====================================== Sat, 12 Oct 2013 - Debian 7.2 released ====================================== ========================================================================= [Date: Sat, 12 Oct 2013 09:54:00 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: jclicmoodle | 0.1.0.11-1 | source, all Closed bugs: 718050 ------------------- Reason ------------------- requires missing moodle ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 12 Oct 2013 09:54:53 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: dactyl | 1.0~rc1-1 | source xul-ext-pentadactyl | 1.0~rc1-1 | all Closed bugs: 722884 ------------------- Reason ------------------- incompatible with Iceweasel 17 ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 12 Oct 2013 09:55:37 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: turpial | 1.6.9-1 | source, all Closed bugs: 714023 ------------------- Reason ------------------- broken by Twitter changes ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 12 Oct 2013 09:56:27 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: python-xpcom | 1:9.0~hg20111212-2 | amd64, armel, armhf, i386, ia64, kfreebsd-amd64, kfreebsd-i386, mips, mipsel, powerpc, s390, s390x, sparc pyxpcom | 1:9.0~hg20111212-2 | source Closed bugs: 723110 ------------------- Reason ------------------- incompatible with Iceweasel 17 ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 12 Oct 2013 09:57:11 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: edbrowse | 3.4.8-2 | source, amd64, armel, armhf, i386, ia64, mips, mipsel, powerpc, s390, s390x, sparc Closed bugs: 723114 ------------------- Reason ------------------- incompatible with Iceweasel 17 ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 12 Oct 2013 09:57:57 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: chmsee | 1.99.10-1 | source, amd64, armel, armhf, i386, ia64, kfreebsd-amd64, kfreebsd-i386, mips, mipsel, powerpc, s390, s390x, sparc Closed bugs: 723116 ------------------- Reason ------------------- fails to build with Iceweasel 17 ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 12 Oct 2013 10:23:23 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: xul-ext-firetray | 0.3.6-2 | amd64, armel, armhf, i386, ia64, kfreebsd-amd64, kfreebsd-i386, mips, mipsel, powerpc, s390, s390x, sparc ------------------- Reason ------------------- [auto-cruft] obsolete arch any package ---------------------------------------------- ========================================================================= adblock-plus (2.1-1+deb7u1) stable-security; urgency=low . * Non-maintainer upload. * Declare compatibility with more recent Iceweasel. Fixes coinstallability of Gnome and Icedove. Patch by Benjamin Drung. (Closes: #715222) apr (1.4.6-3+deb7u1) stable; urgency=low . * Don't override CFLAGS and LDFLAGS during build. This fixes the debug information being useless. Closes: #703466 atlas (3.8.4-9+deb7u1) wheezy; urgency=low . * Non-maintainer upload. * libatlas3gf-base: Add Breaks: octave3.2 (Closes: #706328) This fixes some upgrade paths by removing the obsolete octave3.2 (and its triggers) a bit earlier. This is a workaround for dpkg bug #671711: dpkg may run trigger processing for a package even if its dependencies are not satisfied. The octave3.2 triggers may be run in such a state (with liblapack* and libblas* unpacked but unconfigured, therefore the alternatives may not be setup or dangling) and will fail, aborting the upgrade, even if octave3.2 would be removed later anyway. Similar Breaks exist in libblas3 and libarpack2 to cover more incarnations of this bug. base-files (7.1wheezy2) stable; urgency=low . * Changed /etc/debian_version to 7.2, for Debian 7.2 point release. bind9 (1:9.8.4.dfsg.P1-6+nmu2+deb7u1) wheezy-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2013-4854: A specially crafted query that includes malformed rdata can cause named to terminate with an assertion failure while rejecting the malformed query. (Closes: #717936). bind9 (1:9.8.4.dfsg.P1-6+nmu2+deb7u1~bpo60+1) squeeze-backports; urgency=low . * Rebuild for squeeze-backports. . bind9 (1:9.8.4.dfsg.P1-6+nmu2+deb7u1) wheezy-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2013-4854: A specially crafted query that includes malformed rdata can cause named to terminate with an assertion failure while rejecting the malformed query. (Closes: #717936). cacti (0.8.8a+dfsg-5+deb7u2) wheezy-security; urgency=high . * Security upload * Fix Cross site scripting in host.php and install/index.php (upstream bug 2383) CVE-2013-5588 * Fix SQL injection in host.php (upstream bug 2383) CVE-2013-5589 cacti (0.8.8a+dfsg-5+deb7u1) wheezy-security; urgency=high . * Security upload * Add patches to fix SQL or command line injection via snmp settings or graph creation or edition that allows privileged users to execute arbitrary SQL commands or command line commands. - CVE-2013-1434 cacti_snmp_sql_injection_CVE-2013-1434.patch - CVE-2013-1435 cacti_snmp_escape_string_CVE-2013-1435.patch fix_quoting_in_rrd_command_CVE-2013-1435.patch * CVE-2013-1435 fix causes a regression in the handling of empty COMMENT lines in the rrd legend. Fixed by upstream: fix_COMMENT_in_graph_regression_from_CVE-2013-1435.patch chromium-browser (29.0.1547.57-1~deb7u1) stable-security; urgency=high . * New upstream stable release: - High CVE-2013-2900: Incomplete path sanitization in file handling. Credit to Krystian Bigaj. - Low CVE-2013-2905: Information leak via overly broad permissions on shared memory files. Credit to Christian Jaeger. - High CVE-2013-2901: Integer overflow in ANGLE. Credit to Alex Chapman. - High CVE-2013-2902: Use after free in XSLT. Credit to cloudfuzzer. - High CVE-2013-2903: Use after free in media element. Credit to cloudfuzzer. - High CVE-2013-2904: Use after free in document parsing. Credit to cloudfuzzer. - CVE-2013-2887: Various fixes from internal audits, fuzzing and other initiatives (Chrome 29). chromium-browser (28.0.1500.95-3) unstable; urgency=medium . * Fix placement of -fuse-ld=gold in ldflags. chromium-browser (28.0.1500.95-2) unstable; urgency=medium . * Use -fuse-ld=gold instead of binutils-gold. * Drop libv8-dev build-dependency. chromium-browser (28.0.1500.95-1) unstable; urgency=medium . * New upstream stable release: - Medium CVE-2013-2881: Origin bypass in frame handling. Credit to Karthik Bhargavan. - High CVE-2013-2882: Type confusion in V8. Credit to Cloudfuzzer. - High CVE-2013-2883: Use-after-free in MutationObserver. Credit to Cloudfuzzer. - High CVE-2013-2884: Use-after-free in DOM. Credit to Ivan Fratric of Google Security Team. - High CVE-2013-2885: Use-after-free in input handling. Credit to Ivan Fratric of Google Security Team. - High CVE-2013-2886: Various fixes from internal audits, fuzzing and other initiatives. chromium-browser (28.0.1500.95-1~deb7u1) stable-security; urgency=high . * New upstream stable release: - Medium CVE-2013-2881: Origin bypass in frame handling. Credit to Karthik Bhargavan. - High CVE-2013-2882: Type confusion in V8. Credit to Cloudfuzzer. - High CVE-2013-2883: Use-after-free in MutationObserver. Credit to Cloudfuzzer. - High CVE-2013-2884: Use-after-free in DOM. Credit to Ivan Fratric of Google Security Team. - High CVE-2013-2885: Use-after-free in input handling. Credit to Ivan Fratric of Google Security Team. - High CVE-2013-2886: Various fixes from internal audits, fuzzing and other initiatives. chromium-browser (28.0.1500.71-2) unstable; urgency=medium . * Disable armhf. * Remove outdated patches. * Eliminate special handling for old compiler versions. chromium-browser (28.0.1500.71-1) unstable; urgency=medium . [ Michael Gilbert ] * New upstream stable release: - Low CVE-2013-2867: Block pop-unders in various scenarios. - High CVE-2013-2879: Confusion setting up sign-in and sync. Credit to Andrey Labunets. - Medium CVE-2013-2868: Incorrect sync of NPAPI extension component. Credit to Andrey Labunets. - Medium CVE-2013-2869: Out-of-bounds read in JPEG2000 handling. Credit to Felix Groebert of Google Security Team. - Critical CVE-2013-2870: Use-after-free with network sockets. Credit to Collin Payne. - Medium CVE-2013-2853: Man-in-the-middle attack against HTTP in SSL. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco at INRIA Paris. - High CVE-2013-2871: Use-after-free in input handling. Credit to miaubiz. - High CVE-2013-2873: Use-after-free in resource loading. Credit to miaubiz. - Medium CVE-2013-2875: Out-of-bounds-read in SVG. Credit to miaubiz. - Medium CVE-2013-2876: Extensions permissions confusion with interstitials. Credit to Dev Akhawe. - Low CVE-2013-2877: Out-of-bounds read in XML parsing. Credit to Aki Helin of OUSPG. - None: Remove the “viewsource” attribute on iframes. Credit to Collin Jackson. - Medium CVE-2013-2878: Out-of-bounds read in text handling. Credit to Atte Kettunen of OUSPG. - High CVE-2013-2880: Various fixes from internal audits, fuzzing and other initiatives. Credit to Chrome 28 team. * Install mksnapshot. . [ Shawn Landden ] * Enable armhf. * Build with system libwebp when version >= 0.3.0. chromium-browser (28.0.1500.71-1~deb7u1) stable-security; urgency=high . * New upstream stable release: - Low CVE-2013-2867: Block pop-unders in various scenarios. - High CVE-2013-2879: Confusion setting up sign-in and sync. Credit to Andrey Labunets. - Medium CVE-2013-2868: Incorrect sync of NPAPI extension component. Credit to Andrey Labunets. - Medium CVE-2013-2869: Out-of-bounds read in JPEG2000 handling. Credit to Felix Groebert of Google Security Team. - Critical CVE-2013-2870: Use-after-free with network sockets. Credit to Collin Payne. - Medium CVE-2013-2853: Man-in-the-middle attack against HTTP in SSL. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco at INRIA Paris. - High CVE-2013-2871: Use-after-free in input handling. Credit to miaubiz. - High CVE-2013-2873: Use-after-free in resource loading. Credit to miaubiz. - Medium CVE-2013-2875: Out-of-bounds-read in SVG. Credit to miaubiz. - Medium CVE-2013-2876: Extensions permissions confusion with interstitials. Credit to Dev Akhawe. - Low CVE-2013-2877: Out-of-bounds read in XML parsing. Credit to Aki Helin of OUSPG. - None: Remove the “viewsource” attribute on iframes. Credit to Collin Jackson. - Medium CVE-2013-2878: Out-of-bounds read in text handling. Credit to Atte Kettunen of OUSPG. - High CVE-2013-2880: Various fixes from internal audits, fuzzing and other initiatives. Credit to Chrome 28 team. chromium-browser (27.0.1453.110-2) unstable; urgency=low . [ Michael Gilbert ] * Use default gcc. * Enable verbose build. * Support gcc 4.8 (closes: #701256). * Disable pie hardening flag due to ffmpeg linking issue. . [ Giuseppe Iuculano ] * Remove hardening-wrapper and switch to dpkg-buildflags. chromium-browser (27.0.1453.110-1) unstable; urgency=low . * New stable release: - Medium CVE-2013-2855: Memory corruption in dev tools API. Credit to "daniel.zulla". - High CVE-2013-2856: Use-after-free in input handling. Credit to miaubiz. - High CVE-2013-2857: Use-after-free in image handling. Credit to miaubiz. - High CVE-2013-2858: Use-after-free in HTML5 Audio. Credit to "cdel921". - High CVE-2013-2859: Cross-origin namespace pollution. Credit to "bobbyholley". - High CVE-2013-2860: Use-after-free with workers accessing database APIs. Credit to Collin Payne. - High CVE-2013-2861: Use-after-free with SVG. Credit to miaubiz. - High CVE-2013-2862: Memory corruption in Skia GPU handling. Credit to Atte Kettunen of OUSPG. - Critical CVE-2013-2863: Memory corruption in SSL socket handling. Credit to Sebastien Marchand of the Chromium development community. - High CVE-2013-2864: Bad free in PDF viewer. Credit to Mateusz Jurczyk, with contributions by Gynvael Coldwind, both from Google Security Team. - High CVE-2013-2865: Various fixes from internal audits, fuzzing and other initiatives. chromium-browser (27.0.1453.110-1~deb7u1) stable-security; urgency=high . * New stable release: - Medium CVE-2013-2855: Memory corruption in dev tools API. Credit to "daniel.zulla". - High CVE-2013-2856: Use-after-free in input handling. Credit to miaubiz. - High CVE-2013-2857: Use-after-free in image handling. Credit to miaubiz. - High CVE-2013-2858: Use-after-free in HTML5 Audio. Credit to "cdel921". - High CVE-2013-2859: Cross-origin namespace pollution. Credit to "bobbyholley". - High CVE-2013-2860: Use-after-free with workers accessing database APIs. Credit to Collin Payne. - High CVE-2013-2861: Use-after-free with SVG. Credit to miaubiz. - High CVE-2013-2862: Memory corruption in Skia GPU handling. Credit to Atte Kettunen of OUSPG. - Critical CVE-2013-2863: Memory corruption in SSL socket handling. Credit to Sebastien Marchand of the Chromium development community. - High CVE-2013-2864: Bad free in PDF viewer. Credit to Mateusz Jurczyk, with contributions by Gynvael Coldwind, both from Google Security Team. - High CVE-2013-2865: Various fixes from internal audits, fuzzing and other initiatives. chromium-browser (27.0.1453.93-1) unstable; urgency=low . * New stable release: - High CVE-2013-2837: Use-after-free in SVG. Credit to Sławomir Błażek. - Medium CVE-2013-2838: Out-of-bounds read in v8. Credit to Christian Holler. - High CVE-2013-2839: Bad cast in clipboard handling. Credit to Jon of MWR InfoSecurity. - High CVE-2013-2840: Use-after-free in media loader. Credit to Nils of MWR InfoSecurity. - High CVE-2013-2841: Use-after-free in Pepper resource handling. Credit to Chamal de Silva. - High CVE-2013-2842: Use-after-free in widget handling. Credit to Cyril Cattiaux. - High CVE-2013-2843: Use-after-free in speech handling. Credit to Khalil Zhani. - High CVE-2013-2844: Use-after-free in style resolution. Credit to Sachin Shinde (@cons0ul). - High CVE-2013-2845: Memory safety issues in Web Audio. Credit to Atte Kettunen of OUSPG. - High CVE-2013-2846: Use-after-free in media loader. Credit to Chamal de Silva. - High CVE-2013-2847: Use-after-free race condition with workers. Credit to Collin Payne. - Medium CVE-2013-2848: Possible data extraction with XSS Auditor. Credit to Egor Homakov. - Low CVE-2013-2849: Possible XSS with drag+drop or copy+paste. Credit to Mario Heiderich. chrony (1.24-3.1+deb7u2) wheezy-security; urgency=low . * CVE-2013-4502, CVE-2013-4503 coherence (0.6.6.2-6+deb7u1) stable; urgency=low . * Patched for missing attribute exceptions; Fixes incompatibilities with newer Twisted releases (Closes: #664027). cookie-monster (1.1.0-5~deb7u1) wheezy; urgency=low . * Team upload * Upload to stable (Closes: #711847) cups (1.5.3-5+deb7u1) stable; urgency=low . [ Tim Waugh ] * dnssd backend: don't crash if avahi gives a callback with no TXT record (Closes: #722886) curl (7.26.0-1+wheezy4) stable-proposed-updates; urgency=low . * Add 09_reset-timecond.patch (Closes: #705783, #719300) curl (7.26.0-1+wheezy3) stable-security; urgency=high . * Fix URL decode buffer boundary flaw as per CVE-2013-2174 http://curl.haxx.se/docs/adv_20130622.html * Set urgency=high accordingly davfs2 (1.4.6-1.1+deb7u1) stable-security; urgency=low . * Fix CVE-2013-4362: Unsecure use of system(). Closes: #723034 dbus (1.6.8-1+deb7u1) wheezy-security; urgency=high . * CVE-2013-2168: add patch to avoid a user-triggerable crash (denial of services) in system services that use libdbus debian-edu (1.713+deb7u1) wheezy; urgency=low . * Drop chmsee from education-tasks-lxde recommends, as it will be removed from wheezy (and sid+jessie) due to being discontinued upstream and because of #722401 and #724040. * Drop debian-edu-config-gosa-netgroups from main-server recommends, as per (unfinished!) discussion in #725311. debian-edu (1.713) unstable; urgency=low . [ Mike Gabriel ] * Add myself to Uploaders: field. * tasks/common: Refrain from avoiding apt-file as it is a dependency of the command-not-found package. (Closes: #719328). . [ Petter Reinholdtsen ] * Move all metapackages to the metapackages section (Closes: #720199). * Added kdepim-groupware to the desktop-kde task to make sure korganizer understand ical/dav calendar sources. debian-edu (1.712) unstable; urgency=low . [ Holger Levsen ] * Really remove Werner from uploaders - thanks again, Werner! * Use canonical Vcs-fields: in debian/control. . [ Petter Reinholdtsen ] * Recommend ksshaskpass in the desktop-kde task, ssh-askpass-gnome in the desktop-gnome task and ssh-askpass in the desktop-lxde and desktop-xfce tasks, to make sure ssh login work also for GUI users. * Make a note in the roaming-workstation task that the dependency on libpam-cracklib should be removed in jessie. * Recommend command-not-found in the common task, to make it easier for new command line users find the packages they need to install to get the program they want to run. * Allow xfce4-terminal on the ISOs to make sure desktop=xfce installs work with the USB stick ISO. Thanks to Wolfgang Schweer for discovering the problem. . [ Wolfgang Schweer ] * Replace tftp with tftp-hpa in the thin-client-server task to get tftp-hpa contained in the USB iso file. (See bug #718727) debian-edu (1.711) unstable; urgency=low . [ Petter Reinholdtsen ] * Add bluedevil to the desktop-kde task, to make sure bluetooth support is included by default in KDE. * Add blueman to the desktop-xfce and desktop-lxde tasks, to make sure bluetooth support is included by default in Xfce and LXDE. * Change valgrind from suggests to recommends in the common task, to make it easier to debug crash bugs without Internet access. * Change krfb, krdc from suggests to recommends in the desktop-kde task, after verifying that it work, to make the support task easier for the local sysadmin. * Remove Morten Werner Forsbring from uploaders. Thank you Werner for all your good work. debian-edu (1.710) unstable; urgency=low . [ Petter Reinholdtsen ] * Switch all tasks to list mplayer2 instead of mplayer, as mplayer2 is the package preferred by gecko-mediaplayer. * Move fonts-larabie-deco in desktop-other task from recommends to suggests, as it is in non-free and we try to avoid non-free packages when we can. * Switch roaming-workstation task form wicd to network-manager, as wicd is not working out of the box on the laptops I have tested. . * Uploaded to the Debian Edu archive as debian-edu 1.710~81262: . [ Petter Reinholdtsen ] * Suggests freeplane in the misc task, as it is the preferred mind mapping tool in the Uberstudent distribution. * Add helper script edu-tasksel-setup which is useful for setting up and tearing down diverts before running tasksel. It can be used to reduce the code duplication in debian-edu-install and debian-edu-config. * Change goplay in desktop-other from recommends to suggests, as golearn is useless in wheezy with the level of use::learning tagging present there. goplay should be reintroduced in Jessie instead. * Reduce killer in networked-common task from recommends to ignore, as it no longer work properly with X.org users. . * Uploaded to the Debian Edu archive as debian-edu 1.710~81083: . [ Holger Levsen ] * tasks: Drop xdrawchem, xjig and xsok from our tasks as they don't have a proper desktop menu entry and thus won't show up now that menu-xdg was removed. . [ Petter Reinholdtsen ] * Update d-i netboot package names from 6.0 to 7.0, to work with Wheezy. * Drop obsolete lwat from the main-server task. . * Uploaded to the Debian Edu archive as debian-edu 1.710~80808: . [ Holger Levsen ] * Remove menu-xdg from tasks/desktop-kde. See #502192 and http://lists.debian.org/201306162325.37014.holger@layer-acht.org * Replace transitional dummy fonts packages in tasks with their real dependend packages. * task/misc: Replace transitional tilp package with tilp2. * task/common: Replace transitional hpijs and pnm2ppa packages with hpijs-ppds and printer-driver-pnm2ppa. * task/desktop-kde: Replace transitional kdegraphics-strigi-plugins with kdegraphics-strigi-analyzer and kdegraphics-thumbnailers. * task/graphic: Replace transitional scribus-ng and qcad packages with scribus and librecad. * task/desktop-other: Replace transitional djvulibre-plugin package with djview-plugin. * task/desktop-gnome: Replace transitional gnome-desktop-environment package with gnome. * Bump Standards-Version to 3.9.4. . * Uploaded to the Debian Edu archive as debian-edu 1.710~80772: . [ Holger Levsen ] * debian/control, Vcs* headers: Replace svn.debian.org with anonscm.debian.org. * Drop ispell dictionaries from all tasks as its only used by emacs. * Recommend mythes-$LANG packages instead of the transitional dummy openoffice.org-thesaurus-$LANG packages. Same for hyphen-$LANG and openoffice.org-hyphenation-$LANG. debian-edu (1.709) unstable; urgency=low . [ Holger Levsen ] * Add lintian-overrides for education-desktop-xfce (see #708879). . * Uploaded to the Debian Edu archive as debian-edu 1.709~svn80382: . [ Petter Reinholdtsen ] * Change default display manager for KDE, LXDE and Xfce from gdm3 (which pull in gnome), to kdm and lightdm, to avoid getting an unwanted Gnome desktop. * Change desktop-* to list x-display-manager as allowed alternative for the selected display manager to make it easier to pick another display manager for those that need to. . * Uploaded to the Debian Edu archive as debian-edu 1.709~svn80336: . [ Petter Reinholdtsen ] * Make sure the new task desktop-xfce pull in a display manager. I selected gdm, which is the same as Gnome is using, and which is the most feature complete one. kdm and lightdm would work too. * Change desktop-kde and desktop-lxde to use gdm3 too, to only have to configure one display manager. * Raise gtick from suggests to depends in the music task, as gtick now should work with pulseaudio, and thus on thin clients, as bug #566335 is fixed. * Raise lingot from suggests to depends in the music task, to include a graphical instrument tuning tool in the default installation. * Recommend xoscope in the electronics task, to provide a digital software oscilloscope in the default installation. * Add pianobooster as depend in the music task, based on recommondation from Thomas Goirand. debian-edu (1.708) unstable; urgency=low . [ Holger Levsen ] * Add lintian-overrides for all binary packages affected by #708879. * Add debian/source.lintian-overrides to suppress the unknown-field-in-dsc warning. * Bump Standards-Version to 3.9.4. . [ Wolfgang Schweer ] * tasks/desktop-lxde: Replace unmaintained package epdfview with evince-gtk. (Closes: #708706) . [ Petter Reinholdtsen ] * Add new task desktop-xfce, to provide an even more lightweight option than LXDE. XFCE is the third most used desktop environment in Debian. * Switch from vnc4server to tightvncserver as the xrdp backend, as it seem to be be more up to date and actively maintained. debian-edu (1.707) unstable; urgency=low . [ Holger Levsen ] * README.source: better explain how to actually build this package today. * debian/control: remove obsolete XS-DM-Upload-Allowed: field. . [ Wolfgang Schweer ] * Add gosa-desktop to Depends of desktop-lxde, cause LXDE menu lacks a menu entry for password change (website) otherwise. * Move gosa-desktop from tasks/desktop-lxde to tasks/networked to provide a consistent menu entry for all desktop environments. debian-edu (1.706) unstable; urgency=low . [ Petter Reinholdtsen ] * Move libnss-myhostname from the common to the roaming-workstation task, to avoid messing up Nagios checks with the problem reported as BTS #705900. It should move back when the bugs is fixed. * Recommend goplay in the desktop-other task, to make it easy for users to find educational software in Debian. * Adjust to the many versions of celestia. Change astronomy task to depend on celestia-kde | celestia-gnome | celestia-glut | celestia instead of the dummy package celestia. * Correct APT source codename in sources.list.wheezy-test, replace testing with wheezy. debian-edu (1.705) unstable; urgency=low . [ Petter Reinholdtsen ] * Move all mind mapping tools to the misc task. Promote freemind from Ignore to Recommends , as it was suggested as a application to install by default by Nigel Barker instead of vym. Demote vym from Depends to suggests based on his recommendation. * List icedtea-6-plugin as the prefered package over icedtea6-plugin, to match the proper package name in Wheezy. * Recommend ttf-larabie-deco font in desktop-other, based on recommendation from Nigel Barker. * Recommend bluefish, drpython, gvrng and python-easygui in the development task, for HTML and python development. * Ignore escputil in the common task to put it on our watch list. It is a tool useful for Epson printer owners. * Prefer browser-plugin-gnash over mozilla-plugin-gnash in the desktop-other task, to use the new package name in Wheezy. Ignore browser-plugin-lightspark in the same task to put it on our watch list. * Add chromium alongside iceweasel in the desktop-other task, for the pages that do not work well with konqueror and iceweasel, and for the times when iceweasel refuse to start. Remove obsolete comment about CD installs from task file. * Change Japanese support based on input from Nigel Barker. Remove all scim packages and only use ibus-anthy instead. . [ Wolfgang Schweer ] * Remove localization-config from Depends in tasks/other; last usage seems to actually have been in Lenny to configure kde correctly. * Remove mentioning of localization-config in tasks/desktop-other; maybe the Recommends for various spellcheckers should be revised, cause localization-config once has been used (?) to configure the default ispell directory. debian-edu (1.704) unstable; urgency=low . * uploaded to the Debian Edu archive as 1.704~svn79606: . [ Petter Reinholdtsen ] * Depend on scratch in the education-misc task, to put it on our list of provided packages. . [ Wolfgang Schweer ] * tasks/desktop-lxde: Drop gdm3 from depends as this pulls in too much packages belonging to desktop-gnome. Remove lightdm from avoids, cause lightdm will be used as display manager. . * uploaded to the Debian Edu archive as 1.704~svn79605: . [ Wolfgang Schweer ] * Replace gdm with gdm3, cause gdm isn't available anymore: - Replace gdm with gdm3 in task files desktop-gnome, desktop-lxde, and desktop-sugar. - Replace gdm3 with lightdm in Avoid of task file desktop-lxde. * Raise gosa-plugin-goto from Suggests to Depends, to be able to have more types than just net-devices when adding systems using GOsa². (More changes concerning this issue will take place in d-e-config.) * Downgrade malted (task language) from Depends to Suggests, cause a Debian package isn't available. * Downgrade ejs (task physics) from Depends to Suggests, cause a Debian package isn't available. . * uploaded to the Debian Edu archive as 1.704~svn79539: . [ Wolfgang Schweer ] * Add dnsutils and iputils-ping to thin-client depends, as dig and ping are required for init-ltsp to work properly. . * uploaded to the Debian Edu archive as 1.704~svn79477: . [ Wolfgang Schweer ] * Move from openoffice.org to libreoffice in task files. - Rename most package names. - For some reason thesaurus and hyhenation packages still have openoffice.org in their names, so keep those. - Replace mozilla-openoffice.org with browser-plugin-libreoffice. debian-edu (1.703) unstable; urgency=low . [ Wolfgang Schweer ] * Add debian-edu-config-gosa-netgroups to main-server depends. * Add dovecot-gssapi to main-server depends, cause Kerberos support is now covered in a separate package). . [ Holger Levsen ] * Add sources.list.wheezy-test for Debian development needs. * Update sources.list.squeeze-test to reflect that squeeze is stable remove references to non-US from sources.list.stable. * Update debian-edu-tasks.desc and debian/control after running make-dist (which distribution set to wheezy-test in debian/changelog) and building the resulting source archive. (This is described in README.source) debian-edu-artwork (0.45-1+deb7u1) wheezy; urgency=low . * No change upload targeted at wheezy-proposed-update for the upcoming 7.2 release. debian-edu-artwork (0.45-1) unstable; urgency=low . [ Petter Reinholdtsen ] * Adjust makefile to get 'make distcheck' almost working. . [ Holger Levsen ] * Bump to new upstream version to upload as non-native. * Add librsvg2-bin to build-depends. debian-edu-artwork (0.44-1) unstable; urgency=low . [ Wolfgang Schweer ] * Fix grub image (colour space: indexed -> RGB; density 72x72). . [ Petter Reinholdtsen ] * Build grub image from SVG using convert from imagemagick, optipng, advancecomp. Add these as build dependencies. debian-edu-artwork (0.43-1) unstable; urgency=low . [ Holger Levsen ] * art/splash/debian-edu-splash.png: update file to correct size: 640 x 480. . [ Wolfgang Schweer ] * Replace art/kdm-theme/background.svg with another file of size 1600x1200, hopefully working correctly for all resolutions. (Closes: #717526) * Update art/kdm-theme/README. * art/kdm-theme/KdmGreeterTheme.desktop: fix typo. * art/ksplash-theme/description.txt: clarify information about the rectangle image. (Really: force description.txt to be updated in svn, cause the file shipped with version 0.42-1 was not a correct description file, though the svn version seemed to be correct.) ksplash should work again. debian-edu-artwork (0.42-1) unstable; urgency=low . * Add new colorful shiny artwork from Christoph Muetze in art/playground/wheezy. * Update all artwork based on the sources in art/playground/wheezy. (Some previews / screenshots are still missing.) * Bump version number to indicate package is somewhat mature by now. * debian/update-artwork: fix update-alternatives removal call in restore_desktop_background(). (Closes: #716863) * Fix typo in debian/copyright, thanks lintian. debian-edu-artwork (0.0.41-1) unstable; urgency=low . [ Petter Reinholdtsen ] * Remove Morten Werner Forsbring from uploaders. Thank you Werner for all your good work. . [ Wolfgang Schweer ] * Replace svg file with aspect ratio 5:4 (1280x1024) with another (fake) one working correctly with both GNOME and KDE. * List this file once again in debian-edu.xml. * Add update-alternatives removal for desktop-background. (Closes: #716863) debian-edu-artwork (0.0.40-1) unstable; urgency=low . * Uploaded to the Debian Edu archive as debian-edu-artwork 0.0.40-1~svn81537: . [ David Prévot ] * Let debhelper handle dpkg-maintscript-helper. . [ Petter Reinholdtsen ] * Add dependency on libglib2.0-bin to make sure the code to enable the gdm3 artwork find glib-compile-schemas. * Build-depend on debhelper (>= 8.1.0~) to get version supporting *.maintscript to handle dpkg-maintscript-helper. . * Uploaded to the Debian Edu archive as debian-edu-artwork 0.0.40-1~svn81520: . [ Wolfgang Schweer ] * Configuration of gdm3: - Drop file /etc/gdm3/greeter.gsettings, as this approach fails, if gdm3 is installed after the artwork package; remove diversion. - Use schema override file to configure gdm3: /usr/share/glib-2.0/schemas/20_debian-edu.gschema.override - Call 'glib-compile-schemas /usr/share/glib-2.0/schemas/' to activate the overrides (function in script 'update-artwork'). - Handle unused diversions. (Closes: #715153) - Remove useless whitespace in update-artwork. . [ Petter Reinholdtsen ] * Adjust debian-edu-artwork.postinst and debian-edu-artwork.prerm to handle cleanup of previoiusly diverted files as I believe it must be done. . [ Wolfgang Schweer ] * RTFM: Use dpkg-maintscript-helper to remove the conffile. * Fix typos in 20_debian-edu.gschema.override * Drop one fake svg file (aspect ratio 5:4), which scales bad, as listed in debian-edu.xml (should be added later again as real svg). debian-edu-artwork (0.0.39-1) unstable; urgency=low . [ Wolfgang Schweer ] * Create and configure Debian Edu theme, based on the joy theme for kdm: - Reorganize Debian Edu kdm theme to match the new structure; copy joy theme icons for the greeter, move wallpaper images to the new default desktop-base directory /usr/share/images/desktop-base. - Provide scaled images based on debian-edu-wallpaper01_1920x1080.svg by Christop Muetze and on png files by Holger Levsen in Debian Edu theme directory located in desktop-base. (kdm-theme/background.svg has to be repaced with a real svg file.) - Add metadata.desktop for Debian Edu theme directory. - Add screenshot image for Debian Edu theme directory; this image has yet to be updated. - Add 20-desktop-base-edu.js to /usr/share/kde4/apps/plasma-desktop/init/ to set scaled Debian Edu theme images as the default background. * Add myself to AUTHORS. * Try to update and configure the LDM theme: - Copy greeter-gtkrc from ldm ltsp theme. - Add bg.png as background image (same as for other greeters). - Replace logo.png (which would show almost the same once again) with a simple image showing the Text 'LTSP Client Login'. - Raise update-alternatives priority to make it the default theme. - Remove useless links. * Try to configure Gnome desktop to show the background. - Remove obsolete gdm-theme files, use already existing KDE files as common ones (gdm3 will use images/desktop-base/debian-edu.xml). - Add another svg file (based on Christoph ones) with 5:4 ratio (1280x1024) to support this resolution. - Add update-alternatives for desktop-background.xml to auto choose debian-edu.xml (instead of the default joy.xml). - Remove obsolete file defaults.conf (no longer used with gdm3), skip diverting this file. - Add new configuration file /etc/gdm3/greeter.gsettings, which takes over the job from defaults.conf, divert this file. Only purpose is to stop the users list showing up in the greeter; found no way to configure this otherwise. * Add lightdm to Enhances: field in control file. . debian-edu-artwork (0.0.38-1) unstable; urgency=low . * Bump upstream version, appearantly the Debian Edu archive has problems with -2 versions and I have no time to fix this now... . debian-edu-artwork (0.0.37-2) unstable; urgency=low . * Revert this change to debian/rules: - Automatically replace duplicates with symlinks during buildtime to decrease installed package size. debian-edu-artwork (0.0.37-1) unstable; urgency=low . * debian/copyright: Remove outdated infos and add gpl2+ licence. * art/gdm-theme/screenshot.png: Update with Debian Edu wheezy theme. . debian-edu-artwork (0.0.36-1) unstable; urgency=low . [ Wolfgang Schweer ] * /usr/share/wallpapers/debian-edu-wallpaper02_1600x1200.svg is now used to provide login-background.svg for the lightdm greeter. . [ Holger Levsen ] * Drop art/logo (whoich wasn't used in the binary package) and moved it to git://git.debian.org/git/debian-edu/debian-edu-logo.git * Cleanup art/playground some more. * Update README and debian/README.source. * Add myself to AUTHORS. * debian/control: - Add rdfind and symlinks to Build-Depends:. - Make binary package description slightly more verbose. - Add Enhances: field. - Bump Standards-Version to 3.9.4, no changes needed. - Drop ancient and useless Suggests: and Conflicts:. * debian/rules: - Automatically replace duplicates with symlinks during buildtime to decrease installed package size. Thanks to Helmut Grohne and http://wiki.debian.org/dedup.debian.net - simplify new-upstream-version target. * Drop useless debian/watch file. . debian-edu-artwork (0.0.35-1) unstable; urgency=low . [ Wolfgang Schweer ] * Raise update-alternatives priority for the desktop background from 65 to 75 (same as the default joy one), to enable the Debian Edu one again. * Try to configure background for lightdm-greeter: - divert /usr/share/images/login-background.svg - link /usr/share/wallpapers/debian-edu-wallpaper01_1600x1200.png to /usr/share/images/desktop-base/login-background.svg . [ Petter Reinholdtsen ] * Correct order and arguments for dpkg-divert for login-background.svg in preinst. * Correct path to login-background.svg from /usr/share/images/ to /usr/share/images/desktop-base/. . [ Holger Levsen ] * Also use /usr/share/images/desktop-base/login-background.svg in: - art/gdm-theme/20-debian-edu-artwork-settings * Drop unused art/kdm-theme/debian-edu-wallpaper.png. * Update art/kde/debian-edu-wallpaper* based on Christophs new designs. Also ship .svg wallpapers. * Use /usr/share/wallpapers/debian-edu-wallpaper02_1600x1200.png in art/kdm-theme/debian-edu.xml. * Shrink all png files with "optipng -o4 -i0 -fix $file ; advpng -z4 $file". . debian-edu-artwork (0.0.34-1) unstable; urgency=low . [ Holger Levsen ] * debian/control: - Remove obsolete XS-DM-Upload-Allowed: field. - Add Vcs-Browser: and and Vcs-Svn: fields. - Remove Steffen Joeris, Vagrant Cascadian, Jonas Smedegaard and Andreas B. Mundt from Uploaders: field - thanks for all your work! * Compress source .psd files in art/media-cover to reduce source package size by more than three megabyte. * Drop ancient and unused art/splashy and art/wallpapers. * Add new wheezy artwork: (Closes: #706323) - Add sources by Christoph Muetze in art/playground/sources/wheezy based on http://wiki.debian.org/DebianArt/Themes/Joy - Thanks a lot Christoph! - Update art/g-i (move old stuff to art/playground/squeeze). - Update art/splash (used for grub images). . [ Petter Reinholdtsen ] * Add setup for gdm3, adding /usr/share/pixmaps/debian-edu-wallpaper01_1600x1200.png as its background image. SVG image would be better. debian-edu-artwork (0.0.33-4) unstable; urgency=low . [ Petter Reinholdtsen ] * Raise the update-alternatives priority of our grub image from 15 to 50, to make sure it is higher priority than the 20 used by desktop-base for joy-grub.png. This bring our artwork back to grub. debian-edu-doc (1.5~20130920~7.1+deb7u1) wheezy; urgency=low . * Update gbp config for wheezy debian-edu-doc (1.5~20130920~7.1) unstable; urgency=low . * Update images from the wiki . [ Manual translation updates ] * Danish (Joe Hansen) debian-edu-doc (1.5~20130919~7.1) unstable; urgency=low . * Update manual and images from the wiki . [ Manual translation updates ] * Spanish (Norman Garcia) * German (Wolfgang Schweer) * French (Cédric Boutillier) debian-edu-doc (1.5~20130915~7.1) unstable; urgency=low . * Update manual and images from the wiki . [ Wolfgang Schweer ] * Update German images . [ Manual translation updates ] * German (Wolfgang Schweer) * Italian (Italian translation team, Claudio Carboncini, Closes: #717939) * Spanish (Norman Garcia) * French (Cédric Boutillier) * Danish (Joe Hansen) . [ David Prévot ] * Update setup: wiki.d.o is now behind HTTPS only * Turn of SSL certificate checking for retrieving files (thanks to Petter Reinholdtsen for the hint) * Update French images * Sync Squeeze translation debian-edu-doc (1.5~20130727~7.1) unstable; urgency=low . [ Manual translation updates ] * Danish (Joe Hansen) * French (Cédric Boutillier) . [ David Prévot ] * Update French images * Update manual and images from the wiki * Sync Squeeze translations debian-edu-doc (1.5~20130714~7.1) unstable; urgency=low . [ Holger Levsen ] * Update manuals and images from the wiki. . [ Wolfgang Schweer ] * Add a missing German image. . [ Manual translation update ] * German, thanks to Wolfgang Schweer. debian-edu-doc (1.5~20130706~7.1) unstable; urgency=low . * Update manuals and images from the wiki. . [ Holger Levsen ] * debian/control: - Bump standards-version to 3.9.4. - Remove Andreas Mundt from Uploaders: - thanks for all your work Andi! . [ David Prévot ] * Add French images of the installation process. * documentation/scripts/get_manual: Actually ignore the ignorable FIXME. . [ Manual translation update ] * German, thanks to Wolfgang Schweer. . [ Wolfgang Schweer ] * Add German images of the installation process. debian-edu-doc (1.5~20130617~7.1) unstable; urgency=low . * Update manuals and images from the wiki. . [ Manual translation update ] * German, Wolfgang Schweer debian-edu-doc (1.5~20130531~7.0) unstable; urgency=low . * Update manuals and images from the wiki * Add git-buildpackage configuration file * Activate back update from wiki on ravel . [ Manual translation update ] * German, Wolfgang Schweer * Italian, Claudio Carboncini * French, Cédric Boutillier debian-edu-install (1.720+deb7u1) wheezy; urgency=low . * No change upload targeted at wheezy-proposed-update for the upcoming 7.2 release. debian-edu-install (1.720) unstable; urgency=low . * Change version number from 7.1+edu0~b2 to 7.1+edu0 in preparation of the Debian Edu Wheezy release. * Automatic updates of lib/partman/recipes*- at build-time. debian-edu-install (1.719) unstable; urgency=low . [ Petter Reinholdtsen ] * Change version number from 7.1+edu0~b1 to 7.1+edu0~b2 in preparation for beta 2. * Increase max partition size of /var/spool/squid in 92edumain+ws from 4096 to 15360 MiB, to match the sizes of 90edumain and 91edumain+ltsp. * Increase max partition size of /skole/backup from 2048 to 32768, to avoid filling it imediately when the disk is large. debian-edu-install (1.718) unstable; urgency=low . [ Holger Levsen ] * Replaced tabs in previous changelog entry with spaces. . [ Petter Reinholdtsen ] * Change version number from 7.1+edu0~b0 to 7.1+edu0~b1 in preparation for beta 1. debian-edu-install (1.717) unstable; urgency=low . [ Petter Reinholdtsen ] * Update version number to 7.1+edu0~b0 to prepare for beta0. * Document disk usage and adjust minimum and maximum partition sizes to have room for everything that is installed: main-server (tested i386): / min 128 -> 256. /usr min 1024 -> 3648. /var min 640 -> 2048. main-server+workstation (tested i386): / min 128 -> 246. thin-client-server (tested i386): /usr min 11008 -> 11264. main-server+thin-client-server (tested i386): /usr min 11776 -> 11408, max 14336 -> 17408. roaming-workstation (tested i386): /home min 128 -> 320. * Remove Morten Werner Forsbring from uploaders. Thank you Werner for all your good work. debian-edu-install (1.716) unstable; urgency=low . [ Petter Reinholdtsen ] * Drop choose-mirror as a dependency for debian-edu-install-udeb, and instead ask people to specify proxy on the boot prompt to avoid several extra questions during installation. . * Uploaded to the Debian Edu archive as debian-edu-install 1.716~svn81542: . [ Petter Reinholdtsen ] * Adjust debian-edu-profile, making sure proxy settings are used also for netinst CD (and not only for PXE installs), and adjust the load_proxy_conf() function to log what proxy setting is used (closes: #715403). . * Uploaded to the Debian Edu archive as debian-edu-install 1.716~svn81495: . [ Petter Reinholdtsen ] * Document disk usage for a amd64 main-server+thin-client-server installed via PXE and adjust the minimum partition size for /usr from 11115 to 11456 and /opt from 11456 to 11712 on this profile to have room for everything that is needed. * Adjust d-i main-menu ordering, add choose-mirror as dependency of debian-edu-install-udeb before debian-edu-profile-udeb, to make it possible to set the proxy before selecting the profile on the netinst CD. . * Translation updates: - Swedish, thanks to Martin Bagge. (Closes: #714648) debian-edu-install (1.715) unstable; urgency=low . [ Petter Reinholdtsen ] * Fix typos (missing template type) in default-wordlist and default-ispell preseeding. Thanks to Wolfgang Schweer for discovering this. debian-edu-install (1.714) unstable; urgency=low . [ David Prévot ] * Fix another successfull occurrence. . [ Petter Reinholdtsen ] * Allow /boot in all partman recipes to grow to 1 GiB with large disks, to handle more kernels and make it easier to add extra stuff in the grub menu (like memdisk firmware upgraders etc. :) debian-edu-install (1.713) unstable; urgency=low . * Uploaded to the Debian Edu archive as debian-edu-install 1.713~svn81018: . [ Petter Reinholdtsen ] * Do not recognize ISO type (cd_type) 'not_complete' as non-networked ISOs when checking if there is required network during installation, now that the ISO build is patched to set type dvd and bluray for non-complete DVD and Blueray builds. . * Uploaded to the Debian Edu archive as debian-edu-install 1.713~svn80973: . [ Petter Reinholdtsen ] * Recognize bluray and custom ISOs as non-networked ISOs when checking if there is required network during installation. . * Uploaded to the Debian Edu archive as debian-edu-install 1.713~svn80884: . * Update version to "7.1+edu0~a3" (to be consistent with Debian and our manual) in version and make sure previous version "7.0.0+edu+alpha3" is listed in debian/debian-edu-install.postinst. . * Uploaded to the Debian Edu archive as debian-edu-install 1.713~svn80595: . [ Petter Reinholdtsen ] * Preseed dictionaries-common/default-ispell to "Manual symlink setting" as a workaround for dictionary-common asking a strange question about what ispell dictionary to use when installing using some languages (Closes: #641225). . * Translation updates: - Polish, thanks to Mirosław Gabruś. . * Uploaded to the Debian Edu archive as debian-edu-install 1.713~svn80578: . [ Petter Reinholdtsen ] * Preseed dictionaries-common/default-wordlist to "Manual symlink setting" as a workaround for dictionary-common asking a strange question about what wordlist to use when installing using some languages (Partly fixes: #641225). * Rewrite X display detection code in testsuite reporting mechanism to be more robust and work with gdm3. . * Uploaded to the Debian Edu archive as debian-edu-install 1.713~svn80572: . [ Holger Levsen ] * debian/control, Vcs* headers: Replace svn.debian.org with anonscm.debian.org. . [ Petter Reinholdtsen ] * Add support for gdm3 and lightdm to the testsuite reporting mechanism. . * Uploaded to the Debian Edu archive as debian-edu-install 1.713~svn80558: . * Switch default APT source from ftp.skolelinux.org to http.debian.net, to pick a nearby mirror in the most efficient way available today. * Fix typo in postinst introduced in version 1.713~svn80552. . * Uploaded to the Debian Edu archive as debian-edu-install 1.713~svn80552: . [ Petter Reinholdtsen ] * Update version to "7.0.0+edu+alpha3" in version and make sure previous version "7.0.0+edu+alpha2" is listed in debian/debian-edu-install.postinst. . * Translation updates: - Czech, thanks to Miroslav Kure. (Closes: #711077) - Polish, thanks to Mirosław Gabruś. debian-edu-install (1.712) unstable; urgency=low . * Translation updates: - Romanian, thanks to Victor Nițu. - Indonesian, thanks to T. Surya Fajri. (Closes: #710295) - Russian, thanks to Yuri Kozlov. (Closes: #710298) - Japanese, thanks to Kenshi Muto. (Closes: #710578) - Chinese (zh_CH), thanks to Zheng Yu Ji. - Norwegian Bokmål (nb), thanks to by Petter Reinholdtsen. - Italian, thanks to Claudio Carboncini. - Portuguese, thanks to Miguel Figueiredo. (Closes: #710976) - German, thanks to Wolfgang Schweer. - Polish, thanks to Michał Kułach. (Closes: #711111) - Danish, thanks to Joe Dalton. (Closes: #711173) - French, thanks to Jean-Pierre Giraud. - Swedish, thanks to Anders Jonsson (Closes: #711559). . [ Holger Levsen ] * debian-edu-profile-udeb.templates: Make another template untranslatable. . [ Petter Reinholdtsen ] * Fix typo in debian-edu-install/no-errors-found template (successfull->successful), found by Anders Jonsson. * Document disk usage for a main-server+workstation and adjust the minimum partition size for /usr on this profile from 9152 to 11328 to have room for everything that is needed. debian-edu-install (1.711) unstable; urgency=low . [ Holger Levsen ] * debian/rules: Add build-arch: and build-indep: targets. * debian-edu-install.templates and debian/debian-edu-profile-udeb.templates: - Make some new strings translatable. . [ Victor Nițu ] * Add translation for Romanian language. debian-edu-install (1.710) unstable; urgency=low . [ Wolfgang Schweer ] * debian/control: Remove localization-config-udeb from Depends; this package is no longer needed (and now removed from unstable). * preseed-values/defaults.networked: add gosa-desktop config. . [ Petter Reinholdtsen ] * Update version to "7.0.0+edu+alpha2" in version and make sure previous version "7.0.0+edu+alpha0" is listed in debian/debian-edu-install.postinst. * Correct check-script target to make sure it find shell scripts to check also with newer file version. debian-edu-install (1.709) unstable; urgency=low . [ Petter Reinholdtsen ] * Document disk usage for a roaming workstation and adjust the minimum partition size for / on standalone and roaming workstations from 8704 to 11328 to have room for everything that is needed. * Document disk usage for a workstation, and adjust the partition minimum from 8832 og 11072 MiB and maximum from 12288 to 15360 for /usr to have room for everything that is needed. * Document disk usage for a thin client server, and adjust the /usr partition minimum from 8192 to 11584 MiB and maximum from 11264 to 15360, and the /opt partition minimum from -8640 to +11584 MiB and maximum from 11264 to 15360, to have room for everything that is needed. debian-edu-install (1.708) unstable; urgency=low . [ Petter Reinholdtsen ] * Stop trying to install etckeeper in post-base-installer, before APT is set up to fetch packages from the net, to avoid an error because it is missing on the netinst CD. * Change default file system from ext3 to ext4 for speed and reliability, and to bring us in line with Debian proper. debian-edu-install (1.707) unstable; urgency=low . [ Petter Reinholdtsen ] * Make sure to initialize etckeeper (aka run edu-etcvcs init) also in pre-pkgsel, to get it activated also if etckeeper did not fit on the netinst CD. * Change calculation recommended in README to leave 30% free space on partitions because partman some times create partitions smaller than the minimum size specified. * Increase minimum partition size of Main Server+Thin Client Server installs, /usr from 9728 to 11115 MiB and /opt from 10048 to 11456, to avoid having to resize the LVM partitions during installation and get rid of Nagios warnings about full partitions. Also increase the maximum partition size to live some wiggle room. . debian-edu-install (1.706) wheezy-test; urgency=low . * Change calculation recommended in README to leave 20% free space on partitions because partman some times create partitions smaller than the minimum size specified. * Increase minimum partition size of Main Server+Thin Client Server installs, /usr from 9088 to 9728 MiB and /opt from 9344 to 10048, to avoid having to resize the LVM partitions during installation. Update README summary of disk usage after installation for i386 CD install to document the current disk usage. Also increase the maximum partition size to live some wiggle room. debian-edu-install (1.705) unstable; urgency=low . [ Petter Reinholdtsen ] * Remove code added Wolfgang Schweer to finish-install in version 1.702. It is moved to debian-edu-config where it belong. debian-edu-install (1.704) unstable; urgency=low . [ Wolfgang Schweer ] * Fix path to etckeeper (now in /usr/bin instead of /usr/sbin). debian-edu-install (1.703) unstable; urgency=low . [ David Prévot ] * Merge fixes from version 1.529: - Fix messed up headers and charset in PO files. . [ Petter Reinholdtsen ] * Merge fixes from version 1.529: - Change how the profile question is handled, to not load the detected default value if the debconf seen flag is set, to allow the value to be preseeded. - Make preseeding documentation match the realities, by renaming the debian-edu-install/profile-expert template to debian-edu-install/profile (and removing the old debian-edu-install/profile template, thus concluding the test that started 2010-11-05 (Closes: #695107). debian-edu-install (1.702) unstable; urgency=low . [ Holger Levsen ] * Drop obsolete or-depends on libqt-perl. . [ Wolfgang Schweer ] * finish-install: prevent configured network interfaces file from being deleted during execution of d-i netcfg-copy-config. . [ Petter Reinholdtsen ] * Update Standards-Version from 3.9.1 to 3.9.4. No changes needed. * Remove obsolete XS-DM-Upload-Allowed control header. * Avoid whitespace lines in zh_CH and zh_TW debcconf templates. Discovered by lintian. debian-installer (20130613+deb7u1) wheezy; urgency=low . [ Martin Michlmayr ] * Recognize QNAP TS-12x, TS-22x and TS-42x devices. debian-installer-netboot-images (20130613+deb7u1) wheezy; urgency=low . * Update to 20130613+deb7u1 images, from wheezy-proposed-updates. * Update README to document fancy .bN suffix for d-i-n-i when d-i has +bN. * Add a check in get-images.sh to detect wrong binNMU versioning. devscripts (2.12.6+deb7u1) stable; urgency=low . * Fix build-rdeps to work with Wheezy being stable (Closes: #695975) dkimpy (0.5.3-1+deb7u1) wheezy; urgency=low . * Fix Gmail signature verification failures due to improper FWS regular expression - Thanks to Peter Palfrader (weasel) for the patch (Closes: #711751) dpkg (1.16.12) stable; urgency=low . * Fix value caching in Dpkg::Arch by not shadowing the variables. Closes: #724949 dpkg (1.16.11) stable; urgency=low . [ Raphaël Hertzog ] * Fix usage of non-existent _() function in multiple places of the Perl code. Thanks to Lincoln Myers for the patch. Closes: #708607 . [ Guillem Jover ] * Fix chmod() arguments order in Dpkg::Source::Quilt. Closes: #710265 Thanks to Pablo Oliveira . * Only ignore older packages if the existing version is informative. This allows any program using libdpkg to parse the available file to see again packages with versions lesser than 0-0 (like 0~0-0). Closes: #676664 * Fix use after free in dpkg_arch_load_list() on libdpkg. Reported by Pedro Ribeiro . . [ Updated programs translations ] * Vietnamese (Trần Ngọc Quân). Closes: #715334 . [ Added man page translations ] * Italian (Beatrice Torracca). Closes: #711647 . [ Updated man page translations ] * Japanese (TAKAHASHI Motonobu). Closes: #704240 emboss-explorer (2.2.0-7+deb7u1) stable; urgency=low . * The application menu of emboss-explorer does not work with EMBOSS 6.4, which renders the whole emboss-explorer quite useless. This update applies a patch from the upstream bug tracker in SourceForge, solving this problem. (Closes: #722982). exactimage (0.8.5-5+deb7u3) stable-security; urgency=high . * Add debian/patches/CVE-2013-1441.patch, Fix CVE-2013-1441: exactimage: DoS, econvert crashes exactimage (0.8.5-5+deb7u2) stable-security; urgency=high . * Add debian/patches/CVE-2013-1438.patch, Fix CVE-2013-1438: multiple denial of service vulnerabilities (Closes: #721236) fai (4.0.8~deb7u1) wheezy; urgency=low . * Upload towards wheezy's new point-release fai (4.0.7) unstable; urgency=low . * lib/task_sysinfo: make sure device is a valid block device before acccessing it * conf/NFSROOT: use grub-pc instead of grub package [Closes: #719213] * Do not depend on dpkg-divert being available inside /usr/sbin [Closes: #720307] * Makefile: update list of bash, shell land perl scripts * fai-guide/doc related changes: - update repository information + feature list - bunch of typo fixes - fix name of dirinstall task - update log file names regarding live-initramfs + klibc versions - fix usage of it's <-> its - replace "quiet" with "quite" and "setup" with "set up" fail2ban (0.8.6-3wheezy2) wheezy-security; urgency=high . * Anchor apache- filters failregexes to avoid possible DoS on servers which enabled corresponding jails. Fix cherry-picked from upstream 0.8.9-29-g6ccd578 . See http://seclists.org/fulldisclosure/2013/Jun/66 firecookie (1.4-1+deb7u1) wheezy; urgency=low . * Team upload . [ Andreas Beckmann ] * Bump B-D: mozilla-devscripts to 0.32 resulting in a binary package that no longer Breaks latest iceweasel (Closes: #686088) firetray (0.4.6-1~deb7u1) wheezy; urgency=low . * Upload to stable flash-kernel (3.3+deb7u2) wheezy; urgency=low . * Fix test_db testsuite to be LC_COLLATE-independent, by calling sort -u on both the $expected and $fields variables. Closes: #711759 foxyproxy (3.4-1.1~deb7u1) wheezy; urgency=low . * Rebuild for wheezy. freetds (0.91-2+deb7u1) wheezy; urgency=low . * Non-maintainer upload. * Make libiodbc Breaks versioned now that it can load multiarch drivers. fwknop (2.0.0rc2-2+deb7u2) stable-proposed-updates; urgency=low . * Fixed use of uninitialized variable that leads fwknop to randomly fail to send a SPA packet. New patch : 717754.patch (Closes: #717754) gajim (0.15.1-4.1) stable; urgency=high . * Non-maintainer upload by the Security Team. * debian/patches: - 02_fix-cert-validation.diff added, fix certificate validation (CVE-2012-5524) closes: #693282 - 03_correctly-get-SSL-certificate and 04_store-all-ssl-errors added, improve SSL/TLS handling. ghostscript (9.05~dfsg-6.3+deb7u1) wheezy; urgency=low . * Add patches to fix endless loops related to unbalanced q/Q operators. (Closes: #714247) glusterfs (3.2.7-3+deb7u1) stable; urgency=low . * Add patch 04-ext4-safe to fix broken glusterfs with Linux >= 3.2.46-1+deb7u1 if you use ext4 as storage backend. Closes: #722694 gnome-settings-daemon (3.4.2+git20121218.7c1322-3+deb7u2) wheezy; urgency=low . * gnome-settings-daemon.gsettings-override: stop installing security updates without a confirmation. This just leads to an obnoxious popup asking for the root password. Closes: #708548. gnome-shell (3.4.2-7+deb7u1) stable; urgency=low . [ Josselin Mouette ] * 30_lockup_gc.patch: + Run the GC a first time after 15 seconds, and next every 10 minutes. This is to avoid running into a deadlock (which often happens the first time) and lose 10 minutes of work. + Add a watchdog thread to suicide the process after 10 seconds if the GC locks up. . [ Sébastien Villemot ] * debian/patches/61-disable-restart-buttons.patch: new patch, backported from upstream. Makes the 'disable-restart-buttons' option of gdm-shell work. (Closes: #714862) gnupg (1.4.12-7+deb7u1) wheezy-security; urgency=high . * Apply upstream patch to fix side channel attack on RSA (CVE-2013-4242, closes: #717880). gosa (2.7.4-4.3~deb7u1) stable-updates; urgency=low . * Upload to stable updates. . gosa (2.7.4-4.3) unstable; urgency=low . * Non-maintainer upload. * debian/patches/fix-mass-ldapimport.patch: New patch, fixes LDAP mass import, by Giorgio Pioda and Petter Reinholdtsen. (Closes: #698840) grub2 (1.99-27+deb7u2) stable; urgency=low . * Backport from upstream: - Fix booting FreeBSD >= 9.1 amd64 kernels (closes: #699002). gxine (0.5.907-2+deb7u1) wheezy; urgency=low . * d/control: Switch to libmozjs185-dev as the package fails to build with newer versions of libmozjs-dev. (Reference: #665555) ibus (1.4.1-9+deb7u1) stable; urgency=low . * Fix ibus-setup breakage by setting all related packages to use --libexec=/usr/lib/ibus. Closes: #712149 ibus-anthy (1.2.6-2+deb7u1) stable; urgency=low . * Fix libexecdir to match ibus-setup expectation. Closes: #712575, #691396, #712236 * Add python-glade2 to Depends. Closes: #692423 ibus-hangul (1.4.1-1+deb7u1) stable; urgency=low . * Team upload. * Fix libexecdir to match ibus-setup expectation. Closes: #712576 ibus-m17n (1.3.4-1+deb7u1) stable; urgency=low . * Team upload. * Fix libexecdir. Closes: #712579 ibus-pinyin (1.4.0-1+deb7u1) stable; urgency=low . * Fix libexecdir to match ibus-setup expectation. Closes: #712580 ibus-skk (1.4.1-2+deb7u1) stable; urgency=low . * Fix libexecdir. Closes: #712582 ibus-skk (1.4.1-2) unstable; urgency=low . * Include more docs in binary package (Closes: #686472) ibus-sunpinyin (2.0.3-4+deb7u1) stable; urgency=low . * Team upload. * Fix libexecdir. Closes: #712583 ibus-xkbc (1.3.3.20100922-2+deb7u1) stable; urgency=low . * Team upload. * Fix libexecdir. Closes: #712584 * Drop DM-Upload-Allowed: yes. iceweasel (17.0.9esr-1~deb7u1) stable-security; urgency=low . * New upstream release. * Fixes for mfsa2013-{76,79,82,88-91}, also known as CVE-2013-1718, CVE-2013-1722, CVE-2013-1725, CVE-2013-1730, CVE-2013-1732, CVE-2013-1735, CVE-2013-1736, CVE-2013-1737. iceweasel (17.0.8esr-2) unstable; urgency=low . * debian/rules: - Don't use --no-keep-memory on ia64. Somehow, it makes ld fail to relax some relocations. - Don't use --as-needed on ia64. Somehow, it makes ld crash on some files. iceweasel (17.0.8esr-2~deb7u1) stable-security; urgency=low . * debian/rules: - Don't use --no-keep-memory on ia64. Somehow, it makes ld fail to relax some relocations. - Don't use --as-needed on ia64. Somehow, it makes ld crash on some files. iceweasel (17.0.8esr-1) unstable; urgency=low . * New upstream release. * Fixes for mfsa2013-{63,68-69,72-73,75}, also known as CVE-2013-1701, CVE-2013-1709, CVE-2013-1710, CVE-2013-1713, CVE-2013-1714, CVE-2013-1717. * debian/rules: Reduce memory usage of the linker at the expense of processing time. This should help on lower-end architectures like arm and mips, which spend an immense amount of time swapping. iceweasel (17.0.8esr-1~deb7u1) stable-security; urgency=low . * New upstream release. * Fixes for mfsa2013-{63,68-69,72-73,75}, also known as CVE-2013-1701, CVE-2013-1709, CVE-2013-1710, CVE-2013-1713, CVE-2013-1714, CVE-2013-1717. * debian/rules: Reduce memory usage of the linker at the expense of processing time. This should help on lower-end architectures like arm and mips, which spend an immense amount of time swapping. . * build/unix/elfhack/elfhack.cpp: Support R_ARM_JUMP24 and R_ARM_CALL relocations. bz#892366. Fixes FTBFS on armel. * build/unix/elfhack/elfhack.cpp, build/unix/elfhack/inject.c: Turn BL into BLX when doing thumb call relocations and the target is ARM. bz#898998. Fixes FTBFS on armhf. * xpcom/glue/nsIClassInfoImpl.h: Properly align statically allocated classinfo objects. bz#898916. Fixes FTBFS on armel. * js/src/gc/Heap.h, js/src/gc/Memory.*, js/src/jsapi.cpp, js/src/jscntxt.h, js/src/jsgc.cpp: Use the runtime page size to control arena decommit. bz#840242, bz#746112, bz#787904. Fixes FTBFS on sparc and runtime issues on mips and likely other architectures.. iceweasel (17.0.7esr-2) unstable; urgency=low . * build/unix/elfhack/elfhack.cpp: Support R_ARM_JUMP24 and R_ARM_CALL relocations. bz#892366. Fixes FTBFS on armel. * build/unix/elfhack/elfhack.cpp, build/unix/elfhack/inject.c: Turn BL into BLX when doing thumb call relocations and the target is ARM. bz#898998. Fixes FTBFS on armhf. * xpcom/glue/nsIClassInfoImpl.h: Properly align statically allocated classinfo objects. bz#898916. Fixes FTBFS on armel. * js/src/gc/Heap.h, js/src/gc/Memory.*, js/src/jsapi.cpp, js/src/jscntxt.h, js/src/jsgc.cpp: Use the runtime page size to control arena decommit. bz#840242, bz#746112, bz#787904. Fixes FTBFS on sparc and runtime issues on mips and likely other architectures.. iceweasel (17.0.7esr-1) unstable; urgency=low . * New upstream release. - Updated version of virtualenv handles multiarch properly. Closes: #713103. * Fixes for mfsa2013-{49-51,53-56,59}, also known as CVE-2013-1682, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1690, CVE-2013-1692, CVE-2013-1693, CVE-2013-1694, CVE-2013-1697. . * ipc/chromium/src/base/platform_thread_posix.cc: Fix FTBFS on kFreeBSD and Hurd. * memory/mozjemalloc/jemalloc.c: Don't hardcode page size on mips. Should fix FTBFS on mips. iceweasel (17.0.7esr-1~deb7u1) stable-security; urgency=low . * New upstream release. - Updated version of virtualenv handles multiarch properly. Closes: #713103. * Fixes for mfsa2013-{49-51,53-56,59}, also known as CVE-2013-1682, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1690, CVE-2013-1692, CVE-2013-1693, CVE-2013-1694, CVE-2013-1697. . * ipc/chromium/src/base/platform_thread_posix.cc: Fix FTBFS on kFreeBSD and Hurd. * memory/mozjemalloc/jemalloc.c: Don't hardcode page size on mips. Should fix FTBFS on mips. iceweasel (17.0.6esr-1) unstable; urgency=low . * New upstream release. * Fixes for mfsa2013-{41-42,44,46-48}, also known as CVE-2013-0801, CVE-2013-1670, CVE-2013-1672, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681. iceweasel (17.0.6esr-1~deb7u1) stable-security; urgency=low . * New upstream release. * Fixes for mfsa2013-{41-42,44,46-48}, also known as CVE-2013-0801, CVE-2013-1670, CVE-2013-1672, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681. iceweasel (17.0.5esr-1) unstable; urgency=low . * New upstream release. * Fixes for mfsa2013-{30,35-36,38}, also known as CVE-2013-0788, CVE-2013-0796, CVE-2013-0795, CVE-2013-0793. iceweasel (17.0.1-2) experimental; urgency=low . * debian/iceweasel-runner, debian/iceweasel.bug-presubj, debian/iceweasel.install, debian/iceweasel.links.in, debian/noinstall.in, debian/rules: Use the iceweasel binary instead of the xulrunner stub, and remove the shell wrapper * debian/control*: Remove xulrunner dependency on libnspr4-0d. Closes: #695346. * debian/iceweasel-xremote-client, debian/iceweasel.install, debian/rules: Remove iceweasel-xremote-client. * debian/noinstall.in, debian/rules: Don't remove update-settings.ini and move firefox-l10n.js removal to debian/noinstall.in. * debian/rules: Cleanup *.pyc removal, and remove *.pyo as well. * debian/iceweasel.1: Update manpage. * debian/noinstall.in: Remove usr/lib/xulrunner-@GRE_VERSION@/libmozjs.so with noinstall.in, it's symlinked later on. * debian/test.mk: Use the iceweasel binary for tests. * debian/branding/Makefile.in, debian/iceweasel.install, debian/rules: Don't generate mozicon*.xpm or firefox.ico, and generate iceweasel.xpm from debian/rules. * debian/*: Allow to build with the firefox branding. * debian/browser.README.Debian.in: Update the text about the application not being named Firefox. . * browser/app/Makefile.in: Move MOZ_OFFICIAL_BRANDING definition to avoid conflict with bz#755724. * browser/app/Makefile.in, browser/app/nsBrowserApp.cpp, configure.in: Don't use the xulrunner stub when building Firefox against a libxul SDK. bz#755724. * toolkit/mozapps/installer/Packager.pm: Dereference symbolic links when packaging. This effectively reverts a part of bz#552864 that ended up not being useful. iceweasel (17.0.1-1) experimental; urgency=low . * New upstream release. * debian/upstream.mk: Add a rule to import tarballs in git repository. * debian/repack.py: Don't error out when a repack filter is unused. * debian/iceweasel.desktop: Fix StartupWMClass. Closes: #693714. . * media/webrtc/shared_libs.mk, media/webrtc/trunk/src/modules/audio_coding/codecs/pcm16b/pcm16b.c, media/webrtc/trunk/src/typedefs.h: Allow webrtc to build on more architectures (hopefully). Thanks Michel Dänzer for the original patch. bz#814693. Closes: #694071. iceweasel (17.0-1) experimental; urgency=low . * New upstream release. * Fixes for mfsa2012-{91-106}, also known as CVE-2012-5842, CVE-2012-5843, CVE-2012-4202, CVE-2012-4201, CVE-2012-5836, CVE-2012-4203, CVE-2012-4204, CVE-2012-4205, CVE-2012-4206, CVE-2012-4208, CVE-2012-5841, CVE-2012-4207, CVE-2012-5837, CVE-2012-4209, CVE-2012-4210, CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-5829, CVE-2012-5839, CVE-2012-5840, CVE-2012-4212, CVE-2012-4213, CVE-2012-4217, CVE-2012-4218, CVE-2012-5830, CVE-2012-5833, CVE-2012-5835, CVE-2012-5838. . * debian/upstream.mk: Get l10n for nightlies. * debian/rules: - Use a more generic command to build Makefiles. This avoids ftbfs because make-makefile is gone. - Modify the dh_xulrunner test to account for the second test plugin. * debian/iceweasel.mozconfig: Disable webrtc during the browser build. . * browser/locales/jar.mn: Preprocess appstrings.properties. Closes: #688987. * toolkit/mozapps/installer/packager.mk: Avoid installing .mkdir.done and precomplete with make install. bz#798450 iceweasel (16.0.2-1) experimental; urgency=high . * New upstream release. * Fixes for mfsa2012-90, also known as CVE-2012-4194, CVE-2012-4195, CVE-2012-4196. iceweasel (16.0.1-1) experimental; urgency=high . * New upstream release. * Fixes for mfsa2012-{88-89}, also known as CVE-2012-4191, CVE-2012-4192, CVE-2012-4193. . * config/autoconf.mk.in, configure.in, extensions/gio/Makefile.in, toolkit/library/Makefile.in, toolkit/library/nsStaticXULComponents.cpp: toolkit/toolkit-tiers.mk: Actually build the GIO extension in libxul. bz#799441. iceweasel (16.0-1) experimental; urgency=low . * New upstream release. * Fixes for mfsa2012-{74-77,79-87}, also known as CVE-2012-3983, CVE-2012-3982, CVE-2012-3984, CVE-2012-3985, CVE-2012-3985, CVE-2012-3986, CVE-2012-3988, CVE-2012-3989, CVE-2012-3991, CVE-2012-3994, CVE-2012-3993, CVE-2012-4184, CVE-2012-3992, CVE-2012-3995, CVE-2012-4179, CVE-2012-4180, CVE-2012-4181, CVE-2012-4182, CVE-2012-4183, CVE-2012-4185, CVE-2012-4186, CVE-2012-4187, CVE-2012-4188, CVE-2012-3990. . * debian/rules: Use xz compression for binary packages. Closes: #686325. * debian/xulrunner.mozconfig: Enable gio protocol-handler and icon decoder. * debian/control*: - Bump libnspr4-dev build dependency to 4.9.2. - Bump libsqlite3-dev build dependency to 3.7.13. * debian/iceweasel.install, debian/iceweasel.links.in: Install webapprt files. . * media/webrtc/trunk/src/modules/video_coding/codecs/vp8/main/source/vp8.cc: Fix to build against libvpx 1.1. * extensions/gio/Makefile.in: Build the GIO extension in libxul. bz#799441. * webapprt/gtk2/Makefile.in, webapprt/gtk2/webapprt.cpp: Don't search firefox executable in $exe/../../dist/bin. bz#798233. * webapprt/gtk2/webapprt.cpp: Fallback to the xulrunner subdirectory if webapprt can't find xpcom in firefox directory. bz#762833. iceweasel (15.0.1-1) experimental; urgency=low . * New upstream release. iceweasel (15.0-1) experimental; urgency=low . * New upstream release. * Fixes for mfsa2012-{57-66,68-70,72}, also known as CVE-2012-1971, CVE-2012-1970, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964, CVE-2012-1956, CVE-2012-3965, CVE-2012-3966, CVE-2012-3968, CVE-2012-3967, CVE-2012-3969, CVE-2012-3970, CVE-2012-3971, CVE-2012-3972, CVE-2012-3973, CVE-2012-3975, CVE-2012-3976, CVE-2012-3978, CVE-2012-3980. . * debian/iceweasel.mozconfig: Build iceweasel with system ply. * debian/xulrunner-GRE_VERSION.install.in: Don't install xulrunner-bin, as it's gone. * debian/rules: Also use an epoch for iceweasel-l10n-all. iceweasel (14.0.1-2) experimental; urgency=low * mfbt/double-conversion/utils.h: Declare double conversion correctness for more architectures. bz#750620. Should fix FTBFSes on most (all?) Debian architecures. iceweasel (14.0.1-1) experimental; urgency=high * New upstream release. * Fixes for mfsa2012-{42-56}, also known as CVE-2012-1948, CVE-2012-1950, CVE-2012-1951, CVE-2012-1954, CVE-2012-1953, CVE-2012-1952, CVE-2012-1966, CVE-2012-1955, CVE-2012-1957, CVE-2012-1958, CVE-2012-1959, CVE-2012-1960, CVE-2012-1961, CVE-2012-1962, CVE-2012-1963, CVE-2012-1964, CVE-2012-1965, CVE-2012-1967. * debian/rules: Remove packager fatal warnings. * debian/xulrunner-GRE_VERSION.install.in: Don't install run-mozilla.sh and xpcshell in usr/lib/xulrunner-x.y. They are in the SDK, now. * debian/check_resources.py: Allow missing manifests when checking resources. * browser/installer/package-manifest.in: Install URL classifier components when MOZ_URL_CLASSIFIER is set. bz#762617. iceweasel (13.0.1-2) experimental; urgency=low * debian/control*: Change font suggestions for MathML. Closes: #679469. * dom/ipc/Makefile.in, dom/ipc/PBrowser.ipdl, dom/ipc/TabMessageUtils.cpp: Only export TabMessageUtils.h in mozilla/dom. bz#761082. Closes: #675920. iceweasel (13.0.1-1) experimental; urgency=low * New upstream release. iceweasel (13.0-1) experimental; urgency=low * New upstream release. * Fixes for mfsa2012-{34,36-38,40}, also known as CVE-2012-1938, CVE-2012-1937, CVE-2011-3101, CVE-2012-1944, CVE-2012-1945, CVE-2012-1946, CVE-2012-1947, CVE-2012-1940, CVE-2012-1941. * debian/check_resources.overrides: Remove now unused entries. * debian/rules: Adjust mozjs includes copied in libmozjs-dev. * debian/installer/Makefile.in: Use DEFINES from browser/installer to build package manifests. * debian/branding/Makefile.in, debian/extra-stuff/Makefile.in, debian/installer/*: Remove build script compatibility with Firefox < 4.0. * browser/components/migration/content/migration.js, browser/components/migration/content/migration.xul, browser/components/migration/src/BrowserProfileMigrators.manifest, browser/components/migration/src/FirefoxProfileMigrator.js, browser/components/migration/src/ProfileMigrator.js, browser/locales/en-US/chrome/browser/migration/migration.dtd, browser/locales/en-US/chrome/browser/migration/migration.properties, l10n-*/browser/chrome/browser/migration/migration.properties, toolkit/content/aboutSupport.js, toolkit/content/jar.mn, toolkit/content/resetProfile.js, toolkit/profile/nsIProfileMigrator.idl, toolkit/xre/nsAppRunner.cpp: Make the "Reset Firefox" feature more generic. bz#756390. Closes: #673353. iceweasel (12.0-7) experimental; urgency=low * debian/rules: Also set LDFLAGS from dpkg-buildflags (although in practice it changes nothing because relro is disabled) * debian/control*: - Force build and runtime dependency on libsqlite3-0 >= 3.7.12-1~ for a right value of SQLITE_MAX_SCHEMA_RETRY and SQLITE_MAX_DEFAULT_PAGE_SIZE. - Suggest fonts-lyx. Closes: #673222. - Make xulrunner-dbg depend on nspr and nss debug packages. * debian/xulrunner-GRE_VERSION.links.in, debian/xulrunner-GRE_VERSION.install.in: Move omni.ja to /usr/lib/xulrunner-x.0 because it contains arch-depend data. * debian/xulrunner.mozconfig: Use system cairo again. * gfx/thebes/gfxPlatform.cpp: Make system cairo work again. bz#722975. iceweasel (12.0-6) experimental; urgency=low * ipc/chromium/src/base/file_util_linux.cc, ipc/chromium/src/base/message_pump_libevent.cc, ipc/chromium/src/base/time_posix.cc: gcc 4.7 build failures (missing headers). bz#725655. * layout/base/tests/TestPoisonArea.cpp: fix build failures with Clang and GCC 4.7 in TestPoisonArea.cpp. bz#734490. iceweasel (12.0-5) experimental; urgency=low * debian/xulrunner-GRE_VERSION.1.in: Fix xulrunner-x.y manual page to say XULRunner instead of Iceweasel. * gfx/skia/include/core/SkMath.h, gfx/skia/include/core/SkPostConfig.h, gfx/skia/src/opts/SkBitmapProcState_opts_arm.cpp, gfx/skia/src/opts/SkBlitRow_opts_arm.cpp: Fixup for bz#751814, and refreshed as sent upstream. Should fix FTBFS on armel and armhf. iceweasel (12.0-4) experimental; urgency=low * memory/jemalloc/jemalloc.c: Don't hardcode page size on sparc. * gfx/skia/include/core/SkPreConfig.h: Fixup for bz#749533 for Hurd. * gfx/skia/src/opts/SkBitmapProcState_opts_arm.cpp, * gfx/skia/src/opts/SkBlitRow_opts_arm.cpp: Various Skia fixes for ARMv4T and ARMv6+. bz#751814. * js/src/Makefile.in, js/src/assembler/jit/ExecutableAllocator.h, js/src/jsapi.cpp, js/src/jscntxt.cpp, js/src/jscntxt.h: Refresh to use the last version of bz#691898 + some cleanup. iceweasel (12.0-3) experimental; urgency=low * ipc/chromium/src/base/atomicops_internals_mips_gcc.h: Import atomicops_internals_mips_gcc.h from protobuf. bz#749530. * gfx/skia/include/core/SkPreConfig.h: Add support for GNU/kFreeBSD and Hurd in SKIA. bz#749533. * browser/locales/en-US/searchplugins/google.xml: Fix Google search plugin. iceweasel (12.0-2) experimental; urgency=low * js/src/jsapi.cpp: Fixup for bz691898. Should fix FTBFSes. iceweasel (12.0-1) experimental; urgency=low * New upstream release. * Fixes for mfsa2012-{20,22-24,26-33}, also known as CVE-2012-0467, CVE-2012-0468, CVE-2012-0469, CVE-2012-0470, CVE-2012-0471, CVE-2012-0473, CVE-2012-0474, CVE-2012-0475, CVE-2012-0477, CVE-2012-0478, CVE-2011-3062, CVE-2011-1187, CVE-2012-0479. * debian/control*: Bump libsqlite3-dev build dependency. * debian/xulrunner.mozconfig: Use in-tree cairo until things settle down for bz#722975. * debian/rules: - Remove update-settings.ini. - Remove MOZ_PHOENIX define, it's not useful anymore. * debian/make.mk, debian/rules, debian/upstream.mk: Avoid spawning shells from debian/rules when possible. * debian/rules, debian/control*: - Remove special case for Lenny, it's not supported anymore. - Build with hardening flags. Closes: #609975. * debian/iceweasel.mozconfig, debian/rules: Move --with-branding option to debian/rules. * debian/control, debian/l10n, debian/rules: Simplify l10n control generation. * memory/jemalloc/jemalloc.c: Fix jemalloc mmap wrapper for s390. bz#747322. Closes: #667901. * toolkit/components/search/nsSearchService.js: Handle transition to /etc//searchplugins more gracefully. Closes: #666675. * js/xpconnect/src/xpcprivate.h: Properly align XPCLazyCallContext::mData. bz#747870. Closes: #669905. * config/Preprocessor.py, config/tests/unit-Preprocessor.py, js/src/config/Preprocessor.py: Use filters in #defines and #includes. bz#508942. iceweasel (11.0-4) experimental; urgency=low * debian/branding/content/Makefile.in: Work around imagemagick svg support broken by latest librsvg2-bin. * debian/vendor.js: Default to en-US searchplugins when locale's aren't found. Closes: #665817. * debian/iceweasel.links.in, debian/iceweasel.preinst: Don't create /usr/lib/iceweasel/distribution/searchplugins symlink. * debian/extra-stuff/addonsInfo.js: Synchronously get addons list. * debian/branding/aboutIce.js: Use Services.jsm in aboutIce.js. * browser/components/dirprovider/DirectoryProvider.cpp: Load distribution search plugins from /etc//searchplugins. iceweasel (11.0-3) experimental; urgency=low * debian/extra-stuff/addonsInfo.js: Remove debugging info from dump-addons-info output, and avoid failure on addons that don't have the getResourceURI method (like personas). * debian/duckduckgo.xml: Add t=debian to duckduckgo query url. * debian/iceweasel.install, debian/iceweasel.links.in, debian/iceweasel.preinst, debian/rules: Move search plugins under /etc/iceweasel. Closes: #632698. * debian/l10n/recommends: Recommend xul-ext-mozvoikko instead of myspell-fi for -l10n-fi. Closes: #635361. * memory/jemalloc/jemalloc.c: Don't hardcode page size on ia64. iceweasel (11.0-2) experimental; urgency=low * toolkit/library/Makefile.in: Fixup bz#734335 backport. Should fix all FTBFSes. iceweasel (11.0-1) experimental; urgency=low * New upstream release. * Fixes for mfsa2012-{12-19}, also known as CVE-2012-0454, CVE-2012-0455, CVE-2012-0456, CVE-2012-0457, CVE-2012-0451, CVE-2012-0458, CVE-2012-0459, CVE-2012-0460, CVE-2012-0461, CVE-2012-0462, CVE-2012-0464. * debian/source.filter: Adjusted to upstream changes. * debian/rules: - Work around make-makefile brokenness. - Define MOZ_PHOENIX when building. Tab closing animation end fails because of some telemetry items that aren't defined in xulrunner, because they are enclosed in an ifdef MOZ_PHOENIX. * debian/l10n/*, debian/control: Refreshed. * debian/xulrunner-GRE_VERSION.install.in: update.locale is now in omni.ja. * debian/control*: - Bump build dependency on libnss3-dev and libnspr4-dev. - Remove forced version-dependency on libnss3-1d. * debian/dh/dh_xulrunner.in: Adjust to upstream changes. * debian/check_resources.overrides: Ignore Webapps.jsm import from apps.js. * toolkit/system/gnome/nsGSettingsService.cpp: Define G_VARIANT_TYPE_STRING_ARRAY when building against older glib. bz#710972. * netwerk/protocol/http/HttpChannelParent.*: Revert investigation patch for bz#621446, which triggers an ICE on gcc 4.4. * configure.in, toolkit/library/nsStaticXULComponents.cpp, tools/profiler/Makefile.in, tools/profiler/sampler.h: Only build SPS on supported platforms. bz#734335. iceweasel (11.0~b6-1) experimental; urgency=low * New upstream beta release. * configure.in, toolkit/library/nsStaticXULComponents.cpp, toolkit/toolkit-makefiles.sh, toolkit/toolkit-tiers.mk: Only build SPS on supported platforms. bz#734335. iceweasel (11.0~b5-1) experimental; urgency=low * New upstream beta release. * js/src/jscntxt.cpp: Fix YARR interpreter patch. Should fix FTBFS on ia64, ppc, s390 and mips. iceweasel (11.0~b4-1) experimental; urgency=low * New upstream beta release. * debian/source.filter: Adjusted to upstream changes. * debian/rules: - Work around make-makefile brokenness. - Define MOZ_PHOENIX when building. Tab closing animation end fails because of some telemetry items that aren't defined in xulrunner, because they are enclosed in an ifdef MOZ_PHOENIX. - Modify the way we use isoquery to get a language name out of iso 639 codes. * debian/l10n/*, debian/control: Refreshed. * debian/xulrunner-GRE_VERSION.install.in: update.locale is now in omni.ja. * debian/control*: - Bump build dependency on libnss3-dev and libnspr4-dev. - Remove forced version-dependency on libnss3-1d. - Build conflict with liboss4-salsa-dev. * debian/dh/dh_xulrunner.in: Adjust to upstream changes. * debian/check_resources.overrides: Ignore Webapps.jsm import from apps.js. * debian/l10n.filter, debian/repack.py, debian/upstream.mk: Filter l10n upstream tarballs such that they stay the same when there are no changes besides tags. * toolkit/system/gnome/nsGSettingsService.cpp: Define G_VARIANT_TYPE_STRING_ARRAY when building against older glib. bz#710972. * netwerk/protocol/http/HttpChannelParent.*: Revert investigation patch for bz#621446, which triggers an ICE on gcc 4.4. iceweasel (11.0~b3-1) experimental; urgency=low * New upstream beta release. * debian/source.filter: Adjusted to upstream changes. * debian/rules: - Work around make-makefile brokenness. - Define MOZ_PHOENIX when building. Tab closing animation end fails because of some telemetry items that aren't defined in xulrunner, because they are enclosed in an ifdef MOZ_PHOENIX. - Modify the way we use isoquery to get a language name out of iso 639 codes. * debian/l10n/*, debian/control: Refreshed. * debian/xulrunner-GRE_VERSION.install.in: update.locale is now in omni.ja. * debian/control*: - Bump build dependency on libnss3-dev and libnspr4-dev. - Remove forced version-dependency on libnss3-1d. - Build conflict with liboss4-salsa-dev. * debian/dh/dh_xulrunner.in: Adjust to upstream changes. * debian/check_resources.overrides: Ignore Webapps.jsm import from apps.js. * toolkit/system/gnome/nsGSettingsService.cpp: Define G_VARIANT_TYPE_STRING_ARRAY when building against older glib. bz#710972. * js/src/*: Previous YARR interpreter patches don't apply on 11. They haven't been ported to 11.0 yet. * netwerk/protocol/http/HttpChannelParent.*: Revert investigation patch for bz#621446, which triggers an ICE on gcc 4.4. iceweasel (11.0~b2-1) experimental; urgency=low * New upstream beta release. * debian/source.filter: Adjusted to upstream changes. * debian/rules: - Work around make-makefile brokenness. - Define MOZ_PHOENIX when building. Tab closing animation end fails because of some telemetry items that aren't defined in xulrunner, because they are enclosed in an ifdef MOZ_PHOENIX. * debian/xulrunner-GRE_VERSION.install.in: update.locale is now in omni.ja. * debian/control*: - Bump build dependency on libnss3-dev and libnspr4-dev. - Remove forced version-dependency on libnss3-1d. * debian/dh/dh_xulrunner.in: Adjust to upstream changes. * toolkit/system/gnome/nsGSettingsService.cpp: Define G_VARIANT_TYPE_STRING_ARRAY when building against older glib. bz#710972. * js/src/*: Previous YARR interpreter patches don't apply on 11. They haven't been ported to 11.0 yet. * netwerk/protocol/http/HttpChannelParent.*: Revert investigation patch for bz#621446, which triggers an ICE on gcc 4.4. iceweasel (11.0~b1-2) experimental; urgency=low * debian/control*: Bump libvpx-dev build dependency to 1.0.0. * configure.in: Fix FTBFS with libvpx 1.0.0. iceweasel (11.0~b1-1) experimental; urgency=low * New upstream beta release. * debian/source.filter: Adjusted to upstream changes. * debian/rules: - Work around make-makefile brokenness. - Define MOZ_PHOENIX when building. Tab closing animation end fails because of some telemetry items that aren't defined in xulrunner, because they are enclosed in an ifdef MOZ_PHOENIX. * debian/xulrunner-GRE_VERSION.install.in: update.locale is now in omni.ja. * debian/control*: - Bump build dependency on libnss3-dev and libnspr4-dev. - Remove forced version-dependency on libnss3-1d. * debian/dh/dh_xulrunner.in: Adjust to upstream changes. * toolkit/system/gnome/nsGSettingsService.cpp: Define G_VARIANT_TYPE_STRING_ARRAY when building against older glib. bz#710972. * js/src/*: Previous YARR interpreter patches don't apply on 11. They haven't been ported to 11.0 yet. * netwerk/protocol/http/HttpChannelParent.*: Revert investigation patch for bz#621446, which triggers an ICE on gcc 4.4. iceweasel (10.0.12esr-1+nmu1) unstable; urgency=medium . * Non-maintainer upload. * Fix javascript resource consumption issue on ia64 (closes: #692053). * Clear high 17 bits from pointers in the javascript engine on ia64 (closes: #696041). ifmetric (0.3-2+deb7u1) stable; urgency=low . * Add patch to fix "NETLINK: Packet too small or truncated!" error. Thanks to Benedek László for the patch. Closes: #514197, LP: #896584 imagemagick (8:6.7.7.10-5+deb7u2) wheezy-security; urgency=high . * Bump version to get on the right side of dak . imagemagick (8:6.7.7.10-5+deb7u1) wheezy-security; urgency=high . [ Bastien Roucariès ] * Security Fix: Buffer overflow "Memory corruption while processing GIF comments.", (Closes: #721273). . [ Vincent Fourmond ] * Upload to wheezy-security intel-microcode (1.20130808.0+deb7u1) stable; urgency=high . * New upstream microcode data file 20130808 + New Microcodes: sig 0x000306c3, pf mask 0x32, 2013-07-02, rev 0x0012, size 19456 sig 0x000306e4, pf mask 0xed, 2013-06-13, rev 0x0415, size 11264 sig 0x000306e6, pf mask 0xed, 2013-06-19, rev 0x0600, size 11264 sig 0x00040651, pf mask 0x72, 2013-07-02, rev 0x0015, size 18432 + Updated Microcodes (removed in the past): sig 0x000106a5, pf mask 0x03, 2013-06-21, rev 0x0019, size 10240 + Updated Microcodes: sig 0x000106a4, pf mask 0x03, 2013-06-21, rev 0x0012, size 14336 sig 0x000106e5, pf mask 0x13, 2013-07-01, rev 0x0006, size 7168 sig 0x00020652, pf mask 0x12, 2013-06-26, rev 0x000e, size 8192 sig 0x00020655, pf mask 0x92, 2013-06-28, rev 0x0004, size 3072 sig 0x000206a7, pf mask 0x12, 2013-06-12, rev 0x0029, size 10240 sig 0x000206d7, pf mask 0x6d, 2013-06-17, rev 0x0710, size 17408 sig 0x000206f2, pf mask 0x05, 2013-06-18, rev 0x0037, size 13312 sig 0x000306a9, pf mask 0x12, 2013-06-13, rev 0x0019, size 12288 + Removed Microcodes: sig 0x000106e4, pf mask 0x09, 2010-03-08, rev 0x0002, size 5120 + This microcode update has been documented by Intel to fix a severe security issue (refer to LP bug 1212497); This update is known to fix several nasty errata on 1st to 4th gens of Core i3/i5/i7, and Xeon 5500 and later, including but not limited to: + AAK167/BT248: Virtual APIC accesses with 32-bit PAE paging may cause system crash + AAK170/BT246: The upper 32 bits of CR3 may be incorrectly used with 32-bit paging + Erratum AAK167/BT248 is nasty: "If a logical processor has EPT (Extended Page Tables) enabled, is using 32-bit PAE paging, and accesses the virtual-APIC page then a complex sequence of internal processor micro-architectural events may cause an incorrect address translation or machine check on either logical processor. This erratum may result in unexpected faults, an uncorrectable TLB error logged in IA32_MCi_STATUS.MCACOD (bits [15:0]), a guest or hypervisor crash, or other unpredictable system behavior" * kernel preinst: simplify and load microcode and cpuid modules * postinst: attempt to load microcode module (closes: #692535) * Remove from the source package an unused upstream microcode bundle, which has been completely superseded by later bundles: microcode-20130222.dat * Use 1.20130808.0+deb7u1 as the Debian version to start a new branch that sorts before 1.20130808.1, which was uploaded to unstable. Further updates targeting stable will go into the 1.x branch. Further updates targeting unstable and stable-backports will go into the 2.x branch intel-microcode (1.20130222.6) unstable; urgency=low . * initramfs, postinst: don't do anything on non-Intel systems * initramfs, postinst: blacklist several kernel versions (closes: #716917) intel-microcode (1.20130222.5) unstable; urgency=low . * debian/control: depend on iucode-tool, and shorten description * initramfs hook: several auto mode fixes intel-microcode (1.20130222.4) unstable; urgency=low . * initramfs: fix xargs error when iucode-tool is not installed in the early firmware update mode code path (closes: #712943) intel-microcode (1.20130222.3) unstable; urgency=low . * initramfs: add support for early firmware update Add support to update microcode during early kernel startup, requires Linux 3.9 or later with CONFIG_MICROCODE_INTEL_EARLY enabled. This also requires initramfs-tools 0.113 or later, as well as iucode-tool 1.0 or later. We fallback to late initramfs mode if outdated versions of initramfs-tools or iucode-tool are installed. * Update README.Debian and NEWS.Debian for early updates * debian/control: update recommends for early-fw support Recommend iucode-tool v1.0 or later and initramfs-tools 0.113, and update the explanation in the package description accordingly. . intel-microcode (1.20130222.2) unstable; urgency=low . * kernel preinst: simplify and load microcode and cpuid modules * postinst: attempt to load microcode module (closes: #692535) * Makefile: Use the -s! and --loose-date-filtering facilities added to iucode_tool v0.9 to better implement the selection of legacy microcode, and to fix the support for IUC_INCLUDE, which was non-functional. * debian/control: build-depend on iucode-tool (>= 0.9) iso-scan (1.43+deb7u1) wheezy; urgency=low . [ Joey Hess ] * Fix full search entry when no isos are found. Closes: #722711 Thanks, Gagou kfreebsd-9 (9.0-10+deb70.3) wheezy-security; urgency=high . * Team upload. * Pick SVN 253693 from FreeBSD 9-STABLE to fix SA-13:08 / CVE-2013-4851: Incorrect privilege validation in the NFS server (Closes: #717958) * Pick SVN 254629 from FreeBSD 9-STABLE to fix SA-13:09 / CVE-2013-3077: integer overflow in IP_MSFILTER (Closes: #720468) * Pick SVN 254352 from FreeBSD 9-STABLE to fix SA-13:10 / CVE-2013-5209: Kernel memory disclosure in sctp(4) (Closes: #720475) kfreebsd-9 (9.0-10+deb70.2) wheezy-security; urgency=high . * Team upload. * Upload for wheezy-security * Pick SVN 251902 from FreeBSD 9-STABLE to fix SA-13:06 / CVE-2013-2171: Privilege escalation via mmap (Closes: #712664) kfreebsd-downloader (9.0-3+deb70.1) stable; urgency=low . * Switch to people.debian.org URL for kernel.txz download. (Closes: #712816) krb5 (1.10.1+dfsg-5+deb7u1) stable-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix cve-2002-2443: denial-of-service issue due to improper UDP packet validation (closes: #708267). krb5-auth-dialog (3.2.1-1+deb7u1) stable-proposed-updates; urgency=low . * [7b5a095] Fix krb5_principal_compare crashes on NULL arguments. Thanks to Petter Reinholdtsen (Closes: #714825) lftp (4.3.6-1+deb7u2) wheezy; urgency=low . * fix "splits input script file after byte 4096" (patch splits_input_script_file_after_4096bytes.patch) Closes: #711164 wheezy update with OK from debian-release. Closes: #717820 libdatetime-timezone-perl (1:1.58-1+2013f) stable-proposed-updates; urgency=low . * Update to versions 2013e and 2013f of the Olson database. libdatetime-timezone-perl (1:1.58-1+2013d) stable-proposed-updates; urgency=low . * Update to version 2013d of the Olson database. libdigest-sha-perl (5.71-2+deb7u1) stable; urgency=low . * Add 724342-fix-double-free-in-destroy.patch patch. Fix double-free when Digest::SHA object is destroyed (Closes: #724342) libgcrypt11 (1.5.0-5+deb7u1) wheezy-security; urgency=high . * Pull code changes from 1.5.3 security fix release from upstream GIT: + [35_bug-in-mpi_powm-for-e-0.patch] mpi/mpi-pow.c (gcry_mpi_powm) - For a zero exponent, make sure that the result has been allocated. + [36_Mitigate-flush-reload-cache-attack-on-RSA.patch] Mitigate a flush+reload cache attack on RSA secret exponents. This fixes CVE-2013-4242. libmodplug (1:0.8.8.4-3+deb7u1+git20130828) stable-security; urgency=high . * Merge all changes from latest upstream Git repository (0.8.8.4 with additional patches), including the following security changes: * CVE-2013-4233: fix integer overflow in load_abc.cpp * CVE-2013-4234: fix heap overflows in abc_MIDI_drum and abc_MIDI_gchord * Closes: #719462 libmodule-metadata-perl (1.000009-1+deb7u1) wheezy; urgency=low . * Add CVE-2013-1437-documentation-fix.patch patch. Addresses CVE-2013-1437 as (serious) documentation bug: Module::Metadata executes code when gathering metadata about a module by design. In versions previous to 1.000015 the documentation stated, however, that Module::Metadata provides a standard way to gather metadata about a .pm file without executing unsafe code. * Rewrite short and long description. Rewrite short description matching the X is a Perl module [...] scheme. Rewrite the long description based on the Module::Metadata POD, containing also the note about how the information is gathered. libmodule-signature-perl (0.68-1+deb7u1) wheezy; urgency=low . * Team upload. * Add CVE-2013-2145.patch. CVE-2013-2145: Fixes arbitrary code execution when verifying SIGNATURE. (Closes: #711239) libquvi-scripts (0.4.19-1~deb7u1) wheezy; urgency=low . * Upload to wheezy. libquvi-scripts (0.4.18-1) unstable; urgency=low . * New upstream release. libquvi-scripts (0.4.18-1~deb7u1) wheezy; urgency=low . * Upload to wheezy. libquvi-scripts (0.4.17-1) unstable; urgency=low . * New upstream release. libquvi-scripts (0.4.16-1) unstable; urgency=low . * New upstream release. * debian/copyright: Update for new upstream release. * debian/watch: Follow 0.4.x branch. libquvi-scripts (0.4.15-1) unstable; urgency=low . * New upstream release. * Bumped Standards-Version to 3.9.4 (no changes). libvirt (0.9.12-11+deb7u4) stable-security; urgency=low . * [e91a86a] CVE-2013-4296: Fix crash in remoteDispatchDomainMemoryStats. Thanks to "Daniel P. Berrange" . libvirt (0.9.12-11+deb7u3) wheezy-proposed-updates; urgency=low . * [9c12e5a] Fix race condition when destroying guests. Closes: #717893 Thanks to Ferenc Wágner for sorting this out. . libvirt (0.9.12-11+deb7u2) wheezy-proposed-updates; urgency=low . [ Guido Günther ] * [5bc00df] Make sure qemu.conf isn't world readable by default since the user might add passwords to it. (Closes: #710537) . [ Ferenc Wagner ] * [ce7ef48] Fix libvirtd crash when destroying a domain with attached console (Closes: #710517) libvirt (0.9.12-11+deb7u3) wheezy-proposed-updates; urgency=low . * [9c12e5a] Fix race condition when destroying guests. Closes: #717893 Thanks to Ferenc Wágner for sorting this out. linux (3.2.51-1) wheezy; urgency=low . * New upstream stable update: http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.47 - xfs: kill suid/sgid through the truncate path. - ALSA: usb-audio: fix possible hang and overflow in parse_uac2_sample_rate_range() - ALSA: usb-audio: avoid integer overflow in create_fixed_stream_quirk() - xen-netfront: reduce gso_max_size to account for max TCP header - jfs: fix a couple races - USB: revert periodic scheduling bugfix (fixes regression in 3.2.39) - USB: keyspan: fix bogus array index - Bluetooth: Fix missing length checks for L2CAP signalling PDUs - swap: avoid read_swap_cache_async() race to deadlock while waiting on discard I/O completion - mm: migration: add migrate_entry_wait_huge() - USB: spcp8x5: fix device initialisation at open - USB: pl2303: fix device initialisation at open - md/raid1: consider WRITE as successful only if at least one non-Faulty and non-rebuilding drive completed it. http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.48 - ARM: 7755/1: handle user space mapped pages in flush_kernel_dcache_page - ARM: 7772/1: Fix missing flush_kernel_dcache_page() for noMMU - [x86] Modify UEFI anti-bricking code - tcp: fix tcp_md5_hash_skb_data() - ipv6: fix possible crashes in ip6_cork_release() - r8169: fix 8168evl frame padding. - ip_tunnel: fix kernel panic with icmp_dest_unreach - net: Block MSG_CMSG_COMPAT in send(m)msg and recv(m)msg - net: force a reload of first item in hlist_nulls_for_each_entry_rcu - net: sctp: fix NULL pointer dereference in socket destruction - l2tp: Fix PPP header erasure and memory leak - ncpfs: fix rmdir returns Device or resource busy (regression in 3.1) http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.49 - zram: avoid invalid memory access in zram_exit() - zram: use zram->lock to protect zram_free_page() in swap free notify path - zram: avoid access beyond the zram device - zram: protect sysfs handler from invalid memory access - Bluetooth: Fix crash in l2cap_build_cmd() with small MTU - xhci: check for failed dma pool allocation - drivers: hv: switch to use mb() instead of smp_mb() - media: dmxdev: remove dvb_ringbuffer_flush() on writer side - hw_breakpoint: Use cpu_possible_mask in {reserve,release}_bp_slot() - iommu/amd: Only unmap large pages from the first pte - futex: Take hugepages into account when generating futex_key - perf: Disable monitoring on setuid processes for regular users - cgroup: fix RCU accesses to task->cgroups - dlci: acquire rtnl_lock before calling __dev_get_by_name() - dlci: validate the net device in dlci_del() - genirq: Fix can_request_irq() for IRQs without an action (Closes: #709647) - writeback: Fix periodic writeback after fs mount - UBIFS: fix a horrid bug - data race between readdir and llseek - powerpc/smp: Section mismatch from smp_release_cpus to __initdata spinning_secondaries - ext3,ext4: don't mess with dir_file->f_pos in htree_dirblock_to_tree() - jbd2: fix theoretical race in jbd2__journal_restart - drivers/dma/pl330.c: fix locking in pl330_free_chan_resources() - ocfs2: xattr: fix inlined xattr reflink - crypto: sanitize argument for format string - hpfs: better test for errors - iscsi-target: Fix tfc_tpg_nacl_auth_cit configfs length overflow - perf: Clone child context from parent context pmu - perf: Remove WARN_ON_ONCE() check in __perf_event_enable() for valid scenario - perf: Fix perf_lock_task_context() vs RCU - perf: Fix perf mmap bugs - perf: Fix mmap() accounting hole - ext4: fix overflow when counting used blocks on 32-bit architectures - ext4: fix data offset overflow in ext4_xattr_fiemap() on 32-bit archs http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.50 - macvtap: fix recovery from gup errors - neighbour: fix a race in neigh_destroy() - net: Swap ver and type in pppoe_hdr - ipv6,mcast: always hold idev->lock before mca_lock - macvtap: correctly linearize skb when zerocopy is used - 9p: fix off by one causing access violations and memory corruption - atl1e: fix dma mapping warnings - atl1e: unmap partially mapped skb on dma error and free skb - vlan: fix a race in egress prio management - [sparc] tsb must be flushed before tlb - virtio_net: fix race in RX VQ processing - bnx2fc: Fix incorrect memset in bnx2fc_parse_fcp_rsp - xen/blkback: Check for insane amounts of request on the ring (v6). - lockd: protect nlm_blocked access in nlmsvc_retry_blocked - ext4: don't allow ext4_free_blocks() to fail due to ENOMEM - ACPI / memhotplug: Fix a stale pointer in error path - ALSA: Fix unlocked snd_pcm_stop() calls in various drivers - Btrfs: fix lock leak when resuming snapshot deletion - Btrfs: re-add root to dead root list if we stop dropping it - ALSA: usb-audio: 6fire: return correct XRUN indication - [x86] isci: Fix a race condition in the SSP task management path - sd: fix crash when UA received on DIF enabled device - nfsd: nfsd_open: when dentry_open returns an error do not propagate as struct file - staging: comedi: fix a race between do_cmd_ioctl() and read/write - usb: host: xhci: Enable XHCI_SPURIOUS_SUCCESS for all controllers with xhci 1.0 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.51 - sctp: fully initialize sctp_outq in sctp_outq_init - ipv6: take rtnl_lock and mark mrt6 table as freed on namespace cleanup - net_sched: Fix stack info leak in cbq_dump_wrr(). - af_key: more info leaks in pfkey messages - net_sched: info leak in atm_tc_dump_class() - ALSA: ak4xx-adda: info leak in ak4xxx_capture_source_info() - NFSv4.1: integer overflow in decode_cb_sequence_args() - jfs: fix readdir cookie incompatibility with NFSv4 (Closes: #714974) - mac80211: fix duplicate retransmission detection - [arm] 7791/1: a.out: remove partial a.out support - [x86] fpu: correct the asm constraints for fxsave, unbreak mxcsr.daz - USB: mos7840: fix race in register handling - serial/mxs-auart: fix race condition in interrupt handler - serial/mxs-auart: increase time to wait for transmitter to become idle - ixgbe: Fix Tx Hang issue with lldpad on 82598EB - virtio: console: fix race with port unplug and open/close - virtio: console: fix race in port_fops_open() and port unplug - virtio: console: clean up port data immediately at time of unplug - ACPI / battery: Fix parsing _BIX return value (Closes: #721468) - cifs: extend the buffer length enought for sprintf() using - iwlwifi: dvm: fix calling ieee80211_chswitch_done() with NULL - ALSA: 6fire: fix DMA issues with URB transfer_buffer usage - cifs: don't instantiate new dentries in readdir for inodes that need to be revalidated immediately (fixes regression in 3.2.46) - hwmon: (adt7470) Fix incorrect return code check - zd1201: do not use stack as URB transfer_buffer - Hostap: copying wrong data prism2_ioctl_giwaplist() - ALSA: 6fire: make buffers DMA-able (pcm) - ALSA: 6fire: make buffers DMA-able (midi) - jbd2: Fix use after free after error in jbd2_journal_dirty_metadata() - [arm] 7809/1: perf: fix event validation for software group leaders - [arm] perf: Fix armpmu_map_hw_event() - fs/proc/task_mmu.c: fix buffer overflow in add_page_map() - USB: mos7720: fix broken control requests - USB: keyspan: fix null-deref at disconnect and release - block: Add bio_for_each_segment_all() - sg: Fix user memory corruption when SG_IO is interrupted by a signal - of: fdt: fix memory initialization for expanded DT - nilfs2: remove double bio_put() in nilfs_end_bio_write() for BIO_EOPNOTSUPP error - nilfs2: fix issue with counting number of bio requests for BIO_EOPNOTSUPP error detection - ath9k_htc: Restore skb headroom when returning skb to mac80211 - [powerpc] Don't Oops when accessing /proc/powerpc/lparcfg without hypervisor - [powerpc] Work around gcc miscompilation of __pa() on 64-bit - SUNRPC: Fix memory corruption issue on 32-bit highmem systems - drivers/base/memory.c: fix show_mem_removable() to handle missing sections - [x86] get_unmapped_area: Access mmap_legacy_base through mm_struct member - [s390] KVM: move kvm_guest_enter,exit closer to sie . [ Ben Hutchings ] * cassini: Make missing firmware non-fatal (Closes: #714128) * drm, agp: Update to 3.4.61: - drm/radeon: fix card_posted check for newer asics - radeon: Fix system hang issue when using KMS with older cards - drm/radeon: don't allow audio on DCE6 - drm: fix a use-after-free when GPU acceleration disabled - drm/i915/sdvo: Use &intel_sdvo->ddc instead of intel_sdvo->i2c for DDC. - drm/i915: no lvds quirk for hp t5740 - drm/gma500: Increase max resolution for mode setting - drm/gma500/psb: Unpin framebuffer on crtc disable - drm/gma500/cdv: Unpin framebuffer on crtc disable - drm/i915: prefer VBT modes for SVDO-LVDS over EDID - drm/radeon: fix endian issues with DP handling (v3) - drm/radeon: fix combios tables on older cards - drm/radeon: improve dac adjust heuristics for legacy pdac - drm/radeon/atom: initialize more atom interpretor elements to 0 - drm/i915: quirk no PCH_PWM_ENABLE for Dell XPS13 backlight - drm/i915/lvds: ditch ->prepare special case - drm/i915: Invalidate TLBs for the rings after a reset - drm/vmwgfx: Split GMR2_REMAP commands if they are to large - drm/i915: ivb: fix edp voltage swing reg val * m25p80: Add support for Micron N25Q128 including 3V variant (Closes: #714092) * [x86] Revert "drm/i915: GFX_MODE Flush TLB Invalidate Mode must be '1' for scanline waits" (possibly fixes: #703715, #704987 and others) * ata: Disable SATA_INIC162X - this driver corrupts data and is not expected to be fixed (Closes: #714295) * Update debconf template translations: - Update Brazilian Portugese (Fernando Ike de Oliveira) (Closes: #719725) - Update Japanese ('victory') (Closes: #719939) * [x86] efivars: Enable the improved check for free space; this should avoid either risk of bricking Samsung systems or refusing to set the boot configuration on Asus systems * mvsas: Recognise device/subsystem 9485/9485 as 88SE9485 * ipv6: remove max_addresses check from ipv6_create_tempaddr (CVE-2013-0343) * Revert "zram: use zram->lock to protect zram_free_page() in swap free notify path" (regression in 3.2.49) * HID: validate HID report id size (CVE-2013-2888) * HID: pantherlord: validate output report details (CVE-2013-2892) * HID: ntrig: validate feature report details (CVE-2013-2896) * HID: picolcd_core: validate output report details (CVE-2013-2899) * HID: check for NULL field when setting values * [rt] Update to 3.2.51-rt72: - sched/workqueue: Only wake up idle workers if not blocked on sleeping spin lock - x86/mce: fix mce timer interval - genirq: Set irq thread to RT priority on creation - list_bl.h: make list head locking RT safe - list_bl.h: fix it for for !SMP && !DEBUG_SPINLOCK - timers: prepare for full preemption improve - kernel/cpu: fix cpu down problem if kthread's cpu is going down - kernel/hotplug: restore original cpu mask oncpu/down - drm/i915: drop trace_i915_gem_ring_dispatch on rt - rt,ntp: Move call to schedule_delayed_work() to helper thread - hwlat-detector: Update hwlat_detector to add outer loop detection - hwlat-detect/trace: Export trace_clock_local for hwlat-detector - hwlat-detector: Use trace_clock_local if available - hwlat-detector: Use thread instead of stop machine - genirq: do not invoke the affinity callback via a workqueue * linux-doc: Include aufs documentation * aufs: Apply bug fixes from 3.2.x branch: - Update Sourceforge URLs in documentation - Fix build with CONFIG_AUFS_DEBUG=y - Make sure the target branch is upper before copy-up - Fix error handling in au_reopen_nondir() - Track pseudo-links with hlist, addressing poor performance and WARNING during package installation - Add necessary memory barriers around i_nlink updates - Fix unbalanced au_unpin() in au_file_refresh_by_inode() - Do not copy-up the S_AUTOMOUNT inode flag * kernel-doc: bugfix - multi-line macros (fixes build failure in 3.2.51) . [ Aurelien Jarno ] * [s390] Revert "s390: Use direct ktime path for s390 clockevent device" to fix kernel hard hang after a few hours (Closes: #719993). linux (3.2.46-1+deb7u1) wheezy-security; urgency=low . [ Ian Campbell ] * Fix regression in "xen: netback: shutdown the ring if it contains garbage (CVE-2013-0216)" (Closes: #701744) . [ dann frazier ] * libceph: Fix NULL pointer dereference in auth client code (CVE-2013-1059) * fanotify: info leak in copy_event_to_user() (CVE-2013-2148) * drivers/cdrom/cdrom.c: use kzalloc() for failing hardware (CVE-2013-2164) * ipv6: ip6_sk_dst_check() must not assume ipv6 dst (CVE-2013-2232) * af_key: fix info leaks in notify messages (CVE-2013-2234) * af_key: initialize satype in key_notify_policy_flush() (CVE-2013-2237) * block: do not pass disk names as format strings (CVE-2013-2851) * b43: stop format string leaking into error msgs (CVE-2013-2852) * ipv6: call udp_push_pending_frames when uncorking a socket (CVE-2013-4162) * ipv6: ip6_append_data_mtu did not care about pmtudisc and frag_size (CVE-2013-4163) linux (3.2.46-1+deb7u1~bpo60+1) squeeze-backports; urgency=low . * Rebuild for squeeze: - Use gcc-4.4 for all architectures - Disable building of udebs - Change ABI number to 0.bpo.4 - Monkey-patch Python collections module to add OrderedDict if necessary - [armel] Disable CRYPTO_FIPS, VGA_ARB, FTRACE on iop32x and ixp4xx to reduce kernel size (as suggested by Arnaud Patard) - Use QUILT_PATCH_OPTS instead of missing quilt patch --fuzz option - Make build target depend on build-arch only, so we don't redundantly build documentation on each architecture . linux (3.2.46-1+deb7u1) wheezy-security; urgency=low . [ Ian Campbell ] * Fix regression in "xen: netback: shutdown the ring if it contains garbage (CVE-2013-0216)" (Closes: #701744) . [ dann frazier ] * libceph: Fix NULL pointer dereference in auth client code (CVE-2013-1059) * fanotify: info leak in copy_event_to_user() (CVE-2013-2148) * drivers/cdrom/cdrom.c: use kzalloc() for failing hardware (CVE-2013-2164) * ipv6: ip6_sk_dst_check() must not assume ipv6 dst (CVE-2013-2232) * af_key: fix info leaks in notify messages (CVE-2013-2234) * af_key: initialize satype in key_notify_policy_flush() (CVE-2013-2237) * block: do not pass disk names as format strings (CVE-2013-2851) * b43: stop format string leaking into error msgs (CVE-2013-2852) * ipv6: call udp_push_pending_frames when uncorking a socket (CVE-2013-4162) * ipv6: ip6_append_data_mtu did not care about pmtudisc and frag_size (CVE-2013-4163) lm-sensors (1:3.3.2-2+deb7u1) wheezy; urgency=low . * Backport patches from upstream to skip probing for EDID or graphics cards, as it might causes hardware breakage (closes: #724736). lvm2 (2.02.95-8) stable; urgency=low . * Fix udev rules. - Properly exclude special devices, this part got lost. (closes: #718582) - Always call udev sync. mapserver (6.0.1-3.2+deb7u1) stable-proposed-updates; urgency=low . [ Francesco Paolo Lovergine ] * Fixed typo that prevented AGG use in debian/rules. (closes: #663875) . [ Bas Couwenberg ] * Cherry pick fix for strict Content-Type matching from v6.2.1: https://github.com/faegi/mapserver/commit/426193cf5f6b34c97cceef2aca4649c604756cd0 mdbtools (0.7-1+deb7u1) wheezy; urgency=low . * Version libiodbc Breaks now that it can load multiarch drivers, drop matching lintian overrive. * Fix SEGV in blob data handling (Closes: #713826) * Fixed double free SEGV in gmdb2 dissector. mediawiki (1:1.19.5-1+deb7u1) stable-security; urgency=low . * CVE-2013-4302: apply patch from upstream to prevent access to anti-CSRF tokens via JSONP mesa (8.0.5-4+deb7u2) wheezy-security; urgency=high . * Memory corruption (OOB read/write) on intel drivers [CVE-2013-1872] meta-gnome3 (1:3.4+7+deb7u1) stable; urgency=low . * Demote xul-ext-adblock-plus to Suggests. Icedove and Iceweasel receive major updates via stable-security causing them to get out of sync and making xul-ext-adblock-plus and thus the gnome metapackage uninstallable. Closes: #715555 moin (1.9.4-8+deb7u2) stable; urgency=low . * Backport fix from upstream: Do not create empty pagedir (with empty edit-log). Closes: #721557 multipath-tools (0.4.9+git0.4dfdaf2b-7~deb7u1) stable-proposed-updates; urgency=low . * 0.4.9+git0.4dfdaf2b-7~deb7u1 for Wheezy multipath updates mutt (1.5.21-6.2+deb7u1) stable; urgency=low . * Non-maintainer upload with maintainer approval. * Update 584138-mx_update_context-segfault.patch Stop segfaulting when listing folders with new mails over imap. Thanks: Nikolaus Schulz Closes: #626294 * Update features/imap_fast_trash Don't send saved messages to trash Thanks: Chow Loong Jin Closes: #721860 myodbc (5.1.10-2+deb7u1) wheezy; urgency=low . * Non-maintainer upload. * Version libiodbc Breaks now that it can load multiarch drivers. myodbc (5.1.10-2+build1) unstable; urgency=low . * Non-maintainer upload. * No-change sourceful upload to restore multiarch co-installability of libmyodbc by clearing binNMU state. netcfg (1.108+deb7u1) wheezy; urgency=low . [ Philipp Kern ] * Wrap dpkg-query call to check for network-manager with sh. Thanks to Michael Biebl for the patch. (Closes: #717449) nginx (1.2.1-2.2+wheezy1) stable-security; urgency=high . * debian/patches/fix-CVE-2013-2070.patch: + Fixed the buffer overflow issue found on may 13th 2013. See: CVE-2013-2070 for more details. nmap (6.00-0.3+deb7u1) stable; urgency=high . * Backport fix for CVE-2013-4885 (remote arbitrary file creation vulnerability) from upstream SVN repository, r31576 (Closes: #719289). The fix has been implemented by adding a filename_escape() function to the stdnse.lua standard library. The following NSE scripts have been modified to use it: . - domino-enum-users.nse - hostmap-bfk.nse - http-config-backup.nse - http-domino-enum-passwords.nse - ms-sql-dump-hashes.nse - snmp-ios-config.nse - stuxnet-detect.nse openafs (1.6.1-3+deb7u1) wheezy-security; urgency=high . * Apply upstream security patches: - OPENAFS-SA-2013-003: New support for non-DES enctypes in the long-lived AFS key. This requires deploying rxkad.keytab files on each server containing all of the encryption types for the cell AFS key. Once this is deployed on servers, DES will only be used for the session key. Once deployed on all clients, a stronger security mechanism will be used that allows the DES keys to be removed from the AFS principal in the Kerberos KDC (but still uses DES for some session encryption purposes). (CVE-2013-4134) - OPENAFS-SA-2013-004: Properly support the -encrypt option in vos, including with -localauth. (CVE-2013-4135) openafs (1.6.1-3+deb7u1~bpo60+1) squeeze-backports; urgency=high . * Backport to oldstable. . openafs (1.6.1-3+deb7u1) wheezy-security; urgency=high . * Apply upstream security patches: - OPENAFS-SA-2013-003: New support for non-DES enctypes in the long-lived AFS key. This requires deploying rxkad.keytab files on each server containing all of the encryption types for the cell AFS key. Once this is deployed on servers, DES will only be used for the session key. Once deployed on all clients, a stronger security mechanism will be used that allows the DES keys to be removed from the AFS principal in the Kerberos KDC (but still uses DES for some session encryption purposes). (CVE-2013-4134) - OPENAFS-SA-2013-004: Properly support the -encrypt option in vos, including with -localauth. (CVE-2013-4135) openvpn (2.2.1-8+deb7u2) wheezy; urgency=low . * Applied upstream patch to fix UDP fails. Thanks Gert Doering for the pointer (Closes: #712414) openvrml (0.18.9-5+deb7u1) wheezy; urgency=low . * Disable JavaScript support as newer versions of Mozilla's JS engine are not supported by openvrml. (Closes: #710616) openvswitch (1.4.2+git20120612-9.1~deb7u1) wheezy-proposed-updates; urgency=low . * Rebuild for Wheezy. otrs2 (3.1.7+dfsg1-8+deb7u3) stable-security; urgency=high . * Add patch 34-CVE-2013-4717 which fixes CVE-2013-4717, also known as OSA-2013-05: An attacker with a valid agent login could manipulate URLs leading to SQL injection. otrs2 (3.1.7+dfsg1-8+deb7u2) stable-security; urgency=high . * Add patch 33-CVE-2013-4088 which fixes CVE-2013-4088, also known as OSA-2013-04: An attacker with a valid agent login could manipulate URLs in the ticket watch mechanism to see contents of tickets they are not permitted to see. perl (5.14.2-21+deb7u1) stable; urgency=low . * Fix issue with shared references disappearing on sub return (Closes: #718438) * Make perlbug.PL look up local patches at runtime (Closes: #710842) * Apply patch from upstream fixing Digest::SHA double-free crash (Closes: #711206) * Apply correctness patches from 5.14.4: - pl_eval_start_use_after_free.diff - regcomp_fix_segv.diff - list_util_off_by_two.diff - sdbm_off_by_one.diff - socket_unpack_sockaddr_un_heap_buffer_overflow.diff perspectives-extension (4.3.1-1+deb7u1) wheezy; urgency=low . * Backport security fix from 4.3.6. Incorrect quorum length with low number of notaries and/or low quorum percentage. (Closes: #724960) php-radius (1.2.5-2.3+deb7u1) wheezy-security; urgency=high . * Non-maintainer upload. * Fix security issue in radius_get_vendor_attr() (CVE-2013-2220, closes: #714362) php5 (5.4.4-14+deb7u5) stable; urgency=low . [ William Dauchy ] * Fix zend_mm_heap corrupted when using traits (Closes: #719507) * Fix inheritance with Traits failing with error (Closes: #721127) * Fix segfault when using traits a lot (Closes: #721336) * Don't reset mod_user_is_open in destroy (Closes: #722222) + Removes an annoying warning when using sessions * Add myself to maintainers . [ Ondřej Surý ] * Upload to stable-proposed-updates php5 (5.4.4-14+deb7u4) stable; urgency=low . * [CVE-2013-4248]: Fix handling of certs with NULL bytes (Closes: #719765) php5 (5.4.4-14+deb7u3) stable; urgency=low . * CVE-2013-4113: Fix heap corruption in xml parser (Closes: #717139) * Pull upstream fix for segfaults in PDO module when using password longer than 30 chars or in out of bound colnums in getColumnMeta() (Closes: #711980). * Make the php5{en,dis}mod more resilient: + Don't fail when there's no /etc/php5/mods-available/.ini + Don't fail when the symlink in /etc/php5/conf.d/ is different phpbb3 (3.0.10-4+deb7u1) wheezy-security; urgency=high . * Fix chown in cache (closes: #711172) * Fix world-writable directories postgresql-common (134wheezy4) stable; urgency=low . * debian/supported-versions: Use "7|7.*" to recognize wheezy; point releases now increment the second version number component. (Closes: #712586) proftpd-dfsg (1.3.4a-5+deb7u1) stable-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix invalid pool authentication in mod_sftp/mod_sftp_pam during kbdint authentication leading to DoS conditions (CVE-2013-4359; Closes: #723179). puppet (2.7.23-1~deb7u1) wheezy-security; urgency=high . * Imported upstream release 2.7.23 (CVE-2013-4761, CVE-2013-4956) - removed backported security patches included in 2.7.23 puppet (2.7.18-5) wheezy-security; urgency=high . * Import upstream patch to fix YAML loading vulnerability (CVE-2013-3567) putty (0.62-9+deb7u1) stable-security; urgency=high . * CVE-2013-4206: Buffer underrun in modmul could corrupt the heap. * CVE-2013-4852: Negative string length in public-key signatures could cause integer overflow and overwrite all of memory (closes: #718779). * CVE-2013-4207: Non-coprime values in DSA signatures can cause buffer overflow in modular inverse. * CVE-2013-4208: Private keys were left in memory after being used by PuTTY tools. * Backport some general proactive potentially-security-relevant tightening from upstream. pymongo (2.2-4+deb7u1) stable-security; urgency=high . * Fix "CVE-2013-2132: null pointer when decoding invalid DBRef" Backported upstream patches from version 2.5 (Closes: #710597) pyopencl (2012.1.dfsg-1) stable; urgency=low . * Remove non-free file from examples (#722014) and now-unnecessary entry from debian/copyright (Closes: #723587). pyopenssl (0.13-2+deb7u1) wheezy-security; urgency=high . * Non-maintainer upload by the Security Team. * Add CVE-2013-4314.patch patch. CVE-2013-4314: Fix hostname check bypassing vulnerability with server certificates that have a null byte in the subjectAltName. (Closes: #722055) python-defaults (2.7.3-4+deb7u1) stable; urgency=low . * Add symlink for /usr/bin/python2 (Closes: #723182) - This was inadvertently omitted during Wheezy development, but is already fixed in jessie (the fix proposed here is identical) python-django (1.4.5-1+deb7u4) stable-security; urgency=high . * Stable security update. Fixes CVE-2013-1443. Closes: #723043. https://www.djangoproject.com/weblog/2013/sep/15/security/ - Denial-of-service via large passwords. python-django (1.4.5-1+deb7u3) stable-security; urgency=high . * New upstream security release. https://www.djangoproject.com/weblog/2013/sep/ - Directory traversal with ``ssi`` template tag * Correct invalid date on patch headers. python-django (1.4.5-1+deb7u2) stable-security; urgency=high . * No change rebuild. Brings back missing jquery symlinks. Closes: #721397 python-django (1.4.5-1+deb7u1) stable-security; urgency=high . * New upstream security release. https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/ - Possible cross-site scripting via django.utils.http.is_safe_url * Update uploaders field. * Patch testcases to use an invalid domain. python-dns (2.3.6-1+deb7u1) stable; urgency=low . * Add debian/patches/pydns_timeout.patch to fix timeouts associated with only one of several available nameservers being unavailable (Closes: #718547): - Only raise timeout error after trying all available servers - Stop lookups once an answer is gotten python-httplib2 (0.7.4-2+deb7u1) stable; urgency=low . * Team upload. . [Vincent Bernat] * Stable update to fix CVE-2013-2037. This closes: #706602 by applying the same patch as in unstable. python-keystoneclient (2012.1-3+deb7u1) wheezy; urgency=low . * CVE-2013-2013: OpenStack keystone password disclosure on command line redmine (1.4.4+dfsg1-2+deb7u1) wheezy; urgency=low . [ Ondřej Surý ] * Pull upstream fixes for Ruby 1.9 as default interpreter: + Use DateTime.parse as alternative to ParseDate.parsedate, fixing time series and schedule SVG graphs. (Closes: #700754) + Use ::Time from global namespace, fixing REST Issue API. (Closes: #700009) rt-tests (0.83-1+deb7u1) wheezy; urgency=low . * backport dd6ae11 (hackbench: init child's struct before using it) to make hackbench work on armhf. (Closes: #711363) rygel (0.14.3-2+deb7u1) wheezy; urgency=low . * Non-maintainer upload. * Don't symlink /usr/share/autostart/rygel.desktop to prevent autostart of rygel by default. The default configuration file contains settings exposing files to the LAN by default. (Closes: #706478). sage-extension (1.4.12-3+deb7u1) wheezy; urgency=low . * Non-maintainer upload. * checkLoadURI.patch: new patch for compatibility with Iceweasel 17, ensures that links in the main window are clickable. (Closes: #724531) samba (2:3.6.6-6+deb7u1) wheezy; urgency=low . * Security update * CVE-2013-4124: Denial of service - CPU loop and memory allocation Closes: #718781 shotwell (0.12.3-2+deb7u1) stable; urgency=low . * Team upload. * debian/patches/no_assertion.patch: - Cherry-pick patch from upstream to fix crashes at startup replacing an assertion with a short-circuit return (Closes: #722909). shutdown-at-night (0.10+deb7u1) wheezy; urgency=low . * Quiet down cron job to wake up client to not complain when fping notice they are unavailable. sitesummary (0.1.8+deb7u1) wheezy; urgency=low . * No change upload targeted at wheezy-proposed-update for the upcoming 7.2 release. sitesummary (0.1.8) unstable; urgency=low . * nagios-plugins/check_kernel_status: Add support for new format of /proc/version introduced in kernel package version 3.2.32-1. sitesummary (0.1.7) unstable; urgency=low . [ David Prévot ] * debian/control: Fix Vcs- entries. sitesummary (0.1.6) unstable; urgency=low . [ Petter Reinholdtsen ] * Make Nagios config more robust, ignore hosts without any name and address, which must be the result of a corrupt sitesummary entry. * Do not check xenfs file systems when generating Nagios config. . [ David Prévot ] * Add Italian debconf translation, thanks to Beatrice Torracca (closes: #691353). * Fix encoding in German debconf translation. slbackup-php (0.4.3-2+deb7u1) stable-proposed-updates; urgency=low . * /debian/control: + Use my DD mail address in Uploaders: field. * /debian/patches: (Closes: #700257). + Add patch 001_fix-nonhttps-logins.patch. Store nonhttps param in client-side cookie and update it if changed via query string. + Add patch 002_default-backuphost-to-localhost.patch. Stop relying on a »backup« host in /etc/hosts or DNS. Makes slbackup-php work out-of-the-box on vanilla Debian (opposed to Debian Edu) systems. + Add patch 003_fix-dir-for-config-file.patch. Search for config file in our own /etc/ folder namespace. smbldap-tools (0.9.7-1+deb7u1) stable; urgency=low . * Stable update to fix bug #700477 for Wheezy as requested by debian-edu people. * Fix bug #670246 for Wheezy (the fix is just adding a parenthesis and the warning is really annoying). stellarium (0.11.3-1+deb7u1) wheezy; urgency=high . * Do not crash when OpenGL is not available (Closes: #709303) subversion (1.6.17dfsg-4+deb7u4) wheezy; urgency=low . * Non-maintainer upload. * patches/python-swig205: Backport upstream patch to fix Python bindings when built against swig 2.0.5+. (Closes: #683188) * Remove patches/chunksize-integer.patch swift (1.4.8-2+deb7u1) wheezy-security; urgency=high . * CVE-2013-2161: Applied fix for unchecked user input in Swift XML responses (Closes: #712202). * CVE-2013-4155: Backported fix for Denial of Service using superfluous object tombstones (Closes: #719008). * Updated debian/gbp.conf to track Wheezy fixes. sysvinit (2.88dsf-41+deb7u1) stable-proposed-updates; urgency=low . [ Roger Leigh ] * Correct the Breaks on bootchart to ensure that all broken versions are removed on upgrade (Closes: #694252). Break bootchart << 0.10~svn407-4 to ensure that 0.10~svn407-3.3 and earlier are removed. telepathy-gabble (0.16.7-0+deb7u1) wheezy; urgency=low . * debian/gbp.conf: switch to wheezy branch * New upstream stable release - drop patch for CVE-2013-1431, fixed upstream - work around Facebook server behaviour change so we don't consider its service discovery response to be spoofed (Closes: #721883) - fix potential FTBFS in highly-parallel builds - initialize libdbus for thread-safety, as a precaution against plugins which might use it in a thread (e.g. libproxy GIO extension) telepathy-gabble (0.16.6-1) unstable; urgency=high . * New upstream stable release - CVE-2013-1431: respect the require-encryption flag on legacy Jabber servers. This flag is on by default: to connect to legacy Jabber servers, either disable "Encryption required (TLS/SSL)" or enable "Use old SSL". telepathy-idle (0.1.11-2+deb7u1) wheezy; urgency=low . * Validate TLS certificates (Closes: #706094) * debian/NEWS: suggest the telepathy-idle backport for users who need interactive TLS certificate validation tiff (4.0.2-6+deb7u2) stable-security; urgency=high . * Incorporated fixes to security issues CVE-2013-4231, CVE-2013-4232. (Closes: #719303) * Incorporated fix to CVE-2013-4244. tiff (4.0.2-6+deb7u1) stable-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix cve-2013-1960: heap-based buffer overlow in tiff2pdf (closes: #706675). * Fix cve-2013-1961: stack-based buffer overflow in tiff2pdf (closes: #706674). tntnet (2.1-2+deb7u1) stable; urgency=high . * Fix insecure default tntnet.conf. (Closes: #724746) tomcat6 (6.0.35-6+deb7u1) stable-security; urgency=low . * CVE-2012-3544, CVE-2013-2067 torrus (2.03-2+deb7u1) stable-proposed-updates; urgency=low . * Fix SNMPv1 issues (Closes: #715365) * debian/patches/20_collector_snmpv1.patch: upstream commit 2f468f3e0aef02657b066baa98504dc98e841888 (Bugfix in collector: maxrepetitions is unsupported in SNMPv1) * debian/patches/20_walksnmptable_snmpv1.patch: upstream commit 5985de2ace378ff8179ab9229470bd321728d061 (Bugfix in walkSnmpTable(): maxrepetitions is only applicable in SNMPv2 or v3) Thanks to Andre Beck for identifying and testing the necessary commits. trac (0.12.5-3~deb7u1) wheezy; urgency=low . * upload to wheezy . trac (0.12.5-3) unstable; urgency=low . * apply a fix from upstream to fix svn blame and suggest when using newer jquery (Closes: #704607) . trac (0.12.5-2) unstable; urgency=low . * Move to unstable, trying to target a wheezy point release * Standards-Version: bumped to 3.9.4 (no changes needed) * added myself to Uploaders . trac (0.12.5-1) experimental; urgency=low . [ W. Martin Borgert ] * New upstream 0.12.5 (long term support). . trac (0.12.4-1) experimental; urgency=low . [ W. Martin Borgert ] * New upstream 0.12.4 (long term support). trac (0.12.5-2) unstable; urgency=low . * Move to unstable, trying to target a wheezy point release * Standards-Version: bumped to 3.9.4 (no changes needed) * added myself to Uploaders trac (0.12.5-1) experimental; urgency=low . [ W. Martin Borgert ] * New upstream 0.12.5 (long term support). trac (0.12.4-1) experimental; urgency=low . [ W. Martin Borgert ] * New upstream 0.12.4 (long term support). ttytter (2.1.0-1~deb7u1) wheezy; urgency=low . * Rebuild for wheezy. . ttytter (2.1.0-1) unstable; urgency=low . * New upstream release (closes: #684335). * Implements support for Twitter API 1.1 (closes: #693147). tzdata (2013d-0wheezy1) stable; urgency=low . * New upstream version. tzdata (2013d-0squeeze1) oldstable; urgency=low . * New upstream release tzdata (2013c-2) unstable; urgency=low . * Use rdfind + symlinks instead of fdupes + handcoded shell script to get rid of hardlinks. * Provides: tzdata-jessie instead of tzdata-wheezy. * debian/rules: use dh_prep instead of dh_clean -k. tzdata (2013c-1) experimental; urgency=low . * New upstream version. user-mode-linux (3.2-2um-1+deb7u2) wheezy-security; urgency=high . * Rebuild against linux-source-3.2 (3.2.46-1+deb7u1): * Fix regression in "xen: netback: shutdown the ring if it contains garbage (CVE-2013-0216)" * libceph: Fix NULL pointer dereference in auth client code (CVE-2013-1059) * fanotify: info leak in copy_event_to_user() (CVE-2013-2148) * drivers/cdrom/cdrom.c: use kzalloc() for failing hardware (CVE-2013-2164) * ipv6: ip6_sk_dst_check() must not assume ipv6 dst (CVE-2013-2232) * af_key: fix info leaks in notify messages (CVE-2013-2234) * af_key: initialize satype in key_notify_policy_flush() (CVE-2013-2237) * block: do not pass disk names as format strings (CVE-2013-2851) * b43: stop format string leaking into error msgs (CVE-2013-2852) * ipv6: call udp_push_pending_frames when uncorking a socket (CVE-2013-4162) * ipv6: ip6_append_data_mtu did not care about pmtudisc and frag_size (CVE-2013-4163) * New upstream stable update: http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.42 - TTY: do not reset master's packet mode - l2tp: Restore socket refcount when sendmsg succeeds - tun: add a missing nf_reset() in tun_net_xmit() - netlabel: correctly list all the static label mappings - sctp: Use correct sideffect command in duplicate cookie handling - rtlwifi: rtl8192cu: Fix problem that prevents reassociation - inet: limit length of fragment queue hash table bucket lists - sfc: Properly sync RX DMA buffer when it is not the last in the page - sfc: Fix efx_rx_buf_offset() in the presence of swiotlb - sfc: Only use TX push if a single descriptor is to be written - ext4: fix the wrong number of the allocated blocks in ext4_split_extent() - jbd2: fix use after free in jbd2_journal_dirty_metadata() - ext4: convert number of blocks to clusters properly - ext4: use atomic64_t for the per-flexbg free_clusters count - cifs: delay super block destruction until all cifsFileInfo objects are gone - USB: xhci: correctly enable interrupts (possibly fix for #703470) - [amd64] Fix the failure case in copy_user_handle_tail() - dm thin: fix discard corruption - USB: serial: fix interface refcounting - vfs,proc: guarantee unique inodes in /proc http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.43 - [armhf/mx5] ASoC: imx-ssi: Fix occasional AC97 reset failure - rtlwifi: usb: add missing freeing of skbuff - xen-blkback: fix dispatch_rw_block_io() error path - net/irda: add missing error path release_sock call - sysfs: fix race between readdir and lseek - sysfs: handle failure path correctly for readdir() - NFSv4.1: Fix a race in pNFS layoutcommit - usb: xhci: Fix TRB transfer length macro used for Event TRB. - nfsd4: reject "negative" acl lengths - Nest rename_lock inside vfsmount_lock - [x86] iommu/amd: Make sure dma_ops are set for hotplug devices - b43: A fix for DMA transmission sequence errors - reiserfs: Fix warning and inode leak when deleting inode with xattrs - virtio: console: add locking around c_ovq operations - mm: prevent mmap_cache race in find_vma() - ixgbe: fix registration order of driver and DCA nofitication - key: Fix resource leak - udf: Fix bitmap overflow on large filesystems with small block size - NFS: nfs_getaclargs.acl_len is a size_t - loop: prevent bdev freeing while device in use - sky2: Threshold for Pause Packet is set wrong - 8021q: fix a potential use-after-free - unix: fix a race condition in unix_release() - atl1e: drop pci-msi support because of packet corruption (possibly fixes: #577747) - ipv6: don't accept multicast traffic with scope 0 - ipv6: don't accept node local multicast traffic from the wire - pch_gbe: fix ip_summed checksum reporting on rx - HID: microsoft: do not use compound literal (fixes FTBFS on m68k) http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.44 - USB: serial: fix use-after-free in TIOCMIWAIT - hrtimer: Don't reinitialize a cpu_base lock on CPU_UP - crypto: gcm - fix assumption that assoc has one segment - sched_clock: Prevent 64bit inatomicity on 32bit systems - can: gw: use kmem_cache_free() instead of kfree() - spinlocks and preemption points need to be at least compiler barriers - [x86] mm, paravirt: Fix vmalloc_fault oops during lazy MMU updates - Btrfs: make sure nbytes are right after log replay - kobject: fix kset_find_obj() race with concurrent last kobject_put() - vfs: Revert spurious fix to spinning prevention in prune_icache_sb - ath9k_htc: accept 1.x firmware newer than 1.3 - [armel] Fix kexec by setting outer_cache.inv_all for Feroceon - hugetlbfs: add swap entry check in follow_hugetlb_page() - writeback: fix dirtied pages accounting on redirty - Btrfs: fix race between mmap writes and compression - mtd: Disable mtdchar mmap on MMU systems - fbcon: fix locking harder - hfsplus: fix potential overflow in hfsplus_file_truncate() - sched: Convert BUG_ON()s in try_to_wake_up_local() to WARN_ON_ONCE()s http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.45 - [ia64] Wrong asm register contraints in the futex implementation - [ia64] Wrong asm register contraints in the kvm implementation - [ia64] Fix initialization of CMCI/CMCP interrupts - sysfs: fix use after free in case of concurrent read/write and readdir - nfsd: don't run get_file if nfs4_preprocess_stateid_op return error - ext4/jbd2: don't wait (forever) for stale tid caused by wraparound - jbd2: fix race between jbd2_journal_remove_checkpoint and ->j_commit_callback - hrtimer: Fix ktime_add_ns() overflow on 32bit architectures - nfsd4: don't close read-write opens too soon - wireless: regulatory: fix channel disabling race condition - iwlwifi: dvm: don't send zeroed LQ cmd - powerpc/spufs: Initialise inode->i_ino in spufs_new_inode() (possibly fixes: #707175) - clockevents: Set dummy handler on CPU_DEAD shutdown - powerpc: Add isync to copy_and_flush - fs/fscache/stats.c: fix memory leak - md: bad block list should default to disabled. (fixes regression in 3.1) - inotify: invalid mask should return a error number but not set it (fixes regression in 3.2.40) - fs/dcache.c: add cond_resched() to shrink_dcache_parent() - perf: Fix error return code - [x86] perf: Fix offcore_rsp valid mask for SNB/IVB (CVE-2013-2146) - vm: Introduce and use vm_iomap_memory() helper function - atl1e: limit gso segment size to prevent generation of wrong ip length fields - netfilter: don't reset nf_trace in nf_reset() - rtnetlink: Call nlmsg_parse() with correct header length - tcp: incoming connections might use wrong route under synflood - esp4: fix error return code in esp_output() - net: sctp: sctp_auth_key_put: use kzfree instead of kfree - netrom: fix info leak via msg_name in nr_recvmsg() - netrom: fix invalid use of sizeof in nr_recvmsg() - net: drop dst before queueing fragments - [sparc] sparc64: Fix race in TLB batch processing. - r8169: fix 8168evl frame padding. - ixgbe: add missing rtnl_lock in PM resume path - kernel/audit_tree.c: tree will leak memory when failure occurs in audit_trim_trees() - r8169: fix vlan tag read ordering. http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.46 - nfsd4: don't allow owner override on 4.1 CLAIM_FH opens - ext4: limit group search loop for non-extent files - iscsi-target: Fix processing of OOO commands - cifs: only set ops for inodes in I_NEW state - KVM: VMX: fix halt emulation while emulating invalid guest sate - [armel/kirkwood] Enable PCIe port 1 on QNAP TS-11x/TS-21x - drivers/char/ipmi: memcpy, need additional 2 bytes to avoid memory overflow - ipmi: ipmi_devintf: compat_ioctl method fails to take ipmi_mutex - btrfs: don't stop searching after encountering the wrong item - TTY: Fix tty miss restart after we turn off flow-control - SUNRPC: Prevent an rpc_task wakeup race - fat: fix possible overflow for fat_clusters - mm: mmu_notifier: re-fix freed page still mapped in secondary MMU - mm compaction: fix of improper cache flush in migration code - mm/THP: use pmd_populate() to update the pmd with pgtable_t pointer - nilfs2: fix issue of nilfs_set_page_dirty() for page at EOF boundary - random: fix accounting race condition with lockless irq entropy_count update - mm/pagewalk.c: walk_page_range should avoid VM_PFNMAP areas - ipvs: ip_vs_sip_fill_param() BUG: bad check of return value - x86,efi: Check max_size only if it is non-zero. - x86,efi: Implement efi_no_storage_paranoia parameter - tcp: force a dst refcount when prequeue packet - packet: tpacket_v3: do not trigger bug() on wrong header status - macvlan: fix passthru mode race between dev removal and rx path - ipv6: do not clear pinet6 field * Input: MT: add tracking and frame synchronisation to core * Input: add support for Cypress PS/2 Trackpads, thanks to Apollon Oikonomopoulos * drm, agp: Update to 3.4.47: - drm/i915: restrict kernel address leak in debugfs - KMS: fix EDID detailed timing vsync parsing - KMS: fix EDID detailed timing frame rate - drm/radeon: add support for Richland APUs - drm/radeon/benchmark: make sure bo blit copy exists before using it - drm/i915: Don't clobber crtc->fb when queue_flip fails - drm/i915: Use the correct size of the GTT for placing the per-process entries - udl: handle EDID failure properly. - drm/i915: Add no-lvds quirk for Fujitsu Esprimo Q900 - drm/i915: Fall back to bit banging mode for DVO transmitter detection - drm/radeon: don't use get_engine_clock() on APUs - drm/radeon/dce6: add missing display reg for tiling setup - drm/radeon: properly lock disp in mc_stop/resume for evergreen+ - drm/radeon: disable the crtcs in mc_stop (evergreen+) (v2) - drm/radeon/evergreen+: don't enable HPD interrupts on eDP/LVDS - drm/radeon: fix endian bugs in atom_allocate_fb_scratch() - drm/radeon: fix possible segfault when parsing pm tables - drm/radeon: add new richland pci ids - drm/radeon: fix handling of v6 power tables - drm/radeon: Fix VRAM size calculation for VRAM >= 4GB - drm/radeon: check incoming cliprects pointer - drm/mm: fix dump table BUG * [rt] Update to 3.2.45-rt66: - rcutiny: Fix typo of using swake_up() instead of swait_wake() - tcp: force a dst refcount when prequeue packet - x86/mce: Defer mce wakeups to threads for PREEMPT_RT - swap: Use unique local lock name for swap_lock - sched: Add is_idle_task() to handle invalidated uses of idle_cpu() * debugfs: Document change of default mode * iwlwifi: Do not request firmware API version 6 for IWL6005/6205 * bug script: Remove broken sound functions * [i386/486] udeb: Add lxfb to fb-modules * [i386] cpufreq / Longhaul: Disable driver by default * iscsi-target: fix heap buffer overflow on error (CVE-2013-2850) * ath9k: Disable PowerSave by default * dlm: Do not allocate a fd for peeloff * nfsd4: Fix performance problem with RELEASE_LOCKOWNER - hash lockowners to simplify RELEASE_LOCKOWNER - maintain one seqid stream per (lockowner, file) * ipw2100,ipw2200: Fix order of device registration * udf: Fix handling of i_blocks * kbuild: Fix missing '\n' for NEW symbols in yes "" | make oldconfig >conf.new * [i386] udeb: Add viafb to fb-modules - [i386] udeb: Move i2c-algo-bit to i2c-modules and make fb-modules depend on it - viafb: Autoload on OLPC XO 1.5 only * cifs: fix potential buffer overrun when composing a new options string * ext3,ext4,nfsd: dir_index: Return 64-bit readdir cookies for NFSv3 and 4 uwsgi (1.2.3+dfsg-5+deb7u1) stable; urgency=low . * Add debian/patches/nagios-plugin-fix.patch - Fix the bug with nagios plugin failing to load due to missing struct object. (Closes: #715155) virtinst (0.600.1-3+deb7u1) wheezy-proposed-updates; urgency=low . [ Oliver Seufer ] * [868fe75] Rely on xen finding it's tools (Closes: #712563) . [ Guido Günther ] * [4a6b19e] virt-clone: Properly set image type. Thanks to Roy Meulekamp for sorting this out (Closes: #716672) wireshark (1.8.2-5wheezy6) wheezy-security; urgency=high . * security fixes from Wireshark 1.8.10: - NBAP dissector could crash. Discovered by Laurent Butti. (No assigned CVE number) - The RTPS dissector could overflow a buffer. Discovered by Ben Schmidt. (No assigned CVE number) - The LDAP dissector could crash. (No assigned CVE number) - The Netmon file parser could crash. Discovered by G. Geshev. wireshark (1.8.2-5wheezy5) wheezy-security; urgency=high . * security fixes from Wireshark 1.8.9: - The DVB-CI dissector could crash. Discovered by Laurent Butti. (CVE-2013-4930) - The GSM A Common dissector could crash. (CVE-2013-4932) - The Netmon file parser could crash. Discovered by G. Geshev. (CVE-2013-4933, CVE-2013-4934) - The ASN.1 PER dissector could crash. Discovered by Oliver-Tobias Ripka. (CVE-2013-4935) wireshark (1.8.2-5wheezy4) wheezy-security; urgency=high . * security fixes from Wireshark 1.8.8 (Closes: #711918): - The CAPWAP dissector could crash. Discovered by Laurent Butti. (CVE-2013-4074) - The GMR-1 BCCH dissector could crash. Discovered by Sylvain Munaut and Laurent Butti. (CVE-2013-4075) - The PPP dissector could crash. Discovered by Laurent Butti. (CVE-2013-4076) - The NBAP dissector could crash. (CVE-2013-4077) - The RDP dissector could crash. Discovered by Laurent Butti. (CVE-2013-4078) - The HTTP dissector could overrun the stack. (CVE-2013-4081) - The Ixia IxVeriWave file parser could overflow the heap. Discovered by Sachin Shinde. (CVE-2013-4082) - The DCP ETSI dissector could crash. (CVE-2013-4083) wireshark (1.8.2-5wheezy3) wheezy-security; urgency=high . * security fixes from Wireshark 1.8.7 (Closes: #709167): - The GTPv2 dissector could crash (CVE-2013-3555) - The ASN.1 BER dissector could crash (CVE-2013-3557) - The PPP CCP dissector could crash (CVE-2013-3558) - The DCP ETSI dissector could crash. Discovered by Evan Jensen. (CVE-2013-3559) - The MPEG DSM-CC dissector could crash. (CVE-2013-3560) - The Websocket dissector could crash. Discovered by Moshe Kaplan. (CVE-2013-3562) wordpress (3.5.2+dfsg-1~deb7u1) wheezy-security; urgency=low . * New upstream release with many security fixes. Closes: #713947 * Server-Side Request Forgery (SSRF) via the HTTP API. CVE-2013-2199. * Privilege Escalation: Contributors can publish posts, and users can reassign authorship. CVE-2013-2200. * Cross-Site Scripting (XSS) in SWFUpload. CVE-2013-2205. * Denial of Service (DoS) via Post Password Cookies. CVE-2013-2173. * Content Spoofing via Flash Applet in TinyMCE Media Plugin. CVE-2013-2204. * Cross-Site Scripting (XSS) when Uploading Media. CVE-2013-2201. * Full Path Disclosure (FPD) during File Upload. CVE-2013-2203. * Additional security hardening includes: * Cross-Site Scripting (XSS) (Low Severity) when Editing Media. CVE-2013-2201. * Cross-Site Scripting (XSS) (Low Severity) when Installing/Updating Plugins/Themes. CVE-2013-2201. * XML External Entity Injection (XXE) via oEmbed. CVE-2013-2202. * Update the Vcs-Git and Vcs-Browser URLs. * Update Standards-Version to 3.9.4. wordpress (3.5.2+dfsg-1~deb6u1) squeeze-security; urgency=high . * Non-maintainer upload by the Security Team. * Import wordpress from Jessie to fix all the security issues present in Squeeze. wv2 (0.4.2.dfsg.2-1~deb7u1) stable; urgency=low . * Repack to remove src/generator/generator_wword{6,8}.htm, which are based on documents from Microsoft. These two files were documented as removed in README.Debian, but actually still present. (Closes: #710470) wv2 (0.4.2.dfsg.2-1~deb6u1) squeeze; urgency=low . * Repack to remove src/generator/generator_wword{6,8}.htm, which are based on documents from Microsoft. These two files were documented as removed in README.Debian, but actually still present. (Closes: #710470) wv2 (0.4.2.dfsg.1-10) unstable; urgency=low . * Fix to use -I options from libgsf's pkg-config so libxml headers are found. (Closes: #707417) * Honour DEB_BUILD_OPTIONS nocheck in debian/rules. (Closes: #685920) * Fix double "-l" in output from wv2-config --libs. (LP: #1017413) xinetd (1:2.3.14-7.1+deb7u1) stable; urgency=high . * Fix CVE-2013-4342 making TCPMUX services change the uid. (Closes: #324678) * Set myself as maintainer. xml-security-c (1.6.1-5+deb7u2) stable-security; urgency=high . * The attempted fix to address CVE-2013-2154 introduced the possibility of a heap overflow, possibly leading to arbitrary code execution, in the processing of malformed XPointer expressions in the XML Signature Reference processing code. Apply upstream patch to fix that heap overflow. (Closes: #714241, CVE-2013-2210) xml-security-c (1.6.1-5+deb7u2~bpo60+1) squeeze-backports; urgency=high . * Backport to oldstable. * Revert the change to use multiarch and force a non-multiarch libdir. * Relax versioned dependency on libssl-dev to build on squeeze. . xml-security-c (1.6.1-5+deb7u2) stable-security; urgency=high . * The attempted fix to address CVE-2013-2154 introduced the possibility of a heap overflow, possibly leading to arbitrary code execution, in the processing of malformed XPointer expressions in the XML Signature Reference processing code. Apply upstream patch to fix that heap overflow. (Closes: #714241, CVE-2013-2210) xml-security-c (1.6.1-5+deb7u1) stable-security; urgency=high . * Apply upstream patch to fix a spoofing vulnerability that allows an attacker to reuse existing signatures with arbitrary content. (CVE-2013-2153) * Apply upstream patch to fix a stack overflow in the processing of malformed XPointer expressions in the XML Signature Reference processing code. (CVE-2013-2154) * Apply upstream patch to fix processing of the output length of an HMAC-based XML Signature that could cause a denial of service when processing specially chosen input. (CVE-2013-2155) * Apply upstream patch to fix a heap overflow in the processing of the PrefixList attribute optionally used in conjunction with Exclusive Canonicalization, potentially allowing arbitrary code execution. (CVE-2013-2156) xml-security-c (1.6.1-5+deb7u1~bpo60+1) squeeze-backports; urgency=high . * Backport to oldstable. * Revert the change to use multiarch and force a non-multiarch libdir. * Relax versioned dependency on libssl-dev to build on squeeze. . xml-security-c (1.6.1-5+deb7u1) stable-security; urgency=high . * Apply upstream patch to fix a spoofing vulnerability that allows an attacker to reuse existing signatures with arbitrary content. (CVE-2013-2153) * Apply upstream patch to fix a stack overflow in the processing of malformed XPointer expressions in the XML Signature Reference processing code. (CVE-2013-2154) * Apply upstream patch to fix processing of the output length of an HMAC-based XML Signature that could cause a denial of service when processing specially chosen input. (CVE-2013-2155) * Apply upstream patch to fix a heap overflow in the processing of the PrefixList attribute optionally used in conjunction with Exclusive Canonicalization, potentially allowing arbitrary code execution. (CVE-2013-2156) . xml-security-c (1.6.1-5) unstable; urgency=low . * Revert changes to add symbols file. Due to churn in weak symbols for inlined functions, it doesn't appear maintainanable with existing tools, and for this library the shlibs behavior seems sufficient. * Minor update to the format of the debian/copyright file. . xml-security-c (1.6.1-4) unstable; urgency=low . * Update symbols files for all non-i386 architectures currently built by the buildds except mipsel (which will hopefully be the same as mips). * Build-Depend on pkg-kde-tools and use its symbolhelper plugin so that the package can use the output of pkgkde-symbolshelper. . xml-security-c (1.6.1-3) unstable; urgency=low . * Also enable bindnow hardening build flags and use the correct syntax to add additional hardening flags. * Add symbols file constructed with pkgkde-symbolshelper. Add a README.source file with a pointer to the documentation. . xml-security-c (1.6.1-2) unstable; urgency=low . * Update to debhelper compatibility level V9. - Enable hardening build flags. (Closes: #656658) - Enable multiarch support. xmonad-contrib (0.10-4~deb7u1) stable; urgency=low . * debian/patches/escape-window-titles.patch: Escape dzen markup and remove xmobar tags from window titles by default. Fixes possible malicous code execution. Thanks to Raúl Benencia for noticing and Adam Vogt for fixing. CVE-2013-1436 ====================================== Sat, 15 Jun 2013 - Debian 7.1 released ====================================== alsa-base (1.0.25+3~deb7u1) stable; urgency=low . * Upload to proposed-updates. apt (0.9.7.9) stable; urgency=low . [ Ludovico Cavedon ] * properly handle if-modfied-since with libcurl/https (closes: #705648) . [ Andreas Beckman ] * apt-pkg/algorithms.cc: - Do not propagate negative scores from rdepends. Propagating the absolute value of a negative score may boost obsolete packages and keep them installed instead of installing their successors. (Closes: #699759) apt (0.9.7.9~exp3) experimental; urgency=low . [ Michael Vogt ] * apt-pkg/sourcelist.cc: - fix segfault when a hostname contains a [, thanks to Tzafrir Cohen (closes: #704653) * debian/control: - replace manpages-it (closes: #704723) . [ David Kalnischkies ] * various simple changes to fix cppcheck warnings * apt-pkg/pkgcachegen.cc: - do not store the MD5Sum for every description language variant as it will be the same for all so it can be shared to save cache space - handle language tags for descriptions are unique strings to be shared - factor version string creation out of NewDepends, so we can easily reuse version strings e.g. for implicit multi-arch dependencies - equal comparisions are used mostly in same-source relations, so use this to try to reuse some version strings - sort group and package names in the hashtable on insert - share version strings between same versions (of different architectures) to save some space and allow quick comparisions later on * apt-pkg/pkgcache.cc: - assume sorted hashtable entries for groups/packages * apt-pkg/cacheiterators.h: - provide DepIterator::IsSatisfied as a nicer shorthand for DepCheck * apt-pkg/deb/debversion.cc: - add a string-equal shortcut for equal version comparisions . [ Marc Deslauriers ] * make apt-ftparchive generate missing deb-src hashes (LP: #1078697) apt (0.9.7.9~exp2) experimental; urgency=low . [ Programs translations ] * Update all PO files and apt-all.pot * French translation completed (Christian Perrier) . [ Daniel Hartwig ] * cmdline/apt-get.cc: - do not have space between "-a" and option when cross building (closes: #703792) * test/integration/test-apt-get-download: - fix test now that #1098752 is fixed * po/{ca,cs,ru}.po: - fix merge artifact . [ David Kalnischkies ] * apt-pkg/indexcopy.cc: - rename RunGPGV to ExecGPGV and move it to apt-pkg/contrib/gpgv.cc * apt-pkg/contrib/gpgv.cc: - ExecGPGV is a method which should never return, so mark it as such and fix the inconsistency of returning in error cases - don't close stdout/stderr if it is also the statusfd - if ExecGPGV deals with a clear-signed file it will split this file into data and signatures, pass it to gpgv for verification - add method to open (maybe) clearsigned files transparently * apt-pkg/acquire-item.cc: - keep the last good InRelease file around just as we do it with Release.gpg in case the new one we download isn't good for us * apt-pkg/deb/debmetaindex.cc: - reenable InRelease by default * ftparchive/writer.cc, apt-pkg/deb/debindexfile.cc, apt-pkg/deb/deblistparser.cc: - use OpenMaybeClearSignedFile to be free from detecting and skipping clearsigning metadata in dsc and Release files . [ Michael Vogt ] * add regression test for CVE-2013-1051 * implement GPGSplit() based on the idea from Ansgar Burchardt (many thanks!) * methods/connect.cc: - use Errno() instead of strerror(), thanks to David Kalnischk * doc/apt.conf.5.xml: - document Acquire::ForceIPv{4,6} apt (0.9.7.9~exp1) experimental; urgency=low . [ Niels Thykier ] * test/libapt/assert.h, test/libapt/run-tests: - exit with status 1 on test failure . [ Daniel Hartwig ] * test/integration/framework: - continue after test failure but preserve exit status . [ Programs translation updates ] * Turkish (Mert Dirik). Closes: #703526 . [ Colin Watson ] * methods/connect.cc: - provide useful error message in case of EAI_SYSTEM (closes: #703603) . [ Michael Vogt ] * add new config options "Acquire::ForceIPv4" and "Acquire::ForceIPv6" to allow focing one or the other (closes: #611891) * lp:~mvo/apt/fix-tagfile-hash: - fix false positives in pkgTagSection.Exists(), thanks to Niels Thykier for the testcase (closes: #703240) - this will require rebuilds of the clients as this used to be a inline function assaultcube-data (1.1.0.4+repack1-2.1~deb7u1) wheezy; urgency=low . * Non-maintainer upload. * Rebuild for wheezy. . assaultcube-data (1.1.0.4+repack1-2.1) unstable; urgency=low . * Non-maintainer upload. * Fix "fails to upgrade from squeeze - trying to overwrite /usr/share/man/man6/assaultcube-server.6.gz": Add versioned Breaks/Replaces on assaultcube. Thanks to Andreas Beckmann for the bug report and patch. (Closes: #706764) base-files (7.1wheezy1) stable; urgency=low . * Changed /etc/debian_version to 7.1, for Debian 7.1 point release. * Dropped ".0" part from "7.0" in issue, issue.net and os-release, as wheezy is Debian 7, the point releases are 7.x, and we don't want to modify those files at every point release. brltty (4.4-10+deb7u1) wheezy; urgency=low . * As discussed in bug Bug#705599, synchronize with finish-install on the method to enable accessibility in the installed system when accessibility was enabled in the installer. * Also enable sound events at gdm banner. chromium-browser (27.0.1453.93-1~deb7u1) stable-security; urgency=high . * New stable release: - High CVE-2013-2837: Use-after-free in SVG. Credit to Sławomir Błażek. - Medium CVE-2013-2838: Out-of-bounds read in v8. Credit to Christian Holler. - High CVE-2013-2839: Bad cast in clipboard handling. Credit to Jon of MWR InfoSecurity. - High CVE-2013-2840: Use-after-free in media loader. Credit to Nils of MWR InfoSecurity. - High CVE-2013-2841: Use-after-free in Pepper resource handling. Credit to Chamal de Silva. - High CVE-2013-2842: Use-after-free in widget handling. Credit to Cyril Cattiaux. - High CVE-2013-2843: Use-after-free in speech handling. Credit to Khalil Zhani. - High CVE-2013-2844: Use-after-free in style resolution. Credit to Sachin Shinde (@cons0ul). - High CVE-2013-2845: Memory safety issues in Web Audio. Credit to Atte Kettunen of OUSPG. - High CVE-2013-2846: Use-after-free in media loader. Credit to Chamal de Silva. - High CVE-2013-2847: Use-after-free race condition with workers. Credit to Collin Payne. - Medium CVE-2013-2848: Possible data extraction with XSS Auditor. Credit to Egor Homakov. - Low CVE-2013-2849: Possible XSS with drag+drop or copy+paste. Credit to Mario Heiderich. clutter-gst (1.5.4-1+build0) wheezy; urgency=low . * Non-maintainer upload. * No-change sourceful upload to restore multiarch co-installability of libclutter-gst-1.0-0 by clearing binNMU state. cyrus-imapd-2.4 (2.4.16-4+deb7u1) wheezy; urgency=high . * Fix links in the README.Debian and UPGRADE.Debian (courtesy of Gijs Hillenius) * When piping data to while loop the subshell is created and variables are lost (Closes: #706862) cyrus-sasl2 (2.1.25.dfsg1-6+deb7u1) stable; urgency=low . * Fix heavy CPU usage in saslauthd (Closes: #708552) * Send LOGOUT before closing connection in auth_rimap (Closes: #708547) * Fix garbage in output buffer when using canonuser_plugin: ldapdb (Closes: #689346) debian-history (2.19~deb7u1) stable; urgency=low . * Rebuild for Wheezy debian-installer (20130613) wheezy; urgency=low . [ Samuel Thibault ] * Fix boot beep. . [ Cyril Brulebois ] * Enable proposed updates in debian/rules for the wheezy point releases. * Set DEBIAN_VERSION to just '7'. debian-installer-netboot-images (20130613) wheezy; urgency=low . * Update to 20130613 images, from wheezy-proposed-updates. debootstrap (1.0.48+deb7u1) wheezy; urgency=low . [ Joey Hess ] * Add support for jessie. Closes: #706788 dh-make-drupal (1.3-1+deb7u1) stable; urgency=low . * Drupal.org now requires requests to go over https. Thanks (again!) to Stefan Kangas for the patch. (Closes: #711010) distro-info-data (0.16~deb7u1) stable; urgency=low . * Debian wheezy released. Update squeeze EOL and jessie opening dates. * Add Ubuntu 13.10, Saucy Salamander. * Update EOL dates of Ubuntu 8.04 LTS, 10.04 LTS, and 11.10 to 2013-05-09. * Ubuntu 13.04 "Raring Ringtail" will only be supported for 9 months. distro-info-data (0.16~bpo70+1) wheezy-backports; urgency=low . * Rebuild for wheezy-backports. . distro-info-data (0.16) unstable; urgency=low . * Correct current Debian testing series from experimental to jessie. * Correct release date of Debian 7.0 "Wheezy". . distro-info-data (0.15) unstable; urgency=low . * Debian wheezy released. Update squeeze EOL. . distro-info-data (0.14) unstable; urgency=low . * Add Ubuntu 13.10, Saucy Salamander. Thanks Iain Lane. . distro-info-data (0.13) unstable; urgency=low . * Update EOL dates of Ubuntu 8.04 LTS, 10.04 LTS, and 11.10 to 2013-05-09. . distro-info-data (0.12) unstable; urgency=low . * Ubuntu 13.04 "Raring Ringtail" will only be supported for 9 month. * Switch to debhelper 9. * Bum Standards-Version to 3.9.4 (no changes needed). distro-info-data (0.15) unstable; urgency=low . * Debian wheezy released. Update squeeze EOL. distro-info-data (0.14) unstable; urgency=low . * Add Ubuntu 13.10, Saucy Salamander. Thanks Iain Lane. distro-info-data (0.13) unstable; urgency=low . * Update EOL dates of Ubuntu 8.04 LTS, 10.04 LTS, and 11.10 to 2013-05-09. distro-info-data (0.12) unstable; urgency=low . * Ubuntu 13.04 "Raring Ringtail" will only be supported for 9 month. * Switch to debhelper 9. * Bum Standards-Version to 3.9.4 (no changes needed). empathy (3.4.2.3-2+deb7u1) stable; urgency=low . * gbp.conf: set branch to debian-wheezy * Backport patch from upstream 3.8 branch to avoid a crash now that Google Talk vCards can contain a (read-only) field, which is not flagged as supported in telepathy-gabble. (Closes: #706900) freebsd-utils (9.0+ds1-11~deb7u1) stable; urgency=low . * Don't use --pidfile when starting/stopping daemons that don't create one: - Prevents trying to start nfsd, rpc.lockd, rpc.statd more than once (Closes: #700245) - Fixes a 30-second delay as each service is stopped (Closes: #700249) * Stop nfsd with the correct signal USR1, since it ignores TERM gcc-msp430 (4.6.3~mspgcc-20120406-3+deb7u2) stable; urgency=high . * Fix generation of wrong interrupt table for MSP430FR5xxx targets, resulting in security fuse blown (Closes: #706482) get-iplayer (2.82-2+deb7u1) stable; urgency=low . * bbc-swfurl.patch: Update SWF verification URL after changes by the BBC (Closes: #711538) gitg (0.2.4-1.1+deb7u1) stable; urgency=low . * Replaced incorrect "ftbfs" patch to fix run-time crashes and drag'n'drop functionality (Closes: #705886, #674001). gnome-settings-daemon (3.4.2+git20121218.7c1322-3+deb7u1) wheezy; urgency=low . [ Xiyue Deng ] * Backport from sid: - Disable "-Wl,-z,defs" on mipsel to fix segfault. (Closes: #629351) . [ Emilio Pozuelo Monfort ] * debian/patches/10_smaller_syndaemon_timeout.patch: + Update patch to not write out of the array bounds. Fixes a crash when the "Disable touchpad while typing" option is activated. Closes: #684998. gnutls26 (2.12.20-7) wheezy-security; urgency=high . * [36_sanitycheck.diff] from upstream GIT. - Fix out of bounds data access. Closes: #709301 gpsd (3.6-4+deb7u1) wheezy; urgency=low . * [818fb0a6] Fixing two security bugs in gpsd - one triggered by malformed NMEA packets, making gpsd crash - the other one is a possible DOS in the AIS parser, CVE-2013-2038 Thanks to Salvatore Bonaccorso (Closes: #706665) isc-dhcp (4.2.2.dfsg.1-5+deb70u6) stable-proposed-updates; urgency=medium . * Set --with-ldapcrypto to restore openssl support (closes: #692808). isc-dhcp (4.2.2.dfsg.1-5+deb70u5) testing-proposed-updates; urgency=medium . * Use patch instead of quilt for embedded bind patches. isc-dhcp (4.2.2.dfsg.1-5+deb70u4) testing-proposed-updates; urgency=high . * Fix cve-2013-2494: issues with regular expression handling in the embedded bind library (closes: #704426). isdnutils (1:3.25+dfsg1-3.3~deb7u1) wheezy; urgency=low . * Non-maintainer upload. * Rebuild for wheezy. keystone (2012.1.1-13+wheezy1) wheezy-proposed-updates; urgency=low . * CVE-2013-2059: Keystone tokens not immediately invalidated when user is deleted [OSSA 2013-011]. Added backported to Essex patch which I picked-up from Launchpad. Thanks to the Canonical security team (Closes: #707598). kfreebsd-9 (9.0-10+deb70.1) wheezy-security; urgency=high . * Upload for wheezy-security lapack (3.4.1+dfsg-1+deb70u1) stable; urgency=low . * recursive.patch: fix some routines which produce incorrect results in multithreaded environment. Thanks to Michael Banck for the fix (Closes: #693269) libdatetime-timezone-perl (1:1.58-1+2013c) stable-proposed-updates; urgency=low . * Update to version 2013c of the Olson database. libdmx (1:1.1.2-1+deb7u1) wheezy-security; urgency=high . * integer overflows calculating memory needs for replies [CVE-2013-1992] libfs (2:1.0.4-1+deb7u1) wheezy-security; urgency=high . * Sign extension issue and integer overflow in FSOpenServer() [CVE-2013-1996] libiodbc2 (3.52.7-2+deb7u1) stable; urgency=low . * Find odbc drivers in a system dir (e.g. /usr/lib/x86_64-linux-gnu/odbc/). This fixes usability and co-installability with multiarch odbc drivers, see #703047 for odbc-postgresql. libnss-myhostname (0.3-5~deb7u1) stable; urgency=low . * Ignore link-local addresses (Closes: #705900) libpam-mklocaluser (0.8~deb7u1) wheezy; urgency=low . * Rewrite runcmd() to work with Python on Wheezy (Closes: #706753). libquvi-scripts (0.4.15-1~deb7u1) wheezy; urgency=low . * Upload to wheezy. libquvi-scripts (0.4.14-1) unstable; urgency=low . * New upstream release. * debian/copyright: Update for new upstream release. libquvi-scripts (0.4.13-1) experimental; urgency=low . * New upstream release. libquvi-scripts (0.4.12-1) experimental; urgency=low . * New upstream release. * debian/copyright: Update for new upstream release. libquvi-scripts (0.4.11-1) experimental; urgency=low . * New upstream release. * debian/copyright: Update for new upstream release. libquvi-scripts (0.4.10-1) experimental; urgency=low . * New upstream release. * Fix d/watch to allow xz|gz|bz2. * Add new entry to d/copyright (share/lua/website/tapuz.lua). * Remove d/patches. Upstream author include patch. libreoffice (1:3.5.4+dfsg2-0+deb7u2) stable; urgency=low . * debian/rules: - work around possible failure install-common target with missing ca-XV .dirs/.install... (closes: #685723) - hack around broken "*" directory in debian/tmp/pkg on kfreebsd-* extremely slowing down the install target... libreoffice (1:3.5.4+dfsg2-0+deb7u1) stable; urgency=low . * src/17410483b5b5f267aa18b7e00b65e6e0-hsqldb_1_8_0.zip: remove lib/servlet.jar.. . * debian/patches/fix-view-option.diff: backport fix to fix --view from libreoffice-3-6 (closes: #697723) * debian/patches/odk-link-to-jdk-1.5-docs.diff: link to http://java.sun.com/j2se/1.5/docs/api instead of /1.4.1/ as the former doesn't exist anymore * debian/patches/oosplash-wait-for-ProcessingDone.diff: backport from 3.6; make oosplash wait for InternalIPC::ProcessingDone (closes: #681185) . * debian/control.in: - remove bogus | python3-uno dependency alternatives. Will properly be back with LO 4.0 which supports python3 libvirt (0.9.12-11+deb7u1) wheezy-proposed-updates; urgency=low . [ Guido Günther ] * [af660e5] Allow xen toolstack to find it's binaries. Thanks to George Dunlap for the patch. (Closes: #685749) . [ Luca Tettamanti ] * [90d8287] Fix leak in virStorageBackendLogicalMakeVol (Closes: #705205) libx11 (2:1.5.0-1+deb7u1) wheezy-security; urgency=high . * CVE-2013-1981: integer overflows calculating memory needs for replies * CVE-2013-1997: buffer overflows due to not validating length or offset values in replies * CVE-2013-2004: unbounded recursion parsing user-specified files (closes: #145048) libxcb (1.8.1-2+deb7u1) wheezy-security; urgency=high . * integer overflow in read_packet() [CVE-2013-2064] libxcursor (1:1.1.13-1+deb7u1) wheezy-security; urgency=high . * signedness bug & integer overflow in _XcursorFileHeaderCreate() [CVE-2013-2003] libxext (2:1.3.1-2+deb7u1) wheezy-security; urgency=high . * integer overflows calculating memory needs for replies [CVE-2013-1982] libxfixes (1:5.0-4+deb7u1) wheezy-security; urgency=high . * integer overflow in XFixesGetCursorImage() [CVE-2013-1983] libxi (2:1.6.1-1+deb7u1) wheezy-security; urgency=high . * integer overflows calculating memory needs for replies [CVE-2013-1984] * sign extension issue in XListInputDevices() [CVE-2013-1995] * buffer overflows due to not validating length or offset values in replies [CVE-2013-1998] libxinerama (2:1.1.2-1+deb7u1) wheezy-security; urgency=high . * integer overflow in XineramaQueryScreens() [CVE-2013-1985] libxp (1:1.0.1-2+deb7u1) wheezy-security; urgency=high . * integer overflows calculating memory needs for replies [CVE-2013-2062] libxrandr (2:1.3.2-2+deb7u1) wheezy-security; urgency=high . * integer overflows calculating memory needs for replies [CVE-2013-1986] libxrender (1:0.9.7-1+deb7u1) wheezy-security; urgency=high . * integer overflows calculating memory needs for replies [CVE-2013-1987] libxres (2:1.0.6-1+deb7u1) wheezy-security; urgency=high . * integer overflows calculating memory needs for replies [CVE-2013-1988] libxt (1:1.1.3-1+deb7u1) wheezy-security; urgency=high . * Unchecked return values of XGetWindowProperty [CVE-2013-2005] * unvalidated length in _XtResourceConfigurationEH [CVE-2013-2002] libxtst (2:1.2.1-1+deb7u1) wheezy-security; urgency=high . * integer overflow in XRecordGetContext() [CVE-2013-2063] libxv (2:1.0.7-1+deb7u1) wheezy-security; urgency=high . * integer overflows calculating memory needs for replies [CVE-2013-1989] * buffer overflow in XvQueryPortAttributes() [CVE-2013-2066] libxvmc (2:1.0.7-1+deb7u2) wheezy-security; urgency=high . * Fix regression in CVE-2013-1999 fix. Thanks to Dave Airlie and Al Viro. libxvmc (2:1.0.7-1+deb7u1) wheezy-security; urgency=high . * integer overflows calculating memory needs for replies [CVE-2013-1990] * Multiple unvalidated assumptions in XvMCGetDRInfo() [CVE-2013-1999] libxxf86dga (2:1.1.3-2+deb7u1) wheezy-security; urgency=high . * integer overflows calculating memory needs for replies [CVE-2013-1991] * buffer overflows due to not validating length or offset values in replies [CVE-2013-2000] libxxf86vm (1:1.1.2-1+deb7u1) wheezy-security; urgency=high . * When Xcalloc() returns NULL, you don't need to Xfree() it * Improve error handling in XF86VidModeGetMonitor() * Unlock display before returning alloc error in XF86VidModeGetModeLine(), XF86VidModeGetAllModeLines(), XF86VidModeGetDotClocks() * memory corruption in XF86VidModeGetGammaRamp() [CVE-2013-2001] * avoid integer overflow in XF86VidModeGetModeLine() linux (3.2.46-1) wheezy; urgency=low . * New upstream stable update: http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.42 - TTY: do not reset master's packet mode - l2tp: Restore socket refcount when sendmsg succeeds - tun: add a missing nf_reset() in tun_net_xmit() - netlabel: correctly list all the static label mappings - sctp: Use correct sideffect command in duplicate cookie handling - rtlwifi: rtl8192cu: Fix problem that prevents reassociation (Closes: #661860) - inet: limit length of fragment queue hash table bucket lists - sfc: Properly sync RX DMA buffer when it is not the last in the page - sfc: Fix efx_rx_buf_offset() in the presence of swiotlb - sfc: Only use TX push if a single descriptor is to be written - ext4: fix the wrong number of the allocated blocks in ext4_split_extent() - jbd2: fix use after free in jbd2_journal_dirty_metadata() - ext4: convert number of blocks to clusters properly - ext4: use atomic64_t for the per-flexbg free_clusters count - cifs: delay super block destruction until all cifsFileInfo objects are gone - USB: xhci: correctly enable interrupts (possibly fix for #703470) - [amd64] Fix the failure case in copy_user_handle_tail() - dm thin: fix discard corruption - USB: serial: fix interface refcounting - vfs,proc: guarantee unique inodes in /proc http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.43 - [armhf/mx5] ASoC: imx-ssi: Fix occasional AC97 reset failure - rtlwifi: usb: add missing freeing of skbuff - xen-blkback: fix dispatch_rw_block_io() error path - net/irda: add missing error path release_sock call - sysfs: fix race between readdir and lseek - sysfs: handle failure path correctly for readdir() - NFSv4.1: Fix a race in pNFS layoutcommit - usb: xhci: Fix TRB transfer length macro used for Event TRB. - nfsd4: reject "negative" acl lengths - Nest rename_lock inside vfsmount_lock - [x86] iommu/amd: Make sure dma_ops are set for hotplug devices - b43: A fix for DMA transmission sequence errors - reiserfs: Fix warning and inode leak when deleting inode with xattrs - virtio: console: add locking around c_ovq operations - mm: prevent mmap_cache race in find_vma() - ixgbe: fix registration order of driver and DCA nofitication - key: Fix resource leak - udf: Fix bitmap overflow on large filesystems with small block size - NFS: nfs_getaclargs.acl_len is a size_t - loop: prevent bdev freeing while device in use - sky2: Threshold for Pause Packet is set wrong - 8021q: fix a potential use-after-free - unix: fix a race condition in unix_release() - atl1e: drop pci-msi support because of packet corruption (possibly fixes: #577747) - ipv6: don't accept multicast traffic with scope 0 - ipv6: don't accept node local multicast traffic from the wire - pch_gbe: fix ip_summed checksum reporting on rx - HID: microsoft: do not use compound literal (fixes FTBFS on m68k) http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.44 - USB: serial: fix use-after-free in TIOCMIWAIT - hrtimer: Don't reinitialize a cpu_base lock on CPU_UP - crypto: gcm - fix assumption that assoc has one segment - sched_clock: Prevent 64bit inatomicity on 32bit systems - can: gw: use kmem_cache_free() instead of kfree() - spinlocks and preemption points need to be at least compiler barriers - [x86] mm, paravirt: Fix vmalloc_fault oops during lazy MMU updates - Btrfs: make sure nbytes are right after log replay - kobject: fix kset_find_obj() race with concurrent last kobject_put() - vfs: Revert spurious fix to spinning prevention in prune_icache_sb - ath9k_htc: accept 1.x firmware newer than 1.3 - [armel] Fix kexec by setting outer_cache.inv_all for Feroceon - hugetlbfs: add swap entry check in follow_hugetlb_page() - writeback: fix dirtied pages accounting on redirty - Btrfs: fix race between mmap writes and compression - mtd: Disable mtdchar mmap on MMU systems - fbcon: fix locking harder (Closes: #704933) - hfsplus: fix potential overflow in hfsplus_file_truncate() - sched: Convert BUG_ON()s in try_to_wake_up_local() to WARN_ON_ONCE()s http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.45 - [ia64] Wrong asm register contraints in the futex implementation (Closes: #702641) - [ia64] Wrong asm register contraints in the kvm implementation (Closes: #702639) - [ia64] Fix initialization of CMCI/CMCP interrupts - sysfs: fix use after free in case of concurrent read/write and readdir - nfsd: don't run get_file if nfs4_preprocess_stateid_op return error - ext4/jbd2: don't wait (forever) for stale tid caused by wraparound - jbd2: fix race between jbd2_journal_remove_checkpoint and ->j_commit_callback - hrtimer: Fix ktime_add_ns() overflow on 32bit architectures - nfsd4: don't close read-write opens too soon - wireless: regulatory: fix channel disabling race condition - iwlwifi: dvm: don't send zeroed LQ cmd - powerpc/spufs: Initialise inode->i_ino in spufs_new_inode() (possibly fixes: #707175) - clockevents: Set dummy handler on CPU_DEAD shutdown (Closes: #700333) - powerpc: Add isync to copy_and_flush - fs/fscache/stats.c: fix memory leak - md: bad block list should default to disabled. (fixes regression in 3.1) - inotify: invalid mask should return a error number but not set it (fixes regression in 3.2.40) - fs/dcache.c: add cond_resched() to shrink_dcache_parent() - perf: Fix error return code - [x86] perf: Fix offcore_rsp valid mask for SNB/IVB (CVE-2013-2146) - vm: Introduce and use vm_iomap_memory() helper function - atl1e: limit gso segment size to prevent generation of wrong ip length fields (Closes: #565404) - netfilter: don't reset nf_trace in nf_reset() - rtnetlink: Call nlmsg_parse() with correct header length - tcp: incoming connections might use wrong route under synflood - esp4: fix error return code in esp_output() - net: sctp: sctp_auth_key_put: use kzfree instead of kfree - netrom: fix info leak via msg_name in nr_recvmsg() - netrom: fix invalid use of sizeof in nr_recvmsg() - net: drop dst before queueing fragments - [sparc] sparc64: Fix race in TLB batch processing. - r8169: fix 8168evl frame padding. - ixgbe: add missing rtnl_lock in PM resume path - kernel/audit_tree.c: tree will leak memory when failure occurs in audit_trim_trees() - r8169: fix vlan tag read ordering. http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.46 - nfsd4: don't allow owner override on 4.1 CLAIM_FH opens - ext4: limit group search loop for non-extent files - iscsi-target: Fix processing of OOO commands - cifs: only set ops for inodes in I_NEW state - KVM: VMX: fix halt emulation while emulating invalid guest sate - [armel/kirkwood] Enable PCIe port 1 on QNAP TS-11x/TS-21x - drivers/char/ipmi: memcpy, need additional 2 bytes to avoid memory overflow - ipmi: ipmi_devintf: compat_ioctl method fails to take ipmi_mutex - btrfs: don't stop searching after encountering the wrong item - TTY: Fix tty miss restart after we turn off flow-control (Closes: #465823) - SUNRPC: Prevent an rpc_task wakeup race - fat: fix possible overflow for fat_clusters - mm: mmu_notifier: re-fix freed page still mapped in secondary MMU - mm compaction: fix of improper cache flush in migration code - mm/THP: use pmd_populate() to update the pmd with pgtable_t pointer - nilfs2: fix issue of nilfs_set_page_dirty() for page at EOF boundary - random: fix accounting race condition with lockless irq entropy_count update - mm/pagewalk.c: walk_page_range should avoid VM_PFNMAP areas - ipvs: ip_vs_sip_fill_param() BUG: bad check of return value - x86,efi: Check max_size only if it is non-zero. - x86,efi: Implement efi_no_storage_paranoia parameter - tcp: force a dst refcount when prequeue packet - packet: tpacket_v3: do not trigger bug() on wrong header status - macvlan: fix passthru mode race between dev removal and rx path - ipv6: do not clear pinet6 field . [ Ben Hutchings ] * Input: MT: add tracking and frame synchronisation to core * Input: add support for Cypress PS/2 Trackpads (Closes: #703607), thanks to Apollon Oikonomopoulos * drm, agp: Update to 3.4.47: - drm/i915: restrict kernel address leak in debugfs - KMS: fix EDID detailed timing vsync parsing - KMS: fix EDID detailed timing frame rate - drm/radeon: add support for Richland APUs - drm/radeon/benchmark: make sure bo blit copy exists before using it - drm/i915: Don't clobber crtc->fb when queue_flip fails - drm/i915: Use the correct size of the GTT for placing the per-process entries - udl: handle EDID failure properly. - drm/i915: Add no-lvds quirk for Fujitsu Esprimo Q900 - drm/i915: Fall back to bit banging mode for DVO transmitter detection - drm/radeon: don't use get_engine_clock() on APUs - drm/radeon/dce6: add missing display reg for tiling setup - drm/radeon: properly lock disp in mc_stop/resume for evergreen+ - drm/radeon: disable the crtcs in mc_stop (evergreen+) (v2) - drm/radeon/evergreen+: don't enable HPD interrupts on eDP/LVDS - drm/radeon: fix endian bugs in atom_allocate_fb_scratch() - drm/radeon: fix possible segfault when parsing pm tables - drm/radeon: add new richland pci ids - drm/radeon: fix handling of v6 power tables - drm/radeon: Fix VRAM size calculation for VRAM >= 4GB - drm/radeon: check incoming cliprects pointer - drm/mm: fix dump table BUG * [rt] Update to 3.2.45-rt66: - rcutiny: Fix typo of using swake_up() instead of swait_wake() - tcp: force a dst refcount when prequeue packet - x86/mce: Defer mce wakeups to threads for PREEMPT_RT - swap: Use unique local lock name for swap_lock - sched: Add is_idle_task() to handle invalidated uses of idle_cpu() * debugfs: Document change of default mode * iwlwifi: Do not request firmware API version 6 for IWL6005/6205 (Closes: #705655) * bug script: Remove broken sound functions (Closes: #705619) * [i386/486] udeb: Add lxfb to fb-modules (Closes: #705780) * [i386] cpufreq / Longhaul: Disable driver by default (Closes: #707047) * iscsi-target: fix heap buffer overflow on error (CVE-2013-2850) * ath9k: Disable PowerSave by default (Closes: #695968) * dlm: Do not allocate a fd for peeloff (Closes: #706010) * nfsd4: Fix performance problem with RELEASE_LOCKOWNER (Closes: #699361) - hash lockowners to simplify RELEASE_LOCKOWNER - maintain one seqid stream per (lockowner, file) * ipw2100,ipw2200: Fix order of device registration (Closes: #656813) * udf: Fix handling of i_blocks (Closes: #704269) * kbuild: Fix missing '\n' for NEW symbols in yes "" | make oldconfig >conf.new (Closes: #636029) * [i386] udeb: Add viafb to fb-modules (Closes: #705788) - [i386] udeb: Move i2c-algo-bit to i2c-modules and make fb-modules depend on it - viafb: Autoload on OLPC XO 1.5 only * cifs: fix potential buffer overrun when composing a new options string . [ Jonathan Nieder ] * ext3,ext4,nfsd: dir_index: Return 64-bit readdir cookies for NFSv3 and 4 (Closes: #685407) linux (3.2.41-2+deb7u2) wheezy-security; urgency=high . * s390/kvm: Ignore ABI changes, it should not be used OOT linux (3.2.41-2+deb7u2~bpo60+1) squeeze-backports; urgency=high . * Rebuild for squeeze: - Use gcc-4.4 for all architectures - Disable building of udebs - Change ABI number to 0.bpo.4 - Monkey-patch Python collections module to add OrderedDict if necessary - [armel] Disable CRYPTO_FIPS, VGA_ARB, FTRACE on iop32x and ixp4xx to reduce kernel size (as suggested by Arnaud Patard) - Use QUILT_PATCH_OPTS instead of missing quilt patch --fuzz option - Make build target depend on build-arch only, so we don't redundantly build documentation on each architecture . linux (3.2.41-2+deb7u2) wheezy-security; urgency=high . * s390/kvm: Ignore ABI changes, it should not be used OOT . linux (3.2.41-2+deb7u1) wheezy-security; urgency=high . [ dann frazier ] * perf: Treat attr.config as u64 in perf_swevent_init() (CVE-2013-2094) * TTY: fix timing leak with /dev/ptmx (CVE-2013-0160) * ext4: avoid hang when mounting non-journal filesystems with orphan list (CVE-2013-2015) * crypto: algif - suppress sending source address information in recvmsg (CVE-2013-3076) * atm: update msg_namelen in vcc_recvmsg() (CVE-2013-3222) * ax25: fix info leak via msg_name in ax25_recvmsg() (CVE-2013-3223) * Bluetooth: fix possible info leak in bt_sock_recvmsg() (CVE-2013-3224) * Bluetooth: RFCOMM - Fix missing msg_namelen update in rfcomm_sock_recvmsg() (CVE-2013-3225) * caif: Fix missing msg_namelen update in caif_seqpkt_recvmsg() (CVE-2013-3227) * irda: Fix missing msg_namelen update in irda_recvmsg_dgram() (CVE-2013-3228) * iucv: Fix missing msg_namelen update in iucv_sock_recvmsg() (CVE-2013-3229) * llc: Fix missing msg_namelen update in llc_ui_recvmsg() (CVE-2013-3231) * rose: fix info leak via msg_name in rose_recvmsg() (CVE-2013-3234) * tipc: fix info leaks via msg_name in recv_msg/recv_stream (CVE-2013-3235) * tracing: Fix possible NULL pointer dereferences (CVE-2013-3301) . [ Ben Hutchings ] * [x86] KVM: Allow cross page reads and writes from cached translations. (fixes regression in fix for CVE-2013-1796) * net: fix incorrect credentials passing (CVE-2013-1979) * tg3: fix length overflow in VPD firmware parsing (CVE-2013-1929) * kernel/signal.c: stop info leak via the tkill and the tgkill syscalls linux (3.2.41-2+deb7u1) wheezy-security; urgency=high . [ dann frazier ] * perf: Treat attr.config as u64 in perf_swevent_init() (CVE-2013-2094) * TTY: fix timing leak with /dev/ptmx (CVE-2013-0160) * ext4: avoid hang when mounting non-journal filesystems with orphan list (CVE-2013-2015) * crypto: algif - suppress sending source address information in recvmsg (CVE-2013-3076) * atm: update msg_namelen in vcc_recvmsg() (CVE-2013-3222) * ax25: fix info leak via msg_name in ax25_recvmsg() (CVE-2013-3223) * Bluetooth: fix possible info leak in bt_sock_recvmsg() (CVE-2013-3224) * Bluetooth: RFCOMM - Fix missing msg_namelen update in rfcomm_sock_recvmsg() (CVE-2013-3225) * caif: Fix missing msg_namelen update in caif_seqpkt_recvmsg() (CVE-2013-3227) * irda: Fix missing msg_namelen update in irda_recvmsg_dgram() (CVE-2013-3228) * iucv: Fix missing msg_namelen update in iucv_sock_recvmsg() (CVE-2013-3229) * llc: Fix missing msg_namelen update in llc_ui_recvmsg() (CVE-2013-3231) * rose: fix info leak via msg_name in rose_recvmsg() (CVE-2013-3234) * tipc: fix info leaks via msg_name in recv_msg/recv_stream (CVE-2013-3235) * tracing: Fix possible NULL pointer dereferences (CVE-2013-3301) . [ Ben Hutchings ] * [x86] KVM: Allow cross page reads and writes from cached translations. (fixes regression in fix for CVE-2013-1796) * net: fix incorrect credentials passing (CVE-2013-1979) * tg3: fix length overflow in VPD firmware parsing (CVE-2013-1929) * kernel/signal.c: stop info leak via the tkill and the tgkill syscalls lsb (4.1+Debian8+deb7u1) stable; urgency=low . * Fix lsb_release to correctly work with stable release updates incrementing the second digit from Wheezy on. (Closes: #711174) * Add jessie to the release codenames lookup table mesa (8.0.5-4+deb7u1) wheezy-security; urgency=high . * integer overflows calculating memory needs for replies [CVE-2013-1993] modsecurity-apache (2.6.6-6+deb7u1) wheezy; urgency=low . * Applied upstream patch to fix NULL pointer dereference. CVE-2013-2765. (Closes: #710217) mozc (1.5.1090.102-4+deb7u1) stable; urgency=low . * Fix connect error to mozc-server if it is root using uim-mozc. Add patches/fix-root-issue-at-uim.patch. (Closes: #708608) * Update debian/rules. Fix install path of mo file for fcitx-mozc. (Closes: #705573 ) * Update debian/control. Add mozc-data to tegaki-zinnia-japanese to Depends of fcitx-mozc. Add mozc-utils-gui to Recommends of fcitx-mozc. (Closes: #705572) * Remove debian/fcitx-mozc.install. This became unnecessary by other fixes. munin (2.0.6-4+deb7u1) wheezy; urgency=low . * master: - on limit checks, if one of the two values is 'U', make the final value 'U' as well. Cherry-picked 9d84cb3 as 764006e. (Closes: #711201) - fix limit for ABSOLUTE checks too. Cherry-picked 334b691 as 1e44056. - add ":" to the allowed chars in CGI. Cherry-picked 456e117 as 7d3cb5f. (Closes: #710527) - fixes for munin-cgi-graph crashes in trend and predict. Cherry-picked f325fd6 as 5cb74ba. * plugins/df: ignore devtmpfs. Cherry picked from 2.0.16-2. (Closes: #710899) * asyncd: use the same rules as munin-update. Cherry-picked d4ba06b as 87975d0. (Closes: #710529) mysql-5.5 (5.5.31+dfsg-0+wheezy1) stable-security; urgency=high . * New upstream release. SECURITY UPDATE: CVE-2013-2375 CVE-2013-1544 CVE-2013-1532 CVE-2013-2389 CVE-2013-2392 CVE-2013-2376 CVE-2013-1511 CVE-2013-2391 CVE-2013-1502 - Patches refreshed. - d/p/yassl.patch - dropped, applied upstream - d/p/debian-mdev382-fixup.patch: dropped, fixed upstream. * d/control: Updating Vcs-* fields to point at wheezy branch. nbd (1:3.2-4~deb7u3) stable; urgency=low . * Clean build directory of unnecessary cruft, and rebuild. Oops. nbd (1:3.2-4~deb7u2) stable; urgency=low . * Remove superfluous 'ulimit -c' calls from simple_test script, so that things will build on buildd machines that have hard limits set for those things, like the mips{,el} buildds. nbd (1:3.2-4~deb7u1) stable; urgency=low . * Re-upload to Wheezy. . nbd (1:3.2-4) unstable; urgency=low . * Unbreak 'nbd-client -l' behaviour; patch by Rogier . Closes: #699374. Why oh why did I forget that with the previous upload? Oh well. . nbd (1:3.2-3) unstable; urgency=low . * Fix handling of NBD_NAME variable in nbd-client initscript. Patch by Rogier . Closes: #699372. * Steal stability fixes from git head: - fix for handling of zero-sized read request - fix for integer output format string - fix for 64-bit offset wrapover. - remove double cast which results in data loss * Change Standards-Version: to 3.9.4. The only change relevant to nbd is the /run transition, but as we were already compliant with that since 1:2.9.23-3, nothing relevant is left. nbd (1:3.2-3) unstable; urgency=low . * Fix handling of NBD_NAME variable in nbd-client initscript. Patch by Rogier . Closes: #699372. * Steal stability fixes from git head: - fix for handling of zero-sized read request - fix for integer output format string - fix for 64-bit offset wrapover. - remove double cast which results in data loss * Change Standards-Version: to 3.9.4. The only change relevant to nbd is the /run transition, but as we were already compliant with that since 1:2.9.23-3, nothing relevant is left. nfs-utils (1:1.2.6-4) stable; urgency=low . * mountd: auth_unix_ip should downcall on error to prevent hangs (Closes: #682709). * Avoid DNS reverse resolution fixes CVE-2013-1923 (Closes: #707401). * Set default domain (Closes: #675188). * Fix getopt handling for -R option (Closes: #707720). nvidia-graphics-drivers (304.88-1+deb7u1) wheezy; urgency=low . * Update lintian overrides. * libcuda1: Add missing Depends: nvidia-support. Postinst may fail if nvidia-support is unpacked, but not configured. (Closes: #675430) octave (3.6.2-5+deb7u1) stable; urgency=low . * rcond.patch: new patch taken from upstream, fixes rcond function openblas (0.1.1-6+deb7u2) stable; urgency=low . * power7.patch: new patch, fixes FTBFS on powerpc machines with Power7 arch openblas (0.1.1-6+deb7u1) stable; urgency=low . * sgemv_uninitialized_buffer.diff: new patch taken from upstream, ensures that vectorized sgemv does not use uninitialized data (Closes: #696000) * dot_uninitialized_buffer.diff: new patch taken from upstream, ensures that vectorized dot does not use uninitialized data * gemv_crash_big_data.diff: new patch taken from upstream, fixes crashes of gemv on big input data (Closes: #697231) * 32bit_athlon.diff: new patch taken from upstream, fixes crashes on 32-bit Athlon CPUs (Closes: #697233) openvpn (2.2.1-8+deb7u1) wheezy; urgency=low . * Applied upstream patch to fix use of non-constant-time memcmp in HMAC comparison. CVE-2013-2061. (Closes: #707329) otrs2 (3.1.7+dfsg1-8+deb7u1) stable-security; urgency=high . * Add patch 32-CVE-2013-3551 which fixes CVE-2013-3551, also known as OSA-2013-03: An attacker with a valid agent login could manipulate URLs in the ticket split mechanism to see contents of tickets and they are not permitted to see. pcsc-lite (1.8.4-1+deb7u1) wheezy; urgency=low . * Fix "failed upgrade squeeze -> wheezy" by removing addgroup call (Closes: #707756) The pcscd group was instroduced in pcsc-lite 1.6.0 no more used since pcsc-lite 1.8.0 * Correctly check systemd is running (backport from change in 1.8.8-3) * debian/patches/{readerfactory,winscard_clnt}: two important fixes from upstream newer versions. php5 (5.4.4-14+deb7u2) stable; urgency=low . * Fix $_SERVER[REQUEST_TIME] in filter SAPI (Closes: #709023) * Make the Breaks on php5-suhosin versioned to allow suhosin backports when there's a new upstream version (Acked by suhosin maintainer) php5 (5.4.4-14+deb7u1) stable; urgency=low . * Pull upstream fix for FPM drops connection while receiving some binary values in FastCGI requests (Closes: #703056) * Fix crash in garbage collection (patch courtesy of Michal Cihar) (Closes: #706082) * Update libmagic detection of MS Office documents (Closes: #703504) * Fix mssql connector to work with Azure SQL (Closes: #702079) * [CVE-2013-1824]: CVE-2013-1643 was incomplete fix; this pulls full upstream patch (5.4.4-14 already had all the relevant security parts) pristine-tar (1.25+deb7u1) wheezy; urgency=low . * Non-maintainer upload with maintainer approval. * pristine-xz: Update list of allowed parameters for wheezy to support files created with newer versions (in jessie and sid). Closes: #707820 profnet (1.0.21-1+wheezy1) stable-proposed-updates; urgency=low . * Fixed Fortran runtime error (Actual string length is shorter than the declared one for dummy argument) in profnet-isis with a new quilt patch. (Closes: #707874) * Fixed Debian build issue: now builds twice in a row. psqlodbc (1:09.01.0100-1+deb7u1) stable; urgency=low . * Versioned Breaks: libiodbc2 (<= 3.52.7-2), it is multiarch-aware now. (Fixes co-installability with KDE, Closes: #703047.) * Move packaging to git.debian.org. py3dns (3.0.2-1+deb7u1) wheezy; urgency=low . * Revert AAAA query result type change and return raw bytes instead of string (LP: #1184367) readline5 (5.2+dfsg-2~deb7u1) wheezy; urgency=low . * QA upload. * Rebuild for wheezy. (Closes: #670028) request-tracker4 (4.0.7-5+deb7u2) wheezy-security; urgency=high . * Correct dbconfig upgrade script versioning * Add logging fix for previous security fix patchset . request-tracker4 (4.0.7-5+deb7u1) wheezy-security; urgency=high . * Multiple security fixes for: - Privileged user escalation (CVE-2012-4733) - Semi-predictable temporary file names (CVE-2013-3368) - Arbitrary Mason component execution (CVE-2013-3369) - Direct execution of private callback components (CVE-2013-3370) - XSS via attachment filenames and URLs in messages (CVE-2013-3371) - XSS via Content-Disposition header (CVE-2013-3372) - MIME header injection (CVE-2013-3373) - Limited session reuse when using Apache::Session::File (CVE-2013-3374) * Include database upgrade (dbconfig-common and NEWS) request-tracker4 (4.0.7-5+deb7u2~bpo60+1) squeeze-backports; urgency=high . * Rebuild for squeeze-backports. * Drop versioned depends on liburi-perl as it's not available in squeeze (and libplack-perl in bpo depends on an earlier version); this means that upstream #18104 (missing tickets in dashboard emails) is still unfixed * Drop versioned depends on libipc-run-perl as it's not available in at the required version in squeeze-bpo; this means that upstream #19802 (drawing graphs of relationships with UTF-8 strings) is still unfixed . request-tracker4 (4.0.7-5+deb7u2) wheezy-security; urgency=high . * Correct dbconfig upgrade script versioning * Add logging fix for previous security fix patchset . request-tracker4 (4.0.7-5+deb7u1) wheezy-security; urgency=high . * Multiple security fixes for: - Privileged user escalation (CVE-2012-4733) - Semi-predictable temporary file names (CVE-2013-3368) - Arbitrary Mason component execution (CVE-2013-3369) - Direct execution of private callback components (CVE-2013-3370) - XSS via attachment filenames and URLs in messages (CVE-2013-3371) - XSS via Content-Disposition header (CVE-2013-3372) - MIME header injection (CVE-2013-3373) - Limited session reuse when using Apache::Session::File (CVE-2013-3374) * Include database upgrade (dbconfig-common and NEWS) rhash (1.2.9-8+deb7u1) stable; urgency=medium . * Backported two critical bug fixes from RHash 1.2.10 - fix incorrect SHA-512 for messages of certain size - fix incorrect GOST hash on non-x86/amd64 CPUs ruby-tmail (1.2.7.1-3+deb7u1) stable; urgency=low . * Add debian/patches/0004-fix-parsing-of-unquoted-attachment-filenames.patch: restore proper parsing of unquoted attachment filenames. (Closes: #706117) schleuder (2.2.1-2+deb7u1) stable; urgency=low . * Update feature-switch-to-gpgme-2.patch to fix -sendkey. (Closes: #705865) * Update patches to fix issues with plugin directories with the default configuration. (Closes: #705876) * Cherry-pick two upstream patches to fix member listing in 'manage members' plugin. (Closes: #705877) sl-modem (2.9.11~20110321-8+deb7u1) wheezy; urgency=low . [ Andreas Beckmann ] * Non-maintainer upload with maintainer approval. . [ ﺄﺤﻣﺩ ﺎﻠﻤﺤﻣﻭﺪﻳ (Ahmed El-Mahmoudy) ] * debian/sl-modem-source.prerm: Add dummy empty prerm script to work around upgrade failures from squeeze. Thanks to Andreas Beckmann (Closes: #707821) * debian/sl-modem-source.lintian-overrides: Added lintian override for sl-modem-source's dummy empty prerm script smcroute (0.95-1+deb7u1) stable; urgency=low . * Fix a NULL pointer dereferencing in interface vector initialization (closes: #707793, LP: #1043688). spip (2.1.17-1+deb7u1) wheezy-security; urgency=high . * Update security screen to 1.1.7, prevent abusive inscription. * Backport patch from 2.1.21: - fix privilege escalation (Closes: #709674). subversion (1.6.17dfsg-4+deb7u3) wheezy-security; urgency=high . * Non-maintainer upload by the Security Team. * Add CVE-2013-1968.patch patch. CVE-2013-1968: Subversion FSFS repositories can be corrupted by newline characters in filenames. (Closes: #711033) * Add CVE-2013-2112.patch patch. CVE-2013-2112: Fix remotely triggerable DoS vulnerability. (Closes: #711033) systemtap (1.7-1+deb7u1) stable; urgency=low . * Backport upstream commit c5f7c84bf1dcc515 (PR14245: support /sys/kernel/debug mounted 0700) to cope with new debugfs permissions introduced by linux 3.2.29-1 (Closes: #706817): - PR14245-support-sys-kernel-debug-mounted-0700.patch tasksel (3.14.1) stable; urgency=low . * Fix broken test for non-desktop systems which caused the ssh server task to be selected by default on systems with a desktop. telepathy-gabble (0.16.5-1+deb7u1) wheezy-security; urgency=high . * CVE-2013-1431: respect the require-encryption flag on legacy Jabber servers. This flag is on by default: to connect to legacy Jabber servers, either disable "Encryption required (TLS/SSL)" or enable "Use old SSL". tzdata (2013c-0wheezy1) stable; urgency=low . * New upstream version. tzdata (2013c-0squeeze1) oldstable; urgency=low . * New upstream version. user-mode-linux (3.2-2um-1+deb7u1) wheezy-security; urgency=high . * Rebuild against linux-source-3.2 (3.2.41-2+deb7u2): * perf: Treat attr.config as u64 in perf_swevent_init() (CVE-2013-2094) * TTY: fix timing leak with /dev/ptmx (CVE-2013-0160) * ext4: avoid hang when mounting non-journal filesystems with orphan list (CVE-2013-2015) * crypto: algif - suppress sending source address information in recvmsg (CVE-2013-3076) * atm: update msg_namelen in vcc_recvmsg() (CVE-2013-3222) * ax25: fix info leak via msg_name in ax25_recvmsg() (CVE-2013-3223) * Bluetooth: fix possible info leak in bt_sock_recvmsg() (CVE-2013-3224) * Bluetooth: RFCOMM - Fix missing msg_namelen update in rfcomm_sock_recvmsg() (CVE-2013-3225) * caif: Fix missing msg_namelen update in caif_seqpkt_recvmsg() (CVE-2013-3227) * irda: Fix missing msg_namelen update in irda_recvmsg_dgram() (CVE-2013-3228) * iucv: Fix missing msg_namelen update in iucv_sock_recvmsg() (CVE-2013-3229) * llc: Fix missing msg_namelen update in llc_ui_recvmsg() (CVE-2013-3231) * rose: fix info leak via msg_name in rose_recvmsg() (CVE-2013-3234) * tipc: fix info leaks via msg_name in recv_msg/recv_stream (CVE-2013-3235) * tracing: Fix possible NULL pointer dereferences (CVE-2013-3301) * [x86] KVM: Allow cross page reads and writes from cached translations. (fixes regression in fix for CVE-2013-1796) * net: fix incorrect credentials passing (CVE-2013-1979) * tg3: fix length overflow in VPD firmware parsing (CVE-2013-1929) * kernel/signal.c: stop info leak via the tkill and the tgkill syscalls wdm (1.28-13+deb7u1) stable; urgency=low . * QA upload. * wdm.pam: Ignore pam_selinux.so failures when the module does not exist (e.g. on architectures without SE Linux support like non-linux) instead of requiring it. Thanks Laurent Bigonville for bug report and proposed change (Closes: #707231). win32-loader (0.7.4.7+deb7u1) stable; urgency=low . * Post-Wheezy release rebuild to update the embedded dependencies. xen (4.1.4-3+deb7u1) wheezy-security; urgency=high . * Non-maintainer upload by the Security Team. . [ Bastian Blank ] * Make several long runing operations preemptible. CVE-2013-1918 * Fix source validation for VT-d interrupt remapping. CVE-2013-1952 xorg (1:7.7+3~deb7u1) wheezy; urgency=low . * Reupload to stable. . xorg (1:7.7+3) unstable; urgency=low . * Add xserver-xorg-input-vmmouse to -all on i386 and amd64 (closes: #705637). Thanks, Jakob Bornecrantz! xserver-xorg-video-openchrome (1:0.2.906-2+deb7u1) wheezy-security; urgency=high . * integer overflows calculating memory needs for replies [CVE-2013-1994] ========================================= Sat, 04 May 2013 - Debian 7.0 released =========================================