Mail archive
alpine-aports

[alpine-aports] [PATCH edge] main/libvncserver: security upgrade to 0.9.11 - fixes #6637

From: Sergey Lukin <sergej.lukin_at_gmail.com>
Date: Wed, 11 Jan 2017 08:29:02 +0000

CVE-2016-9941: Heap-based buffer overflow in rfbproto.c
CVE-2016-9942: Heap-based buffer overflow in ultra.c
---
 main/libvncserver/APKBUILD | 24 ++++++++++++++----------
 1 file changed, 14 insertions(+), 10 deletions(-)
diff --git a/main/libvncserver/APKBUILD b/main/libvncserver/APKBUILD
index c93b52883e..33569e3adb 100644
--- a/main/libvncserver/APKBUILD
+++ b/main/libvncserver/APKBUILD
_at_@ -1,8 +1,9 @@
+# Contributor: Sergei Lukin <sergej.lukin_at_gmail.com>
 # Contributor: Natanael Copa <ncopa_at_alpinelinux.org>
 # Maintainer:
 pkgname=libvncserver
-pkgver=0.9.10
-pkgrel=1
+pkgver=0.9.11
+pkgrel=0
 pkgdesc="Library to make writing a vnc server easy"
 url="http://libvncserver.sourceforge.net/"
 arch="all"
_at_@ -14,14 +15,17 @@ depends_dev="libgcrypt-dev libjpeg-turbo-dev gnutls-dev libpng-dev
 makedepends="$depends_dev autoconf automake libtool"
 install=""
 subpackages="$pkgname-dev"
-source="http://downloads.sf.net/libvncserver/LibVNCServer-$pkgver.tar.gz"
 source="https://github.com/LibVNC/libvncserver/archive/LibVNCServer-$pkgver.tar.gz
 	"
+# secfixes:
+#   0.9.11-r0:
+#     - CVE-2016-9941
+#     - CVE-2016-9942
 
-_builddir="$srcdir"/libvncserver-LibVNCServer-$pkgver
+builddir="$srcdir"/libvncserver-LibVNCServer-$pkgver
 prepare() {
 	local i
-	cd "$_builddir"
+	cd "$builddir"
 	for i in $source; do
 		case $i in
 		*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
_at_@ -31,7 +35,7 @@ prepare() {
 }
 
 build() {
-	cd "$_builddir"
+	cd "$builddir"
 	./configure \
 		--build=$CBUILD \
 		--host=$CHOST \
_at_@ -42,10 +46,10 @@ build() {
 }
 
 package() {
-	cd "$_builddir"
+	cd "$builddir"
 	make install DESTDIR="$pkgdir" || return 1
 }
 
-md5sums="e1b888fae717b06896f8aec100163d27  LibVNCServer-0.9.10.tar.gz"
-sha256sums="ed10819a5bfbf269969f97f075939cc38273cc1b6d28bccfb0999fba489411f7  LibVNCServer-0.9.10.tar.gz"
-sha512sums="eb637dfb72dc50fb713a715c9d0cc8824a6871527c2edb497e70c92e2e708021fbd5d8134f2dee6a9e90d1c8fd3fee53c5f5ece790c2804e938011a980ffceae  LibVNCServer-0.9.10.tar.gz"
+md5sums="7f06104d5c009813e95142932c4ddb06  LibVNCServer-0.9.11.tar.gz"
+sha256sums="193d630372722a532136fd25c5326b2ca1a636cbb8bf9bb115ef869c804d2894  LibVNCServer-0.9.11.tar.gz"
+sha512sums="e473c081b68dd3cdd96a1756b4f4945ece79d3c8e4cef62140be1699671555fc16d3080e81d764197a14ea83203ffcd0e18c3cc182e012d036e3faae943003fb  LibVNCServer-0.9.11.tar.gz"
-- 
2.11.0
---
Unsubscribe:  alpine-aports+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-aports+help_at_lists.alpinelinux.org
---
Received on Wed Jan 11 2017 - 08:29:02 GMT