summary refs log tree commit diff
path: root/gnu/packages
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages')
-rw-r--r--gnu/packages/patches/libvnc-CVE-2018-20750.patch44
-rw-r--r--gnu/packages/patches/libvnc-CVE-2019-15681.patch23
-rw-r--r--gnu/packages/vnc.scm15
3 files changed, 11 insertions, 71 deletions
diff --git a/gnu/packages/patches/libvnc-CVE-2018-20750.patch b/gnu/packages/patches/libvnc-CVE-2018-20750.patch
deleted file mode 100644
index 146243670a..0000000000
--- a/gnu/packages/patches/libvnc-CVE-2018-20750.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 09e8fc02f59f16e2583b34fe1a270c238bd9ffec Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
-Date: Mon, 7 Jan 2019 10:40:01 +0100
-Subject: [PATCH] Limit lenght to INT_MAX bytes in
- rfbProcessFileTransferReadBuffer()
-
-This ammends 15bb719c03cc70f14c36a843dcb16ed69b405707 fix for a heap
-out-of-bound write access in rfbProcessFileTransferReadBuffer() when
-reading a transfered file content in a server. The former fix did not
-work on platforms with a 32-bit int type (expected by rfbReadExact()).
-
-CVE-2018-15127
-<https://github.com/LibVNC/libvncserver/issues/243>
-<https://github.com/LibVNC/libvncserver/issues/273>
----
- libvncserver/rfbserver.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
-index 7af84906..f2edbeea 100644
---- a/libvncserver/rfbserver.c
-+++ b/libvncserver/rfbserver.c
-@@ -88,6 +88,8 @@
- #include <errno.h>
- /* strftime() */
- #include <time.h>
-+/* INT_MAX */
-+#include <limits.h>
- 
- #ifdef LIBVNCSERVER_WITH_WEBSOCKETS
- #include "rfbssl.h"
-@@ -1472,8 +1474,11 @@ char *rfbProcessFileTransferReadBuffer(rfbClientPtr cl, uint32_t length)
-        0XFFFFFFFF, i.e. SIZE_MAX for 32-bit systems. On 64-bit systems, a length of 0XFFFFFFFF
-        will safely be allocated since this check will never trigger and malloc() can digest length+1
-        without problems as length is a uint32_t.
-+       We also later pass length to rfbReadExact() that expects a signed int type and
-+       that might wrap on platforms with a 32-bit int type if length is bigger
-+       than 0X7FFFFFFF.
-     */
--    if(length == SIZE_MAX) {
-+    if(length == SIZE_MAX || length > INT_MAX) {
- 	rfbErr("rfbProcessFileTransferReadBuffer: too big file transfer length requested: %u", (unsigned int)length);
- 	rfbCloseClient(cl);
- 	return NULL;
diff --git a/gnu/packages/patches/libvnc-CVE-2019-15681.patch b/gnu/packages/patches/libvnc-CVE-2019-15681.patch
deleted file mode 100644
index e328d87920..0000000000
--- a/gnu/packages/patches/libvnc-CVE-2019-15681.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-From d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a Mon Sep 17 00:00:00 2001
-From: Christian Beier <dontmind@freeshell.org>
-Date: Mon, 19 Aug 2019 22:32:25 +0200
-Subject: [PATCH] rfbserver: don't leak stack memory to the remote
-
-Thanks go to Pavel Cheremushkin of Kaspersky for reporting.
----
- libvncserver/rfbserver.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
-index 3bacc891..310e5487 100644
---- a/libvncserver/rfbserver.c
-+++ b/libvncserver/rfbserver.c
-@@ -3724,6 +3724,8 @@ rfbSendServerCutText(rfbScreenInfoPtr rfbScreen,char *str, int len)
-     rfbServerCutTextMsg sct;
-     rfbClientIteratorPtr iterator;
- 
-+    memset((char *)&sct, 0, sizeof(sct));
-+
-     iterator = rfbGetClientIterator(rfbScreen);
-     while ((cl = rfbClientIteratorNext(iterator)) != NULL) {
-         sct.type = rfbServerCutText;
diff --git a/gnu/packages/vnc.scm b/gnu/packages/vnc.scm
index a084b30f59..ab89bad7aa 100644
--- a/gnu/packages/vnc.scm
+++ b/gnu/packages/vnc.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2019 Todor Kondić <tk.code@protonmail.com>
 ;;; Copyright © 2020 Oleg Pykhalov <go.wigust@gmail.com>
 ;;; Copyright © 2020 Hartmut Goebel <h.goebel@crazy-compilers.com>
+;;; Copyright © 2020 Marius Bakke <marius@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -233,7 +234,7 @@ where the server is installed.")))
 (define-public libvnc
   (package
     (name "libvnc")
-    (version "0.9.12")
+    (version "0.9.13")
     (source
      (origin
        (method git-fetch)
@@ -242,10 +243,16 @@ where the server is installed.")))
              (commit (string-append "LibVNCServer-" version))))
        (file-name (git-file-name name version))
        (sha256
-        (base32 "1226hb179l914919f5nm2mlf8rhaarqbf48aa649p4rwmghyx9vm"))
-       (patches (search-patches "libvnc-CVE-2018-20750.patch"
-                                "libvnc-CVE-2019-15681.patch"))))
+        (base32 "0zz0hslw8b1p3crnfy3xnmrljik359h83dpk64s697dqdcrzy141"))))
     (build-system cmake-build-system)
+    (arguments
+     '(#:phases (modify-phases %standard-phases
+                  (add-after 'unpack 'patch-cc-reference
+                    (lambda _
+                      (substitute* "test/includetest.sh"
+                        (("^cc -I")
+                         "gcc -I"))
+                      #t)))))
     (native-inputs
      `(("pkg-config" ,pkg-config)))
     (inputs