-
freetype (2.11.1+dfsg-1ubuntu0.2) jammy-security; urgency=medium
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2023-2004.patch: fix a integer overflow
in src/truetype/ttgxvar.c.
- CVE-2023-2004
-- Leonidas Da Silva Barbosa <email address hidden> Tue, 02 May 2023 08:19:28 -0300
-
freetype (2.11.1+dfsg-1ubuntu0.1) jammy-security; urgency=medium
* SECURITY UPDATE: Heap buffer overflow in sfnt_init_face
- debian/patches/CVE-2022-27404.patch: avoid invalid face index in
src/sfnt/sfobjs.c, src/sfnt/sfwoff2.c.
- CVE-2022-27404
* SECURITY UPDATE: Segmentation violation in FNT_Size_Request
- debian/patches/CVE-2022-27405.patch: properly guard face_index in
src/base/ftobjs.c.
- CVE-2022-27405
* SECURITY UPDATE: Segmentation violation in FT_Request_Size
- debian/patches/CVE-2022-27406.patch: guard face->size in
src/base/ftobjs.c.
- CVE-2022-27406
* SECURITY UPDATE: Heap-based buffer overflow in ftbench demo
- debian/patches/CVE-2022-31782.patch: check the number of glyphs in
ft2demos/src/ftbench.c.
- CVE-2022-31782
-- Marc Deslauriers <email address hidden> Tue, 19 Jul 2022 11:13:32 -0400
-
freetype (2.11.1+dfsg-1build1) jammy; urgency=medium
* No-change rebuild for ppc64el baseline bump.
-- Ćukasz 'sil2100' Zemczak <email address hidden> Wed, 23 Mar 2022 14:52:51 +0100
-
freetype (2.11.1+dfsg-1) unstable; urgency=medium
* New upstream version:
- Experimental COLR v1 API updated to OpenType standard 1.9.
- Some fields in the 'CID_FaceDictRec', 'CID_FaceInfoRec' and 'FT_Data'
structures have been changed from signed to unsigned types.
- Removal of legacy blitter from graph-based demos.
* freetype2-doc:
- Remove links file. The tutorial documentation no longer uses jQuery.
- Don't install the CMAKE file.
* libfreetype6: Update symbols file for FreeType 2.11.1.
* Remove all files in debian/missing-sources (no longer needed).
* debian/control:
- libfreetype-dev now Provides libfreetype6-dev (Closes: #1002049).
Thanks to Jochen Sprickerhof for supplying a patch.
- No longer Build-Depend on libjs-jquery.
* debian/copyright: Update for FreeType 2.11.1.
* debian/patches:
- Drop autogen-no-git.patch (applied upstream).
- Drop ft2demos-no-rpath.patch and fix-js-doc-paths.patch.
Neither patch is needed due to upstream changes.
- Add a patch to remove remaining jQuery script tags.
- use-donation-button.patch: Use a button instead of an image for
donations. Thanks to Paul Wise for the patch. (Closes: #998065).
* debian/rules:
- Update files excluded during the dh_installdocs-indep override.
- Trim relative folder paths in the tutorial documentation.
- Drop string substitution of the #defined value of SIZEOF_LONG.
This is no longer needed due to upstream changes.
* debian/upstream/metadata: Update for FreeType 2.11.1.
-- Hugh McMaster <email address hidden> Wed, 29 Dec 2021 10:22:50 +1100
-
freetype (2.11.0+dfsg-1) unstable; urgency=medium
* New upstream version:
- Support for creating 8-bit Signed Distance Field (SDF) bitmaps for both
outline and bitmap glyphs via a new rendering module.
- Access to surfacing properties of 'COLR' v1 color fonts via a new
experimental API.
- Further demotion of the legacy Type 1 and CFF engines due to a lack of
support for CFF2 charstrings.
- Correct handling of PCF bitmap fonts compressed with LZW.
- Enhancements to various demo programs.
* Subpixel rendering re-enabled for release builds.
* debian/control:
- Raise Standards-Version to 4.6.0 from 4.5.1 (no changes needed).
- Replace fonts-material-design-icons-iconfont with fonts-dejavu-core.
* debian/copyright: Update for FreeType 2.11.0.
* debian/gbp.conf: Use DEP-14 branch naming.
* debian/libfreetype6.symbols: Update for FreeType 2.11.0.
* debian/patches:
- autogen-no-git.patch: Only use git commands if building from a branch.
- Drop remove-gstatic-code.patch (replaced by sed commands in d/rules).
- Update and refresh other patches.
* debian/rules:
- Include /usr/share/dpkg/architecture.mk.
- Update file exclusions in dh_installdocs-indep.
- Remove specific lines from the HTML reference documentation to prevent
Lintian privacy-* warnings.
* debian/source/lintian-overrides: Silence errors about long lines in the
HTML documentation.
* freetyp2-demos: Add wildcard line context to the typo-in-manual-page tag.
* Remove legacy maintscripts (freetype2-demos, libfreetype6-dev).
-- Hugh McMaster <email address hidden> Thu, 14 Oct 2021 22:06:22 +1100
-
freetype (2.10.4+dfsg-1build2) impish; urgency=medium
* No-change rebuild to build packages with zstd compression.
-- Matthias Klose <email address hidden> Thu, 07 Oct 2021 12:11:42 +0200
-
freetype (2.10.4+dfsg-1build1) hirsute; urgency=medium
* No-change rebuild to drop the udeb package.
-- Matthias Klose <email address hidden> Mon, 22 Feb 2021 10:33:10 +0100
