[ANNOUNCE] libXfont 1.4.99.901

Alan Coopersmith alan.coopersmith at oracle.com
Mon Jul 7 15:12:48 PDT 2014 

This is a release candidate of libXfont 1.5.0 - please test and report any
issues found, so we can have a final/stable release soon to go with the
xorg-server 1.16 release.

*IMPORTANT* This release works with fontsproto 2.1.3 or later and is for use
with the upcoming release of xorg-server 1.16 and later.  It will *not* work
with older versions of fontsproto or xorg-server (prior to 1.15.99.901).

libXfont provides the core of the legacy X11 font system, handling the
index files (fonts.dir, fonts.alias, fonts.scale), the various font file
formats, and rasterizing them.   It is used by the X servers, the
X Font Server (xfs), and some font utilities (bdftopcf for instance),
but should not be used by normal X11 clients.  X11 clients access fonts
via either the new API's in libXft, or the legacy API's in libX11.

This release includes all the security & bug fixes from libXfont 1.4.8,
plus these additional significant changes:
  - Support for SNF font format (deprecated since X11R5 in 1991) is now
    disabled by default at build time.  For now, adding --enable-snfformat
    to configure flags may re-enable it, but support may be fully removed
    in future libXfont releases.
  - Many compiler warnings cleaned up, including some which required API
    changes around type declarations (const char *, Pointer, etc.).
  - README file expanded to explain all the different formats/options.

Alan Coopersmith (31):
      Fix unused variable 'dir' warnings
      Remove redundant declaration of FontFileStartListFonts()
      Initialize (unused) data field in fsListCataloguesReq before sending it.
      Remove redundant setting of 'len' in SPropRecValList_add_by_font_cap
      Correct comment in configure.ac about scalable font support
      Add notes to README about various font formats & configure options
      Add note to README declaring snf fonts to be deprecated
      Check if pointer returned by BufFileCreate is NULL before writing to it
      Require fontsproto 2.1.3 for matching function prototypes
      Bump version to 1.4.99.0 for master branch (to become 1.5)
      Allow enabling src/fc DEBUG helpers via CPPFLAGS
      Clean up warnings when src/fc is built with -DDEBUG
      fs_send_open_font needs to allow namelen of 0 when FontReopen is set
      CVE-2014-0209: integer overflow of realloc() size in FontFileAddEntry()
      CVE-2014-0209: integer overflow of realloc() size in lexAlias()
      CVE-2014-0210: unvalidated length in _fs_recv_conn_setup()
      CVE-2014-0210: unvalidated lengths when reading replies from font server
      CVE-2014-0211: Integer overflow in fs_get_reply/_fs_start_read
      CVE-2014-0210: unvalidated length fields in fs_read_query_info()
      CVE-2014-0211: integer overflow in fs_read_extent_info()
      CVE-2014-0211: integer overflow in fs_alloc_glyphs()
      CVE-2014-0210: unvalidated length fields in fs_read_extent_info()
      CVE-2014-0210: unvalidated length fields in fs_read_glyphs()
      CVE-2014-0210: unvalidated length fields in fs_read_list()
      CVE-2014-0210: unvalidated length fields in fs_read_list_info()
      Use AS_HELP_STRING to provide help for AC_ARG_ENABLE & AC_ARG_WITH options
      Change default to disabling SNF support
      Drop imake/monolithic compatibility #define mapping
      Don't compile bitmap source files for disabled formats
      Don't build unused code in bitmapfunc.c if all bitmap formats are disabled
      libXfont 1.4.99.901

Keith Packard (2):
      Warning fixes.
      Use default glyphs when getting 16-bit font with 8-bit text

Peter Harris (1):
      Fix buffer read overrun

Yaakov Selkowitz (1):
      Make shared library work on Cygwin/MinGW

git tag: libXfont-1.4.99.901

http://xorg.freedesktop.org/archive/individual/lib/libXfont-1.4.99.901.tar.bz2
MD5:  6f9315e691490e3e282078bd79710c14
SHA1: d54a5cea78eff243617448d1924fef7ad8374b06
SHA256: 483645ae5a7c1728026ef9eb32f61cc9017bc6f9e09edb9694d487891ab44e4e
PGP:  http://xorg.freedesktop.org/archive/individual/lib/libXfont-1.4.99.901.tar.bz2.sig

http://xorg.freedesktop.org/archive/individual/lib/libXfont-1.4.99.901.tar.gz
MD5:  0590c49cbaec70c23f095060306f06d6
SHA1: e06409816bc9ac6447337353791a863635c36d24
SHA256: e7813b4faa14d1e94d22f844e09ed819f5b78e54b684a5c6d2511dc300fcf9c7
PGP:  http://xorg.freedesktop.org/archive/individual/lib/libXfont-1.4.99.901.tar.gz.sig

-- 
	-Alan Coopersmith-              alan.coopersmith at oracle.com
	 Oracle Solaris Engineering - http://blogs.oracle.com/alanc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.x.org/archives/xorg-announce/attachments/20140707/c91fa1e9/attachment.sig>

More information about the xorg-announce mailing list