New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tightvnc: add patches for CVE-2019-8287, CVE-2019-15678, CVE-2019-15679 & CVE-2019-15680 #73970
Conversation
Are these upstream somewhere and can be |
There is no upstream. TightVNC 1.x is essentially abandoned, 2.x is proprietary. See https://www.openwall.com/lists/oss-security/2018/12/10/5 for more on their attitude. I had to track down & port these patches myself, which is why even debian don't have this fixed yet (I've sent them a link to this PR though). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good job on adapting those patches to tightvnc 1.x
but running a nix-review I notice that vncviewer
binary is now missing.
Seems those patches introduce some build failures
In file included from rfbproto.c:1270:
corre.c: In function 'HandleCoRRE8':
corre.c:59:25: error: 'RFB_BUFFER_SIZE' undeclared (first use in this function); did you mean 'ZLIB_BUFFER_SIZE'?
if (hdr.nSubrects > RFB_BUFFER_SIZE / (4 + (BPP / 8)) || !ReadFromRFBServer(client, client->buffer, hdr.nSubrects * (4 + (BPP / 8))))
^~~~~~~~~~~~~~~
ZLIB_BUFFER_SIZE
corre.c:59:25: note: each undeclared identifier is reported only once for each function it appears in
corre.c:59:81: error: 'client' undeclared (first use in this function); did you mean 'XEvent'?
if (hdr.nSubrects > RFB_BUFFER_SIZE / (4 + (BPP / 8)) || !ReadFromRFBServer(client, client->buffer, hdr.nSubrects * (4 + (BPP / 8))))
^~~~~~
XEvent
corre.c:59:63: error: too many arguments to function 'ReadFromRFBServer'
if (hdr.nSubrects > RFB_BUFFER_SIZE / (4 + (BPP / 8)) || !ReadFromRFBServer(client, client->buffer, hdr.nSubrects * (4 + (BPP / 8))))
^~~~~~~~~~~~~~~~~
Then in install phase
Copying vncviewer/vncviewer -> /nix/store/981ad5phnclvhihhvgzgll4yif6a9yfn-tightvnc-1.3.10/bin/vncviewer
cp: cannot stat 'vncviewer/vncviewer': No such file or directory
Ah - that would explain a few things - I assumed the package was slightly broken already (other binaries work), I hadn't thought to check for uncaught failures. I'll take a closer look at this. |
… & CVE-2019-15680 mostly adapted from patches fixing similar issues in the actively maintained libvnc
1aaacaf
to
4c844c9
Compare
Fixed. I forgot to re-adjust changed variable names & call signature. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@risicle thanks for this, I'll backport |
Security fixes for: * CVE-2019-8287 * CVE-2019-15678 * CVE-2019-15679 * CVE-2019-15680 mostly adapted from patches fixing similar issues in the actively maintained libvnc (#73970) (cherry picked from commit 2482f8b)
Security fixes for: * CVE-2019-8287 * CVE-2019-15678 * CVE-2019-15679 * CVE-2019-15680 mostly adapted from patches fixing similar issues in the actively maintained libvnc (#73970) (cherry picked from commit 2482f8b)
Motivation for this change
https://nvd.nist.gov/vuln/detail/CVE-2019-8287
https://nvd.nist.gov/vuln/detail/CVE-2019-15678
https://nvd.nist.gov/vuln/detail/CVE-2019-15679
https://nvd.nist.gov/vuln/detail/CVE-2019-15680
These had to be adapted from patches fixing similar issues in the actively maintained libvnc @ https://github.com/LibVNC/libvncserver
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nix-review --run "nix-review wip"
./result/bin/
)nix path-info -S
before and after)Notify maintainers
cc @