Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 231565

Summary: Re-inclusion/support of 'truetype' flag in PHP required
Product: Gentoo Linux Reporter: Corvinian <aragorn2>
Component: New packagesAssignee: PHP Bugs <php-bugs>
Status: RESOLVED INVALID    
Severity: major    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Corvinian 2008-07-12 09:37:51 UTC
## Re-inclusion/support of 'truetype' flag in PHP required ##

https://bugs.gentoo.org/show_bug.cgi?id=225851
and http://secunia.com/advisories/30600/

I am aware of this security notice, but TT is usually used 'internally' to an
application, so no others can simply add special crafted fonts or the like to
exploit these issues from remote. The vulns are fixed in recent versions.

http://gentoo-portage.com/dev-lang/php

## Changelog-Comments ##
> The configure option --enable-gd-native-ttf (enabled by the 'truetype' USE flag) was removed at upstreams request, as it's considered old and broken.

on 2008-Jun-29 FreeType 2.3.7 has been released.
http://freetype.org/index2.html

FreeType2 is required by many projects. So please include it again,
people not requiring FreeType2 simply do not need to enable the 'truetype'-flag.
Comment 1 Jamie Learmonth 2009-01-19 23:37:30 UTC
Only an "old and broken" configure option was removed. Freetype support
is still supplied using the "truetype" USE flag.

Comment 2 Christian Hoffmann (RETIRED) gentoo-dev 2009-04-09 10:14:40 UTC
I don't see what the problem is. I think you got the comments wrong. FreeType in PHP is still available as Jamie Learmonth pointed out already.
We won't re-add the quoted configure option as it has been deprecated by upstream. FreeType is still usable and it has nothing to do with the security bug.