Bump to 1.3.1 and patch 1.2.80_p5065 wrt security bug #505170

(Portage version: 2.2.8-r1/cvs/Linux x86_64, signed Manifest commit with key 0xF6AD3240)
author: Raúl Porcel <armin76@gentoo.org> 2014-03-20 19:10:55 +0000
committer: Raúl Porcel <armin76@gentoo.org> 2014-03-20 19:10:55 +0000
commit: d3b90b96386ade0977cd672c69f755a6e3f1f0b3 (patch)
tree: 499090166d3d0ac92fb78ac9af6cc272f0d1aa60 /net-misc/tigervnc
parent: Fix metadata descriptions, thanks nickm (diff)
download: gentoo-2-d3b90b96386ade0977cd672c69f755a6e3f1f0b3.tar.gz
gentoo-2-d3b90b96386ade0977cd672c69f755a6e3f1f0b3.tar.bz2
gentoo-2-d3b90b96386ade0977cd672c69f755a6e3f1f0b3.zip
5 files changed, 263 insertions, 9 deletions
diff --git a/net-misc/tigervnc/ChangeLog b/net-misc/tigervnc/ChangeLog
index fa0e3659d7ac..cb0dc4c20b18 100644
--- a/net-misc/tigervnc/ChangeLog
+++ b/net-misc/tigervnc/ChangeLog
@@ -1,6 +1,16 @@
 # ChangeLog for net-misc/tigervnc
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/tigervnc/ChangeLog,v 1.171 2014/02/08 19:40:31 armin76 Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/tigervnc/ChangeLog,v 1.172 2014/03/20 19:10:55 armin76 Exp $
+
+*tigervnc-1.3.1-r1 (20 Mar 2014)
+*tigervnc-1.3.1 (20 Mar 2014)
+*tigervnc-1.2.80_p5065-r1 (20 Mar 2014)
+
+  20 Mar 2014; Raúl Porcel <armin76@gentoo.org>
+  +tigervnc-1.2.80_p5065-r1.ebuild, -tigervnc-1.3.0.ebuild,
+  -tigervnc-1.3.0-r1.ebuild, +tigervnc-1.3.1.ebuild, +tigervnc-1.3.1-r1.ebuild,
+  +files/CVE-2014-0011.patch:
+  Bump to 1.3.1 and patch 1.2.80_p5065 wrt security bug #505170
 
 *tigervnc-1.3.0-r1 (08 Feb 2014)
 
diff --git a/net-misc/tigervnc/files/CVE-2014-0011.patch b/net-misc/tigervnc/files/CVE-2014-0011.patch
new file mode 100644
index 000000000000..0075720bd620
--- /dev/null
+++ b/net-misc/tigervnc/files/CVE-2014-0011.patch
@@ -0,0 +1,49 @@
+diff -up tigervnc-1.3.0/common/CMakeLists.txt.CVE-2014-0011 tigervnc-1.3.0/common/CMakeLists.txt
+--- tigervnc-1.3.0/common/CMakeLists.txt.CVE-2014-0011	2013-07-01 13:42:01.000000000 +0100
++++ tigervnc-1.3.0/common/CMakeLists.txt	2014-02-04 16:59:10.840037314 +0000
+@@ -23,3 +23,6 @@ if(CMAKE_COMPILER_IS_GNUCXX AND (CMAKE_S
+     set_target_properties(zlib PROPERTIES COMPILE_FLAGS -fPIC)
+   endif()
+ endif()
++
++# Turn asserts on.
++set_target_properties(rdr rfb PROPERTIES COMPILE_FLAGS -UNDEBUG)
+diff -up tigervnc-1.3.0/common/rfb/zrleDecode.h.CVE-2014-0011 tigervnc-1.3.0/common/rfb/zrleDecode.h
+--- tigervnc-1.3.0/common/rfb/zrleDecode.h.CVE-2014-0011	2013-07-01 13:41:59.000000000 +0100
++++ tigervnc-1.3.0/common/rfb/zrleDecode.h	2014-02-04 16:17:00.881565540 +0000
+@@ -25,9 +25,10 @@
+ // FILL_RECT          - fill a rectangle with a single colour
+ // IMAGE_RECT         - draw a rectangle of pixel data from a buffer
+ 
++#include <stdio.h>
+ #include <rdr/InStream.h>
+ #include <rdr/ZlibInStream.h>
+-#include <assert.h>
++#include <rfb/Exception.h>
+ 
+ namespace rfb {
+ 
+@@ -143,7 +144,10 @@ void ZRLE_DECODE (const Rect& r, rdr::In
+               len += b;
+             } while (b == 255);
+ 
+-            assert(len <= end - ptr);
++	    if (end - ptr < len) {
++	      fprintf (stderr, "ZRLE decode error\n");
++	      throw Exception ("ZRLE decode error");
++	    }
+ 
+ #ifdef FAVOUR_FILL_RECT
+             int i = ptr - buf;
+@@ -193,7 +197,10 @@ void ZRLE_DECODE (const Rect& r, rdr::In
+                 len += b;
+               } while (b == 255);
+ 
+-              assert(len <= end - ptr);
++	      if (end - ptr < len) {
++		fprintf (stderr, "ZRLE decode error\n");
++		throw Exception ("ZRLE decode error");
++	      }
+             }
+ 
+             index &= 127;
diff --git a/net-misc/tigervnc/tigervnc-1.2.80_p5065-r1.ebuild b/net-misc/tigervnc/tigervnc-1.2.80_p5065-r1.ebuild
new file mode 100644
index 000000000000..76f5fc001dcd
--- /dev/null
+++ b/net-misc/tigervnc/tigervnc-1.2.80_p5065-r1.ebuild
@@ -0,0 +1,195 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/tigervnc/tigervnc-1.2.80_p5065-r1.ebuild,v 1.1 2014/03/20 19:10:55 armin76 Exp $
+
+EAPI="4"
+
+inherit eutils cmake-utils autotools java-pkg-opt-2 flag-o-matic
+
+PATCHVER="0.1"
+XSERVER_VERSION="1.14.2"
+OPENGL_DIR="xorg-x11"
+MY_P="${PN}-1.2.80-20130314svn5065"
+S="${WORKDIR}/${MY_P}"
+
+DESCRIPTION="Remote desktop viewer display system"
+HOMEPAGE="http://www.tigervnc.org"
+SRC_URI="http://pkgs.fedoraproject.org/repo/pkgs/tigervnc/tigervnc-1.2.80-20130314svn5065.tar.bz2/4522c6f107dbe778f197b2294c0eb867/tigervnc-1.2.80-20130314svn5065.tar.bz2
+	mirror://gentoo/${PN}.png
+	mirror://gentoo/${P}-patches-${PATCHVER}.tar.bz2
+	http://dev.gentoo.org/~armin76/dist/${P}-patches-${PATCHVER}.tar.bz2
+	server? ( ftp://ftp.freedesktop.org/pub/xorg/individual/xserver/xorg-server-${XSERVER_VERSION}.tar.bz2	)"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86"
+IUSE="gnutls java nptl +opengl pam server +xorgmodule"
+
+RDEPEND="virtual/jpeg:0
+	sys-libs/zlib
+	>=x11-libs/libXtst-1.0.99.2
+	>=x11-libs/fltk-1.3.1
+	gnutls? ( net-libs/gnutls )
+	java? ( >=virtual/jre-1.5 )
+	pam? ( virtual/pam )
+	server? (
+		>=x11-libs/libXi-1.2.99.1
+		>=x11-libs/libXfont-1.4.2
+		>=x11-libs/libxkbfile-1.0.4
+		x11-libs/libXrender
+		>=x11-libs/pixman-0.21.8
+		>=x11-apps/xauth-1.0.3
+		x11-apps/xsetroot
+		>=x11-misc/xkeyboard-config-2.4.1-r3
+		opengl? ( >=app-admin/eselect-opengl-1.0.8 )
+		xorgmodule? ( =x11-base/xorg-server-${XSERVER_VERSION%.*}* )
+	)
+	!net-misc/vnc
+	!net-misc/tightvnc
+	!net-misc/xf4vnc"
+DEPEND="${RDEPEND}
+	amd64? ( dev-lang/nasm )
+	x86? ( dev-lang/nasm )
+	>=x11-proto/inputproto-2.1.99.3
+	>=x11-proto/xextproto-7.1.99
+	>=x11-proto/xproto-7.0.22
+	java? ( >=virtual/jdk-1.5 )
+	server?	(
+		virtual/pkgconfig
+		media-fonts/font-util
+		x11-misc/util-macros
+		>=x11-proto/bigreqsproto-1.1.0
+		>=x11-proto/compositeproto-0.4
+		>=x11-proto/damageproto-1.1
+		>=x11-proto/fixesproto-5.0
+		>=x11-proto/fontsproto-2.0.2
+		>=x11-proto/randrproto-1.4.0
+		>=x11-proto/renderproto-0.11
+		>=x11-proto/resourceproto-1.0.2
+		>=x11-proto/scrnsaverproto-1.1
+		>=x11-proto/videoproto-2.2.2
+		>=x11-proto/xcmiscproto-1.2.0
+		>=x11-proto/xineramaproto-1.1.3
+		>=x11-libs/xtrans-1.2.2
+		>=x11-proto/dri2proto-2.8
+		opengl? ( >=media-libs/mesa-7.8_rc[nptl=] )
+	)"
+
+CMAKE_IN_SOURCE_BUILD=1
+
+pkg_setup() {
+	if ! use server ; then
+		echo
+		einfo "The 'server' USE flag will build tigervnc's server."
+		einfo "If '-server' is chosen only the client is built to save space."
+		einfo "Stop the build now if you need to add 'server' to USE flags.\n"
+	else
+		ewarn "Forcing on xorg-x11 for new enough glxtokens.h..."
+		OLD_IMPLEM="$(eselect opengl show)"
+		eselect opengl set ${OPENGL_DIR}
+	fi
+}
+
+switch_opengl_implem() {
+	# Switch to the xorg implementation.
+	# Use new opengl-update that will not reset user selected
+	# OpenGL interface ...
+	echo
+	eselect opengl set ${OLD_IMPLEM}
+}
+
+src_prepare() {
+	if use server ; then
+		cp -r "${WORKDIR}"/xorg-server-${XSERVER_VERSION}/* unix/xserver
+	else
+		rm "${WORKDIR}"/patches/*_server_*
+	fi
+
+	epatch "${FILESDIR}"/CVE-2014-0011.patch
+	EPATCH_SOURCE="${WORKDIR}/patches" EPATCH_SUFFIX="patch" \
+		EPATCH_FORCE="yes" epatch
+
+	if use server ; then
+		cd unix/xserver
+		epatch ../xserver114.patch
+		eautoreconf
+	fi
+}
+
+src_configure() {
+
+	use arm || use hppa && append-flags "-fPIC"
+
+	mycmakeargs=(
+		-G "Unix Makefiles"
+		$(cmake-utils_use_enable gnutls GNUTLS)
+		$(cmake-utils_use_enable pam PAM)
+		$(cmake-utils_use_build java JAVA)
+	)
+
+	cmake-utils_src_configure
+
+	if use server; then
+		cd unix/xserver
+		econf \
+			$(use_enable nptl glx-tls) \
+			$(use_enable opengl glx) \
+			--disable-config-dbus \
+			--disable-config-hal \
+			--disable-config-udev \
+			--disable-devel-docs \
+			--disable-dmx \
+			--disable-dri \
+			--disable-kdrive \
+			--disable-selective-werror \
+			--disable-silent-rules \
+			--disable-static \
+			--disable-unit-tests \
+			--disable-xephyr \
+			--disable-xinerama \
+			--disable-xnest \
+			--disable-xorg \
+			--disable-xvfb \
+			--disable-xwin \
+			--enable-dri2 \
+			--with-pic \
+			--without-dtrace
+	fi
+}
+
+src_compile() {
+	cmake-utils_src_compile
+
+	if use server ; then
+		cd unix/xserver
+		emake
+	fi
+}
+
+src_install() {
+	cmake-utils_src_install
+
+	newicon "${DISTDIR}"/tigervnc.png vncviewer.png
+	make_desktop_entry vncviewer vncviewer vncviewer Network
+
+	if use server ; then
+		cd unix/xserver/hw/vnc
+		emake DESTDIR="${D}" install
+		! use xorgmodule && rm -rf "${D}"/usr/$(get_libdir)/xorg
+
+		newconfd "${FILESDIR}"/${PN}.confd ${PN}
+		newinitd "${FILESDIR}"/${PN}.initd ${PN}
+
+		rm "${D}"/usr/$(get_libdir)/xorg/modules/extensions/libvnc.la
+	else
+		cd "${D}"
+		for f in vncserver vncpasswd x0vncserver vncconfig; do
+			rm usr/bin/$f
+			rm usr/share/man/man1/$f.1
+		done
+	fi
+}
+
+pkg_postinst() {
+	use server && switch_opengl_implem
+}
diff --git a/net-misc/tigervnc/tigervnc-1.3.0-r1.ebuild b/net-misc/tigervnc/tigervnc-1.3.1-r1.ebuild
index 7e9993805720..3c2c58827c8f 100644
--- a/net-misc/tigervnc/tigervnc-1.3.0-r1.ebuild
+++ b/net-misc/tigervnc/tigervnc-1.3.1-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/tigervnc/tigervnc-1.3.0-r1.ebuild,v 1.1 2014/02/08 19:40:31 armin76 Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/tigervnc/tigervnc-1.3.1-r1.ebuild,v 1.1 2014/03/20 19:10:55 armin76 Exp $
 
 EAPI="4"
 
@@ -14,10 +14,10 @@ OPENGL_DIR="xorg-x11"
 
 DESCRIPTION="Remote desktop viewer display system"
 HOMEPAGE="http://www.tigervnc.org"
-SRC_URI="mirror://sourceforge/tigervnc/${P}.tar.bz2
+SRC_URI="mirror://sourceforge/tigervnc/${P}.tar.gz
 	mirror://gentoo/${PN}.png
-	mirror://gentoo/${P}-patches-${PATCHVER}.tar.bz2
-	http://dev.gentoo.org/~armin76/dist/${P}-patches-${PATCHVER}.tar.bz2
+	mirror://gentoo/${PN}-1.3.0-patches-${PATCHVER}.tar.bz2
+	http://dev.gentoo.org/~armin76/dist/${PN}-1.3.0-patches-${PATCHVER}.tar.bz2
 	server? ( ftp://ftp.freedesktop.org/pub/xorg/individual/xserver/xorg-server-${XSERVER_VERSION}.tar.bz2	)"
 
 LICENSE="GPL-2"
diff --git a/net-misc/tigervnc/tigervnc-1.3.0.ebuild b/net-misc/tigervnc/tigervnc-1.3.1.ebuild
index cc8aa539eaed..d395d4657367 100644
--- a/net-misc/tigervnc/tigervnc-1.3.0.ebuild
+++ b/net-misc/tigervnc/tigervnc-1.3.1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/tigervnc/tigervnc-1.3.0.ebuild,v 1.2 2014/02/01 19:15:18 armin76 Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/tigervnc/tigervnc-1.3.1.ebuild,v 1.1 2014/03/20 19:10:55 armin76 Exp $
 
 EAPI="4"
 
@@ -14,10 +14,10 @@ OPENGL_DIR="xorg-x11"
 
 DESCRIPTION="Remote desktop viewer display system"
 HOMEPAGE="http://www.tigervnc.org"
-SRC_URI="mirror://sourceforge/tigervnc/${P}.tar.bz2
+SRC_URI="mirror://sourceforge/tigervnc/${P}.tar.gz
 	mirror://gentoo/${PN}.png
-	mirror://gentoo/${P}-patches-${PATCHVER}.tar.bz2
-	http://dev.gentoo.org/~armin76/dist/${P}-patches-${PATCHVER}.tar.bz2
+	mirror://gentoo/${PN}-1.3.0-patches-${PATCHVER}.tar.bz2
+	http://dev.gentoo.org/~armin76/dist/${PN}-1.3.0-patches-${PATCHVER}.tar.bz2
 	server? ( ftp://ftp.freedesktop.org/pub/xorg/individual/xserver/xorg-server-${XSERVER_VERSION}.tar.bz2	)"
 
 LICENSE="GPL-2"
author	Raúl Porcel <armin76@gentoo.org>	2014-03-20 19:10:55 +0000
committer	Raúl Porcel <armin76@gentoo.org>	2014-03-20 19:10:55 +0000
commit	d3b90b96386ade0977cd672c69f755a6e3f1f0b3 (patch)
tree	499090166d3d0ac92fb78ac9af6cc272f0d1aa60 /net-misc/tigervnc
parent	Fix metadata descriptions, thanks nickm (diff)
download	gentoo-2-d3b90b96386ade0977cd672c69f755a6e3f1f0b3.tar.gz gentoo-2-d3b90b96386ade0977cd672c69f755a6e3f1f0b3.tar.bz2 gentoo-2-d3b90b96386ade0977cd672c69f755a6e3f1f0b3.zip