From f351d2734411520af193eb3dc5e3f5f4d5b34768 Mon Sep 17 00:00:00 2001 From: Christophe Fergeau Date: Fri, 14 Sep 2012 11:09:09 +0200 Subject: [PATCH] Add patch fixing CVE 2012-4425 --- 0003-CVE-2012-4425.patch | 60 ++++++++++++++++++++++++++++++++++++++++ spice-gtk.spec | 11 ++++++-- 2 files changed, 68 insertions(+), 3 deletions(-) create mode 100644 0003-CVE-2012-4425.patch diff --git a/0003-CVE-2012-4425.patch b/0003-CVE-2012-4425.patch new file mode 100644 index 0000000..ba9b26d --- /dev/null +++ b/0003-CVE-2012-4425.patch @@ -0,0 +1,60 @@ +diff --git a/configure.ac b/configure.ac +index 3841c56..b2defd3 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -243,6 +243,8 @@ else + EXTERNAL_PNP_IDS="$with_pnp_ids_path" + fi + ++AC_CHECK_FUNCS(clearenv) ++ + PKG_CHECK_MODULES(GLIB2, glib-2.0 >= 2.22) + AC_SUBST(GLIB2_CFLAGS) + AC_SUBST(GLIB2_LIBS) +diff --git a/gtk/spice-client-glib-usb-acl-helper.c b/gtk/spice-client-glib-usb-acl-helper.c +index 724d62a..93b9b3a 100644 +--- a/gtk/spice-client-glib-usb-acl-helper.c ++++ b/gtk/spice-client-glib-usb-acl-helper.c +@@ -158,7 +158,8 @@ static void cleanup(void) + if (state == STATE_WAITING_FOR_STDIN_EOF) + set_facl(path, getuid(), 0); + +- g_main_loop_quit(loop); ++ if (loop) ++ g_main_loop_quit(loop); + } + + /* Not available in polkit < 0.101 */ +@@ -311,11 +312,32 @@ polkit_authority_get_sync (GCancellable *cancellable, GError **error) + } + #endif + ++#ifndef HAVE_CLEARENV ++extern char **environ; ++ ++static int ++clearenv (void) ++{ ++ if (environ != NULL) ++ environ[0] = NULL; ++ return 0; ++} ++#endif ++ + int main(void) + { + pid_t parent_pid; + GInputStream *stdin_unix_stream; + ++ /* Nuke the environment to get a well-known and sanitized ++ * environment to avoid attacks via e.g. the DBUS_SYSTEM_BUS_ADDRESS ++ * environment variable and similar. ++ */ ++ if (clearenv () != 0) { ++ FATAL_ERROR("Error clearing environment: %s\n", g_strerror (errno)); ++ return 1; ++ } ++ + g_type_init(); + + loop = g_main_loop_new(NULL, FALSE); diff --git a/spice-gtk.spec b/spice-gtk.spec index 7e3ec31..80b5be6 100644 --- a/spice-gtk.spec +++ b/spice-gtk.spec @@ -13,7 +13,7 @@ Name: spice-gtk Version: 0.13.29 -Release: 3%{?dist} +Release: 4%{?dist} Summary: A GTK+ widget for SPICE clients Group: System Environment/Libraries @@ -23,6 +23,7 @@ URL: http://spice-space.org/page/Spice-Gtk Source0: http://www.spice-space.org/download/gtk/%{name}-%{version}%{?_version_suffix}.tar.bz2 Patch1: 0001-G_GNUC_DEPRECATED_FOR-must-be-defined-publicly.patch Patch2: 0002-build-sys-Fix-symbol-versioning.patch +Patch3: 0003-CVE-2012-4425.patch BuildRequires: intltool BuildRequires: gtk2-devel >= 2.14 @@ -50,7 +51,7 @@ BuildRequires: pyparsing BuildRequires: spice-protocol # Hack because of bz #613466 BuildRequires: libtool -# For patch #2 +# For patch #2 and #3 BuildRequires: autoconf automake Requires: spice-glib%{?_isa} = %{version}-%{release} @@ -153,7 +154,8 @@ fi pushd spice-gtk-%{version} %patch1 -p1 %patch2 -p1 -# Patch 2 changes Makefile.am +%patch3 -p1 +# Patch 2 changes Makefile.am and patch 3 changes configure.ac autoreconf -fi popd @@ -274,6 +276,9 @@ rm -rf %{buildroot}%{_datadir}/pkgconfig/spice-protocol.pc %{_bindir}/spicy-stats %changelog +* Fri Sep 14 2012 Christophe Fergeau - 0.13.29-4 +- Add patch fixing CVE 2012-4425 + * Thu Sep 13 2012 Christophe Fergeau - 0.13.29-3 - Run autoreconf after applying patch 2 as it only modifies Makefile.am