libxfont (1:2.0.1-3+deb9u1) stretch-security; urgency=medium * Check for end of string in PatternMatch (CVE-2017-13720) * pcfGetProperties: Check string boundaries (CVE-2017-13722) -- Julien Cristau Fri, 06 Oct 2017 22:26:19 +0200 libxfont (1:2.0.1-3) unstable; urgency=medium [ Andreas Boll ] * Remove dh-autoreconf build-dep. Not needed with debhelper 10. * Remove obsolete Conflicts from pre-wheezy. * Update a bunch of URLs in packaging to https. * Remove superfluous --libdir from dh_auto_configure. Not needed with debhelper compat level >= 9. -- Timo Aaltonen Thu, 24 Nov 2016 21:27:58 +0200 libxfont (1:2.0.1-2) unstable; urgency=medium * Switch to -dbgsym packages. * Bump debhelper compat to 10. Drop --with quilt and --parallel flags, they are enabled by default now. * Upload to unstable. -- Emilio Pozuelo Monfort Tue, 22 Nov 2016 23:50:03 +0100 libxfont (1:2.0.1-1) experimental; urgency=medium * Team upload. * New upstream release. * Add Keith Packard's key to debian/upstream/signing-key.asc. * watch: Updated to match upstream rename to libXfont2. * control, rules, *.install: Changes to match new soname. * control: Add myself to uploaders. -- Timo Aaltonen Wed, 28 Sep 2016 15:12:22 +0300 libxfont (1:1.5.2-1) unstable; urgency=medium * Team upload. * New upstream release. * Use https URL in watch file. * Add Adam Jackson's key to debian/upstream/signing-key.asc. * Bump Standards-Version to 3.9.8. * Use https URLs in Vcs-* control fields. * Remove Drew from Uploaders. -- Julien Cristau Sat, 24 Sep 2016 12:46:32 +0200 libxfont (1:1.5.1-1) unstable; urgency=high * New upstream release + bdfReadProperties: property count needs range check [CVE-2015-1802] + bdfReadCharacters: bailout if a char's bitmap cannot be read [CVE-2015-1803] + bdfReadCharacters: ensure metrics fit into xCharInfo struct [CVE-2015-1804] -- Julien Cristau Tue, 17 Mar 2015 16:55:21 +0100 libxfont (1:1.4.99.901-1) unstable; urgency=medium * New upstream release candidate. + includes the CVE-2014-{0209,0210,0211} patches * Remove Cyril from Uploaders. * Allow uscan to verify tarball signature. -- Julien Cristau Sat, 12 Jul 2014 17:44:11 +0200 libxfont (1:1.4.7-2) unstable; urgency=high * Pull from upstream git to fix FTBFS with new fontsproto (closes: #746052) * CVE-2014-0209: integer overflow of allocations in font metadata * CVE-2014-0210: unvalidated length fields when parsing xfs protocol replies * CVE-2014-0211: integer overflows calculating memory needs for xfs replies * Add breaks on xfs because we broke it by disabling font protocol support in 1.4.7. -- Julien Cristau Tue, 13 May 2014 17:25:49 +0200 libxfont (1:1.4.7-1) unstable; urgency=high * New upstream release + CVE-2013-6462: unlimited sscanf overflows stack buffer in bdfReadCharacters() * Don't put dbg symbols from the udeb in the dbg package. * dev package is no longer Multi-Arch: same (closes: #720026). * Disable support for connecting to a font server. That code is horrible and full of holes. -- Julien Cristau Tue, 07 Jan 2014 17:51:29 +0100 libxfont (1:1.4.6-1) unstable; urgency=low * New upstream release. * Build for multiarch (closes: #654252). Patch by Riku Voipio, thanks! * Disable silent build rules. -- Julien Cristau Mon, 12 Aug 2013 18:28:57 +0200 libxfont (1:1.4.5-2) unstable; urgency=low * Ease sync for Ubuntu: strip -Bsymbolic-functions from LDFLAGS (LP: #992745). -- Cyril Brulebois Thu, 03 May 2012 19:59:46 +0200 libxfont (1:1.4.5-1) unstable; urgency=low [ Cyril Brulebois ] * New upstream release. * Switch to dh: - Bump debhelper build-dep and compat. - Rewrite debian/rules, using autoreconf and quilt sequences. - Adjust build dependencies accordingly. - Use build-main and build-udeb as build directories. - Adjust .install accordingly. * Remove xsfbs accordingly. * Add support for hardened build flags through dpkg-buildflags, based on a patch by Moritz Muehlenhoff, thanks! (Closes: #654154). [ Julien Cristau ] * Remove David Nusinow from Uploaders. -- Cyril Brulebois Sun, 04 Mar 2012 09:24:59 +0000 libxfont (1:1.4.4-1) unstable; urgency=high [ Julien Cristau ] * Drop Pre-Depends on x11-common (only needed for upgrades from the monolith) and Replaces on xlibs-static-dev (hasn't existed in forever). [ Cyril Brulebois ] * New upstream release: - LZW decompress: fix for CVE-2011-2895. From the commit message: “Specially crafted LZW stream can crash an application using libXfont that is used to open untrusted font files. With X server, this may allow privilege escalation when exploited.” * Set urgency to “high” accordingly. * Update debian/copyright from upstream COPYING. * Bump xorg-sgml-doctools build-dep. * Drop xorg.css from .install, no longer shipped upstream. -- Cyril Brulebois Thu, 11 Aug 2011 11:17:16 +0200 libxfont (1:1.4.3-2) unstable; urgency=low * Upload to unstable. -- Cyril Brulebois Sat, 05 Feb 2011 11:48:49 +0100 libxfont (1:1.4.3-1) experimental; urgency=low * New upstream release. * Bump xutils-dev build-dep for new macros. * Add xmlto, xorg-sgml-doctools, and w3m build-dep for the doc. * Pass --with-xmlto and --without-fop for the regular build (we want html and txt only). Disable both for the udeb build. * Tweak doc filenames, and handle that through dh_install. * Add --fail-missing -XlibXfont.la for the second dh_install call (the udeb one), for additional safety. -- Cyril Brulebois Fri, 19 Nov 2010 01:17:48 +0100 libxfont (1:1.4.2-1) experimental; urgency=low * New upstream release. * Bump xutils-dev build-dep for new xorg-macros. * Bump shlibs for register_fpe_functions(). * Update debian/copyright. * Bump Standards-Version to 3.9.0, no changes. -- Julien Cristau Wed, 07 Jul 2010 18:25:15 +0100 libxfont (1:1.4.1-2) unstable; urgency=low [ Julien Cristau ] * Rename the build directory to not include DEB_BUILD_GNU_TYPE for no good reason. Thanks, Colin Watson! * Remove myself from Uploaders [ Cyril Brulebois ] * Use dh_makeshlibs’s -V argument instead of debian/libxfont1.shlibs * Add udeb needed for the graphical installer: libxfont1-udeb. * Version the B-D on libfontenc-dev to ensure libxfont1-udeb gets a dependency on libfontenc1-udeb. * Use a bzip2-less flavour for the udeb. * Bump Standards-Version from 3.8.3 to 3.8.4 (no changes needed). * Fix obsolete-relation-form-in-source by using “<<” instead of “<” for xprint in Conflicts, thanks to lintian. * Add myself to Uploaders. -- Cyril Brulebois Wed, 10 Mar 2010 20:05:31 +0100 libxfont (1:1.4.1-1) unstable; urgency=low * New upstream release. * Bump xutils-dev build-dep for new util-macros. * Build documentation, install it in libxfont-dev. * Enable support for bzip2 compressed bitmap fonts. * Don't use LDFLAGS from the environment. Ubuntu sets that to -Bsymbolic-functions, which breaks libXfont's weak symbols usage. -- Julien Cristau Wed, 02 Dec 2009 11:12:13 +0100 libxfont (1:1.4.0-3) unstable; urgency=low * libxfont1 Conflicts: xprint (< 2:1.6.0-1). The requiem release of xprint (1.6) will not conflict with libxfont1. I am assured the garlic wreaths should prove most efficacious at protecting the general public from the undead. * Standards version 3.8.3. -- Drew Parsons Sat, 31 Oct 2009 11:29:34 +1100 libxfont (1:1.4.0-2) unstable; urgency=high * libxfont1 Conflicts with xprint, printer font support was removed upstream in 1.4.0 (closes: #535952). * Add README.source from xsfbs. Bump Standards-Version to 3.8.2. -- Julien Cristau Sun, 02 Aug 2009 13:36:46 +0200 libxfont (1:1.4.0-1) unstable; urgency=low * New upstream release. * Move libxfont1-dbg to new section 'debug'. -- Julien Cristau Mon, 13 Apr 2009 12:11:23 +0100 libxfont (1:1.3.4-2) unstable; urgency=low * Update debian/copyright from upstream COPYING. * Upload to unstable. -- Julien Cristau Mon, 16 Feb 2009 19:31:59 +0100 libxfont (1:1.3.4-1) experimental; urgency=low * Wrap build-deps in debian/control. * Run autoreconf on build; build-dep on xutils-dev, autoconf, automake and libtool. * Handle parallel builds. * New upstream release. * Drop obsolete x11proto-fontcache-dev build-dependency. -- Julien Cristau Tue, 23 Dec 2008 15:06:37 +0100 libxfont (1:1.3.3-1) unstable; urgency=high [ Julien Cristau ] * Drop dependency on x11-common from libxfont1{,-dbg}. * New upstream bugfix release. * Disable the type1 rasterizer and support for speedo font files. The former is a security hazard, and Speedo fonts are disabled in the X server since before etch anyway. * Urgency high so the above gets in lenny. [ Brice Goglin ] * Add upstream URL to debian/copyright. * Add a link to www.X.org and a reference to the upstream module in the long description. -- Julien Cristau Thu, 17 Jul 2008 22:50:03 +0200 libxfont (1:1.3.2-1) unstable; urgency=low * New upstream release * Drop CVE-2008-0006.diff, included upstream. -- Julien Cristau Fri, 07 Mar 2008 13:32:43 +0100 libxfont (1:1.3.1-2) unstable; urgency=high * High urgency upload for security fix. * Fix a buffer overflow in the PCF font parser (CVE-2008-0006). * debian/control updates + add myself to Uploaders, and remove Branden and Fabio with their permission + s/^XS-Vcs/Vcs/ + bump Standards-Version to 3.7.3 (no changes) + libxfont1 is Section: libs + libxfont-dev and libxfont1-dbg are Section: libdevel -- Julien Cristau Thu, 17 Jan 2008 00:09:38 +0100 libxfont (1:1.3.1-1) unstable; urgency=low * New upstream release. * Add libxfont1.shlibs, bump shlibs to >= 1:1.2.9. -- Julien Cristau Wed, 05 Sep 2007 22:45:57 +0200 libxfont (1:1.2.9-1) unstable; urgency=low * New upstream version. - Add a new 'catalogue' FPE (font path element), which takes font paths from symlinks in a dir. * Use libxfont1 (= ${binary:Version}) instead of ${Source-Version} in debian/control. -- Drew Parsons Sat, 23 Jun 2007 09:40:45 +1000 libxfont (1:1.2.8-1) unstable; urgency=low * Add XS-Vcs-Browser to debian/control. * New upstream release. + drop patch from 1:1.2.2-2, applied upstream. * Upload to unstable. -- Julien Cristau Wed, 11 Apr 2007 15:52:11 +0200 libxfont (1:1.2.7-1) experimental; urgency=low * New upstream release. * Add XS-Vcs-Git header to debian/control, and drop obsolete CVS information. * Install the upstream ChangeLog. -- Julien Cristau Fri, 16 Feb 2007 14:32:57 +0100 libxfont (1:1.2.2-2) unstable; urgency=high * Grab patch from upstream git to fix security issues: + CVE-2007-1351: BDFFont Parsing Integer Overflow + CVE-2007-1352: fonts.dir File Parsing Integer Overflow -- Julien Cristau Tue, 03 Apr 2007 19:31:24 +0200 libxfont (1:1.2.2-1) unstable; urgency=high * New upstream version. - closes security bug in CID encoded fonts (iDefense CVE-ID 2006-3739, 2006-3740) - applies patches 10_freetype_buffer_overflow.patch, 10_pcf_font.patch * dbg package has priority extra. -- Drew Parsons Wed, 13 Sep 2006 17:50:06 +1000 libxfont (1:1.2.0-2) unstable; urgency=high * Apply upstream patch 10_pcf_font.patch (security vulnerability CVE-2006-3467). Closes: #383353. * Upload to unstable to ensure patch is propagated quickly. * Apply patch 10_freetype_buffer_overflow.patch while we're at it (no known exploits). -- Drew Parsons Thu, 17 Aug 2006 07:45:40 +1000 libxfont (1:1.2.0-1) experimental; urgency=low * New upstream version. Closes: #364854. - builds and works with Freetype 2.2. Closes: #362920, #370149. * Standards version 3.7.2. * libxfont-dev doesn't need both Depends: and Pre-Depends: x11-common. * Use debhelper 5, tidy up debian/rules to match. * libxfont does not provide libfontcache.so! -- Drew Parsons Thu, 27 Jul 2006 15:08:14 +1000 libxfont (1:1.1.0-1) UNRELEASED; urgency=low [ David Nusinow ] * New upstream release * Remove obsolete patch 01_fontserver_fix_SEGV.diff [ Andres Salomon ] * Test for obj-$(DEB_BUILD_GNU_TYPE) before creating it during build; idempotency fix. * Run dh_install w/ --list-missing. -- Andres Salomon Mon, 17 Jul 2006 01:20:57 -0400 libxfont (1:1.0.0-4) unstable; urgency=low * Reorder makeshlib command in rules file so that ldconfig is run properly. Thanks Drew Parsons and Steve Langasek. * Add quilt to build-depends -- David Nusinow Wed, 19 Apr 2006 00:10:33 -0400 libxfont (1:1.0.0-3) unstable; urgency=low * Upload to unstable -- David Nusinow Thu, 23 Mar 2006 22:44:39 -0500 libxfont (1:1.0.0-2) experimental; urgency=low * Have libxfont-dev depend on libfreetype6-dev and libfontenc-dev. Thanks Eugene Konev. * Port patches from trunk + general/099v_fontserver_fix_SEGV.diff -- David Nusinow Sun, 26 Feb 2006 18:35:44 -0500 libxfont (1:1.0.0-1) experimental; urgency=low * First upload to Debian -- David Nusinow Thu, 29 Dec 2005 20:51:40 -0500 libxfont (1:0.99.0+cvs.20050909-1) breezy; urgency=low * Fix the XFONT_FONTCACHE/FONTCACHE define in configure.ac (close: Ubuntu#14319). -- Daniel Stone Fri, 9 Sep 2005 15:39:57 +1000 libxfont (1:0.99.0-1) breezy; urgency=low * First libxfont release. -- Daniel Stone Mon, 16 May 2005 22:10:17 +1000