ia32-libs update for lenny
Hi,
I've prepared an ia32-libs update for lenny and Frederik Schueler will
sponsor the upload soon. The upload brings ia32-libs back in sync with
the packages contained in stable, stable security and
stable-proposed-updates. The only other change to the binaries is fixing
a broken symlink so ia32-libs works on ia64 at all (#563402).
As you can see below there are quite a number of bugs and security bugs
fixed by this upload. The upload contains updates from the following
packages:
Source 2.7 2.7+lenny1
----------------------------------------------------------------------
attr 2.4.43-1 2.4.43-2
audiofile 0.2.6-7 0.2.6-7+lenny1
cairo 1.6.4-6 1.6.4-7
cups 1.3.8-1 1.3.8-1+lenny7
cyrus-sasl2 2.1.22.dfsg1-21 2.1.22.dfsg1-23+lenny1
dbus 1.2.1-3 1.2.1-5+lenny1
directfb 1.0.1-9 1.0.1-11
e2fsprogs 1.41.0-3 1.41.3-1
expat 2.0.1-4 2.0.1-4+lenny3
fontconfig 2.6.0-1 2.6.0-3
freetype 2.3.7-2 2.3.7-2+lenny1
gcc-4.3 4.3.1-9 4.3 4.3.2-1.1
glibc 2.7-13 2.7-18lenny2
gnutls26 2.4.1-1 2.4.2-6+lenny2
hal 0.5.11-3 0.5.11-8
isdnutils 3.9.20060704-3.4 3.9.20060704-3.6
jack-audio-connection-kit 0.109.2-3 0.109.2-5
keyutils 1.2-7 1.2-9
krb5 1.6.dfsg.4~beta1-4 1.6.dfsg.4~beta1-5lenny2
lcms 1.17.dfsg-1 1.17.dfsg-1+lenny2
libaio 0.3.106-8 0.3.107-3
libdrm 2.3.1-1 2.3.1-2
libnss-ldap 261-2 261-2.1
libpam-ldap 184-4.1 184-4.2
libpng 1.2.27-1 1.2.27-2+lenny2
libselinux 2.0.65-4 2.0.65-5
libtool 1.5.26-4 1.5.26-4+lenny1
libusb 0.1.12-12 0.1.12-13
libwmf 0.2.8.4-6 0.2.8.4-6+lenny1
libx11 1.1.4-2 1.1.5-2
libxcb 1.1-1.1 1.1-1.2
libxi 1.1.3-1 1.1.4-1
libxml2 2.6.32.dfsg-3 2.6.32.dfsg-5+lenny1
mesa 7.0.3-5 7.0.3-7
nas 1.9.1-4 1.9.1-5
ncurses 5.6+20080804-1 5.7+20081213-1
openldap 2.4.10-3 2.4.11-1+lenny1
openssl 0.9.8g-13 0.9.8g-15+lenny6
pam 1.0.1-4 1.0.1-5+lenny1
pulseaudio 0.9.10-2 0.9.10-3+lenny1
sane-backends 1.0.19-17 1.0.19-23
tiff 3.8.2-11 3.8.2-11.2
xorg 7.3+15 7.3+20
The other packages in ia32-libs remain unchanged.
MfG
Goswin
--
----------------------------------------------------------------------
Format: 1.8
Date: Tue, 26 Jan 2010 12:05:22 +0100
Source: ia32-libs
Binary: ia32-libs ia32-libs-dev lib32gcc1
Architecture: source amd64
Version: 2.7+lenny1
Distribution: stable
Urgency: low
Maintainer: Debian ia32-libs Team <pkg-ia32-libs-maintainers@lists.alioth.debian.org>
Changed-By: Goswin von Brederlow <goswin-v-b@web.de>
Description:
ia32-libs - ia32 shared libraries for use on amd64 and ia64 systems
ia32-libs-dev - ia32 development libraries and headers for use on ia32/ia64 syste
lib32gcc1 - GCC support library (ia32)
Closes: 563402
Changes:
ia32-libs (2.7+lenny1) stable; urgency=low
.
[ Goswin von Brederlow ]
* Update to match versions in lenny + security + proposed-updates.
* Fix ld-linux.so.2 link for ia64. (Closes: #563402)
* Add misc depends for debhelper.
* Add lots of lintian overrides where nothing can be done about them.
* Bump debhelper compat to 5.
* Bump minimum libc6-i386 dependency to 2.7-18lenny1.
.
* Incudes security fixes for:
CVE-2008-3529 CVE-2008-3639 CVE-2008-3640 CVE-2008-3641 CVE-2008-3834
CVE-2008-3964 CVE-2008-4225 CVE-2008-4226 CVE-2008-4311 CVE-2008-4311
CVE-2008-4989 CVE-2008-5077 CVE-2008-5286 CVE-2008-5824 CVE-2008-5907
CVE-2009-0040 CVE-2009-0163 CVE-2009-0581 CVE-2009-0590 CVE-2009-0688
CVE-2009-0723 CVE-2009-0733 CVE-2009-0844 CVE-2009-0845 CVE-2009-0846
CVE-2009-0847 CVE-2009-0887 CVE-2009-0946 CVE-2009-1189 CVE-2009-1364
CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1894
CVE-2009-2285 CVE-2009-2347 CVE-2009-2347 CVE-2009-2409 CVE-2009-2414
CVE-2009-2625 CVE-2009-2730 CVE-2009-2820 CVE-2009-3560 CVE-2009-3560
CVE-2009-3720 CVE-2009-3736 CVE-2009-4212 CVE-2009-4355 CVE-2010-0015
STR #2911 STR #2974 STR #2918 STR #2919 STR #2966
GNUTLS-SA-2008-3 GNUTLS-SA-2009-4
MIT-KRB5-SA-2009-004 MITKRB5-SA-2009-0001 MITKRB5-SA-2009-002
.
* Includes bugfixes for:
248172 295173 313697 319554 368560 394068 401092 401296 429739
450017 458306 468793 470121 475270 479952 482186 484180 484877
484962 486036 487211 487635 488812 489045 489268 491066 491270
491292 491620 491766 491770 492555 492775 492778 492894 493004
493216 493568 493745 493751 493899 494156 494168 494468 495007
495069 495620 495815 495830 496249 496322 496466 496716 496833
497010 497162 497314 497315 497369 497463 497515 497619 498010
498054 498100 498101 498102 498103 498132 498410 498435 498465
498478 498768 499086 499202 499366 499560 499662 500055 500103
500369 500437 500533 500669 500916 500973 501004 501109 501310
501443 501662 502140 502177 502260 502408 502620 502675 502686
502693 502760 502782 502825 502840 502884 503179 503182 503197
503532 503736 504126 504745 504766 504820 505279 505969 505970
506111 506702 506713 506717 506750 507183 507563 507633 508032
509593 510205 510371 510379 510380 510382 510389 510412 510423
510608 510617 510639 510673 510699 510701 510707 512665 514017
514735 514807 516256 516945 520115 524925 526434 532720 535624
539899 541439 541735 550625 551936 553432 559797 560901 561658
562381
.
[ attr (1:2.4.43-2) unstable; urgency=high ]
.
* Remove --enable-lib64=yes in Makefile (#514017)
.
[ audiofile (0.2.6-7+lenny1) stable-security; urgency=high ]
.
* Non-maintainer upload by the Security Team.
* CVE-2008-5824: Fix buffer overflow when decompressing MS ADPCM .wav
files (#510205).
.
[ cairo (1.6.4-7) unstable; urgency=low ]
.
* ACK NMU, thanks Joss.
* debian/patches/03_buggy-repeat.dpatch:
+ Patch from the Mozilla team to work around a bug in
some buggy X video drivers that cause incorrect image
rendering (#495620 and many duplicates).
.
[ cairo (1.6.4-6.1) unstable; urgency=low ]
.
* Non-maintainer upload.
* Remove the rpath stuff in /usr/lib/libcairo-directdb and only keep
it around for compatibility. #499662.
+ Remove the rpath hack in the .pc file.
+ Make the libcairo-directfb2{,dev} packages dummy, only keeping
symbolic links from the former locations.
+ libcairo-directfb2-dev.postinst: do the symbolic link dance upon
upgrade.
+ Update package descriptions accordingly.
+ libcairo2.symbols: add cairo_directfb_surface_create.
+ libcairo2-dev conflicts with libcairo-directfb2-dev
(<< 1.6.4-6.1).
* rules: completely cleanup the .la files from their dependency libs.
#491292.
* Add ~ to symbol versions to make backports possible.
* Fix doc-base section.
* Standards version is 3.8.0.
.
[ cups (1.3.8-1+lenny7) stable-security; urgency=high ]
.
* Non-maintainer upload by the security team
* Fix several XSS issues in the CUPS admin web interface
Fixes: CVE-2009-2820
Thanks to Aaron Sigel and Marc Deslauriers
.
[ cups (1.3.8-1+lenny6) stable-security; urgency=high ]
.
* Non-maintainer upload by the Security Team.
* Fix null pointer dereference on handling IPP_TAG_UNSUPPORTED
leading to denial of service attacks (CVE-2009-0949).
.
[ cups (1.3.8-1lenny5) stable-security; urgency=low ]
.
* Add CVE-2009-0163_tiff_read_overflow.dpatch: Fix integer overflow induced
heap buffer overflow in the _cupsImageReadTIFF() function. Discovered by
iDefense. (CVE-2009-0163)
* debian/rules: Remove group/other read permissions from the serial backend,
so that it can run as root and thus is actually able to access /dev/ttyS*.
In unstable this is fixed with a patch which relaxes the permissions
checks, but that's too intrusive for a stable update. (#516945)
.
[ cups (1.3.8-1lenny4.1) unstable; urgency=medium ]
.
* Non-maintainer upload.
* Apply upstream patch to fix client request loop for large request over
SSL. (#506702)
.
[ cups (1.3.8-1lenny4) unstable; urgency=high ]
.
* High urgency due to security bug fix.
* Add png-image-int-overflow.dpatch: Fix integer overflow in the PNG image
reader (#507183, STR #2974, CVE-2008-5286)
.
[ cups (1.3.8-1lenny3) unstable; urgency=medium ]
.
* Urgency medium because of RC bug fix.
* debian/cups-bsd.postinst: Assume default printcap path (in /var/run/cups/)
if not specified in cupsd.conf. This brings back the lost /etc/printcap
for legacy applications. (#482186, LP: #282667)
* hpgl-regression.dpatch: Replaced with version which got committed
upstream.
* Add runloop-backchannel-eof-spin.dpatch: Fix backend runloop spin on
backchannel EOF (select() returns "ready for read" on EOF). This
completely broke printing with e. g. HPJetDirect. Thanks to
Samuel Thibault for tracking down the problem! (#489045)
* debian/rules: Install the serial backend with 0744 permissions to make it
run as root, since /dev/ttyS* are root:dialout and thus not accessible as
user "lp". Thanks to Chanoch (Ken) Bloom. (One part of #506181)
.
[ cups (1.3.8-1lenny2) unstable; urgency=high ]
.
* Urgency high due to security fixes.
* debian/control: Package development moved to bzr, update Vcs- tags.
* Add CVE-2008-3641_hpgl_filter_overflow.dpatch: Fix buffer overflow
triggered by invalid number of pens in the HPGL filter. (CVE-2008-3641,
STR #2911)
* Add CVE-2008-3639_sgi_filter_overflow.dpatch: Fix buffer overflow due to
unchecked boundary in the SGI filter. (CVE-2008-3639, STR #2918)
* Add CVE-2008-3640_texttops_overflow.dpatch: Fix buffer overflow by
specifying invalidly large or negative page metrics. (CVE-2008-3640,
STR #2919)
* Add hpgl-regression.dpatch: Revert the SP_select_pen() enumeration change
introduced in STR #2911, because it changes the color mapping (e. g. "SP1"
would now select a white pen instead of a black one, and "SP0" would not
be valid at all any more). Also fix a remaining off-by-one loop. (STR
#2966)
* Add admin-fr-translation.dpatch: Update the French admin.tmpl, to have the
missing "Find new printer" button and the "Subscriptions" section. Thanks
to Yves-Alexis Perez! (#475270)
.
[ cups (1.3.8-1lenny1) unstable; urgency=medium ]
.
Cherrypick bug fixes from trunk/experimental which need to go into Lenny.
Urgency medium because of an RC bug fix.
.
[ Johan Kiviniemi ]
* Add cupsfilter-path-typo.dpatch: Fix a typo in scheduler/cupsfilter.c,
which caused filters not to have /bin in their PATH.
* debian/filters/pstopdf:
- Do not log to /tmp/pstopdf.log. A user running the filter (e.g. via
cupsfilter) made all other users (including cups itself) unable to run
the filter because of no permission to open the logfile.
- Put unquoted variables into quotes where appropriate.
- Never create an outfile in the same directory as the given infile; the
process might not have write access there.
- set -e.
.
[ Martin Pitt ]
* Bump shlibs version for libcups2 and libcupsimage2. (#494168)
* Add missing CVE and more verbose descriptions to security fixes to 1.3.6-1
changelog.
.
[ cyrus-sasl2 (2.1.22.dfsg1-23+lenny1) stable-security; urgency=high ]
.
* debian/patches/0021_CVE-2009-0688-fix.dpatch, debian/patches/00list:
Backport security fix for CVE-2009-0688 from upstream version 2.1.23.
.
[ cyrus-sasl2 (2.1.22.dfsg1-23) unstable; urgency=low ]
.
* Add README.source to comply with Standards-Version 3.8.0
* Fix watch file to use dversionmangle instead of uversionmangle
.
[ cyrus-sasl2 (2.1.22.dfsg1-22) unstable; urgency=low ]
.
[ Roberto C. Sanchez ]
* Added Slovak translation, thanks to Ivan Masár (#489268)
.
[ Fabian Fagerholm ]
* Added Japanese translation, thanks to Hideki Yamane. (#493004)
* Bump standards-version.
.
[ dbus (1.2.1-5+lenny1) stable-security; urgency=high ]
.
* debian/patches/52-CVE-2009-1189.patch
- Security: The _dbus_validate_signature_with_reason function
(dbus-marshal-validate.c) uses incorrect logic to validate a basic type,
which allows remote attackers to spoof a signature via a crafted key.
NOTE: this is due to an incorrect fix for CVE-2008-3834
#532720
Fixes: CVE-2009-1189
* Urgency high for the security fix.
.
[ dbus (1.2.1-5) unstable; urgency=high ]
.
[ Sjoerd Simons ]
* debian/patches/CVE-2008-4311.patch:
+ Added, Fixes CVE-2008-4311. A mistake in the default configuration for
the system bus (system.conf) which made the default policy for both sent
and received messages effectively *allow*, and not deny as intended. This
patch fixes the send side permissions (#503532, #508032)
* Urgency high for the security fix
.
[ Simon McVittie ]
* Rename CVE-*.patch to prefix them with a sequence number so it's clear
what order they should apply in
* Add 51-CVE-2008-4311-but-allow-signals.patch, cherry-picked from upstream
git commit d899734475: after fixing CVE-2008-4311, re-allow emitting
signals
* debian/patches/3[0-4]*.patch, cherry-picked from upstream git (see patches
for commit IDs): add logging when permission to send a message is denied
* debian/patches/35-syslog-h.patch: #include <syslog.h> to fix compilation
with the logging patches applied
* Add myself to Uploaders
.
[ dbus (1.2.1-4) unstable; urgency=high ]
.
* debian/patches/CVE-2008-3834.patch
- The dbus_signature_validate function in the D-bus library allows
attackers to cause a denial of service (application abort) via a message
containing a malformed signature, which triggers a failed assertion
error. (#501443)
Fixes: CVE-2008-3834
- Urgency high for the security fix.
* debian/patches/20-dbus-alpha-unaligned.patch
- Fix misaligned memory access which causes "unaligned traps" on Alpha.
(#502408)
* debian/dbus.init
- Add "status" action to init script. (#470121)
* debian/control
- Bump Depends on lsb-base to >= 3.2-14, which provides status_of_proc().
.
[ directfb (1.0.1-11) unstable; urgency=low ]
.
* Remove 92_reopen_console.patch: it fails in the usual case,
but works when run through strace. (#493899)
.
[ directfb (1.0.1-10) unstable; urgency=low ]
.
* Add 93_fix_unicode_key_handling.patch: when the library asks the kernel
for the key symbols, the result are truncated for unicode symbols if the
keyboard is not in K_UNICODE mode. So, a temporary switch is needed,
as well as applying the right bitmask in order to retrieve the full
unicode symbol. Thanks to Jérémy Bobbio. (#401296)
* Now using Standards-Version 3.8.0 (no changes needed).
.
[ e2fsprogs (1.41.3-1) unstable; urgency=low ]
.
* New upstream release
* Fix e2fsck so it prints the correct inode number for uinit_bg
related problems.
* E2fsck will offer to clear the test_fs flag if the ext4 filesystem
is available.
* Fix a file descriptor leak in libblkid
* Avoid a poteintial infinite loop in e2fsck when there are disk I/O
errors while trying to close a filesystem.
* Fix a potential infinite loop in resize2fs when a bogus new size of
0 blocks is specified on the command line.
* Add an early check to see if a device is read-only to avoid lots of
confusing error messages.
* Fix debugfs's ncheck command so it prints all of the names of
hardlinks in the same directories.
* Fix a bug in libblkid so it correctly detects whether the ext4 and
ext4dev filesystems are available, so that the ext4dev->ext4
fallback code works correctly.
.
[ e2fsprogs (1.41.2-1) unstable; urgency=low ]
.
* New upstream release
* Fix e2fsck's automatic blocksize detection. This fixes a regression
added in e2fsprogs 1.40.7 where e2fsck's -b option would not
work if a blocksize wasn't also specified via the -B option.
* Fix a potential file descriptor leak in libcom_err if the
application exec's another program.
* Fixed badblocks output for "badblocks -sw"
* debugfs: Fix ncheck to print all pathnames for all of the specified inodes
* Use dietlibc when possible for building e2fsck.static, to reduce the
size of the static binary.
* debugfs: Add the ability to specify the hash seed and to specify the
hash algorithm by name to the "hash" command.
* Add documentation for the file I/O functions to libext2fs.texinfo.
(#484877)
* Fix a bug in e2fsck where if a translation file is being used and
e2fsck needs to print problem report with a custom question (such as
"Run journal anyway?"), the PO file's header would get spewed onto
the terminal.
* Update Swedish, Vietnamese, Dutch, Indonesian, German, Czech translations
* Fixed spelling mistakes in man pages (#498100, #498101,
#498102, #498103)
.
[ e2fsprogs (1.41.1-3) unstable; urgency=low ]
.
* badblocks -v will now display the time and percentage complete
(#429739)
* Reordered debian/rules when building udebs to avoid a Lintian warning
* Fixed dependencies fields in the udeb packages (#497619)
* Avoid linking various programs with unneeded libraries
* Fixed a typo'ed bold font specifier in mke2fs's man page
* Fixed the pkg-config files so the include directory needed by the
various libraries is included, and to use Requires.private to
avoid unnecessary linking of dynamic libraries.
* Add more historical information to the debian/*.symbol files
.
[ e2fsprogs (1.41.1-2) unstable; urgency=low ]
.
* Make sure ext4_swab64() is defined on all platforms (#497515)
* Badlocks: Use O_LARGEFILE so it will run on files greater than 2GB
.
[ e2fsprogs (1.41.1-1) unstable; urgency=low ]
.
* New upstream release
* mke2fs and tune2fs now use half-md4 as the default hash algorithm
In addition the default hash algorithm can be via mke2fs.conf for
mke2fs, and via a command-line option for tune2fs.
* Add support for on-line resizing of ext4 filesystems with the
flex_bg filesystem feature.
* e2fsck now creates the journal in the middle of the filesystem,
which can speed up fsync-heavy workloads.
* Make the blkid library more efficient for devicemapper devices,
mostly by no longer using the libdevmapper library.
* Fix various namespace leakages by the libblkid, libe2p and libext2fs
libraries.
* Fix support for empty directories in 64k blocksize filesystems.
* Add supported_features command to debugfs
* Improve libblkid detection of JFS and HPFS filesystems
* The test I/O manager is now compiled in by default, but to avoid its
overhead, it is only enabled when the TEST_IO_FLAGS or TEST_IO_BLOCK
environment variables are set.
* Fix filefrag's ideal extent calculation (#458306)
* Fix postinstall scripts when the user/group is in LDAP (#497010)
* Add Indonesian and update French, Polish, Dutch, German, Sweedish,
Czech, and Vietnamese Translations. (#313697, #401092)
* Update/clarified man pages
* Add dpkg-gensymbols support to track ABI changes to the libraries
* Add lintian overrides for uuid-runtime and libuuid1
* Remove (no longer needed) lintian overrides for e2fsck-static
* Add debian/watch file
.
[ e2fsprogs (1.41.0-4) unstable; urgency=low ]
.
* mke2fs will issue a warning if mke2fs.conf hasn't been updated and
the user tries to create an ext3, ext4, or ext4dev filesystem,
since it depends on the mke2fs.conf file in order to create the
filesystem properly with the appropriate features.
* Fix the maximum journal size message in mke2fs and tune2fs to be
consistent/correct. (#491620)
* Add detection for hfsx filesystem and add label and uuid detection
for hfs, hfsplus, and hfsx filesystems in libblkid.
* Fix cosmetic issue in resize2fs when a progress bar doesn't finish
with a newline for pass 4 (when the inode references are updated).
* Teach resize2fs to move blocks when extents are present (when
shrinking a filesystem and/or if resize_inode is not present).
* Teach resize2fs to work correctly with the uninit_bg when blocks
need to be moved or allocated.
* Fix and optimize extent manipulation in libext2fs for resize2fs.
* Fix "dumpe2fs -i" and "debugfs -i". (#495830)
* Fix resize2fs incorrectly managing directory in-use counts when
shrinking filesystems and directory inodes need to be moved.
* Fix spurious e2fsck complaints with i_size with extents and large
files and preallocated blocks.
* Make sure the creation timestamp is set by mke2fs and by new inodes
created by the libext2fs in general.
* Fix ind/dind/tind statistics when extents are present, and add
extent tree depth statistics.
* Add a fragmentation report extended option to e2fsck.
* Fix blkid cache validation and some possible blkid crashes
(#493216)
* Teach debugfs's htree command to work with extent-based directories.
* Improve the error message for "tune2fs -I".
* Fix miscellaneous strings and usage messages pointed out by the
translators. (Thanks, translators!)
* Enforce that mke2fs won't allow features for revision 0 filesystems.
* Optimize inode table allocation in mke2fs for flex_bg filesystems.
* Update/clarified man pages
* Fix minor typo in uuid-runtime's debian package description
* Wrap debian/copyright files to avoid "line too long" lintian warnings
.
[ expat (2.0.1-4+lenny3) stable-security; urgency=low ]
.
* Upload to stable to fix regressions in last security fix.
* debian/patches/560901_CVE_2009_3560.dpatch: Adjusted.
- lib/xmlparse.c (doProlog): Revised patch for CVE-2009-3560 after
regressions have been detected (#561658, #562381). Many thanks
to Niko Tyni and Karl Waclawek for their help and the fix.
.
[ expat (2.0.1-4+lenny2) stable-security; urgency=medium ]
.
* Upload to stable to fix security issues.
* debian/patches/560901_CVE_2009_3560.dpatch: Added.
- lib/xmlparse.c (doProlog): Fix DoS vulnerability CVE-2009-3560
(#560901).
* debian/patches/00list: Adjusted.
.
[ expat (2.0.1-4+lenny1) stable-security; urgency=medium ]
.
* Upload to stable to fix security issues.
* debian/patches/551936_CVE_2009_2625.dpatch: Added.
- lib/xmltok_impl.c (updatePosition): Fix DoS vulnerability CVE-2009-2625
and CVE-2009-3720 (#551936).
* debian/patches/00list: Adjusted.
.
[ fontconfig (2.6.0-3) unstable; urgency=low ]
.
* Remove doc/Makefile and doc/version.sgml in the clean target.
* Ship a minimal 70-yes-bitmaps.conf to avoid spurious warnings.
#505969.
* fontconfig-config.config: donâ??t force the bitmap fonts to be off,
rather re-ask when we find no existing symbolic link, since in this
case the intent of the user is unknown. #505970.
.
[ fontconfig (2.6.0-2) unstable; urgency=low ]
.
* Do not enable bitmap fonts by default. #496716.
+ rules: ship an empty 70-yes-bitmaps.conf and rename the original
to 70-force-bitmaps.conf.
+ fontconfig-config.postinst: install the symbolic link to
70-yes-bitmaps.conf if asked to do so.
+ fontconfig-config.config: always assume bitmap fonts are not
wanted if no symbolic link is present.
.
[ freetype (2.3.7-2+lenny1) stable-security; urgency=high ]
.
* Non-maintainer upload by the Security Team.
* This update fixes various integer overflows in cff/cffload.c,
smooth/ftsmooth.c amd sfnt/ttcmap.c leading to arbitrary code
execution or denial of service via a crafted font file
(CVE-2009-0946; #524925).
.
[ gcc-4.3 (4.3.2-1.1) unstable; urgency=medium ]
.
* debian/patches/libobjc-armel.dpatch: Don't define EH_USES, apply
r142204 for armel, taken from the gcc-4_3-branch.
* Fix PR target/38287 (sparc, wrong code). #506713.
* Apply selected fixes from the gcc-4_3-branch:
- Fix PR tree-optimization/37102 (wrong code).
- Fix PR tree-optimization/37868 (wrong code).
- Fix PR rtl-optimization/37544 (wrong code).
- Fix PR c++/38030 (wrong code).
- Fix PR rtl-optimization/37489 (wrong code).
- Fix PR rtl-optimization/37408 (wrong code).
- Fix PR middle-end/37731 (wrong code).
- Fix PR middle-end/37882 (wrong code).
.
[ gcc-4.3 (4.3.2-1) unstable; urgency=medium ]
.
[Matthias Klose]
* Final gcc-4.3.2 release (regression fixes).
- Remove the generated install docs from the tarball (GFDL licensed).
- C++ regression fixes: PR debug/37156.
- general regression fixes: PR debug/37156, PR target/37101.
- Java regression fixes: PR libgcj/8995.
* Update to SVN 20080905 from the gcc-4_3-branch.
- C++ regression fixes: PR c++/36741 (wrong diagnostic),
- general regression fixes: PR target/37184 (ice on valid code),
PR target/37191 (ice on valid code), PR target/37197 (ice on valid code),
PR middle-end/36817 (ice on valid code), PR middle-end/36548 (wrong code),
PR middle-end/37125 (wrong code), PR c/37261 (wrong diagnostic),
PR target/37168 (ice on valid code), PR middle-end/36449 (wrong code),
PR middle-end/37248 (missed optimization), PR target/36332 (wrong code).
- Fortran regression fixes: PR fortran/37193 (rejects valid code).
* Move symlinks in gcc_lib_dir from cpp-4.3 to gcc-4.3-base. #497369.
* Don't build-depend on autogen on architectures where it is not installable
(needed for the fixincludes testsuite only); don't build-depend on it for
source packages not running the fixincludes testsuite.
.
[Ludovic Brenta]
* Add sdefault.ads to libgnatprj4.3-dev. Fixes: #492866.
* turn gnatvsn.gpr and gnatprj.gpr into proper library project files.
* Unconditionally build-depend on gnat when building gnat-4.3.
Fixes: #487564.
* (debian/rules.d/binary-ada.mk): Add a symlink libgnat.so to
/usr/lib/libgnat-4.3.so in the adalib directory. Fixes: #493814.
* (debian/patches/ada-sjlj.dpatch): remove dangling symlinks from all
adalib directories.
* debian/patches/ada-alpha.dpatch: remove, applied upstream.
.
[Samuel Tardieu, Ludovic Brenta]
* debian/patches/pr16086.dpatch: new; backport from GCC 4.4.
#248172.
* debian/patches/pr35792.dpatch: new; backport from GCC 4.4.
* debian/patches/pr15808.dpatch (fixes: #246392),
debian/patches/pr30827.dpatch: new; backport from the trunk.
.
[ glibc (2.7-18lenny2) stable-security; urgency=low ]
.
* Fix NIS shadow entries leakage to non-priviledge users when nscd is
in use.
Fixes: CVE-2010-0015.
.
[ glibc (2.7-18lenny1) stable; urgency=low ]
.
* patches/any/cvs-realloc.diff: fix bug in realloc() when enlarging a
memory allocation. bug#550625.
.
[ glibc (2.7-18) unstable; urgency=low ]
.
* patches/localedata/mt_MT_euro.diff, patches/localedata/el_CY_euro.diff:
new patches to switch Cyprus and Malta currency to Euro.
.
[ glibc (2.7-17) unstable; urgency=low ]
.
* patches/localedata/sk_SK_euro.diff: new patch to switch Slovakia
currency to Euro. bug#510423.
.
[ glibc (2.7-16) unstable; urgency=low ]
.
* patches/any/cvs-rpcgen-makefile.diff: new patch from upstream to fix
fancy Makefile filename when using rpcgen -a. bug#503182.
* patches/s390/local-atomic.diff: new patch from Michael Matz to fix
atomic lock on s390. bug#468793, bug#479952.
* patches/any/cvs-gai-stacksize.diff new patch from upstream to fix
getaddrinfo_a segfaults. bug#495007.
* debhelper.in/locales.config: use previous debconf settings if
/etc/locales does not exists.
.
[ glibc (2.7-15) unstable; urgency=low ]
.
* debhelper.in/locales.config, debhelper.in/locales.postinst: modify
/etc/locale.gen instead of regenerating it. bug#494468.
* any/cvs-nscd-getservbyport.diff: new patch from upstream to fix getservbyport()
when nscd is used. bug#500055.
.
[ glibc (2.7-14) unstable; urgency=low ]
.
[ Petr Salinger ]
* kfreebsd/local-sysdeps.diff: update to revision 2322 (from glibc-bsd).
* extend kfreebsd/local-ftw.diff: do not use *at functions also in glob.c,
this patch is applied only on kfreebsd, fixes globtest.out failure.
* any/local-linuxthreads-weak.diff: new patch to pass
stdio-common/scanf15.out test on linuxthreads platforms,
although it seems to be rather gcc 4.x bug, see GCC Bugzilla Bug 37266.
.
[ Aurelien Jarno ]
* patches/mips/cvs-mknod.diff: new patch from upstream to allow > 255 minors
on mips. #493751.
* patches/sparc/cvs-context.diff: new patch from upstream to add
getcontext(), setcontext(), makecontext() on Sparc. #295173.
* patches/hppa/cvs-context.diff: new patch from upstream to add
getcontext(), setcontext(), makecontext() on PARISC. #492778.
* any/local-ip6-localhost.diff: new patch from upstream BTS, to remove the
::1 -> 127.0.0.1 mapping.
* any/cvs-isoc99_vscanf.diff: new patch from upstream to fix vscanf on
non-GNU compilers.
* Fix nosegneg pseudo hwcap. #499366.
.
[ Samuel Thibault ]
* patches/hurd-i386/cvs-lock-memory-clobber.diff: new patch from upstream
to fix safety of locks.
* patches/hurd-i386/local-pthread_posix-option.diff: new patch to advertise
the libpthread from the hurd packages.
* patches/hurd-i386/cvs-signal-werror.diff: new patch to fix gdb compilation.
* patches/hurd-i386/local-tls-support.diff: fix cthread compilation.
.
[ gnutls26 (2.4.2-6+lenny2) stable-security; urgency=high ]
.
* Non-maintainer upload by the Security Team.
* Fixed CVE-2009-2730: a vulnerability related to NUL bytes in X.509
certificate name fields. (#541439) GNUTLS-SA-2009-4
.
[ gnutls26 (2.4.2-6+lenny1) stable-security; urgency=high ]
.
* Add patch from Simon Josefsson to reenable X.509v1 support for root
CAs. #514807, #514735.
.
[ gnutls26 (2.4.2-6) unstable; urgency=medium ]
.
* New patches, syncing with 2.4.3 upstream oldstable release:
+ 24_intermedcertificate.patch If a non-root certificate ist trusted
gnutls certificateificate verification stops there instead of checking
up to the root of the certificate chain.
+ 22_whitespace.patch - Whitespace only changes, to make it possible to
apply upstream fixes without manual changes.
+ 25_bufferoverrun.patch. Fix buffer overrun bug in
gnutls_x509_crt_list_import.
http://news.gmane.org/find-root.php?message_id=%3c000001c91d6e%2463059c90%242910d5b0%24%40com%3e
.
[ gnutls26 (2.4.2-5) unstable; urgency=low ]
.
* Pull two patches from upstream stable branch to make gnutls behavior
match documentation:
+ patch 23_permit_v1_CA.diff:Accept v1 x509 CA
certs if GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. #509593
+ 22_deprecate_md2_md5_x509_validation.diff: Verifying untrusted X.509
certificates signed with RSA-MD2 or RSA-MD5 will now fail with a
GNUTLS_CERT_INSECURE_ALGORITHM verification output.
.
[ gnutls26 (2.4.2-4) unstable; urgency=medium ]
.
* Add Simon Josefsson to uploaders.
* Another fix for the verification fix. Some correct certificate chains were
not recognized as verified. #507633
.
[ gnutls26 (2.4.2-3) unstable; urgency=low ]
.
* Fix a crash on trying to verify self-signed certificates introduced by the
patch for CVE-2008-4989. #505279
.
[ gnutls26 (2.4.2-2) unstable; urgency=medium ]
.
* [CVE-2008-4989.diff] Fix man in the middle attack for certificate
verification. CVE-2008-4989 GNUTLS-SA-2008-3
.
[ gnutls26 (2.4.2-1) unstable; urgency=low ]
.
* New upstream bugfix release.
* Up to date gnutls-cli manpage. #492775
.
[ hal (0.5.11-8) unstable; urgency=high ]
.
* debian/patches/75-at_console.patch
- Added. Allow local users (at_console) to call methods on the CPUFreq,
WakeOnLan and Dockstation interface, i.e. you are using consolekit and
not static Debian group policies.
* Priority high as this also addresses #510639.
.
[ hal (0.5.11-7) unstable; urgency=high ]
.
* debian/patches/71-hal.conf.in-qualify-all-send_interface-.-with-s.patch
- Added. Add send_destination to all rules using send_interface in the
D-Bus config
* debian/patches/72-Allow-anyone-to-introspect-the-hal-daemon-even-with.patch
- Added. Always allow D-Bus introspection
* debian/patches/73-Let-root-call-any-hal-method.patch
- Added. Allow the root user to use any HAL method. Needed to make
NetworkManager and powersaved work properly.
* debian/patches/74-powerdev.patch
- Added. Allow users in the powerdev group to clal methods on the CPUFreq,
WakeOnLan and Dockstation interface
* Thanks to Simon McVittie for preparing and testing the patches
* Makes HAL suitable for use with less permissive versions of D-Bus, like the
one intended to ship with lenny (#510639)
* Priority high as it fixes an RC bug
.
[ hal (0.5.11-6) unstable; urgency=low ]
.
* debian/patches/56_revert_ntfs_locale_mount_option.patch
- The 'locale=' NTFS mount option is not supported by the Linux kernel
NTFS driver, so remove it. The ntfs-3g package will ship a separate fdi
file which enables this mount option again when the ntfs-3g driver is
used. (#497463)
* debian/hal.postinst
- Remove existing stop symlinks in rc0 and rc6 on package upgrades.
(#501662)
.
[ hal (0.5.11-5) unstable; urgency=low ]
.
* Don't stop hal in runlevels 0 and 6, sendsigs is fine; from Ubuntu; thanks
Martin Pitt; #501310.
* Build depend on libsmbios >= 2.0.3; see LP #261665.
.
[ hal (0.5.11-4) unstable; urgency=low ]
.
[ Loic Minier ]
* New patches from upstream git, fixing support of some wifi chips with
2.6.27 kernels; #498132, #498478, #501004.
- 60_use-phy80211-instead-of-wiphy-symlink-to-detect, fixes the sysfs
symlink lookup to use the proper pathname.
- 61_use-wext-ioctl-instead-of-sysfs-to-detect-wireless, fixes detection
of wifi interfaces with 2.6.27 kernels.
.
[ Michael Biebl ]
* Add file trigger which re-generates the hal fdi cache. (#500916)
.
[ Loic Minier ]
* Bump debhelper bdep to >= 5.0.59 for debian/package.triggers support.
.
[ isdnutils (1:3.9.20060704-3.6) unstable; urgency=medium ]
.
* Non-maintainer upload.
* Add dependencies on makedev to capiutils, ipppd and isdnvboxserver
(#502825, #502693)
.
[ isdnutils (1:3.9.20060704-3.5) unstable; urgency=low ]
.
* Non-maintainer upload.
* Fix bashism in an eurofile script. Thanks to Chris Lamb for the patch
#486036
* Fix pending l10n issues. Debconf translations:
- Swedish. #491770
.
[ jack-audio-connection-kit (0.109.2-5) testing-proposed-updates; urgency=low ]
.
* Add myself to uploaders
* Target testing-proposed-updates
* clean dependency_libs line in /usr/lib/*.la as suggested by Loïc
Minier. This breaks static linking as well, but doesn't break packages
like bio2jack that reference our *.la files. (#510673)
.
[ jack-audio-connection-kit (0.109.2-4) unstable; urgency=low ]
.
* Added init script to start jackd at system startup
.
[ keyutils (1.2-9) unstable; urgency=low ]
.
* Correcting previous local email address in changelog.
* Simplyfing libkeyutils1 install file.
.
[ keyutils (1.2-8) unstable; urgency=low ]
.
* Removing cflags handling in rules, not required anymore.
* Adding two patches from Michael Gebetsroither <gebi@grml.org> to fix memory
leaks (#496466).
* Updating to standards 3.8.0.
* Using comma seperator for file pattern in copyright file.
* Updatingto debhelper 7.
* Correcting indenting in copyright file.
* Adjusting indenting in rules file.
.
[ krb5 (1.6.dfsg.4~beta1-5lenny2) stable-security; urgency=high ]
.
* cve-2009-4212, MIT-KRB5-SA-2009-004: Integer underflows in AES and
RC4 decriptions. This can definitely lead to a DOS attack and
potentially may leae to execution of unexpected code. It's
potentially possible that arbitrary code could be executed, although
much more likely that permuted heap contents or buffers not under
attacker control will be executed.
.
[ krb5 (1.6.dfsg.4~beta1-5lenny1) stable-security; urgency=high ]
.
* MITKRB5-SA-2009-0001: Fix read-beyond-end-of-buffer DOS in SPNEGO, an
SPNEGO null pointer dereference, and incorrect length validation in
an ASN.1 decoder. (CVE-2009-0844, CVE-2009-0845, CVE-2009-0847)
* MITKRB5-SA-2009-002: ASN.1 general time decoder can free uninitialized
pointer. (CVE-2009-0846)
.
[ krb5 (1.6.dfsg.4~beta1-5) unstable; urgency=low ]
.
* Correct the actions of krb5_newrealm in its man page. It doesn't
create a keytab for kadmind since kadmind no longer needs one.
Mention that it does create a stash file and that it starts the KDC
and kadmind daemons. Thanks, David Medberry. (#504126)
* Translation updates:
- Spanish, thanks Ignacio Mondino. (#504766)
.
[ lcms (1.17.dfsg-1+lenny2) stable-security; urgency=high ]
.
* Non-maintainer upload by the security team
* Fix possible regression and enhance security patch
Thanks to Marc Deslauriers
.
[ lcms (1.17.dfsg-1+lenny1) stable-security; urgency=high ]
.
* Non-maintainer upload by the security team
* Include upstream fixes for integer overflows, possible memory leaks
and a buffer overflow
Fixes: CVE-2009-0723 CVE-2009-0581 CVE-2009-0733
.
[ libaio (0.3.107-3) unstable; urgency=low ]
.
* Fix the Vcs-Git URL.
* Remove XB- from the Package-Type field.
* Fix watch file URL. (#502884)
Thanks to JiÅ?Ã PaleÄ?ek <jpalecek@web.de>.
.
[ libaio (0.3.107-2) unstable; urgency=low ]
.
* Only run the test suite on i386 as it has not been ported for other
architectures. (#488812)
* Use $(filter ...) instead of $(findstring ...) to extract space separated
options from DEB_BUILD_OPTIONS in debian/rules.
* Do not check for the existence of the Makefile on clean, it's always
there.
* Switch to use dh_lintian instead of manually installing the overrides.
- Bump the versioned debhelper Build-Depends to 6.0.7.
.
[ libaio (0.3.107-1) unstable; urgency=low ]
.
* New upstream release.
* Run the test suite on install, and support nocheck DEB_BUILD_OPTIONS
to disable it.
.
[ libaio (0.3.106-9) unstable; urgency=low ]
.
* Fix misspelled words (linux -> Linux and aio -> AIO).
* Update packaging Vcs fields to the new URL.
* Improve debian/copyright:
- Change 'Copyright Holder' to 'Copyright Holders'.
- Use UTF-8 copyright sign.
- Update upstream download url.
- Refer to LGPL-2.1 from common-licenses instead of just LGPL.
* Add a debian/README.source file.
* Now using Standards-Version 3.8.0.
* Refresh patches with -pab. (#484962)
* Update watch file URL. (#450017)
.
[ libdrm (2.3.1-2) unstable; urgency=high ]
.
* Remove from the source package a bunch of files that are only used by the
kernel drm component. This gets rid of the mga, r128 and radeon
microcode, and thus #502675. Thanks, Ben Hutchings!
.
[ libnss-ldap (261-2.1) unstable; urgency=low ]
.
* Non-maintainer upload.
* libnss-ldap calls nscd init script w/o checking its existance
(#502760)
.
[ libpam-ldap (184-4.2) unstable; urgency=low ]
.
* Non-maintainer upload.
* Fix spelling error in package description. Package description
rewritten with help of debian-l10n-english. #502782
* Fix pending l10n issues. Debconf translations:
- Italian. #496322
- Traditional Chinese. #503179
- Bokmål, Norwegian. #503197
- Danish. #503736
.
[ libpng (1.2.27-2+lenny2) stable-security; urgency=high ]
.
* Fix memory leak on CRC errors in tEXt chunks (CVE-2008-6218).
.
[ libpng (1.2.27-2+lenny1) stable-security; urgency=high ]
.
* Non-maintainer upload.
* debian/patches/03-CVE-2008-5907.diff: update pngwutil.c to properly set
new_key to NULL string. (CVE-2008-5907) (#512665)
* debian/patches/04-CVE-2009-0040.diff: initialize pointers in pngread.c,
pngrtans.c, pngset.c and example.c (CVE-2009-0040) (#516256)
.
[ libpng (1.2.27-2) unstable; urgency=medium ]
.
* Fix CVE-2008-3964: off-by-one error in pngtest.c; #501109
* Standards-Version is 3.8.0
.
[ libselinux (2.0.65-5) unstable; urgency=high ]
.
* Bug fix: "Python errors during upgrade", thanks to Frans Pop
This is a serious bug. (#499086).
* mount point /selinux does not exist. Fixed, though I believe it should
go into base-files. But we need the fix for lenny, and I am not
interested in bug-pong. (#498010)
* Updated Standards-Version: No changes required.
.
[ libtool (1.5.26-4+lenny1) stable-security; urgency=high ]
.
* Non-maintainer upload by the security team.
* Fixes local privilege escalation vulnerability: CVE-2009-3736
(#559797).
.
[ libusb (2:0.1.12-13) unstable; urgency=low ]
.
* Use quilt to manage patches.
* debian/rules: fix cross build support.
* Add debian/patches/05_emdebian.diff from Neil Williams
(bug#492555).
.
[ libwmf (0.2.8.4-6+lenny1) stable-security; urgency=high ]
.
* Non-maintainer upload by the Security Team.
* Fix use-after-free in embedded copy of gd enabling an attacker
to do DoS attacks or execute arbitrary code via a crafted wmf file
(CVE-2009-1364; #526434).
.
[ libx11 (2:1.1.5-2) unstable; urgency=medium ]
.
* Cherry-picked from upstream git: Fix an XCB leak when the client has a
non-fatal error handler.
.
[ libx11 (2:1.1.5-1) unstable; urgency=low ]
.
[ Brice Goglin ]
* Add upstream URL to debian/copyright.
* Add a link to www.X.org and a reference to the upstream module
in the long description.
.
[ Timo Aaltonen ]
* New upstream release.
+ adds missing <cedilla> Compose sequences (#394068)
.
[ Julien Cristau ]
* 014_add_Khmer_digraphs.diff: remove, applied upstream
* 006_tailor_pt_BR.UTF-8_Compose.diff: update
.
[ libxcb (1.1-1.2) stable; urgency=low ]
.
* Non-maintainer upload to fix important performance issues
(#487635).
* Fix some fd leaks in _xcb_open_*()
* Increase libxcb buffer size to 16k from 4k
* Disable Nagle on TCP socket
.
[ libxi (2:1.1.4-1) unstable; urgency=low ]
.
* New upstream release.
.
[ libxml2 (2.6.32.dfsg-5+lenny1) stable-security; urgency=high ]
.
* Non-maintainer upload by the Security Team.
* Fix multiple use-after-free flaws when parsing notation and
enumeration attribute types (CVE-2009-2416).
* Fix stack overflow when parsing root XML document element DTD
definition (CVE-2009-2414).
.
[ libxml2 (2.6.32.dfsg-5) unstable; urgency=high ]
.
* parserInternals.c: apply patch from upstream revision 3741 to avoid
double-free in some situations. This fixes a crash while running the
W3C/OASIS XML conformance test.
* tree.c: Fix infinite loop. Fixes: CVE-2008-4225.
* SAX2.c: Fix integer overflow. Fixes: CVE-2008-4226.
.
[ libxml2 (2.6.32.dfsg-4) unstable; urgency=high ]
.
* Fix regressions due to previous security fixes. Fixes: CVE-2008-3529.
#498768.
.
[ mesa (7.0.3-7) unstable; urgency=low ]
.
* Cherry-pick patch from upstream:
Use 3Dnow! x86-64 routines only on processors that support 3Dnow!
(#484180).
* Also build the x86-specific dri drivers on kfreebsd (#492894).
.
[ mesa (7.0.3-6) unstable; urgency=high ]
.
* Update debian/copyright to the SGI Free Software License B, version 2.0.
It now mirrors the free X11 license used by X.Org (#368560).
http://www.sgi.com/company_info/newsroom/press_releases/2008/september/opengl.html
.
[ nas (1.9.1-5) unstable; urgency=low ]
.
* Fix pending l10n issues. Debconf translations:
* Swedish. #491766 (thanks to brother@bsnet.se)
* Arabic. #500437 (thanks to Ossama Khayat)
* Basque. #500533 (thanks to Piarres Beobide)
* Brazilian Portuguese. #500973 (thanks to Felipe
Augusto van de Wiel)
* Many thanks again to Christian Perrier for his i18n efforts,
co-ordinating the above.
.
[ ncurses (5.7+20081213-1) unstable; urgency=low ]
.
* Merging upstream version 5.7+20081213.
.
[ ncurses (5.7+20081206-1) unstable; urgency=low ]
.
* Merging upstream version 5.7+20081206.
* Removing gpm.dpatch, went upstream.
.
[ ncurses (5.7+20081129-1) unstable; urgency=low ]
.
* Merging upstream version 5.7+20081129.
* Correcting previous changelog and patch description to point out
that the actual applied patch is the one from Thomas Dickey, the
upstream maintainer.
.
[ ncurses (5.7+20081122-2) unstable; urgency=low ]
.
* Adding patch from upstream based on Samuel Thibault
<samuel.thibault@ens-lyon.org> analysis to ensure that aalib checks the
value returned by Gpm_GetEvent() and only proceeds if value == 1
(#506717).
.
[ ncurses (5.7+20081122-1) unstable; urgency=low ]
.
* Merging upstream version 5.7+20081122.
.
[ ncurses (5.7+2008115-1) unstable; urgency=low ]
.
* Merging upstream version 5.7+20081115:
- Includes tabs utility from GNU termutils (#502260).
.
[ ncurses (5.7-2) unstable; urgency=low ]
.
* Replacing obsolete dh_clean -k with dh_prep.
* Adding patch from Petr Salinger <Petr.Salinger@seznam.cz> to fix FTBFS on
GNU/kFreeBSD (#504820).
* Temporarily downgrading sodepver again; this was actually ment to go to
lenny, but I'm to tired to push it... (#504745).
.
[ ncurses (5.7-1) unstable; urgency=low ]
.
* Merging upstream version 5.7.
* Updating soname and sodepver to 5.7 in rules.
.
[ ncurses (5.6+20081025-1) unstable; urgency=low ]
.
* Merging upstream version 5.6+20081025.
.
[ ncurses (5.6+20081018-1) unstable; urgency=low ]
.
* Merging upstream version 5.6+20081018.
* Adding dh_md5sums calls (#502840).
.
[ ncurses (5.6+20081012-2) unstable; urgency=low ]
.
* Removing symlinks in /usr/share/doc for ncurses-base and ncurses-
term as well (#502686).
.
[ ncurses (5.6+20081012-1) unstable; urgency=low ]
.
* Merging upstream version 5.6+20081012.
* Rediffing debian-backspace.dpatch.
* Removing --disable-tic-depends again; was missunderstanding of mine.
* Don't symlink doc directories (#502620).
.
[ ncurses (5.6+20081011-1) unstable; urgency=low ]
.
* Merging upstream version 5.6+20081011.
* Building with --disable-tic-depends.
.
[ ncurses (5.6+20081004-1) unstable; urgency=low ]
.
* Merging upstream version 5.6+20081004.
.
[ ncurses (5.6+20080927-1) unstable; urgency=low ]
.
* Merging upstream version 5.6+20080927.
.
[ ncurses (5.6+20080925-1) unstable; urgency=low ]
.
* Merging upstream version 5.6+20080925:
- fix bug in mouse code for GPM from 20080920 changes
(#500103, #500369).
.
[ ncurses (5.6+20080920-1) unstable; urgency=low ]
.
* Merging upstream version 5.6+20080920.
.
[ ncurses (5.6+20080913-1) unstable; urgency=low ]
.
* Merging upstream version 5.6+20080913.
.
[ ncurses (5.6+20080907-1) unstable; urgency=low ]
.
* Merging upstream version 5.6+20080907.
* Installing changelog and docs also for ncurse-base and ncurse-term.
This allows replace the strict versioned depends against libncurses5
with an unversioned depends.
.
[ ncurses (5.6+20080906-1) unstable; urgency=low ]
.
* Updating vcs fields in control file.
* Merging upstream version 5.6+20080906.
.
[ ncurses (5.6+20080830-1) unstable; urgency=medium ]
.
* Merging upstream version 5.6+20080830.
* Switching kdch1 from 177 to E[3~ in debians, for legacy reasons, own
embedded xterm defintions (#319554).
.
[ ncurses (5.6+20080823-1) unstable; urgency=low ]
.
* Merging upstream version 5.6+20080823:
- Adds Eterm-256color terminal (#495815).
.
[ ncurses (5.6+20080821-1) unstable; urgency=low ]
.
* Merging upstream version 5.6+20080821.
.
[ openldap (2.4.11-1+lenny1) stable-security; urgency=high ]
.
* Non-maintainer upload by the Security Team.
* Fixed CVE-2009-3767: libraries/libldap/tls_o.c doesn't properly handle NULL
character in subject Common Name (#553432)
.
[ openldap (2.4.11-1) unstable; urgency=low ]
.
* New upstream version (#499560).
- Fixes a crash with syncrepl and delcsn (#491066).
- Fix CRL handling with GnuTLS (#498410).
- Drop patches no_backend_inter-linking,
CVE-2008-2952_BER-decoding-assertion, and gnutls-ssf, applied
upstream.
.
[ Russ Allbery ]
* New patch, back-perl-init, which updates the calling conventions
around initialization and shutdown of the Perl interpreter to match
the current perlembed recommendations. Fixes probable hangs on HPPA
in back-perl. Thanks, Niko Tyni. (#495069)
.
[ Steve Langasek ]
* Drop the conflict with libldap2, which is not the standard means of
handling symbol conflicts in Debian and which causes serious upgrade
problems from etch. #487211.
.
[ openssl (0.9.8g-15+lenny6) stable-security; urgency=low ]
.
* Clean up zlib state so that it will be reinitialized on next use and
not cause a memory leak. (CVE-2009-4355)
.
[ openssl (0.9.8g-15+lenny5) stable-security; urgency=low ]
.
* Don't check self signed certificate signatures in X509_verify_cert()
(#541735)
.
[ openssl (0.9.8g-15+lenny4) stable-security; urgency=low ]
.
* Remove MD2 from digest algorithm table. (CVE-2009-2409) (#539899)
.
[ openssl (0.9.8g-15+lenny3) stable-security; urgency=low ]
.
* Fix DoS via a DTLS ChangeCipherSpec packet that occurs before ClientHello
(CVE-2009-1386)
* Fix DoS via an out-of-sequence DTLS handshake message (CVE-2009-1387)
.
[ openssl (0.9.8g-15+lenny2) stable-security; urgency=low ]
.
* Fix "DTLS record buffer limitation bug." (CVE-2009-1377)
* Fix "DTLS fragment handling" (CVE-2009-1378)
* Fix "DTLS use after free" (CVE-2009-1379)
.
[ openssl (0.9.8g-15+lenny1) stable-security; urgency=low ]
.
* Properly validate the length of an encoded BMPString and UniversalString
(CVE-2009-0590)
.
[ openssl (0.9.8g-15) unstable; urgency=low ]
.
* Internal calls to didn't properly check for errors which
resulted in malformed DSA and ECDSA signatures being treated as
a good signature rather than as an error. (CVE-2008-5077)
* ipv6_from_asc() could write 1 byte longer than the buffer in case
the ipv6 address didn't have "::" part. (#506111)
.
[ openssl (0.9.8g-14) unstable; urgency=low ]
.
* Don't give the warning about security updates when upgrading
from etch since it doesn't have any known security problems.
* Automaticly use engines that succesfully initialised. Patch
from the 0.9.8h upstream version. (#502177)
.
[ pam (1.0.1-5+lenny1) stable; urgency=high ]
.
* Security NMU, high urgency.
* Fix signedness error in _pam_StrTok(), CVE-2009-0887.
#520115.
.
[ pam (1.0.1-5) unstable; urgency=low ]
.
* Build-conflict with libxcrypt-dev, which otherwise pulls libxcrypt in as
a dependency of libpam-modules if it's installed during the build.
Thanks to Larry Doolittle for catching.
* Don't refer to gnome-screensaver in the debconf template; it isn't
actually affected by the libpam symbol issue because it forks a separate
process to display the screensaver dialog.
* Have libpam-modules Pre-Depend on ${misc:Depends}, so that we can
warn users about needing to disable xscreensaver and xlockmore
before libpam-modules is unpacked. #502140, LP: #256238.
* Updated debconf translations for the new template:
- Italian, thanks to David Paleino <d.paleino@gmail.com>
- Simplified Chinese, thanks to Deng Xiyue
<manphiz-guest@users.alioth.debian.org> (#510371)
- Portuguese, thanks to Américo Monteiro <a_monteiro@netcabo.pt>
- Swedish, thanks to Martin Bagge <brother@bsnet.se> (#510379)
- Japanese, thanks to Kenshi Muto <kmuto@debian.org> (#510380)
- Finnish, thanks to Esko Arajärvi <edu@iki.fi> (#510382)
- Spanish, thanks to Javier Fernandez-Sanguino Peña <jfs@debian.org>
(#510389)
- Galician, thanks to Marce Villarino <mvillarino@gmail.com>
- Slovak, thanks to helix84 <helix84@centrum.sk> (#510412)
- Bulgarian, thanks to Damyan Ivanov <dmn@debian.org>
- Czech, thanks to Miroslav Kure <<kurem@upcase.inf.upol.cz>
(#510608)
- French, thanks to Steve Petruzzello <dlist@bluewin.ch>
- German, thanks to Sven Joachim <svenjoac@gmx.de> (#510617)
- Basque, thanks to Piarres Beobide <pi+debian@beobide.net>
(#510699)
- Russian, thanks to Yuri Kozlov <yuray@komyakino.ru> (#510701)
- Turkish, thanks to Mert Dirik <mertdirik@gmail.com> (#510707)
.
[ pulseaudio (0.9.10-3+lenny1) stable-security; urgency=high ]
.
* Remove broken re-exec (CVE-2009-1894)
* Used ld flags to pre-load DSOs
* Regenerate auto* files
.
[ pulseaudio (0.9.10-3) unstable; urgency=low ]
.
* debian/patches/0006-fix-iteration-over-random-devices.patch
- Added. Iterate over the various random devices if opening fails
(#491270)
.
[ sane-backends (1.0.19-23) unstable; urgency=low ]
.
* debian/patches/09_avision_fixes.dpatch:
+ Updated; fix reader task handling to not signal the whole process group
erroneously.
.
* debconf translations:
+ it.po: courtesy of Luca Monducci (#507563).
.
[ sane-backends (1.0.19-22) unstable; urgency=low ]
.
* debian/patches/41_epjitsu_fixes.dpatch:
+ Added; from CVS, fix double-free issues in epjitsu (#506750).
.
[ sane-backends (1.0.19-21) unstable; urgency=low ]
.
* debian/rules:
+ Use an error handler for saned's init.
* debian/sane-utils.postinst:
+ Added error handler for saned init (#493745).
.
* debconf translations:
+ es.po: courtesy of Ignacio Mondino (#499202).
.
[ sane-backends (1.0.19-20) unstable; urgency=low ]
.
* debian/control:
+ Make sane-utils depend on update-inetd (>= 4.31) which won't break
with debconf.
* debian/sane-utils.postinst:
+ update-inetd needs debconf sometimes, so keep debconf enabled until
after the update-inetd call.
.
[ sane-backends (1.0.19-19) unstable; urgency=low ]
.
* debian/rules:
+ Install umax_pp into sane-utils (#496833).
.
* debian/patches/40_fujitsu_fixes.dpatch:
+ Added; upstream backport of fujitsu backend fixes, fixes a string
initialization issue in config file parsing, adds color mode for the
fi-6130, 6230, 6140, 6240 and fixes fi-6230 hangs at wakeup from
powersave mode.
Thanks to M. Allan Noah for providing a backport (#494156).
.
[ sane-backends (1.0.19-18) unstable; urgency=low ]
.
* debian/patches/10_sm3840_unbreak_sane_open.dpatch:
+ Added; from CVS, fix the way sane_open() checks for sanei_usb_open()
errors (#496249).
.
* debconf translations:
+ ja.po: courtesy of Hideki Yamane (#493568).
.
[ tiff (3.8.2-11.2) stable-security; urgency=high ]
.
* Revised patch for CVE-2009-2347, new patch for CVE-2009-2285
.
[ tiff (3.8.2-11.1) stable-security; urgency=high ]
.
* CVE-2009-2347
.
[ xorg (1:7.3+20) stable; urgency=low ]
.
* Non-maintainer upload, supervised by Julien Cristau.
* xserver-xorg.postinst: fix for the previous patch. #535624
.
[ xorg (1:7.3+19) stable; urgency=low ]
.
* xserver-xorg.postinst: default to the fbdev driver on sparc, even when we
find PCI devices, to work around #488669.
.
[ xorg (1:7.3+18) unstable; urgency=low ]
.
[ Debconf translations ]
* Wolof. #500669
.
[ Julien Cristau ]
* Version the Replaces/Conflicts on xserver-common, so we can reintroduce it
later if needed.
.
[ xorg (1:7.3+17) unstable; urgency=low ]
.
[ Debconf translations ]
* Croatian. #498054
* Spanish. #498435
* Greek. #498465
.
[ xorg (1:7.3+16) unstable; urgency=low ]
.
[ Debconf translations ]
* Lithuanian. #497314
* Norwegian Bokmal. #497315
* Polish. #497162
Reply to: