spice: 0.12.8 -> 0.13.3

(we can use upstream security patches again)

pkgs/development/libraries/spice/0001-Adapting-the-following-patch-from-http-pkgs.fedorapr.patch

@@ -1,56 +0,0 @@
-From 75e8685740199537bfefcbd9996ec3ff9f6342e6 Mon Sep 17 00:00:00 2001
-From: Graham Christensen <graham@grahamc.com>
-Date: Wed, 8 Feb 2017 21:58:43 -0500
-Subject: [PATCH] Adapting the following patch, from
- http://pkgs.fedoraproject.org/cgit/rpms/spice.git/plain/0003-main-channel-Prevent-overflow-reading-messages-from-.patch?id=d919d639ae5f83a9735a04d843eed675f9357c0d
-
-> From: Frediano Ziglio <fziglio@redhat.com>
-> Date: Tue, 29 Nov 2016 16:46:56 +0000
-> Subject: [spice-server 3/3] main-channel: Prevent overflow reading messages
->  from client
->
-> Caller is supposed the function return a buffer able to store
-> size bytes.
->
-> Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
-> Acked-by: Christophe Fergeau <cfergeau@redhat.com>
-> ---
->  server/main-channel.c | 3 +++
->  1 file changed, 3 insertions(+)
->
-> diff --git a/server/main-channel.c b/server/main-channel.c
-> index 24dd448..1124506 100644
-> --- a/server/main-channel.c
-> +++ b/server/main-channel.c
-> @@ -258,6 +258,9 @@ static uint8_t *main_channel_alloc_msg_rcv_buf(RedChannelClient *rcc,
->
->      if (type == SPICE_MSGC_MAIN_AGENT_DATA) {
->          return reds_get_agent_data_buffer(red_channel_get_server(channel), mcc, size);
-> +    } else if (size > sizeof(main_chan->recv_buf)) {
-> +        /* message too large, caller will log a message and close the connection */
-> +        return NULL;
->      } else {
->          return main_chan->recv_buf;
->      }
-> --
-> 2.9.3
-> ---
- server/main_channel.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/server/main_channel.c b/server/main_channel.c
-index 0ecc9df..1fc3915 100644
---- a/server/main_channel.c
-+++ b/server/main_channel.c
-@@ -1026,6 +1026,9 @@ static uint8_t *main_channel_alloc_msg_rcv_buf(RedChannelClient *rcc,
-
-     if (type == SPICE_MSGC_MAIN_AGENT_DATA) {
-         return reds_get_agent_data_buffer(mcc, size);
-+    } else if (size > sizeof(main_chan->recv_buf)) {
-+        /* message too large, caller will log a message and close the connection */
-+        return NULL;
-     } else {
-         return main_chan->recv_buf;
-     }
---
-2.10.0

pkgs/development/libraries/spice/default.nix

@@ -6,14 +6,15 @@
 with stdenv.lib;
 
 stdenv.mkDerivation rec {
-  name = "spice-0.12.8";
+  name = "spice-0.13.3";
 
   src = fetchurl {
     url = "http://www.spice-space.org/download/releases/${name}.tar.bz2";
-    sha256 = "0za03i77j8i3g5l2np2j7vy8cqsdbkm9wbv4hjnaqq9xhz2sa0gr";
+    sha256 = "17mqgwamdhj8sx8vhahrjl5937x693kjnw6cp6v0akjrwz011xrh";
   };
 
   patches = [
+    # the following three patches fix CVE-2016-9577 and CVE-2016-9578
     (fetchpatch {
       name = "0001-Prevent-possible-DoS-attempts-during-protocol-handsh.patch";
       url = "http://pkgs.fedoraproject.org/cgit/rpms/spice.git/plain/0001-Prevent-possible-DoS-attempts-during-protocol-handsh.patch?id=d919d639ae5f83a9735a04d843eed675f9357c0d";
@@ -24,9 +25,11 @@ stdenv.mkDerivation rec {
       url = "http://pkgs.fedoraproject.org/cgit/rpms/spice.git/plain/0002-Prevent-integer-overflows-in-capability-checks.patch?id=d919d639ae5f83a9735a04d843eed675f9357c0d";
       sha256 = "1r1bhq98w93cvvrlrz6jwdfsy261xl3xqs0ppchaa2igyxvxv5z5";
     })
-    # Originally from http://pkgs.fedoraproject.org/cgit/rpms/spice.git/plain/0003-main-channel-Prevent-overflow-reading-messages-from-.patch?id=d919d639ae5f83a9735a04d843eed675f9357c0d
-    # but main-channel.c was renamed to main_channel.c
-    ./0001-Adapting-the-following-patch-from-http-pkgs.fedorapr.patch
+    (fetchpatch {
+      name = "0003-main-channel-Prevent-overflow-reading-messages-from.patch";
+      url = "https://cgit.freedesktop.org/spice/spice/patch/?id=1d3e26c0ee75712fa4bbbcfa09d8d5866b66c8af";
+      sha256 = "030mm551aipck99rqiz39vsvk071pn8715zynr5j6chwzgpflwm3";
+    })
   ];
 
   buildInputs = [ pixman celt alsaLib openssl libjpeg zlib