From b8db5192d8b60c4371aa339e0762268efd62d53f Mon Sep 17 00:00:00 2001 From: Mike Gabriel Date: Mon, 17 Sep 2012 18:50:50 +0200 Subject: Add patch: 220_nxproxy-bind-loopback-only.full+lite.patch, adds loopback option to nxproxy options and forces nxproxy to bind to loopback devices only. --- debian/changelog | 5 +- .../220_nxproxy-bind-loopback-only.full+lite.patch | 130 +++++++++++++++++++++ .../patches/220_nxproxy-bind-loopback-only.patch | 130 --------------------- debian/patches/series | 2 +- 4 files changed, 134 insertions(+), 133 deletions(-) create mode 100644 debian/patches/220_nxproxy-bind-loopback-only.full+lite.patch delete mode 100644 debian/patches/220_nxproxy-bind-loopback-only.patch diff --git a/debian/changelog b/debian/changelog index 630d97ed2..90f17324a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -13,8 +13,9 @@ nx-libs (2:3.5.0.15-0) UNRELEASED; urgency=low * /debian/control: + Maintainer change in package: X2Go Developers . + Priority: optional. - * Add patch: 220_nxproxy-bind-loopback-only.patch, adds loopback option to - nxproxy options and forces nxproxy to bind to loopback devices only. + * Add patch: 220_nxproxy-bind-loopback-only.full+lite.patch, adds loopback + option to nxproxy options and forces nxproxy to bind to loopback devices + only. -- Mike Gabriel Thu, 28 Jun 2012 14:54:51 +0200 diff --git a/debian/patches/220_nxproxy-bind-loopback-only.full+lite.patch b/debian/patches/220_nxproxy-bind-loopback-only.full+lite.patch new file mode 100644 index 000000000..b8f87650b --- /dev/null +++ b/debian/patches/220_nxproxy-bind-loopback-only.full+lite.patch @@ -0,0 +1,130 @@ +Description: Force NX proxy to bind to loopback devices only (loopback option) +Author: Mike Gabriel +--- a/nxcomp/Loop.cpp ++++ b/nxcomp/Loop.cpp +@@ -952,6 +952,7 @@ + static char displayHost[DEFAULT_STRING_LENGTH] = { 0 }; + static char authCookie[DEFAULT_STRING_LENGTH] = { 0 }; + ++static int loopbackBind = DEFAULT_LOOPBACK_BIND; + static int proxyPort = DEFAULT_NX_PROXY_PORT; + static int xPort = DEFAULT_NX_X_PORT; + +@@ -3959,7 +3960,14 @@ + + tcpAddr.sin_family = AF_INET; + tcpAddr.sin_port = htons(proxyPortTCP); +- tcpAddr.sin_addr.s_addr = htonl(INADDR_ANY); ++ if ( loopbackBind ) ++ { ++ tcpAddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); ++ } ++ else ++ { ++ tcpAddr.sin_addr.s_addr = htonl(INADDR_ANY); ++ } + + if (bind(tcpFD, (sockaddr *) &tcpAddr, sizeof(tcpAddr)) == -1) + { +@@ -4512,7 +4520,14 @@ + + tcpAddr.sin_family = AF_INET; + tcpAddr.sin_port = htons(portTCP); +- tcpAddr.sin_addr.s_addr = htonl(INADDR_ANY); ++ if ( loopbackBind ) ++ { ++ tcpAddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); ++ } ++ else ++ { ++ tcpAddr.sin_addr.s_addr = htonl(INADDR_ANY); ++ } + + if (bind(newFD, (sockaddr *) &tcpAddr, sizeof(tcpAddr)) == -1) + { +@@ -6680,7 +6695,14 @@ + + #ifdef __APPLE__ + +- tcpAddr.sin_addr.s_addr = htonl(INADDR_ANY); ++ if ( loopbackBind ) ++ { ++ tcpAddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); ++ } ++ else ++ { ++ tcpAddr.sin_addr.s_addr = htonl(INADDR_ANY); ++ } + + #else + +@@ -8359,6 +8381,10 @@ + + listenPort = ValidateArg("local", name, value); + } ++ else if (strcasecmp(name, "loopback") == 0) ++ { ++ loopbackBind = ValidateArg("local", name, value); ++ } + else if (strcasecmp(name, "accept") == 0) + { + if (*connectHost != '\0') +@@ -13735,7 +13761,14 @@ + } + else + { +- address = htonl(INADDR_ANY); ++ if ( loopbackBind ) ++ { ++ address = htonl(INADDR_LOOPBACK); ++ } ++ else ++ { ++ address = htonl(INADDR_ANY); ++ } + } + } + else +--- a/nxcomp/Misc.cpp ++++ b/nxcomp/Misc.cpp +@@ -42,6 +42,14 @@ + #undef DEBUG + + // ++// By default nxproxy binds to all network interfaces, setting ++// DEFAULT_LOOPBACK_BIND to 1 enables binding to the loopback ++// device only. ++// ++ ++const int DEFAULT_LOOPBACK_BIND = 0; ++ ++// + // TCP port offset applied to any NX port specification. + // + +@@ -137,6 +145,8 @@ + \n\ + listen=n Local port used for accepting the proxy connection.\n\ + \n\ ++ loopback=b Bind to the loopback device only.\n\ ++\n\ + accept=s Name or IP of host that can connect to the proxy.\n\ + \n\ + connect=s Name or IP of host that the proxy will connect to.\n\ +--- a/nxcomp/Misc.h ++++ b/nxcomp/Misc.h +@@ -90,6 +90,14 @@ + extern const int DEFAULT_NX_SLAVE_PORT_SERVER_OFFSET; + + // ++// NX proxy binds to all network interfaces by default ++// With the -loopback parameter, you can switch ++// over to binding to the loopback device only. ++// ++ ++extern const int DEFAULT_LOOPBACK_BIND; ++ ++// + // Return strings containing various info. + // + diff --git a/debian/patches/220_nxproxy-bind-loopback-only.patch b/debian/patches/220_nxproxy-bind-loopback-only.patch deleted file mode 100644 index b8f87650b..000000000 --- a/debian/patches/220_nxproxy-bind-loopback-only.patch +++ /dev/null @@ -1,130 +0,0 @@ -Description: Force NX proxy to bind to loopback devices only (loopback option) -Author: Mike Gabriel ---- a/nxcomp/Loop.cpp -+++ b/nxcomp/Loop.cpp -@@ -952,6 +952,7 @@ - static char displayHost[DEFAULT_STRING_LENGTH] = { 0 }; - static char authCookie[DEFAULT_STRING_LENGTH] = { 0 }; - -+static int loopbackBind = DEFAULT_LOOPBACK_BIND; - static int proxyPort = DEFAULT_NX_PROXY_PORT; - static int xPort = DEFAULT_NX_X_PORT; - -@@ -3959,7 +3960,14 @@ - - tcpAddr.sin_family = AF_INET; - tcpAddr.sin_port = htons(proxyPortTCP); -- tcpAddr.sin_addr.s_addr = htonl(INADDR_ANY); -+ if ( loopbackBind ) -+ { -+ tcpAddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); -+ } -+ else -+ { -+ tcpAddr.sin_addr.s_addr = htonl(INADDR_ANY); -+ } - - if (bind(tcpFD, (sockaddr *) &tcpAddr, sizeof(tcpAddr)) == -1) - { -@@ -4512,7 +4520,14 @@ - - tcpAddr.sin_family = AF_INET; - tcpAddr.sin_port = htons(portTCP); -- tcpAddr.sin_addr.s_addr = htonl(INADDR_ANY); -+ if ( loopbackBind ) -+ { -+ tcpAddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); -+ } -+ else -+ { -+ tcpAddr.sin_addr.s_addr = htonl(INADDR_ANY); -+ } - - if (bind(newFD, (sockaddr *) &tcpAddr, sizeof(tcpAddr)) == -1) - { -@@ -6680,7 +6695,14 @@ - - #ifdef __APPLE__ - -- tcpAddr.sin_addr.s_addr = htonl(INADDR_ANY); -+ if ( loopbackBind ) -+ { -+ tcpAddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); -+ } -+ else -+ { -+ tcpAddr.sin_addr.s_addr = htonl(INADDR_ANY); -+ } - - #else - -@@ -8359,6 +8381,10 @@ - - listenPort = ValidateArg("local", name, value); - } -+ else if (strcasecmp(name, "loopback") == 0) -+ { -+ loopbackBind = ValidateArg("local", name, value); -+ } - else if (strcasecmp(name, "accept") == 0) - { - if (*connectHost != '\0') -@@ -13735,7 +13761,14 @@ - } - else - { -- address = htonl(INADDR_ANY); -+ if ( loopbackBind ) -+ { -+ address = htonl(INADDR_LOOPBACK); -+ } -+ else -+ { -+ address = htonl(INADDR_ANY); -+ } - } - } - else ---- a/nxcomp/Misc.cpp -+++ b/nxcomp/Misc.cpp -@@ -42,6 +42,14 @@ - #undef DEBUG - - // -+// By default nxproxy binds to all network interfaces, setting -+// DEFAULT_LOOPBACK_BIND to 1 enables binding to the loopback -+// device only. -+// -+ -+const int DEFAULT_LOOPBACK_BIND = 0; -+ -+// - // TCP port offset applied to any NX port specification. - // - -@@ -137,6 +145,8 @@ - \n\ - listen=n Local port used for accepting the proxy connection.\n\ - \n\ -+ loopback=b Bind to the loopback device only.\n\ -+\n\ - accept=s Name or IP of host that can connect to the proxy.\n\ - \n\ - connect=s Name or IP of host that the proxy will connect to.\n\ ---- a/nxcomp/Misc.h -+++ b/nxcomp/Misc.h -@@ -90,6 +90,14 @@ - extern const int DEFAULT_NX_SLAVE_PORT_SERVER_OFFSET; - - // -+// NX proxy binds to all network interfaces by default -+// With the -loopback parameter, you can switch -+// over to binding to the loopback device only. -+// -+ -+extern const int DEFAULT_LOOPBACK_BIND; -+ -+// - // Return strings containing various info. - // - diff --git a/debian/patches/series b/debian/patches/series index bffdb9746..3c4a167a6 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -40,7 +40,7 @@ 202_nx-x11_enable-xinerama.full.patch 203_nxagent_disable-rootless-exit.full.patch 209_x2goagent-add-man-page.full.patch -220_nxproxy-bind-loopback-only.patch +220_nxproxy-bind-loopback-only.full+lite.patch 300_nxagent_set-wm-class.full.patch 301_nx-X11_use-shared-libs.full.patch 600_nx-X11+nxcompext+nxcompshad_unique-libnames.full.patch -- cgit v1.2.3