[X2Go-Dev] Bug#658: Bug#658: session connect with Python X2Go freezes if gevent 0.13.6 is used
Control: close -1 Hi all, On Do 30 Okt 2014 15:41:58 CET, Mike Gabriel wrote: Package: python-x2go Sevrity: important Hi Pavel, Jan, TL;DR; for the bug tracker... Python X2Go 0.5.0.x freezes during X2GoControlSession.connect() when used with gevent 0.13.6. With Python 0.4.0.x no such freeze could be observed. On packages.x2go.org and Launchpad I have now provided a more recent version of python-gevent (1.0.1) and python-greenlet (0.4.5). The newer versions had to be provided for Debian wheezy and Ubuntu precise. All more recent versions of Debian/Ubuntu already contain a version of python-gevent that should work fine. On my Debian wheezy systems, this works well. For Debian/Ubuntu based distros the issue can be considered fixed. If the issue occurs on other distros, please reopen this bug and give feedback. Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb pgp9ASILQhe4h.pgp Description: Digitale PGP-Signatur ___ x2go-dev mailing list x2go-dev@lists.x2go.org http://lists.x2go.org/listinfo/x2go-dev
[X2Go-Dev] Processed: Re: Bug#658: session connect with Python X2Go freezes if gevent 0.13.6 is used
Processing control commands: close -1 Bug #658 [python-x2go] session connect with Python X2Go freezes if gevent 0.13.6 is used Marked Bug as done -- 658: http://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=658 X2Go Bug Tracking System Contact ow...@bugs.x2go.org with problems ___ x2go-dev mailing list x2go-dev@lists.x2go.org http://lists.x2go.org/listinfo/x2go-dev
[X2Go-Dev] Bug#777: Bug#777: nx-libs: incorrect usage of scanf
Hi Heinrich, On Fr 30 Jan 2015 20:35:53 CET, Heinrich Schuchardt wrote: package: nx-libs version: head In different parts of the nx-libs library you can find usages of scanf like /* check for MESA_GAMMA environment variable */ gamma = _mesa_getenv(MESA_GAMMA); if (gamma) { v-RedGamma = v-GreenGamma = v-BlueGamma = 0.0; sscanf( gamma, %f %f %f, v-RedGamma, v-GreenGamma, v-BlueGamma ); According to cppcheck: scanf without field width limits can crash with huge input data on libc versions older than 2.13-25. Add a field width specifier to fix this problem: %i = %3i Any chance you could also provide a patch for this? Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb pgpC4ejCrsOg7.pgp Description: Digitale PGP-Signatur ___ x2go-dev mailing list x2go-dev@lists.x2go.org http://lists.x2go.org/listinfo/x2go-dev
[X2Go-Dev] Bug#776: Bug#776: nx-X11: Size of pointer 'server_support' used instead of size of its data
Hi Heinrich, On Fr 30 Jan 2015 21:22:55 CET, Heinrich Schuchardt wrote: The same bug exists in the master branch of http://cgit.freedesktop.org/mesa/mesa/tree/src/glx/glxextensions.c But here __GL_EXT_BYTES = 9. I will report the same bug to the upstream. Who takes care of porting new upstream versions of the mesa library to x2go? I currently have this (and update xrandr) on my list. Please provide patches to Xorg and X2Go, if possible. Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb pgp9R37Wh8ZWx.pgp Description: Digitale PGP-Signatur ___ x2go-dev mailing list x2go-dev@lists.x2go.org http://lists.x2go.org/listinfo/x2go-dev
[X2Go-Dev] New build of X2Go Client for OS X: 4.0.3.1-20150131
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi everyone, this is to announce a new OS X build of x2goclient. Note that the first build of X2Go Client 4.0.3.1 for OS X was 4.0.3.1-20150110. The changes are relative to that release. Changes since 4.0.3.1-20150110 are: - Update libssh from 0.6.3 to 0.6.4. This fixes CVE-2014-8132. According to [1], this did not affect x2goclient, because it does not use libssh's SSH server functionality. libssh 0.6.4 also added 4 features related to ECDSA keys. As in [1], we strongly encourage all users to update to this new build. The new build is available from http://code.x2go.org/releases/binary-macosx/x2goclient/releases/4.0.3.1/x2goclient-4.0.3.1-20150131.dmg A detached PGP signature made with my key and checksums are available from http://code.x2go.org/releases/binary-macosx/x2goclient/releases/4.0.3.1/ The key is available via HTTPS from https://neverpanic.de/downloads/documents/0x4C6F6B99.asc Checksums for this build are MD5(x2goclient-4.0.3.1-20150131.dmg)= c9c86efb34db3caf1e2c307125e5cdd8 SHA1(x2goclient-4.0.3.1-20150131.dmg)= 3a4b5a6fff2bbad85d45c57ece7291114f27 SHA256(x2goclient-4.0.3.1-20150131.dmg)= 69164fc60aaa7559f3036a848eee8c34e4a73c1b09bed35b3e2262f9207e0663 [1] http://permalink.gmane.org/gmane.linux.terminal-server.x2go.announce/146 Best regards, Clemens Lang -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJUzPUaAAoJEOJsrXdMb2uZMpkP/0MUTuqbJ5exo+Hc1+GpWtOF C1NHg8JJVWW7wJA6O6P4kr2aNm4dD0/bs4Ui31ZwsXoh1ucYcRsWpjH6ihhhec4H iyU36haoWIYORE17enrBXGTsbMBO8yV+TguuWvRLc5Z0qY0kqPcT9WC6mMLIgY0P ycZgGZbMg2B6flNRQJkFkIyKwXmOEl/r+gceir7x2gx4ihWDb0wMgAz5OqFbs+uN h/BYRw2i8OTqIgOWVNxgi+bLZuLfUapjbLt0r09nZ/IgnJIeDgflHnd6GXNAYdeM gl0vHjrTBQdJ3b2BBdk4Pubns9zVI2TtYhxqi/Xr3aRSGDfFV+g5ugmrjEAKAJHU towy4UzHyr+yeGisP4Zw+wEM+cY11hIHAqjpuzCHR+gs3hDROZqOQ0AflMsjj3T3 Lm/l31KnSmwGUO1WplbbKPMiK1hW8VtnG244buB1It1LzeNOBIP+JdC6sx2a6nNJ TRWL4gbzQVbBoG0DLOezbKJcEnH6z/gUKPSxFsKlk0FF2PpZAwnWpI9p0elf8tnz T7n5TbryB+T+t5hH9aYrq/iFB6nfAj8aRBhURWWjKEQgmcXnu+KyxQEX5fFGwQz4 RAIF1bKjFVbfm4vatYneW3GxHENW4n8mgCxvLXmkW1/Ty/gvBCDtLsBnDCHzyyKU xNDZTzHYIQwv0Xu76GKA =FK+b -END PGP SIGNATURE- -- Clemens Lang MacPorts Developer ___ x2go-dev mailing list x2go-dev@lists.x2go.org http://lists.x2go.org/listinfo/x2go-dev
[X2Go-Dev] Bug#776: Bug#776: nx-X11: Size of pointer 'server_support' used instead of size of its data
Hi Heinrich, On Fr 30 Jan 2015 20:29:51 CET, Heinrich Schuchardt wrote: package: nx-libs version: head In nx-libs/nx-X11/extras/Mesa/src/glx/x11/glxextensions.c the length of the zeroed memory is the length of the pointer (4 bytes in case of a 32bit system) not the length of the data the pointer points to (8 byte). static void __glXProcessServerString( const struct extension_info * ext, const char * server_string, unsigned char * server_support ) { unsigned base; unsigned len; (void) memset( server_support, 0, sizeof( server_support ) ); Furthermore the length of the memory area pointed to by server_support is defined in varying ways in the coding: #define __GL_EXT_BYTES ((__NUM_GL_EXTS + 7) / 8) unsigned char server_support[ __GL_EXT_BYTES ]; unsigned char server_support[8]; Currently __NUM_GL_EXTS = 123, so __GL_EXT_BYTES = 8. What is expected to happen if __GL_EXT_BYTES 8 after defining six more values in the unamed (sic!) enum with the different bits? This questionable code was identified with cppcheck. http://cppcheck.sourceforge.net/ Best regards Heinrich Schuchardt Now that you have analyzed it, do you see a chance for coming up with patch? THANKS+GREETS, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb pgp3OPxQmitU2.pgp Description: Digitale PGP-Signatur ___ x2go-dev mailing list x2go-dev@lists.x2go.org http://lists.x2go.org/listinfo/x2go-dev
[X2Go-Dev] Bug#776: Bug#776: nx-X11: Size of pointer 'server_support' used instead of size of its data
If I may... On 31.01.2015 10:24 PM, Heinrich Schuchardt wrote: In the last year a lot of security relevant errors were discovered and fixed in the x-server code. What is the policy of the x2go project? Do you want to rebase the nx-libs package on current xorg code? Do you plan to support Wayland which will be replacing x11? The long-term goal is to rebase nx-libs against current Xorg code and have it even potentially merged upstream. This will however require a lot of funding or alternatively time. We discussed this issue to great length during the last X2Go meeting in October/November 2014. Meanwhile, Mike is currently factoring out a lot of dead code which has been copied verbatim by NoMachine, but is not actually used for building nx-libs. And doing a tremendous job at that. Mihai signature.asc Description: OpenPGP digital signature ___ x2go-dev mailing list x2go-dev@lists.x2go.org http://lists.x2go.org/listinfo/x2go-dev
[X2Go-Dev] Bug#778: affected by CVE 2015-0235: Stop using gethosbyname()
Package: src:nx-libs Severity: important The NX source code uses gethostbyname() at several locations and is potentially affected by CVE 2015-0235 (GHOST security issue in glibc). We should move towards using getaddrinfo() asap. Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976148 GnuPG Key ID 0x25771B13 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de ___ x2go-dev mailing list x2go-dev@lists.x2go.org http://lists.x2go.org/listinfo/x2go-dev