Bug#786744: jessie-pu: package libvncserver/0.9.9+dfsg-6.1

[Peter Spiess-Knafl <dev@spiessknafl.at>]

On 05/25/2015 07:47 PM, Adam D. Barratt wrote:

> Please attach the full source debdiff for a package prepared and
> tested on jessie.

Debdiff is attached.

> The meta-data for that bug claims that the bug still affects unstable.
> Given that it appears to be fixed in the package you uploaded yesterday

I just uploaded afterwards, yes.

> (and indeed had previously uploaded to experimental), I'm unclear as to
> why that is. Looking at the changelog, I'm also confused as to why
> neither of the changelogs for the 0.9.10 uploads even mentions that you
> had applied the patch.
> 

Sorry I messed up with the changelog and forgot some changes (including
this patch). I fixed it in the git repo.

http://anonscm.debian.org/cgit/collab-maint/libvncserver.git/commit/?id=b33c231b67ef69cd3e65c8c10f5cf214e8f54fa1



diff -Nru libvncserver-0.9.9+dfsg/debian/changelog libvncserver-0.9.9+dfsg/debian/changelog
--- libvncserver-0.9.9+dfsg/debian/changelog	2015-05-26 01:08:32.000000000 +0200
+++ libvncserver-0.9.9+dfsg/debian/changelog	2015-05-26 01:20:43.000000000 +0200
@@ -1,3 +1,9 @@
+libvncserver (0.9.9+dfsg-6.2) stable; urgency=medium
+
+  * added patch for libgcrypt init before use (Closes: #782570)
+
+ -- Peter Spiess-Knafl <dev@spiessknafl.at>  Tue, 26 May 2015 01:19:44 +0200
+
 libvncserver (0.9.9+dfsg-6.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru libvncserver-0.9.9+dfsg/debian/patches/0004-init-libgcrypt-before-use.patch libvncserver-0.9.9+dfsg/debian/patches/0004-init-libgcrypt-before-use.patch
--- libvncserver-0.9.9+dfsg/debian/patches/0004-init-libgcrypt-before-use.patch	1970-01-01 01:00:00.000000000 +0100
+++ libvncserver-0.9.9+dfsg/debian/patches/0004-init-libgcrypt-before-use.patch	2015-05-26 01:17:08.000000000 +0200
@@ -0,0 +1,29 @@
+From: Peter Spiess-Knafl <psk@autistici.org>
+Date: Wed, 4 Feb 2015 13:20:39 +0100
+Subject: init libgcrypt before use
+
+---
+ libvncclient/rfbproto.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/libvncclient/rfbproto.c b/libvncclient/rfbproto.c
+index f653850..aa74c23 100644
+--- a/libvncclient/rfbproto.c
++++ b/libvncclient/rfbproto.c
+@@ -857,6 +857,16 @@ HandleARDAuth(rfbClient *client)
+   rfbCredential *cred = NULL;
+   rfbBool result = FALSE;
+ 
++  if (!gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P))
++  {
++    /* Application did not initialize gcrypt, so we should */
++    if (!gcry_check_version(GCRYPT_VERSION))
++    {
++      /* Older version of libgcrypt is installed on system than compiled against */
++      rfbClientLog("libgcrypt version mismatch.\n");
++    }
++  }
++
+   while (1)
+   {
+     if (!ReadFromRFBServer(client, (char *)gen, 2))
diff -Nru libvncserver-0.9.9+dfsg/debian/patches/series libvncserver-0.9.9+dfsg/debian/patches/series
--- libvncserver-0.9.9+dfsg/debian/patches/series	2015-05-26 01:08:32.000000000 +0200
+++ libvncserver-0.9.9+dfsg/debian/patches/series	2015-05-26 01:17:42.000000000 +0200
@@ -10,3 +10,4 @@
 CVE-2015-6053.patch
 CVE-2014-6054.patch
 CVE-2014-6055.patch
+0004-init-libgcrypt-before-use.patch