This is an automated email from the git hooks/post-receive script. x2go pushed a change to branch 3.6.x in repository nx-libs. from 6acafc9 Do proper input validation to fix for CVE-2011-2895. new e4d9701 Fix FTBFS due to the nxproxy executable already existing under /usr/lib/nx/bin/nx new 7424308 nx-libs.spec: Typo fix in comment. new f29cc29 Install "%{_libdir}/nx/bin" into nxproxy package. new 892c08d Make install-lite rule in Makefile.nx-libs more predictable and not rely on nxproxy/Makefile.in. new db12538 Makefile.nx-libs: Fix uninstall-lite rule. The nxproxy and nxcomp uninstallation has to be in uninstall-lite, not in uninstall-full. new 1f3222f debian/changelog: fix too-long lines new 26cfe93 fix 3.5.0.29 changelog entry The 7 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Summary of changes: Makefile | 31 +++++++++------ debian/changelog | 110 ++++++++++++++++++++++++++++++++++++++++++++---------- nx-libs.spec | 4 +- 3 files changed, 112 insertions(+), 33 deletions(-) -- Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/nx-libs.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch 3.6.x in repository nx-libs. commit e4d97018b4bed33afb3a6c61894272615f97e43d Author: Mike DePaulo <mikedep333@gmail.com> Date: Sat Feb 14 17:07:21 2015 -0500 Fix FTBFS due to the nxproxy executable already existing under /usr/lib/nx/bin/nx Conflicts (resolved by Mike Gabriel): debian/changelog --- Makefile | 2 -- debian/changelog | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 67 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index 3aeda73..52326fb 100644 --- a/Makefile +++ b/Makefile @@ -62,8 +62,6 @@ install-lite: $(INSTALL_DIR) $(DESTDIR)$(BINDIR) for d in nxcomp nxproxy; do \ $(MAKE) -C $$d install; done - mkdir -p $(DESTDIR)$(NXLIBDIR)/bin/ - mv $(DESTDIR)$(BINDIR)/nxproxy $(DESTDIR)$(NXLIBDIR)/bin/ for f in nxproxy; do \ $(INSTALL_PROGRAM) bin/$$f $(DESTDIR)$(BINDIR); done diff --git a/debian/changelog b/debian/changelog index 8348687..0eae634 100644 --- a/debian/changelog +++ b/debian/changelog @@ -125,8 +125,73 @@ nx-libs (2:3.5.0.29-0x2go2) UNRELEASED; urgency=medium (Fixes: #744). [ Michael DePaulo ] - * debian/rules: - + Fix build for LDFLAGS containing spaces. + * Security fixes: + - Rebase loads of X.Org patches (mainly from RHEL-5) against NX. If not + all patches from a CVE patch series appear here, then it means that + the affected file/code is not used in NX at build time. + + - X.Org CVE-2011-2895: + 1001-LZW-decompress-fix-for-CVE-2011-2895-From-xorg-lib-X.patch + - X.Org CVE-2011-4028: + 1002-Fix-CVE-2011-4028-File-disclosure-vulnerability.-ups.patch + - X.Org CVE-2013-4396: + 1003-Avoid-use-after-free-in-dix-dixfonts.c-doImageText-C.patch + - X.Org CVE-2013-6462: + 1004-CVE-2013-6462-unlimited-sscanf-overflows-stack-buffe.patch + - X.Org CVE-2014-0209: + 1005-CVE-2014-0209-integer-overflow-of-realloc-size-in-Fo.patch + 1006-CVE-2014-0209-integer-overflow-of-realloc-size-in-le.patch + - X.Org CVE-2014-0210: + 1007-CVE-2014-0210-unvalidated-length-in-_fs_recv_conn_se.patch + 1009-CVE-2014-0210-unvalidated-lengths-when-reading-repli.patch + 1011-CVE-2014-0210-unvalidated-length-fields-in-fs_read_q.patch + 1014-CVE-2014-0210-unvalidated-length-fields-in-fs_read_e.patch + 1015-CVE-2014-0210-unvalidated-length-fields-in-fs_read_g.patch + 1016-CVE-2014-0210-unvalidated-length-fields-in-fs_read_l.patch + 1017-CVE-2014-0210-unvalidated-length-fields-in-fs_read_l.patch + - X.Org CVE-2014-0211: + 1010-CVE-2014-0211-Integer-overflow-in-fs_get_reply-_fs_s.patch + 1012-CVE-2014-0211-integer-overflow-in-fs_read_extent_inf.patch + 1013-CVE-2014-0211-integer-overflow-in-fs_alloc_glyphs-fr.patch + 1018-unchecked-malloc-may-allow-unauthed-client-to-crash-.patch + - X.Org CVE-2014-8092: + 1019-dix-integer-overflow-in-ProcPutImage-CVE-2014-8092-1.patch + 1020-dix-integer-overflow-in-GetHosts-CVE-2014-8092-2-4.patch + 1021-dix-integer-overflow-in-RegionSizeof-CVE-2014-8092-3.patch + 1022-dix-integer-overflow-in-REQUEST_FIXED_SIZE-CVE-2014-.patch + - X.Org CVE-2014-8097: + 1023-dbe-unvalidated-lengths-in-DbeSwapBuffers-calls-CVE-.patch + - X.Org CVE-2014-8095: + 1024-Xi-unvalidated-lengths-in-Xinput-extension-CVE-2014-.patch + - X.Org CVE-2014-8096: + 1025-xcmisc-unvalidated-length-in-SProcXCMiscGetXIDList-C.patch + - X.Org CVE-2014-8099: + 1026-Xv-unvalidated-lengths-in-XVideo-extension-swapped-p.patch + - X.Org CVE-2014-8100: + 1027-render-check-request-size-before-reading-it-CVE-2014.patch + 1028-render-unvalidated-lengths-in-Render-extn.-swapped-p.patch + - X.Org CVE-2014-8102: + 1029-xfixes-unvalidated-length-in-SProcXFixesSelectSelect.patch + - X.Org CVE-2014-8101: + 1030-randr-unvalidated-lengths-in-RandR-extension-swapped.patch + - X.Org CVE-2014-8093: + 1031-glx-Be-more-paranoid-about-variable-length-requests-.patch + 1032-glx-Be-more-strict-about-rejecting-invalid-image-siz.patch + 1033-glx-Additional-paranoia-in-__glXGetAnswerBuffer-__GL.patch + 1034-glx-Add-safe_-add-mul-pad-v3-CVE-2014-8093-4-6-v4.patch + 1036-glx-Integer-overflow-protection-for-non-generated-re.patch + - X.Org CVE-2014-8098: + 1035-glx-Length-checking-for-GLXRender-requests-v2-CVE-20.patch + 1037-glx-Top-level-length-checking-for-swapped-VendorPriv.patch + 1038-glx-Length-checking-for-non-generated-single-request.patch + 1039-glx-Length-checking-for-RenderLarge-requests-v2-CVE-.patch + 1040-glx-Pass-remaining-request-length-into-varsize-v2-CV.patch + + - Security fixes with no assigned CVE: + 1008-Don-t-crash-when-we-receive-an-FS_Error-from-the-fon.patch + + - Fix FTBFS due to the nxproxy executable already existing under + /usr/lib/nx/bin/nx/ [ Mihai Moldovan ] * Change string "X2go" to "X2Go" where appropriate. -- Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/nx-libs.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch 3.6.x in repository nx-libs. commit 7424308261a9fc853d55ff3428f16a1ce5f4bc39 Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Sat Feb 14 21:53:00 2015 +0100 nx-libs.spec: Typo fix in comment. --- nx-libs.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nx-libs.spec b/nx-libs.spec index f4084d9..533f58f 100644 --- a/nx-libs.spec +++ b/nx-libs.spec @@ -667,7 +667,7 @@ sed -i -e 's,/usr/local,/usr,' nx-X11/config/cf/site.def sed -i -e 's#-O3#%{optflags}#' nx-X11/config/cf/host.def # Use multilib dirs # We're installing binaries into %%{_libdir}/nx/bin rather than %%{_libexedir}/nx -# becuase upstream expects libraries and binaries in the same directory +# because upstream expects libraries and binaries in the same directory sed -i -e 's,/lib/nx,/%{_lib}/nx,' Makefile nx-X11/config/cf/X11.tmpl sed -i -e 's,/lib/x2go,/%{_lib}/x2go,' Makefile sed -i -e 's,/usr/lib/,/usr/%{_lib}/,' bin/* -- Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/nx-libs.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch 3.6.x in repository nx-libs. commit f29cc29fd37731c09c04e615da4ee345bbc92733 Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Sat Feb 14 21:55:30 2015 +0100 Install "%{_libdir}/nx/bin" into nxproxy package. --- debian/changelog | 1 + nx-libs.spec | 2 ++ 2 files changed, 3 insertions(+) diff --git a/debian/changelog b/debian/changelog index 0eae634..bd10412 100644 --- a/debian/changelog +++ b/debian/changelog @@ -111,6 +111,7 @@ nx-libs (2:3.5.0.29-0x2go2) UNRELEASED; urgency=medium time. + Assure that BuildRoot: is set. + On SLE 11.x: libX* packages are prefixed with "xorg-x11-". + + Install "%{_libdir}/nx/bin" into nxproxy package. * debian/roll-tarball.sh: + Install etc/ files into etc/ subfolder (rgb, nxagent.keyboard, diff --git a/nx-libs.spec b/nx-libs.spec index 533f58f..68ec27c 100644 --- a/nx-libs.spec +++ b/nx-libs.spec @@ -1091,6 +1091,8 @@ ln -s -f ../../../../%{_lib}/libXext.so.6 %{buildroot}%{_libdir}/nx/X11/Xinerama %{_bindir}/nxproxy %{_mandir}/man1/nxproxy.1* %{_datadir}/man/man1/nxproxy.1* +%dir %{_libdir}/nx/bin +%{_libdir}/nx/bin/nxproxy %files -n x2goagent %defattr(-,root,root) -- Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/nx-libs.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch 3.6.x in repository nx-libs. commit 892c08ddc4f4f7fc84b22081a53e4385a737ab23 Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Mon Feb 16 05:45:17 2015 +0100 Make install-lite rule in Makefile.nx-libs more predictable and not rely on nxproxy/Makefile.in. --- Makefile | 15 ++++++++++----- debian/changelog | 2 ++ 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index 52326fb..2c2cf35 100644 --- a/Makefile +++ b/Makefile @@ -59,17 +59,22 @@ install: [ ! -d nx-X11 ] || $(MAKE) install-full install-lite: + # install nxcomp library + $(MAKE) -C nxcomp install + + # install nxproxy wrapper script $(INSTALL_DIR) $(DESTDIR)$(BINDIR) - for d in nxcomp nxproxy; do \ - $(MAKE) -C $$d install; done - for f in nxproxy; do \ - $(INSTALL_PROGRAM) bin/$$f $(DESTDIR)$(BINDIR); done + $(INSTALL_PROGRAM) bin/nxproxy $(DESTDIR)$(BINDIR) + + # FIXME: the below install logic should work via nxproxy/Makefile.in + # overriding for now... + $(INSTALL_DIR) $(DESTDIR)$(NXLIBDIR)/bin + $(INSTALL_PROGRAM) nxproxy/nxproxy $(DESTDIR)$(NXLIBDIR)/bin $(INSTALL_DIR) $(DESTDIR)$(PREFIX)/share/man/man1/ $(INSTALL_FILE) nxproxy/man/nxproxy.1 $(DESTDIR)$(PREFIX)/share/man/man1/ gzip $(DESTDIR)$(PREFIX)/share/man/man1/*.1 - install-full: for f in nxagent nxauth x2goagent; do \ $(INSTALL_PROGRAM) bin/$$f $(DESTDIR)$(BINDIR); done diff --git a/debian/changelog b/debian/changelog index bd10412..ad42842 100644 --- a/debian/changelog +++ b/debian/changelog @@ -34,6 +34,8 @@ nx-libs (2:3.5.0.29-0x2go2) UNRELEASED; urgency=medium * Add Description: and Author: fields to various patch headers. * Makefile.nx-libs: Run make install for nxproxy first, then create the wrapper script. + * Make install-lite rule in Makefile.nx-libs more predictable and not + rely on nxproxy/Makefile.in. * NX code reduction efforts (from 93Mb to 41Mb): - Drop more unused code in nx-X11/programs/Xserver/hw/. Do this in -- Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/nx-libs.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch 3.6.x in repository nx-libs. commit db12538ddeb32db3bfd1882d2bb34ff00809301e Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Mon Feb 16 05:51:02 2015 +0100 Makefile.nx-libs: Fix uninstall-lite rule. The nxproxy and nxcomp uninstallation has to be in uninstall-lite, not in uninstall-full. --- Makefile | 14 +++++++++----- debian/changelog | 2 ++ 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index 2c2cf35..f0c8a97 100644 --- a/Makefile +++ b/Makefile @@ -164,8 +164,15 @@ uninstall: [ ! -d nx-X11 ] || $(MAKE) uninstall-full uninstall-lite: - for f in nxproxy; do \ - $(RM_FILE) $(DESTDIR)$(BINDIR)/$$f; done + if test -f nxcomp/Makefile; then ${MAKE} -C nxcomp $@; fi + + # uninstall nproxy wrapper script + $(RM_FILE) $(DESTDIR)$(BINDIR)/nxproxy + # FIXME: don't use uninstall rule in nxproxy/Makefile.in, let's do + # it on our own for now... + $(RM_FILE) $(DESTDIR)$(NXLIBDIR)/bin/nxproxy + $(RM_DIR) $(DESTDIR)$(NXLIBDIR)/bin/ + $(RM_FILE) $(DESTDIR)$(PREFIX)/share/man/man1/*.1 uninstall-full: for f in nxagent nxauth x2goagent; do \ @@ -174,9 +181,6 @@ uninstall-full: $(RM_FILE) $(DESTDIR)$(X2GOLIBDIR)/bin/x2goagent $(RM_DIR) $(DESTDIR)$(X2GOLIBDIR)/bin/ - if test -f nxcomp/Makefile; then ${MAKE} -C nxcomp $@; fi - if test -f nxproxy/Makefile; then ${MAKE} -C nxproxy $@; fi - if test -d nx-X11; then \ if test -f nxcompext/Makefile; then ${MAKE} -C nxcompext $@; fi; \ if test -f nxcompshad/Makefile; then ${MAKE} -C nxcompshad $@; fi; \ diff --git a/debian/changelog b/debian/changelog index ad42842..476fada 100644 --- a/debian/changelog +++ b/debian/changelog @@ -36,6 +36,8 @@ nx-libs (2:3.5.0.29-0x2go2) UNRELEASED; urgency=medium wrapper script. * Make install-lite rule in Makefile.nx-libs more predictable and not rely on nxproxy/Makefile.in. + * Makefile.nx-libs: Fix uninstall-lite rule. The nxproxy and nxcomp + uninstallation has to be in uninstall-lite, not in uninstall-full. * NX code reduction efforts (from 93Mb to 41Mb): - Drop more unused code in nx-X11/programs/Xserver/hw/. Do this in -- Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/nx-libs.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch 3.6.x in repository nx-libs. commit 1f3222fa07c1695b13340247cde58a95ceaba1c5 Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Mon Feb 16 06:19:54 2015 +0100 debian/changelog: fix too-long lines --- debian/changelog | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/debian/changelog b/debian/changelog index 476fada..37a666e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -60,12 +60,12 @@ nx-libs (2:3.5.0.29-0x2go2) UNRELEASED; urgency=medium process. - Update 600_nx-X11+nxcompext+nxcompshad_unique-libnames.full.patch. Don't patch files matter to the NX code reduction efforts. - - Update 031_nx-X11_parallel-make.full.patch. Don't patch .original files in - NX code tree. - - Drop patches: 017_nx-X11_update-autotools-helper-files.full.patch, - 018_nx-X11_update-libtool-ltmain-script.full.patch, - 019_nx-X11_expat-build-against-system-libxmltok.full.patch. They patch files - that are not used at build time. + - Update 0031_nx-X11_parallel-make.full.patch. Don't patch .original files + in NX code tree. + - Drop patches: 0017_nx-X11_update-autotools-helper-files.full.patch, + 0018_nx-X11_update-libtool-ltmain-script.full.patch, + 0019_nx-X11_expat-build-against-system-libxmltok.full.patch. They patch + files that are not used at build time. * Debian/Ubuntu packaging: + Fully rework the way nx-libs gets packaged for Debian/Ubuntu. -- Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/nx-libs.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch 3.6.x in repository nx-libs. commit 26cfe931f864b92c4b6026002f37987c56665977 Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Mon Feb 16 06:24:38 2015 +0100 fix 3.5.0.29 changelog entry --- debian/changelog | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/debian/changelog b/debian/changelog index 37a666e..f77a282 100644 --- a/debian/changelog +++ b/debian/changelog @@ -8,26 +8,26 @@ nx-libs (2:3.5.99.0-0~build1) UNRELEASED; urgency=medium nx-libs (2:3.5.0.29-0x2go2) UNRELEASED; urgency=medium [ Paul Szabo ] - * DISABLED:401_nxcomp_bigrequests-and-genericevent-extensions.full+lite.patch. + * DISABLED:0401_nxcomp_bigrequests-and-genericevent-extensions.full+lite.patch. Enable support for the X11 big requests extension and the generic events extension. [ Mike Gabriel ] - * Update 320_nxagent_configurable-keystrokes.full.patch. Fix patch header + * Update 0320_nxagent_configurable-keystrokes.full.patch. Fix patch header referring to keystrokes.cfg (plural), not keystroke.cfg. * Allow sysadmins to manipulate nxagent's / x2goagent's rgb file by placing it into /etc/nxagent or /etc/x2go. * Provide support for separate .keyboard files for nxagent/x2goagent. - * Modify 101_nxagent_set-rgb-path.full.patch. Allow configurable rgb files. - * Extend 999_nxagent_unbrand-nxagent-brand-x2goagent.full.patch. Let rgb + * Modify 0101_nxagent_set-rgb-path.full.patch. Allow configurable rgb files. + * Extend 0999_nxagent_unbrand-nxagent-brand-x2goagent.full.patch. Let rgb file shipped with x2goagent supersede rgb file shipped with nxagent. FIXME: a better approach would be to decide at runtime if to use /etc/x2go/rgb or /etc/nxagent/rgb. - * Extend 999_nxagent_unbrand-nxagent-brand-x2goagent.full.patch. Allow + * Extend 0999_nxagent_unbrand-nxagent-brand-x2goagent.full.patch. Allow separate .keyboard files for x2goagent and nxagent. - * Update 600_nx-X11+nxcompext+nxcompshad_unique-libnames.full.patch. Don't + * Update 0600_nx-X11+nxcompext+nxcompshad_unique-libnames.full.patch. Don't patch files that get removed during code reduction. - * Add 991_fix-hr-typos.full+lite.patch and 991_fix-hr-typos.full.patch. + * Add 0991_fix-hr-typos.full+lite.patch and 0991_fix-hr-typos.full.patch. Fix several typos in upstream code detected by lintian. * Makefile.nx-libs: Don't allow symlinks to point into buildroot. * Makefile.nx-libs: Install man pages via main Makefile. @@ -54,11 +54,11 @@ nx-libs (2:3.5.0.29-0x2go2) UNRELEASED; urgency=medium - Makefile.nx-libs: Don't install Mesa header files into DESTDIR anymore. - Unify source tree reduction (debian/rules vs. roll-tarball.sh) via file/ folder lists in text files named debian/CODE-REDUCTION_*. - - Update 991_fix-hr-typos.full.patch. Don't patch files that get removed by + - Update 0991_fix-hr-typos.full.patch. Don't patch files that get removed by the NX code reduction effort. - - Drop 604_nx-X11_recent-freetype-API.full.patch. Not used in current build + - Drop 0604_nx-X11_recent-freetype-API.full.patch. Not used in current build process. - - Update 600_nx-X11+nxcompext+nxcompshad_unique-libnames.full.patch. Don't + - Update 0600_nx-X11+nxcompext+nxcompshad_unique-libnames.full.patch. Don't patch files matter to the NX code reduction efforts. - Update 0031_nx-X11_parallel-make.full.patch. Don't patch .original files in NX code tree. @@ -122,10 +122,10 @@ nx-libs (2:3.5.0.29-0x2go2) UNRELEASED; urgency=medium x2goagent.keyboard). [ Horst Schirmeier ] - * Update 320_nxagent_configurable-keystrokes.full.patch. Fix a typo that + * Update 0320_nxagent_configurable-keystrokes.full.patch. Fix a typo that prevented the /etc/nxagent/keystrokes.cfg file from being parsed. (Fixes: #741). - * Add 321_nxagent_x2go-specific-keystroke-config.full.patch. If nxagent is + * Add 0321_nxagent_x2go-specific-keystroke-config.full.patch. If nxagent is launched as x2goagent, use X2Go-specific paths for the keystrokes.cfg file. (Fixes: #744). -- Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/nx-libs.git
-
git-admin@x2go.org