From c52f97ee5fdd36446fc338a36d940ae5cde93546 Mon Sep 17 00:00:00 2001 From: Jan Grulich Date: Tue, 7 Feb 2023 08:42:41 +0100 Subject: [PATCH] 1.13.0 CVE-2023-0494 --- ...fix-typo-in-mirror-monitor-detection.patch | 34 -------- tigervnc-root-user-selinux-context.patch | 25 ------ ...ontext-in-case-of-different-policies.patch | 81 ------------------- tigervnc.spec | 19 +++-- 4 files changed, 9 insertions(+), 150 deletions(-) delete mode 100644 tigervnc-fix-typo-in-mirror-monitor-detection.patch delete mode 100644 tigervnc-root-user-selinux-context.patch delete mode 100644 tigervnc-selinux-restore-context-in-case-of-different-policies.patch diff --git a/tigervnc-fix-typo-in-mirror-monitor-detection.patch b/tigervnc-fix-typo-in-mirror-monitor-detection.patch deleted file mode 100644 index 9076432..0000000 --- a/tigervnc-fix-typo-in-mirror-monitor-detection.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 2daf4126882f82b6e392dfbae87205dbdc559c3d Mon Sep 17 00:00:00 2001 -From: Pierre Ossman -Date: Thu, 23 Dec 2021 15:58:00 +0100 -Subject: [PATCH] Fix typo in mirror monitor detection - -Bug introduced in fb561eb but still somehow passed manual testing. -Resulted in some stray reads off the end of the stack, which were -hopefully harmless. ---- - vncviewer/MonitorIndicesParameter.cxx | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/vncviewer/MonitorIndicesParameter.cxx b/vncviewer/MonitorIndicesParameter.cxx -index 5130831cb..4ac74dd1a 100644 ---- a/vncviewer/MonitorIndicesParameter.cxx -+++ b/vncviewer/MonitorIndicesParameter.cxx -@@ -211,13 +211,13 @@ std::vector MonitorIndicesParameter::fetchMoni - // Only keep a single entry for mirrored screens - match = false; - for (int j = 0; j < ((int) monitors.size()); j++) { -- if (monitors[i].x != monitor.x) -+ if (monitors[j].x != monitor.x) - continue; -- if (monitors[i].y != monitor.y) -+ if (monitors[j].y != monitor.y) - continue; -- if (monitors[i].w != monitor.w) -+ if (monitors[j].w != monitor.w) - continue; -- if (monitors[i].h != monitor.h) -+ if (monitors[j].h != monitor.h) - continue; - - match = true; diff --git a/tigervnc-root-user-selinux-context.patch b/tigervnc-root-user-selinux-context.patch deleted file mode 100644 index 67f035f..0000000 --- a/tigervnc-root-user-selinux-context.patch +++ /dev/null @@ -1,25 +0,0 @@ -From faf81b4b238e24fe29eb53f885a25367e212dd7b Mon Sep 17 00:00:00 2001 -From: Zdenek Pytela -Date: Mon, 7 Feb 2022 10:45:41 +0100 -Subject: [PATCH] SELinux: use /root/.vnc in file context specification - -Instead of HOME_ROOT/.vnc, /root/.vnc should be used -for user root's home to specify default file context -as HOME_ROOT actually means base for home dirs (usually /home). ---- - unix/vncserver/selinux/vncsession.fc | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/unix/vncserver/selinux/vncsession.fc b/unix/vncserver/selinux/vncsession.fc -index 6aaf4b1f4..bc81f8f25 100644 ---- a/unix/vncserver/selinux/vncsession.fc -+++ b/unix/vncserver/selinux/vncsession.fc -@@ -18,7 +18,7 @@ - # - - HOME_DIR/\.vnc(/.*)? gen_context(system_u:object_r:vnc_home_t,s0) --HOME_ROOT/\.vnc(/.*)? gen_context(system_u:object_r:vnc_home_t,s0) -+/root/\.vnc(/.*)? gen_context(system_u:object_r:vnc_home_t,s0) - - /usr/sbin/vncsession -- gen_context(system_u:object_r:vnc_session_exec_t,s0) - /usr/libexec/vncsession-start -- gen_context(system_u:object_r:vnc_session_exec_t,s0) diff --git a/tigervnc-selinux-restore-context-in-case-of-different-policies.patch b/tigervnc-selinux-restore-context-in-case-of-different-policies.patch deleted file mode 100644 index 48b3a2e..0000000 --- a/tigervnc-selinux-restore-context-in-case-of-different-policies.patch +++ /dev/null @@ -1,81 +0,0 @@ -From d2d52704624ce841f4a392fccd82079d87ff13b6 Mon Sep 17 00:00:00 2001 -From: Jan Grulich -Date: Thu, 11 Nov 2021 13:52:41 +0100 -Subject: [PATCH] SELinux: restore SELinux context in case of different - policies - ---- - CMakeLists.txt | 13 +++++++++++++ - unix/vncserver/CMakeLists.txt | 2 +- - unix/vncserver/vncsession.c | 16 ++++++++++++++++ - 3 files changed, 30 insertions(+), 1 deletion(-) - -diff --git a/CMakeLists.txt b/CMakeLists.txt -index 50247c7da..1708eb3d8 100644 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -268,6 +268,19 @@ if(UNIX AND NOT APPLE) - endif() - endif() - -+# Check for SELinux library -+if(UNIX AND NOT APPLE) -+ check_include_files(selinux/selinux.h HAVE_SELINUX_H) -+ if(HAVE_SELINUX_H) -+ set(CMAKE_REQUIRED_LIBRARIES -lselinux) -+ set(CMAKE_REQUIRED_LIBRARIES) -+ set(SELINUX_LIBS selinux) -+ add_definitions("-DHAVE_SELINUX") -+ else() -+ message(WARNING "Could not find SELinux development files") -+ endif() -+endif() -+ - # Generate config.h and make sure the source finds it - configure_file(config.h.in config.h) - add_definitions(-DHAVE_CONFIG_H) -diff --git a/unix/vncserver/CMakeLists.txt b/unix/vncserver/CMakeLists.txt -index f65ccc7db..ae69dc098 100644 ---- a/unix/vncserver/CMakeLists.txt -+++ b/unix/vncserver/CMakeLists.txt -@@ -1,5 +1,5 @@ - add_executable(vncsession vncsession.c) --target_link_libraries(vncsession ${PAM_LIBS}) -+target_link_libraries(vncsession ${PAM_LIBS} ${SELINUX_LIBS}) - - configure_file(vncserver@.service.in vncserver@.service @ONLY) - configure_file(vncsession-start.in vncsession-start @ONLY) -diff --git a/unix/vncserver/vncsession.c b/unix/vncserver/vncsession.c -index 3573e5e9b..f6d2fd59e 100644 ---- a/unix/vncserver/vncsession.c -+++ b/unix/vncserver/vncsession.c -@@ -37,6 +37,11 @@ - #include - #include - -+#ifdef HAVE_SELINUX -+#include -+#include -+#endif -+ - extern char **environ; - - // PAM service name -@@ -360,6 +365,17 @@ redir_stdio(const char *homedir, const char *display) - syslog(LOG_CRIT, "Failure creating \"%s\": %s", logfile, strerror(errno)); - _exit(EX_OSERR); - } -+ -+#ifdef HAVE_SELINUX -+ int result; -+ if (selinux_file_context_verify(logfile, 0) == 0) { -+ result = selinux_restorecon(logfile, SELINUX_RESTORECON_RECURSE); -+ -+ if (result < 0) { -+ syslog(LOG_WARNING, "Failure restoring SELinux context for \"%s\": %s", logfile, strerror(errno)); -+ } -+ } -+#endif - } - - hostlen = sysconf(_SC_HOST_NAME_MAX); diff --git a/tigervnc.spec b/tigervnc.spec index 88a3684..44e39f2 100644 --- a/tigervnc.spec +++ b/tigervnc.spec @@ -3,8 +3,8 @@ %global modulename vncsession Name: tigervnc -Version: 1.12.0 -Release: 9%{?dist} +Version: 1.13.0 +Release: 1%{?dist} Summary: A TigerVNC remote display system %global _hardened_build 1 @@ -24,10 +24,7 @@ Source5: vncserver # Downstream patches # Upstream patches -Patch50: tigervnc-selinux-restore-context-in-case-of-different-policies.patch -Patch51: tigervnc-fix-typo-in-mirror-monitor-detection.patch -Patch52: tigervnc-root-user-selinux-context.patch -Patch53: tigervnc-vncsession-restore-script-systemd-service.patch +Patch50: tigervnc-vncsession-restore-script-systemd-service.patch # This is tigervnc-%%{version}/unix/xserver116.patch rebased on the latest xorg Patch100: tigervnc-xserver120.patch @@ -148,10 +145,7 @@ runs properly under an environment with SELinux enabled. %prep %setup -q -%patch50 -p1 -b .selinux-restore-context-in-case-of-different-policies -%patch51 -p1 -b .fix-typo-in-mirror-monitor-detection -%patch52 -p1 -b .root-user-selinux-context -%patch53 -p1 -b .vncsession-restore-script-systemd-service +%patch50 -p1 -b .vncsession-restore-script-systemd-service cp -r /usr/share/xorg-x11-server-source/* unix/xserver pushd unix/xserver @@ -291,6 +285,7 @@ fi %{_bindir}/vncviewer %{_datadir}/applications/* %{_mandir}/man1/vncviewer.1* +%{_datadir}/metainfo/org.tigervnc.vncviewer.metainfo.xml %files server %config(noreplace) %{_sysconfdir}/pam.d/tigervnc @@ -334,6 +329,10 @@ fi %ghost %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename} %changelog +* Tue Feb 07 2023 Jan Grulich - 1.13.0-1 +- 1.13.0 +- CVE-2023-0494 + * Tue Jan 31 2023 Jan Grulich - 1.12.0-9 - migrated to SPDX license