Opened 10 years ago
Closed 10 years ago
#5069 closed enhancement (fixed)
libXfont-1.4.8
| Reported by: | Fernando de Oliveira | Owned by: | Fernando de Oliveira |
|---|---|---|---|
| Priority: | normal | Milestone: | 7.6 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Change History (6)
comment:1 by , 10 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 10 years ago
| Owner: | changed from to |
|---|---|
| Status: | assigned → new |
comment:3 by , 10 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:4 by , 10 years ago
Security and problematic changes:
CVE-2014-0210: unvalidated length fields in fs_read_list_info()
CVE-2014-0210: unvalidated length fields in fs_read_glyphs()
CVE-2014-0210: unvalidated length fields in fs_read_extent_info()
CVE-2014-0211: integer overflow in fs_alloc_glyphs()
CVE-2014-0211: integer overflow in fs_read_extent_info()
CVE-2014-0210: unvalidated length fields in fs_read_query_info()
CVE-2014-0211: Integer overflow in fs_get_reply/_fs_start_read
CVE-2014-0210: unvalidated lengths when reading replies from font server
CVE-2014-0210: unvalidated length in _fs_recv_conn_setup()
CVE-2014-0209: integer overflow of realloc() size in lexAlias()
CVE-2014-0209: integer overflow of realloc() size in FontFileAddEntry()
Problematic:
commit 9b41f3d0c7c430a2909c9455eff347e714f0c4b4
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sun Apr 20 18:10:07 2014 -0700
Require fontsproto < 2.1.3 for matching function prototypes
Building libXfont-1.4.x against fontsproto 2.1.3 causes clang
complaints of:
patcache.c:130:1: error: conflicting types for 'CacheFontPattern'
CacheFontPattern (FontPatternCachePtr cache,
^
patcache.c:176:1: error: conflicting types for 'FindCachedFontPattern'
FindCachedFontPattern (FontPatternCachePtr cache,
^
due to the constification of arguments not matching.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Thomas Klausner <wiz@NetBSD.org>
This makes impossible for us to update, without further modifications, either downgrading fontsproto 2.1.3 or modifying libXfont.
As we do not (at least usually) compile using clang, I decided just to remove from config the restriction for fontsproto < 2.1.3:
sed -i 's/fontsproto < 2.1.3/fontsproto/' configure
Any reason for downgrading fontsproto instead of using the sed?
comment:6 by , 10 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
I'm sorry.
I am having problems with my system. Will build a new one. Don't know when will be with a system to update packages, so, I am giving back to the book all that I had to do.