commit da2ee7ad0db2aa8e1536480a7a74c5edadff1f6f0b90924da505ca40905a6d3c Author: Stefan Dirsch Date: Thu Feb 9 13:18:07 2012 +0000 Accepting request 103562 from home:jengelh:branches:X11:XOrg Split xorg-x11-libs OBS-URL: https://build.opensuse.org/request/show/103562 OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/libXfont?expand=0&rev=1 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/U_libXfont_LZW-decompress-fix-for-CVE-2011-2895.patch b/U_libXfont_LZW-decompress-fix-for-CVE-2011-2895.patch new file mode 100644 index 0000000..b1bf8cd --- /dev/null +++ b/U_libXfont_LZW-decompress-fix-for-CVE-2011-2895.patch @@ -0,0 +1,32 @@ +From d11ee5886e9d9ec610051a206b135a4cdc1e09a0 Mon Sep 17 00:00:00 2001 +From: Thomas Hoger +Date: Mon, 8 Aug 2011 18:03:09 +0200 +Subject: [PATCH] LZW decompress: fix for CVE-2011-2895 + +Specially crafted LZW stream can crash an application using libXfont +that is used to open untrusted font files. With X server, this may +allow privilege escalation when exploited + +Reviewed-by: Matthieu Herrb +Signed-off-by: Matthieu Herrb +Signed-off-by: Alan Coopersmith +--- + src/fontfile/decompress.c | 2 ++ + 1 files changed, 2 insertions(+), 0 deletions(-) + +diff --git a/src/fontfile/decompress.c b/src/fontfile/decompress.c +index b1fc37b..c8171dd 100644 +--- a/src/fontfile/decompress.c ++++ b/src/fontfile/decompress.c +@@ -259,6 +259,8 @@ BufCompressedFill (BufFilePtr f) + */ + while ( code >= 256 ) + { ++ if (stackp - de_stack >= STACK_SIZE - 1) ++ return BUFFILEEOF; + *stackp++ = file->tab_suffix[code]; + code = file->tab_prefix[code]; + } +-- +1.7.4.1 + diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..975e429 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,4 @@ +libXfont1 +libXfont-devel + requires -libXfont- + requires "libXfont1- = " diff --git a/libXfont-1.4.3.tar.bz2 b/libXfont-1.4.3.tar.bz2 new file mode 100644 index 0000000..cca8fe0 --- /dev/null +++ b/libXfont-1.4.3.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f79245652901d20092092e942155d32b8dde15527637db3c09a1adc83672e9cc +size 438358 diff --git a/libXfont.changes b/libXfont.changes new file mode 100644 index 0000000..61dba6b --- /dev/null +++ b/libXfont.changes @@ -0,0 +1,4 @@ +------------------------------------------------------------------- +Tue Feb 7 22:17:49 UTC 2012 - jengelh@medozas.de + +- Split xorg-x11-libs into separate packages diff --git a/libXfont.spec b/libXfont.spec new file mode 100644 index 0000000..bb9542f --- /dev/null +++ b/libXfont.spec @@ -0,0 +1,101 @@ +# +# spec file for package libXfont +# +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# +Name: libXfont +%define lname libXfont1 +Version: 1.4.3 +Release: 0 +Summary: X font handling library for server and utilities +License: MIT +Group: Development/Libraries/C and C++ +Url: http://cgit.freedesktop.org/xorg/lib/libXfont/ + +#Git-Clone: git://anongit.freedesktop.org/xorg/lib/libXfont +Source: %name-%version.tar.bz2 +Patch1: U_libXfont_LZW-decompress-fix-for-CVE-2011-2895.patch +#git#BuildRequires: autoconf >= 2.60, automake, libtool +BuildRequires: pkgconfig, pkgconfig(xorg-macros) >= 1.10 +BuildRequires: pkgconfig(freetype2), pkgconfig(xproto), pkgconfig(xtrans) +BuildRequires: pkgconfig(fontsproto), pkgconfig(fontenc) +BuildRequires: pkgconfig(zlib) +#optional#BuildRequires: pkgconfig(bzip2), + --with-bzip2 + +%description +libXfont provides the core of the legacy X11 font system, handling +the index files (fonts.dir, fonts.alias, fonts.scale), the various +font file formats, and rasterizing them. It is used by the X servers, +the X Font Server (xfs), and some font utilities (bdftopcf for +instance), but should not be used by normal X11 clients. X11 clients +access fonts via either the new APIs in libXft, or the legacy APIs in +libX11. + +%package -n %lname +Summary: X font handling library for server and utilities +Group: System/Libraries + +%description -n %lname +libXfont provides the core of the legacy X11 font system, handling +the index files (fonts.dir, fonts.alias, fonts.scale), the various +font file formats, and rasterizing them. It is used by the X servers, +the X Font Server (xfs), and some font utilities (bdftopcf for +instance), but should not be used by normal X11 clients. X11 clients +access fonts via either the new APIs in libXft, or the legacy APIs in +libX11. + +%package devel +Summary: Development files for the X font handling library +Group: Development/Libraries/C and C++ +Requires: %lname = %version + +%description devel +libXfont provides the core of the legacy X11 font system, handling +the index files (fonts.dir, fonts.alias, fonts.scale), the various +font file formats, and rasterizing them. It is used by the X servers, +the X Font Server (xfs), and some font utilities (bdftopcf for +instance), but should not be used by normal X11 clients. X11 clients +access fonts via either the new APIs in libXft, or the legacy APIs in +libX11. + +This package contains the development headers for the library found +in %lname. + +%prep +%setup -q +%patch -P 1 -p1 + +%build +%configure --disable-static +make %{?_smp_mflags} + +%install +%makeinstall +rm -f "%buildroot/%_libdir"/*.la + +%post -n %lname -p /sbin/ldconfig + +%postun -n %lname -p /sbin/ldconfig + +%files -n %lname +%defattr(-,root,root) +%_libdir/libXfont.so.1* + +%files devel +%defattr(-,root,root) +%_includedir/X11/* +%_libdir/libXfont.so +%_libdir/pkgconfig/xfont.pc + +%changelog