vcxsrv/libXfont, branch 1.15.2.8 VcXsrv Windows X Server (X2Go/Arctica Builds) https://cgit.arctica-project.org/vcxsrv/atom?h=1.15.2.8 2015-03-28T17:06:38+00:00 libXfont 1.4.9 2015-03-28T17:06:38+00:00 Alan Coopersmith alan.coopersmith@oracle.com 2015-03-17T15:46:46+00:00 urn:sha1:5e1e79c64e477c0408c33d0f248720df8d28c44f Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> bdfReadCharacters: ensure metrics fit into xCharInfo struct [CVE-2015-1804] 2015-03-28T17:06:17+00:00 Alan Coopersmith alan.coopersmith@oracle.com 2015-03-07T06:54:58+00:00 urn:sha1:9f1b041e535c4da6ffbe95a706d46b3bfb5c0321 We use 32-bit ints to read from the bdf file, but then try to stick into a 16-bit int in the xCharInfo struct, so make sure they won't overflow that range. Found by afl-1.24b. v2: Verify that additions won't overflow 32-bit int range either. v3: As Julien correctly observes, the previous check for bh & bw not being < 0 reduces the number of cases we need to check for overflow. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Julien Cristau <jcristau@debian.org> (cherry picked from commit 2351c83a77a478b49cba6beb2ad386835e264744) bdfReadCharacters: bailout if a char's bitmap cannot be read [CVE-2015-1803] 2015-03-28T17:06:06+00:00 Alan Coopersmith alan.coopersmith@oracle.com 2015-02-06T23:54:00+00:00 urn:sha1:de7bfbf0e61cdbe5e5c094d8a237cdc87e8b1fc3 Previously would charge on ahead with a NULL pointer in ci->bits, and then crash later in FontCharInkMetrics() trying to access the bits. Found with afl-1.23b. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Julien Cristau <jcristau@debian.org> (cherry picked from commit 78c2e3d70d29698244f70164428bd2868c0ab34c) bdfReadProperties: property count needs range check [CVE-2015-1802] 2015-03-28T17:05:57+00:00 Alan Coopersmith alan.coopersmith@oracle.com 2015-02-06T23:50:45+00:00 urn:sha1:e195099b83a23182925f20028de3e9ea4fe64845 Avoid integer overflow or underflow when allocating memory arrays by multiplying the number of properties reported for a BDF font. Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Julien Cristau <jcristau@debian.org> (cherry picked from commit 2deda9906480f9c8ae07b8c2a5510cc7e4c59a8e) Set close-on-exec for font file I/O. 2015-03-28T17:05:45+00:00 Christos Zoulas christos@NetBSD.org 2015-02-25T20:39:30+00:00 urn:sha1:7e5f8b1f5a3cb6c7c9f784900f3b0b23215441bb Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Thomas Klausner <wiz@NetBSD.org> (cherry picked from commit d9fda3d247942292a5f24694c22337c547006e11) Merge remote-tracking branch 'origin/released' 2014-06-08T13:07:46+00:00 marha marha@users.sourceforge.net 2014-06-08T13:07:46+00:00 urn:sha1:b5a2c971202ff19079cb5a98253d8760ae124d15 Conflicts: X11/Xwindows.h Updated to libXfont 1.4.8 2014-06-08T13:03:35+00:00 marha marha@users.sourceforge.net 2014-06-08T13:03:35+00:00 urn:sha1:d435b20322433b335a4fc5693cce0399a3f27b2d Solved crashes in 64-bit due to latest merge 2014-03-29T12:35:50+00:00 marha marha@users.sourceforge.net 2014-03-29T12:35:50+00:00 urn:sha1:409cbaf20b5c695444bd08c87f4a186b9ac6b805 Merge remote-tracking branch 'origin/released' 2014-03-28T16:43:20+00:00 marha marha@users.sourceforge.net 2014-03-28T16:43:20+00:00 urn:sha1:f0f09f4aa3cdd0267f58b362a7c9fc5ae0921afd Conflicts: X11/xtrans/Xtrans.c Update following packages: 2014-03-28T16:32:23+00:00 marha marha@users.sourceforge.net 2014-03-28T16:32:23+00:00 urn:sha1:d02e6760412c7a96abbc4d0add5dd8d5e83bbe27 libXfont-1.4.7 xproto-7.0.25