./x11/libXfont, X font Library

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 1.5.1, Package name: libXfont-1.5.1, Maintainer: joerg

This package provides the X font Library from the modular
X.org X11 project.

Required to run:
[graphics/freetype2] [fonts/libfontenc]

Required to build:
[x11/xproto] [x11/xtrans] [x11/fontsproto] [x11/fontcacheproto]

Master sites: (Expand)

SHA1: e63a354de5dc2d8cba08d50add1519471412a618
RMD160: f597f5f5d5da639fa4ba8364c26af5793537de3e
Filesize: 491.116 KB

Version history: (Expand)

CVS history: (Expand)

   2015-03-17 18:40:00 by Tobias Nygren | Files touched by this commit (2) | Package updated
Log message:
Update to libXfont-1.5.1 for CVE-2015-1802, CVE-2015-1803, CVE-2015-1804.

Alan Coopersmith (6):
      Remove unneeded checks for #ifndef X_NOT_POSIX
      Use 'imdent' to realign cpp indentation levels in fslibos.h
      bdfReadProperties: property count needs range check [CVE-2015-1802]
      bdfReadCharacters: bailout if a char's bitmap cannot be read [CVE-2015-1803]
      bdfReadCharacters: ensure metrics fit into xCharInfo struct [CVE-2015-1804]
      libXfont 1.5.1

Christos Zoulas (1):
      Set close-on-exec for font file I/O.
   2015-02-28 11:26:32 by Thomas Klausner | Files touched by this commit (4) | Package updated
Log message:
Update to 1.5.0.
Despite the warning below, the server compiles fine and this version was used
to update NetBSD's xsrc.

As a reminder:

*IMPORTANT* This release works with fontsproto 2.1.3 or later and is for use
with xorg-server 1.16 and later.  It will *not* work with older versions of
fontsproto or xorg-server (prior to

libXfont provides the core of the legacy X11 font system, handling the
index files (fonts.dir, fonts.alias, fonts.scale), the various font file
formats, and rasterizing them.   It is used by the X servers, the
X Font Server (xfs), and some font utilities (bdftopcf for instance),
but should not be used by normal X11 clients.  X11 clients access fonts
via either the new API's in libXft, or the legacy API's in libX11.

This release includes all the security & bug fixes from libXfont 1.4.8,
plus these additional significant changes:
  - Support for SNF font format (deprecated since X11R5 in 1991) is now
    disabled by default at build time.  For now, adding --enable-snfformat
    to configure flags may re-enable it, but support may be fully removed
    in future libXfont releases.
  - Many compiler warnings cleaned up, including some which required API
    changes around type declarations (const char *, Pointer, etc.).
  - README file expanded to explain all the different formats/options.
   2014-05-16 10:36:21 by Thomas Klausner | Files touched by this commit (5) | Package updated
Log message:
Update to 1.4.8.

This release is overflowing with security fixes and code cleanups,
including the fixes for CVE-2014-0209, CVE-2014-0210, & CVE-2014-0211
for the security advisory published earlier this week:
    http://lists.x.org/archives/xorg-announ … 02431.html

This release works with fontsproto 2.1.2 or earlier and is for use with
the existing stable releases of xorg-server - 1.15 & earlier.

libXfont 1.5 will be released later this year to support fontsproto 2.1.3
and xorg-server 1.16.  It will also change the compile time defaults to stop
building SNF font format support by default, taking the next step in the
deprecation of this file format that was used prior to X11R5, and has been
on the way out since 1991.   In the unlikely event that you still need to
support old SNF format fonts, get in the habit of adding --enable-snfformat
to your configure flags when building.
   2014-05-16 01:48:05 by Joerg Sonnenberger | Files touched by this commit (4)
Log message:
Fix CVE-2014-0209, CVE-2014-0210 and CVE-2014-0211, validation errors
triggerable via XFS or local font directories under user control.
Bump revision.
   2014-04-15 18:47:26 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
Fix compatibility with fontsproto-2.1.3 and depend on it.
   2014-03-10 12:05:54 by Jonathan Perkin | Files touched by this commit (57)
Log message:
Search for pkgconfig files in lib${LIBABISUFFIX} and share directories
as appropriate.  This is required for X11_TYPE=native on Red Hat Linux.
   2014-01-07 21:09:18 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
Update to 1.4.7 (pkgsrc already had the security fix):

This release includes the fix for CVE-2013-6462, as well as other security
hardening and code cleanups, and makes libXfont compatible with libXtrans 1.3
on Solaris.

Alan Coopersmith (7):
      xstrdup -> strdup
      Replace malloc(strlen)+strcpy/strcat calls with strdup
      Don't leak old allocation if realloc fails to enlarge it
      Add AC_USE_SYSTEM_EXTENSIONS to expose non-standard extensions
      CVE-2013-6462: unlimited sscanf overflows stack buffer in bdfReadCharacters()
      Limit additional sscanf strings to fit buffer sizes
      libXfont 1.4.7

Julien Cristau (1):
      Make serverGeneration unsigned
   2014-01-07 08:39:49 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
A BDF font file containing a longer than expected string could
overflow the buffer on the stack.  Testing in X servers built with
Stack Protector resulted in an immediate crash when reading a
user-provided specially crafted font.