~alpine/aports

[alpine-aports] [PATCH edge] main/libvncserver: security upgrade to 0.9.11 - fixes #6637

Sergey Lukin <sergej.lukin@gmail.com>
Details
Message ID
<20170111082902.31185-1-sergej.lukin@gmail.com>
Sender timestamp
1484123342
DKIM signature
missing
Download raw message
7 years ago
Patch: +14 -10 
CVE-2016-9941: Heap-based buffer overflow in rfbproto.c
CVE-2016-9942: Heap-based buffer overflow in ultra.c
---
 main/libvncserver/APKBUILD | 24 ++++++++++++++----------
 1 file changed, 14 insertions(+), 10 deletions(-)

diff --git a/main/libvncserver/APKBUILD b/main/libvncserver/APKBUILD
index c93b52883e..33569e3adb 100644
--- a/main/libvncserver/APKBUILD
+++ b/main/libvncserver/APKBUILD
@@ -1,8 +1,9 @@
# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Maintainer:
pkgname=libvncserver
pkgver=0.9.10
pkgrel=1
pkgver=0.9.11
pkgrel=0
pkgdesc="Library to make writing a vnc server easy"
url="http://libvncserver.sourceforge.net/"
arch="all"
@@ -14,14 +15,17 @@ depends_dev="libgcrypt-dev libjpeg-turbo-dev gnutls-dev libpng-dev
makedepends="$depends_dev autoconf automake libtool"
install=""
subpackages="$pkgname-dev"
source="http://downloads.sf.net/libvncserver/LibVNCServer-$pkgver.tar.gz"
source="https://github.com/LibVNC/libvncserver/archive/LibVNCServer-$pkgver.tar.gz
	"
# secfixes:
#   0.9.11-r0:
#     - CVE-2016-9941
#     - CVE-2016-9942

_builddir="$srcdir"/libvncserver-LibVNCServer-$pkgver
builddir="$srcdir"/libvncserver-LibVNCServer-$pkgver
prepare() {
	local i
	cd "$_builddir"
	cd "$builddir"
	for i in $source; do
		case $i in
		*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
@@ -31,7 +35,7 @@ prepare() {
}

build() {
	cd "$_builddir"
	cd "$builddir"
	./configure \
		--build=$CBUILD \
		--host=$CHOST \
@@ -42,10 +46,10 @@ build() {
}

package() {
	cd "$_builddir"
	cd "$builddir"
	make install DESTDIR="$pkgdir" || return 1
}

md5sums="e1b888fae717b06896f8aec100163d27  LibVNCServer-0.9.10.tar.gz"
sha256sums="ed10819a5bfbf269969f97f075939cc38273cc1b6d28bccfb0999fba489411f7  LibVNCServer-0.9.10.tar.gz"
sha512sums="eb637dfb72dc50fb713a715c9d0cc8824a6871527c2edb497e70c92e2e708021fbd5d8134f2dee6a9e90d1c8fd3fee53c5f5ece790c2804e938011a980ffceae  LibVNCServer-0.9.10.tar.gz"
md5sums="7f06104d5c009813e95142932c4ddb06  LibVNCServer-0.9.11.tar.gz"
sha256sums="193d630372722a532136fd25c5326b2ca1a636cbb8bf9bb115ef869c804d2894  LibVNCServer-0.9.11.tar.gz"
sha512sums="e473c081b68dd3cdd96a1756b4f4945ece79d3c8e4cef62140be1699671555fc16d3080e81d764197a14ea83203ffcd0e18c3cc182e012d036e3faae943003fb  LibVNCServer-0.9.11.tar.gz"
-- 
2.11.0



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)