Package: fontconfig Version: 2.11.0-6.7+b1 Severity: important Tags: patch Dear maintainer,
currently, fontconfig registers all fonts installed into the /usr/share/fonts directory hierarchy. This may, however, contain fonts that are not meant to be exposed to general application and are only there to adhere to the FHS specs. One example are fonts in the WOFF(2) file formats. From the official W3C WOFF specs (https://www.w3.org/TR/WOFF/): "2. General Requirements The primary purpose of the WOFF format is to package fonts linked to Web documents by means of CSS @font-face rules. User agents supporting the WOFF file format for linked fonts must respect the requirements of the CSS3 Fonts specification ([CSS3-Fonts] Section 4.1: The @font-face rule). In particular, such linked fonts are only available to the documents that reference them; they MUST NOT be made available to other applications or documents on the user's system. NOTE: the WOFF format is intended for use with @font-face to provide fonts linked to specific Web documents. Therefore, WOFF files must not be treated as an installable font format in desktop operating systems or similar environments. The WOFF-packaged data will typically be decoded to sfnt format for use by existing font-rendering APIs that expect OpenType font data, but such decoded font must not be exposed to other documents or applications." So, please refrain from registering fonts in WOFF(2) formats with fontconfig. This can be achieved by installing the attached fontconfig snippet, courtesy of Nicolas Spalinger <[email protected]>, as /etc/fonts/conf.d/70-no-woffs.conf . Thanks! Cheers, - Fabian -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'experimental'), (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages fontconfig depends on: ii dpkg 1.18.24 ii fontconfig-config 2.11.0-6.7 ii libc6 2.24-10 ii libfontconfig1 2.11.0-6.7+b1 ii libfreetype6 2.8-0.1 fontconfig recommends no packages. fontconfig suggests no packages. -- no debconf information
<?xml version="1.0"?> <!DOCTYPE fontconfig SYSTEM "fonts.dtd"> <fontconfig> <!-- Reject WOFF fonts We don't register WOFF(2) fonts with fontconfig because of the W3C spec --> <selectfont> <rejectfont> <glob>/usr/share/fonts/woff/*</glob> </rejectfont> </selectfont> </fontconfig>

