Overview

File spice-vdagent.changes of Package spice-vdagent.20484

-------------------------------------------------------------------
Mon Jul 12 14:14:39 MDT 2021 - carnold@suse.com

- bsc#1177780 - VUL-0: CVE-2020-25650: spice-vdagent: memory DoS
  via arbitrary entries in `active_xfers` hash table
  0001-CVE-2020-25650-Avoids-unchecked-file-transfer-IDs-allocation-and-usage.patch
  0002-CVE-2020-25650-Avoids-uncontrolled-active_xfers-allocations.patch
- bsc#1177781 - VUL-0: CVE-2020-25651: spice-vdagent: possible file
  transfer DoS and information leak via `active_xfers` hash map
  0001-CVE-2020-25651-cleanup-active_xfers-when-the-client-disconnects.patch
  0002-CVE-2020-25651-vdagentd-do-not-allow-to-use-an-already-used-file-xfer-id.patch
- bsc#1177782 - VUL-0: CVE-2020-25652: spice-vdagent: possibility
  to exhaust file descriptors in `vdagentd` 
  0001-CVE-2020-25652-Avoids-unlimited-agent-connections.patch
  0002-CVE-2020-25652-vdagentd-Limit-number-of-agents-per-session-to-1.patch
- bsc#1177783 - VUL-0: CVE-2020-25653: spice-vdagent: UNIX domain
  socket peer PID retrieved via `SO_PEERCRED` is subject to race
  condition 
  0001-CVE-2020-25653-Avoids-user-session-hijacking.patch
  0002-CVE-2020-25653-Better-check-for-sessions.patch

-------------------------------------------------------------------
Tue Dec  5 16:12:24 UTC 2017 - cbosdonnat@suse.com

- Fix potential shell command injection.
  8ba17481-quote-save-dir-before-passing-to-shell.patch
  CVE-2017-15108 (bsc#1070724)

-------------------------------------------------------------------
Thu Jul 27 12:20:36 UTC 2017 - msuchanek@suse.com

- Fix warning in vdagentd-do-endian-swapping.patch

-------------------------------------------------------------------
Mon Feb 20 13:56:35 UTC 2017 - msuchanek@suse.com

- Add endian swapping to run on BE guests (boo#1012215).
  vdagentd-do-endian-swapping.patch

-------------------------------------------------------------------
Fri Nov 25 18:53:15 UTC 2016 - zaitor@opensuse.org

- Add pkgconfig(glib-2.0) BuildRequires: Explicit dependency.
- Handle spice-vdagentd.target in pre/post/preun/postun.
- Handle spice-vdagentd.conf in post via tmpfiles_create macro.

-------------------------------------------------------------------
Fri Nov 25 18:53:14 UTC 2016 - seife+obs@b1-systems.com

- Update to 0.17.0
  * Denies file-transfer in locked sessions
  * Denies file-transfer in login screen
  * Bump glib version to 2.28
  * Set exit code to 1 instead of 0 when virtio device cannot be
    opened
  * Fix double-free on uinput->screen_info (rhbz#1262635)
  * Code improvement over unix domain client server support (udcs)
  * Fix build compatiblity with different libsystemd versions
    (fdo#94209)
- obsoleted patches removed:
  8c465007-vdagentd-fixes-small-leak.patch
  f97751fa-revert-uinput-fix-small-leak-of-screen_info.patch
- package: add explicit buildrequires for pkgconfig(dbus-1)

-------------------------------------------------------------------
Tue Sep  6 12:56:15 UTC 2016 - cbosdonnat@suse.com

- Fix crash when changing guest display's resolution (bsc#997236)
  8c465007-vdagentd-fixes-small-leak.patch
  f97751fa-revert-uinput-fix-small-leak-of-screen_info.patch

-------------------------------------------------------------------
Thu Jun  2 11:36:40 UTC 2016 - cbosdonnat@suse.com

- fate#320079

-------------------------------------------------------------------
Tue Jul 21 18:52:21 UTC 2015 - mpluskal@suse.com

- Update tp 0.16.0
  * Xspice support
  * Release clipboard on client disconnect if owned by client 
    (rhbz#1003977)
  * Turn some error messages into debugging messages (rhbz#918310)
  * Not having the virtio channel is not an error; instead silently 
    do nothing
- Cleanup spec file with spec-cleaner
- Actually apply spice-vdagent-var_run.patch

-------------------------------------------------------------------
Wed Jul  9 16:21:19 UTC 2014 - fcrozat@suse.com

- Add supplements on virtio_console to automatically install
  spice-vdagent when X11 server is installed on KVM with Spice
  enabled.

-------------------------------------------------------------------
Tue Jul  1 14:10:31 UTC 2014 - fcrozat@suse.com

- Enable systemd service at initial install, it is needed for
  udev rules to properly start the agent.

-------------------------------------------------------------------
Tue May 27 08:45:45 CEST 2014 - ohering@suse.de

- fix /var/run handling
  spice-vdagent-var_run.patch

-------------------------------------------------------------------
Mon Feb  3 08:39:02 UTC 2014 - seife+obs@b1-systems.com

- run spec-cleaner
- remove autoreconf call

-------------------------------------------------------------------
Sun Feb  2 14:15:26 UTC 2014 - seife+obs@b1-systems.com

- import the spec file from fedora core 21, adapt for openSUSE
- version 0.15.0
openSUSE Build Service is sponsored by
Places