-
italc (1:3.0.3+dfsg1-1+deb9u1) stretch; urgency=medium
* Porting of libvncserver+libvncclient security patches:
- CVE-2018-7225: Uninitialized and potentially sensitive data could be
accessed by remote attackers because the msg.cct.length in rfbserver.c was
not sanitized.
- CVE-2018-15127: heap out-of-bound write vulnerability.
- CVE-2018-20019: multiple heap out-of-bound write vulnerabilities.
- CVE-2018-20020: heap out-of-bound write vulnerability inside structure
in VNC client code.
- CVE-2018-20021: CWE-835: Infinite loop vulnerability in VNC client code.
- CVE-2018-20022: CWE-665: Improper Initialization vulnerability.
- CVE-2018-20023: Improper Initialization vulnerability in VNC Repeater
client code.
- CVE-2018-20024: null pointer dereference that can result DoS.
- CVE-2018-6307: heap use-after-free vulnerability in server code of
file transfer extension.
- CVE-2018-20748: incomplete fix for CVE-2018-20019 oob heap writes.
- CVE-2018-20749: incomplete fix for CVE-2018-15127 oob heap writes.
- CVE-2018-20750: incomplete fix for CVE-2018-15127 oob heap writes.
- CVE-2018-15126: heap use-after-free resulting in possible RCE.
- CVE-2019-15681: rfbserver: don't leak stack memory to the remote.
* debian/control:
+ Update Vcs-*: fields. Package has been migrated to salsa.debian.org.
-- Mike Gabriel <email address hidden> Thu, 28 Nov 2019 08:49:18 +0100
-
italc (1:3.0.3+dfsg1-1) unstable; urgency=medium
[ Mike Gabriel ]
* New upstream release.
* debian/patches:
+ Add README, explaining our patch naming scheme. Rename existing patches
accordingly.
+ Update/rebase 2001_inject-buildtype-from-outside.patch.
* debian/copyright:
+ Update copyright attributions (drop lib/include/Inject.h).
+ Update copyright attributions for debian/patches/.
[ Gianfranco Costamagna ]
* debian/{control,rules,libitalccore.install}:
+ Turn libitalccore into multi-arch library. (Closes: #850799).
-- Mike Gabriel <email address hidden> Fri, 20 Jan 2017 10:46:10 +0100
-
italc (1:3.0.2.90+dfsg1-1) unstable; urgency=medium
* New upstream release.
* debian/copyright:
+ Update copyright attributions.
+ Update autogenerated copyright.in file.
-- Mike Gabriel <email address hidden> Mon, 09 Jan 2017 13:20:52 +0100
-
italc (1:3.0.2+dfsg1-1) unstable; urgency=medium
* New upstream release.
* debian/patches:
+ Drop 001_set-static-libdir-and-rpath-for-cmake.patch,
003_rename-plugin-dir.patch, 030_fix-man-pages.patch,
031_fix-spelling-errors.patch. Applied or otherwise addressed
upstream.
* italc-client.postinst:
+ Make sure that the key directories exist before using imc for key
creation.
* debian/rules:
+ Fix flawed dbgsym migration.
+ In get-orig-source, drop more files not relevant for building iTALC on
Linux.
* debian/copyright:
+ Update auto-generated copyright.in file.
+ Update copyright attributions.
* debian/watch:
+ Tolerate -rc upstream release version strings.
* debian/docs:
+ Drop TODO from list of doc files.
-- Mike Gabriel <email address hidden> Sat, 10 Dec 2016 02:09:24 +0100
-
italc (1:3.0.1+dfsg1-1) unstable; urgency=medium
* New upstream release.
- Fixes FTBFS against libssl 1.1. (Closes: #828358).
* debian/watch:
+ Upstream sources moved from Sourceforge to Github.
* Packaging style: Stop shipping upstream files in Debian packaging Git.
Superfluous overhead.
* debian/patches:
+ Rebase 003_rename-plugin-dir.patch.
+ Drop 007_use-openssl-sha.patch. Solved upstream.
+ Rebase and update 031_fix-spelling-errors.patch.
+ Update 031_fix-spelling-errors.patch. More spelling issues found.
* debian/rules:
+ Adapt get-orig-source rule to new upstream location. Downloaded tarball
is a .gz archive, not .bz2.
+ Create orig tarball in ../ rather than ./.
+ Drop configure/libitalccore:: rule. No need to manually call
finalize-locales Makefile target in upstream code.
+ Drop .qm backup hack. Upstream sources come without .qm (and only with .ts
files since 3.0.0).
+ Enable all hardening build flags (i.e., also include +pie).
+ Drop old compiler tweakings as they are (a) not required any more and
(b) cause an FTBFS on Debian 9 and above.
* debian/control:
+ Bump Standards-Version: to 3.9.8. No changes needed.
+ Use secure URLs in Vcs-*: fields.
+ iTALC 3 builds against Qt5 now. Drop B-D libqt4-dev, add B-D qtbase5-dev
instead.
+ Add B-D: qttools5-dev-tools (for Qt5 linguist tools).
* debian/{control,rules}:
+ dbgsym: Don't build dbg:packages anymore.
See https://wiki.debian.org/AutomaticDebugPackages
* debian/copyright:
+ Update auto-generated copyright.in template file.
+ Work in auto-detected changes from copyright.in.
+ Work in more copyright attributions manually.
+ Remove copyright attributions for files not shipped by upstream anymore.
* debian/po:
+ Add DebConf translations for pt_BR. Thanks so much to Adriano Rafael
Gomes. (Closes: #816946).
* debian/docs:
+ README -> README.md.
-- Mike Gabriel <email address hidden> Tue, 29 Nov 2016 11:05:11 +0100
-
italc (1:2.0.2+dfsg1-4) unstable; urgency=medium
* debian/Italc_logo.png:
+ Add 256x256px resolution icon, obtained from
https://commons.wikimedia.org/wiki/File:Italc_logo.png.
* debian/copyright:
+ Add license information for debian/Italc_logo.png.
+ Individually list files in debiain/*.
* debian/source/include-binaries:
+ White-list binary file debian/Italc_logo.png.
* debian/rules:
+ Install icons of all resolutions available in the upstream sources.
(Closes: #795008).
* debian/menu:
+ Drop menu file in favour of .desktop file. See tech-ctte decision
on #741573 for details.
* debian/patches:
+ Update 031_fix-spelling-errors.patch. Lintian found more spelling
issues in upstream code.
* debian/{compat,control}:
+ Raise DH compat level to debhelper version 9.
* debian/control:
+ Add B-D: qt4-linguist-tools (for creating fresh .qm files at build-time).
-- Mike Gabriel <email address hidden> Mon, 15 Feb 2016 11:04:30 +0100
-
italc (1:2.0.2+dfsg1-3) unstable; urgency=medium
* debian/po:
+ Add Dutch DebConf translation file. (Closes: #765983). Thanks to Frans
Spiesschaert.
* debian/control:
+ Bump Standards: to 3.9.6. No changes needed.
-- Mike Gabriel <email address hidden> Mon, 08 Jun 2015 00:29:34 +0200
-
italc (1:2.0.2+dfsg1-2) unstable; urgency=medium
* debian/bin/ica (wrapper):
+ When the -autostart cmdline arg is given, launch iTALC client with the
most privileged role that is available to the current user.
* DebConf:
+ Update Japanese translation. Thanks to "victory".
+ Update Russian translation file. Thanks to Yuri Kozlov. (Closes:
#758791).
+ Update Danish translation file. Thanks to Joe Dalton. (Closes: #758840).
+ Update Spanish translation file. Thanks to CamaleĆ³n. (Closes: #759797).
+ Update French translation file. Thanks to Steve Petruzzello. (Closes:
#760599).
+ Update Portuguese translation file. Thanks to Miguel Figueiredo. (Closes:
#760718).
+ Update Italian translation file. Thanks to Beatrice Torracca. (Closes:
#761089).
+ Update German translation file. Thanks to myself ;-). (Closes: #764101).
* debian/copyright:
+ Rewrite from scratch. Fixes several false or missing license and copyright
information.
-- Mike Gabriel <email address hidden> Sun, 05 Oct 2014 23:05:32 +0200