Bug 129894 - [patch] fix broken net/vnc port
Summary: [patch] fix broken net/vnc port
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Wesley Shields
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-12-24 01:00 UTC by John E. Hein
Modified: 2008-12-27 03:10 UTC (History)
0 users

See Also:

Attachments
file.diff (2.30 KB, patch)
2008-12-24 01:00 UTC, John E. Hein 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John E. Hein 2008-12-24 01:00:14 UTC 
realvnc.com released a new version (in Oct), but the fetch doesn't know
the difference and, despite the port unsuspectingly fetching the latest
4.1.3 version, forces the output filename to vnc-4_1_2-unixsrc.tar.gz
with -o...

/usr/bin/fetch -ApRr -o vnc-4_1_3-unixsrc.tar.gz 'http://www.realvnc.com/cgi-bin/download.cgi?product=free4/src/unix&acceptLicense=1&haveDetails=1&filetype=tar_gz'

Adding '&filever=4.1.2' to the cgi download url would work around this
since the 4.1.2 tarball is still available, but we should update
to 4.1.3.

Only one code change: to bounds check bounds on a decoders array index before
dereferencing in vnc-4_1_3-unixsrc/common/rfb/CMsgReader.cxx ...

+    if (encoding > encodingMax)
+      throw Exception("Unknown rect encoding");

Other than that, there were some minor 'configure' changes
(for instance, to support solaris better it seems) and
some changes to .vcproj (visual studio c ide project files).

For us, the only change should be the one instance
of better bounds checking shown above.

There is a reported vulnerability for 4.1.2 fixed by the
change shown above - supposedly a remote code execution
vulnerability...

http://www.net-security.org/vuln.php?id=6135

Fix: Update to the latest release 4.1.3 and add 'filever'
to fetch instruction so the inadvertent
broken checksum doesn't happen again.
Comment 1 Wesley Shields freebsd_committer freebsd_triage 2008-12-25 15:30:42 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->wxs

I'll take it as I'm hoping to handle all the net/vnc PRs in the upcoming 
weeks.
Comment 2 dfilter service freebsd_committer freebsd_triage 2008-12-27 03:08:37 UTC 
wxs         2008-12-27 03:08:15 UTC

  FreeBSD ports repository

  Modified files:
    net/vnc              Makefile distinfo 
  Log:
  - Update to 4.1.3
  - This is still buggy on AMD64, I'm working on a fix.
  
  PR:             ports/128510, ports/128515, ports/129289, ports/129894
  Submitted by:   Lots of people
  
  Revision  Changes    Path
  1.62      +3 -6      ports/net/vnc/Makefile
  1.20      +3 -3      ports/net/vnc/distinfo
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 3 Wesley Shields freebsd_committer freebsd_triage 2008-12-27 03:09:37 UTC 
State Changed
From-To: open->closed

Updated to 4.1.3