From: "Matthias Maier" <tamiko@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: app-emulation/spice/files/, app-emulation/spice/
Date: Thu, 11 May 2017 14:24:37 +0000 (UTC) [thread overview]
Message-ID: <1494512666.b4d9925b452e107ae94210f0154df1cb1da0e4ff.tamiko@gentoo> (raw)
commit: b4d9925b452e107ae94210f0154df1cb1da0e4ff
Author: Matthias Maier <tamiko <AT> gentoo <DOT> org>
AuthorDate: Thu May 11 14:18:52 2017 +0000
Commit: Matthias Maier <tamiko <AT> gentoo <DOT> org>
CommitDate: Thu May 11 14:24:26 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b4d9925b
app-emulation/spice: drop old version 0.12.7-r1
Package-Manager: Portage-2.3.5, Repoman-2.3.2
app-emulation/spice/Manifest | 1 -
app-emulation/spice/files/0.11.0-gold.patch | 30 -----
.../spice/files/0.12.6-CVE-2016-0749-p1.patch | 89 ---------------
.../spice/files/0.12.6-CVE-2016-0749-p2.patch | 61 -----------
.../spice/files/0.12.6-CVE-2016-2150-p1.patch | 121 ---------------------
.../spice/files/0.12.6-CVE-2016-2150-p2.patch | 33 ------
app-emulation/spice/spice-0.12.7-r1.ebuild | 89 ---------------
7 files changed, 424 deletions(-)
diff --git a/app-emulation/spice/Manifest b/app-emulation/spice/Manifest
index 8e228b69b86..83bcd50e916 100644
--- a/app-emulation/spice/Manifest
+++ b/app-emulation/spice/Manifest
@@ -1,2 +1 @@
-DIST spice-0.12.7.tar.bz2 1220405 SHA256 1c8e96cb9e833e23372e2f461508135903b697fd8c6daff565e9e87f6d2f6aba SHA512 a740d500d0ccad3edd1f2f71e51c5a120d6ae98e44125f33870c12f5d1eeb30b809e588d05b2d0cadb4216e889b38e57d2278916817538311b875ff22e3b31ae WHIRLPOOL 61ffa3e280a346a2667ddd38dcfd63ffa6c1e6efd0f05da4fad43b00ca5e1a1587411a907b929b75e4d1e72ebcef29621ccdd76dfb313e8f3a5513a5a367132b
DIST spice-0.13.3.tar.bz2 1322505 SHA256 30f710c0e7594e05b6b9cc702be748a69f910a95192ab851d748c256157fb89e SHA512 63496fbd3df0fd453052cef8e1fb00a3a28f0105610676fdc4a58043cbc6da571ae4407701af2b817e410d05ce727d60d5ee0c93c8897231e25229897c51d95a WHIRLPOOL 16bb08301d66c1f21f612f5be87ba1ffef7132f3c18ac3ab7feec21e16de61461648311d04f6990254d4c47ee7a6d39f4c33f122e941e5a3fc0c2ed289dd928b
diff --git a/app-emulation/spice/files/0.11.0-gold.patch b/app-emulation/spice/files/0.11.0-gold.patch
deleted file mode 100644
index ad08c14e9ab..00000000000
--- a/app-emulation/spice/files/0.11.0-gold.patch
+++ /dev/null
@@ -1,30 +0,0 @@
- server/tests/Makefile.am | 2 ++
- server/tests/Makefile.in | 2 +-
- 2 files changed, 3 insertions(+), 1 deletions(-)
-
-diff --git a/server/tests/Makefile.am b/server/tests/Makefile.am
-index e77865c..905de9d 100644
---- a/server/tests/Makefile.am
-+++ b/server/tests/Makefile.am
-@@ -19,6 +19,8 @@ LDADD = \
- $(top_builddir)/server/libspice-server.la \
- $(NULL)
-
-+AM_LDFLAGS = -pthread
-+
- COMMON_BASE = \
- basic_event_loop.c \
- basic_event_loop.h \
-diff --git a/server/tests/Makefile.in b/server/tests/Makefile.in
-index 5b177e2..3aacfd3 100644
---- a/server/tests/Makefile.in
-+++ b/server/tests/Makefile.in
-@@ -144,7 +144,7 @@ am__v_at_0 = @
- CCLD = $(CC)
- LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-- $(AM_LDFLAGS) $(LDFLAGS) -o $@
-+ $(AM_LDFLAGS) $(LDFLAGS) -pthread -o $@
- AM_V_CCLD = $(am__v_CCLD_@AM_V@)
- am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
- am__v_CCLD_0 = @echo " CCLD " $@;
diff --git a/app-emulation/spice/files/0.12.6-CVE-2016-0749-p1.patch b/app-emulation/spice/files/0.12.6-CVE-2016-0749-p1.patch
deleted file mode 100644
index 2d79fbb536a..00000000000
--- a/app-emulation/spice/files/0.12.6-CVE-2016-0749-p1.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Marc-Andre Lureau <marcandre.lureau@redhat.com>
-Date: Thu, 17 Dec 2015 18:13:47 +0100
-Subject: [PATCH] smartcard: add a ref to item before adding to pipe
-
-There is an unref when the message is sent.
-
-==17204== ERROR: AddressSanitizer: heap-use-after-free on address 0x6008000144a8 at pc 0x7fffee0ce245 bp 0x7fffffffc630 sp 0x7fffffffc620
-READ of size 4 at 0x6008000144a8 thread T0
- #0 0x7fffee0ce244 in smartcard_unref_vsc_msg_item /home/elmarco/src/spice/spice/server/smartcard.c:608
- #1 0x7fffee0cb451 in smartcard_unref_msg_to_client /home/elmarco/src/spice/spice/server/smartcard.c:178
- #2 0x7fffedfcdf14 in spice_char_device_read_from_device /home/elmarco/src/spice/spice/server/char-device.c:330
- #3 0x7fffedfd1763 in spice_char_device_wakeup /home/elmarco/src/spice/spice/server/char-device.c:901
- #4 0x7fffee05da98 in spice_server_char_device_wakeup /home/elmarco/src/spice/spice/server/reds.c:2990
- #5 0x55555593fa34 in spice_chr_write /home/elmarco/src/qemu/spice-qemu-char.c:189
- #6 0x5555559375f1 in qemu_chr_fe_write /home/elmarco/src/qemu/qemu-char.c:220
- #7 0x555555b3b682 in ccid_card_vscard_send_msg.isra.2 /home/elmarco/src/qemu/hw/usb/ccid-card-passthru.c:76
- #8 0x555555b3c466 in ccid_card_vscard_send_error /home/elmarco/src/qemu/hw/usb/ccid-card-passthru.c:91
- #9 0x555555b3c466 in ccid_card_vscard_handle_message /home/elmarco/src/qemu/hw/usb/ccid-card-passthru.c:242
- #10 0x555555b3c466 in ccid_card_vscard_read /home/elmarco/src/qemu/hw/usb/ccid-card-passthru.c:289
- #11 0x55555593f169 in vmc_write /home/elmarco/src/qemu/spice-qemu-char.c:41
- #12 0x7fffedfcee6d in spice_char_device_write_to_device /home/elmarco/src/spice/spice/server/char-device.c:477
- #13 0x7fffedfcfd31 in spice_char_device_write_buffer_add /home/elmarco/src/spice/spice/server/char-device.c:629
- #14 0x7fffee0ce9df in smartcard_channel_write_to_reader /home/elmarco/src/spice/spice/server/smartcard.c:675
- #15 0x7fffee0cc7db in smartcard_char_device_notify_reader_add /home/elmarco/src/spice/spice/server/smartcard.c:341
- #16 0x7fffee0ce4f3 in smartcard_add_reader /home/elmarco/src/spice/spice/server/smartcard.c:648
- #17 0x7fffee0cf2e2 in smartcard_channel_handle_message /home/elmarco/src/spice/spice/server/smartcard.c:763
- #18 0x7fffedffe21f in red_peer_handle_incoming /home/elmarco/src/spice/spice/server/red-channel.c:307
- #19 0x7fffedffe4f6 in red_channel_client_receive /home/elmarco/src/spice/spice/server/red-channel.c:325
- #20 0x7fffee00726c in red_channel_client_event /home/elmarco/src/spice/spice/server/red-channel.c:1566
- #21 0x555555c3c53d in qemu_iohandler_poll /home/elmarco/src/qemu/iohandler.c:143
- #22 0x555555c3b800 in main_loop_wait /home/elmarco/src/qemu/main-loop.c:504
- #23 0x5555556f160c in main_loop /home/elmarco/src/qemu/vl.c:1818
- #24 0x5555556f160c in main /home/elmarco/src/qemu/vl.c:4394
- #25 0x7fffed7d0b14 in __libc_start_main /usr/src/debug/glibc-2.17-c758a686/csu/libc-start.c:274
- #26 0x5555556f9c20 in _start (/home/elmarco/src/qemu/x86_64-softmmu/qemu-system-x86_64+0x1a5c20)
-0x6008000144a8 is located 24 bytes inside of 40-byte region [0x600800014490,0x6008000144b8)
-freed by thread T0 here:
- #0 0x7ffff4e61009 in __interceptor_free /usr/src/debug/gcc-4.8.5-20150702/obj-x86_64-redhat-linux/x86_64-redhat-linux/libsanitizer/asan/../../../../libsanitizer/asan/asan_malloc_linux.cc:61
- #1 0x7fffee0ce2a1 in smartcard_unref_vsc_msg_item /home/elmarco/src/spice/spice/server/smartcard.c:610
- #2 0x7fffee0cdd58 in smartcard_channel_release_pipe_item /home/elmarco/src/spice/spice/server/smartcard.c:548
- #3 0x7fffee000668 in red_channel_client_release_item /home/elmarco/src/spice/spice/server/red-channel.c:602
- #4 0x7fffee0006ef in red_channel_client_release_sent_item /home/elmarco/src/spice/spice/server/red-channel.c:609
- #5 0x7fffee0007b5 in red_channel_peer_on_out_msg_done /home/elmarco/src/spice/spice/server/red-channel.c:620
- #6 0x7fffedffed7e in red_peer_handle_outgoing /home/elmarco/src/spice/spice/server/red-channel.c:385
- #7 0x7fffee0057bb in red_channel_client_send /home/elmarco/src/spice/spice/server/red-channel.c:1294
- #8 0x7fffee0076e6 in red_channel_client_begin_send_message /home/elmarco/src/spice/spice/server/red-channel.c:1605
- #9 0x7fffee0cdccd in smartcard_channel_send_item /home/elmarco/src/spice/spice/server/smartcard.c:541
- #10 0x7fffee000570 in red_channel_client_send_item /home/elmarco/src/spice/spice/server/red-channel.c:588
- #11 0x7fffee005bfb in red_channel_client_push /home/elmarco/src/spice/spice/server/red-channel.c:1347
- #12 0x7fffee007ef7 in red_channel_client_pipe_add_push /home/elmarco/src/spice/spice/server/red-channel.c:1673
- #13 0x7fffee0cde4d in smartcard_channel_client_pipe_add_push /home/elmarco/src/spice/spice/server/smartcard.c:571
- #14 0x7fffee0cb567 in smartcard_send_msg_to_client /home/elmarco/src/spice/spice/server/smartcard.c:187
- #15 0x7fffedfcdba2 in spice_char_device_send_msg_to_clients /home/elmarco/src/spice/spice/server/char-device.c:282
- #16 0x7fffedfcdea4 in spice_char_device_read_from_device /home/elmarco/src/spice/spice/server/char-device.c:329
- #17 0x7fffedfd1763 in spice_char_device_wakeup /home/elmarco/src/spice/spice/server/char-device.c:901
- #18 0x7fffee05da98 in spice_server_char_device_wakeup /home/elmarco/src/spice/spice/server/reds.c:2990
- #19 0x55555593fa34 in spice_chr_write /home/elmarco/src/qemu/spice-qemu-char.c:189
-
-Signed-off-by: Marc-Andre Lureau <marcandre.lureau@redhat.com>
----
- server/smartcard.c | 9 ++++++---
- 1 file changed, 6 insertions(+), 3 deletions(-)
-
-diff --git a/server/smartcard.c b/server/smartcard.c
-index aad22aa..8d529fe 100644
---- a/server/smartcard.c
-+++ b/server/smartcard.c
-@@ -172,14 +172,17 @@ static void smartcard_unref_msg_to_client(SpiceCharDeviceMsgToClient *msg,
- smartcard_unref_vsc_msg_item((MsgItem *)msg);
- }
-
--static void smartcard_send_msg_to_client(SpiceCharDeviceMsgToClient *msg,
-+static void smartcard_send_msg_to_client(SpiceCharDeviceMsgToClient *message,
- RedClient *client,
- void *opaque)
- {
- SmartCardDeviceState *dev = opaque;
-- spice_assert(dev->scc && dev->scc->base.client == client);
-- smartcard_channel_client_pipe_add_push(&dev->scc->base, &((MsgItem *)msg)->base);
-+ MsgItem *msg = (MsgItem *)message;
-+ PipeItem *item = &msg->base;
-
-+ spice_assert(dev->scc && dev->scc->base.client == client);
-+ smartcard_ref_vsc_msg_item(msg);
-+ smartcard_channel_client_pipe_add_push(&dev->scc->base, item);
- }
-
- static void smartcard_send_tokens_to_client(RedClient *client, uint32_t tokens, void *opaque)
diff --git a/app-emulation/spice/files/0.12.6-CVE-2016-0749-p2.patch b/app-emulation/spice/files/0.12.6-CVE-2016-0749-p2.patch
deleted file mode 100644
index 671fc4382ed..00000000000
--- a/app-emulation/spice/files/0.12.6-CVE-2016-0749-p2.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Marc-Andre Lureau <marcandre.lureau@redhat.com>
-Date: Thu, 17 Dec 2015 18:16:22 +0100
-Subject: [PATCH] smartcard: allocate msg with the expected size
-
-==529== ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60040009c098 at pc 0x7fffee0eda6d bp 0x7fffffffcd00 sp 0x7fffffffccf0
-WRITE of size 4 at 0x60040009c098 thread T0
- #0 0x7fffee0eda6c in smartcard_char_device_notify_reader_add /home/elmarco/pkg/spice/spice-0.12.4/server/smartcard.c:334
- #1 0x7fffee0ef783 in smartcard_add_reader /home/elmarco/pkg/spice/spice-0.12.4/server/smartcard.c:642
- #2 0x7fffee0f0568 in smartcard_channel_handle_message /home/elmarco/pkg/spice/spice-0.12.4/server/smartcard.c:757
- #3 0x7fffee032f3f in red_peer_handle_incoming /home/elmarco/pkg/spice/spice-0.12.4/server/red_channel.c:304
- #4 0x7fffee033216 in red_channel_client_receive /home/elmarco/pkg/spice/spice-0.12.4/server/red_channel.c:322
- #5 0x7fffee03bf1f in red_channel_client_event /home/elmarco/pkg/spice/spice-0.12.4/server/red_channel.c:1561
- #6 0x555555c3c53d in qemu_iohandler_poll /home/elmarco/src/qemu/iohandler.c:143
- #7 0x555555c3b800 in main_loop_wait /home/elmarco/src/qemu/main-loop.c:504
- #8 0x5555556f160c in main_loop /home/elmarco/src/qemu/vl.c:1818
- #9 0x5555556f160c in main /home/elmarco/src/qemu/vl.c:4394
- #10 0x7fffed80eb14 in __libc_start_main /usr/src/debug/glibc-2.17-c758a686/csu/libc-start.c:274
- #11 0x5555556f9c20 in _start (/home/elmarco/src/qemu/x86_64-softmmu/qemu-system-x86_64+0x1a5c20)
-0x60040009c098 is located 0 bytes to the right of 8-byte region [0x60040009c090,0x60040009c098)
-allocated by thread T0 here:
- #0 0x7ffff4e612be in __interceptor_realloc /usr/src/debug/gcc-4.8.5-20150702/obj-x86_64-redhat-linux/x86_64-redhat-linux/libsanitizer/asan/../../../../libsanitizer/asan/asan_malloc_linux.cc:92
- #1 0x7fffee121308 in spice_realloc /home/elmarco/pkg/spice/spice-0.12.4/spice-common/common/mem.c:123
- #2 0x7fffee004a48 in __spice_char_device_write_buffer_get /home/elmarco/pkg/spice/spice-0.12.4/server/char_device.c:516
- #3 0x7fffee004e87 in spice_char_device_write_buffer_get /home/elmarco/pkg/spice/spice-0.12.4/server/char_device.c:557
- #4 0x7fffee0ed8b9 in smartcard_char_device_notify_reader_add /home/elmarco/pkg/spice/spice-0.12.4/server/smartcard.c:325
- #5 0x7fffee0ef783 in smartcard_add_reader /home/elmarco/pkg/spice/spice-0.12.4/server/smartcard.c:642
- #6 0x7fffee0f0568 in smartcard_channel_handle_message /home/elmarco/pkg/spice/spice-0.12.4/server/smartcard.c:757
- #7 0x7fffee032f3f in red_peer_handle_incoming /home/elmarco/pkg/spice/spice-0.12.4/server/red_channel.c:304
- #8 0x7fffee033216 in red_channel_client_receive /home/elmarco/pkg/spice/spice-0.12.4/server/red_channel.c:322
- #9 0x7fffee03bf1f in red_channel_client_event /home/elmarco/pkg/spice/spice-0.12.4/server/red_channel.c:1561
- #10 0x555555c3c53d in qemu_iohandler_poll /home/elmarco/src/qemu/iohandler.c:143
-SUMMARY: AddressSanitizer: heap-buffer-overflow /home/elmarco/pkg/spice/spice-0.12.4/server/smartcard.c:334 smartcard_char_device_notify_reader_add
-
-Signed-off-by: Marc-Andre Lureau <marcandre.lureau@redhat.com>
----
- server/smartcard.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/server/smartcard.c b/server/smartcard.c
-index 8d529fe..3043ad1 100644
---- a/server/smartcard.c
-+++ b/server/smartcard.c
-@@ -325,7 +325,7 @@ static void smartcard_char_device_notify_reader_add(SmartCardDeviceState *st)
- SpiceCharDeviceWriteBuffer *write_buf;
- VSCMsgHeader *vheader;
-
-- write_buf = spice_char_device_write_buffer_get(st->chardev_st, NULL, sizeof(vheader));
-+ write_buf = spice_char_device_write_buffer_get(st->chardev_st, NULL, sizeof(*vheader));
- if (!write_buf) {
- spice_error("failed to allocate write buffer");
- return;
-@@ -372,7 +372,7 @@ static void smartcard_char_device_notify_reader_remove(SmartCardDeviceState *st)
- spice_debug("reader add was never sent to the device");
- return;
- }
-- write_buf = spice_char_device_write_buffer_get(st->chardev_st, NULL, sizeof(vheader));
-+ write_buf = spice_char_device_write_buffer_get(st->chardev_st, NULL, sizeof(*vheader));
- if (!write_buf) {
- spice_error("failed to allocate write buffer");
- return;
diff --git a/app-emulation/spice/files/0.12.6-CVE-2016-2150-p1.patch b/app-emulation/spice/files/0.12.6-CVE-2016-2150-p1.patch
deleted file mode 100644
index a1f0c64b971..00000000000
--- a/app-emulation/spice/files/0.12.6-CVE-2016-2150-p1.patch
+++ /dev/null
@@ -1,121 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Frediano Ziglio <fziglio@redhat.com>
-Date: Mon, 29 Feb 2016 14:24:03 +0000
-Subject: [PATCH] create a function to validate surface parameters
-
-Make possible to reuse it outside red-parse-qxl.c
-
-Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
----
- server/red_parse_qxl.c | 50 ++++++++++++++++++++++++++++++++------------------
- server/red_parse_qxl.h | 5 +++++
- 2 files changed, 37 insertions(+), 18 deletions(-)
-
-diff --git a/server/red_parse_qxl.c b/server/red_parse_qxl.c
-index bd0c408..7dc6a4d 100644
---- a/server/red_parse_qxl.c
-+++ b/server/red_parse_qxl.c
-@@ -19,7 +19,6 @@
- #include <config.h>
- #endif
-
--#include <stdbool.h>
- #include <inttypes.h>
- #include <glib.h>
- #include "common/lz_common.h"
-@@ -1306,13 +1305,41 @@ static unsigned int surface_format_to_bpp(uint32_t format)
- return 0;
- }
-
-+bool red_validate_surface(uint32_t width, uint32_t height,
-+ int32_t stride, uint32_t format)
-+{
-+ unsigned int bpp;
-+ uint64_t size;
-+
-+ bpp = surface_format_to_bpp(format);
-+
-+ /* check if format is valid */
-+ if (!bpp) {
-+ return false;
-+ }
-+
-+ /* check stride is larger than required bytes */
-+ size = ((uint64_t) width * bpp + 7u) / 8u;
-+ /* the uint32_t conversion is here to avoid problems with -2^31 value */
-+ if (stride == G_MININT32 || size > (uint32_t) abs(stride)) {
-+ return false;
-+ }
-+
-+ /* the multiplication can overflow, also abs(-2^31) may return a negative value */
-+ size = (uint64_t) height * abs(stride);
-+ if (size > MAX_DATA_CHUNK) {
-+ return false;
-+ }
-+
-+ return true;
-+}
-+
- int red_get_surface_cmd(RedMemSlotInfo *slots, int group_id,
- RedSurfaceCmd *red, QXLPHYSICAL addr)
- {
- QXLSurfaceCmd *qxl;
- uint64_t size;
- int error;
-- unsigned int bpp;
-
- qxl = (QXLSurfaceCmd *)get_virt(slots, addr, sizeof(*qxl), group_id,
- &error);
-@@ -1331,26 +1358,13 @@ int red_get_surface_cmd(RedMemSlotInfo *slots, int group_id,
- red->u.surface_create.width = qxl->u.surface_create.width;
- red->u.surface_create.height = qxl->u.surface_create.height;
- red->u.surface_create.stride = qxl->u.surface_create.stride;
-- bpp = surface_format_to_bpp(red->u.surface_create.format);
-
-- /* check if format is valid */
-- if (!bpp) {
-+ if (!red_validate_surface(red->u.surface_create.width, red->u.surface_create.height,
-+ red->u.surface_create.stride, red->u.surface_create.format)) {
- return 1;
- }
-
-- /* check stride is larger than required bytes */
-- size = ((uint64_t) red->u.surface_create.width * bpp + 7u) / 8u;
-- /* the uint32_t conversion is here to avoid problems with -2^31 value */
-- if (red->u.surface_create.stride == G_MININT32
-- || size > (uint32_t) abs(red->u.surface_create.stride)) {
-- return 1;
-- }
--
-- /* the multiplication can overflow, also abs(-2^31) may return a negative value */
-- size = (uint64_t) red->u.surface_create.height * abs(red->u.surface_create.stride);
-- if (size > MAX_DATA_CHUNK) {
-- return 1;
-- }
-+ size = red->u.surface_create.height * abs(red->u.surface_create.stride);
- red->u.surface_create.data =
- (uint8_t*)get_virt(slots, qxl->u.surface_create.data, size, group_id, &error);
- if (error) {
-diff --git a/server/red_parse_qxl.h b/server/red_parse_qxl.h
-index 3adc9fa..e18d8d0 100644
---- a/server/red_parse_qxl.h
-+++ b/server/red_parse_qxl.h
-@@ -19,6 +19,8 @@
- #ifndef RED_ABI_TRANSLATE_H
- #define RED_ABI_TRANSLATE_H
-
-+#include <stdbool.h>
-+
- #include <spice/qxl_dev.h>
- #include "red_common.h"
- #include "red_memslots.h"
-@@ -128,6 +130,9 @@ int red_get_message(RedMemSlotInfo *slots, int group_id,
- RedMessage *red, QXLPHYSICAL addr);
- void red_put_message(RedMessage *red);
-
-+bool red_validate_surface(uint32_t width, uint32_t height,
-+ int32_t stride, uint32_t format);
-+
- int red_get_surface_cmd(RedMemSlotInfo *slots, int group_id,
- RedSurfaceCmd *red, QXLPHYSICAL addr);
- void red_put_surface_cmd(RedSurfaceCmd *red);
diff --git a/app-emulation/spice/files/0.12.6-CVE-2016-2150-p2.patch b/app-emulation/spice/files/0.12.6-CVE-2016-2150-p2.patch
deleted file mode 100644
index 8005e063f0d..00000000000
--- a/app-emulation/spice/files/0.12.6-CVE-2016-2150-p2.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Frediano Ziglio <fziglio@redhat.com>
-Date: Mon, 29 Feb 2016 14:34:49 +0000
-Subject: [PATCH] improve primary surface parameter checks
-
-Primary surface, as additional surfaces, can be used to access
-host memory from the guest using invalid parameters.
-
-Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
----
- server/red_worker.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/server/red_worker.c b/server/red_worker.c
-index a7eaab9..f9179a6 100644
---- a/server/red_worker.c
-+++ b/server/red_worker.c
-@@ -11380,6 +11380,15 @@ static void dev_create_primary_surface(RedWorker *worker, uint32_t surface_id,
- spice_warn_if(((uint64_t)abs(surface.stride) * (uint64_t)surface.height) !=
- abs(surface.stride) * surface.height);
-
-+ /* surface can arrive from guest unchecked so make sure
-+ * guest is not a malicious one and drop invalid requests
-+ */
-+ if (!red_validate_surface(surface.width, surface.height,
-+ surface.stride, surface.format)) {
-+ spice_warning("wrong primary surface creation request");
-+ return;
-+ }
-+
- line_0 = (uint8_t*)get_virt(&worker->mem_slots, surface.mem,
- surface.height * abs(surface.stride),
- surface.group_id, &error);
diff --git a/app-emulation/spice/spice-0.12.7-r1.ebuild b/app-emulation/spice/spice-0.12.7-r1.ebuild
deleted file mode 100644
index 9c66f4f6282..00000000000
--- a/app-emulation/spice/spice-0.12.7-r1.ebuild
+++ /dev/null
@@ -1,89 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=5
-
-PYTHON_COMPAT=( python2_7 python3_4 )
-
-inherit eutils python-any-r1
-
-DESCRIPTION="SPICE server"
-HOMEPAGE="http://spice-space.org/"
-SRC_URI="http://spice-space.org/download/releases/${P}.tar.bz2"
-
-LICENSE="LGPL-2.1"
-SLOT="0"
-KEYWORDS="amd64 x86"
-IUSE="libressl sasl smartcard static-libs"
-
-# the libspice-server only uses the headers of libcacard
-RDEPEND="
- >=dev-libs/glib-2.22:2[static-libs(+)?]
- >=media-libs/celt-0.5.1.1:0.5.1[static-libs(+)?]
- media-libs/opus[static-libs(+)?]
- sys-libs/zlib[static-libs(+)?]
- virtual/jpeg:0=[static-libs(+)?]
- >=x11-libs/pixman-0.17.7[static-libs(+)?]
- !libressl? ( dev-libs/openssl:0[static-libs(+)?] )
- libressl? ( dev-libs/libressl[static-libs(+)?] )
- sasl? ( dev-libs/cyrus-sasl[static-libs(+)?] )"
-
-DEPEND="
- ~app-emulation/spice-protocol-0.12.11
- virtual/pkgconfig
- $(python_gen_any_dep '
- >=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}]
- dev-python/six[${PYTHON_USEDEP}]
- ')
- smartcard? ( app-emulation/qemu[smartcard] )
- ${RDEPEND}"
-
-python_check_deps() {
- has_version ">=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}]"
- has_version "dev-python/six[${PYTHON_USEDEP}]"
-}
-
-pkg_setup() {
- [[ ${MERGE_TYPE} != binary ]] && python-any-r1_pkg_setup
-}
-
-# maintainer notes:
-# * opengl support is currently broken
-
-src_prepare() {
- epatch \
- "${FILESDIR}"/0.11.0-gold.patch \
- "${FILESDIR}"/0.12.6-CVE-2016-0749-p1.patch \
- "${FILESDIR}"/0.12.6-CVE-2016-0749-p2.patch \
- "${FILESDIR}"/0.12.6-CVE-2016-2150-p1.patch \
- "${FILESDIR}"/0.12.6-CVE-2016-2150-p2.patch
-
- epatch_user
-}
-
-src_configure() {
- # Prevent sandbox violations, bug #586560
- # https://bugzilla.gnome.org/show_bug.cgi?id=744134
- # https://bugzilla.gnome.org/show_bug.cgi?id=744135
- addpredict /dev
-
- econf \
- $(use_enable static-libs static) \
- $(use_with sasl) \
- $(use_enable smartcard) \
- --disable-gui
-}
-
-src_compile() {
- # Prevent sandbox violations, bug #586560
- # https://bugzilla.gnome.org/show_bug.cgi?id=744134
- # https://bugzilla.gnome.org/show_bug.cgi?id=744135
- addpredict /dev
-
- default
-}
-
-src_install() {
- default
- use static-libs || prune_libtool_files
-}
next reply other threads:[~2017-05-11 14:24 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-11 14:24 Matthias Maier [this message]
-- strict thread matches above, loose matches on Subject: below --
2018-08-17 0:07 [gentoo-commits] repo/gentoo:master commit in: app-emulation/spice/files/, app-emulation/spice/ Matthias Maier
2018-02-12 1:48 Matthias Maier
2017-07-12 3:24 Matthias Maier
2017-05-11 5:07 Matthias Maier
2016-08-17 6:37 Yixun Lan
2015-11-18 19:26 Matthias Maier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1494512666.b4d9925b452e107ae94210f0154df1cb1da0e4ff.tamiko@gentoo \
--to=tamiko@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox