spice package for trusty contains a malformed patch

Thank you for taking the time to report this bug and helping to make Ubuntu better.

> This is fixed in later releases by removing the specific patch, but it would be useful for the Trusty package to be fixed.

Why? What is the impact to Trusty users?

To update a package in Trusty the procedure is documented at https://wiki.ubuntu.com/StableReleaseUpdates#Procedure. I'm not yet convinced that the fix you proposed is justified under the SRU policy (documented elsewhere in that page) but if you think otherwise then you could proceed by beginning the documentation part of the procedure which is a requirement for doing the update anyway.

The impact on Trusty users is that if they need to extract the sources in order to view them or rebuild them, they would not be able to. In my case I needed to rebuild the source. The binary packages themselves are fine.

The chance of regression in this case is very minimal if the missing newlines are added rather than removing the patches like was done in the later package versions.

Patch is attached.

The attachment "spice-newlinefix.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

Hello Gregory, or anyone else affected,

Accepted spice into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/spice/0.12.4-0nocelt2ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Thanks Brian. It's not in proposed yet, but the package itself extracts
fine.

On Fri, May 8, 2015 at 5:20 PM Brian Murray <email address hidden> wrote:

> Hello Gregory, or anyone else affected,
>
> Accepted spice into trusty-proposed. The package will build now and be
> available at
> https://launchpad.net/ubuntu/+source/spice/0.12.4-0nocelt2ubuntu1 in a
> few hours, and then in the -proposed repository.
>
> Please help us by testing this new package. See
> https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
> enable and use -proposed. Your feedback will aid us getting this update
> out to other Ubuntu users.
>
> If this package fixes the bug for you, please add a comment to this bug,
> mentioning the version of the package you tested, and change the tag
> from verification-needed to verification-done. If it does not fix the
> bug for you, please add a comment stating that, and change the tag to
> verification-failed. In either case, details of your testing will help
> us make a better decision.
>
> Further information regarding the verification process can be found at
> https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in
> advance!
>
> ** Changed in: spice (Ubuntu Trusty)
> Status: New => Fix Committed
>
> ** Tags added: verification-needed
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1450043
>
> Title:
> spice package for trusty contains a malformed patch
>
> Status in spice package in Ubuntu:
> Triaged
> Status in spice source package in Trusty:
> Fix Committed
>
> Bug description:
> ====================================
> Impact: the package cannot be unpacked (patches do not apply)
> Devel fix: the patch is dropped (applied upstream)
> stable fix: fix the newline damage in the patch
> test case: apt-get source spice (on a trusty machine)
> regression potential: there should be none, however this should cause to
> be linked with lpthread (as it was meant to be to fix Debian bug #713681
> since 2013). This *could* cause a regression. The alternative would be to
> simply drop the patch from the package, which should have no risk of
> regression at all. However, this change has been in wheezy-backports for a
> long time with no reported troubles.
> ====================================
>
> The source package for spice contains a malformed patch such that
> dpkg-source cannot extract it. This is fixed in later releases by
> removing the specific patch, but it would be useful for the Trusty
> package to be fixed.
>
> $ apt-get source spice
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> NOTICE: 'spice' packaging is maintained in the 'Git' version control
> system at:
> git://anonscm.debian.org/collab-maint/spice.git
> Need to get 1,744 kB of source archives.
> Get:1 http://us.archive.ubuntu.com/ubuntu/ trusty/main spice
> 0.12.4-0nocelt2 (dsc) [2,236 B]
> Get:2 http://us.archive.ubuntu.com/ubuntu/ trusty/main spice
> 0.12.4-0nocelt2 (tar) [1,719 kB]
> Get:3 http://us.archive.ubuntu.com/ubuntu/ trusty/main spice
> 0.12...

The patches can be applied and removed now

ubuntu@trusty-affinity:~/spice-0.12.4$ quilt push -a
File series fully applied, ends at patch fix-buffer-overflow-when-decrypting-client-spice-ticket.patch
ubuntu@trusty-affinity:~/spice-0.12.4$ quilt pop -a
Removing patch fix-buffer-overflow-when-decrypting-client-spice-ticket.patch
Restoring server/reds.c

Removing patch enable_subdir-objects.patch
Restoring spice-common/configure.ac

Removing patch link-server-test-with-libm-libpthread.patch
Restoring server/tests/Makefile.am

Removing patch make-celt-to-be-optional.patch
Restoring server/snd_worker.c
Restoring configure.ac
Restoring client/audio_channels.h
Restoring client/playback_channel.cpp
Restoring client/record_channel.cpp

Removing patch fix-tests-warnings.patch
Restoring server/tests/basic_event_loop.c
Restoring server/tests/test_display_base.c

No patches applied
ubuntu@trusty-affinity:~/spice-0.12.4$ quilt push -a
Applying patch fix-tests-warnings.patch
patching file server/tests/basic_event_loop.c
patching file server/tests/test_display_base.c

Applying patch make-celt-to-be-optional.patch
patching file client/audio_channels.h
patching file client/playback_channel.cpp
patching file client/record_channel.cpp
patching file configure.ac
patching file server/snd_worker.c

Applying patch link-server-test-with-libm-libpthread.patch
patching file server/tests/Makefile.am

Applying patch enable_subdir-objects.patch
patching file spice-common/configure.ac

Applying patch fix-buffer-overflow-when-decrypting-client-spice-ticket.patch
patching file server/reds.c

Now at patch fix-buffer-overflow-when-decrypting-client-spice-ticket.patch

I verified this using the test case of 'apt-get source spice'.

This bug was fixed in the package spice - 0.12.4-0nocelt2ubuntu1

---------------
spice (0.12.4-0nocelt2ubuntu1) trusty-proposed; urgency=medium

  [Gregory Boyce]
  * Fix newline-damaged patch (LP: #1450043)

 -- Serge Hallyn <email address hidden> Mon, 04 May 2015 10:47:58 -0500

The verification of the Stable Release Update for spice has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.