Closed Bug 1176531 Opened 4 years ago Closed 3 years ago
Update to Freetype 2
http://www.freetype.org/index.html#news http://sourceforge.net/projects/freetype/files/freetype2/2.6/ "FreeType 2.6 2015-06-08 FreeType 2.6 has been released. This is a new major release that provides a better (and simpler) thread-safety model. Among other new features we now have auto-hinting support for Arabic and Thai, together with much improved handling of Apple's GX TrueType variation font format."
4 years ago
Does this bug imply that no work around updating FreeType2 has been done since #1119169? (it seems a bit odd to update an incomplete bug rather than closing it out and then filing a new bug when a new version comes out). The latest version of FreeType2 restores its ability to properly render CFF fonts (previous versions only had incomplete support) so updating FF to use Freetype2 2.6.3 will be appreciated by those whose fonts cannot currently be used because of lack of support by Firefox (and others, but they have their own bug trackers).
Let's see if tryserver is happy with this: https://treeherder.mozilla.org/#/jobs?repo=try&revision=55c336fed3b38e34791019d0e5308740d90fbac8.
Comment on attachment 8815476 [details] [diff] [review] Update freetype to release 2.7 The try failures all look like unrelated intermittents to me.
Attachment #8815476 - Flags: review?(milan)
Comment on attachment 8815476 [details] [diff] [review] Update freetype to release 2.7 Review of attachment 8815476 [details] [diff] [review]: ----------------------------------------------------------------- I reviewed every single of these files :)
Attachment #8815476 - Flags: review?(milan) → review+
(In reply to Milan Sreckovic [:milan] from comment #4) > I reviewed every single of these files :) I should hope so! ;)
Status: UNCONFIRMED → NEW
Ever confirmed: true
QA Contact: jfkthame
https://hg.mozilla.org/integration/mozilla-inbound/rev/24af599c0e9b4f438cf728355af25547cc33b2d1 Bug 1176531 - Update freetype to release 2.7. r=milan
Can this be uplifted to Aurora 52.0 because it's ESR and there's quite a few security bugs fixed between Freetype 2.5.5 and 2.7? If it's not possible then please ignore this.
3 years ago
Assignee: nobody → jfkthame
3 years ago
Is there a list of the relevant security issues? That would help in assessing how important an uplift would be.
Flags: needinfo?(jfkthame) → needinfo?(ionnv)
https://www.freetype.org/index.html#news "FreeType 2.6.2 2015-11-28 FreeType 2.6.2 has been released. This is a minor release that mainly provides better handling of malformed fonts. All users should upgrade." https://sourceforge.net/projects/freetype/files/freetype2/2.6.2/ "A large number of bugs have been detected by using the libFuzzer framework, which should further improve handling of invalid fonts. Thanks again to Kostya Serebryany and Bungeman!" If this isn't security related then please ignore.
What are your thoughts about taking this on 52?
Comment on attachment 8815476 [details] [diff] [review] Update freetype to release 2.7 Approval Request Comment [Feature/Bug causing the regression]: no regression - library update [User impact if declined]: we'll continue to use an older freetype release which includes known bugs (though it is unclear how serious their impact might be for our users) [Is this code covered by automated tests?]: all Linux & Android tests involving text rendering exercise freetype [Has the fix been verified in Nightly?]: yes, landed with no reported issues or test failures [Needs manual test from QE? If yes, steps to reproduce]: no [List of other uplifts needed for the feature/fix]: none [Is the change risky?]: not really [Why is the change risky/not risky?]: updating a widely-used and trusted library [String changes made/needed]: none
Attachment #8815476 - Flags: approval-mozilla-aurora?
(In reply to Ryan VanderMeulen [:RyanVM] from comment #11) > What are your thoughts about taking this on 52? Although it's a big patch, it's just dropping in a new release of the library, which I'd consider a very low risk.
Comment on attachment 8815476 [details] [diff] [review] Update freetype to release 2.7 alright, let's do this. update freetype to 2.7 in beta52
Attachment #8815476 - Flags: approval-mozilla-aurora? → approval-mozilla-beta+
Seeing both this bug and https://bugzilla.mozilla.org/show_bug.cgi?id=1328971 being worked on parallel, with the 2.7.1 patch seemingly landing before the 2.7 patch, so just to confirm: head is now on 2.7.1 (2016-12-30) right? Not 2.7 (2016-09-08)?
2.7.1 landed for Firefox 53. 2.7 was just uplifted to ship in Firefox 52.
gotcha, thanks for clarifying! (the milestone for this bug also said mozilla53, so I figured I'd double check =)
Yeah, it's a bit confusing how we track things - the target milestone tracks when the fix landed on mozilla-central and the status flags track branch uplifts. FWIW, I will probably request uplift of 2.7.1 to 52 as well once it's baked for a bit.
You need to log in before you can comment on or make changes to this bug.