Please merge freetype 2.6.3-3 from Debian testing

Bug #1521299 reported by Nikolaus Waxweiler on 2015-11-30
38
This bug affects 6 people
Affects Status Importance Assigned to Milestone
freetype (Debian)
Fix Released
Unknown
freetype (Ubuntu)
Wishlist
Unassigned

Bug Description

Please update the package to 2.6.3. There's quite a bit of interesting new features and stability fixes via fuzzing since 2.5.x.

Have a look at www.freetype.org -> "More on the 2.6.2 release for users and developers".
-------------------------------------------------------------------------

freetype (2.6.3-3) unstable; urgency=medium

  * Install the now-available-upstream manpages for freetype-demos.
    Closes: #131137.
  * Register all of the HTML documentation with doc-base. Closes: #451660.
  * Suppress lintian warning about symbols file declaring dependency on
    other package, which is entirely by design.

 -- Steve Langasek <email address hidden> Tue, 01 Mar 2016 06:43:44 +0000

freetype (2.6.3-2) unstable; urgency=medium

  * Adjust symbols file to actually produce invalid dependencies when
    internal symbols are used, as intended.

 -- Steve Langasek <email address hidden> Tue, 01 Mar 2016 03:29:18 +0000

freetype (2.6.3-1) unstable; urgency=medium

  * New upstream release. Closes: #812518, LP: #1521299
    - stem darkening now disabled by default. Closes: #801370.
  * Avoid marking private symbols as supported from 2.6.1 on. Apparently
    dpkg-gensymbols doesn't do what I expected for this kind of declaration
    anyway, but we should at least avoid marking them wrong in the source.
  * Update to Standards-Version 3.9.7.

 -- Steve Langasek <email address hidden> Tue, 01 Mar 2016 00:04:14 +0000

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in freetype (Ubuntu):
status: New → Confirmed
Adolfo Jayme (fitojb) on 2016-01-20
tags: added: upgrade-software-version
Changed in freetype (Ubuntu):
status: Confirmed → Triaged
importance: Undecided → Wishlist

Bump for 2.6.3 :)

summary: - Update to 2.6.2
+ Update to 2.6.3
description: updated
Changed in freetype (Debian):
status: Unknown → New
Bungeman (bungeman) wrote :

I would argue this is more than just "wishlist". In FreeType 2.6 an actual thread safety model was introduced making FreeType no longer thread antagonistic. Also, between 2.6 and 2.6.2 FreeType was heavily fuzzed which resulted in a number of fixes, some of which may be of security interest but because they were not found as vulnerabilities they will probably never end up with CVE numbers. If Xenial ships with FreeType 2.5.2, I have no doubt that it will have already known but unpatched security issues for its entire life.

Changed in freetype (Debian):
status: New → Fix Released
tags: added: xenial
summary: - Update to 2.6.3
+ Please merge freetype 2.6.3-3 from Debian testing
description: updated
Steve Langasek (vorlon) wrote :

I agree that it appears 2.6.3 would be preferable due to the fuzzing fixes. However, as freetype has a history of introducing behavior regressions on a fairly regular basis, this is not a straightforward change to make during feature freeze because it's not easy to regression-test. I don't believe I am in a position to drive this for 16.04.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package freetype - 2.6.3-3ubuntu1

---------------
freetype (2.6.3-3ubuntu1) yakkety; urgency=medium

  * Merge with Debian; remaining changes:
    - Make libfreetype6-dev M-A: same.
    - Error out on the use of the freetype-config --libtool option.
    - Don't add multiarch libdirs for freetype-config --libs.
    - Install the freetype2/freetype/config headers into the multiarch
      include path and provide symlinks in /usr/include.
    - debian/patches/0001-Revert-pcf-Signedness-fixes.patch: revert signedness
      fixes in pcf which break grub-mkfont (limits glyphs to 32768, which drops
      most zh_CN glyphs and probably others). (LP: #1559933)

freetype (2.6.3-3) unstable; urgency=medium

  * Install the now-available-upstream manpages for freetype-demos.
    Closes: #131137.
  * Register all of the HTML documentation with doc-base. Closes: #451660.
  * Suppress lintian warning about symbols file declaring dependency on
    other package, which is entirely by design.

freetype (2.6.3-2) unstable; urgency=medium

  * Adjust symbols file to actually produce invalid dependencies when
    internal symbols are used, as intended.

freetype (2.6.3-1) unstable; urgency=medium

  * New upstream release. Closes: #812518, LP: #1521299
    - stem darkening now disabled by default. Closes: #801370.
  * Avoid marking private symbols as supported from 2.6.1 on. Apparently
    dpkg-gensymbols doesn't do what I expected for this kind of declaration
    anyway, but we should at least avoid marking them wrong in the source.
  * Update to Standards-Version 3.9.7.

 -- Matthias Klose <email address hidden> Wed, 27 Apr 2016 09:35:06 +0200

Changed in freetype (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.