debian/changelog | 14 +++++
debian/control | 11 ++--
debian/patches/CVE-2008-0006.diff | 24 ++++++++
debian/patches/series | 1
debian/xsfbs/xsfbs.mk | 103 ++++++--------------------------------
debian/xsfbs/xsfbs.sh | 7 --
6 files changed, 64 insertions(+), 96 deletions(-)
New commits:
commit 91cf0dd5f9aabfbb7d6de1d2510d3d70f1fc29b2
Author: Julien Cristau <[EMAIL PROTECTED]>
Date: Thu Jan 17 00:09:48 2008 +0100
Prepare changelog for upload.
diff --git a/debian/changelog b/debian/changelog
index 89d9445..555fc06 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-libxfont (1:1.3.1-2) UNRELEASED; urgency=high
+libxfont (1:1.3.1-2) unstable; urgency=high
* High urgency upload for security fix.
* Fix a buffer overflow in the PCF font parser (CVE-2008-0006).
@@ -10,7 +10,7 @@ libxfont (1:1.3.1-2) UNRELEASED; urgency=high
+ libxfont1 is Section: libs
+ libxfont-dev and libxfont1-dbg are Section: libdevel
- -- Julien Cristau <[EMAIL PROTECTED]> Thu, 17 Jan 2008 00:07:29 +0100
+ -- Julien Cristau <[EMAIL PROTECTED]> Thu, 17 Jan 2008 00:09:38 +0100
libxfont (1:1.3.1-1) unstable; urgency=low
commit 54954811265d5580be8719f772dda521c641cde2
Author: Julien Cristau <[EMAIL PROTECTED]>
Date: Thu Jan 17 00:09:37 2008 +0100
* debian/control updates
+ add myself to Uploaders, and remove Branden and Fabio with their
permission
+ s/^XS-Vcs/Vcs/
+ bump Standards-Version to 3.7.3 (no changes)
+ libxfont1 is Section: libs
+ libxfont-dev and libxfont1-dbg are Section: libdevel
diff --git a/debian/changelog b/debian/changelog
index 9370f2d..89d9445 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,8 +2,15 @@ libxfont (1:1.3.1-2) UNRELEASED; urgency=high
* High urgency upload for security fix.
* Fix a buffer overflow in the PCF font parser (CVE-2008-0006).
-
- -- Julien Cristau <[EMAIL PROTECTED]> Sat, 12 Jan 2008 11:54:08 +0100
+ * debian/control updates
+ + add myself to Uploaders, and remove Branden and Fabio with their
+ permission
+ + s/^XS-Vcs/Vcs/
+ + bump Standards-Version to 3.7.3 (no changes)
+ + libxfont1 is Section: libs
+ + libxfont-dev and libxfont1-dbg are Section: libdevel
+
+ -- Julien Cristau <[EMAIL PROTECTED]> Thu, 17 Jan 2008 00:07:29 +0100
libxfont (1:1.3.1-1) unstable; urgency=low
diff --git a/debian/control b/debian/control
index b0d5d4f..9184ca0 100644
--- a/debian/control
+++ b/debian/control
@@ -2,13 +2,14 @@ Source: libxfont
Section: x11
Priority: optional
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
-Uploaders: David Nusinow <[EMAIL PROTECTED]>, Branden Robinson <[EMAIL
PROTECTED]>, Fabio M. Di Nitto <[EMAIL PROTECTED]>, Drew Parsons <[EMAIL
PROTECTED]>
+Uploaders: David Nusinow <[EMAIL PROTECTED]>, Drew Parsons <[EMAIL
PROTECTED]>, Julien Cristau <[EMAIL PROTECTED]>
Build-Depends: debhelper (>= 5), pkg-config, libfontenc-dev,
x11proto-core-dev, xtrans-dev, x11proto-fonts-dev, x11proto-fontcache-dev,
libfreetype6-dev, quilt
-Standards-Version: 3.7.2
-XS-Vcs-Git: git://git.debian.org/git/pkg-xorg/lib/libxfont
-XS-Vcs-Browser: http://git.debian.org/?p=pkg-xorg/lib/libxfont.git
+Standards-Version: 3.7.3
+Vcs-Git: git://git.debian.org/git/pkg-xorg/lib/libxfont
+Vcs-Browser: http://git.debian.org/?p=pkg-xorg/lib/libxfont.git
Package: libxfont1
+Section: libs
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, x11-common
Description: X11 font rasterisation library
@@ -20,6 +21,7 @@ Description: X11 font rasterisation library
<URL:http://lists.freedesktop.org/mailman/listinfo/xorg>
Package: libxfont1-dbg
+Section: libdevel
Architecture: any
Priority: extra
Depends: ${shlibs:Depends}, ${misc:Depends}, x11-common, libxfont1 (=
${binary:Version})
@@ -35,6 +37,7 @@ Description: X11 font rasterisation library (debug package)
<URL:http://lists.freedesktop.org/mailman/listinfo/xorg>
Package: libxfont-dev
+Section: libdevel
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, libxfont1 (= ${binary:Version}),
libx11-dev, x11proto-core-dev, x11proto-fonts-dev, libfreetype6-dev,
libfontenc-dev (>= 1:1.0.1-1)
Pre-Depends: x11-common (>= 1:7.0.0)
commit 89631b89bccafea5f1df821796e1e5a0aa868248
Author: Julien Cristau <[EMAIL PROTECTED]>
Date: Sat Jan 12 11:54:58 2008 +0100
* Fix a buffer overflow in the PCF font parser (CVE-2008-0006).
diff --git a/debian/changelog b/debian/changelog
index 9376113..9370f2d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+libxfont (1:1.3.1-2) UNRELEASED; urgency=high
+
+ * High urgency upload for security fix.
+ * Fix a buffer overflow in the PCF font parser (CVE-2008-0006).
+
+ -- Julien Cristau <[EMAIL PROTECTED]> Sat, 12 Jan 2008 11:54:08 +0100
+
libxfont (1:1.3.1-1) unstable; urgency=low
* New upstream release.
diff --git a/debian/patches/CVE-2008-0006.diff
b/debian/patches/CVE-2008-0006.diff
new file mode 100644
index 0000000..34a1d00
--- /dev/null
+++ b/debian/patches/CVE-2008-0006.diff
@@ -0,0 +1,24 @@
+diff --git a/src/bitmap/pcfread.c b/src/bitmap/pcfread.c
+index fd41849..c5db255 100644
+--- a/src/bitmap/pcfread.c
++++ b/src/bitmap/pcfread.c
+@@ -588,6 +588,9 @@ pcfReadFont(FontPtr pFont, FontFilePtr file,
+ pFont->info.lastRow = pcfGetINT16(file, format);
+ pFont->info.defaultCh = pcfGetINT16(file, format);
+ if (IS_EOF(file)) goto Bail;
++ if (pFont->info.firstCol > pFont->info.lastCol ||
++ pFont->info.firstRow > pFont->info.lastRow ||
++ pFont->info.lastCol-pFont->info.firstCol > 255) goto Bail;
+
+ nencoding = (pFont->info.lastCol - pFont->info.firstCol + 1) *
+ (pFont->info.lastRow - pFont->info.firstRow + 1);
+@@ -726,6 +729,9 @@ pcfReadFontInfo(FontInfoPtr pFontInfo, FontFilePtr file)
+ pFontInfo->lastRow = pcfGetINT16(file, format);
+ pFontInfo->defaultCh = pcfGetINT16(file, format);
+ if (IS_EOF(file)) goto Bail;
++ if (pFontInfo->firstCol > pFontInfo->lastCol ||
++ pFontInfo->firstRow > pFontInfo->lastRow ||
++ pFontInfo->lastCol-pFontInfo->firstCol > 255) goto Bail;
+
+ nencoding = (pFontInfo->lastCol - pFontInfo->firstCol + 1) *
+ (pFontInfo->lastRow - pFontInfo->firstRow + 1);
diff --git a/debian/patches/series b/debian/patches/series
index e69de29..d19586f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -0,0 +1 @@
+CVE-2008-0006.diff
commit 844199da71f29556be3436fa0fead2f0cc0bfc1b
Author: David Nusinow <[EMAIL PROTECTED]>
Date: Tue Jan 8 20:18:49 2008 -0500
Kill the manifest code.
It served its purpose for the monolith and is now dead.
diff --git a/debian/xsfbs/xsfbs.mk b/debian/xsfbs/xsfbs.mk
index b8f7afd..4822173 100755
--- a/debian/xsfbs/xsfbs.mk
+++ b/debian/xsfbs/xsfbs.mk
@@ -196,7 +196,6 @@ xsfclean: cleanscripts unpatch
rm -rf $(STAMP_DIR) $(SOURCE_DIR)
rm -rf imports
dh_clean debian/shlibs.local \
- debian/MANIFEST.$(ARCH) debian/MANIFEST.$(ARCH).new \
debian/po/pothead
# Generate the debconf templates POT file header.
@@ -209,58 +208,6 @@ debian/po/pothead: debian/po/pothead.in
updatepo: debian/po/pothead
debian/scripts/debconf-updatepo --pot-header=pothead --verbose
-# Use the MANIFEST files to determine whether we're shipping everything we
-# expect to ship, and not shipping anything we don't expect to ship.
-.PHONY: check-manifest
-stampdir_targets+=check-manifest
-check-manifest: $(STAMP_DIR)/check-manifest
-$(STAMP_DIR)/check-manifest: $(STAMP_DIR)/install
- # Compare manifests.
- (cd debian/tmp && find -type f | LC_ALL=C sort | cut -c3-) \
- >debian/MANIFEST.$(ARCH).new
- # Construct MANIFEST files from MANIFEST.$(ARCH).in and
- # MANIFEST.$(ARCH).all or MANIFEST.all.
- if expr "$(findstring -DBuildFonts=NO,$(IMAKE_DEFINES))" \
- : "-DBuildFonts=NO" >/dev/null 2>&1; then \
- LC_ALL=C sort -u debian/MANIFEST.$(ARCH).in >debian/MANIFEST.$(ARCH);
\
- else \
- if [ -e debian/MANIFEST.$(ARCH).all ]; then \
- LC_ALL=C sort -u debian/MANIFEST.$(ARCH).in
debian/MANIFEST.$(ARCH).all >debian/MANIFEST.$(ARCH); \
- else \
- LC_ALL=C sort -u debian/MANIFEST.$(ARCH).in debian/MANIFEST.all
>debian/MANIFEST.$(ARCH); \
- fi; \
- fi
- # Confirm that the installed file list has not changed.
- if [ -e debian/MANIFEST.$(ARCH) ]; then \
- if ! cmp -s debian/MANIFEST.$(ARCH) debian/MANIFEST.$(ARCH).new; then
\
- diff -U 0 debian/MANIFEST.$(ARCH) debian/MANIFEST.$(ARCH).new ||
DIFFSTATUS=$$?; \
- case $${DIFFSTATUS:-0} in \
- 0) ;; \
- 1) if [ -n "$$IGNORE_MANIFEST_CHANGES" ]; then \
- echo 'MANIFEST check failed; ignoring problem because
\$$IGNORE_MANIFEST_CHANGES set' >&2; \
- echo 'Please ensure that the package maintainer has an
up-to-date version of the' >&2; \
- echo 'MANIFEST.$(ARCH).in file.' >&2; \
- else \
- echo 'MANIFEST check failed; please see debian/README' >&2; \
- exit 1; \
- fi; \
- ;; \
- *) echo "diff reported unexpected exit status $$DIFFSTATUS when
performing MANIFEST check" >&2; \
- exit 1; \
- ;; \
- esac; \
- fi; \
- fi
- >$@
-
-# Because we build (and install) different files depending on whether or not
-# any architecture-independent packages are being created, the list of files we
-# expect to see will differ; see the discussion of the "build" target above.
-.PHONY: check-manifest-arch check-manifest-indep
-check-manifest-arch: IMAKE_DEFINES+= -DBuildSpecsDocs=NO -DBuildFonts=NO
-DInstallHardcopyDocs=NO
-check-manifest-arch: check-manifest
-check-manifest-indep: check-manifest
-
# Remove files from the upstream source tree that we don't need, or which have
# licensing problems. It must be run before creating the .orig.tar.gz.
#
commit 331c032528ba1faebef1d8eaa56db47f533f0426
Author: David Nusinow <[EMAIL PROTECTED]>
Date: Sat Sep 22 23:49:11 2007 -0400
Remove make-orig-tar-gz target
This target wasn't kept up to date and was totally broken for the git
world. The way we use git has made this target pretty well impossible to
use in any form, so it's been supersceded by a script that is currently
located at
http://people.debian.org/~dnusinow/xsf_scripts/git-make-orig-tar-gz
diff --git a/debian/xsfbs/xsfbs.mk b/debian/xsfbs/xsfbs.mk
index bfca7bb..b8f7afd 100755
--- a/debian/xsfbs/xsfbs.mk
+++ b/debian/xsfbs/xsfbs.mk
@@ -272,29 +272,6 @@ prune-upstream-tree:
dh_testdir
grep -rvh '^#' debian/prune/ | xargs --no-run-if-empty rm -rf
-# Change to what should be the correct directory, ensure it is, and if
-# so, create the .orig.tar.gz file. Exclude the debian directory and its
-# contents, and any .svn directories and their contents (so that we can safely
-# build an .orig.tar.gz from SVN checkout, not just an export).
-#
-# Note: This rule is for Debian package maintainers' convenience, and is not
-# needed for conventional build scenarios.
-#
-# This rule *IS* the recommended method for creating a new .orig.tar.gz file,
-# for the rare situations when one is needed.
-.PHONY: make-orig-tar-gz
-make-orig-tar-gz: clean prune-upstream-tree
- ( cd .. \
- && if [ $(shell basename $(CURDIR)) != $(SOURCE_NAME)-$(NO_EPOCH_VER)
]; then \
- echo "Our current working directory has the wrong name.
Renaming..." >&2; \
- mv $(CURDIR) $(SOURCE_NAME)-$(NO_EPOCH_VER); \
- fi; \
- tar --exclude=debian --exclude=debian/* \
- --exclude=.svn --exclude=.svn/* \
- -cf - $(SOURCE_NAME)-$(NO_EPOCH_VER) \
- | gzip -9 >$(SOURCE_NAME)_$(NO_EPOCH_VER).orig.tar.gz; \
- )
-
# Verify that there are no offsets or fuzz in the patches we apply.
#
# Note: This rule is for Debian package maintainers' convenience, and is not
commit 575efb7249d7cf194f07e45db17e601d9c259231
Author: Brice Goglin <[EMAIL PROTECTED]>
Date: Wed Aug 29 09:36:00 2007 +0200
Do not call laptop-detect, let the only user call it directly
diff --git a/debian/xsfbs/xsfbs.sh b/debian/xsfbs/xsfbs.sh
index 52473ca..a90ff7d 100644
--- a/debian/xsfbs/xsfbs.sh
+++ b/debian/xsfbs/xsfbs.sh
@@ -59,13 +59,6 @@ fi
ARCHITECTURE="$(dpkg --print-installation-architecture)"
-LAPTOP=""
-if [ -n "$(which laptop-detect)" ]; then
- if laptop-detect >/dev/null; then
- LAPTOP=true
- fi
-fi
-
if [ "$1" = "reconfigure" ] || [ -n "$DEBCONF_RECONFIGURE" ]; then
RECONFIGURE="true"
else
commit 12a633f722a2ff9677728d1e2ae56767f804232a
Author: Brice Goglin <[EMAIL PROTECTED]>
Date: Thu Jul 12 16:06:22 2007 +0200
Fix "display the output of quilt push/pop".
Fix commit 16d97b30b91da02d5a3edc2b895cbd4a1995f62d to check the
return value of quilt, not the one of tee.
diff --git a/debian/xsfbs/xsfbs.mk b/debian/xsfbs/xsfbs.mk
index 5f13302..bfca7bb 100755
--- a/debian/xsfbs/xsfbs.mk
+++ b/debian/xsfbs/xsfbs.mk
@@ -147,9 +147,11 @@ $(STAMP_DIR)/patch: $(STAMP_DIR)/prepare
fi; \
if $(QUILT) next >/dev/null 2>&1; then \
echo -n "Applying patches..."; \
- if $(QUILT) push -a -v 2>&1 | tee $(STAMP_DIR)/log/patch; then \
+ if $(QUILT) push -a -v >$(STAMP_DIR)/log/patch 2>&1; then \
+ cat $(STAMP_DIR)/log/patch; \
echo "successful."; \
else \
+ cat $(STAMP_DIR)/log/patch; \
echo "failed! (check $(STAMP_DIR)/log/patch for details)"; \
exit 1; \
fi; \
@@ -164,9 +166,11 @@ unpatch:
rm -f $(STAMP_DIR)/patch
@echo -n "Unapplying patches..."; \
if [ -e $(STAMP_DIR)/patches/applied-patches ]; then \
- if $(QUILT) pop -a -v 2>&1 | tee $(STAMP_DIR)/log/unpatch; then \
+ if $(QUILT) pop -a -v >$(STAMP_DIR)/log/unpatch 2>&1; then \
+ cat $(STAMP_DIR)/log/unpatch; \
echo "successful."; \
else \
+ cat $(STAMP_DIR)/log/unpatch; \
echo "failed! (check $(STAMP_DIR)/log/unpatch for details)"; \
exit 1; \
fi; \
commit e29b56820909668b062fdba72458ee9483a4ae44
Author: Brice Goglin <[EMAIL PROTECTED]>
Date: Mon Jul 9 21:50:47 2007 +0200
Minor fixes in the patching system.
* Fix debian/rules to not be confused by ~/.quiltrc or QUILT_PATCHES (as
in #369920).
* Display which patches are applied and removed instead of just the first
one (for #428090).
diff --git a/debian/xsfbs/xsfbs.mk b/debian/xsfbs/xsfbs.mk
index 2930c1e..5f13302 100755
--- a/debian/xsfbs/xsfbs.mk
+++ b/debian/xsfbs/xsfbs.mk
@@ -21,6 +21,11 @@
# Pass $(DH_OPTIONS) into the environment for debhelper's benefit.
export DH_OPTIONS
+# force quilt to not use ~/.quiltrc
+QUILT = quilt --quiltrc /dev/null
+# force QUILT_PATCHES to the default in case it is exported in the environment
+QUILT_PATCHES = patches/
+
# Set up parameters for the upstream build environment.
# Determine (source) package name from Debian changelog.
@@ -140,9 +145,9 @@ $(STAMP_DIR)/patch: $(STAMP_DIR)/prepare
echo "Couldn't find quilt. Please install it or add it to the
build-depends for this package."; \
exit 1; \
fi; \
- if quilt next >/dev/null 2>&1; then \
+ if $(QUILT) next >/dev/null 2>&1; then \
echo -n "Applying patches..."; \
- if quilt push -a -v 2>&1 | tee $(STAMP_DIR)/log/patch; then \
+ if $(QUILT) push -a -v 2>&1 | tee $(STAMP_DIR)/log/patch; then \
echo "successful."; \
else \
echo "failed! (check $(STAMP_DIR)/log/patch for details)"; \
@@ -159,7 +164,7 @@ unpatch:
rm -f $(STAMP_DIR)/patch
@echo -n "Unapplying patches..."; \
if [ -e $(STAMP_DIR)/patches/applied-patches ]; then \
- if quilt pop -a -v 2>&1 | tee $(STAMP_DIR)/log/unpatch; then \
+ if $(QUILT) pop -a -v 2>&1 | tee $(STAMP_DIR)/log/unpatch; then \
echo "successful."; \
else \
echo "failed! (check $(STAMP_DIR)/log/unpatch for details)"; \
@@ -295,17 +300,17 @@ patch-audit: prepare unpatch
@echo -n "Auditing patches..."; \
>$(STAMP_DIR)/log/patch; \
FUZZY=; \
- while [ -n "$$(quilt next)" ]; do \
- RESULT=$$(quilt push -v | tee -a $(STAMP_DIR)/log/patch | grep ^Hunk
| sed 's/^Hunk.*\(succeeded\|FAILED\).*/\1/');\
+ while [ -n "$$($(QUILT) next)" ]; do \
+ RESULT=$$($(QUILT) push -v | tee -a $(STAMP_DIR)/log/patch | grep
^Hunk | sed 's/^Hunk.*\(succeeded\|FAILED\).*/\1/');\
case "$$RESULT" in \
succeeded) \
- echo "fuzzy patch: $$(quilt top)" \
- | tee -a $(STAMP_DIR)/log/$$(quilt top); \
+ echo "fuzzy patch: $$($(QUILT) top)" \
+ | tee -a $(STAMP_DIR)/log/$$($(QUILT) top); \
FUZZY=yes; \
;; \
FAILED) \
- echo "broken patch: $$(quilt next)" \
- | tee -a $(STAMP_DIR)/log/$$(quilt next); \
+ echo "broken patch: $$($(QUILT) next)" \
+ | tee -a $(STAMP_DIR)/log/$$($(QUILT) next); \
exit 1; \
;; \
esac; \
commit 16d97b30b91da02d5a3edc2b895cbd4a1995f62d
Author: Brice Goglin <[EMAIL PROTECTED]>
Date: Mon Jul 9 19:06:05 2007 +0200
Fix displaying of patches applied by quilt.
As requested in bug #428090, we silence the output of quilt next
and display the output of quilt push/pop.
diff --git a/debian/xsfbs/xsfbs.mk b/debian/xsfbs/xsfbs.mk
index 63dde45..2930c1e 100755
--- a/debian/xsfbs/xsfbs.mk
+++ b/debian/xsfbs/xsfbs.mk
@@ -140,9 +140,9 @@ $(STAMP_DIR)/patch: $(STAMP_DIR)/prepare
echo "Couldn't find quilt. Please install it or add it to the
build-depends for this package."; \
exit 1; \
fi; \
- if quilt next; then \
+ if quilt next >/dev/null 2>&1; then \
echo -n "Applying patches..."; \
- if quilt push -a -v >$(STAMP_DIR)/log/patch 2>&1; then \
+ if quilt push -a -v 2>&1 | tee $(STAMP_DIR)/log/patch; then \
echo "successful."; \
else \
echo "failed! (check $(STAMP_DIR)/log/patch for details)"; \
@@ -159,7 +159,7 @@ unpatch:
rm -f $(STAMP_DIR)/patch
@echo -n "Unapplying patches..."; \
if [ -e $(STAMP_DIR)/patches/applied-patches ]; then \
- if quilt pop -a -v >$(STAMP_DIR)/log/unpatch 2>&1; then \
+ if quilt pop -a -v 2>&1 | tee $(STAMP_DIR)/log/unpatch; then \
echo "successful."; \
else \
echo "failed! (check $(STAMP_DIR)/log/unpatch for details)"; \
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
