1 |
commit: 5ae4ada68cdf7aa131d7a50c9305b55ba14fcd43 |
2 |
Author: Alexander Tsoy <alexander <AT> tsoy <DOT> me> |
3 |
AuthorDate: Thu Oct 31 18:41:58 2019 +0000 |
4 |
Commit: Joonas Niilola <juippis <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Nov 1 14:10:59 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5ae4ada6 |
7 |
|
8 |
net-libs/libvncserver: Add a bunch of upstream fixes |
9 |
|
10 |
* fix CVE-2018-20750 (the fix for CVE-2018-15127 was incomplete) |
11 |
* fix CVE-2019-15681 |
12 |
* fix libdir in pkgconfig files |
13 |
* fix regression in Tight/Raw decoding |
14 |
|
15 |
Bug: https://bugs.gentoo.org/699036 |
16 |
Closes: https://bugs.gentoo.org/676942 |
17 |
Closes: https://bugs.gentoo.org/691848 |
18 |
Package-Manager: Portage-2.3.76, Repoman-2.3.16 |
19 |
Signed-off-by: Alexander Tsoy <alexander <AT> tsoy.me> |
20 |
Closes: https://github.com/gentoo/gentoo/pull/13509 |
21 |
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org> |
22 |
|
23 |
.../files/libvncserver-0.9.12-CVE-2018-20750.patch | 47 ++++++++++++++ |
24 |
.../files/libvncserver-0.9.12-CVE-2019-15681.patch | 26 ++++++++ |
25 |
.../files/libvncserver-0.9.12-cmake-libdir.patch | 32 ++++++++-- |
26 |
...ibvncserver-0.9.12-fix-tight-raw-decoding.patch | 40 ++++++++++++ |
27 |
.../libvncserver-0.9.12-pkgconfig-libdir.patch | 41 ++++++++++++ |
28 |
.../libvncserver/libvncserver-0.9.12-r3.ebuild | 73 ++++++++++++++++++++++ |
29 |
6 files changed, 255 insertions(+), 4 deletions(-) |
30 |
|
31 |
diff --git a/net-libs/libvncserver/files/libvncserver-0.9.12-CVE-2018-20750.patch b/net-libs/libvncserver/files/libvncserver-0.9.12-CVE-2018-20750.patch |
32 |
new file mode 100644 |
33 |
index 00000000000..55f122d1258 |
34 |
--- /dev/null |
35 |
+++ b/net-libs/libvncserver/files/libvncserver-0.9.12-CVE-2018-20750.patch |
36 |
@@ -0,0 +1,47 @@ |
37 |
+From 09e8fc02f59f16e2583b34fe1a270c238bd9ffec Mon Sep 17 00:00:00 2001 |
38 |
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@××××××.com> |
39 |
+Date: Mon, 7 Jan 2019 10:40:01 +0100 |
40 |
+Subject: [PATCH 01/51] Limit lenght to INT_MAX bytes in |
41 |
+ rfbProcessFileTransferReadBuffer() |
42 |
+ |
43 |
+This ammends 15bb719c03cc70f14c36a843dcb16ed69b405707 fix for a heap |
44 |
+out-of-bound write access in rfbProcessFileTransferReadBuffer() when |
45 |
+reading a transfered file content in a server. The former fix did not |
46 |
+work on platforms with a 32-bit int type (expected by rfbReadExact()). |
47 |
+ |
48 |
+CVE-2018-15127 |
49 |
+<https://github.com/LibVNC/libvncserver/issues/243> |
50 |
+<https://github.com/LibVNC/libvncserver/issues/273> |
51 |
+--- |
52 |
+ libvncserver/rfbserver.c | 7 ++++++- |
53 |
+ 1 file changed, 6 insertions(+), 1 deletion(-) |
54 |
+ |
55 |
+diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c |
56 |
+index 7af8490..f2edbee 100644 |
57 |
+--- a/libvncserver/rfbserver.c |
58 |
++++ b/libvncserver/rfbserver.c |
59 |
+@@ -88,6 +88,8 @@ |
60 |
+ #include <errno.h> |
61 |
+ /* strftime() */ |
62 |
+ #include <time.h> |
63 |
++/* INT_MAX */ |
64 |
++#include <limits.h> |
65 |
+ |
66 |
+ #ifdef LIBVNCSERVER_WITH_WEBSOCKETS |
67 |
+ #include "rfbssl.h" |
68 |
+@@ -1472,8 +1474,11 @@ char *rfbProcessFileTransferReadBuffer(rfbClientPtr cl, uint32_t length) |
69 |
+ 0XFFFFFFFF, i.e. SIZE_MAX for 32-bit systems. On 64-bit systems, a length of 0XFFFFFFFF |
70 |
+ will safely be allocated since this check will never trigger and malloc() can digest length+1 |
71 |
+ without problems as length is a uint32_t. |
72 |
++ We also later pass length to rfbReadExact() that expects a signed int type and |
73 |
++ that might wrap on platforms with a 32-bit int type if length is bigger |
74 |
++ than 0X7FFFFFFF. |
75 |
+ */ |
76 |
+- if(length == SIZE_MAX) { |
77 |
++ if(length == SIZE_MAX || length > INT_MAX) { |
78 |
+ rfbErr("rfbProcessFileTransferReadBuffer: too big file transfer length requested: %u", (unsigned int)length); |
79 |
+ rfbCloseClient(cl); |
80 |
+ return NULL; |
81 |
+-- |
82 |
+2.23.0 |
83 |
+ |
84 |
|
85 |
diff --git a/net-libs/libvncserver/files/libvncserver-0.9.12-CVE-2019-15681.patch b/net-libs/libvncserver/files/libvncserver-0.9.12-CVE-2019-15681.patch |
86 |
new file mode 100644 |
87 |
index 00000000000..301d1340d14 |
88 |
--- /dev/null |
89 |
+++ b/net-libs/libvncserver/files/libvncserver-0.9.12-CVE-2019-15681.patch |
90 |
@@ -0,0 +1,26 @@ |
91 |
+From d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a Mon Sep 17 00:00:00 2001 |
92 |
+From: Christian Beier <dontmind@×××××××××.org> |
93 |
+Date: Mon, 19 Aug 2019 22:32:25 +0200 |
94 |
+Subject: [PATCH 48/51] rfbserver: don't leak stack memory to the remote |
95 |
+ |
96 |
+Thanks go to Pavel Cheremushkin of Kaspersky for reporting. |
97 |
+--- |
98 |
+ libvncserver/rfbserver.c | 2 ++ |
99 |
+ 1 file changed, 2 insertions(+) |
100 |
+ |
101 |
+diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c |
102 |
+index 3bacc89..310e548 100644 |
103 |
+--- a/libvncserver/rfbserver.c |
104 |
++++ b/libvncserver/rfbserver.c |
105 |
+@@ -3724,6 +3724,8 @@ rfbSendServerCutText(rfbScreenInfoPtr rfbScreen,char *str, int len) |
106 |
+ rfbServerCutTextMsg sct; |
107 |
+ rfbClientIteratorPtr iterator; |
108 |
+ |
109 |
++ memset((char *)&sct, 0, sizeof(sct)); |
110 |
++ |
111 |
+ iterator = rfbGetClientIterator(rfbScreen); |
112 |
+ while ((cl = rfbClientIteratorNext(iterator)) != NULL) { |
113 |
+ sct.type = rfbServerCutText; |
114 |
+-- |
115 |
+2.23.0 |
116 |
+ |
117 |
|
118 |
diff --git a/net-libs/libvncserver/files/libvncserver-0.9.12-cmake-libdir.patch b/net-libs/libvncserver/files/libvncserver-0.9.12-cmake-libdir.patch |
119 |
index 35ee26dc7b0..cc6e4bdc909 100644 |
120 |
--- a/net-libs/libvncserver/files/libvncserver-0.9.12-cmake-libdir.patch |
121 |
+++ b/net-libs/libvncserver/files/libvncserver-0.9.12-cmake-libdir.patch |
122 |
@@ -1,6 +1,27 @@ |
123 |
---- libvncserver-LibVNCServer-0.9.12/CMakeLists.txt |
124 |
-+++ libvncserver-LibVNCServer-0.9.12/CMakeLists.txt |
125 |
-@@ -666,8 +666,8 @@ |
126 |
+From 3348a7e42e86dfb98dd7458ad29def476cf6096f Mon Sep 17 00:00:00 2001 |
127 |
+From: Christian Beier <dontmind@×××××××××.org> |
128 |
+Date: Sat, 9 Feb 2019 13:23:26 +0100 |
129 |
+Subject: [PATCH 02/51] CMake: replace hardcoded 'lib' with |
130 |
+ ${CMAKE_INSTALL_LIBDIR} |
131 |
+ |
132 |
+Closes #281 |
133 |
+--- |
134 |
+ CMakeLists.txt | 7 ++++--- |
135 |
+ 1 file changed, 4 insertions(+), 3 deletions(-) |
136 |
+ |
137 |
+diff --git a/CMakeLists.txt b/CMakeLists.txt |
138 |
+index 873cc7b..55f7e65 100644 |
139 |
+--- a/CMakeLists.txt |
140 |
++++ b/CMakeLists.txt |
141 |
+@@ -9,6 +9,7 @@ include(CheckTypeSize) |
142 |
+ include(TestBigEndian) |
143 |
+ include(CheckCSourceCompiles) |
144 |
+ include(CheckCSourceRuns) |
145 |
++include(GNUInstallDirs) |
146 |
+ |
147 |
+ enable_testing() |
148 |
+ |
149 |
+@@ -666,8 +667,8 @@ get_link_libraries(PRIVATE_LIBS vncclient) |
150 |
configure_file(${CMAKE_CURRENT_SOURCE_DIR}/libvncclient.pc.cmakein ${CMAKE_CURRENT_BINARY_DIR}/libvncclient.pc @ONLY) |
151 |
|
152 |
|
153 |
@@ -11,7 +32,7 @@ |
154 |
install_files(/include/rfb FILES |
155 |
rfb/keysym.h |
156 |
rfb/rfb.h |
157 |
-@@ -677,7 +677,7 @@ |
158 |
+@@ -677,7 +678,7 @@ install_files(/include/rfb FILES |
159 |
rfb/rfbregion.h |
160 |
) |
161 |
|
162 |
@@ -20,3 +41,6 @@ |
163 |
libvncserver.pc |
164 |
libvncclient.pc |
165 |
) |
166 |
+-- |
167 |
+2.23.0 |
168 |
+ |
169 |
|
170 |
diff --git a/net-libs/libvncserver/files/libvncserver-0.9.12-fix-tight-raw-decoding.patch b/net-libs/libvncserver/files/libvncserver-0.9.12-fix-tight-raw-decoding.patch |
171 |
new file mode 100644 |
172 |
index 00000000000..e862d634346 |
173 |
--- /dev/null |
174 |
+++ b/net-libs/libvncserver/files/libvncserver-0.9.12-fix-tight-raw-decoding.patch |
175 |
@@ -0,0 +1,40 @@ |
176 |
+From 6b87d6154200667a66212f80068f7468eaa0f048 Mon Sep 17 00:00:00 2001 |
177 |
+From: DRC <information@×××××××××.org> |
178 |
+Date: Sat, 28 Sep 2019 14:54:30 -0500 |
179 |
+Subject: [PATCH 50/51] LibVNCClient: Fix regression in Tight/Raw decoding |
180 |
+ |
181 |
+Introduced by d7b1462 in LibVNCServer 0.9.12. This regression caused |
182 |
+the pixels in some RFB rectangles to become corrupted/garbled when the |
183 |
+Tight encoding was used, without the JPEG subencoding, with a 15-bit or |
184 |
+16-bit color depth. |
185 |
+ |
186 |
+Fixes #335 |
187 |
+Fixes https://gitlab.com/Remmina/Remmina/issues/1824 |
188 |
+--- |
189 |
+ libvncclient/tight.c | 5 +++-- |
190 |
+ 1 file changed, 3 insertions(+), 2 deletions(-) |
191 |
+ |
192 |
+diff --git a/libvncclient/tight.c b/libvncclient/tight.c |
193 |
+index df01812..0586f47 100644 |
194 |
+--- a/libvncclient/tight.c |
195 |
++++ b/libvncclient/tight.c |
196 |
+@@ -1,5 +1,5 @@ |
197 |
+ /* |
198 |
+- * Copyright (C) 2017 D. R. Commander. All Rights Reserved. |
199 |
++ * Copyright (C) 2017, 2019 D. R. Commander. All Rights Reserved. |
200 |
+ * Copyright (C) 2004-2008 Sun Microsystems, Inc. All Rights Reserved. |
201 |
+ * Copyright (C) 2004 Landmark Graphics Corporation. All Rights Reserved. |
202 |
+ * Copyright (C) 2000, 2001 Const Kaplinsky. All Rights Reserved. |
203 |
+@@ -360,7 +360,8 @@ FilterCopyBPP (rfbClient* client, int srcx, int srcy, int numRows) |
204 |
+ #endif |
205 |
+ |
206 |
+ for (y = 0; y < numRows; y++) |
207 |
+- memcpy (&dst[y*client->width], &client->buffer[y*client->rectWidth], |
208 |
++ memcpy (&dst[y*client->width], |
209 |
++ &client->buffer[y * client->rectWidth * (BPP / 8)], |
210 |
+ client->rectWidth * (BPP / 8)); |
211 |
+ } |
212 |
+ |
213 |
+-- |
214 |
+2.23.0 |
215 |
+ |
216 |
|
217 |
diff --git a/net-libs/libvncserver/files/libvncserver-0.9.12-pkgconfig-libdir.patch b/net-libs/libvncserver/files/libvncserver-0.9.12-pkgconfig-libdir.patch |
218 |
new file mode 100644 |
219 |
index 00000000000..6a50ac89206 |
220 |
--- /dev/null |
221 |
+++ b/net-libs/libvncserver/files/libvncserver-0.9.12-pkgconfig-libdir.patch |
222 |
@@ -0,0 +1,41 @@ |
223 |
+From 36a71279ed5b10effecd879caf6c3791842ca713 Mon Sep 17 00:00:00 2001 |
224 |
+From: Christian Beier <dontmind@×××××××××.org> |
225 |
+Date: Thu, 28 Mar 2019 21:06:36 +0100 |
226 |
+Subject: [PATCH 03/51] CMake: replace 'lib' with ${CMAKE_INSTALL_LIBDIR} for |
227 |
+ pkgconfig files as well |
228 |
+ |
229 |
+Thanks to https://github.com/ikelos for spotting this ;-) |
230 |
+ |
231 |
+Closes #290 |
232 |
+--- |
233 |
+ libvncclient.pc.cmakein | 2 +- |
234 |
+ libvncserver.pc.cmakein | 2 +- |
235 |
+ 2 files changed, 2 insertions(+), 2 deletions(-) |
236 |
+ |
237 |
+diff --git a/libvncclient.pc.cmakein b/libvncclient.pc.cmakein |
238 |
+index 169a8b7..445f7e7 100644 |
239 |
+--- a/libvncclient.pc.cmakein |
240 |
++++ b/libvncclient.pc.cmakein |
241 |
+@@ -1,6 +1,6 @@ |
242 |
+ prefix=@CMAKE_INSTALL_PREFIX@ |
243 |
+ exec_prefix=@CMAKE_INSTALL_PREFIX@ |
244 |
+-libdir=@CMAKE_INSTALL_PREFIX@/lib |
245 |
++libdir=@CMAKE_INSTALL_PREFIX@/@CMAKE_INSTALL_LIBDIR@ |
246 |
+ includedir=@CMAKE_INSTALL_PREFIX@/include |
247 |
+ |
248 |
+ Name: LibVNCClient |
249 |
+diff --git a/libvncserver.pc.cmakein b/libvncserver.pc.cmakein |
250 |
+index f38d74f..c689806 100644 |
251 |
+--- a/libvncserver.pc.cmakein |
252 |
++++ b/libvncserver.pc.cmakein |
253 |
+@@ -1,6 +1,6 @@ |
254 |
+ prefix=@CMAKE_INSTALL_PREFIX@ |
255 |
+ exec_prefix=@CMAKE_INSTALL_PREFIX@ |
256 |
+-libdir=@CMAKE_INSTALL_PREFIX@/lib |
257 |
++libdir=@CMAKE_INSTALL_PREFIX@/@CMAKE_INSTALL_LIBDIR@ |
258 |
+ includedir=@CMAKE_INSTALL_PREFIX@/include |
259 |
+ |
260 |
+ Name: LibVNCServer |
261 |
+-- |
262 |
+2.23.0 |
263 |
+ |
264 |
|
265 |
diff --git a/net-libs/libvncserver/libvncserver-0.9.12-r3.ebuild b/net-libs/libvncserver/libvncserver-0.9.12-r3.ebuild |
266 |
new file mode 100644 |
267 |
index 00000000000..e21ed47bcc3 |
268 |
--- /dev/null |
269 |
+++ b/net-libs/libvncserver/libvncserver-0.9.12-r3.ebuild |
270 |
@@ -0,0 +1,73 @@ |
271 |
+# Copyright 1999-2019 Gentoo Authors |
272 |
+# Distributed under the terms of the GNU General Public License v2 |
273 |
+ |
274 |
+EAPI=7 |
275 |
+ |
276 |
+inherit cmake-utils |
277 |
+ |
278 |
+MY_P="LibVNCServer-${PV}" |
279 |
+DESCRIPTION="library for creating vnc servers" |
280 |
+HOMEPAGE="https://libvnc.github.io/" |
281 |
+SRC_URI="https://github.com/LibVNC/${PN}/archive/${MY_P}.tar.gz" |
282 |
+ |
283 |
+# libvncserver/tightvnc-filetransfer/*: GPL-2, but we don't build it |
284 |
+# common/d3des.*: https://github.com/LibVNC/libvncserver/issues/88 |
285 |
+LICENSE="GPL-2+ LGPL-2.1+ BSD MIT" |
286 |
+# no sub slot wanted (yet), see #578958 |
287 |
+SLOT="0" |
288 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux" |
289 |
+IUSE="+24bpp gcrypt gnutls ipv6 +jpeg libressl lzo +png sasl ssl systemd +threads +zlib" |
290 |
+# https://bugs.gentoo.org/690202 |
291 |
+# https://bugs.gentoo.org/435326 |
292 |
+# https://bugs.gentoo.org/550916 |
293 |
+REQUIRED_USE="jpeg? ( zlib ) png? ( zlib ) ssl? ( !gnutls? ( threads ) )" |
294 |
+ |
295 |
+DEPEND=" |
296 |
+ gcrypt? ( >=dev-libs/libgcrypt-1.5.3:0= ) |
297 |
+ ssl? ( |
298 |
+ !gnutls? ( |
299 |
+ !libressl? ( >=dev-libs/openssl-1.0.2:0= ) |
300 |
+ libressl? ( >=dev-libs/libressl-2.7.0:0= ) |
301 |
+ ) |
302 |
+ gnutls? ( >=net-libs/gnutls-2.12.23-r6:0= ) |
303 |
+ ) |
304 |
+ jpeg? ( >=virtual/jpeg-0-r2:0 ) |
305 |
+ lzo? ( dev-libs/lzo ) |
306 |
+ png? ( >=media-libs/libpng-1.6.10:0= ) |
307 |
+ sasl? ( dev-libs/cyrus-sasl ) |
308 |
+ systemd? ( sys-apps/systemd:= ) |
309 |
+ zlib? ( >=sys-libs/zlib-1.2.8-r1:0= )" |
310 |
+RDEPEND="${DEPEND}" |
311 |
+ |
312 |
+S="${WORKDIR}/${PN}-${MY_P}" |
313 |
+ |
314 |
+DOCS=( AUTHORS ChangeLog NEWS README.md TODO ) |
315 |
+ |
316 |
+PATCHES=( |
317 |
+ "${FILESDIR}"/${P}-cmake-libdir.patch |
318 |
+ "${FILESDIR}"/${P}-pkgconfig-libdir.patch |
319 |
+ "${FILESDIR}"/${P}-libgcrypt.patch |
320 |
+ "${FILESDIR}"/${P}-sparc-unaligned.patch |
321 |
+ "${FILESDIR}"/${P}-CVE-2018-20750.patch |
322 |
+ "${FILESDIR}"/${P}-CVE-2019-15681.patch |
323 |
+ "${FILESDIR}"/${P}-fix-tight-raw-decoding.patch |
324 |
+) |
325 |
+ |
326 |
+src_configure() { |
327 |
+ local mycmakeargs=( |
328 |
+ -DWITH_ZLIB=$(usex zlib ON OFF) |
329 |
+ -DWITH_LZO=$(usex lzo ON OFF) |
330 |
+ -DWITH_JPEG=$(usex jpeg ON OFF) |
331 |
+ -DWITH_PNG=$(usex png ON OFF) |
332 |
+ -DWITH_THREADS=$(usex threads ON OFF) |
333 |
+ -DWITH_GNUTLS=$(usex gnutls $(usex ssl ON OFF) OFF) |
334 |
+ -DWITH_OPENSSL=$(usex gnutls OFF $(usex ssl ON OFF)) |
335 |
+ -DWITH_GCRYPT=$(usex gcrypt ON OFF) |
336 |
+ -DWITH_SYSTEMD=$(usex systemd ON OFF) |
337 |
+ -DWITH_FFMPEG=OFF |
338 |
+ -DWITH_24BPP=$(usex 24bpp ON OFF) |
339 |
+ -DWITH_IPv6=$(usex ipv6 ON OFF) |
340 |
+ -DWITH_SASL=$(usex sasl ON OFF) |
341 |
+ ) |
342 |
+ cmake-utils_src_configure |
343 |
+} |