Branches for Oneiric

Author: Pali
Revision Date: 2011-07-17 09:11:48 UTC

Fixed writing messages to plymouth

Author: Darryl L. Miles
Revision Date: 2015-06-02 17:16:44 UTC

maint/bzr_push.sh Auto copy, commit and push for: control.snapshot (snapshot)

Author: Marc Deslauriers
Revision Date: 2012-10-03 07:02:41 UTC

* REGRESSION FIX: some applications launched with the activation helper
  may need DBUS_STARTER_ADDRESS. (LP: #1058343)
  - debian/patches/CVE-2012-3524-regression-fix.patch: hardcode the
    starter address to the default system bus address.
* REGRESSION FIX: unclean shutdown after dbus upgrade (LP: #740390)
  - debian/libdbus-1-3.postinst: trigger an upstart re-exec before
    shutdown or reboot so that it can safely unmount the root
    filesystem.

Author: Francis Ginther
Revision Date: 2012-09-06 13:26:03 UTC

Update gesture framework patch for new name (LP: #1046058)

Author: Scott Moser
Revision Date: 2011-10-06 17:11:29 UTC

DataSourceEc2: catch a socket timeout when with a slow metadata
service (LP: #869492).

Author: Ben Howard
Revision Date: 2012-03-16 15:44:50 UTC

* add ability to configure Acquire::http::Pipeline-Depth via
  cloud-config setting 'apt_pipelining' (LP: #948461)
* debian/cloud-init.postinst: address population of apt_pipeline
  setting on installation.

Author: Ben Howard
Revision Date: 2012-03-16 15:44:50 UTC

* add ability to configure Acquire::http::Pipeline-Depth via
  cloud-config setting 'apt_pipelining' (LP: #948461)
* debian/cloud-init.postinst: address population of apt_pipeline
  setting on installation.

Author: Matthias Klose
Revision Date: 2011-10-04 17:48:26 UTC

libc6-dev: Don't break the current {gnat,gcj}-4.4-base versons. LP: #853688.

Author: Marc Deslauriers
Revision Date: 2013-03-13 11:32:35 UTC

* SECURITY UPDATE: InRelease verification bypass
  - CVE-2013-1051

[ David Kalnischk ]
[ Michael Vogt ]
* apt-pkg/deb/debmetaindex.cc,
  test/integration/test-bug-595691-empty-and-broken-archive-files,
  test/integration/test-releasefile-verification:
  - disable InRelease downloading until the verification issue is
    fixed, thanks to Ansgar Burchardt for finding the flaw

Author: Michael Terry
Revision Date: 2013-01-11 11:42:00 UTC

* debian/patches/09volcorruption.dpatch:
  - Fix some data-corruption issues when resuming an interrupted
    backup (LP: #1091269)

Author: Russ Allbery
Revision Date: 2011-09-01 18:43:02 UTC

* New upstream stable release.
  - Rx NAT pings are not enabled until peer has answered
  - Numerous fixes to command argument parsing
  - Avoid crashing on host table exhaustion and defer clients instead
  - Rx connection reference counting is enabled
  - An Rx connection reference count leak is fixed in bulkstat
  - Handle unparsable directory objects
  - Handle Kerberos credential cache errors in aklog
* Generate stub header files that include the actual system header when
  building libuafs instead of symlinking h to the appropriate directory.
  Fixes build failures now that Debian has switched to multiarch and
  moved some of the system headers. (Closes: #639063, LP #831287)
* Fix another Doxygen call to generate a configuration file, and remove
  the generated configuration files after Doxygen runs.
* Update CellServDB to the 2011-08-14 release.

Author: Paolo Pisati
Revision Date: 2013-03-01 14:25:01 UTC

* Release Tracking Bug
  - LP: #1137045

[ Paolo Pisati ]

* rebased on Ubuntu-3.0.0-32.50

[ Ubuntu: 3.0.0-32.50 ]

* Release Tracking Bug
  - LP: #1136175
* SAUCE: xen/netback: shutdown the ring if it contains garbage.
  - LP: #1117325
  - CVE-2013-0216
* SAUCE: netback: correct netbk_tx_err to handle wrap around.
  - LP: #1117325
  - CVE-2013-0216
* SAUCE: xen/netback: don't leak pages on failure in
  xen_netbk_tx_check_gop.
  - LP: #1117331
  - CVE-2013-0217
* SAUCE: xen/netback: free already allocated memory on failure in
  xen_netbk_get_requests
  - LP: #1117331
  - CVE-2013-0217
* [debian] Remove dangling symlink from headers package
  - LP: #1112442
* SAUCE: rt2x00: rt2x00pci_regbusy_read() - only print register access
  failure once
  - LP: #1128840
* can: c_can: fix invalid error codes
  - LP: #1116259
* can: ti_hecc: fix invalid error codes
  - LP: #1116259
* can: pch_can: fix invalid error codes
  - LP: #1116259
* fs/cifs/cifs_dfs_ref.c: fix potential memory leakage
  - LP: #1116259
* ARM: DMA: Fix struct page iterator in dma_cache_maint() to work with
  sparsemem
  - LP: #1116259
* Bluetooth: Fix sending HCI commands after reset
  - LP: #1116259
* ath9k_htc: Fix memory leak
  - LP: #1116259
* ath9k: fix double-free bug on beacon generate failure
  - LP: #1116259
* ALSA: usb-audio: fix invalid length check for RME and other UAC 2
  devices
  - LP: #1116259
* EDAC: Test correct variable in ->store function
  - LP: #1116259
* Bluetooth: Fix incorrect strncpy() in hidp_setup_hid()
  - LP: #1116259
* smp: Fix SMP function call empty cpu mask race
  - LP: #1116259
* x86/msr: Add capabilities check
  - LP: #1116259
* efi, x86: Pass a proper identity mapping in efi_call_phys_prelog
  - LP: #1116259
* x86/Sandy Bridge: Sandy Bridge workaround depends on CONFIG_PCI
  - LP: #1116259
* Linux 3.0.62
  - LP: #1116259
* drm/radeon/evergreen+: wait for the MC to settle after MC blackout
  - LP: #1122313
* drm/radeon: add quirk for RV100 board
  - LP: #1122313
* drm/radeon: Calling object_unrefer() when creating fb failure
  - LP: #1122313
* x86-64: Replace left over sti/cli in ia32 audit exit code
  - LP: #1122313
* nilfs2: fix fix very long mount time issue
  - LP: #1122313
* drivers/rtc/rtc-isl1208.c: call rtc_update_irq() from the alarm irq
  handler
  - LP: #1122313
* USB: ftdi_sio: add Zolix FTDI PID
  - LP: #1122313
* USB: ftdi_sio: add PID/VID entries for ELV WS 300 PC II
  - LP: #1122313
* USB: option: add support for Telit LE920
  - LP: #1122313
* USB: option: add Changhong CH690
  - LP: #1122313
* USB: qcserial: add Telit Gobi QDL device
  - LP: #1122313
* USB: EHCI: fix bug in scheduling periodic split transfers
  - LP: #1122313
* USB: storage: Define a new macro for USB storage match rules
  - LP: #1122313
* USB: storage: optimize to match the Huawei USB storage devices and
  support new switch command
  - LP: #1122313
* xhci: Fix isoc TD encoding.
  - LP: #1122313
* USB: XHCI: fix memory leak of URB-private data
  - LP: #1122313
* Linux 3.0.63
  - LP: #1122313
* rtlwifi: Fix the usage of the wrong variable in usb.c
  - LP: #1126189
* virtio_console: Don't access uninitialized data.
  - LP: #1126189
* kernel/resource.c: fix stack overflow in __reserve_region_with_split()
  - LP: #1126189
* mac80211: synchronize scan off/on-channel and PS states
  - LP: #1126189
* net: prevent setting ttl=0 via IP_TTL
  - LP: #1126189
* MAINTAINERS: Stephen Hemminger email change
  - LP: #1126189
* isdn/gigaset: fix zero size border case in debug dump
  - LP: #1126189
* r8169: remove the obsolete and incorrect AMD workaround
  - LP: #1126189
* net: loopback: fix a dst refcounting issue
  - LP: #1126189
* pktgen: correctly handle failures when adding a device
  - LP: #1126189
* ipv6: do not create neighbor entries for local delivery
  - LP: #1126189
* packet: fix leakage of tx_ring memory
  - LP: #1126189
* atm/iphase: rename fregt_t -> ffreg_t
  - LP: #1126189
* sctp: refactor sctp_outq_teardown to insure proper re-initalization
  - LP: #1126189
* net: sctp: sctp_setsockopt_auth_key: use kzfree instead of kfree
  - LP: #1126189
* net: sctp: sctp_endpoint_free: zero out secret key data
  - LP: #1126189
* tcp: frto should not set snd_cwnd to 0
  - LP: #1126189
* tcp: fix for zero packets_in_flight was too broad
  - LP: #1126189
* tcp: fix MSG_SENDPAGE_NOTLAST logic
  - LP: #1126189
* bridge: Pull ip header into skb->data before looking into ip header.
  - LP: #1126189
* tg3: Avoid null pointer dereference in tg3_interrupt in netconsole mode
  - LP: #1126189
* tg3: Fix crc errors on jumbo frame receive
  - LP: #1126189
* Linux 3.0.64
  - LP: #1126189
* x86/mm: Check if PUD is large when validating a kernel address
  - LP: #1130182
* x86/xen: don't assume %ds is usable in xen_iret for 32-bit PVOPS.
  - LP: #1130182
* PCI/PM: Clean up PME state when removing a device
  - LP: #1130182
* igb: Remove artificial restriction on RQDPC stat reading
  - LP: #1130182
* Linux 3.0.65
  - LP: #1130182
* vhost: fix length for cross region descriptor
  - LP: #1130951
  - CVE-2013-0311
* NLS: improve UTF8 -> UTF16 string conversion routine
  - LP: #1134523
  - CVE-2013-1773

Author: Felix Geyer
Revision Date: 2012-08-09 15:30:03 UTC

* SECURITY UPDATE: multiple heap-based buffer overflows (LP: #1034623)
  - src/b64.c, src/b64.h, src/proto.c, toolkit/parse.c:
    apply upstream git commits b17232f86f8e60d0d22caf9a2400494d3c77da58,
    6d4ca89cf1d3c9a8aff696c3a846ac5a51f762c1 and
    1902baee5d4b056850274ed0fa8c2409f1187435
  - CVE-2012-3461

Author: Felix Geyer
Revision Date: 2012-08-09 15:30:03 UTC

* SECURITY UPDATE: multiple heap-based buffer overflows (LP: #1034623)
  - src/b64.c, src/b64.h, src/proto.c, toolkit/parse.c:
    apply upstream git commits b17232f86f8e60d0d22caf9a2400494d3c77da58,
    6d4ca89cf1d3c9a8aff696c3a846ac5a51f762c1 and
    1902baee5d4b056850274ed0fa8c2409f1187435
  - CVE-2012-3461

Author: Marc Deslauriers
Revision Date: 2013-03-04 10:33:54 UTC

* SECURITY UPDATE: host header poisoning (LP: #1089337)
  - debian/patches/fix_get_host.patch: tighten host header validation in
    django/http/__init__.py, add tests to
    tests/regressiontests/requests/tests.py.
  - https://www.djangoproject.com/weblog/2012/dec/10/security/
  - No CVE number
* SECURITY UPDATE: redirect poisoning (LP: #1089337)
  - debian/patches/fix_redirect_poisoning.patch: tighten validation in
    django/contrib/auth/views.py,
    django/contrib/comments/views/comments.py,
    django/contrib/comments/views/moderation.py,
    django/contrib/comments/views/utils.py, django/utils/http.py,
    django/views/i18n.py, add tests to
    tests/regressiontests/comment_tests/tests/comment_view_tests.py,
    tests/regressiontests/comment_tests/tests/moderation_view_tests.py,
    tests/regressiontests/views/tests/i18n.py.
  - https://www.djangoproject.com/weblog/2012/dec/10/security/
  - No CVE number
* SECURITY UPDATE: host header poisoning (LP: #1130445)
  - debian/patches/add_allowed_hosts.patch: add new ALLOWED_HOSTS setting
    to django/conf/global_settings.py,
    django/conf/project_template/settings.py,
    django/http/__init__.py, django/test/utils.py, add docs to
    docs/ref/settings.txt, add tests to
    tests/regressiontests/requests/tests.py.
  - https://www.djangoproject.com/weblog/2013/feb/19/security/
  - No CVE number
* SECURITY UPDATE: XML attacks (LP: #1130445)
  - debian/patches/CVE-2013-166x.patch: forbid DTDs, entity expansion,
    and external entities/DTDs in
    django/core/serializers/xml_serializer.py, add tests to
    tests/regressiontests/serializers_regress/tests.py.
  - https://www.djangoproject.com/weblog/2013/feb/19/security/
  - CVE-2013-1664
  - CVE-2013-1665
* SECURITY UPDATE: Data leakage via admin history log (LP: #1130445)
  - debian/patches/CVE-2013-0305.patch: add permission checks to history
    view in django/contrib/admin/options.py, add tests to
    tests/regressiontests/admin_views/tests.py.
  - https://www.djangoproject.com/weblog/2013/feb/19/security/
  - CVE-2013-0305
* SECURITY UPDATE: Formset denial-of-service (LP: #1130445)
  - debian/patches/CVE-2013-0306.patch: limit maximum number of forms in
    django/forms/formsets.py, add docs to docs/topics/forms/formsets.txt,
    docs/topics/forms/modelforms.txt, add tests to
    tests/regressiontests/forms/tests/formsets.py.
  - https://www.djangoproject.com/weblog/2013/feb/19/security/
  - CVE-2013-0306

Author: Marc Deslauriers
Revision Date: 2013-03-27 09:33:46 UTC

* SECURITY UPDATE: invalid memory access issues
  - debian/patches/CVE-2013-1788.patch: add checks in poppler/Function.cc,
    poppler/Stream.cc, splash/Splash.cc.
  - CVE-2013-1788
* SECURITY UPDATE: uninitialized memory read
  - debian/patches/CVE-2013-1790.patch: properly handle refLine in
    poppler/Stream.cc.
  - CVE-2013-1790

Author: Marc Deslauriers
Revision Date: 2013-03-27 09:33:46 UTC

* SECURITY UPDATE: invalid memory access issues
  - debian/patches/CVE-2013-1788.patch: add checks in poppler/Function.cc,
    poppler/Stream.cc, splash/Splash.cc.
  - CVE-2013-1788
* SECURITY UPDATE: uninitialized memory read
  - debian/patches/CVE-2013-1790.patch: properly handle refLine in
    poppler/Stream.cc.
  - CVE-2013-1790

Author: Martin Pitt
Revision Date: 2013-04-02 12:24:32 UTC

* New upstream security/bug fix release: (LP: #1163184)
  - Fix insecure parsing of server command-line switches.
    A connection request containing a database name that begins with
    "-" could be crafted to damage or destroy files within the server's
    data directory, even if the request is eventually rejected.
    [CVE-2013-1899]
  - Reset OpenSSL randomness state in each postmaster child process.
    This avoids a scenario wherein random numbers generated by
    "contrib/pgcrypto" functions might be relatively easy for another
    database user to guess. The risk is only significant when the
    postmaster is configured with ssl = on but most connections don't
    use SSL encryption. [CVE-2013-1900]
  - Make REPLICATION privilege checks test current user not
    authenticated user.
    An unprivileged database user could exploit this mistake to call
    pg_start_backup() or pg_stop_backup(), thus possibly interfering
    with creation of routine backups. [CVE-2013-1901]
  - Fix GiST indexes to not use "fuzzy" geometric comparisons when it's
    not appropriate to do so.
    The core geometric types perform comparisons using "fuzzy"
    equality, but gist_box_same must do exact comparisons, else GiST
    indexes using it might become inconsistent. After installing this
    update, users should "REINDEX" any GiST indexes on box, polygon,
    circle, or point columns, since all of these use gist_box_same.
  - Fix erroneous range-union and penalty logic in GiST indexes that
    use "contrib/btree_gist" for variable-width data types, that is
    text, bytea, bit, and numeric columns.
    These errors could result in inconsistent indexes in which some
    keys that are present would not be found by searches, and also in
    useless index bloat. Users are advised to "REINDEX" such indexes
    after installing this update.
  - Fix bugs in GiST page splitting code for multi-column indexes.
    These errors could result in inconsistent indexes in which some
    keys that are present would not be found by searches, and also in
    indexes that are unnecessarily inefficient to search. Users are
    advised to "REINDEX" multi-column GiST indexes after installing
    this update.
  - See HISTORY/changelog.gz for details about the other bug fixes.

Author: Scott Kitterman
Revision Date: 2013-04-25 23:41:55 UTC

[ Seth Arnold ]
* SECURITY UPDATE: Updated to 0.97.8 to fix multiple security issues.
  - CVE-2013-2020 and CVE-2013-2021

[ Scott Kitterman ]
* Merge from Debian unstable (LP: #1172981). Remaining changes:
  - Drop build-dep on electric-fence (in Universe)
  - Add apparmor profiles for clamd and freshclam along with maintainer
    script changes

Author: Scott Kitterman
Revision Date: 2013-04-25 23:41:55 UTC

[ Seth Arnold ]
* SECURITY UPDATE: Updated to 0.97.8 to fix multiple security issues.
  - CVE-2013-2020 and CVE-2013-2021

[ Scott Kitterman ]
* Merge from Debian unstable (LP: #1172981). Remaining changes:
  - Drop build-dep on electric-fence (in Universe)
  - Add apparmor profiles for clamd and freshclam along with maintainer
    script changes

Author: Seth Arnold
Revision Date: 2013-04-18 17:10:57 UTC

* SECURITY UPDATE: Update to 5.1.69 to fix security issues (LP: #1170516)
  - http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html

Author: Jamie Strandboge
Revision Date: 2013-04-23 09:13:00 UTC

Revert PR1161: X509VariableTrustManager does not work correctly with
OpenJDK7. The fix for PR1161 is needed for IcedTea 2.3.x and not 1.12.
We need to keep this patch reverted as long as we build icedtea-web
against 1.12 (LP: #1171506)

Author: Jamie Strandboge
Revision Date: 2013-04-23 09:13:00 UTC

Revert PR1161: X509VariableTrustManager does not work correctly with
OpenJDK7. The fix for PR1161 is needed for IcedTea 2.3.x and not 1.12.
We need to keep this patch reverted as long as we build icedtea-web
against 1.12 (LP: #1171506)

Author: Jamie Strandboge
Revision Date: 2013-04-22 11:19:54 UTC

fake sync from Debian

Author: Jamie Strandboge
Revision Date: 2013-04-22 11:19:54 UTC

fake sync from Debian

Author: Seth Arnold
Revision Date: 2013-04-18 17:10:57 UTC

* SECURITY UPDATE: Update to 5.1.69 to fix security issues (LP: #1170516)
  - http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html

Author: Marc Deslauriers
Revision Date: 2013-04-05 10:22:37 UTC

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via non-default global.tune.bufsize.
  - debian/patches/CVE-2012-2942.patch: check buffer sizes in
    include/types/global.h, src/acl.c, src/cfgparse.c, src/checks.c,
    src/dumpstats.c, src/haproxy.c, src/proto_http.c,
    tests/0000-debug-stats.diff.
  - CVE-2012-2942
* SECURITY UPDATE: denial of service via HTTP information in tcp-request
  - debian/patches/CVE-2013-1912.patch: properly handle buffers in
    src/proto_http.c.
  - CVE-2013-1912

Author: Marc Deslauriers
Revision Date: 2013-04-05 10:22:37 UTC

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via non-default global.tune.bufsize.
  - debian/patches/CVE-2012-2942.patch: check buffer sizes in
    include/types/global.h, src/acl.c, src/cfgparse.c, src/checks.c,
    src/dumpstats.c, src/haproxy.c, src/proto_http.c,
    tests/0000-debug-stats.diff.
  - CVE-2012-2942
* SECURITY UPDATE: denial of service via HTTP information in tcp-request
  - debian/patches/CVE-2013-1912.patch: properly handle buffers in
    src/proto_http.c.
  - CVE-2013-1912

Author: Seth Arnold
Revision Date: 2013-04-11 13:55:41 UTC

* SECURITY UPDATE: Incorrect cookie domain handling in tailmatch()
  - debian/patches/curl-tailmatch.patch: enforce strict subdomain match
    when sending cookies. Patch from YAMADA Yasuharu.
  - http://curl.haxx.se/curl-tailmatch.patch
  - CVE-2013-1944

Author: Seth Arnold
Revision Date: 2013-04-11 13:55:41 UTC

* SECURITY UPDATE: Incorrect cookie domain handling in tailmatch()
  - debian/patches/curl-tailmatch.patch: enforce strict subdomain match
    when sending cookies. Patch from YAMADA Yasuharu.
  - http://curl.haxx.se/curl-tailmatch.patch
  - CVE-2013-1944

Author: Marc Deslauriers
Revision Date: 2013-04-11 08:43:44 UTC

* SECURITY UPDATE: input event leak via inactive VT
  - debian/patches/CVE-2013-1940.patch: fix flush input to work with
    Linux evdev devices in hw/xfree86/os-support/shared/posix_tty.c.
  - CVE-2013-1940

Author: Marc Deslauriers
Revision Date: 2013-04-11 08:43:44 UTC

* SECURITY UPDATE: input event leak via inactive VT
  - debian/patches/CVE-2013-1940.patch: fix flush input to work with
    Linux evdev devices in hw/xfree86/os-support/shared/posix_tty.c.
  - CVE-2013-1940

Author: Martin Pitt
Revision Date: 2013-04-02 12:24:32 UTC

* New upstream security/bug fix release: (LP: #1163184)
  - Fix insecure parsing of server command-line switches.
    A connection request containing a database name that begins with
    "-" could be crafted to damage or destroy files within the server's
    data directory, even if the request is eventually rejected.
    [CVE-2013-1899]
  - Reset OpenSSL randomness state in each postmaster child process.
    This avoids a scenario wherein random numbers generated by
    "contrib/pgcrypto" functions might be relatively easy for another
    database user to guess. The risk is only significant when the
    postmaster is configured with ssl = on but most connections don't
    use SSL encryption. [CVE-2013-1900]
  - Make REPLICATION privilege checks test current user not
    authenticated user.
    An unprivileged database user could exploit this mistake to call
    pg_start_backup() or pg_stop_backup(), thus possibly interfering
    with creation of routine backups. [CVE-2013-1901]
  - Fix GiST indexes to not use "fuzzy" geometric comparisons when it's
    not appropriate to do so.
    The core geometric types perform comparisons using "fuzzy"
    equality, but gist_box_same must do exact comparisons, else GiST
    indexes using it might become inconsistent. After installing this
    update, users should "REINDEX" any GiST indexes on box, polygon,
    circle, or point columns, since all of these use gist_box_same.
  - Fix erroneous range-union and penalty logic in GiST indexes that
    use "contrib/btree_gist" for variable-width data types, that is
    text, bytea, bit, and numeric columns.
    These errors could result in inconsistent indexes in which some
    keys that are present would not be found by searches, and also in
    useless index bloat. Users are advised to "REINDEX" such indexes
    after installing this update.
  - Fix bugs in GiST page splitting code for multi-column indexes.
    These errors could result in inconsistent indexes in which some
    keys that are present would not be found by searches, and also in
    indexes that are unnecessarily inefficient to search. Users are
    advised to "REINDEX" multi-column GiST indexes after installing
    this update.
  - See HISTORY/changelog.gz for details about the other bug fixes.

Author: Jamie Strandboge
Revision Date: 2013-04-01 13:22:12 UTC

fake sync from Debian

Author: Jamie Strandboge
Revision Date: 2013-04-01 13:23:30 UTC

fake sync from Debian

Author: Jamie Strandboge
Revision Date: 2013-04-01 13:22:12 UTC

fake sync from Debian

Author: Jamie Strandboge
Revision Date: 2013-04-01 13:23:30 UTC

fake sync from Debian

Author: Marc Deslauriers
Revision Date: 2013-03-28 15:25:23 UTC

* SECURITY UPDATE: denial of service via regex syntax checking
  - configure,configure.in,config.h.in: remove check for regex.h to
    disable regex syntax checking.
  - CVE-2013-2266

Author: Marc Deslauriers
Revision Date: 2013-03-28 15:25:23 UTC

* SECURITY UPDATE: denial of service via regex syntax checking
  - configure,configure.in,config.h.in: remove check for regex.h to
    disable regex syntax checking.
  - CVE-2013-2266

Author: Marc Deslauriers
Revision Date: 2013-03-28 13:07:58 UTC

* SECURITY UPDATE: denial of service via malformed stylesheet
  - libxslt/functions.c, libxslt/keys.c: check for empty values
    tests/*: add tests
  - dc11b6b379a882418093ecc8adf11f6166682e8d
  - 6c99c519d97e5fcbec7a9537d190efb442e4e833
  - CVE-2012-6139

Author: Marc Deslauriers
Revision Date: 2013-03-28 13:07:58 UTC

* SECURITY UPDATE: denial of service via malformed stylesheet
  - libxslt/functions.c, libxslt/keys.c: check for empty values
    tests/*: add tests
  - dc11b6b379a882418093ecc8adf11f6166682e8d
  - 6c99c519d97e5fcbec7a9537d190efb442e4e833
  - CVE-2012-6139

Author: Marc Deslauriers
Revision Date: 2013-03-26 10:25:45 UTC

* SECURITY UPDATE: denial of service via entity expansion
  - include/libxml/parser.h, parser.c, parserInternals.c: limit number of
    entity expansions, thanks to Daniel Veillard.
  - http://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab
  - CVE-2013-0338

Author: Marc Deslauriers
Revision Date: 2013-03-26 10:25:45 UTC

* SECURITY UPDATE: denial of service via entity expansion
  - include/libxml/parser.h, parser.c, parserInternals.c: limit number of
    entity expansions, thanks to Daniel Veillard.
  - http://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab
  - CVE-2013-0338

Author: Scott Kitterman
Revision Date: 2012-01-11 10:41:14 UTC

New upstream bugfix release (LP: #913928)

Author: Scott Kitterman
Revision Date: 2012-01-11 10:41:14 UTC

New upstream bugfix release (LP: #913928)

Author: Scott Kitterman
Revision Date: 2011-12-08 22:37:23 UTC

[ Philip Muškovac ]
New upstream bugfix release (LP: #901975)

Author: Scott Kitterman
Revision Date: 2011-12-08 22:37:23 UTC

[ Philip Muškovac ]
New upstream bugfix release (LP: #901975)

Author: Max Bowsher
Revision Date: 2013-03-23 23:25:04 UTC

Merge 1.7.8-0svn2

Author: Marc Deslauriers
Revision Date: 2013-03-21 14:37:12 UTC

* SECURITY UPDATE: incorrect ssl cert validation (LP: #1117411)
  - debian/patches/CVE-2013-0240.patch: properly validate ssl certs in
    src/goabackend/{goaoauthprovider,goaoauth2provider}.c.
  - CVE-2013-0240

Author: Jamie Strandboge
Revision Date: 2013-03-20 09:48:07 UTC

* SECURITY UPDATE: fix denial of service via fixed IPs when using extensions
  - debian/patches/CVE-2013-1838.patch: add explicit quota for fixed IP
  - CVE-2013-1838
  - LP: #1125468

Author: Jamie Strandboge
Revision Date: 2013-03-20 09:48:07 UTC

* SECURITY UPDATE: fix denial of service via fixed IPs when using extensions
  - debian/patches/CVE-2013-1838.patch: add explicit quota for fixed IP
  - CVE-2013-1838
  - LP: #1125468

Author: Christian Kuersteiner
Revision Date: 2013-03-15 15:40:27 UTC

[Christian Kuersteiner]
* SECURITY UPDATE: Fix multiple vulnerabilities in Tomcat7
  (LP: #1115053)
  - debian/patches/CVE-2012-0022.patch: Fix for Denial of service. Based on
    upstream patch.
  - CVE-2012-0022, CVE-2011-4858
  - debian/patches/CVE-2011-3375.patch: Fix for information disclosure. Based
    on upstream patch.
  - CVE-2011-3375
  - debian/patches/CVE-2011-3376.patch: Fix for privilege escalation. Based on
    upstream patch.
  - CVE-2011-3376
  - debian/patches/CVE-2012-2733.patch: Fix for Apache Tomcat Denial of
    Service. Based on upstream patch.
  - CVE-2012-2733
  - debian/patches/CVE-2012-3546.patch: Fix for bypass of security
    constraints. Based on upstream patch.
  - CVE-2012-3546
  - debian/patches/CVE-2012-4431.patch: Fix for bypass of CSRF prevention
    filter. Based on upstream patch.
  - CVE-2012-4431
  - debian/patches/CVE-2012-4534.patch: Fix for CVE-2012-4534 Denial of
    Service Vulnerability. Based on upstream patch.
  - CVE-2012-4534
  - debian/patches/CVE-2012-3439.patch: Fix for DIGEST authentication
    weaknesses. Based on upstream patch.
  - CVE-2012-3439, CVE-2012-5885, CVE-2012-5886, 2012-5887

[ Jamie Strandboge ]
* allow for easily running the testsuite:
  - debian/control: add testsuite build-depends
  - debian/rules:
    + add 'testsuite' target
    + add ANT_TS_ARGS for use in the testsuite target
    + cleanup the testsuite
  - add debian/README.source for information on how to use the testsuite

Author: Christian Kuersteiner
Revision Date: 2013-03-15 15:40:27 UTC

[Christian Kuersteiner]
* SECURITY UPDATE: Fix multiple vulnerabilities in Tomcat7
  (LP: #1115053)
  - debian/patches/CVE-2012-0022.patch: Fix for Denial of service. Based on
    upstream patch.
  - CVE-2012-0022, CVE-2011-4858
  - debian/patches/CVE-2011-3375.patch: Fix for information disclosure. Based
    on upstream patch.
  - CVE-2011-3375
  - debian/patches/CVE-2011-3376.patch: Fix for privilege escalation. Based on
    upstream patch.
  - CVE-2011-3376
  - debian/patches/CVE-2012-2733.patch: Fix for Apache Tomcat Denial of
    Service. Based on upstream patch.
  - CVE-2012-2733
  - debian/patches/CVE-2012-3546.patch: Fix for bypass of security
    constraints. Based on upstream patch.
  - CVE-2012-3546
  - debian/patches/CVE-2012-4431.patch: Fix for bypass of CSRF prevention
    filter. Based on upstream patch.
  - CVE-2012-4431
  - debian/patches/CVE-2012-4534.patch: Fix for CVE-2012-4534 Denial of
    Service Vulnerability. Based on upstream patch.
  - CVE-2012-4534
  - debian/patches/CVE-2012-3439.patch: Fix for DIGEST authentication
    weaknesses. Based on upstream patch.
  - CVE-2012-3439, CVE-2012-5885, CVE-2012-5886, 2012-5887

[ Jamie Strandboge ]
* allow for easily running the testsuite:
  - debian/control: add testsuite build-depends
  - debian/rules:
    + add 'testsuite' target
    + add ANT_TS_ARGS for use in the testsuite target
    + cleanup the testsuite
  - add debian/README.source for information on how to use the testsuite

Author: Jamie Strandboge
Revision Date: 2013-03-13 13:12:05 UTC

* SECURITY UPDATE: New upstream release to fix TLS timing side-channel
  attacks
  - CVE-2013-1620
* Remaining changes:
  - 98_ckbi-1.93.patch: Dropped (included upstream)
  - 01_dont_build_nspr.patch
  - 38_kbsd.patch: refresh/update
  - 80_security_build.patch
  - 85_security_load.patch
  - 97_SSL_RENEGOTIATE_TRANSITIONAL.patch
* debian/libnss3.symbols: add NSS_3.14.3 symbols

Author: Jamie Strandboge
Revision Date: 2013-03-13 13:12:05 UTC

* SECURITY UPDATE: New upstream release to fix TLS timing side-channel
  attacks
  - CVE-2013-1620
* Remaining changes:
  - 98_ckbi-1.93.patch: Dropped (included upstream)
  - 01_dont_build_nspr.patch
  - 38_kbsd.patch: refresh/update
  - 80_security_build.patch
  - 85_security_load.patch
  - 97_SSL_RENEGOTIATE_TRANSITIONAL.patch
* debian/libnss3.symbols: add NSS_3.14.3 symbols

Author: Marc Deslauriers
Revision Date: 2013-03-13 11:32:35 UTC

* SECURITY UPDATE: InRelease verification bypass
  - CVE-2013-1051

[ David Kalnischk ]
[ Michael Vogt ]
* apt-pkg/deb/debmetaindex.cc,
  test/integration/test-bug-595691-empty-and-broken-archive-files,
  test/integration/test-releasefile-verification:
  - disable InRelease downloading until the verification issue is
    fixed, thanks to Ansgar Burchardt for finding the flaw

Author: Jamie Strandboge
Revision Date: 2013-03-13 10:31:02 UTC

* New upstream release to support security fixes in nss.
  - debian/patches/30_config_64bits.patch: refresh
  - debian/patches/99_configure.patch: regenerate per debian/rules

Author: Jamie Strandboge
Revision Date: 2013-03-13 10:31:02 UTC

* New upstream release to support security fixes in nss.
  - debian/patches/30_config_64bits.patch: refresh
  - debian/patches/99_configure.patch: regenerate per debian/rules

Author: Marc Deslauriers
Revision Date: 2013-03-11 12:49:11 UTC

* SECURITY UPDATE: Multiple security issues
  - debian/patches/security-mar-2013.patch: upstream patch to fix
    multiple security issues.
  - CVE-2013-1640 - Remote code execution on master from authenticated clients
  - CVE-2013-1652 - Insufficient input validation
  - CVE-2013-1653 - Remote code execution
  - CVE-2013-1654 - Protocol downgrade
  - CVE-2013-1655 - Unauthenticated remote code execution risk
  - CVE-2013-2275 - Incorrect default report ACL

Author: Marc Deslauriers
Revision Date: 2013-03-11 12:49:11 UTC

* SECURITY UPDATE: Multiple security issues
  - debian/patches/security-mar-2013.patch: upstream patch to fix
    multiple security issues.
  - CVE-2013-1640 - Remote code execution on master from authenticated clients
  - CVE-2013-1652 - Insufficient input validation
  - CVE-2013-1653 - Remote code execution
  - CVE-2013-1654 - Protocol downgrade
  - CVE-2013-1655 - Unauthenticated remote code execution risk
  - CVE-2013-2275 - Incorrect default report ACL

Author: Marc Deslauriers
Revision Date: 2013-03-08 16:32:19 UTC

* SECURITY UPDATE: arbitrary file disclosure via XML External Entity
  - debian/patches/CVE-2013-1643.patch: disable the entity loader in
    ext/libxml/libxml.c, ext/libxml/php_libxml.h, ext/soap/php_xml.c.
  - CVE-2013-1643

Author: Marc Deslauriers
Revision Date: 2013-03-08 16:32:19 UTC

* SECURITY UPDATE: arbitrary file disclosure via XML External Entity
  - debian/patches/CVE-2013-1643.patch: disable the entity loader in
    ext/libxml/libxml.c, ext/libxml/php_libxml.h, ext/soap/php_xml.c.
  - CVE-2013-1643

Author: Marc Deslauriers
Revision Date: 2013-03-04 10:33:54 UTC

* SECURITY UPDATE: host header poisoning (LP: #1089337)
  - debian/patches/fix_get_host.patch: tighten host header validation in
    django/http/__init__.py, add tests to
    tests/regressiontests/requests/tests.py.
  - https://www.djangoproject.com/weblog/2012/dec/10/security/
  - No CVE number
* SECURITY UPDATE: redirect poisoning (LP: #1089337)
  - debian/patches/fix_redirect_poisoning.patch: tighten validation in
    django/contrib/auth/views.py,
    django/contrib/comments/views/comments.py,
    django/contrib/comments/views/moderation.py,
    django/contrib/comments/views/utils.py, django/utils/http.py,
    django/views/i18n.py, add tests to
    tests/regressiontests/comment_tests/tests/comment_view_tests.py,
    tests/regressiontests/comment_tests/tests/moderation_view_tests.py,
    tests/regressiontests/views/tests/i18n.py.
  - https://www.djangoproject.com/weblog/2012/dec/10/security/
  - No CVE number
* SECURITY UPDATE: host header poisoning (LP: #1130445)
  - debian/patches/add_allowed_hosts.patch: add new ALLOWED_HOSTS setting
    to django/conf/global_settings.py,
    django/conf/project_template/settings.py,
    django/http/__init__.py, django/test/utils.py, add docs to
    docs/ref/settings.txt, add tests to
    tests/regressiontests/requests/tests.py.
  - https://www.djangoproject.com/weblog/2013/feb/19/security/
  - No CVE number
* SECURITY UPDATE: XML attacks (LP: #1130445)
  - debian/patches/CVE-2013-166x.patch: forbid DTDs, entity expansion,
    and external entities/DTDs in
    django/core/serializers/xml_serializer.py, add tests to
    tests/regressiontests/serializers_regress/tests.py.
  - https://www.djangoproject.com/weblog/2013/feb/19/security/
  - CVE-2013-1664
  - CVE-2013-1665
* SECURITY UPDATE: Data leakage via admin history log (LP: #1130445)
  - debian/patches/CVE-2013-0305.patch: add permission checks to history
    view in django/contrib/admin/options.py, add tests to
    tests/regressiontests/admin_views/tests.py.
  - https://www.djangoproject.com/weblog/2013/feb/19/security/
  - CVE-2013-0305
* SECURITY UPDATE: Formset denial-of-service (LP: #1130445)
  - debian/patches/CVE-2013-0306.patch: limit maximum number of forms in
    django/forms/formsets.py, add docs to docs/topics/forms/formsets.txt,
    docs/topics/forms/modelforms.txt, add tests to
    tests/regressiontests/forms/tests/formsets.py.
  - https://www.djangoproject.com/weblog/2013/feb/19/security/
  - CVE-2013-0306

Author: Paolo Pisati
Revision Date: 2013-03-01 14:25:01 UTC

* Release Tracking Bug
  - LP: #1137045

[ Paolo Pisati ]

* rebased on Ubuntu-3.0.0-32.50

[ Ubuntu: 3.0.0-32.50 ]

* Release Tracking Bug
  - LP: #1136175
* SAUCE: xen/netback: shutdown the ring if it contains garbage.
  - LP: #1117325
  - CVE-2013-0216
* SAUCE: netback: correct netbk_tx_err to handle wrap around.
  - LP: #1117325
  - CVE-2013-0216
* SAUCE: xen/netback: don't leak pages on failure in
  xen_netbk_tx_check_gop.
  - LP: #1117331
  - CVE-2013-0217
* SAUCE: xen/netback: free already allocated memory on failure in
  xen_netbk_get_requests
  - LP: #1117331
  - CVE-2013-0217
* [debian] Remove dangling symlink from headers package
  - LP: #1112442
* SAUCE: rt2x00: rt2x00pci_regbusy_read() - only print register access
  failure once
  - LP: #1128840
* can: c_can: fix invalid error codes
  - LP: #1116259
* can: ti_hecc: fix invalid error codes
  - LP: #1116259
* can: pch_can: fix invalid error codes
  - LP: #1116259
* fs/cifs/cifs_dfs_ref.c: fix potential memory leakage
  - LP: #1116259
* ARM: DMA: Fix struct page iterator in dma_cache_maint() to work with
  sparsemem
  - LP: #1116259
* Bluetooth: Fix sending HCI commands after reset
  - LP: #1116259
* ath9k_htc: Fix memory leak
  - LP: #1116259
* ath9k: fix double-free bug on beacon generate failure
  - LP: #1116259
* ALSA: usb-audio: fix invalid length check for RME and other UAC 2
  devices
  - LP: #1116259
* EDAC: Test correct variable in ->store function
  - LP: #1116259
* Bluetooth: Fix incorrect strncpy() in hidp_setup_hid()
  - LP: #1116259
* smp: Fix SMP function call empty cpu mask race
  - LP: #1116259
* x86/msr: Add capabilities check
  - LP: #1116259
* efi, x86: Pass a proper identity mapping in efi_call_phys_prelog
  - LP: #1116259
* x86/Sandy Bridge: Sandy Bridge workaround depends on CONFIG_PCI
  - LP: #1116259
* Linux 3.0.62
  - LP: #1116259
* drm/radeon/evergreen+: wait for the MC to settle after MC blackout
  - LP: #1122313
* drm/radeon: add quirk for RV100 board
  - LP: #1122313
* drm/radeon: Calling object_unrefer() when creating fb failure
  - LP: #1122313
* x86-64: Replace left over sti/cli in ia32 audit exit code
  - LP: #1122313
* nilfs2: fix fix very long mount time issue
  - LP: #1122313
* drivers/rtc/rtc-isl1208.c: call rtc_update_irq() from the alarm irq
  handler
  - LP: #1122313
* USB: ftdi_sio: add Zolix FTDI PID
  - LP: #1122313
* USB: ftdi_sio: add PID/VID entries for ELV WS 300 PC II
  - LP: #1122313
* USB: option: add support for Telit LE920
  - LP: #1122313
* USB: option: add Changhong CH690
  - LP: #1122313
* USB: qcserial: add Telit Gobi QDL device
  - LP: #1122313
* USB: EHCI: fix bug in scheduling periodic split transfers
  - LP: #1122313
* USB: storage: Define a new macro for USB storage match rules
  - LP: #1122313
* USB: storage: optimize to match the Huawei USB storage devices and
  support new switch command
  - LP: #1122313
* xhci: Fix isoc TD encoding.
  - LP: #1122313
* USB: XHCI: fix memory leak of URB-private data
  - LP: #1122313
* Linux 3.0.63
  - LP: #1122313
* rtlwifi: Fix the usage of the wrong variable in usb.c
  - LP: #1126189
* virtio_console: Don't access uninitialized data.
  - LP: #1126189
* kernel/resource.c: fix stack overflow in __reserve_region_with_split()
  - LP: #1126189
* mac80211: synchronize scan off/on-channel and PS states
  - LP: #1126189
* net: prevent setting ttl=0 via IP_TTL
  - LP: #1126189
* MAINTAINERS: Stephen Hemminger email change
  - LP: #1126189
* isdn/gigaset: fix zero size border case in debug dump
  - LP: #1126189
* r8169: remove the obsolete and incorrect AMD workaround
  - LP: #1126189
* net: loopback: fix a dst refcounting issue
  - LP: #1126189
* pktgen: correctly handle failures when adding a device
  - LP: #1126189
* ipv6: do not create neighbor entries for local delivery
  - LP: #1126189
* packet: fix leakage of tx_ring memory
  - LP: #1126189
* atm/iphase: rename fregt_t -> ffreg_t
  - LP: #1126189
* sctp: refactor sctp_outq_teardown to insure proper re-initalization
  - LP: #1126189
* net: sctp: sctp_setsockopt_auth_key: use kzfree instead of kfree
  - LP: #1126189
* net: sctp: sctp_endpoint_free: zero out secret key data
  - LP: #1126189
* tcp: frto should not set snd_cwnd to 0
  - LP: #1126189
* tcp: fix for zero packets_in_flight was too broad
  - LP: #1126189
* tcp: fix MSG_SENDPAGE_NOTLAST logic
  - LP: #1126189
* bridge: Pull ip header into skb->data before looking into ip header.
  - LP: #1126189
* tg3: Avoid null pointer dereference in tg3_interrupt in netconsole mode
  - LP: #1126189
* tg3: Fix crc errors on jumbo frame receive
  - LP: #1126189
* Linux 3.0.64
  - LP: #1126189
* x86/mm: Check if PUD is large when validating a kernel address
  - LP: #1130182
* x86/xen: don't assume %ds is usable in xen_iret for 32-bit PVOPS.
  - LP: #1130182
* PCI/PM: Clean up PME state when removing a device
  - LP: #1130182
* igb: Remove artificial restriction on RQDPC stat reading
  - LP: #1130182
* Linux 3.0.65
  - LP: #1130182
* vhost: fix length for cross region descriptor
  - LP: #1130951
  - CVE-2013-0311
* NLS: improve UTF8 -> UTF16 string conversion routine
  - LP: #1134523
  - CVE-2013-1773

Author: Paolo Pisati
Revision Date: 2013-03-01 14:25:01 UTC

* Release Tracking Bug
  - LP: #1137045

[ Paolo Pisati ]

* rebased on Ubuntu-3.0.0-32.50

[ Ubuntu: 3.0.0-32.50 ]

* Release Tracking Bug
  - LP: #1136175
* SAUCE: xen/netback: shutdown the ring if it contains garbage.
  - LP: #1117325
  - CVE-2013-0216
* SAUCE: netback: correct netbk_tx_err to handle wrap around.
  - LP: #1117325
  - CVE-2013-0216
* SAUCE: xen/netback: don't leak pages on failure in
  xen_netbk_tx_check_gop.
  - LP: #1117331
  - CVE-2013-0217
* SAUCE: xen/netback: free already allocated memory on failure in
  xen_netbk_get_requests
  - LP: #1117331
  - CVE-2013-0217
* [debian] Remove dangling symlink from headers package
  - LP: #1112442
* SAUCE: rt2x00: rt2x00pci_regbusy_read() - only print register access
  failure once
  - LP: #1128840
* can: c_can: fix invalid error codes
  - LP: #1116259
* can: ti_hecc: fix invalid error codes
  - LP: #1116259
* can: pch_can: fix invalid error codes
  - LP: #1116259
* fs/cifs/cifs_dfs_ref.c: fix potential memory leakage
  - LP: #1116259
* ARM: DMA: Fix struct page iterator in dma_cache_maint() to work with
  sparsemem
  - LP: #1116259
* Bluetooth: Fix sending HCI commands after reset
  - LP: #1116259
* ath9k_htc: Fix memory leak
  - LP: #1116259
* ath9k: fix double-free bug on beacon generate failure
  - LP: #1116259
* ALSA: usb-audio: fix invalid length check for RME and other UAC 2
  devices
  - LP: #1116259
* EDAC: Test correct variable in ->store function
  - LP: #1116259
* Bluetooth: Fix incorrect strncpy() in hidp_setup_hid()
  - LP: #1116259
* smp: Fix SMP function call empty cpu mask race
  - LP: #1116259
* x86/msr: Add capabilities check
  - LP: #1116259
* efi, x86: Pass a proper identity mapping in efi_call_phys_prelog
  - LP: #1116259
* x86/Sandy Bridge: Sandy Bridge workaround depends on CONFIG_PCI
  - LP: #1116259
* Linux 3.0.62
  - LP: #1116259
* drm/radeon/evergreen+: wait for the MC to settle after MC blackout
  - LP: #1122313
* drm/radeon: add quirk for RV100 board
  - LP: #1122313
* drm/radeon: Calling object_unrefer() when creating fb failure
  - LP: #1122313
* x86-64: Replace left over sti/cli in ia32 audit exit code
  - LP: #1122313
* nilfs2: fix fix very long mount time issue
  - LP: #1122313
* drivers/rtc/rtc-isl1208.c: call rtc_update_irq() from the alarm irq
  handler
  - LP: #1122313
* USB: ftdi_sio: add Zolix FTDI PID
  - LP: #1122313
* USB: ftdi_sio: add PID/VID entries for ELV WS 300 PC II
  - LP: #1122313
* USB: option: add support for Telit LE920
  - LP: #1122313
* USB: option: add Changhong CH690
  - LP: #1122313
* USB: qcserial: add Telit Gobi QDL device
  - LP: #1122313
* USB: EHCI: fix bug in scheduling periodic split transfers
  - LP: #1122313
* USB: storage: Define a new macro for USB storage match rules
  - LP: #1122313
* USB: storage: optimize to match the Huawei USB storage devices and
  support new switch command
  - LP: #1122313
* xhci: Fix isoc TD encoding.
  - LP: #1122313
* USB: XHCI: fix memory leak of URB-private data
  - LP: #1122313
* Linux 3.0.63
  - LP: #1122313
* rtlwifi: Fix the usage of the wrong variable in usb.c
  - LP: #1126189
* virtio_console: Don't access uninitialized data.
  - LP: #1126189
* kernel/resource.c: fix stack overflow in __reserve_region_with_split()
  - LP: #1126189
* mac80211: synchronize scan off/on-channel and PS states
  - LP: #1126189
* net: prevent setting ttl=0 via IP_TTL
  - LP: #1126189
* MAINTAINERS: Stephen Hemminger email change
  - LP: #1126189
* isdn/gigaset: fix zero size border case in debug dump
  - LP: #1126189
* r8169: remove the obsolete and incorrect AMD workaround
  - LP: #1126189
* net: loopback: fix a dst refcounting issue
  - LP: #1126189
* pktgen: correctly handle failures when adding a device
  - LP: #1126189
* ipv6: do not create neighbor entries for local delivery
  - LP: #1126189
* packet: fix leakage of tx_ring memory
  - LP: #1126189
* atm/iphase: rename fregt_t -> ffreg_t
  - LP: #1126189
* sctp: refactor sctp_outq_teardown to insure proper re-initalization
  - LP: #1126189
* net: sctp: sctp_setsockopt_auth_key: use kzfree instead of kfree
  - LP: #1126189
* net: sctp: sctp_endpoint_free: zero out secret key data
  - LP: #1126189
* tcp: frto should not set snd_cwnd to 0
  - LP: #1126189
* tcp: fix for zero packets_in_flight was too broad
  - LP: #1126189
* tcp: fix MSG_SENDPAGE_NOTLAST logic
  - LP: #1126189
* bridge: Pull ip header into skb->data before looking into ip header.
  - LP: #1126189
* tg3: Avoid null pointer dereference in tg3_interrupt in netconsole mode
  - LP: #1126189
* tg3: Fix crc errors on jumbo frame receive
  - LP: #1126189
* Linux 3.0.64
  - LP: #1126189
* x86/mm: Check if PUD is large when validating a kernel address
  - LP: #1130182
* x86/xen: don't assume %ds is usable in xen_iret for 32-bit PVOPS.
  - LP: #1130182
* PCI/PM: Clean up PME state when removing a device
  - LP: #1130182
* igb: Remove artificial restriction on RQDPC stat reading
  - LP: #1130182
* Linux 3.0.65
  - LP: #1130182
* vhost: fix length for cross region descriptor
  - LP: #1130951
  - CVE-2013-0311
* NLS: improve UTF8 -> UTF16 string conversion routine
  - LP: #1134523
  - CVE-2013-1773

Author: Brad Figg
Revision Date: 2013-03-01 09:05:51 UTC

linux-ti-omap4 3.0.0-1222.36

Author: Brad Figg
Revision Date: 2013-03-01 09:05:51 UTC

linux-ti-omap4 3.0.0-1222.36

Author: Brad Figg
Revision Date: 2013-03-01 09:05:51 UTC

linux-ti-omap4 3.0.0-1222.36

Author: Brad Figg
Revision Date: 2013-02-28 14:03:30 UTC

Bump ABI - Oneiric ABI 32

Author: Brad Figg
Revision Date: 2013-02-28 14:03:30 UTC

Bump ABI - Oneiric ABI 32

Author: Brad Figg
Revision Date: 2013-02-28 14:03:30 UTC

Bump ABI - Oneiric ABI 32

Author: Brad Figg
Revision Date: 2013-02-28 13:57:00 UTC

[ Brad Figg ]

Bump ABI

Author: Brad Figg
Revision Date: 2013-02-28 13:57:00 UTC

[ Brad Figg ]

Bump ABI

Author: Brad Figg
Revision Date: 2013-02-28 13:57:00 UTC

[ Brad Figg ]

Bump ABI

Author: Marc Deslauriers
Revision Date: 2013-02-22 15:36:12 UTC

* SECURITY UPDATE: possible privilege escalation via source spoofing
  - debian/patches/CVE-2013-0292.patch: verify sender of NameOwnerChanged
    signals in dbus/dbus-gproxy.c.
  - CVE-2013-0292

Author: Marc Deslauriers
Revision Date: 2013-02-22 15:36:12 UTC

* SECURITY UPDATE: possible privilege escalation via source spoofing
  - debian/patches/CVE-2013-0292.patch: verify sender of NameOwnerChanged
    signals in dbus/dbus-gproxy.c.
  - CVE-2013-0292

Author: Marc Deslauriers
Revision Date: 2013-02-27 13:38:01 UTC

* SECURITY UPDATE: authentication bypass via clock set to epoch
  - debian/patches/CVE-2013-1775.patch: ignore time stamp file if it is
    set to epoch in check.c.
  - CVE-2013-1775

Author: Marc Deslauriers
Revision Date: 2013-02-27 13:38:01 UTC

* SECURITY UPDATE: authentication bypass via clock set to epoch
  - debian/patches/CVE-2013-1775.patch: ignore time stamp file if it is
    set to epoch in check.c.
  - CVE-2013-1775

Author: Alessio Treglia
Revision Date: 2013-02-03 03:06:30 UTC

pm_linux/Makefile: Fix linking order, regression introduced
by the previous upload. (LP: #1110326)

Author: Marc Deslauriers
Revision Date: 2013-02-25 11:52:02 UTC

* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
  - debian/patches/CVE-2013-1619.patch: avoid timing attacks in
    lib/gnutls_cipher.c, lib/gnutls_hash_int.h.
  - CVE-2013-1619

Author: Marc Deslauriers
Revision Date: 2013-02-25 11:52:02 UTC

* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
  - debian/patches/CVE-2013-1619.patch: avoid timing attacks in
    lib/gnutls_cipher.c, lib/gnutls_hash_int.h.
  - CVE-2013-1619

Author: Jamie Strandboge
Revision Date: 2013-02-13 15:05:15 UTC

* SECURITY UPDATE: patch from Debian
  - debian/patches/0001-Security-fix-for-CERT-issue-VU-922681: fix various
    stack-based buffer overflows in service_unique_name() function
  - CVE-2012-5958
  - CVE-2012-5959
  - CVE-2012-5960
  - CVE-2012-5961
  - CVE-2012-5962
  - CVE-2012-5963
  - CVE-2012-5964

Author: Jamie Strandboge
Revision Date: 2013-02-13 15:05:15 UTC

* SECURITY UPDATE: patch from Debian
  - debian/patches/0001-Security-fix-for-CERT-issue-VU-922681: fix various
    stack-based buffer overflows in service_unique_name() function
  - CVE-2012-5958
  - CVE-2012-5959
  - CVE-2012-5960
  - CVE-2012-5961
  - CVE-2012-5962
  - CVE-2012-5963
  - CVE-2012-5964

Author: Jamie Strandboge
Revision Date: 2013-02-13 14:37:59 UTC

* SECURITY UPDATE: patch from Debian
  - debian/patches/0001-Security-fix-for-CERT-issue-VU-922681: fix various
    stack-based buffer overflows in service_unique_name() function
  - CVE-2012-5958
  - CVE-2012-5959
  - CVE-2012-5960
  - CVE-2012-5961
  - CVE-2012-5962
  - CVE-2012-5963
  - CVE-2012-5964
  - CVE-2012-5965

Author: Jamie Strandboge
Revision Date: 2013-02-13 14:37:59 UTC

* SECURITY UPDATE: patch from Debian
  - debian/patches/0001-Security-fix-for-CERT-issue-VU-922681: fix various
    stack-based buffer overflows in service_unique_name() function
  - CVE-2012-5958
  - CVE-2012-5959
  - CVE-2012-5960
  - CVE-2012-5961
  - CVE-2012-5962
  - CVE-2012-5963
  - CVE-2012-5964
  - CVE-2012-5965

Author: Jamie Strandboge
Revision Date: 2013-02-13 10:48:42 UTC

* SECURITY UPDATE: Add an OkJson backend and remove the YAML backend to
  resolve improper conversion of JSON to YAML (LP: #1119256)
  - debian/patches/CVE-2013-0333.patch: added patch from Debian 2.3.14-6
  - CVE-2013-0333

Author: Marc Deslauriers
Revision Date: 2013-02-05 10:47:26 UTC

* SECURITY UPDATE: cross-site scripting issue via location.hash
  - debian/patches/CVE-2011-4969.patch: prioritize #id over <tag> in
    src/core.js and dist/jquery.js.
  - CVE-2011-4969

Author: Marc Deslauriers
Revision Date: 2013-02-05 10:47:26 UTC

* SECURITY UPDATE: cross-site scripting issue via location.hash
  - debian/patches/CVE-2011-4969.patch: prioritize #id over <tag> in
    src/core.js and dist/jquery.js.
  - CVE-2011-4969

Author: Marc Deslauriers
Revision Date: 2013-02-18 14:55:40 UTC

* SECURITY UPDATE: denial of service via invalid OCSP key
  - debian/patches/CVE-2013-0166.patch: properly handle NULL key in
    crypto/asn1/a_verify.c, crypto/ocsp/ocsp_vfy.c.
  - CVE-2013-0166
* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
  - debian/patches/CVE-2013-0169.patch: massive code changes
  - CVE-2013-0169

Author: Marc Deslauriers
Revision Date: 2013-02-18 14:55:40 UTC

* SECURITY UPDATE: denial of service via invalid OCSP key
  - debian/patches/CVE-2013-0166.patch: properly handle NULL key in
    crypto/asn1/a_verify.c, crypto/ocsp/ocsp_vfy.c.
  - CVE-2013-0166
* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
  - debian/patches/CVE-2013-0169.patch: massive code changes
  - CVE-2013-0169

Author: Jamie Strandboge
Revision Date: 2013-02-13 10:48:42 UTC

* SECURITY UPDATE: Add an OkJson backend and remove the YAML backend to
  resolve improper conversion of JSON to YAML (LP: #1119256)
  - debian/patches/CVE-2013-0333.patch: added patch from Debian 2.3.14-6
  - CVE-2013-0333

Author: Malcolm Scott
Revision Date: 2013-01-24 20:19:56 UTC

* SECURITY UPDATE: fix buffer overflow in rfc1413 (ident) client
  (LP: #1104425).
  - CVE-2013-1049

Author: Malcolm Scott
Revision Date: 2013-01-24 20:19:56 UTC

* SECURITY UPDATE: fix buffer overflow in rfc1413 (ident) client
  (LP: #1104425).
  - CVE-2013-1049

Author: dobey
Revision Date: 2013-02-04 15:04:45 UTC

* debian/patches/02_sync_save_button_sensitive.patch:
* debian/patches/03_u1_as_default_sync.patch:
* debian/patches/05_add_start_u1_note.patch:
* debian/patches/06_use_ubuntu_sso.patch:
  - Remove patches to default to Ubuntu One for notes sync. (LP: #1115460)

Author: Christian Kuersteiner
Revision Date: 2013-02-06 11:25:54 UTC

* SECURITY UPDATE: Fix for NULL pointer Denial of Service in TraceManager
  (LP: #1115902)
  - debian/patches/CVE-2012-5529.patch: Handle empty query safely. Based on
    upstream patch.
  - CVE-2012-5529

Author: Christian Kuersteiner
Revision Date: 2013-02-06 11:25:54 UTC

* SECURITY UPDATE: Fix for NULL pointer Denial of Service in TraceManager
  (LP: #1115902)
  - debian/patches/CVE-2012-5529.patch: Handle empty query safely. Based on
    upstream patch.
  - CVE-2012-5529

Author: Marc Deslauriers
Revision Date: 2013-02-04 09:45:37 UTC

* SECURITY UPDATE: denial of service via sync i/o commands
  - debian/patches/CVE-2013-0241.patch: use new async IO calls in
    src/qxl.h, src/qxl_driver.c, src/qxl_surface.c.
  - Thanks to Red Hat for backported patch.
  - CVE-2013-0241

Author: Marc Deslauriers
Revision Date: 2013-02-04 09:45:37 UTC

* SECURITY UPDATE: denial of service via sync i/o commands
  - debian/patches/CVE-2013-0241.patch: use new async IO calls in
    src/qxl.h, src/qxl_driver.c, src/qxl_surface.c.
  - Thanks to Red Hat for backported patch.
  - CVE-2013-0241

Author: dobey
Revision Date: 2013-02-04 15:04:45 UTC

* debian/patches/02_sync_save_button_sensitive.patch:
* debian/patches/03_u1_as_default_sync.patch:
* debian/patches/05_add_start_u1_note.patch:
* debian/patches/06_use_ubuntu_sso.patch:
  - Remove patches to default to Ubuntu One for notes sync. (LP: #1115460)

Author: Alessio Treglia
Revision Date: 2013-02-03 03:06:30 UTC

pm_linux/Makefile: Fix linking order, regression introduced
by the previous upload. (LP: #1110326)