Revision bump unbundles libvncserver, bug #515276.

Package-Manager: portage-2.2.10/cvs/Linux x86_64 Manifest-Sign-Key: 0xF3CFD2BD
author: Johannes Huber <johu@gentoo.org> 2014-07-31 20:47:05 +0000
committer: Johannes Huber <johu@gentoo.org> 2014-07-31 20:47:05 +0000
commit: fe0e3d41a2fbf1cf4806d1867e3b3bb1a903dfd4 (patch)
tree: 8eae2a36767df0febcffefa08503794c39fe397d
parent: version bump (diff)
download: historical-fe0e3d41a2fbf1cf4806d1867e3b3bb1a903dfd4.tar.gz
historical-fe0e3d41a2fbf1cf4806d1867e3b3bb1a903dfd4.tar.bz2
historical-fe0e3d41a2fbf1cf4806d1867e3b3bb1a903dfd4.zip
5 files changed, 205 insertions, 17 deletions
diff --git a/kde-base/krfb/ChangeLog b/kde-base/krfb/ChangeLog
index 84793b58c1bf..21caa648508e 100644
--- a/kde-base/krfb/ChangeLog
+++ b/kde-base/krfb/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for kde-base/krfb
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/kde-base/krfb/ChangeLog,v 1.317 2014/07/23 16:53:05 johu Exp $
+# $Header: /var/cvsroot/gentoo-x86/kde-base/krfb/ChangeLog,v 1.318 2014/07/31 20:46:59 johu Exp $
+
+*krfb-4.12.5-r1 (31 Jul 2014)
+*krfb-4.13.3-r1 (31 Jul 2014)
+
+  31 Jul 2014; Johannes Huber <johu@gentoo.org>
+  +files/krfb-4.12.5-CVE-2014-4607-unbundle-libvncserver.patch,
+  +krfb-4.12.5-r1.ebuild, +krfb-4.13.3-r1.ebuild, -krfb-4.13.3.ebuild:
+  Revision bump unbundles libvncserver, bug #515276.
 
   23 Jul 2014; Johannes Huber <johu@gentoo.org> -krfb-4.13.2.ebuild:
   Remove KDE SC 4.13.2
diff --git a/kde-base/krfb/Manifest b/kde-base/krfb/Manifest
index 9167a5aae91d..9dee7cea7e0c 100644
--- a/kde-base/krfb/Manifest
+++ b/kde-base/krfb/Manifest
@@ -1,26 +1,28 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA256
 
+AUX krfb-4.12.5-CVE-2014-4607-unbundle-libvncserver.patch 4795 SHA256 108ca633c41fd6df6537acf95ecca8875b5fb98d87eeb73fdf5554cf862f9297 SHA512 a33f47c552c980eb3f3a025386a21363a1f681641c9cd83636ac27012972573338965544954ff2fa4122d6ccad479c6923fa554ae040ed2902b6d52baf4f4ad2 WHIRLPOOL 3d1c638498941fa4d9935a9c363b34df426718e7c27207b7987201f75f214c63095adc74eb23c1a7e38d9ad5e360559fa20888ddb793b731778d54e26bb3043a
 DIST krfb-4.12.5.tar.xz 467852 SHA256 ddbf0deeff35f2a4ff8bdde5cfd6e0639596439f048ec11988d6e2f3307c2c6b SHA512 ea0e96c243885441caa00e3a3bf49a90c2415030d82a3fc2d73de8be8a2838945952cbec59d90f9118bcfa36afd9b097ecbb1050ae8e05b4afe42c28acb8adb8 WHIRLPOOL 762cd750bb6c0bce3ada0aaba2f168981e3e0dfab2457d931f000a4967fa41d2b1af819fba226ff916ce1afdd41c4f3a874e0a7f74aaf0acea8b149dd5389ab8
 DIST krfb-4.13.3.tar.xz 467852 SHA256 d264f294c691e014763e869b5655c7f7006342576a838847e0d9a7ac0ee29de6 SHA512 fa290ea325d11790be51981797b6cdcedb5fbfe489b8dc1359cd33b2dcb24a193a4c926cd65e9222410770462ef8df4658d72e5978567860187b12471dd8aaf4 WHIRLPOOL c11722ead6e0392fdd45aba0ecfe35bfee104fc86b59f50a07adace1a4985b34c429accc1e91fa2ec9c5488bb1ed3afced22d0a2aeb61a900ff5986154bddebf
+EBUILD krfb-4.12.5-r1.ebuild 885 SHA256 05156f6eed387fadd673d80f077475da8e49871f7e8c07d37eaac3672ef32775 SHA512 0f4b22afbb1bbbcb2bbce00e56d65558e441fdcc0d69aff12203b0986c1e9505d08a25c3c31e6909133bd6ffd50f536ded3b63438af677f15e7baa9583f593f2 WHIRLPOOL 35f7b37fd2fbde41d6120bce53877baaec0b91fc1a62de0c9f69a3df78da87ee1d69b2e05bce0e2de9ab13ac5e81731a198051184ec61547fa911679d81cd952
 EBUILD krfb-4.12.5.ebuild 772 SHA256 419f7640941a00120e56ae3b290a1fff3ec061efd3c500930306b5b91c1824a6 SHA512 97363610d4c1ffff53ec7b9b7aa30e5f1f8c83c76b4289fe5c9f5fd66e76eeed7c23d427028197ad908bec85e1678dc56523c12b9f048d19cd6d6c95df19d9b0 WHIRLPOOL 00e9578739045c5b8bca07c33cb20582d910e88170290bd42d10e6e314eb750cb22657cb55023e7eb016d20dcc0ab1bce4d4d1351afb0556946888dfd006c078
-EBUILD krfb-4.13.3.ebuild 784 SHA256 2f2eabba1f8f54a96ddfd1e1afddac75f5847c2522101d1f7b36b4476407fe6e SHA512 2abdaebf88b4c11200dde84ac92a1b2921b8de358a0e6b998e2fd5389c4076e9210acd1a4cbc24866884b5a59a7019368a6ba8e36fe0f69bf87f39bb7f4cc291 WHIRLPOOL 390700e7db455f7f8dd9c81caf29993fc8616658865c4d9dba57d6d5d2bd55ae07254fb5e45fb2a96e8e730df374eb580b2bf6480028deba5fcd782f97abbcb2
-MISC ChangeLog 35788 SHA256 d2db22a32cbcc885c29a752ff6195f78e634f25e02e43524ba16f71d14946683 SHA512 6b2026e76fd0bbd2f84e21cf199fbdbac4f7bbc103d8d8f8f59a0adb0d448e5e5ff6615dad6290d71ad9c25a214b015558deee9bd630286fa23bf76ce4232db6 WHIRLPOOL 25d81493352c0f8a549e8b8fa83471679a622d696d59a31528095cae70032e16bb8fdde37b3aa1f7a0c0ac9ef52e1b4329b83efac401824bd01fee80a668a84e
+EBUILD krfb-4.13.3-r1.ebuild 900 SHA256 ac29126e479e97b31bde70b613b1b97d092f8bca60677b0fd05dc1662f50034c SHA512 c33b76b2e5799e0a7252b21b16cca1fb1cae3b90d300ffd461549786953d87bbdb52b7ff19e4c2e4d5bc9e16197708468d0e6bd004648643d5cd7f91677e05c5 WHIRLPOOL 150e943a66d1e1966b9b26793cd7815edc4995b853cf654c40b3c410db07cabfe7701c3cfb18526e37d6110554b0088d22a6de30365b7ba466b6d4d324e30e4d
+MISC ChangeLog 36086 SHA256 242b5a8d3a9d2e7999a4c599894d2fa43751a7aa509aeff31efac2c7925b8ff3 SHA512 f3c2ee17129b4f90b85d72d06f86e62bacc65b46694a621c8859ecb7865c0feb74ab8e5b8db240398e8f11537b9fc896459f8b9cc3a191d6c276749096ed0970 WHIRLPOOL e80b750e9ff4d4faa9769439971d8f770c6fb5efc980732961fc14f123ba3030066f1beaa3c48c1889117f337c328a7ab1efeabcb7329fa172d3b052174b8816
 MISC metadata.xml 250 SHA256 36acd199b95ccbe518e598d952522358044d2c1aca8a35f1b76a91d6309259b9 SHA512 c943e28cc6151d9a668704b895ec01d8be4661761142764320e7fc9dcd26f1b349eb4d6fa6101fa63172141a12cdd0c0bb2ade649958de58d6a6bef1b47cfc61 WHIRLPOOL 33fa8923d34970a6441ebca1e491d380fe1a8f35231f17a4ea4a84fc2898c27cd8c45eb621b6585cd64fb8702e1379ba43fb644561c50f62e4962ab6b9c0fcae
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
-iQIcBAEBCAAGBQJTz+iVAAoJEGVpnaTzz9K9raoQAKBkQv6z7HKtGBUt/r/ots5E
-pwKyb963W4Mg2Spk+8Ff5NtI86w2gWbSfvOR3PrdTXbLUJJJTwRjfvlJZAzFTun6
-3z7MQRgs2BFE316edqyLAznRbaFP2SyZ8Jn05GmSRQNoMfHpi6Qz54b9KgcIjGTt
-/mkzs3GGZVv08ybSlKEGdin/wp5lX2GSFwq9wEFz7Pm0G3KH4A/AhOU2VN7tYNy5
-ZMUXjdLmwujX/VgBeFYpwcfB0qkIoP56Kg08OCYFVIOZfO7xMs8i1PKaq7l0z/Ky
-TvlEZDyTHHRcTt2BOGh1YuCLTQprdzwUx6vfea136Js5DMBzw3wNJoKREMTswdqD
-iGz3MIwQ8BnOBG85WtP+7vmHFu3bqOUoNkkbFhrr/zWyds2cgiNUTqs5tpMgwKml
-4s9AXLTcFkRrlr2Dp013zMgp3tt1vvjEJZEEqnx3RdFb1OnSNa0+Dg+96ic8T8eP
-zA51CekyEgvIpptDL6g6lcFH4jLVl157uSoZiuNjoxy31bEmXTtNLCEV51vg8jkf
-m4VN6/3mlSr9r1/2Xi9ZWKsQDNE1h7BfAVlYR4F32kjO2+15Uqzm/YO/7Xjq6j7l
-FLsb2SdysEtzhryRwnrjiqHLZGpgBiA6LCXUp0Jel1G3q5O741HrrquRtvFjxblH
-BL54Eqmi0u+kvI1gPZZl
-=iJ7z
+iQIcBAEBCAAGBQJT2o8IAAoJEGVpnaTzz9K9jPkP/0qHBh8KqXl7Y7FJZZuoamO+
+qFAmi5pc8S2hwhAeO9Hi/tocVXFlrpK+cnirYKAsK5RBJ40Moo7Wr0WfHWUg6HAK
+h7Ae7gKd7QW7OOn+GoX0JkfMDhgRVNzl5DvS6IuZqbEhY2lZDGwnqvDPXS5mp4jD
+qm7WfviMGG990s4Nha5PtBuLYjspMa1LQ+RR6gq8wBdQbIf29YbfXyw4rZxe7b/0
+FZJuuHrW1Mua3uaBiWFGQTIfx3qJ5lPzKfV1svB5Y69wfVxC2GJUNtX+R3rtloUw
+WeAu4s+67yuQFcGuskZxSaDhlZd0IgtHnbt+ZoF11bUwepc75SibrLmDPSaUwAKz
+uh9znKWTW8uTLg0mbcwKF8KrBC6UpTDHk2HC961olW4IEWyVAbw6n4gSxbX6u1Bc
++3ptw+TN7rHFgWCKQoxyKpz1JnrQsFFeNEmeT4hPyYFCELJAZeG9s4hrI7CvJ7ux
+5esydD5HE3uSPlU5KKNEd32tcWwADSd9zWW7d5w4Z8rUc7+k/0EyXSYGre3RaEqE
+aWhdqbHPTEZK4Ke2HKdFHojSGTyf1JN9qKlSszNJGO30H2mtdRutZ39ykoAhuztD
+fxJ4lNE8FyTN6iI5tvmWR/h0rDxOwGvpJusTne1w8HoI3Bhu2wz42et5UQsfsxEZ
+rkJMJHWnILBuWsIYVfya
+=VPMx
 -----END PGP SIGNATURE-----
diff --git a/kde-base/krfb/files/krfb-4.12.5-CVE-2014-4607-unbundle-libvncserver.patch b/kde-base/krfb/files/krfb-4.12.5-CVE-2014-4607-unbundle-libvncserver.patch
new file mode 100644
index 000000000000..32d91a80e823
--- /dev/null
+++ b/kde-base/krfb/files/krfb-4.12.5-CVE-2014-4607-unbundle-libvncserver.patch
@@ -0,0 +1,138 @@
+From 08f7c0c3d122f6096408007a0ac44c586c1c36b7 Mon Sep 17 00:00:00 2001
+From: Johannes Huber <johu@gentoo.org>
+Date: Thu, 31 Jul 2014 19:41:01 +0200
+Subject: [PATCH] CVE-2014-4607: Unbundle libvncserver
+
+http://seclists.org/oss-sec/2014/q2/676
+
+REVIEW: 119548
+---
+ CMakeLists.txt                       | 12 +++++++----
+ cmake/modules/FindLibVNCServer.cmake | 41 ++++++++++++++++++++++++++++++++++++
+ krfb/CMakeLists.txt                  |  2 ++
+ krfb/rfb.h                           |  2 +-
+ 4 files changed, 52 insertions(+), 5 deletions(-)
+ create mode 100644 cmake/modules/FindLibVNCServer.cmake
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 78c19b3..7b0af64 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -26,6 +26,13 @@ if(NOT INSIDE_KDENETWORK)
+     include_directories(${CMAKE_SOURCE_DIR} ${CMAKE_BINARY_DIR} ${KDE4_INCLUDES})
+ endif(NOT INSIDE_KDENETWORK)
+ 
++set(CMAKE_MODULE_PATH
++    "${CMAKE_CURRENT_SOURCE_DIR}/cmake/modules"
++    ${CMAKE_MODULE_PATH}
++)
++
++find_package(LibVNCServer REQUIRED)
++
+ macro_optional_find_package(TelepathyQt4)
+ macro_log_feature(TelepathyQt4_FOUND "telepathy-qt" "Telepathy Qt Bindings" "http://telepathy.freedesktop.org" FALSE "0.9" "Needed to build Telepathy Tubes support.")
+ 
+@@ -35,8 +42,6 @@ macro_bool_to_01(X11_XShm_FOUND HAVE_XSHM)
+ include_directories ("${CMAKE_CURRENT_BINARY_DIR}/krfb"
+                      "${CMAKE_CURRENT_SOURCE_DIR}/krfb"
+                      "${CMAKE_CURRENT_SOURCE_DIR}/krfb/ui"
+-                     "${CMAKE_CURRENT_SOURCE_DIR}/libvncserver/"
+-                     "${CMAKE_CURRENT_BINARY_DIR}/libvncserver/"
+ )
+ 
+ if(Q_WS_X11)
+@@ -45,9 +50,8 @@ if(Q_WS_X11)
+   endif(NOT X11_XTest_FOUND)
+ endif(Q_WS_X11)
+ 
+-add_subdirectory(libvncserver)
+ add_subdirectory(krfb)
+-add_subdirectory (framebuffers)
++add_subdirectory(framebuffers)
+ add_subdirectory(doc)
+ 
+ if (NOT INSIDE_KDENETWORK)
+diff --git a/cmake/modules/FindLibVNCServer.cmake b/cmake/modules/FindLibVNCServer.cmake
+new file mode 100644
+index 0000000..5927ab2
+--- /dev/null
++++ b/cmake/modules/FindLibVNCServer.cmake
+@@ -0,0 +1,41 @@
++# cmake macro to test LIBVNCSERVER LIB
++
++# Copyright (c) 2006, Alessandro Praduroux <pradu@pradu.it>
++# Copyright (c) 2007, Urs Wolfer <uwolfer @ kde.org>
++#
++# Redistribution and use is allowed according to the terms of the BSD license.
++# For details see the accompanying COPYING-CMAKE-SCRIPTS file.
++
++INCLUDE(CheckPointerMember)
++
++IF (LIBVNCSERVER_INCLUDE_DIR AND LIBVNCSERVER_LIBRARIES)
++    # Already in cache, be silent
++    SET(LIBVNCSERVER_FIND_QUIETLY TRUE)
++ENDIF (LIBVNCSERVER_INCLUDE_DIR AND LIBVNCSERVER_LIBRARIES)
++
++FIND_PATH(LIBVNCSERVER_INCLUDE_DIR rfb/rfb.h)
++
++FIND_LIBRARY(LIBVNCSERVER_LIBRARIES NAMES vncserver libvncserver)
++
++# libvncserver and libvncclient are in the same package, so it does
++# not make sense to add a new cmake script for finding libvncclient.
++# instead just find the libvncclient also in this file.
++FIND_PATH(LIBVNCCLIENT_INCLUDE_DIR rfb/rfbclient.h)
++FIND_LIBRARY(LIBVNCCLIENT_LIBRARIES NAMES vncclient libvncclient)
++
++IF (LIBVNCSERVER_INCLUDE_DIR AND LIBVNCSERVER_LIBRARIES)
++   SET(CMAKE_REQUIRED_INCLUDES "${LIBVNCSERVER_INCLUDE_DIR}" "${CMAKE_REQUIRED_INCLUDES}")
++   CHECK_POINTER_MEMBER(rfbClient* GotXCutText rfb/rfbclient.h LIBVNCSERVER_FOUND)
++ENDIF (LIBVNCSERVER_INCLUDE_DIR AND LIBVNCSERVER_LIBRARIES)
++
++IF (LIBVNCSERVER_FOUND)
++  IF (NOT LIBVNCSERVER_FIND_QUIETLY)
++    MESSAGE(STATUS "Found LibVNCServer: ${LIBVNCSERVER_LIBRARIES}")
++  ENDIF (NOT LIBVNCSERVER_FIND_QUIETLY)
++ELSE (LIBVNCSERVER_FOUND)
++  IF (LIBVNCSERVER_FIND_REQUIRED)
++    MESSAGE(FATAL_ERROR "Could NOT find acceptable version of LibVNCServer (version 0.9 or later required).")
++  ENDIF (LIBVNCSERVER_FIND_REQUIRED)
++ENDIF (LIBVNCSERVER_FOUND)
++
++MARK_AS_ADVANCED(LIBVNCSERVER_INCLUDE_DIR LIBVNCSERVER_LIBRARIES)
+\ No newline at end of file
+diff --git a/krfb/CMakeLists.txt b/krfb/CMakeLists.txt
+index bbc508d..08ee30c 100644
+--- a/krfb/CMakeLists.txt
++++ b/krfb/CMakeLists.txt
+@@ -20,6 +20,7 @@ target_link_libraries (krfbprivate
+                        ${QT_QTCORE_LIBRARY}
+                        ${QT_QTGUI_LIBRARY}
+                        ${X11_X11_LIB}
++                       ${LIBVNCSERVER_LIBRARIES}
+ )
+ 
+ set_target_properties (krfbprivate PROPERTIES
+@@ -104,6 +105,7 @@ target_link_libraries (krfb
+                        ${QT_QTNETWORK_LIBRARY}
+                        ${KDE4_KDNSSD_LIBS}
+                        ${KDE4_KDEUI_LIBS}
++                       ${LIBVNCSERVER_LIBRARIES}
+ )
+ 
+ if(TelepathyQt4_FOUND)
+diff --git a/krfb/rfb.h b/krfb/rfb.h
+index 40308a2..fa94eda 100644
+--- a/krfb/rfb.h
++++ b/krfb/rfb.h
+@@ -6,7 +6,7 @@
+ #ifndef KRFB_RFB_H
+ #define KRFB_RFB_H
+ 
+-#include "../libvncserver/rfb/rfb.h"
++#include "rfb/rfb.h"
+ 
+ #undef TRUE
+ #undef FALSE
+-- 
+2.0.2
+
diff --git a/kde-base/krfb/krfb-4.12.5-r1.ebuild b/kde-base/krfb/krfb-4.12.5-r1.ebuild
new file mode 100644
index 000000000000..5e20a4d9d165
--- /dev/null
+++ b/kde-base/krfb/krfb-4.12.5-r1.ebuild
@@ -0,0 +1,37 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/kde-base/krfb/krfb-4.12.5-r1.ebuild,v 1.1 2014/07/31 20:46:59 johu Exp $
+
+EAPI=5
+
+KDE_HANDBOOK="optional"
+inherit kde4-base
+
+DESCRIPTION="VNC-compatible server to share KDE desktops"
+HOMEPAGE="http://www.kde.org/applications/system/krfb/"
+KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
+IUSE="debug telepathy"
+
+DEPEND="
+	>=net-libs/libvncserver-0.9.9
+	sys-libs/zlib
+	virtual/jpeg:0
+	!aqua? (
+		x11-libs/libX11
+		x11-libs/libXdamage
+		x11-libs/libXext
+		x11-libs/libXtst
+	)
+	telepathy? ( >=net-libs/telepathy-qt-0.9 )
+"
+RDEPEND="${DEPEND}"
+
+PATCHES=( "${FILESDIR}/${P}-CVE-2014-4607-unbundle-libvncserver.patch" )
+
+src_configure() {
+	mycmakeargs=(
+		$(cmake-utils_use_with telepathy TelepathyQt4)
+	)
+
+	kde4-base_src_configure
+}
diff --git a/kde-base/krfb/krfb-4.13.3.ebuild b/kde-base/krfb/krfb-4.13.3-r1.ebuild
index fe272d342d32..9e8b194961b7 100644
--- a/kde-base/krfb/krfb-4.13.3.ebuild
+++ b/kde-base/krfb/krfb-4.13.3-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/kde-base/krfb/krfb-4.13.3.ebuild,v 1.1 2014/07/16 17:41:02 johu Exp $
+# $Header: /var/cvsroot/gentoo-x86/kde-base/krfb/krfb-4.13.3-r1.ebuild,v 1.1 2014/07/31 20:46:59 johu Exp $
 
 EAPI=5
 
@@ -13,6 +13,7 @@ KEYWORDS=" ~amd64 ~arm ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux"
 IUSE="debug telepathy"
 
 DEPEND="
+	>=net-libs/libvncserver-0.9.9
 	sys-libs/zlib
 	virtual/jpeg:0
 	!aqua? (
@@ -25,6 +26,8 @@ DEPEND="
 "
 RDEPEND="${DEPEND}"
 
+PATCHES=( "${FILESDIR}/${PN}-4.12.5-CVE-2014-4607-unbundle-libvncserver.patch" )
+
 src_configure() {
 	local mycmakeargs=(
 		$(cmake-utils_use_with telepathy TelepathyQt4)
author	Johannes Huber <johu@gentoo.org>	2014-07-31 20:47:05 +0000
committer	Johannes Huber <johu@gentoo.org>	2014-07-31 20:47:05 +0000
commit	fe0e3d41a2fbf1cf4806d1867e3b3bb1a903dfd4 (patch)
tree	8eae2a36767df0febcffefa08503794c39fe397d
parent	version bump (diff)
download	historical-fe0e3d41a2fbf1cf4806d1867e3b3bb1a903dfd4.tar.gz historical-fe0e3d41a2fbf1cf4806d1867e3b3bb1a903dfd4.tar.bz2 historical-fe0e3d41a2fbf1cf4806d1867e3b3bb1a903dfd4.zip