이 콘텐츠는 선택한 언어로 제공되지 않습니다.
4.128. libcacard
Updated libcacard and spice-client packages that fix a number of bugs and add various enhancements are now available for Red Hat Enterprise Linux 6.
The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol designed for virtual environments. The spice-client package provides the client side of the
SPICE
protocol.
The libcacard package contains the Common Access Card (CAC) emulation library.
- BZ#723687
- The spice-client package has been upgraded to upstream version 0.8.2, which provides a number of bug fixes and enhancements over the previous version, including:
- Various code cleanup modifications, such as removing unused variables, dead code and typos, have been included.
- Several package build changes, such as enabling a silent build and a cleanup in the configure.ac script have been included.
- White spaces in values for the
--host-subject
command line option are now ignored. - A new
--version
command line option for thespicec
command has been added.
- BZ#723895
- The libcacard package has been upgraded to upstream version 0.15.0, which provides a number of bug fixes and enhancements over the previous version, including a fix for the following bug:
- Some AET middleware did not work correctly with the
CKM_RSA_X_590
encrypting mechanism even though it reported support for this mechanism. Consequently, if such middleware was used by libcacard virtual smart cards, smart cards failed to emulate any RSA authentication based operations, such as requesting a security pin or retrieving user certificates. The library has been modified to handleCKM_RSA_X590
failures by falling back to useCKM_RSA_PKCS
encryption. Virtual smart cards now work correctly with AET middleware.
Bug Fixes
- BZ#707122
- Although old SPICE-related packages (such as cairo-spice) are no longer required to be installed with the spice-client package, they were still needed by a previously installed spice-client or spice-server package. With the
Obsolete
lines in the package spec file, updating spice-client forced an update of spice-server as well, and vice versa. With this update, all "Obsolete" lines have been removed from thespice-client.spec
file, and updating spice-client no longer forces the update of spice-server. - BZ#692976
- The
SPICE
client did not correctly handle monitor setting routines when it was running on a client machine with multiple monitors. As a consequence, the client entered an infinite loop while trying to rearrange monitors, which eventually caused the client to terminate unexpectedly. With this update, the code has been modified to prevent the client from entering this loop, and the client thus no longer crashes. - BZ#725009
- The
SPICE
client failed to connect to the SPICE server on the target host after a virtual machine had been migrated to a remote machine. This happened when the migration of the virtual machine took longer than the expiration time of the SPICE ticket that was set on the target host. Without a valid password, the SPICE server refused connection from the SPICE client and the SPICE session had to be closed. To prevent this problem, support for spice semi-seamless migration has been added. Other components such as spice-protocol, spice-server and qemu-kvm have also been modified to support this feature. SPICE now allows the SPICE client to connect to the SPICE server on the target host at the very start of the virtual machine migration, just before the migrate monitor command is given to the qemu-kvm application. With a valid ticket on the target host, the SPICE ticket on the destination no longer expires and the SPICE client now remains open when the virtual machine migration is done. - BZ#710461
- Due to an incorrect condition in the code, the
SPICE
client could attempt to free memory that has already been freed. Therefore, when the KDE desktop screen of the client machine with the running SPICE client was locked, the SPICE client terminated unexpectedly with a segmentation fault after unlocking the screen. The code has been modified to free memory correctly, and the SPICE client no longer crashes in the scenario described. - BZ#692833
- When running multiple
SPICE
client sessions at the same time and the screen resolution on the client machine was changed, the SPICE client could often enter an infinite loop in the code. As a consequence, the X Windows server consumed up to 100% of CPU and caused the client machine to be unresponsive. With this update, the underlying code has been modified to prevent the client from entering the loop, and the problem no longer occurs. - BZ#712941
- The help description for the
--color-depth
and--disable-effects
client WAN options was inaccurate. With this update, thespicec --help
command now clearly states that these WAN options have effect onlyif supported by the guest vdagent
. - BZ#653545
- Due to the way the
SPICE
server establishes secured connections, the SPICE client log contained secure-connection messages that included the misleading string,connect_unsecure
. With this update, the function used to establish secure connections has been renamed and secure-connection messages in the client log now contain theconnect_to_peer
string. - BZ#732423
- On a Linux guest that uses the Xinerama extension, X Windows creates a non-primary screen surface before it creates the primary screen surface when creating secondary screens on start up. Unfortunately, the
SPICE
client expected an existence of the primary screen surface when it attempted to handle the creation of non-primary screen surfaces. The primary surface did not exist at the time, therefore the SPICE client terminated unexpectedly. With this update, the SPICE client now ensures that the screen exists before starting operations on it. The SPICE client no longer crashes in the scenario described. - BZ#723567
- Previously, the
--smartcard-db
client command line option was not handled properly. As a consequence, when running with this option, theSPICE
client terminated with the following error message:Error: unhandled exception: cmd line error
With this update, the--smartcard-db
option is now handled properly and the SPICE client works as expected using this option. - BZ#712938
- When attempting to connect to a Linux guest using the
SPICE
client with WAN options and the SPICE agent (vdagent
) was running on the guest, the client initiated handshaking. If the vdagent did not support WAN options, it did not reply to the client and connection thus failed with thevdagent
timeout. Also with certain WAN options, such as--color-depth 16
, the attempt to connect failed with the vdagent timeout even though novdagent
was running on the guest. With this update, the SPICE client checks capabilities of the vdagent. If vdagent does not support WAN options or there is novdagent
running on the guest, the client continues with the message sequence initiation and connection is now successful. - BZ#696964
- Due to a missing error code setting in the source code, the
SPICE
client returnedexit code 0
when running without the--host
command line option, although the client correctly displayed the following error message:spicec: missing --host
With this update, the missing line in the code has been added, and the SPICE client now correctly exits with theerror code 14
in this scenario.
All users of libcacard and spice-client are advised to upgrade to these updated packages, which fix these bugs and add these enhancements.