While I was backporting the CVE-2015-0255 fix from X.org to nx-libs, I noticed that there were a ton of Coverity fixes from 2006 in the X.org Xserver: http://cgit.freedesktop.org/xorg/xserver/log/?qt=grep&q=Coverity
I backported only one of them as a prereq for CVE-2015-0255: http://cgit.freedesktop.org/xorg/xserver/commit/?id=47bdc9528c2dd4ea9d59a094...
Thoughts/Comments?
-Mike
On 18.02.2015 04:12 AM, Michael DePaulo wrote:
While I was backporting the CVE-2015-0255 fix from X.org to nx-libs, I noticed that there were a ton of Coverity fixes from 2006 in the X.org Xserver: http://cgit.freedesktop.org/xorg/xserver/log/?qt=grep&q=Coverity
I backported only one of them as a prereq for CVE-2015-0255: http://cgit.freedesktop.org/xorg/xserver/commit/?id=47bdc9528c2dd4ea9d59a094...
Thoughts/Comments?
This is very alike the general question whether bugfixes from Xorg should be backported to our current version of nx-libs.
My personal take on that is that this should be low-priority and backporting is fine when you have spare time on your hands (general "you".)
Within this list, I'd prioritize issues that could crash NX higher than those merely fixing memory leaks.
Mihai
On Wed, Feb 18, 2015 at 12:07 AM, Mihai Moldovan <ionic@ionic.de> wrote:
On 18.02.2015 04:12 AM, Michael DePaulo wrote:
While I was backporting the CVE-2015-0255 fix from X.org to nx-libs, I noticed that there were a ton of Coverity fixes from 2006 in the X.org Xserver: http://cgit.freedesktop.org/xorg/xserver/log/?qt=grep&q=Coverity
I backported only one of them as a prereq for CVE-2015-0255: http://cgit.freedesktop.org/xorg/xserver/commit/?id=47bdc9528c2dd4ea9d59a094...
Thoughts/Comments?
This is very alike the general question whether bugfixes from Xorg should be backported to our current version of nx-libs.
My personal take on that is that this should be low-priority and backporting is fine when you have spare time on your hands (general "you".)
Within this list, I'd prioritize issues that could crash NX higher than those merely fixing memory leaks.
Mihai
I agree.
-Mike#2
Hi folks,
On Mi 18 Feb 2015 13:09:01 CET, Michael DePaulo wrote:
On Wed, Feb 18, 2015 at 12:07 AM, Mihai Moldovan <ionic@ionic.de> wrote:
On 18.02.2015 04:12 AM, Michael DePaulo wrote:
While I was backporting the CVE-2015-0255 fix from X.org to nx-libs, I noticed that there were a ton of Coverity fixes from 2006 in the X.org Xserver: http://cgit.freedesktop.org/xorg/xserver/log/?qt=grep&q=Coverity
I backported only one of them as a prereq for CVE-2015-0255: http://cgit.freedesktop.org/xorg/xserver/commit/?id=47bdc9528c2dd4ea9d59a094...
Thoughts/Comments?
This is very alike the general question whether bugfixes from Xorg should be backported to our current version of nx-libs.
My personal take on that is that this should be low-priority and backporting is fine when you have spare time on your hands (general "you".)
Within this list, I'd prioritize issues that could crash NX higher than those merely fixing memory leaks.
I am seeing a bit clearer now about what nxagent needs to keep for a
little longer, and what is likely to go away sooner (or later, well...).
Has to stay:
libNX_X11 libNX_Xinerama libNX_Xrandr libNX_Xrender libNX_GL (statically comiled into nxagent)
Maybe can go away (be replaced by its pendant in recent X.Org):
lib(NX_)Xfont (actually, statically linked into nxagent) lib(NX_)Xcomposite lib(NX_)Xext lib(NX_)Xpm lib(NX_)Xfixes
Probably can go away soon:
lib(NX_)Xdmcp lib(NX_)Xtst lib(NX_)Xau (well, who knows)
The above libs stem from the nx-X11/lib/ subdir.
About the actual Xserver code in nx-X11/programs/Xserver, I am not sure, yet.
Thus, if it comes to backporting patches, I'd say that working on
libNX_X11, libNX_Xinerama, libNX_Xrandr, libNX_Xrender
will be of benefit to our NX code quality. Working on the other libs
may have been in vain by some point of time in the future.
Mike
DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...
-
Michael DePaulo -
Mihai Moldovan -
Mike Gabriel