diff options
author | Ariadne Conill <ariadne@dereferenced.org> | 2021-06-02 21:12:04 -0600 |
---|---|---|
committer | Ariadne Conill <ariadne@dereferenced.org> | 2021-06-02 21:16:02 -0600 |
commit | 7fa63f423333412695ea2f41a7e0523edc68f8ad (patch) | |
tree | 4dd3a79541cd2b476ccf78f5e33669686cfe1c90 /main/spice/CVE-2021-20201.patch | |
parent | 537d75886466e62dc688e319fa22b37e41dee107 (diff) |
main/spice: add mitigation for CVE-2021-20101
Diffstat (limited to 'main/spice/CVE-2021-20201.patch')
-rw-r--r-- | main/spice/CVE-2021-20201.patch | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/main/spice/CVE-2021-20201.patch b/main/spice/CVE-2021-20201.patch new file mode 100644 index 00000000000..9c633c89e25 --- /dev/null +++ b/main/spice/CVE-2021-20201.patch @@ -0,0 +1,36 @@ +From ca5bbc5692e052159bce1a75f55dc60b36078749 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Julien=20Rop=C3=A9?= <jrope@redhat.com> +Date: Wed, 2 Dec 2020 13:39:27 +0100 +Subject: [PATCH] With OpenSSL 1.1: Disable client-initiated renegotiation. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Fixes issue #49 +Fixes BZ#1904459 + +Signed-off-by: Julien Ropé <jrope@redhat.com> +Reported-by: BlackKD +Acked-by: Frediano Ziglio <fziglio@redhat.com> +--- + server/reds.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/server/reds.c b/server/reds.c +index fe69508e..f61086cb 100644 +--- a/server/reds.c ++++ b/server/reds.c +@@ -2753,6 +2753,10 @@ static int reds_init_ssl(RedsState *reds) + * When some other SSL/TLS version becomes obsolete, add it to this + * variable. */ + long ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION | SSL_OP_NO_TLSv1; ++#ifdef SSL_OP_NO_RENEGOTIATION ++ // With OpenSSL 1.1: Disable all renegotiation in TLSv1.2 and earlier ++ ssl_options |= SSL_OP_NO_RENEGOTIATION; ++#endif + + /* Global system initialization*/ + openssl_global_init(); +-- +GitLab + |