diff options
| author | Peter Korsgaard <peter@korsgaard.com> | 2018-10-17 11:45:19 +0200 |
|---|---|---|
| committer | Peter Korsgaard <peter@korsgaard.com> | 2018-10-20 15:35:04 +0200 |
| commit | f33f7a4f6407f624edb4b4ffe54cb09e029a49b2 (patch) | |
| tree | 6456847b016f1e2443ef77de4e776e4154bec142 /package/spice/0003-main-channel-Prevent-overflow-reading-messages-from-.patch | |
| parent | de8a4b747fb82f4a260d7d0451eaf99dfc745bc4 (diff) | |
| download | buildroot-f33f7a4f6407f624edb4b4ffe54cb09e029a49b2.tar.gz buildroot-f33f7a4f6407f624edb4b4ffe54cb09e029a49b2.zip | |
spice: security bump to version 0.14.1
Fixes CVE-2018-10873: A vulnerability was discovered in SPICE before version
0.14.1 where the generated code used for demarshalling messages lacked
sufficient bounds checks. A malicious client or server, after
authentication, could send specially crafted messages to its peer which
would result in a crash or, potentially, other impacts.
Drop patches as they are now upstream.
Add host-pkgconf as the configure script uses pkg-config. Drop removed
--disable-automated-tests configure flag.
Add optional opus support, as that is now supported and needs to be
explicitly disabled to not use. Explicitly disable optional gstreamer
support for now as the dependency tree is fairly complicated.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/spice/0003-main-channel-Prevent-overflow-reading-messages-from-.patch')
| -rw-r--r-- | package/spice/0003-main-channel-Prevent-overflow-reading-messages-from-.patch | 33 |
1 files changed, 0 insertions, 33 deletions
diff --git a/package/spice/0003-main-channel-Prevent-overflow-reading-messages-from-.patch b/package/spice/0003-main-channel-Prevent-overflow-reading-messages-from-.patch deleted file mode 100644 index f602d5f3b1..0000000000 --- a/package/spice/0003-main-channel-Prevent-overflow-reading-messages-from-.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 5f96b596353d73bdf4bb3cd2de61e48a7fd5b4c3 Mon Sep 17 00:00:00 2001 -From: Frediano Ziglio <fziglio@redhat.com> -Date: Tue, 29 Nov 2016 16:46:56 +0000 -Subject: [PATCH] main-channel: Prevent overflow reading messages from client - -Caller is supposed the function return a buffer able to store -size bytes. - -[Peter: fixes CVE-2016-9577] -Signed-off-by: Frediano Ziglio <fziglio@redhat.com> -Acked-by: Christophe Fergeau <cfergeau@redhat.com> -Signed-off-by: Peter Korsgaard <peter@korsgaard.com> ---- - server/main_channel.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/server/main_channel.c b/server/main_channel.c -index 0ecc9df8..1fc39155 100644 ---- a/server/main_channel.c -+++ b/server/main_channel.c -@@ -1026,6 +1026,9 @@ static uint8_t *main_channel_alloc_msg_rcv_buf(RedChannelClient *rcc, - - if (type == SPICE_MSGC_MAIN_AGENT_DATA) { - return reds_get_agent_data_buffer(mcc, size); -+ } else if (size > sizeof(main_chan->recv_buf)) { -+ /* message too large, caller will log a message and close the connection */ -+ return NULL; - } else { - return main_chan->recv_buf; - } --- -2.11.0 - |
