https://bugzilla.redhat.com/show_bug.cgi?id=1887084

Xose Vazquez Perez xose.vazquez@gmail.com changed:

What |Removed |Added ---------------------------------------------------------------------------- CC| |xose.vazquez@gmail.com

--- Comment #2 from Xose Vazquez Perez xose.vazquez@gmail.com --- (In reply to Upstream Release Monitoring from comment #0)

Latest upstream release: 2.10.3 Current version/release in rawhide: 2.10.2-3.fc33 URL: https://www.freetype.org/ Based on the information from anitya: https://release-monitoring.org/project/854/

CHANGES BETWEEN 2.10.2 and 2.10.3

I. IMPORTANT CHANGES

- New flag `FT_OUTLINE_OVERLAP'. If set, make the smooth rasterizer do 4x4 oversampling to mitigate artifacts in pixels partially covered by overlapping contours. Note that this at least quadruples the rendering time.

If a glyph in a TrueType font has the `OVERLAP_SIMPLE' or `OVERLAP_COMPOUND' bit set, FreeType automatically selects this rendering mode.

II. MISCELLANEOUS

- Using the arcane method of including FreeType header files with macros like `FT_FREETYPE_H' is no longer mandatory (but retained as an optional feature for backward compatibility).

- Support for building the library with Meson. Building the demo programs with Meson will follow in a forthcoming release.

- Minor improvements to the B/W rasterizer.

- Auto-hinter support for Medefaidrin script.

- Fix various memory leaks (mainly for CFF) and other issues that might cause crashes in rare circumstances.

- Jam support has been removed.

- In `ftview', custom LCD filter values are now normalized and balanced. Unorthodox filters are still available through the `-L' command line option.

- The GUI demo programs can now be resized.

- Demo programs that accept command line option `-k' can now handle function keys, too. The corresponding character codes start with 0xF1. As an example, the POSIX shell syntax (accepted by bash, ksh, and zsh)

-k $'\xF3q'

emulates the pressing of function key `F3' followed by key `q'.

https://bugzilla.redhat.com/show_bug.cgi?id=1887084

Upstream Release Monitoring upstream-release-monitoring@fedoraproject.org changed:

What |Removed |Added ---------------------------------------------------------------------------- Summary|freetype-2.10.3 is |freetype-2.10.4 is |available |available

--- Comment #4 from Upstream Release Monitoring upstream-release-monitoring@fedoraproject.org --- Latest upstream release: 2.10.4 Current version/release in rawhide: 2.10.2-3.fc33 URL: https://www.freetype.org/

Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/

More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring

Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream.

Based on the information from anitya: https://release-monitoring.org/project/854/

https://bugzilla.redhat.com/show_bug.cgi?id=1887084

--- Comment #6 from Xose Vazquez Perez xose.vazquez@gmail.com --- (In reply to Upstream Release Monitoring from comment #4)

Latest upstream release: 2.10.4 Current version/release in rawhide: 2.10.2-3.fc33 URL: https://www.freetype.org Based on the information from anitya: https://release-monitoring.org/project/854/

CHANGES BETWEEN 2.10.3 and 2.10.4

This is an emergency release, fixing a severe vulnerability in embedded PNG bitmap handling.

I. IMPORTANT BUG FIXES

- A heap buffer overflow has been found in the handling of embedded PNG bitmaps, introduced in FreeType version 2.6.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999

If you use option FT_CONFIG_OPTION_USE_PNG you should upgrade immediately.

https://bugzilla.redhat.com/show_bug.cgi?id=1887084

Fedora Update System updates@fedoraproject.org changed:

What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |MODIFIED

--- Comment #7 from Fedora Update System updates@fedoraproject.org --- FEDORA-2020-6299161e89 has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-6299161e89

https://bugzilla.redhat.com/show_bug.cgi?id=1887084

--- Comment #9 from Marek Kašík mkasik@redhat.com --- Hi,

I've pushed the new version also to Fedora 32 and Fedora 33 since abipkgdiff does not show difference between them and public API hasn't changed. I've also added the man pages there.

https://bugzilla.redhat.com/show_bug.cgi?id=1887084

--- Comment #11 from Fedora Update System updates@fedoraproject.org --- FEDORA-2020-6299161e89 has been pushed to the Fedora 32 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-6299161e89` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-6299161e89

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

https://bugzilla.redhat.com/show_bug.cgi?id=1887084

Fedora Update System updates@fedoraproject.org changed:

What |Removed |Added ---------------------------------------------------------------------------- Fixed In Version|freetype-2.10.4-1.fc33 |freetype-2.10.4-1.fc33 | |freetype-2.10.4-1.fc32

--- Comment #13 from Fedora Update System updates@fedoraproject.org --- FEDORA-2020-6299161e89 has been pushed to the Fedora 32 stable repository. If problem still persists, please make note of it in this bug report.