Your message dated Sat, 03 Jul 2021 20:20:02 +0000 with message-id <E1lzm7O-0003Q3-7o@fasolo.debian.org> and subject line Bug#990647: fixed in nx-libs 2:3.5.99.26-2 has caused the Debian Bug report #990647, regarding nxagent: in Compext.c: fix comparisons of 16bit sequence numbers to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 990647: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990647 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: nxagent: in Compext.c: fix comparisons of 16bit sequence numbers
- From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
- Date: Sat, 03 Jul 2021 19:03:00 +0000
- Message-id: <[🔎] 20210703190300.Horde.7SfSYitfKYYE7imSzNZGBcY@mail.das-netzwerkteam.de>
Package: nxagent Severity: important Version: 3.5.99.26-1 Tags: patchIn Compext.c a flawed comparison has been discovered lately by Ulrich Sibiller and Norm Green.From the commit message: ``` rep->generic.sequenceNumber is of type CARD16 state->sequence is of type unsigned long Converting state->sequence to an int as it has been done since the first version of nxcomp I know of (1.3.0-18 from 2003) is wrong here because for numbers > INT_MAX this will result in a negative number, which, after applying the 16bit modulo, will not match rep->generic.sequenceNumber. Example with numbers: CARD16 c = 24565 unsigned long u = 3179110389 c % 65536 = 24565 u % 65536 = 24565 (int)(u) = -1115856907 (int)(u) % 65536 = -40971 -40971 will not match 24565 To fix this we need to ensure the number stays positive. We use CARD16 for this to match the type in the request which is a 16bit number. On my system CARD16 is unsigned short which is guaranteed to contain _at least_ the 0-65,535 range. As there is no upper limit of the range we cannot drop the modulo because we need this value to be 16bit and not more. Thanks to Norm Green for providing log after log until we could finally identify the reason for him seeing "Xlib: unexpected async reply (sequence 0x94b01439)!" when pasting stopped working. ``` Patch for this has been attached. Mike -- DAS-NETZWERKTEAM c\o Technik- und Ökologiezentrum Eckernförde Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde mobile: +49 (1520) 1976 148 landline: +49 (4351) 850 8940 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de>From 1b4ebce2ce8ef29c01bd124ed56c9d6a14c9a82d Mon Sep 17 00:00:00 2001 From: Ulrich Sibiller <uli42@gmx.de> Date: Wed, 17 Mar 2021 22:17:55 +0100 Subject: [PATCH] Compext.c: fix comparisons of 16bit sequence numbers rep->generic.sequenceNumber is of type CARD16 state->sequence is of type unsigned long Converting state->sequence to an int as it has been done since the first version of nxcomp I know of (1.3.0-18 from 2003) is wrong here because for numbers > INT_MAX this will result in a negative number, which, after applying the 16bit modulo, will not match rep->generic.sequenceNumber. Example with numbers: CARD16 c = 24565 unsigned long u = 3179110389 c % 65536 = 24565 u % 65536 = 24565 (int)(u) = -1115856907 (int)(u) % 65536 = -40971 -40971 will not match 24565 To fix this we need to ensure the number stays positive. We use CARD16 for this to match the type in the request which is a 16bit number. On my system CARD16 is unsigned short which is guaranteed to contain _at least_ the 0-65,535 range. As there is no upper limit of the range we cannot drop the modulo because we need this value to be 16bit and not more. Thanks to Norm Green for providing log after log until we could finally identify the reason for him seeing "Xlib: unexpected async reply (sequence 0x94b01439)!" when pasting stopped working. Signed-off-by: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> --- nx-X11/programs/Xserver/hw/nxagent/compext/Compext.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/nx-X11/programs/Xserver/hw/nxagent/compext/Compext.c b/nx-X11/programs/Xserver/hw/nxagent/compext/Compext.c index 4a8dacaf4..7a6cb9e30 100644 --- a/nx-X11/programs/Xserver/hw/nxagent/compext/Compext.c +++ b/nx-X11/programs/Xserver/hw/nxagent/compext/Compext.c @@ -3435,7 +3435,7 @@ static Bool _NXCollectImageHandler(Display *dpy, xReply *rep, char *buf, state = (_NXCollectImageState *) data; if ((rep -> generic.sequenceNumber % 65536) != - ((int)(state -> sequence) % 65536)) + ((CARD16)(state -> sequence) % 65536)) { #ifdef TEST fprintf(stderr, "******_NXCollectImageHandler: Unmatched sequence [%d] for opcode [%d] " @@ -3819,7 +3819,7 @@ static Bool _NXCollectPropertyHandler(Display *dpy, xReply *rep, char *buf, state = (_NXCollectPropertyState *) data; if ((rep -> generic.sequenceNumber % 65536) != - ((int)(state -> sequence) % 65536)) + ((CARD16)(state -> sequence) % 65536)) { #ifdef TEST fprintf(stderr, "******_NXCollectPropertyHandler: Unmatched sequence [%d] for opcode [%d] " @@ -4173,7 +4173,7 @@ static Bool _NXCollectGrabPointerHandler(Display *dpy, xReply *rep, char *buf, state = (_NXCollectGrabPointerState *) data; if ((rep -> generic.sequenceNumber % 65536) != - ((int)(state -> sequence) % 65536)) + ((CARD16)(state -> sequence) % 65536)) { #ifdef TEST fprintf(stderr, "******_NXCollectGrabPointerHandler: Unmatched sequence [%d] for opcode [%d] " @@ -4447,7 +4447,7 @@ static Bool _NXCollectInputFocusHandler(Display *dpy, xReply *rep, char *buf, state = (_NXCollectInputFocusState *) data; if ((rep -> generic.sequenceNumber % 65536) != - ((int)(state -> sequence) % 65536)) + ((CARD16)(state -> sequence) % 65536)) { #ifdef TEST fprintf(stderr, "******_NXCollectInputFocusHandler: Unmatched sequence [%d] for opcode [%d] " -- 2.30.2Attachment: pgpUz8FlSd7bX.pgp
Description: Digitale PGP-Signatur
--- End Message ---
--- Begin Message ---
- To: 990647-close@bugs.debian.org
- Subject: Bug#990647: fixed in nx-libs 2:3.5.99.26-2
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sat, 03 Jul 2021 20:20:02 +0000
- Message-id: <E1lzm7O-0003Q3-7o@fasolo.debian.org>
- Reply-to: Mike Gabriel <sunweaver@debian.org>
Source: nx-libs Source-Version: 2:3.5.99.26-2 Done: Mike Gabriel <sunweaver@debian.org> We believe that the bug you reported is fixed in the latest version of nx-libs, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 990647@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mike Gabriel <sunweaver@debian.org> (supplier of updated nx-libs package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 03 Jul 2021 20:42:32 +0200 Source: nx-libs Architecture: source Version: 2:3.5.99.26-2 Distribution: unstable Urgency: medium Maintainer: Debian Remote Maintainers <debian-remote@lists.debian.org> Changed-By: Mike Gabriel <sunweaver@debian.org> Closes: 990647 990649 990650 Changes: nx-libs (2:3.5.99.26-2) unstable; urgency=medium . * debian/patches: + Add 0001_Compext.c-fix-comparisons-of-16bit-sequence-numbers.patch. Compext.c: fix comparisons of 16bit sequence numbers. (Closes: #990647). + Add 0002_Forward-ClientMessages-to-nxproxy-side.patch. Forward ClientMessages to nxproxy side. (Closes: #990649). + Add 0003_randr-Do-not-update-ConnectionInfo-if-NULL.patch. randr: Do not update ConnectionInfo if NULL (and avoid the nxagent Xserver from crashing). (Closes: #990650). + Add 0004_document-additional-options-only-nxagent-knows-about.patch. Update man page and --help documentation of nxproxy/nxagent. + Adjust 0004_document-additional-options-only-nxagent-knows-about.patch. Version 3.5.99.26 does not yet have the textclipboard=<bool> session parameter. Checksums-Sha1: 927a53cc9b3fcf37eac92e2713ffdb48f79b1303 3958 nx-libs_3.5.99.26-2.dsc 7701795d92cf265cfa6771bef5f7be329ccde778 55736 nx-libs_3.5.99.26-2.debian.tar.xz b37db445507f9b3cc6ca948a8ce95801729e0d42 8071 nx-libs_3.5.99.26-2_source.buildinfo Checksums-Sha256: 2707d4785544de4238b5f5598223b5adfcd73a88aa2f546481435da0e3ff8088 3958 nx-libs_3.5.99.26-2.dsc e2faab033a134e81f49e4d075ee63aa701462654e4568611bbbea652d6647607 55736 nx-libs_3.5.99.26-2.debian.tar.xz c406ebae243d0c50d6c1bc6b10835b0dcb6c090786fade1dcb10ce361d4f0ba0 8071 nx-libs_3.5.99.26-2_source.buildinfo Files: 61802b1b6188d583f02997e41c558c94 3958 x11 optional nx-libs_3.5.99.26-2.dsc 56303f7587e6708b55798f8914a42615 55736 x11 optional nx-libs_3.5.99.26-2.debian.tar.xz 8d3c22aae27f9406abd5a05b161fc1b4 8071 x11 optional nx-libs_3.5.99.26-2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAmDgwxgVHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxWY4QAICQYSV93PjF1GwXKW3bTNfrPNav kTsa/GeB6QA5zgPSc+gt3Hp/Wdn7D+qOZR5M/kldgFnAVbo1QqDSAF+PI4FTkUjS 7RK/F4/2vgVe9N2oAq8Q7vW1ns+438sibBji1j8f5Fwuim51YHy69kFpVIe8qOi5 mA0PDlDDV4s4CGr2xk6pBk+x/GwoGbcm7rAiOM/hvAU2/av3z5ZSpGHBC4SMpBhc y9SPtqPes1VeuFFd+jLZqz4595mfUsEZTKZGtOKdZkIRSTfZz2kn4G/ELUOYTZL8 +0kh5Db5OcaDOP/eiphcsAsV9MSFmHue4pmvE99vOe0fOWXE0H8JFdEXbJFGDPcR 4nY/5loc6Js10Gmvl854au7X6Gbuj1PMlGtS8scfmJegaExgBCQ3POrsapgq2RdP 0WbYo90psNkn227+klIykeEJdPYfwWEPaOmqUZib+zXGCdTKaANvV7+0WB/nFgXo xZAP2WJtzblP6kgbSoHKJOyt/Veh3NtTu+jqRujnJd31WUQpy3x+mpG5kl9sVpvI tUp0RBnfvXw0N7RO5sKBi83T3MUeO6VUX9rPyyz5VjinMs0VOEYsFtE1xrVaEVyu bhFryKt5hJeLJyAStIJXZ+TacnPcfWssX+8U8N0cp83wQxbmBjdGH6Z1+jJlw2E1 R9L9mkOxw8UAscHp =ipHS -----END PGP SIGNATURE-----
--- End Message ---