CHANGES BETWEEN 2.9 and 2.9.1 I. IMPORTANT BUG FIXES - Type 1 fonts containing flex features were not rendered correctly (bug introduced in version 2.9). - CVE-2018-6942: Older FreeType versions can crash with certain malformed variation fonts. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6942
arm64 stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1c31b429a5b8af9994964416b64afc40935d06cd commit 1c31b429a5b8af9994964416b64afc40935d06cd Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-05-11 19:11:07 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-05-11 19:11:07 +0000 media-libs/freetype: stable 2.9.1-r1 for ia64, bug #654696 Bug: https://bugs.gentoo.org/654696 Package-Manager: Portage-2.3.36, Repoman-2.3.9 RepoMan-Options: --include-arches="ia64" media-libs/freetype/freetype-2.9.1-r1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=71448ce899880e28310d5766a9493f654559b0ba commit 71448ce899880e28310d5766a9493f654559b0ba Author: Rolf Eike Beer <eike@sf-mail.de> AuthorDate: 2018-05-11 18:19:43 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-05-11 19:20:56 +0000 media-libs/freetype: stable 2.9.1-r1 for sparc Bug: https://bugs.gentoo.org/654696 Package-Manager: Portage-2.3.24, Repoman-2.3.6 RepoMan-Options: --include-arches="sparc" media-libs/freetype/freetype-2.9.1-r1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
amd64 stable
x86 stable
Stable on alpha.
commit 8a3acbd604bf81b28d09daa20cde83c5fe7e0826 Author: Jeroen Roovers <jer@gentoo.org> Date: Fri May 18 09:59:12 2018 +0200 media-libs/freetype: Stable for HPPA too.
ppc64 stable
ppc stable
arm stable
@maintainer, please clean vulnerable
(In reply to Aaron Bauman from comment #11) > @maintainer, please clean vulnerable No can do until <app-text/texlive-core-2017-r4 has finally fixed the stupid freetype dependency restriction (or =2017-r4 gets stabilized).
@maintainers, please clean vulnerable.
(In reply to Lars Wendler (Polynomial-C) from comment #12) > (In reply to Aaron Bauman from comment #11) > > @maintainer, please clean vulnerable > > No can do until <app-text/texlive-core-2017-r4 has finally fixed the stupid > freetype dependency restriction (or =2017-r4 gets stabilized). @Lars, 2017-r4 is stable.
(In reply to Aaron Bauman from comment #14) > (In reply to Lars Wendler (Polynomial-C) from comment #12) > > (In reply to Aaron Bauman from comment #11) > > > @maintainer, please clean vulnerable > > > > No can do until <app-text/texlive-core-2017-r4 has finally fixed the stupid > > freetype dependency restriction (or =2017-r4 gets stabilized). > > @Lars, 2017-r4 is stable. Yeah but =app-text/texlive-core-2017-r3 is still in the tree and depends on <media-libs/freetype-2.9.1-r3 so removal of vulnerable freetype releases would break the tree.
(In reply to Lars Wendler (Polynomial-C) from comment #15) > (In reply to Aaron Bauman from comment #14) > > (In reply to Lars Wendler (Polynomial-C) from comment #12) > > > (In reply to Aaron Bauman from comment #11) > > > > @maintainer, please clean vulnerable > > > > > > No can do until <app-text/texlive-core-2017-r4 has finally fixed the stupid > > > freetype dependency restriction (or =2017-r4 gets stabilized). > > > > @Lars, 2017-r4 is stable. > > Yeah but =app-text/texlive-core-2017-r3 is still in the tree and depends on > <media-libs/freetype-2.9.1-r3 so removal of vulnerable freetype releases > would break the tree. It is gone now.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=841a4344507aaac22d7fe28d4b160c719c51e31f commit 841a4344507aaac22d7fe28d4b160c719c51e31f Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2018-12-05 14:13:39 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2018-12-05 14:13:39 +0000 media-libs/freetype: Security cleanup Bug: https://bugs.gentoo.org/654696 Package-Manager: Portage-2.3.52, Repoman-2.3.12 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> media-libs/freetype/Manifest | 6 -- media-libs/freetype/freetype-2.8.ebuild | 179 -------------------------------- media-libs/freetype/freetype-2.9.ebuild | 178 ------------------------------- 3 files changed, 363 deletions(-)
(In reply to Larry the Git Cow from comment #17) > The bug has been referenced in the following commit(s): > > https://gitweb.gentoo.org/repo/gentoo.git/commit/ > ?id=841a4344507aaac22d7fe28d4b160c719c51e31f > > commit 841a4344507aaac22d7fe28d4b160c719c51e31f > Author: Lars Wendler <polynomial-c@gentoo.org> > AuthorDate: 2018-12-05 14:13:39 +0000 > Commit: Lars Wendler <polynomial-c@gentoo.org> > CommitDate: 2018-12-05 14:13:39 +0000 > > media-libs/freetype: Security cleanup > > Bug: https://bugs.gentoo.org/654696 > Package-Manager: Portage-2.3.52, Repoman-2.3.12 > Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> > > media-libs/freetype/Manifest | 6 -- > media-libs/freetype/freetype-2.8.ebuild | 179 > -------------------------------- > media-libs/freetype/freetype-2.9.ebuild | 178 > ------------------------------- > 3 files changed, 363 deletions(-) Thanks, Lars!