{"affected":[{"ecosystem_specific":{"binaries":[{"freetype2-devel":"2.10.1-4.3.1","libfreetype6":"2.10.1-4.3.1","libfreetype6-32bit":"2.10.1-4.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP1","name":"freetype2","purl":"pkg:rpm/suse/freetype2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.10.1-4.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for freetype2 to version 2.10.1 fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2018-6942: Fixed a NULL pointer dereference within ttinerp.c (bsc#1079603).\n\nNon-security issues fixed:\n\n- Update to version 2.10.1\n  * The bytecode hinting of OpenType variation fonts was flawed, since\n    the data in the `CVAR' table wasn't correctly applied.\n  * Auto-hinter support for Mongolian.\n  * The handling of  the default character in PCF fonts as  introduced\n    in version 2.10.0 was partially broken, causing premature abortion\n    of charmap iteration for many fonts.\n  * If  `FT_Set_Named_Instance' was  called  with  the same  arguments\n    twice in a row, the function  returned an incorrect error code the\n    second time.\n  * Direct   rendering   using  FT_RASTER_FLAG_DIRECT   crashed   (bug\n    introduced in version 2.10.0).\n  * Increased  precision  while  computing  OpenType  font   variation\n    instances.\n  * The  flattening  algorithm of  cubic  Bezier  curves was  slightly\n    changed to make  it faster.  This can cause  very subtle rendering\n    changes, which aren't noticeable by the eye, however.\n  * The  auto-hinter  now  disables hinting  if there  are blue  zones\n    defined for a `style' (i.e., a certain combination of a script and\n    its related typographic features) but the font doesn't contain any\n    characters needed to set up at least one blue zone.\n- Add tarball signatures and freetype2.keyring\n\n- Update to version 2.10.0\n  * A bunch of new functions has been added to access and process\n    COLR/CPAL data of OpenType fonts with color-layered glyphs.\n  * As a GSoC 2018 project, Nikhil Ramakrishnan completely\n    overhauled and modernized the API reference.\n  * The logic for computing the global ascender, descender, and\n    height of OpenType fonts has been slightly adjusted for\n    consistency.\n  * `TT_Set_MM_Blend' could fail if called repeatedly with the same\n    arguments.\n  * The precision of handling deltas in Variation Fonts has been\n    increased.The problem did only show up with multidimensional\n    designspaces.\n  * New function `FT_Library_SetLcdGeometry' to set up the geometry\n    of LCD subpixels.\n  * FreeType now uses the `defaultChar' property of PCF fonts to set\n    the  glyph for  the undefined  character  at glyph  index 0  (as\n    FreeType already does for all other supported font formats).  As\n    a consequence, the order of glyphs of a PCF font if accessed\n    with  FreeType can be different now compared to previous\n    versions.\n    This change doesn't affect PCF font access with cmaps.\n  * `FT_Select_Charmap' has been changed to allow  parameter value\n    `FT_ENCODING_NONE', which is valid for BDF, PCF, and Windows FNT\n    formats to access built-in cmaps that don't have a predefined\n    `FT_Encoding' value.\n  * A previously reserved field in the `FT_GlyphSlotRec' structure\n    now holds the glyph index.\n  * The usual round of fuzzer bug fixes to better reject malformed\n    fonts.\n  * `FT_Outline_New_Internal' and `FT_Outline_Done_Internal' have\n    been removed.These two functions were public by oversight only\n    and were never documented.\n  * A new function `FT_Error_String' returns descriptions of error\n    codes if configuration macro FT_CONFIG_OPTION_ERROR_STRINGS is\n    defined.\n  * `FT_Set_MM_WeightVector' and `FT_Get_MM_WeightVector' are new\n    functions limited to Adobe MultiMaster fonts to directly set and\n    get the weight vector.\n\n- Enable subpixel rendering with infinality config:\n\n- Re-enable freetype-config, there is just too many fallouts. \n\n- Update to version 2.9.1\n  * Type 1 fonts containing flex features were not rendered\n    correctly (bug introduced in version 2.9).\n  * CVE-2018-6942: Older FreeType versions can crash with certain\n    malformed variation fonts.\n  * Bug fix: Multiple calls to `FT_Get_MM_Var' returned garbage.\n  * Emboldening of bitmaps didn't work correctly sometimes, showing\n    various artifacts (bug introduced in version 2.8.1).\n  * The auto-hinter script ranges have  been updated for Unicode 11.\n    No support for new scripts have been added, however,  with the\n    exception of Georgian Mtavruli.\n- freetype-config is now deprecated by upstream and not enabled\n  by default.\n\n- Update to version 2.10.1\n  * The `ftmulti' demo program now  supports multiple hidden axes with\n    the same name tag.\n  * `ftview', `ftstring', and `ftgrid' got  a `-k' command line option\n    to emulate a sequence of keystrokes at start-up.\n  * `ftview', `ftstring', and `ftgrid' now support screen dumping to a\n    PNG file.\n  * The bytecode debugger, `ttdebug',  now supports variation TrueType\n    fonts; a variation font instance can be selected with the new `-d'\n    command line option.\n- Add tarball signatures and freetype2.keyring\n\n- Update to version 2.10.0\n  * The  `ftdump' demo  program has new options `-c'  and `-C'  to\n    display charmaps in compact and detailed format, respectively.\n    Option `-V' has been removed.\n  * The `ftview', `ftstring', and `ftgrid' demo programs use a new\n    command line option `-d' to specify the program window's width,\n    height, and color depth.\n  * The `ftview' demo program now displays red boxes for zero-width\n    glyphs.\n  * `ftglyph' has limited support to display fonts with\n    color-layered glyphs.This will be improved later on.\n  * `ftgrid' can now display bitmap fonts also.\n  * The `ttdebug' demo program has a new option `-f' to select a\n    member of a TrueType collection (TTC).\n  * Other various improvements to the demo programs.\n\n- Remove 'Supplements: fonts-config' to avoid accidentally pulling\n  in Qt dependencies on some non-Qt based desktops.(bsc#1091109)\n  fonts-config is fundamental but ft2demos seldom installs by end users.\n  only fonts-config maintainers/debuggers may use ft2demos along to\n  debug some issues. \n\n- Update to version 2.9.1\n  * No changelog upstream.\n","id":"SUSE-SU-2020:1353-1","modified":"2020-05-20T11:02:36Z","published":"2020-05-20T11:02:36Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2020/suse-su-20201353-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1079603"},{"type":"REPORT","url":"https://bugzilla.suse.com/1091109"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-6942"}],"related":["CVE-2018-6942"],"summary":"Security update for freetype2","upstream":["CVE-2018-6942"]}