From patchwork Wed Jun 16 06:10:01 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Fabrice Fontaine <fontaine.fabrice@gmail.com>
X-Patchwork-Id: 1492724
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming-buildroot@patchwork.ozlabs.org
Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net
 (client-ip=2605:bc80:3010::136; helo=smtp3.osuosl.org;
 envelope-from=buildroot-bounces@busybox.net; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
 header.s=20161025 header.b=kqL0fMBe;
	dkim-atps=neutral
Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4G4ZY940Mnz9sRf
	for <incoming-buildroot@patchwork.ozlabs.org>;
 Wed, 16 Jun 2021 16:10:21 +1000 (AEST)
Received: from localhost (localhost [127.0.0.1])
	by smtp3.osuosl.org (Postfix) with ESMTP id 5DDB46078D;
	Wed, 16 Jun 2021 06:10:16 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from smtp3.osuosl.org ([127.0.0.1])
	by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id ulyNxGIHz1Gr; Wed, 16 Jun 2021 06:10:15 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by smtp3.osuosl.org (Postfix) with ESMTP id B080E60A3C;
	Wed, 16 Jun 2021 06:10:14 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133])
 by ash.osuosl.org (Postfix) with ESMTP id 3A1511BF5B5
 for <buildroot@lists.busybox.net>; Wed, 16 Jun 2021 06:10:13 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp2.osuosl.org (Postfix) with ESMTP id 25BD4400CF
 for <buildroot@lists.busybox.net>; Wed, 16 Jun 2021 06:10:13 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Authentication-Results: smtp2.osuosl.org (amavisd-new);
 dkim=pass (2048-bit key) header.d=gmail.com
Received: from smtp2.osuosl.org ([127.0.0.1])
 by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id D2r8qs9GcEUV for <buildroot@lists.busybox.net>;
 Wed, 16 Jun 2021 06:10:12 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.8.0
Received: from mail-wm1-x329.google.com (mail-wm1-x329.google.com
 [IPv6:2a00:1450:4864:20::329])
 by smtp2.osuosl.org (Postfix) with ESMTPS id 2DD6C400A9
 for <buildroot@buildroot.org>; Wed, 16 Jun 2021 06:10:12 +0000 (UTC)
Received: by mail-wm1-x329.google.com with SMTP id
 t11-20020a1cc30b0000b02901cec841b6a0so1930876wmf.0
 for <buildroot@buildroot.org>; Tue, 15 Jun 2021 23:10:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=75UMOlkM+OGSPndCmwlgmjKqBvLdggGsAj58TqmNc38=;
 b=kqL0fMBeUdfDXVA1n0pErjfcez3iGlkLMAjHal2dfOVCtZlyYJxzzongQH3VwqJ3F7
 l3SQvbpTYYs5xH8LEcJdmeVSglBKnX37lXGjqdiv80flEdN/khRqm7sF+P3GSBxtmhAh
 Rn2+H63YdH3JqY2lnub3XuRiGDV9wSKbKMkba6Ksna/b2yUNIco/uYVCuSalS4Y1TSDc
 YMYWNowCSzFq+wJP87CV1cIchdrPkdXj+GKRIDGlQzs+tB6FLibv5gaQCN3peV2KTn/2
 W9dCfoBpzAZSHQZnZbKIDlzxtWv9Azmuygkgqy0UwFgzSzgvSkUg6wvMcHjKhedzL4sa
 /OpQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=75UMOlkM+OGSPndCmwlgmjKqBvLdggGsAj58TqmNc38=;
 b=AUKtzYwLUGDWcP+Uh6i3ftz8b9DU5SrkEdh5VtU2QSdk2zTvvvRA8zkTa266BiL8OU
 4hu+q7lS3KJDZtRhSN/dpA2U4r1ZaNzpuXvpzxd9L38vsvl+K5WFX2VavtzcpN+YJ2T7
 jz4c2OmsOijGZ1D7SoCB1vDAGLIMk80b85Kg2AOyvaTBgjanzvGVgcZKOMJpYE3V2Yrg
 s67EdAXXisVKkiCjbZ8A3gI5p9gUlaR2fHKDFR4Tvx8j7Csqc5n9D//7OwlKJjtS9yS7
 766disBj2nY2d4kevd6AK3V19uc+9uA7o1s38OtRpEINRvvp5VV1UE4YzLd47MDhn0Jk
 P14w==
X-Gm-Message-State: AOAM532WhzNPYKY3lBU8vGoHv6nGlnS5s7X8q+vIVvVpIy4FpFEQQ7r7
 hxUFLqwoqY4esw2+A0LKa0lahxOWlMhxoQ==
X-Google-Smtp-Source: 
 ABdhPJxvPMXf6JD3YWlVxj4ug+O7f0UwewZ2nnGp3yYnOTiuKbLpmC1jwWdKxBhS3FMRQOpEq/rj1g==
X-Received: by 2002:a05:600c:204:: with SMTP id
 4mr9359595wmi.95.1623823810040;
 Tue, 15 Jun 2021 23:10:10 -0700 (PDT)
Received: from kali.home (lfbn-ren-1-1383-171.w86-229.abo.wanadoo.fr.
 [86.229.230.171])
 by smtp.gmail.com with ESMTPSA id j12sm974340wrt.69.2021.06.15.23.10.09
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 15 Jun 2021 23:10:09 -0700 (PDT)
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
To: buildroot@buildroot.org
Date: Wed, 16 Jun 2021 08:10:01 +0200
Message-Id: <20210616061002.345235-1-fontaine.fabrice@gmail.com>
X-Mailer: git-send-email 2.30.2
MIME-Version: 1.0
Subject: [Buildroot] [PATCH 1/2] package/spice: security bump to version
 0.15.0
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
 <mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot/>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
 <mailto:buildroot-request@busybox.net?subject=subscribe>
Cc: "Yann E . MORIN" <yann.morin.1998@free.fr>,
 Fabrice Fontaine <fontaine.fabrice@gmail.com>
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

Fix CVE-2021-20201: A flaw was found in spice in versions before
0.14.92. A DoS tool might make it easier for remote attackers to cause a
denial of service (CPU consumption) by performing many renegotiations
within a single connection.

https://gitlab.freedesktop.org/spice/spice/-/tags/v0.15.0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 package/spice/spice.hash | 2 +-
 package/spice/spice.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/spice/spice.hash b/package/spice/spice.hash
index 8f84c2321f..b228f213a5 100644
--- a/package/spice/spice.hash
+++ b/package/spice/spice.hash
@@ -1,3 +1,3 @@
 # Locally calculated
-sha256  551d4be4a07667cf0543f3c895beb6da8a93ef5a9829f2ae47817be5e616a114  spice-0.14.3.tar.bz2
+sha256  b320cf8f4bd2852750acb703c15b72856027e5a8554f8217dfbb3cc09deba0f5  spice-0.15.0.tar.bz2
 sha256  dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551  COPYING
diff --git a/package/spice/spice.mk b/package/spice/spice.mk
index b515431cf1..ab35265ab4 100644
--- a/package/spice/spice.mk
+++ b/package/spice/spice.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-SPICE_VERSION = 0.14.3
+SPICE_VERSION = 0.15.0
 SPICE_SOURCE = spice-$(SPICE_VERSION).tar.bz2
 SPICE_SITE = http://www.spice-space.org/download/releases/spice-server
 SPICE_LICENSE = LGPL-2.1+