From 3fb4e09812bb17d0d33087dc7c3255eccec2e5fb Mon Sep 17 00:00:00 2001
From: Renaud <c0bw3b@users.noreply.github.com>
Date: Fri, 29 Nov 2019 19:14:40 +0100
Subject: [PATCH] libvncserver: 0.9.11 -> 0.9.12 (#74514)

Vuln roundup #73664 -- unstable channel

Version bump from 0.9.11 to 0.9.12 fixes:
* CVE-2018-6307
* CVE-2018-15126
* CVE-2018-15127
* CVE-2018-20019
* CVE-2018-20020
* CVE-2018-20021
* CVE-2018-20022
* CVE-2018-20023
* CVE-2018-20024
* CVE-2018-20748
* CVE-2018-20749

Plus add two upstream patches to fix:
* CVE-2018-20750
* CVE-2019-15681
---
 .../libraries/libvncserver/default.nix        | 40 ++++++++++---------
 1 file changed, 21 insertions(+), 19 deletions(-)

diff --git a/pkgs/development/libraries/libvncserver/default.nix b/pkgs/development/libraries/libvncserver/default.nix
index 0a7819743e03..c9adad6f6454 100644
--- a/pkgs/development/libraries/libvncserver/default.nix
+++ b/pkgs/development/libraries/libvncserver/default.nix
@@ -1,41 +1,43 @@
-{stdenv, fetchurl, fetchpatch,
- libtool, libjpeg, openssl, zlib, libgcrypt, autoreconfHook, pkgconfig, libpng,
- systemd
+{ stdenv, fetchzip, fetchpatch, cmake
+, libjpeg, openssl, zlib, libgcrypt, libpng
+, systemd
 }:
 
 let
   s = # Generated upstream information
   rec {
-    baseName="libvncserver";
-    version="0.9.11";
-    name="${baseName}-${version}";
-    url="https://github.com/LibVNC/libvncserver/archive/LibVNCServer-${version}.tar.gz";
-    sha256="15189n09r1pg2nqrpgxqrcvad89cdcrca9gx6qhm6akjf81n6g8r";
+    pname = "libvncserver";
+    version = "0.9.12";
+    url = "https://github.com/LibVNC/libvncserver/archive/LibVNCServer-${version}.tar.gz";
+    sha256 = "1226hb179l914919f5nm2mlf8rhaarqbf48aa649p4rwmghyx9vm"; # unpacked archive checksum
   };
 in
 stdenv.mkDerivation {
-  inherit (s) name version;
-  src = fetchurl {
+  inherit (s) pname version;
+  src = fetchzip {
     inherit (s) url sha256;
   };
   patches = [
-    # CVE-2018-7225. Remove with the next release
     (fetchpatch {
-      url = https://salsa.debian.org/debian/libvncserver/raw/master/debian/patches/CVE-2018-7225.patch;
-      sha256 = "1hj1lzxsrdmzzl061vg0ncdpvfmvvkrpk8q12mp70qvszcqa7ja3";
+      name = "CVE-2018-20750.patch";
+      url = "https://github.com/LibVNC/libvncserver/commit/09e8fc02f59f16e2583b34fe1a270c238bd9ffec.patch";
+      sha256 = "004h50786nvjl3y3yazpsi2b767vc9gqrwm1ralj3zgy47kwfhqm";
+    })
+    (fetchpatch {
+      name = "CVE-2019-15681.patch";
+      url = "https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.patch";
+      sha256 = "0hf0ss7all2m50z2kan4mck51ws44yim4ymn8p0d991y465y6l9s";
     })
   ];
-  preConfigure = ''
-    sed -e 's@/usr/include/linux@${stdenv.cc.libc}/include/linux@g' -i configure
-  '';
-  nativeBuildInputs = [ pkgconfig autoreconfHook ];
+  nativeBuildInputs = [ cmake ];
   buildInputs = [
-    libtool libjpeg openssl libgcrypt libpng
+    libjpeg openssl libgcrypt libpng
   ] ++ stdenv.lib.optional stdenv.isLinux systemd;
   propagatedBuildInputs = [ zlib ];
   meta = {
     inherit (s) version;
-    description =  "VNC server library";
+    description = "VNC server library";
+    homepage = "https://libvnc.github.io/";
     license = stdenv.lib.licenses.gpl2Plus ;
     maintainers = [stdenv.lib.maintainers.raskin];
     platforms = stdenv.lib.platforms.unix;