Commits · 4fb35326a190f95f262bf9ea2e27de1ff81bda25 · dimbor / nx-libs

02 Jun, 2015 2 commits

Security fixes: X.Org CVE-2013-4396: · 4fb35326

authored Jun 02, 2015

v2: Apply to NXdixfonts.c rather than dixfonts.c (Mike DePaulo)
v3: backport v2 to nx-libs 3.5.0.x (Mihai Moldovan)

Changes:
  - 1003-Avoid-use-after-free-in-dix-dixfonts.c-doImageT.full.patch

4fb35326

nxcomp/README.on-retroactive-DXPC-license: Some layout and interpunctuation fixes. · 86937b86
Mike Gabriel authored Jun 02, 2015
```
Backported from Arctica GH 3.6.x branch.

Affects:
  - 9900-dxpc-license-history.full+lite.patch
```
86937b86

28 May, 2015 7 commits
- nxcomp/Misc.cpp: fix build failure introduced in a27a8aae. · f9303c1c
  Mihai Moldovan authored May 28, 2015
```
Backported from Arctica GH 3.6.x branch.

Affects:
  - 9900-dxpc-license-history.full+lite.patch
```
  f9303c1c
- debian/changelog: typo fix. · eda8da43
  Mihai Moldovan authored May 28, 2015
  
  eda8da43
- Support tarring up the HEAD of the current branch. · 2e5b45ad
  Mike Gabriel authored May 28, 2015
  
  2e5b45ad
- Allow patch files names having a dash next to the four digits (i.e., 1234-<patchname>.<suffix>). · 23fc7ee7
  Mike Gabriel authored May 28, 2015
  
  23fc7ee7
- Add 9900-dxpc-license-history.full+lite.patch. Document license history of DXPC… · a27a8aae
  Mike Gabriel authored May 28, 2015
```
Add 9900-dxpc-license-history.full+lite.patch. Document license history of DXPC (where nxcomp got forked from).

Backported from Arctica GH 3.6.x branch.
```
  a27a8aae
- debian/COPYING.full+lite: Replace content with GPL-2 license text, because that… · 6814755d
  Mike Gabriel authored May 28, 2015
```
debian/COPYING.full+lite: Replace content with GPL-2 license text, because that is the overall (i.e., strictest) license we have to deal with in nx-libs.
```
  6814755d
- debian/roll-tarball.sh: Make sure *.keyboard, debian/**, nx-libs.spec, .pc/**… · b3ece644
  Mike Gabriel authored May 28, 2015
```
debian/roll-tarball.sh: Make sure *.keyboard, debian/**, nx-libs.spec, .pc/** don't end up in tarball (special focuse on the nx-libs-lite tarball).
```
  b3ece644
26 May, 2015 6 commits
- debian/changelog: add entry for last change. · dc770326
  Mihai Moldovan authored May 26, 2015
  
  dc770326
- nxcomp: fix DEBUG, TEST, DUMP, FLUSH, TOKEN, PING, MIXED et al builds. · 0575a5b3
  Mihai Moldovan authored May 26, 2015
```
Submitted by Nito Martinez of the Qindel Group.

Backported from Arctica GH 3.6.x branch.

Adds:
  - 0992_fix-DEBUG-TEST-DUMP-FLUSH-TOKEN-PING-et-al-builds.full+lite.patch
```
  0575a5b3
- debian/changelog: add entry for last change. · 7f626521
  Mihai Moldovan authored May 26, 2015
  
  7f626521
- Security fixes: X.Org CVE-2014-8100: · a9a7426d
  Mihai Moldovan authored May 26, 2015
```
v3: port to NXrender.c rather than render.c (Mike DePaulo)
v4: backport v3 to nx-libs 3.5.0.x (Mihai Moldovan)

Changes:
  - 1028-render-unvalidated-lengths-in-Render-extn.-swap.full.patch
```
  a9a7426d
- debian/changelog: add entry for last change. · cce8c0d2
  Mihai Moldovan authored May 26, 2015
  
  cce8c0d2
- Security fixes: X.Org CVE-2014-8100: · c19b58d0
  Mihai Moldovan authored May 26, 2015
```
v3: port to NXrender.c rather than render.c (Mike DePaulo)
v4: backport v3 to nx-libs 3.5.0.x (Mihai Moldovan)

Changes:
  - 1027-render-check-request-size-before-reading-it-CVE.full.patch
```
  c19b58d0
04 May, 2015 1 commit
- debian/libnx-xinerama1.*: fix faulty logic when creating symlinks. · 5a9f8294
  Mihai Moldovan authored May 05, 2015
```
Backported from Arctica GH 3.6.x branch.
```
  5a9f8294
01 May, 2015 2 commits
- debian/control: workaround missing dependencies of nxagent on Ubuntu for now. · 5f2a5ac8
  Mihai Moldovan authored May 02, 2015
  
  5f2a5ac8
- Security fixes: X.Org CVE-2015-3418: · 6b9df6ca
  Mike Gabriel authored May 01, 2015
```
v3: backport to 3.5.0.x branch. (Mihai Moldovan)

Adds:
  - 1210-CVE-2015-3418-dix-Allow-zero-height-PutImage-re.full.patch
```
  6b9df6ca
30 Apr, 2015 3 commits
- nx-libs.spec: actually create libXinerama.so.1 symlink during build phase. · a17bd57e
  Mihai Moldovan authored Apr 30, 2015
```
Backported from Arctica GH 3.6.x branch.
```
  a17bd57e
- debian/changelog: add changelog entry for the last two changes. · 8726e7d0
  Mihai Moldovan authored Apr 30, 2015
  
  8726e7d0
- debian/libnx-xinerama1.*: move Xinerama dir back to nx-x11-common. Only delete… · 0af0060d
  Mihai Moldovan authored Apr 30, 2015
```
debian/libnx-xinerama1.*: move Xinerama dir back to nx-x11-common. Only delete known files. Fixes RPM build failures.
```
  0af0060d
29 Apr, 2015 1 commit

libnx-xinerama1: also create libXinerama symlink in… · 79d49066

authored Apr 29, 2015

libnx-xinerama1: also create libXinerama symlink in libnx-xinerama1.postinst.postinst (and remove in libnx-xinerama1.postinst.prerm.)

Due to the nx-x11-common package being a noarch/allarch package,
creating the symlink in nx-libs' Makefile will lead to the symlink
referencing the "default" architecture dpkg uses for building
noarch/allarch packages.

Incidentally, this worked fine for Debian, as amd64 seems to be the
default architecture. On Ubuntu, however, the default architecture up to
Vivid (15.04) was i386. For those builds, the symlink pointed to the 32
bit library of libNX_Xinerama.so.1 -- essentially breaking this feature.

Move the symlink creation to the arch-sensitive libnx-xinerama1 package.
The postinst and prerm scriptlets will work fine, unless someone
installs the i386 package version *after* the amd64 version. Given that
we already create symlinks to libNX_X11 and friends using that method,
no new regression is introduced. Strictly speaking that's a bug, but
we'll hopefully clean that up later...

79d49066

27 Apr, 2015 5 commits
- README.keystrokes: remove accidentally copied Dokuwiki syntax. · 266d5aff
  Mihai Moldovan authored Apr 27, 2015
```
Backported from Arctica GH 3.6.x branch.

Affects:
    - 0320_nxagent_configurable-keystrokes.full.patch
```
  266d5aff
- etc/keystrokes.cfg: fix whitespace errors. · 352631a4
  Mihai Moldovan authored Apr 27, 2015
```
Backported from Arctica GH 3.6.x branch.
```
  352631a4
- debian/changelog: unify entry for README.keystrokes. · 82d73c3e
  Mihai Moldovan authored Apr 27, 2015
  
  82d73c3e
- README.keystrokes: add documentation for branding behavior. · 45d9d240
  Mihai Moldovan authored Apr 27, 2015
```
Backported from Arctica GH 3.6.x branch.

Affects:
    - 0320_nxagent_configurable-keystrokes.full.patch
```
  45d9d240
- README.keystrokes: copy actions documentation from the wiki. · 034bd940
  Mihai Moldovan authored Apr 27, 2015
```
Backported from Arctica GH 3.6.x branch.

Affects:
    - 0320_nxagent_configurable-keystrokes.full.patch
```
  034bd940
26 Apr, 2015 12 commits

debian/changelog: document the last commits. · 14e51de1
Mihai Moldovan authored Apr 27, 2015

14e51de1
debian/roll-tarballs.sh: next batch of quotes. · 4c90de7a
Mihai Moldovan authored Apr 27, 2015

4c90de7a
debian/roll-tarballs.sh: whitespace changes for consistency. · 56b383b8
Mihai Moldovan authored Apr 27, 2015

56b383b8

debian/roll-tarballs.sh: don't escape last newline of a multiline command. · 06bdc272

authored Apr 26, 2015

Worked out fine so far, because the next line was empty, but this can
easily change...

Cherry-picked from Arctica GH 3.6.x branch.

06bdc272

debian/roll-tarballs.sh: use more curly braces. · cc2fdd96

authored Apr 26, 2015

Prevents random characters as being treated as part of a variable name.

Cherry-picked from Arctica GH 3.6.x branch.

cc2fdd96

debian/roll-tarballs.sh: convert tabs to spaces. · e822d5cd
Mihai Moldovan authored Apr 26, 2015
```
Cherry-picked from Arctica GH 3.6.x branch.
```
e822d5cd

debian/roll-tarballs.sh: use more quotes. · 02757768

authored Apr 26, 2015

Fixes potential bugs, including one triggered by an unquoted hash within
the command line. BASH accepts this. Other shells do not (i.e., treat
everything following the hash character as a comment.)

Cherry-picked from Arctica GH 3.6.x branch.

Conflicts:
    debian/roll-tarballs.sh

02757768

nxcompshad: Prevent underlinking by linking to libNX_Xext. · 9525d073
Mike Gabriel authored Apr 27, 2015
```
Adds:
    - 0650_nxcompshad_link-to-NX_Xext.full.patch
```
9525d073
nx-X11: Prevent underlinking by linking to libNX_X{11,damage,fixes). · ef24d649
Mike Gabriel authored Apr 27, 2015
```
Adds:
    - 0640_nx-X11_fix-underlinking-libNX_Xcomposite_damage_fixes.full.patch
```
ef24d649

CVE patches were previously not included in release tarballs. · 96efadac

authored Apr 26, 2015

Rename:
    - 1001-LZW-decompress-fix-for-CVE-2011-2895-From-xorg-lib-X.patch =>
      1001-LZW-decompress-fix-for-CVE-2011-2895-From-xorg-.full.patch
    - 1002-Fix-CVE-2011-4028-File-disclosure-vulnerability.-ups.patch =>
      1002-Fix-CVE-2011-4028-File-disclosure-vulnerability.full.patch
    - 1003-Avoid-use-after-free-in-dix-dixfonts.c-doImageText-C.patch =>
      1003-Avoid-use-after-free-in-dix-dixfonts.c-doImageT.full.patch
    - 1004-CVE-2013-6462-unlimited-sscanf-overflows-stack-buffe.patch =>
      1004-CVE-2013-6462-unlimited-sscanf-overflows-stack-.full.patch
    - 1005-CVE-2014-0209-integer-overflow-of-realloc-size-in-Fo.patch =>
      1005-CVE-2014-0209-integer-overflow-of-realloc-size-.full.patch
    - 1006-CVE-2014-0209-integer-overflow-of-realloc-size-in-le.patch =>
      1006-CVE-2014-0209-integer-overflow-of-realloc-size-.full.patch
    - 1007-CVE-2014-0210-unvalidated-length-in-_fs_recv_conn_se.patch =>
      1007-CVE-2014-0210-unvalidated-length-in-_fs_recv_co.full.patch
    - 1008-Don-t-crash-when-we-receive-an-FS_Error-from-the-fon.patch =>
      1008-Don-t-crash-when-we-receive-an-FS_Error-from-th.full.patch
    - 1009-CVE-2014-0210-unvalidated-lengths-when-reading-repli.patch =>
      1009-CVE-2014-0210-unvalidated-lengths-when-reading-.full.patch
    - 1010-CVE-2014-0211-Integer-overflow-in-fs_get_reply-_fs_s.patch =>
      1010-CVE-2014-0211-Integer-overflow-in-fs_get_reply-.full.patch
    - 1011-CVE-2014-0210-unvalidated-length-fields-in-fs_read_q.patch =>
      1011-CVE-2014-0210-unvalidated-length-fields-in-fs_r.full.patch
    - 1012-CVE-2014-0211-integer-overflow-in-fs_read_extent_inf.patch =>
      1012-CVE-2014-0211-integer-overflow-in-fs_read_exten.full.patch
    - 1013-CVE-2014-0211-integer-overflow-in-fs_alloc_glyphs-fr.patch =>
      1013-CVE-2014-0211-integer-overflow-in-fs_alloc_glyp.full.patch
    - 1014-CVE-2014-0210-unvalidated-length-fields-in-fs_read_e.patch =>
      1014-CVE-2014-0210-unvalidated-length-fields-in-fs_r.full.patch
    - 1015-CVE-2014-0210-unvalidated-length-fields-in-fs_read_g.patch =>
      1015-CVE-2014-0210-unvalidated-length-fields-in-fs_r.full.patch
    - 1016-CVE-2014-0210-unvalidated-length-fields-in-fs_read_l.patch =>
      1016-CVE-2014-0210-unvalidated-length-fields-in-fs_r.full.patch
    - 1017-CVE-2014-0210-unvalidated-length-fields-in-fs_read_l.patch =>
      1017-CVE-2014-0210-unvalidated-length-fields-in-fs_r.full.patch
    - 1018-unchecked-malloc-may-allow-unauthed-client-to-crash-.patch =>
      1018-unchecked-malloc-may-allow-unauthed-client-to-c.full.patch
    - 1019-dix-integer-overflow-in-ProcPutImage-CVE-2014-8092-1.patch =>
      1019-dix-integer-overflow-in-ProcPutImage-CVE-2014-8.full.patch
    - 1020-dix-integer-overflow-in-GetHosts-CVE-2014-8092-2-4.patch =>
      1020-dix-integer-overflow-in-GetHosts-CVE-2014-8092-.full.patch
    - 1021-dix-integer-overflow-in-RegionSizeof-CVE-2014-8092-3.patch =>
      1021-dix-integer-overflow-in-RegionSizeof-CVE-2014-8.full.patch
    - 1022-dix-integer-overflow-in-REQUEST_FIXED_SIZE-CVE-2014-.patch =>
      1022-dix-integer-overflow-in-REQUEST_FIXED_SIZE-CVE-.full.patch
    - 1023-dbe-unvalidated-lengths-in-DbeSwapBuffers-calls-CVE-.patch =>
      1023-dbe-unvalidated-lengths-in-DbeSwapBuffers-calls.full.patch
    - 1024-Xi-unvalidated-lengths-in-Xinput-extension-CVE-2014-.patch =>
      1024-Xi-unvalidated-lengths-in-Xinput-extension-CVE-.full.patch
    - 1025-xcmisc-unvalidated-length-in-SProcXCMiscGetXIDList-C.patch =>
      1025-xcmisc-unvalidated-length-in-SProcXCMiscGetXIDL.full.patch
    - 1026-Xv-unvalidated-lengths-in-XVideo-extension-swapped-p.patch =>
      1026-Xv-unvalidated-lengths-in-XVideo-extension-swap.full.patch
    - 1027-render-check-request-size-before-reading-it-CVE-2014.patch =>
      1027-render-check-request-size-before-reading-it-CVE.full.patch
    - 1028-render-unvalidated-lengths-in-Render-extn.-swapped-p.patch =>
      1028-render-unvalidated-lengths-in-Render-extn.-swap.full.patch
    - 1029-xfixes-unvalidated-length-in-SProcXFixesSelectSelect.patch =>
      1029-xfixes-unvalidated-length-in-SProcXFixesSelectS.full.patch
    - 1030-randr-unvalidated-lengths-in-RandR-extension-swapped.patch =>
      1030-randr-unvalidated-lengths-in-RandR-extension-sw.full.patch
    - 1031-glx-Be-more-paranoid-about-variable-length-requests-.patch =>
      1031-glx-Be-more-paranoid-about-variable-length-requ.full.patch
    - 1032-glx-Be-more-strict-about-rejecting-invalid-image-siz.patch =>
      1032-glx-Be-more-strict-about-rejecting-invalid-imag.full.patch
    - 1033-glx-Additional-paranoia-in-__glXGetAnswerBuffer-__GL.patch =>
      1033-glx-Additional-paranoia-in-__glXGetAnswerBuffer.full.patch
    - 1034-glx-Add-safe_-add-mul-pad-v3-CVE-2014-8093-4-6-v4.patch =>
      1034-glx-Add-safe_-add-mul-pad-v3-CVE-2014-8093-4-6-.full.patch
    - 1035-glx-Length-checking-for-GLXRender-requests-v2-CVE-20.patch =>
      1035-glx-Length-checking-for-GLXRender-requests-v2-C.full.patch
    - 1036-glx-Integer-overflow-protection-for-non-generated-re.patch =>
      1036-glx-Integer-overflow-protection-for-non-generat.full.patch
    - 1037-glx-Top-level-length-checking-for-swapped-VendorPriv.patch =>
      1037-glx-Top-level-length-checking-for-swapped-Vendo.full.patch
    - 1038-glx-Length-checking-for-non-generated-single-request.patch =>
      1038-glx-Length-checking-for-non-generated-single-re.full.patch
    - 1039-glx-Length-checking-for-RenderLarge-requests-v2-CVE-.patch =>
      1039-glx-Length-checking-for-RenderLarge-requests-v2.full.patch
    - 1040-glx-Pass-remaining-request-length-into-varsize-v2-CV.patch =>
      1040-glx-Pass-remaining-request-length-into-varsize-.full.patch
    - 1041-nx-X11-lib-font-fc-fserve.c-initialize-remaining-buf.patch =>
      1041-nx-X11-lib-font-fc-fserve.c-initialize-remainin.full.patch
    - 1042-Do-proper-input-validation-to-fix-for-CVE-2011-2895.patch =>
      1042-Do-proper-input-validation-to-fix-for-CVE-2011-.full.patch
    - 1101-Coverity-844-845-846-Fix-memory-leaks.patch =>
      1101-Coverity-844-845-846-Fix-memory-leaks.full.patch
    - 1102-include-introduce-byte-counting-functions.patch =>
      1102-include-introduce-byte-counting-functions.full.patch
    - 1103-xkb-Don-t-swap-XkbSetGeometry-data-in-the-input-buff.patch =>
      1103-xkb-Don-t-swap-XkbSetGeometry-data-in-the-input.full.patch
    - 1104-xkb-Check-strings-length-against-request-size.patch =>
      1104-xkb-Check-strings-length-against-request-size.full.patch

96efadac

Security fixes: X.Org CVE-2013-7439: · 79a4ed92

authored Apr 26, 2015

v2: backport to 3.5.0.x branch. (Mihai Moldovan)

Adds:
  - 1200-CVE-2013-7439-MakeBigReq-don-t-move-the-last-wo.full.patch

79a4ed92

nx-X11: link to libdl to fix undefined references to 'dlopen' and 'dlsym'. Fixes: #853. · ca361757
Bernard Cafarelli authored Apr 26, 2015
```
v2: generally link to libdl in all of nx-X11. (Mike Gabriel)

Adds:
  - 0630_nx-X11_fix-underlinking-dlopen-dlsym.full.patch
```
ca361757

29 Mar, 2015 1 commit
- nx-X11: add more NULL guards to TEST and DEBUG sections of Render.c. · 952e320c
  Mihai Moldovan authored Mar 29, 2015
```
Affects:
  - 0990_fix-DEBUG-and-TEST-builds.full.patch
```
  952e320c