-
freetype (2.8.1-2ubuntu2.2) bionic-security; urgency=medium
* SECURITY UPDATE: Heap buffer overflow in sfnt_init_face
- debian/patches-freetype/CVE-2022-27404.patch: avoid invalid face
index in src/sfnt/sfobjs.c.
- CVE-2022-27404
* SECURITY UPDATE: Segmentation violation in FNT_Size_Request
- debian/patches-freetype/CVE-2022-27405.patch: properly guard
face_index in src/base/ftobjs.c.
- CVE-2022-27405
* SECURITY UPDATE: Segmentation violation in FT_Request_Size
- debian/patches-freetype/CVE-2022-27406.patch: guard face->size in
src/base/ftobjs.c.
- CVE-2022-27406
* SECURITY UPDATE: Heap-based buffer overflow in ftbench demo
- debian/patches-ft2demos/CVE-2022-31782.patch: check the number of
glyphs in src/ftbench.c.
- CVE-2022-31782
-- Marc Deslauriers <email address hidden> Tue, 19 Jul 2022 12:39:11 -0400
-
freetype (2.8.1-2ubuntu2.1) bionic-security; urgency=medium
* SECURITY UPDATE: heap buffer overflow via integer truncation in
Load_SBit_Png
- debian/patches-freetype/CVE-2020-15999.patch: Update
src/sfnt/pngshim.c to test and reject invalid bitmap size earlier in
Load_SBit_Png. Based on upstream patch.
- CVE-2020-15999
-- Alex Murray <email address hidden> Tue, 20 Oct 2020 12:49:06 +1030
-
freetype (2.8.1-2ubuntu2) bionic; urgency=medium
* d/p/0001-truetype-Fix-mmvar-array-pointers.patch,
d/p/0001-truetype-Fix-mmvar-array-pointers-part-2.patch: cherry-picks
from upstream to fix unaligned access on armhf, detected via harfbuzz
build-time test failure.
-- Steve Langasek <email address hidden> Thu, 12 Apr 2018 20:27:12 -0700
-
freetype (2.8.1-2ubuntu1) bionic; urgency=low
* Merge from Debian unstable. Remaining changes:
- Build with -Werror=maybe-uninitialized when building with -O3.
- debian/patches-freetype/CVE-2018-6942.patch: re sets args array to zero
if not coords in src/truetype/ttinterp.c.
* Dropped changes, included in Debian:
- Error out on the use of the freetype-config --libtool option.
- Don't add multiarch libdirs for freetype-config --libs.
- Make libfreetype6-dev M-A: same.
- debian/rules: post-process ftconfig.h to avoid arch-dependent
definitions for multiarch, and move it back to /usr/include so that
all headers are again in the same path relative to each other.
freetype (2.8.1-2) unstable; urgency=high
* debian/rules: fix SIZEOF_LONG mangling to avoid over-broad matching.
Closes: #887087.
freetype (2.8.1-1) unstable; urgency=medium
* Acknowledge NMUs; thanks to Laurent for the uploads.
Closes: #857439, #863623.
* debian/control:
- Add pkg-config to the Build-Depends list (Closes: #885324).
- Mark libfreetype6-dev Multi-Arch: same (Closes: #642354).
- Remove the deprecated Priority: extra field from libfreetype6-udeb.
* debian/patches/patches-*: Refresh existing patches.
* debian/patches/patches-freetype/freetype-config-multi-arch.patch:
- Remove the arch-dependent output of `freetype-config --libs`.
Closes: #871470, #870618.
- Exit with an error if freetype-config is called with --libtool.
* debian/rules:
- Include /usr/share/dpkg/architecture.mk.
- Dynamically generate the shlibs dependency version (Closes: #883698).
- Replace the autoconf definition of SIZEOF_LONG with the compile-time
constant __SIZEOF_LONG__ to make libfreetype6-dev multi-arch compatible.
* Thanks to Hugh McMaster <email address hidden> for preparing these
changes.
-- Steve Langasek <email address hidden> Fri, 16 Mar 2018 22:09:12 -0700
-
freetype (2.8.1-0.1ubuntu3) bionic; urgency=medium
* SECURITY UPDATE: NULL dereference pointer
- debian/patches-freetype/CVE-2018-6942.patch: re sets args array to zero
if not coords in src/truetype/ttinterp.c.
- CVE-2018-6942
-- <email address hidden> (Leonidas S. Barbosa) Wed, 14 Feb 2018 12:42:29 -0300
-
freetype (2.8.1-0.1ubuntu2) bionic; urgency=medium
* Build with -Werror=maybe-uninitialized when building with -O3.
freetype (2.8.1-0.1ubuntu1) bionic; urgency=medium
* Merge with Debian; remaining changes:
- Make libfreetype6-dev M-A: same.
- Error out on the use of the freetype-config --libtool option.
- Don't add multiarch libdirs for freetype-config --libs.
- Install the freetype2/freetype/config headers into the multiarch
include path and provide symlinks in /usr/include.
- debian/rules: post-process ftconfig.h to avoid arch-dependent
definitions for multiarch, and move it back to /usr/include so that
all headers are again in the same path relative to each other.
freetype (2.8.1-0.1) unstable; urgency=medium
* Non-maintainer upload.
* New upstream release (Closes: #876132)
- Refresh debian/patches-ft2demos/compiler_hardening_fixes.patch,
partially fixed upstream
- debian/libfreetype6.symbols: Add newly export symbol
-- Matthias Klose <email address hidden> Fri, 15 Dec 2017 19:47:39 +0100
-
freetype (2.8.1-0.1ubuntu1) bionic; urgency=medium
* Merge with Debian; remaining changes:
- Make libfreetype6-dev M-A: same.
- Error out on the use of the freetype-config --libtool option.
- Don't add multiarch libdirs for freetype-config --libs.
- Install the freetype2/freetype/config headers into the multiarch
include path and provide symlinks in /usr/include.
- debian/rules: post-process ftconfig.h to avoid arch-dependent
definitions for multiarch, and move it back to /usr/include so that
all headers are again in the same path relative to each other.
freetype (2.8.1-0.1) unstable; urgency=medium
* Non-maintainer upload.
* New upstream release (Closes: #876132)
- Refresh debian/patches-ft2demos/compiler_hardening_fixes.patch,
partially fixed upstream
- debian/libfreetype6.symbols: Add newly export symbol
-- Matthias Klose <email address hidden> Fri, 15 Dec 2017 19:13:56 +0100
-
freetype (2.8-0.2ubuntu2) artful; urgency=medium
* debian/rules: post-process ftconfig.h to avoid arch-dependent
definitions for multiarch, and move it back to /usr/include so that all
headers are again in the same path relative to each other.
-- Steve Langasek <email address hidden> Wed, 30 Aug 2017 05:34:29 +0000