Branches for Quantal

Author: Marc Deslauriers
Revision Date: 2013-10-25 11:40:28 UTC

debian/patches/9005_ubuntu_releases.patch: update list of Ubuntu
releases. (LP: #1192290)

Author: Jonathan Riddell
Revision Date: 2013-07-03 14:01:50 UTC

Quantal update from saucy LP: #1079150

Author: Dave Chiluk
Revision Date: 2013-10-28 10:51:35 UTC

Avoid SEGV if file2str should read zero bytes. This is a backport of
526bc5df from upstream. When utility buffers were introduced for file2str
read requests, a subtle change was inadvertently introduced such that a
read of zero no longer returns a -1 value. This returns to the behavior to
returning -1 on zero byte reads. (LP: #1242746)

Author: Graham Inggs
Revision Date: 2013-06-09 12:01:12 UTC

* Provide a libmotif3 transitional package (LP: #1187507)
* Remove update-menu created configuration files on purge (LP: #1187534)

Author: Dave Chiluk
Revision Date: 2013-10-28 10:51:35 UTC

Avoid SEGV if file2str should read zero bytes. This is a backport of
526bc5df from upstream. When utility buffers were introduced for file2str
read requests, a subtle change was inadvertently introduced such that a
read of zero no longer returns a -1 value. This returns to the behavior to
returning -1 on zero byte reads. (LP: #1242746)

Author: Louis Bouchard
Revision Date: 2013-10-25 10:45:37 UTC

* debian/patches/10fixignoremissing.dpatch
  - Fix a utility function that tried to ignore missing files, but
    didn't. Also fixed not try to handle non-OSError exceptions
    Fixes a possible crasher. (LP: #1216921)
    Patch by Matthias Witte.

Author: Felix Geyer
Revision Date: 2013-10-13 15:31:57 UTC

* SECURITY UPDATE: Disable SSLv2 and weak ciphers in the TLS driver.
  (LP: #1239307)
  - debian/patches/disable-ssl2.patch, patch from Debian
  - debian/patches/disable-insecure-ssl-cyphers.patch, patch from Debian
  - CVE-2013-6169

Author: Felix Geyer
Revision Date: 2013-10-11 19:44:31 UTC

* SECURITY UPDATE: heap buffer overwrite. (LP: #1238242)
  - Add debian/patches/20_CVE-2013-4365.dpatch, patch from upstream.
  - CVE-2013-4365

Author: Felix Geyer
Revision Date: 2013-10-13 15:31:57 UTC

* SECURITY UPDATE: Disable SSLv2 and weak ciphers in the TLS driver.
  (LP: #1239307)
  - debian/patches/disable-ssl2.patch, patch from Debian
  - debian/patches/disable-insecure-ssl-cyphers.patch, patch from Debian
  - CVE-2013-6169

Author: Felix Geyer
Revision Date: 2013-10-11 19:44:31 UTC

* SECURITY UPDATE: heap buffer overwrite. (LP: #1238242)
  - Add debian/patches/20_CVE-2013-4365.dpatch, patch from upstream.
  - CVE-2013-4365

Author: Julian Taylor
Revision Date: 2013-10-02 19:11:49 UTC

* debian/patches/00_git_fix_geometry_on_focusout.patch:
   - backport an upstream patch to not resize the geometry when having tabs
     on focus out (LP: #1040885)

Author: Marc Deslauriers
Revision Date: 2013-07-04 08:37:54 UTC

* SECURITY UPDATE: insecure temporary directory usage
  - debian/patches/02-fix-unsecure-cache-path.patch: use mkdtemp() in
    suds/cache.py. Patch obtained from Debian's 0.4.1-8.
  - CVE-2013-2217

Author: Jamie Strandboge
Revision Date: 2013-10-21 15:48:27 UTC

* SECURITY UPDATE: properly honor the is_public flag
  - debian/patches/CVE-2013-2256.patch, CVE-2013-4278.patch: add enforcement
    of is_public in the db layer (LP: #1194093, LP: #1212179)
  - CVE-2013-2256, CVE-2013-4278
* SECURITY UPDATE: denial of service with network security group policy
  updates
  - debian/patches/CVE-2013-4185.patch: use cached nwinfo for secgroup rules
    (LP: #1184041)
  - CVE-2013-4185

Author: Jamie Strandboge
Revision Date: 2013-10-21 15:48:27 UTC

* SECURITY UPDATE: properly honor the is_public flag
  - debian/patches/CVE-2013-2256.patch, CVE-2013-4278.patch: add enforcement
    of is_public in the db layer (LP: #1194093, LP: #1212179)
  - CVE-2013-2256, CVE-2013-4278
* SECURITY UPDATE: denial of service with network security group policy
  updates
  - debian/patches/CVE-2013-4185.patch: use cached nwinfo for secgroup rules
    (LP: #1184041)
  - CVE-2013-4185

Author: Jamie Strandboge
Revision Date: 2013-10-22 13:42:27 UTC

* SECURITY UPDATE: enforce 'download_image' policy in cache middleware
  - debian/patches/CVE-2013-4428.patch: fix confusing behavior when using
    download_image. Ie, return 403 rather than empty content (LP: #1235378)
  - CVE-2013-4428

Author: Jamie Strandboge
Revision Date: 2013-10-22 13:42:27 UTC

* SECURITY UPDATE: enforce 'download_image' policy in cache middleware
  - debian/patches/CVE-2013-4428.patch: fix confusing behavior when using
    download_image. Ie, return 403 rather than empty content (LP: #1235378)
  - CVE-2013-4428

Author: Jamie Strandboge
Revision Date: 2013-10-22 10:09:33 UTC

* SECURITY UPDATE: revoke user tokens when disabling/delete a project
  - debian/patches/CVE-2013-4222.patch: add _delete_tokens_for_project() to
    common/controller.py and use it in identity/controllers.py
    (LP: #1179955)
  - CVE-2013-4222
* SECURITY UPDATE: fix and test token revocation list API
  - debian/patches/CVE-2013-4294.patch: fix token matching for memcache
    backend token revocation (LP: #1202952)
  - CVE-2013-4294

Author: Jamie Strandboge
Revision Date: 2013-10-22 10:09:33 UTC

* SECURITY UPDATE: revoke user tokens when disabling/delete a project
  - debian/patches/CVE-2013-4222.patch: add _delete_tokens_for_project() to
    common/controller.py and use it in identity/controllers.py
    (LP: #1179955)
  - CVE-2013-4222
* SECURITY UPDATE: fix and test token revocation list API
  - debian/patches/CVE-2013-4294.patch: fix token matching for memcache
    backend token revocation (LP: #1202952)
  - CVE-2013-4294

Author: Adam Stokes
Revision Date: 2013-09-27 11:43:13 UTC

* debian/patches/05_fix_address_comparison.patch:
  - Two different IPv4 addresses were returned to be
    equal while this was not the case. (LP: #1211876)

Author: Jonathan Riddell
Revision Date: 2013-09-11 16:29:12 UTC

Replace medibuntu with VideoLan in install-css.sh LP: #1223928

Author: Julian Taylor
Revision Date: 2013-10-02 19:11:49 UTC

* debian/patches/00_git_fix_geometry_on_focusout.patch:
   - backport an upstream patch to not resize the geometry when having tabs
     on focus out (LP: #1040885)

Author: Graham Inggs
Revision Date: 2013-06-09 12:01:12 UTC

* Provide a libmotif3 transitional package (LP: #1187507)
* Remove update-menu created configuration files on purge (LP: #1187534)

Author: Chris J Arges
Revision Date: 2013-02-08 09:50:51 UTC

Fix failures when there are spaces in a resource name. (LP: #962046)

Author: Marc Deslauriers
Revision Date: 2013-10-07 15:50:38 UTC

* SECURITY UPDATE: incorrect no-usage-permitted flag handling
  - debian/patches/CVE-2013-4351.patch: correctly handle empty key flags
    in g10/getkey.c, g10/keygen.c, include/cipher.h.
  - CVE-2013-4351
* SECURITY UPDATE: denial of service via infinite recursion
  - debian/patches/CVE-2013-4402.patch: set limits on number of filters
    and nested packets in common/iobuf.c, g10/mainproc.c.
  - CVE-2013-4402

Author: Marc Deslauriers
Revision Date: 2013-10-07 15:50:38 UTC

* SECURITY UPDATE: incorrect no-usage-permitted flag handling
  - debian/patches/CVE-2013-4351.patch: correctly handle empty key flags
    in g10/getkey.c, g10/keygen.c, include/cipher.h.
  - CVE-2013-4351
* SECURITY UPDATE: denial of service via infinite recursion
  - debian/patches/CVE-2013-4402.patch: set limits on number of filters
    and nested packets in common/iobuf.c, g10/mainproc.c.
  - CVE-2013-4402

Author: Paolo Pisati
Revision Date: 2013-10-02 14:07:11 UTC

* Release Tracking Bug
  - LP: #1233918

[ Paolo Pisati ]

* rebased on Ubuntu-3.5.0-42.65

[ Ubuntu: 3.5.0-42.65 ]

* Release Tracking Bug
  - LP: #1233787
* drm/i915: Make data/link N value power of two
  - LP: #1212376
* isofs: Refuse RW mount of the filesystem instead of making it RO
  - LP: #1228751
* udf: Standardize return values in mount sequence
  - LP: #1228751
* udf: Refuse RW mount of the filesystem instead of making it RO
  - LP: #1228751
* cciss: fix info leak in cciss_ioctl32_passthru()
  - LP: #1188355
  - CVE-2013-2147
* cpqarray: fix info leak in ida_locked_ioctl()
  - LP: #1188355
  - CVE-2013-2147

Author: Adam Stokes
Revision Date: 2013-09-27 11:43:13 UTC

* debian/patches/05_fix_address_comparison.patch:
  - Two different IPv4 addresses were returned to be
    equal while this was not the case. (LP: #1211876)

Author: Daniel Manrique
Revision Date: 2013-10-03 15:49:40 UTC

Reverted removal of Ubuntu Friendly in checkbox-qt.desktop.in file to
better comply with SRU policy.

Author: Colin Watson
Revision Date: 2013-10-03 14:51:28 UTC

Fix apt-ftparchive's generation of SHA512 checksums for Sources,
previously incorrectly generated as SHA256 (LP: #1234705).

Author: Colin Watson
Revision Date: 2013-10-03 14:51:28 UTC

Fix apt-ftparchive's generation of SHA512 checksums for Sources,
previously incorrectly generated as SHA256 (LP: #1234705).

Author: Marc Deslauriers
Revision Date: 2013-09-03 12:36:35 UTC

* SECURITY UPDATE: denial and possible code execution via multiple buffer
  overflows
  - server/os/utils.c: properly validate listen port.
  - server/os/connection.c, server/os/access.c, server/os/osinit.c,
    server/os/aulog.c, server/os/iopreader.c: use snprintf, strncpy, and
    strncat.
  - CVE-2013-4256
  - CVE-2013-4257

Author: Marc Deslauriers
Revision Date: 2013-09-03 12:36:35 UTC

* SECURITY UPDATE: denial and possible code execution via multiple buffer
  overflows
  - server/os/utils.c: properly validate listen port.
  - server/os/connection.c, server/os/access.c, server/os/osinit.c,
    server/os/aulog.c, server/os/iopreader.c: use snprintf, strncpy, and
    strncat.
  - CVE-2013-4256
  - CVE-2013-4257

Author: Scott Kitterman
Revision Date: 2013-10-01 00:49:00 UTC

* SECURITY UPDATE: denial of service via crafted photo files
  - debian/patches/CVE-2013-143x.patch: add more checks to
    libraw/internal/dcraw_common.cpp, libraw/src/libraw_datastream.cpp.
  - CVE-2013-1438
  - CVE-2013-1439

Author: Scott Kitterman
Revision Date: 2013-10-01 00:49:00 UTC

* SECURITY UPDATE: denial of service via crafted photo files
  - debian/patches/CVE-2013-143x.patch: add more checks to
    libraw/internal/dcraw_common.cpp, libraw/src/libraw_datastream.cpp.
  - CVE-2013-1438
  - CVE-2013-1439

Author: Marc Deslauriers
Revision Date: 2013-09-26 11:21:58 UTC

* SECURITY UPDATE: unsafe use of temp file
  - debian/patches/debian/changes-1.5.5-2.1: removed left-over debugging
    that resulted in a temp file issue.
  - CVE-2013-1444

Author: Marc Deslauriers
Revision Date: 2013-09-26 11:21:58 UTC

* SECURITY UPDATE: unsafe use of temp file
  - debian/patches/debian/changes-1.5.5-2.1: removed left-over debugging
    that resulted in a temp file issue.
  - CVE-2013-1444

Author: Marc Deslauriers
Revision Date: 2013-09-27 13:49:56 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  strcoll overflows
  - debian/patches/any/CVE-2012-44xx.diff: fix overflows in
    string/strcoll_l.c, add test to string/tst-strcoll-overflow.c,
    string/Makefile.
  - CVE-2012-4412
  - CVE-2012-4424
* SECURITY UPDATE: denial of service in regular expression matcher
  - debian/patches/any/CVE-2013-0242.diff: fix buffer overrun in
    posix/regexec.c, add test to posix/bug-regex34.c, posix/Makefile.
  - CVE-2013-0242
* SECURITY UPDATE: denial of service in getaddrinfo
  - debian/patches/any/CVE-2013-1914.diff: fix overflow in
    sysdeps/posix/getaddrinfo.c.
  - CVE-2013-1914
* SECURITY UPDATE: denial of service and possible code execution via
  readdir_r
  - debian/patches/any/CVE-2013-4237.diff: enforce NAME_MAX limit in
    sysdeps/unix/readdir_r.c, add errcode to sysdeps/unix/dirstream.h,
    sysdeps/unix/opendir.c, sysdeps/unix/rewinddir.c, remove
    GETDENTS_64BIT_ALIGNED from
    sysdeps/unix/sysv/linux/i386/readdir64_r.c,
    sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c.
  - CVE-2013-4237
* SECURITY UPDATE: denial of service and possible code execution via
  overflows in memory allocator
  - debian/patches/any/CVE-2013-4332.diff: check for overflows in
    malloc/malloc.c.
  - CVE-2013-4332

Author: Marc Deslauriers
Revision Date: 2013-09-26 22:40:21 UTC

* SECURITY UPDATE: denial of service via malformed data
  - debian/patches/CVE-2013-5745.patch: close clients in a deferred state
    in server/libvncserver/rfbserver.c.
  - CVE-2013-5745

Author: Marc Deslauriers
Revision Date: 2013-09-26 22:40:21 UTC

* SECURITY UPDATE: denial of service via malformed data
  - debian/patches/CVE-2013-5745.patch: close clients in a deferred state
    in server/libvncserver/rfbserver.c.
  - CVE-2013-5745

Author: Steve Langasek
Revision Date: 2013-09-24 14:35:28 UTC

Backport to update SecureBoot support. LP: #1229572.

Author: Marc Deslauriers
Revision Date: 2013-09-20 15:45:11 UTC

* SECURITY UPDATE: incorrect ssl cert validation via NUL byte in
  subjectAltName
  - debian/patches/CVE-2013-4314.patch: fix leak in OpenSSL/crypto/x509.c,
    properly handle subjectAltName in OpenSSL/crypto/x509ext.c, added
    tests to OpenSSL/test/test_crypto.py.
  - CVE-2013-4314

Author: Marc Deslauriers
Revision Date: 2013-09-20 15:45:11 UTC

* SECURITY UPDATE: incorrect ssl cert validation via NUL byte in
  subjectAltName
  - debian/patches/CVE-2013-4314.patch: fix leak in OpenSSL/crypto/x509.c,
    properly handle subjectAltName in OpenSSL/crypto/x509ext.c, added
    tests to OpenSSL/test/test_crypto.py.
  - CVE-2013-4314

Author: Marc Deslauriers
Revision Date: 2013-09-20 12:35:15 UTC

* SECURITY UPDATE: denial of service via crafted photo files
  - debian/patches/CVE-2013-143x.patch: add more checks to
    internal/dcraw_common.cpp, src/libraw_datastream.cpp.
  - CVE-2013-1438
  - CVE-2013-1439

Author: Marc Deslauriers
Revision Date: 2013-09-20 12:35:15 UTC

* SECURITY UPDATE: denial of service via crafted photo files
  - debian/patches/CVE-2013-143x.patch: add more checks to
    internal/dcraw_common.cpp, src/libraw_datastream.cpp.
  - CVE-2013-1438
  - CVE-2013-1439

Author: Jonathan Riddell
Revision Date: 2013-09-11 16:29:12 UTC

Replace medibuntu with VideoLan in install-css.sh LP: #1223928

Author: Marc Deslauriers
Revision Date: 2013-09-13 13:29:47 UTC

* SECURITY UPDATE: possible privilege escalation via policykit UID lookup
  race.
  - debian/patches/CVE-2013-4326.patch: pass UID of caller to policykit
    in rtkit-daemon.c.
  - CVE-2013-4326

Author: Marc Deslauriers
Revision Date: 2013-09-13 09:16:23 UTC

* SECURITY UPDATE: possible privilege escalation via policykit UID lookup
  race.
  - UbuntuSystemService/utils.py: pass system-bus-name as a subject
    instead of pid so policykit can get the information from the system
    bus.
  - CVE-2013-1062

Author: Marc Deslauriers
Revision Date: 2013-09-13 10:13:48 UTC

* SECURITY UPDATE: possible privilege escalation via policykit UID lookup
  race.
  - bin/usb-creator-helper: pass system-bus-name as a subject instead of
    pid so policykit can get the information from the system bus.
  - CVE-2013-1063

Author: Marc Deslauriers
Revision Date: 2013-09-13 10:06:46 UTC

* SECURITY UPDATE: possible privilege escalation via policykit UID lookup
  race.
  - softwareproperties/dbus/SoftwarePropertiesDBus.py: pass
    system-bus-name as a subject instead of pid so policykit can get the
    information from the system bus.
  - CVE-2013-1061
* This package does _not_ contain the changes from 0.92.9.1 in -proposed.

Author: Marc Deslauriers
Revision Date: 2013-09-13 14:46:56 UTC

* SECURITY UPDATE: possible privilege escalation via policykit UID lookup
  race.
  - debian/patches/CVE-2013-1064.patch: pass system-bus-name as a subject
    instead of pid so policykit can get the information from the system
    bus in update-apt-xapian-index-dbus.
  - CVE-2013-1064

Author: Marc Deslauriers
Revision Date: 2013-09-13 10:13:48 UTC

* SECURITY UPDATE: possible privilege escalation via policykit UID lookup
  race.
  - bin/usb-creator-helper: pass system-bus-name as a subject instead of
    pid so policykit can get the information from the system bus.
  - CVE-2013-1063

Author: Marc Deslauriers
Revision Date: 2013-09-13 10:06:46 UTC

* SECURITY UPDATE: possible privilege escalation via policykit UID lookup
  race.
  - softwareproperties/dbus/SoftwarePropertiesDBus.py: pass
    system-bus-name as a subject instead of pid so policykit can get the
    information from the system bus.
  - CVE-2013-1061
* This package does _not_ contain the changes from 0.92.9.1 in -proposed.

Author: Marc Deslauriers
Revision Date: 2013-09-13 09:16:23 UTC

* SECURITY UPDATE: possible privilege escalation via policykit UID lookup
  race.
  - UbuntuSystemService/utils.py: pass system-bus-name as a subject
    instead of pid so policykit can get the information from the system
    bus.
  - CVE-2013-1062

Author: Marc Deslauriers
Revision Date: 2013-09-13 13:29:47 UTC

* SECURITY UPDATE: possible privilege escalation via policykit UID lookup
  race.
  - debian/patches/CVE-2013-4326.patch: pass UID of caller to policykit
    in rtkit-daemon.c.
  - CVE-2013-4326

Author: Marc Deslauriers
Revision Date: 2013-09-13 14:46:56 UTC

* SECURITY UPDATE: possible privilege escalation via policykit UID lookup
  race.
  - debian/patches/CVE-2013-1064.patch: pass system-bus-name as a subject
    instead of pid so policykit can get the information from the system
    bus in update-apt-xapian-index-dbus.
  - CVE-2013-1064

Author: Scott Moser
Revision Date: 2013-08-30 10:53:09 UTC

* Initial release of Ubuntu Cloud Image keyring, for:
  - cloud-images.ubuntu.com
  This is an SRU port of version in saucy (LP: #1218963).

Author: Felix Geyer
Revision Date: 2013-09-16 19:52:52 UTC

No-change backport to quantal (LP: #1225115)

Author: Chris Coulson
Revision Date: 2013-09-13 16:02:15 UTC

* New upstream release v1.5.2 for Thunderbird 24

* Build enigmail using a stripped down Thunderbird 17 build system, as it's
  now quite difficult to build the way we were doing previously, with the
  latest Firefox build system
* Add debian/patches/no_libxpcom.patch - Don't link against libxpcom, as it
  doesn't exist anymore (but exists in the build system)
* Add debian/patches/use_sdk.patch - Use the SDK version of xpt.py and
  friends
* Drop debian/patches/ipc-pipe_rename.diff (not needed anymore)
* Drop debian/patches/makefile_depth.diff (not needed anymore)

Author: Chris Coulson
Revision Date: 2013-09-13 16:02:15 UTC

* New upstream release v1.5.2 for Thunderbird 24

* Build enigmail using a stripped down Thunderbird 17 build system, as it's
  now quite difficult to build the way we were doing previously, with the
  latest Firefox build system
* Add debian/patches/no_libxpcom.patch - Don't link against libxpcom, as it
  doesn't exist anymore (but exists in the build system)
* Add debian/patches/use_sdk.patch - Use the SDK version of xpt.py and
  friends
* Drop debian/patches/ipc-pipe_rename.diff (not needed anymore)
* Drop debian/patches/makefile_depth.diff (not needed anymore)

Author: Paolo Pisati
Revision Date: 2013-09-13 10:03:29 UTC

* Release Tracking Bug
  - LP: #1224116

[ Paolo Pisati ]

* rebased on Ubuntu-3.5.0-41.64

[ Ubuntu: 3.5.0-41.64 ]

* Release Tracking Bug
  - LP: #1223451
* kernel-doc: bugfix - multi-line macros
  - LP: #1223920
* Revert "zram: use zram->lock to protect zram_free_page() in swap free
  notify path"
  - LP: #1215513
* x86 thermal: Delete power-limit-notification console messages
  - LP: #1215748
* x86 thermal: Disable power limit notification interrupt by default
  - LP: #1215748
* ARM: 7810/1: perf: Fix array out of bounds access in
  armpmu_map_hw_event()
  - LP: #1216442
  - CVE-2013-4254
* ARM: 7809/1: perf: fix event validation for software group leaders
  - LP: #1216442
  - CVE-2013-4254
* veth: reduce stat overhead
  - LP: #1201869
* veth: extend device features
  - LP: #1201869
* veth: avoid a NULL deref in veth_stats_one
  - LP: #1201869
* veth: fix a NULL deref in netif_carrier_off
  - LP: #1201869
* veth: fix NULL dereference in veth_dellink()
  - LP: #1201869
* Bluetooth: Add support for Atheros [0cf3:3121]
  - LP: #1202477
* efivars: explicitly calculate length of VariableName
  - LP: #1217745
* xfs: fix _xfs_buf_find oops on blocks beyond the filesystem end
  - LP: #1151527
  - CVE-2013-1819
* drm/i915/lvds: ditch ->prepare special case
  - LP: #1221791
* serial: mxs: fix buffer overflow
  - LP: #1221791
* fs/proc/task_mmu.c: fix buffer overflow in add_page_map()
  - LP: #1221791
* af_key: initialize satype in key_notify_policy_flush()
  - LP: #1221791
* vm: add no-mmu vm_iomap_memory() stub
  - LP: #1221791
* iwl4965: set power mode early
  - LP: #1221791
* iwl4965: reset firmware after rfkill off
  - LP: #1221791
* ASoC: cs42l52: Reorder Min/Max and update to SX_TLV for Beep Volume
  - LP: #1221791
* can: pcan_usb: fix wrong memcpy() bytes length
  - LP: #1221791
* ALSA: 6fire: make buffers DMA-able (pcm)
  - LP: #1221791
* ALSA: 6fire: make buffers DMA-able (midi)
  - LP: #1221791
* jbd2: Fix use after free after error in jbd2_journal_dirty_metadata()
  - LP: #1221791
* USB-Serial: Fix error handling of usb_wwan
  - LP: #1221791
* USB: mos7840: fix big-endian probe
  - LP: #1221791
* USB: adutux: fix big-endian device-type reporting
  - LP: #1221791
* USB: ti_usb_3410_5052: fix big-endian firmware handling
  - LP: #1221791
* m68k/atari: ARAnyM - Fix NatFeat module support
  - LP: #1221791
* m68k: Truncate base in do_div()
  - LP: #1221791
* usb: add two quirky touchscreen
  - LP: #1221791
* USB: mos7720: fix broken control requests
  - LP: #1221791
* USB: keyspan: fix null-deref at disconnect and release
  - LP: #1221791
* MIPS: Expose missing pci_io{map,unmap} declarations
  - LP: #1221791
* microblaze: Update microblaze defconfigs
  - LP: #1221791
* sound: Fix make allmodconfig on MIPS
  - LP: #1221791
* sound: Fix make allmodconfig on MIPS correctly
  - LP: #1221791
* alpha: makefile: don't enforce small data model for kernel builds
  - LP: #1221791
* MIPS: Rewrite pfn_valid to work in modules, too.
  - LP: #1221791
* xtensa: fix linker script transformation for .text.unlikely
  - LP: #1221791
* wusbcore: fix kernel panic when disconnecting a wireless USB->serial
  device
  - LP: #1221791
* iwlwifi: dvm: fix calling ieee80211_chswitch_done() with NULL
  - LP: #1221791
* iwlwifi: pcie: disable L1 Active after pci_enable_device
  - LP: #1221791
* zd1201: do not use stack as URB transfer_buffer
  - LP: #1221791
* Hostap: copying wrong data prism2_ioctl_giwaplist()
  - LP: #1221791
* ARM: at91/DT: fix at91sam9n12ek memory node
  - LP: #1221791
* drm/i915: Invalidate TLBs for the rings after a reset
  - LP: #1221791
* libata: apply behavioral quirks to sil3826 PMP
  - LP: #1221791
* ARM: davinci: nand: specify ecc strength
  - LP: #1221791
* ARM: 7816/1: CONFIG_KUSER_HELPERS: fix help text
  - LP: #1221791
* sata_fsl: save irqs while coalescing
  - LP: #1221791
* xen/events: initialize local per-cpu mask for all possible events
  - LP: #1221791
* of: fdt: fix memory initialization for expanded DT
  - LP: #1221791
* zfcp: fix lock imbalance by reworking request queue locking
  - LP: #1221791
* zfcp: fix schedule-inside-lock in scsi_device list loops
  - LP: #1221791
* nilfs2: remove double bio_put() in nilfs_end_bio_write() for
  BIO_EOPNOTSUPP error
  - LP: #1221791
* nilfs2: fix issue with counting number of bio requests for
  BIO_EOPNOTSUPP error detection
  - LP: #1221791
* workqueue: fix possible stall on try_to_grab_pending() of a delayed
  work item
  - LP: #1221791
* x86/xen: do not identity map UNUSABLE regions in the machine E820
  - LP: #1221791
* jfs: fix readdir cookie incompatibility with NFSv4
  - LP: #1221791
* powerpc: Don't Oops when accessing /proc/powerpc/lparcfg without
  hypervisor
  - LP: #1221791
* powerpc: Work around gcc miscompilation of __pa() on 64-bit
  - LP: #1221791
* powerpc/hvsi: Increase handshake timeout from 200ms to 400ms.
  - LP: #1221791
* drivers/base/memory.c: fix show_mem_removable() to handle missing
  sections
  - LP: #1221791
* x86 get_unmapped_area: Access mmap_legacy_base through mm_struct member
  - LP: #1221791
* Linux 3.5.7.21
  - LP: #1221791
* mfd: rtsx: Read vendor setting from config space
  - LP: #1201698
* cifs: don't instantiate new dentries in readdir for inodes that need to
  be revalidated immediately
  - LP: #1222442
* SAUCE: Bluetooth: use hci_send_cmd instead of usb_control_msg
  - LP: #1065400

Author: Paolo Pisati
Revision Date: 2013-09-13 10:03:29 UTC

* Release Tracking Bug
  - LP: #1224116

[ Paolo Pisati ]

* rebased on Ubuntu-3.5.0-41.64

[ Ubuntu: 3.5.0-41.64 ]

* Release Tracking Bug
  - LP: #1223451
* kernel-doc: bugfix - multi-line macros
  - LP: #1223920
* Revert "zram: use zram->lock to protect zram_free_page() in swap free
  notify path"
  - LP: #1215513
* x86 thermal: Delete power-limit-notification console messages
  - LP: #1215748
* x86 thermal: Disable power limit notification interrupt by default
  - LP: #1215748
* ARM: 7810/1: perf: Fix array out of bounds access in
  armpmu_map_hw_event()
  - LP: #1216442
  - CVE-2013-4254
* ARM: 7809/1: perf: fix event validation for software group leaders
  - LP: #1216442
  - CVE-2013-4254
* veth: reduce stat overhead
  - LP: #1201869
* veth: extend device features
  - LP: #1201869
* veth: avoid a NULL deref in veth_stats_one
  - LP: #1201869
* veth: fix a NULL deref in netif_carrier_off
  - LP: #1201869
* veth: fix NULL dereference in veth_dellink()
  - LP: #1201869
* Bluetooth: Add support for Atheros [0cf3:3121]
  - LP: #1202477
* efivars: explicitly calculate length of VariableName
  - LP: #1217745
* xfs: fix _xfs_buf_find oops on blocks beyond the filesystem end
  - LP: #1151527
  - CVE-2013-1819
* drm/i915/lvds: ditch ->prepare special case
  - LP: #1221791
* serial: mxs: fix buffer overflow
  - LP: #1221791
* fs/proc/task_mmu.c: fix buffer overflow in add_page_map()
  - LP: #1221791
* af_key: initialize satype in key_notify_policy_flush()
  - LP: #1221791
* vm: add no-mmu vm_iomap_memory() stub
  - LP: #1221791
* iwl4965: set power mode early
  - LP: #1221791
* iwl4965: reset firmware after rfkill off
  - LP: #1221791
* ASoC: cs42l52: Reorder Min/Max and update to SX_TLV for Beep Volume
  - LP: #1221791
* can: pcan_usb: fix wrong memcpy() bytes length
  - LP: #1221791
* ALSA: 6fire: make buffers DMA-able (pcm)
  - LP: #1221791
* ALSA: 6fire: make buffers DMA-able (midi)
  - LP: #1221791
* jbd2: Fix use after free after error in jbd2_journal_dirty_metadata()
  - LP: #1221791
* USB-Serial: Fix error handling of usb_wwan
  - LP: #1221791
* USB: mos7840: fix big-endian probe
  - LP: #1221791
* USB: adutux: fix big-endian device-type reporting
  - LP: #1221791
* USB: ti_usb_3410_5052: fix big-endian firmware handling
  - LP: #1221791
* m68k/atari: ARAnyM - Fix NatFeat module support
  - LP: #1221791
* m68k: Truncate base in do_div()
  - LP: #1221791
* usb: add two quirky touchscreen
  - LP: #1221791
* USB: mos7720: fix broken control requests
  - LP: #1221791
* USB: keyspan: fix null-deref at disconnect and release
  - LP: #1221791
* MIPS: Expose missing pci_io{map,unmap} declarations
  - LP: #1221791
* microblaze: Update microblaze defconfigs
  - LP: #1221791
* sound: Fix make allmodconfig on MIPS
  - LP: #1221791
* sound: Fix make allmodconfig on MIPS correctly
  - LP: #1221791
* alpha: makefile: don't enforce small data model for kernel builds
  - LP: #1221791
* MIPS: Rewrite pfn_valid to work in modules, too.
  - LP: #1221791
* xtensa: fix linker script transformation for .text.unlikely
  - LP: #1221791
* wusbcore: fix kernel panic when disconnecting a wireless USB->serial
  device
  - LP: #1221791
* iwlwifi: dvm: fix calling ieee80211_chswitch_done() with NULL
  - LP: #1221791
* iwlwifi: pcie: disable L1 Active after pci_enable_device
  - LP: #1221791
* zd1201: do not use stack as URB transfer_buffer
  - LP: #1221791
* Hostap: copying wrong data prism2_ioctl_giwaplist()
  - LP: #1221791
* ARM: at91/DT: fix at91sam9n12ek memory node
  - LP: #1221791
* drm/i915: Invalidate TLBs for the rings after a reset
  - LP: #1221791
* libata: apply behavioral quirks to sil3826 PMP
  - LP: #1221791
* ARM: davinci: nand: specify ecc strength
  - LP: #1221791
* ARM: 7816/1: CONFIG_KUSER_HELPERS: fix help text
  - LP: #1221791
* sata_fsl: save irqs while coalescing
  - LP: #1221791
* xen/events: initialize local per-cpu mask for all possible events
  - LP: #1221791
* of: fdt: fix memory initialization for expanded DT
  - LP: #1221791
* zfcp: fix lock imbalance by reworking request queue locking
  - LP: #1221791
* zfcp: fix schedule-inside-lock in scsi_device list loops
  - LP: #1221791
* nilfs2: remove double bio_put() in nilfs_end_bio_write() for
  BIO_EOPNOTSUPP error
  - LP: #1221791
* nilfs2: fix issue with counting number of bio requests for
  BIO_EOPNOTSUPP error detection
  - LP: #1221791
* workqueue: fix possible stall on try_to_grab_pending() of a delayed
  work item
  - LP: #1221791
* x86/xen: do not identity map UNUSABLE regions in the machine E820
  - LP: #1221791
* jfs: fix readdir cookie incompatibility with NFSv4
  - LP: #1221791
* powerpc: Don't Oops when accessing /proc/powerpc/lparcfg without
  hypervisor
  - LP: #1221791
* powerpc: Work around gcc miscompilation of __pa() on 64-bit
  - LP: #1221791
* powerpc/hvsi: Increase handshake timeout from 200ms to 400ms.
  - LP: #1221791
* drivers/base/memory.c: fix show_mem_removable() to handle missing
  sections
  - LP: #1221791
* x86 get_unmapped_area: Access mmap_legacy_base through mm_struct member
  - LP: #1221791
* Linux 3.5.7.21
  - LP: #1221791
* mfd: rtsx: Read vendor setting from config space
  - LP: #1201698
* cifs: don't instantiate new dentries in readdir for inodes that need to
  be revalidated immediately
  - LP: #1222442
* SAUCE: Bluetooth: use hci_send_cmd instead of usb_control_msg
  - LP: #1065400

Author: Michael Terry
Revision Date: 2013-04-02 14:43:28 UTC

* debian/patches/dont_double_defer.patch:
  - Cherry pick upstream patch to avoid calling errback twice on the
    same deferred object (LP: #1056545)

Author: Chris J Arges
Revision Date: 2013-08-20 16:50:22 UTC

Backport a fix from upstream mercurial
(http://anonscm.debian.org/hg/collab-maint/ifupdown/rev/a93db3ecb8f0)
for a race condition when updating the state file. LP: #1160490

Author: Scott Moser
Revision Date: 2013-06-13 18:24:29 UTC

[ Ben Howard ]
debian/patches/64_bit_time_overflow.patch:
Fix for large lease times caused by isc_time_nowplusinterval() is not
being safe with 64-bit. (LP: #1189571)

Author: Scott Moser
Revision Date: 2013-08-30 10:53:09 UTC

* Initial release of Ubuntu Cloud Image keyring, for:
  - cloud-images.ubuntu.com
  This is an SRU port of version in saucy (LP: #1218963).

Author: Marc Deslauriers
Revision Date: 2013-09-06 10:01:59 UTC

* SECURITY UPDATE: Incorrect SSL certificate checking with multiple
  requests (LP: #1175272)
  - debian/patches/CVE-2013-2037.patch: close connection on cert mismatch
    in python2/httplib2/__init__.py.
  - CVE-2013-2037

Author: Marc Deslauriers
Revision Date: 2013-09-06 10:01:59 UTC

* SECURITY UPDATE: Incorrect SSL certificate checking with multiple
  requests (LP: #1175272)
  - debian/patches/CVE-2013-2037.patch: close connection on cert mismatch
    in python2/httplib2/__init__.py.
  - CVE-2013-2037

Author: Margarita Manterola
Revision Date: 2013-08-22 07:59:13 UTC

Add debian/patches/044_file_desc to prevent running out of file
descriptors. LP: #1191704.

Author: James Page
Revision Date: 2013-09-03 12:39:52 UTC

* d/patches: Drop patches that are not actually in-use (1.4.3-0ubuntu1)
  - debian-changes-1.4.2+git20120612-6
  - bug-681955-ovs-ctl-Start-the-rest-of-Open-vSwitch.patch
  - bug-684057-ovs-ctl-Add-support-for-newer-module-name.patch
  - debian-changes-1.4.2+git20120612-9
  - lp1044318-Reset-upper-layer-protocol-info.patch
* d/control,d/tests: Add DEP-8 tests from raring packaging.

Author: Dave Chiluk
Revision Date: 2013-08-23 14:58:40 UTC

Reset timecond when clearing session-info variables (LP: #1179781)
This fixes CURLINFO_CONDITION_UNMET incorrectly reporting "1"

Author: Scott Moser
Revision Date: 2012-10-05 11:45:15 UTC

config-drive: copy metadata entry 'hostname' to 'local-hostname' to fix
config modules (set_hostname) will function as expected (LP: #1061964)

Author: Brian Murray
Revision Date: 2013-08-22 13:38:36 UTC

* u-r-u-gtk: Depend on gksu so that distribution upgrades will work
  (LP: #1210649)
* u-r-u-gtk: Depend on gir1.2-webkit-3.0 (LP: #1215526)
* DistUpgradeFetcher.py: Properly pass Gtk.window to error
  (LP: #1199984)

Author: Margarita Manterola
Revision Date: 2013-08-22 07:59:13 UTC

Add debian/patches/044_file_desc to prevent running out of file
descriptors. LP: #1191704.

Author: Michael Terry
Revision Date: 2012-09-13 12:43:50 UTC

* debian/patches/06nodeletebasedir.dpatch:
  - Backport patch to fix possible error during restore due to
    duplicate entries in backup metadata from resumed backups.
    LP: #929067

Author: Scott Moser
Revision Date: 2013-01-31 15:13:30 UTC

debian/patches/lp-1100545-allow-config-drive-from-cdrom.patch:
in config-drive data to be provided from a CD-ROM (LP: #1100545)

Author: Scott Moser
Revision Date: 2013-01-31 15:13:30 UTC

debian/patches/lp-1100545-allow-config-drive-from-cdrom.patch:
in config-drive data to be provided from a CD-ROM (LP: #1100545)

Author: Adam Conrad
Revision Date: 2013-01-27 16:46:30 UTC

* Add patch ubuntu/local-disable-nscd-netgroup-caching.diff to
  disable netgroup caching in the default config (LP: #1068889)
* Backport any/cvs-malloc-deadlock.diff from upstream to prevent
  glibc deadlocking in mallock arena retry paths (LP: #1081734)
* Fix futex issue (BZ #13844), backport from 2.16 (LP: #1091186)
* Drop patch any/local-disable-nscd-host-caching.diff, as this
  bug was apparently resolved upstream a while ago (LP: #613662)
* Add patch any/cvs-ld-self-load.diff to restore ld.so's ability
  to load itself, a behaviour accidentally removed (LP: #1088677)
* Drop dangling libnss_db.so symlink in libc6-dev (LP: #1088773)

Author: Stefan Bader
Revision Date: 2013-06-11 17:50:27 UTC

* Merge from Debian unstable (LP: #1064475). Remaining changes:
  - debian/rules: Always build extensions and package them.
  - debian/rules: Cleanup for extensions.
* Dropped ubuntu changes:
  - SPU extension support.
* debian/control: Add armhf to build architectures.

Author: Brian Murray
Revision Date: 2013-08-22 15:16:33 UTC

initdutils.py: Fully fix issues with Python 3. (LP: #1035136)

Author: Brian Murray
Revision Date: 2013-08-22 13:38:36 UTC

* u-r-u-gtk: Depend on gksu so that distribution upgrades will work
  (LP: #1210649)
* u-r-u-gtk: Depend on gir1.2-webkit-3.0 (LP: #1215526)
* DistUpgradeFetcher.py: Properly pass Gtk.window to error
  (LP: #1199984)

Author: Tim Gardner
Revision Date: 2013-08-20 12:22:43 UTC

New upstream data file: microcode-20130808
-LP: #1212497

Author: Tim Gardner
Revision Date: 2013-08-20 12:22:43 UTC

New upstream data file: microcode-20130808
-LP: #1212497

Author: Colin Watson
Revision Date: 2013-01-18 14:06:47 UTC

Add dosfstools-udeb package, mainly so that we can use mkdosfs in d-i
instead of deprecated and semi-broken libparted code (LP: #1065281).

Author: Colin Watson
Revision Date: 2013-01-23 13:25:11 UTC

Use mkdosfs to create FAT filesystems, since libparted cannot handle
doing that on non-512-sector disks (LP: #1065281).

Author: Colin Watson
Revision Date: 2013-01-23 13:07:11 UTC

Use mkdosfs to create FAT filesystems, since libparted cannot handle
doing that on non-512-sector disks (LP: #1065281).

Author: Adam Stokes
Revision Date: 2013-08-05 11:15:19 UTC

debian/patches/21_ignore_key_usage_violation.patch:
Prints debug message on key usage violation rather than treating
the violation as fatal. (LP: #1207123)

Author: Logan Rosen
Revision Date: 2013-08-04 18:26:22 UTC

debian/pydist-overrides: Add pydist-overrides to override beautifulsoup4
-> python-bs4 (LP: #1153412).

Author: Marc Deslauriers
Revision Date: 2013-08-14 11:56:31 UTC

* SECURITY UPDATE: insecure /tmp usage (LP: #1164263)
  - debian/patches/CVE-2013-2142.patch: fall back to getpwuid_r instead
    of using /tmp in src/userpref.c. Added string_concat() function in
    src/Makefile.am, src/utils.c, src/utils.h.
  - added new symbol to debian/libimobiledevice3.symbols.
  - CVE-2013-2142

Author: Marc Deslauriers
Revision Date: 2013-08-14 11:56:31 UTC

* SECURITY UPDATE: insecure /tmp usage (LP: #1164263)
  - debian/patches/CVE-2013-2142.patch: fall back to getpwuid_r instead
    of using /tmp in src/userpref.c. Added string_concat() function in
    src/Makefile.am, src/utils.c, src/utils.h.
  - added new symbol to debian/libimobiledevice3.symbols.
  - CVE-2013-2142

Author: Benjamin Drung
Revision Date: 2013-07-20 00:37:27 UTC

* debian/patches/03-Make-sure-pgc-is-valid.patch,
  debian/patches/04-Ignore-parts-where-the-pgc-start-byte-is-wrong.patch,
  debian/patches/05-Skip-PGCs-w-a-cell-number-of-0.patch: Validate PGC values
  before accessing them to avoid causing a crash.
* debian/patches/06-pgcn-bounds.patch: Check for out-of-bounds values for
  pgcn. Fixes a crash in dvdnav_describe_title_chapters() with vlc, lsdvd, and
  other video players. This occurs with the "Inside Man" DVD. Thanks to Bryce
  Harrington <bryce@ubuntu.com>. (LP: #1094499)

Author: Stefan Bader
Revision Date: 2013-06-11 17:50:27 UTC

* Merge from Debian unstable (LP: #1064475). Remaining changes:
  - debian/rules: Always build extensions and package them.
  - debian/rules: Cleanup for extensions.
* Dropped ubuntu changes:
  - SPU extension support.
* debian/control: Add armhf to build architectures.

Author: Daniel Holbach
Revision Date: 2013-08-05 11:05:20 UTC

debian/patches/99_add_microsoft_mice.patch: add Microsoft Sculpt/Wedge
mouse (LP: #1094744, LP: #1158462). Thanks, Marcos Barbosa, Anton Anikin
and Anthony Wong for the patch.

Author: Colin Watson
Revision Date: 2013-08-07 11:48:47 UTC

* CVE-2013-4206: Buffer underrun in modmul could corrupt the heap.
* CVE-2013-4852: Negative string length in public-key signatures could
  cause integer overflow and overwrite all of memory (closes: #718779).
* CVE-2013-4207: Non-coprime values in DSA signatures can cause buffer
  overflow in modular inverse.
* CVE-2013-4208: Private keys were left in memory after being used by
  PuTTY tools.
* Backport some general proactive potentially-security-relevant tightening
  from upstream.

Author: Colin Watson
Revision Date: 2013-08-07 11:48:47 UTC

* CVE-2013-4206: Buffer underrun in modmul could corrupt the heap.
* CVE-2013-4852: Negative string length in public-key signatures could
  cause integer overflow and overwrite all of memory (closes: #718779).
* CVE-2013-4207: Non-coprime values in DSA signatures can cause buffer
  overflow in modular inverse.
* CVE-2013-4208: Private keys were left in memory after being used by
  PuTTY tools.
* Backport some general proactive potentially-security-relevant tightening
  from upstream.

Author: Chris Coulson
Revision Date: 2013-08-05 23:22:17 UTC

* New upstream release v2.7
  - Unbreak the plugin installer for Firefox 23

Author: Chris Coulson
Revision Date: 2013-08-05 23:22:17 UTC

* New upstream release v2.7
  - Unbreak the plugin installer for Firefox 23

Author: Benjamin Drung
Revision Date: 2013-07-20 00:37:27 UTC

* debian/patches/03-Make-sure-pgc-is-valid.patch,
  debian/patches/04-Ignore-parts-where-the-pgc-start-byte-is-wrong.patch,
  debian/patches/05-Skip-PGCs-w-a-cell-number-of-0.patch: Validate PGC values
  before accessing them to avoid causing a crash.
* debian/patches/06-pgcn-bounds.patch: Check for out-of-bounds values for
  pgcn. Fixes a crash in dvdnav_describe_title_chapters() with vlc, lsdvd, and
  other video players. This occurs with the "Inside Man" DVD. Thanks to Bryce
  Harrington <bryce@ubuntu.com>. (LP: #1094499)

Author: Manish Sinha (मनीष सिन्हा)
Revision Date: 2013-04-19 14:26:04 UTC

* 07_fix_gtkapplication.patch:
  - Activity Log Manager crashes with GLib-GIO-CRITICAL **:
    g_application_list_actions: assertion
    `application->priv->is_registered' failed.
    (LP: #1058037, #1050620, #1197904)

Author: Andreas Moog
Revision Date: 2013-07-20 12:20:50 UTC

Reorder linker command options to build with --as-needed, it
causes wrong dependencies, making the package uninstallable and
unusable. (LP: #995445)

Author: Dimitri John Ledkov
Revision Date: 2013-03-26 17:43:08 UTC

Remove unused conffile. (LP: #1127867)