Merge fontconfig 2.12.3-0.1 (main) from Debian unstable (main)

Bug #1702544 reported by Amr Ibrahim on 2017-07-05
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
fontconfig (Ubuntu)
Wishlist
Unassigned

Bug Description

Please merge fontconfig 2.12.3-0.1 (main) from Debian unstable (main)

I cannot work on this merge myself. I am reporting this for reference.

Explanation of the Ubuntu delta:
  * SECURITY UPDATE: double free when handling cache files
    - debian/patches/CVE-2016-5384.patch: properly validate offsets in
      cache files in src/fccache.c.
    - CVE-2016-5384
  * New upstream release (LP: #1556457)
    - Fixes blurry fonts regression from previous upload (LP: #1566651)
  * d/p/0001-Revert-Bug-73291-poppler-does-not-show-fl-ligature.patch,
    d/p/0002-demilight.patch:
    - Dropped, applied in new release
  * Bump freetype build dep to 2.5.1 as per configure.ac.
  * Drop gperf build dep again, not necessary any more.
  * debian/control:
    - Add gperf to build dependencies
    - Bump FreeType build dependency version to 2.5.1
  [ Mingye Wang ]
  * debian/patches/0002-demilight.patch:
    - Handle Demilight sensibly (LP: #1556457)
  * Make things depend on ≥ version-of-libfontconfig1-they-were-built-with, so
    that on new releases the library is upgraded before its rdeps. (LP:
    #1540591)
  * debian/source_fontconfig.py:
    - include fontconfig.log in the bug reports to try to get more info
      on some of the xenial upgrade issues
  * 0001-Revert-Bug-73291-poppler-does-not-show-fl-ligature.patch: Now poppler
    is fixed, revert the alias of TeX Gyre Termes to Times. (LP: #1379375)
  * Merge changes from Debian 2.11.0-6.1 and 2.11.0-6.2:
  [ Don Armstrong ]
  * Switch to noawait triggers to allow self-triggering; will still need
    Breaks from dpkg to resolve this (closes: #768599)
  * Add Pre-Depends on dpkg to allow for noawait just in case this gets
    backported to squeeze.
  [ Andreas Barth ]
  * Add dh-autoreconf to support ppc64el. Closes: #748378
  * No change rebuild to get debug symbols on all architectures.
  * Merge from Debian 2.11.0-2:
    - 03_locale_c.utf8.patch: based on a patch from Martin Dickopp. Treat
      C.UTF-8 and C.utf8 locales as built in the C library.
      Closes: #717423.
  * Merge from Debian 2.11.0-2:
    - 03_locale_c.utf8.patch: based on a patch from Martin Dickopp. Treat
      C.UTF-8 and C.utf8 locales as built in the C library.
      Closes: #717423.
  * Make libfontconfig1-dev Multi-Arch: same.
  * New upstream release
  * Pass --enable-static to continue building the static library since the
    default changed in this release.
  * 0001-Bug-73291-poppler-does-not-show-fl-ligature.patch: Drop, applied
    upstream in this release.
  * 0001-Bug-73291-poppler-does-not-show-fl-ligature.patch: Don't alias TeX
    Gyre Termes to Times as it has a broken 'fi' ligature. (LP: #1325230)
  * debian/rules:
    - don't add /usr/X11R6/lib/X11/fonts to the fonts path, that's a
      deprecated location and it leads to polling on the directory,
      which means wakeups and extra power usage (lp: #1266873)
  * Build using dh-autoreconf.
  * Update font dependencies (ttf-dejavu-core -> fonts-dejavu-core and
    ttf-freefont -> fonts-freefont-ttf).
  * New upstream version
  * Refresh debian patches
  * git_obtain_fonts_via_FT-face.patch:
    - dropped, included in the new version
  * debian/patches/series: list the patch from the previous revision...
    (lp: #1177995)
  * New upstream version
  * Refreshed patches
  * debian/patches/git_obtain_fonts_via_FT-face.patch
    - cherrypick patch from git to fix webfonts (LP: #1177995) (Thanks Tim)
  * Remove versioned build dependency on binutils.
  * New upstream version:
    - includes the typo fixes for lp: #1037509
  * Fix fontconfig-config postinst to ignore rmdir failures when removing
    /var/lib/defoma/fontconfig.d/ as some systems have files in there.
    (LP: #1039828)
  * debian/control: build-depends on pkg-config
  * Cherry pick from Debian experimental: Remove defoma support.
    Closes: #651493.
  * Drop 08_ug_us_orth.patch again, as per Eagle Burkut. (Locale was renamed
    to ug_CN@latin).
  * Add 08_ug_us_orth.patch: Add ug_US orthography.
  * Add 00git_ughur_orthography.patch: Complete Uighur orthography. Patch
    taken from upstream git head. (LP: #736413)
  * debian/patches/01_fonts_nanum.patch: Fix typo, thanks Felix Geyer for
    spotting!
  * debian/patches/01_fonts_nanum.patch
    - Restore Baekmuk fonts because it's still in precise repository
    - Remove UnBatang, Baekmuk Batang from monospace because these are serif
      fonts.
  * debian/patches/01_fonts_nanum.patch:
    Changes due to Korean migration to fonts-nanum (LP: #792471).
  * Remove /usr/share/doc/$pkg in preinst if it's a symlink for packages
    fontconfig, fontconfig-config, libfontconfig1-dev and libfontconfig1-dbg;
    fixes upgrades from older borken packages; LP: #828014. This can be
    dropped after oneiric, as noted in the preinst snippets.
  * Restore Debian delta, mistakenly dropped in the previous sync
    (LP: #804249):
    - fix buildd bustage by ignoring errors in postinst and prerm (taken
      from debian NMU by Riku Voipio <email address hidden>)
      - add debian/fontconfig.prerm
      - update debian/fontconfig.postinst
    - debian/fontconfig-config.postinst: drop debconf transition;
      we remove conf.d links for hinting, subpixel and bitmap configs
      and stop looking at debconf, excluding 70-no-bitmaps.conf.
    - debian/fontconfig-config.postinst: also exclude 70-no-bitmaps.conf
      from "drop debconf transition" to ensure that it doesn't get removed
      automatically
      - keep adding it in CONF_FILES through 07_no_bitmaps.patch as well.
    - debian/patches/00_old_diff_gz.patch:
      - add MgOpen Moderna family to 40-nonlatin.conf
      - reorder Bitstream Vera and DejaVu families in 60-latin.conf
    - debian/patches/00_old_diff_gz.patch,
      debian/patches/04_ubuntu_monospace_lcd_filter_conf.patch,
      debian/patches/05_ubuntu_add_hinting_and_antialiasing_confs.patch:
      - add extra config files:
        - antialias and hinting.
        - 52-languageselector.conf
        - 53-monospace-lcd-filter.conf
    - debian/patches/05_lcdfilterlegacy.patch: Recognize const value
      "lcdfilterlegacy", introduced before upstream did introduce "lcdlegacy"
    - debian/patches/06_ubuntu_lcddefault.patch: set lcddefault as default
    - drop debian/fontconfig-config.templates, debian/fontconfig-config.config,
      and associtated po files.
    - purge debconf database when upgrading from previous versions.

Changelog entries since current artful version 2.11.94-0ubuntu2:

fontconfig (2.12.3-0.1) unstable; urgency=medium

  * Non-maintainer upload.
  * New upstream release
    - Do not FTBFS if docbook-utils is installed (Closes: #862483)
    - Drop debian/patches/01_path_max.patch, merged upstream
    - Refresh debian/patches/06_cross.patch
  * debian/watch: Switch to .bz2 tarballs
  * debian/control: Bump Standards-Version to 4.0.0 (no further changes)

 -- Laurent Bigonville <email address hidden> Thu, 22 Jun 2017 09:53:55 +0200

fontconfig (2.12.1-0.1) experimental; urgency=medium

  * Non-maintainer upload.
  * New upstream release (Closes: #816045)
    - d/p/01_path_max.patch, d/p/06_cross.patch: Refreshed
    - Drop patches/05_doc_files.patch, the tarball already contains the
      pre-generated documentation
    - Drop d/p/07_CVE-2016-5384-Properly-validate-offsets-in-cache-files.patch:
      Applied upstream
  * Drop -dbg package and rely on the -dbgsym ones, bump debhelper dependency
    to be sure that dh_stip has --dbgsym-migration flag
  * debian/rules: Pass --enable-static flag to also build the static library
  * Updated debconf questions translations: debian/po/tr.po, debian/po/it.po
    and debian/po/pt_BR.po (Closes: #756715, 760203, 799416)
  * debian/control: Remove duplicate Section fields to please lintian
  * Adjust several lintian-overrides files
  * debian/fontconfig-config.postrm: Do not hardcode ucf path

 -- Laurent Bigonville <email address hidden> Sun, 12 Mar 2017 20:42:18 +0100

CVE References

Jeremy Bicha (jbicha) wrote :

I am unsubscribing ubuntu-sponsors since there is nothing ready to be sponsored here.

Jeremy Bicha (jbicha) on 2017-10-28
tags: added: bionic upgrade-software-version
Changed in fontconfig (Ubuntu):
importance: Undecided → Wishlist
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (8.4 KiB)

This bug was fixed in the package fontconfig - 2.12.6-0ubuntu1

---------------
fontconfig (2.12.6-0ubuntu1) bionic; urgency=medium

  * Merge with Debian (LP: #1638959, LP: #1702544). Remaining changes:
    - debian/source_fontconfig.py, debian/fontconfig.install:
      + Install apport hook
    - Add 03_prefer_dejavu.patch:
      + Prefer DejaVu to Bitstream Vera
    - Add 04_ubuntu_monospace_lcd_filter_conf.patch:
      + Use legacy lcdfilter with smaller monospace fonts
    - Add 05_ubuntu_add_antialiasing_confs.patch:
      + Add config file for antialiasing
    - Add 05_lcdfilterlegacy.patch: Recognize const value "lcdfilterlegacy",
      used in Ubuntu before upstream introduced "lcdlegacy"
    - Add 07_no_bitmaps.patch:
      + Install 70-no-bitmaps.conf
    - Drop debian/fontconfig.NEWS, debian/fontconfig-config.templates,
      debian/fontconfig-config.config, and associatedpo files.
      Modify debian/rules, debian/fontconfig-config.postinst,
      debian/fontconfig-config.postrm, and debian/README.Debian.
      + Don't provide debconf prompts
    - Modify debian/rules, debian/fontconfig-config.install,
      debian/fontconfig-config.links, debian/fontconfig-config.postrm,
      and debian/fontconfig-udeb.install:
      + Delay doing the transition from /etc to /usr
  * New upstream release
  * Refresh patches
  * Update Ubuntu patches to use mode="append" and target="pattern"
    (LP: #1192175)
  * Drop patches applied in new release:
    - 01_fonts_nanum.patch
    - 03_locale_c.utf8.patch
    - 06_cross.patch
    - CVE-2016-5384.patch

fontconfig (2.12.3-1) unstable; urgency=low

  * Rebuild current bits as maintainer upload
  * Add dependency on python2.7, python-lxml, python-six
  * Add dependency on docbook, docbook-utils, texlive-formats-extra
  * Set FREETYPE_PROPERTIES=truetype:interpreter-version=35 iff
    selected hintstyle is hintfull. This produces fully hinted glyphs
    with current FreeType bits.

fontconfig (2.12.3-0.2) unstable; urgency=medium

  * Non-maintainer upload.
  * Add a NEWS file to describe the change in the default hinting style. Also
    add a debconf question to allow the administrator to change it (Closes:
    #866950)

fontconfig (2.12.3-0.1) unstable; urgency=medium

  * Non-maintainer upload.
  * New upstream release
    - Do not FTBFS if docbook-utils is installed (Closes: #862483)
    - Drop debian/patches/01_path_max.patch, merged upstream
    - Refresh debian/patches/06_cross.patch
  * debian/watch: Switch to .bz2 tarballs
  * debian/control: Bump Standards-Version to 4.0.0 (no further changes)

fontconfig (2.12.1-0.1) experimental; urgency=medium

  * Non-maintainer upload.
  * New upstream release (Closes: #816045)
    - d/p/01_path_max.patch, d/p/06_cross.patch: Refreshed
    - Drop patches/05_doc_files.patch, the tarball already contains the
      pre-generated documentation
    - Drop d/p/07_CVE-2016-5384-Properly-validate-offsets-in-cache-files.patch:
      Applied upstream
  * Drop -dbg package and rely on the -dbgsym ones, bump debhelper dependency
    to be sure that dh_stip has --dbgsym-migration flag
  * debian/rules: Pass --enable-static flag to also build the static library
  *...

Read more...

Changed in fontconfig (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers