[Pkg-fonts-devel] Bug#863835: fontconfig: please do not register WOFF(2) fonts

Fabian Greffrath fabian at debian.org
Wed May 31 19:03:03 UTC 2017 

Package: fontconfig
Version: 2.11.0-6.7+b1
Severity: important
Tags: patch

Dear maintainer,

currently, fontconfig registers all fonts installed into the
/usr/share/fonts directory hierarchy. This may, however, contain fonts
that are not meant to be exposed to general application and are only
there to adhere to the FHS specs.

One example are fonts in the WOFF(2) file formats. From the official
W3C WOFF specs (https://www.w3.org/TR/WOFF/):

"2. General Requirements

The primary purpose of the WOFF format is to package fonts linked to
Web documents by means of CSS @font-face rules. User agents supporting
the WOFF file format for linked fonts must respect the requirements of
the CSS3 Fonts specification ([CSS3-Fonts] Section 4.1: The @font-face
rule). In particular, such linked fonts are only available to the
documents that reference them; they MUST NOT be made available to
other applications or documents on the user's system.

NOTE: the WOFF format is intended for use with @font-face to provide
fonts linked to specific Web documents. Therefore, WOFF files must not
be treated as an installable font format in desktop operating systems
or similar environments. The WOFF-packaged data will typically be
decoded to sfnt format for use by existing font-rendering APIs that
expect OpenType font data, but such decoded font must not be exposed
to other documents or applications."

So, please refrain from registering fonts in WOFF(2) formats with
fontconfig. This can be achieved by installing the attached fontconfig
snippet, courtesy of Nicolas Spalinger <nicolas_spalinger at sil.org>,
as /etc/fonts/conf.d/70-no-woffs.conf .

Thanks!

Cheers,

 - Fabian

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'experimental'), (500, 'unstable')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages fontconfig depends on:
ii  dpkg               1.18.24
ii  fontconfig-config  2.11.0-6.7
ii  libc6              2.24-10
ii  libfontconfig1     2.11.0-6.7+b1
ii  libfreetype6       2.8-0.1

fontconfig recommends no packages.

fontconfig suggests no packages.

-- no debconf information
-------------- next part --------------
<?xml version="1.0"?>
<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
<fontconfig>
<!-- Reject WOFF fonts
We don't register WOFF(2) fonts with fontconfig because of the W3C spec -->
 <selectfont>
  <rejectfont>
  <glob>/usr/share/fonts/woff/*</glob>
  </rejectfont>
 </selectfont>
</fontconfig>

More information about the Pkg-fonts-devel mailing list