Gentoo Archives: gentoo-commits

From: "Johannes Huber (johu)" <johu@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in kde-base/krfb/files: krfb-4.12.5-CVE-2014-4607-unbundle-libvncserver.patch
Date: Thu, 31 Jul 2014 20:47:02
Message-Id: 20140731204659.571692004E@flycatcher.gentoo.org
1 johu 14/07/31 20:46:59
2
3 Added:
4 krfb-4.12.5-CVE-2014-4607-unbundle-libvncserver.patch
5 Log:
6 Revision bump unbundles libvncserver, bug #515276.
7
8 (Portage version: 2.2.10/cvs/Linux x86_64, signed Manifest commit with key F3CFD2BD)
9
10 Revision Changes Path
11 1.1 kde-base/krfb/files/krfb-4.12.5-CVE-2014-4607-unbundle-libvncserver.patch
12
13 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/kde-base/krfb/files/krfb-4.12.5-CVE-2014-4607-unbundle-libvncserver.patch?rev=1.1&view=markup
14 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/kde-base/krfb/files/krfb-4.12.5-CVE-2014-4607-unbundle-libvncserver.patch?rev=1.1&content-type=text/plain
15
16 Index: krfb-4.12.5-CVE-2014-4607-unbundle-libvncserver.patch
17 ===================================================================
18 From 08f7c0c3d122f6096408007a0ac44c586c1c36b7 Mon Sep 17 00:00:00 2001
19 From: Johannes Huber <johu@g.o>
20 Date: Thu, 31 Jul 2014 19:41:01 +0200
21 Subject: [PATCH] CVE-2014-4607: Unbundle libvncserver
22
23 http://seclists.org/oss-sec/2014/q2/676
24
25 REVIEW: 119548
26 ---
27 CMakeLists.txt | 12 +++++++----
28 cmake/modules/FindLibVNCServer.cmake | 41 ++++++++++++++++++++++++++++++++++++
29 krfb/CMakeLists.txt | 2 ++
30 krfb/rfb.h | 2 +-
31 4 files changed, 52 insertions(+), 5 deletions(-)
32 create mode 100644 cmake/modules/FindLibVNCServer.cmake
33
34 diff --git a/CMakeLists.txt b/CMakeLists.txt
35 index 78c19b3..7b0af64 100644
36 --- a/CMakeLists.txt
37 +++ b/CMakeLists.txt
38 @@ -26,6 +26,13 @@ if(NOT INSIDE_KDENETWORK)
39 include_directories(${CMAKE_SOURCE_DIR} ${CMAKE_BINARY_DIR} ${KDE4_INCLUDES})
40 endif(NOT INSIDE_KDENETWORK)
41
42 +set(CMAKE_MODULE_PATH
43 + "${CMAKE_CURRENT_SOURCE_DIR}/cmake/modules"
44 + ${CMAKE_MODULE_PATH}
45 +)
46 +
47 +find_package(LibVNCServer REQUIRED)
48 +
49 macro_optional_find_package(TelepathyQt4)
50 macro_log_feature(TelepathyQt4_FOUND "telepathy-qt" "Telepathy Qt Bindings" "http://telepathy.freedesktop.org" FALSE "0.9" "Needed to build Telepathy Tubes support.")
51
52 @@ -35,8 +42,6 @@ macro_bool_to_01(X11_XShm_FOUND HAVE_XSHM)
53 include_directories ("${CMAKE_CURRENT_BINARY_DIR}/krfb"
54 "${CMAKE_CURRENT_SOURCE_DIR}/krfb"
55 "${CMAKE_CURRENT_SOURCE_DIR}/krfb/ui"
56 - "${CMAKE_CURRENT_SOURCE_DIR}/libvncserver/"
57 - "${CMAKE_CURRENT_BINARY_DIR}/libvncserver/"
58 )
59
60 if(Q_WS_X11)
61 @@ -45,9 +50,8 @@ if(Q_WS_X11)
62 endif(NOT X11_XTest_FOUND)
63 endif(Q_WS_X11)
64
65 -add_subdirectory(libvncserver)
66 add_subdirectory(krfb)
67 -add_subdirectory (framebuffers)
68 +add_subdirectory(framebuffers)
69 add_subdirectory(doc)
70
71 if (NOT INSIDE_KDENETWORK)
72 diff --git a/cmake/modules/FindLibVNCServer.cmake b/cmake/modules/FindLibVNCServer.cmake
73 new file mode 100644
74 index 0000000..5927ab2
75 --- /dev/null
76 +++ b/cmake/modules/FindLibVNCServer.cmake
77 @@ -0,0 +1,41 @@
78 +# cmake macro to test LIBVNCSERVER LIB
79 +
80 +# Copyright (c) 2006, Alessandro Praduroux <pradu@×××××.it>
81 +# Copyright (c) 2007, Urs Wolfer <uwolfer @ kde.org>
82 +#
83 +# Redistribution and use is allowed according to the terms of the BSD license.
84 +# For details see the accompanying COPYING-CMAKE-SCRIPTS file.
85 +
86 +INCLUDE(CheckPointerMember)
87 +
88 +IF (LIBVNCSERVER_INCLUDE_DIR AND LIBVNCSERVER_LIBRARIES)
89 + # Already in cache, be silent
90 + SET(LIBVNCSERVER_FIND_QUIETLY TRUE)
91 +ENDIF (LIBVNCSERVER_INCLUDE_DIR AND LIBVNCSERVER_LIBRARIES)
92 +
93 +FIND_PATH(LIBVNCSERVER_INCLUDE_DIR rfb/rfb.h)
94 +
95 +FIND_LIBRARY(LIBVNCSERVER_LIBRARIES NAMES vncserver libvncserver)
96 +
97 +# libvncserver and libvncclient are in the same package, so it does
98 +# not make sense to add a new cmake script for finding libvncclient.
99 +# instead just find the libvncclient also in this file.
100 +FIND_PATH(LIBVNCCLIENT_INCLUDE_DIR rfb/rfbclient.h)
101 +FIND_LIBRARY(LIBVNCCLIENT_LIBRARIES NAMES vncclient libvncclient)
102 +
103 +IF (LIBVNCSERVER_INCLUDE_DIR AND LIBVNCSERVER_LIBRARIES)
104 + SET(CMAKE_REQUIRED_INCLUDES "${LIBVNCSERVER_INCLUDE_DIR}" "${CMAKE_REQUIRED_INCLUDES}")
105 + CHECK_POINTER_MEMBER(rfbClient* GotXCutText rfb/rfbclient.h LIBVNCSERVER_FOUND)
106 +ENDIF (LIBVNCSERVER_INCLUDE_DIR AND LIBVNCSERVER_LIBRARIES)
107 +
108 +IF (LIBVNCSERVER_FOUND)
109 + IF (NOT LIBVNCSERVER_FIND_QUIETLY)
110 + MESSAGE(STATUS "Found LibVNCServer: ${LIBVNCSERVER_LIBRARIES}")
111 + ENDIF (NOT LIBVNCSERVER_FIND_QUIETLY)
112 +ELSE (LIBVNCSERVER_FOUND)
113 + IF (LIBVNCSERVER_FIND_REQUIRED)
114 + MESSAGE(FATAL_ERROR "Could NOT find acceptable version of LibVNCServer (version 0.9 or later required).")
115 + ENDIF (LIBVNCSERVER_FIND_REQUIRED)
116 +ENDIF (LIBVNCSERVER_FOUND)
117 +
118 +MARK_AS_ADVANCED(LIBVNCSERVER_INCLUDE_DIR LIBVNCSERVER_LIBRARIES)
119 \ No newline at end of file
120 diff --git a/krfb/CMakeLists.txt b/krfb/CMakeLists.txt
121 index bbc508d..08ee30c 100644
122 --- a/krfb/CMakeLists.txt
123 +++ b/krfb/CMakeLists.txt
124 @@ -20,6 +20,7 @@ target_link_libraries (krfbprivate
125 ${QT_QTCORE_LIBRARY}
126 ${QT_QTGUI_LIBRARY}
127 ${X11_X11_LIB}
128 + ${LIBVNCSERVER_LIBRARIES}
129 )
130
131 set_target_properties (krfbprivate PROPERTIES
132 @@ -104,6 +105,7 @@ target_link_libraries (krfb
133 ${QT_QTNETWORK_LIBRARY}
134 ${KDE4_KDNSSD_LIBS}
135 ${KDE4_KDEUI_LIBS}
136 + ${LIBVNCSERVER_LIBRARIES}
137 )
138
139 if(TelepathyQt4_FOUND)
140 diff --git a/krfb/rfb.h b/krfb/rfb.h
141 index 40308a2..fa94eda 100644
142 --- a/krfb/rfb.h
143 +++ b/krfb/rfb.h
144 @@ -6,7 +6,7 @@
145 #ifndef KRFB_RFB_H
146 #define KRFB_RFB_H
147
148 -#include "../libvncserver/rfb/rfb.h"
149 +#include "rfb/rfb.h"
150
151 #undef TRUE
152 #undef FALSE
153 --
154 2.0.2