projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: de8a4b7) | patch
spice: security bump to version 0.14.1
authorPeter Korsgaard <peter@korsgaard.com>
Wed, 17 Oct 2018 09:45:19 +0000 (11:45 +0200)
committerPeter Korsgaard <peter@korsgaard.com>
Sat, 20 Oct 2018 13:35:04 +0000 (15:35 +0200)
commitf33f7a4f6407f624edb4b4ffe54cb09e029a49b2
tree6456847b016f1e2443ef77de4e776e4154bec142tree
parentde8a4b747fb82f4a260d7d0451eaf99dfc745bc4commit | diff
spice: security bump to version 0.14.1

Fixes CVE-2018-10873: A vulnerability was discovered in SPICE before version
0.14.1 where the generated code used for demarshalling messages lacked
sufficient bounds checks.  A malicious client or server, after
authentication, could send specially crafted messages to its peer which
would result in a crash or, potentially, other impacts.

Drop patches as they are now upstream.

Add host-pkgconf as the configure script uses pkg-config.  Drop removed
--disable-automated-tests configure flag.

Add optional opus support, as that is now supported and needs to be
explicitly disabled to not use.  Explicitly disable optional gstreamer
support for now as the dependency tree is fairly complicated.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/spice/0001-Prevent-possible-DoS-attempts-during-protocol-handsh.patch [deleted file] blob | history
package/spice/0002-Prevent-integer-overflows-in-capability-checks.patch [deleted file] blob | history
package/spice/0003-main-channel-Prevent-overflow-reading-messages-from-.patch [deleted file] blob | history
package/spice/0004-reds-Disconnect-when-receiving-overly-big-ClientMoni.patch [deleted file] blob | history
package/spice/0005-reds-Avoid-integer-overflows-handling-monitor-config.patch [deleted file] blob | history
package/spice/0006-reds-Avoid-buffer-overflows-handling-monitor-configu.patch [deleted file] blob | history
package/spice/spice.hash diff | blob | history
package/spice/spice.mk diff | blob | history