SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for freetype2-debugsource-2.4.4-7.27.1.i586.rpm :
Fri Jan 11 13:00:00 2013 jwAATTsuse.com
- new license string.
- BNC#795826, CVE-2012-5668.patch, CVE-2012-5670.patch already done.
- BNC#795826, CVE-2012-5669.patch
[bdf] Fix Savannah bug #37906.

* src/bdf/bdflib.c (_bdf_parse_glyphs): Use correct array size for
checking `glyph_enc\'.

Mon Mar 26 14:00:00 2012 jwAATTsuse.com
- BNC#750937, BNC#750947 CVE-2012-1126+1127.patch Out-of heap-based buffer read by parsing glyph information and bitmaps for BDF fonts
- BNC#750938 CVE-2012-1139.patch Array index error, leading to out-of stack based buffer read by parsing BDF font glyph information
- BNC#750939 CVE-2012-1136.patch Out-of heap-based buffer write by parsing BDF glyph and bitmaps information with missing ENCODING field (FU#35641)
- BNC#750940 CVE-2012-1133.patch Out-of heap-based buffer write by parsing BDF glyph information and bitmaps (FU#35607)
- BNC#750941 CVE-2012-1138.patch Out-of heap-based buffer read in the TrueType bytecode interpreter by executing the MIRP instruction
- BNC#750942 CVE-2012-1128.patch NULL pointer dereference by moving zone2 pointer point for certain TrueType font
- BNC#750943 CVE-2012-1137.patch Out-of heap-based buffer read by parsing BDF font header
- BNC#750944 CVE-2012-1144.patch Out-of heap-based buffer write in the TrueType bytecode interpreter by moving zone2 pointer point
- BNC#750945 CVE-2012-1134.patch Out-of heap-based buffer write in Type1 font parser by retrieving font\'s private dictionary
- BNC#750946 CVE-2012-1135.patch Out-of heap-based buffer read in TrueType bytecode interpreter by executing NPUSHB and NPUSHW instructions (FU#35640)
- BNC#750947 CVE-2012-1127.patch Out-of heap-based buffer read by parsing glyph information and bitmaps for BDF fonts
- BNC#750948 CVE-2012-1142.patch Out-of heap-based buffer read in TrueType bytecode interpreter by executing NPUSHB and NPUSHW instructions
- BNC#750949 CVE-2012-1143.patch Integer divide by zero by performing arithmetic computations for certain fonts
- BNC#750950 CVE-2012-1132.patch Out-of heap-based buffer read flaw in Type1 font loader by parsing font dictionary entries
- BNC#750951 CVE-2012-1130.patch Out-of heap-based buffer read by loading properties of PCF fonts
- BNC#750952 CVE-2012-1129.patch Out-of heap-based buffer read when parsing certain SFNT strings by Type42 font parser
- BNC#750953 CVE-2012-1131.patch (64-bit specific): Out-of heap-based buffer read by attempt to record current cell into the cell table
- BNC#750954 CVE-2012-1140.patch Out-of heap-based buffer read by conversion of PostScript font objects
- BNC#750955 CVE-2012-1141.patch Out-of heap-based buffer read flaw by conversion of an ASCII string into a signed short integer by processing BDF fonts

Fri Dec 16 13:00:00 2011 meissnerAATTsuse.de
(from evergreen)
- bnc730124_CVE-2011-3256.patch:
FreeType 2 before 2.4.7 allows remote attackers to execute arbitrary
code or cause a denial of service (memory corruption) via a crafted
font. (CVE-2011-3256, bnc#730124)
- bnc730124_CVE-2011-3439.patch:
FreeType allows remote attackers to execute arbitrary code or cause a
denial of service (memory corruption) via a crafted font.
(CVE-2011-3439, bnc#730124)

Thu Jul 21 14:00:00 2011 mlsAATTsuse.de
- added bnc704612_othersubr.diff, CVE-2011-0226, bnc#704612

Tue Dec 7 13:00:00 2010 jwAATTnovell.com
- several old patches got lost, reapplying:

* added bnc641580_CVE-2010-3311.diff for bnc#641580

* bnc633943_CVE-2010-3054 nothing to do.

* bnc633938_CVE-2010-3053 nothing to do.

Mon Dec 6 13:00:00 2010 cristian.rodriguezAATTopensuse.org
- exclude
*.a
*.la files from -devel package

Sat Dec 4 13:00:00 2010 pascal.bleserAATTopensuse.org
- Updated to version 2.4.4:

* [truetype] better multi-threading support

* [truetype] identify the tricky fonts by cvt/fpgm/prep checksums; some Latin TrueType fonts are still expected to be unhinted

* [type1] fix matrix normalization

* [type1] improve guard against malformed data

* [ftsmooth] improve rendering

* [ftraster] fix rendering

Fri Oct 29 14:00:00 2010 fisiuAATTopensuse.org
- Updated to version 2.4.3:
+ Fix rendering of certain cubic, S-shaped arcs. This regression
has been introduced in version 2.4.0.
+ Handling of broken fonts has been further improved.

Thu Aug 12 14:00:00 2010 jwAATTnovell.com
- bnc#628213: added bnc628213_1797.diff
- bnc#629447: CVE-2010-2805..8 are already fixed in upstream 2.4.2
- bnc#619562: CVE-2010-2497,2498,2499,2500,2519,2520 dito.

Mon Aug 9 14:00:00 2010 tiwaiAATTsuse.de
- updated to version 2.4.2:
Another serious bug in the CFF font module has been found,
together with more exploitable vulnerabilities in the T42 font
driver.

Tue Jul 20 14:00:00 2010 tiwaiAATTsuse.de
- updated to version 2.4.1:

* major version up

* bytecode interpreter is enabled as default in the upstream

* doc-reference is redundant, removed

Fri Jun 4 14:00:00 2010 cooloAATTnovell.com
- reenable bitmap foundaries (bnc#596559)

Sat Apr 24 14:00:00 2010 cooloAATTnovell.com
- buildrequire pkg-config to fix provides

Tue Apr 6 14:00:00 2010 ajAATTsuse.de
- Adjust baselibs.conf for changes

Tue Apr 6 14:00:00 2010 cooloAATTnovell.com
- fix obsoletes/provides

Mon Apr 5 14:00:00 2010 cooloAATTnovell.com
- leave freetype2 behind and only go with shared library package

Sun Apr 4 14:00:00 2010 ajAATTsuse.de
- Fix baselibs.conf for renamed libs

Wed Mar 31 14:00:00 2010 cooloAATTnovell.com
- update to version 2.3.12:
brings considerable improvements for b/w rasterizing of hinted
TrueType fonts at small sizes, see NEWS for more details
- fixed build without sysvinit in the build system
- disable no longer compiling patch that should be upstream or dead
- split out shared library policy package
- remove old patches

Mon Dec 14 13:00:00 2009 jengelhAATTmedozas.de
- add baselibs.conf as a source

Fri Nov 6 13:00:00 2009 tiwaiAATTsuse.de
- make -std=gnu99 cfalgs to be ARM-specific

Tue Nov 3 13:00:00 2009 cooloAATTnovell.com
- updated patches to apply with fuzz=0

Sun Aug 2 14:00:00 2009 jansimon.moellerAATTopensuse.org
- ARM build needs -std=gnu99 in CFLAGS

Mon Jul 27 14:00:00 2009 tiwaiAATTsuse.de
- updated to version 2.3.8:

* see URLs below
http://www.freetype.org/index2.html#release-freetype-2.3.8
http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=653641
- updated to version 2.3.9:

* see URLs below
http://www.freetype.org/index2.html#release-freetype-2.3.9
http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=667610
- fix builds with older distros

Tue Jul 7 14:00:00 2009 meissnerAATTnovell.com
- require zlib-devel- from freetype2-devel-
bnc#519192

Thu Apr 16 14:00:00 2009 nadvornikAATTsuse.cz
- fixed integer overflows [bnc#485889] CVE-2009-0946

Mon Mar 9 13:00:00 2009 crrodriguezAATTsuse.de
- freetype2 has subpixel rendering enabled [bnc#478407]


  
ICM