Re: [PATCH] Update spice to version 0.12.8

[Michael Tremer <michael.tremer@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 3437 bytes --]

This should actually be fixed in qemu without recompiling it. That's why we have
shared libraries.

Can you confirm?

-Michael

On Fri, 2016-07-15 at 17:27 +0200, Jonatan Schlag wrote:
> This is an security update.
> Recent were 2 serious security vulnerabilities published.
> This patch update spice to a version which is not vulnerable.
> 
> The qemu version is pushed to deliver a qemu which is linked against
> the non vulnerable version.
> 
> Changelog:
> 
> Changes in 0.12.8:
> ==================
> * Fixes for CVE-2016-0749 and CVE-2016-2150
> 
> Changes in 0.12.7:
> ==================
> * spice-server will now send TCP keepalive probes on the TCP connections
>   it
>   uses. This can prevent unwanted idle disconnections if proxies are
>   used
>   between the client and the host.
> * Fix important memory usage when the webdav channel is used
> * Do not disconnect when the client requests an unsupported compression
>   type
> * Fix a few race conditions
> * Fix display glitch when using XSpice
> * Improve help string for 'replay -s'
> * Fix crashes in corner cases (buggy spice-html5 + win10, vnc + SPICE
>   port
>   configured, USB webcam redirection over a slow link)
> * Fix various compilation warning when building on 32 bit machines
> * Some fixes for big-endian machines, more work is likely to be needed
> * Do not build static libraries by default, this can be reenabled with
>   --enable-static
> * Fix small leak in MJPEG code
> 
> Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
> ---
>  config/rootfiles/packages/spice | 2 +-
>  lfs/qemu                        | 2 +-
>  lfs/spice                       | 6 +++---
>  3 files changed, 5 insertions(+), 5 deletions(-)
> 
> diff --git a/config/rootfiles/packages/spice b/config/rootfiles/packages/spice
> index 93d2e9e..91fc0a6 100644
> --- a/config/rootfiles/packages/spice
> +++ b/config/rootfiles/packages/spice
> @@ -13,5 +13,5 @@
>  #usr/lib/libspice-server.la
>  #usr/lib/libspice-server.so
>  usr/lib/libspice-server.so.1
> -usr/lib/libspice-server.so.1.10.0
> +usr/lib/libspice-server.so.1.10.1
>  #usr/lib/pkgconfig/spice-server.pc
> diff --git a/lfs/qemu b/lfs/qemu
> index 62010ee..d494845 100644
> --- a/lfs/qemu
> +++ b/lfs/qemu
> @@ -33,7 +33,7 @@ DIR_APP    = $(DIR_SRC)/$(THISAPP)
>  TARGET     = $(DIR_INFO)/$(THISAPP)
>  SUP_ARCH   = i586 x86_64
>  PROG       = qemu
> -PAK_VER    = 20
> +PAK_VER    = 21
>  
>  DEPS       = "sdl spice"
>  
> diff --git a/lfs/spice b/lfs/spice
> index 415d5aa..80e88dd 100644
> --- a/lfs/spice
> +++ b/lfs/spice
> @@ -24,7 +24,7 @@
>  
>  include Config
>  
> -VER        = 0.12.6
> +VER        = 0.12.8
>  
>  THISAPP    = spice-$(VER)
>  DL_FILE    = $(THISAPP).tar.bz2
> @@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
>  DIR_APP    = $(DIR_SRC)/$(THISAPP)
>  TARGET     = $(DIR_INFO)/$(THISAPP)
>  PROG       = spice
> -PAK_VER    = 1
> +PAK_VER    = 2
>  
>  DEPS       = "opus"
>  
> @@ -44,7 +44,7 @@ objects = $(DL_FILE)
>  
>  $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>  
> -$(DL_FILE)_MD5 = 605a8c8ea80bc95076c4b3539c6dd026
> +$(DL_FILE)_MD5 = 376853d11b9921aa34a06c4dbef81874
>  
>  install : $(TARGET)
>  

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]