05/12: gnu: libvnc: Update to 0.9.13.

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

05/12: gnu: libvnc: Update to 0.9.13.

From:	guix-commits
Subject:	05/12: gnu: libvnc: Update to 0.9.13.
Date:	Tue, 21 Jul 2020 17:57:06 -0400 (EDT)

mbakke pushed a commit to branch master
in repository guix.

commit 2195ad6bd7df591c1f24b5717203b363bc3e1bfd
Author: Marius Bakke <marius@gnu.org>
AuthorDate: Tue Jul 21 22:18:50 2020 +0200

    gnu: libvnc: Update to 0.9.13.
    
    * gnu/packages/patches/libvnc-CVE-2018-20750.patch,
    gnu/packages/patches/libvnc-CVE-2019-15681.patch: Delete files.
    * gnu/local.mk (dist_patch_DATA): Adjust accordingly.
    * gnu/packages/vnc.scm (libvnc): Update to 0.9.13.
    [source](patches): Remove.
    [arguments]: Add phase to patch 'cc' invocation.
---
 gnu/local.mk                                     |  2 --
 gnu/packages/patches/libvnc-CVE-2018-20750.patch | 44 ------------------------
 gnu/packages/patches/libvnc-CVE-2019-15681.patch | 23 -------------
 gnu/packages/vnc.scm                             | 15 +++++---
 4 files changed, 11 insertions(+), 73 deletions(-)

diff --git a/gnu/local.mk b/gnu/local.mk
index 8ba36ac..570e6a3 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1241,8 +1241,6 @@ dist_patch_DATA =                                         
\
   %D%/packages/patches/libutils-add-includes.patch             \
   %D%/packages/patches/libutils-remove-damaging-includes.patch \
   %D%/packages/patches/libvdpau-va-gl-unbundle.patch           \
-  %D%/packages/patches/libvnc-CVE-2018-20750.patch             \
-  %D%/packages/patches/libvnc-CVE-2019-15681.patch             \
   %D%/packages/patches/libvpx-CVE-2016-2818.patch              \
   %D%/packages/patches/libxslt-generated-ids.patch             \
   %D%/packages/patches/libxt-guix-search-paths.patch           \
diff --git a/gnu/packages/patches/libvnc-CVE-2018-20750.patch 
b/gnu/packages/patches/libvnc-CVE-2018-20750.patch
deleted file mode 100644
index 1462436..0000000
--- a/gnu/packages/patches/libvnc-CVE-2018-20750.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 09e8fc02f59f16e2583b34fe1a270c238bd9ffec Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
-Date: Mon, 7 Jan 2019 10:40:01 +0100
-Subject: [PATCH] Limit lenght to INT_MAX bytes in
- rfbProcessFileTransferReadBuffer()
-
-This ammends 15bb719c03cc70f14c36a843dcb16ed69b405707 fix for a heap
-out-of-bound write access in rfbProcessFileTransferReadBuffer() when
-reading a transfered file content in a server. The former fix did not
-work on platforms with a 32-bit int type (expected by rfbReadExact()).
-
-CVE-2018-15127
-<https://github.com/LibVNC/libvncserver/issues/243>
-<https://github.com/LibVNC/libvncserver/issues/273>
----
- libvncserver/rfbserver.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
-index 7af84906..f2edbeea 100644
---- a/libvncserver/rfbserver.c
-+++ b/libvncserver/rfbserver.c
-@@ -88,6 +88,8 @@
- #include <errno.h>
- /* strftime() */
- #include <time.h>
-+/* INT_MAX */
-+#include <limits.h>
- 
- #ifdef LIBVNCSERVER_WITH_WEBSOCKETS
- #include "rfbssl.h"
-@@ -1472,8 +1474,11 @@ char *rfbProcessFileTransferReadBuffer(rfbClientPtr cl, 
uint32_t length)
-        0XFFFFFFFF, i.e. SIZE_MAX for 32-bit systems. On 64-bit systems, a 
length of 0XFFFFFFFF
-        will safely be allocated since this check will never trigger and 
malloc() can digest length+1
-        without problems as length is a uint32_t.
-+       We also later pass length to rfbReadExact() that expects a signed int 
type and
-+       that might wrap on platforms with a 32-bit int type if length is bigger
-+       than 0X7FFFFFFF.
-     */
--    if(length == SIZE_MAX) {
-+    if(length == SIZE_MAX || length > INT_MAX) {
-       rfbErr("rfbProcessFileTransferReadBuffer: too big file transfer length 
requested: %u", (unsigned int)length);
-       rfbCloseClient(cl);
-       return NULL;
diff --git a/gnu/packages/patches/libvnc-CVE-2019-15681.patch 
b/gnu/packages/patches/libvnc-CVE-2019-15681.patch
deleted file mode 100644
index e328d87..0000000
--- a/gnu/packages/patches/libvnc-CVE-2019-15681.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-From d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a Mon Sep 17 00:00:00 2001
-From: Christian Beier <dontmind@freeshell.org>
-Date: Mon, 19 Aug 2019 22:32:25 +0200
-Subject: [PATCH] rfbserver: don't leak stack memory to the remote
-
-Thanks go to Pavel Cheremushkin of Kaspersky for reporting.
----
- libvncserver/rfbserver.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
-index 3bacc891..310e5487 100644
---- a/libvncserver/rfbserver.c
-+++ b/libvncserver/rfbserver.c
-@@ -3724,6 +3724,8 @@ rfbSendServerCutText(rfbScreenInfoPtr rfbScreen,char 
*str, int len)
-     rfbServerCutTextMsg sct;
-     rfbClientIteratorPtr iterator;
- 
-+    memset((char *)&sct, 0, sizeof(sct));
-+
-     iterator = rfbGetClientIterator(rfbScreen);
-     while ((cl = rfbClientIteratorNext(iterator)) != NULL) {
-         sct.type = rfbServerCutText;
diff --git a/gnu/packages/vnc.scm b/gnu/packages/vnc.scm
index a084b30..ab89bad 100644
--- a/gnu/packages/vnc.scm
+++ b/gnu/packages/vnc.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2019 Todor Kondić <tk.code@protonmail.com>
 ;;; Copyright © 2020 Oleg Pykhalov <go.wigust@gmail.com>
 ;;; Copyright © 2020 Hartmut Goebel <h.goebel@crazy-compilers.com>
+;;; Copyright © 2020 Marius Bakke <marius@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -233,7 +234,7 @@ where the server is installed.")))
 (define-public libvnc
   (package
     (name "libvnc")
-    (version "0.9.12")
+    (version "0.9.13")
     (source
      (origin
        (method git-fetch)
@@ -242,10 +243,16 @@ where the server is installed.")))
              (commit (string-append "LibVNCServer-" version))))
        (file-name (git-file-name name version))
        (sha256
-        (base32 "1226hb179l914919f5nm2mlf8rhaarqbf48aa649p4rwmghyx9vm"))
-       (patches (search-patches "libvnc-CVE-2018-20750.patch"
-                                "libvnc-CVE-2019-15681.patch"))))
+        (base32 "0zz0hslw8b1p3crnfy3xnmrljik359h83dpk64s697dqdcrzy141"))))
     (build-system cmake-build-system)
+    (arguments
+     '(#:phases (modify-phases %standard-phases
+                  (add-after 'unpack 'patch-cc-reference
+                    (lambda _
+                      (substitute* "test/includetest.sh"
+                        (("^cc -I")
+                         "gcc -I"))
+                      #t)))))
     (native-inputs
      `(("pkg-config" ,pkg-config)))
     (inputs

[Prev in Thread]

Current Thread

[Next in Thread]

branch master updated (d2e0b16 -> 20cc8f9), guix-commits, 2020/07/21
- 01/12: gnu: bubblewrap: Build with Python 3., guix-commits, 2020/07/21
- 02/12: gnu: xorg-server: Update to 1.20.8., guix-commits, 2020/07/21
- 04/12: services: ganeti: Fix erroneous gexp., guix-commits, 2020/07/21
- 05/12: gnu: libvnc: Update to 0.9.13., guix-commits <=
- 03/12: gnu: OpenSC: Update to 0.20.0 [security fixes]., guix-commits, 2020/07/21
- 08/12: gnu: Add intel-xed., guix-commits, 2020/07/21
- 06/12: gnu: twm: Update to 1.0.11., guix-commits, 2020/07/21
- 07/12: gnu: nsd: Update to 4.3.1., guix-commits, 2020/07/21
- 09/12: gnu: Add remid-lv2., guix-commits, 2020/07/21
- 11/12: gnu: git-annex: Update to 8.20200720.1., guix-commits, 2020/07/21
- 12/12: gnu: patchelf: Update to 0.11., guix-commits, 2020/07/21
- 10/12: gnu: Add chaiscript., guix-commits, 2020/07/21

Prev by Date: 04/12: services: ganeti: Fix erroneous gexp.
Next by Date: 03/12: gnu: OpenSC: Update to 0.20.0 [security fixes].
Previous by thread: 04/12: services: ganeti: Fix erroneous gexp.
Next by thread: 03/12: gnu: OpenSC: Update to 0.20.0 [security fixes].
Index(es):
- Date
- Thread