Context Navigation

← Previous Ticket
Next Ticket →

#22886 closed enhancement (fixed)

freetype freetype-doc-2.14.2

Reported by:	Bruce Dubbs	Owned by:	Douglas R. Reno
Priority:	elevated	Milestone:	13.1
Component:	BOOK	Version:	git
Severity:	normal	Keywords:
Cc:

Description

New point version.

Change History (4)

comment:1 by Xi Ruoyao, 7 weeks ago

Summary:	freetype freetype-doc-2.14.1 → freetype freetype-doc-2.14.2

The book already has 2.14.1 but the latest tag is 2.14.2.

comment:2 by Douglas R. Reno, 6 weeks ago

Priority:	normal → elevated

Unfortunately this is too late to get it into this release cycle, but there was a notice posted upstream:

CHANGES BETWEEN 2.14.1 and 2.14.2 (2026-Mar-01)

  I. IMPORTANT CHANGES

  - Several  changes  related  to  LCD  filtering  are implemented  to
    achieve better performance and encourage sound practices.

    . Instead of  blanket LCD filtering over the entire bitmap,  it is
      now applied only to non-zero spans using direct rendering.  This
      speeds up the ClearType-like rendering by more than 40% at sizes
      above 32 ppem.

    . Setting the filter weights with FT_Face_Properties  is no longer
      supported.  The default and light filters  are optimized to work
      with any face.

    . The legacy libXft LCD filter algorithm is no longer provided.


  II. IMPORTANT BUG FIXES

  - A bunch of potential security problems have been found.  All users
    should update.

  - The italic angle in `PS_FontInfo`  is now stored  as a fixed-point
    value  in degrees  for  all  Type 1 fonts  and  their derivatives,
    consistent  with  CFF  fonts  and  common  practices.  The  broken
    underline position and thickness values are fixed for CFF fonts.


  III. MISCELLANEOUS

  - The `x` field in the `FT_Span` structure is now unsigned.

  - Demo  program  `ftgrid` got  an  option  `-m`  to select  a  start
    character to display.

  - Similarly, demo program  `ftmulti` got an option `-m`  to select a
    text string for rendering.

  - Option  `-d` in  the demo  program `ttdebug`  is now  called `-a`,
    expecting  a  comma-separated  list  of  axis  values.   The  user
    interface is also slightly improved.

  - The `ftinspect` demo program can now be compiled with Qt6, too.

One of these issues has a CVE that has been assigned to it by Meta (known for Facebook):

CVE-2026-23865

> Description:
> An integer overflow in the tt_var_load_item_variation_store function of the
> Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds
> read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts.
> This issue is fixed in version 2.14.2.
>
> Affected Version Information:
>
>     FreeType (FreeType)
>         Default Status: affected
>         affected from 2.13.2 through 2.13.3
>         affected from 2.14.0 through 2.14.1
>
> References:
>
>     https://gitlab.com/freetype/freetype/-/commit/fc85a255849229c024c8e65f536fe1875d84841c
>     https://sourceforge.net/projects/freetype/files/freetype2/2.14.2/

comment:3 by Douglas R. Reno, 6 weeks ago

Owner:	changed from blfs-book to Douglas R. Reno
Status:	new → assigned

comment:4 by Douglas R. Reno, 6 weeks ago

Resolution:	→ fixed
Status:	assigned → closed

Fixed at 0799bca776b8e9850db3442e0c6faa38cf53baf3

SA-13.0-003 issued

Note: See TracTickets for help on using tickets.

Download in other formats: