--- libxfont1-1.5.2.orig/ChangeLog +++ libxfont1-1.5.2/ChangeLog @@ -16,21 +16,21 @@ Found by clang's Address Sanitizer - crac.num_auths = set_font_authorizations(&authorizations, &authlen, - client); - /* Work around bug in xfs versions up through modular release 1.0.8 - which rejects CreateAC packets with num_auths = 0 & authlen < 4 */ - if (crac.num_auths == 0) { - authorizations = padding; - authlen = 4; - } else { - authlen = (authlen + 3) & ~0x3; - } - crac.length = (sizeof (fsCreateACReq) + authlen) >> 2; - crac.acid = cur->acid; - _fs_add_req_log(conn, FS_CreateAC); - _fs_write(conn, (char *) &crac, sizeof (fsCreateACReq)); - _fs_write(conn, authorizations, authlen); + crac.num_auths = set_font_authorizations(&authorizations, &authlen, + client); + /* Work around bug in xfs versions up through modular release 1.0.8 + which rejects CreateAC packets with num_auths = 0 & authlen < 4 */ + if (crac.num_auths == 0) { + authorizations = padding; + authlen = 4; + } else { + authlen = (authlen + 3) & ~0x3; + } + crac.length = (sizeof (fsCreateACReq) + authlen) >> 2; + crac.acid = cur->acid; + _fs_add_req_log(conn, FS_CreateAC); + _fs_write(conn, (char *) &crac, sizeof (fsCreateACReq)); + _fs_write(conn, authorizations, authlen); In the case in the report, set_font_authorizations setup authorizations as a 34 byte buffer (and authlen set to 34 as one would expect). The following @@ -1375,7 +1375,7 @@ Conflicts: - ChangeLog + ChangeLog Signed-off-by: Yaakov Selkowitz @@ -2188,7 +2188,7 @@ This patch adds a new FPE type, which will match font path elements of the form - catalogue: + catalogue: The dir specified after the catalogue: prefix will be scanned for symlinks and each symlink destination will be added as a local fontfile FPE. @@ -2198,22 +2198,22 @@ An example configuration: - 75dpi:unscaled:pri=20 -> /usr/share/X11/fonts/75dpi - ghostscript:pri=60 -> /usr/share/fonts/default/ghostscript - misc:unscaled:pri=10 -> /usr/share/X11/fonts/misc - type1:pri=40 -> /usr/share/X11/fonts/Type1 - type1:pri=50 -> /usr/share/fonts/default/Type1 + 75dpi:unscaled:pri=20 -> /usr/share/X11/fonts/75dpi + ghostscript:pri=60 -> /usr/share/fonts/default/ghostscript + misc:unscaled:pri=10 -> /usr/share/X11/fonts/misc + type1:pri=40 -> /usr/share/X11/fonts/Type1 + type1:pri=50 -> /usr/share/fonts/default/Type1 will add /usr/share/X11/fonts/misc as the first FPE with the attribute 'unscaled', second FPE will be /usr/share/X11/fonts/75dpi, also with the attribute unscaled etc. This is functionally equivalent to setting the following font path: - /usr/share/X11/fonts/misc:unscaled, - /usr/share/X11/fonts/75dpi:unscaled, - /usr/share/X11/fonts/Type1, - /usr/share/fonts/default/Type1, - /usr/share/fonts/default/ghostscript + /usr/share/X11/fonts/misc:unscaled, + /usr/share/X11/fonts/75dpi:unscaled, + /usr/share/X11/fonts/Type1, + /usr/share/fonts/default/Type1, + /usr/share/fonts/default/ghostscript The motivation is to let font packages add a symlink to the new font directory they provide instead of rewriting either the Xorg config file --- libxfont1-1.5.2.orig/autogen.sh +++ libxfont1-1.5.2/autogen.sh @@ -0,0 +1,14 @@ +#! /bin/sh + +srcdir=`dirname $0` +test -z "$srcdir" && srcdir=. + +ORIGDIR=`pwd` +cd $srcdir + +autoreconf -v --install || exit 1 +cd $ORIGDIR || exit $? + +if test -z "$NOCONFIGURE"; then + $srcdir/configure "$@" +fi --- libxfont1-1.5.2.orig/debian/README.source +++ libxfont1-1.5.2/debian/README.source @@ -0,0 +1,49 @@ +------------------------------------------------------ +Quick Guide To Patching This Package For The Impatient +------------------------------------------------------ + +1. Make sure you have quilt installed +2. Unpack the package as usual with "dpkg-source -x" +3. Run the "patch" target in debian/rules +4. Create a new patch with "quilt new" (see quilt(1)) +5. Edit all the files you want to include in the patch with "quilt edit" + (see quilt(1)). +6. Write the patch with "quilt refresh" (see quilt(1)) +7. Run the "clean" target in debian/rules + +Alternatively, instead of using quilt directly, you can drop the patch in to +debian/patches and add the name of the patch to debian/patches/series. + +------------------------------------ +Guide To The X Strike Force Packages +------------------------------------ + +The X Strike Force team maintains X packages in git repositories on +git.debian.org in the pkg-xorg subdirectory. Most upstream packages +are actually maintained in git repositories as well, so they often +just need to be pulled into git.debian.org in a "upstream-*" branch. +Otherwise, the upstream sources are manually installed in the Debian +git repository. + +The .orig.tar.gz upstream source file could be generated this +"upstream-*" branch in the Debian git repository but it is actually +copied from upstream tarballs directly. + +Due to X.org being highly modular, packaging all X.org applications +as their own independent packages would have created too many Debian +packages. For this reason, some X.org applications have been grouped +into larger packages: xutils, xutils-dev, x11-apps, x11-session-utils, +x11-utils, x11-xfs-utils, x11-xkb-utils, x11-xserver-utils. +Most packages, including the X.org server itself and all libraries +and drivers are, however maintained independently. + +The Debian packaging is added by creating the "debian-*" git branch +which contains the aforementioned "upstream-*" branch plus the debian/ +repository files. +When a patch has to be applied to the Debian package, two solutions +are involved: +* If the patch is available in one of the upstream branches, it + may be git'cherry-picked into the Debian repository. In this + case, it appears directly in the .diff.gz. +* Otherwise, the patch is added to debian/patches/ which is managed + with quilt as documented in /usr/share/doc/quilt/README.source. --- libxfont1-1.5.2.orig/debian/changelog +++ libxfont1-1.5.2/debian/changelog @@ -0,0 +1,428 @@ +libxfont1 (1:1.5.2-4ubuntu2) bionic; urgency=medium + + * SECURITY UPDATE: non-privileged arbitrary file access + - debian/patches/CVE-2017-16611.patch: open files with O_NOFOLLOW in + src/fontfile/dirfile.c, src/fontfile/fileio.c. + - CVE-2017-16611 + + -- Marc Deslauriers Wed, 29 Nov 2017 15:12:15 -0500 + +libxfont1 (1:1.5.2-4ubuntu1) artful; urgency=medium + + * SECURITY UPDATE: invalid memory read in PatternMatch + - debian/patches/CVE-2017-13720.patch: check for end of string in + src/fontfile/fontdir.c. + - CVE-2017-13720 + * SECURITY UPDATE: DoS or info leak via malformed PCF file + - debian/patches/CVE-2017-13722.patch: check string boundaries in + src/bitmap/pcfread.c. + - CVE-2017-13722 + + -- Marc Deslauriers Fri, 06 Oct 2017 10:05:59 -0400 + +libxfont1 (1:1.5.2-4) unstable; urgency=medium + + [ Andreas Boll ] + * Fix a typo in override_dh_strip. + * Remove dh-autoreconf build-dep. Not needed with debhelper 10. + * Remove obsolete Conflicts from pre-wheezy. + * Update a bunch of URLs in packaging to https. + * Remove superfluous --libdir from dh_auto_configure. Not needed with + debhelper compat level >= 9. + + -- Timo Aaltonen Thu, 24 Nov 2016 21:26:43 +0200 + +libxfont1 (1:1.5.2-3) unstable; urgency=medium + + * Drop libxfont1-udeb. + * Switch to -dbgsym. + * Bump debhelper compat to 10. Drop --with quilt and --parallel flags, + they are enabled by default now. + + -- Timo Aaltonen Thu, 24 Nov 2016 00:16:53 +0200 + +libxfont1 (1:1.5.2-2) unstable; urgency=medium + + * Rename source to libxfont1. + * Rename dev package to libxfont1-dev. + * control: Move to oldlibs. + * control: Add myself to uploaders. + + -- Timo Aaltonen Thu, 17 Nov 2016 13:19:18 +0200 + +libxfont (1:1.5.2-1) unstable; urgency=medium + + * Team upload. + * New upstream release. + * Use https URL in watch file. + * Add Adam Jackson's key to debian/upstream/signing-key.asc. + * Bump Standards-Version to 3.9.8. + * Use https URLs in Vcs-* control fields. + * Remove Drew from Uploaders. + + -- Julien Cristau Sat, 24 Sep 2016 12:46:32 +0200 + +libxfont (1:1.5.1-1) unstable; urgency=high + + * New upstream release + + bdfReadProperties: property count needs range check [CVE-2015-1802] + + bdfReadCharacters: bailout if a char's bitmap cannot be read + [CVE-2015-1803] + + bdfReadCharacters: ensure metrics fit into xCharInfo struct + [CVE-2015-1804] + + -- Julien Cristau Tue, 17 Mar 2015 16:55:21 +0100 + +libxfont (1:1.4.99.901-1) unstable; urgency=medium + + * New upstream release candidate. + + includes the CVE-2014-{0209,0210,0211} patches + * Remove Cyril from Uploaders. + * Allow uscan to verify tarball signature. + + -- Julien Cristau Sat, 12 Jul 2014 17:44:11 +0200 + +libxfont (1:1.4.7-2) unstable; urgency=high + + * Pull from upstream git to fix FTBFS with new fontsproto (closes: #746052) + * CVE-2014-0209: integer overflow of allocations in font metadata + * CVE-2014-0210: unvalidated length fields when parsing xfs protocol replies + * CVE-2014-0211: integer overflows calculating memory needs for xfs replies + * Add breaks on xfs because we broke it by disabling font protocol support + in 1.4.7. + + -- Julien Cristau Tue, 13 May 2014 17:25:49 +0200 + +libxfont (1:1.4.7-1) unstable; urgency=high + + * New upstream release + + CVE-2013-6462: unlimited sscanf overflows stack buffer in + bdfReadCharacters() + * Don't put dbg symbols from the udeb in the dbg package. + * dev package is no longer Multi-Arch: same (closes: #720026). + * Disable support for connecting to a font server. That code is horrible and + full of holes. + + -- Julien Cristau Tue, 07 Jan 2014 17:51:29 +0100 + +libxfont (1:1.4.6-1) unstable; urgency=low + + * New upstream release. + * Build for multiarch (closes: #654252). Patch by Riku Voipio, thanks! + * Disable silent build rules. + + -- Julien Cristau Mon, 12 Aug 2013 18:28:57 +0200 + +libxfont (1:1.4.5-2) unstable; urgency=low + + * Ease sync for Ubuntu: strip -Bsymbolic-functions from LDFLAGS + (LP: #992745). + + -- Cyril Brulebois Thu, 03 May 2012 19:59:46 +0200 + +libxfont (1:1.4.5-1) unstable; urgency=low + + [ Cyril Brulebois ] + * New upstream release. + * Switch to dh: + - Bump debhelper build-dep and compat. + - Rewrite debian/rules, using autoreconf and quilt sequences. + - Adjust build dependencies accordingly. + - Use build-main and build-udeb as build directories. + - Adjust .install accordingly. + * Remove xsfbs accordingly. + * Add support for hardened build flags through dpkg-buildflags, based + on a patch by Moritz Muehlenhoff, thanks! (Closes: #654154). + + [ Julien Cristau ] + * Remove David Nusinow from Uploaders. + + -- Cyril Brulebois Sun, 04 Mar 2012 09:24:59 +0000 + +libxfont (1:1.4.4-1) unstable; urgency=high + + [ Julien Cristau ] + * Drop Pre-Depends on x11-common (only needed for upgrades from the + monolith) and Replaces on xlibs-static-dev (hasn't existed in forever). + + [ Cyril Brulebois ] + * New upstream release: + - LZW decompress: fix for CVE-2011-2895. From the commit message: + “Specially crafted LZW stream can crash an application using libXfont + that is used to open untrusted font files. With X server, this may + allow privilege escalation when exploited.” + * Set urgency to “high” accordingly. + * Update debian/copyright from upstream COPYING. + * Bump xorg-sgml-doctools build-dep. + * Drop xorg.css from .install, no longer shipped upstream. + + -- Cyril Brulebois Thu, 11 Aug 2011 11:17:16 +0200 + +libxfont (1:1.4.3-2) unstable; urgency=low + + * Upload to unstable. + + -- Cyril Brulebois Sat, 05 Feb 2011 11:48:49 +0100 + +libxfont (1:1.4.3-1) experimental; urgency=low + + * New upstream release. + * Bump xutils-dev build-dep for new macros. + * Add xmlto, xorg-sgml-doctools, and w3m build-dep for the doc. + * Pass --with-xmlto and --without-fop for the regular build (we want + html and txt only). Disable both for the udeb build. + * Tweak doc filenames, and handle that through dh_install. + * Add --fail-missing -XlibXfont.la for the second dh_install call (the + udeb one), for additional safety. + + -- Cyril Brulebois Fri, 19 Nov 2010 01:17:48 +0100 + +libxfont (1:1.4.2-1) experimental; urgency=low + + * New upstream release. + * Bump xutils-dev build-dep for new xorg-macros. + * Bump shlibs for register_fpe_functions(). + * Update debian/copyright. + * Bump Standards-Version to 3.9.0, no changes. + + -- Julien Cristau Wed, 07 Jul 2010 18:25:15 +0100 + +libxfont (1:1.4.1-2) unstable; urgency=low + + [ Julien Cristau ] + * Rename the build directory to not include DEB_BUILD_GNU_TYPE for no + good reason. Thanks, Colin Watson! + * Remove myself from Uploaders + + [ Cyril Brulebois ] + * Use dh_makeshlibs’s -V argument instead of debian/libxfont1.shlibs + * Add udeb needed for the graphical installer: libxfont1-udeb. + * Version the B-D on libfontenc-dev to ensure libxfont1-udeb gets a + dependency on libfontenc1-udeb. + * Use a bzip2-less flavour for the udeb. + * Bump Standards-Version from 3.8.3 to 3.8.4 (no changes needed). + * Fix obsolete-relation-form-in-source by using “<<” instead of “<” for + xprint in Conflicts, thanks to lintian. + * Add myself to Uploaders. + + -- Cyril Brulebois Wed, 10 Mar 2010 20:05:31 +0100 + +libxfont (1:1.4.1-1) unstable; urgency=low + + * New upstream release. + * Bump xutils-dev build-dep for new util-macros. + * Build documentation, install it in libxfont-dev. + * Enable support for bzip2 compressed bitmap fonts. + * Don't use LDFLAGS from the environment. Ubuntu sets that to + -Bsymbolic-functions, which breaks libXfont's weak symbols usage. + + -- Julien Cristau Wed, 02 Dec 2009 11:12:13 +0100 + +libxfont (1:1.4.0-3) unstable; urgency=low + + * libxfont1 Conflicts: xprint (< 2:1.6.0-1). + The requiem release of xprint (1.6) will not conflict with + libxfont1. I am assured the garlic wreaths should prove most + efficacious at protecting the general public from the undead. + * Standards version 3.8.3. + + -- Drew Parsons Sat, 31 Oct 2009 11:29:34 +1100 + +libxfont (1:1.4.0-2) unstable; urgency=high + + * libxfont1 Conflicts with xprint, printer font support was removed upstream + in 1.4.0 (closes: #535952). + * Add README.source from xsfbs. Bump Standards-Version to 3.8.2. + + -- Julien Cristau Sun, 02 Aug 2009 13:36:46 +0200 + +libxfont (1:1.4.0-1) unstable; urgency=low + + * New upstream release. + * Move libxfont1-dbg to new section 'debug'. + + -- Julien Cristau Mon, 13 Apr 2009 12:11:23 +0100 + +libxfont (1:1.3.4-2) unstable; urgency=low + + * Update debian/copyright from upstream COPYING. + * Upload to unstable. + + -- Julien Cristau Mon, 16 Feb 2009 19:31:59 +0100 + +libxfont (1:1.3.4-1) experimental; urgency=low + + * Wrap build-deps in debian/control. + * Run autoreconf on build; build-dep on xutils-dev, autoconf, automake and + libtool. + * Handle parallel builds. + * New upstream release. + * Drop obsolete x11proto-fontcache-dev build-dependency. + + -- Julien Cristau Tue, 23 Dec 2008 15:06:37 +0100 + +libxfont (1:1.3.3-1) unstable; urgency=high + + [ Julien Cristau ] + * Drop dependency on x11-common from libxfont1{,-dbg}. + * New upstream bugfix release. + * Disable the type1 rasterizer and support for speedo font files. The + former is a security hazard, and Speedo fonts are disabled in the X server + since before etch anyway. + * Urgency high so the above gets in lenny. + + [ Brice Goglin ] + * Add upstream URL to debian/copyright. + * Add a link to www.X.org and a reference to the upstream module + in the long description. + + -- Julien Cristau Thu, 17 Jul 2008 22:50:03 +0200 + +libxfont (1:1.3.2-1) unstable; urgency=low + + * New upstream release + * Drop CVE-2008-0006.diff, included upstream. + + -- Julien Cristau Fri, 07 Mar 2008 13:32:43 +0100 + +libxfont (1:1.3.1-2) unstable; urgency=high + + * High urgency upload for security fix. + * Fix a buffer overflow in the PCF font parser (CVE-2008-0006). + * debian/control updates + + add myself to Uploaders, and remove Branden and Fabio with their + permission + + s/^XS-Vcs/Vcs/ + + bump Standards-Version to 3.7.3 (no changes) + + libxfont1 is Section: libs + + libxfont-dev and libxfont1-dbg are Section: libdevel + + -- Julien Cristau Thu, 17 Jan 2008 00:09:38 +0100 + +libxfont (1:1.3.1-1) unstable; urgency=low + + * New upstream release. + * Add libxfont1.shlibs, bump shlibs to >= 1:1.2.9. + + -- Julien Cristau Wed, 05 Sep 2007 22:45:57 +0200 + +libxfont (1:1.2.9-1) unstable; urgency=low + + * New upstream version. + - Add a new 'catalogue' FPE (font path element), which takes font + paths from symlinks in a dir. + * Use libxfont1 (= ${binary:Version}) instead of ${Source-Version} + in debian/control. + + -- Drew Parsons Sat, 23 Jun 2007 09:40:45 +1000 + +libxfont (1:1.2.8-1) unstable; urgency=low + + * Add XS-Vcs-Browser to debian/control. + * New upstream release. + + drop patch from 1:1.2.2-2, applied upstream. + * Upload to unstable. + + -- Julien Cristau Wed, 11 Apr 2007 15:52:11 +0200 + +libxfont (1:1.2.7-1) experimental; urgency=low + + * New upstream release. + * Add XS-Vcs-Git header to debian/control, and drop obsolete CVS information. + * Install the upstream ChangeLog. + + -- Julien Cristau Fri, 16 Feb 2007 14:32:57 +0100 + +libxfont (1:1.2.2-2) unstable; urgency=high + + * Grab patch from upstream git to fix security issues: + + CVE-2007-1351: BDFFont Parsing Integer Overflow + + CVE-2007-1352: fonts.dir File Parsing Integer Overflow + + -- Julien Cristau Tue, 03 Apr 2007 19:31:24 +0200 + +libxfont (1:1.2.2-1) unstable; urgency=high + + * New upstream version. + - closes security bug in CID encoded fonts (iDefense CVE-ID + 2006-3739, 2006-3740) + - applies patches 10_freetype_buffer_overflow.patch, 10_pcf_font.patch + * dbg package has priority extra. + + -- Drew Parsons Wed, 13 Sep 2006 17:50:06 +1000 + +libxfont (1:1.2.0-2) unstable; urgency=high + + * Apply upstream patch 10_pcf_font.patch (security vulnerability + CVE-2006-3467). Closes: #383353. + * Upload to unstable to ensure patch is propagated quickly. + * Apply patch 10_freetype_buffer_overflow.patch while we're at it + (no known exploits). + + -- Drew Parsons Thu, 17 Aug 2006 07:45:40 +1000 + +libxfont (1:1.2.0-1) experimental; urgency=low + + * New upstream version. Closes: #364854. + - builds and works with Freetype 2.2. Closes: #362920, #370149. + * Standards version 3.7.2. + * libxfont-dev doesn't need both Depends: and Pre-Depends: x11-common. + * Use debhelper 5, tidy up debian/rules to match. + * libxfont does not provide libfontcache.so! + + -- Drew Parsons Thu, 27 Jul 2006 15:08:14 +1000 + +libxfont (1:1.1.0-1) UNRELEASED; urgency=low + + [ David Nusinow ] + * New upstream release + * Remove obsolete patch 01_fontserver_fix_SEGV.diff + + [ Andres Salomon ] + * Test for obj-$(DEB_BUILD_GNU_TYPE) before creating it during build; + idempotency fix. + * Run dh_install w/ --list-missing. + + -- Andres Salomon Mon, 17 Jul 2006 01:20:57 -0400 + +libxfont (1:1.0.0-4) unstable; urgency=low + + * Reorder makeshlib command in rules file so that ldconfig is run + properly. Thanks Drew Parsons and Steve Langasek. + * Add quilt to build-depends + + -- David Nusinow Wed, 19 Apr 2006 00:10:33 -0400 + +libxfont (1:1.0.0-3) unstable; urgency=low + + * Upload to unstable + + -- David Nusinow Thu, 23 Mar 2006 22:44:39 -0500 + +libxfont (1:1.0.0-2) experimental; urgency=low + + * Have libxfont-dev depend on libfreetype6-dev and libfontenc-dev. Thanks + Eugene Konev. + * Port patches from trunk + + general/099v_fontserver_fix_SEGV.diff + + -- David Nusinow Sun, 26 Feb 2006 18:35:44 -0500 + +libxfont (1:1.0.0-1) experimental; urgency=low + + * First upload to Debian + + -- David Nusinow Thu, 29 Dec 2005 20:51:40 -0500 + +libxfont (1:0.99.0+cvs.20050909-1) breezy; urgency=low + + * Fix the XFONT_FONTCACHE/FONTCACHE define in configure.ac (close: + Ubuntu#14319). + + -- Daniel Stone Fri, 9 Sep 2005 15:39:57 +1000 + +libxfont (1:0.99.0-1) breezy; urgency=low + + * First libxfont release. + + -- Daniel Stone Mon, 16 May 2005 22:10:17 +1000 --- libxfont1-1.5.2.orig/debian/compat +++ libxfont1-1.5.2/debian/compat @@ -0,0 +1 @@ +10 --- libxfont1-1.5.2.orig/debian/control +++ libxfont1-1.5.2/debian/control @@ -0,0 +1,57 @@ +Source: libxfont1 +Section: x11 +Priority: optional +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Debian X Strike Force +Uploaders: Timo Aaltonen +Build-Depends: + debhelper (>= 10), + quilt, + pkg-config, + libfontenc-dev (>= 1:1.0.5-2), + x11proto-core-dev, + xtrans-dev, + x11proto-fonts-dev, + libfreetype6-dev, + zlib1g-dev, + libbz2-dev, + xutils-dev (>= 1:7.5+4), +# devel-docs + xmlto, xorg-sgml-doctools (>= 1:1.7), w3m, +Standards-Version: 3.9.8 +Vcs-Git: https://anonscm.debian.org/git/pkg-xorg/lib/libxfont.git +Vcs-Browser: https://anonscm.debian.org/git/pkg-xorg/lib/libxfont.git + +Package: libxfont1 +Section: oldlibs +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Breaks: xfs (<< 1:1.1.4) +Pre-Depends: ${misc:Pre-Depends} +Multi-Arch: same +Description: X11 font rasterisation library + libXfont provides various services for X servers, most notably font + selection and rasterisation (through external libraries). + . + More information about X.Org can be found at: + + . + This module can be found at + git://anongit.freedesktop.org/git/xorg/lib/libXfont + +Package: libxfont1-dev +Section: libdevel +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, libxfont1 (= ${binary:Version}), libx11-dev, x11proto-core-dev, x11proto-fonts-dev, libfreetype6-dev, libfontenc-dev (>= 1:1.0.1-1) +Description: X11 font rasterisation library (development headers) + libXfont provides various services for X servers, most notably font + selection and rasterisation (through external libraries). + . + This package contains the development headers for the library found in + libxfont1. Non-developers likely have little use for this package. + . + More information about X.Org can be found at: + + . + This module can be found at + git://anongit.freedesktop.org/git/xorg/lib/libXfont --- libxfont1-1.5.2.orig/debian/copyright +++ libxfont1-1.5.2/debian/copyright @@ -0,0 +1,265 @@ +This package was downloaded from +https://xorg.freedesktop.org/releases/individual/lib/ + +Copyright © 2007 Red Hat, Inc +Copyright (c) 2008, 2009, Oracle and/or its affiliates. All rights reserved. + +Permission is hereby granted, free of charge, to any person obtaining a +copy of this software and associated documentation files (the "Software"), +to deal in the Software without restriction, including without limitation +the rights to use, copy, modify, merge, publish, distribute, sublicense, +and/or sell copies of the Software, and to permit persons to whom the +Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice (including the next +paragraph) shall be included in all copies or substantial portions of the +Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE. + +Copyright (c) 1997 by Mark Leisher +Copyright (c) 1998-2003 by Juliusz Chroboczek +Copyright (c) 1998 Go Watanabe, All rights reserved. +Copyright (c) 1998 Kazushi (Jam) Marukawa, All rights reserved. +Copyright (c) 1998 Takuya SHIOZAKI, All rights reserved. +Copyright (c) 1998 X-TrueType Server Project, All rights reserved. +Copyright (c) 2003-2004 After X-TT Project, All rights reserved. + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. + + +Copyright 1990, 1998 The Open Group + +Permission to use, copy, modify, distribute, and sell this software and its +documentation for any purpose is hereby granted without fee, provided that +the above copyright notice appear in all copies and that both that +copyright notice and this permission notice appear in supporting +documentation. + +The above copyright notice and this permission notice shall be included +in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR +OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, +ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR +OTHER DEALINGS IN THE SOFTWARE. + +Except as contained in this notice, the name of The Open Group shall +not be used in advertising or otherwise to promote the sale, use or +other dealings in this Software without prior written authorization +from The Open Group. + + +Copyright 1989 by Digital Equipment Corporation, Maynard, Massachusetts. + + All Rights Reserved + +Permission to use, copy, modify, and distribute this software and its +documentation for any purpose and without fee is hereby granted, +provided that the above copyright notice appear in all copies and that +both that copyright notice and this permission notice appear in +supporting documentation, and that the name of Digital not be +used in advertising or publicity pertaining to distribution of the +software without specific, written prior permission. + +DIGITAL DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING +ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL +DIGITAL BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR +ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, +WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, +ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS +SOFTWARE. + + +Copyright 1999 SuSE, Inc. + +Permission to use, copy, modify, distribute, and sell this software and its +documentation for any purpose is hereby granted without fee, provided that +the above copyright notice appear in all copies and that both that +copyright notice and this permission notice appear in supporting +documentation, and that the name of SuSE not be used in advertising or +publicity pertaining to distribution of the software without specific, +written prior permission. SuSE makes no representations about the +suitability of this software for any purpose. It is provided "as is" +without express or implied warranty. + +SuSE DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL SuSE +BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + + +Copyright 1990 Network Computing Devices + +Permission to use, copy, modify, distribute, and sell this software and +its documentation for any purpose is hereby granted without fee, provided +that the above copyright notice appear in all copies and that both that +copyright notice and this permission notice appear in supporting +documentation, and that the name of Network Computing Devices not be used +in advertising or publicity pertaining to distribution of the software +without specific, written prior permission. Network Computing Devices +makes no representations about the suitability of this software for any +purpose. It is provided "as is" without express or implied warranty. + +NETWORK COMPUTING DEVICES DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS +SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, +IN NO EVENT SHALL NETWORK COMPUTING DEVICES BE LIABLE FOR ANY SPECIAL, +INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE +OR PERFORMANCE OF THIS SOFTWARE. + + +Copyright 1990 Network Computing Devices + +Permission to use, copy, modify, distribute, and sell this software and +its documentation for any purpose is hereby granted without fee, provided +that the above copyright notice appear in all copies and that both that +copyright notice and this permission notice appear in supporting +documentation, and that the names of Network Computing Devices, or Digital +not be used in advertising or publicity pertaining to distribution +of the software without specific, written prior permission. + +NETWORK COMPUTING DEVICES, AND DIGITAL AND DISCLAIM ALL WARRANTIES WITH +REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL NETWORK COMPUTING DEVICES, +OR DIGITAL BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL +DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR +PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS +ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF +THIS SOFTWARE. + + +[Note: clause 3 in the following license, the "advertising clause", was +rescinded by Berkeley in 1999. See +] + +Copyright (c) 1991, 1993 + The Regents of the University of California. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. +3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + This product includes software developed by the University of + California, Berkeley and its contributors. +4. Neither the name of the University nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + + +Copyright (c) 1998-1999 Shunsuke Akiyama . +All rights reserved. +Copyright (c) 1998-1999 X-TrueType Server Project, All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + + +Copyright © 2004 Keith Packard + +Permission to use, copy, modify, distribute, and sell this software and its +documentation for any purpose is hereby granted without fee, provided that +the above copyright notice appear in all copies and that both that +copyright notice and this permission notice appear in supporting +documentation, and that the name of Keith Packard not be used in +advertising or publicity pertaining to distribution of the software without +specific, written prior permission. Keith Packard makes no +representations about the suitability of this software for any purpose. It +is provided "as is" without express or implied warranty. + +KEITH PACKARD DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, +INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO +EVENT SHALL KEITH PACKARD BE LIABLE FOR ANY SPECIAL, INDIRECT OR +CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, +DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER +TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +PERFORMANCE OF THIS SOFTWARE. + + +/* lib/font/fontfile/gunzip.c + written by Mark Eichin September 1996. + intended for inclusion in X11 public releases. */ + + +Copyright (c) 1999 The XFree86 Project Inc. + +All Rights Reserved. + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN +AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +Except as contained in this notice, the name of The XFree86 Project +Inc. shall not be used in advertising or otherwise to promote the +sale, use or other dealings in this Software without prior written +authorization from The XFree86 Project Inc.. --- libxfont1-1.5.2.orig/debian/libxfont1-dev.install +++ libxfont1-1.5.2/debian/libxfont1-dev.install @@ -0,0 +1,8 @@ +usr/include/X11/* +usr/lib/*/libXfont.a +usr/lib/*/libXfont.so +usr/lib/*/pkgconfig/xfont.pc + +# Extra doc, under noinst_* in doc/Makefile.am: +../../build/doc/*.html usr/share/doc/libxfont1-dev/ +../../build/doc/*.txt usr/share/doc/libxfont1-dev/ --- libxfont1-1.5.2.orig/debian/libxfont1.install +++ libxfont1-1.5.2/debian/libxfont1.install @@ -0,0 +1 @@ +usr/lib/*/libXfont.so.1* --- libxfont1-1.5.2.orig/debian/patches/CVE-2017-13720.patch +++ libxfont1-1.5.2/debian/patches/CVE-2017-13720.patch @@ -0,0 +1,27 @@ +From d1e670a4a8704b8708e493ab6155589bcd570608 Mon Sep 17 00:00:00 2001 +From: Michal Srb +Date: Thu, 20 Jul 2017 13:38:53 +0200 +Subject: Check for end of string in PatternMatch (CVE-2017-13720) + +If a pattern contains '?' character, any character in the string is skipped, +even if it is '\0'. The rest of the matching then reads invalid memory. + +Reviewed-by: Peter Hutterer +Signed-off-by: Julien Cristau + +Index: libxfont1-1.5.2/src/fontfile/fontdir.c +=================================================================== +--- libxfont1-1.5.2.orig/src/fontfile/fontdir.c 2017-10-06 10:05:45.574623929 -0400 ++++ libxfont1-1.5.2/src/fontfile/fontdir.c 2017-10-06 10:05:45.570623873 -0400 +@@ -399,8 +399,10 @@ PatternMatch(char *pat, int patdashes, c + } + } + case '?': +- if (*string++ == XK_minus) ++ if ((t = *string++) == XK_minus) + stringdashes--; ++ if (!t) ++ return 0; + break; + case '\0': + return (*string == '\0'); --- libxfont1-1.5.2.orig/debian/patches/CVE-2017-13722.patch +++ libxfont1-1.5.2/debian/patches/CVE-2017-13722.patch @@ -0,0 +1,45 @@ +From 672bb944311392e2415b39c0d63b1e1902905bcd Mon Sep 17 00:00:00 2001 +From: Michal Srb +Date: Thu, 20 Jul 2017 17:05:23 +0200 +Subject: pcfGetProperties: Check string boundaries (CVE-2017-13722) + +Without the checks a malformed PCF file can cause the library to make +atom from random heap memory that was behind the `strings` buffer. +This may crash the process or leak information. + +Signed-off-by: Julien Cristau + +Index: libxfont1-1.5.2/src/bitmap/pcfread.c +=================================================================== +--- libxfont1-1.5.2.orig/src/bitmap/pcfread.c 2017-10-06 10:05:52.978728190 -0400 ++++ libxfont1-1.5.2/src/bitmap/pcfread.c 2017-10-06 10:05:52.966728021 -0400 +@@ -44,6 +44,7 @@ from The Open Group. + + #include + #include ++#include + + void + pcfError(const char* message, ...) +@@ -310,11 +311,19 @@ pcfGetProperties(FontInfoPtr pFontInfo, + if (IS_EOF(file)) goto Bail; + position += string_size; + for (i = 0; i < nprops; i++) { ++ if (props[i].name >= string_size) { ++ pcfError("pcfGetProperties(): String starts out of bounds (%ld/%d)\n", props[i].name, string_size); ++ goto Bail; ++ } + props[i].name = MakeAtom(strings + props[i].name, +- strlen(strings + props[i].name), TRUE); ++ strnlen(strings + props[i].name, string_size - props[i].name), TRUE); + if (isStringProp[i]) { ++ if (props[i].value >= string_size) { ++ pcfError("pcfGetProperties(): String starts out of bounds (%ld/%d)\n", props[i].value, string_size); ++ goto Bail; ++ } + props[i].value = MakeAtom(strings + props[i].value, +- strlen(strings + props[i].value), TRUE); ++ strnlen(strings + props[i].value, string_size - props[i].value), TRUE); + } + } + free(strings); --- libxfont1-1.5.2.orig/debian/patches/CVE-2017-16611.patch +++ libxfont1-1.5.2/debian/patches/CVE-2017-16611.patch @@ -0,0 +1,104 @@ +From 5ed8ac0e4f063825b8ecda48e9a111d3ce92e825 Mon Sep 17 00:00:00 2001 +From: Michal Srb +Date: Thu, 26 Oct 2017 09:48:13 +0200 +Subject: Open files with O_NOFOLLOW. (CVE-2017-16611) + +A non-privileged X client can instruct X server running under root to open any +file by creating own directory with "fonts.dir", "fonts.alias" or any font file +being a symbolic link to any other file in the system. X server will then open +it. This can be issue with special files such as /dev/watchdog. + +Reviewed-by: Matthieu Herrb + +diff --git a/src/fontfile/dirfile.c b/src/fontfile/dirfile.c +index 38ced75..661787a 100644 +--- a/src/fontfile/dirfile.c ++++ b/src/fontfile/dirfile.c +@@ -41,6 +41,7 @@ in this Software without prior written authorization from The Open Group. + #include + #include + #include ++#include + #include + #include + +@@ -60,8 +61,9 @@ FontFileReadDirectory (const char *directory, FontDirectoryPtr *pdir) + char dir_file[MAXFONTFILENAMELEN]; + char dir_path[MAXFONTFILENAMELEN]; + char *ptr; +- FILE *file; +- int count, ++ FILE *file = 0; ++ int file_fd, ++ count, + num_fonts, + status; + struct stat statb; +@@ -91,7 +93,14 @@ FontFileReadDirectory (const char *directory, FontDirectoryPtr *pdir) + if (dir_file[strlen(dir_file) - 1] != '/') + strcat(dir_file, "/"); + strcat(dir_file, FontDirFile); ++#ifndef WIN32 ++ file_fd = open(dir_file, O_RDONLY | O_NOFOLLOW); ++ if (file_fd >= 0) { ++ file = fdopen(file_fd, "rt"); ++ } ++#else + file = fopen(dir_file, "rt"); ++#endif + if (file) { + #ifndef WIN32 + if (fstat (fileno(file), &statb) == -1) +@@ -261,7 +270,8 @@ ReadFontAlias(char *directory, Bool isFile, FontDirectoryPtr *pdir) + char alias[MAXFONTNAMELEN]; + char font_name[MAXFONTNAMELEN]; + char alias_file[MAXFONTFILENAMELEN]; +- FILE *file; ++ int file_fd; ++ FILE *file = 0; + FontDirectoryPtr dir; + int token; + char *lexToken; +@@ -279,7 +289,16 @@ ReadFontAlias(char *directory, Bool isFile, FontDirectoryPtr *pdir) + strcat(alias_file, "/"); + strcat(alias_file, FontAliasFile); + } ++ ++#ifndef WIN32 ++ file_fd = open(alias_file, O_RDONLY | O_NOFOLLOW); ++ if (file_fd >= 0) { ++ file = fdopen(file_fd, "rt"); ++ } ++#else + file = fopen(alias_file, "rt"); ++#endif ++ + if (!file) + return ((errno == ENOENT) ? Successful : BadFontPath); + if (!dir) +diff --git a/src/fontfile/fileio.c b/src/fontfile/fileio.c +index d44cecd..992873a 100644 +--- a/src/fontfile/fileio.c ++++ b/src/fontfile/fileio.c +@@ -39,6 +39,9 @@ in this Software without prior written authorization from The Open Group. + #ifndef O_CLOEXEC + #define O_CLOEXEC 0 + #endif ++#ifndef O_NOFOLLOW ++#define O_NOFOLLOW 0 ++#endif + + FontFilePtr + FontFileOpen (const char *name) +@@ -47,7 +50,7 @@ FontFileOpen (const char *name) + int len; + BufFilePtr raw, cooked; + +- fd = open (name, O_BINARY|O_CLOEXEC); ++ fd = open (name, O_BINARY|O_CLOEXEC|O_NOFOLLOW); + if (fd < 0) + return 0; + raw = BufFileOpenRead (fd); +-- +cgit v0.10.2 + --- libxfont1-1.5.2.orig/debian/patches/series +++ libxfont1-1.5.2/debian/patches/series @@ -0,0 +1,4 @@ +# placeholder +CVE-2017-13720.patch +CVE-2017-13722.patch +CVE-2017-16611.patch --- libxfont1-1.5.2.orig/debian/rules +++ libxfont1-1.5.2/debian/rules @@ -0,0 +1,40 @@ +#!/usr/bin/make -f + +CFLAGS = $(shell dpkg-buildflags --get CFLAGS) +CFLAGS += -Wall +CPPFLAGS = $(shell dpkg-buildflags --get CPPFLAGS) +LDFLAGS = $(shell dpkg-buildflags --get LDFLAGS) + +# Strip -Bsymbolic-functions (set by default on Ubuntu) to avoid breakages: +LDFLAGS := $(LDFLAGS:-Wl,-Bsymbolic-functions=) + +CONFFLAGS += \ + --with-bzip2 \ + --with-xmlto \ + --disable-fc \ + --enable-builtins \ + --enable-pcfformat \ + --enable-bdfformat \ + --enable-devel-docs \ + --without-fop \ + --disable-silent-rules \ + CFLAGS="$(CFLAGS)" \ + CPPFLAGS="$(CPPFLAGS)" \ + LDFLAGS="$(LDFLAGS)" + + +override_dh_auto_configure: + dh_auto_configure -- $(CONFFLAGS) + +override_dh_install: + find debian/tmp -name '*.la' -delete + dh_install -a --fail-missing + +override_dh_strip: + dh_strip --dbgsym-migration='libxfont1-dbg (<< 1:1.5.2-3~)' + +override_dh_makeshlibs: + dh_makeshlibs -V'libxfont1 (>= 1:1.4.2)' + +%: + dh $@ --with quilt --builddirectory=build/ --- libxfont1-1.5.2.orig/debian/upstream/signing-key.asc +++ libxfont1-1.5.2/debian/upstream/signing-key.asc @@ -0,0 +1,101 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1 + +mQGiBEab+moRBACDH5yKqS3wcc5bdxY7PBNuwKvF5TKMfagmSvuRDtZjjIIWaA/n +Z1KboV9Gq5g7kP7+Kfu+Qgd8u65eVsWwmPW10fXvj3aCU53glx2EdGdrHcgiyH2g +EQfPiyBw+trIppWFRV0IDXSLMA1FNC92t2nSG/VFHaPTVwcgkIRSfcXDvwCglGdE +a6f4uLqoNHP+m4yYnzapFuMD/R4+2AJDAvEWKDdYCGZzlawjAmmWyXrmT7/C/mx9 +8qUR473l4buXjHgDkkXXlHqdzil1vK85PhrKzNJDCCmlHUJNz+QwiAMOLwpD+kwV +Pb57RG7y+a5JQ5+jtVw4RlUxZIk/wj2An9YBO3A5vR7PdjM32ZJCN2+aM4dYfNzQ +xQKTA/47icvBaBVTl9rztjg2pd2Aqpc1P/GsIYLGj7XjnnJvGAENBHSH1QjpZMJG +CTS9oJ+B0/wrIr+pA+MdFgYAb6ojMQJOO6UChjWWSGjMFcs/CeXhxlLBido3DtAE +TbNTwO6OEfAvdosvTdhJFnwvZlJ+zZGGy5CrF2Fd9PUe9tmASbQoQWxhbiBDb29w +ZXJzbWl0aCA8YWxhbmNAZnJlZWRlc2t0b3Aub3JnPohoBBMRAgAoAhsDBgsJCAcD +AgYVCAIJCgsEFgIDAQIeAQIXgAUCUXnRYgUJFEPYeAAKCRCi+54IHy0TDonxAKCP +cAgXNojuujUg5Wqi6v0RBFVSUgCggq1SsVEdq9NDWvXvkeGyNaBivSK0K0FsYW4g +Q29vcGVyc21pdGggPGFsYW4uY29vcGVyc21pdGhAc3VuLmNvbT6IZgQTEQIAJgIb +AwYLCQgHAwIEFQIIAwQWAgMBAh4BAheABQJRedFiBQkUQ9h4AAoJEKL7nggfLRMO +6sUAn0jl3h9rY4OJ13Lu7nsKclyhDpOqAKCFgTmaDGRuDRxloLg9jftrn7a7vrQu +QWxhbiBDb29wZXJzbWl0aCA8YWxhbi5jb29wZXJzbWl0aEBvcmFjbGUuY29tPohr +BBMRAgArAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAIZAQUCUXnRYgUJFEPY +eAAKCRCi+54IHy0TDtBZAJ9IgVVNoFIPRjTsNjcSFaLznuDRJgCcC/WgV312IrxS +Q8PRAyEgozSB9Ke5Ag0ERpv6bxAIAJp5aUlho5rUhpS6ik7spsAQFPRuycPKMNu0 +J4F0v/OoPz085soV8ytLj4HqCGk2Zamh1jSgliZwuk9m7V7Wgxx+nBJawpWDX/eK +LObErfDwQ4dfOFvjbXLQMmNnQNaUGIWLPP3l8GuBOHMq60Bu+TPgh627vUntL5RE +QEQqTXIzWC6U10QsDblLwIvdOVSdGF5xl/N1myXzSKvrsZwWtoFc8G9v9hcCjhtN +1sm9b7Ojc51iZXvcetcvPy5RA6AUW3yEExaedUdLnvIF9sjFYIfJWFVYh2AgavnG +re6fF+NV2v3zfx3wRT7H9//m4YIDYJmgZgyQccXegTwfGBIq3osAAwYH/1FiMUMM +ES5Ilz2nDqId+DCWECAU6wgvIFRcXrZWxDxB+ZrnmTCXoAD0xedpfOkRHp8XTVc/ +9MU+wQ+lZRx2OQ6MJW0XGuFvHm94KZF/8HzWA2Ah7U4n0+3sLpk6zWceZq2zZNF0 +yVTjwD98+xNK1Q9sP8aOKdtg8yMH3hisKR6rdW+mfX5q0Q8Gol2hZsFH/qyIhnPz +hXDknuOh8E5iMkzrejVXUEn++Yzj23XjP59SObLznVkyxI+kBI9qvVEPfFBDybjH +WqLcgRcCpXAzjizEi+/d31iDa2ErJHV4R42obecFqiPnoDtiX3IiP7z9fmxM4aWP +ZZRqvq+1ht5wkn+ISQQYEQIACQUCRpv6bwIbDAAKCRCi+54IHy0TDoLoAKCHYRpw +/XfyEunw1YL/uMZzl78qIQCdFVcXNbqD83qVhW4Ly7hyDL8o0aK5Ag0EUXnVIQEQ +AKHpjOmY056n0tsZoW9q5egsMcl5tKC8uimrhO05nnq+5/60/YedC++V9c9b/3/X +7O28LyBkAtBgD0xJZSDQ0DhTzKAp6AzjQtBvI68uinGwxSjT+oQpPMxqhA1I0kzo +EDCdEqV+HsVOAEdbAi/tP9bbdTDzwVc8MWDriamBUqc53Rb00Mffy9435UgTS4gA +hMwANhy6XZmOMBhITOzxFJUEDTDJtLbE0b1jPRQS7NHQgak1inmuvPMc3wAuoEcS +CSt1xupbYsBoXOjK5wC/eE1LIdZoRyW2OkT140DqDZ8zfRID860hnirnYgb09TPN +tj93pudUAUt6T9+tcLN4/rxhxHOwse66KGHO4bQ1rZ6mfco6SYd9V60cL6hC2eMe +cyxZliMu17lj7EX8lxUH+omIgHc7HGoyUR6V+WB60cxWj5v05zdeLeZ2aLBcPFhx +lfDESm8f4ezdJSDS1QZmC0P5h3RJfhhfmdBr8kHzr7111D1/O71Av1VV5FyJ9YxU +Sxp4IPuzK7JbbgVHcA6PvXrDzWUslmZgPADpKH4hTmG/NdCqhEXcufvY6s5yNksB +8X3ReNvuSSyfGnRz3kvtyK0XzC7KRX2PquLI6A8KJprHwZGqEB1NDG8b2iaYnghO +jyfIYEVQF3nGfaBwv4lrCPEoZSUaK8f/NQZjNU8NQyTnABEBAAGJAm0EGBEKAA8F +AlF51SECGwIFCQlmAYACKQkQovueCB8tEw7BXSAEGQEKAAYFAlF51SEACgkQz98U +iCjGQqfW5g//dOdJHt23cdMyz5VADaE7u+L0E+eX9GtHF4J649eXsui59EtbHh2n +XdGhd5SqQ8FDi9GCEKaQ4S31n/YBLEBCkj7R0IMikW2o78/JxDovB8+aL606hgma +fNVx1aIshIglrl8Xlu3sjeAvG48W6YjdL2mfrIDHjIVwOZsMihbOJvST6Q3upHdn +mjDtM5HCQmI5NEXDWYj6IZuhJnnrDWwNsyYV4KPoUBxAcqIyCeZbVssuWWnHPXX8 +VavVq98vpVynfGzGYpJbDj19C/utMjKGI5dcvbVaucA7X/oktxrxS6SBDhuIaAE9 +4ZHlbxqfyHfETI/La2Z/ALDAtYdhJR2gSkTHyKSW1QqYlulSfB//lnna44mmTuRO +NbDNgb0FGSvtsBMZ80iHDqPgUfS60kxCfFrsSGfTFU+X4QAzpTtUJEcr+J4HULDe +MfwOgghVfmKxFXWfud8xDaCXuywLTtVgMCZp4P7MAyuJlaxsFTu+c1Vly94grk4U +MtALLMqCXSosA490gLTSdg3HSwxt2Q/LJdy427ZIMvjGXIruns8U/OmL9dVgWu3b +JHsL68Skx8Ts63qTN9QXM/PB+8VwOaC7PJ+g6t40DleOmdsS8cN31yf5KB8rsL4u +n4u1yrMJfpnSblPMu5wJi3kjoA+Dd5ZFqx9nTi4wBjfVYGCPsleq59K8kQCYx1Cn +lZcq630ITy9dB/aHCQry2gCbBwZ2Rsf9kr05S8uLhlwW3vRSvRs= +=tc6G +-----END PGP PUBLIC KEY BLOCK----- +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2 + +mQGiBEDLnMIRBACNlsJkPRfH7RMOn7nirvYN5StKVvwdJa2MFUM3sjoaA11nW+Zw +Yxion4GkbIOtz25R29TcwuAaK1UWhy1Rz6aIOOMOzBeUNGGCvRXF76rKHBHOdSJw +AXEvNa/9rKOIaPL7PBN7Lb4CmrjEbA9gKYtZQD9qQSKcAwyyxszkW1e7TwCg7MbV +Bq5MWlATjOAzXLoSpgyENwMD/jPz53KmwUobbqri2pFhozacl5N93cy7b3pwpTZY +fM50cXVSSshYpqdCr5AoWG/DXNGRixv1DnBKOI2Cv6YAQLntcATHxR8ssemOZHRv +7D0hvWwC3o6GSKdg0rSOtRHfDhEL4IFVmPLZaXIRDZ0/ancrCuQPdZ9mzCi/LQmV +noTeA/kB73zJMYH7Z0TSKv490AMWQHbKVvos8+tXxATlq0Otib+s55LXQocSPjgp +GR5qKzqTn9elg2dyo4GYeAYvGBmhQtBdeYo1rVq2pC6HCzMG79zozL9O25SnDLpj +WoqJB6qHBAd9tlTHzkRxv1Fqr4jfIupNborXbhR25tiYOm72irQcQWRhbSBKYWNr +c29uIDxhamF4QG53bmsubmV0PohhBBMRAgAhAhsDBgsJCAcDAgMVAgMDFgIBAh4B +AheABQJEZNYGAhkBAAoJEFuKLVCg7NDTlj8AoL9RgTs++HaD5w5lYARcE+OB+0Jg +AKDZBhJhVgOsEjeg7atMglFR7s36mrQeQWRhbSBKYWNrc29uIDxhamF4QHJlZGhh +dC5jb20+iGAEExECACAFAkfENSICGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAK +CRBbii1QoOzQ0x6CAJ0fevUkaaBcTzKa0lTgfNFQ0E+JwgCfaWy44eNKttn4WWEZ +CTGF+e+zraS0IEFkYW0gSmFja3NvbiA8YWpheEBlbmdyLnNnaS5jb20+iF4EExEC +AB4FAkHB1gECGwMGCwkIBwMCAxUCAwMWAgECHgECF4AACgkQW4otUKDs0NNTOgCg +lu1MOCbysvn68WReXz+v02+y2VkAoL12gktA0TFZnPBk3cweEAwCkUlXtCZBZGFt +IEphY2tzb24gPGFqYXhAd2lsZG9wZW5zb3VyY2UuY29tPoheBBMRAgAeBQJBriSn +AhsDBgsJCAcDAgMVAgMDFgIBAh4BAheAAAoJEFuKLVCg7NDTOe4AnRUJ6FqQLaoY +XWCToQdl/Gry4UNZAJ97YYHMt1FIo1TLCWWozSiG+VtTq7QnQWRhbSBKYWNrc29u +IDxhamF4QGJlbnplZHJpbmUubnduay5uZXQ+iF4EExECAB4FAkRk1eACGwMGCwkI +BwMCAxUCAwMWAgECHgECF4AACgkQW4otUKDs0NN+fwCg2cPLDbAb07gMWBETKTRm +sj34FsAAn0SQ4kuqs9Ms0ZRKDqNQ1YTMwyEHuQINBEDLnNAQCACrbu13VZsigsM6 +8MzfdGQ4x/acO4Vd+Dg/aFj3EhPfXZHRauuJ7gQtWc9Mk2ghTjbqEXj0JILbif95 +IyShdC/fxEYiFybRODR6FHlXj6BFCxZFfqi4mOuaGQ4BeB57g/gW+FSoIPzYU4IY +85KD62qeS37zQEBAAK+mCEboUGfPT0wHrkFtkTObjOg7UTjpBp5/HknUREYo8mLo +WBv7CDlApicmXoqnKfAcFaNY2YLMjklwFHh2i2+6dPbkdWSEpuZhkxIQ/8JlYS6A +2g5DMKcNdmqr4Z6xjk8Fj1SO7ILc9EtR+ACqkqkmlU3m4AUHjdR/4kk7tEJ5DytP +c95JcuJnAAMFB/9KWUqJbdeHs47LJBksZ6tnHArcSG653e9uejtNt5xquJIz2wxb +exMV9Bkzwu9v/A8Vo7px7Bkhh++sBrgpGD4z5Jr+PaWOsw5qrO9OVVgzXkUf2QoD +gw4Hh8m9jpx1s6tNasPsy12OGMJ4a5a1GCGg8F7sPlWLBd491viavDyOWYkKozLH +hXwKlGOec0sCRGeHTiqPinxs29PXaTE7Dl/f2dYgiNzTSWetSx7Sv1H9EX4qxPgc +smdRuGV7k7dIw/J02rcI/Ol4OUORRMY2cgJnb5mNxIxTgTGJysm+MjfPrZnOeDVK +TroAYtas/uirqiNzk7fdIdUdgbOhsAl9n3QZiEYEGBECAAYFAkDLnNAACgkQW4ot +UKDs0NP3CACfS1DKwgN/rB7Ib+RJiuK0F/BQoEYAoOhr0VXCT5dP0Yr1kIad7njC +GBF1 +=bYOv +-----END PGP PUBLIC KEY BLOCK----- --- libxfont1-1.5.2.orig/debian/watch +++ libxfont1-1.5.2/debian/watch @@ -0,0 +1,4 @@ +#git=git://anongit.freedesktop.org/xorg/lib/libXfont +version=3 +opts="pgpsigurlmangle=s/$/.sig/" \ +https://xorg.freedesktop.org/releases/individual/lib/ libXfont-(.*)\.tar\.gz