Fedora 20 Update: freetype-2.5.0-10.fc20

updates at fedoraproject.org updates at fedoraproject.org
Wed Mar 4 10:26:18 UTC 2015 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-2521
2015-02-25 09:54:17
--------------------------------------------------------------------------------

Name        : freetype
Product     : Fedora 20
Version     : 2.5.0
Release     : 10.fc20
URL         : http://www.freetype.org
Summary     : A free and portable font rendering engine
Description :
The FreeType engine is a free and portable font rendering
engine, developed to provide advanced font support for a variety of
platforms and environments. FreeType is a library which can open and
manages font files as well as efficiently load, hint and render
individual glyphs. FreeType is not a font server or a complete
text-rendering library.

--------------------------------------------------------------------------------
Update Information:

This update fixes loading of uncompressed PCF fonts.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 24 2015 Marek Kasik <mkasik at redhat.com> - 2.5.0-10
- Work around behaviour of X11's `pcfWriteFont' and `pcfReadFont' functions
- Resolves: #1195652
* Tue Feb 17 2015 Marek Kasik <mkasik at redhat.com> - 2.5.0-9
- Fixes CVE-2014-9656
   - Check `p' before `num_glyphs'.
- Fixes CVE-2014-9657
   - Check minimum size of `record_size'.
- Fixes CVE-2014-9658
   - Use correct value for minimum table length test.
- Fixes CVE-2014-9675
   - New macro that checks one character more than `strncmp'.
- Fixes CVE-2014-9660
   - Check `_BDF_GLYPH_BITS'.
- Fixes CVE-2014-9661
   - Initialize `face->ttf_size'.
   - Always set `face->ttf_size' directly.
   - Exclusively use the `truetype' font driver for loading
     the font contained in the `sfnts' array.
- Fixes CVE-2014-9662
   - Handle return values of point allocation routines.
- Fixes CVE-2014-9663
   - Fix order of validity tests.
- Fixes CVE-2014-9664
   - Add another boundary testing.
   - Fix boundary testing.
- Fixes CVE-2014-9666
   - Protect against addition and multiplication overflow.
- Fixes CVE-2014-9667
   - Protect against addition overflow.
- Fixes CVE-2014-9669
   - Protect against overflow in additions and multiplications.
- Fixes CVE-2014-9670
   - Add sanity checks for row and column values.
- Fixes CVE-2014-9671
   - Check `size' and `offset' values.
- Fixes CVE-2014-9672
   - Prevent a buffer overrun caused by a font including too many (> 63)
     strings to store names[] table.
- Fixes CVE-2014-9673
   - Fix integer overflow by a broken POST table in resource-fork.
- Fixes CVE-2014-9674
   - Fix integer overflow by a broken POST table in resource-fork.
   - Additional overflow check in the summation of POST fragment lengths.
- Resolves: #1191099, #1191191, #1191193
* Wed Dec 17 2014 Marek Kasik <mkasik at redhat.com> - 2.5.0-8
- Fix of URL of the bug #1172634
* Thu Dec 11 2014 Marek Kasik <mkasik at redhat.com> - 2.5.0-7
- Suppress an assert when hintMap.count == 0 in specific situations.
- Resolves: #1172634
* Wed Dec 10 2014 Marek Kasik <mkasik at redhat.com> - 2.5.0-6
- Don't append to stem arrays after hintmask is constructed.
- Resolves: #1172634
* Tue Mar 11 2014 Marek Kasik <mkasik at redhat.com> - 2.5.0-5
- Add freetype-2.5.0-CVE-2014-2240.patch
    (Return when `hintMask' is invalid.)
- Add freetype-2.5.0-CVE-2014-2241.patch
    (Don't call non-existing subroutines.)
- Resolves: #1074647
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1195652 - Fixed font 6x13 fails to render in gnome-terminal after latest freetype update
        https://bugzilla.redhat.com/show_bug.cgi?id=1195652
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update freetype' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list