Changelog for libXfont1-1.5.1-13.1.x86_64.rpm :
Tue Aug 29 14:00:00 2017 msrbAATTsuse.com
- u_Check-for-end-of-string-in-PatterMatch.patch

* Security fix (bnc#1054285 CVE-2017-13720)
- u_Open-files-with-O_NOFOLLOW.patch

* Security fix (bnc#1050459)
- u_pcfGetProperties-Check-string-boundaries.patch,
u_pcfGetProperties-Free-strings-if-we-bail-out.patch

* Security fix (bnc#1049692 CVE-2017-13722)

Fri Apr 1 14:00:00 2016 sndirschAATTsuse.com
- Package update needed for xorg-server 1.18.2 update on sle12
(fate #320388)

Fri Apr 1 14:00:00 2016 sndirschAATTsuse.com
- Update to release 1.5.1

* This release of libXfont provides the fixes for the
security advisory about BDF font parsing bugs (CVE-2015-1802,
CVE-2015-1803, CVE-2015-1804)
- supersedes patches:

* u_libxfont_bdfreadproperties_property_count_needs_range_check.patch

* u_libxfont_bdfreadcharacters_bailout_if_a_char_s_bitmap_cannot_be_read.patch

* u_libxfont_bdfreadcharacters_ensure_metrics_fit_into_xcharinfo_struct.patch

Fri Apr 1 14:00:00 2016 sndirschAATTsuse.com
- Update to final release 1.5.0

* no changes since 1.4.99.901

Fri Apr 1 14:00:00 2016 sndirschAATTsuse.com
- Update to version 1.4.99.901

* This is a release candidate of libXfont 1.5.0 - please test and
report any issues found, so we can have a final/stable release
soon to go with the xorg-server 1.16 release.

*
*IMPORTANT
* This release works with fontsproto 2.1.3 or later
and is for use with the upcoming release of xorg-server 1.16
and later. It will
*not
* work with older versions of
fontsproto or xorg-server (prior to 1.15.99.901).

* This release includes all the security & bug fixes from
libXfont 1.4.8, plus these additional significant changes:
- Support for SNF font format (deprecated since X11R5 in 1991)
is now disabled by default at build time. For now, adding
- -enable-snfformat to configure flags may re-enable it, but
support may be fully removed in future libXfont releases.
- Many compiler warnings cleaned up, including some which
required API changes around type declarations (const char
*,
Pointer, etc.).
- README file expanded to explain all the different formats/
options.
- supersedes patches:

* u_0001-CVE-2014-0209-integer-overflow-of-realloc-size-in-Fo.patch

* u_0002-CVE-2014-0209-integer-overflow-of-realloc-size-in-le.patch

* u_0003-CVE-2014-0210-unvalidated-length-in-_fs_recv_conn_se.patch

* u_0004-CVE-2014-0210-unvalidated-lengths-when-reading-repli.patch

* u_0005-CVE-2014-0211-Integer-overflow-in-fs_get_reply-_fs_s.patch

* u_0006-CVE-2014-0210-unvalidated-length-fields-in-fs_read_q.patch

* u_0007-CVE-2014-0211-integer-overflow-in-fs_read_extent_inf.patch

* u_0008-CVE-2014-0211-integer-overflow-in-fs_alloc_glyphs.patch

* u_0009-CVE-2014-0210-unvalidated-length-fields-in-fs_read_e.patch

* u_0010-CVE-2014-0210-unvalidated-length-fields-in-fs_read_g.patch

* u_0011-CVE-2014-0210-unvalidated-length-fields-in-fs_read_l.patch

* u_0012-CVE-2014-0210-unvalidated-length-fields-in-fs_read_l.patch
- added baselibs.conf as source to spec file

Fri Apr 1 14:00:00 2016 sndirschAATTsuse.com
- update to current git commit a96cc1f to match current fontsproto
git sources

Tue Dec 8 13:00:00 2015 eichAATTsuse.com
- U_bdfReadCharacters-Allow-negative-DWIDTH-values.patch
Negative DWIDTH is legal. This was broken by the fix for
CVE-2015-1804. Fixed upstream with commit 1a73d6 (boo#958383).

Mon Mar 16 13:00:00 2015 msrbAATTsuse.com
- u_libxfont_bdfreadproperties_property_count_needs_range_check.patch
u_libxfont_bdfreadcharacters_bailout_if_a_char_s_bitmap_cannot_be_read.patch
u_libxfont_bdfreadcharacters_ensure_metrics_fit_into_xcharinfo_struct.patch

* Security fixes. (bnc#921978, CVE-2015-1802, CVE-2015-1803, CVE-2015-1804)

Fri May 9 14:00:00 2014 msrbAATTsuse.com
- u_0001-CVE-2014-0209-integer-overflow-of-realloc-size-in-Fo.patch,
u_0002-CVE-2014-0209-integer-overflow-of-realloc-size-in-le.patch,
u_0003-CVE-2014-0210-unvalidated-length-in-_fs_recv_conn_se.patch,
u_0004-CVE-2014-0210-unvalidated-lengths-when-reading-repli.patch,
u_0005-CVE-2014-0211-Integer-overflow-in-fs_get_reply-_fs_s.patch,
u_0006-CVE-2014-0210-unvalidated-length-fields-in-fs_read_q.patch,
u_0007-CVE-2014-0211-integer-overflow-in-fs_read_extent_inf.patch,
u_0008-CVE-2014-0211-integer-overflow-in-fs_alloc_glyphs.patch,
u_0009-CVE-2014-0210-unvalidated-length-fields-in-fs_read_e.patch,
u_0010-CVE-2014-0210-unvalidated-length-fields-in-fs_read_g.patch,
u_0011-CVE-2014-0210-unvalidated-length-fields-in-fs_read_l.patch,
u_0012-CVE-2014-0210-unvalidated-length-fields-in-fs_read_l.patch

* Security fixes. (CVE-2014-0209, CVE-2014-0210, CVE-2014-0211,
bnc#857544)

Wed Jan 8 13:00:00 2014 sndirschAATTsuse.com
- Update to version 1.4.7
This release includes the fix for CVE-2013-6462, as well as
other security hardening and code cleanups, and makes libXfont
compatible with libXtrans 1.3 on Solaris. (bnc#854915)

Sat Aug 17 14:00:00 2013 zaitorAATTopensuse.org
- Update to version 1.4.6:
+ Require ANSI C89 pre-processor, drop pre-C89 token pasting
support.
+ Protect config.h inclusion with ifdef HAVE_CONFIG_H, like
usual.
+ Replace deprecated Automake INCLUDES variable with AM_CPPFLAGS.
+ autogen.sh: Implement GNOME Build API.
+ configure: Remove AM_MAINTAINER_MODE.
+ catalogue: Fix obvious thinko.
+ Omit catalogue support on systems without symlinks.
+ If socket is interrupted with signal EINTR, re-attempt read.

Sun Feb 17 13:00:00 2013 jengelhAATTinai.de
- Use more robust make install call

Thu Apr 12 14:00:00 2012 vuntzAATTopensuse.org
- Update to version 1.4.5:
+ Updates to better handle fonts compressed with compress(1)
+ Do proper input validation to fix for CVE-2011-2895
+ Fix crash if pcf header is corrupted
+ Cleanups for compiler warnings
+ Improvements for the developer documentation
+ Build configuration improvements
- Changes from version 1.4.4:
+ LZW decompress: fix for CVE-2011-2895
+ Fix memory leak
+ Build configuration improvements
- Drop U_libXfont_LZW-decompress-fix-for-CVE-2011-2895.patch: fixed
upstream.

Tue Feb 7 13:00:00 2012 jengelhAATTmedozas.de
- Split xorg-x11-libs into separate packages