b87fe0a367
loop in ne2000_receive CVE-2016-2841-qemut-ne2000-infinite-loop-in-ne2000_receive.patch - Use system qemu instead of building/installing yet another qemu FATE#320638 - Dropped files qemu-xen-dir-remote.tar.bz2 CVE-2014-0222-qemuu-qcow1-validate-l2-table-size.patch CVE-2015-1779-qemuu-incrementally-decode-websocket-frames.patch CVE-2015-1779-qemuu-limit-size-of-HTTP-headers-from-websockets-clients.patch CVE-2015-4037-qemuu-smb-config-dir-name.patch CVE-2015-7512-qemuu-net-pcnet-buffer-overflow-in-non-loopback-mode.patch CVE-2015-7549-qemuu-pci-null-pointer-dereference-issue.patch CVE-2015-8345-qemuu-eepro100-infinite-loop-fix.patch CVE-2015-8504-qemuu-vnc-avoid-floating-point-exception.patch CVE-2015-8558-qemuu-usb-infinite-loop-in-ehci_advance_state-results-in-DoS.patch CVE-2015-8568-qemuu-net-vmxnet3-avoid-memory-leakage-in-activate_device.patch CVE-2015-8613-qemuu-scsi-initialise-info-object-with-appropriate-size.patch CVE-2015-8743-qemuu-ne2000-OOB-memory-access-in-ioport-rw-functions.patch CVE-2015-8744-qemuu-net-vmxnet3-incorrect-l2-header-validation-leads-to-crash.patch CVE-2015-8745-qemuu-net-vmxnet3-read-IMR-registers-instead-of-assert.patch CVE-2016-1568-qemuu-ide-ahci-reset-ncq-object-to-unused-on-error.patch CVE-2016-1714-qemuu-fw_cfg-add-check-to-validate-current-entry-value.patch CVE-2014-7815-qemut-vnc-sanitize-bits_per_pixel-from-the-client.patch qemu-xen-enable-spice-support.patch qemu-xen-upstream-qdisk-cache-unsafe.patch tigervnc-long-press.patch - bsc#964452 - VUL-0: CVE-2013-4534: xen: openpic: buffer overrun on incoming migration OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=408
31 lines
1.1 KiB
Diff
31 lines
1.1 KiB
Diff
Index: xen-4.6.1-testing/tools/qemu-xen-traditional-dir-remote/vnc.c
|
|
===================================================================
|
|
--- xen-4.6.1-testing.orig/tools/qemu-xen-traditional-dir-remote/vnc.c
|
|
+++ xen-4.6.1-testing/tools/qemu-xen-traditional-dir-remote/vnc.c
|
|
@@ -1761,6 +1761,25 @@ static int protocol_client_msg(VncState
|
|
}
|
|
|
|
set_encodings(vs, (int32_t *)(data + 4), limit);
|
|
+
|
|
+ /*
|
|
+ * The initialization of a VNC connection can race with xenfb changing
|
|
+ * the resolution. This happens when the VNC connection is already
|
|
+ * established, but the client has not yet advertised has_resize, so it
|
|
+ * won't get notified of the switch.
|
|
+ *
|
|
+ * Therefore we resend the resolution as soon as the client has sent its
|
|
+ * encodings.
|
|
+ */
|
|
+ if (vs->has_resize) {
|
|
+ /* Resize the VNC window */
|
|
+ vnc_write_u8(vs, 0); /* msg id */
|
|
+ vnc_write_u8(vs, 0);
|
|
+ vnc_write_u16(vs, 1); /* number of rects */
|
|
+ vnc_framebuffer_update(vs, 0, 0, vs->serverds.width, vs->serverds.height, -223);
|
|
+
|
|
+ vnc_flush(vs);
|
|
+ }
|
|
break;
|
|
case 3:
|
|
if (len == 1)
|