| <<<Back 1 day (to 2020/10/19) | Fwd 1 day (to 2020/10/21) >>> | 20201020 |
sam_ | chrisl: thanks for freetype fix | 10:01.05 |
| it just had a serious security release upstream so it makes it easier for people to upgrade | 10:01.18 |
chrisl | sam_: Not a problem.... that security problem doesn't actually affect us | 10:01.54 |
sam_ | we use the system freetype so we had a < dep on freetype until earlier which suddenly became problematic | 10:03.17 |
| yeah, I guess it's more of an issue in browsers, not exploitable via gs | 10:03.43 |
chrisl | sam_: We explicitly disable anything other than outline glyphs in our calling code - there were various issues (with fonts, not freetype) that made it necessary | 10:08.08 |
| Having said that, I do want to update soon, regardless of the security implications | 10:09.13 |
sam_ | my worry was just about having to hold back the system version for ghostscript, as it's a common application to have installed | 10:11.05 |
| not sure what the bundled one is at atm | 10:11.14 |
chrisl | I'm not terribly happy about such a change being made without any explanation, and without any definitive comment when asked :-( | 10:12.16 |
sam_ | no, I don't get it either | 10:13.46 |
| (also, some level of CI testing against a popular consumer isn't the worst idea anyway from their side.) | 10:14.13 |
chrisl | If I had time, I'd test freetype/HEAD periodically, but there are only so many hours in the week | 10:15.10 |
| <<<Back 1 day (to 2020/10/19) | Forward 1 day (to 2020/10/21)>>> | |