Closed Bug 1119169 Opened 5 years ago Closed 5 years ago

Update to freetype 2.5.5

Categories

(Core :: Graphics: Text, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla37

People

(Reporter: mwu, Assigned: mwu)

References

Details

Attachments

(1 file)

Freetype 2.5.5 was released on Dec 30, 2014. We're currently on 2.5.3 and 2.5.4 had a security fix.
Relatively straightforward. I dropped in the new freetype and updated README.moz-patches. Seems to build/work ok on B2G. We'll see what try thinks of it.
Attachment #8546040 - Flags: review?(jfkthame)
Comment on attachment 8546040 [details] [diff] [review]
Update to freetype 2.5.5

Review of attachment 8546040 [details] [diff] [review]:
-----------------------------------------------------------------

Looks fine; rs=me, provided tryserver agrees.
Attachment #8546040 - Flags: review?(jfkthame) → review+
Try server seems happy.
https://hg.mozilla.org/mozilla-central/rev/f359670a036d
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla37
Jonathan, does the security issue here affect us? Seems like something we might check for already.. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2240

I'll request uplift if this does affect us.
Flags: needinfo?(jfkthame)
Hmm - CVE-2014-2240 was originally supposed to be fixed in 2.5.3, but then the FreeType notes say that 2.5.4 had a further fix for it.

However, AFAICT we should be protected from this anyhow (for downloadable fonts, which would be the main cause for concern) because OTS explicitly checks the number of stem hints and will reject the font if there are more than the spec allows.

So I think it's fine for this to just ride the usual trains.
Flags: needinfo?(jfkthame)
Blocks: 1176531
You need to log in before you can comment on or make changes to this bug.