update to 0.12.0

2021-11-23 17:57:25 +08:00 · 2021-11-23 17:57:25 +08:00 · e63e4c8822
commit e63e4c8822
parent ba82535f17
4 changed files with 23 additions and 90 deletions
--- a/0001-CVE-2021-3700.patch
+++ b/0001-CVE-2021-3700.patch
@ -1,72 +0,0 @@
-From 03c519ff5831ba75120e00ebebbf1d5a1f7220ab Mon Sep 17 00:00:00 2001
-From: Michael Hanselmann <public@hansmi.ch>
-Date: Sun, 8 Aug 2021 15:35:58 +0200
-Subject: [PATCH] Avoid use-after-free in serialization
-
-Serializing parsers with large amounts of buffered write data (e.g. in case of
-a slow or blocked write destination) would cause "serialize_data" to reallocate
-the state buffer whose default size is 64kB (USBREDIRPARSER_SERIALIZE_BUF_SIZE).
-The pointer to the position for the write buffer count would then point to
-a location outside the buffer where the number of write buffers would be written
-as a 32-bit value.
-
-As of QEMU 5.2.0 the serializer is invoked for migrations. Serializations for
-migrations may happen regularily such as when using the COLO feature[1].
-Serialization happens under QEMU's I/O lock. The guest can't control the state
-while the serialization is happening. The value written is the number of
-outstanding buffers which would be suceptible to timing and host system system
-load. The guest would have to continously groom the write buffers. A useful
-value needs to be allocated in the exact position freed during the buffer size
-increase, but before the buffer count is written. The author doesn't consider it
-realistic to exploit this use-after-free reliably.
-
-[1] https://wiki.qemu.org/Features/COLO
-
-Signed-off-by: Michael Hanselmann <public@hansmi.ch>
---
- usbredirparser/usbredirparser.c | 8 +++++---
- 1 file changed, 5 insertions(+), 3 deletions(-)
-
-diff --git a/usbredirparser/usbredirparser.c b/usbredirparser/usbredirparser.c
-index d1f9850..dc5f5a4 100644
--- a/usbredirparser/usbredirparser.c
-+++ b/usbredirparser/usbredirparser.c
-@@ -20,6 +20,7 @@
- */
- #include "config.h"
- 
-+#include <stddef.h>
- #include <stdio.h>
- #include <stdlib.h>
- #include <stdarg.h>
-@@ -1580,8 +1581,9 @@ int usbredirparser_serialize(struct usbredirparser *parser_pub,
-     struct usbredirparser_priv *parser =
-         (struct usbredirparser_priv *)parser_pub;
-     struct usbredirparser_buf *wbuf;
-    uint8_t *write_buf_count_pos, *state = NULL, *pos = NULL;
-+    uint8_t *state = NULL, *pos = NULL;
-     uint32_t write_buf_count = 0, len, remain = 0;
-+    ptrdiff_t write_buf_count_pos;
- 
-     *state_dest = NULL;
-     *state_len = 0;
-@@ -1626,7 +1628,7 @@ int usbredirparser_serialize(struct usbredirparser *parser_pub,
-                        parser->data, parser->data_read, "packet-data"))
-         return -1;
- 
-    write_buf_count_pos = pos;
-+    write_buf_count_pos = pos - state;
-     /* To be replaced with write_buf_count later */
-     if (serialize_int(parser, &state, &pos, &remain, 0, "write_buf_count"))
-         return -1;
-@@ -1641,7 +1643,7 @@ int usbredirparser_serialize(struct usbredirparser *parser_pub,
-         wbuf = wbuf->next;
-     }
-     /* Patch in write_buf_count */
-    memcpy(write_buf_count_pos, &write_buf_count, sizeof(int32_t));
-+    memcpy(state + write_buf_count_pos, &write_buf_count, sizeof(int32_t));
- 
-     /* Patch in length */
-     len = pos - state;
-- 
-2.23.0
--- a/usbredir-0.12.0.tar.xz
+++ b/usbredir-0.12.0.tar.xz
--- a/usbredir-0.8.0.tar.bz2
+++ b/usbredir-0.8.0.tar.bz2
--- a/usbredir.spec
+++ b/usbredir.spec
@ -1,18 +1,17 @@
 Name:           usbredir
-Version:        0.8.0
-Release:        7
+Version:        0.12.0
+Release:        1
 Summary:        network protocol libraries for sending USB device traffic
 License:        LGPLv2+ and GPLv2+
 URL:            https://www.spice-space.org/usbredir.html

-Source0:        http://spice-space.org/download/%{name}/%{name}-%{version}.tar.bz2
+Source0:        http://spice-space.org/download/%{name}/%{name}-%{version}.tar.xz

 BuildRequires:  libusb1-devel >= 1.0.9 gcc
+BuildRequires:  meson glib2-devel
 Provides:       %{name}-server
 Obsoletes:      %{name}-server

-Patch1:      0001-CVE-2021-3700.patch
-
 %description
 usbredir is the name of a network protocol for sending USB device traffic over
 a network connection. It is also the name of the software package offering a parsing
@ -27,47 +26,53 @@ Requires:       usbredir = %{version}-%{release}
 This contains dynamic libraries and header files for the developing of usbredir.


-%package        help
-Summary:        Including man files for usbredir
-Requires:       man
-BuildArch:      noarch
+%package        server
+Summary:        Simple USB host TCP server
+License:	GPLv2+
+Requires:       usbredir = %{version}-%{release}

-%description    help
-This contains man files for the using of usbredir.
+%description    server
+A simple USB host TCP server, using libusbredirhost.


 %prep
 %autosetup -n %{name}-%{version} -p1

 %build
-%configure --disable-static
-make %{?_smp_mflags} V=1
+%meson
+%meson_build


 %install
-%make_install
+%meson_install


 %ldconfig_scriptlets


 %files
-%license COPYING COPYING.LIB README README.multi-thread
+%license COPYING COPYING.LIB
 %{_libdir}/libusbredir*.so.*
 %{_sbindir}/usbredirserver
-%exclude %{_libdir}/libusbredir*.la

 %files devel
-%doc ChangeLog
+%doc ChangeLog.md
 %{_includedir}/usbredir*.h
 %{_libdir}/libusbredir*.so
 %{_libdir}/pkgconfig/libusbredir*.pc

-%files help
+%files server
+%license COPYING
+%{_bindir}/usbredirect
+%{_sbindir}/usbredirserver
+%{_mandir}/man1/usbredirect.1*
 %{_mandir}/man1/usbredirserver.1*


 %changelog
+* Tue Nov 23 2021 yanglongkang <yanglongkang@huawei.com> - 0.12.0-1
+- update to 0.12.0
+
 * Thu Sep 23 2021 yanglongkang <yanglongkang@huawei.com> - 0.8.0-7
 - fix CVE-2021-3700