June 2014 - fonts-bugs - Fedora Mailing-Lists

[Bug 1074646] CVE-2014-2240 CVE-2014-2241 freetype: OOB stack-based read/write in cf2_hintmap_build()

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1074646 --- Comment #5 from Kevin Kofler <kevin(a)tigcc.ticalc.org> --- And for anybody who might want to know, this is also fixed in: freetype-freeworld-2.5.0.1-4.fc20 in that well-known third-party repository. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=Mi2Huxm1sQ&a=cc_unsubscribe

9 years, 10 months

1
0
0 / 0

[Bug 1074646] CVE-2014-2240 CVE-2014-2241 freetype: OOB stack-based read/write in cf2_hintmap_build()

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1074646 Bug 1074646 depends on bug 1074647, which changed state. Bug 1074647 Summary: CVE-2014-2240 freetype: OOB stack-based read/write in cf2_hintmap_build() [fedora-20] https://bugzilla.redhat.com/show_bug.cgi?id=1074647 What |Removed |Added ---------------------------------------------------------------------------- Status|MODIFIED |CLOSED Resolution|--- |ERRATA -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=ZBV895yM2f&a=cc_unsubscribe

9 years, 10 months

1
0
0 / 0

[Bug 1074647] New: CVE-2014-2240 freetype: OOB stack-based read/write in cf2_hintmap_build() [fedora-20]

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1074647 Bug ID: 1074647 Summary: CVE-2014-2240 freetype: OOB stack-based read/write in cf2_hintmap_build() [fedora-20] Product: Fedora Version: 20 Component: freetype Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: mkasik(a)redhat.com Reporter: vdanen(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: behdad(a)fedoraproject.org, fonts-bugs(a)lists.fedoraproject.org, kevin(a)tigcc.ticalc.org, mkasik(a)redhat.com Blocks: 1074646 (CVE-2014-2240) This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When creating a Bodhi update request, please use the bodhi submission link noted in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the Bodhi notes field when available. fedora-20 tracking bug for freetype: see blocks bug list for full details of the security issue(s). [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1074646 [Bug 1074646] CVE-2014-2240 freetype: OOB stack-based read/write in cf2_hintmap_build() -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=v4fZcfKSM8&a=cc_unsubscribe

9 years, 10 months

1
3
0 / 0

[Bug 1074646] CVE-2014-2240 CVE-2014-2241 freetype: OOB stack-based read/write in cf2_hintmap_build()

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1074646 Vincent Danen <vdanen(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |ERRATA Last Closed| |2014-06-13 14:54:17 --- Comment #4 from Vincent Danen <vdanen(a)redhat.com> --- This is currently fixed in: mingw-freetype-2.5.0.1-2.fc20 mingw-freetype-2.4.12-3.fc19 freetype-2.5.0-5.fc20 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=3YbfhLsr9O&a=cc_unsubscribe

9 years, 10 months

1
0
0 / 0

[Bug 1023977] New: Use fc-cache /usr/share/fonts/<your font directory> instead of /usr/share/fonts

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1023977 Bug ID: 1023977 Summary: Use fc-cache /usr/share/fonts/<your font directory> instead of /usr/share/fonts Product: Red Hat Enterprise Linux 7 Version: 7.0 Component: ghostscript-fonts Assignee: twaugh(a)redhat.com Reporter: twaugh(a)redhat.com QA Contact: qe-i18n-bugs(a)redhat.com CC: fonts-bugs(a)lists.fedoraproject.org, patrick.noffke(a)gmail.com, tagoh(a)redhat.com, twaugh(a)redhat.com Depends On: 1021757 Group: redhat +++ This bug was initially created as a clone of Bug #1021757 +++ Description of problem: Running fc-cache with /usr/share/fonts takes too much time and may breaks the cache for parents when installing multiple font packages or upgrading fontconfig, especially sometimes happens on the installation say. As the macro in fontpackages does, please follow it up and use fc-cache /usr/share/fonts/<your font directory> instead of /usr/share/fonts. Version-Release number of selected component (if applicable): ghostscript-fonts-5.50-30.fc19.noarch How reproducible: always Steps to Reproduce: 1.rpm -q --scripts ghostscript-fonts-5.50-30.fc19.noarch 2. 3. Actual results: postinstall scriptlet (using /bin/sh): { mkfontscale /usr/share/fonts/default/ghostscript mkfontdir /usr/share/fonts/default/ghostscript fc-cache /usr/share/fonts } &> /dev/null || : postuninstall scriptlet (using /bin/sh): { if [ "$1" = "0" ]; then fc-cache /usr/share/fonts fi } &> /dev/null || : Expected results: the directory should be /usr/share/fonts/<your font directory> instead Additional info: --- Additional comment from Tim Waugh on 2013-10-22 04:51:41 EDT --- For the postuninstall scriptlet too? Is there anything planned for the Fedora Project packaging guidelines to make sure there are no regressions with this? Does this change look correct?: diff --git a/ghostscript-fonts.spec b/ghostscript-fonts.spec index d66fbaa..c2cbc3f 100644 --- a/ghostscript-fonts.spec +++ b/ghostscript-fonts.spec @@ -1,7 +1,7 @@ Summary: Fonts for the Ghostscript PostScript interpreter Name: ghostscript-fonts Version: 5.50 -Release: 30%{?dist} +Release: 31%{?dist} # Contacted Kevin Hartig, who agreed to relicense his fonts under the SIL Open Font # License. Hershey fonts are under the "Hershey Font License", which is not what Fontmap # says (Fontmap is wrong). @@ -58,13 +58,13 @@ ln -sf %{fontdir} $RPM_BUILD_ROOT%{catalogue}/default-ghostscript { mkfontscale %{fontdir} mkfontdir %{fontdir} - fc-cache %{_datadir}/fonts + fc-cache %{fontdir} } &> /dev/null || : %postun { if [ "$1" = "0" ]; then - fc-cache %{_datadir}/fonts + fc-cache %{fontdir} fi } &> /dev/null || : @@ -80,6 +80,10 @@ rm -rf $RPM_BUILD_ROOT %ghost %verify(not md5 size mtime) %{fontdir}/fonts.scale %changelog +* Tue Oct 22 2013 Tim Waugh <twaugh(a)redhat.com> - 5.50-31 +- Run fc-cache on our font directory, not the entire font collection + (bug #1021757). + * Wed Feb 13 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 5.50-30 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild --- Additional comment from Nicolas Mailhot on 2013-10-22 05:23:13 EDT --- (In reply to Tim Waugh from comment #1) > For the postuninstall scriptlet too? > > Is there anything planned for the Fedora Project packaging guidelines to > make sure there are no regressions with this? Well, what the packaging guidelines actually say is that you shouldn't install any font without using fontpackages-devel templates and macros or splitting fonts per family, which means all font packages have the same implementation and there is no risk of single-package regression. I appreciate that ghostscript antedates the consolidation work that went into current font packaging guidelines, but maybe it's time to align it with them? Also TEX people have spent many years cleaning up and modernizing gs fonts. It would be worthwhile to package the tex gyre family and use them as replacement, dropping all legacy font formats and core font calls. I *think* tex gyre licensing is finally clean and safe (but you'd need to check with spot) --- Additional comment from Tim Waugh on 2013-10-22 06:15:13 EDT --- That's a fair point. :-) That work might have to be done in step with urw-fonts. --- Additional comment from Fedora Update System on 2013-10-22 06:27:51 EDT --- ghostscript-fonts-5.50-32.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/ghostscript-fonts-5.50-32.fc19 --- Additional comment from Fedora Update System on 2013-10-22 06:28:34 EDT --- ghostscript-fonts-5.50-32.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/ghostscript-fonts-5.50-32.fc20 --- Additional comment from Fedora Update System on 2013-10-22 14:51:18 EDT --- Package ghostscript-fonts-5.50-32.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing ghostscript-fonts-5.50-32.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-19682/ghostscript-fon... then log in and leave karma (feedback). Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1021757 [Bug 1021757] Use fc-cache /usr/share/fonts/<your font directory> instead of /usr/share/fonts -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=IVu6jiD8ho&a=cc_unsubscribe

9 years, 10 months

1
7
0 / 0

[Bug 1103265] New: vlgothic-fonts-20140530 is available

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1103265 Bug ID: 1103265 Summary: vlgothic-fonts-20140530 is available Product: Fedora Version: rawhide Component: vlgothic-fonts Keywords: FutureFeature, Triaged Assignee: tagoh(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: fonts-bugs(a)lists.fedoraproject.org, i18n-bugs(a)lists.fedoraproject.org, tagoh(a)redhat.com Latest upstream release: 20140530 Current version/release in Fedora Rawhide: 20130607-2.fc20 URL: http://sourceforge.jp/projects/vlgothic/releases/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=EVz2CFulOx&a=cc_unsubscribe

9 years, 11 months

1
1
0 / 0

[Bug 1105878] Conjunct character rendering issue - Telugu [te]

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1105878 Pravin Satpute <psatpute(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |i18n CC| |fonts-bugs(a)lists.fedoraproj | |ect.org, | |psatpute(a)redhat.com Component|i18n |lohit-telugu-fonts Assignee|eng-i18n-bugs(a)redhat.com |psatpute(a)redhat.com QA Contact| |extras-qa(a)fedoraproject.org --- Comment #1 from Pravin Satpute <psatpute(a)redhat.com> --- Thanks Krishna for reporting this. Will fix this soon. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=wDQPLqiKX9&a=cc_unsubscribe

9 years, 11 months

1
0
0 / 0

[Bug 757105] no font(:lang=blahblah) generated for Provides

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=757105 Jan Zeleny <jzeleny(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jzeleny(a)redhat.com Flags|needinfo?(packaging-team@fe | |doraproject.org) | --- Comment #27 from Jan Zeleny <jzeleny(a)redhat.com> --- Clearing needinfo as per comments 23 and 25 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=WsH8Ico1XD&a=cc_unsubscribe

9 years, 11 months

1
0
0 / 0

[Bug 1074646] CVE-2014-2240 CVE-2014-2241 freetype: OOB stack-based read/write in cf2_hintmap_build()

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1074646 Bug 1074646 depends on bug 1074648, which changed state. Bug 1074648 Summary: CVE-2014-2240 mingw-freetype: freetype: OOB stack-based read/write in cf2_hintmap_build() [fedora-20] https://bugzilla.redhat.com/show_bug.cgi?id=1074648 What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=YVpcJ96cFW&a=cc_unsubscribe

9 years, 11 months

1
0
0 / 0

[Bug 1074646] CVE-2014-2240 CVE-2014-2241 freetype: OOB stack-based read/write in cf2_hintmap_build()

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1074646 Bug 1074646 depends on bug 1074649, which changed state. Bug 1074649 Summary: CVE-2014-2240 mingw-freetype: freetype: OOB stack-based read/write in cf2_hintmap_build() [fedora-19] https://bugzilla.redhat.com/show_bug.cgi?id=1074649 What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=0i26tp5C0U&a=cc_unsubscribe

9 years, 11 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

fonts-bugs June 2014