5 files changed, 129 insertions, 53 deletions
diff --git a/user/tigervnc/0002-vncviewer-Ensure-buffer-always-has-0-termination.patch b/user/tigervnc/0002-vncviewer-Ensure-buffer-always-has-0-termination.patch
deleted file mode 100644
index 3072ca020..000000000
--- a/user/tigervnc/0002-vncviewer-Ensure-buffer-always-has-0-termination.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From f01feaa6d235b40e659bf808ce66acc2b9a93da1 Mon Sep 17 00:00:00 2001
-From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
-Date: Wed, 20 Mar 2019 13:28:36 -0500
-Subject: [PATCH 2/2] vncviewer: Ensure buffer always has \0 termination
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Building from the 1.9.0 tarball using GCC 8.3.0 on Linux yields the following:
-
-tigervnc-1.9.0/vncviewer/vncviewer.cxx: In function ‘int main(int, char**)’:
-tigervnc-1.9.0/vncviewer/vncviewer.cxx:527:14: error: ‘char* strncpy(char*, const char*, size_t)’ specified bound 64 equals destination size [-Werror=stringop-truncation]
-       strncpy(defaultServerName, configServerName, VNCSERVERNAMELEN);
-       ~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-In function ‘void potentiallyLoadConfigurationFile(char*)’,
-    inlined from ‘int main(int, char**)’ at tigervnc-1.9.0/vncviewer/vncviewer.cxx:557:35:
-tigervnc-1.9.0/vncviewer/vncviewer.cxx:396:14: error: ‘char* strncpy(char*, const char*, size_t)’ specified bound 64 equals destination size [-Werror=stringop-truncation]
-       strncpy(vncServerName, newServerName, VNCSERVERNAMELEN);
-       ~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-This commit ensures the buffer always has the null terminator.
----
- vncviewer/vncviewer.cxx | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/vncviewer/vncviewer.cxx b/vncviewer/vncviewer.cxx
-index d2fe7e00..8ccfe563 100644
---- a/vncviewer/vncviewer.cxx
-+++ b/vncviewer/vncviewer.cxx
-@@ -402,7 +402,7 @@ potentiallyLoadConfigurationFile(char *vncServerName)
-       newServerName = loadViewerParameters(vncServerName);
-       // This might be empty, but we still need to clear it so we
-       // don't try to connect to the filename
--      strncpy(vncServerName, newServerName, VNCSERVERNAMELEN);
-+      strncpy(vncServerName, newServerName, VNCSERVERNAMELEN-1);
-     } catch (rfb::Exception& e) {
-       vlog.error("%s", e.str());
-       if (alertOnFatalError)
-@@ -533,7 +533,7 @@ int main(int argc, char** argv)
-     const char* configServerName;
-     configServerName = loadViewerParameters(NULL);
-     if (configServerName != NULL)
--      strncpy(defaultServerName, configServerName, VNCSERVERNAMELEN);
-+      strncpy(defaultServerName, configServerName, VNCSERVERNAMELEN-1);
-   } catch (rfb::Exception& e) {
-     vlog.error("%s", e.str());
-     if (alertOnFatalError)
--- 
-2.19.2
-
diff --git a/user/tigervnc/APKBUILD b/user/tigervnc/APKBUILD
index 59da8dae1..3acea2e2d 100644
--- a/user/tigervnc/APKBUILD
+++ b/user/tigervnc/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: A. Wilcox <awilfox@adelielinux.org>
 pkgname=tigervnc
 pkgver=1.9.0
-pkgrel=2
+pkgrel=4
 pkgdesc="High-performance, platform-neutral VNC remote desktop application"
 url="https://tigervnc.org/"
 arch="all"
@@ -17,7 +17,9 @@ source="tigervnc-$pkgver.tar.gz::https://github.com/TigerVNC/tigervnc/archive/v$
 	use-intltool.patch
 	endian.patch
 	0001-CSecurityTLS-Use-size_t-as-argument-for-new.patch
-	0002-vncviewer-Ensure-buffer-always-has-0-termination.patch
+	null-termination.patch
+	initialise-var.patch
+	ensure-throw.patch
 	"
 
 build() {
@@ -45,4 +47,6 @@ sha512sums="333910f567e6b5e4a5a22d898b2d4c3f4b834cb4cc8fc13ff55d31401894c0d5122a
 5c1cee98b7ba41c7cf121480fdfe16d5ef17c9562ff2ba3ea4e74235161fc63e2e3ed63e788c0aa999610b660b394c1269d6fdcc9716c5563651fd67d723f619  use-intltool.patch
 189a51a542b368e4db22174d09f5b656848e94577bbf93b2388f54529f1c7c2d32e5b5283551b3fb067ba21f6464f60989e22d4cd11ed3d87d5c931301555b49  endian.patch
 f95328f6b669e6608b9971de3db25d5eb26a733fbe32f13291c309ed57eacba6c86461a516c3b8cdc12ff7482ee0249a45189864d473d52df81df0a3541d95b9  0001-CSecurityTLS-Use-size_t-as-argument-for-new.patch
-f7282c7c12e51878540be7dd45b9a00ea5d54fa13fe0cfe90f003c1b36f410ce023dfa64c64d1fb3923955c6459d25e1afe7b504651b4e9e8a2f6f9ac9e51b83  0002-vncviewer-Ensure-buffer-always-has-0-termination.patch"
+82566734e5288e899048b918ce47f5abc3b94196e88d54fa0b0ef68c20d1fcd9d5854f36a0043d28f81dc6213c9ee8cf55fb187aeeb8add5fc31765f6a5b23bb  null-termination.patch
+a7fb612d7e3625b66db66ffc7e3f28f2e47f79b858ff1fd9e403576ef2b8ff7bc8cf83a6f67439de6242e4a11a0144119d040f8f9e917e17a8af512b47067360  initialise-var.patch
+4656a617dcb2bd28b653932fa034b7d46c49a08be4ba90501a9d1ddfad2130209664abf7bf5227f0afc926a568eb83e8e5f25e73887bf2561b2077fb1dab84c9  ensure-throw.patch"
diff --git a/user/tigervnc/ensure-throw.patch b/user/tigervnc/ensure-throw.patch
new file mode 100644
index 000000000..da873fe21
--- /dev/null
+++ b/user/tigervnc/ensure-throw.patch
@@ -0,0 +1,59 @@
+From 78bdd1700c4e42b492286a2af25bea0825848f99 Mon Sep 17 00:00:00 2001
+From: Pierre Ossman <ossman@cendio.se>
+Date: Tue, 26 Mar 2019 11:10:28 +0100
+Subject: [PATCH] Add missing throws for exception
+
+It is not enough to create an exception object, you need to throw
+it as well.
+---
+ common/rfb/CSecurityTLS.cxx | 10 +++++-----
+ win/rfb_win32/Registry.cxx  |  2 +-
+ 2 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
+index c6d1e3103..aa1910909 100644
+--- a/common/rfb/CSecurityTLS.cxx
++++ b/common/rfb/CSecurityTLS.cxx
+@@ -391,7 +391,7 @@ void CSecurityTLS::checkSession()
+                           "authority:\n\n%s\n\nDo you want to save it and "
+                           "continue?\n ", info.data);
+   if (len < 0)
+-    AuthFailureException("certificate decoding error");
++    throw AuthFailureException("certificate decoding error");
+ 
+   vlog.debug("%s", info.data);
+ 
+@@ -417,16 +417,16 @@ void CSecurityTLS::checkSession()
+ 
+   if (gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_PEM, NULL, &out_size)
+       == GNUTLS_E_SHORT_MEMORY_BUFFER)
+-    AuthFailureException("Out of memory");
++    throw AuthFailureException("Out of memory");
+ 
+   // Save cert
+   out_buf =  new char[out_size];
+   if (out_buf == NULL)
+-    AuthFailureException("Out of memory");
++    throw AuthFailureException("Out of memory");
+ 
+   if (gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_PEM, out_buf, &out_size) < 0)
+-    AuthFailureException("certificate issuer unknown, and certificate "
+-			 "export failed");
++    throw AuthFailureException("certificate issuer unknown, and certificate "
++                               "export failed");
+ 
+   char *homeDir = NULL;
+   if (getvnchomedir(&homeDir) == -1)
+diff --git a/win/rfb_win32/Registry.cxx b/win/rfb_win32/Registry.cxx
+index 963a36a29..9cd501842 100644
+--- a/win/rfb_win32/Registry.cxx
++++ b/win/rfb_win32/Registry.cxx
+@@ -254,7 +254,7 @@ TCHAR* RegKey::getRepresentation(const TCHAR* valname) const {
+       TCharArray result(required);
+       length = ExpandEnvironmentStrings(str.buf, result.buf, required);
+       if (required<length)
+-        rdr::Exception("unable to expand environment strings");
++        throw rdr::Exception("unable to expand environment strings");
+       return result.takeBuf();
+     } else {
+       return tstrDup(_T(""));
diff --git a/user/tigervnc/initialise-var.patch b/user/tigervnc/initialise-var.patch
new file mode 100644
index 000000000..f58a4dadc
--- /dev/null
+++ b/user/tigervnc/initialise-var.patch
@@ -0,0 +1,24 @@
+From 44cf1d64ecf80c061c0a2b0f0167094e58782102 Mon Sep 17 00:00:00 2001
+From: Pierre Ossman <ossman@cendio.se>
+Date: Mon, 25 Mar 2019 16:14:49 +0100
+Subject: [PATCH] Don't use un-initialized stride to base constructor
+
+We can use a dummy value here as we set up the buffer and stride
+further down in the constructor.
+---
+ vncviewer/PlatformPixelBuffer.cxx | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/vncviewer/PlatformPixelBuffer.cxx b/vncviewer/PlatformPixelBuffer.cxx
+index 1e9803eb2..ff1935e74 100644
+--- a/vncviewer/PlatformPixelBuffer.cxx
++++ b/vncviewer/PlatformPixelBuffer.cxx
+@@ -36,7 +36,7 @@ static rfb::LogWriter vlog("PlatformPixelBuffer");
+ PlatformPixelBuffer::PlatformPixelBuffer(int width, int height) :
+   FullFramePixelBuffer(rfb::PixelFormat(32, 24, false, true,
+                                        255, 255, 255, 16, 8, 0),
+-                       width, height, 0, stride),
++                       width, height, NULL, 0),
+   Surface(width, height)
+ #if !defined(WIN32) && !defined(__APPLE__)
+   , shminfo(NULL), xim(NULL)
diff --git a/user/tigervnc/null-termination.patch b/user/tigervnc/null-termination.patch
new file mode 100644
index 000000000..e80a4f62d
--- /dev/null
+++ b/user/tigervnc/null-termination.patch
@@ -0,0 +1,39 @@
+From 7240f62ddc06643f982456c05c11d8afe5422069 Mon Sep 17 00:00:00 2001
+From: Pierre Ossman <ossman@cendio.se>
+Date: Tue, 26 Mar 2019 11:11:20 +0100
+Subject: [PATCH] Handle server name overflow properly
+
+We need to make sure it is null terminated on truncation. We also
+need to avoid giving a too large size argument or modern gcc will
+complain.
+---
+ vncviewer/vncviewer.cxx | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/vncviewer/vncviewer.cxx b/vncviewer/vncviewer.cxx
+index d7cbd6e36..4a8370b95 100644
+--- a/vncviewer/vncviewer.cxx
++++ b/vncviewer/vncviewer.cxx
+@@ -411,7 +411,8 @@ potentiallyLoadConfigurationFile(char *vncServerName)
+       newServerName = loadViewerParameters(vncServerName);
+       // This might be empty, but we still need to clear it so we
+       // don't try to connect to the filename
+-      strncpy(vncServerName, newServerName, VNCSERVERNAMELEN);
++      strncpy(vncServerName, newServerName, VNCSERVERNAMELEN-1);
++      vncServerName[VNCSERVERNAMELEN-1] = '\0';
+     } catch (rfb::Exception& e) {
+       vlog.error("%s", e.str());
+       if (alertOnFatalError)
+@@ -541,8 +542,10 @@ int main(int argc, char** argv)
+   try {
+     const char* configServerName;
+     configServerName = loadViewerParameters(NULL);
+-    if (configServerName != NULL)
+-      strncpy(defaultServerName, configServerName, VNCSERVERNAMELEN);
++    if (configServerName != NULL) {
++      strncpy(defaultServerName, configServerName, VNCSERVERNAMELEN-1);
++      defaultServerName[VNCSERVERNAMELEN-1] = '\0';
++    }
+   } catch (rfb::Exception& e) {
+     vlog.error("%s", e.str());
+     if (alertOnFatalError)