Execute initDbSession() on DB reconnects

It also Remove warning on startup due to a change in Kdelibs4ConfigMigrator by moving the code to the right place

Uploaded quassel_0.12.2-0ubuntu0.1 to vivid, awaiting approval from ubuntu-sru

Hello Jonathan, or anyone else affected,

Accepted into vivid-proposed. The package will build now and be available in a few hours in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Hi Jonathan (and Scott) - This update fixes a security issue so it should go through the -security sponsoring process rather than the SRU process. The Security Team will get it sponsored to the security pocket once these steps are followed:

  https://wiki.ubuntu.com/SecurityTeam/SponsorsQueue#Notes_for_Contributors

Thanks!

On Monday, April 27, 2015 10:14:47 PM you wrote:
> Hi Jonathan (and Scott) - This update fixes a security issue so it
> should go through the -security sponsoring process rather than the SRU
> process. The Security Team will get it sponsored to the security pocket
> once these steps are followed:

I know for security it's supposed to be built against security and not
proposed/updates, but this close to release it's essentially the same thing.
Can you just pocket copy this to security?

On 2015-04-28 00:16:15, Scott Kitterman wrote:
> On Monday, April 27, 2015 10:14:47 PM you wrote:
> > Hi Jonathan (and Scott) - This update fixes a security issue so it
> > should go through the -security sponsoring process rather than the SRU
> > process. The Security Team will get it sponsored to the security pocket
> > once these steps are followed:
>
> I know for security it's supposed to be built against security and not
> proposed/updates, but this close to release it's essentially the same thing.
> Can you just pocket copy this to security?

We can do that in this case but it definitely isn't something that we
should make a habit of.

Just to be clear, do you want us to copy it from -proposed to -security
now or wait until the SRU process completes and copy it from -updates to
-security at that time?

On Tuesday, April 28, 2015 05:06:57 PM you wrote:
> On 2015-04-28 00:16:15, Scott Kitterman wrote:
> > On Monday, April 27, 2015 10:14:47 PM you wrote:
> > > Hi Jonathan (and Scott) - This update fixes a security issue so it
> > > should go through the -security sponsoring process rather than the SRU
> > > process. The Security Team will get it sponsored to the security pocket
> >
> > > once these steps are followed:
> > I know for security it's supposed to be built against security and not
> > proposed/updates, but this close to release it's essentially the same
> > thing. Can you just pocket copy this to security?
>
> We can do that in this case but it definitely isn't something that we
> should make a habit of.
>
> Just to be clear, do you want us to copy it from -proposed to -security
> now or wait until the SRU process completes and copy it from -updates to
> -security at that time?

Your call on when. It's the upstream fix, so I'm confident it's correct, but we
can get someone to do verification first if you prefer.

On 2015-04-29 01:07:19, Scott Kitterman wrote:
> On Tuesday, April 28, 2015 05:06:57 PM you wrote:
> > On 2015-04-28 00:16:15, Scott Kitterman wrote:
> > > On Monday, April 27, 2015 10:14:47 PM you wrote:
> > > > Hi Jonathan (and Scott) - This update fixes a security issue so it
> > > > should go through the -security sponsoring process rather than the SRU
> > > > process. The Security Team will get it sponsored to the security pocket
> > >
> > > > once these steps are followed:
> > > I know for security it's supposed to be built against security and not
> > > proposed/updates, but this close to release it's essentially the same
> > > thing. Can you just pocket copy this to security?
> >
> > We can do that in this case but it definitely isn't something that we
> > should make a habit of.
> >
> > Just to be clear, do you want us to copy it from -proposed to -security
> > now or wait until the SRU process completes and copy it from -updates to
> > -security at that time?
>
> Your call on when. It's the upstream fix, so I'm confident it's correct, but we
> can get someone to do verification first if you prefer.

Verification is always a good thing. We can wait for that. Thanks!

Attached are debdiffs that fix this vulnerability and CVE-2015-2778/CVE-2015-2779 in trusty and utopic.

As upstream advised I installed the new version from vivid-proposed, set it up to use postgresql, connected and chatted. I restarted postgresql then chatted some more. I then restarted the client and checked the timestamps which were all correctly set.

I'll leave the security team to deal with Felix's updates for trusty and utopic

This bug was fixed in the package quassel - 0.12.2-0ubuntu0.1

---------------
quassel (0.12.2-0ubuntu0.1) vivid; urgency=medium

  * New upstream release
  - LP: #1448911 Execute initDbSession() on DB reconnects

 -- Jonathan Riddell <email address hidden> Mon, 27 Apr 2015 10:11:13 +0200

This bug was fixed in the package quassel - 0.10.0-0ubuntu2.2

---------------
quassel (0.10.0-0ubuntu2.2) trusty-security; urgency=medium

  * SECURITY UPDATE: stack consumption vulnerability in message splitting code
    - debian/patches/CVE-2015-2778.patch: original patch from Michael Marley,
      backported by Steinar H. Gunderson
    - CVE-2015-2778 and CVE-2015-2779
  * SECURITY UPDATE: SQL injection vulnerability in PostgreSQL backend
    - debian/patches/CVE-2015-3427.patch: upstream patch
    - CVE-2015-3427
    - original issue was CVE-2013-4422 which had an incomplete fix
    - LP: #1448911

 -- Felix Geyer <email address hidden> Fri, 01 May 2015 18:30:44 +0200

This bug was fixed in the package quassel - 0.10.1-0ubuntu1.2

---------------
quassel (0.10.1-0ubuntu1.2) utopic-security; urgency=medium

  * SECURITY UPDATE: stack consumption vulnerability in message splitting code
    - debian/patches/CVE-2015-2778.patch: original patch from Michael Marley,
      backported by Steinar H. Gunderson
    - CVE-2015-2778 and CVE-2015-2779
  * SECURITY UPDATE: SQL injection vulnerability in PostgreSQL backend
    - debian/patches/CVE-2015-3427.patch: upstream patch
    - CVE-2015-3427
    - original issue was CVE-2013-4422 which had an incomplete fix
    - LP: #1448911

 -- Felix Geyer <email address hidden> Fri, 01 May 2015 18:46:52 +0200

quassel 0.12.2-0ubuntu0.1 was copied into wily, closing that task.