Bug 219271

Summary: [exp-run] print/freetype2 update to 2.8
Product: Ports & Packages Reporter: Koop Mast <kwm>
Component: Individual Port(s)Assignee: Koop Mast <kwm>
Status: Closed FIXED    
Severity: Affects Only Me CC: kwm, lightside, o.hushchenkov, portmgr
Priority: --- Keywords: security
Version: LatestFlags: bugzilla: maintainer-feedback? (gnome)
jbeich: merge-quarterly?
kwm: exp-run?
Hardware: Any   
OS: Any   
URL: https://sourceforge.net/projects/freetype/files/freetype2/2.8/
Attachments:
Description Flags
Update freetype2 to 2.8
none
Proposed patch (since 435690 revision)
none
Proposed patch (since 435690 revision)
none
Proposed patch (since 435690 revision)
none
Some archived SciTE screenshots none

Description Koop Mast freebsd_committer freebsd_triage 2017-05-14 09:13:39 UTC 
Created attachment 182585 [details]
Update freetype2 to 2.8

Update freetype2 to 2.8.
Comment 1 Koop Mast freebsd_committer freebsd_triage 2017-05-14 09:17:16 UTC 
I would like to request a exp-run to test the new freetype2 release. I don't expect any problems but, just to be sure. Thanks
Comment 2 Jan Beich freebsd_committer freebsd_triage 2017-05-14 16:42:24 UTC 
Can you mark with MFH tag when landing as it fixes CVE-2017-8105, CVE-2017-8287 ?

ABI: https://abi-laboratory.pro/tracker/timeline/freetype/ (looks safe)
Comment 3 lightside 2017-05-14 18:07:16 UTC 
Created attachment 182597 [details]
Proposed patch (since 435690 revision)

Hello.

The compiler's warning about which I noted in the bug 211201 comment #76 was fixed in 2.8 version:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/include/freetype/config/ftoption.h?h=VER-2-8&id=e5595784f4075a631f3d6606cecc6dad3100d642
Therefore, the following sed patch could be removed:
https://github.com/freebsd/freebsd-ports/blob/29352b374445c0a57c4640585b2e4bcbb411ae3d/print/freetype2/Makefile#L73-L75

I attached a patch for this, which also fixes following portlint's warning:
WARN: Makefile: [53]: whitespace before end of line.

To Koop Mast:
Please, consider to fix following portlint's warnings:
WARN: /usr/ports/print/freetype2/pkg-descr: exceeds 24 lines, make it shorter if possible.(currently 25 lines)
WARN: /usr/ports/print/freetype2/pkg-descr: includes lines that exceed 80 characters.
Comment 4 lightside 2017-05-14 22:40:33 UTC 
Created attachment 182603 [details]
Proposed patch (since 435690 revision)

The 2.8 version introduced AF_CONFIG_OPTION_TT_SIZE_METRICS configuration option with following descriptions:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/docs/CHANGES?h=VER-2-8#n33
-8<--
  II. IMPORTANT BUG FIXES

    - `Light' auto-hinting  mode no  longer uses TrueType  metrics for
      TrueType  fonts.   This bug  was  introduced  in version  2.4.6,
      causing   horizontal  scaling   also.    Almost  all   GNU/Linux
      distributions (with Fedora as  a notable exception) disabled the
      corresponding patch for good reasons; chances are thus high that
      you won't notice a difference.

      If  optical backward  compatibility for  legacy applications  is
      necessary, you might enable the AF_CONFIG_OPTION_TT_SIZE_METRICS
      configuration option.   However, it  is strongly  recommended to
      avoid that, adjusting font sizes instead.
-->8-

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/include/freetype/freetype.h?h=VER-2-8#n2979
-8<--
   *     If configuration option AF_CONFIG_OPTION_TT_SIZE_METRICS is active,
   *     TrueType-like metrics are used to make this mode behave similarly
   *     as in unpatched FreeType versions between 2.4.6 and 2.7.1
   *     (inclusive).
-->8-

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/include/freetype/config/ftoption.h?h=VER-2-8#n912
-8<--
  /* Use TrueType-like size metrics for `light' auto-hinting.              */
  /*                                                                       */
  /* It is strongly recommended to avoid this option, which exists only to */
  /* help some legacy applications retain its appearance and behaviour     */
  /* with respect to auto-hinted TrueType fonts.                           */
  /*                                                                       */
  /* The very reason this option exists at all are GNU/Linux distributions */
  /* like Fedora that did not un-patch the following change (which was     */
  /* present in FreeType between versions 2.4.6 and 2.7.1, inclusive).     */
  /*                                                                       */
  /*   2011-07-16  <..>
  /*                                                                       */
  /*     [truetype] Fix metrics on size request for scalable fonts.        */
  /*                                                                       */
  /* This problematic commit is now reverted (more or less).               */
-->8-

I checked and there are differences for look of TrueType fonts, if (not) using AF_CONFIG_OPTION_TT_SIZE_METRICS define, including some Xft.dpi (e.g. "Xft.dpi: 96.0" or other value, while using different monitor's dpi) changes in ~/.Xresources file. Therefore, I propose to add such an option, if there is a need to get some previous (unpatched) behaviour.

I attached some new version of proposed patch.
Comment 5 lightside 2017-05-14 22:42:52 UTC 
Created attachment 182604 [details]
Proposed patch (since 435690 revision)

Re-upload correct patch for comment #4.
Comment 6 lightside 2017-05-14 23:45:00 UTC 
(In reply to comment #3)
> The compiler's warning about which I noted in the bug 211201 comment #76 was
> fixed in 2.8 version:
The link to full commit, just in case:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=e5595784f4075a631f3d6606cecc6dad3100d642
Comment 7 Antoine Brodin freebsd_committer freebsd_triage 2017-05-17 09:05:36 UTC 
Exp-run looks fine  (done on kwm@ patch)
Comment 8 Koop Mast freebsd_committer freebsd_triage 2017-05-17 11:05:09 UTC 
lightside: Just to be sure I got things correct. The `light' auto-hinting is the V40 hinting correct?
Comment 9 lightside 2017-05-18 01:06:04 UTC 
Created attachment 182679 [details]
Some archived SciTE screenshots

(In reply to comment #8)
> Just to be sure I got things correct. The `light' auto-hinting is the
> V40 hinting correct?
I think, the "auto-hinting" and "sub-pixel hinting" (for some type of which V40 port's option used) are different things:
https://www.freetype.org/freetype2/docs/reference/ft2-auto_hinter.html
https://www.freetype.org/freetype2/docs/reference/ft2-tt_driver.html
https://www.freetype.org/freetype2/docs/text-rendering-general.html

Personally, I tested with using V38=off and V40=off print/freetype2 port's options, x11-fonts/fontconfig with HINTING_SLIGHT=on. And following configuration files:
~/.config/fontconfig/fonts.conf:
-8<--
<?xml version='1.0'?>
<!DOCTYPE fontconfig SYSTEM 'fonts.dtd'>
<fontconfig>
	<match target="font">
		<edit mode="assign" name="rgba">
			<const>rgb</const>
		</edit>
	</match>
	<match target="font">
		<edit mode="assign" name="hinting">
			<bool>true</bool>
		</edit>
	</match>
	<match target="font">
		<edit mode="assign" name="hintstyle">
			<const>hintslight</const>
		</edit>
	</match>
	<match target="font">
		<edit mode="assign" name="antialias">
			<bool>true</bool>
		</edit>
	</match>
	<match target="font">
		<edit mode="assign" name="lcdfilter">
		  <const>lcddefault</const>
		</edit>
	</match>
	<match target="pattern">
		<test qual="any" name="size" compare="less_eq">
			<int>12</int>
		</test>
		<edit name="antialias" mode="assign">
			<bool>false</bool>
		</edit>
	</match>
	<!-- Disable autohint for bold fonts so they are not overly bold -->
	<!-- <match target="font" >
		<test compare="more" name="weight" >
			<const>medium</const>
		</test>
		<edit mode="assign" name="autohint" >
			<bool>false</bool>
		</edit>
	</match> -->
	<!-- <match target="font" >
		<edit mode="assign" name="autohint" >
			<bool>true</bool>
		</edit>
	</match> -->
</fontconfig>
-->8-

~/.Xresources:
-8<--
! To reload immediately:
! xrdb -load ~/.Xresources
Xft.antialias: true
Xft.dpi: 96.0
Xft.hinting: true
Xft.hintstyle: hintslight
Xft.rgba: rgb
Xft.lcdfilter: lcddefault
-->8-
as well as without Xft.dpi value.

And some different monitor's dpi to get the same dimensions, which were reported by xrandr, if it's related somehow (`xrandr --dpi 94` in ~/.xinitrc file):
-8<--
% xrandr | grep -w connected && xdpyinfo | grep -B2 resolution
DVI-I-1 connected 1920x1200+0+0 (normal left inverted right x axis y axis) 518mm x 324mm
screen #0:
  dimensions:    1920x1200 pixels (518x324 millimeters)
  resolution:    94x94 dots per inch
-->8-

I attached archive with SciTE (editors/scite) screenshots for different configurations with opened unchanged freetype2/Makefile file (while restarting X.Org X server for each case):
tt_size_metrics_off_dpi_96.png:
without AF_CONFIG_OPTION_TT_SIZE_METRICS define and "Xft.dpi: 96.0" in ~/.Xresources file.
tt_size_metrics_off_without_dpi_changes.png:
without AF_CONFIG_OPTION_TT_SIZE_METRICS define and without Xft.dpi changes in ~/.Xresources file.
tt_size_metrics_on_dpi_96.png:
with AF_CONFIG_OPTION_TT_SIZE_METRICS define and "Xft.dpi: 96.0" in ~/.Xresources file.
tt_size_metrics_on_without_dpi_changes.png:
with AF_CONFIG_OPTION_TT_SIZE_METRICS define and without Xft.dpi changes in ~/.Xresources file.

Notice, how "Makefile" and "Buffers" words are different (probably, Tahoma font related), including some font sizes.
Overall, defined AF_CONFIG_OPTION_TT_SIZE_METRICS allowed to use the same ~/.Xresources file as it was in 2.7.1 version (something like tt_size_metrics_on_dpi_96.png instead of tt_size_metrics_off_dpi_96.png). Not sure, if this is correct configuration and/or testing method, but AF_CONFIG_OPTION_TT_SIZE_METRICS changes something:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0a5315d141e698253603170595c655132d9baff2
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=ba40054c2dd9f5d3d8561de7106870ac6a920f6d

This is why I proposed to add it as an port's option for 2.8 version.
Comment 10 commit-hook freebsd_committer freebsd_triage 2017-05-18 08:46:53 UTC 
A commit references this bug:

Author: kwm
Date: Thu May 18 08:46:07 UTC 2017
New revision: 441132
URL: https://svnweb.freebsd.org/changeset/ports/441132

Log:
  Update freetype2 to 2.8.

  * `Light' auto-hinting mode no longer uses TrueType metrics for TrueType fonts.
    It causing horizontal scaling also. Add option if people want it back.
  * Update pkg-descr, 2.7 started this but I committed the WIP version.

  Exp-run done by:	antoine@

  PR:		219271
  MFH:		2017Q2
  Exp-run by:	antoine@
  Security:	4a088d67-3af2-11e7-9d75-c86000169601
  Security:	CVE-2017-8105, CVE-2017-8287

Changes:
  head/print/freetype2/Makefile
  head/print/freetype2/distinfo
  head/print/freetype2/pkg-descr
  head/print/freetype2/pkg-plist
Comment 11 lightside 2017-05-18 12:10:29 UTC 
(In reply to comment #8)
> Just to be sure I got things correct. The `light' auto-hinting is the
> V40 hinting correct?
I think, this is not correct. I tried to explain this in comment #9 with examples, which didn't use sub-pixel hinting port's options.

From source code point of view, the AF_CONFIG_OPTION_TT_SIZE_METRICS define activates following part of source code in src/autofit/afloader.c file:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/src/autofit/afloader.c?h=VER-2-8#n255
There are no checks for TT_CONFIG_OPTION_SUBPIXEL_HINTING (or TT_SUPPORT_SUBPIXEL_HINTING_MINIMAL) in this file.

The V40 option's name was used in relation to corresponding interpreter version:
https://www.freetype.org/freetype2/docs/reference/ft2-tt_driver.html#interpreter-version
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/include/freetype/config/ftoption.h?h=VER-2-8#n632
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/include/freetype/config/ftoption.h?h=VER-2-8#n667
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/src/truetype/ttinterp.c?h=VER-2-8#n52
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/include/freetype/config/ftoption.h?h=VER-2-8#n952
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/src/truetype/ttgload.c?h=VER-2-8#n823

The other alternative names for sub-pixel hinting port's options are: INFINALITY and MINIMAL.

Therefore, I think, that committed text in ports r441132 for TT_SIZE_METRICS_DESC description may be misleading.
I proposed different variant in attachment #182604 [details]:
TT_SIZE_METRICS_DESC=	TrueType-like size metrics for 'light' auto-hinting
i.e. words from description of AF_CONFIG_OPTION_TT_SIZE_METRICS define in ftoption.h file:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/include/freetype/config/ftoption.h?h=VER-2-8#n912

The 'light' word is used in different context, in my opinion:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/include/freetype/freetype.h?h=VER-2-8#n2964
Others are NORMAL, MONO, LCD, LCD_V.
Comment 12 commit-hook freebsd_committer freebsd_triage 2017-05-18 17:58:07 UTC 
A commit references this bug:

Author: kwm
Date: Thu May 18 17:57:30 UTC 2017
New revision: 441189
URL: https://svnweb.freebsd.org/changeset/ports/441189

Log:
  MFH: r441132

  Update freetype2 to 2.8.

  * `Light' auto-hinting mode no longer uses TrueType metrics for TrueType fonts.
    It causing horizontal scaling also. Add option if people want it back.
  * Update pkg-descr, 2.7 started this but I committed the WIP version.

  Exp-run done by:	antoine@

  PR:		219271
  Exp-run by:	antoine@
  Security:	4a088d67-3af2-11e7-9d75-c86000169601
  Security:	CVE-2017-8105, CVE-2017-8287

  Approved by:	ports-secteam@ (miwi@)

Changes:
_U  branches/2017Q2/
  branches/2017Q2/print/freetype2/Makefile
  branches/2017Q2/print/freetype2/distinfo
  branches/2017Q2/print/freetype2/pkg-descr
  branches/2017Q2/print/freetype2/pkg-plist