libxfont (1:1.5.1-1) unstable; urgency=high * New upstream release + bdfReadProperties: property count needs range check [CVE-2015-1802] + bdfReadCharacters: bailout if a char's bitmap cannot be read [CVE-2015-1803] + bdfReadCharacters: ensure metrics fit into xCharInfo struct [CVE-2015-1804] -- Julien Cristau Tue, 17 Mar 2015 16:55:21 +0100 libxfont (1:1.4.99.901-1) unstable; urgency=medium * New upstream release candidate. + includes the CVE-2014-{0209,0210,0211} patches * Remove Cyril from Uploaders. * Allow uscan to verify tarball signature. -- Julien Cristau Sat, 12 Jul 2014 17:44:11 +0200 libxfont (1:1.4.7-2) unstable; urgency=high * Pull from upstream git to fix FTBFS with new fontsproto (closes: #746052) * CVE-2014-0209: integer overflow of allocations in font metadata * CVE-2014-0210: unvalidated length fields when parsing xfs protocol replies * CVE-2014-0211: integer overflows calculating memory needs for xfs replies * Add breaks on xfs because we broke it by disabling font protocol support in 1.4.7. -- Julien Cristau Tue, 13 May 2014 17:25:49 +0200 libxfont (1:1.4.7-1) unstable; urgency=high * New upstream release + CVE-2013-6462: unlimited sscanf overflows stack buffer in bdfReadCharacters() * Don't put dbg symbols from the udeb in the dbg package. * dev package is no longer Multi-Arch: same (closes: #720026). * Disable support for connecting to a font server. That code is horrible and full of holes. -- Julien Cristau Tue, 07 Jan 2014 17:51:29 +0100 libxfont (1:1.4.6-1) unstable; urgency=low * New upstream release. * Build for multiarch (closes: #654252). Patch by Riku Voipio, thanks! * Disable silent build rules. -- Julien Cristau Mon, 12 Aug 2013 18:28:57 +0200 libxfont (1:1.4.5-2) unstable; urgency=low * Ease sync for Ubuntu: strip -Bsymbolic-functions from LDFLAGS (LP: #992745). -- Cyril Brulebois Thu, 03 May 2012 19:59:46 +0200 libxfont (1:1.4.5-1) unstable; urgency=low [ Cyril Brulebois ] * New upstream release. * Switch to dh: - Bump debhelper build-dep and compat. - Rewrite debian/rules, using autoreconf and quilt sequences. - Adjust build dependencies accordingly. - Use build-main and build-udeb as build directories. - Adjust .install accordingly. * Remove xsfbs accordingly. * Add support for hardened build flags through dpkg-buildflags, based on a patch by Moritz Muehlenhoff, thanks! (Closes: #654154). [ Julien Cristau ] * Remove David Nusinow from Uploaders. -- Cyril Brulebois Sun, 04 Mar 2012 09:24:59 +0000 libxfont (1:1.4.4-1) unstable; urgency=high [ Julien Cristau ] * Drop Pre-Depends on x11-common (only needed for upgrades from the monolith) and Replaces on xlibs-static-dev (hasn't existed in forever). [ Cyril Brulebois ] * New upstream release: - LZW decompress: fix for CVE-2011-2895. From the commit message: “Specially crafted LZW stream can crash an application using libXfont that is used to open untrusted font files. With X server, this may allow privilege escalation when exploited.” * Set urgency to “high” accordingly. * Update debian/copyright from upstream COPYING. * Bump xorg-sgml-doctools build-dep. * Drop xorg.css from .install, no longer shipped upstream. -- Cyril Brulebois Thu, 11 Aug 2011 11:17:16 +0200 libxfont (1:1.4.3-2) unstable; urgency=low * Upload to unstable. -- Cyril Brulebois Sat, 05 Feb 2011 11:48:49 +0100 libxfont (1:1.4.3-1) experimental; urgency=low * New upstream release. * Bump xutils-dev build-dep for new macros. * Add xmlto, xorg-sgml-doctools, and w3m build-dep for the doc. * Pass --with-xmlto and --without-fop for the regular build (we want html and txt only). Disable both for the udeb build. * Tweak doc filenames, and handle that through dh_install. * Add --fail-missing -XlibXfont.la for the second dh_install call (the udeb one), for additional safety. -- Cyril Brulebois Fri, 19 Nov 2010 01:17:48 +0100 # For older changelog entries, run 'apt-get changelog libxfont1'