This should actually be fixed in qemu without recompiling it. That's why we have shared libraries.

Can you confirm?

-Michael

On Fri, 2016-07-15 at 17:27 +0200, Jonatan Schlag wrote:

This is an security update. Recent were 2 serious security vulnerabilities published. This patch update spice to a version which is not vulnerable.

The qemu version is pushed to deliver a qemu which is linked against the non vulnerable version.

Changelog:

Changes in 0.12.8:

• Fixes for CVE-2016-0749 and CVE-2016-2150

Changes in 0.12.7:

• spice-server will now send TCP keepalive probes on the TCP connections

it   uses. This can prevent unwanted idle disconnections if proxies are   used   between the client and the host.

• Fix important memory usage when the webdav channel is used
• Do not disconnect when the client requests an unsupported compression

type

• Fix a few race conditions
• Fix display glitch when using XSpice
• Improve help string for 'replay -s'
• Fix crashes in corner cases (buggy spice-html5 + win10, vnc + SPICE

port   configured, USB webcam redirection over a slow link)

• Fix various compilation warning when building on 32 bit machines
• Some fixes for big-endian machines, more work is likely to be needed
• Do not build static libraries by default, this can be reenabled with

--enable-static

• Fix small leak in MJPEG code

Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org

config/rootfiles/packages/spice | 2 +-  lfs/qemu                        | 2 +-  lfs/spice                       | 6 +++---  3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/config/rootfiles/packages/spice b/config/rootfiles/packages/spice index 93d2e9e..91fc0a6 100644 --- a/config/rootfiles/packages/spice +++ b/config/rootfiles/packages/spice @@ -13,5 +13,5 @@  #usr/lib/libspice-server.la  #usr/lib/libspice-server.so  usr/lib/libspice-server.so.1 -usr/lib/libspice-server.so.1.10.0 +usr/lib/libspice-server.so.1.10.1  #usr/lib/pkgconfig/spice-server.pc diff --git a/lfs/qemu b/lfs/qemu index 62010ee..d494845 100644 --- a/lfs/qemu +++ b/lfs/qemu @@ -33,7 +33,7 @@ DIR_APP    = $(DIR_SRC)/$(THISAPP)  TARGET     = $(DIR_INFO)/$(THISAPP)  SUP_ARCH   = i586 x86_64  PROG       = qemu -PAK_VER    = 20 +PAK_VER    = 21    DEPS       = "sdl spice"   diff --git a/lfs/spice b/lfs/spice index 415d5aa..80e88dd 100644 --- a/lfs/spice +++ b/lfs/spice @@ -24,7 +24,7 @@    include Config   -VER        = 0.12.6 +VER        = 0.12.8    THISAPP    = spice-$(VER)  DL_FILE    = $(THISAPP).tar.bz2 @@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)  DIR_APP    = $(DIR_SRC)/$(THISAPP)  TARGET     = $(DIR_INFO)/$(THISAPP)  PROG       = spice -PAK_VER    = 1 +PAK_VER    = 2    DEPS       = "opus"   @@ -44,7 +44,7 @@ objects = $(DL_FILE)    $(DL_FILE) = $(DL_FROM)/$(DL_FILE)   -$(DL_FILE)_MD5 = 605a8c8ea80bc95076c4b3539c6dd026 +$(DL_FILE)_MD5 = 376853d11b9921aa34a06c4dbef81874    install : $(TARGET)