Bug#940548: buster-pu: package nx-libs/2:3.5.99.19-3+deb10u2
Package: release.debian.org
Severity: important
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu
Dear release team,
I just uploaded a regression fix of nx-libs to Debian buster (+deb10u2).
A severe issue had been discovered that slipped through my awareness
filter (I am sorry for this!):
+ * debian/patches:
+ + Fix 0033_Screen.c-fix-two-memleaks.patch. Was not fully cherry-picked.
+ Fixes double free issue. (Closes: #940103).
-> The nxagent Xserver of the current nx-libs version (+deb10u1) in
buster (10.1) segfaults with a double free issue immediately after
session startup. This makes the nxagent unusable and entirely breaks X2Go
Server.
Test-wise, this can be reproduced by launching "nxagent -ac :1" locally
(in nested mode).
```
[...]
NXAGENT - Version 3.5.99.19
Copyright (c) 2001, 2011 NoMachine (http://www.nomachine.com)
Copyright (c) 2008-2014 Oleksandr Shneyder <o.shneyder@phoca-gmbh.de>
Copyright (c) 2011-2016 Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Copyright (c) 2014-2016 Ulrich Sibiller <uli42@gmx.de>
Copyright (c) 2014-2016 Mihai Moldovan <ionic@ionic.de>
Copyright (c) 2015-2016 Qindel Group (http://www.qindel.com)
See https://github.com/ArcticaProject/nx-libs for more information.
Info: Agent running with pid '18512'.
Session: Starting session at 'Tue Sep 17 09:13:39 2019'.
free(): double free detected in tcache 2
Aborted
```
Fixing this issue is highly pressing, so I'd like to ask to get this into
Debian buster before the next point release, that is: asap. Sorry, for
causing this hassle.
+ * debian/patches:
+ + Add 0051-Screen.c-initialize-RandR-only-on-startup.patch. Regression
+ fix introduced with +deb10u1 upload (by patch 0014).
-> Upstream also fixed another double free issue, also introduced by a patch
that got added with +deb10u1. This problem has not been so obvious, it
only occurs when resuming a suspended session. Resuming sessions is one
of X2Go's core features, so it would be good getting this fixed in buster
asap, too.
Thanks + sorry for the inconvenience.
Mike
-- System Information:
Debian Release: 10.1
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru nx-libs-3.5.99.19/debian/changelog nx-libs-3.5.99.19/debian/changelog
--- nx-libs-3.5.99.19/debian/changelog 2019-06-22 11:49:12.000000000 +0200
+++ nx-libs-3.5.99.19/debian/changelog 2019-09-16 16:30:50.000000000 +0200
@@ -1,3 +1,13 @@
+nx-libs (2:3.5.99.19-3+deb10u2) buster; urgency=medium
+
+ * debian/patches:
+ + Fix 0033_Screen.c-fix-two-memleaks.patch. Was not fully cherry-picked.
+ Fixes double free issue. (Closes: #940103).
+ + Add 0051-Screen.c-initialize-RandR-only-on-startup.patch. Regression
+ fix introduced with +deb10u1 upload (by patch 0014).
+
+ -- Mike Gabriel <sunweaver@debian.org> Mon, 16 Sep 2019 16:30:50 +0200
+
nx-libs (2:3.5.99.19-3+deb10u1) buster; urgency=medium
* Patch backport of upstream's memleak-hunt...
diff -Nru nx-libs-3.5.99.19/debian/patches/0033_Screen.c-fix-two-memleaks.patch nx-libs-3.5.99.19/debian/patches/0033_Screen.c-fix-two-memleaks.patch
--- nx-libs-3.5.99.19/debian/patches/0033_Screen.c-fix-two-memleaks.patch 2019-06-22 11:49:12.000000000 +0200
+++ nx-libs-3.5.99.19/debian/patches/0033_Screen.c-fix-two-memleaks.patch 2019-09-16 16:30:50.000000000 +0200
@@ -46,16 +46,24 @@
return FALSE;
}
-@@ -1399,7 +1414,7 @@
- free(pScreen->allowedDepths[i].vids);
- }
-
+@@ -1391,15 +1406,7 @@
+ * by fbScreenInit with our own.
+ */
+
+- for (int i = 0; i < pScreen->numDepths; i++)
+- {
+- #ifdef DEBUG
+- fprintf(stderr, "%s: depth [%d] index [%d] vids [%p]\n", __func__, pScreen->allowedDepths[i].depth, i, (void*) pScreen->allowedDepths[i].vids);
+- #endif
+- free(pScreen->allowedDepths[i].vids);
+- }
+-
- free(pScreen -> allowedDepths);
+ freeDepths(pScreen->allowedDepths, pScreen->numDepths);
pScreen -> allowedDepths = depths;
pScreen -> numDepths = numDepths;
pScreen -> rootDepth = rootDepth;
-@@ -2146,11 +2161,8 @@
+@@ -2146,11 +2153,8 @@
* them again.
*/
@@ -69,7 +77,7 @@
pScreen->numDepths = 0;
-@@ -2160,7 +2172,6 @@
+@@ -2160,7 +2164,6 @@
free(((PixmapPtr)pScreen -> devPrivate) -> devPrivate.ptr);
free(pScreen->devPrivate);pScreen->devPrivate = NULL;
diff -Nru nx-libs-3.5.99.19/debian/patches/0051-Screen.c-initialize-RandR-only-on-startup.patch nx-libs-3.5.99.19/debian/patches/0051-Screen.c-initialize-RandR-only-on-startup.patch
--- nx-libs-3.5.99.19/debian/patches/0051-Screen.c-initialize-RandR-only-on-startup.patch 1970-01-01 01:00:00.000000000 +0100
+++ nx-libs-3.5.99.19/debian/patches/0051-Screen.c-initialize-RandR-only-on-startup.patch 2019-09-16 16:30:50.000000000 +0200
@@ -0,0 +1,37 @@
+From a7abd45a82737bfcba7af6ba46d3f372a5f97de6 Mon Sep 17 00:00:00 2001
+From: Ulrich Sibiller <uli42@gmx.de>
+Date: Mon, 12 Aug 2019 23:11:34 +0200
+Subject: [PATCH] Screen.c: initialize RandR only on startup...
+
+... not on reconnect. After the reconnect RRCloseScreen was called
+twice which caused a double free. This was introduced with
+3b06ad51d91ff2b9442f159cddf34ed03bc2dd35
+
+Fixes ArcticaProject/nx-libs#833
+---
+ nx-X11/programs/Xserver/hw/nxagent/Screen.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+--- a/nx-X11/programs/Xserver/hw/nxagent/Screen.c
++++ b/nx-X11/programs/Xserver/hw/nxagent/Screen.c
+@@ -1702,14 +1702,14 @@
+
+ #define POSITION_OFFSET (pScreen->myNum * (nxagentOption(Width) + \
+ nxagentOption(Height)) / 32)
+- }
+
+- /*
+- * Complete the initialization of the RANDR
+- * extension.
+- */
++ /*
++ * Complete the initialization of the RANDR
++ * extension.
++ */
+
+- nxagentInitRandRExtension(pScreen);
++ nxagentInitRandRExtension(pScreen);
++ }
+
+ #ifdef TEST
+ nxagentPrintAgentGeometry(NULL, "nxagentOpenScreen:");
diff -Nru nx-libs-3.5.99.19/debian/patches/series nx-libs-3.5.99.19/debian/patches/series
--- nx-libs-3.5.99.19/debian/patches/series 2019-06-22 11:49:12.000000000 +0200
+++ nx-libs-3.5.99.19/debian/patches/series 2019-09-16 16:30:50.000000000 +0200
@@ -25,6 +25,7 @@
0042_mi-miexpose.c-add-missing-free.patch
0049_xkb-fix-what-looks-to-be-a-copy-paste-error-with-fir.patch
0050_Keyboard.c-fix-another-cppcheck-finding.patch
+0051-Screen.c-initialize-RandR-only-on-startup.patch
2001_nx-X11_install-location.debian.patch
2002_xserver-xext_set-securitypolicy-path.debian.patch
2003_nxdialog-use-python3.patch
Reply to: