From 40aaaa64e86ba6710bbeb31c4615a6ce80e75e11 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Wed, 28 Apr 2021 20:21:43 +0100 Subject: gentoo resync : 28.04.2021 --- app-emulation/spice/Manifest | 7 +- .../spice-0.14.3-CVE-2020-14355-404d7478.patch | 31 ++++++ .../spice-0.14.3-CVE-2020-14355-762e0aba.patch | 13 +++ .../spice-0.14.3-CVE-2020-14355-b24fe6b6.patch | 18 ++++ .../spice-0.14.3-CVE-2020-14355-ef1b6ff7.patch | 17 ++++ app-emulation/spice/spice-0.14.3-r1.ebuild | 107 +++++++++++++++++++++ app-emulation/spice/spice-9999.ebuild | 12 ++- 7 files changed, 200 insertions(+), 5 deletions(-) create mode 100644 app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-404d7478.patch create mode 100644 app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-762e0aba.patch create mode 100644 app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-b24fe6b6.patch create mode 100644 app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-ef1b6ff7.patch create mode 100644 app-emulation/spice/spice-0.14.3-r1.ebuild (limited to 'app-emulation/spice') diff --git a/app-emulation/spice/Manifest b/app-emulation/spice/Manifest index 60d7adfffb44..0cb70be92056 100644 --- a/app-emulation/spice/Manifest +++ b/app-emulation/spice/Manifest @@ -1,5 +1,10 @@ AUX README.gentoo 270 BLAKE2B 979c3e8d2a3c1d4f30af8f2d9954434dd685abf42992abf0e63e9dbe2d16d8fb3b135ecf3b81344e12d585ed92543d6b8adffb01e55772964de0f97f320d785c SHA512 9202046d629d12eee0435bb0ee8bafc1d8a0b52784275a7b3989fd430de8ed0ec2e59cfdf963a58494a05296a55bc99fe7095e661398182d62286e8816895dd1 +AUX spice-0.14.3-CVE-2020-14355-404d7478.patch 1274 BLAKE2B 750de585f630c724c851514b35dcec57e2c263fb4423cf472c9cb10a2654fdc918eac9f14460e17f4e147d1b2b4ad1269e254037fce49397eb336f38747492b7 SHA512 51a901195a884209929294c4e9af4e49da79741dc08f5fc3035b95abbdbacb9a8c2fe6d0ffb4c6829b9f22012497058e3c618e543102fd9bdf446fae6cd07824 +AUX spice-0.14.3-CVE-2020-14355-762e0aba.patch 533 BLAKE2B f6ecb51c2ef568d7e9c341be68100423434b70f963ecadf05f351ebc567af6defe8033a4e2fb930b7401ac9a0ed721c9f00ef643d93f2ff7aca5100ad7636e92 SHA512 f5af0b2a8e4604390f7ae35a87ad17a5def2b4861538fe80c385e7a601e7fe78bcc24af4fa536f72be2c980dff94d2ff7252cdf6e593889106c8c1ce9978d91b +AUX spice-0.14.3-CVE-2020-14355-b24fe6b6.patch 876 BLAKE2B 7ba5c57e7ca7265f6d42bf475403ba1f1ce3690b1d6ab9d9c65ee722005a1b198b7b6a5ffb0d94a2dea1c67eb7ecd2585d6974c43ffae1dd25a2bc51781d5483 SHA512 b13f1b44d3452b5b246efb1b98f9b4b9bcff8ed9161bfa79d31fb4404cc499772144676a96b37b1cb94c7e9036c23df092fb1a878651555164e733d0fafb0712 +AUX spice-0.14.3-CVE-2020-14355-ef1b6ff7.patch 759 BLAKE2B 8d3f0b5d03d79dc1c02efec9f3746d4d8a5fc3be9b4a98a1b1b6f325cb19a03dbc2d29ab5c7a3a7bb807fda2bd52080c87d706a1c61eff15bc74a8c65a60f8ce SHA512 9b72fb0195feb5ddbce7dacca0459d2f5ad00a72c0f45488debae50c188b14274ae8a7208052e85ca42793a6be3a7483c816f1f381015ea5fe42fa05bb2a9f5a DIST spice-0.14.3.tar.bz2 1504304 BLAKE2B be655e1d4c48dae29903ab8e0dc52da63723e3252052afccc9587065531f28c8af7dbab4c585093f26d98f2273c6e734a553c18d4779a9f4464334ae1764f682 SHA512 9ecdc455ff25c71ac1fe6c576654b51efbfb860110bd6828065d23f7462d5c5cac772074d1a40f033386258d970b77275b2007bcfdffb23fdff2137154ea46e4 +EBUILD spice-0.14.3-r1.ebuild 2698 BLAKE2B 684a4f44144e435a7929731f8859e263a0d9e5da436011cbe6248589ee2c4ed074615e7b88a8eba8329a322581596eb73d598b5747b371f92b3bf71dae0eba49 SHA512 323c4e23e1ad04d56792c868054eb6edbb454c3af3124858f7623e6c33c7ad867f3ccf188f8736c6c810af30aa867d0fdb90005f1ad4d0299c287dc35bd9d7f2 EBUILD spice-0.14.3.ebuild 2387 BLAKE2B 59c62447ccb9c49925163da9e976f642284daf975de196ade102593cf7ab131687e39e46b2206631513b4d8f5399936df3a0052a1b44b5c2a08cc0a6eb09ca6c SHA512 0269e6f91a2c028330de839878cd265f9a2b6d8b4677282e7524b0b8a4316620e7c5ca94789983e63e9d3420efb394324541fd5324f1e91e92cf8f4370dd6846 -EBUILD spice-9999.ebuild 2260 BLAKE2B 650dad9629ce6cd4804adc4ee62c878999b9f8904579512bb229f4854f2687db0bf05b4c4ceab96d179dfbd93a5969ad78e4c88f593c8d666e6e0ffdfff810b1 SHA512 ad1ae55797e60f33f9da14b07ff81be6e1b8c3ecb9e5aec97f1d0586284116c3b387f2df74fa479fb3098924af26c46caee08bc8d8d85af68a3c2bd300e612b7 +EBUILD spice-9999.ebuild 2357 BLAKE2B bc8f0fdacbabead0e2f8917635adcc99dbf7bef8be1c7198983793d3653b24807bdd7d301dc107630e3461c95aac431faca02aa244f2cc9508553ee4c3bc9c9b SHA512 2ef47fcd3ef83c93470e38f8eb29b7873a5d77ad1090bb4c183222c5e66c4609a53fbb3ceb6157f7c1dbc42d44177636654c945fd9da762368ad5703b0dfefd6 MISC metadata.xml 385 BLAKE2B 599bae33d9264b8b3b4474b0d2234d66e6c6f2cd3da1710bfea64f75570264da7f4de712cecb95408a059f70e3dba2de2a421c02f1f728e39c2bf913c2c570a0 SHA512 c75966298d69fb56b3e16c98b0cc7b3b2514d2ad2a6b790777c00493754e678388f0eb17fbabc6f58a667883e87d2a4f19c2a1c34f5c87f81fb13a8948ab85c8 diff --git a/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-404d7478.patch b/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-404d7478.patch new file mode 100644 index 000000000000..338f4e6ca657 --- /dev/null +++ b/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-404d7478.patch @@ -0,0 +1,31 @@ +diff --git a/common/quic.c b/common/quic.c +index bc753ca5064a0326906b4aa8c18d8745747feb5c..681531677fbd6c3bca5e482c77bb709d4465ef8e 100644 +--- a/subprojects/spice-common/common/quic.c ++++ b/subprojects/spice-common/common/quic.c +@@ -56,6 +56,9 @@ typedef uint8_t BYTE; + #define MINwminext 1 + #define MAXwminext 100000000 + ++/* Maximum image size in pixels, mainly to avoid possible integer overflows */ ++#define SPICE_MAX_IMAGE_SIZE (512 * 1024 * 1024 - 1) ++ + typedef struct QuicFamily { + unsigned int nGRcodewords[MAXNUMCODES]; /* indexed by code number, contains number of + unmodified GR codewords in the code */ +@@ -1165,6 +1168,16 @@ int quic_decode_begin(QuicContext *quic, uint32_t *io_ptr, unsigned int num_io_w + height = encoder->io_word; + decode_eat32bits(encoder); + ++ if (width <= 0 || height <= 0) { ++ encoder->usr->warn(encoder->usr, "invalid size\n"); ++ return QUIC_ERROR; ++ } ++ ++ /* avoid too big images */ ++ if ((uint64_t) width * height > SPICE_MAX_IMAGE_SIZE) { ++ encoder->usr->error(encoder->usr, "image too large\n"); ++ } ++ + quic_image_params(encoder, type, &channels, &bpc); + + if (!encoder_reset_channels(encoder, channels, width, bpc)) { diff --git a/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-762e0aba.patch b/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-762e0aba.patch new file mode 100644 index 000000000000..ce79ef0043ee --- /dev/null +++ b/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-762e0aba.patch @@ -0,0 +1,13 @@ +diff --git a/common/quic.c b/common/quic.c +index e2dee0fd68741512911d5d050053ad073cf29457..bc753ca5064a0326906b4aa8c18d8745747feb5c 100644 +--- a/subprojects/spice-common/common/quic.c ++++ b/subprojects/spice-common/common/quic.c +@@ -1136,7 +1136,7 @@ int quic_decode_begin(QuicContext *quic, uint32_t *io_ptr, unsigned int num_io_w + int channels; + int bpc; + +- if (!encoder_reset(encoder, io_ptr, io_ptr_end)) { ++ if (!num_io_words || !encoder_reset(encoder, io_ptr, io_ptr_end)) { + return QUIC_ERROR; + } + diff --git a/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-b24fe6b6.patch b/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-b24fe6b6.patch new file mode 100644 index 000000000000..40127deda15a --- /dev/null +++ b/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-b24fe6b6.patch @@ -0,0 +1,18 @@ +diff --git a/common/quic_family_tmpl.c b/common/quic_family_tmpl.c +index 8a5f7d2c9be3f6b1bd82993703749268bab243b4..6cc051b36889f773fe5401e204db6245d99e27df 100644 +--- a/subprojects/spice-common/common/quic_family_tmpl.c ++++ b/subprojects/spice-common/common/quic_family_tmpl.c +@@ -103,7 +103,12 @@ static s_bucket *FNAME(find_bucket)(Channel *channel, const unsigned int val) + { + spice_extra_assert(val < (0x1U << BPC)); + +- return channel->_buckets_ptrs[val]; ++ /* The and (&) here is to avoid buffer overflows in case of garbage or malicious ++ * attempts. Is much faster then using comparisons and save us from such situations. ++ * Note that on normal build the check above won't be compiled as this code path ++ * is pretty hot and would cause speed regressions. ++ */ ++ return channel->_buckets_ptrs[val & ((1U << BPC) - 1)]; + } + + #undef FNAME diff --git a/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-ef1b6ff7.patch b/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-ef1b6ff7.patch new file mode 100644 index 000000000000..bc764ec23ce2 --- /dev/null +++ b/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-ef1b6ff7.patch @@ -0,0 +1,17 @@ +diff --git a/common/quic_tmpl.c b/common/quic_tmpl.c +index ecd6f3f187c753a89b7dbb0657edc3ae82ffaaff..ebae992d642a657a7505b3ca0e8145310805f32f 100644 +--- a/subprojects/spice-common/common/quic_tmpl.c ++++ b/subprojects/spice-common/common/quic_tmpl.c +@@ -563,7 +563,11 @@ static void FNAME_DECL(uncompress_row_seg)(const PIXEL * const prev_row, + do_run: + state->waitcnt = stopidx - i; + run_index = i; +- run_end = i + decode_state_run(encoder, state); ++ run_end = decode_state_run(encoder, state); ++ if (run_end < 0 || run_end > (end - i)) { ++ encoder->usr->error(encoder->usr, "wrong RLE\n"); ++ } ++ run_end += i; + + for (; i < run_end; i++) { + UNCOMPRESS_PIX_START(&cur_row[i]); diff --git a/app-emulation/spice/spice-0.14.3-r1.ebuild b/app-emulation/spice/spice-0.14.3-r1.ebuild new file mode 100644 index 000000000000..3b1c4cfb9ca5 --- /dev/null +++ b/app-emulation/spice/spice-0.14.3-r1.ebuild @@ -0,0 +1,107 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{7,8,9} ) +inherit autotools python-any-r1 readme.gentoo-r1 xdg-utils + +DESCRIPTION="SPICE server" +HOMEPAGE="https://www.spice-space.org/" +SRC_URI="https://www.spice-space.org/download/releases/spice-server/${P}.tar.bz2" + +LICENSE="LGPL-2.1" +SLOT="0" +KEYWORDS="amd64 arm64 ppc64 x86" +IUSE="libressl lz4 sasl smartcard static-libs gstreamer test" + +RESTRICT="!test? ( test )" + +# the libspice-server only uses the headers of libcacard +RDEPEND=" + dev-lang/orc[static-libs(+)?] + >=dev-libs/glib-2.22:2[static-libs(+)?] + media-libs/opus[static-libs(+)?] + sys-libs/zlib[static-libs(+)?] + virtual/jpeg:0=[static-libs(+)?] + >=x11-libs/pixman-0.17.7[static-libs(+)?] + !libressl? ( dev-libs/openssl:0=[static-libs(+)?] ) + libressl? ( dev-libs/libressl:0=[static-libs(+)?] ) + lz4? ( app-arch/lz4:0=[static-libs(+)?] ) + smartcard? ( >=app-emulation/libcacard-0.1.2 ) + sasl? ( dev-libs/cyrus-sasl[static-libs(+)?] ) + gstreamer? ( + media-libs/gstreamer:1.0 + media-libs/gst-plugins-base:1.0 + )" +DEPEND="${RDEPEND} + >=app-emulation/spice-protocol-0.14.0 + smartcard? ( app-emulation/qemu[smartcard] ) + test? ( net-libs/glib-networking )" +BDEPEND="${PYTHON_DEPS} + virtual/pkgconfig + $(python_gen_any_dep ' + >=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}] + dev-python/six[${PYTHON_USEDEP}] + ')" + +python_check_deps() { + has_version -b ">=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}]" + has_version -b "dev-python/six[${PYTHON_USEDEP}]" +} + +PATCHES=( + "${FILESDIR}"/${P}-CVE-2020-14355-762e0aba.patch + "${FILESDIR}"/${P}-CVE-2020-14355-404d7478.patch + "${FILESDIR}"/${P}-CVE-2020-14355-ef1b6ff7.patch + "${FILESDIR}"/${P}-CVE-2020-14355-b24fe6b6.patch +) + +pkg_setup() { + [[ ${MERGE_TYPE} != binary ]] && python-any-r1_pkg_setup +} + +src_prepare() { + default + + eautoreconf +} + +src_configure() { + # Prevent sandbox violations, bug #586560 + # https://bugzilla.gnome.org/show_bug.cgi?id=744134 + # https://bugzilla.gnome.org/show_bug.cgi?id=744135 + addpredict /dev + + xdg_environment_reset + + local myconf=" + $(use_enable static-libs static) + $(use_enable lz4) + $(use_with sasl) + $(use_enable smartcard) + $(use_enable test tests) + --enable-gstreamer=$(usex gstreamer "1.0" "no") + --disable-celt051 + " + econf ${myconf} +} + +src_compile() { + # Prevent sandbox violations, bug #586560 + # https://bugzilla.gnome.org/show_bug.cgi?id=744134 + # https://bugzilla.gnome.org/show_bug.cgi?id=744135 + addpredict /dev + + default +} + +src_install() { + default + use static-libs || find "${D}" -name '*.la' -type f -delete || die + readme.gentoo_create_doc +} + +pkg_postinst() { + readme.gentoo_print_elog +} diff --git a/app-emulation/spice/spice-9999.ebuild b/app-emulation/spice/spice-9999.ebuild index a7cd1fa64454..44eb9c360ee8 100644 --- a/app-emulation/spice/spice-9999.ebuild +++ b/app-emulation/spice/spice-9999.ebuild @@ -1,9 +1,9 @@ -# Copyright 1999-2020 Gentoo Authors +# Copyright 1999-2021 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 -PYTHON_COMPAT=( python3_{7,8} ) +PYTHON_COMPAT=( python3_{7,8,9} ) inherit git-r3 meson python-any-r1 readme.gentoo-r1 xdg-utils DESCRIPTION="SPICE server" @@ -14,7 +14,9 @@ EGIT_REPO_URI="https://anongit.freedesktop.org/git/spice/spice.git" LICENSE="LGPL-2.1" SLOT="0" KEYWORDS="" -IUSE="gstreamer libressl lz4 opus sasl smartcard static-libs" +IUSE="gstreamer libressl lz4 opus sasl smartcard static-libs test" + +RESTRICT="!test? ( test )" # the libspice-server only uses the headers of libcacard RDEPEND=" @@ -35,7 +37,8 @@ RDEPEND=" )" DEPEND="${RDEPEND} ~app-emulation/spice-protocol-9999 - smartcard? ( app-emulation/qemu[smartcard] )" + smartcard? ( app-emulation/qemu[smartcard] ) + test? ( net-libs/glib-networking )" BDEPEND="${PYTHON_DEPS} virtual/pkgconfig $(python_gen_any_dep ' @@ -73,6 +76,7 @@ src_configure() { $(meson_use sasl) $(meson_feature opus) $(meson_feature smartcard) + $(meson_use test tests) -Dmanual=false -Dtests=false ) -- cgit v1.2.3