aboutsummaryrefslogtreecommitdiff
path: root/nx-X11/programs/Xserver/os
Commit message (Collapse)AuthorAgeFilesLines
* Adapt API for MakeAtom() and CopyISOLatin1Lowered to latest changes in X.org.Mike Gabriel2016-05-021-5/+5
| | | | | | | | | This requires adaptations of arguments' types for the external references to MakeAtom() and CopyISOLatin1Lowered(). These adaptations have been required in Xserver/include/dix.h, Xserver/include/dixfonts.c Xserver/dix/atom.c, Xserver/dix/dixutils.c, Xserver/os/oscolor.c.
* pixman-devel: Build against shared library pkg-config(pixman-1).Mike Gabriel2016-05-021-1/+2
|
* Xserver help: Document -disablexineramaextension cmdline option.Mike Gabriel2015-12-301-0/+1
|
* Clear header file namespace separation (<X11/...> vs. <nx-X11/...>).Mike Gabriel2015-12-2817-60/+60
| | | | | | | | | | | | | | | | | | | | In the process of building nxagent against more and more system-wide installed X.org libraries, we come to the limit of including structs from this (bundled nx-X11) and that (system-wide X.Org) library. This commit introduces a clear namespace separation of headers provided by nx-X11 and headers provided by X.Org. This approach is only temporary as we want to drop all nx-X11 bundled libraries from nx-libs. However, for a while we need to make this separation clear and also ship some reduced fake X.Org headers that avoid pulling in libX* and libNX_X* symbols at the same time. This patch has been tested on Debian jessie and unstable and requires no overall testing on various distros and distro versions, as we finally will drop all libNX_X* libraries and build against X.org's client libs. For now, this hack eases our development / cleanup process.
* Replace 'pointer' type with 'void *'Keith Packard2015-12-2811-109/+109
| | | | | | | | | | This lets us stop using the 'pointer' typedef in Xdefs.h as 'pointer' is used throughout the X server for other things, and having duplicate names generates compiler warnings. Signed-off-by: Keith Packard <keithp@keithp.com> Reviewed-by: Eric Anholt <eric@anholt.net> Rebased against NX: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
* imake cleanup: Drop references to X11 build-logic that is not present in nx-X11.Mike Gabriel2015-04-282-569/+3
|
* library clean-up: Don't build and link libXfont.a anymore. Use system's ↵pr/libxfont-cleanupMike Gabriel2015-04-221-1/+1
| | | | libXfont shared library and link dynamically.
* imake cleanup: Drop all references to XprtServer and BuildXprint*.Mike Gabriel2015-04-042-14/+1
|
* dix: integer overflow in GetHosts() [CVE-2014-8092 2/4]Alan Coopersmith2015-02-161-0/+6
| | | | | | | | | | | | | | | | | | | | | GetHosts() iterates over all the hosts it has in memory, and copies them to a buffer. The buffer length is calculated by iterating over all the hosts and adding up all of their combined length. There is a potential integer overflow, if there are lots and lots of hosts (with a combined length of > ~4 gig). This should be possible by repeatedly calling ProcChangeHosts() on 64bit machines with enough memory. This patch caps the list at 1mb, because multi-megabyte hostname lists for X access control are insane. v2: backport to nx-libs 3.6.x (Mike DePaulo) v3: human-readable version of "1 MB" (Mihai Moldovan) Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> Conflicts: os/access.c
* Revert "dix: integer overflow in GetHosts() [CVE-2014-8092 2/4]"Mihai Moldovan2015-02-161-6/+0
| | | | This reverts commit d4c76981f7fddb364166464c571ed8d3de3086cd.
* dix: integer overflow in GetHosts() [CVE-2014-8092 2/4]Alan Coopersmith2015-02-141-0/+6
| | | | | | | | | | | | | | | | | | | | GetHosts() iterates over all the hosts it has in memory, and copies them to a buffer. The buffer length is calculated by iterating over all the hosts and adding up all of their combined length. There is a potential integer overflow, if there are lots and lots of hosts (with a combined length of > ~4 gig). This should be possible by repeatedly calling ProcChangeHosts() on 64bit machines with enough memory. This patch caps the list at 1mb, because multi-megabyte hostname lists for X access control are insane. v2: backport to nx-libs 3.6.x (Mike DePaulo) Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> Conflicts: os/access.c
* unchecked malloc may allow unauthed client to crash Xserver [CVE-2014-8091]Alan Coopersmith2015-02-141-0/+4
| | | | | | | | | | | | | | | | | | authdes_ezdecode() calls malloc() using a length provided by the connection handshake sent by a newly connected client in order to authenticate to the server, so should be treated as untrusted. It didn't check if malloc() failed before writing to the newly allocated buffer, so could lead to a server crash if the server fails to allocate memory (up to UINT16_MAX bytes, since the len field is a CARD16 in the X protocol). Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> Conflicts: os/rpcauth.c
* Fix CVE-2011-4028: File disclosure vulnerability. upstream xorg/xserver ↵Mike DePaulo2015-02-141-1/+1
| | | | | | | | commit 6ba44b91e37622ef8c146d8f2ac92d708a18ed34 use O_NOFOLLOW to open the existing lock file, so symbolic links aren't followed, thus avoid revealing if it point to an existing file.
* Unbrand NX Agent Startup Screen / Brand X2Go Agent Startup Screen ↵Oleksandr Shneyder2015-02-131-1/+13
| | | | | | | | | | (999_nxagent_unbrand-nxagent-brand-x2goagent.full.patch). When launched with NX Agent flavour, the startup screen gets unbranded by this patch (the !M logo does not get shown). When launched with X2Go Agent flavour, the startup screen gets branded with the X2GO logo.
* Be compliant with POS36-C: Observe correct revocation order while ↵Orion Poplawski2015-02-131-0/+7
| | | | | | | | | | | | | | | | relinquishing privileges (602_nx-X11_initgroups.full.patch). The Fedora review of NX (redistributed) caught the following rpmlint issue: This executable is calling setuid and setgid without setgroups or initgroups. There is a high probability this mean it didn't relinquish all groups, and this would be a potential security issue to be fixed. Seek POS36-C on the web for details about the problem. Ref POS36-C: https://www.securecoding.cert.org/confluence/display/seccode/POS36-C.+Observe+correct+revocation+order+while+relinquishing+privileges This patch adds initgroups() calls to the code to initialize the supplemental group list.
* FHS path fix for rgb fileMarcelo Boveto Shima2015-02-101-1/+1
| | | | | | | This patch is needed on Debian only, not reporting this path addition to upstream. Patch was modified by Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
* Fix -Werror=format-security errors ↵Orion Poplawski2015-02-091-2/+2
| | | | | | | | (056_nx-X11_Werror-format-security.full.patch). The below patch fixes more -Werror=format-security errors. Interestingly, most of the errors only showed up on our arm builds. No idea why.
* drop .original files from the current code baseMike Gabriel2015-02-0218-16364/+0
|
* Revert "release 3.5.0.19"Mike Gabriel2013-03-281-1/+1
| | | | This reverts commit e77bf36d9afbc7e56522574b06217d57c11dd095.
* release 3.5.0.19Mike Gabriel2013-03-281-1/+1
|
* Imported nx-X11-3.5.0-1.tar.gznx-X11/3.5.0-1Reinhard Tartler2011-10-1010-10/+10
| | | | | | | | Summary: Imported nx-X11-3.5.0-1.tar.gz Keywords: Imported nx-X11-3.5.0-1.tar.gz into Git repository
* Imported nx-X11-3.4.0-3.tar.gznx-X11/3.4.0-3Reinhard Tartler2011-10-1012-12/+12
| | | | | | | | Summary: Imported nx-X11-3.4.0-3.tar.gz Keywords: Imported nx-X11-3.4.0-3.tar.gz into Git repository
* Imported nx-X11-3.4.0-1.tar.gznx-X11/3.4.0-1Reinhard Tartler2011-10-1010-20/+20
| | | | | | | | Summary: Imported nx-X11-3.4.0-1.tar.gz Keywords: Imported nx-X11-3.4.0-1.tar.gz into Git repository
* Imported nx-X11-3.3.0-7.tar.gznx-X11/3.3.0-7Reinhard Tartler2011-10-102-2/+2
| | | | | | | | Summary: Imported nx-X11-3.3.0-7.tar.gz Keywords: Imported nx-X11-3.3.0-7.tar.gz into Git repository
* Imported nx-X11-3.3.0-6.tar.gznx-X11/3.3.0-6Reinhard Tartler2011-10-103-0/+326
| | | | | | | | Summary: Imported nx-X11-3.3.0-6.tar.gz Keywords: Imported nx-X11-3.3.0-6.tar.gz into Git repository
* Imported nx-X11-3.3.0-5.tar.gznx-X11/3.3.0-5Reinhard Tartler2011-10-102-0/+26
| | | | | | | | Summary: Imported nx-X11-3.3.0-5.tar.gz Keywords: Imported nx-X11-3.3.0-5.tar.gz into Git repository
* Imported nx-X11-3.1.0-1.tar.gznx-X11/3.1.0-1Reinhard Tartler2011-10-1036-0/+32336
Summary: Imported nx-X11-3.1.0-1.tar.gz Keywords: Imported nx-X11-3.1.0-1.tar.gz into Git repository