[ANNOUNCE] libXfont 1.4.99.901
Alan Coopersmith
alan.coopersmith at oracle.com
Mon Jul 7 15:12:48 PDT 2014
This is a release candidate of libXfont 1.5.0 - please test and report any
issues found, so we can have a final/stable release soon to go with the
xorg-server 1.16 release.
*IMPORTANT* This release works with fontsproto 2.1.3 or later and is for use
with the upcoming release of xorg-server 1.16 and later. It will *not* work
with older versions of fontsproto or xorg-server (prior to 1.15.99.901).
libXfont provides the core of the legacy X11 font system, handling the
index files (fonts.dir, fonts.alias, fonts.scale), the various font file
formats, and rasterizing them. It is used by the X servers, the
X Font Server (xfs), and some font utilities (bdftopcf for instance),
but should not be used by normal X11 clients. X11 clients access fonts
via either the new API's in libXft, or the legacy API's in libX11.
This release includes all the security & bug fixes from libXfont 1.4.8,
plus these additional significant changes:
- Support for SNF font format (deprecated since X11R5 in 1991) is now
disabled by default at build time. For now, adding --enable-snfformat
to configure flags may re-enable it, but support may be fully removed
in future libXfont releases.
- Many compiler warnings cleaned up, including some which required API
changes around type declarations (const char *, Pointer, etc.).
- README file expanded to explain all the different formats/options.
Alan Coopersmith (31):
Fix unused variable 'dir' warnings
Remove redundant declaration of FontFileStartListFonts()
Initialize (unused) data field in fsListCataloguesReq before sending it.
Remove redundant setting of 'len' in SPropRecValList_add_by_font_cap
Correct comment in configure.ac about scalable font support
Add notes to README about various font formats & configure options
Add note to README declaring snf fonts to be deprecated
Check if pointer returned by BufFileCreate is NULL before writing to it
Require fontsproto 2.1.3 for matching function prototypes
Bump version to 1.4.99.0 for master branch (to become 1.5)
Allow enabling src/fc DEBUG helpers via CPPFLAGS
Clean up warnings when src/fc is built with -DDEBUG
fs_send_open_font needs to allow namelen of 0 when FontReopen is set
CVE-2014-0209: integer overflow of realloc() size in FontFileAddEntry()
CVE-2014-0209: integer overflow of realloc() size in lexAlias()
CVE-2014-0210: unvalidated length in _fs_recv_conn_setup()
CVE-2014-0210: unvalidated lengths when reading replies from font server
CVE-2014-0211: Integer overflow in fs_get_reply/_fs_start_read
CVE-2014-0210: unvalidated length fields in fs_read_query_info()
CVE-2014-0211: integer overflow in fs_read_extent_info()
CVE-2014-0211: integer overflow in fs_alloc_glyphs()
CVE-2014-0210: unvalidated length fields in fs_read_extent_info()
CVE-2014-0210: unvalidated length fields in fs_read_glyphs()
CVE-2014-0210: unvalidated length fields in fs_read_list()
CVE-2014-0210: unvalidated length fields in fs_read_list_info()
Use AS_HELP_STRING to provide help for AC_ARG_ENABLE & AC_ARG_WITH options
Change default to disabling SNF support
Drop imake/monolithic compatibility #define mapping
Don't compile bitmap source files for disabled formats
Don't build unused code in bitmapfunc.c if all bitmap formats are disabled
libXfont 1.4.99.901
Keith Packard (2):
Warning fixes.
Use default glyphs when getting 16-bit font with 8-bit text
Peter Harris (1):
Fix buffer read overrun
Yaakov Selkowitz (1):
Make shared library work on Cygwin/MinGW
git tag: libXfont-1.4.99.901
http://xorg.freedesktop.org/archive/individual/lib/libXfont-1.4.99.901.tar.bz2
MD5: 6f9315e691490e3e282078bd79710c14
SHA1: d54a5cea78eff243617448d1924fef7ad8374b06
SHA256: 483645ae5a7c1728026ef9eb32f61cc9017bc6f9e09edb9694d487891ab44e4e
PGP: http://xorg.freedesktop.org/archive/individual/lib/libXfont-1.4.99.901.tar.bz2.sig
http://xorg.freedesktop.org/archive/individual/lib/libXfont-1.4.99.901.tar.gz
MD5: 0590c49cbaec70c23f095060306f06d6
SHA1: e06409816bc9ac6447337353791a863635c36d24
SHA256: e7813b4faa14d1e94d22f844e09ed819f5b78e54b684a5c6d2511dc300fcf9c7
PGP: http://xorg.freedesktop.org/archive/individual/lib/libXfont-1.4.99.901.tar.gz.sig
--
-Alan Coopersmith- alan.coopersmith at oracle.com
Oracle Solaris Engineering - http://blogs.oracle.com/alanc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.x.org/archives/xorg-announce/attachments/20140707/c91fa1e9/attachment.sig>
More information about the xorg-announce
mailing list