Created by Ubuntu Package Importer on 2014-01-07 and last modified on 2014-05-13
Get this branch:
bzr branch lp:ubuntu/saucy-security/libxfont
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

33. By Marc Deslauriers on 2014-05-13

* SECURITY UPDATE: denial of service and possible code execution via
  font metadata file parsing
  - debian/patches/CVE-2014-0209.patch: check for overflows in
    src/fontfile/dirfile.c, src/fontfile/fontdir.c.
  - CVE-2014-0209
* SECURITY UPDATE: denial of service and possible code execution via
  xfs font server replies
  - debian/patches/CVE-2014-021x.patch: check lengths and sizes in
    src/fc/fsconvert.c, src/fc/fserve.c.
  - CVE-2014-0210
  - CVE-2014-0211

32. By Marc Deslauriers on 2013-12-30

* SECURITY UPDATE: denial of service and possible code execution via
  stack overflow
  - debian/patches/CVE-2013-6462.patch: limit sscanf field in
  - CVE-2013-6462

31. By Julien Cristau on 2013-08-12

* New upstream release.
* Build for multiarch (closes: #654252). Patch by Riku Voipio, thanks!
* Disable silent build rules.

30. By Cyril Brulebois on 2012-05-03

Ease sync for Ubuntu: strip -Bsymbolic-functions from LDFLAGS
(LP: #992745).

29. By Cyril Brulebois on 2012-03-04

[ Cyril Brulebois ]
* New upstream release.
* Switch to dh:
  - Bump debhelper build-dep and compat.
  - Rewrite debian/rules, using autoreconf and quilt sequences.
  - Adjust build dependencies accordingly.
  - Use build-main and build-udeb as build directories.
  - Adjust .install accordingly.
* Remove xsfbs accordingly.
* Add support for hardened build flags through dpkg-buildflags, based
  on a patch by Moritz Muehlenhoff, thanks! (Closes: #654154).

[ Julien Cristau ]
* Remove David Nusinow from Uploaders.

28. By Cyril Brulebois on 2011-08-11

[ Julien Cristau ]
* Drop Pre-Depends on x11-common (only needed for upgrades from the
  monolith) and Replaces on xlibs-static-dev (hasn't existed in forever).

[ Cyril Brulebois ]
* New upstream release:
  - LZW decompress: fix for CVE-2011-2895. From the commit message:
    “Specially crafted LZW stream can crash an application using libXfont
     that is used to open untrusted font files. With X server, this may
     allow privilege escalation when exploited.”
* Set urgency to “high” accordingly.
* Update debian/copyright from upstream COPYING.
* Bump xorg-sgml-doctools build-dep.
* Drop xorg.css from .install, no longer shipped upstream.

27. By Cyril Brulebois on 2011-02-05

Upload to unstable.

26. By Cyril Brulebois on 2010-11-19

* New upstream release.
* Bump xutils-dev build-dep for new macros.
* Add xmlto, xorg-sgml-doctools, and w3m build-dep for the doc.
* Pass --with-xmlto and --without-fop for the regular build (we want
  html and txt only). Disable both for the udeb build.
* Tweak doc filenames, and handle that through dh_install.
* Add --fail-missing -XlibXfont.la for the second dh_install call (the
  udeb one), for additional safety.

25. By Julien Cristau on 2010-07-07

* New upstream release.
* Bump xutils-dev build-dep for new xorg-macros.
* Bump shlibs for register_fpe_functions().
* Update debian/copyright.
* Bump Standards-Version to 3.9.0, no changes.

24. By Cyril Brulebois on 2010-03-10

[ Julien Cristau ]
* Rename the build directory to not include DEB_BUILD_GNU_TYPE for no
  good reason. Thanks, Colin Watson!
* Remove myself from Uploaders

[ Cyril Brulebois ]
* Use dh_makeshlibs’s -V argument instead of debian/libxfont1.shlibs
* Add udeb needed for the graphical installer: libxfont1-udeb.
* Version the B-D on libfontenc-dev to ensure libxfont1-udeb gets a
  dependency on libfontenc1-udeb.
* Use a bzip2-less flavour for the udeb.
* Bump Standards-Version from 3.8.3 to 3.8.4 (no changes needed).
* Fix obsolete-relation-form-in-source by using “<<” instead of “<” for
  xprint in Conflicts, thanks to lintian.
* Add myself to Uploaders.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.