An update that solves one vulnerability and has one errata
is now available.
Description:
This update for freetype2 to version 2.10.1 fixes the following issues:
Security issue fixed:
- CVE-2018-6942: Fixed a NULL pointer dereference within ttinerp.c
(bsc#1079603).
Non-security issues fixed:
-
Update to version 2.10.1
- The bytecode hinting of OpenType variation fonts was flawed, since the
data in the `CVAR’ table wasn’t correctly applied.
- Auto-hinter support for Mongolian.
- The handling of the default character in PCF fonts as introduced in
version 2.10.0 was partially broken, causing premature abortion
of charmap iteration for many fonts.
- If `FT_Set_Named_Instance’ was called with the same arguments
twice in a row, the function returned an incorrect error code the
second time.
- Direct rendering using FT_RASTER_FLAG_DIRECT crashed (bug
introduced in version 2.10.0).
- Increased precision while computing OpenType font variation
instances.
- The flattening algorithm of cubic Bezier curves was slightly
changed to make it faster. This can cause very subtle rendering
changes, which aren’t noticeable by the eye, however.
- The auto-hinter now disables hinting if there are blue zones
defined for a `style’ (i.e., a certain combination of a script and its
related typographic features) but the font doesn’t contain any
characters needed to set up at least one blue zone.
-
Add tarball signatures and freetype2.keyring
-
Update to version 2.10.0
- A bunch of new functions has been added to access and process
COLR/CPAL data of OpenType fonts with color-layered glyphs.
- As a GSoC 2018 project, Nikhil Ramakrishnan completely
overhauled and modernized the API reference.
- The logic for computing the global ascender, descender, and height of
OpenType fonts has been slightly adjusted for consistency.
- `TT_Set_MM_Blend’ could fail if called repeatedly with the same
arguments.
- The precision of handling deltas in Variation Fonts has been
increased.The problem did only show up with multidimensional
designspaces.
- New function `FT_Library_SetLcdGeometry’ to set up the geometry
of LCD subpixels.
- FreeType now uses the `defaultChar’ property of PCF fonts to set the
glyph for the undefined character at glyph index 0 (as FreeType
already does for all other supported font formats). As a consequence,
the order of glyphs of a PCF font if accessed with FreeType can be
different now compared to previous versions. This change doesn’t
affect PCF font access with cmaps.
FT_Select_Charmap' has been changed to allow parameter value
FT_ENCODING_NONE’, which is valid for BDF, PCF, and Windows FNT
formats to access built-in cmaps that don’t have a predefined
`FT_Encoding’ value.
- A previously reserved field in the `FT_GlyphSlotRec’ structure now
holds the glyph index.
- The usual round of fuzzer bug fixes to better reject malformed fonts.
FT_Outline_New_Internal' and
FT_Outline_Done_Internal’ have been
removed.These two functions were public by oversight only and were
never documented.
- A new function `FT_Error_String’ returns descriptions of error codes
if configuration macro FT_CONFIG_OPTION_ERROR_STRINGS is defined.
FT_Set_MM_WeightVector' and
FT_Get_MM_WeightVector’ are new
functions limited to Adobe MultiMaster fonts to directly set and get
the weight vector.
-
Enable subpixel rendering with infinality config:
-
Re-enable freetype-config, there is just too many fallouts.
-
Update to version 2.9.1
- Type 1 fonts containing flex features were not rendered correctly (bug
introduced in version 2.9).
- CVE-2018-6942: Older FreeType versions can crash with certain
malformed variation fonts.
- Bug fix: Multiple calls to `FT_Get_MM_Var’ returned garbage.
- Emboldening of bitmaps didn’t work correctly sometimes, showing
various artifacts (bug introduced in version 2.8.1).
- The auto-hinter script ranges have been updated for Unicode 11. No
support for new scripts have been added, however, with the exception
of Georgian Mtavruli.
-
freetype-config is now deprecated by upstream and not enabled by default.
-
Update to version 2.10.1
- The `ftmulti’ demo program now supports multiple hidden axes with the
same name tag.
ftview',
ftstring’, and ftgrid' got a
-k’ command line option to
emulate a sequence of keystrokes at start-up.
ftview',
ftstring’, and `ftgrid’ now support screen dumping to a PNG
file.
- The bytecode debugger,
ttdebug', now supports variation TrueType fonts; a variation font instance can be selected with the new
-d’
command line option.
-
Add tarball signatures and freetype2.keyring
-
Update to version 2.10.0
- The
ftdump' demo program has new options
-c’ and -C' to display charmaps in compact and detailed format, respectively. Option
-V’ has
been removed.
- The
ftview',
ftstring’, and ftgrid' demo programs use a new command line option
-d’ to specify the program window’s width, height, and
color depth.
- The `ftview’ demo program now displays red boxes for zero-width glyphs.
- `ftglyph’ has limited support to display fonts with color-layered
glyphs.This will be improved later on.
- `ftgrid’ can now display bitmap fonts also.
- The
ttdebug' demo program has a new option
-f’ to select a member of
a TrueType collection (TTC).
- Other various improvements to the demo programs.
-
Remove “Supplements: fonts-config” to avoid accidentally pulling in Qt
dependencies on some non-Qt based desktops.(bsc#1091109) fonts-config is
fundamental but ft2demos seldom installs by end users.
only fonts-config maintainers/debuggers may use ft2demos along to debug
some issues.
-
Update to version 2.9.1
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product: