Security update for freetype2 (moderate)

An update that solves one vulnerability and has one errata
is now available.

Description:

This update for freetype2 to version 2.10.1 fixes the following issues:

Security issue fixed:

• CVE-2018-6942: Fixed a NULL pointer dereference within ttinerp.c
  (bsc#1079603).

Non-security issues fixed:

• Update to version 2.10.1

  • The bytecode hinting of OpenType variation fonts was flawed, since the
    data in the `CVAR’ table wasn’t correctly applied.
  • Auto-hinter support for Mongolian.
  • The handling of the default character in PCF fonts as introduced in
    version 2.10.0 was partially broken, causing premature abortion
    of charmap iteration for many fonts.
  • If `FT_Set_Named_Instance’ was called with the same arguments
    twice in a row, the function returned an incorrect error code the
    second time.
  • Direct rendering using FT_RASTER_FLAG_DIRECT crashed (bug
    introduced in version 2.10.0).
  • Increased precision while computing OpenType font variation
    instances.
  • The flattening algorithm of cubic Bezier curves was slightly
    changed to make it faster. This can cause very subtle rendering
    changes, which aren’t noticeable by the eye, however.
  • The auto-hinter now disables hinting if there are blue zones
    defined for a `style’ (i.e., a certain combination of a script and its
    related typographic features) but the font doesn’t contain any
    characters needed to set up at least one blue zone.

• Add tarball signatures and freetype2.keyring

• Update to version 2.10.0

  • A bunch of new functions has been added to access and process
    COLR/CPAL data of OpenType fonts with color-layered glyphs.
  • As a GSoC 2018 project, Nikhil Ramakrishnan completely
    overhauled and modernized the API reference.
  • The logic for computing the global ascender, descender, and height of
    OpenType fonts has been slightly adjusted for consistency.
  • `TT_Set_MM_Blend’ could fail if called repeatedly with the same
    arguments.
  • The precision of handling deltas in Variation Fonts has been
    increased.The problem did only show up with multidimensional
    designspaces.
  • New function `FT_Library_SetLcdGeometry’ to set up the geometry
    of LCD subpixels.
  • FreeType now uses the `defaultChar’ property of PCF fonts to set the
    glyph for the undefined character at glyph index 0 (as FreeType
    already does for all other supported font formats). As a consequence,
    the order of glyphs of a PCF font if accessed with FreeType can be
    different now compared to previous versions. This change doesn’t
    affect PCF font access with cmaps.
  • FT_Select_Charmap' has been changed to allow parameter value FT_ENCODING_NONE’, which is valid for BDF, PCF, and Windows FNT
    formats to access built-in cmaps that don’t have a predefined
    `FT_Encoding’ value.
  • A previously reserved field in the `FT_GlyphSlotRec’ structure now
    holds the glyph index.
  • The usual round of fuzzer bug fixes to better reject malformed fonts.
  • FT_Outline_New_Internal' and FT_Outline_Done_Internal’ have been
    removed.These two functions were public by oversight only and were
    never documented.
  • A new function `FT_Error_String’ returns descriptions of error codes
    if configuration macro FT_CONFIG_OPTION_ERROR_STRINGS is defined.
  • FT_Set_MM_WeightVector' and FT_Get_MM_WeightVector’ are new
    functions limited to Adobe MultiMaster fonts to directly set and get
    the weight vector.

• Enable subpixel rendering with infinality config:

• Re-enable freetype-config, there is just too many fallouts.

• Update to version 2.9.1

  • Type 1 fonts containing flex features were not rendered correctly (bug
    introduced in version 2.9).
  • CVE-2018-6942: Older FreeType versions can crash with certain
    malformed variation fonts.
  • Bug fix: Multiple calls to `FT_Get_MM_Var’ returned garbage.
  • Emboldening of bitmaps didn’t work correctly sometimes, showing
    various artifacts (bug introduced in version 2.8.1).
  • The auto-hinter script ranges have been updated for Unicode 11. No
    support for new scripts have been added, however, with the exception
    of Georgian Mtavruli.

• freetype-config is now deprecated by upstream and not enabled by default.

• Update to version 2.10.1

  • The `ftmulti’ demo program now supports multiple hidden axes with the
    same name tag.
  • ftview', ftstring’, and ftgrid' got a -k’ command line option to
    emulate a sequence of keystrokes at start-up.
  • ftview', ftstring’, and `ftgrid’ now support screen dumping to a PNG
    file.
  • The bytecode debugger, ttdebug', now supports variation TrueType fonts; a variation font instance can be selected with the new -d’
    command line option.

• Add tarball signatures and freetype2.keyring

• Update to version 2.10.0

  • The ftdump' demo program has new options -c’ and -C' to display charmaps in compact and detailed format, respectively. Option -V’ has
    been removed.
  • The ftview', ftstring’, and ftgrid' demo programs use a new command line option -d’ to specify the program window’s width, height, and
    color depth.
  • The `ftview’ demo program now displays red boxes for zero-width glyphs.
  • `ftglyph’ has limited support to display fonts with color-layered
    glyphs.This will be improved later on.
  • `ftgrid’ can now display bitmap fonts also.
  • The ttdebug' demo program has a new option -f’ to select a member of
    a TrueType collection (TTC).
  • Other various improvements to the demo programs.

• Remove “Supplements: fonts-config” to avoid accidentally pulling in Qt
  dependencies on some non-Qt based desktops.(bsc#1091109) fonts-config is
  fundamental but ft2demos seldom installs by end users.
  only fonts-config maintainers/debuggers may use ft2demos along to debug
  some issues.

• Update to version 2.9.1

  • No changelog upstream.

This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

• openSUSE Leap 15.1:

  zypper in -t patch openSUSE-2020-704=1