- Various bugfixes from upstream git:

- Make spicec work together with the Firefox XPI for RHEV-M
  - Make sure the spicec window gets properly raised when first shown
This commit is contained in:
Hans de Goede 2010-11-05 13:42:15 +01:00
parent aa6d1d877a
commit bc76331f14
6 changed files with 506 additions and 1 deletions

View File

@ -0,0 +1,57 @@
From 79fffbf95d96b0eeb740fdfb9cca285fab8735c6 Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Wed, 20 Oct 2010 21:52:49 +0200
Subject: [PATCH spice 1/3] spicec-x11: Change source of controller socket name, fixing CVE-2010-2792
The socket name used to communicate between the xpi browser plugin and the
spicec was predictable allowing a non priviliged user on the same system
to create the socket before spicec does and thus intercept the messages from
the xpi to the client, including login credentials. This security vulnerability
has been registred with mitre as CVE-2010-2792:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2792
This patch changes the controller code to instead read the socket name
from an environment variable which gets set by the xpi before executing
the spicec, making the socketname private between the client and the xpi.
Note that this means that the controller will only work with an xpi which
has matching changes, the changes are present in the latest version of the
xpi as available as update for / with RHEL-5.5 and RHEL-6.0 .
---
client/controller.cpp | 12 ++++++++----
1 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/client/controller.cpp b/client/controller.cpp
index b293771..032afae 100644
--- a/client/controller.cpp
+++ b/client/controller.cpp
@@ -28,10 +28,6 @@
#ifdef WIN32
#define PIPE_NAME "SpiceController-%lu"
-#elif defined(__i386__)
-#define PIPE_NAME "/tmp/SpiceController-%llu.uds"
-#else
-#define PIPE_NAME "/tmp/SpiceController-%lu.uds"
#endif
Controller::Controller(ControllerInterface *handler)
@@ -42,7 +38,15 @@ Controller::Controller(ControllerInterface *handler)
char pipe_name[PIPE_NAME_MAX_LEN];
ASSERT(_handler);
+#ifdef WIN32
snprintf(pipe_name, PIPE_NAME_MAX_LEN, PIPE_NAME, Platform::get_process_id());
+#else
+ char *p_socket = getenv("SPICE_XPI_SOCKET");
+ if (!p_socket) {
+ LOG_ERROR("Failed to get a controller connection (SPICE_XPI_SOCKET)");
+ }
+ strncpy(pipe_name, p_socket, sizeof(pipe_name));
+#endif
LOG_INFO("Creating a controller connection %s", pipe_name);
_pipe = NamedPipe::create(pipe_name, *this);
if (!_pipe) {
--
1.7.3.1

View File

@ -0,0 +1,208 @@
From fa2e125ec4535b4a56a33aed76e3a0f9ce75eca0 Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Wed, 20 Oct 2010 17:28:07 +0200
Subject: [PATCH spice 2/3] client: Interpret the title control message as utf8 instead of unicode16
The activex browser plugin is sending unicode16 text, where as the
xpi one is sending utf8 text. After discussing this on irc we've decided
that utf8 is what we want to use. So the client (this patch), and the
activex will be changed to expect resp. send utf8 text as the title.
---
client/application.cpp | 4 ++--
client/application.h | 4 ++--
client/controller.cpp | 8 ++------
client/controller.h | 2 +-
client/red_window.h | 2 +-
client/screen.cpp | 6 +++---
client/screen.h | 6 +++---
client/windows/red_window.cpp | 2 +-
client/x11/red_window.cpp | 8 ++++----
9 files changed, 19 insertions(+), 23 deletions(-)
diff --git a/client/application.cpp b/client/application.cpp
index 212b20e..d5b24a7 100644
--- a/client/application.cpp
+++ b/client/application.cpp
@@ -355,7 +355,7 @@ Application::Application()
, _key_handler (&default_key_handler)
, _mouse_handler (&default_mouse_handler)
, _monitors (NULL)
- , _title (L"SPICEc:%d")
+ , _title ("SPICEc:%d")
, _sys_key_intercept_mode (false)
, _enable_controller (false)
#ifdef USE_GUI
@@ -1603,7 +1603,7 @@ uint32_t Application::get_mouse_mode()
return _client.get_mouse_mode();
}
-void Application::set_title(const std::wstring& title)
+void Application::set_title(const std::string& title)
{
_title = title;
diff --git a/client/application.h b/client/application.h
index c01e08b..19c68a5 100644
--- a/client/application.h
+++ b/client/application.h
@@ -218,7 +218,7 @@ public:
void exit_full_screen();
bool toggle_full_screen();
void minimize();
- void set_title(const std::wstring& title);
+ void set_title(const std::string& title);
void hide();
void show();
void external_show();
@@ -367,7 +367,7 @@ private:
KeyHandlersStack _key_handlers;
MouseHandler* _mouse_handler;
const MonitorsList* _monitors;
- std::wstring _title;
+ std::string _title;
bool _sys_key_intercept_mode;
StickyInfo _sticky_info;
std::vector<int> _canvas_types;
diff --git a/client/controller.cpp b/client/controller.cpp
index 032afae..6d1272c 100644
--- a/client/controller.cpp
+++ b/client/controller.cpp
@@ -308,12 +308,8 @@ bool ControllerConnection::handle_message(ControllerMsg *hdr)
_handler->set_auto_display_res(!!(value & CONTROLLER_AUTO_DISPLAY_RES));
break;
case CONTROLLER_SET_TITLE: {
- std::wstring str;
-#ifdef WIN32
- wstring_printf(str, L"%s", data);
-#else
- wstring_printf(str, L"%S", data);
-#endif
+ std::string str;
+ string_printf(str, "%s", data);
_handler->set_title(str);
break;
}
diff --git a/client/controller.h b/client/controller.h
index 89b2c23..924f351 100644
--- a/client/controller.h
+++ b/client/controller.h
@@ -33,7 +33,7 @@ public:
virtual bool connect(const std::string& host, int port, int sport,
const std::string& password) = 0;
- virtual void set_title(const std::wstring& title) = 0;
+ virtual void set_title(const std::string& title) = 0;
virtual void set_auto_display_res(bool auto_display_res) = 0;
virtual void show_me(bool full_screen) = 0;
virtual void hide_me() = 0;
diff --git a/client/red_window.h b/client/red_window.h
index 97f3b79..632564d 100644
--- a/client/red_window.h
+++ b/client/red_window.h
@@ -48,7 +48,7 @@ public:
void hide();
void minimize();
void activate();
- void set_title(std::wstring& title);
+ void set_title(std::string& title);
void set_icon(Icon *icon);
virtual RedDrawable::Format get_format();
diff --git a/client/screen.cpp b/client/screen.cpp
index 7c4e1e3..575ab5d 100644
--- a/client/screen.cpp
+++ b/client/screen.cpp
@@ -71,7 +71,7 @@ void UpdateTimer::response(AbstractProcessLoop& events_loop)
_screen->periodic_update();
}
-RedScreen::RedScreen(Application& owner, int id, const std::wstring& name, int width, int height)
+RedScreen::RedScreen(Application& owner, int id, const std::string& name, int width, int height)
: _owner (owner)
, _id (id)
, _refs (1)
@@ -216,10 +216,10 @@ void RedScreen::unlock_size()
_owner.on_screen_unlocked(*this);
}
-void RedScreen::set_name(const std::wstring& name)
+void RedScreen::set_name(const std::string& name)
{
if (!name.empty()) {
- wstring_printf(_name, name.c_str(), _id);
+ string_printf(_name, name.c_str(), _id);
}
_window.set_title(_name);
}
diff --git a/client/screen.h b/client/screen.h
index dfef989..d81ebf8 100644
--- a/client/screen.h
+++ b/client/screen.h
@@ -54,7 +54,7 @@ private:
class RedScreen: public RedWindow::Listener {
public:
- RedScreen(Application& owner, int id, const std::wstring& name, int width, int height);
+ RedScreen(Application& owner, int id, const std::string& name, int width, int height);
RedScreen* ref();
void unref();
@@ -63,7 +63,7 @@ public:
void detach_layer(ScreenLayer& layer);
void on_layer_changed(ScreenLayer& layer);
void resize(int width, int height);
- void set_name(const std::wstring& name);
+ void set_name(const std::string& name);
uint64_t invalidate(const SpiceRect& rect, bool urgent);
void invalidate(const QRegion &region);
void capture_mouse();
@@ -163,7 +163,7 @@ private:
Application& _owner;
int _id;
AtomicCount _refs;
- std::wstring _name;
+ std::string _name;
RedWindow _window;
std::vector<ScreenLayer*> _layes;
QRegion _dirty_region;
diff --git a/client/windows/red_window.cpp b/client/windows/red_window.cpp
index bab2d97..0413945 100644
--- a/client/windows/red_window.cpp
+++ b/client/windows/red_window.cpp
@@ -446,7 +446,7 @@ RedWindow::~RedWindow()
}
}
-void RedWindow::set_title(std::wstring& title)
+void RedWindow::set_title(std::string& title)
{
SetWindowText(_win, title.c_str());
}
diff --git a/client/x11/red_window.cpp b/client/x11/red_window.cpp
index 7cdf684..416f6c7 100644
--- a/client/x11/red_window.cpp
+++ b/client/x11/red_window.cpp
@@ -1331,16 +1331,16 @@ RedWindow::~RedWindow()
}
}
-void RedWindow::set_title(std::wstring& title)
+void RedWindow::set_title(std::string& title)
{
XTextProperty text_prop;
- wchar_t *name = const_cast<wchar_t *>(title.c_str());
+ char *name = const_cast<char *>(title.c_str());
int r;
if (_win) {
XLockDisplay(x_display);
- r = XwcTextListToTextProperty(x_display, &name, 1, XStringStyle, &text_prop);
+ r = Xutf8TextListToTextProperty(x_display, &name, 1, XUTF8StringStyle, &text_prop);
XUnlockDisplay(x_display);
- if (r >= 0) {
+ if (r == Success) {
XSetWMName(x_display, _win, &text_prop);
XFree(text_prop.value);
} else {
--
1.7.3.1

View File

@ -0,0 +1,98 @@
From 4c81024ca2d6bff33df9b52d0600ef5146f6d86d Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Thu, 21 Oct 2010 13:17:23 +0200
Subject: [PATCH spice 3/3] Remove no longer used wstring_printf functions
---
client/utils.cpp | 8 --------
client/utils.h | 2 --
client/windows/platform_utils.cpp | 14 --------------
client/x11/platform_utils.cpp | 18 ------------------
4 files changed, 0 insertions(+), 42 deletions(-)
diff --git a/client/utils.cpp b/client/utils.cpp
index 9ce09d7..460f610 100644
--- a/client/utils.cpp
+++ b/client/utils.cpp
@@ -29,14 +29,6 @@ void string_printf(std::string& str, const char* format, ...)
va_end(ap);
}
-void wstring_printf(std::wstring& str, const wchar_t* format, ...)
-{
- va_list ap;
- va_start(ap, format);
- wstring_vprintf(str, format, ap);
- va_end(ap);
-}
-
int str_to_port(const char *str)
{
long port;
diff --git a/client/utils.h b/client/utils.h
index 33922a7..3b3cbb0 100644
--- a/client/utils.h
+++ b/client/utils.h
@@ -99,8 +99,6 @@ int str_to_port(const char *str);
void string_vprintf(std::string& str, const char* format, va_list ap);
void string_printf(std::string& str, const char *format, ...);
-void wstring_vprintf(std::wstring& str, const wchar_t* format, va_list ap);
-void wstring_printf(std::wstring& str, const wchar_t *format, ...);
template<class T>
class FreeObject {
diff --git a/client/windows/platform_utils.cpp b/client/windows/platform_utils.cpp
index 0270959..eb87468 100644
--- a/client/windows/platform_utils.cpp
+++ b/client/windows/platform_utils.cpp
@@ -35,20 +35,6 @@ void string_vprintf(std::string& str, const char* format, va_list ap)
}
}
-void wstring_vprintf(std::wstring& str, const wchar_t* format, va_list ap)
-{
- int buf_size = 256;
- for (;;) {
- AutoArray<wchar_t> buf(new wchar_t[buf_size]);
- int r = vswprintf(buf.get(), buf_size, format, ap);
- if (r != -1) {
- str = buf.get();
- return;
- }
- buf_size *= 2;
- }
-}
-
HDC create_compatible_dc()
{
HDC dc = CreateCompatibleDC(NULL);
diff --git a/client/x11/platform_utils.cpp b/client/x11/platform_utils.cpp
index a646a80..5ca68f4 100644
--- a/client/x11/platform_utils.cpp
+++ b/client/x11/platform_utils.cpp
@@ -28,21 +28,3 @@ void string_vprintf(std::string& str, const char* format, va_list ap)
vsnprintf(buf.get(), len, format, ap);
str = buf.get();
}
-
-void wstring_vprintf(std::wstring& str, const wchar_t* format, va_list ap)
-{
- int buf_size = 256;
- for (;;) {
- AutoArray<wchar_t> buf(new wchar_t[buf_size]);
- va_list ap_test;
- va_copy(ap_test, ap);
- int r = vswprintf(buf.get(), buf_size, format, ap_test);
- va_end(ap_test);
- if (r != -1) {
- str = buf.get();
- return;
- }
- buf_size *= 2;
- }
-}
-
--
1.7.3.1

View File

@ -0,0 +1,69 @@
From 99a74a06744bac4e45e66ce6512f52c1de5febb2 Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Thu, 21 Oct 2010 16:22:06 +0200
Subject: [PATCH spice 4/4] spicec-x11: Do not set _NET_WM_USER_TIME to 0 on startup
Setting _NET_WM_USER_TIME to 0 means we do not want focus, not good.
---
client/x11/red_window.cpp | 10 ++++++----
client/x11/red_window_p.h | 2 +-
2 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/client/x11/red_window.cpp b/client/x11/red_window.cpp
index 416f6c7..c3ee1b0 100644
--- a/client/x11/red_window.cpp
+++ b/client/x11/red_window.cpp
@@ -801,7 +801,7 @@ void RedWindow_p::win_proc(XEvent& event)
}
case KeyPress:
red_window->handle_key_press_event(*red_window, &event.xkey);
- red_window->last_event_time = event.xkey.time;
+ red_window->_last_event_time = event.xkey.time;
XChangeProperty(x_display, red_window->_win, wm_user_time,
XA_CARDINAL, 32, PropModeReplace,
(unsigned char *)&event.xkey.time, 1);
@@ -833,7 +833,7 @@ void RedWindow_p::win_proc(XEvent& event)
break;
}
red_window->get_listener().on_mouse_button_press(button, state);
- red_window->last_event_time = event.xkey.time;
+ red_window->_last_event_time = event.xkey.time;
XChangeProperty(x_display, red_window->_win, wm_user_time,
XA_CARDINAL, 32, PropModeReplace,
(unsigned char *)&event.xbutton.time, 1);
@@ -1119,6 +1119,7 @@ RedWindow_p::RedWindow_p()
, _ignore_pointer (false)
,_width (200)
,_height (200)
+ ,_last_event_time (0)
{
}
@@ -1534,8 +1535,9 @@ void RedWindow::show(int screen_id)
XDeleteProperty(x_display, _win, wm_state);
wait_parent = true;
}
- XChangeProperty(x_display, _win, wm_user_time, XA_CARDINAL, 32,
- PropModeReplace, (unsigned char *)&last_event_time, 1);
+ if (_last_event_time != 0)
+ XChangeProperty(x_display, _win, wm_user_time, XA_CARDINAL, 32,
+ PropModeReplace, (unsigned char *)&_last_event_time, 1);
XMapWindow(x_display, _win);
move_to_current_desktop();
_expect_parent = wait_parent;
diff --git a/client/x11/red_window_p.h b/client/x11/red_window_p.h
index 4ad5451..777a855 100644
--- a/client/x11/red_window_p.h
+++ b/client/x11/red_window_p.h
@@ -82,7 +82,7 @@ protected:
RedWindow *_red_window;
int _width;
int _height;
- Time last_event_time;
+ Time _last_event_time;
};
#endif
--
1.7.3.1

View File

@ -0,0 +1,57 @@
From 922b831db2a19e7620fa5f93b7fb33aca86f3717 Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Thu, 28 Oct 2010 12:05:30 +0200
Subject: [PATCH spice] spicec-x11: Listen for selection owner window destroy / close events too
These rarely happen as most apps have the decency to do a SetSelectionOwner
None before exiting. But some do not, so listen for these too.
---
client/x11/platform.cpp | 18 +++++++++++++++---
1 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/client/x11/platform.cpp b/client/x11/platform.cpp
index 13bc0a6..2009817 100644
--- a/client/x11/platform.cpp
+++ b/client/x11/platform.cpp
@@ -922,7 +922,9 @@ DynamicScreen::DynamicScreen(Display* display, int screen, int& next_mon_id)
XRRSelectInput(display, platform_win, RRScreenChangeNotifyMask);
if (using_xfixes_1_0) {
XFixesSelectSelectionInput(display, platform_win, clipboard_prop,
- XFixesSetSelectionOwnerNotifyMask);
+ XFixesSetSelectionOwnerNotifyMask|
+ XFixesSelectionWindowDestroyNotifyMask|
+ XFixesSelectionClientCloseNotifyMask);
}
Monitor::self_monitors_change++;
@@ -1224,7 +1226,9 @@ MultyMonScreen::MultyMonScreen(Display* display, int screen, int& next_mon_id)
X_DEBUG_SYNC(get_display());
if (using_xfixes_1_0) {
XFixesSelectSelectionInput(display, platform_win, clipboard_prop,
- XFixesSetSelectionOwnerNotifyMask);
+ XFixesSetSelectionOwnerNotifyMask|
+ XFixesSelectionWindowDestroyNotifyMask|
+ XFixesSelectionClientCloseNotifyMask);
}
XMonitor::inc_change_ref();
@@ -2745,7 +2749,15 @@ static void root_win_proc(XEvent& event)
}
if (event.type == XFixesSelectionNotify + xfixes_event_base) {
XFixesSelectionNotifyEvent* selection_event = (XFixesSelectionNotifyEvent *)&event;
- if (selection_event->subtype != XFixesSetSelectionOwnerNotify) {
+ switch (selection_event->subtype) {
+ case XFixesSetSelectionOwnerNotify:
+ break;
+ /* Treat ... as a SelectionOwnerNotify None */
+ case XFixesSelectionWindowDestroyNotify:
+ case XFixesSelectionClientCloseNotify:
+ selection_event->owner = None;
+ break;
+ default:
LOG_INFO("Unsupported selection event %u", selection_event->subtype);
return;
}
--
1.7.3.2

View File

@ -1,11 +1,17 @@
Name: spice Name: spice
Version: 0.6.3 Version: 0.6.3
Release: 1%{?dist} Release: 2%{?dist}
Summary: Implements the SPICE protocol Summary: Implements the SPICE protocol
Group: User Interface/Desktops Group: User Interface/Desktops
License: LGPLv2+ License: LGPLv2+
URL: http://www.spice-space.org/ URL: http://www.spice-space.org/
Source0: http://www.spice-space.org/download/releases/%{name}-%{version}.tar.bz2 Source0: http://www.spice-space.org/download/releases/%{name}-%{version}.tar.bz2
# bugfixes from upstream git
Patch1: 0001-spicec-x11-Change-source-of-controller-socket-name-f.patch
Patch2: 0002-client-Interpret-the-title-control-message-as-utf8-i.patch
Patch3: 0003-Remove-no-longer-used-wstring_printf-functions.patch
Patch4: 0004-spicec-x11-Do-not-set-_NET_WM_USER_TIME-to-0-on-star.patch
Patch5: 0005-spicec-x11-Listen-for-selection-owner-window-destroy.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=613529 # https://bugzilla.redhat.com/show_bug.cgi?id=613529
ExclusiveArch: i686 x86_64 ExclusiveArch: i686 x86_64
@ -63,6 +69,11 @@ using spice-server, you will need to install spice-server-devel.
%prep %prep
%setup -q %setup -q
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%build %build
%configure --enable-gui %configure --enable-gui
@ -105,6 +116,11 @@ rm -f %{buildroot}%{_libdir}/libspice-server.la
%endif %endif
%changelog %changelog
* Fri Nov 5 2010 Hans de Goede <hdegoede@redhat.com> - 0.6.3-2
- Various bugfixes from upstream git:
- Make spicec work together with the Firefox XPI for RHEV-M
- Make sure the spicec window gets properly raised when first shown
* Mon Oct 18 2010 Hans de Goede <hdegoede@redhat.com> - 0.6.3-1 * Mon Oct 18 2010 Hans de Goede <hdegoede@redhat.com> - 0.6.3-1
- Update to 0.6.3 - Update to 0.6.3
- Enable GUI - Enable GUI