Date: Tue, 23 Dec 2008 17:58:23 -0700 (MST) From: "John E. Hein" <jhein@timing.com> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/129894: [patch][vulnerability fix] update vnc port Message-ID: <200812240058.mBO0wNoN065898@marvin.timing.com> Resent-Message-ID: <200812240100.mBO10E6g074940@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 129894 >Category: ports >Synopsis: fix broken vnc port >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Wed Dec 24 01:00:14 UTC 2008 >Closed-Date: >Last-Modified: >Originator: John Hein >Release: FreeBSD 7.1-PRERELEASE i386 >Organization: >Environment: >Description: realvnc.com released a new version (in Oct), but the fetch doesn't know the difference and, despite the port unsuspectingly fetching the latest 4.1.3 version, forces the output filename to vnc-4_1_2-unixsrc.tar.gz with -o... /usr/bin/fetch -ApRr -o vnc-4_1_3-unixsrc.tar.gz 'http://www.realvnc.com/cgi-bin/download.cgi?product=free4/src/unix&acceptLicense=1&haveDetails=1&filetype=tar_gz' Adding '&filever=4.1.2' to the cgi download url would work around this since the 4.1.2 tarball is still available, but we should update to 4.1.3. Only one code change: to bounds check bounds on a decoders array index before dereferencing in vnc-4_1_3-unixsrc/common/rfb/CMsgReader.cxx ... + if (encoding > encodingMax) + throw Exception("Unknown rect encoding"); Other than that, there were some minor 'configure' changes (for instance, to support solaris better it seems) and some changes to .vcproj (visual studio c ide project files). For us, the only change should be the one instance of better bounds checking shown above. There is a reported vulnerability for 4.1.2 fixed by the change shown above - supposedly a remote code execution vulnerability... http://www.net-security.org/vuln.php?id=6135 >How-To-Repeat: >Fix: Update to the latest release 4.1.3 and add 'filever' to fetch instruction so the inadvertent broken checksum doesn't happen again. Index: Makefile =================================================================== RCS file: /base/FreeBSD-CVS/ports/net/vnc/Makefile,v retrieving revision 1.61 diff -u -p -r1.61 Makefile --- Makefile 16 Dec 2008 04:28:21 -0000 1.61 +++ Makefile 24 Dec 2008 00:41:49 -0000 @@ -6,11 +6,11 @@ # PORTNAME= vnc -PORTVERSION= 4.1.2 -PORTREVISION= 5 +PORTVERSION= 4.1.3 +PORTREVISION= 0 CATEGORIES= net ipv6 MASTER_SITES= http://www.realvnc.com/:vnc -DISTNAME= vnc-4_1_2-unixsrc +DISTNAME= vnc-4_1_3-unixsrc DISTFILES= ${DISTNAME}${EXTRACT_SUFX}:vnc DIST_SUBDIR= xc @@ -20,8 +20,6 @@ COMMENT= Display X and Win32 desktops on RUN_DEPENDS= xorg-fonts>=7.2:${PORTSDIR}/x11-fonts/xorg-fonts \ xauth:${PORTSDIR}/x11/xauth -BROKEN= checksum mismatch - GNU_CONFIGURE= yes # The vnc supplied zlib seg. faults if compiled with -O CONFIGURE_ARGS= --with-installed-zlib @@ -73,7 +71,7 @@ PLIST_SUB+= SERVER="@comment " # No direct URL for VNC -- have to pseudo-submit their webform. pre-fetch: @${MKDIR} ${DISTDIR}/${DIST_SUBDIR} && cd ${DISTDIR}/${DIST_SUBDIR} && \ - ${FETCH_CMD} -o ${DISTNAME}.tar.gz 'http://www.realvnc.com/cgi-bin/download.cgi?product=free4/src/unix&acceptLicense=1&haveDetails=1&filetype=tar_gz' + ${FETCH_CMD} -o ${DISTNAME}.tar.gz 'http://www.realvnc.com/cgi-bin/download.cgi?product=free4/src/unix&acceptLicense=1&haveDetails=1&filetype=tar_gz&filever=4.1.3' post-extract: .if !defined(WITHOUT_SERVER) Index: distinfo =================================================================== RCS file: /base/FreeBSD-CVS/ports/net/vnc/distinfo,v retrieving revision 1.19 diff -u -p -r1.19 distinfo --- distinfo 18 May 2006 16:06:35 -0000 1.19 +++ distinfo 24 Dec 2008 00:20:15 -0000 @@ -1,6 +1,6 @@ -MD5 (xc/vnc-4_1_2-unixsrc.tar.gz) = cf9a6fe8f592286b5e0fdde686504ffb -SHA256 (xc/vnc-4_1_2-unixsrc.tar.gz) = ed73cd1abf4c4044032929fa2dd023d851f5fe37f88009523d3b08b7d836d542 -SIZE (xc/vnc-4_1_2-unixsrc.tar.gz) = 537713 +MD5 (xc/vnc-4_1_3-unixsrc.tar.gz) = a119f3c75ad2767c0588260e2abe39be +SHA256 (xc/vnc-4_1_3-unixsrc.tar.gz) = a5897cbeaef74e02f23d43b89905f5a218041292743ed469f45092073c2bc047 +SIZE (xc/vnc-4_1_3-unixsrc.tar.gz) = 550870 MD5 (xc/X430src-1.tgz) = 4f241a4f867363f40efa2b00dca292af SHA256 (xc/X430src-1.tgz) = 5276b045e154948fce7abba7d686406c65862d90b43b50f2546b33e38378f0d7 SIZE (xc/X430src-1.tgz) = 10993622 >Release-Note: >Audit-Trail: >Unformatted: fix broken vnc port From: John Hein <jhein> Reply-To: John Hein <jhein> Cc: ports@freebsd.org BCc: jhein X-send-pr-version: 3.113 X-GNATS-Notify:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200812240058.mBO0wNoN065898>