[Buildroot] [PATCH 0/4] spice: version bump / security bump

Peter Korsgaard peter at korsgaard.com
Wed Jun 21 22:07:40 UTC 2017


Our spice version is quite old (2013) and is affected by a number of
security issues, so bump to the latest release in the 0.12.x series +
upstream post-0.12.8 security fixes.

As the configuration options and dependencies have changed quite a bit since
2013, don't just do the entire bump in a single patch, but instead move
forward release by release for easier review.

Peter Korsgaard (4):
  spice: bump to version 0.12.5
  spice: security bump to version 0.12.6
  spice: security bump to version 0.12.8
  spice: add post-0.12.8 upstream security fixes

 Config.in.legacy                                   | 23 +++++++++
 ...sible-DoS-attempts-during-protocol-handsh.patch | 60 ++++++++++++++++++++++
 ...0001-fix-missing-monitor_latency-argument.patch | 28 ----------
 ...nt-integer-overflows-in-capability-checks.patch | 43 ++++++++++++++++
 ...l-Prevent-overflow-reading-messages-from-.patch | 33 ++++++++++++
 package/spice/Config.in                            | 46 -----------------
 package/spice/spice.hash                           |  2 +-
 package/spice/spice.mk                             | 35 +++++--------
 8 files changed, 174 insertions(+), 96 deletions(-)
 create mode 100644 package/spice/0001-Prevent-possible-DoS-attempts-during-protocol-handsh.patch
 delete mode 100644 package/spice/0001-fix-missing-monitor_latency-argument.patch
 create mode 100644 package/spice/0002-Prevent-integer-overflows-in-capability-checks.patch
 create mode 100644 package/spice/0003-main-channel-Prevent-overflow-reading-messages-from-.patch

-- 
2.11.0



More information about the buildroot mailing list