From owner-freebsd-ports-bugs@FreeBSD.ORG Fri Dec 19 06:22:10 2014 Return-Path: Delivered-To: freebsd-ports-bugs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 62D44A35 for ; Fri, 19 Dec 2014 06:22:10 +0000 (UTC) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4552E2DBE for ; Fri, 19 Dec 2014 06:22:10 +0000 (UTC) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id sBJ6MA1A054515 for ; Fri, 19 Dec 2014 06:22:10 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 196119] New: [patch] x11-server/xorg-server: unbreak net/tigervnc after CVE-2014-8092 patch Date: Fri, 19 Dec 2014 06:22:08 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports Tree X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: beastie@tardisi.com X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ports-bugs@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter cc flagtypes.name attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Dec 2014 06:22:10 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196119 Bug ID: 196119 Summary: [patch] x11-server/xorg-server: unbreak net/tigervnc after CVE-2014-8092 patch Product: Ports Tree Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: beastie@tardisi.com CC: meta+ports@vmeta.jp CC: meta+ports@vmeta.jp Flags: maintainer-feedback?(meta+ports@vmeta.jp) Created attachment 150747 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=150747&action=edit patch to unbreak what wasn't broke, leaves fix for what was. since x11-server/xorg-server was updated to "Fix multiple xserver security advisories in the 1.12.4 xserver." net/tigervnc fails to build at this point: (00:13:42) In file included from ../../include/region.h:51, (00:13:42) from ../../include/window.h:52, (00:13:42) from ../../include/input.h:56, (00:13:42) from ../../hw/xfree86/common/xf86str.h:39, (00:13:42) from ../../hw/xfree86/common/xf86.h:45, (00:13:42) from xf86vncModule.cc:39: (00:13:42) ../../include/regionstr.h: In function 'void RegionInit(pixman_region16*, pixman_box16*, int)': (00:13:42) ../../include/regionstr.h:147: error: invalid conversion from 'void*' to 'pixman_region16_data_t*' (00:13:42) Makefile:893: recipe for target 'libvnc_la-xf86vncModule.lo' failed After searching online for a while, I came across this message post: > Re: [tigervnc-devel] Ubuntu trusty build failures > > Alan Coopersmith Thu, 11 Dec 2014 17:34:03 -0800 > > On 12/11/14 05:19 PM, Brian Hinz wrote: > > As of yesterday, upstream patches to the ubuntu 14.04 xorg-server-source package > > cause our build to fail with the following error: > > > > ../../include/regionstr.h: In function 'void RegionInit(RegionPtr, BoxPtr, > > int)': > > ../../include/regionstr.h:147:45: error: invalid conversion from 'void*' to > > 'pixman_region16_data_t* {aka pixman_region16_data*}' [-fpermissive] > > (((_pReg)->data = malloc(rgnSize)) != NULL)) { > > > > Still looking into what changed that's now causing this, but thechangelog > > > > references CVEs so we should probably review them to make sure the 1.4.0 release is > > not affected. > > Sorry, I'm a C programmer, so I'm in the habit of deleting casts of malloc() > results, forgetting that breaks C++. > > After the patches were released, I also found late yesterday that this change > had broken our TigerVNC 1.1 package build on Solaris: > > - if (((_size) > 1) && ((_pReg)->data = > - (RegDataPtr) malloc(RegionSizeof(_size)))) { > + if (((_size) > 1) && ((rgnSize = RegionSizeof(_size)) > 0) && > + (((_pReg)->data = malloc(rgnSize)) != NULL)) { > > from http://cgit.freedesktop.org/xorg/xserver/commit/?id=97015a07b9e15d8ec5608b95d95ec0eb51202acb > > I can make it build again by putting the (RegDataPtr) back but was hoping we > could find some way to make extern "C" { ... } or similar convince the compiler > C code was okay, since on the upstream Xorg side we have no way of knowing when > our C changes break VNC trying to use our C code as C++ code. > > -- > -Alan Coopersmith- alan.coopersm...@oracle.com > Oracle Solaris Engineering - http://blogs.oracle.com/alanc > _______________________________________________ > xorg-devel@lists.x.org: X.Org development > Archives: http://lists.x.org/archives/xorg-devel > Info: http://lists.x.org/mailman/listinfo/xorg-devel Well, as a C Programmer...sure.... 1> casting is redundant. so not doing it saves typing, how does removing it save? Not casting (or worse removing somebody else's cast, would get me burned in a code review....but then company had so far failed to get acquire by Oracle.) 2> it would mask failing to include stdlib.h, so make sure its included (of course that would lead to redundancy.) 3> if the type is changed, it require updating all the malloc's. Unless a typedef is used....which, umm, is what RegDataPtr is. --- Comment #1 from Bugzilla Automation --- Maintainer CC'd -- You are receiving this mail because: You are the assignee for the bug.