From 94c7ef932a5857020c2a5349ff1970b1809a080e Mon Sep 17 00:00:00 2001 From: Hartmut Goebel Date: Wed, 22 Jan 2020 11:40:01 +0100 Subject: gnu: Rename module gnutls to tls. * gnu/packages/tigervnc.scm: Rename to... * gnu/packages/vnc.scm: ... this. Change module name accordingly. Sort used modules. * gnu-system.am (GNU_SYSTEM_MODULES): Rename tigervnc module to vnc. --- gnu/local.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 626d91ce62..b10ad21520 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -493,7 +493,6 @@ GNU_SYSTEM_MODULES = \ %D%/packages/tex.scm \ %D%/packages/textutils.scm \ %D%/packages/text-editors.scm \ - %D%/packages/tigervnc.scm \ %D%/packages/time.scm \ %D%/packages/tls.scm \ %D%/packages/tmux.scm \ @@ -509,6 +508,7 @@ GNU_SYSTEM_MODULES = \ %D%/packages/video.scm \ %D%/packages/vim.scm \ %D%/packages/virtualization.scm \ + %D%/packages/vnc.scm \ %D%/packages/vpn.scm \ %D%/packages/vulkan.scm \ %D%/packages/w3m.scm \ -- cgit v1.2.3 From a789f654a0f370720b2c6b7856b9971dcc1d5eb1 Mon Sep 17 00:00:00 2001 From: Hartmut Goebel Date: Mon, 20 Jan 2020 23:43:18 +0100 Subject: gnu: Add libvnc. * gnu/packages/vnc.scm (libvnc): New variable. gnu/packages/patches/libvnc-CVE-2018-20750.patch, gnu/packages/patches/libvnc-CVE-2019-15681.patch: New files. * gnu/local.mk: Add them. --- gnu/local.mk | 2 ++ gnu/packages/patches/libvnc-CVE-2018-20750.patch | 44 ++++++++++++++++++++++++ gnu/packages/patches/libvnc-CVE-2019-15681.patch | 23 +++++++++++++ gnu/packages/vnc.scm | 39 +++++++++++++++++++++ 4 files changed, 108 insertions(+) create mode 100644 gnu/packages/patches/libvnc-CVE-2018-20750.patch create mode 100644 gnu/packages/patches/libvnc-CVE-2019-15681.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index b10ad21520..51272b2dc8 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1124,6 +1124,8 @@ dist_patch_DATA = \ %D%/packages/patches/libutils-add-includes.patch \ %D%/packages/patches/libutils-remove-damaging-includes.patch \ %D%/packages/patches/libvdpau-va-gl-unbundle.patch \ + %D%/packages/patches/libvnc-CVE-2018-20750.patch \ + %D%/packages/patches/libvnc-CVE-2019-15681.patch \ %D%/packages/patches/libvpx-CVE-2016-2818.patch \ %D%/packages/patches/libvpx-use-after-free-in-postproc.patch \ %D%/packages/patches/libxslt-generated-ids.patch \ diff --git a/gnu/packages/patches/libvnc-CVE-2018-20750.patch b/gnu/packages/patches/libvnc-CVE-2018-20750.patch new file mode 100644 index 0000000000..146243670a --- /dev/null +++ b/gnu/packages/patches/libvnc-CVE-2018-20750.patch @@ -0,0 +1,44 @@ +From 09e8fc02f59f16e2583b34fe1a270c238bd9ffec Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= +Date: Mon, 7 Jan 2019 10:40:01 +0100 +Subject: [PATCH] Limit lenght to INT_MAX bytes in + rfbProcessFileTransferReadBuffer() + +This ammends 15bb719c03cc70f14c36a843dcb16ed69b405707 fix for a heap +out-of-bound write access in rfbProcessFileTransferReadBuffer() when +reading a transfered file content in a server. The former fix did not +work on platforms with a 32-bit int type (expected by rfbReadExact()). + +CVE-2018-15127 + + +--- + libvncserver/rfbserver.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c +index 7af84906..f2edbeea 100644 +--- a/libvncserver/rfbserver.c ++++ b/libvncserver/rfbserver.c +@@ -88,6 +88,8 @@ + #include + /* strftime() */ + #include ++/* INT_MAX */ ++#include + + #ifdef LIBVNCSERVER_WITH_WEBSOCKETS + #include "rfbssl.h" +@@ -1472,8 +1474,11 @@ char *rfbProcessFileTransferReadBuffer(rfbClientPtr cl, uint32_t length) + 0XFFFFFFFF, i.e. SIZE_MAX for 32-bit systems. On 64-bit systems, a length of 0XFFFFFFFF + will safely be allocated since this check will never trigger and malloc() can digest length+1 + without problems as length is a uint32_t. ++ We also later pass length to rfbReadExact() that expects a signed int type and ++ that might wrap on platforms with a 32-bit int type if length is bigger ++ than 0X7FFFFFFF. + */ +- if(length == SIZE_MAX) { ++ if(length == SIZE_MAX || length > INT_MAX) { + rfbErr("rfbProcessFileTransferReadBuffer: too big file transfer length requested: %u", (unsigned int)length); + rfbCloseClient(cl); + return NULL; diff --git a/gnu/packages/patches/libvnc-CVE-2019-15681.patch b/gnu/packages/patches/libvnc-CVE-2019-15681.patch new file mode 100644 index 0000000000..e328d87920 --- /dev/null +++ b/gnu/packages/patches/libvnc-CVE-2019-15681.patch @@ -0,0 +1,23 @@ +From d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a Mon Sep 17 00:00:00 2001 +From: Christian Beier +Date: Mon, 19 Aug 2019 22:32:25 +0200 +Subject: [PATCH] rfbserver: don't leak stack memory to the remote + +Thanks go to Pavel Cheremushkin of Kaspersky for reporting. +--- + libvncserver/rfbserver.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c +index 3bacc891..310e5487 100644 +--- a/libvncserver/rfbserver.c ++++ b/libvncserver/rfbserver.c +@@ -3724,6 +3724,8 @@ rfbSendServerCutText(rfbScreenInfoPtr rfbScreen,char *str, int len) + rfbServerCutTextMsg sct; + rfbClientIteratorPtr iterator; + ++ memset((char *)&sct, 0, sizeof(sct)); ++ + iterator = rfbGetClientIterator(rfbScreen); + while ((cl = rfbClientIteratorNext(iterator)) != NULL) { + sct.type = rfbServerCutText; diff --git a/gnu/packages/vnc.scm b/gnu/packages/vnc.scm index e715e10d5a..e1cba08952 100644 --- a/gnu/packages/vnc.scm +++ b/gnu/packages/vnc.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2019 Todor Kondić ;;; Copyright © 2020 Oleg Pykhalov +;;; Copyright © 2020 Hartmut Goebel ;;; ;;; This file is part of GNU Guix. ;;; @@ -24,6 +25,7 @@ (define-module (gnu packages vnc) #:use-module ((guix licenses) #:prefix license:) #:use-module (guix packages) #:use-module (guix utils) + #:use-module (gnu packages) #:use-module (gnu packages autotools) #:use-module (gnu packages base) #:use-module (gnu packages cmake) @@ -31,9 +33,12 @@ (define-module (gnu packages vnc) #:use-module (gnu packages compression) #:use-module (gnu packages fltk) #:use-module (gnu packages gettext) + #:use-module (gnu packages gnupg) #:use-module (gnu packages image) #:use-module (gnu packages linux) #:use-module (gnu packages perl) + #:use-module (gnu packages pkg-config) + #:use-module (gnu packages sdl) #:use-module (gnu packages tls) #:use-module (gnu packages xorg)) @@ -232,3 +237,37 @@ (define-public tigervnc-server and TLS encryption. This package installs the VNC server, a program that will enable users with VNC clients to log into a graphical session on the machine where the server is installed."))) + +(define-public libvnc + (package + (name "libvnc") + (version "0.9.12") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/LibVNC/libvncserver.git") + (commit (string-append "LibVNCServer-" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 "1226hb179l914919f5nm2mlf8rhaarqbf48aa649p4rwmghyx9vm")) + (patches (search-patches "libvnc-CVE-2018-20750.patch" + "libvnc-CVE-2019-15681.patch")))) + (build-system cmake-build-system) + (native-inputs + `(("pkg-config" ,pkg-config))) + (inputs + `(("gnutls" ,gnutls) + ("libgcrypt" ,libgcrypt) + ("libjpeg" ,libjpeg) + ("libpng" ,libpng) + ("lzo" ,lzo) + ("sdl2" ,sdl2))) + (home-page "https://libvnc.github.io/") + (synopsis "Cross-platform C libraries for implementing VNC server or +client") + (description "This package provides @code{LibVNCServer} and +@code{LibVNCClient}. These are cross-platform C libraries that allow you to +easily implement VNC server or client functionality in your program.") + (license ;; GPL for programs, FDL for documentation + (list license:gpl2+ license:fdl1.2+)))) -- cgit v1.2.3 From 737a3c12cd25f76e9fb4872e0a7a1ecb61aff131 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Wed, 22 Jan 2020 23:17:48 +0100 Subject: gnu: libmemcached: Fix build. * gnu/packages/databases.scm (libmemcached)[source]: Add patch. * gnu/packages/patches/libmemcached-build-with-gcc7.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/databases.scm | 4 +++- .../patches/libmemcached-build-with-gcc7.patch | 28 ++++++++++++++++++++++ 3 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/libmemcached-build-with-gcc7.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 51272b2dc8..46d040c507 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1165,6 +1165,7 @@ dist_patch_DATA = \ %D%/packages/patches/mcrypt-CVE-2012-4409.patch \ %D%/packages/patches/mcrypt-CVE-2012-4426.patch \ %D%/packages/patches/mcrypt-CVE-2012-4527.patch \ + %D%/packages/patches/libmemcached-build-with-gcc7.patch \ %D%/packages/patches/mes-remove-store-name.patch \ %D%/packages/patches/mesa-skip-disk-cache-test.patch \ %D%/packages/patches/mescc-tools-boot.patch \ diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm index ea74852ffe..ed1d1fe95b 100644 --- a/gnu/packages/databases.scm +++ b/gnu/packages/databases.scm @@ -370,7 +370,9 @@ (define-public libmemcached (file-name (string-append name "-" version "-checkout")) (sha256 (base32 - "1842s4dxdh21gdr46q4dgxigidcs6dkqnbnqjwb9l8r0bqx5nb10")))) + "1842s4dxdh21gdr46q4dgxigidcs6dkqnbnqjwb9l8r0bqx5nb10")) + (patches + (search-patches "libmemcached-build-with-gcc7.patch")))) (build-system gnu-build-system) (native-inputs `(("memcached" ,memcached) diff --git a/gnu/packages/patches/libmemcached-build-with-gcc7.patch b/gnu/packages/patches/libmemcached-build-with-gcc7.patch new file mode 100644 index 0000000000..51e319d2c0 --- /dev/null +++ b/gnu/packages/patches/libmemcached-build-with-gcc7.patch @@ -0,0 +1,28 @@ +Author: Tobias Geerinckx-Rice +Date: Wed 22 Jan 22:58:13 CET 2020 +Subject: gnu: memcached: Fix build with GCC 7. + +Taken verbating from this bug report: +. + +diff -up ./clients/memflush.cc.old ./clients/memflush.cc +--- ./clients/memflush.cc.old 2017-02-12 10:12:59.615209225 +0100 ++++ ./clients/memflush.cc 2017-02-12 10:13:39.998382783 +0100 +@@ -39,7 +39,7 @@ int main(int argc, char *argv[]) + { + options_parse(argc, argv); + +- if (opt_servers == false) ++ if (!opt_servers) + { + char *temp; + +@@ -48,7 +48,7 @@ int main(int argc, char *argv[]) + opt_servers= strdup(temp); + } + +- if (opt_servers == false) ++ if (!opt_servers) + { + std::cerr << "No Servers provided" << std::endl; + exit(EXIT_FAILURE); -- cgit v1.2.3 From 6e5fc6c7efe0d3a8465e419bfd2883c64ec0e509 Mon Sep 17 00:00:00 2001 From: Jan Nieuwenhuizen Date: Mon, 20 Jan 2020 20:18:55 +0100 Subject: gnu: mes: Update to 0.22. * gnu/packages/mes.scm (mes): Update to 0.22. Remove store name patch. Add MES_PREFIX to native-search-paths. * gnu/packages/patches/mes-remove-store-name.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. * gnu/packages/mes.scm (mes-rb5): Depend on gzip instead of xz; this enables unpacking the now unpatched mes source. Update to check bin/mes-mescc-0.21. --- gnu/local.mk | 1 - gnu/packages/mes.scm | 21 ++-- gnu/packages/patches/mes-remove-store-name.patch | 121 ----------------------- 3 files changed, 13 insertions(+), 130 deletions(-) delete mode 100644 gnu/packages/patches/mes-remove-store-name.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 46d040c507..563c98b122 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1166,7 +1166,6 @@ dist_patch_DATA = \ %D%/packages/patches/mcrypt-CVE-2012-4426.patch \ %D%/packages/patches/mcrypt-CVE-2012-4527.patch \ %D%/packages/patches/libmemcached-build-with-gcc7.patch \ - %D%/packages/patches/mes-remove-store-name.patch \ %D%/packages/patches/mesa-skip-disk-cache-test.patch \ %D%/packages/patches/mescc-tools-boot.patch \ %D%/packages/patches/meson-for-build-rpath.patch \ diff --git a/gnu/packages/mes.scm b/gnu/packages/mes.scm index 5d85c5ff51..347aef0a8c 100644 --- a/gnu/packages/mes.scm +++ b/gnu/packages/mes.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2017, 2018, 2019 Jan Nieuwenhuizen +;;; Copyright © 2017, 2018, 2019, 2020 Jan (janneke) Nieuwenhuizen ;;; Copyright © 2017, 2018 Efraim Flashner ;;; Copyright © 2018 Tobias Geerinckx-Rice ;;; @@ -143,15 +143,14 @@ (define-public mes-0.19 (define-public mes (package (inherit mes-0.19) - (version "0.21") + (version "0.22") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/mes/" "mes-" version ".tar.gz")) - (patches (search-patches "mes-remove-store-name.patch")) (sha256 (base32 - "104qxngxyl7pql8vqrnli3wfyx0ayfaqg8gjfhmk4qzrafs46slm")))) + "0p1jsrrmcbc0zrvbvnjbb6iyxr0in71km293q8qj6gnar6bw09av")))) (propagated-inputs `(("mescc-tools" ,mescc-tools) ("nyacc" ,nyacc))) @@ -161,7 +160,11 @@ (define-public mes (files '("include"))) (search-path-specification (variable "LIBRARY_PATH") - (files '("lib"))))))) + (files '("lib"))) + (search-path-specification + (variable "MES_PREFIX") + (separator #f) + (files '(""))))))) (define-public mes-rb5 ;; This is the Reproducible-Builds summit 5's Mes, also built on Debian @@ -176,6 +179,7 @@ (define-public mes-rb5 ("coreutils" ,coreutils) ("grep" ,grep) ("guile" ,guile-2.2) + ("gzip" ,gzip) ("libc" ,glibc) ("locales" ,glibc-utf8-locales) ("make" ,gnu-make) @@ -183,8 +187,7 @@ (define-public mes-rb5 ("mescc-tools" ,mescc-tools) ("nyacc" ,nyacc) ("sed" ,sed) - ("tar" ,tar) - ("xz" ,xz))) + ("tar" ,tar))) (supported-systems '("i686-linux")) (arguments `(#:implicit-inputs? #f @@ -215,10 +218,12 @@ (define-public mes-rb5 (invoke "sh" "bootstrap.sh"))) (replace 'check (lambda _ + (copy-file "bin/mes-mescc" "bin/mes-mescc-0.21") + (system* "sed" "-i" "s/0\\.22/0\\.21/" "bin/mes-mescc-0.21") (let ((sha256sum (read-delimited " " - (open-pipe* OPEN_READ "sha256sum" "src/mes")))) + (open-pipe* OPEN_READ "sha256sum" "bin/mes-mescc-0.21")))) (unless (equal? sha256sum diff --git a/gnu/packages/patches/mes-remove-store-name.patch b/gnu/packages/patches/mes-remove-store-name.patch deleted file mode 100644 index ad055c51f2..0000000000 --- a/gnu/packages/patches/mes-remove-store-name.patch +++ /dev/null @@ -1,121 +0,0 @@ -From d8f361705325cf91fc6c2ec84f281cdcd6bfa8b1 Mon Sep 17 00:00:00 2001 -From: Jan Nieuwenhuizen -Date: Tue, 3 Dec 2019 21:23:24 +0100 -Subject: [PATCH] core: Remove MES_PKGDATADIR. - -* configure: Do not add MES_PKGDATADIR to config.h. -* configure.sh: Likewise. -* simple.sh: Likewise. -* src/mes.c (open_boot): Do not use MES_PKGDATADIR; rely on -MES_PREFIX or cwd. ---- - configure | 1 - - configure.sh | 1 - - simple.sh | 2 -- - src/mes.c | 13 ------------- - 4 files changed, 17 deletions(-) - -diff --git a/configure b/configure -index 8edb2ce7b..12d8323f2 100755 ---- a/configure -+++ b/configure -@@ -666,7 +666,6 @@ See \"Porting GNU Mes\" in the manual, or try --with-courage\n" mes-system) - ")) - (display (string-append " - #define MES_VERSION \"" VERSION "\" --#define MES_PKGDATADIR \"" pkgdatadir "\" - "))))) - (substitute (string-append srcdest "build-aux/config.make.in") pairs #:target ".config.make")) - -diff --git a/configure.sh b/configure.sh -index 947ddd851..0139cbc36 100755 ---- a/configure.sh -+++ b/configure.sh -@@ -244,7 +244,6 @@ EOF - fi - cat >> include/mes/config.h < include/mes/config.h < include/mes/config.h < 1) -- { -- eputs (";;; pkgdatadir="); -- eputs (MES_PKGDATADIR); -- eputs ("\n"); -- } - if (getenv ("MES_BOOT")) - strcpy (boot, getenv ("MES_BOOT")); - else -@@ -1801,13 +1795,6 @@ open_boot () - __stdin = try_open_boot (file_name, boot, "MES_PREFIX/share/mes"); - } - } -- if (__stdin < 0) -- { -- strcpy (g_datadir, MES_PKGDATADIR); -- strcpy (file_name, g_datadir); -- strcpy (file_name + strlen (file_name), "/module/mes/"); -- __stdin = try_open_boot (file_name, boot, "pkgdatadir"); -- } - if (__stdin < 0) - { - g_datadir[0] = 0; --- -2.24.0 - -commit 2f6fab05b3f09df02aba70c3e21d5fedb45dc567 -Author: Jan Nieuwenhuizen -Date: Sun Nov 24 23:12:29 2019 +0100 - - core: Throw instead of segfault on non-existing input file. WIP. - - Reported by theruran. - - * src/posix.c (open_input_file): Call error instead of failing silently. - -diff --git a/src/posix.c b/src/posix.c -index 7ba2e9915..fd753232d 100644 ---- a/src/posix.c -+++ b/src/posix.c -@@ -188,7 +188,10 @@ current_input_port () - SCM - open_input_file (SCM file_name) - { -- return MAKE_NUMBER (mes_open (CSTRING (file_name), O_RDONLY, 0)); -+ int filedes = mes_open (CSTRING (file_name), O_RDONLY, 0); -+ if (filedes == -1) -+ error (cell_symbol_system_error, cons (MAKE_STRING0 ("No such file or directory"), file_name)); -+ return MAKE_NUMBER (filedes); - } - - SCM -- cgit v1.2.3