News from 2015...

in january

python-efl (1.12.0-2+adr1)

low
UTC Sat, 03 Jan 2015 12:20:28
  • Add patches from git:
    • Another year has passed... (a4f2cc37).

econnman (1.1-1+adr1)

low
UTC Sat, 10 Jan 2015 12:05:50
  • Initial release

e17 (0.17.6-1+adr1)

medium
UTC Wed, 21 Jan 2015 11:22:56
  • Enable connman

efl (1.12.2-2+adr1)

medium
UTC Wed, 21 Jan 2015 18:52:58
  • Add patches from git:
    • 04: Eo: Fix example build problem with DSO (98b32bce).
    • 04: Eo: Fix bad addressing in eoclasses array (b384cd3f).
    • 04: Eo tests: Fix bad free in eo_test_value (dad44a71).
    • 05: Evas: fix possible string overflow on decoders (c8a993d1).
    • 06: Evas: remove warning (87d52347).
    • 07: Evas: Fix unintentional integer overflow (b6f74c0a).
    • 08: Ecore: lower priority of some intrusive logs (62dd6d6d).
    • 09: various memory leaks (6d0b834a, c27b511b, d25d5675, 48920920, b411be4b, 1d25d6da, cd99392d, 4d0695d2, 56d75b75, b9db9ca2, 10582235, 32d52ff5).
    • 10: Eet: image decode - fix robustness of image decode from eet file (7a8f7047).
    • 11: Eet: properly handle failure and success case by not leaking memory (d2b766a5).

elementary (1.12.2-2+adr1)

medium
UTC Wed, 21 Jan 2015 19:49:12
  • Add patches from git:
    • 01: theme: fix misprint in popup style alias name (ae86822f).
    • 02: colorselector: fix not intended duplication (05a104a2).
    • 03: colorselector: fix layout broken in ELM_COLORSELECTOR_ALL mode (9c0116e2).
    • 04: image: fix clipped image issue if x or y is less than zero (2e213f02).
    • 05: various memory leaks (d9c9aae1, ea6e0152, f6ba4c60, 75f8448a, bbaf3c2c, 5dbddf6f)
    • 06: progressbar: fix invalid access to freed units string (e08f6097).
    • 07: genlist: fix incorrect grammar (f9af4afb).
    • 08: filesel: fix eio access of widget data after de in eio threads (3c9cdb0c).
    • 09: modules: Make sure we have all linker flags setup for our modules (b1ea8480).
    • 10: layout: allow elm.txt or elm.text.* parts to signal (18c1fe7d).
    • 11: DnD: fix callbacks call on many DnD operations (6eb88658).
    • 12: multibutton entry: handle parent object null case (507e89b1).
    • 13: test: fix T1525 (fc1ed1f5).
    • 14: theme: more efm icons from appb (226fb24f).

eflete (0.4.1-adr1)

low
UTC Sun, 25 Jan 2015 12:37:18
  • Initial release (0.4.1).

ewe (0.2.2-adr1)

low
UTC Sun, 25 Jan 2015 11:47:36
  • Initial release (0.2.2).
  • Add patches from git:
    • ewe_tabs: fix memory leak (4133a51b).

ephoto (0.1.1-adr1~jessie)

low
UTC Sun, 25 Jan 2015 13:30:34
  • Initial release.

equate (0.99.0-adr1)

low
UTC Sun, 25 Jan 2015 14:12:25
  • Initial release

efl (1.12.3-1+adr1)

medium
UTC Mon, 26 Jan 2015 08:24:02
  • New upstream release (1.12.3).
  • Remove applied upstream patches:
    • 04: Eo: Fix bad addressing in eoclasses array (b384cd3f).
    • 04: Eo tests: Fix bad free in eo_test_value (dad44a71).
  • Add patch from git:
    • 12: Eo add: beef up error reporting (40cb2cd3).
    • 13: edje: Edje_Edit - add API for program actions PLAY_SAMPLE and PLAY_TONE (d2d35a66).

terminology (0.7.99-1+adr1)

medium
UTC Mon, 26 Jan 2015 12:33:00
  • New upstream release (87d653ea4d2718038e1094542072143cc9704a71).

rage (0.1.0-1+adr1)

low
UTC Mon, 26 Jan 2015 13:18:15
  • Initial release.

elementary (1.12.3-1+adr1)

medium
UTC Mon, 26 Jan 2015 18:16:18
  • New upstream release (1.12.3).
  • Remove applied upstream patches:
    • 01: theme: fix misprint in popup style alias name (ae86822f).
    • 02: colorselector: fix not intended duplication (05a104a2).
    • 03: colorselector: fix layout broken in ELM_COLORSELECTOR_ALL mode (9c0116e2).
    • 04: image: fix clipped image issue if x or y is less than zero (2e213f02).
    • 05: various memory leaks (partial d9c9aae1, ea6e0152, f6ba4c60, bbaf3c2c, 5dbddf6f)

enventor (0.4.0-adr1)

low
UTC Tue, 27 Jan 2015 16:31:10
  • Initial release (0.4.0).

in february

terminology (0.8.0-1+adr1)

medium
UTC Sun, 15 Feb 2015 20:40:18
  • New upstream release 0.8.0
  • Gravatar support
  • Add a visual tab bar
  • Add xterm "notification" support
  • Display pre-edit text when composing
  • Selection improvements
  • Various bug fixes

terminology (0.8.0-2+adr1)

low
UTC Wed, 25 Feb 2015 19:57:23
  • Add patches from git:
    • 01: add some error messages (22fa9da0)
    • 02: fix segfault when Term widget can not be created (12ef99bc)

in march

Migration to LibreSSL

UTC Tue, 17 Mar 2015 17:29:01

I want to migrate to LibreSSL library, to replace OpenSSL. Unfortunately, GNU/Debian does not offer this possibility.

Today, I just compile LibreSSL version 2.1.5 in 5 packages:

  • libressl: the libssl, libcrypto and libtls shared libraries
  • libressl-dev: the development files (development libraries, header files, and manpages for libraries)
  • libressl-openssl: the 'openssl' cryptographic utility
  • libressl-dbg: the debug information
  • libressl-doc: the development documentation

The resulting library and 'openssl' utility is largely API-compatible with OpenSSL 1.0.1. However, it is not ABI compatible - I need to relink programs to LibreSSL in order to use it.

So... it's just the beginning. Soon, I'll add several packages using OpenSSL recompiled for using LibreSSL (like nginx, curl, php5, postfix, etc.).

libressl (2.1.5-1~jessie+adr1)

medium
UTC Tue, 17 Mar 2015 17:29:01
  • First stable 2.1 portable release, corresponding to the OpenBSD 5.7 release.
  • This release is relatively small, fixing a few bugs found in the last release before before opening development on 2.2.x.
  • Fix incorrect comparison function in openssl(1) certhash command.
  • Windows port improvements and bug fixes.
    • Removed a dynamic dependency on libgcc
    • Correct a hang in openssl(1) reading from stdin after a connection.
    • Correct a network initialization issue with the 'openssl ocsp' command.
  • Reject server ephemeral DH keys smaller than 1024 bits.
  • See /usr/share/doc/libressl/libressl-2.1.5-relnotes.txt for details.

in april

efl (1.12.3-1+adr2~jessie)

medium
UTC Fri, 24 Apr 2015 18:53:53
  • Use LibreSSL instead of OpenSSL

nginx (1.6.2-5+adr1)

medium
UTC Sun, 26 Apr 2015 12:08:59
  • debian/modules/nginx-auth-ldap:
    • Add nginx-auth-ldap a8b5948 to full and extras packages

libressl (2.1.6-1~jessie+adr1)

medium
UTC Sun, 26 Apr 2015 14:40:29
  • Imported Upstream version 2.1.6. This release primarily addresses a number of security issues in coordination with the OpenSSL project.
  • Fixes for the following issues are integrated into LibreSSL 2.1.6:
    • CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp
    • CVE-2015-0287 - ASN.1 structure reuse memory corruption
    • CVE-2015-0289 - PKCS7 NULL pointer dereferences
    • CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error
    • CVE-2015-0288 - X509_to_X509_REQ NULL pointer deref
  • The patch for this issue is integrated in LibreSSL 2.1.6:
    • CVE-2015-0207 - Segmentation fault in DTLSv1_listen LibreSSL is not vulnerable, but the fix was safe to merge.
  • See /usr/share/doc/libressl/libressl-2.1.6-relnotes.txt for details.

nginx (1.8.0-adr1~jessie)

low
UTC Mon, 27 Apr 2015 05:47:46
  • New upstream release
  • Use LibreSSL instead of OpenSSL
  • debian/modules/nginx-http-concat:
    • Add nginx-http-contact b8d3e7e new module in extras package
  • debian/modules/nginx-auth-ldap:
    • Updating to a8b5948
  • debian/modules/nginx-cache-purge:
    • Updating to 2.3
  • debian/modules/nginx-lua:
    • Updating to 0.9.16rc1
  • debian/modules/ngx-fancyindex:
    • Add to full packages
  • debian/modules/headers-more-nginx-module:
    • Add to full packages

nginx (1.8.0-adr2~jessie)

low
UTC Mon, 27 Apr 2015 06:14:28
  • debian/modules/nginx-auth-ldap:
    • Updating 0d6ba9a
  • debian/modules/ngx-fancyindex:
    • Updating to 0.3.5
  • debian/modules/headers-more-nginx-module:
    • Updating to 0.26

HHVM is in the place!

UTC Tue, 28 Apr 2015 08:23:17

The HHVM package provided by HHVM team on hhvm.com website is `strange'. It depends to libgd2-xpm-dev while this is not a development package.

Anyway, I recompiled this package to link it to libssl and libcrypto from LibreSSL, so I fix this dependance mistake.

I also provided /etc/hhvm/server.ini and /etc/hhvm/php.ini more complete than original.

hhvm (3.7.0-1+adr1~jessie)

low
UTC Tue, 28 Apr 2015 08:23:17
  • Initial release
  • Use LibreSSL instead of OpenSSL

curl (7.42.0-1+adr1~jessie)

low
UTC Thu, 30 Apr 2015 16:23:02
  • Use LibreSSL instead of OpenSSL

in may

python-cryptography (0.6.1-1+adr1~jessie)

medium
UTC Fri, 01 May 2015 09:38:31
  • Use LibreSSL instead of OpenSSL
  • Add debian/patches/01_libressl.diff from Gentoo

Altern-DEB.com is opened

UTC Fri, 01 May 2015 12:00:00

Migration from my own personal fake domain to altern-deb.com. This private repository become a public one.

Until now, only I and a few friends knowing what to add in the host file could use this repository.

I open it to the whole world ... even though I know I'll probably be the only user :)

links2 (2.8-2+adr1~jessie)

medium
UTC Fri, 01 May 2015 12:07:02
  • Use LibreSSL instead of OpenSSL
  • Add debian/patches/libressl.diff from Gentoo

libressl (2.1.6-2+adr1~jessie)

medium
UTC Tue, 05 May 2015 20:22:13
  • Add /usr/lib/ssl/misc/* files from openssl in libressl-openssl package
  • Add /etc/ssl/openssl.cnf in libressl-openssl package
  • Fix typo in debian/control

openssh (1:6.7p1-5+adr1~jessie)

medium
UTC Thu, 07 May 2015 17:06:37
  • Use LibreSSL instead of OpenSSL

openvpn (2.3.4-5+adr1~jessie)

low
UTC Fri, 08 May 2015 14:52:44
  • Use LibreSSL instead of OpenSSL

postfix (2.11.3-1+adr1~jessie)

low
UTC Fri, 08 May 2015 15:25:06
  • Use LibreSSL instead of OpenSSL

mariadb-10.0 (10.0.18-adr1~jessie)

low
UTC Fri, 08 May 2015 16:01:21
  • Use LibreSSL instead of OpenSSL
  • Imported Upstream version 10.0.18. Inludes fixes for the following security:
    • CVE-2014-8964
    • CVE-2015-0501
    • CVE-2015-2571
    • CVE-2015-0505
    • CVE-2015-0499

bind9 (1:9.9.5.dfsg-9+adr1~jessie)

medium
UTC Sat, 09 May 2015 15:16:16
  • Use LibreSSL instead of OpenSSL

uw-imap (8:2007f~dfsg-4+adr1~jessie)

medium
UTC Sat, 09 May 2015 15:41:11
  • Use LibreSSL instead of OpenSSL

mariadb-10.0 (10.0.19-adr1~jessie)

low
UTC Sat, 09 May 2015 17:26:39
  • Imported Upstream version 10.0.19. Inludes:
    • Fixed the server crash caused by mysql_upgrade (MDEV-8115)

openntpd (1:5.7p3-1+adr1~jessie)

medium
UTC Sat, 09 May 2015 19:09:14
  • Use LibreSSL instead of OpenSSL

pkcs11-helper (1.11-2+adr1~jessie)

medium
UTC Sat, 09 May 2015 19:32:14
  • Use LibreSSL instead of OpenSSL

php5 (5.6.7+dfsg-1+adr1~jessie)

medium
UTC Sat, 09 May 2015 19:59:19
  • Use LibreSSL instead of OpenSSL

Full LAMP stack with LibreSSL

UTC Sat, 09 May 2015 19:59:21

My full LAMP stack is available with LibreSSL (with A for Nginx, M for MariaDB and P for PHP or HHVM).

It's the version 1.8.0 of Nginx (with some more modules for the full and extra packages), the version 10.0.19 for MariaDB (soon will arrive the Cassandra Engine plugin), and the version 5.6.7 for PHP (no changes with Debian except SSL library).

I will add Apache 2.4 in near future, just compiled with LibreSSL inseatd of OpenSSL.

bind9 (1:9.9.5.dfsg-9+adr2~jessie)

medium
UTC Wed, 13 May 2015 11:41:16
  • Apply forgotten patch

php5 (5.6.9+dfsg-1+adr1~jessie)

medium
UTC Fri, 22 May 2015 20:44:42
  • Remove theses debian/patches/... from series:
    • 01_libressl.diff

in june

libressl (2.1.7-1+adr1~jessie)

medium
UTC Sun, 14 Jun 2015 10:01:36
  • Imported Upstream version 2.1.7
  • Fixes for the following issues are integrated into LibreSSL 2.1.7:
    • CVE-2015-1788 - Malformed ECParameters causes infinite loop
    • CVE-2015-1789 - Exploitable out-of-bounds read in X509_cmp_time
    • CVE-2015-1792 - CMS verify infinite loop with unknown hash function (this code is not enabled by default)
  • The following CVEs did not apply to LibreSSL or were fixed in earlier releases:
    • CVE-2015-4000 - DHE man-in-the-middle protection (Logjam)
    • CVE-2015-1790 - PKCS7 crash with missing EnvelopedContent
    • CVE-2014-8176 - Invalid free in DTLS
  • Fixes for the following CVEs are still in review for LibreSSL
    • CVE-2015-1791 - Race condition handling NewSessionTicket

hhvm (3.7.2-1+adr1~jessie)

low
UTC Sat, 20 Jun 2015 12:32:31
  • New upstream release (3.7.2).
  • Add patch from git:
    • Fix leak in non-persistent PDO. Fixes #5132 (7b4b7f9e5c)

ephoto (0.1.1-adr2~jessie)

low
UTC Mon, 22 Jun 2015 18:10:19
  • Upgrade to commit 29e4bb3d1a3be0dacff66d16b99b34aaca1b40df
  • Mains fixes:
    • Fix an issue where overwrite was not working.
    • If image is smaller than viewer, zoom 1:1 instead of fit.
    • Fix shadowed variable.
    • Fix make distcheck.
    • Spec file fix, rid of unused variables.
    • Allow the cropper to resize correctly with zoom.
    • Do not let parts cross eachother in cropper.
    • Fix crop calcs. Still needs constraint.
    • Fix cropper x/y coords.

gnome-python-desktop (2.32.0+dfsg-3+adr1~jessie)

low
UTC Wed, 24 Jun 2015 07:57:07
  • Fix #432882 in python-gnomekeyring

thrift (0.9.2-adr1~jessie)

low
UTC Mon, 29 Jun 2015 23:07:03
  • Packaging for Debian jessie
  • Use LibreSSL instead of OpenSSL

in july

mariadb-10.0 (10.0.19-adr2~jessie)

low
UTC Wed, 01 Jul 2015 17:58:12
  • Add Cassandra storage engine using libthrift

bind9 (1:9.9.5.dfsg-9+deb8u1+adr3~jessie)

high
UTC Wed, 08 Jul 2015 06:12:34
  • [Salvatore Bonaccorso]
    • Non-maintainer upload by the Security Team.
    • CVE-2015-4620: Specially constructed zone data can cause a resolver to crash when validating.
  • [Stephane Roy]
    • Create new patch from Debian diff

efl (1.14.2-adr1~jessie)

medium
UTC Fri, 10 Jul 2015 22:39:04
  • New upstream version 1.14.2
    • pkg-config: fix portability issue on Windows. (T2458)
    • edje: set GROUP/SWALLOW/EXTERNAL pass events based on mouse events
    • eina semaphore lock - don't wake up because of signals
    • ecore: null cb function is unacceptable.
    • Evas filters: Fix blend with color with rgba buffers
    • Evas: Remove shader_3d .x generated file from BUILT_SOURCES
    • eina/simple_xml_parser: don't parse the <, > in the attribute string.
  • New upstream version 1.14.1
    • Eolian/Generator: fix enums generation (T2400)
    • rg_etc: Correct ifdef to keep function available for debug build
    • Evas GL common: Skip shaders generation if there is no change
    • Evas filters: Fix glReadPixels usage for EGL
    • evas canvas: add exceptional handling in invalid input case.
    • edje: fix back edje_watch.
    • evas canvas: fix insane mouse move events on proxy source.
    • evas: make image_size_get() return the actual image size
  • Add new packages: "libemile1", "libemile-dev", "libector1", "libector-dev", "libelocation1", "libelocation-dev", "libelua1" and "libelua-dev"
  • Add patches from git:
    • Evas filters: Fix potential crash (8716be51)
    • evas_engine_software_x11: fix incorrect enumeration type warning (8fcad967)
    • Evas textblock: Fix infinite loop case (0de8ebbb)
    • ecore_imf: fix wrong return type of ecore_imf_context_input_panel_return_key_type_get (6840d17f)
    • Evas gl_common: Fix up error handling (ea6a31ac)
    • Evas gl_common: Fix up error handling (1390f65b)

elementary (1.14.2-adr1~jessie)

medium
UTC Sat, 11 Jul 2015 06:10:53
  • New upstream version 1.14.2
    • interface scrollerable: modify the loop_v condition in elmscroll_momentum_animator() function
    • fix list item mode change on elm list
    • win: only trigger del trap if win type is not FAKE
    • win: do not use deferred ecore evas deletion for FAKE wins
    • genlist: fix resize of items when added after elm_genlist_clear(). (T2367)
  • New upstream version 1.14.1
    • elm_object_item: fix the issue that del_cb doens't get item data as its parameter
    • widget: more fix wrt item data.
    • slider: use theme of object for popup.
    • entry: update selection handlers when entry is resized
    • elm_win: Set initial withdrawn state from win's ecore_evas property.
    • elm - fix profile handling if ELM_PROFILE is set - dont listen to x msg
    • Gengrid: fix mirroring bug in gengrid widget.
    • gengrid/genlist: decrement item counter before triggering item del callback
    • glview: preserved changed state when altering render mode
    • tooltip: fix positioning when tooltip is affixed to a window object
  • Add patches from git:
    • elm_colorselector: pixel-picker accuracy fix (4fe4ee85)
    • elm_list & elm_genlist & elm_gengrid: fix the behavior of using the mouse. (3373d6f1)
    • elm_gengrid: fix the bug that gengrid item index(position) is updated wrong value in item_update (80c8cfb7)
    • elm_gengrid: fix an overlap issue of item and group item on focus. (2392ee83)
    • elm_interface_scrollable: fix wrong mirrored calculation (e10bb019)
    • image: fix a crash, 0 divide problem. (34c83f7f)

evas-loaders (1.14.0-adr1~jessie)

medium
UTC Sat, 11 Jul 2015 06:11:41
  • New upstream release (1.14.0).
    • pdf: Add support for changes with poppler >= 0.31 (T2184)

emotion-players (1.14.0-adr1~jessie)

medium
UTC Sat, 11 Jul 2015 06:25:50
  • Initial realease from 1.14.0

python-efl (1.14.0-adr1~jessie)

medium
UTC Sat, 11 Jul 2015 06:41:21
  • New upstream version 1.14.0
    • Fixed evas.Textgrid to not leak on cellrow_set()
    • Re-added evas.SmartObject (with incompatible API compared to the earlier incarnation) and made elm.Object inherit from it.
    • Better init/shutdown management in all modules, no more need to manually call those functions (no harm in doing it though).
    • elm.List.callback_highlighted_add: Added item param to func
    • elm.List.callback_unhighlighted_add: Added item param to func
    • elm.Toolbar.callback_clicked_add: Added item param to func
    • elm.Toolbar.callback_longpressed_add: Added item param to func
    • elm.Slideshow: item_data are now a single value, instead of args/kargs, like is implemented in Gengrid/Genlist
  • New upstream version 1.13.0
    • better docs for everything
    • some new elm examples/tests
    • new efl.utils.setup helper module to simplify user setup.py
    • new uninstall setup.py command
    • fixed elm.Entry.cursor_content_get() to not crash when called
    • raised cython requirements to 0.21
    • ecore.x module renamed to ecore_x
    • removed evas.SmartObject class, it was broken

EFL Universe (EFLU) big upgrade

UTC Sat, 11 Jul 2015 08:43:07

The big upgrade of the EFLU. It's been a long time...

First, upgrade to version 1.14 of the libraries (EFL, Elementary, Python-EFL, Evas-loaders) and add a new one (Emotion-players).

Second, somes Enlightenment apps are upgraded (Rage, Enventor and Eflete), fixed from git (Terminology), or added (EDI, Etrophy and Elemines). Although some applications are really still in development...

And the next step, E19!

rage (0.1.4-adr1~jessie)

low
UTC Sat, 11 Jul 2015 07:15:47
  • New upstream version 0.1.4
    • fix stutter due to url fetching when not needed
    • fix minor leak in rage on failed win creation
    • remove unused var assignment in dnd string parser
    • fix copying to say it's for rage, not terminology :)

eflete (0.5.0-adr1~jessie)

low
UTC Sat, 11 Jul 2015 07:38:41
  • New upstream version 0.5.0
  • Features:
    • Widget list: set the name for new layout on add
  • Fixes:
    • History: show added diff in history list from combobox
    • History: hide the state list if part list is empty on Unde action
    • Workspace: do not set max part size less then min
    • Styles: propogate events for ctxpopup
    • Property: hide the color class attribute for swallow, spoacer and textblock
    • layouts: fix fallback styles
    • Layout Add: add any number of layouts when there are widgets in project
  • Add new packages "libeflete0" and "libeflete-dev" to replaces "libewe0" and "libewe-dev" packages, since this library is merged with eflete
  • Add patches from git:
    • sound_editor: fix build due to changes in ecore_audio (1c4fb26b)
    • ewe_tabs: fix default orientation (b1e614d5)

edi (0.0.9-adr1~jessie)

low
UTC Sat, 11 Jul 2015 07:58:14
  • New upstream version 0.0.9

enventor (0.6.0-adr1~jessie)

low
UTC Sat, 11 Jul 2015 08:13:29
  • New upstream version 0.6.0
    • Fix the compatibility to eo syntax change.
    • Fix library initialization count corruption.
    • Disable part highlight on Live Edit mode.
    • Fix the live view to update by groups correctly.
    • Fix wrong candidate popup position.
    • Fix context corruption of font/view scale up/down.
    • Fix auto completion popup sizing issue.
    • Close auto completion popup if the line is deleted.
    • Fix focus highlight remaining issue when live edit item is selected.
    • Zoom up/down properly on live edit mode.
    • Cancel live edit if the about(F1) is activated.
    • Ctrl + wheel works even with numlock.
  • New upstream version 0.5.0
    • Fix to monitor empty file in live view.
    • Fix intinite loop with "-to xxx.edc" in command line.
    • Fix live view updation problem.
    • Exporting/Importing Enventor dll for win32.
    • Fix that edj is not reloaded when newly opened edc is changed.
    • Fix wrong cursor position on status bar.
    • Fix to goto window scalable.
    • Set temporary path to default edc path by eina_file_mkstemp().
    • Fix to show double quotation marks(") on efl 1.13
    • Don't dismiss candidate popup on key events.
    • Disable autoscrolling while ctxpopup is visible.
    • Fix max value of mouse_events from 1000 to 1
    • Fix to toggle linenumber properly with Shortcut key(F5)
    • Fix max value of the mouse_events from 1000 to 1
    • Fix candidate keyword name "align"
    • Install missing eo header files
    • Fix build package dependency.

etrophy (0.5.1-adr1~jessie)

low
UTC Sat, 11 Jul 2015 08:26:02
  • Initial release from git 5f83334c

elemines (0.2.3-adr1~jessie)

low
UTC Sat, 11 Jul 2015 08:32:29
  • Initial release from git 9b4c8c8e

terminology (0.8.0-2+adr2)

low
UTC Sat, 11 Jul 2015 08:43:07
  • Add patches from git:
    • fix single line selection with ctrl down (feccb7bc)
    • fix selection when backscrolling and new content arrives (f80d9634)
    • fix normal selection after box selection (ca2d7846)

openssh (1:6.7p1-6+adr1~jessie)

medium
UTC Sat, 11 Jul 2015 14:23:34
  • Merge 6.7p1-6 from Debian.
    • [ Martin Pitt ]
      • openssh-server.postinst: Quiesce "Unable to connect to Upstart" error message from initctl if upstart is installed, but not the current init system. (LP: #1440070)
      • openssh-server.postinst: Fix version comparisons of upgrade adjustments to not apply to fresh installs.

php5 (5.6.11+dfsg-adr1~jessie)

medium
UTC Sun, 12 Jul 2015 19:04:15
  • New upstream version 5.6.11
    • Core:
      • Fixed bug #69768 (escapeshell*() doesn't cater to !).
      • Fixed bug #69703 (Use __builtin_clzl on PowerPC).
      • Fixed bug #69732 (can induce segmentation fault with basic php code).
      • Fixed bug #69642 (Windows 10 reported as Windows 8).
      • Fixed bug #69551 (parse_ini_file() and parse_ini_string() segmentation fault).
      • Fixed bug #69781 (phpinfo() reports Professional Editions of Windows 7/8/8.1/10 as "Business").
      • Fixed bug #69740 (finally in generator (yield) swallows exception in iteration).
      • Fixed bug #69835 (phpinfo() does not report many Windows SKUs).
      • Fixed bug #69892 (Different arrays compare indentical due to integer key truncation).
      • Fixed bug #69874 (Can't set empty additional_headers for mail()), regression from fix to bug #68776.
    • GD:
      • Fixed bug #61221 (imagegammacorrect function loses alpha channel).
    • GMP:
      • Fixed bug #69803 (gmp_random_range() modifies second parameter if GMP number).
    • Mysqlnd:
      • Fixed bug #69669 (mysqlnd is vulnerable to BACKRONYM) (CVE-2015-3152).
    • PCRE:
      • Fixed bug #53823 (preg_replace: * qualifier on unicode replace garbles the string).
      • Fixed bug #69864 (Segfault in preg_replace_callback) (cmb, ab)
    • PDO_pgsql:
      • Fixed bug #69752 (PDOStatement::execute() leaks memory with DML Statements when closeCuror() is u).
      • Fixed bug #69362 (PDO-pgsql fails to connect if password contains a leading single quote).
      • Fixed bug #69344 (PDO PgSQL Incorrect binding numeric array with gaps).
    • SimpleXML:
      • Refactored the fix for bug #66084 (simplexml_load_string() mangles empty node name).
    • SPL:
      • Fixed bug #69737 (Segfault when SplMinHeap::compare produces fatal error).
      • Fixed bug #67805 (SplFileObject setMaxLineLength). (Willian Gustavo Veiga).
      • Fixed bug #69970 (Use-after-free vulnerability in spl_recursive_it_move_forward_ex()).
    • Sqlite3:
      • Fixed bug #69972 (Use-after-free vulnerability in sqlite3SafetyCheckSickOrOk()).
  • New upstream version 5.6.10
    • Core:
      • Fixed bug #66048 (temp. directory is cached during multiple requests).
      • Fixed bug #69566 (Conditional jump or move depends on uninitialised value in extension trait).
      • Fixed bug #69599 (Strange generator+exception+variadic crash).
      • Fixed bug #69628 (complex GLOB_BRACE fails on Windows).
      • Fixed POST data processing slowdown due to small input buffer size on Windows.
      • Fixed bug #69646 (OS command injection vulnerability in escapeshellarg). (CVE-2015-4642)
      • Fixed bug #69719 (Incorrect handling of paths with NULs).
    • FTP:
      • Improved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow). (CVE-2015-4643)
    • GD:
      • Fixed bug #69479 (GD fails to build with newer libvpx).
    • Iconv:
      • Fixed bug #48147 (iconv with //IGNORE cuts the string).
    • Litespeed SAPI:
      • Fixed bug #68812 (Unchecked return value).
    • Mail:
      • Fixed bug #68776 (mail() does not have mail header injection prevention for additional headers).
    • MCrypt:
      • Added file descriptor caching to mcrypt_create_iv().
    • Opcache:
      • Fixed bug #69549 (Memory leak with opcache.optimization_level=0xFFFFFFFF).
    • PCRE:
      • Upgraded pcrelib to 8.37. (CVE-2015-2325, CVE-2015-2326)
    • Phar:
      • Fixed bug #69680 (phar symlink in binary directory broken).
    • Postgres:
      • Fixed bug #69667 (segfault in php_pgsql_meta_data). (CVE-2015-4644)
    • Sqlite3:
      • Upgrade bundled sqlite to 3.8.10.2. (CVE-2015-3414, CVE-2015-3415, CVE-2015-3416)

e17 (0.17.6-1+adr2)

medium
UTC Thu, 16 Jul 2015 17:52:45
  • Add patches from git:
    • Backport: cd43135 :: e sys - if logout has trouble - resume so user can see dialog (a93490e5)
    • honor udisks presentation hide flag (7fd16ce2)
    • Esperanto: missing entry on wizard from Intl emodule (2415b9c0)
    • highlight correct keybinding when modifying an existing binding (52b59c17)
    • edc: Fix E titlebars after text padding changes (dca8b856)
    • Fix for pieces of text cut in misc places like buttons in wizard (79fae834)
    • e border frames now correctly identify modal dialogs as dialogs (414cc655)
    • Fix hibernate (cherry picked from commit 79fba3fa9a0424c6441896e78633a2521bd4e717) (36ff6cfb)
    • ensure no duplicate XDG paths are prepended during startup (94d10092)

e19 (0.19.5-adr1)

medium
UTC Thu, 16 Jul 2015 18:34:14
  • Initial Release
  • Main fixes:
    • modules/bluez4: fix duplicated symbol
    • e_ipc: fix creation of IPC server when $DISPLAY is a path
    • exit immediately if any unrecognized arg is passed on startup
    • use stderr messages when failing to init X compositor
    • fix horizontal/vertical smart maximize
    • fix crash when using e_comp_object_util_center_pos_get() with non comp_objects
    • fix ibar drop calc to not unexpectedly trigger epileptic seizures in users
    • fix straggler container text in mousebindings config
    • fix nocomp_override conditional which would inaccurately toggle nocomp
    • fix evry comparison macro to work as expected
    • use client geometry for starting unmaximize calculations
    • fix submenu visibility during scroll
    • ensure client max w/h props are set before applying them to client geom
    • freeze evas events on clients during keyboard move/resize actions
    • force visibility on clients before attempting to hide them
    • fix notification text to conform to spec and libnotify implementation
    • fix infinite loop when changing ibar sources
  • Add patches from git:
    • reject client fullscreening based on config and desk visibility (2b1b6def)
    • force xwindow stacking to obey nocomp policy and stack below current nocomp (faf4ec63)
    • allow new fullscreening clients to replace current nocomp where applicable (88cb4541)
    • fix focusing client on mouse events which trigger actions (with exceptions) (3fc585ef)
    • fix shelf visibility state signals (3813d006)
    • fix eo errors for ilist icon select state (cb8f26ad)
    • allow layer-blocked clients in deskmirror to restack (00603871)
    • return an accurate value for override clients in e_comp_object_util_zone_get() (1e5eea91)
    • only apply deskmirror client visibility logic for non-deleted clients (0829f90e)
    • stop rejecting possibly-valid x11 focus events (84ba19d5)
    • check for possible parent window on x11 mouse button events (a416f96c)
    • fix focus FIXME regarding focus-setting on clients from other desks (a491a3fa)

python2.7 (2.7.10-3+adr1~jessie)

medium
UTC Sun, 19 Jul 2015 10:27:49
  • Backport from Debian Sketch to Debian Jessie
  • Use LibreSSL instead of OpenSSL
    • SSLv2 and SSLv3 support has been removed from LibreSSL, add more '#if' conditions in ssl.py and _ssl.c and adapt tests, and force TLS usage instead of SSLv23 (libressl.diff)

postgresql-9.4 (9.4.3-0+deb8u1+adr1~jessie)

medium
UTC Sun, 19 Jul 2015 15:51:49
  • Use LibreSSL instead of OpenSSL

qt4-x11 (4:4.8.6+git64-g5dc8b2b+dfsg-4+adr1~jessie)

low
UTC Mon, 20 Jul 2015 18:27:37
  • Use LibreSSL instead of OpenSSL
  • Add qsystemtrayicon-plugin-system-4.7.4.diff for SNI-QT

sni-qt (0.2.6-1+adr1~jessie)

low
UTC Mon, 20 Jul 2015 19:17:21
  • Package for Debian Jessie

e19 (0.19.7-adr1)

medium
UTC Mon, 27 Jul 2015 19:51:55
  • New upstream version 0.19.7
    • use runtime check for determining x11 compositor grab behavior
    • improve x11 compatibility with efl versions earlier than 1.15
  • New upstream version 0.19.6
    • e passive window grabs - fix side-effect leave/enter events on clients
    • enlightenment: Make E build again with EFL from git
    • wizard: Prevent crash
    • reject client fullscreening based on config and desk visibility
    • force xwindow stacking to obey nocomp policy and stack below current nocomp
    • allow new fullscreening clients to replace current nocomp where applicable
    • fix focusing client on mouse events which trigger actions (with exceptions)
    • fix shelf visibility state signals
    • fix eo errors for ilist icon select state
    • allow layer-blocked clients in deskmirror to restack
    • return an accurate value for override clients in e_comp_object_util_zone_get()
    • only apply deskmirror client visibility logic for non-deleted clients
    • stop rejecting possibly-valid x11 focus events
    • check for possible parent window on x11 mouse button events
    • fix focus FIXME regarding focus-setting on clients from other desks
    • unset changes.visible when forcing visibility during no-effect desk flip
    • add E_Client->mouse.in for determining mouse-in status
    • trigger fake mouse-out on clients when unsetting focus
    • trigger client mouse-in on x11 mouse movement for non-action clients
    • enforce pstate's extremely-confusing no_turbo option in cpufreq
    • use client window for x11 button ungrabbing
    • redo all x11 client mouse grabbing for focus
    • straggler ungrab of x11 parent window from previous commit
    • ensure x11 focus grabs are applied on client init when needed
    • only ungrab x11 windows when appropriate focus options are set
    • reject x11 replay clicks when event window != client window
    • do not apply x11 focus grabs to internal clients if efl version > 1.14
    • make e_client_util_desk_visible() work for overrides without desks
    • make pager popups only trigger on urgency hint if client is not currently visible
    • set CRITICAL urgency for notification internal notifications
    • block client signal binding activation when mouse action is active
    • move E_Client->mouse.in to E_Client->mouse_in to avoid abi breakage
    • account for race condition when creating initial comp object updates tiler
    • fix compile against newer efl
    • move grabinput focus fix timer to x11 compositor and fix it to Work Better
    • always set x11 override client geometry on startup
    • fix compile warning
    • only unset e MANAGED atom on non-shutdown
    • only trigger client mouse-in from x11 mouse move event if client+desk are visible
    • ensure that focus is set and focus stack is managed on winlist hide
    • never use new clients for stacking part 2: the secret of the stacking
    • ensure clients possess comp_data before dereferencing it during x11 stacking
    • always stop passing key events on once they reach the lokker callback
    • simulate modal windows for badly behaved x11 clients

bind9 (1:9.9.5.dfsg-9+deb8u2+adr4~jessie)

high
UTC Wed, 29 Jul 2015 06:15:33
  • Merge 9.9.5.dfsg-9+deb8u2 from Debian.
    • [Salvatore Bonaccorso]
      • CVE-2015-5477: A failure to reset a value to NULL in tkey.c could result in an assertion failure.
  • Create new patch from Debian diff

e19 (0.19.7-adr2)

medium
UTC Fri, 31 Jul 2015 05:36:11
  • Add patche from git master branche;
    • fix client smart callbacks on (un)maximize
  • Add patches from git enlightenment branche:
    • use gadget zone for evry gadget launcher (T2423 maybe)
    • add fallback loading of default theme on init (T2210)
    • e - warning fix - fix SVID_SOURCE complaint warning
    • remove spurious focus setting on desk flip without animation (T2071)
    • fix wizard module loading when E_MODULE_SRC_PATH is set

in august

e19 (0.19.8-adr1~jessie)

medium
UTC Fri, 07 Aug 2015 18:59:00
  • New upstream version 0.19.8
    • e - warning fix - fix SVID_SOURCE complaint warning
    • e menu - an extra object ref causes menus to never be freed
    • e - shelf menu - handle deletion properly if cb is not for shelf menu
    • allow x11 mouse wheel events to check ev->event_window for possible client match
    • reject x11 NotifyVirtual and NotifyInferior mouse in events
    • disable ecore-evas events on client windows during actions
    • fix build break from previous commit
    • use gadget zone for evry gadget launcher
    • add fallback loading of default theme on init
    • remove spurious focus setting on desk flip without animation
    • fix wizard module loading when E_MODULE_SRC_PATH is set
    • defer focus-setting on focus revert during desk flip when visibility is pending
    • show drag object immediately when beginning a drag

efl (1.14.2-adr2~jessie)

medium
UTC Fri, 07 Aug 2015 19:14:29
  • Add patches from git efl-1.14 branche:
    • Evas masking: Fix crash in async rendering (d3c18502)

efl (1.14.3-adr1~jessie)

medium
UTC Wed, 12 Aug 2015 04:38:53
  • New upstream version 1.14.3
    • Evas masking: Fix crash in async rendering

elementary (1.14.3-adr1~jessie)

medium
UTC Wed, 12 Aug 2015 05:14:03
  • New upstream version 1.14.3:
    • elm_datetime: Fix datetime ctxpopup resize issue
    • Elm_Interface_Scrollable: Improvement in looping behavior
    • multibuttonentry: Delete item size min set when first box resize time.

nagios-nrpe (2.15-1adr1)

high
UTC Fri, 14 Aug 2015 11:56:24
  • Enable command-args in nrpe!

in september

bind9 (1:9.9.5.dfsg-9+deb8u3+adr5~jessie)

medium
UTC Sat, 05 Sep 2015 08:34:12
  • Merge 9.9.5.dfsg-9+deb8u3 from Debian.
    • [Moritz Muehlenhoff]
      • CVE-2015-5722
  • Create new patch from Debian diff

in october

libmaxminddb (1.1.1-adr1~jessie)

low
UTC Thu, 15 Oct 2015 10:24:00
  • Initial release

libressl (2.1.8-adr1~jessie)

medium
UTC Sun, 18 Oct 2015 08:01:36
  • Imported Upstream version 2.1.8
  • Fixes for a memory leak and out-of-bounds access in OBJ_obj2txt reported by Qualys Security.
    • CVE-2015-5333 - memory leak in OBJ_obj2txt
    • CVE-2015-5334 - 1-byte buffer overflow in OBJ_obj2txt

in november

libmaxminddb (1.1.2-adr1~jessie)

low
UTC Sun, 29 Nov 2015 14:47:22
  • Upgrade to 1.1.2
  • IMPORTANT: This release includes a number of important security fixes. Among these fixes is improved validation of the database metadata. Unfortunately, MaxMind GeoIP2 and GeoLite2 databases created earlier than January 28, 2014 had an invalid data type for the record_size in the metadata. Previously these databases worked on little endian machines with libmaxminddb but did not work on big endian machines. Due to increased safety checks when reading the file, these databases will no longer work on any platform. If you are using one of these databases, we recommend that you upgrade to the latest GeoLite2 or GeoIP2 database
  • Added pkg-config support.
  • Several segmentation faults found with afl-fuzz were fixed. These were caused by missing bounds checking and missing verification of data type.
  • MMDB_get_entry_data_list will now fail on data structures with a depth greater than 512 and data structures that are cyclic. This should not affect any known MaxMind DB in production. All databases produced by MaxMind have a depth of less than five.

in december

libressl (2.1.9-adr1~jessie)

high
UTC Fri, 11 Dec 2015 05:25:49
  • Imported Upstream version 2.1.9
  • Fixes from OpenSSL 1.0.1q
    • CVE-2015-3194 - NULL pointer dereference in client side certificate validation.
    • CVE-2015-3195 - Memory leak in PKCS7 - not reachable from TLS/SSL
  • The following OpenSSL CVEs did not apply to LibreSSL
    • CVE-2015-3193 - Carry propagating bug in the x86_64 Montgomery squaring procedure.
    • CVE-2015-3196 - Double free race condition of the identify hint data.

geoip2-database (1.18+adr1~jessie)

low
UTC Sat, 12 Dec 2015 16:22:43
  • Create from geoip-database-contrib version 1.17+nmu1
  • Move dat files to /var/lib/geoip2-database and symlink them from /usr/share/GeoIP2
  • Rename update-geoip-database to update-geoip2-database

mydumper (0.9.1-adr1~jessie)

medium
UTC Fri, 18 Dec 2015 19:54:19
  • Imported Upstream version 0.9.1
  • mydumper new features
    • Full schema support
    • Views and merge tables are now handle
  • myloader new features
    • -s, --source-db Database to restore
  • Bug Fixes
    • innodb stats tables
    • -post and -triggers compressed files corrupt
    • functions may be needed by SP and views
    • segmentation fault against Percona MySQL 5.6.15-63.0
    • Segmentation fault on Debian Wheezy
    • Typo in –tables-list option in manpage
    • missing -K option in mydumper manpage
    • myloader: wrong database name in message when -B used
    • tokudb detection doesn’t work
    • Unable to compile r179 WITH_BINLOG=ON (undeclared ‘bj’)
    • Assertion when broken mrg tables
    • dump view definitions

bind9 (1:9.9.5.dfsg-9+deb8u4+adr6~jessie)

medium
UTC Sat, 19 Dec 2015 12:06:15
  • Merge 9.9.5.dfsg-9+deb8u4 from Debian.
    • [Salvatore Bonaccorso]
      • Add patch to fix CVE-2015-8000. CVE-2015-8000: Insufficient testing when parsing a message allowed records with an incorrect class to be be accepted, triggering a REQUIRE failure when those records were subsequently cached.
  • Create new patch from Debian diff

nginx (1.8.0-adr3~jessie)

low
UTC Sat, 19 Dec 2015 15:11:25
  • debian/modules/nginx-auth-ldap:
    • Updating to be8ff8e
  • debian/modules/headers-more-nginx-module:
    • Updating to 0.29
  • debian/modules/ngx_http_geoip2_module:
    • Add version 1.0 to extras packages
  • debian/modules/nginx-module-vts:
    • Add version 0.1.8 to full and extras packages