Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Matthias Maier <tamiko@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: app-emulation/spice/, app-emulation/spice/files/
Date: Fri, 17 Aug 2018 00:08:03
Message-Id: 1534464467.54518b5955919d26b69fb31737f6450146ef6a7d.tamiko@gentoo
1 commit: 54518b5955919d26b69fb31737f6450146ef6a7d
2 Author: Matthias Maier <tamiko <AT> gentoo <DOT> org>
3 AuthorDate: Thu Aug 16 21:31:54 2018 +0000
4 Commit: Matthias Maier <tamiko <AT> gentoo <DOT> org>
5 CommitDate: Fri Aug 17 00:07:47 2018 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=54518b59
7
8 app-emulation/spice: drop old
9
10 Package-Manager: Portage-2.3.46, Repoman-2.3.10
11
12 app-emulation/spice/Manifest | 1 -
13 ...buffer-overflows-handling-monitor-configu.patch | 47 ----------
14 ...integer-overflows-handling-monitor-config.patch | 30 ------
15 ...nect-when-receiving-overly-big-ClientMoni.patch | 75 ---------------
16 .../files/spice-0.13.3-skip_faulty_lz4_check.patch | 13 ---
17 app-emulation/spice/spice-0.13.3-r2.ebuild | 104 ---------------------
18 6 files changed, 270 deletions(-)
19
20 diff --git a/app-emulation/spice/Manifest b/app-emulation/spice/Manifest
21 index 8258480e0ae..6b3b7c613b4 100644
22 --- a/app-emulation/spice/Manifest
23 +++ b/app-emulation/spice/Manifest
24 @@ -1,2 +1 @@
25 -DIST spice-0.13.3.tar.bz2 1322505 BLAKE2B 56f9cd34bb48fdcf750230242b27567db713ef749649d4b780a82d0d4ec5d326b19540c9bb4f36c164d40a692eb0368c39e05ee8dba319dd8461a0315e5a9a17 SHA512 63496fbd3df0fd453052cef8e1fb00a3a28f0105610676fdc4a58043cbc6da571ae4407701af2b817e410d05ce727d60d5ee0c93c8897231e25229897c51d95a
26 DIST spice-0.14.0.tar.bz2 1330195 BLAKE2B 08f93e8ddeb79adb4feac0557a854cc41fd096a9dfefc0baaca176803c2a03ef9286c4f61a135d62ad22e3ac3f4bb31ffd1614c8ddeaec7ae8c01eca34da1750 SHA512 84532146aa628ca6ca459a82afb89d6391892e063668fd4a68023c92cee7ca868b6c82e31dd9886819b76ea745ebdae0d0030e1f608d8f58f51c00f0b09bae1f
27
28 diff --git a/app-emulation/spice/files/spice-0.13.3-reds-Avoid-buffer-overflows-handling-monitor-configu.patch b/app-emulation/spice/files/spice-0.13.3-reds-Avoid-buffer-overflows-handling-monitor-configu.patch
29 deleted file mode 100644
30 index 8792395977e..00000000000
31 --- a/app-emulation/spice/files/spice-0.13.3-reds-Avoid-buffer-overflows-handling-monitor-configu.patch
32 +++ /dev/null
33 @@ -1,47 +0,0 @@
34 -Matthias Maier <tamiko@g.o>
35 -
36 - - Ported to 0.13.3
37 -
38 -
39 -From fbbcdad773e2791cfb988f4748faa41943551ca6 Mon Sep 17 00:00:00 2001
40 -From: Frediano Ziglio <fziglio@××××××.com>
41 -Date: Mon, 15 May 2017 15:57:28 +0100
42 -Subject: [PATCH 3/3] reds: Avoid buffer overflows handling monitor
43 - configuration
44 -
45 -It was also possible for a malicious client to set
46 -VDAgentMonitorsConfig::num_of_monitors to a number larger
47 -than the actual size of VDAgentMOnitorsConfig::monitors.
48 -This would lead to buffer overflows, which could allow the guest to
49 -read part of the host memory. This might cause write overflows in the
50 -host as well, but controlling the content of such buffers seems
51 -complicated.
52 -
53 -Signed-off-by: Frediano Ziglio <fziglio@××××××.com>
54 ----
55 -
56 -diff --git a/server/reds.c b/server/reds.c
57 -index ec89105..fd1457f 100644
58 ---- a/server/reds.c
59 -+++ b/server/reds.c
60 -@@ -1084,6 +1084,7 @@ static void reds_on_main_agent_monitors_config(RedsState *reds,
61 - VDAgentMessage *msg_header;
62 - VDAgentMonitorsConfig *monitors_config;
63 - RedsClientMonitorsConfig *cmc = &reds->client_monitors_config;
64 -+ uint32_t max_monitors;
65 -
66 - // limit size of message sent by the client as this can cause a DoS through
67 - // memory exhaustion, or potentially some integer overflows
68 -@@ -1113,6 +1114,12 @@ static void reds_on_main_agent_monitors_config(RedsState *reds,
69 - goto overflow;
70 - }
71 - monitors_config = (VDAgentMonitorsConfig *)(cmc->buffer + sizeof(*msg_header));
72 -+ // limit the monitor number to avoid buffer overflows
73 -+ max_monitors = (msg_header->size - sizeof(VDAgentMonitorsConfig)) /
74 -+ sizeof(VDAgentMonConfig);
75 -+ if (monitors_config->num_of_monitors > max_monitors) {
76 -+ goto overflow;
77 -+ }
78 - spice_debug("%s: %d", __func__, monitors_config->num_of_monitors);
79 - reds_client_monitors_config(reds, monitors_config);
80 - reds_client_monitors_config_cleanup(reds);
81
82 diff --git a/app-emulation/spice/files/spice-0.13.3-reds-Avoid-integer-overflows-handling-monitor-config.patch b/app-emulation/spice/files/spice-0.13.3-reds-Avoid-integer-overflows-handling-monitor-config.patch
83 deleted file mode 100644
84 index f05e55c7354..00000000000
85 --- a/app-emulation/spice/files/spice-0.13.3-reds-Avoid-integer-overflows-handling-monitor-config.patch
86 +++ /dev/null
87 @@ -1,30 +0,0 @@
88 -From 571cec91e71c2aae0d5f439ea2d8439d0c3d75eb Mon Sep 17 00:00:00 2001
89 -From: Frediano Ziglio <fziglio@××××××.com>
90 -Date: Mon, 15 May 2017 15:57:28 +0100
91 -Subject: [PATCH 2/3] reds: Avoid integer overflows handling monitor
92 - configuration
93 -
94 -Avoid VDAgentMessage::size integer overflows.
95 -
96 -Signed-off-by: Frediano Ziglio <fziglio@××××××.com>
97 ----
98 - server/reds.c | 3 +++
99 - 1 file changed, 3 insertions(+)
100 -
101 -diff --git a/server/reds.c b/server/reds.c
102 -index ec2b6f47..656f518f 100644
103 ---- a/server/reds.c
104 -+++ b/server/reds.c
105 -@@ -1131,6 +1131,9 @@ static void reds_on_main_agent_monitors_config(RedsState *reds,
106 - spice_debug("not enough data yet. %zd", cmc->offset);
107 - return;
108 - }
109 -+ if (msg_header->size < sizeof(VDAgentMonitorsConfig)) {
110 -+ goto overflow;
111 -+ }
112 - monitors_config = (VDAgentMonitorsConfig *)(cmc->buffer + sizeof(*msg_header));
113 - spice_debug("monitors_config->num_of_monitors: %d", monitors_config->num_of_monitors);
114 - reds_client_monitors_config(reds, monitors_config);
115 ---
116 -2.13.0
117 -
118
119 diff --git a/app-emulation/spice/files/spice-0.13.3-reds-Disconnect-when-receiving-overly-big-ClientMoni.patch b/app-emulation/spice/files/spice-0.13.3-reds-Disconnect-when-receiving-overly-big-ClientMoni.patch
120 deleted file mode 100644
121 index 2cd186482ad..00000000000
122 --- a/app-emulation/spice/files/spice-0.13.3-reds-Disconnect-when-receiving-overly-big-ClientMoni.patch
123 +++ /dev/null
124 @@ -1,75 +0,0 @@
125 -Matthias Maier <tamiko@g.o>
126 -
127 - - Ported to 0.13.3
128 -
129 -
130 -From 111ab38611cef5012f1565a65fa2d8a8a05cce37 Mon Sep 17 00:00:00 2001
131 -From: Frediano Ziglio <fziglio@××××××.com>
132 -Date: Mon, 15 May 2017 15:57:28 +0100
133 -Subject: [PATCH 1/3] reds: Disconnect when receiving overly big
134 - ClientMonitorsConfig
135 -
136 -Total message size received from the client was unlimited. There is
137 -a 2kiB size check on individual agent messages, but the MonitorsConfig
138 -message can be split in multiple chunks, and the size of the
139 -non-chunked MonitorsConfig message was never checked. This could easily
140 -lead to memory exhaustion on the host.
141 -
142 -Signed-off-by: Frediano Ziglio <fziglio@××××××.com>
143 ----
144 -
145 -diff --git a/server/reds.c b/server/reds.c
146 -index 92feea1..286993b 100644
147 ---- a/server/reds.c
148 -+++ b/server/reds.c
149 -@@ -1077,19 +1077,35 @@ static void reds_client_monitors_config_cleanup(RedsState *reds)
150 - static void reds_on_main_agent_monitors_config(RedsState *reds,
151 - MainChannelClient *mcc, void *message, size_t size)
152 - {
153 -+ const unsigned int MAX_MONITORS = 256;
154 -+ const unsigned int MAX_MONITOR_CONFIG_SIZE =
155 -+ sizeof(VDAgentMonitorsConfig) + MAX_MONITORS * sizeof(VDAgentMonConfig);
156 -+
157 - VDAgentMessage *msg_header;
158 - VDAgentMonitorsConfig *monitors_config;
159 - RedsClientMonitorsConfig *cmc = &reds->client_monitors_config;
160 -
161 -+ // limit size of message sent by the client as this can cause a DoS through
162 -+ // memory exhaustion, or potentially some integer overflows
163 -+ if (sizeof(VDAgentMessage) + MAX_MONITOR_CONFIG_SIZE - cmc->buffer_size < size) {
164 -+ goto overflow;
165 -+ }
166 -+
167 - cmc->buffer_size += size;
168 - cmc->buffer = realloc(cmc->buffer, cmc->buffer_size);
169 - spice_assert(cmc->buffer);
170 - cmc->mcc = mcc;
171 - memcpy(cmc->buffer + cmc->buffer_pos, message, size);
172 - cmc->buffer_pos += size;
173 -+ if (sizeof(VDAgentMessage) > cmc->buffer_size) {
174 -+ spice_debug("not enough data yet. %d", cmc->buffer_size);
175 -+ return;
176 -+ }
177 - msg_header = (VDAgentMessage *)cmc->buffer;
178 -- if (sizeof(VDAgentMessage) > cmc->buffer_size ||
179 -- msg_header->size > cmc->buffer_size - sizeof(VDAgentMessage)) {
180 -+ if (msg_header->size > MAX_MONITOR_CONFIG_SIZE) {
181 -+ goto overflow;
182 -+ }
183 -+ if (msg_header->size > cmc->buffer_size - sizeof(VDAgentMessage)) {
184 - spice_debug("not enough data yet. %d", cmc->buffer_size);
185 - return;
186 - }
187 -@@ -1097,6 +1113,12 @@ static void reds_on_main_agent_monitors_config(RedsState *reds,
188 - spice_debug("%s: %d", __func__, monitors_config->num_of_monitors);
189 - reds_client_monitors_config(reds, monitors_config);
190 - reds_client_monitors_config_cleanup(reds);
191 -+ return;
192 -+
193 -+overflow:
194 -+ spice_warning("received invalid MonitorsConfig request from client, disconnecting");
195 -+ red_channel_client_disconnect(RED_CHANNEL_CLIENT(mcc));
196 -+ reds_client_monitors_config_cleanup(reds);
197 - }
198 -
199 - void reds_on_main_agent_data(RedsState *reds, MainChannelClient *mcc, void *message, size_t size)
200
201 diff --git a/app-emulation/spice/files/spice-0.13.3-skip_faulty_lz4_check.patch b/app-emulation/spice/files/spice-0.13.3-skip_faulty_lz4_check.patch
202 deleted file mode 100644
203 index 6ae65ba6d13..00000000000
204 --- a/app-emulation/spice/files/spice-0.13.3-skip_faulty_lz4_check.patch
205 +++ /dev/null
206 @@ -1,13 +0,0 @@
207 -diff --git a/spice-common/m4/spice-deps.m4 b/spice-common/m4/spice-deps.m4
208 -index adedec4..6cb8bde 100644
209 ---- a/spice-common/m4/spice-deps.m4
210 -+++ b/spice-common/m4/spice-deps.m4
211 -@@ -185,7 +185,7 @@ AC_DEFUN([SPICE_CHECK_LZ4], [
212 -
213 - have_lz4="no"
214 - if test "x$enable_lz4" != "xno"; then
215 -- PKG_CHECK_MODULES([LZ4], [liblz4 >= 129], [have_lz4="yes"], [have_lz4="no"])
216 -+ PKG_CHECK_MODULES([LZ4], [liblz4], [have_lz4="yes"], [have_lz4="no"])
217 -
218 - if test "x$have_lz4" = "xyes"; then
219 - AC_DEFINE(USE_LZ4, [1], [Define to build with lz4 support])
220
221 diff --git a/app-emulation/spice/spice-0.13.3-r2.ebuild b/app-emulation/spice/spice-0.13.3-r2.ebuild
222 deleted file mode 100644
223 index 557c17470c3..00000000000
224 --- a/app-emulation/spice/spice-0.13.3-r2.ebuild
225 +++ /dev/null
226 @@ -1,104 +0,0 @@
227 -# Copyright 1999-2017 Gentoo Foundation
228 -# Distributed under the terms of the GNU General Public License v2
229 -
230 -EAPI=6
231 -PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} )
232 -
233 -inherit autotools ltprune python-any-r1 readme.gentoo-r1 xdg-utils
234 -
235 -DESCRIPTION="SPICE server"
236 -HOMEPAGE="https://www.spice-space.org/"
237 -SRC_URI="https://www.spice-space.org/download/releases/${P}.tar.bz2"
238 -
239 -LICENSE="LGPL-2.1"
240 -SLOT="0"
241 -KEYWORDS="amd64 ~arm64 x86"
242 -IUSE="libressl lz4 sasl smartcard static-libs gstreamer"
243 -
244 -# the libspice-server only uses the headers of libcacard
245 -RDEPEND="
246 - >=dev-libs/glib-2.22:2[static-libs(+)?]
247 - >=media-libs/celt-0.5.1.1:0.5.1[static-libs(+)?]
248 - media-libs/opus[static-libs(+)?]
249 - sys-libs/zlib[static-libs(+)?]
250 - virtual/jpeg:0=[static-libs(+)?]
251 - >=x11-libs/pixman-0.17.7[static-libs(+)?]
252 - !libressl? ( dev-libs/openssl:0=[static-libs(+)?] )
253 - libressl? ( dev-libs/libressl:0=[static-libs(+)?] )
254 - lz4? ( app-arch/lz4:0=[static-libs(+)?] )
255 - smartcard? ( >=app-emulation/libcacard-0.1.2 )
256 - sasl? ( dev-libs/cyrus-sasl[static-libs(+)?] )
257 - gstreamer? (
258 - media-libs/gstreamer:1.0
259 - media-libs/gst-plugins-base:1.0
260 - )"
261 -DEPEND="${RDEPEND}
262 - ${PYTHON_DEPS}
263 - >=app-emulation/spice-protocol-0.12.12
264 - virtual/pkgconfig
265 - $(python_gen_any_dep '
266 - >=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}]
267 - dev-python/six[${PYTHON_USEDEP}]
268 - ')
269 - smartcard? ( app-emulation/qemu[smartcard] )"
270 -
271 -PATCHES=(
272 - "${FILESDIR}"/${PN}-0.13.3-skip_faulty_lz4_check.patch
273 - "${FILESDIR}"/${PN}-0.13.3-reds-Disconnect-when-receiving-overly-big-ClientMoni.patch
274 - "${FILESDIR}"/${PN}-0.13.3-reds-Avoid-integer-overflows-handling-monitor-config.patch
275 - "${FILESDIR}"/${PN}-0.13.3-reds-Avoid-buffer-overflows-handling-monitor-configu.patch
276 -)
277 -
278 -python_check_deps() {
279 - has_version ">=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}]"
280 - has_version "dev-python/six[${PYTHON_USEDEP}]"
281 -}
282 -
283 -pkg_setup() {
284 - [[ ${MERGE_TYPE} != binary ]] && python-any-r1_pkg_setup
285 -}
286 -
287 -src_prepare() {
288 - default
289 -
290 - eautoreconf
291 -}
292 -
293 -src_configure() {
294 - # Prevent sandbox violations, bug #586560
295 - # https://bugzilla.gnome.org/show_bug.cgi?id=744134
296 - # https://bugzilla.gnome.org/show_bug.cgi?id=744135
297 - addpredict /dev
298 -
299 - xdg_environment_reset
300 -
301 - local myconf="
302 - $(use_enable static-libs static)
303 - $(use_enable lz4)
304 - $(use_with sasl)
305 - $(use_enable smartcard)
306 - --enable-gstreamer=$(usex gstreamer "1.0" "no")
307 - --enable-celt051
308 - --disable-gui
309 - "
310 - econf ${myconf}
311 -}
312 -
313 -src_compile() {
314 - # Prevent sandbox violations, bug #586560
315 - # https://bugzilla.gnome.org/show_bug.cgi?id=744134
316 - # https://bugzilla.gnome.org/show_bug.cgi?id=744135
317 - addpredict /dev
318 -
319 - default
320 -}
321 -
322 -src_install() {
323 - default
324 - use static-libs || prune_libtool_files
325 - readme.gentoo_create_doc
326 -}
327 -
328 -pkg_postinst() {
329 - readme.gentoo_print_elog
330 -}
Report Message
Find on MARC Find on Google Groups