![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/debian/changelog b/debian/changelog
index cd71d986bb20d1df175921cc6c3c147b83df36f9..eb87c9006f081deb0ebe395a2322a443dfeb5655 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
+collectd (5.5.2-1) unstable; urgency=high
+
+ * New upstream release.
+ - Fix heap overflow in the network plugin. Emilien Gaspar has identified a
+ heap overflow in parse_packet(), the function used by the network plugin
+ to parse incoming network packets. Thanks to Florian Forster for
+ reporting the bug in Debian. (Closes: #832507, CVE-2016-6254)
+ - Fix improper usage of gcry_control. A team of security researchers at
+ Columbia University and the University of Virginia discovered that
+ GCrypt's gcry_control is sometimes called without checking its return
+ value for an error. This may cause the program to be initialized without
+ the desired, secure settings. (Closes: #832577)
+ * debian/patches:
+ - bts832577-gcry-control.patch: Update for 5.5.2. Mostly part of the new
+ upstream release, except for: Don't abort() if gcrypt initialization
+ failed.
+ - Drop bts823012_librrd8.patch; merged upstream.
+ * Rebuild with linux-libc-dev >= 4.6 (now in testing and unstable) to
+ accommodate a change to rtnl_link_stats64. Thanks to Gábor Gombás for
+ reporting this (Closes: #829634).
+
+ -- Sebastian Harl <tokkee@debian.org> Fri, 29 Jul 2016 00:02:11 +0200
+
+collectd (5.5.1-5) unstable; urgency=low
+
+ * debian/control, debian/rules:
+ - Disable the sigrok plugin on non-Linux; restrict build dependency to
+ linux-any; thanks to Andreas Beckmann for reporting this
+ (Closes: #825606).
+ * debian/rules:
+ - Fix failure to build twice in a row introduced by dh_autoreconf_clean;
+ drop the separate config.status target and, hence, a dependency on the
+ configure script.
+ * debian/patches/:
+ - Added gcc6.patch: Fix FTBFS with GCC 6; thanks to Lucas Nussbaum for
+ reporting this (Closes: #831194).
+
+ -- Sebastian Harl <tokkee@debian.org> Sun, 17 Jul 2016 23:30:33 +0200
+
+collectd (5.5.1-4) unstable; urgency=medium
+
+ * debian/control:
+ - Add dh-autoreconf to Build-Depends.
+ - Update standards-version to 3.9.8 (no changes).
+
+ -- Marc Fournier <marc@bl.uem.li> Tue, 31 May 2016 18:16:43 +0200
+
+collectd (5.5.1-3) unstable; urgency=medium
+
+ * Re-enable gmond plugin. Thanks to Michael Tautschnig and Jean-Michel
+ Vourgère for fixing #812462.
+ * debian/patches:
+ - Add bts823012_librrd8.patch. Properly detect thread safety with librrd8.
+ Thanks to Jean-Michel Vourgère for the patch (Closes: #823012).
+ * debian/collectd.conf:
+ - Add missing example blocks in main configuration file (Closes: #806196).
+
+ -- Marc Fournier <marc@bl.uem.li> Wed, 25 May 2016 23:14:14 +0200
+
+collectd (5.5.1-2) unstable; urgency=medium
+
+ * Disable the gmond plugin for now. Ganglia is not available in testing
+ (cf. #812462). Thanks to Santiago Vila for reporting this
+ (Closes: #819241).
+ * Update standards-version to 3.9.7 (no changes).
+
+ -- Sebastian Harl <tokkee@debian.org> Sat, 02 Apr 2016 11:02:49 +0200
+
collectd (5.5.1-1~bpo8+1) jessie-backports; urgency=medium
* Rebuild for jessie-backports.
-- Marc Fournier <marc.fournier@camptocamp.com> Fri, 21 Aug 2015 13:29:17 +0200
+collectd (5.4.1-6+deb8u1) jessie-security; urgency=high
+
+ * debian/patches/CVE-2016-6254.dpatch: Fix heap overflow in the network
+ plugin. Emilien Gaspar has identified a heap overflow in parse_packet(),
+ the function used by the network plugin to parse incoming network packets.
+ Thanks to Florian Forster for reporting the bug in Debian.
+ (Closes: #832507, CVE-2016-6254)
+ * debian/patches/bts832577-gcry-control.dpatch: Fix improper usage of
+ gcry_control. A team of security researchers at Columbia University and
+ the University of Virginia discovered that GCrypt's gcry_control is
+ sometimes called without checking its return value for an error. This may
+ cause the program to be initialized without the desired, secure settings.
+ (Closes: #832577)
+
+ -- Sebastian Harl <tokkee@debian.org> Thu, 28 Jul 2016 22:25:08 +0200
+
collectd (5.4.1-6) unstable; urgency=medium
* debian/patches:
-- gregor herrmann <gregoa@debian.org> Sun, 26 May 2013 00:52:37 +0200
+collectd (5.1.0-3+deb7u1) wheezy-security; urgency=high
+
+ * debian/patches/CVE-2016-6254.dpatch: Fix heap overflow in the network
+ plugin. Emilien Gaspar has identified a heap overflow in parse_packet(),
+ the function used by the network plugin to parse incoming network packets.
+ Thanks to Florian Forster for reporting the bug in Debian.
+ (Closes: #832507, CVE-2016-6254)
+ * debian/patches/bts832577-gcry-control.dpatch: Fix improper usage of
+ gcry_control. A team of security researchers at Columbia University and
+ the University of Virginia discovered that GCrypt's gcry_control is
+ sometimes called without checking its return value for an error. This may
+ cause the program to be initialized without the desired, secure settings.
+ (Closes: #832577)
+
+ -- Sebastian Harl <tokkee@debian.org> Thu, 28 Jul 2016 20:52:12 +0200
+
collectd (5.1.0-3) unstable; urgency=low
* debian/patches/migrate-4-5-df.dpatch, debian/collectd-core.postinst:
* Initial release (Closes: #373008).
* Removed upstream's debian/ directory from .orig.tar.gz.
* getifaddrs.dpatch: Patching src/traffic.c to read data from /proc instead
- of using getifaddrs(). getifaddrs() does not seem to work correctly on
+ of using getifaddrs(). getifaddrs() does not seem to work correctly on
AMD64.
-- Sebastian Harl <sh@tokkee.org> Fri, 7 Jul 2006 15:49:42 +0200