Package "maas"

  maas (1.2+bzr1373+dfsg-0ubuntu1~12.04.6) precise-security; urgency=medium

  * Fix compatibility with mod-wsgi security update (LP: #1399016)
    - debian/patches/home-directory.patch: specify a valid home directory
      for the maas user, since mod-wsgi no longer works without one.
 -- Marc Deslauriers <email address hidden> Thu, 04 Dec 2014 14:00:28 -0500

  maas (1.2+bzr1373+dfsg-0ubuntu1~12.04.5) precise-security; urgency=low

  * SECURITY UPDATE: incorrect Content-type header allowed cross-site
    scripting vulnerability if an unknown API was used. (LP: #1251336)
    - debian/patches/CVE-2013-1070.patch: Use Content-type text/plain to force
      browsers to not render error messages as HTML.
    - CVE-2013-1070
  * SECURITY UPDATE: /etc/maas/txlongpoll.yaml contained a publicly readable
    password. (LP: #1254034)
    - debian/maas-region-controller.postinst: chown and chmod
      /etc/maas/txlongpoll.yaml with correct permissions
    - CVE-2013-1069
 -- Seth Arnold <email address hidden> Mon, 10 Feb 2014 22:49:35 -0800

  maas (1.2+bzr1373+dfsg-0ubuntu1~12.04.4) precise-security; urgency=low

  * SECURITY UPDATE: failure to authenticate downloaded content (LP: #1039513)
    - debian/patches/CVE-2013-1058.patch: Authenticate downloaded files with
      GnuPG and MD5SUM files. Thanks to Julian Edwards.
    - CVE-2013-1058
  * SECURITY UPDATE: configuration options may be loaded from current working
    directory (LP: #1158425)
    - debian/patches/CVE-2013-1057-1-2.patch: Do not load configuration
      options from the current working directory. Thanks to Julian Edwards.
    - CVE-2013-1057
 -- Seth Arnold <email address hidden> Fri, 01 Nov 2013 17:09:57 -0700

  maas (1.2+bzr1373+dfsg-0ubuntu1~12.04.3) precise-proposed; urgency=low

  * MAAS Stable Release Update:
    - debian/patches/04-dhcp-lease-conflict.patch: Sets expiry lease time
      to 30 seconds (LP: #1069570)
 -- Andres Rodriguez <email address hidden> Thu, 05 Sep 2013 22:53:10 -0400

  maas (1.2+bzr1373+dfsg-0ubuntu1~12.04.2) precise-proposed; urgency=low

  * MAAS Stable Release Update, debian/patches:
    - 99_filestorage_empty_files_lp1204507.patch: Fix to allow the storage
      of empty files when using Juju Go, otherwise machines will fail to
      bootstrap. (LP: #1204507)
    - 99_fix_highbank_localboot_lp1172966.patch: Fix to PXE LOCALBOOT on
      highbank servers by removing a PXE message. Otherwise highbank will
      fail to pxe boot. (LP: #1172966)
    - 99_no_ipmi_detection_kvm_lp1064527.patch: Fix to ensure that IPMI
      detection does not happen on KVM VM's, otherwise enlistment and
      commissioning process will take too long. (LP: #1064527)
    - 99_update_cluster_info_cli_lp1172193.patch: Fix to allow admins to
      update cluster information from the API/CLI and not only restrict it
      to the WebUI. (LP: #1172193)
    - 99_fix_ipmi_power_command_lp1171418: Fix to ensure that ipmi commands
      are always executed regardless of the state of the machine.
      (LP: #1171418)
    - 99_default_timezone_utc_lp1211447.patch: Default to UTC for the
      deployed nodes. (LP: #1211447)
 -- Andres Rodriguez <email address hidden> Mon, 12 Aug 2013 12:18:34 -0400