Date: Saturday, October 8, 2016 @ 06:53:27 Author: bisson Revision: 277913
fix FS#49973 Added: x11vnc/trunk/fix-buffer-overflows.patch Modified: x11vnc/trunk/PKGBUILD ----------------------------+ PKGBUILD | 9 ++++++++- fix-buffer-overflows.patch | 26 ++++++++++++++++++++++++++ 2 files changed, 34 insertions(+), 1 deletion(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2016-10-08 06:52:43 UTC (rev 277912) +++ PKGBUILD 2016-10-08 06:53:27 UTC (rev 277913) @@ -5,7 +5,7 @@ pkgname=x11vnc epoch=1 pkgver=0.9.13 -pkgrel=8 +pkgrel=9 pkgdesc='VNC server for real X displays' url='http://www.karlrunge.com/x11vnc/' arch=('i686' 'x86_64') @@ -15,10 +15,17 @@ 'xf86-video-dummy: Xdummy script') depends=('openssl' 'libjpeg' 'libxtst' 'libxinerama' 'libxdamage' 'libxrandr' 'avahi') source=("http://downloads.sourceforge.net/project/libvncserver/${pkgname}/${pkgver}/${pkgname}-${pkgver}.tar.gz" + 'fix-buffer-overflows.patch' 'service') sha1sums=('f011d81488ac94dc8dce2d88739c23bd85a976fa' + 'd30e4036bd8e26da8a7c4da29081c07eb7a9b17d' '53e1ed7f84518a699a29607a03bee2321f9f9624') +prepare() { + cd "${srcdir}/${pkgname}-${pkgver}" + patch -p1 -i ../fix-buffer-overflows.patch +} + build() { cd "${srcdir}/${pkgname}-${pkgver}" ./configure --prefix=/usr --mandir=/usr/share/man Added: fix-buffer-overflows.patch =================================================================== --- fix-buffer-overflows.patch (rev 0) +++ fix-buffer-overflows.patch 2016-10-08 06:53:27 UTC (rev 277913) @@ -0,0 +1,26 @@ +diff -Naur x11vnc-0.9.13-ori/x11vnc/win_utils.c x11vnc-0.9.13/x11vnc/win_utils.c +--- x11vnc-0.9.13-ori/x11vnc/win_utils.c 2016-10-07 23:26:03.248600761 +0200 ++++ x11vnc-0.9.13/x11vnc/win_utils.c 2016-10-07 23:26:51.919256706 +0200 +@@ -262,8 +262,8 @@ + } + + last_snap = now; +- if (num > stack_list_len + blackouts) { +- int n = 2*num; ++ if (num + blackouts > stack_list_len) { ++ int n = 2 * (num + blackouts); + free(stack_list); + stack_list = (winattr_t *) malloc(n*sizeof(winattr_t)); + stack_list_len = n; +diff -Naur x11vnc-0.9.13-ori/x11vnc/xrecord.c x11vnc-0.9.13/x11vnc/xrecord.c +--- x11vnc-0.9.13-ori/x11vnc/xrecord.c 2016-10-07 23:26:03.248600761 +0200 ++++ x11vnc-0.9.13/x11vnc/xrecord.c 2016-10-07 23:27:49.566700470 +0200 +@@ -964,7 +964,7 @@ + data = (char *)req; + data += sz_xConfigureWindowReq; + +- for (i=0; i<req->length; i++) { ++ for (i = 0; i < req->length - sz_xConfigureWindowReq / 4 && i < 4; i++) { + unsigned int v; + /* + * We use unsigned int for the values. There were