ubuntu/+source/spice:ubuntu/artful-updates

Last commit made on 2018-05-23
Get this branch:
git clone -b ubuntu/artful-updates https://git.launchpad.net/ubuntu/+source/spice
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/artful-updates
Repository:
lp:ubuntu/+source/spice

Recent commits

ca10e8d... by Leonidas S. Barbosa on 2018-05-22

Import patches-unapplied version 0.12.8-2.2ubuntu0.1 to ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 4b629d66bc0d867f2004cc87b83a04090bbddc48

New changelog entries:
  * SECURITY UPDATE: Integer overflow and buffer overflow
    - debian/patches/CVE-2017-12194-1.patch: fix a integer overflow
      computing sizes in spice-common/python_modules/demarshal.py.
    - debian/patches/CVE-2017-12194-2.patch: avoid integer overflow
      in spice-common/python_modules/demarshal.py,
      spice-common/python_modules/marshal.py.
    - debian/patches/CVE-2017-12194-3.patch: add tests to verify fix.
    - CVE-2017-12194

4b629d6... by Markus Koschany <email address hidden> on 2017-07-21

Import patches-unapplied version 0.12.8-2.2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f73787f6acc1029870aceeec244cc22b08e01748

New changelog entries:
  * Non-maintainer upload.
  * Fix CVE-2017-7506: (Closes: #868083)
    Possible buffer overflow via invalid monitor configurations.

f73787f... by Markus Koschany <email address hidden> on 2017-02-13

Import patches-unapplied version 0.12.8-2.1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 1362f89bbb02065578430eba5fe0b18b33c2db0f

New changelog entries:
  * Non-maintainer upload.
  * Add CVE-2016-9577-and-CVE-2016-9578.patch:
    - CVE-2016-9577: A buffer overflow vulnerability in
      main_channel_alloc_msg_rcv_buf was found that occurs when reading large
      messages due to missing buffer size check.
    - CVE-2016-9578: A vulnerability was discovered in the server's
      protocol handling. An attacker able to connect to the spice server could
      send crafted messages which would cause the process to crash.
      (Closes: #854336)

1362f89... by Liang Guo <email address hidden> on 2017-01-06

Import patches-unapplied version 0.12.8-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 3e2a3a4314136b8701a64b4fc90cd0ccf196e65f

New changelog entries:
  * Build on all little-endian architectures (Closes: #734218)
  * Drop -dbg package and rely on the automatically built one (-dbgsym)
  * Drop the libasound2-dev build-dependency, this was needed for the
    spice-client which is gone since 0.12.6-1

3e2a3a4... by Liang Guo <email address hidden> on 2016-07-26

Import patches-unapplied version 0.12.8-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 7f3a70b54a215d84b2550682fecf374c125e579f

New changelog entries:
  * New upstream release
  * Remove debian/patches/{CVE-2016-0749,CVE-2016-2150}, applied
    Upstream

7f3a70b... by Liang Guo <email address hidden> on 2016-06-23

Import patches-unapplied version 0.12.7-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 939fce520ac6bf465379543dffa418c1d02998ac

New changelog entries:
  * New upstream release
  * Update debian/copyright
  * Refresh debian/patches
  * Static build is disabled, remove lib*.a from libspice-server-dev
  * Update Standards-Version to 3.9.8 (no changes)
  * Use secure uri in vcs-*

939fce5... by Salvatore Bonaccorso on 2016-06-06

Import patches-unapplied version 0.12.6-4.1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 3bc34a3ee8e17bcd960a6d648ac575dc51ef8df5

New changelog entries:
  * Non-maintainer upload.
  * CVE-2016-0749: heap-based buffer overflow in smartcard interaction
    (Closes: #826585)
  * CVE-2016-2150: host memory access from guest using crafted primary surface
    parameters (Closes: #826584)

3bc34a3... by Michael Tokarev <email address hidden> on 2015-11-06

Import patches-unapplied version 0.12.6-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 272fa8928e78960d6d8b97021c569532e8b8a47d

New changelog entries:
  * stop depending libspice-server-dev on libcacard-dev (#802413).
    Instead, remove mention of libcacard from the .pc file, as it
    is not actually used when building with libspice-server.
  * remove Requires.private defs from .pc file -- we're not building static
    libs, but if Requires.private is present, pkg-config requires the other
    .pc files to be present too, which is wrong (Closes: #803926)

272fa89... by Michael Tokarev <email address hidden> on 2015-10-20

Import patches-unapplied version 0.12.6-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 711da6c53dbceccf519e9c2ba1726ef6bd473549

New changelog entries:
  * update Standards-Version to 3.9.6 (no changes)
  * add libcacard-dev to libspice-server-dev dependencies
    (Closes: #802413)

711da6c... by Michael Tokarev <email address hidden> on 2015-10-08

Import patches-unapplied version 0.12.6-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 2103d50963c04e38b3154b99b754f060468070e4

New changelog entries:
  * stop linking with libcacard as no symbols from it are
    actually used
  * use dh-autoreconf since we're modifying automake files again
  * Acknowledge previous NMUs. Thank you Salvatore and Laurent!
  * new upstream release (0.12.6), removed all patches (applied upstream)
  * add libspice-protocol-dev to build-deps, it is actually used
    since this version (instead of internal version)
  * remove libxinerama from build-deps and deps of libspice-server-dev
    (#658173 fixed upstream)
  * remove libcacard-dev from libspice-server1-dev deps (it is not
    actually used by the server) and remove version from libcacard
    build-dep (any version ever seen in debian will do)
    TODO: stop linking with libcacard0 too, as libspice-server does
    not actually use any of its symbols
  * stop building spice-client, since upstream dropped it
    (Closes: #749331 #704229 #641772 #715179).
    Remove libxrandr-dev, libxfixes-dev, and mentions of mesa from build-deps.
  * update libspice-server1.symbols file with new symbols.
    Note: one symbol has been removed in this release,
    spice_server_migrate_client_state@SPICE_SERVER_0.6.0 (from 0.8.2),
    but it looks like it was exported by mistake and has never been
    a public API, so we wont make new library package
  * enable parallel build (dch --parallel)
  * add python-six to build-deps, needed for code generation
    (marshallers/demarshallers)
  * remove libxinerama-dev, libssl-dev and libglib2.0-dev deps from
    libspice-server-dev package, since spice headers does not include
    these anymore, and the libs will be satisfied from the shared library
  * remove spice-protocol refs from d/copyright
  * remove double LGPL-2.1+ license text from d/copyright