summaryrefslogtreecommitdiff
path: root/lib/libXfont/src
AgeCommit message (Collapse)Author
2014-05-18Update to libXfont 1.4.8Matthieu Herrb
2014-05-13Security fixes from X.Org Advisory:Matthieu Herrb
X Font Service Protocol & Font metadata file handling issues in libXfont May 13, 2014 - CVE-2014-0209: integer overflow of allocations in font metadata file parsing When a local user who is already authenticated to the X server adds a new directory to the font path, the X server calls libXfont to open the fonts.dir and fonts.alias files in that directory and add entries to the font tables for every line in it. A large file (~2-4 gb) could cause the allocations to overflow, and allow the remaining data read from the file to overwrite other memory in the heap. Affected functions: FontFileAddEntry(), lexAlias() - CVE-2014-0210: unvalidated length fields when parsing xfs protocol replies When parsing replies received from the font server, these calls do not check that the lengths and/or indexes returned by the font server are within the size of the reply or the bounds of the memory allocated to store the data, so could write past the bounds of allocated memory when storing the returned data. Affected functions: _fs_recv_conn_setup(), fs_read_open_font(), fs_read_query_info(), fs_read_extent_info(), fs_read_glyphs(), fs_read_list(), fs_read_list_info() - CVE-2014-0211: integer overflows calculating memory needs for xfs replies These calls do not check that their calculations for how much memory is needed to handle the returned data have not overflowed, so can result in allocating too little memory and then writing the returned data past the end of the allocated buffer. Affected functions: fs_get_reply(), fs_alloc_glyphs(), fs_read_extent_info() Reported by Ilja van Sprundel of IOActive Fixes by Alan Coopersmith of Oracle
2014-01-07Update to libXfont 1.4.7. Include fix for CVE-2013-6462.Matthieu Herrb
unlimited sscanf overflows stack buffer in bdfReadCharacters
2013-08-18A local change that can go now that vax is gcc 3 and ELFMatthieu Herrb
2013-08-18Reduce diff with upstreams. (white space)Matthieu Herrb
2013-08-18Update to libXfont 1.4.6.Matthieu Herrb
2012-03-04Update to libXfont 1.4.5Matthieu Herrb
2011-09-10Update to libXfont 1.4.4Matthieu Herrb
2011-08-11fix from matthieu@ as applied upstream for CVE-2011-2895Todd T. Fries
ok deraadt@
2011-01-20Enable weak symbols under OpenBSD on non-ELF platforms, too.Miod Vallat
ok matthieu@ todd@
2010-11-02Fix weak symbols declarations for gcc 2.95Matthieu Herrb
2010-10-31Update to libXfont 1.4.3. No functional change.Matthieu Herrb
2010-09-04Update to libXfont 1.4.2Matthieu Herrb
2009-10-31missed files during libXfont 1.4.1 update.Matthieu Herrb
2009-10-31Update to libXfont 1.4.1Matthieu Herrb
2008-05-24merge libXfont 1.3.2. bump major since some symbols were removed.Matthieu Herrb
2008-01-17Fix from X.Org for CVE-2008-0006 - PCF Font parser buffer overflow.Matthieu Herrb
2007-12-14Fix build with gcc 2.95.Matthieu Herrb
2007-09-08Merge libXfont 1.3.0. Tested by naddy@ and mbalmer@.Matthieu Herrb
2007-09-08import libXfont 1.3.0Matthieu Herrb
2007-04-08merge libXfont 1.2.8Matthieu Herrb
2007-04-08import libXfont 1.2.8Matthieu Herrb
2007-04-04bdf CVE-2007-1351Todd T. Fries
BDFFont Parsing Integer Overflow Vulnerability The discoverer of this vulnerability wishes to remain anonymous. from matthieu@
2007-04-04fontdir CVE-2007-1352Todd T. Fries
fonts.dir File Parsing Integer Overflow Vulnerability The discoverer of this vulnerability wishes to remain anonymous. from matthieu@
2007-03-25Revert local debug stuff that wasn't meant to be committed.Matthieu Herrb
2007-03-25regen with libtool 1.5.22p9Matthieu Herrb
2007-03-18regen with automake 1.9.6p2Matthieu Herrb
2006-12-16merge libXfont 1.2.5 and regenerateMatthieu Herrb
2006-11-28regenMatthieu Herrb
2006-11-28Try to prevent endless regeneration of Makefile.in caused to RCS Id expansion.Matthieu Herrb
2006-11-27regenerate with OpenBSD autotoolsMatthieu Herrb
2006-11-26regen with OpenBSD autotoolsMatthieu Herrb
2006-11-25import from X.Org 7.2RC1Matthieu Herrb
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-04 20:03:11 +0000