Update to core24, use newer qemu-virgil update gnome-boxes to 47 and depedency to stable releases and support USB redirection

patches/gnome-boxes-explain-usb-error.patch

@@ -0,0 +1,60 @@
+diff --git a/src/spice-display.vala b/src/spice-display.vala
+index 166f428..8db3c09 100644
+--- a/src/spice-display.vala
++++ b/src/spice-display.vala
+@@ -60,6 +60,8 @@ private string get_box_name () {
+                 var box_name = get_box_name ();
+                 got_error (_("Redirection of USB device “%s” for “%s” failed").printf (device_description, box_name));
+                 debug ("Error connecting %s to %s: %s", device_description, box_name, err.message);
++
++                show_usb_access_dialog (dev);
+             });
+         } catch (GLib.Error error) {
+         }
+@@ -455,6 +457,8 @@ public GLib.ListStore get_usb_devices_model () {
+                         debug ("Error connecting %s to %s: %s",
+                                device_desc,
+                                box_name, err.message);
++
++                        show_usb_access_dialog (dev);
+                     }
+                 });
+             });
+@@ -465,6 +469,37 @@ public GLib.ListStore get_usb_devices_model () {
+         return model;
+     }
+
++    private void show_usb_access_dialog (Spice.UsbDevice dev) {
++        var libusb_dev = (LibUSB.Device) dev.get_libusb_device ();
++        var dev_path = "/dev/bus/usb/%03u/%03d".printf (libusb_dev.get_bus_number (),
++            libusb_dev.get_device_address());
++
++        if (Posix.access (dev_path, Posix.R_OK | Posix.W_OK) == 0)
++            return;
++
++        var device_desc = dev.get_description ("%1$s %2$s");
++        var dialog = new Gtk.Dialog.with_buttons ("User has no permissions on %s".printf (device_desc),
++                                                  get_display (0).get_toplevel () as Gtk.Window,
++                                                  Gtk.DialogFlags.MODAL | Gtk.DialogFlags.DESTROY_WITH_PARENT,
++                                                  _("_OK"),
++                                                  Gtk.ResponseType.NONE,
++                                                  null);
++
++        var label = new Gtk.Label(("Launch the command from the host:\n\n" +
++            "  sudo setfacl -m u:%s:rw %s\n\n" +
++            "to give the user readwrite permissions on the device").printf (
++                Environment.get_user_name(), dev_path));
++        label.selectable = true;
++        label.margin_top = 24;
++        label.margin_bottom = 12;
++        label.margin_start = 12;
++        label.margin_end = 24;
++        (dialog.get_content_area () as Gtk.Container).add (label);
++
++        dialog.response.connect(() => dialog.destroy ());
++        dialog.show_all ();
++    }
++
+     private bool is_usb_kbd_or_mouse (uint8 class, uint8 subclass, uint8 protocol) {
+         var ret = false;
+

patches/libspice-gtk-permissions-error-explain.patch

@@ -0,0 +1,23 @@
+diff --git a/src/spice-client-glib-usb-acl-helper.c b/src/spice-client-glib-usb-acl-helper.c
+index 17113e6..53622b5 100644
+--- a/src/spice-client-glib-usb-acl-helper.c
++++ b/src/spice-client-glib-usb-acl-helper.c
+@@ -194,9 +194,16 @@ static void check_authorization_cb(PolkitAuthority *authority,
+         FATAL_ERROR("%s is not a character device\n", path);
+         return;
+     }
++    if (access(path, W_OK) != 0 || access(path, R_OK) != 0) {
++        g_autofree char *summary = NULL;
++        g_autofree char *message = NULL;
+
+-    if (set_facl(path, getuid(), 1)) {
+-        FATAL_ERROR("setting facl: %s\n", strerror(errno));
++        summary = g_strdup_printf("User has no permissions on %s", path);
++        message = g_strdup_printf("Launch the command `sudo setfacl -m u:%s:rw %s` from the host to "
++                                  "give your user readwrite permissions on such device",
++                                  g_get_user_name(), path);
++
++        FATAL_ERROR("%s.\n%s\n", summary, message);
+         return;
+     }
+

patches/libvirt-CVE-2024-8235.patch

@@ -0,0 +1,92 @@
+From 8dfb12cb77996519901b8d52c754ab564ebd10e8 Mon Sep 17 00:00:00 2001
+From: Peter Krempa <[email protected]>
+Date: Wed, 21 Aug 2024 15:18:31 +0200
+Subject: [PATCH] udevListInterfaces: Honour array length for zero-length NULL
+ arrays (CVE-2024-8235)
+
+The refactor of 'udevListInterfacesByStatus()' which attempted to make
+it usable as backend for 'udevNumOfInterfacesByStatus()' neglected to
+consider the corner case of 'g_new0(..., 0)' returning NULL if the user
+actually requests 0 elements.
+
+As the code was modified to report the full number of interfaces in the
+system when the list of names is NULL, the RPC code would be asked to
+serialize a NULL-list of interface names with declared lenth of 1+
+causing a crash.
+
+To fix this corner case we make callers pass '-1' as @names_len (it's
+conveniently an 'int' due to RPC type usage) if they don't wish to fetch
+the actual list and convert all decisions to be done on @names_len being
+non-negative instead of @names being non-NULL.
+
+CVE-2024-8235
+
+Fixes: bc596f275129bc11b2c4bcf737d380c9e8aeb72d
+Resolves: https://issues.redhat.com/browse/RHEL-55373
+Reported-by: Yanqiu Zhang  <[email protected]>
+Signed-off-by: Peter Krempa <[email protected]>
+Reviewed-by: Martin Kletzander <[email protected]>
+---
+ src/interface/interface_backend_udev.c | 14 ++++++++------
+ 1 file changed, 8 insertions(+), 6 deletions(-)
+
+diff --git a/src/interface/interface_backend_udev.c b/src/interface/interface_backend_udev.c
+index e1a50389c9..48eacdcdc2 100644
+--- a/src/interface/interface_backend_udev.c
++++ b/src/interface/interface_backend_udev.c
+@@ -143,12 +143,13 @@ udevGetDevices(struct udev *udev, virUdevStatus status)
+  *
+  * @conn: connection object
+  * @names: optional pointer to array to be filled with interface names
+- * @names_len: size of @names
++ * @names_len: size of @names, -1 if only number of interfaces is required (@names is then ignored)
+  * @status: status of interfaces to be listed
+  * @filter: ACL filter function
+  *
+  * Lists interfaces with status matching @status filling them into @names (if
+- * non-NULL) and returns the number of such interfaces.
++ * @names_len is positive, caller is expected to pass a properly sized array)
++ * and returns the number of such interfaces.
+  *
+  * In case of an error -1 is returned and no interfaces are filled into @names.
+  */
+@@ -189,7 +190,7 @@ udevListInterfacesByStatus(virConnectPtr conn,
+         g_autoptr(virInterfaceDef) def = NULL;
+
+         /* Ensure we won't exceed the size of our array */
+-        if (names && count >= names_len)
++        if (names_len >= 0 && count >= names_len)
+             break;
+
+         path = udev_list_entry_get_name(dev_entry);
+@@ -204,7 +205,8 @@ udevListInterfacesByStatus(virConnectPtr conn,
+
+         def = udevGetMinimalDefForDevice(dev);
+         if (filter(conn, def)) {
+-            if (names)
++            /* Fill the array only if caller want's it */
++            if (names_len >= 0)
+                 names[count] = g_strdup(name);
+             count++;
+         }
+@@ -224,7 +226,7 @@ udevConnectNumOfInterfaces(virConnectPtr conn)
+     if (virConnectNumOfInterfacesEnsureACL(conn) < 0)
+         return -1;
+
+-    return udevListInterfacesByStatus(conn, NULL, 0, VIR_UDEV_IFACE_ACTIVE,
++    return udevListInterfacesByStatus(conn, NULL, -1, VIR_UDEV_IFACE_ACTIVE,
+                                       virConnectNumOfInterfacesCheckACL);
+ }
+
+@@ -247,7 +249,7 @@ udevConnectNumOfDefinedInterfaces(virConnectPtr conn)
+     if (virConnectNumOfDefinedInterfacesEnsureACL(conn) < 0)
+         return -1;
+
+-    return udevListInterfacesByStatus(conn, NULL, 0, VIR_UDEV_IFACE_INACTIVE,
++    return udevListInterfacesByStatus(conn, NULL, -1, VIR_UDEV_IFACE_INACTIVE,
+                                       virConnectNumOfDefinedInterfacesCheckACL);
+ }
+
+-- 
+GitLab
+

patches/libvirt-qemu.patch

@@ -1,10 +1,10 @@
 diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
-index 4195042..e8c1028 100644
+index 6db48b0..64f8e9c 100644
 --- a/src/qemu/qemu_process.c
 +++ b/src/qemu/qemu_process.c
-@@ -8368,6 +8368,7 @@ qemuProcessQMPNew(const char *binary,
+@@ -9832,6 +9832,7 @@ qemuProcessQMPNew(const char *binary,
  static int
- qemuProcessQEMULabelUniqPath(qemuProcessQMPPtr proc)
+ qemuProcessQEMULabelUniqPath(qemuProcessQMP *proc)
  {
 +    return 0;
      /* We cannot use the security driver here, but we should not need to. */

scripts/launcher.sh

@@ -1,8 +1,8 @@
 #! /bin/sh
 
 cleanup() {
-    [ -e /tmp/libvirt.pid ] && pkill -F /tmp/libvirt.pid
-    [ -e /tmp/virtlogd.pid ] && pkill -F /tmp/virtlogd.pid
+    [ -e "$XDG_RUNTIME_DIR"/libvirt.pid ] && pkill -F "$XDG_RUNTIME_DIR"/libvirt.pid
+    [ -e "$XDG_RUNTIME_DIR"/virtlogd.pid ] && pkill -F "$XDG_RUNTIME_DIR"/virtlogd.pid
 }
 
 trap 'cleanup' EXIT HUP INT QUIT TERM
@@ -11,12 +11,12 @@ export HOME="/home/$USER/snap/$SNAP_NAME/current"
 export XDG_DATA_HOME="$HOME/.local/share"
 export XDG_CONFIG_HOME="$HOME/.config"
 export PATH="/usr/bin:$PATH"
-export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$SNAP/usr/lib/x86_64-linux-gnu/ceph:$SNAP/usr/lib:$SNAP/lib:$SNAP/lib/x86_64-linux-gnu:$SNAP/usr/lib/x86_64-linux-gnu"
+export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$SNAP/usr/lib/$SNAP_LAUNCHER_ARCH_TRIPLET/ceph:$SNAP/usr/lib:$SNAP/lib:$SNAP/lib/$SNAP_LAUNCHER_ARCH_TRIPLET:$SNAP/usr/lib/$SNAP_LAUNCHER_ARCH_TRIPLET"
 
 echo Launching libvirtd
-libvirtd -d -p /tmp/libvirt.pid
+libvirtd -d -p "$XDG_RUNTIME_DIR"/libvirt.pid
 
 echo Launching virtlogd
-virtlogd -d -p /tmp/virtlogd.pid
+virtlogd -d -p "$XDG_RUNTIME_DIR"/virtlogd.pid
 
 "$@"