gnu: libvnc: Update to 0.9.13.
* gnu/packages/patches/libvnc-CVE-2018-20750.patch, gnu/packages/patches/libvnc-CVE-2019-15681.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. * gnu/packages/vnc.scm (libvnc): Update to 0.9.13. [source](patches): Remove. [arguments]: Add phase to patch 'cc' invocation.master
parent
938f3190e7
commit
2195ad6bd7
|
@ -1241,8 +1241,6 @@ dist_patch_DATA = \
|
||||||
%D%/packages/patches/libutils-add-includes.patch \
|
%D%/packages/patches/libutils-add-includes.patch \
|
||||||
%D%/packages/patches/libutils-remove-damaging-includes.patch \
|
%D%/packages/patches/libutils-remove-damaging-includes.patch \
|
||||||
%D%/packages/patches/libvdpau-va-gl-unbundle.patch \
|
%D%/packages/patches/libvdpau-va-gl-unbundle.patch \
|
||||||
%D%/packages/patches/libvnc-CVE-2018-20750.patch \
|
|
||||||
%D%/packages/patches/libvnc-CVE-2019-15681.patch \
|
|
||||||
%D%/packages/patches/libvpx-CVE-2016-2818.patch \
|
%D%/packages/patches/libvpx-CVE-2016-2818.patch \
|
||||||
%D%/packages/patches/libxslt-generated-ids.patch \
|
%D%/packages/patches/libxslt-generated-ids.patch \
|
||||||
%D%/packages/patches/libxt-guix-search-paths.patch \
|
%D%/packages/patches/libxt-guix-search-paths.patch \
|
||||||
|
|
|
@ -1,44 +0,0 @@
|
||||||
From 09e8fc02f59f16e2583b34fe1a270c238bd9ffec Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
|
|
||||||
Date: Mon, 7 Jan 2019 10:40:01 +0100
|
|
||||||
Subject: [PATCH] Limit lenght to INT_MAX bytes in
|
|
||||||
rfbProcessFileTransferReadBuffer()
|
|
||||||
|
|
||||||
This ammends 15bb719c03cc70f14c36a843dcb16ed69b405707 fix for a heap
|
|
||||||
out-of-bound write access in rfbProcessFileTransferReadBuffer() when
|
|
||||||
reading a transfered file content in a server. The former fix did not
|
|
||||||
work on platforms with a 32-bit int type (expected by rfbReadExact()).
|
|
||||||
|
|
||||||
CVE-2018-15127
|
|
||||||
<https://github.com/LibVNC/libvncserver/issues/243>
|
|
||||||
<https://github.com/LibVNC/libvncserver/issues/273>
|
|
||||||
---
|
|
||||||
libvncserver/rfbserver.c | 7 ++++++-
|
|
||||||
1 file changed, 6 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
|
|
||||||
index 7af84906..f2edbeea 100644
|
|
||||||
--- a/libvncserver/rfbserver.c
|
|
||||||
+++ b/libvncserver/rfbserver.c
|
|
||||||
@@ -88,6 +88,8 @@
|
|
||||||
#include <errno.h>
|
|
||||||
/* strftime() */
|
|
||||||
#include <time.h>
|
|
||||||
+/* INT_MAX */
|
|
||||||
+#include <limits.h>
|
|
||||||
|
|
||||||
#ifdef LIBVNCSERVER_WITH_WEBSOCKETS
|
|
||||||
#include "rfbssl.h"
|
|
||||||
@@ -1472,8 +1474,11 @@ char *rfbProcessFileTransferReadBuffer(rfbClientPtr cl, uint32_t length)
|
|
||||||
0XFFFFFFFF, i.e. SIZE_MAX for 32-bit systems. On 64-bit systems, a length of 0XFFFFFFFF
|
|
||||||
will safely be allocated since this check will never trigger and malloc() can digest length+1
|
|
||||||
without problems as length is a uint32_t.
|
|
||||||
+ We also later pass length to rfbReadExact() that expects a signed int type and
|
|
||||||
+ that might wrap on platforms with a 32-bit int type if length is bigger
|
|
||||||
+ than 0X7FFFFFFF.
|
|
||||||
*/
|
|
||||||
- if(length == SIZE_MAX) {
|
|
||||||
+ if(length == SIZE_MAX || length > INT_MAX) {
|
|
||||||
rfbErr("rfbProcessFileTransferReadBuffer: too big file transfer length requested: %u", (unsigned int)length);
|
|
||||||
rfbCloseClient(cl);
|
|
||||||
return NULL;
|
|
|
@ -1,23 +0,0 @@
|
||||||
From d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a Mon Sep 17 00:00:00 2001
|
|
||||||
From: Christian Beier <dontmind@freeshell.org>
|
|
||||||
Date: Mon, 19 Aug 2019 22:32:25 +0200
|
|
||||||
Subject: [PATCH] rfbserver: don't leak stack memory to the remote
|
|
||||||
|
|
||||||
Thanks go to Pavel Cheremushkin of Kaspersky for reporting.
|
|
||||||
---
|
|
||||||
libvncserver/rfbserver.c | 2 ++
|
|
||||||
1 file changed, 2 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
|
|
||||||
index 3bacc891..310e5487 100644
|
|
||||||
--- a/libvncserver/rfbserver.c
|
|
||||||
+++ b/libvncserver/rfbserver.c
|
|
||||||
@@ -3724,6 +3724,8 @@ rfbSendServerCutText(rfbScreenInfoPtr rfbScreen,char *str, int len)
|
|
||||||
rfbServerCutTextMsg sct;
|
|
||||||
rfbClientIteratorPtr iterator;
|
|
||||||
|
|
||||||
+ memset((char *)&sct, 0, sizeof(sct));
|
|
||||||
+
|
|
||||||
iterator = rfbGetClientIterator(rfbScreen);
|
|
||||||
while ((cl = rfbClientIteratorNext(iterator)) != NULL) {
|
|
||||||
sct.type = rfbServerCutText;
|
|
|
@ -2,6 +2,7 @@
|
||||||
;;; Copyright © 2019 Todor Kondić <tk.code@protonmail.com>
|
;;; Copyright © 2019 Todor Kondić <tk.code@protonmail.com>
|
||||||
;;; Copyright © 2020 Oleg Pykhalov <go.wigust@gmail.com>
|
;;; Copyright © 2020 Oleg Pykhalov <go.wigust@gmail.com>
|
||||||
;;; Copyright © 2020 Hartmut Goebel <h.goebel@crazy-compilers.com>
|
;;; Copyright © 2020 Hartmut Goebel <h.goebel@crazy-compilers.com>
|
||||||
|
;;; Copyright © 2020 Marius Bakke <marius@gnu.org>
|
||||||
;;;
|
;;;
|
||||||
;;; This file is part of GNU Guix.
|
;;; This file is part of GNU Guix.
|
||||||
;;;
|
;;;
|
||||||
|
@ -233,7 +234,7 @@ where the server is installed.")))
|
||||||
(define-public libvnc
|
(define-public libvnc
|
||||||
(package
|
(package
|
||||||
(name "libvnc")
|
(name "libvnc")
|
||||||
(version "0.9.12")
|
(version "0.9.13")
|
||||||
(source
|
(source
|
||||||
(origin
|
(origin
|
||||||
(method git-fetch)
|
(method git-fetch)
|
||||||
|
@ -242,10 +243,16 @@ where the server is installed.")))
|
||||||
(commit (string-append "LibVNCServer-" version))))
|
(commit (string-append "LibVNCServer-" version))))
|
||||||
(file-name (git-file-name name version))
|
(file-name (git-file-name name version))
|
||||||
(sha256
|
(sha256
|
||||||
(base32 "1226hb179l914919f5nm2mlf8rhaarqbf48aa649p4rwmghyx9vm"))
|
(base32 "0zz0hslw8b1p3crnfy3xnmrljik359h83dpk64s697dqdcrzy141"))))
|
||||||
(patches (search-patches "libvnc-CVE-2018-20750.patch"
|
|
||||||
"libvnc-CVE-2019-15681.patch"))))
|
|
||||||
(build-system cmake-build-system)
|
(build-system cmake-build-system)
|
||||||
|
(arguments
|
||||||
|
'(#:phases (modify-phases %standard-phases
|
||||||
|
(add-after 'unpack 'patch-cc-reference
|
||||||
|
(lambda _
|
||||||
|
(substitute* "test/includetest.sh"
|
||||||
|
(("^cc -I")
|
||||||
|
"gcc -I"))
|
||||||
|
#t)))))
|
||||||
(native-inputs
|
(native-inputs
|
||||||
`(("pkg-config" ,pkg-config)))
|
`(("pkg-config" ,pkg-config)))
|
||||||
(inputs
|
(inputs
|
||||||
|
|
Reference in New Issue