Hello community, here is the log from the commit of package spice for openSUSE:Factory checked in at 2015-06-06 09:53:34 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/spice (Old) and /work/SRC/openSUSE:Factory/.spice.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "spice" Changes: -------- --- /work/SRC/openSUSE:Factory/spice/spice.changes 2014-10-25 08:32:42.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.spice.new/spice.changes 2015-06-06 09:53:35.000000000 +0200 @@ -1,0 +2,6 @@ +Fri Jun 5 08:47:17 UTC 2015 - cbosdon...@suse.com + +- Don't allow setting password longer than what the spice protocol + allows. password-length-check.patch. boo#931044 + +------------------------------------------------------------------- New: ---- password-length-check.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ spice.spec ++++++ --- /var/tmp/diff_new_pack.KH9nNN/_old 2015-06-06 09:53:36.000000000 +0200 +++ /var/tmp/diff_new_pack.KH9nNN/_new 2015-06-06 09:53:36.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package spice # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -27,6 +27,8 @@ Source: http://spice-space.org/download/releases/%{name}-%{version}.tar.bz2 # PATCH-FIX-UPSTREAM spice-Don-t-use-48kHz-for-playback-recording-rates.patch rh#1129961 zai...@opensuse.org -- Change back to 44100 from 48000. Patch taken from fedora. Patch0: spice-Don-t-use-48kHz-for-playback-recording-rates.patch +# PATCH-FIX-UPSTREAM password-length-check.patch boo#931044 cbosdon...@suse.com -- Don't allow too long passwords +Patch1: password-length-check.patch # Build-time parameters BuildRequires: alsa-devel BuildRequires: celt051-devel @@ -87,6 +89,7 @@ %prep %setup -q %patch0 -p1 +%patch1 -p1 %build %configure \ ++++++ password-length-check.patch ++++++ >From 9e1e42880e57585688fa92340602d66ed465be47 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdon...@suse.com> Date: Fri, 22 May 2015 09:21:52 +0200 Subject: [PATCH] Add password length check Don't allow setting a too long password. --- server/reds.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/server/reds.c b/server/reds.c index 6d70b68..5579109 100644 --- a/server/reds.c +++ b/server/reds.c @@ -3503,6 +3503,8 @@ SPICE_GNUC_VISIBLE int spice_server_set_ticket(SpiceServer *s, taTicket.expiration_time = now + lifetime; } if (passwd != NULL) { + if (strlen(passwd) > SPICE_MAX_PASSWORD_LENGTH) + return -1; g_strlcpy(taTicket.password, passwd, sizeof(taTicket.password)); } else { memset(taTicket.password, 0, sizeof(taTicket.password)); -- 2.1.4