Branch :
| Author | Commit | Date | CI | Message |
|---|---|---|---|---|
| e4c13334 | 2014-09-27 17:43:02 | Missed file in libXfont 1.5.0 update | ||
| e4967fc3 | 2014-09-27 17:42:14 | Update to libXfont 1.5.0 Tested together with xserver 1.16.1 by naddy@, jsg@ & kettenis@ | ||
| 4bd03950 | 2014-05-18 12:13:54 | Update to libXfont 1.4.8 | ||
| 05ed5123 | 2014-05-13 19:09:22 | Security fixes from X.Org Advisory: X Font Service Protocol & Font metadata file handling issues in libXfont May 13, 2014 - CVE-2014-0209: integer overflow of allocations in font metadata file parsing When a local user who is already authenticated to the X server adds a new directory to the font path, the X server calls libXfont to open the fonts.dir and fonts.alias files in that directory and add entries to the font tables for every line in it. A large file (~2-4 gb) could cause the allocations to overflow, and allow the remaining data read from the file to overwrite other memory in the heap. Affected functions: FontFileAddEntry(), lexAlias() - CVE-2014-0210: unvalidated length fields when parsing xfs protocol replies When parsing replies received from the font server, these calls do not check that the lengths and/or indexes returned by the font server are within the size of the reply or the bounds of the memory allocated to store the data, so could write past the bounds of allocated memory when storing the returned data. Affected functions: _fs_recv_conn_setup(), fs_read_open_font(), fs_read_query_info(), fs_read_extent_info(), fs_read_glyphs(), fs_read_list(), fs_read_list_info() - CVE-2014-0211: integer overflows calculating memory needs for xfs replies These calls do not check that their calculations for how much memory is needed to handle the returned data have not overflowed, so can result in allocating too little memory and then writing the returned data past the end of the allocated buffer. Affected functions: fs_get_reply(), fs_alloc_glyphs(), fs_read_extent_info() Reported by Ilja van Sprundel of IOActive Fixes by Alan Coopersmith of Oracle | ||
| 4d9b427b | 2014-01-07 20:42:20 | Update to libXfont 1.4.7. Include fix for CVE-2013-6462. unlimited sscanf overflows stack buffer in bdfReadCharacters | ||
| abfe418b | 2013-08-18 10:58:04 | A local change that can go now that vax is gcc 3 and ELF | ||
| 38bd1cf7 | 2013-08-18 10:43:33 | Reduce diff with upstreams. (white space) | ||
| 16bd5f45 | 2013-08-18 10:36:20 | Update to libXfont 1.4.6. | ||
| b5bb1299 | 2013-08-13 07:07:07 | Bump the major on every single base library. There are a couple not bumped by this that will be corrected soon. heavy lifting by todd@ | ||
| f4725535 | 2012-03-04 18:13:46 | Update to libXfont 1.4.5 | ||
| 9993018e | 2011-09-10 09:31:51 | Update to libXfont 1.4.4 | ||
| 3e2ff7b4 | 2011-08-11 15:29:02 | fix from matthieu@ as applied upstream for CVE-2011-2895 ok deraadt@ | ||
| 47b6998e | 2011-01-20 21:43:47 | Enable weak symbols under OpenBSD on non-ELF platforms, too. ok matthieu@ todd@ | ||
| 654eabe5 | 2010-11-02 07:51:54 | Fix weak symbols declarations for gcc 2.95 | ||
| 31eafa74 | 2010-10-31 15:09:45 | Update to libXfont 1.4.3. No functional change. | ||
| f42887fa | 2010-09-04 10:37:30 | Update to libXfont 1.4.2 | ||
| 9b4b09eb | 2010-01-17 20:49:46 | regen | ||
| 2dda0f80 | 2010-01-17 20:48:49 | Use the new XORG_WITH_XMLTO macro in configure scripts and explicitely disable it during Xenocara builds. Problem reported by kili@ who also tested this patch with an earlier version of the macro. | ||
| ac420781 | 2009-10-31 21:03:28 | missed files during libXfont 1.4.1 update. | ||
| c1572e04 | 2009-10-31 17:57:11 | Update to libXfont 1.4.1 | ||
| 4d2e193a | 2009-06-04 00:40:05 | Use XENOCARA_HAVE_SHARED_LIBS and remove duplicate lines. | ||
| b6e6f0b4 | 2008-05-24 13:29:07 | merge libXfont 1.3.2. bump major since some symbols were removed. | ||
| 7830df18 | 2008-03-15 18:08:24 | Regen with autoconf 2.59-p2, with AM_SANITY check zapped. | ||
| 4ca84ce6 | 2008-01-17 15:44:49 | Fix from X.Org for CVE-2008-0006 - PCF Font parser buffer overflow. | ||
| 4ff8d6b7 | 2007-12-14 07:31:35 | Fix build with gcc 2.95. | ||
| ab927dd4 | 2007-11-24 14:38:25 | merge libXfont 1.3.1 | ||
| 9a72b788 | 2007-11-24 14:31:47 | libXfont 1.3.1 | ||
| a39960eb | 2007-09-08 16:24:20 | Merge libXfont 1.3.0. Tested by naddy@ and mbalmer@. | ||
| 82525649 | 2007-09-08 16:13:41 | import libXfont 1.3.0 | ||
| 8370179c | 2007-07-29 10:50:16 | regen | ||
| bd686707 | 2007-05-08 09:00:45 | Disable loadable font modules on static only architectures. | ||
| 930101c6 | 2007-04-14 20:44:09 | regen with libtool 1.5.22p10 and metaauto 0.7 | ||
| 1330b0c2 | 2007-04-08 21:28:03 | libXfont requires -lz and -lm | ||
| a1219525 | 2007-04-08 18:16:10 | No loadable font modules on static only architectures. | ||
| 1cc1a05d | 2007-04-08 18:14:31 | merge libXfont 1.2.8 | ||
| 7b635a2b | 2007-04-08 17:56:34 | import libXfont 1.2.8 | ||
| 517a55a2 | 2007-04-04 02:51:57 | bdf CVE-2007-1351 BDFFont Parsing Integer Overflow Vulnerability The discoverer of this vulnerability wishes to remain anonymous. from matthieu@ | ||
| dd8e595e | 2007-04-04 02:51:26 | fontdir CVE-2007-1352 fonts.dir File Parsing Integer Overflow Vulnerability The discoverer of this vulnerability wishes to remain anonymous. from matthieu@ | ||
| 77cb7f25 | 2007-03-25 13:22:40 | Revert local debug stuff that wasn't meant to be committed. | ||
| 00a847b3 | 2007-03-25 13:02:54 | regen with libtool 1.5.22p9 | ||
| 6637a9a3 | 2007-03-18 22:29:12 | regen with automake 1.9.6p2 | ||
| 45c07b00 | 2007-03-03 10:17:40 | regen | ||
| 05165424 | 2007-03-03 10:09:47 | Import libXfont version 1.2.7 | ||
| 500e16d1 | 2006-12-16 21:50:27 | - merge libXfont 1.2.6 - regen generated files | ||
| 8ae8ea3a | 2006-12-16 21:44:25 | libXfont 1.2.6 | ||
| bdebc31c | 2006-12-16 18:30:24 | bump major | ||
| e58af992 | 2006-12-16 18:29:46 | merge libXfont 1.2.5 and regenerate | ||
| c8bfa928 | 2006-12-16 18:23:10 | libXfont 1.2.5 from X.Org 7.2RC3 | ||
| 297e2a29 | 2006-12-02 17:58:21 | These libraries need a version bump. | ||
| cd9eb532 | 2006-11-28 19:02:33 | regen | ||
| b6a46a2b | 2006-11-28 11:48:11 | Try to prevent endless regeneration of Makefile.in caused to RCS Id expansion. | ||
| 882dc845 | 2006-11-27 12:40:38 | regenerate with OpenBSD autotools | ||
| e5ca1d52 | 2006-11-26 13:42:42 | regen with OpenBSD autotools | ||
| ab5c078d | 2006-11-26 12:07:34 | Build infrastructure for lib | ||
| 606ceaa6 | 2006-11-25 16:46:32 | import from X.Org 7.2RC1 |