File: //snap/network-manager/949/snap/ChangeLog
2024-09-20 network-manager 1.36.6-13
[ Changes in primed packages ]
libcurl3-gnutls (built from curl) updated from 7.81.0-1ubuntu1.16 to 7.81.0-1ubuntu1.18:
curl (7.81.0-1ubuntu1.18) jammy-security; urgency=medium
* SECURITY UPDATE: OCSP stapling bypass with GnuTLS
- debian/patches/CVE-2024-8096.patch: fix OCSP stapling management in
lib/vtls/gtls.c.
- CVE-2024-8096
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 06 Sep 2024 07:38:40 -0400
curl (7.81.0-1ubuntu1.17) jammy-security; urgency=medium
* SECURITY UPDATE: ASN.1 date parser overread
- debian/patches/CVE-2024-7264-pre1.patch: clean up GTime2str in
lib/x509asn1.c.
- debian/patches/CVE-2024-7264.patch: unittests and fixes for gtime2str
in lib/x509asn1.c, lib/x509asn1.h, tests/data/Makefile.inc,
tests/data/test1656, tests/unit/Makefile.inc, tests/unit/unit1656.c.
- CVE-2024-7264
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 01 Aug 2024 09:51:30 -0400
libndp0 (built from libndp) updated from 1.8-0ubuntu3 to 1.8-0ubuntu3.1:
libndp (1.8-0ubuntu3.1) jammy-security; urgency=medium
* SECURITY UPDATE: buffer overflow via malformed IPv6 router adv packet
- debian/patches/CVE-2024-5564.patch: validate route information option
length in libndp/libndp.c.
- CVE-2024-5564
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 07 Jun 2024 09:53:12 -0400
libpcap0.8 (built from libpcap) updated from 1.10.1-4build1 to 1.10.1-4ubuntu1.22.04.1:
libpcap (1.10.1-4ubuntu1.22.04.1) jammy; urgency=medium
* Tcpdump utility captures incorrect packets on VLAN interface when using
SLL2 (LP: #2076398)
- d/p/lp2076398-linux-set-handlep-vlan_offset-if-the-linktype-is-cha.patch
-- Chengen Du <chengen.du@canonical.com> Fri, 09 Aug 2024 08:13:59 +0000
libmm-glib0 (built from modemmanager) updated from 1.20.0-1~ubuntu22.04.3 to 1.20.0-1~ubuntu22.04.4:
modemmanager (1.20.0-1~ubuntu22.04.4) jammy; urgency=medium
* Apply the newer modemmanager commits from 1.22.0 to the LTS as part of
new hardware enablement including Quectel EM061K-GL/EM160/RM520N modems
(lp: #2067240)
-- Atlas Yu <atlas.yu@canonical.com> Thu, 18 Jul 2024 16:24:32 +0200
libldap-2.5-0 (built from openldap) updated from 2.5.17+dfsg-0ubuntu0.22.04.1 to 2.5.18+dfsg-0ubuntu0.22.04.2:
openldap (2.5.18+dfsg-0ubuntu0.22.04.2) jammy; urgency=medium
* d/p/remove-extraneous-quote-configure-ac.patch: Remove extraneous
quote from configure.ac, fixing loading of back_perl. (LP: #2072976)
-- Sergio Durigan Junior <sergio.durigan@canonical.com> Fri, 12 Jul 2024 17:51:23 -0400
openldap (2.5.18+dfsg-0ubuntu0.22.04.1) jammy; urgency=medium
* New upstream version (LP: #2067745).
- Fixed libldap exit handling with OpenSSL3 again (ITS#9952)
- Fixed libldap OpenSSL channel binding digest (ITS#10216)
- Fixed slapd handling of large uid/gids peercred auth (ITS#10211)
- Fixed slapd-meta with dynlist (ITS#10164)
- Fixed slapd-meta binds when proxying internal op (ITS#10165)
- Fixed slapo-accesslog startup initialization (ITS#10170)
- Fixed slapo-dynlist with abandoned operations (ITS#10044)
-- Sergio Durigan Junior <sergio.durigan@canonical.com> Fri, 31 May 2024 11:01:55 -0400
openvpn (built from openvpn) updated from 2.5.9-0ubuntu0.22.04.2 to 2.5.9-0ubuntu0.22.04.3:
openvpn (2.5.9-0ubuntu0.22.04.3) jammy-security; urgency=medium
* SECURITY UPDATE: malicious peer can DoS or send garbage to logs
- debian/patches/CVE-2024-5594.patch: properly handle null bytes and
invalid characters in control messages in src/openvpn/buffer.*,
src/openvpn/forward.c, tests/unit_tests/openvpn/test_buffer.c.
- CVE-2024-5594
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 27 Jun 2024 14:49:38 -0400
2024-05-28 network-manager 1.36.6-12
[ Changes in primed packages ]
libnghttp2-14 (built from nghttp2) updated from 1.43.0-1ubuntu0.1 to 1.43.0-1ubuntu0.2:
nghttp2 (1.43.0-1ubuntu0.2) jammy-security; urgency=medium
* SECURITY UPDATE: HTTP/2 protocol denial of service
- debian/patches/CVE-2024-28182-1.patch: Add
nghttp2_option_set_max_continuations
- debian/patches/CVE-2024-28182-2.patch: Limit CONTINUATION frames
following an incoming HEADER frame
- CVE-2024-28182
-- Fabian Toepfer <fabian.toepfer@canonical.com> Thu, 18 Apr 2024 09:14:38 +0200
2024-04-22 network-manager 1.36.6-11
[ Changes in primed packages ]
libcurl3-gnutls (built from curl) updated from 7.81.0-1ubuntu1.15 to 7.81.0-1ubuntu1.16:
curl (7.81.0-1ubuntu1.16) jammy-security; urgency=medium
* SECURITY UPDATE: HTTP/2 push headers memory-leak
- debian/patches/CVE-2024-2398.patch: push headers better cleanup in
lib/http2.c.
- CVE-2024-2398
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 19 Mar 2024 08:16:19 -0400
2024-03-21 network-manager 1.36.6-10
[ alfonsosanchezbeato <alfonso.sanchez-beato@canonical.com> ]
* tests/core/no-netplan-default-config: fix race condition
Merge pull request #32 from snapcore/fix-netplan-test-22
[ Changes in primed packages ]
dnsmasq-base (built from dnsmasq) updated from 2.86-1.1ubuntu0.5 to 2.90-0ubuntu0.22.04.1:
dnsmasq (2.90-0ubuntu0.22.04.1) jammy-security; urgency=medium
* Updated to 2.90 to fix multiple security issues.
- debian/rules: specify lua version with LUA.
- CVE-2023-50387, CVE-2023-50868
* Convert package to source format 3.0 to ease maintenance going forward.
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 14 Feb 2024 14:23:43 -0500
libldap-2.5-0 (built from openldap) updated from 2.5.16+dfsg-0ubuntu0.22.04.2 to 2.5.17+dfsg-0ubuntu0.22.04.1:
openldap (2.5.17+dfsg-0ubuntu0.22.04.1) jammy; urgency=medium
* New upstream version (LP: #2040465).
- Added slapo-dynlist option to disable filter support (ITS#10025)
- Fixed liblber missing newline on long msg (ITS#10105)
- Fixed libldap exit handling with OpenSSL3 (ITS#9952)
- Fixed libldap with TLS and multiple ldap URIs (ITS#10101)
- Fixed libldap OpenSSL cipher suite handling (ITS#10094)
- Fixed libldap OpenSSL 3.0 and Diffie-Hellman param files (ITS#10124)
- Fixed libldap timestamps on Windows (ITS#10100)
- Fixed lloadd to work when resolv.conf is missing (ITS#10070)
- Fixed lloadd handling of closing connection (ITS#10083)
- Fixed slapd to honour disclose in matchedDN handling (ITS#10139)
- Fixed slapd handling of regex testing in ACLs (ITS#10089)
- Fixed slapd-asyncmeta when remote suffix is empty (ITS#10076)
- Fixed slapo-dynlist so it can't be global (ITS#10091)
-- Sergio Durigan Junior <sergio.durigan@canonical.com> Fri, 09 Feb 2024 15:12:07 -0500
2024-02-09 network-manager 1.36.6-9
[ Changes in primed packages ]
libcurl3-gnutls (built from curl) updated from 7.81.0-1ubuntu1.14 to 7.81.0-1ubuntu1.15:
curl (7.81.0-1ubuntu1.15) jammy-security; urgency=medium
* SECURITY UPDATE: cookie mixed case PSL bypass
- debian/patches/CVE-2023-46218.patch: lowercase the domain names
before PSL checks in lib/cookie.c.
- CVE-2023-46218
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 29 Nov 2023 14:23:00 -0500
dnsmasq-base (built from dnsmasq) updated from 2.86-1.1ubuntu0.3 to 2.86-1.1ubuntu0.5:
dnsmasq (2.86-1.1ubuntu0.5) jammy; urgency=medium
* src/dnsmasq.c: Fix a crash that can happen when an empty resolv.conf is
reloaded (LP: #2045570)
* src/helper.c: Fix wrong client address for dhcp-script when DHCPv4 relay
in use (LP: #2042587)
-- Andreas Hasenack <andreas@canonical.com> Thu, 11 Jan 2024 09:21:27 -0300
dnsmasq (2.86-1.1ubuntu0.4) jammy; urgency=medium
* src/dnsmasq.h, src/domain-match.c: Fix confusion when using resolvconf
servers (combining server|address for a domain), resulting in the struct
server datastructure for server=/domain/# getting passed to
forward_query(), rapidly followed by a SEGV. This fix makes
server=/domain/# a fully fledged member of the priority list.
The code added here is a cherry pick released in upstream version
2.87, originating at
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=de372d69
(LP: #2015562)
-- Miriam España Acebal <miriam.espana@canonical.com> Thu, 20 Apr 2023 11:00:27 +0200
libmm-glib0 (built from modemmanager) updated from 1.20.0-1~ubuntu22.04.2 to 1.20.0-1~ubuntu22.04.3:
modemmanager (1.20.0-1~ubuntu22.04.3) jammy; urgency=medium
* Backport the newer modemmanager commits from 1.20.6 to the LTS
as part of new hardware enablement including Telit FN990 modem
(lp: #2047008)
-- Laider Lai <laider.lai@canonical.com> Wed, 20 Dec 2023 05:35:16 +0000
libnghttp2-14 (built from nghttp2) updated from 1.43.0-1build3 to 1.43.0-1ubuntu0.1:
nghttp2 (1.43.0-1ubuntu0.1) jammy-security; urgency=medium
* SECURITY UPDATE: HTTP/2 protocol denial of service
- debian/patches/CVE-2023-44487.patch: implement stream reset rate
limiting.
- CVE-2023-44487
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 11 Oct 2023 13:50:35 -0400
libldap-2.5-0 (built from openldap) updated from 2.5.16+dfsg-0ubuntu0.22.04.1 to 2.5.16+dfsg-0ubuntu0.22.04.2:
openldap (2.5.16+dfsg-0ubuntu0.22.04.2) jammy-security; urgency=medium
* No change rebuild to fix CVE-2023-2953 in the -security pocket.
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 25 Jan 2024 13:42:39 -0500
openvpn (built from openvpn) updated from 2.5.5-1ubuntu3.1 to 2.5.9-0ubuntu0.22.04.2:
openvpn (2.5.9-0ubuntu0.22.04.2) jammy; urgency=medium
* d/rules: Use --with-openssl-engine=yes during configuration to maintain the
existing behavior of technically allowing openssl engine access in jammy.
For more information see
https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/2004676/comments/6
-- Lena Voytek <lena.voytek@canonical.com> Fri, 29 Sep 2023 16:14:48 -0700
openvpn (2.5.9-0ubuntu0.22.04.1) jammy; urgency=medium
* New upstream release 2.5.9 (LP: #2004676):
- The version is being updated to the latest in 2.5.x rather than 2.6.x to
avoid feature releases and focus on bug fixes
- Updates:
+ Allow optional ciphers in --data-ciphers
- Bug Fixes Include:
+ Fix null pointer error when running openvpn --show-tls with mbedtls
+ Fix corner case that could lead to leaked file descriptor
+ Fix parsing issue in pull-filter when there are leading spaces
+ Fix possible buffer overflow in parse_line argument
+ See https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn25 for
additional bug fixes and information
-- Lena Voytek <lena.voytek@canonical.com> Tue, 15 Aug 2023 10:48:49 -0700
openvpn (2.5.8-0ubuntu0.22.04.1) jammy; urgency=medium
* New upstream releases 2.5.6-2.5.8 (LP: #2004676):
- The version is being updated to the latest in 2.5.x rather than 2.6.x to
avoid feature releases and focus on bug fixes
- Updates:
+ OpenSSL3 support
+ pkcs11-helper upgrade to 1.28.4
+ allow running a default configuration with TLS libraries without BF-CBC
- Bug Fixes Include:
+ CVE-2022-0547
+ Fix potential memory leaks in add_route() and add_route_ipv6()
+ Fix PATH_MAX build failure in auth-pam.c
+ Fix using --auth-token together with --management-client-auth
+ Fix clearing of username+password when using --auth-nocache
+ See https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn25 for
additional bug fixes and information
* Remove patches fixed upstream:
- d/p/CVE-2022-0547.patch
[Included in upstream release 2.5.6]
- d/p/openssl-3/0001-Add-insecure-tls-cert-profile-options.patch
- d/p/openssl-3/0002-Refactor-early-initialisation-and-uninitialisation-
into-methods.patch
- d/p/openssl-3/0003-Allow-loading-of-non-default-providers.patch
- d/p/openssl-3/0004-Fix-allowing-showing-unsupported-ciphers-digests.patch
- d/p/openssl-3/0005-Add-message-when-decoding-PKCS12-file-fails.patch
- d/p/openssl-3/0006-Translate-OpenSSL-3.0-digest-names-to-OpenSSL-1.1-
digest-names.patch
[Included in upstream release 2.5.7]
- d/p/openssl-3/0007-Allow-running-a-default-configuration-with-TLS-
libraries-without-BF-CBC.patch
- d/p/match-manpage-and-command-help.patch
[Included in upstream release 2.5.8]
-- Lena Voytek <lena.voytek@canonical.com> Fri, 03 Feb 2023 15:49:35 -0700
2023-10-17 network-manager 1.36.6-8
[ alfonsosanchezbeato <alfonso.sanchez-beato@canonical.com> ]
* tests/no-netplan-default-config: use MATCH instead of grep
Merge pull request #30 from snapcore/match-not-grep
[ Changes in primed packages ]
libcurl3-gnutls (built from curl) updated from 7.81.0-1ubuntu1.13 to 7.81.0-1ubuntu1.14:
curl (7.81.0-1ubuntu1.14) jammy-security; urgency=medium
* SECURITY UPDATE: SOCKS5 heap buffer overflow
- debian/patches/CVE-2023-38545.patch: return error if hostname too
long for remote resolve in lib/socks.c, tests/data/Makefile.inc,
tests/data/test728.
- CVE-2023-38545
* SECURITY UPDATE: cookie injection with none file
- debian/patches/CVE-2023-38546.patch: remove unnecessary struct fields
in lib/cookie.c, lib/cookie.h, lib/easy.c.
- CVE-2023-38546
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 03 Oct 2023 13:15:41 -0400
2023-09-14 network-manager 1.36.6-7
[ alfonsosanchezbeato <alfonso.sanchez-beato@canonical.com> ]
* snapcraft.yaml: some clean-ups
Merge pull request #26 from snapcore/cleanups
[ Changes in primed packages ]
libldap-2.5-0 (built from openldap) updated from 2.5.14+dfsg-0ubuntu0.22.04.2 to 2.5.16+dfsg-0ubuntu0.22.04.1:
openldap (2.5.16+dfsg-0ubuntu0.22.04.1) jammy; urgency=medium
* New upstream version (LP: #2029170).
- Fixed slapd cn=config incorrect handling of paused (ITS#10045)
- Fixed slapd-meta to account for MOD ops being optional (ITS#10067)
- Fixed slapd-asyncmeta to account for MOD ops being optional (ITS#10067)
-- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 31 Jul 2023 18:13:10 -0400
openldap (2.5.15+dfsg-0ubuntu0.22.04.1) jammy; urgency=medium
* New upstream version (LP: #2027079).
- Several fixes, including to asynchronous connections to the OpenLDAP
server.
-- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 11 Jul 2023 15:26:41 -0400
libbrotli1: not primed anymore
2023-07-20 network-manager 1.36.6-6
[ Changes in primed packages ]
libcurl3-gnutls (built from curl) updated from 7.81.0-1ubuntu1.10 to 7.81.0-1ubuntu1.13:
curl (7.81.0-1ubuntu1.13) jammy-security; urgency=medium
* SECURITY REGRESSION: broken ssl cert wildcard handling (LP: #2028170)
- debian/patches/CVE-2023-28321.patch: fix missing line in backport.
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 19 Jul 2023 12:23:36 -0400
curl (7.81.0-1ubuntu1.11) jammy-security; urgency=medium
* SECURITY UPDATE: improper certificate validation vulnerability
- debian/patches/CVE-2023-28321.patch: fix host name wildcard checking
in lib/hostcheck.c, tests/data/test1397, tests/unit/unit1397.c.
- CVE-2023-28321
* SECURITY UPDATE: information disclosure vulnerability
- debian/patches/CVE-2023-28322.patch: unify the upload/method handling
in lib/curl_rtmp.c, lib/file.c, lib/ftp.c, lib/http.c, lib/imap.c,
lib/rtsp.c, lib/setopt.c, lib/smb.c, lib/smtp.c, lib/tftp.c,
lib/transfer.c, lib/urldata.h, lib/vssh/libssh.c, lib/vssh/libssh2.c,
lib/vssh/wolfssh.c.
- CVE-2023-28322
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 17 Jul 2023 10:25:41 -0400
libmm-glib0 (built from modemmanager) updated from 1.20.0-1~ubuntu22.04.1 to 1.20.0-1~ubuntu22.04.2:
modemmanager (1.20.0-1~ubuntu22.04.2) jammy; urgency=medium
* Backport the newer modemmanager commits from 1.20.4 to the LTS
as part of new hardware enablement including EM05-G/EM05-CN modems
(lp: #2023746)
-- Laider Lai <laider.lai@canonical.com> Wed, 14 Jun 2023 08:21:50 +0000
2023-05-04 network-manager 1.36.6-5
[ Changes in primed packages ]
dnsmasq-base (built from dnsmasq) updated from 2.86-1.1ubuntu0.2 to 2.86-1.1ubuntu0.3:
dnsmasq (2.86-1.1ubuntu0.3) jammy-security; urgency=medium
* SECURITY UPDATE: IP fragmentation
- src/config.h: update default max EDNS_PKTSZ to 1232 as agreed on
dnsflagday 2020.
- man/dnsmasq.8: updating documentation to reflect new default max
EDNS_PKTSZ.
- eb92fb32b746f2104b0f370b5b295bb8dd4bd5e5
- CVE-2023-28450
-- Ian Constantin <ian.constantin@canonical.com> Tue, 18 Apr 2023 11:11:46 +0300
2023-04-13 network-manager 1.36.6-4
[ alfonsosanchezbeato <alfonso.sanchez-beato@canonical.com> ]
* snap-patch/netplan: do not write files for temporary connections
Merge pull request #15 from snapcore/no-temp-conns
* patch: core: do not check 'match' settings when comparing connections
Merge pull request #19 from snapcore/fix-conn-matching
* tests: fix tests using access points
Merge pull request #20 from snapcore/fix-ap-tests-22
* .github/workflows: fix usage of branches
Merge pull request #21 from snapcore/fix-workflows
[ Changes in primed packages ]
libcurl3-gnutls (built from curl) updated from 7.81.0-1ubuntu1.7 to 7.81.0-1ubuntu1.10:
curl (7.81.0-1ubuntu1.10) jammy-security; urgency=medium
* SECURITY UPDATE: TELNET option IAC injection
- debian/patches/CVE-2023-27533.patch: only accept option arguments in
ascii in lib/telnet.c.
- CVE-2023-27533
* SECURITY UPDATE: SFTP path ~ resolving discrepancy
- debian/patches/CVE-2023-27534-pre1.patch: do not add '/' if homedir
ends with one in lib/curl_path.c.
- debian/patches/CVE-2023-27534.patch: create the new path with dynbuf
in lib/curl_path.c.
- CVE-2023-27534
* SECURITY UPDATE: FTP too eager connection reuse
- debian/patches/CVE-2023-27535-pre1.patch: add and use Curl_timestrcmp
in lib/netrc.c, lib/strcase.c, lib/strcase.h, lib/url.c,
lib/vauth/digest_sspi.c, lib/vtls/vtls.c.
- debian/patches/CVE-2023-27535.patch: add more conditions for
connection reuse in lib/ftp.c, lib/ftp.h, lib/url.c, lib/urldata.h.
- CVE-2023-27535
* SECURITY UPDATE: GSS delegation too eager connection re-use
- debian/patches/CVE-2023-27536.patch: only reuse connections with same
GSS delegation in lib/url.c, lib/urldata.h.
- CVE-2023-27536
* SECURITY UPDATE: SSH connection too eager reuse still
- debian/patches/CVE-2023-27538.patch: fix the SSH connection reuse
check in lib/url.c.
- CVE-2023-27538
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 14 Mar 2023 12:37:02 -0400
curl (7.81.0-1ubuntu1.8) jammy-security; urgency=medium
* SECURITY UPDATE: multiple HSTS issues
- debian/patches/CVE-2023-23914_5-1.patch: add sharing of HSTS cache
among handles in docs/libcurl/opts/CURLSHOPT_SHARE.3,
docs/libcurl/symbols-in-versions, include/curl/curl.h, lib/hsts.c,
lib/hsts.h, lib/setopt.c, lib/share.c, lib/share.h, lib/transfer.c,
lib/url.c, lib/urldata.h.
- debian/patches/CVE-2023-23914_5-2.patch: share HSTS between handles
in src/tool_operate.c.
- debian/patches/CVE-2023-23914_5-3.patch: handle adding the same host
name again in lib/hsts.c.
- debian/patches/CVE-2023-23914_5-4.patch: support crlf="yes" for
verify/proxy in tests/FILEFORMAT.md, tests/runtests.pl.
- debian/patches/CVE-2023-23914_5-5.patch: verify hsts with two URLs in
tests/data/Makefile.inc, tests/data/test446.
- CVE-2023-23914
- CVE-2023-23915
* SECURITY UPDATE: HTTP multi-header compression denial of service
- debian/patches/CVE-2023-23916-pre1.patch: do CRLF replacements in
tests/FILEFORMAT.md, tests/data/test1, tests/runtests.pl.
- debian/patches/CVE-2023-23916.patch: do not reset stage counter for
each header in lib/content_encoding.c, lib/urldata.h,
tests/data/Makefile.inc, tests/data/test418.
- CVE-2023-23916
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 15 Feb 2023 08:20:05 -0500
libsasl2-2 (built from cyrus-sasl2) updated from 2.1.27+dfsg2-3ubuntu1.1 to 2.1.27+dfsg2-3ubuntu1.2:
cyrus-sasl2 (2.1.27+dfsg2-3ubuntu1.2) jammy; urgency=medium
* d/control, d/libsasl2-modules-gssapi-mit.install,
d/libsasl2-modules.install: move the SCRAM mechanism to
the libsasl2-modules package (LP: #1988730)
-- Andreas Hasenack <andreas@canonical.com> Mon, 12 Dec 2022 08:52:45 -0300
dnsmasq-base (built from dnsmasq) updated from 2.86-1.1ubuntu0.1 to 2.86-1.1ubuntu0.2:
dnsmasq (2.86-1.1ubuntu0.2) jammy; urgency=medium
* src/forward.c: Do not refuse retries from client DNS queries. Behaviour to
stop infinite loops when all servers return REFUSED was wrongly activated
on client retries, resulting in incorrect REFUSED replies to client
retries. The code added here is a cherry pick released in upstream version
2.87, originating at
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=2561f9fe0eb9c0be
(LP: #1981794)
-- Lena Voytek <lena.voytek@canonical.com> Fri, 14 Oct 2022 14:39:41 -0700
libmm-glib0 (built from modemmanager) updated from 1.18.6-1 to 1.20.0-1~ubuntu22.04.1:
modemmanager (1.20.0-1~ubuntu22.04.1) jammy; urgency=medium
* Backport the newer modemmanager stack to the LTS as part of
new hardware enablement including FM350 modems
(lp: #1950282)
-- Sebastien Bacher <seb128@ubuntu.com> Tue, 13 Dec 2022 13:38:07 +0100
modemmanager (1.19~git20220905-0ubuntu2) kinetic; urgency=medium
* Build without libqrtr for now, the MIR is blocked since we don't have
hardware available to do the required testing of the feature,
include some workarounds to fix the build
-- Sebastien Bacher <seb128@ubuntu.com> Wed, 07 Sep 2022 15:38:20 +0200
modemmanager (1.19~git20220905-0ubuntu1) kinetic; urgency=medium
* New upstream snapshot, fixing build issues with the new glib serie
-- Sebastien Bacher <seb128@ubuntu.com> Mon, 05 Sep 2022 11:26:53 +0200
modemmanager (1.19~git20220825-0ubuntu1) kinetic; urgency=medium
* Update to a preversion doing a git snapshot, needed for newer hardware
* Update the build requirements and build with meson
* Refresh the symbols
-- Sebastien Bacher <seb128@ubuntu.com> Thu, 25 Aug 2022 17:28:49 +0200
modemmanager (1.18.10-1) unstable; urgency=medium
* New upstream version 1.18.10
* d/control: update my email address and bump libqmi dependency.
Upstream bumped the required version of `libqmi`, so let's ensure this
is reflected in this package.
This commit also bumps the Standards-Version, as no additional change is
required.
* debian: update linitian-overrides.
Due to recent changes in `lintian`, our overrides for the -doc packages
are no longer needed. However, a new `source-is-missing` lintian error
message must be overridden as it relates to HTML files, which are source
files themselves.
-- Arnaud Ferraris <aferraris@debian.org> Mon, 11 Jul 2022 17:30:09 +0200
modemmanager (1.18.8-1) unstable; urgency=medium
* debian: lintian-driven fixes and small improvements.
This commit includes minor changes spotted by `lintian-brush`:
- remove obsolete/empty maintainer scripts
- `d/upstream/metadata`: append `.git` to repo URL
- `d/rules`: drop symbols migration (1.4.14 is long gone)
* d/control: drop build dependency on libqrtr-glib
`libqrtr-glib-dev` is now a dependency to `libqmi-glib-dev`, and as such
can be safely omitted from this package's build deps.
We must however increase the required `libqmi` version to ensure we
avoid build failures.
* New upstream version 1.18.8
* d/symbols: update for new release.
-- Arnaud Ferraris <arnaud.ferraris@gmail.com> Fri, 20 May 2022 10:19:43 +0200
modemmanager (1.18.6-2) unstable; urgency=medium
* d/control: build-depend on libqrtr-glib.
This enables support for the QRTR protocol so we can use the integrated
modem found on Qualcomm SoCs.
-- Arnaud Ferraris <arnaud.ferraris@gmail.com> Wed, 23 Feb 2022 13:58:35 +0100
libldap-2.5-0 (built from openldap) updated from 2.5.13+dfsg-0ubuntu0.22.04.1 to 2.5.14+dfsg-0ubuntu0.22.04.2:
openldap (2.5.14+dfsg-0ubuntu0.22.04.2) jammy; urgency=medium
* Build the passwd/sha2 contrib module with -fno-strict-aliasing to
avoid computing an incorrect SHA256 hash with some versions of the
compiler (LP: #2000817):
- d/t/{control,sha2-contrib}: test to verify the SHA256 hash
produced by passwd/sha2
- d/rules: set -fno-strict-aliasing only when building the
passwd/sha2 contrib module
-- Andreas Hasenack <andreas@canonical.com> Sun, 12 Mar 2023 14:11:53 -0300
openldap (2.5.14+dfsg-0ubuntu0.22.04.1) jammy; urgency=medium
* New upstream version (LP: #2007625).
- Several fixes, including memory leaks that affect slapd and
certain slapo modules.
-- Sergio Durigan Junior <sergio.durigan@canonical.com> Fri, 17 Feb 2023 16:12:43 -0500
2023-02-18 network-manager 1.36.6-3
[ Alfonso Sanchez-Beato <alfonso.sanchez-beato@canonical.com> ]
* Add support for OpenVPN
Merge-Proposal: https://code.launchpad.net/~alfonsosanchezbeato/snappy-hwe-snaps/+git/network-manager/+merge/433744
* Add new test to prevent regressions for wireguard VPNs.
Merge-Proposal: https://code.launchpad.net/~alfonsosanchezbeato/snappy-hwe-snaps/+git/network-manager/+merge/434372
* snap-patch/netplan: do not write external or generated connections
See
https://developer-old.gnome.org/NetworkManager/stable/nm-dbus-types.html#NMSettingsConnectionFlags
Merge-Proposal: https://code.launchpad.net/~alfonsosanchezbeato/snappy-hwe-snaps/+git/network-manager/+merge/436824
[ alfonsosanchezbeato <alfonso.sanchez-beato@canonical.com> ]
* Add support for gcloud tests and github workflows
Merge pull request #4 from snapcore/add-gcloud-support
* Workflow fixes
Merge pull request #6 from snapcore/workflow-fixes
* workflows/tests: use snapcore/system-snaps-cicd-tools/action-test
Merge pull request #7 from snapcore/test
* workflows/tests: pass LP credentials to action with env var
Merge pull request #8 from snapcore/use-env-creds
* Use actions from CI/CD tools repo
Merge pull request #10 from snapcore/use-release-action
[ Changes in primed packages ]
libpkcs11-helper1 (1.28-1ubuntu0.22.04.1): new primed package
openvpn (2.5.5-1ubuntu3.1): new primed package
libcurl3-gnutls (built from curl) updated from 7.81.0-1ubuntu1.6 to 7.81.0-1ubuntu1.7:
curl (7.81.0-1ubuntu1.7) jammy-security; urgency=medium
* SECURITY UPDATE: Another HSTS bypass via IDN
- debian/patches/CVE-2022-43551.patch: use the IDN decoded name in HSTS
checks in lib/http.c.
- CVE-2022-43551
* SECURITY UPDATE: HTTP Proxy deny use-after-free
- debian/patches/CVE-2022-43552.patch: do not free the protocol struct
in *_done() in lib/smb.c, lib/telnet.c.
- CVE-2022-43552
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 04 Jan 2023 09:53:07 -0500
libsasl2-2 (built from cyrus-sasl2) updated from 2.1.27+dfsg2-3ubuntu1 to 2.1.27+dfsg2-3ubuntu1.1:
cyrus-sasl2 (2.1.27+dfsg2-3ubuntu1.1) jammy; urgency=medium
* Add SASL channel binding support for GSSAPI and GSS-SPNEGO
(LP: #1912256):
- d/p/0034-channel-binding-gssapi-gss-spnego.patch: add SASL channel
binding support for GSSAPI and GSS-SPNEGO
- d/p/0035-Add-support-for-setting-max-ssf-0-to-GSS-SPNEGO-1.patch:
allow setting maxssf to 0 when using GSS-SPNEGO inside SSL/TLS
- d/p/0035-Add-support-for-setting-max-ssf-0-to-GSS-SPNEGO-2.patch:
be more conformant to RFC4752
* Add some DEP8 tests (LP: #1677781):
- d/t/{control,saslauthd}: saslauthd tests with multiple mechanisms
- d/t/{control,gssapi}: test for SASL GSSAPI using OpenLDAP
- d/t/{control,pluginviewer}: test available mechanisms
- d/t/{control,shared-secret-mechs}: test shared secret mechanisms
-- Lena Voytek <lena.voytek@canonical.com> Wed, 19 Oct 2022 14:06:40 -0700
2022-10-27 network-manager 1.36.6-2
[ Changes in primed packages ]
libcurl3-gnutls (built from curl) updated from 7.81.0-1ubuntu1.3 to 7.81.0-1ubuntu1.6:
curl (7.81.0-1ubuntu1.6) jammy-security; urgency=medium
* SECURITY UPDATE: POST following PUT confusion
- debian/patches/CVE-2022-32221.patch: when POST is set, reset the
'upload' field in lib/setopt.c.
- CVE-2022-32221
* SECURITY UPDATE: HTTP proxy double-free
- debian/patches/CVE-2022-42915.patch: restore the protocol pointer on
error in lib/http_proxy.c, lib/url.c.
- CVE-2022-42915
* SECURITY UPDATE: HSTS bypass via IDN
- debian/patches/CVE-2022-42916.patch: use IDN decoded names for HSTS
checks in lib/url.c.
- CVE-2022-42916
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 18 Oct 2022 12:35:33 -0400
curl (7.81.0-1ubuntu1.4) jammy-security; urgency=medium
* SECURITY UPDATE: when curl sends back cookies with control bytes a
HTTP(S) server may return a 400 response
- debian/patches/CVE-2022-35252.patch: adds invalid_octets function
to lib/cookie.c to reject cookies with control bytes
- CVE-2022-35252
-- Mark Esler <mark.esler@canonical.com> Wed, 31 Aug 2022 14:18:07 -0500
libldap-2.5-0 (built from openldap) updated from 2.5.12+dfsg-0ubuntu0.22.04.1 to 2.5.13+dfsg-0ubuntu0.22.04.1:
openldap (2.5.13+dfsg-0ubuntu0.22.04.1) jammy; urgency=medium
* New upstream version (LP: #1983618).
- Several fixes, including memory leaks that affected libldap.
- Added slapo-emptyds contrib module (ITS#8882).
-- Sergio Durigan Junior <sergio.durigan@canonical.com> Fri, 05 Aug 2022 10:51:52 -0400
2022-07-11 network-manager 1.36.6-1
[ Alfonso Sanchez-Beato <alfonso.sanchez-beato@canonical.com> ]
* Port recipe to snapcraft 7
Merge-Proposal: https://code.launchpad.net/~alfonsosanchezbeato/snappy-hwe-snaps/+git/network-manager/+merge/424723
[ Changes in primed packages ]
libcurl3-gnutls (built from curl) updated from 7.81.0-1ubuntu1.1 to 7.81.0-1ubuntu1.3:
curl (7.81.0-1ubuntu1.3) jammy-security; urgency=medium
* SECURITY UPDATE: Set-cookie denial of service
- debian/patches/CVE-2022-32205.patch: apply limits to cookies
specifications in lib/cookie.c, lib/cookie.h, lib/http.c, lib/urldata.h.
- CVE-2022-32205
* SECURITY UPDATE: HTTP compression denial of service
- debian/patches/CVE-2022-32206.patch: return error on too many
compression steps in lib/content_encoding.c.
- CVE-2022-32206
* SECURITY UPDATE: Unpreserved file permissions
- debian/patches/CVE-2022-32207.patch: add Curl_fopen()
for better overwriting of files in lib/Makefile.inc,
lib/cookie.c, lib/fopen.c, lib/fopen.h.
- CVE-2022-32207
* SECURITY UPDATE: FTP-KRB bad msg verification
- debian/patches/CVE-2022-32208.patch: return error properly
on decode errors in lib/krb5.c.
- CVE-2022-32208
-- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Mon, 20 Jun 2022 15:08:01 -0300
curl (7.81.0-1ubuntu1.2) jammy-security; urgency=medium
* SECURITY UPDATE: percent-encoded path separator in URL host
- debian/patches/CVE-2022-27780.patch: reject percent-decoding host
name into separator bytes in lib/urlapi.c.
- CVE-2022-27780
* SECURITY UPDATE: CERTINFO never-ending busy-loop
- debian/patches/CVE-2022-27781.patch: return error if seemingly stuck
in a cert loop in lib/vtls/nss.c.
- CVE-2022-27781
* SECURITY UPDATE: TLS and SSH connection too eager reuse
- debian/patches/CVE-2022-27782.patch: check more TLS details for
connection reuse in lib/setopt.c, lib/url.c, lib/urldata.h,
lib/vtls/gtls.c, lib/vtls/openssl.c, lib/vtls/nss.c, lib/vtls/vtls.c,
lib/vssh/ssh.h.
- CVE-2022-27782
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 09 May 2022 08:34:24 -0400
dnsmasq-base (built from dnsmasq) updated from 2.86-1.1 to 2.86-1.1ubuntu0.1:
dnsmasq (2.86-1.1ubuntu0.1) jammy-security; urgency=medium
* SECURITY UPDATE: Heap use after free
- debian/patches/CVE-2022-0934.patch: Fix write-after-free error in
DHCPv6 code in src/rfc3315.c.
- CVE-2022-0934
-- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Mon, 02 May 2022 12:09:51 -0300
libnm0, network-manager (built from network-manager) updated from 1.36.4-2ubuntu1 to 1.36.6-0ubuntu2:
network-manager (1.36.6-0ubuntu2) jammy; urgency=medium
* debian/patches/fix_addresses_order.patch:
- platform: workaround for preserving IPv6 address order
(lp: #1977619)
-- Sebastien Bacher <seb128@ubuntu.com> Thu, 09 Jun 2022 11:27:56 +0200
network-manager (1.36.6-0ubuntu1) jammy; urgency=medium
* New stable version (lp: #1974428)
* debian/gbp.conf:
- updated the packaging vcs serie
* d/p/supplicant-add-BIP-interface-capability.patch,
d/p/supplicant-enable-WPA3-transition-mode-only-when-interfac.patch:
- remove, included in the new version
-- Sebastien Bacher <seb128@ubuntu.com> Fri, 20 May 2022 13:08:51 +0200
libldap-2.5-0 (built from openldap) updated from 2.5.11+dfsg-1~exp1ubuntu3 to 2.5.12+dfsg-0ubuntu0.22.04.1:
openldap (2.5.12+dfsg-0ubuntu0.22.04.1) jammy; urgency=medium
* New upstream version (LP: #1977627).
- Fixed slapd syncrepl handling of new sessions (ITS#9584)
- Fixed slapd-sql to properly escape filter value (ITS#9815)
(CVE-2022-29155)
[ Already included in 2.5.11+dfsg-1~exp1ubuntu3.1 ]
- More details about this release can be found at:
https://git.openldap.org/openldap/openldap/-/blob/2bda1fa98fbcedc6cd5995ea905427b8bef89f9d/CHANGES
* d/p/CVE-2022-29155.patch: Dropped patch; included in this new upstream
version.
-- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 13 Jun 2022 13:19:52 -0400
openldap (2.5.11+dfsg-1~exp1ubuntu3.1) jammy-security; urgency=medium
* SECURITY UPDATE: SQL injection in experimental back-sql backend
- debian/patches/CVE-2022-29155.patch: escape filter values in
servers/slapd/back-sql/search.c.
- CVE-2022-29155
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 12 May 2022 09:07:41 -0400
2022-05-02 network-manager 1.36.4-2
[ Alfonso Sanchez-Beato <alfonso.sanchez-beato@canonical.com> ]
* Change grade to stable as core22 is now released
Merge-Proposal: https://code.launchpad.net/~alfonsosanchezbeato/snappy-hwe-snaps/+git/network-manager/+merge/421055
[ Changes in primed packages ]
libcurl3-gnutls (built from curl) updated from 7.81.0-1 to 7.81.0-1ubuntu1.1:
curl (7.81.0-1ubuntu1.1) jammy-security; urgency=medium
* SECURITY UPDATE: OAUTH2 bypass
- debian/patches/CVE-2022-22576.patch: check sasl additional
parameters for conn resuse in lib/strcase.c, lib/strcase.h,
lib/url.c, lib/urldata.h, lib/vtls/vtls.c.
- CVE-2022-22576
* SECURITY UPDATE: Credential leak on redirect
- debian/patches/CVE-2022-27774-1.patch: store conn_remote_port
in the info struct to make it available after the connection ended
in lib/connect.c, lib/urldata.h.
- debian/patches/CVE-2022-27774-2.patch: redirects to other protocols
or ports clear auth in lib/transfer.c.
- debian/patches/CVE-2022-27774-3.patch: adds tests to verify
these fix in tests/data/Makefile.inc, tests/data/test973,
tests/data/test974, tests/data/test975, tests/data/test976.
- CVE-2022-27774
* SECURITY UPDATE: Bad local IPV6 connection reuse
- debian/patches/CVE-2022-27775.patch: include the zone id in the
'bundle' haskey in lib/conncache.c.
- CVE-2022-27775
* SECURITY UPDATE: Auth/cookie leak on redirect
- debian/patches/CVE-2022-27776.patch: avoid auth/cookie on redirects
same host diff port in lib/http.c, lib/urldata.h.
- CVE-2022-27776
-- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Wed, 20 Apr 2022 11:50:18 -0300
2022-04-20 network-manager 1.36.4-1
[ Alfonso Sanchez-Beato <alfonso.sanchez-beato@canonical.com> ]
* Migration to NM 1.36, with core22 base
Merge-Proposal: https://code.launchpad.net/~alfonsosanchezbeato/snappy-hwe-snaps/+git/network-manager/+merge/418927
[ Changes in primed packages ]
libldap-2.5-0 (2.5.11+dfsg-1~exp1ubuntu3): new primed package
libbrotli1 (built from brotli) updated from 1.0.7-6ubuntu0.1 to 1.0.9-2build6:
brotli (1.0.9-2build6) jammy; urgency=medium
* No-change rebuild for ppc64el baseline bump.
-- Łukasz 'sil2100' Zemczak <lukasz.zemczak@ubuntu.com> Wed, 23 Mar 2022 10:44:48 +0100
brotli (1.0.9-2build5) jammy; urgency=medium
* No-change rebuild with Python 3.10 only
-- Graham Inggs <ginggs@ubuntu.com> Thu, 17 Mar 2022 19:20:27 +0000
brotli (1.0.9-2build4) jammy; urgency=medium
* No-change rebuild to add python3.10.
-- Matthias Klose <doko@ubuntu.com> Sat, 16 Oct 2021 06:55:58 +0000
brotli (1.0.9-2build3) impish; urgency=medium
* No-change rebuild to build packages with zstd compression.
-- Matthias Klose <doko@ubuntu.com> Thu, 07 Oct 2021 12:09:44 +0200
brotli (1.0.9-2build2) hirsute; urgency=medium
* No-change rebuild to drop python3.8 extensions.
-- Matthias Klose <doko@ubuntu.com> Mon, 07 Dec 2020 18:39:27 +0100
brotli (1.0.9-2build1) hirsute; urgency=medium
* No-change rebuild to build with python3.9 as supported.
-- Matthias Klose <doko@ubuntu.com> Sat, 24 Oct 2020 10:52:01 +0200
brotli (1.0.9-2) unstable; urgency=medium
* Team Upload
* debian/patches/838.patch:
- upstream pull request to fix pkg-config based detection break
(Closes: #969561)
-- Gianfranco Costamagna <locutusofborg@debian.org> Sat, 05 Sep 2020 00:11:03 +0200
brotli (1.0.9-1) unstable; urgency=medium
* Use debhelper 13
* New upstream version 1.0.9
-- Tomasz Buchert <tomasz@debian.org> Tue, 01 Sep 2020 22:25:32 +0200
brotli (1.0.7-7) unstable; urgency=medium
[ Debian Janitor ]
* Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
Repository-Browse.
* Update standards version to 4.5.0, no changes needed.
[ Christian Klein ]
* Mark libbrotli-dev as "Multi-Arch: same" so it is multiarch-installable
(Closes: #964256)
-- Tomasz Buchert <tomasz@debian.org> Thu, 16 Jul 2020 01:23:57 +0200
libcurl3-gnutls (built from curl) updated from 7.68.0-1ubuntu2.7 to 7.81.0-1:
curl (7.81.0-1) unstable; urgency=medium
* New upstream version 7.81.0
* d/p/13_fix-man-formatting.patch: Refresh patch
-- Samuel Henrique <samueloph@debian.org> Wed, 05 Jan 2022 09:31:32 -0300
curl (7.80.0-3) unstable; urgency=medium
* Revert "Revert "debian/control: Add Build-Depends on libssh-dev for
Ubuntu".
As per #1002598, the blocker has been solved.
Note that this does not changes Debian's curl to libssh, it still
uses libssh2.
Discussions about changing to libssh are ongoing at #897950
-- Samuel Henrique <samueloph@debian.org> Sun, 26 Dec 2021 13:22:18 -0300
curl (7.80.0-2) unstable; urgency=medium
* Revert "debian/control: Add Build-Depends on libssh-dev for Ubuntu"
(closes: #1002597)
The change had side effects on Debian due to the inclusion of the new
Build-dep, even though it doesn't changes the resulting binary. It cause
issues for architecture bootstraping.
We are gonna reintroduce this change once the issues are fixed, to allow
Ubuntu to remove its delta.
See discussions at #1002598 and #1002597 for details
-- Samuel Henrique <samueloph@debian.org> Sat, 25 Dec 2021 10:47:13 -0300
curl (7.80.0-1) unstable; urgency=medium
[ Samuel Henrique ]
* New upstream version 7.80.0
* Bump Standards-Version to 4.6.0
* Add new symbol curl_url_strerror to symbols files
* Compile with zstd support (closes: #983660)
* d/p/12_use-python3-in-tests.patch: Drop patch, merged upstream
* d/p/13_fix-man-formatting.patch: Update patch
* d/p/14_fix-compatibility-impacket-0-9-23.patch: Drop patch, merged upstream
[ Jeremy Bicha ]
* debian/control: Add Build-Depends on libssh-dev for Ubuntu
-- Samuel Henrique <samueloph@debian.org> Fri, 24 Dec 2021 11:42:57 -0300
curl (7.79.1-2) unstable; urgency=medium
* d/rules: Make test failures non-fatal again.
Unfortunately there are some test failures happening on a few
architectures, so we have to make the build pass even if not all tests
are succeeding, at least until we have time to properly investigate
the reason for these failures.
-- Sergio Durigan Junior <sergiodj@debian.org> Mon, 08 Nov 2021 23:54:35 -0500
curl (7.79.1-1) unstable; urgency=medium
[ Samuel Henrique ]
* Add myself as an Uploader
* Add sergiodj as an uploader
* New upstream version 7.79.1 (closes: #989046)
- Changes since 7.74.0:
~ vtls: fix connection reuse checks for issuer cert and case sensitivity
(closes: #991492, CVE-2021-22924)
~ Fix User-Agent header missing in some cases (closes: #994940)
~ Fix TELNET stack contents disclosure (closes: #989228, CVE-2021-22898)
* d/rules: Add --with-{openssl|gnutls|nss} to configure args
* Update all patches.
Remove patches:
- 07_do-not-disable-debug-symbols: Obsolete as per
https://github.com/curl/curl/issues/7216.
- 14_transfer-strip-credentials-from-the-auto-referer-hea:
Originally from upstream, part of the release now.
- 15_vtls-add-isproxy-argument-to-Curl_ssl_get-addsession:
Originally from upstream, part of the release now.
- fix-regression-microseconds-instead-of-seconds:
Originally from upstream, part of the release now.
Update patches:
- 12_use-python3-in-tests: Update and forward upstream.
- 90_gnutls: Update
- 99_nss: Update
- 13_fix-man-formatting: Update
[ Debian Janitor ]
* Use secure URI in Homepage field.
* Set debhelper-compat version in Build-Depends.
* Set upstream metadata fields: Bug-Database,
Bug-Submit (from ./configure), Repository, Repository-Browse.
* Avoid explicitly specifying -Wl,--as-needed linker flag.
[ Helmut Grohne ]
* Also remove -ffile-prefix-map from curl-config (closes: #990128)
* Explicitly disable zstd support (closes: #992505)
[ Sergio Durigan Junior ]
* d/control: Add Rules-Requires-Root: no.
* d/copyright: Add public-domain license text.
* Enable GPG-checking of orig tarball.
- d/upstream/signing-key.asc: Upstream public key.
- d/watch: Add "pgpmode=auto" as an option.
* Bump debhelper-compat to 13.
- d/control: B-D on debhelper-compat = 13.
- d/rules: After the override_dh_auto_install target has been run,
we know that we can safely get rid of the contents inside the
debian/tmp/ directory. This is needed because otherwise dh_missing
will complain about uninstalled files, which will make the build
fail when using debhelper-compat 13.
* d/rules: Some minor cleanup and removal of unneeded comments.
* d/rules: Honour "nocheck" build option.
* Make OpenSSL and GNUTLS builds fail if tests fail
- d/rules: Adjust rule to make OpenSSL and GNUTLS builds fail if their
tests fail. Unfortunately, it's still not possible to make the NSS
build fail if its tests fail; we're still investigating the failures
there with it.
- d/p/14_fix-compatibility-impacket-0-9-23.patch: Needed patch
to make tests pass with impacket 0.9.23+.
-- Samuel Henrique <samueloph@debian.org> Mon, 08 Nov 2021 21:14:47 +0000
curl (7.74.0-1.3) unstable; urgency=medium
* Non-maintainer upload.
* Add upstream patch bc7ecc7 so curl -w times shown as seconds with
fractions (Closes: #989064)
-- Paul Gevers <elbrus@debian.org> Fri, 25 Jun 2021 20:59:54 +0200
curl (7.74.0-1.2) unstable; urgency=medium
* Non-maintainer upload.
* transfer: strip credentials from the auto-referer header field
(CVE-2021-22876) (Closes: #986269)
* vtls: add 'isproxy' argument to Curl_ssl_get/addsessionid()
(CVE-2021-22890) (Closes: #986270)
-- Salvatore Bonaccorso <carnil@debian.org> Sat, 03 Apr 2021 14:43:39 +0200
curl (7.74.0-1.1) unstable; urgency=medium
* Non-maintainer upload.
[ Bruno Kleinert ]
* Fixed "Please build-depend on libidn2-dev instead of obsolete transition
package libidn2-0-dev" (Closes: #974996)
-- Samuel Henrique <samueloph@debian.org> Wed, 10 Feb 2021 00:42:40 +0000
libsasl2-2 (built from cyrus-sasl2) updated from 2.1.27+dfsg-2ubuntu0.1 to 2.1.27+dfsg2-3ubuntu1:
cyrus-sasl2 (2.1.27+dfsg2-3ubuntu1) jammy; urgency=medium
* SECURITY UPDATE: SQL injection in SQL plugin
- debian/patches/CVE-2022-24407.patch: escape password for SQL
insert/update commands in plugins/sql.c.
- CVE-2022-24407
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 22 Feb 2022 14:17:18 -0500
cyrus-sasl2 (2.1.27+dfsg2-3) unstable; urgency=medium
[ Andreas Hasenack ]
* Fix configure.ac for autoconf 2.70 (Closes: #1003355, #1000152)
-- Bastian Germann <bage@debian.org> Tue, 11 Jan 2022 11:25:37 +0100
cyrus-sasl2 (2.1.27+dfsg2-2) unstable; urgency=medium
[ Helmut Grohne ]
* Fix FTCBFS: (Closes: #928512)
+ cross.patch: Support caching SPNEGO support test.
+ Provide SPNEGO support test result.
[ Vagrant Cascadian ]
* Set date in man pages (Closes: #995145)
-- Bastian Germann <bage@debian.org> Wed, 17 Nov 2021 01:23:49 +0100
cyrus-sasl2 (2.1.27+dfsg2-1) unstable; urgency=medium
* Add bage to uploaders (Closes: #799864)
* Use upstream patches where possible
* Amend off-by-one in _sasl_add_string function
* Replace some patches by upstream equivalents
* Apply the patches in order of to their prefixes
* Add missing caret (^) in logcheck rule (Closes: #830764)
* Remove unnecessary GPL copy
* Add missing copyright/licenses
* Repack, getting rid of more problematic files
* Build html documentation
* Make the package rebuildable
* Remove outdated README.Debian info
* Disable autostart via debhelper
* Drop unnecessary patch
* Remove alternative, old build dep libmysqlclient-dev
Annotate documentation Build-Depends with :native
[ Frédéric Brière ]
* Make logcheck snippet compatible with systemd journal
-- Bastian Germann <bage@debian.org> Sun, 14 Nov 2021 14:11:18 +0100
cyrus-sasl2 (2.1.27+dfsg-2.3) unstable; urgency=medium
* Non-maintainer upload.
* d/watch: Check the github releases page
* Get rid of a patch's patch
* Recover upstream-compatible patch license (Closes: #996866)
+ Relicense libobj patch
* Fix lintian: unused-override
* Patch: Prevent double free of RC4 context (Closes: #722611)
* Rename double-prefix patches
[ Debian Janitor ]
* Trim trailing whitespace.
* Use secure copyright file specification URI.
* debian/copyright: use spaces rather than tabs to start continuation lines.
* Re-export upstream signing key without extra signatures.
* Set upstream metadata fields: Bug-Database, Bug-Submit (from ./configure), Repository, Repository-Browse.
* Fix day-of-week for changelog entry 2.1.7-1.
* Avoid explicitly specifying -Wl,--as-needed linker flag.
-- Bastian Germann <bage@debian.org> Fri, 05 Nov 2021 21:58:22 +0100
cyrus-sasl2 (2.1.27+dfsg-2.2) unstable; urgency=medium
* Non-maintainer upload.
[ Vagrant Cascadian ]
* Fix Sphinx errors (Closes: #995123)
-- Michael Banck <michael.banck@credativ.de> Wed, 27 Oct 2021 17:57:34 +0200
cyrus-sasl2 (2.1.27+dfsg-2.1) unstable; urgency=medium
* Non-maintainer upload.
* Fix Sphinx errors (Closes: #955095)
-- Jochen Sprickerhof <jspricke@debian.org> Sun, 07 Feb 2021 10:43:14 +0100
dnsmasq-base (built from dnsmasq) updated from 2.80-1.1ubuntu1.4 to 2.86-1.1:
dnsmasq (2.86-1.1) unstable; urgency=medium
* Non-maintainer upload.
* Fix --address=/#/...... which was lost in 2.86. (closes: #995655)
-- Michael Biebl <biebl@debian.org> Wed, 10 Nov 2021 22:05:45 +0100
dnsmasq (2.86-1) unstable; urgency=low
* Fix debian/changelog format error. (closes: #986626)
-- Simon Kelley <simon@thekelleys.org.uk> Thu, 08 Apr 2021 22:39:00 +0100
dnsmasq (2.85-1) unstable; urgency=low
* New upstream.
* Includes fix to CVE-2021-3448.
* Fix manpage typos. (closes: #986150)
-- Simon Kelley <simon@thekelleys.org.uk> Sat, 03 Apr 2021 22:17:23 +0100
dnsmasq (2.84-1.2) unstable; urgency=medium
* Non-maintainer upload.
* Bump old-version in dpkg-maintscript-helper dir_to_symlink calls to also
clean up after upgrades to an earlier version in testing.
-- Andreas Beckmann <anbe@debian.org> Thu, 01 Apr 2021 16:01:51 +0200
dnsmasq (2.84-1.1) unstable; urgency=medium
* Non-maintainer upload.
* Fix symlink to directory conversion for /usr/share/doc/dnsmasq.
This is achieved by directly calling dpkg-maintscript-helper in the preinst,
postinst, and postrm scripts, since the package does not use debhelper.
(Closes: #985282)
-- Sébastien Villemot <sebastien@debian.org> Sun, 28 Mar 2021 10:55:07 +0200
dnsmasq (2.84-1) unstable; urgency=low
* New upstream.
-- Simon Kelley <simon@thekelleys.org.uk> Sun, 24 Jan 2021 22:02:01 +0000
dnsmasq (2.83-1) unstable; urgency=high
* New upstream.
* Includes fixes to CVE-2020-25681 - CVE-2020-25687 inclusive.
-- Simon Kelley <simon@thekelleys.org.uk> Fri, 15 Jan 2021 22:22:41 +0000
dnsmasq (2.82-1) unstable; urgency=low
* New upstream.
-- Simon Kelley <simon@thekelleys.org.uk> Fri, 26 Jun 2020 22:22:41 +0000
dnsmasq (2.81-4) unstable; urgency=low
* Remove runit support when building for Ubuntu. (closes: #960401)
-- Simon Kelley <simon@thekelleys.org.uk> Fri, 26 Jun 2020 21:52:44 +0000
libjansson4 (built from jansson) updated from 2.12-1build1 to 2.13.1-1.1build3:
jansson (2.13.1-1.1build3) jammy; urgency=high
* No change rebuild for ppc64el baseline bump.
-- Julian Andres Klode <juliank@ubuntu.com> Thu, 24 Mar 2022 13:01:30 +0100
jansson (2.13.1-1.1build2) impish; urgency=medium
* No-change rebuild to build packages with zstd compression.
-- Matthias Klose <doko@ubuntu.com> Thu, 07 Oct 2021 12:13:20 +0200
jansson (2.13.1-1.1build1) hirsute; urgency=medium
* No change rebuild with fixed ownership.
-- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 16 Feb 2021 15:16:23 +0000
jansson (2.13.1-1.1) unstable; urgency=medium
* Non-maintainer upload
[ Sebastien Bacher ]
* debian/patches/git_new_sphinx.patch:
- backport an upstream change to fix the build with sphinx3
(Closes: #963640)
-- Sebastian Ramacher <sramacher@debian.org> Thu, 04 Feb 2021 22:47:01 +0100
jansson (2.13.1-1) unstable; urgency=medium
* New upstream release (Closes: #963842)
* Bump debhelper compat level to 13
* Bump Standards-Version to 4.5.0 (no changes needed)
* Update symbols file
* Fix symbols-file-missing-build-depends-package-field
* Mark libjansson.la as not installed
* Use https:// URL in watch file
-- Alessandro Ghedini <ghedo@debian.org> Sun, 28 Jun 2020 13:46:50 +0100
libndp0 (built from libndp) updated from 1.7-0ubuntu1 to 1.8-0ubuntu3:
libndp (1.8-0ubuntu3) jammy; urgency=high
* No change rebuild for ppc64el baseline bump.
-- Julian Andres Klode <juliank@ubuntu.com> Thu, 24 Mar 2022 13:13:37 +0100
libndp (1.8-0ubuntu2) impish; urgency=medium
* No-change rebuild to build packages with zstd compression.
-- Matthias Klose <doko@ubuntu.com> Thu, 07 Oct 2021 12:16:50 +0200
libndp (1.8-0ubuntu1) impish; urgency=medium
* New upstream version
* Build with autoreconf to generate a configure
* Updated the symbols
-- Sebastien Bacher <seb128@ubuntu.com> Fri, 28 May 2021 15:03:08 +0200
libpcap0.8 (built from libpcap) updated from 1.9.1-3 to 1.10.1-4build1:
libpcap (1.10.1-4build1) jammy; urgency=high
* No change rebuild for ppc64el baseline bump.
-- Julian Andres Klode <juliank@ubuntu.com> Thu, 24 Mar 2022 13:14:25 +0100
libpcap (1.10.1-4) unstable; urgency=medium
* Fix more issues with target dependencies in debian/patches/shared-lib.diff,
exposed by FTBFS on the buildds for powerpc/ppc64.
-- Romain Francoise <rfrancoise@debian.org> Sun, 05 Sep 2021 10:31:40 +0200
libpcap (1.10.1-3) unstable; urgency=medium
* Upgrade to debhelper compat level 13:
+ Remove debian/compat.
+ Add build-dep on debhelper-compat, remove build-deps on
dh-autoreconf, autotools-dev.
+ Remove `--with autoreconf' from dh invocation.
+ Remove `--fail-missing' argument to `dh_install'.
* Fix target dependencies in debian/patches/shared-lib.diff.
* Drop libpcap0.8-dbg; change dh_strip stanza accordingly.
* Lintian cleanups:
+ Use secure URLs wherever possible.
+ Remove extraneous signatures from upstream signing key.
+ Set `Rules-Requires-Root' (to "no").
+ Override `debug-symbol-migration-possibly-complete' (will be removed
after the bookworm release).
-- Romain Francoise <rfrancoise@debian.org> Sat, 28 Aug 2021 11:03:53 +0200
libpcap (1.10.1-2) unstable; urgency=medium
* Upload to unstable.
-- Romain Francoise <rfrancoise@debian.org> Mon, 16 Aug 2021 10:17:31 +0200
libpcap (1.10.1-1) experimental; urgency=medium
* New upstream release.
* Drop debian/patches/usb-bus-path.diff; upstream has dropped support
for old-style text-mode USB captures.
-- Romain Francoise <rfrancoise@debian.org> Thu, 24 Jun 2021 20:11:49 +0200
libpcap (1.10.0-2) unstable; urgency=medium
* Update Hurd support to use the new internal API, fixing FTBFS.
* Add missing dependency on libdbus-1-dev to libpcap0.8-dev, patch by
Luca Boccassi (closes: #979229).
* Bump Standards-Version to 4.5.1.
-- Romain Francoise <rfrancoise@debian.org> Mon, 04 Jan 2021 20:39:53 +0100
libpcap (1.10.0-1) unstable; urgency=medium
* New upstream release (closes: #970437).
* Export new symbol `pcap_init'.
* Drop unused lintian override.
-- Romain Francoise <rfrancoise@debian.org> Sun, 03 Jan 2021 19:57:52 +0100
libpcap (1.9.1-4) unstable; urgency=medium
* debian/control: Add build-dep on libdbus-1-dev (closes: #958639).
* Bump Standards-Version to 4.5.0.
-- Romain Francoise <rfrancoise@debian.org> Sat, 25 Apr 2020 18:45:40 +0200
libpsl5 (built from libpsl) updated from 0.21.0-1ubuntu1 to 0.21.0-1.2build2:
libpsl (0.21.0-1.2build2) jammy; urgency=high
* No change rebuild for ppc64el baseline bump.
-- Julian Andres Klode <juliank@ubuntu.com> Thu, 24 Mar 2022 13:14:50 +0100
libpsl (0.21.0-1.2build1) impish; urgency=medium
* No-change rebuild to build packages with zstd compression.
-- Matthias Klose <doko@ubuntu.com> Thu, 07 Oct 2021 12:17:43 +0200
libpsl (0.21.0-1.2) unstable; urgency=medium
* Non-maintainer upload.
[ Simon Josefsson ]
* B-D on libidn2-dev instead of obsolete libidn2-0-dev. (Closes: #974994)
[ Sebastian Ramacher ]
* debian/patches: Update Platform.sh example in test data (Closes: #966941)
-- Sebastian Ramacher <sramacher@debian.org> Thu, 04 Feb 2021 22:56:22 +0100
libpsl (0.21.0-1.1) unstable; urgency=low
* Non-maintainer upload.
* Build the binaries also during indep build, required for
installation of psl-make-dafsa.1. (Closes: #953287)
* Remove essential diffutils from the test dependencies.
(Closes: #955439)
-- Adrian Bunk <bunk@debian.org> Sat, 16 May 2020 17:24:03 +0300
libteamdctl0 (built from libteam) updated from 1.30-1 to 1.31-1build2:
libteam (1.31-1build2) jammy; urgency=high
* No change rebuild for ppc64el baseline bump.
-- Julian Andres Klode <juliank@ubuntu.com> Thu, 24 Mar 2022 17:13:48 +0100
libteam (1.31-1build1) impish; urgency=medium
* No-change rebuild to build packages with zstd compression.
-- Matthias Klose <doko@ubuntu.com> Thu, 07 Oct 2021 12:18:31 +0200
libteam (1.31-1) unstable; urgency=medium
* New upstream release
* Standards-Version: 4.5.0
* DH to version 12
-- Dmitry Smirnov <onlyjob@debian.org> Wed, 07 Oct 2020 02:58:37 +1100
libmm-glib0 (built from modemmanager) updated from 1.16.6-2~20.04.1 to 1.18.6-1:
modemmanager (1.18.6-1) unstable; urgency=medium
[ Bjørn Bürger ]
* Add README.Debian.
* Added upgrade notice regarding changed fcc-unlock.d defaults:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004447
[ Guido Günther ]
* Mention FCC unlock in NEWS.Debian
[ Arnaud Ferraris ]
* New upstream version 1.18.6
* d/libmm-glib0: update symbols file for new version.
-- Arnaud Ferraris <arnaud.ferraris@gmail.com> Wed, 16 Feb 2022 17:00:52 +0100
modemmanager (1.18.4-1) unstable; urgency=medium
[ Cyril Brulebois ]
* Fix missing dependency on policykit-1 (Closes: #991223).
Without it, a lot of operations would result in the following error at
the D-Bus level:
The name org.freedesktop.PolicyKit1 was not provided by any .service files
In bullseye, ModemManager.service wouldn't even start, because of the
missing polkit.service dependency at the systemd level.
[ Arnaud Ferraris ]
* New upstream version 1.18.4
* d/copyright: fix wrong path for libqcdm
`libqcdm` was previously `libwmc`, but the corresponding copyright entry
wasn't updated when the folder was renamed.
* d/control: update packages descriptions.
As it was pointed out, ModemManager now supports 5G modems, make sure
the packages descriptions reflect that.
* debian: address lintian issues.
This commit addresses multiple issues reported by lintian:
- doc installed into `/usr/share/gtk-doc` instead of `/usr/share/doc`,
which is normal behavior for glib-based software
- missing `Build-Depends-Package` in `libmm-glib0` symbols file
- ModemManager plugins not including dependency information
- system-wide `fcc-unlock.d` folder installed even though we don't ship
any distro-specific configuration which would be included there
* d/modemmanager.prerm: don't call systemctl directly.
Debian provides a helper tool for avoiding direct calls to systemctl in
maintainer scripts, so let's use it.
* d/control: sort build dependencies.
Also avoid installing unnecessary dependencies when using the `nodoc`
build profile.
-- Arnaud Ferraris <arnaud.ferraris@gmail.com> Tue, 14 Dec 2021 10:09:29 +0100
modemmanager (1.18.2-1) unstable; urgency=medium
[ Henry-Nicolas Tourneur ]
* d/rules: set with-polkit to permissive (Closes: #800598)
[ Arnaud Ferraris ]
* New upstream version 1.18.2 (Closes: #1000450)
* d/control: change maintainer to DebianOnMobile team (Closes: #949129)
* d/control: bump debhelper-compat version and Standards-Version.
* d/copyright: add Upstream-Contact and update maintainer email
* d/gbp.conf: fix debian branch name
* debian: add salsa CI pipeline
* d/source: add upstream metadata
* d/control: update build dependencies.
* d/watch: bump watch file version, no change required
* d/libmm-glib0: update symbols file for new version
* d/rules: add hardening build options
-- Arnaud Ferraris <arnaud.ferraris@collabora.com> Mon, 06 Dec 2021 17:46:45 +0100
modemmanager (1.16.6-2) experimental; urgency=medium
* debian/control: include python build-depends for tests
-- Sebastien Bacher <seb128@debian.org> Fri, 25 Jun 2021 15:32:16 +0200
libnm0, network-manager (built from network-manager) updated from 1.22.10-1ubuntu2.3 to 1.36.4-2ubuntu1:
network-manager (1.36.4-2ubuntu1) jammy; urgency=medium
* Cherry pick WPA3 fixes from Debian, thanks Michael Biebl! (lp: #1967782)
-- Sebastien Bacher <seb128@ubuntu.com> Tue, 05 Apr 2022 15:28:36 +0200
network-manager (1.36.4-2) unstable; urgency=medium
* supplicant: enable WPA3 transition mode only when interface supports PMF.
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003907
-- Michael Biebl <biebl@debian.org> Mon, 04 Apr 2022 11:39:20 +0200
network-manager (1.36.4-1ubuntu1) jammy; urgency=medium
* Resynchronize on Debian, remaining changes:
- debian/control:
+ Depend on isc-dhcp-client
+ Recommend network-manager-pptp
+ Suggest avahi-autoipd for IPv4LL support
- debian/rules:
+ Run build tests
+ Set --enable-lto.
+ Don't build the network-manager* packages on i386
(unneeded and depends on wpasupplicant)
- debian/rules, debian/network-manager.postinst:
+ Don't restart NetworkManager on upgrade but recommend restarting
the computer
- debian/rules, debian/network-manager.postinst:
+ Don't install sysvinit scripts or migrate from sysvinit
- d/network-manager.install, d/rules, d/10-dns-resolved.conf:
+ Use systemd-resolved instead of dnsmasq
- d/network-manager.install, d/10-globally-managed-devices.conf:
+ Explicitly unmanage everything that isn't WiFi or WWAN (mobile data)
- debian/network-manager.postinst:
+ Don't add the netdev group.
+ drop in an empty override file for NetworkManager to manage all
devices for upgrade from any version, as long as there is no
netplan configuration yet.
- d/network-manager.install, d/default-wifi-powersave-on.conf:
+ Install a config file to enable WiFi powersave
- Add autopkgtests
- debian/source_network-manager.py, debian/network-manager.install,
debian/network-manager.links: Add apport hook
- Add network-manager-config-connectivity-ubuntu package
- d/NetworkManager.conf: disable MAC randomization feature. There is no
easy way for desktop users to disable this feature yet. And there are
reports that it doesn't work well with some systems.
See gnome-control-center issue 743
- Update Vcs links to point to Ubuntu branch
- Add patches. See patch descriptions for more details:
+ Provide-access-to-some-of-NM-s-interfaces-to-whoopsie.patch
+ Update-dnsmasq-parameters.patch
+ Disable-general-with-expect.patch
+ libnm-Check-self-still-NMManager-or-not.patch
+ dns-manager-don-t-merge-split-DNS-search-domains.patch (but disabled)
+ Read-system-connections-from-run.patch
* Try reverting ubuntu_revert_systemd.patch again
-- Jeremy Bicha <jbicha@ubuntu.com> Thu, 24 Mar 2022 14:06:31 -0400
network-manager (1.36.4-1) unstable; urgency=medium
* New upstream version 1.36.4
-- Michael Biebl <biebl@debian.org> Wed, 23 Mar 2022 20:39:16 +0100
network-manager (1.36.2-1ubuntu1) jammy; urgency=medium
* Resynchronize on Debian, remaining changes:
- debian/control:
+ Depend on isc-dhcp-client
+ Recommend network-manager-pptp
+ Suggest avahi-autoipd for IPv4LL support
- debian/rules:
+ Run build tests
+ Set --enable-lto.
+ Don't build the network-manager* packages on i386
(unneeded and depends on wpasupplicant)
- debian/rules, debian/network-manager.postinst:
+ Don't restart NetworkManager on upgrade but recommend restarting
the computer
- debian/rules, debian/network-manager.postinst:
+ Don't install sysvinit scripts or migrate from sysvinit
- d/network-manager.install, d/rules, d/10-dns-resolved.conf:
+ Use systemd-resolved instead of dnsmasq
- d/network-manager.install, d/10-globally-managed-devices.conf:
+ Explicitly unmanage everything that isn't WiFi or WWAN (mobile data)
- debian/network-manager.postinst:
+ Don't add the netdev group.
+ drop in an empty override file for NetworkManager to manage all
devices for upgrade from any version, as long as there is no
netplan configuration yet.
- d/network-manager.install, d/default-wifi-powersave-on.conf:
+ Install a config file to enable WiFi powersave
- Add autopkgtests
- debian/source_network-manager.py, debian/network-manager.install,
debian/network-manager.links: Add apport hook
- Add network-manager-config-connectivity-ubuntu package
- d/NetworkManager.conf: disable MAC randomization feature. There is no
easy way for desktop users to disable this feature yet. And there are
reports that it doesn't work well with some systems.
See gnome-control-center issue 743
- Update Vcs links to point to Ubuntu branch
- Add patches. See patch descriptions for more details:
+ Provide-access-to-some-of-NM-s-interfaces-to-whoopsie.patch
+ Update-dnsmasq-parameters.patch
+ Disable-general-with-expect.patch
+ libnm-Check-self-still-NMManager-or-not.patch
+ dns-manager-don-t-merge-split-DNS-search-domains.patch (but disabled)
+ Read-system-connections-from-run.patch
-- Jeremy Bicha <jeremy.bicha@canonical.com> Tue, 08 Mar 2022 14:37:15 -0500
network-manager (1.36.2-1) unstable; urgency=medium
* New upstream version 1.36.2
* Rebase patches
* Downgrade log message to info if we fail to open /run/network/ifstate
-- Michael Biebl <biebl@debian.org> Tue, 08 Mar 2022 09:50:49 +0100
network-manager (1.36.0-2) unstable; urgency=medium
* core: initialize l3cd dns-priority for ppp and wwan (Closes: #1006396)
-- Michael Biebl <biebl@debian.org> Sat, 26 Feb 2022 10:57:32 +0100
network-manager (1.36.0-1ubuntu1) jammy; urgency=medium
* Resynchronize on Debian, remaining changes:
- debian/control:
+ Depend on isc-dhcp-client
+ Recommend network-manager-pptp
+ Suggest avahi-autoipd for IPv4LL support
- debian/rules:
+ Run build tests
+ Set --enable-lto.
+ Don't build the network-manager* packages on i386
(unneeded and depends on wpasupplicant)
- debian/rules, debian/network-manager.postinst:
+ Don't restart NetworkManager on upgrade but recommend restarting
the computer
- debian/rules, debian/network-manager.postinst:
+ Don't install sysvinit scripts or migrate from sysvinit
- d/network-manager.install, d/rules, d/10-dns-resolved.conf:
+ Use systemd-resolved instead of dnsmasq
- d/network-manager.install, d/10-globally-managed-devices.conf:
+ Explicitly unmanage everything that isn't WiFi or WWAN (mobile data)
- debian/network-manager.postinst:
+ Don't add the netdev group.
+ drop in an empty override file for NetworkManager to manage all
devices for upgrade from any version, as long as there is no
netplan configuration yet.
- d/network-manager.install, d/default-wifi-powersave-on.conf:
+ Install a config file to enable WiFi powersave
- Add autopkgtests
- debian/source_network-manager.py, debian/network-manager.install,
debian/network-manager.links: Add apport hook
- Add network-manager-config-connectivity-ubuntu package
- d/NetworkManager.conf: disable MAC randomization feature. There is no
easy way for desktop users to disable this feature yet. And there are
reports that it doesn't work well with some systems.
See gnome-control-center issue 743
- Update Vcs links to point to Ubuntu branch
- Add patches. See patch descriptions for more details:
+ Provide-access-to-some-of-NM-s-interfaces-to-whoopsie.patch
+ Update-dnsmasq-parameters.patch
+ Disable-general-with-expect.patch
+ libnm-Check-self-still-NMManager-or-not.patch
+ dns-manager-don-t-merge-split-DNS-search-domains.patch (but disabled)
+ Read-system-connections-from-run.patch
-- Jeremy Bicha <jeremy.bicha@canonical.com> Thu, 24 Feb 2022 15:06:34 -0500
network-manager (1.36.0-1) unstable; urgency=medium
* New upstream version 1.36.0
* Bump symbol versions for pre-release versions
* Drop old network-manager.NEWS file
-- Michael Biebl <biebl@debian.org> Thu, 24 Feb 2022 19:59:26 +0100
libnewt0.52 (built from newt) updated from 0.52.21-4ubuntu2 to 0.52.21-5ubuntu2:
newt (0.52.21-5ubuntu2) jammy; urgency=medium
* No-change rebuild with Python 3.10 only
-- Graham Inggs <ginggs@ubuntu.com> Thu, 17 Mar 2022 19:30:58 +0000
newt (0.52.21-5ubuntu1) jammy; urgency=low
* Merge from Debian unstable (LP: #1958502). Remaining changes:
- Install/remove alternatives for the ubuntu palette.
- Don't install python-newt example files.
- Add correct build-dependencies on python3-all-dbg and
libpython3-all-dbg, needed due to debian/patches/snack.patch.
- Revert Debian's dropping of /etc/newt/palette.original, used as an
alternative in Ubuntu.
- Remove libnewt0.52.preinst altogether, which contains destructive
operations with none of the appropriate version guards.
- Drop call to update-alternatives --auto in our postinst, which would
clobber the user's settings.
-- Alexandre Ghiti <alexandre.ghiti@canonical.com> Wed, 19 Jan 2022 14:31:39 +0100
newt (0.52.21-5) unstable; urgency=medium
* Standards-Version: 4.6.0
* Use debhelper-compat 13
* Use dh-sequence-python3 instead of --with python3, dh-python
* Point Vcs-Git to debian/latest branch for DEP-14
* Add d/gbp.conf to point to DEP-14 branches
* Drop custom 'xz' compression d/source/options
* Change stage1 build profile to nopython. Closes: #949721
* B-D on python3-all-dbg
* python.patch: Drop refs to obsolete pyversions
-- Alastair McKinstry <mckinstry@debian.org> Tue, 07 Sep 2021 10:59:05 +0100
newt (0.52.21-4ubuntu8) jammy; urgency=medium
* No-change rebuild to add python3.10.
-- Matthias Klose <doko@ubuntu.com> Sat, 16 Oct 2021 06:57:10 +0000
newt (0.52.21-4ubuntu7) impish; urgency=medium
* No-change rebuild to build packages with zstd compression.
-- Matthias Klose <doko@ubuntu.com> Thu, 07 Oct 2021 12:21:30 +0200
newt (0.52.21-4ubuntu6) hirsute; urgency=medium
* No-change rebuild to drop the udeb package.
-- Matthias Klose <doko@ubuntu.com> Fri, 26 Feb 2021 08:11:32 +0100
newt (0.52.21-4ubuntu5) hirsute; urgency=medium
* No-change rebuild to drop the udeb package.
-- Matthias Klose <doko@ubuntu.com> Mon, 22 Feb 2021 10:35:39 +0100
newt (0.52.21-4ubuntu4) hirsute; urgency=medium
* No-change rebuild to drop python3.8 extensions.
-- Matthias Klose <doko@ubuntu.com> Mon, 07 Dec 2020 18:41:02 +0100
newt (0.52.21-4ubuntu3) hirsute; urgency=medium
* No-change rebuild to build with python3.9 as supported.
-- Matthias Klose <doko@ubuntu.com> Sat, 24 Oct 2020 10:53:13 +0200
libnghttp2-14 (built from nghttp2) updated from 1.40.0-1build1 to 1.43.0-1build3:
nghttp2 (1.43.0-1build3) jammy; urgency=high
* No change rebuild for ppc64el baseline bump.
-- Julian Andres Klode <juliank@ubuntu.com> Thu, 24 Mar 2022 17:21:15 +0100
nghttp2 (1.43.0-1build2) jammy; urgency=medium
* No-change rebuild against openssl3
-- Simon Chopin <simon.chopin@canonical.com> Wed, 01 Dec 2021 16:07:54 +0000
nghttp2 (1.43.0-1build1) impish; urgency=medium
* No-change rebuild to build packages with zstd compression.
-- Matthias Klose <doko@ubuntu.com> Thu, 07 Oct 2021 12:21:34 +0200
nghttp2 (1.43.0-1) unstable; urgency=medium
* New upstream release 1.43.0
-- Tomasz Buchert <tomasz@debian.org> Sat, 13 Feb 2021 18:47:24 +0100
nghttp2 (1.42.0-1) unstable; urgency=medium
* New upstream release 1.42.0
* Refresh patches
-- Tomasz Buchert <tomasz@debian.org> Sat, 28 Nov 2020 16:41:28 +0100
nghttp2 (1.41.0-3) unstable; urgency=medium
[ Jérémy Lal ]
* not-installed with wildcard arch
[ Tomasz Buchert ]
* workaround for #963648
-- Tomasz Buchert <tomasz@debian.org> Sun, 16 Aug 2020 13:01:37 +0200
nghttp2 (1.41.0-2) unstable; urgency=medium
* Fix FTBFS of arch-indep packages (Closes: #962137)
* Fix FTBFS on non-x86 archs (Closes: #962136)
* Use debhelper 13
-- Tomasz Buchert <tomasz@debian.org> Thu, 04 Jun 2020 08:13:51 +0200
nghttp2 (1.41.0-1) unstable; urgency=medium
[ Tomasz Buchert ]
* New upstream release 1.41.0
[ Janusz Dziemidowicz ]
* Perform graceful upgrade of nghttpx
* fix systemd restart on debhelper >= 12
[ Debian Janitor ]
* debian/copyright: use spaces rather than tabs to start continuation
lines.
* Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
Repository-Browse.
* Update standards version to 4.5.0, no changes needed.
-- Tomasz Buchert <tomasz@debian.org> Wed, 03 Jun 2020 17:03:54 +0200
ppp (built from ppp) updated from 2.4.7-2+4.1ubuntu5.1 to 2.4.9-1+1ubuntu3:
ppp (2.4.9-1+1ubuntu3) jammy; urgency=medium
* d/p/eap-mschap-v2-namelen.patch: fix the length of the username when
responding to an EAP MSCHAPv2 challenge (LP: #1958196).
* d/p/expose-mppe-keys-via-api.patch: allow plugins to access MPPE keys to
enable external SSTP support.
* Thanks to Eivind Næss.
-- Robie Basak <robie.basak@ubuntu.com> Thu, 24 Feb 2022 17:14:02 +0000
ppp (2.4.9-1+1ubuntu2) jammy; urgency=medium
* No-change rebuild against openssl3
-- Simon Chopin <simon.chopin@canonical.com> Wed, 01 Dec 2021 16:11:26 +0000
ppp (2.4.9-1+1ubuntu1) impish; urgency=low
[ Simon Chopin ]
* Merge from Debian unstable (LP: #1912168). Remaining changes:
- debian/extra/ip-up.d/0000usepeerdns: Added NetworkManager check, which
lets the script exit when NetworkManager is in use
* Dropped changes as obsolete
- debian/patches/CVE-2020-8597.patch: fix bounds check in EAP code in
pppd/eap.c.
[ Iain Lane ]
* Also drop this change:
- Stop producing udebs on i386 where we no longer have d-i or a kernel.
+ Since hirsute these aren't built anyway, so we no longer need to
exclude them on specific arches.
-- Simon Chopin <simon.chopin@canonical.com> Mon, 16 Aug 2021 19:00:43 +0200
ppp (2.4.9-1+1) unstable; urgency=medium
[ Samuel Thibault ]
* Use merge request URLs.
* Add comments from upstream for Nacked patches.
[ Chris Boot ]
* New upstream release.
- Adds defaultroute6 option. (Closes: #477245)
- Adds defaultroute-metric option. (Closes: #578726)
- Accepts Windows Server 2019 malformed messages. (Closes: #968040)
- Fixes pppoe-discovery -U. (Closes: #961462)
* Remove patches merged upstream (lots!) and refresh the rest.
* d/ppp.symbols: update for the new version.
* d/rules: adjust for renamed pppoe plugin.
* d/ppp.lintian-overrides: update paths to plugins.
* d/ppp.postinst: remove left-in debugging aid (set -x). (Closes: #978732)
* Update d/watch to point at ftp.samba.org and add the signing key.
* Freshen up the ip{,v6}-{up,down} scripts. (Closes: #710946)
[ Michael Biebl ]
* Stop using deprecated systemd-resolve tool. (Closes: #979255)
[ наб ]
* Add /etc/ppp/ip-pre-up and corresponding /etc/ppp/ip-pre-up.d.
(Closes: #978396)
-- Chris Boot <bootc@debian.org> Thu, 07 Jan 2021 00:10:29 +0000
ppp (2.4.8-1+2) unstable; urgency=medium
* Clean up correctly after pppd-dns init script and systemd unit removal.
(Closes: #978427)
* Don't touch resolv.conf when systemd-resolved is running.
(Closes: #968589)
[ Samuel Thibault ]
* Mark forwarded patches.
-- Chris Boot <bootc@debian.org> Wed, 30 Dec 2020 13:49:46 +0000
ppp (2.4.8-1+1) unstable; urgency=medium
[ Debian Janitor ]
* Use secure URI in Homepage field.
* Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
Repository-Browse.
* Update renamed lintian tag names in lintian overrides.
[ Chris Boot ]
* d/control:
- Switch to debhelper compat level 13.
- Update Standards-Version to 4.5.1 (no changes requird).
* Clean up or ignore a handful of lintian complaints:
- Ignore possible-bashism-in-maintainer-script in ppp-udeb ($HOSTNAME is
set in the script).
- Do not use full path to pppoe-discovery.
- Remove 'echo' bashism (backslash substitution).
- Remove superfluous #DEBHELPER# tag.
- Install lintian overrides for ppp-udeb.
* d/rules: move generated changelog-from-README under debian/.
* Add debian/.gitignore file covering most files generated during build.
* Upload to unstable.
-- Chris Boot <bootc@debian.org> Fri, 25 Dec 2020 19:26:26 +0000
ppp (2.4.8-1+1~exp1) experimental; urgency=medium
* New upstream release.
* d/patches:
- Remove patches applied upstream.
- Refresh other patches to remove fuzz.
- Some patches required significant reworking:
- cifdefroute.dif (for replacedefaultroute)
- makefiles_cleanup
* d/ppp.symbols:
- adjust symbols for new release.
- add Build-Depends-Package metadata field.
* Switch to debhelper compat level 12.
- Remove d/compat.
- Replace Build-Depends on debhelper with debhelper-compat (= 12).
* Remove d/upstream/signing-key.asc. Upstream no loner supplied signed
tarballs.
* Fix various lintian complaints:
- d/rules: don't trigger ldconfig unnecessarily.
- d/rules: remove obsolete get-orig-source target.
- d/ppp.lintian-overrides: update version in plugins path.
- d/ppp.lintian-overrides: add new override for minconn.so.
* Remove pppd-dns init script and systemd unit, which have been broken since
ppp 2.4.5-1.
* Update pppoe-discovery(8) man page.
* Enable systemd notify integration.
* d/rules: don't set LDOPTS now that the makefiles use LDFLAGS correctly.
* Add patch to handle IPv6 RADIUS attributes. (Closes: #874620)
* d/ppp-udeb.postinst:
- Source /etc/network/interfaces.d snippets in /etc/network/interfaces file
generated by debian-installer udeb. (Closes: #889314)
- Prevent NetworkManager from managing the interface being used for PPPoE.
(Closes: #889323)
- Thanks to Алексей Шилин for the patches.
* Update Standards-Version to 4.5.0 (no changes requird).
* Add debian/salsa-ci.yml for GitLab CI, but disable reprotest which
currently fails when files need chowning (salsa-ci-team/pipeline#26).
* Import patches since upstream 2.4.8 release:
- radius: Prevent buffer overflow in rc_mksid (replaces
rc_mksid-no-buffer-overflow fixing #782450)
- pppd: Fix bounds check in EAP code (Closes: #950618; CVE-2020-8597)
- pppd: Ignore received EAP messages when not doing EAP
- Refresh eaptls-mppe.patch to remove fuzz.
* Add d/patches/multiarch-libc.patch: Use a compile test to detect crypt.h.
(Closes: #911359)
-- Chris Boot <bootc@debian.org> Sat, 15 Feb 2020 16:42:26 +0000
ppp (2.4.7-2+4.1ubuntu8) hirsute; urgency=medium
* No-change rebuild to drop the udeb package.
-- Matthias Klose <doko@ubuntu.com> Thu, 25 Feb 2021 06:59:12 +0100
ppp (2.4.7-2+4.1ubuntu7) hirsute; urgency=medium
* No-change rebuild to drop the udeb package.
-- Matthias Klose <doko@ubuntu.com> Mon, 22 Feb 2021 10:36:02 +0100
librtmp1 (built from rtmpdump) updated from 2.4+20151223.gitfa8646d.1-2build1 to 2.4+20151223.gitfa8646d.1-2build4:
rtmpdump (2.4+20151223.gitfa8646d.1-2build4) jammy; urgency=high
* No change rebuild for ppc64el baseline bump.
-- Julian Andres Klode <juliank@ubuntu.com> Fri, 25 Mar 2022 10:57:36 +0100
rtmpdump (2.4+20151223.gitfa8646d.1-2build3) impish; urgency=medium
* No-change rebuild to build packages with zstd compression.
-- Matthias Klose <doko@ubuntu.com> Thu, 07 Oct 2021 12:24:03 +0200
rtmpdump (2.4+20151223.gitfa8646d.1-2build2) groovy; urgency=medium
* No change rebuild against new libnettle8 and libhogweed6 ABI.
-- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 29 Jun 2020 22:37:18 +0100
libslang2 (built from slang2) updated from 2.3.2-4 to 2.3.2-5build4:
slang2 (2.3.2-5build4) jammy; urgency=high
* No change rebuild for ppc64el baseline bump.
-- Julian Andres Klode <juliank@ubuntu.com> Fri, 25 Mar 2022 10:51:06 +0100
slang2 (2.3.2-5build3) impish; urgency=medium
* No-change rebuild to build packages with zstd compression.
-- Matthias Klose <doko@ubuntu.com> Thu, 07 Oct 2021 12:24:29 +0200
slang2 (2.3.2-5build2) hirsute; urgency=medium
* No-change rebuild to drop the udeb package.
-- Matthias Klose <doko@ubuntu.com> Thu, 25 Feb 2021 06:59:08 +0100
slang2 (2.3.2-5build1) hirsute; urgency=medium
* No-change rebuild to drop the udeb package.
-- Matthias Klose <doko@ubuntu.com> Mon, 22 Feb 2021 10:36:15 +0100
slang2 (2.3.2-5) unstable; urgency=medium
* Use debhelper-compat (=12)
* Standards-Version: 4.5.0
* Move lib from /lib/$(MA) to /usr/lib/$(MA). Closes: #923825
* Drop hard-coded 'xz' compression
-- Alastair McKinstry <mckinstry@debian.org> Tue, 26 May 2020 09:33:46 +0100
iputils-arping: not primed anymore
libasn1-8-heimdal: not primed anymore
libdbus-glib-1-2: not primed anymore
libgssapi3-heimdal: not primed anymore
libhcrypto4-heimdal: not primed anymore
libheimbase1-heimdal: not primed anymore
libheimntlm0-heimdal: not primed anymore
libhx509-5-heimdal: not primed anymore
libkrb5-26-heimdal: not primed anymore
libldap-2.4-2: not primed anymore
libroken18-heimdal: not primed anymore
libssh-4: not primed anymore
libwind0-heimdal: not primed anymore
resolvconf: not primed anymore
2022-03-04 network-manager 1.22.10-11
[ Lukas Märdian <lukas.maerdian@canonical.com> ]
* Update netplan integration for v0.104 compatibility
netplan_clear_netdefs() is being called to early, therefore netdef_id is
undefined/garbage and can not be used to calculate a path.
This did work in netplan <= 0.103 as there was a memory leak and netdef_id
was not actually cleared, starting with 0.104 the memory leak is fixed and
we need to adopt the NetworkManager integration accordingly.
This change is compatible with old and new versions of libnetplan.
Merge-Proposal: https://code.launchpad.net/~slyon/snappy-hwe-snaps/+git/network-manager/+merge/415663
* Update netplan integration patch
If existing connections are being modified via 'nmcli' netplan does not know
about the existing netdef_id, as the path to the keyfile is not in the format
'run/NetworkManager/system-connections/netplan-*.nmconnection'
If there is an previous existing netplan connection, make sure to pass the new
keyfile, but at the location/path of the old connection profile, so that
netplan is able to derive the original netdef_id.
Also, make the full:immutable-netplan-config a bit more robust, by avoiding the volatile connection profile generated by NM. And avoid deleting non-netplan (e.g. volatile) connections via libnetplan.
Merge-Proposal: https://code.launchpad.net/~slyon/snappy-hwe-snaps/+git/network-manager/+merge/415913
[ Changes in primed packages ]
libsasl2-2 (built from cyrus-sasl2) updated from 2.1.27+dfsg-2 to 2.1.27+dfsg-2ubuntu0.1:
cyrus-sasl2 (2.1.27+dfsg-2ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: SQL injection in SQL plugin
- debian/patches/CVE-2022-24407.patch: escape password for SQL
insert/update commands in plugins/sql.c.
- CVE-2022-24407
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 15 Feb 2022 15:03:43 -0500
2022-02-03 network-manager 1.22.10-10
[ Alfonso Sanchez-Beato <alfonso.sanchez-beato@canonical.com> ]
* Add remove hook
Remove the netplan configuration that might have been created by the
snap on removal.
Merge-Proposal: https://code.launchpad.net/~alfonsosanchezbeato/snappy-hwe-snaps/+git/network-manager/+merge/414094
[ Lukas Märdian <lukas.maerdian@canonical.com> ]
* Drop vendorized netplan
All required changes landed:
- https://github.com/snapcore/snapd/pull/10212
- https://github.com/canonical/netplan/pull/208
- https://bugs.launchpad.net/snappy/+bug/1926442
Refresh 0002-nm-netplan-keyfile.patch
netplan 0.103 compat changes are now integrated with the original patch, as
that version landed in UC20, changes to NM's unit-tests are not needed anymore.
Also, avoid calling into the netplan_generate() libnetplan API, this would just
execute the 'netplan generate' CLI, which would then call the
io.netplan.Netplan.Generate() DBus API in snap environments.
We can avoid this additional redirection and be independent from deprecation
or changes that are incompatible with the snap environment in the
netplan_generate() API, by calling the 'netplan generate' CLI directly.
Ideally, in the future we would avoid this redirection as well and call into
the io.netplan.Netplan.Generate() DBus method directly. But we need to pass a
--root-dir argument during the execution of NM's unit-tests, that is currently
not supported by the DBus method, so let's stick with the CLI for now.
This depends on the snapd snap to be >= 2.53.2+git864.g5823952 (currently in snapd/edge).
Merge-Proposal: https://code.launchpad.net/~slyon/snappy-hwe-snaps/+git/network-manager/+merge/412634
[ Changes in primed packages ]
libmm-glib0 (built from modemmanager) updated from 1.16.6-2~20.04 to 1.16.6-2~20.04.1:
modemmanager (1.16.6-2~20.04.1) focal; urgency=medium
* Support manual firmware upgrading for Foxconn and Quectel modems.
(LP: #1946096)
-- Jerry Lee <jerry.lee@canonical.com> Thu, 21 Oct 2021 10:29:18 +0800
libnm0, network-manager (built from network-manager) updated from 1.22.10-1ubuntu2.2 to 1.22.10-1ubuntu2.3:
network-manager (1.22.10-1ubuntu2.3) focal; urgency=medium
* wwan: Set MTU based on what ModemManager exposes
(LP: #1955797)
-- Jerry Lee <jerry.lee@canonical.com> Mon, 27 Nov 2021 09:37:06 +0800
2021-10-13 network-manager 1.22.10-9
[ Lukas Märdian <lukas.maerdian@canonical.com> ]
* Add a tiny bit of compatibility layer, so that the NetworkManager snap can handle all connection profiles generated by netplan v0.102 and netplan v0.103 (i.e. /run/NetworkManager/system-connections/netplan-<UUID>.nmconnection naming VS /run/NetworkManager/system-connections/netplan-<IFACE_NAME>.nmconnection naming for logical devices, such as bridges, bonds, vlans).
See: https://bugs.launchpad.net/netplan/+bug/1927350
Also, adopt the keyfile tests a bit to work with newer netplan releases and fix the vendorized netplan version inside the snap to the "applied/0.102-0ubuntu1_20.04.2" tag, so that we do not need to update those patches. We should soon be able to drop the vendorized netplan, that is once https://github.com/snapcore/snapd/pull/10212 is released.
Merge-Proposal: https://code.launchpad.net/~slyon/snappy-hwe-snaps/+git/network-manager/+merge/409679
[ Changes in primed packages ]
libcurl3-gnutls (built from curl) updated from 7.68.0-1ubuntu2.5 to 7.68.0-1ubuntu2.7:
curl (7.68.0-1ubuntu2.7) focal-security; urgency=medium
* SECURITY UPDATE: Protocol downgrade required TLS bypassed
- debian/patches/CVE-2021-22946-pre1.patch: separate FTPS from FTP over
HTTPS proxy in lib/ftp.c, lib/urldata.h.
- debian/patches/CVE-2021-22946.patch: do not ignore --ssl-reqd in
lib/ftp.c, lib/imap.c, lib/pop3.c, tests/data/Makefile.inc,
tests/data/test984, tests/data/test985, tests/data/test986.
- CVE-2021-22946
* SECURITY UPDATE: STARTTLS protocol injection via MITM
- debian/patches/CVE-2021-22947.patch: reject STARTTLS server response
pipelining in lib/ftp.c, lib/imap.c, lib/pop3.c, lib/smtp.c,
tests/data/Makefile.inc, tests/data/test980, tests/data/test981,
tests/data/test982, tests/data/test983.
- CVE-2021-22947
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 10 Sep 2021 10:28:17 -0400
curl (7.68.0-1ubuntu2.6) focal-security; urgency=medium
* SECURITY UPDATE: TELNET stack contents disclosure
- debian/patches/CVE-2021-22898.patch: check sscanf() for correct
number of matches in lib/telnet.c.
- CVE-2021-22898
* SECURITY UPDATE: Bad connection reuse due to flawed path name checks
- debian/patches/CVE-2021-22924.patch: fix connection reuse checks for
issuer cert and case sensitivity in lib/url.c, lib/urldata.h,
lib/vtls/gtls.c, lib/vtls/nss.c, lib/vtls/openssl.c, lib/vtls/vtls.c.
- CVE-2021-22924
* SECURITY UPDATE: TELNET stack contents disclosure again
- debian/patches/CVE-2021-22925.patch: fix option parser to not send
uninitialized contents in lib/telnet.c.
- CVE-2021-22925
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 21 Jul 2021 08:35:58 -0400
libssh-4 (built from libssh) updated from 0.9.3-2ubuntu2.1 to 0.9.3-2ubuntu2.2:
libssh (0.9.3-2ubuntu2.2) focal-security; urgency=medium
* SECURITY UPDATE: possible heap-buffer overflow when rekeying
- debian/patches/CVE-2021-3634.patch: create a separate length for
session_id in include/libssh/crypto.h, src/gssapi.c, src/kdf.c,
src/kex.c, src/libcrypto.c, src/messages.c, src/packet.c, src/pki.c,
src/wrapper.c, tests/unittests/torture_session_keys.c.
- CVE-2021-3634
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 18 Aug 2021 11:35:51 -0400
libmm-glib0 (built from modemmanager) updated from 1.12.8-1 to 1.16.6-2~20.04:
modemmanager (1.16.6-2~20.04) focal; urgency=medium
* Backport to focal. (LP: #1934286)
-- Jerry Lee <jerry.lee@canonical.com> Wed, 07 Jul 2021 10:10:02 +0800
modemmanager (1.16.6-2) experimental; urgency=medium
* debian/control: include python build-depends for tests
-- Sebastien Bacher <seb128@debian.org> Fri, 25 Jun 2021 15:32:16 +0200
modemmanager (1.16.6-1) experimental; urgency=medium
* New upstream version
* debian/control.in:
- updated libqmi requirement
* debian/libmm-glib0.symbols:
- updated for the new version
-- Sebastien Bacher <seb128@ubuntu.com> Fri, 25 Jun 2021 11:30:20 +0200
modemmanager (1.14.12-0.1) unstable; urgency=medium
* Non-maintainer upload.
* New upstream version, bug fixes only, no new features.
- MBIM:
- Plug memleak in disconnection logic.
- Don't fail IPv4v6 connection attempt if only IPv4 succeeds.
- QMI:
- Fix network registration cancellation logic with asserts disabled.
[ Helmut Grohne ]
* Annotate dbus dependency <!nocheck>. (Closes: #980827)
-- Martin <debacle@debian.org> Fri, 12 Mar 2021 18:09:44 +0000
modemmanager (1.14.10-0.1) unstable; urgency=medium
* Non-maintainer upload.
* New upstream version.
* Add upstream signing key.
-- Martin <debacle@debian.org> Sat, 16 Jan 2021 17:23:28 +0000
modemmanager (1.14.8-0.1) unstable; urgency=medium
* Non-maintainer upload.
* New upstream version.
-- Martin <debacle@debian.org> Mon, 16 Nov 2020 12:22:26 +0000
modemmanager (1.14.6-0.1) unstable; urgency=medium
* Non-maintainer upload.
* New upstream version.
-- Martin <debacle@debian.org> Wed, 14 Oct 2020 15:11:13 +0000
modemmanager (1.14.2-0.1) unstable; urgency=medium
* Non-maintainer upload.
* New upstream version.
-- Martin <debacle@debian.org> Wed, 19 Aug 2020 17:43:57 +0000
modemmanager (1.14.0-0.1) unstable; urgency=medium
* Non-maintainer upload.
* New upstream version.
-- Martin <debacle@debian.org> Tue, 23 Jun 2020 18:16:49 +0000
modemmanager (1.13.900-0.1) experimental; urgency=medium
* Non-maintainer upload.
* New upstream version.
* debian/libmm-glib0.symbols: 13 additional symbols,
mm_common_build_capability_combinations_any was not part of API,
no soname bump necessary.
-- Martin <debacle@debian.org> Fri, 12 Jun 2020 08:23:35 +0000
modemmanager (1.12.10-0.2) unstable; urgency=medium
* Non-maintainer upload.
* Apply upstream patch to fix problem with wavecom modems.
-- Martin <debacle@debian.org> Sun, 07 Jun 2020 11:01:26 +0000
modemmanager (1.12.10-0.1) unstable; urgency=medium
* Non-maintainer upload.
* New upstream version.
-- Martin <debacle@debian.org> Tue, 26 May 2020 22:39:43 +0000
modemmanager (1.12.8-1.1) unstable; urgency=medium
* Non-maintainer upload.
* Update Vcs-* to salsa.
* Use Rules-Requires-Root: no
-- Martin <debacle@debian.org> Thu, 30 Apr 2020 00:44:37 +0000
2021-06-07 network-manager 1.22.10-8
[ Lukas Märdian <lukas.maerdian@canonical.com> ]
* Refactor/cleanup the NM patch a bit, making it easier to merge with upstream changes.
Additionally, avoid creating new netplan YAML config in /etc/netplan/ for ".nmmeta.volatile=true" connection profile.
Merge-Proposal: https://code.launchpad.net/~slyon/snappy-hwe-snaps/+git/network-manager/+merge/403276
[ Changes in primed packages ]
dnsmasq-base (built from dnsmasq) updated from 2.80-1.1ubuntu1.3 to 2.80-1.1ubuntu1.4:
dnsmasq (2.80-1.1ubuntu1.4) focal-security; urgency=medium
* SECURITY UPDATE: fixed port use when specific server is requested
- 74d4fcd756a85bc1823232ea74334f7ccfb9d5d2
- CVE-2021-3448
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 06 May 2021 12:34:24 -0400
2021-05-21 network-manager 1.22.10-7
[ Lukas Märdian <lukas.maerdian@canonical.com> ]
* None
Merge-Proposal: https://code.launchpad.net/~slyon/snappy-hwe-snaps/+git/network-manager/+merge/400398
[ Changes in primed packages ]
No changes for primed packages
2021-05-06 network-manager 1.22.10-6
[ Alfonso Sanchez-Beato <alfonso.sanchez-beato@canonical.com> ]
* Revert "spread: fix tests to work with epochs"
This reverts commit bd2e479614ec595050aaf4f0f63f6aec12adc095.
The change was needed so tests could run after changing the
epoch. However, this caused races as connections happen after the snap
is installed, and NM starts without all the permissions it
needs. Revert this back as now we have an epoch 1 snap already
published in 20/beta and we can install it without errors.
Merge-Proposal: https://code.launchpad.net/~alfonsosanchezbeato/snappy-hwe-snaps/+git/network-manager/+merge/399588
[ Lukas Märdian <lukas.maerdian@canonical.com> ]
* None
Merge-Proposal: https://code.launchpad.net/~slyon/snappy-hwe-snaps/+git/network-manager/+merge/402063
[ Changes in primed packages ]
libcurl3-gnutls (built from curl) updated from 7.68.0-1ubuntu2.4 to 7.68.0-1ubuntu2.5:
curl (7.68.0-1ubuntu2.5) focal-security; urgency=medium
* SECURITY UPDATE: data leak via referer header field
- debian/patches/CVE-2021-22876.patch: strip credentials from the
auto-referer header field in lib/transfer.c.
- CVE-2021-22876
* SECURITY UPDATE: TLS 1.3 session ticket proxy host mixup
- debian/patches/CVE-2021-22890.patch: make sure we set and extract the
correct session in lib/vtls/*.
- CVE-2021-22890
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 23 Mar 2021 09:13:04 -0400
libldap-2.4-2 (built from openldap) updated from 2.4.49+dfsg-2ubuntu1.7 to 2.4.49+dfsg-2ubuntu1.8:
openldap (2.4.49+dfsg-2ubuntu1.8) focal; urgency=medium
* d/p/ITS-8650-loop-on-incomplete-TLS-handshake.patch:
Import upstream patch to properly retry gnutls_handshake() after it
returns GNUTLS_E_AGAIN. (ITS#8650) (LP: #1921562)
-- Utkarsh Gupta <utkarsh.gupta@canonical.com> Thu, 08 Apr 2021 09:52:01 +0530
2021-03-11 network-manager 1.22.10-5
[ Tony Espy <(unknown e-mail)> ]
* None
Merge-Proposal: https://code.launchpad.net/~awe/snappy-hwe-snaps/+git/network-manager/+merge/399241
[ Changes in primed packages ]
No changes for primed packages
2021-02-25 network-manager 1.22.10-4
[ Changes in primed packages ]
dnsmasq-base (built from dnsmasq) updated from 2.80-1.1ubuntu1.2 to 2.80-1.1ubuntu1.3:
dnsmasq (2.80-1.1ubuntu1.3) focal-security; urgency=medium
* SECURITY REGRESSION: issue with multiple queries and issue with retries
(LP: #1916462)
- backport multiple upstream commits to fix regressions
+ 04490bf622ac84891aad6f2dd2edf83725decdee
+ 12af2b171de0d678d98583e2190789e544440e02
+ 3f535da79e7a42104543ef5c7b5fa2bed819a78b
+ 25e63f1e56f5acdcf91893a1b92ad1e0f2f552d8
+ 141a26f979b4bc959d8e866a295e24f8cf456920
+ 305cb79c5754d5554729b18a2c06fe7ce699687a
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 23 Feb 2021 07:58:11 -0500
2021-02-23 network-manager 1.22.10-3
[ Alfonso Sanchez-Beato <alfonso.sanchez-beato@canonical.com> ]
* Follow focal-updates branch for dnsmasq
A new dnsmasq package has been released and the new sources branch
applied/ubuntu/focal-updates has been created. Use it so we get latest
changes (check-versions helped to discover this).
Merge-Proposal: https://code.launchpad.net/~alfonsosanchezbeato/snappy-hwe-snaps/+git/network-manager/+merge/396987
[ Lukas Märdian <lukas.maerdian@canonical.com> ]
* None
Merge-Proposal: https://code.launchpad.net/~slyon/snappy-hwe-snaps/+git/network-manager/+merge/395534
[ Heather Ellsworth <heather.ellsworth@canonical.com> ]
* Add plugins configure hook
Merge-Proposal: https://code.launchpad.net/~hellsworth/snappy-hwe-snaps/+git/network-manager/+merge/396213
[ Changes in primed packages ]
libcurl3-gnutls (built from curl) updated from 7.68.0-1ubuntu2.2 to 7.68.0-1ubuntu2.4:
curl (7.68.0-1ubuntu2.4) focal-security; urgency=medium
* SECURITY UPDATE: FTP redirect to malicious host via PASV response
- debian/patches/CVE-2020-8284.patch: use CURLOPT_FTP_SKIP_PASV_IP by
default in lib/url.c, src/tool_cfgable.c, docs/*, tests/data/*.
- CVE-2020-8284
* SECURITY UPDATE: FTP wildcard stack buffer overflow in libcurl
- debian/patches/CVE-2020-8285.patch: make wc_statemach loop instead of
recurse in lib/ftp.c.
- CVE-2020-8285
* SECURITY UPDATE: Inferior OCSP verification
- debian/patches/CVE-2020-8286.patch: make the OCSP verification verify
the certificate id in lib/vtls/openssl.c.
- CVE-2020-8286
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 30 Nov 2020 10:59:13 -0500
dnsmasq-base (built from dnsmasq) updated from 2.80-1.1ubuntu1 to 2.80-1.1ubuntu1.2:
dnsmasq (2.80-1.1ubuntu1.2) focal-security; urgency=medium
* SECURITY UPDATE: Multiple security issues
- CVE-2020-25681: heap overflow in RRSets sorting
- CVE-2020-25682: buffer overflow in extracting names from DNS packets
- CVE-2020-25683: heap overflow in DNSSEC validation
- CVE-2020-25684: cache poisoning issue via address/port
- CVE-2020-25685: cache poisoning issue via weak hash
- CVE-2020-25686: birthday attack via incorrect existing requests check
- CVE-2020-25687: heap overflow in DNSSEC validation
- CVE-2019-14834: memory leak via DHCP response creation
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 08 Jan 2021 09:59:59 -0500
libnm0, network-manager (built from network-manager) updated from 1.22.10-1ubuntu2.1 to 1.22.10-1ubuntu2.2:
network-manager (1.22.10-1ubuntu2.2) focal; urgency=medium
* platform: add the NM_SETTING_WIRELESS_WAKE_ON_WLAN_IGNORE status check
(LP: #1891632)
-- Li-Hao Liao (Leon Liao) <leon.liao@canonical.com> Wed, 16 Sep 2020 17:05:18 +0100
libldap-2.4-2 (built from openldap) updated from 2.4.49+dfsg-2ubuntu1.3 to 2.4.49+dfsg-2ubuntu1.7:
openldap (2.4.49+dfsg-2ubuntu1.7) focal-security; urgency=medium
* SECURITY UPDATE: DoS via malicious packet
- debian/patches/CVE-2021-27212.patch: fix issuerAndThisUpdateCheck in
servers/slapd/schema_init.c.
- CVE-2021-27212
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 18 Feb 2021 09:22:15 -0500
openldap (2.4.49+dfsg-2ubuntu1.6) focal-security; urgency=medium
* SECURITY UPDATE: integer underflow in Certificate Exact Assertion
processing
- debian/patches/CVE-2020-36221-1.patch: fix serialNumberAndIssuerCheck
in servers/slapd/schema_init.c.
- debian/patches/CVE-2020-36221-2.patch: fix serialNumberAndIssuerCheck
in servers/slapd/schema_init.c.
- CVE-2020-36221
* SECURITY UPDATE: assert failure in saslAuthzTo validation
- debian/patches/CVE-2020-36222-1.patch: remove saslauthz asserts in
servers/slapd/saslauthz.c.
- debian/patches/CVE-2020-36222-2.patch: fix debug msg in
servers/slapd/saslauthz.c.
- CVE-2020-36222
* SECURITY UPDATE: crash in Values Return Filter control handling
- debian/patches/CVE-2020-36223.patch: fix vrfilter double-free in
servers/slapd/controls.c.
- CVE-2020-36223
* SECURITY UPDATE: DoS in saslAuthzTo processing
- debian/patches/CVE-2020-36224-1.patch: use ch_free on normalized DN
in servers/slapd/saslauthz.c.
- debian/patches/CVE-2020-36224-2.patch: use slap_sl_free in prev
commit in servers/slapd/saslauthz.c.
- CVE-2020-36224
* SECURITY UPDATE: DoS in saslAuthzTo processing
- debian/patches/CVE-2020-36225.patch: fix AVA_Sort on invalid RDN in
servers/slapd/dn.c.
- CVE-2020-36225
* SECURITY UPDATE: DoS in saslAuthzTo processing
- debian/patches/CVE-2020-36226.patch: fix slap_parse_user in
servers/slapd/saslauthz.c.
- CVE-2020-36226
* SECURITY UPDATE: infinite loop in cancel_extop Cancel operation
- debian/patches/CVE-2020-36227.patch: fix cancel exop in
servers/slapd/cancel.c.
- CVE-2020-36227
* SECURITY UPDATE: DoS in Certificate List Exact Assertion processing
- debian/patches/CVE-2020-36228.patch: fix issuerAndThisUpdateCheck in
servers/slapd/schema_init.c.
- CVE-2020-36228
* SECURITY UPDATE: DoS in X.509 DN parsing in ad_keystring
- debian/patches/CVE-2020-36229.patch: add more checks to
ldap_X509dn2bv in libraries/libldap/tls2.c.
- CVE-2020-36229
* SECURITY UPDATE: DoS in X.509 DN parsing in ber_next_element
- debian/patches/CVE-2020-36230.patch: check for invalid BER after RDN
count in libraries/libldap/tls2.c.
- CVE-2020-36230
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 02 Feb 2021 11:06:34 -0500
openldap (2.4.49+dfsg-2ubuntu1.5) focal-security; urgency=medium
* SECURITY UPDATE: assertion failure in Certificate List syntax
validation
- debian/patches/CVE-2020-25709.patch: properly handle error in
servers/slapd/schema_init.c.
- CVE-2020-25709
* SECURITY UPDATE: assertion failure in CSN normalization with invalid
input
- debian/patches/CVE-2020-25710.patch: properly handle error in
servers/slapd/schema_init.c.
- CVE-2020-25710
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 16 Nov 2020 08:39:57 -0500
openldap (2.4.49+dfsg-2ubuntu1.4) focal-security; urgency=medium
* SECURITY UPDATE: DoS via NULL pointer dereference
- debian/patches/CVE-2020-25692.patch: skip normalization if there's no
equality rule in servers/slapd/modrdn.c.
- CVE-2020-25692
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 04 Nov 2020 09:43:57 -0500
2020-10-09 network-manager 1.22.10-2
[ Alfonso Sanchez-Beato <alfonso.sanchez-beato@canonical.com> ]
* Run tests on UC20 images now
Merge-Proposal: https://code.launchpad.net/~alfonsosanchezbeato/snappy-hwe-snaps/+git/network-manager/+merge/386964
* Enable again checks, after disabling some failing tests:
Some tests where failing due to limitations of the launchpad builders:
disable just those but run the rest of unit tests when building.
Merge-Proposal: https://code.launchpad.net/~alfonsosanchezbeato/snappy-hwe-snaps/+git/network-manager/+merge/387044
* docs: big documentation update
Merge-Proposal: https://code.launchpad.net/~alfonsosanchezbeato/snappy-hwe-snaps/+git/network-manager/+merge/387143
* Add patch to use udev even when confined
[PATCH] platform: use also statvfs() to check for udevd
Check whether or not there is a running udevd by using statvfs() on
"/sys" and use access() as a fallback. This is in line with what is
done by systemd [1] and helps in case NM is not really running in a
container but has been confined by a MAC so it does not have full
access to sysfs (access() returns EACCES). Fixes LP:#1712918,
LP:#1893184.
Upstream:
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/9c8275bedcc98d789fa83d2817b9e8ff58f3e7b6
[1] https://github.com/systemd/systemd/blob/v246/src/basic/stat-util.c#L132
Merge-Proposal: https://code.launchpad.net/~alfonsosanchezbeato/snappy-hwe-snaps/+git/network-manager/+merge/391889
[ Heather Ellsworth <heather.ellsworth@canonical.com> ]
* Add netplan patch
Merge-Proposal: https://code.launchpad.net/~hellsworth/snappy-hwe-snaps/+git/network-manager/+merge/391222
[ Changes in primed packages ]
libbrotli1 (built from brotli) updated from 1.0.7-6build1 to 1.0.7-6ubuntu0.1:
brotli (1.0.7-6ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: Buffr overflow
- debian/patches/CVE-2020-8927.patch: fix potential overflow when
input chunk is >2GiB in c/common/*, c/dec/*, c/enc/*,
research/brotli_decoder.c, research/draw_histogram.cc,
scripts/.bintray.json, scripts/source.lst, setup.py.
- CVE-2020-8927
-- Leonidas S. Barbosa <leo.barbosa@canonical.com> Mon, 28 Sep 2020 14:25:38 -0300
libcurl3-gnutls (built from curl) updated from 7.68.0-1ubuntu2.1 to 7.68.0-1ubuntu2.2:
curl (7.68.0-1ubuntu2.2) focal-security; urgency=medium
* SECURITY UPDATE: wrong connect-only connection
- debian/patches/CVE-2020-8231.patch: remember last connection by id,
not by pointer in lib/connect.c, lib/easy.c, lib/multi.c, lib/url.c,
lib/urldata.h.
- CVE-2020-8231
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 13 Aug 2020 13:34:56 -0400
libssh-4 (built from libssh) updated from 0.9.3-2ubuntu2 to 0.9.3-2ubuntu2.1:
libssh (0.9.3-2ubuntu2.1) focal-security; urgency=medium
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2020-16135-*.patch: fix a NULL dereference
checking the return of ssh_buffer_new() and added others checks
in src/sftpservcer.c, src/buffer.c.
- CVE-2020-16135
-- Leonidas S. Barbosa <leo.barbosa@canonical.com> Fri, 31 Jul 2020 15:38:31 -0300
libldap-2.4-2 (built from openldap) updated from 2.4.49+dfsg-2ubuntu1.2 to 2.4.49+dfsg-2ubuntu1.3:
openldap (2.4.49+dfsg-2ubuntu1.3) focal; urgency=medium
* d/apparmor-profile: Update apparmor profile to grant access to
the saslauthd socket, so that SASL authentication works. (LP: #1557157)
-- Sergio Durigan Junior <sergio.durigan@canonical.com> Fri, 12 Jun 2020 18:18:58 -0400
ppp (built from ppp) updated from 2.4.7-2+4.1ubuntu5 to 2.4.7-2+4.1ubuntu5.1:
ppp (2.4.7-2+4.1ubuntu5.1) focal-security; urgency=medium
* SECURITY UPDATE: arbitrary file disclosure vulnerability
- debian/patches/load_ppp_generic_if_needed: removed, ppp has been
built into Ubuntu kernels since at least 2012.
- CVE-2020-15704
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 23 Jul 2020 08:39:04 -0400
2020-06-25 network-manager 1.22.10-1
[ Alfonso Sanchez-Beato <alfonso.sanchez-beato@canonical.com> ]
* Remove now unneeded networkmanager-phony
Coyrights now come from stack-snap-tools part for dnsmasq and NM
Check version of build packages against staged ones
Build using latest released package for focal
Build dnsmasq and NM after getting tools
Add stack-snaps-tools to get tools and stage copyright
Push ChangeLog to snap folder
Do not dump copyright files from snap-common folder
Merge-Proposal: https://code.launchpad.net/~alfonsosanchezbeato/snappy-hwe-snaps/+git/network-manager/+merge/386194
[ Changes in primed packages ]
dnsmasq-base (2.80-1.1ubuntu1): new primed package
libbrotli1 (1.0.7-6build1): new primed package
libnm0 (1.22.10-1ubuntu2.1): new primed package
libssh-4 (0.9.3-2ubuntu2): new primed package
network-manager (1.22.10-1ubuntu2.1): new primed package
libcurl3-gnutls (built from curl) updated from 7.58.0-2ubuntu3.8 to 7.68.0-1ubuntu2.1:
curl (7.68.0-1ubuntu2.1) focal-security; urgency=medium
* SECURITY UPDATE: Partial password leak over DNS on HTTP redirect
- debian/patches/CVE-2020-8169.patch: make the updated credentials
URL-encoded in the URL in lib/url.c, tests/data/test1168,
tests/data/Makefile.inc.
- CVE-2020-8169
* SECURITY UPDATE: curl overwrite local file with -J
- debian/patches/CVE-2020-8177.patch: -i is not OK if -J is used in
src/tool_cb_hdr.c, src/tool_getparam.c.
- CVE-2020-8177
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 17 Jun 2020 09:03:28 -0400
curl (7.68.0-1ubuntu2) focal; urgency=medium
* debian/patches/git_tls13_gnutls.patch:
- Ensure TLS 1.3 works with GnuTLS, thanks Dirkjan Bussink for writting
the patch and pointing it out on launchpad! (lp: #1872698)
-- Sebastien Bacher <seb128@ubuntu.com> Wed, 15 Apr 2020 08:27:03 +0200
curl (7.68.0-1ubuntu1) focal; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/control, debian/rules: build with libssh instead of libssh2.
-- Steve Langasek <steve.langasek@ubuntu.com> Sun, 23 Feb 2020 12:33:45 -0800
curl (7.68.0-1) unstable; urgency=medium
* New upstream release
* Bump Standards-Version to 4.5.0 (no changes needed)
* Update symbols files
* Configure default CA file with OpenSSL again (Closes: #948441)
-- Alessandro Ghedini <ghedo@debian.org> Sat, 22 Feb 2020 14:37:19 +0000
curl (7.67.0-2ubuntu1) focal; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/control, debian/rules: build with libssh instead of libssh2.
-- Steve Langasek <steve.langasek@ubuntu.com> Thu, 13 Feb 2020 11:01:54 -0800
curl (7.67.0-2) unstable; urgency=medium
* Restore :native annotation for python3 Build-Depends.
Thanks to Helmut Grohne for the patch (Closes: #945928)
-- Alessandro Ghedini <ghedo@debian.org> Sun, 01 Dec 2019 13:29:28 +0000
curl (7.67.0-1) unstable; urgency=medium
* New upstream release
* Replace python with python3 in Build-Depends (Closes: #942984)
* Bump Standards-Version to 4.4.1 (no changes needed)
-- Alessandro Ghedini <ghedo@debian.org> Sat, 30 Nov 2019 12:45:07 +0000
curl (7.66.0-1ubuntu1) focal; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/control, debian/rules: build with libssh instead of libssh2.
* Dropped changes, included upstream:
- debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
double-free on large memory allocation failures
- debian/patches/CVE-2019-5482.patch: ensure to use the correct block
size when calling recvfrom() if the server returns an OACK without
specifying a block size in lib/tftp.c
-- Steve Langasek <steve.langasek@ubuntu.com> Tue, 12 Nov 2019 17:05:51 -0800
curl (7.66.0-1) unstable; urgency=medium
* New upstream release (Closes: #940024)
+ Fix FTP-KRB double-free as per CVE-2019-5481 (Closes: #940009)
https://curl.haxx.se/docs/CVE-2019-5481.html
+ Fix TFTP small blocksize heap buffer overflow as per CVE-2019-5482
(Closes: #940010)
https://curl.haxx.se/docs/CVE-2019-5482.html
* Refresh patches
* Enable brotli support (Closes: #940129)
* Update *.symbols files
-- Alessandro Ghedini <ghedo@debian.org> Sun, 15 Sep 2019 15:47:05 +0100
curl (7.65.3-1ubuntu4) focal; urgency=medium
* No-change rebuild against libnettle7
-- Steve Langasek <steve.langasek@ubuntu.com> Thu, 31 Oct 2019 22:10:02 +0000
curl (7.65.3-1ubuntu3) eoan; urgency=medium
* SECURITY UPDATE: double-free when using kerberos over FTP may cause
denial-of-service
- debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
double-free on large memory allocation failures
- CVE-2019-5481
* SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
cause denial-of-service or remote code-execution
- debian/patches/CVE-2019-5482.patch: ensure to use the correct block
size when calling recvfrom() if the server returns an OACK without
specifying a block size in lib/tftp.c
- CVE-2019-5482
-- Alex Murray <alex.murray@canonical.com> Fri, 06 Sep 2019 14:52:01 +0930
curl (7.65.3-1ubuntu2) eoan; urgency=medium
* No-change upload with strops.h and sys/strops.h removed in glibc.
-- Matthias Klose <doko@ubuntu.com> Thu, 05 Sep 2019 13:37:38 +0200
curl (7.65.3-1ubuntu1) eoan; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/control, debian/rules: build with libssh instead of libssh2.
-- Gianfranco Costamagna <locutusofborg@debian.org> Sat, 10 Aug 2019 09:40:03 +0200
curl (7.65.3-1) unstable; urgency=medium
* New upstream release
* Drop 12_fix-man-errors.patch (merged upstream)
* Remove Ian Jackson from Uploaders as he has never done an upload
-- Alessandro Ghedini <ghedo@debian.org> Fri, 09 Aug 2019 19:45:02 +0100
curl (7.65.1-1ubuntu1) eoan; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/control, debian/rules: build with libssh instead of libssh2.
-- Gianfranco Costamagna <locutusofborg@debian.org> Mon, 15 Jul 2019 15:20:26 +0200
curl (7.65.1-1) unstable; urgency=medium
* New upstream release
+ Reduce verbose output (Closes: #926148)
+ Fix parsing URLs with link local addresses (Closes: #926812)
* Drop patches merged upstream
* Refresh patches
* Bump STandards-Version to 4.4.0 (no changes needed)
* Update entry in copyright for renamed files
* Fix some man errors.
Thanks to Bjarni Ingi Gislason for the patch (Closes: #926352)
* Add Build-Depends-Package field to symbols files
-- Alessandro Ghedini <ghedo@debian.org> Sat, 13 Jul 2019 12:37:09 +0100
curl (7.64.0-4ubuntu1) eoan; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/control, debian/rules: build with libssh instead of libssh2.
* Dropped changes, included in Debian:
- SECURITY UPDATE: Integer overflows in curl_url_set()
- SECURITY UPDATE: TFTP receive buffer overflow
-- Steve Langasek <steve.langasek@ubuntu.com> Wed, 19 Jun 2019 22:50:09 -0700
curl (7.64.0-4) unstable; urgency=medium
* Fix TFTP receive buffer overflow as per CVE-2019-5436 (Closes: #929351)
https://curl.haxx.se/docs/CVE-2019-5436.html
* Fix integer overflow in curl_url_set() as per CVE-2019-5435 (Closes: #929352)
https://curl.haxx.se/docs/CVE-2019-5435.html
-- Alessandro Ghedini <ghedo@debian.org> Fri, 14 Jun 2019 19:23:32 +0100
curl (7.64.0-3ubuntu2) eoan; urgency=medium
* SECURITY UPDATE: Integer overflows in curl_url_set()
- debian/patches/CVE-2019-5435.patch: limit sizes in lib/setopt.c,
lib/urlapi.c, lib/urldata.h, tests/data/Makefile.inc,
tests/data/test1559, tests/libtest/Makefile.inc,
tests/libtest/lib1559.c.
- CVE-2019-5435
* SECURITY UPDATE: TFTP receive buffer overflow
- debian/patches/CVE-2019-5436.patch: use the current blksize in
lib/tftp.c.
- CVE-2019-5436
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 22 May 2019 09:36:43 -0400
curl (7.64.0-3ubuntu1) eoan; urgency=low
* Merge from Debian unstable. Remaining changes:
* debian/control, debian/rules:
- build with libssh instead of libssh2, that's a better maintained
library and it's in Ubuntu main (lp: #311029)
-- Gianfranco Costamagna <locutusofborg@debian.org> Mon, 13 May 2019 10:02:19 +0200
curl (7.64.0-3) unstable; urgency=medium
* Fix potential crash in HTTP/2 code and busy loop at the end of connections
(Closes: #927471)
-- Alessandro Ghedini <ghedo@debian.org> Sat, 04 May 2019 12:51:06 +0100
curl (7.64.0-2ubuntu1) disco; urgency=low
* Merge from Debian unstable. Remaining changes:
* debian/control, debian/rules:
- build with libssh instead of libssh2, that's a better maintained
library and it's in Ubuntu main (lp: #311029)
-- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 05 Apr 2019 17:50:51 +0200
curl (7.64.0-2) unstable; urgency=medium
* Fix infinite loop when fetching URLs with unreachable IPv6 (Closes: #922554)
-- Alessandro Ghedini <ghedo@debian.org> Thu, 07 Mar 2019 20:02:35 +0000
curl (7.64.0-1ubuntu1) disco; urgency=medium
* Resynchronize with Debian, remaining change
* debian/control, debian/rules:
- build with libssh instead of libssh2, that's a better maintained
library and it's in Ubuntu main (lp: #311029)
-- Sebastien Bacher <seb128@ubuntu.com> Thu, 14 Feb 2019 16:49:23 +0100
curl (7.64.0-1) unstable; urgency=medium
* New upstream release
+ Fix NTLM type-2 out-of-bounds buffer read as per CVE-2018-16890
https://curl.haxx.se/docs/CVE-2018-16890.html
+ Fix NTLMv2 type-3 header stack buffer overflow as per CVE-2019-3822
https://curl.haxx.se/docs/CVE-2019-3822.html
+ Fix SMTP end-of-response out-of-bounds read as per CVE-2019-3823
https://curl.haxx.se/docs/CVE-2019-3823.html
+ Fix HTTP negotiation with POST requests (Closes: #920267)
* Refresh patches
* Import fixes for zsh completion script generator (Closes: #92145)
-- Alessandro Ghedini <ghedo@debian.org> Wed, 06 Feb 2019 22:33:05 +0000
curl (7.63.0-1) unstable; urgency=medium
* New upstream release
+ Fix IPv6 numeral address parser (Closes: #915520)
+ Fix timeout handling (Closes: #914793)
+ Fix HTTP auth to include query in URI (Closes: #913214)
* Drop 12_fix-runtests-curl.patch (merged upstream)
* Update symbols
* Update copyright for removed files
* Bump debhlper compat level to 12
* Bump Standards-Version to 4.3.0 (no changes needed)
-- Alessandro Ghedini <ghedo@debian.org> Tue, 15 Jan 2019 20:47:40 +0000
curl (7.62.0-1) unstable; urgency=medium
* New upstream release
+ Fix NTLM password overflow via integer overflow as per CVE-2018-14618
(Closes: #908327) https://curl.haxx.se/docs/CVE-2018-14618.html
+ Fix SASL password overflow via integer overflow as per CVE-2018-16839
https://curl.haxx.se/docs/CVE-2018-16839.html
+ Fix use-after-free in handle close as per CVE-2018-16840
https://curl.haxx.se/docs/CVE-2018-16840.html
+ Fix warning message out-of-buffer read as per CVE-2018-16842
https://curl.haxx.se/docs/CVE-2018-16842.html
+ Fix broken terminal output (closes: #911333)
* Refresh patches
* Add 12_fix-runtests-curl.patch to fix running curl in tests
-- Alessandro Ghedini <ghedo@debian.org> Wed, 31 Oct 2018 22:42:44 +0000
curl (7.61.0-1) unstable; urgency=medium
* New upstream release
+ Fix SMTP send heap buffer overflow as per CVE-2018-0500 (Closes: #903546)
https://curl.haxx.se/docs/adv_2018-70a2.html
+ Fix some crashes related to HTTP/2 (Closes: #902628)
* Disable libssh2 on Ubuntu.
Thanks to Gianfranco Costamagna for the patch (Closes: #888449)
* Bump Standards-Version to 4.2.0 (no changes needed)
* Don't configure default CA bundle with OpenSSL and GnuTLS (Closes: #883174)
-- Alessandro Ghedini <ghedo@debian.org> Sat, 11 Aug 2018 13:32:28 +0100
curl (7.60.0-2) unstable; urgency=medium
[ Steve Langasek ]
* Build-depend on libssl-dev instead of libssl1.0-dev.
* Rename libcurl3 to libcurl4, because libcurl exposes an SSL_CTX via
CURLOPT_SSL_CTX_FUNCTION, and this object changes incompatibly between
openssl 1.0 and openssl 1.1.
* debian/patches/03_keep_symbols_compat.patch: drop, since we are no longer
claiming compatibility.
* debian/patches/90_gnutls.patch: Retain symbol versioning compatibility for
non-OpenSSL builds. Closes: #858398.
* Adjust libssl1.1 vs libssl1.0 Suggests/Conflicts; thanks, Adrian Bunk
-- Alessandro Ghedini <ghedo@debian.org> Wed, 23 May 2018 20:25:39 +0100
curl (7.60.0-1) unstable; urgency=medium
* New upstream release (Closes: #891997, #893546, #898856)
+ Fix use of IPv6 literals with NO_PROXY
+ Fix NIL byte out of bounds write due to FTP path trickery
as per CVE-2018-1000120
https://curl.haxx.se/docs/adv_2018-9cd6.html
+ Fix LDAP NULL pointer dereference as per CVE-2018-1000121
https://curl.haxx.se/docs/adv_2018-97a2.html
+ Fix RTSP RTP buffer over-read as per CVE-2018-1000122
https://curl.haxx.se/docs/adv_2018-b047.html
+ Fix heap buffer overflow when closing down an FTP connection
with very long server command replies as per CVE-2018-1000300
https://curl.haxx.se/docs/adv_2018-82c2.html
+ Fix heap buffer over-read when parsing bad RTSP headers
as per CVE-2018-1000301
https://curl.haxx.se/docs/adv_2018-b138.html
* Refresh patches
* Bump Standards-Version to 4.1.4 (no changes needed)
-- Alessandro Ghedini <ghedo@debian.org> Fri, 18 May 2018 20:21:17 +0100
libsasl2-2 (built from cyrus-sasl2) updated from 2.1.27~101-g0780600+dfsg-3ubuntu2.1 to 2.1.27+dfsg-2:
cyrus-sasl2 (2.1.27+dfsg-2) unstable; urgency=medium
[ Salvatore Bonaccorso ]
* Off-by-one in _sasl_add_string function (CVE-2019-19906) (Closes: #947043)
-- Roberto C. Sanchez <roberto@debian.org> Thu, 26 Dec 2019 09:48:32 -0500
cyrus-sasl2 (2.1.27+dfsg-1) unstable; urgency=medium
[ Ryan Tandy ]
* Fix libsasl2-2 incorrectly depending on GSSAPI libraries.
(Closes: #917129)
* Restore changes from NMU versions
2.1.27~101-g0780600+dfsg-3 and 2.1.27~101-g0780600+dfsg-3.1
(Closes: #917140)
[ Ondřej Surý ]
* Upload to unstable.
-- Ondřej Surý <ondrej@debian.org> Tue, 22 Jan 2019 08:53:59 +0000
cyrus-sasl2 (2.1.27+dfsg-1~exp1) experimental; urgency=medium
[ Roberto C. Sanchez ]
* Change email in d/control
* Apply uversionmangle option in d/watch for correct upstream version
sort
[ Helmut Grohne ]
* Fix FTCBFS (Closes: #792851)
+ 0033-cross.patch: Drop -ldb from make depends.
* Use $(CC) instead of gcc in d/sample/Makefile
[ Ondřej Surý ]
* Add upstream tarball signing key
* Update d/watch and d/copyright to use gbp import-orig ability to
repack the tarball
* New upstream version 2.1.27+dfsg
* Bump policy to current version and debhelper compat level to 12
* Upstream supports only a single plugindir now, switch to M-A plugindir
* Build libsasl2-modules-gssapi-heimdal against heimdal
+ Install heimdal build into separate tmp directory and strip rpath
from it (Closes: #880393)
* Replace extra priority with optional
* Add Pre-Depends: ${misc:Pre-Depends} to sasl2-bin for systemd predepends
* Add libpod-pom-view-restructured-perl to B-D to regenerate documentation
* Add a patch to stop importing docutils_version in sphinx-build manpage helper
-- Ondřej Surý <ondrej@debian.org> Mon, 21 Jan 2019 09:47:50 +0000
cyrus-sasl2 (2.1.27~rc8-1) unstable; urgency=medium
* New upstream version 2.1.27~rc8
* Rebase patches for Cyrus SASL 2.1.27~rc8
* Cleanup d/control
-- Ondřej Surý <ondrej@debian.org> Tue, 02 Oct 2018 08:05:10 +0000
cyrus-sasl2 (2.1.27~rc4-1) unstable; urgency=medium
* New upstream version 2.1.27~rc4
* Refresh patches for 2.4.27~rc4 release
-- Ondřej Surý <ondrej@debian.org> Tue, 19 Sep 2017 09:53:57 +0200
cyrus-sasl2 (2.1.27~101-g0780600+dfsg-3.1) unstable; urgency=medium
* Non-maintainer upload with maintainer permission.
* Add support for build-profiles. (Closes: #894297)
-- Karsten Merker <merker@debian.org> Sat, 21 Apr 2018 18:20:16 +0200
libdbus-glib-1-2 (built from dbus-glib) updated from 0.110-2 to 0.110-5fakssync1:
dbus-glib (0.110-5fakssync1) focal; urgency=medium
* d/salsa-ci.yml: Request standard CI on salsa.debian.org
* d/rules: Remove migration path from libdbus-glib-1-2-dbg, which
was not in stretch or buster
* Standards-Version: 4.4.1 (no changes required)
* d/tests/build: Use correct compiler for proposed autopkgtest
cross-architecture testing support. Thanks, Steve Langasek
(Closes: #946303)
* d/tests/build: Remove support for ancient autopkgtest versions.
AUTOPKGTEST_TMP is now required to be set, and we do not fall back
to the deprecated ADTTMP.
-- Simon McVittie <smcv@debian.org> Mon, 09 Dec 2019 17:16:57 +0000
dbus-glib (0.110-4) unstable; urgency=medium
[ Helmut Grohne ]
* When cross-compiling, use the build architecture's dbus-binding-tool
by build-depending on libdbus-glib-1-dev-bin (Closes: #908798)
[ Ondřej Nový ]
* d/changelog: Remove trailing whitespaces
[ Simon McVittie ]
* d/tests/build: Add a compile/link/execute autopkgtest for dynamic
linking
* Standards-Version: 4.3.0
* d/libdbus-glib-1-dev-bin.lintian-overrides:
Override capitalization-error-in-description. The Description is
careful to distinguish between D-Bus (a protocol) and dbus
(a package implementing the D-Bus protocol).
* d/libdbus-glib-1-2.symbols: Add Build-Depends-Package
-- Simon McVittie <smcv@debian.org> Tue, 29 Jan 2019 09:44:28 +0000
dbus-glib (0.110-3) unstable; urgency=medium
[ Helmut Grohne ]
* Split dbus-binding-tool to a Multi-Arch: foreign package
(Closes: #905553)
[ Simon McVittie ]
* Set libdbus-glib-1-dev Multi-Arch: same (Closes: #873617)
* Don't install upstream ChangeLog. The upstream NEWS file remains
available in libdbus-glib-1-doc.
* Standards-Version: 4.2.0
-- Simon McVittie <smcv@debian.org> Mon, 06 Aug 2018 12:37:40 +0100
libasn1-8-heimdal, libgssapi3-heimdal, libhcrypto4-heimdal, libheimbase1-heimdal, libheimntlm0-heimdal, libhx509-5-heimdal, libkrb5-26-heimdal, libroken18-heimdal, libwind0-heimdal (built from heimdal) updated from 7.5.0+dfsg-1 to 7.7.0+dfsg-1ubuntu1:
heimdal (7.7.0+dfsg-1ubuntu1) focal; urgency=medium
* Build using python3.
-- Matthias Klose <doko@ubuntu.com> Mon, 30 Mar 2020 12:30:53 +0200
heimdal (7.7.0+dfsg-1) unstable; urgency=medium
* New upstream version.
* Fix CVE-2019-14870: The DelegationNotAllowed Kerberos feature restriction
was not being applied when processing protocol
transition requests (S4U2Self), in the AD DC KDC. Closes: #946786.
-- Brian May <bam@debian.org> Tue, 17 Dec 2019 20:23:41 +1100
heimdal (7.5.0+dfsg-3) unstable; urgency=high
* CVE-2018-16860: Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum.
Closes: #928966.
* CVE-2019-12098: Always confirm PA-PKINIT-KX for anon PKINIT.
Closes: #929064.
* Update test certificates to pre 2038 expiry. Closes: #923930.
-- Brian May <bam@debian.org> Tue, 21 May 2019 18:04:35 +1000
heimdal (7.5.0+dfsg-2.1) unstable; urgency=medium
* Non-maintainer upload
* Add patch to create headers before building (Closes: 906623)
-- Hilko Bengen <bengen@debian.org> Sun, 28 Oct 2018 15:10:44 +0100
heimdal (7.5.0+dfsg-2) unstable; urgency=medium
* Replace "MAXHOSTNAMELEN" with "MaxHostNameLen" in kdc/kx509.c for The
Hurd. Closes: #900079.
-- Brian May <bam@debian.org> Sat, 02 Jun 2018 10:01:46 +1000
iputils-arping (built from iputils) updated from 3:20161105-1ubuntu3 to 3:20190709-3:
iputils (3:20190709-3) unstable; urgency=medium
* Incorporate upstream fix for getaddrinfo handling. Thanks to Benjamin
* Poirier <benjamin.poirier@gmail.com>
(Closes: #947921)
-- Noah Meyerhans <noahm@debian.org> Thu, 30 Jan 2020 15:11:23 -0800
iputils (3:20190709-2) unstable; urgency=medium
* Incorporate upstream fix for arping exit code regression
(Closes: #936080)
* Follow local file diversions when manipulating ACLs and file modes on
installed binaries.
-- Noah Meyerhans <noahm@debian.org> Sat, 05 Oct 2019 07:34:12 -0700
iputils (3:20190709-1) unstable; urgency=medium
* New upstream release
* Update to standards version 4.4.0 (no changes needed)
-- Noah Meyerhans <noahm@debian.org> Tue, 09 Jul 2019 21:06:58 -0700
iputils (3:20190515-2) unstable; urgency=medium
* Import upstream fix for FTBFS issue when setcap is not
installed. (Closes: #931491)
-- Noah Meyerhans <noahm@debian.org> Sun, 07 Jul 2019 11:21:17 -0700
iputils (3:20190515-1) sid; urgency=medium
* New upstream snapshot (Closes: #907327, #869202, #869202)
* Refresh and modernize debian/rules using dh (Closes: #648033, #928334)
* Set Multi-Arch: foreign on all binary packages (Closes: #878100)
* Raise libcap2-bin from Recommends to Depends (Closes: #780721)
* Update to standards version 4.3.0
-- Noah Meyerhans <noahm@debian.org> Fri, 05 Jul 2019 15:49:21 -0700
iputils (3:20180629-2) unstable; urgency=medium
* Upstream no longer maintains the RELNOTES or README files in a useful
way, so we won't install them. (Closes: #904912)
-- Noah Meyerhans <noahm@debian.org> Fri, 03 Aug 2018 09:53:09 -0700
iputils (3:20180629-1) unstable; urgency=medium
* New upstream snapshot. (Closes: #858272, #898978, #477569, #883982)
* Update build deps to reflect changes to documentation generation
process.
* Update Vcs links in debian/control to reflect the salsa migration.
* Update standards version to 4.1.4
* Change Priority: extra to Priority: optional per policy 4.0.1
-- Noah Meyerhans <noahm@debian.org> Fri, 29 Jun 2018 22:03:19 -0700
libjansson4 (built from jansson) updated from 2.11-1 to 2.12-1build1:
jansson (2.12-1build1) disco; urgency=medium
* No change rebuild to see if fPIC is picked up
-- Gianfranco Costamagna <locutusofborg@debian.org> Sat, 12 Jan 2019 12:18:17 +0100
jansson (2.12-1) unstable; urgency=medium
* New upstream release
* Bump Standards-Version to 4.2.1 (no change needed)
* Mark libjansson-doc Multi-Arch: foreign
-- Alessandro Ghedini <ghedo@debian.org> Sat, 15 Dec 2018 12:04:59 +0000
libndp0 (built from libndp) updated from 1.6-1 to 1.7-0ubuntu1:
libndp (1.7-0ubuntu1) eoan; urgency=medium
* New upstream version
-- Sebastien Bacher <seb128@ubuntu.com> Sat, 24 Aug 2019 14:38:16 +0300
libpcap0.8 (built from libpcap) updated from 1.8.1-6ubuntu1.18.04.1 to 1.9.1-3:
libpcap (1.9.1-3) unstable; urgency=medium
* Drop debian/patches/bluez-build.diff (closes: #954181).
-- Romain Francoise <rfrancoise@debian.org> Mon, 23 Mar 2020 20:17:44 +0100
libpcap (1.9.1-2) unstable; urgency=medium
* Fix FTBFS on Hurd.
* Bump Standards-Version to 4.4.1.
-- Romain Francoise <rfrancoise@debian.org> Tue, 08 Oct 2019 13:37:31 +0200
libpcap (1.9.1-1) unstable; urgency=medium
* New upstream release, fixes CVE-2018-16301 and CVE-2019-15165
(closes: #941697).
* Export new symbol `pcap_datalink_val_to_description_or_dlt'.
-- Romain Francoise <rfrancoise@debian.org> Sun, 06 Oct 2019 17:54:57 +0200
libpcap (1.9.0-2) unstable; urgency=medium
[ Luca Boccassi ]
* Install upstream pkg-config file (closes: #922219).
[ Romain Francoise ]
* Bump Standards-Version to 4.4.0.
* Upload to unstable.
-- Romain Francoise <rfrancoise@debian.org> Sat, 13 Jul 2019 20:48:26 +0200
libpcap (1.9.0-1) experimental; urgency=medium
* New upstream release:
+ API additions: pcap_bufsize(), pcap_dump_ftell64(),
pcap_get_required_select_timeout() and pcap_set_protocol_linux()
(only on Linux).
+ Fixes issues with capture length for D-Bus (closes: #846241).
* Cherry-pick commit dcda937d4715 from upstream Git to fix issues with
VLAN filtering (closes: #909749).
-- Romain Francoise <rfrancoise@debian.org> Sun, 04 Nov 2018 18:18:37 +0100
libpsl5 (built from libpsl) updated from 0.19.1-5build1 to 0.21.0-1ubuntu1:
libpsl (0.21.0-1ubuntu1) focal; urgency=medium
* Make autopkgtests cross-arch-friendly: don't include a test dep on
diffutils, which is essential.
-- Steve Langasek <steve.langasek@ubuntu.com> Tue, 31 Mar 2020 09:33:53 -0700
libpsl (0.21.0-1) unstable; urgency=medium
* New upstream release
* standards-version: bump to 4.5.0 (no changes needed)
* wrap-and-sort -ast for d/tests/control
* move to dh 12
* import patches from upstream (closes: #945243)
* added Build-Depends line to libpsl5.symbols
* install manpages from upstream installation, not source
* deliberately avoid installing .la files
* dh_missing: use --fail-missing
* avoid lintian warnings about fuzzer inputs
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 04 Mar 2020 12:39:16 -0500
libpsl (0.20.2-2) unstable; urgency=medium
* correct dependencies for autopkgtest
* Standards-Version: bump to 4.2.1 (no changes needed)
* d/watch: go simple, avoid uupdate
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 15 Oct 2018 15:11:19 -0400
libpsl (0.20.2-1) unstable; urgency=medium
* new upstream version
* Standards-Version: bump to 4.1.4 (no changes needed)
* refresh patches (dropping those already applied upstream)
* drop trailing whitepsace from debian/changelog
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 31 May 2018 10:55:01 -0400
libpsl (0.20.1-1) unstable; urgency=medium
* New upstream version
* refresh patches
* fix upstream spelling errors
* d/changelog: fix spelling errors
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fri, 23 Mar 2018 11:30:17 +0000
libteamdctl0 (built from libteam) updated from 1.26-1 to 1.30-1:
libteam (1.30-1) unstable; urgency=medium
* New upstream release.
* Standards-Version: 4.4.1.
* Re-named: "debian/TODO.Debian" --> "debian/TODO".
-- Dmitry Smirnov <onlyjob@debian.org> Mon, 13 Jan 2020 12:55:39 +1100
libteam (1.29-1) unstable; urgency=medium
* New upstream release (Closes: #934610).
-- Dmitry Smirnov <onlyjob@debian.org> Fri, 15 Nov 2019 20:55:40 +1100
libteam (1.28-1) unstable; urgency=medium
[ OndĹej NovĂ˝ ]
* d/copyright: Change Format URL to correct one
[ Dmitry Smirnov ]
* New upstream release (Closes: #919675).
* Standards-Version: 4.3.0.
-- Dmitry Smirnov <onlyjob@debian.org> Sun, 27 Jan 2019 20:16:14 +1100
libteam (1.27-1) unstable; urgency=medium
* New upstream release.
* Vcs URLs to Salsa.
* Standards-Version: 4.1.5.
* debhelper & compat to version 11.
-- Dmitry Smirnov <onlyjob@debian.org> Fri, 27 Jul 2018 03:00:18 +1000
libmm-glib0 (built from modemmanager) updated from 1.10.0-1~ubuntu18.04.2 to 1.12.8-1:
modemmanager (1.12.8-1) unstable; urgency=medium
* New upstream version
-- Sebastien Bacher <seb128@ubuntu.com> Fri, 10 Apr 2020 17:34:03 +0200
modemmanager (1.12.6-1) unstable; urgency=medium
* New upstream version
* debian/control:
- updated qmi requirement
* debian/libmm-glib0.symbols:
- refreshed the symbols for the new version
-- Sebastien Bacher <seb128@ubuntu.com> Thu, 27 Feb 2020 21:23:17 +0100
modemmanager (1.10.4-0.1) unstable; urgency=medium
* Non-maintainer upload.
* New upstream release
* debian/patches/error-propagation-fix.patch: Removed, included
upstream.
* debian/control: Update build dependencies as now libqmi >= 1.22.4 is
required.
* debian/modemmanager.install: Also install /usr/share/ModemManager,
for the new carrier mapping files.
* debian/libmm-glib0.symbols: Updated symbols.
-- Till Kamppeter <till.kamppeter@gmail.com> Tue, 20 Aug 2019 20:37:03 +0200
modemmanager (1.10.0-1) unstable; urgency=medium
* New upstream release
* debian/control: Update build dependencies as now libmbim >= 1.18.0 and
libqmi >= 1.22.0 are required.
* debian/libmm-glib0.symbols: update symbols for new release.
-- Till Kamppeter <till.kamppeter@gmail.com> Tue, 05 Feb 2019 23:40:29 +0100
libnewt0.52 (built from newt) updated from 0.52.20-1ubuntu1 to 0.52.21-4ubuntu2:
newt (0.52.21-4ubuntu2) focal; urgency=medium
* No-change rebuild to drop python3.7.
-- Matthias Klose <doko@ubuntu.com> Tue, 18 Feb 2020 10:21:04 +0100
newt (0.52.21-4ubuntu1) focal; urgency=low
* Merge from Debian unstable. Remaining changes:
- Install/remove alternatives for the ubuntu palette.
- Don't install python-newt example files.
- Add correct build-dependencies on python3-all-dbg and
libpython3-all-dbg, needed due to debian/patches/snack.patch.
- Revert Debian's dropping of /etc/newt/palette.original, used as an
alternative in Ubuntu.
- Remove libnewt0.52.preinst altogether, which contains destructive
operations with none of the appropriate version guards.
- Drop call to update-alternatives --auto in our postinst, which would
clobber the user's settings.
-- Steve Langasek <steve.langasek@ubuntu.com> Thu, 13 Feb 2020 11:44:47 -0800
newt (0.52.21-4) unstable; urgency=medium
* Switch from sgmltools-lite to docbook-utils for py2, sgmltools orphaned.
Closes: #946880
* Standards-Version: 4.4.1.0
-- Alastair McKinstry <mckinstry@debian.org> Tue, 17 Dec 2019 07:32:55 +0000
newt (0.52.21-3ubuntu1) focal; urgency=low
* Merge from Debian unstable. Remaining changes:
- Install/remove alternatives for the ubuntu palette.
- Don't install python-newt example files.
- Add correct build-dependencies on python3-all-dbg and
libpython3-all-dbg, needed due to debian/patches/snack.patch.
- Revert Debian's dropping of /etc/newt/palette.original, used as an
alternative in Ubuntu.
- Remove libnewt0.52.preinst altogether, which contains destructive
operations with none of the appropriate version guards.
- Drop call to update-alternatives --auto in our postinst, which would
clobber the user's settings.
-- Steve Langasek <steve.langasek@ubuntu.com> Fri, 18 Oct 2019 14:54:37 -0700
newt (0.52.21-3) unstable; urgency=medium
* Move to Standards-Version: 4.4.0
* Drop reference to libpython-dev. Closes: #937133
* Use debhelper-compat (= 12)
* Drop --add-udeb in dh_makeshlibs, for dh 12
-- Alastair McKinstry <mckinstry@debian.org> Sun, 01 Sep 2019 16:59:14 +0100
newt (0.52.21-2ubuntu1) eoan; urgency=low
* Merge from Debian unstable. Remaining changes:
- Install/remove alternatives for the ubuntu palette.
- Don't install python-newt example files.
- Add correct build-dependencies on python3-all-dbg and
libpython3-all-dbg, needed due to debian/patches/snack.patch.
- Revert Debian's dropping of /etc/newt/palette.original, used as an
alternative in Ubuntu.
- Remove libnewt0.52.preinst altogether, which contains destructive
operations with none of the appropriate version guards.
- Drop call to update-alternatives --auto in our postinst, which would
clobber the user's settings.
-- Steve Langasek <steve.langasek@ubuntu.com> Mon, 15 Jul 2019 22:16:32 -0700
newt (0.52.21-2) unstable; urgency=medium
* Standards-Version: 4.3.0
* Drop python-newt for python2 transition
-- Alastair McKinstry <mckinstry@debian.org> Sun, 14 Jul 2019 12:14:59 +0100
newt (0.52.21-1ubuntu1) eoan; urgency=low
* Merge from Debian unstable. Remaining changes:
- Install/remove alternatives for the ubuntu palette.
- Don't install python-newt example files.
- Add correct build-dependencies on python{3,}-all-dbg, needed due to
debian/patches/snack.patch.
- Revert Debian's dropping of /etc/newt/palette.original, used as an
alternative in Ubuntu.
- Remove libnewt0.52.preinst altogether, which contains destructive
operations with none of the appropriate version guards.
- Drop call to update-alternatives --auto in our postinst, which would
clobber the user's settings.
-- Steve Langasek <steve.langasek@ubuntu.com> Wed, 19 Jun 2019 14:05:19 -0700
newt (0.52.21-1) unstable; urgency=medium
* New upstream release
* Use debhelper 12
* example files now ship in ./ not ./build-tree/*/*§
-- Alastair McKinstry <mckinstry@debian.org> Sun, 16 Jun 2019 13:56:51 +0100
newt (0.52.20-8ubuntu2) eoan; urgency=medium
* Revert Debian's dropping of /etc/newt/palette.original, used as an
alternative in Ubuntu.
* Remove libnewt0.52.preinst altogether, which contains destructive
operations with none of the appropriate version guards.
* Drop call to update-alternatives --auto in our postinst, which would
clobber the user's settings.
-- Steve Langasek <steve.langasek@ubuntu.com> Mon, 29 Apr 2019 15:54:40 -0700
newt (0.52.20-8ubuntu1) eoan; urgency=low
* Merge from Debian unstable. Remaining changes:
- Fix python-* package descriptions.
- Install/remove alternatives for the ubuntu palette.
- Don't install python-newt example files.
* Dropped changes:
- "Revert the stage1 changes": not a delta that's worth carrying.
- Install library into /lib instead of /usr/lib: no longer relevant as
/usr is now guaranteed to be mounted early in boot.
- Install whiptail in /bin instead of /usr/bin: no longer relevant.
-- Steve Langasek <steve.langasek@ubuntu.com> Mon, 29 Apr 2019 10:41:12 -0700
newt (0.52.20-8) unstable; urgency=medium
* Don't ship /etc/newt/palette.original. Closes: #909030
-- Alastair McKinstry <mckinstry@debian.org> Thu, 27 Sep 2018 12:36:41 +0100
newt (0.52.20-7) unstable; urgency=medium
* Standards-Version: 4.2.1; no changes required
* Don't hard-code Automake version. Closes: #908739
* Grammar fix in description. Closes: #908740
* Close vcs reference bug. Closes: #572753
* Delete old palette.original files, too. Closes: #784390
-- Alastair McKinstry <mckinstry@debian.org> Mon, 17 Sep 2018 13:58:51 +0100
newt (0.52.20-6ubuntu2) disco; urgency=medium
* No-change rebuild to build without python3.6 support.
-- Matthias Klose <doko@ubuntu.com> Sat, 03 Nov 2018 12:07:52 +0000
newt (0.52.20-6ubuntu1) cosmic; urgency=low
* Merge from Debian unstable. Remaining changes:
- Fix python-* package descriptions.
- Install/remove alternatives for the ubuntu palette.
- Don't install python-newt example files.
- Install whiptail in /bin instead of /usr/bin.
- Install library into /lib instead of /usr/lib.
- Revert the stage1 changes, the package can be cross-built without it.
- Follow /lib install change for udeb as well
-- Julian Andres Klode <juliank@ubuntu.com> Thu, 13 Sep 2018 12:16:53 +0200
newt (0.52.20-6) unstable; urgency=medium
* Bump automake version to 1.16. Closes: #906494
* Standards=Version: 4.2.0; no changes required
-- Alastair McKinstry <mckinstry@debian.org> Sat, 18 Aug 2018 17:32:23 +0100
newt (0.52.20-5) unstable; urgency=medium
* Drop ancient X-Python*-Version statements from d/control
* Standards-Version: 4.1.4; no changes required
* Rebuild against python3.7
-- Alastair McKinstry <mckinstry@debian.org> Thu, 28 Jun 2018 09:50:38 +0100
newt (0.52.20-4ubuntu3) cosmic; urgency=medium
* Renable libnewt0.52-udeb as this is needed by cdebconf-terminal
and transitivly debian-installer.
-- Andy Whitcroft <apw@canonical.com> Wed, 15 Aug 2018 16:51:43 +0100
newt (0.52.20-4ubuntu2) cosmic; urgency=medium
* No-change rebuild to build for python3.7.
-- Matthias Klose <doko@ubuntu.com> Thu, 28 Jun 2018 06:53:58 +0000
newt (0.52.20-4ubuntu1) cosmic; urgency=low
* Merge from Debian unstable. Remaining changes:
- Fix python-* package descriptions.
- Install/remove alternatives for the ubuntu palette.
- Don't install python-newt example files.
- Install whiptail in /bin instead of /usr/bin.
- Install library into /lib instead of /usr/lib.
- Revert the stage1 changes, the package can be cross-built without it.
* Follow /lib install change for udeb as well
* Disable libnewt0.52-udeb for now
-- Julian Andres Klode <juliank@ubuntu.com> Mon, 28 May 2018 17:39:26 +0200
newt (0.52.20-4) unstable; urgency=medium
* Drop Priority: important for whiptail, to minimize system size.
Closes: #893563
* Replace dependency of newt-tcl from tcl8.3 | tcl8.4 | tcl8.5 to tcl8.6
since the package is built using Tcl 8.6. Closes: #893136
* Minor corrections to whiptail.1 by Bjarni Ingi Gislason.
Closes: #890044
* Drop references to obsolete dbg packages, dependencies
-- Alastair McKinstry <mckinstry@debian.org> Mon, 19 Mar 2018 13:07:22 +0000
newt (0.52.20-3) unstable; urgency=medium
* Create udeb. Closes: #871033
* Update watch file to look at releases.pagure.io
* Delete obsolete patches
* Set VCS to salsa.debian.org/mckinstry/newt
-- Alastair McKinstry <mckinstry@debian.org> Wed, 07 Mar 2018 15:31:56 +0000
newt (0.52.20-2) unstable; urgency=medium
* Standards-Version: 4.1.3
* Drop Priority: extra in favour of optional
* Drop Priority: important on lib package
* Drop dh-autoconf, autoconf B-D as automatic on DH 10
* Change homepage to https://pagure.io/newt
* Drop broken VCS-Git
* Drop obsolete pre-depends
* Drop obsolete alternatives. Closes: #868056
* Delete old /etc/newt/palette if left over on previous install
* Fix fail-to-crossbuild due to Python dependencies.
Thanks to Helmut Grohe. Closes: #888300
-- Alastair McKinstry <mckinstry@debian.org> Tue, 30 Jan 2018 08:46:27 +0000
libnghttp2-14 (built from nghttp2) updated from 1.30.0-1ubuntu1 to 1.40.0-1build1:
nghttp2 (1.40.0-1build1) focal; urgency=medium
* No-change rebuild for libgcc-s1 package name change.
-- Matthias Klose <doko@ubuntu.com> Sun, 22 Mar 2020 16:51:32 +0100
nghttp2 (1.40.0-1) unstable; urgency=medium
* New upstream release 1.40.0
-- Tomasz Buchert <tomasz@debian.org> Tue, 19 Nov 2019 09:15:49 +0100
nghttp2 (1.39.2-1) unstable; urgency=medium
* New upstream release 1.39.2 (Closes: #934762)
-- Tomasz Buchert <tomasz@debian.org> Thu, 15 Aug 2019 21:14:38 +0200
nghttp2 (1.39.1-1) experimental; urgency=medium
* New upstream release 1.39.1
-- Tomasz Buchert <tomasz@debian.org> Sat, 22 Jun 2019 13:14:11 +0200
nghttp2 (1.38.0-1) experimental; urgency=medium
* New upstream release 1.38.0
-- Tomasz Buchert <tomasz@debian.org> Sun, 05 May 2019 16:45:50 +0200
nghttp2 (1.37.0-1) unstable; urgency=medium
* New upstream release 1.37.0
-- Tomasz Buchert <tomasz@debian.org> Sun, 17 Mar 2019 12:41:37 +0100
nghttp2 (1.36.0-2) unstable; urgency=medium
* d/*: drop support for spdy (Closes: #920988)
-- Tomasz Buchert <tomasz@debian.org> Sun, 03 Feb 2019 10:53:17 -0800
nghttp2 (1.36.0-1) unstable; urgency=medium
* Packaging refresh (debhelper 12, std-ver 4.3.0)
* New upstream release 1.36.0
-- Tomasz Buchert <tomasz@debian.org> Wed, 23 Jan 2019 09:32:13 +0100
nghttp2 (1.35.1-1) unstable; urgency=medium
* New upstream version 1.35.1
-- Tomasz Buchert <tomasz@debian.org> Fri, 14 Dec 2018 10:03:56 +0100
nghttp2 (1.35.0-1) unstable; urgency=medium
* New upstream version 1.35.0
-- Tomasz Buchert <tomasz@debian.org> Mon, 26 Nov 2018 00:35:43 +0100
nghttp2 (1.34.0-1) unstable; urgency=medium
* Imported upstream version 1.34.0
-- Tomasz Buchert <tomasz@debian.org> Thu, 11 Oct 2018 08:04:01 +0200
nghttp2 (1.33.0-1) unstable; urgency=medium
* Imported upstream version 1.33.0
-- Tomasz Buchert <tomasz@debian.org> Fri, 07 Sep 2018 00:49:22 +0200
nghttp2 (1.32.1-1) unstable; urgency=medium
* Imported upstream version 1.32.1
* Update debian control with "cme fix dpkg-control"
-- Tomasz Buchert <tomasz@debian.org> Sat, 01 Sep 2018 12:02:10 +0200
nghttp2 (1.32.0-1) unstable; urgency=medium
* Imported upstream version 1.32.0
-- Tomasz Buchert <tomasz@debian.org> Sat, 19 May 2018 15:01:25 +0200
nghttp2 (1.31.1-1) unstable; urgency=medium
* Imported upstream version 1.31.1 (fixes CVE-2018-1000168)
-- Tomasz Buchert <tomasz@debian.org> Sat, 21 Apr 2018 19:35:33 +0200
nghttp2 (1.31.0-1) unstable; urgency=medium
* Imported upstream version 1.31.0
* Update symbols of libnghttp2
-- Tomasz Buchert <tomasz@debian.org> Tue, 06 Mar 2018 00:06:34 +0100
libldap-2.4-2 (built from openldap) updated from 2.4.45+dfsg-1ubuntu1.4 to 2.4.49+dfsg-2ubuntu1.2:
openldap (2.4.49+dfsg-2ubuntu1.2) focal-security; urgency=medium
* SECURITY UPDATE: denial of service via nested search filters
- debian/patches/CVE-2020-12243.patch: limit depth of nested filters in
servers/slapd/filter.c.
- debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because of
test timing issue.
- CVE-2020-12243
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 01 May 2020 13:09:12 -0400
openldap (2.4.49+dfsg-2ubuntu1) focal; urgency=medium
* Merge with Debian unstable (LP: #1866303). Remaining changes:
- Enable AppArmor support:
- d/apparmor-profile: add AppArmor profile
- d/rules: use dh_apparmor
- d/control: Build-Depends on dh-apparmor
- d/slapd.README.Debian: add note about AppArmor
- Enable GSSAPI support:
- d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
- Add --with-gssapi support
- Make guess_service_principal() more robust when determining
principal
[Dropped the ldap_gssapi_bind_s() hunk as that is already
- d/configure.options: Configure with --with-gssapi
- d/control: Added heimdal-dev as a build depend
- d/rules:
- Explicitly add -I/usr/include/heimdal to CFLAGS.
- Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
- Enable ufw support:
- d/control: suggest ufw.
- d/rules: install ufw profile.
- d/slapd.ufw.profile: add ufw profile.
- Enable nss overlay:
- d/rules:
- add nssov to CONTRIB_MODULES
- add sysconfdir to CONTRIB_MAKEVARS
- d/slapd.install:
- install nssov overlay
- d/slapd.manpages:
- install slapo-nssov(5) man page
- d/{rules,slapd.py}: Add apport hook.
- d/slapd.init.ldif: don't set olcRootDN since it's not defined in
either the default DIT nor via an Authn mapping.
- d/slapd.scripts-common:
- add slapcat_opts to local variables.
- Fix backup directory naming for multiple reconfiguration.
- d/{slapd.default,slapd.README.Debian}: use the new configuration style.
- d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
in the openldap library, as required by Likewise-Open
- Show distribution in version:
- d/control: added lsb-release
- d/patches/fix-ldap-distribution.patch: show distribution in version
- d/libldap-2.4-2.symbols: Add symbols not present in Debian.
- CLDAP (UDP) was added in 2.4.17-1ubuntu2
- GSSAPI support was enabled in 2.4.18-0ubuntu2
- d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
Debian bug #919136, we also have to patch the nssov makefile
accordingly and thus update this patch.
-- Andreas Hasenack <andreas@canonical.com> Fri, 06 Mar 2020 11:39:12 -0300
openldap (2.4.49+dfsg-2) unstable; urgency=medium
* slapd.README.Debian: Document the initial setup performed by slapd's
maintainer scripts in more detail. Thanks to Karl O. Pinc.
(Closes: #952501)
* Import upstream patch to fix slapd crashing in certain configurations when
a client attempts a login to a locked account.
(ITS#9171) (Closes: #953150)
-- Ryan Tandy <ryan@nardis.ca> Thu, 05 Mar 2020 12:59:46 -0800
openldap (2.4.49+dfsg-1ubuntu1) focal; urgency=medium
* Merge with Debian unstable. Remaining changes:
- Enable AppArmor support:
- d/apparmor-profile: add AppArmor profile
- d/rules: use dh_apparmor
- d/control: Build-Depends on dh-apparmor
- d/slapd.README.Debian: add note about AppArmor
- Enable GSSAPI support:
- d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
- Add --with-gssapi support
- Make guess_service_principal() more robust when determining
principal
[Dropped the ldap_gssapi_bind_s() hunk as that is already
- d/configure.options: Configure with --with-gssapi
- d/control: Added heimdal-dev as a build depend
- d/rules:
- Explicitly add -I/usr/include/heimdal to CFLAGS.
- Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
- Enable ufw support:
- d/control: suggest ufw.
- d/rules: install ufw profile.
- d/slapd.ufw.profile: add ufw profile.
- Enable nss overlay:
- d/rules:
- add nssov to CONTRIB_MODULES
- add sysconfdir to CONTRIB_MAKEVARS
- d/slapd.install:
- install nssov overlay
- d/slapd.manpages:
- install slapo-nssov(5) man page
- d/{rules,slapd.py}: Add apport hook.
- d/slapd.init.ldif: don't set olcRootDN since it's not defined in
either the default DIT nor via an Authn mapping.
- d/slapd.scripts-common:
- add slapcat_opts to local variables.
- Fix backup directory naming for multiple reconfiguration.
- d/{slapd.default,slapd.README.Debian}: use the new configuration style.
- d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
in the openldap library, as required by Likewise-Open
- Show distribution in version:
- d/control: added lsb-release
- d/patches/fix-ldap-distribution.patch: show distribution in version
- d/libldap-2.4-2.symbols: Add symbols not present in Debian.
- CLDAP (UDP) was added in 2.4.17-1ubuntu2
- GSSAPI support was enabled in 2.4.18-0ubuntu2
- d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
Debian bug #919136, we also have to patch the nssov makefile
accordingly and thus update this patch.
* Dropped:
- d/control: slapd can depend on perl:any since it only uses perl for
some maintainer and helper scripts.
[In 2.4.49+dfsg-1]
-- Andreas Hasenack <andreas@canonical.com> Mon, 10 Feb 2020 12:13:47 -0300
openldap (2.4.49+dfsg-1) unstable; urgency=medium
* New upstream release.
- Drop patch no-gnutls_global_set_mutex, applied upstream.
* When validating the DNS domain chosen for slapd's default suffix, set
LC_COLLATE explicitly for grep to ensure character ranges behave as
expected. Thanks to Fredrik Roubert. (Closes: #940908)
* Backport proposed upstream patch to emit detailed messages about errors in
the TLS configuration. (ITS#9086) (Closes: #837341)
* slapd.scripts-common: Delete unused copy_example_DB_CONFIG function.
* Remove debconf support for choosing a database backend. Always use the
LMDB backend for new installs, as recommended by upstream.
* Remove the empty olcBackend section from the default configuration.
* Remove the unused slapd.conf template from /usr/share/slapd. Continue
shipping it as an example in /usr/share/doc/slapd.
* Fix a typo in index-files-created-as-root patch.
Thanks to Quanah Gibson-Mount.
* Annotate slapd's Depends on perl with :any. Fixes installation of
foreign-arch slapd. Thanks to Andreas Hasenack.
* Rename 'stage1' build profile to 'pkg.openldap.noslapd'.
Thanks to Helmut Grohne. (Closes: #949722)
* Drop Build-Conflicts: libicu-dev as upstream's configure no longer tests
for or links with libicu.
* Note ITS#9126 recommendation in slapd.NEWS.
* Update Standards-Version to 4.5.0; no changes required.
-- Ryan Tandy <ryan@nardis.ca> Thu, 06 Feb 2020 10:08:12 -0800
openldap (2.4.48+dfsg-1ubuntu4) focal; urgency=medium
* d/control: slapd can depend on perl:any since it only uses perl for
some maintainer and helper scripts. The perl backend links against
the correct architecture perl libraries already. Can be dropped
after https://salsa.debian.org/openldap-team/openldap/commit/794c736
is in a Debian upload.
-- Andreas Hasenack <andreas@canonical.com> Mon, 06 Jan 2020 16:46:11 -0300
openldap (2.4.48+dfsg-1ubuntu3) focal; urgency=medium
* No-change rebuild against libnettle7
-- Steve Langasek <steve.langasek@ubuntu.com> Thu, 31 Oct 2019 22:13:44 +0000
openldap (2.4.48+dfsg-1ubuntu2) focal; urgency=medium
* No-change rebuild for the perl update.
-- Matthias Klose <doko@ubuntu.com> Fri, 18 Oct 2019 19:37:23 +0000
openldap (2.4.48+dfsg-1ubuntu1) eoan; urgency=medium
* Merge with Debian unstable. Remaining changes:
- Enable AppArmor support:
- d/apparmor-profile: add AppArmor profile
- d/rules: use dh_apparmor
- d/control: Build-Depends on dh-apparmor
- d/slapd.README.Debian: add note about AppArmor
- Enable GSSAPI support:
- d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
- Add --with-gssapi support
- Make guess_service_principal() more robust when determining
principal
- d/configure.options: Configure with --with-gssapi
- d/control: Added heimdal-dev as a build depend
- d/rules:
- Explicitly add -I/usr/include/heimdal to CFLAGS.
- Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
- Enable ufw support:
- d/control: suggest ufw.
- d/rules: install ufw profile.
- d/slapd.ufw.profile: add ufw profile.
- Enable nss overlay:
- d/rules:
- add nssov to CONTRIB_MODULES
- add sysconfdir to CONTRIB_MAKEVARS
- d/slapd.install:
- install nssov overlay
- d/slapd.manpages:
- install slapo-nssov(5) man page
- d/{rules,slapd.py}: Add apport hook.
- d/slapd.init.ldif: don't set olcRootDN since it's not defined in
either the default DIT nor via an Authn mapping.
- d/slapd.scripts-common:
- add slapcat_opts to local variables.
- Fix backup directory naming for multiple reconfiguration.
- d/{slapd.default,slapd.README.Debian}: use the new configuration style.
- d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
in the openldap library, as required by Likewise-Open
- Show distribution in version:
- d/control: added lsb-release
- d/patches/fix-ldap-distribution.patch: show distribution in version
- d/libldap-2.4-2.symbols: Add symbols not present in Debian.
- CLDAP (UDP) was added in 2.4.17-1ubuntu2
- GSSAPI support was enabled in 2.4.18-0ubuntu2
- d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
Debian bug #919136, we also have to patch the nssov makefile
accordingly and thus update this patch.
* Dropped:
- Fix sysv-generator unit file by customizing parameters (LP #1821343)
+ d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow
correct systemctl status for slapd daemon.
+ d/slapd.install: place override file in correct location.
[Included in 2.4.48+dfsg-1]
- SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases
+ debian/patches/CVE-2019-13057-1.patch: add restriction to
servers/slapd/saslauthz.c.
+ debian/patches/CVE-2019-13057-2.patch: add tests to
tests/data/idassert.out, tests/data/slapd-idassert.conf,
tests/data/test-idassert1.ldif, tests/scripts/test028-idassert.
+ debian/patches/CVE-2019-13057-3.patch: fix typo in
tests/scripts/test028-idassert.
+ debian/patches/CVE-2019-13057-4.patch: fix typo in
tests/scripts/test028-idassert.
+ CVE-2019-13057
[Fixed upstream]
- SECURITY UPDATE: SASL SSF not initialized per connection
+ debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in
connection_init in servers/slapd/connection.c.
+ CVE-2019-13565
[Fixed upstream]
-- Andreas Hasenack <andreas@canonical.com> Wed, 31 Jul 2019 18:01:14 -0300
openldap (2.4.48+dfsg-1) unstable; urgency=medium
* New upstream release.
- fixed slapd to restrict rootDN proxyauthz to its own databases
(CVE-2019-13057) (ITS#9038) (Closes: #932997)
- fixed slapd to enforce sasl_ssf ACL statement on every connection
(CVE-2019-13565) (ITS#9052) (Closes: #932998)
- added new openldap.h header with OpenLDAP specific libldap interfaces
(ITS#8671)
- updated lastbind overlay to support forwarding authTimestamp updates
(ITS#7721) (Closes: #880656)
* Update Standards-Version to 4.4.0.
* Add a systemd drop-in to set RemainAfterExit=no on the slapd service, so
that systemd marks the service as dead after it crashes or is killed.
Thanks to Heitor Alves de Siqueira. (Closes: #926657, LP: #1821343)
* Use more entropy for generating a random admin password, if none was set
during initial configuration. Thanks to Judicael Courant.
(Closes: #932270)
* Replace debian/rules calls to dpkg-architecture and dpkg-parsechangelog
with variables provided by dpkg-dev includes.
* Declare R³: no.
* Create a simple autopkgtest that tests installing slapd and connecting to
it with an ldap tool.
* Install the new openldap.h header in libldap2-dev.
-- Ryan Tandy <ryan@nardis.ca> Thu, 25 Jul 2019 08:32:00 -0700
openldap (2.4.47+dfsg-3ubuntu3) eoan; urgency=medium
* SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases
- debian/patches/CVE-2019-13057-1.patch: add restriction to
servers/slapd/saslauthz.c.
- debian/patches/CVE-2019-13057-2.patch: add tests to
tests/data/idassert.out, tests/data/slapd-idassert.conf,
tests/data/test-idassert1.ldif, tests/scripts/test028-idassert.
- debian/patches/CVE-2019-13057-3.patch: fix typo in
tests/scripts/test028-idassert.
- debian/patches/CVE-2019-13057-4.patch: fix typo in
tests/scripts/test028-idassert.
- CVE-2019-13057
* SECURITY UPDATE: SASL SSF not initialized per connection
- debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in
connection_init in servers/slapd/connection.c.
- CVE-2019-13565
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 26 Jul 2019 13:21:00 -0400
openldap (2.4.47+dfsg-3ubuntu2) disco; urgency=medium
* Fix sysv-generator unit file by customizing parameters (LP: #1821343)
- d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow
correct systemctl status for slapd daemon.
- d/slapd.install: place override file in correct location.
-- Heitor Alves de Siqueira <halves@canonical.com> Mon, 08 Apr 2019 12:39:12 -0300
openldap (2.4.47+dfsg-3ubuntu1) disco; urgency=medium
* Merge with Debian unstable. Remaining changes:
- Enable AppArmor support:
- d/apparmor-profile: add AppArmor profile
- d/rules: use dh_apparmor
- d/control: Build-Depends on dh-apparmor
- d/slapd.README.Debian: add note about AppArmor
- Enable GSSAPI support:
- d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
- Add --with-gssapi support
- Make guess_service_principal() more robust when determining
principal
- d/configure.options: Configure with --with-gssapi
- d/control: Added heimdal-dev as a build depend
- d/rules:
- Explicitly add -I/usr/include/heimdal to CFLAGS.
- Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
- Enable ufw support:
- d/control: suggest ufw.
- d/rules: install ufw profile.
- d/slapd.ufw.profile: add ufw profile.
- Enable nss overlay:
- d/rules:
- add nssov to CONTRIB_MODULES
- add sysconfdir to CONTRIB_MAKEVARS
- d/slapd.install:
- install nssov overlay
- d/slapd.manpages:
- install slapo-nssov(5) man page
- d/{rules,slapd.py}: Add apport hook.
- d/slapd.init.ldif: don't set olcRootDN since it's not defined in
either the default DIT nor via an Authn mapping.
- d/slapd.scripts-common:
- add slapcat_opts to local variables.
- Fix backup directory naming for multiple reconfiguration.
- d/{slapd.default,slapd.README.Debian}: use the new configuration style.
- d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
in the openldap library, as required by Likewise-Open
- Show distribution in version:
- d/control: added lsb-release
- d/patches/fix-ldap-distribution.patch: show distribution in version
- d/libldap-2.4-2.symbols: Add symbols not present in Debian.
- CLDAP (UDP) was added in 2.4.17-1ubuntu2
- GSSAPI support was enabled in 2.4.18-0ubuntu2
* Added changes:
- d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
Debian bug #919136, we also have to patch the nssov makefile
accordingly and thus update this patch.
-- Andreas Hasenack <andreas@canonical.com> Mon, 11 Feb 2019 09:20:47 -0200
openldap (2.4.47+dfsg-3) unstable; urgency=medium
* Restore patches to contrib Makefiles to set CFLAGS, CPPFLAGS, and LDFLAGS
individually in the relevant command lines instead of overriding OPT. The
change to use OPT caused FTBFS on some ports arches where PIE enablement
uses spec files, by mixing compile-time and link-time flags.
(Closes: #919136)
* Fix architecture-specific path in smbk5pwd's binary-or-shlib-defines-rpath
Lintian override.
* Skip exporting cn=config to LDIF in preinst for upgrades where nothing
needs to be checked in it.
* Update Standards-Version to 4.3.0.
-- Ryan Tandy <ryan@nardis.ca> Sat, 02 Feb 2019 10:30:10 -0800
openldap (2.4.47+dfsg-2ubuntu1) disco; urgency=medium
* Merge from Debian unstable (LP: #1811630). Remaining changes:
- Enable AppArmor support:
- d/apparmor-profile: add AppArmor profile
- d/rules: use dh_apparmor
- d/control: Build-Depends on dh-apparmor
- d/slapd.README.Debian: add note about AppArmor
- Enable GSSAPI support:
- d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
- Add --with-gssapi support
- Make guess_service_principal() more robust when determining
principal
- d/configure.options: Configure with --with-gssapi
- d/control: Added heimdal-dev as a build depend
- d/rules:
- Explicitly add -I/usr/include/heimdal to CFLAGS.
- Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
- Enable ufw support:
- d/control: suggest ufw.
- d/rules: install ufw profile.
- d/slapd.ufw.profile: add ufw profile.
- Enable nss overlay:
- d/rules:
- add nssov to CONTRIB_MODULES
- add sysconfdir to CONTRIB_MAKEVARS
- d/slapd.install:
- install nssov overlay
- d/slapd.manpages:
- install slapo-nssov(5) man page
- d/{rules,slapd.py}: Add apport hook.
- d/slapd.init.ldif: don't set olcRootDN since it's not defined in
either the default DIT nor via an Authn mapping.
- d/slapd.scripts-common:
- add slapcat_opts to local variables.
- Fix backup directory naming for multiple reconfiguration.
- d/{slapd.default,slapd.README.Debian}: use the new configuration style.
- d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
in the openldap library, as required by Likewise-Open
- Show distribution in version:
- d/control: added lsb-release
- d/patches/fix-ldap-distribution.patch: show distribution in version
- d/libldap-2.4-2.symbols: Add symbols not present in Debian.
- CLDAP (UDP) was added in 2.4.17-1ubuntu2
- GSSAPI support was enabled in 2.4.18-0ubuntu2
* Update nssov build and packaging for Debian changes:
- Drop patch nssov-build
- d/rules:
- add nssov to CONTRIB_MODULES
- add sysconfdir to CONTRIB_MAKEVARS
- d/slapd.install:
- install nssov overlay
- d/slapd.manpages:
- install slapo-nssov(5) man page
-- Ryan Tandy <ryan@nardis.ca> Sun, 13 Jan 2019 04:47:09 +0000
openldap (2.4.47+dfsg-2) unstable; urgency=medium
* Reintroduce slapi-dev binary package. (Closes: #711469)
Thanks to Florian Schlichting.
* Do not call gnutls_global_set_mutex(). (Closes: #803197)
* Use dh_auto_* to build and install contrib modules.
- Stop patching the clean rule in smbk5pwd's Makefile.
* Explicitly list overlays and man pages installed by slapd package in
slapd.install and slapd.manpages files.
* Set common variables for contrib Makefiles by make(1) command line instead
of patching every Makefile.
* Build and install more contrib plugins in a new slapd-contrib package:
- pw-apr1 and pw-netscape (Closes: #592362)
- pw-pbkdf2 (Closes: #794999)
* Import the slapo-pw-pbkdf2 man page from upstream git master and install
it with the slapd-contrib package.
* Add smbk5pwd to slapd-contrib and turn slapd-smbk5pwd into a transitional
package. Drop smbk5pwd README since it now has a man page which is a
better resource for users.
- Use Breaks to ensure that slapd is not upgraded in between removing the
old smbk5pwd module and installing the new one.
* Include the apr1-atol.pl and apr1-lota.pl helper scripts in the
slapd-contrib package as examples.
* Merge remaining contrib Makefile patches into a single contrib-makefiles
patch.
-- Ryan Tandy <ryan@nardis.ca> Sat, 12 Jan 2019 11:18:03 -0800
openldap (2.4.47+dfsg-1) unstable; urgency=medium
* New upstream release.
- reverted GnuTLS handshake change in libldap as it regressed slapd
(Reopens: #861838)
* Update Standards-Version to 4.2.1.
-- Ryan Tandy <ryan@nardis.ca> Sun, 23 Dec 2018 12:50:40 -0800
openldap (2.4.46+dfsg-5ubuntu3) disco; urgency=medium
* d/apparmor-profile: update apparmor profile to allow reading of
files needed when slapd is behaving as a kerberos/gssapi client
and acquiring its own ticket. (LP: #1783183)
-- Andreas Hasenack <andreas@canonical.com> Fri, 09 Nov 2018 21:29:51 -0200
openldap (2.4.46+dfsg-5ubuntu2) disco; urgency=medium
* No-change rebuild for the perl 5.28 transition.
-- Adam Conrad <adconrad@ubuntu.com> Fri, 02 Nov 2018 18:14:37 -0600
openldap (2.4.46+dfsg-5ubuntu1) cosmic; urgency=medium
* Merge from Debian unstable. Remaining changes:
- Enable AppArmor support:
- d/apparmor-profile: add AppArmor profile
- d/rules: use dh_apparmor
- d/control: Build-Depends on dh-apparmor
- d/slapd.README.Debian: add note about AppArmor
- Enable GSSAPI support:
- d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
- Add --with-gssapi support
- Make guess_service_principal() more robust when determining
principal
- d/configure.options: Configure with --with-gssapi
- d/control: Added heimdal-dev as a build depend
- d/rules:
- Explicitly add -I/usr/include/heimdal to CFLAGS.
- Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
- Enable ufw support:
- d/control: suggest ufw.
- d/rules: install ufw profile.
- d/slapd.ufw.profile: add ufw profile.
- Enable nss overlay:
- d/{patches/nssov-build,rules}: Apply, build and package the
nss overlay.
- d/{rules,slapd.py}: Add apport hook.
- d/slapd.init.ldif: don't set olcRootDN since it's not defined in
either the default DIT nor via an Authn mapping.
- d/slapd.scripts-common:
- add slapcat_opts to local variables.
- Fix backup directory naming for multiple reconfiguration.
- d/{slapd.default,slapd.README.Debian}: use the new configuration style.
- d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
in the openldap library, as required by Likewise-Open
- Show distribution in version:
- d/control: added lsb-release
- d/patches/fix-ldap-distribution.patch: show distribution in version
- d/libldap-2.4-2.symbols: Add symbols not present in Debian.
- CLDAP (UDP) was added in 2.4.17-1ubuntu2
- GSSAPI support was enabled in 2.4.18-0ubuntu2
-- Gianfranco Costamagna <locutusofborg@debian.org> Wed, 09 May 2018 13:44:37 +0200
openldap (2.4.46+dfsg-5) unstable; urgency=medium
* Restore slapd-smbk5pwd now that libldap is installable in unstable.
This reverts the changes from -3 and -4.
-- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 16:12:27 -0700
openldap (2.4.46+dfsg-4) unstable; urgency=medium
* Disable building the smbk5pwd plugin temporarily.
-- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 08:06:58 -0700
openldap (2.4.46+dfsg-3) unstable; urgency=medium
* Build without heimdal temporarily to resolve BD-Uninstallable loop.
-- Ryan Tandy <ryan@nardis.ca> Fri, 04 May 2018 07:36:58 -0700
openldap (2.4.46+dfsg-2ubuntu1) cosmic; urgency=low
* Merge from Debian unstable. Remaining changes:
- Enable AppArmor support:
- d/apparmor-profile: add AppArmor profile
- d/rules: use dh_apparmor
- d/control: Build-Depends on dh-apparmor
- d/slapd.README.Debian: add note about AppArmor
- Enable GSSAPI support:
- d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
- Add --with-gssapi support
- Make guess_service_principal() more robust when determining
principal
- d/configure.options: Configure with --with-gssapi
- d/control: Added heimdal-dev as a build depend
- d/rules:
- Explicitly add -I/usr/include/heimdal to CFLAGS.
- Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
- Enable ufw support:
- d/control: suggest ufw.
- d/rules: install ufw profile.
- d/slapd.ufw.profile: add ufw profile.
- Enable nss overlay:
- d/{patches/nssov-build,rules}: Apply, build and package the
nss overlay.
- d/{rules,slapd.py}: Add apport hook.
- d/slapd.init.ldif: don't set olcRootDN since it's not defined in
either the default DIT nor via an Authn mapping.
- d/slapd.scripts-common:
- add slapcat_opts to local variables.
- Fix backup directory naming for multiple reconfiguration.
- d/{slapd.default,slapd.README.Debian}: use the new configuration style.
- d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
in the openldap library, as required by Likewise-Open
- Show distribution in version:
- d/control: added lsb-release
- d/patches/fix-ldap-distribution.patch: show distribution in version
- d/libldap-2.4-2.symbols: Add symbols not present in Debian.
- CLDAP (UDP) was added in 2.4.17-1ubuntu2
- GSSAPI support was enabled in 2.4.18-0ubuntu2
-- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 04 May 2018 10:19:24 +0200
openldap (2.4.46+dfsg-2) unstable; urgency=medium
* Remove version constraint from libldap-2.4-2 dependency on libldap-common.
-- Ryan Tandy <ryan@nardis.ca> Thu, 03 May 2018 14:16:49 -0700
openldap (2.4.46+dfsg-1) unstable; urgency=medium
* Move the repository to Salsa.
Update debian/control Vcs-* fields.
* Remove Matthijs Möhlmann from Uploaders. (Closes: #891308)
Thank you Matthijs for your past contributions.
* New upstream release.
- fixed slapd out-of-sync issue with delta-MMR and memberof overlay
(ITS#8444) (Closes: #877166)
* Rebase patch no-AM_INIT_AUTOMAKE to apply cleanly.
* Drop patch ITS8650-retry-gnutls_handshake-after-GNUTLS_E_AGAIN, applied
upstream.
* Really fix upgrades when the config contains backslash-escaped special
characters. The previous fix was incomplete and didn't fully fix upgrades
involving a database reload. (Closes: #864719)
* Update Standards-Version to 4.1.4.
- Change the Priority of libldap-2.4-2 and libldap-common to optional.
* Change download URL in debian/watch to https. Fixes a Lintian info.
* Override the binary-or-shlib-defines-rpath Lintian tag for slapd-smbk5pwd.
The rpath is set by krb5-config.heimdal; see bug #868840.
-- Ryan Tandy <ryan@nardis.ca> Thu, 03 May 2018 07:03:30 -0700
ppp (built from ppp) updated from 2.4.7-2+2ubuntu1.2 to 2.4.7-2+4.1ubuntu5:
ppp (2.4.7-2+4.1ubuntu5) focal; urgency=medium
* SECURITY UPDATE: rhostname buffer overflow
- debian/patches/CVE-2020-8597.patch: fix bounds check in EAP code in
pppd/eap.c.
- CVE-2020-8597
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 11 Feb 2020 10:03:25 -0500
ppp (2.4.7-2+4.1ubuntu4) eoan; urgency=medium
* Stop producing udebs on i386 where we no longer have d-i or a kernel.
-- Adam Conrad <adconrad@ubuntu.com> Wed, 09 Oct 2019 14:11:51 -0600
ppp (2.4.7-2+4.1ubuntu3) eoan; urgency=medium
* No-change upload with strops.h and sys/strops.h removed in glibc.
-- Matthias Klose <doko@ubuntu.com> Thu, 05 Sep 2019 11:06:52 +0000
ppp (2.4.7-2+4.1ubuntu2) eoan; urgency=medium
* debian/extra/ip-up.d/0000usepeerdns: Added NetworkManager check, which
lets the script exit when NetworkManager is in use (LP: #1778946).
-- Till Kamppeter <till.kamppeter@gmail.com> Fri, 08 Feb 2019 17:37:29 +0100
ppp (2.4.7-2+4.1ubuntu1) disco; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/patches/load_ppp_generic_if_needed: load ppp_generic kernel
module if needed.
-- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 15 Mar 2019 13:18:08 +0100
ppp (2.4.7-2+4.1) unstable; urgency=medium
* Non-maintainer upload.
* Apply upstream patch from
<https://github.com/paulusmack/ppp/commit/3c7b86229f7bd2600d74db14b1fe5b3896be3875>
to fix FTBFS with glibc 2.28. (Closes: #916163)
-- Chris Lamb <lamby@debian.org> Sat, 09 Mar 2019 14:48:25 +0000
ppp (2.4.7-2+4ubuntu2) disco; urgency=medium
* debian/patches/3c7b86229f7bd2600d74db14b1fe5b3896be3875.patch:
- upstream proposed fix for new glibc 2.28 (thanks <infinity>)
-- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 09 Nov 2018 19:32:52 +0100
ppp (2.4.7-2+4ubuntu1) disco; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/patches/load_ppp_generic_if_needed: load ppp_generic kernel
module if needed.
-- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 09 Nov 2018 10:53:51 +0100
ppp (2.4.7-2+4) unstable; urgency=medium
* Update EAP-TLS patch to version 1.102. (Closes: #912822)
-- Chris Boot <bootc@debian.org> Sun, 04 Nov 2018 12:56:54 +0000
ppp (2.4.7-2+3ubuntu1) cosmic; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/patches/load_ppp_generic_if_needed: load ppp_generic kernel
module if needed.
* debian/ppp.symbols: updated for Ubuntu.
* Drop preinst change.
-- Gianfranco Costamagna <locutusofborg@debian.org> Wed, 13 Jun 2018 14:01:31 +0200
ppp (2.4.7-2+3) unstable; urgency=high
* Update EAP-TLS patch to version 1.101. (CVE-2018-11574)
* Set urgency=high due to security fix.
-- Chris Boot <bootc@debian.org> Sat, 09 Jun 2018 14:20:01 +0100
resolvconf (built from resolvconf) updated from 1.79ubuntu10.18.04.3 to 1.82:
resolvconf (1.82) unstable; urgency=medium
[ Andrej Shadura ]
* Update the debconf translation templates (Closes: #947164).
* Update translations.
[ Helge Kreutzmann ]
* Update German debconf translation (Closes: #947171).
[ Frans Spiesschaert ]
* Update Dutch debconf translation (Closes: #948037).
-- Andrej Shadura <andrewsh@debian.org> Fri, 03 Jan 2020 18:32:03 +0100
resolvconf (1.81) unstable; urgency=medium
[ Russell Coker ]
* Set correct SE Linux context on created directories and files
(Closes: #850783).
[ Jakub Wilk ]
* Drop symlink resolving logic from the init script (Closes: #946609).
-- Andrej Shadura <andrewsh@debian.org> Thu, 19 Dec 2019 15:19:16 +0100
resolvconf (1.80) unstable; urgency=medium
[ Thomas Hood ]
* Bump Standards-Version; no changes required
* Fix postrm for Ubuntu (LP: 1593489)
* Update README to reflect the removal of pdnsd from the archive
* In unit file use network-pre.target (Closes: #847440
and LP: #1636912). Thanks to Ryan Harper.
* Add systemd predictable interface name patterns (Closes: #877695,
#905907). Thanks to Kevin Otte for the patch in LP: #1610479.
[ Steve Langasek ]
* Eliminate all references to /etc/resolvconf/run. This should all be done
directly in /run, there is no reason to support making any of this
configurable with a symlink since we already have a versioned dependency
on the version of initscripts that introduces the /run transition.
* etc/resolvconf/resolv.conf.d/head: add comment about
'systemd-resolve --status', since systemd-resolved is now in use in all
but the most unusual configurations, and expert users should be given
guidance where to find the actual nameservers for debugging purposes.
LP: #1638836.
[ Martin Pitt ]
* debian/postinst: Make /etc/resolv.conf a relative symlink so that it
works when setting up chroots.
[ Dimitri John Ledkov ]
* Drop ifupdown dependency.
* Drop upstart system job.
* Use readlink -m when checking the link's destination.
(LP: #924836)
* Dereference /etc/resolf.conf when creating runtime configuration when
migrating to resolvconf managed /etc/resolv.conf. The contents of
/etc/resolv.conf (rather than the symlink target information) is
needed in /run/resolvconf/resolv.conf and
/run/resolvconf/interface/original.resolvconf during migration until
resolvconf updates the config next. (LP: #1713149)
* Move resolvconf & resolved integration system units from src:systemd
to src:resolvconf. Also use a different unit name, to avoid
breaks/replaces.
* debian/postrm: if resolved managed stub config is available, migrate
to it upon resolvconf removal.
[ Dan Streetman ]
* Filter out the edns0 option that systemd-resolved has recently added
to its stub-resolv.conf. Using the stub conf with edns0 set with
non-local DNS servers can break name resolution. (LP: #1817903)
[ Alfonso Sánchez-Beato ]
* bin/resolvconf: use flock so resolvconf can be called in parallel
safely (LP: #1825194).
[ Andrej Shadura ]
* Add /usr/sbin and /usr/bin to PATH (Closes: #832394).
* Update the team email address.
* Wrap and sort.
* Add myself as a co-maintainer.
* Verify ifquery is available before running it (we no longer require
ifupdown).
* Remove id-length from gbp.conf so commit hashes are not prepended
to the changelog entries.
* Port debian/rules to the dh 12 short form.
* d/copyright: Use https protocol in Format field.
* d/changelog: Remove trailing whitespaces.
* d/control: Set Vcs-* to salsa.debian.org.
[ Théophile Helleboid ]
* Add vpn* to the interfaces-order list.
-- Andrej Shadura <andrewsh@debian.org> Tue, 10 Dec 2019 16:45:20 +0100
librtmp1 (built from rtmpdump) updated from 2.4+20151223.gitfa8646d.1-1 to 2.4+20151223.gitfa8646d.1-2build1:
rtmpdump (2.4+20151223.gitfa8646d.1-2build1) focal; urgency=medium
* No-change rebuild against libnettle7
-- Steve Langasek <steve.langasek@ubuntu.com> Thu, 31 Oct 2019 22:15:13 +0000
rtmpdump (2.4+20151223.gitfa8646d.1-2) unstable; urgency=medium
[ Ondřej Nový ]
* d/control: Set Vcs-* to salsa.debian.org
* d/changelog: Remove trailing whitespaces
[ Felipe Sateler ]
* Change maintainer address to debian-multimedia@lists.debian.org
[ Sebastian Ramacher ]
* debian/: Bump debhelper compat level to 11.
* debian/control: Bump Standards-Version.
-- Sebastian Ramacher <sramacher@debian.org> Mon, 21 May 2018 15:33:27 +0200
libslang2 (built from slang2) updated from 2.3.1a-3ubuntu1 to 2.3.2-4:
slang2 (2.3.2-4) unstable; urgency=medium
* Standards-Version: 4.4.0
* Move to debhelper compat level 12
-- Alastair McKinstry <mckinstry@debian.org> Wed, 17 Jul 2019 10:26:13 +0100
slang2 (2.3.2-3) unstable; urgency=medium
* Rebuild against unicode-data 12.1
-- Alastair McKinstry <mckinstry@debian.org> Fri, 26 Apr 2019 09:19:19 +0100
slang2 (2.3.2-2) unstable; urgency=medium
[OndĹej NovĂ˝]
* d/copyright: Use https protocol in Format field
* d/changelog: Remove trailing whitespaces
* d/control: Remove trailing whitespaces
* d/rules: Remove trailing whitespaces
* d/control: Fix wrong Vcs-*
[Alastair McKinstry]
* Standards-Version: 4.3.0
-- Alastair McKinstry <mckinstry@debian.org> Sun, 20 Jan 2019 15:09:19 +0000
slang2 (2.3.2-1) unstable; urgency=medium
* New upstream release
- extended_terminfo.patch now included upstream
* Ack old bugs: Closes: #407835, #664075
* Set OBJDIR to src/x32objs on x32. Closes: #890545
-- Alastair McKinstry <mckinstry@debian.org> Mon, 19 Feb 2018 16:59:12 +0000
2020-04-07 network-manager 1.10.6-5
[ Alfonso Sanchez-Beato <alfonso.sanchez-beato@canonical.com> ]
* snap: update to newer NM deb package
snap: set dnsmasq path to the one in the snap
Merge-Proposal: https://code.launchpad.net/~alfonsosanchezbeato/snappy-hwe-snaps/+git/network-manager/+merge/380836
* Flush IPs of devices we are taking control of in the wrapper, after
calling netplan apply and before starting NetworkManager. netplan
leaves IPs configured by networkd around and that confuses
NetworkManager. This is a workaround until LP:#1870561 is fixed. As
we are using the 'ip' command for this, we need to add network-observe
to the list of interfaces we want.
Merge-Proposal: https://code.launchpad.net/~alfonsosanchezbeato/snappy-hwe-snaps/+git/network-manager/+merge/381733
[ Changes in staged packages ]
libnm0, network-manager (built from network-manager) updated from 1.10.6-2ubuntu1.2 to 1.10.6-2ubuntu1.4:
network-manager (1.10.6-2ubuntu1.4) bionic; urgency=medium
* d/p/start-ip-conf-when-master-carrier-goes-up.patch: device: start IP
configuration when master carrier goes up (LP: #1794478)
-- Seyeong Kim <seyeong.kim@canonical.com> Wed, 19 Feb 2020 14:59:10 +0900
network-manager (1.10.6-2ubuntu1.3) bionic; urgency=medium
* d/t/control: nm test requires dnsmasq-base (LP: #1850267)
* d/t/killswitches-no-urfkill, d/t/urfkill-integration,
d/t/wpa-dhclient, d/t/nm, d/t/control:
- skip tests on s390 due to missing wireless kernel support
(LP: #1855009)
-- Dan Streetman <ddstreet@canonical.com> Wed, 04 Dec 2019 12:17:37 -0500
2020-02-24 network-manager 1.10.6-4
[ Alfonso Sanchez-Beato <alfonso.sanchez-beato@canonical.com> ]
* Find non-primed packages in an automated way
Merge-Proposal: https://code.launchpad.net/~alfonsosanchezbeato/snappy-hwe-snaps/+git/network-manager/+merge/378943
[ Changes in staged packages ]
ppp (built from ppp) updated from 2.4.7-2+2ubuntu1.1 to 2.4.7-2+2ubuntu1.2:
ppp (2.4.7-2+2ubuntu1.2) bionic-security; urgency=medium
* SECURITY UPDATE: rhostname buffer overflow
- debian/patches/CVE-2020-8597.patch: fix bounds check in EAP code in
pppd/eap.c.
- CVE-2020-8597
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 11 Feb 2020 10:05:26 -0500
2020-02-03 network-manager 1.10.6-3
[ Alfonso Sanchez-Beato <alfonso.sanchez-beato@canonical.com> ]
* Remove patches from the debian folder
We take them from snap-patch now.
Add phony part to stage compiled packages
Remove version-script
version-script is now deprecated.
Add patches specific to the NM snap to snap-patch
Follow applied branches from auto-import repos
tests: run iptables from core snap now
Set rc-manager=symlink for UC18 and later
Otherwise, NM will call resolvconf even though it fails if UC version is
newer than 16. To properly set DNS we need to set both dns and
rc-manager options, but we were doing this only for the former. However,
this did not have adverse effects as, as said, the call to resolvconf
failed, while systemd-resolved was properly updated.
Do not call dhcp-lease-mover anymore
As it was not actually working anymore since we were not staging inotify
anymore since a while.
Specify explicitly copyrights to include
Previously there were copyright files included from non-staged
packages.
Add unstage.txt file
This file contains a list of debian package that we are not actually
staging, although snapcraft adds them to manifest.yaml. CI now
recognizes this file, and manually removes the listed packages from the
manifest when releasing a snap to the store.
Do not stage iptables/xtables
iptables and all needed libraries are now included in the core18 snap,
since revision 1049 (2019-06-27).
Do not stage libs already in core18
The libraries were not really included finally in the snap, but they
were triggering CVE warnings from the review tools that did not actually
apply.
snap: call netplan apply using DBus
Use DBus netplan interface to re-start network services after setting
NetworkManager as the default renderer.
snap: add network-setup-control interface
Add network-setup-control interface so we can call 'netplan apply' from
the snap.
Merge-Proposal: https://code.launchpad.net/~alfonsosanchezbeato/snappy-hwe-snaps/+git/network-manager/+merge/378377
* Change changelog file name to the standard one
Merge-Proposal: https://code.launchpad.net/~alfonsosanchezbeato/snappy-hwe-snaps/+git/network-manager/+merge/378390
* Unstage some packages from networkmananger-phony
The networkmananger-phony part was staging as dependencies packages that
we were not actually including in the snap. Add to the list of packages
to unstage on release.
Merge-Proposal: https://code.launchpad.net/~alfonsosanchezbeato/snappy-hwe-snaps/+git/network-manager/+merge/378467
[ Changes in staged packages ]
libnm0 (1.10.6-2ubuntu1.2): new staged package
dnsmasq-base (2.79-1): new staged package
network-manager (1.10.6-2ubuntu1.2): new staged package
libpcap0.8 (built from libpcap) updated from 1.8.1-6ubuntu1 to 1.8.1-6ubuntu1.18.04.1:
libpcap (1.8.1-6ubuntu1.18.04.1) bionic-security; urgency=medium
* SECURITY UPDATE: pcapng reading buffer over-read.
- debian/patches/CVE-2019-15165-1.patch: do sanity checks on PHB
header length before allocating memory.
- debian/patches/CVE-2019-15165-2.patch: fix introduced format
warning
- CVE-2019-15165
-- Steve Beattie <sbeattie@ubuntu.com> Thu, 21 Nov 2019 16:52:20 -0800
libsasl2-2 (built from cyrus-sasl2) updated from 2.1.27~101-g0780600+dfsg-3ubuntu2 to 2.1.27~101-g0780600+dfsg-3ubuntu2.1:
cyrus-sasl2 (2.1.27~101-g0780600+dfsg-3ubuntu2.1) bionic-security; urgency=medium
* SECURITY UPDATE: Off-by-one
- debian/patches/CVE-2019-19906.patch: fix in _sasl_add_string function
- CVE-2019-19906
* Thanks Debian for the patch provide that (Closes: #947043)
-- Leonidas S. Barbosa <leo.barbosa@canonical.com> Mon, 27 Jan 2020 16:25:33 -0300
libkeyutils1: not staged anymore
libgmp10: not staged anymore
libldap-common: not staged anymore
libk5crypto3: not staged anymore
libtasn1-6: not staged anymore
libip4tc0: not staged anymore
libidn2-0: not staged anymore
libffi6: not staged anymore
libgcrypt20: not staged anymore
libmount1: not staged anymore
libkrb5support0: not staged anymore
zlib1g: not staged anymore
libiptc0: not staged anymore
libxtables12: not staged anymore
libcom-err2: not staged anymore
libuuid1: not staged anymore
libunistring2: not staged anymore
libdbus-1-3: not staged anymore
libselinux1: not staged anymore
libpcre3: not staged anymore
libssl1.1: not staged anymore
libnettle6: not staged anymore
libip6tc0: not staged anymore
libgpg-error0: not staged anymore
libglib2.0-0: not staged anymore
libkrb5-3: not staged anymore
libgssapi-krb5-2: not staged anymore
iptables: not staged anymore
libgnutls30: not staged anymore
libblkid1: not staged anymore
liblz4-1: not staged anymore
libp11-kit0: not staged anymore
init-system-helpers: not staged anymore
libsqlite3-0: not staged anymore
liblzma5: not staged anymore
libhogweed4: not staged anymore
libsasl2-modules-db: not staged anymore
2019-09-17 network-manager 1.10.6-2
[ Alfonso Sanchez-Beato <alfonso.sanchez-beato@canonical.com> ]
* Add missing bits to enable sharing connections and be able to access points. Fixes LP: #1832494.
Merge-Proposal: https://code.launchpad.net/~alfonsosanchezbeato/network-manager/+git/network-manager/+merge/369325
* snap: remove debug info
Remove debug info, which was inadvertingly introduced in a previous
commit. This reduces the snap size in two thirds.
Merge-Proposal: https://code.launchpad.net/~alfonsosanchezbeato/network-manager/+git/network-manager/+merge/370807
* snap: remove kernel-module-control interface
The firewall-control interface already provides a kmod plug that makes
sure the modules needed by ip tables are pre-loaded on boot.
Merge-Proposal: https://code.launchpad.net/~alfonsosanchezbeato/network-manager/+git/network-manager/+merge/371197
* snap: copy changelog to package
Merge-Proposal: https://code.launchpad.net/~alfonsosanchezbeato/network-manager/+git/network-manager/+merge/372526
2019-06-19 network-manager 1.10.6-1
[ Alfonso Sanchez-Beato <alfonso.sanchez-beato@canonical.com> ]
* gitignore: ignore snaps and folder created by run-tests.sh
Merge-Proposal: https://code.launchpad.net/~alfonsosanchezbeato/network-manager/+git/network-manager/+merge/368906
[ unknown ]
* This is manual merge of the NM 1.2 snap changes re-based on top
of NM 1.10. It's also the first release of the snap from this git
repository (vs. the network-manager snappy-hwe-team git repo).
This branch was created from the bionic distro branch, and uses
the distro patches, a snap support patch, and direct commits for
snap packaging changes.
* See more information in merge proposal
* See more information in merge proposal
* See more information in merge proposal
* See more information in merge proposal
* See more information in merge proposal
* See more information in merge proposal
* See more information in merge proposal
* See more information in merge proposal
* See more information in merge proposal
* See more information in merge proposal