Branches for Jaunty

Author: Christian Perrier
Revision Date: 2008-02-09 11:41:31 UTC

* Non-maintainer upload.
* Fix encoding in debian/changelog by replacing an improperly
  accented letter. Closes: #453989
* Quote strings in menu file
* Use "Applications" instead of "Apps" in menu file
* Include copyrights in debian/copyright
* Fix FSF address in debian/copyright
* No longer ignore "make clean" errors in debian/rules

Author: Christian Perrier
Revision Date: 2008-11-02 22:07:58 UTC

* Non-maintainer upload.
* Fix pending l10n issues. Debconf translations:
  - Italian. Closes: #502467

Author: Tim Gardner
Revision Date: 2009-03-18 15:45:43 UTC

Moved ath_pci blacklist to /etc/modprobe.d/blacklist-ath_pci.conf
for better jockey support.
-LP: #323830

Author: Andreas Wenning
Revision Date: 2010-07-05 00:45:44 UTC

* SECURITY UPDATE: Two security issues have been discovered in the DCC
  protocol support code of kvirc, a KDE-based next generation IRC client,
  which allow the overwriting of local files through directory traversal
  and the execution of arbitrary code through a format string attack.
  - kubuntu_01_CVE-2010-2451_CVE-2010-2451_DCC_fix.patch
    - Patch based on upstream SVN revision 4317.
  - CVE-2010-2451, CVE-2010-2452:
    - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2451
    - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2452
  - LP: #601702

Author: Andreas Wenning
Revision Date: 2010-07-05 00:45:44 UTC

* SECURITY UPDATE: Two security issues have been discovered in the DCC
  protocol support code of kvirc, a KDE-based next generation IRC client,
  which allow the overwriting of local files through directory traversal
  and the execution of arbitrary code through a format string attack.
  - kubuntu_01_CVE-2010-2451_CVE-2010-2451_DCC_fix.patch
    - Patch based on upstream SVN revision 4317.
  - CVE-2010-2451, CVE-2010-2452:
    - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2451
    - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2452
  - LP: #601702

Author: Marc Deslauriers
Revision Date: 2010-08-16 13:34:47 UTC

* debian/patches/909_sslinsecurerenegotiation-directive.dpatch: once
  openssl gets updated to fix CVE-2009-3555, server renegotiations with
  unpatched clients will fail. This patch adds the ability to revert to
  the previous unsafe behaviour with a new SSLInsecureRenegotiation
  directive. (LP: #616759)
* debian/control: add specific dependency on first openssl version to get
  CVE-2009-3555 fix.

Author: Marc Deslauriers
Revision Date: 2010-08-16 13:34:47 UTC

* debian/patches/909_sslinsecurerenegotiation-directive.dpatch: once
  openssl gets updated to fix CVE-2009-3555, server renegotiations with
  unpatched clients will fail. This patch adds the ability to revert to
  the previous unsafe behaviour with a new SSLInsecureRenegotiation
  directive. (LP: #616759)
* debian/control: add specific dependency on first openssl version to get
  CVE-2009-3555 fix.

Author: Marc Deslauriers
Revision Date: 2009-03-03 19:58:20 UTC

* SECURITY UPDATE: add fix for CVE-2009-0037 back in
  - debian/patches/security_CVE-2009-0037.patch: updated patch to add missing
    section to lib/easy.c
  - CVE-2009-0037

Author: Marc Deslauriers
Revision Date: 2010-08-20 11:01:45 UTC

* SECURITY UPDATE: arbitrary script injection via multiple cross-site
  scripting issues.
  - debian/patches/30006_CVE-2010-2487,2969,2970.patch: properly escape
    strings in MoinMoin/{Page,PageEditor,PageGraphicalEditor}.py,
    MoinMoin/action/*.py.
  - CVE-2010-2487
  - CVE-2010-2969

Author: Marc Deslauriers
Revision Date: 2010-08-20 11:01:45 UTC

* SECURITY UPDATE: arbitrary script injection via multiple cross-site
  scripting issues.
  - debian/patches/30006_CVE-2010-2487,2969,2970.patch: properly escape
    strings in MoinMoin/{Page,PageEditor,PageGraphicalEditor}.py,
    MoinMoin/action/*.py.
  - CVE-2010-2487
  - CVE-2010-2969

Author: Steve Langasek
Revision Date: 2009-04-09 00:20:18 UTC

Demote fckeditor from Recommends to Suggests; the code was
previously embedded in moin, but it was also disabled, so there's no
reason for us to pull this in by default currently.

Author: Fabien Tassin
Revision Date: 2009-01-31 21:13:22 UTC

Revert libdb-dev build dependency change introduced in the
last version, it makes everyhing crash when libdb-dev is
4.7.*. See LP: #323409

Author: Martin Pitt
Revision Date: 2007-05-04 17:22:16 UTC

* Merge to Debian, remaining Ubuntu changes:
  - src/dir.c, src/system.h: make --ignore-file-name-case work.
    (LP #7291, Debian #300258)

Author: Scott James Remnant (Canonical)
Revision Date: 2009-01-12 19:56:57 UTC

* debian/rules: Install udev rules to /lib/udev/rules.d
* debian/preinst: Remove old version if unmodified
* debian/control: Add Breaks to ensure correct version of udev is used.

Author: Santiago Vila
Revision Date: 2008-04-03 09:49:04 UTC

* New upstream release.
* Changed copyright file to refer to the GFDL in common-licenses.

Author: Jamie Strandboge
Revision Date: 2010-04-13 20:49:21 UTC

* SECURITY UPDATE: fix DoS via malformed XML
  - debian/patches/CVE_2009_3720.patch: xmltok_impl.c to not access beyond
    end of input string
  - CVE-2009-3720
* SECURITY UPDATE: fix DoS via malformed UTF-8 sequences
  - debian/patches/CVE_2009_3560.patch: update xmlparse.c to properly
    recognize the end of a token
  - CVE-2009-3560

Author: Jamie Strandboge
Revision Date: 2010-04-13 20:49:21 UTC

* SECURITY UPDATE: fix DoS via malformed XML
  - debian/patches/CVE_2009_3720.patch: xmltok_impl.c to not access beyond
    end of input string
  - CVE-2009-3720
* SECURITY UPDATE: fix DoS via malformed UTF-8 sequences
  - debian/patches/CVE_2009_3560.patch: update xmlparse.c to properly
    recognize the end of a token
  - CVE-2009-3560

Author: Jonathan Riddell
Revision Date: 2008-11-05 12:19:46 UTC

* Merge with Debian, remaining change:
 - Add --qt-gui to bootstrap arguments in debian/rules,
   build-dep on libqt4-dev, builds cmake-gui

Author: Sebastien Bacher
Revision Date: 2009-03-17 16:12:58 UTC

New upstream version

Author: Matthias Klose
Revision Date: 2008-08-04 23:55:26 UTC

liblog4j-java: Depend on default-jre-headless as the preferred runtime,
keep the existing alternatives for now.

Author: Steve Langasek
Revision Date: 2009-04-14 13:08:04 UTC

* debian/control: revert the dictionaries-common-dev dep for jaunty.
* debian/*.info-*spell: restore "-d es" option, for compatibility with
  the old dictionaries-common-dev.

Author: Agustin Martin Domingo
Revision Date: 2008-10-01 12:47:30 UTC

* debian/control:
  - Bumped Standards-Version to 3.8.0. No changes required
  - Reorganize Build-Depends-Indep for better readability.
* debian/rules:
  - Use 'prezip -s' instead of explicit 'LC_COLLATE=C sort -u' for
    aspell dict.
  - Use best gzip compression.

Author: Daniel Baumann
Revision Date: 2009-02-05 10:06:00 UTC

* Correcting spelling mistake in rpl8 manpage, thanks to James
  Youngman <jay@gnu.org> (Closes: #474038).
* Updating vcs fields in control file.
* Using patch-stamp rather than patch in rules file.
* Replacing obsolete dh_clean -k with dh_prep.
* Updating rules to current state of the art.
* Updating year in copyright file.
* Using quilt rather than dpatch.
* Prefixing debhelper files with package name.
* Adding patch from Kees Cook <kees@debian.org> to fix wctomb called
  with too small a buffer, patch originally taken from fedora (Closes:
  #497833).

Author: James Westby
Revision Date: 2009-04-21 14:58:49 UTC

* debian/patches/04-consolekit_park.patch:
  - When a session is removed parking is enabled, and then the active
    seat is possibly changed. The intention is that parking is only
    enabled if the active seat is changed in response to the session removal.
    However, there are codepaths where the active seat is not changed,
    but the enable flag isn't removed, meaning that the next time the
    active session changes it may inadvertently park. Forcing the enable
    flag to FALSE after possibly updating the active session when removing
    a session ensures that parking will only occur in response to a session
    removal, and not VT switches.
    - In other words, make VT switching away from X not take two attempts
      sometimes and fix LP: #271962.

Author: James Westby
Revision Date: 2009-04-21 14:58:49 UTC

* debian/patches/04-consolekit_park.patch:
  - When a session is removed parking is enabled, and then the active
    seat is possibly changed. The intention is that parking is only
    enabled if the active seat is changed in response to the session removal.
    However, there are codepaths where the active seat is not changed,
    but the enable flag isn't removed, meaning that the next time the
    active session changes it may inadvertently park. Forcing the enable
    flag to FALSE after possibly updating the active session when removing
    a session ensures that parking will only occur in response to a session
    removal, and not VT switches.
    - In other words, make VT switching away from X not take two attempts
      sometimes and fix LP: #271962.

Author: Martin Pitt
Revision Date: 2009-03-26 10:42:26 UTC

Add 13-work-without-policykit.patch: If PolicyKit cannot be initialized,
just disable support for it, do not fail completely. (LP: #275432)

Author: Daniel Baumann
Revision Date: 2009-01-10 15:03:00 UTC

Adding patch from upstream to fix endian problem
(Closes: #499716, #506337, #507795, #509762).

Author: Daniel Leidert
Revision Date: 2008-11-16 15:28:16 UTC

* debian/presubj: Fixed a small typo.
* debian/patches/02_use_global_papersize_conf.dpatch: Fixed a small typo
  (closes: #495644).
* debian/patches/8162_fo_gentext_for_pubdate.dpatch: Added.
  - gentext should map to pubdate instead of published (closes: #505790).
* debian/patches/00list: Adjusted.

Author: Savvas Radevic
Revision Date: 2008-11-19 14:53:25 UTC

Fixed XSBC-Original-Maintainer field (LP: #297230)

Author: Brian Nelson
Revision Date: 2008-06-24 14:50:59 UTC

* New upstream release
  - Removed the 03_extra_qualification_fix.dpatch,
    05_removedebug_munchlist.dpatch, and 06_add_oo-only_texi.dpatch,
    patches as they've been incorporated upstream
  - debian/patches/04_gcc43_build_fix.dpatch: updated for integrated
    fixes

* Bumped Standards-Version to 3.8.0, no changes necessary

Author: Jamie Strandboge
Revision Date: 2009-08-07 12:42:06 UTC

* SECURITY UPDATE: fix integer overflow in libaprutil
  - debian/patches/020_CVE-2009-2412.patch: adjust apr_rmm_malloc,
    apr_rmm_calloc, apr_rmm_realloc to check for overflow after aligning
    size
  - http://www.apache.org/dist/apr/patches/apr-util-1.x-CVE-2009-2412.patch
  - CVE-2009-2412

Author: Jamie Strandboge
Revision Date: 2009-08-07 12:42:06 UTC

* SECURITY UPDATE: fix integer overflow in libaprutil
  - debian/patches/020_CVE-2009-2412.patch: adjust apr_rmm_malloc,
    apr_rmm_calloc, apr_rmm_realloc to check for overflow after aligning
    size
  - http://www.apache.org/dist/apr/patches/apr-util-1.x-CVE-2009-2412.patch
  - CVE-2009-2412

Author: Stefan Fritsch
Revision Date: 2008-08-20 22:29:26 UTC

[ Ryan Niebur ]
* Upgraded to policy version 3.8.0
  - Reference the copyright in common-licenses instead of including it
  - support for noopt in DEB_BUILD_OPTIONS
  - Added a README.source
  - added support for parallel in DEB_BUILD_OPTIONS
* Dropped the XS- prefix for the Vcs fields in debian/control
* Made the watch file notice 1.3.x

[ Stefan Fritsch ]
* Bump libmysqlclient dependency to 5.0.51a since 5.0.32 from etch has some
  bugs that can make apache2 hang (closes: #490859).
* Add 'Provides' for the modules that are still included in libaprutil1, but
  will be moved to separate packages with apr-util 1.3.x. This will make
  back-porting packages from lenny+1 to lenny easier.

Author: Ralf Treinen
Revision Date: 2008-05-18 21:59:02 UTC

Upload to unstable for ocaml 3.10.2

Author: Bhavani Shankar
Revision Date: 2008-11-29 20:43:43 UTC

* Merge from debian unstable, remaining changes: (LP: #303463)
  - ifstate is no longer in /etc/network/run, but rather in /var/run/network.

Author: Loïc Minier
Revision Date: 2009-01-28 14:58:11 UTC

Drop input-modules dep for now until the orion5x kernel flavour provides
it; apparently this is needed for the gpio_keys char device which is
checked via /dev/input/by-path/platform-gpio-keys-eventand accessed via
/dev/input/event0; the gpio_keys module is built according to
CONFIG_KEYBOARD_GPIO (which depends on CONFIG_GENERIC_GPIO).

Author: Marc Deslauriers
Revision Date: 2009-10-05 11:42:32 UTC

* SECURITY UPDATE: authorization bypass via ClientNameAlias function
  - lib/BackupPC/CGI/EditConfig.pm: disable ClientNameAlias usage by
    normal users
  - Patch based on:
    http://patch-tracker.debian.org/patch/misc/view/backuppc/3.1.0-7/lib/BackupPC/CGI/EditConfig.pm
  - CVE-2009-3369

Author: Marc Deslauriers
Revision Date: 2009-10-05 11:42:32 UTC

* SECURITY UPDATE: authorization bypass via ClientNameAlias function
  - lib/BackupPC/CGI/EditConfig.pm: disable ClientNameAlias usage by
    normal users
  - Patch based on:
    http://patch-tracker.debian.org/patch/misc/view/backuppc/3.1.0-7/lib/BackupPC/CGI/EditConfig.pm
  - CVE-2009-3369

Author: Martin Pitt
Revision Date: 2008-11-10 15:28:45 UTC

* Merge with Debian unstable; remaining Ubuntu changes:
  - debian/control: Drop nonexisting apache 1 dependencies. (Debian #488656)
  - debian/rules: Don't move /var/lib/backuppc/conf/* (and then delete) to
    /etc/backuppc in rules, upstream is shipping the config files in
    /etc/backuppc themselves. (Debian #488659)
  - debian/backuppc.init, debian/rules, debian/postinst: Do not call init
    script on shutdown and reboot (TearDown) (Debian #488660)
  - debian/control: Drop build dependency to 'par2', it's in universe.
  - configure.pl: Do not test for par2 being available at build time.

Author: Max Bowsher
Revision Date: 2010-12-18 14:31:49 UTC

Rebuild in PPA for jaunty.

Author: Max Bowsher
Revision Date: 2010-12-18 13:56:32 UTC

New upstream release. Closes: #606479

Author: Martin-Éric Racine
Revision Date: 2010-11-09 19:11:05 UTC

Jaunty backport. No change required.

Author: Chris Coulson
Revision Date: 2010-10-05 01:17:22 UTC

* New upstream release v2.0.9 (SEAMONKEY_2_0_9_BUILD1)
* SECURITY UPDATE:
  - http://www.mozilla.org/security/known-vulnerabilities/seamonkey20.html#seamonkey2.0.9

* Bump minimum system NSS to 3.12.8 after landing of (bmo: 600104) aka
  Bump minimum required version for system NSS to 3.12.8
  - update debian/rules
* Bump minimum system NSPR to 4.8.6 after landing of (bmo: 567620) aka
  Bump minimum required version for system NSPR to 4.8.6
  - update debian/rules
* Fix LP: #646632 - No dictionaries present in Seamonkey. Ship a
  symlink to the system dictionaries
  - update debian/rules
  - update debian/seamonkey-browser.install
* Fix LP: #643047 - Don't touch $LIBDIR/.autoreg from the seamonkey
  postinst script. The seamonkey package is just a meta-package, and
  the file is shipped by seamonkey-browser. Changing this ensures that
  seamonkey doesn't fail to configure if there is version skew during
  upgrades, and avoids the need for having tight dependencies
  - update debian/rules
  - remove debian/seamonkey.postinst.in
  - remove debian/seamonkey.prerm.in

Author: Jamie Strandboge
Revision Date: 2010-09-01 16:03:25 UTC

* SECURITY UPDATE: fix to disallow privileged users in guests from accessing
  privileged resources, such as NFS
  - debian/patches/9901-CVE-2010-2242.patch: set iptables masqerading rules
    to use ports 1024-65535
  - CVE-2010-2242

Author: Kees Cook
Revision Date: 2010-10-21 14:31:36 UTC

* SECURITY UPDATE: root escalation via LD_AUDIT DST expansion.
  - debian/patches/any/dst-expansion-fix.diff: upstream fixes.
  - CVE-2010-3847
  - debian/patches/any/disable-ld_audit.diff: turn off LD_AUDIT
    for setuid binaries.

Author: Kees Cook
Revision Date: 2010-10-21 14:31:36 UTC

* SECURITY UPDATE: root escalation via LD_AUDIT DST expansion.
  - debian/patches/any/dst-expansion-fix.diff: upstream fixes.
  - CVE-2010-3847
  - debian/patches/any/disable-ld_audit.diff: turn off LD_AUDIT
    for setuid binaries.

Author: Colin Watson
Revision Date: 2010-10-21 11:37:01 UTC

Automated backport upload; no source changes.

Author: Chris Coulson
Revision Date: 2010-10-13 12:27:52 UTC

* New upstream release v3.6.11 (FIREFOX_3_6_11_BUILD3)
  - see USN-997-1
  - Fixes LP: #589236 and LP: #239952

* Bump minimum system NSS to 3.12.8 after landing of (bmo: 600104) aka
  Bump minimum required version for system NSS to 3.12.8
  - update debian/rules
* Bump minimum system NSPR to 4.8.6 after landing of (bmo: 567620) aka
  Bump minimum required version for system NSPR to 4.8.6
  - update debian/rules
* Bump minimum version of sqlite to 3.7.1 after landing of (bmo: 583611) aka
  Upgrade to SQLite 3.7.1
  - update debian/rules

Author: Krzysztof Klimonda
Revision Date: 2009-10-13 21:59:00 UTC

* SECURITY UPDATE: Certain email addresses/URLs can trigger
  a catastrophic backtracking situation, causing 100% CPU
  and server overload. (LP: #447617, LP: #478328)
  http://www.djangoproject.com/weblog/2009/oct/09/security/
  - Applied upstream changeset 11605
  - CVE-2009-3695

Author: Marc Deslauriers
Revision Date: 2010-10-13 16:35:24 UTC

* SECURITY UPDATE: possible arbitrary code execution via malformed PDF
  - debian/patches/33_security_CVE-2010-3702.patch: properly initialize
    parser in poppler/Gfx.cc.
  - CVE-2010-3702
* SECURITY UPDATE: possible arbitrary code execution via malformed PDF
  - debian/patches/34_security_CVE-2010-3704.patch: make sure code isn't
    < 0 in fofi/FoFiType1.cc.
  - CVE-2010-3704

Author: Marc Deslauriers
Revision Date: 2010-10-13 16:35:24 UTC

* SECURITY UPDATE: possible arbitrary code execution via malformed PDF
  - debian/patches/33_security_CVE-2010-3702.patch: properly initialize
    parser in poppler/Gfx.cc.
  - CVE-2010-3702
* SECURITY UPDATE: possible arbitrary code execution via malformed PDF
  - debian/patches/34_security_CVE-2010-3704.patch: make sure code isn't
    < 0 in fofi/FoFiType1.cc.
  - CVE-2010-3704

Author: Chris Coulson
Revision Date: 2010-10-13 13:22:20 UTC

* New upstream release v1.9.1.14 (FIREFOX_3_5_14_BUILD4)
  - see USN-997-1

* Bump minimum system NSS to 3.12.8 after landing of (bmo: 600104) aka
  Bump minimum required version for system NSS to 3.12.8
  - update debian/rules
* Bump minimum system NSPR to 4.8.6 after landing of (bmo: 567620) aka
  Bump minimum required version for system NSPR to 4.8.6
  - update debian/rules

Author: Chris Coulson
Revision Date: 2010-10-13 13:22:20 UTC

* New upstream release v1.9.1.14 (FIREFOX_3_5_14_BUILD4)
  - see USN-997-1

* Bump minimum system NSS to 3.12.8 after landing of (bmo: 600104) aka
  Bump minimum required version for system NSS to 3.12.8
  - update debian/rules
* Bump minimum system NSPR to 4.8.6 after landing of (bmo: 567620) aka
  Bump minimum required version for system NSPR to 4.8.6
  - update debian/rules

Author: Chris Coulson
Revision Date: 2010-10-13 13:18:12 UTC

* New upstream release v1.9.2.11 (FIREFOX_3_6_11_BUILD3)
  - see USN-997-1

* Drop patch to allow building with system NSPR less than 4.8.6
  - drop debian/patches/fix_build_w_nspr_less_than_486.patch
  - update debian/patches/series
* Bump minimum system NSS to 3.12.8 after landing of (bmo: 600104) aka
  Bump minimum required version for system NSS to 3.12.8
  - update debian/rules
* Bump minimum system NSPR to 4.8.6 after landing of (bmo: 567620) aka
  Bump minimum required version for system NSPR to 4.8.6
  - update debian/rules
* Don't depend on a newer sqlite version
  - add debian/patches/defer_syslib_minversion_bump.patch
  - update debian/patches/series

Author: Chris Coulson
Revision Date: 2010-10-13 13:18:12 UTC

* New upstream release v1.9.2.11 (FIREFOX_3_6_11_BUILD3)
  - see USN-997-1

* Drop patch to allow building with system NSPR less than 4.8.6
  - drop debian/patches/fix_build_w_nspr_less_than_486.patch
  - update debian/patches/series
* Bump minimum system NSS to 3.12.8 after landing of (bmo: 600104) aka
  Bump minimum required version for system NSS to 3.12.8
  - update debian/rules
* Bump minimum system NSPR to 4.8.6 after landing of (bmo: 567620) aka
  Bump minimum required version for system NSPR to 4.8.6
  - update debian/rules
* Don't depend on a newer sqlite version
  - add debian/patches/defer_syslib_minversion_bump.patch
  - update debian/patches/series

Author: Chris Coulson
Revision Date: 2010-10-13 12:27:52 UTC

* New upstream release v3.6.11 (FIREFOX_3_6_11_BUILD3)
  - see USN-997-1
  - Fixes LP: #589236 and LP: #239952

* Bump minimum system NSS to 3.12.8 after landing of (bmo: 600104) aka
  Bump minimum required version for system NSS to 3.12.8
  - update debian/rules
* Bump minimum system NSPR to 4.8.6 after landing of (bmo: 567620) aka
  Bump minimum required version for system NSPR to 4.8.6
  - update debian/rules
* Bump minimum version of sqlite to 3.7.1 after landing of (bmo: 583611) aka
  Upgrade to SQLite 3.7.1
  - update debian/rules

Author: Marc Deslauriers
Revision Date: 2010-10-06 17:50:37 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  unchecked bn_wexpand return values. (LP: #655884)
  - crypto/bn/{bn_mul,bn_div,bn_gf2m}.c, crypto/ec/ec2_smpl.c,
    engines/e_ubsec.c: check return values.
  - http://cvs.openssl.org/chngview?cn=18936
  - http://cvs.openssl.org/chngview?cn=19309
  - CVE-2009-3245
* SECURITY UPDATE: denial of service and possible code execution via
  crafted private key with an invalid prime.
  - ssl/s3_clnt.c: set bn_ctx to NULL after freeing it.
  - http://www.mail-archive.com/openssl-dev@openssl.org/msg28049.html
  - CVE-2010-2939

Author: Gary Lasker
Revision Date: 2010-10-06 16:26:52 UTC

* New upstream release 2010m: (LP: #649348)
  - Asia: No DST in Hong Kong in 1977
  - zone.tab: Remove obsolete association of Vostok Station with
    South Magnetic Pole; add association with Lake Vostok
    (thanks to Petr Machata for finding the problem)

Author: Marc Deslauriers
Revision Date: 2010-09-23 14:30:59 UTC

* SECURITY UPDATE: unprivileged logical volume manipulation with clvmd
  - debian/patches/CVE-2010-2526.patch: revert to using a pathname-based
    socket in order to enforce correct permissions.
  - CVE-2010-2526

Author: Marc Deslauriers
Revision Date: 2010-10-06 17:50:37 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  unchecked bn_wexpand return values. (LP: #655884)
  - crypto/bn/{bn_mul,bn_div,bn_gf2m}.c, crypto/ec/ec2_smpl.c,
    engines/e_ubsec.c: check return values.
  - http://cvs.openssl.org/chngview?cn=18936
  - http://cvs.openssl.org/chngview?cn=19309
  - CVE-2009-3245
* SECURITY UPDATE: denial of service and possible code execution via
  crafted private key with an invalid prime.
  - ssl/s3_clnt.c: set bn_ctx to NULL after freeing it.
  - http://www.mail-archive.com/openssl-dev@openssl.org/msg28049.html
  - CVE-2010-2939

Author: Marc Deslauriers
Revision Date: 2010-09-23 14:30:59 UTC

* SECURITY UPDATE: unprivileged logical volume manipulation with clvmd
  - debian/patches/CVE-2010-2526.patch: revert to using a pathname-based
    socket in order to enforce correct permissions.
  - CVE-2010-2526

Author: Gary Lasker
Revision Date: 2010-10-06 16:26:52 UTC

* New upstream release 2010m: (LP: #649348)
  - Asia: No DST in Hong Kong in 1977
  - zone.tab: Remove obsolete association of Vostok Station with
    South Magnetic Pole; add association with Lake Vostok
    (thanks to Petr Machata for finding the problem)

Author: Chris Coulson
Revision Date: 2010-10-06 14:01:19 UTC

* New upstream release v3.5.14 (FIREFOX_3_5_14_BUILD3)
  - see USN-997-1

Author: Chris Coulson
Revision Date: 2010-10-06 14:01:19 UTC

* New upstream release v3.5.14 (FIREFOX_3_5_14_BUILD3)
  - see USN-997-1

Author: Chris Coulson
Revision Date: 2010-10-05 01:17:22 UTC

* New upstream release v2.0.9 (SEAMONKEY_2_0_9_BUILD1)
* SECURITY UPDATE:
  - http://www.mozilla.org/security/known-vulnerabilities/seamonkey20.html#seamonkey2.0.9

* Bump minimum system NSS to 3.12.8 after landing of (bmo: 600104) aka
  Bump minimum required version for system NSS to 3.12.8
  - update debian/rules
* Bump minimum system NSPR to 4.8.6 after landing of (bmo: 567620) aka
  Bump minimum required version for system NSPR to 4.8.6
  - update debian/rules
* Fix LP: #646632 - No dictionaries present in Seamonkey. Ship a
  symlink to the system dictionaries
  - update debian/rules
  - update debian/seamonkey-browser.install
* Fix LP: #643047 - Don't touch $LIBDIR/.autoreg from the seamonkey
  postinst script. The seamonkey package is just a meta-package, and
  the file is shipped by seamonkey-browser. Changing this ensures that
  seamonkey doesn't fail to configure if there is version skew during
  upgrades, and avoids the need for having tight dependencies
  - update debian/rules
  - remove debian/seamonkey.postinst.in
  - remove debian/seamonkey.prerm.in

Author: Chris Coulson
Revision Date: 2010-10-04 23:31:36 UTC

* New upstream release v3.12.8 (NSS_3_12_8_RTM)
  - Fix browser wildcard certificate validation issue
  - Update root certs
  - Fix SSL deadlocks
* Refresh patches:
  - update debian/patches/38_kbsd.patch
  - update debian/patches/97_SSL_RENEGOTIATE_TRANSITIONAL.patch
* Bump minimum nspr version to 4.8.6
  - update debian/control
* Add new API to symbols file
  - update debian/libnss3-1d.symbols

Author: Chris Coulson
Revision Date: 2010-10-04 23:31:36 UTC

* New upstream release v3.12.8 (NSS_3_12_8_RTM)
  - Fix browser wildcard certificate validation issue
  - Update root certs
  - Fix SSL deadlocks
* Refresh patches:
  - update debian/patches/38_kbsd.patch
  - update debian/patches/97_SSL_RENEGOTIATE_TRANSITIONAL.patch
* Bump minimum nspr version to 4.8.6
  - update debian/control
* Add new API to symbols file
  - update debian/libnss3-1d.symbols

Author: Chris Coulson
Revision Date: 2010-10-04 18:28:01 UTC

* New upstream release v4.8.6
* Refresh patches:
  - update debian/patches/99_configure.patch
* Update symbols file for API addition
  - update debian/libnspr4-0d.symbols

Author: Chris Coulson
Revision Date: 2010-10-04 18:28:01 UTC

* New upstream release v4.8.6
* Refresh patches:
  - update debian/patches/99_configure.patch
* Update symbols file for API addition
  - update debian/libnspr4-0d.symbols

Author: Jamie Strandboge
Revision Date: 2010-10-04 14:48:04 UTC

fake sync from Debian

Author: Jamie Strandboge
Revision Date: 2010-10-04 14:48:04 UTC

fake sync from Debian

Author: Tim Gardner
Revision Date: 2009-03-18 15:45:43 UTC

Moved ath_pci blacklist to /etc/modprobe.d/blacklist-ath_pci.conf
for better jockey support.
-LP: #323830

Author: Hideki Yamane
Revision Date: 2009-03-08 09:43:34 UTC

New upstream release

Author: Michael Vogt
Revision Date: 2009-03-02 10:51:23 UTC

* debian/po/fr.po:
  - updated french translation (closes: #511373)
* debian/po/es.po:
  - added spanish translation (closes: #512213)
* fix crash in rewind_packages (closes: #517510)
* debian/rules:
  - add --install-layout=deb to avoid that the binaries and
    the locales get installed into /usr/local

Author: Ubuntu language pack builders
Revision Date: 2010-06-03 20:27:57 UTC

Initial Release.

Author: Ubuntu language pack builders
Revision Date: 2010-06-03 20:27:57 UTC

Initial Release.

Author: Ubuntu language pack builders
Revision Date: 2010-06-03 20:27:08 UTC

Initial Release.

Author: Ubuntu language pack builders
Revision Date: 2010-06-03 20:27:08 UTC

Initial Release.

Author: Ubuntu language pack builders
Revision Date: 2010-06-03 20:49:49 UTC

Initial Release.

Author: Ubuntu language pack builders
Revision Date: 2010-06-03 20:49:49 UTC

Initial Release.

Author: Ubuntu language pack builders
Revision Date: 2010-06-03 20:56:54 UTC

Initial release.

Author: Ubuntu language pack builders
Revision Date: 2010-06-03 20:56:54 UTC

Initial release.

Author: Ubuntu language pack builders
Revision Date: 2010-06-03 20:13:43 UTC

Initial release.

Author: Ubuntu language pack builders
Revision Date: 2010-06-03 20:13:43 UTC

Initial release.

Author: Ubuntu language pack builders
Revision Date: 2010-06-03 20:56:54 UTC

Initial Release.

Author: Ubuntu language pack builders
Revision Date: 2010-06-03 20:56:54 UTC

Initial Release.

Author: Ubuntu language pack builders
Revision Date: 2010-06-03 20:52:16 UTC

Initial release.

Author: Ubuntu language pack builders
Revision Date: 2010-06-03 20:52:16 UTC

Initial release.

Author: Kees Cook
Revision Date: 2010-10-01 17:42:48 UTC

fake sync from Debian

Author: Ubuntu language pack builders
Revision Date: 2010-06-03 20:12:59 UTC

Initial release.

Author: Ubuntu language pack builders
Revision Date: 2010-06-03 20:12:59 UTC

Initial release.

Author: Ubuntu language pack builders
Revision Date: 2010-06-03 20:18:04 UTC

Initial release.

Author: Ubuntu language pack builders
Revision Date: 2010-06-03 20:18:04 UTC

Initial release.

Author: Ubuntu language pack builders
Revision Date: 2010-06-03 20:18:04 UTC

Initial Release.

Author: Ubuntu language pack builders
Revision Date: 2010-06-03 20:18:04 UTC

Initial Release.

Author: Ubuntu language pack builders
Revision Date: 2010-06-03 20:55:36 UTC

Initial Release.

Author: Ubuntu language pack builders
Revision Date: 2010-06-03 20:55:36 UTC

Initial Release.

Author: Kees Cook
Revision Date: 2010-10-01 17:42:48 UTC

fake sync from Debian

Author: Marc Deslauriers
Revision Date: 2010-09-22 09:59:22 UTC

* SECURITY UPDATE: denial of service via incorrect channel count
  - debian/patches/CVE-2007-6720.patch: use channel count of current
    song in playercode/mplayer.c.
  - CVE-2007-6720
* SECURITY UPDATE: denial of service via XM file
  - debian/patches/CVE-2009-0179.patch: fix file format in
    loaders/load_xm.c, handle error in playercode/mloader.c.
  - CVE-2009-0179
* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via Impulse Tracker and Ultratracker files
  - debian/patches/CVE-2009-3995f.patch: check number of channels in
    loaders/load_ult.c, check volpts in loaders/load_it.c.
  - CVE-2009-3995
  - CVE-2009-3996
* SECURITY UPDATE: incomplete fix for CVE-2009-3995
  - debian/patches/CVE-2010-2546.patch: do further validations in
    loaders/load_it.c.
  - CVE-2010-2546
  - CVE-2010-2971

Author: Marc Deslauriers
Revision Date: 2010-09-22 13:02:35 UTC

* SECURITY UPDATE: denial of service via crafted legacy unicast mDNS
  query packet
  - debian/patches/81_CVE-2009-0758.patch: account for network byte order
    in avahi-core/server.c.
  - CVE-2009-0758
* SECURITY UPDATE: denial of service via invalid DNS packet
  - debian/patches/82_CVE-2010-2244.patch: fail gracefully on corrupt
    packets in avahi-core/socket.c.
  - CVE-2010-2244