CHANGES BETWEEN 2.4.6 and 2.4.7
I. IMPORTANT BUG FIXES
- Some vulnerabilities in handling Type 1 fonts have been fixed;
see CVE-2011-3256.
II. MISCELLANEOUS
- FreeType now properly handles ZapfDingbats glyph names while
constructing a Unicode character map (for fonts which don't have one).
Update to 2.4.6, No answer from maintainer.
CHANGES BETWEEN 2.4.5 and 2.4.6
I. IMPORTANT BUG FIXES
- For TrueType based fonts, the ascender and descender values were
incorrect sometimes (off by a pixel if the ppem value was not a
multiple of 5). Depending on the use you might now experience
a different layout; the change should result in better, more
consistent line spacing.
- Fix CVE-2011-0226 which causes a vulnerability while handling
Type 1 fonts.
- BDF fonts containing glyphs with negative values for ENCODING
were incorrectly rejected. This bug has been introduced in
FreeType version 2.2.0.
- David Bevan contributed a major revision of the FreeType stroker
code:
. The behaviour of FT_STROKER_LINEJOIN_BEVEL has been corrected.
. A new line join style, FT_STROKER_LINEJOIN_MITER_FIXED, has
been introduced to support PostScript and PDF miter joins.
. FT_STROKER_LINEJOIN_MITER_VARIABLE has been introduced ches has
been fixed.
II. MISCELLANEOUS
- SFNT bitmap fonts which contain an outline glyph for `.notdef'
only no longer set the FT_FACE_FLAG_SCALABLE flag.
CHANGES BETWEEN 2.4.4 and 2.4.5
I. IMPORTANT BUG FIXES
- A rendering regression for second-order B#zier curves has been
fixed, introduced in 2.4.3.
II. IMPORTANT CHANGES
- If autohinting is not explicitly disabled, FreeType now uses
the autohinter if a TrueType based font doesn't contain native
hints.
- The load flag FT_LOAD_IGNORE_GLOBAL_ADVANCE_WIDTH has been made
redundant and is simply ignored; this means that FreeType now
ignores the global advance width value in TrueType fonts.
III. MISCELLANEOUS
- `FT_Sfnt_Table_Info' can now return the number of SFNT tables of
a font.
- Support for PCF files compressed with bzip2 has been contributed
by Joel Klinghed. To make this work, the OS must provide a
bzip2 library.
- Bradley Grainger contributed project and solution files in
Visual Studio 2010 format.
- Again some fixes to better handle broken fonts.
changes:
-fixed rendering regression for second-order Bezier curves
-FreeType now uses the autohinter per default
-Support for PCF files compressed with bzip2
-misc fixes and improvements
pkgsrc change: clean up patch-ac (which fixes SA45167): put sign extension
stuff into a macro and move checks to make it closer to the upstream fix
I. IMPORTANT BUG FIXES
- UVS support (TrueType/OpenType cmap format 14) support is fixed.
This regression has been introduced in version 2.4.0.
II. MISCELLANEOUS
- Detect tricky fonts (e.g. MingLiU) by the lengths and checksums
of Type42-persistent subtables (`cvt ', `fpgm', and `prep') when
a TrueType font without family name is given. The previous fix,
introduced in 2.4.3, was too rigorous, causing many subsetted
fonts (mainly from PDF files) displayed badly because FreeType
forced rendering with the TrueType bytecode engine instead of
the autohinter.
- Better support for 64bit platforms.
- More fixes to improve handling of broken fonts.
which could be exploited to cause a crash and potentially execute
arbitrary code via a specially crafted font (CVE-2010-3814)
bump PKGREV
being here, add CVE reference to an older patch
changes:
A rendering regression of S-shaped cubic arcs (introduced in
version 2.4.0) has been fixed. Besides that, a bunch
of fixes have been applied to improve handling of broken fonts.
CHANGES BETWEEN 2.4.1 and 2.4.2
I. IMPORTANT BUG FIXES
- A stack overflow in CFF Type2 CharStrings interpreter is fixed.
- Handling Type 42 font deallocation was broken; additionally, the
library is now more robust against malformed Type 42 fonts.
II. MISCELLANEOUS
- Two new functions, `FT_Reference_Library' (in FT_MODULE_H) and
`FT_Reference_Face' (in FT_FREETYPE_H), have been added to
simplify life-cycle management. A counter gets initialized to 1
at the time an FT_Library (or FT_Face) structure is created.
The two new functions increment the respective counter.
`FT_Done_Library' and `FT_Done_Face' then only destroy a library
or face if the counter is 1, otherwise they simply decrement the
counter.
changes:
- Since May 2010, all patents regarding the TrueType bytecode
interpreter have expired worldwide. Consequently, we now define
TT_CONFIG_OPTION_BYTECODE_INTERPRETER by default (and undefine
TT_CONFIG_OPTION_UNPATENTED_HINTING).
- A new function `FT_Library_SetLcdFilterWeights' is available to
adjust the filter weights set by `FT_Library_SetLcdFilter'.
-increased robustness, bugfixes
pkgsrc note: the "truetype" option was removed, the bytecode interpreter
is now always enabled
changes:
- For `FT_Open_Face', new parameters are available to ignore
preferred family names: FT_PARAM_TAG_IGNORE_PREFERRED_FAMILY and
FT_PARAM_TAG_IGNORE_PREFERRED_SUBFAMILY.
- Support for incremental font loading (controlled with the
FT_CONFIG_OPTION_INCREMENTAL macro) is now active by default.
- Better support for vertical metrics.
- Various minor bug fixes.
This is a bugfix release for the 2.3 series, which brings considerable
improvements for b/w rasterizing of hinted TrueType fonts at
small sizes. All users should upgrade.
changes:
-important bugfixes
-improved CID support
There was an ABI breakage between 2.3.7 and 2.3.8 which was reverted
in 2.3.9. The public 'PS_FontInfoRec' structure was expanded and
then shrunk. Applications compiled against 2.3.8 should work fine
with 2.3.9. Applications compiled against the new 2.3.9 can
theoretically exhibit problems if run against a 2.3.8 binary, if
some PS_FontInfo stuff is used. See the freetype release notes
for details. I didn't find any suspects for now. If one is found,
it should be changed to require 2.3.9, and PKGREV bumped.
This changes the buildlink3.mk files to use an include guard for the
recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS,
BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new
variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of
enter/exit marker, which can be used to reconstruct the tree and
to determine first level includes. Avoiding := for large variables
(BUILDLINK_ORDER) speeds up parse time as += has linear complexity.
The include guard reduces system time by avoiding reading files over and
over again. For complex packages this reduces both %user and %sys time to
half of the former time.
changes:
-improvements for fonts in an SFNT wrapper (used on Mac)
-FT_MulFix is now an inlined function; by default, assembler code
is provided for x86 and ARM. See FT_CONFIG_OPTION_INLINE_MULFIX
and FT_CONFIG_OPTION_NO_ASSEMBLER (in ftoption.h) for more
-handling of `tricky' fonts has been generalized and changed slightly
-API additions
-bugfixes
X.Org found in NetBSD-current.
Thanks a lot to all who helped, especially Matthias Scheler who did
repeated tests on Mac OS X and older versions of NetBSD to make sure the
support for those platforms wouldn't be broken (or at least, not fatally,
as I would still expect a few hiccups here and there, because there is
only so much one can test in such limited time).
On the infrastructure side, this branch brings pkgconfig-builtin.mk, in
order to write very easily new builtin.mk files. It can actually handle
more than just pkgconfig files, but it will provide a version if it finds
such a file. x11.builtin.mk has also been made more useful and now all
existing (and future!) native-X11-related builtin.mk files should include
it.
This is a bugfix release for the 2.3 series which provides some important
fixes for bugs which were introduced in version 2.3.6. Additionally, native
bytecode hinting for TrueType fonts has been improved.
* src/cff/cffobjs.c (cff_face_init): Compute final
`dict->units_per_em' value before assigning it to
`cffface->units_per_EM'. Otherwise, CFFs without subfonts are be
scaled incorrectly if the font matrix is non-standard. This fixes
Savannah bug #23630
This fixes the problem that text set in a font embedded as type 1C subset
was rendered unreadably small.
bump PKGREVISION
This fixes some integer overflow/memory corruption/heap overflow
security problems: CVE-2008-1806, CVE-2008-1807, CVE-2008-1808
other changes:
-new function `FT_Get_CID_Registry_Ordering_Supplement' gives
access to those fields in a CID-keyed font
-code to validate the new `MATH' OpenType table
-API for cmap 14 support
-A new face flag FT_FACE_FLAG_CID_KEYED
-misc bugfixes and other improvements
changes:
-Some subglyphs in TrueType fonts were handled incorrectly due to
a missing graphics state reinitialization.
-Large .Z files (as distributed with some X11 packages) weren't
handled correctly, making FreeType increase the heap stack in an
endless loop.
-A large number of bugs have been fixed to avoid crashes and
endless loops with invalid fonts.
-API extensions for caching, TT handling
-autohinter improvement for non-Latin scripts
-Support for Windows FON files in PE format
* src/bdf/bdflib.c (setsbit, sbitset): Handle values >= 128
gracefully.
(_bdf_set_default_spacing): Increase `name' buffer size to 256 and
issue an error for longer names.
(_bdf_parse_glyphs): Limit allowed number of glyphs in font to the
number of code points in Unicode.
This fixes CVE-2007-1351.
This switches to the new stable branch. There are too many API additions
and other changes to list here -- see the changelog.
Some notes:
-There is an unpatented hinter built in per default. The "truetype"
pkgsrc option does still enable another one -- the documentation here
is inconsistent, so I've left this alone for now. I couldn't find
a visible effect with my fonts on my display.
-New pkgsrc option "subpixel". Enables subpixel rendering for LCDs.
Not default because there are patent issues.
-There is sone strange effect of the CONFIG_SHELL environment valiable
on the "configure" script. Worked around this by overriding the
env var in the pkg Makefile. Someone understanding shell quoting might
be able to locate the underlying problem.
and add a new helper target and script, "show-buildlink3", that outputs
a listing of the buildlink3.mk files included as well as the depth at
which they are included.
For example, "make show-buildlink3" in fonts/Xft2 displays:
zlib
fontconfig
iconv
zlib
freetype2
expat
freetype2
Xrender
renderproto
RECOMMENDED is removed. It becomes ABI_DEPENDS.
BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo.
BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo.
BUILDLINK_DEPENDS does not change.
IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS
which defaults to "yes".
Added to obsolete.mk checking for IGNORE_RECOMMENDED.
I did not manually go through and fix any aesthetic tab/spacing issues.
I have tested the above patch on DragonFly building and packaging
subversion and pkglint and their many dependencies.
I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I
have used IGNORE_RECOMMENDED for a long time). I have been an active user
of IGNORE_RECOMMENDED since it was available.
As suggested, I removed the documentation sentences suggesting bumping for
"security" issues.
As discussed on tech-pkg.
I will commit to revbump, pkglint, pkg_install, createbuildlink separately.
Note that if you use wip, it will fail! I will commit to pkgsrc-wip
later (within day).
pkg-config file.
This fixes problem where non-pkgsrc software builds using this info
can also find the ft2build.h header. (Not noticed in pkgsrc itself
because that include file is already known.)
This is also done in upstream version in the 2.2 release candidates.
The commit log message upstream is:
builds/unix/freetype2.in (CFlags): Add missing directory.
Bump PKGREVISION.
