Compare commits
2 Commits
imports/c8
...
c8
Author | SHA1 | Date |
---|---|---|
CentOS Sources | 51ec88c178 | |
CentOS Sources | e5b6a55a69 |
|
@ -1,2 +1,2 @@
|
|||
SOURCES/spice-0.14.2.tar.bz2
|
||||
SOURCES/spice-0.14.3.tar.bz2
|
||||
SOURCES/victortoso-E37A484F.keyring
|
||||
|
|
|
@ -1,2 +1,2 @@
|
|||
83a93e47546d496cf2dcc3f4641db3a285044b9e SOURCES/spice-0.14.2.tar.bz2
|
||||
f5968dd5df5f64805d093b4c85b4165959e6c65b SOURCES/spice-0.14.3.tar.bz2
|
||||
da7a529db1ea28a1540c5892ea9836abeb378c3e SOURCES/victortoso-E37A484F.keyring
|
||||
|
|
|
@ -0,0 +1,32 @@
|
|||
From b8f4d7d2c7a3d08a82f4bc7588cdff15cee54292 Mon Sep 17 00:00:00 2001
|
||||
From: Frediano Ziglio <freddy77@gmail.com>
|
||||
Date: Tue, 16 Jun 2020 11:49:19 +0100
|
||||
Subject: [PATCH] websocket: Fix possible integer overflow
|
||||
|
||||
The shift of a uint_8 number by a number > 32 causes an overflow.
|
||||
|
||||
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
|
||||
Acked-by: Uri Lublin <ulublin@redhat.com>
|
||||
---
|
||||
server/websocket.c | 5 +++--
|
||||
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/server/websocket.c b/server/websocket.c
|
||||
index f5df63f8..82b20b49 100644
|
||||
--- a/server/websocket.c
|
||||
+++ b/server/websocket.c
|
||||
@@ -165,8 +165,9 @@ static uint64_t extract_length(const uint8_t *buf, int *used)
|
||||
case LENGTH_64BIT:
|
||||
*used += 8;
|
||||
outlen = 0;
|
||||
- for (i = 56; i >= 0; i -= 8) {
|
||||
- outlen |= (*buf++) << i;
|
||||
+ for (i = 0; i < 8; ++i) {
|
||||
+ outlen <<= 8;
|
||||
+ outlen |= *buf++;
|
||||
}
|
||||
break;
|
||||
|
||||
--
|
||||
2.26.2
|
||||
|
|
@ -0,0 +1,41 @@
|
|||
From 954eabaeb76a0f93a32210b6bf63157ad2c0fb22 Mon Sep 17 00:00:00 2001
|
||||
From: Uri Lublin <uril@redhat.com>
|
||||
Date: Wed, 17 Jun 2020 11:52:05 +0300
|
||||
Subject: [PATCH] test-websocket: check setsockopt return value
|
||||
|
||||
Acked-by: Frediano Ziglio <fziglio@redhat.com>
|
||||
---
|
||||
server/tests/test-websocket.c | 10 ++++++++--
|
||||
1 file changed, 8 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/server/tests/test-websocket.c b/server/tests/test-websocket.c
|
||||
index 2115411e..701f5408 100644
|
||||
--- a/server/tests/test-websocket.c
|
||||
+++ b/server/tests/test-websocket.c
|
||||
@@ -146,7 +146,10 @@ main(int argc, char **argv)
|
||||
}
|
||||
|
||||
int enable = 1;
|
||||
- setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &enable, sizeof(enable));
|
||||
+ if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR,
|
||||
+ (const void *) &enable, sizeof(enable)) < 0) {
|
||||
+ err(1, "setsockopt reuseaddr");
|
||||
+ }
|
||||
|
||||
if (non_blocking) {
|
||||
red_socket_set_non_blocking(sock, true);
|
||||
@@ -200,7 +203,10 @@ handle_client(int new_sock)
|
||||
}
|
||||
|
||||
int enable = 1;
|
||||
- setsockopt(new_sock, SOL_TCP, TCP_NODELAY, (const void *) &enable, sizeof(enable));
|
||||
+ if (setsockopt(new_sock, SOL_TCP, TCP_NODELAY,
|
||||
+ (const void *) &enable, sizeof(enable)) < 0) {
|
||||
+ err(1, "setsockopt nodelay");
|
||||
+ }
|
||||
|
||||
// wait header
|
||||
wait_for(new_sock, POLLIN);
|
||||
--
|
||||
2.26.2
|
||||
|
|
@ -0,0 +1,38 @@
|
|||
From 95a0cfac8a1c8eff50f05e65df945da3bb501fc9 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Julien=20Rop=C3=A9?= <jrope@redhat.com>
|
||||
Date: Thu, 3 Dec 2020 09:33:48 +0100
|
||||
Subject: [PATCH] With OpenSSL 1.0.2 and earlier: disable client-side
|
||||
renegotiation.
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Fixed issue #49
|
||||
Fixes BZ#1904459
|
||||
|
||||
Signed-off-by: Julien Ropé <jrope@redhat.com>
|
||||
Reported-by: BlackKD
|
||||
Acked-by: Frediano Ziglio <fziglio@redhat.com>
|
||||
---
|
||||
server/red-stream.cpp | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/server/red-stream.cpp b/server/red-stream.cpp
|
||||
index 420433bd..c1f0f00c 100644
|
||||
--- a/server/red-stream.c
|
||||
+++ b/server/red-stream.c
|
||||
@@ -523,6 +523,11 @@ RedStreamSslStatus red_stream_ssl_accept(RedStream *stream)
|
||||
return RED_STREAM_SSL_STATUS_OK;
|
||||
}
|
||||
|
||||
+#ifndef SSL_OP_NO_RENEGOTIATION
|
||||
+ // With OpenSSL 1.0.2 and earlier: disable client-side renogotiation
|
||||
+ stream->priv->ssl->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
|
||||
+#endif
|
||||
+
|
||||
ssl_error = SSL_get_error(stream->priv->ssl, return_code);
|
||||
if (return_code == -1 && (ssl_error == SSL_ERROR_WANT_READ ||
|
||||
ssl_error == SSL_ERROR_WANT_WRITE)) {
|
||||
--
|
||||
2.29.2
|
||||
|
|
@ -0,0 +1,36 @@
|
|||
From ca5bbc5692e052159bce1a75f55dc60b36078749 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Julien=20Rop=C3=A9?= <jrope@redhat.com>
|
||||
Date: Wed, 2 Dec 2020 13:39:27 +0100
|
||||
Subject: [PATCH 1/2] With OpenSSL 1.1: Disable client-initiated renegotiation.
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Fixes issue #49
|
||||
Fixes BZ#1904459
|
||||
|
||||
Signed-off-by: Julien Ropé <jrope@redhat.com>
|
||||
Reported-by: BlackKD
|
||||
Acked-by: Frediano Ziglio <fziglio@redhat.com>
|
||||
---
|
||||
server/reds.cpp | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/server/reds.cpp b/server/reds.cpp
|
||||
index fe69508e..f61086cb 100644
|
||||
--- a/server/reds.c
|
||||
+++ b/server/reds.c
|
||||
@@ -2862,6 +2862,10 @@ static int reds_init_ssl(RedsState *reds)
|
||||
* When some other SSL/TLS version becomes obsolete, add it to this
|
||||
* variable. */
|
||||
long ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION | SSL_OP_NO_TLSv1;
|
||||
+#ifdef SSL_OP_NO_RENEGOTIATION
|
||||
+ // With OpenSSL 1.1: Disable all renegotiation in TLSv1.2 and earlier
|
||||
+ ssl_options |= SSL_OP_NO_RENEGOTIATION;
|
||||
+#endif
|
||||
|
||||
/* Global system initialization*/
|
||||
openssl_global_init();
|
||||
--
|
||||
2.29.2
|
||||
|
Binary file not shown.
Binary file not shown.
|
@ -1,6 +1,6 @@
|
|||
Name: spice
|
||||
Version: 0.14.2
|
||||
Release: 1%{?dist}.1
|
||||
Version: 0.14.3
|
||||
Release: 4%{?dist}
|
||||
Summary: Implements the SPICE protocol
|
||||
Group: User Interface/Desktops
|
||||
License: LGPLv2+
|
||||
|
@ -13,6 +13,11 @@ Patch2: 0002-quic-Check-image-size-in-quic_decode_begin.patch
|
|||
Patch3: 0003-quic-Check-RLE-lengths.patch
|
||||
Patch4: 0004-quic-Avoid-possible-buffer-overflow-in-find_bucket.patch
|
||||
|
||||
Patch5: 0005-websocket-Fix-possible-integer-overflow.patch
|
||||
Patch6: 0006-test-websocket-check-setsockopt-return-value.patch
|
||||
Patch7: 0007-OpenSSL-1.0.2-disable-client-side-renegotiation.patch
|
||||
Patch8: 0008-OpenSSL-1.1-disable-client-side-renegotiation.patch
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=613529
|
||||
%if 0%{?rhel} && 0%{?rhel} <= 7
|
||||
ExclusiveArch: x86_64
|
||||
|
@ -46,7 +51,6 @@ variety of machine architectures.
|
|||
%package server
|
||||
Summary: Implements the server side of the SPICE protocol
|
||||
Group: System Environment/Libraries
|
||||
Obsoletes: spice-client < %{version}-%{release}
|
||||
|
||||
%description server
|
||||
The Simple Protocol for Independent Computing Environments (SPICE) is
|
||||
|
@ -100,7 +104,7 @@ mkdir -p %{buildroot}%{_libexecdir}
|
|||
%files server
|
||||
%{!?_licensedir:%global license %%doc}
|
||||
%license COPYING
|
||||
%doc README NEWS
|
||||
%doc README CHANGELOG.md
|
||||
%{_libdir}/libspice-server.so.1*
|
||||
|
||||
%files server-devel
|
||||
|
@ -110,9 +114,22 @@ mkdir -p %{buildroot}%{_libexecdir}
|
|||
|
||||
|
||||
%changelog
|
||||
* Wed Sep 2 2020 Frediano Ziglio <fziglio@redhat.com> - 0.14.2-1.1
|
||||
* Tue Jan 19 2021 Julien Ropé <jrope@redhat.com> - 0.14.3-4
|
||||
- Disable client-side renegotiation to prevent potential DoS
|
||||
Resolves: rhbz#1904459
|
||||
|
||||
* Wed Jun 17 2020 Uri Lublin <uril@redhat.com> - 0.14.3-3
|
||||
- Fix some static analyzer issues
|
||||
- Removed Obsoletes line for spice-client
|
||||
Related: rhbz#1840240
|
||||
|
||||
* Mon Jun 1 2020 Frediano Ziglio <fziglio@redhat.com> - 0.14.3-2
|
||||
- Fix multiple buffer overflows in QUIC decoding code
|
||||
Resolves: CVE-2020-14355
|
||||
Resolves: rhbz#1829946
|
||||
|
||||
* Thu May 28 2020 Frediano Ziglio <fziglio@redhat.com> - 0.14.3-1
|
||||
- Update to 0.14.3
|
||||
Revolves: rhbz#1840240
|
||||
|
||||
* Fri May 17 2019 Victor Toso <victortoso@redhat.com> - 0.14.2-1
|
||||
- Update to 0.14.2
|
||||
|
|
Loading…
Reference in New Issue