Branches for Precise

Author: Jonathan Riddell
Revision Date: 2014-11-04 17:38:21 UTC

* SECURITY UPDATE: out-of-bounds read on a heap-allocated array LP: #1389296
  - Add kubuntu_02_cve-2014-8483.diff to verify read bounds
  - CVE-2014-8483
  - https://www.kde.org/info/security/advisory-20140923-1.txt

Author: Jonathan Riddell
Revision Date: 2014-11-04 17:38:21 UTC

* SECURITY UPDATE: out-of-bounds read on a heap-allocated array LP: #1389296
  - Add kubuntu_02_cve-2014-8483.diff to verify read bounds
  - CVE-2014-8483
  - https://www.kde.org/info/security/advisory-20140923-1.txt

Author: Jamie Strandboge
Revision Date: 2014-11-05 13:24:31 UTC

No change rebuild for security

Author: Jamie Strandboge
Revision Date: 2014-11-05 13:24:31 UTC

No change rebuild for security

Author: Martin Pitt
Revision Date: 2014-10-30 10:00:30 UTC

Switch maintainer to Autopkgtest team, and add myself as uploader

With Antonio's consent, discussed on IRC.

Author: Felix Geyer
Revision Date: 2014-11-04 18:19:33 UTC

* SECURITY UPDATE: out-of-bounds read in ECB Blowfish decryption
  - debian/patches/CVE-2014-8483.patch: backport upstream patch
  - CVE-2014-8483
  - LP: #1388333

Author: Richard Hansen
Revision Date: 2013-11-15 15:13:02 UTC

* Add digest-uri-virtual-hosts.patch from upstream commit f434501
  - Fixes a problem with Pidgin not being able to log in on a server
    with multiple virtual hosts and SRV records (LP: #1097366)

Author: Dariusz Gadomski
Revision Date: 2014-09-26 09:17:05 UTC

Add participant filtering in the main window. (LP: #1361217)

Author: Marc Deslauriers
Revision Date: 2014-10-30 10:08:40 UTC

* SECURITY UPDATE: remote code execution via absolute path traversal
  vulnerability in FTP
  - debian/patches/CVE-2014-4877.patch: don't create local symlinks in
    src/init.c, check for duplicate file nodes in src/ftp.c, updated
    documentation in doc/wget.texi.
  - CVE-2014-4877

Author: Marc Deslauriers
Revision Date: 2014-10-30 10:08:40 UTC

* SECURITY UPDATE: remote code execution via absolute path traversal
  vulnerability in FTP
  - debian/patches/CVE-2014-4877.patch: don't create local symlinks in
    src/init.c, check for duplicate file nodes in src/ftp.c, updated
    documentation in doc/wget.texi.
  - CVE-2014-4877

Author: Alberto Milone
Revision Date: 2014-02-21 09:59:12 UTC

[ Daniel Dadap ]
* prime-xconfig:
  - Format the BusID string correctly (LP: #1282796).
    The BusID string created by prime-xconfig had several problems:
    1) It was missing the bus type "PCI", as recommended by
       xorg.conf(5).
    2) Values were written in hexadecimal, as reported by lspci,
       instead of decimal, as expected by the server. (See the
       comment at the top of xf86ParsePciBusString().)
    3) The PCI domain was not specified.
    Giving the BusID string in the wrong format could cause the X
    server to fail to parse the BusID, or to parse numbers in the
    wrong base. On systems with more than one PCI domain, `lspci -n`
    output would include the domain number, which is omitted by
    default on systems with only one PCI domain. nv_get_id()
    expects the bus number to be the first field, which would not be
    correct when `lspci -n` reports the domain, as it does on
    systems with multiple domains.
    Fix these issues by always reporting the domain with `lspci -Dn`
    and using it in the BusID string, prepending "PCI:" to the
    BusID string, and printing all numeric values in decimal.

Author: Marc Deslauriers
Revision Date: 2014-10-20 10:32:45 UTC

* Don't force the use of SSLv3 (LP: #1381484)
  - debian/patches/dont_force_sslv3.patch: use SSLv23_client_method() so
    the best method gets automatically negotiated in src/common/ssl.c.

Author: Marc Deslauriers
Revision Date: 2014-10-27 12:46:22 UTC

* Backport support for the ssl_protocols setting to easily allow
  disabling SSLv3. (LP: #1381537)
  - debian/patches/backport_ssl_protocols.patch: added new setting to
    src/login-common/login-settings.c, src/login-common/login-settings.h,
    src/login-common/ssl-proxy-openssl.c, src/config/all-settings.c.

Author: Marc Deslauriers
Revision Date: 2014-10-27 12:46:22 UTC

* Backport support for the ssl_protocols setting to easily allow
  disabling SSLv3. (LP: #1381537)
  - debian/patches/backport_ssl_protocols.patch: added new setting to
    src/login-common/login-settings.c, src/login-common/login-settings.h,
    src/login-common/ssl-proxy-openssl.c, src/config/all-settings.c.

Author: Marc Deslauriers
Revision Date: 2014-10-22 12:16:42 UTC

* SECURITY UPDATE: denial of service via entity expansion
  - parser.c, SAX2.c, include/libxml/entities.h: refactor entity checking
    and add additional tests.
  - https://git.gnome.org/browse/libxml2/commit/?id=a3f1e3e5712257fd279917a9158278534e8f4b72
  - https://git.gnome.org/browse/libxml2/commit/?id=cff2546f13503ac028e4c1f63c7b6d85f2f2d777
  - https://git.gnome.org/browse/libxml2/commit/?id=be2a7edaf289c5da74a4f9ed3a0b6c733e775230
  - CVE-2014-3660

Author: Marc Deslauriers
Revision Date: 2014-10-22 12:16:42 UTC

* SECURITY UPDATE: denial of service via entity expansion
  - parser.c, SAX2.c, include/libxml/entities.h: refactor entity checking
    and add additional tests.
  - https://git.gnome.org/browse/libxml2/commit/?id=a3f1e3e5712257fd279917a9158278534e8f4b72
  - https://git.gnome.org/browse/libxml2/commit/?id=cff2546f13503ac028e4c1f63c7b6d85f2f2d777
  - https://git.gnome.org/browse/libxml2/commit/?id=be2a7edaf289c5da74a4f9ed3a0b6c733e775230
  - CVE-2014-3660

Author: Iain Lane
Revision Date: 2014-10-17 10:53:58 UTC

debian/patches/evolution-data-server-3.10.4-poodle-enable-tls-for-ssl.patch:
Enable all SSL/TLS versions supported by NSS (LP: #1382133)

Author: Marc Deslauriers
Revision Date: 2014-10-20 10:32:45 UTC

* Don't force the use of SSLv3 (LP: #1381484)
  - debian/patches/dont_force_sslv3.patch: use SSLv23_client_method() so
    the best method gets automatically negotiated in src/common/ssl.c.

Author: Felix Geyer
Revision Date: 2014-10-18 18:47:27 UTC

No-change backport to precise (LP: #1381727)

Author: Iain Lane
Revision Date: 2014-10-17 10:53:58 UTC

debian/patches/evolution-data-server-3.10.4-poodle-enable-tls-for-ssl.patch:
Enable all SSL/TLS versions supported by NSS (LP: #1382133)

Author: Alberto Milone
Revision Date: 2014-10-08 08:55:08 UTC

* debian/control, debian/fglrx-amdcccle-updates.install.in:
  - Use pkexec for amdcccle when running Unity, and add a
    dependency on polkit-1.
* debian/dkms.conf.in,
  debian/dkms/patches/buildfix_kernel_3.15.patch,
  debian/dkms/patches/buildfix_kernel_3.14.patch:
  - Add support for Linux 3.14 (LP: #1355041).
  - Add support for Linux 3.15.
* debian/patches/call-amdcccle-with-full-path.diff:
  - Pass amdxdg the full path.
* debian/substvars:
  - Add support for X ABI 15 and for lts-trusty.

Author: Gianfranco Costamagna
Revision Date: 2014-10-16 11:31:17 UTC

* SECURITY UPDATE: Unauthenticated SQL injection (LP: #1381969)
  - debian/patches/SA-CORE-2014-005-D7.patch: Fix SQL injection
  - https://www.drupal.org/files/issues/SA-CORE-2014-005-D7.patch
  - CVE-2014-3704

Author: Gianfranco Costamagna
Revision Date: 2014-10-16 11:31:17 UTC

* SECURITY UPDATE: Unauthenticated SQL injection (LP: #1381969)
  - debian/patches/SA-CORE-2014-005-D7.patch: Fix SQL injection
  - https://www.drupal.org/files/issues/SA-CORE-2014-005-D7.patch
  - CVE-2014-3704

Author: Adam Conrad
Revision Date: 2014-10-13 07:47:07 UTC

1002-fix-linking-library.patch: Move $(LIBDEPS) to the end of the
link line to fix underlinking with ld --as-needed (LP: #1004243)

Author: Adam Conrad
Revision Date: 2014-10-13 07:47:07 UTC

1002-fix-linking-library.patch: Move $(LIBDEPS) to the end of the
link line to fix underlinking with ld --as-needed (LP: #1004243)

Author: Dan Watkins
Revision Date: 2014-10-10 08:19:42 UTC

debian/patches/lp-1378441-backport-gce-data-source.patch: backported
Google Compute Engine data source. (LP: #1378441)

Author: Marc Deslauriers
Revision Date: 2014-10-02 11:34:40 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  invalid PRI value
  - debian/patches/CVE-2014-3634.patch: limit PRI values in ChangeLog,
    configure.ac, configure, plugins/imfile/imfile.c,
    plugins/imklog/imklog.c, plugins/imklog/ksym.c,
    plugins/imsolaris/imsolaris.c, plugins/imtemplate/imtemplate.c,
    plugins/imuxsock/imuxsock.c, runtime/msg.c, runtime/nsd_gtls.c,
    runtime/parser.c, runtime/rsyslog.h, runtime/rule.c,
    runtime/srutils.c, runtime/syslogd-types.h, tools/syslogd.c.
  - CVE-2014-3634
  - CVE-2014-3683

Author: Marc Deslauriers
Revision Date: 2014-10-07 09:33:12 UTC

* SECURITY UPDATE: denial of service via infinite loop and disk
  consumption on minified js file
  - debian/patches/jscript-set-tag-scope.patch: set the tag's scope
    rather than including it in the tag name in jscript.c.
  - CVE-2014-7204

Author: Marc Deslauriers
Revision Date: 2014-10-07 09:33:12 UTC

* SECURITY UPDATE: denial of service via infinite loop and disk
  consumption on minified js file
  - debian/patches/jscript-set-tag-scope.patch: set the tag's scope
    rather than including it in the tag name in jscript.c.
  - CVE-2014-7204

Author: Michael Vogt
Revision Date: 2014-10-08 10:35:46 UTC

* SECURITY UPDATE:
  - cmdline/apt-get.cc: fix insecure tempfile handling in
    apt-get changelog (CVE-2014-7206). Thanks to Guillem Jover

Author: Alberto Milone
Revision Date: 2014-10-08 08:55:08 UTC

* debian/control, debian/fglrx-amdcccle-updates.install.in:
  - Use pkexec for amdcccle when running Unity, and add a
    dependency on polkit-1.
* debian/dkms.conf.in,
  debian/dkms/patches/buildfix_kernel_3.15.patch,
  debian/dkms/patches/buildfix_kernel_3.14.patch:
  - Add support for Linux 3.14 (LP: #1355041).
  - Add support for Linux 3.15.
* debian/patches/call-amdcccle-with-full-path.diff:
  - Pass amdxdg the full path.
* debian/substvars:
  - Add support for X ABI 15 and for lts-trusty.

Author: Marc Deslauriers
Revision Date: 2014-10-07 11:05:06 UTC

* SECURITY UPDATE: incorrect function definition parsing with
  here-document delimited by end-of-file
  - debian/patches/CVE-2014-6277.diff: properly handle closing delimiter
    in bash/copy_cmd.c, bash/make_cmd.c.
  - CVE-2014-6277
* SECURITY UPDATE: incorrect function definition parsing via nested
  command substitutions
  - debian/patches/CVE-2014-6278.diff: properly handle certain parsing
    attempts in bash/builtins/evalstring.c, bash/parse.y, bash/shell.h.
  - CVE-2014-6278
* Updated patches with official upstream versions:
  - debian/patches/CVE-2014-6271.diff
  - debian/patches/CVE-2014-7169.diff
  - debian/patches/variables-affix.diff
  - debian/patches/CVE-2014-718x.diff

Author: Marc Deslauriers
Revision Date: 2014-10-07 11:05:06 UTC

* SECURITY UPDATE: incorrect function definition parsing with
  here-document delimited by end-of-file
  - debian/patches/CVE-2014-6277.diff: properly handle closing delimiter
    in bash/copy_cmd.c, bash/make_cmd.c.
  - CVE-2014-6277
* SECURITY UPDATE: incorrect function definition parsing via nested
  command substitutions
  - debian/patches/CVE-2014-6278.diff: properly handle certain parsing
    attempts in bash/builtins/evalstring.c, bash/parse.y, bash/shell.h.
  - CVE-2014-6278
* Updated patches with official upstream versions:
  - debian/patches/CVE-2014-6271.diff
  - debian/patches/CVE-2014-7169.diff
  - debian/patches/variables-affix.diff
  - debian/patches/CVE-2014-718x.diff

Author: Alberto Milone
Revision Date: 2014-09-15 16:21:35 UTC

* debian/substvars:
  - Add support for X ABIs 15 and 18 and for lts-trusty (LP: #1294163).
* New upstream release:
  - Improved compatibility with recent Linux kernels (LP: #1294163).
  - Fixed a bug that could result in system instability while
    restoring the VGA console.
  - Fixed an interaction problem with xserver 1.15 that
    occasionally caused OpenGL applications to continue rendering
    when they are minimized or unmapped.
  - Updated nvidia-bug-report.sh to search the systemd journal for
    X server logs and messages from the NVIDIA kernel module.
  - Added support for X.org xserver ABI 18 (xorg-server 1.16).
  - Fixed a bug that caused corruption or blank screens on monitors
    that use EDID version 1.3 or older when they are connected via
    DisplayPort on graphics boards that use external DisplayPort
    encoders, such as the Quadro FX 4800.

Author: Alberto Milone
Revision Date: 2014-09-15 16:17:18 UTC

* debian/substvars:
  - Add support for X ABIs 15 and 18 and for lts-trusty (LP: #1294163).
* New upstream release:
  - Improved compatibility with recent Linux kernels (LP: #1294163).
  - Fixed a bug that could result in system instability while
    restoring the VGA console.
  - Fixed an interaction problem with xserver 1.15 that
    occasionally caused OpenGL applications to continue rendering
    when they are minimized or unmapped.
  - Updated nvidia-bug-report.sh to search the systemd journal for
    X server logs and messages from the NVIDIA kernel module.
  - Added support for X.org xserver ABI 18 (xorg-server 1.16).
  - Fixed a bug that caused corruption or blank screens on monitors
    that use EDID version 1.3 or older when they are connected via
    DisplayPort on graphics boards that use external DisplayPort
    encoders, such as the Quadro FX 4800.

Author: Marc Deslauriers
Revision Date: 2014-10-02 11:34:40 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  invalid PRI value
  - debian/patches/CVE-2014-3634.patch: limit PRI values in ChangeLog,
    configure.ac, configure, plugins/imfile/imfile.c,
    plugins/imklog/imklog.c, plugins/imklog/ksym.c,
    plugins/imsolaris/imsolaris.c, plugins/imtemplate/imtemplate.c,
    plugins/imuxsock/imuxsock.c, runtime/msg.c, runtime/nsd_gtls.c,
    runtime/parser.c, runtime/rsyslog.h, runtime/rule.c,
    runtime/srutils.c, runtime/syslogd-types.h, tools/syslogd.c.
  - CVE-2014-3634
  - CVE-2014-3683

Author: skypce
Revision Date: 2014-10-01 20:53:55 UTC

patch timeout from 4 to 8

Author: Maarten Lankhorst
Revision Date: 2014-10-01 15:14:26 UTC

Copy package back to precise.

Author: Tim Gardner
Revision Date: 2014-09-30 06:08:43 UTC

* Update Intel Bluetooth devices firmware patch files
  This patch updates firmware patch files for following Intel Bluetooth devices:
  - Intel Wireless Bluetooth 7260
  - Intel Wireless Bluetooth 3160
  This patch fixes
  - sometimes device doesn't response to HCI_reset after multiple reboot
  - issue with HCI stress testing
  - issue with some multi profile cases
  -LP: #1310558

* Update Intel BT devices firmware patch files (7260/3160)
  This patch updates firmware patch files for following Intel Bluetooth Devices:
  - Intel Wireless Bluetooth 7260
  - Intel Wireless Bluetooth 3160
  This firmwares fixes
  - No SCO data over EHCI
  -LP: #1310558

Author: Rafael David Tinoco
Revision Date: 2014-08-14 07:27:54 UTC

* [bzr lp:ubuntu/nss-pam-ldapd revno:19 tag:0.8.8-1]:
  - debian/nslcd.config: properly handle preseeding and reading values
  from the configuration file by forcefully overwriting debconf values
  from nslcd.conf and not overwriting debconf values when reading other
  configuration files. (LP: #1229713)

Author: Tim Gardner
Revision Date: 2014-09-30 06:08:43 UTC

* Update Intel Bluetooth devices firmware patch files
  This patch updates firmware patch files for following Intel Bluetooth devices:
  - Intel Wireless Bluetooth 7260
  - Intel Wireless Bluetooth 3160
  This patch fixes
  - sometimes device doesn't response to HCI_reset after multiple reboot
  - issue with HCI stress testing
  - issue with some multi profile cases
  -LP: #1310558

* Update Intel BT devices firmware patch files (7260/3160)
  This patch updates firmware patch files for following Intel Bluetooth Devices:
  - Intel Wireless Bluetooth 7260
  - Intel Wireless Bluetooth 3160
  This firmwares fixes
  - No SCO data over EHCI
  -LP: #1310558

Author: Tim Gardner
Revision Date: 2014-09-30 06:08:43 UTC

* Update Intel Bluetooth devices firmware patch files
  This patch updates firmware patch files for following Intel Bluetooth devices:
  - Intel Wireless Bluetooth 7260
  - Intel Wireless Bluetooth 3160
  This patch fixes
  - sometimes device doesn't response to HCI_reset after multiple reboot
  - issue with HCI stress testing
  - issue with some multi profile cases
  -LP: #1310558

* Update Intel BT devices firmware patch files (7260/3160)
  This patch updates firmware patch files for following Intel Bluetooth Devices:
  - Intel Wireless Bluetooth 7260
  - Intel Wireless Bluetooth 3160
  This firmwares fixes
  - No SCO data over EHCI
  -LP: #1310558

Author: Marc Deslauriers
Revision Date: 2014-09-25 11:50:27 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  integer overflow and lack of malloc error handling in
  MallocFrameBuffer()
  - debian/patches/CVE-2014-6051-6052.patch: check size and handle
    return code in libvncclient/vncviewer.c, handle return code in
    libvncclient/rfbproto.c.
  - CVE-2014-6051
  - CVE-2014-6052
* SECURITY UPDATE: denial of service via large ClientCutText message
  - debian/patches/CVE-2014-6053.patch: check malloc result in
    libvncserver/rfbserver.c.
  - CVE-2014-6053
* SECURITY UPDATE: denial of service via zero scaling factor
  - debian/patches/CVE-2014-6054.patch: prevent zero scaling factor in
    libvncserver/rfbserver.c, check for integer overflow in
    libvncserver/scale.c.
  - CVE-2014-6054
* SECURITY UPDATE: denial of service and possible code execution via
  stack overflows in File Transfer feature
  - debian/patches/CVE-2014-6055.patch: check sizes in
    libvncserver/rfbserver.c.
  - CVE-2014-6055

Author: Marc Deslauriers
Revision Date: 2014-09-25 11:50:27 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  integer overflow and lack of malloc error handling in
  MallocFrameBuffer()
  - debian/patches/CVE-2014-6051-6052.patch: check size and handle
    return code in libvncclient/vncviewer.c, handle return code in
    libvncclient/rfbproto.c.
  - CVE-2014-6051
  - CVE-2014-6052
* SECURITY UPDATE: denial of service via large ClientCutText message
  - debian/patches/CVE-2014-6053.patch: check malloc result in
    libvncserver/rfbserver.c.
  - CVE-2014-6053
* SECURITY UPDATE: denial of service via zero scaling factor
  - debian/patches/CVE-2014-6054.patch: prevent zero scaling factor in
    libvncserver/rfbserver.c, check for integer overflow in
    libvncserver/scale.c.
  - CVE-2014-6054
* SECURITY UPDATE: denial of service and possible code execution via
  stack overflows in File Transfer feature
  - debian/patches/CVE-2014-6055.patch: check sizes in
    libvncserver/rfbserver.c.
  - CVE-2014-6055

Author: Serge Hallyn
Revision Date: 2014-09-22 15:08:50 UTC

* d/p/vdeterm-terminal-reset.patch: * Fix bug when vdeterm exits too early
  and improperly resets the terminal (LP: #804647)
* d/p/fix-splitpacket-bug.patch: attempt to backport the fix to the
  splitpacket() bug from the upstream svn fix. (LP: #629439)

Author: Serge Hallyn
Revision Date: 2014-09-23 12:14:54 UTC

haproxy.init: return 0 on stop if haproxy was not running. (LP: #1038139)

Author: Colin Watson
Revision Date: 2014-09-23 11:58:23 UTC

Cache the value of man-db/auto-update in the file system, so that we
don't have to talk to debconf when processing triggers (LP: #1372673).

Author: Colin Watson
Revision Date: 2014-09-23 11:58:23 UTC

Cache the value of man-db/auto-update in the file system, so that we
don't have to talk to debconf when processing triggers (LP: #1372673).

Author: Colin Watson
Revision Date: 2012-03-19 21:43:57 UTC

bin/casper-reconfigure: Unset DEBIAN_HAS_FRONTEND, DEBIAN_FRONTEND, and
DEBCONF_REDIR so that casper-reconfigure properly uses the
noninteractive frontend when invoked from a ubiquity target-config hook
(LP: #955617).

Author: Marc Deslauriers
Revision Date: 2014-09-19 08:08:04 UTC

* Update to 4.10.7 to support nss security update.
* Removed unneeded patches:
  - debian/patches/81_sonames.patch: not applied.
  - debian/patches/CVE-2013-5607.patch: included upstream.
  - debian/patches/CVE-2014-1545.patch: included upstream.
* debian/libnspr4.symbols: updated for new version.
* debian/rules: adjust paths.

Author: Marc Deslauriers
Revision Date: 2014-09-19 08:08:04 UTC

* Update to 4.10.7 to support nss security update.
* Removed unneeded patches:
  - debian/patches/81_sonames.patch: not applied.
  - debian/patches/CVE-2013-5607.patch: included upstream.
  - debian/patches/CVE-2014-1545.patch: included upstream.
* debian/libnspr4.symbols: updated for new version.
* debian/rules: adjust paths.

Author: Scott Kitterman
Revision Date: 2014-09-18 23:48:33 UTC

* Source backport for 12.04 (LP: #1371412)
  - Rip out python3 support since python3.3 is required

Author: Colin Watson
Revision Date: 2014-09-17 12:43:54 UTC

releasing package grub2 version 1.99-21ubuntu3.17

Author: Felix Geyer
Revision Date: 2014-09-10 17:39:20 UTC

No-change backport to precise (LP: #1367798)

Author: Marc Deslauriers
Revision Date: 2014-09-09 14:37:19 UTC

* SECURITY UPDATE: incorrect url validation in core.urlresolvers.reverse
  - debian/patches/CVE-2014-0480.patch: prevent reverse() from generating
    URLs pointing to other hosts in django/core/urlresolvers.py, added
    tests to tests/regressiontests/urlpatterns_reverse/{tests,urls}.py.
  - CVE-2014-0480
* SECURITY UPDATE: denial of service via file upload handling
  - debian/patches/CVE-2014-0481.patch: remove O(n) algorithm in
    django/core/files/storage.py, updated docs in
    docs/howto/custom-file-storage.txt, docs/ref/files/storage.txt,
    added tests to tests/modeltests/files/tests.py,
    tests/regressiontests/file_storage/tests.py, backport
    get_random_string() to django/utils/crypto.py.
  - CVE-2014-0481
* SECURITY UPDATE: web session hijack via REMOTE_USER header
  - debian/patches/CVE-2014-0482.patch: modified RemoteUserMiddleware to
    logout on REMOTE_USE change in django/contrib/auth/middleware.py,
    added test to django/contrib/auth/tests/remote_user.py.
  - CVE-2014-0482
* SECURITY UPDATE: data leak in contrib.admin via query string manipulation
  - debian/patches/CVE-2014-0483.patch: validate to_field in
    django/contrib/admin/{options,exceptions}.py,
    django/contrib/admin/views/main.py, added tests to
    tests/regressiontests/admin_views/tests.py.
  - debian/patches/CVE-2014-0483-bug23329.patch: regression fix in
    django/contrib/admin/options.py, added tests to
    tests/regressiontests/admin_views/{models,tests}.py.
  - debian/patches/CVE-2014-0483-bug23431.patch: regression fix in
    django/contrib/admin/options.py, added tests to
    tests/regressiontests/admin_views/{models,tests}.py.
  - CVE-2014-0483

Author: Marc Deslauriers
Revision Date: 2014-09-09 14:37:19 UTC

* SECURITY UPDATE: incorrect url validation in core.urlresolvers.reverse
  - debian/patches/CVE-2014-0480.patch: prevent reverse() from generating
    URLs pointing to other hosts in django/core/urlresolvers.py, added
    tests to tests/regressiontests/urlpatterns_reverse/{tests,urls}.py.
  - CVE-2014-0480
* SECURITY UPDATE: denial of service via file upload handling
  - debian/patches/CVE-2014-0481.patch: remove O(n) algorithm in
    django/core/files/storage.py, updated docs in
    docs/howto/custom-file-storage.txt, docs/ref/files/storage.txt,
    added tests to tests/modeltests/files/tests.py,
    tests/regressiontests/file_storage/tests.py, backport
    get_random_string() to django/utils/crypto.py.
  - CVE-2014-0481
* SECURITY UPDATE: web session hijack via REMOTE_USER header
  - debian/patches/CVE-2014-0482.patch: modified RemoteUserMiddleware to
    logout on REMOTE_USE change in django/contrib/auth/middleware.py,
    added test to django/contrib/auth/tests/remote_user.py.
  - CVE-2014-0482
* SECURITY UPDATE: data leak in contrib.admin via query string manipulation
  - debian/patches/CVE-2014-0483.patch: validate to_field in
    django/contrib/admin/{options,exceptions}.py,
    django/contrib/admin/views/main.py, added tests to
    tests/regressiontests/admin_views/tests.py.
  - debian/patches/CVE-2014-0483-bug23329.patch: regression fix in
    django/contrib/admin/options.py, added tests to
    tests/regressiontests/admin_views/{models,tests}.py.
  - debian/patches/CVE-2014-0483-bug23431.patch: regression fix in
    django/contrib/admin/options.py, added tests to
    tests/regressiontests/admin_views/{models,tests}.py.
  - CVE-2014-0483

Author: Marc Deslauriers
Revision Date: 2014-09-09 07:53:48 UTC

* SECURITY UPDATE: possible arbitrary code execution via race condition
  - debian/patches/CVE-2014-1544.patch: prevent
    nssTrustDomain_AddCertsToCache from freeing the CERTCertificate
    associated with the NSSCertificate in nss/lib/pk11wrap/pk11cert.c.
  - CVE-2014-1544

Author: Rafael David Tinoco
Revision Date: 2014-08-28 10:48:37 UTC

* Fix needed for bug #1333462 broke ABI: a new partition flag was created.
* Pyparted needs to be recompiled. (LP: #1350946)

Author: Marc Deslauriers
Revision Date: 2014-09-04 09:42:55 UTC

* SECURITY UPDATE: heap overflow in formail via malformed from header
  - debian/patches/CVE-2014-3618.patch: handle unbalanced quotes in
    src/formisc.c.
  - CVE-2014-3618

Author: Marc Deslauriers
Revision Date: 2014-09-04 09:42:55 UTC

* SECURITY UPDATE: heap overflow in formail via malformed from header
  - debian/patches/CVE-2014-3618.patch: handle unbalanced quotes in
    src/formisc.c.
  - CVE-2014-3618

Author: Marc Deslauriers
Revision Date: 2014-09-02 12:47:05 UTC

* SECURITY UPDATE: possible code execution via overflow in vararg
  functions (LP: #1362278)
  - debian/patches/CVE-2014-5461.patch: properly calculate length in
    src/ldo.c.
  - CVE-2014-5461

Author: Marc Deslauriers
Revision Date: 2014-09-03 07:39:25 UTC

* SECURITY UPDATE: possible code execution via overflow in vararg
  functions (LP: #1362278)
  - debian/patches/CVE-2014-5461.patch: properly calculate length in
    src/ldo.c.
  - CVE-2014-5461

Author: Marc Deslauriers
Revision Date: 2014-09-02 12:47:05 UTC

* SECURITY UPDATE: possible code execution via overflow in vararg
  functions (LP: #1362278)
  - debian/patches/CVE-2014-5461.patch: properly calculate length in
    src/ldo.c.
  - CVE-2014-5461

Author: Marc Deslauriers
Revision Date: 2014-09-03 07:39:25 UTC

* SECURITY UPDATE: possible code execution via overflow in vararg
  functions (LP: #1362278)
  - debian/patches/CVE-2014-5461.patch: properly calculate length in
    src/ldo.c.
  - CVE-2014-5461

Author: Rafael David Tinoco
Revision Date: 2014-08-28 10:48:37 UTC

* Fix needed for bug #1333462 broke ABI: a new partition flag was created.
* Pyparted needs to be recompiled. (LP: #1350946)

Author: Tim Gardner
Revision Date: 2014-06-24 14:01:33 UTC

Detect that a module is built into the kernel.
Backported from Utopic.
-LP: #1309860

Author: Jamie Strandboge
Revision Date: 2014-08-26 13:55:57 UTC

* SECURITY UPDATE: Ignore Range headers with unidentifiable byte-range
  values
  - debian/patches/CVE-2014-3609.patch: adjust src/HttpHdrRange.cc to
    return an error if unable to determine the byte value for ranges
  - CVE-2014-3609

Author: Jamie Strandboge
Revision Date: 2014-08-26 13:55:57 UTC

* SECURITY UPDATE: Ignore Range headers with unidentifiable byte-range
  values
  - debian/patches/CVE-2014-3609.patch: adjust src/HttpHdrRange.cc to
    return an error if unable to determine the byte value for ranges
  - CVE-2014-3609

Author: Iain Lane
Revision Date: 2014-08-25 21:38:04 UTC

No-change backport to precise (LP: #1361340)

Author: Ubuntu language pack builders
Revision Date: 2014-01-07 06:30:04 UTC

Initial release.

Author: Chris J Arges
Revision Date: 2014-08-19 15:00:53 UTC

Enable non-kernel facility klog messages. (LP: #1274444)

Author: Ivan Prisyazhniy
Revision Date: 2014-08-19 12:59:49 UTC

Remove old patch

Author: Marc Deslauriers
Revision Date: 2014-08-19 09:41:45 UTC

* SECURITY UPDATE: side-channel attack on Elgamal encryption subkeys
  - debian/patches/CVE-2014-5270.dpatch: use sliding window method for
    exponentiation algorithm in mpi/mpi-pow.c.
  - CVE-2014-5270

Author: Marc Deslauriers
Revision Date: 2014-08-19 09:41:45 UTC

* SECURITY UPDATE: side-channel attack on Elgamal encryption subkeys
  - debian/patches/CVE-2014-5270.dpatch: use sliding window method for
    exponentiation algorithm in mpi/mpi-pow.c.
  - CVE-2014-5270

Author: Marc Deslauriers
Revision Date: 2014-08-14 10:51:37 UTC

* SECURITY UPDATE: cert spoofing via NUL characters in CommonName and
  SubjectAltNames
  - debian/patches/CVE-2014-3504.patch: escape null bytes in
    buckets/ssl_buckets.c.
  - CVE-2014-3504

Author: Marc Deslauriers
Revision Date: 2014-08-14 10:51:37 UTC

* SECURITY UPDATE: cert spoofing via NUL characters in CommonName and
  SubjectAltNames
  - debian/patches/CVE-2014-3504.patch: escape null bytes in
    buckets/ssl_buckets.c.
  - CVE-2014-3504

Author: Ubuntu language pack builders
Revision Date: 2014-08-14 10:35:10 UTC

Automatic update to latest translation data.

Author: Ubuntu language pack builders
Revision Date: 2014-08-14 10:35:10 UTC

Automatic update to latest translation data.

Author: Rafael David Tinoco
Revision Date: 2014-08-14 07:27:54 UTC

* [bzr lp:ubuntu/nss-pam-ldapd revno:19 tag:0.8.8-1]:
  - debian/nslcd.config: properly handle preseeding and reading values
  from the configuration file by forcefully overwriting debconf values
  from nslcd.conf and not overwriting debconf values when reading other
  configuration files. (LP: #1229713)

Author: Tim Gardner
Revision Date: 2014-08-13 08:13:54 UTC

Forgot to remove B43 logic from debian/rules. Fixes FTBS.
Revised changelog entry for 1.11ubuntu3

Author: Tim Gardner
Revision Date: 2014-08-13 08:13:54 UTC

Forgot to remove B43 logic from debian/rules. Fixes FTBS.
Revised changelog entry for 1.11ubuntu3

Author: Scott Howard
Revision Date: 2014-05-19 13:56:33 UTC

bitcoin is very out of date and has been removed from Ubuntu
Please see upstream sources at
https://github.com/bitcoin/bitcoin/ or the PPA at
https://launchpad.net/~bitcoin/+archive/bitcoin (LP: #1314616)

Author: Chow Loong Jin
Revision Date: 2014-08-07 12:12:40 UTC

[cbe8d38] Drop Amazon redirect url patch.
Ubuntu server no longer exists (LP: #1344763)

Author: Jamie Strandboge
Revision Date: 2014-08-11 14:13:58 UTC

* SECURITY UPDATE: Fix TLS Message Length validation
  - debian/patches/CVE-2012-4445.patch: properly validate TLS Message
    Length when using EAP-TLS server
  - CVE-2012-4445

Author: Jamie Strandboge
Revision Date: 2014-08-11 14:13:58 UTC

* SECURITY UPDATE: Fix TLS Message Length validation
  - debian/patches/CVE-2012-4445.patch: properly validate TLS Message
    Length when using EAP-TLS server
  - CVE-2012-4445

Author: Marc Deslauriers
Revision Date: 2014-08-11 10:16:11 UTC

No change rebuild in the security pocket to ensure compatibility
with the linux-lts-trusty kernel.

Author: Marc Deslauriers
Revision Date: 2014-08-11 10:16:11 UTC

No change rebuild in the security pocket to ensure compatibility
with the linux-lts-trusty kernel.

Author: Joseph S Tate
Revision Date: 2014-08-08 20:29:37 UTC

Backport to precise

Author: Marc Deslauriers
Revision Date: 2014-08-08 14:06:12 UTC

fake sync from Debian

Author: Marc Deslauriers
Revision Date: 2014-08-08 14:06:12 UTC

fake sync from Debian

Author: Chow Loong Jin
Revision Date: 2014-08-07 12:12:40 UTC

[cbe8d38] Drop Amazon redirect url patch.
Ubuntu server no longer exists (LP: #1344763)

Author: Bin Li
Revision Date: 2014-04-02 10:52:39 UTC

Disable the input/output bar when no input/output devices (LP: #1291862)

Author: Stéphane Graber
Revision Date: 2014-08-06 11:56:54 UTC

Bump the supported SMBIOS to avoid error on qemu 2.1 leading to
broken automatic hostname (and installer crash). (LP: #1353531)

Author: Stéphane Graber
Revision Date: 2014-08-06 11:56:54 UTC

Bump the supported SMBIOS to avoid error on qemu 2.1 leading to
broken automatic hostname (and installer crash). (LP: #1353531)

Author: Marc Deslauriers
Revision Date: 2014-08-01 08:53:14 UTC

* SECURITY UPDATE: denial of service via different line lengths
  - debian/patches/CVE-2014-3564.dpatch: correctly calculate size of
    buffers in src/engine-gpgsm.c.
  - CVE-2014-3564

Author: Marc Deslauriers
Revision Date: 2014-08-01 08:53:14 UTC

* SECURITY UPDATE: denial of service via different line lengths
  - debian/patches/CVE-2014-3564.dpatch: correctly calculate size of
    buffers in src/engine-gpgsm.c.
  - CVE-2014-3564

Author: Marc Deslauriers
Revision Date: 2014-08-05 14:52:52 UTC

* SECURITY UPDATE: arbitrary code execution in compare_versions
  (LP: #1353046)
  - reportbug/checkversions.py: don't use os.system to compare versions.
  - reportbug/__init__.py: update version number.
  - CVE-2014-0479

Author: Marc Deslauriers
Revision Date: 2014-08-05 14:52:52 UTC

* SECURITY UPDATE: arbitrary code execution in compare_versions
  (LP: #1353046)
  - reportbug/checkversions.py: don't use os.system to compare versions.
  - reportbug/__init__.py: update version number.
  - CVE-2014-0479

Author: Chris Coulson
Revision Date: 2014-08-05 17:09:05 UTC

Backport from trusty in order to build Chromium

Author: Chris Coulson
Revision Date: 2014-08-05 17:09:05 UTC

Backport from trusty in order to build Chromium