fixes CVE-2017-7857 CVE-2017-7858 CVE-2017-7864 CVE-2017-8105 CVE-2017-8287
Upstream change announcement:
I. IMPORTANT CHANGES
- Support for OpenType Variation Fonts is now complete. The last
missing part was handling the `VVAR' and `MVAR' tables, which is
available with this release.
- A new function `FT_Face_Properties' allows the control of some
module and library properties per font. Currently, the
following properties can be handled: stem darkening, LCD filter
weights, and the random seed for the `random' CFF operator.
- The PCF change to show more `colourful' family names (introduced
in version 2.7.1) was too radical; it can now be configured with
PCF_CONFIG_OPTION_LONG_FAMILY_NAMES at compile time. If
activated, it can be switched off at run time with the new pcf
property `no-long-family-names'. If the `FREETYPE_PROPERTIES'
environment variable is available, you can say
FREETYPE_PROPERTIES=pcf:no-long-family-names=1
- Support for the following scripts has been added to the
auto-hinter.
Adlam, Avestan, Bamum, Buhid, Carian, Chakma, Coptic, Cypriot,
Deseret, Glagolitic, Gothic, Kayah, Lisu, N'Ko, Ol Chiki, Old
Turkic, Osage, Osmanya, Saurashtra, Shavian, Sundanese, Tai
Viet, Tifinagh, Unified Canadian Syllabics, Vai
II. IMPORTANT BUG FIXES
- `Light' auto-hinting mode no longer uses TrueType metrics for
TrueType fonts. This bug was introduced in version 2.4.6,
causing horizontal scaling also. Almost all GNU/Linux
distributions (with Fedora as a notable exception) disabled the
corresponding patch for good reasons; chances are thus high that
you won't notice a difference.
If optical backward compatibility for legacy applications is
necessary, you might enable the AF_CONFIG_OPTION_TT_SIZE_METRICS
configuration option. However, it is strongly recommended to
avoid that, adjusting font sizes instead.
- If a TrueType font gets loaded with FT_LOAD_NO_HINTING, FreeType
now scales the font linearly again (bug introduced in version
2.4.6).
- CVE-2017-8105, CVE-2017-8287: Older FreeType versions have
out-of-bounds writes caused by heap-based buffer overflows
related to Type 1 fonts.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8105https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287
III. MISCELLANEOUS
- A new function `FT_Set_Default_Properties' has been added to
parse the `FREETYPE_PROPERTIES' environment variable
(previously, it was internal only). `FT_Init_FreeType' always
call this function, but `FT_New_Library' does not (similar to
`FT_Add_Default_Modules').
- To be in sync with OpenType version 1.7 and newer, macros
FT_PARAM_TAG_IGNORE_PREFERRED_FAMILY,
FT_PARAM_TAG_IGNORE_PREFERRED_SUBFAMILY,
TT_NAME_ID_PREFERRED_FAMILY
TT_NAME_ID_PREFERRED_SUBFAMILY
are renamed to
FT_PARAM_TAG_IGNORE_TYPOGRAPHIC_FAMILY,
FT_PARAM_TAG_IGNORE_TYPOGRAPHIC_SUBFAMILY,
TT_NAME_ID_TYPOGRAPHIC_FAMILY
TT_NAME_ID_TYPOGRAPHIC_SUBFAMILY
The old macro names are deprecated (but still available).
- Support for SFNT `name' tables has been improved.
. Format 1 `name' tables are now supported. Use new function
`FT_Get_Sfnt_LangTag' to access associated language tags.
. Language, encoding, and name IDs have been updated to OpenType
version 1.8.1.
- The new CFF engine now handles the `random' operator. All CFF
opcodes are now supported.
- The CFF module has a new property `random-seed' to control the
pseudo-random number generation for the `random' operator.
- The `freetype-config' script is now a wrapper of `pkg-config' if
this program is available in the path.
- FT_LOAD_TARGET_LCD is now a variant of FT_LOAD_TARGET_LIGHT;
this should provide better rendering results.
- A mode to display light auto-hinting with sub-pixel positioning
has been added to `ftdiff'.
FreeType 2.6.4 has been released. The most important change is a new bytecode hinting mode for TrueType fonts that finally activates subpixel hinting (a.k.a. ClearType hinting) by default.
The new release also brings support for the following new scripts in the auto-hinter: Armenian, Cherokee, Ethiopic, Georgian, Gujarati, Gurmukhi, Malayalam, Sinhala, and Tamil.
test dependent packages.
CHANGES BETWEEN 2.6 and 2.6.1
I. IMPORTANT BUG FIXES
- It turned out that for CFFs only the advance widths should be
taken from the `htmx' table, not the side bearings. This bug,
introduced in version 2.6.0, makes it necessary to upgrade if
you are using CFFs; otherwise, you get cropped glyphs with GUI
interfaces like GTK or Qt.
- Accessing Type 42 fonts returned incorrect results if the glyph
order of the embedded TrueType font differs from the glyph order
of the Type 42 charstrings table.
II. IMPORTANT CHANGES
- The header file layout has been changed (again), moving all
header files except `ft2build.h' into a subdirectory tree.
Doing so reduces the possibility of header file name clashes
(e.g., FTGL's `FTGlyph.h' with FreeType's `ftglyph.h') on case
insensitive file systems like Mac OS X or Windows.
Applications that use (a) the `freetype-config' script or
FreeType's `freetype2.pc' file for pkg-config to get the include
directory for the compiler, and (b) the documented way for
header inclusion like
#include <ft2build.h>
#include FT_FREETYPE_H
...
don't need any change to the source code.
- Simple access to named instances in GX variation fonts is now
available (in addition to the previous method via FreeType's MM
interface). In the `FT_Face' structure, bits 16-30 of the
`face_index' field hold the current named instance index for the
given face index, and bits 16-30 of `style_flags' contain the
number of instances for the given face index. `FT_Open_Face'
and friends also understand the extended bits of the face index
parameter.
You need to enable TT_CONFIG_OPTION_GX_VAR_SUPPORT for this new
feature. Otherwise, bits 16-30 of the two fields are zero (or
are ignored).
- Lao script support has been added to the auto-hinter.
III. MISCELLANEOUS
- The auto-hinter's Arabic script support has been enhanced.
- Superscript-like and subscript-like glyphs as used by various
phonetic alphabets like the IPA are now better supported by the
auto-hinter.
- The TrueType bytecode interpreter now runs slightly faster.
- Improved support for builds with cmake.
- The function `FT_CeilFix' now always rounds towards plus
infinity.
- The function `FT_FloorFix' now always rounds towards minus
infinity.
- A new load flag `FT_LOAD_COMPUTE_METRICS' has been added; it
makes FreeType ignore pre-computed metrics, as needed by font
validating or font editing programs. Right now, only the
TrueType module supports it to ignore data from the `hdmx'
table.
- Another round of bug fixes to better handle broken fonts, found
by Kostya Serebryany <kcc@google.com>.
CHANGES BETWEEN 2.6.1 and 2.6.2
I. IMPORTANT CHANGES
- The auto-hinter now supports stem darkening, to be controlled by
the new `no-stem-darkening' and `darkening-parameters'
properties. This is an experimental feature contributed by
Nikolaus Waxweiler, and the interface might change in a future
release.
- By default, stem darkening is now switched off (for both the CFF
engine and the auto-hinter). The main reason is that you need
linear alpha blending and gamma correction to get correct
rendering results, and the latter is not yet available in most
freely available rendering stacks like X11. Applying stem
darkening without proper gamma correction leads to far too dark
rendering results.
- The meaning of `FT_RENDER_MODE_LIGHT' has been slightly
modified. It now essentially means `no hinting along the
horizontal axis'; in particular, no change of glyph advance
widths. Consequently, the auto-hinter is used for all scalable
font formats except for CFF. It is planned that other
font-specific rendering engines (TrueType, Type 1) will follow.
II. MISCELLANEOUS
- The default LCD filter has been changed to be normalized and
color-balanced.
- For better compatibility with FontConfig, function
`FT_Library_SetLcdFilter' accepts a new enumeration value
`FT_LCD_FILTER_LEGACY1' (which has the same meaning as
`FT_LCD_FILTER_LEGACY').
- A large number of bugs have been detected by using the libFuzzer
framework, which should further improve handling of invalid
fonts. Thanks again to Kostya Serebryany and Bungeman!
- `TT_CONFIG_OPTION_MAX_RUNNABLE_OPCODES', a new configuration
option, controls the maximum number of executed opcodes within a
bytecode program. You don't want to change this except for very
special situations (e.g., making a library fuzzer spend less
time to handle broken fonts).
- The smooth renderer has been made faster.
- The `ftstring' demo program now supports sub-pixel rendering;
use key `l' to cycle through the LCD modes.
- The `ftstring' demo program now supports colour rendering; use
the `space' key to cycle through various colour combinations.
- The graphical demo programs now use a default gamma value of 1.8
(instead of 1.2).
In connection with the new CFF engine, the demo programs, especially ftview and ftdiff, have been improved a lot; as usual, more details on the changes can be found in the release notes.
Update to 2.4.6, No answer from maintainer.
CHANGES BETWEEN 2.4.5 and 2.4.6
I. IMPORTANT BUG FIXES
- For TrueType based fonts, the ascender and descender values were
incorrect sometimes (off by a pixel if the ppem value was not a
multiple of 5). Depending on the use you might now experience
a different layout; the change should result in better, more
consistent line spacing.
- Fix CVE-2011-0226 which causes a vulnerability while handling
Type 1 fonts.
- BDF fonts containing glyphs with negative values for ENCODING
were incorrectly rejected. This bug has been introduced in
FreeType version 2.2.0.
- David Bevan contributed a major revision of the FreeType stroker
code:
. The behaviour of FT_STROKER_LINEJOIN_BEVEL has been corrected.
. A new line join style, FT_STROKER_LINEJOIN_MITER_FIXED, has
been introduced to support PostScript and PDF miter joins.
. FT_STROKER_LINEJOIN_MITER_VARIABLE has been introduced ches has
been fixed.
II. MISCELLANEOUS
- SFNT bitmap fonts which contain an outline glyph for `.notdef'
only no longer set the FT_FACE_FLAG_SCALABLE flag.
CHANGES BETWEEN 2.4.4 and 2.4.5
I. IMPORTANT BUG FIXES
- A rendering regression for second-order B#zier curves has been
fixed, introduced in 2.4.3.
II. IMPORTANT CHANGES
- If autohinting is not explicitly disabled, FreeType now uses
the autohinter if a TrueType based font doesn't contain native
hints.
- The load flag FT_LOAD_IGNORE_GLOBAL_ADVANCE_WIDTH has been made
redundant and is simply ignored; this means that FreeType now
ignores the global advance width value in TrueType fonts.
III. MISCELLANEOUS
- `FT_Sfnt_Table_Info' can now return the number of SFNT tables of
a font.
- Support for PCF files compressed with bzip2 has been contributed
by Joel Klinghed. To make this work, the OS must provide a
bzip2 library.
- Bradley Grainger contributed project and solution files in
Visual Studio 2010 format.
- Again some fixes to better handle broken fonts.
changes:
-fixed rendering regression for second-order Bezier curves
-FreeType now uses the autohinter per default
-Support for PCF files compressed with bzip2
-misc fixes and improvements
pkgsrc change: clean up patch-ac (which fixes SA45167): put sign extension
stuff into a macro and move checks to make it closer to the upstream fix
I. IMPORTANT BUG FIXES
- UVS support (TrueType/OpenType cmap format 14) support is fixed.
This regression has been introduced in version 2.4.0.
II. MISCELLANEOUS
- Detect tricky fonts (e.g. MingLiU) by the lengths and checksums
of Type42-persistent subtables (`cvt ', `fpgm', and `prep') when
a TrueType font without family name is given. The previous fix,
introduced in 2.4.3, was too rigorous, causing many subsetted
fonts (mainly from PDF files) displayed badly because FreeType
forced rendering with the TrueType bytecode engine instead of
the autohinter.
- Better support for 64bit platforms.
- More fixes to improve handling of broken fonts.
which could be exploited to cause a crash and potentially execute
arbitrary code via a specially crafted font (CVE-2010-3814)
bump PKGREV
being here, add CVE reference to an older patch
This is a bugfix release for the 2.3 series, which brings considerable
improvements for b/w rasterizing of hinted TrueType fonts at
small sizes. All users should upgrade.
changes:
-important bugfixes
-improved CID support
There was an ABI breakage between 2.3.7 and 2.3.8 which was reverted
in 2.3.9. The public 'PS_FontInfoRec' structure was expanded and
then shrunk. Applications compiled against 2.3.8 should work fine
with 2.3.9. Applications compiled against the new 2.3.9 can
theoretically exhibit problems if run against a 2.3.8 binary, if
some PS_FontInfo stuff is used. See the freetype release notes
for details. I didn't find any suspects for now. If one is found,
it should be changed to require 2.3.9, and PKGREV bumped.
changes:
-improvements for fonts in an SFNT wrapper (used on Mac)
-FT_MulFix is now an inlined function; by default, assembler code
is provided for x86 and ARM. See FT_CONFIG_OPTION_INLINE_MULFIX
and FT_CONFIG_OPTION_NO_ASSEMBLER (in ftoption.h) for more
-handling of `tricky' fonts has been generalized and changed slightly
-API additions
-bugfixes
This is a bugfix release for the 2.3 series which provides some important
fixes for bugs which were introduced in version 2.3.6. Additionally, native
bytecode hinting for TrueType fonts has been improved.
* src/cff/cffobjs.c (cff_face_init): Compute final
`dict->units_per_em' value before assigning it to
`cffface->units_per_EM'. Otherwise, CFFs without subfonts are be
scaled incorrectly if the font matrix is non-standard. This fixes
Savannah bug #23630
This fixes the problem that text set in a font embedded as type 1C subset
was rendered unreadably small.
bump PKGREVISION
changes:
-Some subglyphs in TrueType fonts were handled incorrectly due to
a missing graphics state reinitialization.
-Large .Z files (as distributed with some X11 packages) weren't
handled correctly, making FreeType increase the heap stack in an
endless loop.
-A large number of bugs have been fixed to avoid crashes and
endless loops with invalid fonts.
-API extensions for caching, TT handling
-autohinter improvement for non-Latin scripts
-Support for Windows FON files in PE format
* src/bdf/bdflib.c (setsbit, sbitset): Handle values >= 128
gracefully.
(_bdf_set_default_spacing): Increase `name' buffer size to 256 and
issue an error for longer names.
(_bdf_parse_glyphs): Limit allowed number of glyphs in font to the
number of code points in Unicode.
This fixes CVE-2007-1351.
This switches to the new stable branch. There are too many API additions
and other changes to list here -- see the changelog.
Some notes:
-There is an unpatented hinter built in per default. The "truetype"
pkgsrc option does still enable another one -- the documentation here
is inconsistent, so I've left this alone for now. I couldn't find
a visible effect with my fonts on my display.
-New pkgsrc option "subpixel". Enables subpixel rendering for LCDs.
Not default because there are patent issues.
-There is sone strange effect of the CONFIG_SHELL environment valiable
on the "configure" script. Worked around this by overriding the
env var in the pkg Makefile. Someone understanding shell quoting might
be able to locate the underlying problem.
pkg-config file.
This fixes problem where non-pkgsrc software builds using this info
can also find the ft2build.h header. (Not noticed in pkgsrc itself
because that include file is already known.)
This is also done in upstream version in the 2.2 release candidates.
The commit log message upstream is:
builds/unix/freetype2.in (CFlags): Add missing directory.
Bump PKGREVISION.
* bug fixes
* Both PCF and BDF drivers now handle the SETWIDTH_NAME and
ADD_STYLE_NAME properties. Values are appended to
face->style_name; example: `Bold SemiCondensed'.
* The PCF driver now handles bitmap fonts compressed with the LZW
algorithm (extension .pcf.Z, compressed with `compress').
* A new API function `FT_Get_CMap_Language_ID' (declared in
`tttables.h') is available to get the language ID of a
TrueType/SFNT cmap.
* The hexadecimal format of data after the `StartData' command in
CID-keyed Type 1 fonts is now supported. While this can't occur
in file-based fonts, it can happen in document-embedded
resources of PostScript documents.
* Embedded bitmaps in SFNT-based CFF fonts are now supported.
* A simple API is now available to control FreeType's tracing
mechanism if compiled with FT_DEBUG_LEVEL_TRACE. See the file
`ftdebug.h' for more details.
* YAMATO Masatake contributed improved handling of MacOS resource
forks on non-MacOS platforms (for example, Linux can mount MacOS
file systems).
* Support for MacOS has been improved; there is now a new function
`FT_New_Face_From_FSSpec' similar to `FT_New_Face' except that
it accepts an FSSpec instead of a path.
* The cache sub-system has been rewritten.
- Updated to newest libtool version, fixing build problems on
various platforms.
- On Unix platforms, `make install' didn't copy the correct
`ftconfig.h' file.
CHANGES BETWEEN 2.1.6 and 2.1.5:
- The PFR font driver didn't load kerning tables correctly, and
the functions in FT_PFR_H didn't work at all.
- Type 1 font files in binary format (PFB) with an end-of-file
indicator weren't accepted by the FreeType engine.
- Fonts which contain /PaintType and /StrokeWidth no longer cause
a segfault. This bug has been introduced in version 2.1.5.
- Fonts loaded with FT_LOAD_RENDER no longer cause strange
results. This bug has been introduced in version 2.1.5.
- Some Windows (bitmap) FNT/FON files couldn't be handled
correctly.
- The internal module API has been heavily changed in favor of
massive simplifications within the font engine.
- The PostScript parser has been enhanced to handle comments and
strings correctly. Additionally, more syntax forms are
recognized.
- Added the optional unpatented hinting system for TrueType.
- There is now a guard in the public header files to protect
against inclusion of freetype.h from FreeType 1.
- Direct inclusion of freetype.h and other public header files no
longer works. You have to use the documented scheme
#include <ft2build.h>
#include FT_FREETYPE_H
to load freetype.h with a symbolic name. This protects against
renaming of public header files (which shouldn't happen but
actually has, avoiding two public header files with the same
name).
I. IMPORTANT BUG FIXES
- Parsing the /CIDFontName field now removes the leading slash to
be in sync with other font drivers.
- gzip support was buggy. Some fonts could not be read.
- Fonts which have nested subglyphs more than one level deep no
longer cause a segfault.
- Creation of synthetic cmaps for fonts in CFF format was broken
partially.
- Numeric font dictionary entries for synthetic fonts are no longer
overwritten.
- The font matrix wasn't applied to the advance width for Type1, CID,
and CFF fonts. This caused problem when loading certain synthetic
Type 1 fonts like "Helvetica Narrow"
- The test for the charset registry in BDF and PCF fonts is now
case-insensitive.
- FT_Vector_Rotate rotating sometimes returned strange values due to
rounding errors.
- The PCF driver now returns the correct number of glyphs (including
an artificial `notdef' glyph at index 0).
- FreeType now supports buggy CMaps which are contained in many CJK
fonts from Dynalab.
- Opening an invalid font on a Mac caused a segfault due to
double-freeing memory.
- BDF fonts with more than 32768 glyphs weren't supported properly.
II. IMPORTANT CHANGES
- Accessing bitmap font formats has been synchronized. To do that
the FT_Bitmap_Size structure has been extended to contain new
fields `size', `x_ppem', and `y_ppem'.
- The FNT driver now returns multiple faces, not multiple strikes.
- The `psnames' module has been updated to the Adobe Glyph List
version 2.0.
- The `psnames' module now understands `uXXXX[X[X]]' glyph names.
- The algorithm for guessing the font style has been improved.
- For fonts in sfnt format, root->height is no longer increased if
the line gap is zero. There exist fonts (containing e.g. form
drawing characters) which intentionally have a zero line gap value.
- ft_glyph_bbox_xxx flags are now deprecated in favour of
FT_GLYPH_BBOX_XXX.
- ft_module_xxx flags are now deprecated in favour of FT_MODULE_XXX.
- FT_ENCODING_MS_{SJIS,GB2312,BIG5,WANSUNG,JOHAB} are now deprecated
in favour of FT_ENCODING_{SJIS,GB2312,GIB5,WANSONG,JOHAB} -- those
encodings are not specific to Microsoft.
III. MISCELLANEOUS
- The autohinter has been further improved; for example, `m' glyphs
now retain its vertical symmetry.
- Partial support of Mac fonts on non-Mac platforms.
- `make refdoc' (after first `make') builds the HTML documentation.
You need Python for this.
- The make build system should now work more reliably on DOS-like
platforms.
- Support for EMX gcc and Watson C/C++ compilers on MS-DOS has been
added.
- Better VMS build support.
- Support for the pkg-config package by providing a `freetype.pc'
file.
- New configure option --with-old-mac-fonts for Darwin.
- Some source files have been renamed (mainly to fit into the 8.3
naming scheme).
Extract of changes:
- a fix in the Gzip stream reader, it couldn't read certain .gz files
properly due to a small typo. In certain cases, FreeType could also
loop endlessly when trying to load tiny gzipped files.
- certain fonts couldn't be loaded by 2.1.3 because they lacked a
Unicode charmap (e.g. SYMBOL.TTF). FreeType erroneously rejected
them.
- the CFF loader was modified to accept fonts which only
contain a subset of their reference charset. This prevented the
correct use of PDF-embedded fonts.
- the logic to detect Unicode charmaps has been modified. this is required
to support fonts which include both 16-bit and 32-bit charmaps (like
very recent asian ones) using the new 10 and 12 SFNT formats.
- the TrueType loader now limits the depth of composite glyphs. This is
necessary to prevent broken fonts to break the engine by blowing the
stack with recursive glyph definitions.
- the CMap cache is now capable of managing UCS-4 character codes that
are mapped through extended charmaps in recent TrueType/OpenType fonts
- the cache sub-system now properly manages out-of-memory conditions,
instead of blindly reporting them to the caller. This means that it
will try to empty the cache before restarting its allocations to see
if that can help.
- the PFR driver didn't return the list of available embedded bitmaps
properly.
- David Chester contributed some enhancements to the auto-hinter that
significantly increase the quality of its output. The Postscript hinter
was also improved in several ways..
- the FT_RENDER_MODE_LIGHT render mode was implemented
- a new API, called FT_Get_BDF_Property has been added to FT_BDF_H to
retrieve BDF properties from BDF _and_ PCF font files. THIS IS STILL
EXPERIMENTAL, since it hasn't been properly tested yet.
- a Windows FNT specific API has been added, mostly to access font
headers. This is used by Wine
- TrueType tables without a "hmtx" table are now tolerated when an
incremental interface is used. This happens for certain Type42 fonts
passed from Ghostscript to FreeType.
- the PFR font driver is now capable of returning the font family and
style names when they're available (instead of the sole "FontID"). This
is performed by parsing an *undocumented* portion of the font file !!
of pkgsrc:
- place -I${LOCALBASE}/freetype2 before -I${LOCALBASE}, since
otherwise freetype 1 headers might be used
- add -Wl,${RPATH_FLAG}
bump pkgrevision
