From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] Update spice to version 0.12.8 Date: Sat, 16 Jul 2016 10:53:16 +0100 Message-ID: <1468662796.2710.137.camel@ipfire.org> In-Reply-To: <1468596436-19950-2-git-send-email-jonatan.schlag@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4896781199473257963==" List-Id: --===============4896781199473257963== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This should actually be fixed in qemu without recompiling it. That's why we h= ave shared libraries. Can you confirm? -Michael On Fri, 2016-07-15 at 17:27 +0200, Jonatan Schlag wrote: > This is an security update. > Recent were 2 serious security vulnerabilities published. > This patch update spice to a version which is not vulnerable. >=20 > The qemu version is pushed to deliver a qemu which is linked against > the non vulnerable version. >=20 > Changelog: >=20 > Changes in 0.12.8: > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > * Fixes for CVE-2016-0749 and CVE-2016-2150 >=20 > Changes in 0.12.7: > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > * spice-server will now send TCP keepalive probes on the TCP connections > =C2=A0 it > =C2=A0 uses. This can prevent unwanted idle disconnections if proxies are > =C2=A0 used > =C2=A0 between the client and the host. > * Fix important memory usage when the webdav channel is used > * Do not disconnect when the client requests an unsupported compression > =C2=A0 type > * Fix a few race conditions > * Fix display glitch when using XSpice > * Improve help string for 'replay -s' > * Fix crashes in corner cases (buggy spice-html5 + win10, vnc + SPICE > =C2=A0 port > =C2=A0 configured, USB webcam redirection over a slow link) > * Fix various compilation warning when building on 32 bit machines > * Some fixes for big-endian machines, more work is likely to be needed > * Do not build static libraries by default, this can be reenabled with > =C2=A0 --enable-static > * Fix small leak in MJPEG code >=20 > Signed-off-by: Jonatan Schlag > --- > =C2=A0config/rootfiles/packages/spice | 2 +- > =C2=A0lfs/qemu=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0| 2 +- > =C2=A0lfs/spice=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0| 6 +++--- > =C2=A03 files changed, 5 insertions(+), 5 deletions(-) >=20 > diff --git a/config/rootfiles/packages/spice b/config/rootfiles/packages/sp= ice > index 93d2e9e..91fc0a6 100644 > --- a/config/rootfiles/packages/spice > +++ b/config/rootfiles/packages/spice > @@ -13,5 +13,5 @@ > =C2=A0#usr/lib/libspice-server.la > =C2=A0#usr/lib/libspice-server.so > =C2=A0usr/lib/libspice-server.so.1 > -usr/lib/libspice-server.so.1.10.0 > +usr/lib/libspice-server.so.1.10.1 > =C2=A0#usr/lib/pkgconfig/spice-server.pc > diff --git a/lfs/qemu b/lfs/qemu > index 62010ee..d494845 100644 > --- a/lfs/qemu > +++ b/lfs/qemu > @@ -33,7 +33,7 @@ DIR_APP=C2=A0=C2=A0=C2=A0=C2=A0=3D $(DIR_SRC)/$(THISAPP) > =C2=A0TARGET=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=3D $(DIR_INFO)/$(THISAPP) > =C2=A0SUP_ARCH=C2=A0=C2=A0=C2=A0=3D i586 x86_64 > =C2=A0PROG=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=3D qemu > -PAK_VER=C2=A0=C2=A0=C2=A0=C2=A0=3D 20 > +PAK_VER=C2=A0=C2=A0=C2=A0=C2=A0=3D 21 > =C2=A0 > =C2=A0DEPS=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=3D "sdl spice" > =C2=A0 > diff --git a/lfs/spice b/lfs/spice > index 415d5aa..80e88dd 100644 > --- a/lfs/spice > +++ b/lfs/spice > @@ -24,7 +24,7 @@ > =C2=A0 > =C2=A0include Config > =C2=A0 > -VER=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=3D 0.12.6 > +VER=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=3D 0.12.8 > =C2=A0 > =C2=A0THISAPP=C2=A0=C2=A0=C2=A0=C2=A0=3D spice-$(VER) > =C2=A0DL_FILE=C2=A0=C2=A0=C2=A0=C2=A0=3D $(THISAPP).tar.bz2 > @@ -32,7 +32,7 @@ DL_FROM=C2=A0=C2=A0=C2=A0=C2=A0=3D $(URL_IPFIRE) > =C2=A0DIR_APP=C2=A0=C2=A0=C2=A0=C2=A0=3D $(DIR_SRC)/$(THISAPP) > =C2=A0TARGET=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=3D $(DIR_INFO)/$(THISAPP) > =C2=A0PROG=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=3D spice > -PAK_VER=C2=A0=C2=A0=C2=A0=C2=A0=3D 1 > +PAK_VER=C2=A0=C2=A0=C2=A0=C2=A0=3D 2 > =C2=A0 > =C2=A0DEPS=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=3D "opus" > =C2=A0 > @@ -44,7 +44,7 @@ objects =3D $(DL_FILE) > =C2=A0 > =C2=A0$(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) > =C2=A0 > -$(DL_FILE)_MD5 =3D 605a8c8ea80bc95076c4b3539c6dd026 > +$(DL_FILE)_MD5 =3D 376853d11b9921aa34a06c4dbef81874 > =C2=A0 > =C2=A0install : $(TARGET) > =C2=A0 --===============4896781199473257963== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjIKCmlRSWNCQUFC Q2dBR0JRSlhpZ1FNQUFvSkVJQjU4UDl2a0FrSFg3Z1AvMkc5SEZjVWVpZlNuc3Q5UjZiN3V4Z2IK cjBudFNFVFprZm5DMWcrTFkvSjBZQ0krV0VhbjJ6aTIvV0hiTHdUSWtOdDU3RUFRM0NrU0tNWno3 VmlOTnJOZwpSdmZIL2d2bWJOajBLZkFCZnpZOUxxTTRvc2VheGJuNGpmMzBPbHg2UU80Mzl5N1NG NllLWWdvQndwNWhWUzJmCk1KREREeUl6UUdPQ3NUc01jUjlPU0V2U2xLVENhcWh0TllQY1pyR3RJ VWhtSHpLKzQzMlo3c3J0TzB0Z2I2UTcKVEl2SDlqZjh5dXRRSEJVckhxQXc1Z0JpRkVVZGU3UCt3 RU0yZ2pjeVdpeXVkTEVjeThLUmNvQjQwM2tlQ0hBRApiTTRJUXE3azRlZUhiN21Wakg5dCtOK1hV U3AxTE1hK2tUVWFSMURCUnF6UXdRTkJ2RTBrYVVIbjhjZURLVUJTCmNKdTBKVmFxQjRxMXlidnpm a2FSejlDYkpiTWFZQnhWMSs4bTNjcGdLSlVJNVpJME1LUHJnb01wNnhjcTdPcEwKR3g1WVhuMXVu ajQxaFQrL1ZLM0xFYkYveVhsckpoczNXaFJFV3l2cU5mSUlESDFiNmFwM3Fvb24rUkJ6NVpZbApz VWpjcW5CZERpVkNWK0ltRUQvUzMrcmxTVlNyMHd3czlyYUdtd3E3b1VFMGdXMGp2cUExYjVxdHRT VnNFbjZpCkZNNThUbnBEQVJyUnZRS0pmekdzcG8xQWZmRzk0Z1JzdE9MY0FBVnVyVXlnOFBYRWl3 elljMjFZSHJualhDYk8KcytheEx3cmROVzBNMkd3dXhwQUZnbnRhZk1NK0ZnVm50M3lYVE1ZU25h QXl3S1p5RXdmSEY5SmJOZ1BjQ3JCVQpZQUpISWYycjJzeDhEQUo2RVB1Uwo9K3pBeQotLS0tLUVO RCBQR1AgU0lHTkFUVVJFLS0tLS0K --===============4896781199473257963==--