Security update for freetype2 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:0704-1 Final 1 1 2020-05-23T18:14:34Z current 2020-05-23T18:14:34Z 2020-05-23T18:14:34Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for freetype2 This update for freetype2 to version 2.10.1 fixes the following issues: Security issue fixed: - CVE-2018-6942: Fixed a NULL pointer dereference within ttinerp.c (bsc#1079603). Non-security issues fixed: - Update to version 2.10.1 * The bytecode hinting of OpenType variation fonts was flawed, since the data in the `CVAR' table wasn't correctly applied. * Auto-hinter support for Mongolian. * The handling of the default character in PCF fonts as introduced in version 2.10.0 was partially broken, causing premature abortion of charmap iteration for many fonts. * If `FT_Set_Named_Instance' was called with the same arguments twice in a row, the function returned an incorrect error code the second time. * Direct rendering using FT_RASTER_FLAG_DIRECT crashed (bug introduced in version 2.10.0). * Increased precision while computing OpenType font variation instances. * The flattening algorithm of cubic Bezier curves was slightly changed to make it faster. This can cause very subtle rendering changes, which aren't noticeable by the eye, however. * The auto-hinter now disables hinting if there are blue zones defined for a `style' (i.e., a certain combination of a script and its related typographic features) but the font doesn't contain any characters needed to set up at least one blue zone. - Add tarball signatures and freetype2.keyring - Update to version 2.10.0 * A bunch of new functions has been added to access and process COLR/CPAL data of OpenType fonts with color-layered glyphs. * As a GSoC 2018 project, Nikhil Ramakrishnan completely overhauled and modernized the API reference. * The logic for computing the global ascender, descender, and height of OpenType fonts has been slightly adjusted for consistency. * `TT_Set_MM_Blend' could fail if called repeatedly with the same arguments. * The precision of handling deltas in Variation Fonts has been increased.The problem did only show up with multidimensional designspaces. * New function `FT_Library_SetLcdGeometry' to set up the geometry of LCD subpixels. * FreeType now uses the `defaultChar' property of PCF fonts to set the glyph for the undefined character at glyph index 0 (as FreeType already does for all other supported font formats). As a consequence, the order of glyphs of a PCF font if accessed with FreeType can be different now compared to previous versions. This change doesn't affect PCF font access with cmaps. * `FT_Select_Charmap' has been changed to allow parameter value `FT_ENCODING_NONE', which is valid for BDF, PCF, and Windows FNT formats to access built-in cmaps that don't have a predefined `FT_Encoding' value. * A previously reserved field in the `FT_GlyphSlotRec' structure now holds the glyph index. * The usual round of fuzzer bug fixes to better reject malformed fonts. * `FT_Outline_New_Internal' and `FT_Outline_Done_Internal' have been removed.These two functions were public by oversight only and were never documented. * A new function `FT_Error_String' returns descriptions of error codes if configuration macro FT_CONFIG_OPTION_ERROR_STRINGS is defined. * `FT_Set_MM_WeightVector' and `FT_Get_MM_WeightVector' are new functions limited to Adobe MultiMaster fonts to directly set and get the weight vector. - Enable subpixel rendering with infinality config: - Re-enable freetype-config, there is just too many fallouts. - Update to version 2.9.1 * Type 1 fonts containing flex features were not rendered correctly (bug introduced in version 2.9). * CVE-2018-6942: Older FreeType versions can crash with certain malformed variation fonts. * Bug fix: Multiple calls to `FT_Get_MM_Var' returned garbage. * Emboldening of bitmaps didn't work correctly sometimes, showing various artifacts (bug introduced in version 2.8.1). * The auto-hinter script ranges have been updated for Unicode 11. No support for new scripts have been added, however, with the exception of Georgian Mtavruli. - freetype-config is now deprecated by upstream and not enabled by default. - Update to version 2.10.1 * The `ftmulti' demo program now supports multiple hidden axes with the same name tag. * `ftview', `ftstring', and `ftgrid' got a `-k' command line option to emulate a sequence of keystrokes at start-up. * `ftview', `ftstring', and `ftgrid' now support screen dumping to a PNG file. * The bytecode debugger, `ttdebug', now supports variation TrueType fonts; a variation font instance can be selected with the new `-d' command line option. - Add tarball signatures and freetype2.keyring - Update to version 2.10.0 * The `ftdump' demo program has new options `-c' and `-C' to display charmaps in compact and detailed format, respectively. Option `-V' has been removed. * The `ftview', `ftstring', and `ftgrid' demo programs use a new command line option `-d' to specify the program window's width, height, and color depth. * The `ftview' demo program now displays red boxes for zero-width glyphs. * `ftglyph' has limited support to display fonts with color-layered glyphs.This will be improved later on. * `ftgrid' can now display bitmap fonts also. * The `ttdebug' demo program has a new option `-f' to select a member of a TrueType collection (TTC). * Other various improvements to the demo programs. - Remove 'Supplements: fonts-config' to avoid accidentally pulling in Qt dependencies on some non-Qt based desktops.(bsc#1091109) fonts-config is fundamental but ft2demos seldom installs by end users. only fonts-config maintainers/debuggers may use ft2demos along to debug some issues. - Update to version 2.9.1 * No changelog upstream. This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-704 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2020-05/msg00054.html E-Mail link for openSUSE-SU-2020:0704-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1079603 SUSE Bug 1079603 https://bugzilla.suse.com/1091109 SUSE Bug 1091109 https://www.suse.com/security/cve/CVE-2018-6942/ SUSE CVE CVE-2018-6942 page openSUSE Leap 15.1 freetype2-devel-2.10.1-lp151.4.3.1 freetype2-devel-32bit-2.10.1-lp151.4.3.1 freetype2-profile-tti35-2.10.1-lp151.4.3.1 ft2demos-2.10.1-lp151.4.3.1 ftbench-2.10.1-lp151.4.3.1 ftdiff-2.10.1-lp151.4.3.1 ftdump-2.10.1-lp151.4.3.1 ftgamma-2.10.1-lp151.4.3.1 ftgrid-2.10.1-lp151.4.3.1 ftinspect-2.10.1-lp151.4.3.1 ftlint-2.10.1-lp151.4.3.1 ftmulti-2.10.1-lp151.4.3.1 ftstring-2.10.1-lp151.4.3.1 ftvalid-2.10.1-lp151.4.3.1 ftview-2.10.1-lp151.4.3.1 libfreetype6-2.10.1-lp151.4.3.1 libfreetype6-32bit-2.10.1-lp151.4.3.1 freetype2-devel-2.10.1-lp151.4.3.1 as a component of openSUSE Leap 15.1 freetype2-devel-32bit-2.10.1-lp151.4.3.1 as a component of openSUSE Leap 15.1 freetype2-profile-tti35-2.10.1-lp151.4.3.1 as a component of openSUSE Leap 15.1 ft2demos-2.10.1-lp151.4.3.1 as a component of openSUSE Leap 15.1 ftbench-2.10.1-lp151.4.3.1 as a component of openSUSE Leap 15.1 ftdiff-2.10.1-lp151.4.3.1 as a component of openSUSE Leap 15.1 ftdump-2.10.1-lp151.4.3.1 as a component of openSUSE Leap 15.1 ftgamma-2.10.1-lp151.4.3.1 as a component of openSUSE Leap 15.1 ftgrid-2.10.1-lp151.4.3.1 as a component of openSUSE Leap 15.1 ftinspect-2.10.1-lp151.4.3.1 as a component of openSUSE Leap 15.1 ftlint-2.10.1-lp151.4.3.1 as a component of openSUSE Leap 15.1 ftmulti-2.10.1-lp151.4.3.1 as a component of openSUSE Leap 15.1 ftstring-2.10.1-lp151.4.3.1 as a component of openSUSE Leap 15.1 ftvalid-2.10.1-lp151.4.3.1 as a component of openSUSE Leap 15.1 ftview-2.10.1-lp151.4.3.1 as a component of openSUSE Leap 15.1 libfreetype6-2.10.1-lp151.4.3.1 as a component of openSUSE Leap 15.1 libfreetype6-32bit-2.10.1-lp151.4.3.1 as a component of openSUSE Leap 15.1 An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file. CVE-2018-6942 openSUSE Leap 15.1:freetype2-devel-2.10.1-lp151.4.3.1 openSUSE Leap 15.1:freetype2-devel-32bit-2.10.1-lp151.4.3.1 openSUSE Leap 15.1:freetype2-profile-tti35-2.10.1-lp151.4.3.1 openSUSE Leap 15.1:ft2demos-2.10.1-lp151.4.3.1 openSUSE Leap 15.1:ftbench-2.10.1-lp151.4.3.1 openSUSE Leap 15.1:ftdiff-2.10.1-lp151.4.3.1 openSUSE Leap 15.1:ftdump-2.10.1-lp151.4.3.1 openSUSE Leap 15.1:ftgamma-2.10.1-lp151.4.3.1 openSUSE Leap 15.1:ftgrid-2.10.1-lp151.4.3.1 openSUSE Leap 15.1:ftinspect-2.10.1-lp151.4.3.1 openSUSE Leap 15.1:ftlint-2.10.1-lp151.4.3.1 openSUSE Leap 15.1:ftmulti-2.10.1-lp151.4.3.1 openSUSE Leap 15.1:ftstring-2.10.1-lp151.4.3.1 openSUSE Leap 15.1:ftvalid-2.10.1-lp151.4.3.1 openSUSE Leap 15.1:ftview-2.10.1-lp151.4.3.1 openSUSE Leap 15.1:libfreetype6-2.10.1-lp151.4.3.1 openSUSE Leap 15.1:libfreetype6-32bit-2.10.1-lp151.4.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-05/msg00054.html https://www.suse.com/security/cve/CVE-2018-6942.html CVE-2018-6942