A new release of the Ubuntu Cloud Images for stable Ubuntu release 22.04 (Jammy Jellyfish) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with: 'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'. The following packages have been updated. Please see the full changelogs for a complete listing of changes: * 'assert'=>'ack', 'asserts'=>'known' * unset/zero => immediately refresh try * - README.md: snappy => snap * - daemon,client,overlord: progress current => done * - image: bootstrapToRootDir => setupSeed * - many: use "SNAP.APP as ALIAS" instead of => when listing * - overlord/state: prevent change ready => unready * - release,store,daemon: no more default-channel, release=>series * bind9: 1:9.18.1-1ubuntu1.2 => 1:9.18.1-1ubuntu1.3 * git: 1:2.34.1-1ubuntu1.5 => 1:2.34.1-1ubuntu1.6 * grub2-signed: 1.182~22.04.1+2.06-2ubuntu10 => 1.187.2+2.06-2ubuntu14 * grub2-unsigned: 2.06-2ubuntu10 => 2.06-2ubuntu14 * kbd: 2.3.0-3ubuntu4 => 2.3.0-3ubuntu4.22.04 * krb5: 1.19.2-2 => 1.19.2-2ubuntu0.1 * less: 590-1build1 => 590-1ubuntu0.22.04.1 * libdrm: 2.4.110-1ubuntu1 => 2.4.113-2~ubuntu0.22.04.1 * linux-meta: 5.15.0.57.55 => 5.15.0.60.58 * linux-signed: 5.15.0-57.63 => 5.15.0-60.66 * open-vm-tools: 2:11.3.5-1ubuntu4.1 => 2:12.1.0-1~ubuntu0.22.04.1 * openssh: 1:8.9p1-3 => 1:8.9p1-3ubuntu0.1 * openssl: 3.0.2-0ubuntu1.7 => 3.0.2-0ubuntu1.8 * pam: 1.4.0-11ubuntu2 => 1.4.0-11ubuntu2.3 * python-apt: 2.3.0ubuntu2.1 => 2.4.0 * setuptools: 59.6.0-1.2 => 59.6.0-1.2ubuntu0.22.04.1 * snapd: 2.57.5+22.04ubuntu0.1 => 2.58+22.04 * software-properties: 0.99.22.3 => 0.99.22.5 * sudo: 1.9.9-1ubuntu2.1 => 1.9.9-1ubuntu2.2 * systemd-hwe: 249.11.1 => 249.11.2 * tmux: 3.2a-4ubuntu0.1 => 3.2a-4ubuntu0.2 * ubuntu-advantage-tools: 27.12~22.04.1 => 27.13.3~22.04.1 * update-notifier: 3.192.54 => 3.192.54.5 * vim: 2:8.2.3995-1ubuntu2.1 => 2:8.2.3995-1ubuntu2.3 The following is a complete changelog for this image. new: {'linux-modules-5.15.0-60-generic': '5.15.0-60.66', 'linux-headers-5.15.0-60-generic': '5.15.0-60.66', 'linux-headers-5.15.0-60': '5.15.0-60.66'} removed: {'linux-headers-5.15.0-57': '5.15.0-57.63', 'linux-modules-5.15.0-57-generic': '5.15.0-57.63', 'linux-headers-5.15.0-57-generic': '5.15.0-57.63'} changed: ['bind9-dnsutils', 'bind9-host', 'bind9-libs:amd64', 'git', 'git-man', 'grub-efi-amd64-bin', 'grub-efi-amd64-signed', 'kbd', 'less', 'libdrm-common', 'libdrm2:amd64', 'libgssapi-krb5-2:amd64', 'libk5crypto3:amd64', 'libkrb5-3:amd64', 'libkrb5support0:amd64', 'libpam-modules-bin', 'libpam-modules:amd64', 'libpam-runtime', 'libpam0g:amd64', 'libssl3:amd64', 'linux-headers-generic', 'linux-headers-virtual', 'linux-image-5.15.0-60-generic', 'linux-image-virtual', 'linux-virtual', 'open-vm-tools', 'openssh-client', 'openssh-server', 'openssh-sftp-server', 'openssl', 'python-apt-common', 'python3-apt', 'python3-pkg-resources', 'python3-setuptools', 'python3-software-properties', 'snapd', 'software-properties-common', 'sudo', 'systemd-hwe-hwdb', 'tmux', 'ubuntu-advantage-tools', 'update-notifier-common', 'vim', 'vim-common', 'vim-runtime', 'vim-tiny', 'xxd'] new snaps: {} removed snaps: {} changed snaps: ['core20', 'lxd', 'snapd'] ==== bind9: 1:9.18.1-1ubuntu1.2 => 1:9.18.1-1ubuntu1.3 ==== ==== bind9-dnsutils bind9-host bind9-libs:amd64 * SECURITY UPDATE: An UPDATE message flood may cause named to exhaust all available memory - debian/patches/CVE-2022-3094.patch: add counter in bin/named/bind9.xsl, bin/named/statschannel.c, doc/arm/reference.rst, lib/ns/include/ns/server.h, lib/ns/include/ns/stats.h, lib/ns/server.c, lib/ns/update.c. - CVE-2022-3094 * SECURITY UPDATE: named configured to answer from stale cache may terminate unexpectedly while processing RRSIG queries - debian/patches/CVE-2022-3736.patch: fix logic in lib/ns/query.c. - CVE-2022-3736 * SECURITY UPDATE: named configured to answer from stale cache may terminate unexpectedly at recursive-clients soft quota - debian/patches/CVE-2022-3924.patch: improve logic in lib/dns/resolver.c, lib/ns/query.c. - CVE-2022-3924 ==== git: 1:2.34.1-1ubuntu1.5 => 1:2.34.1-1ubuntu1.6 ==== ==== git git-man * SECURITY UPDATE: Integer overflow - debian/patches/CVE_2022_23521_and_41903/00*.patch: attr.c, attr.h, pretty.c, column.c, utf8.c, utf8.h, t/t4205-log-pretty-formats.sh, t/test-lib.sh, git-compat-util.h, t/t0003-attributes.sh. - CVE-2022-23521 - CVE-2022-41903 ==== grub2-signed: 1.182~22.04.1+2.06-2ubuntu10 => 1.187.2+2.06-2ubuntu14 ==== ==== grub-efi-amd64-signed * Resign with 2022v1 signing key * Source debconf in postinst script (LP: #1997779) * Really rebuild against grub2 2.06-2ubuntu14 (LP: #1996950) * Rebuild against grub2 2.06-2ubuntu14 (LP: #1996950) * Rebuild against grub2 2.06-2ubuntu13 (LP: #1989446) * Rebuild against grub2 2.06-2ubuntu12. * Rebuild against grub2 2.06-2ubuntu11. * No change rebuild against grub 2.06-2ubuntu10, take 2 (source-only upload) * No change rebuild against grub 2.06-2ubuntu10. * No change rebuild against grub 2.06-2ubuntu7. * No change rebuild against grub 2.06-2ubuntu6. * Fix grub version number in previous changelog entry. * No change rebuild against grub 2.06-2ubuntu5. * No change rebuild against grub 2.06-2ubuntu4. * No change rebuild against grub 2.06-2ubuntu3. * No change rebuild against grub 2.06-2ubuntu1. * No change rebuild against grub 2.04-1ubuntu48. * Actual no change rebuild against grub 2.04-1ubuntu47. * No change rebuild against grub 2.04-1ubuntu47. * No change rebuild against grub 2.04-1ubuntu46. * Update Vcs-Git to impish-devel. * key on grub-efi-$(DEB_HOST_ARCH) as the binary package for download-signed since grub-efi-* and grub2-common are now built from separate sources. * No chnage rebuild against grub 2.04-1ubuntu45. * Change branch name in VCS field to just $suite-devel. * Forward port debian/rules ifeq/else statement fixes from bionic&xenial. * Use debhelper-compat 9 for ease of SRUs to Bionic and earlier. LP: #1920008 * grub-efi-amd64-signed: add depends on grub2-common with support for R_X86_64_PLT32 relocations. LP: #1920008 * Rebuild against grub2 2.04-1ubuntu44. * Rebuild against grub2 2.04-1ubuntu43. * Rebuild against grub2 2.04-1ubuntu42. LP: #1915536 * Make maintainer scripts compatible with any grub2-common since precise. LP: #1915536 * Drop unused config_item function. * Only download signed binaries once. * Rebuild with correct permissions, and higher version number. * Rebuild against grub2 2.04-1ubuntu39 * Fix test directory existence race in download-signed, making FTBFS on arm64: - download-signed is run 3 times in parallel due to Makefile and download assets in a single directory. - testing the directory and then calling makedirs is not done atomically. - long term fix would be to run it once and collect/compared all signed files. * Rebuild against grub2 2.04-1ubuntu38 * Trim trailing whitespace. * Use secure copyright file specification URI. * Bump debhelper from deprecated 9 to 12. * Set debhelper-compat version in Build-Depends. * Drop unused bzr-builddeb.conf * Add postinst for the arm64 package (LP: #1914582) * Set series specific VCS field in debian/control * Rebuild against grub2 2.04-1ubuntu37 * Rebuild against grub2 2.04-1ubuntu36 * Rebuild against grub2 2.04-1ubuntu35 * Rebuild against grub2 2.04-1ubuntu33 * Rebuild against grub2 2.04-1ubuntu32 * Rebuild against grub2 2.04-1ubuntu31 * Rebuild against grub2 2.04-1ubuntu30. * Add check to compare that signed grub, matches monolithic builds, to avoid signing skew when copying grub2/grub2-signed to PPAs. * Rebuild against grub2 2.04-1ubuntu29. * Rebuild against grub2 2.04-1ubuntu28 * Rebuild against grub2 2.04-1ubuntu27 * Rebuild against grub2 2.04-1ubuntu26.2. * Rebuild against grub2 2.04-1ubuntu26.1. * Fix arm64 download, grub2 package doesn't exist on that arch, use grub2-common instead. * Support downloads from PPAs for additional signatures. LP: #1876875 * Rebuild against grub2 2.04-1ubuntu26. * Rebuild against grub2 2.04-1ubuntu25. * Fix postinst typpo. * Rebuild against grub2 2.04-1ubuntu24, enable installing to multiple ESPs (LP: #1871821) * Rebuild against grub2 2.04-1ubuntu23. * Rebuild against grub2 2.04-1ubuntu22. * Rebuild against grub2 2.04-1ubuntu21. * Rebuild against grub2 2.04-1ubuntu19. * Rebuild against grub2 2.04-1ubuntu18. * Rebuild against grub2 2.04-1ubuntu16. * Rebuild against grub2 2.04-1ubuntu15. * Rebuild against grub2 2.04-1ubuntu14. * Really rebuild against grub2 2.04-1ubuntu13 this time. (LP: #1845289) (LP: #1848892) * Rebuild against grub2 2.04-1ubuntu13. (LP: #1845289) (LP: #1848892) * Rebuild against grub2 2.04-1ubuntu12. * Rebuild against grub2 2.04-1ubuntu11. * Rebuild against grub2 2.04-1ubuntu10. * Rebuild against grub2 2.04-1ubuntu9. * Rebuild against grub2 2.04-1ubuntu8. * Rebuild against grub2 2.04-1ubuntu7. * Rebuild against grub2 2.04-1ubuntu6. (LP: #1845466) * Rebuild against grub2 2.04-1ubuntu5. * Rebuild against grub2 2.04-1ubuntu4. * Rebuild against grub2 2.04-1ubuntu3. * Rebuild against grub2 2.04-1ubuntu2. * Rebuild against grub2 2.04-1ubuntu1. * Rebuild against grub2 2.02+dfsg1-12ubuntu3. * Rebuild against grub2 2.02+dfsg1-12ubuntu2. * Rebuild against grub2 2.02+dfsg1-12ubuntu1. * Rebuild against grub2 2.02+dfsg1-5ubuntu11. (LP: #1814403) (LP: #1814575) * Rebuild against grub2 2.02+dfsg1-5ubuntu10. * Rebuild against grub2 2.02+dfsg1-5ubuntu9. * Rebuild against grub2 2.02+dfsg1-5ubuntu7. (LP: #1798171) * Rebuild against grub2 2.02+dfsg1-5ubuntu7. (LP: #1784363) * Rebuild against grub2 2.02+dfsg1-5ubuntu6. (LP: #1788727) * Rebuild against grub2 2.02+dfsg1-5ubuntu5. * Rebuild against grub2 2.02+dfsg1-5ubuntu4. (LP: #1792575) * Rebuild against grub2 2.02+dfsg1-5ubuntu3. (LP: #788298) * Rebuild against grub2 2.02+dfsg1-5ubuntu2. (LP: #1785033) * Rebuild against grub2 2.02+dfsg1-5ubuntu1. * Call grub-check-signatures before calling grub-install, not after, to avoid overwriting the boot loader on disk with one that will fail to load. LP: #1786491. * Rebuild against grub2 2.02-2ubuntu13. * Rebuild against grub2 2.02-2ubuntu12. (LP: #1258597) * debian/grub-efi-amd64-signed.postinst: run grub-check-signatures on update to ensure we have signed kernels installed. * Rebuild against grub2 2.02-2ubuntu11. * debian/control: add a dependency of grub-efi-amd64 | grub-pc to grub-efi-amd64-signed to make sure the grub postinst is triggered even for cases of old iso (without the fixed installer) installations with automatic download of updates enabled (LP: #1780897). * debian/control: switch the grub-efi-amd64 dependency of grub-efi-amd64-signed to grub-efi-amd64-bin. * debian/grub-efi-amd64-signed.postinst: invoke grub-install with --auto-nvram and pass the x86_64-efi target to it, making sure we always install the right target. * Rebuild against grub2 2.02-2ubuntu10. * Rebuild against grub2 2.02-2ubuntu9. * Rebuild against grub2 2.02-2ubuntu8. (LP: #1752767) * Rebuild against grub2 2.02-2ubuntu7. (LP: #1711452, #1723434) * Rebuild against grub2 2.02-2ubuntu6. (LP: #1743249) * Rebuild against grub2 2.02-2ubuntu5. (LP: #1743884) * Rebuild against grub2 2.02-2ubuntu3. (LP: #1675453) * Rebuild against grub2 2.02-2ubuntu3. (LP: #1708245) * Rebuild against grub2 2.02-2ubuntu2. (LP: #1734278) * Rebuild against grub2 2.02-2ubuntu1. * Rebuild against grub2 2.02~beta3-4ubuntu7. * Rebuild against grub2 2.02~beta3-4ubuntu6. * Rebuild against grub2 2.02~beta3-4ubuntu5. * Rebuild against grub2 2.02~beta3-4ubuntu4. * Rebuild against grub2 2.02~beta3-4ubuntu3. * Rebuild against grub2 2.02~beta3-4ubuntu2. (LP: #1401532) * Rebuild against grub2 2.02~beta3-4ubuntu1. * Rebuild against grub2 2.02~beta3-3ubuntu2. (LP: #1447500) * Rebuild against grub2 2.02~beta3-3ubuntu1. * Rebuild against grub2 2.02~beta3-3. * Rebuild against grub2 2.02~beta2-36ubuntu12. * Rebuild against grub2 2.02~beta2-36ubuntu11. * Rebuild against grub2 2.02~beta2-36ubuntu10. * Rebuild against grub2 2.02~beta2-36ubuntu9. * Rebuild against grub2 2.02~beta2-36ubuntu8. * Rebuild against grub2 2.02~beta2-36ubuntu7. * Rebuild against grub2 2.02~beta2-36ubuntu6. * Rebuild against grub2 2.02~beta2-36ubuntu5. * Rebuild against grub2 2.02~beta2-36ubuntu4. * Rebuild against grub2 2.02~beta2-36ubuntu3. (LP: #1559933) * Rebuild against grub2 2.02~beta2-36ubuntu2. * Rebuild against grub2 2.02~beta2-36ubuntu1. * Rebuild against grub2 2.02~beta2-36. * Rebuild against grub2 2.02~beta2-35ubuntu1. * Rebuild against grub2 2.02~beta2-35. * Rebuild against grub2 2.02~beta2-33. * Rebuild against grub2 2.02~beta2-32ubuntu1. * Rebuild against grub2 2.02~beta2-32. * Rebuild against grub2 2.02~beta2-31ubuntu1. * Rebuild against grub2 2.02~beta2-31. * Rebuild against grub2 2.02~beta2-29. * Rebuild against grub2 2.02~beta2-28. [ dann frazier ] * Add arm64 support. (LP: #1457178) [ Adam Conrad ] * Rebuild against grub-efi 2.02~beta2-26ubuntu5. * Rebuild against grub-efi-amd64 2.02~beta2-26ubuntu3. * Rebuild against grub-efi-amd64 2.02~beta2-26ubuntu2. * Rebuild against grub-efi-amd64 2.02~beta2-26ubuntu1. * Rebuild against grub-efi-amd64 2.02~beta2-25ubuntu1. * Rebuild against grub-efi-amd64 2.02~beta2-25. * Rebuild against grub-efi-amd64 2.02~beta2-23. * Rebuild against grub-efi-amd64 2.02~beta2-22ubuntu1. * Rebuild against grub-efi-amd64 2.02~beta2-22. * Rebuild against grub-efi-amd64 2.02~beta2-21. * Rebuild against grub-efi-amd64 2.02~beta2-20. * Rebuild against grub-efi-amd64 2.02~beta2-19. * Rebuild against grub-efi-amd64 2.02~beta2-18. * Rebuild against grub-efi-amd64 2.02~beta2-17. * Rebuild against grub-efi-amd64 2.02~beta2-16. * Rebuild against grub-efi-amd64 2.02~beta2-15. * Rebuild against grub-efi-amd64 2.02~beta2-14. * Rebuild against grub-efi-amd64 2.02~beta2-11. * Rebuild against grub-efi-amd64 2.02~beta2-10. * Rebuild against grub-efi-amd64 2.02~beta2-9. * Rebuild against grub-efi-amd64 2.02~beta2-8. * Rebuild against grub-efi-amd64 2.02~beta2-7. * Rebuild against grub-efi-amd64 2.02~beta2-6. * Rebuild against grub-efi-amd64 2.02~beta2-5. * Rebuild against grub-efi-amd64 2.02~beta2-4. * Policy version 3.9.5: no changes required. * Rebuild against grub-efi-amd64 2.02~beta2-2. * Rebuild against grub-efi-amd64 2.00-22. * Rebuild against grub-efi-amd64 2.00-21. * Rebuild against grub-efi-amd64 2.00-20. * Rebuild against grub-efi-amd64 2.00-19ubuntu4. * Rebuild against grub-efi-amd64 2.00-19ubuntu3 LP: #1242417 * Rebuild against grub-efi-amd64 2.00-19ubuntu2. * Rebuild against grub-efi-amd64 2.00-19ubuntu2. * Rebuild against grub-efi-amd64 2.00-19ubuntu1. * Rebuild against grub-efi-amd64 2.00-18ubuntu4. * Add grubnetx64.efi.signed. * Rebuild against grub-efi-amd64 2.00-18ubuntu3. * Rebuild against grub-efi-amd64 2.00-18ubuntu1. * Rebuild against grub-efi-amd64 2.00-17ubuntu1. * Rebuild against grub-efi-amd64 2.00-15ubuntu2. (LP: #1184297) * Give grub-efi-amd64-signed a strict versioned dependency on the grub-efi-amd64 we're built against to force a paired migration. * Rebuild against grub-efi-amd64 2.00-15ubuntu1. * Rebuild against grub-efi-amd64 2.00-14ubuntu1. * Rebuild against grub-efi-amd64 2.00-12ubuntu1. * Recommend secureboot-db (LP: #1087843). * Rebuild against grub-efi-amd64 2.00-7ubuntu13. * Download the signed image from the correct pocket. * Rebuild against grub-efi-amd64 2.00-7ubuntu11. * Rebuild against grub-efi-amd64 2.00-7ubuntu10. * Rebuild against grub-efi-amd64 2.00-7ubuntu9. * Drop Depends back to grub-efi-amd64 (>= 2.00-7ubuntu4), which is good enough (grub-install extensions). * Build-depend on a current grub-efi-amd64-bin so that this upload can safely be accepted before grub2/amd64 binaries have published. * Rebuild against grub-efi-amd64 2.00-7ubuntu8. * Rebuild against grub-efi-amd64 2.00-7ubuntu7. * Rebuild against grub-efi-amd64 2.00-7ubuntu5. [ Colin Watson ] * Include gcdx64.efi.signed. * Depend on grub-efi-amd64 so that /etc/default/grub and /boot/grub/grub.cfg are updated. * Run grub-install on configure if appropriate. [ Steve Langasek ] * Adjust makefile so gcdx64.efi.signed actually gets included in the package, not just downloaded. * Add a Built-Using field, per policy 3.9.4. * Initial release. ==== grub2-unsigned: 2.06-2ubuntu10 => 2.06-2ubuntu14 ==== ==== grub-efi-amd64-bin * SECURITY UPDATE: Fix out of bounds writes due specially crafted fonts. - add debian/patches/font-Fix-several-integer-overflows-in-grub_font_construct.patch - add debian/patches/font-Fix-an-integer-underflow-in-blit_comb.patch - CVE-2022-2601, CVE-2022-3775 - LP: #1996950 * Fix various issues as a result of fuzzing, static analysis and code review: - add debian/patches/font-Reject-glyphs-exceeds-font-max_glyph_width-or-font-m.patch - add debian/patches/font-Fix-size-overflow-in-grub_font_get_glyph_internal.patch - add debian/patchces/font-Remove-grub_font_dup_glyph.patch - add debian/patches/font-Fix-integer-overflow-in-ensure_comb_space.patch - add debian/patches/font-Fix-integer-overflow-in-BMP-index.patch - add debian/patches/font-Fix-integer-underflow-in-binary-search-of-char-index.patch - add debian/patches/fbutil-Fix-integer-overflow.patch - add debian/patches/font-Harden-grub_font_blit_glyph-and-grub_font_blit_glyph.patch - add debian/patches/font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch - add debian/patches/normal-charset-Fix-an-integer-overflow-in-grub_unicode_ag.patch * Enforce verification of fonts when secure boot is enabled: - add debian/patches/kern-efi-sb-Enforce-verification-of-font-files.patch * Bundle unicode.pf2 in a squashfs memdisk attached to the signed EFI binary - update debian/control - update debian/build-efi-image - add debian/patches/font-Try-opening-fonts-from-the-bundled-memdisk.patch * Fix LP: #1997006 - add support for performing measurements to RTMRs - add debian/patches/commands-efi-tpm-Refine-the-status-of-log-event.patch - add debian/patches/commands-efi-tpm-Use-grub_strcpy-instead-of-grub_memcpy.patch - add debian/patches/efi-tpm-Add-EFI_CC_MEASUREMENT_PROTOCOL-support.patch * Fix the squashfs tests during the build - remove debian/patches/ubuntu-fix-reproducible-squashfs-test.patch - add debian/patches/tests-Explicitly-unset-SOURCE_DATE_EPOCH-before-running-f.patch * Bump SBAT generation: - update debian/sbat.ubuntu.csv.in * Try to pick better locations for kernel and initrd (LP: #1989446) * x86-efi: Use bounce buffers for reading to addresses > 4GB (enhances firmware compatibility of previous change) * ubuntu-zfs-enhance-support.patch: Fix missing lines (LP: #1990143) [ Mauricio Faria de Oliveira ] * linux_xen: Properly handle multiple initrd files (LP: #1987567) - d/p/linux_xen-Properly-load-multiple-initrd-files.patch - d/p/linux_xen-Properly-order-multiple-initrd-files.patch * Fix for ZFS snapshots without etc directory. Thanks to Adam R Bell (LP: #1965983) [ Heinrich Schuchardt ] * efi/peimage: fix typos in code comments [ dann frazier ] * linuxefi: Invalidate i-cache before starting the kernel (LP: #1987924) - d/p/linuxefi-Invalidate-i-cache-before-starting-the-kern.patch ==== kbd: 2.3.0-3ubuntu4 => 2.3.0-3ubuntu4.22.04 ==== ==== kbd * d/p/libkfont-Use-only-KDFONTOP.patch: Fixes error thrown in syslog from deprecated setfont (LP: #1996619) ==== krb5: 1.19.2-2 => 1.19.2-2ubuntu0.1 ==== ==== libgssapi-krb5-2:amd64 libk5crypto3:amd64 libkrb5-3:amd64 libkrb5support0:amd64 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2022-42898.patch: add buffer length checks in krb5_pac_parse() in src/lib/krb5/krb/pac.c and a test case for invalid buffers in src/lib/krb5/krb/t_pac.c. - CVE-2022-42898 ==== less: 590-1build1 => 590-1ubuntu0.22.04.1 ==== ==== less * SECURITY UPDATE: fix OSC8 hyperlinks with invalid escape sequence - debian/patches/CVE-2022-46663: End OSC8 hyperlinks on invalid embedded escape sequence - CVE-2022-46663 ==== libdrm: 2.4.110-1ubuntu1 => 2.4.113-2~ubuntu0.22.04.1 ==== ==== libdrm-common libdrm2:amd64 * Backport to jammy. (LP: #1991761) * patches, symbols: Revert dropping unused tegra IOCTL. * rules: Fix arm FTBFS. * New upstream release. * rules: Rework confflags to match current upstream. * symbols: Updated. * libdrm-tegra0.symbols: Updated. * rules: Fix arm build. * New upstream release. * symbols: Updated. * rules: Add more test binaries for arm. (Closes: #1016096) * New upstream release. * install, rules: libkms got removed. * symbols: Updated. * New upstream version. * Update signing-key.asc. * symbols: Updated. * control: Bump debhelper-compat to 13, policy to 4.6.0. * amdgpu1.symbols: Updated. (Closes: #1001965) * New upstream release. (Closes: #1001840) * symbols: Updated. * New upstream release. * libdrm-tests: Add amdgpu_stress. * symbols: Updated. * rules: Forcibly disable valgrind. * Drop valgrind support, it's not ready for multi-arch. (Closes: #994955) * control: Fix valgrind dependency archs for libdrm-dev. * control: Add valgrind to libdrm-dev Depends. (Closes: #994873) * control: Add libpciaccess-dev to -dev Depends, required by libdrm_intel.pc. * Include static libs in -dev again. (LP: #1944107) * Upload to unstable. * New upstream release. * revert-set-fb-modifiers-flag.diff: Dropped, upstream. * control: Add python3-setuptools to build-depends. * symbols: Updated. * Revert a commit causing additional dependencies to be added to *.pc.in. Also drop libpciaccess-dev from libdrm-dev Depends. * control: Add libpciaccess-dev to libdrm-dev depends. * revert-set-fb-modifiers-flag.diff: Revert a commit which broke chrome on certain setups. * New upstream release. (LP: #1923880) * symbols: Updated. * New upstream release. * Add signing-key from Simon Ser. * control: Manpages now need python3-docutils instead of docbook-xsl to build, make it so. * hurd-port.diff: Dropped. (Closes: #975658) * New upstream release. (Closes: #970304) * control, rules, hurd-port.diff: Add support for Hurd. (Closes: #909436) * New upstream release. * fix-realpath-vs-firefox.diff: Dropped, upstream. * libdrm-tests.install: Added /usr/bin/drmdevice. * fix-realpath-vs-firefox.diff: Fix webgl on intel with firefox. (Closes: #956665) (LP: #1872586) * New upstream release. * source, watch: Upstream provides only xz tarballs, bump source to 3.0 (quilt). * Add my key to signing-key.asc. * control: Use debhelper-compat, bump to 12. * control: Bump policy to 4.5.0. * local-options: Update extend-diff-ignore. * symbols: Updated. * rules: Override dh_missing. * rules: Include additional test binaries on arm. (Closes: #944752) * Revert dropping libdrm-tests, since the package ended up in NEW anyway. * control, rules: Disable libdrm-tests, 2.4.100 is needed for mesa 19.3 now and not after waiting for the NEW queue to clear. [ Timo Aaltonen ] * New upstream release. (Closes: #943777) * symbols: Updated. [ Rohan Garg ] * Add a libdrm-tests package. (Closes: #868898) * New upstream release. (Closes: #934494) * 02_kfreebsd.diff: Dropped, upstream. * symbols: Updated. [ Andreas Boll ] * New upstream release. * Update libdrm-amdgpu1.symbols and shlibs. * Update libdrm-freedreno1.symbols and shlibs. [ James Clarke ] * Fix build on GNU/kFreeBSD (Closes: #837034, #909249). * Remove no longer needed build-dep libbsd-overlay. [ Timo Aaltonen ] * rules, control: Switch to meson. [ Andreas Boll ] * New upstream release. - Fixes WebGL on Firefox (Closes: #907698). * Update libdrm-amdgpu1.symbols and shlibs. * Drop static libdrm library from libdrm-dev. * Update extend-diff-ignore. [ Guido Gnther ] * Enable etnaviv on arm64 (Closes: #906915) [ Timo Aaltonen ] * New upstream release. (LP: #1789924) * Update libdrm-amdgpu1.symbols and shlibs. * New upstream release. * Update libdrm-freedreno1.symbols and shlibs. * New upstream release. * Update libdrm-freedreno1.symbols and shlibs. * control: Update to my Debian address. * Update Vcs-* URLs to point at salsa.debian.org. * Bump debhelper compat to 11. * Bump standards version to 4.1.4. * Update libdrm-freedreno1.symbols and shlibs (Closes: #892960). * New upstream release. * New upstream release. * Update libdrm-amdgpu1.symbols and shlibs. * Bump standards version to 4.1.3. * Update extend-diff-ignore. * New upstream release. * Update libdrm2.symbols and shlibs. * Update libdrm-amdgpu1.symbols and shlibs. * Update libdrm-etnaviv1.symbols and shlibs. * Update libdrm-freedreno1.symbols and shlibs. * Bump standards version to 4.1.2. * New upstream release. * Update libdrm-amdgpu1.symbols and shlibs. * New upstream release. * Update libdrm-amdgpu1.symbols and shlibs. * Bump standards version to 4.1.1. * libdrm-amdgpu1.symbols: Updated. * New upstream release. * libdrm2.symbols: Updated. * New upstream release. * New upstream release. * debian/upstream/signing-key.asc: add key from Lucas Stach. * Add libdrm-common package for new data files. * debian/*.symbols: add new symbols. * debian/rules: Bump shlibs for the libraries with new symbols. * debian/control: Bump Standards-Version to 4.0.0; no changes needed. * Upload to unstable. * New upstream release. * Bump libdrm2's and libdrm-amdgpu1's symbols and shlibs. * New upstream release. * Bump libdrm-amdgpu1's and libdrm-etnaviv1's symbols and shlibs. * Remove libpthread-stubs0-dev build-dep per configure.ac. * Team upload. * New upstream release. * Bump libdrm-amdgpu1 symbols. * Update debian/upstream/signing-key.asc * New upstream release. * Update extend-diff-ignore. * Cherry-pick 19c4cfc (intel: Add handle to hashtable before freeing along an error path) from upstream (LP: #1671377). * New upstream release. * Bump libdrm2's and libdrm-intel1's symbols and shlibs. * Update extend-diff-ignore. * Add debian/source/format file. [ Andreas Boll ] * Switch to dbgsym packages. * Enable building etnaviv on armhf (Closes: #852685). [ Emilio Pozuelo Monfort ] * Stop passing --disable-silent-rules to configure, debhelper does it now. * Don't override dh_auto_install, it defaults to debian/tmp. * New upstream release. * Update debian/upstream/signing-key.asc. * Bump libdrm2's, libdrm-freedreno1's and libdrm-intel1's symbols and shlibs. * Bump debhelper compat to 10. * New upstream release. * Bump libdrm2's, libdrm-amdgpu1's, libdrm-freedreno1's and libdrm- intel1's symbols and shlibs. * Update a bunch of URLs in packaging to https. * New upstream release. * Update symbols file and bump shlibs for libdrm2. * Update libdrm-intel1.symbols and shlibs. * Remove Hurd from the architecture list. It FTBFS, haven't built in the past and won't be useful without the equivalent of the Linux Direct Rendering Manager (DRM) subsystem. * New upstream release. * Update libdrm-freedreno1.symbols and shlibs. * source/local-options: Add more files to extend-diff-ignore option. Fixes 17 patch-system-but-direct-changes-in-diff lintian warnings. [ Andreas Boll ] * New upstream release. * Update debian/upstream/signing-key.asc. * Bump Standards-Version to 3.9.8, no changes needed. * Update watch url to use https instead of http. [ Julien Cristau ] * Build libdrm-tegra on arm64 (closes: #828023). Thanks, Martin Michlmayr! * New upstream release. (LP: #1577735) * New upstream release. * patches: Refreshed. * libdrm-amdgpu1.symbols: Updated. * Update libdrm-exynos1.symbols and shlibs. * New upstream release. * Update symbols file and bump shlibs for libdrm2. * Update libdrm-intel1.symbols and shlibs. * Update libdrm-nouveau2.symbols and shlibs. * Drop obsolete Replaces from pre-wheezy. * Add myself to Uploaders. * rules: Bump freedreno shlib back to 2.4.65. [ Andreas Boll ] * Update libdrm-freedreno1.symbols and shlibs. * Drop Debian revision from new symbols in libdrm2.symbols. [ Fathi Boudra ] * Enable freedreno build on arm64 architecture. [ Andreas Boll ] * New upstream release. * Update debian/upstream/signing-key.asc. * Update symbols file and bump shlibs for libdrm2. * Enable libdrm-amdgpu1 on kfreebsd-*. * Fix Vcs-* fields. * Add upstream url. [ Robert Hooker ] * New upstream release. * Bump symbols file and shlibs for libdrm-freedreno1. [ Robert Hooker ] * New upstream release. - Drop Fix-headers-inclusion-in-xf86drmMode.c.diff, upstream. * Add new libdrm-amdgpu1 package. [ Sven Joachim ] * New upstream release. - nouveau: restore check that avoids multiple user bos per kernel bo (Closes: #789759). * Update symbols file and bump shlibs for libdrm2. * Refresh the patch from 2.4.60-3 after upstream changes. * Remove duplicate Section fields from debian/control. * Update debian/upstream/signing-key.asc. * Bump Standards-Version to 3.9.6, no changes needed. [ Julien Cristau ] * Update debian/upstream/signing-key.asc. * Fix kfreebsd patch that caused an FTBFS on Linux/x32: only include if configure detects it (closes: #787496). Thanks, Thorsten Glaser. * Add build-dep on xutils-dev for xorg-macros. * Cherry-pick upstream patch to let valgrind auto-detection work. [ Timo Aaltonen ] * control: Add a typo in libdrm-tegra0 description. [ Julien Cristau ] * Fix FTBFS on kfreebsd: include for sysctlbyname, and use -lbsd to make the tests build (they use getopt, and our libbsd-overlay cflags redirect that to bsd_getopt). * Bump shlibs for libraries with new symbols. * Add missing dependency of libdrm-dev on libdrm-tegra0 on arm*. * Let uscan verify tarball signatures. [ Maarten Lankhorst ] * Fix ftbfs on armhf. * New upstream release. * libdrm-intel1.symbols, libdrm2.symbols: Updated. * New upstream release. * Add libdrm-tegra0 on arm. [ Andreas Boll ] * Update libdrm-freedreno1.symbols and shlibs (fixes FTBFS). [ Andreas Boll ] * New upstream release. - 03_hide_symbols.diff dropped, upstream. * Update libdrm-intel1.symbols and shlibs. * New upstream release. * Enable building freedreno and exynos on arm. (Closes: #741509) * Add a squashed patch from upstream to hide all private symbols. - 03_hide_symbols.diff [ Andreas Boll ] * New upstream release. * Add 02_fix_qxl_drm_h.diff (Closes: #746807). [ Timo Aaltonen ] * New upstream release. - 02_kbsd_modeset.diff dropped, upstream [ Julien Cristau ] * Remove Cyril Brulebois from Uploaders. [ Maarten Lankhorst ] * New upstream release. * New upstream release. * New upstream release. * Cherry-pick a commit from upstream to fix a radeonsi regression. - c8a437f4c76: radeon: Update unaligned offset for 2D->1D tiling transition on SI * New upstream release. [ Colin Watson ] * Declare libdrm-dev Multi-Arch: same. [ Maarten Lankhorst ] * Cherry-pick upstream patch to fix relocations for all cards = 2.6.28. * Set libdrm2 shlibs to 2.4.3, libdrm-intel1 shlibs to 2.4.5. Update symbols files. * Remove from the source package a bunch of files that are only used by the kernel drm component. This gets rid of the mga, r128 and radeon microcode, and thus closes: #502675. Thanks, Ben Hutchings! [ Brice Goglin ] * Update upstream URL in debian/copyright. * Bump Standards-Version to 3.7.3 (no changes). * Drop the XS- prefix from Vcs-Git and Vcs-Browser fields in debian/control. * Install the upstream ChangeLog. [ Julien Cristau ] * New upstream release (needed for mesa 7.1 and newer xserver). * Note: this release removes the memory manager (TTM) interface used by the i915tex dri driver. * debian/rules: don't call configure with --host if we're not cross-building, and fix some rules dependencies. [ Timo Aaltonen ] * Bump the shlibs to 2.3.1. [ David Nusinow ] * Add NEWS.Debian explaining the change in the last upload to interested administrators. [ Julien Cristau ] * Upload to unstable. * Add myself to uploaders * Patch libdrm to default to device permission 666 so we don't have to do it in xorg.conf. The only way libdrm can do anything is through the server anyway. This can still be overridden by a user's xorg.conf. This change also requires adding quilt to the build-depends * Update my email address in debian/control. * Add XS-Vcs-Git and XS-Vcs-Browser in debian/control. * Upload to unstable. [ Thierry Reding ] * New upstream release. * Set the Debian X Strike Force as maintainer. * Add myself to uploaders. * Add a debugging symbol package for libdrm2. [ Julien Cristau ] * Bump shlibs to libdrm2 >= 2.3.0. * Add myself to uploaders. * Add build-dep on dpkg-dev >= 1.13.19 to make sure that the binary:Version substvar is available. * libdrm2-dbg depends on libdrm2 (= ${binary:Version}). * Don't install libdrm.la, and use dh_install --list-missing. * Non-maintainer upload. * New upstream release. * Bump Standards-Version to 3.7.2, no changes required. * Bump debhelper compatibility to 5 and adjust build-dependency. * Don't try to install pkgconfig files from usr/share/pkgconfig because there is nothing in that directory. * Non-maintainer upload. * New upstream release (closes: #377166). - Includes a fix for FTBFS on GNU/kFreeBSD (closes: #332994). * Manually force static build. * New upstream release - Fixes a pathological hash table smash discovered by the Coverity scanner - updates the installed header files for various new #defines * First upload to Debian * New upstream release. * Change binary package from libdrm1 to libdrm2, following soversion bump. * New upstream version. * Yay for understandable bug reports! *gmprf* * debian/control:libdrm1 =~ s/development/runtime/ (closes: bug#325515) * libdrm.pc.in: add -ldrm to Libs * New upstream * debian/control: it's "Direct Rendering Infraestructure". I was rather sure it stand for interface... thanks Michel. (closes: bug#324514) * debian/control: forgot to actually write this in the file. Build-Depends on libx11-dev. Thanks Kurt (closes: bug#324560) * Forgot to fix the other broken bit :-P * Initial release. Closes: #324074 ==== linux-meta: 5.15.0.57.55 => 5.15.0.60.58 ==== ==== linux-headers-generic linux-headers-virtual linux-image-virtual linux-virtual * Bump ABI 5.15.0-60 * Bump ABI 5.15.0-59 * Bump ABI 5.15.0-58 ==== linux-signed: 5.15.0-57.63 => 5.15.0-60.66 ==== ==== linux-image-5.15.0-60-generic * Master version: 5.15.0-60.66 * SIGNEDv3: add a linux-generate ancillary package (LP: #1989705) - [Packaging] add linux-generate* direct ancillary * Miscellaneous Ubuntu changes - debian/tracking-bug -- update from master * Master version: 5.15.0-59.65 * Master version: 5.15.0-58.64 ==== open-vm-tools: 2:11.3.5-1ubuntu4.1 => 2:12.1.0-1~ubuntu0.22.04.1 ==== ==== open-vm-tools * Backport recent open-vm-tools (LP: #1975767) - Fixes issue with "udevadm trigger" affecting all devices that can cause unwanted side-effects. (LP: #1968354) - Adds new binary open-vm-tools-containerinfo that installs the vRealize Container Info plugin, which captures and publishes information about running containers inside the guest. - Adds new binary open-vm-tools-salt-minion that installs the Salt Minion plugin for event driven IT automation, remote task execution, and configuration management. * [e704b2c] New upstream version 12.1.0 Closes: #1018012 / CVE-2022-31676 * [f9048c4] Remove patches applied upstream * Release 12.0.5 to unstable - also (Closes: #1012814) [ Christian Ehrhardt ] * [827c3e4] New upstream version 12.0.5 (LP: #1971253) (Closes: #1011633) * [0d65b0785] d/copyright: fix whitespace damage * [e831bdcce] d/control,d/rules: salt-minion is not supported or even built on i386/arm64 [ Bryce Harrington ] * [6a499a388] d/control: bump Standards-Version to 4.6.1 (no changes needed) * [e0b695cf9] d/copyright: Update debian copyright to 2022 * [11f2f331d] d/control: Improve plugin description * [aa14fc72b] d/control, d/rules, d/*containerinfo*: add containerinfo plugin * [441d7a31c] d/control, d/rules, d/*salt-minion*: Add salt-minion plugin * [291c71b07] d/copyright: Add myself and Christian * [2eaee7c] Add dependencies for the containerinfo plugin. * [c21ef1d] Fix building containerinfo on i386 %ld is not a 64bit integer on i386. * [5b23cd3] Use G_GINT64_FORMAT instead of lld [ Debian Janitor Bot ] * [b8a7e72] Bump debhelper from old 12 to 13. + Rename debian/open-vm-tools-desktop.tmpfile to debian/open-vm-tools-desktop.tmpfiles. Changes-By: lintian-brush Fixes: lintian: package-uses-old-debhelper-compat-version See-also: https://lintian.debian.org/tags/package-uses-old-debhelper-compat-version.html * [db353fc] Update renamed lintian tag names in lintian overrides. Changes-By: lintian-brush Fixes: lintian: renamed-tag See-also: https://lintian.debian.org/tags/renamed-tag.html * [e836429] Set upstream metadata fields: Archive. Changes-By: lintian-brush [ Bernd Zeimetz ] * [c68b4a7] New upstream version 12.0.0 (Closes: #1006845) * [5e498c2] Refresh patches * [d1a0fb3] udevadm: trigger only for scsi devices on install. Thanks to Benjamin Drung (Closes: #1009194) [ Debian Janitor ] * Remove constraints unnecessary since buster [ Christian Ehrhardt ] * New upstream version 11.3.5 (LP: #1946836) (Closes: #995221) - Closes gcc-11 FTBFS, actually since 11.3.0 (Closes: #984272) * d/rules, d/open-vm-tools.lintian-overrides: The hgfsmounter (mount.vmhgfs) command has been removed from open-vm-tools * d/p/Update-open-vm-tools-to-build-with-either-Fuse-3-or-2.patch: allow to build against fuse 3 * d/rules, d/control: switch to use fuse3 (LP: #1935665) * d/copyright: further fix licenses after consulting SPDX * d/copyright: state multi-license under one glob pattern * d/control: enable arm64 which is ready in 11.3.0 * d/control: drop no more needed net-tools dependency * New upstream version 11.3.0 (Closes: #990163)(LP: #1933143) - d/rules: install new binary vmwgfxctrl into open-vm-tools-desktop - d/rules: add new binary vmware-alias-import to open-vm-tools - d/rules: add new vmsvc plugins libguestStore.so and libgdp.so to open-vm-tools * d/open-vm-tools.maintscript: remove stale conffiles (Closes: #868273) * d/control: add myself to uploaders * Cleanups flagged by tracker.debian.org - d/watch: fix to work with upstreams github tags - d/control: bump Standards-Version to 4.5.1 (no changes needed) * Cleanups for various Lintian findings - d/source/lintian-overrides: allow helper scripts by setting patch-file-present-but-not-mentioned-in-series - d/{open-vm-tools,open-vm-tools-dev}.lintian-overrides tolerate package-name-doesnt-match-sonames - d/{open-vm-tools,open-vm-tools-desktop}.lintian-overrides: tolerate no-manual-page until upstream issue 526 is resolved - d/control: fix skip-systemd-native-flag-missing-pre-depends warning by adding misc:Pre-Depends - d/copyright: rename non allowed license names to fix space-in-std-shortname-in-dep5-copyright warning - d/open-vm-tools-desktop.lintian-overrides: fix setuid override - d/rules: drop no more needed handling of pam vmtoolsd-x64 - d/rules: put libs and .pc files in correct multiarch directories - d/rules: do not ship vmware-vgauth-smoketest (only meant for build&test, per upstream it can wipe system config and therefore should not be shipped after build - upstream issue 527) * d/control: Remove constraints unnecessary since stretch (from Janitor) * [7f14954] Drop max_nic_count patch. See https://github.com/vmware/open-vm-tools/issues/128 for details. * [b54d022] New upstream version 11.2.5 Thanks: John Wolfe Closes: #980190 * [d5d4593] Fix building with new gcc versions * [94ce968] build-depend on libgdk-pixbuf-xlib-2.0-dev Closes: #978262 Thanks to Lucas NUssbaum for the upload reminder. * [447d833] Update upstream source from tag 'upstream/11.2.0' Update to upstream version '11.2.0' with Debian dir 67243748d9ba09fc4e53f1ab4e921e119c981beb Closes: #972732 * [704edba] remove pam-use-common-auth-account patch. Not needed anymore * [f792922] Use upstream pam file for Debian * [5515c98] Don't recommend xserver-xorg-input-vmmouse. Thanks to Raphal Hertzog (Closes: #966465) * [8a31efc] Update upstream source from tag 'upstream/11.1.5' Update to upstream version '11.1.5' with Debian dir 62c70f15b660e7719555a78e6658ced5ca05ca35 Closes: #968688 * [09714a7] Removing patches that were applied upstream * [03d18b3] Fix gcc-10 related issues. (Closes: #957631) [ Christian Ehrhardt ] * [4d69c6a] d/p/lp-1877678-: fixes for the sdmp plugin that is new in 11.1.0. Signed-off-by: Christian Ehrhardt * [38bd11e] d/control: change net-tools dependency to iproute2. Signed-off-by: Christian Ehrhardt [ Bernd Zeimetz ] * [c15c08d] Add net-tools as dependency again. Various scripts still use ifconfig. [ Christian Ehrhardt ] * [6b7d31d] New upstream version 11.1.0 (Closes: #960061) (LP: #1877672) * [3ece93a14] d/control, d/rules, d//*sdmp*: add service discovery plugin (sdmp) (Closes: #960065) (LP: #1877678) Thanks to Oliver Kurth for the initial contribution, changes in addition: - d/control: improve description - rules fix whitespace damage - maintscripts: fixed some whihtespace damage - maintscripts: fixed maintainer scripts per skeletons from dh_make - maintscripts: added the service-active-before-restart check to postinst as well (was only in rm) - maintscripts: use deb-systemd-invoke - d/control: add further dependencies used in sdmp * [e0c9fbc14] remove patches applied upstream in 11.1.0 - d/p/4ee0bd3c8_Rectify-a-log-spew-in-vmsvc-logging-vmware-vmsvc-root.log - d/p/89c0d4445_GitHub-Issue-367.-Remove-references-to-deprecated-G_INLINE_FUNC - d/p/f1f0b812e_add-appinfo-plugin * [f4cf14931] d/rules: drop perm fixup of vm-support as it is properly in /usr/bin/ now * [d71e99e33] lintian: add overrides for intentional cases * [ba27a73eb] d/p/debian/vmxnet_fix_kernel_4.7.patch: drop unused patch * [7488e6e2f] d/copyright: fix tab in text * [8700b5e] Revert "Run vmtoolsd with Nice=-20" After discussing this issue with upstream we came to the conclusion that reverting this is the best option as it is possible to start programs trough vmtoolsd and they would also run with a nice level of -20. Upstream will fix this issue in a sane way. * [8a3a303] Add appinfo plugin. Thanks to Oliver Kurth (Closes: #954958) * [c720d18] Run vmtoolsd with Nice=-20. Ensure that the watchdog is always able to answer. Thanks to Aron Xu (Closes: #953346) * [9d3c1d7] Build-Depend on liblzma-dev. Thanks to Lucas Nussbaum (Closes: #951940) * [eab2f1a] Add vmtoolsd.service alias. Debian's open-vm-tools.service is rather unsuaul and based on the history of the package, so ship an alias. * [b2977cd] Rectify a log spew in vmsvc logging. Upstream commit 4ee0bd3c8ead89541ab7d196fb54e940e397420d When a LSI Logic Parallel SCSI controller sits in PCI bus 0 (SCSI controller 0), the Linux disk device enumeration does not provide a "label" file with the controller name. This results in messages like "GuestInfoGetDiskDevice: Missing disk device name; VMDK mapping unavailable for "/var/log", fsName: "/dev/sda2" repeatedly appearing in the vmsvc logging. The patch converts what previously was a warning message to a debug message and thus avoids the log spew. Thanks to Oliver Kurth (Closes: #950888) * [e302fbf] Depend on lsb-release instead of recommending it. * [7731b26] Update upstream source from tag 'upstream/11.0.5' Update to upstream version '11.0.5' with Debian dir 7744f94a9026a7a3178032ef206d5d5798206fa5 Closes: #949011 * [68e74c1] snapshot changelog * [6ce977f] Refreshing patches [ Christian Ehrhardt ] * [e30fabc] d/p/lp-1855686-Avoid-vmtoolsd-crash-in-HostInfo.patch: fix crash with uncommon lsb_output behavior (LP: #1855686) * [c30953f] gitlab-ci: disable reprotest * [ee6873b] Use upstream patch to fix (ignore) ZFS. * [76c600f] Fix segfault for fs devices without / See https://github.com/vmware/open-vm-tools/issues/378 for details. Thanks to Mo Zhou (Closes: #942692) * [bb36e10] Update upstream source from tag 'upstream/11.0.1' Update to upstream version '11.0.1' with Debian dir 60c0d512096774b9a2a7cc9e4e94556b2893ae8a * [4cfe383] Update Vcs-Git/Browser to point to salsa. * [bc253ad] Remove .travis.yml, add debian/.gitlab-ci.yml * [c92ca3a] Add add_patch.sh script to add patches from upstream. * [1d9b491] Add patch to remove deprecated inline functions * [3e2e307] Rename lintian-override file properly [ goldstar611 ] * [c138871] Ensure VGAuthService starts after AppArmor https://gitlab.com/apparmor/apparmor/issues/13 [ Bernd Zeimetz ] * [28ef841] New upstream version 11.0.0~0 * [f78ed2d] New upstream version 11.0.0 Closes: #940853 * [19efc80] Revert "Revert "Removing libdumbnet-dev."" This reverts commit 31177fab964d92687501ab81774440a9b8d09e39. * [bc14a8b] snapshot changelog * [1c5e9ea] Dropping patches that were picked from upstream [ Bernd Zeimetz ] * [19c646a] gcc9 compatibility. Upstream commit c68172ef7f2d4f116078e2aba82986a8cab0b16e (Closes: #925794) [ Christian Ehrhardt ] * [865763e] Fix other ftbfs with GCC-9 * d/rules: disable address-of-packed-member gcc-9 warnings for pre 11.0 code (LP: #1842301) * d/rules: use modern syntax for disabling deprecated-declarations * d/p/gcc9-Remove-GLib-2.32-deprecated-APIs-from-tools.patch: stop using outdated GLib features Upstream commit a7c141fc * d/p/gcc9-drop-obsolete-G_INLINE_FUNC.patch: stop using deprecated GLib Macro * d/p/gcc9-GStaticRecMutex.patch: stop using deprecated GStaticRecMutex Upstream commit 19ca3e36 * d/p/gcc9-build-error-in-vmblocktest.c.patch: avoid error due to stringop-truncation Upstream commit 553d1283 [ Bernd Zeimetz ] * [0ce2ba2] Policy 4.0.1: The extra priority has been deprecated * [c8760c6] Bumping Standards-Version to 4.4.0 * [a6ed8ce] Don't override dh_builddeb. debian-rules-should-not-use-custom-compression-settings * [bdfd8b5] Remove add_patch script * [be4d889] Update copyright years. * [9ac710e] Remove autotools-dev dependency. * [4296cf4] Fix permissions of udev rules file * [ed11c19] A new lintian override [ Christian Ehrhardt ] * [d79cc9d] d/control: fix postinst missing lsmod/modprobe. Upgrades on open-vm-desktop can trigger errors like the following: /var/lib/dpkg/info/open-vm-tools-desktop.postinst: 5: /var/lib/dpkg/info/open-vm-tools-desktop.postinst: lsmod: not found /var/lib/dpkg/info/open-vm-tools-desktop.postinst: 6: /var/lib/dpkg/info/open-vm-tools-desktop.postinst: modprobe: not found The reason is that kmod isn't a dependency of open-vm-tools-desktop and could be missing e.g. if you installed it in a system container. Once might discuss how useful open-vm-tools-desktop is in that environment but a n issue to fix none the less. Signed-off-by: Christian Ehrhardt [ Bernd Zeimetz ] * [4d3f25f] Fix guest OS reporting for Debian/Buster. Without this fix, open-vm-tools report other4xLinux64Guest instead of Debian/Buster. Reason is the output of lsb_release, which outputs: $ lsb_release -sd Debian GNU/Linux 10 (buster) But the code in open-vm-tools expects '10.'. Thanks to Oliver Kurth (Closes: #934005) * [122e511] Update upstream source from tag 'upstream/10.3.10' Update to upstream version '10.3.10' with Debian dir fb12c7cfc99a9497795475c29306e78d08cc3712 - Closes: #925940 - Bugfix release for the 10.3 series. - Correct and/or improve handling of certain quiesced snapshot failures (shipped as patch in 2:10.3.5-6). - Fix some bad derefs in primary NIC gather code - Fix possible security issue with the permissions of the intermediate staging directory and path. Closes: #925959 - CONSTANT_EXPRESSION_RESULT in TimeUtil_StringToDate() Found by coverity. - Deploypkg log files of linux should not be world readable. They might contain sensitive data. - General code clean-up: - Treat local variables "len" consistently as "size_t" type in Posix_Getmntent_r() - Improve readability of error handling logic in ShrinkDoWipeAndShrink() and remove another line of dead code. - Setting "errno" to ENOENT when there is no passwd entry for the user. - Fix NULL pointer dereference and remove three lines of dead code. - Other changes/fixes, not related to Debian: - Update copyright years - Fix CentOS 7.6 detection - Include vmware/tools/log.h to define g_info (fix for SLES) - Special-case profile loading for StartProgram (Win32 only) - Changes to common source files not applicable to open-vm-tools. (Code used by other vmware tools, unrelated to open-vm-tools). - Bump up the SYSIMAGE_VERSION for VMware tools 10.3.10 * [18de70f] Removing backported patches, shipped in 10.3.10. [ Jean-Baptiste Lallement ] * [0f35aee] Add modaliases to open-vm-tools-desktop. Added Modaliases to open-vm-tools-desktop to auto-discover and auto-install the driver on Ubuntu via ubuntu-drivers. The driver is then installed at installation time and available on first boot for an improved user experience (LP: #1819207) [ Bernd Zeimetz ] * [dc4e1ce] Load vmwgfx module before vmtoolsd starts. As discussed on github in vmware/open-vm-tools#214 we need to load the vmwgfx module before starting vmtoolsd for desktop users. Otherwise it is not able to retrieve the KMS resolutions and resizing the VM desktop fails. Thanks to @thomashvmw @rhertzog (Closes: #924518) [ Christian Ehrhardt ] * [71b468f] make vgauth service execution more reliable. Since d3d47039 "Start vgauth before vmtoolsd" there is a potential race of starting vgauth so early that it might have issues. This was discussed back in the day in [1] to [2], but confirmed to be ok by VMWare. We were all somewhat convinced by this, but a bad feeling remained not only with me but also with Bernd [4]. A recent SRU review denial made me rethink all of it and I think we can make it safer without thwarting the purpose of the original change. Note: Disambiguation of service names used below: vgauth - open-vm-tools.vgauth.service vmtoolsd - open-vm-tools.service fs - systemd-remount-fs.service tmp - systemd-tmpfiles-setup.service cloud-init - cloud-init-local.service Currently we have these dependency requirements: - vgauth should be before vmtoolsd - cloud init should be before vmtoolsd - cloud init has to be really early in general - therefore this is using DefaultDependencies=No That lead to this graph: fs / tmp -> vmtoolsd -> cloud-init And d3d47039 added it to be like: fs / tmp -> vmtoolsd -> cloud-init ^ vgauth --| But there is no need to have vgauth without any pre-dependencies at all. It is only needed to be "before" vmtoolsd, therefore we can make it: fs / tmp -> vgauth -> vmtoolsd -> cloud-init That will make execution of vgauth much less error-prone (even though I have no hard issue to report) while at the same time holding up all known required ordering constraints. [1]: https://bugs.launchpad.net/ubuntu/+source/open-vm-tools/+bug/1804287/comments/3 [2]: https://bugs.launchpad.net/ubuntu/+source/open-vm-tools/+bug/1804287/comments/12 [3]: https://bugs.launchpad.net/ubuntu/+source/open-vm-tools/+bug/1804287/comments/25 [4]: https://github.com/bzed/pkg-open-vm-tools/pull/15#issuecomment-447237910 Signed-off-by: Christian Ehrhardt * [43ec618] Correct and/or improve handling of certain quiesced snapshot failures. Thanks to Oliver Kurth (Closes: #921470) * [54cce3e] Start vmtoolsd after apparmor.service. Github issue #17 [ Alf Gaida ] * [e13792d] udevadm trigger should not fail (Closes: #917642) [ Christian Ehrhardt ] * [d3d4703] Start vgauth before vmtoolsd. VGAuthService needs to be ready when vmtoolsd runs. Certain cases - e.g. Site Recovery Manager failover - will need vgauth to be up. Therefore add an After=vgauth.service dependency to open-vm-tools.service To have vgauth be able start early - and not pull cloud-init back late - it is also required to drop default dependencies which according to VMware is fine to do so. (LP: #1804287) [ Raphal Hertzog ] * [db2a364] Ensure vmwgfx module is loaded before start of vmtoolsd. This avoids a failure to start the resolutionKMS plugin and it's achieved through a drop-in snippet extending open-vm-tools.service adding an ExecStartPre directive loading the module prior to the start of the service. (Closes: #915031) [ Christian Ehrhardt ] * [e6e0ab8] d/rules: fix dangling symlink of vmware-user. Back in 2:9.4.0-1280544-6 vmware-user* was moved to the open-vm-tools-desktop package and some follow on fixes moved bits that were forgotten like the man page. (LP: #1807441) There still is a symlink in /usr/bin/vmware-user that is forgotten in the base package and broken unless open-vm-tools-desktop is installed. Change d/rules to move the symlink as well. Signed-off-by: Christian Ehrhardt * [13d22e5] Breaks and Replaces for moving vmware-user. Signed-off-by: Christian Ehrhardt * [d56826a] Bump breaks and replaces to next version to be released. Signed-off-by: Christian Ehrhardt [ Bernd Zeimetz ] * [e4697c7] Fix race condition between open-vm-tools and systemd-tmpfiles-setup. Thanks to Jean-Louis Dupond (Closes: #914910) * [7061cb7] Update upstream source from tag 'upstream/10.3.5' Update to upstream version '10.3.5' with Debian dir 9315f58cab8ba1356c1e4aa77d714257dc0651f2 * [16acbc3] Remove PrivateTmp=yes. Thanks to Christian Ehrhardt (Closes: #905170) * [72aabb2] Add RequiresMountsFor=/tmp. Thanks to Christopher Odenbach (Closes: #900566) * [96bf0c5] Update upstream source from tag 'upstream/10.3.0' Update to upstream version '10.3.0' with Debian dir ace0137b2d17e039ddac188fdcd15f882119925a * [e5a9b82] Re-add .travis.yml * [83e043f] Refreshing patches * [ea03a58] Update upstream source from tag 'upstream/10.2.5' Update to upstream version '10.2.5' with Debian dir 74e96286320224bb6d5b717034930169514dbd51 * [c1c18d3] Refreshing patches. * [47e50a1] Fix debhelper dep for backports * [34538a5] Make tools.conf useful. Thanks to Dariusz Gadomski (Closes: #889884) * [249d54c] Fix wayland segfault. Adding a patch from Fedora to fix a wayland/gnome related segfault. Thanks to Oliver Kurth (Closes: #887755) * [f0bf956] Add .travis.yml which was removed by gbp. * [892e2f6] Build with gtk3. * [03a655b] Check if debhelper handles \ in systemd units. Thanks to Oliver Kurth (Closes: #886191) * [5bf9301] Drop -dkms package. Thanks to Christian Ehrhardt (Closes: #884656) * [236cdba] Update upstream source from tag 'upstream/10.2.0' Update to upstream version '10.2.0' with Debian dir d5190e486b6beb65ee7ed31c0c23a789b8f60cab (Closes: #884496) * [692beff] snapshot changelog. * [45aa743] Add .travis.yml which was removed by gbp. * [aabeded] Fix dpkg --compare-versions call * [0697425] Better debhelper version parsing. * [390ec09] fix even more makefile bugs. * [6e5fa38] Refreshing patches. Dropping kernel-module related patches. * [cbfec05] Drop dh_autoreconf, not needed anymore. * [d5fef50] autotools-dev is done by dh now. * [b66ab14] use dh_installsystemd * [78a17f1] Remove fixed CXX std setting. * [f96f479] Updated version 10.1.15 from 'upstream/10.1.15' with Debian dir c44394c71e055f4cfd3a15ee578fc9895d64ebb1 * [682790b] Refreshing patches. * [00bc9bb] Build with CXXFLAGS=-std=c++14. Thanks to Rene Engelhard and Oliver Kurth (Closes: #876121) * [6b61376] Re-add .travis.yml. Seems it went missing with the last merge. * [bf07ae8] Work around dh_systemd escaping bugs again. Seems the unit escaping changed with a new dh version. Work around the known and reported fails again. Thanks to Christian Ehrhardt (Closes: #875657) [ Shota Aratono ] * [5ab87bd] Fix scsi timeout setting error on debian stretch * [c0847eb] Fix attempting change setting to unintentional target [ Raphal Hertzog ] * [dc2e27f] Add patch to support resolution switching with KMS. This is needed for proper support of Wayland sessions. (Closes: #872779) * Drop the extra part of the version string. Easier to handle in the short variant. * [6be6a49] Updating watch file. Use tags from github. * [8c25235] Updated version 10.1.10 from 'upstream/10.1.10' with Debian dir 3dddea7985f21457b294b5f554d5ecdf32aabfff * [195cead] Refreshing patches. Removing cve-2015-5191.patch as it is part of the upstream release. * [e6b3fd5] Build using libssl-dev and libxmlsec1-dev. (Closes: #859416) * [dec8df6] Upstream fix for CVE-2015-5191 (Closes: #869633) * [718133e] Enable PrivateTmp for the open-vm-tools.service. * [27689b3] Load the fuse module before mounting /run/vmblock-fuse. Thanks to Norbert Lange (Closes: #860875, #860861) * [008bdde] Don't recommend -dkms for -desktop. The dkms package is clearly not necessary anymore here. Thanks to Oliver Kurth (Closes: #860857) * [ffc37f2] Let -desktop depend on fuse. Mounting fuse filesystems requires mount.fuse - and doing so is required for a working desktop running under VMware. * [cf1f9b3] Ensure /run/vmblock-fuse is mounted properly. - open-vm-tools-desktop.postinst: Add the fuse module if it was not loaded into the kernel before - Handle the mount unit with dh_systemd_* - Ensure /run/vmblock-fuse is mounted before open-vm-tools.service is started. * [1f479db] Do not restart run-vmblock\x2dfuse.mount on upgrades. Restarting won't work if people are using the mountpoint, also it would require to restart vmtoolsd. * Unfortunately mounting the fuse filesystem properly depends on a fix in deb-systemd-invoke, see #861204. * [0aa95b6] Start open-vm-tools before cloud-init-local.service. Required for a working guest customization as reported by VMware. Also add cloud-init to 'Suggests'. Thanks to Sankar Tanguturi (Closes: #859677) * [651cdfe] Depend on iproute2. Necessary for /etc/vmware-tools/scripts/vmware/network. * [ed95c1d] Depend on libssl1.0-dev | libssl-dev. Thanks to Tiago Daitx (Closes: #856569) Makes building the package in Ubuntu easier. * [2750700] Add o-v-t as dependency of o-v-t-dev. Thanks to Andreas Beckmann (Closes: #858494) * [60d1417] Merge tag 'upstream/10.1.5-5055683' Upstream version 10.1.5-5055683 Closes: #856330 10.1.5 is a point release fixing the following issues: - Authentication failure is reported as unknown general system error. Attempts to authenticate through VGAuth service might result in an authentication-specific error such as an expired account or password. The authentication-specific error might then be incorrectly reported as an unknown general system error, similar to the following: CommunicationException: Failed to create temp file on target : A general system error occurred: Unknown error - Unable to backup virtual machines with active Docker containers. This bug should not happen in Debian stretch at all, but might be relevant for backports. - Fix ISO mappings for CentOS/OracleLinux. Not relevant for Debian - Thaw Filesystems if snapshot commit message to VMX fails. - Add missing agent configuration files that were accidentally ignored by .gitignore [ Chris Glass ] * [d55b33f] Point the control file's homepage to the new one. The upstream open-vm-tools switched from sourceforge to github. This simply updates the link to reflect that. Signed-off-by: Chris Glass [ Bernd Zeimetz ] * [f44a9a8] Drop duplicate udev rules. Timeouts are set in 99-vmware-scsi-udev.rules now, shipped by upstream. Thanks to Bernhard Schmidt (Closes: #851240) * [21df3fa] Install vgauth.service. vgauth is a service that allows authentication in the guest using SAML tokens. Necessary for guest operations initiated from the vSphere datacenter. (Closes: #855337) * [17b04da] Override dh_md5sums for arch-dependent packages only. Thanks to Santiago Vila (Closes: #849876) * [fe8ae94] Stay with .gz as compression. * [afb2f52] Use systemd-detect-virt if available. Use systemd-detect-virt to detect VMware platform because vmware-checkvm might misbehave on non-VMware platforms. (RHBZ#1251656) * [1505d5f] Re-indent files properly. * [1b0b7eb] vm-support script needs lspci from pciutils. (RHBZ#1388766) * [1e2eb34] Make dpkg --verify happy now. (Closes: #847221) * [72150f0] Merge tag 'upstream/10.1.0-4449150' Upstream version 10.1.0-4449150 * [d4743dd] Bump dh compat level to 10. * [acce982] Handle open-vm-tools subdirectory as shipped by upstream. * [9047555] Install upstream changelog. * [fafb845] Remove extra \ from md5sums file. See #843163 dpkg: -V fails on files with \ in the name for details. * [1455af1] Refreshing patches. * [776971c] dh_autoreconf_clean doesn't need --sourcedirectory. * [d50714b] Stay with libssl1.0 for now. (Closes: #828476) * [a0c6696] Fix dkms.sh call for new directory structure. * [9295c22] Add .travis.yml from http://travis.debian.net. * [af7da59] Fix building the vmxnet module for kernel 4.7. Thanks to Hilmar Preue (Closes: #836915) * Non-maintainer upload. [ Bernd Zeimetz ] * [0176637] Recommend lsb_release for consistent hostinfo. [ Raphal Hertzog ] * [257c90b] Fix build failure with GCC 6. Thanks to Paul Wise for the patch. (Closes: #812046) * [007eacb] Better check for availability of vmware-checkvm and -rpctool. * [5060f42] Notify vmware when removing open-vm-tools. Thanks to Yanhui He (Closes: #825810) * [f2f4971] Work around wrong dkms versions. * [1be403b] Move vmhgfs-fuse to open-vm-tools. As suggested by various people: vmhgfs-fuse is useful on server installations by mounting it from fstab, without having GTK installed. This closes bzed/pkg-open-vm-tools#4 * [537ed0a] Drop -dbg package. Creating debug packages is handled by dh_strip automatically. * [3bef19a] Updating debian/watch to use github. * [806e1e9] Merge tag 'upstream/10.0.7-3227872' Upstream version 10.0.7-3227872 * [da26597] Merge pull request #3 from rfc1036/usrmerge. Move mount.vmhgfs to /sbin/ Closes: #810274 * [c973a13] Merge tag 'upstream/10.0.5-3227872' Upstream version 10.0.5-3227872 * [d10e230] Auto-update version in open-vm-tools-dkms.dkms * [8b49d5b] fix open-vm-tools-dkms description * [e42d6de] Fix dkms config file. * [b0ae431] Merge tag 'upstream/10.0.0-3000743' Upstream version 10.0.0-3000743 Closes: #797725 * [27f0147] Snapshot changelog * [236554b] Refreshing patches. * [711f1e2] Merge remote-tracking branch 'origin/master' * [bfc0ed3] Remove the vmhgfs module and tools. * [6ab9fc7] Move fuse binaries into open-vm-tools-desktop package. * [2617cef] Use -std=gnu++11 * [e5e0c1f] ensure dh_fixperms runs as root * [4c57986] Remove paths from maintainer scripts. * [03db1df] Fix dkms destination folder. * [fb5a5a1] Merge branch 'master' of github.com:bzed/pkg-open-vm-tools * [ba55c8a] Work around broken cflags from libsigc++. * [c78bd75] Always use vmhgfs-fuse. We want to avoid the need to patch the module for every new kernel. VMware officially supports vmhgfs-fuse for kernels >= 4.0, but it should just work fine for older kernels. (Closes: #800322) * [41f90f1] Make open-vm-tools-dev amd64/i386 instead of all. * [6537e76] Update package version in dkms file. * [c3a1d4a] Add patch to support backing dev info. Thanks to Peter Vrabel (Closes: #794843) * [be97f01] Add missing #DEBHELPER# statement. * [eac5b6a] Updating Standards Version * [a508cfe] Remove path from command in maintainer script. * [085d637] Remove executable bit from config files. * [b084140] Move all dev files into the -dev package. * [ac965de] Fix building vmghfs for kernel >= 4.1. Thanks to Achim Schaefer (Closes: #794707) * [16ca60a] Update gbp config header in debian/gbp.conf. * [a4125bd1] Merge tag 'upstream/9.10.2-2822639' Upstream version 9.10.2-2822639 (Closes: #789722) * Quiescing Filesystems should work as expected. (Closes: #784398) * [d7d898c4] Update package version in dkms file. * [4148c544] Also fix version number in modules/linux/dkms.sh. * [7967f7c1] Fix version number in configure.ac. * [4de8ff44] Add script to update patches. * [52b74910] Merge tag 'upstream/9.10.0-2476743' Upstream version 9.10.0-2476743 (Closes: #781784) * [fddc317d] Refreshing patches for new upstream version. * [7b53f258] Add libmspack-dev as build-dependency. * [6b5841da] Add libssl-dev as build-dependency. * [de52be8e] Add libxerces-c-dev as build-dependency. * [17b2788a] Add libxml-security-c-dev as build-dependency. * [406817b6] Add patch to move from d_alias to d_u.d_alias. Make open-vm-tools build with the recent jessie kernel again. Thanks to Timo Metsala (Closes: #778293) * [8df5b4ac] Adding patch to fix CVE-2014-4199. Thanks to Moritz Muehlenhoff (Closes: #770809) * [6b514014] Fix installation of systemd services. Thanks to Norbert Lange (Closes: #764295) * [1130d9e9] Workaround for buggy dh_systemd_start. * [1d43a9e7] Remove the automount feature for vmblock-fuse. vmtools* checks /etc/mtab and friends for mounted filesystems instead of using stat or something similar. * [b06f93e5] Add mate-panel to xautostart.conf * [26a5da76] Workaround open-vm-tools-desktop upgrade failures. For now just ignore errors while unmounting the fuse-vmblock file system. * [7f362040] Create /tmp/VMwareDnD for vmblock-fuse. * [c5f35c1b] Revert "Fix Breaks and Replaces Fields in debian/control" This reverts commit 34797213251956fbc1451ab1affc7b6c413b7072. [ Norbert Lange ] * [34797213] Fix Breaks and Replaces Fields in debian/control * [aff1eb77] Add udev rule for vsock. The blockdevice is created at /dev/vsock after loading the module, but with 0600 permissions which dont allow access for regular users. This rule fixes the issue by changing perms to 0666 [ Bernd Zeimetz ] * [371e5d30] Move vsock udev rules into open-vm-tools.udev. The vsock module is shipped in the vanilla kernel these days. * [edaeb2fd] Add systemd (auto)mount units for vmblock-fuse. This will hopefully make drag & drop operations work properly. Also add fuse to Recommends of the -desktop package as it is needed to mount fuse filesystems. Thanks to Norbert Lange (Closes: #736812) * [171276e3] Remove update-rcd-params from dh_installinit. Thanks to Remi (Closes: #762695) [ Bernd Zeimetz ] * [b04735fa] Ensure LINUX_BACKPORT is defined in patches/kuid_t-kgid_t-fix-for-3.12. [ Norbert Lange ] * [01aaa407] Fix initramfs hook for the vmxnet module * [5279fa17] Move the dkms module location patch before otehr patches changing the dkms.conf file. this eases adding or removing those patches * [b1db2b5c] Move files belonging to modules in dkms package. Call update-initramfs for the dkms package. Otherwise the initrd wont contain the vmxnet module if you installed the dkms package after the tools package. Move the module scripts to the dmks package. The modules in the dkms package should work without the tools now. [ Bernd Zeimetz ] * [d0ccee4f] Run #DEBHELPER# first in open-vm-tools-dkms.postinst. Otherwise dkms was not called and the module is not built yet. * [f680b4fa] Run update-initramfs in open-vm-tools-dkms.postrm. Otherwise a removed module stays in the initrd. * [ef4bd019] Remove unused DEPRECATED define. The dkms module ftbfs with 3.16 as DEPRECATED is define in the kernel source already. Thanks to Benjamin Kaduk (Closes: #761924) * [5389dd1f] Some more fixes to make dkms build on 3.16 * [4c1f5fa7] Drop dkms.conf patches. Ship the dkms.conf file in debian/local instead. * [805ccb06] Tidying patches. - Removing those for kernel modules we don't build anymore - Taking fixes for current issues from Arch - Sorting patches into from_fedora / from_arch / debian directories. This will break backports to wheezy. * [519191ff] Fix dh_dkms call for new dkms.conf * [d493d4ce] Remove vmware-user-suid-wrapper.1 from open-vm-tools. The manpage belongs to the -desktop package and was accidentally synced from Ubuntu. Thanks to Ralf Treinen (Closes: #757739) [ Bernd Zeimetz ] * [d448e841] Merge tag 'upstream/9.4.6-1770165' Upstream version 9.4.6-1770165 Closes: #756620 * [969fc903] Ensure that vmware-user-suid-wrapper ships a suid bit. * [8067da08] Add -Wno-sizeof-pointer-memaccess gcc option. See http://sourceforge.net/p/open-vm-tools/mailman/message/32550433/ for details. Code quality doesn't seem to be the best :( * [b5ba8c3b] refreshing patches. * [36cd39c6] Updating changelog. * [99f43e95] Revert "Add -Wno-sizeof-pointer-memaccess gcc option." This reverts commit 8067da0891e0fc6a2e55853a103ff2c95fa1f59b. * [bb95d814] Adding a patch from fedora instead of -Wno-sizeof-pointer-memaccess. * [d6b2ad4a] Update manpages. Changes taken from Ubuntu, thanks! * [3768ff7f] Better startup message if not in a vm. Patch taken from Ubuntu (LP: #1289564). * [4d5dec19] Add patch for Debian 7.X os recognition. Official code only handles 7.0 and 7.1. Also maybe 8.x, needs to be tested if it breaks stuff in vmware. * [7b3d23c9] Refreshing patches. * [af20a700] Make patches/kuid_t-kgid_t-fix-for-3.12 compatible with older kernels. Thanks to Norbert Lange for the idea. * [c4df056b] PIC handling in configure is broken. Add --with-pic as configure option and -fPIC to CFLAGS. [ Nicholas Levi Sielicki ] * [eafd8723] Rise the number of supported NICs. There is an arbitrary constant declared limiting the amount of NICs that it supports. I have bumped the limit from 16 to 64 to make this toolset functional for larger setups. (Closes: #756808) * [0ecb889e] Removing old transitional packages. * [5e039b52] Add missing Breaks/Replaces for file moves. * [9d01b21d] Fix vsock removal patch, add some missing "" * [2ae80665] Add e55039c_HGFS-Fix-Linux-client-symlinks patch again. Went missing during a merge conflict. Ouch. * [d7f7e40e] Fix vsock removal patch (avoid { foo;; }) * [9960cb11] Add gbp setting for merge info in changelog. * [645a5350] Remove old patch for the vsock module. Not necessary in the current version anymore. Thanks to Hilmar Preue (Closes: #748202) * [4c8effb7] Fix patch to avoid building vmblock on kernel >= 3.0. No real difference, though, as we don't build kernel modules with configure. * [2cbfa96d] Refreshing patches. * [be59923b] Do not build vsock on kernels >= 3.9 the vsock module was included in the upstream kernel. * [6d36f49e] Move .desktop file into the -desktop package. * [ef406f81] Move /lib/modules-load.d/open-vm-tools.conf to open-vm-tools-dkms. Thanks to Jim Barber (Closes: #748187) * [56742c8c] Revert "Use /run/VMwareDnD instead of /tmp/VMwareDnD." This reverts commit 49dc599d453ed40a1299b9a376755cdbb43e0da2. * [c6df2503] Patch pam.d/vmtoolsd to use common-auth/account. [ Cdric Barboiron ] * [4e45e2e8] Hot apply udev rule for disk timeout * [527525fc] fix syntax-error-in-dep5-copyright * [5f6b2a47] fix malformed-override open-vm-toolbox * [5aabaf79] fix manpage-has-errors-from-man * [f867443c] fix executable-not-elf-or-script match unit file rights in systemd package * [f89024a1] fix file locations in copyright [ Bernd Zeimetz ] * [76dadf83] Add patch for CVE-2013-3237. * [fa7d4a63] Merge pull request #1 from yastupin/master procps, init script and doc * [115b8c49] Better permission handling. Especially for pam.d files and vmware-user-suid-wrapper. * [70fa10d1] Fix vmxnet initramfs-tools hook. Thanks to Norbert Lange * [9d3f3c9b] Move vmware-user-suid-wrapper into desktop package. * [49dc599d] Use /run/VMwareDnD instead of /tmp/VMwareDnD. /tmp/VMwareDnD might be existing already or evil users might try to trick us into doing bad things. Using known directories in /tmp is bad enough not to spend time to try to figure out if the code tries to work around possible attacks. Using a directory in /run is a much safer approach. Proper init scripts will be added at a later point. * [d9467cd9] Dropping lintian override files. Also fixing some lintian warnings. * [a7f7e5bd] Use libprocps-dev instead of libprocps0-dev. * [21214012] Use manpages-desktop as source folder for -desktop. * [31c30832] Revert "Enable building of vmci again." This reverts commit 0d55577cd3c262dbbc2bf79593d6f500f84c4170. Too fast upload, sorry. vmhgfs is indeed (still) broken with vmci. * [0d55577c] Enable building of vmci again. Also patch it to build with 3.12 * [8b23a27d] Revert "Add /mnt/hgfs as hgfs mountpoint." Although the idea from the Ubuntu people to ship the mountpoint in the package is nice, lintian is rather unhappy about it. This reverts commit 1e7d8645e48f601e79eb5771e05272b367fa4eb1. * [46f99c30] Remove procps support for now. Unfortunately the procps package in unstable is rather broken, procps support will be enabled again when the new procps version managed to migrate to testing. * [242d45e4] Pick patch from upstream to build with gcc 4.8 * [ed8f797f] Add script to pick patches from upstream. * [312be5d5] Snapshot changelog. * [c125af80] Use /updates/dkms/ as location for kernel modules. We don't want to mess with files shipped in kernel module packages. * [f63a890c] Bumping Standards-Version, no changes needed. * [1e7d8645] Add /mnt/hgfs as hgfs mountpoint. * [0bcabab3] Fix add_patch script. * [1d436969] Add some more patches to make dkms succeed on recent kernels. Also add dh_autoreconf as we modify configure.ac * [088450dd] Also apply the changs from upstream's 530ef7f for dkms. vmblock should be used via fuse now, vmsync is not needed anymore. * [cf44ff2f] Pick patch from upstream: Harden HostinfoOSData * [21ca2b74] Pick patch from upstream: building on kfreebsd. * [82123155] Use libprocps3-dev instead of libprocps0-dev. * [da76a5e9] Add patch to convert kuid_t/kgid_t to uid_t/gid_t. Building against kernel 3.12 should succeed now. * [91e91538] Pick another fix from upstream to make vmhgfs build on 3.12 * [53ea11a4] Add Vcs Headers to debian/control. * [d19592cc] Revert "Use libprocps3-dev instead of libprocps0-dev." This reverts commit 821231554486ec7ff36cd36e89a6b0ef7c7a5552. Due to procps being completely broken in unstable. * [b85cd491] Taking over the maintenance of open-vm-tools. (Closes: #717381) * [ecccbddd] Adding watch file. * [12cfd169] Merge tag 'upstream/9.4.0-1280544' Upstream version 9.4.0-1280544 * [7e93ef77] Refreshing patches. * [25fe744b] Adding CUSTOM_PROCPS_NAME/CFLAGS to dh_auto_configure call. * [4d1081bc] Importing patches from Ubuntu. As open-vm-tools should just do the right thing, we leave building vmsync enabled to make backporting easier. Thanks to Nate Muench * [a0fae111] Copy upstream's dkms config for dh_dkms. * The new upstream release, together with the flags and new patches mentioned above, makes open-vm-tools build with Kernel 3.11. Thanks to: Jim Barber and Mihai Limbasan Closes: #729540 * QA upload * Fix compilation with Linux 3.10. Thanks to Zack Weinberg for the patch! (Closes: #717154) * Correcting syntax of file entries in copyright. * Adding section override for open-vm-tools-dkms. * Enforcing build with gcc 4.7 for the time being. * Orphaning package. * Dropping obsolete sysvinit initscript start/stop numbers. * Dropping kfreebsd from architecture list, it has never built and nobody seems willing to make it work (neither upstream, porters, nor users). * Adding initial systemd service file from fedora. * Skipping vmsync kernel module for the time being until it has been fixed for the debian specific change introduced in linux 3.8.11-1 that broke it (Closes: #707208). * Renaming debian-specific open-vm-toolbox package to open-vm-tools- desktop for consistency with upstream. * Revamping package descriptions. * Renaming open-vm-dkms to open-vm-tools-dkms for consistent package namespace. * Merging upstream version 9.2.3-1031360. * Removing procps.patch, not needed anymore. * Renumbering patches. * Adding patch from Mathias Krause to fix kernel stack memory leack in vsock module [CVE-2013-3237] (Closes: #706557). * Removing purely cosmetical 'sleep 1' leftover in initscript (Closes: #686200). * Removing all references to my old email address. * Updating to standards version 3.9.4. * Shortening build-depends on procps again. * Updating year in copyright file. * Prefixing patches with 4 digits for consistency. * Tightening diff headers in patches. * Adding dpkg-source local-options to abort on upstream changes. * Dropping dpkg-source compression levels. * Removing init order to network also on start (Closes: #695845). * Correcting daemon name in stop section of the initscript (Closes: #696056). * Removing init order to network (Closes: #695845). * Correcting version number (Closes: #695912). * Don't check for vm on stop in initscript (Closes: #695993). [ Daniel Baumann ] * Switching to xz compression again for jessie. * Loading modules through kmod instead of initscript again for jessie. * Adding sleep during restart in initscript again for jessie. * Removing old dpkg trigger for update-initramfs again for jessie. * Updating of GPL boilerplate in copyright file again for jessie. * Adding bugnumber to previous changelog entries regarding wheezy unblocks. * Merging upstream version 9.2.2-893683. * Adding remote_fs dependency in initscript (Closes: #695845). [ Bernd Zeimetz ] * Handling binNMU/nmu/backports version numbers in rules. [ Daniel Baumann ] * Using suggested start-stop-daemon handling in initscript from Bernd Zeimetz (Closes: #686200). * Adding changelog for 8.8.0+2012.05.21-724730-1+nmu1 (Closes: #687205). * Correcting architecture fields in control. * Keeping vmware-user-suid-wrapper completely in vmware-tools rather than partially in vmware-toolbox (Closes: #686202). * Reverting switch to xz compression to ease wheezy unblock (#683299). * Reverting to load modules through kmod instead of initscript to ease wheezy unblock (#683299). * Reverting added sleep during restart in initscript to ease wheezy unblock (#683299). * Reverting removing old dpkg trigger for update-initramfs to ease wheezy unblock (#683299). * Reverting update of GPL boilerplate in copyright file to ease wheezy unblock (#683299). [ Thijs Kinkhorst ] * Updating dkms.conf to make modules build again, thanks to H.A.J. Koster (Closes: #679886). * Switching to xz compression. * Loading modules through kmod instead of initscript. * Adding sleep during restart in initscript. * Removing old dpkg trigger for update-initramfs. * Updating GPL boilerplate in copyright file. * Calling dh_dkms with version argument (Closes: #677503). [ Bernd Zeimetz ] * Non-maintainer upload to ensure open-vm-tools will be shipped with Wheezy. * Ensure upgrades to not fail due to the broken init script (Closes: #686200) - Fix open-vm-tools init script to stop vmtoolsd properly. - Handle upgrades from a version with broken init script. Try to stop again, just in case. Ignore errors as we don't know how successful the old buggy script was. * Remove the duplicate vmware-suid-wrapper from open-vm-toolbox. The better way would be to ship it in open-vm-toolbox instead of open-vm-tools, but to avoid moving config files from one package into another we will keep it this way for Wheezy. Partly addresses #686202. * Handle binNMU/nmu/backports/... version numbers. The old way to parse the version string from debian/changelog fails on binNMU/nmu/security/... version numbers. Fixing this. (Closes: #686582) [ Daniel Baumann ] * Updating GPL boilerplate in copyright file. * Calling dh_dkms with version argument (Closes: #677503). [ Thijs Kinkhorst ] * Updating dkms.conf to make modules build again, thanks to H.A.J. Koster (Closes: #679886). * Merging upstream version 8.8.0+2012.05.21-724730. [ Michael Dorrington ] * Changed Build-Depends to libprocps0-dev to fix libproc-dev removal (Closes: #659595). [ Daniel Baumann ] * Merging upstream version 8.8.0+2012.03.13-651368: - compatible with linux 3.2 and 3.3 (Closes: #656618). * Updating to debhelper version 9. * Updating to standards version 3.9.3. * Updating copyright file machine-readable format version 1.0. * Building with debhelper dkms support (Closes: #651779, #654249). * Updating procps patch for newest procps library name. * Building without multiarch paths for now. * Merging upstream version 8.8.0+2011.12.20-562307. * Adding patch to correct typo in upstreams dkms configuration (Closes: #651778). * Merging upstream version 8.8.0+2011.11.20-535097. * Adding patch to update build-system for procps-ng. * Merging upstream version 8.8.0+2011.10.26-514583. * Correcting typo in example fstab line of vmhgfs manpage. * Sorting overrides in rules alphabetically. * Compacting copyright file. * Adding udev rule to set timeout for vmware scsi devices (Closes: #609001). * Adding doxygen to build-depends for api documentation. * Adding libcunit1-dev to build-depends for test suites. * Adding dmks package again, it had to be dropped right before the squeeze release (Closes: #632220). * Removing open-vm-source in favour of open-vm-dkms (Closes: #518014). * Minimizing rules file. * Adding open-vm-tools-dev package, containing only the api documentation for now. * Moving package back to main as it is in the same category as xserver-xorg-video-vmware where it was in the first place. * Marking binary architecture-dependend packages as linux and kfreebsd only. * Removing legacy symlink for vmware-user desktop file in vmware- toolbox (Closes: #639811). * Merging upstream version 8.8.0+2011.09.23-491607: - works with binutils-gold (Closes: #556756). * Removing liburiparser-dev from build-depends as upstream dropped unity support. * Building with libproc-dev on amd64 again. * Dropping disabling of dnet support (Closes: #639767). * Merging upstream version 8.4.2+2011.08.21-471295 (Closes: #608823): - building against newer libnotify (Closes: #636344). - works with current kernels (Closes: #614292, #617536, #629980). * Updating maintainer and uploaders fields. * Removing vcs fields. * Removing references to my old email address. * Updating years in copyright file. * Updating to standards version 3.9.2. * Updating to debhelper version 8. * Switching to source format 3.0 (quilt). * Removing manual chrpath setting. * Removing exclusion from plugins from debhelper shlibs. * Rediffing kvers.patch. * Updating packaging for new upstream version. * Merging upstream version 8.4.2-261024. * Re-enabling vmmemctl (Closes: #606327). * Re-enabling pvscsi. * Re-enabling vmxnet3. * Rediffing kvers.patch. * Updating modules to standards version 3.9.1. * Removing dkms package, doesn't work with 8.4.2 yet. * Excluding plugins from shlibdeps. * Setting rpath for plugins. * Updating local Makefile to inject symvers files to fix vmhgfs and vsock modules, thanks to Joe Gooch (Closes: #579721). * Updating standards version to 3.9.1. * Removing vmmemctl fom initscript (Closes: #588356). * Merging upstream version 2010.06.16-268169. * Updating standards version to 3.9.0. * Updating README.source. * Rediffing kvers.patch. * Dropping procps.patch, not required anymore. * Updating packaging for upstreams vmmemctl module removal. * Dropping la files. * Updating rules for pvscsi removal (Closes: #581160). * Merging upstream version 2010.04.25-253928. * Updating packaging for upstreams pvscsi module removal. * Removing remote_fs from initscript again (Closes: #577163). * Updating lintian overrides for open-vm-tools. * Updating date and version in manpage headers. * Adding manpage for vmxnet3. * Adding manpage for vmci. * Fixing spelling typo in vmsync manpage. * Adding manpage for vmsock. * Update formating of newly added manpages. * Adding vmware-toolbox-cmd manpage. * Adding guestlib manpage. * Adding libvmtools manpage. * Renaming guestlib manpage to libguestlib. * Including vmware-toolbox-cmd manpage in open-vm-tools package. * Updating initscript start/stop declarations (Closes: #576843, #577163). * Adding misc depends. * Running open-vm-dkms postinst script with set -e. * Adding remote_fs to init depends. * Avoid including license files in open-vm-dkms. * Marking makefiles in open-vm-dkms executable to please lintian. * Adding make to open-vm-dkms depends. * Also stopping in runlevel 1. * Addding dkms support based on the work of Evan Broder on the ubuntu package (Closes: #516251). * Simplyfing initramfs triggers (Closes: #516355). * Merging upstream version 2010.03.20-243334. * Moving local Makefile to subdirectory. * Adding build-depends to libfuse-dev. * Updating to standards 3.8.4. * Merging upstream version 2010.02.23-236320. * Updating year in copyright file. * Merging upstream version 2010.01.19-226760. * Correcting plugins handling (Closes: #564069). * Updating packaging for upstreams vmxnet3 module removal. * Updating packaging for upstreams test plugin removal. * Adding explicit debian source version 1.0 until switch to 3.0. * Merging upstream version 2009.12.16-217847. * Rediffing kvers.patch. * Rediffing procps.patch. * Merging upstream version 2009.11.16-210370. * Moving vmusr plugins from open-vm-tools to open-vm-toolbox (Closes: #539282, #557215). * Correcting plugin location (Closes: #545222, #549044). * Dropping la files (Closes: #551626). * Adding open-vm-toolbox lintian overrides. * Removing test plugin. * Removing unused plugin symlinks. * Merging upstream version 2009.10.15-201664. * Adding maintainer homepage field in control. * Adding README.source. * Updating, sorting and wrapping depends. * Merging upstream version 2009.09.18-193784. * Moving maintainer homepage from control to copyright. * Updating README.source. * Merging upstream version 2009.08.24-187411. * Updating maintainer field. * Updating vcs fields. * Updating package to standards version 3.8.3. * Temporarily building without dumbnet, the recently uploaded new dumbnet upstream version broke down (Closes: #539006). * Using more common name to store local debian additions. * Merging upstream version 2009.07.22-179896. * Adding libnotify-dev to build-depends. * Adding symlinks for plugins. * Updating vmtoolsd call in init script. * Adding missing files to module source, thanks to Brian Kroth (Closes: #525816, #531936, #532293). * Building binary modules with neither module-assistant nor kernel- package is not supported by upstream (Closes: #518014). * Cleaning up module source by removing unecessary files. * Correcting typo in rules for setting configure flags on amd64 (Closes: #531414). * Merging upstream version 2009.06.18-172495. * Updating to standards 3.8.2. * Updating year in copyright file. * Correcting vcs fields in modules control file. * Building without procps on amd64 as a temporary workaround (Closes: #531429). * Adding procps to build-depends (Closes: #531414). * Adding patch for configure to not hardcode procps version. * Merging upstream version 2009.05.22-167859. * Merging upstream version 2009.04.23-162451. * Removing vmware-guestd manpage, dropped by upstream and not included anymore. * Using correct rfc-2822 date formats in changelog. * Correcting patch system depends (Closes: #520493). * Updating section of debug packages. * Merging upstream version 2009.03.18-154848. * Updating debian files to match vmware-guestd to vmtoolsd migration. * Using quilt rather than dpatch. * Renaming debian manpages subdirectory for consistency reasons. * Updating standards to 3.8.1. * Manually handling modprobe file rename from lenny to squeeze (Closes: #519935). * Updating kvers.dpatch. * Using debhelper to install vmxnet modprobe file. * Merging upstream version 2009.02.18-148847. * Enabling unity support, uriparser 0.7 is finally available. * Adding libgtkmm-2.4-dev to build-depends. * Always prefering vmxnet over pcnet32 through modprobe and initramfs configuration (Closes: #502365). * Merging upstream version 2009.01.21-142982. * Merging upstream version 2008.12.23-137496. * Also unload vmxnet module in initscript when starting as a workaround of having vmxnet already loaded at initramfs stage. Thanks to Russ Allbery (Closes: #510935). * Replacing obsolete dh_clean -k with dh_prep. * Merging upstream version 2008.11.18-130226. * Updating debian directory for addition of pvscsi and vmxnet3 modules. * Correcting typo in dh_installinit call. * Downgrading depends on module-assistant to recommends. * Using patch-stamp rather than patch in rules file. * Merging upstream version 2008.10.10-123053. * Updating kvers.dpatch. * Updating kvers.dpatch (Closes: #498620). * Updating initscript to correctly handle vmxnet (Closes: #479090, #488810). * Merging upstream version 2008.09.03-114782. * Updating rules to new location of the config.guess and config.sub files. * Updating vcs fields in control file. * Removing destdir.dpatch, not needed anymore. * Adjusting rules to upstream changes with respect to the pixmap files. * Disabling unity, uiparser is too old (see #493073). * Adding build-depends to liburiparser-dev for new unity feature. * Adding build-depends to libxss-dev for new unity feature. * Updating to add new vmci and vsock modules. * Merging upstream version 2008.08.08-109361. * Replacing /lib64 with /lib in /etc/pam.d/vmware-guestd-x64. * Fixing FTBFS on amd64 by renaming /etc/pam.d/vmware-guestd-x64 to /etc/pam.d/vmware-guestd. * Adding manpages. * Stop removing setuid from /sbin/mount.vmhgfs. * Extending vmxnet_needed() in initscript to also check for availability of vmxnet.ko for the running kernel, otherwise don't attempt to load vmxnet (Closes: #488810). * Adding suggests to xdg-utils in open-vm-toolbox. * Using modprobe -r rather than rmmod in initscript. * Starting initscript at position 20, which is before networking comes up (Closes: #479090). * Adding vmware-user symlink to xdg autostart. * Adding symlink from mount.vmhgfs to old vmware-hgfsmounter name. * Removing executable bit for /etc/pam.d/vmware-guestd file. * Merging upstream version 2008.07.01-102166. * Dropping autobuild patch in favour for upstreams new --without- kernel-modules configure switch. * Merging upstream version 2008.06.20-100027. * Adding debug package. * Splitting open-vm-tools into open-vm-tools (CLI tools) and open-vm- toolbox (GUI tools) (Closes: #467042). * Updating rules file for upstream version 2008.06.03-96374. * Adding patch to make build-system respect again. * Adding xauth to recommends of open-vm-tools (Closes: #487088). * Adding patch to avoid building kernel modules in this new upstream version. * Merging upstream version 2008.06.03-96374 (Closes: #484242). * Updating to standards 3.8.0. * Updating location of vmware-checkvm in init script (Closes: #483056). * Correcting typo in mount.vmhgfs symlink (Closes: #474694). * Moving mount.vmhgfs from /usr/sbin to /sbin, thanks to Lea Wiemann (Closes: #474694). * Also loading and unloading vmsync module in init script, thanks to Lea Wiemann (Closes: #481001). * Moving vmware-checkvm from /usr/sbin to /usr/bin, thanks to Lea Wiemann (Closes: #481004). * Using lintian debhelper to install lintian overrides. * Correcting manpage section of module-assistant in README.Debian. * Removing debian todo file. * Merging upstream version 2008.05.15-93241. * Adding libicu-dev to build-depends. * Merging upstream version 2008.05.02-90473. * Correcting wrong email address in changelog file. * Including vmware support scripts (Closes: #469160). * Correcting symlink for vmware-hgfsmounter (Closes: #474694). * Updating rules to cover new component xferlogs. * Adding libdumbnet-dev to build-depends. * Adding libproc-dev to build-depends. * Merging upstream version 2008.04.14-87182. * Adding open-vm-source to open-vm-tools recommends (Closes: #471784). * Adding zerofree to open-vm-tools suggests, thanks to Thibaut Paumard (Closes: #472799). * Updating vcs fields in control. * Updating package to debhelper 7. * Rewriting copyright in machine-interpretable format. * Cleaned up copyright. * Fixing pathes and binary names in init script (Closes: #469146). * Adding upstream version 2008.02.13-77928. * Adding vcs fields in control. * Removing watch file. * Correcting wrong manpage section of module-assistant in README.Debian. * Correcting wrong filename of module-source tarball in README.Debian. * Updating formating of README.Debian. * Removing config.guess and config.sub from the debian diff. * Reverting config.guess and config.sub to upstream. * Adding vmware-guestd init script (Closes: #465276). * New upstream release. * Fixing manpage section in README.Debian. * Bumping package to debhelper 6. * Bumping package to policy 3.7.3. * Also removing user/ in clean target of rules. * Adding open-vm-source package for module source. * Upload to unstable. * New upstream release. * Moving package to contrib (Closes: #445439). * Limiting architectures to amd64 and i386 (Closes: #445374). * Initial release (Closes: #441905). ==== openssh: 1:8.9p1-3 => 1:8.9p1-3ubuntu0.1 ==== ==== openssh-client openssh-server openssh-sftp-server * d/p/fix-poll-spin.patch: Fix poll(2) spin when a channel's output fd closes without data in the channel buffer. (LP: #1986521) ==== openssl: 3.0.2-0ubuntu1.7 => 3.0.2-0ubuntu1.8 ==== ==== libssl3:amd64 openssl * SECURITY UPDATE: X.509 Name Constraints Read Buffer Overflow - debian/patches/CVE-2022-4203-1.patch: fix type confusion in nc_match_single() in crypto/x509/v3_ncons.c. - debian/patches/CVE-2022-4203-2.patch: add testcase for nc_match_single type confusion in test/*. - CVE-2022-4203 * SECURITY UPDATE: Timing Oracle in RSA Decryption - debian/patches/CVE-2022-4304.patch: fix timing oracle in crypto/bn/bn_blind.c, crypto/bn/bn_local.h, crypto/bn/build.info, crypto/bn/rsa_sup_mul.c, crypto/rsa/rsa_ossl.c, include/crypto/bn.h. - CVE-2022-4304 * SECURITY UPDATE: Double free after calling PEM_read_bio_ex - debian/patches/CVE-2022-4450-1.patch: avoid dangling ptrs in header and data params for PEM_read_bio_ex in crypto/pem/pem_lib.c. - debian/patches/CVE-2022-4450-2.patch: add a test in test/pemtest.c. - CVE-2022-4450 * SECURITY UPDATE: Use-after-free following BIO_new_NDEF - debian/patches/CVE-2023-0215-1.patch: fix a UAF resulting from a bug in BIO_new_NDEF in crypto/asn1/bio_ndef.c. - debian/patches/CVE-2023-0215-2.patch: check CMS failure during BIO setup with -stream is handled correctly in test/recipes/80-test_cms.t, test/smime-certs/badrsa.pem. - CVE-2023-0215 * SECURITY UPDATE: Invalid pointer dereference in d2i_PKCS7 functions - debian/patches/CVE-2023-0216-1.patch: do not dereference PKCS7 object data if not set in crypto/pkcs7/pk7_lib.c. - debian/patches/CVE-2023-0216-2.patch: add test for d2i_PKCS7 NULL dereference in test/recipes/25-test_pkcs7.t, test/recipes/25-test_pkcs7_data/malformed.pkcs7. - CVE-2023-0216 * SECURITY UPDATE: NULL dereference validating DSA public key - debian/patches/CVE-2023-0217-1.patch: fix NULL deference when validating FFC public key in crypto/ffc/ffc_key_validate.c, include/internal/ffc.h, test/ffc_internal_test.c. - debian/patches/CVE-2023-0217-2.patch: prevent creating DSA and DH keys without parameters through import in providers/implementations/keymgmt/dh_kmgmt.c, providers/implementations/keymgmt/dsa_kmgmt.c. - debian/patches/CVE-2023-0217-3.patch: do not create DSA keys without parameters by decoder in crypto/x509/x_pubkey.c, include/crypto/x509.h, providers/implementations/encode_decode/decode_der2key.c. - CVE-2023-0217 * SECURITY UPDATE: X.400 address type confusion in X.509 GeneralName - debian/patches/CVE-2023-0286.patch: fix GENERAL_NAME_cmp for x400Address in crypto/x509/v3_genn.c, include/openssl/x509v3.h.in, test/v3nametest.c. - CVE-2023-0286 * SECURITY UPDATE: NULL dereference during PKCS7 data verification - debian/patches/CVE-2023-0401-1.patch: check return of BIO_set_md() calls in crypto/pkcs7/pk7_doit.c. - debian/patches/CVE-2023-0401-2.patch: add testcase for missing return check of BIO_set_md() calls in test/recipes/80-test_cms.t, test/recipes/80-test_cms_data/pkcs7-md4.pem. - CVE-2023-0401 ==== pam: 1.4.0-11ubuntu2 => 1.4.0-11ubuntu2.3 ==== ==== libpam-modules-bin libpam-modules:amd64 libpam-runtime libpam0g:amd64 * SECURITY REGRESSION: fix CVE-2022-28321 patch location - debian/patches-applied/CVE-2022-28321.patch: pam_access: handle hostnames in access.conf - CVE-2022-28321 * SECURITY UPDATE: authentication bypass vulnerability - debian/patches/CVE-2022-28321.patch: pam_access: handle hostnames in access.conf - CVE-2022-28321 ==== python-apt: 2.3.0ubuntu2.1 => 2.4.0 ==== ==== python-apt-common python3-apt [ Julian Andres Klode ] * 2.4.0 marks this as a stable upstream release series. * AcquireFile: Handle large files (LP: #1998265) * .gitlab-ci.yml: Test in jammy and fix mypy version to jammy * Update mirror lists * debian/gbp.conf: Point at 2.4.y branch * d/t/control: Add missing binutils test dependency [ Michael Vogt ] * apt: fix mypy in apt.progress.text.AcquireProgress (LP: #1998488) ==== setuptools: 59.6.0-1.2 => 59.6.0-1.2ubuntu0.22.04.1 ==== ==== python3-pkg-resources python3-setuptools * SECURITY UPDATE: ReDOS in package_index.py - debian/patches/CVE-2022-40897.patch: Limit the amount of whitespace to search/backtrack in setuptools/package_index.py. - CVE-2022-40897 ==== snapd: 2.57.5+22.04ubuntu0.1 => 2.58+22.04 ==== ==== snapd * New upstream release, LP: #1998462 - many: Use /tmp/snap-private-tmp for per-snap private tmps - data: Add systemd-tmpfiles configuration to create private tmp dir - cmd/snap: test allowed and forbidden refresh hold values - cmd/snap: be more consistent in --hold help and err messages - cmd/snap: error on refresh holds that are negative or too short - o/homedirs: make sure we do not write to /var on build time - image: make sure file customizations happen also when we have defaultscause - tests/fde-on-classic: set ubuntu-seed label in seed partitions - gadget: system-seed-null should also have fs label ubuntu-seed - many: gadget.HasRole, ubuntu-seed can come also from system-seed- null - o/devicestate: fix paths for retrieving recovery key on classic - cmd/snap-confine: do not discard const qualifier - interfaces: allow python3.10+ in the default template - o/restart: fix PendingForSystemRestart - interfaces: allow wayland slot snaps to access shm files created by Firefox - o/assertstate: add Sequence() to val set tracking - o/assertstate: set val set 'Current' to pinned sequence - tests: tweak the libvirt interface test to work on 22.10 - tests: use system-seed-null role on classic with modes tests - boot: add directory for data on install - o/devicestate: change some names from esp to seed/seed-null - gadget: add system-seed-null role - o/devicestate: really add error to new error message - restart,snapstate: implement reboot-required notifications on classic - many: avoid automatic system restarts on classic through new overlord/restart logic - release: Fix WSL detection in LXD - o/state: introduce WaitStatus - interfaces: Fix desktop interface rules for document portal - client: remove classic check for `snap recovery --show- keys` - many: create snapd.mounts targets to schedule mount units - image: enable sysfs overlay for UC preseeding - i/b/network-control: add permissions for using AF_XDP - i/apparmor: move mocking of home and overlay conditions to osutil - tests/main/degraded: ignore man-db update failures in CentOS - cmd/snap: fix panic when running snap w/ flag but w/o subcommand - tests: save snaps generated during image preaparation - tests: skip building snapd based on new env var - client: remove misleading comments in ValidateApplyOptions - boot/seal: add debug traces for bootchains - bootloader/assets: fix grub.cfg when there are no labels - cmd/snap: improve refresh hold's output - packaging: enable BPF in RHEL9 - packaging: do not traverse filesystems in postrm script - tests: get microk8s from another branch - bootloader: do not specify Core version in grub entry - many: refresh --hold follow-up - many: support refresh hold/unhold to API and CLI - many: expand fully handling links mapping in all components, in the API and in snap info - snap/system_usernames,tests: Azure IoT Edge system usernames - interface: Allow access to org.freedesktop.DBus.ListActivatableNames via system-observe interface - o/devicestate,daemon: use the expiration date from the assertion in user-state and REST api (user-removal 4/n) - gadget: add unit tests for new install functions for FDE on classic - cmd/snap-seccomp: fix typo in AF_XDP value - tests/connected-after-reboot-revert: run also on UC16 - kvm: allow read of AMD-SEV parameters - data: tweak apt integration config var - o/c/configcore: add faillock configuration - tests: use dbus-daemon instead of dbus-launch - packaging: remove unclean debian-sid patch - asserts: add keyword 'user-presence' keyword in system-user assertion (auto-removal 3/n) - interfaces: steam-support allow pivot /run/media and /etc/nvidia mount - aspects: initial code - overlord: process auto-import assertion at first boot - release, snapd-apparmor, syscheck: distinguish WSL1 and WSL2 - tests: fix lxd-mount-units in ubuntu kinetic - tests: new variable used to configure the kernel command line in nested tests - go.mod: update to newer secboot/uc22 branch - autopkgtests: fix running autopkgtest on kinetic - tests: remove squashfs leftovers in fakeinstaller - tests: create partition table in fakeinstaller - o/ifacestate: introduce DebugAutoConnectCheck hook - tests: use test-snapd-swtpm instead of swtpm-mvo snap in nested helper - interfaces/polkit: do not require polkit directory if no file is needed - o/snapstate: be consistent not creating per-snap save dirs for classic models - inhibit: use hintFile() - tests: use `snap prepare-image` in fde-on-classic mk-image.sh - interfaces: add microceph interface - seccomp: allow opening XDP sockets - interfaces: allow access to icon subdirectories - tests: add minimal-smoke test for UC22 and increase minimal RAM - overlord: introduce hold levels in the snapstate.Hold* API - o/devicestate: support mounting ubuntu-save also on classic with modes - interfaces: steam-support allow additional mounts - fakeinstaller: format SystemDetails result with %+v - cmd/libsnap-confine-private: do not panic on chmod failure - tests: ensure that fakeinstaller put the seed into the right place - many: add stub services for prompting - tests: add libfwupd and libfwupdplugin5 to openSUSE dependencies - o/snapstate: fix snaps-hold pruning/reset in the presence of system holding - many: add support for setting up encryption from installer - many: support classic snaps in the context of classic and extended models - cmd/snap,daemon: allow zero values from client to daemon for journal rate limit - boot,o/devicestate: extend HasFDESetupHook to consider unrelated kernels - cmd/snap: validation set refresh-enforce CLI support + spread test - many: fix filenames written in modeenv for base/gadget plus drive- by TODO - seed: fix seed test to use a pseudo-random byte sequence - cmd/snap-confine: remove setuid calls from cgroup init code - boot,o/devicestate: introduce and use MakeRunnableStandaloneSystem - devicestate,boot,tests: make `fakeinstaller` test work - store: send Snap-Device-Location header with cloud information - overlord: fix unit tests after merging master in - o/auth: move HasUserExpired into UserState and name it HasExpired, and add unit tests for this - o/auth: rename NewUserData to NewUserParams - many: implementation of finish install step handlers - overlord: auto-resolve validation set enforcement constraints - i/backends,o/ifacestate: cleanup backends.All - cmd/snap-confine: move bind-mount setup into separate function - tests/main/mount-ns: update namespace for 18.04 - o/state: Hold pseudo-error for explicit holding, concept of pending changes in prune logic - many: support extended classic models that omit kernel/gadget - data/selinux: allow snapd to detect WSL - overlord: add code to remove users that has an expiration date set - wrappers,snap/quota: clear LogsDirectory= in the service unit for journal namespaces - daemon: move user add, remove operations to overlord device state - gadget: implement write content from gadget information - {device,snap}state: fix ineffectual assignments - daemon: support validation set refresh+enforce in API - many: rename AddAffected* to RegisterAffected*, add Change|State.Has, fix a comment - many: reset store session when setting proxy.store - overlord/ifacestate: fix conflict detection of auto-connection - interfaces: added read/write access to /proc/self/coredump_filter for process-control - interfaces: add read access to /proc/cgroups and /proc/sys/vm/swappiness to system-observe - fde: run fde-reveal-key with `DefaultDependencies=no` - many: don't concatenate non-constant format strings - o/devicestate: fix non-compiling test - release, snapd-apparmor: fixed outdated WSL detection - many: add todos discussed in the review in tests/nested/manual/fde-on-classic, snapstate cleanups - overlord: run install-device hook during factory reset - i/b/mount-control: add optional `/` to umount rules - gadget/install: split Run in several functions - o/devicestate: refactor some methods as preparation for install steps implementation - tests: fix how snaps are cached in uc22 - tests/main/cgroup-tracking-failure: fix rare failure in Xenial and Bionic - many: make {Install,Initramfs}{{,Host},Writable}Dir a function - tests/nested/manual/core20: fix manual test after changes to 'tests.nested exec' - tests: move the unit tests system to 22.04 in github actions workflow - tests: fix nested errors uc20 - boot: rewrite switch in SnapTypeParticipatesInBoot() - gadget: refactor to allow usage from the installer - overlord/devicestate: support for mounting ubuntu-save before the install-device hook - many: allow to install/update kernels/gadgets on classic with modes - tests: fix issues related to dbus session and localtime in uc18 - many: support home dirs located deeper under /home - many: refactor tests to use explicit strings instead of boot.Install{Initramfs,Host}{Writable,FDEData}Dir - boot: add factory-reset cases for boot-flags - tests: disable quota tests on arm devices using ubuntu core - tests: fix unbound SPREAD_PATH variable on nested debug session - overlord: start turning restart into a full state manager - boot: apply boot logic also for classic with modes boot snaps - tests: fix snap-env test on debug section when no var files were created - overlord,daemon: allow returning errors when requesting a restart - interfaces: login-session-control: add further D-Bus interfaces - snapdenv: added wsl to userAgent - o/snapstate: support running multiple ops transactionally - store: use typed valset keys in store package - daemon: add `ensureStateSoon()` when calling systems POST api - gadget: add rules for validating classic with modes gadget.yaml files - wrappers: journal namespaces did not honor journal.persistent - many: stub devicestate.Install{Finish,SetupStorageEncryption}() - sandbox/cgroup: don't check V1 cgroup if V2 is active - seed: add support to load auto import assertion - tests: fix preseed tests for arm systems - include/lk: update LK recovery environment definition to include device lock state used by bootloader - daemon: return `storage-encryption` in /systems/