Package: nx-libs
Recently a lot of CVE fixes have been added to nx-libs.
E.g. debian/patches/1027-render-check-request-size-before-reading-it-CVE.full.patch and debian/patches/1028-render-unvalidated-lengths-in-Render-extn.-swap.full.patch add missing checks to nx-X11/programs/Xserver/render/render.c.
However, there's a file called nx-X11/programs/Xserver/hw/nxagent/NXrender.c which is derived from render.c and in that file those checks are missing, too.
(I suspect the original render/render.c is not used at all in favour of hw/nxagent/NXrender.c but I am not 100% sure here.)
If render.c is used a all (I am not sure) the patches should be extended to also fix NXrender.c. If render.c is not used it should be removed and the patches should be applied to NXrender.c instead.
There might be more cases like this, I only picked this one as an example.
Control: forwarded -1 https://github.com/ArcticaProject/nx-libs/issues/29
On Thu, May 21, 2015 at 08:43:37AM +0200, Ulrich Sibiller wrote:
Package: nx-libs
Recently a lot of CVE fixes have been added to nx-libs.
E.g. debian/patches/1027-render-check-request-size-before-reading-it-CVE.full.patch and debian/patches/1028-render-unvalidated-lengths-in-Render-extn.-swap.full.patch add missing checks to nx-X11/programs/Xserver/render/render.c.
However, there's a file called nx-X11/programs/Xserver/hw/nxagent/NXrender.c which is derived from render.c and in that file those checks are missing, too.
(I suspect the original render/render.c is not used at all in favour of hw/nxagent/NXrender.c but I am not 100% sure here.)
If render.c is used a all (I am not sure) the patches should be extended to also fix NXrender.c. If render.c is not used it should be removed and the patches should be applied to NXrender.c instead.
There might be more cases like this, I only picked this one as an example.
Forwarded to nx-libs bug tracker [1] for nx-libs 3.6.x on Github.
@Mike#2: I assigned you to this task on Github. If you are not available for this, please assign me again.
What Ulrich and I realized (in private comm) lately is that there are some files in hw/nxagent/ that are actually Xlib (extension) copies-of-code.
Thus, we need to double-maintain those code sections (I know, it is a mess and needs to be cleared up finally).
o step A: build against libX* from X.Org o step B: be aware for code passages being libX* code, but copied to hw/nxagent/ and maintain those passages in hw/nxagent/ for now
Greets, Mike
[1] https://github.com/ArcticaProject/nx-libs/issues/29
--
DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
On Thu, May 21, 2015 at 10:02 AM, Mike Gabriel <mike.gabriel@das-netzwerkteam.de> wrote:
Control: forwarded -1 https://github.com/ArcticaProject/nx-libs/issues/29
Thus, we need to double-maintain those code sections (I know, it is a mess and needs to be cleared up finally).
o step A: build against libX* from X.Org o step B: be aware for code passages being libX* code, but copied to hw/nxagent/ and maintain those passages in hw/nxagent/ for now
I don't think this is limited to the X11 libraries. The mentioned render.c is for the RENDER extension not the libXrender, I think. It is built to render.o and included in librender.a. NXrender.c contains the same functions (+ more) and is compiled to NXrender.o and included into libnxagent.a. The nxagent binary is finally linked against libnxagent.a and not librender.a (at least I have not found where that could happen).
Uli
Control: fixed -1 3.5.99.0 Control: tag -1 fixed-upstream
On Do 21 Mai 2015 13:29:05 CEST, Ulrich Sibiller wrote:
On Thu, May 21, 2015 at 10:02 AM, Mike Gabriel <mike.gabriel@das-netzwerkteam.de> wrote:
Control: forwarded -1 https://github.com/ArcticaProject/nx-libs/issues/29
Thus, we need to double-maintain those code sections (I know, it is
a mess and needs to be cleared up finally).o step A: build against libX* from X.Org o step B: be aware for code passages being libX* code, but copied to hw/nxagent/ and maintain those passages in hw/nxagent/ for now
I don't think this is limited to the X11 libraries. The mentioned render.c is for the RENDER extension not the libXrender, I think. It is built to render.o and included in librender.a. NXrender.c contains the same functions (+ more) and is compiled to NXrender.o and included into libnxagent.a. The nxagent binary is finally linked against libnxagent.a and not librender.a (at least I have not found where that could happen).
Uli
Just for the record. This issue has been resolved on the 3.6.x branch
of nx-libs.
DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.de/mailxchange/kronolith/fb.php?u=m.gabriel%40...
Processing control commands:
forwarded -1 https://github.com/ArcticaProject/nx-libs/issues/29 Bug #879 [nx-libs] CVE backports incomplete or wrong Set Bug forwarded-to-address to 'https://github.com/ArcticaProject/nx-libs/issues/29'.
-- 879: http://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=879 X2Go Bug Tracking System Contact owner@bugs.x2go.org with problems
Processing control commands:
fixed -1 3.5.99.0 Bug #879 [nx-libs] CVE backports incomplete or wrong There is no source info for the package 'nx-libs' at version '3.5.99.0' with architecture '' Unable to make a source version for version '3.5.99.0' Marked as fixed in versions 3.5.99.0. tag -1 fixed-upstream Bug #879 [nx-libs] CVE backports incomplete or wrong Added tag(s) fixed-upstream.
-- 879: http://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=879 X2Go Bug Tracking System Contact owner@bugs.x2go.org with problems
Processing control commands:
close -1 Bug #879 [nx-libs] CVE backports incomplete or wrong Marked Bug as done archive -1 Bug #879 {Done: Stefan Baur <X2Go-ML-1@baur-itcs.de>} [nx-libs] CVE backports incomplete or wrong archived 879 to archive/79 (from 879)
-- 879: https://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=879 X2Go Bug Tracking System Contact owner@bugs.x2go.org with problems