!34 add loongarch64 support

From: @panchenbo Reviewed-by: @weidongkl Signed-off-by: @weidongkl
add loongarch64 support
2023-09-26 14:57:05 +00:00 · 2023-09-26 20:25:44 +08:00 · 2023-07-05 08:45:18 +00:00 · 2023-06-26 15:34:45 +08:00 · 2022-12-12 12:13:09 +00:00 · 2022-11-17 13:36:29 +00:00
3 changed files with 94 additions and 3 deletions
--- a/backport-0001-CVE-2021-20201.patch
+++ b/backport-0001-CVE-2021-20201.patch
@ -0,0 +1,38 @@
+From 95a0cfac8a1c8eff50f05e65df945da3bb501fc9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Julien=20Rop=C3=A9?= <jrope@redhat.com>
+Date: Thu, 3 Dec 2020 09:33:48 +0100
+Subject: [PATCH] With OpenSSL 1.0.2 and earlier: disable client-side
+ renegotiation.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fixed issue #49
+Fixes BZ#1904459
+
+Signed-off-by: Julien Rop茅 <jrope@redhat.com>
+Reported-by: BlackKD
+Acked-by: Frediano Ziglio <fziglio@redhat.com>
+---
+ server/red-stream.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/server/red-stream.c b/server/red-stream.c
+index 2c13aa2..c6f5ff7 100644
+--- a/server/red-stream.c
+++ b/server/red-stream.c
+@@ -523,6 +523,11 @@ RedStreamSslStatus red_stream_ssl_accept(RedStream *stream)
+         return RED_STREAM_SSL_STATUS_OK;
+     }
+ 
+#ifndef SSL_OP_NO_RENEGOTIATION
+    // With OpenSSL 1.0.2 and earlier: disable client-side renogotiation
+    stream->priv->ssl->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
+#endif
+
+     ssl_error = SSL_get_error(stream->priv->ssl, return_code);
+     if (return_code == -1 && (ssl_error == SSL_ERROR_WANT_READ ||
+                               ssl_error == SSL_ERROR_WANT_WRITE)) {
+-- 
+2.23.0
+
--- a/backport-0002-CVE-2021-20201.patch
+++ b/backport-0002-CVE-2021-20201.patch
@ -0,0 +1,36 @@
+From ca5bbc5692e052159bce1a75f55dc60b36078749 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Julien=20Rop=C3=A9?= <jrope@redhat.com>
+Date: Wed, 2 Dec 2020 13:39:27 +0100
+Subject: [PATCH] With OpenSSL 1.1: Disable client-initiated renegotiation.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fixes issue #49
+Fixes BZ#1904459
+
+Signed-off-by: Julien Rop茅 <jrope@redhat.com>
+Reported-by: BlackKD
+Acked-by: Frediano Ziglio <fziglio@redhat.com>
+---
+ server/reds.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/server/reds.c b/server/reds.c
+index ee8cf38..810b7e9 100644
+--- a/server/reds.c
+++ b/server/reds.c
+@@ -2862,6 +2862,10 @@ static int reds_init_ssl(RedsState *reds)
+      * When some other SSL/TLS version becomes obsolete, add it to this
+      * variable. */
+     long ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION | SSL_OP_NO_TLSv1;
+#ifdef SSL_OP_NO_RENEGOTIATION
+    // With OpenSSL 1.1: Disable all renegotiation in TLSv1.2 and earlier
+    ssl_options |= SSL_OP_NO_RENEGOTIATION;
+#endif
+ 
+     /* Global system initialization*/
+     openssl_global_init();
+-- 
+2.23.0
+
--- a/spice.spec
+++ b/spice.spec
@ -1,6 +1,6 @@
 Name:           spice
 Version:        0.14.3
-Release:        2
+Release:        6
 Summary:        Implements the SPICE protocol
 Group:          User Interface/Desktops
 License:        LGPLv2+
@ -13,8 +13,10 @@ Patch6000:      backport-0001-CVE-2020-14355.patch
 Patch6001:      backport-0002-CVE-2020-14355.patch
 Patch6002:      backport-0003-CVE-2020-14355.patch
 Patch6003:      backport-0004-CVE-2020-14355.patch
+Patch6004:      backport-0001-CVE-2021-20201.patch
+Patch6005:      backport-0002-CVE-2021-20201.patch

-ExclusiveArch:  %{ix86} x86_64 %{arm} aarch64
+ExclusiveArch:  %{ix86} x86_64 %{arm} aarch64 sw_64 riscv64 loongarch64

 BuildRequires:  gcc pkgconfig glib2-devel spice-protocol >= 0.14.0 opus-devel git-core gnupg2
 BuildRequires:  pixman-devel openssl-devel libjpeg-devel libcacard-devel cyrus-sasl-devel
@ -75,10 +77,25 @@ install -d  %{buildroot}%{_libexecdir}
 %doc README

 %changelog
+* Fri Aug 11 2023 yeqinglong <yeqinglong@kylinsec.com.cn> - 0.14.3-6
+- add loongarch64 support
+
+* Mon Jun 26 2023 wangjunqiang <wangjunqiang@iscas.ac.cn> - 0.14.3-5
+- Add riscv64 to ExclusiveArch
+
+* Thu Nov 3 2022 wuzx<wuzx1226@qq.com> - 0.14.3-4
+- Add sw64 architecture
+
+* Mon Jun 07 2021 wangkerong <wangkerong@huawei.com> - 0.14.3-3
+- Type:CVE
+- Id:CVE-2021-20201
+- SUG:NA
+- DESC:fix CVE-2021-20201
+
 * Tue Feb 23 2021 jinzhimin <jinzhimin2@huawei.com> - 0.14.3-2
 - fix CVE-2020-14355

-* Tues Oct 4 2020 jinzhimin<jinzhimin2@huawei.com> - 0.14.3-1
+* Sun Oct 4 2020 jinzhimin<jinzhimin2@huawei.com> - 0.14.3-1
 - update to 0.14.3

 * Fri Oct 11 2019 openEuler Buildteam <buildteam@openeuler.org> - 0.14.0-6
Author	SHA1	Message	Date
openeuler-ci-bot	c7f946ba9d	!34 add loongarch64 support From: @panchenbo Reviewed-by: @weidongkl Signed-off-by: @weidongkl	2023-09-26 14:57:05 +00:00
panchenbo	2c3ba1b98b	add loongarch64 support	2023-09-26 20:25:44 +08:00
openeuler-ci-bot	26b791852a	!29 将riscv64加入支持的架构 From: @laokz Reviewed-by: @t_feng Signed-off-by: @t_feng	2023-07-05 08:45:18 +00:00
wangjunqiang	a9167f4850	add riscv64 to ExclusiveArch	2023-06-26 15:34:45 +08:00
openeuler-ci-bot	fa75b5f3ca	!18 【轻量级 PR】：fix bogus date in %changelog From: @zhangkea Reviewed-by: @t_feng Signed-off-by: @t_feng	2022-12-12 12:13:09 +00:00
openeuler-ci-bot	ad81082122	!20 [sync] PR-19: 添加sw架构 From: @openeuler-sync-bot Reviewed-by: @t_feng Signed-off-by: @t_feng	2022-11-17 13:36:29 +00:00
wzx	3fa96be19d	Add sw64 architecture Signed-off-by: wzx <wuzx1226@qq.com> (cherry picked from commit 0576dcf7a5cf79b6d7cbf5401f3d68d310e82e53)	2022-11-17 21:25:24 +08:00
zhangkea	8319efef57	fix bogus date in %changelog	2022-06-17 17:50:51 +08:00
openeuler-ci-bot	e55fc467e1	!11 fix CVE-2021-20201 From: @kerongw Reviewed-by: @shirely16,@yanan-rock Signed-off-by: @yanan-rock	2021-06-09 09:23:32 +08:00
wangkerong	1aee214193	fix cve-2021-20201	2021-06-07 15:00:28 +08:00