Package: gtk-vnc | Debian Sources

Package: gtk-vnc / 0.6.0-3

Metadata

Package	Version	Patches format
gtk-vnc	0.6.0-3	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
Remove GNUmakefile links.patch \| (download)	configure \| 11 0 + 11 - 0 ! configure.ac \| 11 0 + 11 - 0 ! 2 files changed, 22 deletions(-)	remove gnumakefile links since it breaks the out of tree build
Add I m4 to Makefile.am.patch \| (download)	Makefile.am \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	add -i m4 to makefile.am
security/Fix bounds checking for RRE hextile copyrect encodings.patch \| (download)	cfg.mk \| 2 1 + 1 - 0 ! src/Makefile.am \| 8 8 + 0 - 0 ! src/vncconnection.c \| 41 25 + 16 - 0 ! src/vncconnectiontest.c \| 462 462 + 0 - 0 ! 4 files changed, 496 insertions(+), 17 deletions(-)	fix bounds checking for rre, hextile & copyrect encodings While the client would bounds check the overall update region, it failed to bounds check the payload data parameters. Add a test case to validate bounds checking. https://bugzilla.gnome.org/show_bug.cgi?id=778048 CVE-2017-5884 Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
security/Don t accept color map entries for true color pixel forma.patch \| (download)	src/vncconnection.c \| 5 5 + 0 - 0 ! src/vncconnectiontest.c \| 96 94 + 2 - 0 ! 2 files changed, 99 insertions(+), 2 deletions(-)	don't accept color map entries for true-color pixel format The color map entries should only be sent by the server when true-color flag is false. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
security/Correctly validate color map range indexes.patch \| (download)	src/vnccolormap.c \| 4 2 + 2 - 0 ! src/vncconnection.c \| 18 14 + 4 - 0 ! src/vncconnectiontest.c \| 76 76 + 0 - 0 ! 3 files changed, 92 insertions(+), 6 deletions(-)	correctly validate color map range indexes The color map index could wrap around to zero causing negative array index accesses. https://bugzilla.gnome.org/show_bug.cgi?id=778050 CVE-2017-5885 Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Link against GIO_LIBS explicitly.patch \| (download)	src/Makefile.am \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	link against gio_libs explicitly to avoid libtool: link: gcc -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -g -O2 -fdebug-prefix-map=/build/gtk-vnc-0.6.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wl,-z -Wl,relro -Wl,-z -Wl,now -o .libs/vncconnectiontest vncconnectiontest-vncconnectiontest.o ./.libs/libgvnc-1.0.so -lz -pthread /usr/bin/ld: vncconnectiontest-vncconnectiontest.o: undefined reference to symbol 'g_io_stream_get_output_stream' //usr/lib/x86_64-linux-gnu/libgio-2.0.so.0: error adding symbols: DSO missing from command line Also make the use of _CFLAGS and _LIBS match.

1