spice (0.15.1-1) unstable; urgency=medium * new upstream release (0.15.1) Closes: LP#1964777 * remove patches applied upstream: build-Correctly-check-for-Python-modules.patch test-leaks-fix-the-test-with-OpenSSL3.patch * meson-omit-meson-dist.patch: fix build with meson (it fails right away because build-aux/meson-dist file is not included in the source tarball) * move gstreamer1.0-libav from Recommends: to Suggests: on Ubuntu (MR!5) * d/gbp.conf: create initial gbp config * d/watch: fix url/location include all releases, not just even (02468) ones signature is foo.sig now, not foo.sign * d/upstream/signing-key.asc: key 206D3B352F566F3B0E6572E997D9123DE37A484F Victor Toso de Carvalho -- Michael Tokarev Mon, 17 Oct 2022 20:33:40 +0300 spice (0.15.0-4) unstable; urgency=medium * test-leaks-fix-the-test-with-OpenSSL3.patch: patch from upstream to fix FTBFS with OpenSSL3 -- Michael Tokarev Sat, 14 May 2022 22:46:12 +0300 spice (0.15.0-3) unstable; urgency=medium * patch from upstream to fix ftbfs (Closes: #1005451): build-Correctly-check-for-Python-modules.patch -- Michael Tokarev Mon, 14 Mar 2022 11:00:39 +0300 spice (0.15.0-2) unstable; urgency=medium * switch from $DEB_TARGET_MULTIARCH to $DEB_HOST_MULTIARCH * do-not-run-nonexisting-doxygen-sh.patch to fix FTBFS (apparently wrong upstream meson.build) -- Michael Tokarev Fri, 01 Oct 2021 09:49:55 +0300 spice (0.15.0-1) unstable; urgency=medium * new upstream release 0.15.0 * removed patches included upstream * use meson+ninja build-system * removed the wrongly implemented automated tests the meson build system run the same tests now too. (Closes: #973803) * bump debhelper-compat to 13 * use ${DEB_TARGET_MULTIARCH} in .install files * update paths in d/copyright for spice-common * removed trailing whitespaces from this file (d/changelog) -- Michael Tokarev Fri, 01 Oct 2021 01:17:04 +0300 spice (0.14.3-2.1) unstable; urgency=medium * Non-maintainer upload. * Client initiated renegotiation denial of service (CVE-2021-20201) (Closes: #983698) - With OpenSSL 1.1: Disable client-initiated renegotiation - With OpenSSL 1.0.2 and earlier: disable client-side renegotiation -- Salvatore Bonaccorso Sun, 28 Feb 2021 16:29:54 +0100 spice (0.14.3-2) unstable; urgency=medium [ Christian Ehrhardt ] * - d/t/automated-tests: d/t/control: make test work again * - d/t/control: install new test dependency python-pil * - d/t/regression-test.py,d/t/base_test.ppm: add files dropped in release tarball but needed for autopkgtests * - d/source/include-binaries: allow binary base_test.ppm in package [ Michael Tokarev ] * build on riscv64 too (Closes: #958349) * bump debhelper compat to 12 and switch to debhelper-compat build-dep * add Rules-Requires-Root: no * d/rules: run dh for recognized targets only * use secure (https) URLs in d/control & d/copyright [ Salvatore Bonaccorso ] * Point Vcs-{Git,Browser} field to qemu-team packaging repository (Closes: #971873) * Fix multiple buffer overflow vulnerabilities in QUIC image decoding (CVE-2020-14355) (Closes: #971750) -- Michael Tokarev Thu, 29 Oct 2020 10:57:02 +0300 spice (0.14.3-1) unstable; urgency=medium * new upstream version (Closes: #940057, #954629) * remove NEWS from d/docs (removed upstream) * remove patches included upstream * refresh disable-failing-test-listen.patch * set Multi-Arch: same for libspice-server-dev too * update libspice-server1.symbols -- Michael Tokarev Tue, 14 Apr 2020 16:55:25 +0300 spice (0.14.2-4) unstable; urgency=medium * disable failing test-listen (Closes: #941006) * add fix-test-qxl-parsing-on-ppc64el-and-armhf.patch * stop using dh_autoreconf as we do not patch autoconf/automake anymore -- Michael Tokarev Tue, 01 Oct 2019 08:52:16 +0300 spice (0.14.2-3) unstable; urgency=medium * red-replay-qxl-fix-replay-on-32-bit-systems.patch hopefully fix the tests failure on arm* and ppc (FTBFS) * remove-compile-warnings-on-Linux-32bit-system.patch fix tons of compiler warnings on 32bit platforms -- Michael Tokarev Sat, 31 Aug 2019 21:20:40 +0300 spice (0.14.2-2) unstable; urgency=medium * set $XDG_RUNTIME_DIR instead of $HOME when running tests to avoid dconf cache failure (fix FTBFS on almost all buildds) * set GSTREAMER_1_0_LIBS and GLIB2_LIBS (trimmed) for configure to avoid linking with useless libs -- Michael Tokarev Fri, 30 Aug 2019 15:58:47 +0300 spice (0.14.2-1) unstable; urgency=medium * new upstream 0.14.2 release * remove all security patches (included upstream) * set maintainer to the QEMU team (Closes: #911427) * spice-protocol needs to be >= 0.14.0 * require glib >= 2.38 * do not disable celt051, it is not enabled by default anymore * explicitly enable optional features at configure time (gstreamer=1.0, sasl, lz4) * do not recommend but suggest gstreamer1.0-plugins-ugly * stop Break'ing very old spice-client packages * set $HOME when running tests * switch to python3 when building (Closes: #938548) * update libspice-server1.symbols (+SPICE_SERVER_0.14.2, +spice_qxl_set_device_info) * remove unneded --parallel option to debhelper * fix VCS fields to point to salsa -- Michael Tokarev Fri, 30 Aug 2019 13:54:00 +0300 spice (0.14.0-1.3) unstable; urgency=medium * Non-maintainer upload. * memslot: Fix off-by-one error in group/slot boundary check (CVE-2019-3813) (Closes: #920762) -- Salvatore Bonaccorso Mon, 28 Jan 2019 13:04:44 +0100 spice (0.14.0-1.2) unstable; urgency=medium * Non-maintainer upload. * tests/pki: Use CA/certificate with 2048 bit RSA keys (Closes: #910634) -- Salvatore Bonaccorso Thu, 11 Oct 2018 23:41:48 +0200 spice (0.14.0-1.1) unstable; urgency=medium * Non-maintainer upload. * Fix flexible array buffer overflow (CVE-2018-10873) (Closes: #906315) -- Salvatore Bonaccorso Sat, 15 Sep 2018 09:15:28 +0200 spice (0.14.0-1) unstable; urgency=medium * New upstream release * debian/copyright: refresh * debian/control: - Add liborc-0.4-dev to Build-Depends - Update Build-Depends on debhelper to >= 10 - Remove dh-autoreconf from Build-Depends - Bump Standards-Version to 4.1.1 (no changes) - Use https in Homepage * debian/compat, bump to 10 * debian/watch, switch to https -- Liang Guo Thu, 19 Oct 2017 14:35:54 +0800 spice (0.13.90-0.2) unstable; urgency=medium * Non-maintainer upload. * debian/rules: Disable parallel building for the tests, this will hopefully fix FTBFS on some arch (Closes: #876266) -- Laurent Bigonville Wed, 20 Sep 2017 12:53:44 +0200 spice (0.13.90-0.1) unstable; urgency=medium * Non-maintainer upload. [ Laurent Bigonville ] * New upstream release (Closes: #849569) - Adjust the build-dependencies - Drop d/p/CVE-2016-9577-and-CVE-2016-9578.patch, d/p/CVE-2017-7506-1.patch, d/p/CVE-2017-7506-2.patch, d/p/CVE-2017-7506-3.patch: All merged upstream - Drop debian/patches/fix-tests-warnings.patch, unused - debian/libspice-server1.symbols: Add newly exported symbols * debian/watch: Enable gpg key verification of the upstream tarball * debian/rules: Also remove the Libs.private defs from .pc file * debian/control: Bump Standards-Version to 4.1.0 (no further changes) * debian/rules: Drop override_dh_installdocs, this was only needed when we were building the -dbg package ourself * debian/control: Add liblz4-dev to the build-dependencies * debian/control: Add the needed gstreamer modules to the (build-)dependencies to enable gstreamer support * Run wrap-and-sort -ts [ Santiago Ruano Rincón ] * debian/tests/automated-tests: Intial DEP-8 test, using upstream automated test (Closes: #827027) -- Laurent Bigonville Tue, 22 Aug 2017 19:08:19 +0200 spice (0.12.8-2.2) unstable; urgency=medium * Non-maintainer upload. * Fix CVE-2017-7506: (Closes: #868083) Possible buffer overflow via invalid monitor configurations. -- Markus Koschany Fri, 21 Jul 2017 23:34:38 +0200 spice (0.12.8-2.1) unstable; urgency=medium * Non-maintainer upload. * Add CVE-2016-9577-and-CVE-2016-9578.patch: - CVE-2016-9577: A buffer overflow vulnerability in main_channel_alloc_msg_rcv_buf was found that occurs when reading large messages due to missing buffer size check. - CVE-2016-9578: A vulnerability was discovered in the server's protocol handling. An attacker able to connect to the spice server could send crafted messages which would cause the process to crash. (Closes: #854336) -- Markus Koschany Mon, 13 Feb 2017 21:42:01 +0100 spice (0.12.8-2) unstable; urgency=medium * Build on all little-endian architectures (Closes: #734218) * Drop -dbg package and rely on the automatically built one (-dbgsym) * Drop the libasound2-dev build-dependency, this was needed for the spice-client which is gone since 0.12.6-1 -- Liang Guo Fri, 06 Jan 2017 21:50:55 +0800 spice (0.12.8-1) unstable; urgency=medium * New upstream release * Remove debian/patches/{CVE-2016-0749,CVE-2016-2150}, applied Upstream -- Liang Guo Tue, 26 Jul 2016 11:06:19 +0800 spice (0.12.7-1) unstable; urgency=medium * New upstream release * Update debian/copyright * Refresh debian/patches * Static build is disabled, remove lib*.a from libspice-server-dev * Update Standards-Version to 3.9.8 (no changes) * Use secure uri in vcs-* -- Liang Guo Thu, 23 Jun 2016 14:09:24 +0800 spice (0.12.6-4.1) unstable; urgency=high * Non-maintainer upload. * CVE-2016-0749: heap-based buffer overflow in smartcard interaction (Closes: #826585) * CVE-2016-2150: host memory access from guest using crafted primary surface parameters (Closes: #826584) -- Salvatore Bonaccorso Mon, 06 Jun 2016 19:22:10 +0200 spice (0.12.6-4) unstable; urgency=medium * stop depending libspice-server-dev on libcacard-dev (#802413). Instead, remove mention of libcacard from the .pc file, as it is not actually used when building with libspice-server. * remove Requires.private defs from .pc file -- we're not building static libs, but if Requires.private is present, pkg-config requires the other .pc files to be present too, which is wrong (Closes: #803926) -- Michael Tokarev Fri, 06 Nov 2015 10:43:55 +0300 spice (0.12.6-3) unstable; urgency=medium * update Standards-Version to 3.9.6 (no changes) * add libcacard-dev to libspice-server-dev dependencies (Closes: #802413) -- Michael Tokarev Tue, 20 Oct 2015 10:08:46 +0300 spice (0.12.6-2) unstable; urgency=medium * stop linking with libcacard as no symbols from it are actually used * use dh-autoreconf since we're modifying automake files again -- Michael Tokarev Fri, 09 Oct 2015 01:14:03 +0300 spice (0.12.6-1) unstable; urgency=medium * Acknowledge previous NMUs. Thank you Salvatore and Laurent! * new upstream release (0.12.6), removed all patches (applied upstream) * add libspice-protocol-dev to build-deps, it is actually used since this version (instead of internal version) * remove libxinerama from build-deps and deps of libspice-server-dev (#658173 fixed upstream) * remove libcacard-dev from libspice-server1-dev deps (it is not actually used by the server) and remove version from libcacard build-dep (any version ever seen in debian will do) TODO: stop linking with libcacard0 too, as libspice-server does not actually use any of its symbols * stop building spice-client, since upstream dropped it (Closes: #749331 #704229 #641772 #715179). Remove libxrandr-dev, libxfixes-dev, and mentions of mesa from build-deps. * update libspice-server1.symbols file with new symbols. Note: one symbol has been removed in this release, spice_server_migrate_client_state@SPICE_SERVER_0.6.0 (from 0.8.2), but it looks like it was exported by mistake and has never been a public API, so we wont make new library package * enable parallel build (dch --parallel) * add python-six to build-deps, needed for code generation (marshallers/demarshallers) * remove libxinerama-dev, libssl-dev and libglib2.0-dev deps from libspice-server-dev package, since spice headers does not include these anymore, and the libs will be satisfied from the shared library * remove spice-protocol refs from d/copyright * remove double LGPL-2.1+ license text from d/copyright -- Michael Tokarev Fri, 09 Oct 2015 00:00:34 +0300 spice (0.12.5-1.3) unstable; urgency=high * Non-maintainer upload. * Add series of patches for CVE-2015-5260 and CVE-2015-5261. CVE-2015-5260: insufficient validation of surface_id parameter can cause crash. (Closes: #801089) CVE-2015-5261: host memory access from guest using crafted images. (Closes: #801091) -- Salvatore Bonaccorso Wed, 07 Oct 2015 07:23:38 +0200 spice (0.12.5-1.2) unstable; urgency=high * Non-maintainer upload. * Add CVE-2015-3247.patch patch. CVE-2015-3247: Memory corruption in worker_update_monitors_config(). (Closes: #797976) -- Salvatore Bonaccorso Sat, 05 Sep 2015 05:51:01 +0200 spice (0.12.5-1.1) unstable; urgency=medium * Non-maintainer upload. * Enable smartcard support now that libcacard is in the archive (Closes: #786833) -- Laurent Bigonville Fri, 14 Aug 2015 09:29:41 +0200 spice (0.12.5-1) unstable; urgency=medium * new upstream release. Can now build without celt! * Dropped patches: - make-celt-to-be-optional.patch - link-server-test-with-libm-libpthread.patch - enable_subdir-objects.patch - fix-buffer-overflow-when-decrypting-client-spice-ticket.patch * build-depend on libopus-dev, which enables opus support (no --enable-opus configure flag for now) * do not remove .version in clean anymore (it is part of the tarball) * do not use dh_autoreconf, since we aren't changing autoconf anymore * update libspice-server1.symbols with new symbols * introduce libspice-server1-dbg package (Closes: #743850) * fix the vcs-browse url (Closes: #722241) -- Michael Tokarev Fri, 23 May 2014 19:26:44 +0400 spice (0.12.4-0nocelt2) unstable; urgency=high * Fix CVE-2013-4282 (Closes: #728314) -- Liang Guo Thu, 07 Nov 2013 22:44:29 +0800 spice (0.12.4-0nocelt1.1) unstable; urgency=low * Non-maintainer upload. * debian/patches - add enable_subdir-objects.patch (Closes: #724093) -- Hideki Yamane Mon, 21 Oct 2013 12:27:35 +0900 spice (0.12.4-0nocelt1) unstable; urgency=low * New upstream release (Closes: #717030) * Remove .version after build (Closes: #671627) * debian/control: - Bump Standards-Version to 3.9.4 (no changes) - Update VCS-* to use canonical URIs * debian/patches: - fix-tests-warnings.patch, refresh - link-server-test-with-libm-libpthread.patch, add (Closes: #713681) * Refresh libspice-server1.symbols -- Liang Guo Thu, 25 Jul 2013 00:10:00 +0800 spice (0.12.3-0nocelt1) unstable; urgency=low * New upstream release * debian/patches: - fix-build-warning-PIXEL.patch, remove, applied upstream - link-libspice-server-with-libm-libpthread.patch, remove, applied upstream - spice-common-remove-version-construction.patch, remove, applied upstream - fix-tests-warnings.patch, refresh - make-celt-to-be-optional.patch, refresh * libspice-server-dev should depends on libglib2.0-dev, or qxl driver compile will fail. * Refresh libspice-server1.symbols -- Liang Guo Sun, 19 May 2013 11:10:10 +0800 spice (0.12.2-0nocelt3) unstable; urgency=low * Upload to unstable -- Liang Guo Fri, 10 May 2013 09:10:16 +0800 spice (0.12.2-0nocelt2exp) experimental; urgency=low * added two patches from Serge Hallyn to fix numerous compiler warnings: fix-build-warning-PIXEL.patch fix-tests-warnings.patch * spice-common-remove-version-construction.patch - to stop spice-common from produce a ton of `build-aux/git-version-gen: not found' errors during autoreconf. -- Michael Tokarev Mon, 11 Feb 2013 23:29:11 +0400 spice (0.12.2-0nocelt1exp) experimental; urgency=low * New upstream release * debian/patches: - Refresh link-libspice-server-with-libm-libpthread.patch * Refresh debian/cpyright, new files added * Build client, upstream don't build client by default * Refresh libspice-server1.symbols * Add libglib2.0-dev to Build-Depends [ Michael Tokarev ] * refresh make-celt-to-be-optional.patch (minor context diff) * do not build-depend on libspice-protocol-dev (upstream always uses included copy) * add (versioned) dependency on libspice-protocol-dev to libspice-server-dev package, since when the latter is installed, embedded protocol headers are not installed * do not build-depend on mesa libs (OpenGL is not enabled by default and is not recommended by upstream) * do not build-depend on libogg-dev * configure with --disable-silent-rules, so that the compiler command line is visible (this fixes the lintian warnings about hardening flags) -- Michael Tokarev Thu, 17 Jan 2013 19:19:30 +0400 spice (0.11.0-1) unstable; urgency=low * New upstream release * Breaks spice-gtk (<= 0.12-2) * Refresh debian/libspice-server1.symbols * debian/control: - Update my e-mail address - Add python-pyparsing to Build-Depends * debian/patches: - Remove fix-error-path-return-in-snd_set_record_peer.patch, applied upstream - Refresh make-celt-to-be-optional.patch - Refresh link-libspice-server-with-libm-libpthread.patch * Simplify debian/rules, celt removed, no reason to use traditional one * Disable smartcard, not in debian yet * Refresh debian/copyright -- Liang Guo Sat, 09 Jun 2012 11:33:05 +0800 spice (0.10.1-3~nocelt) experimental; urgency=low * Applying for co-maintenance, adding myself to Uploaders (Closes: #671627) * Bump Standards-Version to 3.9.3 (no changes) * link-libspice-server-with-libm-libpthread.patch - missing libraries * Enable multiarch for libspice-server, bump debhelper compat to 9 * do not require root in clean target * build-depend on dh-autoreconf and python to be able to run autoreconf and python code generator * use dh_autoreconf, do not ship debian/source/options anymore * consolidate clean target in debian/rules * 2 patches: - fix-error-path-return-in-snd_set_record_peer.patch (from upstream git), which is a pre-requisite for the next patch, and - make-celt-to-be-optional.patch (sent to upstream). This makes it possible to build spice without celt. * Disable celt051 usage. -- Michael Tokarev Sat, 02 Jun 2012 16:18:56 +0400 spice (0.10.1-2) unstable; urgency=low * added dependency on libxinerama-dev to libspice-server-dev, temporarily, till either upstream or we will have better solution. libspice-server does not use xinerama in any way, yet it is listed in the requiriments in the pkg-config file, which is generated at configure time. (Closes: #658173) -- Michael Tokarev Wed, 01 Feb 2012 01:08:34 +0400 spice (0.10.1-1) unstable; urgency=low * New upstream release * Refresh libspice-server1.symbols * debian/control - Change Build-Depends on libspice-protocol-dev to (>= 0.10.1~) - Add libxinerama-dev to Build-Depends -- Liang Guo Fri, 27 Jan 2012 23:28:26 +0800 spice (0.10.0-1) unstable; urgency=low [ Liang Guo ] * New upstream release (Closes: #651262) * Refresh debian/copyright * Remove fix-typo-in-cmd_line_parser-cpp.patch, applied upstream * Remove fix-typo-in-record-cpp.patch, applied upstream * Remove use-requires-private-for-libspice-pkgconfig.patch, applied upstream * Change Build-Depends on libspice-protocol-dev to (>= 0.9.1~) * Refresh libspice-server1.symbols * Update debian/rules clean target * Ignore common/win/my_getopt-1.5/Makefile change when building package * debian/control: set DMUA [ Michael Tokarev ] * use `rm -f' instead of `-rm' in debian/rules clean targets * remove python_modules/*.pyc in clean target -- Liang Guo Tue, 29 Nov 2011 14:37:08 +0800 spice (0.8.3-1) unstable; urgency=low * New upstream release * Update debian/copyright to fit DEP-5 * Remove drop-unnecessary-build-request.patch, applied upstream * Update Build-Depends on libspice-protocol-dev to 0.8.2~ * Disable GUI support, CEGUI version in Debian not supported * Add libjpeg-dev to Build-Depends * Refresh libspice-server1.symbols -- Liang Guo Thu, 20 Oct 2011 11:13:23 +0800 spice (0.8.2-2) unstable; urgency=low [ Michael Tokarev ] * move libraries used internally by libspice-server from Requires to Requires.private in pkg-config file [ Liang Guo ] * Add libpixman-1-dev and libssl-dev to libspice-server-dev Depends (Closes: #637189) * Remove alsa, xrandr, xfixes, x11, xext and xrender from spice-server.pc Requires * Fix typo in debian/spicec.1 -- Liang Guo Tue, 16 Aug 2011 10:36:31 +0800 spice (0.8.2-1) unstable; urgency=low * Initial release (Closes: #560721) -- Liang Guo Sat, 23 Jul 2011 12:21:04 +0800