mono (2.10.8.1-1ubuntu2.3) precise-security; urgency=medium * SECURITY UPDATE: denial of service via use after free - debian/patches/CVE-2011-0992.patch: fix access to freed members of a dead thread in mono/metadata/threads.c. - CVE-2011-0992 * SECURITY UPDATE: denial of service via hash collision - debian/patches/CVE-2012-3543.patch: add a better hash provider to mcs/class/System.Web/System.Web.UI/Page.cs, mcs/class/System.Web/System.Web.Util/SecureHashCodeProvider.cs, mcs/class/System.Web/System.Web.dll.sources, mcs/class/System.Web/System.Web/WebROCollection.cs. - CVE-2012-3543 * SECURITY UPDATE: TLS impersonation attack - debian/patches/CVE-2015-2318.patch: add handshake state validation to mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs, mcs/class/Mono.Security/Mono.Security.Protocol.Tls/Context.cs, mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs, mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ServerRecordProtocol.cs. - CVE-2015-2318 * SECURITY UPDATE: FREAK attack vulnerability - debian/patches/CVE-2015-2319.patch: remove EXPORT ciphers from mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs, mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs, mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslCipherSuite.cs, mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs, mcs/class/Mono.Security/Mono.Security.Protocol.Tls/TlsCipherSuite.cs. - CVE-2015-2319 * SECURITY UPDATE: SSLv2 support - debian/patches/CVE-2015-2320.patch: remove client-side SSLv2 fallback in mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs. - CVE-2015-2320 * debian/source/options: Don't use single-debian-patch for Ubuntu. -- Marc Deslauriers Fri, 20 Mar 2015 14:30:11 -0400 mono (2.10.8.1-1ubuntu2.2) precise-security; urgency=low * SECURITY UPDATE: cross-site scripting vulnerability - debian/patches/CVE-2012-3382.patch: properly escape error message in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs. - CVE-2012-3382 -- Marc Deslauriers Tue, 24 Jul 2012 13:29:38 -0400 mono (2.10.8.1-1ubuntu2.1) precise-proposed; urgency=low * configure.in: search multiarch paths for libX11 (LP: #1008212) changes the dllmap in /etc/mono/config to the versioned library -- Julian Taylor Sun, 03 Jun 2012 22:46:30 +0200 mono (2.10.8.1-1ubuntu2) precise; urgency=low * debian/monodoc-base.postinst: Add '|| true' to the update-monodoc call so that it doesn't cause upgrades to fail due to the trigger being called prior to GTK# being upgraded (LP: #972751) -- Andrew Mitchell Wed, 04 Apr 2012 18:08:25 +1200 mono (2.10.8.1-1ubuntu1) precise; urgency=low * debian/mono.runtime-script: Don't use File::Basename, because it's not actually being *used*, and the 'use' statement causes failures if this script is called while perl-base and perl-modules are not in a consistent state. LP: #948848. -- Steve Langasek Thu, 22 Mar 2012 23:00:53 -0700 mono (2.10.8.1-1) unstable; urgency=low [ Jb Evain ] * [b31e994] [mono-api-info] try to read local files before using the resolver [ Mirco Bauer ] * [e6134cc] Imported Upstream version 2.10.8.1 * [e8b34c9] Added s390x specific symbols to libmono-2.0-1.symbols.s390x * [ad7a051] Copied armel specific symbols to libmono-2.0-1.symbols.armhf * [1001d95] Added new symbol to libmono-2.0-1.symbols * [c17bea6] Build mono-api-diff and MonoGetAssemblyName with dmcs instead of gmcs * [1388ad0] Bumped clilibs of libmono-system4.0-cil, libmono-sqlite{2,4}.0-cil and libmono-microsoft-build-framework4.0-cil to >= 2.10.7 * [7bb7153] Added -a switch (ABI) to mono-api-check * [b35dd98] Imported Upstream version 2.10.8.1 * [a251cb0] Fixed typo in package short description of libmono-webmatrix-data4.0-cil (closes: #656671) * [b35dd98] Imported Upstream version 2.10.8.1 * [03f5030] Updated RUN_MONO variable for a 4.0 runtime -- Mirco Bauer Sun, 05 Feb 2012 19:21:10 +0100 mono (2.10.5-2) unstable; urgency=low [ Mirco Bauer ] * Upload to unstable [ Sebastien Pouliot ] * [80b0a2d] Add support for validating RSA-based X.509 certifcates using SHA256 * [977f0e0] Avoid ANE when a key algorithm parameters is really null (not just ASN.1 null) * [83468f9] Avoid throwing when verifying an RSA certificate with dsaSHA1 * [2050ee0] Add MD4, SHA384 and SHA512 signature verification to X.509 certificates * [ab80293] Fix X.500 DN comparison * [d864bce] Avoid throwing an ANE on an invalid X.509 extension * [ab2997c] Add entries for MD4 in machine.config -- Mirco Bauer Mon, 16 Jan 2012 04:50:58 +0100 mono (2.10.5-1) experimental; urgency=low * [854fa78] Imported Upstream version 2.10.5 -- Mirco Bauer Thu, 25 Aug 2011 22:26:08 +0200 mono (2.10.4-3) experimental; urgency=low [ Jo Shields ] * [985d2ae] Revert "[xbuild] Make Engine.DefaultToolsVersion 2.0 ." This reverts commit 4010c69c7d61223c73f111be2d79c4a440b70b45. -- Mirco Bauer Mon, 22 Aug 2011 22:44:41 +0200 mono (2.10.4-2) experimental; urgency=low * [77d26a4] Fixed failing upgrade of libmono-webbrowser0.5-cil to libmono-webbrowser2.0-cil with conflicts/replaces -- Mirco Bauer Fri, 12 Aug 2011 21:19:36 +0200 mono (2.10.4-1) experimental; urgency=low [ Mirco Bauer ] * New upstream (bugfix) release * [6a8fc99] Install mono-api-diff.exe in mono/4.0 * [85bc08e] Imported Upstream version 2.10.4 * [113d0f0] Wrapped too long debian/changelog lines [ Miguel de Icaza ] * [03ceab5] Do not throw if we get a RunAndCollect -- Mirco Bauer Thu, 11 Aug 2011 21:32:53 +0200 mono (2.10.3-1) experimental; urgency=low * The "from Xamarin with love" release [ Mirco Bauer ] * [5f13e09] Updated download URL in debian/watch * [4abf062] Added desktop file for mono with and without a terminal window * [f165789] Imported Upstream version 2.10.3 * [b51b15c] Dropped unused libglib2.0-dev from build-deps which was replaced by Mono's own eglib * [00a5c48] Fixed manpage reference for cli-csc alternative * [b6fb713] New patch structure * [6cb63b3] Use debian-branch instead of current branch * [3956527] Added I18N west package as dependency to WinForms as the RichTextBox class requires CP1252 (closes: #629151) * [997bec0] Mono.WebBrowser library is now shipped in both 2.0 and 4.0 runtime flavors * [dfd65af] Added /usr/lib/mono/xbuild-frameworks to mono-xbuild package * [12478bf] Removed useless dh_makeclilibs call for not existing libmono-winforms4.0-cil * [3d2d42c] Allow the inclusion of the binary file debian/mono-runtime.png * [2a814af] Fixed missing separator in Depends field of libmono-microsoft-visualc10.0-cil and libmono-microsoft-web-infrastructure1.0-cil * [491534a] Fixed non-binNMUable error for mono-devel * [eb78f74] Fixed spelling mistake according to lintian: s/allows to/allows one to/ * [5fae96e] Fixed too long extended description line for mono-runtime-sgen * [5dbb6e1] Set single-debian-patch in debian/source/options * [98bf4a8] Added CLI 4.0 support to mono-api-check * [5965895] Bumped clilibs to 2.10.3 where appropriate * [e706e60] New lame API check tool: mono-api-source-check (only use at your own risk!) [ Zoltan Varga ] * [300bb53] Apply a workaround for a gcc 4.6 problem on arm. -- Mirco Bauer Wed, 10 Aug 2011 23:52:12 +0200 mono (2.10.1-4) experimental; urgency=low [ Zoltan Varga ] * [db3ee8c] Only use memory barriers on arm when running on armv6 or later. * [cf1d8e8] Add a membar to libgc's UNLOCK () on arm. Fixes Mono#683409. [ Jo Shields ] * [0e3d427] Ensure SIGXFSZ is used instead of SIGPWR on kFreeBSD. (Closes: #621907) * [8cd4f00] Define CPU registers on kFreeBSD/AMD64, to prevent build failures. [ Mirco Bauer ] * [9546eb7] Added armel specific symbols to libmono-2.0-1.symbols.armel -- Mirco Bauer Sun, 10 Apr 2011 17:16:47 +0200 mono (2.10.1-3) experimental; urgency=low [ Jo Shields ] * [0fd2fc1] Tweak architecture checks in configure.in so kfreebsd-gnu is considered an SGen-capable architecture. (closes: #621448) [ Mirco Bauer ] * [26a6ee8] Moved architecture dependent symbols into libmono-2.0-1.symbols.$arch -- Mirco Bauer Sat, 09 Apr 2011 15:15:04 +0200 mono (2.10.1-2) experimental; urgency=low * [aba0fce] Dropped obsolete archs: arm, armeb and lpia; no longer supported arch: s390; added potential new archs: armhf, ppc64 and s390x; only build and install sgen on supported archs * [66a0541] kfreebsd support for Mono 2.10.1 - mainly backport of gc 6.8 (closes: #621031) -- Mirco Bauer Thu, 07 Apr 2011 01:33:02 +0200 mono (2.10.1-1) experimental; urgency=low * The "size does matter" release [ Mirco Bauer ] * New upstream release + For release highlights see the NEWS.Debian file of the mono-runtime package [ Jo Shields ] * [5c6aba5] Imported Upstream version 2.8 * [f85b0b1] Imported Upstream version 2.8.1 [ Mirco Bauer ] * [01df276] Pass parallel variable in DEB_BUILD_OPTIONS to mono/Makefile * [e3871f8] Build libgc before mono [ Jo Shields ] * [98cb87c] Imported Upstream version 2.10~rc1 * [b401a2a] Add test which is missing from 2.10~rc1 tarballs, causing test suite to fail to build [ Mirco Bauer ] * [79f2862] Build eglib before libgc and made them parallel buildable * [58bf7d7] Renamed libmono0 package to libmono-2.0-1 following the new soname * [f1e4e50] Provide deb-symbols for libmono-2.0-1 * [7be8ed1] Renamed libmono-dev package to libmono-2.0-dev and dropped libglib2.0-dev dependency as Mono no longer makes use of the glib * [d97f372] Moved mono.pc to libmono-cil-dev * [3cd11ad] New mono-runtime-sgen package which contains the Mono VM with a new garbage collector * [7f3919a] Dropped libmono-firebirdsql1.7-cil package * [c31f6e2] Stick to upstream's configure defaults except for ikvm and quiet builds * [de8c9aa] Removed obsolete cleanups * [97c07fa] Removed obsolete doc dir symlinking removal code for Ubuntu * [e6e31ff] Cleaned up Uploaders * [3c24df0] Disable automatic AOT on "make install" as this needs to be done on package install time * [1ced0ac] Merged the install-arch and install-indep target into a single install target * [3a2409b] Disable libgc's parallel mark on powerpc as it FTBFS * [97c6760] Added a 2nd test-suite pass with sgen * [af7129a] Disable sgen on powerpc for now as it needs further porting * [3f99e0e] Don't run the test-suite with sgen on powerpc [ Jo Shields ] * [9a320e5] Imported Upstream version 2.10.1 [ Mirco Bauer ] * [e618805] Don't delete ltmain.sh in clean target as autoreconf is not recreating it * [38ccb49] Updated libmono-2.0-1.symbols for 2.10.1 * [0472e8b] Dropped license and copyright information of no longer distributed FirebirdSql.Data.Firebird and Microsoft.JScript assemblies * [cb9cfec] Moved license and copyright information of RabbitMQ.Client to distinct copyright files * [d191bb3] Moved changelog entries older than 2.6.7-1 to changelog.1 * [4b69b38] Dropped mono-1.0-devel and merged mono-2.0-devel into mono-devel * [f8e8352] Re-synced debhelper tools from cli-common 0.8~git.ca22e7 with .NET 4.0 support * [dac60fb] Ignore temporarily package build directories * [78db0f9] Replaced depcrecated dh_clean -k call with dh_prep * [4cd31f2] Forcely install jay * [3e69ed3] Drop unwanted/incorrectly shipped files from upstream * [a27bef2] Dropped obsolete and added missing manpages * [b407a26] Make use of dh_install's --list-missing feature * [37638d7] Dropped obsolete and added missing dllmaps * [1597015] Bumped clilibs to >= 2.10.1 where needed * [953569a] Dropped obsolete replaces << 1.2.4-1 lines from mono-dbg * [ee0cbf6] Dropped prj2make-sharp package * [61a9ed1] Updated debian/shlibs.local for Mono 2.10.1 * [0fa85d7] Updated mono-runtime.NEWS for Mono 2.10, 2.8 and 2.6 * [15fe448] Dropped all CLI 1.0 library and C# 1.0 compiler packages as Mono 2.10 no longer supports the 1.0 runtime, added new packages for all CLI 4.0 libraries and the C# 4.0 compiler and made C# 4.0 the new default C# compiler. All CLI 2.0 library packages are left for ABI and backwards compatibility. * [59b28b7] Sorted dependencies of libmono-cil-dev for easier tracking * [9288af2] Added missing libmono-microsoft-csharp4.0-cil to libmono-cil-dev dependencies * [30cd43e] Added libmono-microsoft-csharp4.0-cil as manual dependency to mono-dmcs as needed for dynamic types * [f262b9f] Added debian/find-icalls.sh helper script which finds internal calls from the source tree * [ce1e2f5] Force the debian version. $(top_srcdir)/.git is no longer a good indicator if this is an upstream git clone or a debian git clone * [ebf531b] Switch to dpkg-source 3.0 (quilt) format * [9b7ed73] Added missing Mono.WebBrowser.dll.config -- Mirco Bauer Tue, 05 Apr 2011 00:28:57 +0200 mono (2.6.7-5) unstable; urgency=low [ Zoltan Varga ] * [7453b31] Fix a merge problem which broke tailcalls and F# support. (closes: #607465) [ Rodrigo Kumpera ] * [e32c3aa] Check generic instantions for constraint violations. (CVE-2010-4254, closes: #608288) * [7905343] Fix corlib testsuite crash. * [6eb9cab] Handle invalid instantiation of generic methods. * [fbba0ca] Disable generic instance verification is security is off. [ Mirco Bauer ] * [ec09641] Disable the use of shared memory to make Mono reliable even when /dev/shm gets exhausted. (closes: #587948) -- Mirco Bauer Sun, 09 Jan 2011 19:38:15 +0100 mono (2.6.7-4) unstable; urgency=high [ Mirco Bauer ] * [63821a1] Added libmono-nunit2.2-cil to conflicts and replaces of libmono-cil-dev for smooth upgrade from lenny (closes: #602024) * [0089f11] Moved the System.Data.Linq library into libmono-system- data-linq2.0-cil to avoid an unneeded dependency chain for most applications. * [393dc41] Demote libmono-firebirdsql1.7-cil and mono-debugger from recommends to suggests if built on Ubuntu. [ Paolo Molaro ] * [52727f0] Search for dllimported shared libs in the base directory, not cwd. * loader.c: we don't search the current directory anymore for shared libraries referenced in DllImport attributes, as it has a slight security risk. We search in the same directory where the referencing image was loaded from, instead. (CVE-2010-4159, closes: #605097) [ Zoltan Varga ] * [f17ab04] Fix stack alignment when resuming from a signal handler in the soft debugger. -- Mirco Bauer Mon, 06 Dec 2010 23:34:16 +0100 mono (2.6.7-3) unstable; urgency=low * The "welcome to new java refugees" release [ Iain Lane ] * [a2781e1] Add an environment variable to control X509 validation mode, and set default to no check * [a16f93a] Add --no-ext-diff to git diff call of git-test-debian- patches [ Mirco Bauer ] * [cb9c6c2] Fixed manpage name sections. (closes: #595149) -- Mirco Bauer Thu, 09 Sep 2010 01:09:45 +0200 mono (2.6.7-2) experimental; urgency=low [ Mirco Bauer ] * [d1bf954] Added missing tasks and targets files for xbuild 3.5 * [814bfd7] Bumped clilibs of libmono-data-tds{1,2}.0-cil, libmono- security2.0-cil, libmono-microsoft-build2.0-cil and libmono- debugger-soft0.0-cil * [3c1d0ef] Added development symlink for System.Web.Mvc to libmono- system-web-mvc1.0-cil [ Iain Lane ] * [754b410] Revert upstream commit 59db1f55409d80fc93ed, which commented out the Requires line in mono.pc.in. [ Jo Shields ] * [ea1f755] Add full definitions for all AMD64 registers on kFreeBSD. This fixes a FTBFS on kFreeBSD-AMD64. -- Mirco Bauer Tue, 24 Aug 2010 02:26:43 +0200 mono (2.6.7-1) experimental; urgency=low [ Mirco Bauer ] * The "squeeze-ing the best out of Mono" release * [c91fe56] Added git-dch settings * [665316e] Imported Upstream version 2.6.7 + Includes ASP.NET MVC 2.0 * [1823ffa] Don't let git-import-orig do merges * [9b50f29] Implemented tool to test merge all debian patch branches against the upstream branch. * [d06b9ad] Only merge branches that really begin with debian/patches/* * [822f606] Added System.Web.Mvc2 to debian/copyright * [45d4f69] Added libmono-system-web-mvc2.0-cil package * [b9b720e] Fix mono/test test suite compilation. [ Andy Stührk ] * [f6745b9] XplatUIX11.WorkingArea can segfault if the WM does not support _NET_WORKAREA (Closes: #557229) (thanks to Brian Pellin and Andy Stührk for the investigation and patch) -- Mirco Bauer Sat, 07 Aug 2010 00:35:39 +0200