Hello community, here is the log from the commit of package libXfont2 for openSUSE:Factory checked in at 2017-10-21 20:20:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libXfont2 (Old) and /work/SRC/openSUSE:Factory/.libXfont2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libXfont2" Sat Oct 21 20:20:26 2017 rev:2 rq:533541 version:2.0.2 Changes: -------- --- /work/SRC/openSUSE:Factory/libXfont2/libXfont2.changes 2016-09-27 13:43:25.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libXfont2.new/libXfont2.changes 2017-10-21 20:20:35.274337999 +0200 @@ -1,0 +2,7 @@ +Wed Oct 11 22:57:54 UTC 2017 - [email protected] + +- Update to version 2.0.2: + A collection of minor fixes since 2.0.1, including fixes for CVE 2017-13720 + and CVE 2017-13722. + +------------------------------------------------------------------- Old: ---- libXfont2-2.0.1.tar.bz2 New: ---- libXfont2-2.0.2.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libXfont2.spec ++++++ --- /var/tmp/diff_new_pack.7qCRns/_old 2017-10-21 20:20:36.026302787 +0200 +++ /var/tmp/diff_new_pack.7qCRns/_new 2017-10-21 20:20:36.030302599 +0200 @@ -1,7 +1,7 @@ # # spec file for package libXfont2 # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ Name: libXfont2 %define lname libXfont2-2 -Version: 2.0.1 +Version: 2.0.2 Release: 0 Summary: X font handling library for server and utilities License: MIT @@ -52,7 +52,6 @@ %package -n %lname Summary: X font handling library for server and utilities -License: MIT Group: System/Libraries %description -n %lname ++++++ libXfont2-2.0.1.tar.bz2 -> libXfont2-2.0.2.tar.bz2 ++++++ ++++ 30587 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXfont2-2.0.1/ChangeLog new/libXfont2-2.0.2/ChangeLog --- old/libXfont2-2.0.1/ChangeLog 2015-12-11 16:13:24.000000000 +0100 +++ new/libXfont2-2.0.2/ChangeLog 2017-10-11 17:43:54.000000000 +0200 @@ -1,3 +1,213 @@ +commit d82dfe25491c599f650b2ad868772c3b8e6ba7bc +Author: Adam Jackson <[email protected]> +Date: Wed Oct 11 11:33:29 2017 -0400 + + libXfont 2.0.2 + + Signed-off-by: Adam Jackson <[email protected]> + +commit 672bb944311392e2415b39c0d63b1e1902905bcd +Author: Michal Srb <[email protected]> +Date: Thu Jul 20 17:05:23 2017 +0200 + + pcfGetProperties: Check string boundaries (CVE-2017-13722) + + Without the checks a malformed PCF file can cause the library to make + atom from random heap memory that was behind the `strings` buffer. + This may crash the process or leak information. + + Signed-off-by: Julien Cristau <[email protected]> + +commit d1e670a4a8704b8708e493ab6155589bcd570608 +Author: Michal Srb <[email protected]> +Date: Thu Jul 20 13:38:53 2017 +0200 + + Check for end of string in PatternMatch (CVE-2017-13720) + + If a pattern contains '?' character, any character in the string is skipped, + even if it is '\0'. The rest of the matching then reads invalid memory. + + Reviewed-by: Peter Hutterer <[email protected]> + Signed-off-by: Julien Cristau <[email protected]> + +commit 9112a6846b9d8ff18f7568c58e06d0a450e25814 +Author: Adam Jackson <[email protected]> +Date: Thu Apr 13 12:10:05 2017 -0400 + + readme: Update for libXfont 2.0 interface change + + While xfs can be more or less trivially ported to 2.0, bcftopcf cannot + because the font file I/O API is no longer externally visible. This is + intentional, because bdftopcf is literally the only consumer of that + API, and is itself only used in the build process for the classic core + fonts themselves. The plan for bdftopcf is to import a copy of libXfont + 1.5 and link against that statically instead. + + Signed-off-by: Adam Jackson <[email protected]> + Acked-by: Peter Hutterer <[email protected]> + +commit f8ff8d5f7442b3cbac57d5fe343aabd8f54a030f +Author: Emil Velikov <[email protected]> +Date: Mon Mar 9 12:00:52 2015 +0000 + + autogen.sh: use quoted string variables + + Place quotes around the $srcdir, $ORIGDIR and $0 variables to prevent + fall-outs, when they contain space. + + Signed-off-by: Emil Velikov <[email protected]> + Reviewed-by: Peter Hutterer <[email protected]> + Signed-off-by: Peter Hutterer <[email protected]> + +commit 75b9a15b51a062941a549fef0dedaee9daef4867 +Author: Peter Hutterer <[email protected]> +Date: Tue Jan 24 10:32:07 2017 +1000 + + autogen.sh: use exec instead of waiting for configure to finish + + Syncs the invocation of configure with the one from the server. + + Signed-off-by: Peter Hutterer <[email protected]> + Reviewed-by: Emil Velikov <[email protected]> + +commit 33a98f2b5343da927f29191348e992f505544873 +Author: Adam Jackson <[email protected]> +Date: Wed Jun 8 14:28:09 2016 -0400 + + freetype: Fix a logic error in computing face name + + gcc6 chirps an indentation warning here, but really this is bad code. + Effectively this would ignore en_US or en_UK names for the font, despite + that those are the English names the font is most likely to have. + + Signed-off-by: Adam Jackson <[email protected]> + Reviewed-by: Alan Coopersmith <[email protected]> + +commit 79084468fb844e386a72d938c67be0728959a2bd +Author: Adam Jackson <[email protected]> +Date: Wed May 18 11:49:52 2016 -0400 + + autogen: Set a default subject prefix for patches + + Signed-off-by: Adam Jackson <[email protected]> + +commit 7557fe152d9948bcb4b805bb7b6b6f8121bd34fb +Author: Adam Jackson <[email protected]> +Date: Wed May 18 11:52:27 2016 -0400 + + configure: Use -fvisibility=hidden if available + + text data bss dec hex filename + 233732 8168 1616 243516 3b73c .libs/libXfont2.so.2.before + 217113 6816 1616 225545 37109 .libs/libXfont2.so.2.after + + Signed-off-by: Adam Jackson <[email protected]> + Reviewed-by: Emil Velikov <[email protected]> + +commit 6972ea08ee5b2ef1cfbdc2fcaf14f06bbd391561 +Author: Jeremy Huddleston Sequoia <[email protected]> +Date: Mon May 30 00:46:21 2016 -0700 + + fserve: Fix a buffer read overrun in _fs_client_access + + https://bugs.freedesktop.org/show_bug.cgi?id=83224 + + Found by clang's Address Sanitizer + + crac.num_auths = set_font_authorizations(&authorizations, &authlen, + client); + /* Work around bug in xfs versions up through modular release 1.0.8 + which rejects CreateAC packets with num_auths = 0 & authlen < 4 */ + if (crac.num_auths == 0) { + authorizations = padding; + authlen = 4; + } else { + authlen = (authlen + 3) & ~0x3; + } + crac.length = (sizeof (fsCreateACReq) + authlen) >> 2; + crac.acid = cur->acid; + _fs_add_req_log(conn, FS_CreateAC); + _fs_write(conn, (char *) &crac, sizeof (fsCreateACReq)); + _fs_write(conn, authorizations, authlen); + + In the case in the report, set_font_authorizations setup authorizations as a + 34 byte buffer (and authlen set to 34 as one would expect). The following + block changed authlen to 36 to make it 4byte aligned and the final _fs_write() + caused us to read 36 bytes from this 34 byte buffer. + + This changes the incorrect size increase to instead use _fs_write_pad which + takes care of the padding for us. + + Signed-off-by: Jeremy Huddleston Sequoia <[email protected]> + +commit d967caa988eaabd9e84c82879e2f21bd33b952a7 +Author: Jeremy Huddleston Sequoia <[email protected]> +Date: Sun May 29 23:39:06 2016 -0700 + + fstrans: Remove unused foo() function + + The point of it seems to have been to silence an unused function warning, but + there's no point if we're just transitioning that to another unused function + warning. + + src/fc/fstrans.c:32:20: warning: unused function 'foo' [-Wunused-function] + static inline void foo(void) { (void) is_numeric("a"); } + ^ + 1 warning generated. + + Signed-off-by: Jeremy Huddleston Sequoia <[email protected]> + Reviewed-by: Keith Packard <[email protected]> + +commit e6009adbc89ec3e1f924bcb57b333c1c02f5e66d +Author: Jeremy Huddleston Sequoia <[email protected]> +Date: Sun May 29 23:37:13 2016 -0700 + + fserve: Silence a -Wformat warning + + src/fc/fserve.c:653:32: warning: format specifies type 'int' but the argument has type 'CARD32' (aka 'unsigned long') [-Wformat] + " from font server\n", rep->length); + ^~~~~~~~~~~ + 1 warning generated. + + Signed-off-by: Jeremy Huddleston Sequoia <[email protected]> + +commit ac559fad20bbae45332c758abb6a790c3fd341a2 +Author: Jeremy Huddleston Sequoia <[email protected]> +Date: Sun May 29 23:34:35 2016 -0700 + + bitmap: Bail out on invalid input to FontFileMakeDir instead of calling calloc for 0 bytes + + Found by clang static analysis: + Call to 'calloc' has an allocation size of 0 bytes + + Signed-off-by: Jeremy Huddleston Sequoia <[email protected]> + +commit d0fff111992fed9d9bfbf0c19e136bda9ba1db55 +Author: Jeremy Huddleston Sequoia <[email protected]> +Date: Sun May 29 23:29:50 2016 -0700 + + FreeType: Correct an allocation size + + Found by clang static analysis: + Result of 'calloc' is converted to a pointer of type 'int', which is + incompatible with sizeof operand type 'int *' + + This is likely benign because the old size was larger on any platform where + sizeof(int) <= sizeof(void *), which is everywhere. + + Signed-off-by: Jeremy Huddleston Sequoia <[email protected]> + +commit eefc0b0b908eb8533e704d7156ce983ad7891cc5 +Author: Keith Packard <[email protected]> +Date: Sat Dec 12 14:54:26 2015 -0800 + + Revert "Add compiler warning flags". Leave warning fixes. + + This reverts commit eb67d10ae82b364a4324e96ce53baaa4e5e75f97, but + leaves the warning fixes in place; it looks like either I was + confused, or something has changed so that XORG_DEFAULT_OPTIONS now + pulls in the appropriate compiler warnings. + commit 14488af0338191356c0177e3d0b5fa473ffbd59c Author: Keith Packard <[email protected]> Date: Fri Dec 11 07:08:29 2015 -0800 @@ -1353,7 +1563,7 @@ Conflicts: - ChangeLog + ChangeLog Signed-off-by: Yaakov Selkowitz <[email protected]> @@ -2166,7 +2376,7 @@ This patch adds a new FPE type, which will match font path elements of the form - catalogue:<dir> + catalogue:<dir> The dir specified after the catalogue: prefix will be scanned for symlinks and each symlink destination will be added as a local fontfile FPE. @@ -2176,22 +2386,22 @@ An example configuration: - 75dpi:unscaled:pri=20 -> /usr/share/X11/fonts/75dpi - ghostscript:pri=60 -> /usr/share/fonts/default/ghostscript - misc:unscaled:pri=10 -> /usr/share/X11/fonts/misc - type1:pri=40 -> /usr/share/X11/fonts/Type1 - type1:pri=50 -> /usr/share/fonts/default/Type1 + 75dpi:unscaled:pri=20 -> /usr/share/X11/fonts/75dpi + ghostscript:pri=60 -> /usr/share/fonts/default/ghostscript + misc:unscaled:pri=10 -> /usr/share/X11/fonts/misc + type1:pri=40 -> /usr/share/X11/fonts/Type1 + type1:pri=50 -> /usr/share/fonts/default/Type1 will add /usr/share/X11/fonts/misc as the first FPE with the attribute 'unscaled', second FPE will be /usr/share/X11/fonts/75dpi, also with the attribute unscaled etc. This is functionally equivalent to setting the following font path: - /usr/share/X11/fonts/misc:unscaled, - /usr/share/X11/fonts/75dpi:unscaled, - /usr/share/X11/fonts/Type1, - /usr/share/fonts/default/Type1, - /usr/share/fonts/default/ghostscript + /usr/share/X11/fonts/misc:unscaled, + /usr/share/X11/fonts/75dpi:unscaled, + /usr/share/X11/fonts/Type1, + /usr/share/fonts/default/Type1, + /usr/share/fonts/default/ghostscript The motivation is to let font packages add a symlink to the new font directory they provide instead of rewriting either the Xorg config file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXfont2-2.0.1/README new/libXfont2-2.0.2/README --- old/libXfont2-2.0.1/README 2015-09-19 05:18:54.000000000 +0200 +++ new/libXfont2-2.0.2/README 2017-10-11 17:43:43.000000000 +0200 @@ -1,9 +1,14 @@ -libXfont provides the core of the legacy X11 font system, handling the -index files (fonts.dir, fonts.alias, fonts.scale), the various font file -formats, and rasterizing them. It is used by the X servers, the -X Font Server (xfs), and some font utilities (bdftopcf for instance), -but should not be used by normal X11 clients. X11 clients access fonts -via either the new API's in libXft, or the legacy API's in libX11. +libXfont provides the core of the legacy X11 font system, handling the index +files (fonts.dir, fonts.alias, fonts.scale), the various font file formats, +and rasterizing them. It is used by the X servers, and will eventually be +used by the X Font Server (xfs), but should not be used by normal X11 clients. +X11 clients access fonts via either the new APIs in libXft, or the legacy +APIs in libX11. + +This version of libXfont is not compatible with xfs, or with the legacy +bdftopcf utility; these packages require libXfont 1.5, not libXfont 2.0 +or later. The two versions can be installed in parallel, and eventually +the need for 1.5 will go away. We apologize for the inconvenience. libXfont supports a number of compression and font formats, and the configure script takes various options to enable or disable them: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXfont2-2.0.1/config.h.in new/libXfont2-2.0.2/config.h.in --- old/libXfont2-2.0.1/config.h.in 2015-12-11 16:09:40.000000000 +0100 +++ new/libXfont2-2.0.2/config.h.in 2017-10-11 17:43:48.000000000 +0200 @@ -60,8 +60,7 @@ /* Support os-specific local connections */ #undef LOCALCONN -/* Define to the sub-directory in which libtool stores uninstalled libraries. - */ +/* Define to the sub-directory where libtool stores uninstalled libraries. */ #undef LT_OBJDIR /* Name of package */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXfont2-2.0.1/configure.ac new/libXfont2-2.0.2/configure.ac --- old/libXfont2-2.0.1/configure.ac 2015-12-11 16:09:16.000000000 +0100 +++ new/libXfont2-2.0.2/configure.ac 2017-10-11 17:43:43.000000000 +0200 @@ -21,11 +21,10 @@ # Initialize Autoconf AC_PREREQ([2.60]) -AC_INIT([libXfont2], [2.0.1], +AC_INIT([libXfont2], [2.0.2], [https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], [libXfont2]) AC_CONFIG_SRCDIR([Makefile.am]) AC_CONFIG_HEADERS([config.h]) -AC_CONFIG_MACRO_DIR([m4]) # Initialize Automake AM_INIT_AUTOMAKE([foreign dist-bzip2 subdir-objects]) @@ -58,27 +57,6 @@ # must first be located explicitly. PKG_PROG_PKG_CONFIG -with_cflags="" -if test "x$GCC" = "xyes"; then - CC_CHECK_FLAGS_APPEND([with_cflags], [CFLAGS], [\ - -Wall \ - -Wextra \ - -Wno-sign-compare \ - -Wno-missing-field-initializers \ - -Wno-unused-parameter \ - -Wstrict-prototypes \ - -Wmissing-prototypes \ - -fvisibility=hidden \ - -pipe \ - -fno-strict-aliasing \ - -ffunction-sections \ - -fdata-sections \ - -fno-strict-aliasing \ - -fdiagnostics-show-option \ - -fno-common]) -fi -AC_SUBST([GCC_CFLAGS], $with_cflags) - # # select libraries to include # @@ -239,7 +217,22 @@ OS_CFLAGS= ;; esac -OS_CFLAGS="$OS_CFLAGS $GCC_CFLAGS" + +save_CFLAGS="$CFLAGS" +CFLAGS="$CFLAGS -fvisibility=hidden" +CFLAGS_VISIBILITY= +AC_COMPILE_IFELSE( + [AC_LANG_SOURCE([[ + #if defined(__CYGWIN__) || defined(__MINGW32__) + #error No visibility support + #endif + extern __attribute__((__visibility__("default"))) int x; + ]])], + [CFLAGS_VISIBILITY=-fvisibility=hidden], + [] +) +CFLAGS="$save_CFLAGS" +OS_CFLAGS="$OS_CFLAGS $CFLAGS_VISIBILITY" AC_SUBST([OS_CFLAGS]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXfont2-2.0.1/m4/attributes.m4 new/libXfont2-2.0.2/m4/attributes.m4 --- old/libXfont2-2.0.1/m4/attributes.m4 2015-09-18 16:52:14.000000000 +0200 +++ new/libXfont2-2.0.2/m4/attributes.m4 1970-01-01 01:00:00.000000000 +0100 @@ -1,283 +0,0 @@ -dnl Macros to check the presence of generic (non-typed) symbols. -dnl Copyright (c) 2006-2008 Diego Pettenò <[email protected]> -dnl Copyright (c) 2006-2008 xine project -dnl Copyright (c) 2012 Lucas De Marchi <[email protected]> -dnl -dnl This program is free software; you can redistribute it and/or modify -dnl it under the terms of the GNU General Public License as published by -dnl the Free Software Foundation; either version 2, or (at your option) -dnl any later version. -dnl -dnl This program is distributed in the hope that it will be useful, -dnl but WITHOUT ANY WARRANTY; without even the implied warranty of -dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -dnl GNU General Public License for more details. -dnl -dnl You should have received a copy of the GNU General Public License -dnl along with this program; if not, write to the Free Software -dnl Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -dnl 02110-1301, USA. -dnl -dnl As a special exception, the copyright owners of the -dnl macro gives unlimited permission to copy, distribute and modify the -dnl configure scripts that are the output of Autoconf when processing the -dnl Macro. You need not follow the terms of the GNU General Public -dnl License when using or distributing such scripts, even though portions -dnl of the text of the Macro appear in them. The GNU General Public -dnl License (GPL) does govern all other use of the material that -dnl constitutes the Autoconf Macro. -dnl -dnl This special exception to the GPL applies to versions of the -dnl Autoconf Macro released by this project. When you make and -dnl distribute a modified version of the Autoconf Macro, you may extend -dnl this special exception to the GPL to apply to your modified version as -dnl well. - -dnl Check if FLAG in ENV-VAR is supported by compiler and append it -dnl to WHERE-TO-APPEND variable -dnl CC_CHECK_FLAG_APPEND([WHERE-TO-APPEND], [ENV-VAR], [FLAG]) - -AC_DEFUN([CC_CHECK_FLAG_APPEND], [ - AC_CACHE_CHECK([if $CC supports flag $3 in envvar $2], - AS_TR_SH([cc_cv_$2_$3]), - [eval "AS_TR_SH([cc_save_$2])='${$2}'" - eval "AS_TR_SH([$2])='-Werror $3'" - AC_LINK_IFELSE([AC_LANG_SOURCE([int a = 0; int main(void) { return a; } ])], - [eval "AS_TR_SH([cc_cv_$2_$3])='yes'"], - [eval "AS_TR_SH([cc_cv_$2_$3])='no'"]) - eval "AS_TR_SH([$2])='$cc_save_$2'"]) - - AS_IF([eval test x$]AS_TR_SH([cc_cv_$2_$3])[ = xyes], - [eval "$1='${$1} $3'"]) -]) - -dnl CC_CHECK_FLAGS_APPEND([WHERE-TO-APPEND], [ENV-VAR], [FLAG1 FLAG2]) -AC_DEFUN([CC_CHECK_FLAGS_APPEND], [ - for flag in $3; do - CC_CHECK_FLAG_APPEND($1, $2, $flag) - done -]) - -dnl Check if the flag is supported by linker (cacheable) -dnl CC_CHECK_LDFLAGS([FLAG], [ACTION-IF-FOUND],[ACTION-IF-NOT-FOUND]) - -AC_DEFUN([CC_CHECK_LDFLAGS], [ - AC_CACHE_CHECK([if $CC supports $1 flag], - AS_TR_SH([cc_cv_ldflags_$1]), - [ac_save_LDFLAGS="$LDFLAGS" - LDFLAGS="$LDFLAGS $1" - AC_LINK_IFELSE([int main() { return 1; }], - [eval "AS_TR_SH([cc_cv_ldflags_$1])='yes'"], - [eval "AS_TR_SH([cc_cv_ldflags_$1])="]) - LDFLAGS="$ac_save_LDFLAGS" - ]) - - AS_IF([eval test x$]AS_TR_SH([cc_cv_ldflags_$1])[ = xyes], - [$2], [$3]) -]) - -dnl define the LDFLAGS_NOUNDEFINED variable with the correct value for -dnl the current linker to avoid undefined references in a shared object. -AC_DEFUN([CC_NOUNDEFINED], [ - dnl We check $host for which systems to enable this for. - AC_REQUIRE([AC_CANONICAL_HOST]) - - case $host in - dnl FreeBSD (et al.) does not complete linking for shared objects when pthreads - dnl are requested, as different implementations are present; to avoid problems - dnl use -Wl,-z,defs only for those platform not behaving this way. - *-freebsd* | *-openbsd*) ;; - *) - dnl First of all check for the --no-undefined variant of GNU ld. This allows - dnl for a much more readable commandline, so that people can understand what - dnl it does without going to look for what the heck -z defs does. - for possible_flags in "-Wl,--no-undefined" "-Wl,-z,defs"; do - CC_CHECK_LDFLAGS([$possible_flags], [LDFLAGS_NOUNDEFINED="$possible_flags"]) - break - done - ;; - esac - - AC_SUBST([LDFLAGS_NOUNDEFINED]) -]) - -dnl Check for a -Werror flag or equivalent. -Werror is the GCC -dnl and ICC flag that tells the compiler to treat all the warnings -dnl as fatal. We usually need this option to make sure that some -dnl constructs (like attributes) are not simply ignored. -dnl -dnl Other compilers don't support -Werror per se, but they support -dnl an equivalent flag: -dnl - Sun Studio compiler supports -errwarn=%all -dnl we don't test for that, it gives us false positives when gcc doesn't -dnl actually complain about it. If someone wants to compile this on sun, let -dnl them fix it. -AC_DEFUN([CC_CHECK_WERROR], [ - AC_CACHE_CHECK( - [for $CC way to treat warnings as errors], - [cc_cv_werror], - [CC_CHECK_FLAG_APPEND([cc_cv_werror], [CFLAGS], [-Werror])]) -]) - -AC_DEFUN([CC_CHECK_ATTRIBUTE], [ - AC_REQUIRE([CC_CHECK_WERROR]) - AC_CACHE_CHECK([if $CC supports __attribute__(( ifelse([$2], , [$1], [$2]) ))], - AS_TR_SH([cc_cv_attribute_$1]), - [ac_save_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS $cc_cv_werror" - AC_COMPILE_IFELSE([AC_LANG_SOURCE([$3])], - [eval "AS_TR_SH([cc_cv_attribute_$1])='yes'"], - [eval "AS_TR_SH([cc_cv_attribute_$1])='no'"]) - CFLAGS="$ac_save_CFLAGS" - ]) - - AS_IF([eval test x$]AS_TR_SH([cc_cv_attribute_$1])[ = xyes], - [AC_DEFINE( - AS_TR_CPP([SUPPORT_ATTRIBUTE_$1]), 1, - [Define this if the compiler supports __attribute__(( ifelse([$2], , [$1], [$2]) ))] - ) - $4], - [$5]) -]) - -AC_DEFUN([CC_ATTRIBUTE_CONSTRUCTOR], [ - CC_CHECK_ATTRIBUTE( - [constructor],, - [void __attribute__((constructor)) ctor() { int a; }], - [$1], [$2]) -]) - -AC_DEFUN([CC_ATTRIBUTE_FORMAT], [ - CC_CHECK_ATTRIBUTE( - [format], [format(printf, n, n)], - [void __attribute__((format(printf, 1, 2))) printflike(const char *fmt, ...) { fmt = (void *)0; }], - [$1], [$2]) -]) - -AC_DEFUN([CC_ATTRIBUTE_FORMAT_ARG], [ - CC_CHECK_ATTRIBUTE( - [format_arg], [format_arg(printf)], - [char *__attribute__((format_arg(1))) gettextlike(const char *fmt) { fmt = (void *)0; }], - [$1], [$2]) -]) - -AC_DEFUN([CC_ATTRIBUTE_VISIBILITY], [ - CC_CHECK_ATTRIBUTE( - [visibility_$1], [visibility("$1")], - [void __attribute__((visibility("$1"))) $1_function() { }], - [$2], [$3]) -]) - -AC_DEFUN([CC_ATTRIBUTE_NONNULL], [ - CC_CHECK_ATTRIBUTE( - [nonnull], [nonnull()], - [void __attribute__((nonnull())) some_function(void *foo, void *bar) { foo = (void*)0; bar = (void*)0; }], - [$1], [$2]) -]) - -AC_DEFUN([CC_ATTRIBUTE_UNUSED], [ - CC_CHECK_ATTRIBUTE( - [unused], , - [void some_function(void *foo, __attribute__((unused)) void *bar);], - [$1], [$2]) -]) - -AC_DEFUN([CC_ATTRIBUTE_SENTINEL], [ - CC_CHECK_ATTRIBUTE( - [sentinel], , - [void some_function(void *foo, ...) __attribute__((sentinel));], - [$1], [$2]) -]) - -AC_DEFUN([CC_ATTRIBUTE_DEPRECATED], [ - CC_CHECK_ATTRIBUTE( - [deprecated], , - [void some_function(void *foo, ...) __attribute__((deprecated));], - [$1], [$2]) -]) - -AC_DEFUN([CC_ATTRIBUTE_ALIAS], [ - CC_CHECK_ATTRIBUTE( - [alias], [weak, alias], - [void other_function(void *foo) { } - void some_function(void *foo) __attribute__((weak, alias("other_function")));], - [$1], [$2]) -]) - -AC_DEFUN([CC_ATTRIBUTE_MALLOC], [ - CC_CHECK_ATTRIBUTE( - [malloc], , - [void * __attribute__((malloc)) my_alloc(int n);], - [$1], [$2]) -]) - -AC_DEFUN([CC_ATTRIBUTE_PACKED], [ - CC_CHECK_ATTRIBUTE( - [packed], , - [struct astructure { char a; int b; long c; void *d; } __attribute__((packed));], - [$1], [$2]) -]) - -AC_DEFUN([CC_ATTRIBUTE_CONST], [ - CC_CHECK_ATTRIBUTE( - [const], , - [int __attribute__((const)) twopow(int n) { return 1 << n; } ], - [$1], [$2]) -]) - -AC_DEFUN([CC_FLAG_VISIBILITY], [ - AC_CACHE_CHECK([if $CC supports -fvisibility=hidden], - [cc_cv_flag_visibility], - [CC_CHECK_FLAG_APPEND([cc_cv_flag_visibility], [CFLAGS], [-fvisibility=hidden])]) - - AS_IF([test "x$cc_cv_flag_visibility" != "x"], - [AC_DEFINE([SUPPORT_FLAG_VISIBILITY], 1, - [Define this if the compiler supports the -fvisibility flag]) - $1], - [$2]) -]) - -AC_DEFUN([CC_FUNC_EXPECT], [ - AC_REQUIRE([CC_CHECK_WERROR]) - AC_CACHE_CHECK([if compiler has __builtin_expect function], - [cc_cv_func_expect], - [ac_save_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS $cc_cv_werror" - AC_COMPILE_IFELSE([AC_LANG_SOURCE( - [int some_function() { - int a = 3; - return (int)__builtin_expect(a, 3); - }])], - [cc_cv_func_expect=yes], - [cc_cv_func_expect=no]) - CFLAGS="$ac_save_CFLAGS" - ]) - - AS_IF([test "x$cc_cv_func_expect" = "xyes"], - [AC_DEFINE([SUPPORT__BUILTIN_EXPECT], 1, - [Define this if the compiler supports __builtin_expect() function]) - $1], - [$2]) -]) - -AC_DEFUN([CC_ATTRIBUTE_ALIGNED], [ - AC_REQUIRE([CC_CHECK_WERROR]) - AC_CACHE_CHECK([highest __attribute__ ((aligned ())) supported], - [cc_cv_attribute_aligned], - [ac_save_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS $cc_cv_werror" - for cc_attribute_align_try in 64 32 16 8 4 2; do - AC_COMPILE_IFELSE([AC_LANG_SOURCE([ - int main() { - static char c __attribute__ ((aligned($cc_attribute_align_try))) = 0; - return c; - }])], [cc_cv_attribute_aligned=$cc_attribute_align_try; break]) - done - CFLAGS="$ac_save_CFLAGS" - ]) - - if test "x$cc_cv_attribute_aligned" != "x"; then - AC_DEFINE_UNQUOTED([ATTRIBUTE_ALIGNED_MAX], [$cc_cv_attribute_aligned], - [Define the highest alignment supported]) - fi -]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXfont2-2.0.1/src/FreeType/ftfuncs.c new/libXfont2-2.0.2/src/FreeType/ftfuncs.c --- old/libXfont2-2.0.1/src/FreeType/ftfuncs.c 2015-12-09 05:36:38.000000000 +0100 +++ new/libXfont2-2.0.2/src/FreeType/ftfuncs.c 2017-10-11 17:43:43.000000000 +0200 @@ -623,7 +623,7 @@ offset = idx - segment * FONTSEGMENTSIZE; if((*available)[segment] == NULL) { - (*available)[segment] = calloc(FONTSEGMENTSIZE, sizeof(int *)); + (*available)[segment] = calloc(FONTSEGMENTSIZE, sizeof(int)); if((*available)[segment] == NULL) return AllocError; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXfont2-2.0.1/src/FreeType/fttools.c new/libXfont2-2.0.2/src/FreeType/fttools.c --- old/libXfont2-2.0.1/src/FreeType/fttools.c 2015-12-09 05:36:38.000000000 +0100 +++ new/libXfont2-2.0.2/src/FreeType/fttools.c 2017-10-11 17:43:43.000000000 +0200 @@ -100,7 +100,6 @@ case TT_PLATFORM_MICROSOFT: if(name.language_id != TT_MS_LANGID_ENGLISH_UNITED_STATES && name.language_id != TT_MS_LANGID_ENGLISH_UNITED_KINGDOM) - break; continue; break; default: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXfont2-2.0.1/src/bitmap/bitscale.c new/libXfont2-2.0.2/src/bitmap/bitscale.c --- old/libXfont2-2.0.1/src/bitmap/bitscale.c 2015-12-09 05:36:38.000000000 +0100 +++ new/libXfont2-2.0.2/src/bitmap/bitscale.c 2017-10-11 17:43:43.000000000 +0200 @@ -1477,6 +1477,10 @@ lastRow = pfi->lastRow; nchars = (lastRow - firstRow + 1) * (lastCol - firstCol + 1); + if (nchars <= 0) { + goto bail; + } + glyph = pf->glyph; for (i = 0; i < nchars; i++) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXfont2-2.0.1/src/bitmap/pcfread.c new/libXfont2-2.0.2/src/bitmap/pcfread.c --- old/libXfont2-2.0.1/src/bitmap/pcfread.c 2015-12-09 05:36:38.000000000 +0100 +++ new/libXfont2-2.0.2/src/bitmap/pcfread.c 2017-10-11 17:43:43.000000000 +0200 @@ -45,6 +45,7 @@ #include <stdarg.h> #include <stdint.h> +#include <string.h> void pcfError(const char* message, ...) @@ -311,11 +312,19 @@ if (IS_EOF(file)) goto Bail; position += string_size; for (i = 0; i < nprops; i++) { + if (props[i].name >= string_size) { + pcfError("pcfGetProperties(): String starts out of bounds (%ld/%d)\n", props[i].name, string_size); + goto Bail; + } props[i].name = MakeAtom(strings + props[i].name, - strlen(strings + props[i].name), TRUE); + strnlen(strings + props[i].name, string_size - props[i].name), TRUE); if (isStringProp[i]) { + if (props[i].value >= string_size) { + pcfError("pcfGetProperties(): String starts out of bounds (%ld/%d)\n", props[i].value, string_size); + goto Bail; + } props[i].value = MakeAtom(strings + props[i].value, - strlen(strings + props[i].value), TRUE); + strnlen(strings + props[i].value, string_size - props[i].value), TRUE); } } free(strings); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXfont2-2.0.1/src/fc/fserve.c new/libXfont2-2.0.2/src/fc/fserve.c --- old/libXfont2-2.0.1/src/fc/fserve.c 2015-12-09 05:36:38.000000000 +0100 +++ new/libXfont2-2.0.2/src/fc/fserve.c 2017-10-11 17:43:43.000000000 +0200 @@ -649,8 +649,8 @@ */ if (rep->length > MAX_REPLY_LENGTH) { - ErrorF("fserve: reply length %d > MAX_REPLY_LENGTH, disconnecting" - " from font server\n", rep->length); + ErrorF("fserve: reply length %ld > MAX_REPLY_LENGTH, disconnecting" + " from font server\n", (long)rep->length); _fs_connection_died (conn); *error = FSIO_ERROR; return 0; @@ -2856,14 +2856,12 @@ if (crac.num_auths == 0) { authorizations = padding; authlen = 4; - } else { - authlen = (authlen + 3) & ~0x3; } crac.length = (sizeof (fsCreateACReq) + authlen) >> 2; crac.acid = cur->acid; _fs_add_req_log(conn, FS_CreateAC); _fs_write(conn, (char *) &crac, sizeof (fsCreateACReq)); - _fs_write(conn, authorizations, authlen); + _fs_write_pad(conn, authorizations, authlen); /* ignore reply; we don't even care about it */ conn->curacid = 0; cur->auth_generation = client_auth_generation(client); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXfont2-2.0.1/src/fc/fstrans.c new/libXfont2-2.0.2/src/fc/fstrans.c --- old/libXfont2-2.0.1/src/fc/fstrans.c 2015-12-09 05:36:38.000000000 +0100 +++ new/libXfont2-2.0.2/src/fc/fstrans.c 2017-10-11 17:43:43.000000000 +0200 @@ -28,5 +28,3 @@ #define FONT_t #define TRANS_CLIENT #include <X11/Xtrans/transport.c> -/* inhibit warning about is_numeric */ -static inline void foo(void) { (void) is_numeric("a"); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libXfont2-2.0.1/src/fontfile/fontdir.c new/libXfont2-2.0.2/src/fontfile/fontdir.c --- old/libXfont2-2.0.1/src/fontfile/fontdir.c 2015-12-09 05:36:38.000000000 +0100 +++ new/libXfont2-2.0.2/src/fontfile/fontdir.c 2017-10-11 17:43:43.000000000 +0200 @@ -400,8 +400,10 @@ } } case '?': - if (*string++ == XK_minus) + if ((t = *string++) == XK_minus) stringdashes--; + if (!t) + return 0; break; case '\0': return (*string == '\0');
