openSUSE: 2020:0704-1: moderate: freetype2

    Date23 May 2020
    67
    Posted ByLinuxSecurity Advisories
    An update that solves one vulnerability and has one errata is now available.
       openSUSE Security Update: Security update for freetype2
    ______________________________________________________________________________
    
    Announcement ID:    openSUSE-SU-2020:0704-1
    Rating:             moderate
    References:         #1079603 #1091109 
    Cross-References:   CVE-2018-6942
    Affected Products:
                        openSUSE Leap 15.1
    ______________________________________________________________________________
    
       An update that solves one vulnerability and has one errata
       is now available.
    
    Description:
    
       This update for freetype2 to version 2.10.1 fixes the following issues:
    
       Security issue fixed:
    
       - CVE-2018-6942: Fixed a NULL pointer dereference within ttinerp.c
         (bsc#1079603).
    
       Non-security issues fixed:
    
       - Update to version 2.10.1
         * The bytecode hinting of OpenType variation fonts was flawed, since the
           data in the `CVAR' table wasn't correctly applied.
         * Auto-hinter support for Mongolian.
         * The handling of  the default character in PCF fonts as  introduced in
           version 2.10.0 was partially broken, causing premature abortion
           of charmap iteration for many fonts.
         * If  `FT_Set_Named_Instance' was  called  with  the same  arguments
           twice in a row, the function  returned an incorrect error code the
           second time.
         * Direct   rendering   using  FT_RASTER_FLAG_DIRECT   crashed   (bug
           introduced in version 2.10.0).
         * Increased  precision  while  computing  OpenType  font   variation
           instances.
         * The  flattening  algorithm of  cubic  Bezier  curves was  slightly
           changed to make  it faster.  This can cause  very subtle rendering
           changes, which aren't noticeable by the eye, however.
         * The  auto-hinter  now  disables hinting  if there  are blue  zones
           defined for a `style' (i.e., a certain combination of a script and its
           related typographic features) but the font doesn't contain any
           characters needed to set up at least one blue zone.
       - Add tarball signatures and freetype2.keyring
    
       - Update to version 2.10.0
         * A bunch of new functions has been added to access and process
           COLR/CPAL data of OpenType fonts with color-layered glyphs.
         * As a GSoC 2018 project, Nikhil Ramakrishnan completely
           overhauled and modernized the API reference.
         * The logic for computing the global ascender, descender, and height of
           OpenType fonts has been slightly adjusted for consistency.
         * `TT_Set_MM_Blend' could fail if called repeatedly with the same
           arguments.
         * The precision of handling deltas in Variation Fonts has been
           increased.The problem did only show up with multidimensional
           designspaces.
         * New function `FT_Library_SetLcdGeometry' to set up the geometry
           of LCD subpixels.
         * FreeType now uses the `defaultChar' property of PCF fonts to set the
           glyph for  the undefined  character  at glyph  index 0  (as FreeType
           already does for all other supported font formats).  As a consequence,
           the order of glyphs of a PCF font if accessed with  FreeType can be
           different now compared to previous versions. This change doesn't
           affect PCF font access with cmaps.
         * `FT_Select_Charmap' has been changed to allow  parameter value
           `FT_ENCODING_NONE', which is valid for BDF, PCF, and Windows FNT
           formats to access built-in cmaps that don't have a predefined
           `FT_Encoding' value.
         * A previously reserved field in the `FT_GlyphSlotRec' structure now
           holds the glyph index.
         * The usual round of fuzzer bug fixes to better reject malformed fonts.
         * `FT_Outline_New_Internal' and `FT_Outline_Done_Internal' have been
           removed.These two functions were public by oversight only and were
           never documented.
         * A new function `FT_Error_String' returns descriptions of error codes
           if configuration macro FT_CONFIG_OPTION_ERROR_STRINGS is defined.
         * `FT_Set_MM_WeightVector' and `FT_Get_MM_WeightVector' are new
           functions limited to Adobe MultiMaster fonts to directly set and get
           the weight vector.
    
       - Enable subpixel rendering with infinality config:
    
       - Re-enable freetype-config, there is just too many fallouts.
    
       - Update to version 2.9.1
         * Type 1 fonts containing flex features were not rendered correctly (bug
           introduced in version 2.9).
         * CVE-2018-6942: Older FreeType versions can crash with certain
           malformed variation fonts.
         * Bug fix: Multiple calls to `FT_Get_MM_Var' returned garbage.
         * Emboldening of bitmaps didn't work correctly sometimes, showing
           various artifacts (bug introduced in version 2.8.1).
         * The auto-hinter script ranges have  been updated for Unicode 11. No
           support for new scripts have been added, however,  with the exception
           of Georgian Mtavruli.
       - freetype-config is now deprecated by upstream and not enabled by default.
    
       - Update to version 2.10.1
         * The `ftmulti' demo program now  supports multiple hidden axes with the
           same name tag.
         * `ftview', `ftstring', and `ftgrid' got  a `-k' command line option to
           emulate a sequence of keystrokes at start-up.
         * `ftview', `ftstring', and `ftgrid' now support screen dumping to a PNG
           file.
         * The bytecode debugger, `ttdebug',  now supports variation TrueType
           fonts; a variation font instance can be selected with the new `-d'
           command line option.
       - Add tarball signatures and freetype2.keyring
    
       - Update to version 2.10.0
         * The  `ftdump' demo  program has new options `-c'  and `-C'  to display
           charmaps in compact and detailed format, respectively. Option `-V' has
           been removed.
         * The `ftview', `ftstring', and `ftgrid' demo programs use a new command
           line option `-d' to specify the program window's width, height, and
           color depth.
         * The `ftview' demo program now displays red boxes for zero-width glyphs.
         * `ftglyph' has limited support to display fonts with color-layered
           glyphs.This will be improved later on.
         * `ftgrid' can now display bitmap fonts also.
         * The `ttdebug' demo program has a new option `-f' to select a member of
           a TrueType collection (TTC).
         * Other various improvements to the demo programs.
    
       - Remove "Supplements: fonts-config" to avoid accidentally pulling in Qt
         dependencies on some non-Qt based desktops.(bsc#1091109) fonts-config is
         fundamental but ft2demos seldom installs by end users.
         only fonts-config maintainers/debuggers may use ft2demos along to debug
          some issues.
    
       - Update to version 2.9.1
         * No changelog upstream.
    
       This update was imported from the SUSE:SLE-15:Update update project.
    
    
    Patch Instructions:
    
       To install this openSUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - openSUSE Leap 15.1:
    
          zypper in -t patch openSUSE-2020-704=1
    
    
    
    Package List:
    
       - openSUSE Leap 15.1 (i586 x86_64):
    
          freetype2-debugsource-2.10.1-lp151.4.3.1
          freetype2-devel-2.10.1-lp151.4.3.1
          libfreetype6-2.10.1-lp151.4.3.1
          libfreetype6-debuginfo-2.10.1-lp151.4.3.1
    
       - openSUSE Leap 15.1 (x86_64):
    
          freetype2-devel-32bit-2.10.1-lp151.4.3.1
          ft2demos-2.10.1-lp151.4.3.1
          ftbench-2.10.1-lp151.4.3.1
          ftdiff-2.10.1-lp151.4.3.1
          ftdump-2.10.1-lp151.4.3.1
          ftgamma-2.10.1-lp151.4.3.1
          ftgrid-2.10.1-lp151.4.3.1
          ftinspect-2.10.1-lp151.4.3.1
          ftlint-2.10.1-lp151.4.3.1
          ftmulti-2.10.1-lp151.4.3.1
          ftstring-2.10.1-lp151.4.3.1
          ftvalid-2.10.1-lp151.4.3.1
          ftview-2.10.1-lp151.4.3.1
          libfreetype6-32bit-2.10.1-lp151.4.3.1
          libfreetype6-32bit-debuginfo-2.10.1-lp151.4.3.1
    
       - openSUSE Leap 15.1 (noarch):
    
          freetype2-profile-tti35-2.10.1-lp151.4.3.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2018-6942.html
       https://bugzilla.suse.com/1079603
       https://bugzilla.suse.com/1091109
    
    -- 
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"90","type":"x","order":"1","pct":78.95,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"18","type":"x","order":"2","pct":15.79,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"6","type":"x","order":"3","pct":5.26,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.