Name: spice Version: 0.14.0 Release: 9%{?dist}.1 Summary: Implements the SPICE protocol Group: User Interface/Desktops License: LGPLv2+ URL: http://www.spice-space.org/ Source0: http://www.spice-space.org/download/releases/%{name}-%{version}.tar.bz2 Patch1: 0001-inputs-channel-Check-message-size-handling-migration.patch Patch2: 0002-red-channel-Remove-red_channel_init_outgoing_message.patch Patch3: 0003-reds-Remove-leak-allocating-migration-state.patch Patch4: 0004-tests-Check-leaks-registering-migration-interface.patch Patch5: 0005-Notify-client-of-the-creation-of-new-channels-dynami.patch Patch6: 0006-stream-device-Add-device-to-handle-streaming.patch Patch7: 0007-stream-device-Start-parsing-new-protocol-from-guest.patch Patch8: 0008-stream-channel-Write-a-base-channel-to-implement-the.patch Patch9: 0009-stream-channel-Start-implementing-DisplayChannel-pro.patch Patch10: 0010-stream-device-Create-channel-for-stream-device.patch Patch11: 0011-stream-device-Handle-streaming-data-from-device-to-c.patch Patch12: 0012-stream-channel-Allows-not-fixed-size.patch Patch13: 0013-stream-channel-Allows-to-register-callback-to-get-ne.patch Patch14: 0014-stream-channel-Support-client-connection-disconnecti.patch Patch15: 0015-stream-channel-Do-not-show-an-empty-blank-screen-on-.patch Patch16: 0016-char-device-Do-not-stop-and-clear-interface-on-reset.patch Patch17: 0017-stream-device-Start-supporting-resetting-device-when.patch Patch18: 0018-stream-device-Create-channel-when-needed.patch Patch19: 0019-stream-device-Limit-sending-queue-from-guest-to-serv.patch Patch20: 0020-stream-channel-Activate-streaming-report-from-client.patch Patch21: 0021-reds-Disable-TLS-1.0.patch Patch22: 0022-cursor-Delay-release-of-QXL-guest-cursor-resources.patch Patch23: 0023-sound-Don-t-mute-recording-when-client-reconnects.patch Patch24: 0024-tls-Parse-spice.cnf-OpenSSL-configuration-file.patch Patch25: 0025-ssl-Allow-to-use-ECDH-ciphers-with-OpenSSL-1.0.patch Patch26: 0026-Fix-flexible-array-buffer-overflow.patch Patch27: 0027-dcc-Fix-QUIC-fallback-in-get_compression_for_bitmap.patch Patch28: 0028-memslot-Fix-off-by-one-error-in-group-slot-boundary-.patch Patch29: 0029-display-channel-Avoid-potential-crash-from-buggy-gue.patch Patch30: 0030-red-channel-client-Allows-to-change-timeout-for-late.patch Patch31: 0031-red-channel-client-Always-enable-latency-monitor-to-.patch Patch32: 0032-quic-Check-we-have-some-data-to-start-decoding-quic-.patch Patch33: 0033-quic-Check-image-size-in-quic_decode_begin.patch Patch34: 0034-quic-Check-RLE-lengths.patch Patch35: 0035-quic-Avoid-possible-buffer-overflow-in-find_bucket.patch # https://bugzilla.redhat.com/show_bug.cgi?id=613529 %if 0%{?rhel} ExclusiveArch: x86_64 %else ExclusiveArch: i686 x86_64 armv6l armv7l armv7hl %endif BuildRequires: pkgconfig BuildRequires: glib2-devel >= 2.22 BuildRequires: spice-protocol >= 0.12.10 BuildRequires: celt051-devel BuildRequires: pixman-devel alsa-lib-devel openssl-devel libjpeg-turbo-devel BuildRequires: libcacard-devel cyrus-sasl-devel BuildRequires: lz4-devel BuildRequires: pyparsing python-six BuildRequires: opus-devel BuildRequires: git BuildRequires: autoconf automake libtool %description The Simple Protocol for Independent Computing Environments (SPICE) is a remote display system built for virtual environments which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. %package server Summary: Implements the server side of the SPICE protocol Group: System Environment/Libraries Obsoletes: spice-client < %{version}-%{release} # Ensure SSL_CONF_CTX_set_ssl_ctx (needed by Patch24) is present # https://bugzilla.redhat.com/show_bug.cgi?id=1627693 Requires: openssl-libs >= 1.0.2k-16 %description server The Simple Protocol for Independent Computing Environments (SPICE) is a remote display system built for virtual environments which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. This package contains the run-time libraries for any application that wishes to be a SPICE server. %package server-devel Summary: Header files, libraries and development documentation for spice-server Group: Development/Libraries Requires: %{name}-server%{?_isa} = %{version}-%{release} Requires: pkgconfig Requires: spice-protocol >= 0.12.3 %description server-devel This package contains the header files, static libraries and development documentation for spice-server. If you like to develop programs using spice-server, you will need to install spice-server-devel. %prep %autosetup -S git_am %build autoreconf -fi %configure --enable-smartcard --disable-client make %{?_smp_mflags} WARN_CFLAGS='' V=1 %install make DESTDIR=%{buildroot} install rm -f %{buildroot}%{_libdir}/libspice-server.a rm -f %{buildroot}%{_libdir}/libspice-server.la mkdir -p %{buildroot}%{_libexecdir} %post server -p /sbin/ldconfig %postun server -p /sbin/ldconfig %files server %doc COPYING README NEWS docs/spice.cnf.sample %{_libdir}/libspice-server.so.1* %files server-devel %{_includedir}/spice-server %{_libdir}/libspice-server.so %{_libdir}/pkgconfig/spice-server.pc %changelog * Wed Sep 2 2020 Frediano Ziglio - 0.14.0-9.1 - Fix multiple buffer overflows in QUIC decoding code Resolves: CVE-2020-14355 * Wed Dec 04 2019 Frediano Ziglio - 0.14.0-9 - Always enable latency monitor to keep tcp connection alive Resolves: rhbz#1719736 * Thu Jun 20 2019 Frediano Ziglio - 0.14.0-8 - Avoid potential crash from buggy guest driver Resolves: rhbz#1582137 * Tue Dec 18 2018 Christophe Fergeau - 0.14.0-7 - Fix off-by-one error during guest-to-host memory address conversion Resolves: CVE-2019-3813 - Add patch for upstream commit 48179332d9da0. This should help with corrupted spice-html5 displays Resolves: rhbz#1573739 - Add missing minimum openssl version Requires for patch #24 Resolves: rhbz#1627693 * Thu Aug 09 2018 Frediano Ziglio - 0.14.0-6 - Fix flexible array buffer overflow Resolves: rhbz#1596008 * Wed Jun 20 2018 Christophe Fergeau - 0.14.0-5 - Don't mute Record channel on client reconnection Resolves: rhbz#1549132 - Allow to configure TLS protocol versions and ciphers which SPICE will use for TLS communications Resolves: rhbz#1562213 - Enable ECDH ciphers with OpenSSL 1.0 Resolves: rhbz#1566597 * Fri Apr 27 2018 Christophe Fergeau - 0.14.0-4 - Revert back to spice 0.12 behaviour where QXL guest resources for cursor commands are only released when the current cursor is replaced. This avoids a QEMU regression causing crashes during migration Resolves: rhbz#1567944 * Tue Apr 03 2018 Christophe Fergeau - 0.14.0-3 - Disable TLSv1.0 Resolves: rhbz#1521053 * Thu Oct 12 2017 Christophe Fergeau - 0.14.0-2 - Add streaming patches for use with spice-streaming-agent Related: rhbz#1478356 * Wed Oct 11 2017 Christophe Fergeau - 0.14.0-1 - Rebase to 0.14.0 release Resolves: rhbz#1472948 * Fri Sep 22 2017 Christophe Fergeau 0.13.90-2 - Add lz4-devel BuildRequires Resolves: rhbz#1460191 * Wed Jul 26 2017 Christophe Fergeau 0.13.90-1 - Rebase to latest upstream release Resolves: rhbz#1472948 * Fri Jul 14 2017 Jonathon Jongsma - 0.12.8-4 - build with opus support Resolves: rhbz#1456832 * Fri Jun 30 2017 Christophe Fergeau 0.12.8-3 - Prevent potential buffer/integer overflows with invalid MonitorsConfig messages sent from an authenticated client Resolves: CVE-2017-7506 * Tue Apr 25 2017 Christophe Fergeau 0.12.8-2 - Drop clients immediatly if the magic they send is wrong Resolves: rhbz#1416692 * Mon Jan 16 2017 Christophe Fergeau 0.12.8-1 - Rebase to spice-server 0.12.8 Resolves: rhbz#1388947 Resolves: rhbz#1377551 Resolves: rhbz#1283202 * Fri Dec 09 2016 Frediano Ziglio - 0.12.4-20 - Fix buffer overflow in main_channel_alloc_msg_rcv_buf when reading large messages. Resolves: CVE-2016-9577 - Fix remote DoS via crafted message. Resolves: CVE-2016-9578 * Fri Sep 09 2016 Christophe Fergeau 0.12.4-19 - Ensure SPICE_MIGRATE_COMPLETED is sent in all cases when it's needed. Resolves: rhbz#1352836 * Fri Jul 01 2016 Christophe Fergeau - 0.12.4-18 - Fix crash when connecting to VM using smartcard passthrough Resolves: rhbz#1340899 - Fix hang after unredirecting a USB device Resolves: rhbz#1338752 - Backport spice_qxl_set_max_monitors() Resolves: rhbz#1283202 * Wed Apr 27 2016 Christophe Fergeau - 0.12.4-17 - Fix crash when the client sends a wrong header (for example when using spice-html5) Resolves: rhbz#1281442 - Fix crash when guest provides wrong address Resolves: rhbz#1264356 - Fix thread-safety issue causing a crash when playing a Youtube video spanning multiple monitors Resolves: rhbz#1253375 - Add patches reducing QEMU wake-ups Related: rhbz#912763, rhbz#1186146 - Fix use-after-free after resetting a VM Resolves: rhbz#1281455 - Send KeepAlive probes every 10 minutes Resolves: rhbz#1298590 - Add client to guest volume synchronization Resolves: rhbz#1264107 * Mon Apr 25 2016 Christophe Fergeau - 0.12.4-16 - Use autosetup Related: CVE-2016-0749 - Fix heap-based memory corruption within smartcard handling Resolves: CVE-2016-0749 - Fix host memory access from guest with invalid primary surface parameters Resolves: CVE-2016-2150 * Wed Sep 23 2015 Frediano Ziglio 0.12.4-15 - CVE-2015-5260 CVE-2015-5261 fixed various security flaws Resolves: rhbz#1267134 * Thu Sep 10 2015 Frediano Ziglio 0.12.4-14 - Validate surface_id Resolves: rhbz#1260971 * Tue Jul 21 2015 Frediano Ziglio 0.12.4-13 - Clean stale statistics file before creating a new one Resolves: rhbz#1177326 * Fri Jul 10 2015 Fabiano Fidêncio 0.12.4-12 - Fix a backport issue on Patch0040. Related: rhbz#1071176 Resolves: rhbz#1241860 * Thu Jul 09 2015 Fabiano Fidêncio 0.12.4-11 - Don't assert on invalid client message Resolves: rhbz#1227410 - Don't truncate large 'now' values in _spice_timer_set Resolves: rhbz#1227408 - Avoid race conditions reading monitor configs from guest Resolves: rhbz#1239128 - Lock the pixmap image cache for the entire fill_bits call Resolves: rhbz#1235443 * Wed Jul 08 2015 Fabiano Fidêncio 0.12.4-10 - Fix qemu segmentation fault (core dumped) when boot KVM guest with spice in FIPS enabled mode. Resolves: rhbz#1071176 * Mon Jan 05 2015 Marc-Andre Lureau 0.12.4-9 - Allow recent TLS/SSL methods, block SSLv2/SSLv3. Resolves: rhbz#1175540 * Tue Oct 21 2014 Christophe Fergeau 0.12.4-8 - Fix defects reported by Coverity Resolves: rhbz#885717 - Validate surface bounding box sent from QXL driver Resolves: rhbz#1052856 - Fix assertion sometimes happening during migration while a client is connected Resolves: rhbz#1035184 - Fix crash when restarting VM with old client Resolves: rhbz#1145919 * Thu Sep 18 2014 Christophe Fergeau 0.12.4-7 - Fix assert in mjpeg_encoder_adjust_params_to_bit_rate() Resolves: rhbz#1086823 - Fix "Spice-ERROR **: reds.c:1464:reds_send_link_ack: assertion `link->link_mess->channel_type == SPICE_CHANNEL_MAIN' failed" assertion Resolves: rhbz#1058625 - Lower a monitor-config warning to debug level Resolves: rhbz#1119220 - mjpeg: Don't warn on unsupported image formats Resolves: rhbz#1070028 * Thu Aug 07 2014 Marc-Andre Lureau 0.12.4-6 - Fix invalid surface clearing Resolves: rhbz#1029646 * Wed Jan 29 2014 Christophe Fergeau 0.12.4-5 - Fix qemu crash during migration with reboot Resolves: rhbz#1016795 - Monitor whether the client is alive Resolves: rhbz#1016790 * Tue Oct 15 2013 Christophe Fergeau 0.12.4-3 - Fix spice-server crash when client sends a password which is too long Resolves: CVE-2013-4282 * Fri Sep 13 2013 Christophe Fergeau 0.12.4-2 - Add upstream patch fixing rhbz#995041 * Fri Aug 2 2013 Hans de Goede - 0.12.4-1 - Add patches from upstream git to fix sound-channel-free crash (rhbz#986407) - Add Obsoletes for dropped spice-client sub-package * Mon Jul 22 2013 Yonit Halperin 0.12.4-1 - New upstream release 0.12.4 - Require libjpeg-turbo-devel instead of libjpeg-devel - Remove "BuildRequires: spice-protocol" from spice-server - Add "Requires: spice-protocol" to spice-server-devel. * Thu May 23 2013 Christophe Fergeau 0.12.3-2 - Stop building spicec, it's obsolete and superseded by remote-viewer (part of virt-viewer) * Tue May 21 2013 Christophe Fergeau 0.12.3-1 - New upstream release 0.12.3 - Drop all patches (they were all upstreamed) * Mon Apr 15 2013 Hans de Goede - 0.12.2-4 - Add fix from upstream for a crash when the guest uses RGBA (rhbz#952242) * Thu Mar 07 2013 Adam Jackson 0.12.2-4 - Rebuild for new libsasl2 soname in F19 * Mon Jan 21 2013 Hans de Goede - 0.12.2-3 - Add a number of misc. bug-fixes from upstream * Fri Dec 21 2012 Adam Tkac - 0.12.2-2 - rebuild against new libjpeg * Thu Dec 20 2012 Hans de Goede - 0.12.2-1 - New upstream release 0.12.2 * Fri Sep 28 2012 Hans de Goede - 0.12.0-1 - New upstream release 0.12.0 - Some minor spec file cleanups - Enable building on arm * Thu Sep 6 2012 Soren Sandmann - 0.11.3-1 - BuildRequire pyparsing * Thu Sep 6 2012 Soren Sandmann - 0.11.3-1 - Add capability patches - Add capability patches to the included copy of spice-protocol Please see the comment above Patch6 and Patch7 regarding this situation. * Thu Sep 6 2012 Soren Sandmann - 0.11.3-1 - Update to 0.11.3 and drop upstreamed patches - BuildRequire spice-protocol 0.12.1 * Sat Jul 21 2012 Fedora Release Engineering - 0.10.1-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Mon May 14 2012 Alon Levy - Fix mjpeg memory leak and bad behavior. - Add usbredir to list of channels for security purposes. (#819484) * Sun May 13 2012 Alon Levy - Add double free fix. (#808936) * Tue Apr 24 2012 Alon Levy - Add 32 bit fixes from git master. (#815717) * Tue Feb 28 2012 Fedora Release Engineering - 0.10.1-2 - Rebuilt for c++ ABI breakage * Mon Jan 23 2012 Hans de Goede - 0.10.1-1 - New upstream release 0.10.1 * Sat Jan 14 2012 Fedora Release Engineering - 0.10.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Thu Nov 10 2011 Alon Levy - 0.10.0-1 - New upstream release 0.10.0 - support spice-server.i686 * Wed Sep 28 2011 Marc-André Lureau - 0.9.1-2 - Provides spice-xpi-client alternative in spice-client * Thu Aug 25 2011 Hans de Goede - 0.9.1-1 - New upstream release 0.9.1 * Mon Jul 25 2011 Marc-André Lureau - 0.9.0-1 - New upstream release 0.9.0 * Wed Apr 20 2011 Hans de Goede - 0.8.1-1 - New upstream release 0.8.1 * Fri Mar 11 2011 Hans de Goede - 0.8.0-2 - Fix being unable to send ctrl+alt+key when release mouse is bound to ctrl+alt (which can happen when used from RHEV-M) * Tue Mar 1 2011 Hans de Goede - 0.8.0-1 - New upstream release 0.8.0 * Fri Feb 11 2011 Hans de Goede - 0.7.3-1 - New upstream release 0.7.3 * Wed Feb 09 2011 Fedora Release Engineering - 0.7.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Wed Jan 19 2011 Hans de Goede - 0.7.2-1 - New upstream release 0.7.2 * Fri Dec 17 2010 Hans de Goede - 0.7.1-1 - New upstream release 0.7.1 - Drop all patches (all upstreamed) - Enable smartcard (CAC) support * Wed Nov 17 2010 Hans de Goede - 0.6.3-4 - Fix the info layer not showing when used through the XPI - Do not let the connection gui flash by when a hostname has been specified on the cmdline - Fix spice client locking up when dealing with XIM input (#654265) - Fix modifier keys getting stuck (#655048) - Fix spice client crashing when dealing with XIM ibus input (#655836) - Fix spice client only showing a white screen in full screen mode * Sat Nov 6 2010 Hans de Goede - 0.6.3-3 - Log to ~/.spicec/cegui.log rather then to CEGUI.log in the cwd, this fixes spicec from aborting when run in a non writable dir (#650253) * Fri Nov 5 2010 Hans de Goede - 0.6.3-2 - Various bugfixes from upstream git: - Make spicec work together with the Firefox XPI for RHEV-M - Make sure the spicec window gets properly raised when first shown * Mon Oct 18 2010 Hans de Goede - 0.6.3-1 - Update to 0.6.3 - Enable GUI * Thu Sep 30 2010 Gerd Hoffmann - 0.6.1-1 - Update to 0.6.1. * Tue Aug 31 2010 Alexander Larsson - 0.6.0-1 - Update to 0.6.0 (stable release) * Tue Jul 20 2010 Alexander Larsson - 0.5.3-1 - Update to 0.5.3 * Tue Jul 13 2010 Gerd Hoffmann - 0.5.2-4 - Quote %% in changelog to avoid macro expansion. * Mon Jul 12 2010 Gerd Hoffmann - 0.5.2-3 - %%configure handles CFLAGS automatically, no need to fiddle with %%{optflags} manually. * Mon Jul 12 2010 Gerd Hoffmann - 0.5.2-2 - Fix license: LGPL. - Cleanup specfile, drop bits not needed any more with recent rpm versions (F13+). - Use optflags as-is. - * Fri Jul 9 2010 Gerd Hoffmann - 0.5.2-1 - initial package.