SOURCES: tightvnc-security.patch (NEW), tightvnc-imake-tmpdir.patc...

glen glen at pld-linux.org
Fri Jan 27 14:38:47 CET 2006 

Author: glen                         Date: Fri Jan 27 13:38:47 2006 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- security related patches from gentoo

---- Files affected:
SOURCES:
   tightvnc-security.patch (NONE -> 1.1)  (NEW), tightvnc-imake-tmpdir.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: SOURCES/tightvnc-security.patch
diff -u /dev/null SOURCES/tightvnc-security.patch:1.1
--- /dev/null	Fri Jan 27 14:38:47 2006
+++ SOURCES/tightvnc-security.patch	Fri Jan 27 14:38:42 2006
@@ -0,0 +1,20 @@
+--- /tmp/vncserver	2003-02-21 17:29:45.000000000 +0000
++++ vncserver	2003-02-21 17:30:10.000000000 +0000
+@@ -153,15 +153,8 @@
+ $desktopLog = "$vncUserDir/$host:$displayNumber.log";
+ unlink($desktopLog);
+ 
+-# Make an X server cookie - use as the seed the sum of the current time, our
+-# PID and part of the encrypted form of the password.  Ideally we'd use
+-# /dev/urandom, but that's only available on Linux.
+-
+-srand(time+$$+unpack("L",`cat $vncUserDir/passwd`));
+-$cookie = "";
+-for (1..16) {
+-    $cookie .= sprintf("%02x", int(rand(256)));
+-}
++# Make an X server cookie - use mcookie
++$cookie = `/usr/bin/mcookie`;
+ 
+ system("xauth -f $xauthorityFile add $host:$displayNumber . $cookie");
+ system("xauth -f $xauthorityFile add $host/unix:$displayNumber . $cookie"); 

================================================================
Index: SOURCES/tightvnc-imake-tmpdir.patch
diff -u /dev/null SOURCES/tightvnc-imake-tmpdir.patch:1.1
--- /dev/null	Fri Jan 27 14:38:47 2006
+++ SOURCES/tightvnc-imake-tmpdir.patch	Fri Jan 27 14:38:42 2006
@@ -0,0 +1,37 @@
+--- vnc_unixsrc/Xvnc/config/imake/imake.c.orig	2000-06-11 14:00:51.000000000 +0200
++++ vnc_unixsrc/Xvnc/config/imake/imake.c	2003-09-01 22:59:25.000000000 +0200
+@@ -913,12 +913,25 @@
+ static void get_libc_version(inFile)
+   FILE* inFile;
+ {
+-  char *aout = tmpnam (NULL);
++  char aout[PATH_MAX];
+   FILE *fp;
+   const char *format = "%s -o %s -x c -";
+   char *cc;
+   int len;
+   char *command;
++  char *tmpdir;
++  int tmpfd;
++  
++  if((tmpdir = getenv("TMPDIR")) != NULL && strlen(tmpdir) < (PATH_MAX-13))
++    strcpy(aout, tmpdir);
++  else
++    strcpy(aout, "/tmp");
++  strcat(aout, "/imakeXXXXXX");
++  
++  if((tmpfd = mkstemp(aout)) == -1) {
++    perror("mkstemp");
++    abort();
++  }
+ 
+   cc = getenv ("CC");
+   if (cc == NULL)
+@@ -930,6 +943,7 @@
+   if (snprintf (command , len, format, cc, aout) == len)
+     abort ();
+ 
++  close(tmpfd);
+   fp = popen (command, "w");
+   if (fp == NULL || fprintf (fp, "%s\n", libc_c) < 0
+       || pclose (fp) != 0)
================================================================

More information about the pld-cvs-commit mailing list