Ubuntu
libxfont package

lp:ubuntu/precise-security/libxfont

  1. Precise (12.04)
  2. precise-security
Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp:ubuntu/precise-security/libxfont
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

31. By Marc Deslauriers

* SECURITY UPDATE: arbitrary code exection via invalid property count
  - debian/patches/CVE-2015-1802.patch: check for integer overflow in
    src/bitmap/bdfread.c.
  - CVE-2015-1802
* SECURITY UPDATE: arbitrary code execution via bitmap data parse failure
  - debian/patches/CVE-2015-1803.patch: bail out if bitmap can't be read
    in src/bitmap/bdfread.c.
  - CVE-2015-1803
* SECURITY UPDATE: arbitrary code execution via invalid metrics
  - debian/patches/CVE-2015-1804.patch: ensure metrics fit in struct in
    src/bitmap/bdfread.c.
  - CVE-2015-1804

30. By Marc Deslauriers

* SECURITY UPDATE: denial of service and possible code execution via
  font metadata file parsing
  - debian/patches/CVE-2014-0209.patch: check for overflows in
    src/fontfile/dirfile.c, src/fontfile/fontdir.c.
  - CVE-2014-0209
* SECURITY UPDATE: denial of service and possible code execution via
  xfs font server replies
  - debian/patches/CVE-2014-021x.patch: check lengths and sizes in
    src/fc/fsconvert.c, src/fc/fserve.c.
  - CVE-2014-0210
  - CVE-2014-0211

29. By Marc Deslauriers

* SECURITY UPDATE: denial of service and possible code execution via
  stack overflow
  - debian/patches/CVE-2013-6462.patch: limit sscanf field in
    src/bitmap/bdfread.c.
  - CVE-2013-6462

28. By Cyril Brulebois

[ Julien Cristau ]
* Drop Pre-Depends on x11-common (only needed for upgrades from the
  monolith) and Replaces on xlibs-static-dev (hasn't existed in forever).

[ Cyril Brulebois ]
* New upstream release:
  - LZW decompress: fix for CVE-2011-2895. From the commit message:
    “Specially crafted LZW stream can crash an application using libXfont
     that is used to open untrusted font files. With X server, this may
     allow privilege escalation when exploited.”
* Set urgency to “high” accordingly.
* Update debian/copyright from upstream COPYING.
* Bump xorg-sgml-doctools build-dep.
* Drop xorg.css from .install, no longer shipped upstream.

27. By Cyril Brulebois

Upload to unstable.

26. By Cyril Brulebois

* New upstream release.
* Bump xutils-dev build-dep for new macros.
* Add xmlto, xorg-sgml-doctools, and w3m build-dep for the doc.
* Pass --with-xmlto and --without-fop for the regular build (we want
  html and txt only). Disable both for the udeb build.
* Tweak doc filenames, and handle that through dh_install.
* Add --fail-missing -XlibXfont.la for the second dh_install call (the
  udeb one), for additional safety.

25. By Julien Cristau

* New upstream release.
* Bump xutils-dev build-dep for new xorg-macros.
* Bump shlibs for register_fpe_functions().
* Update debian/copyright.
* Bump Standards-Version to 3.9.0, no changes.

24. By Cyril Brulebois

[ Julien Cristau ]
* Rename the build directory to not include DEB_BUILD_GNU_TYPE for no
  good reason. Thanks, Colin Watson!
* Remove myself from Uploaders

[ Cyril Brulebois ]
* Use dh_makeshlibs’s -V argument instead of debian/libxfont1.shlibs
* Add udeb needed for the graphical installer: libxfont1-udeb.
* Version the B-D on libfontenc-dev to ensure libxfont1-udeb gets a
  dependency on libfontenc1-udeb.
* Use a bzip2-less flavour for the udeb.
* Bump Standards-Version from 3.8.3 to 3.8.4 (no changes needed).
* Fix obsolete-relation-form-in-source by using “<<” instead of “<” for
  xprint in Conflicts, thanks to lintian.
* Add myself to Uploaders.

23. By Julien Cristau

* New upstream release.
* Bump xutils-dev build-dep for new util-macros.
* Build documentation, install it in libxfont-dev.
* Enable support for bzip2 compressed bitmap fonts.
* Don't use LDFLAGS from the environment. Ubuntu sets that to
  -Bsymbolic-functions, which breaks libXfont's weak symbols usage.

22. By StefanPotyra

* Rebase to unstable, remaining change:
  + debian/rules: unset LDFLAGS to not be hit by -Bsymbolic-functions,
    as libxfont contains weak symbols which are meant to be overriden
    (cf. LP #226156).

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/trusty/libxfont
This branch contains Public information 
Everyone can see this information.

Subscribers