02/02: gnu: Add libvnc.

guix-commits
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
02/02: gnu: Add libvnc.

From:	guix-commits
Subject:	02/02: gnu: Add libvnc.
Date:	Wed, 22 Jan 2020 06:45:01 -0500 (EST)
htgoebel pushed a commit to branch master
in repository guix.

commit a789f654a0f370720b2c6b7856b9971dcc1d5eb1
Author: Hartmut Goebel <address@hidden>
AuthorDate: Mon Jan 20 23:43:18 2020 +0100

    gnu: Add libvnc.
    
    * gnu/packages/vnc.scm (libvnc): New variable.
      gnu/packages/patches/libvnc-CVE-2018-20750.patch,
      gnu/packages/patches/libvnc-CVE-2019-15681.patch: New files.
    * gnu/local.mk: Add them.
---
 gnu/local.mk                                     |  2 ++
 gnu/packages/patches/libvnc-CVE-2018-20750.patch | 44 ++++++++++++++++++++++++
 gnu/packages/patches/libvnc-CVE-2019-15681.patch | 23 +++++++++++++
 gnu/packages/vnc.scm                             | 39 +++++++++++++++++++++
 4 files changed, 108 insertions(+)

diff --git a/gnu/local.mk b/gnu/local.mk
index b10ad21..51272b2 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1124,6 +1124,8 @@ dist_patch_DATA =                                         
\
   %D%/packages/patches/libutils-add-includes.patch             \
   %D%/packages/patches/libutils-remove-damaging-includes.patch \
   %D%/packages/patches/libvdpau-va-gl-unbundle.patch           \
+  %D%/packages/patches/libvnc-CVE-2018-20750.patch             \
+  %D%/packages/patches/libvnc-CVE-2019-15681.patch             \
   %D%/packages/patches/libvpx-CVE-2016-2818.patch              \
   %D%/packages/patches/libvpx-use-after-free-in-postproc.patch \
   %D%/packages/patches/libxslt-generated-ids.patch             \
diff --git a/gnu/packages/patches/libvnc-CVE-2018-20750.patch 
b/gnu/packages/patches/libvnc-CVE-2018-20750.patch
new file mode 100644
index 0000000..1462436
--- /dev/null
+++ b/gnu/packages/patches/libvnc-CVE-2018-20750.patch
@@ -0,0 +1,44 @@
+From 09e8fc02f59f16e2583b34fe1a270c238bd9ffec Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <address@hidden>
+Date: Mon, 7 Jan 2019 10:40:01 +0100
+Subject: [PATCH] Limit lenght to INT_MAX bytes in
+ rfbProcessFileTransferReadBuffer()
+
+This ammends 15bb719c03cc70f14c36a843dcb16ed69b405707 fix for a heap
+out-of-bound write access in rfbProcessFileTransferReadBuffer() when
+reading a transfered file content in a server. The former fix did not
+work on platforms with a 32-bit int type (expected by rfbReadExact()).
+
+CVE-2018-15127
+<https://github.com/LibVNC/libvncserver/issues/243>
+<https://github.com/LibVNC/libvncserver/issues/273>
+---
+ libvncserver/rfbserver.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
+index 7af84906..f2edbeea 100644
+--- a/libvncserver/rfbserver.c
++++ b/libvncserver/rfbserver.c
+@@ -88,6 +88,8 @@
+ #include <errno.h>
+ /* strftime() */
+ #include <time.h>
++/* INT_MAX */
++#include <limits.h>
+ 
+ #ifdef LIBVNCSERVER_WITH_WEBSOCKETS
+ #include "rfbssl.h"
+@@ -1472,8 +1474,11 @@ char *rfbProcessFileTransferReadBuffer(rfbClientPtr cl, 
uint32_t length)
+        0XFFFFFFFF, i.e. SIZE_MAX for 32-bit systems. On 64-bit systems, a 
length of 0XFFFFFFFF
+        will safely be allocated since this check will never trigger and 
malloc() can digest length+1
+        without problems as length is a uint32_t.
++       We also later pass length to rfbReadExact() that expects a signed int 
type and
++       that might wrap on platforms with a 32-bit int type if length is bigger
++       than 0X7FFFFFFF.
+     */
+-    if(length == SIZE_MAX) {
++    if(length == SIZE_MAX || length > INT_MAX) {
+       rfbErr("rfbProcessFileTransferReadBuffer: too big file transfer length 
requested: %u", (unsigned int)length);
+       rfbCloseClient(cl);
+       return NULL;
diff --git a/gnu/packages/patches/libvnc-CVE-2019-15681.patch 
b/gnu/packages/patches/libvnc-CVE-2019-15681.patch
new file mode 100644
index 0000000..e328d87
--- /dev/null
+++ b/gnu/packages/patches/libvnc-CVE-2019-15681.patch
@@ -0,0 +1,23 @@
+From d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a Mon Sep 17 00:00:00 2001
+From: Christian Beier <address@hidden>
+Date: Mon, 19 Aug 2019 22:32:25 +0200
+Subject: [PATCH] rfbserver: don't leak stack memory to the remote
+
+Thanks go to Pavel Cheremushkin of Kaspersky for reporting.
+---
+ libvncserver/rfbserver.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
+index 3bacc891..310e5487 100644
+--- a/libvncserver/rfbserver.c
++++ b/libvncserver/rfbserver.c
+@@ -3724,6 +3724,8 @@ rfbSendServerCutText(rfbScreenInfoPtr rfbScreen,char 
*str, int len)
+     rfbServerCutTextMsg sct;
+     rfbClientIteratorPtr iterator;
+ 
++    memset((char *)&sct, 0, sizeof(sct));
++
+     iterator = rfbGetClientIterator(rfbScreen);
+     while ((cl = rfbClientIteratorNext(iterator)) != NULL) {
+         sct.type = rfbServerCutText;
diff --git a/gnu/packages/vnc.scm b/gnu/packages/vnc.scm
index e715e10..e1cba08 100644
--- a/gnu/packages/vnc.scm
+++ b/gnu/packages/vnc.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2019 Todor Kondić <address@hidden>
 ;;; Copyright © 2020 Oleg Pykhalov <address@hidden>
+;;; Copyright © 2020 Hartmut Goebel <address@hidden>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -24,6 +25,7 @@
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix utils)
+  #:use-module (gnu packages)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages base)
   #:use-module (gnu packages cmake)
@@ -31,9 +33,12 @@
   #:use-module (gnu packages compression)
   #:use-module (gnu packages fltk)
   #:use-module (gnu packages gettext)
+  #:use-module (gnu packages gnupg)
   #:use-module (gnu packages image)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages perl)
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages sdl)
   #:use-module (gnu packages tls)
   #:use-module (gnu packages xorg))
 
@@ -232,3 +237,37 @@ applications.  It also provides extensions for advanced 
authentication methods
 and TLS encryption.  This package installs the VNC server, a program that will
 enable users with VNC clients to log into a graphical session on the machine
 where the server is installed.")))
+
+(define-public libvnc
+  (package
+    (name "libvnc")
+    (version "0.9.12")
+    (source
+     (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/LibVNC/libvncserver.git";)
+             (commit (string-append "LibVNCServer-" version))))
+       (file-name (git-file-name name version))
+       (sha256
+        (base32 "1226hb179l914919f5nm2mlf8rhaarqbf48aa649p4rwmghyx9vm"))
+       (patches (search-patches "libvnc-CVE-2018-20750.patch"
+                                "libvnc-CVE-2019-15681.patch"))))
+    (build-system cmake-build-system)
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (inputs
+     `(("gnutls" ,gnutls)
+       ("libgcrypt" ,libgcrypt)
+       ("libjpeg" ,libjpeg)
+       ("libpng" ,libpng)
+       ("lzo" ,lzo)
+       ("sdl2" ,sdl2)))
+    (home-page "https://libvnc.github.io/";)
+    (synopsis "Cross-platform C libraries for implementing VNC server or
+client")
+    (description "This package provides @code{LibVNCServer} and
+@code{LibVNCClient}.  These are cross-platform C libraries that allow you to
+easily implement VNC server or client functionality in your program.")
+    (license ;; GPL for programs, FDL for documentation
+     (list license:gpl2+ license:fdl1.2+))))
[Prev in Thread]
Current Thread
[Next in Thread]
branch master updated (0f654e6 -> a789f65), guix-commits, 2020/01/22
- 01/02: gnu: Rename module gnutls to tls., guix-commits, 2020/01/22
- 02/02: gnu: Add libvnc., guix-commits <=
Prev by Date: branch master updated (0f654e6 -> a789f65)
Next by Date: branch master updated (a789f65 -> fe10934)
Previous by thread: 01/02: gnu: Rename module gnutls to tls.
Next by thread: branch master updated (a789f65 -> fe10934)
Index(es):
- Date
- Thread