diff options
Diffstat (limited to 'user/libvncserver')
-rw-r--r-- | user/libvncserver/APKBUILD | 21 | ||||
-rw-r--r-- | user/libvncserver/CVE-2018-15127.patch | 44 | ||||
-rw-r--r-- | user/libvncserver/LibVNCServer-0.9.10-system_minilzo.patch | 67 |
3 files changed, 13 insertions, 119 deletions
diff --git a/user/libvncserver/APKBUILD b/user/libvncserver/APKBUILD index 764fec75a..38aa33611 100644 --- a/user/libvncserver/APKBUILD +++ b/user/libvncserver/APKBUILD @@ -1,8 +1,8 @@ -# Contributor: Sergei Lukin <sergej.lukin@gmail.com> +# Contributor: Sergey Lukin <sergej.lukin@gmail.com> # Contributor: Natanael Copa <ncopa@alpinelinux.org> # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=libvncserver -pkgver=0.9.12 +pkgver=0.9.13 pkgrel=0 pkgdesc="Library to make writing a vnc server easy" url="https://libvnc.github.io/" @@ -12,10 +12,9 @@ depends="" depends_dev="libgcrypt-dev libjpeg-turbo-dev gnutls-dev libpng-dev libice-dev libx11-dev libxdamage-dev libxext-dev libxfixes-dev libxi-dev libxinerama-dev libxrandr-dev libxtst-dev" -makedepends="$depends_dev autoconf automake libtool" +makedepends="$depends_dev cmake" subpackages="$pkgname-dev" -source="https://github.com/LibVNC/libvncserver/archive/LibVNCServer-$pkgver.tar.gz - CVE-2018-15127.patch" +source="https://github.com/LibVNC/libvncserver/archive/LibVNCServer-$pkgver.tar.gz" builddir="$srcdir"/libvncserver-LibVNCServer-$pkgver # secfixes: @@ -24,6 +23,12 @@ builddir="$srcdir"/libvncserver-LibVNCServer-$pkgver # - CVE-2016-9942 # 0.9.12-r0: # - CVE-2018-15127 +# 0.9.12-r1: +# - CVE-2019-15681 +# - CVE-2019-15690 +# 0.9.13-r0: +# - CVE-2019-20788 +# - CVE-2020-14401 build() { if [ "$CBUILD" != "$CHOST" ]; then @@ -31,11 +36,12 @@ build() { fi cmake \ -DCMAKE_INSTALL_PREFIX=/usr \ + -DCMAKE_INSTALL_LIBDIR=lib \ -DBUILD_SHARED_LIBS=True \ -DCMAKE_BUILD_TYPE=RelWithDebugInfo \ -DCMAKE_CXX_FLAGS="$CXXFLAGS" \ -DCMAKE_C_FLAGS="$CFLAGS" \ - ${CMAKE_CROSSOPTS} + ${CMAKE_CROSSOPTS} . make } @@ -48,5 +54,4 @@ package() { make install DESTDIR="$pkgdir" } -sha512sums="60ff1cc93a937d6f8f97449bc58b763095846207112f7b1b3c43eb2d74448b595d6da949903a764bd484ee54e38ff6277e882adbe965dd6d26ba15ef6ff6fcb8 LibVNCServer-0.9.12.tar.gz -8b5b6742e6c3a181c60652484b15ec42cc0a3acc1e82cef38e82b61f43f1de456d09731976f4e5dfab44abf3e551e22aaf4300cb8418cd8e136d705fcb2a7dbe CVE-2018-15127.patch" +sha512sums="18b0a1698d32bbdbfe6f65f76130b2a95860e3cc76e8adb904269663698c7c0ae982f451fda1f25e5461f096045d40a89d9014258f439366d5b4feaa4999d643 LibVNCServer-0.9.13.tar.gz" diff --git a/user/libvncserver/CVE-2018-15127.patch b/user/libvncserver/CVE-2018-15127.patch deleted file mode 100644 index 146243670..000000000 --- a/user/libvncserver/CVE-2018-15127.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 09e8fc02f59f16e2583b34fe1a270c238bd9ffec Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com> -Date: Mon, 7 Jan 2019 10:40:01 +0100 -Subject: [PATCH] Limit lenght to INT_MAX bytes in - rfbProcessFileTransferReadBuffer() - -This ammends 15bb719c03cc70f14c36a843dcb16ed69b405707 fix for a heap -out-of-bound write access in rfbProcessFileTransferReadBuffer() when -reading a transfered file content in a server. The former fix did not -work on platforms with a 32-bit int type (expected by rfbReadExact()). - -CVE-2018-15127 -<https://github.com/LibVNC/libvncserver/issues/243> -<https://github.com/LibVNC/libvncserver/issues/273> ---- - libvncserver/rfbserver.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c -index 7af84906..f2edbeea 100644 ---- a/libvncserver/rfbserver.c -+++ b/libvncserver/rfbserver.c -@@ -88,6 +88,8 @@ - #include <errno.h> - /* strftime() */ - #include <time.h> -+/* INT_MAX */ -+#include <limits.h> - - #ifdef LIBVNCSERVER_WITH_WEBSOCKETS - #include "rfbssl.h" -@@ -1472,8 +1474,11 @@ char *rfbProcessFileTransferReadBuffer(rfbClientPtr cl, uint32_t length) - 0XFFFFFFFF, i.e. SIZE_MAX for 32-bit systems. On 64-bit systems, a length of 0XFFFFFFFF - will safely be allocated since this check will never trigger and malloc() can digest length+1 - without problems as length is a uint32_t. -+ We also later pass length to rfbReadExact() that expects a signed int type and -+ that might wrap on platforms with a 32-bit int type if length is bigger -+ than 0X7FFFFFFF. - */ -- if(length == SIZE_MAX) { -+ if(length == SIZE_MAX || length > INT_MAX) { - rfbErr("rfbProcessFileTransferReadBuffer: too big file transfer length requested: %u", (unsigned int)length); - rfbCloseClient(cl); - return NULL; diff --git a/user/libvncserver/LibVNCServer-0.9.10-system_minilzo.patch b/user/libvncserver/LibVNCServer-0.9.10-system_minilzo.patch deleted file mode 100644 index 34e789bba..000000000 --- a/user/libvncserver/LibVNCServer-0.9.10-system_minilzo.patch +++ /dev/null @@ -1,67 +0,0 @@ -diff -up LibVNCServer-0.9.10/libvncclient/Makefile.am.system_minilzo LibVNCServer-0.9.10/libvncclient/Makefile.am ---- LibVNCServer-0.9.10/libvncclient/Makefile.am.system_minilzo 2014-04-05 18:38:35.000000000 -0500 -+++ LibVNCServer-0.9.10/libvncclient/Makefile.am 2014-04-29 08:56:27.861761880 -0500 -@@ -13,10 +13,10 @@ endif - endif - - --libvncclient_la_SOURCES=cursor.c listen.c rfbproto.c sockets.c vncviewer.c ../common/minilzo.c $(TLSSRCS) --libvncclient_la_LIBADD=$(TLSLIBS) $(VA_LIBS) -+libvncclient_la_SOURCES=cursor.c listen.c rfbproto.c sockets.c vncviewer.c $(TLSSRCS) -+libvncclient_la_LIBADD=$(TLSLIBS) $(VA_LIBS) -lminilzo - --noinst_HEADERS=../common/lzodefs.h ../common/lzoconf.h ../common/minilzo.h tls.h -+noinst_HEADERS=tls.h - - rfbproto.o: rfbproto.c corre.c hextile.c rre.c tight.c zlib.c zrle.c ultra.c - -diff -up LibVNCServer-0.9.10/libvncclient/rfbproto.c.system_minilzo LibVNCServer-0.9.10/libvncclient/rfbproto.c ---- LibVNCServer-0.9.10/libvncclient/rfbproto.c.system_minilzo 2014-04-05 18:38:35.000000000 -0500 -+++ LibVNCServer-0.9.10/libvncclient/rfbproto.c 2014-04-29 08:39:57.638331693 -0500 -@@ -61,7 +61,7 @@ - #include <gcrypt.h> - #endif - --#include "minilzo.h" -+#include <lzo/minilzo.h> - #include "tls.h" - - /* -diff -up LibVNCServer-0.9.10/libvncserver/Makefile.am.system_minilzo LibVNCServer-0.9.10/libvncserver/Makefile.am ---- LibVNCServer-0.9.10/libvncserver/Makefile.am.system_minilzo 2014-04-05 18:38:35.000000000 -0500 -+++ LibVNCServer-0.9.10/libvncserver/Makefile.am 2014-04-29 08:39:57.638331693 -0500 -@@ -37,7 +37,7 @@ include_HEADERS=../rfb/rfb.h ../rfb/rfbc - - noinst_HEADERS=../common/d3des.h ../rfb/default8x16.h zrleoutstream.h \ - zrlepalettehelper.h zrletypes.h private.h scale.h rfbssl.h rfbcrypto.h \ -- ../common/minilzo.h ../common/lzoconf.h ../common/lzodefs.h ../common/md5.h ../common/sha1.h \ -+ ../common/md5.h ../common/sha1.h \ - $(TIGHTVNCFILETRANSFERHDRS) - - EXTRA_DIST=tableinit24.c tableinittctemplate.c tabletranstemplate.c \ -@@ -54,11 +54,11 @@ endif - LIB_SRCS = main.c rfbserver.c rfbregion.c auth.c sockets.c $(WEBSOCKETSSRCS) \ - stats.c corre.c hextile.c rre.c translate.c cutpaste.c \ - httpd.c cursor.c font.c \ -- draw.c selbox.c ../common/d3des.c ../common/vncauth.c cargs.c ../common/minilzo.c ultra.c scale.c \ -+ draw.c selbox.c ../common/d3des.c ../common/vncauth.c cargs.c ultra.c scale.c \ - $(ZLIBSRCS) $(TIGHTSRCS) $(TIGHTVNCFILETRANSFERSRCS) - - libvncserver_la_SOURCES=$(LIB_SRCS) --libvncserver_la_LIBADD=$(WEBSOCKETSSSLLIBS) -+libvncserver_la_LIBADD=$(WEBSOCKETSSSLLIBS) -lminilzo - - lib_LTLIBRARIES=libvncserver.la - -diff -up LibVNCServer-0.9.10/libvncserver/ultra.c.system_minilzo LibVNCServer-0.9.10/libvncserver/ultra.c ---- LibVNCServer-0.9.10/libvncserver/ultra.c.system_minilzo 2014-04-05 18:38:35.000000000 -0500 -+++ LibVNCServer-0.9.10/libvncserver/ultra.c 2014-04-29 08:39:57.638331693 -0500 -@@ -8,7 +8,7 @@ - */ - - #include <rfb/rfb.h> --#include "minilzo.h" -+#include <lzo/minilzo.h> - - /* - * cl->beforeEncBuf contains pixel data in the client's format. |