Compare commits
No commits in common. "c7f946ba9d4def21abae6ad8b7ea9c4c345f4ff0" and "1da3ccb8ecab0b9f994abeae750b7766cfb88664" have entirely different histories.
c7f946ba9d
...
1da3ccb8ec
@ -1,38 +0,0 @@
|
|||||||
From 95a0cfac8a1c8eff50f05e65df945da3bb501fc9 Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Julien=20Rop=C3=A9?= <jrope@redhat.com>
|
|
||||||
Date: Thu, 3 Dec 2020 09:33:48 +0100
|
|
||||||
Subject: [PATCH] With OpenSSL 1.0.2 and earlier: disable client-side
|
|
||||||
renegotiation.
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
Fixed issue #49
|
|
||||||
Fixes BZ#1904459
|
|
||||||
|
|
||||||
Signed-off-by: Julien Rop茅 <jrope@redhat.com>
|
|
||||||
Reported-by: BlackKD
|
|
||||||
Acked-by: Frediano Ziglio <fziglio@redhat.com>
|
|
||||||
---
|
|
||||||
server/red-stream.c | 5 +++++
|
|
||||||
1 file changed, 5 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/server/red-stream.c b/server/red-stream.c
|
|
||||||
index 2c13aa2..c6f5ff7 100644
|
|
||||||
--- a/server/red-stream.c
|
|
||||||
+++ b/server/red-stream.c
|
|
||||||
@@ -523,6 +523,11 @@ RedStreamSslStatus red_stream_ssl_accept(RedStream *stream)
|
|
||||||
return RED_STREAM_SSL_STATUS_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
+#ifndef SSL_OP_NO_RENEGOTIATION
|
|
||||||
+ // With OpenSSL 1.0.2 and earlier: disable client-side renogotiation
|
|
||||||
+ stream->priv->ssl->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
ssl_error = SSL_get_error(stream->priv->ssl, return_code);
|
|
||||||
if (return_code == -1 && (ssl_error == SSL_ERROR_WANT_READ ||
|
|
||||||
ssl_error == SSL_ERROR_WANT_WRITE)) {
|
|
||||||
--
|
|
||||||
2.23.0
|
|
||||||
|
|
||||||
@ -1,36 +0,0 @@
|
|||||||
From ca5bbc5692e052159bce1a75f55dc60b36078749 Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Julien=20Rop=C3=A9?= <jrope@redhat.com>
|
|
||||||
Date: Wed, 2 Dec 2020 13:39:27 +0100
|
|
||||||
Subject: [PATCH] With OpenSSL 1.1: Disable client-initiated renegotiation.
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
Fixes issue #49
|
|
||||||
Fixes BZ#1904459
|
|
||||||
|
|
||||||
Signed-off-by: Julien Rop茅 <jrope@redhat.com>
|
|
||||||
Reported-by: BlackKD
|
|
||||||
Acked-by: Frediano Ziglio <fziglio@redhat.com>
|
|
||||||
---
|
|
||||||
server/reds.c | 4 ++++
|
|
||||||
1 file changed, 4 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/server/reds.c b/server/reds.c
|
|
||||||
index ee8cf38..810b7e9 100644
|
|
||||||
--- a/server/reds.c
|
|
||||||
+++ b/server/reds.c
|
|
||||||
@@ -2862,6 +2862,10 @@ static int reds_init_ssl(RedsState *reds)
|
|
||||||
* When some other SSL/TLS version becomes obsolete, add it to this
|
|
||||||
* variable. */
|
|
||||||
long ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION | SSL_OP_NO_TLSv1;
|
|
||||||
+#ifdef SSL_OP_NO_RENEGOTIATION
|
|
||||||
+ // With OpenSSL 1.1: Disable all renegotiation in TLSv1.2 and earlier
|
|
||||||
+ ssl_options |= SSL_OP_NO_RENEGOTIATION;
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
/* Global system initialization*/
|
|
||||||
openssl_global_init();
|
|
||||||
--
|
|
||||||
2.23.0
|
|
||||||
|
|
||||||
23
spice.spec
23
spice.spec
@ -1,6 +1,6 @@
|
|||||||
Name: spice
|
Name: spice
|
||||||
Version: 0.14.3
|
Version: 0.14.3
|
||||||
Release: 6
|
Release: 2
|
||||||
Summary: Implements the SPICE protocol
|
Summary: Implements the SPICE protocol
|
||||||
Group: User Interface/Desktops
|
Group: User Interface/Desktops
|
||||||
License: LGPLv2+
|
License: LGPLv2+
|
||||||
@ -13,10 +13,8 @@ Patch6000: backport-0001-CVE-2020-14355.patch
|
|||||||
Patch6001: backport-0002-CVE-2020-14355.patch
|
Patch6001: backport-0002-CVE-2020-14355.patch
|
||||||
Patch6002: backport-0003-CVE-2020-14355.patch
|
Patch6002: backport-0003-CVE-2020-14355.patch
|
||||||
Patch6003: backport-0004-CVE-2020-14355.patch
|
Patch6003: backport-0004-CVE-2020-14355.patch
|
||||||
Patch6004: backport-0001-CVE-2021-20201.patch
|
|
||||||
Patch6005: backport-0002-CVE-2021-20201.patch
|
|
||||||
|
|
||||||
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64 sw_64 riscv64 loongarch64
|
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64
|
||||||
|
|
||||||
BuildRequires: gcc pkgconfig glib2-devel spice-protocol >= 0.14.0 opus-devel git-core gnupg2
|
BuildRequires: gcc pkgconfig glib2-devel spice-protocol >= 0.14.0 opus-devel git-core gnupg2
|
||||||
BuildRequires: pixman-devel openssl-devel libjpeg-devel libcacard-devel cyrus-sasl-devel
|
BuildRequires: pixman-devel openssl-devel libjpeg-devel libcacard-devel cyrus-sasl-devel
|
||||||
@ -77,25 +75,10 @@ install -d %{buildroot}%{_libexecdir}
|
|||||||
%doc README
|
%doc README
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Fri Aug 11 2023 yeqinglong <yeqinglong@kylinsec.com.cn> - 0.14.3-6
|
|
||||||
- add loongarch64 support
|
|
||||||
|
|
||||||
* Mon Jun 26 2023 wangjunqiang <wangjunqiang@iscas.ac.cn> - 0.14.3-5
|
|
||||||
- Add riscv64 to ExclusiveArch
|
|
||||||
|
|
||||||
* Thu Nov 3 2022 wuzx<wuzx1226@qq.com> - 0.14.3-4
|
|
||||||
- Add sw64 architecture
|
|
||||||
|
|
||||||
* Mon Jun 07 2021 wangkerong <wangkerong@huawei.com> - 0.14.3-3
|
|
||||||
- Type:CVE
|
|
||||||
- Id:CVE-2021-20201
|
|
||||||
- SUG:NA
|
|
||||||
- DESC:fix CVE-2021-20201
|
|
||||||
|
|
||||||
* Tue Feb 23 2021 jinzhimin <jinzhimin2@huawei.com> - 0.14.3-2
|
* Tue Feb 23 2021 jinzhimin <jinzhimin2@huawei.com> - 0.14.3-2
|
||||||
- fix CVE-2020-14355
|
- fix CVE-2020-14355
|
||||||
|
|
||||||
* Sun Oct 4 2020 jinzhimin<jinzhimin2@huawei.com> - 0.14.3-1
|
* Tues Oct 4 2020 jinzhimin<jinzhimin2@huawei.com> - 0.14.3-1
|
||||||
- update to 0.14.3
|
- update to 0.14.3
|
||||||
|
|
||||||
* Fri Oct 11 2019 openEuler Buildteam <buildteam@openeuler.org> - 0.14.0-6
|
* Fri Oct 11 2019 openEuler Buildteam <buildteam@openeuler.org> - 0.14.0-6
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user