From owner-freebsd-ports-bugs@FreeBSD.ORG Wed Dec 24 01:00:14 2008 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AD73D1065677 for ; Wed, 24 Dec 2008 01:00:14 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 866F88FC1B for ; Wed, 24 Dec 2008 01:00:14 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id mBO10EnZ074941 for ; Wed, 24 Dec 2008 01:00:14 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id mBO10E6g074940; Wed, 24 Dec 2008 01:00:14 GMT (envelope-from gnats) Resent-Date: Wed, 24 Dec 2008 01:00:14 GMT Resent-Message-Id: <200812240100.mBO10E6g074940@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, "John E. Hein" Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 21E371065673 for ; Wed, 24 Dec 2008 00:58:25 +0000 (UTC) (envelope-from jhein@timing.com) Received: from Daffy.timing.com (smtp.timing.com [206.168.13.218]) by mx1.freebsd.org (Postfix) with ESMTP id DA08C8FC1B for ; Wed, 24 Dec 2008 00:58:24 +0000 (UTC) (envelope-from jhein@timing.com) Received: from marvin.timing.com (marvin.timing.com [206.168.13.207]) by Daffy.timing.com (8.13.1/8.13.1) with ESMTP id mBO0wNm8019696 for ; Tue, 23 Dec 2008 17:58:24 -0700 (MST) (envelope-from jhein@timing.com) Received: from marvin.timing.com (localhost [127.0.0.1]) by marvin.timing.com (8.14.3/8.14.3) with ESMTP id mBO0wNC1065899 for ; Tue, 23 Dec 2008 17:58:23 -0700 (MST) (envelope-from jhein@marvin.timing.com) Received: (from jhein@localhost) by marvin.timing.com (8.14.3/8.14.3/Submit) id mBO0wNoN065898; Tue, 23 Dec 2008 17:58:23 -0700 (MST) (envelope-from jhein) Message-Id: <200812240058.mBO0wNoN065898@marvin.timing.com> Date: Tue, 23 Dec 2008 17:58:23 -0700 (MST) From: "John E. Hein" To: FreeBSD-gnats-submit@FreeBSD.org Cc: Subject: ports/129894: [patch][vulnerability fix] update vnc port X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Dec 2008 01:00:14 -0000 >Number: 129894 >Category: ports >Synopsis: fix broken vnc port >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Wed Dec 24 01:00:14 UTC 2008 >Closed-Date: >Last-Modified: >Originator: John Hein >Release: FreeBSD 7.1-PRERELEASE i386 >Organization: >Environment: >Description: realvnc.com released a new version (in Oct), but the fetch doesn't know the difference and, despite the port unsuspectingly fetching the latest 4.1.3 version, forces the output filename to vnc-4_1_2-unixsrc.tar.gz with -o... /usr/bin/fetch -ApRr -o vnc-4_1_3-unixsrc.tar.gz 'http://www.realvnc.com/cgi-bin/download.cgi?product=free4/src/unix&acceptLicense=1&haveDetails=1&filetype=tar_gz' Adding '&filever=4.1.2' to the cgi download url would work around this since the 4.1.2 tarball is still available, but we should update to 4.1.3. Only one code change: to bounds check bounds on a decoders array index before dereferencing in vnc-4_1_3-unixsrc/common/rfb/CMsgReader.cxx ... + if (encoding > encodingMax) + throw Exception("Unknown rect encoding"); Other than that, there were some minor 'configure' changes (for instance, to support solaris better it seems) and some changes to .vcproj (visual studio c ide project files). For us, the only change should be the one instance of better bounds checking shown above. There is a reported vulnerability for 4.1.2 fixed by the change shown above - supposedly a remote code execution vulnerability... http://www.net-security.org/vuln.php?id=6135 >How-To-Repeat: >Fix: Update to the latest release 4.1.3 and add 'filever' to fetch instruction so the inadvertent broken checksum doesn't happen again. Index: Makefile =================================================================== RCS file: /base/FreeBSD-CVS/ports/net/vnc/Makefile,v retrieving revision 1.61 diff -u -p -r1.61 Makefile --- Makefile 16 Dec 2008 04:28:21 -0000 1.61 +++ Makefile 24 Dec 2008 00:41:49 -0000 @@ -6,11 +6,11 @@ # PORTNAME= vnc -PORTVERSION= 4.1.2 -PORTREVISION= 5 +PORTVERSION= 4.1.3 +PORTREVISION= 0 CATEGORIES= net ipv6 MASTER_SITES= http://www.realvnc.com/:vnc -DISTNAME= vnc-4_1_2-unixsrc +DISTNAME= vnc-4_1_3-unixsrc DISTFILES= ${DISTNAME}${EXTRACT_SUFX}:vnc DIST_SUBDIR= xc @@ -20,8 +20,6 @@ COMMENT= Display X and Win32 desktops on RUN_DEPENDS= xorg-fonts>=7.2:${PORTSDIR}/x11-fonts/xorg-fonts \ xauth:${PORTSDIR}/x11/xauth -BROKEN= checksum mismatch - GNU_CONFIGURE= yes # The vnc supplied zlib seg. faults if compiled with -O CONFIGURE_ARGS= --with-installed-zlib @@ -73,7 +71,7 @@ PLIST_SUB+= SERVER="@comment " # No direct URL for VNC -- have to pseudo-submit their webform. pre-fetch: @${MKDIR} ${DISTDIR}/${DIST_SUBDIR} && cd ${DISTDIR}/${DIST_SUBDIR} && \ - ${FETCH_CMD} -o ${DISTNAME}.tar.gz 'http://www.realvnc.com/cgi-bin/download.cgi?product=free4/src/unix&acceptLicense=1&haveDetails=1&filetype=tar_gz' + ${FETCH_CMD} -o ${DISTNAME}.tar.gz 'http://www.realvnc.com/cgi-bin/download.cgi?product=free4/src/unix&acceptLicense=1&haveDetails=1&filetype=tar_gz&filever=4.1.3' post-extract: .if !defined(WITHOUT_SERVER) Index: distinfo =================================================================== RCS file: /base/FreeBSD-CVS/ports/net/vnc/distinfo,v retrieving revision 1.19 diff -u -p -r1.19 distinfo --- distinfo 18 May 2006 16:06:35 -0000 1.19 +++ distinfo 24 Dec 2008 00:20:15 -0000 @@ -1,6 +1,6 @@ -MD5 (xc/vnc-4_1_2-unixsrc.tar.gz) = cf9a6fe8f592286b5e0fdde686504ffb -SHA256 (xc/vnc-4_1_2-unixsrc.tar.gz) = ed73cd1abf4c4044032929fa2dd023d851f5fe37f88009523d3b08b7d836d542 -SIZE (xc/vnc-4_1_2-unixsrc.tar.gz) = 537713 +MD5 (xc/vnc-4_1_3-unixsrc.tar.gz) = a119f3c75ad2767c0588260e2abe39be +SHA256 (xc/vnc-4_1_3-unixsrc.tar.gz) = a5897cbeaef74e02f23d43b89905f5a218041292743ed469f45092073c2bc047 +SIZE (xc/vnc-4_1_3-unixsrc.tar.gz) = 550870 MD5 (xc/X430src-1.tgz) = 4f241a4f867363f40efa2b00dca292af SHA256 (xc/X430src-1.tgz) = 5276b045e154948fce7abba7d686406c65862d90b43b50f2546b33e38378f0d7 SIZE (xc/X430src-1.tgz) = 10993622 >Release-Note: >Audit-Trail: >Unformatted: fix broken vnc port From: John Hein Reply-To: John Hein Cc: ports@freebsd.org BCc: jhein X-send-pr-version: 3.113 X-GNATS-Notify: