[Bug 1890210] New: CVE-2020-15999 freetype: heap-based buffer
overflow via malformed ttf files
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1890210
Bug ID: 1890210
Summary: CVE-2020-15999 freetype: heap-based buffer overflow
via malformed ttf files
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: ajax(a)redhat.com, caillon+fedoraproject(a)gmail.com,
erack(a)redhat.com, fonts-bugs(a)lists.fedoraproject.org,
gecko-bugs-nobody(a)redhat.com, gghezzo(a)redhat.com,
gnome-sig(a)lists.fedoraproject.org, gparvin(a)redhat.com,
jhorak(a)redhat.com, john.j5live(a)gmail.com,
jramanat(a)redhat.com, jweiser(a)redhat.com,
kevin(a)tigcc.ticalc.org, mclasen(a)redhat.com,
mkasik(a)redhat.com, rhughes(a)redhat.com,
rstrode(a)redhat.com, sandmann(a)redhat.com,
scorneli(a)redhat.com, stcannon(a)redhat.com,
stransky(a)redhat.com, thee(a)redhat.com,
tpopela(a)redhat.com
Target Milestone: ---
Classification: Other
A flaw was found in freetype in the way it processes PNG images embedded into
fonts. A crafted TTF file can lead to heap-based buffer overflow due to integer
truncation in Load_SBit_Png function.
Reference:
https://savannah.nongnu.org/bugs/?59308
Upstream patch:
https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a3bab...
--
You are receiving this mail because:
You are on the CC list for the bug.
2 years, 2 months
[Bug 1820166] New: Droid sans overrides my default CJK font
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1820166
Bug ID: 1820166
Summary: Droid sans overrides my default CJK font
Product: Fedora
Version: 32
Status: NEW
Component: google-droid-fonts
Severity: low
Assignee: nicolas.mailhot(a)laposte.net
Reporter: taocrismon(a)hotmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: fonts-bugs(a)lists.fedoraproject.org,
nicolas.mailhot(a)laposte.net, oliver(a)redhat.com,
paul(a)frixxon.co.uk, tremble(a)tremble.org.uk
Target Milestone: ---
Classification: Fedora
Description of problem:
I have this (per-user) fontconfig configuration to set my preferred sans-serif
font:
<alias>
<family>sans-serif</family>
<prefer>
<family>Noto Sans</family>
<family>Noto Sans CJK SC</family>
</prefer>
</alias>
It should fall back to "Noto Sans CJK SC" when displaying CJK characters. Since
F32 this isn't working anymore. CJK characters are rendered in a different
font, which I cannot recognize.
Digging through fc_debug logs, "Droid Sans" is appended right after "Noto
Sans", before "Noto Sans CJK SC" in the font matching list. Debug messages
confirm it's indeed Droid Sans getting picked.
Removing the relevant part in /etc/fonts/conf.d/65-google-droid-sans-fonts.conf
mitigates this issue. However since both Noto Sans & Droid Sans do not contain
CJK characters, they should both be skipped in favor of CJK fonts. Could this
be a metadata problem? i.e. Droid Sans wrongly advertises as CJK capable.
Version-Release number of selected component (if applicable):
google-droid-sans-fonts-20200215-3.fc32.noarch
--
You are receiving this mail because:
You are on the CC list for the bug.
2 years, 2 months
[Bug 1938205] New: google-droid-sans-fonts has higher priority than
google-noto-sans-fonts
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1938205
Bug ID: 1938205
Summary: google-droid-sans-fonts has higher priority than
google-noto-sans-fonts
Product: Fedora
Version: 34
Status: NEW
Component: google-droid-fonts
Assignee: nicolas.mailhot(a)laposte.net
Reporter: tagoh(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: fonts-bugs(a)lists.fedoraproject.org,
nicolas.mailhot(a)laposte.net, oliver(a)redhat.com
Target Milestone: ---
Classification: Fedora
Description of problem:
Summary says it all. I don't think Droid Fonts is better than Noto Fonts.
Version-Release number of selected component (if applicable):
google-droid-sans-fonts-20200215-9.fc34.noarch
How reproducible:
Steps to Reproduce:
1.rpmm -ql google-droid-sans-fonts google-noto-sans-fonts | grep conf.d
2.
3.
Actual results:
/etc/fonts/conf.d/65-google-droid-sans-fonts.conf
/etc/fonts/conf.d/66-google-noto-sans.conf
Expected results:
google-noto-sans one should come first.
Additional info:
--
You are receiving this mail because:
You are on the CC list for the bug.
2 years, 2 months
[Bug 1993670] New: segfault with pango-view assert in cairo
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1993670
Bug ID: 1993670
Summary: segfault with pango-view assert in cairo
Product: Fedora
Version: 34
Hardware: x86_64
OS: Linux
Status: NEW
Component: pango
Severity: high
Assignee: pwu(a)redhat.com
Reporter: andre.maute(a)gmx.de
QA Contact: extras-qa(a)fedoraproject.org
CC: caillon+fedoraproject(a)gmail.com,
fonts-bugs(a)lists.fedoraproject.org,
gnome-sig(a)lists.fedoraproject.org,
i18n-bugs(a)lists.fedoraproject.org, mclasen(a)redhat.com,
pwu(a)redhat.com, rhughes(a)redhat.com,
rstrode(a)redhat.com, sandmann(a)redhat.com,
tagoh(a)redhat.com
Target Milestone: ---
Classification: Fedora
Description of problem:
1. This one works
$ pango-view --nodisplay --text "abc"
2. This one doesn't
$ pango-view --no-display --text "abc"
pango-view: cairo-hash.c:217: _cairo_hash_table_destroy: Assertion
`hash_table->live_entries == 0' failed.
Aborted (core dumped)
So pango-view triggers an assertion in Cairo.
Version-Release number of selected component (if applicable):
$ dnf repoquery --installed pango
pango-0:1.48.7-1.fc34.i686
pango-0:1.48.7-1.fc34.x86_64
How reproducible:
always
Steps to Reproduce:
1. see 1. of description above
2. see 2. of description above
Actual results:
segfault
Expected results:
no segfault
Additional info:
--
You are receiving this mail because:
You are on the CC list for the bug.
2 years, 3 months
[Bug 1931547] New: Cantarell Regular rendering issues in Gnome Shell
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1931547
Bug ID: 1931547
Summary: Cantarell Regular rendering issues in Gnome Shell
Product: Fedora
Version: 33
Hardware: x86_64
OS: Linux
Status: NEW
Component: abattis-cantarell-fonts
Severity: low
Assignee: klember(a)redhat.com
Reporter: gregswift(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: cosimo.cecchi(a)gmail.com,
fonts-bugs(a)lists.fedoraproject.org, ian(a)ianweller.org,
klember(a)redhat.com, me(a)fale.io, tagoh(a)redhat.com
Target Milestone: ---
Classification: Fedora
Created attachment 1758636
--> https://bugzilla.redhat.com/attachment.cgi?id=1758636&action=edit
broken font lock screen clock
Description of problem:
I've got about 7 machines running fedora 33, to the same patch level. 4 of them
were showing poorly rendered fonts/wrong characters in various parts of the
gnome-shell ui. Primarily: lock screen time, unlock password entry field, and
the top bar calendar view. See attached screenshots. For one of the machines it
stopped doing it after a week or 2. The other machines kept doing it until I
changed the `Interface Text` font using TweakTool, the default is Cantarell
Regular, and any other font seems to be fine, including other Cantarell fonts.
Version-Release number of selected component (if applicable):
The problem started after update on 2/1 which included
abattis-cantarell-fonts-0.301-1.fc33.noarch
/var/log/dnf.rpm.log:2021-02-01T13:07:46-0600 SUBDEBUG Upgrade:
abattis-cantarell-fonts-0.301-1.fc33.noarch
/var/log/dnf.rpm.log:2021-02-01T13:10:00-0600 SUBDEBUG Upgraded:
abattis-cantarell-fonts-0.201-4.fc33.noarch
How reproducible:
On the 3 remaining machines with the issue if I set the font back to Cantarell
Regular the problem returns. But I haven't been able to make it happen on
other machines that arent experiencing the issue.
Steps to Reproduce:
1. Run Fedora 33 with Gnome, using defaults
Actual results:
You will either experience the problem or you won't.
Expected results:
Fonts to be rendered properly.
Additional info:
--
You are receiving this mail because:
You are on the CC list for the bug.
2 years, 4 months
[Bug 1753020] New: Powerline symbols no longer align
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1753020
Bug ID: 1753020
Summary: Powerline symbols no longer align
Product: Fedora
Version: 30
Status: NEW
Component: terminus-font
Assignee: extras-orphan(a)fedoraproject.org
Reporter: andrew(a)linuxjedi.co.uk
QA Contact: extras-qa(a)fedoraproject.org
CC: extras-orphan(a)fedoraproject.org,
fonts-bugs(a)lists.fedoraproject.org,
rhbugs(a)n-dimensional.de
Target Milestone: ---
Classification: Fedora
Created attachment 1615993
--> https://bugzilla.redhat.com/attachment.cgi?id=1615993&action=edit
Screenshot of zsh+om-my-zsh using powerline-fonts and terminus-fonts 4.48
Description of problem:
With version 4.48 of the Terminus font the powerline symbols no longer align
for sizes less than 14pt
Version-Release number of selected component (if applicable):
terminus-fonts-4.48-1.fc30.noarch
How reproducible:
100%
Steps to Reproduce:
1. Install terminus-fonts and powerline-fonts.
2. Use something with powerline (zsh, vim, etc...)
3. Update to the latest terminus-fonts version
4. Use powerline things again
Actual results:
Bad symbol alignment
Expected results:
Good symbol alignment
Additional info:
--
You are receiving this mail because:
You are on the CC list for the bug.
2 years, 4 months
[Bug 1922792] New: font file update breaks arduino distribution
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1922792
Bug ID: 1922792
Summary: font file update breaks arduino distribution
Product: Fedora
Version: 33
Hardware: x86_64
OS: Linux
Status: NEW
Component: abattis-cantarell-fonts
Severity: medium
Assignee: klember(a)redhat.com
Reporter: markster(a)avilution.com
QA Contact: extras-qa(a)fedoraproject.org
CC: cosimo.cecchi(a)gmail.com,
fonts-bugs(a)lists.fedoraproject.org, ian(a)ianweller.org,
klember(a)redhat.com, me(a)fale.io, tagoh(a)redhat.com
Target Milestone: ---
Classification: Fedora
Description of problem:
Version 0.301-1.fc33 of abattis-cantarell-fonts breaks the operation of the
arduino official distribution (not the fedora packaged version). Unfortunately
the official version is required for teensyduino to be installed. The package
works fine on version 0.201
Version-Release number of selected component (if applicable):
abattis-cantarell-fonts noarch 0.301-1.fc33
How reproducible:
100%
Steps to Reproduce:
1. Download arduino-1.8.13-linux64.tar.xz from arduino.cc with 0.201 installed
2. Verify operation
3. update to abattis-cantarell-fonts 0.301
4. Verify menus in arduino lack any text
Actual results:
Menus lack any text making them unusuable
Expected results:
Menus would retain text as normal
Additional info:
--
You are receiving this mail because:
You are on the CC list for the bug.
2 years, 4 months
[Bug 1924576] New: Default font subpixel rendering does not work
well as other Linux
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1924576
Bug ID: 1924576
Summary: Default font subpixel rendering does not work well as
other Linux
Product: Fedora
Version: 33
Hardware: All
OS: All
Status: NEW
Component: freetype
Severity: medium
Assignee: mkasik(a)redhat.com
Reporter: zhaohongxinxin(a)163.com
QA Contact: extras-qa(a)fedoraproject.org
CC: ajax(a)redhat.com, caillon+fedoraproject(a)gmail.com,
fonts-bugs(a)lists.fedoraproject.org,
gnome-sig(a)lists.fedoraproject.org,
kevin(a)tigcc.ticalc.org, mclasen(a)redhat.com,
mkasik(a)redhat.com, rhughes(a)redhat.com,
rstrode(a)redhat.com, sandmann(a)redhat.com
Target Milestone: ---
Classification: Fedora
Description of problem:
Version-Release number of selected component (if applicable):
Problem:
when enable subpixel in gnome-tweaks, the default rendering config will not
work well as other Linux.
Temporary Resolve:
copy those files to this directory /etc/fonts/conf.d/
*/usr/share/fontconfig/conf.avail/10-sub-pixel-rgb.conf
*/usr/share/fontconfig/conf.avail/11-lcdfilter-default.conf
I hope packcage maintainer could change those files intend put them on right
place.
--
You are receiving this mail because:
You are on the CC list for the bug.
2 years, 4 months
[Bug 1851919] New: Pango 1.45 crashes pidgin with any link click
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1851919
Bug ID: 1851919
Summary: Pango 1.45 crashes pidgin with any link click
Product: Fedora
Version: rawhide
Status: NEW
Component: pango
Assignee: pwu(a)redhat.com
Reporter: zkabelac(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: caillon+fedoraproject(a)gmail.com,
fonts-bugs(a)lists.fedoraproject.org,
gnome-sig(a)lists.fedoraproject.org,
i18n-bugs(a)lists.fedoraproject.org,
john.j5live(a)gmail.com, mclasen(a)redhat.com,
pwu(a)redhat.com, rhughes(a)redhat.com,
rstrode(a)redhat.com, sandmann(a)redhat.com,
tagoh(a)redhat.com
Target Milestone: ---
Classification: Fedora
Description of problem:
I've noticed instant crash of a pidgin - with this new pango 1.45 package.
I've downgraded to version pango-1.44.7-3.fc33 and pidgin is 'usable'
again (aka I can click on URL without getting instant core dump).
This is backtrace I'm getting on a crash:
(pidgin 2.13.0-20)
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:49
--Type <RET> for more, q to quit, c to continue without paging--
49 return ret;
[Current thread is 1 (Thread 0x7f2b86c61cc0 (LWP 100183))]
(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:49
#1 0x00007f2b883a78a4 in __GI_abort () at abort.c:79
#2 0x00007f2b886d5b6c in g_assertion_message
(domain=<optimized out>, file=0x7f2b88b7e19b "../pango/pango-context.c",
line=<optimized out>, func=<optimized out>, message=<optimized out>) at
../glib/gtestutils.c:2930
#3 0x00007f2b8873408f in g_assertion_message_expr
(domain=0x7f2b88b79e0d "Pango", file=0x7f2b88b7e19b
"../pango/pango-context.c", line=1435, func=0x7f2b88b7e3d0
"itemize_state_process_run", expr=<optimized out>) at ../glib/gtestutils.c:2956
#4 0x00007f2b88b603d6 in itemize_state_process_run () at
/lib64/libpango-1.0.so.0
#5 0x00007f2b88b61218 in pango_itemize_with_base_dir () at
/lib64/libpango-1.0.so.0
#6 0x00007f2b88b6a695 in pango_layout_check_lines.part () at
/lib64/libpango-1.0.so.0
#7 0x00007f2b88b6c539 in pango_layout_get_extents_internal () at
/lib64/libpango-1.0.so.0
#8 0x00007f2b88b6cac1 in pango_layout_get_pixel_size () at
/lib64/libpango-1.0.so.0
#9 0x000056100c9047f1 in gtk_imhtml_tip ()
#10 0x00007f2b8870ba51 in g_timeout_dispatch
(source=source@entry=0x56100ec326c0, callback=0x56100c9045b0
<gtk_imhtml_tip>, user_data=0x56100d93c2b0)
at ../glib/gmain.c:4800
#11 0x00007f2b8870aeaf in g_main_dispatch (context=0x56100d287540) at
../glib/gmain.c:3309
#12 g_main_context_dispatch (context=0x56100d287540) at ../glib/gmain.c:3974
#13 0x00007f2b8870b238 in g_main_context_iterate
(context=0x56100d287540, block=block@entry=1, dispatch=dispatch@entry=1,
self=<optimized out>)
at ../glib/gmain.c:4047
#14 0x00007f2b8870b553 in g_main_loop_run (loop=0x56100ea147e0) at
../glib/gmain.c:4241
#15 0x00007f2b88f37ba2 in gtk_main () at /lib64/libgtk-x11-2.0.so.0
#16 0x000056100c8bdb4c in main ()
--
You are receiving this mail because:
You are on the CC list for the bug.
2 years, 5 months