From b74805e260664d8d968d65ca63c00c99c31e762d Mon Sep 17 00:00:00 2001
From: Matthias Maier <tamiko@gentoo.org>
Date: Wed, 18 Nov 2015 13:25:53 -0600
Subject: app-emulation/spice: drop vulnerable (bug #562890,
 CVE-2015-{5260,5261})

Drop vulnerable version 0.12.5

Gentoo-Bug: 562890

Package-Manager: portage-2.2.24
---
 app-emulation/spice/Manifest                       |  1 -
 ...n-mjpeg_encoder_adjust_params_to_bit_rate.patch | 30 --------
 ....5-fix-crash-when-clearing-surface-memory.patch | 31 --------
 ...ver-dont-assert-on-invalid-client-message.patch | 30 --------
 app-emulation/spice/spice-0.12.5-r1.ebuild         | 82 ----------------------
 5 files changed, 174 deletions(-)
 delete mode 100644 app-emulation/spice/files/spice-0.12.5-fix-assert-in-mjpeg_encoder_adjust_params_to_bit_rate.patch
 delete mode 100644 app-emulation/spice/files/spice-0.12.5-fix-crash-when-clearing-surface-memory.patch
 delete mode 100644 app-emulation/spice/files/spice-0.12.5-server-dont-assert-on-invalid-client-message.patch
 delete mode 100644 app-emulation/spice/spice-0.12.5-r1.ebuild

(limited to 'app-emulation/spice')

diff --git a/app-emulation/spice/Manifest b/app-emulation/spice/Manifest
index fe059373a51c..cd51bb5e3c5d 100644
--- a/app-emulation/spice/Manifest
+++ b/app-emulation/spice/Manifest
@@ -1,2 +1 @@
-DIST spice-0.12.5.tar.bz2 1737169 SHA256 4209a20d8f67cb99a8a6ac499cfe79a18d4ca226360457954a223d6795c2f581 SHA512 1501c913ba3b1856444536a9bfda7a2138a96088f940b483e963df342b91deb945d77bfb3c83ebddfcd7c3008695c0dd7df30ff9fd8502cbbcac1c610a273572 WHIRLPOOL 8f50a91febb0d2279ac867ae31cb14f996106625f0f26ba1bb8b5b576eedce6839f52c70e19a03f03be209f695c36b3ba1d94fadee6c9f134e2afffd5b99c476
 DIST spice-0.12.6.tar.bz2 1181088 SHA256 f148ea30135bf80a4f465ce723a1cd6d4ccb34c098b6298a020b378ace8569b6 SHA512 877d9c447a09055c61db7839ae1a2bbd97ab1178d8fd30fff83883064f8a2f269479649e696732095833ed3fda2d0cc0cbe2a420decb89d36d2cf2f18ad9a3db WHIRLPOOL e381cf469a29be9a91ab442ee5f426a44ee569528d9297401df1c927cbf558e9daee7709cd69a4cc6389481b0c5aa26b19e56f0e97576e270d768842581544fe
diff --git a/app-emulation/spice/files/spice-0.12.5-fix-assert-in-mjpeg_encoder_adjust_params_to_bit_rate.patch b/app-emulation/spice/files/spice-0.12.5-fix-assert-in-mjpeg_encoder_adjust_params_to_bit_rate.patch
deleted file mode 100644
index 0ced72887065..000000000000
--- a/app-emulation/spice/files/spice-0.12.5-fix-assert-in-mjpeg_encoder_adjust_params_to_bit_rate.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 284cca2a5ebc98257275585083321a7100fb89b3 Mon Sep 17 00:00:00 2001
-From: Jonathon Jongsma <jjongsma@redhat.com>
-Date: Fri, 30 May 2014 18:45:02 +0000
-Subject: Fix assert in mjpeg_encoder_adjust_params_to_bit_rate()
-
-If mjpeg_encoder_reset_quality() is called with the same quality as currently
-set, it will not reset last_enc_size but not reset num_recent_enc_frames,
-violating some assumptions in _adjust_params_to_bit_rate(). To avoid aborting
-the server, simply return early from this function.
-
-Resolves: rhbz#1086820
----
-diff --git a/server/mjpeg_encoder.c b/server/mjpeg_encoder.c
-index f465d88..12447da 100644
---- a/server/mjpeg_encoder.c
-+++ b/server/mjpeg_encoder.c
-@@ -625,7 +625,10 @@ static void mjpeg_encoder_adjust_params_to_bit_rate(MJpegEncoder *encoder)
-         return;
-     }
- 
--    spice_assert(rate_control->num_recent_enc_frames);
-+    if (!rate_control->num_recent_enc_frames) {
-+        spice_debug("No recent encoded frames");
-+        return;
-+    }
- 
-     if (rate_control->num_recent_enc_frames < MJPEG_AVERAGE_SIZE_WINDOW &&
-         rate_control->num_recent_enc_frames < rate_control->fps) {
---
-cgit v0.9.0.2-2-gbebe
diff --git a/app-emulation/spice/files/spice-0.12.5-fix-crash-when-clearing-surface-memory.patch b/app-emulation/spice/files/spice-0.12.5-fix-crash-when-clearing-surface-memory.patch
deleted file mode 100644
index b14a56b1d245..000000000000
--- a/app-emulation/spice/files/spice-0.12.5-fix-crash-when-clearing-surface-memory.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 1898f3949cf75422aa1fedba40c429b28d8d6b67 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@gmail.com>
-Date: Wed, 6 Aug 2014 18:34:56 +0200
-Subject: Fix crash when clearing surface memory
-
-The beginning of the surface data needs to be computed correctly if the
-stride is negative, otherwise, it should point already to the beginning
-of the surface data. This bug seems to exists since 4a208b (0.5.2)
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1029646
-
-diff --git a/server/red_worker.c b/server/red_worker.c
-index 6bdad93..35a1a04 100644
---- a/server/red_worker.c
-+++ b/server/red_worker.c
-@@ -9470,7 +9470,11 @@ static inline void red_create_surface(RedWorker *worker, uint32_t surface_id, ui
-     surface->context.stride = stride;
-     surface->context.line_0 = line_0;
-     if (!data_is_valid) {
--        memset((char *)line_0 + (int32_t)(stride * (height - 1)), 0, height*abs(stride));
-+        char *data = line_0;
-+        if (stride < 0) {
-+            data -= abs(stride) * (height - 1);
-+        }
-+        memset(data, 0, height*abs(stride));
-     }
-     surface->create.info = NULL;
-     surface->destroy.info = NULL;
--- 
-cgit v0.10.2
-
diff --git a/app-emulation/spice/files/spice-0.12.5-server-dont-assert-on-invalid-client-message.patch b/app-emulation/spice/files/spice-0.12.5-server-dont-assert-on-invalid-client-message.patch
deleted file mode 100644
index d9b49a4abb27..000000000000
--- a/app-emulation/spice/files/spice-0.12.5-server-dont-assert-on-invalid-client-message.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 3c25192ee90f843a2f84ff99d119b1cb45979bac Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@gmail.com>
-Date: Wed, 25 Jun 2014 14:36:03 +0200
-Subject: server: don't assert on invalid client message
-
-Some users have been reaching this error:
-snd_receive: ASSERT n failed
-
-A misbehaving client could easily hit that condition by sending too big
-messages. Instead of assert(), replace with a warning. When a message
-too big to fit is received, it will simply disconnect the channel.
-
-https://bugzilla.redhat.com/show_bug.cgi?id=962187
-
-diff --git a/server/snd_worker.c b/server/snd_worker.c
-index 7d52ded..70148b7 100644
---- a/server/snd_worker.c
-+++ b/server/snd_worker.c
-@@ -421,7 +421,7 @@ static void snd_receive(void* data)
-     for (;;) {
-         ssize_t n;
-         n = channel->receive_data.end - channel->receive_data.now;
--        spice_assert(n);
-+        spice_warn_if(n <= 0);
-         n = reds_stream_read(channel->stream, channel->receive_data.now, n);
-         if (n <= 0) {
-             if (n == 0) {
--- 
-cgit v0.10.2
-
diff --git a/app-emulation/spice/spice-0.12.5-r1.ebuild b/app-emulation/spice/spice-0.12.5-r1.ebuild
deleted file mode 100644
index e33e68a64888..000000000000
--- a/app-emulation/spice/spice-0.12.5-r1.ebuild
+++ /dev/null
@@ -1,82 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-PYTHON_COMPAT=( python2_7 )
-
-inherit eutils python-any-r1
-
-DESCRIPTION="SPICE server and client"
-HOMEPAGE="http://spice-space.org/"
-SRC_URI="http://spice-space.org/download/releases/${P}.tar.bz2"
-
-LICENSE="LGPL-2.1"
-SLOT="0"
-KEYWORDS="amd64 x86"
-IUSE="client sasl smartcard static-libs" # static
-
-# only the client links against libcacard, the libspice-server only uses the headers
-# the client cannot be built statically since alsa and qemu[smartcard] are missing static-libs
-RDEPEND=">=x11-libs/pixman-0.17.7[static-libs(+)?]
-	>=dev-libs/glib-2.22:2[static-libs(+)?]
-	>=media-libs/celt-0.5.1.1:0.5.1[static-libs(+)?]
-	media-libs/opus[static-libs(+)?]
-	dev-libs/openssl[static-libs(+)?]
-	virtual/jpeg[static-libs(+)?]
-	sys-libs/zlib[static-libs(+)?]
-	sasl? ( dev-libs/cyrus-sasl[static-libs(+)?] )
-	client? (
-		media-libs/alsa-lib
-		>=x11-libs/libXrandr-1.2
-		x11-libs/libX11
-		x11-libs/libXext
-		>=x11-libs/libXinerama-1.0
-		x11-libs/libXfixes
-		x11-libs/libXrender
-		smartcard? ( app-emulation/qemu[smartcard] )
-	)"
-
-DEPEND="virtual/pkgconfig
-	$(python_gen_any_dep \
-		'>=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}]')
-	smartcard? ( app-emulation/qemu[smartcard] )
-	${RDEPEND}"
-
-python_check_deps() {
-	has_version ">=dev-python/pyparsing-1.5.6-r2[${PYTHON_USEDEP}]"
-}
-
-pkg_setup() {
-	[[ ${MERGE_TYPE} != binary ]] && python-any-r1_pkg_setup
-}
-
-# maintainer notes:
-# * opengl support is currently broken
-
-src_prepare() {
-	epatch \
-		"${FILESDIR}/0.11.0-gold.patch" \
-		"${FILESDIR}/${P}-fix-assert-in-mjpeg_encoder_adjust_params_to_bit_rate.patch" \
-		"${FILESDIR}/${P}-server-dont-assert-on-invalid-client-message.patch" \
-		"${FILESDIR}/${P}-fix-crash-when-clearing-surface-memory.patch"
-
-	epatch_user
-}
-
-src_configure() {
-	econf \
-		$(use_enable static-libs static) \
-		$(use_enable client) \
-		$(use_with sasl) \
-		$(use_enable smartcard) \
-		--disable-gui \
-		--disable-static-linkage
-#		$(use_enable static static-linkage) \
-}
-
-src_install() {
-	default
-	use static-libs || prune_libtool_files
-}
-- 
cgit v1.2.3