import libvncserver-0.9.11-17.el8

SOURCES/libvncserver-0.9.11-CVE-2020-25708.patch

@@ -0,0 +1,24 @@
+From 673c07a75ed844d74676f3ccdcfdc706a7052dba Mon Sep 17 00:00:00 2001
+From: Christian Beier <dontmind@freeshell.org>
+Date: Sun, 17 May 2020 13:47:21 +0200
+Subject: [PATCH] libvncserver/rfbserver: fix possible divide-by-zero
+
+Closes #409
+---
+ libvncserver/rfbserver.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
+index 269a0137..9cc29c52 100644
+--- a/libvncserver/rfbserver.c
++++ b/libvncserver/rfbserver.c
+@@ -3369,6 +3369,9 @@ rfbSendRectEncodingRaw(rfbClientPtr cl,
+     char *fbptr = (cl->scaledScreen->frameBuffer + (cl->scaledScreen->paddedWidthInBytes * y)
+                    + (x * (cl->scaledScreen->bitsPerPixel / 8)));
+ 
++    if(!h || !w)
++	return TRUE; /* nothing to send */
++
+     /* Flush the buffer to guarantee correct alignment for translateFn(). */
+     if (cl->ublen > 0) {
+         if (!rfbSendUpdateBuf(cl))

SPECS/libvncserver.spec

@@ -1,7 +1,7 @@
 Summary:    Library to make writing a VNC server easy
 Name:       libvncserver
 Version:    0.9.11
-Release:    16%{?dist}
+Release:    17%{?dist}
 
 # NOTE: --with-filetransfer => GPLv2
 License:    GPLv2+
@@ -53,6 +53,8 @@ Patch111:     libvncserver-0.9.11-CVE-2018-21247.patch
 Patch112:     libvncserver-0.9.11-CVE-2020-14405.patch
 # https://github.com/LibVNC/libvncserver/pull/416
 Patch113:     libvncserver-0.9.11-CVE-2020-14397.patch
+# https://github.com/LibVNC/libvncserver/issues/409
+Patch114:     libvncserver-0.9.11-CVE-2020-25708.patch
 
 BuildRequires:  autoconf
 BuildRequires:  automake
@@ -160,6 +162,10 @@ make -C test test ||:
 
 
 %changelog
+* Tue Nov 24 2020 Michael Catanzaro <mcatanzaro@redhat.com> - 0.9.11-17
+- Fix CVE-2020-25708
+  Resolves: #1898078
+
 * Tue Nov 03 2020 Michael Catanzaro <mcatanzaro@redhat.com> - 0.9.11-16
 - Fix CVE-2019-20839
   Resolves: #1851032