Package: spice / 0.14.3-2.1

Metadata

Package Version Patches format
spice 0.14.3-2.1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
disable failing test listen.patch | (download)

server/tests/Makefile.am | 1 0 + 1 - 0 !
server/tests/Makefile.in | 2 1 + 1 - 0 !
2 files changed, 1 insertion(+), 2 deletions(-)

 skip unreliable flaky test-listen
 This test is failing in automated build environment that strip user
 environments. After a few tries to export $HOME for the test and picking it
 up we now disable the test "test-listen".
 Note: in a local sbuild chroot (which passes a user) it runs just fine.
 Note: We still build the test to catch issues that would happen at that step.
CVE 2020 14355/0001 quic Check we have some data to start decoding quic .patch | (download)

subprojects/spice-common/common//quic.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [1/4] quic: check we have some data to start decoding quic image
https://gitlab.freedesktop.org/spice/spice-common/-/commit/762e0abae36033ccde658fd52d3235887b60862d
Bug-Debian: https://bugs.debian.org/971750
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2020-14355

All paths already pass some data to quic_decode_begin but for the
test check it, it's not that expensive test.
Checking for not 0 is enough, all other words will potentially be
read calling more_io_words but we need one to avoid a potential
initial buffer overflow or deferencing an invalid pointer.

Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
CVE 2020 14355/0002 quic Check image size in quic_decode_begin.patch | (download)

subprojects/spice-common/common//quic.c | 13 13 + 0 - 0 !
1 file changed, 13 insertions(+)

 [2/4] quic: check image size in quic_decode_begin
https://gitlab.freedesktop.org/spice/spice-common/-/commit/404d74782c8b5e57d146c5bf3118bb41bf3378e4
Bug-Debian: https://bugs.debian.org/971750
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2020-14355

Avoid some overflow in code due to images too big or
negative numbers.

Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
CVE 2020 14355/0003 quic Check RLE lengths.patch | (download)

subprojects/spice-common/common//quic_tmpl.c | 6 5 + 1 - 0 !
1 file changed, 5 insertions(+), 1 deletion(-)

 [3/4] quic: check rle lengths
https://gitlab.freedesktop.org/spice/spice-common/-/commit/ef1b6ff7b82e15d759e5415b8e35b92bb1a4c206
Bug-Debian: https://bugs.debian.org/971750
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2020-14355

Avoid buffer overflows decoding images. On compression we compute
lengths till end of line so it won't cause regressions.
Proved by fuzzing the code.

Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
CVE 2020 14355/0004 quic Avoid possible buffer overflow in find_bucket.patch | (download)

subprojects/spice-common/common/quic_family_tmpl.c | 7 6 + 1 - 0 !
1 file changed, 6 insertions(+), 1 deletion(-)

 [4/4] quic: avoid possible buffer overflow in find_bucket
https://gitlab.freedesktop.org/spice/spice-common/-/commit/b24fe6b66b86e601c725d30f00c37e684b6395b6
Bug-Debian: https://bugs.debian.org/971750
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2020-14355

Proved by fuzzing the code.

Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
With OpenSSL 1.1 Disable client initiated renegotiat.patch | (download)

server/reds.c | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 [1/2] with openssl 1.1: disable client-initiated renegotiation.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
With OpenSSL 1.0.2 and earlier disable client side r.patch | (download)

server/red-stream.c | 5 5 + 0 - 0 !
1 file changed, 5 insertions(+)

 [2/2] with openssl 1.0.2 and earlier: disable client-side
 renegotiation.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit