X.org vintage bugs, Google FOSS fixings and a dropzone – Snippets


  • Vintage bugs: Back in 1993, a use after free bug when handling ImageText wriggled its way into the X.org server and settled into what is believed to be every X.org server release that came after. Just over 20 years later, a security advisory and patch have been published for the bug. So look out for updates to your Linux distribution’s (or other Unix’s) X.org server in the near future. To many eyes, all bugs are eventually shallow. But, who really wants to look inside an X server.
  • Google’s FOSS-fixins: If you are looking for more than just bugs to fix, you can also check out Google’s latest bounty program which is offering rewards for proactively fixing up the security in well known open source applications. First up for rewards are OpenSSH, BIND, ISC DHCP, libjpeg, libjpeg-turbo, libpng, giflib, Chromium, Blink, OpenSSL, zlib and “Security-critical, commonly used components of the Linux kernel”. Help harden them up and you could be in line for up to $3133.7. The second phase will see that set of code joined by Apache httpd, lighttpd, nginx, Sendmail, Postfix, Exim, the toolchain security for GCC, binutils and LLVM and OpenVPN. I applaud Google for this as it goes beyond Google Summer of Code manpower and mentoring and should let a whole new set of contributors help harden the open source ecosystem.
  • DropzoneJS: Do you love sites which make it easy to upload images with a drag and a drop into the browser? The open source (MIT license) DropzoneJS library helps you do it with style, letting you drag files into the drop zone and showing uploads with thumbnails – its reported to have some trouble with hundreds of images, but also is easy to implement – if thats what you want to work with its there to be fixed.