From: Raspbian automatic forward porter <root@raspbian.org>
Date: Thu, 4 Apr 2024 19:16:10 +0000 (+0100)
Subject: Merge version 1:20230101~dfsg-1+rpi1 and 1:20230101~dfsg-1.1~deb12u1 to produce 1... 
X-Git-Tag: raspbian/1%20230101_dfsg-1.1_deb12u1+rpi1
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=048f46849c54a4dff63c4e246904f8ee33ed248f;p=fontforge.git

Merge version 1:20230101~dfsg-1+rpi1 and 1:20230101~dfsg-1.1~deb12u1 to produce 1:20230101~dfsg-1.1~deb12u1+rpi1
---

ab041f25350333cab693b911e876fe4df204eb22
diff --cc debian/changelog
index 9622518,26d4ea5..f86c2c7
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,11 -1,19 +1,28 @@@
- fontforge (1:20230101~dfsg-1+rpi1) bookworm-staging; urgency=medium
++fontforge (1:20230101~dfsg-1.1~deb12u1+rpi1) bookworm-staging; urgency=medium
 +
 +  [changes brought forward from 1:20190801~dfsg-4+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Wed, 01 Apr 2020 17:53:42 +0000]
 +  * Disable call to SplineFontFree in _MergeFont to work around use after
 +    free bug (see debian bug 948876).
 +  * Fix clean target.
 +
-  -- Raspbian forward porter <root@raspbian.org>  Mon, 30 Jan 2023 05:17:12 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Thu, 04 Apr 2024 19:16:10 +0000
++
+ fontforge (1:20230101~dfsg-1.1~deb12u1) bookworm-security; urgency=medium
+ 
+   * Non-maintainer upload.
+   * Rebuild for bookworm-security.
+ 
+  -- Adrian Bunk <bunk@debian.org>  Fri, 15 Mar 2024 22:41:07 +0200
+ 
+ fontforge (1:20230101~dfsg-1.1) unstable; urgency=high
+ 
+   * Non-maintainer upload.
+   * CVE-2024-25081: Spline Font command injection via crafted filenames
+   * CVE-2024-25082: Spline Font command injection via crafted archives
+     or compressed files
+   * Closes: #1064967
+ 
+  -- Adrian Bunk <bunk@debian.org>  Fri, 08 Mar 2024 01:15:58 +0200
  
  fontforge (1:20230101~dfsg-1) unstable; urgency=medium
  
diff --cc debian/patches/series
index 68dba9d,625a055..243eeed
--- a/debian/patches/series
+++ b/debian/patches/series
@@@ -2,4 -2,4 +2,5 @@@
  0003-use-local-libjs-mathjax.patch
  2003_avoid_privacy_breach.patch
  2004-fix-privacy-breach-logo.patch
+ 0001-fix-splinefont-shell-command-injection-5367.patch
 +4000-use-after-free-hack.patch