projects / fontforge.git / log
? search:
summary | shortlog | log | commit | commitdiff | tree
first ⋅ prev ⋅ next
fontforge.git
21 months agofix splinefont shell command injection (#5367)
commit | commitdiff | tree
Peter Kydas [Tue, 6 Feb 2024 09:03:04 +0000 (20:03 +1100)]
fix splinefont shell command injection (#5367)

Gbp-Pq: Name 0001-fix-splinefont-shell-command-injection-5367.patch

21 months agoRemove link to remote SourceForge logo from Japanese documentation
commit | commitdiff | tree
Anthony Fok [Thu, 7 Mar 2024 23:15:58 +0000 (01:15 +0200)]
Remove link to remote SourceForge logo from Japanese documentation

Origin: vendor
Forwarded: not-needed
Last-Update: 2020-11-23

Also image link to upstream author George Williams’s now defunct old website,
and image link to thunbmail of « Fontes & codages » on Amazon.
Fixes Lintian privacy-breach-logo error.
Last-Update: 2020-11-23
Gbp-Pq: Name 2004-fix-privacy-breach-logo.patch

21 months agoAvoid links in html documents potentially breaching privacy
commit | commitdiff | tree
Vasudev Kamath [Tue, 5 Nov 2019 10:48:04 +0000 (19:48 +0900)]
Avoid links in html documents potentially breaching privacy

Replace potential tracking image URLs with inline single-pixel
transparent image from
<https://css-tricks.com/snippets/html/base64-encode-of-1x1px-transparent-gif/>.

Strip hardcoded host from demo form.

Forwarded: not-needed
Last-Update: 2017-09-23

Gbp-Pq: Name 2003_avoid_privacy_breach.patch

21 months agoUse packaged copy of MathJax from libjs-mathjax
commit | commitdiff | tree
Anthony Fok [Thu, 7 Mar 2024 23:15:58 +0000 (01:15 +0200)]
Use packaged copy of MathJax from libjs-mathjax

Origin: vendor
Forwarded: not-needed
Last-Update: 2020-11-24

FontForge documentation uses sphinx.ext.mathjax which insert script links
to MathJax served on remote CDNs.

This patch, together with debian/fontforge-doc.links, replaces remote
scripts with MathJax from the libjs-mathjax package.
See https://bugs.debian.org/739300 for discussion.

Fixes Lintian privacy-breach-generic warnings.
Last-Update: 2020-11-24
Gbp-Pq: Name 0003-use-local-libjs-mathjax.patch

21 months agoRemove custom library search path (RPATH/RUNPATH)
commit | commitdiff | tree
Anthony Fok [Thu, 7 Mar 2024 23:15:58 +0000 (01:15 +0200)]
Remove custom library search path (RPATH/RUNPATH)

Origin: vendor
Forwarded: not-needed
Last-Update: 2020-11-18

This reverts upstream's preference of setting RPATH/RUNPATH for
installed binaries.  Fixes Lintian custom-library-search-path error.
Last-Update: 2020-11-18
Gbp-Pq: Name 0002-remove-custom-library-search-path.patch

21 months agofontforge (1:20230101~dfsg-1.1) unstable; urgency=high
commit | commitdiff | tree
Adrian Bunk [Thu, 7 Mar 2024 23:15:58 +0000 (01:15 +0200)]
fontforge (1:20230101~dfsg-1.1) unstable; urgency=high

  * Non-maintainer upload.
  * CVE-2024-25081: Spline Font command injection via crafted filenames
  * CVE-2024-25082: Spline Font command injection via crafted archives
    or compressed files
  * Closes: #1064967

[dgit import unpatched fontforge 1:20230101~dfsg-1.1]

21 months agoImport fontforge_20230101~dfsg-1.1.debian.tar.xz
commit | commitdiff | tree
Adrian Bunk [Thu, 7 Mar 2024 23:15:58 +0000 (01:15 +0200)]
Import fontforge_20230101~dfsg-1.1.debian.tar.xz

[dgit import tarball fontforge 1:20230101~dfsg-1.1 fontforge_20230101~dfsg-1.1.debian.tar.xz]

2 years agoImport fontforge_20230101~dfsg.orig.tar.xz
commit | commitdiff | tree
Anthony Fok [Wed, 18 Jan 2023 18:05:41 +0000 (11:05 -0700)]
Import fontforge_20230101~dfsg.orig.tar.xz

[dgit import orig fontforge_20230101~dfsg.orig.tar.xz]

Unnamed repository; edit this file 'description' to name the repository.