Sync libimobiledevice 1.1.5-2 (main) from Debian unstable (main)

Bug #1249847 reported by Artur Rona on 2013-11-10
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libimobiledevice (Ubuntu)
Undecided
Unassigned

Bug Description

Please sync libimobiledevice 1.1.5-2 (main) from Debian unstable (main)

Explanation of the Ubuntu delta and why it can be dropped:
  * SECURITY UPDATE: insecure /tmp usage (LP: #1164263)
    - debian/patches/CVE-2013-2142.patch: fall back to getpwuid_r instead
      of using /tmp in src/userpref.c. Added string_concat() function in
      src/Makefile.am, src/utils.c, src/utils.h.
    - added new symbol to debian/libimobiledevice4.symbols.
    - CVE-2013-2142
  * SECURITY UPDATE: insecure /tmp usage (LP: #1164263)
    - debian/patches/CVE-2013-2142.patch: fall back to getpwuid_r instead
      of using /tmp in src/userpref.c. Added string_concat() function in
      src/Makefile.am, src/utils.c, src/utils.h.
    - added new symbol to debian/libimobiledevice4.symbols.
    - CVE-2013-2142
  * New upstream release. (LP: #1207038)
    - soname was bumped
  * debian/control:
    - Bump minimum cython dependency
    - Don't have the -doc package depend on the library
  * Dropped patches applied in new version:
    - 06_cython_detection.patch
    - 07_cython_0.16_check.patch
    - 08_cython_0.16_fix.patch
    - git_handle_unset_environment.patch
    - git_utf8_devices_names.patch
  * debian/patches/link_against_pthread.patch:
    - Fix underlinking against pthread
  * debian/patches/git_explicitly_cast_ssl_enabled.patch:
    - Backport patch to fix build failure due to implicit conversion
  * Added missing gcrypt lib to link, fixing FTBFS.
  * Updated d/libimobiledevice3.symbols.
  * Added missing gcrypt lib to link, fixing FTBFS.
  * Updated d/libimobiledevice3.symbols.
  * 08_cython_0.16_fix.patch: Follow-up cython fix from Michael Bienia:
    - Mark BaseError as not inline in the .pxd file too, to match the
      definition from the .pyx file and fix the FTBFS with cython 0.17.
  * 09_use_python_config.patch: Use python-config to find the python
    include paths, and fix the build failure with multi-arched python.
  * debian/patches/git_handle_unset_environment.patch:
    - don't segfault when the environment variable are unset (lp: #1034067)
  * debian/patches/git_handle_unset_environment.patch:
    - don't segfault when the environment variable are unset (lp: #1034067)
  * debian/rules: use --disable-openssl, we use gnutls
  * Upload Debian version (which is waiting for sponsoring) to quantal
  [ Julien Lavergne ]
  * New upstream release.
  * debian/patches:
   - 00git_ios5_support.patch: Merged upstream.
   - 06_git_ios5_handle_error.patch: Merged upstream.
   - 01-libs.private.patch: Refreshed.
   - 02-add-missing-linking.patch & 03_ac_pkg_swig_m4_fixed.patch:
     Removed, not necessary since swig is not used now.
   - 04_libplist_DSO_linking.patch: Merged upstream.
   - 05_remove_gcry_need.patch: Refreshed.
   - 06_cython_detection.patch: From upstream, correctly check cython version.
   - 07_cython_0.16_check.patch: From upstream, fix building with cython 0.16.
  * debian/control, debian/rules, debian/libimobiledevice3.*
   - Bump soname.
  * debian/control:
   - Build depends on libusbmuxd-dev (>= 1.0.8).
   - Replace build depends on swig by cython.
   - Build-depends on libplist-dev (>= 1.8-2~) for cython support.
  * debian/libimobiledevice3.install:
   - Drop hal file, it's deprecated.
  * debian/libimobiledevice3.symbols:
   - Update.
  * debian/python-plist.install:
   - Update files installed by cython.
  * debian/rules:
   - Update location of .a and .la files.
  * debian/patch/07_git_libusbmuxd_api.patch:
    - Fix FTBFS by adapting to libusbmuxd API changes.

Debian has merged Ubuntu changes (see debian/changelog).

Changelog entries since current trusty version 1.1.5-0ubuntu2:

libimobiledevice (1.1.5-2) unstable; urgency=low

  * [0052e46] Drop hal fdi file.
    That stuff doesn't work anymore. (Closes: #728151)

 -- Chow Loong Jin <email address hidden> Wed, 30 Oct 2013 01:42:21 +0800

libimobiledevice (1.1.5-1) experimental; urgency=low

  * Team upload.
  * Ack NMU from Andreas Metzler
  * [1282e33] Imported Upstream version 1.1.5 (Closes: #709369):
    - Adapt to libusbmuxd API changes (Closes: #682275)
  * [27231df] Refresh or drop patches
    - 00git_ios5_support.patch: Drop, applied upstream
    - 01-libs.private.patch: Refresh
    - 02-add-missing-linking.patch: Drop, applied upstream
    - 03_ac_pkg_swig_m4_fixed.patch: Drop, no longer relevant
    - 04_libplist_DSO_linking.patch: Drop, applied upstream
    - 05_remove_gcry_need.patch: Drop, no longer relevant
  * [0f497a0] Drop --host and --build arguments from configure.
    This is already applied by dh_auto_configure automatically.
  * [a370ab0] Reindent build-depends and drop trailing whitespace
  * [a3fffe5] Bump dh compat to 9 for buildflags
  * [40725ee] Enable multi-arch
  * [65d74c4] Move dh --with parameter after $@
  * [596a2b7] Update command for removing *.la for multiarch path
  * [979998b] Update .manpages file for new utilities
  * [3c37d78] Don't ship embedded jquery.js

 -- Chow Loong Jin <email address hidden> Mon, 28 Oct 2013 23:01:08 +0800

libimobiledevice (1.1.5-0.2) experimental; urgency=low

  * Non-maintainer upload.
  * libimobiledevice4-dbg replaces/conflicts libimobiledevice2-dbg.
    Closes: #726752

 -- Andreas Metzler <email address hidden> Sat, 19 Oct 2013 14:42:15 +0200

libimobiledevice (1.1.5-0.1) experimental; urgency=low

  * Non-maintainer upload.
  * Sync from Ubuntu.
    + New upstream version. Closes: #709369
    + Includes fix for CVE-2013-2142: insecure /tmp usage. Closes: #710885
    + Compatible with newer libusbmuxd. Closes: #682275
    + New upstream version does not use gnutls_*_set_priority functions
      anymore. Closes: #624066
    + Package builds. Closes: #713689
    + Does not depend on libusbmuxd1. Closes: #725637
  * configure with --disable-silent-rules
  * Delete ubuntu-revision on symbol string_concat@Base in
    debian/libimobiledevice4.symbols.
  * Update authors and download location in debian/copyright.

 -- Andreas Metzler <email address hidden> Sat, 12 Oct 2013 18:49:30 +0200

CVE References

Daniel Holbach (dholbach) wrote :
Download full text (3.6 KiB)

This bug was fixed in the package libimobiledevice - 1.1.5-2
Sponsored for Artur Rona (ari-tczew)

---------------
libimobiledevice (1.1.5-2) unstable; urgency=low

  * [0052e46] Drop hal fdi file.
    That stuff doesn't work anymore. (Closes: #728151)

 -- Chow Loong Jin <email address hidden> Wed, 30 Oct 2013 01:42:21 +0800

libimobiledevice (1.1.5-1) experimental; urgency=low

  * Team upload.
  * Ack NMU from Andreas Metzler
  * [1282e33] Imported Upstream version 1.1.5 (Closes: #709369):
    - Adapt to libusbmuxd API changes (Closes: #682275)
  * [27231df] Refresh or drop patches
    - 00git_ios5_support.patch: Drop, applied upstream
    - 01-libs.private.patch: Refresh
    - 02-add-missing-linking.patch: Drop, applied upstream
    - 03_ac_pkg_swig_m4_fixed.patch: Drop, no longer relevant
    - 04_libplist_DSO_linking.patch: Drop, applied upstream
    - 05_remove_gcry_need.patch: Drop, no longer relevant
  * [0f497a0] Drop --host and --build arguments from configure.
    This is already applied by dh_auto_configure automatically.
  * [a370ab0] Reindent build-depends and drop trailing whitespace
  * [a3fffe5] Bump dh compat to 9 for buildflags
  * [40725ee] Enable multi-arch
  * [65d74c4] Move dh --with parameter after $@
  * [596a2b7] Update command for removing *.la for multiarch path
  * [979998b] Update .manpages file for new utilities
  * [3c37d78] Don't ship embedded jquery.js

 -- Chow Loong Jin <email address hidden> Mon, 28 Oct 2013 23:01:08 +0800

libimobiledevice (1.1.5-0.2) experimental; urgency=low

  * Non-maintainer upload.
  * libimobiledevice4-dbg replaces/conflicts libimobiledevice2-dbg.
    Closes: #726752

 -- Andreas Metzler <email address hidden> Sat, 19 Oct 2013 14:42:15 +0200

libimobiledevice (1.1.5-0.1) experimental; urgency=low

  * Non-maintainer upload.
  * Sync from Ubuntu.
    + New upstream version. Closes: #709369
    + Includes fix for CVE-2013-2142: insecure /tmp usage. Closes: #710885
    + Compatible with newer libusbmuxd. Closes: #682275
    + New upstream version does not use gnutls_*_set_priority functions
      anymore. Closes: #624066
    + Package builds. Closes: #713689
    + Does not depend on libusbmuxd1. Closes: #725637
  * configure with --disable-silent-rules
  * Delete ubuntu-revision on symbol string_concat@Base in
    debian/libimobiledevice4.symbols.
  * Update authors and download location in debian/copyright.

 -- Andreas Metzler <email address hidden> Sat, 12 Oct 2013 18:49:30 +0200

libimobiledevice (1.1.5-0ubuntu2) saucy; urgency=low

  * SECURITY UPDATE: insecure /tmp usage (LP: #1164263)
    - debian/patches/CVE-2013-2142.patch: fall back to getpwuid_r instead
      of using /tmp in src/userpref.c. Added string_concat() function in
      src/Makefile.am, src/utils.c, src/utils.h.
    - added new symbol to debian/libimobiledevice4.symbols.
    - CVE-2013-2142

 -- Marc Deslauriers <email address hidden> Wed, 14 Aug 2013 12:43:31 -0400

libimobiledevice (1.1.5-0ubuntu1) saucy; urgency=low

  * New upstream release. (LP: #1207038)
    - soname was bumped
  * debian/control:
    - Bump minimum cython dependency
    - Don't have the -doc package depend on the library
  * Drop...

Read more...

Changed in libimobiledevice (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers