CaROS/meta-openembedded
3
1
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-01-01 13:58:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
62a78f8ba7
meta-openembedded/meta-oe/recipes-graphics/tigervnc/tigervnc_1.15.0.bb
Gyorgy Sarvari 62a78f8ba7
tigervnc: ignore CVE-2023-6478 
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-6478

TigerVNC compiles its own xserver, this is why this CVE is associated
with it - despite the vulnerability being in xserver.

The vulnerability was fixed by [1] (from the nvd report), which has been
backported[2] to the xserver version used by the recipe - so ignore the
CVE, since it's patched already.

[1]: 14f480010a
[2]: 58e83c6839

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2025-12-25 11:25:58 -08:00

92 lines
3.3 KiB
BlitzBasic
Raw Blame History

DESCRIPTION = "TigerVNC remote display system"
HOMEPAGE = "http://www.tigervnc.com/"
LICENSE = "GPL-2.0-or-later"
SECTION = "x11/utils"
DEPENDS = "gettext-native xserver-xorg gnutls nettle jpeg pixman libxtst fltk libpam libx11 libxdamage libxfixes libxrandr xkbcomp"
RDEPENDS:${PN} = "coreutils hicolor-icon-theme perl bash xkbcomp"
LIC_FILES_CHKSUM = "file://LICENCE.TXT;md5=75b02c2872421380bbd47781d2bd75d3"
inherit autotools cmake features_check pkgconfig systemd
REQUIRED_DISTRO_FEATURES = "x11 pam"
# For ease we do in-tree builds right now. It should be possible to do
# out-of-tree builds.
B = "${S}"
SRCREV = "8bdf8734ce12c8ed3c232496fc8a4ccdb04636b8"
SRC_URI = "git://github.com/TigerVNC/tigervnc.git;branch=1.15-branch;protocol=https \
file://0001-do-not-build-tests-sub-directory.patch \
file://0002-add-missing-dynamic-library-to-FLTK_LIBRARIES.patch \
file://0003-tigervnc-add-fPIC-option-to-COMPILE_FLAGS.patch \
"
# Keep sync with xorg-server in oe-core
XORG_PN ?= "xorg-server"
XORG_PV ?= "21.1.18"
SRC_URI += "${XORG_MIRROR}/individual/xserver/${XORG_PN}-${XORG_PV}.tar.xz;name=xorg"
XORG_S = "${UNPACKDIR}/${XORG_PN}-${XORG_PV}"
SRC_URI[xorg.sha256sum] = "c878d1930d87725d4a5bf498c24f4be8130d5b2646a9fd0f2994deff90116352"
# It is the directory containing the Xorg source for the
# machine on which you are building TigerVNC.
XSERVER_SOURCE_DIR = "${S}/unix/xserver"
AUTOTOOLS_SCRIPT_PATH = "${XSERVER_SOURCE_DIR}"
do_patch[postfuncs] += "do_patch_xserver"
do_patch_xserver () {
# Put the xserver source in the right place in the tigervnc source tree
cp -rfl ${XORG_S}/* ${XSERVER_SOURCE_DIR}
# Apply the patch to integrate the vnc server
patch -p1 -b --suffix .vnc --directory ${XSERVER_SOURCE_DIR} <${S}/unix/xserver21.patch
}
EXTRA_OECONF = "--disable-xorg --disable-xnest --disable-xvfb \
--disable-xwin --disable-xephyr --disable-kdrive --with-pic \
--disable-static --disable-xinerama \
--with-xkb-output=${localstatedir}/lib/xkb \
--disable-glx --disable-dri --disable-dri2 \
--disable-config-hal \
--disable-config-udev \
--without-dtrace \
--disable-unit-tests \
--disable-devel-docs \
--disable-selective-werror \
--disable-xshmfence \
--disable-config-udev \
--disable-dri3 \
--disable-libunwind \
--without-xmlto \
--enable-systemd-logind=no \
--disable-xinerama \
"
EXTRA_OECMAKE += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '-DCMAKE_INSTALL_UNITDIR=${systemd_system_unitdir}', '-DINSTALL_SYSTEMD_UNITS=OFF', d)}"
do_configure:append () {
autotools_do_configure
}
do_compile:append () {
oe_runmake 'TIGERVNC_BUILDDIR=${B}'
}
do_install:append() {
oe_runmake -C ${B}/hw/vnc 'DESTDIR=${D}' install
}
FILES:${PN} += " \
${libdir}/xorg/modules/extensions \
${datadir}/icons \
${datadir}/metainfo \
"
SYSTEMD_SERVICE:${PN} = "vncserver@.service"
CVE_STATUS[CVE-2014-8241] = "fixed-version: The vulnerable code is not present in the used version (1.15.0)"
CVE_STATUS[CVE-2023-6377] = "fixed-version: The vulnerable code is not present in the used xserver version (21.1.18)"
CVE_STATUS[CVE-2023-6478] = "fixed-version: The vulnerable code is not present in the used xserver version (21.1.18)"
Reference in New Issue View Git Blame Copy Permalink