Closed
Bug 1119169
Opened 9 years ago
Closed 9 years ago
Update to freetype 2.5.5
Categories
(Core :: Graphics: Text, defect)
Core
Graphics: Text
Tracking
()
RESOLVED
FIXED
mozilla37
People
(Reporter: mwu, Assigned: mwu)
References
Details
Attachments
(1 file)
2.82 MB,
patch
|
jfkthame
:
review+
|
Details | Diff | Splinter Review |
Freetype 2.5.5 was released on Dec 30, 2014. We're currently on 2.5.3 and 2.5.4 had a security fix.
Assignee | ||
Comment 1•9 years ago
|
||
Relatively straightforward. I dropped in the new freetype and updated README.moz-patches. Seems to build/work ok on B2G. We'll see what try thinks of it.
Attachment #8546040 -
Flags: review?(jfkthame)
Assignee | ||
Comment 2•9 years ago
|
||
https://treeherder.mozilla.org/ui/#/jobs?repo=try&revision=aed0fd9d9c48
Comment 3•9 years ago
|
||
Comment on attachment 8546040 [details] [diff] [review] Update to freetype 2.5.5 Review of attachment 8546040 [details] [diff] [review]: ----------------------------------------------------------------- Looks fine; rs=me, provided tryserver agrees.
Attachment #8546040 -
Flags: review?(jfkthame) → review+
Assignee | ||
Comment 4•9 years ago
|
||
Try server seems happy.
Assignee | ||
Comment 5•9 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/f359670a036d
Comment 6•9 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/f359670a036d
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla37
Assignee | ||
Comment 7•9 years ago
|
||
Jonathan, does the security issue here affect us? Seems like something we might check for already.. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2240 I'll request uplift if this does affect us.
Flags: needinfo?(jfkthame)
Comment 8•9 years ago
|
||
Hmm - CVE-2014-2240 was originally supposed to be fixed in 2.5.3, but then the FreeType notes say that 2.5.4 had a further fix for it. However, AFAICT we should be protected from this anyhow (for downloadable fonts, which would be the main cause for concern) because OTS explicitly checks the number of stem hints and will reject the font if there are more than the spec allows. So I think it's fine for this to just ride the usual trains.
Flags: needinfo?(jfkthame)
You need to log in
before you can comment on or make changes to this bug.
Description
•