https://bugzilla.redhat.com/show_bug.cgi?id=1446073
Bug ID: 1446073
Summary: CVE-2017-8287 freetype: heap-based buffer overflow
related to the t1_builder_close_contour function
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: behdad(a)fedoraproject.org, bmcclain(a)redhat.com,
cfergeau(a)redhat.com, dblechte(a)redhat.com,
eedri(a)redhat.com, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
fonts-bugs(a)lists.fedoraproject.org, gklein(a)redhat.com,
kevin(a)tigcc.ticalc.org, lsurette(a)redhat.com,
mgoldboi(a)redhat.com, michal.skrivanek(a)redhat.com,
mkasik(a)redhat.com, rbalakri(a)redhat.com,
rh-spice-bugs(a)redhat.com, rjones(a)redhat.com,
sherold(a)redhat.com, srevivo(a)redhat.com,
ydary(a)redhat.com, ykaul(a)redhat.com
FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based
buffer overflow related to the t1_builder_close_contour function in
psaux/psobjs.c.
Upstream patch:
https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc0…
Bug report:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1397960
Bug ID: 1397960
Summary: freetype-config --libtool prints path to non-existent
libtool library file
Product: Fedora
Version: 25
Component: freetype
Severity: medium
Assignee: mkasik(a)redhat.com
Reporter: jprajzne(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: behdad(a)fedoraproject.org, desktop-qa-list(a)redhat.com,
fonts-bugs(a)lists.fedoraproject.org,
kevin(a)tigcc.ticalc.org, mkasik(a)redhat.com,
tpelka(a)redhat.com
Depends On: 1368141
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1368141
[Bug 1368141] freetype-config --libtool prints path to non-existent libtool
library file
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1372368
Bug ID: 1372368
Summary: freetype-2.6.5 and freetype-2.6.3 are ABI incompatible
Product: Fedora
Version: 25
Component: freetype
Assignee: mkasik(a)redhat.com
Reporter: rc040203(a)freenet.de
QA Contact: extras-qa(a)fedoraproject.org
CC: behdad(a)fedoraproject.org,
fonts-bugs(a)lists.fedoraproject.org,
kevin(a)tigcc.ticalc.org, mkasik(a)redhat.com
Description of problem:
With freetype-2.6.5, some freetype-internal functions, which were publicly
accessible before were made inaccessible,
e.g. FT_New_GlyphSlot, FT_Done_GlyphSlot
Due to the fact the SONAME was not changed and no mass-rebuild performed for
fc25, this change at least broke Inventor (Inventor uses FT_Done_GlyphSlot).
I haven't tried to check and therefore don't know if this affects more
packages.
fc25 ships an fc24-built Inventor which now contains a reference to an
unresolvable symbol which used to be provided by freetype.
Version-Release number of selected component (if applicable):
freetype-2.6.5
Additional info:
- Inventor clearly is at fault to use private functions from freetype, but it
had been this way for more than ca. 15 years.
- IMHO, it's arguable whether freetype's SONAME should have been changed.
libfreetype.so.6.12.3 and libfreetype.so.6.12.5 definitely are ABI
incompatible.
- It's not clear to me, why freetype made FT_Done_GlyphSlot inaccessible, but
left other similar functions public.
- ATM, I do not see an alternative but to "steal" FT_Done_GlyphSlot code from
freetype and to incorporate it into Inventor, to work-around Inventor's problem
on fedora >= 25.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1110646
Bug ID: 1110646
Summary: woff file missing on purpose?
Product: Fedora
Version: rawhide
Component: fontawesome-fonts
Assignee: pvoborni(a)redhat.com
Reporter: tomspur(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: fonts-bugs(a)lists.fedoraproject.org,
pvoborni(a)redhat.com
Description of problem:
ipython shows this warning:
2014-06-16 20:47:56.421 [tornado.access] WARNING | 404 GET
/static/components/font-awesome/font/fontawesome-webfont.woff?v=3.2.1
(127.0.0.1) 0.37ms
referer=http://localhost:8888/static/style/style.min.css?v=7775081fa91df3822d16b2087bc2c8dd
Would it be possible to also add the .woff file to fontawesome-webfont-web or
is it left out on purpose?
How reproducible:
always
Steps to Reproduce:
1. open ipython-notebook
Actual results:
no fontawesome-webfont.woff
Expected results:
fontawesome-webfont.woff
See also #1006575 for the ipython warning above.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=dtK3lFi0PP&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1417250
Bug ID: 1417250
Summary: Please upgrade to dejavu-fonts 2.37
Product: Fedora
Version: rawhide
Component: dejavu-fonts
Severity: medium
Assignee: nicolas.mailhot(a)laposte.net
Reporter: mcatanzaro(a)gnome.org
QA Contact: extras-qa(a)fedoraproject.org
CC: fonts-bugs(a)lists.fedoraproject.org,
nicolas.mailhot(a)laposte.net, paul(a)frixxon.co.uk,
peter(a)thecodergeek.com, smaitra(a)redhat.com
We have dejavu-fonts 2.35, but dejavu-fonts 2.37 is available. It should be
upgraded!
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1374074
Bug ID: 1374074
Summary: 1px changes in line height from bold <-> non-bold
breaks various websites
Product: Fedora
Version: 24
Component: liberation-fonts
Severity: high
Assignee: psatpute(a)redhat.com
Reporter: jonas(a)thiem.email
QA Contact: extras-qa(a)fedoraproject.org
CC: fonts-bugs(a)lists.fedoraproject.org,
i18n-bugs(a)lists.fedoraproject.org,
petersen(a)redhat.com, psatpute(a)redhat.com
Description of problem:
The liberation fonts as packaged in Fedora can change line height by 1px as
reported by fontconfig if switched from bold to non-bold or vice versa.
This can break various sites displayed in web browsers, and for example all
gitlab code listings viewed on Fedora only (works fine on Ubuntu, Archlinux,
...) aren't lining up properly because of this with the line numbers, which
makes the whole thing look like a big mess. A more detailed analysis can be
found here: https://bugzilla.mozilla.org/show_bug.cgi?id=1296856
Please note I'm not sure who is the best involved party to fix this and whether
e.g. the website should fix it on their side, however I tried playing around
with CSS line-height and so far I didn't manage to make it line up myself in
the affected configurations (but I'm no CSS expert). Therefore I'm filing a bug
here as well, hoping some font expert can shed some light on the issue.
There is also a firefox bug report here:
https://bugzilla.mozilla.org/show_bug.cgi?id=1296856
There is also a gitlab bug report here:
https://gitlab.com/gitlab-org/gitlab-ce/issues/20202
Version-Release number of selected component (if applicable):
Version : 1.07.4
Release : 7.fc24
How reproducible:
100% at affected font sizes
Steps to Reproduce:
1. Run an affected configuration (Firefox Nightly on Fedora should work,
possibly also regular Firefox stable as packaged in Fedora) at an affected web
browser zoom level (100%/standard should work for firefox)
2. Visit a gitlab source code listing of more than just ~10 lines, e.g.
https://gitlab.com/gitlab-org/gitlab-ce/blob/master/app/controllers/groups_…
3. Look how line numbers and lines match up
Actual results:
Line numbers are not matching up
Expected results:
Line numbers are matching up
Additional info:
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1290878
Bug ID: 1290878
Summary: macros.fonts uses %define instead of %global
Product: Fedora
Version: rawhide
Component: fontpackages
Assignee: nicolas.mailhot(a)laposte.net
Reporter: tibbs(a)math.uh.edu
QA Contact: extras-qa(a)fedoraproject.org
CC: fonts-bugs(a)lists.fedoraproject.org,
nicolas.mailhot(a)laposte.net, paul(a)frixxon.co.uk,
tagoh(a)redhat.com
While working on some compatibility macros for EPEL (to let the older branches
use some of the new RPM functionality without ifdefs) I found my macros broke
nothing except the font packages. After some bugging I found that use of
%define in the %_font_pkg() macro will expand itself recursively when expanded
in certain contexts. It seems to work currently by luck.
Changing that one %define to %global appears to work and generates RPMs which
differ from the current packages by nothing other than timestamps.
Is there a specific reason that %define is used there? As I understand it, the
general rule is that you should use %global unless you know that you really
need the special and difficult to explain behavior of %define. There's no
comment in the macros file about this, so I suspect that the use of %define is
not intentional.
Unfortunately this is holding up some work I'm doing so I'd like to get this
pushed out at least for EL6 and EL5 as soon as is reasonable. I'll do a
complete rebuild of all font packages and rpmdiff against current rawhide as
well as EPEL5 and 6 and post it here to make sure there's no breakage, and I'm
happy to push a package with that one line patched to any branches you desire.
Just let me know.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=tEr6H2XzHZ&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1284237
Bug ID: 1284237
Summary: [kn] Change the default Kannada font to Noto from
Lohit-Kannada
Product: Fedora
Version: rawhide
Component: fonts-indic
Assignee: extras-orphan(a)fedoraproject.org
Reporter: prasad.mvs(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: extras-orphan(a)fedoraproject.org,
fonts-bugs(a)lists.fedoraproject.org
Description of problem:
Aesthetically the Noto fonts are way better than Lohit-Kannada. Change the
default system font for Kannada to Noto.
Actual results:
The default fonts of the current fedora releases are Lohit-Kannada
Expected results:
Noto should be made the default font.
Additional info: To see a comparison between these two fonts, please follow
below steps:
1.Make sure that you have Noto font
2.Open the UTRRS page : http://utrrs-testing.rhcloud.com/language/kn
3.Enter "Noto Sans Kannada" and click on Change Font button.
4.Compare the References (Lohit-Kannada) with those of rendered Characters
(Noto Sans) for Code points, GPOS and GSUB.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=BFpLTzr5z3&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1246765
Bug ID: 1246765
Summary: Update to 2.010 (with 1.065 italics)
Product: Fedora
Version: rawhide
Component: adobe-source-sans-pro-fonts
Assignee: alexisis-pristontale(a)hotmail.com
Reporter: suraia(a)ikkoku.de
QA Contact: extras-qa(a)fedoraproject.org
CC: alexisis-pristontale(a)hotmail.com,
fonts-bugs(a)lists.fedoraproject.org,
pikachu.2014(a)gmail.com
Created attachment 1056086
--> https://bugzilla.redhat.com/attachment.cgi?id=1056086&action=edit
Update to 2.010 (with 1.065 italics)
new upstream release is available: 2.010 (with 1.065 italics)
The attached patch updates the package to this new version.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=GEvLU5l4PL&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1436077
Bug ID: 1436077
Summary: Some emoji which should render as one character with
the “Noto Color Emoji” render as several characters
Product: Fedora
Version: 25
Component: pango
Assignee: tagoh(a)redhat.com
Reporter: mfabian(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: fonts-bugs(a)lists.fedoraproject.org,
i18n-bugs(a)lists.fedoraproject.org, tagoh(a)redhat.com
Created attachment 1266551
--> https://bugzilla.redhat.com/attachment.cgi?id=1266551&action=edit
test-text.txt
Test text attached. Showing the test text like this
pango-view --font='Noto Color Emoji 48' ~/test-text.txt
on Fedora 25 shows the emoji not as a single character but as two.
On Fedora 24 (and openSUSE Leap 42.2 and Ubuntu 16.04) this works.
The version of “Noto Color Emoji” used in all these tests is
the latest one from https://www.google.com/get/noto/
which has this file size:
-rw-r-----. 1 mfabian mfabian 5987004 10月 20 11:46 NotoColorEmoji.ttf
The problem is the same when using the “Emoji One” font from:
https://github.com/Ranks/emojione/blob/master/assets/fonts/emojione-android…
--
You are receiving this mail because:
You are on the CC list for the bug.