Log of #ghostscript at irc.freenode.net.

Search:
 <<<Back 1 day (to 2020/10/19)Fwd 1 day (to 2020/10/21) >>>20201020 
sam_ chrisl: thanks for freetype fix10:01.05 
  it just had a serious security release upstream so it makes it easier for people to upgrade10:01.18 
chrisl sam_: Not a problem.... that security problem doesn't actually affect us10:01.54 
sam_ we use the system freetype so we had a < dep on freetype until earlier which suddenly became problematic10:03.17 
  yeah, I guess it's more of an issue in browsers, not exploitable via gs10:03.43 
chrisl sam_: We explicitly disable anything other than outline glyphs in our calling code - there were various issues (with fonts, not freetype) that made it necessary10:08.08 
  Having said that, I do want to update soon, regardless of the security implications10:09.13 
sam_ my worry was just about having to hold back the system version for ghostscript, as it's a common application to have installed10:11.05 
  not sure what the bundled one is at atm10:11.14 
chrisl I'm not terribly happy about such a change being made without any explanation, and without any definitive comment when asked :-(10:12.16 
sam_ no, I don't get it either10:13.46 
  (also, some level of CI testing against a popular consumer isn't the worst idea anyway from their side.)10:14.13 
chrisl If I had time, I'd test freetype/HEAD periodically, but there are only so many hours in the week10:15.10 
 <<<Back 1 day (to 2020/10/19)Forward 1 day (to 2020/10/21)>>> 
ghostscript.com #mupdf
Search: