vcxsrv, branch release/external-1.15.2.x VcXsrv Windows X Server (X2Go/Arctica Builds) https://cgit.arctica-project.org/vcxsrv/atom?h=release%2Fexternal-1.15.2.x 2015-07-10T12:13:00+00:00 Update openssl: 1.0.1o -> 1.0.1p 2015-07-10T12:13:00+00:00 Mike DePaulo mikedep333@gmail.com 2015-07-10T12:13:00+00:00 urn:sha1:1f6433e7473a14bf4263b618d3f0c1e17196a267 Update openssl: 1.0.1m -> 1.0.1o 2015-07-07T12:57:00+00:00 Mike DePaulo mikedep333@gmail.com 2015-07-07T12:57:00+00:00 urn:sha1:ddb34d947fe45fcc4d2a8da284e7fa0c001bb7d3 Update changelog about openssl update to 1.0.1m 2015-03-28T14:57:45+00:00 Mike DePaulo mikedep333@gmail.com 2015-03-28T14:57:45+00:00 urn:sha1:bbc50e3219a2e7801f4e636fe90df08fe3a28323 Update openssl to version openssl-1.0.1m 2015-03-28T13:50:31+00:00 Mike DePaulo mikedep333@gmail.com 2015-03-28T13:50:31+00:00 urn:sha1:91a178635ede7d286b8fd399269cdb159d960bb9 Update packages.txt about libXfont 1.4.9 2015-03-28T13:17:20+00:00 Mike DePaulo mikedep333@gmail.com 2015-03-28T13:17:20+00:00 urn:sha1:1fba987eb45619d0b9487a9d671931e9eeedbb53 libXfont 1.4.9 2015-03-28T13:15:34+00:00 Alan Coopersmith alan.coopersmith@oracle.com 2015-03-17T15:46:46+00:00 urn:sha1:453693754f79152011494e734afd024cd1ba482b Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> bdfReadCharacters: ensure metrics fit into xCharInfo struct [CVE-2015-1804] 2015-03-28T13:15:33+00:00 Alan Coopersmith alan.coopersmith@oracle.com 2015-03-07T06:54:58+00:00 urn:sha1:a54b6ab76fd473a0ea79ffdbf08c22c368bb133c We use 32-bit ints to read from the bdf file, but then try to stick into a 16-bit int in the xCharInfo struct, so make sure they won't overflow that range. Found by afl-1.24b. v2: Verify that additions won't overflow 32-bit int range either. v3: As Julien correctly observes, the previous check for bh & bw not being < 0 reduces the number of cases we need to check for overflow. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Julien Cristau <jcristau@debian.org> (cherry picked from commit 2351c83a77a478b49cba6beb2ad386835e264744) bdfReadCharacters: bailout if a char's bitmap cannot be read [CVE-2015-1803] 2015-03-28T13:15:32+00:00 Alan Coopersmith alan.coopersmith@oracle.com 2015-02-06T23:54:00+00:00 urn:sha1:c833cc9b47becd22b5f6de91d69a467adc57c87d Previously would charge on ahead with a NULL pointer in ci->bits, and then crash later in FontCharInkMetrics() trying to access the bits. Found with afl-1.23b. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Julien Cristau <jcristau@debian.org> (cherry picked from commit 78c2e3d70d29698244f70164428bd2868c0ab34c) bdfReadProperties: property count needs range check [CVE-2015-1802] 2015-03-28T13:15:32+00:00 Alan Coopersmith alan.coopersmith@oracle.com 2015-02-06T23:50:45+00:00 urn:sha1:ad956b8d1970952639b87c0b3bae966277fd1a32 Avoid integer overflow or underflow when allocating memory arrays by multiplying the number of properties reported for a BDF font. Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Julien Cristau <jcristau@debian.org> (cherry picked from commit 2deda9906480f9c8ae07b8c2a5510cc7e4c59a8e) Set close-on-exec for font file I/O. 2015-03-28T13:15:31+00:00 Christos Zoulas christos@NetBSD.org 2015-02-25T20:39:30+00:00 urn:sha1:6bbd73827f301fbe93b96649b63355c2ee4b0b80 Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Thomas Klausner <wiz@NetBSD.org> (cherry picked from commit d9fda3d247942292a5f24694c22337c547006e11)