-
freetype (2.2.1-5ubuntu0.2) edgy-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via integer overflows.
* Add debian/patches-freetype/security-ttgload-overflow.patch from
upstream changes.
* References
CVE-2007-2754
-- Kees Cook <email address hidden> Tue, 22 May 2007 14:58:50 -0700
-
freetype (2.2.1-5ubuntu0.1) edgy-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via integer overflows.
* Add debian/patches-freetype/CVE-2007-1351_bdf_integer.patch from
upstream changes.
* References
CVE-2007-1351
-- Kees Cook <email address hidden> Mon, 2 Apr 2007 15:37:21 -0700
-
freetype (2.2.1-5) unstable; urgency=high
* High-urgency upload for RC bugfix.
* Add debian/patches-freetype/CVE-2006-3467_pcf-strlen.patch to
address CVE-2006-3467, a missing string length check in PCF files that
leads to a possibly exploitable integer overflow. Thanks to Martin
Pitt for the patch. Closes: #379920.
freetype (2.2.1-4) unstable; urgency=low
* Drop libfreetype6.postinst code for cleaning up /usr/X11R6/lib;
whatever version it applied to is pre-sarge, and this code is
sufficiently blunt that I don't think it should be kept around.
Closes: #386379.
freetype (2.2.1-3) unstable; urgency=low
* Apply patch from Eugeniy Meshcheryakov <email address hidden>, applied
upstream, to fix bug in rendering of composite glyphs.
Closes: #374902.
-- Martin Pitt <email address hidden> Tue, 19 Sep 2006 16:45:47 +0100
-
freetype (2.2.1-2ubuntu1) edgy; urgency=low
* SECURITY UPDATE: Arbitrary code execution and DoS with crafted font files.
* Add debian/patches-freetype/pcf-strlen.patch:
- src/pcf/pcfread.c: Detect invalid string lengths.
- CVE-2006-3467
-- Martin Pitt <email address hidden> Wed, 26 Jul 2006 13:01:04 +0200
-
freetype (2.2.1-2) unstable; urgency=low
* Enable full bytecode interpreter instead of just the
"non-patented portions".
* Use $(CURDIR) instead of $(PWD) to build with sudo. Closes: #367579.
freetype (2.2.1-1) unstable; urgency=low
* New upstream release
- Supersedes patches freetype-2.1.10-cvsfixes.patch,
freetype-2.1.10-fixaliasing.patch, freetype-2.1.10-fixautofit.patch,
freetype-2.1.10-fixkerning.patch, freetype-2.1.10-memleak.patch,
freetype-2.1.10-xorgfix.patch
freetype (2.2~rc4-1) unstable; urgency=low
* New upstream release
- this version should restore binary compatibility with version
2.1.7. Closes: #314385.
- use the old ft2demos and freetype-docs for now; patch ft2demos
(temporarily only!) to still use the internal headers, which are
now no longer exported as part of the API
* Patch to handle empty short metrics, as seen in BitStream Vera.
* Bump shlibs to 2.2~rc4-1. Closes: #316031.
* Replace debian/rules patch handling with quilt; thanks to Jurij
Smakov <email address hidden> for the patch.
freetype (2.1.10-3) unstable; urgency=low
* Removed freetype-2.1.10-fixaliasing.patch to restore proper sub-pixel
anti-aliased hinted rendering. Thanks to Michael Biebl for reporting
the bug. I was able to reproduce the bug setting gnome-font-properties
to: 96 dpi, sub-pixel anti-aliasing, full hinting, with Bitstream Vera
Sans Roman 11 as desktop font. (Closes: Bug#359104)
* Added more fixes to debian/patches/freetype-2.1.10-cvsfixes.patch:
* 2006-03-27 David Turner <email address hidden>
* src/sfnt/ttkern.c (tt_face_get_kerning): Fix a serious bug that
causes some programs to go into an infinite loop when dealing with
fonts that don't have a properly sorted kerning sub-table.
* 2006-03-21 Zhe Su <email address hidden>
* src/base/ftoutln.c (FT_Outline_Get_Orientation): Improve algorithm.
This is to prevent certain emboldened and hinted glyphs from becoming
"weird". See https://bugzilla.novell.com/show_bug.cgi?id=158573
for details.
* Oops, I inadvertently set the shlibs dependency to (>= 2.1.10-1)
in 2.1.10-2. Reverted to (>= 2.1.5-1).
freetype (2.1.10-2) unstable; urgency=low
* Will Newton has agreed to let Steve Langasek adopt the package.
Therefore, I have taken the liberty to set the Maintainer field
to Steve, and to add myself as an uploader. :-) (See Bug#351821)
* Acknowledge NMUs by Frans Pop (shlibs for udeb, Closes: Bug#355939)
and by Joey Hess (xlibs-dev removal, Closes: Bug#346706).
Thank you all!
* Merge fixes from 2.1.10-1ubuntu1 (Many thanks!):
* Patches for Malone #5560.
[debian/patches/freetype-2.1.10-cvsfixes.patch]:
- various fixes (mostly embolding which caused characters to
slant upward, most evident for CJK users in KDE and icewm.
(Closes: Bug#356495, Bug#356854)
[debian/patches/freetype-2.1.10-xorgfix.patch]:
- put back internal API used by xorg-x11
[debian/patches/freetype-2.1.10-fixautofit.patch]:
- fix autofit render setup
[debian/patches/freetype-2.1.10-memleak.patch]:
- fix memleak
[debian/patches/freetype-2.1.10-fixkerning.patch]:
- fix disabled kerning
[debian/patches/freetype-2.1.10-fixaliasing.patch]:
- fix anti-aliasing rendering
* Changes by Jun Kobayashi <email address hidden>
-- Jonathan Riddell <email address hidden> Mon, 16 Jan 2006 17:45:50 +0900
freetype (2.1.10-1.2) unstable; urgency=low
* Non Maintainer Upload (closes: #355939)
* Add support for udeb dependency resolution in shlibs file
* Simplify debian/rules by making use of udeb support in debhelper
* Update debhelper compatibility to level 5
freetype (2.1.10-1.1) unstable; urgency=low
* NMU
* Patch from Ben Hutchings for xlibs-dev transition. Closes: #346706
-- Colin Watson <email address hidden> Fri, 07 Jul 2006 11:21:32 +0100
-
freetype (2.1.10-1ubuntu2) dapper; urgency=low
* Update shlibs dependency. Ubuntu: #5901.
-- Scott James Remnant <email address hidden> Thu, 6 Apr 2006 05:58:24 +0100