aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* debian/changelog: add entry for last change.Mihai Moldovan2015-05-261-0/+6
|
* Security fixes: X.Org CVE-2014-8100:Mihai Moldovan2015-05-261-16/+137
| | | | | | | | v3: port to NXrender.c rather than render.c (Mike DePaulo) v4: backport v3 to nx-libs 3.5.0.x (Mihai Moldovan) Changes: - 1028-render-unvalidated-lengths-in-Render-extn.-swap.full.patch
* debian/changelog: add entry for last change.Mihai Moldovan2015-05-261-0/+6
|
* Security fixes: X.Org CVE-2014-8100:Mihai Moldovan2015-05-261-6/+18
| | | | | | | | v3: port to NXrender.c rather than render.c (Mike DePaulo) v4: backport v3 to nx-libs 3.5.0.x (Mihai Moldovan) Changes: - 1027-render-check-request-size-before-reading-it-CVE.full.patch
* debian/libnx-xinerama1.*: fix faulty logic when creating symlinks.Mihai Moldovan2015-05-052-3/+5
| | | | Backported from Arctica GH 3.6.x branch.
* debian/control: workaround missing dependencies of nxagent on Ubuntu for now.Mihai Moldovan2015-05-022-0/+8
|
* Security fixes: X.Org CVE-2015-3418:Mike Gabriel2015-05-013-0/+33
| | | | | | | v3: backport to 3.5.0.x branch. (Mihai Moldovan) Adds: - 1210-CVE-2015-3418-dix-Allow-zero-height-PutImage-re.full.patch
* nx-libs.spec: actually create libXinerama.so.1 symlink during build phase.Mihai Moldovan2015-04-302-0/+3
| | | | Backported from Arctica GH 3.6.x branch.
* debian/changelog: add changelog entry for the last two changes.Mihai Moldovan2015-04-301-0/+7
|
* debian/libnx-xinerama1.*: move Xinerama dir back to nx-x11-common. Only ↵Mihai Moldovan2015-04-303-8/+14
| | | | delete known files. Fixes RPM build failures.
* libnx-xinerama1: also create libXinerama symlink in ↵Mihai Moldovan2015-04-293-29/+36
| | | | | | | | | | | | | | | | | | | | | libnx-xinerama1.postinst.postinst (and remove in libnx-xinerama1.postinst.prerm.) Due to the nx-x11-common package being a noarch/allarch package, creating the symlink in nx-libs' Makefile will lead to the symlink referencing the "default" architecture dpkg uses for building noarch/allarch packages. Incidentally, this worked fine for Debian, as amd64 seems to be the default architecture. On Ubuntu, however, the default architecture up to Vivid (15.04) was i386. For those builds, the symlink pointed to the 32 bit library of libNX_Xinerama.so.1 -- essentially breaking this feature. Move the symlink creation to the arch-sensitive libnx-xinerama1 package. The postinst and prerm scriptlets will work fine, unless someone installs the i386 package version *after* the amd64 version. Given that we already create symlinks to libNX_X11 and friends using that method, no new regression is introduced. Strictly speaking that's a bug, but we'll hopefully clean that up later...
* README.keystrokes: remove accidentally copied Dokuwiki syntax.Mihai Moldovan2015-04-272-1/+2
| | | | | | | Backported from Arctica GH 3.6.x branch. Affects: - 0320_nxagent_configurable-keystrokes.full.patch
* etc/keystrokes.cfg: fix whitespace errors.Mihai Moldovan2015-04-272-16/+18
| | | | Backported from Arctica GH 3.6.x branch.
* debian/changelog: unify entry for README.keystrokes.Mihai Moldovan2015-04-271-4/+2
|
* README.keystrokes: add documentation for branding behavior.Mihai Moldovan2015-04-272-3/+16
| | | | | | | Backported from Arctica GH 3.6.x branch. Affects: - 0320_nxagent_configurable-keystrokes.full.patch
* README.keystrokes: copy actions documentation from the wiki.Mihai Moldovan2015-04-272-11/+26
| | | | | | | Backported from Arctica GH 3.6.x branch. Affects: - 0320_nxagent_configurable-keystrokes.full.patch
* debian/changelog: document the last commits.Mihai Moldovan2015-04-271-0/+12
|
* debian/roll-tarballs.sh: next batch of quotes.Mihai Moldovan2015-04-271-27/+27
|
* debian/roll-tarballs.sh: whitespace changes for consistency.Mihai Moldovan2015-04-271-30/+30
|
* debian/roll-tarballs.sh: don't escape last newline of a multiline command.Mihai Moldovan2015-04-271-1/+1
| | | | | | | Worked out fine so far, because the next line was empty, but this can easily change... Cherry-picked from Arctica GH 3.6.x branch.
* debian/roll-tarballs.sh: use more curly braces.Mihai Moldovan2015-04-271-3/+3
| | | | | | Prevents random characters as being treated as part of a variable name. Cherry-picked from Arctica GH 3.6.x branch.
* debian/roll-tarballs.sh: convert tabs to spaces.Mihai Moldovan2015-04-271-9/+9
| | | | Cherry-picked from Arctica GH 3.6.x branch.
* debian/roll-tarballs.sh: use more quotes.Mihai Moldovan2015-04-271-16/+16
| | | | | | | | | | | Fixes potential bugs, including one triggered by an unquoted hash within the command line. BASH accepts this. Other shells do not (i.e., treat everything following the hash character as a comment.) Cherry-picked from Arctica GH 3.6.x branch. Conflicts: debian/roll-tarballs.sh
* nxcompshad: Prevent underlinking by linking to libNX_Xext.Mike Gabriel2015-04-273-0/+18
| | | | | Adds: - 0650_nxcompshad_link-to-NX_Xext.full.patch
* nx-X11: Prevent underlinking by linking to libNX_X{11,damage,fixes).Mike Gabriel2015-04-273-0/+19
| | | | | Adds: - 0640_nx-X11_fix-underlinking-libNX_Xcomposite_damage_fixes.full.patch
* CVE patches were previously not included in release tarballs.Mihai Moldovan2015-04-2648-46/+140
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rename: - 1001-LZW-decompress-fix-for-CVE-2011-2895-From-xorg-lib-X.patch => 1001-LZW-decompress-fix-for-CVE-2011-2895-From-xorg-.full.patch - 1002-Fix-CVE-2011-4028-File-disclosure-vulnerability.-ups.patch => 1002-Fix-CVE-2011-4028-File-disclosure-vulnerability.full.patch - 1003-Avoid-use-after-free-in-dix-dixfonts.c-doImageText-C.patch => 1003-Avoid-use-after-free-in-dix-dixfonts.c-doImageT.full.patch - 1004-CVE-2013-6462-unlimited-sscanf-overflows-stack-buffe.patch => 1004-CVE-2013-6462-unlimited-sscanf-overflows-stack-.full.patch - 1005-CVE-2014-0209-integer-overflow-of-realloc-size-in-Fo.patch => 1005-CVE-2014-0209-integer-overflow-of-realloc-size-.full.patch - 1006-CVE-2014-0209-integer-overflow-of-realloc-size-in-le.patch => 1006-CVE-2014-0209-integer-overflow-of-realloc-size-.full.patch - 1007-CVE-2014-0210-unvalidated-length-in-_fs_recv_conn_se.patch => 1007-CVE-2014-0210-unvalidated-length-in-_fs_recv_co.full.patch - 1008-Don-t-crash-when-we-receive-an-FS_Error-from-the-fon.patch => 1008-Don-t-crash-when-we-receive-an-FS_Error-from-th.full.patch - 1009-CVE-2014-0210-unvalidated-lengths-when-reading-repli.patch => 1009-CVE-2014-0210-unvalidated-lengths-when-reading-.full.patch - 1010-CVE-2014-0211-Integer-overflow-in-fs_get_reply-_fs_s.patch => 1010-CVE-2014-0211-Integer-overflow-in-fs_get_reply-.full.patch - 1011-CVE-2014-0210-unvalidated-length-fields-in-fs_read_q.patch => 1011-CVE-2014-0210-unvalidated-length-fields-in-fs_r.full.patch - 1012-CVE-2014-0211-integer-overflow-in-fs_read_extent_inf.patch => 1012-CVE-2014-0211-integer-overflow-in-fs_read_exten.full.patch - 1013-CVE-2014-0211-integer-overflow-in-fs_alloc_glyphs-fr.patch => 1013-CVE-2014-0211-integer-overflow-in-fs_alloc_glyp.full.patch - 1014-CVE-2014-0210-unvalidated-length-fields-in-fs_read_e.patch => 1014-CVE-2014-0210-unvalidated-length-fields-in-fs_r.full.patch - 1015-CVE-2014-0210-unvalidated-length-fields-in-fs_read_g.patch => 1015-CVE-2014-0210-unvalidated-length-fields-in-fs_r.full.patch - 1016-CVE-2014-0210-unvalidated-length-fields-in-fs_read_l.patch => 1016-CVE-2014-0210-unvalidated-length-fields-in-fs_r.full.patch - 1017-CVE-2014-0210-unvalidated-length-fields-in-fs_read_l.patch => 1017-CVE-2014-0210-unvalidated-length-fields-in-fs_r.full.patch - 1018-unchecked-malloc-may-allow-unauthed-client-to-crash-.patch => 1018-unchecked-malloc-may-allow-unauthed-client-to-c.full.patch - 1019-dix-integer-overflow-in-ProcPutImage-CVE-2014-8092-1.patch => 1019-dix-integer-overflow-in-ProcPutImage-CVE-2014-8.full.patch - 1020-dix-integer-overflow-in-GetHosts-CVE-2014-8092-2-4.patch => 1020-dix-integer-overflow-in-GetHosts-CVE-2014-8092-.full.patch - 1021-dix-integer-overflow-in-RegionSizeof-CVE-2014-8092-3.patch => 1021-dix-integer-overflow-in-RegionSizeof-CVE-2014-8.full.patch - 1022-dix-integer-overflow-in-REQUEST_FIXED_SIZE-CVE-2014-.patch => 1022-dix-integer-overflow-in-REQUEST_FIXED_SIZE-CVE-.full.patch - 1023-dbe-unvalidated-lengths-in-DbeSwapBuffers-calls-CVE-.patch => 1023-dbe-unvalidated-lengths-in-DbeSwapBuffers-calls.full.patch - 1024-Xi-unvalidated-lengths-in-Xinput-extension-CVE-2014-.patch => 1024-Xi-unvalidated-lengths-in-Xinput-extension-CVE-.full.patch - 1025-xcmisc-unvalidated-length-in-SProcXCMiscGetXIDList-C.patch => 1025-xcmisc-unvalidated-length-in-SProcXCMiscGetXIDL.full.patch - 1026-Xv-unvalidated-lengths-in-XVideo-extension-swapped-p.patch => 1026-Xv-unvalidated-lengths-in-XVideo-extension-swap.full.patch - 1027-render-check-request-size-before-reading-it-CVE-2014.patch => 1027-render-check-request-size-before-reading-it-CVE.full.patch - 1028-render-unvalidated-lengths-in-Render-extn.-swapped-p.patch => 1028-render-unvalidated-lengths-in-Render-extn.-swap.full.patch - 1029-xfixes-unvalidated-length-in-SProcXFixesSelectSelect.patch => 1029-xfixes-unvalidated-length-in-SProcXFixesSelectS.full.patch - 1030-randr-unvalidated-lengths-in-RandR-extension-swapped.patch => 1030-randr-unvalidated-lengths-in-RandR-extension-sw.full.patch - 1031-glx-Be-more-paranoid-about-variable-length-requests-.patch => 1031-glx-Be-more-paranoid-about-variable-length-requ.full.patch - 1032-glx-Be-more-strict-about-rejecting-invalid-image-siz.patch => 1032-glx-Be-more-strict-about-rejecting-invalid-imag.full.patch - 1033-glx-Additional-paranoia-in-__glXGetAnswerBuffer-__GL.patch => 1033-glx-Additional-paranoia-in-__glXGetAnswerBuffer.full.patch - 1034-glx-Add-safe_-add-mul-pad-v3-CVE-2014-8093-4-6-v4.patch => 1034-glx-Add-safe_-add-mul-pad-v3-CVE-2014-8093-4-6-.full.patch - 1035-glx-Length-checking-for-GLXRender-requests-v2-CVE-20.patch => 1035-glx-Length-checking-for-GLXRender-requests-v2-C.full.patch - 1036-glx-Integer-overflow-protection-for-non-generated-re.patch => 1036-glx-Integer-overflow-protection-for-non-generat.full.patch - 1037-glx-Top-level-length-checking-for-swapped-VendorPriv.patch => 1037-glx-Top-level-length-checking-for-swapped-Vendo.full.patch - 1038-glx-Length-checking-for-non-generated-single-request.patch => 1038-glx-Length-checking-for-non-generated-single-re.full.patch - 1039-glx-Length-checking-for-RenderLarge-requests-v2-CVE-.patch => 1039-glx-Length-checking-for-RenderLarge-requests-v2.full.patch - 1040-glx-Pass-remaining-request-length-into-varsize-v2-CV.patch => 1040-glx-Pass-remaining-request-length-into-varsize-.full.patch - 1041-nx-X11-lib-font-fc-fserve.c-initialize-remaining-buf.patch => 1041-nx-X11-lib-font-fc-fserve.c-initialize-remainin.full.patch - 1042-Do-proper-input-validation-to-fix-for-CVE-2011-2895.patch => 1042-Do-proper-input-validation-to-fix-for-CVE-2011-.full.patch - 1101-Coverity-844-845-846-Fix-memory-leaks.patch => 1101-Coverity-844-845-846-Fix-memory-leaks.full.patch - 1102-include-introduce-byte-counting-functions.patch => 1102-include-introduce-byte-counting-functions.full.patch - 1103-xkb-Don-t-swap-XkbSetGeometry-data-in-the-input-buff.patch => 1103-xkb-Don-t-swap-XkbSetGeometry-data-in-the-input.full.patch - 1104-xkb-Check-strings-length-against-request-size.patch => 1104-xkb-Check-strings-length-against-request-size.full.patch
* Security fixes: X.Org CVE-2013-7439:Mike Gabriel2015-04-263-0/+83
| | | | | | | v2: backport to 3.5.0.x branch. (Mihai Moldovan) Adds: - 1200-CVE-2013-7439-MakeBigReq-don-t-move-the-last-wo.full.patch
* nx-X11: link to libdl to fix undefined references to 'dlopen' and 'dlsym'. ↵Bernard Cafarelli2015-04-263-0/+25
| | | | | | | | | Fixes: #853. v2: generally link to libdl in all of nx-X11. (Mike Gabriel) Adds: - 0630_nx-X11_fix-underlinking-dlopen-dlsym.full.patch
* nx-X11: add more NULL guards to TEST and DEBUG sections of Render.c.Mihai Moldovan2015-03-292-5/+267
| | | | | Affects: - 0990_fix-DEBUG-and-TEST-builds.full.patch
* nx-X11: fix typo in previous patch.Mihai Moldovan2015-03-292-1/+4
| | | | | Affects: - 0017_nx-X11_fix-SetPictureFilter.full.patch
* nx-X11: handle source pictures (those without a Drawable surface) gracefully.Mihai Moldovan2015-03-293-0/+184
| | | | | Adds: - 0017_nx-X11_fix-SetPictureFilter.full.patch
* Only use the first three numbers in the full version for current_version on ↵Mihai Moldovan2015-03-264-16/+28
| | | | | | | | | OS X. ld(1) on 10.6 fails otherwise. Affected: - 0420_nxcomp_use-correct-library-naming-scheme-on-OS-X.full+lite.patch - 0620_nxcompext_use-correct-library-naming-scheme-on-OS-X.full.patch - 0621_nxcompshad_use-correct-library-naming-scheme-on-OS-X.full.patch
* Continue developmentX2Go Release Manager2015-03-173-2/+8
|
* Mid-release fixup: Rename *nxcomp{ext,shad}*.full+lite* to ↵redist-server/3.5.0.31redist-client/3.5.0.31X2Go Release Manager2015-03-177-5/+7
| | | | *nxcomp{ext,shad}*.full*.
* release 3.5.0.31X2Go Release Manager2015-03-171-2/+2
|
* nx-libs.spec: add overlooked Obsolete: statement to libNX_Xfixes3.Mihai Moldovan2015-03-172-0/+2
|
* nx-libs.spec: Versioned libXcomp* should obsolete unversioned libXcomp*, not ↵Mihai Moldovan2015-03-172-3/+6
| | | | libNX_Xcomp*.
* nx{comp{,ext,shad},proxy}: try really hard to find makedepend. Do not fail ↵Mihai Moldovan2015-03-1615-115/+220
| | | | | | | | | | | | | | | | | | | | | | | | if it is not available. Also rename to account for dependency changes: - 0070_nxcomp_use-MAKEDEPEND-in-path.full+lite.patch => 0410_nxcomp_use-MAKEDEPEND-in-path.full+lite.patch - 0071_nxcompext_use-MAKEDEPEND-in-path.full+lite.patch => 0610_nxcompext_use-MAKEDEPEND-in-path.full+lite.patch - 0072_nxcompshad_use-MAKEDEPEND-in-path.full+lite.patch => 0611_nxcompshad_use-MAKEDEPEND-in-path.full+lite.patch - 0073_nxproxy_use-MAKEDEPEND-in-path.full+lite.patch => 0612_nxproxy_use-MAKEDEPEND-in-path.full+lite.patch - 0074_nxcomp_use-dynamiclib-flag-on-OS-X.full+lite.patch => 0613_nxcomp_use-dynamiclib-flag-on-OS-X.full+lite.patch - 0075_nxcompshad_use-dynamiclib-flag-on-OS-X.full+lite.patch => 0614_nxcompshad_use-dynamiclib-flag-on-OS-X.full+lite.patch - 0610_nxcompext_use-correct-library-naming-scheme-on-OS-X.full+lite.patch => 0620_nxcompext_use-correct-library-naming-scheme-on-OS-X.full+lite.patch - 0611_nxcompshad_use-correct-library-naming-scheme-on-OS-X.full+lite.patch => 0621_nxcompshad_use-correct-library-naming-scheme-on-OS-X.full+lite.patch
* nxcomp{,ext,shad}: use the correct library naming scheme on OS X. It differs ↵Clemens Lang2015-03-155-0/+179
| | | | | | | | | from other UNIX-based systems. Adds: - 0410_nxcomp_use-correct-library-naming-scheme-on-OS-X.full+lite.patch - 0610_nxcompext_use-correct-library-naming-scheme-on-OS-X.full+lite.patch - 0611_nxcompshad_use-correct-library-naming-scheme-on-OS-X.full+lite.patch
* nxcomp{,shad}: fix dynamic library linking on OS X. Use -dynamiclib instead ↵Clemens Lang2015-03-154-0/+44
| | | | | | | | of -bundle. Adds: - 0074_nxcomp_use-dynamiclib-flag-on-OS-X.full+lite.patch - 0075_nxcompshad_use-dynamiclib-flag-on-OS-X.full+lite.patch
* nx{comp{,ext,shad},proxy}: use path discovery for finding makedepend. Remove ↵Clemens Lang2015-03-156-2/+116
| | | | | | | | | old cruft. Adds: - 0070_nxcomp_use-MAKEDEPEND-in-path.full+lite.patch - 0071_nxcompext_use-MAKEDEPEND-in-path.full+lite.patch - 0072_nxcompshad_use-MAKEDEPEND-in-path.full+lite.patch - 0073_nxproxy_use-MAKEDEPEND-in-path.full+lite.patch
* debian/changelog: merge with 3.6.x development branch.Mihai Moldovan2015-03-151-2/+2
|
* Continue developmentX2Go Release Manager2015-03-153-2/+9
|
* release 3.5.0.30redist-server/3.5.0.30redist-client/3.5.0.30Mike Gabriel2015-03-141-2/+8
|
* Continue developmentX2Go Release Manager2015-03-132-2/+2
|
* debian/roll-tarballs.sh: fix tarball creation in lite mode: do not try to ↵X2Go Release Manager2015-03-132-31/+40
| | | | fixup NX-X11 directory (it won't be there.)
* release 3.5.0.29redist-server/3.5.0.29redist-client/3.5.0.29X2Go Release Manager2015-03-131-10/+6
|
* X.org CVE-2015-0255 patch and its 3 prereq patchesmasterMike DePaulo2015-02-186-0/+408
| | | | | | | | | 1101-Coverity-844-845-846-Fix-memory-leaks.patch 1102-include-introduce-byte-counting-functions.patch 1103-xkb-Don-t-swap-XkbSetGeometry-data-in-the-input-buff.patc 1104-xkb-Check-strings-length-against-request-size.patch (The last patch is the CVE-2015-0255 patch.)
* Update 1042-Do-proper-input-validation-to-fix-for-CVE-2011-2895.patch. Fix ↵Mike Gabriel2015-02-162-9/+12
| | | | broken comment paragraph, whitespace fix.
* CVE security review: Add ↵Mihai Moldovan2015-02-164-2/+8
| | | | | | | | | 1041-nx-X11-lib-font-fc-fserve.c-initialize-remaining-buf.patch & 1042-Do-proper-input-validation-to-fix-for-CVE-2011-2895.patch. - Add 1041-nx-X11-lib-font-fc-fserve.c-initialize-remaining-buf.patch. Initialize remaining bufleft variables (nx-X11/lib/font/fc/fserve.c). - Add 1042-Do-proper-input-validation-to-fix-for-CVE-2011-2895.patch. Do proper input validation to fix for CVE-2011-2895.
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-05 23:19:38 +0000