Branches for Utopic

Author: Johan Van de Wauw
Revision Date: 2015-04-03 22:47:20 UTC

 * SECURITY UPDATE: Fix multiple vulnerabilities allowing denial of service
   or possibly execute arbitrary code (LP: #1437087):
   - CVE 2015-2753: FreeXL before 1.0.0i allows remote attackers to cause a
     denial of service (stack corruption) or possibly execute arbitrary code
     via a crafted sector in a workbook.
   - CVE 2015-2754: FreeXL before 1.0.0i allows remote attackers to cause a
     denial of service (stack corruption) and possibly execute arbitrary code
     via a crafted workbook, related to a "premature EOF."

Author: Johan Van de Wauw
Revision Date: 2015-04-03 22:47:20 UTC

 * SECURITY UPDATE: Fix multiple vulnerabilities allowing denial of service
   or possibly execute arbitrary code (LP: #1437087):
   - CVE 2015-2753: FreeXL before 1.0.0i allows remote attackers to cause a
     denial of service (stack corruption) or possibly execute arbitrary code
     via a crafted sector in a workbook.
   - CVE 2015-2754: FreeXL before 1.0.0i allows remote attackers to cause a
     denial of service (stack corruption) and possibly execute arbitrary code
     via a crafted workbook, related to a "premature EOF."

Author: not-used-anymore
Revision Date: 2015-04-03 08:27:29 UTC

debian/gdm.init - removed extra unmatched "fi" line 78 (LP: #1315442)

Author: Lance Goodridge
Revision Date: 2015-04-04 00:57:13 UTC

Fixed Bug 1438242: parse() on an invalid time string no longer raises ValueError

Author: Phil Pemberton
Revision Date: 2015-04-03 08:52:20 UTC

Fix the "ESC i A" (enable cutter) command patch to correctly send only on
printers which support it. (LP: #1342979)

Author: Johan Van de Wauw
Revision Date: 2015-04-01 19:53:13 UTC

* SECURITY UPDATE: crash of the database backend process when given
  invalid GeoJSON data (LP: #1438875)
  - debian/patches/geojson-fix-3094.patch: back-ported from the 2.1.7
    release, taken from debian patch by Markus Wanner.
  - No CVE number

Author: Johan Van de Wauw
Revision Date: 2015-04-01 19:53:13 UTC

* SECURITY UPDATE: crash of the database backend process when given
  invalid GeoJSON data (LP: #1438875)
  - debian/patches/geojson-fix-3094.patch: back-ported from the 2.1.7
    release, taken from debian patch by Markus Wanner.
  - No CVE number

Author: Ryan Tandy
Revision Date: 2015-03-31 11:00:02 UTC

Ensure the argument to get_idletime() and its counter are both not NULL.
Fixes unity-settings-daemon crashing under NX3/X2Go, which do not support
the IDLETIME counter. (LP: #1416081)

Author: Marc Deslauriers
Revision Date: 2015-03-31 09:18:52 UTC

Rebuild for Ubuntu 14.10. (LP: #1420956)

Author: dann frazier
Revision Date: 2015-03-23 23:05:54 UTC

Enable arm64 builds (LP: #1435663).

Author: dann frazier
Revision Date: 2015-03-24 10:58:36 UTC

arm64: Detect UEFI based systems as "efi" subarch (LP: #1435663).

Author: Marc Deslauriers
Revision Date: 2015-04-01 14:05:44 UTC

* SECURITY REGRESSION: regression when saving TIFF files with compression
  predictor (LP: #1439186)
  - debian/patches/CVE-2014-8128-5.patch: disable until proper upstream
    fix is available.

Author: dann frazier
Revision Date: 2015-03-24 11:20:52 UTC

Install grub-arm64-efi on arm64/efi platforms (LP: #1435663).

Author: Dan Watkins
Revision Date: 2015-03-11 16:57:57 UTC

Backport support for fetching passwords in CloudStack (LP: #1422388).

Author: Marc Deslauriers
Revision Date: 2015-03-27 08:16:53 UTC

* Fix screening responses from keyservers (LP: #1421640)
  - d/p/0002-Make-screening-of-keyserver-result-work-with-multi-k.patch
  - d/p/0003-Add-kbnode_t-for-easier-backporting.patch
  - d/p/0004-gpg-Fix-regression-due-to-the-keyserver-import-filte.patch
* Fix large key size regression from CVE-2014-5270 changes (LP: #1371766)
  - d/p/Add-build-and-runtime-support-for-larger-RSA-key.patch
  - debian/rules: build with --enable-large-secmem
* SECURITY UPDATE: invalid memory read via invalid keyring
  - debian/patches/CVE-2015-1606.patch: skip all packets not allowed in
    a keyring in g10/keyring.c.
  - CVE-2015-1606
* SECURITY UPDATE: memcpy with overlapping ranges
  - debian/patches/CVE-2015-1607.patch: use inline functions to convert
    buffer data to scalars in common/iobuf.c, g10/build-packet.c,
    g10/getkey.c, g10/keyid.c, g10/main.h, g10/misc.c,
    g10/parse-packet.c, g10/tdbio.c, g10/trustdb.c, include/host2net.h,
    kbx/keybox-dump.c, kbx/keybox-openpgp.c, kbx/keybox-search.c,
    kbx/keybox-update.c, scd/apdu.c, scd/app-openpgp.c,
    scd/ccid-driver.c, scd/pcsc-wrapper.c, tools/ccidmon.c.
  - CVE-2015-1607

Author: Marc Deslauriers
Revision Date: 2015-03-26 08:17:22 UTC

* SECURITY UPDATE: sidechannel attack on Elgamal
  - debian/patches/CVE-2014-3591.patch: use ciphertext blinding in
    cipher/elgamal.c.
  - CVE-2014-3591
* SECURITY UPDATE: sidechannel attack via timing variations in mpi_powm
  - debian/patches/CVE-2015-0837.patch: avoid timing variations in
    mpi/mpi-pow.c, mpi/mpiutil.c, src/mpi.h.
  - CVE-2015-0837

Author: Marc Deslauriers
Revision Date: 2015-03-26 07:24:13 UTC

* SECURITY UPDATE: sidechannel attack on Elgamal
  - debian/patches/CVE-2014-3591.patch: use ciphertext blinding in
    cipher/elgamal.c.
  - CVE-2014-3591
* SECURITY UPDATE: sidechannel attack via timing variations in mpi_powm
  - debian/patches/CVE-2015-0837.patch: avoid timing variations in
    mpi/mpi-pow.c, mpi/mpiutil.c, src/mpi.h.
  - CVE-2015-0837

Author: Marc Deslauriers
Revision Date: 2015-04-01 14:05:44 UTC

* SECURITY REGRESSION: regression when saving TIFF files with compression
  predictor (LP: #1439186)
  - debian/patches/CVE-2014-8128-5.patch: disable until proper upstream
    fix is available.

Author: Marc Deslauriers
Revision Date: 2015-03-27 08:16:53 UTC

* Fix screening responses from keyservers (LP: #1421640)
  - d/p/0002-Make-screening-of-keyserver-result-work-with-multi-k.patch
  - d/p/0003-Add-kbnode_t-for-easier-backporting.patch
  - d/p/0004-gpg-Fix-regression-due-to-the-keyserver-import-filte.patch
* Fix large key size regression from CVE-2014-5270 changes (LP: #1371766)
  - d/p/Add-build-and-runtime-support-for-larger-RSA-key.patch
  - debian/rules: build with --enable-large-secmem
* SECURITY UPDATE: invalid memory read via invalid keyring
  - debian/patches/CVE-2015-1606.patch: skip all packets not allowed in
    a keyring in g10/keyring.c.
  - CVE-2015-1606
* SECURITY UPDATE: memcpy with overlapping ranges
  - debian/patches/CVE-2015-1607.patch: use inline functions to convert
    buffer data to scalars in common/iobuf.c, g10/build-packet.c,
    g10/getkey.c, g10/keyid.c, g10/main.h, g10/misc.c,
    g10/parse-packet.c, g10/tdbio.c, g10/trustdb.c, include/host2net.h,
    kbx/keybox-dump.c, kbx/keybox-openpgp.c, kbx/keybox-search.c,
    kbx/keybox-update.c, scd/apdu.c, scd/app-openpgp.c,
    scd/ccid-driver.c, scd/pcsc-wrapper.c, tools/ccidmon.c.
  - CVE-2015-1607

Author: Marc Deslauriers
Revision Date: 2015-03-26 08:17:22 UTC

* SECURITY UPDATE: sidechannel attack on Elgamal
  - debian/patches/CVE-2014-3591.patch: use ciphertext blinding in
    cipher/elgamal.c.
  - CVE-2014-3591
* SECURITY UPDATE: sidechannel attack via timing variations in mpi_powm
  - debian/patches/CVE-2015-0837.patch: avoid timing variations in
    mpi/mpi-pow.c, mpi/mpiutil.c, src/mpi.h.
  - CVE-2015-0837

Author: Marc Deslauriers
Revision Date: 2015-03-26 07:24:13 UTC

* SECURITY UPDATE: sidechannel attack on Elgamal
  - debian/patches/CVE-2014-3591.patch: use ciphertext blinding in
    cipher/elgamal.c.
  - CVE-2014-3591
* SECURITY UPDATE: sidechannel attack via timing variations in mpi_powm
  - debian/patches/CVE-2015-0837.patch: avoid timing variations in
    mpi/mpi-pow.c, mpi/mpiutil.c, src/mpi.h.
  - CVE-2015-0837

Author: Marc Deslauriers
Revision Date: 2015-03-24 12:20:51 UTC

* SECURITY UPDATE: abitrary code execution and XXE attacks
  - debian/patches/CVE-2015-0254.patch: thanks to Debian for the patch
    backport.
  - debian/ant.properties: bump source and target to 1.5.
  - CVE-2015-0254

Author: Marc Deslauriers
Revision Date: 2015-03-24 12:20:51 UTC

* SECURITY UPDATE: abitrary code execution and XXE attacks
  - debian/patches/CVE-2015-0254.patch: thanks to Debian for the patch
    backport.
  - debian/ant.properties: bump source and target to 1.5.
  - CVE-2015-0254

Author: Serge Hallyn
Revision Date: 2015-03-24 16:33:06 UTC

Fix cgmanager handling of a corner case involving certain co-mounted
controllers (LP: #1435416)

Author: Dmitry Shachnev
Revision Date: 2015-03-21 15:49:36 UTC

[ Tim Lunn ]
* debian/patches/103_kill_the_fail_whale.patch: fix logic gnome-session
  should die at this point. This will fix LP: #1236749,
  LP: #1385572 and possibly various other strange bugs

[ Ryan Tandy ]
* debian/patches/git_add_disable_acceleration_option.patch: Backport
  upstream patch to add a --disable-acceleration-check command-line option.
  (LP: #1251281)
* debian/gnome-session-bin.user-session.upstart: Disable acceleration check
  when launching a GNOME Flashback (Metacity) session.

Author: Mathieu Trudel-Lapierre
Revision Date: 2015-03-20 11:06:08 UTC

Find and use the syslinux from the source squashfs. (LP: #1325801)

Author: Scott Moser
Revision Date: 2015-03-20 16:49:19 UTC

* New upstream snapshot.
  - hardware enablement: knew kernel mapping for vivid (hwe-v = 3.19)
  - hardware enablement: support running on vivid and installation of
    vivid in environment without python2. (LP: #1427950)
  - debian/control: fix lintian warnings: add build-depends on dh-python,
    wrap-and-sort, update Standards-Version.

Author: Marc Deslauriers
Revision Date: 2015-03-24 10:50:28 UTC

* SECURITY UPDATE: XML external entity information disclosure
  - debian/patches/cve_2015_0250.patch: disable external entities in
    sources/org/apache/batik/dom/util/SAXDocumentFactory.java.
  - Thanks to Debian for the patch backport.
  - CVE-2015-0250

Author: Marc Deslauriers
Revision Date: 2015-03-24 10:50:28 UTC

* SECURITY UPDATE: XML external entity information disclosure
  - debian/patches/cve_2015_0250.patch: disable external entities in
    sources/org/apache/batik/dom/util/SAXDocumentFactory.java.
  - Thanks to Debian for the patch backport.
  - CVE-2015-0250

Author: Serge Hallyn
Revision Date: 2015-03-24 16:33:06 UTC

Fix cgmanager handling of a corner case involving certain co-mounted
controllers (LP: #1435416)

Author: Joseph Salisbury
Revision Date: 2014-12-17 15:44:50 UTC

Fix dkms build failure for Utopic kernels (LP: #1396758)

Author: Scott Moser
Revision Date: 2015-03-20 16:49:19 UTC

* New upstream snapshot.
  - hardware enablement: knew kernel mapping for vivid (hwe-v = 3.19)
  - hardware enablement: support running on vivid and installation of
    vivid in environment without python2. (LP: #1427950)
  - debian/control: fix lintian warnings: add build-depends on dh-python,
    wrap-and-sort, update Standards-Version.

Author: dann frazier
Revision Date: 2015-03-16 09:58:39 UTC

powerpc-undef-pixel.patch: Fix FTBFS on powerpc (LP: #1432717)

Author: Robert Ancell
Revision Date: 2015-03-10 16:02:44 UTC

* New upstream release:
  - Fix pipe file descriptor leak for each greeter session. (LP: #1190344)
  - Don't attempt generate D-Bus seat/session removal signals on shutdown.
* debian/guest-account.sh:
  - Rename variables to make script compatible with Bash (LP: #1411100)
* debian/lightdm-session:
  - Use bash for the session to improve error handling (LP: #678421)
* debian/control:
  - Depend on bash

Author: Marc Deslauriers
Revision Date: 2015-03-18 07:30:31 UTC

* SECURITY UPDATE: arbitrary code exection via invalid property count
  - debian/patches/CVE-2015-1802.patch: check for integer overflow in
    src/bitmap/bdfread.c.
  - CVE-2015-1802
* SECURITY UPDATE: arbitrary code execution via bitmap data parse failure
  - debian/patches/CVE-2015-1803.patch: bail out if bitmap can't be read
    in src/bitmap/bdfread.c.
  - CVE-2015-1803
* SECURITY UPDATE: arbitrary code execution via invalid metrics
  - debian/patches/CVE-2015-1804.patch: ensure metrics fit in struct in
    src/bitmap/bdfread.c.
  - CVE-2015-1804

Author: Marc Deslauriers
Revision Date: 2015-03-18 07:30:31 UTC

* SECURITY UPDATE: arbitrary code exection via invalid property count
  - debian/patches/CVE-2015-1802.patch: check for integer overflow in
    src/bitmap/bdfread.c.
  - CVE-2015-1802
* SECURITY UPDATE: arbitrary code execution via bitmap data parse failure
  - debian/patches/CVE-2015-1803.patch: bail out if bitmap can't be read
    in src/bitmap/bdfread.c.
  - CVE-2015-1803
* SECURITY UPDATE: arbitrary code execution via invalid metrics
  - debian/patches/CVE-2015-1804.patch: ensure metrics fit in struct in
    src/bitmap/bdfread.c.
  - CVE-2015-1804

Author: Rolf Leggewie
Revision Date: 2015-03-03 20:13:29 UTC

depend on unversioned libavcodec-extra package for robustness.
LP: #1273203

Author: Marc Deslauriers
Revision Date: 2015-03-12 11:20:35 UTC

* SECURITY UPDATE: arbitrary file access via TZ
  - debian/patches/CVE-2014-9680.patch: sanity check TZ env variable in
    configure, configure.ac, doc/sudoers.cat, doc/sudoers.man.in,
    doc/sudoers.mdoc.in, m4/sudo.m4, pathnames.h.in,
    plugins/sudoers/env.c.
  - CVE-2014-9680

Author: Dan Watkins
Revision Date: 2015-03-16 10:37:44 UTC

* SECURITY UPDATE: Session fixation and cookie stealing issue
  (LP: #1432555).
  - debian/patches/CVE-2015-2296.patch: extract cookies from the original
    request (which still has the host which returned the cookies)
  - CVE-2015-2296

Author: Marc Deslauriers
Revision Date: 2015-03-13 07:32:46 UTC

* SECURITY UPDATE: arbitrary code injection via incorrect filtering
  - debian/patches/CVE-2015-2265.patch: properly handle multiple
    consecutive bad chars in utils/cups-browsed.c.
  - CVE-2015-2265

Author: Marc Deslauriers
Revision Date: 2015-03-12 11:20:35 UTC

* SECURITY UPDATE: arbitrary file access via TZ
  - debian/patches/CVE-2014-9680.patch: sanity check TZ env variable in
    configure, configure.ac, doc/sudoers.cat, doc/sudoers.man.in,
    doc/sudoers.mdoc.in, m4/sudo.m4, pathnames.h.in,
    plugins/sudoers/env.c.
  - CVE-2014-9680

Author: Marc Deslauriers
Revision Date: 2015-03-13 07:32:46 UTC

* SECURITY UPDATE: arbitrary code injection via incorrect filtering
  - debian/patches/CVE-2015-2265.patch: properly handle multiple
    consecutive bad chars in utils/cups-browsed.c.
  - CVE-2015-2265

Author: Dan Watkins
Revision Date: 2015-03-16 10:37:44 UTC

* SECURITY UPDATE: Session fixation and cookie stealing issue
  (LP: #1432555).
  - debian/patches/CVE-2015-2296.patch: extract cookies from the original
    request (which still has the host which returned the cookies)
  - CVE-2015-2296

Author: dann frazier
Revision Date: 2015-03-16 09:58:39 UTC

powerpc-undef-pixel.patch: Fix FTBFS on powerpc (LP: #1432717)

Author: Mathieu Trudel-Lapierre
Revision Date: 2015-02-16 15:19:52 UTC

* Update release name and version for Utopic. (LP: #1419955)
* Add note and example for 'd-i live-installer/net-image', which is now
  required to let the installer know where the preinstalled squashfs can
  be reached. (LP: #1368700)

Author: Dimitri John Ledkov
Revision Date: 2015-01-23 19:27:42 UTC

 * Backport changes in user session gnome-keyring jobs up to
   3.14.0-1ubuntu2. (LP: #1387303)
 * Enable gnome-keyring ssh and gpg daemons to appear in "Startup
   Applications".
 * Split gnome-keyring user session job into ssh, gpg, and keyring jobs.
 * Make sure ssh/gpg keyring jobs only start, if not disabled in gui or
   with usptart override.
 * This thus allows to use stock ssh/gpg agents as provided by respective
   upstreams.

Author: Sebastien Bacher
Revision Date: 2015-02-06 15:08:24 UTC

No change rebuild to get translations imported in launchpad
(lp: #1391024)

Author: Brian Murray
Revision Date: 2015-03-09 11:16:12 UTC

Add apport_package_key_with_version.patch: Include the package version in
the Package data as apport does this with any report it creates and the
Error Tracker expects to find the version there. (LP: #1429967)

Author: Felix Geyer
Revision Date: 2015-03-11 19:33:32 UTC

No-change backport to utopic (LP: #1430953)

Author: Tyler Hicks
Revision Date: 2015-03-04 16:40:18 UTC

* SECURITY UPDATE: Mount passphrase wrapped with a default salt value
  - debian/patches/CVE-2014-9687.patch: Generate a random salt when wrapping
    the mount passphrase. If a user has a mount passphrase that was wrapped
    using the default salt, their mount passphrase will be rewrapped using a
    random salt when they log in with their password.
  - debian/patches/CVE-2014-9687.patch: Create a temporary file when
    creating a new wrapped-passphrase file and copy it to its final
    destination after the file has been fully synced to disk (LP: #1020902)
  - debian/rules: Set the executable bit on the
    v1-to-v2-wrapped-passphrase.sh test script that was created by
    wrapping-passphrase-salt.patch
  - CVE-2014-9687

Author: Tyler Hicks
Revision Date: 2015-03-04 16:40:18 UTC

* SECURITY UPDATE: Mount passphrase wrapped with a default salt value
  - debian/patches/CVE-2014-9687.patch: Generate a random salt when wrapping
    the mount passphrase. If a user has a mount passphrase that was wrapped
    using the default salt, their mount passphrase will be rewrapped using a
    random salt when they log in with their password.
  - debian/patches/CVE-2014-9687.patch: Create a temporary file when
    creating a new wrapped-passphrase file and copy it to its final
    destination after the file has been fully synced to disk (LP: #1020902)
  - debian/rules: Set the executable bit on the
    v1-to-v2-wrapped-passphrase.sh test script that was created by
    wrapping-passphrase-salt.patch
  - CVE-2014-9687

Author: Brian Murray
Revision Date: 2015-03-09 11:16:12 UTC

Add apport_package_key_with_version.patch: Include the package version in
the Package data as apport does this with any report it creates and the
Error Tracker expects to find the version there. (LP: #1429967)

Author: Glenn Moss
Revision Date: 2015-03-06 23:07:41 UTC

Lockless deadlock fix.

Author: Patrik Lundin
Revision Date: 2015-03-04 16:16:19 UTC

Add 051_kdc_memleak patch based on Debian bug #746486. LP: #1422359

Author: Nobuto Murata
Revision Date: 2015-03-05 23:00:15 UTC

supplement the last upload. make sure to fix permission on package
upgrade as well, LP: #1402657

Author: Iain Lane
Revision Date: 2015-03-02 12:32:15 UTC

New upstream bugfix release (LP: #1427219)

Author: Louis Bouchard
Revision Date: 2014-11-25 12:40:30 UTC

Add CA Certificate verification from upstream
Import commits r624, r625, r627 and r628 from upstream
to implement CA Certificate verification (LP: #1385469)

Author: Mathieu Trudel-Lapierre
Revision Date: 2015-02-18 09:03:10 UTC

* debian/control: update maintainer.
* debian/patches/git_fix_compare_sizes_895b702a.patch: fix data size in
  compare function, avoids using a duplicate boot var for newly created
  entries in the boot manager. (LP: #1363719)

Author: Iain Lane
Revision Date: 2014-12-10 11:40:58 UTC

* New upstream release (LP: #1401069)
  + The GTlsClientConnection "use-ssl3" property now falls back to TLS
    1.0 if SSL 3.0 has been disabled, rather than just failing. Also, we now
    use the gnutls %LATEST_RECORD_VERSION option by default (to allow
    connecting to certain servers that were incorrectly patched for the
    POODLE attack), but also make sure to remove that option in the fallback
    ("use-ssl3") mode (to allow connecting to other servers that are
    differently broken).
  + tls/gnutls: Miscellaneous warning, debugging, and leak fixes
* 0001-test_create_certificate_chain-Skip-if-not-running-ag.patch: Skip a
  test when run on glib ≥ 2.43 as it requires a change in this version.

Author: Andreas Olsson
Revision Date: 2015-03-01 16:07:34 UTC

No-change rebuild against newer libopensm5 (LP: #1426711).

Author: Sebastien Bacher
Revision Date: 2015-01-07 10:03:16 UTC

* debian/patches/git_zero_boxes.patch, git_nonzero_boxes.patch:
  - backport upstream fixes for segfault issues (lp: #1391857)

Author: Sebastien Bacher
Revision Date: 2015-02-06 15:08:24 UTC

No change rebuild to get translations imported in launchpad
(lp: #1391024)

Author: martin.nowack@gmail.com
Revision Date: 2015-02-26 07:58:52 UTC

Fix parsing of domain name and allow dashes as well (LP: #1425837)

Author: Richard Hansen
Revision Date: 2015-02-04 16:11:03 UTC

Enable hmac-sha2-256 and hmac-sha2-512 MAC algorithms (LP: #1409798)

Author: Richard Hansen
Revision Date: 2015-02-11 12:13:52 UTC

Discard extra "M" response lines when reading the server's
version. (LP: #1413084)

Author: Iain Lane
Revision Date: 2015-01-15 17:23:21 UTC

Backport new upstream release to 14.10 (LP: #1411325)

Author: Iain Lane
Revision Date: 2015-01-15 17:32:43 UTC

Backport new upstream release to 14.10 (LP: #1411325)

Author: Brian Murray
Revision Date: 2015-02-02 14:18:29 UTC

Merge patch from Bryan Quigley to only log when whoopsie's state changes.
(LP: #1217407)

Author: Iain Lane
Revision Date: 2015-01-15 17:32:08 UTC

Backport new upstream release to 14.10 (LP: #1411325)

Author: Marc Deslauriers
Revision Date: 2015-02-25 08:57:22 UTC

* SECURITY UPDATE: denial of service via endless loop in getaddr_r
  - debian/patches/any/cvs-getnetbyname.diff: iterate over alias names in
    resolv/nss_dns/dns-network.c.
  - CVE-2014-9402
* SECURITY UPDATE: buffer overflow in wscanf
  - debian/patches/any/cvs-wscanf.diff: calculate correct size in
    stdio-common/vfscanf.c, added test to stdio-common/tst-sscanf.c.
  - CVE-2015-1472
  - CVE-2015-1473

Author: Marc Deslauriers
Revision Date: 2015-02-25 08:57:22 UTC

* SECURITY UPDATE: denial of service via endless loop in getaddr_r
  - debian/patches/any/cvs-getnetbyname.diff: iterate over alias names in
    resolv/nss_dns/dns-network.c.
  - CVE-2014-9402
* SECURITY UPDATE: buffer overflow in wscanf
  - debian/patches/any/cvs-wscanf.diff: calculate correct size in
    stdio-common/vfscanf.c, added test to stdio-common/tst-sscanf.c.
  - CVE-2015-1472
  - CVE-2015-1473

Author: Marc Deslauriers
Revision Date: 2015-02-24 08:41:04 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  multiple security issues
  - debian/patches-freetype/CVE-2014-96xx/*.patch: backport a large
    quantity of upstream commits to fix multiple security issues.
  - CVE-2014-9656
  - CVE-2014-9657
  - CVE-2014-9658
  - CVE-2014-9659
  - CVE-2014-9660
  - CVE-2014-9661
  - CVE-2014-9662
  - CVE-2014-9663
  - CVE-2014-9664
  - CVE-2014-9665
  - CVE-2014-9666
  - CVE-2014-9667
  - CVE-2014-9668
  - CVE-2014-9669
  - CVE-2014-9670
  - CVE-2014-9671
  - CVE-2014-9672
  - CVE-2014-9673
  - CVE-2014-9674
  - CVE-2014-9675

Author: Marc Deslauriers
Revision Date: 2015-02-24 08:41:04 UTC

* SECURITY UPDATE: denial of service and possible code execution via
  multiple security issues
  - debian/patches-freetype/CVE-2014-96xx/*.patch: backport a large
    quantity of upstream commits to fix multiple security issues.
  - CVE-2014-9656
  - CVE-2014-9657
  - CVE-2014-9658
  - CVE-2014-9659
  - CVE-2014-9660
  - CVE-2014-9661
  - CVE-2014-9662
  - CVE-2014-9663
  - CVE-2014-9664
  - CVE-2014-9665
  - CVE-2014-9666
  - CVE-2014-9667
  - CVE-2014-9668
  - CVE-2014-9669
  - CVE-2014-9670
  - CVE-2014-9671
  - CVE-2014-9672
  - CVE-2014-9673
  - CVE-2014-9674
  - CVE-2014-9675

Author: Marc Deslauriers
Revision Date: 2015-02-16 13:42:46 UTC

* SECURITY UPDATE: heap overflow via block group descriptor information
  - debian/patches/CVE-2015-0247.patch: limit first_meta_bg in
    lib/ext2fs/closefs.c, lib/ext2fs/openfs.c.
  - CVE-2015-0247
* SECURITY UPDATE: buffer overflow in closefs()
  - debian/patches/CVE-2015-1572.patch: properly check against
    fs->desc_blocks in lib/ext2fs/closefs.c.
  - CVE-2015-1572

Author: Marc Deslauriers
Revision Date: 2015-02-16 13:42:46 UTC

* SECURITY UPDATE: heap overflow via block group descriptor information
  - debian/patches/CVE-2015-0247.patch: limit first_meta_bg in
    lib/ext2fs/closefs.c, lib/ext2fs/openfs.c.
  - CVE-2015-0247
* SECURITY UPDATE: buffer overflow in closefs()
  - debian/patches/CVE-2015-1572.patch: properly check against
    fs->desc_blocks in lib/ext2fs/closefs.c.
  - CVE-2015-1572

Author: Marc Deslauriers
Revision Date: 2015-02-20 08:09:50 UTC

* Update ca-certificates database to 20141019 (LP: #1423904):
  - backport changes from the Ubuntu 15.04 20141019 package

Author: Felix Geyer
Revision Date: 2015-02-23 19:18:17 UTC

No-change backport to utopic (LP: #1424454)

Author: Marc Deslauriers
Revision Date: 2015-02-20 08:09:50 UTC

* Update ca-certificates database to 20141019 (LP: #1423904):
  - backport changes from the Ubuntu 15.04 20141019 package

Author: Kaj Ailomaa
Revision Date: 2015-02-23 12:52:53 UTC

Fix install path (LP: #1419930)

Author: Felix Geyer
Revision Date: 2015-02-21 22:51:27 UTC

No-change backport to utopic (LP: #1420154)

Author: Felix Geyer
Revision Date: 2015-02-21 22:54:41 UTC

No-change backport to utopic (LP: #1416828)

Author: Felix Geyer
Revision Date: 2015-02-21 22:45:28 UTC

No-change backport to utopic (LP: #1415175)

Author: Corey Bryant
Revision Date: 2015-02-20 14:50:33 UTC

debian/patches/sslwrap.diff: Fall back to old behavior if SSLContext
not available (LP: #1423675).

Author: Corey Bryant
Revision Date: 2015-02-20 14:57:04 UTC

Revert revno 25

Author: Chuck Short
Revision Date: 2015-02-19 20:24:39 UTC

debian/patches/sslwrap.diff: Fall back to old behavior if SSLContext
not available (LP: #1423675).

Author: Corey Bryant
Revision Date: 2015-02-19 19:40:51 UTC

debian/patches/sslwrap.diff: Fall back to old behavior if SSLContext
not available (LP: #1423675).

Author: Michael Vogt
Revision Date: 2015-02-19 12:34:23 UTC

* debian/patches/10-blue-ray-bug713016.patch:
  - apply patch from Thomas Schmitt to fix in session closing
    on blue ray (closes: #713016), LP: #1113679

Author: Mathieu Trudel-Lapierre
Revision Date: 2015-02-18 09:03:10 UTC

* debian/control: update maintainer.
* debian/patches/git_fix_compare_sizes_895b702a.patch: fix data size in
  compare function, avoids using a duplicate boot var for newly created
  entries in the boot manager. (LP: #1363719)

Author: Mathieu Trudel-Lapierre
Revision Date: 2015-02-16 15:19:52 UTC

* Update release name and version for Utopic. (LP: #1419955)
* Add note and example for 'd-i live-installer/net-image', which is now
  required to let the installer know where the preinstalled squashfs can
  be reached. (LP: #1368700)

Author: Richard Hansen
Revision Date: 2015-02-11 12:13:52 UTC

Discard extra "M" response lines when reading the server's
version. (LP: #1413084)

Author: Marc Deslauriers
Revision Date: 2015-02-17 14:10:47 UTC

* SECURITY UPDATE: heap overflow in charset_to_intern()
  - debian/patches/20-unzip60-alt-iconv-utf8: updated to fix buffer
    overflow in unix/unix.c.
  - CVE-2015-1315
* SECURITY REGRESSION: regression with executable jar files
  - debian/patches/09-cve-2014-8139-crc-overflow: updated to fix
    regression.
* SECURITY REGRESSION: regression with certain compressed data headers
  - debian/patches/12-cve-2014-9636-test-compr-eb: updated to fix
    regression.

Author: Marc Deslauriers
Revision Date: 2015-02-17 14:10:47 UTC

* SECURITY UPDATE: heap overflow in charset_to_intern()
  - debian/patches/20-unzip60-alt-iconv-utf8: updated to fix buffer
    overflow in unix/unix.c.
  - CVE-2015-1315
* SECURITY REGRESSION: regression with executable jar files
  - debian/patches/09-cve-2014-8139-crc-overflow: updated to fix
    regression.
* SECURITY REGRESSION: regression with certain compressed data headers
  - debian/patches/12-cve-2014-9636-test-compr-eb: updated to fix
    regression.

Author: Felipe Reyes
Revision Date: 2015-02-04 17:07:53 UTC

Wait until the puppet and puppetmaster daemons are actually stopped
before returning (LP: #1315021)

Author: Seyeong Kim
Revision Date: 2015-02-02 16:15:31 UTC

support postfix/protocols (LP: #583216)

Author: Tim Lunn
Revision Date: 2015-01-31 09:00:30 UTC

No change rebuild for ABI break in libgnome-control-center (LP: #1379446)

Author: Richard Hansen
Revision Date: 2015-02-15 23:28:38 UTC

Discard extra "M" response lines when reading the server's
version. (LP: #1413084)

Author: Chuck Short
Revision Date: 2015-02-13 15:28:25 UTC

[ Corey Bryant ]
/d/p/mongodb-autoreconnect.patch: Dropped as it is breaking
ceilometer-dbsync (LP: #1421663).

Author: Chuck Short
Revision Date: 2015-02-13 15:28:25 UTC

[ Corey Bryant ]
/d/p/mongodb-autoreconnect.patch: Dropped as it is breaking
ceilometer-dbsync (LP: #1421663).

Author: Richard Hansen
Revision Date: 2015-02-04 16:11:03 UTC

Enable hmac-sha2-256 and hmac-sha2-512 MAC algorithms (LP: #1409798)

Author: Scott Talbert
Revision Date: 2014-12-06 22:49:13 UTC

Add patch from upstream which enables ddclient to find Digest::SHA to
fix FreeDNS support (LP: #1068884)