Accepting request 760157 from home:ldevulder

- Add tigervnc-fix-saving-of-bad-server-certs.patch
  * fix saving of bad server certificates (boo#1159948)

OBS-URL: https://build.opensuse.org/request/show/760157
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/tigervnc?expand=0&rev=166

tigervnc-fix-saving-of-bad-server-certs.patch

@@ -0,0 +1,60 @@
+From dbad687182ae9093efaf096a069eeafc18b22973 Mon Sep 17 00:00:00 2001
+From: Pierre Ossman <ossman@cendio.se>
+Date: Mon, 30 Dec 2019 10:24:11 +0100
+Subject: [PATCH 1/2] Fix saving of bad server certificates
+
+This check is completely backwards and it is currently unknown how
+this ever worked.
+---
+ common/rfb/CSecurityTLS.cxx | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
+index aa1910909..c1a00212a 100644
+--- a/common/rfb/CSecurityTLS.cxx
++++ b/common/rfb/CSecurityTLS.cxx
+@@ -416,8 +416,9 @@ void CSecurityTLS::checkSession()
+   delete [] certinfo;
+ 
+   if (gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_PEM, NULL, &out_size)
+-      == GNUTLS_E_SHORT_MEMORY_BUFFER)
+-    throw AuthFailureException("Out of memory");
++      != GNUTLS_E_SHORT_MEMORY_BUFFER)
++    throw AuthFailureException("certificate issuer unknown, and certificate "
++                               "export failed");
+ 
+   // Save cert
+   out_buf =  new char[out_size];
+
+From 6208f47dcbf68ff1e751b0b526bb643f0da867a6 Mon Sep 17 00:00:00 2001
+From: Pierre Ossman <ossman@cendio.se>
+Date: Mon, 30 Dec 2019 10:26:12 +0100
+Subject: [PATCH 2/2] Remove unneeded memory checks
+
+new throws an exception on allocation errors rather than return NULL.
+---
+ common/rfb/CSecurityTLS.cxx | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
+index c1a00212a..5c303a37c 100644
+--- a/common/rfb/CSecurityTLS.cxx
++++ b/common/rfb/CSecurityTLS.cxx
+@@ -396,8 +396,6 @@ void CSecurityTLS::checkSession()
+   vlog.debug("%s", info.data);
+ 
+   certinfo = new char[len];
+-  if (certinfo == NULL)
+-    throw AuthFailureException("Out of memory");
+ 
+   snprintf(certinfo, len, "This certificate has been signed by an unknown "
+                           "authority:\n\n%s\n\nDo you want to save it and "
+@@ -422,8 +420,6 @@ void CSecurityTLS::checkSession()
+ 
+   // Save cert
+   out_buf =  new char[out_size];
+-  if (out_buf == NULL)
+-    throw AuthFailureException("Out of memory");
+ 
+   if (gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_PEM, out_buf, &out_size) < 0)
+     throw AuthFailureException("certificate issuer unknown, and certificate "

tigervnc.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Dec 31 09:53:30 UTC 2019 - Loic Devulder <ldevulder@suse.com>
+
+- Add tigervnc-fix-saving-of-bad-server-certs.patch
+  * fix saving of bad server certificates (boo#1159948)
+
 -------------------------------------------------------------------
 Fri Oct  4 14:19:48 UTC 2019 - Hans-Peter Jansen <hpj@urpla.net>
 

tigervnc.spec

@@ -140,6 +140,7 @@ Patch8:         u_tigervnc-add-autoaccept-parameter.patch
 Patch9:         u_change-button-layout-in-ServerDialog.patch
 Patch10:        n_correct_path_in_desktop_file.patch
 Patch11:        U_viewer-reset-ctrl-alt-to-menu-state-on-focus.patch
+Patch12:        tigervnc-fix-saving-of-bad-server-certs.patch
 
 %description
 TigerVNC is an implementation of VNC (Virtual Network Computing), a
@@ -258,6 +259,7 @@ cp -r /usr/src/xserver/* unix/xserver/
 %patch9 -p1
 %patch10 -p1
 %patch11 -p1
+%patch12 -p1
 
 pushd unix/xserver
 patch -p1 < ../xserver120.patch