summaryrefslogtreecommitdiff
path: root/gnu/packages
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages')
-rw-r--r--gnu/packages/patches/libvnc-CVE-2018-20750.patch44
-rw-r--r--gnu/packages/patches/libvnc-CVE-2019-15681.patch23
-rw-r--r--gnu/packages/vnc.scm15
3 files changed, 11 insertions, 71 deletions
diff --git a/gnu/packages/patches/libvnc-CVE-2018-20750.patch b/gnu/packages/patches/libvnc-CVE-2018-20750.patch
deleted file mode 100644
index 146243670a..0000000000
--- a/gnu/packages/patches/libvnc-CVE-2018-20750.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 09e8fc02f59f16e2583b34fe1a270c238bd9ffec Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
-Date: Mon, 7 Jan 2019 10:40:01 +0100
-Subject: [PATCH] Limit lenght to INT_MAX bytes in
- rfbProcessFileTransferReadBuffer()
-
-This ammends 15bb719c03cc70f14c36a843dcb16ed69b405707 fix for a heap
-out-of-bound write access in rfbProcessFileTransferReadBuffer() when
-reading a transfered file content in a server. The former fix did not
-work on platforms with a 32-bit int type (expected by rfbReadExact()).
-
-CVE-2018-15127
-<https://github.com/LibVNC/libvncserver/issues/243>
-<https://github.com/LibVNC/libvncserver/issues/273>
----
- libvncserver/rfbserver.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
-index 7af84906..f2edbeea 100644
---- a/libvncserver/rfbserver.c
-+++ b/libvncserver/rfbserver.c
-@@ -88,6 +88,8 @@
- #include <errno.h>
- /* strftime() */
- #include <time.h>
-+/* INT_MAX */
-+#include <limits.h>
-
- #ifdef LIBVNCSERVER_WITH_WEBSOCKETS
- #include "rfbssl.h"
-@@ -1472,8 +1474,11 @@ char *rfbProcessFileTransferReadBuffer(rfbClientPtr cl, uint32_t length)
- 0XFFFFFFFF, i.e. SIZE_MAX for 32-bit systems. On 64-bit systems, a length of 0XFFFFFFFF
- will safely be allocated since this check will never trigger and malloc() can digest length+1
- without problems as length is a uint32_t.
-+ We also later pass length to rfbReadExact() that expects a signed int type and
-+ that might wrap on platforms with a 32-bit int type if length is bigger
-+ than 0X7FFFFFFF.
- */
-- if(length == SIZE_MAX) {
-+ if(length == SIZE_MAX || length > INT_MAX) {
- rfbErr("rfbProcessFileTransferReadBuffer: too big file transfer length requested: %u", (unsigned int)length);
- rfbCloseClient(cl);
- return NULL;
diff --git a/gnu/packages/patches/libvnc-CVE-2019-15681.patch b/gnu/packages/patches/libvnc-CVE-2019-15681.patch
deleted file mode 100644
index e328d87920..0000000000
--- a/gnu/packages/patches/libvnc-CVE-2019-15681.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-From d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a Mon Sep 17 00:00:00 2001
-From: Christian Beier <dontmind@freeshell.org>
-Date: Mon, 19 Aug 2019 22:32:25 +0200
-Subject: [PATCH] rfbserver: don't leak stack memory to the remote
-
-Thanks go to Pavel Cheremushkin of Kaspersky for reporting.
----
- libvncserver/rfbserver.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
-index 3bacc891..310e5487 100644
---- a/libvncserver/rfbserver.c
-+++ b/libvncserver/rfbserver.c
-@@ -3724,6 +3724,8 @@ rfbSendServerCutText(rfbScreenInfoPtr rfbScreen,char *str, int len)
- rfbServerCutTextMsg sct;
- rfbClientIteratorPtr iterator;
-
-+ memset((char *)&sct, 0, sizeof(sct));
-+
- iterator = rfbGetClientIterator(rfbScreen);
- while ((cl = rfbClientIteratorNext(iterator)) != NULL) {
- sct.type = rfbServerCutText;
diff --git a/gnu/packages/vnc.scm b/gnu/packages/vnc.scm
index a084b30f59..ab89bad7aa 100644
--- a/gnu/packages/vnc.scm
+++ b/gnu/packages/vnc.scm
@@ -2,6 +2,7 @@
;;; Copyright © 2019 Todor Kondić <tk.code@protonmail.com>
;;; Copyright © 2020 Oleg Pykhalov <go.wigust@gmail.com>
;;; Copyright © 2020 Hartmut Goebel <h.goebel@crazy-compilers.com>
+;;; Copyright © 2020 Marius Bakke <marius@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -233,7 +234,7 @@ where the server is installed.")))
(define-public libvnc
(package
(name "libvnc")
- (version "0.9.12")
+ (version "0.9.13")
(source
(origin
(method git-fetch)
@@ -242,10 +243,16 @@ where the server is installed.")))
(commit (string-append "LibVNCServer-" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "1226hb179l914919f5nm2mlf8rhaarqbf48aa649p4rwmghyx9vm"))
- (patches (search-patches "libvnc-CVE-2018-20750.patch"
- "libvnc-CVE-2019-15681.patch"))))
+ (base32 "0zz0hslw8b1p3crnfy3xnmrljik359h83dpk64s697dqdcrzy141"))))
(build-system cmake-build-system)
+ (arguments
+ '(#:phases (modify-phases %standard-phases
+ (add-after 'unpack 'patch-cc-reference
+ (lambda _
+ (substitute* "test/includetest.sh"
+ (("^cc -I")
+ "gcc -I"))
+ #t)))))
(native-inputs
`(("pkg-config" ,pkg-config)))
(inputs