[ubuntu/trusty-proposed] shim-signed 1.33.1~14.04.4 (Accepted)
shim-signed (1.33.1~14.04.4) trusty; urgency=medium * update-secureboot-policy: (LP: #1748983) - Backport update-secureboot-policy changes to generate a MOK and guide users through re-enabling validation and automatically signing DKMS modules. * debian/shim-signed.postinst: - When triggered, explicitly try to enroll the available MOK. * debian/shim-signed.install, openssl.cnf: Install some default configuration for creating our self-signed key. * debian/shim-signed.dirs: make sure we have a directory where to put a MOK. * debian/templates: update templates for update-secureboot-policy changes. * debian/control: Breaks dkms (<< 2.2.0.3-1.1ubuntu5.14.04.10~) since we're changing the behavior of update-secureboot-policy. Date: Mon, 28 Jan 2019 11:02:00 -0500 Changed-By: Mathieu Trudel-Lapierre Maintainer: Steve Langasek https://launchpad.net/ubuntu/+source/shim-signed/1.33.1~14.04.4 Format: 1.8 Date: Mon, 28 Jan 2019 11:02:00 -0500 Source: shim-signed Binary: shim-signed Architecture: source Version: 1.33.1~14.04.4 Distribution: trusty Urgency: medium Maintainer: Steve Langasek Changed-By: Mathieu Trudel-Lapierre Description: shim-signed - Secure Boot chain-loading bootloader (Microsoft-signed binary) Launchpad-Bugs-Fixed: 1748983 Changes: shim-signed (1.33.1~14.04.4) trusty; urgency=medium . * update-secureboot-policy: (LP: #1748983) - Backport update-secureboot-policy changes to generate a MOK and guide users through re-enabling validation and automatically signing DKMS modules. * debian/shim-signed.postinst: - When triggered, explicitly try to enroll the available MOK. * debian/shim-signed.install, openssl.cnf: Install some default configuration for creating our self-signed key. * debian/shim-signed.dirs: make sure we have a directory where to put a MOK. * debian/templates: update templates for update-secureboot-policy changes. * debian/control: Breaks dkms (<< 2.2.0.3-1.1ubuntu5.14.04.10~) since we're changing the behavior of update-secureboot-policy. Checksums-Sha1: 035f3c0d58a9d98e850a00cadd1d56a2f0ef0f27 1692 shim-signed_1.33.1~14.04.4.dsc 02e4d9555899507ad688632959a0f2dcfb913c7e 320952 shim-signed_1.33.1~14.04.4.tar.xz 023653702a35d03d4c18c85e17954aafa1238bec 5945 shim-signed_1.33.1~14.04.4_source.buildinfo Checksums-Sha256: 772a595d463001ffd111834f62e7b786a2139f59257f2d25cf03ff00aeacbb3b 1692 shim-signed_1.33.1~14.04.4.dsc 82bbb6549dbbcb84b32130287f6eb30a3c926ac8ab75839c6b503cd130addc46 320952 shim-signed_1.33.1~14.04.4.tar.xz 200977c5d00c954b439e2a6b3b2870271d2dab3ab18a7e89c473e81c1ab7f4fd 5945 shim-signed_1.33.1~14.04.4_source.buildinfo Files: 5e6a1c4152046903ee60fef1478596ee 1692 utils optional shim-signed_1.33.1~14.04.4.dsc 8330baeb2e708a22df2f1b2fb0c21d7b 320952 utils optional shim-signed_1.33.1~14.04.4.tar.xz 7e13707c553762ab3d00edbff58f15e1 5945 utils optional shim-signed_1.33.1~14.04.4_source.buildinfo -- Trusty-changes mailing list Trusty-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/trusty-changes
[ubuntu/trusty-proposed] dkms 2.2.0.3-1.1ubuntu5.14.04.10 (Accepted)
dkms (2.2.0.3-1.1ubuntu5.14.04.10) trusty; urgency=medium * debian/patches/shim_secureboot_support.patch: - Move to signing just after module build to ensure it correctly applies at kernel update times. (LP: #1772950) - Generate a new MOK if there isn't one yet, and use that so sign newly-built kernel modules. (LP: #1748983) * debian/control: Breaks: shim-signed (<< 1.33.1~14.04.4) to ensure both are updated in lock-step since the changes above require a new version of update-secureboot-policy to correctly generate the new MOK and enroll it in firmware. Date: Mon, 28 Jan 2019 11:05:49 -0500 Changed-By: Mathieu Trudel-Lapierre Maintainer: Ubuntu Developers https://launchpad.net/ubuntu/+source/dkms/2.2.0.3-1.1ubuntu5.14.04.10 Format: 1.8 Date: Mon, 28 Jan 2019 11:05:49 -0500 Source: dkms Binary: dkms Architecture: source Version: 2.2.0.3-1.1ubuntu5.14.04.10 Distribution: trusty Urgency: medium Maintainer: Ubuntu Developers Changed-By: Mathieu Trudel-Lapierre Description: dkms - Dynamic Kernel Module Support Framework Launchpad-Bugs-Fixed: 1748983 1772950 Changes: dkms (2.2.0.3-1.1ubuntu5.14.04.10) trusty; urgency=medium . * debian/patches/shim_secureboot_support.patch: - Move to signing just after module build to ensure it correctly applies at kernel update times. (LP: #1772950) - Generate a new MOK if there isn't one yet, and use that so sign newly-built kernel modules. (LP: #1748983) * debian/control: Breaks: shim-signed (<< 1.33.1~14.04.4) to ensure both are updated in lock-step since the changes above require a new version of update-secureboot-policy to correctly generate the new MOK and enroll it in firmware. Checksums-Sha1: 3ac27880ec6cb4e18bc1d87881c7433448797a15 2151 dkms_2.2.0.3-1.1ubuntu5.14.04.10.dsc fcb1df645d981a05d57629788a5856e31cd41aed 22596 dkms_2.2.0.3-1.1ubuntu5.14.04.10.debian.tar.xz a2ca48547dbc38fcebb6b0da90ca5d78b0b4a534 5897 dkms_2.2.0.3-1.1ubuntu5.14.04.10_source.buildinfo Checksums-Sha256: 7dd12dcfebf1bd4c34054374f77e93ea022126d0fcd8988461b8bcaa6c69d98d 2151 dkms_2.2.0.3-1.1ubuntu5.14.04.10.dsc 9d6d7168ce6a0d91c1f2a7397643ff8f7c96c2938e90c750bdf4309a2efbe4e5 22596 dkms_2.2.0.3-1.1ubuntu5.14.04.10.debian.tar.xz 51413ad873747ac9db12f814d3c28808691819c630472891b6b8b628c1a561d8 5897 dkms_2.2.0.3-1.1ubuntu5.14.04.10_source.buildinfo Files: 287b56252a29e37886fbeb32499878b5 2151 kernel optional dkms_2.2.0.3-1.1ubuntu5.14.04.10.dsc 6fca5b7b00ac6208b8881824902ee5ff 22596 kernel optional dkms_2.2.0.3-1.1ubuntu5.14.04.10.debian.tar.xz 506863be197b66956e68b1e15e5429fc 5897 kernel optional dkms_2.2.0.3-1.1ubuntu5.14.04.10_source.buildinfo Original-Maintainer: Dynamic Kernel Modules Support Team -- Trusty-changes mailing list Trusty-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/trusty-changes
[ubuntu/trusty-updates] sendmail 8.14.4-4.1ubuntu1.1 (Accepted)
sendmail (8.14.4-4.1ubuntu1.1) trusty-security; urgency=medium * SECURITY UPDATE: Local users to access unintended high-numbered file descriptors via a custom mail-delivery program. - debian/patches/8.14/8.14.4/close_on_exec.patch: Properly set the close-on-exec flag for file descriptors before executing mailers. - CVE-2014-3956 Date: 2019-02-05 18:40:12.963880+00:00 Changed-By: Eduardo dos Santos Barretto Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/sendmail/8.14.4-4.1ubuntu1.1 Sorry, changesfile not available.-- Trusty-changes mailing list Trusty-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/trusty-changes
[ubuntu/trusty-security] sendmail 8.14.4-4.1ubuntu1.1 (Accepted)
sendmail (8.14.4-4.1ubuntu1.1) trusty-security; urgency=medium * SECURITY UPDATE: Local users to access unintended high-numbered file descriptors via a custom mail-delivery program. - debian/patches/8.14/8.14.4/close_on_exec.patch: Properly set the close-on-exec flag for file descriptors before executing mailers. - CVE-2014-3956 Date: 2019-02-05 18:40:12.963880+00:00 Changed-By: Eduardo dos Santos Barretto https://launchpad.net/ubuntu/+source/sendmail/8.14.4-4.1ubuntu1.1 Sorry, changesfile not available.-- Trusty-changes mailing list Trusty-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/trusty-changes
[ubuntu/trusty-updates] iscsitarget 1.4.20.3+svn499-0ubuntu2.6 (Accepted)
iscsitarget (1.4.20.3+svn499-0ubuntu2.6) trusty; urgency=medium * Fix ADT requirements to run daemon test only when isolation level machine is available. iscsitarget (1.4.20.3+svn499-0ubuntu2.5) trusty; urgency=medium * Fix daemon dep8 test so it really tests for the running daemon (LP: #1734855). iscsitarget (1.4.20.3+svn499-0ubuntu2.4) trusty; urgency=medium * Remove compat code for 4.4.0-84 and detect sock_recvmsg signature during build. (LP: #1732746) Date: 2019-01-28 10:24:09.752312+00:00 Changed-By: Stefan Bader Signed-By: Brian Murray https://launchpad.net/ubuntu/+source/iscsitarget/1.4.20.3+svn499-0ubuntu2.6 Sorry, changesfile not available.-- Trusty-changes mailing list Trusty-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/trusty-changes
[ubuntu/trusty-updates] dovecot 1:2.2.9-1ubuntu2.5 (Accepted)
dovecot (1:2.2.9-1ubuntu2.5) trusty-security; urgency=medium * SECURITY UPDATE: incorrect client certificate validation - debian/patches/CVE-2019-3814-1.patch: do not import empty certificate username in src/auth/auth-request.c. - debian/patches/CVE-2019-3814-2.patch: fail authentication if certificate username was unexpectedly missing in src/auth/auth-request-handler.c. - debian/patches/CVE-2019-3814-3.patch: ensure we get username from certificate in src/login-common/sasl-server.c. - CVE-2019-3814 Date: 2019-01-28 14:42:13.869419+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/dovecot/1:2.2.9-1ubuntu2.5 Sorry, changesfile not available.-- Trusty-changes mailing list Trusty-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/trusty-changes
[ubuntu/trusty-security] dovecot 1:2.2.9-1ubuntu2.5 (Accepted)
dovecot (1:2.2.9-1ubuntu2.5) trusty-security; urgency=medium * SECURITY UPDATE: incorrect client certificate validation - debian/patches/CVE-2019-3814-1.patch: do not import empty certificate username in src/auth/auth-request.c. - debian/patches/CVE-2019-3814-2.patch: fail authentication if certificate username was unexpectedly missing in src/auth/auth-request-handler.c. - debian/patches/CVE-2019-3814-3.patch: ensure we get username from certificate in src/login-common/sasl-server.c. - CVE-2019-3814 Date: 2019-01-28 14:42:13.869419+00:00 Changed-By: Marc Deslauriers https://launchpad.net/ubuntu/+source/dovecot/1:2.2.9-1ubuntu2.5 Sorry, changesfile not available.-- Trusty-changes mailing list Trusty-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/trusty-changes