libxfont (1:2.0.3-1) unstable; urgency=medium

  * Add Matthieu Herrb's key to d/u/signing-key.asc
  * New upstream release.
    + Open files with O_NOFOLLOW. (CVE-2017-16611)
  * Update package metadata for move to salsa.

libxfont (1:2.0.1-4) unstable; urgency=high

  * Check for end of string in PatternMatch (CVE-2017-13720)
  * pcfGetProperties: Check string boundaries (CVE-2017-13722)

libxfont (1:2.0.1-3) unstable; urgency=medium

  [ Andreas Boll ]
  * Remove dh-autoreconf build-dep. Not needed with debhelper 10.
  * Remove obsolete Conflicts from pre-wheezy.
  * Update a bunch of URLs in packaging to https.
  * Remove superfluous --libdir from dh_auto_configure. Not needed with
    debhelper compat level >= 9.

libxfont (1:2.0.1-2) unstable; urgency=medium

  * Switch to -dbgsym packages.
  * Bump debhelper compat to 10. Drop --with quilt and --parallel flags,
    they are enabled by default now.
  * Upload to unstable.

libxfont (1:2.0.1-1) experimental; urgency=medium

  * Team upload.
  * New upstream release.
  * Add Keith Packard's key to debian/upstream/signing-key.asc.
  * watch: Updated to match upstream rename to libXfont2.
  * control, rules, *.install: Changes to match new soname.
  * control: Add myself to uploaders.

libxfont (1:1.5.2-1) unstable; urgency=medium

  * Team upload.
  * New upstream release.
  * Use https URL in watch file.
  * Add Adam Jackson's key to debian/upstream/signing-key.asc.
  * Bump Standards-Version to 3.9.8.
  * Use https URLs in Vcs-* control fields.
  * Remove Drew from Uploaders.

libxfont (1:1.5.1-1) unstable; urgency=high

  * New upstream release
    + bdfReadProperties: property count needs range check [CVE-2015-1802]
    + bdfReadCharacters: bailout if a char's bitmap cannot be read
      [CVE-2015-1803]
    + bdfReadCharacters: ensure metrics fit into xCharInfo struct
      [CVE-2015-1804]

libxfont (1:1.4.99.901-1) unstable; urgency=medium

  * New upstream release candidate.
    + includes the CVE-2014-{0209,0210,0211} patches
  * Remove Cyril from Uploaders.
  * Allow uscan to verify tarball signature.

libxfont (1:1.4.7-2) unstable; urgency=high

  * Pull from upstream git to fix FTBFS with new fontsproto (closes: #746052)
  * CVE-2014-0209: integer overflow of allocations in font metadata
  * CVE-2014-0210: unvalidated length fields when parsing xfs protocol replies
  * CVE-2014-0211: integer overflows calculating memory needs for xfs replies
  * Add breaks on xfs because we broke it by disabling font protocol support
    in 1.4.7.

libxfont (1:1.4.7-1) unstable; urgency=high

  * New upstream release
    + CVE-2013-6462: unlimited sscanf overflows stack buffer in
      bdfReadCharacters()
  * Don't put dbg symbols from the udeb in the dbg package.
  * dev package is no longer Multi-Arch: same (closes: #720026).
  * Disable support for connecting to a font server.  That code is horrible and
    full of holes.

libxfont (1:1.4.6-1) unstable; urgency=low

  * New upstream release.
  * Build for multiarch (closes: #654252).  Patch by Riku Voipio, thanks!
  * Disable silent build rules.

libxfont (1:1.4.5-2) unstable; urgency=low

  * Ease sync for Ubuntu: strip -Bsymbolic-functions from LDFLAGS
    (LP: #992745).

libxfont (1:1.4.5-1) unstable; urgency=low

  [ Cyril Brulebois ]
  * New upstream release.
  * Switch to dh:
    - Bump debhelper build-dep and compat.
    - Rewrite debian/rules, using autoreconf and quilt sequences.
    - Adjust build dependencies accordingly.
    - Use build-main and build-udeb as build directories.
    - Adjust .install accordingly.
  * Remove xsfbs accordingly.
  * Add support for hardened build flags through dpkg-buildflags, based
    on a patch by Moritz Muehlenhoff, thanks! (Closes: #654154).

  [ Julien Cristau ]
  * Remove David Nusinow from Uploaders.

libxfont (1:1.4.4-1) unstable; urgency=high

  [ Julien Cristau ]
  * Drop Pre-Depends on x11-common (only needed for upgrades from the
    monolith) and Replaces on xlibs-static-dev (hasn't existed in forever).

  [ Cyril Brulebois ]
  * New upstream release:
    - LZW decompress: fix for CVE-2011-2895. From the commit message:
      “Specially crafted LZW stream can crash an application using libXfont
       that is used to open untrusted font files.  With X server, this may
       allow privilege escalation when exploited.”
  * Set urgency to “high” accordingly.
  * Update debian/copyright from upstream COPYING.
  * Bump xorg-sgml-doctools build-dep.
  * Drop xorg.css from .install, no longer shipped upstream.

libxfont (1:1.4.3-2) unstable; urgency=low

  * Upload to unstable.

libxfont (1:1.4.3-1) experimental; urgency=low

  * New upstream release.
  * Bump xutils-dev build-dep for new macros.
  * Add xmlto, xorg-sgml-doctools, and w3m build-dep for the doc.
  * Pass --with-xmlto and --without-fop for the regular build (we want
    html and txt only). Disable both for the udeb build.
  * Tweak doc filenames, and handle that through dh_install.
  * Add --fail-missing -XlibXfont.la for the second dh_install call (the
    udeb one), for additional safety.

libxfont (1:1.4.2-1) experimental; urgency=low

  * New upstream release.
  * Bump xutils-dev build-dep for new xorg-macros.
  * Bump shlibs for register_fpe_functions().
  * Update debian/copyright.
  * Bump Standards-Version to 3.9.0, no changes.

libxfont (1:1.4.1-2) unstable; urgency=low

  [ Julien Cristau ]
  * Rename the build directory to not include DEB_BUILD_GNU_TYPE for no
    good reason.  Thanks, Colin Watson!
  * Remove myself from Uploaders

  [ Cyril Brulebois ]
  * Use dh_makeshlibs’s -V argument instead of debian/libxfont1.shlibs
  * Add udeb needed for the graphical installer: libxfont1-udeb.
  * Version the B-D on libfontenc-dev to ensure libxfont1-udeb gets a
    dependency on libfontenc1-udeb.
  * Use a bzip2-less flavour for the udeb.
  * Bump Standards-Version from 3.8.3 to 3.8.4 (no changes needed).
  * Fix obsolete-relation-form-in-source by using “<<” instead of “<” for
    xprint in Conflicts, thanks to lintian.
  * Add myself to Uploaders.

libxfont (1:1.4.1-1) unstable; urgency=low

  * New upstream release.
  * Bump xutils-dev build-dep for new util-macros.
  * Build documentation, install it in libxfont-dev.
  * Enable support for bzip2 compressed bitmap fonts.
  * Don't use LDFLAGS from the environment.  Ubuntu sets that to
    -Bsymbolic-functions, which breaks libXfont's weak symbols usage.

libxfont (1:1.4.0-3) unstable; urgency=low

  * libxfont1 Conflicts: xprint (< 2:1.6.0-1). 
    The requiem release of xprint (1.6) will not conflict with
    libxfont1. I am assured the garlic wreaths should prove most
    efficacious at protecting the general public from the undead. 
  * Standards version 3.8.3.

libxfont (1:1.4.0-2) unstable; urgency=high

  * libxfont1 Conflicts with xprint, printer font support was removed upstream
    in 1.4.0 (closes: #535952).
  * Add README.source from xsfbs.  Bump Standards-Version to 3.8.2.

libxfont (1:1.4.0-1) unstable; urgency=low

  * New upstream release.
  * Move libxfont1-dbg to new section 'debug'.

libxfont (1:1.3.4-2) unstable; urgency=low

  * Update debian/copyright from upstream COPYING.
  * Upload to unstable.

libxfont (1:1.3.4-1) experimental; urgency=low

  * Wrap build-deps in debian/control.
  * Run autoreconf on build; build-dep on xutils-dev, autoconf, automake and
    libtool.
  * Handle parallel builds.
  * New upstream release.
  * Drop obsolete x11proto-fontcache-dev build-dependency.

libxfont (1:1.3.3-1) unstable; urgency=high

  [ Julien Cristau ]
  * Drop dependency on x11-common from libxfont1{,-dbg}.
  * New upstream bugfix release.
  * Disable the type1 rasterizer and support for speedo font files.  The
    former is a security hazard, and Speedo fonts are disabled in the X server
    since before etch anyway.
  * Urgency high so the above gets in lenny.

  [ Brice Goglin ]
  * Add upstream URL to debian/copyright.
  * Add a link to www.X.org and a reference to the upstream module
    in the long description.

libxfont (1:1.3.2-1) unstable; urgency=low

  * New upstream release
  * Drop CVE-2008-0006.diff, included upstream.

libxfont (1:1.3.1-2) unstable; urgency=high

  * High urgency upload for security fix.
  * Fix a buffer overflow in the PCF font parser (CVE-2008-0006).
  * debian/control updates
    + add myself to Uploaders, and remove Branden and Fabio with their
      permission
    + s/^XS-Vcs/Vcs/
    + bump Standards-Version to 3.7.3 (no changes)
    + libxfont1 is Section: libs
    + libxfont-dev and libxfont1-dbg are Section: libdevel

libxfont (1:1.3.1-1) unstable; urgency=low

  * New upstream release.
  * Add libxfont1.shlibs, bump shlibs to >= 1:1.2.9.

libxfont (1:1.2.9-1) unstable; urgency=low

  * New upstream version.
    - Add a new 'catalogue' FPE (font path element), which takes font
      paths from symlinks in a dir.
  * Use libxfont1 (= ${binary:Version}) instead of ${Source-Version}
    in debian/control.

libxfont (1:1.2.8-1) unstable; urgency=low

  * Add XS-Vcs-Browser to debian/control.
  * New upstream release.
    + drop patch from 1:1.2.2-2, applied upstream.
  * Upload to unstable.

libxfont (1:1.2.7-1) experimental; urgency=low

  * New upstream release.
  * Add XS-Vcs-Git header to debian/control, and drop obsolete CVS information.
  * Install the upstream ChangeLog.

libxfont (1:1.2.2-2) unstable; urgency=high

  * Grab patch from upstream git to fix security issues:
    + CVE-2007-1351: BDFFont Parsing Integer Overflow
    + CVE-2007-1352: fonts.dir File Parsing Integer Overflow

libxfont (1:1.2.2-1) unstable; urgency=high

  * New upstream version.
    - closes security bug in CID encoded fonts (iDefense CVE-ID
      2006-3739, 2006-3740)
    - applies patches 10_freetype_buffer_overflow.patch, 10_pcf_font.patch
  * dbg package has priority extra.

libxfont (1:1.2.0-2) unstable; urgency=high

  * Apply upstream patch 10_pcf_font.patch (security vulnerability
    CVE-2006-3467).  Closes: #383353.
  * Upload to unstable to ensure patch is propagated quickly.
  * Apply patch 10_freetype_buffer_overflow.patch while we're at it
    (no known exploits).

libxfont (1:1.2.0-1) experimental; urgency=low

  * New upstream version. Closes: #364854.
    - builds and works with Freetype 2.2. Closes: #362920, #370149.
  * Standards version 3.7.2.
  * libxfont-dev doesn't need both Depends: and Pre-Depends: x11-common.
  * Use debhelper 5, tidy up debian/rules to match.
  * libxfont does not provide libfontcache.so!

libxfont (1:1.1.0-1) UNRELEASED; urgency=low

  [ David Nusinow ]
  * New upstream release
  * Remove obsolete patch 01_fontserver_fix_SEGV.diff

  [ Andres Salomon ]
  * Test for obj-$(DEB_BUILD_GNU_TYPE) before creating it during build;
    idempotency fix.
  * Run dh_install w/ --list-missing.

libxfont (1:1.0.0-4) unstable; urgency=low

  * Reorder makeshlib command in rules file so that ldconfig is run
    properly. Thanks Drew Parsons and Steve Langasek.
  * Add quilt to build-depends

libxfont (1:1.0.0-3) unstable; urgency=low

  * Upload to unstable

libxfont (1:1.0.0-2) experimental; urgency=low

  * Have libxfont-dev depend on libfreetype6-dev and libfontenc-dev. Thanks
    Eugene Konev.
  * Port patches from trunk
    + general/099v_fontserver_fix_SEGV.diff

libxfont (1:1.0.0-1) experimental; urgency=low

  * First upload to Debian

libxfont (1:0.99.0+cvs.20050909-1) breezy; urgency=low

  * Fix the XFONT_FONTCACHE/FONTCACHE define in configure.ac (close:
    Ubuntu#14319).

libxfont (1:0.99.0-1) breezy; urgency=low

  * First libxfont release.