December 2017 - fonts-bugs - Fedora Mailing-Lists

[Bug 525881] New: Please rebuild using external Adobe CMap and AGLFN data

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. Summary: Please rebuild using external Adobe CMap and AGLFN data https://bugzilla.redhat.com/show_bug.cgi?id=525881 Summary: Please rebuild using external Adobe CMap and AGLFN data Product: Fedora Version: rawhide Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: low Component: freetype AssignedTo: besfahbo(a)redhat.com ReportedBy: nicolas.mailhot(a)laposte.net QAContact: extras-qa(a)fedoraproject.org CC: besfahbo(a)redhat.com, kevin(a)tigcc.ticalc.org, fedora-fonts-bugs-list(a)redhat.com Blocks: 182235,473302 Classification: Fedora Description of problem: The Debian fonttool packager noticed a problem in fonttool's embedded Adobe CMap and AGLFN data and got Adobe to release them under a good license This data is embeded in many packages, including yours Please rebuild your package using an external shared Adobe CMap and AGLFN data package FE-LEGAL since this was all triggered by a legal check Debian-side See also http://bonedaddy.net/pabs3/log/2009/09/24/adobe-data-freed/ http://lwn.net/Articles/354360/ http://opensource.adobe.com/wiki/display/cmap/CMap+Resources -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

4 years, 9 months

2
9
0 / 0

[Bug 1332250] New: Incorrect font configuration

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1332250 Bug ID: 1332250 Summary: Incorrect font configuration Product: Fedora Version: rawhide Component: open-sans-fonts Assignee: pvoborni(a)redhat.com Reporter: dag.odenhall(a)gmail.com QA Contact: extras-qa(a)fedoraproject.org CC: fonts-bugs(a)lists.fedoraproject.org, pvoborni(a)redhat.com When a website requests Open Sans, Firefox uses Comfortaa. I have both fonts installed. I don't know if the following is the cause, because the matching works correctly with fc-match, but I discovered this and it's still wrong, I think. The open-sans-fonts package includes this fontconfig rule: <alias> <family>Open Sans</family> <prefer> <family>sans-serif</family> </prefer> </alias> In my understanding of fontconfig, this is saying "Edit the font family list for Open Sans and prepend the sans-serif font family" i.e. Open Sans itself is given *less* priority than all other sans-serif fonts. The aajohan-comfortaa-fonts package includes this (correct) rule: <alias> <family>sans-serif</family> <prefer> <family>Comfortaa</family> </prefer> </alias> And so perhaps C being early in the alphabet or perhaps because being the next fontconfig file in my conf.d (I don't fully understand fontconfig) the combined effect ends up being "When looking for Open Sans, the first match is sans-serif which in turn is Comfortaa". I think the Open Sans rule above should be edited to something closer to the Comfortaa rule above, like: <alias> <family>sans-serif</family> <prefer> <family>Open Sans</family> </prefer> </alias> The second rule it contains is also wrong, I think, and not like how any other fonts are configured: <alias> <family>sans-serif</family> <default> <family>Open Sans</family> </default> </alias> Should probably also swap the families like so: <alias> <family>Open Sans</family> <default> <family>sans-serif</family> </default> </alias> This Firefox bug seems relevant but I think this is a bug in the packaged font configuration and really unrelated to Firefox (I didn't read the whole bug): https://bugzilla.mozilla.org/show_bug.cgi?id=1245811 -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 9 months

2
19
0 / 0

[Bug 1321551] New: RFE: Recommend some specific general purpose font

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1321551 Bug ID: 1321551 Summary: RFE: Recommend some specific general purpose font Product: Fedora Version: rawhide Component: fontconfig Assignee: tagoh(a)redhat.com Reporter: ville.skytta(a)iki.fi QA Contact: extras-qa(a)fedoraproject.org CC: fonts-bugs(a)lists.fedoraproject.org, i18n-bugs(a)lists.fedoraproject.org, pnemade(a)redhat.com, tagoh(a)redhat.com Currently fontconfig has a dependency on font(:lang=en). For minimal setups where fontconfig is involved in that don't specify anything more specific than that, it results in getting the first satisfying package by alphabetical sort order to be installed. At the moment that is aajohan-comfortaa-fonts, which is not a very good default, and could change based on what names of packages are available. Instead, I suggest adding (in addition to the existing hard dependency on font(:lang=en)) a Recommends that would by default (with dnf) pull in something that is a better default and already a default in common Fedora installations, such as abattis-cantarell-fonts which AFAIK is the default for GNOME. Some other potential candidates would be liberation-sans-fonts and dejavu-sans-fonts. Not sure if Suggests would work for this purpose, or if it needs to be Recommends. -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 9 months

2
2
0 / 0

[Bug 1444911] New: CVE-2017-7864 freetype: heap-based buffer overflow related to the tt_size_reset function

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1444911 Bug ID: 1444911 Summary: CVE-2017-7864 freetype: heap-based buffer overflow related to the tt_size_reset function Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: behdad(a)fedoraproject.org, bmcclain(a)redhat.com, cfergeau(a)redhat.com, dblechte(a)redhat.com, eedri(a)redhat.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, fonts-bugs(a)lists.fedoraproject.org, gklein(a)redhat.com, kevin(a)tigcc.ticalc.org, lsurette(a)redhat.com, mgoldboi(a)redhat.com, michal.skrivanek(a)redhat.com, mkasik(a)redhat.com, rbalakri(a)redhat.com, rh-spice-bugs(a)redhat.com, rjones(a)redhat.com, sherold(a)redhat.com, srevivo(a)redhat.com, ydary(a)redhat.com, ykaul(a)redhat.com FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tt_size_reset function in truetype/ttobjs.c. Bug report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=509 Upstream patch: https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=e6699... -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 10 months

1
6
0 / 0

[Bug 1429965] New: CVE-2016-10244 freetype: parse_charstrings function in type1/ t1load.c does not ensure that a font contains a glyph name

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1429965 Bug ID: 1429965 Summary: CVE-2016-10244 freetype: parse_charstrings function in type1/t1load.c does not ensure that a font contains a glyph name Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: behdad(a)fedoraproject.org, bmcclain(a)redhat.com, cfergeau(a)redhat.com, dblechte(a)redhat.com, eedri(a)redhat.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, fonts-bugs(a)lists.fedoraproject.org, gklein(a)redhat.com, kevin(a)tigcc.ticalc.org, lsurette(a)redhat.com, mgoldboi(a)redhat.com, michal.skrivanek(a)redhat.com, mkasik(a)redhat.com, rbalakri(a)redhat.com, rh-spice-bugs(a)redhat.com, rjones(a)redhat.com, sherold(a)redhat.com, srevivo(a)redhat.com, ydary(a)redhat.com, ykaul(a)redhat.com The parse_charstrings function in type1/t1load.c in FreeType 2 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file. References: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36 Upstream patch: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/... -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 10 months

1
4
0 / 0

[Bug 1444904] New: CVE-2017-7858 freetype: out-of-bounds write related to the TT_Get_MM_Var and sfnt_init_face functions

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1444904 Bug ID: 1444904 Summary: CVE-2017-7858 freetype: out-of-bounds write related to the TT_Get_MM_Var and sfnt_init_face functions Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: behdad(a)fedoraproject.org, bmcclain(a)redhat.com, cfergeau(a)redhat.com, dblechte(a)redhat.com, eedri(a)redhat.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, fonts-bugs(a)lists.fedoraproject.org, gklein(a)redhat.com, kevin(a)tigcc.ticalc.org, lsurette(a)redhat.com, mgoldboi(a)redhat.com, michal.skrivanek(a)redhat.com, mkasik(a)redhat.com, rbalakri(a)redhat.com, rh-spice-bugs(a)redhat.com, rjones(a)redhat.com, sherold(a)redhat.com, srevivo(a)redhat.com, ydary(a)redhat.com, ykaul(a)redhat.com FreeType 2 before 2017-03-07 has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c. Bug report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=738 Upstream patch: https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=77930... -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 10 months

1
6
0 / 0

[Bug 1444898] New: CVE-2017-7857 freetype: heap-based buffer overflow related to the TT_Get_MM_Var function

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1444898 Bug ID: 1444898 Summary: CVE-2017-7857 freetype: heap-based buffer overflow related to the TT_Get_MM_Var function Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: behdad(a)fedoraproject.org, bmcclain(a)redhat.com, cfergeau(a)redhat.com, dblechte(a)redhat.com, eedri(a)redhat.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, fonts-bugs(a)lists.fedoraproject.org, gklein(a)redhat.com, kevin(a)tigcc.ticalc.org, lsurette(a)redhat.com, mgoldboi(a)redhat.com, michal.skrivanek(a)redhat.com, mkasik(a)redhat.com, rbalakri(a)redhat.com, rh-spice-bugs(a)redhat.com, rjones(a)redhat.com, sherold(a)redhat.com, srevivo(a)redhat.com, ydary(a)redhat.com, ykaul(a)redhat.com FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c. Bug report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=759 Upstream patch: https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7bbb9... -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 10 months

1
6
0 / 0

[Bug 1444895] New: CVE-2016-10328 freetype: heap-based buffer overflow related to the cff_parser_run function

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1444895 Bug ID: 1444895 Summary: CVE-2016-10328 freetype: heap-based buffer overflow related to the cff_parser_run function Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: behdad(a)fedoraproject.org, bmcclain(a)redhat.com, cfergeau(a)redhat.com, dblechte(a)redhat.com, eedri(a)redhat.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, fonts-bugs(a)lists.fedoraproject.org, gklein(a)redhat.com, kevin(a)tigcc.ticalc.org, lsurette(a)redhat.com, mgoldboi(a)redhat.com, michal.skrivanek(a)redhat.com, mkasik(a)redhat.com, rbalakri(a)redhat.com, rh-spice-bugs(a)redhat.com, rjones(a)redhat.com, sherold(a)redhat.com, srevivo(a)redhat.com, ydary(a)redhat.com, ykaul(a)redhat.com FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c. Bug report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=289 -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 10 months

1
6
0 / 0

[Bug 1446500] New: CVE-2017-8105 freetype: heap-based buffer overflow related to the t1_decoder_parse_charstrings

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1446500 Bug ID: 1446500 Summary: CVE-2017-8105 freetype: heap-based buffer overflow related to the t1_decoder_parse_charstrings Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: behdad(a)fedoraproject.org, bmcclain(a)redhat.com, cfergeau(a)redhat.com, dblechte(a)redhat.com, eedri(a)redhat.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, fonts-bugs(a)lists.fedoraproject.org, gklein(a)redhat.com, kevin(a)tigcc.ticalc.org, lsurette(a)redhat.com, mgoldboi(a)redhat.com, michal.skrivanek(a)redhat.com, mkasik(a)redhat.com, rbalakri(a)redhat.com, rh-spice-bugs(a)redhat.com, rjones(a)redhat.com, sherold(a)redhat.com, srevivo(a)redhat.com, ydary(a)redhat.com, ykaul(a)redhat.com FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c. Bug report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935 Upstream patch: https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f958c... -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 10 months

1
7
0 / 0

[Bug 1423225] New: apanov-edrip-fonts: FTBFS in rawhide

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1423225 Bug ID: 1423225 Summary: apanov-edrip-fonts: FTBFS in rawhide Product: Fedora Version: rawhide Component: apanov-edrip-fonts Assignee: nicolas.mailhot(a)laposte.net Reporter: releng(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: fonts-bugs(a)lists.fedoraproject.org, nicolas.mailhot(a)laposte.net, paul(a)frixxon.co.uk Blocks: 1423041 Your package apanov-edrip-fonts failed to build from source in current rawhide. https://koji.fedoraproject.org/koji/taskinfo?taskID=17710156 For details on mass rebuild see https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1423041 [Bug 1423041] Fedora 26 Mass Rebuild FTBFS Tracker -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 10 months

1
5
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

fonts-bugs December 2017