SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for freetype2-32bit-2.3.9-2.9.1.x86_64.rpm :
Thu Apr 12 14:00:00 2012 lijewski.stefanAATTzabka.pl
- BNC#750937, BNC#750947 CVE-2012-1126+1127.patch Out-of heap-based buffer read by parsing glyph information and bitmaps for BDF fonts
- BNC#750938 CVE-2012-1139.patch Array index error, leading to out-of stack based buffer read by parsing BDF font glyph information
- BNC#750939 CVE-2012-1136.patch Out-of heap-based buffer write by parsing BDF glyph and bitmaps information with missing ENCODING field (FU#35641)
- BNC#750940 CVE-2012-1133.patch Out-of heap-based buffer write by parsing BDF glyph information and bitmaps (FU#35607)
- BNC#750941 CVE-2012-1138.patch Out-of heap-based buffer read in the TrueType bytecode interpreter by executing the MIRP instruction
- BNC#750942 CVE-2012-1128.patch NULL pointer dereference by moving zone2 pointer point for certain TrueType font
- BNC#750943 CVE-2012-1137.patch Out-of heap-based buffer read by parsing BDF font header
- BNC#750944 CVE-2012-1144.patch Out-of heap-based buffer write in the TrueType bytecode interpreter by moving zone2 pointer point
- BNC#750945 CVE-2012-1134.patch Out-of heap-based buffer write in Type1 font parser by retrieving font\'s private dictionary
- BNC#750946 CVE-2012-1135.patch Out-of heap-based buffer read in TrueType bytecode interpreter by executing NPUSHB and NPUSHW instructions (FU#35640)
- BNC#750947 CVE-2012-1127.patch Out-of heap-based buffer read by parsing glyph information and bitmaps for BDF fonts
- BNC#750948 CVE-2012-1142.patch Out-of heap-based buffer read in TrueType bytecode interpreter by executing NPUSHB and NPUSHW instructions
- BNC#750949 CVE-2012-1143.patch Integer divide by zero by performing arithmetic computations for certain fonts
- BNC#750950 CVE-2012-1132.patch Out-of heap-based buffer read flaw in Type1 font loader by parsing font dictionary entries
- BNC#750951 CVE-2012-1130.patch Out-of heap-based buffer read by loading properties of PCF fonts
- BNC#750952 CVE-2012-1129.patch Out-of heap-based buffer read when parsing certain SFNT strings by Type42 font parser
- BNC#750953 CVE-2012-1131.patch (64-bit specific): Out-of heap-based buffer read by attempt to record current cell into the cell table
- BNC#750954 CVE-2012-1140.patch Out-of heap-based buffer read by conversion of PostScript font objects
- BNC#750955 CVE-2012-1141.patch Out-of heap-based buffer read flaw by conversion of an ASCII string into a signed short integer by processing BDF fonts

Thu Dec 8 13:00:00 2011 mkubecekAATTsuse.cz
- bnc730124_CVE-2011-3256.patch:
FreeType 2 before 2.4.7 allows remote attackers to execute arbitrary
code or cause a denial of service (memory corruption) via a crafted
font. (CVE-2011-3256, bnc#730124)
- bnc730124_CVE-2011-3439.patch:
FreeType allows remote attackers to execute arbitrary code or cause a
denial of service (memory corruption) via a crafted font.
(CVE-2011-3439, bnc#730124)

Sun Jul 31 14:00:00 2011 lijewski.stefanAATTgmail.com
- dded bnc704612_othersubr.diff, CVE-2011-0226, bnc#704612

Mon Feb 28 13:00:00 2011 jwAATTnovell.com
- added bnc647375_CVE-2010-3855.diff for bnc#647375

Fri Feb 25 13:00:00 2011 jwAATTnovell.com
- added bnc647375_CVE-2010-3814.diff for bnc#647375

Wed Oct 13 14:00:00 2010 jwAATTnovell.com
- added bnc641580_CVE-2010-3311.diff for bnc#641580

Mon Sep 20 14:00:00 2010 jwAATTnovell.com
- added bnc633943_CVE-2010-3054.diff

Wed Sep 15 14:00:00 2010 jwAATTnovell.com
- added bnc633938_CVE-2010-3053.diff

Wed Aug 11 14:00:00 2010 jwAATTnovell.com
- added bnc619562_CVE-2010-2497,2498,2499,2500,2519,2520

Tue Aug 10 14:00:00 2010 jwAATTnovell.com
- added bnc629447_CVE-2010-2805..8.diff

Mon Aug 9 14:00:00 2010 jwAATTnovell.com
- CVE-2010-1797: added bnc628213_1797.diff

Mon Jul 27 14:00:00 2009 tiwaiAATTsuse.de
- updated to version 2.3.9:

* see URLs below
http://www.freetype.org/index2.html#release-freetype-2.3.9
http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=653641
- updated to version 2.3.9:

* see URLs below
http://www.freetype.org/index2.html#release-freetype-2.3.9
http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=667610
- fix builds with older distros

Tue Jul 7 14:00:00 2009 meissnerAATTnovell.com
- require zlib-devel- from freetype2-devel-
bnc#519192

Thu Apr 16 14:00:00 2009 nadvornikAATTsuse.cz
- fixed integer overflows [bnc#485889] CVE-2009-0946

Mon Mar 9 13:00:00 2009 crrodriguezAATTsuse.de
- freetype2 has subpixel rendering enabled [bnc#478407]

Wed Dec 10 13:00:00 2008 olhAATTsuse.de
- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
(bnc#437293)

Wed Nov 5 13:00:00 2008 mfabianAATTsuse.de
- bnc#441638: use fix from upstream CVS to fix the return value
of FT_Get_TrueType_Engine_Type (and make it work as documented).
Thanks to Werner Lemberg for fixing and Krzysztof Kotlenga for
reporting the issue.

Thu Oct 30 13:00:00 2008 olhAATTsuse.de
- obsolete old -XXbit packages (bnc#437293)

Mon Aug 18 14:00:00 2008 mfabianAATTsuse.de
- fix uninitialized pointer \"FT_STREAM stream\" in function
FT_Open_Face() which made fontforge crash while trying to apply
a workaround to the sazanami-fonts because fontforge called
FT_Open_Face() with 0 for the FT_Library argument and
then freetype crashed in FT_Stream_Free().

Wed Jul 23 14:00:00 2008 mfabianAATTsuse.de
- update to 2.3.7. Extract from the docs/CHANGES file:
• If the library was compiled on an i386 platform using gcc, and
compiler option -O3 was given, `FT_MulFix\' sometimes returned
incorrect results which could have caused problems with
`FT_Request_Metrics\' and `FT_Select_Metrics\', returning an
incorrect descender size.
• Pure CFFs without subfonts were scaled incorrectly if the font
matrix was non-standard. This bug has been introduced in
version 2.3.6.
• The `style_name\' field in the `FT_FaceRec\' structure often
contained a wrong value for Type 1 fonts. This misbehaviour
has been introduced in version 2.3.6 while trying to fix
another problem. [Note, however, that this value is
informative only since the used algorithm to extract it is
very simplistic.]
• Two new macros, FT_OUTLINE_SMART_DROPOUTS and
FT_OUTLINE_EXCLUDE_STUBS, have been introduced. Together with
FT_OUTLINE_IGNORE_DROPOUTS (which was ignored previously) it is
now possible to control the dropout mode of the `raster\' module
(for B&W rasterization), using the `flags\' field in the
`FT_Outline\' structure.
• The TrueType bytecode interpreter now passes the dropout mode to
the B&W rasterizer. This greatly increases the output for small
ppem values of many fonts like `pala.ttf\'.
• A bunch of potential security problems have been found. All
users should update.
• Microsoft Unicode cmaps in TrueType fonts are now always
preferred over Apple cmaps. This is not a bug per se, but there
exist some buggy fonts created for MS which have broken Apple
cmaps. This affects only the automatic selection of FreeType;
it\'s always possible to manually select an Apple Unicode cmap if
desired.
• Many bug fixes to the TrueType bytecode interpreter.
• Improved Mac support.
• Subsetted CID-keyed CFFs are now supported correctly.
• CID-keyed CFFs with subfonts which are scaled in a non-standard
way are now handled correctly.
• A call to FT_Open_Face with `face_index\' < 0 crashed FreeType if
the font was a Windows (bitmap) FNT/FON.
• The new function `FT_Get_CID_Registry_Ordering_Supplement\' gives
access to those fields in a CID-keyed font. The code has been
contributed by Derek Clegg.
• George Williams contributed code to validate the new `MATH\'
OpenType table (within the `otvalid\' module). The `ftvalid\'
demo program has been extended accordingly.
• An API for cmap 14 support (for Unicode Variant Selectors, UVS)
has been contributed by George Williams.
• A new face flag FT_FACE_FLAG_CID_KEYED has been added, together
with a macro FT_IS_CID_KEYED which evaluates to 1 if the font is
CID-keyed.
• Build support for symbian has been contributed.
• Better WGL4 glyph name support, contributed by Sergey Tolstov.
• Debugging output of the various FT_TRACEX macros is now sent to
stderr.
• The `ftview\' demo program now provides artificial slanting too.
• The `ftvalid\' demo program has a new option `-f\' to select the
font index.
- remove patch for bnc#399169 (came from upstream).

Fri Jun 13 14:00:00 2008 mfabianAATTsuse.de
- bnc#399169: fix multiple vulnerabilities.

Mon Apr 14 14:00:00 2008 schwabAATTsuse.de
- Make sure config.guess and config.sub exist.

Thu Apr 10 14:00:00 2008 roAATTsuse.de
- added baselibs.conf file to build xxbit packages
for multilib support

Thu Oct 18 14:00:00 2007 mfabianAATTsuse.de
- Bugzilla #334565: avoid crash in xpdf caused by a bug in the
workaround patch for bug #308961
(fixed by Peng Wu ).

Mon Oct 8 14:00:00 2007 mfabianAATTsuse.de
- Bugzilla #308961: improve workaround patch for the broken
underlining in the CMEX fonts
(again by Peng Wu ).

Tue Oct 2 14:00:00 2007 mfabianAATTsuse.de
- Bugzilla #308961: add workaround for broken underlining
when using the CMEX fonts (by Peng Wu ).

Tue Jul 3 14:00:00 2007 mfabianAATTsuse.de
- update to 2.3.5. Extract from the doc/CHANGES file:
• Some subglyphs in TrueType fonts were handled incorrectly due
to a missing graphics state reinitialization.
• Large .Z files (as distributed with some X11 packages)
weren\'t handled correctly, making FreeType increase the heap
stack in an endless loop.
• A large number of bugs have been fixed to avoid crashes and
endless loops with invalid fonts.
• The two new cache functions `FTC_ImageCache_LookupScaler\' and
`FTC_SBit_Cache_LookupScaler\' have been added to allow lookup of
glyphs using an `FTC_Scaler\' object; this makes it possible to
use fractional pixel sizes in the cache. The demo programs have
been updated accordingly to use this feature.
• A new API `FT_Get_CMap_Format\' has been added to get the
cmap format of a TrueType font. This is useful in handling
PDF files. The code has been contributed by Derek Clegg.
• The auto-hinter now produces better output by default for
non-Latin scripts like Indic. This was done by using the CJK
hinting module as the default instead of the Latin one. Thanks
to Rahul Bhalerao for this suggestion.
• A new API `FT_Face_CheckTrueTypePatents\' has been added to find
out whether a given TrueType font uses patented bytecode
instructions. The `ft2demos\' bundle contains a new program
called `ftpatchk\' which demonstrates its usage.
• A new API `FT_Face_SetUnpatentedHinting\' has been added to
enable or disable the unpatented hinter.
• Support for Windows FON files in PE format has been contributed
by Dmitry Timoshkov.

Mon Jun 4 14:00:00 2007 mfabianAATTsuse.de
- Bugzilla #275072: (from upstream CVS):
Check for negative number of points in contours. Problem
reported by Victor Stinner .

Tue May 22 14:00:00 2007 mfabianAATTsuse.de
- fix last patch to avoid crashes when loader->exec == NULL.
(caused crashes in xpdf, kpdf, acroread for me for many
.pdf files).

Mon May 21 14:00:00 2007 mfabianAATTsuse.de
- Bugzilla #273714: (\'¼\', \'½\', and \'¾\' in \"Albany AMT\" are
rendered very badly): apply fix from upstream CVS, thanks
to Werner LEMBERG.

Tue Apr 10 14:00:00 2007 mfabianAATTsuse.de
- update to 2.3.4. Extract from the doc/CHANGES file:
• A serious bug in the handling of bitmap fonts (and bitmap
strikes of outline fonts) has been introduced in 2.3.3.
• Remove a serious regression in the TrueType bytecode
interpreter that was introduced in version 2.3.2. Note that
this does not disable the improvements introduced to the
interpreter in version 2.3.2, only some ill cases that occurred
with certain fonts (though a few popular ones).
• The auto-hinter now ignores single-point contours for
computing blue zones. This bug created `wavy\' baselines when
rendering text with various fonts that use these contours to
model mark-attach points (these are points that are never
rasterized and are placed outside of the glyph\'s real
outline).
• The `rsb_delta\' and `lsb_delta\' glyph slot fields are now set
to 0 for mono-spaced fonts. Otherwise code that uses them
would essentially ruin the fixed-advance property.
• Fix CVE-2007-1351 which can cause an integer overflow while
parsing BDF fonts, leading to a potentially exploitable heap
overflow condition.
• FreeType returned incorrect kerning information from TrueType
fonts when the bytecode interpreter was enabled. This
happened due to a typo introduced in version 2.3.0.
• Negative kerning values from PFM files are now reported
correctly (they were read as 16-bit unsigned values from the
file).
• Fixed a small memory leak when `FT_Init_FreeType\' failed for
some reason.
• The Postscript hinter placed and sized very thin and ghost
stems incorrectly.
• The TrueType bytecode interpreter has been fixed to get rid
of most of the rare differences seen in comparison to the
Windows font loader.
• A new demo program `ftdiff\' has been added to compare
TrueType hinting, FreeType\'s auto hinting, and rendering
without hinting in three columns.
• The auto-hinter now better deals with serifs and corner cases
(e.g., glyph \'9\' in Arial at 9pt, 96dpi). It also improves
spacing adjustments and doesn\'t change widths for non-spacing
glyphs.

Mon Apr 2 14:00:00 2007 rguentherAATTsuse.de
- add zlib-devel BuildRequires

Wed Mar 28 14:00:00 2007 mfabianAATTsuse.de
- Bugzilla #258335: fix buffer overflow in handling of bdf fonts.

Mon Feb 5 13:00:00 2007 mfabianAATTsuse.de
- update to 2.3.1.
• The TrueType interpreter sometimes returned incorrect
horizontal metrics due to a bug in the handling of the SHZ
instruction.
• A typo in a security check introduced after
version 2.2.1 prevented FreeType to render some glyphs in CFF
fonts.

Sun Jan 21 13:00:00 2007 mfabianAATTsuse.de
- update to 2.3.0 (from rc1 to final release)

Fri Jan 12 13:00:00 2007 mfabianAATTsuse.de
- update to 2.2.1.20070112 (= 2.3.0rc1).
• bugzilla #231417 fixed, see ChangeLog:
2007-01-10 David Turner
[...]

* src/pshinter/pshalgo.c (psh_glyph_compute_inflections):
fixed a typo which created an endless loop with some malformed
font files

Wed Jan 10 13:00:00 2007 mfabianAATTsuse.de
- update to 2.2.1.20070110.
- remove bugzilla-216793-local-variable-used-before-set.patch,
bugzilla-217388-fix-advance-handling-in-FT_GlyphSlot_Embolden.patch
(included upstream).

Wed Nov 22 13:00:00 2006 mfabianAATTsuse.de
- Bugzilla #222693: disable bugzilla-159166-reduce-embolden-distance.patch

Thu Nov 9 13:00:00 2006 mfabianAATTsuse.de
- Bugzilla #216793: \"local variable used before set\"

Tue Nov 7 13:00:00 2006 mfabianAATTsuse.de
- Bugzilla #217388: fix advance handling in FT_GlyphSlot_Embolden()

Fri Oct 27 14:00:00 2006 mfabianAATTsuse.de
- Bugzilla #158573: update to 2.2.1.20061027.

Fri Oct 20 14:00:00 2006 mfabianAATTsuse.de
- disable the recent fixes of the byte code interpreter because
if breaks the rendering of \"Luxi Mono\"
(/usr/share/fonts/truetype/luximr.ttf) See also:
http://lists.gnu.org/archive/html/freetype/2006-10/msg00034.html

Fri Oct 13 14:00:00 2006 mfabianAATTsuse.de
- update to 2.2.1.20061013
• fixes bugzilla #207959.
• autohinter improved

Fri Aug 4 14:00:00 2006 mfabianAATTsuse.de
- Bugzilla #196931: add zlib-devel to Requires of freetype2-devel.

Mon Jul 10 14:00:00 2006 mfabianAATTsuse.de
- Bugzilla #190902: add patch from upstream CVS to handle
bad PCF files.


  
ICM