aboutsummaryrefslogtreecommitdiff
path: root/libXfont/ChangeLog
diff options
context:
space:
mode:
Diffstat (limited to 'libXfont/ChangeLog')
-rw-r--r--libXfont/ChangeLog82
1 files changed, 82 insertions, 0 deletions
diff --git a/libXfont/ChangeLog b/libXfont/ChangeLog
index 2d5c38345..7211c5547 100644
--- a/libXfont/ChangeLog
+++ b/libXfont/ChangeLog
@@ -1,3 +1,85 @@
+commit da4246c98bc51297daeec47c15181e179df94013
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Tue Mar 17 08:12:19 2015 -0700
+
+ libXfont 1.5.1
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+commit 2351c83a77a478b49cba6beb2ad386835e264744
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Fri Mar 6 22:54:58 2015 -0800
+
+ bdfReadCharacters: ensure metrics fit into xCharInfo struct [CVE-2015-1804]
+
+ We use 32-bit ints to read from the bdf file, but then try to stick
+ into a 16-bit int in the xCharInfo struct, so make sure they won't
+ overflow that range.
+
+ Found by afl-1.24b.
+
+ v2: Verify that additions won't overflow 32-bit int range either.
+ v3: As Julien correctly observes, the previous check for bh & bw not
+ being < 0 reduces the number of cases we need to check for overflow.
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+ Reviewed-by: Julien Cristau <jcristau@debian.org>
+
+commit 78c2e3d70d29698244f70164428bd2868c0ab34c
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Fri Feb 6 15:54:00 2015 -0800
+
+ bdfReadCharacters: bailout if a char's bitmap cannot be read [CVE-2015-1803]
+
+ Previously would charge on ahead with a NULL pointer in ci->bits, and
+ then crash later in FontCharInkMetrics() trying to access the bits.
+
+ Found with afl-1.23b.
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+ Reviewed-by: Julien Cristau <jcristau@debian.org>
+
+commit 2deda9906480f9c8ae07b8c2a5510cc7e4c59a8e
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Fri Feb 6 15:50:45 2015 -0800
+
+ bdfReadProperties: property count needs range check [CVE-2015-1802]
+
+ Avoid integer overflow or underflow when allocating memory arrays
+ by multiplying the number of properties reported for a BDF font.
+
+ Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
+ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+ Reviewed-by: Julien Cristau <jcristau@debian.org>
+
+commit d9fda3d247942292a5f24694c22337c547006e11
+Author: Christos Zoulas <christos@NetBSD.org>
+Date: Wed Feb 25 21:39:30 2015 +0100
+
+ Set close-on-exec for font file I/O.
+
+ Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+ Signed-off-by: Thomas Klausner <wiz@NetBSD.org>
+
+commit 3b33588117c2ca3099b999939985ffe098d479b3
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Wed Nov 5 17:41:24 2014 -0800
+
+ Use 'imdent' to realign cpp indentation levels in fslibos.h
+
+ Parts were indented, others weren't, now is more consistent.
+ 'git diff -w' shows no non-whitespace changes in this commit
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+commit 03c035b061a0582159467dcadfc8e95074e2a84f
+Author: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Wed Nov 5 17:39:05 2014 -0800
+
+ Remove unneeded checks for #ifndef X_NOT_POSIX
+
+ Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
commit ad4f4d8a2d0730c0ea3c09210bf921638b4682bc
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sat Jul 19 09:49:23 2014 -0700