vcxsrv/libXfont, branch release/external-1.15.2.x VcXsrv Windows X Server (X2Go/Arctica Builds) https://cgit.arctica-project.org/vcxsrv/atom?h=release%2Fexternal-1.15.2.x 2015-03-28T13:15:34+00:00 libXfont 1.4.9 2015-03-28T13:15:34+00:00 Alan Coopersmith alan.coopersmith@oracle.com 2015-03-17T15:46:46+00:00 urn:sha1:453693754f79152011494e734afd024cd1ba482b Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> bdfReadCharacters: ensure metrics fit into xCharInfo struct [CVE-2015-1804] 2015-03-28T13:15:33+00:00 Alan Coopersmith alan.coopersmith@oracle.com 2015-03-07T06:54:58+00:00 urn:sha1:a54b6ab76fd473a0ea79ffdbf08c22c368bb133c We use 32-bit ints to read from the bdf file, but then try to stick into a 16-bit int in the xCharInfo struct, so make sure they won't overflow that range. Found by afl-1.24b. v2: Verify that additions won't overflow 32-bit int range either. v3: As Julien correctly observes, the previous check for bh & bw not being < 0 reduces the number of cases we need to check for overflow. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Julien Cristau <jcristau@debian.org> (cherry picked from commit 2351c83a77a478b49cba6beb2ad386835e264744) bdfReadCharacters: bailout if a char's bitmap cannot be read [CVE-2015-1803] 2015-03-28T13:15:32+00:00 Alan Coopersmith alan.coopersmith@oracle.com 2015-02-06T23:54:00+00:00 urn:sha1:c833cc9b47becd22b5f6de91d69a467adc57c87d Previously would charge on ahead with a NULL pointer in ci->bits, and then crash later in FontCharInkMetrics() trying to access the bits. Found with afl-1.23b. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Julien Cristau <jcristau@debian.org> (cherry picked from commit 78c2e3d70d29698244f70164428bd2868c0ab34c) bdfReadProperties: property count needs range check [CVE-2015-1802] 2015-03-28T13:15:32+00:00 Alan Coopersmith alan.coopersmith@oracle.com 2015-02-06T23:50:45+00:00 urn:sha1:ad956b8d1970952639b87c0b3bae966277fd1a32 Avoid integer overflow or underflow when allocating memory arrays by multiplying the number of properties reported for a BDF font. Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Julien Cristau <jcristau@debian.org> (cherry picked from commit 2deda9906480f9c8ae07b8c2a5510cc7e4c59a8e) Set close-on-exec for font file I/O. 2015-03-28T13:15:31+00:00 Christos Zoulas christos@NetBSD.org 2015-02-25T20:39:30+00:00 urn:sha1:6bbd73827f301fbe93b96649b63355c2ee4b0b80 Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Thomas Klausner <wiz@NetBSD.org> (cherry picked from commit d9fda3d247942292a5f24694c22337c547006e11) Updated to libXfont 1.4.8 2014-06-08T13:03:35+00:00 marha marha@users.sourceforge.net 2014-06-08T13:03:35+00:00 urn:sha1:d435b20322433b335a4fc5693cce0399a3f27b2d Update following packages: 2014-03-28T16:32:23+00:00 marha marha@users.sourceforge.net 2014-03-28T16:32:23+00:00 urn:sha1:d02e6760412c7a96abbc4d0add5dd8d5e83bbe27 libXfont-1.4.7 xproto-7.0.25 Update following packages: 2013-10-01T10:28:08+00:00 marha marha@users.sourceforge.net 2013-10-01T10:23:16+00:00 urn:sha1:6dd755aa923291db2501cc5c22e409c41a70e3c1 libXpm-3.5.11 libXaw-1.0.12 libXfont-1.4.6 libXrender-0.9.8 xproto-7.0.24 inputproto-2.3 xclock-1.0.7 xhost-1.0.6 libfontenc xserver pixman mesa git update 5 Mar 2012 2012-03-05T08:59:38+00:00 marha marha@users.sourceforge.net 2012-03-05T08:59:38+00:00 urn:sha1:ffe218bbb0ffa6d2a7f7cbf6b1f81797e667183a font-util-1.3.0 xclock-1.0.6 libXfont-1.4.5 inputproto-2.2 libXfont-1.4.4 2011-09-05T08:12:41+00:00 marha marha@users.sourceforge.net 2011-09-05T08:12:41+00:00 urn:sha1:6eaea4464631b5d8c1f44a46016163e351028afc