aboutsummaryrefslogtreecommitdiffstats
path: root/main/spice
diff options
context:
space:
mode:
authorDaniel Sabogal <dsabogalcc@gmail.com>2016-08-17 00:07:49 -0400
committerNatanael Copa <ncopa@alpinelinux.org>2016-08-26 17:27:39 +0000
commita56e4e3c1e2f4297d2771d28dac70e5afc81839e (patch)
tree213c0d6ca0182bf5dc26ffc63d8f9b4ddddfcbca /main/spice
parent5bb854b78247cfca2f9c179b2cce5f9d8a8f57eb (diff)
downloadaports-a56e4e3c1e2f4297d2771d28dac70e5afc81839e.tar.bz2
aports-a56e4e3c1e2f4297d2771d28dac70e5afc81839e.tar.xz
main/spice: security upgrade to 0.12.8
CVE-2016-0749 CVE-2016-2150 Removed unused patch (CVE-2015-3247 fixed in 0.12.6) https://cgit.freedesktop.org/spice/spice/tree/NEWS?h=0.12
Diffstat (limited to 'main/spice')
-rw-r--r--main/spice/APKBUILD28
-rw-r--r--main/spice/CVE-2015-3247.patch116
2 files changed, 9 insertions, 135 deletions
diff --git a/main/spice/APKBUILD b/main/spice/APKBUILD
index 53ef2b13a2..de6d052ebe 100644
--- a/main/spice/APKBUILD
+++ b/main/spice/APKBUILD
@@ -1,8 +1,8 @@
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=spice
-pkgver=0.12.7
-pkgrel=1
+pkgver=0.12.8
+pkgrel=0
pkgdesc="Implements the SPICE protocol"
url="http://www.spice-space.org/"
arch="all"
@@ -14,22 +14,12 @@ makedepends="$depends_dev alsa-lib-dev libjpeg-turbo-dev libxrandr-dev
py-six glib-dev opus-dev"
install=""
subpackages="$pkgname-dev $pkgname-server"
-source="http://www.spice-space.org/download/releases/spice-$pkgver.tar.bz2
+source="http://www.spice-space.org/download/releases/$pkgname-$pkgver.tar.bz2
"
-_builddir="$srcdir"/spice-$pkgver
-prepare() {
- local i
- cd "$_builddir"
- for i in $source; do
- case $i in
- *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
- esac
- done
-}
-
+builddir="$srcdir"/$pkgname-$pkgver
build() {
- cd "$_builddir"
+ cd "$builddir"
./configure \
--build=$CBUILD \
--host=$CHOST \
@@ -48,7 +38,7 @@ build() {
}
package() {
- cd "$_builddir"
+ cd "$builddir"
make DESTDIR="$pkgdir" install || return 1
}
@@ -58,6 +48,6 @@ server() {
mv "$pkgdir"/usr/lib/*server.so.* "$subpkgdir"/usr/lib/
}
-md5sums="28d4294e6d055de3b6ce5b8f2b7ca03b spice-0.12.7.tar.bz2"
-sha256sums="1c8e96cb9e833e23372e2f461508135903b697fd8c6daff565e9e87f6d2f6aba spice-0.12.7.tar.bz2"
-sha512sums="a740d500d0ccad3edd1f2f71e51c5a120d6ae98e44125f33870c12f5d1eeb30b809e588d05b2d0cadb4216e889b38e57d2278916817538311b875ff22e3b31ae spice-0.12.7.tar.bz2"
+md5sums="376853d11b9921aa34a06c4dbef81874 spice-0.12.8.tar.bz2"
+sha256sums="f901a5c5873d61acac84642f9eea5c4d6386fc3e525c2b68792322794e1c407d spice-0.12.8.tar.bz2"
+sha512sums="6485d3522af1cde93d2c0abad7f7ef9f2e4d3e5049314fb93b6dd4b86e33d67d353a3ff42a355c8fd991bad447bbde1e6320c083bbc6f02b576bd9cebe7269ed spice-0.12.8.tar.bz2"
diff --git a/main/spice/CVE-2015-3247.patch b/main/spice/CVE-2015-3247.patch
deleted file mode 100644
index 47ee3c4f91..0000000000
--- a/main/spice/CVE-2015-3247.patch
+++ /dev/null
@@ -1,116 +0,0 @@
-From bd6ea0db84949ac903c27708166604de892f4671 Mon Sep 17 00:00:00 2001
-From: Frediano Ziglio <fziglio@redhat.com>
-Date: Tue, 9 Jun 2015 08:50:46 +0100
-Subject: Avoid race conditions reading monitor configs from guest
-
-For security reasons do not assume guest do not change structures it
-pass to Qemu.
-Guest could change count field while Qemu is copying QXLMonitorsConfig
-structure leading to heap corruption.
-This patch avoid it reading count only once.
-
-This patch solves CVE-2015-3247.
-
-Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
-Acked-by: Christophe Fergeau <cfergeau@redhat.com>
-
-diff --git a/server/red_worker.c b/server/red_worker.c
-index 2f2d5a9..e2feb23 100644
---- a/server/red_worker.c
-+++ b/server/red_worker.c
-@@ -11222,19 +11222,18 @@ static inline void red_monitors_config_item_add(DisplayChannelClient *dcc)
-
- static void worker_update_monitors_config(RedWorker *worker,
- QXLMonitorsConfig *dev_monitors_config,
-- unsigned int max_monitors)
-+ uint16_t count, uint16_t max_allowed)
- {
- int heads_size;
- MonitorsConfig *monitors_config;
- int i;
-- unsigned int count = MIN(dev_monitors_config->count, max_monitors);
-
- monitors_config_decref(worker->monitors_config);
-
- spice_debug("monitors config %d(%d)",
-- dev_monitors_config->count,
-- dev_monitors_config->max_allowed);
-- for (i = 0; i < dev_monitors_config->count; i++) {
-+ count,
-+ max_allowed);
-+ for (i = 0; i < count; i++) {
- spice_debug("+%d+%d %dx%d",
- dev_monitors_config->heads[i].x,
- dev_monitors_config->heads[i].y,
-@@ -11247,7 +11246,7 @@ static void worker_update_monitors_config(RedWorker *worker,
- monitors_config->refs = 1;
- monitors_config->worker = worker;
- monitors_config->count = count;
-- monitors_config->max_allowed = MIN(dev_monitors_config->max_allowed, max_monitors);
-+ monitors_config->max_allowed = max_allowed;
- memcpy(monitors_config->heads, dev_monitors_config->heads, heads_size);
- }
-
-@@ -11636,33 +11635,52 @@ void handle_dev_display_migrate(void *opaque, void *payload)
- red_migrate_display(worker, rcc);
- }
-
-+static inline uint32_t qxl_monitors_config_size(uint32_t heads)
-+{
-+ return sizeof(QXLMonitorsConfig) + sizeof(QXLHead) * heads;
-+}
-+
- static void handle_dev_monitors_config_async(void *opaque, void *payload)
- {
- RedWorkerMessageMonitorsConfigAsync *msg = payload;
- RedWorker *worker = opaque;
-- int min_size = sizeof(QXLMonitorsConfig) + sizeof(QXLHead);
- int error;
-+ uint16_t count, max_allowed;
- QXLMonitorsConfig *dev_monitors_config =
- (QXLMonitorsConfig*)get_virt(&worker->mem_slots, msg->monitors_config,
-- min_size, msg->group_id, &error);
-+ qxl_monitors_config_size(1),
-+ msg->group_id, &error);
-
- if (error) {
- /* TODO: raise guest bug (requires added QXL interface) */
- return;
- }
- worker->driver_cap_monitors_config = 1;
-- if (dev_monitors_config->count == 0) {
-+ count = dev_monitors_config->count;
-+ max_allowed = dev_monitors_config->max_allowed;
-+ if (count == 0) {
- spice_warning("ignoring an empty monitors config message from driver");
- return;
- }
-- if (dev_monitors_config->count > dev_monitors_config->max_allowed) {
-+ if (count > max_allowed) {
- spice_warning("ignoring malformed monitors_config from driver, "
- "count > max_allowed %d > %d",
-- dev_monitors_config->count,
-- dev_monitors_config->max_allowed);
-+ count,
-+ max_allowed);
-+ return;
-+ }
-+ /* get pointer again to check virtual size */
-+ dev_monitors_config =
-+ (QXLMonitorsConfig*)get_virt(&worker->mem_slots, msg->monitors_config,
-+ qxl_monitors_config_size(count),
-+ msg->group_id, &error);
-+ if (error) {
-+ /* TODO: raise guest bug (requires added QXL interface) */
- return;
- }
-- worker_update_monitors_config(worker, dev_monitors_config, msg->max_monitors);
-+ worker_update_monitors_config(worker, dev_monitors_config,
-+ MIN(count, msg->max_monitors),
-+ MIN(max_allowed, msg->max_monitors));
- red_worker_push_monitors_config(worker);
- }
-
---
-cgit v0.10.2
-