Control: tags 910634 + patch Control: tags 910634 + pending Dear maintainer,
I've prepared an NMU for spice (versioned as 0.14.0-1.2) and uploaded it. Attached is the debdiff. The testsuite keys were generated following https://www.spice-space.org/spice-user-manual.html . Regards, Salvatore
diff -Nru spice-0.14.0/debian/changelog spice-0.14.0/debian/changelog --- spice-0.14.0/debian/changelog 2018-09-15 09:15:28.000000000 +0200 +++ spice-0.14.0/debian/changelog 2018-10-11 23:41:48.000000000 +0200 @@ -1,3 +1,10 @@ +spice (0.14.0-1.2) unstable; urgency=medium + + * Non-maintainer upload. + * tests/pki: Use CA/certificate with 2048 bit RSA keys (Closes: #910634) + + -- Salvatore Bonaccorso <car...@debian.org> Thu, 11 Oct 2018 23:41:48 +0200 + spice (0.14.0-1.1) unstable; urgency=medium * Non-maintainer upload. diff -Nru spice-0.14.0/debian/patches/refresh-tests-pki-keys.patch spice-0.14.0/debian/patches/refresh-tests-pki-keys.patch --- spice-0.14.0/debian/patches/refresh-tests-pki-keys.patch 1970-01-01 01:00:00.000000000 +0100 +++ spice-0.14.0/debian/patches/refresh-tests-pki-keys.patch 2018-10-11 23:41:48.000000000 +0200 @@ -0,0 +1,131 @@ +Description: tests/pki: Use CA/certificate with 2048 bit RSA keys + The testsuite contains only 1024 bit RSA keys generated/refreshed + in the upstream commit + https://cgit.freedesktop.org/spice/spice/commit/server/tests/pki?id=7b5e294a363e1500ab1a5b143da1602c9fed0547 + . + In openssl/1.1.1-1 /etc/ssl/openssl.cnf contains + . + CipherString = DEFAULT@SECLEVEL=2 + . + This level is responsible to not accept the 80 bits used in + the certificate in this test, while we need at least 112 bits. + . + Generate new certificates following the instructions from + https://www.spice-space.org/spice-user-manual.html . +Origin: vendor +Bug: https://gitlab.freedesktop.org/spice/spice/issues/27 +Bug-Debian: https://bugs.debian.org/910634 +Forwarded: no +Author: Salvatore Bonaccorso <car...@debian.org> +Last-Update: 2018-10-11 + +--- a/server/tests/pki/ca-cert.pem ++++ b/server/tests/pki/ca-cert.pem +@@ -1,15 +1,21 @@ + -----BEGIN CERTIFICATE----- +-MIICUjCCAbugAwIBAgIJAKM/WOQQB3iqMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNV +-BAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg +-Q29tcGFueSBMdGQwHhcNMTcwMzIzMTA0MDEwWhcNNDcwMzE2MTA0MDEwWjBCMQsw +-CQYDVQQGEwJYWDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZh +-dWx0IENvbXBhbnkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZXCWk +-OuMVr45sAE9a7RM1K2brRdwzjdEqy1OV0dhqymL9YG/iygGp4HqwkLvLqEewq1bD +-sCcIbRlOidmBv9+uhy2zU9tBzaAptB7Vb6lAAa0PHlUQnQskVcPCwsK7RxwWw0/J +-pfld8qDAY1t8qM6mSy9Kuyk0X4FOvcuVQKCmiQIDAQABo1AwTjAdBgNVHQ4EFgQU +-eCFCqTxHPsa+7B0vcCZyxEgCnBwwHwYDVR0jBBgwFoAUeCFCqTxHPsa+7B0vcCZy +-xEgCnBwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQBr+TeJqQH+SlAp +-GcA90SkGnqcEJSijjF9qcgmL0F5Z/yCBDaZa6F3wh/rXNZB2rKfQGW6Mem9KS8cm +-lui4A1pomMZBWQMwUYP02UF1fHg76RCG7PMhBZR2GkqHqHWfZBfFigdIWKFrm5fq +-92l4opvf97dSiOF9x1JLPUeoOOJL8A== ++MIIDZTCCAk2gAwIBAgIUP4OBTjXwyIOome7Rw5J1P442Rk8wDQYJKoZIhvcNAQEL ++BQAwQjELMAkGA1UEBhMCWFgxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UE ++CgwTRGVmYXVsdCBDb21wYW55IEx0ZDAeFw0xODEwMTEyMTM3NTRaFw00ODEwMDMy ++MTM3NTRaMEIxCzAJBgNVBAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAa ++BgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IB ++DwAwggEKAoIBAQClmeuCqQM4Xc0iW4+qqc7HmNG6jXSh/5+s8Dh1eydQMvfrthT5 +++EQSSq+aUyT8bK4xVelJOQbqWBnMh56sZgd4L/vk0eer9QMl1rqR3roTAGc9STuJ ++8GddiAMzaYJ/sGaU2xL//sa3dTCr9qKe/JhBCCzFIJVgnP48WvoKfSdiu5IRF5WY ++OAEpXNu8a7IE5w0gnNro73r4cOJ/MhReMDKsB3nRiCFKnGsQjwknjRVI7TiAWhd4 ++g+l6+4kuwLP+nhumDT8LhL+gDKIEHKCZHScD2jfF1f8JPKbXUmkW0FNZ2b8dsdwv ++R6RBgVNWZdbSZt7nT+NeRDxd19bNMqf/2yknAgMBAAGjUzBRMB0GA1UdDgQWBBT1 ++sI07A1i84f/13iwxnTci4N6NgzAfBgNVHSMEGDAWgBT1sI07A1i84f/13iwxnTci ++4N6NgzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBWnDlRWTBb ++zBVVFRhsBo+nI4Oc8g5anTj4Tqaemc+g3dVy2WYnln3S8ZZDJrF0VevCGPeQ6mrC ++zxGwFDWExqBuMvXMKgiOff8THXPZuDpaObM9iZCtNCbvcPaW4dvXhPgm8mdUFdkI ++lFfXw7zmIaPOEY+aTLc5BShB0RVnqdaNubFrepXU+vWFfjUPHIudxr/IHvlpzfZQ ++Cmlqf5qe6i4aVMAhYWt2Z6oGHIIq+0V3IgOr/mZMkg/VC7LX7MOKBtLdeHqTnf0R ++aYQc+J120F9zE51A0xK1/u5inMDcSmODV9nzzYyZ6NyLSZlyC7l3NbNL4M4ZUn4M ++uN4ROAAxfc6v + -----END CERTIFICATE----- +--- a/server/tests/pki/server-cert.pem ++++ b/server/tests/pki/server-cert.pem +@@ -1,13 +1,18 @@ + -----BEGIN CERTIFICATE----- +-MIIB8zCCAVwCAQEwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UEBhMCWFgxFTATBgNV ++MIIC+DCCAeACAQEwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UEBhMCWFgxFTATBgNV + BAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDAe +-Fw0xNzAzMjMxMDQwNDVaFw00NzAzMTYxMDQwNDVaMEIxCzAJBgNVBAYTAlhYMRUw ++Fw0xODEwMTEyMTM3NTZaFw00ODEwMDMyMTM3NTZaMEIxCzAJBgNVBAYTAlhYMRUw + EwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBM +-dGQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMXDPMZLse8CuEwJKMkvEdmB +-wK+33T0jOMkUJPt8LseLCjXmYOir2gWrsnP5fgxpwx/Xxb61ivwhAtC2mFcy3xXp +-RNkDHk3F2XpGwD0Msj9tR9DYidyRz/rN1BRth5ZLm0TvjmwWcBb7qWICIVTLsp6z +-XuM/erA3E00s7VANBlaPAgMBAAEwDQYJKoZIhvcNAQELBQADgYEA2Om01Qav2OQc +-ZjIPUmlqSzY96xyT8gzCIOyQikCuJ3Qdem4Qv1c9RxDFxNSrnNINx7Rrtkqp7dM7 +-st+gUqdKc2jvb301TbS+SlDaK1Nre5vB8bPg1cJxUwWX1fDy2igIok0KmM1P7S8M +-isa/qmobRb4rzvn3blThesqFez9xRhk= ++dGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDW+4PBfwkfb0WXpRYz ++A9dufqcFqXECqLNkQBowXuimSCmj3ej2J9XrYyek77eM4NrMC7iv9bYZ7qHYFcCX ++eSLwmZwLa57Cujoi3lNVyYEkRQEnB3C7z6t0xoxjaGCxBWkfWOEA6Vgn7/v4CV0r ++Ck8F1YsEl+sJpWxCJHOuP+utPmi5AwLL1vjfCs5FK2Fk8NU89BVSPWel3DQR+5O6 ++l7bpMvtUmGDpjWkspzovPfSun6PQK6P2QzvLhNPd0qsLM0mYbgyrhdQUedDFiOHP ++dTvH0NMaXgyZ6QWPdKRhZ1kalFTK+KKakYp3+mQ31RhVx8iofiKiWqzOYXKRrL+2 ++nE3TAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAEO7FW25aSrlOJB8T4YJ02CVpZL1 ++Mb/HRC/FBqcLZbBfnDf76OBai8k1On4dUIoiypf/JQJ/7a+VQNtSzzIVOL+Pefvf ++im+MhorLPPcS4R+ZFdcUQbz8VE7EeTlPXphR4ZTk0W6QKgcax/OZEnc4Jw7sSfmC ++txbQgY+9gjrZgoHXdoK1OS+Lagooo3KIS+9EuDr8DldirN5XM5A06wVXy9etYpdA ++AImzC6zGDSFSt+ocnXuJtKI2MNgVviY0N0s+Hb/M8NFuRD4nzGdNWq7Zib6NhGpX ++QUbkXzZVSq6AqOXpboHm9oBpW0U9x8Qf7M8k5Co5qX9hJMjeeruizp/bJhc= + -----END CERTIFICATE----- +--- a/server/tests/pki/server-key.pem ++++ b/server/tests/pki/server-key.pem +@@ -1,15 +1,27 @@ + -----BEGIN RSA PRIVATE KEY----- +-MIICXAIBAAKBgQDFwzzGS7HvArhMCSjJLxHZgcCvt909IzjJFCT7fC7Hiwo15mDo +-q9oFq7Jz+X4MacMf18W+tYr8IQLQtphXMt8V6UTZAx5Nxdl6RsA9DLI/bUfQ2Inc +-kc/6zdQUbYeWS5tE745sFnAW+6liAiFUy7Kes17jP3qwNxNNLO1QDQZWjwIDAQAB +-AoGACwzjwnjMUnyma6k/XC6DItI7QBZYCGiFbcbwYhUIUCIWyfg7hgTEQ/jaGdzh +-DDSEsKzP4d4nC/uUOrFZRdYT3P5pXXFOFHkCiiG6IZeoQ0nO1CNBh/t08Wcy9ASt +-o9wIvAQHvvdp5vKBmkOydFWvnMix5ZOrWiAHVQo1vaUiYYECQQDoPsky1zpc9Ehf +-8FY5Ayro62sxa0hwCNxdrFPu8d6M/J0iz+n47YhyKISE9498dWXepSe06rd2oMQ8 +-DubEF6xhAkEA2f2LFT1N6m6xQPlVkxmNc5M1RWmShmEiV818kgr7/ywk4VBD0RxT +-yVwuEier2n92DFLzN7o1wQtqxeQnXwVo7wJAXNMLc6iWiSSR8NaMf8kGU4YUl/H7 +-R9wix8Xi3jQJ8WveGlXjfDzkNkx/eu2/ic0aZDy6fBL8NQvYovCJx4J2wQJAJlCR +-JJ+M1Vq1XwU0DFHeceT65QNkVKg4ABTHA2hY2IXqyYtxEA0ZkPfZxSkh5Jqopgvi +-YfYhwpd+IeAzJ1ltEwJBAMmPD9K/RzZKm05AZ20hVgo+BkLRQ5XlWtIuyiB8gFy1 +-OfpkFifKxclsVxT2WTizfZD0vlmlACrdiE4z4Zf/+/0= ++MIIEpAIBAAKCAQEA1vuDwX8JH29Fl6UWMwPXbn6nBalxAqizZEAaMF7opkgpo93o ++9ifV62MnpO+3jODazAu4r/W2Ge6h2BXAl3ki8JmcC2uewro6It5TVcmBJEUBJwdw ++u8+rdMaMY2hgsQVpH1jhAOlYJ+/7+AldKwpPBdWLBJfrCaVsQiRzrj/rrT5ouQMC ++y9b43wrORSthZPDVPPQVUj1npdw0EfuTupe26TL7VJhg6Y1pLKc6Lz30rp+j0Cuj ++9kM7y4TT3dKrCzNJmG4Mq4XUFHnQxYjhz3U7x9DTGl4MmekFj3SkYWdZGpRUyvii ++mpGKd/pkN9UYVcfIqH4iolqszmFykay/tpxN0wIDAQABAoIBAQCka2pic9E7XHPi ++Ph2TWM3MMUt2dhf7i6Df/HLLKdtPSYOnU1IX6XGffI9Wgwxjz5knU5Ol6AulG7Bm ++PoS0lK4XS7Rfu6iJj7pk7prX0qxVW/08p2EeEv8z6aJ3aN4CpXu3wNcdRlno+Y9B ++LZA3GcREVwTit3nIP99jWtOqojKSpPBjxb2yztwMLXBAdchQ5nop7fG3oO0XahxD ++k+Pp6zfjFWH0fDk/fZ91x0I+ptGXvAuqXAmZL2kyPce2R6I8+JQtO6cACX1rqsqg ++GgW8ohObmb3L5I4atw/yd6NGb9psxFbOHMFPZhbnR2ro4npNY4uCyXYY6xzZHwFi ++EHzsgjfBAoGBAPWaS0+IqX3fk7zHI8q7NLKJryP58MO9HciExFs2U6RcZVqrgzBO ++oFBmYyFLN9ZDeTWDERm0+ut95eAUoTdbhnF2XKSrZ3w+6T2tueIUci7jIcxk1s7n ++FiPmg0TEDQ2dwr5vgqUzVmSFR9Q8uZ+8D8DsPpSE9Z7QI/jf9kMtmlyhAoGBAOAV ++YBr2AvzB2gSBLkX80t+fSye7J9ZnlgGyThwa35BxEDkmFMxGszmEJYYk8wVX5E7W ++WinhtPzdY+Z9rt4Q4C73LoXF9neOQ4w/5L9KsK0pQmtvSK9mHUSVSVXHANGDhAh5 ++utSw60ltcWARBXZSvykkMedPI91Su7KtcEZMocHzAoGAdQ/e14DW8HURUMhGKgoC ++uxpfDTHDbTiFqp6FjMgfI9caRBY9yFehl9DFbQgSDCFK85OOIgeeFYKDf8O1d9I7 ++CXeV/rLn91NxDoHweG6wYeLGqEpkDGgeqGvlo3AinJvWR7iUt7L5eZ4BN4reGuGj ++TJwN0/JvtAuXKbduBGUHDyECgYEAhrkTQOJrxV8fHtoz4ewxNDVnUAnb17ILpBV5 ++lLgrdYIkiNd2ZaKUGp5ymQYZ/jprj2KcbtW+pNDOQUOLIQPwZQxDsjXlCthDkEzR ++0JitRE6sGj+b6ahxLEy8/I9a1JxHg3j8dOexbkIYifNx30O8npWeUz1niKc3JiPU ++fs+P6TUCgYBg2tMlMF4opX8UI0dx2BG1gReZJd3hpg5INKL5tyh6X8qvz9RyscKJ ++CzlyOB3YlVs2FyqBYU3F7Z/RD1XRSJFCVbMSCaDLib7uNee7GpSmARfhmtbhZr/z ++D5zg4SHk6ze+LpEwEeN6FzneW1dObkEDkGcMJftxjhKBr95n3eubhQ== + -----END RSA PRIVATE KEY----- diff -Nru spice-0.14.0/debian/patches/series spice-0.14.0/debian/patches/series --- spice-0.14.0/debian/patches/series 2018-09-15 09:15:28.000000000 +0200 +++ spice-0.14.0/debian/patches/series 2018-10-11 23:41:48.000000000 +0200 @@ -1 +1,2 @@ Fix-flexible-array-buffer-overflow.patch +refresh-tests-pki-keys.patch
