## Re-inclusion/support of 'truetype' flag in PHP required ## https://bugs.gentoo.org/show_bug.cgi?id=225851 and http://secunia.com/advisories/30600/ I am aware of this security notice, but TT is usually used 'internally' to an application, so no others can simply add special crafted fonts or the like to exploit these issues from remote. The vulns are fixed in recent versions. http://gentoo-portage.com/dev-lang/php ## Changelog-Comments ## > The configure option --enable-gd-native-ttf (enabled by the 'truetype' USE flag) was removed at upstreams request, as it's considered old and broken. on 2008-Jun-29 FreeType 2.3.7 has been released. http://freetype.org/index2.html FreeType2 is required by many projects. So please include it again, people not requiring FreeType2 simply do not need to enable the 'truetype'-flag.
Only an "old and broken" configure option was removed. Freetype support is still supplied using the "truetype" USE flag.
I don't see what the problem is. I think you got the comments wrong. FreeType in PHP is still available as Jamie Learmonth pointed out already. We won't re-add the quoted configure option as it has been deprecated by upstream. FreeType is still usable and it has nothing to do with the security bug.
