Branches for Precise

Author: Dario Minnucci
Revision Date: 2011-06-09 02:13:03 UTC

New upstream release (7540). (Closes: #629826)

Author: Chris Glass
Revision Date: 2014-12-15 09:24:30 UTC

* New upstream version (LP: #1401523):
  - Fix regression occurring when performing Landscape-driven release
    upgrades (LP: #1389686)
  - Fix regression occurring when switching the client between different
    Landscape servers (LP: #1376134)
  - Support reporting QEMU virtualization (LP: #1374501)
  - Bump Juju integration message format (LP: #1369635, LP: #1362506)
  - Drop provisioning registration message (LP: #1344054)
  - Drop cloud registration message (LP: #1342646)
  - Fix handling broken packages (LP: #1326940)
  - Add new Swift usage message type (LP: #1320236)
  - Fix platform detection on POWER machines (LP: #1271615)
  - Fix platform detection for arm64 machines (LP: #1306824)
  - Added a mechanism to set the client's user-agent (LP: #1399139)
  - Fixed release-upgrader not asking for a seesion ID before attempting to
    send a message (LP: #1401867)

Author: Luis Henriques
Revision Date: 2015-01-29 17:00:44 UTC

* Upstream v3.2.66 porting (LP: #1416003):
  - follow move of d_alias to d_u

Author: Robie Basak
Revision Date: 2015-01-28 02:29:29 UTC

d/p/disable-ahbl: disable AHBL DNS blacklist as it now returns false
positives (LP: #1412830).

Author: Robie Basak
Revision Date: 2015-01-28 02:29:29 UTC

d/p/disable-ahbl: disable AHBL DNS blacklist as it now returns false
positives (LP: #1412830).

Author: Marc Deslauriers
Revision Date: 2015-01-22 13:00:54 UTC

* SECURITY UPDATE: denial of service via crafted ICC color profile
  - debian/patches/05-CVE-2014-8137.patch: prevent double-free in
    src/libjasper/base/jas_icc.c, remove assert in
    src/libjasper/jp2/jp2_dec.c.
  - CVE-2014-8137
* SECURITY UPDATE: denial of service or code execution via invalid
  channel number
  - debian/patches/06-CVE-2014-8138.patch: validate channel number in
    src/libjasper/jp2/jp2_dec.c.
  - CVE-2014-8138
* SECURITY UPDATE: denial of service or code execution via off-by-one
  - debian/patches/07-CVE-2014-8157.patch: fix off-by-one in
    src/libjasper/jpc/jpc_dec.c.
  - CVE-2014-8157
* SECURITY UPDATE: denial of service or code execution via memory
  corruption
  - debian/patches/08-CVE-2014-8158.patch: remove HAVE_VLA to use more
    sensible buffer sizes in src/libjasper/jpc/jpc_qmfb.c.
  - CVE-2014-8158

Author: Marc Deslauriers
Revision Date: 2015-01-22 13:00:54 UTC

* SECURITY UPDATE: denial of service via crafted ICC color profile
  - debian/patches/05-CVE-2014-8137.patch: prevent double-free in
    src/libjasper/base/jas_icc.c, remove assert in
    src/libjasper/jp2/jp2_dec.c.
  - CVE-2014-8137
* SECURITY UPDATE: denial of service or code execution via invalid
  channel number
  - debian/patches/06-CVE-2014-8138.patch: validate channel number in
    src/libjasper/jp2/jp2_dec.c.
  - CVE-2014-8138
* SECURITY UPDATE: denial of service or code execution via off-by-one
  - debian/patches/07-CVE-2014-8157.patch: fix off-by-one in
    src/libjasper/jpc/jpc_dec.c.
  - CVE-2014-8157
* SECURITY UPDATE: denial of service or code execution via memory
  corruption
  - debian/patches/08-CVE-2014-8158.patch: remove HAVE_VLA to use more
    sensible buffer sizes in src/libjasper/jpc/jpc_qmfb.c.
  - CVE-2014-8158

Author: Seyeong Kim
Revision Date: 2015-01-20 11:11:41 UTC

* Show network manager applet in greeter: (LP: #1240088)
* debian/control:
  - Recommend network-manager-gnome version that supports working in greeter
* debian/install:
* debian/unity-greeter.pkla:
  - Install PolicyKit policy for unity-greeter
* debian/patches/show-nm-applet.patch:
  - Show network manager applet

Author: Marc Deslauriers
Revision Date: 2015-01-16 12:00:17 UTC

* SECURITY UPDATE: code execution via insecure temp file use
  - debian/patches/CVE-2013-6435.patch: create file with proper
    permissions in lib/fsm.c.
  - CVE-2013-6435

Author: Marc Deslauriers
Revision Date: 2015-01-16 12:00:17 UTC

* SECURITY UPDATE: code execution via insecure temp file use
  - debian/patches/CVE-2013-6435.patch: create file with proper
    permissions in lib/fsm.c.
  - CVE-2013-6435

Author: Evan Broder
Revision Date: 2014-12-08 18:32:34 UTC

Don't retain host aliases or display names (LP: #1234376)

Author: Marc Deslauriers
Revision Date: 2015-01-07 15:37:02 UTC

* SECURITY UPDATE: arbitrary command execution via crafted fs label
  - debian/patches/CVE-2014-7208-1.patch: stop executing external
    commands via a shell process in src/Utils.cc.
  - debian/patches/CVE-2014-7208-2.patch: resolve dependencies which
    relied on shell execution in src/Utils.cc, src/fat16.cc,
    src/fat32.cc, src/jfs.cc, src/reiserfs.cc, src/xfs.cc.
  - CVE-2014-7208

Author: Seth Arnold
Revision Date: 2015-01-13 19:31:30 UTC

* SECURITY UPDATE: infinite loop or crash in TZ environment variable
  handling.
  - debian/patches/CVE-2014-9471.dpatch: modify lib/parse-datetime.y and
    tests/misc/date to avoid crashing with malformed TZ
  - CVE-2014-9471

Author: Marc Deslauriers
Revision Date: 2015-01-07 15:37:02 UTC

* SECURITY UPDATE: arbitrary command execution via crafted fs label
  - debian/patches/CVE-2014-7208-1.patch: stop executing external
    commands via a shell process in src/Utils.cc.
  - debian/patches/CVE-2014-7208-2.patch: resolve dependencies which
    relied on shell execution in src/Utils.cc, src/fat16.cc,
    src/fat32.cc, src/jfs.cc, src/reiserfs.cc, src/xfs.cc.
  - CVE-2014-7208

Author: Chris Coulson
Revision Date: 2015-01-09 19:47:40 UTC

* New upstream release
  - Delete the plugin installer wizard implementation and associated code.
    Upstream have disabled PFS and removed their plugin installer wizard now
  - Drop the search engine defaults - these have moved to Firefox
    (LP: #1398174)

Author: Chris Coulson
Revision Date: 2015-01-09 19:47:40 UTC

* New upstream release
  - Delete the plugin installer wizard implementation and associated code.
    Upstream have disabled PFS and removed their plugin installer wizard now
  - Drop the search engine defaults - these have moved to Firefox
    (LP: #1398174)

Author: Seth Arnold
Revision Date: 2015-01-13 19:31:30 UTC

* SECURITY UPDATE: infinite loop or crash in TZ environment variable
  handling.
  - debian/patches/CVE-2014-9471.dpatch: modify lib/parse-datetime.y and
    tests/misc/date to avoid crashing with malformed TZ
  - CVE-2014-9471

Author: Steve Beattie
Revision Date: 2015-01-08 18:23:27 UTC

* SECURITY UPDATE: denial of service via triggered assertion
  - lib/yaml/scanner.py, lib3/yaml/scanner.py: remove assertion
  - origin: upstream commit
    https://bitbucket.org/xi/pyyaml/commits/ddf211a41bb231c365fece5599b7e484e6dc33fc
  - CVE-2014-9130

Author: Steve Beattie
Revision Date: 2015-01-08 18:23:27 UTC

* SECURITY UPDATE: denial of service via triggered assertion
  - lib/yaml/scanner.py, lib3/yaml/scanner.py: remove assertion
  - origin: upstream commit
    https://bitbucket.org/xi/pyyaml/commits/ddf211a41bb231c365fece5599b7e484e6dc33fc
  - CVE-2014-9130

Author: Steve Beattie
Revision Date: 2015-01-08 18:17:27 UTC

* SECURITY UPDATE: denial of service via triggered assertion
  - debian/patches/CVE-2014-9130.patch: remove assertion
  - CVE-2014-9130

Author: Steve Beattie
Revision Date: 2015-01-08 18:17:27 UTC

* SECURITY UPDATE: denial of service via triggered assertion
  - debian/patches/CVE-2014-9130.patch: remove assertion
  - CVE-2014-9130

Author: Steve Beattie
Revision Date: 2015-01-08 18:11:32 UTC

* SECURITY UPDATE: denial of service via triggered assertion
  - debian/patches/CVE-2014-9130.patch: remove assertion
  - CVE-2014-9130

Author: Steve Beattie
Revision Date: 2015-01-08 18:11:32 UTC

* SECURITY UPDATE: denial of service via triggered assertion
  - debian/patches/CVE-2014-9130.patch: remove assertion
  - CVE-2014-9130

Author: Brian Murray
Revision Date: 2015-01-06 16:55:37 UTC

Update list of mirrors from launchpad, using pre-build.sh hook.
(LP: #1397578)

Author: Evan Broder
Revision Date: 2014-12-08 18:32:34 UTC

Don't retain host aliases or display names (LP: #1234376)

Author: Marc Deslauriers
Revision Date: 2015-01-05 11:40:44 UTC

* SECURITY UPDATE: shell command injection
  - Apply OpenBSD patches from Todd Miller (taken from Debian update):
    + 80-remove_T.patch (remove undocumented/obsolete -T option)
    + 81-minus_f.patch (adjust -f processing)
    + 82-expandaddr.patch (fix CVE-2014-7844)
    + 83-nosendmail.patch (make -- work for option parsing suppression)
  - CVE-2014-7844

Author: Marc Deslauriers
Revision Date: 2015-01-05 11:40:44 UTC

* SECURITY UPDATE: shell command injection
  - Apply OpenBSD patches from Todd Miller (taken from Debian update):
    + 80-remove_T.patch (remove undocumented/obsolete -T option)
    + 81-minus_f.patch (adjust -f processing)
    + 82-expandaddr.patch (fix CVE-2014-7844)
    + 83-nosendmail.patch (make -- work for option parsing suppression)
  - CVE-2014-7844

Author: Marc Deslauriers
Revision Date: 2015-01-06 14:15:53 UTC

* SECURITY UPDATE: shell command injection in run-mailcap
  - Thanks to Salvatore Bonaccorso and Charles Plessy for the patch.
  - CVE-2014-7209

Author: Marc Deslauriers
Revision Date: 2015-01-06 14:15:53 UTC

* SECURITY UPDATE: shell command injection in run-mailcap
  - Thanks to Salvatore Bonaccorso and Charles Plessy for the patch.
  - CVE-2014-7209

Author: Marc Deslauriers
Revision Date: 2015-01-07 12:05:17 UTC

* SECURITY UPDATE: denial of service via crafted kexinit packet
  - debian/patches/CVE-2014-8132.patch: properly set slots to NULL in
    src/kex.c.
  - CVE-2014-8132

Author: Marc Deslauriers
Revision Date: 2015-01-07 12:05:17 UTC

* SECURITY UPDATE: denial of service via crafted kexinit packet
  - debian/patches/CVE-2014-8132.patch: properly set slots to NULL in
    src/kex.c.
  - CVE-2014-8132

Author: Lev Lazinskiy
Revision Date: 2014-12-05 22:25:50 UTC

* SECURITY UPDATE: incorrect cached SSL session reuse (LP: #1370478)
  - debian/patches/CVE-2014-3616.patch: Use a random value for session id
    context, since there is no support for shared TLS Session Tickets in
    this version in src/event/ngx_event_openssl.c.
  - CVE-2014-3616

Author: Brian Murray
Revision Date: 2015-01-06 16:55:37 UTC

Update list of mirrors from launchpad, using pre-build.sh hook.
(LP: #1397578)

Author: Stefan Bader
Revision Date: 2014-12-09 18:47:52 UTC

* debian/dkms.conf.in: Expose the target kernel version in a variable that
  is actually heeded by the make file. And also pass it in on every
  invokation of make (LP: #790558).
* debian/patches/kernel-v3-11-compat.patch: Refreshed patch because it
  broke building on 3.2 kernel which was missed because of the bug that
  caused the build to be always for the running kernel (LP: #1336253).

Author: Felix Geyer
Revision Date: 2014-12-21 19:27:28 UTC

No-change backport to precise (LP: #1316188)

Author: Felix Geyer
Revision Date: 2014-12-21 12:19:47 UTC

No-change backport to precise (LP: #1401854)

Author: James Page
Revision Date: 2014-12-18 12:05:28 UTC

* Ensure failed connections to /dev/log are full closed, preventing
  infinite loop on logging applications due to socket state (LP: #1081022):
  - d/p/syslog.diff: Cherry picked fix from upstream bugtracker.

Author: Kamal Mostafa
Revision Date: 2014-12-16 13:23:44 UTC

[ Kamal Mostafa ]

* Release Tracking Bug
  - LP: #1402952

[ AceLan Kao ]

* SAUCE: Add use_native_backlight quirk for HP ProBook 6570b
  - LP: #1359010

[ Andy Whitcroft ]

* Revert "SAUCE: (no-up) arm64: optimized copy_to_user and copy_from_user
  assembly code"
  - LP: #1398596
* [Config] updateconfigs to balance CONFIG_SCOM_DEBUGFS

[ Upstream Kernel Changes ]

* iwlwifi: mvm: fix merge damage
  - LP: #1393317
* iwlwifi: remove IWL_UCODE_TLV_FLAGS_SCHED_SCAN flag
  - LP: #1393317
* iwlwifi: mvm: disable scheduled scan to prevent firmware crash
  - LP: #1393317
* iwlwifi: mvm: enable scheduled scan on newest firmware
  - LP: #1393317
* x86: kvm: use alternatives for VMCALL vs. VMMCALL if kernel text is
  read-only
  - LP: #1379340
* phylib: introduce PHY_INTERFACE_MODE_XGMII for 10G PHY
  - LP: #1381084
* of: make of_get_phy_mode parse 'phy-connection-type'
  - LP: #1381084
* xen-netfront: Remove BUGs on paged skb data which crosses a page
  boundary
  - LP: #1275879
* ACPI / blacklist: blacklist Win8 OSI for Dell Vostro 3546
  - LP: #1383589
* powerpc/pseries: Fix endiannes issue in RTAS call from xmon
  - LP: #1396235
* mmc: sdhci-pci-o2micro: Fix Dell E5440 issue
  - LP: #1346067
* mfd: rtsx: Fix PM suspend for 5227 & 5249
  - LP: #1359052
* drivers:scsi:storvsc: Fix a bug in handling ring buffer failures that
  may result in I/O freeze
  - LP: #1400289
* arm64: optimized copy_to_user and copy_from_user assembly code
  - LP: #1400349
* net:socket: set msg_namelen to 0 if msg_name is passed as NULL in
  msghdr struct from userland.
  - LP: #1335478
* drm/radeon: initialize sadb to NULL in the audio code
  - LP: #1402714
* powerpc/vphn: NUMA node code expects big-endian
  - LP: #1401150
* ALSA: usb-audio: Fix device_del() sysfs warnings at disconnect
  - LP: #1402853
* ALSA: hda - Add mute LED pin quirk for HP 15 touchsmart
  - LP: #1334950, #1402853
* rcu: Make callers awaken grace-period kthread
  - LP: #1402853
* rcu: Use rcu_gp_kthread_wake() to wake up grace period kthreads
  - LP: #1402853
* net: sctp: fix NULL pointer dereference in af->from_addr_param on
  malformed packet
  - LP: #1402853
* KVM: x86: Don't report guest userspace emulation error to userspace
  - LP: #1402853
* [media] ttusb-dec: buffer overflow in ioctl
  - LP: #1402853
* arm64: __clear_user: handle exceptions on strb
  - LP: #1402853
* ARM: pxa: fix hang on startup with DEBUG_LL
  - LP: #1402853
* samsung-laptop: Add broken-acpi-video quirk for NC210/NC110
  - LP: #1402853
* acer-wmi: Add Aspire 5741 to video_vendor_dmi_table
  - LP: #1402853
* acer-wmi: Add acpi_backlight=video quirk for the Acer KAV80
  - LP: #1402853
* rbd: Fix error recovery in rbd_obj_read_sync()
  - LP: #1402853
* [media] ds3000: fix LNB supply voltage on Tevii S480 on initialization
  - LP: #1402853
* powerpc: do_notify_resume can be called with bad thread_info flags
  argument
  - LP: #1402853
* USB: kobil_sct: fix non-atomic allocation in write path
  - LP: #1402853
* USB: opticon: fix non-atomic allocation in write path
  - LP: #1402853
* regulator: max77693: Fix use of uninitialized regulator config
  - LP: #1402853
* USB: cdc-acm: add device id for GW Instek AFG-2225
  - LP: #1402853
* usb: Do not allow usb_alloc_streams on unconfigured devices
  - LP: #1402853
* usb-storage: handle a skipped data phase
  - LP: #1402853
* xhci: Switch only Intel Lynx Point-LP ports to EHCI on shutdown.
  - LP: #1402853
* xhci: no switching back on non-ULT Haswell
  - LP: #1402853
* of: Fix overflow bug in string property parsing functions
  - LP: #1402853
* spi: fsl-dspi: Fix CTAR selection
  - LP: #1402853
* Btrfs: fix kfree on list_head in btrfs_lookup_csums_range error cleanup
  - LP: #1402853
* staging:iio:ade7758: Fix NULL pointer deref when enabling buffer
  - LP: #1402853
* staging:iio:ade7758: Fix check if channels are enabled in prenable
  - LP: #1402853
* staging:iio:ade7758: Remove "raw" from channel name
  - LP: #1402853
* USB: cdc-acm: only raise DTR on transitions from B0
  - LP: #1402853
* serial: Fix divide-by-zero fault in uart_get_divisor()
  - LP: #1402853
* tty: Fix high cpu load if tty is unreleaseable
  - LP: #1402853
* tty: Prevent "read/write wait queue active!" log flooding
  - LP: #1402853
* tty/vt: don't set font mappings on vc not supporting this
  - LP: #1402853
* spi: pxa2xx: toggle clocks on suspend if not disabled by runtime PM
  - LP: #1402853
* sysfs: driver core: Fix glue dir race condition by gdp_mutex
  - LP: #1402853
* i2c: at91: don't account as iowait
  - LP: #1402853
* nfsd: don't try to reuse an expired DRC entry off the list
  - LP: #1402853
* nfsd: don't halt scanning the DRC LRU list when there's an RC_INPROG
  entry
  - LP: #1402853
* dm bufio: change __GFP_IO to __GFP_FS in shrinker callbacks
  - LP: #1402853
* xtensa: re-wire umount syscall to sys_oldumount
  - LP: #1402853
* dm raid: ensure superblock's size matches device's logical block size
  - LP: #1402853
* ahci: disable MSI instead of NCQ on Samsung pci-e SSDs on macbooks
  - LP: #1402853
* ahci: Add Device IDs for Intel Sunrise Point PCH
  - LP: #1402853
* power: charger-manager: Fix accessing invalidated power supply after
  charger unbind
  - LP: #1402853
* mac80211: use secondary channel offset IE also beacons during CSA
  - LP: #1402853
* mac80211: schedule the actual switch of the station before CSA count 0
  - LP: #1402853
* mac80211: properly flush delayed scan work on interface removal
  - LP: #1402853
* mac80211: fix use-after-free in defragmentation
  - LP: #1402853
* tun: Fix csum_start with VLAN acceleration
  - LP: #1402853
* macvtap: Fix csum_start when VLAN tags are present
  - LP: #1402853
* dm thin: grab a virtual cell before looking up the mapping
  - LP: #1402853
* KVM: x86: Fix uninitialized op->type for some immediate values
  - LP: #1402853
* crypto: caam - fix missing dma unmap on error path
  - LP: #1402853
* hwrng: pseries - port to new read API and fix stack corruption
  - LP: #1402853
* drm/radeon: set correct CE ram size for CIK
  - LP: #1402853
* drm/radeon: make sure mode init is complete in bandwidth_update
  - LP: #1402853
* drm/radeon: use gart for DMA IB tests
  - LP: #1402853
* drm/radeon: add missing crtc unlock when setting up the MC
  - LP: #1402853
* ALSA: hda_intel: Add Device IDs for Intel Sunrise Point PCH
  - LP: #1402853
* ALSA: hda_intel: Add DeviceIDs for Sunrise Point-LP
  - LP: #1402853
* Input: alps - ignore potential bare packets when device is out of sync
  - LP: #1402853
* Input: alps - allow up to 2 invalid packets without resetting device
  - LP: #1402853
* scsi: only re-lock door after EH on devices that were reset
  - LP: #1402853
* dm btree: fix a recursion depth bug in btree walking code
  - LP: #1402853
* parisc: Use compat layer for msgctl, shmat, shmctl and semtimedop
  syscalls
  - LP: #1402853
* ALSA: usb-audio: Fix memory leak in FTU quirk
  - LP: #1402853
* audit: keep inode pinned
  - LP: #1402853
* nfs: fix pnfs direct write memory leak
  - LP: #1402853
* nfs: Fix use of uninitialized variable in nfs_getattr()
  - LP: #1402853
* NFSv4: Ensure that we remove NFSv4.0 delegations when state has expired
  - LP: #1402853
* NFSv4.1: nfs41_clear_delegation_stateid shouldn't trust
  NFS_DELEGATED_STATE
  - LP: #1402853
* NFSv4: Fix races between nfs_remove_bad_delegation() and delegation
  return
  - LP: #1402853
* NFSv4: Ensure that we call FREE_STATEID when NFSv4.x stateids are
  revoked
  - LP: #1402853
* NFS: Don't try to reclaim delegation open state if recovery failed
  - LP: #1402853
* libceph: do not crash on large auth tickets
  - LP: #1402853
* ARM: 8191/1: decompressor: ensure I-side picks up relocated code
  - LP: #1402853
* ARM: 8198/1: make kuser helpers depend on MMU
  - LP: #1402853
* zram: avoid kunmap_atomic() of a NULL pointer
  - LP: #1402853
* Input: alps - ignore bad data on Dell Latitudes E6440 and E7440
  - LP: #1402853
* firewire: cdev: prevent kernel stack leaking into ioctl arguments
  - LP: #1402853
* md: Always set RECOVERY_NEEDED when clearing RECOVERY_FROZEN
  - LP: #1402853
* nfs: Don't busy-wait on SIGKILL in __nfs_iocounter_wait
  - LP: #1402853
* target: Don't call TFO->write_pending if data_length == 0
  - LP: #1402853
* vhost-scsi: Take configfs group dependency during
  VHOST_SCSI_SET_ENDPOINT
  - LP: #1402853
* srp-target: Retry when QP creation fails with ENOMEM
  - LP: #1402853
* ASoC: fsi: remove unsupported PAUSE flag
  - LP: #1402853
* ASoC: rsnd: remove unsupported PAUSE flag
  - LP: #1402853
* ib_isert: Add max_send_sge=2 minimum for control PDU responses
  - LP: #1402853
* iser-target: Handle DEVICE_REMOVAL event on network portal listener
  correctly
  - LP: #1402853
* ASoC: dpcm: Fix race between FE/BE updates and trigger
  - LP: #1402853
* mac80211: Fix regression that triggers a kernel BUG with CCMP
  - LP: #1402853
* rt2x00: do not align payload on modern H/W
  - LP: #1402853
* ath9k: Add version/revision macros for QCA9531
  - LP: #1402853
* ath9k: Fix RTC_DERIVED_CLK usage
  - LP: #1402853
* ASoC: sgtl5000: Fix SMALL_POP bit definition
  - LP: #1402853
* ALSA: usb-audio: Add ctrl message delay quirk for Marantz/Denon devices
  - LP: #1402853
* bitops: Fix shift overflow in GENMASK macros
  - LP: #1402853
* x86: Require exact match for 'noxsave' command line option
  - LP: #1402853
* drm/i915: drop WaSetupGtModeTdRowDispatch:snb
  - LP: #1402853
* ASoC: wm_adsp: Avoid attempt to free buffers that might still be in use
  - LP: #1402853
* can: dev: avoid calling kfree_skb() from interrupt context
  - LP: #1402853
* can: esd_usb2: fix memory leak on disconnect
  - LP: #1402853
* x86, mm: Set NX across entire PMD at boot
  - LP: #1402853
* of/irq: Drop obsolete 'interrupts' vs 'interrupts-extended' text
  - LP: #1402853
* of/base: Fix PowerPC address parsing hack
  - LP: #1402853
* clockevent: sun4i: Fix race condition in the probe code
  - LP: #1402853
* MIPS: oprofile: Fix backtrace on 64-bit kernel
  - LP: #1402853
* ACPI / PM: Ignore wakeup setting if the ACPI companion can't wake up
  - LP: #1402853
* IB/isert: Adjust CQ size to HW limits
  - LP: #1402853
* drm/radeon: fix endian swapping in vbios fetch for tdp table
  - LP: #1402853
* Linux 3.13.11-ckt12
  - LP: #1402853
* mm: Remove false WARN_ON from pagecache_isize_extended()
  - LP: #1402764

Author: Stefan Bader
Revision Date: 2014-12-09 18:47:52 UTC

* debian/dkms.conf.in: Expose the target kernel version in a variable that
  is actually heeded by the make file. And also pass it in on every
  invokation of make (LP: #790558).
* debian/patches/kernel-v3-11-compat.patch: Refreshed patch because it
  broke building on 3.2 kernel which was missed because of the bug that
  caused the build to be always for the running kernel (LP: #1336253).

Author: Colin Watson
Revision Date: 2014-12-11 16:44:14 UTC

Always uppercase HTTP methods to match httplib2 expectations
(LP: #1401544).

Author: Colin Watson
Revision Date: 2014-12-11 16:44:14 UTC

Always uppercase HTTP methods to match httplib2 expectations
(LP: #1401544).

Author: Alberto Milone
Revision Date: 2014-12-09 15:55:15 UTC

[ Alberto Milone ]
* debian/substvars:
  - Add support for video ABIs up to 19.
* debian/templates/dkms_nvidia.conf.in:
  - Drop all the patches.
* SECURITY UPDATE:
  - CVE-2014-8091, CVE-2014-8098, CVE-2014-8298 (LP: #1400673).

Author: Alberto Milone
Revision Date: 2014-12-09 12:10:46 UTC

[ Alberto Milone ]
* debian/substvars:
  - Add support for video ABIs up to 19.
* debian/templates/dkms_nvidia.conf.in:
  - Drop all the patches.
* SECURITY UPDATE:
  - CVE-2014-8091, CVE-2014-8098, CVE-2014-8298 (LP: #1400673).

Author: Marc Deslauriers
Revision Date: 2014-12-06 11:01:26 UTC

No change rebuild in the security pocket

Author: Marc Deslauriers
Revision Date: 2014-12-06 10:32:24 UTC

No change rebuild for the security pocket

Author: Marc Deslauriers
Revision Date: 2014-12-06 10:38:59 UTC

No change rebuild for the security pocket

Author: Marc Deslauriers
Revision Date: 2014-12-06 10:54:27 UTC

No change rebuild in the security pocket

Author: Marc Deslauriers
Revision Date: 2014-12-06 12:47:53 UTC

No change rebuild for the security pocket

Author: Marc Deslauriers
Revision Date: 2014-12-06 12:49:26 UTC

No change rebuild for security pocket

Author: Marc Deslauriers
Revision Date: 2014-12-06 11:57:41 UTC

No change rebuild in the security pocket

Author: Timo Aaltonen
Revision Date: 2014-11-21 10:41:58 UTC

Backport to precise.

Author: Alberto Milone
Revision Date: 2014-12-09 15:55:15 UTC

[ Alberto Milone ]
* debian/substvars:
  - Add support for video ABIs up to 19.
* debian/templates/dkms_nvidia.conf.in:
  - Drop all the patches.
* SECURITY UPDATE:
  - CVE-2014-8091, CVE-2014-8098, CVE-2014-8298 (LP: #1400673).

Author: Alberto Milone
Revision Date: 2014-12-09 12:10:46 UTC

[ Alberto Milone ]
* debian/substvars:
  - Add support for video ABIs up to 19.
* debian/templates/dkms_nvidia.conf.in:
  - Drop all the patches.
* SECURITY UPDATE:
  - CVE-2014-8091, CVE-2014-8098, CVE-2014-8298 (LP: #1400673).

Author: Steve Beattie
Revision Date: 2014-12-09 11:54:20 UTC

* SECURITY UPDATE: heap-based overflow in mutt_substrdup() when
  handling headers beginning with newline.
  - debian/patches/ubuntu/mutt-CVE-2014-9116.patch
  - CVE-2014-9116

Author: Steve Beattie
Revision Date: 2014-12-09 11:54:20 UTC

* SECURITY UPDATE: heap-based overflow in mutt_substrdup() when
  handling headers beginning with newline.
  - debian/patches/ubuntu/mutt-CVE-2014-9116.patch
  - CVE-2014-9116

Author: Luis Henriques
Revision Date: 2014-12-09 11:09:22 UTC

[ Luis Henriques ]

* Release Tracking Bug
  - LP: #1399807

[ Upstream Kernel Changes ]

* x86_64, traps: Fix the espfix64 #DF fixup and rewrite it in C
  - LP: #1398795
  - CVE-2014-9090
* x86_64, traps: Rework bad_iret
  - LP: #1398795
  - CVE-2014-9090
* x86, kvm: Clear paravirt_enabled on KVM guests for espfix32's benefit
  - LP: #1400314
  - CVE-2014-8134

Author: Luis Henriques
Revision Date: 2014-12-09 11:09:22 UTC

[ Luis Henriques ]

* Release Tracking Bug
  - LP: #1399807

[ Upstream Kernel Changes ]

* x86_64, traps: Fix the espfix64 #DF fixup and rewrite it in C
  - LP: #1398795
  - CVE-2014-9090
* x86_64, traps: Rework bad_iret
  - LP: #1398795
  - CVE-2014-9090
* x86, kvm: Clear paravirt_enabled on KVM guests for espfix32's benefit
  - LP: #1400314
  - CVE-2014-8134

Author: Marc Deslauriers
Revision Date: 2014-12-06 12:49:26 UTC

No change rebuild for security pocket

Author: Marc Deslauriers
Revision Date: 2014-12-06 12:47:53 UTC

No change rebuild for the security pocket

Author: Marc Deslauriers
Revision Date: 2014-12-06 11:57:41 UTC

No change rebuild in the security pocket

Author: Marc Deslauriers
Revision Date: 2014-12-06 11:01:26 UTC

No change rebuild in the security pocket

Author: Marc Deslauriers
Revision Date: 2014-12-06 10:54:27 UTC

No change rebuild in the security pocket

Author: Marc Deslauriers
Revision Date: 2014-12-06 10:51:06 UTC

No change rebuild in the security pocket

Author: Marc Deslauriers
Revision Date: 2014-12-06 10:51:06 UTC

No change rebuild in the security pocket

Author: Marc Deslauriers
Revision Date: 2014-12-06 10:45:18 UTC

No change rebuild in the security pocket

Author: Marc Deslauriers
Revision Date: 2014-12-06 10:45:18 UTC

No change rebuild in the security pocket

Author: Marc Deslauriers
Revision Date: 2014-12-06 10:38:59 UTC

No change rebuild for the security pocket

Author: Marc Deslauriers
Revision Date: 2014-12-06 10:32:24 UTC

No change rebuild for the security pocket

Author: Lev Lazinskiy
Revision Date: 2014-12-06 03:41:02 UTC

Added Correct Patch Headers

Author: Alberto Milone
Revision Date: 2014-12-01 15:00:32 UTC

* New upstream release (LP: #1397028):
  - This is an official public release from Broadcom.
* debian/patches/0013-gcc.patch
  - Fix build with recent versions of GCC. Credit
    for the patch goes to Robert Ancell.
* debian/dkms.conf.in,
  debian/patches/0014-add-support-for-Linux-3.17.patch,
  debian/patches/0015-add-support-for-Linux-3.18.patch:
  - Drop patches for old kernels (now upstream)
  - Add support for Linux 3.17.
    Credit for the patch goes to Brian Norris.
  - Add support for Linux 3.18.
    Credit for the patch goes to Krzysztof Kolasa.

Author: Marc Deslauriers
Revision Date: 2014-12-04 14:00:28 UTC

* Fix compatibility with mod-wsgi security update (LP: #1399016)
  - debian/patches/home-directory.patch: specify a valid home directory
    for the maas user, since mod-wsgi no longer works without one.

Author: Seth Arnold
Revision Date: 2014-12-04 16:26:23 UTC

* SECURITY UPDATE: Format string vulnerability may allow attackers to
  cause a denial of service or possibly execute code.
  - debian/patches/CVE-2014-9157.patch: Fix format string vulnerability in
    lib/cgraph/scan.l yyerror() routine.
  - CVE-2014-9157

Author: Seth Arnold
Revision Date: 2014-12-04 16:26:23 UTC

* SECURITY UPDATE: Format string vulnerability may allow attackers to
  cause a denial of service or possibly execute code.
  - debian/patches/CVE-2014-9157.patch: Fix format string vulnerability in
    lib/cgraph/scan.l yyerror() routine.
  - CVE-2014-9157

Author: Marc Deslauriers
Revision Date: 2014-12-04 14:00:28 UTC

* Fix compatibility with mod-wsgi security update (LP: #1399016)
  - debian/patches/home-directory.patch: specify a valid home directory
    for the maas user, since mod-wsgi no longer works without one.

Author: Stéphane Graber
Revision Date: 2012-07-30 10:36:51 UTC

Automatic update of included source packages: base-installer
1.122ubuntu7.1, debian-installer-utils 1.88ubuntu2.1, flash-kernel
2.28ubuntu42.2. (one-time update from precise-proposed) (LP: #1021293)

Author: Marc Deslauriers
Revision Date: 2014-12-01 17:11:38 UTC

* SECURITY UPDATE: server denial of service via too-short control channel
  packets
  - debian/patches/CVE-2014-8104.patch: drop too-short control channel
    packets instead of asserting out in ssl.c.
  - CVE-2014-8104
* debian/patches/update_certs.patch: update test certs to fix FTBFS.

Author: Marc Deslauriers
Revision Date: 2014-12-01 17:11:38 UTC

* SECURITY UPDATE: server denial of service via too-short control channel
  packets
  - debian/patches/CVE-2014-8104.patch: drop too-short control channel
    packets instead of asserting out in ssl.c.
  - CVE-2014-8104
* debian/patches/update_certs.patch: update test certs to fix FTBFS.

Author: Marc Deslauriers
Revision Date: 2014-11-25 16:17:49 UTC

* SECURITY UPDATE: possible privilege escalation via option parsing
  - debian/patches/CVE-2014-3158.patch: fix integer overflow in
    pppd/options.c.
  - CVE-2014-3158

Author: Marc Deslauriers
Revision Date: 2014-11-25 16:17:49 UTC

* SECURITY UPDATE: possible privilege escalation via option parsing
  - debian/patches/CVE-2014-3158.patch: fix integer overflow in
    pppd/options.c.
  - CVE-2014-3158

Author: Marc Deslauriers
Revision Date: 2014-11-27 12:58:30 UTC

* SECURITY UPDATE: denial of service and possible code execution in
  ksba_oid_to_str().
  - debian/patches/CVE-2014-9087.patch: check value in src/oid.c, added
    test to tests/t-oid.c, tests/Makefile.am, fix unrelated typo in
    tests/t-dnparser.c.
  - CVE-2014-9087

Author: Marc Deslauriers
Revision Date: 2014-11-27 12:58:30 UTC

* SECURITY UPDATE: denial of service and possible code execution in
  ksba_oid_to_str().
  - debian/patches/CVE-2014-9087.patch: check value in src/oid.c, added
    test to tests/t-oid.c, tests/Makefile.am, fix unrelated typo in
    tests/t-dnparser.c.
  - CVE-2014-9087

Author: Marc Deslauriers
Revision Date: 2014-11-27 12:27:24 UTC

* SECURITY UPDATE: arbitrary code execution via crafted .flac file
  - debian/patches/CVE-2014-8962.patch: validate id in
    src/libFLAC/stream_decoder.c.
  - CVE-2014-8962
* SECURITY UPDATE: arbitrary code execution via crafted .flac file
  - debian/patches/CVE-2014-9028.patch: error out to avoid heap overflow
    in src/libFLAC/stream_decoder.c.
  - CVE-2014-9028

Author: Marc Deslauriers
Revision Date: 2014-11-27 12:27:24 UTC

* SECURITY UPDATE: arbitrary code execution via crafted .flac file
  - debian/patches/CVE-2014-8962.patch: validate id in
    src/libFLAC/stream_decoder.c.
  - CVE-2014-8962
* SECURITY UPDATE: arbitrary code execution via crafted .flac file
  - debian/patches/CVE-2014-9028.patch: error out to avoid heap overflow
    in src/libFLAC/stream_decoder.c.
  - CVE-2014-9028

Author: Jonathan Riddell
Revision Date: 2014-11-20 15:56:53 UTC

* SECURITY UPDATE: Insufficient Input Validation By IO Slaves and
  Webkit Part
 - Add upstream_cve-2014-8600.diff to escape protocol twice: once
   for i18n, and once for HTML
 - https://www.kde.org/info/security/advisory-20141113-1.txt
 - CVE-2014-8600
 - LP: #1393479

Author: Jonathan Riddell
Revision Date: 2014-11-20 15:46:42 UTC

* SECURITY UPDATE: Insufficient Input Validation By IO Slaves and
  Webkit Part
 - Add upstream_CVE-2014-8600.diff to escape protocol twice: once
   for i18n, and once for HTML
 - https://www.kde.org/info/security/advisory-20141113-1.txt
 - CVE-2014-8600
 - LP: #1393479

Author: Jonathan Riddell
Revision Date: 2014-11-20 15:56:53 UTC

* SECURITY UPDATE: Insufficient Input Validation By IO Slaves and
  Webkit Part
 - Add upstream_cve-2014-8600.diff to escape protocol twice: once
   for i18n, and once for HTML
 - https://www.kde.org/info/security/advisory-20141113-1.txt
 - CVE-2014-8600
 - LP: #1393479

Author: Timo Aaltonen
Revision Date: 2014-11-21 10:41:58 UTC

Backport to precise.

Author: Dave Chiluk
Revision Date: 2014-11-18 10:55:28 UTC

Fix mount.nfs so that it falls back to v3 when ipv4 and ipv6 name resolution
is present, but nfsv4 is not. present. LP: #1391662

Author: Jonathan Riddell
Revision Date: 2014-11-20 15:46:42 UTC

* SECURITY UPDATE: Insufficient Input Validation By IO Slaves and
  Webkit Part
 - Add upstream_CVE-2014-8600.diff to escape protocol twice: once
   for i18n, and once for HTML
 - https://www.kde.org/info/security/advisory-20141113-1.txt
 - CVE-2014-8600
 - LP: #1393479

Author: Chris Glass
Revision Date: 2013-09-20 10:10:28 UTC

* New upstream version (LP: #1190510)
 - New annotations exchange mechanism allows clients to send any key-value
   data to the landscape server (LP: #1123932)
 - Network devices now report their maximum theoretical speeds, and duplex
   status to landscape-server (LP: #1126331, LP: #1130733)
 - Landscape.client is now HA aware when HA is implemented using juju
   charms (LP: #1122508)
 - The landscape client will now trigger a reboot if server sends a
   reboot-required message. (LP: #1133005)
 - Big AMP code cleanup and refactoring in order to improve testing, improve
   performance and ease future maintainability (LP: #1165047, LP: #1169102,
   LP: #1170669)
 - Added logic to detect cloned (virtual) computers (LP: #1161856)
 - The landscape-client and landscape-common packages do not use or depend
   on dbus code anymore, and the dependencies to python-gi and gudev are
   dropped. The hardware info plugin now looks at /proc instead of querying
   DBus (LP: #1175553, LP: #1180691)
 - The ceph manager plugin is now a monitor plugin and thus does not require
   root privileges anymore. (LP: #1186973)
 - The detection logic for virtual machine was changed to account for the
   different semantics between Openstack Folsom and Grizzly, and was
   expanded to detect more hypervisors (LP: #1191843)
 - Removed legacy upgrader code from postinst since support for it was
   dropped.
 - The /etc/dbus-1/system.d/landscape.conf file was moved from the
   landscape-common package to the landscape-client-uii as part of
   LP: #1175553, LP: #1180691. No "Breaks" rule was added since the
   landscape-client-ui package requires the exact same version of
   landscape-common, which avoids the case outlined in
   http://www.debian.org/doc/debian-policy/footnotes.html#f53 .
* Removed the hardwareinfo patch since the changes were merged upstream
* Changed dh_clean -K to dh_prep (dh_clean -K is deprecated)
* Removed the packages arguments to dh_installman since all pacakges have
  manpages now.

Author: Marc Deslauriers
Revision Date: 2014-11-19 15:31:09 UTC

* SECURITY UPDATE: denial of service via XML expansion
  - debian/patches/CVE-2014-8090.patch: add REXML::Document#document
    to lib/rexml/document.rb, add warning to lib/rexml/entity.rb, added
    tests to test/rexml/test_document.rb.
  - CVE-2014-8090

Author: Marc Deslauriers
Revision Date: 2014-11-19 15:31:09 UTC

* SECURITY UPDATE: denial of service via XML expansion
  - debian/patches/CVE-2014-8090.patch: add REXML::Document#document
    to lib/rexml/document.rb, add warning to lib/rexml/entity.rb, added
    tests to test/rexml/test_document.rb.
  - CVE-2014-8090

Author: Marc Deslauriers
Revision Date: 2014-11-18 11:12:46 UTC

* SECURITY UPDATE: possible privilege escalation via incorrect error
  checking
  - debian/patches/CVE-2014-8583.patch: restart process if privileges
    couldn't be dropped in mod_wsgi.c.
  - CVE-2014-8583

Author: Marc Deslauriers
Revision Date: 2014-11-18 11:12:46 UTC

* SECURITY UPDATE: possible privilege escalation via incorrect error
  checking
  - debian/patches/CVE-2014-8583.patch: restart process if privileges
    couldn't be dropped in mod_wsgi.c.
  - CVE-2014-8583

Author: Dave Chiluk
Revision Date: 2014-11-18 10:55:28 UTC

Fix mount.nfs so that it falls back to v3 when ipv4 and ipv6 name resolution
is present, but nfsv4 is not. present. LP: #1391662

Author: Felix Geyer
Revision Date: 2014-11-17 19:11:06 UTC

No-change backport to precise (LP: #1393373)

Author: Felix Geyer
Revision Date: 2014-11-04 18:19:33 UTC

* SECURITY UPDATE: out-of-bounds read in ECB Blowfish decryption
  - debian/patches/CVE-2014-8483.patch: backport upstream patch
  - CVE-2014-8483
  - LP: #1388333

Author: Dariusz Gadomski
Revision Date: 2014-09-26 09:17:05 UTC

Add participant filtering in the main window. (LP: #1361217)

Author: Jamie Strandboge
Revision Date: 2014-11-06 14:22:00 UTC

[ Jonathan Riddell ]
* SECURITY UPDATE: Privilege Escalation via KDE Clock KCM polkit helper
 - Add upstream_clock-privilage-escalation.diff, checks which
   binary is being run
 - https://www.kde.org/info/security/advisory-20141106-1.txt
 - LP: #1389665

[ Jamie Strandboge ]
* update upstream_clock-privilage-escalation.diff to add exePath definition
  to fix a FTBFS, and also use exePath with hwclock and zic, like on newer
  releases

Author: Jamie Strandboge
Revision Date: 2014-11-06 14:22:00 UTC

[ Jonathan Riddell ]
* SECURITY UPDATE: Privilege Escalation via KDE Clock KCM polkit helper
 - Add upstream_clock-privilage-escalation.diff, checks which
   binary is being run
 - https://www.kde.org/info/security/advisory-20141106-1.txt
 - LP: #1389665

[ Jamie Strandboge ]
* update upstream_clock-privilage-escalation.diff to add exePath definition
  to fix a FTBFS, and also use exePath with hwclock and zic, like on newer
  releases