[Bug 1192175] Re: Use of mode="assign" in default configuration
Launchpad Bug Tracker
1192175 at bugs.launchpad.net
Sun Oct 29 00:47:59 UTC 2017
This bug was fixed in the package fontconfig - 2.12.6-0ubuntu1
---------------
fontconfig (2.12.6-0ubuntu1) bionic; urgency=medium
* Merge with Debian (LP: #1638959, LP: #1702544). Remaining changes:
- debian/source_fontconfig.py, debian/fontconfig.install:
+ Install apport hook
- Add 03_prefer_dejavu.patch:
+ Prefer DejaVu to Bitstream Vera
- Add 04_ubuntu_monospace_lcd_filter_conf.patch:
+ Use legacy lcdfilter with smaller monospace fonts
- Add 05_ubuntu_add_antialiasing_confs.patch:
+ Add config file for antialiasing
- Add 05_lcdfilterlegacy.patch: Recognize const value "lcdfilterlegacy",
used in Ubuntu before upstream introduced "lcdlegacy"
- Add 07_no_bitmaps.patch:
+ Install 70-no-bitmaps.conf
- Drop debian/fontconfig.NEWS, debian/fontconfig-config.templates,
debian/fontconfig-config.config, and associatedpo files.
Modify debian/rules, debian/fontconfig-config.postinst,
debian/fontconfig-config.postrm, and debian/README.Debian.
+ Don't provide debconf prompts
- Modify debian/rules, debian/fontconfig-config.install,
debian/fontconfig-config.links, debian/fontconfig-config.postrm,
and debian/fontconfig-udeb.install:
+ Delay doing the transition from /etc to /usr
* New upstream release
* Refresh patches
* Update Ubuntu patches to use mode="append" and target="pattern"
(LP: #1192175)
* Drop patches applied in new release:
- 01_fonts_nanum.patch
- 03_locale_c.utf8.patch
- 06_cross.patch
- CVE-2016-5384.patch
fontconfig (2.12.3-1) unstable; urgency=low
* Rebuild current bits as maintainer upload
* Add dependency on python2.7, python-lxml, python-six
* Add dependency on docbook, docbook-utils, texlive-formats-extra
* Set FREETYPE_PROPERTIES=truetype:interpreter-version=35 iff
selected hintstyle is hintfull. This produces fully hinted glyphs
with current FreeType bits.
fontconfig (2.12.3-0.2) unstable; urgency=medium
* Non-maintainer upload.
* Add a NEWS file to describe the change in the default hinting style. Also
add a debconf question to allow the administrator to change it (Closes:
#866950)
fontconfig (2.12.3-0.1) unstable; urgency=medium
* Non-maintainer upload.
* New upstream release
- Do not FTBFS if docbook-utils is installed (Closes: #862483)
- Drop debian/patches/01_path_max.patch, merged upstream
- Refresh debian/patches/06_cross.patch
* debian/watch: Switch to .bz2 tarballs
* debian/control: Bump Standards-Version to 4.0.0 (no further changes)
fontconfig (2.12.1-0.1) experimental; urgency=medium
* Non-maintainer upload.
* New upstream release (Closes: #816045)
- d/p/01_path_max.patch, d/p/06_cross.patch: Refreshed
- Drop patches/05_doc_files.patch, the tarball already contains the
pre-generated documentation
- Drop d/p/07_CVE-2016-5384-Properly-validate-offsets-in-cache-files.patch:
Applied upstream
* Drop -dbg package and rely on the -dbgsym ones, bump debhelper dependency
to be sure that dh_stip has --dbgsym-migration flag
* debian/rules: Pass --enable-static flag to also build the static library
* Updated debconf questions translations: debian/po/tr.po, debian/po/it.po
and debian/po/pt_BR.po (Closes: #756715, 760203, 799416)
* debian/control: Remove duplicate Section fields to please lintian
* Adjust several lintian-overrides files
* debian/fontconfig-config.postrm: Do not hardcode ucf path
fontconfig (2.11.0-6.7) unstable; urgency=medium
* Non-maintainer upload.
* Modifiy /etc/fontconfig/fonts.conf to ignore *.dpkg-new files.
(Closes: #835142)
fontconfig (2.11.0-6.6) unstable; urgency=medium
* Non-maintainer upload.
* Modifiy /etc/fontconfig/fonts.conf to ignore *.dpkg-tmp files.
(Closes: #828037)
fontconfig (2.11.0-6.5) unstable; urgency=high
* Non-maintainer upload.
* CVE-2016-5384: Possible double free due to insufficiently validated cache
files (Closes: #833570)
fontconfig (2.11.0-6.4) unstable; urgency=medium
* Non-maintainer upload.
* Drop versioned Build-Depends: binutils which is satisfied even in
oldstable (Closes: #779460).
* Compile build-tool edit-sgml with CC_FOR_BUILD. (Closes: #779461)
fontconfig (2.11.0-6.3) unstable; urgency=medium
* Non-maintainer upload.
* Modify fontconfig-config.postinst to not touch the symlinks unless it's
a first install or a reconfigure was issued (Closes: #758973).
fontconfig (2.11.0-6.2) unstable; urgency=medium
* Non-maintainer upload to delayed
* Switch to noawait triggers to allow self-triggering; will still need
Breaks from dpkg to resolve this (closes: #768599)
* Add Pre-Depends on dpkg to allow for noawait just in case this gets
backported to squeeze.
fontconfig (2.11.0-6.1) unstable; urgency=low
* Non-maintainer upload to delayed.
* Add dh-autoreconf to support ppc64el. Closes: #748378
fontconfig (2.11.0-6) unstable; urgency=medium
[ Keith Packard ]
* Fix misplaced 11-lcdfilter-default.conf. Closes: #731724.
* Remove spurious /etc/fonts.conf.d.
[ Josselin Mouette ]
* Add conf.avail directory to the udeb. Closes: #739011.
* Use xz compression for the “upstream” tarball.
fontconfig (2.11.0-5) unstable; urgency=medium
* Add documentation about how to build stuff
* Add patch including documentation. Closes #739743.
* Let dpkg remove /etc/fonts/conf.d. Closes: #739785.
fontconfig (2.11.0-4) unstable; urgency=medium
* Remove spurious files from fontconfig-config package
fontconfig (2.11.0-3) unstable; urgency=low
* Regenerate files as needed for build from upstream git repository
* Add debian/gbp.conf to control git-buildpackage
* Remove links made in /etc/fonts/conf.d and debconf entries. Closes #730361.
fontconfig (2.11.0-2) unstable; urgency=low
* fontconfig-config.postrm: be less aggressive in removing fonts.d.
Closes: #728598.
* Break xpdf (<= 3.03-11). Closes: #728444.
* 01_path_max.patch: patch from Samuel Thibault to stop requiring
PATH_MAX. Closes: #729189.
* fontconfig-config.links: enable lcdfilter by default.
Closes: #638262, #605574.
* 02_indic_names.patch: patch from Vasudev Kamath to fix Indic font
family names. Closes: #661245.
* Mark libfontconfig1-dev as multi-arch: same. Closes: #677885.
* 03_locale_c.utf8.patch: based on a patch from Martin Dickopp. Treat
C.UTF-8 and C.utf8 locales as built in the C library.
Closes: #717423.
* Update font packages names. Closes: #712682.
* Enable fonts-liberation as an alternative. Closes: #663553.
* Also drop alternate dependency on gsfonts-x11.
* 04_mgopen_fonts.patch: new patch. Add more MgOpen fonts to default
sans typefaces. Closes: #400767.
* ja.po: updated. Closes: #695078.
fontconfig (2.11.0-1) unstable; urgency=low
* New upstream release.
* fontconfig-config.preinst: removed, not needed anymore.
* Add build-dependency on gperf.
* Bump shlibs.
* 01_conf.d_README.patch: dropped, obsolete.
fontconfig (2.10.2-2) unstable; urgency=low
* 01_conf.d_README.patch: new patch. Document the two locations for
conf.avail files.
* fontconfig-config.postrm: don’t remove conf.avail on uninstall.
Closes: #714164.
* fontconfig-config.postinst: remove the symlink of the old
conf.avail. Closes: #714157.
* fontconfig-config.preinst: add a cleanup script for the broken
2.10.2-1 version.
fontconfig (2.10.2-1) unstable; urgency=low
* New upstream release.
* Bump shlibs to 2.10.
* Wrap build-dependencies.
* architecture-with-small-double-align: dropped, merged upstream.
* Add missing build-dependency on pkg-config.
* fontconfig-config.maintscripts: remove obsolete conffiles.
* Remove obsolete maintainer scripts.
* Replace the old conf.avail directory by a symbolic link.
* Update installation listings.
fontconfig (2.9.0-7.1) unstable; urgency=low
* Non-maintainer upload.
* Update README.Debian with respect to enabling bitmapped fonts: just
removing the no-bitmaps.conf symlink is not enough, the corresponding
symlink for yes-bitmaps.conf needs to be added too.
Thanks to Andreas Metzler <ametzler at debian.org> for the patch.
Closes: #684923.
fontconfig (2.9.0-7) unstable; urgency=low
* Don't clean ancient cache files on new install. Closes: #636173.
* Update Czech translation. Closes: #681700.
* Update Spanish translation. Closes: #681766.
* Add Polish translation. Closes: #682577.
-- Jeremy Bicha <jbicha at ubuntu.com> Sat, 28 Oct 2017 13:14:27 -0400
** Changed in: fontconfig (Ubuntu)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-5384
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to fontconfig in Ubuntu.
https://bugs.launchpad.net/bugs/1192175
Title:
Use of mode="assign" in default configuration
Status in fontconfig package in Ubuntu:
Fix Released
Bug description:
The additional .conf files that Ubuntu's patches create in conf.avail/ use mode="assign" to set preferences.
But in this upstream bug report:
https://bugs.freedesktop.org/show_bug.cgi?id=17722
it's said that the default configurations should use mode="append", and the use of "assign" should be limited to user configuration. The original fontconfig .conf files in Ubuntu already use "append", as correction of this bug.
Ubuntu versions that present this bug: all.
fontconfig versions that present this bug: all.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/fontconfig/+bug/1192175/+subscriptions
More information about the foundations-bugs
mailing list