freetype (2.11.1+dfsg-1ubuntu0.2) jammy-security; urgency=medium
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2023-2004.patch: fix a integer overflow
in src/truetype/ttgxvar.c.
- CVE-2023-2004
-- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Tue, 02 May 2023 08:19:28 -0300
freetype (2.11.1+dfsg-1ubuntu0.1) jammy-security; urgency=medium
* SECURITY UPDATE: Heap buffer overflow in sfnt_init_face
- debian/patches/CVE-2022-27404.patch: avoid invalid face index in
src/sfnt/sfobjs.c, src/sfnt/sfwoff2.c.
- CVE-2022-27404
* SECURITY UPDATE: Segmentation violation in FNT_Size_Request
- debian/patches/CVE-2022-27405.patch: properly guard face_index in
src/base/ftobjs.c.
- CVE-2022-27405
* SECURITY UPDATE: Segmentation violation in FT_Request_Size
- debian/patches/CVE-2022-27406.patch: guard face->size in
src/base/ftobjs.c.
- CVE-2022-27406
* SECURITY UPDATE: Heap-based buffer overflow in ftbench demo
- debian/patches/CVE-2022-31782.patch: check the number of glyphs in
ft2demos/src/ftbench.c.
- CVE-2022-31782
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 19 Jul 2022 11:13:32 -0400
freetype (2.11.1+dfsg-1build1) jammy; urgency=medium
* No-change rebuild for ppc64el baseline bump.
-- Ćukasz 'sil2100' Zemczak <lukasz.zemczak@ubuntu.com> Wed, 23 Mar 2022 14:52:51 +0100
freetype (2.11.1+dfsg-1) unstable; urgency=medium
* New upstream version:
- Experimental COLR v1 API updated to OpenType standard 1.9.
- Some fields in the 'CID_FaceDictRec', 'CID_FaceInfoRec' and 'FT_Data'
structures have been changed from signed to unsigned types.
- Removal of legacy blitter from graph-based demos.
* freetype2-doc:
- Remove links file. The tutorial documentation no longer uses jQuery.
- Don't install the CMAKE file.
* libfreetype6: Update symbols file for FreeType 2.11.1.
* Remove all files in debian/missing-sources (no longer needed).
* debian/control:
- libfreetype-dev now Provides libfreetype6-dev (Closes: #1002049).
Thanks to Jochen Sprickerhof for supplying a patch.
- No longer Build-Depend on libjs-jquery.
* debian/copyright: Update for FreeType 2.11.1.
* debian/patches:
- Drop autogen-no-git.patch (applied upstream).
- Drop ft2demos-no-rpath.patch and fix-js-doc-paths.patch.
Neither patch is needed due to upstream changes.
- Add a patch to remove remaining jQuery script tags.
- use-donation-button.patch: Use a button instead of an image for
donations. Thanks to Paul Wise for the patch. (Closes: #998065).
* debian/rules:
- Update files excluded during the dh_installdocs-indep override.
- Trim relative folder paths in the tutorial documentation.
- Drop string substitution of the #defined value of SIZEOF_LONG.
This is no longer needed due to upstream changes.
* debian/upstream/metadata: Update for FreeType 2.11.1.
-- Hugh McMaster <hugh.mcmaster@outlook.com> Wed, 29 Dec 2021 10:22:50 +1100
freetype (2.11.0+dfsg-1) unstable; urgency=medium
* New upstream version:
- Support for creating 8-bit Signed Distance Field (SDF) bitmaps for both
outline and bitmap glyphs via a new rendering module.
- Access to surfacing properties of 'COLR' v1 color fonts via a new
experimental API.
- Further demotion of the legacy Type 1 and CFF engines due to a lack of
support for CFF2 charstrings.
- Correct handling of PCF bitmap fonts compressed with LZW.
- Enhancements to various demo programs.
* Subpixel rendering re-enabled for release builds.
* debian/control:
- Raise Standards-Version to 4.6.0 from 4.5.1 (no changes needed).
- Replace fonts-material-design-icons-iconfont with fonts-dejavu-core.
* debian/copyright: Update for FreeType 2.11.0.
* debian/gbp.conf: Use DEP-14 branch naming.
* debian/libfreetype6.symbols: Update for FreeType 2.11.0.
* debian/patches:
- autogen-no-git.patch: Only use git commands if building from a branch.
- Drop remove-gstatic-code.patch (replaced by sed commands in d/rules).
- Update and refresh other patches.
* debian/rules:
- Include /usr/share/dpkg/architecture.mk.
- Update file exclusions in dh_installdocs-indep.
- Remove specific lines from the HTML reference documentation to prevent
Lintian privacy-* warnings.
* debian/source/lintian-overrides: Silence errors about long lines in the
HTML documentation.
* freetyp2-demos: Add wildcard line context to the typo-in-manual-page tag.
* Remove legacy maintscripts (freetype2-demos, libfreetype6-dev).
-- Hugh McMaster <hugh.mcmaster@outlook.com> Thu, 14 Oct 2021 22:06:22 +1100
freetype (2.10.4+dfsg-1) unstable; urgency=medium
* New upstream version:
- Fix for CVE-2020-15999 (heap buffer overflow) now included.
- New flag `FT_OUTLINE_OVERLAP' available to make the smooth rasterizer do
4x4 oversampling to mitigate artifacts in pixels partially covered by
overlapping contours. This at least quadruples the rendering time.
FreeType automatically uses this rendering mode if a glyph in a TrueType
font has the `OVERLAP_SIMPLE' or `OVERLAP_COMPOUND' bit set.
- Including FreeType header files via FT_*_H macros is no longer required.
Downstream packages are encouraged to include the FreeType headers via
standard paths, e.g. #include <freetype/freetype.h>.
- Support for building with Meson.
- Fixes for various memory leaks, primarily in the CFF driver module.
- Jam support has been removed.
- Many improvements to demo programs.
- The obsolete `HAVE_STDINT_H' probing macro has been removed.
- Public macro definitions required by the FreeType API have been moved to
include/freetype/config/public-macros.h.
- Private macro definitions used by the FreeType API have been moved to
include/freetype/config/compiler-macros.h.
- New common header for integer data types added.
* debian/control:
- Build-Depend on zlib1g-dev | libz-dev.
- Raise Standards-Version from 4.5.0 to 4.5.1 (no changes needed).
* debian/copyright:
- Update for FreeType 2.10.4.
- Remove redundant globbing patterns.
* debian/patches:
- Drop cve-2020-15999.patch (fix included in FreeType 2.10.4).
- Refresh enable-subpixel-rendering.patch.
- Refresh hide-donations-information.patch.
* debian/rules: Remove debian/udeb directory before building.
* debian/tests/libfreetype-dev: Replace the FT_FREETYPE_H macro with a
standard header inclusion.
-- Hugh McMaster <hugh.mcmaster@outlook.com> Sat, 05 Dec 2020 19:20:58 +1100
freetype (2.10.2+dfsg-4) unstable; urgency=high
* debian/patches: Add upstream patch for CVE-2020-15999 (Closes: #972586).
- Prevent heap buffer overflow when handling embedded PNG bitmaps
in malformed TrueType font files.
-- Hugh McMaster <hugh.mcmaster@outlook.com> Wed, 21 Oct 2020 09:39:47 +1100
freetype (2.10.2+dfsg-3) unstable; urgency=medium
[ Simon McVittie ]
* d/tests: Add a superficial compile/link/run autopkgtest (Closes: #964246).
[ Hugh McMaster ]
* debian/rules:
- Update a comment.
- Fix whitespace formatting.
- Override dh_auto_clean to clean up ft2demos.
- Override dh_auto_clean to remove objs/.libs/libfreetype.ver.
- Run a separate build sequence for libfreetype6-udeb, which should not
depend on libbrotli1 (Closes: #964774).
* Minor stylistic changes to d/tests/libfreetype-dev.
- Thanks to Simon McVittie for writing the autopkgtest.
-- Hugh McMaster <hugh.mcmaster@outlook.com> Wed, 15 Jul 2020 22:10:01 +1000
freetype (2.10.2+dfsg-2) unstable; urgency=medium
* debian/control: Add libbrotli-dev as a dependency of libfreetype-dev
(Closes: #964185).
-- Hugh McMaster <hugh.mcmaster@outlook.com> Fri, 03 Jul 2020 22:40:45 +1000
freetype (2.10.2+dfsg-1) unstable; urgency=medium
* New upstream version:
- Support for WOFF2 fonts.
- Type 1 fonts with non-integer metrics are now supported by the new
(CFF) engine introduced in FreeType 2.9.
- Auto-hinter support for Hanifi Rohingya.
* Repack to remove non-DFSG-compatible minified JavaScript files from the
main upstream tarball.
* debian/control:
- Raise Standards-Version to 4.5.0 from 4.4.1.
- Sort Build-Depends list.
- Use debhelper-compat version 13.
- Build-Depend on libbrotli-dev to support WOFF2 fonts.
- Sort the libfreetype-dev Depends field.
- Recommend fonts-material-design-icons-iconfont with freetype2-doc.
* debian/copyright:
- Update for FreeType 2.10.2.
- Add Files-Excluded field.
- Remove copyright information for Excluded files.
* debian/gbp.conf:
- Always use pristine-tar.
- Add component option for import-orig and export-orig.
* Add debian/not-installed.
* debian/patches:
- Drop scale-phantom-points.patch and verbose-libtool.patch.
- remove-gstatic-code.patch: Update file paths and patch content.
- fix-js-doc-paths.patch: Add missing HTML files.
- hide-donations-information.patch: Refresh patch.
- Update patch order in the series file.
* debian/rules:
- Remove the dh_auto_install override.
- Stop moving the HTML documentation (problem fixed upstream).
- Force installation of correct ChangeLog for freetype2-demos.
- Install the HTML documentation in libfreetype-dev but package the files
in freetype2-doc (as preferred by Debian Policy section 12.3).
- Install the CHANGES and PCF README files in libfreetype-dev.
- Do not install docs/reference/assets/images. These files are not used.
- Drop the reference/README installation exclusion in freetype2-docs.
* debian/watch:
- Download xz-compressed tarballs (Closes: #952973).
- Update the filenamemangle used with the ft2docs tarball component.
- Don't call uupdate.
- Repack the main upstream source tarball to comply with the DFSG.
* freetype2-demos:
- Update manpage source path.
- Use renamed lintian tag.
* freetype2-doc:
- Update doc-base registration paths.
- Install jQuery symlink in libfreetype-dev.
- Update paths in lintian overrides.
-- Hugh McMaster <hugh.mcmaster@outlook.com> Thu, 02 Jul 2020 22:00:01 +1000
# For older changelog entries, run 'apt-get changelog libfreetype6'
Generated by dwww version 1.14 on Sat Jan 18 04:49:13 CET 2025.