aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* dix: Allow zero-height PutImage requests (fix for X.Org's CVE-2015-3418)Keith Packard2015-05-031-1/+1
| | | | | | | | | | | The length checking code validates PutImage height and byte width by making sure that byte-width >= INT32_MAX / height. If height is zero, this generates a divide by zero exception. Allow zero height requests explicitly, bypassing the INT32_MAX check. v2: backports to VcXsrv 1.15.2.x (Mike DePaulo) Signed-off-by: Keith Packard <keithp@keithp.com> Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
* README.md Add community & Professional SupportMike DePaulo2015-03-301-0/+10
|
* Update README.md for 1.15.2.5Mike DePaulo2015-03-291-5/+5
|
* Rename to releasenote_1.15.2.5.x2go+arctica.txt1.15.2.5Mike DePaulo2015-03-291-0/+0
|
* uninstaller: Remove the entire VcXsrv directoryMike DePaulo2015-03-293-86/+5
| | | | (GitHub Issue #1)
* add releasenote_1.15.2.5Mike DePaulo2015-03-291-0/+1197
|
* Update version string: 1.15.2.5Mike DePaulo2015-03-295-5/+5
|
* Change name to: VcXsrv (X2Go/Arctica Builds)Mike DePaulo2015-03-295-6/+6
|
* Update changelog about openssl update to 1.0.1mMike DePaulo2015-03-281-1/+1
|
* Update openssl to version openssl-1.0.1mMike DePaulo2015-03-281102-280691/+284703
| | | | | | | Conflicts: openssl/Makefile openssl/Makefile.bak openssl/crypto/cryptlib.c
* Update packages.txt about libXfont 1.4.9Mike DePaulo2015-03-281-1/+1
|
* libXfont 1.4.9Alan Coopersmith2015-03-281-1/+1
| | | | Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
* bdfReadCharacters: ensure metrics fit into xCharInfo struct [CVE-2015-1804]Alan Coopersmith2015-03-281-2/+24
| | | | | | | | | | | | | | | | We use 32-bit ints to read from the bdf file, but then try to stick into a 16-bit int in the xCharInfo struct, so make sure they won't overflow that range. Found by afl-1.24b. v2: Verify that additions won't overflow 32-bit int range either. v3: As Julien correctly observes, the previous check for bh & bw not being < 0 reduces the number of cases we need to check for overflow. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Julien Cristau <jcristau@debian.org> (cherry picked from commit 2351c83a77a478b49cba6beb2ad386835e264744)
* bdfReadCharacters: bailout if a char's bitmap cannot be read [CVE-2015-1803]Alan Coopersmith2015-03-281-1/+4
| | | | | | | | | | | Previously would charge on ahead with a NULL pointer in ci->bits, and then crash later in FontCharInkMetrics() trying to access the bits. Found with afl-1.23b. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Julien Cristau <jcristau@debian.org> (cherry picked from commit 78c2e3d70d29698244f70164428bd2868c0ab34c)
* bdfReadProperties: property count needs range check [CVE-2015-1802]Alan Coopersmith2015-03-281-1/+3
| | | | | | | | | | Avoid integer overflow or underflow when allocating memory arrays by multiplying the number of properties reported for a BDF font. Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Julien Cristau <jcristau@debian.org> (cherry picked from commit 2deda9906480f9c8ae07b8c2a5510cc7e4c59a8e)
* Set close-on-exec for font file I/O.Christos Zoulas2015-03-282-6/+11
| | | | | | Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Thomas Klausner <wiz@NetBSD.org> (cherry picked from commit d9fda3d247942292a5f24694c22337c547006e11)
* Update packages.txt about to list putty, and to list its version (svn 10192 ↵Mike DePaulo2015-03-281-0/+1
| | | | with CVE-2015-2157 fix)
* Add some missing smemclrs and sfrees.Simon Tatham2015-03-281-4/+14
| | | | | | | | | | | | | | The absence of these could have prevented sensitive private key information from being properly cleared out of memory that PuTTY tools had finished with. Thanks to Patrick Coleman for spotting this and sending a patch. Origin: upstream, http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commitdiff;h=65f69bca7363ceceeac515ae2a82b8f8adc6404d Bug: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html Bug-Debian: http://bugs.debian.org/779488 Patch-Name: private-key-not-wiped-2.patch
* Update packages.txt about CVE-2015-0255 fix to xserverMike DePaulo2015-03-281-1/+1
|
* Update README.md about new branch namesMike DePaulo2015-03-281-3/+3
| | | These branch names are based on the X2Go convention for branch names.
* README.md: typoMike DePaulo2015-03-081-1/+1
|
* README.md: Add explanation of branchesMike DePaulo2015-03-081-2/+11
|
* Merge branch '1.15.2.x' of https://github.com/ArcticaProject/vcxsrv into ↵Mike DePaulo2015-03-081-2/+4
|\ | | | | | | 1.15.2.x
| * Current version is 1.15.2.4-xp+vc2013+x2go1Mike DePaulo2015-03-081-2/+4
| |
* | add releasenote_1.15.2.4-xp+vc2013+x2go1Mike DePaulo2015-03-081-0/+1189
| |
* | add releasenote_1.15.2.3-xp+vc2013+x2go1Mike DePaulo2015-03-081-0/+1183
| |
* | add releasenote_1.15.2.2-xp+vc2013+x2go1Mike DePaulo2015-03-081-0/+1176
| |
* | add releasenote_1.15.2.1-xp+vc2013+x2go1Mike DePaulo2015-03-081-0/+1169
| |
* | add releasenote_1.15.2.0-xp+vc2013+x2go1Mike DePaulo2015-03-081-0/+1163
|/
* Delete buildall.bat. It hasn't been working for a while.Mike DePaulo2015-03-081-44/+0
|
* Create README.mdMike DePaulo2015-03-081-0/+48
|
* Increase version string to 1.15.2.41.15.2.4-xp+vc2013+x2go1Mike DePaulo2015-02-286-6/+6
| | | | | | | | | Conflicts: xorg-server/hw/xwin/XWin.rc xorg-server/installer/vcxsrv-64-debug.nsi xorg-server/installer/vcxsrv-64.nsi xorg-server/installer/vcxsrv-debug.nsi xorg-server/installer/vcxsrv.nsi
* Update packages.txt about openssl 1.0.1kMike DePaulo2015-02-281-1/+1
|
* Updated to freetype 2.5.5Mike DePaulo2015-02-28289-19654/+22091
| | | | | | | Conflicts: freetype/src/base/ftbdf.c freetype/src/base/fttype1.c freetype/src/pfr/pfrobjs.c
* Increase version string to 1.15.2.3-xp+vc2013+x2go11.15.2.3-xp+vc2013+x2go1Mike DePaulo2015-02-206-6/+6
|
* Now using: VS Express -> VS Community Edition.Mike DePaulo2015-02-201-2/+1
| | | | | | Also, community edition is supposed to have the same features as Professional, so we can safely assume that Professional and other commercial editions will work fine.
* VS 2013 Update 3 -> VS 2013 Update 4Mike DePaulo2015-02-201-1/+1
|
* Correct building.txt in terms of PythonMike DePaulo2015-02-201-3/+4
|
* xkb: Check strings length against request sizeOlivier Fourdan2015-02-191-25/+40
| | | | | | | | | | | | Ensure that the given strings length in an XkbSetGeometry request remain within the limits of the size of the request. Signed-off-by: Olivier Fourdan <ofourdan@redhat.com> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> (cherry picked from commit 20079c36cf7d377938ca5478447d8b9045cb7d43) (cherry picked from commit f160e722672dbb2b5215870b47bcc51461d96ff1) Signed-off-by: Julien Cristau <jcristau@debian.org>
* xkb: Don't swap XkbSetGeometry data in the input bufferOlivier Fourdan2015-02-191-16/+19
| | | | | | | | | | | | | | | | | | | | | | The XkbSetGeometry request embeds data which needs to be swapped when the server and the client have different endianess. _XkbSetGeometry() invokes functions that swap these data directly in the input buffer. However, ProcXkbSetGeometry() may call _XkbSetGeometry() more than once (if there is more than one keyboard), thus causing on swapped clients the same data to be swapped twice in memory, further causing a server crash because the strings lengths on the second time are way off bounds. To allow _XkbSetGeometry() to run reliably more than once with swapped clients, do not swap the data in the buffer, use variables instead. Signed-off-by: Olivier Fourdan <ofourdan@redhat.com> Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> (cherry picked from commit 81c90dc8f0aae3b65730409b1b615b5fa7280ebd) (cherry picked from commit 29be310c303914090298ddda93a5bd5d00a94945) Signed-off-by: Julien Cristau <jcristau@debian.org>
* Fix OpenSSL build - upstream fix for #2091.15.2.2-xp+vc2013+x2go1Mike DePaulo2015-01-102-2/+2
|
* Remove accidentally added Makefile.bakMike DePaulo2015-01-101-686/+0
|
* Update openssl to version openssl-1.0.1kMike DePaulo2015-01-10111-3634/+2451
| | | | | Conflicts: openssl/Makefile
* Increase version string to 1.15.2.2-xp+vc2013+x2go1Mike DePaulo2015-01-106-6/+6
|
* Fix CVE-2014-8091..8103. Patches were ported from Ubuntu 14.04 (xorg-server ↵Mike DePaulo2015-01-1057-323/+917
| | | | 1.15.1)
* Call makensis.exe from the PATH1.15.2.1-xp+vc2013+x2go1Mike DePaulo2014-10-181-14/+4
|
* Increase version string to 1.15.2.1-xp+vc2013+x2go1Mike DePaulo2014-10-186-7/+7
|
* Update openssl to version openssl-1.0.1jMike DePaulo2014-10-1893-676/+2019
| | | | | | Conflicts: openssl/Makefile openssl/crypto/opensslconf.h
* Fix for last commit1.15.2.0-xp+vc2013+x2go1Mike DePaulo2014-09-024-4/+4
|
* Simplify the version string: 1.15.2.0-xp+vc2013+x2gochanges1 -> ↵Mike DePaulo2014-09-021-1/+1
| | | | 1.15.2.0-xp+vc2013+x2go1