: heap-based buffer over-read
- debian/patches-freetype/CVE-2015-9381.patch: check
if 'eexec' doesn't exceed 'limit' in src/type1/t1parse.c
- CVE-2015-9381
* SECURITY UPDATE: buffer over-read
- debian/patches-freetype/CVE-2015-9382.patch: ensure that
the cursor position doesn't get larger than the current limit
in src/psaux/psobjs.c.
- CVE-2015-9382
* SECURITY UPDATE: heap-based buffer over-read
- debian/patches-freetype/CVE-2015-9383.patch: check
limit before accessing 'numRanges' and numMappings in
src/sfnt/ttcmap.c.
- CVE-2015-9383
-- <email address hidden> (Leonidas S. Barbosa) Fri, 06 Sep 2019 11:05:06 -0300
Available diffs
freetype (2.6.1-0.1ubuntu2.4) xenial-security; urgency=medium
* SECURITY UPDATE: heap-based buffer over-read
- debian/patches-freetype/CVE-2015-9383.patch: check
limit before accessing 'numRanges' and numMappings in
src/sfnt/ttcmap.c.
- CVE-2015-9383
-- <email address hidden> (Leonidas S. Barbosa) Thu, 05 Sep 2019 15:14:37 -0300
Available diffs
| Superseded in focal-release |
| Obsolete in eoan-release |
| Deleted in eoan-proposed (Reason: moved to release) |
freetype (2.9.1-4) unstable; urgency=medium
* debian/compat: Remove legacy file.
* debian/control:
- Build-Depend on debhelper-compat (version 12).
- Raise Standards-Version to 4.4.0 (no changes needed).
- Demote Recommends: freetype2-doc to Suggests (Closes: #919284).
* debian/patches:
- Add an upstream patch to properly handle phantom points for variable
hinted fonts (Closes: #93203).
-- Hugh McMaster <email address hidden> Wed, 24 Jul 2019 19:59:39 +1000
Available diffs
- diff from 2.9.1-3 to 2.9.1-4 (1.7 KiB)
| Superseded in eoan-release |
| Obsolete in disco-release |
| Deleted in disco-proposed (Reason: moved to release) |
freetype (2.9.1-3) unstable; urgency=medium
* Release to unstable.
* libfreetype6-dev: No longer install freetype2.m4, as its functionality has
been superseded by pkg-config.
* libfreetype6.symbols: Specify libfreetype6-dev in the Build-Depends-Package
meta-information field.
-- Hugh McMaster <email address hidden> Thu, 22 Nov 2018 21:15:00 +1100
Available diffs
| Superseded in disco-release |
| Obsolete in cosmic-release |
| Published in bionic-release |
| Deleted in bionic-proposed (Reason: moved to release) |
freetype (2.8.1-2ubuntu2) bionic; urgency=medium
* d/p/0001-truetype-Fix-mmvar-array-pointers.patch,
d/p/0001-truetype-Fix-mmvar-array-pointers-part-2.patch: cherry-picks
from upstream to fix unaligned access on armhf, detected via harfbuzz
build-time test failure.
-- Steve Langasek <email address hidden> Thu, 12 Apr 2018 20:27:12 -0700
Available diffs
freetype (2.8.1-2ubuntu1) bionic; urgency=low
* Merge from Debian unstable. Remaining changes:
- Build with -Werror=maybe-uninitialized when building with -O3.
- debian/patches-freetype/CVE-2018-6942.patch: re sets args array to zero
if not coords in src/truetype/ttinterp.c.
* Dropped changes, included in Debian:
- Error out on the use of the freetype-config --libtool option.
- Don't add multiarch libdirs for freetype-config --libs.
- Make libfreetype6-dev M-A: same.
- debian/rules: post-process ftconfig.h to avoid arch-dependent
definitions for multiarch, and move it back to /usr/include so that
all headers are again in the same path relative to each other.
Available diffs
freetype (2.8.1-0.1ubuntu3) bionic; urgency=medium
* SECURITY UPDATE: NULL dereference pointer
- debian/patches-freetype/CVE-2018-6942.patch: re sets args array to zero
if not coords in src/truetype/ttinterp.c.
- CVE-2018-6942
-- <email address hidden> (Leonidas S. Barbosa) Wed, 14 Feb 2018 12:42:29 -0300
Available diffs
freetype (2.8-0.2ubuntu2.1) artful-security; urgency=medium
* SECURITY UPDATE: NULL dereference pointer
- debian/patches-freetype/CVE-2018-6942.patch: re sets args array to zero
if not coords in src/truetype/ttinterp.c.
- CVE-2018-6942
-- <email address hidden> (Leonidas S. Barbosa) Wed, 14 Feb 2018 12:33:52 -0300
Available diffs
freetype (2.8.1-0.1ubuntu2) bionic; urgency=medium * Build with -Werror=maybe-uninitialized when building with -O3.
Available diffs
- diff from 2.8-0.2ubuntu2 to 2.8.1-0.1ubuntu2 (5.6 MiB)
- diff from 2.8.1-0.1ubuntu1 to 2.8.1-0.1ubuntu2 (513 bytes)
| Superseded in bionic-proposed |
freetype (2.8.1-0.1ubuntu1) bionic; urgency=medium
* Merge with Debian; remaining changes:
- Make libfreetype6-dev M-A: same.
- Error out on the use of the freetype-config --libtool option.
- Don't add multiarch libdirs for freetype-config --libs.
- Install the freetype2/freetype/config headers into the multiarch
include path and provide symlinks in /usr/include.
- debian/rules: post-process ftconfig.h to avoid arch-dependent
definitions for multiarch, and move it back to /usr/include so that
all headers are again in the same path relative to each other.
Available diffs
| Superseded in bionic-release |
| Obsolete in artful-release |
| Deleted in artful-proposed (Reason: moved to release) |
freetype (2.8-0.2ubuntu2) artful; urgency=medium
* debian/rules: post-process ftconfig.h to avoid arch-dependent
definitions for multiarch, and move it back to /usr/include so that all
headers are again in the same path relative to each other.
-- Steve Langasek <email address hidden> Wed, 30 Aug 2017 05:34:29 +0000
Available diffs
freetype (2.8-0.2ubuntu1) artful; urgency=low
* Merge from Debian unstable. Remaining changes:
- Make libfreetype6-dev M-A: same.
- Error out on the use of the freetype-config --libtool option.
- Don't add multiarch libdirs for freetype-config --libs.
- Install the freetype2/freetype/config headers into the multiarch
include path and provide symlinks in /usr/include.
* Drop fixes included in this release
- fix CVE-2016-10328
- debian/patches/0001-Revert-pcf-Signedness-fixes.patch: revert signedness
fixes in pcf which break grub-mkfont (limits glyphs to 32768, which drops
most zh_CN glyphs and probably others). (LP: #1559933)
-- Gianfranco Costamagna <email address hidden> Tue, 04 Jul 2017 08:13:24 +0200
Available diffs
freetype (2.4.8-1ubuntu2.6) precise-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: out-of-bounds write in t1_decoder_parse_charstrings
- debian/patches-freetype/CVE-2017-8105.patch: add a check to
src/psaux/t1decode.c.
- CVE-2017-8105
* SECURITY UPDATE: out-of-bounds write in t1_builder_close_contour
- debian/patches-freetype/CVE-2017-8287.patch: add a check to
src/psaux/psobjs.c.
- CVE-2017-8287
-- Emily Ratliff <email address hidden> Mon, 15 May 2017 20:31:15 -0500
Available diffs
freetype (2.5.2-1ubuntu2.8) trusty-security; urgency=medium
* SECURITY UPDATE: out-of-bounds write in t1_decoder_parse_charstrings
- debian/patches-freetype/CVE-2017-8105.patch: add a check to
src/psaux/t1decode.c.
- CVE-2017-8105
* SECURITY UPDATE: out-of-bounds write in t1_builder_close_contour
- debian/patches-freetype/CVE-2017-8287.patch: add a check to
src/psaux/psobjs.c.
- CVE-2017-8287
-- Marc Deslauriers <email address hidden> Thu, 04 May 2017 11:57:17 -0400
Available diffs
- diff from 2.5.2-1ubuntu2.7 (in ~ubuntu-security/ubuntu/ppa) to 2.5.2-1ubuntu2.8 (1.8 KiB)
- diff from 2.5.2-1ubuntu2.4 to 2.5.2-1ubuntu2.8 (pending)
freetype (2.6.1-0.1ubuntu2.3) xenial-security; urgency=medium
* SECURITY UPDATE: out-of-bounds write in t1_decoder_parse_charstrings
- debian/patches-freetype/CVE-2017-8105.patch: add a check to
src/psaux/t1decode.c.
- CVE-2017-8105
* SECURITY UPDATE: out-of-bounds write in t1_builder_close_contour
- debian/patches-freetype/CVE-2017-8287.patch: add a check to
src/psaux/psobjs.c.
- CVE-2017-8287
-- Marc Deslauriers <email address hidden> Thu, 04 May 2017 11:56:21 -0400
Available diffs
freetype (2.6.3-3ubuntu1.3) yakkety-security; urgency=medium
* SECURITY UPDATE: out-of-bounds write in t1_decoder_parse_charstrings
- debian/patches-freetype/CVE-2017-8105.patch: add a check to
src/psaux/t1decode.c.
- CVE-2017-8105
* SECURITY UPDATE: out-of-bounds write in t1_builder_close_contour
- debian/patches-freetype/CVE-2017-8287.patch: add a check to
src/psaux/psobjs.c.
- CVE-2017-8287
-- Marc Deslauriers <email address hidden> Thu, 04 May 2017 11:55:16 -0400
Available diffs
freetype (2.6.3-3ubuntu2.2) zesty-security; urgency=medium
* SECURITY UPDATE: out-of-bounds write in t1_decoder_parse_charstrings
- debian/patches-freetype/CVE-2017-8105.patch: add a check to
src/psaux/t1decode.c.
- CVE-2017-8105
* SECURITY UPDATE: out-of-bounds write in t1_builder_close_contour
- debian/patches-freetype/CVE-2017-8287.patch: add a check to
src/psaux/psobjs.c.
- CVE-2017-8287
-- Marc Deslauriers <email address hidden> Thu, 04 May 2017 11:48:34 -0400
Available diffs
freetype (2.6.3-3.2ubuntu1) artful; urgency=low
* Merge from Debian unstable. Remaining changes:
- Make libfreetype6-dev M-A: same.
- Error out on the use of the freetype-config --libtool option.
- Don't add multiarch libdirs for freetype-config --libs.
- Install the freetype2/freetype/config headers into the multiarch
include path and provide symlinks in /usr/include.
- debian/patches/0001-Revert-pcf-Signedness-fixes.patch: revert signedness
fixes in pcf which break grub-mkfont (limits glyphs to 32768, which drops
most zh_CN glyphs and probably others). (LP: #1559933)
- fix CVE-2016-10328
-- Gianfranco Costamagna <email address hidden> Sun, 30 Apr 2017 11:43:07 +0200
Available diffs
freetype (2.6.3-3.1ubuntu1) artful; urgency=low
* Merge from Debian unstable. Remaining changes:
- Make libfreetype6-dev M-A: same.
- Error out on the use of the freetype-config --libtool option.
- Don't add multiarch libdirs for freetype-config --libs.
- Install the freetype2/freetype/config headers into the multiarch
include path and provide symlinks in /usr/include.
- debian/patches/0001-Revert-pcf-Signedness-fixes.patch: revert signedness
fixes in pcf which break grub-mkfont (limits glyphs to 32768, which drops
most zh_CN glyphs and probably others). (LP: #1559933)
- fix CVE-2016-10328
* Drop fix for CVE-2016-10244: fixed in previous Debian upload.
-- Gianfranco Costamagna <email address hidden> Sat, 29 Apr 2017 15:50:16 +0200
Available diffs
| Superseded in artful-release |
| Deleted in artful-proposed (Reason: moved to release) |
| Superseded in zesty-updates |
| Superseded in zesty-security |
freetype (2.6.3-3ubuntu2.1) zesty-security; urgency=medium
* SECURITY UPDATE: heap based buffer overflow in cff_parser_run()
- debian/patches-freetype/CVE-2016-10328.patch: add additional check
to parser stack size in src/cff/cffparse.c
- CVE-2016-10328
-- Steve Beattie <email address hidden> Wed, 19 Apr 2017 23:17:25 -0700
Available diffs
freetype (2.6.3-3ubuntu1.2) yakkety-security; urgency=medium
* SECURITY UPDATE: heap based buffer overflow in cff_parser_run()
- debian/patches-freetype/CVE-2016-10328.patch: add additional check
to parser stack size in src/cff/cffparse.c
- CVE-2016-10328
-- Steve Beattie <email address hidden> Wed, 19 Apr 2017 17:31:59 -0700
Available diffs
freetype (2.6.1-0.1ubuntu2.2) xenial-security; urgency=medium
* SECURITY UPDATE: heap based buffer overflow in cff_parser_run()
- debian/patches-freetype/CVE-2016-10328.patch: add additional check
to parser stack size in src/cff/cffparse.c
- CVE-2016-10328
-- Steve Beattie <email address hidden> Wed, 19 Apr 2017 17:29:18 -0700
Available diffs
freetype (2.5.2-1ubuntu2.7) trusty-security; urgency=medium
* SECURITY UPDATE: heap based buffer overflow in cff_parser_run()
- debian/patches-freetype/CVE-2016-10328.patch: add additional check
to parser stack size in src/cff/cffparse.c
- CVE-2016-10328
-- Steve Beattie <email address hidden> Wed, 19 Apr 2017 09:24:10 -0700
Available diffs
freetype (2.4.8-1ubuntu2.5) precise-security; urgency=medium
* SECURITY UPDATE: heap based buffer overflow in cff_parser_run()
- debian/patches-freetype/CVE-2016-10328.patch: add additional check
to parser stack size in src/cff/cffparse.c
- CVE-2016-10328
-- Steve Beattie <email address hidden> Tue, 18 Apr 2017 14:35:42 -0700
Available diffs
freetype (2.4.8-1ubuntu2.4) precise-security; urgency=medium
* SECURITY UPDATE: DoS and possible code execution via missing glyph name
- debian/patches/CVE-2016-10244.patch: add check to src/type1/t1load.c.
- CVE-2016-10244
-- Marc Deslauriers <email address hidden> Thu, 16 Mar 2017 13:42:14 -0400
Available diffs
- diff from 2.4.8-1ubuntu2.3 to 2.4.8-1ubuntu2.4 (984 bytes)
freetype (2.5.2-1ubuntu2.6) trusty-security; urgency=medium
* SECURITY UPDATE: DoS and possible code execution via missing glyph name
- debian/patches/CVE-2016-10244.patch: add check to src/type1/t1load.c.
- CVE-2016-10244
-- Marc Deslauriers <email address hidden> Thu, 16 Mar 2017 13:39:54 -0400
Available diffs
- diff from 2.5.2-1ubuntu2.5 to 2.5.2-1ubuntu2.6 (966 bytes)
freetype (2.6.3-3ubuntu1.1) yakkety-security; urgency=medium
* SECURITY UPDATE: DoS and possible code execution via missing glyph name
- debian/patches/CVE-2016-10244.patch: add check to src/type1/t1load.c.
- CVE-2016-10244
-- Marc Deslauriers <email address hidden> Thu, 16 Mar 2017 13:00:06 -0400
Available diffs
freetype (2.6.1-0.1ubuntu2.1) xenial-security; urgency=medium
* SECURITY UPDATE: DoS and possible code execution via missing glyph name
- debian/patches/CVE-2016-10244.patch: add check to src/type1/t1load.c.
- CVE-2016-10244
-- Marc Deslauriers <email address hidden> Thu, 16 Mar 2017 13:38:15 -0400
Available diffs
| Superseded in artful-release |
| Obsolete in zesty-release |
| Deleted in zesty-proposed (Reason: moved to release) |
freetype (2.6.3-3ubuntu2) zesty; urgency=medium
* SECURITY UPDATE: DoS and possible code execution via missing glyph name
- debian/patches/CVE-2016-10244.patch: add check to src/type1/t1load.c.
- CVE-2016-10244
-- Marc Deslauriers <email address hidden> Thu, 16 Mar 2017 13:00:06 -0400
Available diffs
- diff from 2.6.3-3ubuntu1 to 2.6.3-3ubuntu2 (956 bytes)
| Superseded in zesty-release |
| Obsolete in yakkety-release |
| Deleted in yakkety-proposed (Reason: moved to release) |
freetype (2.6.3-3ubuntu1) yakkety; urgency=medium
* Merge with Debian; remaining changes:
- Make libfreetype6-dev M-A: same.
- Error out on the use of the freetype-config --libtool option.
- Don't add multiarch libdirs for freetype-config --libs.
- Install the freetype2/freetype/config headers into the multiarch
include path and provide symlinks in /usr/include.
- debian/patches/0001-Revert-pcf-Signedness-fixes.patch: revert signedness
fixes in pcf which break grub-mkfont (limits glyphs to 32768, which drops
most zh_CN glyphs and probably others). (LP: #1559933)
Available diffs
freetype (2.6.1-0.1ubuntu3) yakkety; urgency=medium * No-change rebuild for libpng soname change. -- Matthias Klose <email address hidden> Sat, 23 Apr 2016 00:06:12 +0000
Available diffs
- diff from 2.6.1-0.1ubuntu2 to 2.6.1-0.1ubuntu3 (319 bytes)
| Superseded in yakkety-release |
| Published in xenial-release |
| Deleted in xenial-proposed (Reason: moved to release) |
freetype (2.6.1-0.1ubuntu2) xenial; urgency=medium
* debian/patches/0001-Revert-pcf-Signedness-fixes.patch: revert signedness
fixes in pcf which break grub-mkfont (limits glyphs to 32768, which drops
most zh_CN glyphs and probably others). (LP: #1559933)
-- Mathieu Trudel-Lapierre <email address hidden> Fri, 15 Apr 2016 14:53:27 -0400
Available diffs
freetype (2.6.1-0.1ubuntu1) xenial; urgency=medium
* Merge from Debian unstable, remaining changes:
- Make libfreetype6-dev M-A: same.
- Error out on the use of the freetype-config --libtool option.
- Don't add multiarch libdirs for freetype-config --libs.
- Install the freetype2/freetype/config headers into the multiarch
include path and provide symlinks in /usr/include.
* Dropped patches, included upstream:
- debian/patches-freetype/multi-thread-violations.patch
- debian/patches-freetype/savannah-bug-41309.patch
- debian/patches-freetype/savannah-bug-41590.patch
* debian/patches-freetype/revert_scalable_fonts_metric.patch: dropped,
can no longer reproduce the issue originally reported in precise, and
upstream doesn't think this is an appropriate fix.
Available diffs
| Superseded in xenial-release |
| Obsolete in wily-release |
| Deleted in wily-proposed (Reason: moved to release) |
freetype (2.5.2-4ubuntu2) wily; urgency=medium
* SECURITY UPDATE: denial of service via infinite loop in parse_encode
(LP: #1492124)
- debian/patches-freetype/savannah-bug-41590.patch: protect against
invalid charcode in src/type1/t1load.c.
- No CVE number
-- Marc Deslauriers <email address hidden> Thu, 10 Sep 2015 07:05:53 -0400
Available diffs
freetype (2.5.2-1ubuntu2.5) trusty-security; urgency=medium * SECURITY UPDATE: uninitialized memory reads (LP: #1449225) - debian/patches-freetype/savannah-bug-41309.patch: fix use of uninitialized data in src/cid/cidload.c, src/psaux/psobjs.c, src/type1/t1load.c, src/type42/t42parse.c. - No CVE number * SECURITY UPDATE: denial of service via infinite loop in parse_encode (LP: #1492124) - debian/patches-freetype/savannah-bug-41590.patch: protect against invalid charcode in src/type1/t1load.c. - No CVE number -- Marc Deslauriers <email address hidden> Thu, 10 Sep 2015 07:09:04 -0400
Available diffs
freetype (2.4.8-1ubuntu2.3) precise-security; urgency=medium * SECURITY UPDATE: uninitialized memory reads (LP: #1449225) - debian/patches-freetype/savannah-bug-41309.patch: fix use of uninitialized data in src/cid/cidload.c, src/psaux/psobjs.c, src/type1/t1load.c, src/type42/t42parse.c. - No CVE number * SECURITY UPDATE: denial of service via infinite loop in parse_encode (LP: #1492124) - debian/patches-freetype/savannah-bug-41590.patch: protect against invalid charcode in src/type1/t1load.c. - No CVE number -- Marc Deslauriers <email address hidden> Thu, 10 Sep 2015 07:10:41 -0400
Available diffs
freetype (2.5.2-2ubuntu3.1) vivid-security; urgency=medium * SECURITY UPDATE: uninitialized memory reads (LP: #1449225) - debian/patches-freetype/savannah-bug-41309.patch: fix use of uninitialized data in src/cid/cidload.c, src/psaux/psobjs.c, src/type1/t1load.c, src/type42/t42parse.c. - No CVE number * SECURITY UPDATE: denial of service via infinite loop in parse_encode (LP: #1492124) - debian/patches-freetype/savannah-bug-41590.patch: protect against invalid charcode in src/type1/t1load.c. - No CVE number -- Marc Deslauriers <email address hidden> Thu, 10 Sep 2015 07:07:57 -0400
Available diffs
freetype (2.5.2-4ubuntu1) wily; urgency=medium
* Merge from Debian unstable, remaining changes:
- debian/patches-freetype/revert_scalable_fonts_metric.patch:
revert commit "Fix metrics on size request for scalable fonts.",
which breaks gtk underlining markups
- Make libfreetype6-dev M-A: same.
- Error out on the use of the freetype-config --libtool option.
- Don't add multiarch libdirs for freetype-config --libs.
- Install the freetype2/config headers into the multiarch include path
and provide symlinks in /usr/include.
- debian/patches-freetype/multi-thread-violations.patch: fix
multithread violations
* Dropped changes, included in Debian:
- debian/patches-freetype/CVE-2014-96xx/*
* debian/patches-freetype/savannah-bug-41309.patch: fix use of
uninitialized data. (LP: #1449225)
Available diffs
- diff from 2.5.2-2ubuntu3 to 2.5.2-4ubuntu1 (38.4 KiB)
| Superseded in wily-release |
| Obsolete in vivid-release |
| Deleted in vivid-proposed (Reason: moved to release) |
freetype (2.5.2-2ubuntu3) vivid; urgency=medium
* SECURITY UPDATE: denial of service and possible code execution via
multiple security issues
- debian/patches-freetype/CVE-2014-96xx/*.patch: backport a large
quantity of upstream commits to fix multiple security issues.
- CVE-2014-9656
- CVE-2014-9657
- CVE-2014-9658
- CVE-2014-9659
- CVE-2014-9660
- CVE-2014-9661
- CVE-2014-9662
- CVE-2014-9663
- CVE-2014-9664
- CVE-2014-9665
- CVE-2014-9666
- CVE-2014-9667
- CVE-2014-9668
- CVE-2014-9669
- CVE-2014-9670
- CVE-2014-9671
- CVE-2014-9672
- CVE-2014-9673
- CVE-2014-9674
- CVE-2014-9675
-- Marc Deslauriers <email address hidden> Tue, 24 Feb 2015 11:28:03 -0500
Available diffs
- diff from 2.5.2-2ubuntu2 to 2.5.2-2ubuntu3 (17.6 KiB)
| 1 → 75 of 194 results | First • Previous • Next • Last |
