I think it's about time for a second release candidate for Xlib 1.6, don't you? This release is brought to you by the letters C, V, & E, and more numbers than I can count, with a special guest appearance by the letters J? and j?. Please test & report any issues you find (by May 31 if possible). Unless any blockers turn up, I plan to cut the final 1.6 release the first week of June. Alan Coopersmith (41): Move big request comment in XOpenDisplay to the right place Move repeated #ifdef magic to find PATH_MAX into a common header Add _XEatDataWords to discard a given number of 32-bit words of reply data integer overflow in _XQueryFont() on 32-bit platforms [CVE-2013-1981 1/13] integer overflow in _XF86BigfontQueryFont() [CVE-2013-1981 2/13] integer overflow in XListFontsWithInfo() [CVE-2013-1981 3/13] integer overflow in XGetMotionEvents() [CVE-2013-1981 4/13] integer overflow in XListHosts() [CVE-2013-1981 5/13] unvalidated lengths in XAllocColorCells() [CVE-2013-1997 1/15] unvalidated index in _XkbReadGetDeviceInfoReply() [CVE-2013-1997 2/15] unvalidated indexes in _XkbReadGeomShapes() [CVE-2013-1997 3/15] unvalidated indexes in _XkbReadGetGeometryReply() [CVE-2013-1997 4/15] unvalidated index in _XkbReadKeySyms() [CVE-2013-1997 5/15] unvalidated index in _XkbReadKeyActions() [CVE-2013-1997 6/15] unvalidated index in _XkbReadKeyBehaviors() [CVE-2013-1997 7/15] unvalidated index in _XkbReadModifierMap() [CVE-2013-1997 8/15] unvalidated index in _XkbReadExplicitComponents() [CVE-2013-1997 9/15] unvalidated index in _XkbReadVirtualModMap() [CVE-2013-1997 10/15] unvalidated index/length in _XkbReadGetNamesReply() [CVE-2013-1997 11/15] unvalidated length in _XimXGetReadData() [CVE-2013-1997 12/15] Integer overflows in stringSectionSize() cause buffer overflow in ReadColornameDB() [CVE-2013-1981 6/13] integer overflow in ReadInFile() in Xrm.c [CVE-2013-1981 7/13] Unbounded recursion in GetDatabase() when parsing include files [CVE-2013-2004 1/2] Unbounded recursion in _XimParseStringFile() when parsing include files [CVE-2013-2004 2/2] integer truncation in _XimParseStringFile() [CVE-2013-1981 8/13] integer overflows in TransFileName() [CVE-2013-1981 9/13] integer overflow in XGetWindowProperty() [CVE-2013-1981 10/13] integer overflow in XGetImage() [CVE-2013-1981 11/13] integer overflow in XGetPointerMapping() & XGetKeyboardMapping() [CVE-2013-1981 12/13] integer overflow in XGetModifierMapping() [CVE-2013-1981 13/13] Avoid overflows in XListFonts() [CVE-2013-1997 13/15] Avoid overflows in XGetFontPath() [CVE-2013-1997 14/15] Avoid overflows in XListExtensions() [CVE-2013-1997 15/15] Make XGetWindowProperty() always initialize returned values Convert more _XEatData callers to _XEatDataWords Remove more unnecessary casts from Xmalloc/calloc calls Use calloc in XOpenDisplay to initialize structs containing pointers _XkbReadGetMapReply: reject maxKeyCodes smaller than the minKeyCode Give GNU & Solaris Studio compilers hints about XEatData branches Free fs->properties in _XF86BigfontQueryFont overflow error path libX11 1.5.99.902 (1.6 RC2) Julien Cristau (1): xkb: fix off-by-one in _XkbReadGetNamesReply and _XkbReadVirtualModMap Matthieu Herrb (1): XListFontsWithInfo: Re-decrement flist[0] before calling free() on it. Niveditha Rau (1): Make sure internal headers include required headers Pander (1): Add compose sequences for J? and j?. git tag: libX11-1.5.99.902 http://xorg.freedesktop.org/archive/individual/lib/libX11-1.5.99.902.tar.bz2 MD5: 0f1a38133d11d64ad02fecb508b049ed SHA1: d7d6909b57804104a38e8f1ed1d5f639062b030a SHA256: 9e6a28609e1857600d51d45b90f14853350176e00bd50c863603164f539cdf8c http://xorg.freedesktop.org/archive/individual/lib/libX11-1.5.99.902.tar.gz MD5: 04883210511cebec1d74dc9be184b82d SHA1: d0101aa3ee027b90a801544982026ab0dcb661e9 SHA256: 82ae9cca7bc09f5236a57d18fa1cecf4ec0be6866316656eae39df43b5642c79 -- -Alan Coopersmith- alan.coopersmith at oracle.com Oracle Solaris Engineering - http://blogs.oracle.com/alanc -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 832 bytes Desc: not available URL: <http://lists.x.org/archives/xorg-announce/attachments/20130523/4e388da3/attachment.pgp>