ubuntu/+source/mono:ubuntu/precise-security

Last commit made on 2015-03-24
Get this branch:
git clone -b ubuntu/precise-security https://git.launchpad.net/ubuntu/+source/mono
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/precise-security
Repository:
lp:ubuntu/+source/mono

Recent commits

054c681... by Marc Deslauriers on 2015-03-20

Import patches-unapplied version 2.10.8.1-1ubuntu2.3 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 5f3ff6e3a781e52b767138e0dc80cca53f9213dd

New changelog entries:
  * SECURITY UPDATE: denial of service via use after free
    - debian/patches/CVE-2011-0992.patch: fix access to freed members of a
      dead thread in mono/metadata/threads.c.
    - CVE-2011-0992
  * SECURITY UPDATE: denial of service via hash collision
    - debian/patches/CVE-2012-3543.patch: add a better hash provider to
      mcs/class/System.Web/System.Web.UI/Page.cs,
      mcs/class/System.Web/System.Web.Util/SecureHashCodeProvider.cs,
      mcs/class/System.Web/System.Web.dll.sources,
      mcs/class/System.Web/System.Web/WebROCollection.cs.
    - CVE-2012-3543
  * SECURITY UPDATE: TLS impersonation attack
    - debian/patches/CVE-2015-2318.patch: add handshake state validation to
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/Context.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ServerRecordProtocol.cs.
    - CVE-2015-2318
  * SECURITY UPDATE: FREAK attack vulnerability
    - debian/patches/CVE-2015-2319.patch: remove EXPORT ciphers from
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs,
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs.
    - CVE-2015-2319
  * SECURITY UPDATE: SSLv2 support
    - debian/patches/CVE-2015-2320.patch: remove client-side SSLv2 fallback in
      mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs.
    - CVE-2015-2320
  * debian/source/options: Don't use single-debian-patch for Ubuntu.

5f3ff6e... by Marc Deslauriers on 2012-07-24

Import patches-unapplied version 2.10.8.1-1ubuntu2.2 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 5a4de4e2aa891fccf95d9e18303850220a8a3540

New changelog entries:
  * SECURITY UPDATE: cross-site scripting vulnerability
    - debian/patches/CVE-2012-3382.patch: properly escape error message in
      mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs.
    - CVE-2012-3382

5a4de4e... by Julian Taylor on 2012-06-03

Import patches-unapplied version 2.10.8.1-1ubuntu2.1 to ubuntu/precise-proposed

Imported using git-ubuntu import.

Changelog parent: 68fd143298a40df97e0c2964210d342c4b97a0e2

New changelog entries:
  * configure.in: search multiarch paths for libX11 (LP: #1008212)
    changes the dllmap in /etc/mono/config to the versioned library

68fd143... by Andrew Mitchell on 2012-04-04

Import patches-unapplied version 2.10.8.1-1ubuntu2 to ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: 5520aebd1b2596697cab1bed4759f2619fd54ae6

New changelog entries:
  * debian/monodoc-base.postinst: Add '|| true' to the update-monodoc call
    so that it doesn't cause upgrades to fail due to the trigger being called
    prior to GTK# being upgraded (LP: #972751)

5520aeb... by Steve Langasek on 2012-03-23

Import patches-unapplied version 2.10.8.1-1ubuntu1 to ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: 20916dd643042d8ab23eb1de69378cf1528efce0

New changelog entries:
  * debian/mono.runtime-script: Don't use File::Basename, because it's not
    actually being *used*, and the 'use' statement causes failures if this
    script is called while perl-base and perl-modules are not in a consistent
    state. LP: #948848.

20916dd... by Mirco Bauer on 2012-02-05

Import patches-unapplied version 2.10.8.1-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: fd213f91340ca35c2158df72d719d3f14fa91c14

New changelog entries:
  [ Jb Evain ]
  * [b31e994] [mono-api-info] try to read local files before using the resolver
  [ Mirco Bauer ]
  * [e6134cc] Imported Upstream version 2.10.8.1
  * [e8b34c9] Added s390x specific symbols to libmono-2.0-1.symbols.s390x
  * [ad7a051] Copied armel specific symbols to libmono-2.0-1.symbols.armhf
  * [1001d95] Added new symbol to libmono-2.0-1.symbols
  * [c17bea6] Build mono-api-diff and MonoGetAssemblyName with dmcs
              instead of gmcs
  * [1388ad0] Bumped clilibs of libmono-system4.0-cil,
              libmono-sqlite{2,4}.0-cil and
              libmono-microsoft-build-framework4.0-cil to >= 2.10.7
  * [7bb7153] Added -a switch (ABI) to mono-api-check
  * [b35dd98] Imported Upstream version 2.10.8.1
  * [a251cb0] Fixed typo in package short description of
              libmono-webmatrix-data4.0-cil (closes: #656671)
  * [b35dd98] Imported Upstream version 2.10.8.1
  * [03f5030] Updated RUN_MONO variable for a 4.0 runtime

fd213f9... by Mirco Bauer on 2012-01-16

Import patches-unapplied version 2.10.5-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 6f5b2065841f7f59947f913b3456180f829ff8de

New changelog entries:
  [ Mirco Bauer ]
  * Upload to unstable
  [ Sebastien Pouliot ]
  * [80b0a2d] Add support for validating RSA-based X.509 certifcates using
              SHA256
  * [977f0e0] Avoid ANE when a key algorithm parameters is really null
              (not just ASN.1 null)
  * [83468f9] Avoid throwing when verifying an RSA certificate with dsaSHA1
  * [2050ee0] Add MD4, SHA384 and SHA512 signature verification to X.509
              certificates
  * [ab80293] Fix X.500 DN comparison
  * [d864bce] Avoid throwing an ANE on an invalid X.509 extension
  * [ab2997c] Add entries for MD4 in machine.config

6f5b206... by Mirco Bauer on 2011-08-25

Import patches-unapplied version 2.10.5-1 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: ef8ea271d9c5be7e7b9eec012109d9a7fb15250a

New changelog entries:
  * [854fa78] Imported Upstream version 2.10.5

ef8ea27... by Mirco Bauer on 2011-08-22

Import patches-unapplied version 2.10.4-3 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: b52fd36f56b6a77a647b3638d7960269ad324dd2

New changelog entries:
  [ Jo Shields ]
  * [985d2ae] Revert "[xbuild] Make Engine.DefaultToolsVersion 2.0 ."
    This reverts commit 4010c69c7d61223c73f111be2d79c4a440b70b45.

b52fd36... by Mirco Bauer on 2011-08-12

Import patches-unapplied version 2.10.4-2 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: 606643a322b456ad48bdc33e077d6846b4f0b0e8

New changelog entries:
  * [77d26a4] Fixed failing upgrade of libmono-webbrowser0.5-cil to
              libmono-webbrowser2.0-cil with conflicts/replaces