This bug was fixed in the package fontconfig - 2.12.6-0ubuntu1
---------------
fontconfig (2.12.6-0ubuntu1) bionic; urgency=medium
* Merge with Debian (LP: #1638959, LP: #1702544). Remaining changes:
- debian/source_fontconfig.py, debian/fontconfig.install:
+ Install apport hook
- Add 03_prefer_dejavu.patch:
+ Prefer DejaVu to Bitstream Vera
- Add 04_ubuntu_monospace_lcd_filter_conf.patch:
+ Use legacy lcdfilter with smaller monospace fonts
- Add 05_ubuntu_add_antialiasing_confs.patch:
+ Add config file for antialiasing
- Add 05_lcdfilterlegacy.patch: Recognize const value "lcdfilterlegacy",
used in Ubuntu before upstream introduced "lcdlegacy"
- Add 07_no_bitmaps.patch:
+ Install 70-no-bitmaps.conf
- Drop debian/fontconfig.NEWS, debian/fontconfig-config.templates,
debian/fontconfig-config.config, and associatedpo files.
Modify debian/rules, debian/fontconfig-config.postinst,
debian/fontconfig-config.postrm, and debian/README.Debian.
+ Don't provide debconf prompts
- Modify debian/rules, debian/fontconfig-config.install,
debian/fontconfig-config.links, debian/fontconfig-config.postrm,
and debian/fontconfig-udeb.install:
+ Delay doing the transition from /etc to /usr
* New upstream release
* Refresh patches
* Update Ubuntu patches to use mode="append" and target="pattern"
(LP: #1192175)
* Drop patches applied in new release:
- 01_fonts_nanum.patch
- 03_locale_c.utf8.patch
- 06_cross.patch
- CVE-2016-5384.patch
fontconfig (2.12.3-1) unstable; urgency=low
* Rebuild current bits as maintainer upload
* Add dependency on python2.7, python-lxml, python-six
* Add dependency on docbook, docbook-utils, texlive-formats-extra
* Set FREETYPE_PROPERTIES=truetype:interpreter-version=35 iff
selected hintstyle is hintfull. This produces fully hinted glyphs
with current FreeType bits.
fontconfig (2.12.3-0.2) unstable; urgency=medium
* Non-maintainer upload.
* Add a NEWS file to describe the change in the default hinting style. Also
add a debconf question to allow the administrator to change it (Closes:
#866950)
fontconfig (2.12.3-0.1) unstable; urgency=medium
* Non-maintainer upload.
* New upstream release
- Do not FTBFS if docbook-utils is installed (Closes: #862483)
- Drop debian/patches/01_path_max.patch, merged upstream
- Refresh debian/patches/06_cross.patch
* debian/watch: Switch to .bz2 tarballs
* debian/control: Bump Standards-Version to 4.0.0 (no further changes)
fontconfig (2.12.1-0.1) experimental; urgency=medium
* Non-maintainer upload.
* New upstream release (Closes: #816045)
- d/p/01_path_max.patch, d/p/06_cross.patch: Refreshed
- Drop patches/05_doc_files.patch, the tarball already contains the
pre-generated documentation
- Drop d/p/07_CVE-2016-5384-Properly-validate-offsets-in-cache-files.patch:
Applied upstream
* Drop -dbg package and rely on the -dbgsym ones, bump debhelper dependency
to be sure that dh_stip has --dbgsym-migration flag
* debian/rules: Pass --enable-static flag to also build the static library
* Updated debconf questions translations: debian/po/tr.po, debian/po/it.po
and debian/po/pt_BR.po (Closes: #756715, 760203, 799416)
* debian/control: Remove duplicate Section fields to please lintian
* Adjust several lintian-overrides files
* debian/fontconfig-config.postrm: Do not hardcode ucf path
fontconfig (2.11.0-6.7) unstable; urgency=medium
* Non-maintainer upload.
* Modifiy /etc/fontconfig/fonts.conf to ignore *.dpkg-new files.
(Closes: #835142)
fontconfig (2.11.0-6.6) unstable; urgency=medium
* Non-maintainer upload.
* Modifiy /etc/fontconfig/fonts.conf to ignore *.dpkg-tmp files.
(Closes: #828037)
fontconfig (2.11.0-6.5) unstable; urgency=high
* Non-maintainer upload.
* CVE-2016-5384: Possible double free due to insufficiently validated cache
files (Closes: #833570)
fontconfig (2.11.0-6.4) unstable; urgency=medium
* Non-maintainer upload.
* Drop versioned Build-Depends: binutils which is satisfied even in
oldstable (Closes: #779460).
* Compile build-tool edit-sgml with CC_FOR_BUILD. (Closes: #779461)
fontconfig (2.11.0-6.3) unstable; urgency=medium
* Non-maintainer upload.
* Modify fontconfig-config.postinst to not touch the symlinks unless it's
a first install or a reconfigure was issued (Closes: #758973).
fontconfig (2.11.0-6.2) unstable; urgency=medium
* Non-maintainer upload to delayed
* Switch to noawait triggers to allow self-triggering; will still need
Breaks from dpkg to resolve this (closes: #768599)
* Add Pre-Depends on dpkg to allow for noawait just in case this gets
backported to squeeze.
fontconfig (2.11.0-6.1) unstable; urgency=low
* Non-maintainer upload to delayed.
* Add dh-autoreconf to support ppc64el. Closes: #748378
fontconfig (2.11.0-6) unstable; urgency=medium
[ Keith Packard ]
* Fix misplaced 11-lcdfilter-default.conf. Closes: #731724.
* Remove spurious /etc/fonts.conf.d.
[ Josselin Mouette ]
* Add conf.avail directory to the udeb. Closes: #739011.
* Use xz compression for the “upstream” tarball.
fontconfig (2.11.0-5) unstable; urgency=medium
* Add documentation about how to build stuff
* Add patch including documentation. Closes #739743.
* Let dpkg remove /etc/fonts/conf.d. Closes: #739785.
fontconfig (2.11.0-4) unstable; urgency=medium
* Remove spurious files from fontconfig-config package
fontconfig (2.11.0-3) unstable; urgency=low
* Regenerate files as needed for build from upstream git repository
* Add debian/gbp.conf to control git-buildpackage
* Remove links made in /etc/fonts/conf.d and debconf entries. Closes #730361.
fontconfig (2.11.0-2) unstable; urgency=low
* fontconfig-config.postrm: be less aggressive in removing fonts.d.
Closes: #728598.
* Break xpdf (<= 3.03-11). Closes: #728444.
* 01_path_max.patch: patch from Samuel Thibault to stop requiring
PATH_MAX. Closes: #729189.
* fontconfig-config.links: enable lcdfilter by default.
Closes: #638262, #605574.
* 02_indic_names.patch: patch from Vasudev Kamath to fix Indic font
family names. Closes: #661245.
* Mark libfontconfig1-dev as multi-arch: same. Closes: #677885.
* 03_locale_c.utf8.patch: based on a patch from Martin Dickopp. Treat
C.UTF-8 and C.utf8 locales as built in the C library.
Closes: #717423.
* Update font packages names. Closes: #712682.
* Enable fonts-liberation as an alternative. Closes: #663553.
* Also drop alternate dependency on gsfonts-x11.
* 04_mgopen_fonts.patch: new patch. Add more MgOpen fonts to default
sans typefaces. Closes: #400767.
* ja.po: updated. Closes: #695078.
fontconfig (2.11.0-1) unstable; urgency=low
* New upstream release.
* fontconfig-config.preinst: removed, not needed anymore.
* Add build-dependency on gperf.
* Bump shlibs.
* 01_conf.d_README.patch: dropped, obsolete.
fontconfig (2.10.2-2) unstable; urgency=low
* 01_conf.d_README.patch: new patch. Document the two locations for
conf.avail files.
* fontconfig-config.postrm: don’t remove conf.avail on uninstall.
Closes: #714164.
* fontconfig-config.postinst: remove the symlink of the old
conf.avail. Closes: #714157.
* fontconfig-config.preinst: add a cleanup script for the broken
2.10.2-1 version.
fontconfig (2.10.2-1) unstable; urgency=low
* New upstream release.
* Bump shlibs to 2.10.
* Wrap build-dependencies.
* architecture-with-small-double-align: dropped, merged upstream.
* Add missing build-dependency on pkg-config.
* fontconfig-config.maintscripts: remove obsolete conffiles.
* Remove obsolete maintainer scripts.
* Replace the old conf.avail directory by a symbolic link.
* Update installation listings.
fontconfig (2.9.0-7.1) unstable; urgency=low
* Non-maintainer upload.
* Update README.Debian with respect to enabling bitmapped fonts: just
removing the no-bitmaps.conf symlink is not enough, the corresponding
symlink for yes-bitmaps.conf needs to be added too.
Thanks to Andreas Metzler <ametz...@debian.org> for the patch.
Closes: #684923.
fontconfig (2.9.0-7) unstable; urgency=low
* Don't clean ancient cache files on new install. Closes: #636173.
* Update Czech translation. Closes: #681700.
* Update Spanish translation. Closes: #681766.
* Add Polish translation. Closes: #682577.
-- Jeremy Bicha <jbi...@ubuntu.com> Sat, 28 Oct 2017 13:14:27 -0400
** Changed in: fontconfig (Ubuntu)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-5384
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to fontconfig in Ubuntu.
https://bugs.launchpad.net/bugs/1702544
Title:
Merge fontconfig 2.12.3-0.1 (main) from Debian unstable (main)
Status in fontconfig package in Ubuntu:
Fix Released
Bug description:
Please merge fontconfig 2.12.3-0.1 (main) from Debian unstable (main)
I cannot work on this merge myself. I am reporting this for reference.
Explanation of the Ubuntu delta:
* SECURITY UPDATE: double free when handling cache files
- debian/patches/CVE-2016-5384.patch: properly validate offsets in
cache files in src/fccache.c.
- CVE-2016-5384
* New upstream release (LP: #1556457)
- Fixes blurry fonts regression from previous upload (LP: #1566651)
* d/p/0001-Revert-Bug-73291-poppler-does-not-show-fl-ligature.patch,
d/p/0002-demilight.patch:
- Dropped, applied in new release
* Bump freetype build dep to 2.5.1 as per configure.ac.
* Drop gperf build dep again, not necessary any more.
* debian/control:
- Add gperf to build dependencies
- Bump FreeType build dependency version to 2.5.1
[ Mingye Wang ]
* debian/patches/0002-demilight.patch:
- Handle Demilight sensibly (LP: #1556457)
* Make things depend on ≥ version-of-libfontconfig1-they-were-built-with, so
that on new releases the library is upgraded before its rdeps. (LP:
#1540591)
* debian/source_fontconfig.py:
- include fontconfig.log in the bug reports to try to get more info
on some of the xenial upgrade issues
* 0001-Revert-Bug-73291-poppler-does-not-show-fl-ligature.patch: Now poppler
is fixed, revert the alias of TeX Gyre Termes to Times. (LP: #1379375)
* Merge changes from Debian 2.11.0-6.1 and 2.11.0-6.2:
[ Don Armstrong ]
* Switch to noawait triggers to allow self-triggering; will still need
Breaks from dpkg to resolve this (closes: #768599)
* Add Pre-Depends on dpkg to allow for noawait just in case this gets
backported to squeeze.
[ Andreas Barth ]
* Add dh-autoreconf to support ppc64el. Closes: #748378
* No change rebuild to get debug symbols on all architectures.
* Merge from Debian 2.11.0-2:
- 03_locale_c.utf8.patch: based on a patch from Martin Dickopp. Treat
C.UTF-8 and C.utf8 locales as built in the C library.
Closes: #717423.
* Merge from Debian 2.11.0-2:
- 03_locale_c.utf8.patch: based on a patch from Martin Dickopp. Treat
C.UTF-8 and C.utf8 locales as built in the C library.
Closes: #717423.
* Make libfontconfig1-dev Multi-Arch: same.
* New upstream release
* Pass --enable-static to continue building the static library since the
default changed in this release.
* 0001-Bug-73291-poppler-does-not-show-fl-ligature.patch: Drop, applied
upstream in this release.
* 0001-Bug-73291-poppler-does-not-show-fl-ligature.patch: Don't alias TeX
Gyre Termes to Times as it has a broken 'fi' ligature. (LP: #1325230)
* debian/rules:
- don't add /usr/X11R6/lib/X11/fonts to the fonts path, that's a
deprecated location and it leads to polling on the directory,
which means wakeups and extra power usage (lp: #1266873)
* Build using dh-autoreconf.
* Update font dependencies (ttf-dejavu-core -> fonts-dejavu-core and
ttf-freefont -> fonts-freefont-ttf).
* New upstream version
* Refresh debian patches
* git_obtain_fonts_via_FT-face.patch:
- dropped, included in the new version
* debian/patches/series: list the patch from the previous revision...
(lp: #1177995)
* New upstream version
* Refreshed patches
* debian/patches/git_obtain_fonts_via_FT-face.patch
- cherrypick patch from git to fix webfonts (LP: #1177995) (Thanks Tim)
* Remove versioned build dependency on binutils.
* New upstream version:
- includes the typo fixes for lp: #1037509
* Fix fontconfig-config postinst to ignore rmdir failures when removing
/var/lib/defoma/fontconfig.d/ as some systems have files in there.
(LP: #1039828)
* debian/control: build-depends on pkg-config
* Cherry pick from Debian experimental: Remove defoma support.
Closes: #651493.
* Drop 08_ug_us_orth.patch again, as per Eagle Burkut. (Locale was renamed
to ug_CN@latin).
* Add 08_ug_us_orth.patch: Add ug_US orthography.
* Add 00git_ughur_orthography.patch: Complete Uighur orthography. Patch
taken from upstream git head. (LP: #736413)
* debian/patches/01_fonts_nanum.patch: Fix typo, thanks Felix Geyer for
spotting!
* debian/patches/01_fonts_nanum.patch
- Restore Baekmuk fonts because it's still in precise repository
- Remove UnBatang, Baekmuk Batang from monospace because these are serif
fonts.
* debian/patches/01_fonts_nanum.patch:
Changes due to Korean migration to fonts-nanum (LP: #792471).
* Remove /usr/share/doc/$pkg in preinst if it's a symlink for packages
fontconfig, fontconfig-config, libfontconfig1-dev and libfontconfig1-dbg;
fixes upgrades from older borken packages; LP: #828014. This can be
dropped after oneiric, as noted in the preinst snippets.
* Restore Debian delta, mistakenly dropped in the previous sync
(LP: #804249):
- fix buildd bustage by ignoring errors in postinst and prerm (taken
from debian NMU by Riku Voipio <riku.voi...@iki.fi>)
- add debian/fontconfig.prerm
- update debian/fontconfig.postinst
- debian/fontconfig-config.postinst: drop debconf transition;
we remove conf.d links for hinting, subpixel and bitmap configs
and stop looking at debconf, excluding 70-no-bitmaps.conf.
- debian/fontconfig-config.postinst: also exclude 70-no-bitmaps.conf
from "drop debconf transition" to ensure that it doesn't get removed
automatically
- keep adding it in CONF_FILES through 07_no_bitmaps.patch as well.
- debian/patches/00_old_diff_gz.patch:
- add MgOpen Moderna family to 40-nonlatin.conf
- reorder Bitstream Vera and DejaVu families in 60-latin.conf
- debian/patches/00_old_diff_gz.patch,
debian/patches/04_ubuntu_monospace_lcd_filter_conf.patch,
debian/patches/05_ubuntu_add_hinting_and_antialiasing_confs.patch:
- add extra config files:
- antialias and hinting.
- 52-languageselector.conf
- 53-monospace-lcd-filter.conf
- debian/patches/05_lcdfilterlegacy.patch: Recognize const value
"lcdfilterlegacy", introduced before upstream did introduce "lcdlegacy"
- debian/patches/06_ubuntu_lcddefault.patch: set lcddefault as default
- drop debian/fontconfig-config.templates,
debian/fontconfig-config.config,
and associtated po files.
- purge debconf database when upgrading from previous versions.
Changelog entries since current artful version 2.11.94-0ubuntu2:
fontconfig (2.12.3-0.1) unstable; urgency=medium
* Non-maintainer upload.
* New upstream release
- Do not FTBFS if docbook-utils is installed (Closes: #862483)
- Drop debian/patches/01_path_max.patch, merged upstream
- Refresh debian/patches/06_cross.patch
* debian/watch: Switch to .bz2 tarballs
* debian/control: Bump Standards-Version to 4.0.0 (no further changes)
-- Laurent Bigonville <bi...@debian.org> Thu, 22 Jun 2017 09:53:55
+0200
fontconfig (2.12.1-0.1) experimental; urgency=medium
* Non-maintainer upload.
* New upstream release (Closes: #816045)
- d/p/01_path_max.patch, d/p/06_cross.patch: Refreshed
- Drop patches/05_doc_files.patch, the tarball already contains the
pre-generated documentation
- Drop
d/p/07_CVE-2016-5384-Properly-validate-offsets-in-cache-files.patch:
Applied upstream
* Drop -dbg package and rely on the -dbgsym ones, bump debhelper dependency
to be sure that dh_stip has --dbgsym-migration flag
* debian/rules: Pass --enable-static flag to also build the static library
* Updated debconf questions translations: debian/po/tr.po, debian/po/it.po
and debian/po/pt_BR.po (Closes: #756715, 760203, 799416)
* debian/control: Remove duplicate Section fields to please lintian
* Adjust several lintian-overrides files
* debian/fontconfig-config.postrm: Do not hardcode ucf path
-- Laurent Bigonville <bi...@debian.org> Sun, 12 Mar 2017 20:42:18
+0100
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/fontconfig/+bug/1702544/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
