Community Packages

Please read this before reporting a bug:
http://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines

Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#54602 - [spice-glib] Bug occured from 0.33-3 to 0.33-4

Attached to Project: Community Packages
Opened by Asger Stig Holten (amigasger) - Monday, 26 June 2017, 19:07 GMT
Last edited by Balló György (City-busz) - Friday, 12 January 2018, 16:09 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Balló György (City-busz)
Architecture x86_64
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:

It seems that spice-glib 0.33-3 was compiled with libssl.so.1.0.0 where spice-glib 0.33-4 was compiled with libssl.so.1.0.0 . I have a fully updated system, and faced an issue with remote-viewer (which is utilizing the spice protocol). I have a proxmox-virtualization server - which serves a spice-file, which opens console for the virtual machine. With the new spice-glib 0.33-3 I faced an issue, saying "Cannot connect to graphics server [path]". When investigating the logs from remote-viewer it showed an ssl-error: "(remote-viewer:6416): GSpice-WARNING **: main-1:0: SSL_connect: error:00000001:lib(0):func(0):reason(1)" . I therefore decided to find the cause. I downgraded to spice-gtk3-0.33-6 and spice-glib 0.33-3 which actually worked. I upgraded the spice-glib to 0.33-4 and the error occured again.
I investigated the librarys used in spice-glib before and after - and noticed a difference in the libssl-version.

Additional info:

Log from SSL-error occuring in remote-viewer:
remote-viewer --spice-debug ~/Hentninger/download
(remote-viewer:6416): GSpice-DEBUG: spice-session.c:285 New session (compiled from package spice-gtk 0.33)
(remote-viewer:6416): GSpice-DEBUG: spice-session.c:289 Supported channels: main, display, inputs, cursor, playback, record, smartcard, usbredir
(remote-viewer:6416): GSpice-DEBUG: usb-device-manager.c:523 auto-connect filter set to 0x03,-1,-1,-1,0|-1,-1,-1,-1,1
(remote-viewer:6416): GSpice-DEBUG: spice-session.c:1736 no migration in progress
(remote-viewer:6416): GSpice-DEBUG: spice-channel.c:146 main-1:0: spice_channel_constructed
(remote-viewer:6416): GSpice-DEBUG: spice-session.c:2239 main-1:0: new main channel, switching
(remote-viewer:6416): GSpice-DEBUG: spice-gtk-session.c:1099 Changing main channel from (nil) to 0x206e400
(remote-viewer:6416): GSpice-DEBUG: usb-device-manager.c:1008 device added 05c6:9204 (0x1ec2490)
(remote-viewer:6416): GSpice-DEBUG: usb-device-manager.c:1008 device added 17ef:4816 (0x2015fd0)
(remote-viewer:6416): GSpice-DEBUG: usb-device-manager.c:1008 device added 0a5c:217f (0x1e6da70)
(remote-viewer:6416): GSpice-DEBUG: usb-device-manager.c:1008 device added 147e:2016 (0x1f14590)
(remote-viewer:6416): GSpice-DEBUG: spice-channel.c:2614 main-1:0: Open coroutine starting 0x206e400
(remote-viewer:6416): GSpice-DEBUG: spice-channel.c:2455 main-1:0: Started background coroutine 0x206e290
(remote-viewer:6416): GSpice-DEBUG: spice-session.c:2173 Missing port value, not attempting unencrypted connection.
(remote-viewer:6416): GSpice-DEBUG: spice-channel.c:2481 main-1:0: trying with TLS port
(remote-viewer:6416): GSpice-DEBUG: spice-session.c:2185 main-1:0: Using TLS, port 61000
(remote-viewer:6416): GSpice-DEBUG: spice-session.c:2133 (with proxy http://10.0.10.10:3128)
(remote-viewer:6416): GSpice-DEBUG: spice-session.c:2057 proxy lookup ready
(remote-viewer:6416): GSpice-DEBUG: spice-session.c:2040 main-1:0: connecting 0x7f3bcebfcab0...
(remote-viewer:6416): GSpice-DEBUG: spice-session.c:2024 main-1:0: connect ready
(remote-viewer:6416): GSpice-DEBUG: spice-channel.c:2382 main-1:0: Load CA, file: (null), data: 0x204c030

(remote-viewer:6416): GSpice-WARNING **: main-1:0: SSL_connect: error:00000001:lib(0):func(0):reason(1)
(remote-viewer:6416): GSpice-DEBUG: spice-channel.c:2591 main-1:0: Coroutine exit main-1:0
(remote-viewer:6416): GSpice-DEBUG: spice-channel.c:2784 main-1:0: reset
(remote-viewer:6416): GSpice-DEBUG: channel-main.c:1537 agent connected: no
(remote-viewer:6416): GSpice-DEBUG: spice-channel.c:2726 main-1:0: channel reset
(remote-viewer:6416): GSpice-DEBUG: spice-channel.c:2337 main-1:0: Delayed unref channel 0x206e400
(remote-viewer:6416): GSpice-DEBUG: spice-session.c:1930 session: disconnecting 0
(remote-viewer:6416): GSpice-DEBUG: spice-session.c:285 New session (compiled from package spice-gtk 0.33)
(remote-viewer:6416): GSpice-DEBUG: spice-session.c:289 Supported channels: main, display, inputs, cursor, playback, record, smartcard, usbredir
(remote-viewer:6416): GSpice-DEBUG: usb-device-manager.c:523 auto-connect filter set to 0x03,-1,-1,-1,0|-1,-1,-1,-1,1
(remote-viewer:6416): GSpice-DEBUG: spice-session.c:1930 session: disconnecting 0

When spice-glib 0.33-3 is installed:
[amigasger@TOTW-X201 ~]$ ldd /lib64/libspice-client-glib-2.0.so | grep ssl
libssl.so.1.0.0 => /usr/lib/libssl.so.1.0.0 (0x00007fc217481000)
libssl3.so => /usr/lib/libssl3.so (0x00007fc214709000)
[amigasger@TOTW-X201 ~]$ ldd /lib64/libspice-client-glib-2.0.so.8 | grep ssl
libssl.so.1.0.0 => /usr/lib/libssl.so.1.0.0 (0x00007fd83969a000)
libssl3.so => /usr/lib/libssl3.so (0x00007fd836922000)
[amigasger@TOTW-X201 ~]$ ldd /lib64/libspice-client-glib-2.0.so.8.6.0 | grep ssl
libssl.so.1.0.0 => /usr/lib/libssl.so.1.0.0 (0x00007f5df57d2000)
libssl3.so => /usr/lib/libssl3.so (0x00007f5df2a5a000)

When we upgrade to 0.33-4 using:
[amigasger@TOTW-X201 ~]$ sudo pacman -U /var/cache/pacman/pkg/spice-glib-0.33-4-x86_64.pkg.tar.xz
We get:

[amigasger@TOTW-X201 ~]$ ldd /lib64/libspice-client-glib-2.0.so | grep ssl
libssl.so.1.1 => /usr/lib/libssl.so.1.1 (0x00007fdfbaabb000)
libssl3.so => /usr/lib/libssl3.so (0x00007fdfb7b20000)
[amigasger@TOTW-X201 ~]$ ldd /lib64/libspice-client-glib-2.0.so.8 | grep ssl
libssl.so.1.1 => /usr/lib/libssl.so.1.1 (0x00007f5fa5463000)
libssl3.so => /usr/lib/libssl3.so (0x00007f5fa24c8000)
[amigasger@TOTW-X201 ~]$ ldd /lib64/libspice-client-glib-2.0.so.8.6.0 | grep ssl
libssl.so.1.1 => /usr/lib/libssl.so.1.1 (0x00007f63f7461000)
libssl3.so => /usr/lib/libssl3.so (0x00007f63f44c6000)

libssl.so.1.0 has changed to libssl.so.1.1
We check which ssl librarys that are existing in the lib64-folder (both are existing):

[amigasger@TOTW-X201 lib64]$ ls -al | grep ssl
lrwxrwxrwx 1 root root 30 3 mar 10:25 libevent_openssl-2.0.so.5 -> libevent_openssl-2.0.so.5.1.10
-rwxr-xr-x 1 root root 27312 3 mar 10:25 libevent_openssl-2.0.so.5.1.10
lrwxrwxrwx 1 root root 30 3 mar 10:25 libevent_openssl.so -> libevent_openssl-2.0.so.5.1.10
-rwxr-xr-x 1 root root 361408 21 apr 12:21 libssl3.so
lrwxrwxrwx 1 root root 13 25 maj 18:48 libssl.so -> libssl.so.1.1
-r-xr-xr-x 1 root root 502024 25 maj 18:54 libssl.so.1.0.0
-rwxr-xr-x 1 root root 437920 25 maj 18:49 libssl.so.1.1
drwxr-xr-x 4 root root 4096 25 maj 18:54 openssl-1.0

We check if we are running openssl in version 1.0 - and it seems not to be the case:

[amigasger@TOTW-X201 lib64]$ openssl version -a
OpenSSL 1.1.0f 25 May 2017
built on: reproducible build, date unspecified
platform: linux-x86_64
compiler: gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/etc/ssl\"" -DENGINESDIR="\"/usr/lib/engines-1.1\"" -Wa,--noexecstack -D_FORTIFY_SOURCE=2 -march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong -Wl,-O1,--sort-common,--as-needed,-z,relro
OPENSSLDIR: "/etc/ssl"
ENGINESDIR: "/usr/lib/engines-1.1"

Steps to reproduce:
(1) Install proxmox server.
(2) Update Arch to latest version (pacman -Syu) on your workstation/laptop.
(3) Try to connect to a virtual machine in the proxmox server from your workstation/laptop using the spice protocol.
(4) To fix the problem downgrade to spice-gtk3-0.33-6 and spice-glib 0.33-3 on your workstation/laptop using pacman.
(5) Recreate the problem by upgrade to spice-glib 0.33-4 on your workstation/laptop using pacman.
This task depends upon

Closed by  Balló György (City-busz)
Friday, 12 January 2018, 16:09 GMT
Reason for closing:  Upstream
Comment by Asger Stig Holten (amigasger) - Sunday, 02 July 2017, 21:07 GMT
According to spice support at redhat the library should be compiled against "compat openssl 1.0".
Comment by Stéphane Raimbault (sra) - Wednesday, 08 November 2017, 16:41 GMT
and the package doesn't have a dependency on openssl (missing).
Comment by Asger Stig Holten (amigasger) - Monday, 11 December 2017, 18:28 GMT
Problem still occurs - after upgrade to spice-gtk3-0.34-2 and spice-glib-0.34-1 .
How come its so hard to fix this ?
Comment by Eli Schwartz (eschwartz) - Monday, 11 December 2017, 19:19 GMT
  • Field changed: Status (Assigned → Unassigned)
  • Assignment removed
This currently has no maintainer; sergej orphaned all the virt related packages. :(
Comment by Jan de Groot (JGC) - Tuesday, 12 December 2017, 01:02 GMT
this should be fixed with 0.34-1. The patches we took from debian to support openssl 1.1 were buggy and have been fixed upstream before 0.34 was released.
Comment by Eli Schwartz (eschwartz) - Monday, 25 December 2017, 21:09 GMT
Can someone confirm if this works okay now?
Comment by Asger Stig Holten (amigasger) - Friday, 29 December 2017, 23:52 GMT
Still doesn't work for me.. Maybe I have corrupted my arch-installation because I attempted to compile it myself from sources and install it.. Now I have been trying to uninstall it and reinstall the librarys using pacman, but I still face the exact same issue...

This bugs starts getting really frustrating... :'(
Comment by Balló György (City-busz) - Wednesday, 10 January 2018, 01:17 GMT
Please test it with spice-gtk 0.34-1. If it still happens, please contact with upstream:
https://bugs.freedesktop.org/buglist.cgi?component=spice-gtk&product=Spice&resolution=---

Loading...