This is an automated email from the git hooks/post-receive script. x2go pushed a change to branch 3.5.0.x in repository nx-libs. from a17bd57 nx-libs.spec: actually create libXinerama.so.1 symlink during build phase. new 6b9df6c Security fixes: X.Org CVE-2015-3418: new 5f2a5ac debian/control: workaround missing dependencies of nxagent on Ubuntu for now. The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Summary of changes: debian/changelog | 5 ++++ debian/control | 6 ++++ ...18-dix-Allow-zero-height-PutImage-re.full.patch | 29 ++++++++++++++++++++ debian/patches/series | 1 + 4 files changed, 41 insertions(+) create mode 100644 debian/patches/1210-CVE-2015-3418-dix-Allow-zero-height-PutImage-re.full.patch -- Alioth's /srv/git/code.x2go.org/nx-libs.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/nx-libs.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch 3.5.0.x in repository nx-libs. commit 6b9df6cae0a8eca72005e14f370807816a704fcf Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Fri May 1 23:38:44 2015 +0200 Security fixes: X.Org CVE-2015-3418: v3: backport to 3.5.0.x branch. (Mihai Moldovan) Adds: - 1210-CVE-2015-3418-dix-Allow-zero-height-PutImage-re.full.patch --- debian/changelog | 3 ++ ...18-dix-Allow-zero-height-PutImage-re.full.patch | 29 ++++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 33 insertions(+) diff --git a/debian/changelog b/debian/changelog index fbc633d..95d39be 100644 --- a/debian/changelog +++ b/debian/changelog @@ -160,6 +160,9 @@ nx-libs (2:3.5.0.32-0x2go1) UNRELEASED; urgency=low * nxcompshad: Prevent underlinking by linking to libNX_Xext. Adds: - 0650_nxcompshad_link-to-NX_Xext.full.patch + * Security fixes: + - X.Org CVE-2015-3418: + 1210-CVE-2015-3418-dix-Allow-zero-height-PutImage-re.full.patch -- X2Go Release Manager <git-admin@x2go.org> Tue, 17 Mar 2015 19:19:32 +0100 diff --git a/debian/patches/1210-CVE-2015-3418-dix-Allow-zero-height-PutImage-re.full.patch b/debian/patches/1210-CVE-2015-3418-dix-Allow-zero-height-PutImage-re.full.patch new file mode 100644 index 0000000..7b6f28c --- /dev/null +++ b/debian/patches/1210-CVE-2015-3418-dix-Allow-zero-height-PutImage-re.full.patch @@ -0,0 +1,29 @@ +commit dba779d9f99ab2fc6bf05c78515dbdd82840cadd +Author: Keith Packard <keithp@keithp.com> +Date: Fri May 1 13:09:24 2015 +0200 + + dix: Allow zero-height PutImage requests (fix for X.Org's CVE-2015-3418). + + The length checking code validates PutImage height and byte width by + making sure that byte-width >= INT32_MAX / height. If height is zero, + this generates a divide by zero exception. Allow zero height requests + explicitly, bypassing the INT32_MAX check. + + Fix for regression introduced by fix for CVE-2014-8092. + + v2: backports to nx-libs 3.6.x (Mike Gabriel) + Signed-off-by: Keith Packard <keithp@keithp.com> + +diff --git a/nx-X11/programs/Xserver/dix/dispatch.c b/nx-X11/programs/Xserver/dix/dispatch.c +index 5ad2f5a..ab10640 100644 +--- a/nx-X11/programs/Xserver/dix/dispatch.c ++++ b/nx-X11/programs/Xserver/dix/dispatch.c +@@ -2071,7 +2071,7 @@ ProcPutImage(register ClientPtr client) + + tmpImage = (char *)&stuff[1]; + lengthProto = length; +- if (lengthProto >= (INT32_MAX / stuff->height)) ++ if (stuff->height != 0 && lengthProto >= (INT32_MAX / stuff->height)) + return BadLength; + + if (((((lengthProto * stuff->height) + (unsigned)3) >> 2) + diff --git a/debian/patches/series b/debian/patches/series index 2c7d970..763eb05 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -132,5 +132,6 @@ 1103-xkb-Don-t-swap-XkbSetGeometry-data-in-the-input.full.patch 1104-xkb-Check-strings-length-against-request-size.full.patch 1200-CVE-2013-7439-MakeBigReq-don-t-move-the-last-wo.full.patch +1210-CVE-2015-3418-dix-Allow-zero-height-PutImage-re.full.patch 0016_nx-X11_install-location.debian.patch 0102_xserver-xext_set-securitypolicy-path.debian.patch -- Alioth's /srv/git/code.x2go.org/nx-libs.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/nx-libs.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch 3.5.0.x in repository nx-libs. commit 5f2a5ac842699efa577337261e4336b6503d1029 Author: Mihai Moldovan <ionic@ionic.de> Date: Sat May 2 00:08:41 2015 +0200 debian/control: workaround missing dependencies of nxagent on Ubuntu for now. --- debian/changelog | 2 ++ debian/control | 6 ++++++ 2 files changed, 8 insertions(+) diff --git a/debian/changelog b/debian/changelog index 95d39be..32201c4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -142,6 +142,8 @@ nx-libs (2:3.5.0.32-0x2go1) UNRELEASED; urgency=low Backported from Arctica GH 3.6.x branch. * nx-libs.spec: actually create libXinerama.so.1 symlink during build phase. Backported from Arctica GH 3.6.x branch. + * debian/control: workaround missing dependencies of nxagent on Ubuntu for + now. [ Bernard Cafarelli ] * nx-X11: link to libdl to fix undefined references to 'dlopen' and 'dlsym'. diff --git a/debian/control b/debian/control index b931567..1be9158 100644 --- a/debian/control +++ b/debian/control @@ -998,6 +998,12 @@ Package: nxagent Architecture: any Multi-Arch: foreign Depends: +# <Workaround> for missing dependencies on Ubuntu. + libnx-xdamage1 (>= ${source:Version}), libnx-xdamage1 (<< ${source:Version}.1), + libnx-xinerama1 (>= ${source:Version}), libnx-xinerama1 (<< ${source:Version}.1), + libnx-xrandr2 (>= ${source:Version}), libnx-xrandr2 (<< ${source:Version}.1), + libnx-xtst6 (>= ${source:Version}), libnx-xtst6 (<< ${source:Version}.1), +# </Workaround> ${shlibs:Depends}, ${misc:Depends}, Recommends: -- Alioth's /srv/git/code.x2go.org/nx-libs.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/nx-libs.git
-
git-admin@x2go.org