From 20f2c447e22684d0ed22655e0b1f9b78a94df585 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Ra=C3=BAl=20Porcel?= Date: Wed, 11 Apr 2007 20:54:38 +0000 Subject: [PATCH] New security patches from Mandriva, bug 174200 Package-Manager: portage-2.1.2.3 --- net-misc/tightvnc/ChangeLog | 10 +- net-misc/tightvnc/Manifest | 23 +++- .../tightvnc/files/digest-tightvnc-1.2.9-r4 | 3 + .../tightvnc-1.2.9-server-CVE-2007-1003.patch | 36 ++++++ ...tvnc-1.2.9-server-CVE-2007-1351-1352.patch | 49 ++++++++ net-misc/tightvnc/tightvnc-1.2.9-r4.ebuild | 112 ++++++++++++++++++ 6 files changed, 228 insertions(+), 5 deletions(-) create mode 100644 net-misc/tightvnc/files/digest-tightvnc-1.2.9-r4 create mode 100644 net-misc/tightvnc/files/tightvnc-1.2.9-server-CVE-2007-1003.patch create mode 100644 net-misc/tightvnc/files/tightvnc-1.2.9-server-CVE-2007-1351-1352.patch create mode 100644 net-misc/tightvnc/tightvnc-1.2.9-r4.ebuild diff --git a/net-misc/tightvnc/ChangeLog b/net-misc/tightvnc/ChangeLog index 14286a50f30b..8bbd0dda69fd 100644 --- a/net-misc/tightvnc/ChangeLog +++ b/net-misc/tightvnc/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for net-misc/tightvnc # Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/tightvnc/ChangeLog,v 1.89 2007/02/26 12:39:36 armin76 Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/tightvnc/ChangeLog,v 1.90 2007/04/11 20:54:38 armin76 Exp $ + +*tightvnc-1.2.9-r4 (11 Apr 2007) + + 11 Apr 2007; Raúl Porcel + +files/tightvnc-1.2.9-server-CVE-2007-1003.patch, + +files/tightvnc-1.2.9-server-CVE-2007-1351-1352.patch, + +tightvnc-1.2.9-r4.ebuild: + New security patches from Mandriva, bug 174200 26 Feb 2007; Raúl Porcel +files/vncviewer.png, tightvnc-1.2.9-r3.ebuild, tightvnc-1.3.8.ebuild: diff --git a/net-misc/tightvnc/Manifest b/net-misc/tightvnc/Manifest index 5160e70f6bf0..10e511585a04 100644 --- a/net-misc/tightvnc/Manifest +++ b/net-misc/tightvnc/Manifest @@ -22,6 +22,14 @@ AUX tightvnc-1.2.9-pathfixes.patch 826 RMD160 bd3f436c816d78892ffa8fe32acdbc8b89 MD5 89eadc2f34995c86c1618b12f95cc246 files/tightvnc-1.2.9-pathfixes.patch 826 RMD160 bd3f436c816d78892ffa8fe32acdbc8b89acb00b files/tightvnc-1.2.9-pathfixes.patch 826 SHA256 717af3ec4fe50b81e37b2efec539d64e5b703d1d63dadd93d819206708b30266 files/tightvnc-1.2.9-pathfixes.patch 826 +AUX tightvnc-1.2.9-server-CVE-2007-1003.patch 1062 RMD160 c7a21dc431924e0d430e4fd1a76e57a0f8564bb6 SHA1 2ed68d40c91eac77eaf6cf617bfe5aaa4912923a SHA256 4c1eda952e06e954e296a4abf304746b32a7ec45f6bdffb9f0adc0b2d692d6d2 +MD5 f5e037eda8045951919bedc3bf618723 files/tightvnc-1.2.9-server-CVE-2007-1003.patch 1062 +RMD160 c7a21dc431924e0d430e4fd1a76e57a0f8564bb6 files/tightvnc-1.2.9-server-CVE-2007-1003.patch 1062 +SHA256 4c1eda952e06e954e296a4abf304746b32a7ec45f6bdffb9f0adc0b2d692d6d2 files/tightvnc-1.2.9-server-CVE-2007-1003.patch 1062 +AUX tightvnc-1.2.9-server-CVE-2007-1351-1352.patch 1556 RMD160 7e801c3afc71c81ce7225e37810871004f718a8a SHA1 005e56e2d992369a56792726c2c45c85831c98b0 SHA256 9bf98f6dfcf375edb7602ceb25df1d2fad902ae2f8aa24e516ef4b27b5246a84 +MD5 3fecce8a0d2526997335381c1cbbce54 files/tightvnc-1.2.9-server-CVE-2007-1351-1352.patch 1556 +RMD160 7e801c3afc71c81ce7225e37810871004f718a8a files/tightvnc-1.2.9-server-CVE-2007-1351-1352.patch 1556 +SHA256 9bf98f6dfcf375edb7602ceb25df1d2fad902ae2f8aa24e516ef4b27b5246a84 files/tightvnc-1.2.9-server-CVE-2007-1351-1352.patch 1556 AUX tightvnc-1.3.8-amd64.patch 5278 RMD160 555b78e36df77b721699652cc085c037a6d47111 SHA1 125e4c6a7334935bb9e9cf46291b1f1abade98b1 SHA256 e29ad675941ef90a2ef13095e950a63fd67134c9b6ed1cf44a7aa83342c645a9 MD5 dc6cc8160bc641c7f0907473e1400f6c files/tightvnc-1.3.8-amd64.patch 5278 RMD160 555b78e36df77b721699652cc085c037a6d47111 files/tightvnc-1.3.8-amd64.patch 5278 @@ -60,14 +68,18 @@ EBUILD tightvnc-1.2.9-r3.ebuild 2872 RMD160 ebac825b740010b85b1faf3b61d4f131c0e9 MD5 cd1f16c55e6f5b44ac0c35290f7b616c tightvnc-1.2.9-r3.ebuild 2872 RMD160 ebac825b740010b85b1faf3b61d4f131c0e9c35e tightvnc-1.2.9-r3.ebuild 2872 SHA256 744bf69b2c424b539ef1377da1469984ae5e21b1a0395725885bacaa9f1312ac tightvnc-1.2.9-r3.ebuild 2872 +EBUILD tightvnc-1.2.9-r4.ebuild 2990 RMD160 d1972d3a657d7d9d30ed4b25296f8535d202e55f SHA1 681685399ddc0d76d2b108fef009d6672907d0e1 SHA256 80c3e826d4464a0bb87d04e24203e7d651b5bd4682d27939800592b47f547026 +MD5 70c85456e410b1a8eb428181e60fe141 tightvnc-1.2.9-r4.ebuild 2990 +RMD160 d1972d3a657d7d9d30ed4b25296f8535d202e55f tightvnc-1.2.9-r4.ebuild 2990 +SHA256 80c3e826d4464a0bb87d04e24203e7d651b5bd4682d27939800592b47f547026 tightvnc-1.2.9-r4.ebuild 2990 EBUILD tightvnc-1.3.8.ebuild 2810 RMD160 c45331235e43bd9f9424f283146985ec9209a644 SHA1 dc53fb825df98c66336d8a9b45d0d416a2004184 SHA256 5010decbe93a40bcf531ec486fe8cc244c981063a1fab7f2773d3cd044206d52 MD5 e2f917cc9b2ce75c79c2b793b722d140 tightvnc-1.3.8.ebuild 2810 RMD160 c45331235e43bd9f9424f283146985ec9209a644 tightvnc-1.3.8.ebuild 2810 SHA256 5010decbe93a40bcf531ec486fe8cc244c981063a1fab7f2773d3cd044206d52 tightvnc-1.3.8.ebuild 2810 -MISC ChangeLog 13420 RMD160 93e7cb3268e93815d72c3f46cf2016bb8bd0a707 SHA1 ce3f8774b4aa80fa91c97d6fc63b5bd870f63cbd SHA256 7ce60e87b06789f7f2502b7536a991b2b082dc7ede938b1b8b1994607a2a0bff -MD5 41bb136522b743287611e9636016af69 ChangeLog 13420 -RMD160 93e7cb3268e93815d72c3f46cf2016bb8bd0a707 ChangeLog 13420 -SHA256 7ce60e87b06789f7f2502b7536a991b2b082dc7ede938b1b8b1994607a2a0bff ChangeLog 13420 +MISC ChangeLog 13691 RMD160 3bdf0d79a0faf802bc3497cd2eaff409a3eebbd8 SHA1 8633a0b19edcbe0b2acc6feec7b1489fdc4f0312 SHA256 4feadec315210d35971ad8c24fa185ac8642264745cf7e6d02383a806ff959ee +MD5 4dd9cab4daf47c193d75b7c3bb891ba0 ChangeLog 13691 +RMD160 3bdf0d79a0faf802bc3497cd2eaff409a3eebbd8 ChangeLog 13691 +SHA256 4feadec315210d35971ad8c24fa185ac8642264745cf7e6d02383a806ff959ee ChangeLog 13691 MISC metadata.xml 223 RMD160 f88bcdebf752bcc3933b4159df5d8f9f7d487ca1 SHA1 4a17e70b26b3bba2ec6eddb403ff890bb8bcf13f SHA256 98c023870e5fbbcc4f050a192947b7b6bbd239041c9f921b3fbf64b03523019f MD5 038a74c1f0dc742c6df70730348c240a metadata.xml 223 RMD160 f88bcdebf752bcc3933b4159df5d8f9f7d487ca1 metadata.xml 223 @@ -75,6 +87,9 @@ SHA256 98c023870e5fbbcc4f050a192947b7b6bbd239041c9f921b3fbf64b03523019f metadata MD5 31a483eed14190f8cd911b0d05521431 files/digest-tightvnc-1.2.9-r3 274 RMD160 c998a7ff40fb44c186f7089d877a68b8e33a4a06 files/digest-tightvnc-1.2.9-r3 274 SHA256 c7b13ad35c4b2e2bde6a2fcb01b6ad276384a265613a35ee739c2a3f0c2e3ea3 files/digest-tightvnc-1.2.9-r3 274 +MD5 31a483eed14190f8cd911b0d05521431 files/digest-tightvnc-1.2.9-r4 274 +RMD160 c998a7ff40fb44c186f7089d877a68b8e33a4a06 files/digest-tightvnc-1.2.9-r4 274 +SHA256 c7b13ad35c4b2e2bde6a2fcb01b6ad276384a265613a35ee739c2a3f0c2e3ea3 files/digest-tightvnc-1.2.9-r4 274 MD5 bfe15238bfcba463b0abf4e830dbc177 files/digest-tightvnc-1.3.8 274 RMD160 da00418fe1031595ec6a5943151b71ac60c5e8cf files/digest-tightvnc-1.3.8 274 SHA256 b5684a8c3ea14d9490e9fe673bb74100da2bd98b86c58dc2332857f4f2885193 files/digest-tightvnc-1.3.8 274 diff --git a/net-misc/tightvnc/files/digest-tightvnc-1.2.9-r4 b/net-misc/tightvnc/files/digest-tightvnc-1.2.9-r4 new file mode 100644 index 000000000000..d72709d4f9b6 --- /dev/null +++ b/net-misc/tightvnc/files/digest-tightvnc-1.2.9-r4 @@ -0,0 +1,3 @@ +MD5 f804b26c098625e3a2675a0aa7709e31 tightvnc-1.2.9_unixsrc.tar.bz2 1738256 +RMD160 57c4d24bbc008b7188ae4bb177fbb409bc1d26d3 tightvnc-1.2.9_unixsrc.tar.bz2 1738256 +SHA256 c1ba77f832d6c81349f05219802c48b3435cfb6db88f496c9bb08b52b8405548 tightvnc-1.2.9_unixsrc.tar.bz2 1738256 diff --git a/net-misc/tightvnc/files/tightvnc-1.2.9-server-CVE-2007-1003.patch b/net-misc/tightvnc/files/tightvnc-1.2.9-server-CVE-2007-1003.patch new file mode 100644 index 000000000000..0f97c11dc4dc --- /dev/null +++ b/net-misc/tightvnc/files/tightvnc-1.2.9-server-CVE-2007-1003.patch @@ -0,0 +1,36 @@ +--- vnc_unixsrc/Xvnc/programs/Xserver/Xext/xcmisc.c.cve-2007-1003 2000-06-11 06:00:51.000000000 -0600 ++++ vnc_unixsrc/Xvnc/programs/Xserver/Xext/xcmisc.c 2007-03-22 07:07:34.000000000 -0600 +@@ -41,6 +41,12 @@ from the X Consortium. + #include "swaprep.h" + #include "xcmiscstr.h" + ++#if HAVE_STDINT_H ++#include ++#elif !defined(UINT32_MAX) ++#define UINT32_MAX 0xffffffffU ++#endif ++ + static unsigned char XCMiscCode; + + static void XCMiscResetProc( +@@ -135,7 +141,10 @@ ProcXCMiscGetXIDList(client) + + REQUEST_SIZE_MATCH(xXCMiscGetXIDListReq); + +- pids = (XID *)ALLOCATE_LOCAL(stuff->count * sizeof(XID)); ++ if (stuff->count > UINT32_MAX / sizeof(XID)) ++ return BadAlloc; ++ ++ pids = (XID *)Xalloc(stuff->count * sizeof(XID)); + if (!pids) + { + return BadAlloc; +@@ -156,7 +165,7 @@ ProcXCMiscGetXIDList(client) + client->pSwapReplyFunc = (ReplySwapPtr) Swap32Write; + WriteSwappedDataToClient(client, count * sizeof(XID), pids); + } +- DEALLOCATE_LOCAL(pids); ++ Xfree(pids); + return(client->noClientException); + } + diff --git a/net-misc/tightvnc/files/tightvnc-1.2.9-server-CVE-2007-1351-1352.patch b/net-misc/tightvnc/files/tightvnc-1.2.9-server-CVE-2007-1351-1352.patch new file mode 100644 index 000000000000..4c9a1adcb2fd --- /dev/null +++ b/net-misc/tightvnc/files/tightvnc-1.2.9-server-CVE-2007-1351-1352.patch @@ -0,0 +1,49 @@ +--- vnc_unixsrc/Xvnc/lib/font/fontfile/fontdir.c.cve-2007-1351-1352 2000-06-11 06:00:53.000000000 -0600 ++++ vnc_unixsrc/Xvnc/lib/font/fontfile/fontdir.c 2007-03-28 16:08:03.000000000 -0600 +@@ -35,11 +35,19 @@ in this Software without prior written a + #include "fntfilst.h" + #include + ++#if HAVE_STDINT_H ++#include ++#elif !defined(INT32_MAX) ++#define INT32_MAX 0x7fffffff ++#endif ++ + Bool + FontFileInitTable (table, size) + FontTablePtr table; + int size; + { ++ if (size < 0 || (size > INT32_MAX/sizeof(FontEntryRec))) ++ return FALSE; + if (size) + { + table->entries = (FontEntryPtr) xalloc(sizeof(FontEntryRec) * size); +--- vnc_unixsrc/Xvnc/lib/font/bitmap/bdfread.c.cve-2007-1351-1352 2000-06-11 06:00:52.000000000 -0600 ++++ vnc_unixsrc/Xvnc/lib/font/bitmap/bdfread.c 2007-03-28 16:06:06.000000000 -0600 +@@ -59,6 +59,12 @@ from the X Consortium. + #include "bitmap.h" + #include "bdfint.h" + ++#if HAVE_STDINT_H ++#include ++#elif !defined(INT32_MAX) ++#define INT32_MAX 0x7fffffff ++#endif ++ + #define INDICES 256 + #define MAXENCODING 0xFFFF + #define BDFLINELEN 1024 +@@ -271,6 +277,11 @@ bdfReadCharacters(file, pFont, pState, b + bdfError("invalid number of CHARS in BDF file\n"); + return (FALSE); + } ++ if (nchars > INT32_MAX / sizeof(CharInfoRec)) { ++ bdfError("Couldn't allocate pCI (%d*%d)\n", nchars, ++ sizeof(CharInfoRec)); ++ goto BAILOUT; ++ } + ci = (CharInfoPtr) xalloc(nchars * sizeof(CharInfoRec)); + if (!ci) { + bdfError("Couldn't allocate pCI (%d*%d)\n", nchars, diff --git a/net-misc/tightvnc/tightvnc-1.2.9-r4.ebuild b/net-misc/tightvnc/tightvnc-1.2.9-r4.ebuild new file mode 100644 index 000000000000..395e7828b3f3 --- /dev/null +++ b/net-misc/tightvnc/tightvnc-1.2.9-r4.ebuild @@ -0,0 +1,112 @@ +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/tightvnc/tightvnc-1.2.9-r4.ebuild,v 1.1 2007/04/11 20:54:38 armin76 Exp $ + +inherit eutils toolchain-funcs + +IUSE="java tcpd server" + +S="${WORKDIR}/vnc_unixsrc" +DESCRIPTION="A great client/server software package allowing remote network access to graphical desktops." +SRC_URI="mirror://sourceforge/vnc-tight/${P}_unixsrc.tar.bz2" +HOMEPAGE="http://www.tightvnc.com/" + +KEYWORDS="~alpha ~amd64 ~ppc ~sparc ~x86" +LICENSE="GPL-2" +SLOT="0" + +DEPEND="x11-libs/libX11 + x11-libs/libXaw + x11-libs/libXmu + x11-libs/libXp + x11-libs/libXt + x11-proto/xextproto + x11-proto/xproto + server? ( + x11-proto/inputproto + x11-proto/kbproto + x11-proto/printproto + ) + >=x11-misc/imake-1 + x11-misc/gccmakedep + ~media-libs/jpeg-6b + tcpd? ( >=sys-apps/tcp-wrappers-7.6-r2 ) + !net-misc/vnc" + +RDEPEND="${DEPEND} + server? ( + media-fonts/font-misc-misc + media-fonts/font-cursor-misc + x11-apps/rgb + x11-apps/xauth + x11-apps/xsetroot + ) + java? ( || ( >=virtual/jdk-1.3.1 >=virtual/jre-1.3.1 ) )" + +src_unpack() { + + if ! use server; + then + echo + einfo "The 'server' USE flag will build tightvnc's server." + einfo "If '-server' is chosen only the client is built to save space." + einfo "Stop the build now if you need to add 'server' to USE flags.\n" + ebeep + epause 5 + fi + + unpack ${A} && cd ${S} + epatch "${FILESDIR}/${P}-gentoo.security.patch" + epatch "${FILESDIR}/${P}-imake-tmpdir.patch" + [[ "$(gcc-version)" == "3.4" ]] || [[ "$(gcc-major-version)" == "4" ]] && epatch ${FILESDIR}/${P}-gcc34.patch + epatch "${FILESDIR}/x86.patch" + epatch "${FILESDIR}/${P}-amd64.patch" + epatch "${FILESDIR}/${PN}-ppcsparc-server.patch" + epatch "${FILESDIR}/${P}-pathfixes.patch" # fixes bug 78385 and 146099 + epatch "${FILESDIR}"/${P}-server-CVE-2007-1003.patch + epatch "${FILESDIR}"/${P}-server-CVE-2007-1351-1352.patch +} + +src_compile() { + xmkmf -a || die "xmkmf failed" + + make CDEBUGFLAGS="${CFLAGS}" World || die + + if use server; then + cd Xvnc && ./configure || die "Configure failed." + if use tcpd; then + local myextra="-lwrap" + use userland_Darwin || myextra="${myextra} -lnss_nis" + make EXTRA_LIBRARIES="${myextra}" \ + CDEBUGFLAGS="${CFLAGS}" \ + EXTRA_DEFINES="-DUSE_LIBWRAP=1" || die + else + make CDEBUGFLAGS="${CFLAGS}" || die + fi + fi + +} + +src_install() { + # the web based interface and the java viewer need the java class files + if use java; then + insinto /usr/share/tightvnc/classes + doins classes/* + fi + + dodir /usr/share/man/man1 /usr/bin + ./vncinstall ${D}/usr/bin ${D}/usr/share/man || die "vncinstall failed" + + if ! use server; then + rm -f ${D}/usr/bin/vncserver + rm -f ${D}/usr/share/man/man1/{Xvnc,vncserver}* + fi + + doicon ${FILESDIR}/vncviewer.png + make_desktop_entry vncviewer vncviewer vncviewer.png Network + + + dodoc ChangeLog README WhatsNew + use java && dodoc ${FILESDIR}/README.JavaViewer + newdoc vncviewer/README README.vncviewer +} -- 2.26.2