1 |
commit: 54518b5955919d26b69fb31737f6450146ef6a7d |
2 |
Author: Matthias Maier <tamiko <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Aug 16 21:31:54 2018 +0000 |
4 |
Commit: Matthias Maier <tamiko <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Aug 17 00:07:47 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=54518b59 |
7 |
|
8 |
app-emulation/spice: drop old |
9 |
|
10 |
Package-Manager: Portage-2.3.46, Repoman-2.3.10 |
11 |
|
12 |
app-emulation/spice/Manifest | 1 - |
13 |
...buffer-overflows-handling-monitor-configu.patch | 47 ---------- |
14 |
...integer-overflows-handling-monitor-config.patch | 30 ------ |
15 |
...nect-when-receiving-overly-big-ClientMoni.patch | 75 --------------- |
16 |
.../files/spice-0.13.3-skip_faulty_lz4_check.patch | 13 --- |
17 |
app-emulation/spice/spice-0.13.3-r2.ebuild | 104 --------------------- |
18 |
6 files changed, 270 deletions(-) |
19 |
|
20 |
diff --git a/app-emulation/spice/Manifest b/app-emulation/spice/Manifest |
21 |
index 8258480e0ae..6b3b7c613b4 100644 |
22 |
--- a/app-emulation/spice/Manifest |
23 |
+++ b/app-emulation/spice/Manifest |
24 |
@@ -1,2 +1 @@ |
25 |
-DIST spice-0.13.3.tar.bz2 1322505 BLAKE2B 56f9cd34bb48fdcf750230242b27567db713ef749649d4b780a82d0d4ec5d326b19540c9bb4f36c164d40a692eb0368c39e05ee8dba319dd8461a0315e5a9a17 SHA512 63496fbd3df0fd453052cef8e1fb00a3a28f0105610676fdc4a58043cbc6da571ae4407701af2b817e410d05ce727d60d5ee0c93c8897231e25229897c51d95a |
26 |
DIST spice-0.14.0.tar.bz2 1330195 BLAKE2B 08f93e8ddeb79adb4feac0557a854cc41fd096a9dfefc0baaca176803c2a03ef9286c4f61a135d62ad22e3ac3f4bb31ffd1614c8ddeaec7ae8c01eca34da1750 SHA512 84532146aa628ca6ca459a82afb89d6391892e063668fd4a68023c92cee7ca868b6c82e31dd9886819b76ea745ebdae0d0030e1f608d8f58f51c00f0b09bae1f |
27 |
|
28 |
diff --git a/app-emulation/spice/files/spice-0.13.3-reds-Avoid-buffer-overflows-handling-monitor-configu.patch b/app-emulation/spice/files/spice-0.13.3-reds-Avoid-buffer-overflows-handling-monitor-configu.patch |
29 |
deleted file mode 100644 |
30 |
index 8792395977e..00000000000 |
31 |
--- a/app-emulation/spice/files/spice-0.13.3-reds-Avoid-buffer-overflows-handling-monitor-configu.patch |
32 |
+++ /dev/null |
33 |
@@ -1,47 +0,0 @@ |
34 |
-Matthias Maier <tamiko@g.o> |
35 |
- |
36 |
- - Ported to 0.13.3 |
37 |
- |
38 |
- |
39 |
-From fbbcdad773e2791cfb988f4748faa41943551ca6 Mon Sep 17 00:00:00 2001 |
40 |
-From: Frediano Ziglio <fziglio@××××××.com> |
41 |
-Date: Mon, 15 May 2017 15:57:28 +0100 |
42 |
-Subject: [PATCH 3/3] reds: Avoid buffer overflows handling monitor |
43 |
- configuration |
44 |
- |
45 |
-It was also possible for a malicious client to set |
46 |
-VDAgentMonitorsConfig::num_of_monitors to a number larger |
47 |
-than the actual size of VDAgentMOnitorsConfig::monitors. |
48 |
-This would lead to buffer overflows, which could allow the guest to |
49 |
-read part of the host memory. This might cause write overflows in the |
50 |
-host as well, but controlling the content of such buffers seems |
51 |
-complicated. |
52 |
- |
53 |
-Signed-off-by: Frediano Ziglio <fziglio@××××××.com> |
54 |
---- |
55 |
- |
56 |
-diff --git a/server/reds.c b/server/reds.c |
57 |
-index ec89105..fd1457f 100644 |
58 |
---- a/server/reds.c |
59 |
-+++ b/server/reds.c |
60 |
-@@ -1084,6 +1084,7 @@ static void reds_on_main_agent_monitors_config(RedsState *reds, |
61 |
- VDAgentMessage *msg_header; |
62 |
- VDAgentMonitorsConfig *monitors_config; |
63 |
- RedsClientMonitorsConfig *cmc = &reds->client_monitors_config; |
64 |
-+ uint32_t max_monitors; |
65 |
- |
66 |
- // limit size of message sent by the client as this can cause a DoS through |
67 |
- // memory exhaustion, or potentially some integer overflows |
68 |
-@@ -1113,6 +1114,12 @@ static void reds_on_main_agent_monitors_config(RedsState *reds, |
69 |
- goto overflow; |
70 |
- } |
71 |
- monitors_config = (VDAgentMonitorsConfig *)(cmc->buffer + sizeof(*msg_header)); |
72 |
-+ // limit the monitor number to avoid buffer overflows |
73 |
-+ max_monitors = (msg_header->size - sizeof(VDAgentMonitorsConfig)) / |
74 |
-+ sizeof(VDAgentMonConfig); |
75 |
-+ if (monitors_config->num_of_monitors > max_monitors) { |
76 |
-+ goto overflow; |
77 |
-+ } |
78 |
- spice_debug("%s: %d", __func__, monitors_config->num_of_monitors); |
79 |
- reds_client_monitors_config(reds, monitors_config); |
80 |
- reds_client_monitors_config_cleanup(reds); |
81 |
|
82 |
diff --git a/app-emulation/spice/files/spice-0.13.3-reds-Avoid-integer-overflows-handling-monitor-config.patch b/app-emulation/spice/files/spice-0.13.3-reds-Avoid-integer-overflows-handling-monitor-config.patch |
83 |
deleted file mode 100644 |
84 |
index f05e55c7354..00000000000 |
85 |
--- a/app-emulation/spice/files/spice-0.13.3-reds-Avoid-integer-overflows-handling-monitor-config.patch |
86 |
+++ /dev/null |
87 |
@@ -1,30 +0,0 @@ |
88 |
-From 571cec91e71c2aae0d5f439ea2d8439d0c3d75eb Mon Sep 17 00:00:00 2001 |
89 |
-From: Frediano Ziglio <fziglio@××××××.com> |
90 |
-Date: Mon, 15 May 2017 15:57:28 +0100 |
91 |
-Subject: [PATCH 2/3] reds: Avoid integer overflows handling monitor |
92 |
- configuration |
93 |
- |
94 |
-Avoid VDAgentMessage::size integer overflows. |
95 |
- |
96 |
-Signed-off-by: Frediano Ziglio <fziglio@××××××.com> |
97 |
---- |
98 |
- server/reds.c | 3 +++ |
99 |
- 1 file changed, 3 insertions(+) |
100 |
- |
101 |
-diff --git a/server/reds.c b/server/reds.c |
102 |
-index ec2b6f47..656f518f 100644 |
103 |
---- a/server/reds.c |
104 |
-+++ b/server/reds.c |
105 |
-@@ -1131,6 +1131,9 @@ static void reds_on_main_agent_monitors_config(RedsState *reds, |
106 |
- spice_debug("not enough data yet. %zd", cmc->offset); |
107 |
- return; |
108 |
- } |
109 |
-+ if (msg_header->size < sizeof(VDAgentMonitorsConfig)) { |
110 |
-+ goto overflow; |
111 |
-+ } |
112 |
- monitors_config = (VDAgentMonitorsConfig *)(cmc->buffer + sizeof(*msg_header)); |
113 |
- spice_debug("monitors_config->num_of_monitors: %d", monitors_config->num_of_monitors); |
114 |
- reds_client_monitors_config(reds, monitors_config); |
115 |
--- |
116 |
-2.13.0 |
117 |
- |
118 |
|
119 |
diff --git a/app-emulation/spice/files/spice-0.13.3-reds-Disconnect-when-receiving-overly-big-ClientMoni.patch b/app-emulation/spice/files/spice-0.13.3-reds-Disconnect-when-receiving-overly-big-ClientMoni.patch |
120 |
deleted file mode 100644 |
121 |
index 2cd186482ad..00000000000 |
122 |
--- a/app-emulation/spice/files/spice-0.13.3-reds-Disconnect-when-receiving-overly-big-ClientMoni.patch |
123 |
+++ /dev/null |
124 |
@@ -1,75 +0,0 @@ |
125 |
-Matthias Maier <tamiko@g.o> |
126 |
- |
127 |
- - Ported to 0.13.3 |
128 |
- |
129 |
- |
130 |
-From 111ab38611cef5012f1565a65fa2d8a8a05cce37 Mon Sep 17 00:00:00 2001 |
131 |
-From: Frediano Ziglio <fziglio@××××××.com> |
132 |
-Date: Mon, 15 May 2017 15:57:28 +0100 |
133 |
-Subject: [PATCH 1/3] reds: Disconnect when receiving overly big |
134 |
- ClientMonitorsConfig |
135 |
- |
136 |
-Total message size received from the client was unlimited. There is |
137 |
-a 2kiB size check on individual agent messages, but the MonitorsConfig |
138 |
-message can be split in multiple chunks, and the size of the |
139 |
-non-chunked MonitorsConfig message was never checked. This could easily |
140 |
-lead to memory exhaustion on the host. |
141 |
- |
142 |
-Signed-off-by: Frediano Ziglio <fziglio@××××××.com> |
143 |
---- |
144 |
- |
145 |
-diff --git a/server/reds.c b/server/reds.c |
146 |
-index 92feea1..286993b 100644 |
147 |
---- a/server/reds.c |
148 |
-+++ b/server/reds.c |
149 |
-@@ -1077,19 +1077,35 @@ static void reds_client_monitors_config_cleanup(RedsState *reds) |
150 |
- static void reds_on_main_agent_monitors_config(RedsState *reds, |
151 |
- MainChannelClient *mcc, void *message, size_t size) |
152 |
- { |
153 |
-+ const unsigned int MAX_MONITORS = 256; |
154 |
-+ const unsigned int MAX_MONITOR_CONFIG_SIZE = |
155 |
-+ sizeof(VDAgentMonitorsConfig) + MAX_MONITORS * sizeof(VDAgentMonConfig); |
156 |
-+ |
157 |
- VDAgentMessage *msg_header; |
158 |
- VDAgentMonitorsConfig *monitors_config; |
159 |
- RedsClientMonitorsConfig *cmc = &reds->client_monitors_config; |
160 |
- |
161 |
-+ // limit size of message sent by the client as this can cause a DoS through |
162 |
-+ // memory exhaustion, or potentially some integer overflows |
163 |
-+ if (sizeof(VDAgentMessage) + MAX_MONITOR_CONFIG_SIZE - cmc->buffer_size < size) { |
164 |
-+ goto overflow; |
165 |
-+ } |
166 |
-+ |
167 |
- cmc->buffer_size += size; |
168 |
- cmc->buffer = realloc(cmc->buffer, cmc->buffer_size); |
169 |
- spice_assert(cmc->buffer); |
170 |
- cmc->mcc = mcc; |
171 |
- memcpy(cmc->buffer + cmc->buffer_pos, message, size); |
172 |
- cmc->buffer_pos += size; |
173 |
-+ if (sizeof(VDAgentMessage) > cmc->buffer_size) { |
174 |
-+ spice_debug("not enough data yet. %d", cmc->buffer_size); |
175 |
-+ return; |
176 |
-+ } |
177 |
- msg_header = (VDAgentMessage *)cmc->buffer; |
178 |
-- if (sizeof(VDAgentMessage) > cmc->buffer_size || |
179 |
-- msg_header->size > cmc->buffer_size - sizeof(VDAgentMessage)) { |
180 |
-+ if (msg_header->size > MAX_MONITOR_CONFIG_SIZE) { |
181 |
-+ goto overflow; |
182 |
-+ } |
183 |
-+ if (msg_header->size > cmc->buffer_size - sizeof(VDAgentMessage)) { |
184 |
- spice_debug("not enough data yet. %d", cmc->buffer_size); |
185 |
- return; |
186 |
- } |
187 |
-@@ -1097,6 +1113,12 @@ static void reds_on_main_agent_monitors_config(RedsState *reds, |
188 |
- spice_debug("%s: %d", __func__, monitors_config->num_of_monitors); |
189 |
- reds_client_monitors_config(reds, monitors_config); |
190 |
- reds_client_monitors_config_cleanup(reds); |
191 |
-+ return; |
192 |
-+ |
193 |
-+overflow: |
194 |
-+ spice_warning("received invalid MonitorsConfig request from client, disconnecting"); |
195 |
-+ red_channel_client_disconnect(RED_CHANNEL_CLIENT(mcc)); |
196 |
-+ reds_client_monitors_config_cleanup(reds); |
197 |
- } |
198 |
- |
199 |
- void reds_on_main_agent_data(RedsState *reds, MainChannelClient *mcc, void *message, size_t size) |
200 |
|
201 |
diff --git a/app-emulation/spice/files/spice-0.13.3-skip_faulty_lz4_check.patch b/app-emulation/spice/files/spice-0.13.3-skip_faulty_lz4_check.patch |
202 |
deleted file mode 100644 |
203 |
index 6ae65ba6d13..00000000000 |
204 |
--- a/app-emulation/spice/files/spice-0.13.3-skip_faulty_lz4_check.patch |
205 |
+++ /dev/null |
206 |
@@ -1,13 +0,0 @@ |
207 |
-diff --git a/spice-common/m4/spice-deps.m4 b/spice-common/m4/spice-deps.m4 |
208 |
-index adedec4..6cb8bde 100644 |
209 |
---- a/spice-common/m4/spice-deps.m4 |
210 |
-+++ b/spice-common/m4/spice-deps.m4 |
211 |
-@@ -185,7 +185,7 @@ AC_DEFUN([SPICE_CHECK_LZ4], [ |
212 |
- |
213 |
- have_lz4="no" |
214 |
- if test "x$enable_lz4" != "xno"; then |
215 |
-- PKG_CHECK_MODULES([LZ4], [liblz4 >= 129], [have_lz4="yes"], [have_lz4="no"]) |
216 |
-+ PKG_CHECK_MODULES([LZ4], [liblz4], [have_lz4="yes"], [have_lz4="no"]) |
217 |
- |
218 |
- if test "x$have_lz4" = "xyes"; then |
219 |
- AC_DEFINE(USE_LZ4, [1], [Define to build with lz4 support]) |
220 |
|
221 |
diff --git a/app-emulation/spice/spice-0.13.3-r2.ebuild b/app-emulation/spice/spice-0.13.3-r2.ebuild |
222 |
deleted file mode 100644 |
223 |
index 557c17470c3..00000000000 |
224 |
--- a/app-emulation/spice/spice-0.13.3-r2.ebuild |
225 |
+++ /dev/null |
226 |
@@ -1,104 +0,0 @@ |
227 |
-# Copyright 1999-2017 Gentoo Foundation |
228 |
-# Distributed under the terms of the GNU General Public License v2 |
229 |
- |
230 |
-EAPI=6 |
231 |
-PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} ) |
232 |
- |
233 |
-inherit autotools ltprune python-any-r1 readme.gentoo-r1 xdg-utils |
234 |
- |
235 |
-DESCRIPTION="SPICE server" |
236 |
-HOMEPAGE="https://www.spice-space.org/" |
237 |
-SRC_URI="https://www.spice-space.org/download/releases/${P}.tar.bz2" |
238 |
- |
239 |
-LICENSE="LGPL-2.1" |
240 |
-SLOT="0" |
241 |
-KEYWORDS="amd64 ~arm64 x86" |
242 |
-IUSE="libressl lz4 sasl smartcard static-libs gstreamer" |
243 |
- |
244 |
-# the libspice-server only uses the headers of libcacard |
245 |
-RDEPEND=" |
246 |
- >=dev-libs/glib-2.22:2[static-libs(+)?] |
247 |
- >=media-libs/celt-0.5.1.1:0.5.1[static-libs(+)?] |
248 |
- media-libs/opus[static-libs(+)?] |
249 |
- sys-libs/zlib[static-libs(+)?] |
250 |
- virtual/jpeg:0=[static-libs(+)?] |
251 |
- >=x11-libs/pixman-0.17.7[static-libs(+)?] |
252 |
- !libressl? ( dev-libs/openssl:0=[static-libs(+)?] ) |
253 |
- libressl? ( dev-libs/libressl:0=[static-libs(+)?] ) |
254 |
- lz4? ( app-arch/lz4:0=[static-libs(+)?] ) |
255 |
- smartcard? ( >=app-emulation/libcacard-0.1.2 ) |
256 |
- sasl? ( dev-libs/cyrus-sasl[static-libs(+)?] ) |
257 |
- gstreamer? ( |
258 |
- media-libs/gstreamer:1.0 |
259 |
- media-libs/gst-plugins-base:1.0 |
260 |
- )" |
261 |
-DEPEND="${RDEPEND} |
262 |
- ${PYTHON_DEPS} |
263 |
- >=app-emulation/spice-protocol-0.12.12 |
264 |
- virtual/pkgconfig |
265 |
- $(python_gen_any_dep ' |
266 |
- >=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}] |
267 |
- dev-python/six[${PYTHON_USEDEP}] |
268 |
- ') |
269 |
- smartcard? ( app-emulation/qemu[smartcard] )" |
270 |
- |
271 |
-PATCHES=( |
272 |
- "${FILESDIR}"/${PN}-0.13.3-skip_faulty_lz4_check.patch |
273 |
- "${FILESDIR}"/${PN}-0.13.3-reds-Disconnect-when-receiving-overly-big-ClientMoni.patch |
274 |
- "${FILESDIR}"/${PN}-0.13.3-reds-Avoid-integer-overflows-handling-monitor-config.patch |
275 |
- "${FILESDIR}"/${PN}-0.13.3-reds-Avoid-buffer-overflows-handling-monitor-configu.patch |
276 |
-) |
277 |
- |
278 |
-python_check_deps() { |
279 |
- has_version ">=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}]" |
280 |
- has_version "dev-python/six[${PYTHON_USEDEP}]" |
281 |
-} |
282 |
- |
283 |
-pkg_setup() { |
284 |
- [[ ${MERGE_TYPE} != binary ]] && python-any-r1_pkg_setup |
285 |
-} |
286 |
- |
287 |
-src_prepare() { |
288 |
- default |
289 |
- |
290 |
- eautoreconf |
291 |
-} |
292 |
- |
293 |
-src_configure() { |
294 |
- # Prevent sandbox violations, bug #586560 |
295 |
- # https://bugzilla.gnome.org/show_bug.cgi?id=744134 |
296 |
- # https://bugzilla.gnome.org/show_bug.cgi?id=744135 |
297 |
- addpredict /dev |
298 |
- |
299 |
- xdg_environment_reset |
300 |
- |
301 |
- local myconf=" |
302 |
- $(use_enable static-libs static) |
303 |
- $(use_enable lz4) |
304 |
- $(use_with sasl) |
305 |
- $(use_enable smartcard) |
306 |
- --enable-gstreamer=$(usex gstreamer "1.0" "no") |
307 |
- --enable-celt051 |
308 |
- --disable-gui |
309 |
- " |
310 |
- econf ${myconf} |
311 |
-} |
312 |
- |
313 |
-src_compile() { |
314 |
- # Prevent sandbox violations, bug #586560 |
315 |
- # https://bugzilla.gnome.org/show_bug.cgi?id=744134 |
316 |
- # https://bugzilla.gnome.org/show_bug.cgi?id=744135 |
317 |
- addpredict /dev |
318 |
- |
319 |
- default |
320 |
-} |
321 |
- |
322 |
-src_install() { |
323 |
- default |
324 |
- use static-libs || prune_libtool_files |
325 |
- readme.gentoo_create_doc |
326 |
-} |
327 |
- |
328 |
-pkg_postinst() { |
329 |
- readme.gentoo_print_elog |
330 |
-} |