Package: release.debian.org Severity: important Tags: buster User: [email protected] Usertags: pu
Dear release team, I just uploaded a regression fix of nx-libs to Debian buster (+deb10u2). A severe issue had been discovered that slipped through my awareness filter (I am sorry for this!): + * debian/patches: + + Fix 0033_Screen.c-fix-two-memleaks.patch. Was not fully cherry-picked. + Fixes double free issue. (Closes: #940103). -> The nxagent Xserver of the current nx-libs version (+deb10u1) in buster (10.1) segfaults with a double free issue immediately after session startup. This makes the nxagent unusable and entirely breaks X2Go Server. Test-wise, this can be reproduced by launching "nxagent -ac :1" locally (in nested mode). ``` [...] NXAGENT - Version 3.5.99.19 Copyright (c) 2001, 2011 NoMachine (http://www.nomachine.com) Copyright (c) 2008-2014 Oleksandr Shneyder <[email protected]> Copyright (c) 2011-2016 Mike Gabriel <[email protected]> Copyright (c) 2014-2016 Ulrich Sibiller <[email protected]> Copyright (c) 2014-2016 Mihai Moldovan <[email protected]> Copyright (c) 2015-2016 Qindel Group (http://www.qindel.com) See https://github.com/ArcticaProject/nx-libs for more information. Info: Agent running with pid '18512'. Session: Starting session at 'Tue Sep 17 09:13:39 2019'. free(): double free detected in tcache 2 Aborted ``` Fixing this issue is highly pressing, so I'd like to ask to get this into Debian buster before the next point release, that is: asap. Sorry, for causing this hassle. + * debian/patches: + + Add 0051-Screen.c-initialize-RandR-only-on-startup.patch. Regression + fix introduced with +deb10u1 upload (by patch 0014). -> Upstream also fixed another double free issue, also introduced by a patch that got added with +deb10u1. This problem has not been so obvious, it only occurs when resuming a suspended session. Resuming sessions is one of X2Go's core features, so it would be good getting this fixed in buster asap, too. Thanks + sorry for the inconvenience. Mike -- System Information: Debian Release: 10.1 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
diff -Nru nx-libs-3.5.99.19/debian/changelog nx-libs-3.5.99.19/debian/changelog --- nx-libs-3.5.99.19/debian/changelog 2019-06-22 11:49:12.000000000 +0200 +++ nx-libs-3.5.99.19/debian/changelog 2019-09-16 16:30:50.000000000 +0200 @@ -1,3 +1,13 @@ +nx-libs (2:3.5.99.19-3+deb10u2) buster; urgency=medium + + * debian/patches: + + Fix 0033_Screen.c-fix-two-memleaks.patch. Was not fully cherry-picked. + Fixes double free issue. (Closes: #940103). + + Add 0051-Screen.c-initialize-RandR-only-on-startup.patch. Regression + fix introduced with +deb10u1 upload (by patch 0014). + + -- Mike Gabriel <[email protected]> Mon, 16 Sep 2019 16:30:50 +0200 + nx-libs (2:3.5.99.19-3+deb10u1) buster; urgency=medium * Patch backport of upstream's memleak-hunt... diff -Nru nx-libs-3.5.99.19/debian/patches/0033_Screen.c-fix-two-memleaks.patch nx-libs-3.5.99.19/debian/patches/0033_Screen.c-fix-two-memleaks.patch --- nx-libs-3.5.99.19/debian/patches/0033_Screen.c-fix-two-memleaks.patch 2019-06-22 11:49:12.000000000 +0200 +++ nx-libs-3.5.99.19/debian/patches/0033_Screen.c-fix-two-memleaks.patch 2019-09-16 16:30:50.000000000 +0200 @@ -46,16 +46,24 @@ return FALSE; } -@@ -1399,7 +1414,7 @@ - free(pScreen->allowedDepths[i].vids); - } - +@@ -1391,15 +1406,7 @@ + * by fbScreenInit with our own. + */ + +- for (int i = 0; i < pScreen->numDepths; i++) +- { +- #ifdef DEBUG +- fprintf(stderr, "%s: depth [%d] index [%d] vids [%p]\n", __func__, pScreen->allowedDepths[i].depth, i, (void*) pScreen->allowedDepths[i].vids); +- #endif +- free(pScreen->allowedDepths[i].vids); +- } +- - free(pScreen -> allowedDepths); + freeDepths(pScreen->allowedDepths, pScreen->numDepths); pScreen -> allowedDepths = depths; pScreen -> numDepths = numDepths; pScreen -> rootDepth = rootDepth; -@@ -2146,11 +2161,8 @@ +@@ -2146,11 +2153,8 @@ * them again. */ @@ -69,7 +77,7 @@ pScreen->numDepths = 0; -@@ -2160,7 +2172,6 @@ +@@ -2160,7 +2164,6 @@ free(((PixmapPtr)pScreen -> devPrivate) -> devPrivate.ptr); free(pScreen->devPrivate);pScreen->devPrivate = NULL; diff -Nru nx-libs-3.5.99.19/debian/patches/0051-Screen.c-initialize-RandR-only-on-startup.patch nx-libs-3.5.99.19/debian/patches/0051-Screen.c-initialize-RandR-only-on-startup.patch --- nx-libs-3.5.99.19/debian/patches/0051-Screen.c-initialize-RandR-only-on-startup.patch 1970-01-01 01:00:00.000000000 +0100 +++ nx-libs-3.5.99.19/debian/patches/0051-Screen.c-initialize-RandR-only-on-startup.patch 2019-09-16 16:30:50.000000000 +0200 @@ -0,0 +1,37 @@ +From a7abd45a82737bfcba7af6ba46d3f372a5f97de6 Mon Sep 17 00:00:00 2001 +From: Ulrich Sibiller <[email protected]> +Date: Mon, 12 Aug 2019 23:11:34 +0200 +Subject: [PATCH] Screen.c: initialize RandR only on startup... + +... not on reconnect. After the reconnect RRCloseScreen was called +twice which caused a double free. This was introduced with +3b06ad51d91ff2b9442f159cddf34ed03bc2dd35 + +Fixes ArcticaProject/nx-libs#833 +--- + nx-X11/programs/Xserver/hw/nxagent/Screen.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +--- a/nx-X11/programs/Xserver/hw/nxagent/Screen.c ++++ b/nx-X11/programs/Xserver/hw/nxagent/Screen.c +@@ -1702,14 +1702,14 @@ + + #define POSITION_OFFSET (pScreen->myNum * (nxagentOption(Width) + \ + nxagentOption(Height)) / 32) +- } + +- /* +- * Complete the initialization of the RANDR +- * extension. +- */ ++ /* ++ * Complete the initialization of the RANDR ++ * extension. ++ */ + +- nxagentInitRandRExtension(pScreen); ++ nxagentInitRandRExtension(pScreen); ++ } + + #ifdef TEST + nxagentPrintAgentGeometry(NULL, "nxagentOpenScreen:"); diff -Nru nx-libs-3.5.99.19/debian/patches/series nx-libs-3.5.99.19/debian/patches/series --- nx-libs-3.5.99.19/debian/patches/series 2019-06-22 11:49:12.000000000 +0200 +++ nx-libs-3.5.99.19/debian/patches/series 2019-09-16 16:30:50.000000000 +0200 @@ -25,6 +25,7 @@ 0042_mi-miexpose.c-add-missing-free.patch 0049_xkb-fix-what-looks-to-be-a-copy-paste-error-with-fir.patch 0050_Keyboard.c-fix-another-cppcheck-finding.patch +0051-Screen.c-initialize-RandR-only-on-startup.patch 2001_nx-X11_install-location.debian.patch 2002_xserver-xext_set-securitypolicy-path.debian.patch 2003_nxdialog-use-python3.patch
