[Bug 844601] Re: [FFe] Sync freetype 2.4.6-2 (main) from Debian unstable (main)

Tue Nov 22 11:16:21 UTC 2011

Upstream/Debian has 2.4.8-1 available, which fix two CVE security issue.
Please sync with latest version.

http://packages.debian.org/sid/libfreetype6
http://packages.debian.org/changelogs/pool/main/f/freetype/freetype_2.4.8-1/changelog

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to freetype in Ubuntu.
https://bugs.launchpad.net/bugs/844601

Title:
  [FFe] Sync freetype 2.4.6-2 (main) from Debian unstable (main)

Status in “freetype” package in Ubuntu:
  Confirmed

Bug description:
  Please sync freetype 2.4.6-2 (main) from Debian unstable (main)

  FreeType 2.4.6[1] and 2.4.5[2] has been released, this version fixed several
  issues. Also fixed broken cjk fonts renderring in evince and other software.

  Highlights from changelog
      - For TrueType based fonts, the ascender and descender values were
        incorrect sometimes  (off by a pixel if the ppem value was not a
        multiple of 5).   Depending on the use you might now  experience
        a different  layout; the  change should  result in  better, more
        consistent line spacing.

      - Fix CVE-2011-0226  which causes a  vulnerability while  handling
        Type 1 fonts.

      - BDF fonts  containing  glyphs with negative values  for ENCODING
        were  incorrectly  rejected.  This  bug has  been introduced  in
        FreeType version 2.2.0.

      - David Bevan contributed a major revision of the FreeType stroker
        code:

        . The behaviour of FT_STROKER_LINEJOIN_BEVEL has been corrected.

        . A new  line join style,  FT_STROKER_LINEJOIN_MITER_FIXED,  has
          been introduced to support PostScript and PDF miter joins.

        . FT_STROKER_LINEJOIN_MITER_VARIABLE  has been introduced  as an
          alias for FT_STROKER_LINEJOIN_MITER.

        . Various stroking glitches has been fixed.

      - A rendering regression  for second-order Bézier curves  has been
        fixed, introduced in 2.4.3.

      - If autohinting  is not  explicitly disabled,  FreeType now  uses
        the autohinter if  a TrueType based font doesn't  contain native
        hints.

      - The load flag FT_LOAD_IGNORE_GLOBAL_ADVANCE_WIDTH  has been made
        redundant and  is simply ignored;  this means that FreeType  now
        ignores the global advance width value in TrueType fonts.

      - Again some fixes to better handle broken fonts.

      - Just  Fill Bugs contributed (experimental) code to compute  blue
        zones for CJK Ideographs, improving the alignment of  horizontal
        stems at the top or bottom edges.

  [1] https://sourceforge.net/projects/freetype/files/freetype2/2.4.6/README/view
  [2] https://sourceforge.net/projects/freetype/files/freetype2/2.4.5/README/view

  Changelog entries since current oneiric version 2.4.4-2ubuntu1:

  freetype (2.4.6-2) unstable; urgency=low

    * debian/patches-freetype/0001-Fix-Savannah-bug-33992.patch: [PATCH]
      Fix Savannah bug #33992.  Thanks to David Bevan
      <david.bevan at pb.com>.  Closes: #638348.

   -- Steve Langasek <vorlon at debian.org>  Sat, 20 Aug 2011 06:30:18
  +0000

  freetype (2.4.6-1) unstable; urgency=low

    * New upstream release
      - fixes CVE-2011-0226, a vulnerability in parsing of Type 1 fonts.
        Closes: #635871.
      - upstream now builds cleanly with -Werror and the new gcc-4.6 upstream
        warnings.  Closes: #625328.

   -- Steve Langasek <vorlon at debian.org>  Thu, 04 Aug 2011 05:49:09
  +0000

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/844601/+subscriptions