fonts-bugs August 2017

fonts-bugs@lists.fedoraproject.org

2 participants
94 discussions

[Bug 1484018] CVE-2007-5199 libxfont: single byte overflow in catalogue.c
by bugzilla＠redhat.com 22 Aug '17

22 Aug '17

1 0

[Bug 1446073] New: CVE-2017-8287 freetype: heap-based buffer overflow related to the t1_builder_close_contour function
by bugzilla＠redhat.com 22 Aug '17

22 Aug '17

https://bugzilla.redhat.com/show_bug.cgi?id=1446073 Bug ID: 1446073 Summary: CVE-2017-8287 freetype: heap-based buffer overflow related to the t1_builder_close_contour function Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: behdad(a)fedoraproject.org, bmcclain(a)redhat.com, cfergeau(a)redhat.com, dblechte(a)redhat.com, eedri(a)redhat.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, fonts-bugs(a)lists.fedoraproject.org, gklein(a)redhat.com, kevin(a)tigcc.ticalc.org, lsurette(a)redhat.com, mgoldboi(a)redhat.com, michal.skrivanek(a)redhat.com, mkasik(a)redhat.com, rbalakri(a)redhat.com, rh-spice-bugs(a)redhat.com, rjones(a)redhat.com, sherold(a)redhat.com, srevivo(a)redhat.com, ydary(a)redhat.com, ykaul(a)redhat.com FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c. Upstream patch: https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc0… Bug report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941 -- You are receiving this mail because: You are on the CC list for the bug.

1 6

[Bug 1445925] [abrt] gimp: pango_ot_info_list_scripts(): gimp-2.8 killed by SIGSEGV
by bugzilla＠redhat.com 22 Aug '17

22 Aug '17

https://bugzilla.redhat.com/show_bug.cgi?id=1445925 Akira TAGOH <tagoh(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(eklawl01(a)gmail.co | |m) --- Comment #21 from Akira TAGOH <tagoh(a)redhat.com> --- Is this still reproducible with 1.40.9 say? -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1482494] New: fonttools-3.15.0 is available
by bugzilla＠redhat.com 20 Aug '17

20 Aug '17

https://bugzilla.redhat.com/show_bug.cgi?id=1482494 Bug ID: 1482494 Summary: fonttools-3.15.0 is available Product: Fedora Version: rawhide Component: fonttools Keywords: FutureFeature, Triaged Assignee: pnemade(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: fonts-bugs(a)lists.fedoraproject.org, pnemade(a)redhat.com, sshedmak(a)redhat.com Latest upstream release: 3.15.0 Current version/release in rawhide: 3.14.0-1.fc27 URL: https://github.com/fonttools/fonttools/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/7388/ -- You are receiving this mail because: You are on the CC list for the bug.

1 6

[Bug 1397960] New: freetype-config --libtool prints path to non-existent libtool library file
by Red Hat Bugzilla 17 Aug '17

17 Aug '17

https://bugzilla.redhat.com/show_bug.cgi?id=1397960 Bug ID: 1397960 Summary: freetype-config --libtool prints path to non-existent libtool library file Product: Fedora Version: 25 Component: freetype Severity: medium Assignee: mkasik(a)redhat.com Reporter: jprajzne(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: behdad(a)fedoraproject.org, desktop-qa-list(a)redhat.com, fonts-bugs(a)lists.fedoraproject.org, kevin(a)tigcc.ticalc.org, mkasik(a)redhat.com, tpelka(a)redhat.com Depends On: 1368141 Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1368141 [Bug 1368141] freetype-config --libtool prints path to non-existent libtool library file -- You are receiving this mail because: You are on the CC list for the bug.

2 2

[Bug 1372368] New: freetype-2.6.5 and freetype-2.6.3 are ABI incompatible
by Red Hat Bugzilla 17 Aug '17

17 Aug '17

https://bugzilla.redhat.com/show_bug.cgi?id=1372368 Bug ID: 1372368 Summary: freetype-2.6.5 and freetype-2.6.3 are ABI incompatible Product: Fedora Version: 25 Component: freetype Assignee: mkasik(a)redhat.com Reporter: rc040203(a)freenet.de QA Contact: extras-qa(a)fedoraproject.org CC: behdad(a)fedoraproject.org, fonts-bugs(a)lists.fedoraproject.org, kevin(a)tigcc.ticalc.org, mkasik(a)redhat.com Description of problem: With freetype-2.6.5, some freetype-internal functions, which were publicly accessible before were made inaccessible, e.g. FT_New_GlyphSlot, FT_Done_GlyphSlot Due to the fact the SONAME was not changed and no mass-rebuild performed for fc25, this change at least broke Inventor (Inventor uses FT_Done_GlyphSlot). I haven't tried to check and therefore don't know if this affects more packages. fc25 ships an fc24-built Inventor which now contains a reference to an unresolvable symbol which used to be provided by freetype. Version-Release number of selected component (if applicable): freetype-2.6.5 Additional info: - Inventor clearly is at fault to use private functions from freetype, but it had been this way for more than ca. 15 years. - IMHO, it's arguable whether freetype's SONAME should have been changed. libfreetype.so.6.12.3 and libfreetype.so.6.12.5 definitely are ABI incompatible. - It's not clear to me, why freetype made FT_Done_GlyphSlot inaccessible, but left other similar functions public. - ATM, I do not see an alternative but to "steal" FT_Done_GlyphSlot code from freetype and to incorporate it into Inventor, to work-around Inventor's problem on fedora >= 25. -- You are receiving this mail because: You are on the CC list for the bug.

2 3

[Bug 1110646] New: woff file missing on purpose?
by Red Hat Bugzilla 16 Aug '17

16 Aug '17

https://bugzilla.redhat.com/show_bug.cgi?id=1110646 Bug ID: 1110646 Summary: woff file missing on purpose? Product: Fedora Version: rawhide Component: fontawesome-fonts Assignee: pvoborni(a)redhat.com Reporter: tomspur(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: fonts-bugs(a)lists.fedoraproject.org, pvoborni(a)redhat.com Description of problem: ipython shows this warning: 2014-06-16 20:47:56.421 [tornado.access] WARNING | 404 GET /static/components/font-awesome/font/fontawesome-webfont.woff?v=3.2.1 (127.0.0.1) 0.37ms referer=http://localhost:8888/static/style/style.min.css?v=7775081fa91df3822d16b2087bc2c8dd Would it be possible to also add the .woff file to fontawesome-webfont-web or is it left out on purpose? How reproducible: always Steps to Reproduce: 1. open ipython-notebook Actual results: no fontawesome-webfont.woff Expected results: fontawesome-webfont.woff See also #1006575 for the ipython warning above. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=dtK3lFi0PP&a=cc_unsubscribe

2 16

[Bug 1417250] New: Please upgrade to dejavu-fonts 2.37
by Red Hat Bugzilla 15 Aug '17

15 Aug '17

https://bugzilla.redhat.com/show_bug.cgi?id=1417250 Bug ID: 1417250 Summary: Please upgrade to dejavu-fonts 2.37 Product: Fedora Version: rawhide Component: dejavu-fonts Severity: medium Assignee: nicolas.mailhot(a)laposte.net Reporter: mcatanzaro(a)gnome.org QA Contact: extras-qa(a)fedoraproject.org CC: fonts-bugs(a)lists.fedoraproject.org, nicolas.mailhot(a)laposte.net, paul(a)frixxon.co.uk, peter(a)thecodergeek.com, smaitra(a)redhat.com We have dejavu-fonts 2.35, but dejavu-fonts 2.37 is available. It should be upgraded! -- You are receiving this mail because: You are on the CC list for the bug.

2 2

[Bug 1258542] Review Request: hack-fonts - A typeface designed for source code
by bugzilla＠redhat.com 13 Aug '17

13 Aug '17

https://bugzilla.redhat.com/show_bug.cgi?id=1258542 Peter Oliver <mavit(a)mavit.org.uk> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1441023 Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1441023 [Bug 1441023] Review Request: python-fontmake - Compile fonts from sources to binary -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1374074] New: 1px changes in line height from bold <-> non-bold breaks various websites
by Red Hat Bugzilla 08 Aug '17

08 Aug '17

https://bugzilla.redhat.com/show_bug.cgi?id=1374074 Bug ID: 1374074 Summary: 1px changes in line height from bold <-> non-bold breaks various websites Product: Fedora Version: 24 Component: liberation-fonts Severity: high Assignee: psatpute(a)redhat.com Reporter: jonas(a)thiem.email QA Contact: extras-qa(a)fedoraproject.org CC: fonts-bugs(a)lists.fedoraproject.org, i18n-bugs(a)lists.fedoraproject.org, petersen(a)redhat.com, psatpute(a)redhat.com Description of problem: The liberation fonts as packaged in Fedora can change line height by 1px as reported by fontconfig if switched from bold to non-bold or vice versa. This can break various sites displayed in web browsers, and for example all gitlab code listings viewed on Fedora only (works fine on Ubuntu, Archlinux, ...) aren't lining up properly because of this with the line numbers, which makes the whole thing look like a big mess. A more detailed analysis can be found here: https://bugzilla.mozilla.org/show_bug.cgi?id=1296856 Please note I'm not sure who is the best involved party to fix this and whether e.g. the website should fix it on their side, however I tried playing around with CSS line-height and so far I didn't manage to make it line up myself in the affected configurations (but I'm no CSS expert). Therefore I'm filing a bug here as well, hoping some font expert can shed some light on the issue. There is also a firefox bug report here: https://bugzilla.mozilla.org/show_bug.cgi?id=1296856 There is also a gitlab bug report here: https://gitlab.com/gitlab-org/gitlab-ce/issues/20202 Version-Release number of selected component (if applicable): Version : 1.07.4 Release : 7.fc24 How reproducible: 100% at affected font sizes Steps to Reproduce: 1. Run an affected configuration (Firefox Nightly on Fedora should work, possibly also regular Firefox stable as packaged in Fedora) at an affected web browser zoom level (100%/standard should work for firefox) 2. Visit a gitlab source code listing of more than just ~10 lines, e.g. https://gitlab.com/gitlab-org/gitlab-ce/blob/master/app/controllers/groups_… 3. Look how line numbers and lines match up Actual results: Line numbers are not matching up Expected results: Line numbers are matching up Additional info: -- You are receiving this mail because: You are on the CC list for the bug.

2 2

← Newer
1
2
3
4
5
6
7
8
9
10
Older →

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

fonts-bugs August 2017