[Touch-packages] [Bug 1200296] Re: [MIR] spice-vdagent
https://launchpad.net/ubuntu/+source/ubuntu-meta/1.412 ** Changed in: ubuntu-meta (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu. https://bugs.launchpad.net/bugs/1200296 Title: [MIR] spice-vdagent Status in spice-vdagent package in Ubuntu: Fix Released Status in ubuntu-meta package in Ubuntu: Fix Released Bug description: Availability Built for all supported architectures. In sync with Debian except for one cherry-picked patch to hide spice- vdagent from Startup Applications. Rationale = "spice-vdagent adds some nice features to guest systems running over SPICE: copy and paste between guest and host, arbitrary resolution support, ... It's also very tiny (40kB compressed, less than 200kB installed) and won't startup when not running in a SPICE guest. Shipping it on the desktop ISOs will improve the user experience when using SPICE (eg in GNOME Boxes), and will have no impact on other use cases, so it would be really nice to add this package to the ISO." Ubuntu GNOME 16.10 and 17.04 included it in the default install. Security No known open security vulnerabilities. https://rhn.redhat.com/errata/RHSA-2013-0924.html (CVE-2013-2152) Quality assurance = Bug subscriber: Ubuntu Desktop Bugs https://bugs.launchpad.net/ubuntu/+source/spice-vdagent https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=spice-vdagent https://bugs.freedesktop.org/buglist.cgi?bug_status=__open__=unix agent=Spice No tests. Dependencies check-mir reports all other binary dependencies are in main Standards compliance 3.9.8 Maintenance === - Actively developed upstream https://cgit.freedesktop.org/spice/linux/vd_agent/log/ https://anonscm.debian.org/git/collab-maint/spice-vdagent.git - Maintained in Debian by the same Debian Developer who maintains the other Spice packages. short dh7 style rules, dh compat 10 Background information == N/A To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spice-vdagent/+bug/1200296/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1200296] Re: [MIR] spice-vdagent
Override component to main spice-vdagent 0.17.0-1ubuntu2 in bionic: universe/x11 -> main spice-vdagent 0.17.0-1ubuntu2 in bionic amd64: universe/x11/optional/100% -> main spice-vdagent 0.17.0-1ubuntu2 in bionic arm64: universe/x11/optional/100% -> main spice-vdagent 0.17.0-1ubuntu2 in bionic armhf: universe/x11/optional/100% -> main spice-vdagent 0.17.0-1ubuntu2 in bionic i386: universe/x11/optional/100% -> main spice-vdagent 0.17.0-1ubuntu2 in bionic ppc64el: universe/x11/optional/100% -> main spice-vdagent 0.17.0-1ubuntu2 in bionic s390x: universe/x11/optional/100% -> main 7 publications overridden. ** Changed in: spice-vdagent (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu. https://bugs.launchpad.net/bugs/1200296 Title: [MIR] spice-vdagent Status in spice-vdagent package in Ubuntu: Fix Released Status in ubuntu-meta package in Ubuntu: Fix Committed Bug description: Availability Built for all supported architectures. In sync with Debian except for one cherry-picked patch to hide spice- vdagent from Startup Applications. Rationale = "spice-vdagent adds some nice features to guest systems running over SPICE: copy and paste between guest and host, arbitrary resolution support, ... It's also very tiny (40kB compressed, less than 200kB installed) and won't startup when not running in a SPICE guest. Shipping it on the desktop ISOs will improve the user experience when using SPICE (eg in GNOME Boxes), and will have no impact on other use cases, so it would be really nice to add this package to the ISO." Ubuntu GNOME 16.10 and 17.04 included it in the default install. Security No known open security vulnerabilities. https://rhn.redhat.com/errata/RHSA-2013-0924.html (CVE-2013-2152) Quality assurance = Bug subscriber: Ubuntu Desktop Bugs https://bugs.launchpad.net/ubuntu/+source/spice-vdagent https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=spice-vdagent https://bugs.freedesktop.org/buglist.cgi?bug_status=__open__=unix agent=Spice No tests. Dependencies check-mir reports all other binary dependencies are in main Standards compliance 3.9.8 Maintenance === - Actively developed upstream https://cgit.freedesktop.org/spice/linux/vd_agent/log/ https://anonscm.debian.org/git/collab-maint/spice-vdagent.git - Maintained in Debian by the same Debian Developer who maintains the other Spice packages. short dh7 style rules, dh compat 10 Background information == N/A To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spice-vdagent/+bug/1200296/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1200296] Re: [MIR] spice-vdagent
Confirmed that the security fix at the URL below is include in the package as git_cve-2017-15108.patch: https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61 ** Changed in: spice-vdagent (Ubuntu) Assignee: (unassigned) => Andy Whitcroft (apw) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu. https://bugs.launchpad.net/bugs/1200296 Title: [MIR] spice-vdagent Status in spice-vdagent package in Ubuntu: Fix Released Status in ubuntu-meta package in Ubuntu: Fix Committed Bug description: Availability Built for all supported architectures. In sync with Debian except for one cherry-picked patch to hide spice- vdagent from Startup Applications. Rationale = "spice-vdagent adds some nice features to guest systems running over SPICE: copy and paste between guest and host, arbitrary resolution support, ... It's also very tiny (40kB compressed, less than 200kB installed) and won't startup when not running in a SPICE guest. Shipping it on the desktop ISOs will improve the user experience when using SPICE (eg in GNOME Boxes), and will have no impact on other use cases, so it would be really nice to add this package to the ISO." Ubuntu GNOME 16.10 and 17.04 included it in the default install. Security No known open security vulnerabilities. https://rhn.redhat.com/errata/RHSA-2013-0924.html (CVE-2013-2152) Quality assurance = Bug subscriber: Ubuntu Desktop Bugs https://bugs.launchpad.net/ubuntu/+source/spice-vdagent https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=spice-vdagent https://bugs.freedesktop.org/buglist.cgi?bug_status=__open__=unix agent=Spice No tests. Dependencies check-mir reports all other binary dependencies are in main Standards compliance 3.9.8 Maintenance === - Actively developed upstream https://cgit.freedesktop.org/spice/linux/vd_agent/log/ https://anonscm.debian.org/git/collab-maint/spice-vdagent.git - Maintained in Debian by the same Debian Developer who maintains the other Spice packages. short dh7 style rules, dh compat 10 Background information == N/A To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spice-vdagent/+bug/1200296/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1200296] Re: [MIR] spice-vdagent
** Changed in: ubuntu-meta (Ubuntu) Status: Confirmed => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu. https://bugs.launchpad.net/bugs/1200296 Title: [MIR] spice-vdagent Status in spice-vdagent package in Ubuntu: Fix Committed Status in ubuntu-meta package in Ubuntu: Fix Committed Bug description: Availability Built for all supported architectures. In sync with Debian except for one cherry-picked patch to hide spice- vdagent from Startup Applications. Rationale = "spice-vdagent adds some nice features to guest systems running over SPICE: copy and paste between guest and host, arbitrary resolution support, ... It's also very tiny (40kB compressed, less than 200kB installed) and won't startup when not running in a SPICE guest. Shipping it on the desktop ISOs will improve the user experience when using SPICE (eg in GNOME Boxes), and will have no impact on other use cases, so it would be really nice to add this package to the ISO." Ubuntu GNOME 16.10 and 17.04 included it in the default install. Security No known open security vulnerabilities. https://rhn.redhat.com/errata/RHSA-2013-0924.html (CVE-2013-2152) Quality assurance = Bug subscriber: Ubuntu Desktop Bugs https://bugs.launchpad.net/ubuntu/+source/spice-vdagent https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=spice-vdagent https://bugs.freedesktop.org/buglist.cgi?bug_status=__open__=unix agent=Spice No tests. Dependencies check-mir reports all other binary dependencies are in main Standards compliance 3.9.8 Maintenance === - Actively developed upstream https://cgit.freedesktop.org/spice/linux/vd_agent/log/ https://anonscm.debian.org/git/collab-maint/spice-vdagent.git - Maintained in Debian by the same Debian Developer who maintains the other Spice packages. short dh7 style rules, dh compat 10 Background information == N/A To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spice-vdagent/+bug/1200296/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1200296] Re: [MIR] spice-vdagent
** Changed in: spice-vdagent (Ubuntu) Status: Confirmed => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu. https://bugs.launchpad.net/bugs/1200296 Title: [MIR] spice-vdagent Status in spice-vdagent package in Ubuntu: Fix Committed Status in ubuntu-meta package in Ubuntu: Confirmed Bug description: Availability Built for all supported architectures. In sync with Debian except for one cherry-picked patch to hide spice- vdagent from Startup Applications. Rationale = "spice-vdagent adds some nice features to guest systems running over SPICE: copy and paste between guest and host, arbitrary resolution support, ... It's also very tiny (40kB compressed, less than 200kB installed) and won't startup when not running in a SPICE guest. Shipping it on the desktop ISOs will improve the user experience when using SPICE (eg in GNOME Boxes), and will have no impact on other use cases, so it would be really nice to add this package to the ISO." Ubuntu GNOME 16.10 and 17.04 included it in the default install. Security No known open security vulnerabilities. https://rhn.redhat.com/errata/RHSA-2013-0924.html (CVE-2013-2152) Quality assurance = Bug subscriber: Ubuntu Desktop Bugs https://bugs.launchpad.net/ubuntu/+source/spice-vdagent https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=spice-vdagent https://bugs.freedesktop.org/buglist.cgi?bug_status=__open__=unix agent=Spice No tests. Dependencies check-mir reports all other binary dependencies are in main Standards compliance 3.9.8 Maintenance === - Actively developed upstream https://cgit.freedesktop.org/spice/linux/vd_agent/log/ https://anonscm.debian.org/git/collab-maint/spice-vdagent.git - Maintained in Debian by the same Debian Developer who maintains the other Spice packages. short dh7 style rules, dh compat 10 Background information == N/A To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spice-vdagent/+bug/1200296/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1200296] Re: [MIR] spice-vdagent
I reviewed spice-vdagent 0.17.0-1ubuntu1 as checked into zesty. This shouldn't be considered a full audit but rather a quick gauge of maintainability. spice-vdagent provides some services between virtual machine host and guests to make the experience less jarring. One CVE is in our database for the Windows client. - Build-Depends: debhelper, pkg-config, dh-systemd, libspice-protocol-dev, libdbus-1-dev, libx11-dev, libxrandr-dev, libxfixes-dev, desktop-file-utils, libxinerama-dev, libpciaccess-dev, autoconf, automake, libglib2.0-dev, systemd, libsystemd-dev, libasound2-dev - Provides a client and server; both daemonize - pre/post inst/rm scripts automatically generated - spice-vdagent init script starts the guest daemon, modprobes uinput - spice-vdagentd and spice-vdagent systemd service files, start their daemons - no dbus services - No setuid or setgid files - Two executables in PATH /usr/bin/spice-vdagent and /usr/sbin/spice-vdagentd - No sudo fragments - One udev rule for virtio-ports - No test suite - No cron - Clean build logs - Subprocesses spawned using system(), unsafe construction, reported upstream - Memory management looked good enough; some cases of malloc(a*b) but 'b' was often 4, 8, maybe 16, and 'a' calculated from data on the wire in a fashion that looked difficult to really abuse. - File IO looked safe except for uses of system() - Logging looked safe - No environment variable use - chmod(socket, 0666) looked out of place - other privileged ioctl() calls looked fine - No cryptography - Does networking; a quick skim looked like all Unix Domain Sockets - I didn't see privileged portions of the code - No tmp files - No WebKit - No PolicyKit - Clean cppcheck Here's some notes I collected while reviewing spice-vdagent: - vdagent_file_xfers_data() does not escape xfers->save_dir before giving it to the shell (CVE-2017-15108 was assigned for this issue) - vdagent_file_xfers_data() does not check snprintf() return code; a too-long xfers->save_dir could cause the & or ' or any number of other characters to go missing. - daemonize() from ./src/vdagentd.c only forks once - daemonize() from ./src/vdagent.c only forks once - why does main() in ./src/vdagentd.c set vdagentd_socket to 0666 This symlink looks out of place: /usr/share/gdm/greeter/autostart/spice-vdagent.desktop -> /etc/xdg/autostart/spice-vdagent.desktop Please make sure https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61 is included in our package before promoting the package. Security team ACK for promoting spice-vdagent to main. Thanks ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-15108 ** Changed in: spice-vdagent (Ubuntu) Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu. https://bugs.launchpad.net/bugs/1200296 Title: [MIR] spice-vdagent Status in spice-vdagent package in Ubuntu: Confirmed Status in ubuntu-meta package in Ubuntu: Confirmed Bug description: Availability Built for all supported architectures. In sync with Debian except for one cherry-picked patch to hide spice- vdagent from Startup Applications. Rationale = "spice-vdagent adds some nice features to guest systems running over SPICE: copy and paste between guest and host, arbitrary resolution support, ... It's also very tiny (40kB compressed, less than 200kB installed) and won't startup when not running in a SPICE guest. Shipping it on the desktop ISOs will improve the user experience when using SPICE (eg in GNOME Boxes), and will have no impact on other use cases, so it would be really nice to add this package to the ISO." Ubuntu GNOME 16.10 and 17.04 included it in the default install. Security No known open security vulnerabilities. https://rhn.redhat.com/errata/RHSA-2013-0924.html (CVE-2013-2152) Quality assurance = Bug subscriber: Ubuntu Desktop Bugs https://bugs.launchpad.net/ubuntu/+source/spice-vdagent https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=spice-vdagent https://bugs.freedesktop.org/buglist.cgi?bug_status=__open__=unix agent=Spice No tests. Dependencies check-mir reports all other binary dependencies are in main Standards compliance 3.9.8 Maintenance === - Actively developed upstream https://cgit.freedesktop.org/spice/linux/vd_agent/log/ https://anonscm.debian.org/git/collab-maint/spice-vdagent.git - Maintained in Debian by the same Debian Developer who maintains the other Spice packages. short dh7 style rules, dh compat 10 Background information == N/A To manage notifications about this bug go to:
[Touch-packages] [Bug 1200296] Re: [MIR] spice-vdagent
Can we have that checked before FF by the security team? Most of popular distros are shipping it by default and the VM experience is the first one people may get. Would be bad to get ubuntu showing off not optimized default acceleration/integration in a VM. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu. https://bugs.launchpad.net/bugs/1200296 Title: [MIR] spice-vdagent Status in spice-vdagent package in Ubuntu: Confirmed Status in ubuntu-meta package in Ubuntu: Confirmed Bug description: Availability Built for all supported architectures. In sync with Debian except for one cherry-picked patch to hide spice- vdagent from Startup Applications. Rationale = "spice-vdagent adds some nice features to guest systems running over SPICE: copy and paste between guest and host, arbitrary resolution support, ... It's also very tiny (40kB compressed, less than 200kB installed) and won't startup when not running in a SPICE guest. Shipping it on the desktop ISOs will improve the user experience when using SPICE (eg in GNOME Boxes), and will have no impact on other use cases, so it would be really nice to add this package to the ISO." Ubuntu GNOME 16.10 and 17.04 included it in the default install. Security No known open security vulnerabilities. https://rhn.redhat.com/errata/RHSA-2013-0924.html (CVE-2013-2152) Quality assurance = Bug subscriber: Ubuntu Desktop Bugs https://bugs.launchpad.net/ubuntu/+source/spice-vdagent https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=spice-vdagent https://bugs.freedesktop.org/buglist.cgi?bug_status=__open__=unix agent=Spice No tests. Dependencies check-mir reports all other binary dependencies are in main Standards compliance 3.9.8 Maintenance === - Actively developed upstream https://cgit.freedesktop.org/spice/linux/vd_agent/log/ https://anonscm.debian.org/git/collab-maint/spice-vdagent.git - Maintained in Debian by the same Debian Developer who maintains the other Spice packages. short dh7 style rules, dh compat 10 Background information == N/A To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spice-vdagent/+bug/1200296/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1200296] Re: [MIR] spice-vdagent
security team: ping? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu. https://bugs.launchpad.net/bugs/1200296 Title: [MIR] spice-vdagent Status in spice-vdagent package in Ubuntu: Confirmed Status in ubuntu-meta package in Ubuntu: Confirmed Bug description: Availability Built for all supported architectures. In sync with Debian except for one cherry-picked patch to hide spice- vdagent from Startup Applications. Rationale = "spice-vdagent adds some nice features to guest systems running over SPICE: copy and paste between guest and host, arbitrary resolution support, ... It's also very tiny (40kB compressed, less than 200kB installed) and won't startup when not running in a SPICE guest. Shipping it on the desktop ISOs will improve the user experience when using SPICE (eg in GNOME Boxes), and will have no impact on other use cases, so it would be really nice to add this package to the ISO." Ubuntu GNOME 16.10 and 17.04 included it in the default install. Security No known open security vulnerabilities. https://rhn.redhat.com/errata/RHSA-2013-0924.html (CVE-2013-2152) Quality assurance = Bug subscriber: Ubuntu Desktop Bugs https://bugs.launchpad.net/ubuntu/+source/spice-vdagent https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=spice-vdagent https://bugs.freedesktop.org/buglist.cgi?bug_status=__open__=unix agent=Spice No tests. Dependencies check-mir reports all other binary dependencies are in main Standards compliance 3.9.8 Maintenance === - Actively developed upstream https://cgit.freedesktop.org/spice/linux/vd_agent/log/ https://anonscm.debian.org/git/collab-maint/spice-vdagent.git - Maintained in Debian by the same Debian Developer who maintains the other Spice packages. short dh7 style rules, dh compat 10 Background information == N/A To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spice-vdagent/+bug/1200296/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1200296] Re: [MIR] spice-vdagent
** Description changed: Availability Built for all supported architectures. In sync with Debian except for one cherry-picked patch to hide spice- vdagent from Startup Applications. Rationale = "spice-vdagent adds some nice features to guest systems running over SPICE: copy and paste between guest and host, arbitrary resolution support, ... It's also very tiny (40kB compressed, less than 200kB installed) and won't startup when not running in a SPICE guest. Shipping it on the desktop ISOs will improve the user experience when using SPICE (eg in GNOME Boxes), and will have no impact on other use cases, so it would be really nice to add this package to the ISO." Ubuntu GNOME 16.10 and 17.04 included it in the default install. Security No known open security vulnerabilities. https://rhn.redhat.com/errata/RHSA-2013-0924.html (CVE-2013-2152) Quality assurance = - Bug subscriber: Ubuntu Desktop Bugs? or Ubuntu Server since they watch other spice packages? + Bug subscriber: Ubuntu Desktop Bugs https://bugs.launchpad.net/ubuntu/+source/spice-vdagent https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=spice-vdagent https://bugs.freedesktop.org/buglist.cgi?bug_status=__open__=unix agent=Spice No tests. Dependencies check-mir reports all other binary dependencies are in main Standards compliance 3.9.8 Maintenance === - Actively developed upstream https://cgit.freedesktop.org/spice/linux/vd_agent/log/ https://anonscm.debian.org/git/collab-maint/spice-vdagent.git - Maintained in Debian by the same Debian Developer who maintains the other Spice packages. short dh7 style rules, dh compat 10 Background information == N/A -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu. https://bugs.launchpad.net/bugs/1200296 Title: [MIR] spice-vdagent Status in spice-vdagent package in Ubuntu: Confirmed Status in ubuntu-meta package in Ubuntu: Confirmed Bug description: Availability Built for all supported architectures. In sync with Debian except for one cherry-picked patch to hide spice- vdagent from Startup Applications. Rationale = "spice-vdagent adds some nice features to guest systems running over SPICE: copy and paste between guest and host, arbitrary resolution support, ... It's also very tiny (40kB compressed, less than 200kB installed) and won't startup when not running in a SPICE guest. Shipping it on the desktop ISOs will improve the user experience when using SPICE (eg in GNOME Boxes), and will have no impact on other use cases, so it would be really nice to add this package to the ISO." Ubuntu GNOME 16.10 and 17.04 included it in the default install. Security No known open security vulnerabilities. https://rhn.redhat.com/errata/RHSA-2013-0924.html (CVE-2013-2152) Quality assurance = Bug subscriber: Ubuntu Desktop Bugs https://bugs.launchpad.net/ubuntu/+source/spice-vdagent https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=spice-vdagent https://bugs.freedesktop.org/buglist.cgi?bug_status=__open__=unix agent=Spice No tests. Dependencies check-mir reports all other binary dependencies are in main Standards compliance 3.9.8 Maintenance === - Actively developed upstream https://cgit.freedesktop.org/spice/linux/vd_agent/log/ https://anonscm.debian.org/git/collab-maint/spice-vdagent.git - Maintained in Debian by the same Debian Developer who maintains the other Spice packages. short dh7 style rules, dh compat 10 Background information == N/A To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spice-vdagent/+bug/1200296/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1200296] Re: [MIR] spice-vdagent
Please also make sure to update ubuntu-meta / seed; if nothing brings in the package, it won't stay in main. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu. https://bugs.launchpad.net/bugs/1200296 Title: [MIR] spice-vdagent Status in spice-vdagent package in Ubuntu: Confirmed Status in ubuntu-meta package in Ubuntu: Confirmed Bug description: Availability Built for all supported architectures. In sync with Debian except for one cherry-picked patch to hide spice- vdagent from Startup Applications. Rationale = "spice-vdagent adds some nice features to guest systems running over SPICE: copy and paste between guest and host, arbitrary resolution support, ... It's also very tiny (40kB compressed, less than 200kB installed) and won't startup when not running in a SPICE guest. Shipping it on the desktop ISOs will improve the user experience when using SPICE (eg in GNOME Boxes), and will have no impact on other use cases, so it would be really nice to add this package to the ISO." Ubuntu GNOME 16.10 and 17.04 included it in the default install. Security No known open security vulnerabilities. https://rhn.redhat.com/errata/RHSA-2013-0924.html (CVE-2013-2152) Quality assurance = Bug subscriber: Ubuntu Desktop Bugs? or Ubuntu Server since they watch other spice packages? https://bugs.launchpad.net/ubuntu/+source/spice-vdagent https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=spice-vdagent https://bugs.freedesktop.org/buglist.cgi?bug_status=__open__=unix agent=Spice No tests. Dependencies check-mir reports all other binary dependencies are in main Standards compliance 3.9.8 Maintenance === - Actively developed upstream https://cgit.freedesktop.org/spice/linux/vd_agent/log/ https://anonscm.debian.org/git/collab-maint/spice-vdagent.git - Maintained in Debian by the same Debian Developer who maintains the other Spice packages. short dh7 style rules, dh compat 10 Background information == N/A To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spice-vdagent/+bug/1200296/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1200296] Re: [MIR] spice-vdagent
The package in general looks fine, properly maintained in Debian, and low effort to maintain in Ubuntu; so this part looks fine for the MIR. However, spice-vdagent is missing a team subscriber; please fix this. Finally, given the use of spice-vdagent to capture mouse and such, its tight integration with ConsoleKit for session handling, its clipboard capture, and mucking with X, randr, etc., this will require a review by the Security Team. ** Changed in: spice-vdagent (Ubuntu) Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu. https://bugs.launchpad.net/bugs/1200296 Title: [MIR] spice-vdagent Status in spice-vdagent package in Ubuntu: Confirmed Status in ubuntu-meta package in Ubuntu: Confirmed Bug description: Availability Built for all supported architectures. In sync with Debian except for one cherry-picked patch to hide spice- vdagent from Startup Applications. Rationale = "spice-vdagent adds some nice features to guest systems running over SPICE: copy and paste between guest and host, arbitrary resolution support, ... It's also very tiny (40kB compressed, less than 200kB installed) and won't startup when not running in a SPICE guest. Shipping it on the desktop ISOs will improve the user experience when using SPICE (eg in GNOME Boxes), and will have no impact on other use cases, so it would be really nice to add this package to the ISO." Ubuntu GNOME 16.10 and 17.04 included it in the default install. Security No known open security vulnerabilities. https://rhn.redhat.com/errata/RHSA-2013-0924.html (CVE-2013-2152) Quality assurance = Bug subscriber: Ubuntu Desktop Bugs? or Ubuntu Server since they watch other spice packages? https://bugs.launchpad.net/ubuntu/+source/spice-vdagent https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=spice-vdagent https://bugs.freedesktop.org/buglist.cgi?bug_status=__open__=unix agent=Spice No tests. Dependencies check-mir reports all other binary dependencies are in main Standards compliance 3.9.8 Maintenance === - Actively developed upstream https://cgit.freedesktop.org/spice/linux/vd_agent/log/ https://anonscm.debian.org/git/collab-maint/spice-vdagent.git - Maintained in Debian by the same Debian Developer who maintains the other Spice packages. short dh7 style rules, dh compat 10 Background information == N/A To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spice-vdagent/+bug/1200296/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1200296] Re: [MIR] spice-vdagent
** Description changed: - spice-vdagent adds some nice features to guest systems running over SPICE: copy and paste between guest and host, arbitrary resolution support, ... It's also very tiny (40kB compressed, less than 200kB installed) and won't startup when not running in a SPICE guest. - Shipping it on the desktop ISOs will improve the user experience when using SPICE (eg in GNOME Boxes), and will have no impact on other use cases, so it would be really nice to add this package to the ISO. + Availability + + Built for all supported architectures. + + In sync with Debian except for one cherry-picked patch to hide spice- + vdagent from Startup Applications. + + Rationale + = + "spice-vdagent adds some nice features to guest systems running over SPICE: copy and paste between guest and host, arbitrary resolution support, ... It's also very tiny (40kB compressed, less than 200kB installed) and won't startup when not running in a SPICE guest. + Shipping it on the desktop ISOs will improve the user experience when using SPICE (eg in GNOME Boxes), and will have no impact on other use cases, so it would be really nice to add this package to the ISO." + + Ubuntu GNOME 16.10 and 17.04 included it in the default install. + + Security + + No known open security vulnerabilities. + + https://rhn.redhat.com/errata/RHSA-2013-0924.html (CVE-2013-2152) + + Quality assurance + = + Bug subscriber: Ubuntu Desktop Bugs? or Ubuntu Server since they watch other spice packages? + + https://bugs.launchpad.net/ubuntu/+source/spice-vdagent + https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=spice-vdagent + https://bugs.freedesktop.org/buglist.cgi?bug_status=__open__=unix agent=Spice + + No tests. + + Dependencies + + check-mir reports all other binary dependencies are in main + + Standards compliance + + 3.9.8 + + Maintenance + === + - Actively developed upstream + https://cgit.freedesktop.org/spice/linux/vd_agent/log/ + https://anonscm.debian.org/git/collab-maint/spice-vdagent.git + + - Maintained in Debian by the same Debian Developer who maintains the + other Spice packages. + + short dh7 style rules, dh compat 10 + + Background information + == + N/A -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu. https://bugs.launchpad.net/bugs/1200296 Title: [MIR] spice-vdagent Status in spice-vdagent package in Ubuntu: Confirmed Status in ubuntu-meta package in Ubuntu: Confirmed Bug description: Availability Built for all supported architectures. In sync with Debian except for one cherry-picked patch to hide spice- vdagent from Startup Applications. Rationale = "spice-vdagent adds some nice features to guest systems running over SPICE: copy and paste between guest and host, arbitrary resolution support, ... It's also very tiny (40kB compressed, less than 200kB installed) and won't startup when not running in a SPICE guest. Shipping it on the desktop ISOs will improve the user experience when using SPICE (eg in GNOME Boxes), and will have no impact on other use cases, so it would be really nice to add this package to the ISO." Ubuntu GNOME 16.10 and 17.04 included it in the default install. Security No known open security vulnerabilities. https://rhn.redhat.com/errata/RHSA-2013-0924.html (CVE-2013-2152) Quality assurance = Bug subscriber: Ubuntu Desktop Bugs? or Ubuntu Server since they watch other spice packages? https://bugs.launchpad.net/ubuntu/+source/spice-vdagent https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=spice-vdagent https://bugs.freedesktop.org/buglist.cgi?bug_status=__open__=unix agent=Spice No tests. Dependencies check-mir reports all other binary dependencies are in main Standards compliance 3.9.8 Maintenance === - Actively developed upstream https://cgit.freedesktop.org/spice/linux/vd_agent/log/ https://anonscm.debian.org/git/collab-maint/spice-vdagent.git - Maintained in Debian by the same Debian Developer who maintains the other Spice packages. short dh7 style rules, dh compat 10 Background information == N/A To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spice-vdagent/+bug/1200296/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1200296] Re: [MIR] spice-vdagent
** Summary changed: - Please ship spice-vdagent on the livecd + [MIR] spice-vdagent -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu. https://bugs.launchpad.net/bugs/1200296 Title: [MIR] spice-vdagent Status in spice-vdagent package in Ubuntu: Confirmed Status in ubuntu-meta package in Ubuntu: Confirmed Bug description: spice-vdagent adds some nice features to guest systems running over SPICE: copy and paste between guest and host, arbitrary resolution support, ... It's also very tiny (40kB compressed, less than 200kB installed) and won't startup when not running in a SPICE guest. Shipping it on the desktop ISOs will improve the user experience when using SPICE (eg in GNOME Boxes), and will have no impact on other use cases, so it would be really nice to add this package to the ISO. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spice-vdagent/+bug/1200296/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp