libvncserver (0.9.9+dfsg2-6.1+deb8u8) jessie-security; urgency=medium

  * debian/patches:
    + Add CVE-2019-20839.patch. libvncclient: bail out if unix socket name would
      overflow (CVE-2019-20839).
    + Add CVE-2020-14397.patch. libvncserver: add missing NULL pointer checks
      (CVE-2020-14397).
    + Add CVE-2020-14399.patch. libvncclient: fix pointer aliasing/alignment
      issue (CVE-2020-14399).
    + Add CVE-2020-14400.patch. libvncserver: fix pointer aliasing/alignment
      issue (CVE-2020-14400).
    + Add CVE-2020-14401.patch. libvncserver: scale: cast to 64 bit before
      shifting (CVE-2020-14401).
    + Add CVE-2020-14402+14403,14404}.patch. libvncserver: encodings: prevent
      OOB accesses (CVE-2020-14402, CVE-2020-14403, CVE-2020-14404).
    + Add CVE-2020-14405.patch. libvncclient/rfbproto: limit max textchat size
      (CVE-2020-14405).

 -- Mike Gabriel <sunweaver@debian.org>  Mon, 29 Jun 2020 16:43:17 +0200

libvncserver (0.9.9+dfsg2-6.1+deb8u7) jessie-security; urgency=high

  * Non-maintainer upload by the Debian LTS team.
  * Add patch to limit width/height input values to avoid a possible
    heap overflow. (Fixes: CVE-2019-15690) (Closes: #954163)

 -- Utkarsh Gupta <utkarsh@debian.org>  Tue, 17 Mar 2020 23:58:32 +0530

libvncserver (0.9.9+dfsg2-6.1+deb8u6) jessie-security; urgency=medium

  * Non-maintainer upload by the Debian LTS team.
  * CVE-2019-15681: rfbserver: don't leak stack memory to the remote.
    (Closes: #943793).

 -- Mike Gabriel <sunweaver@debian.org>  Wed, 30 Oct 2019 13:46:34 +0100

libvncserver (0.9.9+dfsg2-6.1+deb8u5) jessie-security; urgency=medium

  * Non-maintainer upload by the Debian LTS Team.
  * CVE-2018-20748: incomplete fix for CVE-2018-20019 oob heap writes.
  * CVE-2018-20749: incomplete fix for CVE-2018-15127 oob heap writes.
  * CVE-2018-20750: incomplete fix for CVE-2018-15127 oob heap writes.
  * CVE-2018-15126: heap use-after-free resulting in possible RCE.
  * debian/libvncserver0.symbols: update for the symbol changes in the
    CVE-2018-15126 patch, which split a function in two with new names.
    This is not really an ABI change as these symbols are private, i.e. not
    exported in any public headers, and only exported on the DSO because
    there's no filter applied.

 -- Emilio Pozuelo Monfort <pochu@debian.org>  Thu, 31 Jan 2019 12:17:10 +0100

libvncserver (0.9.9+dfsg2-6.1+deb8u4) jessie-security; urgency=medium

  * Non-maintainer upload by the Debian LTS Team.
  * CVE-2018-15127: heap out-of-bound write vulnerability (Closes: #916941)
  * CVE-2018-20019: multiple heap out-of-bound write vulnerabilities
  * CVE-2018-20020: heap out-of-bound write vulnerability inside structure
    in VNC client code
  * CVE-2018-20021: CWE-835: Infinite loop vulnerability in VNC client code.
  * CVE-2018-20022: CWE-665: Improper Initialization vulnerability
  * CVE-2018-20023:Improper Initialization vulnerability in VNC Repeater client
    code
  * CVE-2018-20024: null pointer dereference that can result DoS
  * CVE-2018-6307: heap use-after-free vulnerability in server code of
    file transfer extension
 
 -- Abhijith PA <abhijith@debian.org>  Sun, 23 Dec 2018 16:21:23 +0530

libvncserver (0.9.9+dfsg2-6.1+deb8u3) jessie-security; urgency=high

  * Non-maintainer upload.
  * Fix CVE-2018-7225: Uninitialized and potentially sensitive data could be
    accessed by remote attackers because the msg.cct.length in rfbserver.c was
    not sanitized. (Closes: #894045)

 -- Markus Koschany <apo@debian.org>  Tue, 05 Jun 2018 14:05:57 +0200

libvncserver (0.9.9+dfsg2-6.1+deb8u2) jessie-security; urgency=high

  * CVE-2016-9941 (Closes: #850007)
  * CVE-2016-9942 (Closes: #850008)

 -- Peter Spiess-Knafl <dev@spiessknafl.at>  Tue, 03 Jan 2017 09:41:51 +0100

libvncserver (0.9.9+dfsg2-6.1+deb8u1) stable; urgency=medium

  * added patch for libgcrypt init before use (Closes: #782570)
  * replaced non-free sha1 implementation (Closes: #786907)
  * new maintainer due to package adoption

 -- Peter Spiess-Knafl <dev@spiessknafl.at>  Wed, 27 May 2015 07:29:58 +0200

libvncserver (0.9.9+dfsg-6.1) unstable; urgency=medium

  * Non-maintainer upload.
  * CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055:
    Multiple issues in libVNCserver -- cherry picking targeted fixed from
    upstream (Closes: #762745)

 -- Tobias Frost <tobi@debian.org>  Sun, 23 Nov 2014 16:19:53 +0100

libvncserver (0.9.9+dfsg-6) unstable; urgency=medium

  [ Luca Falavigna ]
  * debian/patches/pkgconfig.patch:
    - Use Libs.private to avoid unnecessary linkage (Closes: #747539).
  * debian/tests/*:
    - Provide a simple test to check whether the package is functional
      as per DEP8 (autopkgtests).
  * debian/control:
    - (Build-)depends on libgnutls28-dev and libgcrypt20-dev instead of
      libgnutls-dev and libgcrypt11-dev (Closes: #753126).
    - Point Homepage field to the new home page.
  * debian/copyright:
    - Point Source field to the new download location.
  * debian/watch:
    - Point to GitHub.

  [ Gianfranco Costamagna ]
  * Drop the libpng12-dev build conflict, relying instead on a better
    --without-png configure flag

  [ Matthias Klose ]
  * debian/patches/ppc64el.patch
    - Patch acinclude.m4 for ppc64el (Closes: #756809).

 -- Luca Falavigna <dktrkranz@debian.org>  Tue, 12 Aug 2014 16:02:26 +0200

libvncserver (0.9.9+dfsg-5) unstable; urgency=medium

  * debian/patches/listenSock.patch:
    - Cherry-pick patch from upstream to fix a segfault on listenSock
      and listen6Sock, thanks to Shaddy Baddah (Closes: #746260).
  * debian/control:
    - Build-depends on libgcrypt11-dev, thanks to Andreas Metzler for
      the bug report (Closes: #745954).

 -- Luca Falavigna <dktrkranz@debian.org>  Thu, 01 May 2014 10:20:21 +0200

libvncserver (0.9.9+dfsg-4) unstable; urgency=medium

  * debian/copyright:
    - Document missing copyright information (Closes: #734849).

 -- Luca Falavigna <dktrkranz@debian.org>  Mon, 20 Jan 2014 16:35:02 +0100

libvncserver (0.9.9+dfsg-3) unstable; urgency=medium

  * Provide libvncclient in a separate binary package (Closes: #620322).
  * debian/control:
    - Drop obsolete Breaks/Replaces fields in libvncserver-config.
  * debian/libvncclient0.symbols, debian/libvncserver0.symbols:
    - Provide symbol files for both libraries.
  * debian/libvncserver-config.docs:
    - Install documentation in libvncserver-config.

 -- Luca Falavigna <dktrkranz@debian.org>  Thu, 09 Jan 2014 09:25:22 +0100

libvncserver (0.9.9+dfsg-2) unstable; urgency=medium

  [ Luca Falavigna ]
  * debian/patches/format_string.patch:
    - Use format string argument in gtkvncviewer (Closes: #711805).
  * debian/control:
    - Add Build-Conflicts on libpng12-0 and libpng12-dev (Closes: #725480).
    - Bump Standards-Version to 3.9.5.
    - Use canonic URIs for the Vcs-* fields.
  * debian/clean:
    - Remove files created at build time.
  * debian/rules:
    - Enable verbose build log.

  [ Prach Pongpanich ]
  * debian/patches/multiarch.patch:
    - Avoid regenerating header files at build time (Closes: #671790).

 -- Luca Falavigna <dktrkranz@debian.org>  Thu, 02 Jan 2014 12:17:18 +0100

libvncserver (0.9.9+dfsg-1) unstable; urgency=low

  * New upstream release.
  * Patches refreshed for the new upstream version.
  * Multi-arch support (Closes: #664883).
  * debian/patches/format_string.patch:
    - Use format string argument with fprintf.
  * debian/patches/02_linux_test.patch:
    - Removed, applied upstream.
  * debian/patches/04_rename_linuxvnc.patch:
    - Removed, applied upstream.
  * debian/patches/05_GnuTLS.patch:
    - Removed, applied upstream.
  * debian/compat:
    - Bump compatibility level to 9.
  * debian/control:
    - Add libvncserver-config binary package, needed for Multi-arch.
    - Bump Standards-Version to 3.9.3.
  * debian/copyright:
    - Convert to DEP5 format.
  * debian/libvncserver-config.1:
    - Fix hyphen-used-as-minus-sign lintian warning.
  * debian/rules:
    - Implement a get-orig-source target to get rid of webclients
      directory, which contains Java classes without sources.
  * debian/watch:
    - Mangle "+dfsg" prefix from version number.

 -- Luca Falavigna <dktrkranz@debian.org>  Sat, 05 May 2012 23:45:15 +0200

libvncserver (0.9.8.2-2) unstable; urgency=low

  * debian/*.1:
    - Refresh man pages to consider new parameters (Closes: #518617).
  * debian/libvncserver-dev.install:
    - Install libvncserver.pc and libvncclient files (Closes: #649481).

 -- Luca Falavigna <dktrkranz@debian.org>  Thu, 08 Dec 2011 11:55:19 +0100

libvncserver (0.9.8.2-1) unstable; urgency=low

  * New upstream bugfix release.
    - Fix a regression in libvncclient with Apple Remote Desktop support
      that prevented viewers to connect to ARD servers (Closes: #644455).

 -- Luca Falavigna <dktrkranz@debian.org>  Wed, 09 Nov 2011 23:31:28 +0100

libvncserver (0.9.8.1-1) unstable; urgency=low

  * New upstream bugfix release.
    - Fix ABI break (Closes: #644455).
  * debian/compat:
    - Bump compatibility to 8.
  * debian/control:
    - Adopting package.
    - Add Vcs-* fields.
    - Build-depend on dh-autoreconf instead of automake and libtool.
    - Add libgnutls-dev to libvncserver-dev dependencies.
  * debian/not-installed:
    - Not needed, removed.
  * debian/rules:
    - Build with autoreconf support.

 -- Luca Falavigna <dktrkranz@debian.org>  Wed, 12 Oct 2011 19:59:26 +0200

libvncserver (0.9.8-2) unstable; urgency=low

  * QA upload.
  * debian/control:
    - Build-depend on libgnutls-dev for GNUTLS support.

 -- Luca Falavigna <dktrkranz@debian.org>  Sun, 02 Oct 2011 14:27:56 +0200

libvncserver (0.9.8-1) unstable; urgency=low

  * QA upload.
  * New upstream release (Closes: #621705).
    - Fix segfault launching "linuxvnc 1 -help" (Closes: #399501).
    - Close socket when connection ends (Closes: #525226).
    - Fix no input caused by stucked CTRL key (Closes: #555988).
  * debian/patches/*:
    - Refresh patches for new upstream release.
  * debian/patches/05_GnuTLS.patch:
    - Backport patch from upstream repository to drop deprecated GnuTLS
      functions (gnutls_*_set_priority -> gnutls_priority_set_direct).
  * debian/control:
    - Build-depend on pkg-config.
    - Remove duplicate section field for libvncserver0 binary.
    - Bump Standards-Version to 3.9.2.
  * debian/libvncserver-config.1:
    - Use minus signs instead of hypens.
  * debian/README.source:
    - Dropped, no longer needed.
  * debian/watch:
    - Provide watch file.

 -- Luca Falavigna <dktrkranz@debian.org>  Sun, 02 Oct 2011 02:54:05 +0200

libvncserver (0.9.7-3) unstable; urgency=low

  * QA upload
  * Change (build-)depdendencies on libjpeg62-dev to libjpeg-dev
    (closes: #629976).
  * Migrate to source format 3.0 (quilt):
    - add debian/source/format
    - remove build-dependency on quilt
    - debian/rules: drop --with-quilt from dh invocation
  * debian/rules, clean target: also remove generated file _configs.sed

 -- Ralf Treinen <treinen@debian.org>  Fri, 10 Jun 2011 19:39:44 +0200

libvncserver (0.9.7-2) unstable; urgency=low

  * QA upload.
  * Don't build linuxvnc on non-linux architectures (Closes: #542592).
  * Add a debian/README.source.

 -- Aurelien Jarno <aurel32@debian.org>  Sun, 30 Aug 2009 17:15:14 +0200

libvncserver (0.9.7-1) unstable; urgency=low

  * QA upload.
  * New upstream release (Closes: #529010):
    - x11vnc is removed upstream from libvncserver sources.
      Now, it is released separately.
  * Added patches:
    - 03_no_x11vnc_subdir.patch
      Remove x11vnc remaining occurrences from the build system.
    - 04_rename_linuxvnc.patch
      Rename LinuxVNC to linuxvnc.
  * Bumped debian/compat from 5 to 7.
  * Updated debian/control:
    - Cleanuped build dependencies.
    - Switched to quilt patch system.
    - Added Homepage field.
    - Added libjpeg62-dev and zlib1g-dev dependencies to libvncserver-dev.
      (Closes: #515029)
    - Added priority extra and section debug to libvncserver0-dbg.
    - Removed x11vnc package.
  * Added debian/not-installed:
    - *.la files are not installed anymore in libvncserver-dev.
  * Switched debian/rules from cdbs to dh usage.

 -- Fathi Boudra <fabo@debian.org>  Fri, 07 Aug 2009 15:45:36 +0200

libvncserver (0.9.3.dfsg.1-2) unstable; urgency=low

  * QA upload.
  * Drop useless build-depends on linux-libc-dev.

 -- Aurelien Jarno <aurel32@debian.org>  Wed, 13 May 2009 20:11:07 +0200

libvncserver (0.9.3.dfsg.1-1) unstable; urgency=low

  * QA upload.
  * New upstream release. (Closes: #448942)
    - CVS tag X11VNC_REL_0_9_3
  * Switched rules to CDBS.
  * Bumped compat to 5.
  * Bumped Standards-Version to 3.7.2
  * Enabled shared libraries. (Closes: #373298)
  * Dropped vncommand, since it isn't installed by make install.
    - All hate-mail should be sent to debian@pusling.com
  * Added debug package.
  * Removed the classes/ dir, there are no sources for the jar files.
    - Appended .dfsg.1 to source version.
    - Added patch 01_ignore_classes to allow building without classes/ dir.
  * Added patch 02_linux_test to look for /usr/include/linux instead of /dev/vcsa

 -- Matthew Rosewarne <mrosewarne@inoutbox.com>  Mon, 05 Nov 2007 03:22:20 -0500

libvncserver (0.8.2-2) unstable; urgency=low

  * Orphaning package 

 -- Ludovic Drolez <ldrolez@debian.org>  Wed, 25 Apr 2007 12:00:32 +0200

libvncserver (0.8.2-1) unstable; urgency=high

  * New upstream release. Closes: #373808
  * This new release fixes a security bug which might be present in the
    previous release of the package. Closes: #376824
  * urgency=high because a probable security bug was fixed.

 -- Ludovic Drolez <ldrolez@debian.org>  Mon, 17 Jul 2006 20:43:38 +0200

libvncserver (0.7.1-5) unstable; urgency=high

  * Re-upload with urgency=high because the package in testing is unusable

 -- Ludovic Drolez <ldrolez@debian.org>  Thu, 12 Jan 2006 15:30:00 +0100

libvncserver (0.7.1-4) unstable; urgency=low

  * Put x11vnc 0.7.3 sources in their own directory. Closes: #333880
  * Updated build-depends. Closes: #347019

 -- Ludovic Drolez <ldrolez@debian.org>  Mon,  9 Jan 2006 23:13:15 +0100

libvncserver (0.7.1-3) unstable; urgency=low

  * Added x11vnc 0.7.3 sources. Closes: #328943
  * Added the x11vnc FAQ which is in the README. Closes: #325479
  * Added build dependencies on libxdamage-dev, libfixes-dev, libxrandr-dev

 -- Ludovic Drolez <ldrolez@debian.org>  Wed, 28 Sep 2005 19:00:05 +0200

libvncserver (0.7.1-2) unstable; urgency=low

  * Removed the /dev/vcsa1 test to fix the pbuilder bug. Closes: #322643
  * new vncommand package: allows you to attach a VNC server to any command

 -- Ludovic Drolez <ldrolez@debian.org>  Fri, 26 Aug 2005 18:02:16 +0200

libvncserver (0.7.1-1) unstable; urgency=low

  * New upstream release. Closes: #309385

 -- Ludovic Drolez <ldrolez@debian.org>  Fri, 25 Mar 2005 20:48:38 +0100

libvncserver (0.7-1) unstable; urgency=low

  * New upstream release
  * New upstream x11vnc man page. Closes: Bug#277510

 -- Ludovic Drolez <ldrolez@debian.org>  Mon, 31 Jan 2005 23:06:17 +0100

libvncserver (0.6-3) unstable; urgency=low

  * Added the latest x11vnc.c (0.6.1) which has the -scale option.
  * Added the scale option in the manual.

 -- Ludovic Drolez <ldrolez@debian.org>  Fri, 16 Jul 2004 16:26:09 +0200

libvncserver (0.6-2) unstable; urgency=low

  * Added the latest x11vnc.c from the CVS. Closes: Bug#246205

 -- Ludovic Drolez <ldrolez@debian.org>  Thu, 29 Apr 2004 22:09:53 +0200

libvncserver (0.6-1) unstable; urgency=low

  * Initial Release.
  * Integrated the last release of x11vnc.

 -- Ludovic Drolez <ldrolez@debian.org>  Wed, 10 Mar 2004 23:42:26 +0100
