-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 24 Sep 2017 13:21:28 +0200 Source: fontforge Binary: fontforge fontforge-nox fontforge-common libfontforge-dev libfontforge2 libgdraw5 python-fontforge fontforge-dbg fontforge-doc Architecture: source all amd64 Version: 1:20170731~dfsg-1 Distribution: unstable Urgency: high Maintainer: Debian Fonts Task Force <pkg-fonts-devel@lists.alioth.debian.org> Changed-By: Jonas Smedegaard <dr@jones.dk> Description: fontforge - font editor fontforge-common - font editor (common files) fontforge-dbg - debugging symbols for fontforge fontforge-doc - documentation for fontforge fontforge-nox - font editor - non-X version libfontforge-dev - font editor - runtime library (development files) libfontforge2 - font editor - runtime library libgdraw5 - font editor - runtime graphics and widget library python-fontforge - font editor - Python bindings Closes: 853040 855710 865601 869614 Changes: fontforge (1:20170731~dfsg-1) unstable; urgency=high . [upstream] * New release with number of adjustments and fixes. + Fixes multiple CVE's listed below. CVE-2017-11577, CVE-2017-11576, CVE-2017-11575, CVE-2017-11574, CVE-2017-11572, CVE-2017-11571, CVE-2017-11569, CVE-2017-11568. Closes: bug#869614. Thanks to Salvatore Bonaccorso. . [ Vasudev Kamath ] * Add fontforge-doc package to fontforge source. Closes: bug#855710, bug#853040. Thanks to Hideki Yamane. * Simplify d-shlibs handling. Tighten to build-depend on recent d-hlibs. * debian/patches: + Drop patch 1001, merged upstream. + Refresh patch 2002 with new upstream files. + Add patch 2003 for removing SourceForge logo from documentation. * Update libfontforge2.symbols file for new release. There a lot of refactoring done by upstream without bumping major version. * Drop unused lintian-override from debian/source/lintian-override. * Drop wild card debian-old/* from debian/copyright. It is no longer available in upstream source. * Do not disable PIE. Closes: bug#865601. Thanks to Adrian Bunk. . [ Jonas Smedegaard ] * Add myself as uploader. * Update watch file: Use substitution strings. * Drop superfluous dh_installdirs hint files. * Advertise DEP-3 format in patch headers. * Tighten lintian overrides regarding License-Reference. * Tighten lintian overrides regarding long code lines. * Add lintian override for obsolete-url-in-packaging false positive. * Drop obsolete maintainer script make-clean-tarball. * Avoid mentioning Debian in doc-base title. * Update homepage. * Modernize Vcs-* fields: + Consistently use git (not cgit) in path. + Consistently include .git suffix in path. * Update copyright info: + Extend coverage for myself. Relince packaging to GPL-3+. + Merge same-licensed Files sections. + List graphicore code, licensed as BSD-2-clause. + Fix drop duplicate entries. + Fix list fontforge/fvimportbdf.c (same as gdraw/fontP.h) as licensed BSD-3-clause and X11~TOG (not BSD-3-clause). + Fix list files licensed BSD-3-clause in initial wildcard section. + Fix list files by a non-main copyright holder licensed GPL-3+. + Fix list files by a non-main copyright holders licensed GPL-3+ with font exception. + Fix list font files. + Fix list files licensed GPL-2+. + Fix add License section for LGPL-2.1+. + Exclude non-DFSG free fonts from repackaged tarball. * Update package relations: + Stop conflict with defoma: Dropped before oldstable. * Drop breaks+replaces unneeded since oldstable. * Generalize and extend patch 2003 to cover more potential breaches. Checksums-Sha1: 0833eded6a7250e299537e50f9bd53ea1ae10f1a 3122 fontforge_20170731~dfsg-1.dsc 2062bafa78013d87509cebffc8b412b4a6786f72 17896802 fontforge_20170731~dfsg.orig.tar.gz 03c6d7d87457853c3aefb9cab3b7e0eed350482b 54400 fontforge_20170731~dfsg-1.debian.tar.xz c76f687470083b657671c982d909dda8b869287a 1379266 fontforge-common_20170731~dfsg-1_all.deb 9efd21e0444e89746c398960bd78b9bd1744854f 9366850 fontforge-dbg_20170731~dfsg-1_amd64.deb 3e9d1f01f91bb674bb127f9e743e32108d9d1133 3412718 fontforge-doc_20170731~dfsg-1_all.deb 8bef8064867a83f7559b538bdf0b717f7da48a7b 37678 fontforge-nox_20170731~dfsg-1_amd64.deb 249225ac9547941433758aad4a20ae6396f404a8 12597 fontforge_20170731~dfsg-1_amd64.buildinfo 19b6bef4d5f639207c21562d0cf2b25ab08933b9 38120 fontforge_20170731~dfsg-1_amd64.deb da89cac616e097d5dc8b358fb295c4d428b06db3 2141806 libfontforge-dev_20170731~dfsg-1_amd64.deb b0d9fb8396f975762bfdfeb7b7a79bf85dadae13 1949526 libfontforge2_20170731~dfsg-1_amd64.deb 47f497afc8f38bec09f84eed05fc2494bacd30f8 1312312 libgdraw5_20170731~dfsg-1_amd64.deb 6592aaae31e42eb93c10883aec399f67ffdd6e7f 41062 python-fontforge_20170731~dfsg-1_amd64.deb Checksums-Sha256: e870c8db1e5b4243e68c6aa211da90fef59c49b2ba17390365b8d866bf710ccc 3122 fontforge_20170731~dfsg-1.dsc 642dd957a7e36d68e37c8be9f849a2b2ec2f9e831103d1458660a165fe3e4ae7 17896802 fontforge_20170731~dfsg.orig.tar.gz 10a5979ebe83de1ad8383f352343212c7d1ec6850343ac9e39864565f5a3cd41 54400 fontforge_20170731~dfsg-1.debian.tar.xz 109f77b83db3a2919951348bf0eb975a49a7c17fc2966cb649e7544c92316b15 1379266 fontforge-common_20170731~dfsg-1_all.deb 43077963bf15bc48854b8abb54f3a985f781919355a1765bf5b4ed84d277530d 9366850 fontforge-dbg_20170731~dfsg-1_amd64.deb b0c3b0c0c7adfe0c89591ee87df89b4c9ea92dc87e768e8d11fd2c0c1692dd5e 3412718 fontforge-doc_20170731~dfsg-1_all.deb edc4000f378bd5d85c11f7a9d87ef41e9bb7ef9fd0596a38927412d8bb758f61 37678 fontforge-nox_20170731~dfsg-1_amd64.deb ea8f0b90e4cdfd5884870ea3d95dd87e481bc2daed768f8be42b0a7c8db85868 12597 fontforge_20170731~dfsg-1_amd64.buildinfo 6d4c130a083bd5bc59925f0a423bd50090d6880313964ad67a388a3718d1e495 38120 fontforge_20170731~dfsg-1_amd64.deb f127e8fa8bffbaabf70a76fc8318755b08d3a96e09ad67763444f557bc708be9 2141806 libfontforge-dev_20170731~dfsg-1_amd64.deb 557720d3d1df336e5e5f8cd538f54b003a633d909cb65dfab24da5d186f7866c 1949526 libfontforge2_20170731~dfsg-1_amd64.deb f5d19fe4feef3adeac9f04b6124e05173639ebd08a81b779343f540b9aaeb951 1312312 libgdraw5_20170731~dfsg-1_amd64.deb e57529737c78736bc66b09792cf68ff95e46cb64c17ec1a85948de2b9ce43c27 41062 python-fontforge_20170731~dfsg-1_amd64.deb Files: 15680c02a2080fb3286279ba2f9abf71 3122 fonts optional fontforge_20170731~dfsg-1.dsc 127bbd78bb24624b8d4d2965ef4ad3cf 17896802 fonts optional fontforge_20170731~dfsg.orig.tar.gz 74baf486aaf5b67d257b1373ac71aba4 54400 fonts optional fontforge_20170731~dfsg-1.debian.tar.xz a267080d2663add235214999291b87e5 1379266 fonts optional fontforge-common_20170731~dfsg-1_all.deb 8b729a3fdc4e6aa9b976ae00850bb415 9366850 debug extra fontforge-dbg_20170731~dfsg-1_amd64.deb 7195c3c2c55a7366977cb2ccd4a8d0f6 3412718 doc optional fontforge-doc_20170731~dfsg-1_all.deb b194a3d9dafa4b2333207d1ac5c94005 37678 fonts optional fontforge-nox_20170731~dfsg-1_amd64.deb b09aa3af77934ae9b0402f93473aaec6 12597 fonts optional fontforge_20170731~dfsg-1_amd64.buildinfo b93ef88ade30e122912a35eb70673f12 38120 fonts optional fontforge_20170731~dfsg-1_amd64.deb c36a21714b2a1b5935421a8553d051ec 2141806 libdevel optional libfontforge-dev_20170731~dfsg-1_amd64.deb 5670b1778167b00edbb45e54a64d5ff5 1949526 libs optional libfontforge2_20170731~dfsg-1_amd64.deb e536c940378e83af2c9ca37f6c012505 1312312 libs optional libgdraw5_20170731~dfsg-1_amd64.deb b66a7165a6d7e8b62b909f2a4dcbe903 41062 python optional python-fontforge_20170731~dfsg-1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAlnHlsoACgkQLHwxRsGg ASEQWA//RS8KTLjI2ID06nCXhOsE1djIIHmcpfK79LmYIXtZnPMf1qwEeIUWHrez kcOiLO5IHCx/t3JFNnXzDdS/xpHzZ1tDKU7v6r9sWRc8ZR/YWrLcxFdPZ+pDdoUJ FxfHzKgmte6/iAvRsHP/yBIa4btrvFMOeYxostJnW5GjRo3qlNjfuapaiPWCqQss oOZHUJyU6cww73Mv3Mb4RQSZke9V9jXAQC16Yz4wjZpmBSWXsYaM7kJ9FVGLj5J+ zX2zJT9kzX/nTLr2uWUJPVGx+OpzxiJy/r9E7TpiLKwIW7sBn/jIc9xJPm4EX11O gPxhCJKW5kmRUYCeIy/qb7op0xmO+zxzNSOA8m3aWUXTrjTGiwV85+oaArp1MaiV 0tIY84VbhEMzYDY5Itc37jBNtJ+QI+Ry/fn762Irrp9+iaRlSLXP58E744tcTe3e UfPpT6qbdt6I9MES0TKl33Z/krVZcMSOq5wsFZr6oJ8T5ksoiX0SNFCWfvPg3cfy 5IWcxw6LarmVncVDIPFgl4HoLXzD2kEH7vX1vn5eMsogc6C4kA9QqcYjUko5WJLs 1SuzSQDOvqfvRhx8efh18qinyD/fV2zTJ00pYr6nJA+WOLvaVy9gRNEQfjYzYbQ2 Rk+O9J9ciZyoUGwEGsz4Ewi/M0J+6fDhpZYfzLDzVjrJeQ8zxTE= =s9uR -----END PGP SIGNATURE-----