graphite-1.3.6 was graphite2

[ken@…]

​http://downloads.sourceforge.net/silgraphite/ as before.

For some reason, this one appears to be called graphite not graphite2. I have seen references to vulnerabilities flying around, and I now see that fedora committed this version with

update to latest release with unspecified security fixes

This is for 7.10.

[bdubbs@…]

We probably need to update the url to github:

​https://github.com/silnrsi/graphite/releases

But with a note that it doesn't download with wget to the correct name. See ​http://www.linuxfromscratch.org/blfs/view/stable/general/liblinear.html for an example.

[bdubbs@…]

Making summary changes to satisfy daily currency scripts.

[ken@…]

Thanks for the link - I confirm they are identical, and both untar to graphite2-1.3.6/ : hopefully sf will be better under its new owners, but linking to github will be better. I have not yet tried wget, must remember to do that when I get around to the edit.

[ken@…]

Replying to bdubbs@…:

We probably need to update the url to github:

​https://github.com/silnrsi/graphite/releases

But with a note that it doesn't download with wget to the correct name. See ​http://www.linuxfromscratch.org/blfs/view/stable/general/liblinear.html for an example.

wget https://github.com/silnrsi/graphite/releases/download/1.3.6/graphite-1.3.6.tgz

got me graphite-1.3.6.tgz

[ken@…]

Done in r17108. FWIW, the vulnerabilities (from a malicious graphite font) can be seen by clicking on the links in the security link from the firefox-45.0 release notes. I did not realise that firefox is using a current version (perhaps modified), even though it cannot be forced to use a system version - I assumed their code was based on an old version.