New security patches from Mandriva, bug 174200

Package-Manager: portage-2.1.2.3

diff --git a/net-misc/tightvnc/ChangeLog b/net-misc/tightvnc/ChangeLog
index 14286a50f30bb2a3c424bfe2beb168702d74569a..8bbd0dda69fd984e9c3a899261974f96b45662c4 100644 (file)
--- a/net-misc/tightvnc/ChangeLog
+++ b/net-misc/tightvnc/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for net-misc/tightvnc
 # Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/tightvnc/ChangeLog,v 1.89 2007/02/26 12:39:36 armin76 Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/tightvnc/ChangeLog,v 1.90 2007/04/11 20:54:38 armin76 Exp $
+
+*tightvnc-1.2.9-r4 (11 Apr 2007)
+
+  11 Apr 2007; Raúl Porcel <armin76@gentoo.org>
+  +files/tightvnc-1.2.9-server-CVE-2007-1003.patch,
+  +files/tightvnc-1.2.9-server-CVE-2007-1351-1352.patch,
+  +tightvnc-1.2.9-r4.ebuild:
+  New security patches from Mandriva, bug 174200
 
   26 Feb 2007; Raúl Porcel <armin76@gentoo.org> +files/vncviewer.png,
   tightvnc-1.2.9-r3.ebuild, tightvnc-1.3.8.ebuild:

diff --git a/net-misc/tightvnc/Manifest b/net-misc/tightvnc/Manifest
index 5160e70f6bf0304502fb1aa70ec84e79b6334c90..10e511585a04509909254ac6979291f00da0e3d5 100644 (file)
--- a/net-misc/tightvnc/Manifest
+++ b/net-misc/tightvnc/Manifest
@@ -22,6 +22,14 @@ AUX tightvnc-1.2.9-pathfixes.patch 826 RMD160 bd3f436c816d78892ffa8fe32acdbc8b89
 MD5 89eadc2f34995c86c1618b12f95cc246 files/tightvnc-1.2.9-pathfixes.patch 826
 RMD160 bd3f436c816d78892ffa8fe32acdbc8b89acb00b files/tightvnc-1.2.9-pathfixes.patch 826
 SHA256 717af3ec4fe50b81e37b2efec539d64e5b703d1d63dadd93d819206708b30266 files/tightvnc-1.2.9-pathfixes.patch 826
+AUX tightvnc-1.2.9-server-CVE-2007-1003.patch 1062 RMD160 c7a21dc431924e0d430e4fd1a76e57a0f8564bb6 SHA1 2ed68d40c91eac77eaf6cf617bfe5aaa4912923a SHA256 4c1eda952e06e954e296a4abf304746b32a7ec45f6bdffb9f0adc0b2d692d6d2
+MD5 f5e037eda8045951919bedc3bf618723 files/tightvnc-1.2.9-server-CVE-2007-1003.patch 1062
+RMD160 c7a21dc431924e0d430e4fd1a76e57a0f8564bb6 files/tightvnc-1.2.9-server-CVE-2007-1003.patch 1062
+SHA256 4c1eda952e06e954e296a4abf304746b32a7ec45f6bdffb9f0adc0b2d692d6d2 files/tightvnc-1.2.9-server-CVE-2007-1003.patch 1062
+AUX tightvnc-1.2.9-server-CVE-2007-1351-1352.patch 1556 RMD160 7e801c3afc71c81ce7225e37810871004f718a8a SHA1 005e56e2d992369a56792726c2c45c85831c98b0 SHA256 9bf98f6dfcf375edb7602ceb25df1d2fad902ae2f8aa24e516ef4b27b5246a84
+MD5 3fecce8a0d2526997335381c1cbbce54 files/tightvnc-1.2.9-server-CVE-2007-1351-1352.patch 1556
+RMD160 7e801c3afc71c81ce7225e37810871004f718a8a files/tightvnc-1.2.9-server-CVE-2007-1351-1352.patch 1556
+SHA256 9bf98f6dfcf375edb7602ceb25df1d2fad902ae2f8aa24e516ef4b27b5246a84 files/tightvnc-1.2.9-server-CVE-2007-1351-1352.patch 1556
 AUX tightvnc-1.3.8-amd64.patch 5278 RMD160 555b78e36df77b721699652cc085c037a6d47111 SHA1 125e4c6a7334935bb9e9cf46291b1f1abade98b1 SHA256 e29ad675941ef90a2ef13095e950a63fd67134c9b6ed1cf44a7aa83342c645a9
 MD5 dc6cc8160bc641c7f0907473e1400f6c files/tightvnc-1.3.8-amd64.patch 5278
 RMD160 555b78e36df77b721699652cc085c037a6d47111 files/tightvnc-1.3.8-amd64.patch 5278
@@ -60,14 +68,18 @@ EBUILD tightvnc-1.2.9-r3.ebuild 2872 RMD160 ebac825b740010b85b1faf3b61d4f131c0e9
 MD5 cd1f16c55e6f5b44ac0c35290f7b616c tightvnc-1.2.9-r3.ebuild 2872
 RMD160 ebac825b740010b85b1faf3b61d4f131c0e9c35e tightvnc-1.2.9-r3.ebuild 2872
 SHA256 744bf69b2c424b539ef1377da1469984ae5e21b1a0395725885bacaa9f1312ac tightvnc-1.2.9-r3.ebuild 2872
+EBUILD tightvnc-1.2.9-r4.ebuild 2990 RMD160 d1972d3a657d7d9d30ed4b25296f8535d202e55f SHA1 681685399ddc0d76d2b108fef009d6672907d0e1 SHA256 80c3e826d4464a0bb87d04e24203e7d651b5bd4682d27939800592b47f547026
+MD5 70c85456e410b1a8eb428181e60fe141 tightvnc-1.2.9-r4.ebuild 2990
+RMD160 d1972d3a657d7d9d30ed4b25296f8535d202e55f tightvnc-1.2.9-r4.ebuild 2990
+SHA256 80c3e826d4464a0bb87d04e24203e7d651b5bd4682d27939800592b47f547026 tightvnc-1.2.9-r4.ebuild 2990
 EBUILD tightvnc-1.3.8.ebuild 2810 RMD160 c45331235e43bd9f9424f283146985ec9209a644 SHA1 dc53fb825df98c66336d8a9b45d0d416a2004184 SHA256 5010decbe93a40bcf531ec486fe8cc244c981063a1fab7f2773d3cd044206d52
 MD5 e2f917cc9b2ce75c79c2b793b722d140 tightvnc-1.3.8.ebuild 2810
 RMD160 c45331235e43bd9f9424f283146985ec9209a644 tightvnc-1.3.8.ebuild 2810
 SHA256 5010decbe93a40bcf531ec486fe8cc244c981063a1fab7f2773d3cd044206d52 tightvnc-1.3.8.ebuild 2810
-MISC ChangeLog 13420 RMD160 93e7cb3268e93815d72c3f46cf2016bb8bd0a707 SHA1 ce3f8774b4aa80fa91c97d6fc63b5bd870f63cbd SHA256 7ce60e87b06789f7f2502b7536a991b2b082dc7ede938b1b8b1994607a2a0bff
-MD5 41bb136522b743287611e9636016af69 ChangeLog 13420
-RMD160 93e7cb3268e93815d72c3f46cf2016bb8bd0a707 ChangeLog 13420
-SHA256 7ce60e87b06789f7f2502b7536a991b2b082dc7ede938b1b8b1994607a2a0bff ChangeLog 13420
+MISC ChangeLog 13691 RMD160 3bdf0d79a0faf802bc3497cd2eaff409a3eebbd8 SHA1 8633a0b19edcbe0b2acc6feec7b1489fdc4f0312 SHA256 4feadec315210d35971ad8c24fa185ac8642264745cf7e6d02383a806ff959ee
+MD5 4dd9cab4daf47c193d75b7c3bb891ba0 ChangeLog 13691
+RMD160 3bdf0d79a0faf802bc3497cd2eaff409a3eebbd8 ChangeLog 13691
+SHA256 4feadec315210d35971ad8c24fa185ac8642264745cf7e6d02383a806ff959ee ChangeLog 13691
 MISC metadata.xml 223 RMD160 f88bcdebf752bcc3933b4159df5d8f9f7d487ca1 SHA1 4a17e70b26b3bba2ec6eddb403ff890bb8bcf13f SHA256 98c023870e5fbbcc4f050a192947b7b6bbd239041c9f921b3fbf64b03523019f
 MD5 038a74c1f0dc742c6df70730348c240a metadata.xml 223
 RMD160 f88bcdebf752bcc3933b4159df5d8f9f7d487ca1 metadata.xml 223
@@ -75,6 +87,9 @@ SHA256 98c023870e5fbbcc4f050a192947b7b6bbd239041c9f921b3fbf64b03523019f metadata
 MD5 31a483eed14190f8cd911b0d05521431 files/digest-tightvnc-1.2.9-r3 274
 RMD160 c998a7ff40fb44c186f7089d877a68b8e33a4a06 files/digest-tightvnc-1.2.9-r3 274
 SHA256 c7b13ad35c4b2e2bde6a2fcb01b6ad276384a265613a35ee739c2a3f0c2e3ea3 files/digest-tightvnc-1.2.9-r3 274
+MD5 31a483eed14190f8cd911b0d05521431 files/digest-tightvnc-1.2.9-r4 274
+RMD160 c998a7ff40fb44c186f7089d877a68b8e33a4a06 files/digest-tightvnc-1.2.9-r4 274
+SHA256 c7b13ad35c4b2e2bde6a2fcb01b6ad276384a265613a35ee739c2a3f0c2e3ea3 files/digest-tightvnc-1.2.9-r4 274
 MD5 bfe15238bfcba463b0abf4e830dbc177 files/digest-tightvnc-1.3.8 274
 RMD160 da00418fe1031595ec6a5943151b71ac60c5e8cf files/digest-tightvnc-1.3.8 274
 SHA256 b5684a8c3ea14d9490e9fe673bb74100da2bd98b86c58dc2332857f4f2885193 files/digest-tightvnc-1.3.8 274

diff --git a/net-misc/tightvnc/files/digest-tightvnc-1.2.9-r4 b/net-misc/tightvnc/files/digest-tightvnc-1.2.9-r4
new file mode 100644 (file)
index 0000000..d72709d
--- /dev/null
+++ b/net-misc/tightvnc/files/digest-tightvnc-1.2.9-r4
@@ -0,0 +1,3 @@
+MD5 f804b26c098625e3a2675a0aa7709e31 tightvnc-1.2.9_unixsrc.tar.bz2 1738256
+RMD160 57c4d24bbc008b7188ae4bb177fbb409bc1d26d3 tightvnc-1.2.9_unixsrc.tar.bz2 1738256
+SHA256 c1ba77f832d6c81349f05219802c48b3435cfb6db88f496c9bb08b52b8405548 tightvnc-1.2.9_unixsrc.tar.bz2 1738256

diff --git a/net-misc/tightvnc/files/tightvnc-1.2.9-server-CVE-2007-1003.patch b/net-misc/tightvnc/files/tightvnc-1.2.9-server-CVE-2007-1003.patch
new file mode 100644 (file)
index 0000000..0f97c11
--- /dev/null
+++ b/net-misc/tightvnc/files/tightvnc-1.2.9-server-CVE-2007-1003.patch
@@ -0,0 +1,36 @@
+--- vnc_unixsrc/Xvnc/programs/Xserver/Xext/xcmisc.c.cve-2007-1003      2000-06-11 06:00:51.000000000 -0600
++++ vnc_unixsrc/Xvnc/programs/Xserver/Xext/xcmisc.c    2007-03-22 07:07:34.000000000 -0600
+@@ -41,6 +41,12 @@ from the X Consortium.
+ #include "swaprep.h"
+ #include "xcmiscstr.h"
+ 
++#if HAVE_STDINT_H
++#include <stdint.h>
++#elif !defined(UINT32_MAX)
++#define UINT32_MAX 0xffffffffU
++#endif
++
+ static unsigned char XCMiscCode;
+ 
+ static void XCMiscResetProc(
+@@ -135,7 +141,10 @@ ProcXCMiscGetXIDList(client)
+ 
+     REQUEST_SIZE_MATCH(xXCMiscGetXIDListReq);
+ 
+-    pids = (XID *)ALLOCATE_LOCAL(stuff->count * sizeof(XID));
++    if (stuff->count > UINT32_MAX / sizeof(XID))
++          return BadAlloc;
++
++    pids = (XID *)Xalloc(stuff->count * sizeof(XID));
+     if (!pids)
+     {
+       return BadAlloc;
+@@ -156,7 +165,7 @@ ProcXCMiscGetXIDList(client)
+       client->pSwapReplyFunc = (ReplySwapPtr) Swap32Write;
+       WriteSwappedDataToClient(client, count * sizeof(XID), pids);
+     }
+-    DEALLOCATE_LOCAL(pids);
++    Xfree(pids);
+     return(client->noClientException);
+ }
+ 

diff --git a/net-misc/tightvnc/files/tightvnc-1.2.9-server-CVE-2007-1351-1352.patch b/net-misc/tightvnc/files/tightvnc-1.2.9-server-CVE-2007-1351-1352.patch
new file mode 100644 (file)
index 0000000..4c9a1ad
--- /dev/null
+++ b/net-misc/tightvnc/files/tightvnc-1.2.9-server-CVE-2007-1351-1352.patch
@@ -0,0 +1,49 @@
+--- vnc_unixsrc/Xvnc/lib/font/fontfile/fontdir.c.cve-2007-1351-1352    2000-06-11 06:00:53.000000000 -0600
++++ vnc_unixsrc/Xvnc/lib/font/fontfile/fontdir.c       2007-03-28 16:08:03.000000000 -0600
+@@ -35,11 +35,19 @@ in this Software without prior written a
+ #include    "fntfilst.h"
+ #include    <X11/keysym.h>
+ 
++#if HAVE_STDINT_H
++#include <stdint.h>
++#elif !defined(INT32_MAX)
++#define INT32_MAX 0x7fffffff
++#endif
++      
+ Bool
+ FontFileInitTable (table, size)
+     FontTablePtr    table;
+     int                   size;
+ {
++    if (size < 0 || (size > INT32_MAX/sizeof(FontEntryRec)))
++      return FALSE;
+     if (size)
+     {
+       table->entries = (FontEntryPtr) xalloc(sizeof(FontEntryRec) * size);
+--- vnc_unixsrc/Xvnc/lib/font/bitmap/bdfread.c.cve-2007-1351-1352      2000-06-11 06:00:52.000000000 -0600
++++ vnc_unixsrc/Xvnc/lib/font/bitmap/bdfread.c 2007-03-28 16:06:06.000000000 -0600
+@@ -59,6 +59,12 @@ from the X Consortium.
+ #include "bitmap.h"
+ #include "bdfint.h"
+ 
++#if HAVE_STDINT_H
++#include <stdint.h>
++#elif !defined(INT32_MAX)
++#define INT32_MAX 0x7fffffff
++#endif
++
+ #define INDICES 256
+ #define MAXENCODING 0xFFFF
+ #define BDFLINELEN  1024
+@@ -271,6 +277,11 @@ bdfReadCharacters(file, pFont, pState, b
+       bdfError("invalid number of CHARS in BDF file\n");
+       return (FALSE);
+     }
++    if (nchars > INT32_MAX / sizeof(CharInfoRec)) {
++      bdfError("Couldn't allocate pCI (%d*%d)\n", nchars,
++               sizeof(CharInfoRec));
++      goto BAILOUT;
++    }
+     ci = (CharInfoPtr) xalloc(nchars * sizeof(CharInfoRec));
+     if (!ci) {
+       bdfError("Couldn't allocate pCI (%d*%d)\n", nchars,

diff --git a/net-misc/tightvnc/tightvnc-1.2.9-r4.ebuild b/net-misc/tightvnc/tightvnc-1.2.9-r4.ebuild
new file mode 100644 (file)
index 0000000..395e782
--- /dev/null
+++ b/net-misc/tightvnc/tightvnc-1.2.9-r4.ebuild
@@ -0,0 +1,112 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/tightvnc/tightvnc-1.2.9-r4.ebuild,v 1.1 2007/04/11 20:54:38 armin76 Exp $
+
+inherit eutils toolchain-funcs
+
+IUSE="java tcpd server"
+
+S="${WORKDIR}/vnc_unixsrc"
+DESCRIPTION="A great client/server software package allowing remote network access to graphical desktops."
+SRC_URI="mirror://sourceforge/vnc-tight/${P}_unixsrc.tar.bz2"
+HOMEPAGE="http://www.tightvnc.com/"
+
+KEYWORDS="~alpha ~amd64 ~ppc ~sparc ~x86"
+LICENSE="GPL-2"
+SLOT="0"
+
+DEPEND="x11-libs/libX11
+       x11-libs/libXaw
+       x11-libs/libXmu
+       x11-libs/libXp
+       x11-libs/libXt
+       x11-proto/xextproto
+       x11-proto/xproto
+       server? (
+               x11-proto/inputproto
+               x11-proto/kbproto
+               x11-proto/printproto
+       )
+       >=x11-misc/imake-1
+       x11-misc/gccmakedep
+       ~media-libs/jpeg-6b
+       tcpd? ( >=sys-apps/tcp-wrappers-7.6-r2 )
+       !net-misc/vnc"
+
+RDEPEND="${DEPEND}
+       server? (
+               media-fonts/font-misc-misc
+               media-fonts/font-cursor-misc
+               x11-apps/rgb
+               x11-apps/xauth
+               x11-apps/xsetroot
+       )
+       java? ( || ( >=virtual/jdk-1.3.1 >=virtual/jre-1.3.1 ) )"
+
+src_unpack() {
+
+       if ! use server;
+       then
+               echo
+               einfo "The 'server' USE flag will build tightvnc's server."
+               einfo "If '-server' is chosen only the client is built to save space."
+               einfo "Stop the build now if you need to add 'server' to USE flags.\n"
+               ebeep
+               epause 5
+       fi
+
+       unpack ${A} && cd ${S}
+       epatch "${FILESDIR}/${P}-gentoo.security.patch"
+       epatch "${FILESDIR}/${P}-imake-tmpdir.patch"
+       [[ "$(gcc-version)" == "3.4" ]] || [[ "$(gcc-major-version)" == "4" ]] && epatch ${FILESDIR}/${P}-gcc34.patch
+       epatch "${FILESDIR}/x86.patch"
+       epatch "${FILESDIR}/${P}-amd64.patch"
+       epatch "${FILESDIR}/${PN}-ppcsparc-server.patch"
+       epatch "${FILESDIR}/${P}-pathfixes.patch" # fixes bug 78385 and 146099
+       epatch "${FILESDIR}"/${P}-server-CVE-2007-1003.patch
+       epatch "${FILESDIR}"/${P}-server-CVE-2007-1351-1352.patch
+}
+
+src_compile() {
+       xmkmf -a || die "xmkmf failed"
+
+       make CDEBUGFLAGS="${CFLAGS}" World || die
+
+       if use server; then
+               cd Xvnc && ./configure || die "Configure failed."
+               if use tcpd; then
+                       local myextra="-lwrap"
+                       use userland_Darwin || myextra="${myextra} -lnss_nis"
+                       make EXTRA_LIBRARIES="${myextra}" \
+                               CDEBUGFLAGS="${CFLAGS}"  \
+                               EXTRA_DEFINES="-DUSE_LIBWRAP=1" || die
+               else
+                       make CDEBUGFLAGS="${CFLAGS}" || die
+               fi
+       fi
+
+}
+
+src_install() {
+       # the web based interface and the java viewer need the java class files
+       if use java; then
+               insinto /usr/share/tightvnc/classes
+               doins classes/*
+       fi
+
+       dodir /usr/share/man/man1 /usr/bin
+       ./vncinstall ${D}/usr/bin ${D}/usr/share/man || die "vncinstall failed"
+
+       if ! use server; then
+               rm -f ${D}/usr/bin/vncserver
+               rm -f ${D}/usr/share/man/man1/{Xvnc,vncserver}*
+       fi
+
+       doicon ${FILESDIR}/vncviewer.png
+       make_desktop_entry vncviewer vncviewer vncviewer.png Network
+
+
+       dodoc ChangeLog README WhatsNew
+       use java && dodoc ${FILESDIR}/README.JavaViewer
+       newdoc vncviewer/README README.vncviewer
+}