Branches for Precise

Author: Tyler Hicks
Revision Date: 2015-05-15 14:43:17 UTC

fake sync from Debian

Author: Tyler Hicks
Revision Date: 2015-05-15 14:43:17 UTC

fake sync from Debian

Author: Steve Beattie
Revision Date: 2015-05-12 12:41:51 UTC

fake sync from Debian

Author: Steve Beattie
Revision Date: 2015-05-12 12:41:51 UTC

fake sync from Debian

Author: Marc Deslauriers
Revision Date: 2015-05-01 10:37:44 UTC

* SECURITY UPDATE: denial of service and memory disclosure via malformed
  DNS requests
  - src/rfc1035.c: properly handle skip_questions return value.
  - ad4a8ff7d9097008d7623df8543df435bfddeac8
  - CVE-2015-3294

Author: Martin Pitt
Revision Date: 2015-04-07 12:19:39 UTC

Add git-check-dirty-bit.patch: Check boot sector for dirty bit, to allow
dosfsck to repair partitions which didn't get unmounted properly.
(LP: #1322976)

Author: Chris Halse Rogers
Revision Date: 2015-04-14 11:17:20 UTC

* debian/control: Update Homepage: to not point at spam URL. (LP: #1442873)
* debian/patches/04_fix_website_address.patch:
  - Update help links to not point at spam URL. (LP: #1363589)

Author: Mathieu Trudel-Lapierre
Revision Date: 2015-04-27 12:49:12 UTC

Find and use the syslinux from the source squashfs. (LP: #1325801)

Author: Marc Deslauriers
Revision Date: 2015-05-01 11:06:09 UTC

* SECURITY UPDATE: XEE due to expand_entities parameter being ignored
  - debian/patches/CVE-20xx-xxxx.patch: preserve unset options after a
    _clone() call in LibXML.pm, added test to t/43options.t.
  - CVE-2015-3451

Author: Marc Deslauriers
Revision Date: 2015-05-01 11:06:09 UTC

* SECURITY UPDATE: XEE due to expand_entities parameter being ignored
  - debian/patches/CVE-20xx-xxxx.patch: preserve unset options after a
    _clone() call in LibXML.pm, added test to t/43options.t.
  - CVE-2015-3451

Author: Marc Deslauriers
Revision Date: 2015-04-24 15:15:57 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  multiple issues (LP: #1444363)
  - debian/patches/60_cve-2015-0261.diff: check lengths in
    print-mobility.c.
  - debian/patches/60_cve-2015-2153.diff: check length in
    print-rpki-rtr.c.
  - debian/patches/60_cve-2015-2153-fix-regression.diff: more length
    checks in print-rpki-rtr.c.
  - debian/patches/60_cve-2015-2154.diff: check lengths in
    print-isoclns.c.
  - debian/patches/60_cve-2015-2155.diff: make sure ops->print is valid
    in print-forces.c.
  - CVE-2015-0261
  - CVE-2015-2153
  - CVE-2015-2154
  - CVE-2015-2155

Author: Saikrishna Arcot
Revision Date: 2015-05-22 02:14:34 UTC

Fix symlink to werken.xpath.jar (LP: #1455275).

Author: Felipe Reyes
Revision Date: 2015-05-19 11:53:17 UTC

* SECURITY UPDATE: denial of service via an LDAP search query
  with attrsOnly set to true. (LP: #1446809)
  - debian/patches/CVE-2012-1164.1.patch: don't leave empty slots in
    normalized attr values
  - debian/patches/CVE-2012-1164.2.patch: add FIXME comment, note that
    current patch is not ideal
  - debian/patches/CVE-2012-1164.3.patch: fix attr_dup2 when no values are
    present (attrsOnly = TRUE)
  - CVE-2012-1164
* SECURITY UPDATE: fix rwm overlay reference counting
  - debian/patches/CVE-2013-4449.patch: fix reference counting
  - CVE-2013-4449
* SECURITY UPDATE: fix NULL pointer dereference in deref_parseCtrl()
  - debian/patches/CVE-2015-1545.patch: require non-empty AttributeList
  - CVE-2015-1545

Author: Stefano Rivera
Revision Date: 2015-05-07 10:17:03 UTC

* Copy data from 0.27 (LP: #1452825)
  - Add Debian 8 "jessie"s release date.
  - Add Debian 9 "stretch" and 10 "buster", with provisional release dates.
  - Update Ubuntu 15.04 "vivid"s release and EOL dates.
  - Add Ubuntu 15.10 "Wily Werewolf", with a provisional release date.

Author: Marc Deslauriers
Revision Date: 2015-05-04 15:50:41 UTC

* Updated to 0.98.7 to fix multiple issues
  - CVE-2015-2170
  - CVE-2015-2221
  - CVE-2015-2222
  - CVE-2015-2305
  - CVE-2015-2668
* Refreshed patches for 0.98.7:
  - d/p/0010-hardcode-LLVM-linker-flag-because-llvm-config-return.patch
  - d/p/0018-llvm-don-t-use-system-libs.patch

Author: Marc Deslauriers
Revision Date: 2015-05-04 15:50:41 UTC

* Updated to 0.98.7 to fix multiple issues
  - CVE-2015-2170
  - CVE-2015-2221
  - CVE-2015-2222
  - CVE-2015-2305
  - CVE-2015-2668
* Refreshed patches for 0.98.7:
  - d/p/0010-hardcode-LLVM-linker-flag-because-llvm-config-return.patch
  - d/p/0018-llvm-don-t-use-system-libs.patch

Author: Marc Deslauriers
Revision Date: 2015-05-01 10:37:44 UTC

* SECURITY UPDATE: denial of service and memory disclosure via malformed
  DNS requests
  - src/rfc1035.c: properly handle skip_questions return value.
  - ad4a8ff7d9097008d7623df8543df435bfddeac8
  - CVE-2015-3294

Author: Marc Deslauriers
Revision Date: 2015-04-29 14:03:35 UTC

* SECURITY UPDATE: NTLM connection reuse when unauthenticated
  - debian/patches/CVE-2015-3143.patch: require credentials to match in
    lib/url.c.
  - CVE-2015-3143
* SECURITY UPDATE: negotiate not treated as connection-oriented
  - debian/patches/CVE-2015-3148.patch: don't clear GSSAPI state between
    each exchange and close Negotiate connections when done in
    lib/http.c, lib/http_negotiate.c, lib/http_negotiate_sspi.c.
  - CVE-2015-3148

Author: Marc Deslauriers
Revision Date: 2015-04-29 14:03:35 UTC

* SECURITY UPDATE: NTLM connection reuse when unauthenticated
  - debian/patches/CVE-2015-3143.patch: require credentials to match in
    lib/url.c.
  - CVE-2015-3143
* SECURITY UPDATE: negotiate not treated as connection-oriented
  - debian/patches/CVE-2015-3148.patch: don't clear GSSAPI state between
    each exchange and close Negotiate connections when done in
    lib/http.c, lib/http_negotiate.c, lib/http_negotiate_sspi.c.
  - CVE-2015-3148

Author: Martin Pitt
Revision Date: 2015-04-28 14:08:35 UTC

releasing package pkg-create-dbgsym version 0.50.1

Author: Kaj Ailomaa
Revision Date: 2015-04-28 10:40:18 UTC

Bump ABI

Author: Kaj Ailomaa
Revision Date: 2015-04-28 10:40:18 UTC

Bump ABI

Author: Kaj Ailomaa
Revision Date: 2015-04-28 10:40:18 UTC

Bump ABI

Author: Marc Deslauriers
Revision Date: 2015-04-24 15:15:57 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  multiple issues (LP: #1444363)
  - debian/patches/60_cve-2015-0261.diff: check lengths in
    print-mobility.c.
  - debian/patches/60_cve-2015-2153.diff: check length in
    print-rpki-rtr.c.
  - debian/patches/60_cve-2015-2153-fix-regression.diff: more length
    checks in print-rpki-rtr.c.
  - debian/patches/60_cve-2015-2154.diff: check lengths in
    print-isoclns.c.
  - debian/patches/60_cve-2015-2155.diff: make sure ops->print is valid
    in print-forces.c.
  - CVE-2015-0261
  - CVE-2015-2153
  - CVE-2015-2154
  - CVE-2015-2155

Author: Marc Deslauriers
Revision Date: 2015-04-24 12:02:12 UTC

* SECURITY UPDATE: arbitrary code execution and incorrect signature
  verification
  - debian/patches/CVE-2015-340x.patch: properly handle temp files and
    headers in lib/Module/Signature.pm, Makefile.PL.
  - debian/patches/CVE-2015-3409.patch: don't load modules from relative
    paths in lib/Module/Signature.pm.
  - CVE-2015-3406
  - CVE-2015-3407
  - CVE-2015-3408
  - CVE-2015-3409

Author: Marc Deslauriers
Revision Date: 2015-04-24 12:02:12 UTC

* SECURITY UPDATE: arbitrary code execution and incorrect signature
  verification
  - debian/patches/CVE-2015-340x.patch: properly handle temp files and
    headers in lib/Module/Signature.pm, Makefile.PL.
  - debian/patches/CVE-2015-3409.patch: don't load modules from relative
    paths in lib/Module/Signature.pm.
  - CVE-2015-3406
  - CVE-2015-3407
  - CVE-2015-3408
  - CVE-2015-3409

Author: Marc Deslauriers
Revision Date: 2015-04-22 23:18:51 UTC

* SECURITY UPDATE: privilege escalation via missing polkit check
  (LP: #1447396)
  - bin/usb-creator-helper, dbus/com.ubuntu.usbcreator.policy.in: add
    proper polkit integration for KVM use.
  - CVE number pending

Author: Marc Deslauriers
Revision Date: 2015-04-22 23:18:51 UTC

* SECURITY UPDATE: privilege escalation via missing polkit check
  (LP: #1447396)
  - bin/usb-creator-helper, dbus/com.ubuntu.usbcreator.policy.in: add
    proper polkit integration for KVM use.
  - CVE number pending

Author: Marc Deslauriers
Revision Date: 2015-04-15 11:44:46 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  incorrect nal size
  - debian/patches/CVE-2015-0797.patch: check nal size in
    gst/videoparsers/gsth264parse.c.
  - CVE-2015-0797

Author: Marc Deslauriers
Revision Date: 2015-04-15 11:44:46 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  incorrect nal size
  - debian/patches/CVE-2015-0797.patch: check nal size in
    gst/videoparsers/gsth264parse.c.
  - CVE-2015-0797

Author: Marc Deslauriers
Revision Date: 2015-04-13 07:54:36 UTC

* SECURITY UPDATE: buffer overflow in MakeBigReq (LP: #1441381)
  - debian/control: change Build-Depends to libx11 security update
  - CVE-2013-7439

Author: Marc Deslauriers
Revision Date: 2015-04-13 08:17:25 UTC

* SECURITY UPDATE: buffer overflow in MakeBigReq (LP: #1441381)
  - debian/control: change Build-Depends to libx11 security update
  - CVE-2013-7439

Author: Marc Deslauriers
Revision Date: 2015-04-13 08:17:25 UTC

* SECURITY UPDATE: buffer overflow in MakeBigReq (LP: #1441381)
  - debian/control: change Build-Depends to libx11 security update
  - CVE-2013-7439

Author: Marc Deslauriers
Revision Date: 2015-04-13 07:54:36 UTC

* SECURITY UPDATE: buffer overflow in MakeBigReq (LP: #1441381)
  - debian/control: change Build-Depends to libx11 security update
  - CVE-2013-7439

Author: Marc Deslauriers
Revision Date: 2015-04-13 08:09:50 UTC

* SECURITY UPDATE: buffer overflow in MakeBigReq (LP: #1441381)
  - debian/control: change Build-Depends to libx11 security update
  - CVE-2013-7439

Author: Marc Deslauriers
Revision Date: 2015-04-13 07:52:26 UTC

* SECURITY UPDATE: buffer overflow in MakeBigReq (LP: #1441381)
  - No change rebuild against libx11 in release pocket
  - debian/control: change Build-Depends to libx11 security update
  - CVE-2013-7439

Author: Marc Deslauriers
Revision Date: 2015-04-08 08:05:09 UTC

No change rebuild in the -security pocket

Author: Marc Deslauriers
Revision Date: 2015-04-13 08:44:10 UTC

* SECURITY UPDATE: buffer overflow in MakeBigReq (LP: #1441381)
  - debian/control: change Build-Depends to libx11 security update
  - CVE-2013-7439

Author: Marc Deslauriers
Revision Date: 2015-04-13 08:40:40 UTC

* SECURITY UPDATE: buffer overflow in MakeBigReq (LP: #1441381)
  - debian/control: change Build-Depends to libx11 security update
  - CVE-2013-7439

Author: Marc Deslauriers
Revision Date: 2015-04-13 08:15:51 UTC

* SECURITY UPDATE: buffer overflow in MakeBigReq (LP: #1441381)
  - debian/control: change Build-Depends to libx11 security update
  - CVE-2013-7439

Author: Marc Deslauriers
Revision Date: 2015-04-13 08:20:34 UTC

* SECURITY UPDATE: buffer overflow in MakeBigReq (LP: #1441381)
  - debian/control: change Build-Depends to libx11 security update
  - CVE-2013-7439

Author: Marc Deslauriers
Revision Date: 2015-04-08 08:23:37 UTC

* SECURITY UPDATE: buffer overflow in MakeBigReq (LP: #1441381)
  - debian/control: change Build-Depends to libx11 security update
  - CVE number pending

Author: Marc Deslauriers
Revision Date: 2015-04-08 08:01:09 UTC

* SECURITY UPDATE: buffer overflow in MakeBigReq (LP: #1441381)
  - debian/patches/makebigreq_overflow.patch: don't move the last word in
    MakeBigReq in include/X11/Xlibint.h.
  - CVE number pending

Author: Marc Deslauriers
Revision Date: 2015-04-13 09:06:54 UTC

* SECURITY UPDATE: symmetric key unauthenticated packet MITM attack
  - debian/patches/CVE-2015-1798.patch: reject packets without MAC in
    ntpd/ntp_proto.c.
  - CVE-2015-1798
* SECURITY UPDATE: symmetric association DoS attack
  - debian/patches/CVE-2015-1799.patch: don't update state variables when
    authentication fails in ntpd/ntp_proto.c.
  - CVE-2015-1799
* SECURITY UPDATE: ntp-keygen infinite loop or lack of randonmess on big
  endian platforms
  - debian/patches/ntp-keygen-endless-loop.patch: fix logic in
    util/ntp-keygen.c.
  - CVE number pending

Author: Marc Deslauriers
Revision Date: 2015-04-13 09:06:54 UTC

* SECURITY UPDATE: symmetric key unauthenticated packet MITM attack
  - debian/patches/CVE-2015-1798.patch: reject packets without MAC in
    ntpd/ntp_proto.c.
  - CVE-2015-1798
* SECURITY UPDATE: symmetric association DoS attack
  - debian/patches/CVE-2015-1799.patch: don't update state variables when
    authentication fails in ntpd/ntp_proto.c.
  - CVE-2015-1799
* SECURITY UPDATE: ntp-keygen infinite loop or lack of randonmess on big
  endian platforms
  - debian/patches/ntp-keygen-endless-loop.patch: fix logic in
    util/ntp-keygen.c.
  - CVE number pending

Author: Marc Deslauriers
Revision Date: 2015-04-13 08:44:10 UTC

* SECURITY UPDATE: buffer overflow in MakeBigReq (LP: #1441381)
  - debian/control: change Build-Depends to libx11 security update
  - CVE-2013-7439

Author: Marc Deslauriers
Revision Date: 2015-04-13 08:40:40 UTC

* SECURITY UPDATE: buffer overflow in MakeBigReq (LP: #1441381)
  - debian/control: change Build-Depends to libx11 security update
  - CVE-2013-7439

Author: Marc Deslauriers
Revision Date: 2015-04-13 08:20:34 UTC

* SECURITY UPDATE: buffer overflow in MakeBigReq (LP: #1441381)
  - debian/control: change Build-Depends to libx11 security update
  - CVE-2013-7439

Author: Marc Deslauriers
Revision Date: 2015-04-13 08:15:51 UTC

* SECURITY UPDATE: buffer overflow in MakeBigReq (LP: #1441381)
  - debian/control: change Build-Depends to libx11 security update
  - CVE-2013-7439

Author: Marc Deslauriers
Revision Date: 2015-04-13 08:09:50 UTC

* SECURITY UPDATE: buffer overflow in MakeBigReq (LP: #1441381)
  - debian/control: change Build-Depends to libx11 security update
  - CVE-2013-7439

Author: Marc Deslauriers
Revision Date: 2015-04-13 07:52:26 UTC

* SECURITY UPDATE: buffer overflow in MakeBigReq (LP: #1441381)
  - No change rebuild against libx11 in release pocket
  - debian/control: change Build-Depends to libx11 security update
  - CVE-2013-7439

Author: Marc Deslauriers
Revision Date: 2015-04-08 08:23:37 UTC

* SECURITY UPDATE: buffer overflow in MakeBigReq (LP: #1441381)
  - debian/control: change Build-Depends to libx11 security update
  - CVE number pending

Author: Marc Deslauriers
Revision Date: 2015-04-08 08:05:09 UTC

No change rebuild in the -security pocket

Author: Marc Deslauriers
Revision Date: 2015-04-08 08:01:09 UTC

* SECURITY UPDATE: buffer overflow in MakeBigReq (LP: #1441381)
  - debian/patches/makebigreq_overflow.patch: don't move the last word in
    MakeBigReq in include/X11/Xlibint.h.
  - CVE number pending

Author: Pali
Revision Date: 2015-04-05 18:27:32 UTC

* bzr merge lp:ubuntu/precise-updates/lsb

Author: Pali
Revision Date: 2015-04-05 18:13:56 UTC

* bzr merge lp:ubuntu/precise-updates/initramfs-tools

Author: Pali
Revision Date: 2015-04-05 18:00:44 UTC

* bzr merge lp:ubuntu/precise/kubuntu-default-settings

Author: Pali
Revision Date: 2015-04-05 17:14:06 UTC

* bzr merge lp:ubuntu/precise-updates/plymouth

Author: Marc Deslauriers
Revision Date: 2015-04-01 14:08:49 UTC

* SECURITY REGRESSION: regression when saving TIFF files with compression
  predictor (LP: #1439186)
  - debian/patches/CVE-2014-8128-5.patch: disable until proper upstream
    fix is available.

Author: Robert Ancell
Revision Date: 2015-03-17 14:21:43 UTC

* debian/patches/15_gsources.patch:
  - Correctly remove GSources on finalize (LP: #1431654)

Author: Marc Deslauriers
Revision Date: 2015-04-01 14:08:49 UTC

* SECURITY REGRESSION: regression when saving TIFF files with compression
  predictor (LP: #1439186)
  - debian/patches/CVE-2014-8128-5.patch: disable until proper upstream
    fix is available.

Author: Marc Deslauriers
Revision Date: 2015-03-27 08:20:03 UTC

* Screen responses from keyservers (LP: #1409117)
  - d/p/0001-Screen-keyserver-responses.patch
  - d/p/0002-Make-screening-of-keyserver-result-work-with-multi-k.patch
  - d/p/0003-Add-kbnode_t-for-easier-backporting.patch
  - d/p/0004-gpg-Fix-regression-due-to-the-keyserver-import-filte.patch
* Fix large key size regression from CVE-2014-5270 changes (LP: #1371766)
  - d/p/Add-build-and-runtime-support-for-larger-RSA-key.patch
  - debian/rules: build with --enable-large-secmem
* SECURITY UPDATE: invalid memory read via invalid keyring
  - debian/patches/CVE-2015-1606.patch: skip all packets not allowed in
    a keyring in g10/keyring.c.
  - CVE-2015-1606
* SECURITY UPDATE: memcpy with overlapping ranges
  - debian/patches/CVE-2015-1607.patch: use inline functions to convert
    buffer data to scalars in common/iobuf.c, g10/build-packet.c,
    g10/getkey.c, g10/keygen.c, g10/keyid.c, g10/main.h, g10/misc.c,
    g10/parse-packet.c, g10/tdbio.c, g10/trustdb.c, include/host2net.h,
    kbx/keybox-dump.c, kbx/keybox-openpgp.c, kbx/keybox-search.c,
    kbx/keybox-update.c, scd/apdu.c, scd/app-openpgp.c,
    scd/ccid-driver.c, scd/pcsc-wrapper.c, tools/ccidmon.c.
  - CVE-2015-1607

Author: Marc Deslauriers
Revision Date: 2015-03-27 08:20:03 UTC

* Screen responses from keyservers (LP: #1409117)
  - d/p/0001-Screen-keyserver-responses.patch
  - d/p/0002-Make-screening-of-keyserver-result-work-with-multi-k.patch
  - d/p/0003-Add-kbnode_t-for-easier-backporting.patch
  - d/p/0004-gpg-Fix-regression-due-to-the-keyserver-import-filte.patch
* Fix large key size regression from CVE-2014-5270 changes (LP: #1371766)
  - d/p/Add-build-and-runtime-support-for-larger-RSA-key.patch
  - debian/rules: build with --enable-large-secmem
* SECURITY UPDATE: invalid memory read via invalid keyring
  - debian/patches/CVE-2015-1606.patch: skip all packets not allowed in
    a keyring in g10/keyring.c.
  - CVE-2015-1606
* SECURITY UPDATE: memcpy with overlapping ranges
  - debian/patches/CVE-2015-1607.patch: use inline functions to convert
    buffer data to scalars in common/iobuf.c, g10/build-packet.c,
    g10/getkey.c, g10/keygen.c, g10/keyid.c, g10/main.h, g10/misc.c,
    g10/parse-packet.c, g10/tdbio.c, g10/trustdb.c, include/host2net.h,
    kbx/keybox-dump.c, kbx/keybox-openpgp.c, kbx/keybox-search.c,
    kbx/keybox-update.c, scd/apdu.c, scd/app-openpgp.c,
    scd/ccid-driver.c, scd/pcsc-wrapper.c, tools/ccidmon.c.
  - CVE-2015-1607

Author: Marc Deslauriers
Revision Date: 2015-03-24 10:52:23 UTC

* SECURITY UPDATE: XML external entity information disclosure
  - debian/patches/cve_2015_0250.patch: disable external entities in
    sources/org/apache/batik/dom/util/SAXDocumentFactory.java.
  - Thanks to Debian for the patch backport.
  - CVE-2015-0250

Author: Marc Deslauriers
Revision Date: 2015-03-24 10:52:23 UTC

* SECURITY UPDATE: XML external entity information disclosure
  - debian/patches/cve_2015_0250.patch: disable external entities in
    sources/org/apache/batik/dom/util/SAXDocumentFactory.java.
  - Thanks to Debian for the patch backport.
  - CVE-2015-0250

Author: Seyeong Kim
Revision Date: 2015-03-16 08:18:00 UTC

Backport foo_client_setup from 0.9.8.8 src/applet.c (LP: #1424119)

Author: Joseph S Tate
Revision Date: 2015-03-18 19:10:04 UTC

Backport to precise

Author: Marc Deslauriers
Revision Date: 2015-03-18 07:33:04 UTC

* SECURITY UPDATE: arbitrary code exection via invalid property count
  - debian/patches/CVE-2015-1802.patch: check for integer overflow in
    src/bitmap/bdfread.c.
  - CVE-2015-1802
* SECURITY UPDATE: arbitrary code execution via bitmap data parse failure
  - debian/patches/CVE-2015-1803.patch: bail out if bitmap can't be read
    in src/bitmap/bdfread.c.
  - CVE-2015-1803
* SECURITY UPDATE: arbitrary code execution via invalid metrics
  - debian/patches/CVE-2015-1804.patch: ensure metrics fit in struct in
    src/bitmap/bdfread.c.
  - CVE-2015-1804

Author: Marc Deslauriers
Revision Date: 2015-03-18 07:33:04 UTC

* SECURITY UPDATE: arbitrary code exection via invalid property count
  - debian/patches/CVE-2015-1802.patch: check for integer overflow in
    src/bitmap/bdfread.c.
  - CVE-2015-1802
* SECURITY UPDATE: arbitrary code execution via bitmap data parse failure
  - debian/patches/CVE-2015-1803.patch: bail out if bitmap can't be read
    in src/bitmap/bdfread.c.
  - CVE-2015-1803
* SECURITY UPDATE: arbitrary code execution via invalid metrics
  - debian/patches/CVE-2015-1804.patch: ensure metrics fit in struct in
    src/bitmap/bdfread.c.
  - CVE-2015-1804

Author: Marc Deslauriers
Revision Date: 2015-03-16 09:16:01 UTC

* Rebuild against new libav
  - debian/control: bump Build-Depends

Author: Marc Deslauriers
Revision Date: 2015-03-16 09:16:01 UTC

* Rebuild against new libav
  - debian/control: bump Build-Depends

Author: Seyeong Kim
Revision Date: 2015-03-16 08:18:00 UTC

Backport foo_client_setup from 0.9.8.8 src/applet.c (LP: #1424119)

Author: Christian Hertel
Revision Date: 2015-03-11 16:07:14 UTC

SECURITY UPDATE: Fixed default configuration to prevent exposing
files from /. (LP: #1430750)

Author: Christian Hertel
Revision Date: 2015-03-11 16:07:14 UTC

SECURITY UPDATE: Fixed default configuration to prevent exposing
files from /. (LP: #1430750)

Author: Marc Deslauriers
Revision Date: 2015-03-12 11:32:42 UTC

* SECURITY UPDATE: arbitrary file access via TZ
  - debian/patches/CVE-2014-9680.patch: sanity check TZ env variable in
    configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in,
    pathnames.h.in, plugins/sudoers/env.c.
  - CVE-2014-9680

Author: Marc Deslauriers
Revision Date: 2015-03-12 11:32:42 UTC

* SECURITY UPDATE: arbitrary file access via TZ
  - debian/patches/CVE-2014-9680.patch: sanity check TZ env variable in
    configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in,
    pathnames.h.in, plugins/sudoers/env.c.
  - CVE-2014-9680

Author: James Hunt
Revision Date: 2015-03-11 14:01:13 UTC

releasing package upstart version 1.5-0ubuntu7.3

Author: James Hunt
Revision Date: 2013-01-17 11:40:36 UTC

Cherry-pick newer test code to fix test failure seen
on ARM (LP: #980917).

Author: Tyler Hicks
Revision Date: 2015-03-04 16:38:14 UTC

* SECURITY UPDATE: Mount passphrase wrapped with a default salt value
  - debian/patches/CVE-2014-9687.patch: Generate a random salt when wrapping
    the mount passphrase. If a user has a mount passphrase that was wrapped
    using the default salt, their mount passphrase will be rewrapped using a
    random salt when they log in with their password.
  - debian/patches/CVE-2014-9687.patch: Create a temporary file when
    creating a new wrapped-passphrase file and copy it to its final
    destination after the file has been fully synced to disk (LP: #1020902)
  - debian/rules: Set the executable bit on the wrap-unwrap.sh and
    v1-to-v2-wrapped-passphrase.sh test scripts that were created by
    wrapping-passphrase-salt.patch
  - CVE-2014-9687

Author: Bryan Quigley
Revision Date: 2015-02-25 15:51:46 UTC

Fix "fails to install, postinst, invoke-rc.d rrdcached start, start-
stop-daemon, segfault":
(re-)create /var/lib/rrdcached/{journal,db} in init script.
(LP: #985341)

Author: Marc Deslauriers
Revision Date: 2015-02-26 13:05:15 UTC

* Fix DTLS handshake on amd64 (LP: #1425914)
  - debian/patches/lp1425914.patch: backport upstream patch that fixes
    alignment issue causing an assert in ssl/ssl_ciph.c.

Author: Tyler Hicks
Revision Date: 2015-03-04 16:38:14 UTC

* SECURITY UPDATE: Mount passphrase wrapped with a default salt value
  - debian/patches/CVE-2014-9687.patch: Generate a random salt when wrapping
    the mount passphrase. If a user has a mount passphrase that was wrapped
    using the default salt, their mount passphrase will be rewrapped using a
    random salt when they log in with their password.
  - debian/patches/CVE-2014-9687.patch: Create a temporary file when
    creating a new wrapped-passphrase file and copy it to its final
    destination after the file has been fully synced to disk (LP: #1020902)
  - debian/rules: Set the executable bit on the wrap-unwrap.sh and
    v1-to-v2-wrapped-passphrase.sh test scripts that were created by
    wrapping-passphrase-salt.patch
  - CVE-2014-9687

Author: Bryan Quigley
Revision Date: 2015-02-25 15:51:46 UTC

Fix "fails to install, postinst, invoke-rc.d rrdcached start, start-
stop-daemon, segfault":
(re-)create /var/lib/rrdcached/{journal,db} in init script.
(LP: #985341)

Author: Marc Deslauriers
Revision Date: 2015-02-16 13:45:56 UTC

* SECURITY UPDATE: heap overflow via block group descriptor information
  - debian/patches/CVE-2015-0247.patch: limit first_meta_bg in
    lib/ext2fs/closefs.c, lib/ext2fs/openfs.c.
  - CVE-2015-0247
* SECURITY UPDATE: buffer overflow in closefs()
  - debian/patches/CVE-2015-1572.patch: properly check against
    fs->desc_blocks in lib/ext2fs/closefs.c.
  - CVE-2015-1572

Author: Marc Deslauriers
Revision Date: 2015-02-20 08:21:16 UTC

* Update ca-certificates database to 20141019 (LP: #1423904):
  - backport changes from the Ubuntu 15.04 20141019 package

Author: Seyeong Kim
Revision Date: 2015-02-17 08:01:59 UTC

support postfix/protocols (LP: #583216)

Author: Marc Deslauriers
Revision Date: 2015-02-20 08:21:16 UTC

* Update ca-certificates database to 20141019 (LP: #1423904):
  - backport changes from the Ubuntu 15.04 20141019 package

Author: Marc Deslauriers
Revision Date: 2015-02-17 14:19:20 UTC

* SECURITY UPDATE: heap overflow in charset_to_intern()
  - debian/patches/04-unzip60-alt-iconv-utf8: updated to fix buffer
    overflow in unix/unix.c.
  - CVE-2015-1315
* SECURITY REGRESSION: regression with executable jar files
  - debian/patches/09-cve-2014-8139-crc-overflow: updated to fix
    regression.
* SECURITY REGRESSION: regression with certain compressed data headers
  - debian/patches/12-cve-2014-9636-test-compr-eb: updated to fix
    regression.

Author: Marc Deslauriers
Revision Date: 2015-02-17 14:19:20 UTC

* SECURITY UPDATE: heap overflow in charset_to_intern()
  - debian/patches/04-unzip60-alt-iconv-utf8: updated to fix buffer
    overflow in unix/unix.c.
  - CVE-2015-1315
* SECURITY REGRESSION: regression with executable jar files
  - debian/patches/09-cve-2014-8139-crc-overflow: updated to fix
    regression.
* SECURITY REGRESSION: regression with certain compressed data headers
  - debian/patches/12-cve-2014-9636-test-compr-eb: updated to fix
    regression.

Author: Seyeong Kim
Revision Date: 2015-02-17 08:01:59 UTC

support postfix/protocols (LP: #583216)

Author: Marc Deslauriers
Revision Date: 2015-02-12 09:44:55 UTC

* SECURITY UPDATE: information leak and denial of service in
  XkbSetGeometry
  - debian/patches/CVE-2015-0255.patch: properly check lengths in
    xkb/xkb.c.
  - CVE-2015-0255
* debian/patches/CVE-2014-8xxx/0038-CVE-2014-8092-*: fix regression in
  previous security update by allowing zero-height PutImage requests in
  dix/dispatch.c.

Author: Marc Deslauriers
Revision Date: 2015-02-12 09:44:55 UTC

* SECURITY UPDATE: information leak and denial of service in
  XkbSetGeometry
  - debian/patches/CVE-2015-0255.patch: properly check lengths in
    xkb/xkb.c.
  - CVE-2015-0255
* debian/patches/CVE-2014-8xxx/0038-CVE-2014-8092-*: fix regression in
  previous security update by allowing zero-height PutImage requests in
  dix/dispatch.c.

Author: Thomas Ward
Revision Date: 2015-02-09 12:02:52 UTC

* d/modules/nginx-http-push: Apply upstream bugfix. (LP: #1216817)
  * src/ngx_http_push_module_setup.c: Modify push module code with
    upstream changes to fix an issue with initialization when using
    `fastcgi_cache` or `proxy_cache`.
  * tests/nginx-cachemanager.conf: (new file) Include upstream change
    of adding an nginx-cachemanager.conf file to the tests.

Author: Stéphane Graber
Revision Date: 2015-02-10 13:42:15 UTC

ignore_erofs.patch: Same as ignore_eaccess but for the case where
part of /proc is read/only. (LP: #1419554)

Author: Stéphane Graber
Revision Date: 2015-02-10 13:42:15 UTC

ignore_erofs.patch: Same as ignore_eaccess but for the case where
part of /proc is read/only. (LP: #1419554)

Author: Joe Damato
Revision Date: 2015-02-05 16:28:53 UTC

Applying patch to swap select with poll to handle more than 1024
connections and avoid data corruption or a segfault. (LP: #1418778).

Author: Joe Damato
Revision Date: 2015-02-05 16:28:53 UTC

Applying patch to swap select with poll to handle more than 1024
connections and avoid data corruption or a segfault. (LP: #1418778).

Author: Thomas Ward
Revision Date: 2015-02-09 12:02:52 UTC

* d/modules/nginx-http-push: Apply upstream bugfix. (LP: #1216817)
  * src/ngx_http_push_module_setup.c: Modify push module code with
    upstream changes to fix an issue with initialization when using
    `fastcgi_cache` or `proxy_cache`.
  * tests/nginx-cachemanager.conf: (new file) Include upstream change
    of adding an nginx-cachemanager.conf file to the tests.

Author: Scott Moser
Revision Date: 2015-02-06 15:51:12 UTC

releasing package juju-core version 1.20.11-0ubuntu0.14.04.1~ctools0

Author: Seyeong Kim
Revision Date: 2015-01-20 11:11:41 UTC

* Show network manager applet in greeter: (LP: #1240088)
* debian/control:
  - Recommend network-manager-gnome version that supports working in greeter
* debian/install:
* debian/unity-greeter.pkla:
  - Install PolicyKit policy for unity-greeter
* debian/patches/show-nm-applet.patch:
  - Show network manager applet