X2Go Bug report logs - #879
CVE backports incomplete or wrong

Package: nx-libs; Maintainer for nx-libs is X2Go Developers <x2go-dev@lists.x2go.org>;

Reported by: Ulrich Sibiller <uli42@gmx.de>

Date: Thu, 21 May 2015 06:45:01 UTC

Severity: normal

Tags: fixed-upstream

Fixed in version 3.5.99.0

Done: Stefan Baur <X2Go-ML-1@baur-itcs.de>

Bug is archived. No further changes may be made.

Forwarded to https://github.com/ArcticaProject/nx-libs/issues/29

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#879; Package nx-libs. (Thu, 21 May 2015 06:45:01 GMT) (full text, mbox, link).

Acknowledgement sent to Ulrich Sibiller <uli42@gmx.de>:
New Bug report received and forwarded. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>. (Thu, 21 May 2015 06:45:02 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.x2go.org (full text, mbox, reply):

Package: nx-libs

Recently a lot of CVE fixes have been added to nx-libs.

E.g.
debian/patches/1027-render-check-request-size-before-reading-it-CVE.full.patch
and
debian/patches/1028-render-unvalidated-lengths-in-Render-extn.-swap.full.patch
add missing checks to nx-X11/programs/Xserver/render/render.c.

However, there's a file called
nx-X11/programs/Xserver/hw/nxagent/NXrender.c which is derived from
render.c and in that file those checks are missing, too.

(I suspect the original render/render.c is not used at all in favour
of hw/nxagent/NXrender.c but I am not 100% sure here.)

If render.c is used a all (I am not sure) the patches should be
extended to also fix NXrender.c.
If render.c is not used it should be removed and the patches should be
applied to NXrender.c instead.

There might be more cases like this, I only picked this one as an example.

Information forwarded to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#879; Package nx-libs. (Thu, 21 May 2015 08:20:02 GMT) (full text, mbox, link).

Acknowledgement sent to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>. (Thu, 21 May 2015 08:20:03 GMT) (full text, mbox, link).

Message #10 received at 879@bugs.x2go.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

Control: forwarded -1 https://github.com/ArcticaProject/nx-libs/issues/29

On Thu, May 21, 2015 at 08:43:37AM +0200, Ulrich Sibiller wrote:
> Package: nx-libs
> 
> Recently a lot of CVE fixes have been added to nx-libs.
> 
> E.g.
> debian/patches/1027-render-check-request-size-before-reading-it-CVE.full.patch
> and
> debian/patches/1028-render-unvalidated-lengths-in-Render-extn.-swap.full.patch
> add missing checks to nx-X11/programs/Xserver/render/render.c.
> 
> However, there's a file called
> nx-X11/programs/Xserver/hw/nxagent/NXrender.c which is derived from
> render.c and in that file those checks are missing, too.
> 
> (I suspect the original render/render.c is not used at all in favour
> of hw/nxagent/NXrender.c but I am not 100% sure here.)
> 
> If render.c is used a all (I am not sure) the patches should be
> extended to also fix NXrender.c.
> If render.c is not used it should be removed and the patches should be
> applied to NXrender.c instead.
> 
> There might be more cases like this, I only picked this one as an example.

Forwarded to nx-libs bug tracker [1] for nx-libs 3.6.x on Github.

@Mike#2: I assigned you to this task on Github. If you are not available
for this, please assign me again.

What Ulrich and I realized (in private comm) lately is that there are some files in hw/nxagent/ that are actually Xlib (extension) copies-of-code.

Thus, we need to double-maintain those code sections (I know, it is a mess and needs to be cleared up finally).

  o step A: build against libX* from X.Org
  o step B: be aware for code passages being libX* code, but copied to
    hw/nxagent/ and maintain those passages in hw/nxagent/ for now

Greets,
Mike

[1] https://github.com/ArcticaProject/nx-libs/issues/29

-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

[signature.asc (application/pgp-signature, inline)]

Set Bug forwarded-to-address to 'https://github.com/ArcticaProject/nx-libs/issues/29'. Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de> to 879-submit@bugs.x2go.org. (Thu, 21 May 2015 08:20:03 GMT) (full text, mbox, link).

Information forwarded to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#879; Package nx-libs. (Thu, 21 May 2015 11:30:01 GMT) (full text, mbox, link).

Acknowledgement sent to Ulrich Sibiller <uli42@gmx.de>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>. (Thu, 21 May 2015 11:30:02 GMT) (full text, mbox, link).

Message #17 received at 879@bugs.x2go.org (full text, mbox, reply):

On Thu, May 21, 2015 at 10:02 AM, Mike Gabriel
<mike.gabriel@das-netzwerkteam.de> wrote:
> Control: forwarded -1 https://github.com/ArcticaProject/nx-libs/issues/29

> Thus, we need to double-maintain those code sections (I know, it is a mess and needs to be cleared up finally).
>
>   o step A: build against libX* from X.Org
>   o step B: be aware for code passages being libX* code, but copied to
>     hw/nxagent/ and maintain those passages in hw/nxagent/ for now

I don't think this is limited to the X11 libraries. The mentioned
render.c is for the RENDER extension not the libXrender, I think. It
is built to render.o and included in librender.a. NXrender.c contains
the same functions (+ more) and is compiled to NXrender.o and included
into libnxagent.a. The nxagent binary is finally linked against
libnxagent.a and not librender.a (at least I have not found where that
could happen).

Uli

Information forwarded to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#879; Package nx-libs. (Sat, 20 Feb 2016 19:45:04 GMT) (full text, mbox, link).

Acknowledgement sent to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>. (Sat, 20 Feb 2016 19:45:04 GMT) (full text, mbox, link).

Message #22 received at 879@bugs.x2go.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

Control: fixed -1 3.5.99.0
Control: tag -1 fixed-upstream

On  Do 21 Mai 2015 13:29:05 CEST, Ulrich Sibiller wrote:

> On Thu, May 21, 2015 at 10:02 AM, Mike Gabriel
> <mike.gabriel@das-netzwerkteam.de> wrote:
>> Control: forwarded -1 https://github.com/ArcticaProject/nx-libs/issues/29
>
>> Thus, we need to double-maintain those code sections (I know, it is  
>> a mess and needs to be cleared up finally).
>>
>>   o step A: build against libX* from X.Org
>>   o step B: be aware for code passages being libX* code, but copied to
>>     hw/nxagent/ and maintain those passages in hw/nxagent/ for now
>
> I don't think this is limited to the X11 libraries. The mentioned
> render.c is for the RENDER extension not the libXrender, I think. It
> is built to render.o and included in librender.a. NXrender.c contains
> the same functions (+ more) and is compiled to NXrender.o and included
> into libnxagent.a. The nxagent binary is finally linked against
> libnxagent.a and not librender.a (at least I have not found where that
> could happen).
>
> Uli

Just for the record. This issue has been resolved on the 3.6.x branch  
of nx-libs.

Mike
-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/mailxchange/kronolith/fb.php?u=m.gabriel%40das-netzwerkteam.de

[Message part 2 (application/pgp-signature, inline)]

Marked as fixed in versions 3.5.99.0. Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de> to 879-submit@bugs.x2go.org. (Sat, 20 Feb 2016 19:45:05 GMT) (full text, mbox, link).

Added tag(s) fixed-upstream. Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de> to 879-submit@bugs.x2go.org. (Sat, 20 Feb 2016 19:45:05 GMT) (full text, mbox, link).

Acknowledgement sent to Stefan Baur <X2Go-ML-1@baur-itcs.de>:
Extra info received and filed, but not forwarded. (Tue, 30 Jan 2024 22:00:07 GMT) (full text, mbox, link).

Message #29 received at 879-quiet@bugs.x2go.org (full text, mbox, reply):

Control: close -1
Control: archive -1

This bug has long since been moved to the Arctica Project Github issue 
tracker.

Kind Regards,
Stefan Baur
-- 
BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243

Marked Bug as done Request was from Stefan Baur <X2Go-ML-1@baur-itcs.de> to 879-quiet@bugs.x2go.org. (Tue, 30 Jan 2024 22:00:07 GMT) (full text, mbox, link).

Notification sent to Ulrich Sibiller <uli42@gmx.de>:
Bug acknowledged by developer. (Tue, 30 Jan 2024 22:00:07 GMT) (full text, mbox, link).

Bug archived. Request was from Stefan Baur <X2Go-ML-1@baur-itcs.de> to 879-quiet@bugs.x2go.org. (Tue, 30 Jan 2024 22:00:07 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

X2Go Developers <owner@bugs.x2go.org>. Last modified: Thu Nov 21 11:53:10 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

X2Go Bug report logs - #879 CVE backports incomplete or wrong

X2Go Bug report logs - #879
CVE backports incomplete or wrong