• I'm having troubles with linking freetype 2 under linux using cmake when building a C11 project with an extern C library. With cmake and freetype 2 I basically have 2 options: use the utility freetype-config like freetype-config -libs; use the FindFreetype cmake module.
• FreeType is a font service middleware that is written in industry-standard ANSI C. It comes with the build system that is based on GNU Make.

FreeType is written in C. It is designed to be small, efficient, and highly customizable while capable of producing high-quality output (glyph images) of most vector and bitmap font formats for digital typography. FreeType is a freely available and portable software library to render fonts.

Google patches actively exploited zero-day bug that affects Chrome users

Google has recently released Chrome version 86.0.4240.111 to patch several holes. One is for a zero-day flaw – that means a vulnerability that is being actively exploited in the wild.

The flaw, which is officially designated as CVE-2020-15999, occurs in the way FreeType handles PNG images embedded in fonts using the Load_SBit_Png function. FreeType is a popular text rendering library that Chrome uses. According to the bug report filed by Sergei Glazunov, a security researcher from Google’s very own Project Zero team, the function has the following tasks:

1) Obtains the image width and height from the header as 32-bit integers.
2) Truncates the obtained values to 16 bit and stores them in a ‘TT_SBit_Metrics’ structure.
3) Uses the truncated values to calculate the bitmap size.
4) Allocates the backing store of that size. 5) Passes ‘png_struct’ and the backing store to a libpng function.

Glazunov further explains that since the libpng function uses 32-bit values instead of the truncated 16-bit values, a heap buffer overflow in FreeType could occur if the PNG’s width and/or height exceeds 65535, the highest possible allocated buffer or memory for this type of data. This would result in certain pieces of data being overwritten or corrupted and, overall, the program behaving differently. So, anyone who successfully exploits this bug could either allow remote execution of malicious code in the context of the browser or a complete compromise of the affected system.

Google didn’t further elaborate on how CVE-2020-15999 is being exploited to target its users, or who is possibly behind the exploitation.

Update your Chrome now

Chrome users are advised to update to the current browser version, 86.0.4240.111, to protect themselves from getting exploited. Development teams who use the same FreeType libraries should update to FreeType 2.10.4.

Freetype Library Centos

The post Google patches actively exploited zero-day bug that affects Chrome users appeared first on Malwarebytes Labs.

In PHP you can manipulate image files using GD library.

It support several formats including GIF, PNG, JPEG, etc. You can use LibGD library to stream images directly from your application to the browser.

This tutorial explains how to enable GD functionality in PHP.

Download LibJPEG Library

First, download the LibJPG files from here. Or, you can use the wget below to download it directly.

Install LibJPEG Library

Once you’ve downloaded it, extract the archive and install it as shown below.

This will install the jpeg libraries in the default /usr/local/lib/ location as shown below.

Download FreeType Library

Freetype Library Not Found

Download the freetype library from here. Or, you can use the wget below to download it directly.

Install FreeType Library

Once you’ve downloaded it, extract the archive and install it as shown below.

While installing freetype, if you don’t specify without-png flag to the ./configure as shown above, you might get the following error during ./configure

Install LibPNG

For most part, your system might already have LibPNG libraries installed as shown below.

But, if you don’t have it, download and install LibPNG from here.

Compile PHP

Now, download and install PHP from source as we explained earlier. But, this time, make sure to pass the following parameters to the ./configure in your PHP installation.

Verify GD is enabled in PHP

Freetype Library

Now, create a test php page with the phpinfo(),and view it from the browser. As you see below, you’ll notice that it has the LibGD and related libraries enabled.