commit spice for openSUSE:Factory
Hello community, here is the log from the commit of package spice for openSUSE:Factory checked in at 2020-10-12 13:46:19 Comparing /work/SRC/openSUSE:Factory/spice (Old) and /work/SRC/openSUSE:Factory/.spice.new.3486 (New) Package is "spice" Mon Oct 12 13:46:19 2020 rev:38 rq:840478 version:0.14.3 Changes: --- /work/SRC/openSUSE:Factory/spice/spice.changes 2020-10-08 13:12:34.883194009 +0200 +++ /work/SRC/openSUSE:Factory/.spice.new.3486/spice.changes2020-10-12 13:46:21.985898207 +0200 @@ -1,0 +2,14 @@ +Fri Oct 9 19:51:19 UTC 2020 - Bruce Rogers + +- Note: The Mar 9, 2020 spec file cleanup and the following change + satisfy jsc#SLE-15520 +- Remove gstreamer-plugins-libav and gstreamer-plugins-good as + BuildRequires. Even though the configure step of the package + build does report detection of features from these packages, the + build is actually not otherwise influenced by the presence of + these packages. It is at runtime when these plugin packages are + utilized, so leave the Recommends for these in the package spec, + so that if the packages are available in a distro they can get + installed and utilized. + +--- Other differences: -- ++ spice.spec ++ --- /var/tmp/diff_new_pack.1nenN9/_old 2020-10-12 13:46:23.853898966 +0200 +++ /var/tmp/diff_new_pack.1nenN9/_new 2020-10-12 13:46:23.857898968 +0200 @@ -38,8 +38,6 @@ Patch3: 0004-quic-Avoid-possible-buffer-overflow-in-find_bucket.patch BuildRequires: gcc-c++ -BuildRequires: gstreamer-plugins-good -BuildRequires: gstreamer-plugins-libav BuildRequires: libjpeg-devel BuildRequires: pkgconfig BuildRequires: python3-pyparsing
commit spice for openSUSE:Factory
Hello community, here is the log from the commit of package spice for openSUSE:Factory checked in at 2020-10-08 13:11:44 Comparing /work/SRC/openSUSE:Factory/spice (Old) and /work/SRC/openSUSE:Factory/.spice.new.4249 (New) Package is "spice" Thu Oct 8 13:11:44 2020 rev:37 rq:839837 version:0.14.3 Changes: --- /work/SRC/openSUSE:Factory/spice/spice.changes 2020-03-12 22:58:23.514992782 +0100 +++ /work/SRC/openSUSE:Factory/.spice.new.4249/spice.changes2020-10-08 13:12:34.883194009 +0200 @@ -1,0 +2,10 @@ +Mon Oct 5 19:46:16 UTC 2020 - Bruce Rogers + +- Fix buffer overflow vunerabilities in QUIC image decoding + (CVE-2020-14355 bsc#1177158) +0001-quic-Check-we-have-some-data-to-start-decoding-quic-.patch +0002-quic-Check-image-size-in-quic_decode_begin.patch +0003-quic-Check-RLE-lengths.patch +0004-quic-Avoid-possible-buffer-overflow-in-find_bucket.patch + +--- New: 0001-quic-Check-we-have-some-data-to-start-decoding-quic-.patch 0002-quic-Check-image-size-in-quic_decode_begin.patch 0003-quic-Check-RLE-lengths.patch 0004-quic-Avoid-possible-buffer-overflow-in-find_bucket.patch Other differences: -- ++ spice.spec ++ --- /var/tmp/diff_new_pack.A2izao/_old 2020-10-08 13:12:35.583194643 +0200 +++ /var/tmp/diff_new_pack.A2izao/_new 2020-10-08 13:12:35.587194647 +0200 @@ -32,6 +32,11 @@ Source1: https://www.spice-space.org/download/releases/spice-server/%{name}-%{version}.tar.bz2.sign Source2:%{name}.keyring Source99: %{name}.rpmlintrc +Patch0: 0001-quic-Check-we-have-some-data-to-start-decoding-quic-.patch +Patch1: 0002-quic-Check-image-size-in-quic_decode_begin.patch +Patch2: 0003-quic-Check-RLE-lengths.patch +Patch3: 0004-quic-Avoid-possible-buffer-overflow-in-find_bucket.patch + BuildRequires: gcc-c++ BuildRequires: gstreamer-plugins-good BuildRequires: gstreamer-plugins-libav @@ -96,6 +101,12 @@ %prep %setup -q +cd subprojects/spice-common +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +cd ../../ %build %configure \ ++ 0001-quic-Check-we-have-some-data-to-start-decoding-quic-.patch ++ >From 762e0abae36033ccde658fd52d3235887b60862d Mon Sep 17 00:00:00 2001 From: Frediano Ziglio Date: Wed, 29 Apr 2020 15:09:13 +0100 Subject: [PATCH spice-common 1/4] quic: Check we have some data to start decoding quic image All paths already pass some data to quic_decode_begin but for the test check it, it's not that expensive test. Checking for not 0 is enough, all other words will potentially be read calling more_io_words but we need one to avoid a potential initial buffer overflow or deferencing an invalid pointer. Signed-off-by: Frediano Ziglio Acked-by: Uri Lublin Signed-off-by: Bruce Rogers --- common/quic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/quic.c b/common/quic.c index e2dee0f..bc753ca 100644 --- a/common/quic.c +++ b/common/quic.c @@ -1136,7 +1136,7 @@ int quic_decode_begin(QuicContext *quic, uint32_t *io_ptr, unsigned int num_io_w int channels; int bpc; -if (!encoder_reset(encoder, io_ptr, io_ptr_end)) { +if (!num_io_words || !encoder_reset(encoder, io_ptr, io_ptr_end)) { return QUIC_ERROR; } -- 2.25.4 ++ 0002-quic-Check-image-size-in-quic_decode_begin.patch ++ >From 404d74782c8b5e57d146c5bf3118bb41bf3378e4 Mon Sep 17 00:00:00 2001 From: Frediano Ziglio Date: Wed, 29 Apr 2020 15:10:24 +0100 Subject: [PATCH spice-common 2/4] quic: Check image size in quic_decode_begin Avoid some overflow in code due to images too big or negative numbers. Signed-off-by: Frediano Ziglio Acked-by: Uri Lublin Signed-off-by: Bruce Rogers --- common/quic.c | 13 + 1 file changed, 13 insertions(+) diff --git a/common/quic.c b/common/quic.c index bc753ca..6815316 100644 --- a/common/quic.c +++ b/common/quic.c @@ -56,6 +56,9 @@ typedef uint8_t BYTE; #define MINwminext 1 #define MAXwminext 1 +/* Maximum image size in pixels, mainly to avoid possible integer overflows */ +#define SPICE_MAX_IMAGE_SIZE (512 * 1024 * 1024 - 1) + typedef struct QuicFamily { unsigned int nGRcodewords[MAXNUMCODES]; /* indexed by code number, contains number of unmodified GR codewords in the code */ @@ -1165,6 +1168,16 @@ int quic_decode_begin(QuicContext *quic, uint32_t *io_ptr, unsigned int num_io_w height = encoder->io_word; decode_eat32bits(encoder); +if (width <= 0 || height <= 0) { +encoder->usr->warn(encoder->usr, "invalid size\n"); +return QUIC_ERROR; +} + +/* avoid too big images */ +if ((uint6
commit spice for openSUSE:Factory
Hello community, here is the log from the commit of package spice for openSUSE:Factory checked in at 2020-03-12 22:58:11 Comparing /work/SRC/openSUSE:Factory/spice (Old) and /work/SRC/openSUSE:Factory/.spice.new.3160 (New) Package is "spice" Thu Mar 12 22:58:11 2020 rev:36 rq:783123 version:0.14.3 Changes: --- /work/SRC/openSUSE:Factory/spice/spice.changes 2020-03-03 10:14:21.038415779 +0100 +++ /work/SRC/openSUSE:Factory/.spice.new.3160/spice.changes2020-03-12 22:58:23.514992782 +0100 @@ -1,0 +2,5 @@ +Mon Mar 9 21:40:53 UTC 2020 - Bruce Rogers + +- Clean up some spec file conditionals that are no longer helpful + +--- Other differences: -- ++ spice.spec ++ --- /var/tmp/diff_new_pack.tlO2OT/_old 2020-03-12 22:58:25.674993643 +0100 +++ /var/tmp/diff_new_pack.tlO2OT/_new 2020-03-12 22:58:25.678993644 +0100 @@ -16,19 +16,11 @@ # -%define libname libspice-server1 -%if 0%{?suse_version} >=1330 || 0%{?is_opensuse} -%bcond_without libcard -%if 0%{?suse_version} < 1330 -%bcond_with lz4 -%else %bcond_without lz4 -%endif -%else -%bcond_with libcard -%bcond_with lz4 -%endif +%bcond_without libcard %bcond_with celt051 + +%define libname libspice-server1 Name: spice Version:0.14.3 Release:0 @@ -42,8 +34,11 @@ Source99: %{name}.rpmlintrc BuildRequires: gcc-c++ BuildRequires: gstreamer-plugins-good +BuildRequires: gstreamer-plugins-libav BuildRequires: libjpeg-devel BuildRequires: pkgconfig +BuildRequires: python3-pyparsing +BuildRequires: python3-six BuildRequires: pkgconfig(alsa) BuildRequires: pkgconfig(glib-2.0) >= 2.38 BuildRequires: pkgconfig(gstreamer-1.0) @@ -63,17 +58,7 @@ BuildRequires: pkgconfig(xrender) BuildRequires: pkgconfig(zlib) Recommends: gstreamer-plugins-good -%if 0%{?suse_version} < 1500 -BuildRequires: python-pyparsing -BuildRequires: python-six -%else -BuildRequires: python3-pyparsing -BuildRequires: python3-six -%if 0%{?is_opensuse} -BuildRequires: gstreamer-plugins-libav Recommends: gstreamer-plugins-libav -%endif -%endif %if %{with celt051} BuildRequires: pkgconfig(celt051) %endif
commit spice for openSUSE:Factory
Hello community, here is the log from the commit of package spice for openSUSE:Factory checked in at 2020-03-03 10:14:19 Comparing /work/SRC/openSUSE:Factory/spice (Old) and /work/SRC/openSUSE:Factory/.spice.new.26092 (New) Package is "spice" Tue Mar 3 10:14:19 2020 rev:35 rq:780372 version:0.14.3 Changes: --- /work/SRC/openSUSE:Factory/spice/spice.changes 2020-01-18 12:17:48.847128708 +0100 +++ /work/SRC/openSUSE:Factory/.spice.new.26092/spice.changes 2020-03-03 10:14:21.038415779 +0100 @@ -1,0 +2,31 @@ +Fri Feb 28 19:05:21 UTC 2020 - Bruce Rogers + +- Update to v0.14.3 release + The main changes are WebSocket and support for Windows. + * Add support for WebSocket, this will allow to use spice-html5 +without proxy + * Support Windows, now Qemu Windows can be build enabling Spice + * Fix some alignment problem + * Converted some documentation to Asciidoc format to make easier +to update, updated some + * Minor compatibility fix for PPC64EL and ARMHF + * Minor fixes for big endian machines like MIPS + * Avoid some crashes with some buggy guest drivers, simply +ignore the invalid request + * Fix for old OpenSSL versions + * Minor fix for Windows clients and brushes, fixed an issue with +Photoshop under Windows 7 + * Add ability to query video-codecs + * Small use-after-free fix + * Fix for debugging recording/replaying using QUIC images + * Fix a regression where spice reported no monitors to the client + * Fix DoS in spicevmc if WebDAV used + * Updated and improved test migration script + * Some minor fixes to smartcard support + * Avoid possible disconnection using proxies using a in-flow +keepalive mechanism +- The NEWS file is now named CHANGELOG.md, and the previously + provided ChangeLog, which was a summary of the git log is no + longer provided + +--- Old: spice-0.14.2.tar.bz2 spice-0.14.2.tar.bz2.sign New: spice-0.14.3.tar.bz2 spice-0.14.3.tar.bz2.sign Other differences: -- ++ spice.spec ++ --- /var/tmp/diff_new_pack.UIRiPR/_old 2020-03-03 10:14:22.090417955 +0100 +++ /var/tmp/diff_new_pack.UIRiPR/_new 2020-03-03 10:14:22.090417955 +0100 @@ -30,7 +30,7 @@ %endif %bcond_with celt051 Name: spice -Version:0.14.2 +Version:0.14.3 Release:0 Summary:SPICE client and server library License:LGPL-2.1-or-later OR GPL-2.0-or-later @@ -138,7 +138,7 @@ %postun -n %{libname} -p /sbin/ldconfig %files -n %{libname} -%doc NEWS README ChangeLog +%doc README CHANGELOG.md %license COPYING %{_libdir}/libspice-server.so.* ++ spice-0.14.2.tar.bz2 -> spice-0.14.3.tar.bz2 ++ 62588 lines of diff (skipped)
commit spice for openSUSE:Factory
Hello community, here is the log from the commit of package spice for openSUSE:Factory checked in at 2020-01-18 12:16:49 Comparing /work/SRC/openSUSE:Factory/spice (Old) and /work/SRC/openSUSE:Factory/.spice.new.26092 (New) Package is "spice" Sat Jan 18 12:16:49 2020 rev:34 rq:764109 version:0.14.2 Changes: --- /work/SRC/openSUSE:Factory/spice/spice.changes 2019-05-22 10:51:33.775319783 +0200 +++ /work/SRC/openSUSE:Factory/.spice.new.26092/spice.changes 2020-01-18 12:17:48.847128708 +0100 @@ -1,0 +2,5 @@ +Fri Jan 10 20:53:35 UTC 2020 - Martin Herkt <9+suse@cirno.systems> + +- Enable video codec support (VPX and MJPEG) + +--- Other differences: -- ++ spice.spec ++ --- /var/tmp/diff_new_pack.4yfPwp/_old 2020-01-18 12:17:50.843129778 +0100 +++ /var/tmp/diff_new_pack.4yfPwp/_new 2020-01-18 12:17:50.855129785 +0100 @@ -1,7 +1,7 @@ # # spec file for package spice # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -41,15 +41,9 @@ Source2:%{name}.keyring Source99: %{name}.rpmlintrc BuildRequires: gcc-c++ +BuildRequires: gstreamer-plugins-good BuildRequires: libjpeg-devel BuildRequires: pkgconfig -%if 0%{?suse_version} < 1500 -BuildRequires: python-pyparsing -BuildRequires: python-six -%else -BuildRequires: python3-pyparsing -BuildRequires: python3-six -%endif BuildRequires: pkgconfig(alsa) BuildRequires: pkgconfig(glib-2.0) >= 2.38 BuildRequires: pkgconfig(gstreamer-1.0) @@ -68,6 +62,18 @@ BuildRequires: pkgconfig(xrandr) BuildRequires: pkgconfig(xrender) BuildRequires: pkgconfig(zlib) +Recommends: gstreamer-plugins-good +%if 0%{?suse_version} < 1500 +BuildRequires: python-pyparsing +BuildRequires: python-six +%else +BuildRequires: python3-pyparsing +BuildRequires: python3-six +%if 0%{?is_opensuse} +BuildRequires: gstreamer-plugins-libav +Recommends: gstreamer-plugins-libav +%endif +%endif %if %{with celt051} BuildRequires: pkgconfig(celt051) %endif
commit spice for openSUSE:Factory
Hello community, here is the log from the commit of package spice for openSUSE:Factory checked in at 2019-05-22 10:51:30 Comparing /work/SRC/openSUSE:Factory/spice (Old) and /work/SRC/openSUSE:Factory/.spice.new.5148 (New) Package is "spice" Wed May 22 10:51:30 2019 rev:33 rq:703827 version:0.14.2 Changes: --- /work/SRC/openSUSE:Factory/spice/spice.changes 2019-03-04 09:09:06.204720701 +0100 +++ /work/SRC/openSUSE:Factory/.spice.new.5148/spice.changes2019-05-22 10:51:33.775319783 +0200 @@ -1,0 +2,27 @@ +Thu May 16 21:11:13 UTC 2019 - Bruce Rogers + +- Update to v0.14.2 stable release + The main changes are support for Meson build and graphic device + info messages allowing to better support multi-monitor + configurations. + * support H265 in stream-channel + * add support for building with meson/ninja + * minor tests fixes improving CI + * set char device state for smartcard, allowing Qemu optimization + * improve red-parse-qxl.c interface making it more consistent + * add some instrumentation for streaming device + * QXL interface: add a function to identify monitors in the guest +(spice_qxl_set_device_info) + * add support for GraphicsDeviceInfo messages + * video-stream: prevent crash on stream reattach + * make channel client callbacks virtual functions + * bumped minimum required glib version to 2.38 + * attempt to have a reliable led state for keyboard modifiers +- Removed patches: + (The first two are altered versions of what is carried upstream. + I think we're fine with what upstream does here) + 0001-lz-Avoid-buffer-reading-overflow-checking-for-image-.patch + 0002-lz-More-checks-on-image-sizes.patch + 0001-memslot-Fix-off-by-one-error-in-group-slot-boundary-.patch + +--- Old: 0001-lz-Avoid-buffer-reading-overflow-checking-for-image-.patch 0001-memslot-Fix-off-by-one-error-in-group-slot-boundary-.patch 0002-lz-More-checks-on-image-sizes.patch spice-0.14.1.tar.bz2 spice-0.14.1.tar.bz2.sign New: spice-0.14.2.tar.bz2 spice-0.14.2.tar.bz2.sign Other differences: -- ++ spice.spec ++ --- /var/tmp/diff_new_pack.UDID53/_old 2019-05-22 10:51:34.431319407 +0200 +++ /var/tmp/diff_new_pack.UDID53/_new 2019-05-22 10:51:34.431319407 +0200 @@ -30,20 +30,16 @@ %endif %bcond_with celt051 Name: spice -Version:0.14.1 +Version:0.14.2 Release:0 Summary:SPICE client and server library License:LGPL-2.1-or-later OR GPL-2.0-or-later Group: Productivity/Networking/Other URL:https://www.spice-space.org/ Source: https://www.spice-space.org/download/releases/spice-server/%{name}-%{version}.tar.bz2 -Source2: https://www.spice-space.org/download/releases/spice-server/%{name}-%{version}.tar.bz2.sign -Source3:%{name}.keyring +Source1: https://www.spice-space.org/download/releases/spice-server/%{name}-%{version}.tar.bz2.sign +Source2:%{name}.keyring Source99: %{name}.rpmlintrc -# PATCH-FIX-UPSTREAM - CVE-2018-10893 -Patch0: 0001-lz-Avoid-buffer-reading-overflow-checking-for-image-.patch -Patch1: 0002-lz-More-checks-on-image-sizes.patch -Patch2: 0001-memslot-Fix-off-by-one-error-in-group-slot-boundary-.patch BuildRequires: gcc-c++ BuildRequires: libjpeg-devel BuildRequires: pkgconfig @@ -55,7 +51,7 @@ BuildRequires: python3-six %endif BuildRequires: pkgconfig(alsa) -BuildRequires: pkgconfig(glib-2.0) >= 2.32 +BuildRequires: pkgconfig(glib-2.0) >= 2.38 BuildRequires: pkgconfig(gstreamer-1.0) BuildRequires: pkgconfig(gstreamer-app-1.0) BuildRequires: pkgconfig(gstreamer-video-1.0) @@ -109,11 +105,6 @@ %prep %setup -q -pushd subprojects/spice-common -%patch0 -p1 -%patch1 -p1 -popd -%patch2 -p1 %build %configure \ ++ spice-0.14.1.tar.bz2 -> spice-0.14.2.tar.bz2 ++ 40158 lines of diff (skipped) ++ spice.keyring ++ --- /var/tmp/diff_new_pack.UDID53/_old 2019-05-22 10:51:35.519318784 +0200 +++ /var/tmp/diff_new_pack.UDID53/_new 2019-05-22 10:51:35.523318782 +0200 @@ -1,89 +1,386 @@ -BEGIN PGP PUBLIC KEY BLOCK- +Version: SKS 1.1.6 +Comment: Hostname: pgpkeys.co.uk -mQINBFNNk3sBEAC4mJxr7DerQwZFYiW7x+EuFcPsc8xwCyVns41oubsOcopZ4mPe -EdKj1TYkoiB7cwyzGHfzenTUXLJyDFJmPiYF+AfDN7cU+eqh9+j5c+Ik9ytGFDVo -gjwbVS7e0BdUno9mMEz9zw4fyCuUsibMaf771v6ifI7CzhuncB/aebZz9+Z6bJ+t -8+8D1epVCrfody01xRoAWgy6Yy9aCVd8qb6U81Dt0emG5dvyMDKJTEc88+3/QPJX -iKfP0mj9T3dt4AFfXyAALh5Shsi4On2/OEkFFRGQx784OsVX9Fgs2V4m3hCtuqtm -tVVcf/1slWB9y6N2Vz20DDQKhGfKUY23fxraheIVn278DjQKYGPirI2ldPeIZE0a -lCiqR7msr6tGja0lPstipWfQP3Rvly6i9r9/uUB72m29xKKdrrodJkJuA2zBjc8u -FTEH0LrhqGJ9hg+OhSsa5+dw
commit spice for openSUSE:Factory
Hello community, here is the log from the commit of package spice for openSUSE:Factory checked in at 2019-03-04 09:09:06 Comparing /work/SRC/openSUSE:Factory/spice (Old) and /work/SRC/openSUSE:Factory/.spice.new.28833 (New) Package is "spice" Mon Mar 4 09:09:06 2019 rev:32 rq:680532 version:0.14.1 Changes: --- /work/SRC/openSUSE:Factory/spice/spice.changes 2019-02-13 10:16:09.097385835 +0100 +++ /work/SRC/openSUSE:Factory/.spice.new.28833/spice.changes 2019-03-04 09:09:06.204720701 +0100 @@ -1,0 +2,6 @@ +Fri Mar 1 08:13:02 UTC 2019 - o...@aepfle.de + +- Use plain python2 for SLE12 builds +- Remove PYTHON=python3, configure will find and use the python3 + +--- Other differences: -- ++ spice.spec ++ --- /var/tmp/diff_new_pack.6lkQRu/_old 2019-03-04 09:09:06.688720620 +0100 +++ /var/tmp/diff_new_pack.6lkQRu/_new 2019-03-04 09:09:06.692720619 +0100 @@ -47,8 +47,13 @@ BuildRequires: gcc-c++ BuildRequires: libjpeg-devel BuildRequires: pkgconfig +%if 0%{?suse_version} < 1500 +BuildRequires: python-pyparsing +BuildRequires: python-six +%else BuildRequires: python3-pyparsing BuildRequires: python3-six +%endif BuildRequires: pkgconfig(alsa) BuildRequires: pkgconfig(glib-2.0) >= 2.32 BuildRequires: pkgconfig(gstreamer-1.0) @@ -111,7 +116,6 @@ %patch2 -p1 %build -export PYTHON=%{_bindir}/python3 %configure \ --disable-silent-rules \ --disable-static \
commit spice for openSUSE:Factory
Hello community, here is the log from the commit of package spice for openSUSE:Factory checked in at 2019-02-13 10:16:06 Comparing /work/SRC/openSUSE:Factory/spice (Old) and /work/SRC/openSUSE:Factory/.spice.new.28833 (New) Package is "spice" Wed Feb 13 10:16:06 2019 rev:31 rq:669352 version:0.14.1 Changes: --- /work/SRC/openSUSE:Factory/spice/spice.changes 2018-10-01 09:03:31.103991260 +0200 +++ /work/SRC/openSUSE:Factory/.spice.new.28833/spice.changes 2019-02-13 10:16:09.097385835 +0100 @@ -1,0 +2,8 @@ +Mon Jan 28 17:39:01 UTC 2019 - Bruce Rogers + +- Fix OOB memory access in internal tracking of slot_ids and + group_ids. (CVE-2019-3813 bsc#1122706) + * 0001-memslot-Fix-off-by-one-error-in-group-slot-boundary-.patch +- Remove celt051 Requires directive + +--- New: 0001-memslot-Fix-off-by-one-error-in-group-slot-boundary-.patch Other differences: -- ++ spice.spec ++ --- /var/tmp/diff_new_pack.Xcvy7B/_old 2019-02-13 10:16:09.929385518 +0100 +++ /var/tmp/diff_new_pack.Xcvy7B/_new 2019-02-13 10:16:09.933385516 +0100 @@ -1,7 +1,7 @@ # # spec file for package spice # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -43,6 +43,7 @@ # PATCH-FIX-UPSTREAM - CVE-2018-10893 Patch0: 0001-lz-Avoid-buffer-reading-overflow-checking-for-image-.patch Patch1: 0002-lz-More-checks-on-image-sizes.patch +Patch2: 0001-memslot-Fix-off-by-one-error-in-group-slot-boundary-.patch BuildRequires: gcc-c++ BuildRequires: libjpeg-devel BuildRequires: pkgconfig @@ -66,7 +67,6 @@ BuildRequires: pkgconfig(xrandr) BuildRequires: pkgconfig(xrender) BuildRequires: pkgconfig(zlib) -Requires: celt051 %if %{with celt051} BuildRequires: pkgconfig(celt051) %endif @@ -108,6 +108,7 @@ %patch0 -p1 %patch1 -p1 popd +%patch2 -p1 %build export PYTHON=%{_bindir}/python3 ++ 0001-memslot-Fix-off-by-one-error-in-group-slot-boundary-.patch ++ >From 39af4b1e67e9bc0b597f4731ffbdc6db206fdf1c Mon Sep 17 00:00:00 2001 From: Christophe Fergeau Date: Thu, 29 Nov 2018 14:18:39 +0100 Subject: [PATCH] memslot: Fix off-by-one error in group/slot boundary check RedMemSlotInfo keeps an array of groups, and each group contains an array of slots. Unfortunately, these checks are off by 1, they check that the index is greater or equal to the number of elements in the array, while these arrays are 0 based. The check should only check for strictly greater than the number of elements. For the group array, this is not a big issue, as these memslot groups are created by spice-server users (eg QEMU), and the group ids used to index that array are also generated by the spice-server user, so it should not be possible for the guest to set them to arbitrary values. The slot id is more problematic, as it's calculated from a QXLPHYSICAL address, and such addresses are usually set by the guest QXL driver, so the guest can set these to arbitrary values, including malicious values, which are probably easy to build from the guest PCI configuration. This patch fixes the arrays bound check, and adds a test case for this. Signed-off-by: Christophe Fergeau [BR: BSC#1122706 CVE-2019-3813] Signed-off-by: Bruce Rogers --- server/memslot.c| 4 ++-- server/tests/test-qxl-parsing.c | 30 ++ 2 files changed, 32 insertions(+), 2 deletions(-) diff --git a/server/memslot.c b/server/memslot.c index ede77e7a..ea6f9815 100644 --- a/server/memslot.c +++ b/server/memslot.c @@ -97,13 +97,13 @@ void *memslot_get_virt(RedMemSlotInfo *info, QXLPHYSICAL addr, uint32_t add_size MemSlot *slot; -if (group_id > info->num_memslots_groups) { +if (group_id >= info->num_memslots_groups) { spice_critical("group_id too big"); return NULL; } slot_id = memslot_get_id(info, addr); -if (slot_id > info->num_memslots) { +if (slot_id >= info->num_memslots) { print_memslots(info); spice_critical("slot_id %d too big, addr=%" PRIx64, slot_id, addr); return NULL; diff --git a/server/tests/test-qxl-parsing.c b/server/tests/test-qxl-parsing.c index 47139a48..5b8d0f26 100644 --- a/server/tests/test-q
commit spice for openSUSE:Factory
Hello community, here is the log from the commit of package spice for openSUSE:Factory checked in at 2018-10-01 09:03:28 Comparing /work/SRC/openSUSE:Factory/spice (Old) and /work/SRC/openSUSE:Factory/.spice.new (New) Package is "spice" Mon Oct 1 09:03:28 2018 rev:30 rq:636755 version:0.14.1 Changes: --- /work/SRC/openSUSE:Factory/spice/spice.changes 2018-08-28 09:21:33.104286567 +0200 +++ /work/SRC/openSUSE:Factory/.spice.new/spice.changes 2018-10-01 09:03:31.103991260 +0200 @@ -1,0 +2,49 @@ +Wed Sep 19 22:47:44 UTC 2018 - astie...@suse.com + +- Upstream disabled support for the celt051 audio codec by default, + do likewise in the spec +- Note updated 0.14.1 build dependencies in the spec: + * OpenSSL 1.0.0 or newer is now required + * glib 2.32 required +- add upstream signing key and verify source signature + +--- +Wed Sep 19 19:42:07 UTC 2018 - Bruce Rogers + +- Update to v0.14.1 stable release + The announcement email describes this release as follows: + The main change in this release is the addition of a new protocol + extension in order to support streaming the remote display as a + video stream rather than going through the QXL protocol. Together + with spice-streaming-agent, and/or with more work on the qemu/ + spice-server side, this should allow streaming of 3D accelerated + VMs in the future. At this point, this part of spice-server is + still a work in progress (multi-monitor support and various + features are missing). + * avoid performance issues on Windows 10 KVM guests (boo#1109044) + * add new org.spice-space.stream.0 channel used for passing an +encoded video stream from the guest to the client + * add support for TCP_CORK to reduce the amount of packets that +we send + * fix CVE-2018-10873 (maintainer note: we already carried fix) + * fix cursor related migration crash + * fix regression causing sound recording to be muted after client +disconnection/reconnection (introduced in 0.13.90) + * fix regression in corner cases where images could be sent +uncompressed when they used to be compressed with QUIC + * disable TLS 1.0 support + * CELT 0.5.1 support is now disabled by default. If celt051-devel +is installed at build-time, --enable-celt051/--disable-celt051 + must be explicitly specified + * drop support for unsupported OpenSSL version. OpenSSL 1.0.0 or +newer is now required + * bumped minimum required glib version to 2.32 + * endianness fixes + * (small) leak fixes + * usual round of code cleanups + * not directly related to this release, but the upstream git +repository is now hosted on gitlab.freedesktop.org +- Removed patches: +bb15d481-Fix-flexible-array-buffer-overflow.patch + +--- Old: bb15d481-Fix-flexible-array-buffer-overflow.patch spice-0.14.0.tar.bz2 New: spice-0.14.1.tar.bz2 spice-0.14.1.tar.bz2.sign spice.keyring Other differences: -- ++ spice.spec ++ --- /var/tmp/diff_new_pack.UXqDVy/_old 2018-10-01 09:03:31.703990740 +0200 +++ /var/tmp/diff_new_pack.UXqDVy/_new 2018-10-01 09:03:31.703990740 +0200 @@ -28,37 +28,37 @@ %bcond_with libcard %bcond_with lz4 %endif +%bcond_with celt051 Name: spice -Version:0.14.0 +Version:0.14.1 Release:0 Summary:SPICE client and server library License:LGPL-2.1-or-later OR GPL-2.0-or-later Group: Productivity/Networking/Other -Url:http://www.spice-space.org/ -Source: http://spice-space.org/download/releases/%{name}-%{version}.tar.bz2 +URL:https://www.spice-space.org/ +Source: https://www.spice-space.org/download/releases/spice-server/%{name}-%{version}.tar.bz2 +Source2: https://www.spice-space.org/download/releases/spice-server/%{name}-%{version}.tar.bz2.sign +Source3:%{name}.keyring Source99: %{name}.rpmlintrc # PATCH-FIX-UPSTREAM - CVE-2018-10893 Patch0: 0001-lz-Avoid-buffer-reading-overflow-checking-for-image-.patch Patch1: 0002-lz-More-checks-on-image-sizes.patch -# PATCH-FIX-UPSTREAM - CVE-2018-10873 -Patch2: bb15d481-Fix-flexible-array-buffer-overflow.patch BuildRequires: gcc-c++ BuildRequires: libjpeg-devel BuildRequires: pkgconfig BuildRequires: python3-pyparsing BuildRequires: python3-six BuildRequires: pkgconfig(alsa) -BuildRequires: pkgconfig(celt051) -BuildRequires: pkgconfig(glib-2.0) >= 2.28 +BuildRequires: pkgconfig(glib-2.0) >= 2.32 BuildRequires: pkgconfig(gstreamer-1.0) BuildRequires: pkgconfig(gstreamer-app-1.0) BuildRequires: pkgconfig(gstreamer-video-1.0) BuildRe
commit spice for openSUSE:Factory
Hello community, here is the log from the commit of package spice for openSUSE:Factory checked in at 2018-08-28 09:21:22 Comparing /work/SRC/openSUSE:Factory/spice (Old) and /work/SRC/openSUSE:Factory/.spice.new (New) Package is "spice" Tue Aug 28 09:21:22 2018 rev:29 rq:630531 version:0.14.0 Changes: --- /work/SRC/openSUSE:Factory/spice/spice.changes 2018-07-27 10:50:39.213004556 +0200 +++ /work/SRC/openSUSE:Factory/.spice.new/spice.changes 2018-08-28 09:21:33.104286567 +0200 @@ -1,0 +2,8 @@ +Mon Aug 20 10:05:54 UTC 2018 - cbosdon...@suse.com + +- Fix potential heap corruption when demarshalling (CVE-2018-10873, + bsc#1104448) + Added patch: +bb15d481-Fix-flexible-array-buffer-overflow.patch + +--- New: bb15d481-Fix-flexible-array-buffer-overflow.patch Other differences: -- ++ spice.spec ++ --- /var/tmp/diff_new_pack.E0yvDD/_old 2018-08-28 09:21:33.556287977 +0200 +++ /var/tmp/diff_new_pack.E0yvDD/_new 2018-08-28 09:21:33.560287989 +0200 @@ -40,9 +40,13 @@ # PATCH-FIX-UPSTREAM - CVE-2018-10893 Patch0: 0001-lz-Avoid-buffer-reading-overflow-checking-for-image-.patch Patch1: 0002-lz-More-checks-on-image-sizes.patch +# PATCH-FIX-UPSTREAM - CVE-2018-10873 +Patch2: bb15d481-Fix-flexible-array-buffer-overflow.patch BuildRequires: gcc-c++ BuildRequires: libjpeg-devel BuildRequires: pkgconfig +BuildRequires: python3-pyparsing +BuildRequires: python3-six BuildRequires: pkgconfig(alsa) BuildRequires: pkgconfig(celt051) BuildRequires: pkgconfig(glib-2.0) >= 2.28 @@ -100,9 +104,11 @@ pushd spice-common %patch0 -p1 %patch1 -p1 +%patch2 -p1 popd %build +export PYTHON=/usr/bin/python3 %configure \ --disable-silent-rules \ --disable-static \ ++ bb15d481-Fix-flexible-array-buffer-overflow.patch ++ >From bb15d4815ab586b4c4a20f4a565970a44824c42c Mon Sep 17 00:00:00 2001 From: Frediano Ziglio Date: Fri, 18 May 2018 11:41:57 +0100 Subject: [PATCH] Fix flexible array buffer overflow This is kind of a DoS, possibly flexible array in the protocol causes the network size check to be ignored due to integer overflows. The size of flexible array is computed as (message_end - position), then this size is added to the number of bytes before the array and this number is used to check if we overflow initial message. An example is: message { uint32 dummy[2]; uint8 data[] @end; } LenMessage; which generated this (simplified remove useless code) code: { /* data */ data__nelements = message_end - (start + 8); data__nw_size = data__nelements; } nw_size = 8 + data__nw_size; /* Check if message fits in reported side */ if (nw_size > (uintptr_t) (message_end - start)) { return NULL; } Following code: - data__nelements == message_end - (start + 8) - data__nw_size == data__nelements == message_end - (start + 8) - nw_size == 8 + data__nw_size == 8 + message_end - (start + 8) == 8 + message_end - start - 8 == message_end -start - the check for overflow is (nw_size > (message_end - start)) but nw_size == message_end - start so the check is doing ((message_end - start) > (message_end - start)) which is always false. If message_end - start < 8 then data__nelements (number of element on the array above) computation generate an integer underflow that later create a buffer overflow. Add a check to make sure that the array starts before the message ends to avoid the overflow. Signed-off-by: Frediano Ziglio Signed-off-by: Christophe Fergeau --- python_modules/demarshal.py | 1 + tests/test-marshallers.c | 8 tests/test-marshallers.h | 5 + tests/test-marshallers.proto | 5 + 4 files changed, 19 insertions(+) diff --git a/python_modules/demarshal.py b/python_modules/demarshal.py index 7b53361..5a237a6 100644 --- a/python_modules/demarshal.py +++ b/python_modules/demarshal.py @@ -331,6 +331,7 @@ def write_validate_array_item(writer, container, item, scope, parent_scope, star writer.assign(nelements, array.size) elif array.is_remaining_length(): if element_type.is_fixed_nw_size(): +writer.error_check("%s > message_end" % item.get_position()) if element_type.get_fixed_nw_size() == 1: writer.assign(nelements, "message_end - %s" % item.get_position()) else: -- 2.18.0
commit spice for openSUSE:Factory
Hello community, here is the log from the commit of package spice for openSUSE:Factory checked in at 2018-07-27 10:50:32 Comparing /work/SRC/openSUSE:Factory/spice (Old) and /work/SRC/openSUSE:Factory/.spice.new (New) Package is "spice" Fri Jul 27 10:50:32 2018 rev:28 rq:625045 version:0.14.0 Changes: --- /work/SRC/openSUSE:Factory/spice/spice.changes 2018-02-01 21:26:56.907917043 +0100 +++ /work/SRC/openSUSE:Factory/.spice.new/spice.changes 2018-07-27 10:50:39.213004556 +0200 @@ -1,0 +2,8 @@ +Mon Jul 16 15:01:46 UTC 2018 - cbosdon...@suse.com + +- Avoid buffer overflow on image lz cheks (CVE-2018-10893, bsc#1101295) + Added patches: +0001-lz-Avoid-buffer-reading-overflow-checking-for-image-.patch +0002-lz-More-checks-on-image-sizes.patch + +--- New: 0001-lz-Avoid-buffer-reading-overflow-checking-for-image-.patch 0002-lz-More-checks-on-image-sizes.patch Other differences: -- ++ spice.spec ++ --- /var/tmp/diff_new_pack.x0YNck/_old 2018-07-27 10:50:39.637005368 +0200 +++ /var/tmp/diff_new_pack.x0YNck/_new 2018-07-27 10:50:39.641005376 +0200 @@ -32,11 +32,14 @@ Version:0.14.0 Release:0 Summary:SPICE client and server library -License:LGPL-2.1+ OR GPL-2.0+ +License:LGPL-2.1-or-later OR GPL-2.0-or-later Group: Productivity/Networking/Other Url:http://www.spice-space.org/ Source: http://spice-space.org/download/releases/%{name}-%{version}.tar.bz2 Source99: %{name}.rpmlintrc +# PATCH-FIX-UPSTREAM - CVE-2018-10893 +Patch0: 0001-lz-Avoid-buffer-reading-overflow-checking-for-image-.patch +Patch1: 0002-lz-More-checks-on-image-sizes.patch BuildRequires: gcc-c++ BuildRequires: libjpeg-devel BuildRequires: pkgconfig @@ -94,6 +97,10 @@ %prep %setup -q +pushd spice-common +%patch0 -p1 +%patch1 -p1 +popd %build %configure \ ++ 0001-lz-Avoid-buffer-reading-overflow-checking-for-image-.patch ++ >From b94b3ca285d81180ed8fdf18f949761e40657b93 Mon Sep 17 00:00:00 2001 From: Frediano Ziglio Date: Fri, 22 Dec 2017 18:43:00 + Subject: [PATCH spice-common 1/2] lz: Avoid buffer reading overflow checking for image type The type of the image is just copied from network without any check and later used for array indexing. Signed-off-by: Frediano Ziglio --- common/lz.c| 3 +++ common/lz_common.h | 7 --- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/common/lz.c b/common/lz.c index b7e7d48..e76105e 100644 --- a/common/lz.c +++ b/common/lz.c @@ -594,6 +594,9 @@ void lz_decode_begin(LzContext *lz, uint8_t *io_ptr, unsigned int num_io_bytes, } encoder->type = (LzImageType)decode_32(encoder); +if (encoder->type < 0 || encoder->type > LZ_IMAGE_TYPE_MAX) { +encoder->usr->error(encoder->usr, "invalid lz type\n"); +} encoder->width = decode_32(encoder); encoder->height = decode_32(encoder); encoder->stride = decode_32(encoder); diff --git a/common/lz_common.h b/common/lz_common.h index 78df003..6526d16 100644 --- a/common/lz_common.h +++ b/common/lz_common.h @@ -51,6 +51,7 @@ typedef enum { #define LZ_IMAGE_TYPE_MASK 0x0f #define LZ_IMAGE_TYPE_LOG 4 // number of bits required for coding the image type +#define LZ_IMAGE_TYPE_MAX LZ_IMAGE_TYPE_A8 /* access to the arrays is based on the image types */ static const int IS_IMAGE_TYPE_PLT[] = {0, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0}; @@ -58,10 +59,10 @@ static const int IS_IMAGE_TYPE_RGB[] = {0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1}; static const int PLT_PIXELS_PER_BYTE[] = {0, 8, 8, 2, 2, 1}; static const int RGB_BYTES_PER_PIXEL[] = {0, 1, 1, 1, 1, 1, 2, 3, 4, 4, 4, 1}; -verify(SPICE_N_ELEMENTS(IS_IMAGE_TYPE_PLT) == (LZ_IMAGE_TYPE_A8 + 1)); -verify(SPICE_N_ELEMENTS(IS_IMAGE_TYPE_RGB) == (LZ_IMAGE_TYPE_A8 + 1)); +verify(SPICE_N_ELEMENTS(IS_IMAGE_TYPE_PLT) == (LZ_IMAGE_TYPE_MAX + 1)); +verify(SPICE_N_ELEMENTS(IS_IMAGE_TYPE_RGB) == (LZ_IMAGE_TYPE_MAX + 1)); verify(SPICE_N_ELEMENTS(PLT_PIXELS_PER_BYTE) == (LZ_IMAGE_TYPE_PLT8 + 1)); -verify(SPICE_N_ELEMENTS(RGB_BYTES_PER_PIXEL) == (LZ_IMAGE_TYPE_A8 + 1)); +verify(SPICE_N_ELEMENTS(RGB_BYTES_PER_PIXEL) == (LZ_IMAGE_TYPE_MAX + 1)); /* ASCII "LZ " */ #define LZ_MAGIC 0x20205a4c -- 2.17.1 ++ 0002-lz-More-checks-on-image-sizes.patch ++ >From 7117d2dced9438ce8074d20362196a313b0854cc Mon Sep 17 00:00:00 2001 From: Frediano Ziglio Date: Mon, 25 Jun 2018 14:16:10 +0100 Subject: [PATCH spice-common 2/2] lz: More checks on image sizes Extend sizes check also to decoding, actually the source data decoding images should be less safe than encoding. This avoids different integer overflows and buff
commit spice for openSUSE:Factory
Hello community, here is the log from the commit of package spice for openSUSE:Factory checked in at 2018-02-01 21:26:55 Comparing /work/SRC/openSUSE:Factory/spice (Old) and /work/SRC/openSUSE:Factory/.spice.new (New) Package is "spice" Thu Feb 1 21:26:55 2018 rev:27 rq:571469 version:0.14.0 Changes: --- /work/SRC/openSUSE:Factory/spice/spice.changes 2017-11-03 16:31:44.533159980 +0100 +++ /work/SRC/openSUSE:Factory/.spice.new/spice.changes 2018-02-01 21:26:56.907917043 +0100 @@ -1,0 +2,26 @@ +Tue Jan 30 22:20:12 UTC 2018 - jeng...@inai.de + +- Correct RPM group for shared library. + +--- +Tue Jan 30 14:44:37 UTC 2018 - tchva...@suse.com + +- Split the sle condition again for exact features to allow their + override + +--- +Thu Jan 18 12:12:33 UTC 2018 - tchva...@suse.com + +- Enable smartcards on sle15 as the supportlib is available + * Condition it using name everywhere instead of suse versions +and join together with lz4 +- Format with spec-cleaner +- Convert dependencies to pkgconfig style +- Install documentation and license file +- Add configure arguments to most of the options to not rely on + autotools automatic behavior + * Also enable gstreamer and lz4 options +- Drop the not needed python dependencies, they are needed only + when building from git snapshot + +--- Other differences: -- ++ spice.spec ++ --- /var/tmp/diff_new_pack.4QjjfC/_old 2018-02-01 21:26:57.879871615 +0100 +++ /var/tmp/diff_new_pack.4QjjfC/_new 2018-02-01 21:26:57.883871427 +0100 @@ -1,7 +1,7 @@ # # spec file for package spice # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,7 +16,18 @@ # -# Common info +%define libname libspice-server1 +%if 0%{?suse_version} >=1330 || 0%{?is_opensuse} +%bcond_without libcard +%if 0%{?suse_version} < 1330 +%bcond_with lz4 +%else +%bcond_without lz4 +%endif +%else +%bcond_with libcard +%bcond_with lz4 +%endif Name: spice Version:0.14.0 Release:0 @@ -26,46 +37,47 @@ Url:http://www.spice-space.org/ Source: http://spice-space.org/download/releases/%{name}-%{version}.tar.bz2 Source99: %{name}.rpmlintrc - -# Build-time parameters -BuildRequires: alsa-devel -BuildRequires: celt051-devel -BuildRequires: cyrus-sasl-devel BuildRequires: gcc-c++ -%if 0%{?is_opensuse} -BuildRequires: libcacard-devel -%endif BuildRequires: libjpeg-devel -BuildRequires: libopenssl-devel -BuildRequires: libpixman-1-0-devel >= 0.17.7 BuildRequires: pkgconfig -BuildRequires: python-pyparsing -BuildRequires: python-six -BuildRequires: spice-protocol-devel >= 0.12.11 -BuildRequires: zlib-devel +BuildRequires: pkgconfig(alsa) +BuildRequires: pkgconfig(celt051) BuildRequires: pkgconfig(glib-2.0) >= 2.28 +BuildRequires: pkgconfig(gstreamer-1.0) +BuildRequires: pkgconfig(gstreamer-app-1.0) +BuildRequires: pkgconfig(gstreamer-video-1.0) +BuildRequires: pkgconfig(libsasl2) +BuildRequires: pkgconfig(openssl) BuildRequires: pkgconfig(opus) +BuildRequires: pkgconfig(orc-0.4) +BuildRequires: pkgconfig(pixman-1) >= 0.17.7 +BuildRequires: pkgconfig(spice-protocol) >= 0.12.11 BuildRequires: pkgconfig(x11) BuildRequires: pkgconfig(xext) BuildRequires: pkgconfig(xfixes) BuildRequires: pkgconfig(xinerama) BuildRequires: pkgconfig(xrandr) BuildRequires: pkgconfig(xrender) -# Install-time parameters +BuildRequires: pkgconfig(zlib) Requires: celt051 -BuildRoot: %{_tmppath}/%{name}-%{version}-build +%if %{with libcard} +BuildRequires: pkgconfig(libcacard) +%endif +%if %{with lz4} +BuildRequires: pkgconfig(liblz4) +%endif %description The SPICE package provides the SPICE server library and client. These components are used to provide access to a remote machine's display and devices. -%package -n libspice-server1 +%package -n %{libname} Summary:Library for SPICE-server -Group: Productivity/Networking/Other +Group: System/Libraries Obsoletes: spice-client < %{version}-%{release} -%description -n libspice-server1 +%description -n %{libname} Library for SPICE-server The SPICE server is used to expose a remote machine's display and devices. @@ -73,7 +85,7 @@ %package -n libspice-server-devel Summary:Development files for building SPICE-server Group: Development/Languages/C a
commit spice for openSUSE:Factory
Hello community, here is the log from the commit of package spice for openSUSE:Factory checked in at 2017-11-03 16:31:12 Comparing /work/SRC/openSUSE:Factory/spice (Old) and /work/SRC/openSUSE:Factory/.spice.new (New) Package is "spice" Fri Nov 3 16:31:12 2017 rev:26 rq:536913 version:0.14.0 Changes: --- /work/SRC/openSUSE:Factory/spice/spice.changes 2017-02-11 01:36:49.213950095 +0100 +++ /work/SRC/openSUSE:Factory/.spice.new/spice.changes 2017-11-03 16:31:44.533159980 +0100 @@ -1,0 +2,41 @@ +Thu Oct 26 07:25:59 UTC 2017 - cbosdon...@suse.com + +- Release 0.14.0 + * fix client mouse with virgl + * fix frozen display after seamless migration + * set human-readable name on spice threads + * add sanity-checks for ORC library as it can abort spice-server +when selinux is in use + * Close TCP connection early when client did not send the correct +SPICE magic bytes: this allows VNC clients to gracefully fail +when connecting to a SPICE port + * Add VP9 encoding support when GStreamer is being used and misc +streaming/encoding improvements + * Improvements to replay utility + * Limit (deprecated/unusud) QXLMessage size to 100,000 characters +for improved safety + * Improve image quality in low bitrate situation when using the +GStreamer backend + * Added GStreamer support to the video streaming code + * Fix old migration bug causing migration to never end in some cases + * Added lz4 compression to the spicevmc channel + * Ongoing code cleanups + * add spice_qxl_gl_scanout() spice_qxl_gl_draw_async() for local +virgl support + * spice_server_set_keepalive_timeout() has been removed in favour of +unconditionally sending keepalive probes every 10 minutes + * Added public spice_server_set_keepalive_timeout() to make it possible +to tweak keepalive on all SPICE connection. This can prevent unwanted +idle disconnections if proxies are used between the client and the host. + * Fix important memory usage when the webdav channel is used + * Do not disconnect when the client requests an unsupported compression type + * Fix potential race condition when using multiple QXL devices + * Fix display glitch when using XSpice + * Improve help string for 'replay -s' + * Fix small leak in MJPEG code + +- Removed patches: + * CVE-2016-9577-buffer-overflow-in-main_channel_alloc_msg_rcv_buf.patch + * CVE-2016-9578-remote-dos-via-crafted-message.patch + +--- Old: CVE-2016-9577-buffer-overflow-in-main_channel_alloc_msg_rcv_buf.patch CVE-2016-9578-remote-dos-via-crafted-message.patch spice-0.12.8.tar.bz2 New: spice-0.14.0.tar.bz2 Other differences: -- ++ spice.spec ++ --- /var/tmp/diff_new_pack.oWSE2H/_old 2017-11-03 16:31:45.285132609 +0100 +++ /var/tmp/diff_new_pack.oWSE2H/_new 2017-11-03 16:31:45.289132464 +0100 @@ -18,16 +18,14 @@ # Common info Name: spice -Version:0.12.8 +Version:0.14.0 Release:0 Summary:SPICE client and server library -License:LGPL-2.1+ +License:LGPL-2.1+ OR GPL-2.0+ Group: Productivity/Networking/Other Url:http://www.spice-space.org/ Source: http://spice-space.org/download/releases/%{name}-%{version}.tar.bz2 Source99: %{name}.rpmlintrc -Patch0: CVE-2016-9577-buffer-overflow-in-main_channel_alloc_msg_rcv_buf.patch -Patch1: CVE-2016-9578-remote-dos-via-crafted-message.patch # Build-time parameters BuildRequires: alsa-devel @@ -45,7 +43,7 @@ BuildRequires: python-six BuildRequires: spice-protocol-devel >= 0.12.11 BuildRequires: zlib-devel -BuildRequires: pkgconfig(glib-2.0) >= 2.22 +BuildRequires: pkgconfig(glib-2.0) >= 2.28 BuildRequires: pkgconfig(opus) BuildRequires: pkgconfig(x11) BuildRequires: pkgconfig(xext) @@ -84,8 +82,6 @@ %prep %setup -q -%patch0 -p1 -%patch1 -p1 %build %configure \ ++ spice-0.12.8.tar.bz2 -> spice-0.14.0.tar.bz2 ++ 129380 lines of diff (skipped)
commit spice for openSUSE:Factory
Hello community, here is the log from the commit of package spice for openSUSE:Factory checked in at 2017-02-11 01:36:47 Comparing /work/SRC/openSUSE:Factory/spice (Old) and /work/SRC/openSUSE:Factory/.spice.new (New) Package is "spice" Changes: --- /work/SRC/openSUSE:Factory/spice/spice.changes 2017-02-08 10:43:38.380589082 +0100 +++ /work/SRC/openSUSE:Factory/.spice.new/spice.changes 2017-02-11 01:36:49.213950095 +0100 @@ -1,0 +2,9 @@ +Thu Feb 2 11:23:03 UTC 2017 - psim...@suse.com + +- Added patches to fix two security vulnerabilities. + * CVE-2016-9577-buffer-overflow-in-main_channel_alloc_msg_rcv_buf.patch +[CVE-2016-9577, bsc#1023078] + * CVE-2016-9578-remote-dos-via-crafted-message.patch +[CVE-2016-9578, bsc#1023079] + +--- New: CVE-2016-9577-buffer-overflow-in-main_channel_alloc_msg_rcv_buf.patch CVE-2016-9578-remote-dos-via-crafted-message.patch Other differences: -- ++ spice.spec ++ --- /var/tmp/diff_new_pack.ri7d5I/_old 2017-02-11 01:36:50.025835523 +0100 +++ /var/tmp/diff_new_pack.ri7d5I/_new 2017-02-11 01:36:50.025835523 +0100 @@ -26,6 +26,9 @@ Url:http://www.spice-space.org/ Source: http://spice-space.org/download/releases/%{name}-%{version}.tar.bz2 Source99: %{name}.rpmlintrc +Patch0: CVE-2016-9577-buffer-overflow-in-main_channel_alloc_msg_rcv_buf.patch +Patch1: CVE-2016-9578-remote-dos-via-crafted-message.patch + # Build-time parameters BuildRequires: alsa-devel BuildRequires: celt051-devel @@ -81,6 +84,8 @@ %prep %setup -q +%patch0 -p1 +%patch1 -p1 %build %configure \ ++ CVE-2016-9577-buffer-overflow-in-main_channel_alloc_msg_rcv_buf.patch ++ >From 9f3ac8195f55027c6fb880d811141ae87d6d04f1 Mon Sep 17 00:00:00 2001 From: Frediano Ziglio Date: Tue, 29 Nov 2016 16:46:56 + Subject: [PATCH spice-server] main-channel: Prevent overflow reading messages from client Caller is supposed the function return a buffer able to store size bytes. Signed-off-by: Frediano Ziglio --- server/main-channel.c | 3 +++ 1 file changed, 3 insertions(+) Index: spice-0.12.7/server/main_channel.c === --- spice-0.12.7.orig/server/main_channel.c 2016-04-12 15:06:48.0 +0200 +++ spice-0.12.7/server/main_channel.c 2017-02-02 12:21:06.338289992 +0100 @@ -1026,6 +1026,9 @@ static uint8_t *main_channel_alloc_msg_r if (type == SPICE_MSGC_MAIN_AGENT_DATA) { return reds_get_agent_data_buffer(mcc, size); +} else if (size > sizeof(main_chan->recv_buf)) { +/* message too large, caller will log a message and close the connection */ +return NULL; } else { return main_chan->recv_buf; } ++ CVE-2016-9578-remote-dos-via-crafted-message.patch ++ >From fb8760d657271f52b357f83615c81bc984a3a197 Mon Sep 17 00:00:00 2001 From: Frediano Ziglio Date: Mon, 28 Nov 2016 13:15:58 + Subject: [PATCH spice-server] Prevent possible DoS attempts during protocol handshake Signed-off-by: Frediano Ziglio --- server/reds.c | 11 ++- 1 file changed, 10 insertions(+), 1 deletion(-) Index: spice-0.12.7/server/reds.c === --- spice-0.12.7.orig/server/reds.c 2016-04-14 17:09:22.0 +0200 +++ spice-0.12.7/server/reds.c 2017-02-02 12:21:06.346289634 +0100 @@ -2110,6 +2110,14 @@ static void reds_handle_read_link_done(v link_mess->num_channel_caps = GUINT32_FROM_LE(link_mess->num_channel_caps); link_mess->num_common_caps = GUINT32_FROM_LE(link_mess->num_common_caps); +/* Prevent DoS. Currently we defined only 13 capabilities so here 1 would suffice, + * I expect 1024 to be valid for quite a lot time */ +if (link_mess->num_channel_caps > 1024 || link_mess->num_common_caps > 1024) { +reds_send_link_error(link, SPICE_LINK_ERR_INVALID_DATA); +reds_link_free(link); +return; +} + num_caps = link_mess->num_common_caps + link_mess->num_channel_caps; caps = (uint32_t *)((uint8_t *)link_mess + link_mess->caps_offset); @@ -2202,7 +2210,8 @@ static void reds_handle_read_header_done reds->peer_minor_version = header->minor_version; -if (header->size < sizeof(SpiceLinkMess)) { +/* the check for 4096 is to avoid clients to attempt DoS to the server */ +if (header->size < sizeof(SpiceLinkMess) || header->size > 4096) { reds_send_link_error(link, SPICE_LINK_ERR_INVALID_DATA); spice_warning("bad size %u", header->size); reds_link_free(link);
commit spice for openSUSE:Factory
Hello community, here is the log from the commit of package spice for openSUSE:Factory checked in at 2017-02-08 10:43:37 Comparing /work/SRC/openSUSE:Factory/spice (Old) and /work/SRC/openSUSE:Factory/.spice.new (New) Package is "spice" Changes: --- /work/SRC/openSUSE:Factory/spice/spice.changes 2017-01-09 10:32:20.266539576 +0100 +++ /work/SRC/openSUSE:Factory/.spice.new/spice.changes 2017-02-08 10:43:38.380589082 +0100 @@ -1,0 +2,7 @@ +Thu Feb 2 09:52:06 UTC 2017 - cbosdon...@suse.com + +- Synchronize with SLES (fate#322402): + + bnc#894069: disable smartcard support for SLES + + merge changelog + +--- @@ -21 +28 @@ - + Fixes for CVE-2016-0749 and CVE-2016-2150. + + Fixes for bsc#982385 / CVE-2016-0749 and bsc#982386 / CVE-2016-2150. @@ -26 +33 @@ -- Update to version 0.12.7 +- Update to version 0.12.7 (fate#320079) @@ -94,0 +102 @@ + + bsc#848279: fix CVE-2013-4282. Other differences: -- ++ spice.spec ++ --- /var/tmp/diff_new_pack.iOuILj/_old 2017-02-08 10:43:38.876519981 +0100 +++ /var/tmp/diff_new_pack.iOuILj/_new 2017-02-08 10:43:38.880519425 +0100 @@ -1,7 +1,7 @@ # # spec file for package spice # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -31,7 +31,9 @@ BuildRequires: celt051-devel BuildRequires: cyrus-sasl-devel BuildRequires: gcc-c++ +%if 0%{?is_opensuse} BuildRequires: libcacard-devel +%endif BuildRequires: libjpeg-devel BuildRequires: libopenssl-devel BuildRequires: libpixman-1-0-devel >= 0.17.7 @@ -83,7 +85,11 @@ %build %configure \ --disable-static \ +%if 0%{?is_opensuse} --enable-smartcard +%else +--disable-smartcard +%endif LDFLAGS="-Wl,--as-needed -Wl,--strip-all" make %{?_smp_mflags}
commit spice for openSUSE:Factory
Hello community, here is the log from the commit of package spice for openSUSE:Factory checked in at 2016-11-14 20:10:34 Comparing /work/SRC/openSUSE:Factory/spice (Old) and /work/SRC/openSUSE:Factory/.spice.new (New) Package is "spice" Changes: --- /work/SRC/openSUSE:Factory/spice/spice.changes 2016-10-22 13:02:18.0 +0200 +++ /work/SRC/openSUSE:Factory/.spice.new/spice.changes 2016-11-14 20:10:35.0 +0100 @@ -1,0 +2,5 @@ +Thu Nov 10 08:59:37 UTC 2016 - msucha...@suse.com + +- remove ExclusiveArch (boo#1009438) + +--- Other differences: -- ++ spice.spec ++ --- /var/tmp/diff_new_pack.o9ydJd/_old 2016-11-14 20:10:36.0 +0100 +++ /var/tmp/diff_new_pack.o9ydJd/_new 2016-11-14 20:10:36.0 +0100 @@ -51,7 +51,6 @@ # Install-time parameters Requires: celt051 BuildRoot: %{_tmppath}/%{name}-%{version}-build -ExclusiveArch: %ix86 x86_64 %description The SPICE package provides the SPICE server library and client.
commit spice for openSUSE:Factory
Hello community, here is the log from the commit of package spice for openSUSE:Factory checked in at 2016-10-22 13:02:17 Comparing /work/SRC/openSUSE:Factory/spice (Old) and /work/SRC/openSUSE:Factory/.spice.new (New) Package is "spice" Changes: --- /work/SRC/openSUSE:Factory/spice/spice.changes 2016-04-15 19:04:58.0 +0200 +++ /work/SRC/openSUSE:Factory/.spice.new/spice.changes 2016-10-22 13:02:18.0 +0200 @@ -1,0 +2,6 @@ +Sat Oct 8 19:36:49 UTC 2016 - zai...@opensuse.org + +- Update to version 0.12.8: + + Fixes for CVE-2016-0749 and CVE-2016-2150. + +--- Old: spice-0.12.7.tar.bz2 New: spice-0.12.8.tar.bz2 Other differences: -- ++ spice.spec ++ --- /var/tmp/diff_new_pack.w4oswe/_old 2016-10-22 13:02:19.0 +0200 +++ /var/tmp/diff_new_pack.w4oswe/_new 2016-10-22 13:02:19.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package spice # -# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ # Common info Name: spice -Version:0.12.7 +Version:0.12.8 Release:0 Summary:SPICE client and server library License:LGPL-2.1+ ++ spice-0.12.7.tar.bz2 -> spice-0.12.8.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/spice-0.12.7/.tarball-version new/spice-0.12.8/.tarball-version --- old/spice-0.12.7/.tarball-version 2016-04-14 18:04:18.0 +0200 +++ new/spice-0.12.8/.tarball-version 2016-07-13 15:58:30.0 +0200 @@ -1 +1 @@ -0.12.7 +0.12.8 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/spice-0.12.7/.version new/spice-0.12.8/.version --- old/spice-0.12.7/.version 2016-04-08 18:17:10.0 +0200 +++ new/spice-0.12.8/.version 2016-07-06 18:28:11.0 +0200 @@ -1 +1 @@ -0.13.1-dirty +0.13.1.279-a68c8-dirty diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/spice-0.12.7/ChangeLog new/spice-0.12.8/ChangeLog --- old/spice-0.12.7/ChangeLog 2016-04-14 18:04:18.0 +0200 +++ new/spice-0.12.8/ChangeLog 2016-07-13 15:58:30.0 +0200 @@ -1,3 +1,141 @@ +2016-07-13 Frediano Ziglio + + worker: don't process drawable if it can't be allocated + Acked-by: Fabiano FidĂȘncio + (cherry picked from commit 63b8ea5afba5c6eb1b9825b06f2006930c318aed) + +2016-07-13 Marc-AndrĂ© Lureau + + worker: remove assertion on alloc_drawable + There is no guarantee in the code that this can't be hit, so we should + cope with it (the condition can be reached easily by running the server + without waiting for blocked clients or pipe size) + + The following commit will attempt to address this. + + Acked-by: Frediano Ziglio + Acked-by: Christophe Fergeau + (cherry picked from commit 5c7e248445f95c3fa2627532780950cf604b9e20) + +2016-07-08 Christophe Fergeau + + Update NEWS for 0.12.8 release + +2016-07-07 Marc-Andre Lureau + + smartcard: allocate msg with the expected size + This is related to CVE-2016-0749 + + ==529== ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60040009c098 at pc 0x7fffee0eda6d bp 0x7fffcd00 sp 0x7fffccf0 + WRITE of size 4 at 0x60040009c098 thread T0 + #0 0x7fffee0eda6c in smartcard_char_device_notify_reader_add /home/elmarco/pkg/spice/spice-0.12.4/server/smartcard.c:334 + #1 0x7fffee0ef783 in smartcard_add_reader /home/elmarco/pkg/spice/spice-0.12.4/server/smartcard.c:642 + #2 0x7fffee0f0568 in smartcard_channel_handle_message /home/elmarco/pkg/spice/spice-0.12.4/server/smartcard.c:757 + #3 0x7fffee032f3f in red_peer_handle_incoming /home/elmarco/pkg/spice/spice-0.12.4/server/red_channel.c:304 + #4 0x7fffee033216 in red_channel_client_receive /home/elmarco/pkg/spice/spice-0.12.4/server/red_channel.c:322 + #5 0x7fffee03bf1f in red_channel_client_event /home/elmarco/pkg/spice/spice-0.12.4/server/red_channel.c:1561 + #6 0x55c3c53d in qemu_iohandler_poll /home/elmarco/src/qemu/iohandler.c:143 + #7 0x55c3b800 in main_loop_wait /home/elmarco/src/qemu/main-loop.c:504 + #8 0x556f160c in main_loop /home/elmarco/src/qemu/vl.c:1818 + #9 0x556f160c in main /home/elmarco/src/qemu/vl.c:4394 + #10 0x7fffed80eb14 in __libc_start_main /usr/s
commit spice for openSUSE:Factory
Hello community, here is the log from the commit of package spice for openSUSE:Factory checked in at 2016-04-15 19:04:56 Comparing /work/SRC/openSUSE:Factory/spice (Old) and /work/SRC/openSUSE:Factory/.spice.new (New) Package is "spice" Changes: --- /work/SRC/openSUSE:Factory/spice/spice.changes 2015-10-17 16:37:52.0 +0200 +++ /work/SRC/openSUSE:Factory/.spice.new/spice.changes 2016-04-15 19:04:58.0 +0200 @@ -1,0 +2,19 @@ +Fri Apr 15 07:14:06 UTC 2016 - cbosdon...@suse.com + +- Update to version 0.12.7 + + spice-server will now send TCP keepalive probes on the TCP connections it +uses. This can prevent unwanted idle disconnections if proxies are used +between the client and the host. + + Fix important memory usage when the webdav channel is used + + Do not disconnect when the client requests an unsupported compression type + + Fix a few race conditions + + Fix display glitch when using XSpice + + Improve help string for 'replay -s' + + Fix crashes in corner cases (buggy spice-html5 + win10, vnc + SPICE port +configured, USB webcam redirection over a slow link) + + Fix various compilation warning when building on 32 bit machines + + Some fixes for big-endian machines, more work is likely to be needed + + Do not build static libraries by default, this can be reenabled with --enable-static + + Fix small leak in MJPEG code + +--- Old: spice-0.12.6.tar.bz2 New: spice-0.12.7.tar.bz2 Other differences: -- ++ spice.spec ++ --- /var/tmp/diff_new_pack.WfaGrN/_old 2016-04-15 19:04:59.0 +0200 +++ /var/tmp/diff_new_pack.WfaGrN/_new 2016-04-15 19:04:59.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package spice # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ # Common info Name: spice -Version:0.12.6 +Version:0.12.7 Release:0 Summary:SPICE client and server library License:LGPL-2.1+ @@ -38,7 +38,7 @@ BuildRequires: pkg-config BuildRequires: python-pyparsing BuildRequires: python-six -BuildRequires: spice-protocol-devel >= 0.10.1 +BuildRequires: spice-protocol-devel >= 0.12.11 BuildRequires: zlib-devel BuildRequires: pkgconfig(glib-2.0) >= 2.22 BuildRequires: pkgconfig(opus) ++ spice-0.12.6.tar.bz2 -> spice-0.12.7.tar.bz2 ++ 13452 lines of diff (skipped)
commit spice for openSUSE:Factory
Hello community, here is the log from the commit of package spice for openSUSE:Factory checked in at 2015-10-17 16:37:50 Comparing /work/SRC/openSUSE:Factory/spice (Old) and /work/SRC/openSUSE:Factory/.spice.new (New) Package is "spice" Changes: --- /work/SRC/openSUSE:Factory/spice/spice.changes 2015-09-19 06:52:59.0 +0200 +++ /work/SRC/openSUSE:Factory/.spice.new/spice.changes 2015-10-17 16:37:52.0 +0200 @@ -1,0 +2,21 @@ +Tue Oct 6 14:44:02 UTC 2015 - cbosdon...@suse.com + +- Update to version 0.12.6 + + Removed spicec client code, it has been superseded by remote-viewer +and other spice-gtk based clients + + Unix socket support + + LZ4 support + + Let clients specify their preferred image compression format + + Allow to record and replay a spice-server session + + Fixes for CVE-2015-3247 CVE-2015-5260 and CVE-2015-5261 +bsc#944787, bsc#948976 + + spice-protocol submodule has been removed, spice-protocol must +now be installed when building spice-server + + Remove write polling in chardevs to reduce wakeups +- Remove upstream merged patches: + + spice-Don-t-use-48kHz-for-playback-recording-rates.patch + + password-length-check.patch + + cve-2015-3247.patch + + +--- Old: cve-2015-3247.patch password-length-check.patch spice-0.12.5.tar.bz2 spice-Don-t-use-48kHz-for-playback-recording-rates.patch New: spice-0.12.6.tar.bz2 Other differences: -- ++ spice.spec ++ --- /var/tmp/diff_new_pack.d1elML/_old 2015-10-17 16:37:53.0 +0200 +++ /var/tmp/diff_new_pack.d1elML/_new 2015-10-17 16:37:53.0 +0200 @@ -18,19 +18,14 @@ # Common info Name: spice -Version:0.12.5 +Version:0.12.6 Release:0 Summary:SPICE client and server library License:LGPL-2.1+ Group: Productivity/Networking/Other Url:http://www.spice-space.org/ Source: http://spice-space.org/download/releases/%{name}-%{version}.tar.bz2 -# PATCH-FIX-UPSTREAM spice-Don-t-use-48kHz-for-playback-recording-rates.patch rh#1129961 zai...@opensuse.org -- Change back to 44100 from 48000. Patch taken from fedora. -Patch0: spice-Don-t-use-48kHz-for-playback-recording-rates.patch -# PATCH-FIX-UPSTREAM password-length-check.patch boo#931044 cbosdon...@suse.com -- Don't allow too long passwords -Patch1: password-length-check.patch -# PATCH-FIX-UPSTREAM cve-2015-3247.patch cbosdon...@suse.com -- fix cve-2015-3247 -Patch2: cve-2015-3247.patch + # Build-time parameters BuildRequires: alsa-devel BuildRequires: celt051-devel @@ -42,6 +37,7 @@ BuildRequires: libpixman-1-0-devel >= 0.17.7 BuildRequires: pkg-config BuildRequires: python-pyparsing +BuildRequires: python-six BuildRequires: spice-protocol-devel >= 0.10.1 BuildRequires: zlib-devel BuildRequires: pkgconfig(glib-2.0) >= 2.22 @@ -90,9 +86,6 @@ %prep %setup -q -%patch0 -p1 -%patch1 -p1 -%patch2 -p1 %build %configure \ @@ -113,7 +106,6 @@ %files -n spice-client %defattr(-,root,root) %doc AUTHORS COPYING NEWS README -%{_bindir}/spicec %files -n libspice-server1 %defattr(-,root,root) ++ spice-0.12.5.tar.bz2 -> spice-0.12.6.tar.bz2 ++ 213303 lines of diff (skipped)
commit spice for openSUSE:Factory
Hello community, here is the log from the commit of package spice for openSUSE:Factory checked in at 2015-09-19 06:52:57 Comparing /work/SRC/openSUSE:Factory/spice (Old) and /work/SRC/openSUSE:Factory/.spice.new (New) Package is "spice" Changes: --- /work/SRC/openSUSE:Factory/spice/spice.changes 2015-06-06 09:53:35.0 +0200 +++ /work/SRC/openSUSE:Factory/.spice.new/spice.changes 2015-09-19 06:52:59.0 +0200 @@ -1,0 +2,6 @@ +Mon Sep 7 14:50:25 UTC 2015 - cbosdon...@suse.com + +- bsc#944460: fix CVE-2015-3247. + cve-2015-3247.patch + +--- New: cve-2015-3247.patch Other differences: -- ++ spice.spec ++ --- /var/tmp/diff_new_pack.0b8EQP/_old 2015-09-19 06:53:00.0 +0200 +++ /var/tmp/diff_new_pack.0b8EQP/_new 2015-09-19 06:53:00.0 +0200 @@ -29,6 +29,8 @@ Patch0: spice-Don-t-use-48kHz-for-playback-recording-rates.patch # PATCH-FIX-UPSTREAM password-length-check.patch boo#931044 cbosdon...@suse.com -- Don't allow too long passwords Patch1: password-length-check.patch +# PATCH-FIX-UPSTREAM cve-2015-3247.patch cbosdon...@suse.com -- fix cve-2015-3247 +Patch2: cve-2015-3247.patch # Build-time parameters BuildRequires: alsa-devel BuildRequires: celt051-devel @@ -90,6 +92,7 @@ %setup -q %patch0 -p1 %patch1 -p1 +%patch2 -p1 %build %configure \ ++ cve-2015-3247.patch ++ >From 524eef10c6c6c2f3f30be28c56b8f96adc7901f0 Mon Sep 17 00:00:00 2001 From: Frediano Ziglio Date: Tue, 9 Jun 2015 08:50:46 +0100 Subject: [PATCH] Avoid race conditions reading monitor configs from guest For security reasons do not assume guest do not change structures it pass to Qemu. Guest could change count field while Qemu is copying QXLMonitorsConfig structure leading to heap corruption. This patch avoid it reading count only once. Signed-off-by: Frediano Ziglio --- server/red_worker.c | 46 -- 1 file changed, 32 insertions(+), 14 deletions(-) diff --git a/server/red_worker.c b/server/red_worker.c index 9e6a6ad..955cac2 100644 --- a/server/red_worker.c +++ b/server/red_worker.c @@ -11270,7 +11270,8 @@ static inline void red_monitors_config_item_add(DisplayChannelClient *dcc) } static void worker_update_monitors_config(RedWorker *worker, - QXLMonitorsConfig *dev_monitors_config) + QXLMonitorsConfig *dev_monitors_config, + uint16_t count, uint16_t max_allowed) { int heads_size; MonitorsConfig *monitors_config; @@ -11279,22 +11280,22 @@ static void worker_update_monitors_config(RedWorker *worker, monitors_config_decref(worker->monitors_config); spice_debug("monitors config %d(%d)", -dev_monitors_config->count, -dev_monitors_config->max_allowed); -for (i = 0; i < dev_monitors_config->count; i++) { +count, +max_allowed); +for (i = 0; i < count; i++) { spice_debug("+%d+%d %dx%d", dev_monitors_config->heads[i].x, dev_monitors_config->heads[i].y, dev_monitors_config->heads[i].width, dev_monitors_config->heads[i].height); } -heads_size = dev_monitors_config->count * sizeof(QXLHead); +heads_size = count * sizeof(QXLHead); worker->monitors_config = monitors_config = spice_malloc(sizeof(*monitors_config) + heads_size); monitors_config->refs = 1; monitors_config->worker = worker; -monitors_config->count = dev_monitors_config->count; -monitors_config->max_allowed = dev_monitors_config->max_allowed; +monitors_config->count = count; +monitors_config->max_allowed = max_allowed; memcpy(monitors_config->heads, dev_monitors_config->heads, heads_size); } @@ -11678,33 +11679,50 @@ void handle_dev_display_migrate(void *opaque, void *payload) red_migrate_display(worker, rcc); } +static inline uint32_t qxl_monitors_config_size(uint32_t heads) +{ +return sizeof(QXLMonitorsConfig) + sizeof(QXLHead) * heads; +} + static void handle_dev_monitors_config_async(void *opaque, void *payload) { RedWorkerMessageMonitorsConfigAsync *msg = payload; RedWorker *worker = opaque; -int min_size = sizeof(QXLMonitorsConfig) + sizeof(QXLHead); int error; +uint16_t count, max_allowed; QXLMonitorsConfig *dev_monitors_config = (QXLMonitorsConfig*)get_virt(&worker->mem_slots, msg->monitors_config, - min_size, msg->group_id, &error); +
commit spice for openSUSE:Factory
Hello community, here is the log from the commit of package spice for openSUSE:Factory checked in at 2015-06-06 09:53:34 Comparing /work/SRC/openSUSE:Factory/spice (Old) and /work/SRC/openSUSE:Factory/.spice.new (New) Package is "spice" Changes: --- /work/SRC/openSUSE:Factory/spice/spice.changes 2014-10-25 08:32:42.0 +0200 +++ /work/SRC/openSUSE:Factory/.spice.new/spice.changes 2015-06-06 09:53:35.0 +0200 @@ -1,0 +2,6 @@ +Fri Jun 5 08:47:17 UTC 2015 - cbosdon...@suse.com + +- Don't allow setting password longer than what the spice protocol + allows. password-length-check.patch. boo#931044 + +--- New: password-length-check.patch Other differences: -- ++ spice.spec ++ --- /var/tmp/diff_new_pack.KH9nNN/_old 2015-06-06 09:53:36.0 +0200 +++ /var/tmp/diff_new_pack.KH9nNN/_new 2015-06-06 09:53:36.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package spice # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -27,6 +27,8 @@ Source: http://spice-space.org/download/releases/%{name}-%{version}.tar.bz2 # PATCH-FIX-UPSTREAM spice-Don-t-use-48kHz-for-playback-recording-rates.patch rh#1129961 zai...@opensuse.org -- Change back to 44100 from 48000. Patch taken from fedora. Patch0: spice-Don-t-use-48kHz-for-playback-recording-rates.patch +# PATCH-FIX-UPSTREAM password-length-check.patch boo#931044 cbosdon...@suse.com -- Don't allow too long passwords +Patch1: password-length-check.patch # Build-time parameters BuildRequires: alsa-devel BuildRequires: celt051-devel @@ -87,6 +89,7 @@ %prep %setup -q %patch0 -p1 +%patch1 -p1 %build %configure \ ++ password-length-check.patch ++ >From 9e1e42880e57585688fa92340602d66ed465be47 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= Date: Fri, 22 May 2015 09:21:52 +0200 Subject: [PATCH] Add password length check Don't allow setting a too long password. --- server/reds.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/server/reds.c b/server/reds.c index 6d70b68..5579109 100644 --- a/server/reds.c +++ b/server/reds.c @@ -3503,6 +3503,8 @@ SPICE_GNUC_VISIBLE int spice_server_set_ticket(SpiceServer *s, taTicket.expiration_time = now + lifetime; } if (passwd != NULL) { +if (strlen(passwd) > SPICE_MAX_PASSWORD_LENGTH) +return -1; g_strlcpy(taTicket.password, passwd, sizeof(taTicket.password)); } else { memset(taTicket.password, 0, sizeof(taTicket.password)); -- 2.1.4
commit spice for openSUSE:Factory
Hello community, here is the log from the commit of package spice for openSUSE:Factory checked in at 2014-10-25 08:32:36 Comparing /work/SRC/openSUSE:Factory/spice (Old) and /work/SRC/openSUSE:Factory/.spice.new (New) Package is "spice" Changes: --- /work/SRC/openSUSE:Factory/spice/spice.changes 2014-10-19 19:27:26.0 +0200 +++ /work/SRC/openSUSE:Factory/.spice.new/spice.changes 2014-10-25 08:32:42.0 +0200 @@ -1,0 +2,5 @@ +Sun Oct 19 03:38:16 UTC 2014 - crrodrig...@opensuse.org + +- Replace xorg-x11-devel buildrequire by selected pkgconfig(xlibs..) + +--- Other differences: -- ++ spice.spec ++ --- /var/tmp/diff_new_pack.LLqNXu/_old 2014-10-25 08:32:43.0 +0200 +++ /var/tmp/diff_new_pack.LLqNXu/_new 2014-10-25 08:32:43.0 +0200 @@ -39,10 +39,15 @@ BuildRequires: pkg-config BuildRequires: python-pyparsing BuildRequires: spice-protocol-devel >= 0.10.1 -BuildRequires: xorg-x11-devel -BuildRequires: xorg-x11-libXfixes-devel +BuildRequires: zlib-devel BuildRequires: pkgconfig(glib-2.0) >= 2.22 BuildRequires: pkgconfig(opus) +BuildRequires: pkgconfig(x11) +BuildRequires: pkgconfig(xext) +BuildRequires: pkgconfig(xfixes) +BuildRequires: pkgconfig(xinerama) +BuildRequires: pkgconfig(xrandr) +BuildRequires: pkgconfig(xrender) # Install-time parameters Requires: celt051 BuildRoot: %{_tmppath}/%{name}-%{version}-build -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit spice for openSUSE:Factory
Hello community, here is the log from the commit of package spice for openSUSE:Factory checked in at 2014-10-19 19:27:24 Comparing /work/SRC/openSUSE:Factory/spice (Old) and /work/SRC/openSUSE:Factory/.spice.new (New) Package is "spice" Changes: --- /work/SRC/openSUSE:Factory/spice/spice.changes 2013-08-05 21:21:08.0 +0200 +++ /work/SRC/openSUSE:Factory/.spice.new/spice.changes 2014-10-19 19:27:26.0 +0200 @@ -1,0 +2,25 @@ +Wed Oct 15 12:02:03 UTC 2014 - zai...@opensuse.org + +- Update to version 0.12.5: + + Added Opus support. Celt support will be obsoleted in a future +release. + + Addition of webdav channel. + + Force use of TLS 1.0 or newer for TLS connections. + + Reference manual. + + Some optimizations improving CPU use. + + Various bug fixes for race conditions, memory corruption, which +could be triggered on client disconnections, migration, and +cause spice-server to misbehave. + + Portability fixes. + + Code cleanups. +- Add pkconfig(opus) BuildRequires: Needed to build new opus + support. +- Add spice-Don-t-use-48kHz-for-playback-recording-rates.patch: + Fix advertised sound playback/recording rates in public headers + (rh#1129961). +- Drop spice-glibc217.patch: No longer needed. +- Run spec-clean on spec file, remove conditionals for obsolete + versions of openSUSE, enable parallel build and drop obsolete + clean section. + +--- Old: spice-0.12.4.tar.bz2 spice-glibc217.patch New: spice-0.12.5.tar.bz2 spice-Don-t-use-48kHz-for-playback-recording-rates.patch Other differences: -- ++ spice.spec ++ --- /var/tmp/diff_new_pack.LwM8AH/_old 2014-10-19 19:27:27.0 +0200 +++ /var/tmp/diff_new_pack.LwM8AH/_new 2014-10-19 19:27:27.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package spice # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,26 +18,21 @@ # Common info Name: spice -Version:0.12.4 +Version:0.12.5 Release:0 Summary:SPICE client and server library License:LGPL-2.1+ Group: Productivity/Networking/Other Url:http://www.spice-space.org/ - -# Install-time parameters -Requires: celt051 - +Source: http://spice-space.org/download/releases/%{name}-%{version}.tar.bz2 +# PATCH-FIX-UPSTREAM spice-Don-t-use-48kHz-for-playback-recording-rates.patch rh#1129961 zai...@opensuse.org -- Change back to 44100 from 48000. Patch taken from fedora. +Patch0: spice-Don-t-use-48kHz-for-playback-recording-rates.patch # Build-time parameters BuildRequires: alsa-devel BuildRequires: celt051-devel BuildRequires: cyrus-sasl-devel BuildRequires: gcc-c++ -%if 0%{?suse_version} >= 1220 BuildRequires: libcacard-devel -%endif -Source: http://spice-space.org/download/releases/%{name}-%{version}.tar.bz2 -Patch1: spice-glibc217.patch BuildRequires: libjpeg-devel BuildRequires: libopenssl-devel BuildRequires: libpixman-1-0-devel >= 0.17.7 @@ -47,6 +42,9 @@ BuildRequires: xorg-x11-devel BuildRequires: xorg-x11-libXfixes-devel BuildRequires: pkgconfig(glib-2.0) >= 2.22 +BuildRequires: pkgconfig(opus) +# Install-time parameters +Requires: celt051 BuildRoot: %{_tmppath}/%{name}-%{version}-build ExclusiveArch: %ix86 x86_64 @@ -74,7 +72,6 @@ %package -n libspice-server-devel Summary:Development files for building SPICE-server Group: Development/Languages/C and C++ - Requires: libspice-server1 = %{version} %description -n libspice-server-devel @@ -84,26 +81,19 @@ %prep %setup -q -%patch1 -p1 +%patch0 -p1 %build %configure \ --disable-static \ --enable-client \ -%if 0%{?suse_version} < 1220 ---disable-smartcard -%else --enable-smartcard -%endif LDFLAGS="-Wl,--as-needed -Wl,--strip-all" make %{?_smp_mflags} %install -%makeinstall DESTDIR=%{buildroot} -find %{buildroot} -type f -name '*.la' -delete -print - -%clean -[ %{buildroot} != "/" ] && rm -rf %{buildroot} +make DESTDIR=%{buildroot} install %{?_smp_mflags} +find %{buildroot} -type f -name "*.la" -delete -print %post -n libspice-server1 -p /sbin/ldconfig ++ spice-0.12.4.tar.bz2 -> spice-0.12.5.tar.bz2 ++ 37057 lines of diff (skipped) ++ spice-Don-t-use-48kHz-for-playback-recording-rates.patch ++ >From 288cf77f804187a3e77ae2a5a21d108d101d22ce Mon Sep 17 00:00:00 2001 From: Christop
commit spice for openSUSE:Factory
Hello community, here is the log from the commit of package spice for openSUSE:Factory checked in at 2013-08-05 21:21:07 Comparing /work/SRC/openSUSE:Factory/spice (Old) and /work/SRC/openSUSE:Factory/.spice.new (New) Package is "spice" Changes: --- /work/SRC/openSUSE:Factory/spice/spice.changes 2013-05-16 18:20:51.0 +0200 +++ /work/SRC/openSUSE:Factory/.spice.new/spice.changes 2013-08-05 21:21:08.0 +0200 @@ -1,0 +2,30 @@ +Mon Jul 29 08:11:33 UTC 2013 - aevs...@gmail.com + +- Update to version 0.12.4: + + log actual address spice-server binds to + + main_channel: fix double release of migration target data (rhbz#859027) + + red_channel: replace an assert upon threads mismatch with a warning (rhbz#823472) + + support for filtering out agent file-xfer msgs (rhbz#961848) + ++ new library export spice_server_set_agent_file_xfer + + mjpeg encoder statistics (mjpeg_encoder_get_stats) + + improve stream stats readability and ease of parsing + + fix for stuck display_channel over WAN (jpeg_enabled=true) (rhbz#977998) + + Use RING_FOREACH_SAFE and other SAFE macros (rhbz#887775) + + Some server/tests fixes. +- New features from 0.12.3: + + monitor client bandwidth and latency. + + dynamically adjust video stream quality based on client bandwidth & latency. + ++ new SPICE_MSGC_DISPLAY_STREAM_REPORT + ++ can also set SPICE_BIT_RATE environment variable to override. + + support arbitrary latency of audio stream wrt video stream: + ++ new SPICE_MSG_PLAYBACK_LATENCY + + notify agent on client disconnection + ++ new VD_AGENT_CLIENT_DISCONNECTED message + + better support for switching from qxl to vga mode + ++ new library export spice_qxl_driver_unload + + multiple monitor support in single channel fixes. + + stop streams before migration. + + don't send empty volume messages. + + Bugs fixed: rhbz#891326, rhbz#958276, rhbz#956345 + + fixes to inputs, chardev, build fixes. +--- Old: spice-0.12.2.tar.bz2 New: spice-0.12.4.tar.bz2 Other differences: -- ++ spice.spec ++ --- /var/tmp/diff_new_pack.GVfNEc/_old 2013-08-05 21:21:09.0 +0200 +++ /var/tmp/diff_new_pack.GVfNEc/_new 2013-08-05 21:21:09.0 +0200 @@ -18,7 +18,7 @@ # Common info Name: spice -Version:0.12.2 +Version:0.12.4 Release:0 Summary:SPICE client and server library License:LGPL-2.1+ ++ spice-0.12.2.tar.bz2 -> spice-0.12.4.tar.bz2 ++ 8953 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit spice for openSUSE:Factory
Hello community, here is the log from the commit of package spice for openSUSE:Factory checked in at 2013-05-16 18:20:50 Comparing /work/SRC/openSUSE:Factory/spice (Old) and /work/SRC/openSUSE:Factory/.spice.new (New) Package is "spice" Changes: --- /work/SRC/openSUSE:Factory/spice/spice.changes 2012-11-28 16:57:05.0 +0100 +++ /work/SRC/openSUSE:Factory/.spice.new/spice.changes 2013-05-16 18:20:51.0 +0200 @@ -1,0 +2,17 @@ +Wed May 15 17:21:42 UTC 2013 - dims...@opensuse.org + +- Update to version 0.12.2: + + Skipped 0.12.1, it existed in git but was never released. + + spice-server now requires glib2 (like qemu does). + + More robust ssl error and certificate handling. + + Added support for websockets. + + Tons of seamless migration bugfixes. + + Also some none seamless migration bugfixes. +- Clean spec file using spec-cleaner. +- Rebase spice-glibc217.patch. +- Add pkgconfig(glib-2.0) BuildRequires: new dependency. +- Pass --enable-client and --enable-smartcard to configure in + order to ensure the client and smartcard support are built (SC + only on openSUSE >= 12.2). + +--- Old: spice-0.12.0.tar.bz2 New: spice-0.12.2.tar.bz2 Other differences: -- ++ spice.spec ++ --- /var/tmp/diff_new_pack.XsCx1f/_old 2013-05-16 18:20:52.0 +0200 +++ /var/tmp/diff_new_pack.XsCx1f/_new 2013-05-16 18:20:52.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package spice # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,18 +16,14 @@ # -%define realname spice -%define realver 0.12.0 -%define srcext tar.bz2 - # Common info Name: spice -Version:%realver +Version:0.12.2 Release:0 -Url:http://www.spice-space.org/ Summary:SPICE client and server library License:LGPL-2.1+ Group: Productivity/Networking/Other +Url:http://www.spice-space.org/ # Install-time parameters Requires: celt051 @@ -40,6 +36,8 @@ %if 0%{?suse_version} >= 1220 BuildRequires: libcacard-devel %endif +Source: http://spice-space.org/download/releases/%{name}-%{version}.tar.bz2 +Patch1: spice-glibc217.patch BuildRequires: libjpeg-devel BuildRequires: libopenssl-devel BuildRequires: libpixman-1-0-devel >= 0.17.7 @@ -48,9 +46,8 @@ BuildRequires: spice-protocol-devel >= 0.10.1 BuildRequires: xorg-x11-devel BuildRequires: xorg-x11-libXfixes-devel +BuildRequires: pkgconfig(glib-2.0) >= 2.22 BuildRoot: %{_tmppath}/%{name}-%{version}-build -Source: %{realname}-%{realver}%{?extraver}.%{srcext} -Patch1: spice-glibc217.patch ExclusiveArch: %ix86 x86_64 %description @@ -58,10 +55,6 @@ These components are used to provide access to a remote machine's display and devices. -Authors: - -Qumranet - %package -n spice-client Summary:SPICE client Group: Productivity/Networking/Other @@ -69,10 +62,6 @@ %description -n spice-client The SPICE client provides access to a remote machine's display and devices. -Authors: - -Qumranet - %package -n libspice-server1 Summary:Library for SPICE-server Group: Productivity/Networking/Other @@ -82,10 +71,6 @@ The SPICE server is used to expose a remote machine's display and devices. -Authors: - -Qumranet - %package -n libspice-server-devel Summary:Development files for building SPICE-server Group: Development/Languages/C and C++ @@ -97,29 +82,32 @@ The SPICE server is used to expose a remote machine's display and devices. -Authors: - -Qumranet - -# Preparation step (unpacking and patching if necessary) %prep -%setup -q -n %{realname}-%{realver}%{?extraver} +%setup -q %patch1 -p1 %build %configure \ --disable-static \ +--enable-client \ %if 0%{?suse_version} < 1220 --disable-smartcard +%else +--enable-smartcard %endif LDFLAGS="-Wl,--as-needed -Wl,--strip-all" -%__make %{?_smp_mflags} +make %{?_smp_mflags} %install %makeinstall DESTDIR=%{buildroot} +find %{buildroot} -type f -name '*.la' -delete -print %clean -[ "%{buildroot}" != "/" ] && rm -rf %{buildroot} +[ %{buildroot} != "/" ] && rm -rf %{buildroot} + +%post -n libspice-server1 -p /sbin/ldconfig + +%postun -n libspice-server1 -p /sbin/ldconfig %files -n spice-client %defattr(-,root,root) @@ -130,17 +118,10 @@ %defattr(-,root,root) %{_libdir}/li
commit spice for openSUSE:Factory
Hello community, here is the log from the commit of package spice for openSUSE:Factory checked in at 2012-11-28 16:57:02 Comparing /work/SRC/openSUSE:Factory/spice (Old) and /work/SRC/openSUSE:Factory/.spice.new (New) Package is "spice", Maintainer is "posta...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/spice/spice.changes 2012-11-18 20:26:56.0 +0100 +++ /work/SRC/openSUSE:Factory/.spice.new/spice.changes 2012-11-28 16:57:05.0 +0100 @@ -1,0 +2,63 @@ +Thu Nov 22 17:11:27 UTC 2012 - afaer...@suse.de + +- Update to version 0.12.0 +* support setting client monitor configuration via device + QXLInterface::client_monitors_config +* support notifying guest of client capabilities + QXLInterface::set_client_capabilities +* new capability for A8 Surface support +* Enable build on armv6+ +* Option to quit server after first client disconnects + spice_server_set_exit_on_disconnect +* Support seamless migration: no loss of in transit messages. Still not + supported for agent, smartcard and usb. +* Support a new rendering message, Composite, for much improved linux guest + performance. +* Support arbitrary resolution & multiple monitors on a single display channel. +* Improved keyboard handling under network latency with new + SPICE_MSGC_INPUTS_KEY_SCANCODE message. +* New libspice-server.so symbols: + spice_server_set_seamless_migration + spice_server_vm_stop + spice_server_vm_start + spice_qxl_monitors_config_async +* New capabilities: + SPICE_DISPLAY_CAP_COMPOSITE + SPICE_DISPLAY_CAP_MONITORS_CONFIG + SPICE_INPUTS_CAP_KEY_SCANCODE + SPICE_MAIN_CAP_AGENT_CONNECTED_TOKENS + SPICE_MAIN_CAP_SEAMLESS_MIGRATE +* Misc: + * char_device.c: Introducing shared flow control code for char devices + * Enable build without client, cegui and slirp. +* New spice protocol messages: (changes in spice-protocol, here for reference) + * SPICE_MSG_MAIN_NAME, SPICE_MSG_MAIN_UUID + * SPICE_MSG_DISPLAY_STREAM_DATA_SIZED +* New corresponding caps: (changes in spice-protocol, here for reference) + * SPICE_MAIN_CAP_NAME_AND_UUID + * SPICE_DISPLAY_CAP_SIZED_STREAM. +* Send name & uuid to capable clients +* add support for frames of different sizes RHBZ #813826 +* server: + * support a pre-opened file descriptor + * Solaris support. Now using poll instead of epoll. + * Support IPV6 addresses in channel events RHBZ #788444 + * other fixed RHBZ#: 787669, 787678, 819484 +* spicec + * alsa: use "default" instead of "hw:0,0" + * volume keys support RHBZ #552539 + * other fixed RHBZ#: 78655, 804561, 641828 +* solaris, mingw & windows, 32 bit fixes. +* enable server only build. +* GNULIB manywarnings.m4 & warnings.m4 module added. +* Many more bug fixes & code cleanups. +* spice-protocol no longer external. +* new server functions: + + spice_server_set_name + + spice_server_set_uuid + + spice_server_set_listen_socket_fd + + spice_server_is_server_mouse +- Drop spice-gcc47.patch +- Update spice-glibc217.patch (file moved) + +--- Old: spice-0.10.1.tar.bz2 spice-gcc47.patch New: spice-0.12.0.tar.bz2 Other differences: -- ++ spice.spec ++ --- /var/tmp/diff_new_pack.VX6ZsJ/_old 2012-11-28 16:57:06.0 +0100 +++ /var/tmp/diff_new_pack.VX6ZsJ/_new 2012-11-28 16:57:06.0 +0100 @@ -17,7 +17,7 @@ %define realname spice -%define realver 0.10.1 +%define realver 0.12.0 %define srcext tar.bz2 # Common info @@ -37,16 +37,19 @@ BuildRequires: celt051-devel BuildRequires: cyrus-sasl-devel BuildRequires: gcc-c++ +%if 0%{?suse_version} >= 1220 +BuildRequires: libcacard-devel +%endif BuildRequires: libjpeg-devel BuildRequires: libopenssl-devel BuildRequires: libpixman-1-0-devel >= 0.17.7 BuildRequires: pkg-config +BuildRequires: python-pyparsing BuildRequires: spice-protocol-devel >= 0.10.1 BuildRequires: xorg-x11-devel BuildRequires: xorg-x11-libXfixes-devel BuildRoot: %{_tmppath}/%{name}-%{version}-build Source: %{realname}-%{realver}%{?extraver}.%{srcext} -Patch0: spice-gcc47.patch Patch1: spice-glibc217.patch ExclusiveArch: %ix86 x86_64 @@ -101,12 +104,14 @@ # Preparation step (unpacking and patching if necessary) %prep %setup -q -n %{realname}-%{realver}%{?extraver} -%patch0 -p1 %patch1 -p1 %build %configure \ --disable-static \ +%if 0%{?suse_version} < 1220 + --disable-smartcard +%endif LDFLAGS="-Wl,--as-needed -Wl,--strip-all" %__make %{?_smp_mflags} ++ spice-0.10.1.tar.bz2 -> spice-0.12.0.tar.bz2 ++ 214612 lines of diff (skipped) ++ spice-glibc217.patch ++ --- /var/tmp/diff_new_pack.VX6ZsJ/_old 2012-11-28 16:57:07.0 +0100 +++ /var/tmp/diff_new_pack.VX6ZsJ/_new 20
commit spice for openSUSE:Factory
Hello community, here is the log from the commit of package spice for openSUSE:Factory checked in at 2012-11-18 20:26:55 Comparing /work/SRC/openSUSE:Factory/spice (Old) and /work/SRC/openSUSE:Factory/.spice.new (New) Package is "spice", Maintainer is "posta...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/spice/spice.changes 2012-04-12 09:52:14.0 +0200 +++ /work/SRC/openSUSE:Factory/.spice.new/spice.changes 2012-11-18 20:26:56.0 +0100 @@ -1,0 +2,5 @@ +Sat Nov 17 08:05:49 UTC 2012 - a...@suse.de + +- Fix build with glibc 2.17 (add patch spice-glibc217.patch). + +--- New: spice-glibc217.patch Other differences: -- ++ spice.spec ++ --- /var/tmp/diff_new_pack.TXmNNZ/_old 2012-11-18 20:26:57.0 +0100 +++ /var/tmp/diff_new_pack.TXmNNZ/_new 2012-11-18 20:26:57.0 +0100 @@ -47,6 +47,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build Source: %{realname}-%{realver}%{?extraver}.%{srcext} Patch0: spice-gcc47.patch +Patch1: spice-glibc217.patch ExclusiveArch: %ix86 x86_64 %description @@ -101,6 +102,7 @@ %prep %setup -q -n %{realname}-%{realver}%{?extraver} %patch0 -p1 +%patch1 -p1 %build %configure \ ++ spice-glibc217.patch ++ Index: spice-0.10.1/common/backtrace.c === --- spice-0.10.1.orig/common/backtrace.c +++ spice-0.10.1/common/backtrace.c @@ -75,7 +75,8 @@ static int spice_backtrace_gstack(void) /* CHILD */ char parent[16]; -seteuid(0); +if (seteuid(0) < 1) + exit(1); close(STDIN_FILENO); close(STDOUT_FILENO); dup2(pipefd[1],STDOUT_FILENO); -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit spice for openSUSE:Factory
Hello community, here is the log from the commit of package spice for openSUSE:Factory checked in at 2012-04-12 09:52:06 Comparing /work/SRC/openSUSE:Factory/spice (Old) and /work/SRC/openSUSE:Factory/.spice.new (New) Package is "spice", Maintainer is "posta...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/spice/spice.changes 2012-04-02 10:31:58.0 +0200 +++ /work/SRC/openSUSE:Factory/.spice.new/spice.changes 2012-04-12 09:52:14.0 +0200 @@ -1,0 +2,7 @@ +Mon Apr 2 18:55:00 UTC 2012 - dims...@opensuse.org + +- Add spice-gcc47.patch: Fix build with gcc 4.7. Most of this used + to be in spice-signed-comparison.patch which got dropped with + latest update. + +--- New: spice-gcc47.patch Other differences: -- ++ spice.spec ++ --- /var/tmp/diff_new_pack.HZwW1T/_old 2012-04-12 09:52:15.0 +0200 +++ /var/tmp/diff_new_pack.HZwW1T/_new 2012-04-12 09:52:15.0 +0200 @@ -46,6 +46,7 @@ BuildRequires: xorg-x11-libXfixes-devel BuildRoot: %{_tmppath}/%{name}-%{version}-build Source: %{realname}-%{realver}%{?extraver}.%{srcext} +Patch0: spice-gcc47.patch ExclusiveArch: %ix86 x86_64 %description @@ -99,6 +100,7 @@ # Preparation step (unpacking and patching if necessary) %prep %setup -q -n %{realname}-%{realver}%{?extraver} +%patch0 -p1 %build %configure \ ++ spice-gcc47.patch ++ Index: spice-0.10.1/client/cmd_line_parser.cpp === --- spice-0.10.1.orig/client/cmd_line_parser.cpp +++ spice-0.10.1/client/cmd_line_parser.cpp @@ -497,10 +497,9 @@ void CmdLineParser::show_help() os << " "; } if (line.size() > HELP_WIDTH) { -int now = HELP_WIDTH; +size_t last_space, now = HELP_WIDTH; std::string sub; sub.append(line, 0, now); -int last_space; if ((last_space = sub.find_last_of(' ')) != std::string::npos) { now = last_space; sub.resize(now++); Index: spice-0.10.1/client/glz_decoder.cpp === --- spice-0.10.1.orig/client/glz_decoder.cpp +++ spice-0.10.1/client/glz_decoder.cpp @@ -50,7 +50,7 @@ GlzDecoder::~GlzDecoder() void GlzDecoder::decode_header() { -int magic; +uint32_t magic; int version; uint8_t tmp; int stride; -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit spice for openSUSE:Factory
Hello community, here is the log from the commit of package spice for openSUSE:Factory checked in at 2012-04-02 10:31:43 Comparing /work/SRC/openSUSE:Factory/spice (Old) and /work/SRC/openSUSE:Factory/.spice.new (New) Package is "spice", Maintainer is "posta...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/spice/spice.changes 2012-03-22 12:41:29.0 +0100 +++ /work/SRC/openSUSE:Factory/.spice.new/spice.changes 2012-04-02 10:31:58.0 +0200 @@ -1,0 +2,13 @@ +Sun Apr 1 14:57:13 UTC 2012 - zai...@opensuse.org + +- Update to version 0.10.1: + + Mini header support. + + Add server API for injecting a client connection socket. + + Add Xinerama support to spicec. + + Many bugfixes / code cleanups. + + Requires spice-protocol >= 0.10.1 +- Drop spice-signed-comparison.patch and + 0001-server-red_parse_qxl.h-License-should-be-LGPLv2-rath.patch + Fixed upstream. + +--- Old: 0001-server-red_parse_qxl.h-License-should-be-LGPLv2-rath.patch spice-0.10.0.tar.bz2 spice-signed-comparison.patch New: spice-0.10.1.tar.bz2 Other differences: -- ++ spice.spec ++ --- /var/tmp/diff_new_pack.WMorAK/_old 2012-04-02 10:32:00.0 +0200 +++ /var/tmp/diff_new_pack.WMorAK/_new 2012-04-02 10:32:00.0 +0200 @@ -17,7 +17,7 @@ %define realname spice -%define realver 0.10.0 +%define realver 0.10.1 %define srcext tar.bz2 # Common info @@ -41,13 +41,11 @@ BuildRequires: libopenssl-devel BuildRequires: libpixman-1-0-devel >= 0.17.7 BuildRequires: pkg-config -BuildRequires: spice-protocol-devel >= 0.9.1 +BuildRequires: spice-protocol-devel >= 0.10.1 BuildRequires: xorg-x11-devel BuildRequires: xorg-x11-libXfixes-devel BuildRoot: %{_tmppath}/%{name}-%{version}-build Source: %{realname}-%{realver}%{?extraver}.%{srcext} -Patch1: spice-signed-comparison.patch -Patch2: 0001-server-red_parse_qxl.h-License-should-be-LGPLv2-rath.patch ExclusiveArch: %ix86 x86_64 %description @@ -101,8 +99,6 @@ # Preparation step (unpacking and patching if necessary) %prep %setup -q -n %{realname}-%{realver}%{?extraver} -%patch01 -p1 -%patch02 -p1 %build %configure \ ++ spice-0.10.0.tar.bz2 -> spice-0.10.1.tar.bz2 ++ 10841 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit spice for openSUSE:Factory
Hello community, here is the log from the commit of package spice for openSUSE:Factory checked in at 2012-03-22 12:41:28 Comparing /work/SRC/openSUSE:Factory/spice (Old) and /work/SRC/openSUSE:Factory/.spice.new (New) Package is "spice", Maintainer is "posta...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/spice/spice.changes 2012-02-21 12:25:58.0 +0100 +++ /work/SRC/openSUSE:Factory/.spice.new/spice.changes 2012-03-22 12:41:29.0 +0100 @@ -1,0 +2,5 @@ +Mon Mar 19 21:07:03 UTC 2012 - dims...@opensuse.org + +- Extend spice-signed-comparison.patch: incl. git commit 965a1a. + +--- Other differences: -- ++ spice-signed-comparison.patch ++ --- /var/tmp/diff_new_pack.mijKZG/_old 2012-03-22 12:41:35.0 +0100 +++ /var/tmp/diff_new_pack.mijKZG/_new 2012-03-22 12:41:35.0 +0100 @@ -75,3 +75,58 @@ DBG(0, "wm_delete_window"); Platform::send_quit_request(); } +Index: spice-0.10.0/client/cmd_line_parser.cpp +=== +--- spice-0.10.0.orig/client/cmd_line_parser.cpp spice-0.10.0/client/cmd_line_parser.cpp +@@ -497,10 +497,9 @@ void CmdLineParser::show_help() + os << " "; + } + if (line.size() > HELP_WIDTH) { +-int now = HELP_WIDTH; ++size_t last_space, now = HELP_WIDTH; + std::string sub; + sub.append(line, 0, now); +-int last_space; + if ((last_space = sub.find_last_of(' ')) != std::string::npos) { + now = last_space; + sub.resize(now++); +Index: spice-0.10.0/client/glz_decoder.cpp +=== +--- spice-0.10.0.orig/client/glz_decoder.cpp spice-0.10.0/client/glz_decoder.cpp +@@ -50,7 +50,7 @@ GlzDecoder::~GlzDecoder() + + void GlzDecoder::decode_header() + { +-int magic; ++uint32_t magic; + int version; + uint8_t tmp; + int stride; +Index: spice-0.10.0/client/x11/images/alt_image.c +=== +--- spice-0.10.0.orig/client/x11/images/alt_image.c spice-0.10.0/client/x11/images/alt_image.c +@@ -1,6 +1,6 @@ + static const struct { +- uint32_t width; +- uint32_t height; ++ int width; ++ int height; + uint8_t pixel_data[17496]; + } _alt_image = { 81, 54, { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, +Index: spice-0.10.0/client/x11/images/red_icon.c +=== +--- spice-0.10.0.orig/client/x11/images/red_icon.c spice-0.10.0/client/x11/images/red_icon.c +@@ -1,6 +1,6 @@ + static const struct { +-uint32_t width; +-uint32_t height; ++int width; ++int height; + uint8_t pixmap[4096]; + uint8_t mask[128]; + } _red_icon = { 32, 32, { -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit spice for openSUSE:Factory
Hello community, here is the log from the commit of package spice for openSUSE:Factory checked in at 2012-02-21 12:25:55 Comparing /work/SRC/openSUSE:Factory/spice (Old) and /work/SRC/openSUSE:Factory/.spice.new (New) Package is "spice", Maintainer is "posta...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/spice/spice.changes 2012-01-09 11:17:14.0 +0100 +++ /work/SRC/openSUSE:Factory/.spice.new/spice.changes 2012-02-21 12:25:58.0 +0100 @@ -1,0 +2,5 @@ +Mon Feb 13 10:56:18 UTC 2012 - co...@suse.com + +- patch license to follow spdx.org standard + +--- Other differences: -- ++ spice.spec ++ --- /var/tmp/diff_new_pack.JOTQLc/_old 2012-02-21 12:26:00.0 +0100 +++ /var/tmp/diff_new_pack.JOTQLc/_new 2012-02-21 12:26:00.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package spice # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,6 +15,7 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + %define realname spice %define realver 0.10.0 %define srcext tar.bz2 @@ -22,20 +23,28 @@ # Common info Name: spice Version: %realver -Release: 1 +Release:0 +Url:http://www.spice-space.org/ +Summary:SPICE client and server library License: LGPL-2.1+ Group: Productivity/Networking/Other -URL: http://www.spice-space.org/ -Summary: SPICE client and server library # Install-time parameters Requires: celt051 # Build-time parameters -BuildRequires: pkg-config gcc-c++ cyrus-sasl-devel -BuildRequires: spice-protocol-devel >= 0.9.1 libpixman-1-0-devel >= 0.17.7 libopenssl-devel xorg-x11-devel -BuildRequires: celt051-devel xorg-x11-libXfixes-devel alsa-devel libjpeg-devel -BuildRoot: %{_tmppath}/%{name}-root +BuildRequires: alsa-devel +BuildRequires: celt051-devel +BuildRequires: cyrus-sasl-devel +BuildRequires: gcc-c++ +BuildRequires: libjpeg-devel +BuildRequires: libopenssl-devel +BuildRequires: libpixman-1-0-devel >= 0.17.7 +BuildRequires: pkg-config +BuildRequires: spice-protocol-devel >= 0.9.1 +BuildRequires: xorg-x11-devel +BuildRequires: xorg-x11-libXfixes-devel +BuildRoot: %{_tmppath}/%{name}-%{version}-build Source:%{realname}-%{realver}%{?extraver}.%{srcext} Patch1: spice-signed-comparison.patch Patch2: 0001-server-red_parse_qxl.h-License-should-be-LGPLv2-rath.patch @@ -51,9 +60,8 @@ Qumranet %package -n spice-client -License: LGPL-2.1+ -Group: Productivity/Networking/Other Summary: SPICE client +Group: Productivity/Networking/Other %description -n spice-client The SPICE client provides access to a remote machine's display and devices. @@ -63,9 +71,8 @@ Qumranet %package -n libspice-server1 -License: LGPL-2.1+ -Group: Productivity/Networking/Other Summary: Library for SPICE-server +Group: Productivity/Networking/Other %description -n libspice-server1 Library for SPICE-server @@ -77,9 +84,8 @@ Qumranet %package -n libspice-server-devel -License: LGPL-2.1+ -Group: Development/Languages/C and C++ Summary: Development files for building SPICE-server +Group: Development/Languages/C and C++ Requires: libspice-server1 = %{version} -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit spice for openSUSE:Factory
Hello community, here is the log from the commit of package spice for openSUSE:Factory checked in at 2012-01-09 11:17:12 Comparing /work/SRC/openSUSE:Factory/spice (Old) and /work/SRC/openSUSE:Factory/.spice.new (New) Package is "spice", Maintainer is "posta...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/spice/spice.changes 2011-12-25 17:41:56.0 +0100 +++ /work/SRC/openSUSE:Factory/.spice.new/spice.changes 2012-01-09 11:17:14.0 +0100 @@ -1,0 +2,5 @@ +Thu Jan 5 13:47:57 UTC 2012 - dval...@suse.com + +- Only x86 and x86-64 are supported + +--- Other differences: -- ++ spice.spec ++ --- /var/tmp/diff_new_pack.INesb5/_old 2012-01-09 11:17:14.0 +0100 +++ /var/tmp/diff_new_pack.INesb5/_new 2012-01-09 11:17:14.0 +0100 @@ -39,7 +39,7 @@ Source:%{realname}-%{realver}%{?extraver}.%{srcext} Patch1: spice-signed-comparison.patch Patch2: 0001-server-red_parse_qxl.h-License-should-be-LGPLv2-rath.patch - +ExclusiveArch: %ix86 x86_64 %description The SPICE package provides the SPICE server library and client. -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org