Skip to content
  • Julien Cristau's avatar
    Import Debian changes 1:2.0.3-1 · 2ad3aef9
    Julien Cristau authored
    libxfont (1:2.0.3-1) unstable; urgency=medium
    
      * Add Matthieu Herrb's key to d/u/signing-key.asc
      * New upstream release.
        + Open files with O_NOFOLLOW. (CVE-2017-16611)
      * Update package metadata for move to salsa.
    
    libxfont (1:2.0.1-4) unstable; urgency=high
    
      * Check for end of string in PatternMatch (CVE-2017-13720)
      * pcfGetProperties: Check string boundaries (CVE-2017-13722)
    
    libxfont (1:2.0.1-3) unstable; urgency=medium
    
      [ Andreas Boll ]
      * Remove dh-autoreconf build-dep. Not needed with debhelper 10.
      * Remove obsolete Conflicts from pre-wheezy.
      * Update a bunch of URLs in packaging to https.
      * Remove superfluous --libdir from dh_auto_configure. Not needed with
        debhelper compat level >= 9.
    
    libxfont (1:2.0.1-2) unstable; urgency=medium
    
      * Switch to -dbgsym packages.
      * Bump debhelper compat to 10. Drop --with quilt and --parallel flags,
        they are enabled by default now.
      * Upload to unstable.
    
    libxfont (1:2.0.1-1) experimental; urgency=medium
    
      * Team upload.
      * New upstream release.
      * Add Keith Packard's key to debian/upstream/signing-key.asc.
      * watch: Updated to match upstream rename to libXfont2.
      * control, rules, *.install: Changes to match new soname.
      * control: Add myself to uploaders.
    
    libxfont (1:1.5.2-1) unstable; urgency=medium
    
      * Team upload.
      * New upstream release.
      * Use https URL in watch file.
      * Add Adam Jackson's key to debian/upstream/signing-key.asc.
      * Bump Standards-Version to 3.9.8.
      * Use https URLs in Vcs-* control fields.
      * Remove Drew from Uploaders.
    
    libxfont (1:1.5.1-1) unstable; urgency=high
    
      * New upstream release
        + bdfReadProperties: property count needs range check [CVE-2015-1802]
        + bdfReadCharacters: bailout if a char's bitmap cannot be read
          [CVE-2015-1803]
        + bdfReadCharacters: ensure metrics fit into xCharInfo struct
          [CVE-2015-1804]
    
    libxfont (1:1.4.99.901-1) unstable; urgency=medium
    
      * New upstream release candidate.
        + includes the CVE-2014-{0209,0210,0211} patches
      * Remove Cyril from Uploaders.
      * Allow uscan to verify tarball signature.
    
    libxfont (1:1.4.7-2) unstable; urgency=high
    
      * Pull from upstream git to fix FTBFS with new fontsproto (closes: #746052)
      * CVE-2014-0209: integer overflow of allocations in font metadata
      * CVE-2014-0210: unvalidated length fields when parsing xfs protocol replies
      * CVE-2014-0211: integer overflows calculating memory needs for xfs replies
      * Add breaks on xfs because we broke it by disabling font protocol support
        in 1.4.7.
    
    libxfont (1:1.4.7-1) unstable; urgency=high
    
      * New upstream release
        + CVE-2013-6462: unlimited sscanf overflows stack buffer in
          bdfReadCharacters()
      * Don't put dbg symbols from the udeb in the dbg package.
      * dev package is no longer Multi-Arch: same (closes: #720026).
      * Disable support for connecting to a font server.  That code is horrible and
        full of holes.
    
    libxfont (1:1.4.6-1) unstable; urgency=low
    
      * New upstream release.
      * Build for multiarch (closes: #654252).  Patch by Riku Voipio, thanks!
      * Disable silent build rules.
    
    libxfont (1:1.4.5-2) unstable; urgency=low
    
      * Ease sync for Ubuntu: strip -Bsymbolic-functions from LDFLAGS
        (LP: #992745).
    
    libxfont (1:1.4.5-1) unstable; urgency=low
    
      [ Cyril Brulebois ]
      * New upstream release.
      * Switch to dh:
        - Bump debhelper build-dep and compat.
        - Rewrite debian/rules, using autoreconf and quilt sequences.
        - Adjust build dependencies accordingly.
        - Use build-main and build-udeb as build directories.
        - Adjust .install accordingly.
      * Remove xsfbs accordingly.
      * Add support for hardened build flags through dpkg-buildflags, based
        on a patch by Moritz Muehlenhoff, thanks! (Closes: #654154).
    
      [ Julien Cristau ]
      * Remove David Nusinow from Uploaders.
    
    libxfont (1:1.4.4-1) unstable; urgency=high
    
      [ Julien Cristau ]
      * Drop Pre-Depends on x11-common (only needed for upgrades from the
        monolith) and Replaces on xlibs-static-dev (hasn't existed in forever).
    
      [ Cyril Brulebois ]
      * New upstream release:
        - LZW decompress: fix for CVE-2011-2895. From the commit message:
          “Specially crafted LZW stream can crash an application using libXfont
           that is used to open untrusted font files.  With X server, this may
           allow privilege escalation when exploited.”
      * Set urgency to “high” accordingly.
      * Update debian/copyright from upstream COPYING.
      * Bump xorg-sgml-doctools build-dep.
      * Drop xorg.css from .install, no longer shipped upstream.
    
    libxfont (1:1.4.3-2) unstable; urgency=low
    
      * Upload to unstable.
    
    libxfont (1:1.4.3-1) experimental; urgency=low
    
      * New upstream release.
      * Bump xutils-dev build-dep for new macros.
      * Add xmlto, xorg-sgml-doctools, and w3m build-dep for the doc.
      * Pass --with-xmlto and --without-fop for the regular build (we want
        html and txt only). Disable both for the udeb build.
      * Tweak doc filenames, and handle that through dh_install.
      * Add --fail-missing -XlibXfont.la for the second dh_install call (the
        udeb one), for additional safety.
    
    libxfont (1:1.4.2-1) experimental; urgency=low
    
      * New upstream release.
      * Bump xutils-dev build-dep for new xorg-macros.
      * Bump shlibs for register_fpe_functions().
      * Update debian/copyright.
      * Bump Standards-Version to 3.9.0, no changes.
    
    libxfont (1:1.4.1-2) unstable; urgency=low
    
      [ Julien Cristau ]
      * Rename the build directory to not include DEB_BUILD_GNU_TYPE for no
        good reason.  Thanks, Colin Watson!
      * Remove myself from Uploaders
    
      [ Cyril Brulebois ]
      * Use dh_makeshlibs’s -V argument instead of debian/libxfont1.shlibs
      * Add udeb needed for the graphical installer: libxfont1-udeb.
      * Version the B-D on libfontenc-dev to ensure libxfont1-udeb gets a
        dependency on libfontenc1-udeb.
      * Use a bzip2-less flavour for the udeb.
      * Bump Standards-Version from 3.8.3 to 3.8.4 (no changes needed).
      * Fix obsolete-relation-form-in-source by using “<<” instead of “<” for
        xprint in Conflicts, thanks to lintian.
      * Add myself to Uploaders.
    
    libxfont (1:1.4.1-1) unstable; urgency=low
    
      * New upstream release.
      * Bump xutils-dev build-dep for new util-macros.
      * Build documentation, install it in libxfont-dev.
      * Enable support for bzip2 compressed bitmap fonts.
      * Don't use LDFLAGS from the environment.  Ubuntu sets that to
        -Bsymbolic-functions, which breaks libXfont's weak symbols usage.
    
    libxfont (1:1.4.0-3) unstable; urgency=low
    
      * libxfont1 Conflicts: xprint (< 2:1.6.0-1). 
        The requiem release of xprint (1.6) will not conflict with
        libxfont1. I am assured the garlic wreaths should prove most
        efficacious at protecting the general public from the undead. 
      * Standards version 3.8.3.
    
    libxfont (1:1.4.0-2) unstable; urgency=high
    
      * libxfont1 Conflicts with xprint, printer font support was removed upstream
        in 1.4.0 (closes: #535952).
      * Add README.source from xsfbs.  Bump Standards-Version to 3.8.2.
    
    libxfont (1:1.4.0-1) unstable; urgency=low
    
      * New upstream release.
      * Move libxfont1-dbg to new section 'debug'.
    
    libxfont (1:1.3.4-2) unstable; urgency=low
    
      * Update debian/copyright from upstream COPYING.
      * Upload to unstable.
    
    libxfont (1:1.3.4-1) experimental; urgency=low
    
      * Wrap build-deps in debian/control.
      * Run autoreconf on build; build-dep on xutils-dev, autoconf, automake and
        libtool.
      * Handle parallel builds.
      * New upstream release.
      * Drop obsolete x11proto-fontcache-dev build-dependency.
    
    libxfont (1:1.3.3-1) unstable; urgency=high
    
      [ Julien Cristau ]
      * Drop dependency on x11-common from libxfont1{,-dbg}.
      * New upstream bugfix release.
      * Disable the type1 rasterizer and support for speedo font files.  The
        former is a security hazard, and Speedo fonts are disabled in the X server
        since before etch anyway.
      * Urgency high so the above gets in lenny.
    
      [ Brice Goglin ]
      * Add upstream URL to debian/copyright.
      * Add a link to www.X.org and a reference to the upstream module
        in the long description.
    
    libxfont (1:1.3.2-1) unstable; urgency=low
    
      * New upstream release
      * Drop CVE-2008-0006.diff, included upstream.
    
    libxfont (1:1.3.1-2) unstable; urgency=high
    
      * High urgency upload for security fix.
      * Fix a buffer overflow in the PCF font parser (CVE-2008-0006).
      * debian/control updates
        + add myself to Uploaders, and remove Branden and Fabio with their
          permission
        + s/^XS-Vcs/Vcs/
        + bump Standards-Version to 3.7.3 (no changes)
        + libxfont1 is Section: libs
        + libxfont-dev and libxfont1-dbg are Section: libdevel
    
    libxfont (1:1.3.1-1) unstable; urgency=low
    
      * New upstream release.
      * Add libxfont1.shlibs, bump shlibs to >= 1:1.2.9.
    
    libxfont (1:1.2.9-1) unstable; urgency=low
    
      * New upstream version.
        - Add a new 'catalogue' FPE (font path element), which takes font
          paths from symlinks in a dir.
      * Use libxfont1 (= ${binary:Version}) instead of ${Source-Version}
        in debian/control.
    
    libxfont (1:1.2.8-1) unstable; urgency=low
    
      * Add XS-Vcs-Browser to debian/control.
      * New upstream release.
        + drop patch from 1:1.2.2-2, applied upstream.
      * Upload to unstable.
    
    libxfont (1:1.2.7-1) experimental; urgency=low
    
      * New upstream release.
      * Add XS-Vcs-Git header to debian/control, and drop obsolete CVS information.
      * Install the upstream ChangeLog.
    
    libxfont (1:1.2.2-2) unstable; urgency=high
    
      * Grab patch from upstream git to fix security issues:
        + CVE-2007-1351: BDFFont Parsing Integer Overflow
        + CVE-2007-1352: fonts.dir File Parsing Integer Overflow
    
    libxfont (1:1.2.2-1) unstable; urgency=high
    
      * New upstream version.
        - closes security bug in CID encoded fonts (iDefense CVE-ID
          2006-3739, 2006-3740)
        - applies patches 10_freetype_buffer_overflow.patch, 10_pcf_font.patch
      * dbg package has priority extra.
    
    libxfont (1:1.2.0-2) unstable; urgency=high
    
      * Apply upstream patch 10_pcf_font.patch (security vulnerability
        CVE-2006-3467).  Closes: #383353.
      * Upload to unstable to ensure patch is propagated quickly.
      * Apply patch 10_freetype_buffer_overflow.patch while we're at it
        (no known exploits).
    
    libxfont (1:1.2.0-1) experimental; urgency=low
    
      * New upstream version. Closes: #364854.
        - builds and works with Freetype 2.2. Closes: #362920, #370149.
      * Standards version 3.7.2.
      * libxfont-dev doesn't need both Depends: and Pre-Depends: x11-common.
      * Use debhelper 5, tidy up debian/rules to match.
      * libxfont does not provide libfontcache.so!
    
    libxfont (1:1.1.0-1) UNRELEASED; urgency=low
    
      [ David Nusinow ]
      * New upstream release
      * Remove obsolete patch 01_fontserver_fix_SEGV.diff
    
      [ Andres Salomon ]
      * Test for obj-$(DEB_BUILD_GNU_TYPE) before creating it during build;
        idempotency fix.
      * Run dh_install w/ --list-missing.
    
    libxfont (1:1.0.0-4) unstable; urgency=low
    
      * Reorder makeshlib command in rules file so that ldconfig is run
        properly. Thanks Drew Parsons and Steve Langasek.
      * Add quilt to build-depends
    
    libxfont (1:1.0.0-3) unstable; urgency=low
    
      * Upload to unstable
    
    libxfont (1:1.0.0-2) experimental; urgency=low
    
      * Have libxfont-dev depend on libfreetype6-dev and libfontenc-dev. Thanks
        Eugene Konev.
      * Port patches from trunk
        + general/099v_fontserver_fix_SEGV.diff
    
    libxfont (1:1.0.0-1) experimental; urgency=low
    
      * First upload to Debian
    
    libxfont (1:0.99.0+cvs.20050909-1) breezy; urgency=low
    
      * Fix the XFONT_FONTCACHE/FONTCACHE define in configure.ac (close:
        Ubuntu#14319).
    
    libxfont (1:0.99.0-1) breezy; urgency=low
    
      * First libxfont release.
    2ad3aef9
To find the state of this project's repository at the time of any of these versions, check out the tags.