rpms/tigervnc
5
0
Fork 0
Code Issues Pull Requests Releases Activity

1.3.1 (bug #1078806).

Browse Source 
Resolves: rhbz#1078806
This commit is contained in:
Tim Waugh 2014-03-27 13:27:29 +00:00
parent 66cb57e756
commit 408d52b04e
2 changed files with 6 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
tigervnc-CVE-2014-0011.patch
View File

@ -1,49 +0,0 @@
diff -up tigervnc-1.3.0/common/CMakeLists.txt.CVE-2014-0011 tigervnc-1.3.0/common/CMakeLists.txt
--- tigervnc-1.3.0/common/CMakeLists.txt.CVE-2014-0011 2013-07-01 13:42:01.000000000 +0100
+++ tigervnc-1.3.0/common/CMakeLists.txt 2014-02-04 16:59:10.840037314 +0000
@@ -23,3 +23,6 @@ if(CMAKE_COMPILER_IS_GNUCXX AND (CMAKE_S
set_target_properties(zlib PROPERTIES COMPILE_FLAGS -fPIC)
endif()
endif()
+
+# Turn asserts on.
+set_target_properties(rdr rfb PROPERTIES COMPILE_FLAGS -UNDEBUG)
diff -up tigervnc-1.3.0/common/rfb/zrleDecode.h.CVE-2014-0011 tigervnc-1.3.0/common/rfb/zrleDecode.h
--- tigervnc-1.3.0/common/rfb/zrleDecode.h.CVE-2014-0011 2013-07-01 13:41:59.000000000 +0100
+++ tigervnc-1.3.0/common/rfb/zrleDecode.h 2014-02-04 16:17:00.881565540 +0000
@@ -25,9 +25,10 @@
// FILL_RECT - fill a rectangle with a single colour
// IMAGE_RECT - draw a rectangle of pixel data from a buffer
+#include <stdio.h>
#include <rdr/InStream.h>
#include <rdr/ZlibInStream.h>
-#include <assert.h>
+#include <rfb/Exception.h>
namespace rfb {
@@ -143,7 +144,10 @@ void ZRLE_DECODE (const Rect& r, rdr::In
len += b;
} while (b == 255);
- assert(len <= end - ptr);
+ if (end - ptr < len) {
+ fprintf (stderr, "ZRLE decode error\n");
+ throw Exception ("ZRLE decode error");
+ }
#ifdef FAVOUR_FILL_RECT
int i = ptr - buf;
@@ -193,7 +197,10 @@ void ZRLE_DECODE (const Rect& r, rdr::In
len += b;
} while (b == 255);
- assert(len <= end - ptr);
+ if (end - ptr < len) {
+ fprintf (stderr, "ZRLE decode error\n");
+ throw Exception ("ZRLE decode error");
+ }
}
index &= 127;

13
tigervnc.spec
View File

@ -1,6 +1,6 @@
Name: tigervnc
Version: 1.3.0
Release: 15%{?dist}
Version: 1.3.1
Release: 1%{?dist}
Summary: A TigerVNC remote display system
%global _hardened_build 1
@ -9,7 +9,7 @@ Group: User Interface/Desktops
License: GPLv2+
URL: http://www.tigervnc.com
Source0: %{name}-%{version}.tar.bz2
Source0: %{name}-%{version}.tar.gz
Source1: vncserver.service
Source2: vncserver.sysconfig
Source3: 10-libvnc.conf
@ -53,7 +53,6 @@ Patch11: tigervnc-format-security.patch
Patch12: tigervnc-zrle-crash.patch
Patch13: tigervnc-cursor.patch
Patch14: tigervnc-xstartup.patch
Patch15: tigervnc-CVE-2014-0011.patch
%description
Virtual Network Computing (VNC) is a remote display system which
@ -190,9 +189,6 @@ popd
# Clearer xstartup file (bug #923655).
%patch14 -p1 -b .xstartup
# Fixed heap-based buffer overflow (CVE-2014-0011, bug #1050928).
%patch15 -p1 -b .CVE-2014-0011
%build
%ifarch sparcv9 sparc64 s390 s390x
export CFLAGS="$RPM_OPT_FLAGS -fPIC"
@ -365,6 +361,9 @@ fi
%{_datadir}/icons/hicolor/*/apps/*
%changelog
* Thu Mar 27 2014 Tim Waugh <twaugh@redhat.com> 1.3.1-1
- 1.3.1 (bug #1078806).
* Wed Mar 19 2014 Tim Waugh <twaugh@redhat.com> 1.3.0-15
- Disable dri3 to enable building (bug #1063392).
- Fixed heap-based buffer overflow (CVE-2014-0011, bug #1050928).