spice-vdagent (0.17.0-1+deb9u1) stretch-security; urgency=medium

  * Non-maintainer upload by the Debian LTS Team.
  * Fix security issues;
    - CVE-2017-15108: vdagent_file_xfers_data() does not properly
      escape xfers->save_dir before giving it as argument to system().
      (Closes: #883238)
    - CVE-2020-25650: flaw in spice-vdagentd handling file transfers
      and this can be used to perform memory denial of service for
      spice-vdagent.
    - CVE-2020-25651: flaw in SPICE file transfer protocol allowing
      to snoop on other users file transfer or completely interrupt.
    - CVE-2020-25652: flaw was found in the spice-vdagentd daemon,
      where it did not properly handle client connections that can be
      established via the UNIX domain socket.Any unprivileged local
      guest user could use this flaw to prevent legitimate agents from
      connecting to the spice-vdagentd daemon, resulting in a denial
      of service.
    - CVE-2020-25653: race condition vulnerability was found in the
      way the spice-vdagentd daemon handled new client connections
      This flaw may allow an unprivileged local guest user to become
      the active agent for spice-vdagentd, possibly resulting in a
      denial of service or information leakage from the host.
      (Closes: #973769)

 -- Abhijith PA <abhijith@debian.org>  Mon, 11 Jan 2021 21:18:17 +0530

spice-vdagent (0.17.0-1) unstable; urgency=low

  * New upstream release
  * Refresh debian/copyright
  * debian/patches:
    - Remove libsystemd.patch, applied upstream
    - systemd_service_default_file.patch, remove After=dbus.target,
      obsoleted by recent systemd
    - Refresh other patches
  * debian/control:
    - Add build-depends on libasound2-dev (>= 1.0.22)
    - Update build-depends on libspice-protocol-dev to 0.12.8
    - Update build-depends on libglib2.0-dev to 2.28
    - Update build-depends on debhelper to 10
    - Bump Standards-Version to 3.9.8
    - Use secure uri in vcs-*
  * debian/spice-vdagent.install:
    - Remove etc/rsyslog.d/spice-vdagentd.conf, removed upstream
  * debian/compat:
    - Update to version 10
  * debian/rules
    - Call dh with autoreconf

 -- Liang Guo <guoliang@debian.org>  Wed, 12 Oct 2016 15:41:11 +0800

spice-vdagent (0.15.0-1.3) unstable; urgency=medium

  * Non-maintainer upload.
  [ Laurent Bigonville ]
  * Properly install the systemd .service and other support files (Closes:
    #791422)
  * debian/spice-vdagent.init: Pass parameters from $SPICE_VDAGENTD_EXTRA_ARGS
    variable to the spice-vdagentd daemon, so both LSB initscript and .service
    files behave the same.
  * debian/rules: Call dh_install with --list-missing parameter

  [ Michael Biebl ]
  * Use of the new libsystemd library instead of libsystemd-login (Closes:
    #779782)

 -- Laurent Bigonville <bigon@debian.org>  Sun, 19 Jul 2015 15:05:48 +0200

spice-vdagent (0.15.0-1.2) unstable; urgency=medium

  * Non-maintainer upload, with permission from maintainer.
  * Use systemd for session information (Closes: #756243).
    Accordingly build-depend on libsystemd-login-dev, which is needed
    for getting session information from logind.
  * Start spice-vdagent in the GDM3 greeter session (Closes: #732924).

 -- intrigeri <intrigeri@debian.org>  Tue, 07 Oct 2014 16:47:46 +0200

spice-vdagent (0.15.0-1.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Fix syntax of fix-spelling-error-in-manpage.patch (Closes: #752953).
    Thanks to Juhani Numminen <juhaninumminen0@gmail.com> for the patch!

 -- intrigeri <intrigeri@debian.org>  Sun, 27 Jul 2014 22:36:52 +0200

spice-vdagent (0.15.0-1) unstable; urgency=low

  * New upstream release
  * Update debian/watch
  * debian/patches:
    - Refresh fix-typo-in-vdagentd-c.patch
    - Add enable-pie-on-spice-vdagent.patch
  * debian/rules:
    - Install systemd config files
    - Enalbe PIE
  * debian/cotntrol:
    - Update VCS-* field

 -- Liang Guo <guoliang@debian.org>  Sat, 09 Nov 2013 12:33:51 +0800

spice-vdagent (0.14.0-1) unstable; urgency=low

  * New upstream release
  * debian/control:
    - Update my email address
    - Depends on libspice-protocol-dev (>= 0.12.5)
    - Depends on libglib2.0-dev (>= 2.12)
    - Depends on autoconf, automake
  * debian/source/options:
    - Ignore autoreconf generated files
  * debian/rules:
    - Call autoreconf before run configure script
  * Refresh fix-typo-in-vdagentd-c.patch
  * Add fix-spelling-error-in-manpage.patch
  * Refresh debian/copyright
  * Remove debian/spice-vdagent.1 and debian/spice-vdagentd.8, 
    upstream ships manpages 
  * spice-vdagent.install:
    - Remove var/log/spice-vdagentd
    - Add etc/rsyslog.d/spice-vdagentd.conf
  * Bump Standards-Version to 3.9.4(no change required)
  
 -- Liang Guo <guoliang@debian.org>  Fri, 12 Apr 2013 23:32:00 +0800
  
spice-vdagent (0.10.1-1) unstable; urgency=low

  * New upstream release.
  * debian/copyright:
    - Update copyright information.
  * debian/control:
    - Add libpciaccess-dev and libxinerama-dev 
      to Build-Depends.
    - Bump Standards-Version to 3.9.3. 
  * debian/rules:
    - Compile with console kit

 -- Liang Guo <bluestonechina@gmail.com>  Fri, 06 Apr 2012 14:03:30 +0800

spice-vdagent (0.8.1-1) unstable; urgency=low

  * Initial release (Closes: #605966)

 -- Liang Guo <bluestonechina@gmail.com>  Sun, 21 Aug 2011 15:19:00 +0800
