Branches for Oneiric

Author: Tyler Hicks
Revision Date: 2012-12-04 14:13:46 UTC

* Fix encrypted home/private race condition that could result in encrypted
  filenames not being decrypted, despite the directory being mounted
  correctly otherwise. (LP: #1052038)
  - debian/patches/fix-private-mount-race.patch: Fix race condition by only
    opening the signature file once, rather than opening, reading, and
    closing it for each key signature.

Author: Chris J Arges
Revision Date: 2012-12-05 15:22:30 UTC

* Backport changes to fix whois doesn't properly query .hr/.sx/.pe TLDs
  and incorrect format for whois.arin.net (LP: #943502)
  - Add the "+" flag by default to queries to whois.arin.net if the
    argument looks like an IP address. Also add the "a" and "n" flags.
    No thanks to ARIN for breaking every whois client.
  - Updated the .hr TLD server. (Closes: #646572)
  - Added the .sx TLD server.
  - Updated the .pe TLD server, this time for real. (Closes: #653105)

Author: Marc Deslauriers
Revision Date: 2013-01-29 13:40:53 UTC

* SECURITY UPDATE: arbitrary file disclosure via XML external entity
  - debian/patches/CVE-2012-5656.dpatch: disable loading external
    entities in src/preferences-skeleton.h,
    src/ui/dialog/ocaldialogs.cpp, src/xml/repr-io.cpp.
  - CVE-2012-5656
* SECURITY UPDATE: possible file loading from /tmp
  - debian/patches/CVE-2012-6076.dpatch: make sure filename is absolute
    in src/extension/implementation/script.cpp.
  - CVE-2012-6076

Author: Marc Deslauriers
Revision Date: 2013-01-29 13:40:53 UTC

* SECURITY UPDATE: arbitrary file disclosure via XML external entity
  - debian/patches/CVE-2012-5656.dpatch: disable loading external
    entities in src/preferences-skeleton.h,
    src/ui/dialog/ocaldialogs.cpp, src/xml/repr-io.cpp.
  - CVE-2012-5656
* SECURITY UPDATE: possible file loading from /tmp
  - debian/patches/CVE-2012-6076.dpatch: make sure filename is absolute
    in src/extension/implementation/script.cpp.
  - CVE-2012-6076

Author: Stefan Bader
Revision Date: 2013-01-30 13:37:48 UTC

* Applying Xen Security Advisories:
  - ACPI: acpi_table_parse() should return handler's error code
    CVE-2013-0153 / XSA-36
  - oxenstored incorrect handling of certain Xenbus ring states
    CVE-2013-0215 / XSA-38
* xen-introduce-xzalloc.patch
  Cherry-picked from upstream xen stable-4.1 as prerequisite for XSA-36
* xen-backport-per-device-vector-map.patch
  Cherry-picked from upstream xen stable-4.1 as prerequisite for XSA-36
  Also fixes issues on AMD systems which could cause Dom0 to loose disks
  under heavy I/O (because PCI-E devices could use the same IOAPIC vector
  as the SMBus).

Author: Stefan Bader
Revision Date: 2013-01-30 13:37:48 UTC

* Applying Xen Security Advisories:
  - ACPI: acpi_table_parse() should return handler's error code
    CVE-2013-0153 / XSA-36
  - oxenstored incorrect handling of certain Xenbus ring states
    CVE-2013-0215 / XSA-38
* xen-introduce-xzalloc.patch
  Cherry-picked from upstream xen stable-4.1 as prerequisite for XSA-36
* xen-backport-per-device-vector-map.patch
  Cherry-picked from upstream xen stable-4.1 as prerequisite for XSA-36
  Also fixes issues on AMD systems which could cause Dom0 to loose disks
  under heavy I/O (because PCI-E devices could use the same IOAPIC vector
  as the SMBus).

Author: Seth Arnold
Revision Date: 2013-01-30 10:45:17 UTC

* SECURITY UPDATE: denial of service via cachemgr.cgi insufficient input
  validation
  - debian/patches/98-CVE-2012-5643.dpatch: modify cachemgr.cc to properly
    free memory and handle input in chunks
  - Based on
    http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2012_1.patch
  - CVE-2012-5643
  - CVE-2013-0189

Author: Seth Arnold
Revision Date: 2013-01-30 10:45:17 UTC

* SECURITY UPDATE: denial of service via cachemgr.cgi insufficient input
  validation
  - debian/patches/98-CVE-2012-5643.dpatch: modify cachemgr.cc to properly
    free memory and handle input in chunks
  - Based on
    http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2012_1.patch
  - CVE-2012-5643
  - CVE-2013-0189

Author: Jamie Strandboge
Revision Date: 2013-01-28 14:17:50 UTC

* SECURITY UPDATE: information disclosure via swift error messages
  - debian/patches/CVE-2013-0212.patch: adjust glance/store/swift.py to
    mot show URLs and credentials in error messages and log output
  - CVE-2013-0212
* debian/control: Build-Depends-Indep on python-paste

Author: Jamie Strandboge
Revision Date: 2013-01-25 16:07:27 UTC

fake sync from Debian

Author: Jamie Strandboge
Revision Date: 2013-01-25 16:07:27 UTC

fake sync from Debian

Author: Marc Deslauriers
Revision Date: 2013-01-24 13:31:43 UTC

* SECURITY UPDATE: unspecified security issue in vp56.c (LP: #1104019)
  - debian/patches/CVE-2012-2783.patch: release frames on error in
    libavcodec/vp56.c.
  - CVE-2012-2783
* SECURITY UPDATE: unspecified security issue in Indeo (LP: #1104019)
  - debian/patches/CVE-2012-2791.patch: check that scan pattern is set
    before using it in libavcodec/ivi_common.c.
  - CVE-2012-2791
* SECURITY UPDATE: double free vulnerability in mpeg_decode_frame
  - debian/patches/CVE-2012-2803.patch: do not decode extradata more than
    once in libavcodec/mpeg12.c.
  - CVE-2012-2803
* SECURITY UPDATE: issue in AAC decoding
  - debian/patches/CVE-2012-5144.patch: fix off-by-one in
    libavcodec/aacdec.c.
  - CVE-2012-5144

Author: Jamie Strandboge
Revision Date: 2013-01-28 14:17:50 UTC

* SECURITY UPDATE: information disclosure via swift error messages
  - debian/patches/CVE-2013-0212.patch: adjust glance/store/swift.py to
    mot show URLs and credentials in error messages and log output
  - CVE-2013-0212
* debian/control: Build-Depends-Indep on python-paste

Author: Sebastian Dröge
Revision Date: 2010-03-22 14:29:59 UTC

* debian/control,
  debian/compat,
  debian/source/format,
  debian/rules:
  + Update to source format 3.0 (quilt).
  + Update Standards-Version to 3.8.4.
  + Update to debhelper compat level 7.
* debian/patches/01_symbol-exports.patch:
  + Only export symbols that are meant to be public. Patch
    from upstream SVN.
* debian/libgme0.symbols:
  + Add symbols file.

Author: Marc Deslauriers
Revision Date: 2013-01-25 13:51:57 UTC

* SECURITY UPDATE: denial of service via NULL dereference
  - debian/patches/CVE-2013-0176.patch: properly handle client that
    doesn't send a matching key in src/server.c.
  - CVE-2013-0176

Author: Marc Deslauriers
Revision Date: 2013-01-25 13:51:57 UTC

* SECURITY UPDATE: denial of service via NULL dereference
  - debian/patches/CVE-2013-0176.patch: properly handle client that
    doesn't send a matching key in src/server.c.
  - CVE-2013-0176

Author: Marc Deslauriers
Revision Date: 2013-01-25 08:44:47 UTC

Rebuild against libav security update

Author: Marc Deslauriers
Revision Date: 2013-01-25 08:44:47 UTC

Rebuild against libav security update

Author: Marc Deslauriers
Revision Date: 2013-01-24 13:31:43 UTC

* SECURITY UPDATE: unspecified security issue in vp56.c (LP: #1104019)
  - debian/patches/CVE-2012-2783.patch: release frames on error in
    libavcodec/vp56.c.
  - CVE-2012-2783
* SECURITY UPDATE: unspecified security issue in Indeo (LP: #1104019)
  - debian/patches/CVE-2012-2791.patch: check that scan pattern is set
    before using it in libavcodec/ivi_common.c.
  - CVE-2012-2791
* SECURITY UPDATE: double free vulnerability in mpeg_decode_frame
  - debian/patches/CVE-2012-2803.patch: do not decode extradata more than
    once in libavcodec/mpeg12.c.
  - CVE-2012-2803
* SECURITY UPDATE: issue in AAC decoding
  - debian/patches/CVE-2012-5144.patch: fix off-by-one in
    libavcodec/aacdec.c.
  - CVE-2012-5144

Author: Chris J Arges
Revision Date: 2012-12-05 15:22:30 UTC

* Backport changes to fix whois doesn't properly query .hr/.sx/.pe TLDs
  and incorrect format for whois.arin.net (LP: #943502)
  - Add the "+" flag by default to queries to whois.arin.net if the
    argument looks like an IP address. Also add the "a" and "n" flags.
    No thanks to ARIN for breaking every whois client.
  - Updated the .hr TLD server. (Closes: #646572)
  - Added the .sx TLD server.
  - Updated the .pe TLD server, this time for real. (Closes: #653105)

Author: Marc Deslauriers
Revision Date: 2013-01-18 11:27:36 UTC

* SECURITY UPDATE: clipboard leak to unauthenticated clients
  - debian/patches/CVE-2012-4429.patch: make sure client is authenticated
    in server/libvncserver/rfbserver.c.
  - CVE-2012-4429

Author: Marc Deslauriers
Revision Date: 2013-01-17 12:07:16 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  crafted headers
  - debian/patches/CVE-2011-3378.patch: properly validate values in
    lib/header.c.
  - CVE-2011-3378
* SECURITY UPDATE: denial of service and possible code execution via
  invalid region tag
  - debian/patches/CVE-2012-0060.patch: validate region tags in
    lib/header.c, lib/package.c, lib/signature.c.
  - CVE-2012-0060
* SECURITY UPDATE: denial of service and possible code execution via
  large region size
  - debian/patches/CVE-2012-0061.patch: check length in lib/header.c.
  - CVE-2012-0061
* SECURITY UPDATE: denial of service and possible code execution via
  negative value in region offset
  - debian/patches/CVE-2012-0815.patch: properly handle negative values
    in lib/header.c, lib/package.c, lib/signature.c.
  - CVE-2012-0815

Author: Marc Deslauriers
Revision Date: 2013-01-18 08:34:35 UTC

* SECURITY UPDATE: unsafe query generation risk (LP: #1100188)
  - debian/patches/CVE-2013-0155.patch: added patch from Debian 2.3.14-4.
  - CVE-2013-0155

Author: Julien Lavergne
Revision Date: 2012-12-12 13:57:36 UTC

Enable CPU autodetection on architectures that support it.
LP: #974125

Author: Marc Deslauriers
Revision Date: 2013-01-18 08:34:35 UTC

* SECURITY UPDATE: unsafe query generation risk (LP: #1100188)
  - debian/patches/CVE-2013-0155.patch: added patch from Debian 2.3.14-4.
  - CVE-2013-0155

Author: Marc Deslauriers
Revision Date: 2013-01-18 11:27:36 UTC

* SECURITY UPDATE: clipboard leak to unauthenticated clients
  - debian/patches/CVE-2012-4429.patch: make sure client is authenticated
    in server/libvncserver/rfbserver.c.
  - CVE-2012-4429

Author: Marc Deslauriers
Revision Date: 2013-01-17 12:07:16 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  crafted headers
  - debian/patches/CVE-2011-3378.patch: properly validate values in
    lib/header.c.
  - CVE-2011-3378
* SECURITY UPDATE: denial of service and possible code execution via
  invalid region tag
  - debian/patches/CVE-2012-0060.patch: validate region tags in
    lib/header.c, lib/package.c, lib/signature.c.
  - CVE-2012-0060
* SECURITY UPDATE: denial of service and possible code execution via
  large region size
  - debian/patches/CVE-2012-0061.patch: check length in lib/header.c.
  - CVE-2012-0061
* SECURITY UPDATE: denial of service and possible code execution via
  negative value in region offset
  - debian/patches/CVE-2012-0815.patch: properly handle negative values
    in lib/header.c, lib/package.c, lib/signature.c.
  - CVE-2012-0815

Author: Christian Kuersteiner
Revision Date: 2013-01-14 14:01:38 UTC

* SECURITY UPDATE: Multiple cross site scripting (XSS) vulnerabilities
  (LP: #1092412)
  - debian/patches/8-CVE-2011-1716.patch: show user input as html quoted
    output. Based on upstream changes.
  - CVE-2011-1716

Author: Christian Kuersteiner
Revision Date: 2013-01-14 14:01:38 UTC

* SECURITY UPDATE: Multiple cross site scripting (XSS) vulnerabilities
  (LP: #1092412)
  - debian/patches/8-CVE-2011-1716.patch: show user input as html quoted
    output. Based on upstream changes.
  - CVE-2011-1716

Author: Marc Deslauriers
Revision Date: 2013-01-11 13:47:14 UTC

* SECURITY UPDATE: denial of service and possible code execution via NULL
  pointer dereference
  - debian/patches-freetype/CVE-2012-5668.patch: reset props_size in case
    of allocation error in src/bdf/bdflib.c.
  - CVE-2012-5668
* SECURITY UPDATE: denial of service and possible code execution via heap
  buffer over-read in BDF parsing
  - debian/patches-freetype/CVE-2012-5669.patch: use correct array size
    in src/bdf/bdflib.c.
  - CVE-2012-5669

Author: Marc Deslauriers
Revision Date: 2013-01-11 13:47:14 UTC

* SECURITY UPDATE: denial of service and possible code execution via NULL
  pointer dereference
  - debian/patches-freetype/CVE-2012-5668.patch: reset props_size in case
    of allocation error in src/bdf/bdflib.c.
  - CVE-2012-5668
* SECURITY UPDATE: denial of service and possible code execution via heap
  buffer over-read in BDF parsing
  - debian/patches-freetype/CVE-2012-5669.patch: use correct array size
    in src/bdf/bdflib.c.
  - CVE-2012-5669

Author: Julien Lavergne
Revision Date: 2012-12-12 13:57:36 UTC

Enable CPU autodetection on architectures that support it.
LP: #974125

Author: Marc Deslauriers
Revision Date: 2013-01-10 10:00:07 UTC

* SECURITY UPDATE: security-constraint bypass with FORM auth
  - debian/patches/CVE-2012-3546.patch: remove unneeded code in
    java/org/apache/catalina/realm/RealmBase.java.
  - CVE-2012-3546
* SECURITY UPDATE: CSRF bypass via request with no session identifier
  - debian/patches/CVE-2012-4431.patch: check for session identifier in
    java/org/apache/catalina/filters/CsrfPreventionFilter.java.
  - CVE-2012-4431
* SECURITY UPDATE: denial of service with NIO connector
  - debian/patches/CVE-2012-4534.patch: properly handle connection breaks
    in java/org/apache/tomcat/util/net/NioEndpoint.java.
  - CVE-2012-4534

Author: Marc Deslauriers
Revision Date: 2013-01-10 10:00:07 UTC

* SECURITY UPDATE: security-constraint bypass with FORM auth
  - debian/patches/CVE-2012-3546.patch: remove unneeded code in
    java/org/apache/catalina/realm/RealmBase.java.
  - CVE-2012-3546
* SECURITY UPDATE: CSRF bypass via request with no session identifier
  - debian/patches/CVE-2012-4431.patch: check for session identifier in
    java/org/apache/catalina/filters/CsrfPreventionFilter.java.
  - CVE-2012-4431
* SECURITY UPDATE: denial of service with NIO connector
  - debian/patches/CVE-2012-4534.patch: properly handle connection breaks
    in java/org/apache/tomcat/util/net/NioEndpoint.java.
  - CVE-2012-4534

Author: Marc Deslauriers
Revision Date: 2013-01-08 15:37:01 UTC

* SECURITY UPDATE: keyring corruption via malformed key import
  - debian/patches/CVE-2012-6085.patch: validate PKTTYPE in g10/import.c.
  - CVE-2012-6085

Author: Marc Deslauriers
Revision Date: 2013-01-08 15:37:01 UTC

* SECURITY UPDATE: keyring corruption via malformed key import
  - debian/patches/CVE-2012-6085.patch: validate PKTTYPE in g10/import.c.
  - CVE-2012-6085

Author: Marc Deslauriers
Revision Date: 2013-01-08 10:54:13 UTC

* SECURITY UPDATE: keyring corruption via malformed key import
  - debian/patches/CVE-2012-6085.dpatch: validate PKTTYPE in g10/import.c.
  - CVE-2012-6085

Author: Marc Deslauriers
Revision Date: 2013-01-08 10:54:13 UTC

* SECURITY UPDATE: keyring corruption via malformed key import
  - debian/patches/CVE-2012-6085.dpatch: validate PKTTYPE in g10/import.c.
  - CVE-2012-6085

Author: Jamie Strandboge
Revision Date: 2012-12-29 18:18:00 UTC

* SECURITY UPDATE: arbitrary code execution via anywikidraw/twikidraw
  - debian/patches/CVE-2012-XXXX.patch: adjust action/anywikidraw.py and
    action/twikidraw.py to use wikiutil.taintfilename()
  - CVE-2012-XXXX
* SECURITY UPDATE: path traversal via AttachFile
  - debian/patches/CVE-2012-YYYY.patch: adjust action/AttachFile.py to use
    wikiutil.taintfilename()
  - CVE-2012-YYYY

Author: Jamie Strandboge
Revision Date: 2012-12-29 18:18:00 UTC

* SECURITY UPDATE: arbitrary code execution via anywikidraw/twikidraw
  - debian/patches/CVE-2012-XXXX.patch: adjust action/anywikidraw.py and
    action/twikidraw.py to use wikiutil.taintfilename()
  - CVE-2012-XXXX
* SECURITY UPDATE: path traversal via AttachFile
  - debian/patches/CVE-2012-YYYY.patch: adjust action/AttachFile.py to use
    wikiutil.taintfilename()
  - CVE-2012-YYYY

Author: Jamie Strandboge
Revision Date: 2012-12-18 11:53:38 UTC

* debian/patches/0001-add-chromium-browser.patch:
  - add various accesses for newer chromium versions (LP: #1091862)
  - add a child profile for xdgsettings (LP: #1045986)
* debian/put-all-profiles-in-complain-mode.sh: deal with existing flags

Author: Christian Kuersteiner
Revision Date: 2012-12-15 22:43:09 UTC

* SECURITY-UPDATE: information disclosure on unclean disconnect
  (LP: #1088355)
  - attach.c(attach_main): Clean check of read operation. Based on upstream
    patch
    (http://sourceforge.net/tracker/download.php?group_id=36489&atid=417357&file_id=441195&aid=3517812)
  - CVE-2012-3368

Author: Christian Kuersteiner
Revision Date: 2012-12-15 22:43:09 UTC

* SECURITY-UPDATE: information disclosure on unclean disconnect
  (LP: #1088355)
  - attach.c(attach_main): Clean check of read operation. Based on upstream
    patch
    (http://sourceforge.net/tracker/download.php?group_id=36489&atid=417357&file_id=441195&aid=3517812)
  - CVE-2012-3368

Author: Jamie Strandboge
Revision Date: 2012-12-18 11:53:38 UTC

* debian/patches/0001-add-chromium-browser.patch:
  - add various accesses for newer chromium versions (LP: #1091862)
  - add a child profile for xdgsettings (LP: #1045986)
* debian/put-all-profiles-in-complain-mode.sh: deal with existing flags

Author: Marc Deslauriers
Revision Date: 2012-12-17 09:38:09 UTC

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via heap corruption
  - debian/patches/CVE-2012-5468.patch: properly check outbytesleft, add
    tests in src/iconvert.c, src/tests/t.crash-invalid-base64,
    src/test/Makefile.*.
  - CVE-2012-5468

Author: Marc Deslauriers
Revision Date: 2012-12-17 09:38:09 UTC

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via heap corruption
  - debian/patches/CVE-2012-5468.patch: properly check outbytesleft, add
    tests in src/iconvert.c, src/tests/t.crash-invalid-base64,
    src/test/Makefile.*.
  - CVE-2012-5468

Author: Michael Vogt
Revision Date: 2012-10-12 16:20:20 UTC

* SECURITY UPDATE: check downloaded keyid (LP: #1052789)
  - CVE-2012-0962

Author: Jonathan Riddell
Revision Date: 2012-11-28 11:50:13 UTC

* Replace OwnCloud with placeholder page to remove the package.
  Requested by upstream and 4.0 can not be backported
 - LP: #1079150

Author: Jeremy Bícha
Revision Date: 2012-11-26 22:39:36 UTC

* SECURITY UPDATE: CUPS function calls were wrapped insecurely, which
  could be used to upload sensitive data to a CUPS resource, or overwrite
  specific files with the content of a CUPS resource. The user would have
  to explicitly approve the action. (LP: #1083416)
  - CVE-2012-4510
  - debian/patches/cups-pk-helper-CVE-2012-4510.patch: Copied from Fedora 16

Author: Martin Pitt
Revision Date: 2012-12-10 15:04:42 UTC

* New upstream bug fix release: (LP: #1088393)
  - Fix multiple bugs associated with "CREATE INDEX CONCURRENTLY".
    Fix "CREATE INDEX CONCURRENTLY" to use in-place updates when
    changing the state of an index's pg_index row. This prevents race
    conditions that could cause concurrent sessions to miss updating
    the target index, thus resulting in corrupt concurrently-created
    indexes.
    Also, fix various other operations to ensure that they ignore
    invalid indexes resulting from a failed "CREATE INDEX CONCURRENTLY"
    command. The most important of these is "VACUUM", because an
    auto-vacuum could easily be launched on the table before corrective
    action can be taken to fix or remove the invalid index.
  - Fix buffer locking during WAL replay.
    The WAL replay code was insufficiently careful about locking
    buffers when replaying WAL records that affect more than one page.
    This could result in hot standby queries transiently seeing
    inconsistent states, resulting in wrong answers or unexpected
    failures.
  - See HISTORY/changelog.gz for the other bug fixes.

Author: Christian Kuersteiner
Revision Date: 2012-12-06 12:46:08 UTC

* SECURITY UPDATE: denial of service when too long db name is provided
  (LP: #1083414)
  - debian/patches/3-CVE-2012-4575.patch: objects.c(add_database): fail
    gracefully if too long db name. Based on upstream patch.
  - CVE-2012-4575

Author: Christian Kuersteiner
Revision Date: 2012-12-06 12:46:08 UTC

* SECURITY UPDATE: denial of service when too long db name is provided
  (LP: #1083414)
  - debian/patches/3-CVE-2012-4575.patch: objects.c(add_database): fail
    gracefully if too long db name. Based on upstream patch.
  - CVE-2012-4575

Author: Marc Deslauriers
Revision Date: 2012-12-06 13:33:56 UTC

* SECURITY UPDATE: code execution via malformed xwd files
  - debian/patches/CVE-2012-5576.patch: validate sizes in
    plug-ins/common/file-xwd.c.
  - CVE-2012-5576

Author: Marc Deslauriers
Revision Date: 2012-12-06 13:33:56 UTC

* SECURITY UPDATE: code execution via malformed xwd files
  - debian/patches/CVE-2012-5576.patch: validate sizes in
    plug-ins/common/file-xwd.c.
  - CVE-2012-5576

Author: Marc Deslauriers
Revision Date: 2012-12-03 09:14:13 UTC

* SECURITY UPDATE: privilege escalation via config file editing
  - debian/patches/CVE-2012-5519.patch: split configuration file into
    two, to isolate options that have a security impact.
  - debian/cups.install: also install cups-files.conf
  - debian/patches/removecvstag.patch: updated to remove tag from
    cups-files.conf.
  - CVE-2012-5519
* NOTE: this package does _not_ include the changes from 1.5.0-8ubuntu7
  in oneiric-proposed.

Author: Tyler Hicks
Revision Date: 2012-12-04 14:13:46 UTC

* Fix encrypted home/private race condition that could result in encrypted
  filenames not being decrypted, despite the directory being mounted
  correctly otherwise. (LP: #1052038)
  - debian/patches/fix-private-mount-race.patch: Fix race condition by only
    opening the signature file once, rather than opening, reading, and
    closing it for each key signature.

Author: Seth Arnold
Revision Date: 2012-12-03 12:42:59 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  PAGENUMBER, HALFTONEHINTS, YCBCRSUBSAMPLING, and DOTRANGE tags.
  - debian/patches/CVE-2012-5581.patch: remove special cases of tags,
    improve DOTRANGE tag case
  - CVE-2012-5581

Author: Seth Arnold
Revision Date: 2012-12-03 12:42:59 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  PAGENUMBER, HALFTONEHINTS, YCBCRSUBSAMPLING, and DOTRANGE tags.
  - debian/patches/CVE-2012-5581.patch: remove special cases of tags,
    improve DOTRANGE tag case
  - CVE-2012-5581

Author: Stefano Rivera
Revision Date: 2012-04-29 16:51:52 UTC

Include shaders in the package. Avoids a segfault on startup, on machines
with OpenGL 2. (LP: #991117)

Author: Colin Watson
Revision Date: 2012-11-22 23:46:41 UTC

Mark package as "Multi-Arch: foreign" (LP: #1082170).

Author: Marc Deslauriers
Revision Date: 2012-12-03 09:14:13 UTC

* SECURITY UPDATE: privilege escalation via config file editing
  - debian/patches/CVE-2012-5519.patch: split configuration file into
    two, to isolate options that have a security impact.
  - debian/cups.install: also install cups-files.conf
  - debian/patches/removecvstag.patch: updated to remove tag from
    cups-files.conf.
  - CVE-2012-5519
* NOTE: this package does _not_ include the changes from 1.5.0-8ubuntu7
  in oneiric-proposed.

Author: Jeremy Bícha
Revision Date: 2012-11-26 22:39:36 UTC

* SECURITY UPDATE: CUPS function calls were wrapped insecurely, which
  could be used to upload sensitive data to a CUPS resource, or overwrite
  specific files with the content of a CUPS resource. The user would have
  to explicitly approve the action. (LP: #1083416)
  - CVE-2012-4510
  - debian/patches/cups-pk-helper-CVE-2012-4510.patch: Copied from Fedora 16

Author: Jamie Strandboge
Revision Date: 2012-11-19 08:41:55 UTC

* SECURITY UPDATE: properly perform certificate verification
  - debian/patches/CVE-2012-5821.dpatch: setup verification flags before
    verifying the certificate and prompt on self-signed certificates
  - CVE-2012-5821

Author: Jamie Strandboge
Revision Date: 2012-11-19 08:41:55 UTC

* SECURITY UPDATE: properly perform certificate verification
  - debian/patches/CVE-2012-5821.dpatch: setup verification flags before
    verifying the certificate and prompt on self-signed certificates
  - CVE-2012-5821

Author: Marc Deslauriers
Revision Date: 2012-11-09 15:08:36 UTC

* SECURITY UPDATE: Multiple security fixes (LP: #1004834):
  - Email header injection attack (CVE-2012-4730)
  - CSRF protection allows attack on bookmarks (CVE-2012-4732)
  - Confused deputy attack for non-logged-in users (CVE-2012-4734)
  - Multiple message signing/encryption attacks related to GnuPG
    (CVE-2012-4735)
  - Arbitrary command-line argument injection to GnuPG (CVE-2012-4884)
  - XSS vulnerabilities (CVE-2011-2083)
  - information disclosure vulnerabilities including password hash
    exposure and correspondence disclosure to privileged users
    (CVE-2011-2084)
  - CSRF vulnerabilities allowing information disclosure,
    privilege escalation, and arbitrary code execution. Original
    behaviour may be restored by setting $RestrictReferrer to 0 for
    installations which rely on it (CVE-2011-2085)
  - remote code execution vulnerabilities including in VERP
    functionality (CVE-2011-4458)
* Fix the vulnerable-passwords script to also upgrade password hashes
  for disabled users, and rerun the script in postinst (CVE-2011-2082)
* Include clean-user-txns script to accompany the above fixes, and
  run in postinst
* Provide specific instructions for restarting a mod_perl based
  Apache server
* debian/patches/60_misc_sec_regressions.dpatch: fix regression in
  rt-email-dashboards, and whitelist search results and calendar helper
  from CSRF protection

Author: Marc Deslauriers
Revision Date: 2012-11-09 15:08:36 UTC

* SECURITY UPDATE: Multiple security fixes (LP: #1004834):
  - Email header injection attack (CVE-2012-4730)
  - CSRF protection allows attack on bookmarks (CVE-2012-4732)
  - Confused deputy attack for non-logged-in users (CVE-2012-4734)
  - Multiple message signing/encryption attacks related to GnuPG
    (CVE-2012-4735)
  - Arbitrary command-line argument injection to GnuPG (CVE-2012-4884)
  - XSS vulnerabilities (CVE-2011-2083)
  - information disclosure vulnerabilities including password hash
    exposure and correspondence disclosure to privileged users
    (CVE-2011-2084)
  - CSRF vulnerabilities allowing information disclosure,
    privilege escalation, and arbitrary code execution. Original
    behaviour may be restored by setting $RestrictReferrer to 0 for
    installations which rely on it (CVE-2011-2085)
  - remote code execution vulnerabilities including in VERP
    functionality (CVE-2011-4458)
* Fix the vulnerable-passwords script to also upgrade password hashes
  for disabled users, and rerun the script in postinst (CVE-2011-2082)
* Include clean-user-txns script to accompany the above fixes, and
  run in postinst
* Provide specific instructions for restarting a mod_perl based
  Apache server
* debian/patches/60_misc_sec_regressions.dpatch: fix regression in
  rt-email-dashboards, and whitelist search results and calendar helper
  from CSRF protection

Author: Gunnar Hjalmarsson
Revision Date: 2012-10-30 19:06:00 UTC

* 80im-switch:
  - Delay the start of an input method framework with 10 seconds
    to increase the chances that its icon (e.g. an iBus icon) is
    shown in Unity's menu bar (LP: #875435).
    Thanks to Aron Xu for reviewing and improving the patch!

Author: Louis Bouchard
Revision Date: 2012-10-02 13:50:50 UTC

[ Ben Howard ]
Parameterization of recordfail setting. This allows users to define the
default time out of GRUB when recordfail has been set. The current
setting causes hangs on headless and appliances where access to the
console is limited or prohibited. (LP: #669481)

Author: Chris J Arges
Revision Date: 2012-07-16 08:39:03 UTC

increase buffer used for pam_authz_search (LP: #951343)

Author: Louis Bouchard
Revision Date: 2012-10-02 13:50:50 UTC

[ Ben Howard ]
Parameterization of recordfail setting. This allows users to define the
default time out of GRUB when recordfail has been set. The current
setting causes hangs on headless and appliances where access to the
console is limited or prohibited. (LP: #669481)

Author: Colin Watson
Revision Date: 2012-11-22 23:46:41 UTC

Mark package as "Multi-Arch: foreign" (LP: #1082170).

Author: Chris Coulson
Revision Date: 2012-11-12 13:34:07 UTC

* New upstream release v2.6.
  - see LP: #1080211 for USN information
  - Make the startpage work again in Firefox 17
  - Fix a crash that occurs when the apt cache is broken
  - Fix a whole bunch of memory leaks in the plugin installer
  - Don't poll for file changes, but use inotify instead to determine
    when we need to display a restart notification

Author: Chris Coulson
Revision Date: 2012-11-12 16:36:01 UTC

* New upstream release v1.4.6
  - see LP: #1080212 for USN information
* Drop unneeded patches
  - remove debian/patches/correct-version-number.diff
  - remove debian/patches/dont_register_cids_multiple_times.diff
  - update debian/patches/series
* Support building in an objdir
  - update debian/rules

Author: Chris Coulson
Revision Date: 2012-11-08 10:00:06 UTC

* New upstream stable release to support Thunderbird 17 (CALENDAR_1_9_BUILD1)
  - see LP: #1080212 for USN information

Author: Marc Deslauriers
Revision Date: 2012-11-21 09:45:18 UTC

fake sync from Debian

Author: Marc Deslauriers
Revision Date: 2012-11-21 09:43:00 UTC

fake sync from Debian

Author: Marc Deslauriers
Revision Date: 2012-11-21 09:45:18 UTC

fake sync from Debian

Author: Marc Deslauriers
Revision Date: 2012-11-21 09:43:00 UTC

fake sync from Debian

Author: Marc Deslauriers
Revision Date: 2012-11-19 12:54:34 UTC

* SECURITY UPDATE: CryptedFileKeyring format is insecure (LP: #1004845)
  - Rebuild python-keyring 0.9.2 from Ubuntu 12.10 as a security update
    for Ubuntu 11.10.
  - debian/patches/crypto_compat.patch: include PBKDF2() directly to be
    compatible with the older version of python-crypto in Ubuntu 11.10.
  - debian/control, debian/rules, debian/*install: get rid of
    python3-keyring binary package as it didn't ship in Ubuntu 11.10.
  - CVE-2012-4571
* SECURITY UPDATE: insecure default file permissions (LP: #1031465)
  - debian/patches/file_permissions.patch: set appropriate permissions on
    database directory.
  - CVE number pending
* debian/patches/fix_migration.patch: fix migration code so old
  databases get upgraded when a key is read. (LP: #1042754)
* debian/patches/fix_unlock.patch: fix unlocking an existing keyring.

Author: Marc Deslauriers
Revision Date: 2012-11-19 12:54:34 UTC

* SECURITY UPDATE: CryptedFileKeyring format is insecure (LP: #1004845)
  - Rebuild python-keyring 0.9.2 from Ubuntu 12.10 as a security update
    for Ubuntu 11.10.
  - debian/patches/crypto_compat.patch: include PBKDF2() directly to be
    compatible with the older version of python-crypto in Ubuntu 11.10.
  - debian/control, debian/rules, debian/*install: get rid of
    python3-keyring binary package as it didn't ship in Ubuntu 11.10.
  - CVE-2012-4571
* SECURITY UPDATE: insecure default file permissions (LP: #1031465)
  - debian/patches/file_permissions.patch: set appropriate permissions on
    database directory.
  - CVE number pending
* debian/patches/fix_migration.patch: fix migration code so old
  databases get upgraded when a key is read. (LP: #1042754)
* debian/patches/fix_unlock.patch: fix unlocking an existing keyring.

Author: Devid Antonio Filoni
Revision Date: 2011-10-31 21:48:43 UTC

Add 02-Use-DBus-for-the-UnityLauncher.diff patch from sbte to fix
Unity Launcher support (LP: #881674).

Author: Matt Fischer
Revision Date: 2012-03-03 21:36:04 UTC

fix FTBFS by adding a build dependency on language-pack-en and setting the
LC_ALL to en_US.UTF-8 in debian/rules (LP: #831392)

Author: Gunnar Hjalmarsson
Revision Date: 2012-10-30 19:06:00 UTC

* 80im-switch:
  - Delay the start of an input method framework with 10 seconds
    to increase the chances that its icon (e.g. an iBus icon) is
    shown in Unity's menu bar (LP: #875435).
    Thanks to Aron Xu for reviewing and improving the patch!

Author: Benjamin Drung
Revision Date: 2012-09-01 01:59:17 UTC

Install missing tinfo.pc file into libtinfo-dev (LP: #900635).

Author: Evan Broder
Revision Date: 2012-03-06 10:31:01 UTC

* Backport to Oneiric as an SRU to fix segfault. (LP: #884619)
* No other source changes required.

Author: Dimitri John Ledkov
Revision Date: 2012-11-14 22:04:43 UTC

Parameterization of recordfail setting. This allows users to define the
default time out of GRUB when recordfail has been set. The current
setting causes hangs on headless and appliances where access to the
console is limited or prohibited. (LP: #669481)

Author: Paul Belanger
Revision Date: 2012-03-11 00:40:50 UTC

* debian/patches/backport-r312866.diff
- Responding to OPTIONS packet with 404 because Asterisk not looking for
   "s" extension (LP: #920020)

Author: Marc Deslauriers
Revision Date: 2012-11-09 15:08:36 UTC

* SECURITY UPDATE: Multiple security fixes (LP: #1004834):
  - Email header injection attack (CVE-2012-4730)
  - CSRF protection allows attack on bookmarks (CVE-2012-4732)
  - Confused deputy attack for non-logged-in users (CVE-2012-4734)
  - Multiple message signing/encryption attacks related to GnuPG
    (CVE-2012-4735)
  - Arbitrary command-line argument injection to GnuPG (CVE-2012-4884)
  - XSS vulnerabilities (CVE-2011-2083)
  - information disclosure vulnerabilities including password hash
    exposure and correspondence disclosure to privileged users
    (CVE-2011-2084)
  - CSRF vulnerabilities allowing information disclosure,
    privilege escalation, and arbitrary code execution. Original
    behaviour may be restored by setting $RestrictReferrer to 0 for
    installations which rely on it (CVE-2011-2085)
  - remote code execution vulnerabilities including in VERP
    functionality (CVE-2011-4458)
* Fix the vulnerable-passwords script to also upgrade password hashes
  for disabled users, and rerun the script in postinst (CVE-2011-2082)
* Include clean-user-txns script to accompany the above fixes, and
  run in postinst
* Provide specific instructions for restarting a mod_perl based
  Apache server
* debian/patches/60_misc_sec_regressions.dpatch: fix regression in
  rt-email-dashboards, and whitelist search results and calendar helper
  from CSRF protection

Author: Chris Coulson
Revision Date: 2012-11-12 16:36:01 UTC

* New upstream release v1.4.6
  - see LP: #1080212 for USN information
* Drop unneeded patches
  - remove debian/patches/correct-version-number.diff
  - remove debian/patches/dont_register_cids_multiple_times.diff
  - update debian/patches/series
* Support building in an objdir
  - update debian/rules

Author: Marc Deslauriers
Revision Date: 2012-11-06 09:37:33 UTC

* SECURITY UPDATE: possible remote code execution via buffer overflow
  - debian/patches/02_CVE-2012-4505.patch: validate maximum pac size in
    src/lib/pac.c.
  - CVE-2012-4505

Author: Marc Deslauriers
Revision Date: 2012-11-06 09:37:33 UTC

* SECURITY UPDATE: possible remote code execution via buffer overflow
  - debian/patches/02_CVE-2012-4505.patch: validate maximum pac size in
    src/lib/pac.c.
  - CVE-2012-4505

Author: Chris Coulson
Revision Date: 2012-11-12 13:34:07 UTC

* New upstream release v2.6.
  - see LP: #1080211 for USN information
  - Make the startpage work again in Firefox 17
  - Fix a crash that occurs when the apt cache is broken
  - Fix a whole bunch of memory leaks in the plugin installer
  - Don't poll for file changes, but use inotify instead to determine
    when we need to display a restart notification

Author: Felix Geyer
Revision Date: 2012-10-26 14:15:42 UTC

* SECURITY UPDATE: Missing privilege check for task gate switches
  (LP: #1044634)
  - debian/patches/cve-2012-3221.patch: patch from upstream
  - CVE-2012-3221

Author: Felix Geyer
Revision Date: 2012-10-26 14:15:42 UTC

* SECURITY UPDATE: Missing privilege check for task gate switches
  (LP: #1044634)
  - debian/patches/cve-2012-3221.patch: patch from upstream
  - CVE-2012-3221

Author: Chris Coulson
Revision Date: 2012-11-08 10:00:06 UTC

* New upstream stable release to support Thunderbird 17 (CALENDAR_1_9_BUILD1)
  - see LP: #1080212 for USN information

Author: Jamie Strandboge
Revision Date: 2012-08-23 08:15:54 UTC

* SECURITY UPDATE: Fixed possibility of Unsolicited Dialback Attacks
  - debian/patches/CVE-2012-3525.dpatch: check Verify Response and
    Authorization Response in s2s sessions
  - CVE-2012-3525

Author: Jamie Strandboge
Revision Date: 2012-08-23 08:15:54 UTC

* SECURITY UPDATE: Fixed possibility of Unsolicited Dialback Attacks
  - debian/patches/CVE-2012-3525.dpatch: check Verify Response and
    Authorization Response in s2s sessions
  - CVE-2012-3525

Author: Marc Deslauriers
Revision Date: 2012-10-17 08:26:39 UTC

* SECURITY UPDATE: symlink vulnerability in qmailscan plugin
  - debian/patches/CVE-2012-2103.patch: remove the use of tempfiles in
    plugins/node.d/qmailscan.in.
  - CVE-2012-2103
* SECURITY UPDATE: privilege escalation via root running plugins
  - debian/patches/CVE-2012-3512.patch: run each plugin in their own
    state directory in Makefile, Makefile.config,
    node/lib/Munin/Node/{OS,Service}.pm, plugins/lib/Munin/Plugin.pm,
    plugins/node.d/*.in,plugins/node.d.linux/*.in.
  - debian/patches/CVE-2012-3512-regression.patch: Don't rely on
    MUNIN_PLUGSTATE being in the environment as these scripts also get
    run by a cron job in plugins/node.d.linux/apt_all.in,
    plugins/node.d.linux/apt.in.
  - CVE-2012-3512
* debian/Makefile.config: added new plugin state directory location.
* debian/munin-node.{postinst,postrm}: Remove old plugin state directory
  override, also remove new plugin state directory.

Author: Marc Deslauriers
Revision Date: 2012-10-17 08:26:39 UTC

* SECURITY UPDATE: symlink vulnerability in qmailscan plugin
  - debian/patches/CVE-2012-2103.patch: remove the use of tempfiles in
    plugins/node.d/qmailscan.in.
  - CVE-2012-2103
* SECURITY UPDATE: privilege escalation via root running plugins
  - debian/patches/CVE-2012-3512.patch: run each plugin in their own
    state directory in Makefile, Makefile.config,
    node/lib/Munin/Node/{OS,Service}.pm, plugins/lib/Munin/Plugin.pm,
    plugins/node.d/*.in,plugins/node.d.linux/*.in.
  - debian/patches/CVE-2012-3512-regression.patch: Don't rely on
    MUNIN_PLUGSTATE being in the environment as these scripts also get
    run by a cron job in plugins/node.d.linux/apt_all.in,
    plugins/node.d.linux/apt.in.
  - CVE-2012-3512
* debian/Makefile.config: added new plugin state directory location.
* debian/munin-node.{postinst,postrm}: Remove old plugin state directory
  override, also remove new plugin state directory.

Author: Bryce Harrington
Revision Date: 2012-06-27 10:47:58 UTC

* apport/source_xorg.py:
  - Drop question to allow flagging regressions
    following updates, since bug reporters have been using it incorrectly,
    resulting in too many false positives.
    (LP: #1018510)
  - Clarify question about "willing to do whatever it takes" to specify
    that the debugging work may require gdb or git bisection work.
  - Link to all technical support options, not just to Ask Ubuntu.
    (LP: #991602)