Opened 12 years ago

Closed 12 years ago

#5069 closed enhancement (fixed)

libXfont-1.4.8

Reported by: Fernando de Oliveira Owned by: Fernando de Oliveira
Priority: normal Milestone: 7.6
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

http://xorg.freedesktop.org/releases/individual/lib/libXfont-1.4.8.tar.bz2

Change History (6)

comment:1 by Fernando de Oliveira, 12 years ago

Owner: changed from blfs-book@… to Fernando de Oliveira
Status: newassigned

comment:2 by Fernando de Oliveira, 12 years ago

Owner: changed from Fernando de Oliveira to blfs-book@…
Status: assignednew

I'm sorry.

I am having problems with my system. Will build a new one. Don't know when will be with a system to update packages, so, I am giving back to the book all that I had to do.

comment:3 by Fernando de Oliveira, 12 years ago

Owner: changed from blfs-book@… to Fernando de Oliveira
Status: newassigned

comment:4 by Fernando de Oliveira, 12 years ago

Security and problematic changes: 

    CVE-2014-0210: unvalidated length fields in fs_read_list_info()

    CVE-2014-0210: unvalidated length fields in fs_read_glyphs()

    CVE-2014-0210: unvalidated length fields in fs_read_extent_info()

    CVE-2014-0211: integer overflow in fs_alloc_glyphs()

    CVE-2014-0211: integer overflow in fs_read_extent_info()

    CVE-2014-0210: unvalidated length fields in fs_read_query_info()

    CVE-2014-0211: Integer overflow in fs_get_reply/_fs_start_read

    CVE-2014-0210: unvalidated lengths when reading replies from font server

    CVE-2014-0210: unvalidated length in _fs_recv_conn_setup()

    CVE-2014-0209: integer overflow of realloc() size in lexAlias()

    CVE-2014-0209: integer overflow of realloc() size in FontFileAddEntry()

Problematic: 

commit 9b41f3d0c7c430a2909c9455eff347e714f0c4b4
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sun Apr 20 18:10:07 2014 -0700

    Require fontsproto < 2.1.3 for matching function prototypes
    
    Building libXfont-1.4.x against fontsproto 2.1.3 causes clang
    complaints of:
    
    patcache.c:130:1: error: conflicting types for 'CacheFontPattern'
    CacheFontPattern (FontPatternCachePtr cache,
    ^
    patcache.c:176:1: error: conflicting types for 'FindCachedFontPattern'
    FindCachedFontPattern (FontPatternCachePtr cache,
    ^
    
    due to the constification of arguments not matching.
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Reviewed-by: Thomas Klausner <wiz@NetBSD.org>

This makes impossible for us to update, without further modifications, either downgrading fontsproto 2.1.3 or modifying libXfont.

As we do not (at least usually) compile using clang, I decided just to remove from config the restriction for fontsproto < 2.1.3: 

sed -i 's/fontsproto < 2.1.3/fontsproto/' configure

Any reason for downgrading fontsproto instead of using the sed?

comment:5 by Fernando de Oliveira, 12 years ago

Fixed at r13114.

comment:6 by Fernando de Oliveira, 12 years ago

Resolution: fixed
Status: assignedclosed
Note: See TracTickets for help on using tickets.