https://bugzilla.redhat.com/show_bug.cgi?id=1475389
Bug ID: 1475389
Summary: CVE-2017-11571 fontforge: Stack-buffer overflow in
addnibble function
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: anemec(a)redhat.com
CC: eng-i18n-bugs(a)redhat.com,
fonts-bugs(a)lists.fedoraproject.org, kevin(a)scrye.com,
paul(a)frixxon.co.uk, pnemade(a)redhat.com
FontForge 20161012 is vulnerable to a stack-based buffer overflow in addnibble
(parsettf.c) resulting in DoS via a crafted otf file.
Upstream issue:
https://github.com/fontforge/fontforge/issues/3087
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1475388
Bug ID: 1475388
Summary: CVE-2017-11570 fontforge: Buffer over-read in umodenc
function
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: anemec(a)redhat.com
CC: eng-i18n-bugs(a)redhat.com,
fonts-bugs(a)lists.fedoraproject.org, kevin(a)scrye.com,
paul(a)frixxon.co.uk, pnemade(a)redhat.com
FontForge 20161012 is vulnerable to a buffer over-read in umodenc (parsettf.c)
resulting in DoS or via a crafted otf file.
Upstream issue:
https://github.com/fontforge/fontforge/issues/3097
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1475386
Bug ID: 1475386
Summary: CVE-2017-11569 fontforge: Heap-buffer over-read in
readttfcopyrights function
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: anemec(a)redhat.com
CC: eng-i18n-bugs(a)redhat.com,
fonts-bugs(a)lists.fedoraproject.org, kevin(a)scrye.com,
paul(a)frixxon.co.uk, pnemade(a)redhat.com
FontForge 20161012 is vulnerable to a heap-based buffer over-read in
readttfcopyrights (parsettf.c) resulting in DoS via a crafted otf file.
Upstream issue:
https://github.com/fontforge/fontforge/issues/3093
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1433628
Bug ID: 1433628
Summary: First line of pixels chopped off in Chromium/Chrome
when liberation-fonts built with fontforge > 20150430
Product: Fedora
Version: 25
Component: liberation-fonts
Assignee: psatpute(a)redhat.com
Reporter: chillermillerlong(a)hotmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: fonts-bugs(a)lists.fedoraproject.org,
i18n-bugs(a)lists.fedoraproject.org,
petersen(a)redhat.com, psatpute(a)redhat.com
Description of problem:
The current liberation-fonts package is built by fontforge 20160404 and results
in the top of the fonts being chopped off in some pages in Chrome/Chromium.
For example, with this page:
https://www.reddit.com/r/linux/comments/600h4f/wine_24_released/
When built with fontforge 20160404: http://i.imgur.com/kO2H3Hw.png
When built with fontforge 20150430: http://i.imgur.com/IQmu5o3.png
Notice how the first line of pixels is getting chopped off.
Version-Release number of selected component (if applicable):
liberation-fonts-common-1.07.4-7.fc24.noarch
liberation-mono-fonts-1.07.4-7.fc24.noarch
liberation-sans-fonts-1.07.4-7.fc24.noarch
liberation-serif-fonts-1.07.4-7.fc24.noarch
fontforge-20160404-5.fc25.x86_64
Additional info:
I did a git bisect and found that this is the commit in fontforge that
introduced the issue.
---
[chenxiaolong@cxl-fedora25vm fontforge]$ git bisect bad
e870019c2602d50eb00793e979f3e11bcc71d6cf is the first bad commit
commit e870019c2602d50eb00793e979f3e11bcc71d6cf
Author: Frédéric Wang <fred.wang(a)free.fr>
Date: Wed May 13 08:03:13 2015 +0200
Fix read/write of bits USE_TYPO_METRICS and WWS for OS2 version < 4
:040000 040000 7032ea971c1d084ab8a038b4a80d9092e53a8519
eb11e4b5a69718ad94d8dbfc414e7b2a944548d3 M fontforge
---
https://github.com/fontforge/fontforge/commit/e870019c2602d50eb00793e979f3e…
Is this something that can be fixed without affecting/breaking other fonts?
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1414319
Bug ID: 1414319
Summary: freetype ftoption.h evaluates undefined macros
Product: Fedora
Version: 25
Component: freetype
Severity: low
Assignee: mkasik(a)redhat.com
Reporter: yeti(a)physics.muni.cz
QA Contact: extras-qa(a)fedoraproject.org
CC: behdad(a)fedoraproject.org,
fonts-bugs(a)lists.fedoraproject.org,
kevin(a)tigcc.ticalc.org, mkasik(a)redhat.com
Description of problem:
Header file /usr/include/freetype2/freetype/config/ftoption.h evaluates the
numerical value of undefined macro TT_CONFIG_OPTION_SUBPIXEL_HINTING. This is
somewhat annoying with -Wundef (and a poor practice).
Version-Release number of selected component (if applicable):
freetype-2.6.5-1.fc25
How reproducible:
Always.
Steps to Reproduce:
1. Create file bug.c with the following contents:
#include <ft2build.h>
#include FT_FREETYPE_H
2. Run (with freetype-devel installed)
gcc -Wundef -c $(pkg-config --cflags freetype2) bug.c
Actual results:
In file included from
/usr/include/freetype2/freetype/config/ftconfig-64.h:42:0,
from /usr/include/freetype2/freetype/config/ftconfig.h:9,
from /usr/include/freetype2/freetype/freetype.h:33,
from bug.c:2:
/usr/include/freetype2/freetype/config/ftoption.h:845:5: warning:
"TT_CONFIG_OPTION_SUBPIXEL_HINTING" is not defined [-Wundef]
#if TT_CONFIG_OPTION_SUBPIXEL_HINTING & 1
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/freetype2/freetype/config/ftoption.h:849:5: warning:
"TT_CONFIG_OPTION_SUBPIXEL_HINTING" is not defined [-Wundef]
#if TT_CONFIG_OPTION_SUBPIXEL_HINTING & 2
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Expected results:
It compiles cleanly.
Additional info:
The numerical evaluation should be guarded by an #ifdef -- AFAICT the expected
behaviour when TT_CONFIG_OPTION_SUBPIXEL_HINTING is undefined is that neither
TT_SUPPORT_SUBPIXEL_HINTING_INFINALITY nor TT_SUPPORT_SUBPIXEL_HINTING_MINIMAL
should be defined:
--- ftoption.h.orig 2017-01-18 10:41:32.517812687 +0100
+++ ftoption.h 2017-01-18 10:42:16.852136325 +0100
@@ -842,6 +842,7 @@
#ifdef TT_CONFIG_OPTION_BYTECODE_INTERPRETER
#define TT_USE_BYTECODE_INTERPRETER
+#ifdef TT_CONFIG_OPTION_SUBPIXEL_HINTING
#if TT_CONFIG_OPTION_SUBPIXEL_HINTING & 1
#define TT_SUPPORT_SUBPIXEL_HINTING_INFINALITY
#endif
@@ -850,6 +851,7 @@
#define TT_SUPPORT_SUBPIXEL_HINTING_MINIMAL
#endif
#endif
+#endif
/*
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1389683
Bug ID: 1389683
Summary: Blurred rendering
Product: Fedora
Version: 25
Component: freetype
Assignee: mkasik(a)redhat.com
Reporter: fedora(a)famillecollet.com
QA Contact: extras-qa(a)fedoraproject.org
CC: behdad(a)fedoraproject.org,
fonts-bugs(a)lists.fedoraproject.org,
kevin(a)tigcc.ticalc.org, mkasik(a)redhat.com
Created attachment 1214870
--> https://bugzilla.redhat.com/attachment.cgi?id=1214870&action=edit
Zoomed screen shot
Description of problem:
Since update to F25, font are blurred.
Version-Release number of selected component (if applicable):
freetype-2.6.5-1.fc25.x86_64
How reproducible:
Always
Notice: with F24, I solved the problem switching from Cantarell to Liberation,
but no success on F25.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1351287
Bug ID: 1351287
Summary: Wrong placement of polish glyph Ogonek
Product: Fedora
Version: rawhide
Component: liberation-fonts
Assignee: psatpute(a)redhat.com
Reporter: riemersebastian(a)hotmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: fonts-bugs(a)lists.fedoraproject.org,
i18n-bugs(a)lists.fedoraproject.org,
petersen(a)redhat.com, psatpute(a)redhat.com
Description of problem:
The following text when using font "LiberationSans-Regular" renders the polish
Ogonek far to the right which does not seem correct when compared to other
fonts.
INPUT: "Lektura dla pocza̜tkuja̜cych"
Version-Release number of selected component (if applicable):
version 2.0.0 (Downloaded from
https://www.fontsquirrel.com/fonts/liberation-sans)
How reproducible:
Just use the text "Lektura dla pocza̜tkuja̜cych" and the problem should be
visible (and see below)
Steps to Reproduce:
1. Go to https://www.fontsquirrel.com/fonts/liberation-sans
2. Go to tab "Test drive"
3. Enter text "Lektura dla pocza̜tkuja̜cych"
Actual results:
The result shows the Ogonek way to the right and AFAIK it should render
centered below the letter 'a'.
Expected results:
Compare by same steps as above, but e.g. choose as font: Junicode
(https://www.fontsquirrel.com/fonts/Junicode)
Additional info:
None
--
You are receiving this mail because:
You are on the CC list for the bug.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: fonts.alias refer to encodings not listed in fonts.dir
https://bugzilla.redhat.com/show_bug.cgi?id=733106
Summary: fonts.alias refer to encodings not listed in fonts.dir
Product: Fedora
Version: rawhide
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: unspecified
Priority: unspecified
Component: sazanami-fonts
AssignedTo: tagoh(a)redhat.com
ReportedBy: viy(a)altlinux.org
QAContact: extras-qa(a)fedoraproject.org
CC: tagoh(a)redhat.com, fonts-bugs(a)lists.fedoraproject.org,
i18n-bugs(a)lists.fedoraproject.org
Classification: Fedora
Story Points: ---
Type: ---
fonts.alias files refer to jisx020*.19??-0 font encodings while fonts.dir does
not list them.
looks like a fonts.scale/fonts.dir generation bug.
/usr/share/X11/fonts/encodings/large/*
encodings should be present during fonts.scale/fonts.dir generation.
sazanami-fonts-0.20040629-15.fc15.src.rpm
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.