1 files changed, 8 insertions, 5 deletions

diff --git a/pkgs/development/libraries/spice/default.nix b/pkgs/development/libraries/spice/default.nix
index 61952c3b3238..808bfd4f811d 100644
--- a/pkgs/development/libraries/spice/default.nix
+++ b/pkgs/development/libraries/spice/default.nix
@@ -6,14 +6,15 @@
 with stdenv.lib;
 
 stdenv.mkDerivation rec {
-  name = "spice-0.12.8";
+  name = "spice-0.13.3";
 
   src = fetchurl {
     url = "http://www.spice-space.org/download/releases/${name}.tar.bz2";
-    sha256 = "0za03i77j8i3g5l2np2j7vy8cqsdbkm9wbv4hjnaqq9xhz2sa0gr";
+    sha256 = "17mqgwamdhj8sx8vhahrjl5937x693kjnw6cp6v0akjrwz011xrh";
   };
 
   patches = [
+    # the following three patches fix CVE-2016-9577 and CVE-2016-9578
     (fetchpatch {
       name = "0001-Prevent-possible-DoS-attempts-during-protocol-handsh.patch";
       url = "http://pkgs.fedoraproject.org/cgit/rpms/spice.git/plain/0001-Prevent-possible-DoS-attempts-during-protocol-handsh.patch?id=d919d639ae5f83a9735a04d843eed675f9357c0d";
@@ -24,9 +25,11 @@ stdenv.mkDerivation rec {
       url = "http://pkgs.fedoraproject.org/cgit/rpms/spice.git/plain/0002-Prevent-integer-overflows-in-capability-checks.patch?id=d919d639ae5f83a9735a04d843eed675f9357c0d";
       sha256 = "1r1bhq98w93cvvrlrz6jwdfsy261xl3xqs0ppchaa2igyxvxv5z5";
     })
-    # Originally from http://pkgs.fedoraproject.org/cgit/rpms/spice.git/plain/0003-main-channel-Prevent-overflow-reading-messages-from-.patch?id=d919d639ae5f83a9735a04d843eed675f9357c0d
-    # but main-channel.c was renamed to main_channel.c
-    ./0001-Adapting-the-following-patch-from-http-pkgs.fedorapr.patch
+    (fetchpatch {
+      name = "0003-main-channel-Prevent-overflow-reading-messages-from.patch";
+      url = "https://cgit.freedesktop.org/spice/spice/patch/?id=1d3e26c0ee75712fa4bbbcfa09d8d5866b66c8af";
+      sha256 = "030mm551aipck99rqiz39vsvk071pn8715zynr5j6chwzgpflwm3";
+    })
   ];
 
   buildInputs = [ pixman celt alsaLib openssl libjpeg zlib