kvmfr: backport security patch for potential buffer overflow & build fix for linux_6_10 (#331206)

This commit is contained in:
Tomo 2024-10-04 21:14:44 -07:00 committed by GitHub
commit 98101aecec
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 24 additions and 59 deletions

View File

@ -1,57 +0,0 @@
From: Geoffrey McRae <geoff@hostfission.com>
Date: Wed, 13 Mar 2024 11:17:25 +1100
Subject: [PATCH] [client] cmake: move X11 config directives to
`displayservers`
---
client/CMakeLists.txt | 7 -------
client/displayservers/CMakeLists.txt | 7 +++++++
2 files changed, 7 insertions(+), 7 deletions(-)
diff --git client/CMakeLists.txt client/CMakeLists.txt
index 3755adcf..eeeb3eb0 100644
--- client/CMakeLists.txt
+++ client/CMakeLists.txt
@@ -42,19 +42,12 @@ add_feature_info(ENABLE_ASAN ENABLE_ASAN "AddressSanitizer support.")
option(ENABLE_UBSAN "Build with UndefinedBehaviorSanitizer" OFF)
add_feature_info(ENABLE_UBSAN ENABLE_UBSAN "UndefinedBehaviorSanitizer support.")
-option(ENABLE_X11 "Build with X11 support" ON)
-add_feature_info(ENABLE_X11 ENABLE_X11 "X11 support.")
-
option(ENABLE_PIPEWIRE "Build with PipeWire audio output support" ON)
add_feature_info(ENABLE_PIPEWIRE ENABLE_PIPEWIRE "PipeWire audio support.")
option(ENABLE_PULSEAUDIO "Build with PulseAudio audio output support" ON)
add_feature_info(ENABLE_PULSEAUDIO ENABLE_PULSEAUDIO "PulseAudio audio support.")
-if (NOT ENABLE_X11 AND NOT ENABLE_WAYLAND)
- message(FATAL_ERROR "Either ENABLE_X11 or ENABLE_WAYLAND must be on")
-endif()
-
add_compile_options(
"-Wall"
"-Wextra"
diff --git client/displayservers/CMakeLists.txt client/displayservers/CMakeLists.txt
index 5b5f827a..e7c4b25a 100644
--- client/displayservers/CMakeLists.txt
+++ client/displayservers/CMakeLists.txt
@@ -18,9 +18,16 @@ function(add_displayserver name)
add_subdirectory(${name})
endfunction()
+option(ENABLE_X11 "Build with X11 support" ON)
+add_feature_info(ENABLE_X11 ENABLE_X11 "X11 support.")
+
option(ENABLE_WAYLAND "Build with Wayland support" ON)
add_feature_info(ENABLE_WAYLAND ENABLE_WAYLAND "Wayland support.")
+if (NOT ENABLE_X11 AND NOT ENABLE_WAYLAND)
+ message(FATAL_ERROR "Either ENABLE_X11 or ENABLE_WAYLAND must be on")
+endif()
+
# Add/remove displayservers here!
if (ENABLE_WAYLAND)
add_displayserver(Wayland)
--
2.43.1

View File

@ -1,5 +1,6 @@
{ stdenv
, lib
, fetchpatch
, fetchFromGitHub
, makeDesktopItem
, pkg-config
@ -62,7 +63,11 @@ stdenv.mkDerivation (finalAttrs: {
patches = [
# Fix failing cmake assertion when disabling X11 whithout explicitly enabling Wayland.
./0001-client-cmake-move-X11-config-directives-to-displayse.patch
(fetchpatch {
url = "https://github.com/gnif/LookingGlass/commit/20972cfd9b940fddf9e7f3d2887a271d16398979.patch";
hash = "sha256-CqB8AmOZ4YxnEsQkyu/ZEaun6ywpSh4B7PM+MFJF0qU=";
stripLen = 1;
})
];
nativeBuildInputs = [ cmake pkg-config wayland-scanner ];

View File

@ -1,4 +1,4 @@
{ lib, stdenv, kernel, looking-glass-client }:
{ lib, stdenv, fetchpatch, kernel, looking-glass-client }:
stdenv.mkDerivation {
pname = "kvmfr";
@ -9,6 +9,23 @@ stdenv.mkDerivation {
hardeningDisable = [ "pic" "format" ];
nativeBuildInputs = kernel.moduleBuildDependencies;
patches = [
# fix build for linux-6_10
(fetchpatch {
url = "https://github.com/gnif/LookingGlass/commit/7305ce36af211220419eeab302ff28793d515df2.patch";
hash = "sha256-97nZsIH+jKCvSIPf1XPf3i8Wbr24almFZzMOhjhLOYk=";
stripLen = 1;
})
# securtiy patch for potential buffer overflow
# https://github.com/gnif/LookingGlass/issues/1133
(fetchpatch {
url = "https://github.com/gnif/LookingGlass/commit/3ea37b86e38a87ee35eefb5d8fcc38b8dc8e2903.patch";
hash = "sha256-Kk1gN1uB86ZJA374zmzM9dwwfMZExJcix3hee7ifpp0=";
stripLen = 1;
})
];
makeFlags = [
"KVER=${kernel.modDirVersion}"
"KDIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"