nx-libs - NXv3 (redistributed)

	Commit message (Collapse)	Author	Age	Files	Lines
*	Adapt API for MakeAtom() and CopyISOLatin1Lowered to latest changes in X.org.	Mike Gabriel	2016-05-02	1	-5/+5
\| \| \| \| \| \| \| \| \|	This requires adaptations of arguments' types for the external references to MakeAtom() and CopyISOLatin1Lowered(). These adaptations have been required in Xserver/include/dix.h, Xserver/include/dixfonts.c Xserver/dix/atom.c, Xserver/dix/dixutils.c, Xserver/os/oscolor.c.
*	pixman-devel: Build against shared library pkg-config(pixman-1).	Mike Gabriel	2016-05-02	1	-1/+2
\|
*	Xserver help: Document -disablexineramaextension cmdline option.	Mike Gabriel	2015-12-30	1	-0/+1
\|
*	Clear header file namespace separation (<X11/...> vs. <nx-X11/...>).	Mike Gabriel	2015-12-28	17	-60/+60
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	In the process of building nxagent against more and more system-wide installed X.org libraries, we come to the limit of including structs from this (bundled nx-X11) and that (system-wide X.Org) library. This commit introduces a clear namespace separation of headers provided by nx-X11 and headers provided by X.Org. This approach is only temporary as we want to drop all nx-X11 bundled libraries from nx-libs. However, for a while we need to make this separation clear and also ship some reduced fake X.Org headers that avoid pulling in libX* and libNX_X* symbols at the same time. This patch has been tested on Debian jessie and unstable and requires no overall testing on various distros and distro versions, as we finally will drop all libNX_X* libraries and build against X.org's client libs. For now, this hack eases our development / cleanup process.
*	Replace 'pointer' type with 'void *'	Keith Packard	2015-12-28	11	-109/+109
\| \| \| \| \| \| \| \| \| \|	This lets us stop using the 'pointer' typedef in Xdefs.h as 'pointer' is used throughout the X server for other things, and having duplicate names generates compiler warnings. Signed-off-by: Keith Packard <keithp@keithp.com> Reviewed-by: Eric Anholt <eric@anholt.net> Rebased against NX: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
*	imake cleanup: Drop references to X11 build-logic that is not present in nx-X11.	Mike Gabriel	2015-04-28	2	-569/+3
\|
*	library clean-up: Don't build and link libXfont.a anymore. Use system's ↵pr/libxfont-cleanup	Mike Gabriel	2015-04-22	1	-1/+1
\| \| \| \|	libXfont shared library and link dynamically.
*	imake cleanup: Drop all references to XprtServer and BuildXprint*.	Mike Gabriel	2015-04-04	2	-14/+1
\|
*	dix: integer overflow in GetHosts() [CVE-2014-8092 2/4]	Alan Coopersmith	2015-02-16	1	-0/+6
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	GetHosts() iterates over all the hosts it has in memory, and copies them to a buffer. The buffer length is calculated by iterating over all the hosts and adding up all of their combined length. There is a potential integer overflow, if there are lots and lots of hosts (with a combined length of > ~4 gig). This should be possible by repeatedly calling ProcChangeHosts() on 64bit machines with enough memory. This patch caps the list at 1mb, because multi-megabyte hostname lists for X access control are insane. v2: backport to nx-libs 3.6.x (Mike DePaulo) v3: human-readable version of "1 MB" (Mihai Moldovan) Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> Conflicts: os/access.c
*	Revert "dix: integer overflow in GetHosts() [CVE-2014-8092 2/4]"	Mihai Moldovan	2015-02-16	1	-6/+0
\| \| \| \|	This reverts commit d4c76981f7fddb364166464c571ed8d3de3086cd.
*	dix: integer overflow in GetHosts() [CVE-2014-8092 2/4]	Alan Coopersmith	2015-02-14	1	-0/+6
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	GetHosts() iterates over all the hosts it has in memory, and copies them to a buffer. The buffer length is calculated by iterating over all the hosts and adding up all of their combined length. There is a potential integer overflow, if there are lots and lots of hosts (with a combined length of > ~4 gig). This should be possible by repeatedly calling ProcChangeHosts() on 64bit machines with enough memory. This patch caps the list at 1mb, because multi-megabyte hostname lists for X access control are insane. v2: backport to nx-libs 3.6.x (Mike DePaulo) Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> Conflicts: os/access.c
*	unchecked malloc may allow unauthed client to crash Xserver [CVE-2014-8091]	Alan Coopersmith	2015-02-14	1	-0/+4
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	authdes_ezdecode() calls malloc() using a length provided by the connection handshake sent by a newly connected client in order to authenticate to the server, so should be treated as untrusted. It didn't check if malloc() failed before writing to the newly allocated buffer, so could lead to a server crash if the server fails to allocate memory (up to UINT16_MAX bytes, since the len field is a CARD16 in the X protocol). Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> Conflicts: os/rpcauth.c
*	Fix CVE-2011-4028: File disclosure vulnerability. upstream xorg/xserver ↵	Mike DePaulo	2015-02-14	1	-1/+1
\| \| \| \| \| \| \| \|	commit 6ba44b91e37622ef8c146d8f2ac92d708a18ed34 use O_NOFOLLOW to open the existing lock file, so symbolic links aren't followed, thus avoid revealing if it point to an existing file.
*	Unbrand NX Agent Startup Screen / Brand X2Go Agent Startup Screen ↵	Oleksandr Shneyder	2015-02-13	1	-1/+13
\| \| \| \| \| \| \| \| \| \|	(999_nxagent_unbrand-nxagent-brand-x2goagent.full.patch). When launched with NX Agent flavour, the startup screen gets unbranded by this patch (the !M logo does not get shown). When launched with X2Go Agent flavour, the startup screen gets branded with the X2GO logo.
*	Be compliant with POS36-C: Observe correct revocation order while ↵	Orion Poplawski	2015-02-13	1	-0/+7
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	relinquishing privileges (602_nx-X11_initgroups.full.patch). The Fedora review of NX (redistributed) caught the following rpmlint issue: This executable is calling setuid and setgid without setgroups or initgroups. There is a high probability this mean it didn't relinquish all groups, and this would be a potential security issue to be fixed. Seek POS36-C on the web for details about the problem. Ref POS36-C: https://www.securecoding.cert.org/confluence/display/seccode/POS36-C.+Observe+correct+revocation+order+while+relinquishing+privileges This patch adds initgroups() calls to the code to initialize the supplemental group list.
*	FHS path fix for rgb file	Marcelo Boveto Shima	2015-02-10	1	-1/+1
\| \| \| \| \| \| \|	This patch is needed on Debian only, not reporting this path addition to upstream. Patch was modified by Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
*	Fix -Werror=format-security errors ↵	Orion Poplawski	2015-02-09	1	-2/+2
\| \| \| \| \| \| \| \|	(056_nx-X11_Werror-format-security.full.patch). The below patch fixes more -Werror=format-security errors. Interestingly, most of the errors only showed up on our arm builds. No idea why.
*	drop .original files from the current code base	Mike Gabriel	2015-02-02	18	-16364/+0
\|
*	Revert "release 3.5.0.19"	Mike Gabriel	2013-03-28	1	-1/+1
\| \| \| \|	This reverts commit e77bf36d9afbc7e56522574b06217d57c11dd095.
*	release 3.5.0.19	Mike Gabriel	2013-03-28	1	-1/+1
\|
*	Imported nx-X11-3.5.0-1.tar.gznx-X11/3.5.0-1	Reinhard Tartler	2011-10-10	10	-10/+10
\| \| \| \| \| \| \| \|	Summary: Imported nx-X11-3.5.0-1.tar.gz Keywords: Imported nx-X11-3.5.0-1.tar.gz into Git repository
*	Imported nx-X11-3.4.0-3.tar.gznx-X11/3.4.0-3	Reinhard Tartler	2011-10-10	12	-12/+12
\| \| \| \| \| \| \| \|	Summary: Imported nx-X11-3.4.0-3.tar.gz Keywords: Imported nx-X11-3.4.0-3.tar.gz into Git repository
*	Imported nx-X11-3.4.0-1.tar.gznx-X11/3.4.0-1	Reinhard Tartler	2011-10-10	10	-20/+20
\| \| \| \| \| \| \| \|	Summary: Imported nx-X11-3.4.0-1.tar.gz Keywords: Imported nx-X11-3.4.0-1.tar.gz into Git repository
*	Imported nx-X11-3.3.0-7.tar.gznx-X11/3.3.0-7	Reinhard Tartler	2011-10-10	2	-2/+2
\| \| \| \| \| \| \| \|	Summary: Imported nx-X11-3.3.0-7.tar.gz Keywords: Imported nx-X11-3.3.0-7.tar.gz into Git repository
*	Imported nx-X11-3.3.0-6.tar.gznx-X11/3.3.0-6	Reinhard Tartler	2011-10-10	3	-0/+326
\| \| \| \| \| \| \| \|	Summary: Imported nx-X11-3.3.0-6.tar.gz Keywords: Imported nx-X11-3.3.0-6.tar.gz into Git repository
*	Imported nx-X11-3.3.0-5.tar.gznx-X11/3.3.0-5	Reinhard Tartler	2011-10-10	2	-0/+26
\| \| \| \| \| \| \| \|	Summary: Imported nx-X11-3.3.0-5.tar.gz Keywords: Imported nx-X11-3.3.0-5.tar.gz into Git repository
*	Imported nx-X11-3.1.0-1.tar.gznx-X11/3.1.0-1	Reinhard Tartler	2011-10-10	36	-0/+32336
	Summary: Imported nx-X11-3.1.0-1.tar.gz Keywords: Imported nx-X11-3.1.0-1.tar.gz into Git repository