aboutsummaryrefslogtreecommitdiff
path: root/debian/patches
Commit message (Collapse)AuthorAgeFilesLines
* nx-X11: use the "old", non-NX header location.Mihai Moldovan2017-03-091-1/+1
| | | | | Affects: - 1270_nx-X11_CVE-2017-2624-Use-timingsafe_memcmp-to-c.full.patch
* Refresh:Mihai Moldovan2017-03-092-20/+7
| | | | | - 0016_nx-X11_install-location.debian.patch - 9900-dxpc-license-history.full+lite.patch
* nx-X11: Backport CVE-2017-2624 (timingsafe_memcmp)Ulrich Sibiller2017-03-092-0/+163
| | | | | | | Backported from Arctica GH 3.6.x branch. v2: backport to nx-libs 3.6.x (Ulrich Sibiller) v3: backport to nx-libs 3.5.0.x (Mihai Moldovan)
* nx-X11: Backport: xserver: Avoid sending uninitialized padding data over the ↵Peter Åstrand2015-07-042-0/+1056
| | | | | | | | | | | network Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> Backported from Arctica GH 3.6.x branch. v2: backport to nx-libs 3.6.x (Ulrich Sibiller) v3: backport to nx-libs 3.5.0.x (Mihai Moldovan)
* nx-X11: Backport: Make RANDR 'set' timestamps follow client specified time. ↵Keith Packard2015-07-042-0/+67
| | | | | | | | | | | | | | | Bug 21987. The lastSetTime value which indicates when the configuration within the server was last changed was not getting set in the appropriate RandR requests. Signed-off-by: Keith Packard <keithp@keithp.com> Backported from Arctica GH 3.6.x branch. v2: backport to nx-libs 3.6.x (Ulrich Sibiller) v3: backport to nx-libs 3.5.0.x (Mihai Moldovan)
* nx-X11: Backport: randr: Clean up compiler warnings about unused and ↵Keith Packard2015-07-042-0/+118
| | | | | | | | | | | | | | | | | | | shadowing variables set but not used variables shadowing a previous local A hidden problem was that the VERIFY_RR_* macros define local 'rc' variables, any other local definitions for those would be shadowed and generate warnings from gcc. I've renamed the other locals 'ret' instead of 'rc'. Signed-off-by: Keith Packard <keithp@keithp.com> Backported from Arctica GH 3.6.x branch. v2: backport to nx-libs 3.6.x (Ulrich Sibiller) v3: backport to nx-libs 3.5.0.x (Mihai Moldovan)
* nx-X11: Backport: randr: Fix REQUEST vs. REQUEST_SIZE_MATCH mismatchAaron Plattner2015-07-042-0/+34
| | | | | | | | | | | | | | | | ProcRRGetScreenSizeRange uses REQUEST(xRRGetScreenSizeRangeReq) followed by REQUEST_SIZE_MATCH(xRRGetScreenInfoReq). This happens to work out because both requests have the same size, so this is not a functional change, just a cosmetic one. Signed-off-by: Aaron Plattner <aplattner@nvidia.com> Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Keith Packard <keithp@keithp.com> Backported from Arctica GH 3.6.x branch. v2: backport to nx-libs 3.6.x (Ulrich Sibiller) v3: backport to nx-libs 3.5.0.x (Mihai Moldovan)
* nx-X11: Backport: ProcRRGetScreenInfo: swap configTimestamp as wellAlan Coopersmith2015-07-042-0/+28
| | | | | | | | | | | Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Keith Packard <keithp@keithp.com> Tested-by: Daniel Stone <daniel@fooishbar.org> Backported from Arctica GH 3.6.x branch. v2: backport to nx-libs 3.6.x (Ulrich Sibiller) v3: backport to nx-libs 3.5.0.x (Mihai Moldovan)
* nx-X11: Backport: RRModeCreate: plug memory leak of newModes if AddResource ↵Alan Coopersmith2015-07-042-0/+43
| | | | | | | | | | | | | | | | | | | | | | | fails Reported by parfait 1.0: Error: Memory leak (CWE 401) Memory leak of pointer 'newModes' allocated with realloc(((char*)modes), ((num_modes + 1) * 8)) at line 93 of randr/rrmode.c in function 'RRModeCreate'. pointer allocated at line 82 with realloc(((char*)modes), ((num_modes + 1) * 8)). Error: Memory leak (CWE 401) Memory leak of pointer 'newModes' allocated with malloc(8) at line 93 of randr/rrmode.c in function 'RRModeCreate'. pointer allocated at line 84 with malloc(8). Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Keith Packard <keithp@keithp.com> Backported from Arctica GH 3.6.x branch. v2: backport to nx-libs 3.6.x (Ulrich Sibiller) v3: backport to nx-libs 3.5.0.x (Mihai Moldovan)
* nx-X11: Backport: randr: fix server crash in RRGetScreenInfoJulien Cristau2015-07-042-0/+37
| | | | | | | | | | | | | | | | We don't return rates to randr < 1.1 clients, so don't allocate space for them. This fixes a FatalError due to not all allocated space being used. X.Org bug#21861 <http://bugs.freedesktop.org/show_bug.cgi?id=21861> Reported-by: Guillaume Quintin <coincoin169g@gmail.com> Signed-off-by: Julien Cristau <jcristau@debian.org> Backported from Arctica GH 3.6.x branch. v2: backport to nx-libs 3.6.x (Ulrich Sibiller) v3: backport to nx-libs 3.5.0.x (Mihai Moldovan)
* nx-X11: Backport: randr: check for virtual size limits before set crtcTiago Vignatti2015-07-042-0/+42
| | | | | | | | | | | | | | Return a error if the screen is configured to an invalid size. Signed-off-by: Tiago Vignatti <tiago.vignatti@nokia.com> Reviewed-by: Adam Jackson <ajax@redhat.com> Reviewed-by: Daniel Stone <daniel@fooishbar.org> Signed-off-by: Keith Packard <keithp@keithp.com> Backported from Arctica GH 3.6.x branch. v2: backport to nx-libs 3.6.x (Ulrich Sibiller) v3: backport to nx-libs 3.5.0.x (Mihai Moldovan)
* nx-X11: Backport: Free randr crtc and output pointer arraysKeith Packard2015-07-042-0/+31
| | | | | | | | | | | | | All of the crts and outputs were freed, but not the arrays full of pointers to them. Signed-off-by: Keith Packard <keithp@keithp.com> Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> Backported from Arctica GH 3.6.x branch. v2: backport to nx-libs 3.6.x (Ulrich Sibiller) v3: backport to nx-libs 3.5.0.x (Mihai Moldovan)
* nx-X11: Backport: Drop a reference to user mode after createKeith Packard2015-07-042-0/+29
| | | | | | | | | | User mode has no customer when create until assigned to some output. Backported from Arctica GH 3.6.x branch. v2: backport to nx-libs 3.6.x (Ulrich Sibiller) v3: backport to nx-libs 3.5.0.x (Mihai Moldovan)
* nx-X11: Backport: Bug 51375: Xorg doesn't set status for RRGetOutputInfoJaroslav Šmíd2015-07-042-0/+31
| | | | | | | | | | | | | | https://bugs.freedesktop.org/show_bug.cgi?id=51375 https://bugs.freedesktop.org/attachment.cgi?id=63397 Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Keith Packard <keithp@keithp.com> Tested-by: Daniel Stone <daniel@fooishbar.org> Backported from Arctica GH 3.6.x branch. v2: backport to nx-libs 3.6.x (Ulrich Sibiller) v3: backport to nx-libs 3.5.0.x (Mihai Moldovan)
* {nx-X11,nxproxy}: correct manpages: --help -> -helpMike DePaulo2015-06-293-3/+3
| | | | | | | | | | | | | | | | | | | | | | xorg-server does not follow the convention of using 2 dashes. Note that --help does produce the help output. However, it produces this additional output after it: Error: Aborting session with 'Unrecognized option: --help'. Session: Aborting session at 'Sun Jun 28 01:35:35 2015'. Session: Session aborted at 'Sun Jun 28 01:35:35 2015'. It also causes a return code of 1 rather than 0. Therefore, we should instruct users to call -help instead. v2: backport to nx-libs 3.5.0.x (Mihai Moldovan) Affects: - 0009_nxagent_add-man-page.full.patch - 0009_nxproxy_add-man-page.full+lite.patch - 0209_x2goagent_add-man-page.full.patch
* nx-X11: Fix alpha premultiplication in XRenderParseColor. Fixes: #893.Emanuele Giaquinta2015-06-232-0/+32
| | | | | | | | | | | | | | | | Due to C arithmetic conversion rules we must use an unsigned constant (or a cast) to perform the multiplication using unsigned arithmetic. Fixes ArcticaProject/nx-libs#55. Author: Emanuele Giaquinta <emanuele.giaquinta@gmail.com> Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com> v2: backport to nx-libs 3.6.x (Mike Gabriel) v3: backport to nx-libs 3.5.0.x (Mihai Moldovan) Adds: - 0040_nx-X11_Fix-alpha-premultiplication-in-XRenderPa.full.patch
* nxcomp: fix "negotiation in stage 10" error.Vadim Troshchinskiy2015-06-162-0/+68
| | | | | | | | | | Problem fixed by adding a select() call to implement a timeout, and retrying writes if needed. v2: backport to nx-libs 3.5.0.x (Mihai Moldovan) Adds: - 0660_nxcomp_fix-negotiation-in-stage-10-error.full+lite.patch
* Security fixes: X.Org CVE-2014-8099:Mihai Moldovan2015-06-021-5/+164
| | | | | | | | v3: port to NXxvdisp.c rather than xvdisp.c (Mike DePaulo) v4: backport v3 to nx-libs 3.5.0.x (Mihai Moldovan) Changes: - 1026-Xv-unvalidated-lengths-in-XVideo-extension-swap.full.patch
* Security fixes: X.Org CVE-2015-3418:Mihai Moldovan2015-06-021-2/+14
| | | | | | | | v3: port to NXdispatch.c rather than dispatch.c (Mike DePaulo) v4: backport v3 to nx-libs 3.5.0.x (Mihai Moldovan) Changes: - 1210-CVE-2015-3418-dix-Allow-zero-height-PutImage-re.full.patch
* Security fixes: X.Org CVE-2014-8092:Mihai Moldovan2015-06-021-5/+16
| | | | | | | | v3: port to NXdispatch.c rather than dispatch.c (Mike DePaulo) v4: backport v3 to nx-libs 3.5.0.x (Mihai Moldovan) Changes: - 1019-dix-integer-overflow-in-ProcPutImage-CVE-2014-8.full.patch
* Security fixes: X.Org CVE-2013-4396:Mihai Moldovan2015-06-021-5/+46
| | | | | | | | v2: Apply to NXdixfonts.c rather than dixfonts.c (Mike DePaulo) v3: backport v2 to nx-libs 3.5.0.x (Mihai Moldovan) Changes: - 1003-Avoid-use-after-free-in-dix-dixfonts.c-doImageT.full.patch
* nxcomp/README.on-retroactive-DXPC-license: Some layout and interpunctuation ↵Mike Gabriel2015-06-021-1/+1
| | | | | | | | | fixes. Backported from Arctica GH 3.6.x branch. Affects: - 9900-dxpc-license-history.full+lite.patch
* nxcomp/Misc.cpp: fix build failure introduced in ↵Mihai Moldovan2015-05-281-3/+3
| | | | | | | | | a27a8aae3ca7a3f70e05152ac3d347942e11159d. Backported from Arctica GH 3.6.x branch. Affects: - 9900-dxpc-license-history.full+lite.patch
* Add 9900-dxpc-license-history.full+lite.patch. Document license history of ↵Mike Gabriel2015-05-282-0/+4176
| | | | | | DXPC (where nxcomp got forked from). Backported from Arctica GH 3.6.x branch.
* nxcomp: fix DEBUG, TEST, DUMP, FLUSH, TOKEN, PING, MIXED et al builds.Mihai Moldovan2015-05-262-0/+53
| | | | | | | | | Submitted by Nito Martinez of the Qindel Group. Backported from Arctica GH 3.6.x branch. Adds: - 0992_fix-DEBUG-TEST-DUMP-FLUSH-TOKEN-PING-et-al-builds.full+lite.patch
* Security fixes: X.Org CVE-2014-8100:Mihai Moldovan2015-05-261-16/+137
| | | | | | | | v3: port to NXrender.c rather than render.c (Mike DePaulo) v4: backport v3 to nx-libs 3.5.0.x (Mihai Moldovan) Changes: - 1028-render-unvalidated-lengths-in-Render-extn.-swap.full.patch
* Security fixes: X.Org CVE-2014-8100:Mihai Moldovan2015-05-261-6/+18
| | | | | | | | v3: port to NXrender.c rather than render.c (Mike DePaulo) v4: backport v3 to nx-libs 3.5.0.x (Mihai Moldovan) Changes: - 1027-render-check-request-size-before-reading-it-CVE.full.patch
* Security fixes: X.Org CVE-2015-3418:Mike Gabriel2015-05-012-0/+30
| | | | | | | v3: backport to 3.5.0.x branch. (Mihai Moldovan) Adds: - 1210-CVE-2015-3418-dix-Allow-zero-height-PutImage-re.full.patch
* README.keystrokes: remove accidentally copied Dokuwiki syntax.Mihai Moldovan2015-04-271-1/+1
| | | | | | | Backported from Arctica GH 3.6.x branch. Affects: - 0320_nxagent_configurable-keystrokes.full.patch
* README.keystrokes: add documentation for branding behavior.Mihai Moldovan2015-04-271-3/+11
| | | | | | | Backported from Arctica GH 3.6.x branch. Affects: - 0320_nxagent_configurable-keystrokes.full.patch
* README.keystrokes: copy actions documentation from the wiki.Mihai Moldovan2015-04-271-10/+21
| | | | | | | Backported from Arctica GH 3.6.x branch. Affects: - 0320_nxagent_configurable-keystrokes.full.patch
* nxcompshad: Prevent underlinking by linking to libNX_Xext.Mike Gabriel2015-04-272-0/+15
| | | | | Adds: - 0650_nxcompshad_link-to-NX_Xext.full.patch
* nx-X11: Prevent underlinking by linking to libNX_X{11,damage,fixes).Mike Gabriel2015-04-272-0/+16
| | | | | Adds: - 0640_nx-X11_fix-underlinking-libNX_Xcomposite_damage_fixes.full.patch
* CVE patches were previously not included in release tarballs.Mihai Moldovan2015-04-2647-46/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rename: - 1001-LZW-decompress-fix-for-CVE-2011-2895-From-xorg-lib-X.patch => 1001-LZW-decompress-fix-for-CVE-2011-2895-From-xorg-.full.patch - 1002-Fix-CVE-2011-4028-File-disclosure-vulnerability.-ups.patch => 1002-Fix-CVE-2011-4028-File-disclosure-vulnerability.full.patch - 1003-Avoid-use-after-free-in-dix-dixfonts.c-doImageText-C.patch => 1003-Avoid-use-after-free-in-dix-dixfonts.c-doImageT.full.patch - 1004-CVE-2013-6462-unlimited-sscanf-overflows-stack-buffe.patch => 1004-CVE-2013-6462-unlimited-sscanf-overflows-stack-.full.patch - 1005-CVE-2014-0209-integer-overflow-of-realloc-size-in-Fo.patch => 1005-CVE-2014-0209-integer-overflow-of-realloc-size-.full.patch - 1006-CVE-2014-0209-integer-overflow-of-realloc-size-in-le.patch => 1006-CVE-2014-0209-integer-overflow-of-realloc-size-.full.patch - 1007-CVE-2014-0210-unvalidated-length-in-_fs_recv_conn_se.patch => 1007-CVE-2014-0210-unvalidated-length-in-_fs_recv_co.full.patch - 1008-Don-t-crash-when-we-receive-an-FS_Error-from-the-fon.patch => 1008-Don-t-crash-when-we-receive-an-FS_Error-from-th.full.patch - 1009-CVE-2014-0210-unvalidated-lengths-when-reading-repli.patch => 1009-CVE-2014-0210-unvalidated-lengths-when-reading-.full.patch - 1010-CVE-2014-0211-Integer-overflow-in-fs_get_reply-_fs_s.patch => 1010-CVE-2014-0211-Integer-overflow-in-fs_get_reply-.full.patch - 1011-CVE-2014-0210-unvalidated-length-fields-in-fs_read_q.patch => 1011-CVE-2014-0210-unvalidated-length-fields-in-fs_r.full.patch - 1012-CVE-2014-0211-integer-overflow-in-fs_read_extent_inf.patch => 1012-CVE-2014-0211-integer-overflow-in-fs_read_exten.full.patch - 1013-CVE-2014-0211-integer-overflow-in-fs_alloc_glyphs-fr.patch => 1013-CVE-2014-0211-integer-overflow-in-fs_alloc_glyp.full.patch - 1014-CVE-2014-0210-unvalidated-length-fields-in-fs_read_e.patch => 1014-CVE-2014-0210-unvalidated-length-fields-in-fs_r.full.patch - 1015-CVE-2014-0210-unvalidated-length-fields-in-fs_read_g.patch => 1015-CVE-2014-0210-unvalidated-length-fields-in-fs_r.full.patch - 1016-CVE-2014-0210-unvalidated-length-fields-in-fs_read_l.patch => 1016-CVE-2014-0210-unvalidated-length-fields-in-fs_r.full.patch - 1017-CVE-2014-0210-unvalidated-length-fields-in-fs_read_l.patch => 1017-CVE-2014-0210-unvalidated-length-fields-in-fs_r.full.patch - 1018-unchecked-malloc-may-allow-unauthed-client-to-crash-.patch => 1018-unchecked-malloc-may-allow-unauthed-client-to-c.full.patch - 1019-dix-integer-overflow-in-ProcPutImage-CVE-2014-8092-1.patch => 1019-dix-integer-overflow-in-ProcPutImage-CVE-2014-8.full.patch - 1020-dix-integer-overflow-in-GetHosts-CVE-2014-8092-2-4.patch => 1020-dix-integer-overflow-in-GetHosts-CVE-2014-8092-.full.patch - 1021-dix-integer-overflow-in-RegionSizeof-CVE-2014-8092-3.patch => 1021-dix-integer-overflow-in-RegionSizeof-CVE-2014-8.full.patch - 1022-dix-integer-overflow-in-REQUEST_FIXED_SIZE-CVE-2014-.patch => 1022-dix-integer-overflow-in-REQUEST_FIXED_SIZE-CVE-.full.patch - 1023-dbe-unvalidated-lengths-in-DbeSwapBuffers-calls-CVE-.patch => 1023-dbe-unvalidated-lengths-in-DbeSwapBuffers-calls.full.patch - 1024-Xi-unvalidated-lengths-in-Xinput-extension-CVE-2014-.patch => 1024-Xi-unvalidated-lengths-in-Xinput-extension-CVE-.full.patch - 1025-xcmisc-unvalidated-length-in-SProcXCMiscGetXIDList-C.patch => 1025-xcmisc-unvalidated-length-in-SProcXCMiscGetXIDL.full.patch - 1026-Xv-unvalidated-lengths-in-XVideo-extension-swapped-p.patch => 1026-Xv-unvalidated-lengths-in-XVideo-extension-swap.full.patch - 1027-render-check-request-size-before-reading-it-CVE-2014.patch => 1027-render-check-request-size-before-reading-it-CVE.full.patch - 1028-render-unvalidated-lengths-in-Render-extn.-swapped-p.patch => 1028-render-unvalidated-lengths-in-Render-extn.-swap.full.patch - 1029-xfixes-unvalidated-length-in-SProcXFixesSelectSelect.patch => 1029-xfixes-unvalidated-length-in-SProcXFixesSelectS.full.patch - 1030-randr-unvalidated-lengths-in-RandR-extension-swapped.patch => 1030-randr-unvalidated-lengths-in-RandR-extension-sw.full.patch - 1031-glx-Be-more-paranoid-about-variable-length-requests-.patch => 1031-glx-Be-more-paranoid-about-variable-length-requ.full.patch - 1032-glx-Be-more-strict-about-rejecting-invalid-image-siz.patch => 1032-glx-Be-more-strict-about-rejecting-invalid-imag.full.patch - 1033-glx-Additional-paranoia-in-__glXGetAnswerBuffer-__GL.patch => 1033-glx-Additional-paranoia-in-__glXGetAnswerBuffer.full.patch - 1034-glx-Add-safe_-add-mul-pad-v3-CVE-2014-8093-4-6-v4.patch => 1034-glx-Add-safe_-add-mul-pad-v3-CVE-2014-8093-4-6-.full.patch - 1035-glx-Length-checking-for-GLXRender-requests-v2-CVE-20.patch => 1035-glx-Length-checking-for-GLXRender-requests-v2-C.full.patch - 1036-glx-Integer-overflow-protection-for-non-generated-re.patch => 1036-glx-Integer-overflow-protection-for-non-generat.full.patch - 1037-glx-Top-level-length-checking-for-swapped-VendorPriv.patch => 1037-glx-Top-level-length-checking-for-swapped-Vendo.full.patch - 1038-glx-Length-checking-for-non-generated-single-request.patch => 1038-glx-Length-checking-for-non-generated-single-re.full.patch - 1039-glx-Length-checking-for-RenderLarge-requests-v2-CVE-.patch => 1039-glx-Length-checking-for-RenderLarge-requests-v2.full.patch - 1040-glx-Pass-remaining-request-length-into-varsize-v2-CV.patch => 1040-glx-Pass-remaining-request-length-into-varsize-.full.patch - 1041-nx-X11-lib-font-fc-fserve.c-initialize-remaining-buf.patch => 1041-nx-X11-lib-font-fc-fserve.c-initialize-remainin.full.patch - 1042-Do-proper-input-validation-to-fix-for-CVE-2011-2895.patch => 1042-Do-proper-input-validation-to-fix-for-CVE-2011-.full.patch - 1101-Coverity-844-845-846-Fix-memory-leaks.patch => 1101-Coverity-844-845-846-Fix-memory-leaks.full.patch - 1102-include-introduce-byte-counting-functions.patch => 1102-include-introduce-byte-counting-functions.full.patch - 1103-xkb-Don-t-swap-XkbSetGeometry-data-in-the-input-buff.patch => 1103-xkb-Don-t-swap-XkbSetGeometry-data-in-the-input.full.patch - 1104-xkb-Check-strings-length-against-request-size.patch => 1104-xkb-Check-strings-length-against-request-size.full.patch
* Security fixes: X.Org CVE-2013-7439:Mike Gabriel2015-04-262-0/+78
| | | | | | | v2: backport to 3.5.0.x branch. (Mihai Moldovan) Adds: - 1200-CVE-2013-7439-MakeBigReq-don-t-move-the-last-wo.full.patch
* nx-X11: link to libdl to fix undefined references to 'dlopen' and 'dlsym'. ↵Bernard Cafarelli2015-04-262-0/+18
| | | | | | | | | Fixes: #853. v2: generally link to libdl in all of nx-X11. (Mike Gabriel) Adds: - 0630_nx-X11_fix-underlinking-dlopen-dlsym.full.patch
* nx-X11: add more NULL guards to TEST and DEBUG sections of Render.c.Mihai Moldovan2015-03-291-5/+264
| | | | | Affects: - 0990_fix-DEBUG-and-TEST-builds.full.patch
* nx-X11: fix typo in previous patch.Mihai Moldovan2015-03-291-1/+1
| | | | | Affects: - 0017_nx-X11_fix-SetPictureFilter.full.patch
* nx-X11: handle source pictures (those without a Drawable surface) gracefully.Mihai Moldovan2015-03-292-0/+180
| | | | | Adds: - 0017_nx-X11_fix-SetPictureFilter.full.patch
* Only use the first three numbers in the full version for current_version on ↵Mihai Moldovan2015-03-263-15/+21
| | | | | | | | | OS X. ld(1) on 10.6 fails otherwise. Affected: - 0420_nxcomp_use-correct-library-naming-scheme-on-OS-X.full+lite.patch - 0620_nxcompext_use-correct-library-naming-scheme-on-OS-X.full.patch - 0621_nxcompshad_use-correct-library-naming-scheme-on-OS-X.full.patch
* Mid-release fixup: Rename *nxcomp{ext,shad}*.full+lite* to ↵redist-server/3.5.0.31redist-client/3.5.0.31X2Go Release Manager2015-03-176-5/+5
| | | | *nxcomp{ext,shad}*.full*.
* nx{comp{,ext,shad},proxy}: try really hard to find makedepend. Do not fail ↵Mihai Moldovan2015-03-1614-115/+197
| | | | | | | | | | | | | | | | | | | | | | | | if it is not available. Also rename to account for dependency changes: - 0070_nxcomp_use-MAKEDEPEND-in-path.full+lite.patch => 0410_nxcomp_use-MAKEDEPEND-in-path.full+lite.patch - 0071_nxcompext_use-MAKEDEPEND-in-path.full+lite.patch => 0610_nxcompext_use-MAKEDEPEND-in-path.full+lite.patch - 0072_nxcompshad_use-MAKEDEPEND-in-path.full+lite.patch => 0611_nxcompshad_use-MAKEDEPEND-in-path.full+lite.patch - 0073_nxproxy_use-MAKEDEPEND-in-path.full+lite.patch => 0612_nxproxy_use-MAKEDEPEND-in-path.full+lite.patch - 0074_nxcomp_use-dynamiclib-flag-on-OS-X.full+lite.patch => 0613_nxcomp_use-dynamiclib-flag-on-OS-X.full+lite.patch - 0075_nxcompshad_use-dynamiclib-flag-on-OS-X.full+lite.patch => 0614_nxcompshad_use-dynamiclib-flag-on-OS-X.full+lite.patch - 0610_nxcompext_use-correct-library-naming-scheme-on-OS-X.full+lite.patch => 0620_nxcompext_use-correct-library-naming-scheme-on-OS-X.full+lite.patch - 0611_nxcompshad_use-correct-library-naming-scheme-on-OS-X.full+lite.patch => 0621_nxcompshad_use-correct-library-naming-scheme-on-OS-X.full+lite.patch
* nxcomp{,ext,shad}: use the correct library naming scheme on OS X. It differs ↵Clemens Lang2015-03-154-0/+173
| | | | | | | | | from other UNIX-based systems. Adds: - 0410_nxcomp_use-correct-library-naming-scheme-on-OS-X.full+lite.patch - 0610_nxcompext_use-correct-library-naming-scheme-on-OS-X.full+lite.patch - 0611_nxcompshad_use-correct-library-naming-scheme-on-OS-X.full+lite.patch
* nxcomp{,shad}: fix dynamic library linking on OS X. Use -dynamiclib instead ↵Clemens Lang2015-03-153-0/+40
| | | | | | | | of -bundle. Adds: - 0074_nxcomp_use-dynamiclib-flag-on-OS-X.full+lite.patch - 0075_nxcompshad_use-dynamiclib-flag-on-OS-X.full+lite.patch
* nx{comp{,ext,shad},proxy}: use path discovery for finding makedepend. Remove ↵Clemens Lang2015-03-155-0/+110
| | | | | | | | | old cruft. Adds: - 0070_nxcomp_use-MAKEDEPEND-in-path.full+lite.patch - 0071_nxcompext_use-MAKEDEPEND-in-path.full+lite.patch - 0072_nxcompshad_use-MAKEDEPEND-in-path.full+lite.patch - 0073_nxproxy_use-MAKEDEPEND-in-path.full+lite.patch
* X.org CVE-2015-0255 patch and its 3 prereq patchesmasterMike DePaulo2015-02-185-0/+400
| | | | | | | | | 1101-Coverity-844-845-846-Fix-memory-leaks.patch 1102-include-introduce-byte-counting-functions.patch 1103-xkb-Don-t-swap-XkbSetGeometry-data-in-the-input-buff.patc 1104-xkb-Check-strings-length-against-request-size.patch (The last patch is the CVE-2015-0255 patch.)
* Update 1042-Do-proper-input-validation-to-fix-for-CVE-2011-2895.patch. Fix ↵Mike Gabriel2015-02-161-9/+10
| | | | broken comment paragraph, whitespace fix.
* CVE security review: Add ↵Mihai Moldovan2015-02-163-2/+4
| | | | | | | | | 1041-nx-X11-lib-font-fc-fserve.c-initialize-remaining-buf.patch & 1042-Do-proper-input-validation-to-fix-for-CVE-2011-2895.patch. - Add 1041-nx-X11-lib-font-fc-fserve.c-initialize-remaining-buf.patch. Initialize remaining bufleft variables (nx-X11/lib/font/fc/fserve.c). - Add 1042-Do-proper-input-validation-to-fix-for-CVE-2011-2895.patch. Do proper input validation to fix for CVE-2011-2895.
* CVE security review [1/2].Mihai Moldovan2015-02-165-24/+175
| | | | | | | | | | * CVE security review [1/2]: - Update 1007-CVE-2014-0210-unvalidated-length-in-_fs_recv_conn_se.patch. Use xfree() instead of free() in nx-libs. - Update 1011-CVE-2014-0210-unvalidated-length-fields-in-fs_read_q.patch. Apply correctly on nx-libs 3.6.x. - Update 1020-dix-integer-overflow-in-GetHosts-CVE-2014-8092-2-4.patch. Human-readable version of "1 MB".
* 40 patches, fixing several X.Org CVEs in NX.Mike Gabriel2015-02-1441-0/+4279
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Security fixes: - Rebase loads of X.Org patches (mainly from RHEL-5) against NX. If not all patches from a CVE patch series appear here, then it means that the affected file/code is not used in NX at build time. - X.Org CVE-2011-2895: 1001-LZW-decompress-fix-for-CVE-2011-2895-From-xorg-lib-X.patch - X.Org CVE-2011-4028: 1002-Fix-CVE-2011-4028-File-disclosure-vulnerability.-ups.patch - X.Org CVE-2013-4396: 1003-Avoid-use-after-free-in-dix-dixfonts.c-doImageText-C.patch - X.Org CVE-2013-6462: 1004-CVE-2013-6462-unlimited-sscanf-overflows-stack-buffe.patch - X.Org CVE-2014-0209: 1005-CVE-2014-0209-integer-overflow-of-realloc-size-in-Fo.patch 1006-CVE-2014-0209-integer-overflow-of-realloc-size-in-le.patch - X.Org CVE-2014-0210: 1007-CVE-2014-0210-unvalidated-length-in-_fs_recv_conn_se.patch 1009-CVE-2014-0210-unvalidated-lengths-when-reading-repli.patch 1011-CVE-2014-0210-unvalidated-length-fields-in-fs_read_q.patch 1014-CVE-2014-0210-unvalidated-length-fields-in-fs_read_e.patch 1015-CVE-2014-0210-unvalidated-length-fields-in-fs_read_g.patch 1016-CVE-2014-0210-unvalidated-length-fields-in-fs_read_l.patch 1017-CVE-2014-0210-unvalidated-length-fields-in-fs_read_l.patch - X.Org CVE-2014-0211: 1010-CVE-2014-0211-Integer-overflow-in-fs_get_reply-_fs_s.patch 1012-CVE-2014-0211-integer-overflow-in-fs_read_extent_inf.patch 1013-CVE-2014-0211-integer-overflow-in-fs_alloc_glyphs-fr.patch 1018-unchecked-malloc-may-allow-unauthed-client-to-crash-.patch - X.Org CVE-2014-8092: 1019-dix-integer-overflow-in-ProcPutImage-CVE-2014-8092-1.patch 1020-dix-integer-overflow-in-GetHosts-CVE-2014-8092-2-4.patch 1021-dix-integer-overflow-in-RegionSizeof-CVE-2014-8092-3.patch 1022-dix-integer-overflow-in-REQUEST_FIXED_SIZE-CVE-2014-.patch - X.Org CVE-2014-8097: 1023-dbe-unvalidated-lengths-in-DbeSwapBuffers-calls-CVE-.patch - X.Org CVE-2014-8095: 1024-Xi-unvalidated-lengths-in-Xinput-extension-CVE-2014-.patch - X.Org CVE-2014-8096: 1025-xcmisc-unvalidated-length-in-SProcXCMiscGetXIDList-C.patch - X.Org CVE-2014-8099: 1026-Xv-unvalidated-lengths-in-XVideo-extension-swapped-p.patch - X.Org CVE-2014-8100: 1027-render-check-request-size-before-reading-it-CVE-2014.patch 1028-render-unvalidated-lengths-in-Render-extn.-swapped-p.patch - X.Org CVE-2014-8102: 1029-xfixes-unvalidated-length-in-SProcXFixesSelectSelect.patch - X.Org CVE-2014-8101: 1030-randr-unvalidated-lengths-in-RandR-extension-swapped.patch - X.Org CVE-2014-8093: 1031-glx-Be-more-paranoid-about-variable-length-requests-.patch 1032-glx-Be-more-strict-about-rejecting-invalid-image-siz.patch 1033-glx-Additional-paranoia-in-__glXGetAnswerBuffer-__GL.patch 1034-glx-Add-safe_-add-mul-pad-v3-CVE-2014-8093-4-6-v4.patch 1036-glx-Integer-overflow-protection-for-non-generated-re.patch - X.Org CVE-2014-8098: 1035-glx-Length-checking-for-GLXRender-requests-v2-CVE-20.patch 1037-glx-Top-level-length-checking-for-swapped-VendorPriv.patch 1038-glx-Length-checking-for-non-generated-single-request.patch 1039-glx-Length-checking-for-RenderLarge-requests-v2-CVE-.patch 1040-glx-Pass-remaining-request-length-into-varsize-v2-CV.patch - Security fixes with no assigned CVE: 1008-Don-t-crash-when-we-receive-an-FS_Error-from-the-fon.patch