Bug#940548: buster-pu: package nx-libs/2:3.5.99.19-3+deb10u2

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#940548: buster-pu: package nx-libs/2:3.5.99.19-3+deb10u2
From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date: Tue, 17 Sep 2019 09:17:37 +0200
Message-id: <[🔎] 156870465753.16160.2916364110529400296.reportbug@minobo.das-netzwerkteam.de>
Reply-to: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>, 940548@bugs.debian.org

Package: release.debian.org
Severity: important
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu

Dear release team,

I just uploaded a regression fix of nx-libs to Debian buster (+deb10u2).

A severe issue had been discovered that slipped through my awareness
filter (I am sorry for this!):

+  * debian/patches:
+    + Fix 0033_Screen.c-fix-two-memleaks.patch. Was not fully cherry-picked.
+      Fixes double free issue. (Closes: #940103).

-> The nxagent Xserver of the current nx-libs version (+deb10u1) in
buster (10.1) segfaults with a double free issue immediately after
session startup. This makes the nxagent unusable and entirely breaks X2Go
Server.

Test-wise, this can be reproduced by launching "nxagent -ac :1" locally
(in nested mode).

```
[...]

NXAGENT - Version 3.5.99.19

Copyright (c) 2001, 2011 NoMachine (http://www.nomachine.com)
Copyright (c) 2008-2014 Oleksandr Shneyder <o.shneyder@phoca-gmbh.de>
Copyright (c) 2011-2016 Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Copyright (c) 2014-2016 Ulrich Sibiller <uli42@gmx.de>
Copyright (c) 2014-2016 Mihai Moldovan <ionic@ionic.de>
Copyright (c) 2015-2016 Qindel Group (http://www.qindel.com)
See https://github.com/ArcticaProject/nx-libs for more information.

Info: Agent running with pid '18512'.
Session: Starting session at 'Tue Sep 17 09:13:39 2019'.
free(): double free detected in tcache 2
Aborted

```
Fixing this issue is highly pressing, so I'd like to ask to get this into
Debian buster before the next point release, that is: asap. Sorry, for
causing this hassle.

+  * debian/patches:
+    + Add 0051-Screen.c-initialize-RandR-only-on-startup.patch. Regression
+      fix introduced with +deb10u1 upload (by patch 0014).

-> Upstream also fixed another double free issue, also introduced by a patch
that got added with +deb10u1. This problem has not been so obvious, it
only occurs when resuming a suspended session. Resuming sessions is one
of X2Go's core features, so it would be good getting this fixed in buster
asap, too.

Thanks + sorry for the inconvenience.

Mike


-- System Information:
Debian Release: 10.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

diff -Nru nx-libs-3.5.99.19/debian/changelog nx-libs-3.5.99.19/debian/changelog
--- nx-libs-3.5.99.19/debian/changelog	2019-06-22 11:49:12.000000000 +0200
+++ nx-libs-3.5.99.19/debian/changelog	2019-09-16 16:30:50.000000000 +0200
@@ -1,3 +1,13 @@
+nx-libs (2:3.5.99.19-3+deb10u2) buster; urgency=medium
+
+  * debian/patches:
+    + Fix 0033_Screen.c-fix-two-memleaks.patch. Was not fully cherry-picked.
+      Fixes double free issue. (Closes: #940103).
+    + Add 0051-Screen.c-initialize-RandR-only-on-startup.patch. Regression
+      fix introduced with +deb10u1 upload (by patch 0014).
+
+ -- Mike Gabriel <sunweaver@debian.org>  Mon, 16 Sep 2019 16:30:50 +0200
+
 nx-libs (2:3.5.99.19-3+deb10u1) buster; urgency=medium
 
   * Patch backport of upstream's memleak-hunt...
diff -Nru nx-libs-3.5.99.19/debian/patches/0033_Screen.c-fix-two-memleaks.patch nx-libs-3.5.99.19/debian/patches/0033_Screen.c-fix-two-memleaks.patch
--- nx-libs-3.5.99.19/debian/patches/0033_Screen.c-fix-two-memleaks.patch	2019-06-22 11:49:12.000000000 +0200
+++ nx-libs-3.5.99.19/debian/patches/0033_Screen.c-fix-two-memleaks.patch	2019-09-16 16:30:50.000000000 +0200
@@ -46,16 +46,24 @@
        return FALSE;
      }
  
-@@ -1399,7 +1414,7 @@
-       free(pScreen->allowedDepths[i].vids);
-     }
- 
+@@ -1391,15 +1406,7 @@
+      * by fbScreenInit with our own.
+      */
+ 
+-    for (int i = 0; i < pScreen->numDepths; i++)
+-    {
+-      #ifdef DEBUG
+-      fprintf(stderr, "%s: depth [%d] index [%d] vids [%p]\n", __func__, pScreen->allowedDepths[i].depth, i, (void*) pScreen->allowedDepths[i].vids);
+-      #endif
+-      free(pScreen->allowedDepths[i].vids);
+-    }
+-
 -    free(pScreen -> allowedDepths);
 +    freeDepths(pScreen->allowedDepths, pScreen->numDepths);
      pScreen -> allowedDepths = depths;
      pScreen -> numDepths = numDepths;
      pScreen -> rootDepth = rootDepth;
-@@ -2146,11 +2161,8 @@
+@@ -2146,11 +2153,8 @@
     * them again.
     */
  
@@ -69,7 +77,7 @@
  
    pScreen->numDepths = 0;
  
-@@ -2160,7 +2172,6 @@
+@@ -2160,7 +2164,6 @@
  
    free(((PixmapPtr)pScreen -> devPrivate) -> devPrivate.ptr);
    free(pScreen->devPrivate);pScreen->devPrivate = NULL;
diff -Nru nx-libs-3.5.99.19/debian/patches/0051-Screen.c-initialize-RandR-only-on-startup.patch nx-libs-3.5.99.19/debian/patches/0051-Screen.c-initialize-RandR-only-on-startup.patch
--- nx-libs-3.5.99.19/debian/patches/0051-Screen.c-initialize-RandR-only-on-startup.patch	1970-01-01 01:00:00.000000000 +0100
+++ nx-libs-3.5.99.19/debian/patches/0051-Screen.c-initialize-RandR-only-on-startup.patch	2019-09-16 16:30:50.000000000 +0200
@@ -0,0 +1,37 @@
+From a7abd45a82737bfcba7af6ba46d3f372a5f97de6 Mon Sep 17 00:00:00 2001
+From: Ulrich Sibiller <uli42@gmx.de>
+Date: Mon, 12 Aug 2019 23:11:34 +0200
+Subject: [PATCH] Screen.c: initialize RandR only on startup...
+
+... not on reconnect. After the reconnect RRCloseScreen was called
+twice which caused a double free. This was introduced with
+3b06ad51d91ff2b9442f159cddf34ed03bc2dd35
+
+Fixes ArcticaProject/nx-libs#833
+---
+ nx-X11/programs/Xserver/hw/nxagent/Screen.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+--- a/nx-X11/programs/Xserver/hw/nxagent/Screen.c
++++ b/nx-X11/programs/Xserver/hw/nxagent/Screen.c
+@@ -1702,14 +1702,14 @@
+ 
+     #define POSITION_OFFSET (pScreen->myNum * (nxagentOption(Width) + \
+                                nxagentOption(Height)) / 32)
+-  }
+ 
+-  /*
+-   * Complete the initialization of the RANDR
+-   * extension.
+-   */
++    /*
++     * Complete the initialization of the RANDR
++     * extension.
++     */
+ 
+-  nxagentInitRandRExtension(pScreen);
++    nxagentInitRandRExtension(pScreen);
++  }
+ 
+   #ifdef TEST
+   nxagentPrintAgentGeometry(NULL, "nxagentOpenScreen:");
diff -Nru nx-libs-3.5.99.19/debian/patches/series nx-libs-3.5.99.19/debian/patches/series
--- nx-libs-3.5.99.19/debian/patches/series	2019-06-22 11:49:12.000000000 +0200
+++ nx-libs-3.5.99.19/debian/patches/series	2019-09-16 16:30:50.000000000 +0200
@@ -25,6 +25,7 @@
 0042_mi-miexpose.c-add-missing-free.patch
 0049_xkb-fix-what-looks-to-be-a-copy-paste-error-with-fir.patch
 0050_Keyboard.c-fix-another-cppcheck-finding.patch
+0051-Screen.c-initialize-RandR-only-on-startup.patch
 2001_nx-X11_install-location.debian.patch
 2002_xserver-xext_set-securitypolicy-path.debian.patch
 2003_nxdialog-use-python3.patch

Reply to:

Prev by Date: Bug#940544: xrdp doesn't always start at boot (full install)
Next by Date: Bug#940104: x2goserver-x2goagent: x2goagent creates coredump after upgrate to Debian 10.1
Previous by thread: Bug#940544: xrdp doesn't always start at boot (full install)
Next by thread: Processing of nx-libs_3.5.99.19-3+deb10u2_source.changes
Index(es):
- Date
- Thread