commit: f669a2f91427e142b943efe92978216dff4c842a Author: John Helmert III <ajak <AT> gentoo <DOT> org> AuthorDate: Tue Aug 9 21:27:51 2022 +0000 Commit: John Helmert III <ajak <AT> gentoo <DOT> org> CommitDate: Tue Aug 9 21:30:23 2022 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f669a2f9
app-emulation/spice: drop 0.14.3-r1 Bug: https://bugs.gentoo.org/792618 Signed-off-by: John Helmert III <ajak <AT> gentoo.org> app-emulation/spice/Manifest | 1 - .../spice-0.14.3-CVE-2020-14355-404d7478.patch | 31 ------ .../spice-0.14.3-CVE-2020-14355-762e0aba.patch | 13 --- .../spice-0.14.3-CVE-2020-14355-b24fe6b6.patch | 18 ---- .../spice-0.14.3-CVE-2020-14355-ef1b6ff7.patch | 17 ---- app-emulation/spice/spice-0.14.3-r1.ebuild | 106 --------------------- 6 files changed, 186 deletions(-) diff --git a/app-emulation/spice/Manifest b/app-emulation/spice/Manifest index 0135aefa813e..9fac0bce8dcb 100644 --- a/app-emulation/spice/Manifest +++ b/app-emulation/spice/Manifest @@ -1,3 +1,2 @@ -DIST spice-0.14.3.tar.bz2 1504304 BLAKE2B be655e1d4c48dae29903ab8e0dc52da63723e3252052afccc9587065531f28c8af7dbab4c585093f26d98f2273c6e734a553c18d4779a9f4464334ae1764f682 SHA512 9ecdc455ff25c71ac1fe6c576654b51efbfb860110bd6828065d23f7462d5c5cac772074d1a40f033386258d970b77275b2007bcfdffb23fdff2137154ea46e4 DIST spice-0.15.0-pthread-c5fe3df1.patch.bz2 7605 BLAKE2B 86b8094a22a02080db038ef98972bf09f391d5344fee8df2aa7d2def0b50a581353cb0e3dd97f99bbd58b88a13ceac4b54be8086a9f4274f38d132b27b62e84d SHA512 5075bd260b33c2dad8c3ce641372383871f7d69190a4f4697bd5e12af1bf5429310c592961de001d36c19a9cdd91143b8d6e8be0e08b3850b9700c2aef2ddd78 DIST spice-0.15.0.tar.bz2 1537970 BLAKE2B 98e8f55de81a86c6370e4a74c0fd90db78a9a8e8e3af536bccd6a2a75185194ac7b87521163090c4312e392d2ee10036c0283171c7796aea630e1307128a2d55 SHA512 0a776d191c395ce1f7ebbbac47956a00a2765327d3127aeca6e232bd56fd4ccd28750ae1599eb6eb2909ac909cda517d5511faa631166db16b8b75bd4e7b86d9 diff --git a/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-404d7478.patch b/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-404d7478.patch deleted file mode 100644 index 338f4e6ca657..000000000000 --- a/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-404d7478.patch +++ /dev/null @@ -1,31 +0,0 @@ -diff --git a/common/quic.c b/common/quic.c -index bc753ca5064a0326906b4aa8c18d8745747feb5c..681531677fbd6c3bca5e482c77bb709d4465ef8e 100644 ---- a/subprojects/spice-common/common/quic.c -+++ b/subprojects/spice-common/common/quic.c -@@ -56,6 +56,9 @@ typedef uint8_t BYTE; - #define MINwminext 1 - #define MAXwminext 100000000 - -+/* Maximum image size in pixels, mainly to avoid possible integer overflows */ -+#define SPICE_MAX_IMAGE_SIZE (512 * 1024 * 1024 - 1) -+ - typedef struct QuicFamily { - unsigned int nGRcodewords[MAXNUMCODES]; /* indexed by code number, contains number of - unmodified GR codewords in the code */ -@@ -1165,6 +1168,16 @@ int quic_decode_begin(QuicContext *quic, uint32_t *io_ptr, unsigned int num_io_w - height = encoder->io_word; - decode_eat32bits(encoder); - -+ if (width <= 0 || height <= 0) { -+ encoder->usr->warn(encoder->usr, "invalid size\n"); -+ return QUIC_ERROR; -+ } -+ -+ /* avoid too big images */ -+ if ((uint64_t) width * height > SPICE_MAX_IMAGE_SIZE) { -+ encoder->usr->error(encoder->usr, "image too large\n"); -+ } -+ - quic_image_params(encoder, type, &channels, &bpc); - - if (!encoder_reset_channels(encoder, channels, width, bpc)) { diff --git a/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-762e0aba.patch b/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-762e0aba.patch deleted file mode 100644 index ce79ef0043ee..000000000000 --- a/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-762e0aba.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/common/quic.c b/common/quic.c -index e2dee0fd68741512911d5d050053ad073cf29457..bc753ca5064a0326906b4aa8c18d8745747feb5c 100644 ---- a/subprojects/spice-common/common/quic.c -+++ b/subprojects/spice-common/common/quic.c -@@ -1136,7 +1136,7 @@ int quic_decode_begin(QuicContext *quic, uint32_t *io_ptr, unsigned int num_io_w - int channels; - int bpc; - -- if (!encoder_reset(encoder, io_ptr, io_ptr_end)) { -+ if (!num_io_words || !encoder_reset(encoder, io_ptr, io_ptr_end)) { - return QUIC_ERROR; - } - diff --git a/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-b24fe6b6.patch b/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-b24fe6b6.patch deleted file mode 100644 index 40127deda15a..000000000000 --- a/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-b24fe6b6.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff --git a/common/quic_family_tmpl.c b/common/quic_family_tmpl.c -index 8a5f7d2c9be3f6b1bd82993703749268bab243b4..6cc051b36889f773fe5401e204db6245d99e27df 100644 ---- a/subprojects/spice-common/common/quic_family_tmpl.c -+++ b/subprojects/spice-common/common/quic_family_tmpl.c -@@ -103,7 +103,12 @@ static s_bucket *FNAME(find_bucket)(Channel *channel, const unsigned int val) - { - spice_extra_assert(val < (0x1U << BPC)); - -- return channel->_buckets_ptrs[val]; -+ /* The and (&) here is to avoid buffer overflows in case of garbage or malicious -+ * attempts. Is much faster then using comparisons and save us from such situations. -+ * Note that on normal build the check above won't be compiled as this code path -+ * is pretty hot and would cause speed regressions. -+ */ -+ return channel->_buckets_ptrs[val & ((1U << BPC) - 1)]; - } - - #undef FNAME diff --git a/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-ef1b6ff7.patch b/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-ef1b6ff7.patch deleted file mode 100644 index bc764ec23ce2..000000000000 --- a/app-emulation/spice/files/spice-0.14.3-CVE-2020-14355-ef1b6ff7.patch +++ /dev/null @@ -1,17 +0,0 @@ -diff --git a/common/quic_tmpl.c b/common/quic_tmpl.c -index ecd6f3f187c753a89b7dbb0657edc3ae82ffaaff..ebae992d642a657a7505b3ca0e8145310805f32f 100644 ---- a/subprojects/spice-common/common/quic_tmpl.c -+++ b/subprojects/spice-common/common/quic_tmpl.c -@@ -563,7 +563,11 @@ static void FNAME_DECL(uncompress_row_seg)(const PIXEL * const prev_row, - do_run: - state->waitcnt = stopidx - i; - run_index = i; -- run_end = i + decode_state_run(encoder, state); -+ run_end = decode_state_run(encoder, state); -+ if (run_end < 0 || run_end > (end - i)) { -+ encoder->usr->error(encoder->usr, "wrong RLE\n"); -+ } -+ run_end += i; - - for (; i < run_end; i++) { - UNCOMPRESS_PIX_START(&cur_row[i]); diff --git a/app-emulation/spice/spice-0.14.3-r1.ebuild b/app-emulation/spice/spice-0.14.3-r1.ebuild deleted file mode 100644 index 1eed375b81ad..000000000000 --- a/app-emulation/spice/spice-0.14.3-r1.ebuild +++ /dev/null @@ -1,106 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python3_{7,8,9} ) -inherit autotools python-any-r1 readme.gentoo-r1 xdg-utils - -DESCRIPTION="SPICE server" -HOMEPAGE="https://www.spice-space.org/"; -SRC_URI="https://www.spice-space.org/download/releases/spice-server/${P}.tar.bz2"; - -LICENSE="LGPL-2.1" -SLOT="0" -KEYWORDS="amd64 arm64 ppc64 x86" -IUSE="lz4 sasl smartcard static-libs gstreamer test" - -RESTRICT="!test? ( test )" - -# the libspice-server only uses the headers of libcacard -RDEPEND=" - dev-lang/orc[static-libs(+)?] - >=dev-libs/glib-2.38:2[static-libs(+)?] - media-libs/opus[static-libs(+)?] - sys-libs/zlib[static-libs(+)?] - virtual/jpeg:0=[static-libs(+)?] - >=x11-libs/pixman-0.17.7[static-libs(+)?] - dev-libs/openssl:0=[static-libs(+)?] - lz4? ( app-arch/lz4:0=[static-libs(+)?] ) - smartcard? ( >=app-emulation/libcacard-2.5.1 ) - sasl? ( dev-libs/cyrus-sasl[static-libs(+)?] ) - gstreamer? ( - media-libs/gstreamer:1.0 - media-libs/gst-plugins-base:1.0 - )" -DEPEND="${RDEPEND} - >=app-emulation/spice-protocol-0.14.0 - smartcard? ( app-emulation/qemu[smartcard] ) - test? ( net-libs/glib-networking )" -BDEPEND="${PYTHON_DEPS} - virtual/pkgconfig - $(python_gen_any_dep ' - >=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}] - dev-python/six[${PYTHON_USEDEP}] - ')" - -python_check_deps() { - has_version -b ">=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}]" - has_version -b "dev-python/six[${PYTHON_USEDEP}]" -} - -PATCHES=( - "${FILESDIR}"/${P}-CVE-2020-14355-762e0aba.patch - "${FILESDIR}"/${P}-CVE-2020-14355-404d7478.patch - "${FILESDIR}"/${P}-CVE-2020-14355-ef1b6ff7.patch - "${FILESDIR}"/${P}-CVE-2020-14355-b24fe6b6.patch -) - -pkg_setup() { - [[ ${MERGE_TYPE} != binary ]] && python-any-r1_pkg_setup -} - -src_prepare() { - default - - eautoreconf -} - -src_configure() { - # Prevent sandbox violations, bug #586560 - # https://bugzilla.gnome.org/show_bug.cgi?id=744134 - # https://bugzilla.gnome.org/show_bug.cgi?id=744135 - addpredict /dev - - xdg_environment_reset - - local myconf=" - $(use_enable static-libs static) - $(use_enable lz4) - $(use_with sasl) - $(use_enable smartcard) - $(use_enable test tests) - --enable-gstreamer=$(usex gstreamer "1.0" "no") - --disable-celt051 - " - econf ${myconf} -} - -src_compile() { - # Prevent sandbox violations, bug #586560 - # https://bugzilla.gnome.org/show_bug.cgi?id=744134 - # https://bugzilla.gnome.org/show_bug.cgi?id=744135 - addpredict /dev - - default -} - -src_install() { - default - use static-libs || find "${D}" -name '*.la' -type f -delete || die - readme.gentoo_create_doc -} - -pkg_postinst() { - readme.gentoo_print_elog -}
