Branches for Utopic

Author: Jorge Niedbalski
Revision Date: 2015-06-15 13:33:30 UTC

debian/lightdm-session: Enable the C preprocessor
when loading X resources. (LP: #1244578).

Author: dann frazier
Revision Date: 2015-05-19 11:26:46 UTC

overlayroot: use required 'workdir' option on overlayfs mount for
kernels >= 3.18 (LP: #1411294)

Author: dann frazier
Revision Date: 2015-05-19 11:26:46 UTC

overlayroot: use required 'workdir' option on overlayfs mount for
kernels >= 3.18 (LP: #1411294)

Author: Corey Bryant
Revision Date: 2015-06-15 19:17:32 UTC

d/p/refresh-expired-admin-token.patch: Fix bug to enable refresh of
expired admin token. Thanks to Sergio Martins for recommending
this fix. (LP: #1460833).

Author: Marc Deslauriers
Revision Date: 2015-06-15 10:33:55 UTC

* SECURITY UPDATE: denial of service via WPS UPnP
  - debian/patches/CVE-2015-4141.patch: check chunk size in
    src/wps/httpread.c.
  - CVE-2015-4141
* SECURITY UPDATE: denial of service via AP mode WMM Action frame
  - debian/patches/CVE-2015-4142.patch: check length in src/ap/wmm.c.
  - CVE-2015-4142
* SECURITY UPDATE: denial of service via EAP-pwd
  - debian/patches/CVE-2015-4143-4146.patch: check lengths in
    src/eap_peer/eap_pwd.c, src/eap_server/eap_server_pwd.c.
  - CVE-2015-4143
  - CVE-2015-4144
  - CVE-2015-4145
  - CVE-2015-4146

Author: Marc Deslauriers
Revision Date: 2015-06-15 10:33:55 UTC

* SECURITY UPDATE: denial of service via WPS UPnP
  - debian/patches/CVE-2015-4141.patch: check chunk size in
    src/wps/httpread.c.
  - CVE-2015-4141
* SECURITY UPDATE: denial of service via AP mode WMM Action frame
  - debian/patches/CVE-2015-4142.patch: check length in src/ap/wmm.c.
  - CVE-2015-4142
* SECURITY UPDATE: denial of service via EAP-pwd
  - debian/patches/CVE-2015-4143-4146.patch: check lengths in
    src/eap_peer/eap_pwd.c, src/eap_server/eap_server_pwd.c.
  - CVE-2015-4143
  - CVE-2015-4144
  - CVE-2015-4145
  - CVE-2015-4146

Author: Otto Kekäläinen
Revision Date: 2015-06-13 21:09:48 UTC

* SECURITY UPDATE: Update to 5.5.44 to fix security issues (LP: #1464895):
  - CVE-2015-3152
* Upstream also includes lots of line ending changes (from CRLF -> LF)
* Removed hotfix patch now included in upstream release (MDEV-8115)

Author: Martin Pitt
Revision Date: 2015-06-12 15:47:35 UTC

* New upstream bug fix release (LP: #1464669)
  - Fix possible failure to recover from an inconsistent database state
  - Fix rare failure to invalidate relation cache init file
  - See http://www.postgresql.org/about/news/1592/ for details.

Author: Marc Deslauriers
Revision Date: 2015-06-11 07:12:10 UTC

* SECURITY IMPROVEMENT: reject dh keys smaller than 768 bits
  - debian/patches/reject_small_dh.patch: reject small dh keys in
    ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, update documentation in
    doc/ssl/SSL_CTX_set_tmp_dh_callback.pod, make s_server use 2048-bit
    dh in apps/s_server.c, clarify docs in doc/apps/dhparam.pod.
* SECURITY UPDATE: denial of service and possible code execution via
  invalid free in DTLS
  - debian/patches/CVE-2014-8176.patch: fix invalid free in ssl/d1_lib.c.
  - CVE-2014-8176
* SECURITY UPDATE: denial of service via malformed ECParameters
  - debian/patches/CVE-2015-1788.patch: improve logic in
    crypto/bn/bn_gf2m.c.
  - CVE-2015-1788
* SECURITY UPDATE: denial of service via out-of-bounds read in
  X509_cmp_time
  - debian/patches/CVE-2015-1789.patch: properly parse time format in
    crypto/x509/x509_vfy.c.
  - CVE-2015-1789
* SECURITY UPDATE: denial of service via missing EnvelopedContent
  - debian/patches/CVE-2015-1790.patch: handle NULL data_body in
    crypto/pkcs7/pk7_doit.c.
  - CVE-2015-1790
* SECURITY UPDATE: race condition in NewSessionTicket
  - debian/patches/CVE-2015-1791.patch: create a new session in
    ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, ssl/ssl_locl.h,
    ssl/ssl_sess.c.
  - debian/patches/CVE-2015-1791-2.patch: fix kerberos issue in
    ssl/ssl_sess.c.
  - debian/patches/CVE-2015-1791-3.patch: more ssl_session_dup fixes in
    ssl/ssl_sess.c.
  - CVE-2015-1791
* SECURITY UPDATE: CMS verify infinite loop with unknown hash function
  - debian/patches/CVE-2015-1792.patch: fix infinite loop in
    crypto/cms/cms_smime.c.
  - CVE-2015-1792

Author: Marc Deslauriers
Revision Date: 2015-06-11 07:12:10 UTC

* SECURITY IMPROVEMENT: reject dh keys smaller than 768 bits
  - debian/patches/reject_small_dh.patch: reject small dh keys in
    ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, update documentation in
    doc/ssl/SSL_CTX_set_tmp_dh_callback.pod, make s_server use 2048-bit
    dh in apps/s_server.c, clarify docs in doc/apps/dhparam.pod.
* SECURITY UPDATE: denial of service and possible code execution via
  invalid free in DTLS
  - debian/patches/CVE-2014-8176.patch: fix invalid free in ssl/d1_lib.c.
  - CVE-2014-8176
* SECURITY UPDATE: denial of service via malformed ECParameters
  - debian/patches/CVE-2015-1788.patch: improve logic in
    crypto/bn/bn_gf2m.c.
  - CVE-2015-1788
* SECURITY UPDATE: denial of service via out-of-bounds read in
  X509_cmp_time
  - debian/patches/CVE-2015-1789.patch: properly parse time format in
    crypto/x509/x509_vfy.c.
  - CVE-2015-1789
* SECURITY UPDATE: denial of service via missing EnvelopedContent
  - debian/patches/CVE-2015-1790.patch: handle NULL data_body in
    crypto/pkcs7/pk7_doit.c.
  - CVE-2015-1790
* SECURITY UPDATE: race condition in NewSessionTicket
  - debian/patches/CVE-2015-1791.patch: create a new session in
    ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, ssl/ssl_locl.h,
    ssl/ssl_sess.c.
  - debian/patches/CVE-2015-1791-2.patch: fix kerberos issue in
    ssl/ssl_sess.c.
  - debian/patches/CVE-2015-1791-3.patch: more ssl_session_dup fixes in
    ssl/ssl_sess.c.
  - CVE-2015-1791
* SECURITY UPDATE: CMS verify infinite loop with unknown hash function
  - debian/patches/CVE-2015-1792.patch: fix infinite loop in
    crypto/cms/cms_smime.c.
  - CVE-2015-1792

Author: Jorge Niedbalski
Revision Date: 2015-06-10 10:29:50 UTC

d/*.logrotate,neutron-common.logrotate: Backport from vivid,
Move to single logrotate configuration. (LP: #1463844).

Author: Steve Langasek
Revision Date: 2015-06-07 19:27:35 UTC

Update to the signed 0.8-0ubuntu2 binary from Microsoft.

Author: maozhou
Revision Date: 2015-06-05 08:28:16 UTC

test test-patch by mz

Author: Darryl L. Miles
Revision Date: 2015-06-02 17:17:06 UTC

maint/bzr_push.sh Auto copy, commit and push for: patches/series (snapshot)

Author: Felipe Reyes
Revision Date: 2015-05-19 12:59:29 UTC

* SECURITY UPDATE: fix rwm overlay reference counting. (LP: #1446809)
  - debian/patches/CVE-2013-4449.patch: fix reference counting
  - CVE-2013-4449
* SECURITY UPDATE: fix NULL pointer dereference in deref_parseCtrl()
  - debian/patches/CVE-2015-1545.patch: require non-empty AttributeList
  - CVE-2015-1545

Author: Felipe Reyes
Revision Date: 2015-05-19 12:59:29 UTC

* SECURITY UPDATE: fix rwm overlay reference counting. (LP: #1446809)
  - debian/patches/CVE-2013-4449.patch: fix reference counting
  - CVE-2013-4449
* SECURITY UPDATE: fix NULL pointer dereference in deref_parseCtrl()
  - debian/patches/CVE-2015-1545.patch: require non-empty AttributeList
  - CVE-2015-1545

Author: Chow Loong Jin
Revision Date: 2015-05-25 13:57:01 UTC

* [e9b4c01] Amend pkgconfig for multiarch lib paths (LP: #1457467)
* [f8ecb20] Don't include DESTDIR in LIBDIR override

Author: James Page
Revision Date: 2015-05-26 17:20:06 UTC

d/p/handle-ENOTCONN.patch: Ensure that ENOTCONN socket errors are
raised correctly, resolving issues with disconnected syslog sockets
in OpenStack Glance (LP: #1452312).

Author: Micah Gersten
Revision Date: 2015-05-03 15:04:17 UTC

No-change backport to utopic (LP: #1450992)

Author: dann frazier
Revision Date: 2015-03-23 23:05:54 UTC

Enable arm64 builds (LP: #1435663).

Author: Stefano Rivera
Revision Date: 2015-05-07 10:13:11 UTC

* Copy data from 0.27 (LP: #1452825)
  - Add Debian 8 "jessie"s release date.
  - Add Debian 9 "stretch" and 10 "buster", with provisional release dates.
  - Update Ubuntu 15.04 "vivid"s release and EOL dates.
  - Add Ubuntu 15.10 "Wily Werewolf", with a provisional release date.

Author: Stefano Rivera
Revision Date: 2015-05-07 10:13:11 UTC

* Copy data from 0.27 (LP: #1452825)
  - Add Debian 8 "jessie"s release date.
  - Add Debian 9 "stretch" and 10 "buster", with provisional release dates.
  - Update Ubuntu 15.04 "vivid"s release and EOL dates.
  - Add Ubuntu 15.10 "Wily Werewolf", with a provisional release date.

Author: Serge Hallyn
Revision Date: 2015-05-21 15:30:52 UTC

* d/p/libnuma-ppc64el-cpu-number-not-contiguous - patch from Thierry FAUCK
  (LP: #1358835)
* d/patches/from-git-6a7c2cf3-fix-uninitialised-mask.patch: Fix libnuma SEGV
  due to uninitialised mask. (LP: #1441388)
* d/rules: include simple-patchsys.mk to get patches applied

Author: James Page
Revision Date: 2015-05-26 17:20:06 UTC

d/p/handle-ENOTCONN.patch: Ensure that ENOTCONN socket errors are
raised correctly, resolving issues with disconnected syslog sockets
in OpenStack Glance (LP: #1452312).

Author: dann frazier
Revision Date: 2015-03-24 10:58:36 UTC

arm64: Detect UEFI based systems as "efi" subarch (LP: #1435663).

Author: Chow Loong Jin
Revision Date: 2015-05-25 13:57:01 UTC

* [e9b4c01] Amend pkgconfig for multiarch lib paths (LP: #1457467)
* [f8ecb20] Don't include DESTDIR in LIBDIR override

Author: Tyler Hicks
Revision Date: 2015-05-15 18:20:06 UTC

fake sync from Debian

Author: Tyler Hicks
Revision Date: 2015-05-15 18:20:06 UTC

fake sync from Debian

Author: Steve Beattie
Revision Date: 2015-05-12 08:55:27 UTC

fake sync from Debian

Author: Steve Beattie
Revision Date: 2015-05-12 08:55:27 UTC

fake sync from Debian

Author: Felix Geyer
Revision Date: 2015-05-03 22:57:02 UTC

* SECURITY UPDATE: symlink directory traversal vulnerability (LP: #1451260)
  - debian/patches/fix-dir-traversal: backported the upstream fix

Author: Felix Geyer
Revision Date: 2015-05-03 22:57:02 UTC

* SECURITY UPDATE: symlink directory traversal vulnerability (LP: #1451260)
  - debian/patches/fix-dir-traversal: backported the upstream fix

Author: Martin Pitt
Revision Date: 2015-05-20 23:01:00 UTC

* New upstream security/bug fix release (LP: #1457093)
  - Avoid possible crash when client disconnects just before the
    authentication timeout expires.
    If the timeout interrupt fired partway through the session shutdown
    sequence, SSL-related state would be freed twice, typically causing a
    crash and hence denial of service to other sessions. Experimentation
    shows that an unauthenticated remote attacker could trigger the bug
    somewhat consistently, hence treat as security issue. (CVE-2015-3165)

  - Improve detection of system-call failures
    Our replacement implementation of snprintf() failed to check for errors
    reported by the underlying system library calls; the main case that
    might be missed is out-of-memory situations. In the worst case this
    might lead to information exposure, due to our code assuming that a
    buffer had been overwritten when it hadn't been. Also, there were a few
    places in which security-relevant calls of other system library
    functions did not check for failure.
    It remains possible that some calls of the *printf() family of functions
    are vulnerable to information disclosure if an out-of-memory error
    occurs at just the wrong time. We judge the risk to not be large, but
    will continue analysis in this area. (CVE-2015-3166)

  - In contrib/pgcrypto, uniformly report decryption failures as Wrong key
    or corrupt data
    Previously, some cases of decryption with an incorrect key could report
    other error message texts. It has been shown that such variance in
    error reports can aid attackers in recovering keys from other systems.
    While it's unknown whether pgcrypto's specific behaviors are likewise
    exploitable, it seems better to avoid the risk by using a
    one-size-fits-all message. (CVE-2015-3167)

  - Protect against wraparound of multixact member IDs
    Under certain usage patterns, the existing defenses against this might
    be insufficient, allowing pg_multixact/members files to be removed too
    early, resulting in data loss.
    The fix for this includes modifying the server to fail transactions that
    would result in overwriting old multixact member ID data, and improving
    autovacuum to ensure it will act proactively to prevent multixact member
    ID wraparound, as it does for transaction ID wraparound.

 - See release notes for details about other fixes.

Author: Dmitry Shachnev
Revision Date: 2015-05-04 21:50:29 UTC

No-change rebuild to make python3-pyqt5.qsci working (LP: #1391056).

Author: Dmitry Shachnev
Revision Date: 2015-05-04 21:50:29 UTC

No-change rebuild to make python3-pyqt5.qsci working (LP: #1391056).

Author: Scott Talbert
Revision Date: 2014-12-06 22:49:13 UTC

Add patch from upstream which enables ddclient to find Digest::SHA to
fix FreeDNS support (LP: #1068884)

Author: Steve Beattie
Revision Date: 2015-05-12 12:43:12 UTC

fake sync from Debian

Author: Steve Beattie
Revision Date: 2015-05-12 12:43:12 UTC

fake sync from Debian

Author: Marc Deslauriers
Revision Date: 2015-05-01 10:36:36 UTC

* SECURITY UPDATE: denial of service and memory disclosure via malformed
  DNS requests
  - src/rfc1035.c: properly handle skip_questions return value.
  - ad4a8ff7d9097008d7623df8543df435bfddeac8
  - CVE-2015-3294

Author: Marc Deslauriers
Revision Date: 2015-05-01 10:36:36 UTC

* SECURITY UPDATE: denial of service and memory disclosure via malformed
  DNS requests
  - src/rfc1035.c: properly handle skip_questions return value.
  - ad4a8ff7d9097008d7623df8543df435bfddeac8
  - CVE-2015-3294

Author: Steve Beattie
Revision Date: 2015-05-13 23:13:03 UTC

fake sync from Debian

Author: Steve Beattie
Revision Date: 2015-05-13 23:13:03 UTC

fake sync from Debian

Author: Nicolas Delvaux
Revision Date: 2015-04-21 21:34:10 UTC

Add a patch to restore video playback (LP: #1445829)

Author: Felix Geyer
Revision Date: 2015-04-29 16:21:06 UTC

* SECURITY UPDATE: label decompression bug (LP: #1450037)
  - debian/patches/CVE-2015-1868: apply upstream fix
  - CVE-2015-1868

Author: Felix Geyer
Revision Date: 2015-04-29 16:21:06 UTC

* SECURITY UPDATE: label decompression bug (LP: #1450037)
  - debian/patches/CVE-2015-1868: apply upstream fix
  - CVE-2015-1868

Author: Chuck Short
Revision Date: 2015-04-20 10:29:51 UTC

* Resynchronize with stable/juno (cf15014) (LP: #1443429)
  - [a6d726c] Translation update for Juno 2014.2.3
  - [04d07da] Make Image Description an input field instead of a textarea
  - [947bc63] Pass correct project ID to get tenant_usages
  - [d4bc8a0] Handle RequestURITooLong error in large instance table
  - [e22c90e] Updated from global requirements
  - [6614c74] Better color arrangement in distribution pie charts
  - [9d2ff23] Use shades of blue for distribution pie charts
  - [bacd732] Automatically expand the current panel group on dashboard expansion
  - [8b0349f] Fix dynamic select layout when help block is displayed
* debian/bundle-xstatic.sh: Update for newer python-pip.

Author: Chuck Short
Revision Date: 2015-04-20 10:29:51 UTC

* Resynchronize with stable/juno (cf15014) (LP: #1443429)
  - [a6d726c] Translation update for Juno 2014.2.3
  - [04d07da] Make Image Description an input field instead of a textarea
  - [947bc63] Pass correct project ID to get tenant_usages
  - [d4bc8a0] Handle RequestURITooLong error in large instance table
  - [e22c90e] Updated from global requirements
  - [6614c74] Better color arrangement in distribution pie charts
  - [9d2ff23] Use shades of blue for distribution pie charts
  - [bacd732] Automatically expand the current panel group on dashboard expansion
  - [8b0349f] Fix dynamic select layout when help block is displayed
* debian/bundle-xstatic.sh: Update for newer python-pip.

Author: Marc Deslauriers
Revision Date: 2015-04-24 11:57:38 UTC

* SECURITY UPDATE: arbitrary code execution and incorrect signature
  verification
  - debian/patches/CVE-2015-340x.patch: properly handle temp files and
    headers in lib/Module/Signature.pm, Makefile.PL.
  - debian/patches/CVE-2015-3409.patch: don't load modules from relative
    paths in lib/Module/Signature.pm.
  - CVE-2015-3406
  - CVE-2015-3407
  - CVE-2015-3408
  - CVE-2015-3409

Author: Marc Deslauriers
Revision Date: 2015-04-24 11:57:38 UTC

* SECURITY UPDATE: arbitrary code execution and incorrect signature
  verification
  - debian/patches/CVE-2015-340x.patch: properly handle temp files and
    headers in lib/Module/Signature.pm, Makefile.PL.
  - debian/patches/CVE-2015-3409.patch: don't load modules from relative
    paths in lib/Module/Signature.pm.
  - CVE-2015-3406
  - CVE-2015-3407
  - CVE-2015-3408
  - CVE-2015-3409

Author: Felix Geyer
Revision Date: 2015-05-19 18:32:23 UTC

No-change backport to utopic (LP: #1456518)

Author: Unit 193
Revision Date: 2015-04-28 17:28:20 UTC

* SECURITY UPDATE: Denial of service vulnerability.
  - d/p/0002-crash-in-url-auth:
    This fixes a crash (NULL reference) in case URL Auth is used
    and stream_auth is trigged with no credentials passed by the client.
    Username and password is now set to empty strings and transmited to
    the backend server this way.
  - CVE-2015-3026
* SECURITY UPDATE: Potentially leaks sensitive information.
  - d/p/0001-disconnects_stdio_of_on_dis_connect_scripts:
    Include patchset 19313 (close file handles for external scripts).
  - CVE-2014-9018
* SECURITY UPDATE: Potentially allows local users to gain
  privileges via unspecified vectors.
  - d/p/0003-override-supplementary-groups:
    In case of <changeowner> only UID and GID were changed,
    supplementary groups were left in place.
    This is a potential security issue only if <changeowner> is used.
    New behaviour is to set UID, GID and set supplementary groups
    based on the UID.
    Even in case of icecast remaining in supplementary group 0
    this "only" gives it things like access to files that are owned
    by group 0 and according to their umask. This is obviously bad,
    but not as bad as UID 0 with all its other special rights.
  - CVE-2014-9091

Author: Unit 193
Revision Date: 2015-04-28 17:28:20 UTC

* SECURITY UPDATE: Denial of service vulnerability.
  - d/p/0002-crash-in-url-auth:
    This fixes a crash (NULL reference) in case URL Auth is used
    and stream_auth is trigged with no credentials passed by the client.
    Username and password is now set to empty strings and transmited to
    the backend server this way.
  - CVE-2015-3026
* SECURITY UPDATE: Potentially leaks sensitive information.
  - d/p/0001-disconnects_stdio_of_on_dis_connect_scripts:
    Include patchset 19313 (close file handles for external scripts).
  - CVE-2014-9018
* SECURITY UPDATE: Potentially allows local users to gain
  privileges via unspecified vectors.
  - d/p/0003-override-supplementary-groups:
    In case of <changeowner> only UID and GID were changed,
    supplementary groups were left in place.
    This is a potential security issue only if <changeowner> is used.
    New behaviour is to set UID, GID and set supplementary groups
    based on the UID.
    Even in case of icecast remaining in supplementary group 0
    this "only" gives it things like access to files that are owned
    by group 0 and according to their umask. This is obviously bad,
    but not as bad as UID 0 with all its other special rights.
  - CVE-2014-9091

Author: Nobuto Murata
Revision Date: 2015-03-05 23:00:15 UTC

supplement the last upload. make sure to fix permission on package
upgrade as well, LP: #1402657

Author: Marc Deslauriers
Revision Date: 2015-05-01 11:03:14 UTC

* SECURITY UPDATE: XEE due to expand_entities parameter being ignored
  - debian/patches/CVE-20xx-xxxx.patch: preserve unset options after a
    _clone() call in LibXML.pm, added test to t/43options.t.
  - CVE-2015-3451

Author: Marc Deslauriers
Revision Date: 2015-05-01 11:03:14 UTC

* SECURITY UPDATE: XEE due to expand_entities parameter being ignored
  - debian/patches/CVE-20xx-xxxx.patch: preserve unset options after a
    _clone() call in LibXML.pm, added test to t/43options.t.
  - CVE-2015-3451

Author: Felix Geyer
Revision Date: 2015-05-01 18:46:52 UTC

* SECURITY UPDATE: stack consumption vulnerability in message splitting code
  - debian/patches/CVE-2015-2778.patch: original patch from Michael Marley,
    backported by Steinar H. Gunderson
  - CVE-2015-2778 and CVE-2015-2779
* SECURITY UPDATE: SQL injection vulnerability in PostgreSQL backend
  - debian/patches/CVE-2015-3427.patch: upstream patch
  - CVE-2015-3427
  - original issue was CVE-2013-4422 which had an incomplete fix
  - LP: #1448911

Author: Marc Deslauriers
Revision Date: 2015-04-24 12:51:00 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  multiple issues (LP: #1444363)
  - debian/patches/60_cve-2015-0261.diff: check lengths in
    print-mobility.c.
  - debian/patches/60_cve-2015-2153.diff: check length in
    print-rpki-rtr.c.
  - debian/patches/60_cve-2015-2153-fix-regression.diff: more length
    checks in print-rpki-rtr.c.
  - debian/patches/60_cve-2015-2154.diff: check lengths in
    print-isoclns.c.
  - debian/patches/60_cve-2015-2155.diff: make sure ops->print is valid
    in print-forces.c.
  - CVE-2015-0261
  - CVE-2015-2153
  - CVE-2015-2154
  - CVE-2015-2155

Author: Marc Deslauriers
Revision Date: 2015-03-20 16:11:32 UTC

* SECURITY UPDATE: privilege escalation via interpreter load path
  - debian/patches/CVE-2014-8169-*.patch: add a prefix to program map
    stdvars and a config option to override it in include/mounts.h,
    lib/mounts.c, modules/lookup_program.c, modules/parse_sun.c,
    include/defaults.h, lib/defaults.c, modules/lookup_program.c,
    samples/autofs.conf.default.in, document changes in
    man/autofs.5, man/auto.master.5.in.
  - CVE-2014-8169

Author: dann frazier
Revision Date: 2015-03-24 11:20:52 UTC

Install grub-arm64-efi on arm64/efi platforms (LP: #1435663).

Author: Chuck Short
Revision Date: 2015-04-21 09:35:20 UTC

* Resynchronize with stable/juno (a314229) (LP: #1443429)
 - [a052b06] Change the engine-listener topic
 - [9f02b3a] Just to delete the stack when adopt rollback
 - [691a06a] Release stack lock when successfully acquire
 - [d6770de] Add dependency on Router External Gateway property
 - [1339ac2] Use only FIP dependencies from graph
 - [9516cbe] Add dependency hidden on router_interface
 - [3ee82a3] Update heat.conf.sample
 - [7d4e570] Use properties.data when testing for "provided by the user"
 - [f6dfcc2] Fix update on failed stack
 - [848c59b] Catch notfound exception when deleting project
 - [e63549f] Enable https for keystone while creating stack user
 - [3ea6c6a] Stop patching oslo.messaging private bits
 - [a194a88] Don't mock oslo.messaging _CallContext
 - [42b032f] Ensure all Neutron LoadBalancer members are delete
* debian/patches/fix-requirements.patch: Rediffed.

Author: Martin Pitt
Revision Date: 2015-05-13 09:59:12 UTC

releasing package apport version 2.14.7-0ubuntu8.5

Author: dann frazier
Revision Date: 2015-05-19 17:28:35 UTC

releasing package cloud-initramfs-tools version 0.25ubuntu1.15.04.1

Author: Marc Deslauriers
Revision Date: 2015-05-04 12:02:16 UTC

* Updated to 0.98.7 to fix multiple issues
  - CVE-2015-2170
  - CVE-2015-2221
  - CVE-2015-2222
  - CVE-2015-2305
  - CVE-2015-2668
* Refreshed patches for 0.98.7:
  - d/p/0010-hardcode-LLVM-linker-flag-because-llvm-config-return.patch
  - d/p/0018-llvm-don-t-use-system-libs.patch
* Removed upstreamed patches:
  - d/p/0014-remove-AC_CONFIG_SRCDIR-llvm-configure-from-libclama.patch

Author: Marc Deslauriers
Revision Date: 2015-05-04 12:02:16 UTC

* Updated to 0.98.7 to fix multiple issues
  - CVE-2015-2170
  - CVE-2015-2221
  - CVE-2015-2222
  - CVE-2015-2305
  - CVE-2015-2668
* Refreshed patches for 0.98.7:
  - d/p/0010-hardcode-LLVM-linker-flag-because-llvm-config-return.patch
  - d/p/0018-llvm-don-t-use-system-libs.patch
* Removed upstreamed patches:
  - d/p/0014-remove-AC_CONFIG_SRCDIR-llvm-configure-from-libclama.patch

Author: Adrian Knoth
Revision Date: 2014-12-04 19:34:45 UTC

Fix MIDI data loss when editing (Closes: #772118)

Author: Felix Geyer
Revision Date: 2015-05-01 18:46:52 UTC

* SECURITY UPDATE: stack consumption vulnerability in message splitting code
  - debian/patches/CVE-2015-2778.patch: original patch from Michael Marley,
    backported by Steinar H. Gunderson
  - CVE-2015-2778 and CVE-2015-2779
* SECURITY UPDATE: SQL injection vulnerability in PostgreSQL backend
  - debian/patches/CVE-2015-3427.patch: upstream patch
  - CVE-2015-3427
  - original issue was CVE-2013-4422 which had an incomplete fix
  - LP: #1448911

Author: Marc Deslauriers
Revision Date: 2015-05-01 09:44:47 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  overflow in _asn1_extract_der_octet.
  - debian/patches/CVE-2015-3622.patch: properly handle length in
    lib/decoding.c.
  - CVE-2015-3622

Author: Marc Deslauriers
Revision Date: 2015-05-01 09:44:47 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  overflow in _asn1_extract_der_octet.
  - debian/patches/CVE-2015-3622.patch: properly handle length in
    lib/decoding.c.
  - CVE-2015-3622

Author: Marc Deslauriers
Revision Date: 2015-04-29 10:23:26 UTC

* SECURITY UPDATE: NTLM connection reuse when unauthenticated
  - debian/patches/CVE-2015-3143.patch: require credentials to match in
    lib/url.c.
  - CVE-2015-3143
* SECURITY UPDATE: host name out of boundary memory access
  - debian/patches/CVE-2015-3144.patch: check for valid length in
    lib/url.c.
  - CVE-2015-3144
* SECURITY UPDATE: cookie parser out of boundary memory access
  - debian/patches/CVE-2015-3145.patch: properly handle a single double
    quote in lib/cookie.c.
  - CVE-2015-3145
* SECURITY UPDATE: negotiate not treated as connection-oriented
  - debian/patches/CVE-2015-3148.patch: don't clear GSSAPI state between
    each exchange and close Negotiate connections when done in
    lib/http.c, lib/http_negotiate.c, lib/http_negotiate_sspi.c.
  - CVE-2015-3148
* SECURITY UPDATE: sensitive HTTP server headers disclosure to proxies
  - debian/patches/CVE-2015-3153.patch: make HTTP headers separated in
    docs/libcurl/opts/CURLOPT_HEADEROPT.3, lib/url.c,
    tests/data/test1527, tests/data/test287, tests/libtest/lib1527.c.
  - CVE-2015-3153

Author: Marc Deslauriers
Revision Date: 2015-04-29 10:23:26 UTC

* SECURITY UPDATE: NTLM connection reuse when unauthenticated
  - debian/patches/CVE-2015-3143.patch: require credentials to match in
    lib/url.c.
  - CVE-2015-3143
* SECURITY UPDATE: host name out of boundary memory access
  - debian/patches/CVE-2015-3144.patch: check for valid length in
    lib/url.c.
  - CVE-2015-3144
* SECURITY UPDATE: cookie parser out of boundary memory access
  - debian/patches/CVE-2015-3145.patch: properly handle a single double
    quote in lib/cookie.c.
  - CVE-2015-3145
* SECURITY UPDATE: negotiate not treated as connection-oriented
  - debian/patches/CVE-2015-3148.patch: don't clear GSSAPI state between
    each exchange and close Negotiate connections when done in
    lib/http.c, lib/http_negotiate.c, lib/http_negotiate_sspi.c.
  - CVE-2015-3148
* SECURITY UPDATE: sensitive HTTP server headers disclosure to proxies
  - debian/patches/CVE-2015-3153.patch: make HTTP headers separated in
    docs/libcurl/opts/CURLOPT_HEADEROPT.3, lib/url.c,
    tests/data/test1527, tests/data/test287, tests/libtest/lib1527.c.
  - CVE-2015-3153

Author: Adam Conrad
Revision Date: 2015-04-26 16:44:56 UTC

New upstream release with yet another urgent DST change for Egypt.

Author: Adam Conrad
Revision Date: 2015-04-26 16:44:56 UTC

New upstream release with yet another urgent DST change for Egypt.

Author: Adam Conrad
Revision Date: 2015-04-26 16:44:56 UTC

New upstream release with yet another urgent DST change for Egypt.

Author: Marc Deslauriers
Revision Date: 2015-04-24 12:51:00 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  multiple issues (LP: #1444363)
  - debian/patches/60_cve-2015-0261.diff: check lengths in
    print-mobility.c.
  - debian/patches/60_cve-2015-2153.diff: check length in
    print-rpki-rtr.c.
  - debian/patches/60_cve-2015-2153-fix-regression.diff: more length
    checks in print-rpki-rtr.c.
  - debian/patches/60_cve-2015-2154.diff: check lengths in
    print-isoclns.c.
  - debian/patches/60_cve-2015-2155.diff: make sure ops->print is valid
    in print-forces.c.
  - CVE-2015-0261
  - CVE-2015-2153
  - CVE-2015-2154
  - CVE-2015-2155

Author: Marc Deslauriers
Revision Date: 2015-04-22 23:16:13 UTC

* SECURITY UPDATE: privilege escalation via missing polkit check
  (LP: #1447396)
  - bin/usb-creator-helper, dbus/com.ubuntu.usbcreator.policy.in: add
    proper polkit integration for KVM use.
  - CVE number pending

Author: Marc Deslauriers
Revision Date: 2015-04-22 23:16:13 UTC

* SECURITY UPDATE: privilege escalation via missing polkit check
  (LP: #1447396)
  - bin/usb-creator-helper, dbus/com.ubuntu.usbcreator.policy.in: add
    proper polkit integration for KVM use.
  - CVE number pending

Author: Robie Basak
Revision Date: 2015-04-09 11:38:43 UTC

Check that extlinux-update exists before trying to run it in the postrm
since it may already have been removed (Closes: #748618, LP: #1042511).

Author: Ryan Tandy
Revision Date: 2015-03-31 11:00:02 UTC

Ensure the argument to get_idletime() and its counter are both not NULL.
Fixes unity-settings-daemon crashing under NX3/X2Go, which do not support
the IDLETIME counter. (LP: #1416081)

Author: Nicolas Delvaux
Revision Date: 2015-04-21 21:34:10 UTC

Add a patch to restore video playback (LP: #1445829)

Author: Chuck Short
Revision Date: 2015-04-21 09:35:20 UTC

* Resynchronize with stable/juno (a314229) (LP: #1443429)
 - [a052b06] Change the engine-listener topic
 - [9f02b3a] Just to delete the stack when adopt rollback
 - [691a06a] Release stack lock when successfully acquire
 - [d6770de] Add dependency on Router External Gateway property
 - [1339ac2] Use only FIP dependencies from graph
 - [9516cbe] Add dependency hidden on router_interface
 - [3ee82a3] Update heat.conf.sample
 - [7d4e570] Use properties.data when testing for "provided by the user"
 - [f6dfcc2] Fix update on failed stack
 - [848c59b] Catch notfound exception when deleting project
 - [e63549f] Enable https for keystone while creating stack user
 - [3ea6c6a] Stop patching oslo.messaging private bits
 - [a194a88] Don't mock oslo.messaging _CallContext
 - [42b032f] Ensure all Neutron LoadBalancer members are delete
* debian/patches/fix-requirements.patch: Rediffed.

Author: Chris Halse Rogers
Revision Date: 2015-04-14 11:08:58 UTC

* debian/control: Update Homepage: to not point at spam URL. (LP: #1442873)
* debian/patches/06_fix_website_address.patch:
  - Update help links to not point at spam URL. (LP: #1363589)

Author: Ryan Tandy
Revision Date: 2015-02-25 12:22:56 UTC

debian/patches/git_allocate-rfbProtocolExtension-statically.patch:
Import upstream patch to fix ica crashing when a client connects.
(LP: #1297345)

Author: Billy Olsen
Revision Date: 2015-04-14 09:38:13 UTC

* Fix memory leak in rados.py (LP: #1425164):
  - d/p/fix-python-rados-memleak.patch: patches the rados.py Ioctx
    class to remove circular dependencies which prevent python from
    garbage collecting object references.

Author: Dmitry Shachnev
Revision Date: 2015-03-21 15:49:36 UTC

[ Tim Lunn ]
* debian/patches/103_kill_the_fail_whale.patch: fix logic gnome-session
  should die at this point. This will fix LP: #1236749,
  LP: #1385572 and possibly various other strange bugs

[ Ryan Tandy ]
* debian/patches/git_add_disable_acceleration_option.patch: Backport
  upstream patch to add a --disable-acceleration-check command-line option.
  (LP: #1251281)
* debian/gnome-session-bin.user-session.upstart: Disable acceleration check
  when launching a GNOME Flashback (Metacity) session.

Author: Marc Deslauriers
Revision Date: 2015-04-15 11:43:39 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  incorrect nal size
  - debian/patches/CVE-2015-0797.patch: check nal size in
    gst/videoparsers/gsth264parse.c.
  - CVE-2015-0797

Author: Marc Deslauriers
Revision Date: 2015-04-15 11:43:39 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  incorrect nal size
  - debian/patches/CVE-2015-0797.patch: check nal size in
    gst/videoparsers/gsth264parse.c.
  - CVE-2015-0797

Author: Robie Basak
Revision Date: 2015-04-09 11:38:43 UTC

Check that extlinux-update exists before trying to run it in the postrm
since it may already have been removed (Closes: #748618, LP: #1042511).

Author: Sam Hartman
Revision Date: 2015-04-02 15:30:09 UTC

Relax breaks relationship between moonshot-ui and libmoonshot1

Author: Felix Geyer
Revision Date: 2015-04-14 12:40:04 UTC

No-change backport to utopic (LP: #1439214)

Author: Felix Geyer
Revision Date: 2015-04-14 12:39:28 UTC

No-change backport to utopic (LP: #1439209)

Author: Felix Geyer
Revision Date: 2015-04-14 12:41:40 UTC

No-change backport to utopic (LP: #1439227)

Author: Billy Olsen
Revision Date: 2015-04-14 09:38:13 UTC

* Fix memory leak in rados.py (LP: #1425164):
  - d/p/fix-python-rados-memleak.patch: patches the rados.py Ioctx
    class to remove circular dependencies which prevent python from
    garbage collecting object references.

Author: Marc Deslauriers
Revision Date: 2015-04-09 08:00:28 UTC

* SECURITY UPDATE: buffer overflow in MakeBigReq (LP: #1441381)
  - No change rebuild against libx11 in release pocket
  - CVE-2013-7439

Author: Marc Deslauriers
Revision Date: 2015-04-09 08:00:28 UTC

* SECURITY UPDATE: buffer overflow in MakeBigReq (LP: #1441381)
  - No change rebuild against libx11 in release pocket
  - CVE-2013-7439

Author: Brian Murray
Revision Date: 2015-01-16 15:35:09 UTC

Remove warning messages about missing Xge extension event translations.
(LP: #1400730)

Author: Marc Deslauriers
Revision Date: 2015-04-13 09:04:07 UTC

* SECURITY UPDATE: symmetric key unauthenticated packet MITM attack
  - debian/patches/CVE-2015-1798.patch: reject packets without MAC in
    ntpd/ntp_proto.c.
  - CVE-2015-1798
* SECURITY UPDATE: symmetric association DoS attack
  - debian/patches/CVE-2015-1799.patch: don't update state variables when
    authentication fails in ntpd/ntp_proto.c.
  - CVE-2015-1799
* SECURITY UPDATE: ntp-keygen infinite loop or lack of randonmess on big
  endian platforms
  - debian/patches/ntp-keygen-endless-loop.patch: fix logic in
    util/ntp-keygen.c.
  - CVE number pending

Author: Marc Deslauriers
Revision Date: 2015-04-13 09:04:07 UTC

* SECURITY UPDATE: symmetric key unauthenticated packet MITM attack
  - debian/patches/CVE-2015-1798.patch: reject packets without MAC in
    ntpd/ntp_proto.c.
  - CVE-2015-1798
* SECURITY UPDATE: symmetric association DoS attack
  - debian/patches/CVE-2015-1799.patch: don't update state variables when
    authentication fails in ntpd/ntp_proto.c.
  - CVE-2015-1799
* SECURITY UPDATE: ntp-keygen infinite loop or lack of randonmess on big
  endian platforms
  - debian/patches/ntp-keygen-endless-loop.patch: fix logic in
    util/ntp-keygen.c.
  - CVE number pending

Author: Phil Pemberton
Revision Date: 2015-04-10 18:04:05 UTC

Merge in a number of fixes which make the P-touch driver more usable

Author: Felix Geyer
Revision Date: 2015-04-10 19:20:33 UTC

No-change backport to utopic (LP: #1431283)

Author: Ryan Tandy
Revision Date: 2015-02-25 12:22:56 UTC

debian/patches/git_allocate-rfbProtocolExtension-statically.patch:
Import upstream patch to fix ica crashing when a client connects.
(LP: #1297345)