Add patch fixing CVE 2012-4425

2012-09-14 11:09:09 +02:00 · 2012-09-14 11:09:09 +02:00 · f351d27344
commit f351d27344
parent afbd71cadf
2 changed files with 68 additions and 3 deletions
--- a/0003-CVE-2012-4425.patch
+++ b/0003-CVE-2012-4425.patch
@ -0,0 +1,60 @@
+diff --git a/configure.ac b/configure.ac
+index 3841c56..b2defd3 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -243,6 +243,8 @@ else
+         EXTERNAL_PNP_IDS="$with_pnp_ids_path"
+ fi
+ 
+AC_CHECK_FUNCS(clearenv)
+
+ PKG_CHECK_MODULES(GLIB2, glib-2.0 >= 2.22)
+ AC_SUBST(GLIB2_CFLAGS)
+ AC_SUBST(GLIB2_LIBS)
+diff --git a/gtk/spice-client-glib-usb-acl-helper.c b/gtk/spice-client-glib-usb-acl-helper.c
+index 724d62a..93b9b3a 100644
+--- a/gtk/spice-client-glib-usb-acl-helper.c
+++ b/gtk/spice-client-glib-usb-acl-helper.c
+@@ -158,7 +158,8 @@ static void cleanup(void)
+     if (state == STATE_WAITING_FOR_STDIN_EOF)
+         set_facl(path, getuid(), 0);
+ 
+-    g_main_loop_quit(loop);
+    if (loop)
+        g_main_loop_quit(loop);
+ }
+ 
+ /* Not available in polkit < 0.101 */
+@@ -311,11 +312,32 @@ polkit_authority_get_sync (GCancellable *cancellable, GError **error)
+ }
+ #endif
+ 
+#ifndef HAVE_CLEARENV
+extern char **environ;
+
+static int
+clearenv (void)
+{
+        if (environ != NULL)
+                environ[0] = NULL;
+        return 0;
+}
+#endif
+
+ int main(void)
+ {
+     pid_t parent_pid;
+     GInputStream *stdin_unix_stream;
+ 
+  /* Nuke the environment to get a well-known and sanitized
+   * environment to avoid attacks via e.g. the DBUS_SYSTEM_BUS_ADDRESS
+   * environment variable and similar.
+   */
+    if (clearenv () != 0) {
+        FATAL_ERROR("Error clearing environment: %s\n", g_strerror (errno));
+        return 1;
+    }
+
+     g_type_init();
+ 
+     loop = g_main_loop_new(NULL, FALSE);
--- a/spice-gtk.spec
+++ b/spice-gtk.spec
@ -13,7 +13,7 @@

 Name:           spice-gtk
 Version:        0.13.29
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        A GTK+ widget for SPICE clients

 Group:          System Environment/Libraries
@ -23,6 +23,7 @@ URL:            http://spice-space.org/page/Spice-Gtk
 Source0:        http://www.spice-space.org/download/gtk/%{name}-%{version}%{?_version_suffix}.tar.bz2
 Patch1:         0001-G_GNUC_DEPRECATED_FOR-must-be-defined-publicly.patch
 Patch2:         0002-build-sys-Fix-symbol-versioning.patch
+Patch3:         0003-CVE-2012-4425.patch

 BuildRequires: intltool
 BuildRequires: gtk2-devel >= 2.14
@ -50,7 +51,7 @@ BuildRequires: pyparsing
 BuildRequires: spice-protocol
 # Hack because of bz #613466
 BuildRequires: libtool
-# For patch #2
+# For patch #2 and #3
 BuildRequires: autoconf automake
 Requires: spice-glib%{?_isa} = %{version}-%{release}

@ -153,7 +154,8 @@ fi
 pushd spice-gtk-%{version}
 %patch1 -p1
 %patch2 -p1
-# Patch 2 changes Makefile.am
+%patch3 -p1
+# Patch 2 changes Makefile.am and patch 3 changes configure.ac
 autoreconf -fi
 popd

@ -274,6 +276,9 @@ rm -rf %{buildroot}%{_datadir}/pkgconfig/spice-protocol.pc
 %{_bindir}/spicy-stats

 %changelog
+* Fri Sep 14 2012 Christophe Fergeau <cfergeau@redhat.com> - 0.13.29-4
+- Add patch fixing CVE 2012-4425
+
 * Thu Sep 13 2012 Christophe Fergeau <cfergeau@redhat.com> - 0.13.29-3
 - Run autoreconf after applying patch 2 as it only modifies Makefile.am