[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#39228] [Patch v2] gnu: Add libvnc.
|
From: |
Hartmut Goebel |
|
Subject: |
[bug#39228] [Patch v2] gnu: Add libvnc. |
|
Date: |
Tue, 21 Jan 2020 22:52:21 +0100 |
* gnu/packages/libvnc.scm,
gnu/packages/patches/libvnc-CVE-2018-20750.patch,
gnu/packages/patches/libvnc-CVE-2019-15681.patch: New files.
* gnu/lokal.mk: Add them.
---
gnu/local.mk | 3 +
gnu/packages/libvnc.scm | 65 +++++++++++++++++++
.../patches/libvnc-CVE-2018-20750.patch | 44 +++++++++++++
.../patches/libvnc-CVE-2019-15681.patch | 23 +++++++
4 files changed, 135 insertions(+)
create mode 100644 gnu/packages/libvnc.scm
create mode 100644 gnu/packages/patches/libvnc-CVE-2018-20750.patch
create mode 100644 gnu/packages/patches/libvnc-CVE-2019-15681.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 286bcb67dd..f1107bf728 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -311,6 +311,7 @@ GNU_SYSTEM_MODULES = \
%D%/packages/libunistring.scm \
%D%/packages/libusb.scm \
%D%/packages/libunwind.scm \
+ %D%/packages/libvnc.scm \
%D%/packages/lighting.scm \
%D%/packages/linux.scm \
%D%/packages/lirc.scm \
@@ -1122,6 +1123,8 @@ dist_patch_DATA =
\
%D%/packages/patches/libutils-add-includes.patch \
%D%/packages/patches/libutils-remove-damaging-includes.patch \
%D%/packages/patches/libvdpau-va-gl-unbundle.patch \
+ %D%/packages/patches/libvnc-CVE-2018-20750.patch \
+ %D%/packages/patches/libvnc-CVE-2019-15681.patch \
%D%/packages/patches/libvpx-CVE-2016-2818.patch \
%D%/packages/patches/libvpx-use-after-free-in-postproc.patch \
%D%/packages/patches/libxslt-generated-ids.patch \
diff --git a/gnu/packages/libvnc.scm b/gnu/packages/libvnc.scm
new file mode 100644
index 0000000000..091d331ce9
--- /dev/null
+++ b/gnu/packages/libvnc.scm
@@ -0,0 +1,65 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017, 2020 Hartmut Goebel <address@hidden>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages libvnc)
+ #:use-module (guix build-system cmake)
+ #:use-module (guix git-download)
+ #:use-module ((guix licenses) #:prefix license:)
+ #:use-module (guix packages)
+ #:use-module (guix utils)
+ #:use-module (gnu packages)
+ #:use-module (gnu packages compression)
+ #:use-module (gnu packages gnupg)
+ #:use-module (gnu packages image)
+ #:use-module (gnu packages pkg-config)
+ #:use-module (gnu packages sdl)
+ #:use-module (gnu packages tls))
+
+(define-public libvnc
+ (package
+ (name "libvnc")
+ (version "0.9.12")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/LibVNC/libvncserver.git";)
+ (commit (string-append "LibVNCServer-" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "1226hb179l914919f5nm2mlf8rhaarqbf48aa649p4rwmghyx9vm"))
+ (patches (search-patches "libvnc-CVE-2018-20750.patch"
+ "libvnc-CVE-2019-15681.patch"))))
+ (build-system cmake-build-system)
+ (native-inputs
+ `(("pkg-config" ,pkg-config)))
+ (inputs
+ `(("gnutls" ,gnutls)
+ ("libgcrypt" ,libgcrypt)
+ ("libjpeg" ,libjpeg)
+ ("libpng" ,libpng)
+ ("lzo" ,lzo)
+ ("sdl2" ,sdl2)))
+ (home-page "https://libvnc.github.io/";)
+ (synopsis "Cross-platform C libraries for implementing VNC server or
+client")
+ (description "This package provides @code{LibVNCServer} and
+@code{LibVNCClient}. These are cross-platform C libraries that allow you to
+easily implement VNC server or client functionality in your program.")
+ (license ;; GPL for programs, FDL for documentation
+ (list license:gpl2+ license:fdl1.2+))))
diff --git a/gnu/packages/patches/libvnc-CVE-2018-20750.patch
b/gnu/packages/patches/libvnc-CVE-2018-20750.patch
new file mode 100644
index 0000000000..146243670a
--- /dev/null
+++ b/gnu/packages/patches/libvnc-CVE-2018-20750.patch
@@ -0,0 +1,44 @@
+From 09e8fc02f59f16e2583b34fe1a270c238bd9ffec Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <address@hidden>
+Date: Mon, 7 Jan 2019 10:40:01 +0100
+Subject: [PATCH] Limit lenght to INT_MAX bytes in
+ rfbProcessFileTransferReadBuffer()
+
+This ammends 15bb719c03cc70f14c36a843dcb16ed69b405707 fix for a heap
+out-of-bound write access in rfbProcessFileTransferReadBuffer() when
+reading a transfered file content in a server. The former fix did not
+work on platforms with a 32-bit int type (expected by rfbReadExact()).
+
+CVE-2018-15127
+<https://github.com/LibVNC/libvncserver/issues/243>
+<https://github.com/LibVNC/libvncserver/issues/273>
+---
+ libvncserver/rfbserver.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
+index 7af84906..f2edbeea 100644
+--- a/libvncserver/rfbserver.c
++++ b/libvncserver/rfbserver.c
+@@ -88,6 +88,8 @@
+ #include <errno.h>
+ /* strftime() */
+ #include <time.h>
++/* INT_MAX */
++#include <limits.h>
+
+ #ifdef LIBVNCSERVER_WITH_WEBSOCKETS
+ #include "rfbssl.h"
+@@ -1472,8 +1474,11 @@ char *rfbProcessFileTransferReadBuffer(rfbClientPtr cl,
uint32_t length)
+ 0XFFFFFFFF, i.e. SIZE_MAX for 32-bit systems. On 64-bit systems, a
length of 0XFFFFFFFF
+ will safely be allocated since this check will never trigger and
malloc() can digest length+1
+ without problems as length is a uint32_t.
++ We also later pass length to rfbReadExact() that expects a signed int
type and
++ that might wrap on platforms with a 32-bit int type if length is bigger
++ than 0X7FFFFFFF.
+ */
+- if(length == SIZE_MAX) {
++ if(length == SIZE_MAX || length > INT_MAX) {
+ rfbErr("rfbProcessFileTransferReadBuffer: too big file transfer length
requested: %u", (unsigned int)length);
+ rfbCloseClient(cl);
+ return NULL;
diff --git a/gnu/packages/patches/libvnc-CVE-2019-15681.patch
b/gnu/packages/patches/libvnc-CVE-2019-15681.patch
new file mode 100644
index 0000000000..e328d87920
--- /dev/null
+++ b/gnu/packages/patches/libvnc-CVE-2019-15681.patch
@@ -0,0 +1,23 @@
+From d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a Mon Sep 17 00:00:00 2001
+From: Christian Beier <address@hidden>
+Date: Mon, 19 Aug 2019 22:32:25 +0200
+Subject: [PATCH] rfbserver: don't leak stack memory to the remote
+
+Thanks go to Pavel Cheremushkin of Kaspersky for reporting.
+---
+ libvncserver/rfbserver.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
+index 3bacc891..310e5487 100644
+--- a/libvncserver/rfbserver.c
++++ b/libvncserver/rfbserver.c
+@@ -3724,6 +3724,8 @@ rfbSendServerCutText(rfbScreenInfoPtr rfbScreen,char
*str, int len)
+ rfbServerCutTextMsg sct;
+ rfbClientIteratorPtr iterator;
+
++ memset((char *)&sct, 0, sizeof(sct));
++
+ iterator = rfbGetClientIterator(rfbScreen);
+ while ((cl = rfbClientIteratorNext(iterator)) != NULL) {
+ sct.type = rfbServerCutText;
--
2.21.1
- [bug#39228] [PATCH] gnu: Add libvnc., Hartmut Goebel, 2020/01/21
- [bug#39228] [Patch v2] gnu: Add libvnc.,
Hartmut Goebel <=
- [bug#39228] [PATCH] gnu: Add libvnc., Leo Famulari, 2020/01/21
- [bug#39228] [PATCH] gnu: Add libvnc., Hartmut Goebel, 2020/01/22
- [bug#39228] [PATCH] gnu: Add libvnc., Efraim Flashner, 2020/01/22
- bug#39228: [PATCH] gnu: Add libvnc., Hartmut Goebel, 2020/01/22
- [bug#39228] [PATCH] gnu: Add libvnc., Jonathan Brielmaier, 2020/01/22
- [bug#39228] [PATCH] gnu: Add libvnc., Hartmut Goebel, 2020/01/22
- [bug#39228] [PATCH] gnu: Add libvnc., Leo Famulari, 2020/01/22
- [bug#39228] [PATCH] gnu: Add libvnc., Jonathan Brielmaier, 2020/01/22