Commit Graph

20 Commits

Author SHA1 Message Date
Peter Korsgaard
75057fe767 spice: security bump to version 0.12.8
Fixes the following security issues:

CVE-2016-0749: The smartcard interaction in SPICE allows remote attackers to
cause a denial of service (QEMU-KVM process crash) or possibly execute
arbitrary code via vectors related to connecting to a guest VM, which
triggers a heap-based buffer overflow.

CVE-2016-2150: SPICE allows local guest OS users to read from or write to
arbitrary host memory locations via crafted primary surface parameters, a
similar issue to CVE-2015-5261.

The pyparsing check has been dropped from configure, and the spice protocol
definition is again included, so the workarounds can be removed.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-06-22 23:25:30 +02:00
Peter Korsgaard
622ff3d6ea spice: security bump to version 0.12.6
Fixes the following security issues:

CVE-2015-3247: Race condition in the worker_update_monitors_config function
in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial
of service (heap-based memory corruption and QEMU-KVM crash) or possibly
execute arbitrary code on the host via unspecified vectors.

CVE-2015-5260: Heap-based buffer overflow in SPICE before 0.12.6 allows
guest OS users to cause a denial of service (heap-based memory corruption
and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL
commands related to the surface_id parameter.

CVE-2015-5261: Heap-based buffer overflow in SPICE before 0.12.6 allows
guest OS users to read and write to arbitrary memory locations on the host
via guest QXL commands related to surface creation.

Client/gui support is gone upstream (moved to spice-gtk / virt-viewer), so
add Config.in.legacy handling for them.

Lz4 is a new optional dependency, so handle it.

The spice protocol definition is no longer included and instead used from
spice-protocol.  The build system uses pkg-config --variable=codegendir to
find the build time path of this, which doesn't take our STAGING_DIR prefix
into consideration, so it needs some help.  The installed protocol
definition will likewise be newer than the generated files, so we need to
workaround that to ensure they are not regenerated (which needs host python
/ pyparsing).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-06-22 23:25:24 +02:00
Peter Korsgaard
6f2c022023 spice: bump to version 0.12.5
Tunneling support is gone upstream, so drop the patch and add
Config.in.legacy handling for the option.

Celt051 is no longer a hard dependency, and opus is a new optional
dependency, so adjust the dependencies to match.

Python / pyparsing are not needed as the tarball contains the generated
files (this should presumably have been host-python in the first place as
these are used at build time), but we need a small workaround to convince
configure that they really aren't needed.

Alsa-lib is only needed for client support, and the configure script checks
for X11/Xext/Xrender, so adjust the dependencies to match.

A user manual is now generated by default if asciidoc is available, so
explicitly disable that.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-06-22 23:25:18 +02:00
Adam Duskett
e2a7822415 package makefiles: clean up backslash spacing.
The check-package script when ran gave warnings on only using
one space before backslashes on all of these makefiles.
This patch cleans up all warnings related to the one space before
backslashes rule in the make files in the package directory.

Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-22 15:57:23 +02:00
Ricardo Martincoski
4ef04c476c package: remove trailing backslash
Occurrences were searched using [1]:
check-package --include-only TrailingBackslash $(find * -type f)
and manually removed.

[1] http://patchwork.ozlabs.org/patch/729669/

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-06 22:41:45 +02:00
Rahul Bedarkar
30a3e8d108 boot, package: use SPDX short identifier for LGPLv2.1/LGPLv2.1+
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for LGPLv2.1/LGPLv2.1+ is LGPL-2.1/LGPL-2.1+.

This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/LGPLv2.1(\+)?/LGPL-2.1\1/g'

Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-01 15:18:10 +02:00
Bernd Kuhls
dbc7e23402 package/spice: depend on libglib2
The package selects BR2_PACKAGE_LIBGLIB2 but did not depend on it.

The buildsystem treats libglib2 as a hard-dependency:
https://cgit.freedesktop.org/spice/spice/tree/configure.ac?h=0.12#n117

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-02-21 23:45:59 +01:00
Jerzy Grzegorek
e800531761 package: indentation cleanup
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-11-02 23:27:01 +01:00
Jerzy Grzegorek
df2857de49 package: indentation cleanup
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-10-25 10:38:25 +02:00
Jerzy Grzegorek
774ff0d13f package: indentation cleanup
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-10-25 01:11:26 +02:00
Thomas De Schampheleire
f268f7131b .mk files: bulk aligment and whitespace cleanup of assignments
The Buildroot coding style defines one space around make assignments and
does not align the assignment symbols.

This patch does a bulk fix of offending packages. The package
infrastructures (or more in general assignments to calculated variable
names, like $(2)_FOO) are not touched.

Alignment of line continuation characters (\) is kept as-is.

The sed command used to do this replacement is:
find * -name "*.mk" | xargs sed -i \
    -e 's#^\([A-Z0-9a-z_]\+\)\s*\([?:+]\?=\)\s*$#\1 \2#'
    -e 's#^\([A-Z0-9a-z_]\+\)\s*\([?:+]\?=\)\s*\([^\\]\+\)$#\1 \2 \3#'
    -e 's#^\([A-Z0-9a-z_]\+\)\s*\([?:+]\?=\)\s*\([^\\ \t]\+\s*\\\)\s*$#\1 \2 \3#'
    -e 's#^\([A-Z0-9a-z_]\+\)\s*\([?:+]\?=\)\(\s*\\\)#\1 \2\3#'

Brief explanation of this command:
    ^\([A-Z0-9a-z_]\+\)     a regular variable at the beginning of the line
    \([?:+]\?=\)            any assignment character =, :=, ?=, +=
    \([^\\]\+\)             any string not containing a line continuation
    \([^\\ \t]\+\s*\\\)     string, optional whitespace, followed by a
                            line continuation character
    \(\s*\\\)               optional whitespace, followed by a line
                            continuation character

Hence, the first subexpression handles empty assignments, the second
handles regular assignments, the third handles regular assignments with
line continuation, and the fourth empty assignments with line
continuation.

This expression was tested on following test text: (initial tab not
included)

	FOO     = spaces before
	FOO     =   spaces before and after
	FOO	= tab before
	FOO	  = tab and spaces before
	FOO =	tab after
	FOO =	   tab and spaces after
	FOO =   	spaces and tab after
	FOO =    \
	FOO = bar \
	FOO = bar space    \
	FOO   =		   \
	GENIMAGE_DEPENDENCIES   = host-pkgconf libconfuse
	FOO     += spaces before
	FOO     ?=   spaces before and after
	FOO     :=
	FOO     =
	FOO	=
	FOO	  =
	FOO =
	   $(MAKE1) CROSS_COMPILE=$(TARGET_CROSS) -C
	AT91BOOTSTRAP3_DEFCONFIG = \
	AXEL_DISABLE_I18N=--i18n=0

After this bulk change, following manual fixups were done:
- fix line continuation alignment in cegui06 and spice (the sed
  expression leaves the number of whitespace between the value and line
  continuation character intact, but the whitespace before that could have
  changed, causing misalignment.
- qt5base was reverted, as this package uses extensive alignment which
  actually makes the code more readable.

Finally, the end result was manually reviewed.

Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Cc: Yann E. Morin <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-10-07 15:00:28 +02:00
Thomas De Schampheleire
aaffd209fa packages: rename FOO_CONF_OPT into FOO_CONF_OPTS
To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS,
make the same change for FOO_CONF_OPT.

Sed command used:
   find * -type f | xargs sed -i 's#_CONF_OPT\>#&S#g'

Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-10-04 18:54:16 +02:00
Jerzy Grzegorek
c7f4b96471 package: remove the trailing slash sign from <PKG>_SITE variable
Since the trailing slash is stripped from $($(PKG)_SITE) by pkg-generic.mk:

$(call DOWNLOAD,$($(PKG)_SITE:/=)/$($(PKG)_SOURCE))

so it is redundant.
This patch removes it from $(PKG)_SITE variable for BR consistency.

Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-07-31 23:17:46 +02:00
Axel Lin
434d31d66e spice: bump to version 0.12.4
According to the ChangeLog, spice needs glib2 since 0.12.2.
Thus add libglib2 dependency to fix build error if !BR2_PACKAGE_LIBGLIB2.
Also add a patch to fix trivial build error.

Signed-off-by: Axel Lin <axel.lin@ingics.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2013-12-12 23:24:21 +01:00
Alexandre Belloni
8dfd59d114 Normalize separator size to 80
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-06-06 22:30:24 +02:00
Alexandre Belloni
966e005d52 Convert headers to lower case when relevant
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-06-06 17:36:41 +02:00
Yann E. MORIN
5faf337b39 package/spice: enable slirp support
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-12-16 21:35:27 +01:00
Yann E. MORIN
af103acf4e package/spice: enable GUI
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-12-16 21:35:00 +01:00
Yann E. MORIN
a872142c2f package/spice: enable client
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-12-16 21:34:13 +01:00
Yann E. MORIN
93d4e38450 package/spice: new package
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-12-16 21:33:32 +01:00