Rex Dieter
5 years ago
parent
b8138f6b1a
commit
ef2f30c801
@ -1,25 +0,0 @@
|
||||
From 15c4f144a3783d9f1f2c976acf9f4d85988fd466 Mon Sep 17 00:00:00 2001
|
||||
From: Albert Astals Cid <aacid@kde.org>
|
||||
Date: Sun, 5 Jan 2020 19:56:57 +0100
|
||||
Subject: [PATCH] rfbShutdownServer: Call rfbClientConnectionGone if no
|
||||
backgroundLoop
|
||||
|
||||
Otherwise the servers that don't use rfbRunEventLoop don't get
|
||||
notified of client disconnections
|
||||
---
|
||||
libvncserver/main.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/libvncserver/main.c b/libvncserver/main.c
|
||||
index b51f0ab6..738a501d 100644
|
||||
--- a/libvncserver/main.c
|
||||
+++ b/libvncserver/main.c
|
||||
@@ -1152,6 +1152,8 @@ void rfbShutdownServer(rfbScreenInfoPtr screen,rfbBool disconnectClients) {
|
||||
write(currentCl->pipe_notify_client_thread[1], "\x00", 1);
|
||||
/* And wait for it to finish. */
|
||||
pthread_join(currentCl->client_thread, NULL);
|
||||
+ } else {
|
||||
+ rfbClientConnectionGone(currentCl);
|
||||
}
|
||||
#else
|
||||
rfbClientConnectionGone(currentCl);
|
||||
@ -1,42 +0,0 @@
|
||||
From 3348a7e42e86dfb98dd7458ad29def476cf6096f Mon Sep 17 00:00:00 2001
|
||||
From: Christian Beier <dontmind@freeshell.org>
|
||||
Date: Sat, 9 Feb 2019 13:23:26 +0100
|
||||
Subject: [PATCH] CMake: replace hardcoded 'lib' with ${CMAKE_INSTALL_LIBDIR}
|
||||
|
||||
Closes #281
|
||||
---
|
||||
CMakeLists.txt | 7 ++++---
|
||||
1 file changed, 4 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/CMakeLists.txt b/CMakeLists.txt
|
||||
index 873cc7b5..55f7e650 100644
|
||||
--- a/CMakeLists.txt
|
||||
+++ b/CMakeLists.txt
|
||||
@@ -9,6 +9,7 @@ include(CheckTypeSize)
|
||||
include(TestBigEndian)
|
||||
include(CheckCSourceCompiles)
|
||||
include(CheckCSourceRuns)
|
||||
+include(GNUInstallDirs)
|
||||
|
||||
enable_testing()
|
||||
|
||||
@@ -666,8 +667,8 @@ get_link_libraries(PRIVATE_LIBS vncclient)
|
||||
configure_file(${CMAKE_CURRENT_SOURCE_DIR}/libvncclient.pc.cmakein ${CMAKE_CURRENT_BINARY_DIR}/libvncclient.pc @ONLY)
|
||||
|
||||
|
||||
-install_targets(/lib vncserver)
|
||||
-install_targets(/lib vncclient)
|
||||
+install_targets(/${CMAKE_INSTALL_LIBDIR} vncserver)
|
||||
+install_targets(/${CMAKE_INSTALL_LIBDIR} vncclient)
|
||||
install_files(/include/rfb FILES
|
||||
rfb/keysym.h
|
||||
rfb/rfb.h
|
||||
@@ -677,7 +678,7 @@ install_files(/include/rfb FILES
|
||||
rfb/rfbregion.h
|
||||
)
|
||||
|
||||
-install_files(/lib/pkgconfig FILES
|
||||
+install_files(/${CMAKE_INSTALL_LIBDIR}/pkgconfig FILES
|
||||
libvncserver.pc
|
||||
libvncclient.pc
|
||||
)
|
||||
@ -1,38 +0,0 @@
|
||||
From 36a71279ed5b10effecd879caf6c3791842ca713 Mon Sep 17 00:00:00 2001
|
||||
From: Christian Beier <dontmind@freeshell.org>
|
||||
Date: Thu, 28 Mar 2019 21:06:36 +0100
|
||||
Subject: [PATCH] CMake: replace 'lib' with ${CMAKE_INSTALL_LIBDIR} for
|
||||
pkgconfig files as well
|
||||
|
||||
Thanks to https://github.com/ikelos for spotting this ;-)
|
||||
|
||||
Closes #290
|
||||
---
|
||||
libvncclient.pc.cmakein | 2 +-
|
||||
libvncserver.pc.cmakein | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/libvncclient.pc.cmakein b/libvncclient.pc.cmakein
|
||||
index 169a8b7c..445f7e74 100644
|
||||
--- a/libvncclient.pc.cmakein
|
||||
+++ b/libvncclient.pc.cmakein
|
||||
@@ -1,6 +1,6 @@
|
||||
prefix=@CMAKE_INSTALL_PREFIX@
|
||||
exec_prefix=@CMAKE_INSTALL_PREFIX@
|
||||
-libdir=@CMAKE_INSTALL_PREFIX@/lib
|
||||
+libdir=@CMAKE_INSTALL_PREFIX@/@CMAKE_INSTALL_LIBDIR@
|
||||
includedir=@CMAKE_INSTALL_PREFIX@/include
|
||||
|
||||
Name: LibVNCClient
|
||||
diff --git a/libvncserver.pc.cmakein b/libvncserver.pc.cmakein
|
||||
index f38d74fe..c6898061 100644
|
||||
--- a/libvncserver.pc.cmakein
|
||||
+++ b/libvncserver.pc.cmakein
|
||||
@@ -1,6 +1,6 @@
|
||||
prefix=@CMAKE_INSTALL_PREFIX@
|
||||
exec_prefix=@CMAKE_INSTALL_PREFIX@
|
||||
-libdir=@CMAKE_INSTALL_PREFIX@/lib
|
||||
+libdir=@CMAKE_INSTALL_PREFIX@/@CMAKE_INSTALL_LIBDIR@
|
||||
includedir=@CMAKE_INSTALL_PREFIX@/include
|
||||
|
||||
Name: LibVNCServer
|
||||
@ -1,44 +0,0 @@
|
||||
From 09e8fc02f59f16e2583b34fe1a270c238bd9ffec Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
|
||||
Date: Mon, 7 Jan 2019 10:40:01 +0100
|
||||
Subject: [PATCH] Limit lenght to INT_MAX bytes in
|
||||
rfbProcessFileTransferReadBuffer()
|
||||
|
||||
This ammends 15bb719c03cc70f14c36a843dcb16ed69b405707 fix for a heap
|
||||
out-of-bound write access in rfbProcessFileTransferReadBuffer() when
|
||||
reading a transfered file content in a server. The former fix did not
|
||||
work on platforms with a 32-bit int type (expected by rfbReadExact()).
|
||||
|
||||
CVE-2018-15127
|
||||
<https://github.com/LibVNC/libvncserver/issues/243>
|
||||
<https://github.com/LibVNC/libvncserver/issues/273>
|
||||
---
|
||||
libvncserver/rfbserver.c | 7 ++++++-
|
||||
1 file changed, 6 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
|
||||
index 7af84906..f2edbeea 100644
|
||||
--- a/libvncserver/rfbserver.c
|
||||
+++ b/libvncserver/rfbserver.c
|
||||
@@ -88,6 +88,8 @@
|
||||
#include <errno.h>
|
||||
/* strftime() */
|
||||
#include <time.h>
|
||||
+/* INT_MAX */
|
||||
+#include <limits.h>
|
||||
|
||||
#ifdef LIBVNCSERVER_WITH_WEBSOCKETS
|
||||
#include "rfbssl.h"
|
||||
@@ -1472,8 +1474,11 @@ char *rfbProcessFileTransferReadBuffer(rfbClientPtr cl, uint32_t length)
|
||||
0XFFFFFFFF, i.e. SIZE_MAX for 32-bit systems. On 64-bit systems, a length of 0XFFFFFFFF
|
||||
will safely be allocated since this check will never trigger and malloc() can digest length+1
|
||||
without problems as length is a uint32_t.
|
||||
+ We also later pass length to rfbReadExact() that expects a signed int type and
|
||||
+ that might wrap on platforms with a 32-bit int type if length is bigger
|
||||
+ than 0X7FFFFFFF.
|
||||
*/
|
||||
- if(length == SIZE_MAX) {
|
||||
+ if(length == SIZE_MAX || length > INT_MAX) {
|
||||
rfbErr("rfbProcessFileTransferReadBuffer: too big file transfer length requested: %u", (unsigned int)length);
|
||||
rfbCloseClient(cl);
|
||||
return NULL;
|
||||
@ -1,23 +0,0 @@
|
||||
From d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a Mon Sep 17 00:00:00 2001
|
||||
From: Christian Beier <dontmind@freeshell.org>
|
||||
Date: Mon, 19 Aug 2019 22:32:25 +0200
|
||||
Subject: [PATCH] rfbserver: don't leak stack memory to the remote
|
||||
|
||||
Thanks go to Pavel Cheremushkin of Kaspersky for reporting.
|
||||
---
|
||||
libvncserver/rfbserver.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
|
||||
index 3bacc891..310e5487 100644
|
||||
--- a/libvncserver/rfbserver.c
|
||||
+++ b/libvncserver/rfbserver.c
|
||||
@@ -3724,6 +3724,8 @@ rfbSendServerCutText(rfbScreenInfoPtr rfbScreen,char *str, int len)
|
||||
rfbServerCutTextMsg sct;
|
||||
rfbClientIteratorPtr iterator;
|
||||
|
||||
+ memset((char *)&sct, 0, sizeof(sct));
|
||||
+
|
||||
iterator = rfbGetClientIterator(rfbScreen);
|
||||
while ((cl = rfbClientIteratorNext(iterator)) != NULL) {
|
||||
sct.type = rfbServerCutText;
|
||||
@ -1,26 +0,0 @@
|
||||
diff -Naur libvncserver-LibVNCServer-0.9.10.old/libvncclient/tls_gnutls.c libvncserver-LibVNCServer-0.9.10/libvncclient/tls_gnutls.c
|
||||
--- libvncserver-LibVNCServer-0.9.10.old/libvncclient/tls_gnutls.c 2015-12-12 00:14:37.269157918 +0100
|
||||
+++ libvncserver-LibVNCServer-0.9.10/libvncclient/tls_gnutls.c 2015-12-12 11:23:29.391385234 +0100
|
||||
@@ -31,8 +31,8 @@
|
||||
#include "tls.h"
|
||||
|
||||
|
||||
-static const char *rfbTLSPriority = "NORMAL:+DHE-DSS:+RSA:+DHE-RSA:+SRP";
|
||||
-static const char *rfbAnonTLSPriority= "NORMAL:+ANON-DH";
|
||||
+static const char *rfbTLSPriority = "@SYSTEM";
|
||||
+static const char *rfbAnonTLSPriority= "@SYSTEM:+ANON-DH";
|
||||
|
||||
#define DH_BITS 1024
|
||||
static gnutls_dh_params_t rfbDHParams;
|
||||
diff -Naur libvncserver-LibVNCServer-0.9.10.old/libvncserver/rfbssl_gnutls.c libvncserver-LibVNCServer-0.9.10/libvncserver/rfbssl_gnutls.c
|
||||
--- libvncserver-LibVNCServer-0.9.10.old/libvncserver/rfbssl_gnutls.c 2015-12-12 00:14:37.270157930 +0100
|
||||
+++ libvncserver-LibVNCServer-0.9.10/libvncserver/rfbssl_gnutls.c 2015-12-12 11:14:49.966830581 +0100
|
||||
@@ -54,7 +54,7 @@
|
||||
|
||||
if (!GNUTLS_E_SUCCESS == (ret = gnutls_init(&session, GNUTLS_SERVER))) {
|
||||
/* */
|
||||
- } else if (!GNUTLS_E_SUCCESS == (ret = gnutls_priority_set_direct(session, "EXPORT", NULL))) {
|
||||
+ } else if (!GNUTLS_E_SUCCESS == (ret = gnutls_set_default_priority(session))) {
|
||||
/* */
|
||||
} else if (!GNUTLS_E_SUCCESS == (ret = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, ctx->x509_cred))) {
|
||||
/* */
|
||||
@ -1,32 +0,0 @@
|
||||
From d0a76539835d11c0f4723499f8be4bc9c7724eb9 Mon Sep 17 00:00:00 2001
|
||||
From: Rajesh Sahoo <rajesh.sahoo@lge.com>
|
||||
Date: Tue, 11 Jun 2019 15:13:04 +0530
|
||||
Subject: [PATCH] avoid pthread_join if backgroundLoop is FALSE
|
||||
|
||||
client_thread is created depending upon backgroundLoop, but joining
|
||||
without checking for same condition. so we are trying to join a garbage
|
||||
thread_id.
|
||||
---
|
||||
libvncserver/main.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/libvncserver/main.c b/libvncserver/main.c
|
||||
index d3cd9b1e..772fb18f 100644
|
||||
--- a/libvncserver/main.c
|
||||
+++ b/libvncserver/main.c
|
||||
@@ -1112,6 +1112,7 @@ void rfbShutdownServer(rfbScreenInfoPtr screen,rfbBool disconnectClients) {
|
||||
}
|
||||
|
||||
#ifdef LIBVNCSERVER_HAVE_LIBPTHREAD
|
||||
+ if(currentCl->screen->backgroundLoop) {
|
||||
/*
|
||||
Notify the thread. This simply writes a NULL byte to the notify pipe in order to get past the select()
|
||||
in clientInput(), the loop in there will then break because the rfbCloseClient() above has set
|
||||
@@ -1120,6 +1121,7 @@ void rfbShutdownServer(rfbScreenInfoPtr screen,rfbBool disconnectClients) {
|
||||
write(currentCl->pipe_notify_client_thread[1], "\x00", 1);
|
||||
/* And wait for it to finish. */
|
||||
pthread_join(currentCl->client_thread, NULL);
|
||||
+ }
|
||||
#else
|
||||
rfbClientConnectionGone(currentCl);
|
||||
#endif
|
||||
@ -0,0 +1,15 @@
|
||||
diff -up libvncserver-LibVNCServer-0.9.13/libvncclient/tls_gnutls.c.crypto_policy libvncserver-LibVNCServer-0.9.13/libvncclient/tls_gnutls.c
|
||||
--- libvncserver-LibVNCServer-0.9.13/libvncclient/tls_gnutls.c.crypto_policy 2020-06-13 13:49:53.000000000 -0500
|
||||
+++ libvncserver-LibVNCServer-0.9.13/libvncclient/tls_gnutls.c 2020-07-02 08:00:54.304902893 -0500
|
||||
@@ -29,8 +29,8 @@
|
||||
#include "tls.h"
|
||||
|
||||
|
||||
-static const char *rfbTLSPriority = "NORMAL:+DHE-DSS:+RSA:+DHE-RSA:+SRP";
|
||||
-static const char *rfbAnonTLSPriority= "NORMAL:+ANON-DH";
|
||||
+static const char *rfbTLSPriority = "@SYSTEM";
|
||||
+static const char *rfbAnonTLSPriority= "@SYSTEM:+ANON-DH";
|
||||
|
||||
#define DH_BITS 1024
|
||||
static gnutls_dh_params_t rfbDHParams;
|
||||
diff -up libvncserver-LibVNCServer-0.9.13/libvncserver/rfbssl_gnutls.c.crypto_policy libvncserver-LibVNCServer-0.9.13/libvncserver/rfbssl_gnutls.c
|
||||
@ -1 +1 @@
|
||||
SHA512 (LibVNCServer-0.9.12.tar.gz) = 60ff1cc93a937d6f8f97449bc58b763095846207112f7b1b3c43eb2d74448b595d6da949903a764bd484ee54e38ff6277e882adbe965dd6d26ba15ef6ff6fcb8
|
||||
SHA512 (LibVNCServer-0.9.13.tar.gz) = 18b0a1698d32bbdbfe6f65f76130b2a95860e3cc76e8adb904269663698c7c0ae982f451fda1f25e5461f096045d40a89d9014258f439366d5b4feaa4999d643
|
||||
|
||||
Loading…
Reference in new issue