This is an automated email from the git hooks/post-receive script. x2go pushed a change to tag 1.14.3.2 in repository vcxsrv. at 8cd280e (commit) This tag includes the following new commits: new 3691880 Initial work to get VcXsrv to build with MSVC2012 xp compatibility, and for my build environment with cygwin bash. new 0ab0f87 Fix CVE-2013-4396 (2013-10-08). The fix is included in upstream xserver 1.14.4 . new 1c038fd Fix CVE-2013-6462 (2014-01-07). The fix is included in upstream libXfont 1.4.7 . new 0369f4e Switch back from regular NSIS to Unicode NSIS. The upstream VcXsrv project is using the latter. new 2c826fe Bump version string & Date: 1.14.3 (19 Sep 2013) -> 1.14.3.1 (05 Apr 2014) new 5e505b7 Update NSIS scripts to specify that we are "XP Compatible" new 1b493f4 Fix XP compatibility, bump date: 05 Apr 2014 -> 06 Apr 2014 new 1729558 Fix CVE-2014-0209, CVE-2014-0210 and CVE-2014-0211 by taking the 12 patch files from Debian Wheezy libxfont 1.4.5-4, and applying with patch --ignore-whitespace new 4e79623 Bump version string & Date: 1.14.3.1 (05 Apr 2014) -> 1.14.3.2 (25 May 2014) new 8cd280e Update instructions in building.txt. These instructions were followed for 1.14.3.1 and 1.14.3.2. The 10 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. -- Alioth's /srv/git/code.x2go.org/vcxsrv.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/vcxsrv.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to tag 1.14.3.2 in repository vcxsrv. commit 5e505b7d453236c68bd11d5e85a5f4cb6625bab5 Author: Mike DePaulo <mikedep333@gmail.com> Date: Sun Apr 6 08:19:14 2014 -0400 Update NSIS scripts to specify that we are "XP Compatible" --- xorg-server/installer/vcxsrv-64-debug.nsi | 4 ++-- xorg-server/installer/vcxsrv-64.nsi | 4 ++-- xorg-server/installer/vcxsrv-debug.nsi | 4 ++-- xorg-server/installer/vcxsrv.nsi | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/xorg-server/installer/vcxsrv-64-debug.nsi b/xorg-server/installer/vcxsrv-64-debug.nsi index d74f53c..0c13160 100644 --- a/xorg-server/installer/vcxsrv-64-debug.nsi +++ b/xorg-server/installer/vcxsrv-64-debug.nsi @@ -18,10 +18,10 @@ ;-------------------------------- ; The name of the installer -Name "VcXsrv" +Name "VcXsrv - XP Compatible" ; The file to write -OutFile "vcxsrv-64-debug.1.14.3.1.installer.exe" +OutFile "vcxsrv-xp-64-debug.1.14.3.1.installer.exe" ; The default installation directory InstallDir $PROGRAMFILES64\VcXsrv diff --git a/xorg-server/installer/vcxsrv-64.nsi b/xorg-server/installer/vcxsrv-64.nsi index fdd47c6..8ee4b37 100644 --- a/xorg-server/installer/vcxsrv-64.nsi +++ b/xorg-server/installer/vcxsrv-64.nsi @@ -18,10 +18,10 @@ ;-------------------------------- ; The name of the installer -Name "VcXsrv" +Name "VcXsrv - XP Compatible" ; The file to write -OutFile "vcxsrv-64.1.14.3.1.installer.exe" +OutFile "vcxsrv-xp-64.1.14.3.1.installer.exe" ; The default installation directory InstallDir $programfiles64\VcXsrv diff --git a/xorg-server/installer/vcxsrv-debug.nsi b/xorg-server/installer/vcxsrv-debug.nsi index cbefffa..ff9fc43 100644 --- a/xorg-server/installer/vcxsrv-debug.nsi +++ b/xorg-server/installer/vcxsrv-debug.nsi @@ -18,10 +18,10 @@ ;-------------------------------- ; The name of the installer -Name "VcXsrv" +Name "VcXsrv - XP Compatible" ; The file to write -OutFile "vcxsrv-debug.1.14.3.1.installer.exe" +OutFile "vcxsrv-xp-debug.1.14.3.1.installer.exe" ; The default installation directory InstallDir $PROGRAMFILES32\VcXsrv diff --git a/xorg-server/installer/vcxsrv.nsi b/xorg-server/installer/vcxsrv.nsi index 7cebd55..acc4225 100644 --- a/xorg-server/installer/vcxsrv.nsi +++ b/xorg-server/installer/vcxsrv.nsi @@ -18,10 +18,10 @@ ;-------------------------------- ; The name of the installer -Name "VcXsrv" +Name "VcXsrv - XP Compatible" ; The file to write -OutFile "vcxsrv.1.14.3.1.installer.exe" +OutFile "vcxsrv-xp.1.14.3.1.installer.exe" ; The default installation directory InstallDir $PROGRAMFILES32\VcXsrv -- Alioth's /srv/git/code.x2go.org/vcxsrv.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/vcxsrv.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to tag 1.14.3.2 in repository vcxsrv. commit 1b493f424497599931b2abaca7c43925d6019558 Author: Mike DePaulo <mikedep333@gmail.com> Date: Sun Apr 6 12:15:37 2014 -0400 Fix XP compatibility, bump date: 05 Apr 2014 -> 06 Apr 2014 --- makefile.after | 4 ++-- openssl/util/pl/VC-32.pl | 8 ++++---- setvcenv.sh | 15 +++++++++++---- tools/mhmake/mhmake.vcxproj | 6 ++++++ xorg-server/hw/xwin/XWin.rc | 2 +- 5 files changed, 24 insertions(+), 11 deletions(-) diff --git a/makefile.after b/makefile.after index d6a1170..30200bd 100644 --- a/makefile.after +++ b/makefile.after @@ -43,10 +43,10 @@ load_makefile $(MHMAKECONF)\libwinmain\makefile MAKESERVER=0 DEBUG=$(DEBUG) EXTRALIB := $(MHMAKECONF)\libwinmain\$(NOSERVOBJDIR)\libwinmain.lib EXE := $(WINAPP:%=$(OBJDIR)\%.exe) -LINKFLAGS += /SUBSYSTEM:WINDOWS +LINKFLAGS += /SUBSYSTEM:WINDOWS,5.01 else EXE := $(TTYAPP:%=$(OBJDIR)\%.exe) -LINKFLAGS += /SUBSYSTEM:CONSOLE +LINKFLAGS += /SUBSYSTEM:CONSOLE,5.01 endif PDB := $(EXE:%.exe=%.pdb) diff --git a/openssl/util/pl/VC-32.pl b/openssl/util/pl/VC-32.pl index ed5fea9..3dcf699 100755 --- a/openssl/util/pl/VC-32.pl +++ b/openssl/util/pl/VC-32.pl @@ -47,8 +47,8 @@ if ($FLAVOR =~ /WIN64/) $lib_cflag='/Zl' if (!$shlib); # remove /DEFAULTLIBs from static lib $opt_cflags=$f.' /O2 /Ob2 /Oi /Ox /Oy /Ot /GL /Gy /GF /Zi'; $dbg_cflags=$f.'d /RTCc /RTC1 /Od /GS /GR /Gy /GF /Zi'; - $lflags="/NOLOGO /SUBSYSTEM:CONSOLE /OPT:REF /OPT:ICF /LTCG:STATUS"; - $lflagsd="/NOLOGO /SUBSYSTEM:CONSOLE"; + $lflags="/NOLOGO /SUBSYSTEM:CONSOLE,5.01 /OPT:REF /OPT:ICF /LTCG:STATUS"; + $lflagsd="/NOLOGO /SUBSYSTEM:CONSOLE,5.01"; *::perlasm_compile_target = sub { my ($target,$source,$bname)=@_; @@ -131,8 +131,8 @@ else # Win32 $lib_cflag='/Zl' if (!$shlib); # remove /DEFAULTLIBs from static lib $opt_cflags=$f.' /O2 /Ob2 /Oi /Ox /Oy /Ot /GL /Gy /GF /Zi'; $dbg_cflags=$f.'d /RTCc /RTC1 /Od /GS /GR /Gy /GF /Zi'; - $lflags="/NOLOGO /SUBSYSTEM:CONSOLE /OPT:REF /OPT:ICF /LTCG:STATUS"; - $lflagsd="/NOLOGO /SUBSYSTEM:CONSOLE"; + $lflags="/NOLOGO /SUBSYSTEM:CONSOLE,5.01 /OPT:REF /OPT:ICF /LTCG:STATUS"; + $lflagsd="/NOLOGO /SUBSYSTEM:CONSOLE,5.01"; } $mlflags=''; diff --git a/setvcenv.sh b/setvcenv.sh index 5bc769a..695d229 100644 --- a/setvcenv.sh +++ b/setvcenv.sh @@ -1,8 +1,13 @@ -export MHMAKECONF=`cygpath -wa .` +# Reference for MSVC 2012 with XP Compatibility: +# http://blogs.msdn.com/b/vcblog/archive/2012/10/08/10357555.aspx?PageIndex=2 +# Note that LINK is specified in various makefiles and scripts +export MHMAKECONF=`cygpath -wa .` export VisualStudioVersion="11.0" +export CL="/D_USING_V110_SDK71_" + export VCINSTALLDIR="c:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\\" export VS100COMNTOOLS="C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools\\" export VS110COMNTOOLS="C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\Tools\\" @@ -10,6 +15,8 @@ export VSINSTALLDIR="C:\Program Files (x86)\Microsoft Visual Studio 11.0\\" export WindowsSdkDir="C:\Program Files (x86)\Microsoft SDKs\Windows\v8.0\\" export WindowsSdkDir_35="C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\\" export WindowsSdkDir_old="C:\Program Files (x86)\Microsoft SDKs\Windows\v8.0A\bin\\" -export LIB="c:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\lib;c:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\lib" -export INCLUDE="c:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\include;c:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Include" -export PATH="/vcxsrv:/cygdrive/c/Program Files (x86)/Microsoft Visual Studio 11.0/VC/bin:/cygdrive/c/Program Files (x86)/Microsoft Visual Studio 11.0/Common7/IDE:/cygdrive/c/Program Files/Microsoft SDKs/Windows/v7.1A/bin:/cygdrive/c/Windows/Microsoft.NET/Framework/v4.0.30319:/cygdrive/c/Program Files (x86)/Windows Kits/8.0/bin/x86/:$PATH" +export WindowsSdkDir_71A="C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\bin\\" +export LIB="c:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\lib;c:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\lib" +export INCLUDE="c:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Include;c:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\include" + +export PATH="/cygdrive/c/Program Files/Microsoft SDKs/Windows/v7.1A/Bin:/vcxsrv:/cygdrive/c/Program Files (x86)/Microsoft Visual Studio 11.0/VC/bin:/cygdrive/c/Program Files (x86)/Microsoft Visual Studio 11.0/Common7/IDE:/cygdrive/c/Windows/Microsoft.NET/Framework/v4.0.30319:/cygdrive/c/Program Files (x86)/Windows Kits/8.0/bin/x86/:$PATH" diff --git a/tools/mhmake/mhmake.vcxproj b/tools/mhmake/mhmake.vcxproj index e50224e..e634dc8 100644 --- a/tools/mhmake/mhmake.vcxproj +++ b/tools/mhmake/mhmake.vcxproj @@ -36,34 +36,40 @@ <UseOfMfc>false</UseOfMfc> <CharacterSet>MultiByte</CharacterSet> <WholeProgramOptimization>true</WholeProgramOptimization> + <PlatformToolset>v110_xp</PlatformToolset> </PropertyGroup> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration"> <ConfigurationType>Application</ConfigurationType> <UseOfMfc>false</UseOfMfc> <CharacterSet>MultiByte</CharacterSet> + <PlatformToolset>v110_xp</PlatformToolset> </PropertyGroup> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration"> <ConfigurationType>Application</ConfigurationType> <UseOfMfc>false</UseOfMfc> <CharacterSet>MultiByte</CharacterSet> <WholeProgramOptimization>true</WholeProgramOptimization> + <PlatformToolset>v110_xp</PlatformToolset> </PropertyGroup> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Profile|x64'" Label="Configuration"> <ConfigurationType>Application</ConfigurationType> <UseOfMfc>false</UseOfMfc> <CharacterSet>MultiByte</CharacterSet> <WholeProgramOptimization>true</WholeProgramOptimization> + <PlatformToolset>v110</PlatformToolset> </PropertyGroup> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration"> <ConfigurationType>Application</ConfigurationType> <UseOfMfc>false</UseOfMfc> <CharacterSet>MultiByte</CharacterSet> + <PlatformToolset>v110</PlatformToolset> </PropertyGroup> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration"> <ConfigurationType>Application</ConfigurationType> <UseOfMfc>false</UseOfMfc> <CharacterSet>MultiByte</CharacterSet> <WholeProgramOptimization>true</WholeProgramOptimization> + <PlatformToolset>v110</PlatformToolset> </PropertyGroup> <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" /> <ImportGroup Label="ExtensionSettings"> diff --git a/xorg-server/hw/xwin/XWin.rc b/xorg-server/hw/xwin/XWin.rc index e15a201..8929ad2 100644 --- a/xorg-server/hw/xwin/XWin.rc +++ b/xorg-server/hw/xwin/XWin.rc @@ -47,7 +47,7 @@ BEGIN LTEXT "VcXsrv X Server ", IDC_STATIC, 36, 8, 220, 8 LTEXT "http://vcxsrv.sourceforge.net", IDC_STATIC, 36, 18, 220, 8 LTEXT "marha@users.sourceforge.net", IDC_STATIC, 36, 28, 220, 8 - LTEXT "Version 1.14.3.1 (05 Apr 2014)", IDC_STATIC, 36, 38, 220, 8 + LTEXT "Version 1.14.3.1 (06 Apr 2014)", IDC_STATIC, 36, 38, 220, 8 DEFPUSHBUTTON "OK", IDOK, 105, 75, 50, 15 END -- Alioth's /srv/git/code.x2go.org/vcxsrv.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/vcxsrv.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to tag 1.14.3.2 in repository vcxsrv. commit 4e79623d4753048cb0354428aafeaa73ebe6e8ee Author: Mike DePaulo <mikedep333@gmail.com> Date: Sun May 25 17:36:00 2014 -0400 Bump version string & Date: 1.14.3.1 (05 Apr 2014) -> 1.14.3.2 (25 May 2014) --- xorg-server/hw/xwin/XWin.rc | 2 +- xorg-server/installer/vcxsrv-64-debug.nsi | 2 +- xorg-server/installer/vcxsrv-64.nsi | 2 +- xorg-server/installer/vcxsrv-debug.nsi | 2 +- xorg-server/installer/vcxsrv.nsi | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/xorg-server/hw/xwin/XWin.rc b/xorg-server/hw/xwin/XWin.rc index 8929ad2..362802c 100644 --- a/xorg-server/hw/xwin/XWin.rc +++ b/xorg-server/hw/xwin/XWin.rc @@ -47,7 +47,7 @@ BEGIN LTEXT "VcXsrv X Server ", IDC_STATIC, 36, 8, 220, 8 LTEXT "http://vcxsrv.sourceforge.net", IDC_STATIC, 36, 18, 220, 8 LTEXT "marha@users.sourceforge.net", IDC_STATIC, 36, 28, 220, 8 - LTEXT "Version 1.14.3.1 (06 Apr 2014)", IDC_STATIC, 36, 38, 220, 8 + LTEXT "Version 1.14.3.2 (25 May 2014)", IDC_STATIC, 36, 38, 220, 8 DEFPUSHBUTTON "OK", IDOK, 105, 75, 50, 15 END diff --git a/xorg-server/installer/vcxsrv-64-debug.nsi b/xorg-server/installer/vcxsrv-64-debug.nsi index 0c13160..a536adc 100644 --- a/xorg-server/installer/vcxsrv-64-debug.nsi +++ b/xorg-server/installer/vcxsrv-64-debug.nsi @@ -21,7 +21,7 @@ Name "VcXsrv - XP Compatible" ; The file to write -OutFile "vcxsrv-xp-64-debug.1.14.3.1.installer.exe" +OutFile "vcxsrv-xp-64-debug.1.14.3.2.installer.exe" ; The default installation directory InstallDir $PROGRAMFILES64\VcXsrv diff --git a/xorg-server/installer/vcxsrv-64.nsi b/xorg-server/installer/vcxsrv-64.nsi index 8ee4b37..0b5bf81 100644 --- a/xorg-server/installer/vcxsrv-64.nsi +++ b/xorg-server/installer/vcxsrv-64.nsi @@ -21,7 +21,7 @@ Name "VcXsrv - XP Compatible" ; The file to write -OutFile "vcxsrv-xp-64.1.14.3.1.installer.exe" +OutFile "vcxsrv-xp-64.1.14.3.2.installer.exe" ; The default installation directory InstallDir $programfiles64\VcXsrv diff --git a/xorg-server/installer/vcxsrv-debug.nsi b/xorg-server/installer/vcxsrv-debug.nsi index ff9fc43..52f0d8f 100644 --- a/xorg-server/installer/vcxsrv-debug.nsi +++ b/xorg-server/installer/vcxsrv-debug.nsi @@ -21,7 +21,7 @@ Name "VcXsrv - XP Compatible" ; The file to write -OutFile "vcxsrv-xp-debug.1.14.3.1.installer.exe" +OutFile "vcxsrv-xp-debug.1.14.3.2.installer.exe" ; The default installation directory InstallDir $PROGRAMFILES32\VcXsrv diff --git a/xorg-server/installer/vcxsrv.nsi b/xorg-server/installer/vcxsrv.nsi index acc4225..50ae428 100644 --- a/xorg-server/installer/vcxsrv.nsi +++ b/xorg-server/installer/vcxsrv.nsi @@ -21,7 +21,7 @@ Name "VcXsrv - XP Compatible" ; The file to write -OutFile "vcxsrv-xp.1.14.3.1.installer.exe" +OutFile "vcxsrv-xp.1.14.3.2.installer.exe" ; The default installation directory InstallDir $PROGRAMFILES32\VcXsrv -- Alioth's /srv/git/code.x2go.org/vcxsrv.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/vcxsrv.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to tag 1.14.3.2 in repository vcxsrv. commit 1729558907ffa075d870eaa70e982406bc6c64c1 Author: Mike DePaulo <mikedep333@gmail.com> Date: Sun May 25 16:18:49 2014 -0400 Fix CVE-2014-0209, CVE-2014-0210 and CVE-2014-0211 by taking the 12 patch files from Debian Wheezy libxfont 1.4.5-4, and applying with patch --ignore-whitespace --- libXfont/src/fc/fsconvert.c | 16 ++- libXfont/src/fc/fserve.c | 239 +++++++++++++++++++++++++++++++++++++-- libXfont/src/fontfile/dirfile.c | 4 + libXfont/src/fontfile/fontdir.c | 5 + 4 files changed, 253 insertions(+), 11 deletions(-) diff --git a/libXfont/src/fc/fsconvert.c b/libXfont/src/fc/fsconvert.c index 15c5e42..7347dee 100644 --- a/libXfont/src/fc/fsconvert.c +++ b/libXfont/src/fc/fsconvert.c @@ -118,6 +118,10 @@ _fs_convert_props(fsPropInfo *pi, fsPropOffset *po, pointer pd, for (i = 0; i < nprops; i++, dprop++, is_str++) { memcpy(&local_off, off_adr, SIZEOF(fsPropOffset)); + if ((local_off.name.position >= pi->data_len) || + (local_off.name.length > + (pi->data_len - local_off.name.position))) + goto bail; dprop->name = MakeAtom(&pdc[local_off.name.position], local_off.name.length, 1); if (local_off.type != PropTypeString) { @@ -125,10 +129,15 @@ _fs_convert_props(fsPropInfo *pi, fsPropOffset *po, pointer pd, dprop->value = local_off.value.position; } else { *is_str = TRUE; + if ((local_off.value.position >= pi->data_len) || + (local_off.value.length > + (pi->data_len - local_off.value.position))) + goto bail; dprop->value = (INT32) MakeAtom(&pdc[local_off.value.position], local_off.value.length, 1); if (dprop->value == BAD_RESOURCE) { + bail: free (pfi->props); pfi->nprops = 0; pfi->props = 0; @@ -712,7 +721,12 @@ fs_alloc_glyphs (FontPtr pFont, int size) FSGlyphPtr glyphs; FSFontPtr fsfont = (FSFontPtr) pFont->fontPrivate; - glyphs = malloc (sizeof (FSGlyphRec) + size); + if (size < (INT_MAX - sizeof (FSGlyphRec))) + glyphs = malloc (sizeof (FSGlyphRec) + size); + else + glyphs = NULL; + if (glyphs == NULL) + return NULL; glyphs->next = fsfont->glyphs; fsfont->glyphs = glyphs; return (pointer) (glyphs + 1); diff --git a/libXfont/src/fc/fserve.c b/libXfont/src/fc/fserve.c index b02b0b7..c19fa0e 100644 --- a/libXfont/src/fc/fserve.c +++ b/libXfont/src/fc/fserve.c @@ -70,6 +70,7 @@ in this Software without prior written authorization from The Open Group. #include "fservestr.h" #include <X11/fonts/fontutil.h> #include <errno.h> +#include <limits.h> #include <time.h> #define Time_t time_t @@ -91,6 +92,15 @@ in this Software without prior written authorization from The Open Group. (pci)->descent || \ (pci)->characterWidth) +/* + * SIZEOF(r) is in bytes, length fields in the protocol are in 32-bit words, + * so this converts for doing size comparisons. + */ +#define LENGTHOF(r) (SIZEOF(r) >> 2) + +/* Somewhat arbitrary limit on maximum reply size we'll try to read. */ +#define MAX_REPLY_LENGTH ((64 * 1024 * 1024) >> 2) + extern void ErrorF(const char *f, ...); static int fs_read_glyphs ( FontPathElementPtr fpe, FSBlockDataPtr blockrec ); @@ -206,9 +216,22 @@ _fs_add_rep_log (FSFpePtr conn, fsGenericReply *rep) rep->sequenceNumber, conn->reqbuffer[i].opcode); } + +#define _fs_reply_failed(rep, name, op) do { \ + if (rep) { \ + if (rep->type == FS_Error) \ + fprintf (stderr, "Error: %d Request: %s\n", \ + ((fsError *)rep)->request, #name); \ + else \ + fprintf (stderr, "Bad Length for %s Reply: %d %s %d\n", \ + #name, rep->length, op, LENGTHOF(name)); \ + } \ +} while (0) + #else #define _fs_add_req_log(conn,op) ((conn)->current_seq++) #define _fs_add_rep_log(conn,rep) +#define _fs_reply_failed(rep,name,op) #endif static Bool @@ -600,6 +623,21 @@ fs_get_reply (FSFpePtr conn, int *error) rep = (fsGenericReply *) buf; + /* + * Refuse to accept replies longer than a maximum reasonable length, + * before we pass to _fs_start_read, since it will try to resize the + * incoming connection buffer to this size. Also avoids integer overflow + * on 32-bit systems. + */ + if (rep->length > MAX_REPLY_LENGTH) + { + ErrorF("fserve: reply length %d > MAX_REPLY_LENGTH, disconnecting" + " from font server\n", rep->length); + _fs_connection_died (conn); + *error = FSIO_ERROR; + return 0; + } + ret = _fs_start_read (conn, rep->length << 2, &buf); if (ret != FSIO_READY) { @@ -682,13 +720,15 @@ fs_read_open_font(FontPathElementPtr fpe, FSBlockDataPtr blockrec) int ret; rep = (fsOpenBitmapFontReply *) fs_get_reply (conn, &ret); - if (!rep || rep->type == FS_Error) + if (!rep || rep->type == FS_Error || + (rep->length != LENGTHOF(fsOpenBitmapFontReply))) { if (ret == FSIO_BLOCK) return StillWorking; if (rep) _fs_done_read (conn, rep->length << 2); fs_cleanup_bfont (bfont); + _fs_reply_failed (rep, fsOpenBitmapFontReply, "!="); return BadFontName; } @@ -815,6 +855,7 @@ fs_read_query_info(FontPathElementPtr fpe, FSBlockDataPtr blockrec) FSFpePtr conn = (FSFpePtr) fpe->private; fsQueryXInfoReply *rep; char *buf; + long bufleft; /* length of reply left to use */ fsPropInfo *pi; fsPropOffset *po; pointer pd; @@ -824,13 +865,15 @@ fs_read_query_info(FontPathElementPtr fpe, FSBlockDataPtr blockrec) int ret; rep = (fsQueryXInfoReply *) fs_get_reply (conn, &ret); - if (!rep || rep->type == FS_Error) + if (!rep || rep->type == FS_Error || + (rep->length < LENGTHOF(fsQueryXInfoReply))) { if (ret == FSIO_BLOCK) return StillWorking; if (rep) _fs_done_read (conn, rep->length << 2); fs_cleanup_bfont (bfont); + _fs_reply_failed (rep, fsQueryXInfoReply, "<"); return BadFontName; } @@ -844,6 +887,9 @@ fs_read_query_info(FontPathElementPtr fpe, FSBlockDataPtr blockrec) buf = (char *) rep; buf += SIZEOF(fsQueryXInfoReply); + bufleft = rep->length << 2; + bufleft -= SIZEOF(fsQueryXInfoReply); + /* move the data over */ fsUnpack_XFontInfoHeader(rep, pInfo); @@ -851,17 +897,50 @@ fs_read_query_info(FontPathElementPtr fpe, FSBlockDataPtr blockrec) _fs_init_fontinfo(conn, pInfo); /* Compute offsets into the reply */ + if (bufleft < SIZEOF(fsPropInfo)) + { + ret = -1; +#ifdef DEBUG + fprintf(stderr, "fsQueryXInfo: bufleft (%ld) < SIZEOF(fsPropInfo)\n", + bufleft); +#endif + goto bail; + } pi = (fsPropInfo *) buf; buf += SIZEOF (fsPropInfo); + bufleft -= SIZEOF(fsPropInfo); + if ((bufleft / SIZEOF(fsPropOffset)) < pi->num_offsets) + { + ret = -1; +#ifdef DEBUG + fprintf(stderr, + "fsQueryXInfo: bufleft (%ld) / SIZEOF(fsPropOffset) < %d\n", + bufleft, pi->num_offsets); +#endif + goto bail; + } po = (fsPropOffset *) buf; buf += pi->num_offsets * SIZEOF(fsPropOffset); + bufleft -= pi->num_offsets * SIZEOF(fsPropOffset); + if (bufleft < pi->data_len) + { + ret = -1; +#ifdef DEBUG + fprintf(stderr, + "fsQueryXInfo: bufleft (%ld) < data_len (%d)\n", + bufleft, pi->data_len); +#endif + goto bail; + } pd = (pointer) buf; buf += pi->data_len; + bufleft -= pi->data_len; /* convert the properties and step over the reply */ ret = _fs_convert_props(pi, po, pd, pInfo); + bail: _fs_done_read (conn, rep->length << 2); if (ret == -1) @@ -951,13 +1030,15 @@ fs_read_extent_info(FontPathElementPtr fpe, FSBlockDataPtr blockrec) FontInfoRec *fi = &bfont->pfont->info; rep = (fsQueryXExtents16Reply *) fs_get_reply (conn, &ret); - if (!rep || rep->type == FS_Error) + if (!rep || rep->type == FS_Error || + (rep->length < LENGTHOF(fsQueryXExtents16Reply))) { if (ret == FSIO_BLOCK) return StillWorking; if (rep) _fs_done_read (conn, rep->length << 2); fs_cleanup_bfont (bfont); + _fs_reply_failed (rep, fsQueryXExtents16Reply, "<"); return BadFontName; } @@ -970,7 +1051,26 @@ fs_read_extent_info(FontPathElementPtr fpe, FSBlockDataPtr blockrec) numInfos *= 2; haveInk = TRUE; } - ci = pCI = malloc(sizeof(CharInfoRec) * numInfos); + if (numInfos >= (INT_MAX / sizeof(CharInfoRec))) { +#ifdef DEBUG + fprintf(stderr, + "fsQueryXExtents16: numInfos (%d) >= %ld\n", + numInfos, (INT_MAX / sizeof(CharInfoRec))); +#endif + pCI = NULL; + } + else if (numExtents > ((rep->length - LENGTHOF(fsQueryXExtents16Reply)) + / LENGTHOF(fsXCharInfo))) { +#ifdef DEBUG + fprintf(stderr, + "fsQueryXExtents16: numExtents (%d) > (%d - %d) / %d\n", + numExtents, rep->length, + LENGTHOF(fsQueryXExtents16Reply), LENGTHOF(fsXCharInfo)); +#endif + pCI = NULL; + } + else + pCI = malloc(sizeof(CharInfoRec) * numInfos); if (!pCI) { @@ -1809,6 +1909,7 @@ fs_read_glyphs(FontPathElementPtr fpe, FSBlockDataPtr blockrec) FontInfoPtr pfi = &pfont->info; fsQueryXBitmaps16Reply *rep; char *buf; + long bufleft; /* length of reply left to use */ fsOffset32 *ppbits; fsOffset32 local_off; char *off_adr; @@ -1825,22 +1926,48 @@ fs_read_glyphs(FontPathElementPtr fpe, FSBlockDataPtr blockrec) unsigned long minchar, maxchar; rep = (fsQueryXBitmaps16Reply *) fs_get_reply (conn, &ret); - if (!rep || rep->type == FS_Error) + if (!rep || rep->type == FS_Error || + (rep->length < LENGTHOF(fsQueryXBitmaps16Reply))) { if (ret == FSIO_BLOCK) return StillWorking; if (rep) _fs_done_read (conn, rep->length << 2); err = AllocError; + _fs_reply_failed (rep, fsQueryXBitmaps16Reply, "<"); goto bail; } buf = (char *) rep; buf += SIZEOF (fsQueryXBitmaps16Reply); + bufleft = rep->length << 2; + bufleft -= SIZEOF (fsQueryXBitmaps16Reply); + + if ((bufleft / SIZEOF (fsOffset32)) < rep->num_chars) + { +#ifdef DEBUG + fprintf(stderr, + "fsQueryXBitmaps16: num_chars (%d) > bufleft (%ld) / %d\n", + rep->num_chars, bufleft, SIZEOF (fsOffset32)); +#endif + err = AllocError; + goto bail; + } ppbits = (fsOffset32 *) buf; buf += SIZEOF (fsOffset32) * (rep->num_chars); + bufleft -= SIZEOF (fsOffset32) * (rep->num_chars); + if (bufleft < rep->nbytes) + { +#ifdef DEBUG + fprintf(stderr, + "fsQueryXBitmaps16: nbytes (%d) > bufleft (%ld)\n", + rep->nbytes, bufleft); +#endif + err = AllocError; + goto bail; + } pbitmaps = (pointer ) buf; if (blockrec->type == FS_LOAD_GLYPHS) @@ -1898,7 +2025,9 @@ fs_read_glyphs(FontPathElementPtr fpe, FSBlockDataPtr blockrec) */ if (NONZEROMETRICS(&fsdata->encoding[minchar].metrics)) { - if (local_off.length) + if (local_off.length && + (local_off.position < rep->nbytes) && + (local_off.length <= (rep->nbytes - local_off.position))) { bits = allbits; allbits += local_off.length; @@ -2228,31 +2357,48 @@ fs_read_list(FontPathElementPtr fpe, FSBlockDataPtr blockrec) FSBlockedListPtr blist = (FSBlockedListPtr) blockrec->data; fsListFontsReply *rep; char *data; + long dataleft; /* length of reply left to use */ int length, i, ret; int err; rep = (fsListFontsReply *) fs_get_reply (conn, &ret); - if (!rep || rep->type == FS_Error) + if (!rep || rep->type == FS_Error || + (rep->length < LENGTHOF(fsListFontsReply))) { if (ret == FSIO_BLOCK) return StillWorking; if (rep) _fs_done_read (conn, rep->length << 2); + _fs_reply_failed (rep, fsListFontsReply, "<"); return AllocError; } data = (char *) rep + SIZEOF (fsListFontsReply); + dataleft = (rep->length << 2) - SIZEOF (fsListFontsReply); err = Successful; /* copy data into FontPathRecord */ for (i = 0; i < rep->nFonts; i++) { + if (dataleft < 1) + break; length = *(unsigned char *)data++; + dataleft--; /* used length byte */ + if (length > dataleft) { +#ifdef DEBUG + fprintf(stderr, + "fsListFonts: name length (%d) > dataleft (%ld)\n", + length, dataleft); +#endif + err = BadFontName; + break; + } err = AddFontNamesName(blist->names, data, length); if (err != Successful) break; data += length; + dataleft -= length; } _fs_done_read (conn, rep->length << 2); return err; @@ -2347,6 +2493,7 @@ fs_read_list_info(FontPathElementPtr fpe, FSBlockDataPtr blockrec) FSBlockedListInfoPtr binfo = (FSBlockedListInfoPtr) blockrec->data; fsListFontsWithXInfoReply *rep; char *buf; + long bufleft; FSFpePtr conn = (FSFpePtr) fpe->private; fsPropInfo *pi; fsPropOffset *po; @@ -2358,12 +2505,15 @@ fs_read_list_info(FontPathElementPtr fpe, FSBlockDataPtr blockrec) _fs_free_props (&binfo->info); rep = (fsListFontsWithXInfoReply *) fs_get_reply (conn, &ret); - if (!rep || rep->type == FS_Error) + if (!rep || rep->type == FS_Error || + ((rep->nameLength != 0) && + (rep->length < LENGTHOF(fsListFontsWithXInfoReply)))) { if (ret == FSIO_BLOCK) return StillWorking; binfo->status = FS_LFWI_FINISHED; err = AllocError; + _fs_reply_failed (rep, fsListFontsWithXInfoReply, "<"); goto done; } /* @@ -2380,6 +2530,7 @@ fs_read_list_info(FontPathElementPtr fpe, FSBlockDataPtr blockrec) } buf = (char *) rep + SIZEOF (fsListFontsWithXInfoReply); + bufleft = (rep->length << 2) - SIZEOF (fsListFontsWithXInfoReply); /* * The original FS implementation didn't match @@ -2388,19 +2539,71 @@ fs_read_list_info(FontPathElementPtr fpe, FSBlockDataPtr blockrec) */ if (conn->fsMajorVersion <= 1) { + if (rep->nameLength > bufleft) { +#ifdef DEBUG + fprintf(stderr, + "fsListFontsWithXInfo: name length (%d) > bufleft (%ld)\n", + (int) rep->nameLength, bufleft); +#endif + err = AllocError; + goto done; + } + /* binfo->name is a 256 char array, rep->nameLength is a CARD8 */ memcpy (binfo->name, buf, rep->nameLength); buf += _fs_pad_length (rep->nameLength); + bufleft -= _fs_pad_length (rep->nameLength); } pi = (fsPropInfo *) buf; + if (SIZEOF (fsPropInfo) > bufleft) { +#ifdef DEBUG + fprintf(stderr, + "fsListFontsWithXInfo: PropInfo length (%d) > bufleft (%ld)\n", + (int) SIZEOF (fsPropInfo), bufleft); +#endif + err = AllocError; + goto done; + } + bufleft -= SIZEOF (fsPropInfo); buf += SIZEOF (fsPropInfo); po = (fsPropOffset *) buf; + if (pi->num_offsets > (bufleft / SIZEOF (fsPropOffset))) { +#ifdef DEBUG + fprintf(stderr, + "fsListFontsWithXInfo: offset length (%d * %d) > bufleft (%ld)\n", + pi->num_offsets, (int) SIZEOF (fsPropOffset), bufleft); +#endif + err = AllocError; + goto done; + } + bufleft -= pi->num_offsets * SIZEOF (fsPropOffset); buf += pi->num_offsets * SIZEOF (fsPropOffset); pd = (pointer) buf; + if (pi->data_len > bufleft) { +#ifdef DEBUG + fprintf(stderr, + "fsListFontsWithXInfo: data length (%d) > bufleft (%ld)\n", + pi->data_len, bufleft); +#endif + err = AllocError; + goto done; + } + bufleft -= pi->data_len; buf += pi->data_len; if (conn->fsMajorVersion > 1) { + if (rep->nameLength > bufleft) { +#ifdef DEBUG + fprintf(stderr, + "fsListFontsWithXInfo: name length (%d) > bufleft (%ld)\n", + (int) rep->nameLength, bufleft); +#endif + err = AllocError; + goto done; + } + /* binfo->name is a 256 char array, rep->nameLength is a CARD8 */ memcpy (binfo->name, buf, rep->nameLength); buf += _fs_pad_length (rep->nameLength); + bufleft -= _fs_pad_length (rep->nameLength); } #ifdef DEBUG @@ -2786,7 +2989,7 @@ _fs_recv_conn_setup (FSFpePtr conn) int ret = FSIO_ERROR; fsConnSetup *setup; FSFpeAltPtr alts; - int i, alt_len; + unsigned int i, alt_len; int setup_len; char *alt_save, *alt_names; @@ -2813,8 +3016,9 @@ _fs_recv_conn_setup (FSFpePtr conn) } if (setup->num_alternates) { + size_t alt_name_len = setup->alternate_len << 2; alts = malloc (setup->num_alternates * sizeof (FSFpeAltRec) + - (setup->alternate_len << 2)); + alt_name_len); if (alts) { alt_names = (char *) (setup + 1); @@ -2823,10 +3027,25 @@ _fs_recv_conn_setup (FSFpePtr conn) { alts[i].subset = alt_names[0]; alt_len = alt_names[1]; + if (alt_len >= alt_name_len) { + /* + * Length is longer than setup->alternate_len + * told us to allocate room for, assume entire + * alternate list is corrupted. + */ +#ifdef DEBUG + fprintf (stderr, + "invalid alt list (length %lx >= %lx)\n", + (long) alt_len, (long) alt_name_len); +#endif + free(alts); + return FSIO_ERROR; + } alts[i].name = alt_save; memcpy (alt_save, alt_names + 2, alt_len); alt_save[alt_len] = '\0'; alt_save += alt_len + 1; + alt_name_len -= alt_len + 1; alt_names += _fs_pad_length (alt_len + 2); } conn->numAlts = setup->num_alternates; diff --git a/libXfont/src/fontfile/dirfile.c b/libXfont/src/fontfile/dirfile.c index c8aff6f..789fde5 100644 --- a/libXfont/src/fontfile/dirfile.c +++ b/libXfont/src/fontfile/dirfile.c @@ -42,6 +42,7 @@ in this Software without prior written authorization from The Open Group. #include <sys/types.h> #include <sys/stat.h> #include <errno.h> +#include <limits.h> static Bool AddFileNameAliases ( FontDirectoryPtr dir ); static int ReadFontAlias ( char *directory, Bool isFile, @@ -374,6 +375,9 @@ lexAlias(FILE *file, char **lexToken) int nsize; char *nbuf; + if (tokenSize >= (INT_MAX >> 2)) + /* Stop before we overflow */ + return EALLOC; nsize = tokenSize ? (tokenSize << 1) : 64; nbuf = realloc(tokenBuf, nsize); if (!nbuf) diff --git a/libXfont/src/fontfile/fontdir.c b/libXfont/src/fontfile/fontdir.c index 97b2ba3..ce1595c 100644 --- a/libXfont/src/fontfile/fontdir.c +++ b/libXfont/src/fontfile/fontdir.c @@ -177,6 +177,11 @@ FontFileAddEntry(FontTablePtr table, FontEntryPtr prototype) if (table->sorted) return (FontEntryPtr) 0; /* "cannot" happen */ if (table->used == table->size) { + if (table->size >= ((INT32_MAX / sizeof(FontEntryRec)) - 100)) + /* If we've read so many entries we're going to ask for 2gb + or more of memory, something is so wrong with this font + directory that we should just give up before we overflow. */ + return NULL; newsize = table->size + 100; entry = realloc(table->entries, newsize * sizeof(FontEntryRec)); if (!entry) -- Alioth's /srv/git/code.x2go.org/vcxsrv.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/vcxsrv.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to tag 1.14.3.2 in repository vcxsrv. commit 8cd280e3918f89451c2674e120f4d1ec2b0a9879 Author: Mike DePaulo <mikedep333@gmail.com> Date: Thu May 29 09:46:10 2014 -0400 Update instructions in building.txt. These instructions were followed for 1.14.3.1 and 1.14.3.2. --- building.txt | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/building.txt b/building.txt index 43f0439..5e460cc 100644 --- a/building.txt +++ b/building.txt @@ -1,18 +1,23 @@ Prerequisits: -- Visual C++ 2010 - Visual C++ 2010 Express Edition is probably also ok (not tested) -- Perl (cygwin perl (http://www.cygwin.com/), strawberry perl (http://strawberryperl.com) or activestate perl (http://www.activestate.com/activeperl/) ) +- Windows Vista or later (The built code can run on XP, but your build machine must be Vista or later. This is a limitation of Visual Studio 2012.) +- Visual C++ 2012 Express Edition with the latest update (update 4 is currently used) + Visual C++ 2012 (with said update) is probably also ok (not tested) +- Cygwin. I am not sure of the exact packages, but perl and git are 2 of them. Only 32-bit Cygwin has been tested. - Python (2.7 used: http://www.python.org/) + libxml2 python bindings - Gnuwin32 gperf, gawk, gzip, flex, bison (and it's dependancies), sed (and it's dependancies (http://gnuwin32.sourceforge.net/), gperf - nasm (http://nasm.sourceforge.net). Make sure the nasm directory is in your path - Make sure that the gnuwin32 binaries are in a directory path with no spaces, like 'C:\gnuwin32\bin' - Make sure the environment PATH includes the directory where the gnuwin32 binaries are -- Make sure python, perl are in the environment PATH -- make sure the command prompt is set for compiling with the visual studio compiler (vcvars32.bat) -- To build the installer: nsis +- Make sure python, is in the environment PATH +- To build the installer: NSIS Unicode +- To build the installer, make sure NSIS Unicode is in the path (e.g. C:\Program Files (x86)\NSIS\Unicode) +- If you are on 32-bit Windows instead of 64-bit like I am, edit setvcenv.sh for the 32-bit folder path differences -Run the command buildall.bat. This will build everything including the installer. +Open up cygwin's bash shell and cd to the top directory +Run the command `source setvcenv.sh` +Run the command `buildall.bat`. This will build everything including the installer. +The 64-bit version will not be built and the 64-bit installer will fail. This is a limitation this XP compatible branch (VcXsrv 1.14.3.x). Patches are welcome. -To clean the project tree (uses git) go to the top directory at a command prompt -and type in 'git clean -dfx' +To clean the project tree (uses git) go to the top directory at a cygwin bash shell +and type in `git clean -dfx` -- Alioth's /srv/git/code.x2go.org/vcxsrv.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/vcxsrv.git
-
git-admin@x2go.org