OpenBSD Journal

FreeType Patches Available

Contributed by tbert on from the with-liberty-and-FreeType-for-all dept.

Patches for bugs in the FreeType library are available:

FreeType 2.5.5 contained more fixes for malformed font buffer overflows. Thanks to David Coppa for extracting the necessary patches from the Ubuntu package.

Patches are available for OpenBSD 5.5 and 5.6. The forthcoming 5.7 release already includes FreeType 2.5.5.

http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/022_freetype.patch.sig

http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/018_freetype.patch.sig

The 5.6 patch also includes some fixes for CJK hinting.

untrusted comment: signature from openbsd 5.6 base private key RWR0EANmo9nqhswc4xbXD01rhx1+T2nG0N/NlVICVOW187z5BoZQ7PJjx6OAijnCk1AJJqUOODgov/JniEFHmQ \ IE5tis+61NDAo=

OpenBSD 5.6 errata 18, Mar 13, 2015:

Another fix for buffer overflows in malformed fonts.

Apply patch using:


    signify -Vep /etc/signify/openbsd-56-base.pub -x 018_freetype.patch.sig \
        -m - | (cd /usr/xenocara && patch -p0)

Then build and install a new libfreetype:


    cd /usr/xenocara/lib/freetype
    make obj
    make build

(Comments are closed)


Comments
  1. By BSDfan (193.200.118.52) on

    Would be nice to have Infinality or Ubuntu patches for FreeType in xbase for better font rendering.

    Comments
    1. By phessler (phessler) on http://www.openbsdfoundation.org/donations.html

      > Would be nice to have Infinality or Ubuntu patches for FreeType in xbase for better font rendering.

      Why aren't they committed in upstream FreeType? We would be far more interested in those patches if they were maintained upstream.

      Comments
      1. By BSDfan (193.200.118.52) on

        > > Would be nice to have Infinality or Ubuntu patches for FreeType in xbase for better font rendering.
        >
        > Why aren't they committed in upstream FreeType? We would be far more interested in those patches if they were maintained upstream.

        Well, I don't know why. Infinality is MIT license, so license isn't an issue. Ubuntu patches are probably GPL.

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]