diff options
author | Martin Jansa <martin.jansa@gmail.com> | 2018-05-11 19:21:40 +0000 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2018-05-17 08:32:26 -0700 |
commit | d182f4170fc133d088c9abe338dceded9faf2d38 (patch) | |
tree | d96ec13e75c11f3d626318c6f2a440c43253a6af /meta-networking/recipes-support/spice | |
parent | b379fcebf988b1c37950e10fa32fa0ffccd61013 (diff) | |
download | meta-openembedded-d182f4170fc133d088c9abe338dceded9faf2d38.tar.gz |
spice: upgrade to 0.13.90 version
* 0.13.0 is needed for opengl support, see qemu commit:
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=474114b7305cc1be7c2ee8ba5267be159a9d56e3
+# if SPICE_SERVER_VERSION >= 0x000d00 /* release 0.13.0 */
+# define HAVE_SPICE_GL 1
otherwise trying to run qemu with -spice gl=on fails with:
qemu-system-x86_64: -spice gl=on: Invalid parameter 'gl'
* spice-protocol is built separately since 0.12.6
* spice-protocol submodule has been removed,, spice-protocol must now
be installed when building spice-server
* celt051 is optional since 0.12.5, use PACKAGECONFIG for it
* Added Opus support. Celt support will be obsoleted in a future release.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-networking/recipes-support/spice')
10 files changed, 73 insertions, 423 deletions
diff --git a/meta-networking/recipes-support/spice/files/0001-Use-PRI-macros-in-printf-to-keep-compatibility-betwe.patch b/meta-networking/recipes-support/spice/files/0001-Use-PRI-macros-in-printf-to-keep-compatibility-betwe.patch deleted file mode 100644 index 18fa8fade..000000000 --- a/meta-networking/recipes-support/spice/files/0001-Use-PRI-macros-in-printf-to-keep-compatibility-betwe.patch +++ /dev/null | |||
@@ -1,72 +0,0 @@ | |||
1 | From 3cb746329ea4846bd9c65e0198e69423379b6f62 Mon Sep 17 00:00:00 2001 | ||
2 | From: =?UTF-8?q?=EC=86=8C=EB=B3=91=EC=B2=A0?= <byungchul.so@samsung.com> | ||
3 | Date: Thu, 24 Apr 2014 12:26:32 +0000 | ||
4 | Subject: [PATCH] Use PRI macros in printf to keep compatibility between | ||
5 | 32/64bit system | ||
6 | |||
7 | gcc's some integer type definitions are different between 32/64bit system. | ||
8 | This causes platform dependency problem with printf function. However, | ||
9 | we can avoid this problem by using PRI macros that supports platform | ||
10 | independent printf. | ||
11 | --- | ||
12 | server/mjpeg_encoder.c | 7 ++++--- | ||
13 | server/red_worker.c | 4 ++-- | ||
14 | 2 files changed, 6 insertions(+), 5 deletions(-) | ||
15 | |||
16 | diff --git a/server/mjpeg_encoder.c b/server/mjpeg_encoder.c | ||
17 | index aea4964..f465d88 100644 | ||
18 | --- a/server/mjpeg_encoder.c | ||
19 | +++ b/server/mjpeg_encoder.c | ||
20 | @@ -23,6 +23,7 @@ | ||
21 | #include "mjpeg_encoder.h" | ||
22 | #include <jerror.h> | ||
23 | #include <jpeglib.h> | ||
24 | +#include <inttypes.h> | ||
25 | |||
26 | #define MJPEG_MAX_FPS 25 | ||
27 | #define MJPEG_MIN_FPS 1 | ||
28 | @@ -66,7 +67,7 @@ static const int mjpeg_quality_samples[MJPEG_QUALITY_SAMPLE_NUM] = {20, 30, 40, | ||
29 | * are not necessarily related to mis-estimation of the bit rate, and we would | ||
30 | * like to wait till the stream stabilizes. | ||
31 | */ | ||
32 | -#define MJPEG_WARMUP_TIME 3000L // 3 sec | ||
33 | +#define MJPEG_WARMUP_TIME 3000LL // 3 sec | ||
34 | |||
35 | enum { | ||
36 | MJPEG_QUALITY_EVAL_TYPE_SET, | ||
37 | @@ -638,7 +639,7 @@ static void mjpeg_encoder_adjust_params_to_bit_rate(MJpegEncoder *encoder) | ||
38 | |||
39 | spice_debug("cur-fps=%u new-fps=%u (new/old=%.2f) |" | ||
40 | "bit-rate=%.2f (Mbps) latency=%u (ms) quality=%d |" | ||
41 | - " new-size-avg %lu , base-size %lu, (new/old=%.2f) ", | ||
42 | + " new-size-avg %"PRIu64" , base-size %"PRIu64", (new/old=%.2f) ", | ||
43 | rate_control->fps, new_fps, ((double)new_fps)/rate_control->fps, | ||
44 | ((double)rate_control->byte_rate*8)/1024/1024, | ||
45 | latency, | ||
46 | @@ -703,7 +704,7 @@ static void mjpeg_encoder_adjust_fps(MJpegEncoder *encoder, uint64_t now) | ||
47 | |||
48 | avg_fps = ((double)rate_control->adjusted_fps_num_frames*1000) / | ||
49 | adjusted_fps_time_passed; | ||
50 | - spice_debug("#frames-adjust=%lu #adjust-time=%lu avg-fps=%.2f", | ||
51 | + spice_debug("#frames-adjust=%"PRIu64" #adjust-time=%"PRIu64" avg-fps=%.2f", | ||
52 | rate_control->adjusted_fps_num_frames, adjusted_fps_time_passed, avg_fps); | ||
53 | spice_debug("defined=%u old-adjusted=%.2f", rate_control->fps, rate_control->adjusted_fps); | ||
54 | fps_ratio = avg_fps / rate_control->fps; | ||
55 | diff --git a/server/red_worker.c b/server/red_worker.c | ||
56 | index 619f7bc..1871e13 100644 | ||
57 | --- a/server/red_worker.c | ||
58 | +++ b/server/red_worker.c | ||
59 | @@ -2594,8 +2594,8 @@ static void red_print_stream_stats(DisplayChannelClient *dcc, StreamAgent *agent | ||
60 | mjpeg_encoder_get_stats(agent->mjpeg_encoder, &encoder_stats); | ||
61 | } | ||
62 | |||
63 | - spice_debug("stream=%ld dim=(%dx%d) #in-frames=%lu #in-avg-fps=%.2f #out-frames=%lu " | ||
64 | - "out/in=%.2f #drops=%lu (#pipe=%lu #fps=%lu) out-avg-fps=%.2f " | ||
65 | + spice_debug("stream=%"PRIdPTR" dim=(%dx%d) #in-frames=%"PRIu64" #in-avg-fps=%.2f #out-frames=%"PRIu64" " | ||
66 | + "out/in=%.2f #drops=%"PRIu64" (#pipe=%"PRIu64" #fps=%"PRIu64") out-avg-fps=%.2f " | ||
67 | "passed-mm-time(sec)=%.2f size-total(MB)=%.2f size-per-sec(Mbps)=%.2f " | ||
68 | "size-per-frame(KBpf)=%.2f avg-quality=%.2f " | ||
69 | "start-bit-rate(Mbps)=%.2f end-bit-rate(Mbps)=%.2f", | ||
70 | -- | ||
71 | 2.10.2 | ||
72 | |||
diff --git a/meta-networking/recipes-support/spice/files/0001-red_parse_qxl-Fix-BITMAP_FMT_IS_RGB-defined-but-not-.patch b/meta-networking/recipes-support/spice/files/0001-red_parse_qxl-Fix-BITMAP_FMT_IS_RGB-defined-but-not-.patch deleted file mode 100644 index ccae5f50f..000000000 --- a/meta-networking/recipes-support/spice/files/0001-red_parse_qxl-Fix-BITMAP_FMT_IS_RGB-defined-but-not-.patch +++ /dev/null | |||
@@ -1,29 +0,0 @@ | |||
1 | From 85838d4c9f2322aedb99b38fffd7da95a494d8ed Mon Sep 17 00:00:00 2001 | ||
2 | From: He Zhe <zhe.he@windriver.com> | ||
3 | Date: Thu, 29 Jun 2017 08:26:35 +0000 | ||
4 | Subject: [PATCH] red_parse_qxl: Fix BITMAP_FMT_IS_RGB defined but not used | ||
5 | |||
6 | | ../../git/server/red_parse_qxl.c:367:18: error: 'BITMAP_FMT_IS_RGB' | ||
7 | defined but not used [-Werror=unused-const-variable=] | ||
8 | | static const int BITMAP_FMT_IS_RGB[] = {0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1}; | ||
9 | |||
10 | Signed-off-by: He Zhe <zhe.he@windriver.com> | ||
11 | --- | ||
12 | server/red_parse_qxl.c | 1 - | ||
13 | 1 file changed, 1 deletion(-) | ||
14 | |||
15 | diff --git a/server/red_parse_qxl.c b/server/red_parse_qxl.c | ||
16 | index 6c0b0658..cfc2da95 100644 | ||
17 | --- a/server/red_parse_qxl.c | ||
18 | +++ b/server/red_parse_qxl.c | ||
19 | @@ -364,7 +364,6 @@ static int bitmap_consistent(SpiceBitmap *bitmap) | ||
20 | |||
21 | // This is based on SPICE_BITMAP_FMT_*, copied from server/red_worker.c | ||
22 | // to avoid a possible unoptimization from making it non static. | ||
23 | -static const int BITMAP_FMT_IS_RGB[] = {0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1}; | ||
24 | |||
25 | static SpiceImage *red_get_image(RedMemSlotInfo *slots, int group_id, | ||
26 | QXLPHYSICAL addr, uint32_t flags, int is_mask) | ||
27 | -- | ||
28 | 2.11.0 | ||
29 | |||
diff --git a/meta-networking/recipes-support/spice/files/0001-spice-compile-warnings.m4-don-t-define-FORITFY_SOURC.patch b/meta-networking/recipes-support/spice/files/0001-spice-compile-warnings.m4-don-t-define-FORITFY_SOURC.patch deleted file mode 100644 index 666960566..000000000 --- a/meta-networking/recipes-support/spice/files/0001-spice-compile-warnings.m4-don-t-define-FORITFY_SOURC.patch +++ /dev/null | |||
@@ -1,37 +0,0 @@ | |||
1 | From bf85d26f0326d4ea20429c29fd408703ee5bad54 Mon Sep 17 00:00:00 2001 | ||
2 | From: Martin Jansa <Martin.Jansa@gmail.com> | ||
3 | Date: Wed, 13 Sep 2017 15:53:02 +0200 | ||
4 | Subject: [PATCH] spice-compile-warnings.m4: don't define FORITFY_SOURCES | ||
5 | |||
6 | * otherwise fails when the native gcc already defines | ||
7 | FORTIFY_SOURCES (e.g. in gentoo). | ||
8 | | In file included from ../../git/server/inputs_channel.c:19:0: | ||
9 | | ../config.h:17:0: error: "_FORTIFY_SOURCE" redefined [-Werror] | ||
10 | | # define _FORTIFY_SOURCE 2 | ||
11 | |||
12 | Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> | ||
13 | --- | ||
14 | m4/spice-compile-warnings.m4 | 7 ------- | ||
15 | 1 file changed, 7 deletions(-) | ||
16 | |||
17 | diff --git a/m4/spice-compile-warnings.m4 b/m4/spice-compile-warnings.m4 | ||
18 | index 959971a2..55352ad6 100644 | ||
19 | --- a/m4/spice-compile-warnings.m4 | ||
20 | +++ b/m4/spice-compile-warnings.m4 | ||
21 | @@ -109,13 +109,6 @@ AC_DEFUN([SPICE_COMPILE_WARNINGS],[ | ||
22 | # This should be < 1024 really. pixman_utils is the blackspot | ||
23 | # preventing lower usage | ||
24 | gl_WARN_ADD([-Wframe-larger-than=20460]) | ||
25 | - | ||
26 | - # Use improved glibc headers | ||
27 | - AH_VERBATIM([FORTIFY_SOURCE], | ||
28 | - [/* Enable compile-time and run-time bounds-checking, and some warnings. */ | ||
29 | -#if __OPTIMIZE__ | ||
30 | -# define _FORTIFY_SOURCE 2 | ||
31 | -#endif | ||
32 | ]) | ||
33 | |||
34 | # Extra special flags | ||
35 | -- | ||
36 | 2.14.1 | ||
37 | |||
diff --git a/meta-networking/recipes-support/spice/files/Fix-build-issues-with-gcc-7.patch b/meta-networking/recipes-support/spice/files/Fix-build-issues-with-gcc-7.patch deleted file mode 100644 index 7fcafdc7e..000000000 --- a/meta-networking/recipes-support/spice/files/Fix-build-issues-with-gcc-7.patch +++ /dev/null | |||
@@ -1,59 +0,0 @@ | |||
1 | From 9f001b6818ac4baa1df010ccf4200ca56bfb11b2 Mon Sep 17 00:00:00 2001 | ||
2 | From: Mark Asselstine <mark.asselstine@windriver.com> | ||
3 | Date: Wed, 23 Aug 2017 13:47:29 -0400 | ||
4 | Subject: [PATCH] Fix build issues with gcc 7 | ||
5 | |||
6 | gcc 7 checks for when a switch statement doesn't break between | ||
7 | cases. When a break is not found you will see | ||
8 | |||
9 | | ../../git/server/reds.c: In function 'vdi_port_read_one_msg_from_device': | ||
10 | | ../../git/server/reds.c:797:31: error: this statement may fall through [-Werror=implicit-fallthrough=] | ||
11 | | state->read_state = VDI_PORT_READ_STATE_GET_BUFF; | ||
12 | | ~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
13 | | ../../git/server/reds.c:798:9: note: here | ||
14 | | case VDI_PORT_READ_STATE_GET_BUFF: { | ||
15 | | ^~~~ | ||
16 | |||
17 | The 'fallthrough' comment will let gcc know this is done on purpose. | ||
18 | |||
19 | Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> | ||
20 | --- | ||
21 | server/inputs_channel.c | 1 + | ||
22 | server/reds.c | 2 ++ | ||
23 | 2 files changed, 3 insertions(+) | ||
24 | |||
25 | diff --git a/server/inputs_channel.c b/server/inputs_channel.c | ||
26 | index 931dac1..534ab66 100644 | ||
27 | --- a/server/inputs_channel.c | ||
28 | +++ b/server/inputs_channel.c | ||
29 | @@ -321,6 +321,7 @@ static int inputs_channel_handle_parsed(RedChannelClient *rcc, uint32_t size, ui | ||
30 | activate_modifiers_watch(); | ||
31 | } | ||
32 | } | ||
33 | + /* fallthrough */ | ||
34 | case SPICE_MSGC_INPUTS_KEY_UP: { | ||
35 | SpiceMsgcKeyDown *key_down = (SpiceMsgcKeyDown *)buf; | ||
36 | for (i = 0; i < 4; i++) { | ||
37 | diff --git a/server/reds.c b/server/reds.c | ||
38 | index 30d0652..8c80eb6 100644 | ||
39 | --- a/server/reds.c | ||
40 | +++ b/server/reds.c | ||
41 | @@ -795,6 +795,7 @@ static SpiceCharDeviceMsgToClient *vdi_port_read_one_msg_from_device(SpiceCharDe | ||
42 | } | ||
43 | state->message_recive_len = state->vdi_chunk_header.size; | ||
44 | state->read_state = VDI_PORT_READ_STATE_GET_BUFF; | ||
45 | + /* fallthrough */ | ||
46 | case VDI_PORT_READ_STATE_GET_BUFF: { | ||
47 | if (!(state->current_read_buf = vdi_port_read_buf_get())) { | ||
48 | return NULL; | ||
49 | @@ -806,6 +807,7 @@ static SpiceCharDeviceMsgToClient *vdi_port_read_one_msg_from_device(SpiceCharDe | ||
50 | state->message_recive_len -= state->recive_len; | ||
51 | state->read_state = VDI_PORT_READ_STATE_READ_DATA; | ||
52 | } | ||
53 | + /* fallthrough */ | ||
54 | case VDI_PORT_READ_STATE_READ_DATA: | ||
55 | n = sif->read(vdagent, state->recive_pos, state->recive_len); | ||
56 | if (!n) { | ||
57 | -- | ||
58 | 2.7.4 | ||
59 | |||
diff --git a/meta-networking/recipes-support/spice/files/build-allow-separated-src-and-build-dirs.patch b/meta-networking/recipes-support/spice/files/build-allow-separated-src-and-build-dirs.patch deleted file mode 100644 index 9cbbff9b6..000000000 --- a/meta-networking/recipes-support/spice/files/build-allow-separated-src-and-build-dirs.patch +++ /dev/null | |||
@@ -1,62 +0,0 @@ | |||
1 | From 7d0d0ff080b159e647ebb26c337cb75314d64b52 Mon Sep 17 00:00:00 2001 | ||
2 | From: Mark Asselstine <mark.asselstine@windriver.com> | ||
3 | Date: Thu, 1 May 2014 12:09:16 -0400 | ||
4 | Subject: [PATCH] build: allow separated src and build dirs | ||
5 | |||
6 | We need to expland the list of include dirs to include the build dir since | ||
7 | generated files will be created there instead of in the src dir. | ||
8 | |||
9 | We also don't want to force using $srcdir for generated files as this will | ||
10 | allow them to be created in the build dir. We account for the slight | ||
11 | deviation in the generated files with expanded include paths. | ||
12 | |||
13 | Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> | ||
14 | --- | ||
15 | configure.ac | 2 +- | ||
16 | spice-common/common/Makefile.am | 14 +++++++------- | ||
17 | 2 file changed, 8 insertions(+), 8 deletions(-) | ||
18 | |||
19 | diff --git a/configure.ac b/configure.ac | ||
20 | index edda8e9..9151fcb 100644 | ||
21 | --- a/configure.ac | ||
22 | +++ b/configure.ac | ||
23 | @@ -165,7 +165,7 @@ dnl ========================================================================= | ||
24 | dnl Check deps | ||
25 | |||
26 | AC_CONFIG_SUBDIRS([spice-common]) | ||
27 | -COMMON_CFLAGS='-I ${top_srcdir}/spice-common/ -I ${top_srcdir}/spice-common/spice-protocol/' | ||
28 | +COMMON_CFLAGS='-I ${top_srcdir}/spice-common/ -I ${top_srcdir}/spice-common/common/ -I ${top_srcdir}/spice-common/spice-protocol/ -I ${top_builddir}/spice-common/' | ||
29 | AC_SUBST(COMMON_CFLAGS) | ||
30 | |||
31 | AC_CHECK_LIBM | ||
32 | diff --git a/spice-common/common/Makefile.am b/spice-common/common/Makefile.am | ||
33 | index 45568c6..4c65ac4 100644 | ||
34 | --- a/spice-common/common/Makefile.am | ||
35 | +++ b/spice-common/common/Makefile.am | ||
36 | @@ -2,16 +2,16 @@ NULL = | ||
37 | |||
38 | # Avoid need for python(pyparsing) by end users | ||
39 | CLIENT_MARSHALLERS = \ | ||
40 | - $(srcdir)/generated_client_demarshallers.c \ | ||
41 | - $(srcdir)/generated_client_demarshallers1.c \ | ||
42 | - $(srcdir)/generated_client_marshallers.c \ | ||
43 | - $(srcdir)/generated_client_marshallers1.c \ | ||
44 | + generated_client_demarshallers.c \ | ||
45 | + generated_client_demarshallers1.c \ | ||
46 | + generated_client_marshallers.c \ | ||
47 | + generated_client_marshallers1.c \ | ||
48 | $(NULL) | ||
49 | |||
50 | SERVER_MARSHALLERS = \ | ||
51 | - $(srcdir)/generated_server_demarshallers.c \ | ||
52 | - $(srcdir)/generated_server_marshallers.c \ | ||
53 | - $(srcdir)/generated_server_marshallers.h \ | ||
54 | + generated_server_demarshallers.c \ | ||
55 | + generated_server_marshallers.c \ | ||
56 | + generated_server_marshallers.h \ | ||
57 | $(NULL) | ||
58 | |||
59 | BUILT_SOURCES = $(CLIENT_MARSHALLERS) $(SERVER_MARSHALLERS) $(top_srcdir)/spice-protocol/spice/enums.h | ||
60 | -- | ||
61 | 1.8.3.2 | ||
62 | |||
diff --git a/meta-networking/recipes-support/spice/files/configure.ac-add-subdir-objects-to-AM_INIT_AUTOMAKE.patch b/meta-networking/recipes-support/spice/files/configure.ac-add-subdir-objects-to-AM_INIT_AUTOMAKE.patch deleted file mode 100644 index 323ef52f8..000000000 --- a/meta-networking/recipes-support/spice/files/configure.ac-add-subdir-objects-to-AM_INIT_AUTOMAKE.patch +++ /dev/null | |||
@@ -1,29 +0,0 @@ | |||
1 | From 36efb79076420975f7fa7aa0b03a1fc282291b05 Mon Sep 17 00:00:00 2001 | ||
2 | From: Mark Asselstine <mark.asselstine@windriver.com> | ||
3 | Date: Tue, 25 Mar 2014 15:23:25 -0400 | ||
4 | Subject: [PATCH] configure.ac: add subdir-objects to AM_INIT_AUTOMAKE | ||
5 | |||
6 | Without this you will get subdir-objects error which will cause | ||
7 | autoreconf to complete successfully. | ||
8 | |||
9 | Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> | ||
10 | --- | ||
11 | spice-common/configure.ac | 2 +- | ||
12 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
13 | |||
14 | diff --git a/spice-common/configure.ac b/spice-common/configure.ac | ||
15 | index b5cb960..78f1360 100644 | ||
16 | --- a/spice-common/configure.ac | ||
17 | +++ b/spice-common/configure.ac | ||
18 | @@ -13,7 +13,7 @@ AC_CONFIG_AUX_DIR([build-aux]) | ||
19 | m4_ifdef([AM_PROG_AR], [AM_PROG_AR]) | ||
20 | |||
21 | # Checks for programs | ||
22 | -AM_INIT_AUTOMAKE([1.11 dist-xz no-dist-gzip tar-ustar foreign -Wall -Werror]) | ||
23 | +AM_INIT_AUTOMAKE([1.11 dist-xz no-dist-gzip tar-ustar foreign subdir-objects -Wall -Werror]) | ||
24 | AM_MAINTAINER_MODE | ||
25 | AM_SILENT_RULES([yes]) | ||
26 | LT_INIT | ||
27 | -- | ||
28 | 1.8.3.2 | ||
29 | |||
diff --git a/meta-networking/recipes-support/spice/files/spice-fix-CVE-2013-4282.patch b/meta-networking/recipes-support/spice/files/spice-fix-CVE-2013-4282.patch deleted file mode 100644 index 1a00a8518..000000000 --- a/meta-networking/recipes-support/spice/files/spice-fix-CVE-2013-4282.patch +++ /dev/null | |||
@@ -1,100 +0,0 @@ | |||
1 | Fix buffer overflow when decrypting client SPICE ticket | ||
2 | |||
3 | commit 8af619009660b24e0b41ad26b30289eea288fcc2 upstream | ||
4 | |||
5 | reds_handle_ticket uses a fixed size 'password' buffer for the decrypted | ||
6 | password whose size is SPICE_MAX_PASSWORD_LENGTH. However, | ||
7 | RSA_private_decrypt which we call for the decryption expects the | ||
8 | destination buffer to be at least RSA_size(link->tiTicketing.rsa) | ||
9 | bytes long. On my spice-server build, SPICE_MAX_PASSWORD_LENGTH | ||
10 | is 60 while RSA_size() is 128, so we end up overflowing 'password' | ||
11 | when using long passwords (this was reproduced using the string: | ||
12 | 'fullscreen=1proxy=#enter proxy here; e.g spice_proxy = http://[proxy]:[port]' | ||
13 | as a password). | ||
14 | |||
15 | When the overflow occurs, QEMU dies with: | ||
16 | *** stack smashing detected ***: qemu-system-x86_64 terminated | ||
17 | |||
18 | This commit ensures we use a corectly sized 'password' buffer, | ||
19 | and that it's correctly nul-terminated so that we can use strcmp | ||
20 | instead of strncmp. To keep using strncmp, we'd need to figure out | ||
21 | which one of 'password' and 'taTicket.password' is the smaller buffer, | ||
22 | and use that size. | ||
23 | |||
24 | This fixes rhbz#999839 | ||
25 | diff --git a/server/reds.c b/server/reds.c | ||
26 | index 30d0652..6f262b0 100644 | ||
27 | --- a/server/reds.c | ||
28 | +++ b/server/reds.c | ||
29 | @@ -1931,39 +1931,59 @@ static void reds_handle_link(RedLinkInfo *link) | ||
30 | static void reds_handle_ticket(void *opaque) | ||
31 | { | ||
32 | RedLinkInfo *link = (RedLinkInfo *)opaque; | ||
33 | - char password[SPICE_MAX_PASSWORD_LENGTH]; | ||
34 | + char *password; | ||
35 | time_t ltime; | ||
36 | + int password_size; | ||
37 | |||
38 | //todo: use monotonic time | ||
39 | time(<ime); | ||
40 | - RSA_private_decrypt(link->tiTicketing.rsa_size, | ||
41 | - link->tiTicketing.encrypted_ticket.encrypted_data, | ||
42 | - (unsigned char *)password, link->tiTicketing.rsa, RSA_PKCS1_OAEP_PADDING); | ||
43 | + if (RSA_size(link->tiTicketing.rsa) < SPICE_MAX_PASSWORD_LENGTH) { | ||
44 | + spice_warning("RSA modulus size is smaller than SPICE_MAX_PASSWORD_LENGTH (%d < %d), " | ||
45 | + "SPICE ticket sent from client may be truncated", | ||
46 | + RSA_size(link->tiTicketing.rsa), SPICE_MAX_PASSWORD_LENGTH); | ||
47 | + } | ||
48 | + | ||
49 | + password = g_malloc0(RSA_size(link->tiTicketing.rsa) + 1); | ||
50 | + password_size = RSA_private_decrypt(link->tiTicketing.rsa_size, | ||
51 | + link->tiTicketing.encrypted_ticket.encrypted_data, | ||
52 | + (unsigned char *)password, | ||
53 | + link->tiTicketing.rsa, | ||
54 | + RSA_PKCS1_OAEP_PADDING); | ||
55 | + if (password_size == -1) { | ||
56 | + spice_warning("failed to decrypt RSA encrypted password: %s", | ||
57 | + ERR_error_string(ERR_get_error(), NULL)); | ||
58 | + goto error; | ||
59 | + } | ||
60 | + password[password_size] = '\0'; | ||
61 | |||
62 | if (ticketing_enabled && !link->skip_auth) { | ||
63 | int expired = taTicket.expiration_time < ltime; | ||
64 | |||
65 | if (strlen(taTicket.password) == 0) { | ||
66 | - reds_send_link_result(link, SPICE_LINK_ERR_PERMISSION_DENIED); | ||
67 | spice_warning("Ticketing is enabled, but no password is set. " | ||
68 | - "please set a ticket first"); | ||
69 | - reds_link_free(link); | ||
70 | - return; | ||
71 | + "please set a ticket first"); | ||
72 | + goto error; | ||
73 | } | ||
74 | |||
75 | - if (expired || strncmp(password, taTicket.password, SPICE_MAX_PASSWORD_LENGTH) != 0) { | ||
76 | + if (expired || strcmp(password, taTicket.password) != 0) { | ||
77 | if (expired) { | ||
78 | spice_warning("Ticket has expired"); | ||
79 | } else { | ||
80 | spice_warning("Invalid password"); | ||
81 | } | ||
82 | - reds_send_link_result(link, SPICE_LINK_ERR_PERMISSION_DENIED); | ||
83 | - reds_link_free(link); | ||
84 | - return; | ||
85 | + goto error; | ||
86 | } | ||
87 | } | ||
88 | |||
89 | reds_handle_link(link); | ||
90 | + goto end; | ||
91 | + | ||
92 | +error: | ||
93 | + reds_send_link_result(link, SPICE_LINK_ERR_PERMISSION_DENIED); | ||
94 | + reds_link_free(link); | ||
95 | + | ||
96 | +end: | ||
97 | + g_free(password); | ||
98 | } | ||
99 | |||
100 | static inline void async_read_clear_handlers(AsyncRead *obj) | ||
diff --git a/meta-networking/recipes-support/spice/spice-protocol_git.bb b/meta-networking/recipes-support/spice/spice-protocol_git.bb new file mode 100644 index 000000000..1405985ed --- /dev/null +++ b/meta-networking/recipes-support/spice/spice-protocol_git.bb | |||
@@ -0,0 +1,32 @@ | |||
1 | # | ||
2 | # Copyright (C) 2013 Wind River Systems, Inc. | ||
3 | # | ||
4 | |||
5 | SUMMARY = "Simple Protocol for Independent Computing Environments" | ||
6 | DESCRIPTION = "SPICE (the Simple Protocol for Independent Computing \ | ||
7 | Environments) is a remote-display system built for virtual \ | ||
8 | environments which allows users to view a computing 'desktop' \ | ||
9 | environment - not only on its computer-server machine, but also from \ | ||
10 | anywhere on the Internet and using a wide variety of machine \ | ||
11 | architectures." | ||
12 | |||
13 | LICENSE = "BSD" | ||
14 | LIC_FILES_CHKSUM = "file://COPYING;md5=b37311cb5604f3e5cc2fb0fd23527e95" | ||
15 | |||
16 | PV = "0.12.13+git${SRCPV}" | ||
17 | |||
18 | SRCREV_spice-protocol = "8dda82b49d8f848a25e3a1ef6df943276c59e462" | ||
19 | #SRCREV_spice-common = "70d4739ce2f90f904fa96e22e438e9b424a3dd42" | ||
20 | |||
21 | #SRCREV_FORMAT = "spice-protocol_spice-common" | ||
22 | |||
23 | SRC_URI = " \ | ||
24 | git://anongit.freedesktop.org/spice/spice-protocol;name=spice-protocol \ | ||
25 | " | ||
26 | # git://anongit.freedesktop.org/spice/spice-common;destsuffix=git/spice-common;name=spice-common | ||
27 | |||
28 | S = "${WORKDIR}/git" | ||
29 | |||
30 | inherit autotools gettext pkgconfig | ||
31 | |||
32 | BBCLASSEXTEND = "native nativesdk" | ||
diff --git a/meta-networking/recipes-support/spice/spice/0001-build-allow-separated-src-and-build-dirs.patch b/meta-networking/recipes-support/spice/spice/0001-build-allow-separated-src-and-build-dirs.patch new file mode 100644 index 000000000..8d246cc7f --- /dev/null +++ b/meta-networking/recipes-support/spice/spice/0001-build-allow-separated-src-and-build-dirs.patch | |||
@@ -0,0 +1,33 @@ | |||
1 | From 812a1a099cc48edcf1280fc329bf5330237f3cc2 Mon Sep 17 00:00:00 2001 | ||
2 | From: Mark Asselstine <mark.asselstine@windriver.com> | ||
3 | Date: Thu, 1 May 2014 12:09:16 -0400 | ||
4 | Subject: [PATCH] build: allow separated src and build dirs | ||
5 | |||
6 | We need to expland the list of include dirs to include the build dir since | ||
7 | generated files will be created there instead of in the src dir. | ||
8 | |||
9 | We also don't want to force using $srcdir for generated files as this will | ||
10 | allow them to be created in the build dir. We account for the slight | ||
11 | deviation in the generated files with expanded include paths. | ||
12 | |||
13 | Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> | ||
14 | --- | ||
15 | configure.ac | 2 +- | ||
16 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
17 | |||
18 | diff --git a/configure.ac b/configure.ac | ||
19 | index 483dbfdf..7d990aaa 100644 | ||
20 | --- a/configure.ac | ||
21 | +++ b/configure.ac | ||
22 | @@ -138,7 +138,7 @@ dnl ========================================================================= | ||
23 | dnl Check deps | ||
24 | |||
25 | AC_CONFIG_SUBDIRS([spice-common]) | ||
26 | -COMMON_CFLAGS='-I ${top_srcdir}/spice-common/ -I ${top_builddir}/spice-common/' | ||
27 | +COMMON_CFLAGS='-I ${top_srcdir}/spice-common/ -I ${top_srcdir}/spice-common/common/ -I ${top_srcdir}/spice-common/spice-protocol/ -I ${top_builddir}/spice-common/' | ||
28 | COMMON_CFLAGS="$COMMON_CFLAGS -DG_LOG_DOMAIN=\\\"Spice\\\"" | ||
29 | AC_SUBST(COMMON_CFLAGS) | ||
30 | |||
31 | -- | ||
32 | 2.14.1 | ||
33 | |||
diff --git a/meta-networking/recipes-support/spice/spice_git.bb b/meta-networking/recipes-support/spice/spice_git.bb index dfe461364..1b65d6fd7 100644 --- a/meta-networking/recipes-support/spice/spice_git.bb +++ b/meta-networking/recipes-support/spice/spice_git.bb | |||
@@ -13,39 +13,26 @@ architectures." | |||
13 | LICENSE = "BSD & LGPLv2.1+" | 13 | LICENSE = "BSD & LGPLv2.1+" |
14 | LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" | 14 | LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" |
15 | 15 | ||
16 | PV = "0.12.4+git${SRCPV}" | 16 | PV = "0.13.90+git${SRCPV}" |
17 | 17 | ||
18 | # Actual versions based on the checkouts below | 18 | SRCREV_spice = "2c1037f47c37899842b1696bbab0d3a4ed6c7b09" |
19 | # spice = "0.12.4" | 19 | SRCREV_spice-common = "70d4739ce2f90f904fa96e22e438e9b424a3dd42" |
20 | # common = "0.12.6" | ||
21 | # protocol = "0.12.6" | ||
22 | SRCREV_spice = "b270fb010a3ddb432dfe6b15e4bdffa6ac086cd0" | ||
23 | SRCREV_spice-common = "fe93908238196bd632287fc9875e6f2e11105d04" | ||
24 | SRCREV_spice-protocol = "784407f248e7f99d2bfcc9368f9acd1efb2b9617" | ||
25 | 20 | ||
26 | SRCREV_FORMAT = "spice_spice-common_spice-protocol" | 21 | SRCREV_FORMAT = "spice_spice-common" |
27 | 22 | ||
28 | SRC_URI = " \ | 23 | SRC_URI = " \ |
29 | git://anongit.freedesktop.org/spice/spice;name=spice \ | 24 | git://anongit.freedesktop.org/spice/spice;name=spice \ |
30 | git://anongit.freedesktop.org/spice/spice-common;destsuffix=git/spice-common;name=spice-common \ | 25 | git://anongit.freedesktop.org/spice/spice-common;destsuffix=git/spice-common;name=spice-common \ |
31 | git://anongit.freedesktop.org/spice/spice-protocol;destsuffix=git/spice-common/spice-protocol;name=spice-protocol \ | ||
32 | " | 26 | " |
33 | 27 | FOO = "\ | |
34 | SRC_URI += " \ | 28 | file://0001-build-allow-separated-src-and-build-dirs.patch \ |
35 | file://spice-fix-CVE-2013-4282.patch \ | ||
36 | file://configure.ac-add-subdir-objects-to-AM_INIT_AUTOMAKE.patch \ | ||
37 | file://build-allow-separated-src-and-build-dirs.patch \ | ||
38 | file://0001-red_parse_qxl-Fix-BITMAP_FMT_IS_RGB-defined-but-not-.patch \ | ||
39 | file://0001-Use-PRI-macros-in-printf-to-keep-compatibility-betwe.patch \ | ||
40 | file://Fix-build-issues-with-gcc-7.patch \ | ||
41 | file://0001-spice-compile-warnings.m4-don-t-define-FORITFY_SOURC.patch \ | ||
42 | " | 29 | " |
43 | 30 | ||
44 | S = "${WORKDIR}/git" | 31 | S = "${WORKDIR}/git" |
45 | 32 | ||
46 | inherit autotools gettext pythonnative python-dir pkgconfig | 33 | inherit autotools gettext pythonnative python-dir pkgconfig |
47 | 34 | ||
48 | DEPENDS += "celt051 jpeg pixman alsa-lib glib-2.0 python-pyparsing-native" | 35 | DEPENDS += "spice-protocol jpeg pixman alsa-lib glib-2.0 python-pyparsing-native python-six-native glib-2.0-native" |
49 | DEPENDS_append_class-nativesdk = "nativesdk-openssl" | 36 | DEPENDS_append_class-nativesdk = "nativesdk-openssl" |
50 | 37 | ||
51 | export PYTHON="${STAGING_BINDIR_NATIVE}/python-native/python" | 38 | export PYTHON="${STAGING_BINDIR_NATIVE}/python-native/python" |
@@ -55,6 +42,7 @@ PACKAGECONFIG_class-native = "" | |||
55 | PACKAGECONFIG_class-nativesdk = "" | 42 | PACKAGECONFIG_class-nativesdk = "" |
56 | PACKAGECONFIG ?= "sasl" | 43 | PACKAGECONFIG ?= "sasl" |
57 | 44 | ||
45 | PACKAGECONFIG[celt051] = "--enable-celt051,--disable-celt051,celt051" | ||
58 | PACKAGECONFIG[smartcard] = "--enable-smartcard,--disable-smartcard,libcacard," | 46 | PACKAGECONFIG[smartcard] = "--enable-smartcard,--disable-smartcard,libcacard," |
59 | PACKAGECONFIG[sasl] = "--with-sasl,--without-sasl,cyrus-sasl," | 47 | PACKAGECONFIG[sasl] = "--with-sasl,--without-sasl,cyrus-sasl," |
60 | PACKAGECONFIG[client] = "--enable-client,--disable-client,," | 48 | PACKAGECONFIG[client] = "--enable-client,--disable-client,," |
@@ -62,21 +50,6 @@ PACKAGECONFIG[gui] = "--enable-gui,--disable-gui,," | |||
62 | PACKAGECONFIG[opengl] = "--enable-opengl,--disable-opengl,," | 50 | PACKAGECONFIG[opengl] = "--enable-opengl,--disable-opengl,," |
63 | PACKAGECONFIG[xinerama] = "--enable-xinerama,--disable-xinerama,libxinerama," | 51 | PACKAGECONFIG[xinerama] = "--enable-xinerama,--disable-xinerama,libxinerama," |
64 | 52 | ||
65 | PACKAGES =+ "${PN}-protocol" | ||
66 | LICENSE_${PN}-protocol = "BSD" | ||
67 | FILES_${PN}-protocol += "${includedir}/spice-1" | ||
68 | FILES_${PN}-protocol += "${datadir}/pkgconfig" | ||
69 | |||
70 | do_configure_prepend() { | ||
71 | mkdir -p ${S}/spice-common/spice-protocol/m4 | ||
72 | } | ||
73 | |||
74 | do_install_append() { | ||
75 | cd ${B}/spice-common/spice-protocol | ||
76 | oe_runmake DESTDIR="${D}" install | ||
77 | cd - | ||
78 | } | ||
79 | |||
80 | COMPATIBLE_HOST = '(x86_64|i.86).*-linux' | 53 | COMPATIBLE_HOST = '(x86_64|i.86).*-linux' |
81 | 54 | ||
82 | BBCLASSEXTEND = "native nativesdk" | 55 | BBCLASSEXTEND = "native nativesdk" |