1. 14 Jul, 2019 2 commits
  2. 28 Mar, 2019 2 commits
  3. 27 Mar, 2019 11 commits
  4. 11 Mar, 2019 1 commit
  5. 08 Dec, 2018 1 commit
  6. 20 Nov, 2018 1 commit
  7. 10 Nov, 2018 1 commit
    • Cosimo Cecchi's avatar
      Support XDG user data dir location · 2263c196
      Cosimo Cecchi authored
      Nowadays ~/.icons is not used anymore as the preferred location for
      custom user icon themes; XDG_DATA_HOME/icons (aka ~/.local/share/icons)
      is what toolkits like GTK prefer.
      
      Prepend that location to the default xcursor path, so that cursor
      themes installed there can be used by apps and toolkits that use
      libXcursor.
      2263c196
  8. 09 Nov, 2018 4 commits
  9. 24 Mar, 2018 1 commit
  10. 19 Dec, 2017 9 commits
  11. 25 Nov, 2017 2 commits
    • Matthieu Herrb's avatar
      libXcursor 1.1.15 · 4828abe4
      Matthieu Herrb authored
      Signed-off-by: 's avatarMatthieu Herrb <matthieu@herrb.eu>
      4828abe4
    • Tobias Stoeckmann's avatar
      Fix heap overflows when parsing malicious files. (CVE-2017-16612) · 4794b5dd
      Tobias Stoeckmann authored
      It is possible to trigger heap overflows due to an integer overflow
      while parsing images and a signedness issue while parsing comments.
      
      The integer overflow occurs because the chosen limit 0x10000 for
      dimensions is too large for 32 bit systems, because each pixel takes
      4 bytes. Properly chosen values allow an overflow which in turn will
      lead to less allocated memory than needed for subsequent reads.
      
      The signedness bug is triggered by reading the length of a comment
      as unsigned int, but casting it to int when calling the function
      XcursorCommentCreate. Turning length into a negative value allows the
      check against XCURSOR_COMMENT_MAX_LEN to pass, and the following
      addition of sizeof (XcursorComment) + 1 makes it possible to allocate
      less memory than needed for subsequent reads.
      Signed-off-by: 's avatarTobias Stoeckmann <tobias@stoeckmann.org>
      Reviewed-by: 's avatarMatthieu Herrb <matthieu@herrb.eu>
      4794b5dd
  12. 24 Aug, 2017 3 commits
  13. 20 Aug, 2017 2 commits