Merge pull request #336605 from LeSuisse/tightvnc-drop (2d1ea93e) · Commits · nix / nixpkgs

pkgs/tools/admin/tightvnc/1.3.10-CVE-2019-15678.patch

deleted100644 → 0

+0 −18

Original line number	Diff line number	Diff line
		Adapted from https://github.com/LibVNC/libvncserver/commit/c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a
		diff --git a/vncviewer/rfbproto.c b/vncviewer/rfbproto.c
		index 04b0230..47a6863 100644
		--- a/vncviewer/rfbproto.c
		+++ b/vncviewer/rfbproto.c
		@@ -1217,6 +1217,12 @@ HandleRFBServerMessage()
		if (serverCutText)
		free(serverCutText);

		+ if (msg.sct.length > 1<<20) {
		+ fprintf(stderr,"Ignoring too big cut text length sent by server: %u B > 1 MB\n",
		+ (unsigned int)msg.sct.length);
		+ return False;
		+ }
		+
		serverCutText = malloc(msg.sct.length+1);

		if (!ReadFromRFBServer(serverCutText, msg.sct.length))

pkgs/tools/admin/tightvnc/1.3.10-CVE-2019-15679.patch

deleted100644 → 0

+0 −19

Original line number	Diff line number	Diff line
		Adapted from https://github.com/LibVNC/libvncserver/commit/c2c4b81e6cb3b485fb1ec7ba9e7defeb889f6ba7
		diff --git a/vncviewer/rfbproto.c b/vncviewer/rfbproto.c
		index 04b0230..bd11b54 100644
		--- a/vncviewer/rfbproto.c
		+++ b/vncviewer/rfbproto.c
		@@ -303,7 +303,12 @@ InitialiseRFBConnection(void)
		si.format.blueMax = Swap16IfLE(si.format.blueMax);
		si.nameLength = Swap32IfLE(si.nameLength);

		- /* FIXME: Check arguments to malloc() calls. */
		+ if (si.nameLength > 1<<20) {
		+ fprintf(stderr, "Too big desktop name length sent by server: %lu B > 1 MB\n",
		+ (unsigned long)si.nameLength);
		+ return False;
		+ }
		+
		desktopName = malloc(si.nameLength + 1);
		if (!desktopName) {
		fprintf(stderr, "Error allocating memory for desktop name, %lu bytes\n",

pkgs/tools/admin/tightvnc/1.3.10-CVE-2019-15680.patch

deleted100644 → 0

+0 −16

Original line number	Diff line number	Diff line
		diff --git a/vncviewer/zlib.c b/vncviewer/zlib.c
		index 80c4eee..76998d8 100644
		--- a/vncviewer/zlib.c
		+++ b/vncviewer/zlib.c
		@@ -55,6 +55,11 @@ HandleZlibBPP (int rx, int ry, int rw, int rh)
		raw_buffer_size = (( rw * rh ) * ( BPP / 8 ));
		raw_buffer = (char*) malloc( raw_buffer_size );

		+ if ( raw_buffer == NULL ) {
		+ fprintf(stderr,
		+ "couldn't allocate raw_buffer in HandleZlibBPP");
		+ return False;
		+ }
		}

		if (!ReadFromRFBServer((char *)&hdr, sz_rfbZlibHeader))

pkgs/tools/admin/tightvnc/1.3.10-CVE-2019-8287.patch

deleted100644 → 0

+0 −14

Original line number	Diff line number	Diff line
		Adapted from https://github.com/LibVNC/libvncserver/commit/7b1ef0ffc4815cab9a96c7278394152bdc89dc4d
		diff --git a/vncviewer/corre.c b/vncviewer/corre.c
		index c846a10..a4c272d 100644
		--- a/vncviewer/corre.c
		+++ b/vncviewer/corre.c
		@@ -56,7 +56,7 @@ HandleCoRREBPP (int rx, int ry, int rw, int rh)
		XChangeGC(dpy, gc, GCForeground, &gcv);
		XFillRectangle(dpy, desktopWin, gc, rx, ry, rw, rh);

		- if (!ReadFromRFBServer(buffer, hdr.nSubrects * (4 + (BPP / 8))))
		+ if (hdr.nSubrects > BUFFER_SIZE / (4 + (BPP / 8)) \|\| !ReadFromRFBServer(buffer, hdr.nSubrects * (4 + (BPP / 8))))
		return False;

		ptr = (CARD8 *)buffer;

pkgs/tools/admin/tightvnc/default.nix

deleted100644 → 0

+0 −116

Original line number	Diff line number	Diff line
		{ lib
		, stdenv
		, fetchurl
		, zlib
		, libjpeg
		, imake
		, gccmakedep
		, libXaw
		, libXext
		, libXmu
		, libXp
		, libXpm
		, perl
		, xauth
		, fontDirectories
		, openssh
		}:

		stdenv.mkDerivation rec {
		pname = "tightvnc";
		version = "1.3.10";

		src = fetchurl {
		url = "mirror://sourceforge/vnc-tight/tightvnc-${version}_unixsrc.tar.bz2";
		sha256 = "f48c70fea08d03744ae18df6b1499976362f16934eda3275cead87baad585c0d";
		};

		patches = [
		./1.3.10-CVE-2019-15678.patch
		./1.3.10-CVE-2019-15679.patch
		./1.3.10-CVE-2019-15680.patch
		./1.3.10-CVE-2019-8287.patch
		];

		# for the builder script
		inherit fontDirectories;

		hardeningDisable = [ "format" ];

		buildInputs = [
		zlib
		libjpeg
		imake
		gccmakedep
		libXaw
		libXext
		libXmu
		libXp
		libXpm
		xauth
		openssh
		];

		postPatch = ''
		fontPath=
		for i in $fontDirectories; do
		for j in $(find $i -name fonts.dir); do
		addToSearchPathWithCustomDelimiter "," fontPath $(dirname $j)
		done
		done

		sed -i "s@/usr/bin/ssh@${openssh}/bin/ssh@g" vncviewer/vncviewer.h

		sed -e 's@/usr/bin/perl@${perl}/bin/perl@' \
		-e 's@unix/:7100@'$fontPath'@' \
		-i vncserver

		sed -e 's@.* CppCmd .*@#define CppCmd cpp@' -i Xvnc/config/cf/linux.cf
		sed -e 's@.* CppCmd .*@#define CppCmd cpp@' -i Xvnc/config/cf/Imake.tmpl
		sed -i \
		-e 's@"uname","xauth","Xvnc","vncpasswd"@"uname","Xvnc","vncpasswd"@g' \
		-e "s@\<xauth\>@${xauth}/bin/xauth@g" \
		vncserver
		'';

		preInstall = ''
		mkdir -p $out/bin
		mkdir -p $out/share/man/man1
		'';

		installPhase = ''
		runHook preInstall

		./vncinstall $out/bin $out/share/man

		runHook postInstall
		'';

		postInstall = ''
		# fix HTTP client:
		mkdir -p $out/share/tightvnc
		cp -r classes $out/share/tightvnc
		substituteInPlace $out/bin/vncserver \
		--replace /usr/local/vnc/classes $out/share/tightvnc/classes
		'';

		meta = {
		license = lib.licenses.gpl2Plus;
		homepage = "https://vnc-tight.sourceforge.net/";
		description = "Improved version of VNC";

		longDescription = ''
		TightVNC is an improved version of VNC, the great free
		remote-desktop tool. The improvements include bandwidth-friendly
		"tight" encoding, file transfers in the Windows version, enhanced
		GUI, many bugfixes, and more.
		'';

		maintainers = [ ];
		platforms = lib.platforms.unix;

		knownVulnerabilities = [ "CVE-2021-42785" ];
		# Unfortunately, upstream doesn't maintain the 1.3 branch anymore, and the
		# new 2.x branch is substantially different (requiring either Windows or Java)
		};
		}