spice package for trusty contains a malformed patch

Bug #1450043 reported by Gregory Boyce on 2015-04-29
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
spice (Ubuntu)
High
Unassigned
Trusty
Undecided
Unassigned

Bug Description

====================================
Impact: the package cannot be unpacked (patches do not apply)
Devel fix: the patch is dropped (applied upstream)
stable fix: fix the newline damage in the patch
test case: apt-get source spice (on a trusty machine)
regression potential: there should be none, however this should cause to be linked with lpthread (as it was meant to be to fix Debian bug #713681 since 2013). This *could* cause a regression. The alternative would be to simply drop the patch from the package, which should have no risk of regression at all. However, this change has been in wheezy-backports for a long time with no reported troubles.
====================================

The source package for spice contains a malformed patch such that dpkg-source cannot extract it. This is fixed in later releases by removing the specific patch, but it would be useful for the Trusty package to be fixed.

$ apt-get source spice
Reading package lists... Done
Building dependency tree
Reading state information... Done
NOTICE: 'spice' packaging is maintained in the 'Git' version control system at:
git://anonscm.debian.org/collab-maint/spice.git
Need to get 1,744 kB of source archives.
Get:1 http://us.archive.ubuntu.com/ubuntu/ trusty/main spice 0.12.4-0nocelt2 (dsc) [2,236 B]
Get:2 http://us.archive.ubuntu.com/ubuntu/ trusty/main spice 0.12.4-0nocelt2 (tar) [1,719 kB]
Get:3 http://us.archive.ubuntu.com/ubuntu/ trusty/main spice 0.12.4-0nocelt2 (diff) [23.0 kB]
Fetched 1,744 kB in 0s (2,169 kB/s)
gpgv: Signature made Fri 08 Nov 2013 10:55:11 AM EST using RSA key ID 68C097BC
gpgv: Can't check signature: public key not found
dpkg-source: warning: failed to verify signature on ./spice_0.12.4-0nocelt2.dsc
dpkg-source: info: extracting spice in spice-0.12.4
dpkg-source: info: unpacking spice_0.12.4.orig.tar.bz2
dpkg-source: info: unpacking spice_0.12.4-0nocelt2.debian.tar.gz
dpkg-source: info: applying fix-tests-warnings.patch
dpkg-source: info: applying make-celt-to-be-optional.patch
dpkg-source: info: applying link-server-test-with-libm-libpthread.patch
dpkg-source: info: fuzz is not allowed when applying patches
dpkg-source: info: if patch 'link-server-test-with-libm-libpthread.patch' is correctly applied by quilt, use 'quilt refresh' to update it
dpkg-source: error: expected ^--- in line 2 of diff `spice-0.12.4/debian/patches/link-server-test-with-libm-libpthread.patch'
Unpack command 'dpkg-source -x spice_0.12.4-0nocelt2.dsc' failed.
Check if the 'dpkg-dev' package is installed.
E: Child process failed

The issue is a simple missing newline in the patch itself.

Robie Basak (racb) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better.

> This is fixed in later releases by removing the specific patch, but it would be useful for the Trusty package to be fixed.

Why? What is the impact to Trusty users?

To update a package in Trusty the procedure is documented at https://wiki.ubuntu.com/StableReleaseUpdates#Procedure. I'm not yet convinced that the fix you proposed is justified under the SRU policy (documented elsewhere in that page) but if you think otherwise then you could proceed by beginning the documentation part of the procedure which is a requirement for doing the update anyway.

Changed in spice (Ubuntu):
status: New → Incomplete
Gregory Boyce (gregory-boyce) wrote :

The impact on Trusty users is that if they need to extract the sources in order to view them or rebuild them, they would not be able to. In my case I needed to rebuild the source. The binary packages themselves are fine.

The chance of regression in this case is very minimal if the missing newlines are added rather than removing the patches like was done in the later package versions.

Patch is attached.

The attachment "spice-newlinefix.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Changed in spice (Ubuntu):
status: Incomplete → Triaged
importance: Undecided → High
description: updated
description: updated
description: updated
Matthias Klose (doko) on 2015-05-04
tags: added: ftbfs

Hello Gregory, or anyone else affected,

Accepted spice into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/spice/0.12.4-0nocelt2ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in spice (Ubuntu Trusty):
status: New → Fix Committed
tags: added: verification-needed
Download full text (4.5 KiB)

Thanks Brian. It's not in proposed yet, but the package itself extracts
fine.

On Fri, May 8, 2015 at 5:20 PM Brian Murray <email address hidden> wrote:

> Hello Gregory, or anyone else affected,
>
> Accepted spice into trusty-proposed. The package will build now and be
> available at
> https://launchpad.net/ubuntu/+source/spice/0.12.4-0nocelt2ubuntu1 in a
> few hours, and then in the -proposed repository.
>
> Please help us by testing this new package. See
> https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
> enable and use -proposed. Your feedback will aid us getting this update
> out to other Ubuntu users.
>
> If this package fixes the bug for you, please add a comment to this bug,
> mentioning the version of the package you tested, and change the tag
> from verification-needed to verification-done. If it does not fix the
> bug for you, please add a comment stating that, and change the tag to
> verification-failed. In either case, details of your testing will help
> us make a better decision.
>
> Further information regarding the verification process can be found at
> https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in
> advance!
>
> ** Changed in: spice (Ubuntu Trusty)
> Status: New => Fix Committed
>
> ** Tags added: verification-needed
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1450043
>
> Title:
> spice package for trusty contains a malformed patch
>
> Status in spice package in Ubuntu:
> Triaged
> Status in spice source package in Trusty:
> Fix Committed
>
> Bug description:
> ====================================
> Impact: the package cannot be unpacked (patches do not apply)
> Devel fix: the patch is dropped (applied upstream)
> stable fix: fix the newline damage in the patch
> test case: apt-get source spice (on a trusty machine)
> regression potential: there should be none, however this should cause to
> be linked with lpthread (as it was meant to be to fix Debian bug #713681
> since 2013). This *could* cause a regression. The alternative would be to
> simply drop the patch from the package, which should have no risk of
> regression at all. However, this change has been in wheezy-backports for a
> long time with no reported troubles.
> ====================================
>
> The source package for spice contains a malformed patch such that
> dpkg-source cannot extract it. This is fixed in later releases by
> removing the specific patch, but it would be useful for the Trusty
> package to be fixed.
>
> $ apt-get source spice
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> NOTICE: 'spice' packaging is maintained in the 'Git' version control
> system at:
> git://anonscm.debian.org/collab-maint/spice.git
> Need to get 1,744 kB of source archives.
> Get:1 http://us.archive.ubuntu.com/ubuntu/ trusty/main spice
> 0.12.4-0nocelt2 (dsc) [2,236 B]
> Get:2 http://us.archive.ubuntu.com/ubuntu/ trusty/main spice
> 0.12.4-0nocelt2 (tar) [1,719 kB]
> Get:3 http://us.archive.ubuntu.com/ubuntu/ trusty/main spice
> 0.12...

Read more...

Felipe Reyes (freyes) wrote :

The patches can be applied and removed now

ubuntu@trusty-affinity:~/spice-0.12.4$ quilt push -a
File series fully applied, ends at patch fix-buffer-overflow-when-decrypting-client-spice-ticket.patch
ubuntu@trusty-affinity:~/spice-0.12.4$ quilt pop -a
Removing patch fix-buffer-overflow-when-decrypting-client-spice-ticket.patch
Restoring server/reds.c

Removing patch enable_subdir-objects.patch
Restoring spice-common/configure.ac

Removing patch link-server-test-with-libm-libpthread.patch
Restoring server/tests/Makefile.am

Removing patch make-celt-to-be-optional.patch
Restoring server/snd_worker.c
Restoring configure.ac
Restoring client/audio_channels.h
Restoring client/playback_channel.cpp
Restoring client/record_channel.cpp

Removing patch fix-tests-warnings.patch
Restoring server/tests/basic_event_loop.c
Restoring server/tests/test_display_base.c

No patches applied
ubuntu@trusty-affinity:~/spice-0.12.4$ quilt push -a
Applying patch fix-tests-warnings.patch
patching file server/tests/basic_event_loop.c
patching file server/tests/test_display_base.c

Applying patch make-celt-to-be-optional.patch
patching file client/audio_channels.h
patching file client/playback_channel.cpp
patching file client/record_channel.cpp
patching file configure.ac
patching file server/snd_worker.c

Applying patch link-server-test-with-libm-libpthread.patch
patching file server/tests/Makefile.am

Applying patch enable_subdir-objects.patch
patching file spice-common/configure.ac

Applying patch fix-buffer-overflow-when-decrypting-client-spice-ticket.patch
patching file server/reds.c

Now at patch fix-buffer-overflow-when-decrypting-client-spice-ticket.patch

tags: added: verification-done
removed: verification-needed
Brian Murray (brian-murray) wrote :

I verified this using the test case of 'apt-get source spice'.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package spice - 0.12.4-0nocelt2ubuntu1

---------------
spice (0.12.4-0nocelt2ubuntu1) trusty-proposed; urgency=medium

  [Gregory Boyce]
  * Fix newline-damaged patch (LP: #1450043)

 -- Serge Hallyn <email address hidden> Mon, 04 May 2015 10:47:58 -0500

Changed in spice (Ubuntu Trusty):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for spice has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Changed in spice (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers