kvmfr: backport security patch for potential buffer overflow & build fix for linux_6_10 (#331206)

From: Geoffrey McRae <geoff@hostfission.com>

Date: Wed, 13 Mar 2024 11:17:25 +1100

Subject: [PATCH] [client] cmake: move X11 config directives to

 `displayservers`

---

 client/CMakeLists.txt                | 7 -------

 client/displayservers/CMakeLists.txt | 7 +++++++

 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git client/CMakeLists.txt client/CMakeLists.txt

index 3755adcf..eeeb3eb0 100644

--- client/CMakeLists.txt

+++ client/CMakeLists.txt

@@ -42,19 +42,12 @@ add_feature_info(ENABLE_ASAN ENABLE_ASAN "AddressSanitizer support.")

 option(ENABLE_UBSAN "Build with UndefinedBehaviorSanitizer" OFF)

 add_feature_info(ENABLE_UBSAN ENABLE_UBSAN "UndefinedBehaviorSanitizer support.")

-option(ENABLE_X11 "Build with X11 support" ON)

-add_feature_info(ENABLE_X11 ENABLE_X11 "X11 support.")

-

 option(ENABLE_PIPEWIRE "Build with PipeWire audio output support" ON)

 add_feature_info(ENABLE_PIPEWIRE ENABLE_PIPEWIRE "PipeWire audio support.")

 option(ENABLE_PULSEAUDIO "Build with PulseAudio audio output support" ON)

 add_feature_info(ENABLE_PULSEAUDIO ENABLE_PULSEAUDIO "PulseAudio audio support.")

-if (NOT ENABLE_X11 AND NOT ENABLE_WAYLAND)

-  message(FATAL_ERROR "Either ENABLE_X11 or ENABLE_WAYLAND must be on")

-endif()

-

 add_compile_options(

   "-Wall"

   "-Wextra"

diff --git client/displayservers/CMakeLists.txt client/displayservers/CMakeLists.txt

index 5b5f827a..e7c4b25a 100644

--- client/displayservers/CMakeLists.txt

+++ client/displayservers/CMakeLists.txt

@@ -18,9 +18,16 @@ function(add_displayserver name)

   add_subdirectory(${name})

 endfunction()

+option(ENABLE_X11 "Build with X11 support" ON)

+add_feature_info(ENABLE_X11 ENABLE_X11 "X11 support.")

+

 option(ENABLE_WAYLAND "Build with Wayland support" ON)

 add_feature_info(ENABLE_WAYLAND ENABLE_WAYLAND "Wayland support.")

+if (NOT ENABLE_X11 AND NOT ENABLE_WAYLAND)

+  message(FATAL_ERROR "Either ENABLE_X11 or ENABLE_WAYLAND must be on")

+endif()

+

 # Add/remove displayservers here!

 if (ENABLE_WAYLAND)

   add_displayserver(Wayland)

--

2.43.1

{ stdenv

, lib

, fetchpatch

, fetchFromGitHub

, makeDesktopItem

, pkg-config

  patches = [

    # Fix failing cmake assertion when disabling X11 whithout explicitly enabling Wayland.

    ./0001-client-cmake-move-X11-config-directives-to-displayse.patch

    (fetchpatch {

      url = "https://github.com/gnif/LookingGlass/commit/20972cfd9b940fddf9e7f3d2887a271d16398979.patch";

      hash = "sha256-CqB8AmOZ4YxnEsQkyu/ZEaun6ywpSh4B7PM+MFJF0qU=";

      stripLen = 1;

    })

  ];

  nativeBuildInputs = [ cmake pkg-config wayland-scanner ];

{ lib, stdenv, kernel, looking-glass-client }:

{ lib, stdenv, fetchpatch, kernel, looking-glass-client }:

stdenv.mkDerivation {

  pname = "kvmfr";

  hardeningDisable = [ "pic" "format" ];

  nativeBuildInputs = kernel.moduleBuildDependencies;

  patches = [

    # fix build for linux-6_10

    (fetchpatch {

      url = "https://github.com/gnif/LookingGlass/commit/7305ce36af211220419eeab302ff28793d515df2.patch";

      hash = "sha256-97nZsIH+jKCvSIPf1XPf3i8Wbr24almFZzMOhjhLOYk=";

      stripLen = 1;

    })

    # securtiy patch for potential buffer overflow

    # https://github.com/gnif/LookingGlass/issues/1133

    (fetchpatch {

      url = "https://github.com/gnif/LookingGlass/commit/3ea37b86e38a87ee35eefb5d8fcc38b8dc8e2903.patch";

      hash = "sha256-Kk1gN1uB86ZJA374zmzM9dwwfMZExJcix3hee7ifpp0=";

      stripLen = 1;

    })

  ];

  makeFlags = [

    "KVER=${kernel.modDirVersion}"

    "KDIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"