libXfont provides the core of the legacy X11 font system, handling the index files (fonts.dir, fonts.alias, fonts.scale), the various font file formats, and rasterizing them. It is used by the X servers, the X Font Server (xfs), and some font utilities (bdftopcf for instance), but should not be used by normal X11 clients. X11 clients access fonts via either the new API's in libXft, or the legacy API's in libX11. This release includes the fix for CVE-2013-6462, as well as other security hardening and code cleanups, and makes libXfont compatible with libXtrans 1.3 on Solaris. Alan Coopersmith (7): xstrdup -> strdup Replace malloc(strlen)+strcpy/strcat calls with strdup Don't leak old allocation if realloc fails to enlarge it Add AC_USE_SYSTEM_EXTENSIONS to expose non-standard extensions CVE-2013-6462: unlimited sscanf overflows stack buffer in bdfReadCharacters() Limit additional sscanf strings to fit buffer sizes libXfont 1.4.7 Julien Cristau (1): Make serverGeneration unsigned git tag: libXfont-1.4.7 http://xorg.freedesktop.org/archive/individual/lib/libXfont-1.4.7.tar.bz2 MD5: b21ee5739d5d2e5028b302fbf9fe630b SHA1: 77f60d0a2190cb36c07c2217693f46d5e8942ca2 SHA256: d16ea3541835d296b19cfb05d7e64fc62173d8e7eb93284402ec761b951d1543 http://xorg.freedesktop.org/archive/individual/lib/libXfont-1.4.7.tar.gz MD5: f265a3753386026414dab4408b7a74be SHA1: e81a9bb1287e09405293db65677f1b9ce5a64fcc SHA256: 23029d9ab79190466169220c202a73e239fdf94a93a250a9d2d5756381b67ad2 -- -Alan Coopersmith- alan.coopersmith at oracle.com Oracle Solaris Engineering - http://blogs.oracle.com/alanc -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 832 bytes Desc: not available URL: <http://lists.x.org/archives/xorg-announce/attachments/20140107/ef17e25e/attachment.pgp>