X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=debian%2Fchangelog;h=07b01beee5a566c3de84b120fb414bcc4eb94f03;hb=1bd0d6a0287f71f1b0f52b710167bdbd30d1a2b5;hp=265ac20426130209c6e777c8d3caecb4b114998f;hpb=ec5f7407fa14d819a405b39455166c6bd96f41b5;p=pkg-collectd.git diff --git a/debian/changelog b/debian/changelog index 265ac20..07b01be 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,93 @@ -collectd (5.5.0-4) UNRELEASED; urgency=medium +collectd (5.5.2-1) unstable; urgency=high + + * New upstream release. + - Fix heap overflow in the network plugin. Emilien Gaspar has identified a + heap overflow in parse_packet(), the function used by the network plugin + to parse incoming network packets. Thanks to Florian Forster for + reporting the bug in Debian. (Closes: #832507, CVE-2016-6254) + - Fix improper usage of gcry_control. A team of security researchers at + Columbia University and the University of Virginia discovered that + GCrypt's gcry_control is sometimes called without checking its return + value for an error. This may cause the program to be initialized without + the desired, secure settings. (Closes: #832577) + * debian/patches: + - bts832577-gcry-control.patch: Update for 5.5.2. Mostly part of the new + upstream release, except for: Don't abort() if gcrypt initialization + failed. + - Drop bts823012_librrd8.patch; merged upstream. + * Rebuild with linux-libc-dev >= 4.6 (now in testing and unstable) to + accommodate a change to rtnl_link_stats64. Thanks to Gábor Gombás for + reporting this (Closes: #829634). + + -- Sebastian Harl Fri, 29 Jul 2016 00:02:11 +0200 + +collectd (5.5.1-5) unstable; urgency=low + + * debian/control, debian/rules: + - Disable the sigrok plugin on non-Linux; restrict build dependency to + linux-any; thanks to Andreas Beckmann for reporting this + (Closes: #825606). + * debian/rules: + - Fix failure to build twice in a row introduced by dh_autoreconf_clean; + drop the separate config.status target and, hence, a dependency on the + configure script. + * debian/patches/: + - Added gcc6.patch: Fix FTBFS with GCC 6; thanks to Lucas Nussbaum for + reporting this (Closes: #831194). + + -- Sebastian Harl Sun, 17 Jul 2016 23:30:33 +0200 + +collectd (5.5.1-4) unstable; urgency=medium + + * debian/control: + - Add dh-autoreconf to Build-Depends. + - Update standards-version to 3.9.8 (no changes). + + -- Marc Fournier Tue, 31 May 2016 18:16:43 +0200 + +collectd (5.5.1-3) unstable; urgency=medium + + * Re-enable gmond plugin. Thanks to Michael Tautschnig and Jean-Michel + Vourgère for fixing #812462. + * debian/patches: + - Add bts823012_librrd8.patch. Properly detect thread safety with librrd8. + Thanks to Jean-Michel Vourgère for the patch (Closes: #823012). + * debian/collectd.conf: + - Add missing example blocks in main configuration file (Closes: #806196). + + -- Marc Fournier Wed, 25 May 2016 23:14:14 +0200 + +collectd (5.5.1-2) unstable; urgency=medium + + * Disable the gmond plugin for now. Ganglia is not available in testing + (cf. #812462). Thanks to Santiago Vila for reporting this + (Closes: #819241). + * Update standards-version to 3.9.7 (no changes). + + -- Sebastian Harl Sat, 02 Apr 2016 11:02:49 +0200 + +collectd (5.5.1-1~bpo7+1) wheezy-backports-sloppy; urgency=medium + + * Rebuild for wheezy-backports-sloppy. + + -- Marc Fournier Fri, 29 Jan 2016 14:18:24 +0100 + +collectd (5.5.1-1) unstable; urgency=medium + + * New upstream release: + - The "LC_NUMERIC" locale is now forced to "C", preventing problems on + environments where the locale uses a comma as decimal separator. Thanks + to Hubert Jarosz for reporting this (Closes: #799289). + - Fixed FTBFS with GCC 6.0; thanks to Martin Michlmayr for reporting this + (Closes: #811580). + * debian/patches: + - Removed bts802249_varnish_41.patch; implemented upstream. + * debian/collectd.conf: + - Sync with upstream changes since 5.5.0. + + -- Marc Fournier Fri, 22 Jan 2016 16:53:49 +0100 + +collectd (5.5.0-4) unstable; urgency=medium * debian/collectd-core.overrides: - Update 'binary-or-shlib-defines-rpath' lintian override. @@ -8,7 +97,21 @@ collectd (5.5.0-4) UNRELEASED; urgency=medium * debian/patches: - Add bts802249_varnish_41.patch (Closes: #802249) - -- Marc Fournier Tue, 06 Oct 2015 21:27:57 +0200 + -- Marc Fournier Mon, 16 Nov 2015 21:03:31 +0100 + +collectd (5.5.0-3~bpo7+1) wheezy-backports-sloppy; urgency=medium + + * Rebuild for wheezy-backports-sloppy. + * debian/rules, debian/control: + - remove references to systemd and strip-nondeterminism, which were + introduced in jessie. + - disable building sigrok, turbostat and write_kafka plugins, as the + required build-dependencies aren't available in wheezy. + - build uuid plugin against libhal, as this lib is still available on + wheezy. + - adjust libprotobuf build-dependency name. + + -- Marc Fournier Thu, 08 Oct 2015 08:26:10 +0200 collectd (5.5.0-3) unstable; urgency=medium @@ -114,6 +217,22 @@ collectd (5.5.0-1) unstable; urgency=medium -- Marc Fournier Fri, 21 Aug 2015 13:29:17 +0200 +collectd (5.4.1-6+deb8u1) jessie-security; urgency=high + + * debian/patches/CVE-2016-6254.dpatch: Fix heap overflow in the network + plugin. Emilien Gaspar has identified a heap overflow in parse_packet(), + the function used by the network plugin to parse incoming network packets. + Thanks to Florian Forster for reporting the bug in Debian. + (Closes: #832507, CVE-2016-6254) + * debian/patches/bts832577-gcry-control.dpatch: Fix improper usage of + gcry_control. A team of security researchers at Columbia University and + the University of Virginia discovered that GCrypt's gcry_control is + sometimes called without checking its return value for an error. This may + cause the program to be initialized without the desired, secure settings. + (Closes: #832577) + + -- Sebastian Harl Thu, 28 Jul 2016 22:25:08 +0200 + collectd (5.4.1-6) unstable; urgency=medium * debian/patches: @@ -400,6 +519,22 @@ collectd (5.1.0-3.1) unstable; urgency=low -- gregor herrmann Sun, 26 May 2013 00:52:37 +0200 +collectd (5.1.0-3+deb7u1) wheezy-security; urgency=high + + * debian/patches/CVE-2016-6254.dpatch: Fix heap overflow in the network + plugin. Emilien Gaspar has identified a heap overflow in parse_packet(), + the function used by the network plugin to parse incoming network packets. + Thanks to Florian Forster for reporting the bug in Debian. + (Closes: #832507, CVE-2016-6254) + * debian/patches/bts832577-gcry-control.dpatch: Fix improper usage of + gcry_control. A team of security researchers at Columbia University and + the University of Virginia discovered that GCrypt's gcry_control is + sometimes called without checking its return value for an error. This may + cause the program to be initialized without the desired, secure settings. + (Closes: #832577) + + -- Sebastian Harl Thu, 28 Jul 2016 20:52:12 +0200 + collectd (5.1.0-3) unstable; urgency=low * debian/patches/migrate-4-5-df.dpatch, debian/collectd-core.postinst: @@ -1546,7 +1681,7 @@ collectd (3.9.4+debian-1) unstable; urgency=low * Initial release (Closes: #373008). * Removed upstream's debian/ directory from .orig.tar.gz. * getifaddrs.dpatch: Patching src/traffic.c to read data from /proc instead - of using getifaddrs(). getifaddrs() does not seem to work correctly on + of using getifaddrs(). getifaddrs() does not seem to work correctly on AMD64. -- Sebastian Harl Fri, 7 Jul 2006 15:49:42 +0200