Re: [ft-devel] details on iPhone exploit caused by FreeType?

[Alan Coopersmith]

I sent privately to Werner yesterday, but since the sites are public,
I guess it might as well go to the full list.

Our security team pointed me to the analysis at:
http://esec-lab.sogeti.com/post/Analysis-of-the-jailbreakme-v3-font-exploit

and that Red Hat has issued a security patch consisting of the recent
git commits to src/psaux/t1decode.c:

https://rhn.redhat.com/errata/RHSA-2011-1085.html
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0226

-- 
-Alan Coopersmith-alan.coopersm...@oracle.com
 Oracle Solaris Platform Engineering: X Window System


___
Freetype-devel mailing list
Freetype-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/freetype-devel

Re: [ft-devel] details on iPhone exploit caused by FreeType?

[Werner LEMBERG]

 I sent privately to Werner yesterday, but since the sites are
 public, I guess it might as well go to the full list.  [...]

And I replied that I'll do a new release today :-)


Werner

___
Freetype-devel mailing list
Freetype-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/freetype-devel

Re: [ft-devel] truetype metrics resize request question

[Werner LEMBERG]

 Werner, you are right, it should be reflected in the CHANGES.  The
 changes result in better, more consistent line spacing.  DejaVu got
 one point smaller, there is nothing wrong with that too.

Done.  Thanks for the images!


Werner

___
Freetype-devel mailing list
Freetype-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/freetype-devel

[ft-devel] FreeType 2.4.6 has been released

[Werner LEMBERG]

FreeType 2.4.6 has been released.

It is available from

http://savannah.nongnu.org/download/freetype/

or

http://sourceforge.net/projects/freetype/files/

The latter site also holds older versions of the FreeType library.

See below  for the  relevant snippet  from the  CHANGES file; users of
version 2.4.5 should upgrade immediately.

Enjoy!


   Werner


--


FreeType 2  is a software  font engine that  is designed to  be small,
efficient,  highly   customizable,  and  portable   while  capable  of
producing high-quality output (glyph images) of most vector and bitmap
font formats.

Note that  FreeType 2 is  a font service  and doesn't provide  APIs to
perform higher-level features, like text layout or graphics processing
(e.g.,  colored  text  rendering,  `hollowing',  etc.).   However,  it
greatly simplifies these tasks by providing a simple, easy to use, and
uniform interface to access the content of font files.

FreeType  2  is  released  under  two open-source  licenses:  our  own
BSD-like FreeType  License and the  GPL.  It can  thus be used  by any
kind of projects, be they proprietary or not.


--


CHANGES BETWEEN 2.4.5 and 2.4.6

  I. IMPORTANT BUG FIXES

- For TrueType based fonts, the ascender and descender values were
  incorrect sometimes  (off by a pixel if the ppem value was not a
  multiple of 5).   Depending on the use you might now  experience
  a different  layout; the  change should  result in  better, more
  consistent line spacing.

- Fix CVE-2011-0226  which causes a  vulnerability while  handling
  Type 1 fonts.

- BDF fonts  containing  glyphs with negative values  for ENCODING
  were  incorrectly  rejected.  This  bug has  been introduced  in
  FreeType version 2.2.0.

- David Bevan contributed a major revision of the FreeType stroker
  code:

  . The behaviour of FT_STROKER_LINEJOIN_BEVEL has been corrected.

  . A new  line join style,  FT_STROKER_LINEJOIN_MITER_FIXED,  has
been introduced to support PostScript and PDF miter joins.

  . FT_STROKER_LINEJOIN_MITER_VARIABLE  has been introduced  as an
alias for FT_STROKER_LINEJOIN_MITER.

  . Various stroking glitches has been fixed.


  II. MISCELLANEOUS

  - SFNT bitmap fonts which contain an outline glyph for `.notdef'
only no longer set the FT_FACE_FLAG_SCALABLE flag.

___
Freetype-devel mailing list
Freetype-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/freetype-devel