From 4194413280b4a4e177d5ced997d2a6e5829f9f64a624cc7e5296e237003375b5 Mon Sep 17 00:00:00 2001 From: Charles Arnold Date: Fri, 11 Feb 2022 19:55:55 +0000 Subject: [PATCH 1/4] - Update to version 0.22.0. Features and Issues addressed: * !40 - Handle side mouse buttons * !39 - Set retry limit to connect to vdagentd and improve logging error * !35 - Fix deprecation warning * !37 - Provide systemd spice-vdagent.service OBS-URL: https://build.opensuse.org/package/show/Virtualization/spice-vdagent?expand=0&rev=45 --- spice-vdagent-0.21.0.tar.bz2 | 3 --- spice-vdagent-0.21.0.tar.bz2.sig | Bin 310 -> 0 bytes spice-vdagent-0.22.0.tar.bz2 | 3 +++ spice-vdagent.changes | 9 +++++++++ spice-vdagent.spec | 7 ++++--- 5 files changed, 16 insertions(+), 6 deletions(-) delete mode 100644 spice-vdagent-0.21.0.tar.bz2 delete mode 100644 spice-vdagent-0.21.0.tar.bz2.sig create mode 100644 spice-vdagent-0.22.0.tar.bz2 diff --git a/spice-vdagent-0.21.0.tar.bz2 b/spice-vdagent-0.21.0.tar.bz2 deleted file mode 100644 index 5bae9bb..0000000 --- a/spice-vdagent-0.21.0.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:fd575fd23c54fa5a7ff5d66069638510a669c332c5f86082cfb39a7d03a31259 -size 164103 diff --git a/spice-vdagent-0.21.0.tar.bz2.sig b/spice-vdagent-0.21.0.tar.bz2.sig deleted file mode 100644 index 4389f58ba81a3bafa9a36bea8d360327cc2c2ccbc9bd36aacc1235e5e18aae40..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 310 zcmV-60m=S}0W$;u0SEvc79j*Z0a49{%TY_Gc7ED&sm!*2+PSX<0$={Q82}0i5OS%^ zwtw2WuQV_S0J0J>R(^DR>;pQM!-(2?3kwsR--h?|jR#`TF$Eln+Zk2I=n3lp@S))( z3Vj6vbs{a97Mj{tAnoCA>f^|pSl@xPTlw=^(rLSLU@tpR8FkmglUH(Z{e9*-my6;{ zIoW;BmJh-{Wi>q5P8_#87|7@iT2pLg+QjbSKIuH3;Pu*TJ=h1BPXL7ub5_=r z-(IWRLg;wme5c5--oP83%Ez0c< IzMWDzKZ_=r^Z)<= diff --git a/spice-vdagent-0.22.0.tar.bz2 b/spice-vdagent-0.22.0.tar.bz2 new file mode 100644 index 0000000..a5488f1 --- /dev/null +++ b/spice-vdagent-0.22.0.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:553597a2ee3dcecd687db3fd92c6b6bb460260a53879d914ae9619ce81a8fb93 +size 165500 diff --git a/spice-vdagent.changes b/spice-vdagent.changes index a663153..1d6c493 100644 --- a/spice-vdagent.changes +++ b/spice-vdagent.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Fri Feb 11 11:25:16 MST 2022 - carnold@suse.com + +- Update to version 0.22.0. Features and Issues addressed: + * !40 - Handle side mouse buttons + * !39 - Set retry limit to connect to vdagentd and improve logging error + * !35 - Fix deprecation warning + * !37 - Provide systemd spice-vdagent.service + ------------------------------------------------------------------- Fri Jan 15 16:51:11 UTC 2021 - Bruce Rogers diff --git a/spice-vdagent.spec b/spice-vdagent.spec index 4f30d8e..65569f9 100644 --- a/spice-vdagent.spec +++ b/spice-vdagent.spec @@ -1,7 +1,7 @@ # # spec file for package spice-vdagent # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # Copyright (c) 2014 B1 Systems GmbH, Vohburg, Germany. # # All modifications and additions to the file contributed by third parties @@ -21,14 +21,14 @@ %bcond_with session_info_test Name: spice-vdagent -Version: 0.21.0 +Version: 0.22.0 Release: 0 Summary: Agent for Spice guests License: GPL-3.0-or-later Group: System/Daemons URL: http://spice-space.org/ Source: http://spice-space.org/download/releases/%{name}-%{version}.tar.bz2 -Source1: http://spice-space.org/download/releases/%{name}-%{version}.tar.bz2.sig +###Source1: http://spice-space.org/download/releases/%{name}-%{version}.tar.bz2.sig Source2: %{name}.keyring BuildRequires: alsa-devel >= 1.0.22 @@ -116,6 +116,7 @@ fi %{_udevrulesdir}/70-spice-vdagentd.rules %{_unitdir}/spice-vdagentd.service %{_unitdir}/spice-vdagentd.socket +%{_prefix}/lib/systemd/user/spice-vdagent.service %{_tmpfilesdir}/spice-vdagentd.conf %{_bindir}/spice-vdagent %{_sbindir}/spice-vdagentd From 24a8a8377c253e2ecb339126e2bbef7c67fbb18d54c5f39181fcb5bbff42b287 Mon Sep 17 00:00:00 2001 From: Charles Arnold Date: Mon, 14 Feb 2022 19:58:51 +0000 Subject: [PATCH 2/4] - Update to version 0.22.1. Features and Issues addressed: Do not process X11 events in vdagent_x11_create OBS-URL: https://build.opensuse.org/package/show/Virtualization/spice-vdagent?expand=0&rev=46 --- spice-vdagent-0.22.0.tar.bz2 | 3 --- spice-vdagent-0.22.1.tar.bz2 | 3 +++ spice-vdagent.changes | 3 ++- spice-vdagent.spec | 2 +- 4 files changed, 6 insertions(+), 5 deletions(-) delete mode 100644 spice-vdagent-0.22.0.tar.bz2 create mode 100644 spice-vdagent-0.22.1.tar.bz2 diff --git a/spice-vdagent-0.22.0.tar.bz2 b/spice-vdagent-0.22.0.tar.bz2 deleted file mode 100644 index a5488f1..0000000 --- a/spice-vdagent-0.22.0.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:553597a2ee3dcecd687db3fd92c6b6bb460260a53879d914ae9619ce81a8fb93 -size 165500 diff --git a/spice-vdagent-0.22.1.tar.bz2 b/spice-vdagent-0.22.1.tar.bz2 new file mode 100644 index 0000000..f829326 --- /dev/null +++ b/spice-vdagent-0.22.1.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:93b0d15aca4762cc7d379b179a7101149dbaed62b72112fffb2b3e90b11687a0 +size 165560 diff --git a/spice-vdagent.changes b/spice-vdagent.changes index 1d6c493..178089d 100644 --- a/spice-vdagent.changes +++ b/spice-vdagent.changes @@ -1,11 +1,12 @@ ------------------------------------------------------------------- Fri Feb 11 11:25:16 MST 2022 - carnold@suse.com -- Update to version 0.22.0. Features and Issues addressed: +- Update to version 0.22.1. Features and Issues addressed: * !40 - Handle side mouse buttons * !39 - Set retry limit to connect to vdagentd and improve logging error * !35 - Fix deprecation warning * !37 - Provide systemd spice-vdagent.service + Do not process X11 events in vdagent_x11_create ------------------------------------------------------------------- Fri Jan 15 16:51:11 UTC 2021 - Bruce Rogers diff --git a/spice-vdagent.spec b/spice-vdagent.spec index 65569f9..7a1fc71 100644 --- a/spice-vdagent.spec +++ b/spice-vdagent.spec @@ -21,7 +21,7 @@ %bcond_with session_info_test Name: spice-vdagent -Version: 0.22.0 +Version: 0.22.1 Release: 0 Summary: Agent for Spice guests License: GPL-3.0-or-later From e9323a2edfdacba6e002bd7992a6dde1f299db02eee234b4c667fe3b5c25a750 Mon Sep 17 00:00:00 2001 From: Charles Arnold Date: Mon, 14 Feb 2022 20:06:58 +0000 Subject: [PATCH 3/4] - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_spice-vdagentd.service.patch OBS-URL: https://build.opensuse.org/package/show/Virtualization/spice-vdagent?expand=0&rev=47 --- harden_spice-vdagentd.service.patch | 22 ++++++++++++++++++++++ spice-vdagent.changes | 6 ++++++ spice-vdagent.spec | 3 ++- 3 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 harden_spice-vdagentd.service.patch diff --git a/harden_spice-vdagentd.service.patch b/harden_spice-vdagentd.service.patch new file mode 100644 index 0000000..596cbf8 --- /dev/null +++ b/harden_spice-vdagentd.service.patch @@ -0,0 +1,22 @@ +Index: spice-vdagent-0.21.0/data/spice-vdagentd.service +=================================================================== +--- spice-vdagent-0.21.0.orig/data/spice-vdagentd.service ++++ spice-vdagent-0.21.0/data/spice-vdagentd.service +@@ -9,6 +9,17 @@ EnvironmentFile=-/etc/sysconfig/spice-vd + ExecStart=/usr/sbin/spice-vdagentd $SPICE_VDAGENTD_EXTRA_ARGS + PIDFile=/run/spice-vdagentd/spice-vdagentd.pid + PrivateTmp=true ++# added automatically, for details please see ++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort ++ProtectSystem=full ++ProtectHome=true ++ProtectHostname=true ++ProtectKernelTunables=true ++ProtectKernelModules=true ++ProtectKernelLogs=true ++ProtectControlGroups=true ++RestrictRealtime=true ++# end of automatic additions + Restart=on-failure + + [Install] diff --git a/spice-vdagent.changes b/spice-vdagent.changes index 178089d..ac38c34 100644 --- a/spice-vdagent.changes +++ b/spice-vdagent.changes @@ -8,6 +8,12 @@ Fri Feb 11 11:25:16 MST 2022 - carnold@suse.com * !37 - Provide systemd spice-vdagent.service Do not process X11 events in vdagent_x11_create +------------------------------------------------------------------- +Thu Dec 16 16:05:34 UTC 2021 - Johannes Segitz + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_spice-vdagentd.service.patch + ------------------------------------------------------------------- Fri Jan 15 16:51:11 UTC 2021 - Bruce Rogers diff --git a/spice-vdagent.spec b/spice-vdagent.spec index 7a1fc71..cdc76b3 100644 --- a/spice-vdagent.spec +++ b/spice-vdagent.spec @@ -28,8 +28,8 @@ License: GPL-3.0-or-later Group: System/Daemons URL: http://spice-space.org/ Source: http://spice-space.org/download/releases/%{name}-%{version}.tar.bz2 -###Source1: http://spice-space.org/download/releases/%{name}-%{version}.tar.bz2.sig Source2: %{name}.keyring +Patch0: harden_spice-vdagentd.service.patch BuildRequires: alsa-devel >= 1.0.22 BuildRequires: desktop-file-utils @@ -65,6 +65,7 @@ Features: %prep %setup -q +%patch0 -p1 %build autoreconf From 8ee18bdcf9c3a0603babfb07910e3ec398536952c1537d90ecff5be45349893c Mon Sep 17 00:00:00 2001 From: Charles Arnold Date: Mon, 14 Feb 2022 20:47:05 +0000 Subject: [PATCH 4/4] Drop upstream signature file as having "No public key" OBS-URL: https://build.opensuse.org/package/show/Virtualization/spice-vdagent?expand=0&rev=48 --- spice-vdagent.changes | 1 + 1 file changed, 1 insertion(+) diff --git a/spice-vdagent.changes b/spice-vdagent.changes index ac38c34..db0daf7 100644 --- a/spice-vdagent.changes +++ b/spice-vdagent.changes @@ -7,6 +7,7 @@ Fri Feb 11 11:25:16 MST 2022 - carnold@suse.com * !35 - Fix deprecation warning * !37 - Provide systemd spice-vdagent.service Do not process X11 events in vdagent_x11_create + Drop upstream signature file as having "No public key" ------------------------------------------------------------------- Thu Dec 16 16:05:34 UTC 2021 - Johannes Segitz