From 1bb5d1ca1b3e2fce2835b8403042058e7645c0a8 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: May 14 2018 12:59:06 +0000 Subject: import spice-0.14.0-2.el7_5.3 --- diff --git a/SOURCES/0021-reds-Disable-TLS-1.0.patch b/SOURCES/0021-reds-Disable-TLS-1.0.patch new file mode 100644 index 0000000..6b338dd --- /dev/null +++ b/SOURCES/0021-reds-Disable-TLS-1.0.patch @@ -0,0 +1,36 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Frediano Ziglio +Date: Sun, 11 Feb 2018 18:27:41 +0000 +Subject: [spice-server] reds: Disable TLS 1.0 + +TLS 1.0 is considered now insecure. +TLS 1.1 was introduced in 2006. +Our SPICE clients uses OpenSSL to use TLS and the support for TLS 1.1 +in OpenSSL was introduced in 2006 too so even in systems like +Windows XP which are not officially supporting TLS 1.0 will work +with SPICE and TLS 1.1. +This fixes https://bugzilla.redhat.com/show_bug.cgi?id=1521053. + +Signed-off-by: Frediano Ziglio +Acked-by: Victor Toso +--- + server/reds.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/server/reds.c b/server/reds.c +index 401d242..0af5643 100644 +--- a/server/reds.c ++++ b/server/reds.c +@@ -2836,9 +2836,10 @@ static int reds_init_ssl(RedsState *reds) + SSL_METHOD *ssl_method; + #endif + int return_code; +- /* When some other SSL/TLS version becomes obsolete, add it to this ++ /* Limit connection to TLSv1.1 or newer. ++ * When some other SSL/TLS version becomes obsolete, add it to this + * variable. */ +- long ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; ++ long ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1; + + /* Global system initialization*/ + g_once(&openssl_once, openssl_global_init, NULL); diff --git a/SOURCES/0022-cursor-Delay-release-of-QXL-guest-cursor-resources.patch b/SOURCES/0022-cursor-Delay-release-of-QXL-guest-cursor-resources.patch new file mode 100644 index 0000000..f6d4e69 --- /dev/null +++ b/SOURCES/0022-cursor-Delay-release-of-QXL-guest-cursor-resources.patch @@ -0,0 +1,71 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Christophe Fergeau +Date: Tue, 10 Apr 2018 17:32:48 +0200 +Subject: [spice-server] cursor: Delay release of QXL guest cursor resources + +There's an implicit API/ABI contract between QEMU and SPICE that SPICE +will keep the guest QXL resources alive as long as QEMU can hold a +pointer to them. This implicit contract was broken in 1c6e7cf7 "Release +cursor as soon as possible", causing crashes at migration time. +While the proper fix would be in QEMU so that spice-server does not need +to have that kind of knowledge regarding QEMU internal implementation, +this commit reverts to the pre-1c6e7cf7 behaviour to avoid a regression +while QEMU is being fixed. + +This version of the fix is based on a suggestion from Frediano Ziglio. + +https://bugzilla.redhat.com/show_bug.cgi?id=1540919 + +Signed-off-by: Christophe Fergeau +Acked-by: Frediano Ziglio +--- + server/red-parse-qxl.c | 4 ++++ + server/red-parse-qxl.h | 1 + + server/red-worker.c | 2 +- + 3 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/server/red-parse-qxl.c b/server/red-parse-qxl.c +index 33f3692..c436214 100644 +--- a/server/red-parse-qxl.c ++++ b/server/red-parse-qxl.c +@@ -24,6 +24,7 @@ + #include + #include "spice-bitmap-utils.h" + #include "red-common.h" ++#include "red-qxl.h" + #include "memslot.h" + #include "red-parse-qxl.h" + +@@ -1497,4 +1498,7 @@ void red_put_cursor_cmd(RedCursorCmd *red) + red_put_cursor(&red->u.set.shape); + break; + } ++ if (red->qxl) { ++ red_qxl_release_resource(red->qxl, red->release_info_ext); ++ } + } +diff --git a/server/red-parse-qxl.h b/server/red-parse-qxl.h +index 4a576ca..f0407b5 100644 +--- a/server/red-parse-qxl.h ++++ b/server/red-parse-qxl.h +@@ -99,6 +99,7 @@ typedef struct RedSurfaceCmd { + } RedSurfaceCmd; + + typedef struct RedCursorCmd { ++ QXLInstance *qxl; + QXLReleaseInfoExt release_info_ext; + uint8_t type; + union { +diff --git a/server/red-worker.c b/server/red-worker.c +index 8a63fde..ccf5df9 100644 +--- a/server/red-worker.c ++++ b/server/red-worker.c +@@ -112,7 +112,7 @@ static gboolean red_process_cursor_cmd(RedWorker *worker, const QXLCommandExt *e + free(cursor_cmd); + return FALSE; + } +- red_qxl_release_resource(worker->qxl, cursor_cmd->release_info_ext); ++ cursor_cmd->qxl = worker->qxl; + cursor_channel_process_cmd(worker->cursor_channel, cursor_cmd); + return TRUE; + } diff --git a/SPECS/spice.spec b/SPECS/spice.spec index 2838eb9..0d8b086 100644 --- a/SPECS/spice.spec +++ b/SPECS/spice.spec @@ -1,6 +1,6 @@ Name: spice Version: 0.14.0 -Release: 2%{?dist} +Release: 2%{?dist}.3 Summary: Implements the SPICE protocol Group: User Interface/Desktops License: LGPLv2+ @@ -26,6 +26,8 @@ Patch17: 0017-stream-device-Start-supporting-resetting-device-when.patch Patch18: 0018-stream-device-Create-channel-when-needed.patch Patch19: 0019-stream-device-Limit-sending-queue-from-guest-to-serv.patch Patch20: 0020-stream-channel-Activate-streaming-report-from-client.patch +Patch21: 0021-reds-Disable-TLS-1.0.patch +Patch22: 0022-cursor-Delay-release-of-QXL-guest-cursor-resources.patch # https://bugzilla.redhat.com/show_bug.cgi?id=613529 %if 0%{?rhel} @@ -115,6 +117,20 @@ mkdir -p %{buildroot}%{_libexecdir} %changelog +* Fri Apr 27 2018 Christophe Fergeau - 0.14.0-2.3 +- Revert back to spice 0.12 behaviour where QXL guest resources for cursor + commands are only released when the current cursor is replaced. This avoids + a QEMU regression causing crashes during migration + Resolves: rhbz#1572489 + +* Mon Mar 19 2018 Christophe Fergeau - 0.14.0-2.2 +- Rebuild for missing changelog entry + Related: rhbz#1551072 + +* Thu Mar 15 2018 Christophe Fergeau - 0.14.0-2.1 +- Disable TLSv1.0 + Related: rhbz#1551072 + * Thu Oct 12 2017 Christophe Fergeau - 0.14.0-2 - Add streaming patches for use with spice-streaming-agent Related: rhbz#1478356