There are no functional changes in these files, but they are however
linked against OpenSSL 1.1.1 and need to be re-shipped before we remove
the legacy library.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Historically, the MD5 checksums in our LFS files serve as a protection
against broken downloads, or accidentally corrupted source files.
While the sources are nowadays downloaded via HTTPS, it make sense to
beef up integrity protection for them, since transparently intercepting
TLS is believed to be feasible for more powerful actors, and the state
of the public PKI ecosystem is clearly not helping.
Therefore, this patch switches from MD5 to BLAKE2, updating all LFS
files as well as make.sh to deal with this checksum algorithm. BLAKE2 is
notably faster (and more secure) than SHA2, so the performance penalty
introduced by this patch is negligible, if noticeable at all.
In preparation of this patch, the toolchain files currently used have
been supplied with BLAKE2 checksums as well on
https://source.ipfire.org/.
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremeripfire.org>
Bumping across one of our scripts with very long trailing whitespaces, I
thought it might be a good idea to clean these up. Doing so, some
missing or inconsistent licence headers were fixed.
There is no need in shipping all these files en bloc, as their
functionality won't change.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
* Add a Summary and Services field to all pak lfs files
* Replace occurances of INSTALL_INITSCRIPT with new INSTALL_INITSCRIPTS
macro in all pak lfs files.
Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- v2 version of series to add $(MAKETUNING) variable to ninja in spice-protocol
- Update from 0.14.0 to 0.15.0
- Update rootfile
- Version 0.15.0 of spice requires version 0.14.3 or higher of spice-protocol
- Changelog
Major Changes in 0.15:
This is the first release in the new 0.15.x stable series. This release should
be ready for production use.
* Minor updates to CI
* Some compatibility with OpenSSL
* Change the behavior of handle_dev_start ignoring multiple start requests
* Ignore multiple calls to handle_dev_stop
* Pick up newer spice-common to fix a buffer overflow issue
Major Changes in 0.14.91:
**IMPORTANT**
0.14.91 is the first release candidate for the stable 0.15.x series. While some
bugs might still be present, it should be reasonably stable. If you are looking
for stability for daily use, please keep using the latest 0.14.x release.
* Support UNIX abstract sockets
* Fix some potential thread race condition in RedClient
* Many cleanups in the code
* Improve migration test script
* Update in protocol documentation
* Improve Meson build
* Removed CELT support
* Update CI
* Removed QXLWorker definition, it was deprecated 6 years ago
* Fix some compatibility with MacOS
* Fix some compatibility with Windows
* Move the project to C++
* Some fixes for SASL dealing with WebDAV
* Fix minor Coverity reports
* Add Doxygen support, manually built with "make doxy"
* Support more mouse buttons (up to 16 buttons)
* CVE-2020-14355 multiple buffer overflow vulnerabilities in QUIC decoding
code
Major Changes in 0.14.3:
Main changes are WebSocket and support for Windows.
* Add support for WebSocket, this will allow to use spice-html5 without proxy
* Support Windows, now Qemu Windows can be build enabling Spice
* Fix some alignment problem
* Converted some documentation to Asciidoc format to make easier to update,
updated some
* Minor compatibility fix for PPC64EL and ARMHF
* Minor fixes for big endian machines like MIPS
* Avoid some crashes with some buggy guest drivers, simply ignore the invalid
request
* Fix for old OpenSSL versions
* Minor fix for Windows clients and brushes, fixed an issue with Photoshop
under Windows 7
* Add ability to query video-codecs
* Small use-after-free fix
* Fix for debugging recording/replaying using QUIC images
* Fix a regression where spice reported no monitors to the client
* Fix DoS in spicevmc if WebDAV used
* Updated and improved test migration script
* Some minor fixes to smartcard support
* Avoid possible disconnection using proxies using a in-flow keepalive
mechanism
Major Changes in 0.14.2:
Main changes are support for Meson build and graphic device info
messages allowing to better support multi-monitor configurations.
* CVE-2019-3813: fix off-by-one error in group/slot boundary check
* support H265 in stream-channel
* add support for building with meson/ninja
* minor tests fixes improving CI
* set char device state for smartcard, allowing Qemu optimization
* improve red-parse-qxl.c interface making it more consistent
* add some instrumentation for streaming device
* QXL interface: add a function to identify monitors in the guest
(spice_qxl_set_device_info)
* add support for GraphicsDeviceInfo messages
* video-stream: prevent crash on stream reattach
* make channel client callbacks virtual functions
* bumped minimum required glib version to 2.38
* attempt to have a reliable led state for keyboard modifiers
Major Changes in 0.14.1:
The main change in this release is the addition of a new protocol extension
in order to support streaming the remote display as a video stream rather than
going through the QXL protocol. Together with spice-streaming-agent, and/or with
more work on the qemu/spice-server side, this should allow streaming of 3D
accelerated VMs in the future. At this point, this part of spice-server is
still a work in progress (multi-monitor support and various features are
missing).
* add new org.spice-space.stream.0 channel used for passing an encoded video
stream from the guest to the client
* add support for TCP_CORK to reduce the amount of packets that we send
* fix CVE-2018-10873
* fix cursor related migration crash
* fix regression causing sound recording to be muted after
client disconnection/reconnection (introduced in 0.13.90)
* fix regression in corner cases where images could be sent uncompressed
when they used to be compressed with QUIC
* disable TLS 1.0 support
* CELT 0.5.1 support is now disabled by default. If celt051-devel is installed
at build-time, --enable-celt051/--disable-celt051 must be explicitly specified
* drop support for unsupported OpenSSL version. OpenSSL 1.0.0 or newer is now
required
* bumped minimum required glib version to 2.32
* endianness fixes
* (small) leak fixes
* usual round of code cleanups
* not directly related to this release, but the upstream git repository is now
hosted on gitlab.freedesktop.org
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Not sure why this has ever been there. This simply makes it
nicer to read and edit because we can have line-breaks now.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Most of these files still used old dates and/or domain names for contact
mail addresses. This is now replaced by an up-to-date copyright line.
Just some housekeeping... :-)
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This is an security update.
Recent were 2 serious security vulnerabilities published.
This patch update spice to a version which is not vulnerable.
Changelog:
Changes in 0.12.8:
==================
* Fixes for CVE-2016-0749 and CVE-2016-2150
Changes in 0.12.7:
==================
* spice-server will now send TCP keepalive probes on the TCP connections
it
uses. This can prevent unwanted idle disconnections if proxies are
used
between the client and the host.
* Fix important memory usage when the webdav channel is used
* Do not disconnect when the client requests an unsupported compression
type
* Fix a few race conditions
* Fix display glitch when using XSpice
* Improve help string for 'replay -s'
* Fix crashes in corner cases (buggy spice-html5 + win10, vnc + SPICE
port
configured, USB webcam redirection over a slow link)
* Fix various compilation warning when building on 32 bit machines
* Some fixes for big-endian machines, more work is likely to be needed
* Do not build static libraries by default, this can be reenabled with
--enable-static
* Fix small leak in MJPEG code
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
