main/libvncserver: upgrade to 0.9.12

author: Leo <thinkabit.ukim@gmail.com> 2019-06-24 16:55:23 -0300
committer: Natanael Copa <ncopa@alpinelinux.org> 2019-06-28 15:11:03 +0000
commit: e3a33d48d59a183072d3ee0da1298f28fc3f2f11 (patch)
tree: 39f49a66191afc881988f8497dddac7cb2401743
parent: 044c99c001c6f3750434d37d8c14d6622d30befd (diff)
download: aports-e3a33d48d59a183072d3ee0da1298f28fc3f2f11.tar.bz2
aports-e3a33d48d59a183072d3ee0da1298f28fc3f2f11.tar.xz
3 files changed, 43 insertions, 154 deletions
diff --git a/main/libvncserver/APKBUILD b/main/libvncserver/APKBUILD
index e20d23839f..a81d612445 100644
--- a/main/libvncserver/APKBUILD
+++ b/main/libvncserver/APKBUILD
@@ -2,21 +2,31 @@
 # Contributor: Natanael Copa <ncopa@alpinelinux.org>
 # Maintainer:
 pkgname=libvncserver
-pkgver=0.9.11
-pkgrel=2
+pkgver=0.9.12
+pkgrel=0
 pkgdesc="Library to make writing a vnc server easy"
 url="http://libvncserver.sourceforge.net/"
 arch="all"
 license="GPL-2.0-or-later"
-depends=""
-depends_dev="libgcrypt-dev libjpeg-turbo-dev gnutls-dev libpng-dev
-	libice-dev libx11-dev libxdamage-dev libxext-dev libxfixes-dev
-	libxi-dev libxinerama-dev libxrandr-dev libxtst-dev"
-makedepends="$depends_dev autoconf automake libtool"
-install=""
+depends_dev="
+	libgcrypt-dev
+	libjpeg-turbo-dev
+	libpng-dev
+	libice-dev
+	libx11-dev
+	libxdamage-dev
+	libxext-dev
+	libxfixes-dev
+	libxi-dev
+	libxinerama-dev
+	libxrandr-dev
+	libxtst-dev
+	openssl-dev
+	lzo-dev
+	"
+makedepends="$depends_dev cmake"
 subpackages="$pkgname-dev"
-source="https://github.com/LibVNC/libvncserver/archive/LibVNCServer-$pkgver.tar.gz
-	CVE-2018-7225.patch"
+source="https://github.com/LibVNC/libvncserver/archive/LibVNCServer-$pkgver.tar.gz"
 
 # secfixes:
 #   0.9.11-r2:
@@ -26,31 +36,40 @@ source="https://github.com/LibVNC/libvncserver/archive/LibVNCServer-$pkgver.tar.
 #     - CVE-2016-9942
 
 builddir="$srcdir"/libvncserver-LibVNCServer-$pkgver
-prepare() {
-	default_prepare
-	./autogen.sh
-}
 
 build() {
 	cd "$builddir"
-	./configure \
-		--build=$CBUILD \
-		--host=$CHOST \
-		--prefix=/usr \
-		--disable-static
+	mkdir build
+	cd build
+	cmake \
+		-DCMAKE_BUILD_TYPE=RelWithDebInfo \
+		-DCMAKE_INSTALL_PREFIX=/usr \
+		-DBUILD_SHARED_LIBS=ON \
+		-DWITH_ZLIB=ON \
+		-DWITH_LZO=ON \
+		-DWITH_JPEG=ON \
+		-DWITH_PNG=ON \
+		-DWITH_SDL=ON \
+		-DWITH_THREADS=ON \
+		-DWITH_GNUTLS=ON \
+		-DWITH_OPENSSL=ON \
+		-DWITH_SYSTEMD=OFF \
+		-DWITH_GCRYPT=ON \
+		-DWITH_FFMPEG=ON \
+		-DWITH_WEBSOCKETS=ON \
+		-DWITH_SASL=ON \
+		..
 	make
 }
 
 check() {
 	cd "$builddir"
-	make check
-	test/tjunittest
+	make -C build test
 }
 
 package() {
 	cd "$builddir"
-	make install DESTDIR="$pkgdir"
+	make -C build install DESTDIR="$pkgdir"
 }
 
-sha512sums="e473c081b68dd3cdd96a1756b4f4945ece79d3c8e4cef62140be1699671555fc16d3080e81d764197a14ea83203ffcd0e18c3cc182e012d036e3faae943003fb  LibVNCServer-0.9.11.tar.gz
-1704254e74aa0adca48669c28ff475bf82a9468cf31edf43c3e0d10178307a7c8ecd8a8f11c061931318a6e529922d4adc188347da1e632dc2ade604a4388706  CVE-2018-7225.patch"
+sha512sums="60ff1cc93a937d6f8f97449bc58b763095846207112f7b1b3c43eb2d74448b595d6da949903a764bd484ee54e38ff6277e882adbe965dd6d26ba15ef6ff6fcb8  LibVNCServer-0.9.12.tar.gz"
diff --git a/main/libvncserver/CVE-2018-7225.patch b/main/libvncserver/CVE-2018-7225.patch
deleted file mode 100644
index 08ae206475..0000000000
--- a/main/libvncserver/CVE-2018-7225.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From 28afb6c537dc82ba04d5f245b15ca7205c6dbb9c Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
-Date: Mon, 26 Feb 2018 13:48:00 +0100
-Subject: [PATCH] Limit client cut text length to 1 MB
-
-This patch constrains a client cut text length to 1 MB. Otherwise
-a client could make server allocate 2 GB of memory and that seems to
-be to much to classify it as a denial of service.
-
-The limit also prevents from an integer overflow followed by copying
-an uninitilized memory when processing msg.cct.length value larger
-than SIZE_MAX or INT_MAX - sz_rfbClientCutTextMsg.
-
-This patch also corrects accepting length value of zero (malloc(0) is
-interpreted on differnet systems differently).
-
-CVE-2018-7225
-<https://github.com/LibVNC/libvncserver/issues/218>
----
- libvncserver/rfbserver.c | 20 +++++++++++++++++++-
- 1 file changed, 19 insertions(+), 1 deletion(-)
-
-diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
-index 116c488..4fc4d9d 100644
---- a/libvncserver/rfbserver.c
-+++ b/libvncserver/rfbserver.c
-@@ -85,6 +88,8 @@
- #include <errno.h>
- /* strftime() */
- #include <time.h>
-+/* PRIu32 */
-+#include <inttypes.h>
- 
- #ifdef LIBVNCSERVER_WITH_WEBSOCKETS
- #include "rfbssl.h"
-@@ -2577,7 +2577,23 @@ rfbProcessClientNormalMessage(rfbClientPtr cl)
- 
- 	msg.cct.length = Swap32IfLE(msg.cct.length);
- 
--	str = (char *)malloc(msg.cct.length);
-+	/* uint32_t input is passed to malloc()'s size_t argument,
-+	 * to rfbReadExact()'s int argument, to rfbStatRecordMessageRcvd()'s int
-+	 * argument increased of sz_rfbClientCutTextMsg, and to setXCutText()'s int
-+	 * argument. Here we impose a limit of 1 MB so that the value fits
-+	 * into all of the types to prevent from misinterpretation and thus
-+	 * from accessing uninitialized memory (CVE-2018-7225) and also to
-+	 * prevent from a denial-of-service by allocating to much memory in
-+	 * the server. */
-+	if (msg.cct.length > 1<<20) {
-+	    rfbLog("rfbClientCutText: too big cut text length requested: %" PRIu32 "\n",
-+		    msg.cct.length);
-+	    rfbCloseClient(cl);
-+	    return;
-+	}
-+
-+	/* Allow zero-length client cut text. */
-+	str = (char *)calloc(msg.cct.length ? msg.cct.length : 1, 1);
- 	if (str == NULL) {
- 		rfbLogPerror("rfbProcessClientNormalMessage: not enough memory");
- 		rfbCloseClient(cl);
--- 
-2.17.0
-
diff --git a/main/libvncserver/LibVNCServer-0.9.10-system_minilzo.patch b/main/libvncserver/LibVNCServer-0.9.10-system_minilzo.patch
deleted file mode 100644
index 34e789bba4..0000000000
--- a/main/libvncserver/LibVNCServer-0.9.10-system_minilzo.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-diff -up LibVNCServer-0.9.10/libvncclient/Makefile.am.system_minilzo LibVNCServer-0.9.10/libvncclient/Makefile.am
---- LibVNCServer-0.9.10/libvncclient/Makefile.am.system_minilzo	2014-04-05 18:38:35.000000000 -0500
-+++ LibVNCServer-0.9.10/libvncclient/Makefile.am	2014-04-29 08:56:27.861761880 -0500
-@@ -13,10 +13,10 @@ endif
- endif
- 
- 
--libvncclient_la_SOURCES=cursor.c listen.c rfbproto.c sockets.c vncviewer.c ../common/minilzo.c $(TLSSRCS)
--libvncclient_la_LIBADD=$(TLSLIBS) $(VA_LIBS)
-+libvncclient_la_SOURCES=cursor.c listen.c rfbproto.c sockets.c vncviewer.c $(TLSSRCS)
-+libvncclient_la_LIBADD=$(TLSLIBS) $(VA_LIBS) -lminilzo
- 
--noinst_HEADERS=../common/lzodefs.h ../common/lzoconf.h ../common/minilzo.h tls.h
-+noinst_HEADERS=tls.h
- 
- rfbproto.o: rfbproto.c corre.c hextile.c rre.c tight.c zlib.c zrle.c ultra.c
- 
-diff -up LibVNCServer-0.9.10/libvncclient/rfbproto.c.system_minilzo LibVNCServer-0.9.10/libvncclient/rfbproto.c
---- LibVNCServer-0.9.10/libvncclient/rfbproto.c.system_minilzo	2014-04-05 18:38:35.000000000 -0500
-+++ LibVNCServer-0.9.10/libvncclient/rfbproto.c	2014-04-29 08:39:57.638331693 -0500
-@@ -61,7 +61,7 @@
- #include <gcrypt.h>
- #endif
- 
--#include "minilzo.h"
-+#include <lzo/minilzo.h>
- #include "tls.h"
- 
- /*
-diff -up LibVNCServer-0.9.10/libvncserver/Makefile.am.system_minilzo LibVNCServer-0.9.10/libvncserver/Makefile.am
---- LibVNCServer-0.9.10/libvncserver/Makefile.am.system_minilzo	2014-04-05 18:38:35.000000000 -0500
-+++ LibVNCServer-0.9.10/libvncserver/Makefile.am	2014-04-29 08:39:57.638331693 -0500
-@@ -37,7 +37,7 @@ include_HEADERS=../rfb/rfb.h ../rfb/rfbc
- 
- noinst_HEADERS=../common/d3des.h ../rfb/default8x16.h zrleoutstream.h \
- 	zrlepalettehelper.h zrletypes.h private.h scale.h rfbssl.h rfbcrypto.h \
--	../common/minilzo.h ../common/lzoconf.h ../common/lzodefs.h ../common/md5.h ../common/sha1.h \
-+	../common/md5.h ../common/sha1.h \
- 	$(TIGHTVNCFILETRANSFERHDRS)
- 
- EXTRA_DIST=tableinit24.c tableinittctemplate.c tabletranstemplate.c \
-@@ -54,11 +54,11 @@ endif
- LIB_SRCS = main.c rfbserver.c rfbregion.c auth.c sockets.c $(WEBSOCKETSSRCS) \
- 	stats.c corre.c hextile.c rre.c translate.c cutpaste.c \
- 	httpd.c cursor.c font.c \
--	draw.c selbox.c ../common/d3des.c ../common/vncauth.c cargs.c ../common/minilzo.c ultra.c scale.c \
-+	draw.c selbox.c ../common/d3des.c ../common/vncauth.c cargs.c ultra.c scale.c \
- 	$(ZLIBSRCS) $(TIGHTSRCS) $(TIGHTVNCFILETRANSFERSRCS)
- 
- libvncserver_la_SOURCES=$(LIB_SRCS)
--libvncserver_la_LIBADD=$(WEBSOCKETSSSLLIBS)
-+libvncserver_la_LIBADD=$(WEBSOCKETSSSLLIBS) -lminilzo
- 
- lib_LTLIBRARIES=libvncserver.la
- 
-diff -up LibVNCServer-0.9.10/libvncserver/ultra.c.system_minilzo LibVNCServer-0.9.10/libvncserver/ultra.c
---- LibVNCServer-0.9.10/libvncserver/ultra.c.system_minilzo	2014-04-05 18:38:35.000000000 -0500
-+++ LibVNCServer-0.9.10/libvncserver/ultra.c	2014-04-29 08:39:57.638331693 -0500
-@@ -8,7 +8,7 @@
-  */
- 
- #include <rfb/rfb.h>
--#include "minilzo.h"
-+#include <lzo/minilzo.h>
- 
- /*
-  * cl->beforeEncBuf contains pixel data in the client's format.
author	Leo <thinkabit.ukim@gmail.com>	2019-06-24 16:55:23 -0300
committer	Natanael Copa <ncopa@alpinelinux.org>	2019-06-28 15:11:03 +0000
commit	e3a33d48d59a183072d3ee0da1298f28fc3f2f11 (patch)
tree	39f49a66191afc881988f8497dddac7cb2401743
parent	044c99c001c6f3750434d37d8c14d6622d30befd (diff)
download	aports-e3a33d48d59a183072d3ee0da1298f28fc3f2f11.tar.bz2 aports-e3a33d48d59a183072d3ee0da1298f28fc3f2f11.tar.xz