Commitlog between the 20160512 and 20160512.1 rootfs. === CI Train landings === Title: Oxide 1.14.8 - Sync with latest upstream Chromium release Owner: dbarth Source packages modified: oxide-qt Changelogs: oxide-qt (1.14.8-0ubuntu0.15.04.1~overlay1) * Update to v1.14.8 - Bump Chromium rev to 50.0.2661.94 - Scale the locationbar height when the screen changes Included binary packages: liboxideqt-qmlplugin:armhf from 1.14.7-0ubuntu0.15.04.1~overlay1 to 1.14.8-0ubuntu0.15.04.1~overlay1 liboxideqtcore0:armhf from 1.14.7-0ubuntu0.15.04.1~overlay1 to 1.14.8-0ubuntu0.15.04.1~overlay1 liboxideqtquick0:armhf from 1.14.7-0ubuntu0.15.04.1~overlay1 to 1.14.8-0ubuntu0.15.04.1~overlay1 oxideqt-codecs-extra:armhf from 1.14.7-0ubuntu0.15.04.1~overlay1 to 1.14.8-0ubuntu0.15.04.1~overlay1 Title: Test silo for indicator-network fixes related to NM 1.2 landing Owner: awe Source packages modified: indicator-network Changelogs: indicator-network (0.7.1+15.04.20160511-0ubuntu1) [ Pete Woods ] * Fix limitations property (LP: #1547194) * Remember hotspot UUID * Store information about which device we are using in a member variable * Wait for hotspot device to be ready, not just present (LP: #1579221) * Wait for hotspot to finish activating [ Tony Espy ] * hotspot: Don't create NM ipv4 settings with empty values. (LP: #1579221) Included binary packages: indicator-network from 0.7.1+15.04.20160429-0ubuntu1 to 0.7.1+15.04.20160511-0ubuntu1 Title: NetworkManager VPN fix for lp: #157922 Owner: awe Source packages modified: network-manager Changelogs: network-manager (1.1.93-0ubuntu1~vivid3) * Added d/p/lp1579222-fix-openvpn-platform-nl-logic.patch: this changes the NMLinuxPlatform netlink logic so that a seq_result of -EEXIST is treated as success. * Updated d/p/default_powersave_on.patch: fix WiFi powersave; the 'powersave' setting was changed from a boolean value to an enum. Included binary packages: libnm-glib-vpn1:armhf from 1.1.93-0ubuntu1~vivid1 to 1.1.93-0ubuntu1~vivid3 libnm-glib4:armhf from 1.1.93-0ubuntu1~vivid1 to 1.1.93-0ubuntu1~vivid3 libnm-util2:armhf from 1.1.93-0ubuntu1~vivid1 to 1.1.93-0ubuntu1~vivid3 libnm0:armhf from 1.1.93-0ubuntu1~vivid1 to 1.1.93-0ubuntu1~vivid3 network-manager from 1.1.93-0ubuntu1~vivid1 to 1.1.93-0ubuntu1~vivid3 Title: OpenSSL updates to address security issues and changes to support the removal of certificate authority certs using 1024-bit RSA keys. http://www.ubuntu.com/usn/usn-2913-3/ http://www.ubuntu.com/usn/usn-2914-1/ http://www.ubuntu.com/usn/usn-2959-1/ Addresses https://launchpad.net/bugs/1579163 Owner: tyhicks Source packages modified: openssl Changelogs: openssl (1.0.1f-1ubuntu11.6) [ Marc Deslauriers ] * SECURITY UPDATE: EVP_EncodeUpdate overflow (LP: #1579163) - debian/patches/CVE-2016-2105.patch: properly check lengths in crypto/evp/encode.c, add documentation to doc/crypto/EVP_EncodeInit.pod, doc/crypto/evp.pod. - CVE-2016-2105 * SECURITY UPDATE: EVP_EncryptUpdate overflow - debian/patches/CVE-2016-2106.patch: fix overflow in crypto/evp/evp_enc.c. - CVE-2016-2106 * SECURITY UPDATE: Padding oracle in AES-NI CBC MAC check - debian/patches/CVE-2016-2107.patch: check that there are enough padding characters in crypto/evp/e_aes_cbc_hmac_sha1.c. - CVE-2016-2107 * SECURITY UPDATE: Memory corruption in the ASN.1 encoder - debian/patches/CVE-2016-2108-1.patch: don't mishandle zero if it is marked as negative in crypto/asn1/a_int.c. - debian/patches/CVE-2016-2108-2.patch: fix ASN1_INTEGER handling in crypto/asn1/a_type.c, crypto/asn1/asn1.h, crypto/asn1/tasn_dec.c, crypto/asn1/tasn_enc.c. - CVE-2016-2108 * SECURITY UPDATE: ASN.1 BIO excessive memory allocation - debian/patches/CVE-2016-2109.patch: properly handle large amounts of data in crypto/asn1/a_d2i_fp.c. - CVE-2016-2109 * debian/patches/min_1024_dh_size.patch: change minimum DH size from 768 to 1024. * SECURITY UPDATE: side channel attack on modular exponentiation - debian/patches/CVE-2016-0702.patch: use constant-time calculations in crypto/bn/asm/x86_64-mont5.pl, crypto/bn/bn_exp.c, crypto/perlasm/x86_64-xlate.pl, crypto/constant_time_locl.h. - CVE-2016-0702 * SECURITY UPDATE: double-free in DSA code - debian/patches/CVE-2016-0705.patch: fix double-free in crypto/dsa/dsa_ameth.c. - CVE-2016-0705 * SECURITY UPDATE: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption - debian/patches/CVE-2016-0797.patch: prevent overflow in crypto/bn/bn_print.c, crypto/bn/bn.h. - CVE-2016-0797 * SECURITY UPDATE: memory leak in SRP database lookups - debian/patches/CVE-2016-0798.patch: disable SRP fake user seed and introduce new SRP_VBASE_get1_by_user function that handled seed properly in apps/s_server.c, crypto/srp/srp.h, crypto/srp/srp_vfy.c, util/libeay.num, openssl.ld. - CVE-2016-0798 * SECURITY UPDATE: memory issues in BIO_*printf functions - debian/patches/CVE-2016-0799.patch: prevent overflow in crypto/bio/b_print.c. - CVE-2016-0799 * debian/patches/preserve_digests_for_sni.patch: preserve negotiated digests for SNI when SSL_set_SSL_CTX is called in ssl/ssl_lib.c. (LP: #1550643) * debian/patches/alt-cert-chains-*.patch: backport series of upstream commits to add alternate chains support. This will allow the future removal of 1024-bit RSA keys from the ca-certificates package. [ Tyler Hicks ] * debian/patches/update-expired-smime-test-certs.patch: Update test certificates that have expired and caused build test failures. Included binary packages: libssl1.0.0:armhf from 1.0.1f-1ubuntu11.5 to 1.0.1f-1ubuntu11.6 openssl from 1.0.1f-1ubuntu11.5 to 1.0.1f-1ubuntu11.6 Title: - Text input focus must always follow main component. New tests assert that the OSK is shown. Fixes LP: #1545802 https://code.launchpad.net/~ubuntu-sdk-team/ubuntu-ui-toolkit/inputMainFocusTrunks/+merge/294353 - Fix regression introduced in ComboButton due to the binding loop bug on AbstractButton implicit sizes. Fixes LP: #1580627 https://code.launchpad.net/~zsombi/ubuntu-ui-toolkit/fixComboButton/+merge/294387 - Remove unused dbus import in autopilot helper. Needed to please builder. https://code.launchpad.net/~tpeeters/ubuntu-ui-toolkit/trunkNoDbusImport/+merge/294414 Owner: bzoltan Source packages modified: ubuntu-ui-toolkit Changelogs: ubuntu-ui-toolkit (1.3.1960+15.04.20160511.4) [ Christian Dywan ] * Text input focus must always follow main component [ Tim Peeters ] * Remove unused dbus import in autopilot helper. [ Zsombor Egri ] * Fix regression introduced in ComboButton due to the binding loop bug on AbstractButton implicit sizes. (LP: #1580627) Included binary packages: libubuntugestures5:armhf from 1.3.1960+15.04.20160502 to 1.3.1960+15.04.20160511.4 libubuntutoolkit5:armhf from 1.3.1960+15.04.20160502 to 1.3.1960+15.04.20160511.4 qml-module-ubuntu-components:armhf from 1.3.1960+15.04.20160502 to 1.3.1960+15.04.20160511.4 qml-module-ubuntu-layouts:armhf from 1.3.1960+15.04.20160502 to 1.3.1960+15.04.20160511.4 qml-module-ubuntu-performancemetrics:armhf from 1.3.1960+15.04.20160502 to 1.3.1960+15.04.20160511.4 qml-module-ubuntu-test:armhf from 1.3.1960+15.04.20160502 to 1.3.1960+15.04.20160511.4 qtdeclarative5-ubuntu-ui-toolkit-plugin from 1.3.1960+15.04.20160502 to 1.3.1960+15.04.20160511.4 ubuntu-ui-toolkit-theme from 1.3.1960+15.04.20160502 to 1.3.1960+15.04.20160511.4 === Normal uploads (or not tracked) === === Upgraded Packages === libconnectivity-qt1:armhf from 0.7.1+15.04.20160429-0ubuntu1 to 0.7.1+15.04.20160511-0ubuntu1 qml-module-ubuntu-connectivity:armhf from 0.7.1+15.04.20160429-0ubuntu1 to 0.7.1+15.04.20160511-0ubuntu1