main/spice: security upgrade to 0.14.1 (CVE-2018-10873)

Fixes #9306
2026-01-04 16:21:38 +01:00 · 2018-11-07 13:20:43 +00:00 · 2018-11-07 13:20:43 +00:00 · 4e1c871fdc
commit 4e1c871fdc
parent 53391b2bbe
2 changed files with 195 additions and 8 deletions
--- a/main/spice/0001-Disable-failing-tests.patch
+++ b/main/spice/0001-Disable-failing-tests.patch
@ -0,0 +1,185 @@
+From 9d91f89e27f4889372e53e198504bfa53ba0c762 Mon Sep 17 00:00:00 2001
+From: Leonardo Arena <rnalrd@alpinelinux.org>
+Date: Wed, 7 Nov 2018 11:26:24 +0000
+Subject: [PATCH] Disable failing tests
+
+FAIL: test-listen
+=================
+
+/server/listen/connect_plain: OK
+/server/listen/connect_tls: **
+Spice:ERROR:test-listen.c:117:fake_client_connect_tls: assertion failed (*error == NULL): TLS support is not available (g-tls-error-quark, 0)
+Aborted
+FAIL test-listen (exit status: 134)
+
+FAIL: test-sasl
+===============
+
+(process:27479): Spice-WARNING **: 10:54:41.853: red-stream.c:725:addr_to_string: Cannot resolve address -6: Unrecognized address family or invalid length
+**
+Spice:ERROR:test-sasl.c:516:client_emulator: assertion failed (read_u32_err(sock, &mechlen) == sizeof(uint32_t)): (0 == 4)
+---
+ server/tests/Makefile.am |  4 ----
+ server/tests/Makefile.in | 52 ++++------------------------------------
+ 2 files changed, 5 insertions(+), 51 deletions(-)
+
+diff --git a/server/tests/Makefile.am b/server/tests/Makefile.am
+index 238f25a..8f77f5b 100644
+--- a/server/tests/Makefile.am
+++ b/server/tests/Makefile.am
+@@ -61,7 +61,6 @@ check_PROGRAMS =				\
+ 	test-empty-success			\
+ 	test-channel				\
+ 	test-stream-device			\
+-	test-listen				\
+ 	$(NULL)
+ 
+ noinst_PROGRAMS =				\
+@@ -144,6 +143,3 @@ endif
+ 
+ EXTRA_DIST += video-encoders
+ 
+-if HAVE_SASL
+-check_PROGRAMS += test-sasl
+-endif
+diff --git a/server/tests/Makefile.in b/server/tests/Makefile.in
+index bd2c74b..1c5ab4b 100644
+--- a/server/tests/Makefile.in
+++ b/server/tests/Makefile.in
+@@ -96,7 +96,7 @@ check_PROGRAMS = test-codecs-parsing$(EXEEXT) test-options$(EXEEXT) \
+ 	test-leaks$(EXEEXT) test-vdagent$(EXEEXT) \
+ 	test-fail-on-null-core-interface$(EXEEXT) \
+ 	test-empty-success$(EXEEXT) test-channel$(EXEEXT) \
+-	test-stream-device$(EXEEXT) test-listen$(EXEEXT) \
+	test-stream-device$(EXEEXT) \
+ 	$(am__EXEEXT_1) $(am__EXEEXT_2)
+ noinst_PROGRAMS = test-display-no-ssl$(EXEEXT) \
+ 	test-display-streaming$(EXEEXT) test-playback$(EXEEXT) \
+@@ -107,7 +107,6 @@ noinst_PROGRAMS = test-display-no-ssl$(EXEEXT) \
+ TESTS = $(check_PROGRAMS) $(am__EXEEXT_1) $(am__append_2)
+ @HAVE_GSTREAMER_TRUE@am__append_1 = test-gst
+ @ENABLE_EXTRA_CHECKS_TRUE@@HAVE_GSTREAMER_TRUE@am__append_2 = video-encoders
+-@HAVE_SASL_TRUE@am__append_3 = test-sasl
+ subdir = server/tests
+ ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+ am__aclocal_m4_deps = $(top_srcdir)/m4/ax_valgrind_check.m4 \
+@@ -158,7 +157,6 @@ am_libtest_a_OBJECTS = basic-event-loop.$(OBJEXT) \
+ 	$(am__objects_1)
+ libtest_a_OBJECTS = $(am_libtest_a_OBJECTS)
+ am__EXEEXT_1 =
+-@HAVE_SASL_TRUE@am__EXEEXT_2 = test-sasl$(EXEEXT)
+ @HAVE_GSTREAMER_TRUE@am__EXEEXT_3 = test-gst$(EXEEXT)
+ PROGRAMS = $(noinst_PROGRAMS)
+ am__dirstamp = $(am__leading_dot)dirstamp
+@@ -271,14 +269,6 @@ test_leaks_DEPENDENCIES = libtest.a \
+ 	$(top_builddir)/server/libserver.la $(am__DEPENDENCIES_1) \
+ 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+-test_listen_SOURCES = test-listen.c
+-test_listen_OBJECTS = test-listen.$(OBJEXT)
+-test_listen_LDADD = $(LDADD)
+-test_listen_DEPENDENCIES = libtest.a \
+-	$(SPICE_COMMON_DIR)/common/libspice-common.la \
+-	$(top_builddir)/server/libserver.la $(am__DEPENDENCIES_1) \
+-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+ test_loop_SOURCES = test-loop.c
+ test_loop_OBJECTS = test-loop.$(OBJEXT)
+ test_loop_LDADD = $(LDADD)
+@@ -311,14 +301,6 @@ test_qxl_parsing_DEPENDENCIES = libtest.a \
+ 	$(top_builddir)/server/libserver.la $(am__DEPENDENCIES_1) \
+ 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+-test_sasl_SOURCES = test-sasl.c
+-test_sasl_OBJECTS = test-sasl.$(OBJEXT)
+-test_sasl_LDADD = $(LDADD)
+-test_sasl_DEPENDENCIES = libtest.a \
+-	$(SPICE_COMMON_DIR)/common/libspice-common.la \
+-	$(top_builddir)/server/libserver.la $(am__DEPENDENCIES_1) \
+-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+ am_test_stat_OBJECTS = test-stat.$(OBJEXT)
+ test_stat_OBJECTS = $(am_test_stat_OBJECTS)
+ am__DEPENDENCIES_2 = libtest.a \
+@@ -410,8 +392,8 @@ SOURCES = $(libtest_stat1_a_SOURCES) $(libtest_stat2_a_SOURCES) \
+ 	test-display-no-ssl.c test-display-resolution-changes.c \
+ 	test-display-streaming.c test-display-width-stride.c \
+ 	test-empty-success.c test-fail-on-null-core-interface.c \
+-	$(test_gst_SOURCES) test-leaks.c test-listen.c test-loop.c \
+-	test-options.c test-playback.c test-qxl-parsing.c test-sasl.c \
+	$(test_gst_SOURCES) test-leaks.c test-loop.c \
+	test-options.c test-playback.c test-qxl-parsing.c \
+ 	$(test_stat_SOURCES) test-stat-file.c test-stream.c \
+ 	test-stream-device.c test-two-servers.c test-vdagent.c
+ DIST_SOURCES = $(libtest_stat1_a_SOURCES) $(libtest_stat2_a_SOURCES) \
+@@ -421,9 +403,9 @@ DIST_SOURCES = $(libtest_stat1_a_SOURCES) $(libtest_stat2_a_SOURCES) \
+ 	test-display-no-ssl.c test-display-resolution-changes.c \
+ 	test-display-streaming.c test-display-width-stride.c \
+ 	test-empty-success.c test-fail-on-null-core-interface.c \
+-	$(am__test_gst_SOURCES_DIST) test-leaks.c test-listen.c \
+	$(am__test_gst_SOURCES_DIST) test-leaks.c \
+ 	test-loop.c test-options.c test-playback.c test-qxl-parsing.c \
+-	test-sasl.c $(test_stat_SOURCES) test-stat-file.c \
+	$(test_stat_SOURCES) test-stat-file.c \
+ 	test-stream.c test-stream-device.c test-two-servers.c \
+ 	test-vdagent.c
+ am__can_run_installinfo = \
+@@ -1050,10 +1032,6 @@ test-leaks$(EXEEXT): $(test_leaks_OBJECTS) $(test_leaks_DEPENDENCIES) $(EXTRA_te
+ 	@rm -f test-leaks$(EXEEXT)
+ 	$(AM_V_CCLD)$(LINK) $(test_leaks_OBJECTS) $(test_leaks_LDADD) $(LIBS)
+ 
+-test-listen$(EXEEXT): $(test_listen_OBJECTS) $(test_listen_DEPENDENCIES) $(EXTRA_test_listen_DEPENDENCIES) 
+-	@rm -f test-listen$(EXEEXT)
+-	$(AM_V_CCLD)$(LINK) $(test_listen_OBJECTS) $(test_listen_LDADD) $(LIBS)
+-
+ test-loop$(EXEEXT): $(test_loop_OBJECTS) $(test_loop_DEPENDENCIES) $(EXTRA_test_loop_DEPENDENCIES) 
+ 	@rm -f test-loop$(EXEEXT)
+ 	$(AM_V_CCLD)$(LINK) $(test_loop_OBJECTS) $(test_loop_LDADD) $(LIBS)
+@@ -1070,10 +1048,6 @@ test-qxl-parsing$(EXEEXT): $(test_qxl_parsing_OBJECTS) $(test_qxl_parsing_DEPEND
+ 	@rm -f test-qxl-parsing$(EXEEXT)
+ 	$(AM_V_CCLD)$(LINK) $(test_qxl_parsing_OBJECTS) $(test_qxl_parsing_LDADD) $(LIBS)
+ 
+-test-sasl$(EXEEXT): $(test_sasl_OBJECTS) $(test_sasl_DEPENDENCIES) $(EXTRA_test_sasl_DEPENDENCIES) 
+-	@rm -f test-sasl$(EXEEXT)
+-	$(AM_V_CCLD)$(LINK) $(test_sasl_OBJECTS) $(test_sasl_LDADD) $(LIBS)
+-
+ test-stat$(EXEEXT): $(test_stat_OBJECTS) $(test_stat_DEPENDENCIES) $(EXTRA_test_stat_DEPENDENCIES) 
+ 	@rm -f test-stat$(EXEEXT)
+ 	$(AM_V_CCLD)$(LINK) $(test_stat_OBJECTS) $(test_stat_LDADD) $(LIBS)
+@@ -1124,12 +1098,10 @@ distclean-compile:
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-fail-on-null-core-interface.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-glib-compat.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-leaks.Po@am__quote@
+-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-listen.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-loop.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-options.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-playback.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-qxl-parsing.Po@am__quote@
+-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-sasl.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-stat-file.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-stat.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-stream-device.Po@am__quote@
+@@ -1529,20 +1501,6 @@ test-stream-device.log: test-stream-device$(EXEEXT)
+ 	--log-file $$b.log --trs-file $$b.trs \
+ 	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+ 	"$$tst" $(AM_TESTS_FD_REDIRECT)
+-test-listen.log: test-listen$(EXEEXT)
+-	@p='test-listen$(EXEEXT)'; \
+-	b='test-listen'; \
+-	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+-	--log-file $$b.log --trs-file $$b.trs \
+-	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+-	"$$tst" $(AM_TESTS_FD_REDIRECT)
+-test-sasl.log: test-sasl$(EXEEXT)
+-	@p='test-sasl$(EXEEXT)'; \
+-	b='test-sasl'; \
+-	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+-	--log-file $$b.log --trs-file $$b.trs \
+-	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+-	"$$tst" $(AM_TESTS_FD_REDIRECT)
+ video-encoders.log: video-encoders
+ 	@p='video-encoders'; \
+ 	b='video-encoders'; \
+-- 
+2.19.1
+
--- a/main/spice/APKBUILD
+++ b/main/spice/APKBUILD
@ -1,8 +1,8 @@
 # Contributor: Natanael Copa <ncopa@alpinelinux.org>
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=spice
-pkgver=0.14.0
-pkgrel=7
+pkgver=0.14.1
+pkgrel=0
 pkgdesc="Implements the SPICE protocol"
 url="http://www.spice-space.org/"
 arch="all"
@ -13,12 +13,14 @@ makedepends="$depends_dev alsa-lib-dev libjpeg-turbo-dev libxrandr-dev
 	cyrus-sasl-dev libxfixes-dev python2-dev bash cegui06-dev py-parsing
 	py-six glib-dev opus-dev libressl-dev"
 subpackages="$pkgname-dev $pkgname-server"
-source="https://www.spice-space.org/download/releases/$pkgname-$pkgver.tar.bz2
-	disable-test-channel.patch
+source="https://www.spice-space.org/download/releases/spice-server/spice-$pkgver.tar.bz2
+	0001-Disable-failing-tests.patch
 	"
 builddir="$srcdir/$pkgname-$pkgver"

 # secfixes:
+#   0.14.1-r0:
+#     - CVE-2018-10873
 #   0.12.8-r4:
 #     - CVE-2017-7506
 #   0.12.8-r3:
@ -38,8 +40,8 @@ build() {
 		--enable-gui \
 		--enable-client \
 		--disable-smartcard \
-		--enable-opus
-	make -C spice-common WARN_CFLAGS=''
+		--enable-opus \
+		--enable-celt051
 	make WARN_CFLAGS=''
 }

@ -59,5 +61,5 @@ server() {
 	mv "$pkgdir"/usr/lib/*server.so.* "$subpkgdir"/usr/lib/
 }

-sha512sums="84532146aa628ca6ca459a82afb89d6391892e063668fd4a68023c92cee7ca868b6c82e31dd9886819b76ea745ebdae0d0030e1f608d8f58f51c00f0b09bae1f  spice-0.14.0.tar.bz2
-77d3600f17c7b64b7b8eca4440244fbe4198c8541be262dd7825925bab731b116f4483a07f4b1d5a2e3d3761caedfaded2f999f57596495b65d11af9390e8242  disable-test-channel.patch"
+sha512sums="2c0b4fbcb68c76bc0404a807f28c9645a30c6b88e81d2bc574d63b036778a299cebc0ae12aa72f2e1496f66cbf414325125948d440541a40e1b9e53b8956542d  spice-0.14.1.tar.bz2
+84aa70f5ba7700ac8cc4f0276a6b3497c4d55e8dd6f8523c8f7360d65cedf981b6fce6ab2c89d254df9631b4e910bcf28ff6e2d26058c854bcf507ce96e26ad4  0001-Disable-failing-tests.patch"