NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
c8f51a00d8
kumquat-buildroot/package/spice/Config.in
Peter Korsgaard 622ff3d6ea spice: security bump to version 0.12.6 
Fixes the following security issues:

CVE-2015-3247: Race condition in the worker_update_monitors_config function
in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial
of service (heap-based memory corruption and QEMU-KVM crash) or possibly
execute arbitrary code on the host via unspecified vectors.

CVE-2015-5260: Heap-based buffer overflow in SPICE before 0.12.6 allows
guest OS users to cause a denial of service (heap-based memory corruption
and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL
commands related to the surface_id parameter.

CVE-2015-5261: Heap-based buffer overflow in SPICE before 0.12.6 allows
guest OS users to read and write to arbitrary memory locations on the host
via guest QXL commands related to surface creation.

Client/gui support is gone upstream (moved to spice-gtk / virt-viewer), so
add Config.in.legacy handling for them.

Lz4 is a new optional dependency, so handle it.

The spice protocol definition is no longer included and instead used from
spice-protocol.  The build system uses pkg-config --variable=codegendir to
find the build time path of this, which doesn't take our STAGING_DIR prefix
into consideration, so it needs some help.  The installed protocol
definition will likewise be newer than the generated files, so we need to
workaround that to ensure they are not regenerated (which needs host python
/ pyparsing).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-06-22 23:25:24 +02:00

25 lines
835 B
Plaintext
Raw Blame History

comment "spice server needs a toolchain w/ wchar, threads"
depends on BR2_i386 || BR2_x86_64
depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS
config BR2_PACKAGE_SPICE
bool "spice server"
depends on BR2_i386 || BR2_x86_64
depends on BR2_USE_WCHAR # libglib2
depends on BR2_TOOLCHAIN_HAS_THREADS # libglib2
select BR2_PACKAGE_JPEG
select BR2_PACKAGE_LIBGLIB2
select BR2_PACKAGE_OPENSSL
select BR2_PACKAGE_PIXMAN
select BR2_PACKAGE_SPICE_PROTOCOL
help
The Spice project aims to provide a complete open source
solution for interaction with virtualized desktop devices.
The Spice project deals with both the virtualized devices
and the front-end. Interaction between front-end and
back-end is done using VD-Interfaces.
This package implements the server-part of Spice.
http://www.spice-space.org/
Reference in New Issue View Git Blame Copy Permalink