diff --git a/.gitignore b/.gitignore index e5d99d2..087deae 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,4 @@ /LibVNCServer-0.9.10.tar.gz /LibVNCServer-0.9.11.tar.gz /LibVNCServer-0.9.12.tar.gz +/LibVNCServer-0.9.13.tar.gz diff --git a/15c4f144a3783d9f1f2c976acf9f4d85988fd466.patch b/15c4f144a3783d9f1f2c976acf9f4d85988fd466.patch deleted file mode 100644 index b8edd35..0000000 --- a/15c4f144a3783d9f1f2c976acf9f4d85988fd466.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 15c4f144a3783d9f1f2c976acf9f4d85988fd466 Mon Sep 17 00:00:00 2001 -From: Albert Astals Cid -Date: Sun, 5 Jan 2020 19:56:57 +0100 -Subject: [PATCH] rfbShutdownServer: Call rfbClientConnectionGone if no - backgroundLoop - -Otherwise the servers that don't use rfbRunEventLoop don't get -notified of client disconnections ---- - libvncserver/main.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/libvncserver/main.c b/libvncserver/main.c -index b51f0ab6..738a501d 100644 ---- a/libvncserver/main.c -+++ b/libvncserver/main.c -@@ -1152,6 +1152,8 @@ void rfbShutdownServer(rfbScreenInfoPtr screen,rfbBool disconnectClients) { - write(currentCl->pipe_notify_client_thread[1], "\x00", 1); - /* And wait for it to finish. */ - pthread_join(currentCl->client_thread, NULL); -+ } else { -+ rfbClientConnectionGone(currentCl); - } - #else - rfbClientConnectionGone(currentCl); diff --git a/3348a7e42e86dfb98dd7458ad29def476cf6096f.patch b/3348a7e42e86dfb98dd7458ad29def476cf6096f.patch deleted file mode 100644 index 9adde95..0000000 --- a/3348a7e42e86dfb98dd7458ad29def476cf6096f.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 3348a7e42e86dfb98dd7458ad29def476cf6096f Mon Sep 17 00:00:00 2001 -From: Christian Beier -Date: Sat, 9 Feb 2019 13:23:26 +0100 -Subject: [PATCH] CMake: replace hardcoded 'lib' with ${CMAKE_INSTALL_LIBDIR} - -Closes #281 ---- - CMakeLists.txt | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/CMakeLists.txt b/CMakeLists.txt -index 873cc7b5..55f7e650 100644 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -9,6 +9,7 @@ include(CheckTypeSize) - include(TestBigEndian) - include(CheckCSourceCompiles) - include(CheckCSourceRuns) -+include(GNUInstallDirs) - - enable_testing() - -@@ -666,8 +667,8 @@ get_link_libraries(PRIVATE_LIBS vncclient) - configure_file(${CMAKE_CURRENT_SOURCE_DIR}/libvncclient.pc.cmakein ${CMAKE_CURRENT_BINARY_DIR}/libvncclient.pc @ONLY) - - --install_targets(/lib vncserver) --install_targets(/lib vncclient) -+install_targets(/${CMAKE_INSTALL_LIBDIR} vncserver) -+install_targets(/${CMAKE_INSTALL_LIBDIR} vncclient) - install_files(/include/rfb FILES - rfb/keysym.h - rfb/rfb.h -@@ -677,7 +678,7 @@ install_files(/include/rfb FILES - rfb/rfbregion.h - ) - --install_files(/lib/pkgconfig FILES -+install_files(/${CMAKE_INSTALL_LIBDIR}/pkgconfig FILES - libvncserver.pc - libvncclient.pc - ) diff --git a/36a71279ed5b10effecd879caf6c3791842ca713.patch b/36a71279ed5b10effecd879caf6c3791842ca713.patch deleted file mode 100644 index c72b80e..0000000 --- a/36a71279ed5b10effecd879caf6c3791842ca713.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 36a71279ed5b10effecd879caf6c3791842ca713 Mon Sep 17 00:00:00 2001 -From: Christian Beier -Date: Thu, 28 Mar 2019 21:06:36 +0100 -Subject: [PATCH] CMake: replace 'lib' with ${CMAKE_INSTALL_LIBDIR} for - pkgconfig files as well - -Thanks to https://github.com/ikelos for spotting this ;-) - -Closes #290 ---- - libvncclient.pc.cmakein | 2 +- - libvncserver.pc.cmakein | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/libvncclient.pc.cmakein b/libvncclient.pc.cmakein -index 169a8b7c..445f7e74 100644 ---- a/libvncclient.pc.cmakein -+++ b/libvncclient.pc.cmakein -@@ -1,6 +1,6 @@ - prefix=@CMAKE_INSTALL_PREFIX@ - exec_prefix=@CMAKE_INSTALL_PREFIX@ --libdir=@CMAKE_INSTALL_PREFIX@/lib -+libdir=@CMAKE_INSTALL_PREFIX@/@CMAKE_INSTALL_LIBDIR@ - includedir=@CMAKE_INSTALL_PREFIX@/include - - Name: LibVNCClient -diff --git a/libvncserver.pc.cmakein b/libvncserver.pc.cmakein -index f38d74fe..c6898061 100644 ---- a/libvncserver.pc.cmakein -+++ b/libvncserver.pc.cmakein -@@ -1,6 +1,6 @@ - prefix=@CMAKE_INSTALL_PREFIX@ - exec_prefix=@CMAKE_INSTALL_PREFIX@ --libdir=@CMAKE_INSTALL_PREFIX@/lib -+libdir=@CMAKE_INSTALL_PREFIX@/@CMAKE_INSTALL_LIBDIR@ - includedir=@CMAKE_INSTALL_PREFIX@/include - - Name: LibVNCServer diff --git a/CVE-2018-15127.patch b/CVE-2018-15127.patch deleted file mode 100644 index 1462436..0000000 --- a/CVE-2018-15127.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 09e8fc02f59f16e2583b34fe1a270c238bd9ffec Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= -Date: Mon, 7 Jan 2019 10:40:01 +0100 -Subject: [PATCH] Limit lenght to INT_MAX bytes in - rfbProcessFileTransferReadBuffer() - -This ammends 15bb719c03cc70f14c36a843dcb16ed69b405707 fix for a heap -out-of-bound write access in rfbProcessFileTransferReadBuffer() when -reading a transfered file content in a server. The former fix did not -work on platforms with a 32-bit int type (expected by rfbReadExact()). - -CVE-2018-15127 - - ---- - libvncserver/rfbserver.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c -index 7af84906..f2edbeea 100644 ---- a/libvncserver/rfbserver.c -+++ b/libvncserver/rfbserver.c -@@ -88,6 +88,8 @@ - #include - /* strftime() */ - #include -+/* INT_MAX */ -+#include - - #ifdef LIBVNCSERVER_WITH_WEBSOCKETS - #include "rfbssl.h" -@@ -1472,8 +1474,11 @@ char *rfbProcessFileTransferReadBuffer(rfbClientPtr cl, uint32_t length) - 0XFFFFFFFF, i.e. SIZE_MAX for 32-bit systems. On 64-bit systems, a length of 0XFFFFFFFF - will safely be allocated since this check will never trigger and malloc() can digest length+1 - without problems as length is a uint32_t. -+ We also later pass length to rfbReadExact() that expects a signed int type and -+ that might wrap on platforms with a 32-bit int type if length is bigger -+ than 0X7FFFFFFF. - */ -- if(length == SIZE_MAX) { -+ if(length == SIZE_MAX || length > INT_MAX) { - rfbErr("rfbProcessFileTransferReadBuffer: too big file transfer length requested: %u", (unsigned int)length); - rfbCloseClient(cl); - return NULL; diff --git a/CVE-2019-15681.patch b/CVE-2019-15681.patch deleted file mode 100644 index e328d87..0000000 --- a/CVE-2019-15681.patch +++ /dev/null @@ -1,23 +0,0 @@ -From d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a Mon Sep 17 00:00:00 2001 -From: Christian Beier -Date: Mon, 19 Aug 2019 22:32:25 +0200 -Subject: [PATCH] rfbserver: don't leak stack memory to the remote - -Thanks go to Pavel Cheremushkin of Kaspersky for reporting. ---- - libvncserver/rfbserver.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c -index 3bacc891..310e5487 100644 ---- a/libvncserver/rfbserver.c -+++ b/libvncserver/rfbserver.c -@@ -3724,6 +3724,8 @@ rfbSendServerCutText(rfbScreenInfoPtr rfbScreen,char *str, int len) - rfbServerCutTextMsg sct; - rfbClientIteratorPtr iterator; - -+ memset((char *)&sct, 0, sizeof(sct)); -+ - iterator = rfbGetClientIterator(rfbScreen); - while ((cl = rfbClientIteratorNext(iterator)) != NULL) { - sct.type = rfbServerCutText; diff --git a/LibVNCServer-0.9.10-system-crypto-policy.patch b/LibVNCServer-0.9.10-system-crypto-policy.patch deleted file mode 100644 index 47d540b..0000000 --- a/LibVNCServer-0.9.10-system-crypto-policy.patch +++ /dev/null @@ -1,26 +0,0 @@ -diff -Naur libvncserver-LibVNCServer-0.9.10.old/libvncclient/tls_gnutls.c libvncserver-LibVNCServer-0.9.10/libvncclient/tls_gnutls.c ---- libvncserver-LibVNCServer-0.9.10.old/libvncclient/tls_gnutls.c 2015-12-12 00:14:37.269157918 +0100 -+++ libvncserver-LibVNCServer-0.9.10/libvncclient/tls_gnutls.c 2015-12-12 11:23:29.391385234 +0100 -@@ -31,8 +31,8 @@ - #include "tls.h" - - --static const char *rfbTLSPriority = "NORMAL:+DHE-DSS:+RSA:+DHE-RSA:+SRP"; --static const char *rfbAnonTLSPriority= "NORMAL:+ANON-DH"; -+static const char *rfbTLSPriority = "@SYSTEM"; -+static const char *rfbAnonTLSPriority= "@SYSTEM:+ANON-DH"; - - #define DH_BITS 1024 - static gnutls_dh_params_t rfbDHParams; -diff -Naur libvncserver-LibVNCServer-0.9.10.old/libvncserver/rfbssl_gnutls.c libvncserver-LibVNCServer-0.9.10/libvncserver/rfbssl_gnutls.c ---- libvncserver-LibVNCServer-0.9.10.old/libvncserver/rfbssl_gnutls.c 2015-12-12 00:14:37.270157930 +0100 -+++ libvncserver-LibVNCServer-0.9.10/libvncserver/rfbssl_gnutls.c 2015-12-12 11:14:49.966830581 +0100 -@@ -54,7 +54,7 @@ - - if (!GNUTLS_E_SUCCESS == (ret = gnutls_init(&session, GNUTLS_SERVER))) { - /* */ -- } else if (!GNUTLS_E_SUCCESS == (ret = gnutls_priority_set_direct(session, "EXPORT", NULL))) { -+ } else if (!GNUTLS_E_SUCCESS == (ret = gnutls_set_default_priority(session))) { - /* */ - } else if (!GNUTLS_E_SUCCESS == (ret = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, ctx->x509_cred))) { - /* */ diff --git a/d0a76539835d11c0f4723499f8be4bc9c7724eb9.patch b/d0a76539835d11c0f4723499f8be4bc9c7724eb9.patch deleted file mode 100644 index 7192b6f..0000000 --- a/d0a76539835d11c0f4723499f8be4bc9c7724eb9.patch +++ /dev/null @@ -1,32 +0,0 @@ -From d0a76539835d11c0f4723499f8be4bc9c7724eb9 Mon Sep 17 00:00:00 2001 -From: Rajesh Sahoo -Date: Tue, 11 Jun 2019 15:13:04 +0530 -Subject: [PATCH] avoid pthread_join if backgroundLoop is FALSE - -client_thread is created depending upon backgroundLoop, but joining -without checking for same condition. so we are trying to join a garbage -thread_id. ---- - libvncserver/main.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/libvncserver/main.c b/libvncserver/main.c -index d3cd9b1e..772fb18f 100644 ---- a/libvncserver/main.c -+++ b/libvncserver/main.c -@@ -1112,6 +1112,7 @@ void rfbShutdownServer(rfbScreenInfoPtr screen,rfbBool disconnectClients) { - } - - #ifdef LIBVNCSERVER_HAVE_LIBPTHREAD -+ if(currentCl->screen->backgroundLoop) { - /* - Notify the thread. This simply writes a NULL byte to the notify pipe in order to get past the select() - in clientInput(), the loop in there will then break because the rfbCloseClient() above has set -@@ -1120,6 +1121,7 @@ void rfbShutdownServer(rfbScreenInfoPtr screen,rfbBool disconnectClients) { - write(currentCl->pipe_notify_client_thread[1], "\x00", 1); - /* And wait for it to finish. */ - pthread_join(currentCl->client_thread, NULL); -+ } - #else - rfbClientConnectionGone(currentCl); - #endif diff --git a/libvncserver-LibVNCServer-0.9.13-system-crypto-policy.patch b/libvncserver-LibVNCServer-0.9.13-system-crypto-policy.patch new file mode 100644 index 0000000..493617f --- /dev/null +++ b/libvncserver-LibVNCServer-0.9.13-system-crypto-policy.patch @@ -0,0 +1,15 @@ +diff -up libvncserver-LibVNCServer-0.9.13/libvncclient/tls_gnutls.c.crypto_policy libvncserver-LibVNCServer-0.9.13/libvncclient/tls_gnutls.c +--- libvncserver-LibVNCServer-0.9.13/libvncclient/tls_gnutls.c.crypto_policy 2020-06-13 13:49:53.000000000 -0500 ++++ libvncserver-LibVNCServer-0.9.13/libvncclient/tls_gnutls.c 2020-07-02 08:00:54.304902893 -0500 +@@ -29,8 +29,8 @@ + #include "tls.h" + + +-static const char *rfbTLSPriority = "NORMAL:+DHE-DSS:+RSA:+DHE-RSA:+SRP"; +-static const char *rfbAnonTLSPriority= "NORMAL:+ANON-DH"; ++static const char *rfbTLSPriority = "@SYSTEM"; ++static const char *rfbAnonTLSPriority= "@SYSTEM:+ANON-DH"; + + #define DH_BITS 1024 + static gnutls_dh_params_t rfbDHParams; +diff -up libvncserver-LibVNCServer-0.9.13/libvncserver/rfbssl_gnutls.c.crypto_policy libvncserver-LibVNCServer-0.9.13/libvncserver/rfbssl_gnutls.c diff --git a/libvncserver.spec b/libvncserver.spec index 13f1138..018f8a8 100644 --- a/libvncserver.spec +++ b/libvncserver.spec @@ -1,6 +1,6 @@ Summary: Library to make writing a VNC server easy Name: libvncserver -Version: 0.9.12 +Version: 0.9.13 Release: 1%{?dist} # NOTE: --with-filetransfer => GPLv2 @@ -8,22 +8,13 @@ License: GPLv2+ URL: http://libvnc.github.io/ Source0: https://github.com/LibVNC/libvncserver/archive/LibVNCServer-%{version}.tar.gz -Patch1: 3348a7e42e86dfb98dd7458ad29def476cf6096f.patch -Patch2: 36a71279ed5b10effecd879caf6c3791842ca713.patch -Patch3: d0a76539835d11c0f4723499f8be4bc9c7724eb9.patch -Patch4: 15c4f144a3783d9f1f2c976acf9f4d85988fd466.patch - - ## TLS security type enablement patches # https://github.com/LibVNC/libvncserver/pull/234 Patch10: 0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch Patch11: 0002-libvncserver-Add-channel-security-handlers.patch ## downstream patches -Patch102: LibVNCServer-0.9.10-system-crypto-policy.patch - -Patch106: CVE-2018-15127.patch -Patch107: CVE-2019-15681.patch +Patch102: libvncserver-LibVNCServer-0.9.13-system-crypto-policy.patch BuildRequires: gcc-c++ BuildRequires: cmake3 @@ -88,20 +79,15 @@ developing applications that use %{name}. %prep %setup -q -n %{name}-LibVNCServer-%{version} -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 +## FIXME: needs rebasing +#patch10 -p1 -b .tls-1 +#patch11 -p1 -b .tls-2 -%patch10 -p1 -%patch11 -p1 +%patch102 -p1 -b .crypto_policy # Nuke bundled minilzo rm -fv common/lzodefs.h common/lzoconf.h commmon/minilzo.h common/minilzo.c -%patch102 -p1 -%patch106 -p1 -%patch107 -p1 # Fix encoding for file in ChangeLog ; do @@ -125,9 +111,9 @@ popd %files %license COPYING -%doc AUTHORS ChangeLog NEWS README.md TODO -%{_libdir}/libvncclient.so.* -%{_libdir}/libvncserver.so.* +%doc AUTHORS ChangeLog NEWS* README* TODO* +%{_libdir}/libvncclient.so.1* +%{_libdir}/libvncserver.so.1* %files devel #{_bindir}/libvncserver-config @@ -139,6 +125,10 @@ popd %changelog +* Thu Jul 02 2020 Rex Dieter - 0.9.13-1 +- 0.9.13 +- FIXME/TODO: tls patches need rebasing, work-in-progress + * Tue Feb 11 2020 Sérgio Basto - 0.9.12-1 - Update to 0.9.12 diff --git a/sources b/sources index 69214d2..07072b2 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (LibVNCServer-0.9.12.tar.gz) = 60ff1cc93a937d6f8f97449bc58b763095846207112f7b1b3c43eb2d74448b595d6da949903a764bd484ee54e38ff6277e882adbe965dd6d26ba15ef6ff6fcb8 +SHA512 (LibVNCServer-0.9.13.tar.gz) = 18b0a1698d32bbdbfe6f65f76130b2a95860e3cc76e8adb904269663698c7c0ae982f451fda1f25e5461f096045d40a89d9014258f439366d5b4feaa4999d643