commit: ad28dfa767dead9be522f8bd8801ba76eb33a324 Author: Matthias Maier <tamiko <AT> gentoo <DOT> org> AuthorDate: Sat Apr 18 18:35:25 2020 +0000 Commit: Matthias Maier <tamiko <AT> gentoo <DOT> org> CommitDate: Sat Apr 18 18:56:14 2020 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ad28dfa7
app-emulation/spice: drop vulnerable versions, bug #717776 Bug: https://bugs.gentoo.org/717776 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Matthias Maier <tamiko <AT> gentoo.org> app-emulation/spice/Manifest | 2 - ...0.14.0-fix-flexible-array-buffer-overflow.patch | 12 --- .../spice/files/spice-0.14.0-libressl_fix.patch | 13 --- .../spice/files/spice-0.14.0-openssl1.1_fix.patch | 26 ------ app-emulation/spice/spice-0.14.0-r2.ebuild | 102 --------------------- app-emulation/spice/spice-0.14.2.ebuild | 100 -------------------- 6 files changed, 255 deletions(-) diff --git a/app-emulation/spice/Manifest b/app-emulation/spice/Manifest index 57ed7cd9f34..7b50d54451c 100644 --- a/app-emulation/spice/Manifest +++ b/app-emulation/spice/Manifest @@ -1,3 +1 @@ -DIST spice-0.14.0.tar.bz2 1330195 BLAKE2B 08f93e8ddeb79adb4feac0557a854cc41fd096a9dfefc0baaca176803c2a03ef9286c4f61a135d62ad22e3ac3f4bb31ffd1614c8ddeaec7ae8c01eca34da1750 SHA512 84532146aa628ca6ca459a82afb89d6391892e063668fd4a68023c92cee7ca868b6c82e31dd9886819b76ea745ebdae0d0030e1f608d8f58f51c00f0b09bae1f -DIST spice-0.14.2.tar.bz2 1406009 BLAKE2B e6c57bedd8c8ec0444da194be7279b895bf348dfa9b427d20301cc223627bcd65b7037280bc2a3d0b531b0cdcd8cb62d34ee132c549ac3dc8f6e5a2959339ce2 SHA512 1093b618ea4a7ff31944429ce2903abecfc8d20c35f2d9c8c837a6e053ee429c0115e40665542637a717869209523ac05d15cdb5e77563102d5d3915e4aaaf76 DIST spice-0.14.3.tar.bz2 1504304 BLAKE2B be655e1d4c48dae29903ab8e0dc52da63723e3252052afccc9587065531f28c8af7dbab4c585093f26d98f2273c6e734a553c18d4779a9f4464334ae1764f682 SHA512 9ecdc455ff25c71ac1fe6c576654b51efbfb860110bd6828065d23f7462d5c5cac772074d1a40f033386258d970b77275b2007bcfdffb23fdff2137154ea46e4 diff --git a/app-emulation/spice/files/spice-0.14.0-fix-flexible-array-buffer-overflow.patch b/app-emulation/spice/files/spice-0.14.0-fix-flexible-array-buffer-overflow.patch deleted file mode 100644 index a05bbb7545a..00000000000 --- a/app-emulation/spice/files/spice-0.14.0-fix-flexible-array-buffer-overflow.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git a/spice-common/python_modules/demarshal.py b/spice-common/python_modules/demarshal.py -index 1ea131d..7172762 100644 ---- a/spice-common/python_modules/demarshal.py -+++ b/spice-common/python_modules/demarshal.py -@@ -318,6 +318,7 @@ def write_validate_array_item(writer, container, item, scope, parent_scope, star - writer.assign(nelements, array.size) - elif array.is_remaining_length(): - if element_type.is_fixed_nw_size(): -+ writer.error_check("%s > message_end" % item.get_position()) - if element_type.get_fixed_nw_size() == 1: - writer.assign(nelements, "message_end - %s" % item.get_position()) - else: diff --git a/app-emulation/spice/files/spice-0.14.0-libressl_fix.patch b/app-emulation/spice/files/spice-0.14.0-libressl_fix.patch deleted file mode 100644 index 1dfce9480e9..00000000000 --- a/app-emulation/spice/files/spice-0.14.0-libressl_fix.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/spice-common/common/ssl_verify.c b/spice-common/common/ssl_verify.c -index a9ed650..27aa5d3 100644 ---- a/spice-common/common/ssl_verify.c -+++ b/spice-common/common/ssl_verify.c -@@ -33,7 +33,7 @@ - #include <string.h> - #include <gio/gio.h> - --#if OPENSSL_VERSION_NUMBER < 0x10100000 -+#if OPENSSL_VERSION_NUMBER < 0x10100000 || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L) - static const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *asn1) - { - return M_ASN1_STRING_data(asn1); diff --git a/app-emulation/spice/files/spice-0.14.0-openssl1.1_fix.patch b/app-emulation/spice/files/spice-0.14.0-openssl1.1_fix.patch deleted file mode 100644 index c1c5a1c04ba..00000000000 --- a/app-emulation/spice/files/spice-0.14.0-openssl1.1_fix.patch +++ /dev/null @@ -1,26 +0,0 @@ ---- spice-0.13.90-orig/server/reds.c 2017-07-27 01:04:10.000000000 +1000 -+++ spice-0.13.90/server/reds.c 2017-10-18 21:42:12.054934199 +1100 -@@ -34,6 +34,8 @@ - #include <ctype.h> - - #include <openssl/err.h> -+#include <openssl/bn.h> -+#include <openssl/rsa.h> - - #if HAVE_SASL - #include <sasl/sasl.h> -@@ -2795,9 +2797,12 @@ - - static gpointer openssl_global_init(gpointer arg) - { -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined (LIBRESSL_VERSION_NUMBER) -+ OPENSSL_init_ssl(0, NULL); -+#else - SSL_library_init(); - SSL_load_error_strings(); -- -+#endif - openssl_thread_setup(); - - return NULL; - diff --git a/app-emulation/spice/spice-0.14.0-r2.ebuild b/app-emulation/spice/spice-0.14.0-r2.ebuild deleted file mode 100644 index 49bf1e178a9..00000000000 --- a/app-emulation/spice/spice-0.14.0-r2.ebuild +++ /dev/null @@ -1,102 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 -PYTHON_COMPAT=( python{3_6,3_7} ) - -inherit autotools ltprune python-any-r1 readme.gentoo-r1 xdg-utils - -DESCRIPTION="SPICE server" -HOMEPAGE="https://www.spice-space.org/"; -SRC_URI="https://www.spice-space.org/download/releases/${P}.tar.bz2"; - -LICENSE="LGPL-2.1" -SLOT="0" -KEYWORDS="amd64 ~arm64 x86" -IUSE="libressl lz4 sasl smartcard static-libs gstreamer" - -# the libspice-server only uses the headers of libcacard -RDEPEND=" - dev-lang/orc[static-libs(+)?] - >=dev-libs/glib-2.22:2[static-libs(+)?] - media-libs/opus[static-libs(+)?] - sys-libs/zlib[static-libs(+)?] - virtual/jpeg:0=[static-libs(+)?] - >=x11-libs/pixman-0.17.7[static-libs(+)?] - !libressl? ( dev-libs/openssl:0=[static-libs(+)?] ) - libressl? ( dev-libs/libressl:0=[static-libs(+)?] ) - lz4? ( app-arch/lz4:0=[static-libs(+)?] ) - smartcard? ( >=app-emulation/libcacard-0.1.2 ) - sasl? ( dev-libs/cyrus-sasl[static-libs(+)?] ) - gstreamer? ( - media-libs/gstreamer:1.0 - media-libs/gst-plugins-base:1.0 - )" -DEPEND="${RDEPEND} - ${PYTHON_DEPS} - >=app-emulation/spice-protocol-0.12.13 - virtual/pkgconfig - $(python_gen_any_dep ' - >=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}] - dev-python/six[${PYTHON_USEDEP}] - ') - smartcard? ( app-emulation/qemu[smartcard] )" - -PATCHES=( - "${FILESDIR}"/${P}-libressl_fix.patch - "${FILESDIR}"/${P}-openssl1.1_fix.patch - "${FILESDIR}"/${P}-fix-flexible-array-buffer-overflow.patch -) - -python_check_deps() { - has_version ">=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}]" - has_version "dev-python/six[${PYTHON_USEDEP}]" -} - -pkg_setup() { - [[ ${MERGE_TYPE} != binary ]] && python-any-r1_pkg_setup -} - -src_prepare() { - default - - eautoreconf -} - -src_configure() { - # Prevent sandbox violations, bug #586560 - # https://bugzilla.gnome.org/show_bug.cgi?id=744134 - # https://bugzilla.gnome.org/show_bug.cgi?id=744135 - addpredict /dev - - xdg_environment_reset - - local myconf=" - $(use_enable static-libs static) - $(use_enable lz4) - $(use_with sasl) - $(use_enable smartcard) - --enable-gstreamer=$(usex gstreamer "1.0" "no") - --disable-celt051 - " - econf ${myconf} -} - -src_compile() { - # Prevent sandbox violations, bug #586560 - # https://bugzilla.gnome.org/show_bug.cgi?id=744134 - # https://bugzilla.gnome.org/show_bug.cgi?id=744135 - addpredict /dev - - default -} - -src_install() { - default - use static-libs || prune_libtool_files - readme.gentoo_create_doc -} - -pkg_postinst() { - readme.gentoo_print_elog -} diff --git a/app-emulation/spice/spice-0.14.2.ebuild b/app-emulation/spice/spice-0.14.2.ebuild deleted file mode 100644 index d6489c71369..00000000000 --- a/app-emulation/spice/spice-0.14.2.ebuild +++ /dev/null @@ -1,100 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 -PYTHON_COMPAT=( python{3_6,3_7} ) - -inherit autotools python-any-r1 readme.gentoo-r1 xdg-utils - -DESCRIPTION="SPICE server" -HOMEPAGE="https://www.spice-space.org/"; -SRC_URI="https://www.spice-space.org/download/releases/spice-server/${P}.tar.bz2"; - -LICENSE="LGPL-2.1" -SLOT="0" -KEYWORDS="~amd64 ~arm64 ~x86" -IUSE="libressl lz4 sasl smartcard static-libs gstreamer" - -# the libspice-server only uses the headers of libcacard -RDEPEND=" - dev-lang/orc[static-libs(+)?] - >=dev-libs/glib-2.22:2[static-libs(+)?] - media-libs/opus[static-libs(+)?] - sys-libs/zlib[static-libs(+)?] - virtual/jpeg:0=[static-libs(+)?] - >=x11-libs/pixman-0.17.7[static-libs(+)?] - !libressl? ( dev-libs/openssl:0=[static-libs(+)?] ) - libressl? ( dev-libs/libressl:0=[static-libs(+)?] ) - lz4? ( app-arch/lz4:0=[static-libs(+)?] ) - smartcard? ( >=app-emulation/libcacard-0.1.2 ) - sasl? ( dev-libs/cyrus-sasl[static-libs(+)?] ) - gstreamer? ( - media-libs/gstreamer:1.0 - media-libs/gst-plugins-base:1.0 - )" -DEPEND="${RDEPEND} - >=app-emulation/spice-protocol-0.14.0 - smartcard? ( app-emulation/qemu[smartcard] )" -BDEPEND="${PYTHON_DEPS} - virtual/pkgconfig - $(python_gen_any_dep ' - >=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}] - dev-python/six[${PYTHON_USEDEP}] - ')" - -PATCHES=( - "${FILESDIR}"/${PN}-0.14.0-openssl1.1_fix.patch -) - -python_check_deps() { - has_version -b ">=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}]" - has_version -b "dev-python/six[${PYTHON_USEDEP}]" -} - -pkg_setup() { - [[ ${MERGE_TYPE} != binary ]] && python-any-r1_pkg_setup -} - -src_prepare() { - default - - eautoreconf -} - -src_configure() { - # Prevent sandbox violations, bug #586560 - # https://bugzilla.gnome.org/show_bug.cgi?id=744134 - # https://bugzilla.gnome.org/show_bug.cgi?id=744135 - addpredict /dev - - xdg_environment_reset - - local myconf=" - $(use_enable static-libs static) - $(use_enable lz4) - $(use_with sasl) - $(use_enable smartcard) - --enable-gstreamer=$(usex gstreamer "1.0" "no") - --disable-celt051 - " - econf ${myconf} -} - -src_compile() { - # Prevent sandbox violations, bug #586560 - # https://bugzilla.gnome.org/show_bug.cgi?id=744134 - # https://bugzilla.gnome.org/show_bug.cgi?id=744135 - addpredict /dev - - default -} - -src_install() { - default - use static-libs || find "${D}" -name '*.la' -type f -delete || die - readme.gentoo_create_doc -} - -pkg_postinst() { - readme.gentoo_print_elog -}
