Branches for Raring

Author: Marc Deslauriers
Revision Date: 2013-11-09 14:21:58 UTC

* Rebuild against new libav
  - debian/control: bump Build-Depends

Author: Marc Deslauriers
Revision Date: 2013-11-09 10:48:01 UTC

Update to 0.8.9 to fix multiple security issues (LP: #1249621)

Author: Dave Chiluk
Revision Date: 2013-11-08 10:57:55 UTC

* SECURITY UPDATE: Failed SSL handshake causes bip to write to a random
  socket, and never close the connection. (LP: #1247888)
  - debian/patches/sslfailurefdleak.patch: properly close connection in
    src/connection.c.
  - CVE number pending

Author: Dave Chiluk
Revision Date: 2013-11-08 10:57:55 UTC

* SECURITY UPDATE: Failed SSL handshake causes bip to write to a random
  socket, and never close the connection. (LP: #1247888)
  - debian/patches/sslfailurefdleak.patch: properly close connection in
    src/connection.c.
  - CVE number pending

Author: Steve Langasek
Revision Date: 2013-11-08 10:45:25 UTC

Backport to Ubuntu 13.04.

Author: Steve Langasek
Revision Date: 2013-11-08 10:45:25 UTC

Backport to Ubuntu 13.04.

Author: Steve Langasek
Revision Date: 2013-09-24 14:35:28 UTC

Backport to update SecureBoot support. LP: #1229572.

Author: Brian Murray
Revision Date: 2013-11-06 09:40:08 UTC

Fix incorrectly displayed file names with UTF-8 characters.
Add -DNO_WORKING_ISPRINT to build flags. (LP: #1199239, LP: #580961)

Author: Marc Deslauriers
Revision Date: 2013-10-25 11:38:38 UTC

debian/patches/9005_ubuntu_releases.patch: update list of Ubuntu
releases. (LP: #1192290)

Author: Steve Langasek
Revision Date: 2013-11-07 03:06:51 UTC

Attempt to cherry-pick fixes for bug #1199778 to raring; something is still
missing though, the test suite segfaults on one of the json loads.

Author: Seth Arnold
Revision Date: 2013-11-01 17:19:42 UTC

* SECURITY UPDATE: failure to authenticate downloaded content (LP: #1039513)
  - debian/patches/CVE-2013-1058.patch: Authenticate downloaded files with
    GnuPG and MD5SUM files. Thanks to Julian Edwards.
  - CVE-2013-1058
* SECURITY UPDATE: configuration options may be loaded from current working
  directory (LP: #1158425)
  - debian/patches/CVE-2013-1057-1-3.patch: Do not load configuration
    options from the current working directory. Thanks to Julian Edwards.
  - CVE-2013-1057

Author: Marc Deslauriers
Revision Date: 2013-11-06 09:44:27 UTC

* SECURITY UPDATE: denial of service via long password in a SPICE ticket
  - debian/patches/CVE-2013-4282.patch: validate password length in
    server/reds.c.
  - CVE-2013-4282

Author: Marc Deslauriers
Revision Date: 2013-11-06 09:44:27 UTC

* SECURITY UPDATE: denial of service via long password in a SPICE ticket
  - debian/patches/CVE-2013-4282.patch: validate password length in
    server/reds.c.
  - CVE-2013-4282

Author: Dmitry Shachnev
Revision Date: 2013-09-19 18:14:03 UTC

Use GlobalParams module from Poppler and move all settings that
are not available in Poppler to a separate file (LP: #943195).

Author: Seth Arnold
Revision Date: 2013-11-01 17:19:42 UTC

* SECURITY UPDATE: failure to authenticate downloaded content (LP: #1039513)
  - debian/patches/CVE-2013-1058.patch: Authenticate downloaded files with
    GnuPG and MD5SUM files. Thanks to Julian Edwards.
  - CVE-2013-1058
* SECURITY UPDATE: configuration options may be loaded from current working
  directory (LP: #1158425)
  - debian/patches/CVE-2013-1057-1-3.patch: Do not load configuration
    options from the current working directory. Thanks to Julian Edwards.
  - CVE-2013-1057

Author: Marc Deslauriers
Revision Date: 2013-10-25 11:38:38 UTC

debian/patches/9005_ubuntu_releases.patch: update list of Ubuntu
releases. (LP: #1192290)

Author: Marc Deslauriers
Revision Date: 2013-09-13 11:35:06 UTC

* SECURITY UPDATE: possible privilege escalation via policykit UID lookup
  race.
  - debian/patches/CVE-2013-4325.patch: pass system-bus-name as a subject
    instead of pid so policykit can get the information from the system
    bus in base/pkit.py.
  - CVE-2013-4325

Author: Marc Deslauriers
Revision Date: 2013-09-13 11:35:06 UTC

* SECURITY UPDATE: possible privilege escalation via policykit UID lookup
  race.
  - debian/patches/CVE-2013-4325.patch: pass system-bus-name as a subject
    instead of pid so policykit can get the information from the system
    bus in base/pkit.py.
  - CVE-2013-4325

Author: Marc Deslauriers
Revision Date: 2013-09-20 08:48:09 UTC

* SECURITY UPDATE: denial of service via long passwords (LP: #1225784)
  - debian/patches/CVE-2013-1443.patch: enforce a maximum password length
    in django/contrib/auth/forms.py, django/contrib/auth/hashers.py,
    django/contrib/auth/tests/hashers.py.
  - CVE-2013-1443
* SECURITY UPDATE: directory traversal with ssi template tag
  - debian/patches/CVE-2013-4315.patch: properly check absolute path in
    django/template/defaulttags.py,
    tests/regressiontests/templates/tests.py.
  - CVE-2013-4315
* SECURITY UPDATE: possible XSS via is_safe_url
  - debian/patches/security-is_safe_url.patch: properly reject URLs which
    specify a scheme other then HTTP or HTTPS.
  - https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/
  - No CVE number
* debian/patches/fix-validation-tests.patch: fix regression in tests
  since example.com is now available via https.

Author: Marc Deslauriers
Revision Date: 2013-09-20 08:48:09 UTC

* SECURITY UPDATE: denial of service via long passwords (LP: #1225784)
  - debian/patches/CVE-2013-1443.patch: enforce a maximum password length
    in django/contrib/auth/forms.py, django/contrib/auth/hashers.py,
    django/contrib/auth/tests/hashers.py.
  - CVE-2013-1443
* SECURITY UPDATE: directory traversal with ssi template tag
  - debian/patches/CVE-2013-4315.patch: properly check absolute path in
    django/template/defaulttags.py,
    tests/regressiontests/templates/tests.py.
  - CVE-2013-4315
* SECURITY UPDATE: possible XSS via is_safe_url
  - debian/patches/security-is_safe_url.patch: properly reject URLs which
    specify a scheme other then HTTP or HTTPS.
  - https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/
  - No CVE number
* debian/patches/fix-validation-tests.patch: fix regression in tests
  since example.com is now available via https.

Author: Marc Deslauriers
Revision Date: 2013-10-07 15:44:52 UTC

* SECURITY UPDATE: incorrect no-usage-permitted flag handling
  - debian/patches/CVE-2013-4351.patch: correctly handle empty key flags
    in g10/getkey.c, g10/keygen.c, include/cipher.h.
  - CVE-2013-4351
* SECURITY UPDATE: denial of service via infinite recursion
  - debian/patches/CVE-2013-4402.patch: set limits on number of filters
    and nested packets in common/iobuf.c, g10/mainproc.c.
  - CVE-2013-4402

Author: Marc Deslauriers
Revision Date: 2013-10-07 15:44:52 UTC

* SECURITY UPDATE: incorrect no-usage-permitted flag handling
  - debian/patches/CVE-2013-4351.patch: correctly handle empty key flags
    in g10/getkey.c, g10/keygen.c, include/cipher.h.
  - CVE-2013-4351
* SECURITY UPDATE: denial of service via infinite recursion
  - debian/patches/CVE-2013-4402.patch: set limits on number of filters
    and nested packets in common/iobuf.c, g10/mainproc.c.
  - CVE-2013-4402

Author: Didier Roche-Tolomelli
Revision Date: 2012-09-28 06:41:05 UTC

update changelog

Author: Jonathan Riddell
Revision Date: 2013-07-03 13:35:52 UTC

* Raring update from saucy LP: #1079150
* Remove depends on owncloud-doc
* Use bundled pdfjs, timepicker, fontawesome, php-aws-sdk, php-sabre-dav, php-sabre-vobject, php-seclib

Author: Sebastien Bacher
Revision Date: 2013-09-30 19:47:06 UTC

* debian/patches/git_fix_hanging_jobs.patch:
  - "daemon: Emit signal before returning dbus value",
    that should fix the issues where nautilus copies of directories
    over samba hang after a while, thanks Ross Lagerwall (lp: #1075923)

Author: Sebastien Bacher
Revision Date: 2013-09-30 19:47:06 UTC

* debian/patches/git_fix_hanging_jobs.patch:
  - "daemon: Emit signal before returning dbus value",
    that should fix the issues where nautilus copies of directories
    over samba hang after a while, thanks Ross Lagerwall (lp: #1075923)

Author: Dave Chiluk
Revision Date: 2013-10-28 10:42:09 UTC

Avoid SEGV if file2str should read zero bytes. This is a backport of
526bc5df from upstream. When utility buffers were introduced for file2str
read requests, a subtle change was inadvertently introduced such that a
read of zero no longer returns a -1 value. This returns to the behavior to
returning -1 on zero byte reads. (LP: #1242746)

Author: Graham Inggs
Revision Date: 2013-06-09 12:09:04 UTC

Provide a libmotif3 transitional package (LP: #1187507)

Author: Shih-Yuan Lee
Revision Date: 2013-10-11 14:56:01 UTC

* debian/patches/01-detect-bluetooth-keyboard-mouse.patch: Detect Bluetooth
  keyboard and mouse. (LP: #1153488)
* debian/patches/02-allow-valid-UTF-8-encoded-string.patch: Allow valid
  UTF-8 encoded string. (LP: #1237329)
* debian/patches/03-set-locale-in-daemon-and-tool.patch: Set locale in
  daemon and tool. (LP: #1237329)

Author: Adam Gandelman
Revision Date: 2013-10-17 13:51:14 UTC

* Resynchronize with stable/grizzly (6e764cb) (LP: #1241202):
  - [74a2154] ThinLVM create volume from snapshot fails LP: 1210853
  - [25be695] Failure to create tmp file in image_conversion_dir can lead to
    the creation of 3 volumes LP: 1224211
  - [f89afda] Nova and quantum don't close qpid connections after certain
    error conditions LP: 1172922
  - [f91361d] volume cloning is failing with an I/O error happening when the
    backing snapshot is wiped LP: 1191812
  - [c381a49] volume is not deleted in cinder db LP: 1209367
  - [9891bf8] Volume size is not updated when cloning a volume with SolidFire
    LP: 1219105
  - [ddec0fc] when using qpid, metadata arguments cause volume cloning to
    fail LP: 1213964
  - [d13df23] Previous change to allow SolidFire to clone different size,
    breaks create-snapshot LP: 1234970
  - [eac6ecd] Cinder-Volume Fails to Boot on Restart LP: 1212206
  - [174a985] upload-to-image fails with the NetApp NFS backend LP: 1221205
  - [a3d3fa1] "mount.nfs is not installed" is in error LP: 1212286
  - [8002421] Allow display_name for v2 snapshot-update LP: 1226398
  - [9e85d49] Cinder API v2: List Snapshots Details can not use search
    options like "offset" and "limit" as admin user LP: 1205956
  - [22c53d6] NetApp: iSCSI drivers' reserved percentage is 100 LP: 1182015
  - [84b4ad8] Incorrect tunnelling to NetApp servers in concurrent requests
    LP: 1176759
  - [ba03c32] solidfire driver crashes during ensure export if solidfire not
    available LP: 1215064
  - [6e764cb] NetApp driver should disallow very old controller OS versions
    LP: 1223474
* debian/patches/fix-secure-delete-for-lvm.patch: Dropped.

Author: Rohan Garg
Revision Date: 2013-08-08 09:24:52 UTC

No-change backport to raring (LP: #1208837)

Author: Rohan Garg
Revision Date: 2013-08-08 09:26:40 UTC

No-change backport to raring (LP: #1208837)

Author: Rohan Garg
Revision Date: 2013-08-08 09:24:27 UTC

No-change backport to raring (LP: #1208837)

Author: Rohan Garg
Revision Date: 2013-08-08 09:27:02 UTC

No-change backport to raring (LP: #1208837)

Author: Adam Gandelman
Revision Date: 2013-10-17 13:54:08 UTC

* Resynchronize with stable/grizzly (0409a09) (LP: #1241202):
  - [2ab1b6a] sql error when launching an instance from a volume LP: 1171190
  - [b5fa9f0] nova should check the is_public of flavor when creating an
    instance LP: 1212179
  - [f651317] nova boot --num-instances=50 times out LP: 1199433
  - [ee9d1f6] Not prompt relevant message when stop a stoped vm LP: 1181934
  - [fc4d1f9] vmware driver should work without requiring patched wsdl
    LP: 1171215
  - [65b122f] launch index is not right if boot some VMs in one request
    LP: 1212648
  - [90fa239] VMware: Unable to spawn a instance when using Quantum and
    VMware drivers LP: 1202042
  - [474b8a4] Spawning multiple instances can cause race conditions with nbd
    LP: 1207422
  - [c704897] Some sequence of characters in console-log can DoS nova-
    compute LP: 1215091
  - [43f2a4c] libvirt driver: Failed to attach new interface to VM
    LP: 1212565
  - [067fb93] Multi datastore support for provisioning of instances on ESX
    LP: 1104994
  - [fc9af8f] Compute nodes changing hostnames should log an error
    LP: 1224982
  - [cc1b72a] Security groups with source groups no longer work LP: 1216720
  - [faabb91] instance consoleauth expired tokens need to be removed from
    the cache LP: 1209134
  - [5c55985] VHD snapshot from Hyper-V driver is bigger than original
    instance LP: 1177927
  - [d9ce5a4] normal user can show all the networks LP: 1186867
  - [6697489] hard reboot fails when using force_raw_images=False and
    use_cow_images=False and LP: 1200249
  - [a59957c] Snapshot failure with VMwareVCDriver LP: 1184807
  - [542191d] VMWAREAPI: Problem with starting Windows instances on ESXi 5.1
    LP: 1187853
  - [62f2218] Exceptions during soft reboot should result in a hard reboot
    LP: 1202974
  - [f306875] Incorrect host stats reported by VMWare VCDriver LP: 1190515
  - [8e6b79f] Windows instances need timezone to be localtime LP: 1231254
  - [570e8c7] boto version breaks gating LP: 1237944
  - [6193176] hard reboot fails with preallocate_images=performance
    LP: 1200113
  - [a48f9df] mount_options: mount: /boot: No such file or directory
    LP: 1210371
  - [516ec3e] one port_id can add to two instance LP: 1204850
  - [f89e624] VMware: no VM connectivity when opaque network does not match
    bridge id LP: 1225002
  - [ba7ad53] Add boto special casing for param changes in 2.13
  - [7b2b673] Cannot live block migrate an instance without shared storage
    LP: 1193359
  - [0409a09] boto version checking in test cases is not backwards compatible
    LP: 1239220

Author: Adam Gandelman
Revision Date: 2013-10-17 13:52:59 UTC

* Resynchronize with stable/grizzly (9666fc0) (LP: #1241202):
  - [6792499] periodic-keystone-python27-stable-grizzly fails due to"No
    module named netaddr" LP: 1212939
  - [775d7a7] Fix and test token revocation list API
  - [0876ea2] N+1 lookups in groups SQL LP: 1218675
  - [afbc75b] Disabling a tenant would not disable a user token LP: 1179955
  - [9666fc0] User operations with LDAP Identity and
    enabled_mask/user_enabled_default fail LP: 1210175

Author: Rohan Garg
Revision Date: 2013-08-08 09:27:48 UTC

No-change backport to raring (LP: #1208837)

Author: Adam Gandelman
Revision Date: 2013-10-17 13:52:08 UTC

* Resynchronize with stable/grizzly (b72b2cb) (LP: #1241202):
  - [a5522f0] Wrong config type for rabbit_retry_backoff LP: 1201697
  - [83d1efb] Provide graceful fallback from qpid notification errors
    LP: 1164681
  - [9a557c8] glance qpid notifier can hang under heavy load LP: 1229042
  - [cd3d311] 'image_download' role in v2 causes traceback LP: 1235378
  - [b72b2cb] Glance image-create stuck in saving state using rbd as a
    backend and --copy-from option LP: 1146830

Author: Rohan Garg
Revision Date: 2013-08-08 09:28:16 UTC

No-change backport to raring (LP: #1208837)

Author: Rohan Garg
Revision Date: 2013-08-08 09:26:13 UTC

No-change backport to raring (LP: #1208837)

Author: Rohan Garg
Revision Date: 2013-08-08 09:23:33 UTC

No-change backport to raring

Author: Rohan Garg
Revision Date: 2013-08-08 09:27:22 UTC

No-change backport to raring (LP: #1208837)

Author: Rohan Garg
Revision Date: 2013-08-08 09:25:44 UTC

No-change backport to raring (LP: #1208837)

Author: Rohan Garg
Revision Date: 2013-08-08 09:25:14 UTC

No-change backport to raring (LP: #1208837)

Author: Dave Chiluk
Revision Date: 2013-10-28 10:42:09 UTC

Avoid SEGV if file2str should read zero bytes. This is a backport of
526bc5df from upstream. When utility buffers were introduced for file2str
read requests, a subtle change was inadvertently introduced such that a
read of zero no longer returns a -1 value. This returns to the behavior to
returning -1 on zero byte reads. (LP: #1242746)

Author: Louis Bouchard
Revision Date: 2013-10-25 10:50:54 UTC

* debian/patches/02fixignoremissing.dpatch
  - Fix a utility function that tried to ignore missing files, but
    didn't. Also fixed not try to handle non-OSError exceptions
    Fixes a possible crasher. (LP: #1216921)
    Patch by Matthias Witte.

Author: Seth Arnold
Revision Date: 2013-10-24 18:46:02 UTC

* SECURITY UPDATE: buffer overrun via the rotor tag in an aircraft XML model
  (LP: #1243969)
  - debian/patches/CVE-2012-2091.patch: use snprintf(), and read in only
    256 bytes at most.
  - CVE 2012-2091
  - Prepared by Saikrishna Arcot <saiarcot895@gmail.com>
* Add pthread to SIMGEAR_CORE_LIBRARY_DEPENDENCIES to fix FTBFS.
  - Prepared by Adam Conrad <adconrad@ubuntu.com>

Author: Saikrishna Arcot
Revision Date: 2013-10-22 13:14:53 UTC

* SECURITY UPDATE: buffer overrun through UDP input (LP: #1243969)
  - debian/patches/CVE-2012-2091.patch: ensure that the length of what is
    being read in is less than the maximum, and ensure that the length of
    the message or the maximum length is read in.
  - CVE 2012-2091

Author: Seth Arnold
Revision Date: 2013-10-24 18:46:02 UTC

* SECURITY UPDATE: buffer overrun via the rotor tag in an aircraft XML model
  (LP: #1243969)
  - debian/patches/CVE-2012-2091.patch: use snprintf(), and read in only
    256 bytes at most.
  - CVE 2012-2091
  - Prepared by Saikrishna Arcot <saiarcot895@gmail.com>
* Add pthread to SIMGEAR_CORE_LIBRARY_DEPENDENCIES to fix FTBFS.
  - Prepared by Adam Conrad <adconrad@ubuntu.com>

Author: Saikrishna Arcot
Revision Date: 2013-10-22 13:14:53 UTC

* SECURITY UPDATE: buffer overrun through UDP input (LP: #1243969)
  - debian/patches/CVE-2012-2091.patch: ensure that the length of what is
    being read in is less than the maximum, and ensure that the length of
    the message or the maximum length is read in.
  - CVE 2012-2091

Author: Felix Geyer
Revision Date: 2013-10-13 13:23:27 UTC

* SECURITY UPDATE: Disable SSLv2 and weak ciphers in the TLS driver.
  (LP: #1239307)
  - debian/patches/disable-ssl2.patch, patch from Debian
  - debian/patches/disable-insecure-ssl-cyphers.patch, patch from Debian
  - CVE-2013-6169

Author: Felix Geyer
Revision Date: 2013-10-11 19:18:31 UTC

* SECURITY UPDATE: heap buffer overwrite. (LP: #1238242)
  - Add debian/patches/20_CVE-2013-4365.dpatch, patch from upstream.
  - CVE-2013-4365

Author: Felix Geyer
Revision Date: 2013-10-13 13:23:27 UTC

* SECURITY UPDATE: Disable SSLv2 and weak ciphers in the TLS driver.
  (LP: #1239307)
  - debian/patches/disable-ssl2.patch, patch from Debian
  - debian/patches/disable-insecure-ssl-cyphers.patch, patch from Debian
  - CVE-2013-6169

Author: Felix Geyer
Revision Date: 2013-10-11 19:18:31 UTC

* SECURITY UPDATE: heap buffer overwrite. (LP: #1238242)
  - Add debian/patches/20_CVE-2013-4365.dpatch, patch from upstream.
  - CVE-2013-4365

Author: Julian Taylor
Revision Date: 2013-10-02 19:11:49 UTC

* debian/patches/00_git_fix_geometry_on_focusout.patch:
   - backport an upstream patch to not resize the geometry when having tabs
     on focus out (LP: #1040885)

Author: Marc Deslauriers
Revision Date: 2013-07-04 08:35:44 UTC

* SECURITY UPDATE: insecure temporary directory usage
  - debian/patches/02-fix-unsecure-cache-path.patch: use mkdtemp() in
    suds/cache.py. Patch obtained from Debian's 0.4.1-8.
  - CVE-2013-2217

Author: Marc Deslauriers
Revision Date: 2013-10-22 14:59:35 UTC

* SECURITY UPDATE: Update to 5.5.34 to fix security issues (LP: #1243253)
  - http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
  - CVE-2013-3839
  - CVE-2013-5807

Author: Jamie Strandboge
Revision Date: 2013-10-18 15:04:57 UTC

* SECURITY UPDATE: enforce flavor access during instance boot
  - debian/patches/CVE-2013-4278.patch: the last update introduced a
    security flaw when fixing CVE-2013-2256 in that the context was not
    passed when retrieving flavor details, thus bypassing all flavor
    access control checks (LP: #1212179)
  - CVE-2013-4278

Author: Jamie Strandboge
Revision Date: 2013-10-22 16:09:03 UTC

* SECURITY UPDATE: Fix handling of DELETE obj reqs with old timestamp
  - debian/patches/CVE-2013-4155.patch: don't create tombstone files when
    a file with a newer timestamp exists
  - CVE-2013-4155
  - LP: #1196932

Author: Jamie Strandboge
Revision Date: 2013-10-22 13:38:56 UTC

* SECURITY UPDATE: enforce 'download_image' policy in cache middleware
  - debian/patches/CVE-2013-4428.patch: fix confusing behavior when using
    download_image. Ie, return 403 rather than empty content (LP: #1235378)
  - CVE-2013-4428

Author: Jamie Strandboge
Revision Date: 2013-10-22 10:06:36 UTC

* SECURITY UPDATE: revoke user tokens when disabling/delete a project
  - debian/patches/CVE-2013-4222.patch: add _delete_tokens_for_project() to
    common/controller.py and use it in identity/controllers.py
    (LP: #1179955)
  - CVE-2013-4222
* SECURITY UPDATE: fix and test token revocation list API
  - debian/patches/CVE-2013-4294.patch: fix token matching for memcache
    backend token revocation (LP: #1202952)
  - CVE-2013-4294

Author: Jamie Strandboge
Revision Date: 2013-10-22 09:47:10 UTC

* SECURITY UPDATE: No change rebuild for raring-security to fix the
  following:
  - [c6f2f78] Cinder LVM volume driver does not support secure deletion
    (CVE-2013-4183) LP: #1198185
  - [2023eec] [OSSA 2013-023] Potential unsafe XML usage (CVE-2013-4179,
    CVE-2013-4202) LP: #1190229

Author: Jamie Strandboge
Revision Date: 2013-10-18 13:48:44 UTC

* SECURITY UPDATE: fix incorrect comparison affecting SSL verification
  - debian/patches/CVE-2013-4111.patch: adjust verify_callback() to
    correctly perform verification. Patch thanks to Debian. (LP: #1192229)
  - CVE-2013-4111

Author: Adam Gandelman
Revision Date: 2013-10-17 13:53:32 UTC

* Resynchronize with stable/grizzly (c57c0fa) (LP: #1241202):
  - [043837e] _retrieve_extra_groups in Nicira plugin incompatible with
    oslo.config >= 1.2.0 LP: 1200609
  - [a150dc6] dhcp-agent network namespace does not have a default route,
    can't use upstream dns LP: 1181378
  - [be16384] Cisco plugin (grizzly) device connection errors LP: 1212834
  - [045c0b0] Cisco plugin (grizzly) does not pass proper args LP: 1213147
  - [5bb6b60] metadata network handling causes stacktrace in nvp plugin
    LP: 1216110
  - [85c92b0] Nicira plugin: get_port reports wrong port status for extended
    switches LP: 1188652
  - [4601b14] Hyper-V agent does not report the correct exception when the
    network type is set to GRE LP: 1224583
  - [8180381] Multiple Neutron operations using a script fails on Brocade
    Plugin LP: 1223754
  - [06f7e75] Neutron network delete fails with brocade plugin LP: 1223747
  - [1ca02f6] nec-agent: port_added message can be dropped when RPC timeout
    occurs LP: 1235111
  - [c57c0fa] make nvp plugin future version friendly LP: 1217479

Author: Scott Moser
Revision Date: 2013-10-22 18:26:43 UTC

releasing package walinuxagent version 1.3.2-0ubuntu2~13.04.1

Author: Scott Moser
Revision Date: 2013-10-22 17:53:23 UTC

releasing package cloud-init version 0.7.2-0ubuntu0.13.04.2

Author: Jamie Strandboge
Revision Date: 2013-10-22 16:09:03 UTC

* SECURITY UPDATE: Fix handling of DELETE obj reqs with old timestamp
  - debian/patches/CVE-2013-4155.patch: don't create tombstone files when
    a file with a newer timestamp exists
  - CVE-2013-4155
  - LP: #1196932

Author: Marc Deslauriers
Revision Date: 2013-10-22 14:59:35 UTC

* SECURITY UPDATE: Update to 5.5.34 to fix security issues (LP: #1243253)
  - http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
  - CVE-2013-3839
  - CVE-2013-5807

Author: Stefano Rivera
Revision Date: 2013-10-18 17:37:59 UTC

* Update data from distro-info-data 0.17
  - Add Ubuntu 14.04, Trusty Tahr LP: (Closes: #726696, LP: #1241673)

Author: Harald Sitter
Revision Date: 2013-10-19 22:45:14 UTC

Add upstream_releasechecker-needs-python3-now.patch to fix on-demand
release checking (LP: #1242163)

Author: Scott Moser
Revision Date: 2013-10-22 01:00:59 UTC

releasing version 0.7.2-0ubuntu0.13.04.2

Author: Chris J Arges
Revision Date: 2013-10-15 14:50:33 UTC

Fix ip netns delete failures. (LP: #1238981)

Author: Shih-Yuan Lee
Revision Date: 2013-10-11 14:56:01 UTC

* debian/patches/01-detect-bluetooth-keyboard-mouse.patch: Detect Bluetooth
  keyboard and mouse. (LP: #1153488)
* debian/patches/02-allow-valid-UTF-8-encoded-string.patch: Allow valid
  UTF-8 encoded string. (LP: #1237329)
* debian/patches/03-set-locale-in-daemon-and-tool.patch: Set locale in
  daemon and tool. (LP: #1237329)

Author: Adam Stokes
Revision Date: 2013-09-27 11:47:47 UTC

* debian/patches/05_fix_address_comparison.patch:
  - Two different IPv4 addresses were returned to be
    equal while this was not the case. (LP: #1211876)

Author: Adam Gandelman
Revision Date: 2013-10-17 13:54:08 UTC

* Resynchronize with stable/grizzly (0409a09) (LP: #1241202):
  - [2ab1b6a] sql error when launching an instance from a volume LP: 1171190
  - [b5fa9f0] nova should check the is_public of flavor when creating an
    instance LP: 1212179
  - [f651317] nova boot --num-instances=50 times out LP: 1199433
  - [ee9d1f6] Not prompt relevant message when stop a stoped vm LP: 1181934
  - [fc4d1f9] vmware driver should work without requiring patched wsdl
    LP: 1171215
  - [65b122f] launch index is not right if boot some VMs in one request
    LP: 1212648
  - [90fa239] VMware: Unable to spawn a instance when using Quantum and
    VMware drivers LP: 1202042
  - [474b8a4] Spawning multiple instances can cause race conditions with nbd
    LP: 1207422
  - [c704897] Some sequence of characters in console-log can DoS nova-
    compute LP: 1215091
  - [43f2a4c] libvirt driver: Failed to attach new interface to VM
    LP: 1212565
  - [067fb93] Multi datastore support for provisioning of instances on ESX
    LP: 1104994
  - [fc9af8f] Compute nodes changing hostnames should log an error
    LP: 1224982
  - [cc1b72a] Security groups with source groups no longer work LP: 1216720
  - [faabb91] instance consoleauth expired tokens need to be removed from
    the cache LP: 1209134
  - [5c55985] VHD snapshot from Hyper-V driver is bigger than original
    instance LP: 1177927
  - [d9ce5a4] normal user can show all the networks LP: 1186867
  - [6697489] hard reboot fails when using force_raw_images=False and
    use_cow_images=False and LP: 1200249
  - [a59957c] Snapshot failure with VMwareVCDriver LP: 1184807
  - [542191d] VMWAREAPI: Problem with starting Windows instances on ESXi 5.1
    LP: 1187853
  - [62f2218] Exceptions during soft reboot should result in a hard reboot
    LP: 1202974
  - [f306875] Incorrect host stats reported by VMWare VCDriver LP: 1190515
  - [8e6b79f] Windows instances need timezone to be localtime LP: 1231254
  - [570e8c7] boto version breaks gating LP: 1237944
  - [6193176] hard reboot fails with preallocate_images=performance
    LP: 1200113
  - [a48f9df] mount_options: mount: /boot: No such file or directory
    LP: 1210371
  - [516ec3e] one port_id can add to two instance LP: 1204850
  - [f89e624] VMware: no VM connectivity when opaque network does not match
    bridge id LP: 1225002
  - [ba7ad53] Add boto special casing for param changes in 2.13
  - [7b2b673] Cannot live block migrate an instance without shared storage
    LP: 1193359
  - [0409a09] boto version checking in test cases is not backwards compatible
    LP: 1239220

Author: Adam Gandelman
Revision Date: 2013-10-17 13:52:34 UTC

* Resynchronize with stable/grizzly (3f81d70) (LP: #1241202):
  - [3f81d70] Floating IPs from other tenants are listed when with admin
    tenant LP: 1226224

Author: Adam Gandelman
Revision Date: 2013-10-17 13:52:08 UTC

* Resynchronize with stable/grizzly (b72b2cb) (LP: #1241202):
  - [a5522f0] Wrong config type for rabbit_retry_backoff LP: 1201697
  - [83d1efb] Provide graceful fallback from qpid notification errors
    LP: 1164681
  - [9a557c8] glance qpid notifier can hang under heavy load LP: 1229042
  - [cd3d311] 'image_download' role in v2 causes traceback LP: 1235378
  - [b72b2cb] Glance image-create stuck in saving state using rbd as a
    backend and --copy-from option LP: 1146830

Author: Adam Gandelman
Revision Date: 2013-10-17 13:52:59 UTC

* Resynchronize with stable/grizzly (9666fc0) (LP: #1241202):
  - [6792499] periodic-keystone-python27-stable-grizzly fails due to"No
    module named netaddr" LP: 1212939
  - [775d7a7] Fix and test token revocation list API
  - [0876ea2] N+1 lookups in groups SQL LP: 1218675
  - [afbc75b] Disabling a tenant would not disable a user token LP: 1179955
  - [9666fc0] User operations with LDAP Identity and
    enabled_mask/user_enabled_default fail LP: 1210175

Author: Adam Gandelman
Revision Date: 2013-10-17 13:51:14 UTC

* Resynchronize with stable/grizzly (6e764cb) (LP: #1241202):
  - [74a2154] ThinLVM create volume from snapshot fails LP: 1210853
  - [25be695] Failure to create tmp file in image_conversion_dir can lead to
    the creation of 3 volumes LP: 1224211
  - [f89afda] Nova and quantum don't close qpid connections after certain
    error conditions LP: 1172922
  - [f91361d] volume cloning is failing with an I/O error happening when the
    backing snapshot is wiped LP: 1191812
  - [c381a49] volume is not deleted in cinder db LP: 1209367
  - [9891bf8] Volume size is not updated when cloning a volume with SolidFire
    LP: 1219105
  - [ddec0fc] when using qpid, metadata arguments cause volume cloning to
    fail LP: 1213964
  - [d13df23] Previous change to allow SolidFire to clone different size,
    breaks create-snapshot LP: 1234970
  - [eac6ecd] Cinder-Volume Fails to Boot on Restart LP: 1212206
  - [174a985] upload-to-image fails with the NetApp NFS backend LP: 1221205
  - [a3d3fa1] "mount.nfs is not installed" is in error LP: 1212286
  - [8002421] Allow display_name for v2 snapshot-update LP: 1226398
  - [9e85d49] Cinder API v2: List Snapshots Details can not use search
    options like "offset" and "limit" as admin user LP: 1205956
  - [22c53d6] NetApp: iSCSI drivers' reserved percentage is 100 LP: 1182015
  - [84b4ad8] Incorrect tunnelling to NetApp servers in concurrent requests
    LP: 1176759
  - [ba03c32] solidfire driver crashes during ensure export if solidfire not
    available LP: 1215064
  - [6e764cb] NetApp driver should disallow very old controller OS versions
    LP: 1223474
* debian/patches/fix-secure-delete-for-lvm.patch: Dropped.

Author: Harald Sitter
Revision Date: 2013-10-19 22:45:14 UTC

Add upstream_releasechecker-needs-python3-now.patch to fix on-demand
release checking (LP: #1242163)

Author: Stefano Rivera
Revision Date: 2013-10-18 17:37:59 UTC

* Update data from distro-info-data 0.17
  - Add Ubuntu 14.04, Trusty Tahr LP: (Closes: #726696, LP: #1241673)

Author: Jamie Strandboge
Revision Date: 2013-10-18 13:48:44 UTC

* SECURITY UPDATE: fix incorrect comparison affecting SSL verification
  - debian/patches/CVE-2013-4111.patch: adjust verify_callback() to
    correctly perform verification. Patch thanks to Debian. (LP: #1192229)
  - CVE-2013-4111

Author: Adam Gandelman
Revision Date: 2013-10-17 21:10:11 UTC

Releasing 2013.1.4

Author: Adam Gandelman
Revision Date: 2013-10-17 21:10:11 UTC

Releasing 2013.1.4

Author: Adam Gandelman
Revision Date: 2013-10-17 21:10:11 UTC

Releasing 2013.1.4

Author: Adam Gandelman
Revision Date: 2013-10-17 21:10:11 UTC

Releasing 2013.1.4

Author: Adam Gandelman
Revision Date: 2013-10-17 21:10:11 UTC

Releasing 2013.1.4

Author: Adam Gandelman
Revision Date: 2013-10-17 21:10:11 UTC

Releasing 2013.1.4

Author: Adam Gandelman
Revision Date: 2013-10-17 21:10:11 UTC

Releasing 2013.1.4

Author: Adam Gandelman
Revision Date: 2013-10-17 13:53:32 UTC

* Resynchronize with stable/grizzly (c57c0fa) (LP: #1241202):
  - [043837e] _retrieve_extra_groups in Nicira plugin incompatible with
    oslo.config >= 1.2.0 LP: 1200609
  - [a150dc6] dhcp-agent network namespace does not have a default route,
    can't use upstream dns LP: 1181378
  - [be16384] Cisco plugin (grizzly) device connection errors LP: 1212834
  - [045c0b0] Cisco plugin (grizzly) does not pass proper args LP: 1213147
  - [5bb6b60] metadata network handling causes stacktrace in nvp plugin
    LP: 1216110
  - [85c92b0] Nicira plugin: get_port reports wrong port status for extended
    switches LP: 1188652
  - [4601b14] Hyper-V agent does not report the correct exception when the
    network type is set to GRE LP: 1224583
  - [8180381] Multiple Neutron operations using a script fails on Brocade
    Plugin LP: 1223754
  - [06f7e75] Neutron network delete fails with brocade plugin LP: 1223747
  - [1ca02f6] nec-agent: port_added message can be dropped when RPC timeout
    occurs LP: 1235111
  - [c57c0fa] make nvp plugin future version friendly LP: 1217479

Author: Felix Geyer
Revision Date: 2013-10-14 18:58:42 UTC

No-change backport to raring (LP: #1226793)

Author: Jonathan Riddell
Revision Date: 2013-09-11 16:31:06 UTC

Replace medibuntu with VideoLan in install-css.sh LP: #1223928

Author: Robert Ancell
Revision Date: 2013-10-08 14:27:05 UTC

* debian/patches/09_corrupt_xauth.patch:
  - Handle corrupt X authority files correctly (LP: #1234400)

Author: Marc Deslauriers
Revision Date: 2013-10-07 08:40:56 UTC

* SECURITY UPDATE: denial of service via invalid salt (LP: #1187001)
  - debian/patches/CVE-2013-4122.patch: properly handle glibc returning
    NULL on an invalid salt in pwcheck/pwcheck_getpwnam.c,
    pwcheck/pwcheck_getspnam.c, saslauthd/auth_getpwent.c,
    saslauthd/auth_shadow.c.
  - CVE-2013-4122

Author: Marc Deslauriers
Revision Date: 2013-10-07 08:40:56 UTC

* SECURITY UPDATE: denial of service via invalid salt (LP: #1187001)
  - debian/patches/CVE-2013-4122.patch: properly handle glibc returning
    NULL on an invalid salt in pwcheck/pwcheck_getpwnam.c,
    pwcheck/pwcheck_getspnam.c, saslauthd/auth_getpwent.c,
    saslauthd/auth_shadow.c.
  - CVE-2013-4122

Author: Maarten Lankhorst
Revision Date: 2013-10-09 11:47:40 UTC

Fix build by installing drirc again.

Author: Maarten Lankhorst
Revision Date: 2013-10-09 11:47:40 UTC

Fix build by installing drirc again.

Author: Graham Inggs
Revision Date: 2013-06-09 12:09:04 UTC

Provide a libmotif3 transitional package (LP: #1187507)

Author: Iain Lane
Revision Date: 2013-05-14 13:01:44 UTC

* New upstream release (LP: #1179875)
  + proxy/gnome: Fix "automatic" mode, which was mistakenly being treated as
    "none"
  + proxy/gnome: Use this in Unity sessions as well as GNOME ones.
  + proxy/libproxy: Fix handling of SOCKS proxies
* debian/patches/0001-proxy-tests-libproxy-Set-GIO_EXTRA_MODULES-to-use-th.patch:
  Patch testsuite to pick up the just-built libproxy module, fixing test
  failures.

Author: Chris J Arges
Revision Date: 2013-02-08 09:50:51 UTC

Fix failures when there are spaces in a resource name. (LP: #962046)