This release is overflowing with security fixes and code cleanups,
including the fixes for CVE-2014-0209, CVE-2014-0210, & CVE-2014-0211
for the security advisory published earlier this week:
http://lists.x.org/archives/xorg-announce/2014-May/002431.html
This release works with fontsproto 2.1.2 or earlier and is for use with
the existing stable releases of xorg-server - 1.15 & earlier.
libXfont 1.5 will be released later this year to support fontsproto 2.1.3
and xorg-server 1.16. It will also change the compile time defaults to stop
building SNF font format support by default, taking the next step in the
deprecation of this file format that was used prior to X11R5, and has been
on the way out since 1991. In the unlikely event that you still need to
support old SNF format fonts, get in the habit of adding --enable-snfformat
to your configure flags when building.
This release includes the fix for CVE-2013-6462, as well as other security
hardening and code cleanups, and makes libXfont compatible with libXtrans 1.3
on Solaris.
Alan Coopersmith (7):
xstrdup -> strdup
Replace malloc(strlen)+strcpy/strcat calls with strdup
Don't leak old allocation if realloc fails to enlarge it
Add AC_USE_SYSTEM_EXTENSIONS to expose non-standard extensions
CVE-2013-6462: unlimited sscanf overflows stack buffer in bdfReadCharacters()
Limit additional sscanf strings to fit buffer sizes
libXfont 1.4.7
Julien Cristau (1):
Make serverGeneration unsigned
A BDF font file containing a longer than expected string could
overflow the buffer on the stack. Testing in X servers built with
Stack Protector resulted in an immediate crash when reading a
user-provided specially crafted font.
Bump PKGREVISION.
This minor bug fix release includes a couple bug fixes, and a little bit
of cleanup of both the code & build configuration.
Adam Jackson (2):
catalogue: Fix obvious thinko
configure: Remove AM_MAINTAINER_MODE
Alan Coopersmith (3):
Replace deprecated Automake INCLUDES variable with AM_CPPFLAGS
Require ANSI C89 pre-processor, drop pre-C89 token pasting support
libXfont 1.4.6
Arvind Umrao (1):
If socket is interrupted with signal EINTR, re-attempt read.
Colin Walters (1):
autogen.sh: Implement GNOME Build API
Thomas Klausner (1):
Protect config.h inclusion with ifdef HAVE_CONFIG_H, like usual.
Yaakov Selkowitz (1):
Omit catalogue support on systems without symlinks
to address issues with NetBSD-6(and earlier)'s fontconfig not being
new enough for pango.
While doing that, also bump freetype2 dependency to current pkgsrc
version.
Suggested by tron in PR 47882
Changes.
commit a7970f5c817b5c75d945389cfaf1384ff23437f3
Author: Matthieu Herrb <matthieu.herrb@laas.fr>
Date: Mon Aug 8 18:08:05 2011 +0200
libXfont 1.4.4
Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
commit d11ee5886e9d9ec610051a206b135a4cdc1e09a0
Author: Thomas Hoger <thoger@redhat.com>
Date: Mon Aug 8 18:03:09 2011 +0200
LZW decompress: fix for CVE-2011-2895
Specially crafted LZW stream can crash an application using libXfont
that is used to open untrusted font files. With X server, this may
allow privilege escalation when exploited
Reviewed-by: Matthieu Herrb <matthieu.herrb@laas.fr>
Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
commit 214ca6a7a2247544627e6dc7c8705811305ad007
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Mon May 16 18:28:13 2011 -0700
Fix memory leak in allocation failure path of BitmapOpenScalable()
Go ahead and fill in the font->info pointers so that
bitmapUnloadScalable()
will free the bits that were allocated, even if some were not.
Error: Memory leak (CWE 401)
Memory leak of pointer <unknown> allocated with
ComputeScaledProperties(...)
at line 1629 of
/export/alanc/X.Org/git/lib/libXfont/src/bitmap/bitscale.c in function
'BitmapOpenScalable'.
pointer allocated at line 1616 with
ComputeScaledProperties(...).
<unknown> leaks when props != 0 at line 1623.
[ This bug was found by the Parfait 0.3.7 bug checking tool.
For more information see http://labs.oracle.com/projects/parfait/ ]
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
commit 7f8345aa6fb60a7fd7adf0095a2354fad1d8d5ef
Author: Gaetan Nadon <memsize@videotron.ca>
Date: Wed Mar 2 14:33:07 2011 -0500
doc: use common makefile for developers documentation
The user/specs docs now have external references support.
Developers doc are not installed so they do not participate.
However, using a similar makefile shared amongst developers
document reduces maintenance and is forward looking.
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
commit 77027deabca37183cfbbed107cf14ca80f29f26d
Author: Gaetan Nadon <memsize@videotron.ca>
Date: Wed Feb 2 11:43:42 2011 -0500
config: comment, minor upgrade, quote and layout configure.ac
Group statements per section as per Autoconf standard layout
Quote statements where appropriate.
Autoconf recommends not using dnl instead of # for comments
Use AC_CONFIG_FILES to replace the deprecated AC_OUTPUT with parameters.
Add AC_CONFIG_SRCDIR([Makefile.am])
This helps automated maintenance and release activities.
Details can be found in http://wiki.x.org/wiki/NewModuleGuidelines
commit 9ea1790d61bd135714c40e5089ecb1effa1dbcc0
Author: Gaetan Nadon <memsize@videotron.ca>
Date: Thu Jan 27 18:50:15 2011 -0500
config: remove AC_PROG_CC as it overrides AC_PROG_C_C99
XORG_STRICT_OPTION from XORG_DEFAULT_OPTIONS calls
AC_PROG_C_C99. This sets gcc with -std=gnu99.
If AC_PROG_CC macro is called afterwards, it resets CC to gcc.
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
commit 4e0c6c45d819befdd9315d6282b957f7cfec3ae2
Author: Paulo Zanoni <pzanoni@mandriva.com>
Date: Thu Dec 16 14:09:12 2010 -0200
Use docbookx.dtd version 4.3 for all docs
Signed-off-by: Paulo Zanoni <pzanoni@mandriva.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
commit 01c30845853f5a8114467185d76274ae9bbff091
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sun Nov 21 11:35:20 2010 -0800
Sun's copyrights belong to Oracle now
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
commit 72ade58381a49514f2b29065ba33a464b7efc3d0
Author: Gaetan Nadon <memsize@videotron.ca>
Date: Tue Nov 9 13:04:51 2010 -0500
config: HTML file generation: use the installed copy of xorg.css
Currenlty the xorg.css file is copied in each location
where a DocBook/XML file resides. This produces about
70 copies in the $(docdir) install tree.
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
commit 12157fbebc35c2d039df2df4fc5ac2b299eeec03
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Thu Oct 28 20:43:27 2010 -0700
libXfont 1.4.3
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
commit f29f1d68d7eca96e45ba3758686be07993d82e03
Author: Jesse Adkins <jesserayadkins@gmail.com>
Date: Tue Sep 28 13:30:02 2010 -0700
Purge cvs tags.
Signed-off-by: Jesse Adkins <jesserayadkins@gmail.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
commit 6628b4d82426cf9ac240da363cd8a8252e6f71ef
Author: Jeremy Huddleston <jeremyhu@apple.com>
Date: Mon Sep 27 12:31:50 2010 -0700
FreeType: Cleanup MUMBLE and fix printing of XLFD in debug spew.
Signed-off-by: Jeremy Huddleston <jeremyhu@apple.com>
commit c482a2c104aa5cd1a265c2ca310a308dcc418fe7
Author: Yaakov Selkowitz <yselkowitz@users.sourceforge.net>
Date: Wed Apr 14 05:58:28 2010 -0500
Revert "Bug #6247: Fix build on Cygwin"
libtool requires the '-no-undefined' flag in order to create shared
libraries on PE/COFF platforms (Cygwin/MinGW); on other platforms this
flag has no effect.
The problem with libXfont is that PE weak symbols do not behave exactly
as they do on ELF platforms. Since PE binaries (both executables and
libraries) must have all symbols resolved at link time, there is no way
for the real symbols in xserver to "displace" those in libXfont at
runtime, so the result is that libXfont uses its stubs, which do
nothing, and xserver ends up unable to find its fonts.
Solving this will require either significant changes to libXfont or some
major improvement to the toolchain to handle this case. Until that
happens, removing '-no-undefined' will result in a static-only library
on these platforms, which is the only currently working solution.
http://sourceware.org/bugzilla/show_bug.cgi?id=11306http://cygwin.com/ml/cygwin/2010-04/msg00281.html
This reverts commit 69c4ae1e3e14a58bc2eb9b9b8820dc7183b82a67.
Conflicts:
ChangeLog
Signed-off-by: Yaakov Selkowitz <yselkowitz@users.sourceforge.net>
commit 455ec66e82e3c4bedd9e789d2ab33030b8e64ffa
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sun Aug 8 00:19:36 2010 -0700
Fix builds with Sun compilers
Sun compilers use #pragma weak in the *.c files to declare weak symbols,
so should have weak defined to empty, but not define NO_WEAK_SYMBOLS
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
commit 0386fa77367a305deea3cc27f8a3865cc3c467c0
Author: Jeremy Huddleston <jeremyhu@apple.com>
Date: Sat Jul 10 10:08:21 2010 -0700
darwin: Fix build regression introduced by previous patch
Signed-off-by: Jeremy Huddleston <jeremyhu@apple.com>
commit 8f75706901da0141590d46f0f898e5678feac953
Author: Jon TURNEY <jon.turney@dronecode.org.uk>
Date: Mon Jun 28 17:56:07 2010 +0100
Build fix for platforms which don't have weak linkage
Since we fix this by removing the serverGeneration symbol, assuming
an external definition will be provided, this means on Windows libXfont
can only be built as a static library (since PE shared libraries cannot
contain undefined symbols). This produces a libXfont which might only
be useful to the xserver, but the only other users we might care about
are xfs, which is obsolete, and bdftopcf, which fortunately doesn't
pull in any objects which reference serverGeneration from libXfont.
Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Reviewed-by: Colin Harrison <colin.harrison@virgin.net>
commit 5c49c956e9c85d89f6b2e719eb9b6fbde62c2f72
Author: Gaetan Nadon <memsize@videotron.ca>
Date: Mon Jun 28 13:18:22 2010 -0400
doc: use xorg-docs xorg.css stylesheet
Use latest DocBook XML util-macros infrastructure
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
Lots of cleanup and misc bugfixes since 1.3.4. Still one of the worst
libraries we ship though.
If you're unfortunate enough to need speedo, type1, or printer fonts,
then you'll want to skip this release.
---
Adam Jackson (15):
Delete speedo
Delete Type1
const cleanup
Get rid of a useless array
Remove useless #define
Remove loadable renderer support.
Remove printer font support.
Remove PMF support.
xalloc -> malloc, etc.
Drop OS/2 support
Move the copy of CopyISOLatin1Lowered near its user, and un-weak it.
Delete some dead ifdefs
Allow case insensitive filename matching in fontfile.
Remove some strcasecmp silliness
libXfont 1.4.0
Alan Coopersmith (1):
Restore comment deleted by b6f793d7d5
Jeremy Huddleston (1):
Added missing AM_CFLAGS for -Wl,-flat_namespace
Paulo Cesar Pereira de Andrade (3):
libXfont ansification and removal of xf86_ansic.h dependency
Disable some fun stdio wrapping.
Janitor: make distcheck and .gitignore
Peter Astrand (1):
Avoid sending uninitialized padding data over the network.
This changes the buildlink3.mk files to use an include guard for the
recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS,
BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new
variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of
enter/exit marker, which can be used to reconstruct the tree and
to determine first level includes. Avoiding := for large variables
(BUILDLINK_ORDER) speeds up parse time as += has linear complexity.
The include guard reduces system time by avoiding reading files over and
over again. For complex packages this reduces both %user and %sys time to
half of the former time.
Adam Jackson (2):
Nuke fontcache.
Retry font server connections faster.
Alan Coopersmith (8):
Add support for bzip2 bitmap font compression
Pad CreateAC packets with 0 auths to workaround xfs bug
Always scan catalogue dirs at startup, even if their mtime < 0
Use XORG_CWARNFLAGS & XORG_CHANGELOG macros from xorg-macros 1.2
Update COPYING file with additional copyrights/licenses
Add simple README with pointers to bugzilla/git/mailing list
miscutil.c:108: warning: old-style parameter declaration
Version bump: 1.3.4
Benjamin Close (1):
Make sure font names/font alias names are null terminated
Derek Wang (1):
Sun bug 4510977: dtremote fails to start session
Julien Cristau (1):
Don't clobber CFLAGS in configure
Peter Breitenlohner (1):
X.Org Bug 17945: avoid gcc warnings for libXfont
X.Org found in NetBSD-current.
Thanks a lot to all who helped, especially Matthias Scheler who did
repeated tests on Mac OS X and older versions of NetBSD to make sure the
support for those platforms wouldn't be broken (or at least, not fatally,
as I would still expect a few hiccups here and there, because there is
only so much one can test in such limited time).
On the infrastructure side, this branch brings pkgconfig-builtin.mk, in
order to write very easily new builtin.mk files. It can actually handle
more than just pkgconfig files, but it will provide a version if it finds
such a file. x11.builtin.mk has also been made more useful and now all
existing (and future!) native-X11-related builtin.mk files should include
it.
commit 11edbc3a818e15ea2b622b31e6f87159ee68ae4a
Do not call FT_Get_BDF_Charset_ID() if configured with
--disable-bdfformat
commit 1ab07ce0eec4f6c7ed66c7aba3edf8c4315dd907
FontFileDirectoryChanged: check length of "fonts.alias" as well
as "fonts.dir"
commit 0f9db4aa7de6e0644ac9c5811b949e5f936c9d61
Don't allow a font alias to point to itself and create a loop
Part of fix for Sun bug 4258475
<http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=4258475>
commit 754cabe62e91b9ad50c3027c063f4269775f7add
Add missing include in src/FreeType/ftfuncs.c
Fixes compiler warning:
../../../src/FreeType/ftfuncs.c:
In function 'restrict_code_range_by_str':
../../../src/FreeType/ftfuncs.c:2081: warning:
implicit declaration of function 'isspace'
Adam Jackson (1):
libXfont 1.3.2
Jens Granseuer (1):
fix build with gcc 2.95.
Matthieu Herrb (3):
catalogue.c: prevent a one character overflow
ftsystem.c is not needed anymore.
Fix for CVE-2008-0006 - PCF Font parser buffer overflow.
Tilman Sauerbeck (1):
Replaced one instance of bcopy() with memcpy().
(or actually the bundled t1lib) provides it's "own" implementation of
stdio.h as t1stdio.h. For this reason they take care not to include stdio.h
to avoid conflicts. But they do include stdlib.h which on HP-UX
recursively includes stdio.h. Fix by not including stdlib.h on HP-UX.
- Introduce catalogue FPE, which contains symlinks to font directories.
Options like unscaled can be attached to it. Fix a bug in this code.
- Remove lots of dead code and cleanup some warnings.
Note: the second point does change the ABI, but as the code seems to have
been unused, I'm not forcing a major bump that upstream didn't do.
of validation of bdf font files
(CVE 2007-1351)
fix a possible memory corruption due to integer overflow, caused by lack
of validation of fonts.dir files
(CVE 2007-1352)
bump PKGREVISION
