* SECURITY UPDATE: Memory DoS via Arbitrary Entries in active_xfers Hash
Table
- debian/patches/CVE-2020-25650-1.patch: avoid agents allocating file
transfers in src/vdagentd/vdagentd.c.
- debian/patches/CVE-2020-25650-2.patch: avoid uncontrolled
active_xfers allocations in src/vdagentd/vdagentd.c.
- CVE-2020-25650
* SECURITY UPDATE: Possible File Transfer DoS and Information Leak via
active_xfers Hash Map
- debian/patches/CVE-2020-25651-1.patch: cleanup active_xfers when the
client disconnects in src/vdagentd/vdagentd.c.
- debian/patches/CVE-2020-25651-2.patch: do not allow using an already
used file-xfer id in src/vdagentd/vdagentd.c.
- CVE-2020-25651
* SECURITY UPDATE: Possibility to Exhaust File Descriptors in vdagentd
- debian/patches/CVE-2020-25652-1.patch: avoid unlimited agent
connections in src/udscs.c.
- debian/patches/CVE-2020-25652-2.patch: limit number of agents per
session to 1 in src/vdagentd/vdagentd.c.
- CVE-2020-25652
* SECURITY UPDATE: UNIX Domain Socket Peer PID Retrieved via SO_PEERCRED
is Subject to Race Condition
- debian/patches/CVE-2020-25653-1.patch: avoid user session hijacking
in src/udscs.c, src/udscs.h, src/vdagentd/vdagentd.c.
- debian/patches/CVE-2020-25653-2.patch: better check for sessions in
src/vdagentd/console-kit.c, src/vdagentd/dummy-session-info.c,
src/vdagentd/session-info.h, src/vdagentd/systemd-login.c,
src/vdagentd/vdagentd.c.
- CVE-2020-25653
* Additional fixes:
- debian/patches/CVE-2020-2565x-1.patch: avoid calling chmod in
src/vdagentd/vdagentd.c.
* Team upload.
* d/p/vdagentd-Fix-session-lookup-for-new-GNOME-versions.patch: Fix session
lookup for new GNOME versions (thanks to Iain Lane <laney@debian.org>)
* Team upload.
* Enable upstream tarball signature verification
* New upstream version 0.19.0
- tmpfiles.d/spice-vdagentd.conf now uses /run instead of /var/run
(Closes: #910363)
* debian/control: Adjust the build-dependencies
* debian/control: Bump Standards-Version to 4.4.0 (no further changes)
* debian/patches/systemd_service_default_file.patch: Refreshed
* debian/docs: TODO file is gone and README has been renamed to README.md
* Bump debhelper compatibility to 12.
This will switch the package to dh_installsystemd and prevent the
service to start on machines that are virtual machines with virtio
channel enabled
* Team upload.
[ Laurent Bigonville ]
* debian/watch: Update the URL
* New upstream version 0.18.0 (Closes: #905771)
- Quote the save directory before passing to shell (Closes: #883238
CVE-2017-15108)
- Drop the patches merged upstream
- debian/patches/systemd_service_default_file.patch: Refreshed
- debian/control: Bump the build-dependencies
* debian/control: Build-depend against udev
* debian/control: Drop dh-systemd, not needed with debhelper >= 10
* debian/control: Bump Standards-Version to 4.2.1 (no further changes)
* debian/control: Update Vcs- fields to the new URL
* Enable GTK support, the X11 backend is deprecated
* debian/rules: Reduce the number of runtime dependencies
* debian/control: Fix typos in the Description.
Thanks to Ludovic Rousseau <ludovic.rousseau@free.fr> (Closes: #874678)
* debian/rules: Use dh_auto_install instead of calling make directly
* debian/rules: Use dh_missing --list-missing instead of dh_install
[ Helmut Grohne ]
* Fix FTCBFS: Let dh_auto_configure pass --host to ./configure.
(Closes: #894116)
* New upstream release
* Refresh debian/copyright
* debian/patches:
- Remove libsystemd.patch, applied upstream
- systemd_service_default_file.patch, remove After=dbus.target,
obsoleted by recent systemd
- Refresh other patches
* debian/control:
- Add build-depends on libasound2-dev (>= 1.0.22)
- Update build-depends on libspice-protocol-dev to 0.12.8
- Update build-depends on libglib2.0-dev to 2.28
- Update build-depends on debhelper to 10
- Bump Standards-Version to 3.9.8
- Use secure uri in vcs-*
* debian/spice-vdagent.install:
- Remove etc/rsyslog.d/spice-vdagentd.conf, removed upstream
* debian/compat:
- Update to version 10
* debian/rules
- Call dh with autoreconf
* Non-maintainer upload.
[ Laurent Bigonville ]
* Properly install the systemd .service and other support files (Closes:
#791422)
* debian/spice-vdagent.init: Pass parameters from $SPICE_VDAGENTD_EXTRA_ARGS
variable to the spice-vdagentd daemon, so both LSB initscript and .service
files behave the same.
* debian/rules: Call dh_install with --list-missing parameter
[ Michael Biebl ]
* Use of the new libsystemd library instead of libsystemd-login (Closes:
#779782)
* Non-maintainer upload, with permission from maintainer.
* Use systemd for session information (Closes: #756243).
Accordingly build-depend on libsystemd-login-dev, which is needed
for getting session information from logind.
* Start spice-vdagent in the GDM3 greeter session (Closes: #732924).
* Non-maintainer upload.
* Fix syntax of fix-spelling-error-in-manpage.patch (Closes: #752953).
Thanks to Juhani Numminen <juhaninumminen0@gmail.com> for the patch!
* New upstream release
* Update debian/watch
* debian/patches:
- Refresh fix-typo-in-vdagentd-c.patch
- Add enable-pie-on-spice-vdagent.patch
* debian/rules:
- Install systemd config files
- Enalbe PIE
* debian/cotntrol:
- Update VCS-* field
* New upstream release
* debian/control:
- Update my email address
- Depends on libspice-protocol-dev (>= 0.12.5)
- Depends on libglib2.0-dev (>= 2.12)
- Depends on autoconf, automake
* debian/source/options:
- Ignore autoreconf generated files
* debian/rules:
- Call autoreconf before run configure script
* Refresh fix-typo-in-vdagentd-c.patch
* Add fix-spelling-error-in-manpage.patch
* Refresh debian/copyright
* Remove debian/spice-vdagent.1 and debian/spice-vdagentd.8,
upstream ships manpages
* spice-vdagent.install:
- Remove var/log/spice-vdagentd
- Add etc/rsyslog.d/spice-vdagentd.conf
* Bump Standards-Version to 3.9.4(no change required)
* New upstream release.
* debian/copyright:
- Update copyright information.
* debian/control:
- Add libpciaccess-dev and libxinerama-dev
to Build-Depends.
- Bump Standards-Version to 3.9.3.
* debian/rules:
- Compile with console kit
* Initial release (Closes: #605966)