forked from mirrors/nixpkgs
77e920d874
From the Red Hat advisory: * A vulnerability was discovered in spice in the server's protocol handling. An authenticated attacker could send crafted messages to the spice server causing a heap overflow leading to a crash or possible code execution. (CVE-2016-9577) * A vulnerability was discovered in spice in the server's protocol handling. An attacker able to connect to the spice server could send crafted messages which would cause the process to crash. (CVE-2016-9578)
67 lines
2.6 KiB
Nix
67 lines
2.6 KiB
Nix
{ stdenv, fetchurl, fetchpatch, pkgconfig, pixman, celt, alsaLib
|
|
, openssl, libXrandr, libXfixes, libXext, libXrender, libXinerama
|
|
, libjpeg, zlib, spice_protocol, python, pyparsing, glib, cyrus_sasl
|
|
, lz4 }:
|
|
|
|
with stdenv.lib;
|
|
|
|
stdenv.mkDerivation rec {
|
|
name = "spice-0.12.8";
|
|
|
|
src = fetchurl {
|
|
url = "http://www.spice-space.org/download/releases/${name}.tar.bz2";
|
|
sha256 = "0za03i77j8i3g5l2np2j7vy8cqsdbkm9wbv4hjnaqq9xhz2sa0gr";
|
|
};
|
|
|
|
patches = [
|
|
(fetchpatch {
|
|
name = "0001-Prevent-possible-DoS-attempts-during-protocol-handsh.patch";
|
|
url = "http://pkgs.fedoraproject.org/cgit/rpms/spice.git/plain/0001-Prevent-possible-DoS-attempts-during-protocol-handsh.patch?id=d919d639ae5f83a9735a04d843eed675f9357c0d";
|
|
sha256 = "11x5566lx5zyl7f39glwsgpzkxb7hpcshx8va5ab3imrns07130q";
|
|
})
|
|
(fetchpatch {
|
|
name = "0002-Prevent-integer-overflows-in-capability-checks.patch";
|
|
url = "http://pkgs.fedoraproject.org/cgit/rpms/spice.git/plain/0002-Prevent-integer-overflows-in-capability-checks.patch?id=d919d639ae5f83a9735a04d843eed675f9357c0d";
|
|
sha256 = "1r1bhq98w93cvvrlrz6jwdfsy261xl3xqs0ppchaa2igyxvxv5z5";
|
|
})
|
|
# Originally from http://pkgs.fedoraproject.org/cgit/rpms/spice.git/plain/0003-main-channel-Prevent-overflow-reading-messages-from-.patch?id=d919d639ae5f83a9735a04d843eed675f9357c0d
|
|
# but main-channel.c was renamed to main_channel.c
|
|
./0001-Adapting-the-following-patch-from-http-pkgs.fedorapr.patch
|
|
];
|
|
|
|
buildInputs = [ pixman celt alsaLib openssl libjpeg zlib
|
|
libXrandr libXfixes libXrender libXext libXinerama
|
|
python pyparsing glib cyrus_sasl lz4 ];
|
|
|
|
nativeBuildInputs = [ pkgconfig spice_protocol ];
|
|
|
|
NIX_CFLAGS_COMPILE = "-fno-stack-protector";
|
|
|
|
configureFlags = [
|
|
"--with-sasl"
|
|
"--disable-smartcard"
|
|
"--enable-client"
|
|
"--enable-lz4"
|
|
];
|
|
|
|
postInstall = ''
|
|
ln -s spice-server $out/include/spice
|
|
'';
|
|
|
|
meta = {
|
|
description = "Complete open source solution for interaction with virtualized desktop devices";
|
|
longDescription = ''
|
|
The Spice project aims to provide a complete open source solution for interaction
|
|
with virtualized desktop devices.The Spice project deals with both the virtualized
|
|
devices and the front-end. Interaction between front-end and back-end is done using
|
|
VD-Interfaces. The VD-Interfaces (VDI) enable both ends of the solution to be easily
|
|
utilized by a third-party component.
|
|
'';
|
|
homepage = http://www.spice-space.org/;
|
|
license = licenses.lgpl21;
|
|
|
|
maintainers = [ maintainers.bluescreen303 ];
|
|
platforms = platforms.linux;
|
|
};
|
|
}
|