gentoo resync : 17.02.2020

6 files changed, 278 insertions, 0 deletions

diff --git a/net-misc/vino/Manifest b/net-misc/vino/Manifest
index 48502ade8a6c..4e1ad4864c6b 100644
--- a/net-misc/vino/Manifest
+++ b/net-misc/vino/Manifest
@@ -1,6 +1,12 @@
+AUX CVE-2014-6053.patch 1054 BLAKE2B 4f1b4512bc2c0d3ea971379bcbe28ceda2288f7acd041e565ad7bcd884fbca2373f5ed5e862a11d83cd6d4a222d8e75ad0fd20f4e8e867ec657a6f009cb573fd SHA512 0c3873b5a26576d13446c8b78b8737ada2f1bf9efd7af015061bfe1df694d54c741ee6d9f551abc60d8bf30e92e5ce8b40d50d12b378add5e5f9ce3a70fef8a5
+AUX CVE-2018-7225.patch 2397 BLAKE2B 2adae0915f8ab5046b80d30b9e1ad7ae923ddc01c9281d4b1ef59ff360a5408f3581e70dcca2e31e0b66179e32503d36df5e2ce4903478e06a4c7b5331676aa0 SHA512 9a9d8f8bbb96a75e96d4eb4c649e2c5e6ff3fb713b030559ba465b1267e742e0399b8f142de94d9ce2aacf9cd8403406bac247b29812559172b5b324c87b9e1c
+AUX CVE-2019-15681.patch 950 BLAKE2B 5c45bd813ef1329ebec3486fd5464df510d72f52172cd0b6ce9aeebb06685e33500df3f2e335a882067e0aa1b8db4f9307aba04879b91e4b6b04071a50e9551a SHA512 4e9e638b12970ccac3ffd85135cc93a943ec30a9d73797fda4e8403a464e6f63870b28f6f1dfa27d959a5703068cc53287112b1d4d85682edf7161b300951a61
 AUX vino-return-error-if-X11-is-no-detected.patch 1102 BLAKE2B 145b468e06bfa8b7abb18c1209761a2ca2314ffc92f04fe419ef0722eaed6a30b5a2e8cbeb8923e1b0cf072ba988ea9c3031fe2816df8632c3e123f643c70221 SHA512 6342507c051d81fbcbf8d2f8ce5005b60da0ba6a1f725c3aabb164c310b7c17a92f1aaeedc69873b47ba35041ff5ab7d75b762d5f9bfa70d967864e3cafb2596
 AUX vino-segfaults-on-wayland.patch 1172 BLAKE2B c8e3b9316309f78975123cd3ac87fd53d8fd498be5927a2188dfbddf5ac5316febf71ff5297466e95d079e9dfe8bf4a034c1b45320000c683f5e264527a870dd SHA512 e1d9a489643ce46259ebd830ccd906dbe65675ff57cb2d405b584acbf6c67e3a3f34f051c6ab5bd5fb5d40bd873225b36801b87030c30c0c764d3d5a72095f23
+DIST vino-3.22.0-patchset.tar.xz 158480 BLAKE2B fb8b50abde8cb4728410302c1d3a57bc4d344a33ac0bd9f1265fd24eb142dcd52e870845b902c9b63e98134f87873ebf6abfcfcd1efadb72b0cc72b04f9bf4be SHA512 cf96f5dce96d5c060462698c9d8df6f6d94eb9d624cb689c1262830840ed8f3617485f2274832076c273625e92a89732f9c2ae99dbcbf495e5293cf88408064f
 DIST vino-3.22.0.tar.xz 768716 BLAKE2B 5c3f6df059f129009bbc97527d1767bc8a29d8cbff5e6f9e89dabc4583ffdae2cf235eec66cbcb5f9e73c9a0a7c05a504e4e90221bf5adfc2ecbbbd518fdc84a SHA512 29b88e151b0b8c69bce1565ae3ec2e788f48c7645429984329fb2d3daaf03cc5ac100abbf70247bf0516c6d03a3b9aeb78d018c8f1bf35fd241919117fd1105f
 EBUILD vino-3.22.0-r1.ebuild 1821 BLAKE2B 14db439bf16ef23f58c0cdfb8b5119e591a3cbca521de229ff7ebe026a05992db296908cd77b52053691984227029e7c78276b5f700b388219b653ffa450e476 SHA512 8d10fcb421ad25ec3aac15b9ed6b4e6f9aa6c54b572ac0fd5d04c30b06100b99d889807fd8f3f5844ae1a68d740042adeeca0a5212e32ad21bc83cae48bae5b8
+EBUILD vino-3.22.0-r2.ebuild 2006 BLAKE2B e624588d848c5f078ae4f025ef3e338aad712403267214a8564f04c1857be791d983baf700056e5948e5bec87e22412055c994b7299f234e9463c47eef07298b SHA512 f2ea280caa7560ff05fcead6d8720d70476b8f347deb86a26530a870ba21cd0506acea72a3c5877c341cdb415f801ccfa56be33e5ba3f404286afd66ed118ec4
+EBUILD vino-3.22.0-r3.ebuild 1956 BLAKE2B 04ca02b942477d1df887ece1e69cda37ccc1487c2eb9aa13c86eaf3bb0476ddf7a14a1a9f06c81275ed314510ec11e1cce5e566886e993fa6625b95ee21143c7 SHA512 fa0f12b45f610fd4c971316d21841f24dd7d9d80bc01810024ceef7ddb9b23c7c1915d38488a022a6eb3a5bd3fe06f7f81f19504e1bcbdcbde99933f8829badc
 EBUILD vino-3.22.0.ebuild 1641 BLAKE2B cb05d5798cb4873e688bbe0e9c11b9648ae19400973599c854a243418aa25cb8381dc7aa761c31a11c4de5b7bf750df5850fbc3c1f8d94f64fdf2b9c035b61ef SHA512 e4f75abf8c4b63f7e7c2856cc6aaf1773fde72464d6f58277a922145676db3f634625c1448479d9ebe0d8fe7d946ceef1d094679dc498ad0368f326ab6e1a883
 MISC metadata.xml 343 BLAKE2B 92816370ecc7d4e3b9d3f4513ee7c437b98ea3ca798107beb1b4885ab778768e19a20dbf8a3c19dd1c6d2b812a2498a9d1e2b4f4211dad0f350f620420a523e2 SHA512 dc33b648174ba60a62212dd252f1d358ee7a05ddbd41ae2b31dbdf362f4f780207c5183c0b180d68c8df5a613e91c1336231f2d75100076a01517e4d70d8252d
diff --git a/net-misc/vino/files/CVE-2014-6053.patch b/net-misc/vino/files/CVE-2014-6053.patch
new file mode 100644
index 000000000000..8830c30f870d
--- /dev/null
+++ b/net-misc/vino/files/CVE-2014-6053.patch
@@ -0,0 +1,31 @@
+From b1bfadcbfd88970c6d48672e2dbcca8713c91411 Mon Sep 17 00:00:00 2001
+From: Nicolas Ruff <nruff@google.com>
+Date: Mon, 18 Aug 2014 15:16:16 +0200
+Subject: [PATCH 1/3] Check malloc() return value on client->server
+ ClientCutText message. Client can send up to 2**32-1 bytes of text, and such
+ a large allocation is likely to fail in case of high memory pressure. This
+ would in a server crash (write at address 0).
+
+---
+ server/libvncserver/rfbserver.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/server/libvncserver/rfbserver.c b/server/libvncserver/rfbserver.c
+index a880b53..2615dc3 100644
+--- a/server/libvncserver/rfbserver.c
++++ b/server/libvncserver/rfbserver.c
+@@ -853,6 +853,11 @@ rfbProcessClientNormalMessage(rfbClientPtr cl)
+ 	msg.cct.length = Swap32IfLE(msg.cct.length);
+ 
+ 	str = (char *)malloc(msg.cct.length);
++	if (str == NULL) {
++		rfbLogPerror("rfbProcessClientNormalMessage: not enough memory");
++		rfbCloseClient(cl);
++		return;
++	}
+ 
+ 	if ((n = ReadExact(cl, str, msg.cct.length)) <= 0) {
+ 	    if (n != 0)
+-- 
+2.20.1
+
diff --git a/net-misc/vino/files/CVE-2018-7225.patch b/net-misc/vino/files/CVE-2018-7225.patch
new file mode 100644
index 000000000000..1b1186b4fe78
--- /dev/null
+++ b/net-misc/vino/files/CVE-2018-7225.patch
@@ -0,0 +1,64 @@
+From d8a663541ef358a13fed2fbb39e7d323454369dc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
+Date: Mon, 26 Feb 2018 13:48:00 +0100
+Subject: [PATCH 2/3] Limit client cut text length to 1 MB
+
+This patch constrains a client cut text length to 1 MB. Otherwise
+a client could make server allocate 2 GB of memory and that seems to
+be to much to classify it as a denial of service.
+
+The limit also prevents from an integer overflow followed by copying
+an uninitilized memory when processing msg.cct.length value larger
+than SIZE_MAX or INT_MAX - sz_rfbClientCutTextMsg.
+
+This patch also corrects accepting length value of zero (malloc(0) is
+interpreted on differnet systems differently).
+
+CVE-2018-7225
+<https://github.com/LibVNC/libvncserver/issues/218>
+---
+ server/libvncserver/rfbserver.c | 21 ++++++++++++++++++++-
+ 1 file changed, 20 insertions(+), 1 deletion(-)
+
+diff --git a/server/libvncserver/rfbserver.c b/server/libvncserver/rfbserver.c
+index 2615dc3..2224edb 100644
+--- a/server/libvncserver/rfbserver.c
++++ b/server/libvncserver/rfbserver.c
+@@ -59,6 +59,9 @@
+ #define DEBUGPROTO(x)
+ #endif
+ 
++/* PRIu32 */
++#include <inttypes.h>
++
+ rfbClientPtr pointerClient = NULL;  /* Mutex for pointer events */
+ 
+ static void rfbProcessClientProtocolVersion(rfbClientPtr cl);
+@@ -852,7 +855,23 @@ rfbProcessClientNormalMessage(rfbClientPtr cl)
+ 
+ 	msg.cct.length = Swap32IfLE(msg.cct.length);
+ 
+-	str = (char *)malloc(msg.cct.length);
++	/* uint32_t input is passed to malloc()'s size_t argument,
++	 * to rfbReadExact()'s int argument, to rfbStatRecordMessageRcvd()'s int
++	 * argument increased of sz_rfbClientCutTextMsg, and to setXCutText()'s int
++	 * argument. Here we impose a limit of 1 MB so that the value fits
++	 * into all of the types to prevent from misinterpretation and thus
++	 * from accessing uninitialized memory (CVE-2018-7225) and also to
++	 * prevent from a denial-of-service by allocating to much memory in
++	 * the server. */
++	if (msg.cct.length > 1<<20) {
++	    rfbLog("rfbClientCutText: too big cut text length requested: %" PRIu32 "\n",
++		    msg.cct.length);
++	    rfbCloseClient(cl);
++	    return;
++	}
++
++	/* Allow zero-length client cut text. */
++	str = (char *)calloc(msg.cct.length ? msg.cct.length : 1, 1);
+ 	if (str == NULL) {
+ 		rfbLogPerror("rfbProcessClientNormalMessage: not enough memory");
+ 		rfbCloseClient(cl);
+-- 
+2.20.1
+
diff --git a/net-misc/vino/files/CVE-2019-15681.patch b/net-misc/vino/files/CVE-2019-15681.patch
new file mode 100644
index 000000000000..31bb47ee9b27
--- /dev/null
+++ b/net-misc/vino/files/CVE-2019-15681.patch
@@ -0,0 +1,26 @@
+From d9f3fa0ede556c6a751a8ca6c8bc37e769715233 Mon Sep 17 00:00:00 2001
+From: Christian Beier <dontmind@freeshell.org>
+Date: Mon, 19 Aug 2019 22:32:25 +0200
+Subject: [PATCH 3/3] rfbserver: don't leak stack memory to the remote
+
+Thanks go to Pavel Cheremushkin of Kaspersky for reporting.
+---
+ server/libvncserver/rfbserver.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/server/libvncserver/rfbserver.c b/server/libvncserver/rfbserver.c
+index 2224edb..ca4f59b 100644
+--- a/server/libvncserver/rfbserver.c
++++ b/server/libvncserver/rfbserver.c
+@@ -1565,6 +1565,8 @@ rfbSendServerCutText(rfbScreenInfoPtr rfbScreen,char *str, int len)
+     rfbServerCutTextMsg sct;
+     rfbClientIteratorPtr iterator;
+ 
++    memset((char *)&sct, 0, sizeof(sct));
++
+     iterator = rfbGetClientIterator(rfbScreen);
+     while ((cl = rfbClientIteratorNext(iterator)) != NULL) {
+         /* Client is not authenticated, ignore. See GNOME bug 678434. */
+-- 
+2.20.1
+
diff --git a/net-misc/vino/vino-3.22.0-r2.ebuild b/net-misc/vino/vino-3.22.0-r2.ebuild
new file mode 100644
index 000000000000..bb0874d055d7
--- /dev/null
+++ b/net-misc/vino/vino-3.22.0-r2.ebuild
@@ -0,0 +1,76 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+GNOME2_EAUTORECONF="yes"
+inherit gnome2 systemd
+
+DESCRIPTION="An integrated VNC server for GNOME"
+HOMEPAGE="https://wiki.gnome.org/Projects/Vino"
+SRC_URI+=" https://dev.gentoo.org/~leio/distfiles/${P}-patchset.tar.xz"
+
+LICENSE="GPL-2+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+IUSE="crypt debug gnome-keyring ipv6 jpeg ssl systemd +telepathy zeroconf +zlib"
+# bug #394611; tight encoding requires zlib encoding
+REQUIRED_USE="jpeg? ( zlib )"
+
+# cairo used in vino-fb
+# libSM and libICE used in eggsmclient-xsmp
+RDEPEND="
+	>=dev-libs/glib-2.26:2
+	>=dev-libs/libgcrypt-1.1.90:0=
+	>=x11-libs/gtk+-3:3
+
+	x11-libs/cairo:=
+	x11-libs/libICE
+	x11-libs/libSM
+	x11-libs/libX11
+	x11-libs/libXdamage
+	x11-libs/libXext
+	x11-libs/libXfixes
+	x11-libs/libXtst
+	x11-libs/pango[X]
+
+	>=x11-libs/libnotify-0.7.0:=
+
+	crypt? ( >=dev-libs/libgcrypt-1.1.90:0= )
+	gnome-keyring? ( app-crypt/libsecret )
+	jpeg? ( virtual/jpeg:0= )
+	ssl? ( >=net-libs/gnutls-2.2.0:= )
+	systemd? ( sys-apps/dbus[user-session] )
+	telepathy? (
+		dev-libs/dbus-glib
+		>=net-libs/telepathy-glib-0.18 )
+	zeroconf? ( >=net-dns/avahi-0.6:=[dbus] )
+	zlib? ( sys-libs/zlib:= )
+"
+DEPEND="${RDEPEND}
+	app-crypt/libsecret
+	dev-util/glib-utils
+	>=dev-util/intltool-0.50
+	virtual/pkgconfig
+"
+# libsecret is always required at build time per bug 322763
+
+PATCHES=(
+	"${WORKDIR}"/patches/ # Patches from master branch at 2020-02-15 state; needs autoreconf
+	"${FILESDIR}"/CVE-2014-6053.patch
+	"${FILESDIR}"/CVE-2018-7225.patch
+	"${FILESDIR}"/CVE-2019-15681.patch
+)
+
+src_configure() {
+	gnome2_src_configure \
+		$(use_enable ipv6) \
+		$(use_with crypt gcrypt) \
+		$(usex debug --enable-debug=yes ' ') \
+		$(use_with gnome-keyring secret) \
+		$(use_with jpeg) \
+		$(use_with ssl gnutls) \
+		$(use_with telepathy) \
+		$(use_with zeroconf avahi) \
+		$(use_with zlib) \
+		--with-systemduserunitdir="$(systemd_get_userunitdir)"
+}
diff --git a/net-misc/vino/vino-3.22.0-r3.ebuild b/net-misc/vino/vino-3.22.0-r3.ebuild
new file mode 100644
index 000000000000..b53f4ca1bcb7
--- /dev/null
+++ b/net-misc/vino/vino-3.22.0-r3.ebuild
@@ -0,0 +1,75 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+GNOME2_EAUTORECONF="yes"
+inherit gnome2 systemd
+
+DESCRIPTION="An integrated VNC server for GNOME"
+HOMEPAGE="https://wiki.gnome.org/Projects/Vino"
+SRC_URI+=" https://dev.gentoo.org/~leio/distfiles/${P}-patchset.tar.xz"
+
+LICENSE="GPL-2+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+IUSE="crypt debug gnome-keyring ipv6 jpeg ssl +telepathy zeroconf +zlib"
+# bug #394611; tight encoding requires zlib encoding
+REQUIRED_USE="jpeg? ( zlib )"
+
+# cairo used in vino-fb
+# libSM and libICE used in eggsmclient-xsmp
+RDEPEND="
+	>=dev-libs/glib-2.26:2
+	>=dev-libs/libgcrypt-1.1.90:0=
+	>=x11-libs/gtk+-3:3
+
+	x11-libs/cairo:=
+	x11-libs/libICE
+	x11-libs/libSM
+	x11-libs/libX11
+	x11-libs/libXdamage
+	x11-libs/libXext
+	x11-libs/libXfixes
+	x11-libs/libXtst
+	x11-libs/pango[X]
+
+	>=x11-libs/libnotify-0.7.0:=
+
+	crypt? ( >=dev-libs/libgcrypt-1.1.90:0= )
+	gnome-keyring? ( app-crypt/libsecret )
+	jpeg? ( virtual/jpeg:0= )
+	ssl? ( >=net-libs/gnutls-2.2.0:= )
+	telepathy? (
+		dev-libs/dbus-glib
+		>=net-libs/telepathy-glib-0.18 )
+	zeroconf? ( >=net-dns/avahi-0.6:=[dbus] )
+	zlib? ( sys-libs/zlib:= )
+"
+DEPEND="${RDEPEND}
+	app-crypt/libsecret
+	dev-util/glib-utils
+	>=dev-util/intltool-0.50
+	virtual/pkgconfig
+"
+# libsecret is always required at build time per bug 322763
+
+PATCHES=(
+	"${WORKDIR}"/patches/ # Patches from master branch at 2020-02-15 state; needs autoreconf
+	"${FILESDIR}"/CVE-2014-6053.patch
+	"${FILESDIR}"/CVE-2018-7225.patch
+	"${FILESDIR}"/CVE-2019-15681.patch
+)
+
+src_configure() {
+	gnome2_src_configure \
+		$(use_enable ipv6) \
+		$(use_with crypt gcrypt) \
+		$(usex debug --enable-debug=yes ' ') \
+		$(use_with gnome-keyring secret) \
+		$(use_with jpeg) \
+		$(use_with ssl gnutls) \
+		$(use_with telepathy) \
+		$(use_with zeroconf avahi) \
+		$(use_with zlib) \
+		--with-systemduserunitdir="$(systemd_get_userunitdir)"
+}