[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#940548: marked as done (buster-pu: package nx-libs/2:3.5.99.19-3+deb10u2)

Your message dated Sat, 16 Nov 2019 10:08:47 +0000
with message-id <83c9ffab6f08361485f70dda4733a7a24aeec09b.camel@adam-barratt.org.uk>
and subject line Closing bugs for 10.2 point release fixes
has caused the Debian Bug report #940548,
regarding buster-pu: package nx-libs/2:3.5.99.19-3+deb10u2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
940548: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940548
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: important
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu

Dear release team,

I just uploaded a regression fix of nx-libs to Debian buster (+deb10u2).

A severe issue had been discovered that slipped through my awareness
filter (I am sorry for this!):

+  * debian/patches:
+    + Fix 0033_Screen.c-fix-two-memleaks.patch. Was not fully cherry-picked.
+      Fixes double free issue. (Closes: #940103).

-> The nxagent Xserver of the current nx-libs version (+deb10u1) in
buster (10.1) segfaults with a double free issue immediately after
session startup. This makes the nxagent unusable and entirely breaks X2Go
Server.

Test-wise, this can be reproduced by launching "nxagent -ac :1" locally
(in nested mode).

```
[...]

NXAGENT - Version 3.5.99.19

Copyright (c) 2001, 2011 NoMachine (http://www.nomachine.com)
Copyright (c) 2008-2014 Oleksandr Shneyder <o.shneyder@phoca-gmbh.de>
Copyright (c) 2011-2016 Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Copyright (c) 2014-2016 Ulrich Sibiller <uli42@gmx.de>
Copyright (c) 2014-2016 Mihai Moldovan <ionic@ionic.de>
Copyright (c) 2015-2016 Qindel Group (http://www.qindel.com)
See https://github.com/ArcticaProject/nx-libs for more information.

Info: Agent running with pid '18512'.
Session: Starting session at 'Tue Sep 17 09:13:39 2019'.
free(): double free detected in tcache 2
Aborted

```
Fixing this issue is highly pressing, so I'd like to ask to get this into
Debian buster before the next point release, that is: asap. Sorry, for
causing this hassle.

+  * debian/patches:
+    + Add 0051-Screen.c-initialize-RandR-only-on-startup.patch. Regression
+      fix introduced with +deb10u1 upload (by patch 0014).

-> Upstream also fixed another double free issue, also introduced by a patch
that got added with +deb10u1. This problem has not been so obvious, it
only occurs when resuming a suspended session. Resuming sessions is one
of X2Go's core features, so it would be good getting this fixed in buster
asap, too.

Thanks + sorry for the inconvenience.

Mike


-- System Information:
Debian Release: 10.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

diff -Nru nx-libs-3.5.99.19/debian/changelog nx-libs-3.5.99.19/debian/changelog
--- nx-libs-3.5.99.19/debian/changelog	2019-06-22 11:49:12.000000000 +0200
+++ nx-libs-3.5.99.19/debian/changelog	2019-09-16 16:30:50.000000000 +0200
@@ -1,3 +1,13 @@
+nx-libs (2:3.5.99.19-3+deb10u2) buster; urgency=medium
+
+  * debian/patches:
+    + Fix 0033_Screen.c-fix-two-memleaks.patch. Was not fully cherry-picked.
+      Fixes double free issue. (Closes: #940103).
+    + Add 0051-Screen.c-initialize-RandR-only-on-startup.patch. Regression
+      fix introduced with +deb10u1 upload (by patch 0014).
+
+ -- Mike Gabriel <sunweaver@debian.org>  Mon, 16 Sep 2019 16:30:50 +0200
+
 nx-libs (2:3.5.99.19-3+deb10u1) buster; urgency=medium
 
   * Patch backport of upstream's memleak-hunt...
diff -Nru nx-libs-3.5.99.19/debian/patches/0033_Screen.c-fix-two-memleaks.patch nx-libs-3.5.99.19/debian/patches/0033_Screen.c-fix-two-memleaks.patch
--- nx-libs-3.5.99.19/debian/patches/0033_Screen.c-fix-two-memleaks.patch	2019-06-22 11:49:12.000000000 +0200
+++ nx-libs-3.5.99.19/debian/patches/0033_Screen.c-fix-two-memleaks.patch	2019-09-16 16:30:50.000000000 +0200
@@ -46,16 +46,24 @@
        return FALSE;
      }
  
-@@ -1399,7 +1414,7 @@
-       free(pScreen->allowedDepths[i].vids);
-     }
- 
+@@ -1391,15 +1406,7 @@
+      * by fbScreenInit with our own.
+      */
+ 
+-    for (int i = 0; i < pScreen->numDepths; i++)
+-    {
+-      #ifdef DEBUG
+-      fprintf(stderr, "%s: depth [%d] index [%d] vids [%p]\n", __func__, pScreen->allowedDepths[i].depth, i, (void*) pScreen->allowedDepths[i].vids);
+-      #endif
+-      free(pScreen->allowedDepths[i].vids);
+-    }
+-
 -    free(pScreen -> allowedDepths);
 +    freeDepths(pScreen->allowedDepths, pScreen->numDepths);
      pScreen -> allowedDepths = depths;
      pScreen -> numDepths = numDepths;
      pScreen -> rootDepth = rootDepth;
-@@ -2146,11 +2161,8 @@
+@@ -2146,11 +2153,8 @@
     * them again.
     */
  
@@ -69,7 +77,7 @@
  
    pScreen->numDepths = 0;
  
-@@ -2160,7 +2172,6 @@
+@@ -2160,7 +2164,6 @@
  
    free(((PixmapPtr)pScreen -> devPrivate) -> devPrivate.ptr);
    free(pScreen->devPrivate);pScreen->devPrivate = NULL;
diff -Nru nx-libs-3.5.99.19/debian/patches/0051-Screen.c-initialize-RandR-only-on-startup.patch nx-libs-3.5.99.19/debian/patches/0051-Screen.c-initialize-RandR-only-on-startup.patch
--- nx-libs-3.5.99.19/debian/patches/0051-Screen.c-initialize-RandR-only-on-startup.patch	1970-01-01 01:00:00.000000000 +0100
+++ nx-libs-3.5.99.19/debian/patches/0051-Screen.c-initialize-RandR-only-on-startup.patch	2019-09-16 16:30:50.000000000 +0200
@@ -0,0 +1,37 @@
+From a7abd45a82737bfcba7af6ba46d3f372a5f97de6 Mon Sep 17 00:00:00 2001
+From: Ulrich Sibiller <uli42@gmx.de>
+Date: Mon, 12 Aug 2019 23:11:34 +0200
+Subject: [PATCH] Screen.c: initialize RandR only on startup...
+
+... not on reconnect. After the reconnect RRCloseScreen was called
+twice which caused a double free. This was introduced with
+3b06ad51d91ff2b9442f159cddf34ed03bc2dd35
+
+Fixes ArcticaProject/nx-libs#833
+---
+ nx-X11/programs/Xserver/hw/nxagent/Screen.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+--- a/nx-X11/programs/Xserver/hw/nxagent/Screen.c
++++ b/nx-X11/programs/Xserver/hw/nxagent/Screen.c
+@@ -1702,14 +1702,14 @@
+ 
+     #define POSITION_OFFSET (pScreen->myNum * (nxagentOption(Width) + \
+                                nxagentOption(Height)) / 32)
+-  }
+ 
+-  /*
+-   * Complete the initialization of the RANDR
+-   * extension.
+-   */
++    /*
++     * Complete the initialization of the RANDR
++     * extension.
++     */
+ 
+-  nxagentInitRandRExtension(pScreen);
++    nxagentInitRandRExtension(pScreen);
++  }
+ 
+   #ifdef TEST
+   nxagentPrintAgentGeometry(NULL, "nxagentOpenScreen:");
diff -Nru nx-libs-3.5.99.19/debian/patches/series nx-libs-3.5.99.19/debian/patches/series
--- nx-libs-3.5.99.19/debian/patches/series	2019-06-22 11:49:12.000000000 +0200
+++ nx-libs-3.5.99.19/debian/patches/series	2019-09-16 16:30:50.000000000 +0200
@@ -25,6 +25,7 @@
 0042_mi-miexpose.c-add-missing-free.patch
 0049_xkb-fix-what-looks-to-be-a-copy-paste-error-with-fir.patch
 0050_Keyboard.c-fix-another-cppcheck-finding.patch
+0051-Screen.c-initialize-RandR-only-on-startup.patch
 2001_nx-X11_install-location.debian.patch
 2002_xserver-xext_set-securitypolicy-path.debian.patch
 2003_nxdialog-use-python3.patch

--- End Message ---
--- Begin Message --- 
Package: release.debian.org
Version: 10.2

Hi,

The fixes referenced by these bugs were included in today's 10.2 stable
point release.

Regards,

Adam

--- End Message ---
Reply to: