commit LibVNCServer for openSUSE:Leap:15.2:Update

2020-07-24 Thread root 
Hello community,

here is the log from the commit of package LibVNCServer for 
openSUSE:Leap:15.2:Update checked in at 2020-07-24 14:20:14

Comparing /work/SRC/openSUSE:Leap:15.2:Update/LibVNCServer (Old)
 and  /work/SRC/openSUSE:Leap:15.2:Update/.LibVNCServer.new.3592 (New)


Package is "LibVNCServer"

Fri Jul 24 14:20:14 2020 rev:3 rq:822059 version:unknown

Changes:

New Changes file:

NO CHANGES FILE!!!



Other differences:
--
++ _link ++
--- /var/tmp/diff_new_pack.xCxr4N/_old  2020-07-24 14:20:15.061393101 +0200
+++ /var/tmp/diff_new_pack.xCxr4N/_new  2020-07-24 14:20:15.061393101 +0200
@@ -1 +1 @@
-
+

commit LibVNCServer for openSUSE:Leap:15.2:Update

2020-07-21 Thread root 
Hello community,

here is the log from the commit of package LibVNCServer for 
openSUSE:Leap:15.2:Update checked in at 2020-07-21 10:27:22

Comparing /work/SRC/openSUSE:Leap:15.2:Update/LibVNCServer (Old)
 and  /work/SRC/openSUSE:Leap:15.2:Update/.LibVNCServer.new.3592 (New)


Package is "LibVNCServer"

Tue Jul 21 10:27:22 2020 rev:2 rq:821582 version:unknown

Changes:

New Changes file:

NO CHANGES FILE!!!



Other differences:
--
++ _link ++
--- /var/tmp/diff_new_pack.hC8xUg/_old  2020-07-21 10:27:26.194850007 +0200
+++ /var/tmp/diff_new_pack.hC8xUg/_new  2020-07-21 10:27:26.194850007 +0200
@@ -1 +1 @@
-
+

commit LibVNCServer for openSUSE:Leap:15.2

2020-05-07 Thread root 
Hello community,

here is the log from the commit of package LibVNCServer for openSUSE:Leap:15.2 
checked in at 2020-05-07 19:26:35

Comparing /work/SRC/openSUSE:Leap:15.2/LibVNCServer (Old)
 and  /work/SRC/openSUSE:Leap:15.2/.LibVNCServer.new.2738 (New)


Package is "LibVNCServer"

Thu May  7 19:26:35 2020 rev:17 rq:800610 version:0.9.10

Changes:

--- /work/SRC/openSUSE:Leap:15.2/LibVNCServer/LibVNCServer.changes  
2020-01-15 14:45:20.657204187 +0100
+++ /work/SRC/openSUSE:Leap:15.2/.LibVNCServer.new.2738/LibVNCServer.changes
2020-05-07 19:26:58.325445719 +0200
@@ -1,0 +2,20 @@
+Mon Apr 27 09:22:31 UTC 2020 - pgaj...@suse.com
+
+- security update
+- added patches
+  fix CVE-2019-15690 [bsc#1160471], heap buffer overflow
+  + LibVNCServer-CVE-2019-15690.patch
+  fix CVE-2019-20788 [bsc#1170441], integer overflow and heap-based buffer 
overflow via a large height or width value
+  + LibVNCServer-CVE-2019-20788.patch
+
+---
+Mon Nov  4 12:50:59 UTC 2019 - pgaj...@suse.com
+
+- security update
+- added patches
+  CVE-2019-15681 [bsc#1155419]
+  + LibVNCServer-CVE-2019-15681.patch
+- note the correct way how to run the testsuite, it does not
+  seem to be usable as it is, though (segfaults)
+
+---

New:

  LibVNCServer-CVE-2019-15681.patch
  LibVNCServer-CVE-2019-15690.patch
  LibVNCServer-CVE-2019-20788.patch



Other differences:
--
++ LibVNCServer.spec ++
--- /var/tmp/diff_new_pack.Spws4K/_old  2020-05-07 19:26:59.185447439 +0200
+++ /var/tmp/diff_new_pack.Spws4K/_new  2020-05-07 19:26:59.185447439 +0200
@@ -49,6 +49,12 @@
 Patch24:LibVNCServer-CVE-2018-20749.patch
 Patch25:LibVNCServer-CVE-2018-20750.patch
 Patch26:LibVNCServer-CVE-2018-20748.patch
+# CVE-2019-15681 [bsc#1155419]
+Patch27:LibVNCServer-CVE-2019-15681.patch
+# CVE-2019-20788 [bsc#1170441], integer overflow and heap-based buffer 
overflow via a large height or width value
+Patch28:LibVNCServer-CVE-2019-20788.patch
+# CVE-2019-15690 [bsc#1160471], heap buffer overflow
+Patch29:LibVNCServer-CVE-2019-15690.patch
 BuildRequires:  libavahi-devel
 BuildRequires:  libgcrypt-devel
 BuildRequires:  libgnutls-devel
@@ -136,6 +142,9 @@
 %patch24 -p1
 %patch25 -p1
 %patch26 -p1
+%patch27 -p1
+%patch28 -p1
+%patch29 -p1
 # fix encoding
 for file in AUTHORS ChangeLog ; do
 mv ${file} ${file}.OLD && \
@@ -161,7 +170,10 @@
 %{__install} -d -m0755 RPM_BUILD_ROOT%{_datadir}/x11vnc/classes
 
 %check 
-make check
+pushd test
+# encodingstest segfaults during rfbShutdownServer() [no of our patch causes 
the segfault]
+make test || true
+popd
 
 %install
 %makeinstall

++ LibVNCServer-CVE-2019-15681.patch ++
diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
index 3bacc891..310e5487 100644
--- a/libvncserver/rfbserver.c
+++ b/libvncserver/rfbserver.c
@@ -3724,6 +3724,8 @@ rfbSendServerCutText(rfbScreenInfoPtr rfbScreen,char 
*str, int len)
 rfbServerCutTextMsg sct;
 rfbClientIteratorPtr iterator;
 
+memset((char *), 0, sizeof(sct));
+
 iterator = rfbGetClientIterator(rfbScreen);
 while ((cl = rfbClientIteratorNext(iterator)) != NULL) {
 sct.type = rfbServerCutText;
++ LibVNCServer-CVE-2019-15690.patch ++
diff --git a/libvncclient/cursor.c b/libvncclient/cursor.c
index 67f45726..40ffb3b0 100644
--- a/libvncclient/cursor.c
+++ b/libvncclient/cursor.c
@@ -28,6 +28,8 @@
 #define OPER_SAVE 0
 #define OPER_RESTORE  1
 
+#define MAX_CURSOR_SIZE 1024
+
 #define RGB24_TO_PIXEL(bpp,r,g,b)   \
uint##bpp##_t)(r) & 0xFF) * client->format.redMax + 127) / 255  
   \
 << client->format.redShift |  \
@@ -54,6 +56,9 @@ rfbBool HandleCursorShape(rfbClient* client,int xhot, int 
yhot, int width, int h
   if (width * height == 0)
 return TRUE;
 
+  if (width >= MAX_CURSOR_SIZE || height >= MAX_CURSOR_SIZE)
+return FALSE;
+
   /* Allocate memory for pixel data and temporary mask data. */
   if(client->rcSource)
 free(client->rcSource);

++ LibVNCServer-CVE-2019-20788.patch ++
Index: libvncserver-LibVNCServer-0.9.12/libvncclient/rfbproto.c
===
--- libvncserver-LibVNCServer-0.9.12.orig/libvncclient/rfbproto.c   
2019-01-06 20:09:30.0 +0100
+++ libvncserver-LibVNCServer-0.9.12/libvncclient/rfbproto.c2020-04-27 
10:32:26.192984242 +0200
@@ -225,6 +225,7 @@ ClearServer2Client(rfbClient* client, in
   client->supportedMessages.server2client[((messageType & 0xFF)/8)] &= 
(!(1<<(messageType % 8)));
 }