PR#2: Update to 0.9.12 - rpms/libvncserver

rpms / libvncserver

#2 Update to 0.9.12

Merged 4 years ago by rdieter. Opened 4 years ago by sergiomb.

Unknown source master into master

Update to 0.9.12

Sérgio M. Basto • 4 years ago

1489dcc

Fix build on 32bits arches and on epel 7

Sérgio M. Basto • 4 years ago

79761f1

Update to 0.9.12 phase 2

Sérgio M. Basto • 4 years ago

6d0c01c

Update to 0.9.12 phase 1

Sérgio M. Basto • 4 years ago

69c1237

0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch

file modified

+5 -8

		`@@ -150,7 +150,7 @@`
		`index f982b40..ba9e898 100644`
		`--- a/rfb/rfb.h`
		`+++ b/rfb/rfb.h`
		`- @@ -415,6 +415,14 @@ typedef struct sraRegion* sraRegionPtr;`
		`+ @@ -413,6 +413,14 @@ typedef struct sraRegion* sraRegionPtr;`

		`typedef void (ClientGoneHookPtr)(struct _rfbClientRec cl);`

		`@@ -165,9 +165,9 @@`
		`typedef struct _rfbFileTransferData {`
		`int fd;`
		`int compressionEnabled;`
		`- @@ -696,6 +704,11 @@ typedef struct _rfbClientRec {`
		`- wsCtx *wsctx;`
		`- char wspath; / Requests path component */`
		`+ @@ -694,6 +702,11 @@ typedef struct _rfbClientRec {`
		`+ #ifdef LIBVNCSERVER_HAVE_LIBPTHREAD`
		`+ int pipe_notify_client_thread[2];`
		`#endif`
		`+`
		`+ ClientReadFromSocket readFromSocket; /* Read data from socket */`
		`@@ -177,7 +177,7 @@`
		`} rfbClientRec, *rfbClientPtr;`

		`/**`
		`- @@ -748,8 +761,12 @@ extern void rfbDisconnectUDPSock(rfbScreenInfoPtr rfbScreen);`
		`+ @@ -746,8 +759,12 @@ extern void rfbDisconnectUDPSock(rfbScre`
		`extern void rfbCloseClient(rfbClientPtr cl);`
		`extern int rfbReadExact(rfbClientPtr cl, char *buf, int len);`
		`extern int rfbReadExactTimeout(rfbClientPtr cl, char *buf, int len,int timeout);`
		`@@ -190,6 +190,3 @@`
		`extern int rfbCheckFds(rfbScreenInfoPtr rfbScreen,long usec);`
		`extern int rfbConnect(rfbScreenInfoPtr rfbScreen, char* host, int port);`
		`extern int rfbConnectToTcpAddr(char* host, int port);`
		`- --`
		`- 2.17.1`
		`-`

0040-Ensure-compatibility-with-gtk-vnc-0.7.0.patch

file removed

-28

		`@@ -1,28 +0,0 @@`
		`- From 75f04c14e49e084e41bdd5491edad8823773a08c Mon Sep 17 00:00:00 2001`
		`- From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= <github@kempniu.pl>`
		`- Date: Tue, 14 Feb 2017 12:42:04 +0100`
		`- Subject: [PATCH 40/98] Ensure compatibility with gtk-vnc 0.7.0+`
		`-`
		`- ---`
		`- libvncserver/websockets.c \| 5 ++++-`
		`- 1 file changed, 4 insertions(+), 1 deletion(-)`
		`-`
		`- diff --git a/libvncserver/websockets.c b/libvncserver/websockets.c`
		`- index 72396c2..0b2d46f 100644`
		`- --- a/libvncserver/websockets.c`
		`- +++ b/libvncserver/websockets.c`
		`- @@ -245,7 +245,10 @@ webSocketsCheck (rfbClientPtr cl)`
		`- return FALSE;`
		`- }`
		`-`
		`- - if (strncmp(bbuf, "<", 1) == 0) {`
		`- + if (strncmp(bbuf, "RFB ", 4) == 0) {`
		`- + rfbLog("Normal socket connection\n");`
		`- + return TRUE;`
		`- + } else if (strncmp(bbuf, "<", 1) == 0) {`
		`- rfbLog("Got Flash policy request, sending response\n");`
		`- if (rfbWriteExact(cl, FLASH_POLICY_RESPONSE,`
		`- SZ_FLASH_POLICY_RESPONSE) < 0) {`
		`- --`
		`- 2.9.4`
		`-`

15c4f144a3783d9f1f2c976acf9f4d85988fd466.patch

file added

+25

		`@@ -0,0 +1,25 @@`
		`+ From 15c4f144a3783d9f1f2c976acf9f4d85988fd466 Mon Sep 17 00:00:00 2001`
		`+ From: Albert Astals Cid <aacid@kde.org>`
		`+ Date: Sun, 5 Jan 2020 19:56:57 +0100`
		`+ Subject: [PATCH] rfbShutdownServer: Call rfbClientConnectionGone if no`
		`+ backgroundLoop`
		`+`
		`+ Otherwise the servers that don't use rfbRunEventLoop don't get`
		`+ notified of client disconnections`
		`+ ---`
		`+ libvncserver/main.c \| 2 ++`
		`+ 1 file changed, 2 insertions(+)`
		`+`
		`+ diff --git a/libvncserver/main.c b/libvncserver/main.c`
		`+ index b51f0ab6..738a501d 100644`
		`+ --- a/libvncserver/main.c`
		`+ +++ b/libvncserver/main.c`
		`+ @@ -1152,6 +1152,8 @@ void rfbShutdownServer(rfbScreenInfoPtr screen,rfbBool disconnectClients) {`
		`+ write(currentCl->pipe_notify_client_thread[1], "\x00", 1);`
		`+ /* And wait for it to finish. */`
		`+ pthread_join(currentCl->client_thread, NULL);`
		`+ + } else {`
		`+ + rfbClientConnectionGone(currentCl);`
		`+ }`
		`+ #else`
		`+ rfbClientConnectionGone(currentCl);`

3348a7e42e86dfb98dd7458ad29def476cf6096f.patch

file added

+42

		`@@ -0,0 +1,42 @@`
		`+ From 3348a7e42e86dfb98dd7458ad29def476cf6096f Mon Sep 17 00:00:00 2001`
		`+ From: Christian Beier <dontmind@freeshell.org>`
		`+ Date: Sat, 9 Feb 2019 13:23:26 +0100`
		`+ Subject: [PATCH] CMake: replace hardcoded 'lib' with ${CMAKE_INSTALL_LIBDIR}`
		`+`
		`+ Closes #281`
		`+ ---`
		`+ CMakeLists.txt \| 7 ++++---`
		`+ 1 file changed, 4 insertions(+), 3 deletions(-)`
		`+`
		`+ diff --git a/CMakeLists.txt b/CMakeLists.txt`
		`+ index 873cc7b5..55f7e650 100644`
		`+ --- a/CMakeLists.txt`
		`+ +++ b/CMakeLists.txt`
		`+ @@ -9,6 +9,7 @@ include(CheckTypeSize)`
		`+ include(TestBigEndian)`
		`+ include(CheckCSourceCompiles)`
		`+ include(CheckCSourceRuns)`
		`+ +include(GNUInstallDirs)`
		`+`
		`+ enable_testing()`
		`+`
		`+ @@ -666,8 +667,8 @@ get_link_libraries(PRIVATE_LIBS vncclient)`
		`+ configure_file(${CMAKE_CURRENT_SOURCE_DIR}/libvncclient.pc.cmakein ${CMAKE_CURRENT_BINARY_DIR}/libvncclient.pc @ONLY)`
		`+`
		`+`
		`+ -install_targets(/lib vncserver)`
		`+ -install_targets(/lib vncclient)`
		`+ +install_targets(/${CMAKE_INSTALL_LIBDIR} vncserver)`
		`+ +install_targets(/${CMAKE_INSTALL_LIBDIR} vncclient)`
		`+ install_files(/include/rfb FILES`
		`+ rfb/keysym.h`
		`+ rfb/rfb.h`
		`+ @@ -677,7 +678,7 @@ install_files(/include/rfb FILES`
		`+ rfb/rfbregion.h`
		`+ )`
		`+`
		`+ -install_files(/lib/pkgconfig FILES`
		`+ +install_files(/${CMAKE_INSTALL_LIBDIR}/pkgconfig FILES`
		`+ libvncserver.pc`
		`+ libvncclient.pc`
		`+ )`

36a71279ed5b10effecd879caf6c3791842ca713.patch

file added

+38

		`@@ -0,0 +1,38 @@`
		`+ From 36a71279ed5b10effecd879caf6c3791842ca713 Mon Sep 17 00:00:00 2001`
		`+ From: Christian Beier <dontmind@freeshell.org>`
		`+ Date: Thu, 28 Mar 2019 21:06:36 +0100`
		`+ Subject: [PATCH] CMake: replace 'lib' with ${CMAKE_INSTALL_LIBDIR} for`
		`+ pkgconfig files as well`
		`+`
		`+ Thanks to https://github.com/ikelos for spotting this ;-)`
		`+`
		`+ Closes #290`
		`+ ---`
		`+ libvncclient.pc.cmakein \| 2 +-`
		`+ libvncserver.pc.cmakein \| 2 +-`
		`+ 2 files changed, 2 insertions(+), 2 deletions(-)`
		`+`
		`+ diff --git a/libvncclient.pc.cmakein b/libvncclient.pc.cmakein`
		`+ index 169a8b7c..445f7e74 100644`
		`+ --- a/libvncclient.pc.cmakein`
		`+ +++ b/libvncclient.pc.cmakein`
		`+ @@ -1,6 +1,6 @@`
		`+ prefix=@CMAKE_INSTALL_PREFIX@`
		`+ exec_prefix=@CMAKE_INSTALL_PREFIX@`
		`+ -libdir=@CMAKE_INSTALL_PREFIX@/lib`
		`+ +libdir=@CMAKE_INSTALL_PREFIX@/@CMAKE_INSTALL_LIBDIR@`
		`+ includedir=@CMAKE_INSTALL_PREFIX@/include`
		`+`
		`+ Name: LibVNCClient`
		`+ diff --git a/libvncserver.pc.cmakein b/libvncserver.pc.cmakein`
		`+ index f38d74fe..c6898061 100644`
		`+ --- a/libvncserver.pc.cmakein`
		`+ +++ b/libvncserver.pc.cmakein`
		`+ @@ -1,6 +1,6 @@`
		`+ prefix=@CMAKE_INSTALL_PREFIX@`
		`+ exec_prefix=@CMAKE_INSTALL_PREFIX@`
		`+ -libdir=@CMAKE_INSTALL_PREFIX@/lib`
		`+ +libdir=@CMAKE_INSTALL_PREFIX@/@CMAKE_INSTALL_LIBDIR@`
		`+ includedir=@CMAKE_INSTALL_PREFIX@/include`
		`+`
		`+ Name: LibVNCServer`

CVE-2018-15127.patch

file added

+44

		`@@ -0,0 +1,44 @@`
		`+ From 09e8fc02f59f16e2583b34fe1a270c238bd9ffec Mon Sep 17 00:00:00 2001`
		`+ From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>`
		`+ Date: Mon, 7 Jan 2019 10:40:01 +0100`
		`+ Subject: [PATCH] Limit lenght to INT_MAX bytes in`
		`+ rfbProcessFileTransferReadBuffer()`
		`+`
		`+ This ammends 15bb719c03cc70f14c36a843dcb16ed69b405707 fix for a heap`
		`+ out-of-bound write access in rfbProcessFileTransferReadBuffer() when`
		`+ reading a transfered file content in a server. The former fix did not`
		`+ work on platforms with a 32-bit int type (expected by rfbReadExact()).`
		`+`
		`+ CVE-2018-15127`
		`+ <https://github.com/LibVNC/libvncserver/issues/243>`
		`+ <https://github.com/LibVNC/libvncserver/issues/273>`
		`+ ---`
		`+ libvncserver/rfbserver.c \| 7 ++++++-`
		`+ 1 file changed, 6 insertions(+), 1 deletion(-)`
		`+`
		`+ diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c`
		`+ index 7af84906..f2edbeea 100644`
		`+ --- a/libvncserver/rfbserver.c`
		`+ +++ b/libvncserver/rfbserver.c`
		`+ @@ -88,6 +88,8 @@`
		`+ #include <errno.h>`
		`+ /* strftime() */`
		`+ #include <time.h>`
		`+ +/* INT_MAX */`
		`+ +#include <limits.h>`
		`+`
		`+ #ifdef LIBVNCSERVER_WITH_WEBSOCKETS`
		`+ #include "rfbssl.h"`
		`+ @@ -1472,8 +1474,11 @@ char *rfbProcessFileTransferReadBuffer(rfbClientPtr cl, uint32_t length)`
		`+ 0XFFFFFFFF, i.e. SIZE_MAX for 32-bit systems. On 64-bit systems, a length of 0XFFFFFFFF`
		`+ will safely be allocated since this check will never trigger and malloc() can digest length+1`
		`+ without problems as length is a uint32_t.`
		`+ + We also later pass length to rfbReadExact() that expects a signed int type and`
		`+ + that might wrap on platforms with a 32-bit int type if length is bigger`
		`+ + than 0X7FFFFFFF.`
		`+ */`
		`+ - if(length == SIZE_MAX) {`
		`+ + if(length == SIZE_MAX \|\| length > INT_MAX) {`
		`+ rfbErr("rfbProcessFileTransferReadBuffer: too big file transfer length requested: %u", (unsigned int)length);`
		`+ rfbCloseClient(cl);`
		`+ return NULL;`

CVE-2019-15681.patch

file added

+23

		`@@ -0,0 +1,23 @@`
		`+ From d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a Mon Sep 17 00:00:00 2001`
		`+ From: Christian Beier <dontmind@freeshell.org>`
		`+ Date: Mon, 19 Aug 2019 22:32:25 +0200`
		`+ Subject: [PATCH] rfbserver: don't leak stack memory to the remote`
		`+`
		`+ Thanks go to Pavel Cheremushkin of Kaspersky for reporting.`
		`+ ---`
		`+ libvncserver/rfbserver.c \| 2 ++`
		`+ 1 file changed, 2 insertions(+)`
		`+`
		`+ diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c`
		`+ index 3bacc891..310e5487 100644`
		`+ --- a/libvncserver/rfbserver.c`
		`+ +++ b/libvncserver/rfbserver.c`
		`+ @@ -3724,6 +3724,8 @@ rfbSendServerCutText(rfbScreenInfoPtr rfbScreen,char *str, int len)`
		`+ rfbServerCutTextMsg sct;`
		`+ rfbClientIteratorPtr iterator;`
		`+`
		`+ + memset((char *)&sct, 0, sizeof(sct));`
		`+ +`
		`+ iterator = rfbGetClientIterator(rfbScreen);`
		`+ while ((cl = rfbClientIteratorNext(iterator)) != NULL) {`
		`+ sct.type = rfbServerCutText;`

d0a76539835d11c0f4723499f8be4bc9c7724eb9.patch

file added

+32

		`@@ -0,0 +1,32 @@`
		`+ From d0a76539835d11c0f4723499f8be4bc9c7724eb9 Mon Sep 17 00:00:00 2001`
		`+ From: Rajesh Sahoo <rajesh.sahoo@lge.com>`
		`+ Date: Tue, 11 Jun 2019 15:13:04 +0530`
		`+ Subject: [PATCH] avoid pthread_join if backgroundLoop is FALSE`
		`+`
		`+ client_thread is created depending upon backgroundLoop, but joining`
		`+ without checking for same condition. so we are trying to join a garbage`
		`+ thread_id.`
		`+ ---`
		`+ libvncserver/main.c \| 2 ++`
		`+ 1 file changed, 2 insertions(+)`
		`+`
		`+ diff --git a/libvncserver/main.c b/libvncserver/main.c`
		`+ index d3cd9b1e..772fb18f 100644`
		`+ --- a/libvncserver/main.c`
		`+ +++ b/libvncserver/main.c`
		`+ @@ -1112,6 +1112,7 @@ void rfbShutdownServer(rfbScreenInfoPtr screen,rfbBool disconnectClients) {`
		`+ }`
		`+`
		`+ #ifdef LIBVNCSERVER_HAVE_LIBPTHREAD`
		`+ + if(currentCl->screen->backgroundLoop) {`
		`+ /*`
		`+ Notify the thread. This simply writes a NULL byte to the notify pipe in order to get past the select()`
		`+ in clientInput(), the loop in there will then break because the rfbCloseClient() above has set`
		`+ @@ -1120,6 +1121,7 @@ void rfbShutdownServer(rfbScreenInfoPtr screen,rfbBool disconnectClients) {`
		`+ write(currentCl->pipe_notify_client_thread[1], "\x00", 1);`
		`+ /* And wait for it to finish. */`
		`+ pthread_join(currentCl->client_thread, NULL);`
		`+ + }`
		`+ #else`
		`+ rfbClientConnectionGone(currentCl);`
		`+ #endif`

libvncserver-0.9.1-multilib.patch

file removed

-20

		`@@ -1,20 +0,0 @@`
		`- diff -up LibVNCServer-0.9.1/libvncserver-config.in.multilib LibVNCServer-0.9.1/libvncserver-config.in`
		`- --- LibVNCServer-0.9.1/libvncserver-config.in.multilib 2007-05-26 21:28:25.000000000 -0500`
		`- +++ LibVNCServer-0.9.1/libvncserver-config.in 2008-01-22 14:51:08.000000000 -0600`
		`- @@ -4,7 +4,6 @@ prefix=@prefix@`
		`- exec_prefix=@exec_prefix@`
		`- exec_prefix_set=no`
		`- includedir=@includedir@`
		`- -libdir=@libdir@`
		`-`
		`- # if this script is in the same directory as libvncserver-config.in, assume not installed`
		- if [ -f "`dirname "$0"`/libvncserver-config.in" ]; then
		`- @@ -63,7 +62,7 @@ while test $# -gt 0; do`
		`- libs="$libs -R$dir"`
		`- fi`
		`- done`
		`- - echo "$libs" -lvncserver -lvncclient @LIBS@ @WSOCKLIB@`
		`- + echo "$libs" -lvncserver -lvncclient`
		`- ;;`
		`- --link)`
		`- echo @CC@`

libvncserver-0.9.11-Limit-client-cut-text-length-to-1-MB.patch

file removed

-40

		`@@ -1,40 +0,0 @@`
		`- From e7d578afbb16592ccee8f13aedd65b2220e220ae Mon Sep 17 00:00:00 2001`
		`- From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>`
		`- Date: Tue, 6 Mar 2018 11:58:02 +0100`
		`- Subject: [PATCH] Limit client cut text length to 1 MB`
		`- MIME-Version: 1.0`
		`- Content-Type: text/plain; charset=UTF-8`
		`- Content-Transfer-Encoding: 8bit`
		`-`
		`- This patch constrains client text length to 1 MB. Otherwise a client`
		`- could make server allocate 2 GB of memory and that seems to be to much`
		`- to classify it as denial of service.`
		`-`
		`- I keep the previous checks for maximal type values intentionally as`
		`- a course of defensive coding. (You cannot never know how small the`
		`- types are. And as a warning for people patching out this change not to`
		`- introduce CVE-2018-7225 again.)`
		`-`
		`- Signed-off-by: Petr Písař <ppisar@redhat.com>`
		`- ---`
		`- libvncserver/rfbserver.c \| 4 +++-`
		`- 1 file changed, 3 insertions(+), 1 deletion(-)`
		`-`
		`- diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c`
		`- index a9561fc..0027343 100644`
		`- --- a/libvncserver/rfbserver.c`
		`- +++ b/libvncserver/rfbserver.c`
		`- @@ -2587,7 +2587,9 @@ rfbProcessClientNormalMessage(rfbClientPtr cl)`
		`- * argument. Here we check that the value fits into all of them to`
		`- * prevent from misinterpretation and thus from accessing uninitialized`
		`- * memory. CVE-2018-7225 */`
		`- - if (msg.cct.length > SIZE_MAX \|\| msg.cct.length > INT_MAX - sz_rfbClientCutTextMsg) {`
		`- + /* But first to prevent from a denial-of-service by allocating to much`
		`- + * memory in the server, we impose a limit of 1 MB. */`
		`- + if (msg.cct.length > 1<<20 \|\| msg.cct.length > SIZE_MAX \|\| msg.cct.length > INT_MAX - sz_rfbClientCutTextMsg) {`
		`- rfbLog("rfbClientCutText: too big cut text length requested: %" PRIu32 "\n",`
		`- msg.cct.length);`
		`- rfbCloseClient(cl);`
		`- --`
		`- 2.13.6`
		`-`

libvncserver-0.9.11-Validate-client-cut-text-length.patch

file removed

-76

		`@@ -1,76 +0,0 @@`
		`- From 0073e4f694d5a51bb72ff12a5e8364b6e752e094 Mon Sep 17 00:00:00 2001`
		`- From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>`
		`- Date: Mon, 26 Feb 2018 13:48:00 +0100`
		`- Subject: [PATCH] Validate client cut text length`
		`- MIME-Version: 1.0`
		`- Content-Type: text/plain; charset=UTF-8`
		`- Content-Transfer-Encoding: 8bit`
		`-`
		`- Client-provided unsigned 32-bit cut text length is passed to various`
		`- functions that expects argument of a different type.`
		`-`
		`- E.g. "RFB 003.003\n\001\006\0\0\0\xff\xff\xff\xff" string sent to the`
		`- RFB server leads to 4294967295 msg.cct.length value that in turn is`
		`- interpreted as -1 by rfbReadExact() and thus uninitialized str buffer`
		`- with potentially sensitive data is passed to subsequent functions.`
		`-`
		`- This patch fixes it by checking for a maximal value that still can be`
		`- processed correctly. It also corrects accepting length value of zero`
		`- (malloc(0) is interpreted on differnet systems differently).`
		`-`
		`- Whether a client can make the server allocate up to 2 GB and cause`
		`- a denial of service on memory-tight systems is kept without answer.`
		`- A possible solution would be adding an arbitrary memory limit that is`
		`- deemed safe.`
		`-`
		`- CVE-2018-7225`
		`- <https://github.com/LibVNC/libvncserver/issues/218>`
		`-`
		`- Signed-off-by: Petr Písař <ppisar@redhat.com>`
		`- ---`
		`- libvncserver/rfbserver.c \| 22 +++++++++++++++++++++-`
		`- 1 file changed, 21 insertions(+), 1 deletion(-)`
		`-`
		`- diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c`
		`- index 116c488..a9561fc 100644`
		`- --- a/libvncserver/rfbserver.c`
		`- +++ b/libvncserver/rfbserver.c`
		`- @@ -88,6 +88,12 @@`
		`- #include <errno.h>`
		`- /* strftime() */`
		`- #include <time.h>`
		`- +/* SIZE_MAX */`
		`- +#include <stdint.h>`
		`- +/* PRIu32 */`
		`- +#include <inttypes.h>`
		`- +/* INT_MAX */`
		`- +#include <limits.h>`
		`-`
		`- #ifdef LIBVNCSERVER_WITH_WEBSOCKETS`
		`- #include "rfbssl.h"`
		`- @@ -2575,7 +2581,21 @@ rfbProcessClientNormalMessage(rfbClientPtr cl)`
		`-`
		`- msg.cct.length = Swap32IfLE(msg.cct.length);`
		`-`
		`- - str = (char *)malloc(msg.cct.length);`
		`- + /* uint32_t input is passed to malloc()'s size_t argument,`
		`- + * to rfbReadExact()'s int argument, to rfbStatRecordMessageRcvd()'s int`
		`- + * argument increased of sz_rfbClientCutTextMsg, and to setXCutText()'s int`
		`- + * argument. Here we check that the value fits into all of them to`
		`- + * prevent from misinterpretation and thus from accessing uninitialized`
		`- + * memory. CVE-2018-7225 */`
		`- + if (msg.cct.length > SIZE_MAX \|\| msg.cct.length > INT_MAX - sz_rfbClientCutTextMsg) {`
		`- + rfbLog("rfbClientCutText: too big cut text length requested: %" PRIu32 "\n",`
		`- + msg.cct.length);`
		`- + rfbCloseClient(cl);`
		`- + return;`
		`- + }`
		`- +`
		`- + /* Allow zero-length client cut text. */`
		`- + str = (char *)malloc(msg.cct.length ? msg.cct.length : 1);`
		`- if (str == NULL) {`
		`- rfbLogPerror("rfbProcessClientNormalMessage: not enough memory");`
		`- rfbCloseClient(cl);`
		`- --`
		`- 2.13.6`
		`-`

libvncserver-0.9.11-soname.patch

file removed

-22

		`@@ -1,22 +0,0 @@`
		`- diff -up libvncserver-LibVNCServer-0.9.11/libvncclient/Makefile.am.soname libvncserver-LibVNCServer-0.9.11/libvncclient/Makefile.am`
		`- --- libvncserver-LibVNCServer-0.9.11/libvncclient/Makefile.am.soname 2017-05-16 10:21:51.500768946 -0500`
		`- +++ libvncserver-LibVNCServer-0.9.11/libvncclient/Makefile.am 2017-05-17 11:26:44.383312391 -0500`
		`- @@ -25,5 +25,5 @@ EXTRA_DIST=corre.c hextile.c rre.c tight`
		`- $(libvncclient_la_OBJECTS): ../rfb/rfbclient.h`
		`-`
		`- lib_LTLIBRARIES=libvncclient.la`
		`- -libvncclient_la_LDFLAGS = -version-info 1:0:0`
		`- +libvncclient_la_LDFLAGS = -version-info 0:0:0`
		`-`
		`- diff -up libvncserver-LibVNCServer-0.9.11/libvncserver/Makefile.am.soname libvncserver-LibVNCServer-0.9.11/libvncserver/Makefile.am`
		`- --- libvncserver-LibVNCServer-0.9.11/libvncserver/Makefile.am.soname 2017-05-16 10:21:51.500768946 -0500`
		`- +++ libvncserver-LibVNCServer-0.9.11/libvncserver/Makefile.am 2017-05-17 11:27:02.259459683 -0500`
		`- @@ -66,7 +66,7 @@ libvncserver_la_LIBADD += $(LIBSYSTEMD_L`
		`- endif`
		`-`
		`- lib_LTLIBRARIES=libvncserver.la`
		`- -libvncserver_la_LDFLAGS = -version-info 1:0:0`
		`- +libvncserver_la_LDFLAGS = -version-info 0:0:0`
		`-`
		`- if HAVE_RPM`
		`- $(PACKAGE)-$(VERSION).tar.gz: dist`

libvncserver-0.9.11-system_minilzo.patch

file removed

-55

		`@@ -1,55 +0,0 @@`
		`- diff -up libvncserver-LibVNCServer-0.9.11/libvncclient/Makefile.am.system_minilzo libvncserver-LibVNCServer-0.9.11/libvncclient/Makefile.am`
		`- --- libvncserver-LibVNCServer-0.9.11/libvncclient/Makefile.am.system_minilzo 2017-02-14 10:54:54.308402791 -0600`
		`- +++ libvncserver-LibVNCServer-0.9.11/libvncclient/Makefile.am 2017-02-14 10:56:28.007379315 -0600`
		`- @@ -13,8 +13,8 @@ endif`
		`- endif`
		`-`
		`-`
		`- -libvncclient_la_SOURCES=cursor.c listen.c rfbproto.c sockets.c vncviewer.c ../common/minilzo.c $(TLSSRCS)`
		`- -libvncclient_la_LIBADD=$(TLSLIBS)`
		`- +libvncclient_la_SOURCES=cursor.c listen.c rfbproto.c sockets.c vncviewer.c $(TLSSRCS)`
		`- +libvncclient_la_LIBADD=$(TLSLIBS) -lminilzo`
		`-`
		`- noinst_HEADERS=../common/lzodefs.h ../common/lzoconf.h ../common/minilzo.h tls.h`
		`-`
		`- diff -up libvncserver-LibVNCServer-0.9.11/libvncclient/rfbproto.c.system_minilzo libvncserver-LibVNCServer-0.9.11/libvncclient/rfbproto.c`
		`- --- libvncserver-LibVNCServer-0.9.11/libvncclient/rfbproto.c.system_minilzo 2016-12-30 07:01:28.000000000 -0600`
		`- +++ libvncserver-LibVNCServer-0.9.11/libvncclient/rfbproto.c 2017-02-14 10:54:54.309402801 -0600`
		`- @@ -66,7 +66,7 @@`
		`- #include <gcrypt.h>`
		`- #endif`
		`-`
		`- -#include "minilzo.h"`
		`- +#include <lzo/minilzo.h>`
		`- #include "tls.h"`
		`-`
		`- #ifdef _MSC_VER`
		`- diff -up libvncserver-LibVNCServer-0.9.11/libvncserver/Makefile.am.system_minilzo libvncserver-LibVNCServer-0.9.11/libvncserver/Makefile.am`
		`- --- libvncserver-LibVNCServer-0.9.11/libvncserver/Makefile.am.system_minilzo 2017-02-14 10:54:54.309402801 -0600`
		`- +++ libvncserver-LibVNCServer-0.9.11/libvncserver/Makefile.am 2017-02-14 10:57:28.495009713 -0600`
		`- @@ -53,11 +53,11 @@ endif`
		`- LIB_SRCS = main.c rfbserver.c rfbregion.c auth.c sockets.c $(WEBSOCKETSSRCS) \`
		`- stats.c corre.c hextile.c rre.c translate.c cutpaste.c \`
		`- httpd.c cursor.c font.c \`
		`- - draw.c selbox.c ../common/d3des.c ../common/vncauth.c cargs.c ../common/minilzo.c ultra.c scale.c \`
		`- + draw.c selbox.c ../common/d3des.c ../common/vncauth.c cargs.c ultra.c scale.c \`
		`- $(ZLIBSRCS) $(TIGHTSRCS) $(TIGHTVNCFILETRANSFERSRCS)`
		`-`
		`- libvncserver_la_SOURCES=$(LIB_SRCS)`
		`- -libvncserver_la_LIBADD=$(WEBSOCKETSSSLLIBS)`
		`- +libvncserver_la_LIBADD=$(WEBSOCKETSSSLLIBS) -lminilzo`
		`-`
		`- if WITH_SYSTEMD`
		`- AM_CPPFLAGS += -DLIBVNCSERVER_WITH_SYSTEMD`
		`- diff -up libvncserver-LibVNCServer-0.9.11/libvncserver/ultra.c.system_minilzo libvncserver-LibVNCServer-0.9.11/libvncserver/ultra.c`
		`- --- libvncserver-LibVNCServer-0.9.11/libvncserver/ultra.c.system_minilzo 2016-12-30 07:01:28.000000000 -0600`
		`- +++ libvncserver-LibVNCServer-0.9.11/libvncserver/ultra.c 2017-02-14 10:54:54.309402801 -0600`
		`- @@ -8,7 +8,7 @@`
		`- */`
		`-`
		`- #include <rfb/rfb.h>`
		`- -#include "minilzo.h"`
		`- +#include <lzo/minilzo.h>`
		`-`
		`- /*`
		`- * cl->beforeEncBuf contains pixel data in the client's format.`

libvncserver.spec

file modified

+52 -62

		`@@ -1,15 +1,18 @@`
		`Summary: Library to make writing a VNC server easy`
		`Name: libvncserver`
		`- Version: 0.9.11`
		`- Release: 11%{?dist}`
		`+ Version: 0.9.12`
		`+ Release: 1%{?dist}`

		`# NOTE: --with-filetransfer => GPLv2`
		`License: GPLv2+`
		`URL: http://libvnc.github.io/`
		`Source0: https://github.com/LibVNC/libvncserver/archive/LibVNCServer-%{version}.tar.gz`

		`- ## upstream patches`
		`- Patch4: 0040-Ensure-compatibility-with-gtk-vnc-0.7.0.patch`
		`+ Patch1: 3348a7e42e86dfb98dd7458ad29def476cf6096f.patch`
		`+ Patch2: 36a71279ed5b10effecd879caf6c3791842ca713.patch`
		`+ Patch3: d0a76539835d11c0f4723499f8be4bc9c7724eb9.patch`
		`+ Patch4: 15c4f144a3783d9f1f2c976acf9f4d85988fd466.patch`
		`+`

		`## TLS security type enablement patches`
		`# https://github.com/LibVNC/libvncserver/pull/234`
		`@@ -17,26 +20,36 @@`
		`Patch11: 0002-libvncserver-Add-channel-security-handlers.patch`

		`## downstream patches`
		`- Patch100: libvncserver-0.9.11-system_minilzo.patch`
		`- Patch101: libvncserver-0.9.1-multilib.patch`
		`Patch102: LibVNCServer-0.9.10-system-crypto-policy.patch`
		`- # revert soname bump`
		`- Patch103: libvncserver-0.9.11-soname.patch`
		`- # 1/2 Fix CVE-2018-7225, bug #1546860`
		`- Patch104: libvncserver-0.9.11-Validate-client-cut-text-length.patch`
		`- # 2/2 Fix CVE-2018-7225, bug #1546860`
		`- Patch105: libvncserver-0.9.11-Limit-client-cut-text-length-to-1-MB.patch`
		`-`
		`- BuildRequires: autoconf`
		`- BuildRequires: automake`
		`+`
		`+ Patch106: CVE-2018-15127.patch`
		`+ Patch107: CVE-2019-15681.patch`
		`+`
		`+ BuildRequires: gcc-c++`
		`+ BuildRequires: cmake3`
		`+ BuildRequires: pkgconfig(gnutls)`
		`+ BuildRequires: pkgconfig(sdl2)`
		`+ BuildRequires: pkgconfig(libsystemd)`
		`+ BuildRequires: pkgconfig(x11)`
		`+ BuildRequires: pkgconfig(xdamage)`
		`+ BuildRequires: pkgconfig(xext)`
		`+ BuildRequires: pkgconfig(xrandr)`
		`+ BuildRequires: pkgconfig(xtst)`
		`+ BuildRequires: pkgconfig(xinerama)`
		`+ BuildRequires: pkgconfig(xfixes)`
		`+ BuildRequires: pkgconfig(openssl)`
		`+ BuildRequires: pkgconfig(zlib)`
		`+ BuildRequires: pkgconfig(libjpeg)`
		`+ BuildRequires: pkgconfig(libpng)`
		`+ #BuildRequires: pkgconfig(lzo2)`
		`+ #BuildRequires: ffmpeg-devel`
		`+ BuildRequires: gettext-devel`
		`BuildRequires: libgcrypt-devel`
		`- BuildRequires: libjpeg-devel`
		`- BuildRequires: libtool`
		`+`
		`+`
		`BuildRequires: lzo-devel`
		`BuildRequires: lzo-minilzo`
		`- BuildRequires: pkgconfig(gnutls)`
		`BuildRequires: pkgconfig(libcrypto)`
		`- BuildRequires: pkgconfig(libpng)`
		`BuildRequires: pkgconfig(libssl)`
		`# Additional deps for --with-x11vnc, see https://bugzilla.redhat.com/show_bug.cgi?id=864947`
		`BuildRequires: pkgconfig(avahi-client)`
		`@@ -75,25 +88,20 @@`
		`%prep`
		`%setup -q -n %{name}-LibVNCServer-%{version}`

		`- %patch4 -p1 -b .0004`
		`+ %patch1 -p1`
		`+ %patch2 -p1`
		`+ %patch3 -p1`
		`+ %patch4 -p1`

		`%patch10 -p1`
		`%patch11 -p1`

		`- %patch100 -p1 -b .system_minilzo`
		`# Nuke bundled minilzo`
		`- #rm -fv common/lzodefs.h common/lzoconf.h commmon/minilzo.h common/minilzo.c`
		`+ rm -fv common/lzodefs.h common/lzoconf.h commmon/minilzo.h common/minilzo.c`

		`- %patch101 -p1 -b .multilib`
		`%patch102 -p1`
		`- %if 0%{?fedora} < 26`
		`- %patch103 -p1 -b .soname`
		`- %global soname 0`
		`- %else`
		`- %global soname 1`
		`- %endif`
		`- %patch104 -p1`
		`- %patch105 -p1`
		`+ %patch106 -p1`
		`+ %patch107 -p1`

		`# Fix encoding`
		`for file in ChangeLog ; do`
		`@@ -102,48 +110,27 @@`
		`touch --reference ${file}.OLD $file`
		`done`

		`- # Needed by patch 1 (and to nuke rpath's)`
		`- autoreconf -vif`
		`-`

		`%build`
		`- %configure \`
		`- --disable-silent-rules \`
		`- --disable-static \`
		`- --without-filetransfer \`
		`- --with-gcrypt \`
		`- --with-png \`
		`- --with-x11vnc`
		`-`
		`- # Hack to omit unused-direct-shlib-dependencies`
		`- sed -i -e 's! -shared ! -Wl,--as-needed\0!g' libtool`
		`-`
		`- make %{?_smp_mflags}`
		`-`
		`+ mkdir -p %{_target_platform}`
		`+ pushd %{_target_platform}`
		`+ %cmake3 ..`
		`+ popd`
		`+ %make_build -C %{_target_platform}`

		`%install`
		`- %make_install`
		`-`
		`- # Unpackaged files`
		`- rm -fv %{buildroot}%{_bindir}/linuxvnc`
		`- rm -fv %{buildroot}%{_libdir}/lib*.a`
		`- rm -fv %{buildroot}%{_libdir}/lib*.la`
		`-`
		`-`
		`- %check`
		`- make -C test test \|\|:`
		`-`
		`+ %make_install -C %{_target_platform}`

		`%ldconfig_scriptlets`

		`%files`
		`%license COPYING`
		`- %doc AUTHORS ChangeLog NEWS README TODO`
		`- %{_libdir}/libvncclient.so.%{soname}*`
		`- %{_libdir}/libvncserver.so.%{soname}*`
		`+ %doc AUTHORS ChangeLog NEWS README.md TODO`
		`+ %{_libdir}/libvncclient.so.*`
		`+ %{_libdir}/libvncserver.so.*`

		`%files devel`
		`- %{_bindir}/libvncserver-config`
		`+ #{_bindir}/libvncserver-config`
		`%{_includedir}/rfb/`
		`%{_libdir}/libvncclient.so`
		`%{_libdir}/libvncserver.so`
		`@@ -152,6 +139,9 @@`


		`%changelog`
		`+ * Tue Feb 11 2020 Sérgio Basto <sergio@serjux.com> - 0.9.12-1`
		`+ - Update to 0.9.12`
		`+`
		`* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.11-11`
		`- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild`