aboutsummaryrefslogtreecommitdiff
path: root/debian
diff options
context:
space:
mode:
Diffstat (limited to 'debian')
-rw-r--r--debian/changelog3
-rw-r--r--debian/patches/008_nxproxy_add-nxproxy-wrapper.patch (renamed from debian/patches/008_nxproxy_add-nx-proxy-wrapper.patch)0
-rw-r--r--debian/patches/110_nxagent_createpixmap-bounds-check.patch26
-rw-r--r--debian/patches/series3
4 files changed, 31 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog
index bf3d875c4..a63a68077 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -23,6 +23,9 @@ nx-libs (2:3.5.0-0~x2go2) UNRELEASED; urgency=low
package.
* Rework FreeNX patches to be applicable to latest NX sources.
* Install nxagent.xpm icon to /usr/share/pixmaps.
+ * Rename patch: 008_nxproxy_add-nx-proxy-wrapper.patch to
+ 008_nxproxy_add-nxproxy-wrapper.patch.
+ * Add patch from FreeNX patchset: 110_nxagent_createpixmap-bounds-check.patch.
-- Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Wed, 28 Dec 2011 19:06:26 +0100
diff --git a/debian/patches/008_nxproxy_add-nx-proxy-wrapper.patch b/debian/patches/008_nxproxy_add-nxproxy-wrapper.patch
index 9c208e2e8..9c208e2e8 100644
--- a/debian/patches/008_nxproxy_add-nx-proxy-wrapper.patch
+++ b/debian/patches/008_nxproxy_add-nxproxy-wrapper.patch
diff --git a/debian/patches/110_nxagent_createpixmap-bounds-check.patch b/debian/patches/110_nxagent_createpixmap-bounds-check.patch
new file mode 100644
index 000000000..a5d4c3afa
--- /dev/null
+++ b/debian/patches/110_nxagent_createpixmap-bounds-check.patch
@@ -0,0 +1,26 @@
+--- a/nx-X11/programs/Xserver/hw/nxagent/NXdispatch.c
++++ b/nx-X11/programs/Xserver/hw/nxagent/NXdispatch.c
+@@ -1973,6 +1973,23 @@
+ client->errorValue = 0;
+ return BadValue;
+ }
++ if (stuff->width > 32767 || stuff->height > 32767)
++ {
++ /* It is allowed to try and allocate a pixmap which is larger than
++ * 32767 in either dimension. However, all of the framebuffer code
++ * is buggy and does not reliably draw to such big pixmaps, basically
++ * because the Region data structure operates with signed shorts
++ * for the rectangles in it.
++ *
++ * Furthermore, several places in the X server computes the
++ * size in bytes of the pixmap and tries to store it in an
++ * integer. This integer can overflow and cause the allocated size
++ * to be much smaller.
++ *
++ * So, such big pixmaps are rejected here with a BadAlloc
++ */
++ return BadAlloc;
++ }
+ if (stuff->depth != 1)
+ {
+ pDepth = pDraw->pScreen->allowedDepths;
diff --git a/debian/patches/series b/debian/patches/series
index e128385eb..1a6698661 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -5,7 +5,7 @@
005_nxagent_add-nxagent-wrapper.patch
006_remove-configure-files.patch
007_nxcompshad_clean-gch-files.patch
-008_nxproxy_add-nx-proxy-wrapper.patch
+008_nxproxy_add-nxproxy-wrapper.patch
009_nxproxy_add-man-page.patch
010_nxauth_fix-binary-name-in-man-page.patch
011_nxauth_add-nxauth-wrapper.patch
@@ -23,4 +23,5 @@
107_nxagent_clipboard-compound-text+small-bed-sheets.patch
108_nxagent_wine-close-delay.patch
109_nxagent_locale-utf8-compound-text.patch
+110_nxagent_createpixmap-bounds-check.patch
200_nxagent_unbrand-agent.patch