ubuntu/+source/spice:ubuntu/zesty-security

Last commit made on 2017-07-19
Get this branch:
git clone -b ubuntu/zesty-security https://git.launchpad.net/ubuntu/+source/spice
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/zesty-security
Repository:
lp:ubuntu/+source/spice

Recent commits

2477b2e... by Marc Deslauriers on 2017-07-18

Import patches-unapplied version 0.12.8-2ubuntu1.1 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 9b766cfdd4dffc01a4bc018cf3bc58d678f763ac

New changelog entries:
  * SECURITY UPDATE: buffer overflow via invalid monitor configurations
    - debian/patches/CVE-2017-7506-1.patch: disconnect when receiving
      overly big ClientMonitorsConfig in server/reds.c.
    - debian/patches/CVE-2017-7506-2.patch: avoid integer overflows
      handling monitor configuration in server/reds.c.
    - debian/patches/CVE-2017-7506-3.patch: avoid buffer overflows handling
      monitor configuration in server/reds.c.
    - CVE-2017-7506

9b766cf... by Marc Deslauriers on 2017-02-15

Import patches-unapplied version 0.12.8-2ubuntu1 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 1362f89bbb02065578430eba5fe0b18b33c2db0f

New changelog entries:
  * SECURITY UPDATE: overflow when reading large messages
    - debian/patches/CVE-2016-9577.patch: check size in
      server/main_channel.c.
    - CVE-2016-9577
  * SECURITY UPDATE: DoS via crafted message
    - debian/patches/CVE-2016-9578-1.patch: limit size in server/reds.c.
    - debian/patches/CVE-2016-9578-2.patch: limit caps in server/reds.c.
    - CVE-2016-9578

1362f89... by Liang Guo <email address hidden> on 2017-01-06

Import patches-unapplied version 0.12.8-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 3e2a3a4314136b8701a64b4fc90cd0ccf196e65f

New changelog entries:
  * Build on all little-endian architectures (Closes: #734218)
  * Drop -dbg package and rely on the automatically built one (-dbgsym)
  * Drop the libasound2-dev build-dependency, this was needed for the
    spice-client which is gone since 0.12.6-1

3e2a3a4... by Liang Guo <email address hidden> on 2016-07-26

Import patches-unapplied version 0.12.8-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 7f3a70b54a215d84b2550682fecf374c125e579f

New changelog entries:
  * New upstream release
  * Remove debian/patches/{CVE-2016-0749,CVE-2016-2150}, applied
    Upstream

7f3a70b... by Liang Guo <email address hidden> on 2016-06-23

Import patches-unapplied version 0.12.7-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 939fce520ac6bf465379543dffa418c1d02998ac

New changelog entries:
  * New upstream release
  * Update debian/copyright
  * Refresh debian/patches
  * Static build is disabled, remove lib*.a from libspice-server-dev
  * Update Standards-Version to 3.9.8 (no changes)
  * Use secure uri in vcs-*

939fce5... by Salvatore Bonaccorso on 2016-06-06

Import patches-unapplied version 0.12.6-4.1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 3bc34a3ee8e17bcd960a6d648ac575dc51ef8df5

New changelog entries:
  * Non-maintainer upload.
  * CVE-2016-0749: heap-based buffer overflow in smartcard interaction
    (Closes: #826585)
  * CVE-2016-2150: host memory access from guest using crafted primary surface
    parameters (Closes: #826584)

3bc34a3... by Michael Tokarev <email address hidden> on 2015-11-06

Import patches-unapplied version 0.12.6-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 272fa8928e78960d6d8b97021c569532e8b8a47d

New changelog entries:
  * stop depending libspice-server-dev on libcacard-dev (#802413).
    Instead, remove mention of libcacard from the .pc file, as it
    is not actually used when building with libspice-server.
  * remove Requires.private defs from .pc file -- we're not building static
    libs, but if Requires.private is present, pkg-config requires the other
    .pc files to be present too, which is wrong (Closes: #803926)

272fa89... by Michael Tokarev <email address hidden> on 2015-10-20

Import patches-unapplied version 0.12.6-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 711da6c53dbceccf519e9c2ba1726ef6bd473549

New changelog entries:
  * update Standards-Version to 3.9.6 (no changes)
  * add libcacard-dev to libspice-server-dev dependencies
    (Closes: #802413)

711da6c... by Michael Tokarev <email address hidden> on 2015-10-08

Import patches-unapplied version 0.12.6-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 2103d50963c04e38b3154b99b754f060468070e4

New changelog entries:
  * stop linking with libcacard as no symbols from it are
    actually used
  * use dh-autoreconf since we're modifying automake files again
  * Acknowledge previous NMUs. Thank you Salvatore and Laurent!
  * new upstream release (0.12.6), removed all patches (applied upstream)
  * add libspice-protocol-dev to build-deps, it is actually used
    since this version (instead of internal version)
  * remove libxinerama from build-deps and deps of libspice-server-dev
    (#658173 fixed upstream)
  * remove libcacard-dev from libspice-server1-dev deps (it is not
    actually used by the server) and remove version from libcacard
    build-dep (any version ever seen in debian will do)
    TODO: stop linking with libcacard0 too, as libspice-server does
    not actually use any of its symbols
  * stop building spice-client, since upstream dropped it
    (Closes: #749331 #704229 #641772 #715179).
    Remove libxrandr-dev, libxfixes-dev, and mentions of mesa from build-deps.
  * update libspice-server1.symbols file with new symbols.
    Note: one symbol has been removed in this release,
    spice_server_migrate_client_state@SPICE_SERVER_0.6.0 (from 0.8.2),
    but it looks like it was exported by mistake and has never been
    a public API, so we wont make new library package
  * enable parallel build (dch --parallel)
  * add python-six to build-deps, needed for code generation
    (marshallers/demarshallers)
  * remove libxinerama-dev, libssl-dev and libglib2.0-dev deps from
    libspice-server-dev package, since spice headers does not include
    these anymore, and the libs will be satisfied from the shared library
  * remove spice-protocol refs from d/copyright
  * remove double LGPL-2.1+ license text from d/copyright

2103d50... by Salvatore Bonaccorso on 2015-10-07

Import patches-unapplied version 0.12.5-1.3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9df032877370c73f8dbafd587f0c49d4aa03ad7a

New changelog entries:
  * Non-maintainer upload.
  * Add series of patches for CVE-2015-5260 and CVE-2015-6261.
    CVE-2015-5260: insufficient validation of surface_id parameter can cause
    crash. (Closes: #801089)
    CVE-2015-5261: host memory access from guest using crafted images.
    (Closes: #801091)