summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohannes Huber <johu@gentoo.org>2014-07-31 20:47:05 +0000
committerJohannes Huber <johu@gentoo.org>2014-07-31 20:47:05 +0000
commitfe0e3d41a2fbf1cf4806d1867e3b3bb1a903dfd4 (patch)
tree8eae2a36767df0febcffefa08503794c39fe397d /kde-base/krfb/files
parentversion bump (diff)
downloadhistorical-fe0e3d41a2fbf1cf4806d1867e3b3bb1a903dfd4.tar.gz
historical-fe0e3d41a2fbf1cf4806d1867e3b3bb1a903dfd4.tar.bz2
historical-fe0e3d41a2fbf1cf4806d1867e3b3bb1a903dfd4.zip
Revision bump unbundles libvncserver, bug #515276.
Package-Manager: portage-2.2.10/cvs/Linux x86_64 Manifest-Sign-Key: 0xF3CFD2BD
Diffstat (limited to 'kde-base/krfb/files')
-rw-r--r--kde-base/krfb/files/krfb-4.12.5-CVE-2014-4607-unbundle-libvncserver.patch138
1 files changed, 138 insertions, 0 deletions
diff --git a/kde-base/krfb/files/krfb-4.12.5-CVE-2014-4607-unbundle-libvncserver.patch b/kde-base/krfb/files/krfb-4.12.5-CVE-2014-4607-unbundle-libvncserver.patch
new file mode 100644
index 000000000000..32d91a80e823
--- /dev/null
+++ b/kde-base/krfb/files/krfb-4.12.5-CVE-2014-4607-unbundle-libvncserver.patch
@@ -0,0 +1,138 @@
+From 08f7c0c3d122f6096408007a0ac44c586c1c36b7 Mon Sep 17 00:00:00 2001
+From: Johannes Huber <johu@gentoo.org>
+Date: Thu, 31 Jul 2014 19:41:01 +0200
+Subject: [PATCH] CVE-2014-4607: Unbundle libvncserver
+
+http://seclists.org/oss-sec/2014/q2/676
+
+REVIEW: 119548
+---
+ CMakeLists.txt | 12 +++++++----
+ cmake/modules/FindLibVNCServer.cmake | 41 ++++++++++++++++++++++++++++++++++++
+ krfb/CMakeLists.txt | 2 ++
+ krfb/rfb.h | 2 +-
+ 4 files changed, 52 insertions(+), 5 deletions(-)
+ create mode 100644 cmake/modules/FindLibVNCServer.cmake
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 78c19b3..7b0af64 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -26,6 +26,13 @@ if(NOT INSIDE_KDENETWORK)
+ include_directories(${CMAKE_SOURCE_DIR} ${CMAKE_BINARY_DIR} ${KDE4_INCLUDES})
+ endif(NOT INSIDE_KDENETWORK)
+
++set(CMAKE_MODULE_PATH
++ "${CMAKE_CURRENT_SOURCE_DIR}/cmake/modules"
++ ${CMAKE_MODULE_PATH}
++)
++
++find_package(LibVNCServer REQUIRED)
++
+ macro_optional_find_package(TelepathyQt4)
+ macro_log_feature(TelepathyQt4_FOUND "telepathy-qt" "Telepathy Qt Bindings" "http://telepathy.freedesktop.org" FALSE "0.9" "Needed to build Telepathy Tubes support.")
+
+@@ -35,8 +42,6 @@ macro_bool_to_01(X11_XShm_FOUND HAVE_XSHM)
+ include_directories ("${CMAKE_CURRENT_BINARY_DIR}/krfb"
+ "${CMAKE_CURRENT_SOURCE_DIR}/krfb"
+ "${CMAKE_CURRENT_SOURCE_DIR}/krfb/ui"
+- "${CMAKE_CURRENT_SOURCE_DIR}/libvncserver/"
+- "${CMAKE_CURRENT_BINARY_DIR}/libvncserver/"
+ )
+
+ if(Q_WS_X11)
+@@ -45,9 +50,8 @@ if(Q_WS_X11)
+ endif(NOT X11_XTest_FOUND)
+ endif(Q_WS_X11)
+
+-add_subdirectory(libvncserver)
+ add_subdirectory(krfb)
+-add_subdirectory (framebuffers)
++add_subdirectory(framebuffers)
+ add_subdirectory(doc)
+
+ if (NOT INSIDE_KDENETWORK)
+diff --git a/cmake/modules/FindLibVNCServer.cmake b/cmake/modules/FindLibVNCServer.cmake
+new file mode 100644
+index 0000000..5927ab2
+--- /dev/null
++++ b/cmake/modules/FindLibVNCServer.cmake
+@@ -0,0 +1,41 @@
++# cmake macro to test LIBVNCSERVER LIB
++
++# Copyright (c) 2006, Alessandro Praduroux <pradu@pradu.it>
++# Copyright (c) 2007, Urs Wolfer <uwolfer @ kde.org>
++#
++# Redistribution and use is allowed according to the terms of the BSD license.
++# For details see the accompanying COPYING-CMAKE-SCRIPTS file.
++
++INCLUDE(CheckPointerMember)
++
++IF (LIBVNCSERVER_INCLUDE_DIR AND LIBVNCSERVER_LIBRARIES)
++ # Already in cache, be silent
++ SET(LIBVNCSERVER_FIND_QUIETLY TRUE)
++ENDIF (LIBVNCSERVER_INCLUDE_DIR AND LIBVNCSERVER_LIBRARIES)
++
++FIND_PATH(LIBVNCSERVER_INCLUDE_DIR rfb/rfb.h)
++
++FIND_LIBRARY(LIBVNCSERVER_LIBRARIES NAMES vncserver libvncserver)
++
++# libvncserver and libvncclient are in the same package, so it does
++# not make sense to add a new cmake script for finding libvncclient.
++# instead just find the libvncclient also in this file.
++FIND_PATH(LIBVNCCLIENT_INCLUDE_DIR rfb/rfbclient.h)
++FIND_LIBRARY(LIBVNCCLIENT_LIBRARIES NAMES vncclient libvncclient)
++
++IF (LIBVNCSERVER_INCLUDE_DIR AND LIBVNCSERVER_LIBRARIES)
++ SET(CMAKE_REQUIRED_INCLUDES "${LIBVNCSERVER_INCLUDE_DIR}" "${CMAKE_REQUIRED_INCLUDES}")
++ CHECK_POINTER_MEMBER(rfbClient* GotXCutText rfb/rfbclient.h LIBVNCSERVER_FOUND)
++ENDIF (LIBVNCSERVER_INCLUDE_DIR AND LIBVNCSERVER_LIBRARIES)
++
++IF (LIBVNCSERVER_FOUND)
++ IF (NOT LIBVNCSERVER_FIND_QUIETLY)
++ MESSAGE(STATUS "Found LibVNCServer: ${LIBVNCSERVER_LIBRARIES}")
++ ENDIF (NOT LIBVNCSERVER_FIND_QUIETLY)
++ELSE (LIBVNCSERVER_FOUND)
++ IF (LIBVNCSERVER_FIND_REQUIRED)
++ MESSAGE(FATAL_ERROR "Could NOT find acceptable version of LibVNCServer (version 0.9 or later required).")
++ ENDIF (LIBVNCSERVER_FIND_REQUIRED)
++ENDIF (LIBVNCSERVER_FOUND)
++
++MARK_AS_ADVANCED(LIBVNCSERVER_INCLUDE_DIR LIBVNCSERVER_LIBRARIES)
+\ No newline at end of file
+diff --git a/krfb/CMakeLists.txt b/krfb/CMakeLists.txt
+index bbc508d..08ee30c 100644
+--- a/krfb/CMakeLists.txt
++++ b/krfb/CMakeLists.txt
+@@ -20,6 +20,7 @@ target_link_libraries (krfbprivate
+ ${QT_QTCORE_LIBRARY}
+ ${QT_QTGUI_LIBRARY}
+ ${X11_X11_LIB}
++ ${LIBVNCSERVER_LIBRARIES}
+ )
+
+ set_target_properties (krfbprivate PROPERTIES
+@@ -104,6 +105,7 @@ target_link_libraries (krfb
+ ${QT_QTNETWORK_LIBRARY}
+ ${KDE4_KDNSSD_LIBS}
+ ${KDE4_KDEUI_LIBS}
++ ${LIBVNCSERVER_LIBRARIES}
+ )
+
+ if(TelepathyQt4_FOUND)
+diff --git a/krfb/rfb.h b/krfb/rfb.h
+index 40308a2..fa94eda 100644
+--- a/krfb/rfb.h
++++ b/krfb/rfb.h
+@@ -6,7 +6,7 @@
+ #ifndef KRFB_RFB_H
+ #define KRFB_RFB_H
+
+-#include "../libvncserver/rfb/rfb.h"
++#include "rfb/rfb.h"
+
+ #undef TRUE
+ #undef FALSE
+--
+2.0.2
+