[ubuntu/utopic-proposed] freetype 2.5.2-2ubuntu1 (Accepted)
Steve Langasek
steve.langasek at ubuntu.com
Fri Sep 19 17:36:13 UTC 2014
freetype (2.5.2-2ubuntu1) utopic; urgency=medium
* Merge from Debian unstable, remaining changes:
- debian/patches-freetype/revert_scalable_fonts_metric.patch:
revert commit "Fix metrics on size request for scalable fonts.",
which breaks gtk underlining markups
- Make libfreetype6-dev M-A: same.
- Error out on the use of the freetype-config --libtool option.
- Don't add multiarch libdirs for freetype-config --libs.
- Install the freetype2/config headers into the multiarch include path
and provide symlinks in /usr/include.
* Dropped changes, included in Debian:
- debian/patches/CVE-2014-2240.patch: validate hintMask in
src/cff/cf2hints.c.
- debian/patches/CVE-2014-2241.patch: don't trigger asserts in
src/cff/cf2ft.c.
- debian/patches-freetype/0001-Fix-Savannah-bug-40997.patch: Cherry-pick
upstream patch to fix a double free.
- debian/patches-freetype/0002-Fix-Savannah-bug-42418.patch: Cherry-pick
upstream patch to fix cjk font rendering issue.
freetype (2.5.2-2) unstable; urgency=medium
* Acknowledge security NMU; thanks to Michael Gilbert.
* Standards-Version 3.9.6.
* Bump debhelper build-dependency to 9.
* debian/patches/enable-old-cff.patch: disable the new CFF hinter from
Adobe, working around wrong hinting with some toolkits on Linux. Thanks
to Samat K Jain <samat at samat.org> for preparing the patch.
Closes: #730742.
* debian/patches-freetype/0001-Fix-Savannah-bug-40997.patch: Cherry-pick
upstream patch to fix a double free. Closes: #747002, LP: #1310728.
* debian/patches-freetype/0002-Fix-Savannah-bug-42418.patch: Cherry-pick
upstream patch to fix cjk font rendering issue. LP: #1310017.
* debian/patches-freetype/verbose-libtool.patch: don't let libtool
suppress compiler output.
* debian/patches-freetype/no-uninitialized-bbox.patch: ensure that our
variable is reliably initialized before use, fixing a build failure on
ppc64el when building with -O3.
freetype (2.5.2-1.1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Fix two security issues in the CFF rasterizer (closes: #741299)
- CVE-2014-2240: out-of-bounds read/write in cf2hints.c.
- CVE-2014-2241: denial-of-service in cf2ft.c.
Date: Fri, 19 Sep 2014 10:11:16 -0700
Changed-By: Steve Langasek <steve.langasek at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/utopic/+source/freetype/2.5.2-2ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 19 Sep 2014 10:11:16 -0700
Source: freetype
Binary: libfreetype6 libfreetype6-dev freetype2-demos libfreetype6-udeb
Architecture: source
Version: 2.5.2-2ubuntu1
Distribution: utopic
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Langasek <steve.langasek at ubuntu.com>
Description:
freetype2-demos - FreeType 2 demonstration programs
libfreetype6 - FreeType 2 font engine, shared library files
libfreetype6-dev - FreeType 2 font engine, development files
libfreetype6-udeb - FreeType 2 font engine for the debian-installer (udeb)
Closes: 730742 741299 747002
Launchpad-Bugs-Fixed: 1310017 1310728
Changes:
freetype (2.5.2-2ubuntu1) utopic; urgency=medium
.
* Merge from Debian unstable, remaining changes:
- debian/patches-freetype/revert_scalable_fonts_metric.patch:
revert commit "Fix metrics on size request for scalable fonts.",
which breaks gtk underlining markups
- Make libfreetype6-dev M-A: same.
- Error out on the use of the freetype-config --libtool option.
- Don't add multiarch libdirs for freetype-config --libs.
- Install the freetype2/config headers into the multiarch include path
and provide symlinks in /usr/include.
* Dropped changes, included in Debian:
- debian/patches/CVE-2014-2240.patch: validate hintMask in
src/cff/cf2hints.c.
- debian/patches/CVE-2014-2241.patch: don't trigger asserts in
src/cff/cf2ft.c.
- debian/patches-freetype/0001-Fix-Savannah-bug-40997.patch: Cherry-pick
upstream patch to fix a double free.
- debian/patches-freetype/0002-Fix-Savannah-bug-42418.patch: Cherry-pick
upstream patch to fix cjk font rendering issue.
.
freetype (2.5.2-2) unstable; urgency=medium
.
* Acknowledge security NMU; thanks to Michael Gilbert.
* Standards-Version 3.9.6.
* Bump debhelper build-dependency to 9.
* debian/patches/enable-old-cff.patch: disable the new CFF hinter from
Adobe, working around wrong hinting with some toolkits on Linux. Thanks
to Samat K Jain <samat at samat.org> for preparing the patch.
Closes: #730742.
* debian/patches-freetype/0001-Fix-Savannah-bug-40997.patch: Cherry-pick
upstream patch to fix a double free. Closes: #747002, LP: #1310728.
* debian/patches-freetype/0002-Fix-Savannah-bug-42418.patch: Cherry-pick
upstream patch to fix cjk font rendering issue. LP: #1310017.
* debian/patches-freetype/verbose-libtool.patch: don't let libtool
suppress compiler output.
* debian/patches-freetype/no-uninitialized-bbox.patch: ensure that our
variable is reliably initialized before use, fixing a build failure on
ppc64el when building with -O3.
.
freetype (2.5.2-1.1) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix two security issues in the CFF rasterizer (closes: #741299)
- CVE-2014-2240: out-of-bounds read/write in cf2hints.c.
- CVE-2014-2241: denial-of-service in cf2ft.c.
Checksums-Sha1:
bf3c76b417a40a0b4a1d5f6105fab119ce937d56 2193 freetype_2.5.2-2ubuntu1.dsc
efe9da7d2e8af491a0b89979185fe6840b604eff 50751 freetype_2.5.2-2ubuntu1.diff.gz
Checksums-Sha256:
4841c66a3fb86f80728dff142633176629418828f9809b72eff3211ff9a20bd7 2193 freetype_2.5.2-2ubuntu1.dsc
537e796bca01749745a510f9c45f0235738dba3541d4884a96dec4b73ef221c7 50751 freetype_2.5.2-2ubuntu1.diff.gz
Files:
d350cdf736303afbd9e9bf65327ada7e 2193 libs optional freetype_2.5.2-2ubuntu1.dsc
927d78ac0539cf50bf4485f468e3d78d 50751 libs optional freetype_2.5.2-2ubuntu1.diff.gz
Original-Maintainer: Steve Langasek <vorlon at debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJUHGPIAAoJEFaNMPMhshM9HyMP/0vBqVgKXftsdzeoG1hC/Jjq
n0GP/ZvunOysm7zknBwyuAe/clOnriwwal09bZOXvAmX7qJkqdDb2b77E/BY/1h9
go2RKYCKtFWpBQEIeDO/c3ZNHrzqEbZVKuLo9NDbp9Ivg8t2ioKMVkPOu/kpZMkI
8gM15PrkjUTPrJljw9BUvD9xg5maAEK4lBRqeWZm5iukLZt3vPr+X3+lVUfaiBq2
x7meeZ4wAwlmReNMKzPkbAe2lwhC22rfXCRHZneVaZmsU4oIh9sOpsigxaQnb9P8
YVkl4ypLoyzRSujNZhSh6+eegfr/Lr5QqvtuwbTwzXrG06KrH2+yA9CMED25tLr/
N8ROFlQF8iTHpJQvaaGzFG533n/nj78EeEzoD6g0G2GdsMos0X6OtKYkgj2cPXm/
A1pDZFDGOm0jhEkcz1pdaZcpiJcLho8D07nHgML4yOYA42NZi/f9ebFlQB/S8rM1
A1x5Hg1pyN/4eOdSFdZ8xuqujcIOVmn6f8NEIjiHSjTY90bYEdJog7PfmE0aSDe+
x7EEqTUKx8Y2KzNXQg0zbRpRpmrIjYWwfnnjLNEuTMRFAY+1O2zMSCLL8v7+hW8B
M23lA7wIYRi2WzaGa7vga2dBsTCGBD/aPzS9PCkRDA/0N457EAvqSEAQHJ0JCIp6
OX0XcwwTpQwvhU2xMnL4
=ds92
-----END PGP SIGNATURE-----
More information about the Utopic-changes
mailing list