openSUSE Build Service

Overview Repositories Revisions Requests Users Attributes Meta

File spice.changes of Package spice

-------------------------------------------------------------------
Thu May 27 11:28:21 MDT 2021 - carnold@suse.com

- bsc#1181686 - VUL-0: CVE-2021-20201: spice,spice-gtk: client
  initiated renegotiation denial of service
  0001-With-OpenSSL-1.1-Disable-client-initiated-renegotiation.patch
  0002-With-OpenSSL-1.0.2-and-earlier-disable-client-side-renegotiation.patch

-------------------------------------------------------------------
Mon Oct  5 14:55:43 UTC 2020 - Bruce Rogers <brogers@suse.com>

- Fix buffer overflow vulnerabilities in QUIC image decoding
  (CVE-2020-14355 bsc#1177158)
  0001-quic-Check-we-have-some-data-to-start-decoding-quic-.patch
  0002-quic-Check-image-size-in-quic_decode_begin.patch
  0003-quic-Check-RLE-lengths.patch
  0004-quic-Avoid-possible-buffer-overflow-in-find_bucket.patch

-------------------------------------------------------------------
Thu May 16 21:11:13 UTC 2019 - Bruce Rogers <brogers@suse.com>

- Update to v0.14.2 stable release
  The main changes are support for Meson build and graphic device
  info messages allowing to better support multi-monitor
  configurations.
  * support H265 in stream-channel
  * add support for building with meson/ninja
  * minor tests fixes improving CI
  * set char device state for smartcard, allowing Qemu optimization
  * improve red-parse-qxl.c interface making it more consistent
  * add some instrumentation for streaming device
  * QXL interface: add a function to identify monitors in the guest
    (spice_qxl_set_device_info)
  * add support for GraphicsDeviceInfo messages
  * video-stream: prevent crash on stream reattach
  * make channel client callbacks virtual functions
  * bumped minimum required glib version to 2.38
  * attempt to have a reliable led state for keyboard modifiers
- Removed patches:
  (The first two are altered versions of what is carried upstream.
  I think we're fine with what upstream does here)
  0001-lz-Avoid-buffer-reading-overflow-checking-for-image-.patch
  0002-lz-More-checks-on-image-sizes.patch
  0001-memslot-Fix-off-by-one-error-in-group-slot-boundary-.patch

-------------------------------------------------------------------
Fri Mar  1 08:13:02 UTC 2019 - olaf@aepfle.de

- Use plain python2 for SLE12 builds
- Remove PYTHON=python3, configure will find and use the python3

-------------------------------------------------------------------
Mon Jan 28 17:39:01 UTC 2019 - Bruce Rogers <brogers@suse.com>

- Fix OOB memory access in internal tracking of slot_ids and
  group_ids. (CVE-2019-3813 bsc#1122706)
  * 0001-memslot-Fix-off-by-one-error-in-group-slot-boundary-.patch
- Remove celt051 Requires directive

-------------------------------------------------------------------
Wed Sep 19 22:47:44 UTC 2018 - astieger@suse.com

- Upstream disabled support for the celt051 audio codec by default,
  do likewise in the spec
- Note updated 0.14.1 build dependencies in the spec:
  * OpenSSL 1.0.0 or newer is now required
  * glib 2.32 required
- add upstream signing key and verify source signature

-------------------------------------------------------------------
Wed Sep 19 19:42:07 UTC 2018 - Bruce Rogers <brogers@suse.com>

- Update to v0.14.1 stable release
  The announcement email describes this release as follows:
  The main change in this release is the addition of a new protocol
  extension in order to support streaming the remote display as a
  video stream rather than going through the QXL protocol. Together
  with spice-streaming-agent, and/or with more work on the qemu/
  spice-server side, this should allow streaming of 3D accelerated
  VMs in the future. At this point, this part of spice-server is
  still a work in progress (multi-monitor support and various
  features are missing).
  * avoid performance issues on Windows 10 KVM guests (boo#1109044)
  * add new org.spice-space.stream.0 channel used for passing an
    encoded video stream from the guest to the client
  * add support for TCP_CORK to reduce the amount of packets that
    we send
  * fix CVE-2018-10873 (maintainer note: we already carried fix)
  * fix cursor related migration crash
  * fix regression causing sound recording to be muted after client
    disconnection/reconnection (introduced in 0.13.90)
  * fix regression in corner cases where images could be sent
    uncompressed when they used to be compressed with QUIC
  * disable TLS 1.0 support
  * CELT 0.5.1 support is now disabled by default. If celt051-devel
    is installed at build-time, --enable-celt051/--disable-celt051
     must be explicitly specified
  * drop support for unsupported OpenSSL version. OpenSSL 1.0.0 or
    newer is now required
  * bumped minimum required glib version to 2.32
  * endianness fixes
  * (small) leak fixes
  * usual round of code cleanups
  * not directly related to this release, but the upstream git
    repository is now hosted on gitlab.freedesktop.org
- Removed patches:
    bb15d481-Fix-flexible-array-buffer-overflow.patch

-------------------------------------------------------------------
Mon Aug 20 10:05:54 UTC 2018 - cbosdonnat@suse.com

- Fix potential heap corruption when demarshalling (CVE-2018-10873,
  bsc#1104448)
  Added patch:
    bb15d481-Fix-flexible-array-buffer-overflow.patch

-------------------------------------------------------------------
Mon Jul 16 15:01:46 UTC 2018 - cbosdonnat@suse.com

- Avoid buffer overflow on image lz cheks (CVE-2018-10893, bsc#1101295)
  Added patches:
    0001-lz-Avoid-buffer-reading-overflow-checking-for-image-.patch
    0002-lz-More-checks-on-image-sizes.patch

-------------------------------------------------------------------
Tue Jan 30 22:20:12 UTC 2018 - jengelh@inai.de

- Correct RPM group for shared library.

-------------------------------------------------------------------
Tue Jan 30 14:44:37 UTC 2018 - tchvatal@suse.com

- Split the sle condition again for exact features to allow their
  override

-------------------------------------------------------------------
Thu Jan 18 12:12:33 UTC 2018 - tchvatal@suse.com

- Enable smartcards on sle15 as the supportlib is available
  * Condition it using name everywhere instead of suse versions
    and join together with lz4
- Format with spec-cleaner
- Convert dependencies to pkgconfig style
- Install documentation and license file
- Add configure arguments to most of the options to not rely on
  autotools automatic behavior
  * Also enable gstreamer and lz4 options
- Drop the not needed python dependencies, they are needed only
  when building from git snapshot

-------------------------------------------------------------------
Thu Oct 26 07:25:59 UTC 2017 - cbosdonnat@suse.com

- Release 0.14.0
  * fix client mouse with virgl
  * fix frozen display after seamless migration
  * set human-readable name on spice threads
  * add sanity-checks for ORC library as it can abort spice-server
    when selinux is in use
  * Close TCP connection early when client did not send the correct
    SPICE magic bytes: this allows VNC clients to gracefully fail
    when connecting to a SPICE port
  * Add VP9 encoding support when GStreamer is being used and misc
    streaming/encoding improvements
  * Improvements to replay utility
  * Limit (deprecated/unusud) QXLMessage size to 100,000 characters
    for improved safety
  * Improve image quality in low bitrate situation when using the
    GStreamer backend
  * Added GStreamer support to the video streaming code
  * Fix old migration bug causing migration to never end in some cases
  * Added lz4 compression to the spicevmc channel
  * Ongoing code cleanups
  * add spice_qxl_gl_scanout() spice_qxl_gl_draw_async() for local
    virgl support
  * spice_server_set_keepalive_timeout() has been removed in favour of
    unconditionally sending keepalive probes every 10 minutes
  * Added public spice_server_set_keepalive_timeout() to make it possible
    to tweak keepalive on all SPICE connection. This can prevent unwanted
    idle disconnections if proxies are used between the client and the host.
  * Fix important memory usage when the webdav channel is used
  * Do not disconnect when the client requests an unsupported compression type
  * Fix potential race condition when using multiple QXL devices
  * Fix display glitch when using XSpice
  * Improve help string for 'replay -s'
  * Fix small leak in MJPEG code

- Removed patches:
  * CVE-2016-9577-buffer-overflow-in-main_channel_alloc_msg_rcv_buf.patch
  * CVE-2016-9578-remote-dos-via-crafted-message.patch

-------------------------------------------------------------------
Thu Feb  2 11:23:03 UTC 2017 - psimons@suse.com

- Added patches to fix two security vulnerabilities. 
  * CVE-2016-9577-buffer-overflow-in-main_channel_alloc_msg_rcv_buf.patch
    [CVE-2016-9577, bsc#1023078]
  * CVE-2016-9578-remote-dos-via-crafted-message.patch
    [CVE-2016-9578, bsc#1023079]

-------------------------------------------------------------------
Thu Feb  2 09:52:06 UTC 2017 - cbosdonnat@suse.com

- Synchronize with SLES (fate#322402):
  + bnc#894069: disable smartcard support for SLES
  + merge changelog

-------------------------------------------------------------------
Thu Dec 22 19:57:28 UTC 2016 - astieger@suse.com

- restrict suppression of obsoletes-not-provided warning to
  spice-client bsc#1013916

-------------------------------------------------------------------
Tue Dec 13 09:44:53 UTC 2016 - cbosdonnat@suse.com

- Obsolete spice-client (bsc#1013916)

-------------------------------------------------------------------
Thu Nov 10 08:59:37 UTC 2016 - msuchanek@suse.com

- remove ExclusiveArch (boo#1009438)

-------------------------------------------------------------------
Sat Oct  8 19:36:49 UTC 2016 - zaitor@opensuse.org

- Update to version 0.12.8:
  + Fixes for bsc#982385 / CVE-2016-0749 and bsc#982386 / CVE-2016-2150.

-------------------------------------------------------------------
Fri Apr 15 07:14:06 UTC 2016 - cbosdonnat@suse.com

- Update to version 0.12.7 (fate#320079)
  + spice-server will now send TCP keepalive probes on the TCP connections it
    uses. This can prevent unwanted idle disconnections if proxies are used
    between the client and the host.
  + Fix important memory usage when the webdav channel is used
  + Do not disconnect when the client requests an unsupported compression type
  + Fix a few race conditions
  + Fix display glitch when using XSpice
  + Improve help string for 'replay -s'
  + Fix crashes in corner cases (buggy spice-html5 + win10, vnc + SPICE port
    configured, USB webcam redirection over a slow link)
  + Fix various compilation warning when building on 32 bit machines
  + Some fixes for big-endian machines, more work is likely to be needed
  + Do not build static libraries by default, this can be reenabled with --enable-static
  + Fix small leak in MJPEG code

-------------------------------------------------------------------
Tue Oct  6 14:44:02 UTC 2015 - cbosdonnat@suse.com

- Update to version 0.12.6
  + Removed spicec client code, it has been superseded by remote-viewer
    and other spice-gtk based clients
  + Unix socket support
  + LZ4 support
  + Let clients specify their preferred image compression format
  + Allow to record and replay a spice-server session
  + Fixes for CVE-2015-3247 CVE-2015-5260 and CVE-2015-5261
    bsc#944787, bsc#948976
  + spice-protocol submodule has been removed, spice-protocol must
    now be installed when building spice-server
  + Remove write polling in chardevs to reduce wakeups
- Remove upstream merged patches:
  + spice-Don-t-use-48kHz-for-playback-recording-rates.patch
  + password-length-check.patch
  + cve-2015-3247.patch

-------------------------------------------------------------------
Mon Sep  7 14:50:25 UTC 2015 - cbosdonnat@suse.com

- bsc#944460: fix CVE-2015-3247.
  cve-2015-3247.patch

-------------------------------------------------------------------
Fri Jun  5 08:47:17 UTC 2015 - cbosdonnat@suse.com

- Don't allow setting password longer than what the spice protocol
  allows. password-length-check.patch. boo#931044

-------------------------------------------------------------------
Sun Oct 19 03:38:16 UTC 2014 - crrodriguez@opensuse.org

- Replace xorg-x11-devel buildrequire by selected pkgconfig(xlibs..)

-------------------------------------------------------------------
Wed Oct 15 12:02:03 UTC 2014 - zaitor@opensuse.org

- Update to version 0.12.5:
  + Added Opus support. Celt support will be obsoleted in a future
    release.
  + Addition of webdav channel.
  + Force use of TLS 1.0 or newer for TLS connections.
  + Reference manual.
  + Some optimizations improving CPU use.
  + Various bug fixes for race conditions, memory corruption, which
    could be triggered on client disconnections, migration, and
    cause spice-server to misbehave.
  + Portability fixes.
  + Code cleanups.
  + bsc#848279: fix CVE-2013-4282.
- Add pkconfig(opus) BuildRequires: Needed to build new opus
  support.
- Add spice-Don-t-use-48kHz-for-playback-recording-rates.patch:
  Fix advertised sound playback/recording rates in public headers
  (rh#1129961).
- Drop spice-glibc217.patch: No longer needed.
- Run spec-clean on spec file, remove conditionals for obsolete
  versions of openSUSE, enable parallel build and drop obsolete
  clean section.

-------------------------------------------------------------------
Mon Jul 29 08:11:33 UTC 2013 - aevseev@gmail.com

- Update to version 0.12.4:
  + log actual address spice-server binds to
  + main_channel: fix double release of migration target data (rhbz#859027)
  + red_channel: replace an assert upon threads mismatch with a warning (rhbz#823472)
  + support for filtering out agent file-xfer msgs (rhbz#961848)
  ++ new library export spice_server_set_agent_file_xfer
  + mjpeg encoder statistics (mjpeg_encoder_get_stats)
  + improve stream stats readability and ease of parsing
  + fix for stuck display_channel over WAN (jpeg_enabled=true) (rhbz#977998)
  + Use RING_FOREACH_SAFE and other SAFE macros (rhbz#887775)
  + Some server/tests fixes.
- New features from 0.12.3:
  + monitor client bandwidth and latency.
  + dynamically adjust video stream quality based on client bandwidth & latency.
  ++ new SPICE_MSGC_DISPLAY_STREAM_REPORT
  ++ can also set SPICE_BIT_RATE environment variable to override.
  + support arbitrary latency of audio stream wrt video stream:
  ++ new SPICE_MSG_PLAYBACK_LATENCY
  + notify agent on client disconnection
  ++ new VD_AGENT_CLIENT_DISCONNECTED message
  + better support for switching from qxl to vga mode
  ++ new library export spice_qxl_driver_unload
  + multiple monitor support in single channel fixes.
  + stop streams before migration.
  + don't send empty volume messages.
  + Bugs fixed: rhbz#891326, rhbz#958276, rhbz#956345
  + fixes to inputs, chardev, build fixes.
-------------------------------------------------------------------
Wed May 15 17:21:42 UTC 2013 - dimstar@opensuse.org

- Update to version 0.12.2:
  + Skipped 0.12.1, it existed in git but was never released.
  + spice-server now requires glib2 (like qemu does).
  + More robust ssl error and certificate handling.
  + Added support for websockets.
  + Tons of seamless migration bugfixes.
  + Also some none seamless migration bugfixes.
- Clean spec file using spec-cleaner.
- Rebase spice-glibc217.patch.
- Add pkgconfig(glib-2.0) BuildRequires: new dependency.
- Pass --enable-client and --enable-smartcard to configure in
  order to ensure the client and smartcard support are built (SC
  only on openSUSE >= 12.2).

-------------------------------------------------------------------
Thu Nov 22 17:11:27 UTC 2012 - afaerber@suse.de

- Update to version 0.12.0
* support setting client monitor configuration via device
 QXLInterface::client_monitors_config
* support notifying guest of client capabilities
 QXLInterface::set_client_capabilities
* new capability for A8 Surface support
* Enable build on armv6+
* Option to quit server after first client disconnects
 spice_server_set_exit_on_disconnect
* Support seamless migration: no loss of in transit messages. Still not
  supported for agent, smartcard and usb.
* Support a new rendering message, Composite, for much improved linux guest
  performance.
* Support arbitrary resolution & multiple monitors on a single display channel.
* Improved keyboard handling under network latency with new
  SPICE_MSGC_INPUTS_KEY_SCANCODE message.
* New libspice-server.so symbols:
 spice_server_set_seamless_migration
 spice_server_vm_stop
 spice_server_vm_start
 spice_qxl_monitors_config_async
* New capabilities:
 SPICE_DISPLAY_CAP_COMPOSITE
 SPICE_DISPLAY_CAP_MONITORS_CONFIG
 SPICE_INPUTS_CAP_KEY_SCANCODE
 SPICE_MAIN_CAP_AGENT_CONNECTED_TOKENS
 SPICE_MAIN_CAP_SEAMLESS_MIGRATE
* Misc:
 * char_device.c: Introducing shared flow control code for char devices
 * Enable build without client, cegui and slirp.
* New spice protocol messages: (changes in spice-protocol, here for reference)
 * SPICE_MSG_MAIN_NAME, SPICE_MSG_MAIN_UUID
 * SPICE_MSG_DISPLAY_STREAM_DATA_SIZED
* New corresponding caps: (changes in spice-protocol, here for reference)
 * SPICE_MAIN_CAP_NAME_AND_UUID
 * SPICE_DISPLAY_CAP_SIZED_STREAM.
* Send name & uuid to capable clients
* add support for frames of different sizes RHBZ #813826
* server:
 * support a pre-opened file descriptor
 * Solaris support. Now using poll instead of epoll.
 * Support IPV6 addresses in channel events RHBZ #788444
 * other fixed RHBZ#: 787669, 787678, 819484
* spicec
 * alsa: use "default" instead of "hw:0,0"
 * volume keys support RHBZ #552539
 * other fixed RHBZ#: 78655, 804561, 641828
* solaris, mingw & windows, 32 bit fixes.
* enable server only build.
* GNULIB manywarnings.m4 & warnings.m4 module added.
* Many more bug fixes & code cleanups.
* spice-protocol no longer external.
* new server functions:
 + spice_server_set_name
 + spice_server_set_uuid
 + spice_server_set_listen_socket_fd
 + spice_server_is_server_mouse
- Drop spice-gcc47.patch
- Update spice-glibc217.patch (file moved)

-------------------------------------------------------------------
Sat Nov 17 08:05:49 UTC 2012 - aj@suse.de

- Fix build with glibc 2.17 (add patch spice-glibc217.patch).

-------------------------------------------------------------------
Mon Apr  2 18:55:00 UTC 2012 - dimstar@opensuse.org

- Add spice-gcc47.patch: Fix build with gcc 4.7. Most of this used
  to be in spice-signed-comparison.patch which got dropped with
  latest update.

-------------------------------------------------------------------
Sun Apr  1 14:57:13 UTC 2012 - zaitor@opensuse.org

- Update to version 0.10.1:
  + Mini header support.
  + Add server API for injecting a client connection socket.
  + Add Xinerama support to spicec.
  + Many bugfixes / code cleanups.
  + Requires spice-protocol >= 0.10.1
- Drop spice-signed-comparison.patch and 
  0001-server-red_parse_qxl.h-License-should-be-LGPLv2-rath.patch
  Fixed upstream.

-------------------------------------------------------------------
Mon Mar 19 21:07:03 UTC 2012 - dimstar@opensuse.org

- Extend spice-signed-comparison.patch: incl. git commit 965a1a.

-------------------------------------------------------------------
Mon Feb 13 10:56:18 UTC 2012 - coolo@suse.com

- patch license to follow spdx.org standard

-------------------------------------------------------------------
Thu Jan  5 13:47:57 UTC 2012 - dvaleev@suse.com

- Only x86 and x86-64 are supported

-------------------------------------------------------------------
Tue Dec 13 20:34:59 UTC 2011 - brogers@suse.com

- Initial package, prepared for inclusion in Factory.

Places

File spice.changes of Package spice

Places