commit libXfont for openSUSE:Factory

2017-12-05 Thread root 
Hello community,

here is the log from the commit of package libXfont for openSUSE:Factory 
checked in at 2017-12-06 08:58:48

Comparing /work/SRC/openSUSE:Factory/libXfont (Old)
 and  /work/SRC/openSUSE:Factory/.libXfont.new (New)


Package is "libXfont"

Wed Dec  6 08:58:48 2017 rev:20 rq:548189 version:1.5.4

Changes:

--- /work/SRC/openSUSE:Factory/libXfont/libXfont.changes2017-12-03 
10:08:53.308877063 +0100
+++ /work/SRC/openSUSE:Factory/.libXfont.new/libXfont.changes   2017-12-06 
08:58:49.736458395 +0100
@@ -5 +5 @@
-  * Open files with O_NOFOLLOW. (CVE-2017-16611)
+  * Open files with O_NOFOLLOW. (CVE-2017-16611, bsc#1050459)



Other differences:
--

commit libXfont for openSUSE:Factory

2017-12-03 Thread root 
Hello community,

here is the log from the commit of package libXfont for openSUSE:Factory 
checked in at 2017-12-03 10:08:51

Comparing /work/SRC/openSUSE:Factory/libXfont (Old)
 and  /work/SRC/openSUSE:Factory/.libXfont.new (New)


Package is "libXfont"

Sun Dec  3 10:08:51 2017 rev:19 rq:546295 version:1.5.4

Changes:

--- /work/SRC/openSUSE:Factory/libXfont/libXfont.changes2017-10-28 
14:18:36.210310647 +0200
+++ /work/SRC/openSUSE:Factory/.libXfont.new/libXfont.changes   2017-12-03 
10:08:53.308877063 +0100
@@ -1,0 +2,6 @@
+Tue Nov 28 19:20:44 UTC 2017 - sndir...@suse.com
+
+- Update to release 1.5.4
+  * Open files with O_NOFOLLOW. (CVE-2017-16611)
+
+---

Old:

  libXfont-1.5.3.tar.bz2

New:

  libXfont-1.5.4.tar.bz2



Other differences:
--
++ libXfont.spec ++
--- /var/tmp/diff_new_pack.yw2A3a/_old  2017-12-03 10:08:53.896855686 +0100
+++ /var/tmp/diff_new_pack.yw2A3a/_new  2017-12-03 10:08:53.900855540 +0100
@@ -18,7 +18,7 @@
 
 Name:   libXfont
 %define lname  libXfont1
-Version:1.5.3
+Version:1.5.4
 Release:0
 Summary:X font handling library for server and utilities
 License:MIT

++ libXfont-1.5.3.tar.bz2 -> libXfont-1.5.4.tar.bz2 ++
 1967 lines of diff (skipped)
retrying with extended exclude list
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude 
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh 
old/libXfont-1.5.3/ChangeLog new/libXfont-1.5.4/ChangeLog
--- old/libXfont-1.5.3/ChangeLog2017-10-19 22:50:17.0 +0200
+++ new/libXfont-1.5.4/ChangeLog2017-11-28 15:34:44.0 +0100
@@ -1,3 +1,22 @@
+commit 7d246751628bb877e04da762ec1a2e41ffa62154
+Author: Matthieu Herrb 
+Date:   Tue Nov 28 15:33:15 2017 +0100
+
+libXfont 1.5.4
+
+commit 5ed8ac0e4f063825b8ecda48e9a111d3ce92e825
+Author: Michal Srb 
+Date:   Thu Oct 26 09:48:13 2017 +0200
+
+Open files with O_NOFOLLOW. (CVE-2017-16611)
+
+A non-privileged X client can instruct X server running under root to open 
any
+file by creating own directory with "fonts.dir", "fonts.alias" or any font 
file
+being a symbolic link to any other file in the system. X server will then 
open
+it. This can be issue with special files such as /dev/watchdog.
+
+Reviewed-by: Matthieu Herrb 
+
 commit f581c2346d025d5b15926db9e58f254173fb58dc
 Author: Matt Turner 
 Date:   Thu Oct 19 13:45:58 2017 -0700
@@ -50,21 +69,21 @@
 
 Found by clang's Address Sanitizer
 
-crac.num_auths = set_font_authorizations(&authorizations, &authlen,
- client);
-/* Work around bug in xfs versions up through modular release 1.0.8
-   which rejects CreateAC packets with num_auths = 0 & authlen < 4 
*/
-if (crac.num_auths == 0) {
-authorizations = padding;
-authlen = 4;
-} else {
-authlen = (authlen + 3) & ~0x3;
-}
-crac.length = (sizeof (fsCreateACReq) + authlen) >> 2;
-crac.acid = cur->acid;
-_fs_add_req_log(conn, FS_CreateAC);
-_fs_write(conn, (char *) &crac, sizeof (fsCreateACReq));
-_fs_write(conn, authorizations, authlen);
+   crac.num_auths = set_font_authorizations(&authorizations, &authlen,
+client);
+   /* Work around bug in xfs versions up through modular release 1.0.8
+  which rejects CreateAC packets with num_auths = 0 & authlen < 4 */
+   if (crac.num_auths == 0) {
+   authorizations = padding;
+   authlen = 4;
+   } else {
+   authlen = (authlen + 3) & ~0x3;
+   }
+   crac.length = (sizeof (fsCreateACReq) + authlen) >> 2;
+   crac.acid = cur->acid;
+   _fs_add_req_log(conn, FS_CreateAC);
+   _fs_write(conn, (char *) &crac, sizeof (fsCreateACReq));
+   _fs_write(conn, authorizations, authlen);
 
 In the case in the report, set_font_authorizations setup authorizations as 
a
 34 byte buffer (and authlen set to 34 as one would expect). The following
@@ -1409,7 +1428,7 @@
 
 Conflicts:
 
-ChangeLog
+   ChangeLog
 
 Signed-off-by: Yaakov Selkowitz 
 
@@ -,7 +2241,7 @@
 This patch adds a new FPE type, which will match font path elements of the
 form
 
-catalogue:
+   catalogue:
 
 The dir speci

commit libXfont for openSUSE:Factory

2017-10-28 Thread root 
Hello community,

here is the log from the commit of package libXfont for openSUSE:Factory 
checked in at 2017-10-28 14:18:35

Comparing /work/SRC/openSUSE:Factory/libXfont (Old)
 and  /work/SRC/openSUSE:Factory/.libXfont.new (New)


Package is "libXfont"

Sat Oct 28 14:18:35 2017 rev:18 rq:535492 version:1.5.3

Changes:

--- /work/SRC/openSUSE:Factory/libXfont/libXfont.changes2017-06-04 
01:46:41.231603729 +0200
+++ /work/SRC/openSUSE:Factory/.libXfont.new/libXfont.changes   2017-10-28 
14:18:36.210310647 +0200
@@ -1,0 +2,7 @@
+Fri Oct 20 13:56:21 UTC 2017 - sndir...@suse.com
+
+- Update to release 1.5.3
+  * Check for end of string in PatternMatch (CVE-2017-13720)
+  * pcfGetProperties: Check string boundaries (CVE-2017-13722)
+
+---

Old:

  libXfont-1.5.2.tar.bz2

New:

  libXfont-1.5.3.tar.bz2



Other differences:
--
++ libXfont.spec ++
--- /var/tmp/diff_new_pack.B5L1q6/_old  2017-10-28 14:18:36.750290903 +0200
+++ /var/tmp/diff_new_pack.B5L1q6/_new  2017-10-28 14:18:36.754290756 +0200
@@ -18,7 +18,7 @@
 
 Name:   libXfont
 %define lname  libXfont1
-Version:1.5.2
+Version:1.5.3
 Release:0
 Summary:X font handling library for server and utilities
 License:MIT

++ libXfont-1.5.2.tar.bz2 -> libXfont-1.5.3.tar.bz2 ++
 1666 lines of diff (skipped)
retrying with extended exclude list
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude 
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh 
old/libXfont-1.5.2/ChangeLog new/libXfont-1.5.3/ChangeLog
--- old/libXfont-1.5.2/ChangeLog2016-08-31 22:19:58.0 +0200
+++ new/libXfont-1.5.3/ChangeLog2017-10-19 22:50:17.0 +0200
@@ -1,3 +1,37 @@
+commit f581c2346d025d5b15926db9e58f254173fb58dc
+Author: Matt Turner 
+Date:   Thu Oct 19 13:45:58 2017 -0700
+
+libXfont 1.5.3
+
+Signed-off-by: Matt Turner 
+
+commit 3b08934dca75e4c559db7d83797bc3d365c2a50a
+Author: Michal Srb 
+Date:   Thu Jul 20 17:05:23 2017 +0200
+
+pcfGetProperties: Check string boundaries (CVE-2017-13722)
+
+Without the checks a malformed PCF file can cause the library to make
+atom from random heap memory that was behind the `strings` buffer.
+This may crash the process or leak information.
+
+Signed-off-by: Julien Cristau 
+(cherry picked from commit 672bb944311392e2415b39c0d63b1e1902905bcd)
+
+commit a2a5fa591762b430037e33f1df55b460550ab406
+Author: Michal Srb 
+Date:   Thu Jul 20 13:38:53 2017 +0200
+
+Check for end of string in PatternMatch (CVE-2017-13720)
+
+If a pattern contains '?' character, any character in the string is 
skipped,
+even if it is '\0'. The rest of the matching then reads invalid memory.
+
+Reviewed-by: Peter Hutterer 
+Signed-off-by: Julien Cristau 
+(cherry picked from commit d1e670a4a8704b8708e493ab6155589bcd570608)
+
 commit 8cce9834b2e74dccad94ca0adf79ae5585e37d48
 Author: Adam Jackson 
 Date:   Wed Aug 31 16:19:11 2016 -0400
@@ -16,21 +50,21 @@
 
 Found by clang's Address Sanitizer
 
-   crac.num_auths = set_font_authorizations(&authorizations, &authlen,
-client);
-   /* Work around bug in xfs versions up through modular release 1.0.8
-  which rejects CreateAC packets with num_auths = 0 & authlen < 4 */
-   if (crac.num_auths == 0) {
-   authorizations = padding;
-   authlen = 4;
-   } else {
-   authlen = (authlen + 3) & ~0x3;
-   }
-   crac.length = (sizeof (fsCreateACReq) + authlen) >> 2;
-   crac.acid = cur->acid;
-   _fs_add_req_log(conn, FS_CreateAC);
-   _fs_write(conn, (char *) &crac, sizeof (fsCreateACReq));
-   _fs_write(conn, authorizations, authlen);
+crac.num_auths = set_font_authorizations(&authorizations, &authlen,
+ client);
+/* Work around bug in xfs versions up through modular release 1.0.8
+   which rejects CreateAC packets with num_auths = 0 & authlen < 4 
*/
+if (crac.num_auths == 0) {
+authorizations = padding;
+authlen = 4;
+} else {
+authlen = (authlen + 3) & ~0x3;
+}
+crac.length = (sizeof (fsCreateACReq) + authlen) >> 2;
+crac.acid = cur->acid;
+_fs_add_req_log(conn, FS_CreateAC);
+_fs_write(conn, (char *) &crac,

commit libXfont for openSUSE:Factory

2017-06-03 Thread root 
Hello community,

here is the log from the commit of package libXfont for openSUSE:Factory 
checked in at 2017-06-04 01:46:40

Comparing /work/SRC/openSUSE:Factory/libXfont (Old)
 and  /work/SRC/openSUSE:Factory/.libXfont.new (New)


Package is "libXfont"

Sun Jun  4 01:46:40 2017 rev:17 rq:499651 version:1.5.2

Changes:

--- /work/SRC/openSUSE:Factory/libXfont/libXfont.changes2016-09-26 
12:34:10.0 +0200
+++ /work/SRC/openSUSE:Factory/.libXfont.new/libXfont.changes   2017-06-04 
01:46:41.231603729 +0200
@@ -1,0 +2,9 @@
+Tue May 30 10:07:46 UTC 2017 - sndir...@suse.com
+
+- includes everything needed for missing sle issue entries:
+  fate #320388 (bsc#1041641)
+  boo#958383, bnc#921978, bnc#857544 (bsc#1041641)
+  CVE-2015-1802, CVE-2015-1803, CVE-2015-1804 (bsc#1041641)
+  CVE-2014-0209, CVE-2014-0210, CVE-2014-0211 (bsc#1041641)
+
+---



Other differences:
--
++ libXfont.spec ++
--- /var/tmp/diff_new_pack.b2uO4q/_old  2017-06-04 01:46:41.759529135 +0200
+++ /var/tmp/diff_new_pack.b2uO4q/_new  2017-06-04 01:46:41.763528570 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package libXfont
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed

commit libXfont for openSUSE:Factory

2016-09-26 Thread h_root 
Hello community,

here is the log from the commit of package libXfont for openSUSE:Factory 
checked in at 2016-09-26 12:34:08

Comparing /work/SRC/openSUSE:Factory/libXfont (Old)
 and  /work/SRC/openSUSE:Factory/.libXfont.new (New)


Package is "libXfont"

Changes:

--- /work/SRC/openSUSE:Factory/libXfont/libXfont.changes2015-12-17 
15:52:54.0 +0100
+++ /work/SRC/openSUSE:Factory/.libXfont.new/libXfont.changes   2016-09-26 
12:34:10.0 +0200
@@ -1,0 +2,10 @@
+Thu Sep 22 13:07:50 UTC 2016 - sndir...@suse.com
+
+-  Update to release 1.5.2
+   Maintenance branch release, primarily for bdftopcf's benefit as it's
+   the only thing that really needs the Xfont1 API. (xfs uses it too, I
+   believe, but could be ported to Xfont2). If someone wanted to step up
+   and merge Xfont1 into bdtopcf directly, that'd be great.
+- supersedes U_bdfReadCharacters-Allow-negative-DWIDTH-values.patch
+
+---

Old:

  U_bdfReadCharacters-Allow-negative-DWIDTH-values.patch
  libXfont-1.5.1.tar.bz2

New:

  libXfont-1.5.2.tar.bz2



Other differences:
--
++ libXfont.spec ++
--- /var/tmp/diff_new_pack.ZcG2Lz/_old  2016-09-26 12:34:11.0 +0200
+++ /var/tmp/diff_new_pack.ZcG2Lz/_new  2016-09-26 12:34:11.0 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package libXfont
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
 
 Name:   libXfont
 %define lname  libXfont1
-Version:1.5.1
+Version:1.5.2
 Release:0
 Summary:X font handling library for server and utilities
 License:MIT
@@ -29,7 +29,6 @@
 #Git-Web:  http://cgit.freedesktop.org/xorg/lib/libXfont/
 Source: %{name}-%{version}.tar.bz2
 Source1:baselibs.conf
-Patch0: U_bdfReadCharacters-Allow-negative-DWIDTH-values.patch
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 #git#BuildRequires:autoconf >= 2.60, automake, libtool
 BuildRequires:  pkgconfig
@@ -83,7 +82,6 @@
 
 %prep
 %setup -q
-%patch0 -p1
 
 %build
 %configure --disable-static

++ libXfont-1.5.1.tar.bz2 -> libXfont-1.5.2.tar.bz2 ++
 29969 lines of diff (skipped)
retrying with extended exclude list
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude 
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh 
old/libXfont-1.5.1/ChangeLog new/libXfont-1.5.2/ChangeLog
--- old/libXfont-1.5.1/ChangeLog2015-03-17 16:16:31.0 +0100
+++ new/libXfont-1.5.2/ChangeLog2016-08-31 22:19:58.0 +0200
@@ -1,3 +1,164 @@
+commit 8cce9834b2e74dccad94ca0adf79ae5585e37d48
+Author: Adam Jackson 
+Date:   Wed Aug 31 16:19:11 2016 -0400
+
+libXfont 1.5.2
+
+Signed-off-by: Adam Jackson 
+
+commit 42d85d1293b2753f3f200de0e960bacef0c973c7
+Author: Jeremy Huddleston Sequoia 
+Date:   Mon May 30 00:46:21 2016 -0700
+
+fserve: Fix a buffer read overrun in _fs_client_access
+
+https://bugs.freedesktop.org/show_bug.cgi?id=83224
+
+Found by clang's Address Sanitizer
+
+   crac.num_auths = set_font_authorizations(&authorizations, &authlen,
+client);
+   /* Work around bug in xfs versions up through modular release 1.0.8
+  which rejects CreateAC packets with num_auths = 0 & authlen < 4 */
+   if (crac.num_auths == 0) {
+   authorizations = padding;
+   authlen = 4;
+   } else {
+   authlen = (authlen + 3) & ~0x3;
+   }
+   crac.length = (sizeof (fsCreateACReq) + authlen) >> 2;
+   crac.acid = cur->acid;
+   _fs_add_req_log(conn, FS_CreateAC);
+   _fs_write(conn, (char *) &crac, sizeof (fsCreateACReq));
+   _fs_write(conn, authorizations, authlen);
+
+In the case in the report, set_font_authorizations setup authorizations as 
a
+34 byte buffer (and authlen set to 34 as one would expect). The following
+block changed authlen to 36 to make it 4byte aligned and the final 
_fs_write()
+caused us to read 36 bytes from this 34 byte buffer.
+
+This changes the incorrect size increase to instead use _fs_write_pad which
+takes care of the padding for us.
+
+Signed-off-by: Jeremy Huddleston Sequoia 
+(cherry picked from commit 6972ea08ee5b2ef1cfbdc2fcaf14f06bbd391561)
+

commit libXfont for openSUSE:Factory

2015-12-17 Thread h_root 
Hello community,

here is the log from the commit of package libXfont for openSUSE:Factory 
checked in at 2015-12-17 15:52:53

Comparing /work/SRC/openSUSE:Factory/libXfont (Old)
 and  /work/SRC/openSUSE:Factory/.libXfont.new (New)


Package is "libXfont"

Changes:

--- /work/SRC/openSUSE:Factory/libXfont/libXfont.changes2015-03-19 
21:02:43.0 +0100
+++ /work/SRC/openSUSE:Factory/.libXfont.new/libXfont.changes   2015-12-17 
15:52:54.0 +0100
@@ -1,0 +2,7 @@
+Tue Dec  8 15:57:08 UTC 2015 - e...@suse.com
+
+- U_bdfReadCharacters-Allow-negative-DWIDTH-values.patch
+  Negative DWIDTH is legal. This was broken by the fix for
+  CVE-2015-1804. Fixed upstream with commit 1a73d6 (boo#958383).
+
+---

New:

  U_bdfReadCharacters-Allow-negative-DWIDTH-values.patch



Other differences:
--
++ libXfont.spec ++
--- /var/tmp/diff_new_pack.osppkr/_old  2015-12-17 15:52:55.0 +0100
+++ /var/tmp/diff_new_pack.osppkr/_new  2015-12-17 15:52:55.0 +0100
@@ -29,6 +29,7 @@
 #Git-Web:  http://cgit.freedesktop.org/xorg/lib/libXfont/
 Source: %{name}-%{version}.tar.bz2
 Source1:baselibs.conf
+Patch0: U_bdfReadCharacters-Allow-negative-DWIDTH-values.patch
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 #git#BuildRequires:autoconf >= 2.60, automake, libtool
 BuildRequires:  pkgconfig
@@ -82,6 +83,7 @@
 
 %prep
 %setup -q
+%patch0 -p1
 
 %build
 %configure --disable-static

++ U_bdfReadCharacters-Allow-negative-DWIDTH-values.patch ++
From: Benjamin Tissoires 
Date: Mon Jul 13 14:43:06 2015 -0400
Subject: [PATCH]bdfReadCharacters: Allow negative DWIDTH values
Patch-mainline: Upstream
Git-commit: 1a73d6828dfa03924f2d68644fb5b99afd9c78e2
Git-repo: git://anongit.freedesktop.org/git/xorg/lib/libXfont
References: boo#958383
Signed-off-by: Egbert Eich 

The fix for CVE-2015-1804 prevent DWIDTH to be negative.
However, the spec states that "DWIDTH [...] is a vector indicating the
position of the next glyph’s origin relative to the origin of this glyph."

So negative values are correct.

Found by trying to compile XTS.

Signed-off-by: Benjamin Tissoires 
Reviewed-by: Peter Hutterer 
Signed-off-by: Alan Coopersmith 
---
 src/bitmap/bdfread.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/bitmap/bdfread.c b/src/bitmap/bdfread.c
index a0ace8f..eccd7b7 100644
--- a/src/bitmap/bdfread.c
+++ b/src/bitmap/bdfread.c
@@ -426,7 +426,7 @@ bdfReadCharacters(FontFilePtr file, FontPtr pFont, 
bdfFileState *pState,
goto BAILOUT;
}
/* xCharInfo metrics are stored as INT16 */
-   if ((wx < 0) || (wx > INT16_MAX)) {
+   if ((wx < INT16_MIN) || (wx > INT16_MAX)) {
bdfError("character '%s' has out of range width, %d\n",
 charName, wx);
goto BAILOUT;

commit libXfont for openSUSE:Factory

2015-03-19 Thread h_root 
Hello community,

here is the log from the commit of package libXfont for openSUSE:Factory 
checked in at 2015-03-19 21:02:42

Comparing /work/SRC/openSUSE:Factory/libXfont (Old)
 and  /work/SRC/openSUSE:Factory/.libXfont.new (New)


Package is "libXfont"

Changes:

--- /work/SRC/openSUSE:Factory/libXfont/libXfont.changes2014-07-27 
08:25:50.0 +0200
+++ /work/SRC/openSUSE:Factory/.libXfont.new/libXfont.changes   2015-03-19 
21:02:43.0 +0100
@@ -1,0 +2,8 @@
+Wed Mar 18 09:23:04 UTC 2015 - sndir...@suse.com
+
+- Update to release 1.5.1
+  * This release of libXfont provides the fixes for the
+security advisory about BDF font parsing bugs (CVE-2015-1802,
+CVE-2015-1803, CVE-2015-1804)
+
+---

Old:

  libXfont-1.5.0.tar.bz2

New:

  libXfont-1.5.1.tar.bz2



Other differences:
--
++ libXfont.spec ++
--- /var/tmp/diff_new_pack.Qn70Sf/_old  2015-03-19 21:02:44.0 +0100
+++ /var/tmp/diff_new_pack.Qn70Sf/_new  2015-03-19 21:02:44.0 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package libXfont
 #
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
 
 Name:   libXfont
 %define lname  libXfont1
-Version:1.5.0
+Version:1.5.1
 Release:0
 Summary:X font handling library for server and utilities
 License:MIT

++ libXfont-1.5.0.tar.bz2 -> libXfont-1.5.1.tar.bz2 ++
 3494 lines of diff (skipped)
retrying with extended exclude list
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude 
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh 
old/libXfont-1.5.0/ChangeLog new/libXfont-1.5.1/ChangeLog
--- old/libXfont-1.5.0/ChangeLog2014-07-19 19:00:49.0 +0200
+++ new/libXfont-1.5.1/ChangeLog2015-03-17 16:16:31.0 +0100
@@ -1,3 +1,85 @@
+commit da4246c98bc51297daeec47c15181e179df94013
+Author: Alan Coopersmith 
+Date:   Tue Mar 17 08:12:19 2015 -0700
+
+libXfont 1.5.1
+
+Signed-off-by: Alan Coopersmith 
+
+commit 2351c83a77a478b49cba6beb2ad386835e264744
+Author: Alan Coopersmith 
+Date:   Fri Mar 6 22:54:58 2015 -0800
+
+bdfReadCharacters: ensure metrics fit into xCharInfo struct [CVE-2015-1804]
+
+We use 32-bit ints to read from the bdf file, but then try to stick
+into a 16-bit int in the xCharInfo struct, so make sure they won't
+overflow that range.
+
+Found by afl-1.24b.
+
+v2: Verify that additions won't overflow 32-bit int range either.
+v3: As Julien correctly observes, the previous check for bh & bw not
+being < 0 reduces the number of cases we need to check for overflow.
+
+Signed-off-by: Alan Coopersmith 
+Reviewed-by: Julien Cristau 
+
+commit 78c2e3d70d29698244f70164428bd2868c0ab34c
+Author: Alan Coopersmith 
+Date:   Fri Feb 6 15:54:00 2015 -0800
+
+bdfReadCharacters: bailout if a char's bitmap cannot be read 
[CVE-2015-1803]
+
+Previously would charge on ahead with a NULL pointer in ci->bits, and
+then crash later in FontCharInkMetrics() trying to access the bits.
+
+Found with afl-1.23b.
+
+Signed-off-by: Alan Coopersmith 
+Reviewed-by: Julien Cristau 
+
+commit 2deda9906480f9c8ae07b8c2a5510cc7e4c59a8e
+Author: Alan Coopersmith 
+Date:   Fri Feb 6 15:50:45 2015 -0800
+
+bdfReadProperties: property count needs range check [CVE-2015-1802]
+
+Avoid integer overflow or underflow when allocating memory arrays
+by multiplying the number of properties reported for a BDF font.
+
+Reported-by: Ilja Van Sprundel 
+Signed-off-by: Alan Coopersmith 
+Reviewed-by: Julien Cristau 
+
+commit d9fda3d247942292a5f24694c22337c547006e11
+Author: Christos Zoulas 
+Date:   Wed Feb 25 21:39:30 2015 +0100
+
+Set close-on-exec for font file I/O.
+
+Reviewed-by: Alan Coopersmith 
+Signed-off-by: Thomas Klausner 
+
+commit 3b33588117c2ca3099b39985ffe098d479b3
+Author: Alan Coopersmith 
+Date:   Wed Nov 5 17:41:24 2014 -0800
+
+Use 'imdent' to realign cpp indentation levels in fslibos.h
+
+Parts were indented, others weren't, now is more consistent.
+'git diff -w' shows no non-whitespace changes in this commit
+
+Signed-off-by: Alan Coopersmith 
+
+commit 03c035b061a058215946

commit libXfont for openSUSE:Factory

2014-07-26 Thread h_root 
Hello community,

here is the log from the commit of package libXfont for openSUSE:Factory 
checked in at 2014-07-27 08:25:42

Comparing /work/SRC/openSUSE:Factory/libXfont (Old)
 and  /work/SRC/openSUSE:Factory/.libXfont.new (New)


Package is "libXfont"

Changes:

--- /work/SRC/openSUSE:Factory/libXfont/libXfont.changes2014-07-13 
14:06:38.0 +0200
+++ /work/SRC/openSUSE:Factory/.libXfont.new/libXfont.changes   2014-07-27 
08:25:50.0 +0200
@@ -1,0 +2,6 @@
+Mon Jul 21 13:56:20 UTC 2014 - sndir...@suse.com
+
+- Update to final release 1.5.0
+  * no changes since 1.4.99.901
+
+---

Old:

  libXfont-1.4.99.901.tar.bz2

New:

  libXfont-1.5.0.tar.bz2



Other differences:
--
++ libXfont.spec ++
--- /var/tmp/diff_new_pack.i5n6TM/_old  2014-07-27 08:25:51.0 +0200
+++ /var/tmp/diff_new_pack.i5n6TM/_new  2014-07-27 08:25:51.0 +0200
@@ -18,7 +18,7 @@
 
 Name:   libXfont
 %define lname  libXfont1
-Version:1.4.99.901
+Version:1.5.0
 Release:0
 Summary:X font handling library for server and utilities
 License:MIT

++ libXfont-1.4.99.901.tar.bz2 -> libXfont-1.5.0.tar.bz2 ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/libXfont-1.4.99.901/ChangeLog 
new/libXfont-1.5.0/ChangeLog
--- old/libXfont-1.4.99.901/ChangeLog   2014-07-08 00:01:04.0 +0200
+++ new/libXfont-1.5.0/ChangeLog2014-07-19 19:00:49.0 +0200
@@ -1,3 +1,11 @@
+commit ad4f4d8a2d0730c0ea3c09210bf921638b4682bc
+Author: Alan Coopersmith 
+Date:   Sat Jul 19 09:49:23 2014 -0700
+
+libXfont 1.5.0
+
+Signed-off-by: Alan Coopersmith 
+
 commit b19cf2a78f7f721c43d0d9e2f32b71fc746142a3
 Author: Alan Coopersmith 
 Date:   Mon Jul 7 13:18:18 2014 -0700
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/libXfont-1.4.99.901/configure 
new/libXfont-1.5.0/configure
--- old/libXfont-1.4.99.901/configure   2014-07-08 00:00:27.0 +0200
+++ new/libXfont-1.5.0/configure2014-07-19 19:00:34.0 +0200
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.68 for libXfont 1.4.99.901.
+# Generated by GNU Autoconf 2.68 for libXfont 1.5.0.
 #
 # Report bugs to .
 #
@@ -631,8 +631,8 @@
 # Identity of this package.
 PACKAGE_NAME='libXfont'
 PACKAGE_TARNAME='libXfont'
-PACKAGE_VERSION='1.4.99.901'
-PACKAGE_STRING='libXfont 1.4.99.901'
+PACKAGE_VERSION='1.5.0'
+PACKAGE_STRING='libXfont 1.5.0'
 PACKAGE_BUGREPORT='https://bugs.freedesktop.org/enter_bug.cgi?product=xorg'
 PACKAGE_URL=''
 
@@ -1442,7 +1442,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures libXfont 1.4.99.901 to adapt to many kinds of systems.
+\`configure' configures libXfont 1.5.0 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1512,7 +1512,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
- short | recursive ) echo "Configuration of libXfont 1.4.99.901:";;
+ short | recursive ) echo "Configuration of libXfont 1.5.0:";;
esac
   cat <<\_ACEOF
 
@@ -1654,7 +1654,7 @@
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-libXfont configure 1.4.99.901
+libXfont configure 1.5.0
 generated by GNU Autoconf 2.68
 
 Copyright (C) 2010 Free Software Foundation, Inc.
@@ -2180,7 +2180,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by libXfont $as_me 1.4.99.901, which was
+It was created by libXfont $as_me 1.5.0, which was
 generated by GNU Autoconf 2.68.  Invocation command line was
 
   $ $0 $@
@@ -3048,7 +3048,7 @@
 
 # Define the identity of the package.
  PACKAGE='libXfont'
- VERSION='1.4.99.901'
+ VERSION='1.5.0'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -20170,7 +20170,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by libXfont $as_me 1.4.99.901, which was
+This file was extended by libXfont $as_me 1.5.0, which was
 generated by GNU Autoconf 2.68.  Invocation command line was
 
   CONFIG_FILES= $CONFIG_FILES
@@ -20236,7 +20236,7 @@
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; 
s/[\\""\`\$]/&/g'`"
 ac_cs_version="\\
-libXfont config.status 1.4.99.901
+libXfont c

commit libXfont for openSUSE:Factory

2014-07-13 Thread h_root 
Hello community,

here is the log from the commit of package libXfont for openSUSE:Factory 
checked in at 2014-07-13 14:06:00

Comparing /work/SRC/openSUSE:Factory/libXfont (Old)
 and  /work/SRC/openSUSE:Factory/.libXfont.new (New)


Package is "libXfont"

Changes:

--- /work/SRC/openSUSE:Factory/libXfont/libXfont.changes2014-06-02 
07:04:11.0 +0200
+++ /work/SRC/openSUSE:Factory/.libXfont.new/libXfont.changes   2014-07-13 
14:06:38.0 +0200
@@ -1,0 +2,37 @@
+Wed Jul  9 12:24:00 UTC 2014 - sndir...@suse.com
+
+- Update to version 1.4.99.901
+  * This is a release candidate of libXfont 1.5.0 - please test and
+report any issues found, so we can have a final/stable release
+soon to go with the xorg-server 1.16 release.
+  * *IMPORTANT* This release works with fontsproto 2.1.3 or later
+and is for use with the upcoming release of xorg-server 1.16
+and later.  It will *not* work with older versions of
+fontsproto or xorg-server (prior to 1.15.99.901).
+  * This release includes all the security & bug fixes from
+libXfont 1.4.8, plus these additional significant changes:
+- Support for SNF font format (deprecated since X11R5 in 1991)
+  is now disabled by default at build time.  For now, adding
+  --enable-snfformat to configure flags may re-enable it, but
+  support may be fully removed in future libXfont releases.
+- Many compiler warnings cleaned up, including some which
+  required API changes around type declarations (const char *,
+  Pointer, etc.).
+- README file expanded to explain all the different formats/
+  options.
+- supersedes patches:
+  * U_0001-CVE-2014-0209-integer-overflow-of-realloc-size-in-Fo.patch
+  * U_0002-CVE-2014-0209-integer-overflow-of-realloc-size-in-le.patch
+  * U_0003-CVE-2014-0210-unvalidated-length-in-_fs_recv_conn_se.patch
+  * U_0004-CVE-2014-0210-unvalidated-lengths-when-reading-repli.patch
+  * U_0005-CVE-2014-0211-Integer-overflow-in-fs_get_reply-_fs_s.patch
+  * U_0006-CVE-2014-0210-unvalidated-length-fields-in-fs_read_q.patch
+  * U_0007-CVE-2014-0211-integer-overflow-in-fs_read_extent_inf.patch
+  * U_0008-CVE-2014-0211-integer-overflow-in-fs_alloc_glyphs.patch
+  * U_0009-CVE-2014-0210-unvalidated-length-fields-in-fs_read_e.patch
+  * U_0010-CVE-2014-0210-unvalidated-length-fields-in-fs_read_g.patch
+  * U_0011-CVE-2014-0210-unvalidated-length-fields-in-fs_read_l.patch
+  * U_0012-CVE-2014-0210-unvalidated-length-fields-in-fs_read_l.patch
+- added baselibs.conf as source to spec file
+
+---

Old:

  U_0001-CVE-2014-0209-integer-overflow-of-realloc-size-in-Fo.patch
  U_0002-CVE-2014-0209-integer-overflow-of-realloc-size-in-le.patch
  U_0003-CVE-2014-0210-unvalidated-length-in-_fs_recv_conn_se.patch
  U_0004-CVE-2014-0210-unvalidated-lengths-when-reading-repli.patch
  U_0005-CVE-2014-0211-Integer-overflow-in-fs_get_reply-_fs_s.patch
  U_0006-CVE-2014-0210-unvalidated-length-fields-in-fs_read_q.patch
  U_0007-CVE-2014-0211-integer-overflow-in-fs_read_extent_inf.patch
  U_0008-CVE-2014-0211-integer-overflow-in-fs_alloc_glyphs.patch
  U_0009-CVE-2014-0210-unvalidated-length-fields-in-fs_read_e.patch
  U_0010-CVE-2014-0210-unvalidated-length-fields-in-fs_read_g.patch
  U_0011-CVE-2014-0210-unvalidated-length-fields-in-fs_read_l.patch
  U_0012-CVE-2014-0210-unvalidated-length-fields-in-fs_read_l.patch
  libXfont-1.4.7-a96cc1f.tar.bz2

New:

  libXfont-1.4.99.901.tar.bz2



Other differences:
--
++ libXfont.spec ++
--- /var/tmp/diff_new_pack.TJjWGR/_old  2014-07-13 14:06:39.0 +0200
+++ /var/tmp/diff_new_pack.TJjWGR/_new  2014-07-13 14:06:39.0 +0200
@@ -18,7 +18,7 @@
 
 Name:   libXfont
 %define lname  libXfont1
-Version:1.4.7
+Version:1.4.99.901
 Release:0
 Summary:X font handling library for server and utilities
 License:MIT
@@ -27,19 +27,8 @@
 
 #Git-Clone:git://anongit.freedesktop.org/xorg/lib/libXfont
 #Git-Web:  http://cgit.freedesktop.org/xorg/lib/libXfont/
-Source: %{name}-%{version}-a96cc1f.tar.bz2
-Patch1: 
U_0001-CVE-2014-0209-integer-overflow-of-realloc-size-in-Fo.patch
-Patch2: 
U_0002-CVE-2014-0209-integer-overflow-of-realloc-size-in-le.patch
-Patch3: 
U_0003-CVE-2014-0210-unvalidated-length-in-_fs_recv_conn_se.patch
-Patch4: 
U_0004-CVE-2014-0210-unvalidated-lengths-when-reading-repli.patch
-Patch5: 
U_0005-CVE-2014-0211-Integer-overflow-in-fs_get_reply-_fs_s.patch
-Patch6: 
U_0006-CVE-2014-0210-unvalidated-length-fields-in-fs_read_q.patch
-Patch7: 
U_0007-CVE-2014-0211-integer-overflow-in-fs_read_extent_inf.patch
-Patch8:

commit libXfont for openSUSE:Factory

2014-06-01 Thread h_root 
Hello community,

here is the log from the commit of package libXfont for openSUSE:Factory 
checked in at 2014-06-02 07:04:10

Comparing /work/SRC/openSUSE:Factory/libXfont (Old)
 and  /work/SRC/openSUSE:Factory/.libXfont.new (New)


Package is "libXfont"

Changes:

--- /work/SRC/openSUSE:Factory/libXfont/libXfont.changes2014-03-22 
19:46:09.0 +0100
+++ /work/SRC/openSUSE:Factory/.libXfont.new/libXfont.changes   2014-06-02 
07:04:11.0 +0200
@@ -1,0 +2,18 @@
+Mon May 19 13:33:08 UTC 2014 - m...@suse.com
+
+- U_0001-CVE-2014-0209-integer-overflow-of-realloc-size-in-Fo.patch,
+  U_0002-CVE-2014-0209-integer-overflow-of-realloc-size-in-le.patch,
+  U_0003-CVE-2014-0210-unvalidated-length-in-_fs_recv_conn_se.patch,
+  U_0004-CVE-2014-0210-unvalidated-lengths-when-reading-repli.patch,
+  U_0005-CVE-2014-0211-Integer-overflow-in-fs_get_reply-_fs_s.patch,
+  U_0006-CVE-2014-0210-unvalidated-length-fields-in-fs_read_q.patch,
+  U_0007-CVE-2014-0211-integer-overflow-in-fs_read_extent_inf.patch,
+  U_0008-CVE-2014-0211-integer-overflow-in-fs_alloc_glyphs.patch,
+  U_0009-CVE-2014-0210-unvalidated-length-fields-in-fs_read_e.patch,
+  U_0010-CVE-2014-0210-unvalidated-length-fields-in-fs_read_g.patch,
+  U_0011-CVE-2014-0210-unvalidated-length-fields-in-fs_read_l.patch,
+  U_0012-CVE-2014-0210-unvalidated-length-fields-in-fs_read_l.patch
+  * Security fixes. (CVE-2014-0209, CVE-2014-0210, CVE-2014-0211,
+bnc#857544)
+
+---

New:

  U_0001-CVE-2014-0209-integer-overflow-of-realloc-size-in-Fo.patch
  U_0002-CVE-2014-0209-integer-overflow-of-realloc-size-in-le.patch
  U_0003-CVE-2014-0210-unvalidated-length-in-_fs_recv_conn_se.patch
  U_0004-CVE-2014-0210-unvalidated-lengths-when-reading-repli.patch
  U_0005-CVE-2014-0211-Integer-overflow-in-fs_get_reply-_fs_s.patch
  U_0006-CVE-2014-0210-unvalidated-length-fields-in-fs_read_q.patch
  U_0007-CVE-2014-0211-integer-overflow-in-fs_read_extent_inf.patch
  U_0008-CVE-2014-0211-integer-overflow-in-fs_alloc_glyphs.patch
  U_0009-CVE-2014-0210-unvalidated-length-fields-in-fs_read_e.patch
  U_0010-CVE-2014-0210-unvalidated-length-fields-in-fs_read_g.patch
  U_0011-CVE-2014-0210-unvalidated-length-fields-in-fs_read_l.patch
  U_0012-CVE-2014-0210-unvalidated-length-fields-in-fs_read_l.patch



Other differences:
--
++ libXfont.spec ++
--- /var/tmp/diff_new_pack.sGWJ2A/_old  2014-06-02 07:04:12.0 +0200
+++ /var/tmp/diff_new_pack.sGWJ2A/_new  2014-06-02 07:04:12.0 +0200
@@ -28,6 +28,18 @@
 #Git-Clone:git://anongit.freedesktop.org/xorg/lib/libXfont
 #Git-Web:  http://cgit.freedesktop.org/xorg/lib/libXfont/
 Source: %{name}-%{version}-a96cc1f.tar.bz2
+Patch1: 
U_0001-CVE-2014-0209-integer-overflow-of-realloc-size-in-Fo.patch
+Patch2: 
U_0002-CVE-2014-0209-integer-overflow-of-realloc-size-in-le.patch
+Patch3: 
U_0003-CVE-2014-0210-unvalidated-length-in-_fs_recv_conn_se.patch
+Patch4: 
U_0004-CVE-2014-0210-unvalidated-lengths-when-reading-repli.patch
+Patch5: 
U_0005-CVE-2014-0211-Integer-overflow-in-fs_get_reply-_fs_s.patch
+Patch6: 
U_0006-CVE-2014-0210-unvalidated-length-fields-in-fs_read_q.patch
+Patch7: 
U_0007-CVE-2014-0211-integer-overflow-in-fs_read_extent_inf.patch
+Patch8: U_0008-CVE-2014-0211-integer-overflow-in-fs_alloc_glyphs.patch
+Patch9: 
U_0009-CVE-2014-0210-unvalidated-length-fields-in-fs_read_e.patch
+Patch10:
U_0010-CVE-2014-0210-unvalidated-length-fields-in-fs_read_g.patch
+Patch11:
U_0011-CVE-2014-0210-unvalidated-length-fields-in-fs_read_l.patch
+Patch12:
U_0012-CVE-2014-0210-unvalidated-length-fields-in-fs_read_l.patch
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 #git#BuildRequires:autoconf >= 2.60, automake, libtool
 BuildRequires:  pkgconfig
@@ -81,6 +93,18 @@
 
 %prep
 %setup -q
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
+%patch6 -p1
+%patch7 -p1
+%patch8 -p1
+%patch9 -p1
+%patch10 -p1
+%patch11 -p1
+%patch12 -p1
 
 %build
 %configure --disable-static

++ U_0001-CVE-2014-0209-integer-overflow-of-realloc-size-in-Fo.patch ++
>From b3c8e47704a0ee40fbbd401a55a2167630a91ae6 Mon Sep 17 00:00:00 2001
From: Alan Coopersmith 
Date: Fri, 25 Apr 2014 23:01:11 -0700
Subject: [PATCH:libXfont 01/12] CVE-2014-XXXA: integer overflow of realloc()
 size in FontFileAddEntry()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

FontFileReadDirectory() opens a fonts.dir file, and reads over every
line in an fscanf loop.  For each successful entry read (font name,
file name) a call is made to FontFileAddFontFile().

FontFileAddFontFile(

commit libXfont for openSUSE:Factory

2014-03-22 Thread h_root 
Hello community,

here is the log from the commit of package libXfont for openSUSE:Factory 
checked in at 2014-03-22 19:46:08

Comparing /work/SRC/openSUSE:Factory/libXfont (Old)
 and  /work/SRC/openSUSE:Factory/.libXfont.new (New)


Package is "libXfont"

Changes:

--- /work/SRC/openSUSE:Factory/libXfont/libXfont.changes2014-01-08 
20:35:46.0 +0100
+++ /work/SRC/openSUSE:Factory/.libXfont.new/libXfont.changes   2014-03-22 
19:46:09.0 +0100
@@ -1,0 +2,6 @@
+Tue Mar 18 14:24:59 UTC 2014 - sndir...@suse.com
+
+- update to current git commit a96cc1f to match current fontsproto
+  git sources
+
+---

Old:

  libXfont-1.4.7.tar.bz2

New:

  libXfont-1.4.7-a96cc1f.tar.bz2



Other differences:
--
++ libXfont.spec ++
--- /var/tmp/diff_new_pack.yddD5S/_old  2014-03-22 19:46:10.0 +0100
+++ /var/tmp/diff_new_pack.yddD5S/_new  2014-03-22 19:46:10.0 +0100
@@ -27,7 +27,7 @@
 
 #Git-Clone:git://anongit.freedesktop.org/xorg/lib/libXfont
 #Git-Web:  http://cgit.freedesktop.org/xorg/lib/libXfont/
-Source: 
http://xorg.freedesktop.org/releases/individual/lib/%{name}-%{version}.tar.bz2
+Source: %{name}-%{version}-a96cc1f.tar.bz2
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 #git#BuildRequires:autoconf >= 2.60, automake, libtool
 BuildRequires:  pkgconfig

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit libXfont for openSUSE:Factory

2014-01-08 Thread h_root 
Hello community,

here is the log from the commit of package libXfont for openSUSE:Factory 
checked in at 2014-01-08 20:35:45

Comparing /work/SRC/openSUSE:Factory/libXfont (Old)
 and  /work/SRC/openSUSE:Factory/.libXfont.new (New)


Package is "libXfont"

Changes:

--- /work/SRC/openSUSE:Factory/libXfont/libXfont.changes2013-08-19 
13:29:58.0 +0200
+++ /work/SRC/openSUSE:Factory/.libXfont.new/libXfont.changes   2014-01-08 
20:35:46.0 +0100
@@ -1,0 +2,8 @@
+Wed Jan  8 09:51:40 UTC 2014 - sndir...@suse.com
+
+- Update to version 1.4.7
+  This release includes the fix for CVE-2013-6462, as well as
+  other security hardening and code cleanups, and makes libXfont
+  compatible with libXtrans 1.3 on Solaris. (bnc#854915)
+
+---

Old:

  libXfont-1.4.6.tar.bz2

New:

  libXfont-1.4.7.tar.bz2



Other differences:
--
++ libXfont.spec ++
--- /var/tmp/diff_new_pack.in6fqZ/_old  2014-01-08 20:35:47.0 +0100
+++ /var/tmp/diff_new_pack.in6fqZ/_new  2014-01-08 20:35:47.0 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package libXfont
 #
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
 
 Name:   libXfont
 %define lname  libXfont1
-Version:1.4.6
+Version:1.4.7
 Release:0
 Summary:X font handling library for server and utilities
 License:MIT

++ libXfont-1.4.6.tar.bz2 -> libXfont-1.4.7.tar.bz2 ++
 4318 lines of diff (skipped)
retrying with extended exclude list
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude 
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh 
old/libXfont-1.4.6/ChangeLog new/libXfont-1.4.7/ChangeLog
--- old/libXfont-1.4.6/ChangeLog2013-07-22 01:58:01.0 +0200
+++ new/libXfont-1.4.7/ChangeLog2014-01-07 17:27:27.0 +0100
@@ -1,3 +1,129 @@
+commit 30110063857ff9a5f93f6d8d13f535c9b6e59e2a
+Author: Alan Coopersmith 
+Date:   Tue Jan 7 08:22:31 2014 -0800
+
+libXfont 1.4.7
+
+Signed-off-by: Alan Coopersmith 
+
+commit 2a84680376bafd74609c6ef3e38befcb8467d814
+Author: Alan Coopersmith 
+Date:   Mon Dec 23 19:01:11 2013 -0800
+
+Limit additional sscanf strings to fit buffer sizes
+
+None of these could currently result in buffer overflow, as the input
+and output buffers were the same size, but adding limits helps ensure
+we keep it that way, if we ever resize any of these in the future.
+
+Fixes cppcheck warnings:
+ [lib/libXfont/src/bitmap/bdfread.c:547]: (warning)
+  scanf without field width limits can crash with huge input data.
+ [lib/libXfont/src/bitmap/bdfread.c:553]: (warning)
+  scanf without field width limits can crash with huge input data.
+ [lib/libXfont/src/bitmap/bdfread.c:636]: (warning)
+  scanf without field width limits can crash with huge input data.
+
+Signed-off-by: Alan Coopersmith 
+Reviewed-by: Matthieu Herrb 
+Reviewed-by: Jeremy Huddleston Sequoia 
+
+commit 4d024ac10f964f6bd372ae0dd14f02772a6e5f63
+Author: Alan Coopersmith 
+Date:   Mon Dec 23 18:34:02 2013 -0800
+
+CVE-2013-6462: unlimited sscanf overflows stack buffer in 
bdfReadCharacters()
+
+Fixes cppcheck warning:
+ [lib/libXfont/src/bitmap/bdfread.c:341]: (warning)
+  scanf without field width limits can crash with huge input data.
+
+Signed-off-by: Alan Coopersmith 
+Reviewed-by: Matthieu Herrb 
+Reviewed-by: Jeremy Huddleston Sequoia 
+
+commit fdcf9a9be6a5d453659beadec5d1a1fdbab9afaf
+Author: Alan Coopersmith 
+Date:   Fri Dec 27 11:01:35 2013 -0800
+
+Add AC_USE_SYSTEM_EXTENSIONS to expose non-standard extensions
+
+Required on Solaris to expose definitions in system headers that
+are not defined in the XPG standards now that xtrans 1.3 defines
+_XOPEN_SOURCE to 600 on Solaris.
+
+Fixes build failures:
+fserve.c: In function 'fs_block_handler':
+fserve.c:1210:5: error: 'fd_mask' undeclared (first use in this function)
+fserve.c:1210:5: note: each undeclared identifier is reported only once 
for each function it appears in
+In file included from transport.c:67:0,
+ from fstrans.c:28:
+Xtranssock.c: In function '_FontTransSocketINETConnect':
+

commit libXfont for openSUSE:Factory

2013-08-19 Thread h_root 
Hello community,

here is the log from the commit of package libXfont for openSUSE:Factory 
checked in at 2013-08-19 13:29:57

Comparing /work/SRC/openSUSE:Factory/libXfont (Old)
 and  /work/SRC/openSUSE:Factory/.libXfont.new (New)


Package is "libXfont"

Changes:

--- /work/SRC/openSUSE:Factory/libXfont/libXfont.changes2013-03-22 
11:55:24.0 +0100
+++ /work/SRC/openSUSE:Factory/.libXfont.new/libXfont.changes   2013-08-19 
13:29:58.0 +0200
@@ -1,0 +2,15 @@
+Sat Aug 17 22:04:16 UTC 2013 - zai...@opensuse.org
+
+- Update to version 1.4.6:
+  + Require ANSI C89 pre-processor, drop pre-C89 token pasting
+support.
+  + Protect config.h inclusion with ifdef HAVE_CONFIG_H, like
+usual.
+  + Replace deprecated Automake INCLUDES variable with AM_CPPFLAGS.
+  + autogen.sh: Implement GNOME Build API.
+  + configure: Remove AM_MAINTAINER_MODE.
+  + catalogue: Fix obvious thinko.
+  + Omit catalogue support on systems without symlinks.
+  + If socket is interrupted with signal EINTR, re-attempt read.
+
+---

Old:

  libXfont-1.4.5.tar.bz2

New:

  libXfont-1.4.6.tar.bz2



Other differences:
--
++ libXfont.spec ++
--- /var/tmp/diff_new_pack.XM6Qo1/_old  2013-08-19 13:29:59.0 +0200
+++ /var/tmp/diff_new_pack.XM6Qo1/_new  2013-08-19 13:29:59.0 +0200
@@ -18,7 +18,7 @@
 
 Name:   libXfont
 %define lname  libXfont1
-Version:1.4.5
+Version:1.4.6
 Release:0
 Summary:X font handling library for server and utilities
 License:MIT

++ libXfont-1.4.5.tar.bz2 -> libXfont-1.4.6.tar.bz2 ++
 16620 lines of diff (skipped)
retrying with extended exclude list
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude 
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh 
old/libXfont-1.4.5/ChangeLog new/libXfont-1.4.6/ChangeLog
--- old/libXfont-1.4.5/ChangeLog2012-03-02 19:10:13.0 +0100
+++ new/libXfont-1.4.6/ChangeLog2013-07-22 01:58:01.0 +0200
@@ -1,3 +1,97 @@
+commit 8b289e10c5013cdcbf817c06bd929e3ea8339987
+Author: Alan Coopersmith 
+Date:   Sun Jul 21 16:53:47 2013 -0700
+
+libXfont 1.4.6
+
+Signed-off-by: Alan Coopersmith 
+
+commit 7447029974415641a7a8a85918edcc20cfd9d461
+Author: Alan Coopersmith 
+Date:   Mon Jun 24 22:40:39 2013 -0700
+
+Require ANSI C89 pre-processor, drop pre-C89 token pasting support
+
+Signed-off-by: Alan Coopersmith 
+
+commit c21d25de05d82a761a3225b685e9adcb7bb374bd
+Author: Thomas Klausner 
+Date:   Sun Jun 2 21:03:27 2013 +0200
+
+Protect config.h inclusion with ifdef HAVE_CONFIG_H, like usual.
+
+Reviewed-by: Alan Coopersmith 
+Signed-off-by: Alan Coopersmith 
+
+commit b8dd42dce868f9c16a59790ce51f0542b59cb79d
+Author: Alan Coopersmith 
+Date:   Tue Jan 15 18:30:32 2013 -0800
+
+Replace deprecated Automake INCLUDES variable with AM_CPPFLAGS
+
+Excerpt https://lists.gnu.org/archive/html/automake/2012-12/msg00038.html
+
+  - Support for the long-deprecated INCLUDES variable will be removed
+altogether in Automake 1.14.  The AM_CPPFLAGS variable should be
+used instead.
+
+This variable was deprecated in Automake releases prior to 1.10, which is
+the current minimum level required to build X.
+
+Signed-off-by: Alan Coopersmith 
+Reviewed-by: Peter Hutterer 
+
+commit 8d946d2606b3a349b2a54d602e027a09ae330e88
+Author: Colin Walters 
+Date:   Wed Jan 4 17:37:06 2012 -0500
+
+autogen.sh: Implement GNOME Build API
+
+http://people.gnome.org/~walters/docs/build-api.txt
+
+Signed-off-by: Adam Jackson 
+
+commit 9d8936879b2fe1ca6460354ef68cd5e824d6748c
+Author: Adam Jackson 
+Date:   Tue Jan 15 14:28:48 2013 -0500
+
+configure: Remove AM_MAINTAINER_MODE
+
+Signed-off-by: Adam Jackson 
+
+commit a756da1844f63a2f2162eb8e53a883f496e4faad
+Author: Adam Jackson 
+Date:   Fri Dec 7 10:30:38 2012 -0500
+
+catalogue: Fix obvious thinko
+
+Signed-off-by: Adam Jackson 
+
+commit 5680e4c3d76cd5c64175d88d0685ee6962aa1e46
+Author: Yaakov Selkowitz 
+Date:   Mon Oct 29 09:59:30 2012 -0500
+
+Omit catalogue support on systems without symlinks
+
+Signed-off-by: Yaakov Selkowitz 
+Reviewed-by: Colin Harrison 
+Reviewed-by: Jon TURNEY 
+
+commit 3c534f72d6d4327926474a5f8fa53cbcf19de3cf
+Author: Arvind Umrao 
+Date:   Thu Aug 23 16:15:04 2012 +0530
+
+If socket is interrupted with signal EINTR, re-attempt read.
+
+

commit libXfont for openSUSE:Factory

2013-03-22 Thread h_root 
Hello community,

here is the log from the commit of package libXfont for openSUSE:Factory 
checked in at 2013-03-22 11:55:23

Comparing /work/SRC/openSUSE:Factory/libXfont (Old)
 and  /work/SRC/openSUSE:Factory/.libXfont.new (New)


Package is "libXfont", Maintainer is ""

Changes:

--- /work/SRC/openSUSE:Factory/libXfont/libXfont.changes2012-05-08 
11:57:36.0 +0200
+++ /work/SRC/openSUSE:Factory/.libXfont.new/libXfont.changes   2013-03-22 
11:55:24.0 +0100
@@ -1,0 +2,5 @@
+Sun Feb 17 17:21:53 UTC 2013 - jeng...@inai.de
+
+- Use more robust make install call
+
+---



Other differences:
--
++ libXfont.spec ++
--- /var/tmp/diff_new_pack.05OBEZ/_old  2013-03-22 11:55:25.0 +0100
+++ /var/tmp/diff_new_pack.05OBEZ/_new  2013-03-22 11:55:25.0 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package libXfont
 #
-# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -87,7 +87,7 @@
 make %{?_smp_mflags}
 
 %install
-%makeinstall
+make install DESTDIR="%buildroot"
 rm -f "%buildroot/%_libdir"/*.la
 
 %post -n %lname -p /sbin/ldconfig

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit libXfont for openSUSE:Factory

2012-05-08 Thread h_root 
Hello community,

here is the log from the commit of package libXfont for openSUSE:Factory 
checked in at 2012-05-08 11:57:35

Comparing /work/SRC/openSUSE:Factory/libXfont (Old)
 and  /work/SRC/openSUSE:Factory/.libXfont.new (New)


Package is "libXfont", Maintainer is ""

Changes:

--- /work/SRC/openSUSE:Factory/libXfont/libXfont.changes2012-02-17 
12:03:33.0 +0100
+++ /work/SRC/openSUSE:Factory/.libXfont.new/libXfont.changes   2012-05-08 
11:57:36.0 +0200
@@ -1,0 +2,17 @@
+Thu Apr 12 06:24:00 UTC 2012 - vu...@opensuse.org
+
+- Update to version 1.4.5:
+  + Updates to better handle fonts compressed with compress(1)
+  + Do proper input validation to fix for CVE-2011-2895
+  + Fix crash if pcf header is corrupted
+  + Cleanups for compiler warnings
+  + Improvements for the developer documentation
+  + Build configuration improvements
+- Changes from version 1.4.4:
+  + LZW decompress: fix for CVE-2011-2895
+  + Fix memory leak
+  + Build configuration improvements
+- Drop U_libXfont_LZW-decompress-fix-for-CVE-2011-2895.patch: fixed
+  upstream.
+
+---

Old:

  U_libXfont_LZW-decompress-fix-for-CVE-2011-2895.patch
  libXfont-1.4.3.tar.bz2

New:

  libXfont-1.4.5.tar.bz2



Other differences:
--
++ libXfont.spec ++
--- /var/tmp/diff_new_pack.icc6Qq/_old  2012-05-08 11:57:42.0 +0200
+++ /var/tmp/diff_new_pack.icc6Qq/_new  2012-05-08 11:57:42.0 +0200
@@ -14,24 +14,29 @@
 
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
+
+
 Name:   libXfont
 %define lname  libXfont1
-Version:1.4.3
+Version:1.4.5
 Release:0
 Summary:X font handling library for server and utilities
 License:MIT
 Group:  Development/Libraries/C and C++
-URL:http://xorg.freedesktop.org/
+Url:http://xorg.freedesktop.org/
 
 #Git-Clone:git://anongit.freedesktop.org/xorg/lib/libXfont
 #Git-Web:  http://cgit.freedesktop.org/xorg/lib/libXfont/
-Source: %name-%version.tar.bz2
-Patch1:U_libXfont_LZW-decompress-fix-for-CVE-2011-2895.patch
-BuildRoot: %_tmppath/%name-%version-build
+Source: 
http://xorg.freedesktop.org/releases/individual/lib/%{name}-%{version}.tar.bz2
+BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 #git#BuildRequires:autoconf >= 2.60, automake, libtool
-BuildRequires:  pkgconfig, pkgconfig(xorg-macros) >= 1.10
-BuildRequires: pkgconfig(freetype2), pkgconfig(xproto), pkgconfig(xtrans)
-BuildRequires: pkgconfig(fontsproto), pkgconfig(fontenc)
+BuildRequires:  pkgconfig
+BuildRequires:  pkgconfig(fontenc)
+BuildRequires:  pkgconfig(fontsproto)
+BuildRequires:  pkgconfig(freetype2)
+BuildRequires:  pkgconfig(xorg-macros) >= 1.10
+BuildRequires:  pkgconfig(xproto)
+BuildRequires:  pkgconfig(xtrans)
 BuildRequires: pkgconfig(zlib)
 #optional#BuildRequires:   pkgconfig(bzip2), + --with-bzip2
 
@@ -76,7 +81,6 @@
 
 %prep
 %setup -q
-%patch -P 1 -p1
 
 %build
 %configure --disable-static

++ libXfont-1.4.3.tar.bz2 -> libXfont-1.4.5.tar.bz2 ++
 49555 lines of diff (skipped)

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org