Date: Fri, 19 Dec 2014 06:22:08 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 196119] New: [patch] x11-server/xorg-server: unbreak net/tigervnc after CVE-2014-8092 patch Message-ID: <bug-196119-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196119 Bug ID: 196119 Summary: [patch] x11-server/xorg-server: unbreak net/tigervnc after CVE-2014-8092 patch Product: Ports Tree Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: beastie@tardisi.com CC: meta+ports@vmeta.jp CC: meta+ports@vmeta.jp Flags: maintainer-feedback?(meta+ports@vmeta.jp) Created attachment 150747 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=150747&action=edit patch to unbreak what wasn't broke, leaves fix for what was. since x11-server/xorg-server was updated to "Fix multiple xserver security advisories in the 1.12.4 xserver." net/tigervnc fails to build at this point: (00:13:42) In file included from ../../include/region.h:51, (00:13:42) from ../../include/window.h:52, (00:13:42) from ../../include/input.h:56, (00:13:42) from ../../hw/xfree86/common/xf86str.h:39, (00:13:42) from ../../hw/xfree86/common/xf86.h:45, (00:13:42) from xf86vncModule.cc:39: (00:13:42) ../../include/regionstr.h: In function 'void RegionInit(pixman_region16*, pixman_box16*, int)': (00:13:42) ../../include/regionstr.h:147: error: invalid conversion from 'void*' to 'pixman_region16_data_t*' (00:13:42) Makefile:893: recipe for target 'libvnc_la-xf86vncModule.lo' failed After searching online for a while, I came across this message post: > Re: [tigervnc-devel] Ubuntu trusty build failures > > Alan Coopersmith Thu, 11 Dec 2014 17:34:03 -0800 > > On 12/11/14 05:19 PM, Brian Hinz wrote: > > As of yesterday, upstream patches to the ubuntu 14.04 xorg-server-source package > > cause our build to fail with the following error: > > > > ../../include/regionstr.h: In function 'void RegionInit(RegionPtr, BoxPtr, > > int)': > > ../../include/regionstr.h:147:45: error: invalid conversion from 'void*' to > > 'pixman_region16_data_t* {aka pixman_region16_data*}' [-fpermissive] > > (((_pReg)->data = malloc(rgnSize)) != NULL)) { > > > > Still looking into what changed that's now causing this, but thechangelog > > <http://changelogs.ubuntu.com/changelogs/pool/main/x/xorg-server/xorg-server_1.15.1-0ubuntu2.5/changelog>; > > references CVEs so we should probably review them to make sure the 1.4.0 release is > > not affected. > > Sorry, I'm a C programmer, so I'm in the habit of deleting casts of malloc() > results, forgetting that breaks C++. > > After the patches were released, I also found late yesterday that this change > had broken our TigerVNC 1.1 package build on Solaris: > > - if (((_size) > 1) && ((_pReg)->data = > - (RegDataPtr) malloc(RegionSizeof(_size)))) { > + if (((_size) > 1) && ((rgnSize = RegionSizeof(_size)) > 0) && > + (((_pReg)->data = malloc(rgnSize)) != NULL)) { > > from http://cgit.freedesktop.org/xorg/xserver/commit/?id=97015a07b9e15d8ec5608b95d95ec0eb51202acb > > I can make it build again by putting the (RegDataPtr) back but was hoping we > could find some way to make extern "C" { ... } or similar convince the compiler > C code was okay, since on the upstream Xorg side we have no way of knowing when > our C changes break VNC trying to use our C code as C++ code. > > -- > -Alan Coopersmith- alan.coopersm...@oracle.com > Oracle Solaris Engineering - http://blogs.oracle.com/alanc > _______________________________________________ > xorg-devel@lists.x.org: X.Org development > Archives: http://lists.x.org/archives/xorg-devel > Info: http://lists.x.org/mailman/listinfo/xorg-devel Well, as a C Programmer...sure.... 1> casting is redundant. so not doing it saves typing, how does removing it save? Not casting (or worse removing somebody else's cast, would get me burned in a code review....but then company had so far failed to get acquire by Oracle.) 2> it would mask failing to include stdlib.h, so make sure its included (of course that would lead to redundancy.) 3> if the type is changed, it require updating all the malloc's. Unless a typedef is used....which, umm, is what RegDataPtr is. --- Comment #1 from Bugzilla Automation <bugzilla@FreeBSD.org> --- Maintainer CC'd -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-196119-13>