Opened 16 years ago

Closed 15 years ago

#1988 closed task (fixed)

FreeType-2.3.4

Reported by: archaic@… Owned by: dnicholson@…
Priority: normal Milestone: 6.3
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

Buffer overflow(s) in previous versions (advisory is ambiguous about 2.1.x versions).

http://secunia.com/advisories/20100/

Attachments (1)

freetype-2.2.1_patented_fonts.patch (1.0 KB ) - added by Mirko Roller 15 years ago.
unlock patented font rendering in freeetype-2.2.1 for hugh quality improvement

Download all attachments as: .zip

Change History (16)

comment:1 by Randy McMurchy, 16 years ago

Milestone: 6.2future

There's been important changes to the package that affect the way other packages link to FreeType:

http://www.freetype.org/freetype2/patches/rogue-patches.html

referenced from here:

https://sourceforge.net/project/shownotes.php?release_id=416463&group_id=3157

I suggest we do not move to this version until after 6.2. The list of affected packages (many of them critical to a BLFS environment) is huge. If we can backport the fix for the integer buffer overflow, then that is what we should do.

FreeType devs have created some patches for the affected packages, but as you can see by reading the links above, the are not approved and unsupported.

comment:2 by dnicholson@…, 16 years ago

Definitely agree. Read this page for some enlightenment and then remember that you always had to pass --disable-freetype to firefox before they finally made it the default. (You should see some of the ridiculous bug reports they have due to this behavior.)

http://freetype.sourceforge.net/freetype2/freetype-2.2.0.html

We can come back to this later, but I think we need to wait for the rest of upstream to play catch up.

comment:3 by matthew@…, 15 years ago

Note that this version also causes libXfont to fail to compile:

ftfuncs.c: In function 'FreeTypeOpenInstance': ftfuncs.c:467: error: 'TT_Face' undeclared (first use in this function)

and so on and so forth until line 961 when it eventually bails out!

comment:4 by matthew@…, 15 years ago

That's apparently fixed in libXfont-1.2.0. https://bugs.freedesktop.org/show_bug.cgi?id=6918 has the details.

comment:5 by Mirko Roller, 15 years ago

DOANLOAD:

http://download.savannah.gnu.org/releases/freetype/freetype-2.2.1.tar.bz2

OLD: FreeType-2.1.10 NEW: freetype-2.2.1

COMPILE:

./configure --prefix=/usr && make && make install

Batchfile lib-7.1.wget needs an update: replace old entry libXfont-xxx.tar.bz2 with: libXfont-1.2.2.tar.bz2

Apllication fonttosfnt-1.0.1 from the app-7.1.wget batchfile needs an patch.

tar xvfj fonttosfnt-1.0.1.tar.bz2

sed -i 's@#include FT_INTERNAL_OBJECTS_H@#include FT_INTERNAL_OBJECTS_H@g'

fonttosfnt-1.0.1/util.c

rm fonttosfnt-1.0.1.tar.bz2

tar cvfj fonttosfnt-1.0.1.tar.bz2 fonttosfnt-1.0.1

rm -rf fonttosfnt-1.0.1

Thats all !

In freetype-2.2.1 the Patented Microsoft? fontrendering is disabled. To get

really good looking Fonts under X11, some more tweaks are needed.

The improvement in Fontrendering is very strong, so i suggest it !

This is the Patch for freetype-2.2.1 to enable it:

by Mirko Roller, 15 years ago

unlock patented font rendering in freeetype-2.2.1 for hugh quality improvement

comment:6 by Randy McMurchy, 15 years ago

Milestone: future6.2.1
Priority: highnormal

comment:7 by alexander@…, 15 years ago

Summary: freetype-2.2.1freetype-2.3.0

New version.

comment:8 by particlehunter, 15 years ago

Version bump to freetype-2.3.1

comment:9 by Randy McMurchy, 15 years ago

Owner: changed from blfs-book@… to Randy McMurchy
Status: newassigned
Summary: freetype-2.3.0FreeType-2.3.1

Wow, lots of good stuff in here. I'll guinea pig this one and build from here.

comment:10 by Randy McMurchy, 15 years ago

Owner: changed from Randy McMurchy to blfs-book@…
Status: assignednew

Since Dan picked up FontConfig, I'm backing out of this one and going to let Dan do it. :-)

comment:11 by dnicholson@…, 15 years ago

Owner: changed from blfs-book@… to dnicholson@…
Status: newassigned

Oh, the joys of finding out what's broken with FreeType!

comment:12 by Randy McMurchy, 15 years ago

Milestone: 6.2.16.3

Introducing this API into BLFS 6.2.x would break many packages. Moving it to the 6.3 version

comment:13 by Randy McMurchy, 15 years ago

Summary: FreeType-2.3.1FreeType-2.3.2

Version increment to 2.3.2

comment:14 by dnicholson@…, 15 years ago

Summary: FreeType-2.3.2FreeType-2.3.4

I haven't found a package that's broken on this in the book, so I'm pushing it in.

comment:15 by dnicholson@…, 15 years ago

Resolution: fixed
Status: assignedclosed

Fixed in r6760. Please file a reopen the bug if this breaks anything.

Note: See TracTickets for help on using tickets.