packages/libvncserver
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2020-29260

Browse Source
This commit is contained in:
zhang__3125 2022-09-28 13:00:09 +08:00
parent 9ac9d2cc84
commit fc68358afa
2 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
0001-free-vncRec-memory-in-rfbClientCleanup.patch Normal file
View File

@ -0,0 +1,12 @@
diff -up libvncserver-LibVNCServer-0.9.13/libvncclient/vncviewer.c.orig libvncserver-LibVNCServer-0.9.13/libvncclient/vncviewer.c
--- libvncserver-LibVNCServer-0.9.13/libvncclient/vncviewer.c.orig 2022-09-28 12:45:54.343732226 +0800
+++ libvncserver-LibVNCServer-0.9.13/libvncclient/vncviewer.c 2022-09-28 12:46:47.518913917 +0800
@@ -534,6 +534,8 @@ void rfbClientCleanup(rfbClient* client)
client->clientData = next;
}
+ free(client->vncRec);
+
if (client->sock != RFB_INVALID_SOCKET)
rfbCloseSocket(client->sock);
if (client->listenSock != RFB_INVALID_SOCKET)

7
libvncserver.spec
View File

@ -1,7 +1,7 @@
Summary: A library for easy implementation of a VNC server
Name: libvncserver
Version: 0.9.13
Release: 2
Release: 3
License: GPLv2+
URL: http://libvnc.github.io/
Source0: https://github.com/LibVNC/libvncserver/archive/LibVNCServer-%{version}.tar.gz
@ -10,6 +10,7 @@ Patch11: 0002-libvncserver-Add-channel-security-handlers.patch
Patch12: 0003-libvncserver-auth-don-t-keep-security-handlers-from-.patch
Patch13: 0004-zlib-Clear-buffer-pointers-on-cleanup-444.patch
Patch14: 0001-libvncserver-don-t-NULL-out-internal-of-the-default-.patch
Patch15: 0001-free-vncRec-memory-in-rfbClientCleanup.patch
Patch102: libvncserver-LibVNCServer-0.9.13-system-crypto-policy.patch
BuildRequires: gcc-c++ cmake3 pkgconfig(gnutls) pkgconfig(sdl2) pkgconfig(libsystemd) pkgconfig(x11)
@ -75,6 +76,10 @@ done
%{_libdir}/pkgconfig/libvncserver.pc
%changelog
* Wed Sep 28 2022 lin zhang <lin.zhang@turbolinux.com.cn> - 0.9.13-3
- fix-CVE-2020-29260
- add 0001-free-vncRec-memory-in-rfbClientCleanup.patch
* Mon Jun 20 2022 lin zhang <lin.zhang@turbolinux.com.cn> - 0.9.13-2
- add libvncserver.yaml