FS#54602 - [spice-glib] Bug occured from 0.33-3 to 0.33-4
Attached to Project:
Community Packages
Opened by Asger Stig Holten (amigasger) - Monday, 26 June 2017, 19:07 GMT
Last edited by Balló György (City-busz) - Friday, 12 January 2018, 16:09 GMT
Opened by Asger Stig Holten (amigasger) - Monday, 26 June 2017, 19:07 GMT
Last edited by Balló György (City-busz) - Friday, 12 January 2018, 16:09 GMT
|
Details
Description:
It seems that spice-glib 0.33-3 was compiled with libssl.so.1.0.0 where spice-glib 0.33-4 was compiled with libssl.so.1.0.0 . I have a fully updated system, and faced an issue with remote-viewer (which is utilizing the spice protocol). I have a proxmox-virtualization server - which serves a spice-file, which opens console for the virtual machine. With the new spice-glib 0.33-3 I faced an issue, saying "Cannot connect to graphics server [path]". When investigating the logs from remote-viewer it showed an ssl-error: "(remote-viewer:6416): GSpice-WARNING **: main-1:0: SSL_connect: error:00000001:lib(0):func(0):reason(1)" . I therefore decided to find the cause. I downgraded to spice-gtk3-0.33-6 and spice-glib 0.33-3 which actually worked. I upgraded the spice-glib to 0.33-4 and the error occured again. I investigated the librarys used in spice-glib before and after - and noticed a difference in the libssl-version. Additional info: Log from SSL-error occuring in remote-viewer: remote-viewer --spice-debug ~/Hentninger/download (remote-viewer:6416): GSpice-DEBUG: spice-session.c:285 New session (compiled from package spice-gtk 0.33) (remote-viewer:6416): GSpice-DEBUG: spice-session.c:289 Supported channels: main, display, inputs, cursor, playback, record, smartcard, usbredir (remote-viewer:6416): GSpice-DEBUG: usb-device-manager.c:523 auto-connect filter set to 0x03,-1,-1,-1,0|-1,-1,-1,-1,1 (remote-viewer:6416): GSpice-DEBUG: spice-session.c:1736 no migration in progress (remote-viewer:6416): GSpice-DEBUG: spice-channel.c:146 main-1:0: spice_channel_constructed (remote-viewer:6416): GSpice-DEBUG: spice-session.c:2239 main-1:0: new main channel, switching (remote-viewer:6416): GSpice-DEBUG: spice-gtk-session.c:1099 Changing main channel from (nil) to 0x206e400 (remote-viewer:6416): GSpice-DEBUG: usb-device-manager.c:1008 device added 05c6:9204 (0x1ec2490) (remote-viewer:6416): GSpice-DEBUG: usb-device-manager.c:1008 device added 17ef:4816 (0x2015fd0) (remote-viewer:6416): GSpice-DEBUG: usb-device-manager.c:1008 device added 0a5c:217f (0x1e6da70) (remote-viewer:6416): GSpice-DEBUG: usb-device-manager.c:1008 device added 147e:2016 (0x1f14590) (remote-viewer:6416): GSpice-DEBUG: spice-channel.c:2614 main-1:0: Open coroutine starting 0x206e400 (remote-viewer:6416): GSpice-DEBUG: spice-channel.c:2455 main-1:0: Started background coroutine 0x206e290 (remote-viewer:6416): GSpice-DEBUG: spice-session.c:2173 Missing port value, not attempting unencrypted connection. (remote-viewer:6416): GSpice-DEBUG: spice-channel.c:2481 main-1:0: trying with TLS port (remote-viewer:6416): GSpice-DEBUG: spice-session.c:2185 main-1:0: Using TLS, port 61000 (remote-viewer:6416): GSpice-DEBUG: spice-session.c:2133 (with proxy http://10.0.10.10:3128) (remote-viewer:6416): GSpice-DEBUG: spice-session.c:2057 proxy lookup ready (remote-viewer:6416): GSpice-DEBUG: spice-session.c:2040 main-1:0: connecting 0x7f3bcebfcab0... (remote-viewer:6416): GSpice-DEBUG: spice-session.c:2024 main-1:0: connect ready (remote-viewer:6416): GSpice-DEBUG: spice-channel.c:2382 main-1:0: Load CA, file: (null), data: 0x204c030 (remote-viewer:6416): GSpice-WARNING **: main-1:0: SSL_connect: error:00000001:lib(0):func(0):reason(1) (remote-viewer:6416): GSpice-DEBUG: spice-channel.c:2591 main-1:0: Coroutine exit main-1:0 (remote-viewer:6416): GSpice-DEBUG: spice-channel.c:2784 main-1:0: reset (remote-viewer:6416): GSpice-DEBUG: channel-main.c:1537 agent connected: no (remote-viewer:6416): GSpice-DEBUG: spice-channel.c:2726 main-1:0: channel reset (remote-viewer:6416): GSpice-DEBUG: spice-channel.c:2337 main-1:0: Delayed unref channel 0x206e400 (remote-viewer:6416): GSpice-DEBUG: spice-session.c:1930 session: disconnecting 0 (remote-viewer:6416): GSpice-DEBUG: spice-session.c:285 New session (compiled from package spice-gtk 0.33) (remote-viewer:6416): GSpice-DEBUG: spice-session.c:289 Supported channels: main, display, inputs, cursor, playback, record, smartcard, usbredir (remote-viewer:6416): GSpice-DEBUG: usb-device-manager.c:523 auto-connect filter set to 0x03,-1,-1,-1,0|-1,-1,-1,-1,1 (remote-viewer:6416): GSpice-DEBUG: spice-session.c:1930 session: disconnecting 0 When spice-glib 0.33-3 is installed: [amigasger@TOTW-X201 ~]$ ldd /lib64/libspice-client-glib-2.0.so | grep ssl libssl.so.1.0.0 => /usr/lib/libssl.so.1.0.0 (0x00007fc217481000) libssl3.so => /usr/lib/libssl3.so (0x00007fc214709000) [amigasger@TOTW-X201 ~]$ ldd /lib64/libspice-client-glib-2.0.so.8 | grep ssl libssl.so.1.0.0 => /usr/lib/libssl.so.1.0.0 (0x00007fd83969a000) libssl3.so => /usr/lib/libssl3.so (0x00007fd836922000) [amigasger@TOTW-X201 ~]$ ldd /lib64/libspice-client-glib-2.0.so.8.6.0 | grep ssl libssl.so.1.0.0 => /usr/lib/libssl.so.1.0.0 (0x00007f5df57d2000) libssl3.so => /usr/lib/libssl3.so (0x00007f5df2a5a000) When we upgrade to 0.33-4 using: [amigasger@TOTW-X201 ~]$ sudo pacman -U /var/cache/pacman/pkg/spice-glib-0.33-4-x86_64.pkg.tar.xz We get: [amigasger@TOTW-X201 ~]$ ldd /lib64/libspice-client-glib-2.0.so | grep ssl libssl.so.1.1 => /usr/lib/libssl.so.1.1 (0x00007fdfbaabb000) libssl3.so => /usr/lib/libssl3.so (0x00007fdfb7b20000) [amigasger@TOTW-X201 ~]$ ldd /lib64/libspice-client-glib-2.0.so.8 | grep ssl libssl.so.1.1 => /usr/lib/libssl.so.1.1 (0x00007f5fa5463000) libssl3.so => /usr/lib/libssl3.so (0x00007f5fa24c8000) [amigasger@TOTW-X201 ~]$ ldd /lib64/libspice-client-glib-2.0.so.8.6.0 | grep ssl libssl.so.1.1 => /usr/lib/libssl.so.1.1 (0x00007f63f7461000) libssl3.so => /usr/lib/libssl3.so (0x00007f63f44c6000) libssl.so.1.0 has changed to libssl.so.1.1 We check which ssl librarys that are existing in the lib64-folder (both are existing): [amigasger@TOTW-X201 lib64]$ ls -al | grep ssl lrwxrwxrwx 1 root root 30 3 mar 10:25 libevent_openssl-2.0.so.5 -> libevent_openssl-2.0.so.5.1.10 -rwxr-xr-x 1 root root 27312 3 mar 10:25 libevent_openssl-2.0.so.5.1.10 lrwxrwxrwx 1 root root 30 3 mar 10:25 libevent_openssl.so -> libevent_openssl-2.0.so.5.1.10 -rwxr-xr-x 1 root root 361408 21 apr 12:21 libssl3.so lrwxrwxrwx 1 root root 13 25 maj 18:48 libssl.so -> libssl.so.1.1 -r-xr-xr-x 1 root root 502024 25 maj 18:54 libssl.so.1.0.0 -rwxr-xr-x 1 root root 437920 25 maj 18:49 libssl.so.1.1 drwxr-xr-x 4 root root 4096 25 maj 18:54 openssl-1.0 We check if we are running openssl in version 1.0 - and it seems not to be the case: [amigasger@TOTW-X201 lib64]$ openssl version -a OpenSSL 1.1.0f 25 May 2017 built on: reproducible build, date unspecified platform: linux-x86_64 compiler: gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/etc/ssl\"" -DENGINESDIR="\"/usr/lib/engines-1.1\"" -Wa,--noexecstack -D_FORTIFY_SOURCE=2 -march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong -Wl,-O1,--sort-common,--as-needed,-z,relro OPENSSLDIR: "/etc/ssl" ENGINESDIR: "/usr/lib/engines-1.1" Steps to reproduce: (1) Install proxmox server. (2) Update Arch to latest version (pacman -Syu) on your workstation/laptop. (3) Try to connect to a virtual machine in the proxmox server from your workstation/laptop using the spice protocol. (4) To fix the problem downgrade to spice-gtk3-0.33-6 and spice-glib 0.33-3 on your workstation/laptop using pacman. (5) Recreate the problem by upgrade to spice-glib 0.33-4 on your workstation/laptop using pacman. |
This task depends upon
How come its so hard to fix this ?
This bugs starts getting really frustrating... :'(
https://bugs.freedesktop.org/buglist.cgi?component=spice-gtk&product=Spice&resolution=---