| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| | |
Xext CVE fixes in XVideo extension.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
v2: backport to nx-libs 3.6.x (Mike DePaulo)
v3: port to NXxvdisp.c rather than xvdisp.c (Mike DePaulo)
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Conflicts:
Xext/xvdisp.c
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The length checking code validates PutImage height and byte width by
making sure that byte-width >= INT32_MAX / height. If height is zero,
this generates a divide by zero exception. Allow zero height requests
explicitly, bypassing the INT32_MAX check.
Fix for regression introduced by fix for CVE-2014-8092.
v2: backports to nx-libs 3.6.x (Mike Gabriel)
v3: port to NXdispatch.c rather than dispatch.c (Mike DePaulo)
Signed-off-by: Keith Packard <keithp@keithp.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
ProcPutImage() calculates a length field from a width, left pad and depth
specified by the client (if the specified format is XYPixmap).
The calculations for the total amount of memory the server needs for the
pixmap can overflow a 32-bit number, causing out-of-bounds memory writes
on 32-bit systems (since the length is stored in a long int variable).
v2: backport to nx-libs 3.6.x (Mike DePaulo)
v3: port to NXdispatch.c rather than dispatch.c (Mike DePaulo)
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Conflicts:
dix/dispatch.c
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
xorg/Xserver http://lists.x.org/archives/xorg-announce/2013-October/002332.html
Save a pointer to the passed in closure structure before copying it
and overwriting the *c pointer to point to our copy instead of the
original. If we hit an error, once we free(c), reset c to point to
the original structure before jumping to the cleanup code that
references *c.
Since one of the errors being checked for is whether the server was
able to malloc(c->nChars * itemSize), the client can potentially pass
a number of characters chosen to cause the malloc to fail and the
error path to be taken, resulting in the read from freed memory.
Since the memory is accessed almost immediately afterwards, and the
X server is mostly single threaded, the odds of the free memory having
invalid contents are low with most malloc implementations when not using
memory debugging features, but some allocators will definitely overwrite
the memory there, leading to a likely crash.
v2: Apply to NXdixfonts.c rather than dixfonts.c (Mike DePaulo)
|
|\
| |
| | |
XRender CVE fixes for nxagent (X.Org CVE-2014-8100)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
v2: backport to nx-libs 3.6.x (Mike DePaulo)
v3: port to NXrender.c rather than render.c (Mike DePaulo)
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Conflicts:
render/render.c
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Otherwise we may be reading outside of the client request.
v2: backport to nx-libs 3.6.x (Mike DePaulo)
v3: port to NXrender.c rather than render.c (Mike DePaulo)
Signed-off-by: Julien Cristau <jcristau@debian.org>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Conflicts:
render/render.c
|
| |
| |
| |
| | |
hardware driver.
|
|/
|
|
| |
shared library.
|
|
|
|
| |
libXfont shared library and link dynamically.
|
|
|
|
|
|
|
|
|
|
|
| |
NX agent contains/ed two build trees. An old one (probably pre-3.x.y)
and a "newer" one. The "newer" code tree used to become enabled by
setting NXUpgradeAgentServer in nx-X11/config/cf/host.def to YES.
As building the NXUpgradeAgentServer has been the default for
years now, we drop all code that does not get used at build time
for NXUpgradeAgentServer == YES (i.e., the code that belongs to the
pre-3.x.y phase of NX agent).
|
| |
|
|
|
|
| |
Cherry-picked from branch 3.5.0.x.
|
|
|
|
| |
library.
|
|
|
|
|
|
|
|
|
|
|
| |
This feature copies the way how X.Org version string and number
are propagated at build time.
First use case: if people start nxagent, it reports its version number
on stderr. This is about being human-friendly.
Second use case: None, so far. But it will now be easy to use
the NXAGENT_VERSION_STRING in later feature add-ons.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
nx*/VERSION and hw/nxagent/VERSION.
This commit removes the debian/VERSION file at makes it now unnecessary to
copy/symlink the VERSION file at build time. These build scripts got adapted:
debian/roll-tarballs.sh
debian/rules
nx-libs.spec
Furthermore, all NX component now use the main VERSION file as reference.
typechange: nxcomp/VERSION
typechange: nxcompext/VERSION
typechange: nxcompshad/VERSION
typechange: nxproxy/VERSION
|
|
|
|
|
|
|
|
|
|
| |
(999_nxagent_unbrand-nxagent-brand-x2goagent.full.patch).
When launched with NX Agent flavour, the startup screen gets unbranded by
this patch (the !M logo does not get shown).
When launched with X2Go Agent flavour, the startup screen gets branded
with the X2GO logo.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(990_fix-DEBUG-and-TEST-builds.full.patch).
(1) In nx-X11/programs/Xserver/dix:
Fix several compile errors when specifying -DDEBUG globally. Previous GCC
versions were more liberal and the code thus compiled.
Also initialize/reset a count variable correctly.
(2) In nx-X11/programs/Xserver/hw/nxagent/Render.c:
Check for pSrc->pDrawable to exist instead of having nxagent segfault when
it does not.
This enables the possibility of compiling all nxagent modules in TEST mode.
|
|
|
|
| |
(321_nxagent_x2go-specific-keystroke-config.full.patch).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(320_nxagent_configurable-keystrokes.full.patch).
Replaces the hardcoded nxagent keybindings by a configurable
table of keybindings. The default configuration is the same as the
original one, to maintain compatibility. A user/administrator can either
specify a command line parameter, environment variable or place a file
in ~/.nx/config/keystrokes.cfg or /etc/nxagent/keystrokes.cfg to reconfigure
these keybindings.
The configuration file format is XML, a dependency on libxml2 is added
to allow parsing the configuration.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Depending on the binary name of the agent either NXAgent
or X2GoAgent is set as WM_Class.
This is needed for some window managers (like the one shipped with
Maemo)
The original WM_CLASS patch has been taken from the FreeNX patch
series, author unknown.
The nxagent/x2goagent has been done by the X2Go Project, author
see below.
|
|
|
|
|
|
|
|
|
| |
210_nxagent_save_session_state.full.patch
210_nxcomp_save_session_state.full+lite.patch
This patch adds a "state" option to NX (agent) which
allows one to specify a file where nxagent will write
its session state into.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
(207_nxagent_fix-xfixes-selection.full.patch).
When nxagent has the XFIXES extension enabled copy and
paste from outside applications to applications within the session
that rely on XFixesSelectSelectionInput (e.g. qt applications like
konsole) did never receive any notifications because the nxagent did
not register itself at the real X server to receive them. Fixes X2Go Bug
#585 (http://bugs.x2go.org/585).
|
|
|
|
| |
(206_nxagent_clipboard-as-nxoption.full.patch).
|
|
|
|
| |
(205_nxagent_refresh-adsl.full.patch).
|
|
|
|
| |
(204_nxagent_repaint-solidpict.full.patch).
|
|
|
|
|
|
|
|
|
|
| |
(203_nxagent_disable-rootless-exit.full.patch).
This change enables to launch an nxagent in rootless mode
that waits forever for Xclients to appear.
This feature got added when X2Go introduced Published Applications
support.
|
|
|
|
|
|
|
|
| |
This patch adds Xinerama awareness to NX agent windows.
The advantage of Xinerama awareness is that an NX session window
will only maximize to the dimensions of the active physical
display.
|
|
|
|
|
|
|
| |
(201_nxagent_set-x2go-icon-if-x2goagent-flavour.full.patch).
Depending on the binary name of the agent either nxagent.xpm
or x2go.xpm is used as window icon.
|
|
|
|
|
|
|
|
|
|
| |
(200_nxagent_check-binary-x2go-flavour.full.patch).
Whether the agent runs in X2Go or NX mode is decide by the
name of the binary that executes the code.
Binary name equal to nxagent -> (Free)NX flavour
Binary name equal to x2goagent -> X2Go flavour
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is allowed to try and allocate a pixmap which is larger than
32767 in either dimension. However, all of the framebuffer code
is buggy and does not reliably draw to such big pixmaps, basically
because the Region data structure operates with signed shorts
for the rectangles in it.
Furthermore, several places in the X server computes the
size in bytes of the pixmap and tries to store it in an
integer. This integer can overflow and cause the allocated size
to be much smaller.
So, such big pixmaps are rejected here with a BadAlloc
Originally contributed by FreeNX Team
|
|
|
|
|
|
| |
Wine close delay.
Originally contributed by FreeNX team (dimbor).
|
|
|
|
|
|
|
|
| |
(107_nxagent_clipboard-compound-text+small-bed-sheets.full.patch).
Do not send COMPOUND_TEXT to client.
Originally contributed by FreeNX Team (dimbor).
|
|
|
|
|
|
| |
Enable UTF-8 clipboard copies.
Originally contributed by FreeNX Team (dimbor).
|
|
|
|
|
|
|
| |
(105_nxagent_export-remote-keyboard-config.full.patch)
Let nxagent write the keyboard configuration to <session_directory>/keyboard
and make it available within the NX session.
|
|
|
|
|
|
|
|
|
| |
(103_nxagent_set-X0-config-path.full.patch).
This patch is needed for Tarball installation and on Distros like
Debian, not reporting this path addition to upstream.
Originally contributed by FreeNX Team.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(057_nx-X11_sanitize-eventmasks.full.patch).
Multiple endiannes issues were setting incorrect event masks when creating and
drawing X11 windows.
This time, a smaller integer has been casted to a bigger one and passed to some
function actually setting its value.
This meant, that garbage from stack was attached to the smaller integer value,
putting unknown memory into the lower bytes of the bigger integer.
Fix this by creating a big, initialized temporary variable, let the function do
its magic on that one and pass the value back to the smaller variable--and
cross your fingers the smaller variable can hold it without overrunning. (The
last bit is a design issue we can't really fix and has been around even before
this patch.)
|
|
|
|
|
|
|
|
| |
(056_nx-X11_Werror-format-security.full.patch).
The below patch fixes more -Werror=format-security errors.
Interestingly, most of the errors only showed up on our arm builds. No
idea why.
|
|
|
|
|
|
| |
009_nxproxy_add-man-page.full+lite.patch
009_nxagent_add-man-page.full.patch
010_nxauth_fix-binary-name-in-man-page.full.patch
|
| |
|
|
|
|
| |
This reverts commit e77bf36d9afbc7e56522574b06217d57c11dd095.
|
| |
|
|
|
|
|
|
|
|
| |
Summary: Imported nxagent-3.5.0-9.tar.gz
Keywords:
Imported nxagent-3.5.0-9.tar.gz
into Git repository
|
|
|
|
|
|
|
|
| |
Summary: Imported nxagent-3.5.0-7.tar.gz
Keywords:
Imported nxagent-3.5.0-7.tar.gz
into Git repository
|
|
|
|
|
|
|
|
| |
Summary: Imported nxagent-3.5.0-5.tar.gz
Keywords:
Imported nxagent-3.5.0-5.tar.gz
into Git repository
|
|
|
|
|
|
|
|
| |
Summary: Imported nxagent-3.5.0-2.tar.gz
Keywords:
Imported nxagent-3.5.0-2.tar.gz
into Git repository
|
|
|
|
|
|
|
|
| |
Summary: Imported nxagent-3.4.0-9.tar.gz
Keywords:
Imported nxagent-3.4.0-9.tar.gz
into Git repository
|