Branches for Natty

Author: Micah Gersten
Revision Date: 2012-06-05 01:54:14 UTC

* fix LP: #989184 - Firefox 12's launcher script is not allowed in
  abstractions/ubuntu-browsers; This was a regression from the firefox
  path changing to a non-versioned path in the Firefox 12 packaging
  - add debian/patches/0016-lp989184.patch
  - update debian/patches/series
* fix LP: #990931 - Thunderbird is being blocked by apparmor from Firefox;
  This was a regression from the Thunderbird path changing to a non-versioned
  path in the Thunderbird 12 packaging
  - add debian/patches/0015-lp990931.patch
  - update debian/patches/series

Author: Marc Deslauriers
Revision Date: 2012-06-12 10:26:36 UTC

* Update to 0.7.6 to fix multiple security issues. (LP: #1012132)
  - CVE-2011-3929
  - CVE-2011-3936
  - CVE-2011-3940
  - CVE-2011-3945
  - CVE-2011-3947
  - CVE-2011-3951
  - CVE-2011-3952
  - CVE-2012-0850
  - CVE-2012-0851
  - CVE-2012-0852
  - CVE-2012-0853
  - CVE-2012-0858
  - CVE-2012-0859
  - CVE-2012-0947

Author: Marc Deslauriers
Revision Date: 2012-06-11 07:25:44 UTC

* SECURITY UPDATE: Update to 5.1.63 to fix security issues (LP: #1011371)
  - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-63.html

Author: Marc Deslauriers
Revision Date: 2012-06-11 07:25:44 UTC

* SECURITY UPDATE: Update to 5.1.63 to fix security issues (LP: #1011371)
  - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-63.html

Author: Stéphane Graber
Revision Date: 2012-05-30 10:07:21 UTC

Cherry-pick new pastebin.com.conf file from pastebinit 1.3.1,
this switches to the new pastebin.com API (now mandatory) (LP: #996242)

Author: Marc Deslauriers
Revision Date: 2012-05-29 15:39:24 UTC

* SECURITY UPDATE: MITM via incorrect ssl cert validation (LP: #882062)
  - debian/patches/CVE-2011-4409.patch: use pycurl instead of urllib2 and
    send hostname for validation in ubuntuone/syncdaemon/action_queue.py,
    use correct URL in data/syncdaemon.conf, use pycurl instead of
    urllib2 in tests/syncdaemon/test_action_queue.py.
  - debian/control: bump python-ubuntuone-storageprotocol and
    ubuntu-sso-client dependencies to security updates.
  - CVE-2011-4409

Author: Marc Deslauriers
Revision Date: 2012-05-29 15:34:32 UTC

* SECURITY UPDATE: MITM via incorrect ssl cert validation (LP: #882062)
  - debian/patches/CVE-2011-4409.patch: validate hostname in
    ubuntuone/storageprotocol/context.py, add test to
    tests/test_context.py.
  - CVE-2011-4409

Author: Marc Deslauriers
Revision Date: 2012-01-31 14:01:31 UTC

* SECURITY UPDATE: MITM via incorrect ssl cert validation (LP: #882055)
  - debian/patches/CVE-2011-4408.patch: use pycurl instead of urllib2 in
    ubuntu_sso/account.py,
    ubuntu_sso/credentials.py,
    ubuntu_sso/tests/test_credentials.py,
    ubuntu_sso/utils/curllib.py,
    ubuntu_sso/utils/tests/test_curllib.py.
  - debian/control: add python-pycurl dependency.
  - CVE-2011-4408

Author: Jamie Strandboge
Revision Date: 2012-06-04 08:25:36 UTC

fake sync from Debian

Author: Jamie Strandboge
Revision Date: 2012-06-04 08:25:36 UTC

fake sync from Debian

Author: Marc Deslauriers
Revision Date: 2012-05-31 13:10:34 UTC

* SECURITY UPDATE: Incomplete fix for CVE-2012-0949 (LP: #1004503)
  - DistUpgrade/DistUpgradeApport.py: use a whitelist of files so we
    don't upload system_state archives.
  - tests/test_apport_crash.py: add test.
  - CVE-2012-0950

Author: Stéphane Graber
Revision Date: 2012-05-30 10:07:21 UTC

Cherry-pick new pastebin.com.conf file from pastebinit 1.3.1,
this switches to the new pastebin.com API (now mandatory) (LP: #996242)

Author: Marc Deslauriers
Revision Date: 2012-05-31 13:10:34 UTC

* SECURITY UPDATE: Incomplete fix for CVE-2012-0949 (LP: #1004503)
  - DistUpgrade/DistUpgradeApport.py: use a whitelist of files so we
    don't upload system_state archives.
  - tests/test_apport_crash.py: add test.
  - CVE-2012-0950

Author: Marc Deslauriers
Revision Date: 2012-05-29 15:39:24 UTC

* SECURITY UPDATE: MITM via incorrect ssl cert validation (LP: #882062)
  - debian/patches/CVE-2011-4409.patch: use pycurl instead of urllib2 and
    send hostname for validation in ubuntuone/syncdaemon/action_queue.py,
    use correct URL in data/syncdaemon.conf, use pycurl instead of
    urllib2 in tests/syncdaemon/test_action_queue.py.
  - debian/control: bump python-ubuntuone-storageprotocol and
    ubuntu-sso-client dependencies to security updates.
  - CVE-2011-4409

Author: Marc Deslauriers
Revision Date: 2012-05-29 15:34:32 UTC

* SECURITY UPDATE: MITM via incorrect ssl cert validation (LP: #882062)
  - debian/patches/CVE-2011-4409.patch: validate hostname in
    ubuntuone/storageprotocol/context.py, add test to
    tests/test_context.py.
  - CVE-2011-4409

Author: Ben Howard
Revision Date: 2012-05-25 20:52:08 UTC

If fully qualified domain name is longer than 64 characters, use the
short hostname. (LP: #1004682)

Author: Marc Deslauriers
Revision Date: 2012-05-22 16:52:01 UTC

* SECURITY UPDATE: denial of service via SNMP GET with non-existent
  extension table entry
  - debian/patches/CVE-2012-2141.patch: validate line_idx in
    agent/mibgroup/agent/extend.c.
  - CVE-2012-2141

Author: Marc Deslauriers
Revision Date: 2012-05-22 16:52:01 UTC

* SECURITY UPDATE: denial of service via SNMP GET with non-existent
  extension table entry
  - debian/patches/CVE-2012-2141.patch: validate line_idx in
    agent/mibgroup/agent/extend.c.
  - CVE-2012-2141

Author: Timo Aaltonen
Revision Date: 2011-09-02 11:35:15 UTC

Add another device to the Lenovo blacklist file. (LP: #777212)

Author: Timo Aaltonen
Revision Date: 2011-09-02 11:35:15 UTC

Add another device to the Lenovo blacklist file. (LP: #777212)

Author: Steve Beattie
Revision Date: 2012-05-22 15:25:06 UTC

* SECURITY UPDATE: denial of service attack in DTLS implementation
  - debian/patches/CVE_2012-2333.patch: guard for integer overflow
    before skipping explicit IV
  - CVE-2012-2333
* SECURITY UPDATE: million message attack (MMA) in CMS and PKCS #7
  - debian/patches/CVE-2012-0884.patch: use a random key if RSA
    decryption fails to avoid leaking timing information
  - CVE-2012-0884
* debian/patches/CVE-2012-0884-extra.patch: detect symmetric crypto
  errors in PKCS7_decrypt and initialize tkeylen properly when
  encrypting CMS messages.

Author: Steve Beattie
Revision Date: 2012-05-22 15:25:06 UTC

* SECURITY UPDATE: denial of service attack in DTLS implementation
  - debian/patches/CVE_2012-2333.patch: guard for integer overflow
    before skipping explicit IV
  - CVE-2012-2333
* SECURITY UPDATE: million message attack (MMA) in CMS and PKCS #7
  - debian/patches/CVE-2012-0884.patch: use a random key if RSA
    decryption fails to avoid leaking timing information
  - CVE-2012-0884
* debian/patches/CVE-2012-0884-extra.patch: detect symmetric crypto
  errors in PKCS7_decrypt and initialize tkeylen properly when
  encrypting CMS messages.

Author: Steve Beattie
Revision Date: 2012-05-21 14:09:36 UTC

fake sync from Debian

Author: Steve Beattie
Revision Date: 2012-05-21 14:09:36 UTC

fake sync from Debian

Author: Clint Byrum
Revision Date: 2011-08-24 12:50:11 UTC

d/initramfs/mdadm-functions: Record in /tmp when boot-degraded
question has been asked so that it is only asked once (LP: #820111)
Backported from oneiric, replacing /run with /tmp since neither
/run nor /var/run are available this early in natty's boot.

Author: Clint Byrum
Revision Date: 2011-04-27 15:05:14 UTC

pass --test to mdadm to enable result codes for degraded arrays.
(LP: #761971)

Author: Julian Taylor
Revision Date: 2012-02-28 21:51:06 UTC

* debian/rules: fix dh_shlibdeps call to fill dependencies
  correctly (LP: #863248)
  - dependency on lzo2 required to import tables

Author: Adam Stokes
Revision Date: 2012-05-17 11:05:48 UTC

Do not call global_init when setting thread callbacks (LP: #423252)

Author: Felix Geyer
Revision Date: 2012-05-16 20:59:11 UTC

* SECURITY UPDATE: format string vulnerability (LP: #1000363)
  - otr-plugin.c: patch from upstream
  - CVE-2012-2369

Author: Felix Geyer
Revision Date: 2012-05-16 20:59:11 UTC

* SECURITY UPDATE: format string vulnerability (LP: #1000363)
  - otr-plugin.c: patch from upstream
  - CVE-2012-2369

Author: Jamie Strandboge
Revision Date: 2012-05-17 08:06:07 UTC

* SECURITY UPDATE: XSS in CGI/RestoreFile.pm
  - lib/BackupPC/CGI/RestoreFile.pm: update to escape share and backup
    number
  - CVE-2011-5081

Author: Jamie Strandboge
Revision Date: 2012-05-17 08:06:07 UTC

* SECURITY UPDATE: XSS in CGI/RestoreFile.pm
  - lib/BackupPC/CGI/RestoreFile.pm: update to escape share and backup
    number
  - CVE-2011-5081

Author: Tyler Hicks
Revision Date: 2012-05-15 23:28:04 UTC

* SECURITY UPDATE: Properly handle multiple netmasks in sudoers Host and
  Host_List values
  - debian/patches/CVE-2012-2337.patch: Don't perform IPv6 checks on IPv4
    addresses. Based on upstream patch.
  - CVE-2012-2337

Author: Tyler Hicks
Revision Date: 2012-05-15 23:28:04 UTC

* SECURITY UPDATE: Properly handle multiple netmasks in sudoers Host and
  Host_List values
  - debian/patches/CVE-2012-2337.patch: Don't perform IPv6 checks on IPv4
    addresses. Based on upstream patch.
  - CVE-2012-2337

Author: Julian Taylor
Revision Date: 2012-05-15 18:17:05 UTC

update debian/patches/CVE-2012-2085.dpatch:
fixes regression from 0.13.4-3ubuntu2.1: (LP: #999629)
execution of external commands broke by missing backport of
ThreadInterface

Author: Julian Taylor
Revision Date: 2012-05-15 18:17:05 UTC

update debian/patches/CVE-2012-2085.dpatch:
fixes regression from 0.13.4-3ubuntu2.1: (LP: #999629)
execution of external commands broke by missing backport of
ThreadInterface

Author: Marc Deslauriers
Revision Date: 2012-05-05 18:41:01 UTC

* SECURITY UPDATE: Update to 0.99.20.1 to fix multiple security issues.
  (LP: #994169)
  - Denial of service via short Link State Update packet
  - Denial of service via short network-LSA link-state advertisement
  - Denial of service via malformed Four-octet AS Number Capability
  - CVE-2012-0249
  - CVE-2012-0250
  - CVE-2012-0255
* debian/control, debian/rules: Remove quagga-dbg package for Natty.
* debian/patches/99_bgpd-fix-memory-leak-for-extra-attributes.diff:
  added fix for a bgpd memory leak related to extra attributes. Thanks to
  Debian for the regression fix.

Author: Julian Taylor
Revision Date: 2012-04-30 19:57:13 UTC

* SECURITY UPDATE: local privilege escalation (LP: #979221)
  - debian/patches/36-fix_local_privilege_escalation.patch: sanitize
    config properties. Thanks to David Paleino <dapal@debian.org>
  - CVE-2012-2095
* SECURITY UPDATE: information leak in log files (LP: #992177)
  - debian/patches/37-mask-sensitive-info-from-log.patch: mask sensitive
    information in logs. Thanks to David Paleino <dapal@debian.org>
  - CVE-2012-0813

Author: Julian Taylor
Revision Date: 2012-04-30 19:57:13 UTC

* SECURITY UPDATE: local privilege escalation (LP: #979221)
  - debian/patches/36-fix_local_privilege_escalation.patch: sanitize
    config properties. Thanks to David Paleino <dapal@debian.org>
  - CVE-2012-2095
* SECURITY UPDATE: information leak in log files (LP: #992177)
  - debian/patches/37-mask-sensitive-info-from-log.patch: mask sensitive
    information in logs. Thanks to David Paleino <dapal@debian.org>
  - CVE-2012-0813

Author: Marc Deslauriers
Revision Date: 2012-04-24 14:36:17 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  certain large length values.
  - debian/patches/CVE-2012-1569.diff: return an error when the decoded
    length value plus @len would exceed @der_len in lib/decoding.c.
  - CVE-2012-1569

Author: Marc Deslauriers
Revision Date: 2012-04-24 14:36:17 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  certain large length values.
  - debian/patches/CVE-2012-1569.diff: return an error when the decoded
    length value plus @len would exceed @der_len in lib/decoding.c.
  - CVE-2012-1569

Author: Micah Gersten
Revision Date: 2012-05-02 09:13:03 UTC

Automated backport upload; no source changes.

Author: Stéphane Graber
Revision Date: 2012-05-03 10:16:08 UTC

[4dc53fb] Use retry argument for start-stop-daemon when stopping nrpe,
this fixes cases where restarting nagios-nrpe fails to respawn it.
(LP: #896388)

Author: Marc Deslauriers
Revision Date: 2012-01-25 13:42:23 UTC

* SECURITY UPDATE: denial of service via hash collision and incorrect
  handling of large numbers of parameters and parameter values
  (LP: #909828)
  - debian/patches/0019-CVE-2012-0022.patch: refactor parameter handling
    code in conf/web.xml,
    java/org/apache/catalina/connector/Connector.java,
    java/org/apache/catalina/connector/mbeans-descriptors.xml,
    java/org/apache/catalina/connector/Request.java,
    java/org/apache/catalina/filters/FailedRequestFilter.java,
    java/org/apache/catalina/Globals.java,
    java/org/apache/coyote/Request.java,
    java/org/apache/tomcat/util/buf/B2CConverter.java,
    java/org/apache/tomcat/util/buf/ByteChunk.java,
    java/org/apache/tomcat/util/buf/MessageBytes.java,
    java/org/apache/tomcat/util/buf/StringCache.java,
    java/org/apache/tomcat/util/http/LocalStrings.properties,
    java/org/apache/tomcat/util/http/Parameters.java,
    webapps/docs/config/ajp.xml,
    webapps/docs/config/http.xml.
  - CVE-2011-4858
  - CVE-2012-0022

Author: Marc Deslauriers
Revision Date: 2012-01-25 13:42:23 UTC

* SECURITY UPDATE: denial of service via hash collision and incorrect
  handling of large numbers of parameters and parameter values
  (LP: #909828)
  - debian/patches/0019-CVE-2012-0022.patch: refactor parameter handling
    code in conf/web.xml,
    java/org/apache/catalina/connector/Connector.java,
    java/org/apache/catalina/connector/mbeans-descriptors.xml,
    java/org/apache/catalina/connector/Request.java,
    java/org/apache/catalina/filters/FailedRequestFilter.java,
    java/org/apache/catalina/Globals.java,
    java/org/apache/coyote/Request.java,
    java/org/apache/tomcat/util/buf/B2CConverter.java,
    java/org/apache/tomcat/util/buf/ByteChunk.java,
    java/org/apache/tomcat/util/buf/MessageBytes.java,
    java/org/apache/tomcat/util/buf/StringCache.java,
    java/org/apache/tomcat/util/http/LocalStrings.properties,
    java/org/apache/tomcat/util/http/Parameters.java,
    webapps/docs/config/ajp.xml,
    webapps/docs/config/http.xml.
  - CVE-2011-4858
  - CVE-2012-0022

Author: John Rigby
Revision Date: 2011-04-19 20:52:47 UTC

New upstream release U-Boot 2011.04.2.
Feature freeze exception: 2011.03 doesn't boot anymore on
Beagle B5. LP: #760350.

Author: Stéphane Graber
Revision Date: 2012-05-03 10:16:08 UTC

[4dc53fb] Use retry argument for start-stop-daemon when stopping nrpe,
this fixes cases where restarting nagios-nrpe fails to respawn it.
(LP: #896388)

Author: Julian Taylor
Revision Date: 2012-04-30 18:40:28 UTC

000-fix-line-split-error-on-bad-data-from-rebase.diff:
fix crash when bad data from rebase is in the log (LP: #986279)

Author: Marc Deslauriers
Revision Date: 2012-04-23 09:26:54 UTC

* SECURITY UPDATE: denial of service via many hash collisions
  - debian/patches/CVE-2011-4461.patch: limit number of form parameters
    to avoid a DoS in modules/jetty/src/main/java/org/mortbay/jetty/Request.java,
    modules/jetty/src/main/java/org/mortbay/jetty/handler/ContextHandler.java,
    modules/jetty/src/test/java/org/mortbay/jetty/RequestTest.java,
    modules/util/src/main/java/org/mortbay/util/UrlEncoded.java,
    modules/util/src/test/java/org/mortbay/util/URLEncodedTest.java.
  - CVE-2011-4461

Author: Marc Deslauriers
Revision Date: 2012-04-23 09:26:54 UTC

* SECURITY UPDATE: denial of service via many hash collisions
  - debian/patches/CVE-2011-4461.patch: limit number of form parameters
    to avoid a DoS in modules/jetty/src/main/java/org/mortbay/jetty/Request.java,
    modules/jetty/src/main/java/org/mortbay/jetty/handler/ContextHandler.java,
    modules/jetty/src/test/java/org/mortbay/jetty/RequestTest.java,
    modules/util/src/main/java/org/mortbay/util/UrlEncoded.java,
    modules/util/src/test/java/org/mortbay/util/URLEncodedTest.java.
  - CVE-2011-4461

Author: Jamie Strandboge
Revision Date: 2012-04-26 06:43:53 UTC

fake sync from Debian

Author: Jamie Strandboge
Revision Date: 2012-04-26 06:43:53 UTC

fake sync from Debian

Author: Chris Coulson
Revision Date: 2012-03-14 01:12:16 UTC

* Stop installing things in /usr/lib/firefox
  - update debian/rules
  - LP: #987262

Author: Chris Coulson
Revision Date: 2012-03-14 01:12:16 UTC

* Stop installing things in /usr/lib/firefox
  - update debian/rules
  - LP: #987262

Author: Per Ångström
Revision Date: 2012-04-26 10:56:37 UTC

* debian/patches/fix-slow-bzr-start.patch (LP: #988296)
  - Fix slow meld startup on opening complex Bazaar repositories

Author: Per Ångström
Revision Date: 2012-04-26 09:05:16 UTC

* debian/patches/fix-988296.patch
  - Fix slow meld startup on opening complex Bazaar repositories (LP: #988296)

Author: Alberto Milone
Revision Date: 2011-08-19 17:39:19 UTC

* New upstream release:
  - Fixed a bug that caused freezes and crashes when resizing
    windows in KDE 4 with desktop effects enabled using X.Org
    X server version 1.10 or later.
  - Added support for X.Org xserver 1.10 (LP: #741930).
* debian/dkms.conf.in:
  - Prevent DKMS builds with kernels newer than the ones we ship.
* debian/dkms/patches:
  - Drop obsolete patches.
* debian/nvidia-96.postinst.in:
  - Remove slave link to nvidia-smi since the binary does not
    exist.
* debian/nvidia-96.postrm.in:
  - Make sure that all of the libraries are removed in the postrm.
    This should work around cases such as LP: #540143 where some
    misteriously unremoved links cause the directory removal to
    fail.
* debian/nvidia-96.README.Debian.in
  - Update the README with the DKMS OBSOLETE_BY option.
* debian/rules:
  - Do not hardcode the X ABI any more.
  - Remove obsolete instructions from debian/rules
  - Prevent the build from failing when no patches are available.

Author: Stefano Rivera
Revision Date: 2012-04-23 18:40:48 UTC

* Update Ubuntu list from distro-info-data 0.9.
  - Use full dates (add days for future EOL dates of Ubuntu).
  - Add Ubuntu Quantal Quetzal. (LP: #987390)

Author: Tyler Hicks
Revision Date: 2012-04-24 15:49:30 UTC

* SECURITY UPDATE: Authenticated user can take ownership of arbitrary files
  and directories
  - debian/patches/CVE-2012-2111.patch: Remove excessive permissions granted
    in account related Local Security Authority remote procedure calls.
    Based on upstream patch.
  - CVE-2012-2111

Author: Tyler Hicks
Revision Date: 2012-04-24 15:49:30 UTC

* SECURITY UPDATE: Authenticated user can take ownership of arbitrary files
  and directories
  - debian/patches/CVE-2012-2111.patch: Remove excessive permissions granted
    in account related Local Security Authority remote procedure calls.
    Based on upstream patch.
  - CVE-2012-2111

Author: Chris Coulson
Revision Date: 2012-04-17 01:05:56 UTC

* New upstream release v1.4 (LP: #972840)

* Make sure we remove the .bzr folder from the tarball when we build it
  - update debian/rules
* Actually add the get-orig-source target..
* Build with Latest Thunderbird SDK
  - update debian/rules
* Add a proper get-orig-source target which pulls the build system from
  lp:~mozillateam/mozilla-build-system/beta, now that we don't have the old
  build-system.tar.gz from xulrunner
* Drop build_system_dont_link_libxul.diff - this isn't needed in current
  Thunderbird versions, as it ships a libxul.so
* Drop the nspr build-dep and don't build with --with-system-nspr.
  Thunderbird provides this already, and avoids needing to bump nspr
  on older releases just to build enigmail
  - update debian/rules
  - update debian/control
* Add build/unix/elfhack/Makefile to debian/clean. It doesn't get cleaned
  by the build system, and there is a copy in the tree already which
  breaks the build
  - update debian/clean
* Build with --disable-webm and --disable-libjpeg-turbo so we don't need to
  build-depend on yasm. I really do need to clean all of this useless
  junk out of the configure script
  - update debian/rules
* Remove build/pgo/profileserver.py from debian/clean. The new build
  system has a target depending on this
  - update debian/clean
* Drop debian/patches/autoconf.diff, just generate this at build time
* Refresh debian/patches/build_system_dont_link_libxul.diff
* libipc seems to be renamed to libipc-pipe. Fix genxpi and chrome.manifest
  to fix this
  - add debian/patches/ipc-pipe_rename.diff
  - update debian/patches/series
* The makefiles in extensions/enigmail/ipc have an incorrect DEPTH
  attribute. Fix this so that they can find the rest of the build system
  - add debian/patches/makefile_depth.diff
  - update debian/patches/series
* Drop debian/patches/makefile-in-empty-xpcom-fix.diff - fixed in the
  current version
* Don't register a class ID multiple times, as this breaks enigmail entirely
  - add debian/patches/dont_register_cids_multiple_times.diff
  - update debian/patches/series
* Run autoconf2.13 at build time
  - update debian/rules
  - update debian/control
* Add useless mesa-common-dev build-dep, just to satisfy the build system.
  We should just patch this out entirely really, but that's for another upload
  - update debian/control

Author: Colin Watson
Revision Date: 2011-09-23 22:41:35 UTC

* Backport from Debian 0.97-39 (LP: #720558):
  - Support for Xen style xvd[a-z] devices. Thanks Ian Campbell.
    (Closes: #456776)
* Don't use UUIDs for expressing xvd* devices as GRUB drives, as PV-GRUB
  can't handle it.

Author: Colin Watson
Revision Date: 2011-09-23 22:41:35 UTC

* Backport from Debian 0.97-39 (LP: #720558):
  - Support for Xen style xvd[a-z] devices. Thanks Ian Campbell.
    (Closes: #456776)
* Don't use UUIDs for expressing xvd* devices as GRUB drives, as PV-GRUB
  can't handle it.

Author: Stefano Rivera
Revision Date: 2012-04-23 18:40:48 UTC

* Update Ubuntu list from distro-info-data 0.9.
  - Use full dates (add days for future EOL dates of Ubuntu).
  - Add Ubuntu Quantal Quetzal. (LP: #987390)

Author: Chris J Arges
Revision Date: 2012-03-16 11:27:42 UTC

* Resolve issue of not updating map stale status following a successful
  map read - this ensures that automount does not orphan some mounts
  when stopping (LP: #578536):
  - d/patches/01UPSTREAM_autofs-5.0.5-fix-stale-map-read.dpatch:
    Cherry picked commit from upstream to resolve this issue.

Author: Chris Coulson
Revision Date: 2012-04-12 01:07:43 UTC

* New upstream stable release (THUNDERBIRD_11_0_1_BUILD1)

* Update globalmenu-extension to 2.0.3
* Ensure we include locales in the tarball if they are in shipped-locales
  but not in all-locales
  - update debian/build/create-tarball.py
* Always set the update channel - not setting it at build-time on release
  builds breaks the extensions.checkCompatibility pref. The only things
  using it at runtime are nsBlocklistService, Test Pilot (beta + aurora)
  and the about dialog (where the channel is hidden anyway)
  - update debian/rules
  - update debian/thunderbird.install.in
* Fix LP: #898883 - IPC xpcshell tests hang the buildd's. Give all
  xpcshell tests an X display, as plugin-container won't work without one
  - update debian/build/testsuite.mk
* Turn on all IPC xpcshell tests again (only applicable when the testsuite
  is enabled in the future)
  - update debian/build/testsute.mk
* Refresh shipped locales for beta (addition of Armenian and Croatian)
  - refresh debian/config/locales.shipped
  - refresh debian/config/locales.all
  - refresh debian/control
* Fix LP: #915895 - Just set autoDisableScopes to 0. Other distributions
  are already doing this, and we already made this feature pretty much
  useless by allowing extensions in the application directory, so that our
  language packs aren't disabled by default
  - update debian/vendor.js
* Fix LP: #926495 - Add patch based on one from bmo: #691898 to enable
  building on ppc again
  - add debian/patches/fix-build-failure-without-yarr-jit.patch
  - update debian/patches/series
* Fix LP: #926495 - Disable the SPS profiler on unsupported architectures
  - add debian/patches/no-sps-profiler-on-unsupported-archs.patch
  - update debian/patches/series
* Disable more hanging IPC xpcshell tests
  - update debian/build/testsuite.mk
* Drop the maintainer script hooks to remove conffiles that never even existed
  - remove debian/thunderbird.preinst.in
  - update debian/rules
* Update after landing of bmo: #701875 - Rename omni.jar to omni.ja
  - update debian/thunderbird.install.in
* Backport changes to allow per-release/par-arch patches
  - add debian/build/enable-dist-patches.pl
  - update debian/rules
* Don't unconditionally overwrite SourcePackage when reporting bugs with
  the nightly apport hook
  - update debian/apport/source_thunderbird.py.in
* Set "Channel = Unavailable" if channel-prefs.js doesn't contain a
  channel name
  - update debian/apport/source_thunderbird.py.in
* Ensure that create-tarball can handle there not being a locale blacklist
  - update debian/build/create-tarball.py
* Use makedirs to create the local cache directory
  - update debian/build-create-tarball.py
* Drop xpt.py and xpidl from $LIBDIR. xpidl is gone, and xpt.py isn't included
  there in the upstream SDK
  - update debian/thunderbird-dev.links.in
* Move custom scripts to debian/build
  - move debian/get-xpi-id.py to debian/build/get-xpi-id.py
  - move debian/refresh-supported-locales.pl to
     debian/build/refresh-supported-locales.pl
  - move debian/extract-file.py to debian/build/extract-file.py
  - move debian/testsuite.mk to debian/build
  - update debian/rules
* Shrink the default mozconfig right down so that we use mostly upstream
  defaults, rather than overriding them with our own options. It is still
  possible to override them though. We also drop the pkg-config checks in
  debian/rules which allowed a fallback build configuration when dependencies
  aren't satisfied. Really, the build should just fail here rather than
  continuing in some undesirable fallback mode
  - update debian/thunderbird-dev.links.in
  - update debian/mozconfig.in
  - update debian/control.in
  - update debian/rules
* Refresh build-depends, as this hasn't been done for a while:
  - Drop patchutils, libxft-dev, libxinerama-dev, libgnome2-dev, sharutils
    and bzip2. These don't appear to be needed
  - Drop liborbit2-dev - only appears to be required if there is no libidl
  - Add libglib2.0-dev, libext-dev, libfontconfig1-dev and libpango1.0-dev,
    as the configure script checks for these directly
  - Add minimum versions to libgconf2-dev, libgnomevfs2-dev, yasm and
    libgnomeui-dev
  - Specify minimum versions for libnspr4-dev, libcairo2-dev, libsqlite3-dev
    and libnss3-dev when using system versions of those libs
* Introduce a branch config file (debian/config/branch.mk) which holds
  settings which shouldn't be merged between branches (eg, whether
  the crash reporter should be enabled)
  - add debian/config/branch.mk
  - update debian/rules
* Move debian/locales.* to debian/config
  - move debian/locales.shipped => debian/config/locales.shipped
  - move debian/locales.unavail => debian/config/locales.unavail
  - update debian/rules
  - update debian/build/refresh-supported-locales.pl
* Move debian/mozconfig.in to debian/config
* Touch debian/control.in during clean to force a refresh of debian/control,
  so we can check if it is out-of-date and fail if it is
  - update debian/rules
* Drop the mozilla-devscripts dependency. We were only using this for creating
  tarballs anyway. Instead, implement our own get-orig-source target, which
  also fixes some problems we were having
  - update debian/control.in
  - remove debian/moz-rev.sh
  - update debian/rules
  - remove debian/mozclient/mozclient.mk
  - remove debian/mozclient/thunderbird.conf
  - update debian/config/branch.mk
  - add debian/build/create-source
  - add debian/build/get-orig-source.mk
  - remove debian/mozclient/thunderbird-remove.binonly.sh
* Lots of workflow improvements for dealing with language packs:
  - update debian/rules
  - add debian/build/extract-file.py
  - add debian/build/dump-langpack-control-entries.pl
  - update debian/build/refresh-supported-locales.pl
  - add debian/config/locales.all
  - update debian/config/locales.shipped
  - remove debian/config/locales.unavailable
  - update debian/control
  - update debian/build/create-tarball.py
* Turn off the one-time addon selection dialog (LP: #888307)
  - update debian/vendor.js
* Make sure we actually install the crashreporter and apport blacklist file
  for branches which use Breakpad
  - update debian/thunderbird.install.in
* Drop the Mail/News reference in the desktop file - just set the name to
  "Thunderbird Mail". This needs translating for other locales though
  - update debian/thunderbird.desktop.in
* Look in the correct location for the staged langpack xpi's. They moved
  from dist/install to dist/linux-$(DEB_HOST_GNU_CPU)
  - update debian/rules
* Simplify thunderbird-dev.install a bit by installing everything in
  /usr/include/
  - update debian/thunderbird-dev.install.in
* Fix jsreftest failures by setting the correct timezone and locale
  - update debian/testsuite.mk
* Add ${misc:Depends} dependency to transitional language packs
  - update debian/control.langpacks.unavail
* Disable elfhack permanently. It doesn't give us any of the performance
  wins that the official mozilla.org builds get, due to -Wl,-z,relro
  - update debian/rules
  - update debian/mozconfig.in
* Don't error out whilst creating the source package if mozilla-devscripts
  or cdbs aren't installed. This enables us to create source packages
  on machines which don't have these available
  - update debian/rules
  - update debian/mozclient/thunderbird.mk
* Switch to comm-release
  - update debian/mozclient/thunderbird.conf
* Update desktop file translations
  - update debian/thunderbird-trunk.desktop.in
* Drop the profile migrator, as it doesn't really make any sense with the new
  release cycle. Instead, just copy the thunderbird profile (if it exists) to
  thunderbird-trunk (if it doesn't exist)
  - remove debian/migrator/xulapp-profilemigrator
  - update debian/thunderbird.sh.in
  - update debian/thunderbird.install.in
  - update debian/rules
  - update debian/control.in
* Drop patches fixed upstream:
  - remove debian/patches/fix-sdk-bin-install.patch
  - remove debian/patches/series
* xpt_link and xpt_dump have been replaced by xpt.py
  - update debian/thunderbird-dev.install.in
  - update debian/thunderbird-dev.links.in
* Fix LP: #807805 - invalid language packs created because get-xpi-id.py
  exits with "xml.parsers.expat.ExpatError: XML or text declaration not at
  start of entity" exception when the install.rdf starts with empty lines
  - update debian/get-xpi-id.py
* Explicitly specify the mozilla-release repo, as client.py still pulls
  from mozilla-beta
  - update debian/mozclient/thunderbird.conf
* Parse the correct file for the version number
  - update debian/rules
  - update debian/mozclient/thunderbird.conf
* Add transitional ta-lk language pack to pull in thunderbird-locale-ta
  - update debian/control.in
  - refresh debian/control
* Set a Vcs-Bzr URL
  - update debian/control.in
  - refresh debian/control
* Align packaging with firefox:
  - rename debian/apport/blacklist => debian/apport/thunderbird.in
  - rename debian/control => debian/control.in
  - rename debian/thunderbird-dev.install =>
     debian/thunderbird-dev.install.in
  - rename debian/thunderbird-gnome-support.install =>
     debian/thunderbird-gnome-support.install.in
  - rename debian/thunderbird.desktop => debian/thunderbird.desktop.in
  - rename debian/thunderbird.install => debian/thunderbird.install.in
  - rename debian/thunderbird.manpages => debian/thunderbird.manpages.in
  - update debian/apport/thunderbird.in
  - update debian/control.in
  - update debian/rules
  - update debian/thunderbird.sh.in
  - update debian/thunderbird.xml.in
  - update debian/thunderbird-dev.install.in
  - update debian/thunderbird-gnome-support.install
  - update debian/thunderbird.desktop.in
  - update debian/thunderbird.install.in
  - update debian/thunderbird.manpages
  - added debian/thunderbird-dev.links.in
  - added debian/thunderbird-globalmenu.dirs.in
  - added debian/thunderbird-mozsymbols.install.in
  - added debian/thunderbird.dirs.in
  - added debian/thunderbird.links.in
  - added debian/thunderbird.lintian-overrides.in
* Build language packs directly from the thunderbird source
  + Include compare-locales FIREFOX_5_0b1_BUILD1 from
    http://hg.mozilla.org/build/compare-locales. It's needed for merging
    en-US strings with incomplete locales
  + Pull l10n data in to tarball from bzr
    - update debian/mozclient/thunderbird.conf
  + Configure build for creating language packs by configuring with
    "--with-l10n-base="
    - update debian/mozconfig.in
  + Store the list of locales to ship, and provide a way of automatically
    generating that list and the control file entries from the upstream
    source. Also provide a way to blacklist languages. We map languages
    to package names using langpack-o-matic (and also get descriptions
    from there too)
    - update debian/rules
    - add debian/locales.shipped
    - add debian/control.langpacks
    - add debian/control.langpacks.unavail
    - update debian/control
    - add debian/locales.unavailable
    - add debian/refresh-supported-locales.pl
  + Add common-build-indep hook to build the translation xpi's
    - update debian/rules
  + Add common-binary-post-install-indep to install the xpi's in to the correct
      debian packages
    - update debian/rules
    - add debian/get-xpi-id.py
  + When rebuilding debian/control in the clean target, fail the build
    if the control file was out-of-date. This ensures that we don't
    accidentally drop language packs, and forces me to maintain an
    up-to-date control file in bzr
    - update debian/rules
* Rewrite the launcher script to not wrap around the upstream start
  scripts, but start the Thunderbird binary directly. The upstream start
  scripts contain a lot of complexity for dealing with things that we don't
  need to worry about, and are quite slow. Also, add in the hooks for the
  new profile migrator
  - update debian/thunderbird.sh.in
* Replace the old profile migrator. The previous one relied on hard-coded
  values and fragile shell script that isn't really scalable enough
  now that stable Ubuntu releases see new major Thunderbird versions. The
  new profile migrator doesn't require any hard-coded values, and should
  be lower maintenance
  - add debian/migrator/xulapp-profilemigrator
  - remove debian/migrator/main.c
  - update debian/rules
  - update debian/thunderbird.sh.in
  - update debian/control.in
* Build with "make -f client.mk" and using a mozconfig, rather than the
  autoconf/configure/make steps used previously. The client.mk contains the
  sequencing for doing PGO builds
  - add debian/mozconfig.in
  - update debian/rules
* Refreshed patches:
  - update debian/patches/no-dynamic-nss-softokn.patch
  - update debian/patches/unity-globalmenu-build-support.patch
  - update debian/patches/add-syspref-dir.patch
* Support running the Mozilla test suite at build time. Currently, we run
  the following targets: check, jstestbrowser, xpcshell-tests, reftest,
  crashtest and mochitest. Not enabled yet
  - add debian/testsuite.mk
  - update debian/rules
* Don't touch $LIBDIR/.autoreg on install or removal. This has no effect
  with the components registration changes in Gecko >= 2.0
  - update debian/thunderbird.postinst.in
  - remove debian/thunderbird.prerm.in
* Ensure that the files in /etc/thunderbird/profile are cleaned up on
  upgrade
  - update debian/thunderbird.preinst.in
* Drop unneeded patches:
  - drop debian/patches/bz420391_attXXXX_fix_unix_installer.patch (only
    seemed to be needed for static builds)
  - remove bz532198_lp488354_ns_invokebyindex_not_thumb2_safe.patch
    (fixed upstream)
  - remove debian/patches/bz591331_att469858_breakpad_allow_ptrace.patch
    (fixed upstream)
  - remove debian/patches/bzXXX_ftbfs_static_with_system_hunspell.patch
    (not doing static builds now)
  - remove debian/patches/bzXXX_linker_flag_ordering.patch (not doing
    static builds now)
  - remove debian/patches/fix_installdir.patch (not sure what it was
    needed for)
  - remove debian/patches/fix_sdk_install_mimecrypt.patch (fixed upstream)
  - remove debian/patches/lp682742_arm_it_instruction.patch (fixed
    upstream)
  - remove debian/patches/lp_710648_arm_it_instruction_breakpad.patch
    (fixed upstream)
  - remove debian/patches/use-MOZ_APP_LAUNCHER-for-launcher-exec.patch
    (fixed upstream)
  - update debian/patches/series
* Fix LP: #767115 - use a high-res icon for the launcher
  - update debian/thunderbird.links.in

Author: Chris Coulson
Revision Date: 2012-04-17 02:48:27 UTC

* New upstream stable release (CALENDAR_1_3_BUILD1) (LP: #972840)
* Add mozilla/mfbt to tarball
* Refresh debian/patches/01_no_sunbird.patch
* Add some additional mailnews makefiles to the tarball, to make the build
  system not sad anymore
* Add the new python IDL parser to the tarball
  - update debian/rules
* Pull from comm-beta
  - update debian/rules
* Add db/mork/Makefile.in to the tarball
  - update debian/rules
* Pass --mozilla-rev to client.py when creating the tarball
  - update debian/rules
* Include the files containing the mail/suite version numbers in the tarball,
  as they're used to populate the version requirements in the install.rdf
  - update debian/rules
* Strip everything we don't need out of the tarball (Firefox, Thunderbird,
  Seamonkey), leaving just the calendar and build system. This gets the
  tarball down from 85MB to 6MB, which will make those carrier pigeons
  who carry the bits from my house to the archive much, much happier
  - update debian/rules
  - remove debian/remove-binonly.sh
* Add a get-orig-source target
* Build with --disable-tests
  - update debian/rules
* Fix LP: #809757 - FTBFS on armel. Build with --disable-elf-hack, as it's
  basically a noop on Ubuntu anyway
  - update debian/rules
* Bump thunderbird-dev build-dep to 5.0~b1
  - update debian/control
* Build with --disable-webm and --disable-libjpeg-turbo, to avoid needing
  a build-depends on yasm
  - update debian/rules
* Add useless build-dep on mesa-common-dev, it's mandatory to be able to
  configure lightning, even though it doesn't need it
  - update debian/control
* Look for any version of the Thunderbird SDK
  - update debian/rules
* Don't build with --with-system-nspr and --with-system-nss - thunderbird
  doesn't use these, so we just get everything from the SDK
  - update debian/rules
* Build with --enable-chrome-format=jar. The calendar build.mk should
  probably specify a default here
  - update debian/rules
* Build with --enable-libxul to force JS_SHARED_LIBRARY=0 and stop some
  makefile targets depending on a shared libmozjs
  - update debian/rules

Author: Steve Langasek
Revision Date: 2012-04-13 22:07:25 UTC

Only try to move links in /etc/rc{0,6}.d that match "S0*". LP: #941867.

Author: Steve Beattie
Revision Date: 2012-04-16 10:51:24 UTC

fake sync from Debian (LP: #982509)

Author: Steve Beattie
Revision Date: 2012-04-16 10:51:24 UTC

fake sync from Debian (LP: #982509)

Author: Martin Pitt
Revision Date: 2012-04-16 09:55:53 UTC

Tracking bug: LP: #978884
* Warn on unicode entry into settings UI (LP: #956612).
* Sanitise hostname field in settings UI (LP: #954507).
* Make it clear that the Landscape service is commercial (LP: #965850)
* Further internationalize the settings UI (LP: #962899)
* Depend on python-aptdaemon.gtk3widgets instead of python-aptdaemon and
  replace dependency on python-gobject by python-gi (LP: #961894)
* Add i18n to the landscape-client-ui-install script. (LP: #961891)
* Fix default landscape hostname in glib schema.
* dpkg test improvements to fix intermittent failures.
* If ssl_public_key is supplied, use it also when fetching script
  attachments. This fixes the case of using script execution with
  attachments when the Landscape server is using a custom CA,
  most common in LDS deployments. (LP: #959846)
* Make sure we have a PATH variable set before doing package
  activities, and also set it in the initscript for good measure. If
  the client was configured and restarted by the new UI configuration
  tool, PATH wasn't set, triggering an error in dpkg. (LP: #961190)
* Make landscape-client-ui depend on landscape-client-ui-install, so
  that we get an entry in the system settings if just
  landscape-client-ui is installed. The actual entry comes from
  landscape-client-ui-install.
* Optimization: when adding binaries, don't reload every repo, only the one
  containing the binaries. (LP: #954822)
* Handle the case where the user clicks twice inadvertently on the
  Landscape icon in system settings and don't start a second copy of
  itself. (LP: #960211)
* Change package management features to use APT instead of Smart (LP: #856244,
  #861707, #859615, #861345, #863239, #863259, #865270, #865272, #865285,
  #865273, #871641, #865299, #873196, #873939, #876493, #881973, #882438,
  #866014, #881998, #884142, #884151, #884131, #887037, #886208, #887578,
  #887947, #889067, #889069, #889087, #889099, #865303, #889113, #890605,
  #890606, #890609, #897416, #891855, #898681, #898683, #897656, #898542,
  #862212, #903202, #914734, #914735, #914737, #916301, #915280, #914742,
  #918925, #918175, #919179, #921664, #921699, #922582, #922511, #921712,
  #928750, #932136, #928941, #937411, #937567, #925543, #947803, #952973,
  #948142, #953136, #953906, #956590).
* Add a GTK interface to configure the client (LP: #911279, #911666, #912163,
  #911665, #916300, #931937, #931937, #943622, #945025, #911279, #944652,
  #948464, #948416, #949158, #911671, #950864, #949208, #949147, #953070,
  #953292, #953463, #953034, #949200, #953026, #954499, #954516, #954285,
  #953065, #954414, #954332, #954542, #955966, #955139, #956030, #956119).
* Add the ability to auto discover the server location on local deployment
  (LP: #917422, #927620, #917422, #928585, #929087, #932325, #948564)
* Allow the client to accept arbitrary environment variables from the
  server for script execution (LP: #954999).
* Make landscape-config exit non-zero when registration fails and
  --ok-no-register is not passed (LP: #271759).
* Check for the content of /sys/bus/xen/devices to report a machine as a Xen
  VM instead of just relying on the existence of /sys/bus/xen (LP: #921970).
* Make sure cloud registration succeeds if there is no kernel specified in
  the meta-data service (LP: #920453).
* Report private and public IP adresses from the metadata service at cloud
  registration time (LP: #918366).
* Add support for reporting hardware information using lshw (LP: #899002,
  #943975, #955734).
* Add support for the new attachment service in script execution
  (LP: #893040).
* Adds a new message type, 'register-provisioned-machine', which is meant
  to register computers using an OTP (LP: #881405).
* Add local cloning option for load testing (LP: #872830, #925924).
* Add more variables to preseeding (LP: #863204, #867710).
* Allow the configuration of the ping interval (LP: #397884).
* Add fake package reporters for load testing purposes (LP: #821571,
  #821570).
* Report a package reporter error to the server if no APT sources are
  configured, to trigger a package reporter alert (LP: #823769).

Author: Nobuhiro Iwamatsu
Revision Date: 2010-08-06 01:32:39 UTC

[ Nobuhiro Iwamatsu ]
* Fix typo in cairo-dock-illusion-plugin (Closes: #588463, #588449).
[ Youhei SASAKI ]
* Bump Standard Version: 3.9.1
* Separate patches:
  - fix-plugin-version: change Scooby-Do and Network-monitor reqired version
  - fix-lintian-interreter_error: fix dustbin.conf VERSION_DUSTBIN
  - modified_clean_target: exclude clean_target for data/*.conf

Author: Serge Hallyn
Revision Date: 2012-03-28 13:58:23 UTC

* lxcguest.lxcguest.upstart: emit the net-device-up IFACE=lo event, so
  that any upstart jobs waiting on it (esp rc-sysinit before oneiric) will
  proceed. (LP: #924337)
* debian/rules: install lxcguest.lxcguest.upstart (as it was not in the
  natty package before)

Author: Micah Gersten
Revision Date: 2012-04-11 21:08:54 UTC

Automated backport upload; no source changes.

Author: Serge Hallyn
Revision Date: 2011-12-14 09:37:48 UTC

add parted to build-depends (LP: #697046)

Author: Serge Hallyn
Revision Date: 2011-11-01 18:00:51 UTC

lxc_controller: use our own unlocpt+grantpt rather than glibc's, which
can't handle opening a pty in a devpts not mounted at /dev/pts.
(LP: #863629)

Author: Jamie Strandboge
Revision Date: 2011-07-26 07:14:53 UTC

* SECURITY UPDATE: integer overflow in virDomainGetVcpus()
  - debian/patches/9031-CVE-2011-2511.patch: use INT_MULTIPLY_OVERFLOW() to
    verify maxinfo * maplen < REMOTE_CPUMAPS_MAX
  - CVE-2011-2511

Author: Surbhi Palande
Revision Date: 2011-03-23 18:28:55 UTC

mdadm udev rule incrementally adds mdadm member when detected. Starting
such an array in degraded mode is possible by mdadm -IRs. Using mdadm -ARs
without stopping the array first does nothing when no mdarray-unassociated
device is available. Using mdadm -IRs to start a previously partially
assembled array through incremental mode. Keeping the mdadm -ARs for
assembling arrays which were for some reason not assembled through
incremental mode (i.e through mdadm's udev rule). (LP: #728435)

Author: Tyler Hicks
Revision Date: 2012-02-21 16:28:51 UTC

* SECURITY UPDATE: Arbitrary code execution and denial of service
  - debian/patches/CVE-2011-0188.patch: Remove cast to prevent memory
    corruption during allocation. Based on upstream patch.
  - CVE-2011-0188
* SECURITY UPDATE: Arbitrary file deletion due to symlink race
  - debian/patches/CVE-2011-1004.patch: Unlink the symlink rather
    than recursively removing everything underneath the symlink
    destination. Based on upstream patch.
  - CVE-2011-1004
* SECURITY UPDATE: Safe level bypass
  - debian/patches/CVE-2011-1005.patch: Remove incorrect string taint
    in exception handling methods. Based on upstream patch.
  - CVE-2011-1005
* SECURITY UPDATE: Predictable random number generation
  - debian/patches/CVE-2011-2686.patch: Reseed the random number
    generator each time a child process is created. Based on upstream
    patch.
  - CVE-2011-2686
* SECURITY UPDATE: Predicatable random number generation
  - debian/patches/CVE-2011-2705.patch: Reseed the random number
    generator with the pid number and the current time to prevent
    predictable random numbers in the case of pid number rollover. Based on
    upstream patch.
  - CVE-2011-2705
* SECURITY UPDATE: Denial of service via crafted hash table keys
  - debian/patches/CVE-2011-4815.patch: Add randomness to the key hashing
    algorithm to prevent predictable results when inserting objects into a
    hash table. Based on upstream patch.
  - CVE-2011-4815

Author: Tyler Hicks
Revision Date: 2012-02-21 16:28:51 UTC

* SECURITY UPDATE: Arbitrary code execution and denial of service
  - debian/patches/CVE-2011-0188.patch: Remove cast to prevent memory
    corruption during allocation. Based on upstream patch.
  - CVE-2011-0188
* SECURITY UPDATE: Arbitrary file deletion due to symlink race
  - debian/patches/CVE-2011-1004.patch: Unlink the symlink rather
    than recursively removing everything underneath the symlink
    destination. Based on upstream patch.
  - CVE-2011-1004
* SECURITY UPDATE: Safe level bypass
  - debian/patches/CVE-2011-1005.patch: Remove incorrect string taint
    in exception handling methods. Based on upstream patch.
  - CVE-2011-1005
* SECURITY UPDATE: Predictable random number generation
  - debian/patches/CVE-2011-2686.patch: Reseed the random number
    generator each time a child process is created. Based on upstream
    patch.
  - CVE-2011-2686
* SECURITY UPDATE: Predicatable random number generation
  - debian/patches/CVE-2011-2705.patch: Reseed the random number
    generator with the pid number and the current time to prevent
    predictable random numbers in the case of pid number rollover. Based on
    upstream patch.
  - CVE-2011-2705
* SECURITY UPDATE: Denial of service via crafted hash table keys
  - debian/patches/CVE-2011-4815.patch: Add randomness to the key hashing
    algorithm to prevent predictable results when inserting objects into a
    hash table. Based on upstream patch.
  - CVE-2011-4815

Author: Marc Deslauriers
Revision Date: 2012-01-25 14:39:39 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  out of bounds access
  - debian/patches/CVE-2011-4599.patch: add bounds checks in
    source/common/uloc.c.
  - CVE-2011-4599

Author: Marc Deslauriers
Revision Date: 2012-01-25 14:39:39 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  out of bounds access
  - debian/patches/CVE-2011-4599.patch: add bounds checks in
    source/common/uloc.c.
  - CVE-2011-4599

Author: Jay Berkenbilt
Revision Date: 2010-11-25 12:51:18 UTC

Apply patch to fix Malayam rendering. (Closes: #591615)

Author: Tyler Hicks
Revision Date: 2011-09-21 17:06:30 UTC

* SECURITY UPDATE: Failure to verify that a server's hostname matches the
  Common Name listed in a certificate when setting up a TLS connection.
  - debian/patches/ubuntu/CVE-2011-1429.patch: Verify the peer's certificate.
  - CVE-2011-1429

Author: Tyler Hicks
Revision Date: 2011-09-21 17:06:30 UTC

* SECURITY UPDATE: Failure to verify that a server's hostname matches the
  Common Name listed in a certificate when setting up a TLS connection.
  - debian/patches/ubuntu/CVE-2011-1429.patch: Verify the peer's certificate.
  - CVE-2011-1429

Author: Marc Deslauriers
Revision Date: 2012-03-27 10:18:29 UTC

* SECURITY UPDATE: Update to 5.1.62 to fix security issues (LP: #965523)
  - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html

Author: Tyler Hicks
Revision Date: 2012-04-04 11:13:02 UTC

* SECURITY UPDATE: Denial of service in client application
  - debian/patches/CVE-2011-4128.patch: Fix buffer bounds check when copying
    session data. Based on upstream patch.
  - CVE-2011-4128
* SECURITY UPDATE: Denial of service via crafted TLS record
  - debian/patches/CVE-2012-1573.patch: Validate the size of a
    GenericBlockCipher structure as it is processed. Based on upstream
    patch.
  - CVE-2012-1573

Author: Aditya V
Revision Date: 2012-04-09 23:00:36 UTC

Change 'precise' to 'natty' in the changelog

Author: Tyler Hicks
Revision Date: 2012-04-04 19:12:50 UTC

fake sync from Debian

Author: Tyler Hicks
Revision Date: 2012-04-04 19:12:50 UTC

fake sync from Debian

Author: Tyler Hicks
Revision Date: 2012-04-04 11:13:02 UTC

* SECURITY UPDATE: Denial of service in client application
  - debian/patches/CVE-2011-4128.patch: Fix buffer bounds check when copying
    session data. Based on upstream patch.
  - CVE-2011-4128
* SECURITY UPDATE: Denial of service via crafted TLS record
  - debian/patches/CVE-2012-1573.patch: Validate the size of a
    GenericBlockCipher structure as it is processed. Based on upstream
    patch.
  - CVE-2012-1573

Author: piwacet
Revision Date: 2011-09-13 22:41:05 UTC

debian/initscripts/etc/init.d/sendsigs: Only omit jobs that
are in the 'start' goal. Those that are destined for 'stop' are
waited on and killed like all other processes. (LP: #616287) Thanks
to Launchpad user "codewarrior".

Author: piwacet
Revision Date: 2011-09-13 22:41:05 UTC

debian/initscripts/etc/init.d/sendsigs: Only omit jobs that
are in the 'start' goal. Those that are destined for 'stop' are
waited on and killed like all other processes. (LP: #616287) Thanks
to Launchpad user "codewarrior".

Author: Steve Langasek
Revision Date: 2011-04-26 21:01:48 UTC

fix up bug number formatting in the changelog

Author: Surbhi Palande
Revision Date: 2011-04-21 09:54:07 UTC

* details/plugin.c: On every key stroke, the "details" plugin in plymouth
  clears only the current line before overwriting it with the password
  prompt. If the prompt is multilined then the last line ends up being
  overwritten but the previous lines are repeated. Re-printing only the
  last line of the password prompt on every keystroke. (LP: #566818)
* details/plugin.c: Removed the explicit printing of ':'. Expected to be a
  part of the prompt.

Author: Surbhi Palande
Revision Date: 2011-04-21 09:54:07 UTC

* details/plugin.c: On every key stroke, the "details" plugin in plymouth
  clears only the current line before overwriting it with the password
  prompt. If the prompt is multilined then the last line ends up being
  overwritten but the previous lines are repeated. Re-printing only the
  last line of the password prompt on every keystroke. (LP: #566818)
* details/plugin.c: Removed the explicit printing of ':'. Expected to be a
  part of the prompt.

Author: Marc Deslauriers
Revision Date: 2012-04-05 08:40:00 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  memory corruption issue.
  - debian/patches/CVE-2011-3048.patch: correctly restore to previous
    condition in pngset.c.
  - CVE-2011-3048

Author: Marc Deslauriers
Revision Date: 2012-04-05 08:40:00 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  memory corruption issue.
  - debian/patches/CVE-2011-3048.patch: correctly restore to previous
    condition in pngset.c.
  - CVE-2011-3048

Author: Marc Deslauriers
Revision Date: 2012-03-28 13:54:38 UTC

* SECURITY UPDATE: unauthenticated package installation (LP: #959131)
  - debian/patches/04_CVE-2012-0944.patch: properly handle
    unauthenticated packages in aptdaemon/worker.py.
  - CVE-2012-0944

Author: Tyler Hicks
Revision Date: 2012-03-29 01:13:25 UTC

* SECURITY UPDATE: Denial of service via resource exhaustion in nova-api
  - debian/patches/validate_server_name_length.patch: Limit server names
    to a maximum of 255 characters to prevent nova-api log files from
    exhausting storage space. Based on upstream patch.
  - CVE-2012-1585