File: changelog

package info (click to toggle)
libxfont1 1:1.5.2-4
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 3,140 kB
  • ctags: 1,863
  • sloc: ansic: 20,803; sh: 4,112; xml: 550; makefile: 220
file content (406 lines) | stat: -rw-r--r-- 14,115 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
libxfont1 (1:1.5.2-4) unstable; urgency=medium

  [ Andreas Boll ]
  * Fix a typo in override_dh_strip.
  * Remove dh-autoreconf build-dep. Not needed with debhelper 10.
  * Remove obsolete Conflicts from pre-wheezy.
  * Update a bunch of URLs in packaging to https.
  * Remove superfluous --libdir from dh_auto_configure. Not needed with
    debhelper compat level >= 9.

 -- Timo Aaltonen <tjaalton@debian.org>  Thu, 24 Nov 2016 21:26:43 +0200

libxfont1 (1:1.5.2-3) unstable; urgency=medium

  * Drop libxfont1-udeb.
  * Switch to -dbgsym.
  * Bump debhelper compat to 10. Drop --with quilt and --parallel flags,
    they are enabled by default now.

 -- Timo Aaltonen <tjaalton@debian.org>  Thu, 24 Nov 2016 00:16:53 +0200

libxfont1 (1:1.5.2-2) unstable; urgency=medium

  * Rename source to libxfont1.
  * Rename dev package to libxfont1-dev.
  * control: Move to oldlibs.
  * control: Add myself to uploaders.

 -- Timo Aaltonen <tjaalton@debian.org>  Thu, 17 Nov 2016 13:19:18 +0200

libxfont (1:1.5.2-1) unstable; urgency=medium

  * Team upload.
  * New upstream release.
  * Use https URL in watch file.
  * Add Adam Jackson's key to debian/upstream/signing-key.asc.
  * Bump Standards-Version to 3.9.8.
  * Use https URLs in Vcs-* control fields.
  * Remove Drew from Uploaders.

 -- Julien Cristau <jcristau@debian.org>  Sat, 24 Sep 2016 12:46:32 +0200

libxfont (1:1.5.1-1) unstable; urgency=high

  * New upstream release
    + bdfReadProperties: property count needs range check [CVE-2015-1802]
    + bdfReadCharacters: bailout if a char's bitmap cannot be read
      [CVE-2015-1803]
    + bdfReadCharacters: ensure metrics fit into xCharInfo struct
      [CVE-2015-1804]

 -- Julien Cristau <jcristau@debian.org>  Tue, 17 Mar 2015 16:55:21 +0100

libxfont (1:1.4.99.901-1) unstable; urgency=medium

  * New upstream release candidate.
    + includes the CVE-2014-{0209,0210,0211} patches
  * Remove Cyril from Uploaders.
  * Allow uscan to verify tarball signature.

 -- Julien Cristau <jcristau@debian.org>  Sat, 12 Jul 2014 17:44:11 +0200

libxfont (1:1.4.7-2) unstable; urgency=high

  * Pull from upstream git to fix FTBFS with new fontsproto (closes: #746052)
  * CVE-2014-0209: integer overflow of allocations in font metadata
  * CVE-2014-0210: unvalidated length fields when parsing xfs protocol replies
  * CVE-2014-0211: integer overflows calculating memory needs for xfs replies
  * Add breaks on xfs because we broke it by disabling font protocol support
    in 1.4.7.

 -- Julien Cristau <jcristau@debian.org>  Tue, 13 May 2014 17:25:49 +0200

libxfont (1:1.4.7-1) unstable; urgency=high

  * New upstream release
    + CVE-2013-6462: unlimited sscanf overflows stack buffer in
      bdfReadCharacters()
  * Don't put dbg symbols from the udeb in the dbg package.
  * dev package is no longer Multi-Arch: same (closes: #720026).
  * Disable support for connecting to a font server.  That code is horrible and
    full of holes.

 -- Julien Cristau <jcristau@debian.org>  Tue, 07 Jan 2014 17:51:29 +0100

libxfont (1:1.4.6-1) unstable; urgency=low

  * New upstream release.
  * Build for multiarch (closes: #654252).  Patch by Riku Voipio, thanks!
  * Disable silent build rules.

 -- Julien Cristau <jcristau@debian.org>  Mon, 12 Aug 2013 18:28:57 +0200

libxfont (1:1.4.5-2) unstable; urgency=low

  * Ease sync for Ubuntu: strip -Bsymbolic-functions from LDFLAGS
    (LP: #992745).

 -- Cyril Brulebois <kibi@debian.org>  Thu, 03 May 2012 19:59:46 +0200

libxfont (1:1.4.5-1) unstable; urgency=low

  [ Cyril Brulebois ]
  * New upstream release.
  * Switch to dh:
    - Bump debhelper build-dep and compat.
    - Rewrite debian/rules, using autoreconf and quilt sequences.
    - Adjust build dependencies accordingly.
    - Use build-main and build-udeb as build directories.
    - Adjust .install accordingly.
  * Remove xsfbs accordingly.
  * Add support for hardened build flags through dpkg-buildflags, based
    on a patch by Moritz Muehlenhoff, thanks! (Closes: #654154).

  [ Julien Cristau ]
  * Remove David Nusinow from Uploaders.

 -- Cyril Brulebois <kibi@debian.org>  Sun, 04 Mar 2012 09:24:59 +0000

libxfont (1:1.4.4-1) unstable; urgency=high

  [ Julien Cristau ]
  * Drop Pre-Depends on x11-common (only needed for upgrades from the
    monolith) and Replaces on xlibs-static-dev (hasn't existed in forever).

  [ Cyril Brulebois ]
  * New upstream release:
    - LZW decompress: fix for CVE-2011-2895. From the commit message:
      “Specially crafted LZW stream can crash an application using libXfont
       that is used to open untrusted font files.  With X server, this may
       allow privilege escalation when exploited.”
  * Set urgency to “high” accordingly.
  * Update debian/copyright from upstream COPYING.
  * Bump xorg-sgml-doctools build-dep.
  * Drop xorg.css from .install, no longer shipped upstream.

 -- Cyril Brulebois <kibi@debian.org>  Thu, 11 Aug 2011 11:17:16 +0200

libxfont (1:1.4.3-2) unstable; urgency=low

  * Upload to unstable.

 -- Cyril Brulebois <kibi@debian.org>  Sat, 05 Feb 2011 11:48:49 +0100

libxfont (1:1.4.3-1) experimental; urgency=low

  * New upstream release.
  * Bump xutils-dev build-dep for new macros.
  * Add xmlto, xorg-sgml-doctools, and w3m build-dep for the doc.
  * Pass --with-xmlto and --without-fop for the regular build (we want
    html and txt only). Disable both for the udeb build.
  * Tweak doc filenames, and handle that through dh_install.
  * Add --fail-missing -XlibXfont.la for the second dh_install call (the
    udeb one), for additional safety.

 -- Cyril Brulebois <kibi@debian.org>  Fri, 19 Nov 2010 01:17:48 +0100

libxfont (1:1.4.2-1) experimental; urgency=low

  * New upstream release.
  * Bump xutils-dev build-dep for new xorg-macros.
  * Bump shlibs for register_fpe_functions().
  * Update debian/copyright.
  * Bump Standards-Version to 3.9.0, no changes.

 -- Julien Cristau <jcristau@debian.org>  Wed, 07 Jul 2010 18:25:15 +0100

libxfont (1:1.4.1-2) unstable; urgency=low

  [ Julien Cristau ]
  * Rename the build directory to not include DEB_BUILD_GNU_TYPE for no
    good reason.  Thanks, Colin Watson!
  * Remove myself from Uploaders

  [ Cyril Brulebois ]
  * Use dh_makeshlibs’s -V argument instead of debian/libxfont1.shlibs
  * Add udeb needed for the graphical installer: libxfont1-udeb.
  * Version the B-D on libfontenc-dev to ensure libxfont1-udeb gets a
    dependency on libfontenc1-udeb.
  * Use a bzip2-less flavour for the udeb.
  * Bump Standards-Version from 3.8.3 to 3.8.4 (no changes needed).
  * Fix obsolete-relation-form-in-source by using “<<” instead of “<” for
    xprint in Conflicts, thanks to lintian.
  * Add myself to Uploaders.

 -- Cyril Brulebois <kibi@debian.org>  Wed, 10 Mar 2010 20:05:31 +0100

libxfont (1:1.4.1-1) unstable; urgency=low

  * New upstream release.
  * Bump xutils-dev build-dep for new util-macros.
  * Build documentation, install it in libxfont-dev.
  * Enable support for bzip2 compressed bitmap fonts.
  * Don't use LDFLAGS from the environment.  Ubuntu sets that to
    -Bsymbolic-functions, which breaks libXfont's weak symbols usage.

 -- Julien Cristau <jcristau@debian.org>  Wed, 02 Dec 2009 11:12:13 +0100

libxfont (1:1.4.0-3) unstable; urgency=low

  * libxfont1 Conflicts: xprint (< 2:1.6.0-1). 
    The requiem release of xprint (1.6) will not conflict with
    libxfont1. I am assured the garlic wreaths should prove most
    efficacious at protecting the general public from the undead. 
  * Standards version 3.8.3.

 -- Drew Parsons <dparsons@debian.org>  Sat, 31 Oct 2009 11:29:34 +1100

libxfont (1:1.4.0-2) unstable; urgency=high

  * libxfont1 Conflicts with xprint, printer font support was removed upstream
    in 1.4.0 (closes: #535952).
  * Add README.source from xsfbs.  Bump Standards-Version to 3.8.2.

 -- Julien Cristau <jcristau@debian.org>  Sun, 02 Aug 2009 13:36:46 +0200

libxfont (1:1.4.0-1) unstable; urgency=low

  * New upstream release.
  * Move libxfont1-dbg to new section 'debug'.

 -- Julien Cristau <jcristau@debian.org>  Mon, 13 Apr 2009 12:11:23 +0100

libxfont (1:1.3.4-2) unstable; urgency=low

  * Update debian/copyright from upstream COPYING.
  * Upload to unstable.

 -- Julien Cristau <jcristau@debian.org>  Mon, 16 Feb 2009 19:31:59 +0100

libxfont (1:1.3.4-1) experimental; urgency=low

  * Wrap build-deps in debian/control.
  * Run autoreconf on build; build-dep on xutils-dev, autoconf, automake and
    libtool.
  * Handle parallel builds.
  * New upstream release.
  * Drop obsolete x11proto-fontcache-dev build-dependency.

 -- Julien Cristau <jcristau@debian.org>  Tue, 23 Dec 2008 15:06:37 +0100

libxfont (1:1.3.3-1) unstable; urgency=high

  [ Julien Cristau ]
  * Drop dependency on x11-common from libxfont1{,-dbg}.
  * New upstream bugfix release.
  * Disable the type1 rasterizer and support for speedo font files.  The
    former is a security hazard, and Speedo fonts are disabled in the X server
    since before etch anyway.
  * Urgency high so the above gets in lenny.

  [ Brice Goglin ]
  * Add upstream URL to debian/copyright.
  * Add a link to www.X.org and a reference to the upstream module
    in the long description.

 -- Julien Cristau <jcristau@debian.org>  Thu, 17 Jul 2008 22:50:03 +0200

libxfont (1:1.3.2-1) unstable; urgency=low

  * New upstream release
  * Drop CVE-2008-0006.diff, included upstream.

 -- Julien Cristau <jcristau@debian.org>  Fri, 07 Mar 2008 13:32:43 +0100

libxfont (1:1.3.1-2) unstable; urgency=high

  * High urgency upload for security fix.
  * Fix a buffer overflow in the PCF font parser (CVE-2008-0006).
  * debian/control updates
    + add myself to Uploaders, and remove Branden and Fabio with their
      permission
    + s/^XS-Vcs/Vcs/
    + bump Standards-Version to 3.7.3 (no changes)
    + libxfont1 is Section: libs
    + libxfont-dev and libxfont1-dbg are Section: libdevel

 -- Julien Cristau <jcristau@debian.org>  Thu, 17 Jan 2008 00:09:38 +0100

libxfont (1:1.3.1-1) unstable; urgency=low

  * New upstream release.
  * Add libxfont1.shlibs, bump shlibs to >= 1:1.2.9.

 -- Julien Cristau <jcristau@debian.org>  Wed, 05 Sep 2007 22:45:57 +0200

libxfont (1:1.2.9-1) unstable; urgency=low

  * New upstream version.
    - Add a new 'catalogue' FPE (font path element), which takes font
      paths from symlinks in a dir.
  * Use libxfont1 (= ${binary:Version}) instead of ${Source-Version}
    in debian/control.

 -- Drew Parsons <dparsons@debian.org>  Sat, 23 Jun 2007 09:40:45 +1000

libxfont (1:1.2.8-1) unstable; urgency=low

  * Add XS-Vcs-Browser to debian/control.
  * New upstream release.
    + drop patch from 1:1.2.2-2, applied upstream.
  * Upload to unstable.

 -- Julien Cristau <jcristau@debian.org>  Wed, 11 Apr 2007 15:52:11 +0200

libxfont (1:1.2.7-1) experimental; urgency=low

  * New upstream release.
  * Add XS-Vcs-Git header to debian/control, and drop obsolete CVS information.
  * Install the upstream ChangeLog.

 -- Julien Cristau <jcristau@debian.org>  Fri, 16 Feb 2007 14:32:57 +0100

libxfont (1:1.2.2-2) unstable; urgency=high

  * Grab patch from upstream git to fix security issues:
    + CVE-2007-1351: BDFFont Parsing Integer Overflow
    + CVE-2007-1352: fonts.dir File Parsing Integer Overflow

 -- Julien Cristau <jcristau@debian.org>  Tue, 03 Apr 2007 19:31:24 +0200

libxfont (1:1.2.2-1) unstable; urgency=high

  * New upstream version.
    - closes security bug in CID encoded fonts (iDefense CVE-ID
      2006-3739, 2006-3740)
    - applies patches 10_freetype_buffer_overflow.patch, 10_pcf_font.patch
  * dbg package has priority extra.

 -- Drew Parsons <dparsons@debian.org>  Wed, 13 Sep 2006 17:50:06 +1000

libxfont (1:1.2.0-2) unstable; urgency=high

  * Apply upstream patch 10_pcf_font.patch (security vulnerability
    CVE-2006-3467).  Closes: #383353.
  * Upload to unstable to ensure patch is propagated quickly.
  * Apply patch 10_freetype_buffer_overflow.patch while we're at it
    (no known exploits).

 -- Drew Parsons <dparsons@debian.org>  Thu, 17 Aug 2006 07:45:40 +1000

libxfont (1:1.2.0-1) experimental; urgency=low

  * New upstream version. Closes: #364854.
    - builds and works with Freetype 2.2. Closes: #362920, #370149.
  * Standards version 3.7.2.
  * libxfont-dev doesn't need both Depends: and Pre-Depends: x11-common.
  * Use debhelper 5, tidy up debian/rules to match.
  * libxfont does not provide libfontcache.so!

 -- Drew Parsons <dparsons@debian.org>  Thu, 27 Jul 2006 15:08:14 +1000

libxfont (1:1.1.0-1) UNRELEASED; urgency=low

  [ David Nusinow ]
  * New upstream release
  * Remove obsolete patch 01_fontserver_fix_SEGV.diff

  [ Andres Salomon ]
  * Test for obj-$(DEB_BUILD_GNU_TYPE) before creating it during build;
    idempotency fix.
  * Run dh_install w/ --list-missing.

 -- Andres Salomon <dilinger@debian.org>  Mon, 17 Jul 2006 01:20:57 -0400

libxfont (1:1.0.0-4) unstable; urgency=low

  * Reorder makeshlib command in rules file so that ldconfig is run
    properly. Thanks Drew Parsons and Steve Langasek.
  * Add quilt to build-depends

 -- David Nusinow <dnusinow@debian.org>  Wed, 19 Apr 2006 00:10:33 -0400

libxfont (1:1.0.0-3) unstable; urgency=low

  * Upload to unstable

 -- David Nusinow <dnusinow@debian.org>  Thu, 23 Mar 2006 22:44:39 -0500

libxfont (1:1.0.0-2) experimental; urgency=low

  * Have libxfont-dev depend on libfreetype6-dev and libfontenc-dev. Thanks
    Eugene Konev.
  * Port patches from trunk
    + general/099v_fontserver_fix_SEGV.diff

 -- David Nusinow <dnusinow@debian.org>  Sun, 26 Feb 2006 18:35:44 -0500

libxfont (1:1.0.0-1) experimental; urgency=low

  * First upload to Debian

 -- David Nusinow <dnusinow@debian.org>  Thu, 29 Dec 2005 20:51:40 -0500

libxfont (1:0.99.0+cvs.20050909-1) breezy; urgency=low

  * Fix the XFONT_FONTCACHE/FONTCACHE define in configure.ac (close:
    Ubuntu#14319).

 -- Daniel Stone <daniel.stone@ubuntu.com>  Fri,  9 Sep 2005 15:39:57 +1000

libxfont (1:0.99.0-1) breezy; urgency=low

  * First libxfont release.

 -- Daniel Stone <daniel.stone@ubuntu.com>  Mon, 16 May 2005 22:10:17 +1000