diff -pruN 0.15.0-2/debian/changelog 0.15.0-2ubuntu4/debian/changelog --- 0.15.0-2/debian/changelog 2021-10-01 06:49:55.000000000 +0000 +++ 0.15.0-2ubuntu4/debian/changelog 2022-03-21 08:23:33.000000000 +0000 @@ -1,3 +1,34 @@ +spice (0.15.0-2ubuntu4) jammy; urgency=medium + + * d/p/Revert-reds-start-QXL-devices-if-VM-is-running-fix-r.patch: fix race + on spice init (LP: #1964777) + + -- Christian Ehrhardt Mon, 21 Mar 2022 09:23:33 +0100 + +spice (0.15.0-2ubuntu3) jammy; urgency=medium + + * No-change rebuild against openssl3 + + -- Simon Chopin Wed, 01 Dec 2021 16:10:53 +0000 + +spice (0.15.0-2ubuntu2) jammy; urgency=medium + + * d/p/0001-test-leaks-fix-the-test-with-OpenSSL3.patch: + Fix the test suite against OpenSSL3 (LP: #1946198) + + -- Simon Chopin Wed, 10 Nov 2021 14:22:14 +0100 + +spice (0.15.0-2ubuntu1) jammy; urgency=medium + + * Merge with Debian unstable (LP: #1946901). Remaining changes: + - d/control: Don't recommend -libav gstreamer plugins since it is in + universe. This now downgrades it to a suggest instead of completely + removing the dependency. + * Dropped changes + - d/t/automated-tests: avoid test fail due to build errors [in Debian now] + + -- Christian Ehrhardt Tue, 02 Nov 2021 07:52:12 +0100 + spice (0.15.0-2) unstable; urgency=medium * switch from $DEB_TARGET_MULTIARCH to $DEB_HOST_MULTIARCH @@ -21,6 +52,17 @@ spice (0.15.0-1) unstable; urgency=mediu -- Michael Tokarev Fri, 01 Oct 2021 01:17:04 +0300 +spice (0.14.3-2.1ubuntu1) impish; urgency=medium + + * Merge with Debian unstable. Remaining changes: + - d/control: Don't recommend -libav gstreamer plugins since it + is in universe. This now downgrades it to a suggest instead + of completely removing the dependency. + - d/t/automated-tests: avoid test fail due to build + errors (Closes: #973803). + + -- Miriam EspaƱa Acebal Fri, 13 Aug 2021 14:12:44 +0200 + spice (0.14.3-2.1) unstable; urgency=medium * Non-maintainer upload. @@ -31,6 +73,21 @@ spice (0.14.3-2.1) unstable; urgency=med -- Salvatore Bonaccorso Sun, 28 Feb 2021 16:29:54 +0100 +spice (0.14.3-2ubuntu3) hirsute; urgency=medium + + * d/t/automated-tests: avoid test fail due to build errors (Closes: #973803) + + -- Christian Ehrhardt Thu, 05 Nov 2020 11:23:42 +0100 + +spice (0.14.3-2ubuntu2) hirsute; urgency=medium + + * Merge with Debian unstable. Remaining changes: + - d/control: Don't recommend -libav gstreamer plugins since it is in + universe. This now downgrades it to a suggest instead of completely + removing the dependency. + + -- Christian Ehrhardt Tue, 03 Nov 2020 13:07:45 +0100 + spice (0.14.3-2) unstable; urgency=medium [ Christian Ehrhardt ] @@ -55,6 +112,40 @@ spice (0.14.3-2) unstable; urgency=mediu -- Michael Tokarev Thu, 29 Oct 2020 10:57:02 +0300 +spice (0.14.3-1ubuntu2) groovy; urgency=medium + + * SECURITY UPDATE: multiple buffer overflows in QUIC image decoding + - debian/patches/CVE-2020-14355-1.patch: check we have some data to + start decoding quic image in subprojects/spice-common/common/quic.c. + - debian/patches/CVE-2020-14355-2.patch: check image size in + quic_decode_begin in subprojects/spice-common/common/quic.c. + - debian/patches/CVE-2020-14355-3.patch: check RLE lengths in + subprojects/spice-common/common/quic_tmpl.c. + - debian/patches/CVE-2020-14355-4.patch: avoid possible buffer overflow + in find_bucket in subprojects/spice-common/common/quic_family_tmpl.c. + - CVE-2020-14355 + + -- Marc Deslauriers Thu, 01 Oct 2020 07:00:18 -0400 + +spice (0.14.3-1ubuntu1) groovy; urgency=medium + + * Merge with Debian unstable (LP: #1881093). Remaining changes: + - d/control: Don't recommend -libav gstreamer plugins since it is in + universe + - make autopkgtests work again + - d/t/automated-tests: spice-common moved into dir subprojects + - d/t/automated-tests: option --enable-automated-tests now is always on + - d/t/control: make tests more debuggable by allowing stderr + - d/t/control: install new test dependency python-pil + - d/t/regression-test.py, d/t/base_test.ppm: add file dropped in release + tarball but needed for autopkgtests + - d/source/include-binaries: allow binary base_test.ppm in package + * Dropped changes + - d/p/lp-1874054-*: fix rescaling and some crashes (LP: 1874054) + [Upstream in 0.14.3] + + -- Christian Ehrhardt Thu, 28 May 2020 11:56:04 +0200 + spice (0.14.3-1) unstable; urgency=medium * new upstream version (Closes: #940057, #954629) @@ -66,6 +157,49 @@ spice (0.14.3-1) unstable; urgency=mediu -- Michael Tokarev Tue, 14 Apr 2020 16:55:25 +0300 +spice (0.14.2-4ubuntu3) focal; urgency=medium + + * d/p/lp-1874054-*: fix rescaling and some crashes (LP: #1874054) + + -- Christian Ehrhardt Tue, 21 Apr 2020 14:05:18 +0200 + +spice (0.14.2-4ubuntu2) focal; urgency=medium + + * No-change rebuild for libgcc-s1 package name change. + + -- Matthias Klose Mon, 23 Mar 2020 07:26:08 +0100 + +spice (0.14.2-4ubuntu1) focal; urgency=medium + + * Merge with Debian unstable (LP: #1852439). Remaining changes: + - d/control: Don't recommend -libav gstreamer plugins since it is in + universe + - make autopkgtests work again + - d/t/automated-tests: spice-common moved into dir subprojects + - d/t/automated-tests: option --enable-automated-tests now is always on + - d/t/control: make tests more debuggable by allowing stderr + - d/t/control: install new test dependency python-pil + - d/t/regression-test.py, d/t/base_test.ppm: add file dropped in release + tarball but needed for autopkgtests + - d/source/include-binaries: allow binary base_test.ppm in package + * Added changes: + - d/t/automated-tests, d/t/control: make autopkgtests python3 compatible + * Dropped Changes (in Debian): + - d/control: Don't recommend -ugly gstreamer plugins since it is in universe + - d/patches: drop patches being upstream in 0.14.2 + - new upstream 0.14.2 + - disable failing test-listen + - d/libspice-server1.symbols: update for new symbols in 14.2 + - d/p/fix-test-qxl-parsing-on-ppc64el-and-armhf.patch: avoid FTBFS due to + different handling of high words for constants + - d/control: bump build dependency to libspice-protocol-dev >=0.14.0 + * Dropped Changes (Upstream) + - SECURITY UPDATE: Integer overflow and buffer overflow CVE-2017-12194 + - SECURITY UPDATE: Denial of service CVE-2018-10873 + - SECURITY UPDATE: off-by-one error in memslot_get_virt CVE-2019-3813 + + -- Christian Ehrhardt Wed, 13 Nov 2019 15:54:00 +0100 + spice (0.14.2-4) unstable; urgency=medium * disable failing test-listen (Closes: #941006) @@ -113,6 +247,42 @@ spice (0.14.2-1) unstable; urgency=mediu -- Michael Tokarev Fri, 30 Aug 2019 13:54:00 +0300 +spice (0.14.2-0ubuntu2) eoan; urgency=medium + + * Fixup autpkgtest (LP: #1834286) + These changes will make the test able to run again, but not output mismatch + errors (this matches the behavior before 0.14.2). Upstream discussion + started on how to resolve that as a next step, more details at the LP bug. + - d/t/automated-tests: spice-common moved into dir subprojects + - d/t/automated-tests: option --enable-automated-tests now is always on" + - d/t/automated-tests, d/t/control: make tests more debuggable by allowing + stderr + - d/t/control: install new test dependency python-pil + - d/t/base_test.ppm, d/t/regression-test.py: provide test resources from + upstream git not part of the released tarball anymore + - d/source/include-binaries: allow binary base_test.ppm in package + + -- Christian Ehrhardt Tue, 25 Jun 2019 12:59:01 +0200 + +spice (0.14.2-0ubuntu1) eoan; urgency=medium + + * New upstream release + Among many other fixes this will resolve (LP: #1814146) + - d/p/disable-failing-test-listen.patch: disable new test that is + unreliable in the build environment + - d/patches: drop patches being upstream in 0.14.2 + + debian/patches/CVE-2017-12194-1.patch + + debian/patches/CVE-2017-12194-2.patch + + debian/patches/CVE-2017-12194-3.patch + + debian/patches/CVE-2018-10873.patch + + debian/patches/CVE-2019-3813.patch + - d/libspice-server1.symbols: update for new symbols in 14.2 + - d/p/fix-test-qxl-parsing-on-ppc64el-and-armhf.patch: avoid FTBFS due + to different handling of high words for constants + - d/control: bump build dependency to libspice-protocol-dev >=0.14.0 + + -- Christian Ehrhardt Fri, 24 May 2019 12:27:26 +0200 + spice (0.14.0-1.3) unstable; urgency=medium * Non-maintainer upload. @@ -135,6 +305,52 @@ spice (0.14.0-1.1) unstable; urgency=med -- Salvatore Bonaccorso Sat, 15 Sep 2018 09:15:28 +0200 +spice (0.14.0-1ubuntu5) disco; urgency=medium + + * SECURITY UPDATE: off-by-one error in memslot_get_virt + - debian/patches/CVE-2019-3813.patch: fix checks in server/memslot.c, + add tests to server/tests/test-qxl-parsing.c. + - CVE-2019-3813 + * debian/tests/automated-tests: fix incorrect test name, don't fail on + build writing to stderr. + + -- Marc Deslauriers Thu, 24 Jan 2019 08:58:10 -0500 + +spice (0.14.0-1ubuntu4) cosmic; urgency=medium + + * SECURITY UPDATE: Denial of service + - debian/patches/CVE-2018-10873.patch: fix in + spice-common/python_modules/demarshal.py, + - CVE-2018-10873 + + -- Leonidas S. Barbosa Mon, 20 Aug 2018 13:26:02 -0300 + +spice (0.14.0-1ubuntu3) cosmic; urgency=medium + + * SECURITY UPDATE: Integer overflow and buffer overflow + - debian/patches/CVE-2017-12194-1.patch: fix a integer overflow + computing sizes in spice-common/python_modules/demarshal.py. + - debian/patches/CVE-2017-12194-2.patch: avoid integer overflow + in spice-common/python_modules/demarshal.py, + spice-common/python_modules/marshal.py. + - debian/patches/CVE-2017-12194-3.patch: add tests to verify fix. + - CVE-2017-12194 + + -- Leonidas S. Barbosa Tue, 22 May 2018 14:53:01 -0300 + +spice (0.14.0-1ubuntu2) bionic; urgency=high + + * No change rebuild against openssl1.1. + + -- Dimitri John Ledkov Tue, 06 Feb 2018 17:55:31 +0000 + +spice (0.14.0-1ubuntu1) bionic; urgency=medium + + * Don't recommend -ugly or -libav gstreamer plugins since they + are in universe + + -- Jeremy Bicha Wed, 01 Nov 2017 21:55:03 -0400 + spice (0.14.0-1) unstable; urgency=medium * New upstream release diff -pruN 0.15.0-2/debian/control 0.15.0-2ubuntu4/debian/control --- 0.15.0-2/debian/control 2021-09-30 22:19:15.000000000 +0000 +++ 0.15.0-2ubuntu4/debian/control 2022-03-21 08:23:33.000000000 +0000 @@ -1,7 +1,8 @@ Source: spice Section: misc Priority: optional -Maintainer: Debian QEMU Team +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Debian QEMU Team Uploaders: Michael Tokarev Build-Depends: debhelper-compat (= 13), @@ -35,10 +36,10 @@ Multi-Arch: same Pre-Depends: ${misc:Pre-Depends} Depends: ${misc:Depends}, ${shlibs:Depends} Recommends: - gstreamer1.0-libav, gstreamer1.0-plugins-base, gstreamer1.0-plugins-good, Suggests: + gstreamer1.0-libav, gstreamer1.0-plugins-ugly, Description: Implements the server side of the SPICE protocol The Simple Protocol for Independent Computing Environments (SPICE) is diff -pruN 0.15.0-2/debian/patches/0001-test-leaks-fix-the-test-with-OpenSSL3.patch 0.15.0-2ubuntu4/debian/patches/0001-test-leaks-fix-the-test-with-OpenSSL3.patch --- 0.15.0-2/debian/patches/0001-test-leaks-fix-the-test-with-OpenSSL3.patch 1970-01-01 00:00:00.000000000 +0000 +++ 0.15.0-2ubuntu4/debian/patches/0001-test-leaks-fix-the-test-with-OpenSSL3.patch 2022-03-21 08:23:33.000000000 +0000 @@ -0,0 +1,50 @@ +From 5e8d1505c0ebff81baac3c25d431c9a9d7b0872b Mon Sep 17 00:00:00 2001 +From: Simon Chopin +Date: Wed, 10 Nov 2021 14:03:58 +0100 +Subject: [PATCH] test-leaks: fix the test with OpenSSL3 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/spice/+bug/1946198 +Forwarded: https://gitlab.freedesktop.org/spice/spice/-/merge_requests/196 + +In OpenSSL3, the SSL_accept call now emits proper errors, which we dump +*before* emitting the expected "SSL_accept failed" error message. The +g_test_expect_message framework doesn't really allow us to discard +messages AFAICT, so instead we add a new expectation with fairly loose +criteria. + +Fixes #63 + +Signed-off-by: Simon Chopin +Origin: upstream, https://gitlab.freedesktop.org/spice/spice/-/commit/3d32295f9 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1946198 +Last-Update: 2021-11-11 +--- + server/tests/test-leaks.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/server/tests/test-leaks.c b/server/tests/test-leaks.c +index be9fe2d2..2741a502 100644 +--- a/server/tests/test-leaks.c ++++ b/server/tests/test-leaks.c +@@ -31,6 +31,7 @@ + #include + #include + #include ++#include + + #include "test-glib-compat.h" + #include "basic-event-loop.h" +@@ -68,6 +69,11 @@ static void server_leaks(void) + g_assert_cmpint(result, ==, 0); + + /* spice_server_add_ssl_client should not leak when it's given a disconnected socket */ ++#if (OPENSSL_VERSION_NUMBER >= 0x30000000L) ++ /* Discard the OpenSSL-generated error logs */ ++ g_test_expect_message(G_LOG_DOMAIN, G_LOG_LEVEL_WARNING, ++ "*error:*:SSL*"); ++#endif + g_test_expect_message(G_LOG_DOMAIN, G_LOG_LEVEL_WARNING, + "*SSL_accept failed*"); + g_assert_cmpint(socketpair(AF_LOCAL, SOCK_STREAM, 0, sv), ==, 0); +-- +2.32.0 + diff -pruN 0.15.0-2/debian/patches/Revert-reds-start-QXL-devices-if-VM-is-running-fix-r.patch 0.15.0-2ubuntu4/debian/patches/Revert-reds-start-QXL-devices-if-VM-is-running-fix-r.patch --- 0.15.0-2/debian/patches/Revert-reds-start-QXL-devices-if-VM-is-running-fix-r.patch 1970-01-01 00:00:00.000000000 +0000 +++ 0.15.0-2ubuntu4/debian/patches/Revert-reds-start-QXL-devices-if-VM-is-running-fix-r.patch 2022-03-21 08:23:33.000000000 +0000 @@ -0,0 +1,55 @@ +From 252729adbdca81e0ceefe8e4fc48b8cab83bfcf5 Mon Sep 17 00:00:00 2001 +From: Christian Ehrhardt +Date: Mon, 21 Mar 2022 09:07:08 +0100 +Subject: [PATCH] Revert "reds: start QXL devices if VM is running" (fix race) + +Due to reds->vm_running being initialized to TRUE (since c302e12c +"spice.h: add entries for tracking vm state") the assumption in c23cbd6f +"reds: start QXL devices if VM is running" was wrong and we can't check +on vm_running until that initalization isn't on TRUE (it is that way for +backward compatibility). + +Without this revert on qemu initializing spice we will have the +display_init side of qemu not yet ready and therefore respond badly when +spice sends an event as raction to `red_qxl_start`: + "qxl_send_events: spice-server bug: guest stopped, ignoring." + +At least with qemu > v2.0 as a spice consumer is not showing issues as +`red_qxl_start` will be called just after the qemu side is ready +`qemu_spice_display_start` -> `spice_server_vm_start` ... `red_qxl_start`. + +Therefore - for now to avoid the current regression - Revert c23cbd6f +"reds: start QXL devices if VM is running" until that old (2012) +initialization is updated (probably an ABI change and therefore taking +some time). + +Fixes: https://gitlab.freedesktop.org/spice/spice/-/issues/64 + +This reverts commit c23cbd6fa821fea8ac4ed97ca679afebe2333c8c. +--- + server/reds.cpp | 3 --- + +1 file changed, 3 deletions(-) + +Forwarded: https://gitlab.freedesktop.org/spice/spice/-/merge_requests/202 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/spice/+bug/1964777 +Bug-Upstream: https://gitlab.freedesktop.org/spice/spice/-/issues/64 +Last-Update: 2022-03-21 + +diff --git a/server/reds.cpp b/server/reds.cpp +index 11eb4cb27e..1ada47d8be 100644 +--- a/server/reds.cpp ++++ b/server/reds.cpp +@@ -3244,9 +3244,6 @@ SPICE_GNUC_VISIBLE int spice_server_add_interface(SpiceServer *reds, + * be called. */ + red_qxl_attach_worker(qxl); + red_qxl_set_compression_level(qxl, calc_compression_level(reds)); +- if (reds->vm_running) { +- red_qxl_start(qxl); +- } + } else if (strcmp(base_interface->type, SPICE_INTERFACE_TABLET) == 0) { + SpiceTabletInstance *tablet = SPICE_UPCAST(SpiceTabletInstance, sin); + spice_debug("SPICE_INTERFACE_TABLET"); +-- +2.35.1 + diff -pruN 0.15.0-2/debian/patches/series 0.15.0-2ubuntu4/debian/patches/series --- 0.15.0-2/debian/patches/series 2021-10-01 06:40:42.000000000 +0000 +++ 0.15.0-2ubuntu4/debian/patches/series 2022-03-21 08:23:33.000000000 +0000 @@ -1,2 +1,4 @@ disable-failing-test-listen.patch do-not-run-nonexisting-doxygen-sh.patch +0001-test-leaks-fix-the-test-with-OpenSSL3.patch +Revert-reds-start-QXL-devices-if-VM-is-running-fix-r.patch