diff options
| author | Peter Korsgaard <peter@korsgaard.com> | 2018-10-17 11:45:19 +0200 |
|---|---|---|
| committer | Peter Korsgaard <peter@korsgaard.com> | 2018-10-20 15:35:04 +0200 |
| commit | f33f7a4f6407f624edb4b4ffe54cb09e029a49b2 (patch) | |
| tree | 6456847b016f1e2443ef77de4e776e4154bec142 /package/spice/0005-reds-Avoid-integer-overflows-handling-monitor-config.patch | |
| parent | de8a4b747fb82f4a260d7d0451eaf99dfc745bc4 (diff) | |
| download | buildroot-f33f7a4f6407f624edb4b4ffe54cb09e029a49b2.tar.gz buildroot-f33f7a4f6407f624edb4b4ffe54cb09e029a49b2.zip | |
spice: security bump to version 0.14.1
Fixes CVE-2018-10873: A vulnerability was discovered in SPICE before version
0.14.1 where the generated code used for demarshalling messages lacked
sufficient bounds checks. A malicious client or server, after
authentication, could send specially crafted messages to its peer which
would result in a crash or, potentially, other impacts.
Drop patches as they are now upstream.
Add host-pkgconf as the configure script uses pkg-config. Drop removed
--disable-automated-tests configure flag.
Add optional opus support, as that is now supported and needs to be
explicitly disabled to not use. Explicitly disable optional gstreamer
support for now as the dependency tree is fairly complicated.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/spice/0005-reds-Avoid-integer-overflows-handling-monitor-config.patch')
| -rw-r--r-- | package/spice/0005-reds-Avoid-integer-overflows-handling-monitor-config.patch | 31 |
1 files changed, 0 insertions, 31 deletions
diff --git a/package/spice/0005-reds-Avoid-integer-overflows-handling-monitor-config.patch b/package/spice/0005-reds-Avoid-integer-overflows-handling-monitor-config.patch deleted file mode 100644 index 98740520c1..0000000000 --- a/package/spice/0005-reds-Avoid-integer-overflows-handling-monitor-config.patch +++ /dev/null @@ -1,31 +0,0 @@ -From ec6229c79abe05d731953df5f7e9a05ec9f6df79 Mon Sep 17 00:00:00 2001 -From: Frediano Ziglio <fziglio@redhat.com> -Date: Mon, 15 May 2017 15:57:28 +0100 -Subject: [PATCH] reds: Avoid integer overflows handling monitor - configuration - -Avoid VDAgentMessage::size integer overflows. - -Signed-off-by: Frediano Ziglio <fziglio@redhat.com> -Signed-off-by: Peter Korsgaard <peter@korsgaard.com> ---- - server/reds.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/server/reds.c b/server/reds.c -index 7be85fdf..e1c8c108 100644 ---- a/server/reds.c -+++ b/server/reds.c -@@ -1024,6 +1024,9 @@ static void reds_on_main_agent_monitors_config( - spice_debug("not enough data yet. %d", cmc->buffer_size); - return; - } -+ if (msg_header->size < sizeof(VDAgentMonitorsConfig)) { -+ goto overflow; -+ } - monitors_config = (VDAgentMonitorsConfig *)(cmc->buffer + sizeof(*msg_header)); - spice_debug("%s: %d", __func__, monitors_config->num_of_monitors); - red_dispatcher_client_monitors_config(monitors_config); --- -2.11.0 - |
