[gentoo-commits] repo/gentoo:master commit in: net-libs/libvncserver/files/, net-libs/libvncserver/

[gentoo-commits] repo/gentoo:master commit in: net-libs/libvncserver/files/, net-libs/libvncserver/

[Sven Wegener]

commit:     4fbd9dd57d76b333b4c75791b1590f5ee09119f1
Author:     Sven Wegener <swegener <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 15 21:40:20 2019 +0000
Commit:     Sven Wegener <swegener <AT> gentoo <DOT> org>
CommitDate: Thu Jan 17 21:21:30 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4fbd9dd5

net-libs/libvncserver: Version bump, security bug #659560 and #673508

Bug: https://bugs.gentoo.org/659560
Bug: https://bugs.gentoo.org/673508
Closes: https://bugs.gentoo.org/435326
Closes: https://bugs.gentoo.org/675046
Signed-off-by: Sven Wegener <swegener <AT> gentoo.org>
Package-Manager: Portage-2.3.51, Repoman-2.3.11

 net-libs/libvncserver/Manifest                     |  1 +
 .../files/libvncserver-0.9.12-cmake-libdir.patch   | 22 +++++++
 net-libs/libvncserver/libvncserver-0.9.12.ebuild   | 72 ++++++++++++++++++++++
 3 files changed, 95 insertions(+)

diff --git a/net-libs/libvncserver/Manifest b/net-libs/libvncserver/Manifest
index 85c0fe603f2..0cb75239ec8 100644
--- a/net-libs/libvncserver/Manifest
+++ b/net-libs/libvncserver/Manifest
@@ -1 +1,2 @@
 DIST LibVNCServer-0.9.11.tar.gz 1413739 BLAKE2B e295d3aef7181cd767676c4e55130fa65ecf8ea92a659b6de82d2cc465f1c9e1a587839942fd89882126dc8ec54f9de20a78e799ea194f9ae227a82ae705721b SHA512 e473c081b68dd3cdd96a1756b4f4945ece79d3c8e4cef62140be1699671555fc16d3080e81d764197a14ea83203ffcd0e18c3cc182e012d036e3faae943003fb
+DIST LibVNCServer-0.9.12.tar.gz 2237447 BLAKE2B 583500c0bcfb6e9e3a02a33fb2701113b164851f0906fcc4845de7c7d82d4f7f65f5edd6c9a672348ee1deeefc65c1b0a257da024254598ba86d121d424f027e SHA512 60ff1cc93a937d6f8f97449bc58b763095846207112f7b1b3c43eb2d74448b595d6da949903a764bd484ee54e38ff6277e882adbe965dd6d26ba15ef6ff6fcb8

diff --git a/net-libs/libvncserver/files/libvncserver-0.9.12-cmake-libdir.patch b/net-libs/libvncserver/files/libvncserver-0.9.12-cmake-libdir.patch
new file mode 100644
index 00000000000..35ee26dc7b0
--- /dev/null
+++ b/net-libs/libvncserver/files/libvncserver-0.9.12-cmake-libdir.patch
@@ -0,0 +1,22 @@
+--- libvncserver-LibVNCServer-0.9.12/CMakeLists.txt
++++ libvncserver-LibVNCServer-0.9.12/CMakeLists.txt
+@@ -666,8 +666,8 @@
+ configure_file(${CMAKE_CURRENT_SOURCE_DIR}/libvncclient.pc.cmakein ${CMAKE_CURRENT_BINARY_DIR}/libvncclient.pc @ONLY)
+ 
+ 
+-install_targets(/lib vncserver)
+-install_targets(/lib vncclient)
++install_targets(/${CMAKE_INSTALL_LIBDIR} vncserver)
++install_targets(/${CMAKE_INSTALL_LIBDIR} vncclient)
+ install_files(/include/rfb FILES
+     rfb/keysym.h
+     rfb/rfb.h
+@@ -677,7 +677,7 @@
+     rfb/rfbregion.h
+ )
+ 
+-install_files(/lib/pkgconfig FILES
++install_files(/${CMAKE_INSTALL_LIBDIR}/pkgconfig FILES
+     libvncserver.pc
+     libvncclient.pc
+ )

diff --git a/net-libs/libvncserver/libvncserver-0.9.12.ebuild b/net-libs/libvncserver/libvncserver-0.9.12.ebuild
new file mode 100644
index 00000000000..1a25cd77ee5
--- /dev/null
+++ b/net-libs/libvncserver/libvncserver-0.9.12.ebuild
@@ -0,0 +1,72 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit cmake-multilib
+
+MY_PN="LibVNCServer"
+
+DESCRIPTION="library for creating vnc servers"
+HOMEPAGE="https://libvnc.github.io/"
+SRC_URI="https://github.com/LibVNC/${PN}/archive/${MY_PN}-${PV}.tar.gz"
+
+LICENSE="GPL-2"
+# No sub slot wanted (yet), see #578958
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux"
+IUSE="+24bpp gcrypt gnutls ipv6 +jpeg libressl lzo +png sasl sdl ssl static-libs systemd test +threads +zlib"
+REQUIRED_USE="!gnutls? ( ssl? ( threads ) ) png? ( zlib )"
+
+DEPEND="
+	gcrypt? ( >=dev-libs/libgcrypt-1.5.3:0=[${MULTILIB_USEDEP}] )
+	gnutls? (
+		>=net-libs/gnutls-2.12.23-r6:0=[${MULTILIB_USEDEP}]
+		>=dev-libs/libgcrypt-1.5.3:0=[${MULTILIB_USEDEP}]
+	)
+	!gnutls? (
+		ssl? (
+			!libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] )
+			libressl? ( dev-libs/libressl:0=[${MULTILIB_USEDEP}] )
+		)
+	)
+	jpeg? ( >=virtual/jpeg-0-r2:0[${MULTILIB_USEDEP}] )
+	lzo? ( dev-libs/lzo )
+	png? ( >=media-libs/libpng-1.6.10:0=[${MULTILIB_USEDEP}] )
+	sasl? ( dev-libs/cyrus-sasl )
+	sdl? ( media-libs/libsdl2 )
+	systemd? ( sys-apps/systemd:= )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1:0=[${MULTILIB_USEDEP}] )"
+RDEPEND="${DEPEND}"
+
+S="${WORKDIR}/${PN}-${MY_PN}-${PV}"
+
+DOCS=( AUTHORS ChangeLog NEWS README.md TODO )
+
+PATCHES=(
+	"${FILESDIR}"/${P}-cmake-libdir.patch
+)
+
+multilib_src_configure() {
+	local mycmakeargs=(
+		-DWITH_ZLIB=$(usex zlib ON OFF)
+		-DWITH_LZO=$(usex lzo ON OFF)
+		-DWITH_JPEG=$(usex jpeg ON OFF)
+		-DWITH_PNG=$(usex png ON OFF)
+		-DWITH_SDL=$(usex sdl ON OFF)
+		-DWITH_THREADS=$(usex threads ON OFF)
+		-DWITH_GNUTLS=$(usex gnutls ON OFF)
+		-DWITH_OPENSSL=$(usex gnutls OFF $(usex ssl ON OFF))
+		-DWITH_GCRYPT=$(usex gnutls ON $(usex gcrypt ON OFF))
+		-DWITH_SYSTEMD=$(usex systemd ON OFF)
+		-DWITH_FFMPEG=OFF
+		-DWITH_24BPP=$(usex 24bpp ON OFF)
+		-DWITH_IPv6=$(usex ipv6 ON OFF)
+		-DWITH_SASL=$(usex sasl ON OFF)
+	)
+	cmake-utils_src_configure
+}
+
+multilib_src_install_all() {
+	einstalldocs
+}

[gentoo-commits] repo/gentoo:master commit in: net-libs/libvncserver/files/, net-libs/libvncserver/

[Joonas Niilola]

commit:     369a02be4da385aca62393c390229d3311e6bb78
Author:     Alexander Tsoy <alexander <AT> tsoy <DOT> me>
AuthorDate: Mon Mar 23 15:40:08 2020 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Thu Mar 26 07:22:02 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=369a02be

net-libs/libvncserver: Fix CVE-2019-15690

Bug: https://bugs.gentoo.org/714054
Signed-off-by: Alexander Tsoy <alexander <AT> tsoy.me>
Closes: https://github.com/gentoo/gentoo/pull/15070
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 .../files/libvncserver-0.9.12-CVE-2019-15690.patch | 39 +++++++++++
 .../libvncserver/libvncserver-0.9.12-r5.ebuild     | 75 ++++++++++++++++++++++
 2 files changed, 114 insertions(+)

diff --git a/net-libs/libvncserver/files/libvncserver-0.9.12-CVE-2019-15690.patch b/net-libs/libvncserver/files/libvncserver-0.9.12-CVE-2019-15690.patch
new file mode 100644
index 00000000000..5ef290129c7
--- /dev/null
+++ b/net-libs/libvncserver/files/libvncserver-0.9.12-CVE-2019-15690.patch
@@ -0,0 +1,39 @@
+From 54220248886b5001fbbb9fa73c4e1a2cb9413fed Mon Sep 17 00:00:00 2001
+From: Christian Beier <dontmind@freeshell.org>
+Date: Sun, 17 Nov 2019 17:18:35 +0100
+Subject: [PATCH] libvncclient/cursor: limit width/height input values
+
+Avoids a possible heap overflow reported by Pavel Cheremushkin
+<Pavel.Cheremushkin@kaspersky.com>.
+
+re #275
+---
+ libvncclient/cursor.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/libvncclient/cursor.c b/libvncclient/cursor.c
+index 67f4572..40ffb3b 100644
+--- a/libvncclient/cursor.c
++++ b/libvncclient/cursor.c
+@@ -28,6 +28,8 @@
+ #define OPER_SAVE     0
+ #define OPER_RESTORE  1
+ 
++#define MAX_CURSOR_SIZE 1024
++
+ #define RGB24_TO_PIXEL(bpp,r,g,b)                                       \
+    ((((uint##bpp##_t)(r) & 0xFF) * client->format.redMax + 127) / 255             \
+     << client->format.redShift |                                              \
+@@ -54,6 +56,9 @@ rfbBool HandleCursorShape(rfbClient* client,int xhot, int yhot, int width, int h
+   if (width * height == 0)
+     return TRUE;
+ 
++  if (width >= MAX_CURSOR_SIZE || height >= MAX_CURSOR_SIZE)
++    return FALSE;
++
+   /* Allocate memory for pixel data and temporary mask data. */
+   if(client->rcSource)
+     free(client->rcSource);
+-- 
+2.24.1
+

diff --git a/net-libs/libvncserver/libvncserver-0.9.12-r5.ebuild b/net-libs/libvncserver/libvncserver-0.9.12-r5.ebuild
new file mode 100644
index 00000000000..87aad236303
--- /dev/null
+++ b/net-libs/libvncserver/libvncserver-0.9.12-r5.ebuild
@@ -0,0 +1,75 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit cmake
+
+MY_P="LibVNCServer-${PV}"
+
+DESCRIPTION="library for creating vnc servers"
+HOMEPAGE="https://libvnc.github.io/"
+SRC_URI="https://github.com/LibVNC/${PN}/archive/${MY_P}.tar.gz"
+S="${WORKDIR}/${PN}-${MY_P}"
+
+# libvncserver/tightvnc-filetransfer/*: GPL-2, but we don't build it
+# common/d3des.*: https://github.com/LibVNC/libvncserver/issues/88
+LICENSE="GPL-2+ LGPL-2.1+ BSD MIT"
+# no sub slot wanted (yet), see #578958
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux"
+IUSE="+24bpp gcrypt gnutls ipv6 +jpeg libressl lzo +png sasl ssl systemd +threads +zlib"
+# https://bugs.gentoo.org/690202
+# https://bugs.gentoo.org/435326
+# https://bugs.gentoo.org/550916
+REQUIRED_USE="jpeg? ( zlib ) png? ( zlib ) ssl? ( !gnutls? ( threads ) )"
+
+DEPEND="
+	gcrypt? ( >=dev-libs/libgcrypt-1.5.3:0= )
+	ssl? (
+		!gnutls? (
+			!libressl? ( >=dev-libs/openssl-1.0.2:0= )
+			libressl? ( >=dev-libs/libressl-2.7.0:0= )
+		)
+		gnutls? ( >=net-libs/gnutls-2.12.23-r6:0= )
+	)
+	jpeg? ( >=virtual/jpeg-0-r2:0 )
+	lzo? ( dev-libs/lzo )
+	png? ( >=media-libs/libpng-1.6.10:0= )
+	sasl? ( dev-libs/cyrus-sasl )
+	systemd? ( sys-apps/systemd:= )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1:0= )"
+RDEPEND="${DEPEND}"
+
+DOCS=( AUTHORS ChangeLog NEWS README.md TODO )
+
+PATCHES=(
+	"${FILESDIR}"/${P}-cmake-libdir.patch
+	"${FILESDIR}"/${P}-pkgconfig-libdir.patch
+	"${FILESDIR}"/${P}-libgcrypt.patch
+	"${FILESDIR}"/${P}-sparc-unaligned.patch
+	"${FILESDIR}"/${P}-CVE-2018-20750.patch
+	"${FILESDIR}"/${P}-CVE-2019-15681.patch
+	"${FILESDIR}"/${P}-fix-tight-raw-decoding.patch
+	"${FILESDIR}"/${P}-fix-shutdown-crash.patch
+	"${FILESDIR}"/${P}-CVE-2019-15690.patch
+)
+
+src_configure() {
+	local mycmakeargs=(
+		-DWITH_ZLIB=$(usex zlib ON OFF)
+		-DWITH_LZO=$(usex lzo ON OFF)
+		-DWITH_JPEG=$(usex jpeg ON OFF)
+		-DWITH_PNG=$(usex png ON OFF)
+		-DWITH_THREADS=$(usex threads ON OFF)
+		-DWITH_GNUTLS=$(usex gnutls $(usex ssl ON OFF) OFF)
+		-DWITH_OPENSSL=$(usex gnutls OFF $(usex ssl ON OFF))
+		-DWITH_GCRYPT=$(usex gcrypt ON OFF)
+		-DWITH_SYSTEMD=$(usex systemd ON OFF)
+		-DWITH_FFMPEG=OFF
+		-DWITH_24BPP=$(usex 24bpp ON OFF)
+		-DWITH_IPv6=$(usex ipv6 ON OFF)
+		-DWITH_SASL=$(usex sasl ON OFF)
+	)
+	cmake_src_configure
+}

[gentoo-commits] repo/gentoo:master commit in: net-libs/libvncserver/files/, net-libs/libvncserver/

[Andreas Sturmlechner]

commit:     29bd18220587faa63d90afb87447327f638257c2
Author:     Alexander Tsoy <alexander <AT> tsoy <DOT> me>
AuthorDate: Fri Feb 17 21:35:03 2023 +0000
Commit:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
CommitDate: Sat Feb 18 13:06:13 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=29bd1822

net-libs/libvncserver: security cleanup

Bug: https://bugs.gentoo.org/887067
Signed-off-by: Alexander Tsoy <alexander <AT> tsoy.me>
Closes: https://github.com/gentoo/gentoo/pull/29641
Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org>

 net-libs/libvncserver/Manifest                     |  1 -
 .../files/libvncserver-0.9.13-CVE-2020-29260.patch | 27 --------
 .../libvncserver-0.9.13-test-fix-includetest.patch | 54 ---------------
 .../libvncserver-0.9.13-test-fix-tjunittest.patch  | 29 ---------
 .../libvncserver/libvncserver-0.9.13-r1.ebuild     | 76 ----------------------
 5 files changed, 187 deletions(-)

diff --git a/net-libs/libvncserver/Manifest b/net-libs/libvncserver/Manifest
index 560434399356..779ce1c48b7d 100644
--- a/net-libs/libvncserver/Manifest
+++ b/net-libs/libvncserver/Manifest
@@ -1,2 +1 @@
-DIST LibVNCServer-0.9.13.tar.gz 567491 BLAKE2B 138c7ca63f8cd30a21dc1b58aafa744e12a1a9eca503ffec18a63d18791d7a5df4eef176d7e4e797a2aadda1dd04d1b051abfd76bf5c6806d558c09ffee78cce SHA512 18b0a1698d32bbdbfe6f65f76130b2a95860e3cc76e8adb904269663698c7c0ae982f451fda1f25e5461f096045d40a89d9014258f439366d5b4feaa4999d643
 DIST LibVNCServer-0.9.14.tar.gz 593516 BLAKE2B 6585e15e2ade08211ace0ae40deb07eca04b96dcfe38fb4d2e7d7a7192ca22dda546cb69fc4be6c6b7eb83c8afb0ea14d7cee3779a9e64c138ec861efeb540b8 SHA512 8a0a58e355154cbe1e5807864dc874b063c5e5f5e20d64ae541d49d51b654a35ca9c625adc5c303b6570fa79c19f82d87a37612f9801b453ccf862bd77c06fcc

diff --git a/net-libs/libvncserver/files/libvncserver-0.9.13-CVE-2020-29260.patch b/net-libs/libvncserver/files/libvncserver-0.9.13-CVE-2020-29260.patch
deleted file mode 100644
index 23ffed8c1774..000000000000
--- a/net-libs/libvncserver/files/libvncserver-0.9.13-CVE-2020-29260.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From bef41f6ec4097a8ee094f90a1b34a708fbd757ec Mon Sep 17 00:00:00 2001
-From: Christian Beier <info@christianbeier.net>
-Date: Sat, 21 Nov 2020 12:52:31 +0100
-Subject: [PATCH] libvncclient: free vncRec memory in rfbClientCleanup()
-
-Otherwise we leak memory. Spotted by Ramin Farajpour Cami
-<ramin.blackhat@gmail.com>, thanks!
----
- libvncclient/vncviewer.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/libvncclient/vncviewer.c b/libvncclient/vncviewer.c
-index d6b91f02..0a1bdcf6 100644
---- a/libvncclient/vncviewer.c
-+++ b/libvncclient/vncviewer.c
-@@ -534,6 +534,8 @@ void rfbClientCleanup(rfbClient* client) {
-     client->clientData = next;
-   }
- 
-+  free(client->vncRec);
-+
-   if (client->sock != RFB_INVALID_SOCKET)
-     rfbCloseSocket(client->sock);
-   if (client->listenSock != RFB_INVALID_SOCKET)
--- 
-2.35.1
-

diff --git a/net-libs/libvncserver/files/libvncserver-0.9.13-test-fix-includetest.patch b/net-libs/libvncserver/files/libvncserver-0.9.13-test-fix-includetest.patch
deleted file mode 100644
index 767708288830..000000000000
--- a/net-libs/libvncserver/files/libvncserver-0.9.13-test-fix-includetest.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From 39cff3dd6b5d9ebcf86f01e2c7e0bef62abd9d6f Mon Sep 17 00:00:00 2001
-From: Alexander Tsoy <alexander@tsoy.me>
-Date: Thu, 25 Jun 2020 11:35:04 +0300
-Subject: [PATCH 1/2] test: fix includetest to use CMAKE_MAKE_PROGRAM (#431)
-
-includetest currently fais if, for example, ninja is used as a CMake
-generator. Fix it by using CMAKE_MAKE_PROGRAM in the test.
----
- CMakeLists.txt      | 2 +-
- test/includetest.sh | 7 ++++---
- 2 files changed, 5 insertions(+), 4 deletions(-)
-
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 0b6228a2..290deb38 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -680,7 +680,7 @@ endif(LIBVNCSERVER_WITH_WEBSOCKETS)
- 
- add_test(NAME cargs COMMAND test_cargstest)
- if(UNIX)
--  add_test(NAME includetest COMMAND ${TESTS_DIR}/includetest.sh ${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_INCLUDEDIR})
-+  add_test(NAME includetest COMMAND ${TESTS_DIR}/includetest.sh ${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_INCLUDEDIR} ${CMAKE_MAKE_PROGRAM})
- endif(UNIX)
- if(FOUND_LIBJPEG_TURBO)
-     add_test(NAME turbojpeg COMMAND test_tjunittest)
-diff --git a/test/includetest.sh b/test/includetest.sh
-index 23d602e6..6b064208 100755
---- a/test/includetest.sh
-+++ b/test/includetest.sh
-@@ -5,10 +5,11 @@
- 
- # expects install prefix like /usr as an argument
- PREFIX=$1
-+CMAKE_MAKE_PROGRAM=$2
- 
- TMPDIR=$(mktemp -d)
- 
--make install DESTDIR=$TMPDIR
-+DESTDIR="$TMPDIR" $CMAKE_MAKE_PROGRAM install
- 
- echo \
- "
-@@ -19,6 +20,6 @@ int main()
- {
-     return 0;
- }
--" > $TMPDIR/includetest.c
-+" > "$TMPDIR"/includetest.c
- 
--cc -I $TMPDIR/$PREFIX $TMPDIR/includetest.c
-+cc -I "$TMPDIR/$PREFIX" "$TMPDIR"/includetest.c
--- 
-2.26.2
-

diff --git a/net-libs/libvncserver/files/libvncserver-0.9.13-test-fix-tjunittest.patch b/net-libs/libvncserver/files/libvncserver-0.9.13-test-fix-tjunittest.patch
deleted file mode 100644
index 98e3a654b471..000000000000
--- a/net-libs/libvncserver/files/libvncserver-0.9.13-test-fix-tjunittest.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 8244fab5421fd14d4c75ce488ad18d38b7a6edb4 Mon Sep 17 00:00:00 2001
-From: Christian Beier <info@christianbeier.net>
-Date: Thu, 25 Jun 2020 12:21:50 +0200
-Subject: [PATCH 2/2] CMake: only add turbojpeg test if configured WITH_JPEG
-
-Closes #430
----
- CMakeLists.txt | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 290deb38..fdca4d81 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -682,9 +682,9 @@ add_test(NAME cargs COMMAND test_cargstest)
- if(UNIX)
-   add_test(NAME includetest COMMAND ${TESTS_DIR}/includetest.sh ${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_INCLUDEDIR} ${CMAKE_MAKE_PROGRAM})
- endif(UNIX)
--if(FOUND_LIBJPEG_TURBO)
-+if(WITH_JPEG AND FOUND_LIBJPEG_TURBO)
-     add_test(NAME turbojpeg COMMAND test_tjunittest)
--endif(FOUND_LIBJPEG_TURBO)
-+endif(WITH_JPEG AND FOUND_LIBJPEG_TURBO)
- if(LIBVNCSERVER_WITH_WEBSOCKETS)
-     add_test(NAME wstest COMMAND test_wstest)
- endif(LIBVNCSERVER_WITH_WEBSOCKETS)
--- 
-2.26.2
-

diff --git a/net-libs/libvncserver/libvncserver-0.9.13-r1.ebuild b/net-libs/libvncserver/libvncserver-0.9.13-r1.ebuild
deleted file mode 100644
index 29851d5a4e57..000000000000
--- a/net-libs/libvncserver/libvncserver-0.9.13-r1.ebuild
+++ /dev/null
@@ -1,76 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit cmake
-
-MY_P="LibVNCServer-${PV}"
-
-DESCRIPTION="library for creating vnc servers"
-HOMEPAGE="https://libvnc.github.io/"
-SRC_URI="https://github.com/LibVNC/${PN}/archive/${MY_P}.tar.gz"
-S="${WORKDIR}/${PN}-${MY_P}"
-
-# common/d3des.*: https://github.com/LibVNC/libvncserver/issues/88
-LICENSE="GPL-2 GPL-2+ LGPL-2.1+ BSD MIT"
-# no sub slot wanted (yet), see #578958
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux"
-IUSE="+24bpp +filetransfer gcrypt gnutls ipv6 +jpeg lzo +png sasl ssl systemd +threads +zlib"
-# https://bugs.gentoo.org/690202
-# https://bugs.gentoo.org/435326
-# https://bugs.gentoo.org/550916
-REQUIRED_USE="
-	filetransfer? ( threads )
-	jpeg? ( zlib )
-	png? ( zlib )
-	ssl? ( !gnutls? ( threads ) )
-"
-
-DEPEND="
-	gcrypt? ( >=dev-libs/libgcrypt-1.5.3:0= )
-	ssl? (
-		!gnutls? (
-			>=dev-libs/openssl-1.0.2:0=
-		)
-		gnutls? ( >=net-libs/gnutls-2.12.23-r6:0= )
-	)
-	jpeg? ( media-libs/libjpeg-turbo:= )
-	lzo? ( dev-libs/lzo )
-	png? ( >=media-libs/libpng-1.6.10:0= )
-	sasl? ( dev-libs/cyrus-sasl )
-	systemd? ( sys-apps/systemd:= )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1:0= )
-"
-RDEPEND="${DEPEND}"
-
-DOCS=( AUTHORS ChangeLog NEWS.md README.md TODO.md )
-
-PATCHES=(
-	"${FILESDIR}"/${P}-test-fix-includetest.patch
-	"${FILESDIR}"/${P}-test-fix-tjunittest.patch
-	"${FILESDIR}"/${P}-CVE-2020-29260.patch
-)
-
-src_configure() {
-	local mycmakeargs=(
-		-DWITH_FFMPEG=OFF
-		-DWITH_GTK=OFF
-		-DWITH_SDL=OFF
-		-DWITH_24BPP=$(usex 24bpp ON OFF)
-		-DWITH_TIGHTVNC_FILETRANSFER=$(usex filetransfer ON OFF)
-		-DWITH_GCRYPT=$(usex gcrypt ON OFF)
-		-DWITH_GNUTLS=$(usex gnutls $(usex ssl ON OFF) OFF)
-		-DWITH_IPv6=$(usex ipv6 ON OFF)
-		-DWITH_JPEG=$(usex jpeg ON OFF)
-		-DWITH_LZO=$(usex lzo ON OFF)
-		-DWITH_OPENSSL=$(usex gnutls OFF $(usex ssl ON OFF))
-		-DWITH_PNG=$(usex png ON OFF)
-		-DWITH_SASL=$(usex sasl ON OFF)
-		-DWITH_SYSTEMD=$(usex systemd ON OFF)
-		-DWITH_THREADS=$(usex threads ON OFF)
-		-DWITH_ZLIB=$(usex zlib ON OFF)
-	)
-	cmake_src_configure
-}

[gentoo-commits] repo/gentoo:master commit in: net-libs/libvncserver/files/, net-libs/libvncserver/

[Sam James]

commit:     01dbaaafe6f24fecdc12973aa620ce50ffeb544d
Author:     Alexander Tsoy <alexander <AT> tsoy <DOT> me>
AuthorDate: Thu Mar 23 02:50:59 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Mar 23 04:56:50 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=01dbaaaf

net-libs/libvncserver: fix openssl crypto backend

Bug: https://bugs.gentoo.org/893608
Signed-off-by: Alexander Tsoy <alexander <AT> tsoy.me>
Closes: https://github.com/gentoo/gentoo/pull/30311
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../libvncserver-0.9.14-crypto-openssl-fix.patch   | 59 ++++++++++++++++
 .../libvncserver/libvncserver-0.9.14-r1.ebuild     | 81 ++++++++++++++++++++++
 2 files changed, 140 insertions(+)

diff --git a/net-libs/libvncserver/files/libvncserver-0.9.14-crypto-openssl-fix.patch b/net-libs/libvncserver/files/libvncserver-0.9.14-crypto-openssl-fix.patch
new file mode 100644
index 000000000000..d4c76773b02c
--- /dev/null
+++ b/net-libs/libvncserver/files/libvncserver-0.9.14-crypto-openssl-fix.patch
@@ -0,0 +1,59 @@
+From b686f379c34114cf938fe88291f58014337558f6 Mon Sep 17 00:00:00 2001
+From: Gaurav Ujjwal <gujjwal00@gmail.com>
+Date: Mon, 23 Jan 2023 00:03:03 +0530
+Subject: [PATCH] common/crypto_openssl: pad DH key buffers with leading zeros
+ for smaller keys
+
+Re: https://github.com/LibVNC/libvncserver/issues/493
+Re: https://github.com/bk138/multivnc/issues/202
+---
+ common/crypto_openssl.c | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/common/crypto_openssl.c b/common/crypto_openssl.c
+index 50e8073a..dc1ee093 100644
+--- a/common/crypto_openssl.c
++++ b/common/crypto_openssl.c
+@@ -156,6 +156,15 @@ int encrypt_aes128ecb(void *out, int *out_len, const unsigned char key[16], cons
+     return result;
+ }
+ 
++static void pad_leading_zeros(uint8_t *out, const size_t current_len, const size_t expected_len) {
++    if (current_len >= expected_len || expected_len < 1)
++        return;
++
++    size_t diff = expected_len - current_len;
++    memmove(out + diff, out, current_len);
++    memset(out, 0, diff);
++}
++
+ int dh_generate_keypair(uint8_t *priv_out, uint8_t *pub_out, const uint8_t *gen, const size_t gen_len, const uint8_t *prime, const size_t keylen)
+ {
+     int result = 0;
+@@ -184,6 +193,9 @@ int dh_generate_keypair(uint8_t *priv_out, uint8_t *pub_out, const uint8_t *gen,
+ 	goto out;
+     if(BN_bn2bin(dh->pub_key, pub_out) == 0)
+ 	goto out;
++
++    pad_leading_zeros(priv_out, BN_num_bytes(dh->priv_key), keylen);
++    pad_leading_zeros(pub_out, BN_num_bytes(dh->pub_key), keylen);
+ #else
+     DH_get0_key(dh, &pub_key, &priv_key);
+     if(BN_bn2binpad(priv_key, priv_out, keylen) == -1)
+@@ -216,9 +228,11 @@ int dh_compute_shared_key(uint8_t *shared_out, const uint8_t *priv, const uint8_
+     if(!DH_set0_key(dh, NULL, BN_bin2bn(priv, keylen, NULL)))
+ 	goto out;
+ #endif
+-    if(DH_compute_key(shared_out, BN_bin2bn(pub, keylen, NULL), dh) == -1)
+-	goto out;
++    int shared_len = DH_compute_key(shared_out, BN_bin2bn(pub, keylen, NULL), dh);
++    if(shared_len == -1)
++        goto out;
+ 
++    pad_leading_zeros(shared_out, shared_len, keylen);
+     result = 1;
+ 
+  out:
+-- 
+2.39.2
+

diff --git a/net-libs/libvncserver/libvncserver-0.9.14-r1.ebuild b/net-libs/libvncserver/libvncserver-0.9.14-r1.ebuild
new file mode 100644
index 000000000000..996b5e9c2b4e
--- /dev/null
+++ b/net-libs/libvncserver/libvncserver-0.9.14-r1.ebuild
@@ -0,0 +1,81 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit cmake
+
+MY_P="LibVNCServer-${PV}"
+
+DESCRIPTION="library for creating vnc servers"
+HOMEPAGE="https://libvnc.github.io/"
+SRC_URI="https://github.com/LibVNC/${PN}/archive/${MY_P}.tar.gz"
+S="${WORKDIR}/${PN}-${MY_P}"
+
+# common/d3des.*: https://github.com/LibVNC/libvncserver/issues/88
+LICENSE="GPL-2 GPL-2+ LGPL-2.1+ BSD MIT"
+# no sub slot wanted (yet), see #578958
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
+IUSE="+24bpp +filetransfer +gcrypt gnutls ipv6 +jpeg lzo +png sasl ssl systemd +threads +zlib"
+# https://bugs.gentoo.org/690202
+# https://bugs.gentoo.org/435326
+# https://bugs.gentoo.org/550916
+REQUIRED_USE="
+	filetransfer? ( threads )
+	jpeg? ( zlib )
+	png? ( zlib )
+	ssl? ( !gnutls? ( threads ) )
+"
+# Avoid using internal crypto backend as it doesn't support
+# all authentication methods #893608
+REQUIRED_USE+="
+	ssl? ( gnutls? ( gcrypt ) )
+	!ssl? ( gcrypt )
+"
+
+DEPEND="
+	gcrypt? ( >=dev-libs/libgcrypt-1.5.3:0= )
+	ssl? (
+		!gnutls? (
+			>=dev-libs/openssl-1.0.2:0=
+		)
+		gnutls? ( >=net-libs/gnutls-2.12.23-r6:0= )
+	)
+	jpeg? ( media-libs/libjpeg-turbo:= )
+	lzo? ( dev-libs/lzo )
+	png? ( >=media-libs/libpng-1.6.10:0= )
+	sasl? ( dev-libs/cyrus-sasl )
+	systemd? ( sys-apps/systemd:= )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1:0= )
+"
+RDEPEND="${DEPEND}"
+
+DOCS=( AUTHORS ChangeLog NEWS.md README.md )
+
+PATCHES=(
+	"${FILESDIR}"/${P}-crypto-openssl-fix.patch
+)
+
+src_configure() {
+	local mycmakeargs=(
+		-DWITH_EXAMPLES=OFF
+		-DWITH_FFMPEG=OFF
+		-DWITH_GTK=OFF
+		-DWITH_SDL=OFF
+		-DWITH_24BPP=$(usex 24bpp ON OFF)
+		-DWITH_TIGHTVNC_FILETRANSFER=$(usex filetransfer ON OFF)
+		-DWITH_GCRYPT=$(usex gcrypt ON OFF)
+		-DWITH_GNUTLS=$(usex gnutls $(usex ssl ON OFF) OFF)
+		-DWITH_IPv6=$(usex ipv6 ON OFF)
+		-DWITH_JPEG=$(usex jpeg ON OFF)
+		-DWITH_LZO=$(usex lzo ON OFF)
+		-DWITH_OPENSSL=$(usex gnutls OFF $(usex ssl ON OFF))
+		-DWITH_PNG=$(usex png ON OFF)
+		-DWITH_SASL=$(usex sasl ON OFF)
+		-DWITH_SYSTEMD=$(usex systemd ON OFF)
+		-DWITH_THREADS=$(usex threads ON OFF)
+		-DWITH_ZLIB=$(usex zlib ON OFF)
+	)
+	cmake_src_configure
+}