Publishing details
Changelog
freetype (2.5.2-1ubuntu2.8~ppa1204+1) precise; urgency=medium
* Upload to precise PPA
freetype (2.5.2-1ubuntu2.8) trusty-security; urgency=medium
* SECURITY UPDATE: out-of-bounds write in t1_decoder_parse_charstrings
- debian/patches-freetype/CVE-2017-8105.patch: add a check to
src/psaux/t1decode.c.
- CVE-2017-8105
* SECURITY UPDATE: out-of-bounds write in t1_builder_close_contour
- debian/patches-freetype/CVE-2017-8287.patch: add a check to
src/psaux/psobjs.c.
- CVE-2017-8287
freetype (2.5.2-1ubuntu2.7) trusty-security; urgency=medium
* SECURITY UPDATE: heap based buffer overflow in cff_parser_run()
- debian/patches-freetype/CVE-2016-10328.patch: add additional check
to parser stack size in src/cff/cffparse.c
- CVE-2016-10328
freetype (2.5.2-1ubuntu2.6) trusty-security; urgency=medium
* SECURITY UPDATE: DoS and possible code execution via missing glyph name
- debian/patches/CVE-2016-10244.patch: add check to src/type1/t1load.c.
- CVE-2016-10244
freetype (2.5.2-1ubuntu2.5) trusty-security; urgency=medium
* SECURITY UPDATE: uninitialized memory reads (LP: #1449225)
- debian/patches-freetype/savannah-bug-41309.patch: fix use of
uninitialized data in src/cid/cidload.c, src/psaux/psobjs.c,
src/type1/t1load.c, src/type42/t42parse.c.
- No CVE number
* SECURITY UPDATE: denial of service via infinite loop in parse_encode
(LP: #1492124)
- debian/patches-freetype/savannah-bug-41590.patch: protect against
invalid charcode in src/type1/t1load.c.
- No CVE number
freetype (2.5.2-1ubuntu2.4) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service and possible code execution via
multiple security issues
- debian/patches-freetype/CVE-2014-96xx/*.patch: backport a large
quantity of upstream commits to fix multiple security issues.
- CVE-2014-9656
- CVE-2014-9657
- CVE-2014-9658
- CVE-2014-9659
- CVE-2014-9660
- CVE-2014-9661
- CVE-2014-9662
- CVE-2014-9663
- CVE-2014-9664
- CVE-2014-9665
- CVE-2014-9666
- CVE-2014-9667
- CVE-2014-9668
- CVE-2014-9669
- CVE-2014-9670
- CVE-2014-9671
- CVE-2014-9672
- CVE-2014-9673
- CVE-2014-9674
- CVE-2014-9675
freetype (2.5.2-1ubuntu2.3) trusty; urgency=medium
* Added patchset to fix multithread violations, LP: #1199571
- debian/patches-freetype/multi-thread-violations.patch
freetype (2.5.2-1ubuntu2.2) trusty; urgency=medium
* Fix incorrect Korean Fonts rendering. (LP: #1310017)
- debian/patches-freetype/fix-incorrect-korean-fonts-rendering.patch
freetype (2.5.2-1ubuntu2.1) trusty; urgency=medium
* debian/patches-freetype/0001-Fix-Savannah-bug-40997.patch: Cherry-pick
upstream patch to fix a double free. (LP: #1310728)
freetype (2.5.2-1ubuntu2) trusty; urgency=medium
* SECURITY UPDATE: denial of service and possible code execution in
CFF rasterizer
- debian/patches/CVE-2014-2240.patch: validate hintMask in
src/cff/cf2hints.c.
- CVE-2014-2240
* SECURITY UPDATE: denial of service in CFF rasterizer
- debian/patches/CVE-2014-2241.patch: don't trigger asserts in
src/cff/cf2ft.c.
- CVE-2014-2241
freetype (2.5.2-1ubuntu1) trusty; urgency=medium
* Merge from Debian unstable, remaining changes:
- debian/patches-freetype/revert_scalable_fonts_metric.patch:
revert commit "Fix metrics on size request for scalable fonts.",
which breaks gtk underlining markups
* Dropped changes, included in Debian:
- Fix png configuration for cross builds.
- Run aclocal and autoconf.
freetype (2.5.2-1) unstable; urgency=low
* New upstream release
- fixes a crasher bug with certain fonts. Closes: #733052.
- drop of additional symbols which were previously exported but are only
meant for debugging and upstream recommends not enabling them when
building in "release mode". If this impacts users of freetype, we can
re-enable these symbols later.
* Call autogen.sh on build to refresh autotools; not using dh-autoreconf
because the upstream directory structure is non-standard and it's a
throw-away dir, so there's no advantage to dh-autoreconf's rollback
support.
* Fix symbols file with respect to more complete version info found in
Ubuntu.
* Drop debian/patches-ft2demos/compiler-warning-fixes.patch, which is
actually a bug in the compiler_hardening_fixes.patch; fix it there
instead.
* Fix libpng detection when cross-building.
freetype (2.5.1-2ubuntu1) trusty; urgency=medium
* Merge from Debian unstable, remaining changes:
- debian/patches-freetype/revert_scalable_fonts_metric.patch:
revert commit "Fix metrics on size request for scalable fonts.",
which breaks gtk underlining markups
- Fix png configuration for cross builds.
- Run aclocal and autoconf.
freetype (2.5.1-2) unstable; urgency=low
* Drop unnecessary GPLv2.txt from libfreetype6-dev.
* Add missing dependency on libpng-dev to libfreetype6-dev.
Closes: #732062.
freetype (2.5.1-1ubuntu2) trusty; urgency=medium
* Fix png configuration for cross builds.
* Run aclocal and autoconf.
freetype (2.5.1-1ubuntu1) trusty; urgency=low
* Merge from Debian unstable (LP: #1256114), remaining changes:
- debian/patches-freetype/revert_scalable_fonts_metric.patch:
revert commit "Fix metrics on size request for scalable fonts.",
which breaks gtk underlining markups
* Dropped changes, included in Debian:
- debian/control: build-depends on libpng-dev
- debian/libfreetype6.symbols: new version update
* Drop debian/patches-ft2demos/compiler-warning-fixes.patch, which is
actually a bug in the compiler_hardening_fixes.patch and has been fixed
there in the Ubuntu version.
freetype (2.5.1-1) unstable; urgency=low
* New upstream release. Closes: #717952, #729231.
- Add build-dependency on libpng-dev.
- Dropped patches, included upstream: savannah-bug-35847.patch,
savannah-bug-35833.patch, savannah-bug-37905.patch,
savannah-bug-37906.patch, savannah-bug-37907.patch
- Internal symbols have been dropped in this version. No soname change
because the symbols are not supposed to be used, but past experience
suggests that this may break some third-party software anyway.
* compiler_hardening_fixes.patch: fix wrong snprintf() calls in ttdebug.c
that cause an overflow 100% of the time.
* debian/patches-ft2demos/compiler-warning-fixes.patch: Fix a wrong
cast that triggers a compiler warning.
* debian/patches-ft2demos/revert-wrong-extern.patch: revert wrong
upstream commit that causes a build failure.
freetype (2.5.0.1-0ubuntu2) trusty; urgency=low
* debian/control: build-depends on libpng12-dev
freetype (2.5.0.1-0ubuntu1) trusty; urgency=low
* New upstream version (lp: #1203012)
* debian/patches-freetype/git_unitialized_variable.patch,
debian/patches-ft2demos/init_variables.patch:
- dropped, the fixes are in the new version
* debian/libfreetype6.symbols: new version update
freetype (2.4.12-0ubuntu1) saucy; urgency=low
* New upstream version (lp: #1179523)
* debian/patches-freetype/git_unitialized_variable.patch,
debian/patches-ft2demos/init_variables.patch:
- fix an unitialized variable warnings which were breaking the build
* debian/libfreetype6.symbols: updated
freetype (2.4.11-0ubuntu1) raring; urgency=low
* New upstream version
* debian/patches-freetype/CVE-2012-5668.patch,
debian/patches-freetype/CVE-2012-5669.patch,
debian/patches-freetype/CVE-2012-5670.patch:
- dropped, those fixes are in the new version
* debian/patches-ft2demos/compiler_hardening_fixes.patch:
- changed unsigned char* to char* to fix "pointer targets in assignment
differ in signedness" build error
* debian/libfreetype6.symbols: updated for the new version
freetype (2.4.10-0ubuntu2) raring; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via NULL
pointer dereference
- debian/patches-freetype/CVE-2012-5668.patch: reset props_size in case
of allocation error in src/bdf/bdflib.c.
- CVE-2012-5668
* SECURITY UPDATE: denial of service and possible code execution via heap
buffer over-read in BDF parsing
- debian/patches-freetype/CVE-2012-5669.patch: use correct array size
in src/bdf/bdflib.c.
- CVE-2012-5669
* SECURITY UPDATE: denial of service and possible code execution via out-
of-bounds write
- debian/patches-freetype/CVE-2012-5670.patch: normalize negative
parameter in src/bdf/bdflib.c.
- CVE-2012-5670
freetype (2.4.10-0ubuntu1) quantal; urgency=low
* New upstream version
* debian/libfreetype6.symbols:
- new version update
* debian/patches-freetype/savannah-bug-35847.patch,
debian/patches-freetype/savannah-bug-35833.patch:
- dropped, the fixes are in the new version
* Resynchronize on Debian, remaining diff:
* debian/patches-freetype/revert_scalable_fonts_metric.patch:
- revert commit "Fix metrics on size request for scalable fonts.",
it's breaking gtk underlining markups and creating some other
issues as well (lp: #972223)
freetype (2.4.9-1.1) unstable; urgency=high
* Non-maintainer upload.
Upload ACKed by Steve Langasek <email address hidden> on #debian-devel.
* Add savannah-bug-37905.patch patch
[SECURITY] CVE-2012-5668: NULL Pointer Dereference in bdf_free_font.
(Closes: #696691)
* Add savannah-bug-37906.patch patch
[SECURITY] CVE-2012-5669: Out-of-bounds read in _bdf_parse_glyphs.
(Closes: #696691)
* Add savannah-bug-37907.patch patch
[SECURITY] CVE-2012-5670: Out-of-bounds write in _bdf_parse_glyphs.
(Closes: #696691)
freetype (2.4.9-1) unstable; urgency=low
* New upstream release
- upstream fix for multiple vulnerabilities: CVE-2012-1126,
CVE-2012-1133, CVE-2012-1134, CVE-2012-1136, CVE-2012-1142,
CVE-2012-1144. and others. Closes: #662864.
- update symbols file for a new symbol, ft_raccess_guess_table
* debian/patches-freetype/savannah-bug-35847.patch,
debian/patches-freetype/savannah-bug-35833.patch: pull two bugfixes from
upstream git on top of 2.4.9, to address regressions affecting
ghostscript. Thanks to Till Kamppeter for pointing this out.
* push CPPFLAGS into CFLAGS for ft2demos, so our demos will be secure.
Closes: #663613.
* don't let a quiltrc override our QUILT_PATCHES settings in debian/rules.
Closes: #617217.
* Migrate debian/copyright to copyright-format 1.0, and fix up the upstream
URL. Closes: #642059.
-- Thorsten Glaser <email address hidden> Tue, 03 Apr 2018 00:11:08 +0200
Builds
Built packages
-
freetype2-demos
FreeType 2 demonstration programs
-
libfreetype6
FreeType 2 font engine, shared library files
-
libfreetype6-dev
FreeType 2 font engine, development files
-
libfreetype6-udeb
FreeType 2 font engine for the debian-installer
Package files