Bug 22101

There is no registered maintainer for libxfont.

The registered maintainer of libxfont2 is tv, who has too many bugs assigned to him.

Assigning this report to all packagers collectively and CC'ing tv.

Assignee: bugsquad => pkg-bugs
CC: (none) => marja11, thierry.vignaud

Suggested advisory:
========================

The updated packages fix a security vulnerability:

Open files with O_NOFOLLOW. (CVE-2017-16611)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16611
https://usn.ubuntu.com/usn/usn-3500-1/
========================

Updated packages in 5/core/updates_testing:
========================
lib(64)xfont1-1.5.1-1.2.mga5
lib(64)xfont-devel-1.5.1-1.2.mga5

from SRPMS:
libxfont-1.5.1-1.2.mga5.src.rpm

Updated packages in 6/core/updates_testing:
========================
lib(64)xfont1-1.5.2-1.2.mga6
lib(64)xfont-devel-1.5.2-1.2.mga6
lib(64)xfont2_2-2.0.1-4.2.mga6
lib(64)xfont2-devel-2.0.1-4.2.mga6

from SRPMS:
libxfont-1.5.2-1.2.mga6.src.rpm
libxfont2-2.0.1-4.2.mga6.src.rpm

Version: Cauldron => 6
Assignee: pkg-bugs => qa-bugs
Whiteboard: MGA6TOO, MGA5TOO => MGA5TOO
Status: NEW => ASSIGNED
CVE: (none) => CVE-2017-16611

Installed an tested without issues.

System: Mageia 5, x86_64, Plasma DE, Intel CPU, nVidia GPU with nvidia340 proprietary driver.

Since libxfont1 is used by the xorg server, to test I simply restarted the Xorg server and session to be certain the new library was loaded and used. No regressions noticed.

$ uname -a
Linux marte 4.4.103-desktop-1.mga5 #1 SMP Thu Nov 30 12:44:39 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -q lib64xfont1
lib64xfont1-1.5.1-1.2.mga5
$ urpmq --whatrequires lib64xfont1 | egrep -v ^lib | sort -u
bdftopcf
tigervnc-server
x11-server-xdmx
x11-server-xephyr
x11-server-xfake
x11-server-xfbdev
x11-server-xnest
x11-server-xorg
x11-server-xvfb
x11-server-xwayland

CC: (none) => mageia
Whiteboard: MGA5TOO => MGA5TOO MGA5-64-OK

Mageia 6 on x86_64

Tried out bdftopcf before updating and it failed.  Looks like the bdf files on the system are imcompatible with bdftopc.

The libraries updated cleanly and the session restarted fine after logging out.
Mate desktop re-established with all settings as they were including firefox tabs.

CC: (none) => tarazed25
Whiteboard: MGA5TOO MGA5-64-OK => MGA5TOO MGA5-64-OK MGA6-64-OK

Re comment 4.

Should have noted that the Mageia 6 updates have xfont1 and xfont2 libraries.
$ rpm -qa | grep xfont
lib64xfont-devel-1.5.2-1.2.mga6
lib64xfont2_2-2.0.1-4.2.mga6
lib64xfont1-1.5.2-1.2.mga6
lib64xfont2-devel-2.0.1-4.2.mga6

MGA6-32 on Dell Latitude D600 MATE
No installation issues.
Restarted session after update, no adverse effects seen.
Run bdftopcf as normal user and as root. In both cases the command seems to hang forever. However:
# journalctl -b | grep bdf
dec 02 11:36:36 xxx.yyy.zzz [RPM][2662]: install bdftopcf-1.0.5-1.mga6.i586: success
dec 02 11:36:43 xxx.yyy.zzz [RPM][2662]: install bdftopcf-1.0.5-1.mga6.i586: success
Seems good to go.

CC: (none) => herman.viaene
Whiteboard: MGA5TOO MGA5-64-OK MGA6-64-OK => MGA5TOO MGA5-64-OK MGA6-64-OK MGA6-32-OK

MGA5-32 on Dell Latitude D600 Xfce
No installation issues.
Restarted session after update, no adverse effects seen.
Similar result with bdftopcf as Comment 6.
Good enough for me.

Whiteboard: MGA5TOO MGA5-64-OK MGA6-64-OK MGA6-32-OK => MGA5TOO MGA5-64-OK MGA6-64-OK MGA6-32-OK MGA5-32-OK

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2017-0442.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED