summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--user/tigervnc/0001-CSecurityTLS-Use-size_t-as-argument-for-new.patch66
-rw-r--r--user/tigervnc/0002-vncviewer-Ensure-buffer-always-has-0-termination.patch50
-rw-r--r--user/tigervnc/APKBUILD11
3 files changed, 123 insertions, 4 deletions
diff --git a/user/tigervnc/0001-CSecurityTLS-Use-size_t-as-argument-for-new.patch b/user/tigervnc/0001-CSecurityTLS-Use-size_t-as-argument-for-new.patch
new file mode 100644
index 000000000..1c608048c
--- /dev/null
+++ b/user/tigervnc/0001-CSecurityTLS-Use-size_t-as-argument-for-new.patch
@@ -0,0 +1,66 @@
+From 065a471d16636c3fba5da8aed86ffa30dcfd489b Mon Sep 17 00:00:00 2001
+From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
+Date: Wed, 20 Mar 2019 13:22:51 -0500
+Subject: [PATCH 1/2] CSecurityTLS: Use size_t as argument for new
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Using an 'int' is invalid, and produces the following output under GCC 8.3.0:
+
+tigervnc-1.9.0/common/rfb/CSecurityTLS.cxx: In member function ‘void rfb::CSecurityTLS::checkSession()’:
+tigervnc-1.9.0/common/rfb/CSecurityTLS.cxx:384:11: error: specified bound range [18446744071562067968, 18446744073709551615] exceeds ‘INT_MAX’ [-Werror=format-truncation=]
+ snprintf(certinfo, len, "This certificate has been signed by an unknown "
+ ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ "authority:\n\n%s\n\nDo you want to save it and "
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ "continue? ", info.data);
+ ~~~~~~~~~~~~~~~~~~~~~~~~
+tigervnc-1.9.0/common/rfb/CSecurityTLS.cxx:380:26: error: argument 1 range [18446744071562067968, 18446744073709551615] exceeds maximum object size 9223372036854775807 [-Werror=alloc-size-larger-than=]
+ certinfo = new char[len];
+ ^
+In file included from /usr/include/c++/8.3.0/ext/new_allocator.h:33,
+ from /usr/include/c++/8.3.0/powerpc64-foxkit-linux-musl/bits/c++allocator.h:33,
+ from /usr/include/c++/8.3.0/bits/allocator.h:46,
+ from /usr/include/c++/8.3.0/bits/stl_tree.h:64,
+ from /usr/include/c++/8.3.0/set:60,
+ from tigervnc-1.9.0/common/rfb/ConnParams.h:26,
+ from tigervnc-1.9.0/common/rfb/SMsgHandler.h:28,
+ from tigervnc-1.9.0/common/rfb/SConnection.h:29,
+ from tigervnc-1.9.0/common/rfb/SSecurity.h:47,
+ from tigervnc-1.9.0/common/rfb/SSecurityStack.h:23,
+ from tigervnc-1.9.0/common/rfb/SSecurityVeNCrypt.h:32,
+ from tigervnc-1.9.0/common/rfb/CSecurityTLS.h:34,
+ from tigervnc-1.9.0/common/rfb/CSecurityTLS.cxx:36:
+/usr/include/c++/8.3.0/new:122:7: note: in a call to allocation function ‘void* operator new [](std::size_t)’ declared here
+ void* operator new[](std::size_t) _GLIBCXX_THROW (std::bad_alloc)
+ ^~~~~~~~
+---
+ common/rfb/CSecurityTLS.cxx | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
+index c6d1e310..235df45d 100644
+--- a/common/rfb/CSecurityTLS.cxx
++++ b/common/rfb/CSecurityTLS.cxx
+@@ -383,7 +383,7 @@ void CSecurityTLS::checkSession()
+ size_t out_size = 0;
+ char *out_buf = NULL;
+ char *certinfo = NULL;
+- int len = 0;
++ size_t len = 0;
+
+ vlog.debug("certificate issuer unknown");
+
+@@ -403,7 +403,7 @@ void CSecurityTLS::checkSession()
+ "authority:\n\n%s\n\nDo you want to save it and "
+ "continue? ", info.data);
+
+- for (int i = 0; i < len - 1; i++)
++ for (size_t i = 0; i < len - 1; i++)
+ if (certinfo[i] == ',' && certinfo[i + 1] == ' ')
+ certinfo[i] = '\n';
+
+--
+2.19.2
+
diff --git a/user/tigervnc/0002-vncviewer-Ensure-buffer-always-has-0-termination.patch b/user/tigervnc/0002-vncviewer-Ensure-buffer-always-has-0-termination.patch
new file mode 100644
index 000000000..3072ca020
--- /dev/null
+++ b/user/tigervnc/0002-vncviewer-Ensure-buffer-always-has-0-termination.patch
@@ -0,0 +1,50 @@
+From f01feaa6d235b40e659bf808ce66acc2b9a93da1 Mon Sep 17 00:00:00 2001
+From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
+Date: Wed, 20 Mar 2019 13:28:36 -0500
+Subject: [PATCH 2/2] vncviewer: Ensure buffer always has \0 termination
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Building from the 1.9.0 tarball using GCC 8.3.0 on Linux yields the following:
+
+tigervnc-1.9.0/vncviewer/vncviewer.cxx: In function ‘int main(int, char**)’:
+tigervnc-1.9.0/vncviewer/vncviewer.cxx:527:14: error: ‘char* strncpy(char*, const char*, size_t)’ specified bound 64 equals destination size [-Werror=stringop-truncation]
+ strncpy(defaultServerName, configServerName, VNCSERVERNAMELEN);
+ ~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+In function ‘void potentiallyLoadConfigurationFile(char*)’,
+ inlined from ‘int main(int, char**)’ at tigervnc-1.9.0/vncviewer/vncviewer.cxx:557:35:
+tigervnc-1.9.0/vncviewer/vncviewer.cxx:396:14: error: ‘char* strncpy(char*, const char*, size_t)’ specified bound 64 equals destination size [-Werror=stringop-truncation]
+ strncpy(vncServerName, newServerName, VNCSERVERNAMELEN);
+ ~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This commit ensures the buffer always has the null terminator.
+---
+ vncviewer/vncviewer.cxx | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/vncviewer/vncviewer.cxx b/vncviewer/vncviewer.cxx
+index d2fe7e00..8ccfe563 100644
+--- a/vncviewer/vncviewer.cxx
++++ b/vncviewer/vncviewer.cxx
+@@ -402,7 +402,7 @@ potentiallyLoadConfigurationFile(char *vncServerName)
+ newServerName = loadViewerParameters(vncServerName);
+ // This might be empty, but we still need to clear it so we
+ // don't try to connect to the filename
+- strncpy(vncServerName, newServerName, VNCSERVERNAMELEN);
++ strncpy(vncServerName, newServerName, VNCSERVERNAMELEN-1);
+ } catch (rfb::Exception& e) {
+ vlog.error("%s", e.str());
+ if (alertOnFatalError)
+@@ -533,7 +533,7 @@ int main(int argc, char** argv)
+ const char* configServerName;
+ configServerName = loadViewerParameters(NULL);
+ if (configServerName != NULL)
+- strncpy(defaultServerName, configServerName, VNCSERVERNAMELEN);
++ strncpy(defaultServerName, configServerName, VNCSERVERNAMELEN-1);
+ } catch (rfb::Exception& e) {
+ vlog.error("%s", e.str());
+ if (alertOnFatalError)
+--
+2.19.2
+
diff --git a/user/tigervnc/APKBUILD b/user/tigervnc/APKBUILD
index 2d78b6150..59da8dae1 100644
--- a/user/tigervnc/APKBUILD
+++ b/user/tigervnc/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=tigervnc
pkgver=1.9.0
-pkgrel=1
+pkgrel=2
pkgdesc="High-performance, platform-neutral VNC remote desktop application"
url="https://tigervnc.org/"
arch="all"
@@ -16,6 +16,8 @@ subpackages="$pkgname-lang $pkgname-doc"
source="tigervnc-$pkgver.tar.gz::https://github.com/TigerVNC/tigervnc/archive/v$pkgver.tar.gz
use-intltool.patch
endian.patch
+ 0001-CSecurityTLS-Use-size_t-as-argument-for-new.patch
+ 0002-vncviewer-Ensure-buffer-always-has-0-termination.patch
"
build() {
@@ -25,10 +27,9 @@ build() {
fi
cmake \
-DCMAKE_INSTALL_PREFIX=/usr \
- -DCMAKE_INSTALL_LIBDIR=lib \
-DBUILD_SHARED_LIBS=True \
-DCMAKE_BUILD_TYPE=RelWithDebugInfo \
- -DCMAKE_CXX_FLAGS="$CXXFLAGS -std=c++98 -Wno-c++11-compat -Wno-maybe-uninitialized" \
+ -DCMAKE_CXX_FLAGS="$CXXFLAGS -faligned-new -Wno-c++11-compat -Wno-maybe-uninitialized" \
-DCMAKE_C_FLAGS="$CFLAGS" \
-Wno-dev \
${CMAKE_CROSSOPTS}
@@ -42,4 +43,6 @@ package() {
sha512sums="333910f567e6b5e4a5a22d898b2d4c3f4b834cb4cc8fc13ff55d31401894c0d5122a127692ec5eb51e412c945ff3ea5b8146f9ab22cbe1e47541e09239ec8c9d tigervnc-1.9.0.tar.gz
5c1cee98b7ba41c7cf121480fdfe16d5ef17c9562ff2ba3ea4e74235161fc63e2e3ed63e788c0aa999610b660b394c1269d6fdcc9716c5563651fd67d723f619 use-intltool.patch
-189a51a542b368e4db22174d09f5b656848e94577bbf93b2388f54529f1c7c2d32e5b5283551b3fb067ba21f6464f60989e22d4cd11ed3d87d5c931301555b49 endian.patch"
+189a51a542b368e4db22174d09f5b656848e94577bbf93b2388f54529f1c7c2d32e5b5283551b3fb067ba21f6464f60989e22d4cd11ed3d87d5c931301555b49 endian.patch
+f95328f6b669e6608b9971de3db25d5eb26a733fbe32f13291c309ed57eacba6c86461a516c3b8cdc12ff7482ee0249a45189864d473d52df81df0a3541d95b9 0001-CSecurityTLS-Use-size_t-as-argument-for-new.patch
+f7282c7c12e51878540be7dd45b9a00ea5d54fa13fe0cfe90f003c1b36f410ce023dfa64c64d1fb3923955c6459d25e1afe7b504651b4e9e8a2f6f9ac9e51b83 0002-vncviewer-Ensure-buffer-always-has-0-termination.patch"