diff --git a/pkgs/development/libraries/spice/0001-Adapting-the-following-patch-from-http-pkgs.fedorapr.patch b/pkgs/development/libraries/spice/0001-Adapting-the-following-patch-from-http-pkgs.fedorapr.patch deleted file mode 100644 index 8098f568e21a..000000000000 --- a/pkgs/development/libraries/spice/0001-Adapting-the-following-patch-from-http-pkgs.fedorapr.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 75e8685740199537bfefcbd9996ec3ff9f6342e6 Mon Sep 17 00:00:00 2001 -From: Graham Christensen -Date: Wed, 8 Feb 2017 21:58:43 -0500 -Subject: [PATCH] Adapting the following patch, from - http://pkgs.fedoraproject.org/cgit/rpms/spice.git/plain/0003-main-channel-Prevent-overflow-reading-messages-from-.patch?id=d919d639ae5f83a9735a04d843eed675f9357c0d - -> From: Frediano Ziglio -> Date: Tue, 29 Nov 2016 16:46:56 +0000 -> Subject: [spice-server 3/3] main-channel: Prevent overflow reading messages -> from client -> -> Caller is supposed the function return a buffer able to store -> size bytes. -> -> Signed-off-by: Frediano Ziglio -> Acked-by: Christophe Fergeau -> --- -> server/main-channel.c | 3 +++ -> 1 file changed, 3 insertions(+) -> -> diff --git a/server/main-channel.c b/server/main-channel.c -> index 24dd448..1124506 100644 -> --- a/server/main-channel.c -> +++ b/server/main-channel.c -> @@ -258,6 +258,9 @@ static uint8_t *main_channel_alloc_msg_rcv_buf(RedChannelClient *rcc, -> -> if (type == SPICE_MSGC_MAIN_AGENT_DATA) { -> return reds_get_agent_data_buffer(red_channel_get_server(channel), mcc, size); -> + } else if (size > sizeof(main_chan->recv_buf)) { -> + /* message too large, caller will log a message and close the connection */ -> + return NULL; -> } else { -> return main_chan->recv_buf; -> } -> -- -> 2.9.3 -> --- - server/main_channel.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/server/main_channel.c b/server/main_channel.c -index 0ecc9df..1fc3915 100644 ---- a/server/main_channel.c -+++ b/server/main_channel.c -@@ -1026,6 +1026,9 @@ static uint8_t *main_channel_alloc_msg_rcv_buf(RedChannelClient *rcc, - - if (type == SPICE_MSGC_MAIN_AGENT_DATA) { - return reds_get_agent_data_buffer(mcc, size); -+ } else if (size > sizeof(main_chan->recv_buf)) { -+ /* message too large, caller will log a message and close the connection */ -+ return NULL; - } else { - return main_chan->recv_buf; - } --- -2.10.0 diff --git a/pkgs/development/libraries/spice/default.nix b/pkgs/development/libraries/spice/default.nix index 61952c3b3238..808bfd4f811d 100644 --- a/pkgs/development/libraries/spice/default.nix +++ b/pkgs/development/libraries/spice/default.nix @@ -6,14 +6,15 @@ with stdenv.lib; stdenv.mkDerivation rec { - name = "spice-0.12.8"; + name = "spice-0.13.3"; src = fetchurl { url = "http://www.spice-space.org/download/releases/${name}.tar.bz2"; - sha256 = "0za03i77j8i3g5l2np2j7vy8cqsdbkm9wbv4hjnaqq9xhz2sa0gr"; + sha256 = "17mqgwamdhj8sx8vhahrjl5937x693kjnw6cp6v0akjrwz011xrh"; }; patches = [ + # the following three patches fix CVE-2016-9577 and CVE-2016-9578 (fetchpatch { name = "0001-Prevent-possible-DoS-attempts-during-protocol-handsh.patch"; url = "http://pkgs.fedoraproject.org/cgit/rpms/spice.git/plain/0001-Prevent-possible-DoS-attempts-during-protocol-handsh.patch?id=d919d639ae5f83a9735a04d843eed675f9357c0d"; @@ -24,9 +25,11 @@ stdenv.mkDerivation rec { url = "http://pkgs.fedoraproject.org/cgit/rpms/spice.git/plain/0002-Prevent-integer-overflows-in-capability-checks.patch?id=d919d639ae5f83a9735a04d843eed675f9357c0d"; sha256 = "1r1bhq98w93cvvrlrz6jwdfsy261xl3xqs0ppchaa2igyxvxv5z5"; }) - # Originally from http://pkgs.fedoraproject.org/cgit/rpms/spice.git/plain/0003-main-channel-Prevent-overflow-reading-messages-from-.patch?id=d919d639ae5f83a9735a04d843eed675f9357c0d - # but main-channel.c was renamed to main_channel.c - ./0001-Adapting-the-following-patch-from-http-pkgs.fedorapr.patch + (fetchpatch { + name = "0003-main-channel-Prevent-overflow-reading-messages-from.patch"; + url = "https://cgit.freedesktop.org/spice/spice/patch/?id=1d3e26c0ee75712fa4bbbcfa09d8d5866b66c8af"; + sha256 = "030mm551aipck99rqiz39vsvk071pn8715zynr5j6chwzgpflwm3"; + }) ]; buildInputs = [ pixman celt alsaLib openssl libjpeg zlib