File: changelog

package info (click to toggle)
spice 0.14.0-1.3
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, buster, sid
  • size: 8,852 kB
  • sloc: ansic: 74,883; sh: 4,580; python: 3,025; makefile: 629
file content (440 lines) | stat: -rw-r--r-- 16,620 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
spice (0.14.0-1.3) unstable; urgency=medium

  * Non-maintainer upload.
  * memslot: Fix off-by-one error in group/slot boundary check (CVE-2019-3813)
    (Closes: #920762)

 -- Salvatore Bonaccorso <carnil@debian.org>  Mon, 28 Jan 2019 13:04:44 +0100

spice (0.14.0-1.2) unstable; urgency=medium

  * Non-maintainer upload.
  * tests/pki: Use CA/certificate with 2048 bit RSA keys (Closes: #910634)

 -- Salvatore Bonaccorso <carnil@debian.org>  Thu, 11 Oct 2018 23:41:48 +0200

spice (0.14.0-1.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Fix flexible array buffer overflow (CVE-2018-10873) (Closes: #906315)

 -- Salvatore Bonaccorso <carnil@debian.org>  Sat, 15 Sep 2018 09:15:28 +0200

spice (0.14.0-1) unstable; urgency=medium

  * New upstream release
  * debian/copyright: refresh 
  * debian/control:
    - Add liborc-0.4-dev to Build-Depends
    - Update Build-Depends on debhelper to >= 10 
    - Remove dh-autoreconf from Build-Depends
    - Bump Standards-Version to 4.1.1 (no changes)
    - Use https in Homepage
  * debian/compat, bump to 10
  * debian/watch, switch to https

 -- Liang Guo <guoliang@debian.org>  Thu, 19 Oct 2017 14:35:54 +0800

spice (0.13.90-0.2) unstable; urgency=medium

  * Non-maintainer upload.
  * debian/rules: Disable parallel building for the tests, this will hopefully
    fix FTBFS on some arch (Closes: #876266)

 -- Laurent Bigonville <bigon@debian.org>  Wed, 20 Sep 2017 12:53:44 +0200

spice (0.13.90-0.1) unstable; urgency=medium

  * Non-maintainer upload.
  [ Laurent Bigonville ]
  * New upstream release (Closes: #849569)
    - Adjust the build-dependencies
    - Drop d/p/CVE-2016-9577-and-CVE-2016-9578.patch,
      d/p/CVE-2017-7506-1.patch, d/p/CVE-2017-7506-2.patch,
      d/p/CVE-2017-7506-3.patch: All merged upstream
    - Drop debian/patches/fix-tests-warnings.patch, unused
    - debian/libspice-server1.symbols: Add newly exported symbols
  * debian/watch: Enable gpg key verification of the upstream tarball
  * debian/rules: Also remove the Libs.private defs from .pc file
  * debian/control: Bump Standards-Version to 4.1.0 (no further changes)
  * debian/rules: Drop override_dh_installdocs, this was only needed when we
    were building the -dbg package ourself
  * debian/control: Add liblz4-dev to the build-dependencies
  * debian/control: Add the needed gstreamer modules to the
    (build-)dependencies to enable gstreamer support
  * Run wrap-and-sort -ts

  [ Santiago Ruano Rincón ]
  * debian/tests/automated-tests: Intial DEP-8 test, using upstream automated
    test (Closes: #827027)

 -- Laurent Bigonville <bigon@debian.org>  Tue, 22 Aug 2017 19:08:19 +0200

spice (0.12.8-2.2) unstable; urgency=medium

  * Non-maintainer upload.
  * Fix CVE-2017-7506: (Closes: #868083)
    Possible buffer overflow via invalid monitor configurations.

 -- Markus Koschany <apo@debian.org>  Fri, 21 Jul 2017 23:34:38 +0200

spice (0.12.8-2.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Add CVE-2016-9577-and-CVE-2016-9578.patch:
    - CVE-2016-9577: A buffer overflow vulnerability in
      main_channel_alloc_msg_rcv_buf was found that occurs when reading large
      messages due to missing buffer size check.
    - CVE-2016-9578: A vulnerability was discovered in the server's
      protocol handling. An attacker able to connect to the spice server could
      send crafted messages which would cause the process to crash.
      (Closes: #854336)

 -- Markus Koschany <apo@debian.org>  Mon, 13 Feb 2017 21:42:01 +0100

spice (0.12.8-2) unstable; urgency=medium

  * Build on all little-endian architectures (Closes: #734218)
  * Drop -dbg package and rely on the automatically built one (-dbgsym)
  * Drop the libasound2-dev build-dependency, this was needed for the
    spice-client which is gone since 0.12.6-1

 -- Liang Guo <guoliang@debian.org>  Fri, 06 Jan 2017 21:50:55 +0800

spice (0.12.8-1) unstable; urgency=medium

  * New upstream release
  * Remove debian/patches/{CVE-2016-0749,CVE-2016-2150}, applied 
    Upstream

 -- Liang Guo <guoliang@debian.org>  Tue, 26 Jul 2016 11:06:19 +0800

spice (0.12.7-1) unstable; urgency=medium

  * New upstream release
  * Update debian/copyright
  * Refresh debian/patches
  * Static build is disabled, remove lib*.a from libspice-server-dev
  * Update Standards-Version to 3.9.8 (no changes)
  * Use secure uri in vcs-*

 -- Liang Guo <guoliang@debian.org>  Thu, 23 Jun 2016 14:09:24 +0800

spice (0.12.6-4.1) unstable; urgency=high

  * Non-maintainer upload.
  * CVE-2016-0749: heap-based buffer overflow in smartcard interaction
    (Closes: #826585)
  * CVE-2016-2150: host memory access from guest using crafted primary surface
    parameters (Closes: #826584)

 -- Salvatore Bonaccorso <carnil@debian.org>  Mon, 06 Jun 2016 19:22:10 +0200

spice (0.12.6-4) unstable; urgency=medium

  * stop depending libspice-server-dev on libcacard-dev (#802413).
    Instead, remove mention of libcacard from the .pc file, as it
    is not actually used when building with libspice-server.
  * remove Requires.private defs from .pc file -- we're not building static
    libs, but if Requires.private is present, pkg-config requires the other
    .pc files to be present too, which is wrong (Closes: #803926)

 -- Michael Tokarev <mjt@tls.msk.ru>  Fri, 06 Nov 2015 10:43:55 +0300

spice (0.12.6-3) unstable; urgency=medium

  * update Standards-Version to 3.9.6 (no changes)
  * add libcacard-dev to libspice-server-dev dependencies
    (Closes: #802413)

 -- Michael Tokarev <mjt@tls.msk.ru>  Tue, 20 Oct 2015 10:08:46 +0300

spice (0.12.6-2) unstable; urgency=medium

  * stop linking with libcacard as no symbols from it are
    actually used
  * use dh-autoreconf since we're modifying automake files again

 -- Michael Tokarev <mjt@tls.msk.ru>  Fri, 09 Oct 2015 01:14:03 +0300

spice (0.12.6-1) unstable; urgency=medium

  * Acknowledge previous NMUs. Thank you Salvatore and Laurent!
  * new upstream release (0.12.6), removed all patches (applied upstream)
  * add libspice-protocol-dev to build-deps, it is actually used
    since this version (instead of internal version)
  * remove libxinerama from build-deps and deps of libspice-server-dev
    (#658173 fixed upstream)
  * remove libcacard-dev from libspice-server1-dev deps (it is not
    actually used by the server) and remove version from libcacard
    build-dep (any version ever seen in debian will do)
    TODO: stop linking with libcacard0 too, as libspice-server does
    not actually use any of its symbols
  * stop building spice-client, since upstream dropped it
    (Closes: #749331 #704229 #641772 #715179).
    Remove libxrandr-dev, libxfixes-dev, and mentions of mesa from build-deps.
  * update libspice-server1.symbols file with new symbols.
    Note: one symbol has been removed in this release,
    spice_server_migrate_client_state@SPICE_SERVER_0.6.0 (from 0.8.2),
    but it looks like it was exported by mistake and has never been
    a public API, so we wont make new library package
  * enable parallel build (dch --parallel)
  * add python-six to build-deps, needed for code generation
    (marshallers/demarshallers)
  * remove libxinerama-dev, libssl-dev and libglib2.0-dev deps from
    libspice-server-dev package, since spice headers does not include
    these anymore, and the libs will be satisfied from the shared library
  * remove spice-protocol refs from d/copyright
  * remove double LGPL-2.1+ license text from d/copyright

 -- Michael Tokarev <mjt@tls.msk.ru>  Fri, 09 Oct 2015 00:00:34 +0300

spice (0.12.5-1.3) unstable; urgency=high

  * Non-maintainer upload.
  * Add series of patches for CVE-2015-5260 and CVE-2015-5261.
    CVE-2015-5260: insufficient validation of surface_id parameter can cause
    crash. (Closes: #801089)
    CVE-2015-5261: host memory access from guest using crafted images.
    (Closes: #801091)

 -- Salvatore Bonaccorso <carnil@debian.org>  Wed, 07 Oct 2015 07:23:38 +0200

spice (0.12.5-1.2) unstable; urgency=high

  * Non-maintainer upload.
  * Add CVE-2015-3247.patch patch.
    CVE-2015-3247: Memory corruption in worker_update_monitors_config().
    (Closes: #797976)

 -- Salvatore Bonaccorso <carnil@debian.org>  Sat, 05 Sep 2015 05:51:01 +0200

spice (0.12.5-1.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Enable smartcard support now that libcacard is in the archive (Closes:
    #786833)

 -- Laurent Bigonville <bigon@debian.org>  Fri, 14 Aug 2015 09:29:41 +0200

spice (0.12.5-1) unstable; urgency=medium

  * new upstream release.  Can now build without celt!
  * Dropped patches:
    - make-celt-to-be-optional.patch
    - link-server-test-with-libm-libpthread.patch
    - enable_subdir-objects.patch
    - fix-buffer-overflow-when-decrypting-client-spice-ticket.patch
  * build-depend on libopus-dev, which enables opus support
    (no --enable-opus configure flag for now)
  * do not remove .version in clean anymore (it is part of the tarball)
  * do not use dh_autoreconf, since we aren't changing autoconf anymore
  * update libspice-server1.symbols with new symbols
  * introduce libspice-server1-dbg package (Closes: #743850)
  * fix the vcs-browse url (Closes: #722241)

 -- Michael Tokarev <mjt@tls.msk.ru>  Fri, 23 May 2014 19:26:44 +0400

spice (0.12.4-0nocelt2) unstable; urgency=high

  * Fix CVE-2013-4282 (Closes: #728314)

 -- Liang Guo <guoliang@debian.org>  Thu, 07 Nov 2013 22:44:29 +0800

spice (0.12.4-0nocelt1.1) unstable; urgency=low

  * Non-maintainer upload.
  * debian/patches
    - add enable_subdir-objects.patch (Closes: #724093)

 -- Hideki Yamane <henrich@debian.org>  Mon, 21 Oct 2013 12:27:35 +0900

spice (0.12.4-0nocelt1) unstable; urgency=low

  * New upstream release (Closes: #717030)
  * Remove .version after build (Closes: #671627)
  * debian/control:
    - Bump Standards-Version to 3.9.4 (no changes)
    - Update VCS-* to use canonical URIs
  * debian/patches:
    - fix-tests-warnings.patch, refresh
    - link-server-test-with-libm-libpthread.patch, add (Closes: #713681)
  * Refresh libspice-server1.symbols
  
 -- Liang Guo <guoliang@debian.org>  Thu, 25 Jul 2013 00:10:00 +0800
  
spice (0.12.3-0nocelt1) unstable; urgency=low

  * New upstream release
  * debian/patches:
    - fix-build-warning-PIXEL.patch, remove, applied upstream
    - link-libspice-server-with-libm-libpthread.patch, remove,
      applied upstream
    - spice-common-remove-version-construction.patch, remove,
      applied upstream
    - fix-tests-warnings.patch, refresh
    - make-celt-to-be-optional.patch, refresh
  * libspice-server-dev should depends on libglib2.0-dev, or 
    qxl driver compile will fail. 
  * Refresh libspice-server1.symbols

 -- Liang Guo <guoliang@debian.org>  Sun, 19 May 2013 11:10:10 +0800

spice (0.12.2-0nocelt3) unstable; urgency=low

  * Upload to unstable

 -- Liang Guo <guoliang@debian.org>  Fri, 10 May 2013 09:10:16 +0800

spice (0.12.2-0nocelt2exp) experimental; urgency=low

  * added two patches from Serge Hallyn to fix numerous compiler warnings:
     fix-build-warning-PIXEL.patch
     fix-tests-warnings.patch
  * spice-common-remove-version-construction.patch - to stop spice-common
    from produce a ton of `build-aux/git-version-gen: not found' errors
    during autoreconf.

 -- Michael Tokarev <mjt@tls.msk.ru>  Mon, 11 Feb 2013 23:29:11 +0400

spice (0.12.2-0nocelt1exp) experimental; urgency=low

  * New upstream release
  * debian/patches:
     - Refresh link-libspice-server-with-libm-libpthread.patch
  * Refresh debian/cpyright, new files added
  * Build client, upstream don't build client by default
  * Refresh libspice-server1.symbols
  * Add libglib2.0-dev to Build-Depends

  [ Michael Tokarev ]
  * refresh make-celt-to-be-optional.patch (minor context diff)
  * do not build-depend on libspice-protocol-dev
    (upstream always uses included copy)
  * add (versioned) dependency on libspice-protocol-dev to libspice-server-dev
    package, since when the latter is installed, embedded protocol headers
    are not installed
  * do not build-depend on mesa libs (OpenGL is not enabled by default
    and is not recommended by upstream)
  * do not build-depend on libogg-dev
  * configure with --disable-silent-rules, so that the compiler command
    line is visible (this fixes the lintian warnings about hardening flags)

 -- Michael Tokarev <mjt@tls.msk.ru>  Thu, 17 Jan 2013 19:19:30 +0400

spice (0.11.0-1) unstable; urgency=low

  * New upstream release
  * Breaks spice-gtk (<= 0.12-2)
  * Refresh debian/libspice-server1.symbols
  * debian/control:
    - Update my e-mail address
    - Add python-pyparsing to Build-Depends
  * debian/patches:
    - Remove fix-error-path-return-in-snd_set_record_peer.patch, 
      applied upstream
    - Refresh make-celt-to-be-optional.patch
    - Refresh link-libspice-server-with-libm-libpthread.patch
  * Simplify debian/rules, celt removed, no reason to use 
    traditional one
  * Disable smartcard, not in debian yet
  * Refresh debian/copyright

 -- Liang Guo <guoliang@debian.org>  Sat, 09 Jun 2012 11:33:05 +0800

spice (0.10.1-3~nocelt) experimental; urgency=low

  * Applying for co-maintenance, adding myself to Uploaders (Closes: #671627)
  * Bump Standards-Version to 3.9.3 (no changes)
  * link-libspice-server-with-libm-libpthread.patch - missing libraries
  * Enable multiarch for libspice-server, bump debhelper compat to 9
  * do not require root in clean target
  * build-depend on dh-autoreconf and python to be able to run autoreconf
    and python code generator
  * use dh_autoreconf, do not ship debian/source/options anymore
  * consolidate clean target in debian/rules
  * 2 patches:
    - fix-error-path-return-in-snd_set_record_peer.patch (from upstream git),
      which is a pre-requisite for the next patch, and
    - make-celt-to-be-optional.patch (sent to upstream).
    This makes it possible to build spice without celt.
  * Disable celt051 usage.

 -- Michael Tokarev <mjt@tls.msk.ru>  Sat, 02 Jun 2012 16:18:56 +0400

spice (0.10.1-2) unstable; urgency=low

  * added dependency on libxinerama-dev to
    libspice-server-dev, temporarily, till
    either upstream or we will have better
    solution.  libspice-server does not use
    xinerama in any way, yet it is listed in
    the requiriments in the pkg-config file,
    which is generated at configure time.
    (Closes: #658173)

 -- Michael Tokarev <mjt@tls.msk.ru>  Wed, 01 Feb 2012 01:08:34 +0400

spice (0.10.1-1) unstable; urgency=low

  * New upstream release
  * Refresh libspice-server1.symbols
  * debian/control
    - Change Build-Depends on libspice-protocol-dev to (>= 0.10.1~)
    - Add libxinerama-dev to Build-Depends
  
 -- Liang Guo <bluestonechina@gmail.com>  Fri, 27 Jan 2012 23:28:26 +0800

spice (0.10.0-1) unstable; urgency=low

  [ Liang Guo ]
  * New upstream release (Closes: #651262)
  * Refresh debian/copyright
  * Remove fix-typo-in-cmd_line_parser-cpp.patch, applied upstream
  * Remove fix-typo-in-record-cpp.patch, applied upstream
  * Remove use-requires-private-for-libspice-pkgconfig.patch, applied upstream
  * Change Build-Depends on libspice-protocol-dev to (>= 0.9.1~)
  * Refresh libspice-server1.symbols
  * Update debian/rules clean target
  * Ignore common/win/my_getopt-1.5/Makefile change when building package
  * debian/control: set DMUA

  [ Michael Tokarev ]
  * use `rm -f' instead of `-rm' in debian/rules clean targets
  * remove python_modules/*.pyc in clean target
  
 -- Liang Guo <bluestonechina@gmail.com>  Tue, 29 Nov 2011 14:37:08 +0800
  
spice (0.8.3-1) unstable; urgency=low

  * New upstream release
  * Update debian/copyright to fit DEP-5
  * Remove drop-unnecessary-build-request.patch, applied upstream
  * Update Build-Depends on libspice-protocol-dev to 0.8.2~
  * Disable GUI support, CEGUI version in Debian not supported
  * Add libjpeg-dev to Build-Depends
  * Refresh libspice-server1.symbols

 -- Liang Guo <bluestonechina@gmail.com>  Thu, 20 Oct 2011 11:13:23 +0800

spice (0.8.2-2) unstable; urgency=low

  [ Michael Tokarev ]
  * move libraries used internally by libspice-server from Requires
    to Requires.private in pkg-config file

  [ Liang Guo ]
  * Add libpixman-1-dev and libssl-dev to libspice-server-dev
    Depends (Closes: #637189)
  * Remove alsa, xrandr, xfixes, x11, xext and xrender 
    from spice-server.pc Requires
  * Fix typo in debian/spicec.1

 -- Liang Guo <bluestonechina@gmail.com>  Tue, 16 Aug 2011 10:36:31 +0800

spice (0.8.2-1) unstable; urgency=low

  * Initial release (Closes: #560721)

 -- Liang Guo <bluestonechina@gmail.com>  Sat, 23 Jul 2011 12:21:04 +0800