diff options
author | Alexander Tsoy <alexander@tsoy.me> | 2020-03-23 18:40:08 +0300 |
---|---|---|
committer | Joonas Niilola <juippis@gentoo.org> | 2020-03-26 09:22:02 +0200 |
commit | 369a02be4da385aca62393c390229d3311e6bb78 (patch) | |
tree | 60cd1c2e2589655c45269f2ed98cded514d25bbc /net-libs/libvncserver | |
parent | dev-util/clion: remove old versions (diff) | |
download | gentoo-369a02be4da385aca62393c390229d3311e6bb78.tar.gz gentoo-369a02be4da385aca62393c390229d3311e6bb78.tar.bz2 gentoo-369a02be4da385aca62393c390229d3311e6bb78.zip |
net-libs/libvncserver: Fix CVE-2019-15690
Bug: https://bugs.gentoo.org/714054
Signed-off-by: Alexander Tsoy <alexander@tsoy.me>
Closes: https://github.com/gentoo/gentoo/pull/15070
Signed-off-by: Joonas Niilola <juippis@gentoo.org>
Diffstat (limited to 'net-libs/libvncserver')
-rw-r--r-- | net-libs/libvncserver/files/libvncserver-0.9.12-CVE-2019-15690.patch | 39 | ||||
-rw-r--r-- | net-libs/libvncserver/libvncserver-0.9.12-r5.ebuild | 75 |
2 files changed, 114 insertions, 0 deletions
diff --git a/net-libs/libvncserver/files/libvncserver-0.9.12-CVE-2019-15690.patch b/net-libs/libvncserver/files/libvncserver-0.9.12-CVE-2019-15690.patch new file mode 100644 index 000000000000..5ef290129c72 --- /dev/null +++ b/net-libs/libvncserver/files/libvncserver-0.9.12-CVE-2019-15690.patch @@ -0,0 +1,39 @@ +From 54220248886b5001fbbb9fa73c4e1a2cb9413fed Mon Sep 17 00:00:00 2001 +From: Christian Beier <dontmind@freeshell.org> +Date: Sun, 17 Nov 2019 17:18:35 +0100 +Subject: [PATCH] libvncclient/cursor: limit width/height input values + +Avoids a possible heap overflow reported by Pavel Cheremushkin +<Pavel.Cheremushkin@kaspersky.com>. + +re #275 +--- + libvncclient/cursor.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/libvncclient/cursor.c b/libvncclient/cursor.c +index 67f4572..40ffb3b 100644 +--- a/libvncclient/cursor.c ++++ b/libvncclient/cursor.c +@@ -28,6 +28,8 @@ + #define OPER_SAVE 0 + #define OPER_RESTORE 1 + ++#define MAX_CURSOR_SIZE 1024 ++ + #define RGB24_TO_PIXEL(bpp,r,g,b) \ + ((((uint##bpp##_t)(r) & 0xFF) * client->format.redMax + 127) / 255 \ + << client->format.redShift | \ +@@ -54,6 +56,9 @@ rfbBool HandleCursorShape(rfbClient* client,int xhot, int yhot, int width, int h + if (width * height == 0) + return TRUE; + ++ if (width >= MAX_CURSOR_SIZE || height >= MAX_CURSOR_SIZE) ++ return FALSE; ++ + /* Allocate memory for pixel data and temporary mask data. */ + if(client->rcSource) + free(client->rcSource); +-- +2.24.1 + diff --git a/net-libs/libvncserver/libvncserver-0.9.12-r5.ebuild b/net-libs/libvncserver/libvncserver-0.9.12-r5.ebuild new file mode 100644 index 000000000000..87aad2363035 --- /dev/null +++ b/net-libs/libvncserver/libvncserver-0.9.12-r5.ebuild @@ -0,0 +1,75 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit cmake + +MY_P="LibVNCServer-${PV}" + +DESCRIPTION="library for creating vnc servers" +HOMEPAGE="https://libvnc.github.io/" +SRC_URI="https://github.com/LibVNC/${PN}/archive/${MY_P}.tar.gz" +S="${WORKDIR}/${PN}-${MY_P}" + +# libvncserver/tightvnc-filetransfer/*: GPL-2, but we don't build it +# common/d3des.*: https://github.com/LibVNC/libvncserver/issues/88 +LICENSE="GPL-2+ LGPL-2.1+ BSD MIT" +# no sub slot wanted (yet), see #578958 +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux" +IUSE="+24bpp gcrypt gnutls ipv6 +jpeg libressl lzo +png sasl ssl systemd +threads +zlib" +# https://bugs.gentoo.org/690202 +# https://bugs.gentoo.org/435326 +# https://bugs.gentoo.org/550916 +REQUIRED_USE="jpeg? ( zlib ) png? ( zlib ) ssl? ( !gnutls? ( threads ) )" + +DEPEND=" + gcrypt? ( >=dev-libs/libgcrypt-1.5.3:0= ) + ssl? ( + !gnutls? ( + !libressl? ( >=dev-libs/openssl-1.0.2:0= ) + libressl? ( >=dev-libs/libressl-2.7.0:0= ) + ) + gnutls? ( >=net-libs/gnutls-2.12.23-r6:0= ) + ) + jpeg? ( >=virtual/jpeg-0-r2:0 ) + lzo? ( dev-libs/lzo ) + png? ( >=media-libs/libpng-1.6.10:0= ) + sasl? ( dev-libs/cyrus-sasl ) + systemd? ( sys-apps/systemd:= ) + zlib? ( >=sys-libs/zlib-1.2.8-r1:0= )" +RDEPEND="${DEPEND}" + +DOCS=( AUTHORS ChangeLog NEWS README.md TODO ) + +PATCHES=( + "${FILESDIR}"/${P}-cmake-libdir.patch + "${FILESDIR}"/${P}-pkgconfig-libdir.patch + "${FILESDIR}"/${P}-libgcrypt.patch + "${FILESDIR}"/${P}-sparc-unaligned.patch + "${FILESDIR}"/${P}-CVE-2018-20750.patch + "${FILESDIR}"/${P}-CVE-2019-15681.patch + "${FILESDIR}"/${P}-fix-tight-raw-decoding.patch + "${FILESDIR}"/${P}-fix-shutdown-crash.patch + "${FILESDIR}"/${P}-CVE-2019-15690.patch +) + +src_configure() { + local mycmakeargs=( + -DWITH_ZLIB=$(usex zlib ON OFF) + -DWITH_LZO=$(usex lzo ON OFF) + -DWITH_JPEG=$(usex jpeg ON OFF) + -DWITH_PNG=$(usex png ON OFF) + -DWITH_THREADS=$(usex threads ON OFF) + -DWITH_GNUTLS=$(usex gnutls $(usex ssl ON OFF) OFF) + -DWITH_OPENSSL=$(usex gnutls OFF $(usex ssl ON OFF)) + -DWITH_GCRYPT=$(usex gcrypt ON OFF) + -DWITH_SYSTEMD=$(usex systemd ON OFF) + -DWITH_FFMPEG=OFF + -DWITH_24BPP=$(usex 24bpp ON OFF) + -DWITH_IPv6=$(usex ipv6 ON OFF) + -DWITH_SASL=$(usex sasl ON OFF) + ) + cmake_src_configure +} |