[Buildroot] [PATCH 1/1] package/graphite2: security bump to version 1.3.14

Peter Korsgaard peter at korsgaard.com
Tue Sep 1 18:40:13 UTC 2020


>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:

 > - Switch site to github, here is an extract of
 >   https://sourceforge.net/projects/silgraphite:
 >   "This project has been deprecated. Graphite2, a new version of the
 >   Graphite engine, is available at: https://github.com/silnrsi/graphite
 >   with its own bug tracker."
 > - graphite2 can be built statically since version 1.3.11 and
 >   https://github.com/silnrsi/graphite/commit/2f143c04da5caa43ddf4dba437b2f2bc26bf4238
 > - Update indentation in hash file (two spaces)

 > Extract from ChangeLog:

 > 1.3.14
 >     . Bug fixes
 >     . Allow features to be hidden (for aliases)
 >     . Move to python3
 >     . Rename doc files from .txt to .asc

 > 1.3.13
 >     . Resolve minor spacing issue in rtl non-overlap kerning
 >     . python3 for graphite.py
 >     . Better fuzzing
 >     . Better building on windows

 > 1.3.12
 >     . Graphite no longer does dumb rendering for fonts with no smarts
 >     . Segment caching code removed. Anything attempting to use the segment cache gets given a regular face instead
 >     . Add libfuzzer support
 >     . Builds now require C++11
 >     . Improvements to Windows 64 bit builds
 >     . Support different versions of python including 32 bit and python 3
 >     . Various minor bug fixes

 > 1.3.11
 >     . Fixes due to security review
 >     . Minor collision avoidance fixes
 >     . Fix LZ4 decompressor against high compression

 > The fixes due to security review are a little bit vague, a quick search
 > on github seems to indicate that those issues could be related to
 > segcache which has been removed since version 1.3.12:
 > https://github.com/silnrsi/graphite/search?q=security&type=Issues
 > https://github.com/silnrsi/graphite/commit/b0f77e4a9dc50a888f74e904000a2486b2fc5527

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>

Committed to 2020.02.x and 2020.05.x, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list