tightvnc: add patches for CVE-2019-8287, CVE-2019-15678, CVE-2019-15679 & CVE-2019-15680 #73970
Conversation
|
Are these upstream somewhere and can be |
|
There is no upstream. TightVNC 1.x is essentially abandoned, 2.x is proprietary. See https://www.openwall.com/lists/oss-security/2018/12/10/5 for more on their attitude. I had to track down & port these patches myself, which is why even debian don't have this fixed yet (I've sent them a link to this PR though). |
There was a problem hiding this comment.
Good job on adapting those patches to tightvnc 1.x
but running a nix-review I notice that vncviewer binary is now missing.
Seems those patches introduce some build failures
In file included from rfbproto.c:1270:
corre.c: In function 'HandleCoRRE8':
corre.c:59:25: error: 'RFB_BUFFER_SIZE' undeclared (first use in this function); did you mean 'ZLIB_BUFFER_SIZE'?
if (hdr.nSubrects > RFB_BUFFER_SIZE / (4 + (BPP / 8)) || !ReadFromRFBServer(client, client->buffer, hdr.nSubrects * (4 + (BPP / 8))))
^~~~~~~~~~~~~~~
ZLIB_BUFFER_SIZE
corre.c:59:25: note: each undeclared identifier is reported only once for each function it appears in
corre.c:59:81: error: 'client' undeclared (first use in this function); did you mean 'XEvent'?
if (hdr.nSubrects > RFB_BUFFER_SIZE / (4 + (BPP / 8)) || !ReadFromRFBServer(client, client->buffer, hdr.nSubrects * (4 + (BPP / 8))))
^~~~~~
XEvent
corre.c:59:63: error: too many arguments to function 'ReadFromRFBServer'
if (hdr.nSubrects > RFB_BUFFER_SIZE / (4 + (BPP / 8)) || !ReadFromRFBServer(client, client->buffer, hdr.nSubrects * (4 + (BPP / 8))))
^~~~~~~~~~~~~~~~~Then in install phase
Copying vncviewer/vncviewer -> /nix/store/981ad5phnclvhihhvgzgll4yif6a9yfn-tightvnc-1.3.10/bin/vncviewer
cp: cannot stat 'vncviewer/vncviewer': No such file or directory
|
Ah - that would explain a few things - I assumed the package was slightly broken already (other binaries work), I hadn't thought to check for uncaught failures. I'll take a closer look at this. |
… & CVE-2019-15680 mostly adapted from patches fixing similar issues in the actively maintained libvnc
risicle
force-pushed
the
ris-tightvnc-CVEs
branch
from
1aaacaf
to
4c844c9
Compare
|
Fixed. I forgot to re-adjust changed variable names & call signature. |
|
@risicle thanks for this, I'll backport |
Security fixes for: * CVE-2019-8287 * CVE-2019-15678 * CVE-2019-15679 * CVE-2019-15680 mostly adapted from patches fixing similar issues in the actively maintained libvnc (#73970) (cherry picked from commit 2482f8b)
Security fixes for: * CVE-2019-8287 * CVE-2019-15678 * CVE-2019-15679 * CVE-2019-15680 mostly adapted from patches fixing similar issues in the actively maintained libvnc (#73970) (cherry picked from commit 2482f8b)
Motivation for this change
https://nvd.nist.gov/vuln/detail/CVE-2019-8287
https://nvd.nist.gov/vuln/detail/CVE-2019-15678
https://nvd.nist.gov/vuln/detail/CVE-2019-15679
https://nvd.nist.gov/vuln/detail/CVE-2019-15680
These had to be adapted from patches fixing similar issues in the actively maintained libvnc @ https://github.com/LibVNC/libvncserver
Things done
sandboxinnix.confon non-NixOS linux)nix-shell -p nix-review --run "nix-review wip"./result/bin/)nix path-info -Sbefore and after)Notify maintainers
cc @