[Bug 1444904] New: CVE-2017-7858 freetype:
out-of-bounds write related to the TT_Get_MM_Var and sfnt_init_face
functions
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1444904
Bug ID: 1444904
Summary: CVE-2017-7858 freetype: out-of-bounds write related to
the TT_Get_MM_Var and sfnt_init_face functions
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: behdad(a)fedoraproject.org, bmcclain(a)redhat.com,
cfergeau(a)redhat.com, dblechte(a)redhat.com,
eedri(a)redhat.com, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
fonts-bugs(a)lists.fedoraproject.org, gklein(a)redhat.com,
kevin(a)tigcc.ticalc.org, lsurette(a)redhat.com,
mgoldboi(a)redhat.com, michal.skrivanek(a)redhat.com,
mkasik(a)redhat.com, rbalakri(a)redhat.com,
rh-spice-bugs(a)redhat.com, rjones(a)redhat.com,
sherold(a)redhat.com, srevivo(a)redhat.com,
ydary(a)redhat.com, ykaul(a)redhat.com
FreeType 2 before 2017-03-07 has an out-of-bounds write related to the
TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in
sfnt/sfobjs.c.
Bug report:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=738
Upstream patch:
https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=77930...
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 10 months
[Bug 1444898] New: CVE-2017-7857 freetype:
heap-based buffer overflow related to the TT_Get_MM_Var function
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1444898
Bug ID: 1444898
Summary: CVE-2017-7857 freetype: heap-based buffer overflow
related to the TT_Get_MM_Var function
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: behdad(a)fedoraproject.org, bmcclain(a)redhat.com,
cfergeau(a)redhat.com, dblechte(a)redhat.com,
eedri(a)redhat.com, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
fonts-bugs(a)lists.fedoraproject.org, gklein(a)redhat.com,
kevin(a)tigcc.ticalc.org, lsurette(a)redhat.com,
mgoldboi(a)redhat.com, michal.skrivanek(a)redhat.com,
mkasik(a)redhat.com, rbalakri(a)redhat.com,
rh-spice-bugs(a)redhat.com, rjones(a)redhat.com,
sherold(a)redhat.com, srevivo(a)redhat.com,
ydary(a)redhat.com, ykaul(a)redhat.com
FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a heap-based
buffer overflow related to the TT_Get_MM_Var function in truetype/ttgxvar.c and
the sfnt_init_face function in sfnt/sfobjs.c.
Bug report:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=759
Upstream patch:
https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7bbb9...
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 10 months
[Bug 1444895] New: CVE-2016-10328 freetype:
heap-based buffer overflow related to the cff_parser_run function
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1444895
Bug ID: 1444895
Summary: CVE-2016-10328 freetype: heap-based buffer overflow
related to the cff_parser_run function
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: behdad(a)fedoraproject.org, bmcclain(a)redhat.com,
cfergeau(a)redhat.com, dblechte(a)redhat.com,
eedri(a)redhat.com, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
fonts-bugs(a)lists.fedoraproject.org, gklein(a)redhat.com,
kevin(a)tigcc.ticalc.org, lsurette(a)redhat.com,
mgoldboi(a)redhat.com, michal.skrivanek(a)redhat.com,
mkasik(a)redhat.com, rbalakri(a)redhat.com,
rh-spice-bugs(a)redhat.com, rjones(a)redhat.com,
sherold(a)redhat.com, srevivo(a)redhat.com,
ydary(a)redhat.com, ykaul(a)redhat.com
FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based
buffer overflow related to the cff_parser_run function in cff/cffparse.c.
Bug report:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=289
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 10 months
[Bug 1446500] New: CVE-2017-8105 freetype:
heap-based buffer overflow related to the t1_decoder_parse_charstrings
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1446500
Bug ID: 1446500
Summary: CVE-2017-8105 freetype: heap-based buffer overflow
related to the t1_decoder_parse_charstrings
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: behdad(a)fedoraproject.org, bmcclain(a)redhat.com,
cfergeau(a)redhat.com, dblechte(a)redhat.com,
eedri(a)redhat.com, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
fonts-bugs(a)lists.fedoraproject.org, gklein(a)redhat.com,
kevin(a)tigcc.ticalc.org, lsurette(a)redhat.com,
mgoldboi(a)redhat.com, michal.skrivanek(a)redhat.com,
mkasik(a)redhat.com, rbalakri(a)redhat.com,
rh-spice-bugs(a)redhat.com, rjones(a)redhat.com,
sherold(a)redhat.com, srevivo(a)redhat.com,
ydary(a)redhat.com, ykaul(a)redhat.com
FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based
buffer overflow related to the t1_decoder_parse_charstrings function in
psaux/t1decode.c.
Bug report:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935
Upstream patch:
https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f958c...
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 10 months
[Bug 1271620] New: please update spec templates as per latest
guidelines
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1271620
Bug ID: 1271620
Summary: please update spec templates as per latest guidelines
Product: Fedora
Version: 23
Component: fontpackages
Assignee: nicolas.mailhot(a)laposte.net
Reporter: kvolny(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: fonts-bugs(a)lists.fedoraproject.org,
nicolas.mailhot(a)laposte.net, paul(a)frixxon.co.uk,
tagoh(a)redhat.com
Description of problem:
I'm trying to package a font. While filing the spec template, I have found that
there is:
%install
rm -fr %{buildroot}
but the buildroot is now cleaned automatically so the `rm` command should not
be present.
Please update the spec templates according to the latest guidelines. Also note
that there may be other deviations from current packaging guidelines that I
have overlooked ...
Version-Release number of selected component (if applicable):
fontpackages-devel-1.44-14.fc23.noarch
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=162cGuTqJk&a=cc_unsubscribe
5 years, 10 months
[Bug 1433628] New: First line of pixels chopped off in Chromium/
Chrome when liberation-fonts built with fontforge > 20150430
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1433628
Bug ID: 1433628
Summary: First line of pixels chopped off in Chromium/Chrome
when liberation-fonts built with fontforge > 20150430
Product: Fedora
Version: 25
Component: liberation-fonts
Assignee: psatpute(a)redhat.com
Reporter: chillermillerlong(a)hotmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: fonts-bugs(a)lists.fedoraproject.org,
i18n-bugs(a)lists.fedoraproject.org,
petersen(a)redhat.com, psatpute(a)redhat.com
Description of problem:
The current liberation-fonts package is built by fontforge 20160404 and results
in the top of the fonts being chopped off in some pages in Chrome/Chromium.
For example, with this page:
https://www.reddit.com/r/linux/comments/600h4f/wine_24_released/
When built with fontforge 20160404: http://i.imgur.com/kO2H3Hw.png
When built with fontforge 20150430: http://i.imgur.com/IQmu5o3.png
Notice how the first line of pixels is getting chopped off.
Version-Release number of selected component (if applicable):
liberation-fonts-common-1.07.4-7.fc24.noarch
liberation-mono-fonts-1.07.4-7.fc24.noarch
liberation-sans-fonts-1.07.4-7.fc24.noarch
liberation-serif-fonts-1.07.4-7.fc24.noarch
fontforge-20160404-5.fc25.x86_64
Additional info:
I did a git bisect and found that this is the commit in fontforge that
introduced the issue.
---
[chenxiaolong@cxl-fedora25vm fontforge]$ git bisect bad
e870019c2602d50eb00793e979f3e11bcc71d6cf is the first bad commit
commit e870019c2602d50eb00793e979f3e11bcc71d6cf
Author: Frédéric Wang <fred.wang(a)free.fr>
Date: Wed May 13 08:03:13 2015 +0200
Fix read/write of bits USE_TYPO_METRICS and WWS for OS2 version < 4
:040000 040000 7032ea971c1d084ab8a038b4a80d9092e53a8519
eb11e4b5a69718ad94d8dbfc414e7b2a944548d3 M fontforge
---
https://github.com/fontforge/fontforge/commit/e870019c2602d50eb00793e979f...
Is this something that can be fixed without affecting/breaking other fonts?
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 3 months
[Bug 1414319] New: freetype ftoption.h evaluates undefined macros
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1414319
Bug ID: 1414319
Summary: freetype ftoption.h evaluates undefined macros
Product: Fedora
Version: 25
Component: freetype
Severity: low
Assignee: mkasik(a)redhat.com
Reporter: yeti(a)physics.muni.cz
QA Contact: extras-qa(a)fedoraproject.org
CC: behdad(a)fedoraproject.org,
fonts-bugs(a)lists.fedoraproject.org,
kevin(a)tigcc.ticalc.org, mkasik(a)redhat.com
Description of problem:
Header file /usr/include/freetype2/freetype/config/ftoption.h evaluates the
numerical value of undefined macro TT_CONFIG_OPTION_SUBPIXEL_HINTING. This is
somewhat annoying with -Wundef (and a poor practice).
Version-Release number of selected component (if applicable):
freetype-2.6.5-1.fc25
How reproducible:
Always.
Steps to Reproduce:
1. Create file bug.c with the following contents:
#include <ft2build.h>
#include FT_FREETYPE_H
2. Run (with freetype-devel installed)
gcc -Wundef -c $(pkg-config --cflags freetype2) bug.c
Actual results:
In file included from
/usr/include/freetype2/freetype/config/ftconfig-64.h:42:0,
from /usr/include/freetype2/freetype/config/ftconfig.h:9,
from /usr/include/freetype2/freetype/freetype.h:33,
from bug.c:2:
/usr/include/freetype2/freetype/config/ftoption.h:845:5: warning:
"TT_CONFIG_OPTION_SUBPIXEL_HINTING" is not defined [-Wundef]
#if TT_CONFIG_OPTION_SUBPIXEL_HINTING & 1
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/freetype2/freetype/config/ftoption.h:849:5: warning:
"TT_CONFIG_OPTION_SUBPIXEL_HINTING" is not defined [-Wundef]
#if TT_CONFIG_OPTION_SUBPIXEL_HINTING & 2
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Expected results:
It compiles cleanly.
Additional info:
The numerical evaluation should be guarded by an #ifdef -- AFAICT the expected
behaviour when TT_CONFIG_OPTION_SUBPIXEL_HINTING is undefined is that neither
TT_SUPPORT_SUBPIXEL_HINTING_INFINALITY nor TT_SUPPORT_SUBPIXEL_HINTING_MINIMAL
should be defined:
--- ftoption.h.orig 2017-01-18 10:41:32.517812687 +0100
+++ ftoption.h 2017-01-18 10:42:16.852136325 +0100
@@ -842,6 +842,7 @@
#ifdef TT_CONFIG_OPTION_BYTECODE_INTERPRETER
#define TT_USE_BYTECODE_INTERPRETER
+#ifdef TT_CONFIG_OPTION_SUBPIXEL_HINTING
#if TT_CONFIG_OPTION_SUBPIXEL_HINTING & 1
#define TT_SUPPORT_SUBPIXEL_HINTING_INFINALITY
#endif
@@ -850,6 +851,7 @@
#define TT_SUPPORT_SUBPIXEL_HINTING_MINIMAL
#endif
#endif
+#endif
/*
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 4 months