gentoo resync : 25.08.2018

8 files changed, 15 insertions, 276 deletions

diff --git a/app-emulation/spice/Manifest b/app-emulation/spice/Manifest
index b03e8c4f61ff..f6276164e264 100644
--- a/app-emulation/spice/Manifest
+++ b/app-emulation/spice/Manifest
@@ -1,13 +1,8 @@
 AUX README.gentoo 270 BLAKE2B 979c3e8d2a3c1d4f30af8f2d9954434dd685abf42992abf0e63e9dbe2d16d8fb3b135ecf3b81344e12d585ed92543d6b8adffb01e55772964de0f97f320d785c SHA512 9202046d629d12eee0435bb0ee8bafc1d8a0b52784275a7b3989fd430de8ed0ec2e59cfdf963a58494a05296a55bc99fe7095e661398182d62286e8816895dd1
-AUX spice-0.13.3-reds-Avoid-buffer-overflows-handling-monitor-configu.patch 1902 BLAKE2B c92ae0d53f805efa8787ef9bd88a83b3cd56f95a544d5890005330c49b296884672bd913d357f4325a81d981b57bbc0d5ee0fc2a8bb10c40fb22cf762e9fb747 SHA512 c2091c688158291a87aa834125083dc8572faadaf43f05f68721b3f9bde40eda232793e720fafe9ece93aa7287e5e1fc3e4fd7a7ec30130c2e9af0b9297c9e14
-AUX spice-0.13.3-reds-Avoid-integer-overflows-handling-monitor-config.patch 1022 BLAKE2B eff6063372af35b926663393afc022a4e0b875c22402136ed41be394951958789a2c8de26e8791664cbef1c8bee7e9344f8fe7f39563e7b14567f9ebff2b0fa8 SHA512 4f815f091c0eec1ccfaa3438390087d4b7390e3ea84e353e42638a850e0faa552077af443719f2015ce36375ac2ac400721677462a2739ecf05fdf8c2e778b41
-AUX spice-0.13.3-reds-Disconnect-when-receiving-overly-big-ClientMoni.patch 2988 BLAKE2B 99bca01b78b4acb875085628613f47a8c07c87061b77a50fdb4abc45770aa75a88bc75310e3a8a558d303861f17480b6362751f4073a54c5909aaca8c11422ef SHA512 ee15a37c45527869415d301968857f47a4536462bcea6fb5608862fa7019b2eeba36d08563b74feb7a96bc565dd6fe09349c736c4677d43c1f13fc95f1c42c06
-AUX spice-0.13.3-skip_faulty_lz4_check.patch 566 BLAKE2B 4775395c0e39e8c930078365ac2b05c21d30698b4cd472e56eb77fcde3f83894f3649c066824ad424dd0178200e17a8cd207046552dfebd3944de88e96d406e9 SHA512 aa16b86446f42a08c5d76927090e6b01817308520b34affcdd28a9e89d70d344f5ce47d1600c5cc564ecdf428cbfe8cf456ce8d3ccf4e686bd0cfb2f9fe5fe33
+AUX spice-0.14.0-fix-flexible-array-buffer-overflow.patch 684 BLAKE2B dfbbf0fd8231d48b82bc907b8a2b84cc78f701e04ec9e265061bc68136a3f0c53e3884997ccaf1a3558772a43bd78dc3d7e7509e7c014fa0a00860ef7a7cfb4e SHA512 bd69990b33fa0f5bded35d8e37a51cf87f28c44dedbc24f73d682d465e5514fd809b6fcd95e067a9f5adcb0e1a3b10c8a739412feac088d058e44970268815be
 AUX spice-0.14.0-libressl_fix.patch 530 BLAKE2B 136e0b87931d487a018cdf0be4acfc0b05d474eb2e1a0583e05f9184ac6aa3b3a5dc58537ed167b13655b9180f06ba489c7805caa95d39a1af1fff410000e675 SHA512 f29f0a47edb2552b0908d0ceea7546efa90ad572217ce9184da031507be9f65a83ef39684dc3d8610bea4993a8f26ed78bce17781c893a4fca1cbdf9ba5140e3
 AUX spice-0.14.0-openssl1.1_fix.patch 614 BLAKE2B fb7b39e73d37bc6ab27035c7d7a742fa648afb62777bcbd9dbdd7480b5b5461da6147b4f3368e04aaf04f8ef5780aeab1e7679f4fcf7aa1005df7d28a4fca7a1 SHA512 1b0b83b7222af0f60bdb5a3469881a4e84f8df824d2741710da04b8bdec95e691f97137f2ee67ad71065918b329285d215aa086d5f46dc83b18334eb17ef6dc8
-DIST spice-0.13.3.tar.bz2 1322505 BLAKE2B 56f9cd34bb48fdcf750230242b27567db713ef749649d4b780a82d0d4ec5d326b19540c9bb4f36c164d40a692eb0368c39e05ee8dba319dd8461a0315e5a9a17 SHA512 63496fbd3df0fd453052cef8e1fb00a3a28f0105610676fdc4a58043cbc6da571ae4407701af2b817e410d05ce727d60d5ee0c93c8897231e25229897c51d95a
 DIST spice-0.14.0.tar.bz2 1330195 BLAKE2B 08f93e8ddeb79adb4feac0557a854cc41fd096a9dfefc0baaca176803c2a03ef9286c4f61a135d62ad22e3ac3f4bb31ffd1614c8ddeaec7ae8c01eca34da1750 SHA512 84532146aa628ca6ca459a82afb89d6391892e063668fd4a68023c92cee7ca868b6c82e31dd9886819b76ea745ebdae0d0030e1f608d8f58f51c00f0b09bae1f
-EBUILD spice-0.13.3-r2.ebuild 2712 BLAKE2B dc0b6c6ec539682690d5a7f240beb49669fa7260a92214a8434b8e527b4f07434fa0feee54db5906fea7cc3256d8fcaed207bbf255aa79bdc640577647dc1110 SHA512 d0cbb81eaaacdf131c914b83ef42071e3f373d1154b0d3c530db6d4ff39c44f814e5a20c3ba2182bbf3cea3598cab1f6e7201ca74377cadb710808554a4f3228
-EBUILD spice-0.14.0-r1.ebuild 2441 BLAKE2B a432d483ea50e5ff01e7e44feeb4db6597e83fa013e175b8723ab0e693c5339db1c9586cee671b9a01b0e49db6ffc76294803543123014cb91fd48ad21696d0e SHA512 121da2c47e2a214ab63f56e3a1aa462f3ef629890be79e50d4d8a380600f21304533b7fc700d7b3c4c9e4f6fd45c810ed495f54e608eb756ec79f90967450e12
+EBUILD spice-0.14.0-r2.ebuild 2502 BLAKE2B 92e56c8ebdbfc2e1dca80b30c35c24f4045b32da9151c203305b6e51adbe6364a3a3fa8cf7d1629ca5fb6cc6415d60dc9ea00a0a1c3f59cdec12f63dc7547e0d SHA512 88b1806d6aac6923bfff9694c5cb33176a98320d9a0143e5fc93e8dc9345932778c4a0857eda4ec45bc5ba7ee5c970e031ff6c3de1200f5af1ba934dfe36c67d
 EBUILD spice-9999.ebuild 2352 BLAKE2B 5c858640f75e932517b6e6d02a9295885790282311bdefd18a44d77a1e245f9037245ef3d15c65d505be0583427eed7a38222dc776635c6be952bd1d1468b9ed SHA512 4fd7bbe6296eefd04e65510e7983a329e58fa80ffac67f76be7ab35d007d6eadd87cea27e6db1d223bfc92d912ef8ec67e40a07b12092ce554872ca37e2e24fe
 MISC metadata.xml 476 BLAKE2B 2cda64935d0117db099551f30928c447c4d1d7f4e1c355e619c0134ec31e4d7779b646329218c48f9be671d0f0e92fa496caaa34f6aa4136748dd9bd6d2d868a SHA512 3ae95b689c812e19679cb9a9db2f0811077a4eb205cadf4baeb78a2ddfeb7fc0086e2514540fad59e447bbca6c9dba81001a8ff156a1d18ba2d58171ba301f9b
diff --git a/app-emulation/spice/files/spice-0.13.3-reds-Avoid-buffer-overflows-handling-monitor-configu.patch b/app-emulation/spice/files/spice-0.13.3-reds-Avoid-buffer-overflows-handling-monitor-configu.patch
deleted file mode 100644
index 8792395977e9..000000000000
--- a/app-emulation/spice/files/spice-0.13.3-reds-Avoid-buffer-overflows-handling-monitor-configu.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-Matthias Maier <tamiko@gentoo.org>
-
- - Ported to 0.13.3
-
-
-From fbbcdad773e2791cfb988f4748faa41943551ca6 Mon Sep 17 00:00:00 2001
-From: Frediano Ziglio <fziglio@redhat.com>
-Date: Mon, 15 May 2017 15:57:28 +0100
-Subject: [PATCH 3/3] reds: Avoid buffer overflows handling monitor
- configuration
-
-It was also possible for a malicious client to set
-VDAgentMonitorsConfig::num_of_monitors to a number larger
-than the actual size of VDAgentMOnitorsConfig::monitors.
-This would lead to buffer overflows, which could allow the guest to
-read part of the host memory. This might cause write overflows in the
-host as well, but controlling the content of such buffers seems
-complicated.
-
-Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
----
-
-diff --git a/server/reds.c b/server/reds.c
-index ec89105..fd1457f 100644
---- a/server/reds.c
-+++ b/server/reds.c
-@@ -1084,6 +1084,7 @@ static void reds_on_main_agent_monitors_config(RedsState *reds,
-     VDAgentMessage *msg_header;
-     VDAgentMonitorsConfig *monitors_config;
-     RedsClientMonitorsConfig *cmc = &reds->client_monitors_config;
-+    uint32_t max_monitors;
- 
-     // limit size of message sent by the client as this can cause a DoS through
-     // memory exhaustion, or potentially some integer overflows
-@@ -1113,6 +1114,12 @@ static void reds_on_main_agent_monitors_config(RedsState *reds,
-         goto overflow;
-     }
-     monitors_config = (VDAgentMonitorsConfig *)(cmc->buffer + sizeof(*msg_header));
-+    // limit the monitor number to avoid buffer overflows
-+    max_monitors = (msg_header->size - sizeof(VDAgentMonitorsConfig)) /
-+                   sizeof(VDAgentMonConfig);
-+    if (monitors_config->num_of_monitors > max_monitors) {
-+        goto overflow;
-+    }
-     spice_debug("%s: %d", __func__, monitors_config->num_of_monitors);
-     reds_client_monitors_config(reds, monitors_config);
-     reds_client_monitors_config_cleanup(reds);
diff --git a/app-emulation/spice/files/spice-0.13.3-reds-Avoid-integer-overflows-handling-monitor-config.patch b/app-emulation/spice/files/spice-0.13.3-reds-Avoid-integer-overflows-handling-monitor-config.patch
deleted file mode 100644
index f05e55c7354a..000000000000
--- a/app-emulation/spice/files/spice-0.13.3-reds-Avoid-integer-overflows-handling-monitor-config.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 571cec91e71c2aae0d5f439ea2d8439d0c3d75eb Mon Sep 17 00:00:00 2001
-From: Frediano Ziglio <fziglio@redhat.com>
-Date: Mon, 15 May 2017 15:57:28 +0100
-Subject: [PATCH 2/3] reds: Avoid integer overflows handling monitor
- configuration
-
-Avoid VDAgentMessage::size integer overflows.
-
-Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
----
- server/reds.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/server/reds.c b/server/reds.c
-index ec2b6f47..656f518f 100644
---- a/server/reds.c
-+++ b/server/reds.c
-@@ -1131,6 +1131,9 @@ static void reds_on_main_agent_monitors_config(RedsState *reds,
-         spice_debug("not enough data yet. %zd", cmc->offset);
-         return;
-     }
-+    if (msg_header->size < sizeof(VDAgentMonitorsConfig)) {
-+        goto overflow;
-+    }
-     monitors_config = (VDAgentMonitorsConfig *)(cmc->buffer + sizeof(*msg_header));
-     spice_debug("monitors_config->num_of_monitors: %d", monitors_config->num_of_monitors);
-     reds_client_monitors_config(reds, monitors_config);
--- 
-2.13.0
-
diff --git a/app-emulation/spice/files/spice-0.13.3-reds-Disconnect-when-receiving-overly-big-ClientMoni.patch b/app-emulation/spice/files/spice-0.13.3-reds-Disconnect-when-receiving-overly-big-ClientMoni.patch
deleted file mode 100644
index 2cd186482ad9..000000000000
--- a/app-emulation/spice/files/spice-0.13.3-reds-Disconnect-when-receiving-overly-big-ClientMoni.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-Matthias Maier <tamiko@gentoo.org>
-
- - Ported to 0.13.3
-
-
-From 111ab38611cef5012f1565a65fa2d8a8a05cce37 Mon Sep 17 00:00:00 2001
-From: Frediano Ziglio <fziglio@redhat.com>
-Date: Mon, 15 May 2017 15:57:28 +0100
-Subject: [PATCH 1/3] reds: Disconnect when receiving overly big
- ClientMonitorsConfig
-
-Total message size received from the client was unlimited. There is
-a 2kiB size check on individual agent messages, but the MonitorsConfig
-message can be split in multiple chunks, and the size of the
-non-chunked MonitorsConfig message was never checked. This could easily
-lead to memory exhaustion on the host.
-
-Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
----
-
-diff --git a/server/reds.c b/server/reds.c
-index 92feea1..286993b 100644
---- a/server/reds.c
-+++ b/server/reds.c
-@@ -1077,19 +1077,35 @@ static void reds_client_monitors_config_cleanup(RedsState *reds)
- static void reds_on_main_agent_monitors_config(RedsState *reds,
-         MainChannelClient *mcc, void *message, size_t size)
- {
-+    const unsigned int MAX_MONITORS = 256;
-+    const unsigned int MAX_MONITOR_CONFIG_SIZE =
-+       sizeof(VDAgentMonitorsConfig) + MAX_MONITORS * sizeof(VDAgentMonConfig);
-+
-     VDAgentMessage *msg_header;
-     VDAgentMonitorsConfig *monitors_config;
-     RedsClientMonitorsConfig *cmc = &reds->client_monitors_config;
- 
-+    // limit size of message sent by the client as this can cause a DoS through
-+    // memory exhaustion, or potentially some integer overflows
-+    if (sizeof(VDAgentMessage) + MAX_MONITOR_CONFIG_SIZE - cmc->buffer_size < size) {
-+        goto overflow;
-+    }
-+
-     cmc->buffer_size += size;
-     cmc->buffer = realloc(cmc->buffer, cmc->buffer_size);
-     spice_assert(cmc->buffer);
-     cmc->mcc = mcc;
-     memcpy(cmc->buffer + cmc->buffer_pos, message, size);
-     cmc->buffer_pos += size;
-+    if (sizeof(VDAgentMessage) > cmc->buffer_size) {
-+        spice_debug("not enough data yet. %d", cmc->buffer_size);
-+        return;
-+    }
-     msg_header = (VDAgentMessage *)cmc->buffer;
--    if (sizeof(VDAgentMessage) > cmc->buffer_size ||
--            msg_header->size > cmc->buffer_size - sizeof(VDAgentMessage)) {
-+    if (msg_header->size > MAX_MONITOR_CONFIG_SIZE) {
-+        goto overflow;
-+    }
-+    if (msg_header->size > cmc->buffer_size - sizeof(VDAgentMessage)) {
-         spice_debug("not enough data yet. %d", cmc->buffer_size);
-         return;
-     }
-@@ -1097,6 +1113,12 @@ static void reds_on_main_agent_monitors_config(RedsState *reds,
-     spice_debug("%s: %d", __func__, monitors_config->num_of_monitors);
-     reds_client_monitors_config(reds, monitors_config);
-     reds_client_monitors_config_cleanup(reds);
-+    return;
-+
-+overflow:
-+    spice_warning("received invalid MonitorsConfig request from client, disconnecting");
-+    red_channel_client_disconnect(RED_CHANNEL_CLIENT(mcc));
-+    reds_client_monitors_config_cleanup(reds);
- }
- 
- void reds_on_main_agent_data(RedsState *reds, MainChannelClient *mcc, void *message, size_t size)
diff --git a/app-emulation/spice/files/spice-0.13.3-skip_faulty_lz4_check.patch b/app-emulation/spice/files/spice-0.13.3-skip_faulty_lz4_check.patch
deleted file mode 100644
index 6ae65ba6d13c..000000000000
--- a/app-emulation/spice/files/spice-0.13.3-skip_faulty_lz4_check.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/spice-common/m4/spice-deps.m4 b/spice-common/m4/spice-deps.m4
-index adedec4..6cb8bde 100644
---- a/spice-common/m4/spice-deps.m4
-+++ b/spice-common/m4/spice-deps.m4
-@@ -185,7 +185,7 @@ AC_DEFUN([SPICE_CHECK_LZ4], [
- 
-     have_lz4="no"
-     if test "x$enable_lz4" != "xno"; then
--      PKG_CHECK_MODULES([LZ4], [liblz4 >= 129], [have_lz4="yes"], [have_lz4="no"])
-+      PKG_CHECK_MODULES([LZ4], [liblz4], [have_lz4="yes"], [have_lz4="no"])
- 
-       if test "x$have_lz4" = "xyes"; then
-         AC_DEFINE(USE_LZ4, [1], [Define to build with lz4 support])
diff --git a/app-emulation/spice/files/spice-0.14.0-fix-flexible-array-buffer-overflow.patch b/app-emulation/spice/files/spice-0.14.0-fix-flexible-array-buffer-overflow.patch
new file mode 100644
index 000000000000..a05bbb7545aa
--- /dev/null
+++ b/app-emulation/spice/files/spice-0.14.0-fix-flexible-array-buffer-overflow.patch
@@ -0,0 +1,12 @@
+diff --git a/spice-common/python_modules/demarshal.py b/spice-common/python_modules/demarshal.py
+index 1ea131d..7172762 100644
+--- a/spice-common/python_modules/demarshal.py
++++ b/spice-common/python_modules/demarshal.py
+@@ -318,6 +318,7 @@ def write_validate_array_item(writer, container, item, scope, parent_scope, star
+         writer.assign(nelements, array.size)
+     elif array.is_remaining_length():
+         if element_type.is_fixed_nw_size():
++            writer.error_check("%s > message_end" % item.get_position())
+             if element_type.get_fixed_nw_size() == 1:
+                 writer.assign(nelements, "message_end - %s" % item.get_position())
+             else:
diff --git a/app-emulation/spice/spice-0.13.3-r2.ebuild b/app-emulation/spice/spice-0.13.3-r2.ebuild
deleted file mode 100644
index 557c17470c39..000000000000
--- a/app-emulation/spice/spice-0.13.3-r2.ebuild
+++ /dev/null
@@ -1,104 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} )
-
-inherit autotools ltprune python-any-r1 readme.gentoo-r1 xdg-utils
-
-DESCRIPTION="SPICE server"
-HOMEPAGE="https://www.spice-space.org/"
-SRC_URI="https://www.spice-space.org/download/releases/${P}.tar.bz2"
-
-LICENSE="LGPL-2.1"
-SLOT="0"
-KEYWORDS="amd64 ~arm64 x86"
-IUSE="libressl lz4 sasl smartcard static-libs gstreamer"
-
-# the libspice-server only uses the headers of libcacard
-RDEPEND="
-	>=dev-libs/glib-2.22:2[static-libs(+)?]
-	>=media-libs/celt-0.5.1.1:0.5.1[static-libs(+)?]
-	media-libs/opus[static-libs(+)?]
-	sys-libs/zlib[static-libs(+)?]
-	virtual/jpeg:0=[static-libs(+)?]
-	>=x11-libs/pixman-0.17.7[static-libs(+)?]
-	!libressl? ( dev-libs/openssl:0=[static-libs(+)?] )
-	libressl? ( dev-libs/libressl:0=[static-libs(+)?] )
-	lz4? ( app-arch/lz4:0=[static-libs(+)?] )
-	smartcard? ( >=app-emulation/libcacard-0.1.2 )
-	sasl? ( dev-libs/cyrus-sasl[static-libs(+)?] )
-	gstreamer? (
-		media-libs/gstreamer:1.0
-		media-libs/gst-plugins-base:1.0
-	)"
-DEPEND="${RDEPEND}
-	${PYTHON_DEPS}
-	>=app-emulation/spice-protocol-0.12.12
-	virtual/pkgconfig
-	$(python_gen_any_dep '
-		>=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}]
-		dev-python/six[${PYTHON_USEDEP}]
-	')
-	smartcard? ( app-emulation/qemu[smartcard] )"
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-0.13.3-skip_faulty_lz4_check.patch
-	"${FILESDIR}"/${PN}-0.13.3-reds-Disconnect-when-receiving-overly-big-ClientMoni.patch
-	"${FILESDIR}"/${PN}-0.13.3-reds-Avoid-integer-overflows-handling-monitor-config.patch
-	"${FILESDIR}"/${PN}-0.13.3-reds-Avoid-buffer-overflows-handling-monitor-configu.patch
-)
-
-python_check_deps() {
-	has_version ">=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}]"
-	has_version "dev-python/six[${PYTHON_USEDEP}]"
-}
-
-pkg_setup() {
-	[[ ${MERGE_TYPE} != binary ]] && python-any-r1_pkg_setup
-}
-
-src_prepare() {
-	default
-
-	eautoreconf
-}
-
-src_configure() {
-	# Prevent sandbox violations, bug #586560
-	# https://bugzilla.gnome.org/show_bug.cgi?id=744134
-	# https://bugzilla.gnome.org/show_bug.cgi?id=744135
-	addpredict /dev
-
-	xdg_environment_reset
-
-	local myconf="
-		$(use_enable static-libs static)
-		$(use_enable lz4)
-		$(use_with sasl)
-		$(use_enable smartcard)
-		--enable-gstreamer=$(usex gstreamer "1.0" "no")
-		--enable-celt051
-		--disable-gui
-		"
-	econf ${myconf}
-}
-
-src_compile() {
-	# Prevent sandbox violations, bug #586560
-	# https://bugzilla.gnome.org/show_bug.cgi?id=744134
-	# https://bugzilla.gnome.org/show_bug.cgi?id=744135
-	addpredict /dev
-
-	default
-}
-
-src_install() {
-	default
-	use static-libs || prune_libtool_files
-	readme.gentoo_create_doc
-}
-
-pkg_postinst() {
-	readme.gentoo_print_elog
-}
diff --git a/app-emulation/spice/spice-0.14.0-r1.ebuild b/app-emulation/spice/spice-0.14.0-r2.ebuild
index b3727d668a7e..b926d8a16b9f 100644
--- a/app-emulation/spice/spice-0.14.0-r1.ebuild
+++ b/app-emulation/spice/spice-0.14.0-r2.ebuild
@@ -45,6 +45,7 @@ DEPEND="${RDEPEND}
 PATCHES=(
 	"${FILESDIR}"/${P}-libressl_fix.patch
 	"${FILESDIR}"/${P}-openssl1.1_fix.patch
+	"${FILESDIR}"/${P}-fix-flexible-array-buffer-overflow.patch
 )
 
 python_check_deps() {