spice (0.12.4-0nocelt2ubuntu1.8) trusty-security; urgency=medium

  * SECURITY UPDATE: off-by-one error in memslot_get_virt
    - debian/patches/CVE-2019-3813.patch: fix checks in
      server/red_memslots.c.
    - CVE-2019-3813

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 24 Jan 2019 09:46:04 -0500

spice (0.12.4-0nocelt2ubuntu1.7) trusty-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-10873.patch:  fix in
      spice-common/python_modules/demarshal.py,
    - CVE-2018-10873

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Mon, 20 Aug 2018 15:45:59 -0300

spice (0.12.4-0nocelt2ubuntu1.6) trusty-security; urgency=medium

  * SECURITY UPDATE: Integer overflow and buffer overflow
    - debian/patches/CVE-2017-12194-1.patch: fix a integer overflow
      computing sizes in spice-common/python_modules/demarshal.py.
    - debian/patches/CVE-2017-12194-2.patch: avoid integer overflow
      in spice-common/python_modules/demarshal.py,
      spice-common/python_modules/marshal.py.
    - CVE-2017-12194

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Tue, 22 May 2018 13:01:14 -0300

spice (0.12.4-0nocelt2ubuntu1.5) trusty-security; urgency=medium

  * SECURITY UPDATE: buffer overflow via invalid monitor configurations
    - debian/patches/CVE-2017-7506-1.patch: disconnect when receiving
      overly big ClientMonitorsConfig in server/reds.c.
    - debian/patches/CVE-2017-7506-2.patch: avoid integer overflows
      handling monitor configuration in server/reds.c.
    - debian/patches/CVE-2017-7506-3.patch: avoid buffer overflows handling
      monitor configuration in server/reds.c.
    - CVE-2017-7506

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 18 Jul 2017 13:39:05 -0400

spice (0.12.4-0nocelt2ubuntu1.4) trusty-security; urgency=medium

  * SECURITY UPDATE: overflow when reading large messages
    - debian/patches/CVE-2016-9577.patch: check size in
      server/main_channel.c.
    - CVE-2016-9577
  * SECURITY UPDATE: DoS via crafted message
    - debian/patches/CVE-2016-9578-1.patch: limit size in server/reds.c.
    - debian/patches/CVE-2016-9578-2.patch: limit caps in server/reds.c.
    - CVE-2016-9578

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 15 Feb 2017 14:07:29 -0500

spice (0.12.4-0nocelt2ubuntu1.3) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    memory allocation flaw in smartcard interaction
    - debian/patches/CVE-2016-0749/*.patch: add a ref to item and allocate
      msg with the expected size in server/smartcard.c.
    - CVE-2016-0749
  * SECURITY UPDATE: host memory access from guest with invalid primary
    surface parameters
    - debian/patches/CVE-2016-2150/*.patch: create a function to validate
      surface parameters in server/red_parse_qxl.*, improve primary surface
      parameter checks in server/red_worker.c.
    - CVE-2016-2150
  * Added two extra commits to previous security update:
    - 0001-worker-validate-correctly-surfaces.patch
    - 0002-worker-avoid-double-free-or-double-create-of-surface.patch

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 10 Jun 2016 10:58:27 -0400

spice (0.12.4-0nocelt2ubuntu1.2) trusty-security; urgency=medium

  * SECURITY UPDATE: multiple security issues
    - debian/patches/CVE-2015-526x/*.patch: apply series of patches from
      Red Hat to fix overflows, race conditions, memory leaks and denial of
      service issues.
    - CVE-2015-5260
    - CVE-2015-5261

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 01 Oct 2015 07:37:43 -0400

spice (0.12.4-0nocelt2ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: heap corruption via monitor configs
    - debian/patches/CVE-2015-3247.patch: only read count once in
      server/red_worker.c.
    - CVE-2015-3247

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 08 Sep 2015 08:03:35 -0400

spice (0.12.4-0nocelt2ubuntu1) trusty-proposed; urgency=medium

  [Gregory Boyce]
  * Fix newline-damaged patch (LP: #1450043)

 -- Serge Hallyn <serge.hallyn@ubuntu.com>  Mon, 04 May 2015 10:47:58 -0500

spice (0.12.4-0nocelt2) unstable; urgency=high

  * Fix CVE-2013-4282 (Closes: #728314)

 -- Liang Guo <guoliang@debian.org>  Thu, 07 Nov 2013 22:44:29 +0800

spice (0.12.4-0nocelt1.1) unstable; urgency=low

  * Non-maintainer upload.
  * debian/patches
    - add enable_subdir-objects.patch (Closes: #724093)

 -- Hideki Yamane <henrich@debian.org>  Mon, 21 Oct 2013 12:27:35 +0900

spice (0.12.4-0nocelt1) unstable; urgency=low

  * New upstream release (Closes: #717030)
  * Remove .version after build (Closes: #671627)
  * debian/control:
    - Bump Standards-Version to 3.9.4 (no changes)
    - Update VCS-* to use canonical URIs
  * debian/patches:
    - fix-tests-warnings.patch, refresh
    - link-server-test-with-libm-libpthread.patch, add (Closes: #713681)
  * Refresh libspice-server1.symbols
  
 -- Liang Guo <guoliang@debian.org>  Thu, 25 Jul 2013 00:10:00 +0800
  
spice (0.12.3-0nocelt1) unstable; urgency=low

  * New upstream release
  * debian/patches:
    - fix-build-warning-PIXEL.patch, remove, applied upstream
    - link-libspice-server-with-libm-libpthread.patch, remove,
      applied upstream
    - spice-common-remove-version-construction.patch, remove,
      applied upstream
    - fix-tests-warnings.patch, refresh
    - make-celt-to-be-optional.patch, refresh
  * libspice-server-dev should depends on libglib2.0-dev, or 
    qxl driver compile will fail. 
  * Refresh libspice-server1.symbols

 -- Liang Guo <guoliang@debian.org>  Sun, 19 May 2013 11:10:10 +0800

spice (0.12.2-0nocelt3) unstable; urgency=low

  * Upload to unstable

 -- Liang Guo <guoliang@debian.org>  Fri, 10 May 2013 09:10:16 +0800

spice (0.12.2-0nocelt2exp) experimental; urgency=low

  * added two patches from Serge Hallyn to fix numerous compiler warnings:
     fix-build-warning-PIXEL.patch
     fix-tests-warnings.patch
  * spice-common-remove-version-construction.patch - to stop spice-common
    from produce a ton of `build-aux/git-version-gen: not found' errors
    during autoreconf.

 -- Michael Tokarev <mjt@tls.msk.ru>  Mon, 11 Feb 2013 23:29:11 +0400

spice (0.12.2-0nocelt1exp) experimental; urgency=low

  * New upstream release
  * debian/patches:
     - Refresh link-libspice-server-with-libm-libpthread.patch
  * Refresh debian/cpyright, new files added
  * Build client, upstream don't build client by default
  * Refresh libspice-server1.symbols
  * Add libglib2.0-dev to Build-Depends

  [ Michael Tokarev ]
  * refresh make-celt-to-be-optional.patch (minor context diff)
  * do not build-depend on libspice-protocol-dev
    (upstream always uses included copy)
  * add (versioned) dependency on libspice-protocol-dev to libspice-server-dev
    package, since when the latter is installed, embedded protocol headers
    are not installed
  * do not build-depend on mesa libs (OpenGL is not enabled by default
    and is not recommended by upstream)
  * do not build-depend on libogg-dev
  * configure with --disable-silent-rules, so that the compiler command
    line is visible (this fixes the lintian warnings about hardening flags)

 -- Michael Tokarev <mjt@tls.msk.ru>  Thu, 17 Jan 2013 19:19:30 +0400

spice (0.11.0-1) unstable; urgency=low

  * New upstream release
  * Breaks spice-gtk (<= 0.12-2)
  * Refresh debian/libspice-server1.symbols
  * debian/control:
    - Update my e-mail address
    - Add python-pyparsing to Build-Depends
  * debian/patches:
    - Remove fix-error-path-return-in-snd_set_record_peer.patch, 
      applied upstream
    - Refresh make-celt-to-be-optional.patch
    - Refresh link-libspice-server-with-libm-libpthread.patch
  * Simplify debian/rules, celt removed, no reason to use 
    traditional one
  * Disable smartcard, not in debian yet
  * Refresh debian/copyright

 -- Liang Guo <guoliang@debian.org>  Sat, 09 Jun 2012 11:33:05 +0800

spice (0.10.1-3~nocelt) experimental; urgency=low

  * Applying for co-maintenance, adding myself to Uploaders (Closes: #671627)
  * Bump Standards-Version to 3.9.3 (no changes)
  * link-libspice-server-with-libm-libpthread.patch - missing libraries
  * Enable multiarch for libspice-server, bump debhelper compat to 9
  * do not require root in clean target
  * build-depend on dh-autoreconf and python to be able to run autoreconf
    and python code generator
  * use dh_autoreconf, do not ship debian/source/options anymore
  * consolidate clean target in debian/rules
  * 2 patches:
    - fix-error-path-return-in-snd_set_record_peer.patch (from upstream git),
      which is a pre-requisite for the next patch, and
    - make-celt-to-be-optional.patch (sent to upstream).
    This makes it possible to build spice without celt.
  * Disable celt051 usage.

 -- Michael Tokarev <mjt@tls.msk.ru>  Sat, 02 Jun 2012 16:18:56 +0400

spice (0.10.1-2) unstable; urgency=low

  * added dependency on libxinerama-dev to
    libspice-server-dev, temporarily, till
    either upstream or we will have better
    solution.  libspice-server does not use
    xinerama in any way, yet it is listed in
    the requiriments in the pkg-config file,
    which is generated at configure time.
    (Closes: #658173)

 -- Michael Tokarev <mjt@tls.msk.ru>  Wed, 01 Feb 2012 01:08:34 +0400

spice (0.10.1-1) unstable; urgency=low

  * New upstream release
  * Refresh libspice-server1.symbols
  * debian/control
    - Change Build-Depends on libspice-protocol-dev to (>= 0.10.1~)
    - Add libxinerama-dev to Build-Depends
  
 -- Liang Guo <bluestonechina@gmail.com>  Fri, 27 Jan 2012 23:28:26 +0800

spice (0.10.0-1) unstable; urgency=low

  [ Liang Guo ]
  * New upstream release (Closes: #651262)
  * Refresh debian/copyright
  * Remove fix-typo-in-cmd_line_parser-cpp.patch, applied upstream
  * Remove fix-typo-in-record-cpp.patch, applied upstream
  * Remove use-requires-private-for-libspice-pkgconfig.patch, applied upstream
  * Change Build-Depends on libspice-protocol-dev to (>= 0.9.1~)
  * Refresh libspice-server1.symbols
  * Update debian/rules clean target
  * Ignore common/win/my_getopt-1.5/Makefile change when building package
  * debian/control: set DMUA

  [ Michael Tokarev ]
  * use `rm -f' instead of `-rm' in debian/rules clean targets
  * remove python_modules/*.pyc in clean target
  
 -- Liang Guo <bluestonechina@gmail.com>  Tue, 29 Nov 2011 14:37:08 +0800
  
spice (0.8.3-1) unstable; urgency=low

  * New upstream release
  * Update debian/copyright to fit DEP-5
  * Remove drop-unnecessary-build-request.patch, applied upstream
  * Update Build-Depends on libspice-protocol-dev to 0.8.2~
  * Disable GUI support, CEGUI version in Debian not supported
  * Add libjpeg-dev to Build-Depends
  * Refresh libspice-server1.symbols

 -- Liang Guo <bluestonechina@gmail.com>  Thu, 20 Oct 2011 11:13:23 +0800

spice (0.8.2-2) unstable; urgency=low

  [ Michael Tokarev ]
  * move libraries used internally by libspice-server from Requires
    to Requires.private in pkg-config file

  [ Liang Guo ]
  * Add libpixman-1-dev and libssl-dev to libspice-server-dev
    Depends (Closes: #637189)
  * Remove alsa, xrandr, xfixes, x11, xext and xrender 
    from spice-server.pc Requires
  * Fix typo in debian/spicec.1

 -- Liang Guo <bluestonechina@gmail.com>  Tue, 16 Aug 2011 10:36:31 +0800

spice (0.8.2-1) unstable; urgency=low

  * Initial release (Closes: #560721)

 -- Liang Guo <bluestonechina@gmail.com>  Sat, 23 Jul 2011 12:21:04 +0800

