* [gentoo-commits] repo/gentoo:master commit in: app-emulation/spice/, app-emulation/spice/files/
@ 2016-06-14 5:46 Matthias Maier
0 siblings, 0 replies; 9+ messages in thread
From: Matthias Maier @ 2016-06-14 5:46 UTC (permalink / raw
To: gentoo-commits
commit: 76546db063fa388fbd42de1860e0d79d17948011
Author: Matthias Maier <tamiko <AT> gentoo <DOT> org>
AuthorDate: Tue Jun 14 05:37:13 2016 +0000
Commit: Matthias Maier <tamiko <AT> gentoo <DOT> org>
CommitDate: Tue Jun 14 05:46:47 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=76546db0
app-emulation/spice: fix vuln 0.13.1, bug #584126
Apply the following patches to 0.13.1:
CVE-2016-2150:
Commits 69628ea1375282cb7ca5b4dc4410e7aa67e0fc02
Commits 790d8f3e53d324f496fc719498422e433aae8654
*instead of* 0067-create-a-function-to-validate-surface-parameters.patch
*instead of* 0068-improve-primary-surface-parameter-checks.patch
CVE-2016-0749:
Ported the following commits to 0.13.1 (patches did not apply due to
refactoring of some internal data structures and renaming).
*modified* 0065-smartcard-add-a-ref-to-item-before-adding-to-pipe.patch
*modified* 0066-smartcard-allocate-msg-with-the-expected-size.patch
Gentoo-Bug: 584126
Package-Manager: portage-2.2.28
.../spice/files/0.13.1-CVE-2016-0749-p1.patch | 56 +++++++++++
.../spice/files/0.13.1-CVE-2016-0749-p2.patch | 50 ++++++++++
.../spice/files/0.13.1-CVE-2016-2150-p1.patch | 109 +++++++++++++++++++++
.../spice/files/0.13.1-CVE-2016-2150-p2.patch | 50 ++++++++++
app-emulation/spice/spice-0.13.1-r2.ebuild | 78 +++++++++++++++
5 files changed, 343 insertions(+)
diff --git a/app-emulation/spice/files/0.13.1-CVE-2016-0749-p1.patch b/app-emulation/spice/files/0.13.1-CVE-2016-0749-p1.patch
new file mode 100644
index 0000000..cd1c8ef
--- /dev/null
+++ b/app-emulation/spice/files/0.13.1-CVE-2016-0749-p1.patch
@@ -0,0 +1,56 @@
+From fd4a179a15882234f86ded87905a240dc76a9445 Mon Sep 17 00:00:00 2001
+From: Matthias Maier <tamiko@43-1.org>
+Date: Tue, 14 Jun 2016 00:08:05 -0500
+Subject: [PATCH 1/2] Port fix for CVE-2016-0749 to 0.13.1, part I
+
+This is a port of
+
+ 0065-smartcard-add-a-ref-to-item-before-adding-to-pipe.patch
+
+to version 0.13.1
+
+Original commit message:
+
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Marc-Andre Lureau <marcandre.lureau@redhat.com>
+Date: Thu, 17 Dec 2015 18:13:47 +0100
+Subject: [PATCH] smartcard: add a ref to item before adding to pipe
+
+There is an unref when the message is sent.
+
+[...]
+
+Signed-off-by: Marc-Andre Lureau <marcandre.lureau@redhat.com>
+---
+ server/smartcard.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/server/smartcard.c b/server/smartcard.c
+index ba6f2f5..96e4295 100644
+--- a/server/smartcard.c
++++ b/server/smartcard.c
+@@ -181,14 +181,18 @@ static void smartcard_unref_msg_to_client(RedCharDeviceMsgToClient *msg,
+ smartcard_unref_vsc_msg_item((MsgItem *)msg);
+ }
+
+-static void smartcard_send_msg_to_client(RedCharDeviceMsgToClient *msg,
++static void smartcard_send_msg_to_client(RedCharDeviceMsgToClient *message,
+ RedClient *client,
+ void *opaque)
+ {
+ RedCharDeviceSmartcard *dev = opaque;
+- spice_assert(dev->priv->scc && dev->priv->scc->base.client == client);
+- smartcard_channel_client_pipe_add_push(&dev->priv->scc->base, &((MsgItem *)msg)->base);
+
++ MsgItem *msg = (MsgItem *)message;
++ PipeItem *item = &msg->base;
++
++ spice_assert(dev->priv->scc && dev->priv->scc->base.client == client);
++ smartcard_ref_vsc_msg_item(msg);
++ smartcard_channel_client_pipe_add_push(&dev->priv->scc->base, item);
+ }
+
+ static void smartcard_send_tokens_to_client(RedClient *client, uint32_t tokens, void *opaque)
+--
+2.7.3
+
diff --git a/app-emulation/spice/files/0.13.1-CVE-2016-0749-p2.patch b/app-emulation/spice/files/0.13.1-CVE-2016-0749-p2.patch
new file mode 100644
index 0000000..6a1895f
--- /dev/null
+++ b/app-emulation/spice/files/0.13.1-CVE-2016-0749-p2.patch
@@ -0,0 +1,50 @@
+From 4cd23b8378e68283c7c9cf0b1e25dae11cf69c3e Mon Sep 17 00:00:00 2001
+From: Matthias Maier <tamiko@43-1.org>
+Date: Tue, 14 Jun 2016 00:15:48 -0500
+Subject: [PATCH 2/2] Port fix for CVE-2016-0749 to 0.13.1, part II
+
+This is a port of
+
+ 0066-smartcard-allocate-msg-with-the-expected-size.patch
+
+to version 0.13.1
+
+Original commit message:
+
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Marc-Andre Lureau <marcandre.lureau@redhat.com>
+Date: Thu, 17 Dec 2015 18:16:22 +0100
+Subject: [PATCH] smartcard: allocate msg with the expected size
+
+[...]
+
+Signed-off-by: Marc-Andre Lureau <marcandre.lureau@redhat.com>
+---
+ server/smartcard.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/server/smartcard.c b/server/smartcard.c
+index 96e4295..c317512 100644
+--- a/server/smartcard.c
++++ b/server/smartcard.c
+@@ -313,7 +313,7 @@ static void smartcard_char_device_notify_reader_add(RedCharDeviceSmartcard *dev)
+ RedCharDeviceWriteBuffer *write_buf;
+ VSCMsgHeader *vheader;
+
+- write_buf = red_char_device_write_buffer_get(RED_CHAR_DEVICE(dev), NULL, sizeof(vheader));
++ write_buf = red_char_device_write_buffer_get(RED_CHAR_DEVICE(dev), NULL, sizeof(*vheader));
+ if (!write_buf) {
+ spice_error("failed to allocate write buffer");
+ return;
+@@ -360,7 +360,7 @@ static void smartcard_char_device_notify_reader_remove(RedCharDeviceSmartcard *d
+ spice_debug("reader add was never sent to the device");
+ return;
+ }
+- write_buf = red_char_device_write_buffer_get(RED_CHAR_DEVICE(dev), NULL, sizeof(vheader));
++ write_buf = red_char_device_write_buffer_get(RED_CHAR_DEVICE(dev), NULL, sizeof(*vheader));
+ if (!write_buf) {
+ spice_error("failed to allocate write buffer");
+ return;
+--
+2.7.3
+
diff --git a/app-emulation/spice/files/0.13.1-CVE-2016-2150-p1.patch b/app-emulation/spice/files/0.13.1-CVE-2016-2150-p1.patch
new file mode 100644
index 0000000..e814975
--- /dev/null
+++ b/app-emulation/spice/files/0.13.1-CVE-2016-2150-p1.patch
@@ -0,0 +1,109 @@
+From fc06265c3780e05503410a6646d1434e15d25b03 Mon Sep 17 00:00:00 2001
+From: Frediano Ziglio <fziglio@redhat.com>
+Date: Mon, 29 Feb 2016 14:24:03 +0000
+Subject: [PATCH 1/2] factor out red_validate_surface function to validate
+ surface parameters
+
+Make possible to reuse it outside red-parse-qxl.c.
+
+Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
+Acked-by: Christophe Fergeau <cfergeau@redhat.com>
+---
+ server/red-parse-qxl.c | 49 ++++++++++++++++++++++++++++++++-----------------
+ server/red-parse-qxl.h | 3 +++
+ 2 files changed, 35 insertions(+), 17 deletions(-)
+
+diff --git a/server/red-parse-qxl.c b/server/red-parse-qxl.c
+index 18b7ea6..b462311 100644
+--- a/server/red-parse-qxl.c
++++ b/server/red-parse-qxl.c
+@@ -1327,13 +1327,41 @@ static unsigned int surface_format_to_bpp(uint32_t format)
+ return 0;
+ }
+
++bool red_validate_surface(uint32_t width, uint32_t height,
++ int32_t stride, uint32_t format)
++{
++ unsigned int bpp;
++ uint64_t size;
++
++ bpp = surface_format_to_bpp(format);
++
++ /* check if format is valid */
++ if (!bpp) {
++ return false;
++ }
++
++ /* check stride is larger than required bytes */
++ size = ((uint64_t) width * bpp + 7u) / 8u;
++ /* the uint32_t conversion is here to avoid problems with -2^31 value */
++ if (stride == G_MININT32 || size > (uint32_t) abs(stride)) {
++ return false;
++ }
++
++ /* the multiplication can overflow, also abs(-2^31) may return a negative value */
++ size = (uint64_t) height * abs(stride);
++ if (size > MAX_DATA_CHUNK) {
++ return false;
++ }
++
++ return true;
++}
++
+ int red_get_surface_cmd(RedMemSlotInfo *slots, int group_id,
+ RedSurfaceCmd *red, QXLPHYSICAL addr)
+ {
+ QXLSurfaceCmd *qxl;
+ uint64_t size;
+ int error;
+- unsigned int bpp;
+
+ qxl = (QXLSurfaceCmd *)memslot_get_virt(slots, addr, sizeof(*qxl), group_id,
+ &error);
+@@ -1353,26 +1381,13 @@ int red_get_surface_cmd(RedMemSlotInfo *slots, int group_id,
+ red->u.surface_create.width = qxl->u.surface_create.width;
+ red->u.surface_create.height = qxl->u.surface_create.height;
+ red->u.surface_create.stride = qxl->u.surface_create.stride;
+- bpp = surface_format_to_bpp(red->u.surface_create.format);
+
+- /* check if format is valid */
+- if (!bpp) {
++ if (!red_validate_surface(red->u.surface_create.width, red->u.surface_create.height,
++ red->u.surface_create.stride, red->u.surface_create.format)) {
+ return 1;
+ }
+
+- /* check stride is larger than required bytes */
+- size = ((uint64_t) red->u.surface_create.width * bpp + 7u) / 8u;
+- /* the uint32_t conversion is here to avoid problems with -2^31 value */
+- if (red->u.surface_create.stride == G_MININT32
+- || size > (uint32_t) abs(red->u.surface_create.stride)) {
+- return 1;
+- }
+-
+- /* the multiplication can overflow, also abs(-2^31) may return a negative value */
+- size = (uint64_t) red->u.surface_create.height * abs(red->u.surface_create.stride);
+- if (size > MAX_DATA_CHUNK) {
+- return 1;
+- }
++ size = red->u.surface_create.height * abs(red->u.surface_create.stride);
+ red->u.surface_create.data =
+ (uint8_t*)memslot_get_virt(slots, qxl->u.surface_create.data, size, group_id, &error);
+ if (error) {
+diff --git a/server/red-parse-qxl.h b/server/red-parse-qxl.h
+index 9c30572..72a57b4 100644
+--- a/server/red-parse-qxl.h
++++ b/server/red-parse-qxl.h
+@@ -127,6 +127,9 @@ int red_get_message(RedMemSlotInfo *slots, int group_id,
+ RedMessage *red, QXLPHYSICAL addr);
+ void red_put_message(RedMessage *red);
+
++bool red_validate_surface(uint32_t width, uint32_t height,
++ int32_t stride, uint32_t format);
++
+ int red_get_surface_cmd(RedMemSlotInfo *slots, int group_id,
+ RedSurfaceCmd *red, QXLPHYSICAL addr);
+ void red_put_surface_cmd(RedSurfaceCmd *red);
+--
+2.7.3
+
diff --git a/app-emulation/spice/files/0.13.1-CVE-2016-2150-p2.patch b/app-emulation/spice/files/0.13.1-CVE-2016-2150-p2.patch
new file mode 100644
index 0000000..a452969
--- /dev/null
+++ b/app-emulation/spice/files/0.13.1-CVE-2016-2150-p2.patch
@@ -0,0 +1,50 @@
+From b1c167bb9e8047e93bfd43a43832963c8e830f5b Mon Sep 17 00:00:00 2001
+From: Frediano Ziglio <fziglio@redhat.com>
+Date: Wed, 2 Mar 2016 12:35:41 +0000
+Subject: [PATCH 2/2] improve primary surface parameter checks
+
+Primary surface, as additional surfaces, can be used to access
+host memory from the guest using invalid parameters.
+
+The removed warning is not enough to prevent all cases. Also a warning
+is not enough to stop an escalation to happen.
+The red_validate_surface do different checks to make sure surface
+request is valid and not cause possible buffer/integer overflows:
+- format is valid;
+- width is not large to cause overflow compared to stride;
+- stride is not -2^31 (a number which negate is still <0);
+- stride * height does not overflow.
+
+This fixes https://bugzilla.redhat.com/show_bug.cgi?id=1312980.
+
+Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
+Acked-by: Christophe Fergeau <cfergeau@redhat.com>
+---
+ server/red-worker.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/server/red-worker.c b/server/red-worker.c
+index 241c300..c7fc8bd 100644
+--- a/server/red-worker.c
++++ b/server/red-worker.c
+@@ -681,8 +681,15 @@ static void dev_create_primary_surface(RedWorker *worker, uint32_t surface_id,
+ spice_debug(NULL);
+ spice_warn_if_fail(surface_id == 0);
+ spice_warn_if_fail(surface.height != 0);
+- spice_warn_if_fail(((uint64_t)abs(surface.stride) * (uint64_t)surface.height) ==
+- abs(surface.stride) * surface.height);
++
++ /* surface can arrive from guest unchecked so make sure
++ * guest is not a malicious one and drop invalid requests
++ */
++ if (!red_validate_surface(surface.width, surface.height,
++ surface.stride, surface.format)) {
++ spice_warning("wrong primary surface creation request");
++ return;
++ }
+
+ line_0 = (uint8_t*)memslot_get_virt(&worker->mem_slots, surface.mem,
+ surface.height * abs(surface.stride),
+--
+2.7.3
+
diff --git a/app-emulation/spice/spice-0.13.1-r2.ebuild b/app-emulation/spice/spice-0.13.1-r2.ebuild
new file mode 100644
index 0000000..960c1c9
--- /dev/null
+++ b/app-emulation/spice/spice-0.13.1-r2.ebuild
@@ -0,0 +1,78 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+PYTHON_COMPAT=( python{2_7,3_4} )
+
+inherit eutils python-any-r1
+
+DESCRIPTION="SPICE server"
+HOMEPAGE="http://spice-space.org/"
+SRC_URI="http://spice-space.org/download/releases/${P}.tar.bz2"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="libressl lz4 sasl smartcard static-libs"
+
+# the libspice-server only uses the headers of libcacard
+RDEPEND="
+ >=dev-libs/glib-2.22:2[static-libs(+)?]
+ >=media-libs/celt-0.5.1.1:0.5.1[static-libs(+)?]
+ media-libs/opus[static-libs(+)?]
+ sys-libs/zlib[static-libs(+)?]
+ virtual/jpeg:0=[static-libs(+)?]
+ >=x11-libs/pixman-0.17.7[static-libs(+)?]
+ !libressl? ( dev-libs/openssl:0[static-libs(+)?] )
+ libressl? ( dev-libs/libressl[static-libs(+)?] )
+ lz4? ( app-arch/lz4 )
+ smartcard? ( >=app-emulation/libcacard-0.1.2 )
+ sasl? ( dev-libs/cyrus-sasl[static-libs(+)?] )"
+
+DEPEND="
+ ~app-emulation/spice-protocol-0.12.11
+ virtual/pkgconfig
+ $(python_gen_any_dep '
+ >=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}]
+ dev-python/six[${PYTHON_USEDEP}]
+ ')
+ smartcard? ( app-emulation/qemu[smartcard] )
+ ${RDEPEND}"
+
+python_check_deps() {
+ has_version ">=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}]"
+ has_version "dev-python/six[${PYTHON_USEDEP}]"
+}
+
+pkg_setup() {
+ [[ ${MERGE_TYPE} != binary ]] && python-any-r1_pkg_setup
+}
+
+# maintainer notes:
+# * opengl support is currently broken
+
+src_prepare() {
+ epatch \
+ "${FILESDIR}"/${PV}-CVE-2016-0749-p1.patch \
+ "${FILESDIR}"/${PV}-CVE-2016-0749-p2.patch \
+ "${FILESDIR}"/${PV}-CVE-2016-2150-p1.patch \
+ "${FILESDIR}"/${PV}-CVE-2016-2150-p2.patch
+
+ epatch_user
+}
+
+src_configure() {
+ econf \
+ $(use_enable static-libs static) \
+ $(use_enable lz4) \
+ $(use_with sasl) \
+ $(use_enable smartcard) \
+ --disable-gui
+}
+
+src_install() {
+ default
+ use static-libs || prune_libtool_files
+}
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-emulation/spice/, app-emulation/spice/files/
@ 2016-06-14 5:46 Matthias Maier
0 siblings, 0 replies; 9+ messages in thread
From: Matthias Maier @ 2016-06-14 5:46 UTC (permalink / raw
To: gentoo-commits
commit: e78aee5d6b747e4dd0c6aed30b959107957a7c17
Author: Matthias Maier <tamiko <AT> gentoo <DOT> org>
AuthorDate: Tue Jun 14 04:39:52 2016 +0000
Commit: Matthias Maier <tamiko <AT> gentoo <DOT> org>
CommitDate: Tue Jun 14 05:46:46 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e78aee5d
app-emulation/spice: fix vuln 0.12.7, bug #584126
Apply the following patches to 0.12.7:
CVE-2016-2150:
0067-create-a-function-to-validate-surface-parameters.patch
0068-improve-primary-surface-parameter-checks.patch
CVE-2016-0749:
0065-smartcard-add-a-ref-to-item-before-adding-to-pipe.patch
0066-smartcard-allocate-msg-with-the-expected-size.patch
Gentoo-Bug: 584126
Package-Manager: portage-2.2.28
Signed-off-by: Matthias Maier <tamiko <AT> gentoo.org>
.../spice/files/0.12.6-CVE-2016-0749-p1.patch | 89 +++++++++++++++
.../spice/files/0.12.6-CVE-2016-0749-p2.patch | 61 +++++++++++
.../spice/files/0.12.6-CVE-2016-2150-p1.patch | 121 +++++++++++++++++++++
.../spice/files/0.12.6-CVE-2016-2150-p2.patch | 33 ++++++
app-emulation/spice/spice-0.12.7-r1.ebuild | 76 +++++++++++++
5 files changed, 380 insertions(+)
diff --git a/app-emulation/spice/files/0.12.6-CVE-2016-0749-p1.patch b/app-emulation/spice/files/0.12.6-CVE-2016-0749-p1.patch
new file mode 100644
index 0000000..2d79fbb
--- /dev/null
+++ b/app-emulation/spice/files/0.12.6-CVE-2016-0749-p1.patch
@@ -0,0 +1,89 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Marc-Andre Lureau <marcandre.lureau@redhat.com>
+Date: Thu, 17 Dec 2015 18:13:47 +0100
+Subject: [PATCH] smartcard: add a ref to item before adding to pipe
+
+There is an unref when the message is sent.
+
+==17204== ERROR: AddressSanitizer: heap-use-after-free on address 0x6008000144a8 at pc 0x7fffee0ce245 bp 0x7fffffffc630 sp 0x7fffffffc620
+READ of size 4 at 0x6008000144a8 thread T0
+ #0 0x7fffee0ce244 in smartcard_unref_vsc_msg_item /home/elmarco/src/spice/spice/server/smartcard.c:608
+ #1 0x7fffee0cb451 in smartcard_unref_msg_to_client /home/elmarco/src/spice/spice/server/smartcard.c:178
+ #2 0x7fffedfcdf14 in spice_char_device_read_from_device /home/elmarco/src/spice/spice/server/char-device.c:330
+ #3 0x7fffedfd1763 in spice_char_device_wakeup /home/elmarco/src/spice/spice/server/char-device.c:901
+ #4 0x7fffee05da98 in spice_server_char_device_wakeup /home/elmarco/src/spice/spice/server/reds.c:2990
+ #5 0x55555593fa34 in spice_chr_write /home/elmarco/src/qemu/spice-qemu-char.c:189
+ #6 0x5555559375f1 in qemu_chr_fe_write /home/elmarco/src/qemu/qemu-char.c:220
+ #7 0x555555b3b682 in ccid_card_vscard_send_msg.isra.2 /home/elmarco/src/qemu/hw/usb/ccid-card-passthru.c:76
+ #8 0x555555b3c466 in ccid_card_vscard_send_error /home/elmarco/src/qemu/hw/usb/ccid-card-passthru.c:91
+ #9 0x555555b3c466 in ccid_card_vscard_handle_message /home/elmarco/src/qemu/hw/usb/ccid-card-passthru.c:242
+ #10 0x555555b3c466 in ccid_card_vscard_read /home/elmarco/src/qemu/hw/usb/ccid-card-passthru.c:289
+ #11 0x55555593f169 in vmc_write /home/elmarco/src/qemu/spice-qemu-char.c:41
+ #12 0x7fffedfcee6d in spice_char_device_write_to_device /home/elmarco/src/spice/spice/server/char-device.c:477
+ #13 0x7fffedfcfd31 in spice_char_device_write_buffer_add /home/elmarco/src/spice/spice/server/char-device.c:629
+ #14 0x7fffee0ce9df in smartcard_channel_write_to_reader /home/elmarco/src/spice/spice/server/smartcard.c:675
+ #15 0x7fffee0cc7db in smartcard_char_device_notify_reader_add /home/elmarco/src/spice/spice/server/smartcard.c:341
+ #16 0x7fffee0ce4f3 in smartcard_add_reader /home/elmarco/src/spice/spice/server/smartcard.c:648
+ #17 0x7fffee0cf2e2 in smartcard_channel_handle_message /home/elmarco/src/spice/spice/server/smartcard.c:763
+ #18 0x7fffedffe21f in red_peer_handle_incoming /home/elmarco/src/spice/spice/server/red-channel.c:307
+ #19 0x7fffedffe4f6 in red_channel_client_receive /home/elmarco/src/spice/spice/server/red-channel.c:325
+ #20 0x7fffee00726c in red_channel_client_event /home/elmarco/src/spice/spice/server/red-channel.c:1566
+ #21 0x555555c3c53d in qemu_iohandler_poll /home/elmarco/src/qemu/iohandler.c:143
+ #22 0x555555c3b800 in main_loop_wait /home/elmarco/src/qemu/main-loop.c:504
+ #23 0x5555556f160c in main_loop /home/elmarco/src/qemu/vl.c:1818
+ #24 0x5555556f160c in main /home/elmarco/src/qemu/vl.c:4394
+ #25 0x7fffed7d0b14 in __libc_start_main /usr/src/debug/glibc-2.17-c758a686/csu/libc-start.c:274
+ #26 0x5555556f9c20 in _start (/home/elmarco/src/qemu/x86_64-softmmu/qemu-system-x86_64+0x1a5c20)
+0x6008000144a8 is located 24 bytes inside of 40-byte region [0x600800014490,0x6008000144b8)
+freed by thread T0 here:
+ #0 0x7ffff4e61009 in __interceptor_free /usr/src/debug/gcc-4.8.5-20150702/obj-x86_64-redhat-linux/x86_64-redhat-linux/libsanitizer/asan/../../../../libsanitizer/asan/asan_malloc_linux.cc:61
+ #1 0x7fffee0ce2a1 in smartcard_unref_vsc_msg_item /home/elmarco/src/spice/spice/server/smartcard.c:610
+ #2 0x7fffee0cdd58 in smartcard_channel_release_pipe_item /home/elmarco/src/spice/spice/server/smartcard.c:548
+ #3 0x7fffee000668 in red_channel_client_release_item /home/elmarco/src/spice/spice/server/red-channel.c:602
+ #4 0x7fffee0006ef in red_channel_client_release_sent_item /home/elmarco/src/spice/spice/server/red-channel.c:609
+ #5 0x7fffee0007b5 in red_channel_peer_on_out_msg_done /home/elmarco/src/spice/spice/server/red-channel.c:620
+ #6 0x7fffedffed7e in red_peer_handle_outgoing /home/elmarco/src/spice/spice/server/red-channel.c:385
+ #7 0x7fffee0057bb in red_channel_client_send /home/elmarco/src/spice/spice/server/red-channel.c:1294
+ #8 0x7fffee0076e6 in red_channel_client_begin_send_message /home/elmarco/src/spice/spice/server/red-channel.c:1605
+ #9 0x7fffee0cdccd in smartcard_channel_send_item /home/elmarco/src/spice/spice/server/smartcard.c:541
+ #10 0x7fffee000570 in red_channel_client_send_item /home/elmarco/src/spice/spice/server/red-channel.c:588
+ #11 0x7fffee005bfb in red_channel_client_push /home/elmarco/src/spice/spice/server/red-channel.c:1347
+ #12 0x7fffee007ef7 in red_channel_client_pipe_add_push /home/elmarco/src/spice/spice/server/red-channel.c:1673
+ #13 0x7fffee0cde4d in smartcard_channel_client_pipe_add_push /home/elmarco/src/spice/spice/server/smartcard.c:571
+ #14 0x7fffee0cb567 in smartcard_send_msg_to_client /home/elmarco/src/spice/spice/server/smartcard.c:187
+ #15 0x7fffedfcdba2 in spice_char_device_send_msg_to_clients /home/elmarco/src/spice/spice/server/char-device.c:282
+ #16 0x7fffedfcdea4 in spice_char_device_read_from_device /home/elmarco/src/spice/spice/server/char-device.c:329
+ #17 0x7fffedfd1763 in spice_char_device_wakeup /home/elmarco/src/spice/spice/server/char-device.c:901
+ #18 0x7fffee05da98 in spice_server_char_device_wakeup /home/elmarco/src/spice/spice/server/reds.c:2990
+ #19 0x55555593fa34 in spice_chr_write /home/elmarco/src/qemu/spice-qemu-char.c:189
+
+Signed-off-by: Marc-Andre Lureau <marcandre.lureau@redhat.com>
+---
+ server/smartcard.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/server/smartcard.c b/server/smartcard.c
+index aad22aa..8d529fe 100644
+--- a/server/smartcard.c
++++ b/server/smartcard.c
+@@ -172,14 +172,17 @@ static void smartcard_unref_msg_to_client(SpiceCharDeviceMsgToClient *msg,
+ smartcard_unref_vsc_msg_item((MsgItem *)msg);
+ }
+
+-static void smartcard_send_msg_to_client(SpiceCharDeviceMsgToClient *msg,
++static void smartcard_send_msg_to_client(SpiceCharDeviceMsgToClient *message,
+ RedClient *client,
+ void *opaque)
+ {
+ SmartCardDeviceState *dev = opaque;
+- spice_assert(dev->scc && dev->scc->base.client == client);
+- smartcard_channel_client_pipe_add_push(&dev->scc->base, &((MsgItem *)msg)->base);
++ MsgItem *msg = (MsgItem *)message;
++ PipeItem *item = &msg->base;
+
++ spice_assert(dev->scc && dev->scc->base.client == client);
++ smartcard_ref_vsc_msg_item(msg);
++ smartcard_channel_client_pipe_add_push(&dev->scc->base, item);
+ }
+
+ static void smartcard_send_tokens_to_client(RedClient *client, uint32_t tokens, void *opaque)
diff --git a/app-emulation/spice/files/0.12.6-CVE-2016-0749-p2.patch b/app-emulation/spice/files/0.12.6-CVE-2016-0749-p2.patch
new file mode 100644
index 0000000..671fc43
--- /dev/null
+++ b/app-emulation/spice/files/0.12.6-CVE-2016-0749-p2.patch
@@ -0,0 +1,61 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Marc-Andre Lureau <marcandre.lureau@redhat.com>
+Date: Thu, 17 Dec 2015 18:16:22 +0100
+Subject: [PATCH] smartcard: allocate msg with the expected size
+
+==529== ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60040009c098 at pc 0x7fffee0eda6d bp 0x7fffffffcd00 sp 0x7fffffffccf0
+WRITE of size 4 at 0x60040009c098 thread T0
+ #0 0x7fffee0eda6c in smartcard_char_device_notify_reader_add /home/elmarco/pkg/spice/spice-0.12.4/server/smartcard.c:334
+ #1 0x7fffee0ef783 in smartcard_add_reader /home/elmarco/pkg/spice/spice-0.12.4/server/smartcard.c:642
+ #2 0x7fffee0f0568 in smartcard_channel_handle_message /home/elmarco/pkg/spice/spice-0.12.4/server/smartcard.c:757
+ #3 0x7fffee032f3f in red_peer_handle_incoming /home/elmarco/pkg/spice/spice-0.12.4/server/red_channel.c:304
+ #4 0x7fffee033216 in red_channel_client_receive /home/elmarco/pkg/spice/spice-0.12.4/server/red_channel.c:322
+ #5 0x7fffee03bf1f in red_channel_client_event /home/elmarco/pkg/spice/spice-0.12.4/server/red_channel.c:1561
+ #6 0x555555c3c53d in qemu_iohandler_poll /home/elmarco/src/qemu/iohandler.c:143
+ #7 0x555555c3b800 in main_loop_wait /home/elmarco/src/qemu/main-loop.c:504
+ #8 0x5555556f160c in main_loop /home/elmarco/src/qemu/vl.c:1818
+ #9 0x5555556f160c in main /home/elmarco/src/qemu/vl.c:4394
+ #10 0x7fffed80eb14 in __libc_start_main /usr/src/debug/glibc-2.17-c758a686/csu/libc-start.c:274
+ #11 0x5555556f9c20 in _start (/home/elmarco/src/qemu/x86_64-softmmu/qemu-system-x86_64+0x1a5c20)
+0x60040009c098 is located 0 bytes to the right of 8-byte region [0x60040009c090,0x60040009c098)
+allocated by thread T0 here:
+ #0 0x7ffff4e612be in __interceptor_realloc /usr/src/debug/gcc-4.8.5-20150702/obj-x86_64-redhat-linux/x86_64-redhat-linux/libsanitizer/asan/../../../../libsanitizer/asan/asan_malloc_linux.cc:92
+ #1 0x7fffee121308 in spice_realloc /home/elmarco/pkg/spice/spice-0.12.4/spice-common/common/mem.c:123
+ #2 0x7fffee004a48 in __spice_char_device_write_buffer_get /home/elmarco/pkg/spice/spice-0.12.4/server/char_device.c:516
+ #3 0x7fffee004e87 in spice_char_device_write_buffer_get /home/elmarco/pkg/spice/spice-0.12.4/server/char_device.c:557
+ #4 0x7fffee0ed8b9 in smartcard_char_device_notify_reader_add /home/elmarco/pkg/spice/spice-0.12.4/server/smartcard.c:325
+ #5 0x7fffee0ef783 in smartcard_add_reader /home/elmarco/pkg/spice/spice-0.12.4/server/smartcard.c:642
+ #6 0x7fffee0f0568 in smartcard_channel_handle_message /home/elmarco/pkg/spice/spice-0.12.4/server/smartcard.c:757
+ #7 0x7fffee032f3f in red_peer_handle_incoming /home/elmarco/pkg/spice/spice-0.12.4/server/red_channel.c:304
+ #8 0x7fffee033216 in red_channel_client_receive /home/elmarco/pkg/spice/spice-0.12.4/server/red_channel.c:322
+ #9 0x7fffee03bf1f in red_channel_client_event /home/elmarco/pkg/spice/spice-0.12.4/server/red_channel.c:1561
+ #10 0x555555c3c53d in qemu_iohandler_poll /home/elmarco/src/qemu/iohandler.c:143
+SUMMARY: AddressSanitizer: heap-buffer-overflow /home/elmarco/pkg/spice/spice-0.12.4/server/smartcard.c:334 smartcard_char_device_notify_reader_add
+
+Signed-off-by: Marc-Andre Lureau <marcandre.lureau@redhat.com>
+---
+ server/smartcard.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/server/smartcard.c b/server/smartcard.c
+index 8d529fe..3043ad1 100644
+--- a/server/smartcard.c
++++ b/server/smartcard.c
+@@ -325,7 +325,7 @@ static void smartcard_char_device_notify_reader_add(SmartCardDeviceState *st)
+ SpiceCharDeviceWriteBuffer *write_buf;
+ VSCMsgHeader *vheader;
+
+- write_buf = spice_char_device_write_buffer_get(st->chardev_st, NULL, sizeof(vheader));
++ write_buf = spice_char_device_write_buffer_get(st->chardev_st, NULL, sizeof(*vheader));
+ if (!write_buf) {
+ spice_error("failed to allocate write buffer");
+ return;
+@@ -372,7 +372,7 @@ static void smartcard_char_device_notify_reader_remove(SmartCardDeviceState *st)
+ spice_debug("reader add was never sent to the device");
+ return;
+ }
+- write_buf = spice_char_device_write_buffer_get(st->chardev_st, NULL, sizeof(vheader));
++ write_buf = spice_char_device_write_buffer_get(st->chardev_st, NULL, sizeof(*vheader));
+ if (!write_buf) {
+ spice_error("failed to allocate write buffer");
+ return;
diff --git a/app-emulation/spice/files/0.12.6-CVE-2016-2150-p1.patch b/app-emulation/spice/files/0.12.6-CVE-2016-2150-p1.patch
new file mode 100644
index 0000000..a1f0c64
--- /dev/null
+++ b/app-emulation/spice/files/0.12.6-CVE-2016-2150-p1.patch
@@ -0,0 +1,121 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Frediano Ziglio <fziglio@redhat.com>
+Date: Mon, 29 Feb 2016 14:24:03 +0000
+Subject: [PATCH] create a function to validate surface parameters
+
+Make possible to reuse it outside red-parse-qxl.c
+
+Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
+---
+ server/red_parse_qxl.c | 50 ++++++++++++++++++++++++++++++++------------------
+ server/red_parse_qxl.h | 5 +++++
+ 2 files changed, 37 insertions(+), 18 deletions(-)
+
+diff --git a/server/red_parse_qxl.c b/server/red_parse_qxl.c
+index bd0c408..7dc6a4d 100644
+--- a/server/red_parse_qxl.c
++++ b/server/red_parse_qxl.c
+@@ -19,7 +19,6 @@
+ #include <config.h>
+ #endif
+
+-#include <stdbool.h>
+ #include <inttypes.h>
+ #include <glib.h>
+ #include "common/lz_common.h"
+@@ -1306,13 +1305,41 @@ static unsigned int surface_format_to_bpp(uint32_t format)
+ return 0;
+ }
+
++bool red_validate_surface(uint32_t width, uint32_t height,
++ int32_t stride, uint32_t format)
++{
++ unsigned int bpp;
++ uint64_t size;
++
++ bpp = surface_format_to_bpp(format);
++
++ /* check if format is valid */
++ if (!bpp) {
++ return false;
++ }
++
++ /* check stride is larger than required bytes */
++ size = ((uint64_t) width * bpp + 7u) / 8u;
++ /* the uint32_t conversion is here to avoid problems with -2^31 value */
++ if (stride == G_MININT32 || size > (uint32_t) abs(stride)) {
++ return false;
++ }
++
++ /* the multiplication can overflow, also abs(-2^31) may return a negative value */
++ size = (uint64_t) height * abs(stride);
++ if (size > MAX_DATA_CHUNK) {
++ return false;
++ }
++
++ return true;
++}
++
+ int red_get_surface_cmd(RedMemSlotInfo *slots, int group_id,
+ RedSurfaceCmd *red, QXLPHYSICAL addr)
+ {
+ QXLSurfaceCmd *qxl;
+ uint64_t size;
+ int error;
+- unsigned int bpp;
+
+ qxl = (QXLSurfaceCmd *)get_virt(slots, addr, sizeof(*qxl), group_id,
+ &error);
+@@ -1331,26 +1358,13 @@ int red_get_surface_cmd(RedMemSlotInfo *slots, int group_id,
+ red->u.surface_create.width = qxl->u.surface_create.width;
+ red->u.surface_create.height = qxl->u.surface_create.height;
+ red->u.surface_create.stride = qxl->u.surface_create.stride;
+- bpp = surface_format_to_bpp(red->u.surface_create.format);
+
+- /* check if format is valid */
+- if (!bpp) {
++ if (!red_validate_surface(red->u.surface_create.width, red->u.surface_create.height,
++ red->u.surface_create.stride, red->u.surface_create.format)) {
+ return 1;
+ }
+
+- /* check stride is larger than required bytes */
+- size = ((uint64_t) red->u.surface_create.width * bpp + 7u) / 8u;
+- /* the uint32_t conversion is here to avoid problems with -2^31 value */
+- if (red->u.surface_create.stride == G_MININT32
+- || size > (uint32_t) abs(red->u.surface_create.stride)) {
+- return 1;
+- }
+-
+- /* the multiplication can overflow, also abs(-2^31) may return a negative value */
+- size = (uint64_t) red->u.surface_create.height * abs(red->u.surface_create.stride);
+- if (size > MAX_DATA_CHUNK) {
+- return 1;
+- }
++ size = red->u.surface_create.height * abs(red->u.surface_create.stride);
+ red->u.surface_create.data =
+ (uint8_t*)get_virt(slots, qxl->u.surface_create.data, size, group_id, &error);
+ if (error) {
+diff --git a/server/red_parse_qxl.h b/server/red_parse_qxl.h
+index 3adc9fa..e18d8d0 100644
+--- a/server/red_parse_qxl.h
++++ b/server/red_parse_qxl.h
+@@ -19,6 +19,8 @@
+ #ifndef RED_ABI_TRANSLATE_H
+ #define RED_ABI_TRANSLATE_H
+
++#include <stdbool.h>
++
+ #include <spice/qxl_dev.h>
+ #include "red_common.h"
+ #include "red_memslots.h"
+@@ -128,6 +130,9 @@ int red_get_message(RedMemSlotInfo *slots, int group_id,
+ RedMessage *red, QXLPHYSICAL addr);
+ void red_put_message(RedMessage *red);
+
++bool red_validate_surface(uint32_t width, uint32_t height,
++ int32_t stride, uint32_t format);
++
+ int red_get_surface_cmd(RedMemSlotInfo *slots, int group_id,
+ RedSurfaceCmd *red, QXLPHYSICAL addr);
+ void red_put_surface_cmd(RedSurfaceCmd *red);
diff --git a/app-emulation/spice/files/0.12.6-CVE-2016-2150-p2.patch b/app-emulation/spice/files/0.12.6-CVE-2016-2150-p2.patch
new file mode 100644
index 0000000..8005e06
--- /dev/null
+++ b/app-emulation/spice/files/0.12.6-CVE-2016-2150-p2.patch
@@ -0,0 +1,33 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Frediano Ziglio <fziglio@redhat.com>
+Date: Mon, 29 Feb 2016 14:34:49 +0000
+Subject: [PATCH] improve primary surface parameter checks
+
+Primary surface, as additional surfaces, can be used to access
+host memory from the guest using invalid parameters.
+
+Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
+---
+ server/red_worker.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/server/red_worker.c b/server/red_worker.c
+index a7eaab9..f9179a6 100644
+--- a/server/red_worker.c
++++ b/server/red_worker.c
+@@ -11380,6 +11380,15 @@ static void dev_create_primary_surface(RedWorker *worker, uint32_t surface_id,
+ spice_warn_if(((uint64_t)abs(surface.stride) * (uint64_t)surface.height) !=
+ abs(surface.stride) * surface.height);
+
++ /* surface can arrive from guest unchecked so make sure
++ * guest is not a malicious one and drop invalid requests
++ */
++ if (!red_validate_surface(surface.width, surface.height,
++ surface.stride, surface.format)) {
++ spice_warning("wrong primary surface creation request");
++ return;
++ }
++
+ line_0 = (uint8_t*)get_virt(&worker->mem_slots, surface.mem,
+ surface.height * abs(surface.stride),
+ surface.group_id, &error);
diff --git a/app-emulation/spice/spice-0.12.7-r1.ebuild b/app-emulation/spice/spice-0.12.7-r1.ebuild
new file mode 100644
index 0000000..c5b93f6
--- /dev/null
+++ b/app-emulation/spice/spice-0.12.7-r1.ebuild
@@ -0,0 +1,76 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+PYTHON_COMPAT=( python2_7 python3_4 )
+
+inherit eutils python-any-r1
+
+DESCRIPTION="SPICE server"
+HOMEPAGE="http://spice-space.org/"
+SRC_URI="http://spice-space.org/download/releases/${P}.tar.bz2"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="libressl sasl smartcard static-libs"
+
+# the libspice-server only uses the headers of libcacard
+RDEPEND="
+ >=dev-libs/glib-2.22:2[static-libs(+)?]
+ >=media-libs/celt-0.5.1.1:0.5.1[static-libs(+)?]
+ media-libs/opus[static-libs(+)?]
+ sys-libs/zlib[static-libs(+)?]
+ virtual/jpeg:0=[static-libs(+)?]
+ >=x11-libs/pixman-0.17.7[static-libs(+)?]
+ !libressl? ( dev-libs/openssl:0[static-libs(+)?] )
+ libressl? ( dev-libs/libressl[static-libs(+)?] )
+ sasl? ( dev-libs/cyrus-sasl[static-libs(+)?] )"
+
+DEPEND="
+ ~app-emulation/spice-protocol-0.12.11
+ virtual/pkgconfig
+ $(python_gen_any_dep '
+ >=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}]
+ dev-python/six[${PYTHON_USEDEP}]
+ ')
+ smartcard? ( app-emulation/qemu[smartcard] )
+ ${RDEPEND}"
+
+python_check_deps() {
+ has_version ">=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}]"
+ has_version "dev-python/six[${PYTHON_USEDEP}]"
+}
+
+pkg_setup() {
+ [[ ${MERGE_TYPE} != binary ]] && python-any-r1_pkg_setup
+}
+
+# maintainer notes:
+# * opengl support is currently broken
+
+src_prepare() {
+ epatch \
+ "${FILESDIR}"/0.11.0-gold.patch \
+ "${FILESDIR}"/0.12.6-CVE-2016-0749-p1.patch \
+ "${FILESDIR}"/0.12.6-CVE-2016-0749-p2.patch \
+ "${FILESDIR}"/0.12.6-CVE-2016-2150-p1.patch \
+ "${FILESDIR}"/0.12.6-CVE-2016-2150-p2.patch
+
+ epatch_user
+}
+
+src_configure() {
+ econf \
+ $(use_enable static-libs static) \
+ $(use_with sasl) \
+ $(use_enable smartcard) \
+ --disable-gui
+}
+
+src_install() {
+ default
+ use static-libs || prune_libtool_files
+}
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-emulation/spice/, app-emulation/spice/files/
@ 2016-11-01 2:50 Yixun Lan
0 siblings, 0 replies; 9+ messages in thread
From: Yixun Lan @ 2016-11-01 2:50 UTC (permalink / raw
To: gentoo-commits
commit: 21553fd5fd80fdeef53848b820f870fb7744aa12
Author: Yixun Lan <dlan <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 1 02:45:56 2016 +0000
Commit: Yixun Lan <dlan <AT> gentoo <DOT> org>
CommitDate: Tue Nov 1 02:46:24 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=21553fd5
app-emulation/spice: upstream stable release bump
Package-Manager: portage-2.3.2
app-emulation/spice/Manifest | 1 +
.../spice/files/0.12.8-upstream-fix.patch | 36 +++++++++
app-emulation/spice/spice-0.12.8.ebuild | 87 ++++++++++++++++++++++
3 files changed, 124 insertions(+)
diff --git a/app-emulation/spice/Manifest b/app-emulation/spice/Manifest
index b1bc248..4bc4869 100644
--- a/app-emulation/spice/Manifest
+++ b/app-emulation/spice/Manifest
@@ -1,3 +1,4 @@
DIST spice-0.12.7.tar.bz2 1220405 SHA256 1c8e96cb9e833e23372e2f461508135903b697fd8c6daff565e9e87f6d2f6aba SHA512 a740d500d0ccad3edd1f2f71e51c5a120d6ae98e44125f33870c12f5d1eeb30b809e588d05b2d0cadb4216e889b38e57d2278916817538311b875ff22e3b31ae WHIRLPOOL 61ffa3e280a346a2667ddd38dcfd63ffa6c1e6efd0f05da4fad43b00ca5e1a1587411a907b929b75e4d1e72ebcef29621ccdd76dfb313e8f3a5513a5a367132b
+DIST spice-0.12.8.tar.bz2 1223778 SHA256 f901a5c5873d61acac84642f9eea5c4d6386fc3e525c2b68792322794e1c407d SHA512 6485d3522af1cde93d2c0abad7f7ef9f2e4d3e5049314fb93b6dd4b86e33d67d353a3ff42a355c8fd991bad447bbde1e6320c083bbc6f02b576bd9cebe7269ed WHIRLPOOL 9363254a4b072e8c06e7c0ea4d25dd4b068e4700cbb4fdaabc9f8fe9291e2f67afc321b0d56c2b6f46153b3f6bd7d6c96341437053b0410808fb95ddd01354fb
DIST spice-0.13.1.tar.bz2 1245323 SHA256 9ecb130424da02e90c235c1294f6e759d7c676c5e710587a5c98a1f20f991da2 SHA512 a8e65cc02c802686f2e0c21615401e13b337e050c40938bebefa684abc1ce0e2d478136d0fec481a8ee30ed98f2e2fb909dfbf6cd65e9dfd7093d59f825b95d5 WHIRLPOOL 068d7d26f18435995546d84b0d8d81ced4973773303463e597cf05e1c5accd9ac8554f22032eb55827bebbe6c0fc14915455da24c58fc70b135d955fe3442db7
DIST spice-0.13.2.tar.bz2 1284734 SHA256 045a1f145d8207ecf33105c8a8917252c1201c45791fdc544733465a37974954 SHA512 7220c6550446a8077522442bd518cff68439bb0b00ee199920b32a97c3655ccad75a0cdfc822a99be678e6098ad33698b26340caddae0400403490a89137d367 WHIRLPOOL f2bd409e87203c2bbe481e6b6ba9ae3c6cfee0e67b0dd5073c97e9ff14d9c02a7cec0606700717ce9c25e478a38eefc925f9c797697981528f357464f388b65d
diff --git a/app-emulation/spice/files/0.12.8-upstream-fix.patch b/app-emulation/spice/files/0.12.8-upstream-fix.patch
new file mode 100644
index 00000000..fcc1855
--- /dev/null
+++ b/app-emulation/spice/files/0.12.8-upstream-fix.patch
@@ -0,0 +1,36 @@
+commit 1d597f4b1a6bbeaf3dda998413a1e3cef2e40681
+Author: Marc-André Lureau <marcandre.lureau@redhat.com>
+Date: Wed Jul 20 17:16:31 2016 +0400
+
+ Call migrate_end_complete() after falling back to switch-host
+
+ Eventually, during a seamless migration, qemu may finish to migrate
+ before the spice client even finished to connect all channels to
+ destination and informed the server. In this case,
+ main_channel_client_migrate_src_complete() will fall back to
+ switch-host method, and reds_mig_fill_wait_disconnect() is called to
+ complete the migration (disconnecting all channels).
+
+ reds_mig_cleanup() is called when all channels are disconnected, but
+ reds->mig_wait_connect is still TRUE, and it will call
+ migrate_connect_complete() instead of the expected
+ migrate_end_complete(). Setting reds->mig_wait_connect to FALSE when
+ reds_mig_fill_wait_disconnect() solves the issue.
+
+ Fixes:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1352836
+
+ Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+
+diff --git a/server/reds.c b/server/reds.c
+index 61bf735..f40b65c 100644
+--- a/server/reds.c
++++ b/server/reds.c
+@@ -2816,6 +2816,7 @@ static void reds_mig_fill_wait_disconnect(void)
+ wait_client->client = client;
+ ring_add(&reds->mig_wait_disconnect_clients, &wait_client->link);
+ }
++ reds->mig_wait_connect = FALSE;
+ reds->mig_wait_disconnect = TRUE;
+ core->timer_start(reds->mig_timer, MIGRATE_TIMEOUT);
+ }
diff --git a/app-emulation/spice/spice-0.12.8.ebuild b/app-emulation/spice/spice-0.12.8.ebuild
new file mode 100644
index 00000000..7cbe1ee
--- /dev/null
+++ b/app-emulation/spice/spice-0.12.8.ebuild
@@ -0,0 +1,87 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+PYTHON_COMPAT=( python2_7 python3_4 )
+
+inherit eutils python-any-r1
+
+DESCRIPTION="SPICE server"
+HOMEPAGE="http://spice-space.org/"
+SRC_URI="http://spice-space.org/download/releases/${P}.tar.bz2"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="libressl sasl smartcard static-libs"
+
+# the libspice-server only uses the headers of libcacard
+RDEPEND="
+ >=dev-libs/glib-2.22:2[static-libs(+)?]
+ >=media-libs/celt-0.5.1.1:0.5.1[static-libs(+)?]
+ media-libs/opus[static-libs(+)?]
+ sys-libs/zlib[static-libs(+)?]
+ virtual/jpeg:0=[static-libs(+)?]
+ >=x11-libs/pixman-0.17.7[static-libs(+)?]
+ !libressl? ( dev-libs/openssl:0[static-libs(+)?] )
+ libressl? ( dev-libs/libressl[static-libs(+)?] )
+ sasl? ( dev-libs/cyrus-sasl[static-libs(+)?] )"
+
+DEPEND="
+ ~app-emulation/spice-protocol-0.12.11
+ virtual/pkgconfig
+ $(python_gen_any_dep '
+ >=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}]
+ dev-python/six[${PYTHON_USEDEP}]
+ ')
+ smartcard? ( app-emulation/qemu[smartcard] )
+ ${RDEPEND}"
+
+python_check_deps() {
+ has_version ">=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}]"
+ has_version "dev-python/six[${PYTHON_USEDEP}]"
+}
+
+pkg_setup() {
+ [[ ${MERGE_TYPE} != binary ]] && python-any-r1_pkg_setup
+}
+
+# maintainer notes:
+# * opengl support is currently broken
+
+src_prepare() {
+ epatch \
+ "${FILESDIR}"/0.11.0-gold.patch \
+ "${FILESDIR}"/0.12.8-upstream-fix.patch
+
+ epatch_user
+}
+
+src_configure() {
+ # Prevent sandbox violations, bug #586560
+ # https://bugzilla.gnome.org/show_bug.cgi?id=744134
+ # https://bugzilla.gnome.org/show_bug.cgi?id=744135
+ addpredict /dev
+
+ econf \
+ $(use_enable static-libs static) \
+ $(use_with sasl) \
+ $(use_enable smartcard) \
+ --disable-gui
+}
+
+src_compile() {
+ # Prevent sandbox violations, bug #586560
+ # https://bugzilla.gnome.org/show_bug.cgi?id=744134
+ # https://bugzilla.gnome.org/show_bug.cgi?id=744135
+ addpredict /dev
+
+ default
+}
+
+src_install() {
+ default
+ use static-libs || prune_libtool_files
+}
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-emulation/spice/, app-emulation/spice/files/
@ 2017-05-11 5:07 Matthias Maier
0 siblings, 0 replies; 9+ messages in thread
From: Matthias Maier @ 2017-05-11 5:07 UTC (permalink / raw
To: gentoo-commits
commit: 24492876545e0acf680e214f8547a2e739f89a9e
Author: Matthias Maier <tamiko <AT> gentoo <DOT> org>
AuthorDate: Thu May 11 04:36:38 2017 +0000
Commit: Matthias Maier <tamiko <AT> gentoo <DOT> org>
CommitDate: Thu May 11 04:37:33 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=24492876
app-emulation/spice: drop versions 0.12.8, 0.13.1, 0.13.2
Package-Manager: Portage-2.3.5, Repoman-2.3.2
app-emulation/spice/Manifest | 3 -
.../spice/files/0.12.8-upstream-fix.patch | 36 -------
.../spice/files/0.13.1-CVE-2016-0749-p1.patch | 56 -----------
.../spice/files/0.13.1-CVE-2016-0749-p2.patch | 50 ----------
.../spice/files/0.13.1-CVE-2016-2150-p1.patch | 109 ---------------------
.../spice/files/0.13.1-CVE-2016-2150-p2.patch | 50 ----------
app-emulation/spice/spice-0.12.8.ebuild | 86 ----------------
app-emulation/spice/spice-0.13.1-r2.ebuild | 91 -----------------
app-emulation/spice/spice-0.13.2.ebuild | 88 -----------------
9 files changed, 569 deletions(-)
diff --git a/app-emulation/spice/Manifest b/app-emulation/spice/Manifest
index 61803b6991c..8e228b69b86 100644
--- a/app-emulation/spice/Manifest
+++ b/app-emulation/spice/Manifest
@@ -1,5 +1,2 @@
DIST spice-0.12.7.tar.bz2 1220405 SHA256 1c8e96cb9e833e23372e2f461508135903b697fd8c6daff565e9e87f6d2f6aba SHA512 a740d500d0ccad3edd1f2f71e51c5a120d6ae98e44125f33870c12f5d1eeb30b809e588d05b2d0cadb4216e889b38e57d2278916817538311b875ff22e3b31ae WHIRLPOOL 61ffa3e280a346a2667ddd38dcfd63ffa6c1e6efd0f05da4fad43b00ca5e1a1587411a907b929b75e4d1e72ebcef29621ccdd76dfb313e8f3a5513a5a367132b
-DIST spice-0.12.8.tar.bz2 1223778 SHA256 f901a5c5873d61acac84642f9eea5c4d6386fc3e525c2b68792322794e1c407d SHA512 6485d3522af1cde93d2c0abad7f7ef9f2e4d3e5049314fb93b6dd4b86e33d67d353a3ff42a355c8fd991bad447bbde1e6320c083bbc6f02b576bd9cebe7269ed WHIRLPOOL 9363254a4b072e8c06e7c0ea4d25dd4b068e4700cbb4fdaabc9f8fe9291e2f67afc321b0d56c2b6f46153b3f6bd7d6c96341437053b0410808fb95ddd01354fb
-DIST spice-0.13.1.tar.bz2 1245323 SHA256 9ecb130424da02e90c235c1294f6e759d7c676c5e710587a5c98a1f20f991da2 SHA512 a8e65cc02c802686f2e0c21615401e13b337e050c40938bebefa684abc1ce0e2d478136d0fec481a8ee30ed98f2e2fb909dfbf6cd65e9dfd7093d59f825b95d5 WHIRLPOOL 068d7d26f18435995546d84b0d8d81ced4973773303463e597cf05e1c5accd9ac8554f22032eb55827bebbe6c0fc14915455da24c58fc70b135d955fe3442db7
-DIST spice-0.13.2.tar.bz2 1284734 SHA256 045a1f145d8207ecf33105c8a8917252c1201c45791fdc544733465a37974954 SHA512 7220c6550446a8077522442bd518cff68439bb0b00ee199920b32a97c3655ccad75a0cdfc822a99be678e6098ad33698b26340caddae0400403490a89137d367 WHIRLPOOL f2bd409e87203c2bbe481e6b6ba9ae3c6cfee0e67b0dd5073c97e9ff14d9c02a7cec0606700717ce9c25e478a38eefc925f9c797697981528f357464f388b65d
DIST spice-0.13.3.tar.bz2 1322505 SHA256 30f710c0e7594e05b6b9cc702be748a69f910a95192ab851d748c256157fb89e SHA512 63496fbd3df0fd453052cef8e1fb00a3a28f0105610676fdc4a58043cbc6da571ae4407701af2b817e410d05ce727d60d5ee0c93c8897231e25229897c51d95a WHIRLPOOL 16bb08301d66c1f21f612f5be87ba1ffef7132f3c18ac3ab7feec21e16de61461648311d04f6990254d4c47ee7a6d39f4c33f122e941e5a3fc0c2ed289dd928b
diff --git a/app-emulation/spice/files/0.12.8-upstream-fix.patch b/app-emulation/spice/files/0.12.8-upstream-fix.patch
deleted file mode 100644
index fcc1855ac77..00000000000
--- a/app-emulation/spice/files/0.12.8-upstream-fix.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-commit 1d597f4b1a6bbeaf3dda998413a1e3cef2e40681
-Author: Marc-André Lureau <marcandre.lureau@redhat.com>
-Date: Wed Jul 20 17:16:31 2016 +0400
-
- Call migrate_end_complete() after falling back to switch-host
-
- Eventually, during a seamless migration, qemu may finish to migrate
- before the spice client even finished to connect all channels to
- destination and informed the server. In this case,
- main_channel_client_migrate_src_complete() will fall back to
- switch-host method, and reds_mig_fill_wait_disconnect() is called to
- complete the migration (disconnecting all channels).
-
- reds_mig_cleanup() is called when all channels are disconnected, but
- reds->mig_wait_connect is still TRUE, and it will call
- migrate_connect_complete() instead of the expected
- migrate_end_complete(). Setting reds->mig_wait_connect to FALSE when
- reds_mig_fill_wait_disconnect() solves the issue.
-
- Fixes:
- https://bugzilla.redhat.com/show_bug.cgi?id=1352836
-
- Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
-
-diff --git a/server/reds.c b/server/reds.c
-index 61bf735..f40b65c 100644
---- a/server/reds.c
-+++ b/server/reds.c
-@@ -2816,6 +2816,7 @@ static void reds_mig_fill_wait_disconnect(void)
- wait_client->client = client;
- ring_add(&reds->mig_wait_disconnect_clients, &wait_client->link);
- }
-+ reds->mig_wait_connect = FALSE;
- reds->mig_wait_disconnect = TRUE;
- core->timer_start(reds->mig_timer, MIGRATE_TIMEOUT);
- }
diff --git a/app-emulation/spice/files/0.13.1-CVE-2016-0749-p1.patch b/app-emulation/spice/files/0.13.1-CVE-2016-0749-p1.patch
deleted file mode 100644
index cd1c8ef1df6..00000000000
--- a/app-emulation/spice/files/0.13.1-CVE-2016-0749-p1.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From fd4a179a15882234f86ded87905a240dc76a9445 Mon Sep 17 00:00:00 2001
-From: Matthias Maier <tamiko@43-1.org>
-Date: Tue, 14 Jun 2016 00:08:05 -0500
-Subject: [PATCH 1/2] Port fix for CVE-2016-0749 to 0.13.1, part I
-
-This is a port of
-
- 0065-smartcard-add-a-ref-to-item-before-adding-to-pipe.patch
-
-to version 0.13.1
-
-Original commit message:
-
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Marc-Andre Lureau <marcandre.lureau@redhat.com>
-Date: Thu, 17 Dec 2015 18:13:47 +0100
-Subject: [PATCH] smartcard: add a ref to item before adding to pipe
-
-There is an unref when the message is sent.
-
-[...]
-
-Signed-off-by: Marc-Andre Lureau <marcandre.lureau@redhat.com>
----
- server/smartcard.c | 10 +++++++---
- 1 file changed, 7 insertions(+), 3 deletions(-)
-
-diff --git a/server/smartcard.c b/server/smartcard.c
-index ba6f2f5..96e4295 100644
---- a/server/smartcard.c
-+++ b/server/smartcard.c
-@@ -181,14 +181,18 @@ static void smartcard_unref_msg_to_client(RedCharDeviceMsgToClient *msg,
- smartcard_unref_vsc_msg_item((MsgItem *)msg);
- }
-
--static void smartcard_send_msg_to_client(RedCharDeviceMsgToClient *msg,
-+static void smartcard_send_msg_to_client(RedCharDeviceMsgToClient *message,
- RedClient *client,
- void *opaque)
- {
- RedCharDeviceSmartcard *dev = opaque;
-- spice_assert(dev->priv->scc && dev->priv->scc->base.client == client);
-- smartcard_channel_client_pipe_add_push(&dev->priv->scc->base, &((MsgItem *)msg)->base);
-
-+ MsgItem *msg = (MsgItem *)message;
-+ PipeItem *item = &msg->base;
-+
-+ spice_assert(dev->priv->scc && dev->priv->scc->base.client == client);
-+ smartcard_ref_vsc_msg_item(msg);
-+ smartcard_channel_client_pipe_add_push(&dev->priv->scc->base, item);
- }
-
- static void smartcard_send_tokens_to_client(RedClient *client, uint32_t tokens, void *opaque)
---
-2.7.3
-
diff --git a/app-emulation/spice/files/0.13.1-CVE-2016-0749-p2.patch b/app-emulation/spice/files/0.13.1-CVE-2016-0749-p2.patch
deleted file mode 100644
index 6a1895f247f..00000000000
--- a/app-emulation/spice/files/0.13.1-CVE-2016-0749-p2.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 4cd23b8378e68283c7c9cf0b1e25dae11cf69c3e Mon Sep 17 00:00:00 2001
-From: Matthias Maier <tamiko@43-1.org>
-Date: Tue, 14 Jun 2016 00:15:48 -0500
-Subject: [PATCH 2/2] Port fix for CVE-2016-0749 to 0.13.1, part II
-
-This is a port of
-
- 0066-smartcard-allocate-msg-with-the-expected-size.patch
-
-to version 0.13.1
-
-Original commit message:
-
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Marc-Andre Lureau <marcandre.lureau@redhat.com>
-Date: Thu, 17 Dec 2015 18:16:22 +0100
-Subject: [PATCH] smartcard: allocate msg with the expected size
-
-[...]
-
-Signed-off-by: Marc-Andre Lureau <marcandre.lureau@redhat.com>
----
- server/smartcard.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/server/smartcard.c b/server/smartcard.c
-index 96e4295..c317512 100644
---- a/server/smartcard.c
-+++ b/server/smartcard.c
-@@ -313,7 +313,7 @@ static void smartcard_char_device_notify_reader_add(RedCharDeviceSmartcard *dev)
- RedCharDeviceWriteBuffer *write_buf;
- VSCMsgHeader *vheader;
-
-- write_buf = red_char_device_write_buffer_get(RED_CHAR_DEVICE(dev), NULL, sizeof(vheader));
-+ write_buf = red_char_device_write_buffer_get(RED_CHAR_DEVICE(dev), NULL, sizeof(*vheader));
- if (!write_buf) {
- spice_error("failed to allocate write buffer");
- return;
-@@ -360,7 +360,7 @@ static void smartcard_char_device_notify_reader_remove(RedCharDeviceSmartcard *d
- spice_debug("reader add was never sent to the device");
- return;
- }
-- write_buf = red_char_device_write_buffer_get(RED_CHAR_DEVICE(dev), NULL, sizeof(vheader));
-+ write_buf = red_char_device_write_buffer_get(RED_CHAR_DEVICE(dev), NULL, sizeof(*vheader));
- if (!write_buf) {
- spice_error("failed to allocate write buffer");
- return;
---
-2.7.3
-
diff --git a/app-emulation/spice/files/0.13.1-CVE-2016-2150-p1.patch b/app-emulation/spice/files/0.13.1-CVE-2016-2150-p1.patch
deleted file mode 100644
index e814975e5f3..00000000000
--- a/app-emulation/spice/files/0.13.1-CVE-2016-2150-p1.patch
+++ /dev/null
@@ -1,109 +0,0 @@
-From fc06265c3780e05503410a6646d1434e15d25b03 Mon Sep 17 00:00:00 2001
-From: Frediano Ziglio <fziglio@redhat.com>
-Date: Mon, 29 Feb 2016 14:24:03 +0000
-Subject: [PATCH 1/2] factor out red_validate_surface function to validate
- surface parameters
-
-Make possible to reuse it outside red-parse-qxl.c.
-
-Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
-Acked-by: Christophe Fergeau <cfergeau@redhat.com>
----
- server/red-parse-qxl.c | 49 ++++++++++++++++++++++++++++++++-----------------
- server/red-parse-qxl.h | 3 +++
- 2 files changed, 35 insertions(+), 17 deletions(-)
-
-diff --git a/server/red-parse-qxl.c b/server/red-parse-qxl.c
-index 18b7ea6..b462311 100644
---- a/server/red-parse-qxl.c
-+++ b/server/red-parse-qxl.c
-@@ -1327,13 +1327,41 @@ static unsigned int surface_format_to_bpp(uint32_t format)
- return 0;
- }
-
-+bool red_validate_surface(uint32_t width, uint32_t height,
-+ int32_t stride, uint32_t format)
-+{
-+ unsigned int bpp;
-+ uint64_t size;
-+
-+ bpp = surface_format_to_bpp(format);
-+
-+ /* check if format is valid */
-+ if (!bpp) {
-+ return false;
-+ }
-+
-+ /* check stride is larger than required bytes */
-+ size = ((uint64_t) width * bpp + 7u) / 8u;
-+ /* the uint32_t conversion is here to avoid problems with -2^31 value */
-+ if (stride == G_MININT32 || size > (uint32_t) abs(stride)) {
-+ return false;
-+ }
-+
-+ /* the multiplication can overflow, also abs(-2^31) may return a negative value */
-+ size = (uint64_t) height * abs(stride);
-+ if (size > MAX_DATA_CHUNK) {
-+ return false;
-+ }
-+
-+ return true;
-+}
-+
- int red_get_surface_cmd(RedMemSlotInfo *slots, int group_id,
- RedSurfaceCmd *red, QXLPHYSICAL addr)
- {
- QXLSurfaceCmd *qxl;
- uint64_t size;
- int error;
-- unsigned int bpp;
-
- qxl = (QXLSurfaceCmd *)memslot_get_virt(slots, addr, sizeof(*qxl), group_id,
- &error);
-@@ -1353,26 +1381,13 @@ int red_get_surface_cmd(RedMemSlotInfo *slots, int group_id,
- red->u.surface_create.width = qxl->u.surface_create.width;
- red->u.surface_create.height = qxl->u.surface_create.height;
- red->u.surface_create.stride = qxl->u.surface_create.stride;
-- bpp = surface_format_to_bpp(red->u.surface_create.format);
-
-- /* check if format is valid */
-- if (!bpp) {
-+ if (!red_validate_surface(red->u.surface_create.width, red->u.surface_create.height,
-+ red->u.surface_create.stride, red->u.surface_create.format)) {
- return 1;
- }
-
-- /* check stride is larger than required bytes */
-- size = ((uint64_t) red->u.surface_create.width * bpp + 7u) / 8u;
-- /* the uint32_t conversion is here to avoid problems with -2^31 value */
-- if (red->u.surface_create.stride == G_MININT32
-- || size > (uint32_t) abs(red->u.surface_create.stride)) {
-- return 1;
-- }
--
-- /* the multiplication can overflow, also abs(-2^31) may return a negative value */
-- size = (uint64_t) red->u.surface_create.height * abs(red->u.surface_create.stride);
-- if (size > MAX_DATA_CHUNK) {
-- return 1;
-- }
-+ size = red->u.surface_create.height * abs(red->u.surface_create.stride);
- red->u.surface_create.data =
- (uint8_t*)memslot_get_virt(slots, qxl->u.surface_create.data, size, group_id, &error);
- if (error) {
-diff --git a/server/red-parse-qxl.h b/server/red-parse-qxl.h
-index 9c30572..72a57b4 100644
---- a/server/red-parse-qxl.h
-+++ b/server/red-parse-qxl.h
-@@ -127,6 +127,9 @@ int red_get_message(RedMemSlotInfo *slots, int group_id,
- RedMessage *red, QXLPHYSICAL addr);
- void red_put_message(RedMessage *red);
-
-+bool red_validate_surface(uint32_t width, uint32_t height,
-+ int32_t stride, uint32_t format);
-+
- int red_get_surface_cmd(RedMemSlotInfo *slots, int group_id,
- RedSurfaceCmd *red, QXLPHYSICAL addr);
- void red_put_surface_cmd(RedSurfaceCmd *red);
---
-2.7.3
-
diff --git a/app-emulation/spice/files/0.13.1-CVE-2016-2150-p2.patch b/app-emulation/spice/files/0.13.1-CVE-2016-2150-p2.patch
deleted file mode 100644
index a452969d6f1..00000000000
--- a/app-emulation/spice/files/0.13.1-CVE-2016-2150-p2.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From b1c167bb9e8047e93bfd43a43832963c8e830f5b Mon Sep 17 00:00:00 2001
-From: Frediano Ziglio <fziglio@redhat.com>
-Date: Wed, 2 Mar 2016 12:35:41 +0000
-Subject: [PATCH 2/2] improve primary surface parameter checks
-
-Primary surface, as additional surfaces, can be used to access
-host memory from the guest using invalid parameters.
-
-The removed warning is not enough to prevent all cases. Also a warning
-is not enough to stop an escalation to happen.
-The red_validate_surface do different checks to make sure surface
-request is valid and not cause possible buffer/integer overflows:
-- format is valid;
-- width is not large to cause overflow compared to stride;
-- stride is not -2^31 (a number which negate is still <0);
-- stride * height does not overflow.
-
-This fixes https://bugzilla.redhat.com/show_bug.cgi?id=1312980.
-
-Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
-Acked-by: Christophe Fergeau <cfergeau@redhat.com>
----
- server/red-worker.c | 11 +++++++++--
- 1 file changed, 9 insertions(+), 2 deletions(-)
-
-diff --git a/server/red-worker.c b/server/red-worker.c
-index 241c300..c7fc8bd 100644
---- a/server/red-worker.c
-+++ b/server/red-worker.c
-@@ -681,8 +681,15 @@ static void dev_create_primary_surface(RedWorker *worker, uint32_t surface_id,
- spice_debug(NULL);
- spice_warn_if_fail(surface_id == 0);
- spice_warn_if_fail(surface.height != 0);
-- spice_warn_if_fail(((uint64_t)abs(surface.stride) * (uint64_t)surface.height) ==
-- abs(surface.stride) * surface.height);
-+
-+ /* surface can arrive from guest unchecked so make sure
-+ * guest is not a malicious one and drop invalid requests
-+ */
-+ if (!red_validate_surface(surface.width, surface.height,
-+ surface.stride, surface.format)) {
-+ spice_warning("wrong primary surface creation request");
-+ return;
-+ }
-
- line_0 = (uint8_t*)memslot_get_virt(&worker->mem_slots, surface.mem,
- surface.height * abs(surface.stride),
---
-2.7.3
-
diff --git a/app-emulation/spice/spice-0.12.8.ebuild b/app-emulation/spice/spice-0.12.8.ebuild
deleted file mode 100644
index 6da878426ea..00000000000
--- a/app-emulation/spice/spice-0.12.8.ebuild
+++ /dev/null
@@ -1,86 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=5
-
-PYTHON_COMPAT=( python2_7 python3_4 )
-
-inherit eutils python-any-r1
-
-DESCRIPTION="SPICE server"
-HOMEPAGE="http://spice-space.org/"
-SRC_URI="http://spice-space.org/download/releases/${P}.tar.bz2"
-
-LICENSE="LGPL-2.1"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE="libressl sasl smartcard static-libs"
-
-# the libspice-server only uses the headers of libcacard
-RDEPEND="
- >=dev-libs/glib-2.22:2[static-libs(+)?]
- >=media-libs/celt-0.5.1.1:0.5.1[static-libs(+)?]
- media-libs/opus[static-libs(+)?]
- sys-libs/zlib[static-libs(+)?]
- virtual/jpeg:0=[static-libs(+)?]
- >=x11-libs/pixman-0.17.7[static-libs(+)?]
- !libressl? ( dev-libs/openssl:0[static-libs(+)?] )
- libressl? ( dev-libs/libressl[static-libs(+)?] )
- sasl? ( dev-libs/cyrus-sasl[static-libs(+)?] )"
-
-DEPEND="
- ~app-emulation/spice-protocol-0.12.11
- virtual/pkgconfig
- $(python_gen_any_dep '
- >=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}]
- dev-python/six[${PYTHON_USEDEP}]
- ')
- smartcard? ( app-emulation/qemu[smartcard] )
- ${RDEPEND}"
-
-python_check_deps() {
- has_version ">=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}]"
- has_version "dev-python/six[${PYTHON_USEDEP}]"
-}
-
-pkg_setup() {
- [[ ${MERGE_TYPE} != binary ]] && python-any-r1_pkg_setup
-}
-
-# maintainer notes:
-# * opengl support is currently broken
-
-src_prepare() {
- epatch \
- "${FILESDIR}"/0.11.0-gold.patch \
- "${FILESDIR}"/0.12.8-upstream-fix.patch
-
- epatch_user
-}
-
-src_configure() {
- # Prevent sandbox violations, bug #586560
- # https://bugzilla.gnome.org/show_bug.cgi?id=744134
- # https://bugzilla.gnome.org/show_bug.cgi?id=744135
- addpredict /dev
-
- econf \
- $(use_enable static-libs static) \
- $(use_with sasl) \
- $(use_enable smartcard) \
- --disable-gui
-}
-
-src_compile() {
- # Prevent sandbox violations, bug #586560
- # https://bugzilla.gnome.org/show_bug.cgi?id=744134
- # https://bugzilla.gnome.org/show_bug.cgi?id=744135
- addpredict /dev
-
- default
-}
-
-src_install() {
- default
- use static-libs || prune_libtool_files
-}
diff --git a/app-emulation/spice/spice-0.13.1-r2.ebuild b/app-emulation/spice/spice-0.13.1-r2.ebuild
deleted file mode 100644
index e5fb5576a82..00000000000
--- a/app-emulation/spice/spice-0.13.1-r2.ebuild
+++ /dev/null
@@ -1,91 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=5
-
-PYTHON_COMPAT=( python{2_7,3_4} )
-
-inherit eutils python-any-r1
-
-DESCRIPTION="SPICE server"
-HOMEPAGE="http://spice-space.org/"
-SRC_URI="http://spice-space.org/download/releases/${P}.tar.bz2"
-
-LICENSE="LGPL-2.1"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE="libressl lz4 sasl smartcard static-libs"
-
-# the libspice-server only uses the headers of libcacard
-RDEPEND="
- >=dev-libs/glib-2.22:2[static-libs(+)?]
- >=media-libs/celt-0.5.1.1:0.5.1[static-libs(+)?]
- media-libs/opus[static-libs(+)?]
- sys-libs/zlib[static-libs(+)?]
- virtual/jpeg:0=[static-libs(+)?]
- >=x11-libs/pixman-0.17.7[static-libs(+)?]
- !libressl? ( dev-libs/openssl:0[static-libs(+)?] )
- libressl? ( dev-libs/libressl[static-libs(+)?] )
- lz4? ( app-arch/lz4 )
- smartcard? ( >=app-emulation/libcacard-0.1.2 )
- sasl? ( dev-libs/cyrus-sasl[static-libs(+)?] )"
-
-DEPEND="
- ~app-emulation/spice-protocol-0.12.11
- virtual/pkgconfig
- $(python_gen_any_dep '
- >=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}]
- dev-python/six[${PYTHON_USEDEP}]
- ')
- smartcard? ( app-emulation/qemu[smartcard] )
- ${RDEPEND}"
-
-python_check_deps() {
- has_version ">=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}]"
- has_version "dev-python/six[${PYTHON_USEDEP}]"
-}
-
-pkg_setup() {
- [[ ${MERGE_TYPE} != binary ]] && python-any-r1_pkg_setup
-}
-
-# maintainer notes:
-# * opengl support is currently broken
-
-src_prepare() {
- epatch \
- "${FILESDIR}"/${PV}-CVE-2016-0749-p1.patch \
- "${FILESDIR}"/${PV}-CVE-2016-0749-p2.patch \
- "${FILESDIR}"/${PV}-CVE-2016-2150-p1.patch \
- "${FILESDIR}"/${PV}-CVE-2016-2150-p2.patch
-
- epatch_user
-}
-
-src_configure() {
- # Prevent sandbox violations, bug #586560
- # https://bugzilla.gnome.org/show_bug.cgi?id=744134
- # https://bugzilla.gnome.org/show_bug.cgi?id=744135
- addpredict /dev
-
- econf \
- $(use_enable static-libs static) \
- $(use_enable lz4) \
- $(use_with sasl) \
- $(use_enable smartcard) \
- --disable-gui
-}
-
-src_compile() {
- # Prevent sandbox violations, bug #586560
- # https://bugzilla.gnome.org/show_bug.cgi?id=744134
- # https://bugzilla.gnome.org/show_bug.cgi?id=744135
- addpredict /dev
-
- default
-}
-
-src_install() {
- default
- use static-libs || prune_libtool_files
-}
diff --git a/app-emulation/spice/spice-0.13.2.ebuild b/app-emulation/spice/spice-0.13.2.ebuild
deleted file mode 100644
index ce5bfb11322..00000000000
--- a/app-emulation/spice/spice-0.13.2.ebuild
+++ /dev/null
@@ -1,88 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-PYTHON_COMPAT=( python{2_7,3_4} )
-
-inherit eutils python-any-r1 readme.gentoo-r1 xdg-utils
-
-DESCRIPTION="SPICE server"
-HOMEPAGE="http://spice-space.org/"
-SRC_URI="http://spice-space.org/download/releases/${P}.tar.bz2"
-
-LICENSE="LGPL-2.1"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE="libressl lz4 sasl smartcard static-libs gstreamer"
-
-# the libspice-server only uses the headers of libcacard
-RDEPEND="
- >=dev-libs/glib-2.22:2[static-libs(+)?]
- >=media-libs/celt-0.5.1.1:0.5.1[static-libs(+)?]
- media-libs/opus[static-libs(+)?]
- sys-libs/zlib[static-libs(+)?]
- virtual/jpeg:0=[static-libs(+)?]
- >=x11-libs/pixman-0.17.7[static-libs(+)?]
- !libressl? ( dev-libs/openssl:0[static-libs(+)?] )
- libressl? ( dev-libs/libressl[static-libs(+)?] )
- lz4? ( app-arch/lz4 )
- smartcard? ( >=app-emulation/libcacard-0.1.2 )
- sasl? ( dev-libs/cyrus-sasl[static-libs(+)?] )
- gstreamer? ( media-libs/gstreamer:1.0 )"
-
-DEPEND="
- ~app-emulation/spice-protocol-0.12.12
- virtual/pkgconfig
- $(python_gen_any_dep '
- >=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}]
- dev-python/six[${PYTHON_USEDEP}]
- ')
- smartcard? ( app-emulation/qemu[smartcard] )
- ${RDEPEND}"
-
-python_check_deps() {
- has_version ">=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}]"
- has_version "dev-python/six[${PYTHON_USEDEP}]"
-}
-
-pkg_setup() {
- [[ ${MERGE_TYPE} != binary ]] && python-any-r1_pkg_setup
-}
-
-# maintainer notes:
-# * opengl support is currently broken
-src_configure() {
- # Prevent sandbox violations, bug #586560
- # https://bugzilla.gnome.org/show_bug.cgi?id=744134
- # https://bugzilla.gnome.org/show_bug.cgi?id=744135
- addpredict /dev
-
- xdg_environment_reset
-
- local myconf="
- $(use_enable static-libs static)
- $(use_enable lz4)
- $(use_with sasl)
- $(use_enable smartcard)
- $(usex gstreamer "1.0" "no")
- --enable-celt051
- --disable-gui
- "
- econf ${myconf}
-}
-
-src_compile() {
- # Prevent sandbox violations, bug #586560
- # https://bugzilla.gnome.org/show_bug.cgi?id=744134
- # https://bugzilla.gnome.org/show_bug.cgi?id=744135
- addpredict /dev
-
- default
-}
-
-src_install() {
- default
- use static-libs || prune_libtool_files
- readme.gentoo_create_doc
-}
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-emulation/spice/, app-emulation/spice/files/
@ 2018-02-12 1:48 Matthias Maier
0 siblings, 0 replies; 9+ messages in thread
From: Matthias Maier @ 2018-02-12 1:48 UTC (permalink / raw
To: gentoo-commits
commit: 09c721b3411933c73bb1f9891765a3cbdc98bbdf
Author: Matthias Maier <tamiko <AT> gentoo <DOT> org>
AuthorDate: Mon Feb 12 01:46:20 2018 +0000
Commit: Matthias Maier <tamiko <AT> gentoo <DOT> org>
CommitDate: Mon Feb 12 01:48:29 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=09c721b3
app-emulation/spice: drop 0.13.90 - let's focus on 0.14.0
Package-Manager: Portage-2.3.24, Repoman-2.3.6
app-emulation/spice/Manifest | 1 -
.../spice/files/spice-0.14.0-openssl1.1_fix.patch | 2 +-
app-emulation/spice/spice-0.13.90.ebuild | 97 ----------------------
3 files changed, 1 insertion(+), 99 deletions(-)
diff --git a/app-emulation/spice/Manifest b/app-emulation/spice/Manifest
index 5dd45f8f0fc..8258480e0ae 100644
--- a/app-emulation/spice/Manifest
+++ b/app-emulation/spice/Manifest
@@ -1,3 +1,2 @@
DIST spice-0.13.3.tar.bz2 1322505 BLAKE2B 56f9cd34bb48fdcf750230242b27567db713ef749649d4b780a82d0d4ec5d326b19540c9bb4f36c164d40a692eb0368c39e05ee8dba319dd8461a0315e5a9a17 SHA512 63496fbd3df0fd453052cef8e1fb00a3a28f0105610676fdc4a58043cbc6da571ae4407701af2b817e410d05ce727d60d5ee0c93c8897231e25229897c51d95a
-DIST spice-0.13.90.tar.bz2 1364173 BLAKE2B 1bc0e71d8c5a21f9961ac6c0567bde19d31983bd5b0f5d4df30cc5634080d288f277689d875334d94c6a276284313bc82f15eaf0ce20916c6c912c2dcc4bdfc0 SHA512 a5a6ab328a2d3cb405ead6eef40a1b896432f35accf1f8b015fc9deadcc4e5eb5f6d8d575a94fa3b2505e206986887badecf721ab015efd88dad174d7340c01c
DIST spice-0.14.0.tar.bz2 1330195 BLAKE2B 08f93e8ddeb79adb4feac0557a854cc41fd096a9dfefc0baaca176803c2a03ef9286c4f61a135d62ad22e3ac3f4bb31ffd1614c8ddeaec7ae8c01eca34da1750 SHA512 84532146aa628ca6ca459a82afb89d6391892e063668fd4a68023c92cee7ca868b6c82e31dd9886819b76ea745ebdae0d0030e1f608d8f58f51c00f0b09bae1f
diff --git a/app-emulation/spice/files/spice-0.14.0-openssl1.1_fix.patch b/app-emulation/spice/files/spice-0.14.0-openssl1.1_fix.patch
index ea4e606b3db..5854d8788c7 100644
--- a/app-emulation/spice/files/spice-0.14.0-openssl1.1_fix.patch
+++ b/app-emulation/spice/files/spice-0.14.0-openssl1.1_fix.patch
@@ -13,7 +13,7 @@
static gpointer openssl_global_init(gpointer arg)
{
-+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ OPENSSL_init_ssl(0, NULL);
+#else
SSL_library_init();
diff --git a/app-emulation/spice/spice-0.13.90.ebuild b/app-emulation/spice/spice-0.13.90.ebuild
deleted file mode 100644
index abf7a28a67b..00000000000
--- a/app-emulation/spice/spice-0.13.90.ebuild
+++ /dev/null
@@ -1,97 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} )
-
-inherit autotools ltprune python-any-r1 readme.gentoo-r1 xdg-utils
-
-DESCRIPTION="SPICE server"
-HOMEPAGE="https://www.spice-space.org/"
-SRC_URI="https://www.spice-space.org/download/releases/${P}.tar.bz2"
-
-LICENSE="LGPL-2.1"
-SLOT="0"
-KEYWORDS="~amd64 ~arm64 ~x86"
-IUSE="libressl lz4 sasl smartcard static-libs gstreamer"
-
-# the libspice-server only uses the headers of libcacard
-RDEPEND="
- >=dev-libs/glib-2.22:2[static-libs(+)?]
- >=media-libs/celt-0.5.1.1:0.5.1[static-libs(+)?]
- media-libs/opus[static-libs(+)?]
- sys-libs/zlib[static-libs(+)?]
- virtual/jpeg:0=[static-libs(+)?]
- >=x11-libs/pixman-0.17.7[static-libs(+)?]
- !libressl? ( dev-libs/openssl:0=[static-libs(+)?] )
- libressl? ( dev-libs/libressl:0=[static-libs(+)?] )
- lz4? ( app-arch/lz4:0=[static-libs(+)?] )
- smartcard? ( >=app-emulation/libcacard-0.1.2 )
- sasl? ( dev-libs/cyrus-sasl[static-libs(+)?] )
- gstreamer? (
- media-libs/gstreamer:1.0
- media-libs/gst-plugins-base:1.0
- )"
-DEPEND="${RDEPEND}
- ${PYTHON_DEPS}
- >=app-emulation/spice-protocol-0.12.12
- virtual/pkgconfig
- $(python_gen_any_dep '
- >=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}]
- dev-python/six[${PYTHON_USEDEP}]
- ')
- smartcard? ( app-emulation/qemu[smartcard] )"
-
-python_check_deps() {
- has_version ">=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}]"
- has_version "dev-python/six[${PYTHON_USEDEP}]"
-}
-
-pkg_setup() {
- [[ ${MERGE_TYPE} != binary ]] && python-any-r1_pkg_setup
-}
-
-src_prepare() {
- default
-
- eautoreconf
-}
-
-src_configure() {
- # Prevent sandbox violations, bug #586560
- # https://bugzilla.gnome.org/show_bug.cgi?id=744134
- # https://bugzilla.gnome.org/show_bug.cgi?id=744135
- addpredict /dev
-
- xdg_environment_reset
-
- local myconf="
- $(use_enable static-libs static)
- $(use_enable lz4)
- $(use_with sasl)
- $(use_enable smartcard)
- --enable-gstreamer=$(usex gstreamer "1.0" "no")
- --enable-celt051
- --disable-gui
- "
- econf ${myconf}
-}
-
-src_compile() {
- # Prevent sandbox violations, bug #586560
- # https://bugzilla.gnome.org/show_bug.cgi?id=744134
- # https://bugzilla.gnome.org/show_bug.cgi?id=744135
- addpredict /dev
-
- default
-}
-
-src_install() {
- default
- use static-libs || prune_libtool_files
- readme.gentoo_create_doc
-}
-
-pkg_postinst() {
- readme.gentoo_print_elog
-}
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-emulation/spice/, app-emulation/spice/files/
@ 2018-08-17 0:07 Matthias Maier
0 siblings, 0 replies; 9+ messages in thread
From: Matthias Maier @ 2018-08-17 0:07 UTC (permalink / raw
To: gentoo-commits
commit: 54518b5955919d26b69fb31737f6450146ef6a7d
Author: Matthias Maier <tamiko <AT> gentoo <DOT> org>
AuthorDate: Thu Aug 16 21:31:54 2018 +0000
Commit: Matthias Maier <tamiko <AT> gentoo <DOT> org>
CommitDate: Fri Aug 17 00:07:47 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=54518b59
app-emulation/spice: drop old
Package-Manager: Portage-2.3.46, Repoman-2.3.10
app-emulation/spice/Manifest | 1 -
...buffer-overflows-handling-monitor-configu.patch | 47 ----------
...integer-overflows-handling-monitor-config.patch | 30 ------
...nect-when-receiving-overly-big-ClientMoni.patch | 75 ---------------
.../files/spice-0.13.3-skip_faulty_lz4_check.patch | 13 ---
app-emulation/spice/spice-0.13.3-r2.ebuild | 104 ---------------------
6 files changed, 270 deletions(-)
diff --git a/app-emulation/spice/Manifest b/app-emulation/spice/Manifest
index 8258480e0ae..6b3b7c613b4 100644
--- a/app-emulation/spice/Manifest
+++ b/app-emulation/spice/Manifest
@@ -1,2 +1 @@
-DIST spice-0.13.3.tar.bz2 1322505 BLAKE2B 56f9cd34bb48fdcf750230242b27567db713ef749649d4b780a82d0d4ec5d326b19540c9bb4f36c164d40a692eb0368c39e05ee8dba319dd8461a0315e5a9a17 SHA512 63496fbd3df0fd453052cef8e1fb00a3a28f0105610676fdc4a58043cbc6da571ae4407701af2b817e410d05ce727d60d5ee0c93c8897231e25229897c51d95a
DIST spice-0.14.0.tar.bz2 1330195 BLAKE2B 08f93e8ddeb79adb4feac0557a854cc41fd096a9dfefc0baaca176803c2a03ef9286c4f61a135d62ad22e3ac3f4bb31ffd1614c8ddeaec7ae8c01eca34da1750 SHA512 84532146aa628ca6ca459a82afb89d6391892e063668fd4a68023c92cee7ca868b6c82e31dd9886819b76ea745ebdae0d0030e1f608d8f58f51c00f0b09bae1f
diff --git a/app-emulation/spice/files/spice-0.13.3-reds-Avoid-buffer-overflows-handling-monitor-configu.patch b/app-emulation/spice/files/spice-0.13.3-reds-Avoid-buffer-overflows-handling-monitor-configu.patch
deleted file mode 100644
index 8792395977e..00000000000
--- a/app-emulation/spice/files/spice-0.13.3-reds-Avoid-buffer-overflows-handling-monitor-configu.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-Matthias Maier <tamiko@gentoo.org>
-
- - Ported to 0.13.3
-
-
-From fbbcdad773e2791cfb988f4748faa41943551ca6 Mon Sep 17 00:00:00 2001
-From: Frediano Ziglio <fziglio@redhat.com>
-Date: Mon, 15 May 2017 15:57:28 +0100
-Subject: [PATCH 3/3] reds: Avoid buffer overflows handling monitor
- configuration
-
-It was also possible for a malicious client to set
-VDAgentMonitorsConfig::num_of_monitors to a number larger
-than the actual size of VDAgentMOnitorsConfig::monitors.
-This would lead to buffer overflows, which could allow the guest to
-read part of the host memory. This might cause write overflows in the
-host as well, but controlling the content of such buffers seems
-complicated.
-
-Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
----
-
-diff --git a/server/reds.c b/server/reds.c
-index ec89105..fd1457f 100644
---- a/server/reds.c
-+++ b/server/reds.c
-@@ -1084,6 +1084,7 @@ static void reds_on_main_agent_monitors_config(RedsState *reds,
- VDAgentMessage *msg_header;
- VDAgentMonitorsConfig *monitors_config;
- RedsClientMonitorsConfig *cmc = &reds->client_monitors_config;
-+ uint32_t max_monitors;
-
- // limit size of message sent by the client as this can cause a DoS through
- // memory exhaustion, or potentially some integer overflows
-@@ -1113,6 +1114,12 @@ static void reds_on_main_agent_monitors_config(RedsState *reds,
- goto overflow;
- }
- monitors_config = (VDAgentMonitorsConfig *)(cmc->buffer + sizeof(*msg_header));
-+ // limit the monitor number to avoid buffer overflows
-+ max_monitors = (msg_header->size - sizeof(VDAgentMonitorsConfig)) /
-+ sizeof(VDAgentMonConfig);
-+ if (monitors_config->num_of_monitors > max_monitors) {
-+ goto overflow;
-+ }
- spice_debug("%s: %d", __func__, monitors_config->num_of_monitors);
- reds_client_monitors_config(reds, monitors_config);
- reds_client_monitors_config_cleanup(reds);
diff --git a/app-emulation/spice/files/spice-0.13.3-reds-Avoid-integer-overflows-handling-monitor-config.patch b/app-emulation/spice/files/spice-0.13.3-reds-Avoid-integer-overflows-handling-monitor-config.patch
deleted file mode 100644
index f05e55c7354..00000000000
--- a/app-emulation/spice/files/spice-0.13.3-reds-Avoid-integer-overflows-handling-monitor-config.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 571cec91e71c2aae0d5f439ea2d8439d0c3d75eb Mon Sep 17 00:00:00 2001
-From: Frediano Ziglio <fziglio@redhat.com>
-Date: Mon, 15 May 2017 15:57:28 +0100
-Subject: [PATCH 2/3] reds: Avoid integer overflows handling monitor
- configuration
-
-Avoid VDAgentMessage::size integer overflows.
-
-Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
----
- server/reds.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/server/reds.c b/server/reds.c
-index ec2b6f47..656f518f 100644
---- a/server/reds.c
-+++ b/server/reds.c
-@@ -1131,6 +1131,9 @@ static void reds_on_main_agent_monitors_config(RedsState *reds,
- spice_debug("not enough data yet. %zd", cmc->offset);
- return;
- }
-+ if (msg_header->size < sizeof(VDAgentMonitorsConfig)) {
-+ goto overflow;
-+ }
- monitors_config = (VDAgentMonitorsConfig *)(cmc->buffer + sizeof(*msg_header));
- spice_debug("monitors_config->num_of_monitors: %d", monitors_config->num_of_monitors);
- reds_client_monitors_config(reds, monitors_config);
---
-2.13.0
-
diff --git a/app-emulation/spice/files/spice-0.13.3-reds-Disconnect-when-receiving-overly-big-ClientMoni.patch b/app-emulation/spice/files/spice-0.13.3-reds-Disconnect-when-receiving-overly-big-ClientMoni.patch
deleted file mode 100644
index 2cd186482ad..00000000000
--- a/app-emulation/spice/files/spice-0.13.3-reds-Disconnect-when-receiving-overly-big-ClientMoni.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-Matthias Maier <tamiko@gentoo.org>
-
- - Ported to 0.13.3
-
-
-From 111ab38611cef5012f1565a65fa2d8a8a05cce37 Mon Sep 17 00:00:00 2001
-From: Frediano Ziglio <fziglio@redhat.com>
-Date: Mon, 15 May 2017 15:57:28 +0100
-Subject: [PATCH 1/3] reds: Disconnect when receiving overly big
- ClientMonitorsConfig
-
-Total message size received from the client was unlimited. There is
-a 2kiB size check on individual agent messages, but the MonitorsConfig
-message can be split in multiple chunks, and the size of the
-non-chunked MonitorsConfig message was never checked. This could easily
-lead to memory exhaustion on the host.
-
-Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
----
-
-diff --git a/server/reds.c b/server/reds.c
-index 92feea1..286993b 100644
---- a/server/reds.c
-+++ b/server/reds.c
-@@ -1077,19 +1077,35 @@ static void reds_client_monitors_config_cleanup(RedsState *reds)
- static void reds_on_main_agent_monitors_config(RedsState *reds,
- MainChannelClient *mcc, void *message, size_t size)
- {
-+ const unsigned int MAX_MONITORS = 256;
-+ const unsigned int MAX_MONITOR_CONFIG_SIZE =
-+ sizeof(VDAgentMonitorsConfig) + MAX_MONITORS * sizeof(VDAgentMonConfig);
-+
- VDAgentMessage *msg_header;
- VDAgentMonitorsConfig *monitors_config;
- RedsClientMonitorsConfig *cmc = &reds->client_monitors_config;
-
-+ // limit size of message sent by the client as this can cause a DoS through
-+ // memory exhaustion, or potentially some integer overflows
-+ if (sizeof(VDAgentMessage) + MAX_MONITOR_CONFIG_SIZE - cmc->buffer_size < size) {
-+ goto overflow;
-+ }
-+
- cmc->buffer_size += size;
- cmc->buffer = realloc(cmc->buffer, cmc->buffer_size);
- spice_assert(cmc->buffer);
- cmc->mcc = mcc;
- memcpy(cmc->buffer + cmc->buffer_pos, message, size);
- cmc->buffer_pos += size;
-+ if (sizeof(VDAgentMessage) > cmc->buffer_size) {
-+ spice_debug("not enough data yet. %d", cmc->buffer_size);
-+ return;
-+ }
- msg_header = (VDAgentMessage *)cmc->buffer;
-- if (sizeof(VDAgentMessage) > cmc->buffer_size ||
-- msg_header->size > cmc->buffer_size - sizeof(VDAgentMessage)) {
-+ if (msg_header->size > MAX_MONITOR_CONFIG_SIZE) {
-+ goto overflow;
-+ }
-+ if (msg_header->size > cmc->buffer_size - sizeof(VDAgentMessage)) {
- spice_debug("not enough data yet. %d", cmc->buffer_size);
- return;
- }
-@@ -1097,6 +1113,12 @@ static void reds_on_main_agent_monitors_config(RedsState *reds,
- spice_debug("%s: %d", __func__, monitors_config->num_of_monitors);
- reds_client_monitors_config(reds, monitors_config);
- reds_client_monitors_config_cleanup(reds);
-+ return;
-+
-+overflow:
-+ spice_warning("received invalid MonitorsConfig request from client, disconnecting");
-+ red_channel_client_disconnect(RED_CHANNEL_CLIENT(mcc));
-+ reds_client_monitors_config_cleanup(reds);
- }
-
- void reds_on_main_agent_data(RedsState *reds, MainChannelClient *mcc, void *message, size_t size)
diff --git a/app-emulation/spice/files/spice-0.13.3-skip_faulty_lz4_check.patch b/app-emulation/spice/files/spice-0.13.3-skip_faulty_lz4_check.patch
deleted file mode 100644
index 6ae65ba6d13..00000000000
--- a/app-emulation/spice/files/spice-0.13.3-skip_faulty_lz4_check.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/spice-common/m4/spice-deps.m4 b/spice-common/m4/spice-deps.m4
-index adedec4..6cb8bde 100644
---- a/spice-common/m4/spice-deps.m4
-+++ b/spice-common/m4/spice-deps.m4
-@@ -185,7 +185,7 @@ AC_DEFUN([SPICE_CHECK_LZ4], [
-
- have_lz4="no"
- if test "x$enable_lz4" != "xno"; then
-- PKG_CHECK_MODULES([LZ4], [liblz4 >= 129], [have_lz4="yes"], [have_lz4="no"])
-+ PKG_CHECK_MODULES([LZ4], [liblz4], [have_lz4="yes"], [have_lz4="no"])
-
- if test "x$have_lz4" = "xyes"; then
- AC_DEFINE(USE_LZ4, [1], [Define to build with lz4 support])
diff --git a/app-emulation/spice/spice-0.13.3-r2.ebuild b/app-emulation/spice/spice-0.13.3-r2.ebuild
deleted file mode 100644
index 557c17470c3..00000000000
--- a/app-emulation/spice/spice-0.13.3-r2.ebuild
+++ /dev/null
@@ -1,104 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} )
-
-inherit autotools ltprune python-any-r1 readme.gentoo-r1 xdg-utils
-
-DESCRIPTION="SPICE server"
-HOMEPAGE="https://www.spice-space.org/"
-SRC_URI="https://www.spice-space.org/download/releases/${P}.tar.bz2"
-
-LICENSE="LGPL-2.1"
-SLOT="0"
-KEYWORDS="amd64 ~arm64 x86"
-IUSE="libressl lz4 sasl smartcard static-libs gstreamer"
-
-# the libspice-server only uses the headers of libcacard
-RDEPEND="
- >=dev-libs/glib-2.22:2[static-libs(+)?]
- >=media-libs/celt-0.5.1.1:0.5.1[static-libs(+)?]
- media-libs/opus[static-libs(+)?]
- sys-libs/zlib[static-libs(+)?]
- virtual/jpeg:0=[static-libs(+)?]
- >=x11-libs/pixman-0.17.7[static-libs(+)?]
- !libressl? ( dev-libs/openssl:0=[static-libs(+)?] )
- libressl? ( dev-libs/libressl:0=[static-libs(+)?] )
- lz4? ( app-arch/lz4:0=[static-libs(+)?] )
- smartcard? ( >=app-emulation/libcacard-0.1.2 )
- sasl? ( dev-libs/cyrus-sasl[static-libs(+)?] )
- gstreamer? (
- media-libs/gstreamer:1.0
- media-libs/gst-plugins-base:1.0
- )"
-DEPEND="${RDEPEND}
- ${PYTHON_DEPS}
- >=app-emulation/spice-protocol-0.12.12
- virtual/pkgconfig
- $(python_gen_any_dep '
- >=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}]
- dev-python/six[${PYTHON_USEDEP}]
- ')
- smartcard? ( app-emulation/qemu[smartcard] )"
-
-PATCHES=(
- "${FILESDIR}"/${PN}-0.13.3-skip_faulty_lz4_check.patch
- "${FILESDIR}"/${PN}-0.13.3-reds-Disconnect-when-receiving-overly-big-ClientMoni.patch
- "${FILESDIR}"/${PN}-0.13.3-reds-Avoid-integer-overflows-handling-monitor-config.patch
- "${FILESDIR}"/${PN}-0.13.3-reds-Avoid-buffer-overflows-handling-monitor-configu.patch
-)
-
-python_check_deps() {
- has_version ">=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}]"
- has_version "dev-python/six[${PYTHON_USEDEP}]"
-}
-
-pkg_setup() {
- [[ ${MERGE_TYPE} != binary ]] && python-any-r1_pkg_setup
-}
-
-src_prepare() {
- default
-
- eautoreconf
-}
-
-src_configure() {
- # Prevent sandbox violations, bug #586560
- # https://bugzilla.gnome.org/show_bug.cgi?id=744134
- # https://bugzilla.gnome.org/show_bug.cgi?id=744135
- addpredict /dev
-
- xdg_environment_reset
-
- local myconf="
- $(use_enable static-libs static)
- $(use_enable lz4)
- $(use_with sasl)
- $(use_enable smartcard)
- --enable-gstreamer=$(usex gstreamer "1.0" "no")
- --enable-celt051
- --disable-gui
- "
- econf ${myconf}
-}
-
-src_compile() {
- # Prevent sandbox violations, bug #586560
- # https://bugzilla.gnome.org/show_bug.cgi?id=744134
- # https://bugzilla.gnome.org/show_bug.cgi?id=744135
- addpredict /dev
-
- default
-}
-
-src_install() {
- default
- use static-libs || prune_libtool_files
- readme.gentoo_create_doc
-}
-
-pkg_postinst() {
- readme.gentoo_print_elog
-}
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-emulation/spice/, app-emulation/spice/files/
@ 2020-04-18 18:56 Matthias Maier
0 siblings, 0 replies; 9+ messages in thread
From: Matthias Maier @ 2020-04-18 18:56 UTC (permalink / raw
To: gentoo-commits
commit: ad28dfa767dead9be522f8bd8801ba76eb33a324
Author: Matthias Maier <tamiko <AT> gentoo <DOT> org>
AuthorDate: Sat Apr 18 18:35:25 2020 +0000
Commit: Matthias Maier <tamiko <AT> gentoo <DOT> org>
CommitDate: Sat Apr 18 18:56:14 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ad28dfa7
app-emulation/spice: drop vulnerable versions, bug #717776
Bug: https://bugs.gentoo.org/717776
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Matthias Maier <tamiko <AT> gentoo.org>
app-emulation/spice/Manifest | 2 -
...0.14.0-fix-flexible-array-buffer-overflow.patch | 12 ---
.../spice/files/spice-0.14.0-libressl_fix.patch | 13 ---
.../spice/files/spice-0.14.0-openssl1.1_fix.patch | 26 ------
app-emulation/spice/spice-0.14.0-r2.ebuild | 102 ---------------------
app-emulation/spice/spice-0.14.2.ebuild | 100 --------------------
6 files changed, 255 deletions(-)
diff --git a/app-emulation/spice/Manifest b/app-emulation/spice/Manifest
index 57ed7cd9f34..7b50d54451c 100644
--- a/app-emulation/spice/Manifest
+++ b/app-emulation/spice/Manifest
@@ -1,3 +1 @@
-DIST spice-0.14.0.tar.bz2 1330195 BLAKE2B 08f93e8ddeb79adb4feac0557a854cc41fd096a9dfefc0baaca176803c2a03ef9286c4f61a135d62ad22e3ac3f4bb31ffd1614c8ddeaec7ae8c01eca34da1750 SHA512 84532146aa628ca6ca459a82afb89d6391892e063668fd4a68023c92cee7ca868b6c82e31dd9886819b76ea745ebdae0d0030e1f608d8f58f51c00f0b09bae1f
-DIST spice-0.14.2.tar.bz2 1406009 BLAKE2B e6c57bedd8c8ec0444da194be7279b895bf348dfa9b427d20301cc223627bcd65b7037280bc2a3d0b531b0cdcd8cb62d34ee132c549ac3dc8f6e5a2959339ce2 SHA512 1093b618ea4a7ff31944429ce2903abecfc8d20c35f2d9c8c837a6e053ee429c0115e40665542637a717869209523ac05d15cdb5e77563102d5d3915e4aaaf76
DIST spice-0.14.3.tar.bz2 1504304 BLAKE2B be655e1d4c48dae29903ab8e0dc52da63723e3252052afccc9587065531f28c8af7dbab4c585093f26d98f2273c6e734a553c18d4779a9f4464334ae1764f682 SHA512 9ecdc455ff25c71ac1fe6c576654b51efbfb860110bd6828065d23f7462d5c5cac772074d1a40f033386258d970b77275b2007bcfdffb23fdff2137154ea46e4
diff --git a/app-emulation/spice/files/spice-0.14.0-fix-flexible-array-buffer-overflow.patch b/app-emulation/spice/files/spice-0.14.0-fix-flexible-array-buffer-overflow.patch
deleted file mode 100644
index a05bbb7545a..00000000000
--- a/app-emulation/spice/files/spice-0.14.0-fix-flexible-array-buffer-overflow.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff --git a/spice-common/python_modules/demarshal.py b/spice-common/python_modules/demarshal.py
-index 1ea131d..7172762 100644
---- a/spice-common/python_modules/demarshal.py
-+++ b/spice-common/python_modules/demarshal.py
-@@ -318,6 +318,7 @@ def write_validate_array_item(writer, container, item, scope, parent_scope, star
- writer.assign(nelements, array.size)
- elif array.is_remaining_length():
- if element_type.is_fixed_nw_size():
-+ writer.error_check("%s > message_end" % item.get_position())
- if element_type.get_fixed_nw_size() == 1:
- writer.assign(nelements, "message_end - %s" % item.get_position())
- else:
diff --git a/app-emulation/spice/files/spice-0.14.0-libressl_fix.patch b/app-emulation/spice/files/spice-0.14.0-libressl_fix.patch
deleted file mode 100644
index 1dfce9480e9..00000000000
--- a/app-emulation/spice/files/spice-0.14.0-libressl_fix.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/spice-common/common/ssl_verify.c b/spice-common/common/ssl_verify.c
-index a9ed650..27aa5d3 100644
---- a/spice-common/common/ssl_verify.c
-+++ b/spice-common/common/ssl_verify.c
-@@ -33,7 +33,7 @@
- #include <string.h>
- #include <gio/gio.h>
-
--#if OPENSSL_VERSION_NUMBER < 0x10100000
-+#if OPENSSL_VERSION_NUMBER < 0x10100000 || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
- static const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *asn1)
- {
- return M_ASN1_STRING_data(asn1);
diff --git a/app-emulation/spice/files/spice-0.14.0-openssl1.1_fix.patch b/app-emulation/spice/files/spice-0.14.0-openssl1.1_fix.patch
deleted file mode 100644
index c1c5a1c04ba..00000000000
--- a/app-emulation/spice/files/spice-0.14.0-openssl1.1_fix.patch
+++ /dev/null
@@ -1,26 +0,0 @@
---- spice-0.13.90-orig/server/reds.c 2017-07-27 01:04:10.000000000 +1000
-+++ spice-0.13.90/server/reds.c 2017-10-18 21:42:12.054934199 +1100
-@@ -34,6 +34,8 @@
- #include <ctype.h>
-
- #include <openssl/err.h>
-+#include <openssl/bn.h>
-+#include <openssl/rsa.h>
-
- #if HAVE_SASL
- #include <sasl/sasl.h>
-@@ -2795,9 +2797,12 @@
-
- static gpointer openssl_global_init(gpointer arg)
- {
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined (LIBRESSL_VERSION_NUMBER)
-+ OPENSSL_init_ssl(0, NULL);
-+#else
- SSL_library_init();
- SSL_load_error_strings();
--
-+#endif
- openssl_thread_setup();
-
- return NULL;
-
diff --git a/app-emulation/spice/spice-0.14.0-r2.ebuild b/app-emulation/spice/spice-0.14.0-r2.ebuild
deleted file mode 100644
index 49bf1e178a9..00000000000
--- a/app-emulation/spice/spice-0.14.0-r2.ebuild
+++ /dev/null
@@ -1,102 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-PYTHON_COMPAT=( python{3_6,3_7} )
-
-inherit autotools ltprune python-any-r1 readme.gentoo-r1 xdg-utils
-
-DESCRIPTION="SPICE server"
-HOMEPAGE="https://www.spice-space.org/"
-SRC_URI="https://www.spice-space.org/download/releases/${P}.tar.bz2"
-
-LICENSE="LGPL-2.1"
-SLOT="0"
-KEYWORDS="amd64 ~arm64 x86"
-IUSE="libressl lz4 sasl smartcard static-libs gstreamer"
-
-# the libspice-server only uses the headers of libcacard
-RDEPEND="
- dev-lang/orc[static-libs(+)?]
- >=dev-libs/glib-2.22:2[static-libs(+)?]
- media-libs/opus[static-libs(+)?]
- sys-libs/zlib[static-libs(+)?]
- virtual/jpeg:0=[static-libs(+)?]
- >=x11-libs/pixman-0.17.7[static-libs(+)?]
- !libressl? ( dev-libs/openssl:0=[static-libs(+)?] )
- libressl? ( dev-libs/libressl:0=[static-libs(+)?] )
- lz4? ( app-arch/lz4:0=[static-libs(+)?] )
- smartcard? ( >=app-emulation/libcacard-0.1.2 )
- sasl? ( dev-libs/cyrus-sasl[static-libs(+)?] )
- gstreamer? (
- media-libs/gstreamer:1.0
- media-libs/gst-plugins-base:1.0
- )"
-DEPEND="${RDEPEND}
- ${PYTHON_DEPS}
- >=app-emulation/spice-protocol-0.12.13
- virtual/pkgconfig
- $(python_gen_any_dep '
- >=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}]
- dev-python/six[${PYTHON_USEDEP}]
- ')
- smartcard? ( app-emulation/qemu[smartcard] )"
-
-PATCHES=(
- "${FILESDIR}"/${P}-libressl_fix.patch
- "${FILESDIR}"/${P}-openssl1.1_fix.patch
- "${FILESDIR}"/${P}-fix-flexible-array-buffer-overflow.patch
-)
-
-python_check_deps() {
- has_version ">=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}]"
- has_version "dev-python/six[${PYTHON_USEDEP}]"
-}
-
-pkg_setup() {
- [[ ${MERGE_TYPE} != binary ]] && python-any-r1_pkg_setup
-}
-
-src_prepare() {
- default
-
- eautoreconf
-}
-
-src_configure() {
- # Prevent sandbox violations, bug #586560
- # https://bugzilla.gnome.org/show_bug.cgi?id=744134
- # https://bugzilla.gnome.org/show_bug.cgi?id=744135
- addpredict /dev
-
- xdg_environment_reset
-
- local myconf="
- $(use_enable static-libs static)
- $(use_enable lz4)
- $(use_with sasl)
- $(use_enable smartcard)
- --enable-gstreamer=$(usex gstreamer "1.0" "no")
- --disable-celt051
- "
- econf ${myconf}
-}
-
-src_compile() {
- # Prevent sandbox violations, bug #586560
- # https://bugzilla.gnome.org/show_bug.cgi?id=744134
- # https://bugzilla.gnome.org/show_bug.cgi?id=744135
- addpredict /dev
-
- default
-}
-
-src_install() {
- default
- use static-libs || prune_libtool_files
- readme.gentoo_create_doc
-}
-
-pkg_postinst() {
- readme.gentoo_print_elog
-}
diff --git a/app-emulation/spice/spice-0.14.2.ebuild b/app-emulation/spice/spice-0.14.2.ebuild
deleted file mode 100644
index d6489c71369..00000000000
--- a/app-emulation/spice/spice-0.14.2.ebuild
+++ /dev/null
@@ -1,100 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-PYTHON_COMPAT=( python{3_6,3_7} )
-
-inherit autotools python-any-r1 readme.gentoo-r1 xdg-utils
-
-DESCRIPTION="SPICE server"
-HOMEPAGE="https://www.spice-space.org/"
-SRC_URI="https://www.spice-space.org/download/releases/spice-server/${P}.tar.bz2"
-
-LICENSE="LGPL-2.1"
-SLOT="0"
-KEYWORDS="~amd64 ~arm64 ~x86"
-IUSE="libressl lz4 sasl smartcard static-libs gstreamer"
-
-# the libspice-server only uses the headers of libcacard
-RDEPEND="
- dev-lang/orc[static-libs(+)?]
- >=dev-libs/glib-2.22:2[static-libs(+)?]
- media-libs/opus[static-libs(+)?]
- sys-libs/zlib[static-libs(+)?]
- virtual/jpeg:0=[static-libs(+)?]
- >=x11-libs/pixman-0.17.7[static-libs(+)?]
- !libressl? ( dev-libs/openssl:0=[static-libs(+)?] )
- libressl? ( dev-libs/libressl:0=[static-libs(+)?] )
- lz4? ( app-arch/lz4:0=[static-libs(+)?] )
- smartcard? ( >=app-emulation/libcacard-0.1.2 )
- sasl? ( dev-libs/cyrus-sasl[static-libs(+)?] )
- gstreamer? (
- media-libs/gstreamer:1.0
- media-libs/gst-plugins-base:1.0
- )"
-DEPEND="${RDEPEND}
- >=app-emulation/spice-protocol-0.14.0
- smartcard? ( app-emulation/qemu[smartcard] )"
-BDEPEND="${PYTHON_DEPS}
- virtual/pkgconfig
- $(python_gen_any_dep '
- >=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}]
- dev-python/six[${PYTHON_USEDEP}]
- ')"
-
-PATCHES=(
- "${FILESDIR}"/${PN}-0.14.0-openssl1.1_fix.patch
-)
-
-python_check_deps() {
- has_version -b ">=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}]"
- has_version -b "dev-python/six[${PYTHON_USEDEP}]"
-}
-
-pkg_setup() {
- [[ ${MERGE_TYPE} != binary ]] && python-any-r1_pkg_setup
-}
-
-src_prepare() {
- default
-
- eautoreconf
-}
-
-src_configure() {
- # Prevent sandbox violations, bug #586560
- # https://bugzilla.gnome.org/show_bug.cgi?id=744134
- # https://bugzilla.gnome.org/show_bug.cgi?id=744135
- addpredict /dev
-
- xdg_environment_reset
-
- local myconf="
- $(use_enable static-libs static)
- $(use_enable lz4)
- $(use_with sasl)
- $(use_enable smartcard)
- --enable-gstreamer=$(usex gstreamer "1.0" "no")
- --disable-celt051
- "
- econf ${myconf}
-}
-
-src_compile() {
- # Prevent sandbox violations, bug #586560
- # https://bugzilla.gnome.org/show_bug.cgi?id=744134
- # https://bugzilla.gnome.org/show_bug.cgi?id=744135
- addpredict /dev
-
- default
-}
-
-src_install() {
- default
- use static-libs || find "${D}" -name '*.la' -type f -delete || die
- readme.gentoo_create_doc
-}
-
-pkg_postinst() {
- readme.gentoo_print_elog
-}
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-emulation/spice/, app-emulation/spice/files/
@ 2021-04-04 18:54 Matthias Maier
0 siblings, 0 replies; 9+ messages in thread
From: Matthias Maier @ 2021-04-04 18:54 UTC (permalink / raw
To: gentoo-commits
commit: d6418bd9306729c2497c17fe302f58965800897c
Author: Matthias Maier <tamiko <AT> gentoo <DOT> org>
AuthorDate: Sun Apr 4 18:48:42 2021 +0000
Commit: Matthias Maier <tamiko <AT> gentoo <DOT> org>
CommitDate: Sun Apr 4 18:54:34 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d6418bd9
app-emulation/spice: apply security patches for CVE-2020-14355
Bug: https://bugs.gentoo.org/746920
Package-Manager: Portage-3.0.18, Repoman-3.0.3
Signed-off-by: Matthias Maier <tamiko <AT> gentoo.org>
.../spice-0.14.3-CVE-2020-14355-404d7478.patch | 31 +++++++
.../spice-0.14.3-CVE-2020-14355-762e0aba.patch | 13 +++
.../spice-0.14.3-CVE-2020-14355-b24fe6b6.patch | 18 ++++
.../spice-0.14.3-CVE-2020-14355-ef1b6ff7.patch | 17 ++++
app-emulation/spice/spice-0.14.3-r1.ebuild | 103 +++++++++++++++++++++
5 files changed, 182 insertions(+)
diff --git a/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-404d7478.patch b/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-404d7478.patch
new file mode 100644
index 00000000000..338f4e6ca65
--- /dev/null
+++ b/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-404d7478.patch
@@ -0,0 +1,31 @@
+diff --git a/common/quic.c b/common/quic.c
+index bc753ca5064a0326906b4aa8c18d8745747feb5c..681531677fbd6c3bca5e482c77bb709d4465ef8e 100644
+--- a/subprojects/spice-common/common/quic.c
++++ b/subprojects/spice-common/common/quic.c
+@@ -56,6 +56,9 @@ typedef uint8_t BYTE;
+ #define MINwminext 1
+ #define MAXwminext 100000000
+
++/* Maximum image size in pixels, mainly to avoid possible integer overflows */
++#define SPICE_MAX_IMAGE_SIZE (512 * 1024 * 1024 - 1)
++
+ typedef struct QuicFamily {
+ unsigned int nGRcodewords[MAXNUMCODES]; /* indexed by code number, contains number of
+ unmodified GR codewords in the code */
+@@ -1165,6 +1168,16 @@ int quic_decode_begin(QuicContext *quic, uint32_t *io_ptr, unsigned int num_io_w
+ height = encoder->io_word;
+ decode_eat32bits(encoder);
+
++ if (width <= 0 || height <= 0) {
++ encoder->usr->warn(encoder->usr, "invalid size\n");
++ return QUIC_ERROR;
++ }
++
++ /* avoid too big images */
++ if ((uint64_t) width * height > SPICE_MAX_IMAGE_SIZE) {
++ encoder->usr->error(encoder->usr, "image too large\n");
++ }
++
+ quic_image_params(encoder, type, &channels, &bpc);
+
+ if (!encoder_reset_channels(encoder, channels, width, bpc)) {
diff --git a/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-762e0aba.patch b/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-762e0aba.patch
new file mode 100644
index 00000000000..ce79ef0043e
--- /dev/null
+++ b/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-762e0aba.patch
@@ -0,0 +1,13 @@
+diff --git a/common/quic.c b/common/quic.c
+index e2dee0fd68741512911d5d050053ad073cf29457..bc753ca5064a0326906b4aa8c18d8745747feb5c 100644
+--- a/subprojects/spice-common/common/quic.c
++++ b/subprojects/spice-common/common/quic.c
+@@ -1136,7 +1136,7 @@ int quic_decode_begin(QuicContext *quic, uint32_t *io_ptr, unsigned int num_io_w
+ int channels;
+ int bpc;
+
+- if (!encoder_reset(encoder, io_ptr, io_ptr_end)) {
++ if (!num_io_words || !encoder_reset(encoder, io_ptr, io_ptr_end)) {
+ return QUIC_ERROR;
+ }
+
diff --git a/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-b24fe6b6.patch b/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-b24fe6b6.patch
new file mode 100644
index 00000000000..40127deda15
--- /dev/null
+++ b/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-b24fe6b6.patch
@@ -0,0 +1,18 @@
+diff --git a/common/quic_family_tmpl.c b/common/quic_family_tmpl.c
+index 8a5f7d2c9be3f6b1bd82993703749268bab243b4..6cc051b36889f773fe5401e204db6245d99e27df 100644
+--- a/subprojects/spice-common/common/quic_family_tmpl.c
++++ b/subprojects/spice-common/common/quic_family_tmpl.c
+@@ -103,7 +103,12 @@ static s_bucket *FNAME(find_bucket)(Channel *channel, const unsigned int val)
+ {
+ spice_extra_assert(val < (0x1U << BPC));
+
+- return channel->_buckets_ptrs[val];
++ /* The and (&) here is to avoid buffer overflows in case of garbage or malicious
++ * attempts. Is much faster then using comparisons and save us from such situations.
++ * Note that on normal build the check above won't be compiled as this code path
++ * is pretty hot and would cause speed regressions.
++ */
++ return channel->_buckets_ptrs[val & ((1U << BPC) - 1)];
+ }
+
+ #undef FNAME
diff --git a/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-ef1b6ff7.patch b/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-ef1b6ff7.patch
new file mode 100644
index 00000000000..bc764ec23ce
--- /dev/null
+++ b/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-ef1b6ff7.patch
@@ -0,0 +1,17 @@
+diff --git a/common/quic_tmpl.c b/common/quic_tmpl.c
+index ecd6f3f187c753a89b7dbb0657edc3ae82ffaaff..ebae992d642a657a7505b3ca0e8145310805f32f 100644
+--- a/subprojects/spice-common/common/quic_tmpl.c
++++ b/subprojects/spice-common/common/quic_tmpl.c
+@@ -563,7 +563,11 @@ static void FNAME_DECL(uncompress_row_seg)(const PIXEL * const prev_row,
+ do_run:
+ state->waitcnt = stopidx - i;
+ run_index = i;
+- run_end = i + decode_state_run(encoder, state);
++ run_end = decode_state_run(encoder, state);
++ if (run_end < 0 || run_end > (end - i)) {
++ encoder->usr->error(encoder->usr, "wrong RLE\n");
++ }
++ run_end += i;
+
+ for (; i < run_end; i++) {
+ UNCOMPRESS_PIX_START(&cur_row[i]);
diff --git a/app-emulation/spice/spice-0.14.3-r1.ebuild b/app-emulation/spice/spice-0.14.3-r1.ebuild
new file mode 100644
index 00000000000..175926c76fb
--- /dev/null
+++ b/app-emulation/spice/spice-0.14.3-r1.ebuild
@@ -0,0 +1,103 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{7,8} )
+inherit autotools python-any-r1 readme.gentoo-r1 xdg-utils
+
+DESCRIPTION="SPICE server"
+HOMEPAGE="https://www.spice-space.org/"
+SRC_URI="https://www.spice-space.org/download/releases/spice-server/${P}.tar.bz2"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~amd64 ~arm64 ~ppc64 ~x86"
+IUSE="libressl lz4 sasl smartcard static-libs gstreamer"
+
+# the libspice-server only uses the headers of libcacard
+RDEPEND="
+ dev-lang/orc[static-libs(+)?]
+ >=dev-libs/glib-2.22:2[static-libs(+)?]
+ media-libs/opus[static-libs(+)?]
+ sys-libs/zlib[static-libs(+)?]
+ virtual/jpeg:0=[static-libs(+)?]
+ >=x11-libs/pixman-0.17.7[static-libs(+)?]
+ !libressl? ( dev-libs/openssl:0=[static-libs(+)?] )
+ libressl? ( dev-libs/libressl:0=[static-libs(+)?] )
+ lz4? ( app-arch/lz4:0=[static-libs(+)?] )
+ smartcard? ( >=app-emulation/libcacard-0.1.2 )
+ sasl? ( dev-libs/cyrus-sasl[static-libs(+)?] )
+ gstreamer? (
+ media-libs/gstreamer:1.0
+ media-libs/gst-plugins-base:1.0
+ )"
+DEPEND="${RDEPEND}
+ >=app-emulation/spice-protocol-0.14.0
+ smartcard? ( app-emulation/qemu[smartcard] )"
+BDEPEND="${PYTHON_DEPS}
+ virtual/pkgconfig
+ $(python_gen_any_dep '
+ >=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}]
+ dev-python/six[${PYTHON_USEDEP}]
+ ')"
+
+python_check_deps() {
+ has_version -b ">=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}]"
+ has_version -b "dev-python/six[${PYTHON_USEDEP}]"
+}
+
+PATCHES=(
+ "${FILESDIR}"/${P}-CVE-2020-14355-762e0aba.patch
+ "${FILESDIR}"/${P}-CVE-2020-14355-404d7478.patch
+ "${FILESDIR}"/${P}-CVE-2020-14355-ef1b6ff7.patch
+ "${FILESDIR}"/${P}-CVE-2020-14355-b24fe6b6.patch
+)
+
+pkg_setup() {
+ [[ ${MERGE_TYPE} != binary ]] && python-any-r1_pkg_setup
+}
+
+src_prepare() {
+ default
+
+ eautoreconf
+}
+
+src_configure() {
+ # Prevent sandbox violations, bug #586560
+ # https://bugzilla.gnome.org/show_bug.cgi?id=744134
+ # https://bugzilla.gnome.org/show_bug.cgi?id=744135
+ addpredict /dev
+
+ xdg_environment_reset
+
+ local myconf="
+ $(use_enable static-libs static)
+ $(use_enable lz4)
+ $(use_with sasl)
+ $(use_enable smartcard)
+ --enable-gstreamer=$(usex gstreamer "1.0" "no")
+ --disable-celt051
+ "
+ econf ${myconf}
+}
+
+src_compile() {
+ # Prevent sandbox violations, bug #586560
+ # https://bugzilla.gnome.org/show_bug.cgi?id=744134
+ # https://bugzilla.gnome.org/show_bug.cgi?id=744135
+ addpredict /dev
+
+ default
+}
+
+src_install() {
+ default
+ use static-libs || find "${D}" -name '*.la' -type f -delete || die
+ readme.gentoo_create_doc
+}
+
+pkg_postinst() {
+ readme.gentoo_print_elog
+}
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-emulation/spice/, app-emulation/spice/files/
@ 2022-08-09 21:30 John Helmert III
0 siblings, 0 replies; 9+ messages in thread
From: John Helmert III @ 2022-08-09 21:30 UTC (permalink / raw
To: gentoo-commits
commit: f669a2f91427e142b943efe92978216dff4c842a
Author: John Helmert III <ajak <AT> gentoo <DOT> org>
AuthorDate: Tue Aug 9 21:27:51 2022 +0000
Commit: John Helmert III <ajak <AT> gentoo <DOT> org>
CommitDate: Tue Aug 9 21:30:23 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f669a2f9
app-emulation/spice: drop 0.14.3-r1
Bug: https://bugs.gentoo.org/792618
Signed-off-by: John Helmert III <ajak <AT> gentoo.org>
app-emulation/spice/Manifest | 1 -
.../spice-0.14.3-CVE-2020-14355-404d7478.patch | 31 ------
.../spice-0.14.3-CVE-2020-14355-762e0aba.patch | 13 ---
.../spice-0.14.3-CVE-2020-14355-b24fe6b6.patch | 18 ----
.../spice-0.14.3-CVE-2020-14355-ef1b6ff7.patch | 17 ----
app-emulation/spice/spice-0.14.3-r1.ebuild | 106 ---------------------
6 files changed, 186 deletions(-)
diff --git a/app-emulation/spice/Manifest b/app-emulation/spice/Manifest
index 0135aefa813e..9fac0bce8dcb 100644
--- a/app-emulation/spice/Manifest
+++ b/app-emulation/spice/Manifest
@@ -1,3 +1,2 @@
-DIST spice-0.14.3.tar.bz2 1504304 BLAKE2B be655e1d4c48dae29903ab8e0dc52da63723e3252052afccc9587065531f28c8af7dbab4c585093f26d98f2273c6e734a553c18d4779a9f4464334ae1764f682 SHA512 9ecdc455ff25c71ac1fe6c576654b51efbfb860110bd6828065d23f7462d5c5cac772074d1a40f033386258d970b77275b2007bcfdffb23fdff2137154ea46e4
DIST spice-0.15.0-pthread-c5fe3df1.patch.bz2 7605 BLAKE2B 86b8094a22a02080db038ef98972bf09f391d5344fee8df2aa7d2def0b50a581353cb0e3dd97f99bbd58b88a13ceac4b54be8086a9f4274f38d132b27b62e84d SHA512 5075bd260b33c2dad8c3ce641372383871f7d69190a4f4697bd5e12af1bf5429310c592961de001d36c19a9cdd91143b8d6e8be0e08b3850b9700c2aef2ddd78
DIST spice-0.15.0.tar.bz2 1537970 BLAKE2B 98e8f55de81a86c6370e4a74c0fd90db78a9a8e8e3af536bccd6a2a75185194ac7b87521163090c4312e392d2ee10036c0283171c7796aea630e1307128a2d55 SHA512 0a776d191c395ce1f7ebbbac47956a00a2765327d3127aeca6e232bd56fd4ccd28750ae1599eb6eb2909ac909cda517d5511faa631166db16b8b75bd4e7b86d9
diff --git a/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-404d7478.patch b/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-404d7478.patch
deleted file mode 100644
index 338f4e6ca657..000000000000
--- a/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-404d7478.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-diff --git a/common/quic.c b/common/quic.c
-index bc753ca5064a0326906b4aa8c18d8745747feb5c..681531677fbd6c3bca5e482c77bb709d4465ef8e 100644
---- a/subprojects/spice-common/common/quic.c
-+++ b/subprojects/spice-common/common/quic.c
-@@ -56,6 +56,9 @@ typedef uint8_t BYTE;
- #define MINwminext 1
- #define MAXwminext 100000000
-
-+/* Maximum image size in pixels, mainly to avoid possible integer overflows */
-+#define SPICE_MAX_IMAGE_SIZE (512 * 1024 * 1024 - 1)
-+
- typedef struct QuicFamily {
- unsigned int nGRcodewords[MAXNUMCODES]; /* indexed by code number, contains number of
- unmodified GR codewords in the code */
-@@ -1165,6 +1168,16 @@ int quic_decode_begin(QuicContext *quic, uint32_t *io_ptr, unsigned int num_io_w
- height = encoder->io_word;
- decode_eat32bits(encoder);
-
-+ if (width <= 0 || height <= 0) {
-+ encoder->usr->warn(encoder->usr, "invalid size\n");
-+ return QUIC_ERROR;
-+ }
-+
-+ /* avoid too big images */
-+ if ((uint64_t) width * height > SPICE_MAX_IMAGE_SIZE) {
-+ encoder->usr->error(encoder->usr, "image too large\n");
-+ }
-+
- quic_image_params(encoder, type, &channels, &bpc);
-
- if (!encoder_reset_channels(encoder, channels, width, bpc)) {
diff --git a/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-762e0aba.patch b/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-762e0aba.patch
deleted file mode 100644
index ce79ef0043ee..000000000000
--- a/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-762e0aba.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/common/quic.c b/common/quic.c
-index e2dee0fd68741512911d5d050053ad073cf29457..bc753ca5064a0326906b4aa8c18d8745747feb5c 100644
---- a/subprojects/spice-common/common/quic.c
-+++ b/subprojects/spice-common/common/quic.c
-@@ -1136,7 +1136,7 @@ int quic_decode_begin(QuicContext *quic, uint32_t *io_ptr, unsigned int num_io_w
- int channels;
- int bpc;
-
-- if (!encoder_reset(encoder, io_ptr, io_ptr_end)) {
-+ if (!num_io_words || !encoder_reset(encoder, io_ptr, io_ptr_end)) {
- return QUIC_ERROR;
- }
-
diff --git a/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-b24fe6b6.patch b/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-b24fe6b6.patch
deleted file mode 100644
index 40127deda15a..000000000000
--- a/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-b24fe6b6.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-diff --git a/common/quic_family_tmpl.c b/common/quic_family_tmpl.c
-index 8a5f7d2c9be3f6b1bd82993703749268bab243b4..6cc051b36889f773fe5401e204db6245d99e27df 100644
---- a/subprojects/spice-common/common/quic_family_tmpl.c
-+++ b/subprojects/spice-common/common/quic_family_tmpl.c
-@@ -103,7 +103,12 @@ static s_bucket *FNAME(find_bucket)(Channel *channel, const unsigned int val)
- {
- spice_extra_assert(val < (0x1U << BPC));
-
-- return channel->_buckets_ptrs[val];
-+ /* The and (&) here is to avoid buffer overflows in case of garbage or malicious
-+ * attempts. Is much faster then using comparisons and save us from such situations.
-+ * Note that on normal build the check above won't be compiled as this code path
-+ * is pretty hot and would cause speed regressions.
-+ */
-+ return channel->_buckets_ptrs[val & ((1U << BPC) - 1)];
- }
-
- #undef FNAME
diff --git a/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-ef1b6ff7.patch b/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-ef1b6ff7.patch
deleted file mode 100644
index bc764ec23ce2..000000000000
--- a/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-ef1b6ff7.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-diff --git a/common/quic_tmpl.c b/common/quic_tmpl.c
-index ecd6f3f187c753a89b7dbb0657edc3ae82ffaaff..ebae992d642a657a7505b3ca0e8145310805f32f 100644
---- a/subprojects/spice-common/common/quic_tmpl.c
-+++ b/subprojects/spice-common/common/quic_tmpl.c
-@@ -563,7 +563,11 @@ static void FNAME_DECL(uncompress_row_seg)(const PIXEL * const prev_row,
- do_run:
- state->waitcnt = stopidx - i;
- run_index = i;
-- run_end = i + decode_state_run(encoder, state);
-+ run_end = decode_state_run(encoder, state);
-+ if (run_end < 0 || run_end > (end - i)) {
-+ encoder->usr->error(encoder->usr, "wrong RLE\n");
-+ }
-+ run_end += i;
-
- for (; i < run_end; i++) {
- UNCOMPRESS_PIX_START(&cur_row[i]);
diff --git a/app-emulation/spice/spice-0.14.3-r1.ebuild b/app-emulation/spice/spice-0.14.3-r1.ebuild
deleted file mode 100644
index 1eed375b81ad..000000000000
--- a/app-emulation/spice/spice-0.14.3-r1.ebuild
+++ /dev/null
@@ -1,106 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{7,8,9} )
-inherit autotools python-any-r1 readme.gentoo-r1 xdg-utils
-
-DESCRIPTION="SPICE server"
-HOMEPAGE="https://www.spice-space.org/"
-SRC_URI="https://www.spice-space.org/download/releases/spice-server/${P}.tar.bz2"
-
-LICENSE="LGPL-2.1"
-SLOT="0"
-KEYWORDS="amd64 arm64 ppc64 x86"
-IUSE="lz4 sasl smartcard static-libs gstreamer test"
-
-RESTRICT="!test? ( test )"
-
-# the libspice-server only uses the headers of libcacard
-RDEPEND="
- dev-lang/orc[static-libs(+)?]
- >=dev-libs/glib-2.38:2[static-libs(+)?]
- media-libs/opus[static-libs(+)?]
- sys-libs/zlib[static-libs(+)?]
- virtual/jpeg:0=[static-libs(+)?]
- >=x11-libs/pixman-0.17.7[static-libs(+)?]
- dev-libs/openssl:0=[static-libs(+)?]
- lz4? ( app-arch/lz4:0=[static-libs(+)?] )
- smartcard? ( >=app-emulation/libcacard-2.5.1 )
- sasl? ( dev-libs/cyrus-sasl[static-libs(+)?] )
- gstreamer? (
- media-libs/gstreamer:1.0
- media-libs/gst-plugins-base:1.0
- )"
-DEPEND="${RDEPEND}
- >=app-emulation/spice-protocol-0.14.0
- smartcard? ( app-emulation/qemu[smartcard] )
- test? ( net-libs/glib-networking )"
-BDEPEND="${PYTHON_DEPS}
- virtual/pkgconfig
- $(python_gen_any_dep '
- >=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}]
- dev-python/six[${PYTHON_USEDEP}]
- ')"
-
-python_check_deps() {
- has_version -b ">=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}]"
- has_version -b "dev-python/six[${PYTHON_USEDEP}]"
-}
-
-PATCHES=(
- "${FILESDIR}"/${P}-CVE-2020-14355-762e0aba.patch
- "${FILESDIR}"/${P}-CVE-2020-14355-404d7478.patch
- "${FILESDIR}"/${P}-CVE-2020-14355-ef1b6ff7.patch
- "${FILESDIR}"/${P}-CVE-2020-14355-b24fe6b6.patch
-)
-
-pkg_setup() {
- [[ ${MERGE_TYPE} != binary ]] && python-any-r1_pkg_setup
-}
-
-src_prepare() {
- default
-
- eautoreconf
-}
-
-src_configure() {
- # Prevent sandbox violations, bug #586560
- # https://bugzilla.gnome.org/show_bug.cgi?id=744134
- # https://bugzilla.gnome.org/show_bug.cgi?id=744135
- addpredict /dev
-
- xdg_environment_reset
-
- local myconf="
- $(use_enable static-libs static)
- $(use_enable lz4)
- $(use_with sasl)
- $(use_enable smartcard)
- $(use_enable test tests)
- --enable-gstreamer=$(usex gstreamer "1.0" "no")
- --disable-celt051
- "
- econf ${myconf}
-}
-
-src_compile() {
- # Prevent sandbox violations, bug #586560
- # https://bugzilla.gnome.org/show_bug.cgi?id=744134
- # https://bugzilla.gnome.org/show_bug.cgi?id=744135
- addpredict /dev
-
- default
-}
-
-src_install() {
- default
- use static-libs || find "${D}" -name '*.la' -type f -delete || die
- readme.gentoo_create_doc
-}
-
-pkg_postinst() {
- readme.gentoo_print_elog
-}
^ permalink raw reply related [flat|nested] 9+ messages in thread
end of thread, other threads:[~2022-08-09 21:30 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-02-12 1:48 [gentoo-commits] repo/gentoo:master commit in: app-emulation/spice/, app-emulation/spice/files/ Matthias Maier
-- strict thread matches above, loose matches on Subject: below --
2022-08-09 21:30 John Helmert III
2021-04-04 18:54 Matthias Maier
2020-04-18 18:56 Matthias Maier
2018-08-17 0:07 Matthias Maier
2017-05-11 5:07 Matthias Maier
2016-11-01 2:50 Yixun Lan
2016-06-14 5:46 Matthias Maier
2016-06-14 5:46 Matthias Maier
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox