ports/129894: [patch][vulnerability fix] update vnc port

John E. Hein jhein at timing.com
Wed Dec 24 01:00:14 UTC 2008 

>Number:         129894
>Category:       ports
>Synopsis:       fix broken vnc port
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Wed Dec 24 01:00:14 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     John Hein
>Release:        FreeBSD 7.1-PRERELEASE i386
>Organization:
>Environment:


>Description:

realvnc.com released a new version (in Oct), but the fetch doesn't know
the difference and, despite the port unsuspectingly fetching the latest
4.1.3 version, forces the output filename to vnc-4_1_2-unixsrc.tar.gz
with -o...

/usr/bin/fetch -ApRr -o vnc-4_1_3-unixsrc.tar.gz 'http://www.realvnc.com/cgi-bin/download.cgi?product=free4/src/unix&acceptLicense=1&haveDetails=1&filetype=tar_gz'

Adding '&filever=4.1.2' to the cgi download url would work around this
since the 4.1.2 tarball is still available, but we should update
to 4.1.3.

Only one code change: to bounds check bounds on a decoders array index before
dereferencing in vnc-4_1_3-unixsrc/common/rfb/CMsgReader.cxx ...

+    if (encoding > encodingMax)
+      throw Exception("Unknown rect encoding");

Other than that, there were some minor 'configure' changes
(for instance, to support solaris better it seems) and
some changes to .vcproj (visual studio c ide project files).

For us, the only change should be the one instance
of better bounds checking shown above.

There is a reported vulnerability for 4.1.2 fixed by the
change shown above - supposedly a remote code execution
vulnerability...

http://www.net-security.org/vuln.php?id=6135

>How-To-Repeat:

>Fix:

Update to the latest release 4.1.3 and add 'filever'
to fetch instruction so the inadvertent
broken checksum doesn't happen again.

Index: Makefile
===================================================================
RCS file: /base/FreeBSD-CVS/ports/net/vnc/Makefile,v
retrieving revision 1.61
diff -u -p -r1.61 Makefile
--- Makefile	16 Dec 2008 04:28:21 -0000	1.61
+++ Makefile	24 Dec 2008 00:41:49 -0000
@@ -6,11 +6,11 @@
 #
 
 PORTNAME=	vnc
-PORTVERSION=	4.1.2
-PORTREVISION=	5
+PORTVERSION=	4.1.3
+PORTREVISION=	0
 CATEGORIES=	net ipv6
 MASTER_SITES=	http://www.realvnc.com/:vnc
-DISTNAME=	vnc-4_1_2-unixsrc
+DISTNAME=	vnc-4_1_3-unixsrc
 DISTFILES=	${DISTNAME}${EXTRACT_SUFX}:vnc
 DIST_SUBDIR=	xc
 
@@ -20,8 +20,6 @@ COMMENT=	Display X and Win32 desktops on
 RUN_DEPENDS=	xorg-fonts>=7.2:${PORTSDIR}/x11-fonts/xorg-fonts \
 		xauth:${PORTSDIR}/x11/xauth
 
-BROKEN=		checksum mismatch
-
 GNU_CONFIGURE=	yes
 # The vnc supplied zlib seg. faults if compiled with -O
 CONFIGURE_ARGS=	--with-installed-zlib
@@ -73,7 +71,7 @@ PLIST_SUB+=	SERVER="@comment "
 # No direct URL for VNC -- have to pseudo-submit their webform.
 pre-fetch:
 	@${MKDIR} ${DISTDIR}/${DIST_SUBDIR} && cd ${DISTDIR}/${DIST_SUBDIR} && \
-	${FETCH_CMD} -o ${DISTNAME}.tar.gz 'http://www.realvnc.com/cgi-bin/download.cgi?product=free4/src/unix&acceptLicense=1&haveDetails=1&filetype=tar_gz'
+	${FETCH_CMD} -o ${DISTNAME}.tar.gz 'http://www.realvnc.com/cgi-bin/download.cgi?product=free4/src/unix&acceptLicense=1&haveDetails=1&filetype=tar_gz&filever=4.1.3'
 
 post-extract:
 .if !defined(WITHOUT_SERVER)
Index: distinfo
===================================================================
RCS file: /base/FreeBSD-CVS/ports/net/vnc/distinfo,v
retrieving revision 1.19
diff -u -p -r1.19 distinfo
--- distinfo	18 May 2006 16:06:35 -0000	1.19
+++ distinfo	24 Dec 2008 00:20:15 -0000
@@ -1,6 +1,6 @@
-MD5 (xc/vnc-4_1_2-unixsrc.tar.gz) = cf9a6fe8f592286b5e0fdde686504ffb
-SHA256 (xc/vnc-4_1_2-unixsrc.tar.gz) = ed73cd1abf4c4044032929fa2dd023d851f5fe37f88009523d3b08b7d836d542
-SIZE (xc/vnc-4_1_2-unixsrc.tar.gz) = 537713
+MD5 (xc/vnc-4_1_3-unixsrc.tar.gz) = a119f3c75ad2767c0588260e2abe39be
+SHA256 (xc/vnc-4_1_3-unixsrc.tar.gz) = a5897cbeaef74e02f23d43b89905f5a218041292743ed469f45092073c2bc047
+SIZE (xc/vnc-4_1_3-unixsrc.tar.gz) = 550870
 MD5 (xc/X430src-1.tgz) = 4f241a4f867363f40efa2b00dca292af
 SHA256 (xc/X430src-1.tgz) = 5276b045e154948fce7abba7d686406c65862d90b43b50f2546b33e38378f0d7
 SIZE (xc/X430src-1.tgz) = 10993622
>Release-Note:
>Audit-Trail:
>Unformatted:
 fix broken vnc port
 From: John Hein <jhein>
 Reply-To: John Hein <jhein>
 Cc: ports at freebsd.org
 BCc: jhein
 X-send-pr-version: 3.113
 X-GNATS-Notify:

More information about the freebsd-ports-bugs mailing list