Currently, spice-gtk will look in $HOME/.spicec/spice_truststore.pem
by default for its trust certificate store (to verify the certificates
used during SPICE TLS connections). However, these days a system-wide
trust store can be found in /etc/pki or /etc/ssl.
This commit checks at compile time wher
On 09/18/2013 01:43 AM, Daniel P. Berrange wrote:
> On Tue, Sep 17, 2013 at 12:38:03PM -0600, Eric Blake wrote:
>> [adding libvir-list, for some cross-compiling development hints]
>>
>> On 09/17/2013 11:57 AM, Fernando Lozano wrote:
>>
>>> Yes, the libvirt comes grom 0.10.2. I'm running the latest
On Wed, Sep 18, 2013 at 02:40:52PM +0200, Christophe Fergeau wrote:
> diff --git a/gtk/spice-channel.c b/gtk/spice-channel.c
> index b01b820..ab07453 100644
> --- a/gtk/spice-channel.c
> +++ b/gtk/spice-channel.c
> @@ -2159,6 +2159,7 @@ static int spice_channel_load_ca(SpiceChannel *channel)
>
Currently, spice-gtk will look in $HOME/.spicec/spice_truststore.pem
by default for its trust certificate store (to verify the certificates
used during SPICE TLS connections). However, these days a system-wide
trust store can be found in /etc/pki or /etc/ssl.
This commit checks at compile time wher
Hi,
On 09/17/2013 12:11 PM, Marc-André Lureau wrote:
On Mon, Sep 16, 2013 at 5:34 PM, Yonit Halperin wrote:
Hi,
'force' means: wait till there is no pipe item that references the surface.
If force = FALSE, try to release any such pipe item, but as long as it
doesn't require blocking.
On 09/
On Wed, Sep 18, 2013 at 2:40 PM, Christophe Fergeau wrote:
> Currently, spice-gtk will look in $HOME/.spicec/spice_truststore.pem
> by default for its trust certificate store (to verify the certificates
> used during SPICE TLS connections). However, these days a system-wide
> trust store can be fo
On Wed, Sep 18, 2013 at 3:01 PM, Marc-André Lureau
wrote:
> On Wed, Sep 18, 2013 at 2:40 PM, Christophe Fergeau
> wrote:
>> Currently, spice-gtk will look in $HOME/.spicec/spice_truststore.pem
>> by default for its trust certificate store (to verify the certificates
>> used during SPICE TLS conn
On Wed, Sep 18, 2013 at 03:01:56PM +0200, Marc-André Lureau wrote:
> On Wed, Sep 18, 2013 at 2:40 PM, Christophe Fergeau
> wrote:
> > Currently, spice-gtk will look in $HOME/.spicec/spice_truststore.pem
> > by default for its trust certificate store (to verify the certificates
> > used during SPI
On Wed, Sep 18, 2013 at 02:40:52PM +0200, Christophe Fergeau wrote:
> Currently, spice-gtk will look in $HOME/.spicec/spice_truststore.pem
> by default for its trust certificate store (to verify the certificates
> used during SPICE TLS connections). However, these days a system-wide
> trust store c
On Wed, Sep 18, 2013 at 03:03:57PM +0200, Marc-André Lureau wrote:
> >> -if (ca_file != NULL) {
> >> -int rc = SSL_CTX_load_verify_locations(c->ctx, ca_file, NULL);
> >> -if (rc != 1)
> >> -g_warning("loading ca certs from %s failed", ca_file);
> >> -else
> >
Hi
On Wed, Sep 18, 2013 at 2:58 PM, Yonit Halperin wrote:
> Hi,
>
>
> On 09/17/2013 12:11 PM, Marc-André Lureau wrote:
>>
>> On Mon, Sep 16, 2013 at 5:34 PM, Yonit Halperin
>> wrote:
>>>
>>> Hi,
>>>
>>> 'force' means: wait till there is no pipe item that references the
>>> surface.
>>> If force
On Wed, Sep 18, 2013 at 02:11:20PM +0100, Daniel P. Berrange wrote:
> For SPICE though, users are pretty unlikely to be purchasing certs
> from the commercial CA (protection racket) vendors. They'll almost
> certainly be using their own internal CA.
>
> The question is, would they be likely to ap
On Wed, Sep 18, 2013 at 03:24:36PM +0200, Christophe Fergeau wrote:
> On Wed, Sep 18, 2013 at 02:11:20PM +0100, Daniel P. Berrange wrote:
> > For SPICE though, users are pretty unlikely to be purchasing certs
> > from the commercial CA (protection racket) vendors. They'll almost
> > certainly be us
On 09/18/2013 09:19 AM, Marc-André Lureau wrote:
Hi
On Wed, Sep 18, 2013 at 2:58 PM, Yonit Halperin wrote:
Hi,
On 09/17/2013 12:11 PM, Marc-André Lureau wrote:
On Mon, Sep 16, 2013 at 5:34 PM, Yonit Halperin
wrote:
Hi,
'force' means: wait till there is no pipe item that references the
On Wed, Sep 18, 2013 at 3:34 PM, Yonit Halperin wrote:
> On 09/18/2013 09:19 AM, Marc-André Lureau wrote:
>>
>> Hi
>>
>> On Wed, Sep 18, 2013 at 2:58 PM, Yonit Halperin
>> wrote:
>>>
>>> Hi,
>>>
>>>
>>> On 09/17/2013 12:11 PM, Marc-André Lureau wrote:
On Mon, Sep 16, 2013 at 5:34 P
On 09/18/2013 03:46 AM, Daniel P. Berrange wrote:
> On Tue, Sep 17, 2013 at 02:38:52PM -0300, Fernando Lozano wrote:
>> Hi there,
>>
>> I am experimenting with different security settings for libvirtd, so
>> I can give sysadmins administrative access to the KVM hypervisor
>> without giving them roo
Hi there,
>>> When I try a "qemu+ssh" remote virsh connection evething works fine.
>>> But then I try the same URL using virt-manager, and then try to open
>>> a guest console, virt-manager prompts multiple times for a ssh login
>>> password.
>>>
>>> Is this a bug?
>> Each console rquires that we s
Hi,
I asked this before but as it was mixed with another question on the
same message I guess nobody noticed:
>>> I am experimenting with different security settings for libvirtd, so
>>> I can give sysadmins administrative access to the KVM hypervisor
>>> without giving them root access on the hos
On St, 2013-09-18 at 15:24 +0200, Christophe Fergeau wrote:
> On Wed, Sep 18, 2013 at 02:11:20PM +0100, Daniel P. Berrange wrote:
> > For SPICE though, users are pretty unlikely to be purchasing certs
> > from the commercial CA (protection racket) vendors. They'll almost
> > certainly be using thei
Hi,
>>> Can someone from the Spice community chime in? Why is
>>> spice-space.org shipping a Fedora 18 build of libvirt (0.10.2.x)
>>> rather than Fedora 19 (1.0.5.x)? Who does the builds, and how often
>>> are they updated?
>> I do builds when releasing new virt-viewer versions, and I use the lat
On 09/18/2013 08:19 AM, Fernando Lozano wrote:
> Hi,
Can someone from the Spice community chime in? Why is
spice-space.org shipping a Fedora 18 build of libvirt (0.10.2.x)
rather than Fedora 19 (1.0.5.x)? Who does the builds, and how often
are they updated?
>>> I do builds when
On Wed, Sep 18, 2013 at 08:24:26AM -0600, Eric Blake wrote:
> On 09/18/2013 08:19 AM, Fernando Lozano wrote:
> > Hi,
> Can someone from the Spice community chime in? Why is
> spice-space.org shipping a Fedora 18 build of libvirt (0.10.2.x)
> rather than Fedora 19 (1.0.5.x)? Who does
From: Colin Walters
This way we avoid a race condition if the parent execve()s a setuid
program (possibly this program). This fixes CVE-2013-4324
This is the same as the fix for pkexec which is CVE-2011-1485:
See: https://bugzilla.redhat.com/show_bug.cgi?id=692922
---
gtk/spice-client-glib-usb-
ACK, and pushed.
On 09/16/2013 11:13 AM, Aric Stewart wrote:
> Apologies I did not head these patches correctly.
>
> ---
> spicedataview.js | 12
> spicemsg.js | 6 ++
> spicetype.js | 15 ---
> 3 files changed, 18 insertions(+), 15 deletions(-)
>
>
> di
ACK, and pushed, thanks!
On 09/16/2013 11:13 AM, Aric Stewart wrote:
>
> Also converts the display cache from an array to an object. This is to help
> enforce proper sparceness of the data as well as make it easier to reliably
> fully delete a given cache entry without affecting access to the r
Hello!
The Spice team is pleased to release a new spice-gtk version 0.21,
with the following bug fixes and changes:
- improve inverted cursor support
- win32 usb redirected device uninstall fix
- add support for libusb hotplug API
- smartcard initialization fixes
- c&p converts line-endings if ne
On Tue, Sep 17, 2013 at 12:38:03PM -0600, Eric Blake wrote:
> [adding libvir-list, for some cross-compiling development hints]
>
> On 09/17/2013 11:57 AM, Fernando Lozano wrote:
>
> > Yes, the libvirt comes grom 0.10.2. I'm running the latest windows
> > binaries provided by spice-space.org:
> >
On Tue, Sep 17, 2013 at 02:38:52PM -0300, Fernando Lozano wrote:
> Hi there,
>
> I am experimenting with different security settings for libvirtd, so
> I can give sysadmins administrative access to the KVM hypervisor
> without giving them root access on the host. I had success using TLS
> (with cl
28 matches
Mail list logo
