c_cpp/LibVNCServer
SHA256
8
0
Fork 0
forked from pool/LibVNCServer
Code Pull Requests Activity

Accepting request 1001885 from devel:libraries:c_c++

Browse Source 
- security update
- added patches
  fix CVE-2020-29260 [bsc#1203106], memory leakage via rfbClientCleanup()
  + LibVNCServer-CVE-2020-29260.patch

OBS-URL: https://build.opensuse.org/request/show/1001885
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/LibVNCServer?expand=0&rev=46
This commit is contained in:
Dominique Leuenberger
2022-09-09 16:22:19 +00:00
committed by Git OBS Bridge
parent a2a696afcb 5288f14c75
commit 8dfed1cd29
3 changed files with 25 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
LibVNCServer-CVE-2020-29260.patch Normal file
View File

@@ -0,0 +1,14 @@
diff --git a/libvncclient/vncviewer.c b/libvncclient/vncviewer.c
index d6b91f02b..0a1bdcf6a 100644
--- a/libvncclient/vncviewer.c
+++ b/libvncclient/vncviewer.c
@@ -534,6 +534,8 @@ void rfbClientCleanup(rfbClient* client) {
client->clientData = next;
}
+ free(client->vncRec);
+
if (client->sock != RFB_INVALID_SOCKET)
rfbCloseSocket(client->sock);
if (client->listenSock != RFB_INVALID_SOCKET)

8
LibVNCServer.changes
View File

@@ -1,3 +1,11 @@
-------------------------------------------------------------------
Thu Sep 8 08:26:25 UTC 2022 - pgajdos@suse.com
- security update
- added patches
fix CVE-2020-29260 [bsc#1203106], memory leakage via rfbClientCleanup()
+ LibVNCServer-CVE-2020-29260.patch
-------------------------------------------------------------------
Fri Sep 17 07:14:46 UTC 2021 - pgajdos@suse.com

4
LibVNCServer.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package LibVNCServer
#
# Copyright (c) 2021 SUSE LLC
# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -38,6 +38,8 @@ Patch12: 0003-libvncserver-auth-don-t-keep-security-handlers-from-.patch
Patch13: 0004-zlib-Clear-buffer-pointers-on-cleanup-444.patch
# PATCH-FIX-UPSTREAM Fix another crasher glgo#GNOME/gnome-remote-desktop#45 rh#1882718
Patch14: 0001-libvncserver-don-t-NULL-out-internal-of-the-default-.patch
# CVE-2020-29260 [bsc#1203106], memory leakage via rfbClientCleanup()
Patch15: LibVNCServer-CVE-2020-29260.patch
BuildRequires: cmake
BuildRequires: gcc-c++
BuildRequires: libavahi-devel