From: Raspbian automatic forward porter <root@raspbian.org>
Date: Tue, 1 Oct 2024 19:00:40 +0000 (+0100)
Subject: Merge version 1:20230101~dfsg-1+rpi1 and 1:20230101~dfsg-4 to produce 1:20230101... 
X-Git-Tag: archive/raspbian/1%20230101_dfsg-4+rpi1^0
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=d566446befefc937bdbe8f4fc8a94aa6a62ed615;p=fontforge.git

Merge version 1:20230101~dfsg-1+rpi1 and 1:20230101~dfsg-4 to produce 1:20230101~dfsg-4+rpi1
---

d566446befefc937bdbe8f4fc8a94aa6a62ed615
diff --cc debian/changelog
index 9622518,563c693..a875c37
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,11 -1,43 +1,52 @@@
- fontforge (1:20230101~dfsg-1+rpi1) bookworm-staging; urgency=medium
++fontforge (1:20230101~dfsg-4+rpi1) trixie-staging; urgency=medium
 +
 +  [changes brought forward from 1:20190801~dfsg-4+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Wed, 01 Apr 2020 17:53:42 +0000]
 +  * Disable call to SplineFontFree in _MergeFont to work around use after
 +    free bug (see debian bug 948876).
 +  * Fix clean target.
 +
-  -- Raspbian forward porter <root@raspbian.org>  Mon, 30 Jan 2023 05:17:12 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Tue, 01 Oct 2024 19:00:39 +0000
++
+ fontforge (1:20230101~dfsg-4) unstable; urgency=medium
+ 
+   * Team upload.
+   * debian/control: Add missing build-dependency python3-setuptools to provide
+     distutils module. (Closes: #1080597)
+ 
+  -- Boyuan Yang <byang@debian.org>  Thu, 05 Sep 2024 21:07:30 -0400
+ 
+ fontforge (1:20230101~dfsg-3) unstable; urgency=medium
+ 
+   * debian/control: Drop build-dependency on potrace. The upstream build
+     system is no longer having compile-time check on the software. Note that
+     we still keep potrace in the binary Suggests: field. (Closes: #1035822)
+ 
+  -- Boyuan Yang <byang@debian.org>  Sun, 30 Jun 2024 12:46:40 -0400
+ 
+ fontforge (1:20230101~dfsg-2) unstable; urgency=medium
+ 
+   * debian/control: Bump Standards-Version to 4.7.0.
+   * debian/patches/:
+     + 0006-Update-po-files-from-Croudin-sources-after-fixing-pr.patch:
+       Cherry-pick upstream PR #5330 to refresh po/ directory and fix
+       FTBFS with gettext 0.22.5. (Closes: #1074258)
+ 
+   [ David (Plasma) Paul ]
+   * Fully support the nodoc build profile. (Closes: #1035892)
+     - Don't build fontforge-doc in nodoc build profile.
+     - Mark Build-Depend:python3-sphinx <!nodoc>.
+ 
+  -- Boyuan Yang <byang@debian.org>  Wed, 26 Jun 2024 10:37:51 -0400
+ 
+ fontforge (1:20230101~dfsg-1.1) unstable; urgency=high
+ 
+   * Non-maintainer upload.
+   * CVE-2024-25081: Spline Font command injection via crafted filenames
+   * CVE-2024-25082: Spline Font command injection via crafted archives
+     or compressed files
+   * Closes: #1064967
+ 
+  -- Adrian Bunk <bunk@debian.org>  Fri, 08 Mar 2024 01:15:58 +0200
  
  fontforge (1:20230101~dfsg-1) unstable; urgency=medium
  
diff --cc debian/patches/series
index 68dba9d,0689bb2..932e01c
--- a/debian/patches/series
+++ b/debian/patches/series
@@@ -2,4 -2,5 +2,6 @@@
  0003-use-local-libjs-mathjax.patch
  2003_avoid_privacy_breach.patch
  2004-fix-privacy-breach-logo.patch
+ 0001-fix-splinefont-shell-command-injection-5367.patch
+ 0006-Update-po-files-from-Croudin-sources-after-fixing-pr.patch
 +4000-use-after-free-hack.patch