libxfont (1:1.4.1-5) squeeze-security; urgency=high * CVE-2014-0209: integer overflow of allocations in font metadata * CVE-2014-0210: unvalidated length fields when parsing xfs protocol replies * CVE-2014-0211: integer overflows calculating memory needs for xfs replies -- Julien Cristau Fri, 09 May 2014 11:40:11 +0200 libxfont (1:1.4.1-4) squeeze-security; urgency=high * unlimited sscanf can overflow stack buffer in bdfReadCharacters() -- Julien Cristau Thu, 26 Dec 2013 21:36:57 +0100 libxfont (1:1.4.1-3) squeeze-security; urgency=high * Fix LZW decompression heap corruption (CVE-2011-2895). -- Julien Cristau Thu, 11 Aug 2011 16:15:30 +0200 libxfont (1:1.4.1-2) unstable; urgency=low [ Julien Cristau ] * Rename the build directory to not include DEB_BUILD_GNU_TYPE for no good reason. Thanks, Colin Watson! * Remove myself from Uploaders [ Cyril Brulebois ] * Use dh_makeshlibs’s -V argument instead of debian/libxfont1.shlibs * Add udeb needed for the graphical installer: libxfont1-udeb. * Version the B-D on libfontenc-dev to ensure libxfont1-udeb gets a dependency on libfontenc1-udeb. * Use a bzip2-less flavour for the udeb. * Bump Standards-Version from 3.8.3 to 3.8.4 (no changes needed). * Fix obsolete-relation-form-in-source by using “<<” instead of “<” for xprint in Conflicts, thanks to lintian. * Add myself to Uploaders. -- Cyril Brulebois Wed, 10 Mar 2010 20:05:31 +0100 libxfont (1:1.4.1-1) unstable; urgency=low * New upstream release. * Bump xutils-dev build-dep for new util-macros. * Build documentation, install it in libxfont-dev. * Enable support for bzip2 compressed bitmap fonts. * Don't use LDFLAGS from the environment. Ubuntu sets that to -Bsymbolic-functions, which breaks libXfont's weak symbols usage. -- Julien Cristau Wed, 02 Dec 2009 11:12:13 +0100 libxfont (1:1.4.0-3) unstable; urgency=low * libxfont1 Conflicts: xprint (< 2:1.6.0-1). The requiem release of xprint (1.6) will not conflict with libxfont1. I am assured the garlic wreaths should prove most efficacious at protecting the general public from the undead. * Standards version 3.8.3. -- Drew Parsons Sat, 31 Oct 2009 11:29:34 +1100 libxfont (1:1.4.0-2) unstable; urgency=high * libxfont1 Conflicts with xprint, printer font support was removed upstream in 1.4.0 (closes: #535952). * Add README.source from xsfbs. Bump Standards-Version to 3.8.2. -- Julien Cristau Sun, 02 Aug 2009 13:36:46 +0200 libxfont (1:1.4.0-1) unstable; urgency=low * New upstream release. * Move libxfont1-dbg to new section 'debug'. -- Julien Cristau Mon, 13 Apr 2009 12:11:23 +0100 libxfont (1:1.3.4-2) unstable; urgency=low * Update debian/copyright from upstream COPYING. * Upload to unstable. -- Julien Cristau Mon, 16 Feb 2009 19:31:59 +0100 libxfont (1:1.3.4-1) experimental; urgency=low * Wrap build-deps in debian/control. * Run autoreconf on build; build-dep on xutils-dev, autoconf, automake and libtool. * Handle parallel builds. * New upstream release. * Drop obsolete x11proto-fontcache-dev build-dependency. -- Julien Cristau Tue, 23 Dec 2008 15:06:37 +0100 libxfont (1:1.3.3-1) unstable; urgency=high [ Julien Cristau ] * Drop dependency on x11-common from libxfont1{,-dbg}. * New upstream bugfix release. * Disable the type1 rasterizer and support for speedo font files. The former is a security hazard, and Speedo fonts are disabled in the X server since before etch anyway. * Urgency high so the above gets in lenny. [ Brice Goglin ] * Add upstream URL to debian/copyright. * Add a link to www.X.org and a reference to the upstream module in the long description. -- Julien Cristau Thu, 17 Jul 2008 22:50:03 +0200 libxfont (1:1.3.2-1) unstable; urgency=low * New upstream release * Drop CVE-2008-0006.diff, included upstream. -- Julien Cristau Fri, 07 Mar 2008 13:32:43 +0100 libxfont (1:1.3.1-2) unstable; urgency=high * High urgency upload for security fix. * Fix a buffer overflow in the PCF font parser (CVE-2008-0006). * debian/control updates + add myself to Uploaders, and remove Branden and Fabio with their permission + s/^XS-Vcs/Vcs/ + bump Standards-Version to 3.7.3 (no changes) + libxfont1 is Section: libs + libxfont-dev and libxfont1-dbg are Section: libdevel -- Julien Cristau Thu, 17 Jan 2008 00:09:38 +0100 libxfont (1:1.3.1-1) unstable; urgency=low * New upstream release. * Add libxfont1.shlibs, bump shlibs to >= 1:1.2.9. -- Julien Cristau Wed, 05 Sep 2007 22:45:57 +0200 libxfont (1:1.2.9-1) unstable; urgency=low * New upstream version. - Add a new 'catalogue' FPE (font path element), which takes font paths from symlinks in a dir. * Use libxfont1 (= ${binary:Version}) instead of ${Source-Version} in debian/control. -- Drew Parsons Sat, 23 Jun 2007 09:40:45 +1000 libxfont (1:1.2.8-1) unstable; urgency=low * Add XS-Vcs-Browser to debian/control. * New upstream release. + drop patch from 1:1.2.2-2, applied upstream. * Upload to unstable. -- Julien Cristau Wed, 11 Apr 2007 15:52:11 +0200 libxfont (1:1.2.7-1) experimental; urgency=low * New upstream release. * Add XS-Vcs-Git header to debian/control, and drop obsolete CVS information. * Install the upstream ChangeLog. -- Julien Cristau Fri, 16 Feb 2007 14:32:57 +0100 libxfont (1:1.2.2-2) unstable; urgency=high * Grab patch from upstream git to fix security issues: + CVE-2007-1351: BDFFont Parsing Integer Overflow + CVE-2007-1352: fonts.dir File Parsing Integer Overflow -- Julien Cristau Tue, 03 Apr 2007 19:31:24 +0200 libxfont (1:1.2.2-1) unstable; urgency=high * New upstream version. - closes security bug in CID encoded fonts (iDefense CVE-ID 2006-3739, 2006-3740) - applies patches 10_freetype_buffer_overflow.patch, 10_pcf_font.patch * dbg package has priority extra. -- Drew Parsons Wed, 13 Sep 2006 17:50:06 +1000 libxfont (1:1.2.0-2) unstable; urgency=high * Apply upstream patch 10_pcf_font.patch (security vulnerability CVE-2006-3467). Closes: #383353. * Upload to unstable to ensure patch is propagated quickly. * Apply patch 10_freetype_buffer_overflow.patch while we're at it (no known exploits). -- Drew Parsons Thu, 17 Aug 2006 07:45:40 +1000 libxfont (1:1.2.0-1) experimental; urgency=low * New upstream version. Closes: #364854. - builds and works with Freetype 2.2. Closes: #362920, #370149. * Standards version 3.7.2. * libxfont-dev doesn't need both Depends: and Pre-Depends: x11-common. * Use debhelper 5, tidy up debian/rules to match. * libxfont does not provide libfontcache.so! -- Drew Parsons Thu, 27 Jul 2006 15:08:14 +1000 libxfont (1:1.1.0-1) UNRELEASED; urgency=low [ David Nusinow ] * New upstream release * Remove obsolete patch 01_fontserver_fix_SEGV.diff [ Andres Salomon ] * Test for obj-$(DEB_BUILD_GNU_TYPE) before creating it during build; idempotency fix. * Run dh_install w/ --list-missing. -- Andres Salomon Mon, 17 Jul 2006 01:20:57 -0400 libxfont (1:1.0.0-4) unstable; urgency=low * Reorder makeshlib command in rules file so that ldconfig is run properly. Thanks Drew Parsons and Steve Langasek. * Add quilt to build-depends -- David Nusinow Wed, 19 Apr 2006 00:10:33 -0400 libxfont (1:1.0.0-3) unstable; urgency=low * Upload to unstable -- David Nusinow Thu, 23 Mar 2006 22:44:39 -0500 libxfont (1:1.0.0-2) experimental; urgency=low * Have libxfont-dev depend on libfreetype6-dev and libfontenc-dev. Thanks Eugene Konev. * Port patches from trunk + general/099v_fontserver_fix_SEGV.diff -- David Nusinow Sun, 26 Feb 2006 18:35:44 -0500 libxfont (1:1.0.0-1) experimental; urgency=low * First upload to Debian -- David Nusinow Thu, 29 Dec 2005 20:51:40 -0500 libxfont (1:0.99.0+cvs.20050909-1) breezy; urgency=low * Fix the XFONT_FONTCACHE/FONTCACHE define in configure.ac (close: Ubuntu#14319). -- Daniel Stone Fri, 9 Sep 2005 15:39:57 +1000 libxfont (1:0.99.0-1) breezy; urgency=low * First libxfont release. -- Daniel Stone Mon, 16 May 2005 22:10:17 +1000