From: Yann E. MORIN <yann.morin.1998@free.fr>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH 3/4] spice: security bump to version 0.12.8
Date: Thu, 22 Jun 2017 22:28:23 +0200 [thread overview]
Message-ID: <20170622202823.GF3054@scaer> (raw)
In-Reply-To: <20170621220744.18908-4-peter@korsgaard.com>
Peter, All,
On 2017-06-22 00:07 +0200, Peter Korsgaard spake thusly:
> Fixes the following security issues:
>
> CVE-2016-0749: The smartcard interaction in SPICE allows remote attackers to
> cause a denial of service (QEMU-KVM process crash) or possibly execute
> arbitrary code via vectors related to connecting to a guest VM, which
> triggers a heap-based buffer overflow.
>
> CVE-2016-2150: SPICE allows local guest OS users to read from or write to
> arbitrary host memory locations via crafted primary surface parameters, a
> similar issue to CVE-2015-5261.
>
> The pyparsing check has been dropped from configure, and the spice protocol
> definition is again included, so the workarounds can be removed.
All that work for that... :-/
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Regards,
Yann E. MORIN.
> ---
> package/spice/spice.hash | 2 +-
> package/spice/spice.mk | 24 +-----------------------
> 2 files changed, 2 insertions(+), 24 deletions(-)
>
> diff --git a/package/spice/spice.hash b/package/spice/spice.hash
> index 04bd516689..c9b591f41d 100644
> --- a/package/spice/spice.hash
> +++ b/package/spice/spice.hash
> @@ -1,2 +1,2 @@
> # Locally calculated
> -sha256 f148ea30135bf80a4f465ce723a1cd6d4ccb34c098b6298a020b378ace8569b6 spice-0.12.6.tar.bz2
> +sha256 f901a5c5873d61acac84642f9eea5c4d6386fc3e525c2b68792322794e1c407d spice-0.12.8.tar.bz2
> diff --git a/package/spice/spice.mk b/package/spice/spice.mk
> index f1fb46d29c..7b09f39fe7 100644
> --- a/package/spice/spice.mk
> +++ b/package/spice/spice.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -SPICE_VERSION = 0.12.6
> +SPICE_VERSION = 0.12.8
> SPICE_SOURCE = spice-$(SPICE_VERSION).tar.bz2
> SPICE_SITE = http://www.spice-space.org/download/releases
> SPICE_LICENSE = LGPL-2.1+
> @@ -47,28 +47,6 @@ ifeq ($(BR2_PACKAGE_OPUS),y)
> SPICE_DEPENDENCIES += opus
> endif
>
> -# build system uses pkg-config --variable=codegendir spice-protocol which
> -# returns the runtime path rather than build time, so it needs some help
> -SPICE_MAKE_OPTS = CODE_GENERATOR_BASEDIR=$(STAGING_DIR)/usr/lib/spice-protocol
> -SPICE_INSTALL_STAGING_OPTS = $(SPICE_MAKE_OPTS) DESTDIR=$(STAGING_DIR) install
> -SPICE_INSTALL_TARGET_OPTS = $(SPICE_MAKE_OPTS) DESTDIR=$(TARGET_DIR) install
> -
> -# spice uses a number of source files that are generated with python / pyparsing.
> -# The generated files are part of the tarball, so python / pyparsing isn't needed
> -# when building from the tarball, but the configure script gets confused and looks
> -# for the wrong file name to know if it needs to check for python / pyparsing,
> -# so convince it they aren't needed.
> -# It will also regenerate these files if the spice-protocol protocol definition
> -# is newer than the generated files (which it will be when spice-protocol
> -# installs it to staging), so ensure their timestamp is updated to skip this.
> -define SPICE_NO_PYTHON_PYPARSING
> - mkdir -p $(@D)/client
> - touch $(@D)/client/generated_marshallers.cpp
> - touch $(@D)/spice-common/common/generated_*
> -endef
> -
> -SPICE_PRE_CONFIGURE_HOOKS += SPICE_NO_PYTHON_PYPARSING
> -
> # We need to tweak spice.pc because it /forgets/ (for static linking) that
> # it should link against libz and libjpeg. libz is pkg-config-aware, while
> # libjpeg isn't, hence the two-line tweak
> --
> 2.11.0
>
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 223 225 172 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
next prev parent reply other threads:[~2017-06-22 20:28 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-21 22:07 [Buildroot] [PATCH 0/4] spice: version bump / security bump Peter Korsgaard
2017-06-21 22:07 ` [Buildroot] [PATCH 1/4] spice: bump to version 0.12.5 Peter Korsgaard
2017-06-22 20:24 ` Yann E. MORIN
2017-06-21 22:07 ` [Buildroot] [PATCH 2/4] spice: security bump to version 0.12.6 Peter Korsgaard
2017-06-22 20:27 ` Yann E. MORIN
2017-06-21 22:07 ` [Buildroot] [PATCH 3/4] spice: security bump to version 0.12.8 Peter Korsgaard
2017-06-22 20:28 ` Yann E. MORIN [this message]
2017-06-21 22:07 ` [Buildroot] [PATCH 4/4] spice: add post-0.12.8 upstream security fixes Peter Korsgaard
2017-06-22 20:37 ` Yann E. MORIN
2017-06-22 21:23 ` Peter Korsgaard
2017-06-22 21:26 ` [Buildroot] [PATCH 0/4] spice: version bump / security bump Peter Korsgaard
2017-06-26 12:38 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170622202823.GF3054@scaer \
--to=yann.morin.1998@free.fr \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox