[ubuntu/utopic-proposed] freetype 2.5.2-2ubuntu1 (Accepted)

Steve Langasek steve.langasek at ubuntu.com
Fri Sep 19 17:36:13 UTC 2014


freetype (2.5.2-2ubuntu1) utopic; urgency=medium

  * Merge from Debian unstable, remaining changes:
    - debian/patches-freetype/revert_scalable_fonts_metric.patch:
      revert commit "Fix metrics on size request for scalable fonts.",
      which breaks gtk underlining markups
    - Make libfreetype6-dev M-A: same.
    - Error out on the use of the freetype-config --libtool option.
    - Don't add multiarch libdirs for freetype-config --libs.
    - Install the freetype2/config headers into the multiarch include path
      and provide symlinks in /usr/include.
  * Dropped changes, included in Debian:
    - debian/patches/CVE-2014-2240.patch: validate hintMask in
      src/cff/cf2hints.c.
    - debian/patches/CVE-2014-2241.patch: don't trigger asserts in
      src/cff/cf2ft.c.
    - debian/patches-freetype/0001-Fix-Savannah-bug-40997.patch: Cherry-pick
      upstream patch to fix a double free.
    - debian/patches-freetype/0002-Fix-Savannah-bug-42418.patch: Cherry-pick
      upstream patch to fix cjk font rendering issue.

freetype (2.5.2-2) unstable; urgency=medium

  * Acknowledge security NMU; thanks to Michael Gilbert.
  * Standards-Version 3.9.6.
  * Bump debhelper build-dependency to 9.
  * debian/patches/enable-old-cff.patch: disable the new CFF hinter from
    Adobe, working around wrong hinting with some toolkits on Linux.  Thanks
    to Samat K Jain <samat at samat.org> for preparing the patch.
    Closes: #730742.
  * debian/patches-freetype/0001-Fix-Savannah-bug-40997.patch: Cherry-pick
    upstream patch to fix a double free.  Closes: #747002, LP: #1310728.
  * debian/patches-freetype/0002-Fix-Savannah-bug-42418.patch: Cherry-pick
    upstream patch to fix cjk font rendering issue.  LP: #1310017.
  * debian/patches-freetype/verbose-libtool.patch: don't let libtool
    suppress compiler output.
  * debian/patches-freetype/no-uninitialized-bbox.patch: ensure that our
    variable is reliably initialized before use, fixing a build failure on
    ppc64el when building with -O3.

freetype (2.5.2-1.1) unstable; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fix two security issues in the CFF rasterizer (closes: #741299)
    - CVE-2014-2240: out-of-bounds read/write in cf2hints.c.
    - CVE-2014-2241: denial-of-service in cf2ft.c.

Date: Fri, 19 Sep 2014 10:11:16 -0700
Changed-By: Steve Langasek <steve.langasek at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/utopic/+source/freetype/2.5.2-2ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 19 Sep 2014 10:11:16 -0700
Source: freetype
Binary: libfreetype6 libfreetype6-dev freetype2-demos libfreetype6-udeb
Architecture: source
Version: 2.5.2-2ubuntu1
Distribution: utopic
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Langasek <steve.langasek at ubuntu.com>
Description:
 freetype2-demos - FreeType 2 demonstration programs
 libfreetype6 - FreeType 2 font engine, shared library files
 libfreetype6-dev - FreeType 2 font engine, development files
 libfreetype6-udeb - FreeType 2 font engine for the debian-installer (udeb)
Closes: 730742 741299 747002
Launchpad-Bugs-Fixed: 1310017 1310728
Changes:
 freetype (2.5.2-2ubuntu1) utopic; urgency=medium
 .
   * Merge from Debian unstable, remaining changes:
     - debian/patches-freetype/revert_scalable_fonts_metric.patch:
       revert commit "Fix metrics on size request for scalable fonts.",
       which breaks gtk underlining markups
     - Make libfreetype6-dev M-A: same.
     - Error out on the use of the freetype-config --libtool option.
     - Don't add multiarch libdirs for freetype-config --libs.
     - Install the freetype2/config headers into the multiarch include path
       and provide symlinks in /usr/include.
   * Dropped changes, included in Debian:
     - debian/patches/CVE-2014-2240.patch: validate hintMask in
       src/cff/cf2hints.c.
     - debian/patches/CVE-2014-2241.patch: don't trigger asserts in
       src/cff/cf2ft.c.
     - debian/patches-freetype/0001-Fix-Savannah-bug-40997.patch: Cherry-pick
       upstream patch to fix a double free.
     - debian/patches-freetype/0002-Fix-Savannah-bug-42418.patch: Cherry-pick
       upstream patch to fix cjk font rendering issue.
 .
 freetype (2.5.2-2) unstable; urgency=medium
 .
   * Acknowledge security NMU; thanks to Michael Gilbert.
   * Standards-Version 3.9.6.
   * Bump debhelper build-dependency to 9.
   * debian/patches/enable-old-cff.patch: disable the new CFF hinter from
     Adobe, working around wrong hinting with some toolkits on Linux.  Thanks
     to Samat K Jain <samat at samat.org> for preparing the patch.
     Closes: #730742.
   * debian/patches-freetype/0001-Fix-Savannah-bug-40997.patch: Cherry-pick
     upstream patch to fix a double free.  Closes: #747002, LP: #1310728.
   * debian/patches-freetype/0002-Fix-Savannah-bug-42418.patch: Cherry-pick
     upstream patch to fix cjk font rendering issue.  LP: #1310017.
   * debian/patches-freetype/verbose-libtool.patch: don't let libtool
     suppress compiler output.
   * debian/patches-freetype/no-uninitialized-bbox.patch: ensure that our
     variable is reliably initialized before use, fixing a build failure on
     ppc64el when building with -O3.
 .
 freetype (2.5.2-1.1) unstable; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix two security issues in the CFF rasterizer (closes: #741299)
     - CVE-2014-2240: out-of-bounds read/write in cf2hints.c.
     - CVE-2014-2241: denial-of-service in cf2ft.c.
Checksums-Sha1:
 bf3c76b417a40a0b4a1d5f6105fab119ce937d56 2193 freetype_2.5.2-2ubuntu1.dsc
 efe9da7d2e8af491a0b89979185fe6840b604eff 50751 freetype_2.5.2-2ubuntu1.diff.gz
Checksums-Sha256:
 4841c66a3fb86f80728dff142633176629418828f9809b72eff3211ff9a20bd7 2193 freetype_2.5.2-2ubuntu1.dsc
 537e796bca01749745a510f9c45f0235738dba3541d4884a96dec4b73ef221c7 50751 freetype_2.5.2-2ubuntu1.diff.gz
Files:
 d350cdf736303afbd9e9bf65327ada7e 2193 libs optional freetype_2.5.2-2ubuntu1.dsc
 927d78ac0539cf50bf4485f468e3d78d 50751 libs optional freetype_2.5.2-2ubuntu1.diff.gz
Original-Maintainer: Steve Langasek <vorlon at debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJUHGPIAAoJEFaNMPMhshM9HyMP/0vBqVgKXftsdzeoG1hC/Jjq
n0GP/ZvunOysm7zknBwyuAe/clOnriwwal09bZOXvAmX7qJkqdDb2b77E/BY/1h9
go2RKYCKtFWpBQEIeDO/c3ZNHrzqEbZVKuLo9NDbp9Ivg8t2ioKMVkPOu/kpZMkI
8gM15PrkjUTPrJljw9BUvD9xg5maAEK4lBRqeWZm5iukLZt3vPr+X3+lVUfaiBq2
x7meeZ4wAwlmReNMKzPkbAe2lwhC22rfXCRHZneVaZmsU4oIh9sOpsigxaQnb9P8
YVkl4ypLoyzRSujNZhSh6+eegfr/Lr5QqvtuwbTwzXrG06KrH2+yA9CMED25tLr/
N8ROFlQF8iTHpJQvaaGzFG533n/nj78EeEzoD6g0G2GdsMos0X6OtKYkgj2cPXm/
A1pDZFDGOm0jhEkcz1pdaZcpiJcLho8D07nHgML4yOYA42NZi/f9ebFlQB/S8rM1
A1x5Hg1pyN/4eOdSFdZ8xuqujcIOVmn6f8NEIjiHSjTY90bYEdJog7PfmE0aSDe+
x7EEqTUKx8Y2KzNXQg0zbRpRpmrIjYWwfnnjLNEuTMRFAY+1O2zMSCLL8v7+hW8B
M23lA7wIYRi2WzaGa7vga2dBsTCGBD/aPzS9PCkRDA/0N457EAvqSEAQHJ0JCIp6
OX0XcwwTpQwvhU2xMnL4
=ds92
-----END PGP SIGNATURE-----


More information about the Utopic-changes mailing list