./x11/libXfont, X font Library

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.4.8, Package name: libXfont-1.4.8, Maintainer: joerg

This package provides the X font Library from the modular
X.org X11 project.


Required to run:
[graphics/freetype2] [fonts/libfontenc]

Required to build:
[x11/xproto] [x11/xtrans] [x11/fontsproto] [x11/fontcacheproto]

Master sites: (Expand)

SHA1: 687746ba7e6d6064cb2b930e2dfe744603a5f85b
RMD160: 4ab6fff999c13163c30eb455329c1c37b6891e69
Filesize: 479.142 KB

Version history: (Expand)


CVS history: (Expand)


   2014-05-16 10:36:21 by Thomas Klausner | Files touched by this commit (5) | Package updated
Log message:
Update to 1.4.8.

This release is overflowing with security fixes and code cleanups,
including the fixes for CVE-2014-0209, CVE-2014-0210, & CVE-2014-0211
for the security advisory published earlier this week:
    http://lists.x.org/archives/xorg-announ … 02431.html

This release works with fontsproto 2.1.2 or earlier and is for use with
the existing stable releases of xorg-server - 1.15 & earlier.

libXfont 1.5 will be released later this year to support fontsproto 2.1.3
and xorg-server 1.16.  It will also change the compile time defaults to stop
building SNF font format support by default, taking the next step in the
deprecation of this file format that was used prior to X11R5, and has been
on the way out since 1991.   In the unlikely event that you still need to
support old SNF format fonts, get in the habit of adding --enable-snfformat
to your configure flags when building.
   2014-05-16 01:48:05 by Joerg Sonnenberger | Files touched by this commit (4)
Log message:
Fix CVE-2014-0209, CVE-2014-0210 and CVE-2014-0211, validation errors
triggerable via XFS or local font directories under user control.
Bump revision.
   2014-04-15 18:47:26 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
Fix compatibility with fontsproto-2.1.3 and depend on it.
Bump PKGREVISION.
   2014-03-10 12:05:54 by Jonathan Perkin | Files touched by this commit (57)
Log message:
Search for pkgconfig files in lib${LIBABISUFFIX} and share directories
as appropriate.  This is required for X11_TYPE=native on Red Hat Linux.
   2014-01-07 21:09:18 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
Update to 1.4.7 (pkgsrc already had the security fix):

This release includes the fix for CVE-2013-6462, as well as other security
hardening and code cleanups, and makes libXfont compatible with libXtrans 1.3
on Solaris.

Alan Coopersmith (7):
      xstrdup -> strdup
      Replace malloc(strlen)+strcpy/strcat calls with strdup
      Don't leak old allocation if realloc fails to enlarge it
      Add AC_USE_SYSTEM_EXTENSIONS to expose non-standard extensions
      CVE-2013-6462: unlimited sscanf overflows stack buffer in bdfReadCharacters()
      Limit additional sscanf strings to fit buffer sizes
      libXfont 1.4.7

Julien Cristau (1):
      Make serverGeneration unsigned
   2014-01-07 08:39:49 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
CVE-2013-6462:
A BDF font file containing a longer than expected string could
overflow the buffer on the stack.  Testing in X servers built with
Stack Protector resulted in an immediate crash when reading a
user-provided specially crafted font.

Bump PKGREVISION.
   2013-07-22 08:34:53 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
Update to 1.4.6:

This minor bug fix release includes a couple bug fixes, and a little bit
of cleanup of both the code & build configuration.

Adam Jackson (2):
      catalogue: Fix obvious thinko
      configure: Remove AM_MAINTAINER_MODE

Alan Coopersmith (3):
      Replace deprecated Automake INCLUDES variable with AM_CPPFLAGS
      Require ANSI C89 pre-processor, drop pre-C89 token pasting support
      libXfont 1.4.6

Arvind Umrao (1):
      If socket is interrupted with signal EINTR, re-attempt read.

Colin Walters (1):
      autogen.sh: Implement GNOME Build API

Thomas Klausner (1):
      Protect config.h inclusion with ifdef HAVE_CONFIG_H, like usual.

Yaakov Selkowitz (1):
      Omit catalogue support on systems without symlinks
   2013-06-05 00:17:35 by Matthias Scheler | Files touched by this commit (1946)
Log message:
Try to fix the fallout caused by the fix for PR pkg/47882. Part 3:

Recursively bump package revisions again after the "freetype2" and
"fontconfig" handling was fixed.