Bug#786744: jessie-pu: package libvncserver/0.9.9+dfsg-6.1
On 05/25/2015 07:47 PM, Adam D. Barratt wrote:
> Please attach the full source debdiff for a package prepared and
> tested on jessie.
Debdiff is attached.
> The meta-data for that bug claims that the bug still affects unstable.
> Given that it appears to be fixed in the package you uploaded yesterday
I just uploaded afterwards, yes.
> (and indeed had previously uploaded to experimental), I'm unclear as to
> why that is. Looking at the changelog, I'm also confused as to why
> neither of the changelogs for the 0.9.10 uploads even mentions that you
> had applied the patch.
>
Sorry I messed up with the changelog and forgot some changes (including
this patch). I fixed it in the git repo.
http://anonscm.debian.org/cgit/collab-maint/libvncserver.git/commit/?id=b33c231b67ef69cd3e65c8c10f5cf214e8f54fa1
diff -Nru libvncserver-0.9.9+dfsg/debian/changelog libvncserver-0.9.9+dfsg/debian/changelog
--- libvncserver-0.9.9+dfsg/debian/changelog 2015-05-26 01:08:32.000000000 +0200
+++ libvncserver-0.9.9+dfsg/debian/changelog 2015-05-26 01:20:43.000000000 +0200
@@ -1,3 +1,9 @@
+libvncserver (0.9.9+dfsg-6.2) stable; urgency=medium
+
+ * added patch for libgcrypt init before use (Closes: #782570)
+
+ -- Peter Spiess-Knafl <dev@spiessknafl.at> Tue, 26 May 2015 01:19:44 +0200
+
libvncserver (0.9.9+dfsg-6.1) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru libvncserver-0.9.9+dfsg/debian/patches/0004-init-libgcrypt-before-use.patch libvncserver-0.9.9+dfsg/debian/patches/0004-init-libgcrypt-before-use.patch
--- libvncserver-0.9.9+dfsg/debian/patches/0004-init-libgcrypt-before-use.patch 1970-01-01 01:00:00.000000000 +0100
+++ libvncserver-0.9.9+dfsg/debian/patches/0004-init-libgcrypt-before-use.patch 2015-05-26 01:17:08.000000000 +0200
@@ -0,0 +1,29 @@
+From: Peter Spiess-Knafl <psk@autistici.org>
+Date: Wed, 4 Feb 2015 13:20:39 +0100
+Subject: init libgcrypt before use
+
+---
+ libvncclient/rfbproto.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/libvncclient/rfbproto.c b/libvncclient/rfbproto.c
+index f653850..aa74c23 100644
+--- a/libvncclient/rfbproto.c
++++ b/libvncclient/rfbproto.c
+@@ -857,6 +857,16 @@ HandleARDAuth(rfbClient *client)
+ rfbCredential *cred = NULL;
+ rfbBool result = FALSE;
+
++ if (!gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P))
++ {
++ /* Application did not initialize gcrypt, so we should */
++ if (!gcry_check_version(GCRYPT_VERSION))
++ {
++ /* Older version of libgcrypt is installed on system than compiled against */
++ rfbClientLog("libgcrypt version mismatch.\n");
++ }
++ }
++
+ while (1)
+ {
+ if (!ReadFromRFBServer(client, (char *)gen, 2))
diff -Nru libvncserver-0.9.9+dfsg/debian/patches/series libvncserver-0.9.9+dfsg/debian/patches/series
--- libvncserver-0.9.9+dfsg/debian/patches/series 2015-05-26 01:08:32.000000000 +0200
+++ libvncserver-0.9.9+dfsg/debian/patches/series 2015-05-26 01:17:42.000000000 +0200
@@ -10,3 +10,4 @@
CVE-2015-6053.patch
CVE-2014-6054.patch
CVE-2014-6055.patch
+0004-init-libgcrypt-before-use.patch
Reply to: