Bug 215802 - net/libvncserver: Update to 0.9.11 (Security fixes)
Summary: net/libvncserver: Update to 0.9.11 (Security fixes)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Matthew Seaman
URL: https://github.com/LibVNC/libvncserve...
Keywords: patch, security
Depends on: 215805
Blocks:
  Show dependency treegraph
 
Reported: 2017-01-05 18:29 UTC by VK
Modified: 2017-01-22 12:03 UTC (History)
3 users (show)

See Also:
vlad-fbsd: merge-quarterly?


Attachments
Update libvncserver to 0.9.11 (2.31 KB, patch)
2017-01-05 18:29 UTC, VK
vlad-fbsd: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description VK freebsd_triage 2017-01-05 18:29:46 UTC
Created attachment 178550 [details]
Update libvncserver to 0.9.11

The attached patch updates libvncserver to 0.9.11.

* Release notes
  https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.11

* Removal of libvncclient/h264.c
  https://github.com/LibVNC/libvncserver/commit/612de004c47586d74d5a93901a2d94ca1fc3f5e3

Build tests:

* Poudriere 11.0, amd64: OK
* Poudriere 10.3, amd64: OK

I haven't done any run tests. The port apparently has some unit tests but I haven't run them yet, gotta figure out how to do that properly in a clean environment.

The port has no maintainer, implicit approval.
Comment 1 Dutchman01 2017-01-19 16:33:19 UTC
running fine for me
Comment 2 Matthew Seaman freebsd_committer 2017-01-21 20:54:03 UTC
This also fixes security vuln 

https://vuxml.freebsd.org/freebsd/64be967a-d379-11e6-a071-001e67f15f5a.html

so MFC indicated.

Also, shlib ABI version bump, so PORTREVISION should be incremented in ports that link against this as a default option, which will be some subset of these:

  graphics/osg-devel
  graphics/osg
  emulators/bochs
  emulators/kcemu
  emulators/virtualbox-ose
  net/krdc
  net/remmina-plugin-vnc
  net/guacamole-server
Comment 3 Matthew Seaman freebsd_committer 2017-01-21 20:54:42 UTC
(In reply to Matthew Seaman from comment #2)

s/MFC/MFH/
Comment 4 commit-hook freebsd_committer 2017-01-21 21:48:14 UTC
A commit references this bug:

Author: matthew
Date: Sat Jan 21 21:47:22 UTC 2017
New revision: 432083
URL: https://svnweb.freebsd.org/changeset/ports/432083

Log:
  Update to 0.9.11

  This includes a	security fix for CVE-2016-9941 and CVE-2016-9942

    * Drop files/patch-libvncclient_h264.c -- upstream has dropped h264 support
    * Switch from USE_OPENSSL to USES+=ssl
    * PORTREVISION bump in ports that link against libvncserver.so (with
      their default OPTIONS settings) due to change in ABI version of
      libvncserver.so

  PR:		215802
  Submitted by:	vlad-fbsd@acheronmedia.com
  MFH:		2017Q1
  Security:	64be967a-d379-11e6-a071-001e67f15f5a

Changes:
  head/emulators/kcemu/Makefile
  head/emulators/virtualbox-ose/Makefile
  head/net/guacamole-server/Makefile
  head/net/krdc/Makefile
  head/net/libvncserver/Makefile
  head/net/libvncserver/distinfo
  head/net/libvncserver/files/
  head/net/libvncserver/pkg-plist
  head/net/remmina-plugin-vnc/Makefile
Comment 5 commit-hook freebsd_committer 2017-01-22 12:02:54 UTC
A commit references this bug:

Author: matthew
Date: Sun Jan 22 12:02:20 UTC 2017
New revision: 432114
URL: https://svnweb.freebsd.org/changeset/ports/432114

Log:
  MFH: r432083 r432088

  Update to 0.9.11

  This includes a	security fix for CVE-2016-9941 and CVE-2016-9942

    * Drop files/patch-libvncclient_h264.c -- upstream has dropped h264 support
    * Switch from USE_OPENSSL to USES+=ssl
    * PORTREVISION bump in ports that link against libvncserver.so (with
      their default OPTIONS settings) due to change in ABI version of
      libvncserver.so

  PR:		215802
  Submitted by:	vlad-fbsd@acheronmedia.com
  Security:	64be967a-d379-11e6-a071-001e67f15f5a

  Bump PORTREVISION chasing ABI version increment in libvncserver --
  this port was missed from r432083, and this change should be MFH'd as
  well.

  Approved by:	ports-secteam (junovitch)

Changes:
_U  branches/2017Q1/
  branches/2017Q1/emulators/aqemu/Makefile
  branches/2017Q1/emulators/kcemu/Makefile
  branches/2017Q1/emulators/virtualbox-ose/Makefile
  branches/2017Q1/net/guacamole-server/Makefile
  branches/2017Q1/net/krdc/Makefile
  branches/2017Q1/net/libvncserver/Makefile
  branches/2017Q1/net/libvncserver/distinfo
  branches/2017Q1/net/libvncserver/files/
  branches/2017Q1/net/libvncserver/pkg-plist
  branches/2017Q1/net/remmina-plugin-vnc/Makefile
Comment 6 Matthew Seaman freebsd_committer 2017-01-22 12:03:33 UTC
Committed with minor changes, thanks!