Skip to content

Blog

DfontSplitter 0.4.2 for Mac — Critical Security Update

DfontSplitter icon

Today I release DfontSplitter 0.4.2 for Mac. This is a critical security update that fixes an issue relating to the Sparkle software update framework when the update pages are served over HTTP. As of 0.4.2, the update pages are now, naturally, served over HTTPS. (It was more than five years ago when the last release was made!)

The vulnerability means that in a scenario where an attacker could launch a man-in-the-middle attack during a Sparkle-enabled app’s update detection process, arbitrary JavaScript could execute in the WebView hosting the release notes. Due to the context that the WebView runs in, the app could then be convinced to run local files, expose local files to a remote server and even execute arbitrary code. More details and a full breakdown are at the post on Vulnerable Security.

This update fixes the Sparkle-related security issue by updating Sparkle and requiring HTTPS for all future DfontSplitter app update communications. Due to new build requirements in Xcode 7.2, the application now requires at least OS X Snow Leopard (10.6) and a 64-bit Intel processor.

The automatic updates feature within DfontSplitter should detect the update, but you can also download and install it manually.

Thanks to Kevin Chen for pointing out the existence of the issue with Sparkle and that it affected DfontSplitter. I had somehow missed the original reporting of the vulnerability, so I particularly appreciate Kevin bringing this to my timely attention.

The astute among you may note that in the Info.plist for this update, I explicitly disable the OS X 10.11 SDK’s check for HTTPS forward secrecy in the HTTPS communications to the update server. Once I figure out a cipher suite configuration that I am happy with, and understand, in Pound (my reverse proxy acting as the TLS terminus), I will update the app again to require forward secrecy.

DfontSplitter for Windows 0.3.1

DfontSplitter logo

“What? I thought you updated this yesterday?”

Well, I did. 😛

Hot on the heels of yesterday’s auto-update-capable release, is DfontSplitter for Windows 0.3.1. This version includes a single fix, introducing a new method of avoiding the dreaded ‘corrupt font file’ error. For some unknown reason, sometimes Windows simply will refuse to work with the original fondu output file, but if simply DfontSplitter makes a duplicate of the file, it will happily see it as a TrueType font! It is very odd behaviour, and this fix only works in some cases, but it should reduce the incidence of ‘corrupt font files’ being output from DfontSplitter for Windows. This means users will less frequently have to go through a secondary hoop to get Windows to play nicely with DfontSplitter’s outputs.

Here are the official release notes:

New Features and Bugfixes

  • Uses a new method to decrease the incidence of ‘invalid font file’ errors on Windows. More fonts should now convert correctly without requiring further intervention.

Known Issues

  • Some fonts still require further conversion after DfontSplitter has created the TrueType font file. FontForge is one option for this.

As always, you can always get the latest and greatest version of DfontSplitter by downloading it from the the DfontSplitter project page.

DfontSplitter for Windows 0.3

DfontSplitter logo

I have just released a new version of DfontSplitter for Windows, version 0.3. The main change here is a brand new automatic update notification system. Like the Mac version, which uses the excellent Sparkle Framework, users of DfontSplitter for Windows can now keep the application up-to-date without having to manually check the website. This makes my development of the software easier, as I can release smaller feature releases more frequently, rather than large releases that must have a longer lifespan.

Unfortunately, because the automatic update feature is new, previous users of DfontSplitter 0.2 are not going to be notified automatically about this new release. 🙁

If you know any other users of DfontSplitter for Windows, please let them know this update is available so they might have the opportunity to keep up-to-date with this new feature too.

Here are the official release notes for this version:

New Features and Bugfixes

  • New automatic update facility, similar to that of DfontSplitter for Mac. Users can now be notified of new releases in the future, which may include new features.

Known Issues

As always, you can always get the latest and greatest version of DfontSplitter by downloading it from the the DfontSplitter project page.

DfontSplitter 0.4 for Mac

I have released a new update to DfontSplitter for Mac. Here are the release notes for this version:

New Features and Bugfixes

  • The Font Suitcase format is now supported. TrueType font data inside a FFIL Font Suitcase can now be extracted with DfontSplitter.

Known Issues

  • Converting TTC files on Mac OS X Leopard (10.5) does sometimes run into problems, where the TTC splitting script can’t open the TTC file. The reason for this is currently unclear.
  • Moving TTF files that have been extracted from a .dfont over to Windows — please see this workaround.
  • Some Font Suitcase files may not contain TTF data that can be extracted.

Screenshot of DfontSplitter for Mac

As always, go across to the DfontSplitter project page to download the new release.

If you’re already using DfontSplitter for Mac, simply go to DfontSplitter > Check for Updates within the application to upgrade to the new release.

DfontSplitter 0.3 for Mac

DfontSplitter 0.3 for Mac screenshot

I’ve been busy beavering away in Xcode and I am now proud to release version 0.3 of DfontSplitter for Mac.

So, here are the release notes:

New Features and Bugfixes

  • Now supports the splitting and extracting of TrueType Collection (TTC) files in addition to traditional Mac Datafork (dfont) files.
  • The conversion of a .dfont will no longer fail if there is already a TTF of the same name in the same directory; it will now overwrite the existing file.
  • Users of Snow Leopard on Intel Core 2 and Xeon Macs will now be running the DfontSplitter application in 64-bit mode.
  • Improved error message text.

Known Issues

  • Converting TTC files on Mac OS X Leopard (10.5) does sometimes run into problems, where the TTC splitting script can’t open the TTC file. The reason for this is currently unclear.
  • Moving TTF files that have been extracted from a .dfont over to Windows — please see this workaround.

As always, go across to the DfontSplitter project page to download the new release.

If you’re already using DfontSplitter for Mac, simply go to DfontSplitter > Check for Updates within the application to upgrade to the new release.

DfontSplitter — Solution to Windows Corrupt Font Error

UPDATE 2011-05-09: While some particularly stubborn fonts do require this process, users who have previously experienced difficulty with older versions of DfontSplitter should first try with DfontSplitter 0.3.1 or later, which include a possible fix for this issue.

I think I’ve finally found a solution to this annoying error message that Windows gives when you use DfontSplitter to convert some fonts and then try and use those converted fonts in Windows.

“The requested font was not a valid font file” error message

It involves using a third-party open source application called FontForge to convert the TTFs that DfontSplitter gives you from a Mac-specific TTF format into ‘regular’ TTF format.

A full tutorial on using this method is included as a YouTube video screencast below.

If you can’t or don’t want to watch the video, essentially the process is:

  • Use DfontSplitter on the .dfont file as normal
  • Open the resulting TTF files you want in FontForge
  • Export each TTF file from FontForge with File > Generate Fonts. Make sure TrueType format is selected.
  • Import the resulting TTF files into Windows fonts folder.

Please do let me know if this process works for you and give any feedback — especially if you’d previously had problems using a .dfont you had wanted to use on Windows.

DfontSplitter for Mac 0.2.1

DfontSplitter logo

I just pushed out an update for DfontSplitter for Mac. The application now features:

  • Automatic software update support via Sparkle
  • New preferences window
  • You can choose whether a Finder window is opened after conversion from the Preferences window
  • New progress indicator while the Convert button is pressed and fondu is working

You can download the release from the (newly prettified) DfontSplitter project page. Enjoy!

DfontSplitter 0.2 for Mac

DfontSplitter icon

NOTE: for the latest release of DfontSplitter, please link to https://peter.upfold.org.uk/projects/dfontsplitter.

The software development wheel has been turning again and I can now announce DfontSplitter 0.2 for Mac OS X.

DfontSplitter is a program which allows you to convert, or split, a Mac OS X .dfont font file into one or more TrueType font files (.ttf). TTF files are much more portable than this Mac-specific format.

This new release sports an entirely new interface built in Cocoa. It is a great improvement over the previous AppleScript interface which required a lot of unnecessary clicking and was generally quite horrible. The new interface also supports batch converting; you can drag several dfonts into the sources list and convert them all at once.

To download, please go to the DfontSplitter project page.

The DfontSplitter icon is from the Oxygen Icon set and is licensed under the Creative Commons BY-SA 3.0 Unported licence.

DfontSplitter for Windows Bug – a Vista Workaround

Further to my earlier post on discovering a bug with DfontSplitter for Windows which surfaces on some versions of Windows, I have now discovered a workaround for this issue on Vista.

If you are using DfontSplitter on Vista and when you convert a font, Windows then complains that it is not a valid font file, you can use this workaround to install the font into your Fonts folder. The font should then work normally.

I’ve tested this with a bunch of fonts, but it might not work absolutely everywhere. You’ll just have to try it and see if it helps.

The details of the workaround are listed here, on the dev wiki.

I’m still interested in testers for XP Service Pack 2. If you’d like to help out please get in contact via email or leave a comment below.

Looking for Testers for DfontSplitter for Windows

I have had a bug in DfontSplitter for Windows reported to me, which I have been able to confirm. On at least the following systems, the resulting TTF files that the program converts are reported as corrupted by Windows:

  • Windows XP Professional SP3
  • Windows Vista Business SP1

On my original development system, which was Windows XP Gold (unpatched – and also not connected to the internet), I had no problems.

This issue does not affect the Mac version of the software.

I am looking for anyone with access to Windows XP SP2 (or SP1, or XP Gold) to see if the problem is present there and hopefully from there I can work out if anything can be done, or how to potentially resolve it.

If you can help me out and you run or can run on one of these systems, please let me know by commenting below or email me.

For the time being, I can’t be sure which versions of Windows DfontSplitter will run on correctly. Sorry if you did download it and it didn’t work. 🙁