Bug#1024480: bullseye-pu: package libvncserver/0.9.13+dfsg-2+deb11u1

Sun, 20 Nov 2022 04:57:51 -0800 

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian....@packages.debian.org
Usertags: pu

[ Reason ]
Provide CVE fix contributed by the Debian LTS team; resolve annoying
screensize limit for people using large resolutions via VNC.

[ Impact ]
CVE issue stays unfixed; people with large screens cannot export
them via VNC.

[ Tests ]
Manual test (locally). CVE-2020-29260 has also been tested for LTS.

[ Risks ]
Code changes are rather trivial and non-invasive.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]

+  [ Mike Gabriel ]
+  * debian/patches:
+    + Trivially rebase patches 0001 and 0002.

-> So that patches cleanly apply, chrerry-picked from unstable.

+    + Add 0003-rfb-increase-update-buf-size.patch. Allow larger screen sizes.
+      (Closes: #1010449).

Allows for larger screensizes (1x 8k, 2x 4k, etc.).

+  [ Thorsten Alteholz ]
+    + CVE-2020-29260: Add CVE-2020-29260.patch. Resolve memory leak in function
+      rfbClientCleanup(). (Closes: #1019228).

-> CVE-2020-29260 (no-dsa)

[ Other info ]
None.

diff -Nru libvncserver-0.9.13+dfsg/debian/changelog 
libvncserver-0.9.13+dfsg/debian/changelog
--- libvncserver-0.9.13+dfsg/debian/changelog   2021-02-28 15:37:06.000000000 
+0100
+++ libvncserver-0.9.13+dfsg/debian/changelog   2022-11-20 13:18:12.000000000 
+0100
@@ -1,3 +1,17 @@
+libvncserver (0.9.13+dfsg-2+deb11u1) bullseye; urgency=medium
+
+  [ Mike Gabriel ]
+  * debian/patches:
+    + Trivially rebase patches 0001 and 0002.
+    + Add 0003-rfb-increase-update-buf-size.patch. Allow larger screen sizes.
+      (Closes: #1010449).
+
+  [ Thorsten Alteholz ]
+    + CVE-2020-29260: Add CVE-2020-29260.patch. Resolve memory leak in function
+      rfbClientCleanup(). (Closes: #1019228).
+
+ -- Mike Gabriel <sunwea...@debian.org>  Sun, 20 Nov 2022 13:18:12 +0100
+
 libvncserver (0.9.13+dfsg-2) unstable; urgency=medium
 
   [ Marco Trevisan (TreviƱo) ]
diff -Nru 
libvncserver-0.9.13+dfsg/debian/patches/0001-libvncserver-don-t-NULL-out-internal-of-the-default-.patch
 
libvncserver-0.9.13+dfsg/debian/patches/0001-libvncserver-don-t-NULL-out-internal-of-the-default-.patch
--- 
libvncserver-0.9.13+dfsg/debian/patches/0001-libvncserver-don-t-NULL-out-internal-of-the-default-.patch
     2021-02-28 15:35:53.000000000 +0100
+++ 
libvncserver-0.9.13+dfsg/debian/patches/0001-libvncserver-don-t-NULL-out-internal-of-the-default-.patch
     2022-11-20 13:17:58.000000000 +0100
@@ -15,11 +15,9 @@
  libvncserver/main.c | 3 ++-
  1 file changed, 2 insertions(+), 1 deletion(-)
 
-diff --git a/libvncserver/main.c b/libvncserver/main.c
-index 6477ee8..06efe6e 100644
 --- a/libvncserver/main.c
 +++ b/libvncserver/main.c
-@@ -1021,7 +1021,8 @@ void rfbScreenCleanup(rfbScreenInfoPtr screen)
+@@ -1110,7 +1110,8 @@
    FREE_IF(underCursorBuffer);
    TINI_MUTEX(screen->cursorMutex);
  
@@ -29,6 +27,3 @@
  
  #ifdef LIBVNCSERVER_HAVE_LIBZ
    rfbZlibCleanup(screen);
--- 
-2.25.1
-
diff -Nru 
libvncserver-0.9.13+dfsg/debian/patches/0002-zlib-Clear-buffer-pointers-on-cleanup.patch
 
libvncserver-0.9.13+dfsg/debian/patches/0002-zlib-Clear-buffer-pointers-on-cleanup.patch
--- 
libvncserver-0.9.13+dfsg/debian/patches/0002-zlib-Clear-buffer-pointers-on-cleanup.patch
    2021-02-28 15:35:53.000000000 +0100
+++ 
libvncserver-0.9.13+dfsg/debian/patches/0002-zlib-Clear-buffer-pointers-on-cleanup.patch
    2022-11-20 13:17:58.000000000 +0100
@@ -26,11 +26,9 @@
  libvncserver/zlib.c | 2 ++
  1 file changed, 2 insertions(+)
 
-diff --git a/libvncserver/zlib.c b/libvncserver/zlib.c
-index ac20c9c..6b7731e 100644
 --- a/libvncserver/zlib.c
 +++ b/libvncserver/zlib.c
-@@ -63,11 +63,13 @@ void rfbZlibCleanup(rfbScreenInfoPtr screen)
+@@ -64,11 +64,13 @@
  {
    if (zlibBeforeBufSize) {
      free(zlibBeforeBuf);
@@ -44,6 +42,3 @@
    }
  }
  
--- 
-2.25.1
-
diff -Nru 
libvncserver-0.9.13+dfsg/debian/patches/0003-rfb-increase-update-buf-size.patch 
libvncserver-0.9.13+dfsg/debian/patches/0003-rfb-increase-update-buf-size.patch
--- 
libvncserver-0.9.13+dfsg/debian/patches/0003-rfb-increase-update-buf-size.patch 
    1970-01-01 01:00:00.000000000 +0100
+++ 
libvncserver-0.9.13+dfsg/debian/patches/0003-rfb-increase-update-buf-size.patch 
    2022-11-20 13:17:58.000000000 +0100
@@ -0,0 +1,28 @@
+From fdf67fb31ed583549ae2f8827593ec4eb3dfed5c Mon Sep 17 00:00:00 2001
+From: Christian Beier <i...@christianbeier.net>
+Date: Mon, 9 May 2022 15:56:11 +0200
+Subject: [PATCH] rfb/rfb.h: increase UPDATE_BUF_SIZE by 2768 bytes
+
+Simply raise the default to 32768 which is not an awful lot of an
+increase and should not hurt the embedded guys.
+
+If someone needs more, we can still go down the malloc() route and
+make the buffer size configurable, but leave this to the users to
+request and KISS for now.
+
+Closes #521
+---
+ rfb/rfb.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/rfb/rfb.h
++++ b/rfb/rfb.h
+@@ -555,7 +555,7 @@
+      * means 8K minimum.
+      */
+ 
+-#define UPDATE_BUF_SIZE 30000
++#define UPDATE_BUF_SIZE 32768
+ 
+     char updateBuf[UPDATE_BUF_SIZE];
+     int ublen;
diff -Nru libvncserver-0.9.13+dfsg/debian/patches/CVE-2020-29260.patch 
libvncserver-0.9.13+dfsg/debian/patches/CVE-2020-29260.patch
--- libvncserver-0.9.13+dfsg/debian/patches/CVE-2020-29260.patch        
1970-01-01 01:00:00.000000000 +0100
+++ libvncserver-0.9.13+dfsg/debian/patches/CVE-2020-29260.patch        
2022-11-20 13:17:58.000000000 +0100
@@ -0,0 +1,22 @@
+commit bef41f6ec4097a8ee094f90a1b34a708fbd757ec
+Author: Christian Beier <i...@christianbeier.net>
+Date:   Sat Nov 21 12:52:31 2020 +0100
+
+    libvncclient: free vncRec memory in rfbClientCleanup()
+   
+    Otherwise we leak memory. Spotted by Ramin Farajpour Cami
+    <ramin.black...@gmail.com>, thanks!
+
+diff --git a/libvncclient/vncviewer.c b/libvncclient/vncviewer.c
+index d6b91f02..0a1bdcf6 100644
+--- a/libvncclient/vncviewer.c
++++ b/libvncclient/vncviewer.c
+@@ -534,6 +534,8 @@ void rfbClientCleanup(rfbClient* client) {
+     client->clientData = next;
+   }
+
++  free(client->vncRec);
++
+   if (client->sock != RFB_INVALID_SOCKET)
+     rfbCloseSocket(client->sock);
+   if (client->listenSock != RFB_INVALID_SOCKET)
diff -Nru libvncserver-0.9.13+dfsg/debian/patches/series 
libvncserver-0.9.13+dfsg/debian/patches/series
--- libvncserver-0.9.13+dfsg/debian/patches/series      2021-02-28 
15:36:01.000000000 +0100
+++ libvncserver-0.9.13+dfsg/debian/patches/series      2022-11-20 
13:17:58.000000000 +0100
@@ -1,2 +1,5 @@
 0001-libvncserver-don-t-NULL-out-internal-of-the-default-.patch
 0002-zlib-Clear-buffer-pointers-on-cleanup.patch
+0003-rfb-increase-update-buf-size.patch
+
+CVE-2020-29260.patch

Reply via email to