Author: Marc Deslauriers
Revision Date: 2012-07-27 08:06:30 UTC

* Merged from Debian unstable. Remaining changes:
  - Remove the ARMV6 ASM check from configure{,.in}, since our build
    hosts aren't the same architecture as our target, and hardcode
    an arm*-linux-gnueabihf target that enables ARMV6 unconditionally.
  - Don't use single-debian-patch format for Ubuntu, for sanity.

Author: Marc Deslauriers
Revision Date: 2012-07-27 08:06:30 UTC

* Merged from Debian unstable. Remaining changes:
  - Remove the ARMV6 ASM check from configure{,.in}, since our build
    hosts aren't the same architecture as our target, and hardcode
    an arm*-linux-gnueabihf target that enables ARMV6 unconditionally.
  - Don't use single-debian-patch format for Ubuntu, for sanity.

Author: Marc Deslauriers
Revision Date: 2012-07-27 08:06:30 UTC

* Merged from Debian unstable. Remaining changes:
  - Remove the ARMV6 ASM check from configure{,.in}, since our build
    hosts aren't the same architecture as our target, and hardcode
    an arm*-linux-gnueabihf target that enables ARMV6 unconditionally.
  - Don't use single-debian-patch format for Ubuntu, for sanity.

Author: Marc Deslauriers
Revision Date: 2012-07-27 08:06:30 UTC

* Merged from Debian unstable. Remaining changes:
  - Remove the ARMV6 ASM check from configure{,.in}, since our build
    hosts aren't the same architecture as our target, and hardcode
    an arm*-linux-gnueabihf target that enables ARMV6 unconditionally.
  - Don't use single-debian-patch format for Ubuntu, for sanity.

Author: Marc Deslauriers
Revision Date: 2012-07-27 08:06:30 UTC

* Merged from Debian unstable. Remaining changes:
  - Remove the ARMV6 ASM check from configure{,.in}, since our build
    hosts aren't the same architecture as our target, and hardcode
    an arm*-linux-gnueabihf target that enables ARMV6 unconditionally.
  - Don't use single-debian-patch format for Ubuntu, for sanity.

Author: Marc Deslauriers
Revision Date: 2012-07-27 08:06:30 UTC

* Merged from Debian unstable. Remaining changes:
  - Remove the ARMV6 ASM check from configure{,.in}, since our build
    hosts aren't the same architecture as our target, and hardcode
    an arm*-linux-gnueabihf target that enables ARMV6 unconditionally.
  - Don't use single-debian-patch format for Ubuntu, for sanity.

Author: Marc Deslauriers
Revision Date: 2012-07-24 13:32:47 UTC

* SECURITY UPDATE: cross-site scripting vulnerability
  - debian/patches/CVE-2012-3382.patch: properly escape error message in
    mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs.
  - CVE-2012-3382

Author: Marc Deslauriers
Revision Date: 2012-07-24 13:34:56 UTC

* SECURITY UPDATE: cross-site scripting vulnerability
  - mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs: properly
    escape error message.
  - CVE-2012-3382

Author: Marc Deslauriers
Revision Date: 2012-07-24 13:49:00 UTC

* SECURITY UPDATE: cross-site scripting vulnerability
  - debian/patches/CVE-2012-3382.dpatch: properly escape error message in
    mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs.
  - CVE-2012-3382
* SECURITY UPDATE: cross-site scripting vulnerability
  - debian/patches/CVE-2010-1459.dpatch: properly handle
    EnableViewStateMac property in
    mcs/class/System.Web/System.Web.Compilation/PageCompiler.cs,
    mcs/class/System.Web/System.Web.UI/Page.cs,
    mcs/class/System.Web/System.Web.UI/PageParser.cs.
  - CVE-2010-1459

Author: Marc Deslauriers
Revision Date: 2012-07-27 08:06:30 UTC

* Merged from Debian unstable. Remaining changes:
  - Remove the ARMV6 ASM check from configure{,.in}, since our build
    hosts aren't the same architecture as our target, and hardcode
    an arm*-linux-gnueabihf target that enables ARMV6 unconditionally.
  - Don't use single-debian-patch format for Ubuntu, for sanity.

Author: Marc Deslauriers
Revision Date: 2012-07-27 08:06:30 UTC

* Merged from Debian unstable. Remaining changes:
  - Remove the ARMV6 ASM check from configure{,.in}, since our build
    hosts aren't the same architecture as our target, and hardcode
    an arm*-linux-gnueabihf target that enables ARMV6 unconditionally.
  - Don't use single-debian-patch format for Ubuntu, for sanity.

Author: Marc Deslauriers
Revision Date: 2012-07-24 13:29:38 UTC

* SECURITY UPDATE: cross-site scripting vulnerability
  - debian/patches/CVE-2012-3382.patch: properly escape error message in
    mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs.
  - CVE-2012-3382

Author: Marc Deslauriers
Revision Date: 2012-07-24 13:32:47 UTC

* SECURITY UPDATE: cross-site scripting vulnerability
  - debian/patches/CVE-2012-3382.patch: properly escape error message in
    mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs.
  - CVE-2012-3382

Author: Marc Deslauriers
Revision Date: 2012-07-24 13:34:56 UTC

* SECURITY UPDATE: cross-site scripting vulnerability
  - mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs: properly
    escape error message.
  - CVE-2012-3382

Author: Marc Deslauriers
Revision Date: 2012-07-24 13:49:00 UTC

* SECURITY UPDATE: cross-site scripting vulnerability
  - debian/patches/CVE-2012-3382.dpatch: properly escape error message in
    mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs.
  - CVE-2012-3382
* SECURITY UPDATE: cross-site scripting vulnerability
  - debian/patches/CVE-2010-1459.dpatch: properly handle
    EnableViewStateMac property in
    mcs/class/System.Web/System.Web.Compilation/PageCompiler.cs,
    mcs/class/System.Web/System.Web.UI/Page.cs,
    mcs/class/System.Web/System.Web.UI/PageParser.cs.
  - CVE-2010-1459

Author: Marc Deslauriers
Revision Date: 2012-07-24 13:29:38 UTC

* SECURITY UPDATE: cross-site scripting vulnerability
  - debian/patches/CVE-2012-3382.patch: properly escape error message in
    mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs.
  - CVE-2012-3382

Author: Julian Taylor
Revision Date: 2012-06-03 22:46:30 UTC

configure.in: search multiarch paths for libX11 (LP: #1008212)
changes the dllmap in /etc/mono/config to the versioned library

Author: Andrew Mitchell
Revision Date: 2012-04-04 18:08:25 UTC

debian/monodoc-base.postinst: Add '|| true' to the update-monodoc call
so that it doesn't cause upgrades to fail due to the trigger being called
prior to GTK# being upgraded (LP: #972751)

Author: Steve Langasek
Revision Date: 2012-03-23 06:11:04 UTC

releasing version 2.10.8.1-1ubuntu1

Author: Mirco Bauer
Revision Date: 2011-08-25 22:26:08 UTC

[854fa78] Imported Upstream version 2.10.5

Author: Chris Halse Rogers
Revision Date: 2011-04-12 10:49:12 UTC

Drop gluezilla Recommends to Suggests for libmono-webbrowser0.5-cil.
xulrunner, and hence gluezilla, is dropping out of main for Natty.
(LP: #740815)

Author: Stefan Ebner
Revision Date: 2010-09-14 19:25:44 UTC

  * Merge from Debian Unstable, remaining Ubuntu changes:
  + debian/control:
    - Lower mono-debugger Recommends on mono-dbg package to Suggests,
      as mono-debugger is in Universe
    - Lower libmono-firebirdsql1.7-cil Recommends on libmono-cil-dev
      package to Suggests, as libfbclient2 is in Universe

Author: Martin Pitt
Revision Date: 2010-04-22 11:33:07 UTC

debian/control: Reapply dropped change from 1.9.1+dfsg-4ubuntu2 to lower
the "mono-debugger" recommends of mono-dbg to suggests. mono-debugger is
in universe.

Author: Marc Deslauriers
Revision Date: 2009-08-19 14:01:58 UTC

* SECURITY UPDATE: XMLDsig HMAC-based signatures spoofing and
  authentication bypass (LP: #409920)
  - debian/patches/security_CVE-2009-0217.dpatch: Fix HMACOutputLength to
    match XMLDSIG erratum and add stricter checks.
  - CVE-2009-0217

Author: Marc Deslauriers
Revision Date: 2009-08-19 14:45:27 UTC

* SECURITY UPDATE: XMLDsig HMAC-based signatures spoofing and
  authentication bypass (LP: #409920)
  - debian/patches/security_CVE-2009-0217.dpatch: Fix HMACOutputLength to
    match XMLDSIG erratum and add stricter checks.
  - CVE-2009-0217

Author: Marc Deslauriers
Revision Date: 2009-08-19 16:04:59 UTC

* SECURITY UPDATE: Multiple cross-site scripting vulnerabilities in
  the ASP.net class libraries (LP: #282952)
  - debian/patches/security_CVE-2008-3422.dpatch: properly encode and
    escape values in mcs/class/System.Web/System.Web.UI.HtmlControls/
    {HtmlControl,HtmlForm,HtmlInputButton,HtmlInputRadioButton,
    HtmlSelect}.cs, and add tests to mcs/class/System.Web/Test/
    System.Web.UI.HtmlControls/{HtmlImageTest,HtmlInputButtonTest,
    HtmlInputRadioButtonTest,HtmlSelectTest}.cs
  - CVE-2008-3422
* SECURITY UPDATE: CRLF injection vulnerability in Sys.Web (LP: #282952)
  - debian/patches/security_CVE-2008-3906.dpatch: encode headers in
    mcs/class/System.Web/{System.Web/HttpResponseHeader.cs,
    System.Web.Configuration/HttpRuntimeConfig.cs}
  - CVE-2008-3906
* SECURITY UPDATE: XMLDsig HMAC-based signatures spoofing and
  authentication bypass (LP: #409920)
  - debian/patches/security_CVE-2009-0217.dpatch: Fix HMACOutputLength to
    match XMLDSIG erratum and add stricter checks.
  - CVE-2009-0217

Author: Marc Deslauriers
Revision Date: 2009-08-19 14:01:58 UTC

* SECURITY UPDATE: XMLDsig HMAC-based signatures spoofing and
  authentication bypass (LP: #409920)
  - debian/patches/security_CVE-2009-0217.dpatch: Fix HMACOutputLength to
    match XMLDSIG erratum and add stricter checks.
  - CVE-2009-0217

Author: Marc Deslauriers
Revision Date: 2009-08-19 14:45:27 UTC

* SECURITY UPDATE: XMLDsig HMAC-based signatures spoofing and
  authentication bypass (LP: #409920)
  - debian/patches/security_CVE-2009-0217.dpatch: Fix HMACOutputLength to
    match XMLDSIG erratum and add stricter checks.
  - CVE-2009-0217

Author: Marc Deslauriers
Revision Date: 2009-08-19 16:04:59 UTC

* SECURITY UPDATE: Multiple cross-site scripting vulnerabilities in
  the ASP.net class libraries (LP: #282952)
  - debian/patches/security_CVE-2008-3422.dpatch: properly encode and
    escape values in mcs/class/System.Web/System.Web.UI.HtmlControls/
    {HtmlControl,HtmlForm,HtmlInputButton,HtmlInputRadioButton,
    HtmlSelect}.cs, and add tests to mcs/class/System.Web/Test/
    System.Web.UI.HtmlControls/{HtmlImageTest,HtmlInputButtonTest,
    HtmlInputRadioButtonTest,HtmlSelectTest}.cs
  - CVE-2008-3422
* SECURITY UPDATE: CRLF injection vulnerability in Sys.Web (LP: #282952)
  - debian/patches/security_CVE-2008-3906.dpatch: encode headers in
    mcs/class/System.Web/{System.Web/HttpResponseHeader.cs,
    System.Web.Configuration/HttpRuntimeConfig.cs}
  - CVE-2008-3906
* SECURITY UPDATE: XMLDsig HMAC-based signatures spoofing and
  authentication bypass (LP: #409920)
  - debian/patches/security_CVE-2009-0217.dpatch: Fix HMACOutputLength to
    match XMLDSIG erratum and add stricter checks.
  - CVE-2009-0217

Author: Mirco Bauer
Revision Date: 2009-09-07 22:00:21 UTC

* debian/control:
  + Add missing cli:Suggests to libmono-bytefx0.7.6.1-cil and
    libmono-bytefx0.7.6.2-cil.
* debian/rules:
  + Removed mono:upversion and mono:next-version from dh_gencontrol -s
    call as those are unused for arch:any packages.
* debian/patches/fix_metadata_dup.dpatch:
  + Remove duplicate appdomain.h, fixing FTBFS.
    (thanks to Stefan Siegl for the investigation, Closes: #543010)
* debian/patches/fix_CreateDelegate_ArgumentException.dpatch:
  + Fixed ArgumentException in System.Delegate.CreateDelegate() which broke
    IronPython 2.6 Beta 2.

Author: Mirco Bauer
Revision Date: 2009-01-27 00:15:04 UTC

* debian/rules:
  + Pass internal-mono instead of --internal-mono if the debhelper version
    is older than 7.1, as that one doesn't support custom parameters via
    init(). This ensures backwards compatibility with older debhelper
    versions, as found in Ubuntu.
* debian/control:
  + Lowered debhelper build-dep to >= 5.
* debian/dh_clideps
  debian/dh_makeclilibs:
  + Re-synced from cli-common 0.6.0, needed for dh 7.0 backwards
    compatibilty.

Author: Martin Pitt
Revision Date: 2008-10-17 10:25:59 UTC

mono-dbg: Drop Recommends of mono-debugger to Suggests, it and its
dependencies are in universe.

Author: Sebastian Dröge
Revision Date: 2008-03-22 00:57:15 UTC

* debian/rules:
  + unexport CPPFLAGS because configure relies on them being unset
    to pass custom CPPFLAGS to boehm's configure.

Author: Kees Cook
Revision Date: 2007-11-30 10:27:56 UTC

* SECURITY UPDATE: arbitrary code execution via integer overflow
* Add debian/patches/fix_BigInteger_overflow_CVE-2007-5197.dpatch: thanks
  to Mirco Bauer.
* References
  CVE-2007-5536

Author: Kees Cook
Revision Date: 2007-11-30 10:27:56 UTC

* SECURITY UPDATE: arbitrary code execution via integer overflow
* Add debian/patches/fix_BigInteger_overflow_CVE-2007-5197.dpatch: thanks
  to Mirco Bauer.
* References
  CVE-2007-5536

Author: Matthias Klose
Revision Date: 2007-10-05 17:02:25 UTC

Explicitely remove the doc directories on upgrade for the now symlinked
doc directories.

Author: Kees Cook
Revision Date: 2007-11-30 10:27:56 UTC

* SECURITY UPDATE: arbitrary code execution via integer overflow
* Add debian/patches/fix_BigInteger_overflow_CVE-2007-5197.dpatch: thanks
  to Mirco Bauer.
* References
  CVE-2007-5536

Author: Kees Cook
Revision Date: 2007-11-30 10:27:56 UTC

* SECURITY UPDATE: arbitrary code execution via integer overflow
* Add debian/patches/fix_BigInteger_overflow_CVE-2007-5197.dpatch: thanks
  to Mirco Bauer.
* References
  CVE-2007-5536

Author: Sebastian Dröge
Revision Date: 2007-02-27 11:51:26 UTC

* Sync with Debian:
  + debian/control:
    - Add sparc again
    - Update Conflicts/Replaces for Ubuntu
  + debian/control,
    debian/libmono-sqlite1.0-cil.clideps-override,
    debian/libmono-sqlite2.0-cil.clideps-override:
    - Only suggest sqlite, don't depend on it
  + debian/patches/dont_check_proc_self_exe.dpatch:
    - Comment out code that checks /proc/self/exe so that
      mono will function on the Live CD.
* debian/control:
  + Update maintainer field....

Author: Kees Cook
Revision Date: 2007-11-30 10:27:56 UTC

* SECURITY UPDATE: arbitrary code execution via integer overflow
* Add debian/patches/fix_BigInteger_overflow_CVE-2007-5197.dpatch: thanks
  to Mirco Bauer.
* References
  CVE-2007-5536

Author: Kees Cook
Revision Date: 2007-11-30 10:27:56 UTC

* SECURITY UPDATE: arbitrary code execution via integer overflow
* Add debian/patches/fix_BigInteger_overflow_CVE-2007-5197.dpatch: thanks
  to Mirco Bauer.
* References
  CVE-2007-5536

Author: Scott James Remnant (Canonical)
Revision Date: 2006-10-25 11:55:39 UTC

Comment out code that checks /proc/self/exe so that mono will
function on the Live CD.

Author: Kees Cook
Revision Date: 2007-11-30 10:27:56 UTC

* SECURITY UPDATE: arbitrary code execution via integer overflow
* Add debian/patches/fix_BigInteger_overflow_CVE-2007-5197.dpatch: thanks
  to Mirco Bauer.
* References
  CVE-2007-5536

Author: Kees Cook
Revision Date: 2007-11-30 10:27:56 UTC

* SECURITY UPDATE: arbitrary code execution via integer overflow
* Add debian/patches/fix_BigInteger_overflow_CVE-2007-5197.dpatch: thanks
  to Mirco Bauer.
* References
  CVE-2007-5536

Author: Sebastian Dröge
Revision Date: 2006-05-14 15:15:38 UTC

* debian/patches/sqliteclient-ppc.dpatch:
  + LastInsertRowID() returns long, not int for sqlite3.
    Fixes it to not return always 0 on PPC (Ubuntu: 35604)

Author: Sebastian Dröge
Revision Date: 2006-10-03 16:02:40 UTC

* debian/patches/TempFileCollection_race_condition.dpatch:
  + SECURITY: Fix race condition in temporary file creation code.
    This can be used to inject malicious code. [CVE-2006-5072]

Author: Brandon Hale
Revision Date: 2005-09-26 08:47:03 UTC

* 08_io-layer-fixes.dpatch
  - Fix defunct processes, as seen in beagle
* Add mono-classlib-1.0 Conflict on mono-assemblies-base to allow for smoother upgrades from hoary

Author: Ubuntu Archive Auto-Sync
Revision Date: 2005-08-03 17:23:21 UTC

Automated backport upload; no source changes.

Author: Debian Mono Group
Revision Date: 2005-01-30 01:07:36 UTC

* New upstream release
* Mirco 'meebey' Bauer
  + disabled building of .NET 2.0 classlib, because it breaks too much.
    Upstream said it should not be used, even Novell does not ship it.
    This fixes some very strange bugs, all tested against 1.0.5.
    (Closes: #286270, #276464, #287279)
  + cleanups in debian/rules

Author: Debian Mono Group
Revision Date: 2004-08-12 13:46:04 UTC

New upstream (bugfix) release