IABSD.fr/xenocara/lib/libXfont

Branch :


Log

Author Commit Date CI Message
e4c13334 2014-09-27 17:43:02 Missed file in libXfont 1.5.0 update
e4967fc3 2014-09-27 17:42:14 Update to libXfont 1.5.0 Tested together with xserver 1.16.1 by naddy@, jsg@ & kettenis@
4bd03950 2014-05-18 12:13:54 Update to libXfont 1.4.8
05ed5123 2014-05-13 19:09:22 Security fixes from X.Org Advisory: X Font Service Protocol & Font metadata file handling issues in libXfont May 13, 2014 - CVE-2014-0209: integer overflow of allocations in font metadata file parsing When a local user who is already authenticated to the X server adds a new directory to the font path, the X server calls libXfont to open the fonts.dir and fonts.alias files in that directory and add entries to the font tables for every line in it. A large file (~2-4 gb) could cause the allocations to overflow, and allow the remaining data read from the file to overwrite other memory in the heap. Affected functions: FontFileAddEntry(), lexAlias() - CVE-2014-0210: unvalidated length fields when parsing xfs protocol replies When parsing replies received from the font server, these calls do not check that the lengths and/or indexes returned by the font server are within the size of the reply or the bounds of the memory allocated to store the data, so could write past the bounds of allocated memory when storing the returned data. Affected functions: _fs_recv_conn_setup(), fs_read_open_font(), fs_read_query_info(), fs_read_extent_info(), fs_read_glyphs(), fs_read_list(), fs_read_list_info() - CVE-2014-0211: integer overflows calculating memory needs for xfs replies These calls do not check that their calculations for how much memory is needed to handle the returned data have not overflowed, so can result in allocating too little memory and then writing the returned data past the end of the allocated buffer. Affected functions: fs_get_reply(), fs_alloc_glyphs(), fs_read_extent_info() Reported by Ilja van Sprundel of IOActive Fixes by Alan Coopersmith of Oracle
4d9b427b 2014-01-07 20:42:20 Update to libXfont 1.4.7. Include fix for CVE-2013-6462. unlimited sscanf overflows stack buffer in bdfReadCharacters
abfe418b 2013-08-18 10:58:04 A local change that can go now that vax is gcc 3 and ELF
38bd1cf7 2013-08-18 10:43:33 Reduce diff with upstreams. (white space)
16bd5f45 2013-08-18 10:36:20 Update to libXfont 1.4.6.
b5bb1299 2013-08-13 07:07:07 Bump the major on every single base library. There are a couple not bumped by this that will be corrected soon. heavy lifting by todd@
f4725535 2012-03-04 18:13:46 Update to libXfont 1.4.5
9993018e 2011-09-10 09:31:51 Update to libXfont 1.4.4
3e2ff7b4 2011-08-11 15:29:02 fix from matthieu@ as applied upstream for CVE-2011-2895 ok deraadt@
47b6998e 2011-01-20 21:43:47 Enable weak symbols under OpenBSD on non-ELF platforms, too. ok matthieu@ todd@
654eabe5 2010-11-02 07:51:54 Fix weak symbols declarations for gcc 2.95
31eafa74 2010-10-31 15:09:45 Update to libXfont 1.4.3. No functional change.
f42887fa 2010-09-04 10:37:30 Update to libXfont 1.4.2
9b4b09eb 2010-01-17 20:49:46 regen
2dda0f80 2010-01-17 20:48:49 Use the new XORG_WITH_XMLTO macro in configure scripts and explicitely disable it during Xenocara builds. Problem reported by kili@ who also tested this patch with an earlier version of the macro.
ac420781 2009-10-31 21:03:28 missed files during libXfont 1.4.1 update.
c1572e04 2009-10-31 17:57:11 Update to libXfont 1.4.1
4d2e193a 2009-06-04 00:40:05 Use XENOCARA_HAVE_SHARED_LIBS and remove duplicate lines.
b6e6f0b4 2008-05-24 13:29:07 merge libXfont 1.3.2. bump major since some symbols were removed.
7830df18 2008-03-15 18:08:24 Regen with autoconf 2.59-p2, with AM_SANITY check zapped.
4ca84ce6 2008-01-17 15:44:49 Fix from X.Org for CVE-2008-0006 - PCF Font parser buffer overflow.
4ff8d6b7 2007-12-14 07:31:35 Fix build with gcc 2.95.
ab927dd4 2007-11-24 14:38:25 merge libXfont 1.3.1
9a72b788 2007-11-24 14:31:47 libXfont 1.3.1
a39960eb 2007-09-08 16:24:20 Merge libXfont 1.3.0. Tested by naddy@ and mbalmer@.
82525649 2007-09-08 16:13:41 import libXfont 1.3.0
8370179c 2007-07-29 10:50:16 regen
bd686707 2007-05-08 09:00:45 Disable loadable font modules on static only architectures.
930101c6 2007-04-14 20:44:09 regen with libtool 1.5.22p10 and metaauto 0.7
1330b0c2 2007-04-08 21:28:03 libXfont requires -lz and -lm
a1219525 2007-04-08 18:16:10 No loadable font modules on static only architectures.
1cc1a05d 2007-04-08 18:14:31 merge libXfont 1.2.8
7b635a2b 2007-04-08 17:56:34 import libXfont 1.2.8
517a55a2 2007-04-04 02:51:57 bdf CVE-2007-1351 BDFFont Parsing Integer Overflow Vulnerability The discoverer of this vulnerability wishes to remain anonymous. from matthieu@
dd8e595e 2007-04-04 02:51:26 fontdir CVE-2007-1352 fonts.dir File Parsing Integer Overflow Vulnerability The discoverer of this vulnerability wishes to remain anonymous. from matthieu@
77cb7f25 2007-03-25 13:22:40 Revert local debug stuff that wasn't meant to be committed.
00a847b3 2007-03-25 13:02:54 regen with libtool 1.5.22p9
6637a9a3 2007-03-18 22:29:12 regen with automake 1.9.6p2
45c07b00 2007-03-03 10:17:40 regen
05165424 2007-03-03 10:09:47 Import libXfont version 1.2.7
500e16d1 2006-12-16 21:50:27 - merge libXfont 1.2.6 - regen generated files
8ae8ea3a 2006-12-16 21:44:25 libXfont 1.2.6
bdebc31c 2006-12-16 18:30:24 bump major
e58af992 2006-12-16 18:29:46 merge libXfont 1.2.5 and regenerate
c8bfa928 2006-12-16 18:23:10 libXfont 1.2.5 from X.Org 7.2RC3
297e2a29 2006-12-02 17:58:21 These libraries need a version bump.
cd9eb532 2006-11-28 19:02:33 regen
b6a46a2b 2006-11-28 11:48:11 Try to prevent endless regeneration of Makefile.in caused to RCS Id expansion.
882dc845 2006-11-27 12:40:38 regenerate with OpenBSD autotools
e5ca1d52 2006-11-26 13:42:42 regen with OpenBSD autotools
ab5c078d 2006-11-26 12:07:34 Build infrastructure for lib
606ceaa6 2006-11-25 16:46:32 import from X.Org 7.2RC1