spice-vdagent: 0.20.0 -> 0.21.0

Fixes CVE-2020-25650, CVE-2020-25651, CVE-2020-25652 and
CVE-2020-25653.

Changelog:
https://gitlab.freedesktop.org/spice/linux/vd_agent/-/blob/spice-vdagent-0.21.0/CHANGELOG.md
This commit is contained in:
Thomas Gerbet 2021-04-17 19:54:21 +02:00
parent c27aea5e87
commit a9964ef276
2 changed files with 5 additions and 92 deletions

View File

@ -2,15 +2,12 @@
libpciaccess, libxcb, libXrandr, libXinerama, libXfixes, dbus, libdrm,
systemd}:
stdenv.mkDerivation rec {
name = "spice-vdagent-0.20.0";
pname = "spice-vdagent";
version = "0.21.0";
src = fetchurl {
url = "https://www.spice-space.org/download/releases/${name}.tar.bz2";
sha256 = "0n9k2kna2gd1zi6jv45zsp2jlv439nz5l5jjijirxqaycwi74srf";
url = "https://www.spice-space.org/download/releases/${pname}-${version}.tar.bz2";
sha256 = "0n8jlc1pv6mkry161y656b1nk9hhhminjq6nymzmmyjl7k95ymzx";
};
NIX_CFLAGS_COMPILE = [ "-Wno-error=address-of-packed-member" ];
patchFlags = [ "-uNp1" ];
# included in the next release.
patches = [ ./timeout.diff ];
postPatch = ''
substituteInPlace data/spice-vdagent.desktop --replace /usr $out
'';
@ -29,7 +26,7 @@ stdenv.mkDerivation rec {
* Multiple displays
'';
homepage = "https://www.spice-space.org/";
license = lib.licenses.gpl3;
license = lib.licenses.gpl3Plus;
maintainers = [ lib.maintainers.aboseley ];
platforms = lib.platforms.linux;
};

View File

@ -1,84 +0,0 @@
diff --git a/src/udscs.c b/src/udscs.c
index 4de75f8..7c99eed 100644
--- a/src/udscs.c
+++ b/src/udscs.c
@@ -186,6 +186,7 @@ struct udscs_server *udscs_server_new(
server->read_callback = read_callback;
server->error_cb = error_cb;
server->service = g_socket_service_new();
+ g_socket_service_stop(server->service);
g_signal_connect(server->service, "incoming",
G_CALLBACK(udscs_server_accept_cb), server);
@@ -223,6 +224,11 @@ void udscs_server_listen_to_address(struct udscs_server *server,
g_object_unref(sock_addr);
}
+void udscs_server_start(struct udscs_server *server)
+{
+ g_socket_service_start(server->service);
+}
+
void udscs_server_destroy_connection(struct udscs_server *server,
UdscsConnection *conn)
{
diff --git a/src/udscs.h b/src/udscs.h
index 45ebd3f..4f7ea36 100644
--- a/src/udscs.h
+++ b/src/udscs.h
@@ -98,6 +98,8 @@ void udscs_server_listen_to_address(struct udscs_server *server,
const gchar *addr,
GError **err);
+void udscs_server_start(struct udscs_server *server);
+
void udscs_server_destroy_connection(struct udscs_server *server,
UdscsConnection *conn);
diff --git a/src/vdagentd/vdagentd.c b/src/vdagentd/vdagentd.c
index cfd0a51..753c9bf 100644
--- a/src/vdagentd/vdagentd.c
+++ b/src/vdagentd/vdagentd.c
@@ -1184,10 +1184,6 @@ int main(int argc, char *argv[])
uinput_device = g_strdup(DEFAULT_UINPUT_DEVICE);
}
- g_unix_signal_add(SIGINT, signal_handler, NULL);
- g_unix_signal_add(SIGHUP, signal_handler, NULL);
- g_unix_signal_add(SIGTERM, signal_handler, NULL);
-
openlog("spice-vdagentd", do_daemonize ? 0 : LOG_PERROR, LOG_USER);
/* Setup communication with vdagent process(es) */
@@ -1228,9 +1224,6 @@ int main(int argc, char *argv[])
}
}
- if (do_daemonize)
- daemonize();
-
#ifdef WITH_STATIC_UINPUT
uinput = vdagentd_uinput_create(uinput_device, 1024, 768, NULL, 0,
debug > 1, uinput_fake);
@@ -1240,6 +1233,13 @@ int main(int argc, char *argv[])
}
#endif
+ if (do_daemonize)
+ daemonize();
+
+ g_unix_signal_add(SIGINT, signal_handler, NULL);
+ g_unix_signal_add(SIGHUP, signal_handler, NULL);
+ g_unix_signal_add(SIGTERM, signal_handler, NULL);
+
if (want_session_info)
session_info = session_info_create(debug);
if (session_info) {
@@ -1252,6 +1252,7 @@ int main(int argc, char *argv[])
active_xfers = g_hash_table_new(g_direct_hash, g_direct_equal);
+ udscs_server_start(server);
loop = g_main_loop_new(NULL, FALSE);
g_main_loop_run(loop);