* [Buildroot] [PATCH 1/2] package/spice: security bump to version 0.15.0
@ 2021-06-16 6:10 Fabrice Fontaine
2021-06-16 6:10 ` [Buildroot] [PATCH 2/2] package/spice: drop duplicated opus handling Fabrice Fontaine
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Fabrice Fontaine @ 2021-06-16 6:10 UTC (permalink / raw)
To: buildroot
Fix CVE-2021-20201: A flaw was found in spice in versions before
0.14.92. A DoS tool might make it easier for remote attackers to cause a
denial of service (CPU consumption) by performing many renegotiations
within a single connection.
https://gitlab.freedesktop.org/spice/spice/-/tags/v0.15.0
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
package/spice/spice.hash | 2 +-
package/spice/spice.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/spice/spice.hash b/package/spice/spice.hash
index 8f84c2321f..b228f213a5 100644
--- a/package/spice/spice.hash
+++ b/package/spice/spice.hash
@@ -1,3 +1,3 @@
# Locally calculated
-sha256 551d4be4a07667cf0543f3c895beb6da8a93ef5a9829f2ae47817be5e616a114 spice-0.14.3.tar.bz2
+sha256 b320cf8f4bd2852750acb703c15b72856027e5a8554f8217dfbb3cc09deba0f5 spice-0.15.0.tar.bz2
sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING
diff --git a/package/spice/spice.mk b/package/spice/spice.mk
index b515431cf1..ab35265ab4 100644
--- a/package/spice/spice.mk
+++ b/package/spice/spice.mk
@@ -4,7 +4,7 @@
#
################################################################################
-SPICE_VERSION = 0.14.3
+SPICE_VERSION = 0.15.0
SPICE_SOURCE = spice-$(SPICE_VERSION).tar.bz2
SPICE_SITE = http://www.spice-space.org/download/releases/spice-server
SPICE_LICENSE = LGPL-2.1+
--
2.30.2
^ permalink raw reply related [flat|nested] 5+ messages in thread* [Buildroot] [PATCH 2/2] package/spice: drop duplicated opus handling
2021-06-16 6:10 [Buildroot] [PATCH 1/2] package/spice: security bump to version 0.15.0 Fabrice Fontaine
@ 2021-06-16 6:10 ` Fabrice Fontaine
2021-08-04 12:34 ` Peter Korsgaard
2021-07-18 21:30 ` [Buildroot] [PATCH 1/2] package/spice: security bump to version 0.15.0 Thomas Petazzoni
2021-08-04 12:34 ` Peter Korsgaard
2 siblings, 1 reply; 5+ messages in thread
From: Fabrice Fontaine @ 2021-06-16 6:10 UTC (permalink / raw)
To: buildroot
opus dependency is handled twice since commit
f33f7a4f6407f624edb4b4ffe54cb09e029a49b2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
package/spice/spice.mk | 5 -----
1 file changed, 5 deletions(-)
diff --git a/package/spice/spice.mk b/package/spice/spice.mk
index ab35265ab4..5f7bcd9d2f 100644
--- a/package/spice/spice.mk
+++ b/package/spice/spice.mk
@@ -45,11 +45,6 @@ else
SPICE_CONF_OPTS += --disable-opus
endif
-# no enable/disable, detected using pkg-config
-ifeq ($(BR2_PACKAGE_OPUS),y)
-SPICE_DEPENDENCIES += opus
-endif
-
# We need to tweak spice.pc because it /forgets/ (for static linking) that
# it should link against libz and libjpeg. libz is pkg-config-aware, while
# libjpeg isn't, hence the two-line tweak
--
2.30.2
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH 1/2] package/spice: security bump to version 0.15.0
2021-06-16 6:10 [Buildroot] [PATCH 1/2] package/spice: security bump to version 0.15.0 Fabrice Fontaine
2021-06-16 6:10 ` [Buildroot] [PATCH 2/2] package/spice: drop duplicated opus handling Fabrice Fontaine
@ 2021-07-18 21:30 ` Thomas Petazzoni
2021-08-04 12:34 ` Peter Korsgaard
2 siblings, 0 replies; 5+ messages in thread
From: Thomas Petazzoni @ 2021-07-18 21:30 UTC (permalink / raw)
To: buildroot
On Wed, 16 Jun 2021 08:10:01 +0200
Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote:
> Fix CVE-2021-20201: A flaw was found in spice in versions before
> 0.14.92. A DoS tool might make it easier for remote attackers to cause a
> denial of service (CPU consumption) by performing many renegotiations
> within a single connection.
>
> https://gitlab.freedesktop.org/spice/spice/-/tags/v0.15.0
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
> package/spice/spice.hash | 2 +-
> package/spice/spice.mk | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
Both applied, thanks!
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 1/2] package/spice: security bump to version 0.15.0
2021-06-16 6:10 [Buildroot] [PATCH 1/2] package/spice: security bump to version 0.15.0 Fabrice Fontaine
2021-06-16 6:10 ` [Buildroot] [PATCH 2/2] package/spice: drop duplicated opus handling Fabrice Fontaine
2021-07-18 21:30 ` [Buildroot] [PATCH 1/2] package/spice: security bump to version 0.15.0 Thomas Petazzoni
@ 2021-08-04 12:34 ` Peter Korsgaard
2 siblings, 0 replies; 5+ messages in thread
From: Peter Korsgaard @ 2021-08-04 12:34 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: Yann E . MORIN, buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> Fix CVE-2021-20201: A flaw was found in spice in versions before
> 0.14.92. A DoS tool might make it easier for remote attackers to cause a
> denial of service (CPU consumption) by performing many renegotiations
> within a single connection.
> https://gitlab.freedesktop.org/spice/spice/-/tags/v0.15.0
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed to 2021.02.x and 2021.05.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@busybox.net
http://lists.busybox.net/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-08-04 12:34 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-16 6:10 [Buildroot] [PATCH 1/2] package/spice: security bump to version 0.15.0 Fabrice Fontaine
2021-06-16 6:10 ` [Buildroot] [PATCH 2/2] package/spice: drop duplicated opus handling Fabrice Fontaine
2021-08-04 12:34 ` Peter Korsgaard
2021-07-18 21:30 ` [Buildroot] [PATCH 1/2] package/spice: security bump to version 0.15.0 Thomas Petazzoni
2021-08-04 12:34 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.