#
# spec file for package libXfont
#
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: libXfont
%define lname libXfont1
Version: 1.5.4
Release: 2.9
Summary: X font handling library for server and utilities
License: MIT
Group: Development/Libraries/C and C++
Url: http://xorg.freedesktop.org/
#Git-Clone: git://anongit.freedesktop.org/xorg/lib/libXfont
#Git-Web: http://cgit.freedesktop.org/xorg/lib/libXfont/
Source: %{name}-%{version}.tar.bz2
Source1: baselibs.conf
BuildRoot: %{_tmppath}/%{name}-%{version}-build
#git#BuildRequires: autoconf >= 2.60, automake, libtool
BuildRequires: pkgconfig
BuildRequires: pkgconfig(fontenc)
BuildRequires: pkgconfig(fontsproto)
BuildRequires: pkgconfig(freetype2)
BuildRequires: pkgconfig(xorg-macros) >= 1.10
BuildRequires: pkgconfig(xproto)
BuildRequires: pkgconfig(xtrans)
BuildRequires: pkgconfig(zlib)
#optional#BuildRequires: pkgconfig(bzip2), + --with-bzip2
%description
libXfont provides the core of the legacy X11 font system, handling
the index files (fonts.dir, fonts.alias, fonts.scale), the various
font file formats, and rasterizing them. It is used by the X servers,
the X Font Server (xfs), and some font utilities (bdftopcf for
instance), but should not be used by normal X11 clients. X11 clients
access fonts via either the new APIs in libXft, or the legacy APIs in
libX11.
%package -n %lname
Summary: X font handling library for server and utilities
Group: System/Libraries
%description -n %lname
libXfont provides the core of the legacy X11 font system, handling
the index files (fonts.dir, fonts.alias, fonts.scale), the various
font file formats, and rasterizing them. It is used by the X servers,
the X Font Server (xfs), and some font utilities (bdftopcf for
instance), but should not be used by normal X11 clients. X11 clients
access fonts via either the new APIs in libXft, or the legacy APIs in
libX11.
%package devel
Summary: Development files for the X font handling library
Group: Development/Libraries/C and C++
Requires: %lname = %version
%description devel
libXfont provides the core of the legacy X11 font system, handling
the index files (fonts.dir, fonts.alias, fonts.scale), the various
font file formats, and rasterizing them. It is used by the X servers,
the X Font Server (xfs), and some font utilities (bdftopcf for
instance), but should not be used by normal X11 clients. X11 clients
access fonts via either the new APIs in libXft, or the legacy APIs in
libX11.
This package contains the development headers for the library found
in %lname.
%prep
%setup -q
%build
%configure --disable-static
make %{?_smp_mflags}
%install
make install DESTDIR="%buildroot"
rm -f "%buildroot/%_libdir"/*.la
%post -n %lname -p /sbin/ldconfig
%postun -n %lname -p /sbin/ldconfig
%files -n %lname
%defattr(-,root,root)
%_libdir/libXfont.so.1*
%files devel
%defattr(-,root,root)
%_includedir/X11/*
%_libdir/libXfont.so
%_libdir/pkgconfig/xfont.pc
%changelog
* Tue Nov 28 2017 sndirsch@suse.com
- Update to release 1.5.4
* Open files with O_NOFOLLOW. (CVE-2017-16611, bsc#1050459)
* Fri Oct 20 2017 sndirsch@suse.com
- Update to release 1.5.3
* Check for end of string in PatternMatch (CVE-2017-13720)
* pcfGetProperties: Check string boundaries (CVE-2017-13722)
* Tue May 30 2017 sndirsch@suse.com
- includes everything needed for missing sle issue entries:
fate #320388 (bsc#1041641)
boo#958383, bnc#921978, bnc#857544 (bsc#1041641)
CVE-2015-1802, CVE-2015-1803, CVE-2015-1804 (bsc#1041641)
CVE-2014-0209, CVE-2014-0210, CVE-2014-0211 (bsc#1041641)
* Thu Sep 22 2016 sndirsch@suse.com
- Update to release 1.5.2
Maintenance branch release, primarily for bdftopcf's benefit as it's
the only thing that really needs the Xfont1 API. (xfs uses it too, I
believe, but could be ported to Xfont2). If someone wanted to step up
and merge Xfont1 into bdtopcf directly, that'd be great.
- supersedes U_bdfReadCharacters-Allow-negative-DWIDTH-values.patch
* Tue Dec 8 2015 eich@suse.com
- U_bdfReadCharacters-Allow-negative-DWIDTH-values.patch
Negative DWIDTH is legal. This was broken by the fix for
CVE-2015-1804. Fixed upstream with commit 1a73d6 (boo#958383).
* Wed Mar 18 2015 sndirsch@suse.com
- Update to release 1.5.1
* This release of libXfont provides the fixes for the
security advisory about BDF font parsing bugs (CVE-2015-1802,
CVE-2015-1803, CVE-2015-1804)
* Mon Jul 21 2014 sndirsch@suse.com
- Update to final release 1.5.0
* no changes since 1.4.99.901
* Wed Jul 9 2014 sndirsch@suse.com
- Update to version 1.4.99.901
* This is a release candidate of libXfont 1.5.0 - please test and
report any issues found, so we can have a final/stable release
soon to go with the xorg-server 1.16 release.
* *IMPORTANT* This release works with fontsproto 2.1.3 or later
and is for use with the upcoming release of xorg-server 1.16
and later. It will *not* work with older versions of
fontsproto or xorg-server (prior to 1.15.99.901).
* This release includes all the security & bug fixes from
libXfont 1.4.8, plus these additional significant changes:
- Support for SNF font format (deprecated since X11R5 in 1991)
is now disabled by default at build time. For now, adding
- -enable-snfformat to configure flags may re-enable it, but
support may be fully removed in future libXfont releases.
- Many compiler warnings cleaned up, including some which
required API changes around type declarations (const char *,
Pointer, etc.).
- README file expanded to explain all the different formats/
options.
- supersedes patches:
* U_0001-CVE-2014-0209-integer-overflow-of-realloc-size-in-Fo.patch
* U_0002-CVE-2014-0209-integer-overflow-of-realloc-size-in-le.patch
* U_0003-CVE-2014-0210-unvalidated-length-in-_fs_recv_conn_se.patch
* U_0004-CVE-2014-0210-unvalidated-lengths-when-reading-repli.patch
* U_0005-CVE-2014-0211-Integer-overflow-in-fs_get_reply-_fs_s.patch
* U_0006-CVE-2014-0210-unvalidated-length-fields-in-fs_read_q.patch
* U_0007-CVE-2014-0211-integer-overflow-in-fs_read_extent_inf.patch
* U_0008-CVE-2014-0211-integer-overflow-in-fs_alloc_glyphs.patch
* U_0009-CVE-2014-0210-unvalidated-length-fields-in-fs_read_e.patch
* U_0010-CVE-2014-0210-unvalidated-length-fields-in-fs_read_g.patch
* U_0011-CVE-2014-0210-unvalidated-length-fields-in-fs_read_l.patch
* U_0012-CVE-2014-0210-unvalidated-length-fields-in-fs_read_l.patch
- added baselibs.conf as source to spec file
* Mon May 19 2014 msrb@suse.com
- U_0001-CVE-2014-0209-integer-overflow-of-realloc-size-in-Fo.patch,
U_0002-CVE-2014-0209-integer-overflow-of-realloc-size-in-le.patch,
U_0003-CVE-2014-0210-unvalidated-length-in-_fs_recv_conn_se.patch,
U_0004-CVE-2014-0210-unvalidated-lengths-when-reading-repli.patch,
U_0005-CVE-2014-0211-Integer-overflow-in-fs_get_reply-_fs_s.patch,
U_0006-CVE-2014-0210-unvalidated-length-fields-in-fs_read_q.patch,
U_0007-CVE-2014-0211-integer-overflow-in-fs_read_extent_inf.patch,
U_0008-CVE-2014-0211-integer-overflow-in-fs_alloc_glyphs.patch,
U_0009-CVE-2014-0210-unvalidated-length-fields-in-fs_read_e.patch,
U_0010-CVE-2014-0210-unvalidated-length-fields-in-fs_read_g.patch,
U_0011-CVE-2014-0210-unvalidated-length-fields-in-fs_read_l.patch,
U_0012-CVE-2014-0210-unvalidated-length-fields-in-fs_read_l.patch
* Security fixes. (CVE-2014-0209, CVE-2014-0210, CVE-2014-0211,
bnc#857544)
* Tue Mar 18 2014 sndirsch@suse.com
- update to current git commit a96cc1f to match current fontsproto
git sources
* Wed Jan 8 2014 sndirsch@suse.com
- Update to version 1.4.7
This release includes the fix for CVE-2013-6462, as well as
other security hardening and code cleanups, and makes libXfont
compatible with libXtrans 1.3 on Solaris. (bnc#854915)
* Sat Aug 17 2013 zaitor@opensuse.org
- Update to version 1.4.6:
+ Require ANSI C89 pre-processor, drop pre-C89 token pasting
support.
+ Protect config.h inclusion with ifdef HAVE_CONFIG_H, like
usual.
+ Replace deprecated Automake INCLUDES variable with AM_CPPFLAGS.
+ autogen.sh: Implement GNOME Build API.
+ configure: Remove AM_MAINTAINER_MODE.
+ catalogue: Fix obvious thinko.
+ Omit catalogue support on systems without symlinks.
+ If socket is interrupted with signal EINTR, re-attempt read.
* Sun Feb 17 2013 jengelh@inai.de
- Use more robust make install call
* Thu Apr 12 2012 vuntz@opensuse.org
- Update to version 1.4.5:
+ Updates to better handle fonts compressed with compress(1)
+ Do proper input validation to fix for CVE-2011-2895
+ Fix crash if pcf header is corrupted
+ Cleanups for compiler warnings
+ Improvements for the developer documentation
+ Build configuration improvements
- Changes from version 1.4.4:
+ LZW decompress: fix for CVE-2011-2895
+ Fix memory leak
+ Build configuration improvements
- Drop U_libXfont_LZW-decompress-fix-for-CVE-2011-2895.patch: fixed
upstream.
* Tue Feb 7 2012 jengelh@medozas.de
- Split xorg-x11-libs into separate packages