[ANNOUNCE] libXfont 1.4.7

Alan Coopersmith alan.coopersmith at oracle.com
Tue Jan 7 08:35:46 PST 2014

libXfont provides the core of the legacy X11 font system, handling the
index files (fonts.dir, fonts.alias, fonts.scale), the various font file
formats, and rasterizing them.   It is used by the X servers, the
X Font Server (xfs), and some font utilities (bdftopcf for instance),
but should not be used by normal X11 clients.  X11 clients access fonts
via either the new API's in libXft, or the legacy API's in libX11.

This release includes the fix for CVE-2013-6462, as well as other security
hardening and code cleanups, and makes libXfont compatible with libXtrans 1.3
on Solaris.

Alan Coopersmith (7):
      xstrdup -> strdup
      Replace malloc(strlen)+strcpy/strcat calls with strdup
      Don't leak old allocation if realloc fails to enlarge it
      Add AC_USE_SYSTEM_EXTENSIONS to expose non-standard extensions
      CVE-2013-6462: unlimited sscanf overflows stack buffer in bdfReadCharacters()
      Limit additional sscanf strings to fit buffer sizes
      libXfont 1.4.7

Julien Cristau (1):
      Make serverGeneration unsigned

git tag: libXfont-1.4.7

MD5:  b21ee5739d5d2e5028b302fbf9fe630b
SHA1: 77f60d0a2190cb36c07c2217693f46d5e8942ca2
SHA256: d16ea3541835d296b19cfb05d7e64fc62173d8e7eb93284402ec761b951d1543

MD5:  f265a3753386026414dab4408b7a74be
SHA1: e81a9bb1287e09405293db65677f1b9ce5a64fcc
SHA256: 23029d9ab79190466169220c202a73e239fdf94a93a250a9d2d5756381b67ad2

	-Alan Coopersmith-              alan.coopersmith at oracle.com
	 Oracle Solaris Engineering - http://blogs.oracle.com/alanc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.x.org/archives/xorg-announce/attachments/20140107/ef17e25e/attachment.pgp>

More information about the xorg-announce mailing list