Author: Ubuntu Git Importer
Author Date: 2019-06-24 09:01:01 UTC

DSC file for 5.18.0.240+dfsg-3

Author: Ubuntu Git Importer
Author Date: 2019-04-26 05:29:24 UTC

DSC file for 5.18.0.240+dfsg-3

Author: Dimitri John Ledkov
Author Date: 2019-04-17 21:30:39 UTC

Import patches-unapplied version 5.18.0.240+dfsg-2ubuntu2 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 776f0f47fca751c3ab0275533df39f39eba59b4d

New changelog entries:
  * Disable pie on s390x.

Author: Dimitri John Ledkov
Author Date: 2019-04-17 21:30:39 UTC

Import patches-unapplied version 5.18.0.240+dfsg-2ubuntu2 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 776f0f47fca751c3ab0275533df39f39eba59b4d

New changelog entries:
  * Disable pie on s390x.

Author: Dimitri John Ledkov
Author Date: 2019-04-17 21:30:39 UTC

Import patches-unapplied version 5.18.0.240+dfsg-2ubuntu2 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 776f0f47fca751c3ab0275533df39f39eba59b4d

New changelog entries:
  * Disable pie on s390x.

Author: Jo Shields
Author Date: 2019-04-16 19:41:50 UTC

Import patches-unapplied version 5.18.0.240+dfsg-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: a33ef0fbda44c70baf373a57cb38ae0c1f60e4a4

New changelog entries:
  [ Jo Shields ]
  * [20a7dd0] Don't build docs on s390x, to work around a dumb issue
  [ Neale Ferguson ]
  * [3713407] Fix s390x Outarg_VT (#10632)
    * Fix outarg_vt processing. Fixes #10549
    * Cleanup unused bits and pieces
    * Correct the handling of structures being retuned from a call
    * Restore vtcopy code etc.
    (Closes: #921232)

Author: Jo Shields
Author Date: 2019-04-16 19:41:50 UTC

Import patches-applied version 5.18.0.240+dfsg-3 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: ab56f9ce18eabadffc19996daa64d37d8ecf450c
Unapplied parent: 3b6c01b0bd50bb6dc4bb9d9e3928ec9578a10d66

New changelog entries:
  [ Jo Shields ]
  * [20a7dd0] Don't build docs on s390x, to work around a dumb issue
  [ Neale Ferguson ]
  * [3713407] Fix s390x Outarg_VT (#10632)
    * Fix outarg_vt processing. Fixes #10549
    * Cleanup unused bits and pieces
    * Correct the handling of structures being retuned from a call
    * Restore vtcopy code etc.
    (Closes: #921232)

Author: Jo Shields
Author Date: 2019-04-16 19:41:50 UTC

Import patches-unapplied version 5.18.0.240+dfsg-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: a33ef0fbda44c70baf373a57cb38ae0c1f60e4a4

New changelog entries:
  [ Jo Shields ]
  * [20a7dd0] Don't build docs on s390x, to work around a dumb issue
  [ Neale Ferguson ]
  * [3713407] Fix s390x Outarg_VT (#10632)
    * Fix outarg_vt processing. Fixes #10549
    * Cleanup unused bits and pieces
    * Correct the handling of structures being retuned from a call
    * Restore vtcopy code etc.
    (Closes: #921232)

Author: Jo Shields
Author Date: 2019-04-16 19:41:50 UTC

Import patches-unapplied version 5.18.0.240+dfsg-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: a33ef0fbda44c70baf373a57cb38ae0c1f60e4a4

New changelog entries:
  [ Jo Shields ]
  * [20a7dd0] Don't build docs on s390x, to work around a dumb issue
  [ Neale Ferguson ]
  * [3713407] Fix s390x Outarg_VT (#10632)
    * Fix outarg_vt processing. Fixes #10549
    * Cleanup unused bits and pieces
    * Correct the handling of structures being retuned from a call
    * Restore vtcopy code etc.
    (Closes: #921232)

Author: Jo Shields
Author Date: 2019-04-16 19:41:50 UTC

Import patches-applied version 5.18.0.240+dfsg-3 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: ab56f9ce18eabadffc19996daa64d37d8ecf450c
Unapplied parent: 3b6c01b0bd50bb6dc4bb9d9e3928ec9578a10d66

New changelog entries:
  [ Jo Shields ]
  * [20a7dd0] Don't build docs on s390x, to work around a dumb issue
  [ Neale Ferguson ]
  * [3713407] Fix s390x Outarg_VT (#10632)
    * Fix outarg_vt processing. Fixes #10549
    * Cleanup unused bits and pieces
    * Correct the handling of structures being retuned from a call
    * Restore vtcopy code etc.
    (Closes: #921232)

Author: Jo Shields
Author Date: 2019-04-16 19:41:50 UTC

Import patches-unapplied version 5.18.0.240+dfsg-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: a33ef0fbda44c70baf373a57cb38ae0c1f60e4a4

New changelog entries:
  [ Jo Shields ]
  * [20a7dd0] Don't build docs on s390x, to work around a dumb issue
  [ Neale Ferguson ]
  * [3713407] Fix s390x Outarg_VT (#10632)
    * Fix outarg_vt processing. Fixes #10549
    * Cleanup unused bits and pieces
    * Correct the handling of structures being retuned from a call
    * Restore vtcopy code etc.
    (Closes: #921232)

Author: Jo Shields
Author Date: 2019-04-16 19:41:50 UTC

Import patches-unapplied version 5.18.0.240+dfsg-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: a33ef0fbda44c70baf373a57cb38ae0c1f60e4a4

New changelog entries:
  [ Jo Shields ]
  * [20a7dd0] Don't build docs on s390x, to work around a dumb issue
  [ Neale Ferguson ]
  * [3713407] Fix s390x Outarg_VT (#10632)
    * Fix outarg_vt processing. Fixes #10549
    * Cleanup unused bits and pieces
    * Correct the handling of structures being retuned from a call
    * Restore vtcopy code etc.
    (Closes: #921232)

Author: Jo Shields
Author Date: 2019-04-16 19:41:50 UTC

Import patches-unapplied version 5.18.0.240+dfsg-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: a33ef0fbda44c70baf373a57cb38ae0c1f60e4a4

New changelog entries:
  [ Jo Shields ]
  * [20a7dd0] Don't build docs on s390x, to work around a dumb issue
  [ Neale Ferguson ]
  * [3713407] Fix s390x Outarg_VT (#10632)
    * Fix outarg_vt processing. Fixes #10549
    * Cleanup unused bits and pieces
    * Correct the handling of structures being retuned from a call
    * Restore vtcopy code etc.
    (Closes: #921232)

Author: Ubuntu Git Importer
Author Date: 2018-04-01 04:23:02 UTC

pristine-tar data for mono_4.6.2.7+dfsg.orig.tar.gz

Author: Ubuntu Git Importer
Author Date: 2018-03-31 22:08:56 UTC

pristine-tar data for mono_4.6.2.7+dfsg.orig.tar.gz

Author: Jeremy Bicha
Author Date: 2017-09-28 15:09:22 UTC

Import patches-unapplied version 4.6.2.7+dfsg-1ubuntu2 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 54e73d15f4e948a49976b52b46d54f7741088ee7

New changelog entries:
  * Drop obsolete monodoc-manual dependencies on packages that aren't
    available anymore (Closes: #877090)

Author: Jeremy Bicha
Author Date: 2017-09-28 15:09:22 UTC

Import patches-unapplied version 4.6.2.7+dfsg-1ubuntu2 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 54e73d15f4e948a49976b52b46d54f7741088ee7

New changelog entries:
  * Drop obsolete monodoc-manual dependencies on packages that aren't
    available anymore (Closes: #877090)

Author: Jeremy Bicha
Author Date: 2017-09-28 15:09:22 UTC

Import patches-unapplied version 4.6.2.7+dfsg-1ubuntu2 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 54e73d15f4e948a49976b52b46d54f7741088ee7

New changelog entries:
  * Drop obsolete monodoc-manual dependencies on packages that aren't
    available anymore (Closes: #877090)

Author: Jeremy Bicha
Author Date: 2017-09-28 15:09:22 UTC

Import patches-unapplied version 4.6.2.7+dfsg-1ubuntu2 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 54e73d15f4e948a49976b52b46d54f7741088ee7

New changelog entries:
  * Drop obsolete monodoc-manual dependencies on packages that aren't
    available anymore (Closes: #877090)

Author: Jeremy Bicha
Author Date: 2016-12-15 20:51:08 UTC

Import patches-unapplied version 4.6.2.7+dfsg-1ubuntu1 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 54b50a19e763d9d7badaf8b3f8bec16d34843042

New changelog entries:
  * Sync with Debian. Remaining change:
    - Build with -O0 on s390x, as otherwise it fails to bootstrap.

Author: Jeremy Bicha
Author Date: 2016-12-15 20:51:08 UTC

Import patches-unapplied version 4.6.2.7+dfsg-1ubuntu1 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 54b50a19e763d9d7badaf8b3f8bec16d34843042

New changelog entries:
  * Sync with Debian. Remaining change:
    - Build with -O0 on s390x, as otherwise it fails to bootstrap.

Author: Jeremy Bicha
Author Date: 2016-12-15 20:51:08 UTC

Import patches-unapplied version 4.6.2.7+dfsg-1ubuntu1 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 54b50a19e763d9d7badaf8b3f8bec16d34843042

New changelog entries:
  * Sync with Debian. Remaining change:
    - Build with -O0 on s390x, as otherwise it fails to bootstrap.

Author: Jeremy Bicha
Author Date: 2016-12-15 20:51:08 UTC

Import patches-unapplied version 4.6.2.7+dfsg-1ubuntu1 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 54b50a19e763d9d7badaf8b3f8bec16d34843042

New changelog entries:
  * Sync with Debian. Remaining change:
    - Build with -O0 on s390x, as otherwise it fails to bootstrap.

Author: Jeremy Bicha
Author Date: 2016-12-15 20:51:08 UTC

Import patches-unapplied version 4.6.2.7+dfsg-1ubuntu1 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 54b50a19e763d9d7badaf8b3f8bec16d34843042

New changelog entries:
  * Sync with Debian. Remaining change:
    - Build with -O0 on s390x, as otherwise it fails to bootstrap.

Author: Jeremy Bicha
Author Date: 2016-12-15 20:51:08 UTC

Import patches-unapplied version 4.6.2.7+dfsg-1ubuntu1 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 54b50a19e763d9d7badaf8b3f8bec16d34843042

New changelog entries:
  * Sync with Debian. Remaining change:
    - Build with -O0 on s390x, as otherwise it fails to bootstrap.

Author: Jeremy Bicha
Author Date: 2016-12-15 20:51:08 UTC

Import patches-unapplied version 4.6.2.7+dfsg-1ubuntu1 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 54b50a19e763d9d7badaf8b3f8bec16d34843042

New changelog entries:
  * Sync with Debian. Remaining change:
    - Build with -O0 on s390x, as otherwise it fails to bootstrap.

Author: Jo Shields
Author Date: 2016-12-15 10:58:56 UTC

Import patches-unapplied version 4.6.2.7+dfsg-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 00eeaf134a17f16bc626816be4688ea4575d613f

New changelog entries:
  * [4274265] Another DEB_HOST_ARCH_OS / DEB_BUILD_ARCH_OS
  * [b96315e] Handle 4->3 part version numbering difference in get-orig-source
  * [64c42ea] dfsg2 -> dfsg for orig tarball
  * [41bc4a8] Imported Upstream version 4.6.2.7+dfsg

Author: Jo Shields
Author Date: 2016-12-15 10:58:56 UTC

Import patches-applied version 4.6.2.7+dfsg-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 22cee8e9a17cec645f052bb57be3819c441dfce4
Unapplied parent: 5085f0eb7e62265f0837d216364ae610d152f6e0

New changelog entries:
  * [4274265] Another DEB_HOST_ARCH_OS / DEB_BUILD_ARCH_OS
  * [b96315e] Handle 4->3 part version numbering difference in get-orig-source
  * [64c42ea] dfsg2 -> dfsg for orig tarball
  * [41bc4a8] Imported Upstream version 4.6.2.7+dfsg

Author: Matthias Klose
Author Date: 2016-04-12 13:28:35 UTC

Import patches-unapplied version 4.2.1.102+dfsg2-7ubuntu4 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 4f39f5a358c98d4243504d84d237f58dfcadb94a

New changelog entries:
  * Fix libmono-2.0-1 package on arm64 (Jo Shields).
  * mono-archs.mk (DEB_MONO_ARCHS): Re-add powerpc.

Author: Matthias Klose
Author Date: 2016-04-12 13:28:35 UTC

Import patches-unapplied version 4.2.1.102+dfsg2-7ubuntu4 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 4f39f5a358c98d4243504d84d237f58dfcadb94a

New changelog entries:
  * Fix libmono-2.0-1 package on arm64 (Jo Shields).
  * mono-archs.mk (DEB_MONO_ARCHS): Re-add powerpc.

Author: Matthias Klose
Author Date: 2016-04-12 13:28:35 UTC

Import patches-unapplied version 4.2.1.102+dfsg2-7ubuntu4 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 4f39f5a358c98d4243504d84d237f58dfcadb94a

New changelog entries:
  * Fix libmono-2.0-1 package on arm64 (Jo Shields).
  * mono-archs.mk (DEB_MONO_ARCHS): Re-add powerpc.

Author: Matthias Klose
Author Date: 2016-04-12 13:28:35 UTC

Import patches-unapplied version 4.2.1.102+dfsg2-7ubuntu4 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 4f39f5a358c98d4243504d84d237f58dfcadb94a

New changelog entries:
  * Fix libmono-2.0-1 package on arm64 (Jo Shields).
  * mono-archs.mk (DEB_MONO_ARCHS): Re-add powerpc.

Author: Matthias Klose
Author Date: 2016-04-12 13:28:35 UTC

Import patches-unapplied version 4.2.1.102+dfsg2-7ubuntu4 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 4f39f5a358c98d4243504d84d237f58dfcadb94a

New changelog entries:
  * Fix libmono-2.0-1 package on arm64 (Jo Shields).
  * mono-archs.mk (DEB_MONO_ARCHS): Re-add powerpc.

Author: Jo Shields
Author Date: 2015-11-26 08:58:08 UTC

Import patches-applied version 4.2.1.102+dfsg2-3 to applied/debian/experimental

Imported using git-ubuntu import.

Changelog parent: e56db32c0d7c0eb13938f284cfc6342c413e4d19
Unapplied parent: 370b9b251240f18b5d388a6f078d5a349d26bb65

New changelog entries:
  * [17c35c4] Fix more .symbols errors

Author: Jo Shields
Author Date: 2015-11-26 08:58:08 UTC

Import patches-unapplied version 4.2.1.102+dfsg2-3 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: 15dc49861d406f882d45282d1d7341d3def43314

New changelog entries:
  * [17c35c4] Fix more .symbols errors

Author: Jo Shields
Author Date: 2015-03-19 11:32:12 UTC

Import patches-unapplied version 2.10.8.1-8+deb7u1 to debian/wheezy

Imported using git-ubuntu import.

Changelog parent: b0f77663068414bce3290535df52de767f92c6eb

New changelog entries:
  * [c2afe08] Mono's implementation of the SSL/TLS stack failed to check
    the order of the handshake messages. Which would allow various attacks
    on the protocol to succeed. ("SKIP-TLS" attack).
    (Closes: #780751, CVE-2015-2318)
  * [997bd08] Remove the client-side SSLv2 fallback. There's almost no
    SSLv3 web site left so a v2 fallback is only extra code we do not
    need to carry forward. (Closes: #780751, CVE-2015-2320)
  * [b570325] Remove the EXPORT ciphers and related code path. That was
    still useful in 2003/2004 but the technical and legal landscape changed
    a lot since then. Removing the old, limited key size, cipher suites
    also allow removed additional parts of the code that deals with them.
    ("FREAK" attack) (Closes: #780751, CVE-2015-2319)

Author: Jo Shields
Author Date: 2015-03-19 11:32:12 UTC

Import patches-applied version 2.10.8.1-8+deb7u1 to applied/debian/wheezy

Imported using git-ubuntu import.

Changelog parent: 3f879ca3375c8a427d72e1721bf143a8845ef131
Unapplied parent: f64b9ee71dbd7e79eb1dc9abbdd279dc9b200032

New changelog entries:
  * [c2afe08] Mono's implementation of the SSL/TLS stack failed to check
    the order of the handshake messages. Which would allow various attacks
    on the protocol to succeed. ("SKIP-TLS" attack).
    (Closes: #780751, CVE-2015-2318)
  * [997bd08] Remove the client-side SSLv2 fallback. There's almost no
    SSLv3 web site left so a v2 fallback is only extra code we do not
    need to carry forward. (Closes: #780751, CVE-2015-2320)
  * [b570325] Remove the EXPORT ciphers and related code path. That was
    still useful in 2003/2004 but the technical and legal landscape changed
    a lot since then. Removing the old, limited key size, cipher suites
    also allow removed additional parts of the code that deals with them.
    ("FREAK" attack) (Closes: #780751, CVE-2015-2319)

Author: Marc Deslauriers
Author Date: 2015-03-20 16:56:54 UTC

Import patches-unapplied version 3.2.8+dfsg-4ubuntu2.1 to ubuntu/utopic-security

Imported using git-ubuntu import.

Changelog parent: 69df406c94ff5ee6b762d29c5aab01107472ec27

New changelog entries:
  * SECURITY UPDATE: TLS impersonation attack
    - debian/patches/CVE-2015-2318.patch: add handshake state validation to
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/Context.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ServerRecordProtocol.cs.
    - CVE-2015-2318
  * SECURITY UPDATE: FREAK attack vulnerability
    - debian/patches/CVE-2015-2319.patch: remove EXPORT ciphers from
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs.
    - CVE-2015-2319
  * SECURITY UPDATE: SSLv2 support
    - debian/patches/CVE-2015-2320.patch: remove client-side SSLv2 fallback in
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs.
    - CVE-2015-2320

Author: Marc Deslauriers
Author Date: 2015-03-20 18:30:11 UTC

Import patches-unapplied version 2.10.8.1-1ubuntu2.3 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 5f3ff6e3a781e52b767138e0dc80cca53f9213dd

New changelog entries:
  * SECURITY UPDATE: denial of service via use after free
    - debian/patches/CVE-2011-0992.patch: fix access to freed members of a
      dead thread in mono/metadata/threads.c.
    - CVE-2011-0992
  * SECURITY UPDATE: denial of service via hash collision
    - debian/patches/CVE-2012-3543.patch: add a better hash provider to
      mcs/class/System.Web/System.Web.UI/Page.cs,
      mcs/class/System.Web/System.Web.Util/SecureHashCodeProvider.cs,
      mcs/class/System.Web/System.Web.dll.sources,
      mcs/class/System.Web/System.Web/WebROCollection.cs.
    - CVE-2012-3543
  * SECURITY UPDATE: TLS impersonation attack
    - debian/patches/CVE-2015-2318.patch: add handshake state validation to
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/Context.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ServerRecordProtocol.cs.
    - CVE-2015-2318
  * SECURITY UPDATE: FREAK attack vulnerability
    - debian/patches/CVE-2015-2319.patch: remove EXPORT ciphers from
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs.
    - CVE-2015-2319
  * SECURITY UPDATE: SSLv2 support
    - debian/patches/CVE-2015-2320.patch: remove client-side SSLv2 fallback in
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs.
    - CVE-2015-2320
  * debian/source/options: Don't use single-debian-patch for Ubuntu.

Author: Marc Deslauriers
Author Date: 2015-03-20 18:30:11 UTC

Import patches-unapplied version 2.10.8.1-1ubuntu2.3 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 5f3ff6e3a781e52b767138e0dc80cca53f9213dd

New changelog entries:
  * SECURITY UPDATE: denial of service via use after free
    - debian/patches/CVE-2011-0992.patch: fix access to freed members of a
      dead thread in mono/metadata/threads.c.
    - CVE-2011-0992
  * SECURITY UPDATE: denial of service via hash collision
    - debian/patches/CVE-2012-3543.patch: add a better hash provider to
      mcs/class/System.Web/System.Web.UI/Page.cs,
      mcs/class/System.Web/System.Web.Util/SecureHashCodeProvider.cs,
      mcs/class/System.Web/System.Web.dll.sources,
      mcs/class/System.Web/System.Web/WebROCollection.cs.
    - CVE-2012-3543
  * SECURITY UPDATE: TLS impersonation attack
    - debian/patches/CVE-2015-2318.patch: add handshake state validation to
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/Context.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ServerRecordProtocol.cs.
    - CVE-2015-2318
  * SECURITY UPDATE: FREAK attack vulnerability
    - debian/patches/CVE-2015-2319.patch: remove EXPORT ciphers from
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs.
    - CVE-2015-2319
  * SECURITY UPDATE: SSLv2 support
    - debian/patches/CVE-2015-2320.patch: remove client-side SSLv2 fallback in
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs.
    - CVE-2015-2320
  * debian/source/options: Don't use single-debian-patch for Ubuntu.

Author: Marc Deslauriers
Author Date: 2015-03-20 18:30:11 UTC

Import patches-unapplied version 2.10.8.1-1ubuntu2.3 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 5f3ff6e3a781e52b767138e0dc80cca53f9213dd

New changelog entries:
  * SECURITY UPDATE: denial of service via use after free
    - debian/patches/CVE-2011-0992.patch: fix access to freed members of a
      dead thread in mono/metadata/threads.c.
    - CVE-2011-0992
  * SECURITY UPDATE: denial of service via hash collision
    - debian/patches/CVE-2012-3543.patch: add a better hash provider to
      mcs/class/System.Web/System.Web.UI/Page.cs,
      mcs/class/System.Web/System.Web.Util/SecureHashCodeProvider.cs,
      mcs/class/System.Web/System.Web.dll.sources,
      mcs/class/System.Web/System.Web/WebROCollection.cs.
    - CVE-2012-3543
  * SECURITY UPDATE: TLS impersonation attack
    - debian/patches/CVE-2015-2318.patch: add handshake state validation to
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/Context.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ServerRecordProtocol.cs.
    - CVE-2015-2318
  * SECURITY UPDATE: FREAK attack vulnerability
    - debian/patches/CVE-2015-2319.patch: remove EXPORT ciphers from
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs.
    - CVE-2015-2319
  * SECURITY UPDATE: SSLv2 support
    - debian/patches/CVE-2015-2320.patch: remove client-side SSLv2 fallback in
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs.
    - CVE-2015-2320
  * debian/source/options: Don't use single-debian-patch for Ubuntu.

Author: Marc Deslauriers
Author Date: 2015-03-20 16:59:13 UTC

Import patches-unapplied version 3.2.8+dfsg-4ubuntu1.1 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 083e3d2b1a867f39f3d571c98b073f5b27f0b4f0

New changelog entries:
  * SECURITY UPDATE: TLS impersonation attack
    - debian/patches/CVE-2015-2318.patch: add handshake state validation to
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/Context.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ServerRecordProtocol.cs.
    - CVE-2015-2318
  * SECURITY UPDATE: FREAK attack vulnerability
    - debian/patches/CVE-2015-2319.patch: remove EXPORT ciphers from
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs.
    - CVE-2015-2319
  * SECURITY UPDATE: SSLv2 support
    - debian/patches/CVE-2015-2320.patch: remove client-side SSLv2 fallback in
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs.
    - CVE-2015-2320
  * debian/source/options: Don't use single-debian-patch for Ubuntu.

Author: Marc Deslauriers
Author Date: 2015-03-20 16:59:13 UTC

Import patches-unapplied version 3.2.8+dfsg-4ubuntu1.1 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 083e3d2b1a867f39f3d571c98b073f5b27f0b4f0

New changelog entries:
  * SECURITY UPDATE: TLS impersonation attack
    - debian/patches/CVE-2015-2318.patch: add handshake state validation to
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/Context.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ServerRecordProtocol.cs.
    - CVE-2015-2318
  * SECURITY UPDATE: FREAK attack vulnerability
    - debian/patches/CVE-2015-2319.patch: remove EXPORT ciphers from
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs.
    - CVE-2015-2319
  * SECURITY UPDATE: SSLv2 support
    - debian/patches/CVE-2015-2320.patch: remove client-side SSLv2 fallback in
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs.
    - CVE-2015-2320
  * debian/source/options: Don't use single-debian-patch for Ubuntu.

Author: Marc Deslauriers
Author Date: 2015-03-20 16:59:13 UTC

Import patches-unapplied version 3.2.8+dfsg-4ubuntu1.1 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 083e3d2b1a867f39f3d571c98b073f5b27f0b4f0

New changelog entries:
  * SECURITY UPDATE: TLS impersonation attack
    - debian/patches/CVE-2015-2318.patch: add handshake state validation to
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/Context.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ServerRecordProtocol.cs.
    - CVE-2015-2318
  * SECURITY UPDATE: FREAK attack vulnerability
    - debian/patches/CVE-2015-2319.patch: remove EXPORT ciphers from
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs.
    - CVE-2015-2319
  * SECURITY UPDATE: SSLv2 support
    - debian/patches/CVE-2015-2320.patch: remove client-side SSLv2 fallback in
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs.
    - CVE-2015-2320
  * debian/source/options: Don't use single-debian-patch for Ubuntu.

Author: Marc Deslauriers
Author Date: 2015-03-20 16:56:54 UTC

Import patches-unapplied version 3.2.8+dfsg-4ubuntu2.1 to ubuntu/utopic-security

Imported using git-ubuntu import.

Changelog parent: 69df406c94ff5ee6b762d29c5aab01107472ec27

New changelog entries:
  * SECURITY UPDATE: TLS impersonation attack
    - debian/patches/CVE-2015-2318.patch: add handshake state validation to
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/Context.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ServerRecordProtocol.cs.
    - CVE-2015-2318
  * SECURITY UPDATE: FREAK attack vulnerability
    - debian/patches/CVE-2015-2319.patch: remove EXPORT ciphers from
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs.
    - CVE-2015-2319
  * SECURITY UPDATE: SSLv2 support
    - debian/patches/CVE-2015-2320.patch: remove client-side SSLv2 fallback in
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs.
    - CVE-2015-2320

Author: Marc Deslauriers
Author Date: 2015-03-20 16:56:54 UTC

Import patches-unapplied version 3.2.8+dfsg-4ubuntu2.1 to ubuntu/utopic-security

Imported using git-ubuntu import.

Changelog parent: 69df406c94ff5ee6b762d29c5aab01107472ec27

New changelog entries:
  * SECURITY UPDATE: TLS impersonation attack
    - debian/patches/CVE-2015-2318.patch: add handshake state validation to
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/Context.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ServerRecordProtocol.cs.
    - CVE-2015-2318
  * SECURITY UPDATE: FREAK attack vulnerability
    - debian/patches/CVE-2015-2319.patch: remove EXPORT ciphers from
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs.
    - CVE-2015-2319
  * SECURITY UPDATE: SSLv2 support
    - debian/patches/CVE-2015-2320.patch: remove client-side SSLv2 fallback in
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs.
    - CVE-2015-2320

Author: Marc Deslauriers
Author Date: 2015-03-20 16:49:23 UTC

Import patches-unapplied version 3.2.8+dfsg-4ubuntu4 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: cc7b1530d5d3b6961ca4a2773c1c2394775414b2

New changelog entries:
  * SECURITY UPDATE: TLS impersonation attack
    - debian/patches/CVE-2015-2318.patch: add handshake state validation to
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/Context.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ServerRecordProtocol.cs.
    - CVE-2015-2318
  * SECURITY UPDATE: FREAK attack vulnerability
    - debian/patches/CVE-2015-2319.patch: remove EXPORT ciphers from
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs.
    - CVE-2015-2319
  * SECURITY UPDATE: SSLv2 support
    - debian/patches/CVE-2015-2320.patch: remove client-side SSLv2 fallback in
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs.
    - CVE-2015-2320

Author: Marc Deslauriers
Author Date: 2015-03-20 16:49:23 UTC

Import patches-unapplied version 3.2.8+dfsg-4ubuntu4 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: cc7b1530d5d3b6961ca4a2773c1c2394775414b2

New changelog entries:
  * SECURITY UPDATE: TLS impersonation attack
    - debian/patches/CVE-2015-2318.patch: add handshake state validation to
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/Context.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ServerRecordProtocol.cs.
    - CVE-2015-2318
  * SECURITY UPDATE: FREAK attack vulnerability
    - debian/patches/CVE-2015-2319.patch: remove EXPORT ciphers from
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs.
    - CVE-2015-2319
  * SECURITY UPDATE: SSLv2 support
    - debian/patches/CVE-2015-2320.patch: remove client-side SSLv2 fallback in
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs.
    - CVE-2015-2320

Author: Marc Deslauriers
Author Date: 2015-03-20 16:49:23 UTC

Import patches-unapplied version 3.2.8+dfsg-4ubuntu4 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: cc7b1530d5d3b6961ca4a2773c1c2394775414b2

New changelog entries:
  * SECURITY UPDATE: TLS impersonation attack
    - debian/patches/CVE-2015-2318.patch: add handshake state validation to
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/Context.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ServerRecordProtocol.cs.
    - CVE-2015-2318
  * SECURITY UPDATE: FREAK attack vulnerability
    - debian/patches/CVE-2015-2319.patch: remove EXPORT ciphers from
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs.
    - CVE-2015-2319
  * SECURITY UPDATE: SSLv2 support
    - debian/patches/CVE-2015-2320.patch: remove client-side SSLv2 fallback in
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs.
    - CVE-2015-2320

Author: Marc Deslauriers
Author Date: 2015-03-20 16:49:23 UTC

Import patches-unapplied version 3.2.8+dfsg-4ubuntu4 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: cc7b1530d5d3b6961ca4a2773c1c2394775414b2

New changelog entries:
  * SECURITY UPDATE: TLS impersonation attack
    - debian/patches/CVE-2015-2318.patch: add handshake state validation to
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/Context.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ServerRecordProtocol.cs.
    - CVE-2015-2318
  * SECURITY UPDATE: FREAK attack vulnerability
    - debian/patches/CVE-2015-2319.patch: remove EXPORT ciphers from
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs.
    - CVE-2015-2319
  * SECURITY UPDATE: SSLv2 support
    - debian/patches/CVE-2015-2320.patch: remove client-side SSLv2 fallback in
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs.
    - CVE-2015-2320

Author: Marc Deslauriers
Author Date: 2015-03-20 16:49:23 UTC

Import patches-unapplied version 3.2.8+dfsg-4ubuntu4 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: cc7b1530d5d3b6961ca4a2773c1c2394775414b2

New changelog entries:
  * SECURITY UPDATE: TLS impersonation attack
    - debian/patches/CVE-2015-2318.patch: add handshake state validation to
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/Context.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ServerRecordProtocol.cs.
    - CVE-2015-2318
  * SECURITY UPDATE: FREAK attack vulnerability
    - debian/patches/CVE-2015-2319.patch: remove EXPORT ciphers from
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs.
    - CVE-2015-2319
  * SECURITY UPDATE: SSLv2 support
    - debian/patches/CVE-2015-2320.patch: remove client-side SSLv2 fallback in
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs.
    - CVE-2015-2320

Author: Jo Shields
Author Date: 2015-03-19 10:30:24 UTC

Import patches-applied version 3.2.8+dfsg-10 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: af9f79da4890f3afa06eacc81a51698c1b343ed4
Unapplied parent: 3074e098a42e7d559624f181d0b60a9f6ee114d4

New changelog entries:
  * [037e3b5] Mono's implementation of the SSL/TLS stack failed to check
    the order of the handshake messages. Which would allow various attacks on
    the protocol to succeed. ("SKIP-TLS" attack).
    (Closes: #780751, CVE-2015-2318)
  * [38d3725] Remove the client-side SSLv2 fallback. There's almost no SSLv3
    web site left so a v2 fallback is only extra code we do not need to carry
    forward. (Closes: #780751, CVE-2015-2320)
  * [00e66d6] Remove the EXPORT ciphers and related code path. That was still
    useful in 2003/2004 but the technical and legal landscape changed a lot
    since then. Removing the old, limited key size, cipher suites also allow
    removed additional parts of the code that deals with them.
    ("FREAK" attack) (Closes: #780751, CVE-2015-2319)

Author: Jo Shields
Author Date: 2015-03-19 10:30:24 UTC

Import patches-unapplied version 3.2.8+dfsg-10 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9bbd3ce71a9c52eda932d367aee62beb20aaf77f

New changelog entries:
  * [037e3b5] Mono's implementation of the SSL/TLS stack failed to check
    the order of the handshake messages. Which would allow various attacks on
    the protocol to succeed. ("SKIP-TLS" attack).
    (Closes: #780751, CVE-2015-2318)
  * [38d3725] Remove the client-side SSLv2 fallback. There's almost no SSLv3
    web site left so a v2 fallback is only extra code we do not need to carry
    forward. (Closes: #780751, CVE-2015-2320)
  * [00e66d6] Remove the EXPORT ciphers and related code path. That was still
    useful in 2003/2004 but the technical and legal landscape changed a lot
    since then. Removing the old, limited key size, cipher suites also allow
    removed additional parts of the code that deals with them.
    ("FREAK" attack) (Closes: #780751, CVE-2015-2319)

Author: Adam Conrad
Author Date: 2014-04-14 10:41:05 UTC

Import patches-unapplied version 3.2.8+dfsg-4ubuntu2 to ubuntu/utopic-proposed

Imported using git-ubuntu import.

Changelog parent: 083e3d2b1a867f39f3d571c98b073f5b27f0b4f0

New changelog entries:
  * debian/source/options: Don't use single-debian-patch for Ubuntu.
  * debian/patches/ppc64el-me-harder: More patches from IBM for PPC.

Author: Adam Conrad
Author Date: 2014-04-14 10:41:05 UTC

Import patches-unapplied version 3.2.8+dfsg-4ubuntu2 to ubuntu/utopic-proposed

Imported using git-ubuntu import.

Changelog parent: 083e3d2b1a867f39f3d571c98b073f5b27f0b4f0

New changelog entries:
  * debian/source/options: Don't use single-debian-patch for Ubuntu.
  * debian/patches/ppc64el-me-harder: More patches from IBM for PPC.

Author: Jo Shields
Author Date: 2014-02-28 00:15:28 UTC

Import patches-unapplied version 3.2.8+dfsg-4ubuntu1 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: c3cfb0edf3ffe88b90ae3057b4ed4afa3e777e71

New changelog entries:
  * Include mystery patchset from Matthias Klose <doko@ubuntu.com> which
    adds support for little-endian PPC64.

Author: Jo Shields
Author Date: 2014-02-28 00:15:28 UTC

Import patches-unapplied version 3.2.8+dfsg-4ubuntu1 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: c3cfb0edf3ffe88b90ae3057b4ed4afa3e777e71

New changelog entries:
  * Include mystery patchset from Matthias Klose <doko@ubuntu.com> which
    adds support for little-endian PPC64.

Author: Iain Lane
Author Date: 2013-06-14 10:03:43 UTC

Import patches-unapplied version 2.10.8.1-5ubuntu2 to ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: 412d0ecb9fbf3bdcf9fbd2b24f1225658ff23bf0

New changelog entries:
  * Cherry-pick patches from upstream fixing automake 1.13-related FTBFS.

Author: Iain Lane
Author Date: 2013-06-14 10:03:43 UTC

Import patches-unapplied version 2.10.8.1-5ubuntu2 to ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: 412d0ecb9fbf3bdcf9fbd2b24f1225658ff23bf0

New changelog entries:
  * Cherry-pick patches from upstream fixing automake 1.13-related FTBFS.

Author: Iain Lane
Author Date: 2013-06-14 10:03:43 UTC

Import patches-unapplied version 2.10.8.1-5ubuntu2 to ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: 412d0ecb9fbf3bdcf9fbd2b24f1225658ff23bf0

New changelog entries:
  * Cherry-pick patches from upstream fixing automake 1.13-related FTBFS.

Author: Jo Shields
Author Date: 2012-07-11 21:10:55 UTC

Import patches-applied version 2.6.7-5.1 to applied/debian/squeeze

Imported using git-ubuntu import.

Changelog parent: 0c33479bad2eb84f3f8b05714ea10f60b4cadee9
Unapplied parent: 6c1a1088ee4290681eb9ec71018717517df58388

New changelog entries:
  [ Gonzalo Paniagua Javier ]
  * [29cd322] HtmlEncode the path.
     Fixes Novell bug #769799.
  [ Jo Shields ]
  * Security upload to fix potential XSS issue in System.Web's error
    page handling (Closes: #681095, CVE-2012-3382)

Author: Jo Shields
Author Date: 2012-07-11 21:10:55 UTC

Import patches-unapplied version 2.6.7-5.1 to debian/squeeze

Imported using git-ubuntu import.

Changelog parent: 92bc27504ac629af83219b3016c2ba60d482ba88

New changelog entries:
  [ Gonzalo Paniagua Javier ]
  * [29cd322] HtmlEncode the path.
     Fixes Novell bug #769799.
  [ Jo Shields ]
  * Security upload to fix potential XSS issue in System.Web's error
    page handling (Closes: #681095, CVE-2012-3382)

Author: Marc Deslauriers
Author Date: 2012-07-27 12:06:30 UTC

Import patches-unapplied version 2.10.8.1-5ubuntu1 to ubuntu/quantal-proposed

Imported using git-ubuntu import.

Changelog parent: 716b472c7f05db792381bf126856037ddcd64564

New changelog entries:
  * Merged from Debian unstable. Remaining changes:
    - Remove the ARMV6 ASM check from configure{,.in}, since our build
      hosts aren't the same architecture as our target, and hardcode
      an arm*-linux-gnueabihf target that enables ARMV6 unconditionally.
    - Don't use single-debian-patch format for Ubuntu, for sanity.

Author: Marc Deslauriers
Author Date: 2012-07-27 12:06:30 UTC

Import patches-unapplied version 2.10.8.1-5ubuntu1 to ubuntu/quantal-proposed

Imported using git-ubuntu import.

Changelog parent: 716b472c7f05db792381bf126856037ddcd64564

New changelog entries:
  * Merged from Debian unstable. Remaining changes:
    - Remove the ARMV6 ASM check from configure{,.in}, since our build
      hosts aren't the same architecture as our target, and hardcode
      an arm*-linux-gnueabihf target that enables ARMV6 unconditionally.
    - Don't use single-debian-patch format for Ubuntu, for sanity.

Author: Marc Deslauriers
Author Date: 2012-07-27 12:06:30 UTC

Import patches-unapplied version 2.10.8.1-5ubuntu1 to ubuntu/quantal-proposed

Imported using git-ubuntu import.

Changelog parent: 716b472c7f05db792381bf126856037ddcd64564

New changelog entries:
  * Merged from Debian unstable. Remaining changes:
    - Remove the ARMV6 ASM check from configure{,.in}, since our build
      hosts aren't the same architecture as our target, and hardcode
      an arm*-linux-gnueabihf target that enables ARMV6 unconditionally.
    - Don't use single-debian-patch format for Ubuntu, for sanity.

Author: Marc Deslauriers
Author Date: 2012-07-27 12:06:30 UTC

Import patches-unapplied version 2.10.8.1-5ubuntu1 to ubuntu/quantal-proposed

Imported using git-ubuntu import.

Changelog parent: 716b472c7f05db792381bf126856037ddcd64564

New changelog entries:
  * Merged from Debian unstable. Remaining changes:
    - Remove the ARMV6 ASM check from configure{,.in}, since our build
      hosts aren't the same architecture as our target, and hardcode
      an arm*-linux-gnueabihf target that enables ARMV6 unconditionally.
    - Don't use single-debian-patch format for Ubuntu, for sanity.

Author: Marc Deslauriers
Author Date: 2012-07-27 12:06:30 UTC

Import patches-unapplied version 2.10.8.1-5ubuntu1 to ubuntu/quantal-proposed

Imported using git-ubuntu import.

Changelog parent: 716b472c7f05db792381bf126856037ddcd64564

New changelog entries:
  * Merged from Debian unstable. Remaining changes:
    - Remove the ARMV6 ASM check from configure{,.in}, since our build
      hosts aren't the same architecture as our target, and hardcode
      an arm*-linux-gnueabihf target that enables ARMV6 unconditionally.
    - Don't use single-debian-patch format for Ubuntu, for sanity.

Author: Marc Deslauriers
Author Date: 2012-07-24 17:49:00 UTC

Import patches-unapplied version 2.4.4~svn151842-1ubuntu4.1 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: cb32828259d354930be0ae7281c3c1e1a936a706

New changelog entries:
  * SECURITY UPDATE: cross-site scripting vulnerability
    - debian/patches/CVE-2012-3382.dpatch: properly escape error message in
      mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs.
    - CVE-2012-3382
  * SECURITY UPDATE: cross-site scripting vulnerability
    - debian/patches/CVE-2010-1459.dpatch: properly handle
      EnableViewStateMac property in
      mcs/class/System.Web/System.Web.Compilation/PageCompiler.cs,
      mcs/class/System.Web/System.Web.UI/Page.cs,
      mcs/class/System.Web/System.Web.UI/PageParser.cs.
    - CVE-2010-1459

Author: Marc Deslauriers
Author Date: 2012-07-24 17:32:47 UTC

Import patches-unapplied version 2.10.5-1ubuntu0.1 to ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: 6f5b2065841f7f59947f913b3456180f829ff8de

New changelog entries:
  * SECURITY UPDATE: cross-site scripting vulnerability
    - debian/patches/CVE-2012-3382.patch: properly escape error message in
      mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs.
    - CVE-2012-3382

Author: Marc Deslauriers
Author Date: 2012-07-24 17:32:47 UTC

Import patches-unapplied version 2.10.5-1ubuntu0.1 to ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: 6f5b2065841f7f59947f913b3456180f829ff8de

New changelog entries:
  * SECURITY UPDATE: cross-site scripting vulnerability
    - debian/patches/CVE-2012-3382.patch: properly escape error message in
      mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs.
    - CVE-2012-3382

Author: Marc Deslauriers
Author Date: 2012-07-24 17:49:00 UTC

Import patches-unapplied version 2.4.4~svn151842-1ubuntu4.1 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: cb32828259d354930be0ae7281c3c1e1a936a706

New changelog entries:
  * SECURITY UPDATE: cross-site scripting vulnerability
    - debian/patches/CVE-2012-3382.dpatch: properly escape error message in
      mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs.
    - CVE-2012-3382
  * SECURITY UPDATE: cross-site scripting vulnerability
    - debian/patches/CVE-2010-1459.dpatch: properly handle
      EnableViewStateMac property in
      mcs/class/System.Web/System.Web.Compilation/PageCompiler.cs,
      mcs/class/System.Web/System.Web.UI/Page.cs,
      mcs/class/System.Web/System.Web.UI/PageParser.cs.
    - CVE-2010-1459

Author: Marc Deslauriers
Author Date: 2012-07-24 17:34:56 UTC

Import patches-unapplied version 2.6.7-5ubuntu3.1 to ubuntu/natty-security

Imported using git-ubuntu import.

Changelog parent: b2624db9e0a5a36e6bd817971f97af2892b2ea1d

New changelog entries:
  * SECURITY UPDATE: cross-site scripting vulnerability
    - mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs: properly
      escape error message.
    - CVE-2012-3382

Author: Marc Deslauriers
Author Date: 2012-07-24 17:32:47 UTC

Import patches-unapplied version 2.10.5-1ubuntu0.1 to ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: 6f5b2065841f7f59947f913b3456180f829ff8de

New changelog entries:
  * SECURITY UPDATE: cross-site scripting vulnerability
    - debian/patches/CVE-2012-3382.patch: properly escape error message in
      mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs.
    - CVE-2012-3382

Author: Marc Deslauriers
Author Date: 2012-07-24 17:34:56 UTC

Import patches-unapplied version 2.6.7-5ubuntu3.1 to ubuntu/natty-security

Imported using git-ubuntu import.

Changelog parent: b2624db9e0a5a36e6bd817971f97af2892b2ea1d

New changelog entries:
  * SECURITY UPDATE: cross-site scripting vulnerability
    - mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs: properly
      escape error message.
    - CVE-2012-3382

Author: Marc Deslauriers
Author Date: 2012-07-24 17:34:56 UTC

Import patches-unapplied version 2.6.7-5ubuntu3.1 to ubuntu/natty-security

Imported using git-ubuntu import.

Changelog parent: b2624db9e0a5a36e6bd817971f97af2892b2ea1d

New changelog entries:
  * SECURITY UPDATE: cross-site scripting vulnerability
    - mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs: properly
      escape error message.
    - CVE-2012-3382

Author: Marc Deslauriers
Author Date: 2012-07-24 17:49:00 UTC

Import patches-unapplied version 2.4.4~svn151842-1ubuntu4.1 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: cb32828259d354930be0ae7281c3c1e1a936a706

New changelog entries:
  * SECURITY UPDATE: cross-site scripting vulnerability
    - debian/patches/CVE-2012-3382.dpatch: properly escape error message in
      mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs.
    - CVE-2012-3382
  * SECURITY UPDATE: cross-site scripting vulnerability
    - debian/patches/CVE-2010-1459.dpatch: properly handle
      EnableViewStateMac property in
      mcs/class/System.Web/System.Web.Compilation/PageCompiler.cs,
      mcs/class/System.Web/System.Web.UI/Page.cs,
      mcs/class/System.Web/System.Web.UI/PageParser.cs.
    - CVE-2010-1459

Author: Julian Taylor
Author Date: 2012-06-03 20:46:30 UTC

Import patches-unapplied version 2.10.8.1-1ubuntu2.1 to ubuntu/precise-proposed

Imported using git-ubuntu import.

Changelog parent: 68fd143298a40df97e0c2964210d342c4b97a0e2

New changelog entries:
  * configure.in: search multiarch paths for libX11 (LP: #1008212)
    changes the dllmap in /etc/mono/config to the versioned library

Author: Andrew Mitchell
Author Date: 2012-04-04 06:08:25 UTC

Import patches-unapplied version 2.10.8.1-1ubuntu2 to ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: 5520aebd1b2596697cab1bed4759f2619fd54ae6

New changelog entries:
  * debian/monodoc-base.postinst: Add '|| true' to the update-monodoc call
    so that it doesn't cause upgrades to fail due to the trigger being called
    prior to GTK# being upgraded (LP: #972751)

Author: Mirco Bauer
Author Date: 2011-08-25 20:26:08 UTC

Import patches-unapplied version 2.10.5-1 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: ef8ea271d9c5be7e7b9eec012109d9a7fb15250a

New changelog entries:
  * [854fa78] Imported Upstream version 2.10.5

Author: Chris Halse Rogers
Author Date: 2011-04-12 01:23:54 UTC

Import patches-unapplied version 2.6.7-5ubuntu3 to ubuntu/natty

Imported using git-ubuntu import.

Changelog parent: aa2fe701cdbcfbdc06ece0cafb40bf5f663aa29f

New changelog entries:
  * Drop gluezilla Recommends to Suggests for libmono-webbrowser0.5-cil.
    xulrunner, and hence gluezilla, is dropping out of main for Natty.
    (LP: #740815)

Author: Stefan Ebner
Author Date: 2010-09-14 17:58:16 UTC

Import patches-unapplied version 2.6.7-3ubuntu1 to ubuntu/maverick

Imported using git-ubuntu import.

Changelog parent: d587b72d7bdb352623a01e8a1453182aee3640fd

New changelog entries:
    * Merge from Debian Unstable, remaining Ubuntu changes:
    + debian/control:
      - Lower mono-debugger Recommends on mono-dbg package to Suggests,
        as mono-debugger is in Universe
      - Lower libmono-firebirdsql1.7-cil Recommends on libmono-cil-dev
        package to Suggests, as libfbclient2 is in Universe

Author: Stefan Ebner
Author Date: 2010-09-14 17:58:16 UTC

Import patches-unapplied version 2.6.7-3ubuntu1 to ubuntu/maverick

Imported using git-ubuntu import.

Changelog parent: d587b72d7bdb352623a01e8a1453182aee3640fd

New changelog entries:
    * Merge from Debian Unstable, remaining Ubuntu changes:
    + debian/control:
      - Lower mono-debugger Recommends on mono-dbg package to Suggests,
        as mono-debugger is in Universe
      - Lower libmono-firebirdsql1.7-cil Recommends on libmono-cil-dev
        package to Suggests, as libfbclient2 is in Universe

Author: Martin Pitt
Author Date: 2010-04-22 09:33:07 UTC

Import patches-unapplied version 2.4.4~svn151842-1ubuntu4 to ubuntu/lucid

Imported using git-ubuntu import.

Changelog parent: 10069976981aabd9ad21b2ad7a30f313c7ae5fe7

New changelog entries:
  * debian/control: Reapply dropped change from 1.9.1+dfsg-4ubuntu2 to lower
    the "mono-debugger" recommends of mono-dbg to suggests. mono-debugger is
    in universe.

Author: Mirco Bauer
Author Date: 2009-09-07 20:00:21 UTC

Import patches-unapplied version 2.4.2.3+dfsg-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 14f56277f7ddc3eb15a8ae59301f29f63de89737

New changelog entries:
  * debian/control:
    + Add missing cli:Suggests to libmono-bytefx0.7.6.1-cil and
      libmono-bytefx0.7.6.2-cil.
  * debian/rules:
    + Removed mono:upversion and mono:next-version from dh_gencontrol -s
      call as those are unused for arch:any packages.
  * debian/patches/fix_metadata_dup.dpatch:
    + Remove duplicate appdomain.h, fixing FTBFS.
      (thanks to Stefan Siegl for the investigation, Closes: #543010)
  * debian/patches/fix_CreateDelegate_ArgumentException.dpatch:
    + Fixed ArgumentException in System.Delegate.CreateDelegate() which broke
      IronPython 2.6 Beta 2.

Author: Mirco Bauer
Author Date: 2009-09-07 20:00:21 UTC

Import patches-unapplied version 2.4.2.3+dfsg-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 14f56277f7ddc3eb15a8ae59301f29f63de89737

New changelog entries:
  * debian/control:
    + Add missing cli:Suggests to libmono-bytefx0.7.6.1-cil and
      libmono-bytefx0.7.6.2-cil.
  * debian/rules:
    + Removed mono:upversion and mono:next-version from dh_gencontrol -s
      call as those are unused for arch:any packages.
  * debian/patches/fix_metadata_dup.dpatch:
    + Remove duplicate appdomain.h, fixing FTBFS.
      (thanks to Stefan Siegl for the investigation, Closes: #543010)
  * debian/patches/fix_CreateDelegate_ArgumentException.dpatch:
    + Fixed ArgumentException in System.Delegate.CreateDelegate() which broke
      IronPython 2.6 Beta 2.

Author: Marc Deslauriers
Author Date: 2009-08-19 20:04:59 UTC

Import patches-unapplied version 1.2.6+dfsg-6ubuntu3.1 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: bb9e9acaadb7f74e5755e724f442a8dd44e8b4c2

New changelog entries:
  * SECURITY UPDATE: Multiple cross-site scripting vulnerabilities in
    the ASP.net class libraries (LP: #282952)
    - debian/patches/security_CVE-2008-3422.dpatch: properly encode and
      escape values in mcs/class/System.Web/System.Web.UI.HtmlControls/
      {HtmlControl,HtmlForm,HtmlInputButton,HtmlInputRadioButton,
      HtmlSelect}.cs, and add tests to mcs/class/System.Web/Test/
      System.Web.UI.HtmlControls/{HtmlImageTest,HtmlInputButtonTest,
      HtmlInputRadioButtonTest,HtmlSelectTest}.cs
    - CVE-2008-3422
  * SECURITY UPDATE: CRLF injection vulnerability in Sys.Web (LP: #282952)
    - debian/patches/security_CVE-2008-3906.dpatch: encode headers in
      mcs/class/System.Web/{System.Web/HttpResponseHeader.cs,
      System.Web.Configuration/HttpRuntimeConfig.cs}
    - CVE-2008-3906
  * SECURITY UPDATE: XMLDsig HMAC-based signatures spoofing and
    authentication bypass (LP: #409920)
    - debian/patches/security_CVE-2009-0217.dpatch: Fix HMACOutputLength to
      match XMLDSIG erratum and add stricter checks.
    - CVE-2009-0217

Author: Marc Deslauriers
Author Date: 2009-08-19 20:04:59 UTC

Import patches-unapplied version 1.2.6+dfsg-6ubuntu3.1 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: bb9e9acaadb7f74e5755e724f442a8dd44e8b4c2

New changelog entries:
  * SECURITY UPDATE: Multiple cross-site scripting vulnerabilities in
    the ASP.net class libraries (LP: #282952)
    - debian/patches/security_CVE-2008-3422.dpatch: properly encode and
      escape values in mcs/class/System.Web/System.Web.UI.HtmlControls/
      {HtmlControl,HtmlForm,HtmlInputButton,HtmlInputRadioButton,
      HtmlSelect}.cs, and add tests to mcs/class/System.Web/Test/
      System.Web.UI.HtmlControls/{HtmlImageTest,HtmlInputButtonTest,
      HtmlInputRadioButtonTest,HtmlSelectTest}.cs
    - CVE-2008-3422
  * SECURITY UPDATE: CRLF injection vulnerability in Sys.Web (LP: #282952)
    - debian/patches/security_CVE-2008-3906.dpatch: encode headers in
      mcs/class/System.Web/{System.Web/HttpResponseHeader.cs,
      System.Web.Configuration/HttpRuntimeConfig.cs}
    - CVE-2008-3906
  * SECURITY UPDATE: XMLDsig HMAC-based signatures spoofing and
    authentication bypass (LP: #409920)
    - debian/patches/security_CVE-2009-0217.dpatch: Fix HMACOutputLength to
      match XMLDSIG erratum and add stricter checks.
    - CVE-2009-0217

Author: Marc Deslauriers
Author Date: 2009-08-19 18:45:27 UTC

Import patches-unapplied version 1.9.1+dfsg-4ubuntu2.1 to ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: 94d4138202fca10ab2db5ad00a1a5cb5101019d6

New changelog entries:
  * SECURITY UPDATE: XMLDsig HMAC-based signatures spoofing and
    authentication bypass (LP: #409920)
    - debian/patches/security_CVE-2009-0217.dpatch: Fix HMACOutputLength to
      match XMLDSIG erratum and add stricter checks.
    - CVE-2009-0217

Author: Marc Deslauriers
Author Date: 2009-08-19 18:45:27 UTC

Import patches-unapplied version 1.9.1+dfsg-4ubuntu2.1 to ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: 94d4138202fca10ab2db5ad00a1a5cb5101019d6

New changelog entries:
  * SECURITY UPDATE: XMLDsig HMAC-based signatures spoofing and
    authentication bypass (LP: #409920)
    - debian/patches/security_CVE-2009-0217.dpatch: Fix HMACOutputLength to
      match XMLDSIG erratum and add stricter checks.
    - CVE-2009-0217

Author: Marc Deslauriers
Author Date: 2009-08-19 18:45:27 UTC

Import patches-unapplied version 1.9.1+dfsg-4ubuntu2.1 to ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: 94d4138202fca10ab2db5ad00a1a5cb5101019d6

New changelog entries:
  * SECURITY UPDATE: XMLDsig HMAC-based signatures spoofing and
    authentication bypass (LP: #409920)
    - debian/patches/security_CVE-2009-0217.dpatch: Fix HMACOutputLength to
      match XMLDSIG erratum and add stricter checks.
    - CVE-2009-0217

Author: Marc Deslauriers
Author Date: 2009-08-19 18:01:58 UTC

Import patches-unapplied version 2.0.1-4ubuntu0.1 to ubuntu/jaunty-security

Imported using git-ubuntu import.

Changelog parent: fc40b85b5b45239f429cac19ae8007217fa8b23e

New changelog entries:
  * SECURITY UPDATE: XMLDsig HMAC-based signatures spoofing and
    authentication bypass (LP: #409920)
    - debian/patches/security_CVE-2009-0217.dpatch: Fix HMACOutputLength to
      match XMLDSIG erratum and add stricter checks.
    - CVE-2009-0217

Author: Marc Deslauriers
Author Date: 2009-08-19 18:01:58 UTC

Import patches-unapplied version 2.0.1-4ubuntu0.1 to ubuntu/jaunty-security

Imported using git-ubuntu import.

Changelog parent: fc40b85b5b45239f429cac19ae8007217fa8b23e

New changelog entries:
  * SECURITY UPDATE: XMLDsig HMAC-based signatures spoofing and
    authentication bypass (LP: #409920)
    - debian/patches/security_CVE-2009-0217.dpatch: Fix HMACOutputLength to
      match XMLDSIG erratum and add stricter checks.
    - CVE-2009-0217

Author: Marc Deslauriers
Author Date: 2009-08-19 18:01:58 UTC

Import patches-unapplied version 2.0.1-4ubuntu0.1 to ubuntu/jaunty-security

Imported using git-ubuntu import.

Changelog parent: fc40b85b5b45239f429cac19ae8007217fa8b23e

New changelog entries:
  * SECURITY UPDATE: XMLDsig HMAC-based signatures spoofing and
    authentication bypass (LP: #409920)
    - debian/patches/security_CVE-2009-0217.dpatch: Fix HMACOutputLength to
      match XMLDSIG erratum and add stricter checks.
    - CVE-2009-0217

Author: Marc Deslauriers
Author Date: 2009-08-19 20:04:59 UTC

Import patches-unapplied version 1.2.6+dfsg-6ubuntu3.1 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: bb9e9acaadb7f74e5755e724f442a8dd44e8b4c2

New changelog entries:
  * SECURITY UPDATE: Multiple cross-site scripting vulnerabilities in
    the ASP.net class libraries (LP: #282952)
    - debian/patches/security_CVE-2008-3422.dpatch: properly encode and
      escape values in mcs/class/System.Web/System.Web.UI.HtmlControls/
      {HtmlControl,HtmlForm,HtmlInputButton,HtmlInputRadioButton,
      HtmlSelect}.cs, and add tests to mcs/class/System.Web/Test/
      System.Web.UI.HtmlControls/{HtmlImageTest,HtmlInputButtonTest,
      HtmlInputRadioButtonTest,HtmlSelectTest}.cs
    - CVE-2008-3422
  * SECURITY UPDATE: CRLF injection vulnerability in Sys.Web (LP: #282952)
    - debian/patches/security_CVE-2008-3906.dpatch: encode headers in
      mcs/class/System.Web/{System.Web/HttpResponseHeader.cs,
      System.Web.Configuration/HttpRuntimeConfig.cs}
    - CVE-2008-3906
  * SECURITY UPDATE: XMLDsig HMAC-based signatures spoofing and
    authentication bypass (LP: #409920)
    - debian/patches/security_CVE-2009-0217.dpatch: Fix HMACOutputLength to
      match XMLDSIG erratum and add stricter checks.
    - CVE-2009-0217

Author: Mirco Bauer
Author Date: 2009-01-26 23:15:04 UTC

Import patches-unapplied version 2.0.1-4 to ubuntu/jaunty

Imported using git-ubuntu import.

Changelog parent: d43919ca773f97a0d87c3ac0ecad86f59f56c9f5

New changelog entries:
  * debian/rules:
    + Pass internal-mono instead of --internal-mono if the debhelper version
      is older than 7.1, as that one doesn't support custom parameters via
      init(). This ensures backwards compatibility with older debhelper
      versions, as found in Ubuntu.
  * debian/control:
    + Lowered debhelper build-dep to >= 5.
  * debian/dh_clideps
    debian/dh_makeclilibs:
    + Re-synced from cli-common 0.6.0, needed for dh 7.0 backwards
      compatibilty.
  * Rebuilt against libc6 and glib from unstable.
  [ Jo Shields ]
  * debian/patches/fix_wsdl2_duplicate_keys_r117243.dpatch:
    + Fix bug in wsdl2 preventing parsing of Amazon Web Services
      wsdl file (thanks to Iain Lane <laney@ubuntu.com> for help
      isolating this bug)
  * debian/patches/fix_NetworkInterface_exception_r120282.dpatch:
    + Warn, rather than fail, on "funny" network interfaces
      (Closes: #507297)
  [ Mirco Bauer ]
  * debian/mono-1.0-devel.{postinst,prerm}
    debian/mono-mcs.{postinst,prerm}
    debian/mono-devel.{postinst,prerm}:
    + Moved update-alternatives calls to mono-devel.{postinst,prerm}.
  * debian/mono.links
    debian/mono.postinst
    + Removed, those are just left-overs.
  * debian/mono-jit.postinst:
    + Lowered alternative priority to 10 like all other alternative we install.
  * debian/control:
    + Moved cli-* Provides from mono-1.0-devel, mono-mcs and mono-gmcs to
      mono-devel, as thats where the cli-* alternatives now lives.
    + Added many strong versioned binary dependencies to mono-devel as hack
      to make experimental buildds happy, else everything needing
      mono-devel >= 2.0 will FTBFS in experimental (e.g. KDE4).
      (thanks goes to Modestas Vainius for the investigation)
    + Made dependency on libmono0, libmono-corlib2.0-cil and
      libmono-corlib1.0-cil strong for mono-utils to ensure that the correct
      versions are pulled in (else we might confuse APT or funny buildds).
    + Bumped debhelper build-dep to >= 7.1, as needed for the bundled
      debian/dh_* scripts.
  * debian/dh_clideps
    debian/dh_makeclilibs:
    + Synced from cli-common 0.6.0, needed for dh 7.1 support.
   [ David Paleino ]
   * debian/patches/fix_TcpClient_IPv6_r122598.dpatch:
     + Fix bug in TcpClient() implementation preventing IPv6 connections
       from working
  [ Mirco Bauer ]
  * New upstream (bugfix) release.
  * debian/mono-1.0-devel.manpages:
    + Removed mcs1 as it's already shipped in mono-mcs.
  * debian/patches/99_autoreconf.dpatch:
    + Updated
  * debian/mono-devel.links:
    + Make csc a symlink to gmcs, a runtime version neutral default
      compiler.
  * debian/patches/armel_fix_configure_fpu_check.dpatch:
    + Forward ported patch from 1.2.4 to fix FTBFS on linux/armel.
  * debian/patches/99_autoreconf.dpatch:
    + Updated
  * debian/mono-common.install:
    + Name the /etc files and directories explicitly to make sure not to
      install /etc/mconfig by accident when doing a binary-indep binary-arch
      (in that order) build.
  [ Jo Shields ]
  * debian/patches/armel-glibc-2.8.dpatch:
    + Fix build failure on armel architecture on libc6 2.8 (Thanks
      to Michael Casadevall <sonicmctails@gmail.com> for the patch)
  [ David Paleino ]
  * Group Policy:
    + implemented get-orig-source target in debian/rules
  * New upstream release.
    + System.Web.Extensions is included in the debian source and binary
      packages now, as JSON.NET was relicensed to MIT/X11 and thus no DFSGing
      needed anymore! (Closes: #497213)
    + With this release, we changed the default development stack from 1.0 to
      2.0. This has no influence to the runtime nor existing binary packages,
      for more details see:
      http://wiki.debian.org/Teams/DebianMonoGroup/Mono20Transition
  * debian/copyright:
    + Updated license info of JSON.NET
  * debian/control:
    + Removed libgda2-dev from buid-deps as debian/update-shlibs.local.sh
      takes already care of it.
    + mono-utils depends on libmono-corlib2.0-cil and only suggests
      libmono-corlib1.0-cil now as the default runtime was changed to 2.0.
    + Updated libcupsys2-dev build-dependency to libcups2-dev.
    + Updated Standards-Version to 3.8.0 (no changes needed).
  * debian/rules:
    + Pass --enable-quiet-build=no to configure call, else we get a less
      verbose build log.
    + Bumped clilibs to 2.0 of libmono{1,2}.0-cil, libmono-cairo{1,2}.0-cil,
      libmono-data-tds{1,2}.0-cil, libmono-system2.0-cil,
      libmono-system-runtime2.0-cil, libmono-security{1,2}.0-cil,
      libmono-web2.0-cil, libmono-winforms2.0-cil and libmono-system2.1-cil.
  * debian/mono.runtime-script:
    + Call the script of gacutil instead of passing the application filename
      directly to mono, as we rely on the default gacutil now provided by the
      mono-gac package.
  * debian/patches/method-signature-testing.dpatch
    debian/patches/pass_CPPFLAGS_nicely_r98803.dpatch
    debian/patches/fix_bound_checking_r98524_r98527.dpatch
    debian/patches/fix_softfloat_r105848.dpatch
    debian/patches/fix_stack_alignment_r105650_r105651.dpatch
    debian/patches/fix_xen_support_r103474_r103475.dpatch
    debian/patches/fix_Dictionary_preventing_GC_r102114.dpatch
    debian/patches/fix_TdsConnectionPool_svn.dpatch
    debian/patches/fix_Assembly.LoadFrom_deadlock.dpatch:
    + Removed, already applied upstream.
  * debian/patches/dont_build_System.Web.Extensions.dpatch:
    + Disabled, JSON.NET was re-licensed to MIT/X11.
  * debian/libmono-system-web2.0-cil.install:
    + Added System.Web.Extensions.dll and System.Web.Extensions.Design.dll.
  * debian/update-shlibs.local.sh:
    + Fixed grep calls so it doesn't match udeb lines.
  * debian/shlibs.local:
    + Updated
  * debian/control
    debian/libmono-mozilla0.2-cil.install
    debian/libmono-webbrowser0.5-cil.install:
    + Renamed libmono-mozilla0.2-cil to libmono-webbrowser0.5-cil and
      removed Replaces.
  * debian/control
    debian/libmono{1,2}.0-cil.install
    debian/libmono-posix{1,2}.0-cil.install:
    debian/libmono-getoptions{1,2}.0-cil.install:
    debian/libmono-data{1,2}.0-cil.install:
    + Moved the Mono.Posix, Mono.GetOptions and Mono.Data.* libraries into
      extra packages to support smaller install sizes of typical applications
      (e.g. tomboy or gnome-do).
    + Added libmono-posix{1,2}.0-cil, libmono-getoptions{1,2}.0-cil and
      libmono-data{1,2}.0-cil as dependency of libmono{1,2}-cil to aid a smooth
      runtime transition.
  * debian/libmono-system-data2.0-cil.install:
    + Added System.Data.DataSetExtensions.dll and System.Data.Linq.dll.
  * debian/rules
    debian/libmono{1,2}.0-cil.install:
    + Dropped Mono.Security.Win32.dll as the library is only useful on
      Windows.
  * debian/patches/build_genxs_2.0.dpatch:
    + Enables compiling genxs for CLI 2.0 as upstream provided a genxs2 script
      but forgot to build the actual application.
  * debian/mono-2.0-devel.install
    debian/mono-2.0-devel.manpages:
    + Added xsd2 and genxs2
  * debian/mono-devel.install
    debian/mono-devel.manpages
    debian/mono-1.0-devel.install
    debian/mono-1.0-devel.manpages:
    + Moved all unversioned tools and default scripts (with their manpages) to
      mono-devel.
  * debian/mono-mcs.install
    debian/mono-mcs.manpages
    debian/mono-gmcs.install
    debian/mono-gmcs.manpages
    debian/mono-devel.install
    debian/mono-devel.manpages
    debian/control:
    + Moved gmcs script and manpage from mono-gmcs to mono-devel.
    + Added Replaces for mono-mcs and mono-gmcs to mono-devel.
    + Added gmcs2 script and manpage to mono-gmcs
    + Added mcs1 script and manpage to mono-mcs.
      This changes are needed to get a default compiler target using a single
      package that depends on the current default which is 2.0 (gmcs2).
  * debian/System.Windows.Forms.dll.config:
    + Added dll-map for libgdk_pixbuf-2.0.so
  * debian/control:
    + Improved many package descriptions by adding the names of the
      libraries they contain with a brief description of what they do.
  * debian/control
    debian/mono-gac.install
    debian/mono-{1,2}.0-gac.install:
    + The default script "gacutil" is still shipped in mono-gac but
      "gacutil1" and "gacutil2" are now in mono-1.0-gac and mono-2.0-gac.
      mono-gac pulls in mono-2.0-gac by default.
      This is needed to make a 2.0-only install possible.
  * debian/control:
    + Added mono-1.0-runtime and mono-2.0-runtime package, which pull in the
      runtime stack of the specific runtime version in.
      mono-runtime pulls in mono-2.0-runtime as the new default runtime.
      This is needed to make a 2.0-only install possible.
  * debian/libmono-dev.install:
    + Added dotnet35.pc
  * debian/mono-smcs.install:
    + Added smcs.pc
  * debian/control:
    + s/meta package/metapackage/ as lintian says so.

Author: Mirco Bauer
Author Date: 2009-01-15 21:18:16 UTC

Import patches-unapplied version 1.9.1+dfsg-6 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 09aaf07e32f3603bee588fb0e9beba112900419a

New changelog entries:
  [ Mirco Bauer ]
  * debian/rules:
    + Bumped API of libmono-data-tds1.0-cil and libmono-data-tds2.0-cil to
      1.9.1+dfsg-3 (which was forgotten in the -3 release). This caused a type
      loading error for partial uprades between 1.9.1 and 2.0: "The class
      Mono.Data.Tds.Protocol.ITds could not be loaded, used in Mono.Data.Tds,
      Version=2.0.0.0".
  * debian/patches/fix_WebMethod_nullable_crash_r122070.dpatch:
    + Fixes a crash with WebMethods when nullable types are used.
      (patch taken from upstream SVN revision r122070)
  * debian/patches/fix_System.Web.HttpResponse_memory_leak_r115861.dpatch:
    + Fixes memory leak in System.Web.HttpResponse.
      (patch taken from upstream SVN revision r115863)
  * debian/patches/arm_fix_flush_icache_calls_r121457.dpatch:
    + Fixed calls to mono_arch_flush_icache.
      (patch taken from upstream SVN revision r121457)
  * debian/patches/arm_eabi_fix_r122416_r122702.dpatch:
    + Use GCC macro for flushing the cache where available instead of inline
      ASM. (Closes: #511694, thanks to Stephen Depooter <stephend@xandros.com>
      for the investigation and Riku Voipio <novell@kos.to> for the patch)
      (patch taken from upstream SVN revisions r122416 and r122702)
  [ David Paleino ]
  * debian/patches/fix_TcpClient_IPv6_r122598.dpatch:
    + Fix bug in TcpClient() implementation preventing IPv6 connections
      from working.
      (patch taken from upstream SVN revision r122598)

Author: Mirco Bauer
Author Date: 2009-01-15 21:18:16 UTC

Import patches-applied version 1.9.1+dfsg-6 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: eb23bf8d139b4aa3dbd1f6fe6167f19c29e1b0aa
Unapplied parent: 41fbc1b143b70b15ffd4ba3f50cf88431f7a5275

New changelog entries:
  [ Mirco Bauer ]
  * debian/rules:
    + Bumped API of libmono-data-tds1.0-cil and libmono-data-tds2.0-cil to
      1.9.1+dfsg-3 (which was forgotten in the -3 release). This caused a type
      loading error for partial uprades between 1.9.1 and 2.0: "The class
      Mono.Data.Tds.Protocol.ITds could not be loaded, used in Mono.Data.Tds,
      Version=2.0.0.0".
  * debian/patches/fix_WebMethod_nullable_crash_r122070.dpatch:
    + Fixes a crash with WebMethods when nullable types are used.
      (patch taken from upstream SVN revision r122070)
  * debian/patches/fix_System.Web.HttpResponse_memory_leak_r115861.dpatch:
    + Fixes memory leak in System.Web.HttpResponse.
      (patch taken from upstream SVN revision r115863)
  * debian/patches/arm_fix_flush_icache_calls_r121457.dpatch:
    + Fixed calls to mono_arch_flush_icache.
      (patch taken from upstream SVN revision r121457)
  * debian/patches/arm_eabi_fix_r122416_r122702.dpatch:
    + Use GCC macro for flushing the cache where available instead of inline
      ASM. (Closes: #511694, thanks to Stephen Depooter <stephend@xandros.com>
      for the investigation and Riku Voipio <novell@kos.to> for the patch)
      (patch taken from upstream SVN revisions r122416 and r122702)
  [ David Paleino ]
  * debian/patches/fix_TcpClient_IPv6_r122598.dpatch:
    + Fix bug in TcpClient() implementation preventing IPv6 connections
      from working.
      (patch taken from upstream SVN revision r122598)

Author: Martin Pitt
Author Date: 2008-10-17 08:25:59 UTC

Import patches-unapplied version 1.9.1+dfsg-4ubuntu2 to ubuntu/intrepid

Imported using git-ubuntu import.

Changelog parent: b56eb6cef7e75ee532c2f46a53df396f8ad83fa3

New changelog entries:
  * mono-dbg: Drop Recommends of mono-debugger to Suggests, it and its
    dependencies are in universe.

Author: Sebastian Dröge
Author Date: 2008-03-21 23:57:15 UTC

Import patches-unapplied version 1.2.6+dfsg-6ubuntu3 to ubuntu/hardy

Imported using git-ubuntu import.

Changelog parent: efc1c74e51b695307845399d0e12fd109456ccd0

New changelog entries:
  * debian/rules:
    + unexport CPPFLAGS because configure relies on them being unset
      to pass custom CPPFLAGS to boehm's configure.

Author: Kees Cook
Author Date: 2007-11-30 18:27:56 UTC

Import patches-unapplied version 1.1.17.1-1ubuntu7.2 to ubuntu/edgy-security

Imported using git-ubuntu import.

Changelog parent: 21ed97925f8278b157d2916ddc142e76e1b0b28c

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via integer overflow
  * Add debian/patches/fix_BigInteger_overflow_CVE-2007-5197.dpatch: thanks
    to Mirco Bauer.
  * References
    CVE-2007-5536