summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlexander Tsoy <alexander@tsoy.me>2020-03-23 18:40:08 +0300
committerJoonas Niilola <juippis@gentoo.org>2020-03-26 09:22:02 +0200
commit369a02be4da385aca62393c390229d3311e6bb78 (patch)
tree60cd1c2e2589655c45269f2ed98cded514d25bbc /net-libs/libvncserver
parentdev-util/clion: remove old versions (diff)
downloadgentoo-369a02be4da385aca62393c390229d3311e6bb78.tar.gz
gentoo-369a02be4da385aca62393c390229d3311e6bb78.tar.bz2
gentoo-369a02be4da385aca62393c390229d3311e6bb78.zip
net-libs/libvncserver: Fix CVE-2019-15690
Bug: https://bugs.gentoo.org/714054 Signed-off-by: Alexander Tsoy <alexander@tsoy.me> Closes: https://github.com/gentoo/gentoo/pull/15070 Signed-off-by: Joonas Niilola <juippis@gentoo.org>
Diffstat (limited to 'net-libs/libvncserver')
-rw-r--r--net-libs/libvncserver/files/libvncserver-0.9.12-CVE-2019-15690.patch39
-rw-r--r--net-libs/libvncserver/libvncserver-0.9.12-r5.ebuild75
2 files changed, 114 insertions, 0 deletions
diff --git a/net-libs/libvncserver/files/libvncserver-0.9.12-CVE-2019-15690.patch b/net-libs/libvncserver/files/libvncserver-0.9.12-CVE-2019-15690.patch
new file mode 100644
index 000000000000..5ef290129c72
--- /dev/null
+++ b/net-libs/libvncserver/files/libvncserver-0.9.12-CVE-2019-15690.patch
@@ -0,0 +1,39 @@
+From 54220248886b5001fbbb9fa73c4e1a2cb9413fed Mon Sep 17 00:00:00 2001
+From: Christian Beier <dontmind@freeshell.org>
+Date: Sun, 17 Nov 2019 17:18:35 +0100
+Subject: [PATCH] libvncclient/cursor: limit width/height input values
+
+Avoids a possible heap overflow reported by Pavel Cheremushkin
+<Pavel.Cheremushkin@kaspersky.com>.
+
+re #275
+---
+ libvncclient/cursor.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/libvncclient/cursor.c b/libvncclient/cursor.c
+index 67f4572..40ffb3b 100644
+--- a/libvncclient/cursor.c
++++ b/libvncclient/cursor.c
+@@ -28,6 +28,8 @@
+ #define OPER_SAVE 0
+ #define OPER_RESTORE 1
+
++#define MAX_CURSOR_SIZE 1024
++
+ #define RGB24_TO_PIXEL(bpp,r,g,b) \
+ ((((uint##bpp##_t)(r) & 0xFF) * client->format.redMax + 127) / 255 \
+ << client->format.redShift | \
+@@ -54,6 +56,9 @@ rfbBool HandleCursorShape(rfbClient* client,int xhot, int yhot, int width, int h
+ if (width * height == 0)
+ return TRUE;
+
++ if (width >= MAX_CURSOR_SIZE || height >= MAX_CURSOR_SIZE)
++ return FALSE;
++
+ /* Allocate memory for pixel data and temporary mask data. */
+ if(client->rcSource)
+ free(client->rcSource);
+--
+2.24.1
+
diff --git a/net-libs/libvncserver/libvncserver-0.9.12-r5.ebuild b/net-libs/libvncserver/libvncserver-0.9.12-r5.ebuild
new file mode 100644
index 000000000000..87aad2363035
--- /dev/null
+++ b/net-libs/libvncserver/libvncserver-0.9.12-r5.ebuild
@@ -0,0 +1,75 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit cmake
+
+MY_P="LibVNCServer-${PV}"
+
+DESCRIPTION="library for creating vnc servers"
+HOMEPAGE="https://libvnc.github.io/"
+SRC_URI="https://github.com/LibVNC/${PN}/archive/${MY_P}.tar.gz"
+S="${WORKDIR}/${PN}-${MY_P}"
+
+# libvncserver/tightvnc-filetransfer/*: GPL-2, but we don't build it
+# common/d3des.*: https://github.com/LibVNC/libvncserver/issues/88
+LICENSE="GPL-2+ LGPL-2.1+ BSD MIT"
+# no sub slot wanted (yet), see #578958
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux"
+IUSE="+24bpp gcrypt gnutls ipv6 +jpeg libressl lzo +png sasl ssl systemd +threads +zlib"
+# https://bugs.gentoo.org/690202
+# https://bugs.gentoo.org/435326
+# https://bugs.gentoo.org/550916
+REQUIRED_USE="jpeg? ( zlib ) png? ( zlib ) ssl? ( !gnutls? ( threads ) )"
+
+DEPEND="
+ gcrypt? ( >=dev-libs/libgcrypt-1.5.3:0= )
+ ssl? (
+ !gnutls? (
+ !libressl? ( >=dev-libs/openssl-1.0.2:0= )
+ libressl? ( >=dev-libs/libressl-2.7.0:0= )
+ )
+ gnutls? ( >=net-libs/gnutls-2.12.23-r6:0= )
+ )
+ jpeg? ( >=virtual/jpeg-0-r2:0 )
+ lzo? ( dev-libs/lzo )
+ png? ( >=media-libs/libpng-1.6.10:0= )
+ sasl? ( dev-libs/cyrus-sasl )
+ systemd? ( sys-apps/systemd:= )
+ zlib? ( >=sys-libs/zlib-1.2.8-r1:0= )"
+RDEPEND="${DEPEND}"
+
+DOCS=( AUTHORS ChangeLog NEWS README.md TODO )
+
+PATCHES=(
+ "${FILESDIR}"/${P}-cmake-libdir.patch
+ "${FILESDIR}"/${P}-pkgconfig-libdir.patch
+ "${FILESDIR}"/${P}-libgcrypt.patch
+ "${FILESDIR}"/${P}-sparc-unaligned.patch
+ "${FILESDIR}"/${P}-CVE-2018-20750.patch
+ "${FILESDIR}"/${P}-CVE-2019-15681.patch
+ "${FILESDIR}"/${P}-fix-tight-raw-decoding.patch
+ "${FILESDIR}"/${P}-fix-shutdown-crash.patch
+ "${FILESDIR}"/${P}-CVE-2019-15690.patch
+)
+
+src_configure() {
+ local mycmakeargs=(
+ -DWITH_ZLIB=$(usex zlib ON OFF)
+ -DWITH_LZO=$(usex lzo ON OFF)
+ -DWITH_JPEG=$(usex jpeg ON OFF)
+ -DWITH_PNG=$(usex png ON OFF)
+ -DWITH_THREADS=$(usex threads ON OFF)
+ -DWITH_GNUTLS=$(usex gnutls $(usex ssl ON OFF) OFF)
+ -DWITH_OPENSSL=$(usex gnutls OFF $(usex ssl ON OFF))
+ -DWITH_GCRYPT=$(usex gcrypt ON OFF)
+ -DWITH_SYSTEMD=$(usex systemd ON OFF)
+ -DWITH_FFMPEG=OFF
+ -DWITH_24BPP=$(usex 24bpp ON OFF)
+ -DWITH_IPv6=$(usex ipv6 ON OFF)
+ -DWITH_SASL=$(usex sasl ON OFF)
+ )
+ cmake_src_configure
+}