rpms/spice
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import spice-0.14.0-7.el8

Browse Source
This commit is contained in:
CentOS Sources 2019-05-07 07:33:52 -04:00 committed by Andrew Lukoshko
commit 509a2d2fe9
6 changed files with 777 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
SOURCES/cfergeau-29AC6C82.keyring
SOURCES/spice-0.14.0.tar.bz2

2
.spice.metadata Normal file
View File

@ -0,0 +1,2 @@
84d3abd436c6f4e194aa3f7a58be17ec9ced0a82 SOURCES/cfergeau-29AC6C82.keyring
93e42588d1aac0a3c127ada1e5d8f40be84776a9 SOURCES/spice-0.14.0.tar.bz2

301
SOURCES/0001-Fix-flexible-array-buffer-overflow.patch Normal file
View File

@ -0,0 +1,301 @@
From c182f8e4a445e93842faf6c2bd8583894da36a1a Mon Sep 17 00:00:00 2001
From: Frediano Ziglio <fziglio@redhat.com>
Date: Fri, 18 May 2018 11:41:57 +0100
Subject: [PATCH] Fix flexible array buffer overflow
This is kind of a DoS, possibly flexible array in the protocol
causes the network size check to be ignored due to integer overflows.
The size of flexible array is computed as (message_end - position),
then this size is added to the number of bytes before the array and
this number is used to check if we overflow initial message.
An example is:
message {
uint32 dummy[2];
uint8 data[] @end;
} LenMessage;
which generated this (simplified remove useless code) code:
{ /* data */
data__nelements = message_end - (start + 8);
data__nw_size = data__nelements;
}
nw_size = 8 + data__nw_size;
/* Check if message fits in reported side */
if (nw_size > (uintptr_t) (message_end - start)) {
return NULL;
}
Following code:
- data__nelements == message_end - (start + 8)
- data__nw_size == data__nelements == message_end - (start + 8)
- nw_size == 8 + data__nw_size == 8 + message_end - (start + 8) ==
8 + message_end - start - 8 == message_end -start
- the check for overflow is (nw_size > (message_end - start)) but
nw_size == message_end - start so the check is doing
((message_end - start) > (message_end - start)) which is always false.
If message_end - start < 8 then data__nelements (number of element
on the array above) computation generate an integer underflow that
later create a buffer overflow.
Add a check to make sure that the array starts before the message ends
to avoid the overflow.
Difference is:
diff -u save/generated_client_demarshallers1.c common/generated_client_demarshallers1.c
--- save/generated_client_demarshallers1.c 2018-06-22 22:13:48.626793919 +0100
+++ common/generated_client_demarshallers1.c 2018-06-22 22:14:03.408163291 +0100
@@ -225,6 +225,9 @@
uint64_t data__nelements;
{ /* data */
+ if (SPICE_UNLIKELY((start + 0) > message_end)) {
+ goto error;
+ }
data__nelements = message_end - (start + 0);
data__nw_size = data__nelements;
@@ -243,6 +246,9 @@
*free_message = nofree;
return data;
+ error:
+ free(data);
+ return NULL;
}
static uint8_t * parse_msg_set_ack(uint8_t *message_start, uint8_t *message_end, SPICE_GNUC_UNUSED int minor, size_t *size, message_destructor_t *free_message)
@@ -301,6 +307,9 @@
SpiceMsgPing *out;
{ /* data */
+ if (SPICE_UNLIKELY((start + 12) > message_end)) {
+ goto error;
+ }
data__nelements = message_end - (start + 12);
data__nw_size = data__nelements;
@@ -5226,6 +5235,9 @@
uint64_t cursor_data__nw_size;
uint64_t cursor_data__nelements;
{ /* data */
+ if (SPICE_UNLIKELY((start2 + 22) > message_end)) {
+ goto error;
+ }
cursor_data__nelements = message_end - (start2 + 22);
cursor_data__nw_size = cursor_data__nelements;
@@ -5305,6 +5317,9 @@
uint64_t cursor_data__nw_size;
uint64_t cursor_data__nelements;
{ /* data */
+ if (SPICE_UNLIKELY((start2 + 22) > message_end)) {
+ goto error;
+ }
cursor_data__nelements = message_end - (start2 + 22);
cursor_data__nw_size = cursor_data__nelements;
@@ -5540,6 +5555,9 @@
SpiceMsgPlaybackPacket *out;
{ /* data */
+ if (SPICE_UNLIKELY((start + 4) > message_end)) {
+ goto error;
+ }
data__nelements = message_end - (start + 4);
data__nw_size = data__nelements;
@@ -5594,6 +5612,9 @@
SpiceMsgPlaybackMode *out;
{ /* data */
+ if (SPICE_UNLIKELY((start + 8) > message_end)) {
+ goto error;
+ }
data__nelements = message_end - (start + 8);
data__nw_size = data__nelements;
diff -u save/generated_client_demarshallers.c common/generated_client_demarshallers.c
--- save/generated_client_demarshallers.c 2018-06-22 22:13:48.626793919 +0100
+++ common/generated_client_demarshallers.c 2018-06-22 22:14:03.004153195 +0100
@@ -225,6 +225,9 @@
uint64_t data__nelements;
{ /* data */
+ if (SPICE_UNLIKELY((start + 0) > message_end)) {
+ goto error;
+ }
data__nelements = message_end - (start + 0);
data__nw_size = data__nelements;
@@ -243,6 +246,9 @@
*free_message = nofree;
return data;
+ error:
+ free(data);
+ return NULL;
}
static uint8_t * parse_msg_set_ack(uint8_t *message_start, uint8_t *message_end, SPICE_GNUC_UNUSED int minor, size_t *size, message_destructor_t *free_message)
@@ -301,6 +307,9 @@
SpiceMsgPing *out;
{ /* data */
+ if (SPICE_UNLIKELY((start + 12) > message_end)) {
+ goto error;
+ }
data__nelements = message_end - (start + 12);
data__nw_size = data__nelements;
@@ -6574,6 +6583,9 @@
}
{ /* data */
+ if (SPICE_UNLIKELY((start2 + 2 + cursor_u__nw_size) > message_end)) {
+ goto error;
+ }
cursor_data__nelements = message_end - (start2 + 2 + cursor_u__nw_size);
cursor_data__nw_size = cursor_data__nelements;
@@ -6670,6 +6682,9 @@
}
{ /* data */
+ if (SPICE_UNLIKELY((start2 + 2 + cursor_u__nw_size) > message_end)) {
+ goto error;
+ }
cursor_data__nelements = message_end - (start2 + 2 + cursor_u__nw_size);
cursor_data__nw_size = cursor_data__nelements;
@@ -6907,6 +6922,9 @@
SpiceMsgPlaybackPacket *out;
{ /* data */
+ if (SPICE_UNLIKELY((start + 4) > message_end)) {
+ goto error;
+ }
data__nelements = message_end - (start + 4);
data__nw_size = data__nelements;
@@ -6961,6 +6979,9 @@
SpiceMsgPlaybackMode *out;
{ /* data */
+ if (SPICE_UNLIKELY((start + 6) > message_end)) {
+ goto error;
+ }
data__nelements = message_end - (start + 6);
data__nw_size = data__nelements;
@@ -7559,6 +7580,9 @@
SpiceMsgTunnelSocketData *out;
{ /* data */
+ if (SPICE_UNLIKELY((start + 2) > message_end)) {
+ goto error;
+ }
data__nelements = message_end - (start + 2);
data__nw_size = data__nelements;
@@ -7840,6 +7864,9 @@
}
{ /* compressed_data */
+ if (SPICE_UNLIKELY((start + 1 + u__nw_size) > message_end)) {
+ goto error;
+ }
compressed_data__nelements = message_end - (start + 1 + u__nw_size);
compressed_data__nw_size = compressed_data__nelements;
diff -u save/generated_server_demarshallers.c common/generated_server_demarshallers.c
--- save/generated_server_demarshallers.c 2018-06-22 22:13:48.627793944 +0100
+++ common/generated_server_demarshallers.c 2018-06-22 22:14:05.231208847 +0100
@@ -306,6 +306,9 @@
uint64_t data__nelements;
{ /* data */
+ if (SPICE_UNLIKELY((start + 0) > message_end)) {
+ goto error;
+ }
data__nelements = message_end - (start + 0);
data__nw_size = data__nelements;
@@ -324,6 +327,9 @@
*free_message = nofree;
return data;
+ error:
+ free(data);
+ return NULL;
}
static uint8_t * parse_msgc_disconnecting(uint8_t *message_start, uint8_t *message_end, SPICE_GNUC_UNUSED int minor, size_t *size, message_destructor_t *free_message)
@@ -1259,6 +1265,9 @@
SpiceMsgcRecordPacket *out;
{ /* data */
+ if (SPICE_UNLIKELY((start + 4) > message_end)) {
+ goto error;
+ }
data__nelements = message_end - (start + 4);
data__nw_size = data__nelements;
@@ -1313,6 +1322,9 @@
SpiceMsgcRecordMode *out;
{ /* data */
+ if (SPICE_UNLIKELY((start + 6) > message_end)) {
+ goto error;
+ }
data__nelements = message_end - (start + 6);
data__nw_size = data__nelements;
@@ -1841,6 +1853,9 @@
SpiceMsgcTunnelSocketData *out;
{ /* data */
+ if (SPICE_UNLIKELY((start + 2) > message_end)) {
+ goto error;
+ }
data__nelements = message_end - (start + 2);
data__nw_size = data__nelements;
@@ -2057,6 +2072,9 @@
}
{ /* compressed_data */
+ if (SPICE_UNLIKELY((start + 1 + u__nw_size) > message_end)) {
+ goto error;
+ }
compressed_data__nelements = message_end - (start + 1 + u__nw_size);
compressed_data__nw_size = compressed_data__nelements;
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
---
spice-common/python_modules/demarshal.py | 1 +
1 file changed, 1 insertion(+)
diff --git a/spice-common/python_modules/demarshal.py b/spice-common/python_modules/demarshal.py
index 1ea131d..7172762 100644
--- a/spice-common/python_modules/demarshal.py
+++ b/spice-common/python_modules/demarshal.py
@@ -318,6 +318,7 @@ def write_validate_array_item(writer, container, item, scope, parent_scope, star
writer.assign(nelements, array.size)
elif array.is_remaining_length():
if element_type.is_fixed_nw_size():
+ writer.error_check("%s > message_end" % item.get_position())
if element_type.get_fixed_nw_size() == 1:
writer.assign(nelements, "message_end - %s" % item.get_position())
else:
--
2.17.1

100
SOURCES/0002-memslot-Fix-off-by-one-error-in-group-slot-boundary-.patch Normal file
View File

@ -0,0 +1,100 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Christophe Fergeau <cfergeau@redhat.com>
Date: Thu, 29 Nov 2018 14:18:39 +0100
Subject: [PATCH] memslot: Fix off-by-one error in group/slot boundary check
RedMemSlotInfo keeps an array of groups, and each group contains an
array of slots. Unfortunately, these checks are off by 1, they check
that the index is greater or equal to the number of elements in the
array, while these arrays are 0 based. The check should only check for
strictly greater than the number of elements.
For the group array, this is not a big issue, as these memslot groups
are created by spice-server users (eg QEMU), and the group ids used to
index that array are also generated by the spice-server user, so it
should not be possible for the guest to set them to arbitrary values.
The slot id is more problematic, as it's calculated from a QXLPHYSICAL
address, and such addresses are usually set by the guest QXL driver, so
the guest can set these to arbitrary values, including malicious values,
which are probably easy to build from the guest PCI configuration.
This patch fixes the arrays bound check, and adds a test case for this.
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
---
server/memslot.c | 4 ++--
server/tests/test-qxl-parsing.c | 32 ++++++++++++++++++++++++++++++++
2 files changed, 34 insertions(+), 2 deletions(-)
diff --git a/server/memslot.c b/server/memslot.c
index 7074b43..8c59c38 100644
--- a/server/memslot.c
+++ b/server/memslot.c
@@ -99,14 +99,14 @@ unsigned long memslot_get_virt(RedMemSlotInfo *info, QXLPHYSICAL addr, uint32_t
MemSlot *slot;
*error = 0;
- if (group_id > info->num_memslots_groups) {
+ if (group_id >= info->num_memslots_groups) {
spice_critical("group_id too big");
*error = 1;
return 0;
}
slot_id = memslot_get_id(info, addr);
- if (slot_id > info->num_memslots) {
+ if (slot_id >= info->num_memslots) {
print_memslots(info);
spice_critical("slot_id %d too big, addr=%" PRIx64, slot_id, addr);
*error = 1;
diff --git a/server/tests/test-qxl-parsing.c b/server/tests/test-qxl-parsing.c
index 9c0c3b1..83f2083 100644
--- a/server/tests/test-qxl-parsing.c
+++ b/server/tests/test-qxl-parsing.c
@@ -85,6 +85,33 @@ static void deinit_qxl_surface(QXLSurfaceCmd *qxl)
free(from_physical(qxl->u.surface_create.data));
}
+static void test_memslot_invalid_group_id(void)
+{
+ RedMemSlotInfo mem_info;
+ int error;
+ init_meminfo(&mem_info);
+
+ memslot_get_virt(&mem_info, 0, 16, 1, &error);
+}
+
+static void test_memslot_invalid_slot_id(void)
+{
+ RedMemSlotInfo mem_info;
+ int error;
+ init_meminfo(&mem_info);
+
+ memslot_get_virt(&mem_info, 1 << mem_info.memslot_id_shift, 16, 0, &error);
+}
+
+static void test_memslot_invalid_addresses(void)
+{
+ g_test_trap_subprocess("/server/memslot-invalid-addresses/subprocess/group_id", 0, 0);
+ g_test_trap_assert_stderr("*group_id too big*");
+
+ g_test_trap_subprocess("/server/memslot-invalid-addresses/subprocess/slot_id", 0, 0);
+ g_test_trap_assert_stderr("*slot_id 1 too big*");
+}
+
static void test_no_issues(void)
{
RedMemSlotInfo mem_info;
@@ -262,6 +289,11 @@ int main(int argc, char *argv[])
{
g_test_init(&argc, &argv, NULL);
+ /* try to use invalid memslot group/slot */
+ g_test_add_func("/server/memslot-invalid-addresses", test_memslot_invalid_addresses);
+ g_test_add_func("/server/memslot-invalid-addresses/subprocess/group_id", test_memslot_invalid_group_id);
+ g_test_add_func("/server/memslot-invalid-addresses/subprocess/slot_id", test_memslot_invalid_slot_id);
+
/* try to create a surface with no issues, should succeed */
g_test_add_func("/server/qxl-parsing-no-issues", test_no_issues);

16
SOURCES/spice-0.14.0.tar.bz2.sign Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEElKn3VmH3emFoZJsjqdjCFCmsbIIFAlneAaYACgkQqdjCFCms
bIJupA//TUYdq6tx777hplIgm4q6M8Szh8XnYEvmj8UUrVWJ2Js4fRgtIRnR/u0I
Drwn2pf5QIjpfhf7EFFhyAuErG9MeiL5Z9SM2WmOgNkPfATJ7tf0VsKQjH11axip
n9atFPz6Jb6IEI56oidhySYz9Rgvicw45yEui7ncMKsST3zTQlWfI+n6Mv48dkiJ
bUYauebvEzPuG5ecaILmHreVxDLh9/SyTKOc3+F46epkyyCxPQDX7JLK/+081Z3l
jUaMlyb0GROsY43c88Lb4H0jbsLlqfUNk5ztxvplwMXOFAgrOwbrIsLaOHSwzegc
5ZknyTwbQOx8CGLS91pgqbyyRKLMrTbMYU4KDfizQIqkNKDvQUohENcKe66aeUAk
LLEvud0VVFZSg+VEm/ISU/8Rua7DSR2tcA04bQg6ei0d/QM0hpXsL7AOB+H3ha0m
vqBrz3ivfvDh17pFCpaSCuRi5DSlT5OW6nML1Pd8w+MbrJmu/757bNpdfhynDSq+
KWmhPIChvChA0f8LfmxGXYqcfNAZ9Ss59SkFLHEaPT49TQR9jZT9jtiHre0GV4WU
RS+CmivFB7fPlONYVOJ2i8mGT9dtVf5SfHwLLgaWzUG5aDK0KSK2o21G4Ajr6bXl
yVDP2EeAjK4WsyD8AvWM3tzSbqnGryA8ErijFZCYuP+HNzrIUeE=
=ufAb
-----END PGP SIGNATURE-----

356
SPECS/spice.spec Normal file
View File

@ -0,0 +1,356 @@
Name: spice
Version: 0.14.0
Release: 7%{?dist}
Summary: Implements the SPICE protocol
Group: User Interface/Desktops
License: LGPLv2+
URL: http://www.spice-space.org/
Source0: http://www.spice-space.org/download/releases/%{name}-%{version}.tar.bz2
Source1: http://www.spice-space.org/download/releases/%{name}-%{version}.tar.bz2.sign
Source2: cfergeau-29AC6C82.keyring
Patch1: 0001-Fix-flexible-array-buffer-overflow.patch
Patch2: 0002-memslot-Fix-off-by-one-error-in-group-slot-boundary-.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=613529
%if 0%{?rhel} && 0%{?rhel} <= 7
ExclusiveArch: x86_64
%else
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64
%endif
BuildRequires: pkgconfig
BuildRequires: glib2-devel >= 2.22
BuildRequires: spice-protocol >= 0.12.3
BuildRequires: celt051-devel
BuildRequires: opus-devel
BuildRequires: pixman-devel openssl-devel libjpeg-devel
BuildRequires: libcacard-devel cyrus-sasl-devel
BuildRequires: lz4-devel
BuildRequires: gstreamer1-devel gstreamer1-plugins-base-devel
BuildRequires: orc-devel
BuildRequires: gnupg2
BuildRequires: git-core
BuildRequires: python3-devel
BuildRequires: python3-pyparsing python3-six
%description
The Simple Protocol for Independent Computing Environments (SPICE) is
a remote display system built for virtual environments which allows
you to view a computing 'desktop' environment not only on the machine
where it is running, but from anywhere on the Internet and from a wide
variety of machine architectures.
%package server
Summary: Implements the server side of the SPICE protocol
Group: System Environment/Libraries
Obsoletes: spice-client < %{version}-%{release}
%description server
The Simple Protocol for Independent Computing Environments (SPICE) is
a remote display system built for virtual environments which allows
you to view a computing 'desktop' environment not only on the machine
where it is running, but from anywhere on the Internet and from a wide
variety of machine architectures.
This package contains the run-time libraries for any application that wishes
to be a SPICE server.
%package server-devel
Summary: Header files, libraries and development documentation for spice-server
Group: Development/Libraries
Requires: %{name}-server%{?_isa} = %{version}-%{release}
Requires: pkgconfig
%description server-devel
This package contains the header files, static libraries and development
documentation for spice-server. If you like to develop programs
using spice-server, you will need to install spice-server-devel.
%prep
gpgv2 --quiet --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
%autosetup -S git_am
%build
%define configure_client --disable-client
%configure --enable-smartcard --disable-client --enable-lz4 --enable-gstreamer=1.0
make %{?_smp_mflags} WARN_CFLAGS='' V=1
%install
make DESTDIR=%{buildroot} install
rm -f %{buildroot}%{_libdir}/libspice-server.a
rm -f %{buildroot}%{_libdir}/libspice-server.la
mkdir -p %{buildroot}%{_libexecdir}
%ldconfig_scriptlets server
%files server
%{!?_licensedir:%global license %%doc}
%license COPYING
%doc README NEWS
%{_libdir}/libspice-server.so.1*
%files server-devel
%{_includedir}/spice-server
%{_libdir}/libspice-server.so
%{_libdir}/pkgconfig/spice-server.pc
%changelog
* Tue Dec 18 2018 Christophe Fergeau <cfergeau@redhat.com> - 0.14.0-7
- Fix off-by-one error during guest-to-host memory address conversion
Resolves: CVE-2019-3813
* Fri Aug 17 2018 Frediano Ziglio <fziglio@redhat.com> - 0.14.0-6
- Fix flexible array buffer overflow
Resolves: rhbz#1618555
* Mon Aug 13 2018 Victor Toso <victortoso@redhat.com> - 0.14.0-5
- Include python3-devel to not fail on rhel-8.0 builds
- Resolves: rhbz#1615570
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.14.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Sat Feb 03 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.14.0-3
- Switch to %%ldconfig_scriptlets
* Wed Nov 08 2017 Merlin Mathesius <mmathesi@redhat.com> - 0.14.0-2
- Cleanup spec file conditionals
* Wed Oct 11 2017 Christophe Fergeau <cfergeau@redhat.com> - 0.14.0-1
- Update to new stable release
* Tue Sep 26 2017 Christophe Fergeau <christophe@redhat.com> - 0.13.91-1
- Update to latest upstream release
* Thu Aug 24 2017 Christophe Fergeau <cfergeau@redhat.com> - 0.13.90-3
- Add missing (new) BuildRequires, remove obsolete one
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.13.90-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Christophe Fergeau <cfergeau@redhat.com> 0.13.90-1
- Update to latest upstream release (0.13.90)
* Mon Feb 06 2017 Christophe Fergeau <cfergeau@redhat.com> 0.13.3-2
- Add upstream patches fixing CVE-2016-9577 and CVE-2016-9578
* Mon Nov 21 2016 Christophe Fergeau <cfergeau@redhat.com> 0.13.3-1
- Update to spice 0.13.3
* Fri Aug 05 2016 Christophe Fergeau <cfergeau@redhat.com> - 0.13.2-1
- Update to spice 0.13.2
* Tue Jun 14 2016 Peter Robinson <pbrobinson@fedoraproject.org> 0.13.1-2
- Use %%license
- Build on aarch64
* Wed Apr 13 2016 Christophe Fergeau <cfergeau@redhat.com> 0.13.1-1
- Update to 0.13.1 release. This is a development release, but by the
time Fedora 25 gets released, a stable 0.14.0 should be released.
* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.12.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Tue Oct 06 2015 Christophe Fergeau <cfergeau@redhat.com> 0.12.6-1
- Update to new 0.12.6 upstream release
* Wed Jul 29 2015 Christophe Fergeau <cfergeau@redhat.com> 0.12.5-9
- Drop patch added in previous build which is no longer needed with
spice-protocol 0.12.9 (and actually is actually breaking QEMU compilation
without an additional patch)
* Fri Jul 03 2015 Christophe Fergeau <cfergeau@redhat.com> 0.12.5-8
- Add upstream patch avoiding a regression in spice-protocol 0.12.8 which
breaks SPICE support in QEMU
* Thu Jul 02 2015 Christophe Fergeau <cfergeau@redhat.com> 0.12.5-7
- Fix migration race condition which causes a crash when triggered
Resolves: rhbz#1238212
* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.12.5-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Mon Aug 25 2014 Christophe Fergeau <cfergeau@redhat.com> 0.12.5-5
- Fix advertised sound playback/recording rates in public headers
Resolves: rhbz#1129961 (QEMU would need a rebuild though)
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.12.5-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.12.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Mon May 19 2014 Christophe Fergeau <cfergeau@redhat.com> 0.12.5-2
- Add missing BuildRequires in order to enable Opus support
* Mon May 19 2014 Christophe Fergeau <cfergeau@redhat.com> 0.12.5-1
- Update to new 0.12.5 release
* Wed Oct 30 2013 Christophe Fergeau <cfergeau@redhat.com> 0.12.4-3
- Add patch fixing CVE-2013-4282
* Fri Sep 13 2013 Christophe Fergeau <cfergeau@redhat.com> 0.12.4-2
- Add upstream patch fixing rhbz#995041
* Fri Aug 2 2013 Hans de Goede <hdegoede@redhat.com> - 0.12.4-1
- New upstream bug-fix release 0.12.4
- Add patches from upstream git to fix sound-channel-free crash (rhbz#986407)
- Add Obsoletes for dropped spice-client sub-package
* Thu May 23 2013 Christophe Fergeau <cfergeau@redhat.com> 0.12.3-2
- Stop building spicec, it's obsolete and superseded by remote-viewer
(part of virt-viewer)
* Tue May 21 2013 Christophe Fergeau <cfergeau@redhat.com> 0.12.3-1
- New upstream release 0.12.3
- Drop all patches (they were all upstreamed)
* Mon Apr 15 2013 Hans de Goede <hdegoede@redhat.com> - 0.12.2-4
- Add fix from upstream for a crash when the guest uses RGBA (rhbz#952242)
* Thu Mar 07 2013 Adam Jackson <ajax@redhat.com> 0.12.2-4
- Rebuild for new libsasl2 soname in F19
* Mon Jan 21 2013 Hans de Goede <hdegoede@redhat.com> - 0.12.2-3
- Add a number of misc. bug-fixes from upstream
* Fri Dec 21 2012 Adam Tkac <atkac redhat com> - 0.12.2-2
- rebuild against new libjpeg
* Thu Dec 20 2012 Hans de Goede <hdegoede@redhat.com> - 0.12.2-1
- New upstream release 0.12.2
* Fri Sep 28 2012 Hans de Goede <hdegoede@redhat.com> - 0.12.0-1
- New upstream release 0.12.0
- Some minor spec file cleanups
- Enable building on arm
* Thu Sep 6 2012 Soren Sandmann <ssp@redhat.com> - 0.11.3-1
- BuildRequire pyparsing
* Thu Sep 6 2012 Soren Sandmann <ssp@redhat.com> - 0.11.3-1
- Add capability patches
- Add capability patches to the included copy of spice-protocol
Please see the comment above Patch6 and Patch7
regarding this situation.
* Thu Sep 6 2012 Soren Sandmann <ssp@redhat.com> - 0.11.3-1
- Update to 0.11.3 and drop upstreamed patches
- BuildRequire spice-protocol 0.12.1
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.10.1-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Mon May 14 2012 Alon Levy <alevy@redhat.com>
- Fix mjpeg memory leak and bad behavior.
- Add usbredir to list of channels for security purposes. (#819484)
* Sun May 13 2012 Alon Levy <alevy@redhat.com>
- Add double free fix. (#808936)
* Tue Apr 24 2012 Alon Levy <alevy@redhat.com>
- Add 32 bit fixes from git master. (#815717)
* Tue Feb 28 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.10.1-2
- Rebuilt for c++ ABI breakage
* Mon Jan 23 2012 Hans de Goede <hdegoede@redhat.com> - 0.10.1-1
- New upstream release 0.10.1
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.10.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Thu Nov 10 2011 Alon Levy <alevy@redhat.com> - 0.10.0-1
- New upstream release 0.10.0
- support spice-server.i686
* Wed Sep 28 2011 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.1-2
- Provides spice-xpi-client alternative in spice-client
* Thu Aug 25 2011 Hans de Goede <hdegoede@redhat.com> - 0.9.1-1
- New upstream release 0.9.1
* Mon Jul 25 2011 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.9.0-1
- New upstream release 0.9.0
* Wed Apr 20 2011 Hans de Goede <hdegoede@redhat.com> - 0.8.1-1
- New upstream release 0.8.1
* Fri Mar 11 2011 Hans de Goede <hdegoede@redhat.com> - 0.8.0-2
- Fix being unable to send ctrl+alt+key when release mouse is bound to
ctrl+alt (which can happen when used from RHEV-M)
* Tue Mar 1 2011 Hans de Goede <hdegoede@redhat.com> - 0.8.0-1
- New upstream release 0.8.0
* Fri Feb 11 2011 Hans de Goede <hdegoede@redhat.com> - 0.7.3-1
- New upstream release 0.7.3
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.7.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Wed Jan 19 2011 Hans de Goede <hdegoede@redhat.com> - 0.7.2-1
- New upstream release 0.7.2
* Fri Dec 17 2010 Hans de Goede <hdegoede@redhat.com> - 0.7.1-1
- New upstream release 0.7.1
- Drop all patches (all upstreamed)
- Enable smartcard (CAC) support
* Wed Nov 17 2010 Hans de Goede <hdegoede@redhat.com> - 0.6.3-4
- Fix the info layer not showing when used through the XPI
- Do not let the connection gui flash by when a hostname has been specified
on the cmdline
- Fix spice client locking up when dealing with XIM input (#654265)
- Fix modifier keys getting stuck (#655048)
- Fix spice client crashing when dealing with XIM ibus input (#655836)
- Fix spice client only showing a white screen in full screen mode
* Sat Nov 6 2010 Hans de Goede <hdegoede@redhat.com> - 0.6.3-3
- Log to ~/.spicec/cegui.log rather then to CEGUI.log in the cwd, this
fixes spicec from aborting when run in a non writable dir (#650253)
* Fri Nov 5 2010 Hans de Goede <hdegoede@redhat.com> - 0.6.3-2
- Various bugfixes from upstream git:
- Make spicec work together with the Firefox XPI for RHEV-M
- Make sure the spicec window gets properly raised when first shown
* Mon Oct 18 2010 Hans de Goede <hdegoede@redhat.com> - 0.6.3-1
- Update to 0.6.3
- Enable GUI
* Thu Sep 30 2010 Gerd Hoffmann <kraxel@redhat.com> - 0.6.1-1
- Update to 0.6.1.
* Tue Aug 31 2010 Alexander Larsson <alexl@redhat.com> - 0.6.0-1
- Update to 0.6.0 (stable release)
* Tue Jul 20 2010 Alexander Larsson <alexl@redhat.com> - 0.5.3-1
- Update to 0.5.3
* Tue Jul 13 2010 Gerd Hoffmann <kraxel@redhat.com> - 0.5.2-4
- Quote %% in changelog to avoid macro expansion.
* Mon Jul 12 2010 Gerd Hoffmann <kraxel@redhat.com> - 0.5.2-3
- %%configure handles CFLAGS automatically, no need to fiddle
with %%{optflags} manually.
* Mon Jul 12 2010 Gerd Hoffmann <kraxel@redhat.com> - 0.5.2-2
- Fix license: LGPL.
- Cleanup specfile, drop bits not needed any more with
recent rpm versions (F13+).
- Use optflags as-is.
-
* Fri Jul 9 2010 Gerd Hoffmann <kraxel@redhat.com> - 0.5.2-1
- initial package.