diff options
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/patches/virglrenderer-CVE-2017-6386.patch | 54 | ||||
-rw-r--r-- | gnu/packages/spice.scm | 11 |
3 files changed, 4 insertions, 62 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 9ae37a9bb4..13a5011932 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1980,7 +1980,6 @@ dist_patch_DATA = \ %D%/packages/patches/vboot-utils-skip-test-workbuf.patch \ %D%/packages/patches/vinagre-newer-freerdp.patch \ %D%/packages/patches/vinagre-newer-rdp-parameters.patch \ - %D%/packages/patches/virglrenderer-CVE-2017-6386.patch \ %D%/packages/patches/virtuoso-ose-remove-pre-built-jar-files.patch \ %D%/packages/patches/vsearch-unbundle-cityhash.patch \ %D%/packages/patches/vte-CVE-2012-2738-pt1.patch \ diff --git a/gnu/packages/patches/virglrenderer-CVE-2017-6386.patch b/gnu/packages/patches/virglrenderer-CVE-2017-6386.patch deleted file mode 100644 index bd3bf106bf..0000000000 --- a/gnu/packages/patches/virglrenderer-CVE-2017-6386.patch +++ /dev/null @@ -1,54 +0,0 @@ -Fix CVE-2017-6386 (memory leak introduced by fix for CVE-2017-5994). - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5994 - -Patch copied from upstream source repository: - -https://cgit.freedesktop.org/virglrenderer/commit/?id=737c3350850ca4dbc5633b3bdb4118176ce59920 - -From 737c3350850ca4dbc5633b3bdb4118176ce59920 Mon Sep 17 00:00:00 2001 -From: Dave Airlie <airlied@redhat.com> -Date: Tue, 28 Feb 2017 14:52:09 +1000 -Subject: renderer: fix memory leak in vertex elements state create - -Reported-by: Li Qiang -Free the vertex array in error path. -This was introduced by this commit: -renderer: fix heap overflow in vertex elements state create. - -I rewrote the code to not require the allocation in the first -place if we have an error, seems nicer. - -Signed-off-by: Dave Airlie <airlied@redhat.com> - -diff --git a/src/vrend_renderer.c b/src/vrend_renderer.c -index 1bca7ad..e5d9f5c 100644 ---- a/src/vrend_renderer.c -+++ b/src/vrend_renderer.c -@@ -1648,18 +1648,19 @@ int vrend_create_vertex_elements_state(struct vrend_context *ctx, - unsigned num_elements, - const struct pipe_vertex_element *elements) - { -- struct vrend_vertex_element_array *v = CALLOC_STRUCT(vrend_vertex_element_array); -+ struct vrend_vertex_element_array *v; - const struct util_format_description *desc; - GLenum type; - int i; - uint32_t ret_handle; - -- if (!v) -- return ENOMEM; -- - if (num_elements > PIPE_MAX_ATTRIBS) - return EINVAL; - -+ v = CALLOC_STRUCT(vrend_vertex_element_array); -+ if (!v) -+ return ENOMEM; -+ - v->count = num_elements; - for (i = 0; i < num_elements; i++) { - memcpy(&v->elements[i].base, &elements[i], sizeof(struct pipe_vertex_element)); --- -cgit v0.10.2 - diff --git a/gnu/packages/spice.scm b/gnu/packages/spice.scm index fc63b7228f..46bb9844f2 100644 --- a/gnu/packages/spice.scm +++ b/gnu/packages/spice.scm @@ -84,21 +84,18 @@ different (virtual) machine than the one to which the USB device is attached.") (define-public virglrenderer (package (name "virglrenderer") - (version "0.6.0") + (version "0.7.0") (source (origin (method url-fetch) (uri (string-append "https://www.freedesktop.org/software/virgl/" "virglrenderer-" version ".tar.bz2")) - (patches (search-patches "virglrenderer-CVE-2017-6386.patch")) (sha256 (base32 - "06kf0q4l52gzx5p63l8850hff8pmhp7xv1hk8zgx2apbw18y6jd5")))) + "041agg1d6i8hg250y30f08n3via0hs9rbijxdrfifb8ara805v0m")))) (build-system gnu-build-system) - (inputs - (list libepoxy mesa eudev)) - (native-inputs - (list pkg-config)) + (inputs (list eudev libepoxy mesa)) + (native-inputs (list pkg-config)) (synopsis "Virtual 3D GPU library") (description "A virtual 3D GPU library that enables a virtualized operating system to use the host GPU to accelerate 3D rendering.") |