NX 2.1 libraries (based on X libraries and Xnest server) are derived from an old XFree release, and are not maintained anymore upstream, in favor of the 3.0 version (based on X.org, 64bit-clean, …). As pointed out by our nice security people, the code base in NX 2.1 is not patched against all vulnerabilities reported in XFree recently.
So, what will this change for Gentoo users? The free edition server 3.0 has been in the tree for some time and will be going stable shortly (and 2.1 packages removed). The bugs reported when 3.0 got out are all fixed now, so this is the best working version anyway!
For Freenx users, I am preparing a version bump that will work with 3.0 libraries (and will also work on no-multilib amd64 systems too). Upstream is working on a new version, with complete 3.0 support, but as it will be a complete rewrite, expect it “when i’s done” 😉
Just in case, I’ll move the 2.1 nx libs ebuild in the NX overlay (package.masked of course), if people really need it for their freenx setup (and know what they are doing)
When these updates are done, next big task will be to finally write some nice documentation on NX servers in Gentoo (what’s NX, pros/cons of the different servers, how to set up advanced features, troubleshooting guide, …)
2 thoughts on “NX servers 3.0 going security stable, removing old versions”
Yes! A Gentoo guide would be great.
Thank you very much ! I’m using NX and freenx-server every day and it’s one of the best tool with OpenSSH !
Comments are closed.