head	1.6;
access;
symbols
	pkgsrc-2013Q2:1.6.0.18
	pkgsrc-2013Q2-base:1.6
	pkgsrc-2012Q4:1.6.0.16
	pkgsrc-2012Q4-base:1.6
	pkgsrc-2011Q4:1.6.0.14
	pkgsrc-2011Q4-base:1.6
	pkgsrc-2011Q2:1.6.0.12
	pkgsrc-2011Q2-base:1.6
	pkgsrc-2009Q4:1.6.0.10
	pkgsrc-2009Q4-base:1.6
	pkgsrc-2008Q4:1.6.0.8
	pkgsrc-2008Q4-base:1.6
	pkgsrc-2008Q3:1.6.0.6
	pkgsrc-2008Q3-base:1.6
	cube-native-xorg:1.6.0.4
	cube-native-xorg-base:1.6
	pkgsrc-2008Q2:1.6.0.2
	pkgsrc-2008Q2-base:1.6
	pkgsrc-2008Q1:1.4.0.24
	pkgsrc-2008Q1-base:1.4
	pkgsrc-2007Q4:1.4.0.22
	pkgsrc-2007Q4-base:1.4
	pkgsrc-2007Q3:1.4.0.20
	pkgsrc-2007Q3-base:1.4
	pkgsrc-2007Q2:1.4.0.18
	pkgsrc-2007Q2-base:1.4
	pkgsrc-2007Q1:1.4.0.16
	pkgsrc-2007Q1-base:1.4
	pkgsrc-2006Q4:1.4.0.14
	pkgsrc-2006Q4-base:1.4
	pkgsrc-2006Q3:1.4.0.12
	pkgsrc-2006Q3-base:1.4
	pkgsrc-2006Q2:1.4.0.10
	pkgsrc-2006Q2-base:1.4
	pkgsrc-2006Q1:1.4.0.8
	pkgsrc-2006Q1-base:1.4
	pkgsrc-2005Q4:1.4.0.6
	pkgsrc-2005Q4-base:1.4
	pkgsrc-2005Q3:1.4.0.4
	pkgsrc-2005Q3-base:1.4
	pkgsrc-2005Q2:1.4.0.2
	pkgsrc-2005Q2-base:1.4
	pkgsrc-2005Q1:1.2.0.2
	pkgsrc-2005Q1-base:1.2
	pkgsrc-2004Q4:1.1.0.10
	pkgsrc-2004Q4-base:1.1
	pkgsrc-2004Q3:1.1.0.8
	pkgsrc-2004Q3-base:1.1
	pkgsrc-2004Q2:1.1.0.6
	pkgsrc-2004Q2-base:1.1
	pkgsrc-2004Q1:1.1.0.4
	pkgsrc-2004Q1-base:1.1
	pkgsrc-2003Q4:1.1.0.2
	pkgsrc-2003Q4-base:1.1;
locks; strict;
comment	@# @;


1.6
date	2008.06.08.16.29.28;	author tron;	state dead;
branches;
next	1.5;

1.5
date	2008.05.10.15.28.04;	author tonnerre;	state Exp;
branches;
next	1.4;

1.4
date	2005.05.18.01.11.45;	author xtraeme;	state dead;
branches
	1.4.24.1;
next	1.3;

1.3
date	2005.03.23.15.24.11;	author xtraeme;	state Exp;
branches;
next	1.2;

1.2
date	2005.02.15.20.20.06;	author xtraeme;	state dead;
branches;
next	1.1;

1.1
date	2003.11.22.03.34.51;	author grant;	state Exp;
branches;
next	;

1.4.24.1
date	2008.05.11.09.25.19;	author ghen;	state Exp;
branches;
next	;


desc
@@


1.6
log
@Update "rdesktop" package to version 1.6.0. Changes since 1.5.0:
* Fix for potential vulnerability against compromised/malicious
  servers (reported by iDefense)
* Fix for crash with recent versions of X.Org
* Fix for connection to Windows 2008 Server
* ALSA driver added
* Sound drivers can now be selected at runtime
* Smartcard support (Alexi Volkov <alexi@@my...>)
* Send physical mouse buttons rather than logical ones

The security fixes had already been integrated into "pkgsrc" as patches.
@
text
@$NetBSD: patch-ac,v 1.5 2008/05/10 15:28:04 tonnerre Exp $

--- iso.c.orig	2006-08-07 13:45:43.000000000 +0200
+++ iso.c
@@@@ -98,6 +98,11 @@@@ iso_recv_msg(uint8 * code, uint8 * rdpve
 			next_be(s, length);
 		}
 	}
+	if (length < 4)
+	{
+		error("Bad packet header\n");
+		return NULL;
+	}
 	s = tcp_recv(s, length - 4);
 	if (s == NULL)
 		return NULL;
@


1.5
log
@Add patches required to fix CVE-2008-180[123], taken from rdesktop CVS.

1) An integer underflow error in iso.c when processing RDP requests can
   be exploited to cause a heap-based buffer overflow.
2) An input validation error in rdp.c when processing RDP redirect
   requests can be exploited to cause a BSS-based buffer overflow.
3) A signedness error within "xrealloc()" in rdesktop.c can be exploited
   to cause a heap-based buffer overflow.
@
text
@d1 1
a1 1
$NetBSD$
@


1.4
log
@Update to 1.4.1, changes:

   * persistent bitmap cache optimisations
   * support for more RDP-orders (ellipse, polygon)
   * libao sound-driver (for Mac OSX and others)
   * Unicode support for transmitted strings/filenames
   * Added korean keymap
   * Xembed fixes to work with krdc correctly
   * Portability fixes
   * Support for RDP-compression (all bpps)
   * process RDP recv queue if send queue is full
@
text
@d1 1
a1 1
$NetBSD: patch-ac,v 1.3 2005/03/23 15:24:11 xtraeme Exp $
d3 14
a16 18
--- disk.c.orig	2005-03-04 11:05:52.000000000 +0100
+++ disk.c	2005-03-23 16:18:02.000000000 +0100
@@@@ -56,9 +56,14 @@@@
 #elif (defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__APPLE__))
 #include <sys/param.h>
 #include <sys/mount.h>
+#define F_NAMELEN(buf) (NAME_MAX)
+#if (__NetBSD_Version__ >= 200040000)
+#define STATFS_FN(path, buf) (statvfs(path,buf))
+#define STATFS_T statvfs
+#else
 #define STATFS_FN(path, buf) (statfs(path,buf))
 #define STATFS_T statfs
-#define F_NAMELEN(buf) (NAME_MAX)
+#endif
 
 #elif (defined(__SGI_IRIX__))
 #include <sys/types.h>
@


1.4.24.1
log
@Pullup ticket 2368 - requested by tonnerre
security fix for rdesktop

- pkgsrc/net/rdesktop/Makefile				1.34
- pkgsrc/net/rdesktop/distinfo				1.18
- pkgsrc/net/rdesktop/patches/patch-ac			1.5
- pkgsrc/net/rdesktop/patches/patch-ad			1.1
- pkgsrc/net/rdesktop/patches/patch-ae			1.1
- pkgsrc/net/rdesktop/patches/patch-af			1.1
- pkgsrc/net/rdesktop/patches/patch-ag			1.1
- pkgsrc/net/rdesktop/patches/patch-ah			1.1
- pkgsrc/net/rdesktop/patches/patch-ai			1.1

   Module Name:		pkgsrc
   Committed By:	tonnerre
   Date:		Sat May 10 15:28:04 UTC 2008

   Modified Files:
	   pkgsrc/net/rdesktop: Makefile distinfo
   Added Files:
	   pkgsrc/net/rdesktop/patches: patch-ac patch-ad patch-ae patch-af
	       patch-ag patch-ah patch-ai

   Log Message:
   Add patches required to fix CVE-2008-180[123], taken from rdesktop CVS.

   1) An integer underflow error in iso.c when processing RDP requests can
      be exploited to cause a heap-based buffer overflow.
   2) An input validation error in rdp.c when processing RDP redirect
      requests can be exploited to cause a BSS-based buffer overflow.
   3) A signedness error within "xrealloc()" in rdesktop.c can be exploited
      to cause a heap-based buffer overflow.
@
text
@d1 1
a1 1
$NetBSD$
d3 18
a20 14
--- iso.c.orig	2006-08-07 13:45:43.000000000 +0200
+++ iso.c
@@@@ -98,6 +98,11 @@@@ iso_recv_msg(uint8 * code, uint8 * rdpve
 			next_be(s, length);
 		}
 	}
+	if (length < 4)
+	{
+		error("Bad packet header\n");
+		return NULL;
+	}
 	s = tcp_recv(s, length - 4);
 	if (s == NULL)
 		return NULL;
@


1.3
log
@Update to 1.4.0

Changes:

   * Basic disk-, parallel-, printer- and serial-redirection
   * Fix timezone-redirection
   * Backing-store fixes
   * Fix client-IP sent to TS
   * XEmbed support for embedding rdesktop in other applications (KRDC)
   * Support for setting the RDP5 experience
   * Keyboard and keymap fixes
   * Performance improvements
   * Report disconnect-reason
   * Support for RDP-compression (currently only for 8bpp)
   * Support for persistent bitmap caching
   * Sound-driver for SGI/Irix
@
text
@d1 1
a1 1
$NetBSD$
@


1.2
log
@Again... there's no need to use CFLAGS to pass the audio device
in some file, use subst.mk and remove the patch.
@
text
@d1 1
a1 1
$NetBSD: patch-ac,v 1.1 2003/11/22 03:34:51 grant Exp $
d3 15
a17 8
--- rdpsnd_oss.c.orig	2003-10-30 01:13:59.000000000 +1100
+++ rdpsnd_oss.c
@@@@ -45,7 +45,7 @@@@ static unsigned int queue_hi, queue_lo;
 BOOL
 wave_out_open(void)
 {
-	char *dsp_dev = "/dev/dsp";
+	char *dsp_dev = AUDIO_DEV;
d19 2
a20 2
 	if ((g_dsp_fd = open(dsp_dev, O_WRONLY | O_NONBLOCK)) == -1)
 	{
@


1.1
log
@fix sound support on NetBSD by picking up ${DEVOSSAUDIO} from
ossaudio.buildlink2.mk and using it.

reorder WRKSRC to appease pkglint.

bump PKGREVISION.
@
text
@d1 1
a1 1
$NetBSD$
@