[Bug 507292] New: [RFE] Allow wildcards/regexps in rpm deps
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: [RFE] Allow wildcards/regexps in rpm deps
https://bugzilla.redhat.com/show_bug.cgi?id=507292
Summary: [RFE] Allow wildcards/regexps in rpm deps
Product: Fedora
Version: rawhide
Platform: All
OS/Version: Linux
Status: NEW
Severity: medium
Priority: low
Component: rpm
AssignedTo: pmatilai(a)redhat.com
ReportedBy: nicolas.mailhot(a)laposte.net
QAContact: extras-qa(a)fedoraproject.org
CC: pmatilai(a)redhat.com, jnovy(a)redhat.com,
ffesti(a)redhat.com, fedora-fonts-bugs-list(a)redhat.com
Classification: Fedora
(this is mostly a yum-level RFE, but it would be nice if we kept the same
depsolving logic in both apps)
The problem:
Selecting a font is a multi-criterium operation. We need to match on font
family, font style, language support, unicode support, etc. At any time all of
just some of those selection criterii can be provided by the user or
applications.
To have features like font auto-installation work reliably, this matching needs
to extend to the package database
Right now rpm is only allowing to specify atomic provides, so we can have a
font package that
Provides font(dejavusans)
and
Provides
font(:lang=el)
but there is no warranty both those provides are belonging to the same font.
There is no way to distinguish between a package that includes an actual greek
dejavusans and a package that includes a dejavusans greek-less file and another
totally different greek font
To workaround this rpm limitation we've been asking packagers to put font files
belonging to different font families in different packages. However:
1. many still don't
2. it's not technically possible for all font formats, for example the ttc font
format allows mixing of fonts with different characteristics in a single file
The ideal solution:
Ability to have Provides like:
font(comma-separated font name list|comma-separated style list|comma-separated
lang list) (rough mockup that probably needs refining)
And have deps like (dejavu|*|el) work in rpm
(yes a font can declare many different names, be available in many different
styles, cover many different languages)
For ttc files we'd then generate one Provides for each font included in the ttc
bundle
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
8 years, 1 month
[Bug 890087] CVE-2012-5668 freetype: NULL Pointer Dereference in
bdf_free_font (#37905)
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=890087
Ján Rusnačko <jrusnack(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=low,public=20121215, |impact=low,public=20121215,
|reported=20121225,source=in |reported=20121225,source=in
|ternet,cvss2=4.3/AV:N/AC:M/ |ternet,cvss2=4.3/AV:N/AC:M/
|Au:N/C:N/I:N/A:P,rhel-5/fre |Au:N/C:N/I:N/A:P,rhel-5/fre
|etype=notaffected,rhel-6/fr |etype=notaffected,rhel-6/fr
|eetype=wontfix,fedora-all/f |eetype=wontfix,fedora-all/f
|reetype=affected,fedora-all |reetype=affected,fedora-all
|/mingw32-freetype=affected |/mingw32-freetype=affected,
| |cwe=CWE-476[auto]
--
You are receiving this mail because:
You are on the CC list for the bug.
8 years, 1 month
[Bug 613194] CVE-2010-2519 freetype: heap buffer overflow
vulnerability when processing certain font files
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=613194
Ján Rusnačko <jrusnack(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|public=20100609,reported=20 |public=20100609,reported=20
|100702,source=vendor-sec,rh |100702,source=vendor-sec,rh
|el-4/freetype=affected/cvss |el-4/freetype=affected/cvss
|2=6.8/AV:N/AC:M/Au:N/C:P/I: |2=6.8/AV:N/AC:M/Au:N/C:P/I:
|P/A:P,rhel-5/freetype=affec |P/A:P,rhel-5/freetype=affec
|ted/cvss2=6.8/AV:N/AC:M/Au: |ted/cvss2=6.8/AV:N/AC:M/Au:
|N/C:P/I:P/A:P,rhel-6/freety |N/C:P/I:P/A:P,rhel-6/freety
|pe=notaffected/cvss2=6.8/AV |pe=notaffected/cvss2=6.8/AV
|:N/AC:M/Au:N/C:P/I:P/A:P,fe |:N/AC:M/Au:N/C:P/I:P/A:P,fe
|dora-all/freetype=affected/ |dora-all/freetype=affected/
|cvss2=6.8/AV:N/AC:M/Au:N/C: |cvss2=6.8/AV:N/AC:M/Au:N/C:
|P/I:P/A:P |P/I:P/A:P,cwe=CWE-122[auto]
--
You are receiving this mail because:
You are on the CC list for the bug.
8 years, 1 month
[Bug 890094] CVE-2012-5670 freetype: Out-of-bounds write in
_bdf_parse_glyphs() (#37907)
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=890094
Ján Rusnačko <jrusnack(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=important,public=201 |impact=important,public=201
|21215,reported=20121231,sou |21215,reported=20121231,sou
|rce=internet,cvss2=6.8/AV:N |rce=internet,cvss2=6.8/AV:N
|/AC:M/Au:N/C:P/I:P/A:P,rhel |/AC:M/Au:N/C:P/I:P/A:P,rhel
|-5/freetype=notaffected,rhe |-5/freetype=notaffected,rhe
|l-6/freetype=notaffected,fe |l-6/freetype=notaffected,fe
|dora-all/freetype=notaffect |dora-all/freetype=notaffect
|ed,fedora-all/mingw32-freet |ed,fedora-all/mingw32-freet
|ype=notaffected |ype=notaffected,cwe=CWE-787
| |[auto]
--
You are receiving this mail because:
You are on the CC list for the bug.
8 years, 1 month
[Bug 621980] CVE-2010-2806 FreeType: Heap-based buffer overflow by
processing FontType42 fonts with negative length of SFNT strings (FT bug
#30656)
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=621980
Ján Rusnačko <jrusnack(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|public=20100805,reported=20 |public=20100805,reported=20
|100806,source=internet,impa |100806,source=internet,impa
|ct=important,cvss2=6.8/AV:N |ct=important,cvss2=6.8/AV:N
|/AC:M/Au:N/C:P/I:P/A:P,rhel |/AC:M/Au:N/C:P/I:P/A:P,rhel
|-3/freetype=affected,rhel-4 |-3/freetype=affected,rhel-4
|/freetype=affected,rhel-5/f |/freetype=affected,rhel-5/f
|reetype=affected,rhel-6/fre |reetype=affected,rhel-6/fre
|etype=affected,fedora-all/f |etype=affected,fedora-all/f
|reetype=affected |reetype=affected,cwe=CWE-12
| |2[auto]
--
You are receiving this mail because:
You are on the CC list for the bug.
8 years, 1 month
[Bug 671122] CVE-2011-0020 pango: Heap-based buffer overflow by
rendering glyph box for certain FT_Bitmap objects
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=671122
Ján Rusnačko <jrusnack(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|public=20110118,reported=20 |public=20110118,reported=20
|110118,source=oss-security, |110118,source=oss-security,
|impact=moderate,cvss2=5.1/A |impact=moderate,cvss2=5.1/A
|V:N/AC:H/Au:N/C:P/I:P/A:P/, |V:N/AC:H/Au:N/C:P/I:P/A:P/,
|rhel-5/pango=affected,rhel- |rhel-5/pango=affected,rhel-
|6/pango=affected,fedora-all |6/pango=affected,fedora-all
|/pango=affected/cvss2=5.1/A |/pango=affected/cvss2=5.1/A
|V:N/AC:H/Au:N/C:P/I:P/A:P,r |V:N/AC:H/Au:N/C:P/I:P/A:P,r
|hel-4/pango=notaffected,rhe |hel-4/pango=notaffected,rhe
|l-4/evolution28-pango=affec |l-4/evolution28-pango=affec
|ted |ted,cwe=CWE-122[auto]
--
You are receiving this mail because:
You are on the CC list for the bug.
8 years, 1 month
[Bug 450774] CVE-2008-1808 FreeType off-by-one flaws
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=450774
Ján Rusnačko <jrusnack(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|source=internet,public=2008 |source=internet,public=2008
|0610,reported=20080610,impa |0610,reported=20080610,impa
|ct=important |ct=important,cwe=CWE-193[au
| |to]
--
You are receiving this mail because:
You are on the CC list for the bug.
8 years, 1 month
[Bug 613167] CVE-2010-2500 freetype: integer overflow vulnerability
in smooth/ftgrays.c
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=613167
Ján Rusnačko <jrusnack(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|public=20100609,reported=20 |public=20100609,reported=20
|100702,source=vendor-sec,rh |100702,source=vendor-sec,rh
|el-3/freetype=affected/cvss |el-3/freetype=affected/cvss
|2=6.8/AV:N/AC:M/Au:N/C:P/I: |2=6.8/AV:N/AC:M/Au:N/C:P/I:
|P/A:P,rhel-4/freetype=affec |P/A:P,rhel-4/freetype=affec
|ted/cvss2=6.8/AV:N/AC:M/Au: |ted/cvss2=6.8/AV:N/AC:M/Au:
|N/C:P/I:P/A:P,rhel-5/freety |N/C:P/I:P/A:P,rhel-5/freety
|pe=affected/cvss2=6.8/AV:N/ |pe=affected/cvss2=6.8/AV:N/
|AC:M/Au:N/C:P/I:P/A:P,rhel- |AC:M/Au:N/C:P/I:P/A:P,rhel-
|6/freetype=notaffected/cvss |6/freetype=notaffected/cvss
|2=6.8/AV:N/AC:M/Au:N/C:P/I: |2=6.8/AV:N/AC:M/Au:N/C:P/I:
|P/A:P,fedora-all/freetype=a |P/A:P,fedora-all/freetype=a
|ffected/cvss2=6.8/AV:N/AC:M |ffected/cvss2=6.8/AV:N/AC:M
|/Au:N/C:P/I:P/A:P |/Au:N/C:P/I:P/A:P,cwe=CWE-1
| |90[auto]
--
You are receiving this mail because:
You are on the CC list for the bug.
8 years, 1 month