Package: x2goagent; Maintainer for x2goagent is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goagent is src:nx-libs.
Reported by: Horst Schirmeier <horst@schirmeier.com>
Date: Thu, 15 Jan 2015 15:20:01 UTC
Severity: normal
Tags: patch, pending
Found in version 2:3.5.0.29-0x2go1~git20150113.557+wheezy.heuler.1
Fixed in version 2:3.5.0.29
Done: X2Go Release Manager <git-admin@x2go.org>
Bug is archived. No further changes may be made.
Message #81 received at 744@bugs.x2go.org (full text, mbox, reply):
Received: (at 744) by bugs.x2go.org; 13 Mar 2015 14:57:08 +0000 From x2go@ymir.das-netzwerkteam.de Fri Mar 13 15:56:11 2015 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,NO_RELAYS, URIBL_BLOCKED autolearn=unavailable version=3.3.2 Received: by ymir.das-netzwerkteam.de (Postfix, from userid 1005) id E6E765E088; Fri, 13 Mar 2015 15:56:10 +0100 (CET) From: X2Go Release Manager <git-admin@x2go.org> To: 744-submitter@bugs.x2go.org Cc: control@bugs.x2go.org, 744@bugs.x2go.org Subject: X2Go issue (in src:nx-libs) has been marked as closed Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit Message-Id: <20150313145610.E6E765E088@ymir.das-netzwerkteam.de> Date: Fri, 13 Mar 2015 15:56:10 +0100 (CET)
close #744 thanks Hello, we are very hopeful that X2Go issue #744 reported by you has been resolved in the new release (2:3.5.0.29) of the X2Go source project »src:nx-libs«. You can view the complete changelog entry of src:nx-libs (2:3.5.0.29) below, and you can use the following link to view all the code changes between this and the last release of src:nx-libs. http://code.x2go.org/gitweb?p=nx-libs.git;a=commitdiff;h=b3aadd99d26c25ed5f015b324d1677af122c2246;hp=c69789464eaf6db4775b636eabb7b315c9525924 If you feel that the issue has not been resolved satisfyingly, feel free to reopen this bug report or submit a follow-up report with further observations described based on the new released version of src:nx-libs. Thanks a lot for contributing to X2Go!!! light+love X2Go Git Admin (on behalf of the sender of this mail) --- X2Go Component: src:nx-libs Version: 2:3.5.0.29-0x2go2 Status: RELEASE Date: Fri, 13 Mar 2015 15:50:00 +0100 Fixes: 741 744 Changes: nx-libs (2:3.5.0.29-0x2go2) RELEASED; urgency=medium . [ Mike Gabriel ] * Update 0320_nxagent_configurable-keystrokes.full.patch. Fix patch header referring to keystrokes.cfg (plural), not keystroke.cfg. * Allow sysadmins to manipulate nxagent's / x2goagent's rgb file by placing it into /etc/nxagent or /etc/x2go. * Provide support for separate .keyboard files for nxagent/x2goagent. * Modify 0101_nxagent_set-rgb-path.full.patch. Allow configurable rgb files. * Extend 0999_nxagent_unbrand-nxagent-brand-x2goagent.full.patch. Let rgb file shipped with x2goagent supersede rgb file shipped with nxagent. FIXME: a better approach would be to decide at runtime if to use /etc/x2go/rgb or /etc/nxagent/rgb. * Extend 0999_nxagent_unbrand-nxagent-brand-x2goagent.full.patch. Allow separate .keyboard files for x2goagent and nxagent. * Update 0600_nx-X11+nxcompext+nxcompshad_unique-libnames.full.patch. Don't patch files that get removed during code reduction. * Add 0991_fix-hr-typos.full+lite.patch and 991_fix-hr-typos.full.patch. Fix several typos in upstream code detected by lintian. * Makefile.nx-libs: Don't allow symlinks to point into buildroot. * Makefile.nx-libs: Install man pages via main Makefile. * Add Description: and Author: fields to various patch headers. * Makefile.nx-libs: Run make install for nxproxy first, then create the wrapper script. * Make install-lite rule in Makefile.nx-libs more predictable and not rely on nxproxy/Makefile.in. * Makefile.nx-libs: Fix uninstall-lite rule. The nxproxy and nxcomp uninstallation has to be in uninstall-lite, not in uninstall-full. * Update 1042-Do-proper-input-validation-to-fix-for-CVE-2011-2895.patch. Fix broken comment paragraph, whitespace fix. . * NX code reduction efforts (from 93Mb to 41Mb): - Drop more unused code in nx-X11/programs/Xserver/hw/. Do this in roll-tarball.sh and in debian/rules alike. - Stop shipping unused / very old xterm code. - Drop nx-X11/programs/Xserver/hw/xfree86 except of four files symlinked to other locations in the source tree at build time. - More source tree size reduction by analyzing what exactly of the Mesa source code in nx-X11/extras/ is used and what not. - Drop more unused folders from tarball release / before .deb package build: . nx-X11/programs/Xserver/miext/shadow/ . nx-X11/programs/Xserver/XpConfig/ . nx-X11/programs/Xserver/Xprint/ - Makefile.nx-libs: Don't install Mesa header files into DESTDIR anymore. - Unify source tree reduction (debian/rules vs. roll-tarball.sh) via file/ folder lists in text files named debian/CODE-REDUCTION_*. - Update 0991_fix-hr-typos.full.patch. Don't patch files that get removed by the NX code reduction effort. - Drop 0604_nx-X11_recent-freetype-API.full.patch. Not used in current build process. - Update 0600_nx-X11+nxcompext+nxcompshad_unique-libnames.full.patch. Don't patch files matter to the NX code reduction efforts. - Update 0031_nx-X11_parallel-make.full.patch. Don't patch .original files in NX code tree. - Drop patches: 0017_nx-X11_update-autotools-helper-files.full.patch, 0018_nx-X11_update-libtool-ltmain-script.full.patch, 0019_nx-X11_expat-build-against-system-libxmltok.full.patch. They patch files that are not used at build time. . * Patch system: - Prepend a "0" to every patch file name in debian/patches/. The patch order is now given by a 4 digit ID. Adapt only this changelog stanza to this modification. . * Debian/Ubuntu packaging: + Fully rework the way nx-libs gets packaged for Debian/Ubuntu. + Split up libnx-x11 into individual packages. + Provide dbg:packages for each bin:package containing binaries. + Use Makefile logic to install files into DESTDIR. + Provide dev:packages for each lib:package individually. + Provide nx-x11proto-*-dev packages for all libnx-* libraries. + Install _all_ library files (*.so*) to /usr/lib/<triplet>/, so no extra settings of LD_LIBRARY_PATH is necessary. + Add Multi-Arch support for Debian based distro versions that support Multi-Arch. + Support hardened builds for nxcomp* libraries. + Support hardened builds for nxagent and libNX_*.so files. + Add debian/*.symbols files for shared nx-X11 libraries. + Support .symbols for 64bit and 32bit alike. + Provide CDBS-generated debian/copyright.in file. . * debian/rules: + Backup nxcomp/VERSION file from NoMachine before replacing it with a symlink to debian/VERSION. Recreate the original file when cleaning up. + Fix removal of unused code (that part of the code that we know of so far). (The debian/rules file is a Makefile and Makefiles don't understand shell globbing with curly braces). + Correctly link config files (etc/rgb, etc/nxagent.keyboard, etc/x2goagent.keyboard) before dh_auto_build. + Add to B-D: expat. + Install upstream ChangeLogs into bin:packages. + Remove upstream nx-libs ChangeLog during override_dh_clean. + Use proper quoting on build flag vars (they may contain spaces). . * nx-libs.spec: + The gpg-offline bin:package is not available in our SLE repo. We can do without. + Update .spec file to meet changes in tarball size reduction and restructuring. + Use SONAME based library package naming scheme. + Mention NX technology in every package description. + Install man pages into bin:packages. + Make libNX_X11-6 and libXinerama1 compliant to Shared Library Policy. + Add Obsoletes: fields to all shared libs for marking the non-versioned library package (names) as obsolete. + Don't depend on nx-libs base package with fixed version. + Don't fail if removing *.a files fails due to the files being non-present. + Set PREFIX=%{_prefix} USRLIBDIR=%{_libdir} SHLIBDIR=%{_libdir} at build time. + Assure that BuildRoot: is set. + On SLE 11.x: libX* packages are prefixed with "xorg-x11-". + Install "%{_libdir}/nx/bin" into nxproxy package. . * debian/roll-tarball.sh: + Install etc/ files into etc/ subfolder (rgb, nxagent.keyboard, x2goagent.keyboard). . [ Horst Schirmeier ] * Update 0320_nxagent_configurable-keystrokes.full.patch. Fix a typo that prevented the /etc/nxagent/keystrokes.cfg file from being parsed. (Fixes: #741). * Add 0321_nxagent_x2go-specific-keystroke-config.full.patch. If nxagent is launched as x2goagent, use X2Go-specific paths for the keystrokes.cfg file. (Fixes: #744). . [ Michael DePaulo ] * Security Fixes: - Rebase loads of X.Org patches (mainly from RHEL-5) against NX. If not all patches from a CVE patch series appear here, then it means that the affected file/code is not used in NX at build time. . - X.Org CVE-2011-2895: 1001-LZW-decompress-fix-for-CVE-2011-2895-From-xorg-lib-X.patch - X.Org CVE-2011-4028: 1002-Fix-CVE-2011-4028-File-disclosure-vulnerability.-ups.patch - X.Org CVE-2013-4396: 1003-Avoid-use-after-free-in-dix-dixfonts.c-doImageText-C.patch - X.Org CVE-2013-6462: 1004-CVE-2013-6462-unlimited-sscanf-overflows-stack-buffe.patch - X.Org CVE-2014-0209: 1005-CVE-2014-0209-integer-overflow-of-realloc-size-in-Fo.patch 1006-CVE-2014-0209-integer-overflow-of-realloc-size-in-le.patch - X.Org CVE-2014-0210: 1007-CVE-2014-0210-unvalidated-length-in-_fs_recv_conn_se.patch 1009-CVE-2014-0210-unvalidated-lengths-when-reading-repli.patch 1011-CVE-2014-0210-unvalidated-length-fields-in-fs_read_q.patch 1014-CVE-2014-0210-unvalidated-length-fields-in-fs_read_e.patch 1015-CVE-2014-0210-unvalidated-length-fields-in-fs_read_g.patch 1016-CVE-2014-0210-unvalidated-length-fields-in-fs_read_l.patch 1017-CVE-2014-0210-unvalidated-length-fields-in-fs_read_l.patch - X.Org CVE-2014-0211: 1010-CVE-2014-0211-Integer-overflow-in-fs_get_reply-_fs_s.patch 1012-CVE-2014-0211-integer-overflow-in-fs_read_extent_inf.patch 1013-CVE-2014-0211-integer-overflow-in-fs_alloc_glyphs-fr.patch 1018-unchecked-malloc-may-allow-unauthed-client-to-crash-.patch - X.Org CVE-2014-8092: 1019-dix-integer-overflow-in-ProcPutImage-CVE-2014-8092-1.patch 1020-dix-integer-overflow-in-GetHosts-CVE-2014-8092-2-4.patch 1021-dix-integer-overflow-in-RegionSizeof-CVE-2014-8092-3.patch 1022-dix-integer-overflow-in-REQUEST_FIXED_SIZE-CVE-2014-.patch - X.Org CVE-2014-8097: 1023-dbe-unvalidated-lengths-in-DbeSwapBuffers-calls-CVE-.patch - X.Org CVE-2014-8095: 1024-Xi-unvalidated-lengths-in-Xinput-extension-CVE-2014-.patch - X.Org CVE-2014-8096: 1025-xcmisc-unvalidated-length-in-SProcXCMiscGetXIDList-C.patch - X.Org CVE-2014-8099: 1026-Xv-unvalidated-lengths-in-XVideo-extension-swapped-p.patch - X.Org CVE-2014-8100: 1027-render-check-request-size-before-reading-it-CVE-2014.patch 1028-render-unvalidated-lengths-in-Render-extn.-swapped-p.patch - X.Org CVE-2014-8102: 1029-xfixes-unvalidated-length-in-SProcXFixesSelectSelect.patch - X.Org CVE-2014-8101: 1030-randr-unvalidated-lengths-in-RandR-extension-swapped.patch - X.Org CVE-2014-8093: 1031-glx-Be-more-paranoid-about-variable-length-requests-.patch 1032-glx-Be-more-strict-about-rejecting-invalid-image-siz.patch 1033-glx-Additional-paranoia-in-__glXGetAnswerBuffer-__GL.patch 1034-glx-Add-safe_-add-mul-pad-v3-CVE-2014-8093-4-6-v4.patch 1036-glx-Integer-overflow-protection-for-non-generated-re.patch - X.Org CVE-2014-8098: 1035-glx-Length-checking-for-GLXRender-requests-v2-CVE-20.patch 1037-glx-Top-level-length-checking-for-swapped-VendorPriv.patch 1038-glx-Length-checking-for-non-generated-single-request.patch 1039-glx-Length-checking-for-RenderLarge-requests-v2-CVE-.patch 1040-glx-Pass-remaining-request-length-into-varsize-v2-CV.patch - X.org CVE-2015-0255 1104-xkb-Check-strings-length-against-request-size.patch . - Security fixes with no assigned CVE: 1008-Don-t-crash-when-we-receive-an-FS_Error-from-the-fon.patch . - Rebase the following patches that are prerequisites for the CVE-2015-0255 patch: 1101-Coverity-844-845-846-Fix-memory-leaks.patch 1102-include-introduce-byte-counting-functions.patch 1103-xkb-Don-t-swap-XkbSetGeometry-data-in-the-input-buff.patch . - Fix FTBFS due to the nxproxy executable already existing under /usr/lib/nx/bin/nx/ . [ Mihai Moldovan ] * Change string "X2go" to "X2Go" where appropriate. * CVE security review: - Update 1007-CVE-2014-0210-unvalidated-length-in-_fs_recv_conn_se.patch. Use xfree() instead of free() in nx-libs. - Update 1011-CVE-2014-0210-unvalidated-length-fields-in-fs_read_q.patch. Apply correctly on nx-libs 3.6.x. - Update 1020-dix-integer-overflow-in-GetHosts-CVE-2014-8092-2-4.patch. Human-readable version of "1 MB". - Add 1041-nx-X11-lib-font-fc-fserve.c-initialize-remaining-buf.patch. Initialize remaining bufleft variables (nx-X11/lib/font/fc/fserve.c). - Add 1042-Do-proper-input-validation-to-fix-for-CVE-2011-2895.patch. Do proper input validation to fix for CVE-2011-2895.
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.