Branches for Karmic

Author: Russ Allbery
Revision Date: 2009-07-10 13:57:55 UTC

New upstream release.

Author: Seamus McSpiderman
Revision Date: 2012-05-21 02:47:05 UTC

moved confiles around

Author: Scott James Remnant (Canonical)
Revision Date: 2009-09-27 14:39:39 UTC

Do not test array state for partitions, which won't exist if the
array is inactive and don't have a state to test. LP: #431064.

Author: Bryan McLellan
Revision Date: 2009-12-01 03:33:13 UTC

* Added debian/patches/091125_gc_check.dpatch: Avoid segv on gc run whe
  heap fills up with deferred objects. (LP: #488115)
* Added debian/patches/090812_class_clone_segv.dpatch: avoid segv when an
  object cloned. (LP: #484756)

Author: Bryan McLellan
Revision Date: 2009-12-01 03:33:13 UTC

* Added debian/patches/091125_gc_check.dpatch: Avoid segv on gc run whe
  heap fills up with deferred objects. (LP: #488115)
* Added debian/patches/090812_class_clone_segv.dpatch: avoid segv when an
  object cloned. (LP: #484756)

Author: Loïc Minier
Revision Date: 2009-10-21 14:45:37 UTC

No change rebuild to fix misbuilt binaries on armel.

Author: Steve Beattie
Revision Date: 2011-05-02 09:21:27 UTC

debian/patches/php5-pear-CVE-2011-1144-regression.patch: fix
mkdir parenthesis issue and PEAR::raiseErro typo (LP: #774452)

Author: Robert Ancell
Revision Date: 2010-02-18 10:32:14 UTC

* debian/patches/series:
  - Added missing patch 10_glchess_uci_crash

Author: Robert Ancell
Revision Date: 2010-02-18 10:32:14 UTC

* debian/patches/series:
  - Added missing patch 10_glchess_uci_crash

Author: Robert Ancell
Revision Date: 2009-09-22 09:55:53 UTC

* New upstream release (LP: #434335)
  - glchess: Disable 3D mode after a crash in the 3D renderer (LP: #350850)
  - glchess: Use previous AI for default game (LP: #392972)
  - gtali: Make 24x24 icon look the same as 22x22 icon (LP: #426443)
* debian/*.6:
* debian/*.manpages:
* debian/*.install:
  - Manpages now provided upstream
* debian/gnome-cards-data.install:
  - Obsolete

Author: Jonathan Riddell
Revision Date: 2009-09-15 18:12:02 UTC

New upstream snapshot

Author: Gerrit Pape
Revision Date: 2009-06-29 00:06:59 UTC

[ Anders Kaseorg ]
* Fix manpage formatting: set ASCIIDOC_NO_ROFF instead of
  DOCBOOK_XSL_173 (based on the instructions in Documentation/Makefile)
  and don’t override the internal Makefile variable ASCIIDOC_EXTRA
  (closes: #530693, #521954, #533320).

[ Gerrit Pape ]
* debian/control: Standards-Version: 3.8.2.0.

Author: Steve Beattie
Revision Date: 2010-12-17 14:43:15 UTC

* SECURITY UPDATE: gitweb cross-site scripting vulnerability
  - debian/diff/0034-gitweb-Introduce-esc_attr...diff:
    from upstream: gitweb: do not parrot filenames or other arguments
    given in a request without proper quoting
  - CVE-2010-3906

Author: Steve Beattie
Revision Date: 2010-12-17 14:43:15 UTC

* SECURITY UPDATE: gitweb cross-site scripting vulnerability
  - debian/diff/0034-gitweb-Introduce-esc_attr...diff:
    from upstream: gitweb: do not parrot filenames or other arguments
    given in a request without proper quoting
  - CVE-2010-3906

Author: Colin Watson
Revision Date: 2009-06-24 17:10:18 UTC

* Resynchronise with Debian. Remaining changes:
  - Prefer console-setup to console-common and console-data.
  - debian/console-screen.kbd.sh: Don't run at all if setupcon (from
    console-setup) is present.
  - Add setfont, kbd_mode, and loadkeys to initramfs for console-setup.
  - Use ckbcomp to get the keyboard layout if other data files are not
    available.
  - Depend on console-setup, and remove /etc/init.d/console-screen.kbd.sh;
    we now only support systems using console-setup and so it no longer
    serves a purpose.

Author: Tollef Fog Heen
Revision Date: 2009-03-22 16:09:37 UTC

* Fix up URL in copyright
* Add Japanese debconf template. Closes: #512862
* Rename n[bn].{aff,dic} to n[bn]_NO.{aff,dic}. Closes: #517783, #517784
* Add ${misc:Depends} to Depends to shut up lintian a bit.
* Remove explicit coding of changelog at the end, all changelogs should
  be UTF8 now.
* Bump debhelper compat version to 6.
* Bump Standards-Version to 3.8.1 (no changes needed).

Author: Andrew Starr-Bochicchio
Revision Date: 2009-10-06 18:57:17 UTC

* Update Night Impression to build 90926-1.
 - Uses new Humanity Dark icons.
* Update Hanso to v0.4.4
* debian/control: Depend on humanity-icon-theme.

Author: Loïc Minier
Revision Date: 2009-10-10 10:28:58 UTC

Dust/gtk-2.0/gtkrc: cherry-pick r7 from lp:~dusttheme-dev/dusttheme/0.4
fixing the totem playlist combobox; LP: #424891.

Author: Mark Purcell
Revision Date: 2009-05-03 20:16:46 UTC

* New upstream release
  - (Closes: #526708): "de-Nuernberg out of date"
* Drop obsolete dvb-utils (etch dummy package only)
* Update debian/watch - with pointer to Hg version

Author: Vincent Bernat
Revision Date: 2009-04-20 21:20:07 UTC

* Fix Russian translation, thanks to Alexander Galanin. Closes: #506611.
* Fix a speed issue in createmenu.py when there are too many icons in
  the system. Thanks to Petr Gajdůšek for his help! Closes: #520782.
* Bump Standards-Version to 3.8.1.

Author: Torsten Werner
Revision Date: 2009-02-11 21:50:43 UTC

* New upstream release
* Replace access to /var/lib/otrs directory by symlink in /usr/share/otrs.
  (Closes: #513327)
* Add Japanese debconf translation; thanks to Hideki Yamane. (Closes:
  #512978)

Author: Oleksandr Moskalenko
Revision Date: 2008-04-21 08:48:04 UTC

Added libfontconfig1-dev, libpng12-dev, libice-dev, libsm-dev, libxi-dev,
libxrandr-dev, libxrender-dev to build-depends as qt4 doesn't depend on
them directly anymore (Closes: #477003).

Author: Sergio Talens-Oliag
Revision Date: 2009-04-28 23:23:23 UTC

Fixed the debian/copyright file to make ftpmaster happy.

Author: Bart Martens
Revision Date: 2009-06-16 09:03:15 UTC

* New upstream release.
* debian/copyright: Updated.

Author: Michael Bienia
Revision Date: 2009-05-24 13:12:43 UTC

Fake-sync due to different md5sum of .orig.tar.gz (lp: #374585).

Author: Adam Buchbinder
Revision Date: 2009-06-16 17:31:29 UTC

999_ubuntu_vt-is-UTF8_manpage.patch: Fix manpage to properly document
the --quiet option. (LP: #49031)

Author: Timo Jyrinki
Revision Date: 2009-05-24 11:58:08 UTC

Add FLOSS brand names (Closes: #527097)

Author: Sylvain Beucler
Revision Date: 2008-09-20 20:50:51 UTC

Initial release (Closes: #492760)

Author: Sergio Talens-Oliag
Revision Date: 2009-04-28 23:23:23 UTC

Fixed the debian/copyright file to make ftpmaster happy.

Author: Santiago Garcia Mantinan
Revision Date: 2008-12-28 21:09:28 UTC

New upstream version.

Author: Santiago Garcia Mantinan
Revision Date: 2008-08-13 22:52:53 UTC

New upstream development version.

Author: Rene Engelhard
Revision Date: 2009-05-07 17:16:39 UTC

* rebuild for OOo 3.1
* add conflicts against openoffice.org-commons newer than the basis we
  build against (( >= ${basis-version}.99) )
* stop using Xvfb and rely on the headless mode of OOo/VCL. Makes the build
  not fail on sid due to Xvfb crashing...

Author: Steve Beattie
Revision Date: 2009-10-23 10:11:18 UTC

add replaces/conflicts on older svk (LP: #389633)

Author: Steve Beattie
Revision Date: 2009-10-23 10:11:18 UTC

add replaces/conflicts on older svk (LP: #389633)

Author: Bastian Venthur
Revision Date: 2008-03-26 15:31:13 UTC

* Bumped standards version
* Added Homepage field

Author: Dr. Tobias Quathamer
Revision Date: 2009-03-31 11:29:13 UTC

Initial release (Closes: #461914)

Author: Jamie Strandboge
Revision Date: 2011-04-11 10:19:40 UTC

* SECURITY UPDATE: fix XSS vulnerability in Konqueror's error pages
  - debian/patches/security_03_CVE-2011-1168.diff: upstream patch
  - CVE-2011-1168
  - LP: #743669
* SECURITY UPDATE: fix certificate verification for certificates issued
  against an IP address
  - debian/patches/security_04_CVE-2011-1094.diff: based on upstream patch
  - CVE-2011-1094

Author: Jamie Strandboge
Revision Date: 2011-04-15 09:13:14 UTC

* SECURITY UPDATE: fix directory traversal in kget
  - debian/patches/kubuntu_06_CVE-2010-1000b.diff: more input validation due
    to incomplete fix for CVE-2010-1000
  - CVE-2011-XXXX
  - LP: #757526

Author: Max Bowsher
Revision Date: 2011-08-18 07:03:00 UTC

Merge 2.4.0

Author: Max Bowsher
Revision Date: 2011-08-03 21:59:32 UTC

Merge 8.1.2 into the bzr builddeps PPA karmic branch, as a simple rebuild.

Author: Max Bowsher
Revision Date: 2011-07-31 23:05:55 UTC

Merge r734

Author: Max Bowsher
Revision Date: 2011-07-31 22:48:23 UTC

Merge 1.2.0

Author: Max Bowsher
Revision Date: 2011-07-31 22:42:06 UTC

Merge 0.21

Author: Max Bowsher
Revision Date: 2011-07-17 23:28:38 UTC

Merge 2.3.4

Author: Max Bowsher
Revision Date: 2011-07-16 05:28:05 UTC

Merge 2.4.0

Author: Ara Pulido
Revision Date: 2009-08-04 09:21:40 UTC

[ Ara Pulido ]
* Initial release. (LP: #408951)

[ Iain Lane ]
* Remove recommends on firefox which is unnecessary

Author: Gary Lasker
Revision Date: 2011-04-02 16:48:57 UTC

* New upstream release 2011e: (LP: #747946)
  - africa: Add start and end of DST in 2011 in Morocco.
  - southamerica: For Chile, delay end of DST in 2011 from April 2nd to May 7th

Author: Martin Pitt
Revision Date: 2011-02-01 22:30:52 UTC

* New upstream security/bug fix release: (LP: #711318)
  - Fix buffer overrun in "contrib/intarray"'s input function for the
    query_int type.
    This bug is a security risk since the function's return address
    could be overwritten. Thanks to Apple Inc's security team for
    reporting this issue and supplying the fix. (CVE-2010-4015)
  - Avoid failures when "EXPLAIN" tries to display a simple-form CASE
    expression.
    If the CASE's test expression was a constant, the planner could
    simplify the CASE into a form that confused the expression-display
    code, resulting in "unexpected CASE WHEN clause" errors.
  - Fix assignment to an array slice that is before the existing range
    of subscripts.
    If there was a gap between the newly added subscripts and the first
    pre-existing subscript, the code miscalculated how many entries
    needed to be copied from the old array's null bitmap, potentially
    leading to data corruption or crash.
  - Avoid unexpected conversion overflow in planner for very distant
    date values.
    The date type supports a wider range of dates than can be
    represented by the timestamp types, but the planner assumed it
    could always convert a date to timestamp with impunity.
  - Fix pg_restore's text output for large objects (BLOBs) when
    standard_conforming_strings is on.
    Although restoring directly to a database worked correctly, string
    escaping was incorrect if pg_restore was asked for SQL text output
    and standard_conforming_strings had been enabled in the source
    database.
  - Fix erroneous parsing of tsquery values containing ... &
    !(subexpression) | ... .
    Queries containing this combination of operators were not executed
    correctly. The same error existed in "contrib/intarray"'s query_int
    type and "contrib/ltree"'s ltxtquery type.
  - Fix bug in "contrib/seg"'s GiST picksplit algorithm.
    This could result in considerable inefficiency, though not actually
    incorrect answers, in a GiST index on a seg column. If you have
    such an index, consider "REINDEX"ing it after installing this
    update. (This is identical to the bug that was fixed in
    "contrib/cube" in the previous update.)

Author: Felix Geyer
Revision Date: 2011-01-20 13:02:46 UTC

* SECURITY UPDATE: /etc/mumble-server.ini is world readable. (LP: #704674)
  - debian/mumble-server.postinst: Set permissions of mumble-server.ini to
    0640 and the owner to root:mumble-server.

Author: Felix Geyer
Revision Date: 2011-01-20 13:02:46 UTC

* SECURITY UPDATE: /etc/mumble-server.ini is world readable. (LP: #704674)
  - debian/mumble-server.postinst: Set permissions of mumble-server.ini to
    0640 and the owner to root:mumble-server.

Author: Agostino Russo
Revision Date: 2009-11-03 23:04:53 UTC

debian/initscripts/etc/init.d/umountfs: do not use the -f option when
unmounting WEAK_MTPTS, in the case of bind mounts in particular, that
results in the underlying device being unmounted, LP: #468589

Author: Agostino Russo
Revision Date: 2009-11-03 23:04:53 UTC

debian/initscripts/etc/init.d/umountfs: do not use the -f option when
unmounting WEAK_MTPTS, in the case of bind mounts in particular, that
results in the underlying device being unmounted, LP: #468589

Author: Michael Vogt
Revision Date: 2009-10-19 15:12:44 UTC

* debian/control:
  - Change the upstart dependency to a recommend in sysinit-utils
    because its not a hard dependency. This will fix a dependency
    cycle that causes kubuntu upgrades to fail (LP: ä452090)

Author: Kees Cook
Revision Date: 2009-08-20 17:30:46 UTC

debian/{control,rules}: add and enable hardened build for PIE
(Debian bug 542725).

Author: Andrew Starr-Bochicchio
Revision Date: 2010-01-02 17:07:21 UTC

util.py: Add "lucid" to ubuntu_releases (LP: #476530).

Author: Andrew Starr-Bochicchio
Revision Date: 2010-01-02 17:07:21 UTC

util.py: Add "lucid" to ubuntu_releases (LP: #476530).

Author: Mike Massonnet
Revision Date: 2010-02-19 02:04:05 UTC

debian/patches/gtk-threads.patch: apply two patches from ruby-gnome2 0.19.2
to fix a problem with threads freezing the GTKmain loop (LP: #514899).

Author: Mike Massonnet
Revision Date: 2010-02-19 02:04:05 UTC

debian/patches/gtk-threads.patch: apply two patches from ruby-gnome2 0.19.2
to fix a problem with threads freezing the GTKmain loop (LP: #514899).

Author: Steve Beattie
Revision Date: 2011-05-02 09:21:27 UTC

debian/patches/php5-pear-CVE-2011-1144-regression.patch: fix
mkdir parenthesis issue and PEAR::raiseErro typo (LP: #774452)

Author: Marc Deslauriers
Revision Date: 2011-04-08 10:18:37 UTC

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via malformed data
  - debian/patches/security-CVE-2011-1097.diff: introduce and use
    FLAG_OWNED_BY_US in flist.c, generator.c, log.c, rsync.*.
  - CVE-2011-1097

Author: Marc Deslauriers
Revision Date: 2011-04-08 10:18:37 UTC

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via malformed data
  - debian/patches/security-CVE-2011-1097.diff: introduce and use
    FLAG_OWNED_BY_US in flist.c, generator.c, log.c, rsync.*.
  - CVE-2011-1097

Author: Chuck Short
Revision Date: 2011-04-12 15:15:46 UTC

* debian/control, debian/rules: Add quilt
* debian/patches/fix-landscape-monitor.patch: Fix landscape
  monitoring with gir1.0-gudev-1.0 installed. (LP: #747498)

Author: Micah Gersten
Revision Date: 2011-04-24 13:28:02 UTC

* New upstream release v1.9.1.19 (FIREFOX_3_5_19_BUILD2)
  - see USN-1123-1

Author: Micah Gersten
Revision Date: 2011-04-24 13:28:02 UTC

* New upstream release v1.9.1.19 (FIREFOX_3_5_19_BUILD2)
  - see USN-1123-1

Author: Micah Gersten
Revision Date: 2011-04-22 01:51:42 UTC

* New upstream release v3.6.17 build3 (FIREFOX_3_6_17_BUILD3)
  - see USN-1112-1

* Refresh patch after upstream landing of (bmo: 477724) aka
  avoid pointless shell interpreter hanging around
  - update debian/patches/abrowser_run_mozilla.patch

Author: Micah Gersten
Revision Date: 2011-04-22 01:51:42 UTC

* New upstream release v3.6.17 build3 (FIREFOX_3_6_17_BUILD3)
  - see USN-1112-1

* Refresh patch after upstream landing of (bmo: 477724) aka
  avoid pointless shell interpreter hanging around
  - update debian/patches/abrowser_run_mozilla.patch

Author: Micah Gersten
Revision Date: 2011-04-21 16:56:56 UTC

* New upstream release v1.9.2.17 build3 (FIREFOX_3_6_17_BUILD3)
  - see USN-1112-1
* Drop patch that doesn't actually do anything since the system sqlite is
  so old
  - drop debian/patches/defer_syslib_minversion_bump.patch
  - update debian/patches/series

Author: Micah Gersten
Revision Date: 2011-04-21 16:56:56 UTC

* New upstream release v1.9.2.17 build3 (FIREFOX_3_6_17_BUILD3)
  - see USN-1112-1
* Drop patch that doesn't actually do anything since the system sqlite is
  so old
  - drop debian/patches/defer_syslib_minversion_bump.patch
  - update debian/patches/series

Author: Marc Deslauriers
Revision Date: 2011-04-05 15:02:25 UTC

* SECURITY UPDATE: denial of service via circular reference
  - common/slp_message.c: detect circular reference. Patch thanks to SUSE.
  - CVE-2010-3609

Author: Marc Deslauriers
Revision Date: 2011-04-05 15:02:25 UTC

* SECURITY UPDATE: denial of service via circular reference
  - common/slp_message.c: detect circular reference. Patch thanks to SUSE.
  - CVE-2010-3609

Author: Kees Cook
Revision Date: 2011-04-19 13:06:21 UTC

* SECURITY UPDATE: avoid /proc race conditions when checking privileges
  for pkexec.
  - 10_fix_proc_race.patch
  - CVE-2011-1485

Author: Kees Cook
Revision Date: 2011-04-19 13:06:21 UTC

* SECURITY UPDATE: avoid /proc race conditions when checking privileges
  for pkexec.
  - 10_fix_proc_race.patch
  - CVE-2011-1485

Author: Steve Beattie
Revision Date: 2011-04-12 02:08:26 UTC

* SECURITY UPDATE: Refresh packages to pull in security fixes,
  including:
  - lcms: buffer overflow, CVE-2009-0793 (LP: #700198)
  - openssl: multiple issues, including CVE-2009-3555, CVE-2009-3245,
    and CVE-2010-2939
  - libpango1.0: multiple DoS, possible code execution issues:
    CVE-2010-0421, CVE-2011-0020, CVE-2011-0064
  - libfreetype: multiple DoS, possible code execution issues:
    CVE-2010-3311, CVE-2010-3814, CVE-2010-3855, CVE-2010-1797,
    CVE-2010-2541, CVE-2010-2805, CVE-2010-2806, CVE-2010-2807,
    CVE-2010-2808, CVE-2010-2498, CVE-2010-2499, CVE-2010-2500,
    CVE-2010-2519, CVE-2010-2520, CVE-2010-2527
  - nss: many issues

Author: Steve Beattie
Revision Date: 2011-04-12 02:08:26 UTC

* SECURITY UPDATE: Refresh packages to pull in security fixes,
  including:
  - lcms: buffer overflow, CVE-2009-0793 (LP: #700198)
  - openssl: multiple issues, including CVE-2009-3555, CVE-2009-3245,
    and CVE-2010-2939
  - libpango1.0: multiple DoS, possible code execution issues:
    CVE-2010-0421, CVE-2011-0020, CVE-2011-0064
  - libfreetype: multiple DoS, possible code execution issues:
    CVE-2010-3311, CVE-2010-3814, CVE-2010-3855, CVE-2010-1797,
    CVE-2010-2541, CVE-2010-2805, CVE-2010-2806, CVE-2010-2807,
    CVE-2010-2808, CVE-2010-2498, CVE-2010-2499, CVE-2010-2500,
    CVE-2010-2519, CVE-2010-2520, CVE-2010-2527
  - nss: many issues

Author: Marc Deslauriers
Revision Date: 2011-04-19 09:25:29 UTC

* SECURITY UPDATE: arbitrary code execution via crafted hostname
  - Patch for CVE-2011-0997 was getting reverted during the build
    because of special quilt handling in debian/rules for the ldap
    patches.
  - debian/patches/00list: move CVE-2011-0997 patch before the ldap
    patches, and add comment.
  - CVE-2011-0997

Author: Marc Deslauriers
Revision Date: 2011-04-19 09:25:29 UTC

* SECURITY UPDATE: arbitrary code execution via crafted hostname
  - Patch for CVE-2011-0997 was getting reverted during the build
    because of special quilt handling in debian/rules for the ldap
    patches.
  - debian/patches/00list: move CVE-2011-0997 patch before the ldap
    patches, and add comment.
  - CVE-2011-0997

Author: Marc Deslauriers
Revision Date: 2011-04-15 10:27:41 UTC

* SECURITY UPDATE: man-in-the-middle via plaintext command injection
  - src/smtp/smtp_proto.c, src/smtpd/smtpd.c: discard the contents of the
    stream buffer so there is no pending plaintext.
  - Origin: backported from postfix-2.6-patch09.gz
  - CVE-2011-0411

Author: Kees Cook
Revision Date: 2011-04-18 15:40:41 UTC

* SECURITY UPDATE: kadmind denial of service from freeing of uninitialized
  pointer.
  - src/kadmin/server/{network,schpw}.c: fix, thanks to upstream.
  - CVE-2011-0285
  - MITKRB5-SA-2011-004

Author: Kees Cook
Revision Date: 2011-04-18 15:40:41 UTC

* SECURITY UPDATE: kadmind denial of service from freeing of uninitialized
  pointer.
  - src/kadmin/server/{network,schpw}.c: fix, thanks to upstream.
  - CVE-2011-0285
  - MITKRB5-SA-2011-004

Author: Marc Deslauriers
Revision Date: 2011-04-15 10:27:41 UTC

* SECURITY UPDATE: man-in-the-middle via plaintext command injection
  - src/smtp/smtp_proto.c, src/smtpd/smtpd.c: discard the contents of the
    stream buffer so there is no pending plaintext.
  - Origin: backported from postfix-2.6-patch09.gz
  - CVE-2011-0411

Author: Jamie Strandboge
Revision Date: 2011-04-15 09:13:14 UTC

* SECURITY UPDATE: fix directory traversal in kget
  - debian/patches/kubuntu_06_CVE-2010-1000b.diff: more input validation due
    to incomplete fix for CVE-2010-1000
  - CVE-2011-XXXX
  - LP: #757526

Author: Marc Deslauriers
Revision Date: 2011-04-14 09:39:10 UTC

* SECURITY UPDATE: arbitrary code execution via long attribute value
  - src/atrhandler.c: verify against maximum attribute size.
  - http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004923.html
  - CVE-2010-4531

Author: Marc Deslauriers
Revision Date: 2011-04-14 09:39:10 UTC

* SECURITY UPDATE: arbitrary code execution via long attribute value
  - src/atrhandler.c: verify against maximum attribute size.
  - http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004923.html
  - CVE-2010-4531

Author: Max Bowsher
Revision Date: 2011-04-13 01:50:24 UTC

Merge 0.7.1-1

Author: Max Bowsher
Revision Date: 2011-04-13 00:03:54 UTC

Merge 0.6.0-1

Author: Marc Deslauriers
Revision Date: 2011-04-05 19:09:22 UTC

* SECURITY UPDATE: arbitrary code execution via crafted flic file
  - debian/patches/CVE-2010-3429.patch: add checks to
    libavcodec/flicvideo.c.
  - CVE-2010-3429
* SECURITY UPDATE: arbitrary code execution via crafted wmv file
  (LP: #690169)
  - debian/patches/CVE-2010-3908.patch: properly calculate size in
    libavcodec/utils.c.
  - CVE-2010-3908
* SECURITY UPDATE: denial of service via crafted .ogg file
  - debian/patches/CVE-2010-4704.patch: validate codebook in
    libavcodec/vorbis_dec.c.
  - CVE-2010-4704
* SECURITY UPDATE: denial of service and possible code execution via
  crafted WebM file
  - debian/patches/CVE-2011-0480.patch: check rangebits in
    libavcodec/vorbis_dec.c.
  - CVE-2011-0480
* SECURITY UPDATE: arbitrary code execution via crafted RealMedia file
  (LP: #690169)
  - debian/patches/CVE-2011-0722.patch: set dimensions in
    libavcodec/rv34.c.
  - CVE-2011-0722
* SECURITY UPDATE: denial of service and possible code execution via
  crafted VC1 file (LP: #690169)
  - debian/patches/CVE-2011-0723.patch: fix invalid reads in
    libavcodec/vc1dec.c.
  - CVE-2011-0723
* SECURITY UPDATE: Fix a multitude of security issues
  - debian/patches/CVE-2009-46XX/security-issue03.patch: check stream
    existence before assignment
  - debian/patches/CVE-2009-46XX/security-issue04.patch: check submap
    indexes
  - debian/patches/CVE-2009-46XX/security-issue05.patch: check classbook
    value
  - debian/patches/CVE-2009-46XX/security-issue06.patch: add checks for
    per-packet mode indexes and per-header mode mapping indexes
  - debian/patches/CVE-2009-46XX/security-issue07.patch: check masterbook
    index and subclass book index.
  - debian/patches/CVE-2009-46XX/security-issue08.patch: check
    res_setup->books
  - debian/patches/CVE-2009-46XX/security-issue09.patch: check
    begin/end/partition_size
  - debian/patches/CVE-2009-46XX/security-issue10.patch: check validity
    of channels & samplerate
  - debian/patches/CVE-2009-46XX/security-issue11.patch: fix book_idx
    check
  - debian/patches/CVE-2009-46XX/security-issue12.patch: sanity checks
    for magnitude and angle
  - debian/patches/CVE-2009-46XX/security-issue13.patch: fix = -> == typo
  - debian/patches/CVE-2009-46XX/security-issue14.patch: check dimensions
    against 0 too
  - debian/patches/CVE-2009-46XX/security-issue15.patch: fix
    init_get_bits() buffer size
  - debian/patches/CVE-2009-46XX/security-issue17.patch: make sure that
    all memory allocations succeed
  - debian/patches/CVE-2009-46XX/security-issue18.patch: fix possible
    buffer over-read in vorbis_comment
  - debian/patches/CVE-2009-46XX/security-issue19.patch: set data_size to
    0 to avoid having it uninitialized
  - debian/patches/CVE-2009-46XX/security-issue20.patch: disable parsing
    for ogg streams where no ogg header was found
  - CVE-2009-4632
  - CVE-2009-4633
  - CVE-2009-4634
  - CVE-2009-4635
  - CVE-2009-4637
  - CVE-2009-4639
  - CVE-2009-4640

Author: Marc Deslauriers
Revision Date: 2011-04-05 19:09:22 UTC

* SECURITY UPDATE: arbitrary code execution via crafted flic file
  - debian/patches/CVE-2010-3429.patch: add checks to
    libavcodec/flicvideo.c.
  - CVE-2010-3429
* SECURITY UPDATE: arbitrary code execution via crafted wmv file
  (LP: #690169)
  - debian/patches/CVE-2010-3908.patch: properly calculate size in
    libavcodec/utils.c.
  - CVE-2010-3908
* SECURITY UPDATE: denial of service via crafted .ogg file
  - debian/patches/CVE-2010-4704.patch: validate codebook in
    libavcodec/vorbis_dec.c.
  - CVE-2010-4704
* SECURITY UPDATE: denial of service and possible code execution via
  crafted WebM file
  - debian/patches/CVE-2011-0480.patch: check rangebits in
    libavcodec/vorbis_dec.c.
  - CVE-2011-0480
* SECURITY UPDATE: arbitrary code execution via crafted RealMedia file
  (LP: #690169)
  - debian/patches/CVE-2011-0722.patch: set dimensions in
    libavcodec/rv34.c.
  - CVE-2011-0722
* SECURITY UPDATE: denial of service and possible code execution via
  crafted VC1 file (LP: #690169)
  - debian/patches/CVE-2011-0723.patch: fix invalid reads in
    libavcodec/vc1dec.c.
  - CVE-2011-0723
* SECURITY UPDATE: Fix a multitude of security issues
  - debian/patches/CVE-2009-46XX/security-issue03.patch: check stream
    existence before assignment
  - debian/patches/CVE-2009-46XX/security-issue04.patch: check submap
    indexes
  - debian/patches/CVE-2009-46XX/security-issue05.patch: check classbook
    value
  - debian/patches/CVE-2009-46XX/security-issue06.patch: add checks for
    per-packet mode indexes and per-header mode mapping indexes
  - debian/patches/CVE-2009-46XX/security-issue07.patch: check masterbook
    index and subclass book index.
  - debian/patches/CVE-2009-46XX/security-issue08.patch: check
    res_setup->books
  - debian/patches/CVE-2009-46XX/security-issue09.patch: check
    begin/end/partition_size
  - debian/patches/CVE-2009-46XX/security-issue10.patch: check validity
    of channels & samplerate
  - debian/patches/CVE-2009-46XX/security-issue11.patch: fix book_idx
    check
  - debian/patches/CVE-2009-46XX/security-issue12.patch: sanity checks
    for magnitude and angle
  - debian/patches/CVE-2009-46XX/security-issue13.patch: fix = -> == typo
  - debian/patches/CVE-2009-46XX/security-issue14.patch: check dimensions
    against 0 too
  - debian/patches/CVE-2009-46XX/security-issue15.patch: fix
    init_get_bits() buffer size
  - debian/patches/CVE-2009-46XX/security-issue17.patch: make sure that
    all memory allocations succeed
  - debian/patches/CVE-2009-46XX/security-issue18.patch: fix possible
    buffer over-read in vorbis_comment
  - debian/patches/CVE-2009-46XX/security-issue19.patch: set data_size to
    0 to avoid having it uninitialized
  - debian/patches/CVE-2009-46XX/security-issue20.patch: disable parsing
    for ogg streams where no ogg header was found
  - CVE-2009-4632
  - CVE-2009-4633
  - CVE-2009-4634
  - CVE-2009-4635
  - CVE-2009-4637
  - CVE-2009-4639
  - CVE-2009-4640

Author: Jamie Strandboge
Revision Date: 2011-04-11 10:19:40 UTC

* SECURITY UPDATE: fix XSS vulnerability in Konqueror's error pages
  - debian/patches/security_03_CVE-2011-1168.diff: upstream patch
  - CVE-2011-1168
  - LP: #743669
* SECURITY UPDATE: fix certificate verification for certificates issued
  against an IP address
  - debian/patches/security_04_CVE-2011-1094.diff: based on upstream patch
  - CVE-2011-1094

Author: Steve Beattie
Revision Date: 2011-02-23 09:41:17 UTC

* IcedTea6 1.9.7 release.
  - SECURITY UPDATE:
    + S4421494, CVE-2010-4476: infinite loop while parsing double literal.
    + S6878713, CVE-2010-4469: Hotspot backward jsr heap corruption
    + S6907662, CVE-2010-4465: Swing timer-based security manager bypass
    + S6994263, CVE-2010-4472: Untrusted code allowed to replace
      DSIG/C14N implementation
    + S6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets
    + S6983554, CVE-2010-4450: Launcher incorrect processing of
      empty library path entries
    + S6985453, CVE-2010-4471: Java2D font-related system property leak
    + S6927050, CVE-2010-4470: JAXP untrusted component state manipulation
    + RH677332, CVE-2011-0706: Multiple signers privilege escalation
  - Bug fixes
    + RH676659: Pass -export-dynamic flag to linker using -Wl,
      as option in gcc 4.6+ is broken
    + G344659: Fix issue when building on SPARC
    + Fix latent JAXP bug caused by missing import
* dropped patch due to different fix applied upstream:
  - debian/patches/hotspot-sparc-fix.diff
* debian/patches/hotspot-fix_added_define.patch: added to fix
  redefinition added by patch for S6878713
* Makefile.{am,in}: don't use stage1 build for zerovm, bootstrap
  zerovm instead to compensate for
  http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=631

Author: Steve Beattie
Revision Date: 2011-02-23 09:41:17 UTC

* IcedTea6 1.9.7 release.
  - SECURITY UPDATE:
    + S4421494, CVE-2010-4476: infinite loop while parsing double literal.
    + S6878713, CVE-2010-4469: Hotspot backward jsr heap corruption
    + S6907662, CVE-2010-4465: Swing timer-based security manager bypass
    + S6994263, CVE-2010-4472: Untrusted code allowed to replace
      DSIG/C14N implementation
    + S6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets
    + S6983554, CVE-2010-4450: Launcher incorrect processing of
      empty library path entries
    + S6985453, CVE-2010-4471: Java2D font-related system property leak
    + S6927050, CVE-2010-4470: JAXP untrusted component state manipulation
    + RH677332, CVE-2011-0706: Multiple signers privilege escalation
  - Bug fixes
    + RH676659: Pass -export-dynamic flag to linker using -Wl,
      as option in gcc 4.6+ is broken
    + G344659: Fix issue when building on SPARC
    + Fix latent JAXP bug caused by missing import
* dropped patch due to different fix applied upstream:
  - debian/patches/hotspot-sparc-fix.diff
* debian/patches/hotspot-fix_added_define.patch: added to fix
  redefinition added by patch for S6878713
* Makefile.{am,in}: don't use stage1 build for zerovm, bootstrap
  zerovm instead to compensate for
  http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=631

Author: Matthias Klose
Revision Date: 2009-10-08 12:41:46 UTC

[Matthias Klose]
* On armel and powerpc, build an additional VM using shark in the
  openjdk-6-jre-zero package (java -shark <args>). Requires llvm-2.6.
* Hide the desktop menu entry for WebStart. LP: #222180.
* Don't provide java-virtual-machine anymore.

[Edward Nevill]
* Avoid stack overflows in the arm interpreter.

Author: Scott Kitterman
Revision Date: 2010-12-07 17:28:57 UTC

Automated backport upload; no source changes.

Author: Marc Deslauriers
Revision Date: 2011-02-23 14:50:51 UTC

* SECURITY UPDATE: denial of service via double free in vba processing
  - libclamav/vba_extract.c: set buf to NULL when it gets freed.
  - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=d21fb8d975f8c9688894a8cef4d50d977022e09f
  - CVE-2011-1003

Author: Scott Kitterman
Revision Date: 2009-11-03 22:36:28 UTC

Update Karmic per Clamav microversion release exception (LP: #473707)

Author: Marc Deslauriers
Revision Date: 2011-02-23 14:50:51 UTC

* SECURITY UPDATE: denial of service via double free in vba processing
  - libclamav/vba_extract.c: set buf to NULL when it gets freed.
  - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=d21fb8d975f8c9688894a8cef4d50d977022e09f
  - CVE-2011-1003

Author: Scott Kitterman
Revision Date: 2009-10-24 12:34:00 UTC

[ Scott Kitterman ]
* Apparmor profile fixes (reviewed by Ubuntu Security):
  - Allow clamav-daemon access to the home directory of the user running it
    and update README.Debian to explain the need to adjust the apparmor
    profile for it to scan elsewhere (LP: #450250)
  - Add capability dac_override to clamav-daemon profile to allow
    AllowSupplementaryGroups to work (LP: #433764)
* Cherry pick packaging bug fixes from pkg-clamav git

[ Stephen Gran ]
* Make all references to the milter socket reference the same path
  - b71e1a26bafb0df532df2673fcd1cd53bc6952bd
* Read default file once (LP: #430421)
  - 86b421dac00e49abb8e5907b9e952e33e83b7aec

[ Michael Meskes ]
* Fixed LSB header information. (Closes: #546450) - thanks to Petter
  Reinholdtsen <pere@hungry.com>
  - 3f59d827d1e54ce1efcb7e050c57866ccdfaedae

[ Michael Tautschnig ]
* Remove all remaining files during purge
  - 4132426753b674dd9c622f1c0501703ed987a239

Author: Michael Vogt
Revision Date: 2009-12-03 09:14:04 UTC

* debian/patches/030_from_git_crash_fix_multiscreen.patch:
  - merge commit 24dea72a395071b533dcf66b2eef37b20522cbba to fix
    crash with wobbly windows in a multi screen setup (LP: #491411)

Author: Michael Vogt
Revision Date: 2009-12-03 09:14:04 UTC

* debian/patches/030_from_git_crash_fix_multiscreen.patch:
  - merge commit 24dea72a395071b533dcf66b2eef37b20522cbba to fix
    crash with wobbly windows in a multi screen setup (LP: #491411)

Author: Michael Vogt
Revision Date: 2009-10-20 12:28:25 UTC

* debian/patches/020_fix_focus.patch:
  - give back the focus to the previous focused window (LP: #455900)

Author: Marc Deslauriers
Revision Date: 2011-04-07 13:24:12 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  malformed plugin configuration files
  - debian/patches/06_security_CVE-2010-454x.patch: fix format strings in
    plug-ins/{common/sphere-designer,gfig/gfig-style,
    lighting/lighting-ui}.c.
  - CVE-2010-4540
  - CVE-2010-4541
  - CVE-2010-4542
* SECURITY UPDATE: denial of service and possible code execution via
  malformed PSP image file
  - debian/patches/07_security_CVE-2010-4543.patch: fix buffer overflow
    in plug-ins/common/file-psp.c.
  - CVE-2010-4543