[arch-commits] Commit in spice/repos (6 files)

Jan de Groot jgc at archlinux.org
Thu Mar 16 22:11:06 UTC 2017


    Date: Thursday, March 16, 2017 @ 22:11:05
  Author: jgc
Revision: 290965

archrelease: copy trunk to staging-i686, staging-x86_64

Added:
  spice/repos/staging-i686/
  spice/repos/staging-i686/PKGBUILD
    (from rev 290964, spice/trunk/PKGBUILD)
  spice/repos/staging-i686/git-fixes.patch
    (from rev 290964, spice/trunk/git-fixes.patch)
  spice/repos/staging-x86_64/
  spice/repos/staging-x86_64/PKGBUILD
    (from rev 290964, spice/trunk/PKGBUILD)
  spice/repos/staging-x86_64/git-fixes.patch
    (from rev 290964, spice/trunk/git-fixes.patch)

--------------------------------+
 staging-i686/PKGBUILD          |   35 +++++++++++++
 staging-i686/git-fixes.patch   |   98 +++++++++++++++++++++++++++++++++++++++
 staging-x86_64/PKGBUILD        |   35 +++++++++++++
 staging-x86_64/git-fixes.patch |   98 +++++++++++++++++++++++++++++++++++++++
 4 files changed, 266 insertions(+)

Copied: spice/repos/staging-i686/PKGBUILD (from rev 290964, spice/trunk/PKGBUILD)
===================================================================
--- staging-i686/PKGBUILD	                        (rev 0)
+++ staging-i686/PKGBUILD	2017-03-16 22:11:05 UTC (rev 290965)
@@ -0,0 +1,35 @@
+# $Id$
+# Maintainer: Sergej Pupykin <pupykin.s+arch at gmail.com>
+# Maintainer: Patryk Kowalczyk < patryk at kowalczyk dot ws>
+
+pkgname=spice
+pkgver=0.12.8
+pkgrel=2
+pkgdesc="SPICE client and server"
+arch=('i686' 'x86_64')
+url="https://www.spice-space.org"
+license=('LGPL2.1')
+depends=(alsa-lib celt0.5.1 libcacard libjpeg-turbo libsasl libxinerama libxfixes libxrandr pixman)
+makedepends=(python2-pyparsing python2-six qemu spice-protocol)
+source=(https://www.spice-space.org/download/releases/$pkgname-$pkgver.tar.bz2{,.sign}
+        git-fixes.patch)
+validpgpkeys=('94A9F75661F77A6168649B23A9D8C21429AC6C82')
+sha256sums=('f901a5c5873d61acac84642f9eea5c4d6386fc3e525c2b68792322794e1c407d'
+            'SKIP'
+            '70a6d71e24095bc0864f659b0f3b196ffea5c618e8799281607112726dc2484d')
+
+prepare() {
+  cd "$srcdir/$pkgname-$pkgver"
+  patch -Np1 -i ../git-fixes.patch
+}
+
+build() {
+  cd "$srcdir/$pkgname-$pkgver"
+  PYTHON=python2 ./configure --prefix=/usr --disable-static --enable-smartcard --enable-client
+  make
+}
+
+package() {
+  cd "$srcdir/$pkgname-$pkgver"
+  make DESTDIR="$pkgdir/" install
+}

Copied: spice/repos/staging-i686/git-fixes.patch (from rev 290964, spice/trunk/git-fixes.patch)
===================================================================
--- staging-i686/git-fixes.patch	                        (rev 0)
+++ staging-i686/git-fixes.patch	2017-03-16 22:11:05 UTC (rev 290965)
@@ -0,0 +1,98 @@
+diff --git a/server/main_channel.c b/server/main_channel.c
+index 0ecc9df8..1fc39155 100644
+--- a/server/main_channel.c
++++ b/server/main_channel.c
+@@ -1026,6 +1026,9 @@ static uint8_t *main_channel_alloc_msg_rcv_buf(RedChannelClient *rcc,
+ 
+     if (type == SPICE_MSGC_MAIN_AGENT_DATA) {
+         return reds_get_agent_data_buffer(mcc, size);
++    } else if (size > sizeof(main_chan->recv_buf)) {
++        /* message too large, caller will log a message and close the connection */
++        return NULL;
+     } else {
+         return main_chan->recv_buf;
+     }
+diff --git a/server/reds.c b/server/reds.c
+index 61bf7357..f439a366 100644
+--- a/server/reds.c
++++ b/server/reds.c
+@@ -2110,6 +2110,14 @@ static void reds_handle_read_link_done(void *opaque)
+     link_mess->num_channel_caps = GUINT32_FROM_LE(link_mess->num_channel_caps);
+     link_mess->num_common_caps = GUINT32_FROM_LE(link_mess->num_common_caps);
+ 
++    /* Prevent DoS. Currently we defined only 13 capabilities,
++     * I expect 1024 to be valid for quite a lot time */
++    if (link_mess->num_channel_caps > 1024 || link_mess->num_common_caps > 1024) {
++        reds_send_link_error(link, SPICE_LINK_ERR_INVALID_DATA);
++        reds_link_free(link);
++        return;
++    }
++
+     num_caps = link_mess->num_common_caps + link_mess->num_channel_caps;
+     caps = (uint32_t *)((uint8_t *)link_mess + link_mess->caps_offset);
+ 
+@@ -2184,12 +2192,6 @@ static void reds_handle_read_header_done(void *opaque)
+     header->minor_version = GUINT32_FROM_LE(header->minor_version);
+     header->size = GUINT32_FROM_LE(header->size);
+ 
+-    if (header->magic != SPICE_MAGIC) {
+-        reds_send_link_error(link, SPICE_LINK_ERR_INVALID_MAGIC);
+-        reds_link_free(link);
+-        return;
+-    }
+-
+     if (header->major_version != SPICE_VERSION_MAJOR) {
+         if (header->major_version > 0) {
+             reds_send_link_error(link, SPICE_LINK_ERR_VERSION_MISMATCH);
+@@ -2202,7 +2204,8 @@ static void reds_handle_read_header_done(void *opaque)
+ 
+     reds->peer_minor_version = header->minor_version;
+ 
+-    if (header->size < sizeof(SpiceLinkMess)) {
++    /* the check for 4096 is to avoid clients to cause arbitrary big memory allocations */
++    if (header->size < sizeof(SpiceLinkMess) || header->size > 4096) {
+         reds_send_link_error(link, SPICE_LINK_ERR_INVALID_DATA);
+         spice_warning("bad size %u", header->size);
+         reds_link_free(link);
+@@ -2218,13 +2221,31 @@ static void reds_handle_read_header_done(void *opaque)
+                            link);
+ }
+ 
++static void reds_handle_read_magic_done(void *opaque)
++{
++    RedLinkInfo *link = (RedLinkInfo *)opaque;
++    const SpiceLinkHeader *header = &link->link_header;
++
++    if (header->magic != SPICE_MAGIC) {
++        reds_send_link_error(link, SPICE_LINK_ERR_INVALID_MAGIC);
++        reds_link_free(link);
++        return;
++    }
++
++    reds_stream_async_read(link->stream,
++                           ((uint8_t *)&link->link_header) + sizeof(header->magic),
++                           sizeof(SpiceLinkHeader) - sizeof(header->magic),
++                           reds_handle_read_header_done,
++                           link);
++}
++
+ static void reds_handle_new_link(RedLinkInfo *link)
+ {
+     reds_stream_set_async_error_handler(link->stream, reds_handle_link_error);
+     reds_stream_async_read(link->stream,
+                            (uint8_t *)&link->link_header,
+-                           sizeof(SpiceLinkHeader),
+-                           reds_handle_read_header_done,
++                           sizeof(link->link_header.magic),
++                           reds_handle_read_magic_done,
+                            link);
+ }
+ 
+@@ -2816,6 +2837,7 @@ static void reds_mig_fill_wait_disconnect(void)
+         wait_client->client = client;
+         ring_add(&reds->mig_wait_disconnect_clients, &wait_client->link);
+     }
++    reds->mig_wait_connect = FALSE;
+     reds->mig_wait_disconnect = TRUE;
+     core->timer_start(reds->mig_timer, MIGRATE_TIMEOUT);
+ }

Copied: spice/repos/staging-x86_64/PKGBUILD (from rev 290964, spice/trunk/PKGBUILD)
===================================================================
--- staging-x86_64/PKGBUILD	                        (rev 0)
+++ staging-x86_64/PKGBUILD	2017-03-16 22:11:05 UTC (rev 290965)
@@ -0,0 +1,35 @@
+# $Id$
+# Maintainer: Sergej Pupykin <pupykin.s+arch at gmail.com>
+# Maintainer: Patryk Kowalczyk < patryk at kowalczyk dot ws>
+
+pkgname=spice
+pkgver=0.12.8
+pkgrel=2
+pkgdesc="SPICE client and server"
+arch=('i686' 'x86_64')
+url="https://www.spice-space.org"
+license=('LGPL2.1')
+depends=(alsa-lib celt0.5.1 libcacard libjpeg-turbo libsasl libxinerama libxfixes libxrandr pixman)
+makedepends=(python2-pyparsing python2-six qemu spice-protocol)
+source=(https://www.spice-space.org/download/releases/$pkgname-$pkgver.tar.bz2{,.sign}
+        git-fixes.patch)
+validpgpkeys=('94A9F75661F77A6168649B23A9D8C21429AC6C82')
+sha256sums=('f901a5c5873d61acac84642f9eea5c4d6386fc3e525c2b68792322794e1c407d'
+            'SKIP'
+            '70a6d71e24095bc0864f659b0f3b196ffea5c618e8799281607112726dc2484d')
+
+prepare() {
+  cd "$srcdir/$pkgname-$pkgver"
+  patch -Np1 -i ../git-fixes.patch
+}
+
+build() {
+  cd "$srcdir/$pkgname-$pkgver"
+  PYTHON=python2 ./configure --prefix=/usr --disable-static --enable-smartcard --enable-client
+  make
+}
+
+package() {
+  cd "$srcdir/$pkgname-$pkgver"
+  make DESTDIR="$pkgdir/" install
+}

Copied: spice/repos/staging-x86_64/git-fixes.patch (from rev 290964, spice/trunk/git-fixes.patch)
===================================================================
--- staging-x86_64/git-fixes.patch	                        (rev 0)
+++ staging-x86_64/git-fixes.patch	2017-03-16 22:11:05 UTC (rev 290965)
@@ -0,0 +1,98 @@
+diff --git a/server/main_channel.c b/server/main_channel.c
+index 0ecc9df8..1fc39155 100644
+--- a/server/main_channel.c
++++ b/server/main_channel.c
+@@ -1026,6 +1026,9 @@ static uint8_t *main_channel_alloc_msg_rcv_buf(RedChannelClient *rcc,
+ 
+     if (type == SPICE_MSGC_MAIN_AGENT_DATA) {
+         return reds_get_agent_data_buffer(mcc, size);
++    } else if (size > sizeof(main_chan->recv_buf)) {
++        /* message too large, caller will log a message and close the connection */
++        return NULL;
+     } else {
+         return main_chan->recv_buf;
+     }
+diff --git a/server/reds.c b/server/reds.c
+index 61bf7357..f439a366 100644
+--- a/server/reds.c
++++ b/server/reds.c
+@@ -2110,6 +2110,14 @@ static void reds_handle_read_link_done(void *opaque)
+     link_mess->num_channel_caps = GUINT32_FROM_LE(link_mess->num_channel_caps);
+     link_mess->num_common_caps = GUINT32_FROM_LE(link_mess->num_common_caps);
+ 
++    /* Prevent DoS. Currently we defined only 13 capabilities,
++     * I expect 1024 to be valid for quite a lot time */
++    if (link_mess->num_channel_caps > 1024 || link_mess->num_common_caps > 1024) {
++        reds_send_link_error(link, SPICE_LINK_ERR_INVALID_DATA);
++        reds_link_free(link);
++        return;
++    }
++
+     num_caps = link_mess->num_common_caps + link_mess->num_channel_caps;
+     caps = (uint32_t *)((uint8_t *)link_mess + link_mess->caps_offset);
+ 
+@@ -2184,12 +2192,6 @@ static void reds_handle_read_header_done(void *opaque)
+     header->minor_version = GUINT32_FROM_LE(header->minor_version);
+     header->size = GUINT32_FROM_LE(header->size);
+ 
+-    if (header->magic != SPICE_MAGIC) {
+-        reds_send_link_error(link, SPICE_LINK_ERR_INVALID_MAGIC);
+-        reds_link_free(link);
+-        return;
+-    }
+-
+     if (header->major_version != SPICE_VERSION_MAJOR) {
+         if (header->major_version > 0) {
+             reds_send_link_error(link, SPICE_LINK_ERR_VERSION_MISMATCH);
+@@ -2202,7 +2204,8 @@ static void reds_handle_read_header_done(void *opaque)
+ 
+     reds->peer_minor_version = header->minor_version;
+ 
+-    if (header->size < sizeof(SpiceLinkMess)) {
++    /* the check for 4096 is to avoid clients to cause arbitrary big memory allocations */
++    if (header->size < sizeof(SpiceLinkMess) || header->size > 4096) {
+         reds_send_link_error(link, SPICE_LINK_ERR_INVALID_DATA);
+         spice_warning("bad size %u", header->size);
+         reds_link_free(link);
+@@ -2218,13 +2221,31 @@ static void reds_handle_read_header_done(void *opaque)
+                            link);
+ }
+ 
++static void reds_handle_read_magic_done(void *opaque)
++{
++    RedLinkInfo *link = (RedLinkInfo *)opaque;
++    const SpiceLinkHeader *header = &link->link_header;
++
++    if (header->magic != SPICE_MAGIC) {
++        reds_send_link_error(link, SPICE_LINK_ERR_INVALID_MAGIC);
++        reds_link_free(link);
++        return;
++    }
++
++    reds_stream_async_read(link->stream,
++                           ((uint8_t *)&link->link_header) + sizeof(header->magic),
++                           sizeof(SpiceLinkHeader) - sizeof(header->magic),
++                           reds_handle_read_header_done,
++                           link);
++}
++
+ static void reds_handle_new_link(RedLinkInfo *link)
+ {
+     reds_stream_set_async_error_handler(link->stream, reds_handle_link_error);
+     reds_stream_async_read(link->stream,
+                            (uint8_t *)&link->link_header,
+-                           sizeof(SpiceLinkHeader),
+-                           reds_handle_read_header_done,
++                           sizeof(link->link_header.magic),
++                           reds_handle_read_magic_done,
+                            link);
+ }
+ 
+@@ -2816,6 +2837,7 @@ static void reds_mig_fill_wait_disconnect(void)
+         wait_client->client = client;
+         ring_add(&reds->mig_wait_disconnect_clients, &wait_client->link);
+     }
++    reds->mig_wait_connect = FALSE;
+     reds->mig_wait_disconnect = TRUE;
+     core->timer_start(reds->mig_timer, MIGRATE_TIMEOUT);
+ }



More information about the arch-commits mailing list