File LibVNCServer.spec of Package LibVNCServer.25862
#
# spec file for package LibVNCServer
#
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: LibVNCServer
Version: 0.9.10
Release: 0
Summary: VNC Development Library
License: GPL-2.0+
Group: Development/Libraries/X11
Url: https://github.com/LibVNC/libvncserver
# Archive is renamed by github
#Source0: https://github.com/LibVNC/libvncserver/archive/%{name}-%{version}.tar.gz
Source0: libvncserver-%{name}-%{version}.tar.gz
Source1: baselibs.conf
#PATCH-FIX-OPENSUSE: multilib support
Patch1: libvncserver-0.9.1-multilib.patch
#PATCH-FIX-OPENSUSE: redefine keysyms only if needed
Patch7: redef-keysym.patch
#PATCH_FIX-OPENSUSE: Use system fast byteswap routines.
Patch11: libvncserver-byteswap.patch
Patch12: libvncserver-%{version}-ossl.patch
#PATCH-FIX-UPSTREAM: use namespaced rfbMax macro (avoids conflicts with stl_algobase.h), picked from upstream
Patch13: libvncserver-0.9.10-use-namespaced-rfbMax-macro.patch
Patch14: LibVNCServer-CVE-2018-7225.patch
Patch15: LibVNCServer-CVE-2018-15126.patch
Patch16: LibVNCServer-CVE-2018-6307.patch
Patch17: LibVNCServer-CVE-2018-20020.patch
Patch18: LibVNCServer-CVE-2018-15127.patch
Patch19: LibVNCServer-CVE-2018-20019.patch
Patch20: LibVNCServer-CVE-2018-20023.patch
Patch21: LibVNCServer-CVE-2018-20022.patch
Patch22: LibVNCServer-CVE-2018-20024.patch
Patch23: LibVNCServer-CVE-2018-20021.patch
Patch24: LibVNCServer-CVE-2018-20749.patch
Patch25: LibVNCServer-CVE-2018-20750.patch
Patch26: LibVNCServer-CVE-2018-20748.patch
# CVE-2019-15681 [bsc#1155419]
Patch27: LibVNCServer-CVE-2019-15681.patch
# CVE-2019-20788 [bsc#1170441], integer overflow and heap-based buffer overflow via a large height or width value
Patch28: LibVNCServer-CVE-2019-20788.patch
# CVE-2019-15690 [bsc#1160471], heap buffer overflow
Patch29: LibVNCServer-CVE-2019-15690.patch
# CVE-2017-18922 [bsc#1173477], preauth buffer overwrite
Patch30: LibVNCServer-CVE-2017-18922.patch
# CVE-2020-14400 [bsc#1173691], Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c.
Patch31: LibVNCServer-CVE-2020-14400.patch
# CVE-2020-14401 [bsc#1173694], potential integer overflows in libvncserver/scale.c
Patch32: LibVNCServer-CVE-2020-14401.patch
# CVE-2020-14397 [bsc#1173700], NULL pointer dereference in libvncserver/rfbregion.c
Patch33: LibVNCServer-CVE-2020-14397.patch
# CVE-2020-14402 [bsc#1173701], out-of-bounds access via encodings.
Patch34: LibVNCServer-CVE-2020-14402,14403,14404.patch
# CVE-2020-14399 [bsc#1173743], Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c.
Patch35: LibVNCServer-CVE-2020-14399.patch
# CVE-2019-20840 [bsc#1173876], unaligned accesses in hybiReadAndDecode can lead to denial of service
Patch36: LibVNCServer-CVE-2019-20840.patch
# CVE-2019-20839 [bsc#1173875], buffer overflow in ConnectClientToUnixSock()
Patch37: LibVNCServer-CVE-2019-20839.patch
# CVE-2018-21247 [bsc#1173874], uninitialized memory contents are vulnerable to Information leak
Patch38: LibVNCServer-CVE-2018-21247.patch
# CVE-2020-14398 [bsc#1173880], improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c
Patch39: LibVNCServer-CVE-2020-14398.patch
# CVE-2020-25708 [bsc#1178682], libvncserver/rfbserver.c has a divide by zero which could result in DoS
Patch40: LibVNCServer-CVE-2020-25708.patch
# CVE-2020-29260 [bsc#1203106], memory leakage via rfbClientCleanup()
Patch41: LibVNCServer-CVE-2020-29260.patch
BuildRequires: libavahi-devel
BuildRequires: libgcrypt-devel
BuildRequires: libgnutls-devel
BuildRequires: libjpeg-devel
BuildRequires: libpng-devel
BuildRequires: libtool
BuildRequires: lzo-devel
BuildRequires: openssl-devel
BuildRequires: pkgconfig
BuildRequires: slang-devel
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
VNC is a set of programs using the RFB (Remote Frame Buffer) protocol.
They are designed to "export" a frame buffer via the network. It is
already in wide use for administration, but it is not that easy to
program a server yourself. This has been changed by LibVNCServer.
X.org already has a virtual Xvnc server which you can start as an own
screen (e.g. :1) and connect to with a VNC client (e.g. vncviewer from
tightvnc). The x11vnc binary (that allows you to export the window of a
real running X11 server) has been split off into its own package on
2007-07-16.
%package -n libvncclient0
Summary: Library implementing a VNC client
Group: System/Libraries
Obsoletes: linuxvnc < %{version}
Conflicts: LibVNCServer < %version
%description -n libvncclient0
LibVNCServer/LibVNCClient are cross-platform C libraries that allow
implementing VNC server or client functionality in your program.
%package -n libvncserver0
Summary: Library implementing a VNC server
Group: System/Libraries
%description -n libvncserver0
LibVNCServer/LibVNCClient are cross-platform C libraries that allow
implementing VNC server or client functionality in your program.
%package devel
Requires: gnutls-devel
Requires: libvncclient0 = %version
Requires: libvncserver0 = %version
Requires: zlib-devel
Summary: VNC Development Library
Group: Development/Libraries/X11
%description devel
VNC is a set of programs using the RFB (Remote Frame Buffer) protocol.
They are designed to "export" a frame buffer via the network. It is
already in wide use for administration, but it is not that easy to
program a server yourself. This has been changed by LibVNCServer.
X.org already has a virtual Xvnc server which you can start as an own
screen (e.g. :1) and connect to with a VNC client (e.g. vncviewer from
tightvnc).
The LibVNCServer-devel package contains the static libraries and header
files for LibVNCServer.
%prep
%setup -q -n libvncserver-%{name}-%{version}
%patch1 -p1 -b .multilib
#%patch2 -p1 -b .system_minilzo
%patch7 -p1
# aclocal; autoheader; automake --add-missing --copy; autoconf
# ./configure --enable-maintainer-mode
# sh ./autogen.sh
%patch11
%patch12
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
%patch20 -p1
%patch21 -p1
%patch22 -p1
%patch23 -p1
%patch24 -p1
%patch25 -p1
%patch26 -p1
%patch27 -p1
%patch28 -p1
%patch29 -p1
%patch30 -p1
%patch31 -p1
%patch32 -p1
%patch33 -p1
%patch34 -p1
%patch35 -p1
%patch36 -p1
%patch37 -p1
%patch38 -p1
%patch39 -p1
%patch40 -p1
%patch41 -p1
# fix encoding
for file in AUTHORS ChangeLog ; do
mv ${file} ${file}.OLD && \
iconv -f ISO_8859-1 -t UTF8 ${file}.OLD > ${file} && \
touch --reference ${file}.OLD $file
done
#nuke bundled minilzo
#rm -f common/lzodefs.h common/lzoconf.h commmon/minilzo.h common/minilzo.c
# needed by patch 2 (and to nuke rpath's)
#autoreconf
%build
CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE -D_REENTRANT" \
NOCONFIGURE=1 ./autogen.sh
# Plase note that tightvn cause a problem; need to be fix
%configure --disable-static --with-pic --enable-shared --with-gnu-ld --without-tightvnc-filetransfer --disable-silent-rules
make %{?_smp_mflags}
%{__install} -d -m0755 RPM_BUILD_ROOT%{_datadir}/x11vnc/classes
%check
pushd test
# encodingstest segfaults during rfbShutdownServer() [no of our patch causes the segfault]
make test || true
popd
%install
%makeinstall
%{__rm} -f %{buildroot}%{_libdir}/*.la
%{__rm} -f %{buildroot}%{_libdir}/*.a
%post -n libvncclient0 -p /sbin/ldconfig
%postun -n libvncclient0 -p /sbin/ldconfig
%post -n libvncserver0 -p /sbin/ldconfig
%postun -n libvncserver0 -p /sbin/ldconfig
%files -n libvncserver0
%defattr(-,root,root)
%doc COPYING README
%_libdir/libvncserver.so.0*
%files -n libvncclient0
%defattr(-,root,root)
%doc COPYING README
%_libdir/libvncclient.so.0*
%files devel
%defattr(-,root,root)
%doc AUTHORS COPYING ChangeLog NEWS README TODO
%{_bindir}/libvncserver-config
%{_includedir}/rfb/*
%dir /usr/include/rfb
%{_libdir}/libvncclient.so
%{_libdir}/libvncserver.so
%{_libdir}/pkgconfig/*.pc
%changelog
