commit 6ed205bd618f3f3016e34ab132019d53d0623576
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Thu May 15 19:21:07 2014 -0700

    libXfont 1.4.8
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 23a7a10aaada0a4b00272b512bd430545ce799e3
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Fri May 2 19:24:17 2014 -0700

    CVE-2014-0210: unvalidated length fields in fs_read_list_info()
    
    fs_read_list_info() parses a reply from the font server.  The reply
    contains a number of additional data items with embedded length or
    count fields, none of which are validated. This can cause out of
    bound reads when looping over these items in the reply.
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    (cherry picked from commit d338f81df1e188eb16e1d6aeea7f4800f89c1218)

commit a455f111eb2779e3258d49c1c003d3023d1b9bab
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Fri May 2 19:24:17 2014 -0700

    CVE-2014-0210: unvalidated length fields in fs_read_list()
    
    fs_read_list() parses a reply from the font server.  The reply
    contains a list of strings with embedded length fields, none of
    which are validated. This can cause out of bound reads when looping
    over the strings in the reply.
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    (cherry picked from commit 5fa73ac18474be3032ee7af9c6e29deab163ea39)

commit 2b7b6f21ec67c2e4fdc3cee9db3199a6edef5c5c
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Fri Apr 25 23:03:24 2014 -0700

    CVE-2014-0210: unvalidated length fields in fs_read_glyphs()
    
    fs_read_glyphs() parses a reply from the font server.  The reply
    contains embedded length fields, none of which are validated.
    This can cause out of bound reads when looping over the glyph
    bitmaps in the reply.
    
    Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Reviewed-by: Adam Jackson <ajax@redhat.com>
    Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
    (cherry picked from commit 520683652564c2a4e42328ae23eef9bb63271565)

commit 573c3fdcb934ca1f3243f6ced40e1f037ea6cefe
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Fri Apr 25 23:03:05 2014 -0700

    CVE-2014-0210: unvalidated length fields in fs_read_extent_info()
    
    Looping over the extents in the reply could go past the end of the
    reply buffer if the reply indicated more extents than could fit in
    the specified reply length.
    
    Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Reviewed-by: Adam Jackson <ajax@redhat.com>
    Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
    (cherry picked from commit a3f21421537620fc4e1f844a594a4bcd9f7e2bd8)

commit 4b762a7eb73d4d84466331be2d48565561018fc1
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Fri Apr 25 23:02:54 2014 -0700

    CVE-2014-0211: integer overflow in fs_alloc_glyphs()
    
    fs_alloc_glyphs() is a malloc wrapper used by the font code.
    It contains a classic integer overflow in the malloc() call,
    which can cause memory corruption.
    
    Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Reviewed-by: Adam Jackson <ajax@redhat.com>
    Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
    (cherry picked from commit a42f707f8a62973f5e8bbcd08afb10a79e9cee33)

commit e6d9db84113650c4f4d9bebddb60cdb72690d798
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Fri Apr 25 23:02:42 2014 -0700

    CVE-2014-0211: integer overflow in fs_read_extent_info()
    
    fs_read_extent_info() parses a reply from the font server.
    The reply contains a 32bit number of elements field which is used
    to calculate a buffer length. There is an integer overflow in this
    calculation which can lead to memory corruption.
    
    Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Reviewed-by: Adam Jackson <ajax@redhat.com>
    Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
    (cherry picked from commit c578408c1fd4db09e4e3173f8a9e65c81cc187c1)

commit fb4ecda3014744fa690959da9c5b09233b73c016
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Fri Apr 25 23:02:34 2014 -0700

    CVE-2014-0210: unvalidated length fields in fs_read_query_info()
    
    fs_read_query_info() parses a reply from the font server.  The reply
    contains embedded length fields, none of which are validated.  This
    can cause out of bound reads in either fs_read_query_info() or in
    _fs_convert_props() which it calls to parse the fsPropInfo in the reply.
    
    Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Reviewed-by: Adam Jackson <ajax@redhat.com>
    Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
    (cherry picked from commit 491291cabf78efdeec8f18b09e14726a9030cc8f)

commit 633005ac24a44dacaf6beb3ed240ae0ea7e022d7
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Fri Apr 25 23:02:25 2014 -0700

    CVE-2014-0211: Integer overflow in fs_get_reply/_fs_start_read
    
    fs_get_reply() would take any reply size, multiply it by 4 and pass to
    _fs_start_read.  If that size was bigger than the current reply buffer
    size, _fs_start_read would add it to the existing buffer size plus the
    buffer size increment constant and realloc the buffer to that result.
    
    This math could overflow, causing the code to allocate a smaller
    buffer than the amount it was about to read into that buffer from
    the network.  It could also succeed, allowing the remote font server
    to cause massive allocations in the X server, possibly using up all
    the address space in a 32-bit X server, allowing the triggering of
    other bugs in code that fails to handle malloc failure properly.
    
    This patch protects against both problems, by disconnecting any
    font server trying to feed us more than (the somewhat arbitrary)
    64 mb in a single reply.
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Reviewed-by: Adam Jackson <ajax@redhat.com>
    Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
    (cherry picked from commit 0f1a5d372c143f91a602bdf10c917d7eabaee09b)

commit 647d9ea15e34779afa442d362997d92488778907
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Fri Apr 25 23:02:12 2014 -0700

    CVE-2014-0210: unvalidated lengths when reading replies from font server
    
    Functions to handle replies to font server requests were casting replies
    from the generic form to reply specific structs without first checking
    that the reply was at least as long as the struct being cast to.
    
    Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Reviewed-by: Adam Jackson <ajax@redhat.com>
    Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
    (cherry picked from commit cbb64aef35960b2882be721f4b8fbaa0fb649d12)

commit 23dcf6b1da8b5088856aef12b4a3f4581836f63a
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Fri Apr 25 23:02:00 2014 -0700

    CVE-2014-0210: unvalidated length in _fs_recv_conn_setup()
    
    The connection setup reply from the font server can include a list
    of alternate servers to contact if this font server stops working.
    
    The reply specifies a total size of all the font server names, and
    then provides a list of names. _fs_recv_conn_setup() allocated the
    specified total size for copying the names to, but didn't check to
    make sure it wasn't copying more data to that buffer than the size
    it had allocated.
    
    Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Reviewed-by: Adam Jackson <ajax@redhat.com>
    Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
    (cherry picked from commit 891e084b26837162b12f841060086a105edde86d)

commit 26643c0c3f4e53945516e20e00dfbb4d69a39c65
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Fri Apr 25 23:01:48 2014 -0700

    CVE-2014-0209: integer overflow of realloc() size in lexAlias()
    
    lexAlias() reads from a file in a loop. It does this by starting with a
    64 byte buffer.  If that size limit is hit, it does a realloc of the
    buffer size << 1, basically doubling the needed length every time the
    length limit is hit.
    
    Eventually, this will shift out to 0 (for a length of ~4gig), and that
    length will be passed on to realloc().  A length of 0 (with a valid
    pointer) causes realloc to free the buffer on most POSIX platforms,
    but the caller will still have a pointer to it, leading to use after
    free issues.
    
    Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Reviewed-by: Adam Jackson <ajax@redhat.com>
    Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
    (cherry picked from commit 05c8020a49416dd8b7510cbba45ce4f3fc81a7dc)

commit 0a37bf2d9977db81573f300b0dc203df8fe108b5
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Fri Apr 25 23:01:11 2014 -0700

    CVE-2014-0209: integer overflow of realloc() size in FontFileAddEntry()
    
    FontFileReadDirectory() opens a fonts.dir file, and reads over every
    line in an fscanf loop.  For each successful entry read (font name,
    file name) a call is made to FontFileAddFontFile().
    
    FontFileAddFontFile() will add a font file entry (for the font name
    and file) each time it’s called, by calling FontFileAddEntry().
    FontFileAddEntry() will do the actual adding.  If the table it has
    to add to is full, it will do a realloc, adding 100 more entries
    to the table size without checking to see if that will overflow the
    int used to store the size.
    
    Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Reviewed-by: Adam Jackson <ajax@redhat.com>
    Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
    (cherry picked from commit 2f5e57317339c526e6eaee1010b0e2ab8089c42e)

commit c1ccb7d4eb34c99178ace3956768abfb4cf866fd
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Tue Apr 22 23:49:29 2014 -0700

    Clean up warnings when src/fc is built with -DDEBUG
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    (cherry picked from commit 77902e1422315963364fcba3736ff9b5b0f32d47)

commit e9a07053d2b5aa55634c2bb2fd080fae77020e3c
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Tue Apr 22 23:45:41 2014 -0700

    Allow enabling src/fc DEBUG helpers via CPPFLAGS
    
    Instead of editing fsio.h to turn on debugging logs, just add
    -DDEBUG to CPPFLAGS when building.
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    (cherry picked from commit f75f7bde4cedc36d5ca1289988b3daebb80528d2)

commit 9b41f3d0c7c430a2909c9455eff347e714f0c4b4
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sun Apr 20 18:10:07 2014 -0700

    Require fontsproto < 2.1.3 for matching function prototypes
    
    Building libXfont-1.4.x against fontsproto 2.1.3 causes clang
    complaints of:
    
    patcache.c:130:1: error: conflicting types for 'CacheFontPattern'
    CacheFontPattern (FontPatternCachePtr cache,
    ^
    patcache.c:176:1: error: conflicting types for 'FindCachedFontPattern'
    FindCachedFontPattern (FontPatternCachePtr cache,
    ^
    
    due to the constification of arguments not matching.
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Reviewed-by: Thomas Klausner <wiz@NetBSD.org>

commit 371f8582a33235afa1b61d76e4fe98bdc9d7c083
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sun Apr 20 17:59:14 2014 -0700

    Check if pointer returned by BufFileCreate is NULL before writing to it
    
    Fixes clang analyzer warning:
    
    bufio.c:165:13: warning: Access to field 'bufp' results in a dereference
     of a null pointer (loaded from variable 'f')
        f->bufp = f->buffer;
        ~       ^
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Reviewed-by: Thomas Klausner <wiz@NetBSD.org>
    (cherry picked from commit c77a0784bdfc8c178f0742689cf6ae02a2fce37f)

commit 5bb34807642589e5b592b04418855fd059fc5022
Author: Peter Harris <pharris@opentext.com>
Date:   Mon Apr 7 14:25:02 2014 -0400

    Fix buffer read overrun
    
    "FreeType" is only eight bytes long. The atom "FreeType\x00\x??" is
    probably not what the author intended.
    
    Signed-off-by: Peter Harris <pharris@opentext.com>
    Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    (cherry picked from commit c8855746aec2a9b732502da0ca3258b4e701c61a)

commit 2a3429413df27224ceeddd22500ce43b5431d698
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Fri Jan 17 22:25:56 2014 -0800

    Add note to README declaring snf fonts to be deprecated
    
    pcf was introduced to replace snf in X11R5 in 1991:
        http://www.x.org/wiki/X11R5/#index56h3
    22 years is long enough to move off a font format that was alive for
    less than a decade before that, and widely considered a bad idea even
    then:
        http://www.faqs.org/faqs/fonts-faq/part15/
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
    Reviewed-by: Eric Anholt <eric@anholt.net>
    Reviewed-by: Julien Cristau <jcristau@debian.org>

commit efcb136a03f642fba7e289e25d5dcf609bd13f07
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Fri Jan 17 22:25:01 2014 -0800

    Add notes to README about various font formats & configure options
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
    Reviewed-by: Eric Anholt <eric@anholt.net>
    Reviewed-by: Julien Cristau <jcristau@debian.org>

commit 5d696738c2ab901bdef004169799bb63939fa7b5
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Fri Jan 17 22:00:25 2014 -0800

    Correct comment in configure.ac about scalable font support
    
    Bitstream Speedo support was removed in commit d50de26430c1a114a.
    All scalable font support now goes through FreeType, which can
    also handle some bitmap font formats as well.
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
    Reviewed-by: Eric Anholt <eric@anholt.net>
    Reviewed-by: Julien Cristau <jcristau@debian.org>

commit 6371fcf2b60e48605ed59f098d1e642e35b1d142
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Tue Jan 7 23:09:08 2014 -0800

    Remove redundant setting of 'len' in SPropRecValList_add_by_font_cap
    
    Found by cppcheck 1.63:
    [FreeType/xttcap.c:621] -> [FreeType/xttcap.c:624]: (performance)
     Variable 'len' is reassigned a value before the old one has been used.
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Reviewed-by: Jasper St. Pierre <jstpierre@mecheye.net>

commit 63c7ac4dbb739e51d55249e71282699e5e0d7e1d
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Tue Jan 7 22:58:22 2014 -0800

    Initialize (unused) data field in fsListCataloguesReq before sending it.
    
    Quiets cppcheck 1.63 warning:
    [fc/fserve.c:2972]: (error) Uninitialized variable: lcreq
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Reviewed-by: Jasper St. Pierre <jstpierre@mecheye.net>

commit d279ffa49284b5e5f787f76edbe8c52226534a64
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Tue Jan 7 22:29:04 2014 -0800

    Remove redundant declaration of FontFileStartListFonts()
    
    Fixes gcc warning:
    catalogue.c:336:1: warning: redundant redeclaration of
     'FontFileStartListFonts' [-Wredundant-decls]
    In file included from ../../include/X11/fonts/fntfilst.h:40:0,
                     from catalogue.c:32:
    ../../include/X11/fonts/fntfil.h:92:12: note: previous declaration
     of 'FontFileStartListFonts' was here
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Reviewed-by: Jasper St. Pierre <jstpierre@mecheye.net>

commit 2fb6295ace36394732815aca5aef1a85e63de56c
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Tue Jan 7 22:15:50 2014 -0800

    Fix unused variable 'dir' warnings
    
    catalogue.c: In function 'CatalogueOpenFont':
    catalogue.c:290:22: warning: variable 'dir' set but not used [-Wunused-but-set-variable]
    catalogue.c: In function 'CatalogueListFonts':
    catalogue.c:324:22: warning: variable 'dir' set but not used [-Wunused-but-set-variable]
    fpe.c: In function 'BuiltinResetFPE':
    fpe.c:57:22: warning: variable 'dir' set but not used [-Wunused-but-set-variable]
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Reviewed-by: Jasper St. Pierre <jstpierre@mecheye.net>

commit 30110063857ff9a5f93f6d8d13f535c9b6e59e2a
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Tue Jan 7 08:22:31 2014 -0800

    libXfont 1.4.7
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 2a84680376bafd74609c6ef3e38befcb8467d814
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Mon Dec 23 19:01:11 2013 -0800

    Limit additional sscanf strings to fit buffer sizes
    
    None of these could currently result in buffer overflow, as the input
    and output buffers were the same size, but adding limits helps ensure
    we keep it that way, if we ever resize any of these in the future.
    
    Fixes cppcheck warnings:
     [lib/libXfont/src/bitmap/bdfread.c:547]: (warning)
      scanf without field width limits can crash with huge input data.
     [lib/libXfont/src/bitmap/bdfread.c:553]: (warning)
      scanf without field width limits can crash with huge input data.
     [lib/libXfont/src/bitmap/bdfread.c:636]: (warning)
      scanf without field width limits can crash with huge input data.
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
    Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>

commit 4d024ac10f964f6bd372ae0dd14f02772a6e5f63
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Mon Dec 23 18:34:02 2013 -0800

    CVE-2013-6462: unlimited sscanf overflows stack buffer in bdfReadCharacters()
    
    Fixes cppcheck warning:
     [lib/libXfont/src/bitmap/bdfread.c:341]: (warning)
      scanf without field width limits can crash with huge input data.
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
    Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>

commit fdcf9a9be6a5d453659beadec5d1a1fdbab9afaf
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Fri Dec 27 11:01:35 2013 -0800

    Add AC_USE_SYSTEM_EXTENSIONS to expose non-standard extensions
    
    Required on Solaris to expose definitions in system headers that
    are not defined in the XPG standards now that xtrans 1.3 defines
    _XOPEN_SOURCE to 600 on Solaris.
    
    Fixes build failures:
    fserve.c: In function 'fs_block_handler':
    fserve.c:1210:5: error: 'fd_mask' undeclared (first use in this function)
    fserve.c:1210:5: note: each undeclared identifier is reported only once for each function it appears in
    In file included from transport.c:67:0,
                     from fstrans.c:28:
    Xtranssock.c: In function '_FontTransSocketINETConnect':
    Xtranssock.c:1421:19: error: 'INET6_ADDRSTRLEN' undeclared (first use in this function)
    Xtranssock.c:1421:19: note: each undeclared identifier is reported only once for each function it appears in
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Reviewed-by: Daniel Stone <daniel@fooishbar.org>

commit 0d24378a6f08f5ab594ff552d60cf5f8f74bcb33
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sat Dec 7 20:11:29 2013 -0800

    Don't leak old allocation if realloc fails to enlarge it
    
    In ftfuncs.c, since the buffer being reallocated is a function local
    buffer, used to accumulate data for a single run of the function and
    then freed at the end of the function, we just free the old buffer if
    realloc fails.
    
    In atom.c however, the ReverseMap is a static buffer, so we operate in
    temporary variables until we know we're successful, then update the
    static variables.  If we fail, we leave the old static variables in place,
    since they contain data about previous atoms we should maintain, not lose.
    
    Reported by cppcheck:
    [lib/libXfont/src/FreeType/ftfuncs.c:2122]: (error) Common realloc mistake:
     'ranges' nulled but not freed upon failure
    [lib/libXfont/src/util/atom.c:126]: (error) Common realloc mistake:
     'reverseMap' nulled but not freed upon failure
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>

commit 5e27c364b174497d427dcecd122d711ef6b9f630
Author: Julien Cristau <jcristau@debian.org>
Date:   Mon Aug 12 18:40:27 2013 +0200

    Make serverGeneration unsigned
    
    Makes the definition match other declarations, and xserver's definition.
    
    Debian bug#689439
    
    Reported-by: Michael Tautschnig <mt@debian.org>
    Signed-off-by: Julien Cristau <jcristau@debian.org>
    Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 7d34534c050cb4366c7b14bff585c17d6d578f89
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sat Oct 26 00:06:22 2013 -0700

    Replace malloc(strlen)+strcpy/strcat calls with strdup
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 8a9fc31628a98e3cdaae6078bb5d92bce06c37ac
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Fri Oct 25 23:56:55 2013 -0700

    xstrdup -> strdup
    
    Missed in xalloc -> malloc etal conversion in 0cdc9b8f850342
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Reviewed-by: Jasper St. Pierre <jstpierre@mecheye.net>

commit 8b289e10c5013cdcbf817c06bd929e3ea8339987
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sun Jul 21 16:53:47 2013 -0700

    libXfont 1.4.6
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 7447029974415641a7a8a85918edcc20cfd9d461
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Mon Jun 24 22:40:39 2013 -0700

    Require ANSI C89 pre-processor, drop pre-C89 token pasting support
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit c21d25de05d82a761a3225b685e9adcb7bb374bd
Author: Thomas Klausner <wiz@NetBSD.org>
Date:   Sun Jun 2 21:03:27 2013 +0200

    Protect config.h inclusion with ifdef HAVE_CONFIG_H, like usual.
    
    Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit b8dd42dce868f9c16a59790ce51f0542b59cb79d
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Tue Jan 15 18:30:32 2013 -0800

    Replace deprecated Automake INCLUDES variable with AM_CPPFLAGS
    
    Excerpt https://lists.gnu.org/archive/html/automake/2012-12/msg00038.html
    
      - Support for the long-deprecated INCLUDES variable will be removed
        altogether in Automake 1.14.  The AM_CPPFLAGS variable should be
        used instead.
    
    This variable was deprecated in Automake releases prior to 1.10, which is
    the current minimum level required to build X.
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>

commit 8d946d2606b3a349b2a54d602e027a09ae330e88
Author: Colin Walters <walters@verbum.org>
Date:   Wed Jan 4 17:37:06 2012 -0500

    autogen.sh: Implement GNOME Build API
    
    http://people.gnome.org/~walters/docs/build-api.txt
    
    Signed-off-by: Adam Jackson <ajax@redhat.com>

commit 9d8936879b2fe1ca6460354ef68cd5e824d6748c
Author: Adam Jackson <ajax@redhat.com>
Date:   Tue Jan 15 14:28:48 2013 -0500

    configure: Remove AM_MAINTAINER_MODE
    
    Signed-off-by: Adam Jackson <ajax@redhat.com>

commit a756da1844f63a2f2162eb8e53a883f496e4faad
Author: Adam Jackson <ajax@redhat.com>
Date:   Fri Dec 7 10:30:38 2012 -0500

    catalogue: Fix obvious thinko
    
    Signed-off-by: Adam Jackson <ajax@redhat.com>

commit 5680e4c3d76cd5c64175d88d0685ee6962aa1e46
Author: Yaakov Selkowitz <yselkowitz@users.sourceforge.net>
Date:   Mon Oct 29 09:59:30 2012 -0500

    Omit catalogue support on systems without symlinks
    
    Signed-off-by: Yaakov Selkowitz <yselkowitz@users.sourceforge.net>
    Reviewed-by: Colin Harrison <colin.harrison@virgin.net>
    Reviewed-by: Jon TURNEY <jon.turney@dronecode.org.uk>

commit 3c534f72d6d4327926474a5f8fa53cbcf19de3cf
Author: Arvind Umrao <arvind.umrao@oracle.com>
Date:   Thu Aug 23 16:15:04 2012 +0530

    If socket is interrupted with signal EINTR, re-attempt read.
    
    If socket is getting interrupted with signal EINTR, we should keep
    socket in progress state. I have borrowed following code from socket
    write _fs_flush():line274 . I have done exactly same at _fs_fill().
    Socket write will not close the connection and re attempt to read buffer.
    
    Signed-off-by: Arvind Umrao <arvind.umrao@oracle.com>
    Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 4b67ad5486c322c01a2ca86b0b4af0a74228f813
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Fri Mar 2 10:05:21 2012 -0800

    libXfont 1.4.5
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 3f87a8b0b86de83ea8944a53de82caf254a9988a
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Fri Oct 21 20:49:50 2011 -0700

    Use * precision notation instead of computing sprintf format strings
    
    Allows gcc to check format strings instead of just warning about them
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>

commit 613faa245437bb948b4c86ea6c7fbb716e38f0bf
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sun Oct 2 09:30:09 2011 -0700

    Fix printf warnings about incorrect argument types
    
    Mostly due to difference between sizeof & int on 64-bit platforms
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>

commit f24c559bcb42e3ea9321c3e6a9ecf0720a581e33
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sun Oct 2 09:19:47 2011 -0700

    Add _X_ATTRIBUTE_PRINTF to *Error/*Warning functions taking printf formats
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>

commit 3715cd752bac912a56aa1cbb9dd874624a709aab
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sun Oct 2 09:16:05 2011 -0700

    Add const attributes to fix gcc -Wwrite-strings warnings
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>

commit 8d130ac0fcf19e0e0dd0a404d9317fd8860baad4
Author: Tomas Hoger <thoger@redhat.com>
Date:   Mon Oct 10 14:38:06 2011 -0700

    Support compress files with maxbits < 12
    
    The compress decompression code used by libXfont rejects valid archives
    with maxbits less than 12 (compress allows values 9 - 16, 16 is the
    default).  This is because maxbits-12 is used as index to hsize_table[].
    
    That looks like an incorrect port of the original compress code, where:
    - hsize depended on BITS, the maximum maxbits value supported by particular
      build, rather than on maxbits value from the particular input file
    - the same hsize was used for all BITS <= 12
    
    The quick way to verify the problem is:
      compress -b 11 fontfile.bdf
      bdftopcf -o /dev/null fontfile.bdf.Z
    which fails, while 12-16 works correctly.
    
    This fix removes hsize_table and uses 1 << maxbits (aka maxmaxcode) as
    tab_prefix size.  As decompression code does not use hashing as compression
    code, there does not seem to be a reason to allocate any extra space.
    
    Note: In this fix, maxbits == 9 is still rejected early.  AFAICS compress
    is able to generate such files (unknown how correct such output is), but is
    unable to uncompress them correctly.
    
    Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>

commit bb97dbf56dff50bef936c0631587ed08dd6c8fa9
Author: Matt Dew <marcoz@osource.org>
Date:   Mon Oct 3 20:23:47 2011 -0600

        1 - fix the capitalization of the ID attriutes to match either the
            <title> or <funcdef> string it goes with.
        2 - fix any <linkend>'s that were affected by 1.
        3 - any <function> in the docs that has an actual funcdef,
            will become an olink.
    
        Signed-off-by: Matt Dew <marcoz@osource.org>

commit c73a0e09a2713d0dc16ca5cd9d288b8868846a19
Author: Gaetan Nadon <memsize@videotron.ca>
Date:   Thu Sep 22 14:00:36 2011 -0400

    doc: fix typo in copyright statement
    
    Signed-off-by: Gaetan Nadon <memsize@videotron.ca>

commit d86d8f34f5c2ac5c80230aea2de49bb97eaf5f92
Author: Gaetan Nadon <memsize@videotron.ca>
Date:   Thu Sep 22 09:20:38 2011 -0400

    doc: refactor legal text for multi licensing copyrights
    
    Signed-off-by: Gaetan Nadon <memsize@videotron.ca>

commit 43d587d89bee679850bb18ff25aa77c961712728
Author: Olli Vertanen <olli.vertanen@symbio.com>
Date:   Tue Sep 6 19:00:55 2011 +0000

    libxfont: An uninitialized pointer causes a crash if pcf header is corrupted.
    
    If pcfReadTOC() or pcfGetProperties() fail in the beginning
    of execution of pcfReadFont(), function tries to free an
    uninitialized pointer (isStringProp) when bailing out.
    
    The pointer gets now initialized correctly.
    
    Signed-off-by: Olli Vertanen <olli.vertanen@symbio.com>
    Reviewed-by: Rami Ylimäki <rami.ylimaki@vincit.fi>

commit 73e6c94a351c891ed85446df84c9a30a4224f478
Author: Joerg Sonnenberger <joerg@britannica.bec.de>
Date:   Sun Aug 21 19:07:51 2011 +0200

    Fix empty statement in if conditional.
    
    Assume for a moment that the intention here is to do
    something useful.
    
    Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr>

commit bd48ad11fd11412c62c3ac8ed5d52c4f10a985aa
Author: Joerg Sonnenberger <joerg@britannica.bec.de>
Date:   Sun Aug 21 18:51:53 2011 +0200

    Do proper input validation to fix for CVE-2011-2895.
    
    It ensures that all valid input can be decompressed, checks that the
    overflow conditions doesn't happen and generally tightens the
    validation of the LZW stream and doesn't pessimize the inner loop for
    no good reason. It's derived from a change in libarchive from 2004.
    
    Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr>
    Reviewed-by: Tomas Hoger <thoger@redhat.com>

commit 098ab294deed98371ee362fadafcf2e510e0cc50
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Fri Sep 16 22:21:21 2011 -0700

    Strip trailing whitespace
    
    Performed with: find * -type f | xargs perl -i -p -e 's{[ \t]+$}{}'
    git diff -w & git diff -b show no diffs from this change
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 211368b8d04ed13ba520de2dd49a875cb1d663a7
Author: Gaetan Nadon <memsize@videotron.ca>
Date:   Mon Sep 12 11:09:50 2011 -0400

    docs: use the &fullrelvers; entity to set X11 release information
    
    Signed-off-by: Gaetan Nadon <memsize@videotron.ca>

commit 425ee265c61b3815a0ef1e4e0445dc91921d71ee
Author: Gaetan Nadon <memsize@videotron.ca>
Date:   Fri Sep 9 13:08:04 2011 -0400

    devbook.am: maintenance update from docbook.am
    
    The developer docs are generated from a subset of docbook.am
    which is sometimes updated.
    
    The one difference is the embedded css style in the HEAD element.
    
    Signed-off-by: Gaetan Nadon <memsize@videotron.ca>

commit 1c7cfd7a2b89329f27951c0437f925dd3301e3de
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Wed Aug 10 22:19:44 2011 -0700

    Remove configure comment about synchronizing version numbers
    
    This appears to have been a mistaken copy-and-paste from something like
    libXcursor - I can't find any Xfont.h header, nor any libXfont header
    containing a version number.
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Reviewed-by: Matthieu Herrb <matthieu.herrb@laas.fr>

commit a7970f5c817b5c75d945389cfaf1384ff23437f3
Author: Matthieu Herrb <matthieu.herrb@laas.fr>
Date:   Mon Aug 8 18:08:05 2011 +0200

    libXfont 1.4.4
    
    Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr>
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit d11ee5886e9d9ec610051a206b135a4cdc1e09a0
Author: Thomas Hoger <thoger@redhat.com>
Date:   Mon Aug 8 18:03:09 2011 +0200

    LZW decompress: fix for CVE-2011-2895
    
    Specially crafted LZW stream can crash an application using libXfont
    that is used to open untrusted font files.  With X server, this may
    allow privilege escalation when exploited
    
    Reviewed-by: Matthieu Herrb <matthieu.herrb@laas.fr>
    Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr>
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 214ca6a7a2247544627e6dc7c8705811305ad007
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Mon May 16 18:28:13 2011 -0700

    Fix memory leak in allocation failure path of BitmapOpenScalable()
    
    Go ahead and fill in the font->info pointers so that bitmapUnloadScalable()
    will free the bits that were allocated, even if some were not.
    
    Error: Memory leak (CWE 401)
       Memory leak of pointer <unknown> allocated with ComputeScaledProperties(...)
            at line 1629 of /export/alanc/X.Org/git/lib/libXfont/src/bitmap/bitscale.c in function 'BitmapOpenScalable'.
              pointer allocated at line 1616 with ComputeScaledProperties(...).
              <unknown> leaks when props != 0 at line 1623.
    
    [ This bug was found by the Parfait 0.3.7 bug checking tool.
      For more information see http://labs.oracle.com/projects/parfait/ ]
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>

commit 7f8345aa6fb60a7fd7adf0095a2354fad1d8d5ef
Author: Gaetan Nadon <memsize@videotron.ca>
Date:   Wed Mar 2 14:33:07 2011 -0500

    doc: use common makefile for developers documentation
    
    The user/specs docs now have external references support.
    Developers doc are not installed so they do not participate.
    However, using a similar makefile shared amongst developers
    document reduces maintenance and is forward looking.
    
    Signed-off-by: Gaetan Nadon <memsize@videotron.ca>

commit 77027deabca37183cfbbed107cf14ca80f29f26d
Author: Gaetan Nadon <memsize@videotron.ca>
Date:   Wed Feb 2 11:43:42 2011 -0500

    config: comment, minor upgrade, quote and layout configure.ac
    
    Group statements per section as per Autoconf standard layout
    Quote statements where appropriate.
    Autoconf recommends not using dnl instead of # for comments
    
    Use AC_CONFIG_FILES to replace the deprecated AC_OUTPUT with parameters.
    Add AC_CONFIG_SRCDIR([Makefile.am])
    
    This helps automated maintenance and release activities.
    Details can be found in http://wiki.x.org/wiki/NewModuleGuidelines

commit 9ea1790d61bd135714c40e5089ecb1effa1dbcc0
Author: Gaetan Nadon <memsize@videotron.ca>
Date:   Thu Jan 27 18:50:15 2011 -0500

    config: remove AC_PROG_CC as it overrides AC_PROG_C_C99
    
    XORG_STRICT_OPTION from XORG_DEFAULT_OPTIONS calls
    AC_PROG_C_C99. This sets gcc with -std=gnu99.
    If AC_PROG_CC macro is called afterwards, it resets CC to gcc.
    
    Signed-off-by: Gaetan Nadon <memsize@videotron.ca>

commit 4e0c6c45d819befdd9315d6282b957f7cfec3ae2
Author: Paulo Zanoni <pzanoni@mandriva.com>
Date:   Thu Dec 16 14:09:12 2010 -0200

    Use docbookx.dtd version 4.3 for all docs
    
    Signed-off-by: Paulo Zanoni <pzanoni@mandriva.com>
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 01c30845853f5a8114467185d76274ae9bbff091
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sun Nov 21 11:35:20 2010 -0800

    Sun's copyrights belong to Oracle now
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 72ade58381a49514f2b29065ba33a464b7efc3d0
Author: Gaetan Nadon <memsize@videotron.ca>
Date:   Tue Nov 9 13:04:51 2010 -0500

    config: HTML file generation: use the installed copy of xorg.css
    
    Currenlty the xorg.css file is copied in each location
    where a DocBook/XML file resides. This produces about
    70 copies in the $(docdir) install tree.
    
    Signed-off-by: Gaetan Nadon <memsize@videotron.ca>

commit 12157fbebc35c2d039df2df4fc5ac2b299eeec03
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Thu Oct 28 20:43:27 2010 -0700

    libXfont 1.4.3
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit f29f1d68d7eca96e45ba3758686be07993d82e03
Author: Jesse Adkins <jesserayadkins@gmail.com>
Date:   Tue Sep 28 13:30:02 2010 -0700

    Purge cvs tags.
    
    Signed-off-by: Jesse Adkins <jesserayadkins@gmail.com>
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 6628b4d82426cf9ac240da363cd8a8252e6f71ef
Author: Jeremy Huddleston <jeremyhu@apple.com>
Date:   Mon Sep 27 12:31:50 2010 -0700

    FreeType: Cleanup MUMBLE and fix printing of XLFD in debug spew.
    
    Signed-off-by: Jeremy Huddleston <jeremyhu@apple.com>

commit c482a2c104aa5cd1a265c2ca310a308dcc418fe7
Author: Yaakov Selkowitz <yselkowitz@users.sourceforge.net>
Date:   Wed Apr 14 05:58:28 2010 -0500

    Revert "Bug #6247: Fix build on Cygwin"
    
    libtool requires the '-no-undefined' flag in order to create shared
    libraries on PE/COFF platforms (Cygwin/MinGW); on other platforms this
    flag has no effect.
    
    The problem with libXfont is that PE weak symbols do not behave exactly
    as they do on ELF platforms.  Since PE binaries (both executables and
    libraries) must have all symbols resolved at link time, there is no way
    for the real symbols in xserver to "displace" those in libXfont at
    runtime, so the result is that libXfont uses its stubs, which do
    nothing, and xserver ends up unable to find its fonts.
    
    Solving this will require either significant changes to libXfont or some
    major improvement to the toolchain to handle this case.  Until that
    happens, removing '-no-undefined' will result in a static-only library
    on these platforms, which is the only currently working solution.
    
    http://sourceware.org/bugzilla/show_bug.cgi?id=11306
    http://cygwin.com/ml/cygwin/2010-04/msg00281.html
    
    This reverts commit 69c4ae1e3e14a58bc2eb9b9b8820dc7183b82a67.
    
    Conflicts:
    
    	ChangeLog
    
    Signed-off-by: Yaakov Selkowitz <yselkowitz@users.sourceforge.net>

commit 455ec66e82e3c4bedd9e789d2ab33030b8e64ffa
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sun Aug 8 00:19:36 2010 -0700

    Fix builds with Sun compilers
    
    Sun compilers use #pragma weak in the *.c files to declare weak symbols,
    so should have weak defined to empty, but not define NO_WEAK_SYMBOLS
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

commit 0386fa77367a305deea3cc27f8a3865cc3c467c0
Author: Jeremy Huddleston <jeremyhu@apple.com>
Date:   Sat Jul 10 10:08:21 2010 -0700
