--- libxfont-1.4.7.orig/autogen.sh +++ libxfont-1.4.7/autogen.sh @@ -0,0 +1,14 @@ +#! /bin/sh + +srcdir=`dirname $0` +test -z "$srcdir" && srcdir=. + +ORIGDIR=`pwd` +cd $srcdir + +autoreconf -v --install || exit 1 +cd $ORIGDIR || exit $? + +if test -z "$NOCONFIGURE"; then + $srcdir/configure "$@" +fi --- libxfont-1.4.7.orig/debian/README.source +++ libxfont-1.4.7/debian/README.source @@ -0,0 +1,49 @@ +------------------------------------------------------ +Quick Guide To Patching This Package For The Impatient +------------------------------------------------------ + +1. Make sure you have quilt installed +2. Unpack the package as usual with "dpkg-source -x" +3. Run the "patch" target in debian/rules +4. Create a new patch with "quilt new" (see quilt(1)) +5. Edit all the files you want to include in the patch with "quilt edit" + (see quilt(1)). +6. Write the patch with "quilt refresh" (see quilt(1)) +7. Run the "clean" target in debian/rules + +Alternatively, instead of using quilt directly, you can drop the patch in to +debian/patches and add the name of the patch to debian/patches/series. + +------------------------------------ +Guide To The X Strike Force Packages +------------------------------------ + +The X Strike Force team maintains X packages in git repositories on +git.debian.org in the pkg-xorg subdirectory. Most upstream packages +are actually maintained in git repositories as well, so they often +just need to be pulled into git.debian.org in a "upstream-*" branch. +Otherwise, the upstream sources are manually installed in the Debian +git repository. + +The .orig.tar.gz upstream source file could be generated this +"upstream-*" branch in the Debian git repository but it is actually +copied from upstream tarballs directly. + +Due to X.org being highly modular, packaging all X.org applications +as their own independent packages would have created too many Debian +packages. For this reason, some X.org applications have been grouped +into larger packages: xutils, xutils-dev, x11-apps, x11-session-utils, +x11-utils, x11-xfs-utils, x11-xkb-utils, x11-xserver-utils. +Most packages, including the X.org server itself and all libraries +and drivers are, however maintained independently. + +The Debian packaging is added by creating the "debian-*" git branch +which contains the aforementioned "upstream-*" branch plus the debian/ +repository files. +When a patch has to be applied to the Debian package, two solutions +are involved: +* If the patch is available in one of the upstream branches, it + may be git'cherry-picked into the Debian repository. In this + case, it appears directly in the .diff.gz. +* Otherwise, the patch is added to debian/patches/ which is managed + with quilt as documented in /usr/share/doc/quilt/README.source. --- libxfont-1.4.7.orig/debian/changelog +++ libxfont-1.4.7/debian/changelog @@ -0,0 +1,393 @@ +libxfont (1:1.4.7-1ubuntu0.4) trusty-security; urgency=medium + + * SECURITY UPDATE: non-privileged arbitrary file access + - debian/patches/CVE-2017-16611-pre.patch: set close-on-exec for font + file I/O in src/fontfile/fileio.c, src/fontfile/filewr.c. + - debian/patches/CVE-2017-16611.patch: open files with O_NOFOLLOW in + src/fontfile/dirfile.c, src/fontfile/fileio.c. + - CVE-2017-16611 + + -- Marc Deslauriers Wed, 29 Nov 2017 09:48:10 -0500 + +libxfont (1:1.4.7-1ubuntu0.3) trusty-security; urgency=medium + + * SECURITY UPDATE: invalid memory read in PatternMatch + - debian/patches/CVE-2017-13720.patch: check for end of string in + src/fontfile/fontdir.c. + - CVE-2017-13720 + * SECURITY UPDATE: DoS or info leak via malformed PCF file + - debian/patches/CVE-2017-13722.patch: check string boundaries in + src/bitmap/pcfread.c. + - CVE-2017-13722 + + -- Marc Deslauriers Fri, 06 Oct 2017 11:45:05 -0400 + +libxfont (1:1.4.7-1ubuntu0.2) trusty-security; urgency=medium + + * SECURITY UPDATE: arbitrary code exection via invalid property count + - debian/patches/CVE-2015-1802.patch: check for integer overflow in + src/bitmap/bdfread.c. + - CVE-2015-1802 + * SECURITY UPDATE: arbitrary code execution via bitmap data parse failure + - debian/patches/CVE-2015-1803.patch: bail out if bitmap can't be read + in src/bitmap/bdfread.c. + - CVE-2015-1803 + * SECURITY UPDATE: arbitrary code execution via invalid metrics + - debian/patches/CVE-2015-1804.patch: ensure metrics fit in struct in + src/bitmap/bdfread.c. + - CVE-2015-1804 + * Backport some commits from git to solve ftbfs with newer fontsproto: + - debian/patches/ftbfs-new-fontsproto.patch + - debian/patches/ftbfs-new-fontsproto-2.patch + + -- Marc Deslauriers Wed, 18 Mar 2015 07:32:09 -0400 + +libxfont (1:1.4.7-1ubuntu0.1) trusty-security; urgency=medium + + * SECURITY UPDATE: denial of service and possible code execution via + font metadata file parsing + - debian/patches/CVE-2014-0209.patch: check for overflows in + src/fontfile/dirfile.c, src/fontfile/fontdir.c. + - CVE-2014-0209 + * SECURITY UPDATE: denial of service and possible code execution via + xfs font server replies + - debian/patches/CVE-2014-021x.patch: check lengths and sizes in + src/fc/fsconvert.c, src/fc/fserve.c. + - CVE-2014-0210 + - CVE-2014-0211 + + -- Marc Deslauriers Tue, 13 May 2014 11:57:20 -0400 + +libxfont (1:1.4.7-1) unstable; urgency=high + + * New upstream release + + CVE-2013-6462: unlimited sscanf overflows stack buffer in + bdfReadCharacters() + * Don't put dbg symbols from the udeb in the dbg package. + * dev package is no longer Multi-Arch: same (closes: #720026). + * Disable support for connecting to a font server. That code is horrible and + full of holes. + + -- Julien Cristau Tue, 07 Jan 2014 17:51:29 +0100 + +libxfont (1:1.4.6-1) unstable; urgency=low + + * New upstream release. + * Build for multiarch (closes: #654252). Patch by Riku Voipio, thanks! + * Disable silent build rules. + + -- Julien Cristau Mon, 12 Aug 2013 18:28:57 +0200 + +libxfont (1:1.4.5-2) unstable; urgency=low + + * Ease sync for Ubuntu: strip -Bsymbolic-functions from LDFLAGS + (LP: #992745). + + -- Cyril Brulebois Thu, 03 May 2012 19:59:46 +0200 + +libxfont (1:1.4.5-1) unstable; urgency=low + + [ Cyril Brulebois ] + * New upstream release. + * Switch to dh: + - Bump debhelper build-dep and compat. + - Rewrite debian/rules, using autoreconf and quilt sequences. + - Adjust build dependencies accordingly. + - Use build-main and build-udeb as build directories. + - Adjust .install accordingly. + * Remove xsfbs accordingly. + * Add support for hardened build flags through dpkg-buildflags, based + on a patch by Moritz Muehlenhoff, thanks! (Closes: #654154). + + [ Julien Cristau ] + * Remove David Nusinow from Uploaders. + + -- Cyril Brulebois Sun, 04 Mar 2012 09:24:59 +0000 + +libxfont (1:1.4.4-1) unstable; urgency=high + + [ Julien Cristau ] + * Drop Pre-Depends on x11-common (only needed for upgrades from the + monolith) and Replaces on xlibs-static-dev (hasn't existed in forever). + + [ Cyril Brulebois ] + * New upstream release: + - LZW decompress: fix for CVE-2011-2895. From the commit message: + “Specially crafted LZW stream can crash an application using libXfont + that is used to open untrusted font files. With X server, this may + allow privilege escalation when exploited.” + * Set urgency to “high” accordingly. + * Update debian/copyright from upstream COPYING. + * Bump xorg-sgml-doctools build-dep. + * Drop xorg.css from .install, no longer shipped upstream. + + -- Cyril Brulebois Thu, 11 Aug 2011 11:17:16 +0200 + +libxfont (1:1.4.3-2) unstable; urgency=low + + * Upload to unstable. + + -- Cyril Brulebois Sat, 05 Feb 2011 11:48:49 +0100 + +libxfont (1:1.4.3-1) experimental; urgency=low + + * New upstream release. + * Bump xutils-dev build-dep for new macros. + * Add xmlto, xorg-sgml-doctools, and w3m build-dep for the doc. + * Pass --with-xmlto and --without-fop for the regular build (we want + html and txt only). Disable both for the udeb build. + * Tweak doc filenames, and handle that through dh_install. + * Add --fail-missing -XlibXfont.la for the second dh_install call (the + udeb one), for additional safety. + + -- Cyril Brulebois Fri, 19 Nov 2010 01:17:48 +0100 + +libxfont (1:1.4.2-1) experimental; urgency=low + + * New upstream release. + * Bump xutils-dev build-dep for new xorg-macros. + * Bump shlibs for register_fpe_functions(). + * Update debian/copyright. + * Bump Standards-Version to 3.9.0, no changes. + + -- Julien Cristau Wed, 07 Jul 2010 18:25:15 +0100 + +libxfont (1:1.4.1-2) unstable; urgency=low + + [ Julien Cristau ] + * Rename the build directory to not include DEB_BUILD_GNU_TYPE for no + good reason. Thanks, Colin Watson! + * Remove myself from Uploaders + + [ Cyril Brulebois ] + * Use dh_makeshlibs’s -V argument instead of debian/libxfont1.shlibs + * Add udeb needed for the graphical installer: libxfont1-udeb. + * Version the B-D on libfontenc-dev to ensure libxfont1-udeb gets a + dependency on libfontenc1-udeb. + * Use a bzip2-less flavour for the udeb. + * Bump Standards-Version from 3.8.3 to 3.8.4 (no changes needed). + * Fix obsolete-relation-form-in-source by using “<<” instead of “<” for + xprint in Conflicts, thanks to lintian. + * Add myself to Uploaders. + + -- Cyril Brulebois Wed, 10 Mar 2010 20:05:31 +0100 + +libxfont (1:1.4.1-1) unstable; urgency=low + + * New upstream release. + * Bump xutils-dev build-dep for new util-macros. + * Build documentation, install it in libxfont-dev. + * Enable support for bzip2 compressed bitmap fonts. + * Don't use LDFLAGS from the environment. Ubuntu sets that to + -Bsymbolic-functions, which breaks libXfont's weak symbols usage. + + -- Julien Cristau Wed, 02 Dec 2009 11:12:13 +0100 + +libxfont (1:1.4.0-3) unstable; urgency=low + + * libxfont1 Conflicts: xprint (< 2:1.6.0-1). + The requiem release of xprint (1.6) will not conflict with + libxfont1. I am assured the garlic wreaths should prove most + efficacious at protecting the general public from the undead. + * Standards version 3.8.3. + + -- Drew Parsons Sat, 31 Oct 2009 11:29:34 +1100 + +libxfont (1:1.4.0-2) unstable; urgency=high + + * libxfont1 Conflicts with xprint, printer font support was removed upstream + in 1.4.0 (closes: #535952). + * Add README.source from xsfbs. Bump Standards-Version to 3.8.2. + + -- Julien Cristau Sun, 02 Aug 2009 13:36:46 +0200 + +libxfont (1:1.4.0-1) unstable; urgency=low + + * New upstream release. + * Move libxfont1-dbg to new section 'debug'. + + -- Julien Cristau Mon, 13 Apr 2009 12:11:23 +0100 + +libxfont (1:1.3.4-2) unstable; urgency=low + + * Update debian/copyright from upstream COPYING. + * Upload to unstable. + + -- Julien Cristau Mon, 16 Feb 2009 19:31:59 +0100 + +libxfont (1:1.3.4-1) experimental; urgency=low + + * Wrap build-deps in debian/control. + * Run autoreconf on build; build-dep on xutils-dev, autoconf, automake and + libtool. + * Handle parallel builds. + * New upstream release. + * Drop obsolete x11proto-fontcache-dev build-dependency. + + -- Julien Cristau Tue, 23 Dec 2008 15:06:37 +0100 + +libxfont (1:1.3.3-1) unstable; urgency=high + + [ Julien Cristau ] + * Drop dependency on x11-common from libxfont1{,-dbg}. + * New upstream bugfix release. + * Disable the type1 rasterizer and support for speedo font files. The + former is a security hazard, and Speedo fonts are disabled in the X server + since before etch anyway. + * Urgency high so the above gets in lenny. + + [ Brice Goglin ] + * Add upstream URL to debian/copyright. + * Add a link to www.X.org and a reference to the upstream module + in the long description. + + -- Julien Cristau Thu, 17 Jul 2008 22:50:03 +0200 + +libxfont (1:1.3.2-1) unstable; urgency=low + + * New upstream release + * Drop CVE-2008-0006.diff, included upstream. + + -- Julien Cristau Fri, 07 Mar 2008 13:32:43 +0100 + +libxfont (1:1.3.1-2) unstable; urgency=high + + * High urgency upload for security fix. + * Fix a buffer overflow in the PCF font parser (CVE-2008-0006). + * debian/control updates + + add myself to Uploaders, and remove Branden and Fabio with their + permission + + s/^XS-Vcs/Vcs/ + + bump Standards-Version to 3.7.3 (no changes) + + libxfont1 is Section: libs + + libxfont-dev and libxfont1-dbg are Section: libdevel + + -- Julien Cristau Thu, 17 Jan 2008 00:09:38 +0100 + +libxfont (1:1.3.1-1) unstable; urgency=low + + * New upstream release. + * Add libxfont1.shlibs, bump shlibs to >= 1:1.2.9. + + -- Julien Cristau Wed, 05 Sep 2007 22:45:57 +0200 + +libxfont (1:1.2.9-1) unstable; urgency=low + + * New upstream version. + - Add a new 'catalogue' FPE (font path element), which takes font + paths from symlinks in a dir. + * Use libxfont1 (= ${binary:Version}) instead of ${Source-Version} + in debian/control. + + -- Drew Parsons Sat, 23 Jun 2007 09:40:45 +1000 + +libxfont (1:1.2.8-1) unstable; urgency=low + + * Add XS-Vcs-Browser to debian/control. + * New upstream release. + + drop patch from 1:1.2.2-2, applied upstream. + * Upload to unstable. + + -- Julien Cristau Wed, 11 Apr 2007 15:52:11 +0200 + +libxfont (1:1.2.7-1) experimental; urgency=low + + * New upstream release. + * Add XS-Vcs-Git header to debian/control, and drop obsolete CVS information. + * Install the upstream ChangeLog. + + -- Julien Cristau Fri, 16 Feb 2007 14:32:57 +0100 + +libxfont (1:1.2.2-2) unstable; urgency=high + + * Grab patch from upstream git to fix security issues: + + CVE-2007-1351: BDFFont Parsing Integer Overflow + + CVE-2007-1352: fonts.dir File Parsing Integer Overflow + + -- Julien Cristau Tue, 03 Apr 2007 19:31:24 +0200 + +libxfont (1:1.2.2-1) unstable; urgency=high + + * New upstream version. + - closes security bug in CID encoded fonts (iDefense CVE-ID + 2006-3739, 2006-3740) + - applies patches 10_freetype_buffer_overflow.patch, 10_pcf_font.patch + * dbg package has priority extra. + + -- Drew Parsons Wed, 13 Sep 2006 17:50:06 +1000 + +libxfont (1:1.2.0-2) unstable; urgency=high + + * Apply upstream patch 10_pcf_font.patch (security vulnerability + CVE-2006-3467). Closes: #383353. + * Upload to unstable to ensure patch is propagated quickly. + * Apply patch 10_freetype_buffer_overflow.patch while we're at it + (no known exploits). + + -- Drew Parsons Thu, 17 Aug 2006 07:45:40 +1000 + +libxfont (1:1.2.0-1) experimental; urgency=low + + * New upstream version. Closes: #364854. + - builds and works with Freetype 2.2. Closes: #362920, #370149. + * Standards version 3.7.2. + * libxfont-dev doesn't need both Depends: and Pre-Depends: x11-common. + * Use debhelper 5, tidy up debian/rules to match. + * libxfont does not provide libfontcache.so! + + -- Drew Parsons Thu, 27 Jul 2006 15:08:14 +1000 + +libxfont (1:1.1.0-1) UNRELEASED; urgency=low + + [ David Nusinow ] + * New upstream release + * Remove obsolete patch 01_fontserver_fix_SEGV.diff + + [ Andres Salomon ] + * Test for obj-$(DEB_BUILD_GNU_TYPE) before creating it during build; + idempotency fix. + * Run dh_install w/ --list-missing. + + -- Andres Salomon Mon, 17 Jul 2006 01:20:57 -0400 + +libxfont (1:1.0.0-4) unstable; urgency=low + + * Reorder makeshlib command in rules file so that ldconfig is run + properly. Thanks Drew Parsons and Steve Langasek. + * Add quilt to build-depends + + -- David Nusinow Wed, 19 Apr 2006 00:10:33 -0400 + +libxfont (1:1.0.0-3) unstable; urgency=low + + * Upload to unstable + + -- David Nusinow Thu, 23 Mar 2006 22:44:39 -0500 + +libxfont (1:1.0.0-2) experimental; urgency=low + + * Have libxfont-dev depend on libfreetype6-dev and libfontenc-dev. Thanks + Eugene Konev. + * Port patches from trunk + + general/099v_fontserver_fix_SEGV.diff + + -- David Nusinow Sun, 26 Feb 2006 18:35:44 -0500 + +libxfont (1:1.0.0-1) experimental; urgency=low + + * First upload to Debian + + -- David Nusinow Thu, 29 Dec 2005 20:51:40 -0500 + +libxfont (1:0.99.0+cvs.20050909-1) breezy; urgency=low + + * Fix the XFONT_FONTCACHE/FONTCACHE define in configure.ac (close: + Ubuntu#14319). + + -- Daniel Stone Fri, 9 Sep 2005 15:39:57 +1000 + +libxfont (1:0.99.0-1) breezy; urgency=low + + * First libxfont release. + + -- Daniel Stone Mon, 16 May 2005 22:10:17 +1000 --- libxfont-1.4.7.orig/debian/compat +++ libxfont-1.4.7/debian/compat @@ -0,0 +1 @@ +8 --- libxfont-1.4.7.orig/debian/control +++ libxfont-1.4.7/debian/control @@ -0,0 +1,85 @@ +Source: libxfont +Section: x11 +Priority: optional +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Debian X Strike Force +Uploaders: Drew Parsons , Cyril Brulebois +Build-Depends: + debhelper (>= 8.1.3), + dh-autoreconf, + quilt, + pkg-config, + libfontenc-dev (>= 1:1.0.5-2), + x11proto-core-dev, + xtrans-dev, + x11proto-fonts-dev, + libfreetype6-dev, + zlib1g-dev, + libbz2-dev, + xutils-dev (>= 1:7.5+4), +# devel-docs + xmlto, xorg-sgml-doctools (>= 1:1.7), w3m, +Standards-Version: 3.9.0 +Vcs-Git: git://git.debian.org/git/pkg-xorg/lib/libxfont +Vcs-Browser: http://git.debian.org/?p=pkg-xorg/lib/libxfont.git + +Package: libxfont1 +Section: libs +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Conflicts: xprint (<< 2:1.6.0-1) +Pre-Depends: ${misc:Pre-Depends} +Multi-Arch: same +Description: X11 font rasterisation library + libXfont provides various services for X servers, most notably font + selection and rasterisation (through external libraries). + . + More information about X.Org can be found at: + + . + This module can be found at + git://anongit.freedesktop.org/git/xorg/lib/libXfont + +Package: libxfont1-udeb +XC-Package-Type: udeb +Section: debian-installer +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: X11 font rasterisation library + This is a udeb, or a microdeb, for the debian-installer. + +Package: libxfont1-dbg +Section: debug +Architecture: any +Priority: extra +Depends: ${shlibs:Depends}, ${misc:Depends}, libxfont1 (= ${binary:Version}) +Multi-Arch: same +Description: X11 font rasterisation library (debug package) + libXfont provides various services for X servers, most notably font + selection and rasterisation (through external libraries). + . + This package contains the debug versions of the library found in libxfont1. + Non-developers likely have little use for this package. + . + More information about X.Org can be found at: + + . + This module can be found at + git://anongit.freedesktop.org/git/xorg/lib/libXfont + +Package: libxfont-dev +Section: libdevel +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, libxfont1 (= ${binary:Version}), libx11-dev, x11proto-core-dev, x11proto-fonts-dev, libfreetype6-dev, libfontenc-dev (>= 1:1.0.1-1) +Description: X11 font rasterisation library (development headers) + libXfont provides various services for X servers, most notably font + selection and rasterisation (through external libraries). + . + This package contains the development headers for the library found in + libxfont1. Non-developers likely have little use for this package. + . + More information about X.Org can be found at: + + . + This module can be found at + git://anongit.freedesktop.org/git/xorg/lib/libXfont --- libxfont-1.4.7.orig/debian/copyright +++ libxfont-1.4.7/debian/copyright @@ -0,0 +1,265 @@ +This package was downloaded from +http://xorg.freedesktop.org/releases/individual/lib/ + +Copyright © 2007 Red Hat, Inc +Copyright (c) 2008, 2009, Oracle and/or its affiliates. All rights reserved. + +Permission is hereby granted, free of charge, to any person obtaining a +copy of this software and associated documentation files (the "Software"), +to deal in the Software without restriction, including without limitation +the rights to use, copy, modify, merge, publish, distribute, sublicense, +and/or sell copies of the Software, and to permit persons to whom the +Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice (including the next +paragraph) shall be included in all copies or substantial portions of the +Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE. + +Copyright (c) 1997 by Mark Leisher +Copyright (c) 1998-2003 by Juliusz Chroboczek +Copyright (c) 1998 Go Watanabe, All rights reserved. +Copyright (c) 1998 Kazushi (Jam) Marukawa, All rights reserved. +Copyright (c) 1998 Takuya SHIOZAKI, All rights reserved. +Copyright (c) 1998 X-TrueType Server Project, All rights reserved. +Copyright (c) 2003-2004 After X-TT Project, All rights reserved. + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. + + +Copyright 1990, 1998 The Open Group + +Permission to use, copy, modify, distribute, and sell this software and its +documentation for any purpose is hereby granted without fee, provided that +the above copyright notice appear in all copies and that both that +copyright notice and this permission notice appear in supporting +documentation. + +The above copyright notice and this permission notice shall be included +in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR +OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, +ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR +OTHER DEALINGS IN THE SOFTWARE. + +Except as contained in this notice, the name of The Open Group shall +not be used in advertising or otherwise to promote the sale, use or +other dealings in this Software without prior written authorization +from The Open Group. + + +Copyright 1989 by Digital Equipment Corporation, Maynard, Massachusetts. + + All Rights Reserved + +Permission to use, copy, modify, and distribute this software and its +documentation for any purpose and without fee is hereby granted, +provided that the above copyright notice appear in all copies and that +both that copyright notice and this permission notice appear in +supporting documentation, and that the name of Digital not be +used in advertising or publicity pertaining to distribution of the +software without specific, written prior permission. + +DIGITAL DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING +ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL +DIGITAL BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR +ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, +WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, +ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS +SOFTWARE. + + +Copyright 1999 SuSE, Inc. + +Permission to use, copy, modify, distribute, and sell this software and its +documentation for any purpose is hereby granted without fee, provided that +the above copyright notice appear in all copies and that both that +copyright notice and this permission notice appear in supporting +documentation, and that the name of SuSE not be used in advertising or +publicity pertaining to distribution of the software without specific, +written prior permission. SuSE makes no representations about the +suitability of this software for any purpose. It is provided "as is" +without express or implied warranty. + +SuSE DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL SuSE +BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + + +Copyright 1990 Network Computing Devices + +Permission to use, copy, modify, distribute, and sell this software and +its documentation for any purpose is hereby granted without fee, provided +that the above copyright notice appear in all copies and that both that +copyright notice and this permission notice appear in supporting +documentation, and that the name of Network Computing Devices not be used +in advertising or publicity pertaining to distribution of the software +without specific, written prior permission. Network Computing Devices +makes no representations about the suitability of this software for any +purpose. It is provided "as is" without express or implied warranty. + +NETWORK COMPUTING DEVICES DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS +SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, +IN NO EVENT SHALL NETWORK COMPUTING DEVICES BE LIABLE FOR ANY SPECIAL, +INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE +OR PERFORMANCE OF THIS SOFTWARE. + + +Copyright 1990 Network Computing Devices + +Permission to use, copy, modify, distribute, and sell this software and +its documentation for any purpose is hereby granted without fee, provided +that the above copyright notice appear in all copies and that both that +copyright notice and this permission notice appear in supporting +documentation, and that the names of Network Computing Devices, or Digital +not be used in advertising or publicity pertaining to distribution +of the software without specific, written prior permission. + +NETWORK COMPUTING DEVICES, AND DIGITAL AND DISCLAIM ALL WARRANTIES WITH +REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL NETWORK COMPUTING DEVICES, +OR DIGITAL BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL +DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR +PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS +ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF +THIS SOFTWARE. + + +[Note: clause 3 in the following license, the "advertising clause", was +rescinded by Berkeley in 1999. See +] + +Copyright (c) 1991, 1993 + The Regents of the University of California. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. +3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + This product includes software developed by the University of + California, Berkeley and its contributors. +4. Neither the name of the University nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + + +Copyright (c) 1998-1999 Shunsuke Akiyama . +All rights reserved. +Copyright (c) 1998-1999 X-TrueType Server Project, All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + + +Copyright © 2004 Keith Packard + +Permission to use, copy, modify, distribute, and sell this software and its +documentation for any purpose is hereby granted without fee, provided that +the above copyright notice appear in all copies and that both that +copyright notice and this permission notice appear in supporting +documentation, and that the name of Keith Packard not be used in +advertising or publicity pertaining to distribution of the software without +specific, written prior permission. Keith Packard makes no +representations about the suitability of this software for any purpose. It +is provided "as is" without express or implied warranty. + +KEITH PACKARD DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, +INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO +EVENT SHALL KEITH PACKARD BE LIABLE FOR ANY SPECIAL, INDIRECT OR +CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, +DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER +TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +PERFORMANCE OF THIS SOFTWARE. + + +/* lib/font/fontfile/gunzip.c + written by Mark Eichin September 1996. + intended for inclusion in X11 public releases. */ + + +Copyright (c) 1999 The XFree86 Project Inc. + +All Rights Reserved. + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN +AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +Except as contained in this notice, the name of The XFree86 Project +Inc. shall not be used in advertising or otherwise to promote the +sale, use or other dealings in this Software without prior written +authorization from The XFree86 Project Inc.. --- libxfont-1.4.7.orig/debian/libxfont-dev.install +++ libxfont-1.4.7/debian/libxfont-dev.install @@ -0,0 +1,8 @@ +usr/include/X11/* +usr/lib/*/libXfont.a +usr/lib/*/libXfont.so +usr/lib/*/pkgconfig/xfont.pc + +# Extra doc, under noinst_* in doc/Makefile.am: +../../build-main/doc/*.html usr/share/doc/libxfont-dev/ +../../build-main/doc/*.txt usr/share/doc/libxfont-dev/ --- libxfont-1.4.7.orig/debian/libxfont1-udeb.install +++ libxfont-1.4.7/debian/libxfont1-udeb.install @@ -0,0 +1,2 @@ +usr/lib/*/libXfont.so.1* usr/lib + --- libxfont-1.4.7.orig/debian/libxfont1.install +++ libxfont-1.4.7/debian/libxfont1.install @@ -0,0 +1 @@ +usr/lib/*/libXfont.so.1* --- libxfont-1.4.7.orig/debian/patches/CVE-2014-0209.patch +++ libxfont-1.4.7/debian/patches/CVE-2014-0209.patch @@ -0,0 +1,43 @@ +Description: fix denial of service and possible code execution via + font metadata file parsing +Origin: upstream, http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=2f5e57317339c526e6eaee1010b0e2ab8089c42e +Origin: upstream, http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=05c8020a49416dd8b7510cbba45ce4f3fc81a7dc + +Index: libxfont-1.4.7/src/fontfile/dirfile.c +=================================================================== +--- libxfont-1.4.7.orig/src/fontfile/dirfile.c 2014-01-07 11:25:08.000000000 -0500 ++++ libxfont-1.4.7/src/fontfile/dirfile.c 2014-05-13 11:56:04.283714931 -0400 +@@ -42,6 +42,7 @@ + #include + #include + #include ++#include + + static Bool AddFileNameAliases ( FontDirectoryPtr dir ); + static int ReadFontAlias ( char *directory, Bool isFile, +@@ -374,6 +375,9 @@ + int nsize; + char *nbuf; + ++ if (tokenSize >= (INT_MAX >> 2)) ++ /* Stop before we overflow */ ++ return EALLOC; + nsize = tokenSize ? (tokenSize << 1) : 64; + nbuf = realloc(tokenBuf, nsize); + if (!nbuf) +Index: libxfont-1.4.7/src/fontfile/fontdir.c +=================================================================== +--- libxfont-1.4.7.orig/src/fontfile/fontdir.c 2014-01-07 11:25:08.000000000 -0500 ++++ libxfont-1.4.7/src/fontfile/fontdir.c 2014-05-13 11:56:00.935714841 -0400 +@@ -177,6 +177,11 @@ + if (table->sorted) + return (FontEntryPtr) 0; /* "cannot" happen */ + if (table->used == table->size) { ++ if (table->size >= ((INT32_MAX / sizeof(FontEntryRec)) - 100)) ++ /* If we've read so many entries we're going to ask for 2gb ++ or more of memory, something is so wrong with this font ++ directory that we should just give up before we overflow. */ ++ return NULL; + newsize = table->size + 100; + entry = realloc(table->entries, newsize * sizeof(FontEntryRec)); + if (!entry) --- libxfont-1.4.7.orig/debian/patches/CVE-2014-021x.patch +++ libxfont-1.4.7/debian/patches/CVE-2014-021x.patch @@ -0,0 +1,549 @@ +Description: fix denial of service and possible code execution via + xfs font server replies +Origin: upstream, http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=891e084b26837162b12f841060086a105edde86d +Origin: upstream, http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=cbb64aef35960b2882be721f4b8fbaa0fb649d12 +Origin: upstream, http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=0f1a5d372c143f91a602bdf10c917d7eabaee09b +Origin: upstream, http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=491291cabf78efdeec8f18b09e14726a9030cc8f +Origin: upstream, http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=c578408c1fd4db09e4e3173f8a9e65c81cc187c1 +Origin: upstream, http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=a42f707f8a62973f5e8bbcd08afb10a79e9cee33 +Origin: upstream, http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=a3f21421537620fc4e1f844a594a4bcd9f7e2bd8 +Origin: upstream, http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=520683652564c2a4e42328ae23eef9bb63271565 +Origin: upstream, http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=5fa73ac18474be3032ee7af9c6e29deab163ea39 +Origin: upstream, http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d338f81df1e188eb16e1d6aeea7f4800f89c1218 + +Index: libxfont-1.4.7/src/fc/fsconvert.c +=================================================================== +--- libxfont-1.4.7.orig/src/fc/fsconvert.c 2014-01-07 11:25:08.000000000 -0500 ++++ libxfont-1.4.7/src/fc/fsconvert.c 2014-05-13 11:56:45.355716031 -0400 +@@ -118,6 +118,10 @@ + for (i = 0; i < nprops; i++, dprop++, is_str++) + { + memcpy(&local_off, off_adr, SIZEOF(fsPropOffset)); ++ if ((local_off.name.position >= pi->data_len) || ++ (local_off.name.length > ++ (pi->data_len - local_off.name.position))) ++ goto bail; + dprop->name = MakeAtom(&pdc[local_off.name.position], + local_off.name.length, 1); + if (local_off.type != PropTypeString) { +@@ -125,10 +129,15 @@ + dprop->value = local_off.value.position; + } else { + *is_str = TRUE; ++ if ((local_off.value.position >= pi->data_len) || ++ (local_off.value.length > ++ (pi->data_len - local_off.value.position))) ++ goto bail; + dprop->value = (INT32) MakeAtom(&pdc[local_off.value.position], + local_off.value.length, 1); + if (dprop->value == BAD_RESOURCE) + { ++ bail: + free (pfi->props); + pfi->nprops = 0; + pfi->props = 0; +@@ -712,7 +721,12 @@ + FSGlyphPtr glyphs; + FSFontPtr fsfont = (FSFontPtr) pFont->fontPrivate; + +- glyphs = malloc (sizeof (FSGlyphRec) + size); ++ if (size < (INT_MAX - sizeof (FSGlyphRec))) ++ glyphs = malloc (sizeof (FSGlyphRec) + size); ++ else ++ glyphs = NULL; ++ if (glyphs == NULL) ++ return NULL; + glyphs->next = fsfont->glyphs; + fsfont->glyphs = glyphs; + return (pointer) (glyphs + 1); +Index: libxfont-1.4.7/src/fc/fserve.c +=================================================================== +--- libxfont-1.4.7.orig/src/fc/fserve.c 2014-01-07 11:25:08.000000000 -0500 ++++ libxfont-1.4.7/src/fc/fserve.c 2014-05-13 11:56:57.095716345 -0400 +@@ -70,6 +70,7 @@ + #include "fservestr.h" + #include + #include ++#include + + #include + #define Time_t time_t +@@ -91,6 +92,15 @@ + (pci)->descent || \ + (pci)->characterWidth) + ++/* ++ * SIZEOF(r) is in bytes, length fields in the protocol are in 32-bit words, ++ * so this converts for doing size comparisons. ++ */ ++#define LENGTHOF(r) (SIZEOF(r) >> 2) ++ ++/* Somewhat arbitrary limit on maximum reply size we'll try to read. */ ++#define MAX_REPLY_LENGTH ((64 * 1024 * 1024) >> 2) ++ + extern void ErrorF(const char *f, ...); + + static int fs_read_glyphs ( FontPathElementPtr fpe, FSBlockDataPtr blockrec ); +@@ -206,9 +216,22 @@ + rep->sequenceNumber, + conn->reqbuffer[i].opcode); + } ++ ++#define _fs_reply_failed(rep, name, op) do { \ ++ if (rep) { \ ++ if (rep->type == FS_Error) \ ++ fprintf (stderr, "Error: %d Request: %s\n", \ ++ ((fsError *)rep)->request, #name); \ ++ else \ ++ fprintf (stderr, "Bad Length for %s Reply: %d %s %d\n", \ ++ #name, rep->length, op, LENGTHOF(name)); \ ++ } \ ++} while (0) ++ + #else + #define _fs_add_req_log(conn,op) ((conn)->current_seq++) + #define _fs_add_rep_log(conn,rep) ++#define _fs_reply_failed(rep,name,op) + #endif + + static Bool +@@ -600,6 +623,21 @@ + + rep = (fsGenericReply *) buf; + ++ /* ++ * Refuse to accept replies longer than a maximum reasonable length, ++ * before we pass to _fs_start_read, since it will try to resize the ++ * incoming connection buffer to this size. Also avoids integer overflow ++ * on 32-bit systems. ++ */ ++ if (rep->length > MAX_REPLY_LENGTH) ++ { ++ ErrorF("fserve: reply length %d > MAX_REPLY_LENGTH, disconnecting" ++ " from font server\n", rep->length); ++ _fs_connection_died (conn); ++ *error = FSIO_ERROR; ++ return 0; ++ } ++ + ret = _fs_start_read (conn, rep->length << 2, &buf); + if (ret != FSIO_READY) + { +@@ -682,13 +720,15 @@ + int ret; + + rep = (fsOpenBitmapFontReply *) fs_get_reply (conn, &ret); +- if (!rep || rep->type == FS_Error) ++ if (!rep || rep->type == FS_Error || ++ (rep->length != LENGTHOF(fsOpenBitmapFontReply))) + { + if (ret == FSIO_BLOCK) + return StillWorking; + if (rep) + _fs_done_read (conn, rep->length << 2); + fs_cleanup_bfont (bfont); ++ _fs_reply_failed (rep, fsOpenBitmapFontReply, "!="); + return BadFontName; + } + +@@ -815,6 +855,7 @@ + FSFpePtr conn = (FSFpePtr) fpe->private; + fsQueryXInfoReply *rep; + char *buf; ++ long bufleft; /* length of reply left to use */ + fsPropInfo *pi; + fsPropOffset *po; + pointer pd; +@@ -824,13 +865,15 @@ + int ret; + + rep = (fsQueryXInfoReply *) fs_get_reply (conn, &ret); +- if (!rep || rep->type == FS_Error) ++ if (!rep || rep->type == FS_Error || ++ (rep->length < LENGTHOF(fsQueryXInfoReply))) + { + if (ret == FSIO_BLOCK) + return StillWorking; + if (rep) + _fs_done_read (conn, rep->length << 2); + fs_cleanup_bfont (bfont); ++ _fs_reply_failed (rep, fsQueryXInfoReply, "<"); + return BadFontName; + } + +@@ -844,6 +887,9 @@ + buf = (char *) rep; + buf += SIZEOF(fsQueryXInfoReply); + ++ bufleft = rep->length << 2; ++ bufleft -= SIZEOF(fsQueryXInfoReply); ++ + /* move the data over */ + fsUnpack_XFontInfoHeader(rep, pInfo); + +@@ -851,17 +897,50 @@ + _fs_init_fontinfo(conn, pInfo); + + /* Compute offsets into the reply */ ++ if (bufleft < SIZEOF(fsPropInfo)) ++ { ++ ret = -1; ++#ifdef DEBUG ++ fprintf(stderr, "fsQueryXInfo: bufleft (%ld) < SIZEOF(fsPropInfo)\n", ++ bufleft); ++#endif ++ goto bail; ++ } + pi = (fsPropInfo *) buf; + buf += SIZEOF (fsPropInfo); ++ bufleft -= SIZEOF(fsPropInfo); + ++ if ((bufleft / SIZEOF(fsPropOffset)) < pi->num_offsets) ++ { ++ ret = -1; ++#ifdef DEBUG ++ fprintf(stderr, ++ "fsQueryXInfo: bufleft (%ld) / SIZEOF(fsPropOffset) < %d\n", ++ bufleft, pi->num_offsets); ++#endif ++ goto bail; ++ } + po = (fsPropOffset *) buf; + buf += pi->num_offsets * SIZEOF(fsPropOffset); ++ bufleft -= pi->num_offsets * SIZEOF(fsPropOffset); + ++ if (bufleft < pi->data_len) ++ { ++ ret = -1; ++#ifdef DEBUG ++ fprintf(stderr, ++ "fsQueryXInfo: bufleft (%ld) < data_len (%d)\n", ++ bufleft, pi->data_len); ++#endif ++ goto bail; ++ } + pd = (pointer) buf; + buf += pi->data_len; ++ bufleft -= pi->data_len; + + /* convert the properties and step over the reply */ + ret = _fs_convert_props(pi, po, pd, pInfo); ++ bail: + _fs_done_read (conn, rep->length << 2); + + if (ret == -1) +@@ -951,13 +1030,15 @@ + FontInfoRec *fi = &bfont->pfont->info; + + rep = (fsQueryXExtents16Reply *) fs_get_reply (conn, &ret); +- if (!rep || rep->type == FS_Error) ++ if (!rep || rep->type == FS_Error || ++ (rep->length < LENGTHOF(fsQueryXExtents16Reply))) + { + if (ret == FSIO_BLOCK) + return StillWorking; + if (rep) + _fs_done_read (conn, rep->length << 2); + fs_cleanup_bfont (bfont); ++ _fs_reply_failed (rep, fsQueryXExtents16Reply, "<"); + return BadFontName; + } + +@@ -970,7 +1051,26 @@ + numInfos *= 2; + haveInk = TRUE; + } +- ci = pCI = malloc(sizeof(CharInfoRec) * numInfos); ++ if (numInfos >= (INT_MAX / sizeof(CharInfoRec))) { ++#ifdef DEBUG ++ fprintf(stderr, ++ "fsQueryXExtents16: numInfos (%d) >= %ld\n", ++ numInfos, (INT_MAX / sizeof(CharInfoRec))); ++#endif ++ pCI = NULL; ++ } ++ else if (numExtents > ((rep->length - LENGTHOF(fsQueryXExtents16Reply)) ++ / LENGTHOF(fsXCharInfo))) { ++#ifdef DEBUG ++ fprintf(stderr, ++ "fsQueryXExtents16: numExtents (%d) > (%d - %d) / %d\n", ++ numExtents, rep->length, ++ LENGTHOF(fsQueryXExtents16Reply), LENGTHOF(fsXCharInfo)); ++#endif ++ pCI = NULL; ++ } ++ else ++ pCI = malloc(sizeof(CharInfoRec) * numInfos); + + if (!pCI) + { +@@ -1809,6 +1909,7 @@ + FontInfoPtr pfi = &pfont->info; + fsQueryXBitmaps16Reply *rep; + char *buf; ++ long bufleft; /* length of reply left to use */ + fsOffset32 *ppbits; + fsOffset32 local_off; + char *off_adr; +@@ -1825,22 +1926,48 @@ + unsigned long minchar, maxchar; + + rep = (fsQueryXBitmaps16Reply *) fs_get_reply (conn, &ret); +- if (!rep || rep->type == FS_Error) ++ if (!rep || rep->type == FS_Error || ++ (rep->length < LENGTHOF(fsQueryXBitmaps16Reply))) + { + if (ret == FSIO_BLOCK) + return StillWorking; + if (rep) + _fs_done_read (conn, rep->length << 2); + err = AllocError; ++ _fs_reply_failed (rep, fsQueryXBitmaps16Reply, "<"); + goto bail; + } + + buf = (char *) rep; + buf += SIZEOF (fsQueryXBitmaps16Reply); + ++ bufleft = rep->length << 2; ++ bufleft -= SIZEOF (fsQueryXBitmaps16Reply); ++ ++ if ((bufleft / SIZEOF (fsOffset32)) < rep->num_chars) ++ { ++#ifdef DEBUG ++ fprintf(stderr, ++ "fsQueryXBitmaps16: num_chars (%d) > bufleft (%ld) / %d\n", ++ rep->num_chars, bufleft, SIZEOF (fsOffset32)); ++#endif ++ err = AllocError; ++ goto bail; ++ } + ppbits = (fsOffset32 *) buf; + buf += SIZEOF (fsOffset32) * (rep->num_chars); ++ bufleft -= SIZEOF (fsOffset32) * (rep->num_chars); + ++ if (bufleft < rep->nbytes) ++ { ++#ifdef DEBUG ++ fprintf(stderr, ++ "fsQueryXBitmaps16: nbytes (%d) > bufleft (%ld)\n", ++ rep->nbytes, bufleft); ++#endif ++ err = AllocError; ++ goto bail; ++ } + pbitmaps = (pointer ) buf; + + if (blockrec->type == FS_LOAD_GLYPHS) +@@ -1898,7 +2025,9 @@ + */ + if (NONZEROMETRICS(&fsdata->encoding[minchar].metrics)) + { +- if (local_off.length) ++ if (local_off.length && ++ (local_off.position < rep->nbytes) && ++ (local_off.length <= (rep->nbytes - local_off.position))) + { + bits = allbits; + allbits += local_off.length; +@@ -2228,31 +2357,48 @@ + FSBlockedListPtr blist = (FSBlockedListPtr) blockrec->data; + fsListFontsReply *rep; + char *data; ++ long dataleft; /* length of reply left to use */ + int length, + i, + ret; + int err; + + rep = (fsListFontsReply *) fs_get_reply (conn, &ret); +- if (!rep || rep->type == FS_Error) ++ if (!rep || rep->type == FS_Error || ++ (rep->length < LENGTHOF(fsListFontsReply))) + { + if (ret == FSIO_BLOCK) + return StillWorking; + if (rep) + _fs_done_read (conn, rep->length << 2); ++ _fs_reply_failed (rep, fsListFontsReply, "<"); + return AllocError; + } + data = (char *) rep + SIZEOF (fsListFontsReply); ++ dataleft = (rep->length << 2) - SIZEOF (fsListFontsReply); + + err = Successful; + /* copy data into FontPathRecord */ + for (i = 0; i < rep->nFonts; i++) + { ++ if (dataleft < 1) ++ break; + length = *(unsigned char *)data++; ++ dataleft--; /* used length byte */ ++ if (length > dataleft) { ++#ifdef DEBUG ++ fprintf(stderr, ++ "fsListFonts: name length (%d) > dataleft (%ld)\n", ++ length, dataleft); ++#endif ++ err = BadFontName; ++ break; ++ } + err = AddFontNamesName(blist->names, data, length); + if (err != Successful) + break; + data += length; ++ dataleft -= length; + } + _fs_done_read (conn, rep->length << 2); + return err; +@@ -2347,6 +2493,7 @@ + FSBlockedListInfoPtr binfo = (FSBlockedListInfoPtr) blockrec->data; + fsListFontsWithXInfoReply *rep; + char *buf; ++ long bufleft; + FSFpePtr conn = (FSFpePtr) fpe->private; + fsPropInfo *pi; + fsPropOffset *po; +@@ -2358,12 +2505,15 @@ + _fs_free_props (&binfo->info); + + rep = (fsListFontsWithXInfoReply *) fs_get_reply (conn, &ret); +- if (!rep || rep->type == FS_Error) ++ if (!rep || rep->type == FS_Error || ++ ((rep->nameLength != 0) && ++ (rep->length < LENGTHOF(fsListFontsWithXInfoReply)))) + { + if (ret == FSIO_BLOCK) + return StillWorking; + binfo->status = FS_LFWI_FINISHED; + err = AllocError; ++ _fs_reply_failed (rep, fsListFontsWithXInfoReply, "<"); + goto done; + } + /* +@@ -2380,6 +2530,7 @@ + } + + buf = (char *) rep + SIZEOF (fsListFontsWithXInfoReply); ++ bufleft = (rep->length << 2) - SIZEOF (fsListFontsWithXInfoReply); + + /* + * The original FS implementation didn't match +@@ -2388,19 +2539,71 @@ + */ + if (conn->fsMajorVersion <= 1) + { ++ if (rep->nameLength > bufleft) { ++#ifdef DEBUG ++ fprintf(stderr, ++ "fsListFontsWithXInfo: name length (%d) > bufleft (%ld)\n", ++ (int) rep->nameLength, bufleft); ++#endif ++ err = AllocError; ++ goto done; ++ } ++ /* binfo->name is a 256 char array, rep->nameLength is a CARD8 */ + memcpy (binfo->name, buf, rep->nameLength); + buf += _fs_pad_length (rep->nameLength); ++ bufleft -= _fs_pad_length (rep->nameLength); + } + pi = (fsPropInfo *) buf; ++ if (SIZEOF (fsPropInfo) > bufleft) { ++#ifdef DEBUG ++ fprintf(stderr, ++ "fsListFontsWithXInfo: PropInfo length (%d) > bufleft (%ld)\n", ++ (int) SIZEOF (fsPropInfo), bufleft); ++#endif ++ err = AllocError; ++ goto done; ++ } ++ bufleft -= SIZEOF (fsPropInfo); + buf += SIZEOF (fsPropInfo); + po = (fsPropOffset *) buf; ++ if (pi->num_offsets > (bufleft / SIZEOF (fsPropOffset))) { ++#ifdef DEBUG ++ fprintf(stderr, ++ "fsListFontsWithXInfo: offset length (%d * %d) > bufleft (%ld)\n", ++ pi->num_offsets, (int) SIZEOF (fsPropOffset), bufleft); ++#endif ++ err = AllocError; ++ goto done; ++ } ++ bufleft -= pi->num_offsets * SIZEOF (fsPropOffset); + buf += pi->num_offsets * SIZEOF (fsPropOffset); + pd = (pointer) buf; ++ if (pi->data_len > bufleft) { ++#ifdef DEBUG ++ fprintf(stderr, ++ "fsListFontsWithXInfo: data length (%d) > bufleft (%ld)\n", ++ pi->data_len, bufleft); ++#endif ++ err = AllocError; ++ goto done; ++ } ++ bufleft -= pi->data_len; + buf += pi->data_len; + if (conn->fsMajorVersion > 1) + { ++ if (rep->nameLength > bufleft) { ++#ifdef DEBUG ++ fprintf(stderr, ++ "fsListFontsWithXInfo: name length (%d) > bufleft (%ld)\n", ++ (int) rep->nameLength, bufleft); ++#endif ++ err = AllocError; ++ goto done; ++ } ++ /* binfo->name is a 256 char array, rep->nameLength is a CARD8 */ + memcpy (binfo->name, buf, rep->nameLength); + buf += _fs_pad_length (rep->nameLength); ++ bufleft -= _fs_pad_length (rep->nameLength); + } + + #ifdef DEBUG +@@ -2786,7 +2989,7 @@ + int ret = FSIO_ERROR; + fsConnSetup *setup; + FSFpeAltPtr alts; +- int i, alt_len; ++ unsigned int i, alt_len; + int setup_len; + char *alt_save, *alt_names; + +@@ -2813,8 +3016,9 @@ + } + if (setup->num_alternates) + { ++ size_t alt_name_len = setup->alternate_len << 2; + alts = malloc (setup->num_alternates * sizeof (FSFpeAltRec) + +- (setup->alternate_len << 2)); ++ alt_name_len); + if (alts) + { + alt_names = (char *) (setup + 1); +@@ -2823,10 +3027,25 @@ + { + alts[i].subset = alt_names[0]; + alt_len = alt_names[1]; ++ if (alt_len >= alt_name_len) { ++ /* ++ * Length is longer than setup->alternate_len ++ * told us to allocate room for, assume entire ++ * alternate list is corrupted. ++ */ ++#ifdef DEBUG ++ fprintf (stderr, ++ "invalid alt list (length %lx >= %lx)\n", ++ (long) alt_len, (long) alt_name_len); ++#endif ++ free(alts); ++ return FSIO_ERROR; ++ } + alts[i].name = alt_save; + memcpy (alt_save, alt_names + 2, alt_len); + alt_save[alt_len] = '\0'; + alt_save += alt_len + 1; ++ alt_name_len -= alt_len + 1; + alt_names += _fs_pad_length (alt_len + 2); + } + conn->numAlts = setup->num_alternates; --- libxfont-1.4.7.orig/debian/patches/CVE-2015-1802.patch +++ libxfont-1.4.7/debian/patches/CVE-2015-1802.patch @@ -0,0 +1,30 @@ +From 2deda9906480f9c8ae07b8c2a5510cc7e4c59a8e Mon Sep 17 00:00:00 2001 +From: Alan Coopersmith +Date: Fri, 6 Feb 2015 15:50:45 -0800 +Subject: bdfReadProperties: property count needs range check [CVE-2015-1802] + +Avoid integer overflow or underflow when allocating memory arrays +by multiplying the number of properties reported for a BDF font. + +Reported-by: Ilja Van Sprundel +Signed-off-by: Alan Coopersmith +Reviewed-by: Julien Cristau + +diff --git a/src/bitmap/bdfread.c b/src/bitmap/bdfread.c +index 914a024..6387908 100644 +--- a/src/bitmap/bdfread.c ++++ b/src/bitmap/bdfread.c +@@ -604,7 +604,9 @@ bdfReadProperties(FontFilePtr file, FontPtr pFont, bdfFileState *pState) + bdfError("missing 'STARTPROPERTIES'\n"); + return (FALSE); + } +- if (sscanf((char *) line, "STARTPROPERTIES %d", &nProps) != 1) { ++ if ((sscanf((char *) line, "STARTPROPERTIES %d", &nProps) != 1) || ++ (nProps <= 0) || ++ (nProps > ((INT32_MAX / sizeof(FontPropRec)) - BDF_GENPROPS))) { + bdfError("bad 'STARTPROPERTIES'\n"); + return (FALSE); + } +-- +cgit v0.10.2 + --- libxfont-1.4.7.orig/debian/patches/CVE-2015-1803.patch +++ libxfont-1.4.7/debian/patches/CVE-2015-1803.patch @@ -0,0 +1,33 @@ +From 78c2e3d70d29698244f70164428bd2868c0ab34c Mon Sep 17 00:00:00 2001 +From: Alan Coopersmith +Date: Fri, 6 Feb 2015 15:54:00 -0800 +Subject: bdfReadCharacters: bailout if a char's bitmap cannot be read + [CVE-2015-1803] + +Previously would charge on ahead with a NULL pointer in ci->bits, and +then crash later in FontCharInkMetrics() trying to access the bits. + +Found with afl-1.23b. + +Signed-off-by: Alan Coopersmith +Reviewed-by: Julien Cristau + +diff --git a/src/bitmap/bdfread.c b/src/bitmap/bdfread.c +index 6387908..1b29b81 100644 +--- a/src/bitmap/bdfread.c ++++ b/src/bitmap/bdfread.c +@@ -458,7 +458,10 @@ bdfReadCharacters(FontFilePtr file, FontPtr pFont, bdfFileState *pState, + ci->metrics.descent = -bb; + ci->metrics.characterWidth = wx; + ci->bits = NULL; +- bdfReadBitmap(ci, file, bit, byte, glyph, scan, bitmapsSizes); ++ if (!bdfReadBitmap(ci, file, bit, byte, glyph, scan, bitmapsSizes)) { ++ bdfError("could not read bitmap for character '%s'\n", charName); ++ goto BAILOUT; ++ } + ci++; + ndx++; + } else +-- +cgit v0.10.2 + --- libxfont-1.4.7.orig/debian/patches/CVE-2015-1804.patch +++ libxfont-1.4.7/debian/patches/CVE-2015-1804.patch @@ -0,0 +1,73 @@ +From 2351c83a77a478b49cba6beb2ad386835e264744 Mon Sep 17 00:00:00 2001 +From: Alan Coopersmith +Date: Fri, 6 Mar 2015 22:54:58 -0800 +Subject: bdfReadCharacters: ensure metrics fit into xCharInfo struct + [CVE-2015-1804] + +We use 32-bit ints to read from the bdf file, but then try to stick +into a 16-bit int in the xCharInfo struct, so make sure they won't +overflow that range. + +Found by afl-1.24b. + +v2: Verify that additions won't overflow 32-bit int range either. +v3: As Julien correctly observes, the previous check for bh & bw not + being < 0 reduces the number of cases we need to check for overflow. + +Signed-off-by: Alan Coopersmith +Reviewed-by: Julien Cristau + +diff --git a/src/bitmap/bdfread.c b/src/bitmap/bdfread.c +index 1b29b81..a0ace8f 100644 +--- a/src/bitmap/bdfread.c ++++ b/src/bitmap/bdfread.c +@@ -62,8 +62,16 @@ from The Open Group. + + #if HAVE_STDINT_H + #include +-#elif !defined(INT32_MAX) +-#define INT32_MAX 0x7fffffff ++#else ++# ifndef INT32_MAX ++# define INT32_MAX 0x7fffffff ++# endif ++# ifndef INT16_MAX ++# define INT16_MAX 0x7fff ++# endif ++# ifndef INT16_MIN ++# define INT16_MIN (0 - 0x8000) ++# endif + #endif + + #define INDICES 256 +@@ -417,6 +425,12 @@ bdfReadCharacters(FontFilePtr file, FontPtr pFont, bdfFileState *pState, + bdfError("DWIDTH y value must be zero\n"); + goto BAILOUT; + } ++ /* xCharInfo metrics are stored as INT16 */ ++ if ((wx < 0) || (wx > INT16_MAX)) { ++ bdfError("character '%s' has out of range width, %d\n", ++ charName, wx); ++ goto BAILOUT; ++ } + line = bdfGetLine(file, lineBuf, BDFLINELEN); + if ((!line) || (sscanf((char *) line, "BBX %d %d %d %d", &bw, &bh, &bl, &bb) != 4)) { + bdfError("bad 'BBX'\n"); +@@ -427,6 +441,14 @@ bdfReadCharacters(FontFilePtr file, FontPtr pFont, bdfFileState *pState, + charName, bw, bh); + goto BAILOUT; + } ++ /* xCharInfo metrics are read as int, but stored as INT16 */ ++ if ((bl > INT16_MAX) || (bl < INT16_MIN) || ++ (bb > INT16_MAX) || (bb < INT16_MIN) || ++ (bw > (INT16_MAX - bl)) || (bh > (INT16_MAX - bb))) { ++ bdfError("character '%s' has out of range metrics, %d %d %d %d\n", ++ charName, bl, (bl+bw), (bh+bb), -bb); ++ goto BAILOUT; ++ } + line = bdfGetLine(file, lineBuf, BDFLINELEN); + if ((line) && (bdfIsPrefix(line, "ATTRIBUTES"))) { + for (p = line + strlen("ATTRIBUTES "); +-- +cgit v0.10.2 + --- libxfont-1.4.7.orig/debian/patches/CVE-2017-13720.patch +++ libxfont-1.4.7/debian/patches/CVE-2017-13720.patch @@ -0,0 +1,27 @@ +From d1e670a4a8704b8708e493ab6155589bcd570608 Mon Sep 17 00:00:00 2001 +From: Michal Srb +Date: Thu, 20 Jul 2017 13:38:53 +0200 +Subject: Check for end of string in PatternMatch (CVE-2017-13720) + +If a pattern contains '?' character, any character in the string is skipped, +even if it is '\0'. The rest of the matching then reads invalid memory. + +Reviewed-by: Peter Hutterer +Signed-off-by: Julien Cristau + +Index: libxfont-1.5.1/src/fontfile/fontdir.c +=================================================================== +--- libxfont-1.5.1.orig/src/fontfile/fontdir.c 2017-10-06 11:44:10.771770838 -0400 ++++ libxfont-1.5.1/src/fontfile/fontdir.c 2017-10-06 11:44:10.771770838 -0400 +@@ -399,8 +399,10 @@ PatternMatch(char *pat, int patdashes, c + } + } + case '?': +- if (*string++ == XK_minus) ++ if ((t = *string++) == XK_minus) + stringdashes--; ++ if (!t) ++ return 0; + break; + case '\0': + return (*string == '\0'); --- libxfont-1.4.7.orig/debian/patches/CVE-2017-13722.patch +++ libxfont-1.4.7/debian/patches/CVE-2017-13722.patch @@ -0,0 +1,45 @@ +From 672bb944311392e2415b39c0d63b1e1902905bcd Mon Sep 17 00:00:00 2001 +From: Michal Srb +Date: Thu, 20 Jul 2017 17:05:23 +0200 +Subject: pcfGetProperties: Check string boundaries (CVE-2017-13722) + +Without the checks a malformed PCF file can cause the library to make +atom from random heap memory that was behind the `strings` buffer. +This may crash the process or leak information. + +Signed-off-by: Julien Cristau + +Index: libxfont-1.5.1/src/bitmap/pcfread.c +=================================================================== +--- libxfont-1.5.1.orig/src/bitmap/pcfread.c 2017-10-06 11:44:15.987838764 -0400 ++++ libxfont-1.5.1/src/bitmap/pcfread.c 2017-10-06 11:44:15.987838764 -0400 +@@ -44,6 +44,7 @@ from The Open Group. + + #include + #include ++#include + + void + pcfError(const char* message, ...) +@@ -310,11 +311,19 @@ pcfGetProperties(FontInfoPtr pFontInfo, + if (IS_EOF(file)) goto Bail; + position += string_size; + for (i = 0; i < nprops; i++) { ++ if (props[i].name >= string_size) { ++ pcfError("pcfGetProperties(): String starts out of bounds (%ld/%d)\n", props[i].name, string_size); ++ goto Bail; ++ } + props[i].name = MakeAtom(strings + props[i].name, +- strlen(strings + props[i].name), TRUE); ++ strnlen(strings + props[i].name, string_size - props[i].name), TRUE); + if (isStringProp[i]) { ++ if (props[i].value >= string_size) { ++ pcfError("pcfGetProperties(): String starts out of bounds (%ld/%d)\n", props[i].value, string_size); ++ goto Bail; ++ } + props[i].value = MakeAtom(strings + props[i].value, +- strlen(strings + props[i].value), TRUE); ++ strnlen(strings + props[i].value, string_size - props[i].value), TRUE); + } + } + free(strings); --- libxfont-1.4.7.orig/debian/patches/CVE-2017-16611-pre.patch +++ libxfont-1.4.7/debian/patches/CVE-2017-16611-pre.patch @@ -0,0 +1,67 @@ +From d9fda3d247942292a5f24694c22337c547006e11 Mon Sep 17 00:00:00 2001 +From: Christos Zoulas +Date: Wed, 25 Feb 2015 21:39:30 +0100 +Subject: Set close-on-exec for font file I/O. + +Reviewed-by: Alan Coopersmith +Signed-off-by: Thomas Klausner +--- + src/fontfile/fileio.c | 5 ++++- + src/fontfile/filewr.c | 12 +++++++----- + 2 files changed, 11 insertions(+), 6 deletions(-) + +diff --git a/src/fontfile/fileio.c b/src/fontfile/fileio.c +index 80af511..d44cecd 100644 +--- a/src/fontfile/fileio.c ++++ b/src/fontfile/fileio.c +@@ -36,6 +36,9 @@ in this Software without prior written authorization from The Open Group. + #ifndef O_BINARY + #define O_BINARY O_RDONLY + #endif ++#ifndef O_CLOEXEC ++#define O_CLOEXEC 0 ++#endif + + FontFilePtr + FontFileOpen (const char *name) +@@ -44,7 +47,7 @@ FontFileOpen (const char *name) + int len; + BufFilePtr raw, cooked; + +- fd = open (name, O_BINARY); ++ fd = open (name, O_BINARY|O_CLOEXEC); + if (fd < 0) + return 0; + raw = BufFileOpenRead (fd); +diff --git a/src/fontfile/filewr.c b/src/fontfile/filewr.c +index bcc7b1e..859a0be 100644 +--- a/src/fontfile/filewr.c ++++ b/src/fontfile/filewr.c +@@ -33,17 +33,19 @@ in this Software without prior written authorization from The Open Group. + #endif + #include + #include ++#ifndef O_BINARY ++#define O_BINARY 0 ++#endif ++#ifndef O_CLOEXEC ++#define O_CLOEXEC 0 ++#endif + + FontFilePtr + FontFileOpenWrite (const char *name) + { + int fd; + +-#if defined(WIN32) || defined(__CYGWIN__) +- fd = open (name, O_CREAT|O_TRUNC|O_RDWR|O_BINARY, 0666); +-#else +- fd = creat (name, 0666); +-#endif ++ fd = open (name, O_CREAT|O_TRUNC|O_RDWR|O_BINARY|O_CLOEXEC, 0666); + if (fd < 0) + return 0; + return (FontFilePtr) BufFileOpenWrite (fd); +-- +cgit v1.1 + --- libxfont-1.4.7.orig/debian/patches/CVE-2017-16611.patch +++ libxfont-1.4.7/debian/patches/CVE-2017-16611.patch @@ -0,0 +1,104 @@ +From 5ed8ac0e4f063825b8ecda48e9a111d3ce92e825 Mon Sep 17 00:00:00 2001 +From: Michal Srb +Date: Thu, 26 Oct 2017 09:48:13 +0200 +Subject: Open files with O_NOFOLLOW. (CVE-2017-16611) + +A non-privileged X client can instruct X server running under root to open any +file by creating own directory with "fonts.dir", "fonts.alias" or any font file +being a symbolic link to any other file in the system. X server will then open +it. This can be issue with special files such as /dev/watchdog. + +Reviewed-by: Matthieu Herrb + +diff --git a/src/fontfile/dirfile.c b/src/fontfile/dirfile.c +index 38ced75..661787a 100644 +--- a/src/fontfile/dirfile.c ++++ b/src/fontfile/dirfile.c +@@ -41,6 +41,7 @@ in this Software without prior written authorization from The Open Group. + #include + #include + #include ++#include + #include + #include + +@@ -60,8 +61,9 @@ FontFileReadDirectory (const char *directory, FontDirectoryPtr *pdir) + char dir_file[MAXFONTFILENAMELEN]; + char dir_path[MAXFONTFILENAMELEN]; + char *ptr; +- FILE *file; +- int count, ++ FILE *file = 0; ++ int file_fd, ++ count, + num_fonts, + status; + struct stat statb; +@@ -91,7 +93,14 @@ FontFileReadDirectory (const char *directory, FontDirectoryPtr *pdir) + if (dir_file[strlen(dir_file) - 1] != '/') + strcat(dir_file, "/"); + strcat(dir_file, FontDirFile); ++#ifndef WIN32 ++ file_fd = open(dir_file, O_RDONLY | O_NOFOLLOW); ++ if (file_fd >= 0) { ++ file = fdopen(file_fd, "rt"); ++ } ++#else + file = fopen(dir_file, "rt"); ++#endif + if (file) { + #ifndef WIN32 + if (fstat (fileno(file), &statb) == -1) +@@ -261,7 +270,8 @@ ReadFontAlias(char *directory, Bool isFile, FontDirectoryPtr *pdir) + char alias[MAXFONTNAMELEN]; + char font_name[MAXFONTNAMELEN]; + char alias_file[MAXFONTFILENAMELEN]; +- FILE *file; ++ int file_fd; ++ FILE *file = 0; + FontDirectoryPtr dir; + int token; + char *lexToken; +@@ -279,7 +289,16 @@ ReadFontAlias(char *directory, Bool isFile, FontDirectoryPtr *pdir) + strcat(alias_file, "/"); + strcat(alias_file, FontAliasFile); + } ++ ++#ifndef WIN32 ++ file_fd = open(alias_file, O_RDONLY | O_NOFOLLOW); ++ if (file_fd >= 0) { ++ file = fdopen(file_fd, "rt"); ++ } ++#else + file = fopen(alias_file, "rt"); ++#endif ++ + if (!file) + return ((errno == ENOENT) ? Successful : BadFontPath); + if (!dir) +diff --git a/src/fontfile/fileio.c b/src/fontfile/fileio.c +index d44cecd..992873a 100644 +--- a/src/fontfile/fileio.c ++++ b/src/fontfile/fileio.c +@@ -39,6 +39,9 @@ in this Software without prior written authorization from The Open Group. + #ifndef O_CLOEXEC + #define O_CLOEXEC 0 + #endif ++#ifndef O_NOFOLLOW ++#define O_NOFOLLOW 0 ++#endif + + FontFilePtr + FontFileOpen (const char *name) +@@ -47,7 +50,7 @@ FontFileOpen (const char *name) + int len; + BufFilePtr raw, cooked; + +- fd = open (name, O_BINARY|O_CLOEXEC); ++ fd = open (name, O_BINARY|O_CLOEXEC|O_NOFOLLOW); + if (fd < 0) + return 0; + raw = BufFileOpenRead (fd); +-- +cgit v0.10.2 + --- libxfont-1.4.7.orig/debian/patches/ftbfs-new-fontsproto-2.patch +++ libxfont-1.4.7/debian/patches/ftbfs-new-fontsproto-2.patch @@ -0,0 +1,32 @@ +From d279ffa49284b5e5f787f76edbe8c52226534a64 Mon Sep 17 00:00:00 2001 +From: Alan Coopersmith +Date: Tue, 7 Jan 2014 22:29:04 -0800 +Subject: Remove redundant declaration of FontFileStartListFonts() + +Fixes gcc warning: +catalogue.c:336:1: warning: redundant redeclaration of + 'FontFileStartListFonts' [-Wredundant-decls] +In file included from ../../include/X11/fonts/fntfilst.h:40:0, + from catalogue.c:32: +../../include/X11/fonts/fntfil.h:92:12: note: previous declaration + of 'FontFileStartListFonts' was here + +Signed-off-by: Alan Coopersmith +Reviewed-by: Jasper St. Pierre + +Index: libxfont-1.4.7/src/fontfile/catalogue.c +=================================================================== +--- libxfont-1.4.7.orig/src/fontfile/catalogue.c 2015-03-18 07:59:21.366455882 -0400 ++++ libxfont-1.4.7/src/fontfile/catalogue.c 2015-03-18 07:59:21.366455882 -0400 +@@ -338,11 +338,6 @@ + return Successful; + } + +-int +-FontFileStartListFonts(pointer client, FontPathElementPtr fpe, +- char *pat, int len, int max, +- pointer *privatep, int mark_aliases); +- + typedef struct _LFWIData { + pointer *privates; + int current; --- libxfont-1.4.7.orig/debian/patches/ftbfs-new-fontsproto.patch +++ libxfont-1.4.7/debian/patches/ftbfs-new-fontsproto.patch @@ -0,0 +1,553 @@ +From a96cc1f032a059da89319ceccb6659c8edd446fb Mon Sep 17 00:00:00 2001 +From: Keith Packard +Date: Fri, 15 Nov 2013 21:46:15 +0900 +Subject: Warning fixes. + +Many const char issues. + +One extra 'i' declared in ScaleFont; we can just use the same 'i' as +exists at the top level scope. + +Also ignore bad-function-cast in ftfuncs.c and bitscale.c because +we're casting the return value from floor or ceil from double to +int. As floor and ceil are kinda designed to generate integer results, +it's pretty clear that we're doing what we want and that the compiler +is generating noise. I'm not sure why bad-function-cast is ever a good +warning to turn on, but I'll leave that for another day. + +Signed-off-by: Keith Packard +Reviewed-by: Gaetan Nadon + +Index: libxfont-1.4.7/include/X11/fonts/fntfil.h +=================================================================== +--- libxfont-1.4.7.orig/include/X11/fonts/fntfil.h 2015-03-18 07:50:18.214183381 -0400 ++++ libxfont-1.4.7/include/X11/fonts/fntfil.h 2015-03-18 07:50:18.210183349 -0400 +@@ -72,12 +72,12 @@ + #define FontAliasFile "fonts.alias" + #define FontScalableFile "fonts.scale" + +-extern int FontFileNameCheck ( char *name ); ++extern int FontFileNameCheck ( const char *name ); + extern int FontFileInitFPE ( FontPathElementPtr fpe ); + extern int FontFileResetFPE ( FontPathElementPtr fpe ); + extern int FontFileFreeFPE ( FontPathElementPtr fpe ); + extern int FontFileOpenFont ( pointer client, FontPathElementPtr fpe, +- Mask flags, char *name, int namelen, ++ Mask flags, const char *name, int namelen, + fsBitmapFormat format, fsBitmapFormatMask fmask, + XID id, FontPtr *pFont, char **aliasName, + FontPtr non_cachable_font ); +@@ -87,14 +87,14 @@ + fsBitmapFormat format, + fsBitmapFormatMask fmask ); + extern int FontFileListFonts ( pointer client, FontPathElementPtr fpe, +- char *pat, int len, int max, ++ const char *pat, int len, int max, + FontNamesPtr names ); + extern int FontFileStartListFonts ( pointer client, FontPathElementPtr fpe, +- char *pat, int len, int max, ++ const char *pat, int len, int max, + pointer *privatep, int mark_aliases ); + extern int FontFileStartListFontsWithInfo ( pointer client, + FontPathElementPtr fpe, +- char *pat, int len, int max, ++ const char *pat, int len, int max, + pointer *privatep ); + extern int FontFileListNextFontWithInfo ( pointer client, + FontPathElementPtr fpe, +@@ -103,7 +103,7 @@ + int *numFonts, pointer private ); + extern int FontFileStartListFontsAndAliases ( pointer client, + FontPathElementPtr fpe, +- char *pat, int len, int max, ++ const char *pat, int len, int max, + pointer *privatep ); + extern int FontFileListNextFontOrAlias ( pointer client, + FontPathElementPtr fpe, +@@ -173,7 +173,7 @@ + fsBitmapFormatMask fmask, + Bool noSpecificSize ); + +-extern int FontFileReadDirectory ( char *directory, FontDirectoryPtr *pdir ); ++extern int FontFileReadDirectory ( const char *directory, FontDirectoryPtr *pdir ); + extern Bool FontFileDirectoryChanged ( FontDirectoryPtr dir ); + + #endif /* _FONTFILE_H_ */ +Index: libxfont-1.4.7/include/X11/fonts/fontmisc.h +=================================================================== +--- libxfont-1.4.7.orig/include/X11/fonts/fontmisc.h 2015-03-18 07:50:18.214183381 -0400 ++++ libxfont-1.4.7/include/X11/fonts/fontmisc.h 2015-03-18 07:50:18.210183349 -0400 +@@ -91,7 +91,7 @@ + + extern void CopyISOLatin1Lowered( + char * /*dest*/, +- char * /*source*/, ++ const char * /*source*/, + int /*length*/ + ); + +Index: libxfont-1.4.7/src/FreeType/ftfuncs.c +=================================================================== +--- libxfont-1.4.7.orig/src/FreeType/ftfuncs.c 2015-03-18 07:50:18.214183381 -0400 ++++ libxfont-1.4.7/src/FreeType/ftfuncs.c 2015-03-18 07:50:18.210183349 -0400 +@@ -1069,6 +1069,8 @@ + #endif + } + ++#pragma GCC diagnostic ignored "-Wbad-function-cast" ++ + int + FreeTypeRasteriseGlyph(unsigned idx, int flags, CharInfoPtr tgp, + FTInstancePtr instance, int hasMetrics) +Index: libxfont-1.4.7/src/bitmap/bitscale.c +=================================================================== +--- libxfont-1.4.7.orig/src/bitmap/bitscale.c 2015-03-18 07:50:18.214183381 -0400 ++++ libxfont-1.4.7/src/bitmap/bitscale.c 2015-03-18 07:50:18.210183349 -0400 +@@ -751,6 +751,8 @@ + * ScaleFont + * returns a pointer to the new scaled font, or NULL (due to AllocError). + */ ++#pragma GCC diagnostic ignored "-Wbad-function-cast" ++ + static FontPtr + ScaleFont(FontPtr opf, /* originating font */ + double widthMult, /* glyphs width scale factor */ +@@ -811,8 +813,6 @@ + needs to be for the output font */ + if (vals->nranges) + { +- int i; +- + pfi->allExist = 0; + firstCol = 255; + lastCol = 0; +Index: libxfont-1.4.7/src/builtins/builtin.h +=================================================================== +--- libxfont-1.4.7.orig/src/builtins/builtin.h 2015-03-18 07:50:18.214183381 -0400 ++++ libxfont-1.4.7/src/builtins/builtin.h 2015-03-18 07:50:18.210183349 -0400 +@@ -54,9 +54,9 @@ + extern const BuiltinAliasRec builtin_alias[]; + extern const int builtin_alias_count; + +-extern FontFilePtr BuiltinFileOpen (char *); ++extern FontFilePtr BuiltinFileOpen (const char *); + extern int BuiltinFileClose (BufFilePtr, int); +-extern int BuiltinReadDirectory (char *, FontDirectoryPtr *); ++extern int BuiltinReadDirectory (const char *, FontDirectoryPtr *); + extern void BuiltinRegisterFontFileFunctions (void); + + extern void BuiltinRegisterFpeFunctions (void); +Index: libxfont-1.4.7/src/builtins/dir.c +=================================================================== +--- libxfont-1.4.7.orig/src/builtins/dir.c 2015-03-18 07:50:18.214183381 -0400 ++++ libxfont-1.4.7/src/builtins/dir.c 2015-03-18 07:50:18.210183349 -0400 +@@ -148,7 +148,7 @@ + } + + int +-BuiltinReadDirectory (char *directory, FontDirectoryPtr *pdir) ++BuiltinReadDirectory (const char *directory, FontDirectoryPtr *pdir) + { + FontDirectoryPtr dir; + int i; +Index: libxfont-1.4.7/src/builtins/file.c +=================================================================== +--- libxfont-1.4.7.orig/src/builtins/file.c 2015-03-18 07:50:18.214183381 -0400 ++++ libxfont-1.4.7/src/builtins/file.c 2015-03-18 07:50:18.210183349 -0400 +@@ -90,7 +90,7 @@ + + + FontFilePtr +-BuiltinFileOpen (char *name) ++BuiltinFileOpen (const char *name) + { + int i; + BuiltinIOPtr io; +Index: libxfont-1.4.7/src/builtins/fpe.c +=================================================================== +--- libxfont-1.4.7.orig/src/builtins/fpe.c 2015-03-18 07:50:18.214183381 -0400 ++++ libxfont-1.4.7/src/builtins/fpe.c 2015-03-18 07:50:18.210183349 -0400 +@@ -32,7 +32,7 @@ + static const char builtin_fonts[] = "built-ins"; + + static int +-BuiltinNameCheck (char *name) ++BuiltinNameCheck (const char *name) + { + return (strcmp (name, builtin_fonts) == 0); + } +Index: libxfont-1.4.7/src/fc/fsconvert.c +=================================================================== +--- libxfont-1.4.7.orig/src/fc/fsconvert.c 2015-03-18 07:50:18.214183381 -0400 ++++ libxfont-1.4.7/src/fc/fsconvert.c 2015-03-18 07:50:18.210183349 -0400 +@@ -643,7 +643,7 @@ + + FontPtr + fs_create_font (FontPathElementPtr fpe, +- char *name, ++ const char *name, + int namelen, + fsBitmapFormat format, + fsBitmapFormatMask fmask) +Index: libxfont-1.4.7/src/fc/fserve.c +=================================================================== +--- libxfont-1.4.7.orig/src/fc/fserve.c 2015-03-18 07:50:18.214183381 -0400 ++++ libxfont-1.4.7/src/fc/fserve.c 2015-03-18 07:50:18.210183349 -0400 +@@ -147,7 +147,7 @@ + _fs_close_server (FSFpePtr conn); + + static FSFpePtr +-_fs_init_conn (char *servername); ++_fs_init_conn (const char *servername); + + static int + _fs_wait_connect (FSFpePtr conn); +@@ -235,7 +235,7 @@ + #endif + + static Bool +-fs_name_check(char *name) ++fs_name_check(const char *name) + { + /* Just make sure there is a protocol/ prefix */ + return (name && *name != '/' && strchr(name, '/')); +@@ -293,7 +293,7 @@ + fs_init_fpe(FontPathElementPtr fpe) + { + FSFpePtr conn; +- char *name; ++ const char *name; + int err; + int ret; + +@@ -1617,7 +1617,7 @@ + /* ARGSUSED */ + static int + fs_send_open_font(pointer client, FontPathElementPtr fpe, Mask flags, +- char *name, int namelen, ++ const char *name, int namelen, + fsBitmapFormat format, fsBitmapFormatMask fmask, + XID id, FontPtr *ppfont) + { +@@ -1809,7 +1809,7 @@ + /* ARGSUSED */ + static int + fs_open_font(pointer client, FontPathElementPtr fpe, Mask flags, +- char *name, int namelen, ++ const char *name, int namelen, + fsBitmapFormat format, fsBitmapFormatMask fmask, + XID id, FontPtr *ppfont, + char **alias, FontPtr non_cachable_font) +@@ -2405,7 +2405,7 @@ + } + + static int +-fs_send_list_fonts(pointer client, FontPathElementPtr fpe, char *pattern, ++fs_send_list_fonts(pointer client, FontPathElementPtr fpe, const char *pattern, + int patlen, int maxnames, FontNamesPtr newnames) + { + FSFpePtr conn = (FSFpePtr) fpe->private; +@@ -2461,7 +2461,7 @@ + + static int + fs_list_fonts(pointer client, FontPathElementPtr fpe, +- char *pattern, int patlen, int maxnames, FontNamesPtr newnames) ++ const char *pattern, int patlen, int maxnames, FontNamesPtr newnames) + { + FSFpePtr conn = (FSFpePtr) fpe->private; + FSBlockDataPtr blockrec; +@@ -2632,7 +2632,7 @@ + /* ARGSUSED */ + static int + fs_start_list_with_info(pointer client, FontPathElementPtr fpe, +- char *pattern, int len, int maxnames, pointer *pdata) ++ const char *pattern, int len, int maxnames, pointer *pdata) + { + FSFpePtr conn = (FSFpePtr) fpe->private; + FSBlockDataPtr blockrec; +@@ -3363,7 +3363,7 @@ + + + static FSFpePtr +-_fs_init_conn (char *servername) ++_fs_init_conn (const char *servername) + { + FSFpePtr conn; + +Index: libxfont-1.4.7/src/fc/fserve.h +=================================================================== +--- libxfont-1.4.7.orig/src/fc/fserve.h 2015-03-18 07:50:18.214183381 -0400 ++++ libxfont-1.4.7/src/fc/fserve.h 2015-03-18 07:50:18.210183349 -0400 +@@ -72,7 +72,7 @@ + extern void _fs_convert_char_info ( fsXCharInfo *src, xCharInfo *dst ); + extern void _fs_free_props (FontInfoPtr pfi); + extern FontPtr fs_create_font (FontPathElementPtr fpe, +- char *name, ++ const char *name, + int namelen, + fsBitmapFormat format, + fsBitmapFormatMask fmask); +Index: libxfont-1.4.7/src/fontfile/catalogue.c +=================================================================== +--- libxfont-1.4.7.orig/src/fontfile/catalogue.c 2015-03-18 07:50:18.214183381 -0400 ++++ libxfont-1.4.7/src/fontfile/catalogue.c 2015-03-18 07:50:18.210183349 -0400 +@@ -40,7 +40,7 @@ + static int CatalogueFreeFPE (FontPathElementPtr fpe); + + static int +-CatalogueNameCheck (char *name) ++CatalogueNameCheck (const char *name) + { + return strncmp(name, CataloguePrefix, sizeof(CataloguePrefix) - 1) == 0; + } +@@ -116,7 +116,7 @@ + if (subfpe->refcount == 0) + { + FontFileFreeFPE (subfpe); +- free(subfpe->name); ++ free((void *) subfpe->name); + free(subfpe); + } + } +@@ -158,6 +158,7 @@ + CatalogueUnrefFPEs (fpe); + while (entry = readdir(dir), entry != NULL) + { ++ char *name; + snprintf(link, sizeof link, "%s/%s", path, entry->d_name); + len = readlink(link, dest, sizeof dest - 1); + if (len < 0) +@@ -191,15 +192,16 @@ + * (which uses font->fpe->type) goes to CatalogueCloseFont. */ + subfpe->type = fpe->type; + subfpe->name_length = len; +- subfpe->name = malloc (len + 1); +- if (subfpe->name == NULL) ++ name = malloc (len + 1); ++ if (name == NULL) + { + free(subfpe); + continue; + } + +- memcpy(subfpe->name, dest, len); +- subfpe->name[len] = '\0'; ++ memcpy(name, dest, len); ++ name[len] = '\0'; ++ subfpe->name = name; + + /* The X server will manipulate the subfpe ref counts + * associated with the font in OpenFont and CloseFont, so we +@@ -208,7 +210,7 @@ + + if (FontFileInitFPE (subfpe) != Successful) + { +- free(subfpe->name); ++ free((void *) subfpe->name); + free(subfpe); + continue; + } +@@ -280,7 +282,7 @@ + + static int + CatalogueOpenFont (pointer client, FontPathElementPtr fpe, Mask flags, +- char *name, int namelen, ++ const char *name, int namelen, + fsBitmapFormat format, fsBitmapFormatMask fmask, + XID id, FontPtr *pFont, char **aliasName, + FontPtr non_cachable_font) +@@ -316,7 +318,7 @@ + } + + static int +-CatalogueListFonts (pointer client, FontPathElementPtr fpe, char *pat, ++CatalogueListFonts (pointer client, FontPathElementPtr fpe, const char *pat, + int len, int max, FontNamesPtr names) + { + CataloguePtr cat = fpe->private; +@@ -348,7 +350,7 @@ + + static int + CatalogueStartListFonts(pointer client, FontPathElementPtr fpe, +- char *pat, int len, int max, pointer *privatep, ++ const char *pat, int len, int max, pointer *privatep, + int mark_aliases) + { + CataloguePtr cat = fpe->private; +@@ -384,7 +386,7 @@ + + static int + CatalogueStartListFontsWithInfo(pointer client, FontPathElementPtr fpe, +- char *pat, int len, int max, ++ const char *pat, int len, int max, + pointer *privatep) + { + return CatalogueStartListFonts(client, fpe, pat, len, max, privatep, 0); +@@ -422,7 +424,7 @@ + + static int + CatalogueStartListFontsAndAliases(pointer client, FontPathElementPtr fpe, +- char *pat, int len, int max, ++ const char *pat, int len, int max, + pointer *privatep) + { + return CatalogueStartListFonts(client, fpe, pat, len, max, privatep, 1); +Index: libxfont-1.4.7/src/fontfile/dirfile.c +=================================================================== +--- libxfont-1.4.7.orig/src/fontfile/dirfile.c 2015-03-18 07:50:18.214183381 -0400 ++++ libxfont-1.4.7/src/fontfile/dirfile.c 2015-03-18 07:50:18.214183381 -0400 +@@ -50,8 +50,10 @@ + static int lexAlias ( FILE *file, char **lexToken ); + static int lexc ( FILE *file ); + ++#pragma GCC diagnostic ignored "-Wformat-nonliteral" ++ + int +-FontFileReadDirectory (char *directory, FontDirectoryPtr *pdir) ++FontFileReadDirectory (const char *directory, FontDirectoryPtr *pdir) + { + char file_name[MAXFONTFILENAMELEN]; + char font_name[MAXFONTNAMELEN]; +Index: libxfont-1.4.7/src/fontfile/fontfile.c +=================================================================== +--- libxfont-1.4.7.orig/src/fontfile/fontfile.c 2015-03-18 07:50:18.214183381 -0400 ++++ libxfont-1.4.7/src/fontfile/fontfile.c 2015-03-18 07:50:18.214183381 -0400 +@@ -50,7 +50,7 @@ + } + + _X_HIDDEN void +-CopyISOLatin1Lowered(char *dest, char *source, int length) ++CopyISOLatin1Lowered(char *dest, const char *source, int length) + { + int i; + for (i = 0; i < length; i++, source++, dest++) +@@ -69,7 +69,7 @@ + FontPtr non_cachable_font); + + int +-FontFileNameCheck (char *name) ++FontFileNameCheck (const char *name) + { + #ifndef NCD + #if defined(WIN32) +@@ -254,7 +254,7 @@ + /* ARGSUSED */ + int + FontFileOpenFont (pointer client, FontPathElementPtr fpe, Mask flags, +- char *name, int namelen, ++ const char *name, int namelen, + fsBitmapFormat format, fsBitmapFormatMask fmask, + XID id, FontPtr *pFont, char **aliasName, + FontPtr non_cachable_font) +@@ -688,7 +688,7 @@ + /* ARGSUSED */ + static int + _FontFileListFonts (pointer client, FontPathElementPtr fpe, +- char *pat, int len, int max, FontNamesPtr names, ++ const char *pat, int len, int max, FontNamesPtr names, + int mark_aliases) + { + FontDirectoryPtr dir; +@@ -794,7 +794,7 @@ + } LFWIDataRec, *LFWIDataPtr; + + int +-FontFileListFonts (pointer client, FontPathElementPtr fpe, char *pat, ++FontFileListFonts (pointer client, FontPathElementPtr fpe, const char *pat, + int len, int max, FontNamesPtr names) + { + return _FontFileListFonts (client, fpe, pat, len, max, names, 0); +@@ -802,7 +802,7 @@ + + int + FontFileStartListFonts(pointer client, FontPathElementPtr fpe, +- char *pat, int len, int max, ++ const char *pat, int len, int max, + pointer *privatep, int mark_aliases) + { + LFWIDataPtr data; +@@ -833,7 +833,7 @@ + + int + FontFileStartListFontsWithInfo(pointer client, FontPathElementPtr fpe, +- char *pat, int len, int max, ++ const char *pat, int len, int max, + pointer *privatep) + { + return FontFileStartListFonts(client, fpe, pat, len, max, privatep, 0); +@@ -1067,7 +1067,7 @@ + + int + FontFileStartListFontsAndAliases(pointer client, FontPathElementPtr fpe, +- char *pat, int len, int max, ++ const char *pat, int len, int max, + pointer *privatep) + { + return FontFileStartListFonts(client, fpe, pat, len, max, privatep, 1); +Index: libxfont-1.4.7/src/util/patcache.c +=================================================================== +--- libxfont-1.4.7.orig/src/util/patcache.c 2015-03-18 07:50:18.214183381 -0400 ++++ libxfont-1.4.7/src/util/patcache.c 2015-03-18 07:50:18.214183381 -0400 +@@ -50,7 +50,7 @@ + typedef struct _FontPatternCacheEntry { + struct _FontPatternCacheEntry *next, **prev; + short patlen; +- char *pattern; ++ const char *pattern; + int hash; + FontPtr pFont; /* associated font */ + } FontPatternCacheEntryRec, *FontPatternCacheEntryPtr; +@@ -74,7 +74,7 @@ + cache->entries[i].next = &cache->entries[i+1]; + cache->entries[i].prev = 0; + cache->entries[i].pFont = 0; +- free (cache->entries[i].pattern); ++ free ((void *) cache->entries[i].pattern); + cache->entries[i].pattern = 0; + cache->entries[i].patlen = 0; + } +@@ -107,7 +107,7 @@ + int i; + + for (i = 0; i < NENTRIES; i++) +- free (cache->entries[i].pattern); ++ free ((void *) cache->entries[i].pattern); + free (cache); + } + +@@ -128,7 +128,7 @@ + /* add entry */ + void + CacheFontPattern (FontPatternCachePtr cache, +- char *pattern, ++ const char *pattern, + int patlen, + FontPtr pFont) + { +@@ -154,7 +154,7 @@ + if (e->next) + e->next->prev = e->prev; + *e->prev = e->next; +- free (e->pattern); ++ free ((void *) e->pattern); + } + /* set pattern */ + memcpy (newpat, pattern, patlen); +@@ -174,7 +174,7 @@ + /* find matching entry */ + FontPtr + FindCachedFontPattern (FontPatternCachePtr cache, +- char *pattern, ++ const char *pattern, + int patlen) + { + int hash; +@@ -211,7 +211,7 @@ + *e->prev = e->next; + e->next = cache->free; + cache->free = e; +- free (e->pattern); ++ free ((void *) e->pattern); + e->pattern = 0; + } + } --- libxfont-1.4.7.orig/debian/patches/series +++ libxfont-1.4.7/debian/patches/series @@ -0,0 +1,11 @@ +CVE-2014-0209.patch +CVE-2014-021x.patch +CVE-2015-1802.patch +CVE-2015-1803.patch +CVE-2015-1804.patch +ftbfs-new-fontsproto.patch +ftbfs-new-fontsproto-2.patch +CVE-2017-13720.patch +CVE-2017-13722.patch +CVE-2017-16611-pre.patch +CVE-2017-16611.patch --- libxfont-1.4.7.orig/debian/rules +++ libxfont-1.4.7/debian/rules @@ -0,0 +1,60 @@ +#!/usr/bin/make -f + +PACKAGE = libxfont1 +OOT = --builddirectory=build + +DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) + +CFLAGS = $(shell dpkg-buildflags --get CFLAGS) +CFLAGS += -Wall +CPPFLAGS = $(shell dpkg-buildflags --get CPPFLAGS) +LDFLAGS = $(shell dpkg-buildflags --get LDFLAGS) + +# Strip -Bsymbolic-functions (set by default on Ubuntu) to avoid breakages: +LDFLAGS := $(LDFLAGS:-Wl,-Bsymbolic-functions=) + +CONFFLAGS += \ + --disable-fc \ + --enable-builtins \ + --enable-pcfformat \ + --enable-bdfformat \ + --enable-devel-docs \ + --without-fop \ + --disable-silent-rules \ + --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH) \ + CFLAGS="$(CFLAGS)" \ + CPPFLAGS="$(CPPFLAGS)" \ + LDFLAGS="$(LDFLAGS)" + + +override_dh_auto_clean: + dh_auto_clean + rm -rf build-main/ debian/tmp-main/ + rm -rf build-udeb/ debian/tmp-udeb/ + +override_dh_auto_configure: + dh_auto_configure $(OOT)-main/ -- --with-bzip2 --with-xmlto $(CONFFLAGS) + dh_auto_configure $(OOT)-udeb/ -- --without-bzip2 --without-xmlto $(CONFFLAGS) + +override_dh_auto_build: + $(MAKE) -C build-main/ + $(MAKE) -C build-udeb/ + +override_dh_auto_install: + $(MAKE) -C build-main/ install DESTDIR=$(CURDIR)/debian/tmp-main + $(MAKE) -C build-udeb/ install DESTDIR=$(CURDIR)/debian/tmp-udeb + +override_dh_install: + find debian/tmp-* -name '*.la' -delete + dh_install -a -N$(PACKAGE)-udeb --sourcedir=debian/tmp-main --fail-missing + dh_install -p$(PACKAGE)-udeb --sourcedir=debian/tmp-udeb --fail-missing + +override_dh_strip: + dh_strip -p$(PACKAGE) --dbg-package=$(PACKAGE)-dbg + dh_strip -N$(PACKAGE) + +override_dh_makeshlibs: + dh_makeshlibs -V'libxfont1 (>= 1:1.4.2)' --add-udeb=$(PACKAGE)-udeb + +%: + dh $@ --with quilt,autoreconf --parallel --- libxfont-1.4.7.orig/debian/watch +++ libxfont-1.4.7/debian/watch @@ -0,0 +1,3 @@ +#git=git://anongit.freedesktop.org/xorg/lib/libXfont +version=3 +http://xorg.freedesktop.org/releases/individual/lib/ libXfont-(.*)\.tar\.gz