Branches for Saucy

Author: Brian Murray
Revision Date: 2014-04-23 13:30:08 UTC

Add Ubuntu 14.10, Utopic Unicorn.

Author: Brian Murray
Revision Date: 2014-04-23 13:30:08 UTC

Add Ubuntu 14.10, Utopic Unicorn.

Author: Martin Pitt
Revision Date: 2013-08-28 07:00:28 UTC

releasing package pyjunitxml version 0.6-1ubuntu2

Author: Brian Murray
Revision Date: 2014-04-21 16:44:54 UTC

Properly display error messages encountered by DistUpgradeFetcherCore.
(LP: #1310851)

Author: Marc Deslauriers
Revision Date: 2014-04-19 20:45:09 UTC

* SECURITY UPDATE: Update to 5.5.37 to fix security issues (LP: #1309662)
  - http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
  - CVE-2014-0001
  - CVE-2014-0384
  - CVE-2014-2419
  - CVE-2014-2430
  - CVE-2014-2431
  - CVE-2014-2432
  - CVE-2014-2436
  - CVE-2014-2438
  - CVE-2014-2440
* Drop creation of insecure database permissions:
  - d/p/33_scripts__mysql_create_system_tables__no_test.patch,
    d/p/41_scripts__mysql_install_db.sh__no_test.patch,
    d/p/50_mysql-test__db_test.patch: Restored from mysql-5.1
    package, inadvertently dropped in 5.5 transition. This
    removes the global anonymous access to the database which
    is a security concern.

Author: Omkarnath
Revision Date: 2014-04-15 20:18:56 UTC

fixed an issue that would cause Nemo to get into not responding state.

If user presses Esc key while location_entry is focused, it would revert
it back to breadcrumbs, however state of toggle button is not inverted.
clicking on toggle button again would cause Nemo to get in not responding
state.

navigation_bar_cancel_callback was calling nemo_toolbar_set_show_location_entry
which in turns changes toolbar to breadcrumbs mode. Changed it to call
toggle_location_entry_setting instead.

This should also take of saving the preferences when user presses Esc to
get back to breadcrumbs mode.

Author: Brian Murray
Revision Date: 2014-04-14 14:23:24 UTC

Do not send Stacktrace, and ThreadStacktrace as retracing with ddebs will
provide more useful versions of them. (LP: #1306175)

Author: Marc Deslauriers
Revision Date: 2014-03-31 10:20:43 UTC

* SECURITY UPDATE: insecure use of temporary files
  - debian/patches/CVE-2014-193x.patch: use tempfile.mkstemp() in
    PIL/EpsImagePlugin.py, PIL/Image.py, PIL/IptcImagePlugin.py,
    PIL/JpegImagePlugin.py.
  - CVE-2014-1932
  - CVE-2014-1933

Author: Marc Deslauriers
Revision Date: 2014-03-31 10:20:43 UTC

* SECURITY UPDATE: insecure use of temporary files
  - debian/patches/CVE-2014-193x.patch: use tempfile.mkstemp() in
    PIL/EpsImagePlugin.py, PIL/Image.py, PIL/IptcImagePlugin.py,
    PIL/JpegImagePlugin.py.
  - CVE-2014-1932
  - CVE-2014-1933

Author: Brian Murray
Revision Date: 2014-04-14 14:23:24 UTC

Do not send Stacktrace, and ThreadStacktrace as retracing with ddebs will
provide more useful versions of them. (LP: #1306175)

Author: Marc Deslauriers
Revision Date: 2014-03-11 09:46:15 UTC

* SECURITY UPDATE: denial of service via AgentX subagent timeout
  - debian/patches/CVE-2012-6151.patch: track cancelled sessions in
    agent/mibgroup/agentx/{master.c,master_admin.c}, agent/snmp_agent.c,
    include/net-snmp/agent/snmp_agent.h.
  - CVE-2012-6151
* SECURITY UPDATE: denial of service when ICMP-MIB is in use
  - debian/patches/CVE-2014-2284.patch: fix ICMP mib table handling in
    agent/mibgroup/mibII/icmp.c, agent/mibgroup/mibII/kernel_linux.*.
  - CVE-2014-2284
* SECURITY UPDATE: denial of service in perl trap handler
  - debian/patches/CVE-2014-2285.patch: handle empty community string in
    perl/TrapReceiver/TrapReceiver.xs.
  - CVE-2014-2285

Author: Marc Deslauriers
Revision Date: 2014-03-11 09:46:15 UTC

* SECURITY UPDATE: denial of service via AgentX subagent timeout
  - debian/patches/CVE-2012-6151.patch: track cancelled sessions in
    agent/mibgroup/agentx/{master.c,master_admin.c}, agent/snmp_agent.c,
    include/net-snmp/agent/snmp_agent.h.
  - CVE-2012-6151
* SECURITY UPDATE: denial of service when ICMP-MIB is in use
  - debian/patches/CVE-2014-2284.patch: fix ICMP mib table handling in
    agent/mibgroup/mibII/icmp.c, agent/mibgroup/mibII/kernel_linux.*.
  - CVE-2014-2284
* SECURITY UPDATE: denial of service in perl trap handler
  - debian/patches/CVE-2014-2285.patch: handle empty community string in
    perl/TrapReceiver/TrapReceiver.xs.
  - CVE-2014-2285

Author: Corey Bryant
Revision Date: 2014-04-04 10:52:55 UTC

* Resynchronize with stable/havana (82cb9f6) (LP: #1302575):
  - [b2259b3] Don't copy the flavorid when updating flavors
  - [8db4687] Allow snapshots of paused and suspended instances
  - [cf181c1] Reduce number of novaclient calls
  - [82cb9f6] Fixing tests to work with keystoneclient 0.6.0

Author: Corey Bryant
Revision Date: 2014-04-04 10:49:12 UTC

* Resynchronize with stable/havana (8bb7830) (LP: #1302575):
  - [527009d] Don't delete trust on backup stack delete
  - [defcf23] Raise the default max header to accommodate large tokens
  - [a440ccb] Fix "members" property check
  - [cfd6b02] Fix incompatibilities in tests with keystoneclient 0.6
  - [8bb7830] Don't raise MySQL 2013 'Lost connection' errors

Author: Corey Bryant
Revision Date: 2014-04-04 12:02:50 UTC

* debian/patches/fix-setup-requirements.patch: Rebase on top of
  new upstream requirements.txt file.
* Resynchronize with stable/havana (0ac6942) (LP: #1302575):
  - [c92c106] latest alembic imcompatible with current sqlalchemy requirements
  - [4ffeead] User a more accurate max_delay for reconnects
  - [6637acd] Checks for presence of Hyper-V cpu metrics before accessing
  - [7cb5f4c] Fix ceilometer.conf.sample mismatch
  - [ebe72d5] Fixes Hyper-V Inspector disk metrics bug
  - [bbab3d5] Fix validation error for invalid field name in simple query
  - [83a2725] Adds doc string to query validate functions in V2 API
  - [4461828] Ensure insecure config option propagated by alarm service
  - [0a1db09] Fix the default rpc policy value
  - [b13ee97] Ensure the correct error message is displayed
  - [2c6a84f] Refactor timestamp existence validation in V2 API
  - [ff0375c] cacert is not picked up correctly by alarm services
  - [0a85f22] Add an insecure option for Keystone client
  - [0ac6942] Propogate cacert and insecure flags to glanceclient

Author: Alberto Jovito
Revision Date: 2014-03-24 00:15:34 UTC

*Include new patches to fix X.org 1.14 crash (LP: #1251849)
  - debian/patches/fix_incompatibility_X.org_1.14.diff :
  - Removing call to miInitializeBackingStore() no longer
     exist in xorg server 1.14
  - Commit 17973712f083100cc041d50fca30e248846e5fd2
* Include new patches to fix crash with Chrome 9 HC chips (LP: #1165232)
  - debian/patches/fix_Chrome_9_HC_crash.diff :
  - Commit 76515c8a369346d76864e55610a6a747d9b152d8
* Update debian/control homepage field.

Author: Louis Bouchard
Revision Date: 2014-02-17 17:19:41 UTC

* debian/patches/kill-lockfile.patch
  - Backport patch from trunk that removes the lockfile placed by
    duplicity to avoid concurrency. Deja-dup avoid concurrency using
    its own method using Dbus (LP: #1281066)

Author: Jackson Doak
Revision Date: 2013-05-27 21:44:21 UTC

* Merge from Debian unstable, remaining Ubuntu changes:
 - Build depend on nvidia-settings build-dep on i386 and amd64.
 - Build depend on libunity-dev and libappindicator3-dev for Unity support.
* Drop debian/patches/allow_gtk_deprecates.patch, it's fixed in debian

Author: Felix Geyer
Revision Date: 2014-04-06 14:09:17 UTC

No-change backport to saucy (LP: #1303326)

Author: Corey Bryant
Revision Date: 2014-04-04 12:02:50 UTC

* debian/patches/fix-setup-requirements.patch: Rebase on top of
  new upstream requirements.txt file.
* Resynchronize with stable/havana (0ac6942) (LP: #1302575):
  - [c92c106] latest alembic imcompatible with current sqlalchemy requirements
  - [4ffeead] User a more accurate max_delay for reconnects
  - [6637acd] Checks for presence of Hyper-V cpu metrics before accessing
  - [7cb5f4c] Fix ceilometer.conf.sample mismatch
  - [ebe72d5] Fixes Hyper-V Inspector disk metrics bug
  - [bbab3d5] Fix validation error for invalid field name in simple query
  - [83a2725] Adds doc string to query validate functions in V2 API
  - [4461828] Ensure insecure config option propagated by alarm service
  - [0a1db09] Fix the default rpc policy value
  - [b13ee97] Ensure the correct error message is displayed
  - [2c6a84f] Refactor timestamp existence validation in V2 API
  - [ff0375c] cacert is not picked up correctly by alarm services
  - [0a85f22] Add an insecure option for Keystone client
  - [0ac6942] Propogate cacert and insecure flags to glanceclient

Author: Corey Bryant
Revision Date: 2014-04-04 10:49:12 UTC

* Resynchronize with stable/havana (8bb7830) (LP: #1302575):
  - [527009d] Don't delete trust on backup stack delete
  - [defcf23] Raise the default max header to accommodate large tokens
  - [a440ccb] Fix "members" property check
  - [cfd6b02] Fix incompatibilities in tests with keystoneclient 0.6
  - [8bb7830] Don't raise MySQL 2013 'Lost connection' errors

Author: Brad Figg
Revision Date: 2014-04-04 07:08:55 UTC

Ubuntu-3.5.0-241

Author: Alberto Jovito
Revision Date: 2014-03-24 00:15:34 UTC

*Include new patches to fix X.org 1.14 crash (LP: #1251849)
  - debian/patches/fix_incompatibility_X.org_1.14.diff :
  - Removing call to miInitializeBackingStore() no longer
     exist in xorg server 1.14
  - Commit 17973712f083100cc041d50fca30e248846e5fd2
* Include new patches to fix crash with Chrome 9 HC chips (LP: #1165232)
  - debian/patches/fix_Chrome_9_HC_crash.diff :
  - Commit 76515c8a369346d76864e55610a6a747d9b152d8
* Update debian/control homepage field.

Author: James Page
Revision Date: 2014-03-21 09:07:29 UTC

* Fix issue with boot disk detection when > 8 disks are attached to
  a qemu-kvm instance (LP: #1295498):
  - d/p/0001-Fix-USB-EHCI-detection-that-was-broken-in-hlist-conv.patch:
    Cherry picked fix from 1.7.3-stable branch upstream.

Author: Marc Deslauriers
Revision Date: 2014-04-02 14:34:04 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  large yaml documents
  - debian/patches/CVE-2013-6393.patch: fix integer overflows in
    LibYAML/loader.c, LibYAML/reader.c, LibYAML/scanner.c,
    LibYAML/yaml_private.h.
  - CVE-2013-6393
* SECURITY UPDATE: denial of service and possible code execution via
  heap overflow in yaml_parser_scan_uri_escapes
  - debian/patches/CVE-2014-2525.patch: properly handle memory in
    LibYAML/scanner.c, LibYAML/yaml_private.h.
  - CVE-2014-2525

Author: Marc Deslauriers
Revision Date: 2014-04-02 14:34:04 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  large yaml documents
  - debian/patches/CVE-2013-6393.patch: fix integer overflows in
    LibYAML/loader.c, LibYAML/reader.c, LibYAML/scanner.c,
    LibYAML/yaml_private.h.
  - CVE-2013-6393
* SECURITY UPDATE: denial of service and possible code execution via
  heap overflow in yaml_parser_scan_uri_escapes
  - debian/patches/CVE-2014-2525.patch: properly handle memory in
    LibYAML/scanner.c, LibYAML/yaml_private.h.
  - CVE-2014-2525

Author: Marc Deslauriers
Revision Date: 2014-04-02 10:19:23 UTC

* SECURITY UPDATE: incorrect IDNA wildcard handling
  - debian/patches/CVE-2014-1492.patch: conform to RFC 6125 in
    nss/lib/certdb/certdb.c.
  - CVE-2014-1492
* No longer ship cacert.org certificates. (LP: #1258286)
  - removed debian/patches/95_add_spi+cacert_ca_certs.patch
  - added debian/patches/95_add_spi_certs.patch

Author: Marc Deslauriers
Revision Date: 2014-04-02 11:43:27 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  heap overflow in yaml_parser_scan_uri_escapes
  - debian/patches/CVE-2014-2525.patch: properly handle memory in
    src/scanner.c, src/yaml_private.h.
  - CVE-2014-2525

Author: Marc Deslauriers
Revision Date: 2014-04-02 11:43:27 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  heap overflow in yaml_parser_scan_uri_escapes
  - debian/patches/CVE-2014-2525.patch: properly handle memory in
    src/scanner.c, src/yaml_private.h.
  - CVE-2014-2525

Author: Marc Deslauriers
Revision Date: 2014-04-02 10:19:23 UTC

* SECURITY UPDATE: incorrect IDNA wildcard handling
  - debian/patches/CVE-2014-1492.patch: conform to RFC 6125 in
    nss/lib/certdb/certdb.c.
  - CVE-2014-1492
* No longer ship cacert.org certificates. (LP: #1258286)
  - removed debian/patches/95_add_spi+cacert_ca_certs.patch
  - added debian/patches/95_add_spi_certs.patch

Author: Marc Deslauriers
Revision Date: 2014-04-01 10:16:55 UTC

* SECURITY UPDATE: wrong re-use of connections
  - debian/patches/CVE-2014-0138.patch: fix possible issues with NTLM
    HTTP logic, and extend new connection logic to other protocols in
    lib/http.c, lib/url.c, lib/urldata.h, add new tests to
    tests/data/Makefile.am, tests/data/test1418, tests/data/test1419.
  - CVE-2014-0138
* SECURITY UPDATE: incorrect wildcard SSL certificate validation with
  literal IP addresses
  - debian/patches/CVE-2014-0139.patch: fix wildcard logic in
    lib/hostcheck.c, added tests to tests/data/Makefile.am,
    tests/data/test1397, tests/unit/Makefile.inc, tests/unit/unit1397.c.
  - CVE-2014-0139
* debian/patches/fix_test172.path: fix expired cookie causing test to
  fail.

Author: Marc Deslauriers
Revision Date: 2014-04-01 10:16:55 UTC

* SECURITY UPDATE: wrong re-use of connections
  - debian/patches/CVE-2014-0138.patch: fix possible issues with NTLM
    HTTP logic, and extend new connection logic to other protocols in
    lib/http.c, lib/url.c, lib/urldata.h, add new tests to
    tests/data/Makefile.am, tests/data/test1418, tests/data/test1419.
  - CVE-2014-0138
* SECURITY UPDATE: incorrect wildcard SSL certificate validation with
  literal IP addresses
  - debian/patches/CVE-2014-0139.patch: fix wildcard logic in
    lib/hostcheck.c, added tests to tests/data/Makefile.am,
    tests/data/test1397, tests/unit/Makefile.inc, tests/unit/unit1397.c.
  - CVE-2014-0139
* debian/patches/fix_test172.path: fix expired cookie causing test to
  fail.

Author: Michael Zanetti
Revision Date: 2014-03-31 15:15:14 UTC

break older unity8 versions

Author: Kernevil
Revision Date: 2014-03-31 13:48:23 UTC

sdlz patch to also send hmac keys to dlz implementation

Author: Chuck Short
Revision Date: 2014-03-31 11:51:57 UTC

* Resynchronize with stable/havana (8cb9d89) (LP: #1284643):
  - [8cb9d89] Use a temp dir for CONF.state_path
  - [566321b] Subnets should be set as lazy='join'
  - [eb4c045] Qpid, RabbitMQ: advance thru the list of brokers on reconnect
  - [1faec83] Prevent cross plugging router ports from other tenants
  - [858ec2e] Fixes Hyper-V port metrics enabling after service restart
  - [d57ce79] Adds Hyper-V utils methods
  - [5ccfeae] NSX: Sync do not pass around model object
  - [7f2c41f] NSX: Fix possible deadlock in sync code
  - [7871486] Use a more accurate max_delay for reconnects
  - [8e92741] Adds id in update_floatingip API in PLUMgrid plugin driver
  - [ab46900] Report proper error message in PLUMgrid Plugin
  - [ece27c9] Update help message of flag 'enable_isolated_metadata'
  - [a47fde6] Remove the warning for Scheduling Network
  - [28ee2ac] vshield task manager: abort tasks in stop() on termination
  - [c194262] Fix request timeout errors during calls to NSX controller
  - [2b4cdcd] Fix error while connecting to busy NSX L2 Gateway
  - [5158744] Tweak version nvp/nsx version validation logic for router operations
  - [722746f] [ML2] l2-pop MD handle multi create/delete ports
  - [99339a9] Fix metering iptables driver doesn't read root_helper param
  - [2e9f5a7] Add support for managing async processes
  - [5678fb8] fix --excluded of meter-label-rule-create is not working
  - [c0586c4] Fix a typo in log exception in the metering agent
* debian/patches/bump-sqlalchemy-versions.patch: Rediffed
* debian/patches/revert-stable-havana-requirements.patch: Updated not to
  bump the version of python-neutronclient.

Author: Marc Deslauriers
Revision Date: 2014-03-28 08:33:16 UTC

fake sync from Debian

Author: Marc Deslauriers
Revision Date: 2014-03-28 08:33:16 UTC

fake sync from Debian

Author: Marc Deslauriers
Revision Date: 2014-03-27 08:51:04 UTC

Rebuild as a security update (LP: #1296856)

Author: Marc Deslauriers
Revision Date: 2014-03-27 08:51:04 UTC

Rebuild as a security update (LP: #1296856)

Author: Marc Deslauriers
Revision Date: 2014-03-27 09:22:15 UTC

No change rebuild in security pocket.

Author: James Page
Revision Date: 2014-03-27 11:48:10 UTC

* New upstream point release (LP: #1298290):
  - d/p/*: Dropped, no longer required.

Author: Marc Deslauriers
Revision Date: 2014-03-27 09:22:15 UTC

No change rebuild in security pocket.

Author: Scott Kitterman
Revision Date: 2014-03-26 00:25:55 UTC

No-change backport to saucy (LP: #1297616)

Author: Marc Deslauriers
Revision Date: 2014-02-06 17:04:56 UTC

* Update ca-certificates database to 20130906 (LP: #1257265):
  - backport changes from the Ubuntu 14.04 20130906ubuntu1 package
  - No longer ship cacert.org certificates (LP: #1258286)
  - mozilla/certdata2pem.py: Work around openssl issue by shipping both
    versions of the same signed roots. Previously, the script would
    simply overwrite the first one found in the certdata.txt with the
    later one since they both have the same CKA_LABEL, resulting in
    identical filenames. (LP: #1014640, LP: #1031333)

Author: Marc Deslauriers
Revision Date: 2014-02-06 17:04:56 UTC

* Update ca-certificates database to 20130906 (LP: #1257265):
  - backport changes from the Ubuntu 14.04 20130906ubuntu1 package
  - No longer ship cacert.org certificates (LP: #1258286)
  - mozilla/certdata2pem.py: Work around openssl issue by shipping both
    versions of the same signed roots. Previously, the script would
    simply overwrite the first one found in the certdata.txt with the
    later one since they both have the same CKA_LABEL, resulting in
    identical filenames. (LP: #1014640, LP: #1031333)

Author: Ben Howard
Revision Date: 2014-02-18 17:30:36 UTC

debian/extra/rules/75-persistent-net-generator.rules: update ethernet
exclusions for Hyper-V (LP: #1274348).

Author: James Page
Revision Date: 2014-03-21 09:07:29 UTC

* Fix issue with boot disk detection when > 8 disks are attached to
  a qemu-kvm instance (LP: #1295498):
  - d/p/0001-Fix-USB-EHCI-detection-that-was-broken-in-hlist-conv.patch:
    Cherry picked fix from 1.7.3-stable branch upstream.

Author: Scott Moser
Revision Date: 2014-03-21 16:29:07 UTC

releasing package cloud-init version 0.7.3-0ubuntu2.2

Author: Thomas Ward
Revision Date: 2014-03-18 21:17:14 UTC

* SECURITY UPDATE: SPDY Heap Buffer Overflow Vulnerabilty (LP: #1294280)
  - debian/patches/cve-2014-0133.patch: modify src/http/ngx_http_spdy.c to
    fix a heap buffer overflow vulnerability in the SPDY module by using
    a specially crafted request.
  - CVE-2014-0133

Author: Thomas Ward
Revision Date: 2014-03-18 21:17:14 UTC

* SECURITY UPDATE: SPDY Heap Buffer Overflow Vulnerabilty (LP: #1294280)
  - debian/patches/cve-2014-0133.patch: modify src/http/ngx_http_spdy.c to
    fix a heap buffer overflow vulnerability in the SPDY module by using
    a specially crafted request.
  - CVE-2014-0133

Author: Marc Deslauriers
Revision Date: 2014-03-14 08:52:45 UTC

* SECURITY UPDATE: arbitrary file disclosure via XML External Entity
  (XXE) issue.
  - debian/patches/CVE-2013-1881.patch: implement stricter policy in
    rsvg-base.c, rsvg-css.c, rsvg-io.c, rsvg-private.h.
  - CVE-2013-1881

Author: Marc Deslauriers
Revision Date: 2014-03-13 12:52:16 UTC

* SECURITY UPDATE: denial of service and possible code execution in
  CFF rasterizer
  - debian/patches-freetype/CVE-2014-2240.patch: validate hintMask in
    src/cff/cf2hints.c.
  - CVE-2014-2240
* SECURITY UPDATE: denial of service in CFF rasterizer
  - debian/patches-freetype/CVE-2014-2241.patch: don't trigger asserts in
    src/cff/cf2ft.c.
  - CVE-2014-2241

Author: Marc Deslauriers
Revision Date: 2014-03-14 08:52:45 UTC

* SECURITY UPDATE: arbitrary file disclosure via XML External Entity
  (XXE) issue.
  - debian/patches/CVE-2013-1881.patch: implement stricter policy in
    rsvg-base.c, rsvg-css.c, rsvg-io.c, rsvg-private.h.
  - CVE-2013-1881

Author: Marc Deslauriers
Revision Date: 2014-03-13 12:52:16 UTC

* SECURITY UPDATE: denial of service and possible code execution in
  CFF rasterizer
  - debian/patches-freetype/CVE-2014-2240.patch: validate hintMask in
    src/cff/cf2hints.c.
  - CVE-2014-2240
* SECURITY UPDATE: denial of service in CFF rasterizer
  - debian/patches-freetype/CVE-2014-2241.patch: don't trigger asserts in
    src/cff/cf2ft.c.
  - CVE-2014-2241

Author: Kernevil
Revision Date: 2014-03-14 14:45:46 UTC

Fix useless import

Author: Marc Deslauriers
Revision Date: 2014-03-14 14:25:35 UTC

* SECURITY UPDATE: timing side-channel attack in TempURL
  - debian/patches/CVE-2014-0006.patch: use constant time comparison in
    swift/common/middleware/tempurl.py.
  - CVE-2014-0006

Author: Steve Beattie
Revision Date: 2014-03-12 21:34:58 UTC

* SECURITY UPDATE: buffer overflow in header processing after
  address expansion.
  - debian/patches/ubuntu/mutt-CVE-2014-0467.patch
  - CVE-2014-0467

Author: Steve Beattie
Revision Date: 2014-03-12 21:34:58 UTC

* SECURITY UPDATE: buffer overflow in header processing after
  address expansion.
  - debian/patches/ubuntu/mutt-CVE-2014-0467.patch
  - CVE-2014-0467

Author: Marc Deslauriers
Revision Date: 2014-03-11 08:00:06 UTC

debian/sudo.sudo.init, debian/sudo-ldap.sudo.init: Set timestamps to
epoch in init scripts so they are properly invalidated. (LP: #1223297)

Author: Marc Deslauriers
Revision Date: 2014-03-11 08:00:06 UTC

debian/sudo.sudo.init, debian/sudo-ldap.sudo.init: Set timestamps to
epoch in init scripts so they are properly invalidated. (LP: #1223297)

Author: Marc Deslauriers
Revision Date: 2014-03-10 09:55:26 UTC

* SECURITY UPDATE: PRNG state reuse on forking servers
  - debian/patches/CVE-2014-0017.patch: force reseed after fork in
    include/libssh/wrapper.h, src/bind.c, src/libcrypto.c,
    src/libgcrypt.c.
  - CVE-2014-0017

Author: Marc Deslauriers
Revision Date: 2014-03-10 09:55:26 UTC

* SECURITY UPDATE: PRNG state reuse on forking servers
  - debian/patches/CVE-2014-0017.patch: force reseed after fork in
    include/libssh/wrapper.h, src/bind.c, src/libcrypto.c,
    src/libgcrypt.c.
  - CVE-2014-0017

Author: Marc Deslauriers
Revision Date: 2014-03-11 10:52:15 UTC

* SECURITY UPDATE: arbitrary code execution via overflows in urftopdf
  - debian/patches/CVE-2013-647x.patch: check sizes in
    filter/urftopdf.cpp.
  - CVE-2013-6473
* SECURITY UPDATE: arbitrary code execution via overflows in pdftoopvp
  - debian/patches/CVE-2013-647x.patch: use gmallocn and gmallocn3 in
    filter/pdftoopvp/{oprs/OPVPSplash.cxx,OPVPOutputDev.cxx}.
  - CVE-2013-6474
  - CVE-2013-6475
* SECURITY UPDATE: arbitrary code execution via driver in pdftoopvp
  - debian/patches/CVE-2013-647x.patch: restrict driver path in
    filter/pdftoopvp/oprs/OPVPWrapper.cxx.
  - CVE-2013-6476

Author: Marc Deslauriers
Revision Date: 2014-03-11 10:52:15 UTC

* SECURITY UPDATE: arbitrary code execution via overflows in urftopdf
  - debian/patches/CVE-2013-647x.patch: check sizes in
    filter/urftopdf.cpp.
  - CVE-2013-6473
* SECURITY UPDATE: arbitrary code execution via overflows in pdftoopvp
  - debian/patches/CVE-2013-647x.patch: use gmallocn and gmallocn3 in
    filter/pdftoopvp/{oprs/OPVPSplash.cxx,OPVPOutputDev.cxx}.
  - CVE-2013-6474
  - CVE-2013-6475
* SECURITY UPDATE: arbitrary code execution via driver in pdftoopvp
  - debian/patches/CVE-2013-647x.patch: restrict driver path in
    filter/pdftoopvp/oprs/OPVPWrapper.cxx.
  - CVE-2013-6476

Author: Louis Bouchard
Revision Date: 2014-01-24 13:44:06 UTC

* debian/patches/05-lp1266763-add-concurrency-locking.dpatch
  - Implement locking mechanism to avoid concurrent execution under the same
    cache directory. This functionality adds a dependency to python-lockfile
    Fixes LP: #1266763

* debian/patches/04-lp1266753-exception-if-no-s3.dpatch
  - Add exception handling in the case where no S3 connection is
    available instead of silently deleting the local cache.
    Fixes LP: #1266753

Author: Louis Bouchard
Revision Date: 2014-02-17 17:19:41 UTC

* debian/patches/kill-lockfile.patch
  - Backport patch from trunk that removes the lockfile placed by
    duplicity to avoid concurrency. Deja-dup avoid concurrency using
    its own method using Dbus (LP: #1281066)

Author: Marc Deslauriers
Revision Date: 2014-03-06 09:25:27 UTC

* SECURITY UPDATE: arbitrary code execution via long path names
  (LP: #1288226)
  - debian/patches/CVE-2014-0004.patch: limit lengths and properly
    terminate in src/mount-monitor.c.
  - CVE-2014-0004

Author: Marc Deslauriers
Revision Date: 2014-03-06 09:25:27 UTC

* SECURITY UPDATE: arbitrary code execution via long path names
  (LP: #1288226)
  - debian/patches/CVE-2014-0004.patch: limit lengths and properly
    terminate in src/mount-monitor.c.
  - CVE-2014-0004

Author: Marc Deslauriers
Revision Date: 2014-03-06 09:22:17 UTC

* SECURITY UPDATE: arbitrary code execution via long path names
  (LP: #1288226)
  - debian/patches/CVE-2014-0004.patch: limit lengths and properly
    terminate in src/udisksmountmonitor.c.
  - CVE-2014-0004

Author: Scott Kitterman
Revision Date: 2014-03-07 12:51:32 UTC

add -pthread to --libs of check.pc (LP: #1289501)

Author: Chuck Short
Revision Date: 2014-03-07 12:04:11 UTC

debian/patches/fix-get-auth-info.patch: Fix regression introduced by
stable/havanna update. (LP: #1280941)

Author: Chuck Short
Revision Date: 2014-03-07 12:04:11 UTC

debian/patches/fix-get-auth-info.patch: Fix regression introduced by
stable/havanna update. (LP: #1280941)

Author: PS Jenkins bot
Revision Date: 2014-03-06 23:51:19 UTC

[ Justin McPherson ]
* Fixes problem of two facebook launcher items appearing. (LP:
  #1273398)

[ Ubuntu daily release ]
* Automatic snapshot from revision 68

Author: PS Jenkins bot
Revision Date: 2014-03-06 23:51:19 UTC

[ Justin McPherson ]
* Fixes problem of two facebook launcher items appearing. (LP:
  #1273398)

[ Ubuntu daily release ]
* Automatic snapshot from revision 68

Author: Serge Hallyn
Revision Date: 2014-03-04 16:58:33 UTC

Add trusty to the list of valid ubuntu suites. (LP: #1287943)

Author: Marc Deslauriers
Revision Date: 2014-03-06 11:19:36 UTC

* SECURITY UPDATE: denial of service and possible code execution via psd
  images processing rle decoding buffer overflow
  - debian/patches/CVE-2014-1958.patch: check lengths in coders/psd.c.
  - CVE-2014-1958
* SECURITY UPDATE: denial of service via jpeg images with specially-
  crafted restart markers
  - debian/patches/CVE-2014-2030.patch: don't overflow layer_name in
    coders/psd.c.
  - CVE-2014-2030

Author: Marc Deslauriers
Revision Date: 2014-03-06 11:19:36 UTC

* SECURITY UPDATE: denial of service and possible code execution via psd
  images processing rle decoding buffer overflow
  - debian/patches/CVE-2014-1958.patch: check lengths in coders/psd.c.
  - CVE-2014-1958
* SECURITY UPDATE: denial of service via jpeg images with specially-
  crafted restart markers
  - debian/patches/CVE-2014-2030.patch: don't overflow layer_name in
    coders/psd.c.
  - CVE-2014-2030

Author: Marc Deslauriers
Revision Date: 2014-03-04 10:22:07 UTC

* SECURITY UPDATE: request smuggling attack via content-length headers
  - debian/patches/CVE-2013-4286.patch: use long as content length in
    java/org/apache/coyote/Request.java, handle multiple content lengths
    in java/org/apache/coyote/ajp/AbstractAjpProcessor.java, handle
    content length and chunked encoding being both specified in
    java/org/apache/coyote/http11/AbstractHttp11Processor.java.
  - CVE-2013-4286
* SECURITY UPDATE: denial of service via chunked transfer coding
  - debian/patches/CVE-2013-4322.patch: enforce maximum size in
    java/org/apache/coyote/http11/{AbstractHttp11Processor.java,
    AbstractHttp11Protocol.java, Http11AprProcessor.java,
    Http11AprProtocol.java, Http11NioProcessor.java,
    Http11NioProtocol.java, Http11Processor.java, Http11Protocol.java},
    java/org/apache/coyote/http11/filters/ChunkedInputFilter.java,
    test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java,
    webapps/docs/config/http.xml.
  - CVE-2013-4322
* SECURITY UPDATE: denial of service via malformed content-type header
  - debian/patches/CVE-2014-0050.patch: validate sizes in
    java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java,
    java/org/apache/tomcat/util/http/fileupload/MultipartStream.java.
  - CVE-2014-0050

Author: Marc Deslauriers
Revision Date: 2014-03-04 10:22:07 UTC

* SECURITY UPDATE: request smuggling attack via content-length headers
  - debian/patches/CVE-2013-4286.patch: use long as content length in
    java/org/apache/coyote/Request.java, handle multiple content lengths
    in java/org/apache/coyote/ajp/AbstractAjpProcessor.java, handle
    content length and chunked encoding being both specified in
    java/org/apache/coyote/http11/AbstractHttp11Processor.java.
  - CVE-2013-4286
* SECURITY UPDATE: denial of service via chunked transfer coding
  - debian/patches/CVE-2013-4322.patch: enforce maximum size in
    java/org/apache/coyote/http11/{AbstractHttp11Processor.java,
    AbstractHttp11Protocol.java, Http11AprProcessor.java,
    Http11AprProtocol.java, Http11NioProcessor.java,
    Http11NioProtocol.java, Http11Processor.java, Http11Protocol.java},
    java/org/apache/coyote/http11/filters/ChunkedInputFilter.java,
    test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java,
    webapps/docs/config/http.xml.
  - CVE-2013-4322
* SECURITY UPDATE: denial of service via malformed content-type header
  - debian/patches/CVE-2014-0050.patch: validate sizes in
    java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java,
    java/org/apache/tomcat/util/http/fileupload/MultipartStream.java.
  - CVE-2014-0050

Author: Marc Deslauriers
Revision Date: 2014-02-06 17:04:56 UTC

* Update ca-certificates database to 20130906 (LP: #1257265):
  - backport changes from the Ubuntu 14.04 20130906ubuntu1 package
  - No longer ship cacert.org certificates (LP: #1258286)
  - mozilla/certdata2pem.py: Work around openssl issue by shipping both
    versions of the same signed roots. Previously, the script would
    simply overwrite the first one found in the certdata.txt with the
    later one since they both have the same CKA_LABEL, resulting in
    identical filenames. (LP: #1014640, LP: #1031333)

Author: James Page
Revision Date: 2013-08-20 14:06:23 UTC

* Merge from Debian unstable (LP: #1211749, #1202027). Remaining changes:
  - 016-armhf-elf-header.patch: Use correct ELF header for armhf binaries.
  - d/control,control.cross: Update Breaks/Replaces for Ubuntu
    versions to ensure smooth upgrades, regenerate control file.

Author: Michael
Revision Date: 2012-08-02 14:25:58 UTC

* Add myself to uploaders, as discussed in #683421.
* cherry-pick r820ffde8c396 (net/http: non-keepalive connections close
  successfully) (Closes: #683421)

Author: Scott Moser
Revision Date: 2014-03-04 18:09:53 UTC

enable support for deploying trusty (LP: #1287772).
User must modify config to import trusty, but after that is done
they will be able to deploy.

Author: Marc Deslauriers
Revision Date: 2014-02-27 09:06:35 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  buffer overflow in socket.recvfrom_into
  - debian/patches/CVE-2014-1912.diff: check buffer length in
    Modules/socketmodule.c, added tests to Lib/test/test_socket.py.
  - CVE-2014-1912

Author: Marc Deslauriers
Revision Date: 2014-02-27 14:31:30 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  buffer overflow in socket.recvfrom_into
  - debian/patches/CVE-2014-1912.diff: check buffer length in
    Modules/socketmodule.c, added tests to Lib/test/test_socket.py.
  - CVE-2014-1912

Author: Jonathan Riddell
Revision Date: 2013-12-03 15:43:44 UTC

Saucy update using KDE micro release exception LP: #1220779

Author: Jonathan Riddell
Revision Date: 2013-12-03 15:23:11 UTC

SRU upstream bugfix release (part of KDE micro release exception)
LP: #1220780

Author: Marc Deslauriers
Revision Date: 2014-02-27 09:06:35 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  buffer overflow in socket.recvfrom_into
  - debian/patches/CVE-2014-1912.diff: check buffer length in
    Modules/socketmodule.c, added tests to Lib/test/test_socket.py.
  - CVE-2014-1912

Author: Marc Deslauriers
Revision Date: 2014-02-27 14:31:30 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  buffer overflow in socket.recvfrom_into
  - debian/patches/CVE-2014-1912.diff: check buffer length in
    Modules/socketmodule.c, added tests to Lib/test/test_socket.py.
  - CVE-2014-1912

Author: Alexander Lipatov
Revision Date: 2014-03-02 14:04:00 UTC

debian/patches/vnc-repeater.patch: fix to build vnc-plugin with
vnc repeater support

Author: Louis Bouchard
Revision Date: 2014-02-27 17:05:17 UTC

* debian/common_functions
  - Fix slurp_config() that is sometimes not discriminative
  enough which leads to invalid configuration files (LP: #799623)

Author: Max Bowsher
Revision Date: 2014-02-28 08:20:53 UTC

Change tooltip colours from nasty white-on-black to much more pleasant
black-on-pale-orange.

Author: Logan Rosen
Revision Date: 2014-02-22 23:16:02 UTC

Depend on python-glade2 to fix crash upon opening (LP: #917204).

Author: Mattia Rizzolo
Revision Date: 2014-01-31 16:29:50 UTC

SRU: debian/control: zendframework is named zend-framework in Ubuntu.
Update Depends accordingly (LP: #993070)

Author: Marc Deslauriers
Revision Date: 2014-02-24 09:16:16 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  buffer overflow in rlm_pap module
  - debian/patches/CVE-2013-2015.patch: properly handle buffer size in
    src/modules/rlm_pap/rlm_pap.c.
  - CVE-2014-2015

Author: Marc Deslauriers
Revision Date: 2014-02-24 09:16:16 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  buffer overflow in rlm_pap module
  - debian/patches/CVE-2013-2015.patch: properly handle buffer size in
    src/modules/rlm_pap/rlm_pap.c.
  - CVE-2014-2015

Author: Chuck Short
Revision Date: 2014-02-25 19:01:57 UTC

Fix changelog

Author: Chuck Short
Revision Date: 2014-02-25 18:50:43 UTC

Fix changelog

Author: Chuck Short
Revision Date: 2014-02-25 18:46:37 UTC

Re-add missing bits

Author: Thomas Ward
Revision Date: 2014-01-23 13:33:41 UTC

* New upstream patch:
  + debian/patches/fix-ffmpeg-media-handler.patch:
    - Include upstream patch and changes to fix an issue where the ffmpeg
      media handler does not work due to deprecated api. (LP: #1253468)