Delta generated at: 2019-06-26 11:37 UTC
* Last Uploader: James Page
Debian changes newer than ubuntu version:
alembic (1.0.0-3) unstable; urgency=medium
* Require newer dh-python which cleans .pytest_cache directory
* Revert removing of pytest_cache manually
* Rename d/tests/control.autodep8 to d/tests/control.
* Standards-Version is 4.3.0 now (no changes needed)
-- Ondřej Nový Tue, 22 Jan 2019 17:31:51 +0100
* Last Uploader: Rafael David Tinoco (sponsored by Andreas Hasenack)
Debian changes newer than ubuntu version:
bind9 (1:9.11.5.P4+dfsg-5.1) unstable; urgency=high
* Non-maintainer upload.
* move item_out test inside lock in dns_dispatch_getnext() (CVE-2019-6471)
(Closes: #930746)
-- Salvatore Bonaccorso Fri, 21 Jun 2019 11:24:31 +0200
* Last Uploader: Dustin Kirkland
Debian changes newer than ubuntu version:
byobu (5.129-1) unstable; urgency=medium
* debian/control:
- recommend less package, for BYOBU_PAGER
-- Dustin Kirkland Tue, 11 Jun 2019 19:56:15 -0500
* Last Uploader: Corey Bryant
Debian changes newer than ubuntu version:
cmd2 (0.8.5-2) unstable; urgency=medium
[ Ondřej Nový ]
* Add python-enum32 to D + B-D (Closes: #902514)
* Add python-contextlib2 to D + B-D (Closes: #902518)
* Add python{,3}-wcwidth to D + B-D
* Enable autopkgtest-pkg-python testsuite
* d/control: Remove ancient X-Python-Version field
[ Federico Ceratto ]
* Bump up Standards-Version
-- Federico Ceratto Thu, 12 Jul 2018 18:19:48 +0100
cmd2 (0.8.5-1) unstable; urgency=medium
* New upstream release.
-- Federico Ceratto Mon, 14 May 2018 18:23:06 +0100
cmd2 (0.8.0-1) unstable; urgency=medium
* New upstream release.
* Patch out GTK import (Closes: #884875) Thanks to Corey Bryant
-- Federico Ceratto Sat, 24 Feb 2018 15:23:23 +0000
* Last Uploader: James Page
Debian changes newer than ubuntu version:
defusedxml (0.5.0-2) unstable; urgency=medium
[ Ondřej Nový ]
* d/control: Set Vcs-* to salsa.debian.org
* d/copyright: Use https protocol in Format field
* d/changelog: Remove trailing whitespaces
* d/control: Remove ancient X-Python-Version field
* d/control: Remove ancient X-Python3-Version field
* Convert git repository from git-dpm to gbp layout
[ Jelmer Vernooij ]
* Bump debhelper from old 9 to 10.
* Re-export upstream signing key without extra signatures.
* Add a basic debian/upstream/metadata.
-- Jelmer Vernooij Tue, 13 Feb 2018 10:18:18 +0100
* Last Uploader: Karl Stenerud (sponsored by Christian Ehrhardt )
Debian changes newer than ubuntu version:
ebtables (2.0.10.4+snapshot20181205-3) unstable; urgency=medium
[ Arturo Borrero Gonzalez ]
* [9b474c7] src:ebtables: add salsa CI integration
[ Alberto Molina Coballes ]
* [5dbd22d] Remove /sbin symlinks on not usr-merged systems (Closes: #926728)
-- Alberto Molina Coballes Mon, 15 Apr 2019 18:23:43 +0000
ebtables (2.0.10.4+snapshot20181205-2) unstable; urgency=medium
[ Alberto Molina Coballes ]
* [d0a79d0] d/rules: include build architecture compiler (Closes: #848948)
* [322fbda] Revert "d/rules: include build architecture compiler"
* [25138b7] d/ebtables.prerm: iptables verification deleted (Closes: #919583)
* [22208c6] d/control: Mark ebtables as 'Multi-Arch: foreign'
(Closes: #918787)
* [b739b36] d/ebtables-{save,restore}.8 renamed
[ Arturo Borrero Gonzalez ]
* [a9cfc27] d/rules: make build verbose
* [5e3d23f] d/stamp-autotools-files: delete file
[ Alberto Molina Coballes ]
* [7a58bd0] ebtables: System V init script removed (Closes: #918678)
* [9d015e9] ebtables: remove, disable and purge systemvinit script and
systemd service
* [1292475] d/README.Debian: add explanation about nftables migration
* [de05c5e] d/patches: minor update
* [b4d4f1e] d/control: bump std-version to 4.3.0
-- Alberto Molina Coballes Sat, 02 Feb 2019 19:31:28 +0000
* Last Uploader: Bryce Harrington
Debian changes newer than ubuntu version:
exim4 (4.92-8) unstable; urgency=low
* Pulled from exim-4.92+fixes branch:
+ 75_11-GnuTLS-fix-tls_out_ocsp-under-hosts_request_ocsp.patch
Fix expansion of $tls_out_ocsp under hosts_request_ocsp.
+ 75_12-GnuTLS-fix-the-advertising-of-acceptable-certs-by-th.patch
When tls_verify_certificates was set to a directory instead of a file
exim/GnuTLS would still send out the list of accepted certificates,
This did not match documented behavior.
+ 75_13-Use-dsn_from-for-success-DSN-messages.-Bug-2404.patch
The dsn_from option was not used for DSN success messages.
* Pulled from upstream GIT master:
+ 75_14-Fix-smtp-response-timeout.patch
Fix the timeout on smtp response to apply to the whole response instead
of resetting for every byte received.
+ 75_15-Fix-detection-of-32b-platform-at-build-time.-Bug-240.patch
https://bugs.exim.org/show_bug.cgi?id=2405
${eval } was broken on 32bit archs.
-- Andreas Metzler Sat, 08 Jun 2019 17:37:43 +0200
* Last Uploader: Karl Stenerud (sponsored by Andreas Hasenack)
Debian changes newer than ubuntu version:
fetchmail (6.4.0~beta4-3) unstable; urgency=medium
* Backport fix potential SIGSEGV in pop3_delete (closes: #921450).
* Backport native name verification for OpenSSL.
-- Laszlo Boszormenyi (GCS) Wed, 06 Feb 2019 16:33:00 +0000
fetchmail (6.4.0~beta4-2) unstable; urgency=medium
* Upload to Sid.
* Update Standards-Version to 4.3.0 .
-- Laszlo Boszormenyi (GCS) Sun, 03 Feb 2019 15:45:40 +0000
fetchmail (6.4.0~beta4-1) experimental; urgency=medium
* New major upstream beta release:
- improved TLS support (closes: #768843).
* Update watch file.
* Disable Vcs-* fields for now.
* Update debhelper level to 11:
- remove dh-autoreconf build dependency,
- remove autotools-dev build dependency,
- don't specify parallel to debhelper,
- specify restart-after-upgrade to dh_installinit .
* Update Standards-Version to 4.1.4 .
[ Russell Coker ]
* Run restorecon after creating directory from init script (closes: #752598).
[ Nicolas Boulenguez ]
* Packaging updates (closes: #895366):
- rename d/init to d/fetchmail.init, as recommended by policy,
- give standard formatting to header of 01_fetchmailconf.patch ,
- remove obsolete debian/pycompat ,
- fix typo in manpage,
- delegate installation of ppp and logcheck scripts to debhelper,
- delegate manpages from dh_install to more specialized
dh_installmanpages ,
- install contrib files and resolvconf directly without intermediate copy
in debian/tmp ,
- switch copyright to format 1.0 and add some missing licenses.
- delegate buggy installation of README.contrib to debhelper,
- per policy 4.0.0, use invoke-rc.d instead of calling /etc/init.d/*
directly,
- rules: drop paragraphe preparing unused variable CONFFLAGS ,
- rules: simplify some variable affectations,
- delegate build flags stuff to dpkg-buildflags .
[ Kevin Ryde ]
* Let fetchmail-mode run hook after other settings (closes: #710319).
-- Laszlo Boszormenyi (GCS) Sat, 23 Jun 2018 15:52:22 +0000
* Last Uploader: Leonidas S. Barbosa
Debian changes newer than ubuntu version:
freeradius (3.0.17+dfsg-1.1) unstable; urgency=high
* Non-maintainer upload.
* Cherry-Pick upstream commits to fix CVE-2019-11234 / CVE-2019-11235 /
VU#871675 (Invalid Curve Attack and Reflection Attack on EAP-PWD, leading
to authentication bypass) (Closes: #926958)
-- Bernhard Schmidt Mon, 22 Apr 2019 23:23:36 +0200
* Last Uploader: Marc Deslauriers
Debian changes newer than ubuntu version:
ghostscript (9.27~dfsg-2) unstable; urgency=medium
* Add patch cherry-picked upstream
to fix regression resolving bounding box of font glyphs.
Closes: Bug#927429. Thanks to Kenshi Muto.
-- Jonas Smedegaard Sat, 20 Apr 2019 10:16:50 +0200
ghostscript (9.27~dfsg-1) unstable; urgency=high
[ upstream ]
* New release.
Closes: Bug#925256, 925257 (CVE-2019-3835, CVE-2019-3838).
Thanks to Salvatore Bonaccorso.
* Set urgency=high, due to CVE fix.
[ Jonas Smedegaard ]
* Drop patches cherry-picked upstream now applied.
* Unfuzz patches.
* Build-depend versioned on libjbig2dec0-dev
(not unversioned on libjbig2dec-dev).
* Use dpkg-provided snippet
(not additional explicit dpkg-parsechangelog call)
to resolve when build is targeted experimental suite.
* Revert to again split ABI at ~ (not a)."
* Update copyright info: Extend coverage for main upstream author.
* Update testsuite to catch new error message.
* Update symbols:
+ 18 private symbols dropped.
+ 51 private symbols dropped.
-- Jonas Smedegaard Thu, 04 Apr 2019 20:17:20 +0200
ghostscript (9.26a~dfsg-2) unstable; urgency=medium
* Update symbols: 1 private added.
* Add test to check that upstream bug 700317 is fixed,
and a smoketest to check commanline options.
Enable bugchecking and smoketest during build,
and smoketest as autopkgtest.
-- Jonas Smedegaard Wed, 23 Jan 2019 20:26:09 +0100
ghostscript (9.26a~dfsg-1) unstable; urgency=high
[ upstream ]
* New security release.
(CVE-2019-6116).
* Set urgency=high, due to CVE fix.
[ Jonas Smedegaard ]
* Consult DEB_BUILD_OPTIONS (not bogusly DEB_BUILD_PROFILES)
to decide if build is a profile.
* Declare compliance with Debian Policy 4.3.0.
* New upstream version 9.26a~dfsg
* Update copyright info: Extend coverage of packaging.
-- Jonas Smedegaard Wed, 23 Jan 2019 12:47:56 +0100
Unknown (Probably auto sync.)
Debian changes newer than ubuntu version:
* Last Uploader: Matthias Klose
Debian changes newer than ubuntu version:
google-perftools (2.7-1) unstable; urgency=medium
* New upstream release.
* Fix libprofiler build on ppc64el (closes: #894749).
* Remove 0001-unbreak-printing-large-span-stats.patch as not needed.
* Use short debhelper rules format.
* Make package multiarch (closes: #893928).
* Reference google-pprof in README (closes: #739572).
* Update debhelper level to 11:
- remove dh-autoreconf build dependency.
* Update Standards-Version to 4.1.4 .
* New maintainer (closes: #863782).
-- Laszlo Boszormenyi (GCS) Mon, 30 Apr 2018 06:52:01 +0000
google-perftools (2.6.90-0.1) unstable; urgency=medium
* Non-maintainer upload.
* Upload to unstable.
* Cherry-pick patches from upstream to fix tests on i386.
-- YunQiang Su Sun, 25 Mar 2018 19:20:03 +0800
google-perftools (2.6.90-0.1~exp) experimental; urgency=medium
* Non-maintainer upload.
* Migrate to salsa.debian.org, and convert to git.
* New upstream release, and use arch list to 'any' for test on experimental
(Closes: #872511, #837343, #856203, #857275, #761685)
* Migrate to 3.0 (quilt) format. (Closes: #872512)
* Build-Dep on libunwind-dev instead of libunwind8-dev. (Closes: #872593)
* Drop build-dep on binutils. (Closes: #873141)
* Use standard version 4.1.3.
* Use multiarch dir as libdir.
* cdbs: dh-autoreconf.
-- YunQiang Su Wed, 21 Mar 2018 13:06:54 +0800
* Last Uploader: Christian Ehrhardt
Debian changes newer than ubuntu version:
ipxe (1.0.0+git-20190125.36a4c85-1) unstable; urgency=medium
* New snapshot. (closes: #832765, #906365)
* Add e1000e and vmxnet3 firmware for qemu. (closes: #884240, #868124)
-- Bastian Blank Sat, 09 Feb 2019 17:41:37 +0100
* Last Uploader: Jeremy Bicha
Debian changes newer than ubuntu version:
kerneloops (0.12+git20181124-7) unstable; urgency=medium
[ Stefan Bader ]
* Change location of logfile.
Changes the hard coded logfile into /var/log/kern.log
[ Balint Reczey ]
* Make kerneloops only suggest kerneloops-applet.
The applet is not needed on servers and in Ubuntu Apport
asks the user for permission to send the oops report.
* Drop not working ExecStartPre option from kerneloops.service
(Closes: #921210)
* Add Salsa CI configuration
* Migrate packaging to Salsa
* New upstream snapshot 0.12+git20181124 (Closes: #875560)
* Drop patches merged upstream
* debian/control: Use my Ubuntu email address for Maintainer:
* Bump debhelper version by build-depending on debhelper-compat (= 12)
* Drop dh's --with systemd
* Add Pre-Depends: ${misc:Pre-Depends} to kerneloops
-- Balint Reczey Sun, 16 Jun 2019 21:59:41 +0200
* Last Uploader: Matthias Klose
Debian changes newer than ubuntu version:
ldns (1.7.0-4) unstable; urgency=medium
* Fix invalid maintainer (Closes: #899938)
* Add two upstream patches to address security issues:
+ CVE-2017-1000231: Memory corruption in ldns_rr_new_frm_fp_l
(Closes: #882015)
+ CVE-2017-1000232: Memory corruption in ldns_str2rdf_long_str
(Closes: #882014)
* Bump debhelper compat to v12
* Update the Vcs-* links to salsa.d.o
* Bump the policy to the latest version (no change)
* Add upstream Homepage link to d/control
* Disable GOST and enable Ed25519 algorithm (see draft-wouters-sury-dnsop-algorithm-update)
-- Ondřej Surý Sun, 10 Mar 2019 21:56:02 +0000
ldns (1.7.0-3.1) unstable; urgency=medium
* Non-maintainer upload.
* Don't build-depend on python3-all-dev, the build rules don't handle
multiple versions of python3 correctly. Closes: #904038
Thanks to Steve Langasek for the patch.
* Enable parallel building.
-- Mattia Rizzolo Thu, 27 Sep 2018 10:36:04 +0200
* Last Uploader: Nish Aravamudan
Debian changes newer than ubuntu version:
libpam-radius-auth (1.4.0-2) unstable; urgency=medium
* QA upload.
* Fix a regression that made libpam-radius-auth/1.4.0-1 use
a different configuration file than intended. This version
restores /etc/pam_radius_auth.conf as the configuration
file for Debian package of libpam-radius-auth.
(Closes: #908006)
* Use the new "debhelper-compat (= 11)" method for specifying
debhelper compat version.
-- Niels Thykier Wed, 05 Sep 2018 19:44:07 +0000
libpam-radius-auth (1.4.0-1) unstable; urgency=low
* QA upload.
* New upstream release. (Closes: #854284)
* Drop patch that was applied upstream or no longer relevant.
* Set Rules-Requires-Root to "no".
* Bump Priority to "optional" since "extra" has been
removed.
* Rewrite rules file to the dh7-style.
* Add ${misc:Depends} to the Depends field.
* Add Homepage field.
* Correct section to admin.
* Change to source format 3.0 (quilt).
* Bump debhelper compat to 11.
* Enable bindnow hardening.
* Update debian/copyright.
* Bump Standards-Versions to 4.2.0 - no additional changes
required.
-- Niels Thykier Sun, 19 Aug 2018 12:16:13 +0000
* Last Uploader: Stéphane Graber
Debian changes newer than ubuntu version:
lxc (1:3.1.0+really3.0.3-8) unstable; urgency=medium
* d/control:
- bin:lxc sets AppArmor as a Recommend instead of a Dependency
* d/README.Debian:
- Update the documentation to explain how to manage containers not
starting if AppArmor is missing.
-- Pierre-Elliott Bécue Sun, 14 Apr 2019 15:46:47 +0200
lxc (1:3.1.0+really3.0.3-7) unstable; urgency=medium
* d/ccontrol:
- Add a dependency to AppArmor for lxc package as the default.conf file
includes an AppArmor profile.
* d/{NEWS,README.Debian}:
- Add appropriate documentation for unprivileged containers
(Closes: #925899)
-- Pierre-Elliott Bécue Tue, 09 Apr 2019 02:03:05 +0200
lxc (1:3.1.0+really3.0.3-6) unstable; urgency=medium
* d/patches/0005: Tweaks the 0004 patch for CVE-2019-5736 (Closes: #923932)
* d/NEWS: summary of the important changes since LXC2.
-- Pierre-Elliott Bécue Sat, 09 Mar 2019 15:49:21 +0100
lxc (1:3.1.0+really3.0.3-5) unstable; urgency=medium
[ Christian Kastner ]
* /etc/default/lxc.conf Change back to lxc.net.0.type
(Closes: #923395)
[ Frans Spiesschaert ]
* debian/po/nl.po: Add Dutch translation of debconf messages
(Closes: #923328)
-- Antonio Terceiro Sat, 02 Mar 2019 12:33:08 -0300
lxc (1:3.1.0+really3.0.3-4) unstable; urgency=medium
[ Lev Lamberov ]
* d/po/ru.po: Add russian translation for debconf templates (Closes: #920916)
[ Américo Monteiro ]
* d/po/pt.po: Add portuguese translation for debconf templates (Closes:
#919221)
[ Adriano Rafael Gomes ]
* d/po/pr_BR.po: Add brazilian portuguese translation for debconf templates
(Closes: #920543)
[ Pierre-Elliott Bécue ]
* d/patches/0004: Import the fix for CVE-2019-5736. (Closes: #922169)
-- Pierre-Elliott Bécue Sat, 16 Feb 2019 16:21:41 +0100
lxc (1:3.1.0+really3.0.3-3) unstable; urgency=medium
* d/lxc.postinst:
- Add a fallback method to handle the cases where apparmor_parser may
fail while present. (nested virt or whatever else) (Closes: #921667)
* d/patches:
- Backports 3 patches from lxc 3.1 to have Apparmor confinement working
properly with systemd 240. (Closes: #916639)
* d/tests/exercise:
- Update the configuration to match lxc 3 standards
* d/contrib/default.conf:
- Provide a minimalist default.conf including appropriate apparmor
parameters.
-- Pierre-Elliott Bécue Mon, 11 Feb 2019 23:03:53 +0100
lxc (1:3.1.0+really3.0.3-2) unstable; urgency=medium
[ Chris Leick ]
* d/po/de.po:
- Added German Debconf translation (Closes: #916263)
[ Pierre-Elliott Bécue ]
* d/lxc.postinst:
- Add a call to apparmor_parser if present to ensure lxc containers work
with apparmor after an upgrade. (Closes: #918842)
- Add a check to make sure we're on a proper upgrade or a proper install
to decide whether or not some code blocks are executed.
* d/lxc.config:
- Asks for the upgrade of configuration only when lxc is actually upgraded
and not installed.
-- Pierre-Elliott Bécue Fri, 11 Jan 2019 01:12:41 +0100
lxc (1:3.1.0+really3.0.3-1) unstable; urgency=medium
* Rollback to version 3.0.3 as this is a LTS release.
* Revert symbols file.
* d/control:
- Bump Standards-Version to 4.3.0
-- Pierre-Elliott Bécue Thu, 10 Jan 2019 23:26:47 +0100
lxc (1:3.1.0-1) unstable; urgency=medium
[ Pierre-Elliott Bécue ]
* New upstream release 3.1.0
[ Shengjing Zhu ]
* d/liblxc1.symbols: Fix liblxc1 symbol version, missing the Debian epoch.
Closes: #916362
-- Pierre-Elliott Bécue Sat, 22 Dec 2018 22:56:16 +0100
lxc (1:3.0.3-1) unstable; urgency=medium
* New upstream version: 3.0.3
* d/liblxc1.symbols: Updated symbols table
* d/lxc.postinst: no absolute path for lxc-update-config (it's in the PATH)
* d/copyright: remove statement for src/includes/ifaddrs.{c, h} as they're
not shipped anymore
* Release to unstable.
-- Pierre-Elliott Bécue Tue, 04 Dec 2018 08:04:18 +0100
lxc (1:3.0.2-1~exp+4) experimental; urgency=medium
* d/rules: strip unnecessary DPKG_EXPORT_BUILDFLAGS and include that are not
needed since dh compat 9
* d/templates, d/po/*: updated templates and translation
* d/lxc.config: refactor the config script a little
-- Pierre-Elliott Bécue Thu, 29 Nov 2018 22:24:03 +0100
lxc (1:3.0.2-1~exp+3) experimental; urgency=medium
* d/control:
- Update Recommends to suggest more recent tools.
Replaces iptables => nftables | iptables
Add iproute2 for more precise bridge manipulation
* d/lxc{.config,.postinst}, d/templates, d/po/*
- Implement a maintainer script allowing an auto-upgrade of lxc
configuration files
-- Pierre-Elliott Bécue Thu, 29 Nov 2018 01:07:02 +0100
lxc (1:3.0.2-1~exp+2) experimental; urgency=medium
* d/control:
- Add explicit Recommend on lxc-templates
- Version the Recommends
- Update the Breaks on liblxc1
- Add myself to uploaders
-- Pierre-Elliott Bécue Sun, 18 Nov 2018 23:57:26 +0100
lxc (1:3.0.2-1~exp+1) experimental; urgency=medium
* Team upload
* New upstream release: 3.0.2
* d/p/000[1-3]*:
- Dropped because Debian template got out of lxc release
* d/p/000[4-7]*:
- Upstream fixes taken into account into this release
* d/control:
- Drop packages lua-lxc and python3-lxc, as they got extracted from there
by upstream
- Raise debhelper dependency to 11
- Bump Standards-Version to 4.2.1. No change required
- Update VCS fields
- Add libpam-cgfs that was previously in src:lxcfs
* d/compat raised to 11
* d/copyright:
- Use HTTPS url for the copyright format link
- Updated copyrights
* d/watch:
- Updated version and regex
* d/libpam-cgfs* d/pam-cgfs.config added with pam-cgfs inclusion in the
package
* d/liblxc1.symbols added
-- Pierre-Elliott Bécue Sat, 17 Nov 2018 09:23:20 +0100
lxc (1:2.0.9-7) unstable; urgency=medium
* debian/rules: pass --disable-werror to ./configure. Fixes FTBFS against
python3 3.7
-- Antonio Terceiro Tue, 27 Nov 2018 14:53:56 -0200
lxc (1:2.0.9-6.2) unstable; urgency=medium
* Non-maintainer upload.
* autodev: adapt to changes in Linux 4.18 (Closes: #908223)
-- Salvatore Bonaccorso Mon, 22 Oct 2018 23:18:55 +0200
lxc (1:2.0.9-6.1) unstable; urgency=medium
* Non-maintainer upload.
* utils: add LXC_PROC_PID_FD_LEN
* CVE 2018-6556: verify netns fd in lxc-user-nic (Closes: #905586)
-- Salvatore Bonaccorso Wed, 29 Aug 2018 15:22:46 +0200
lxc (1:2.0.9-6) unstable; urgency=medium
* 0004-debian-Use-iproute2-instead-of-iproute.patch: fix creation of
containers after the iproute binary has been removed.
-- Antonio Terceiro Sat, 27 Jan 2018 12:44:36 -0200
lxc (1:2.0.9-5) unstable; urgency=medium
* Drop installation of disable-apparmor.conf. The issue that prevented lxc
containers from starting with apparmor was fixed in apparmor 2.11.1-4.
* debian/rules: drop --with autotools_dev in favor of debhelper built-in
support for updating autotools files during build
* Bump Standards-Version to 4.1.2; no changes needed
* Drop debian/lxc-dev.lintian-overrides; false positive has been fixed in
lintian.
-- Antonio Terceiro Tue, 19 Dec 2017 10:02:34 -0200
lxc (1:2.0.9-4) unstable; urgency=medium
* Install disable-apparmor.conf disabling apparmor for all containers, until
we can make it work. See #880502
-- Antonio Terceiro Thu, 02 Nov 2017 12:49:57 -0200
lxc (1:2.0.9-3) unstable; urgency=medium
* 0002-lxc-debian-don-t-write-C.-locales-to-etc-locale.gen.patch: don't add
C.UTF-8 to /etc/locale.gen (Closes: #879595)
* 0003-lxc-debian-don-t-hardcode-valid-releases.patch: don't hardcode list
of valid Debian releases
-- Antonio Terceiro Sat, 28 Oct 2017 09:12:47 -0200
lxc (1:2.0.9-2) unstable; urgency=medium
* Add patch 0001-lxc-debian-allow-creating-testing-and-unstable.patch to
allow creating `testing` and `unstable` containers.
-- Antonio Terceiro Thu, 26 Oct 2017 20:50:14 -0200
lxc (1:2.0.9-1) unstable; urgency=medium
[ Evgeni Golov ]
* New upstream version 2.0.9
* track LTS release
* drop use-lxc-stop-to-stop-systemd-service.patch, applied upstream
* drop cgroups-workaround-gcc-7-bug.patch, applied upstream
* drop the symbols file again
[ Nicholas D Steeves ]
* Update Suggests: btrfs-tools to btrfs-progs (Closes: #878908)
-- Evgeni Golov Sat, 21 Oct 2017 17:20:45 +0200
lxc (1:2.0.8-3) unstable; urgency=medium
* Rebuild against python 3.6 (Closes: #878246)
* Drop build-dependency on the deprecated dh-systemd package
* Bump Standards-Version to 4.1.1; no changes needed
* Add symbols file for liblxc1
-- Antonio Terceiro Wed, 11 Oct 2017 19:57:54 -0300
lxc (1:2.0.8-2) unstable; urgency=medium
* Add cgroups-workaround-gcc-7-bug.patch from upstream to make lxc build
against gcc 7 (Closes: #853531)
-- Antonio Terceiro Fri, 25 Aug 2017 18:20:29 -0300
lxc (1:2.0.8-1) unstable; urgency=medium
[ Evgeni Golov ]
* New upstream version 2.0.8
+ Make lxc-net return non-zero on failure (Closes: #854591)
* drop old patches, all were cherry-picks from upstream
* Use lxc-stop to stop systemd service (Closes: #863850)
[ Baptiste Jonglez ]
* Increase the maximum number of inotify listeners (Closes: #860974)
-- Evgeni Golov Sun, 18 Jun 2017 15:33:06 +0200
lxc (1:2.0.7-2) unstable; urgency=high
* use bash-completion's pkg-config support and don't move files around
* ignore lxc-test-cloneconfig if kernel has no overlay support
* CVE-2017-5985: Ensure target netns is caller-owned (Closes: #857295)
-- Evgeni Golov Sat, 11 Mar 2017 09:47:20 +0100
lxc (1:2.0.7-1) unstable; urgency=medium
* New upstream version 2.0.7
+ Closes: #847909, #847894, #847466
-- Evgeni Golov Mon, 23 Jan 2017 22:03:24 +0100
lxc (1:2.0.6-1) unstable; urgency=high
* New upstream version 2.0.6
+ attach: do not send procfd to attached process
Closes: #845465
CVE-2016-8649
* liblxc1: add depends on cgroupfs-mount | systemd (Closes: #844086)
* drop patches applied/imported upstream
* debian/tests: add iptables to tests depends
-- Evgeni Golov Thu, 24 Nov 2016 08:07:02 +0100
lxc (1:2.0.5-3) unstable; urgency=medium
* add python3:Depends for lxc, so it gets a depends on python3
* lxc-tests replace lxc-dev, not lxc
* add a lintian override that the tests do not have a manpage
* register lxc-dev docs with doc-base
* add lintian override for ldconfig-trigger in lua-lxc
* s/LUA/Lua/g in d/control
-- Evgeni Golov Sun, 06 Nov 2016 14:33:14 +0100
lxc (1:2.0.5-2) experimental; urgency=medium
* split lua and python3 bindings in their own packages
* split tests into their own package
* only add bash completion links for commands we actually complete
* backport two patches from Ubuntu
* kill all the .la files, we do not need them
* enable ALL the hardening flags
* autopkgtest: only reboot if the memory cgroup is not activated yet
* replace our lxc-dbg package by the autogenerated dbgsym one
-- Evgeni Golov Sun, 30 Oct 2016 17:59:32 +0100
lxc (1:2.0.5-1) unstable; urgency=medium
* New upstream version 2.0.5
* drop cgmanager support
it's orphaned and upstream does recommend lxcfs instead
* fix execution of tests on systems which do not have overlay.ko
* add depends on lsb-base, thanks lintian
-- Evgeni Golov Sat, 08 Oct 2016 14:03:16 +0200
lxc (1:2.0.4-1) unstable; urgency=medium
[ Antonio Terceiro ]
* debian/rules: create symlinks for each lxc-* binary in
/usr/share/bash-completion/completions/ so that bash completion actually
works
[ Evgeni Golov ]
* Imported Upstream version 2.0.4
+ Uses SIGRTMIN+3 for systemd containers (Closes: #831691, #799541)
+ The debian template properly generates locaes (Closes: #806746)
* drop 0020-fix-regression-when-creating-wheezy-containers.patch
* rebase patches ontop of 2.0.4
* add gnupg and dirmngr to recommends
* improve autopkgtest execution, making most autopkgtest run properly
-- Evgeni Golov Thu, 25 Aug 2016 19:52:33 +0200
lxc (1:2.0.3-1) unstable; urgency=medium
* Imported Upstream version 2.0.3
- Fixes Inconsistent settings in lxc@.service (Closes: #826100)
* drop patch hunks that were applied in 2.0.3
* document how to change passwords in the container (Closes: #829239)
-- Evgeni Golov Sat, 16 Jul 2016 11:52:47 +0200
lxc (1:2.0.1-3) unstable; urgency=medium
* 0020-lxc-debian-make-sure-init-is-installed.patch: update to fix
regression when creating wheezy containers.
-- Antonio Terceiro Wed, 29 Jun 2016 15:10:57 -0300
lxc (1:2.0.1-2) unstable; urgency=medium
* 0020-lxc-debian-make-sure-init-is-installed.patch: make sure init is
included in Debian containers, since as of 1.34 it is not Essential
anymore.
-- Antonio Terceiro Sat, 18 Jun 2016 09:16:43 -0300
lxc (1:2.0.1-1) unstable; urgency=medium
* Imported Upstream version 2.0.1
* drop patches applied upstream:
* demote apparmor to suggests (Closes: #824120)
-- Evgeni Golov Sun, 22 May 2016 22:04:19 +0200
lxc (1:2.0.0-3) unstable; urgency=medium
* drop lxcinitdir.patch
* replace all patches by the versions accepted upstream
* cherry-pick fix for creating unpriv container on non-systemd systems
* add gbp.conf
-- Evgeni Golov Sun, 01 May 2016 13:00:16 +0200
lxc (1:2.0.0-2) unstable; urgency=medium
[ Evgeni Golov ]
* add lxcfs and libpam-cgfs to recommends
* Standards-Version: 3.9.8
[ Antonio Terceiro ]
* Refresh patches
* debian/patches/0018-lxc-create-fix-B-best-option.patch: Fix `-B best`
option to lxc-create
-- Antonio Terceiro Mon, 11 Apr 2016 14:19:45 -0300
lxc (1:2.0.0-1) unstable; urgency=medium
* Imported Upstream version 2.0.0
* set Maintainer to pkg-lxc, Antonio and me as Uploaders
* re-enable seccomp on almost all arches again
-- Evgeni Golov Wed, 06 Apr 2016 21:26:24 +0200
lxc (1:2.0.0~rc15-1) experimental; urgency=medium
* Team upload.
[ Evgeni Golov ]
* Imported Upstream version 2.0.0~rc15
+ Updates supported Debian releases in template (Closes: #816710)
+ Does not enable non-free by default anymore (Closes: #793598)
+ Uses httpredir.debian.org (Closes: #805085)
* add uidmap to Recommends (Closes: #817796)
* Standards-Version: 3.9.7
[ Reiner Herrmann ]
* use the date from the latest changelog entry when building manpages
(Closes: #807837)
-- Evgeni Golov Sun, 03 Apr 2016 16:09:25 +0200
lxc (1:2.0.0~rc13-1) experimental; urgency=medium
* Team upload.
[ Antonio Terceiro ]
* debian/tests/control: require isolation-machine to run; the tests can't
run under lxc themselves.
* debian/control: add Vcs-* fields pointing fields to the new repository
location on https://anonscm.debian.org/cgit/pkg-lxc/lxc.git
[ Evgeni Golov ]
* Add debian/NEWS entry about lxc.aa_allow_incomplete = 1
Closes: #813954
* Imported Upstream version 2.0.0~rc13
* refresh patches for LXC 2.0.0
* install hooks from /usr/lib too
-- Evgeni Golov Fri, 25 Mar 2016 16:44:25 +0100
lxc (1:1.1.5-1) unstable; urgency=medium
[ Evgeni Golov ]
* Imported Upstream version 1.1.5
* drop patches either applied or obsoleted upstream
* refresh patches
* call dh_installinit for lxc-net
* drop useless lintian override
* add autopkgtests from Ubuntu
- fix up some tests for Debian
* add dnsmasq-base to test depends
* debian/watch: updated to look for all LXC releases
* use dh_apparmor
* do not restart LXC on upgrades when using systemd
* build-depend on gnutls-dev
* update Depends/Recommends/Suggests based on the packaging in Ubuntu
* properly pass the systemd unit dir to configure
[ Antonio Terceiro ]
* 0014-Fix-520-multiple-instances-of-agetty-on-systemd.patch: add
upstream patch to avoid multiple instances of agetty on each console.
-- Antonio Terceiro Sun, 31 Jan 2016 18:22:40 -0200
lxc (1:1.0.8-1) unstable; urgency=medium
* New upstream release
- Includes fixes for CVE-2015-1335 (Closes: #800471)
- Patches dropped for being already applied upstream:
- CVE-2015-1331.patch
- CVE-2015-1334.patch
- lxc-clone-rsync-hardlinks.patch
- lxc-clone-rsync-capabilities.patch
- big-big-login-delays-in-CentOS-7-systemd.patch
- lxc-debian-skip-security-updates-for-unstable-sid.patch
- lxc-debian-support-stretch-Debian-9-images.patch
- CVE-2015-1335.patch
- Renumbered patches
- Add cgmanager do Recommends:. Without it, lxc will always print a
warning, which seems to be harmless but for example will break
autopkgtest because of the unexpected output to stderr.
* debian/watch: added
* debian/upstream/signing-key.asc: added upstream signing key.
-- Antonio Terceiro Tue, 24 Nov 2015 19:10:28 -0200
lxc (1:1.0.7-12) unstable; urgency=high
* Added 0025-CVE-2015-1335.patch from the final version of the fix for
CVE_2015-1335 from the Ubuntu package (Closes: #800471)
-- Antonio Terceiro Fri, 13 Nov 2015 08:37:41 -0200
lxc (1:1.0.7-11) unstable; urgency=medium
* New maintainer (myself)
- Thanks Daniel Baumann for his previous efforts in maintaing lxc
* Added patches (all already applied upstream):
- 0019-big-big-login-delays-in-CentOS-7-systemd.patch
- 0020-Centos7-systemd.patch
- 0022-lxc-debian-skip-security-updates-for-unstable-sid.patch
- 0023-lxc-debian-support-stretch-Debian-9-images.patch
- 0024-lxc-debian-allow-not-including-contrib-non-free.patch
-- Antonio Terceiro Sun, 08 Nov 2015 10:52:37 -0200
lxc (1:1.0.7-10) unstable; urgency=low
* Adding build-depends to dh-python.
-- Daniel Baumann Tue, 18 Aug 2015 14:12:31 +0200
lxc (1:1.0.7-9) unstable; urgency=low
* Adjusting breaks (Closes: #795799).
* Correcting email address in previous changelog entry.
-- Daniel Baumann Mon, 17 Aug 2015 06:42:20 +0200
lxc (1:1.0.7-8) unstable; urgency=low
* Adding patch from upstream to preserve hardlinks in lxc-clone.
* Adding patch from upstream to preserve capabilities in lxc-clone
(Closes: #795422).
-- Daniel Baumann Sun, 16 Aug 2015 13:46:24 +0200
lxc (1:1.0.7-7) unstable; urgency=low
* Moving shared library to dedicated package for future upload of lxd
(#768073).
* Re-adding lxc-dev which is now allowed again having the shared library
split out (Closes: #774085, #793202).
-- Daniel Baumann Wed, 12 Aug 2015 18:03:23 +0200
lxc (1:1.0.7-6) unstable; urgency=low
* Using misc:Pre-depends variable instead of hardcoding multiarch-
support.
* Moving bash-completion integration from /etc/bash-completion.d to
/usr/share/bash-completion/completions.
* Dropping obsolete syslog target from systemd service file.
* Adding patch from upstream to fix errors in lxc-debian if dbus is not
installed (Closes: #794207).
* Updating lintian overrides.
-- Daniel Baumann Wed, 12 Aug 2015 17:25:44 +0200
lxc (1:1.0.7-5) unstable; urgency=low
* Updating homepage field.
* Updating debian copyright string.
* Dropping conditionals for lua-alt-getopt, not needed anymore.
* Dropping enforcing of xz compression, not needed anymore.
* Dropping vcs fields in control for the time being.
-- Daniel Baumann Wed, 12 Aug 2015 11:09:50 +0200
lxc (1:1.0.7-4) unstable; urgency=high
* Adding backported patch from upstream to prevent an unprivileged user
to use LXC to create arbitrary file on the filesystem [CVE-2015-1331]
(Closes: #793298).
* Adding backported patch from upstream to prevent an user to use LXC
to over-mount /proc which can be used to unconfined code execution
[CVE-2015-1334] (Closes: #793298).
-- Daniel Baumann Wed, 22 Jul 2015 18:33:48 +0200
lxc (1:1.0.7-3) unstable; urgency=low
* Building with cgmanager (Closes: #773421).
-- Daniel Baumann Tue, 28 Apr 2015 22:01:41 +0200
lxc (1:1.0.7-2) unstable; urgency=low
* Dropping pre-jessie upgrade handling.
* Dropping pre-jessie conflicts/replaces.
-- Daniel Baumann Sat, 25 Apr 2015 08:10:48 +0200
lxc (1:1.0.7-1) experimental; urgency=low
* Merging upstream version 1.0.7.
* Removing apparmor.patch, not needed anymore.
* Removing lxc-create-manpage.patch, included upstream.
* Removing lxc-debian-systemd.patch, included upstream.
* Removing lxc-debian-init.patch, included upstream.
* Renumbering patches.
-- Daniel Baumann Sat, 06 Dec 2014 13:11:57 +0100
lxc (1:1.0.6-5) unstable; urgency=low
* Mounting /sys read-only in lxc-debian to prevent (one way of) escaping
containers (Closes: #770901).
* Adding patch from lxc 1.0.7 to make lxc-debian work with systemd
(Closes: #766216).
* Adding patch from lxc 1.0.7 to make lxc-debian handle switch of
initsystem better.
-- Daniel Baumann Sat, 06 Dec 2014 13:00:36 +0100
lxc (1:1.0.6-4) unstable; urgency=low
* Marking -t option in lxc-create manpage as required (Closes: #768778).
-- Daniel Baumann Tue, 11 Nov 2014 19:57:58 +0100
lxc (1:1.0.6-3) unstable; urgency=low
* Preserving setuid on lxc-user-nic (Closes: #764815).
-- Daniel Baumann Mon, 13 Oct 2014 20:44:15 +0200
lxc (1:1.0.6-2) unstable; urgency=low
* Correcting automatic lua:Suggests generation.
* Adding openssl to recommends since upstreams lxc-debian template
uses openssl for mac generation.
-- Daniel Baumann Tue, 07 Oct 2014 09:42:36 +0200
lxc (1:1.0.6-1) unstable; urgency=low
* Merging upstream version 1.0.6.
* Refreshing sysvinit-lsb-functions.patch.
* Updating to standards version 3.9.6.
* Setting options for systemd in debian.common.conf (Closes: #761196,
#761197).
-- Daniel Baumann Mon, 29 Sep 2014 12:04:40 +0200
lxc (1:1.0.5-3) unstable; urgency=low
* Dropping fixes for prefix in systemd unit file, not needed anymore.
* Moving debootstrap to recommends.
* Moving lua to suggests.
* Adding lua suggests for non-debian system.
* Showing warning when lxc is used on systemd with cgroups mounted in
/etc/fstab (Closes: #760357).
-- Daniel Baumann Thu, 04 Sep 2014 04:30:47 +0200
lxc (1:1.0.5-2) unstable; urgency=low
* Using and build-depending on dh-systemd (Closes: #758628).
* Rewording changelog entry about merging upstream version 1.0.5.
* Marking removal of lxc-top due to missing lua-alt-getopt in rules as
debian only.
* Dropping special handling of lxc-debian on progress-linux.
* Renaming debian-config.patch to lxc-debian-fuse.patch.
* Renaming lxc-sysvinit.patch to sysvinit-directory.patch.
* Renaming lsb-init-headers.patch to sysvinit-lsb-headers.patch.
* Renaming lsb-init-functions.patch to sysvinit-lsb-functions.patch.
* Renaming lxc-init-lock.patch to sysvinit-lsb-lock.patch.
* Renaming lxc-sigint.patch to lxc-attach-sigint.patch.
* Adding references to upstreams bug tracker in all patches.
* Adding patch from Ondřej Surý to change
PermitRootLogin yes to PermitRootLogin without-password in sshd_config
(Closes: #758647).
* Adding patch to set random root password in lxc-debian (Closes:
#758643).
* Removing /etc/default/lxc for upgrades of wheezy to jessie (Closes:
#758800).
-- Daniel Baumann Thu, 21 Aug 2014 15:54:58 +0200
lxc (1:1.0.5-1) unstable; urgency=low
* Due to 'popular demand', dropping Debian custom additions and shipping
an (almost) vanilla lxc package in Debian from now on.
* Removing Jonas from uploaders, thanks for your past support.
* Dropping lxc-dev, according to ftp-master this is not acceptable
anymore without having split out library package.
* Merging upstream version 1.0.5 (Closes: #757326).
* Refreshing lsb-init-functions.patch.
* Refreshing debian-config.patch.
* Adding debootstrap to suggests.
-- Daniel Baumann Sun, 10 Aug 2014 12:55:27 +0200
* Last Uploader: Stéphane Graber
Debian changes newer than ubuntu version:
lxcfs (3.0.3-2) unstable; urgency=medium
* Add a call to dpkg-maintscript-helper rm_conffile to handle properly the
removal of /etc/init/lxcfs.conf (Closes: #914082)
-- Pierre-Elliott Bécue Sun, 09 Dec 2018 22:06:41 +0100
lxcfs (3.0.3-1) unstable; urgency=medium
* New upstream release: 3.0.3
* d/changelog: Add myself to uploaders
* Release to unstable
-- Pierre-Elliott Bécue Tue, 04 Dec 2018 08:17:32 +0100
* Last Uploader: Dimitri John Ledkov
Debian changes newer than ubuntu version:
nagios-nrpe (3.2.1-2) unstable; urgency=medium
* Bump Standards-Version to 4.1.5, no changes.
* Update Vcs-* URLs for Salsa.
* Drop dh-systemd build dependency, use debhelper (>= 9.20160709) instead.
* Strip trailing whitespace from changelog file.
-- Bas Couwenberg Fri, 20 Jul 2018 21:04:36 +0200
* Last Uploader: Karl Stenerud (sponsored by Christian Ehrhardt )
Debian changes newer than ubuntu version:
nspr (2:4.21-1) unstable; urgency=medium
* New upstream release.
-- Mike Hommey Wed, 22 May 2019 09:21:06 +0900
* Last Uploader: Marc Deslauriers
Debian changes newer than ubuntu version:
nss (2:3.44+really3.42.1-2) unstable; urgency=medium
* debian/rules: Fix version exposed in nss-config and nss.pc.
-- Mike Hommey Wed, 05 Jun 2019 06:36:00 +0900
nss (2:3.44+really3.42.1-1) unstable; urgency=medium
* Reverse to 3.42.1. Building against 3.44 induces some behavior
differences when running against older versions, which could normally
be solved with updates to the symbols file, but since 3.44 is not meant
to ship in Buster, avoid disruption for nss reverse dependencies until
Buster is released by going back to previous version.
-- Mike Hommey Sun, 02 Jun 2019 12:42:20 +0900
nss (2:3.44-1) unstable; urgency=medium
* New upstream release.
* debian/libnss3.symbols: Add NSS_3_43 and NSS_3_44 symbol versions.
-- Mike Hommey Sat, 01 Jun 2019 11:12:17 +0900
nss (2:3.42.1-1) unstable; urgency=medium
* New upstream release.
- Fixes CVE-2018-18508. Closes: #921614.
-- Mike Hommey Wed, 13 Feb 2019 13:19:39 +0900
* Last Uploader: Gianfranco Costamagna
Debian changes newer than ubuntu version:
pacemaker (2.0.1-5) unstable; urgency=medium
* [17ae230] Backport three more patches from upstream fixing memory safety
bugs.
Clearing up fallout from the preceding security fixes.
Thanks to Ken Gaillot
-- Ferenc Wágner Sun, 02 Jun 2019 14:01:06 +0200
* Last Uploader: Mauricio Faria de Oliveira (sponsored by Eric Desrochers)
Debian changes newer than ubuntu version:
partman-iscsi (61) unstable; urgency=medium
* Team upload
[ Updated translations ]
* Ukrainian (uk.po) by Anton Gladky
-- Holger Wansing Thu, 28 Mar 2019 22:09:37 +0100
partman-iscsi (60) unstable; urgency=medium
* Team upload
[ Updated translations ]
* Arabic (ar.po) by Yaron Shahrabani
* Hebrew (he.po) by Yaron Shahrabani
* Vietnamese (vi.po) by Trần Ngọc Quân
-- Holger Wansing Sun, 03 Mar 2019 13:12:47 +0100
partman-iscsi (59) unstable; urgency=medium
* Team upload
* Switch copyright URL to https, to fix lintian tag.
[ Updated translations ]
* Arabic (ar.po) by ButterflyOfFire
* Gujarati (gu.po) by Kartik Mistry
-- Holger Wansing Sun, 10 Feb 2019 12:12:51 +0100
partman-iscsi (58) unstable; urgency=medium
* Team upload
[ Updated translations ]
* Arabic (ar.po) by ButterflyOfFire
* Asturian (ast.po) by Xuacu Saturio
* Icelandic (is.po) by Sveinn í Felli
* Latvian (lv.po) by Tranzistors
-- Holger Wansing Mon, 29 Oct 2018 23:31:05 +0100
partman-iscsi (57) unstable; urgency=medium
* Team upload
[ Updated translations ]
* Finnish (fi.po) by Arto Keiski
* Hindi (hi.po) by Himanshu Awasthi
-- Holger Wansing Thu, 27 Sep 2018 20:52:05 +0200
partman-iscsi (56) unstable; urgency=medium
* Team upload
[ Cyril Brulebois ]
* Update Vcs-{Browser,Git} to point to salsa (alioth's replacement).
[ Updated translations ]
* Finnish (fi.po) by Juhani Numminen
* Hebrew (he.po) by Yaron Shahrabani
-- Holger Wansing Sun, 12 Aug 2018 19:33:09 +0200
partman-iscsi (55) unstable; urgency=medium
[ Updated translations ]
* Welsh (cy.po) by Huw Waters
* Hebrew (he.po) by Yaron Shahrabani
* Indonesian (id.po) by Andika Triwidada
-- Christian Perrier Sat, 07 Apr 2018 07:28:11 +0200
partman-iscsi (54) unstable; urgency=medium
[ Updated translations ]
* Hebrew (he.po) by Yaron Shahrabani
* Indonesian (id.po) by Al Qalit
* Tajik (tg.po) by Victor Ibragimov
-- Christian Perrier Mon, 19 Feb 2018 08:50:02 +0100
partman-iscsi (53) unstable; urgency=medium
[ Updated translations ]
* Norwegian Nynorsk (nn.po) by Petter Reinholdtsen
* Tajik (tg.po) by Victor Ibragimov
-- Christian Perrier Wed, 24 Jan 2018 07:52:48 +0100
partman-iscsi (52) unstable; urgency=medium
[ Updated translations ]
* Icelandic (is.po) by Sveinn í Felli
* Bokmål, Norwegian (nb.po) by Alexander Jansen
* Panjabi (pa.po) by Aman ALam
* Serbian (sr.po) by Filipovic Dragan
-- Christian Perrier Sun, 14 Jan 2018 10:08:50 +0100
partman-iscsi (51) unstable; urgency=medium
[ Updated translations ]
* Esperanto (eo.po) by Felipe Castro
* Nepali (ne.po) by Jeewal Kunwar
* Simplified Chinese (zh_CN.po) by Boyuan Yang
-- Christian Perrier Mon, 25 Dec 2017 18:08:22 +0100
partman-iscsi (50) unstable; urgency=medium
[ Updated translations ]
* Hungarian (hu.po) by Dr. Nagy Elemér Károly
* Lithuanian (lt.po) by Rimas Kudelis
* Swedish (sv.po) by Anders Jonsson
-- Christian Perrier Sun, 03 Dec 2017 16:19:52 +0100
partman-iscsi (49) unstable; urgency=medium
[ Updated translations ]
* Greek (el.po) by Sotirios Vrachas
* Estonian (et.po) by Kristjan Räts
* Norwegian Nynorsk (nn.po) by Allan Nordhøy
* Swedish (sv.po) by Anders Jonsson
-- Christian Perrier Sun, 26 Nov 2017 07:54:07 +0100
partman-iscsi (48) unstable; urgency=medium
[ Updated translations ]
* Panjabi (pa.po) by A S Alam
-- Christian Perrier Tue, 31 Oct 2017 09:55:54 +0100
partman-iscsi (47) unstable; urgency=medium
[ Updated translations ]
* Latvian (lv.po) by Rūdolfs Mazurs
-- Christian Perrier Wed, 18 Oct 2017 09:06:00 +0200
partman-iscsi (46) unstable; urgency=medium
[ Updated translations ]
* Greek (el.po) by Sotirios Vrachas
* Hebrew (he.po) by Lior Kaplan
* Albanian (sq.po) by Redon Skikuli
-- Christian Perrier Mon, 18 Sep 2017 21:22:28 +0200
partman-iscsi (45) unstable; urgency=medium
[ Updated translations ]
* Traditional Chinese (zh_TW.po) by Yao Wei (魏銘廷)
-- Christian Perrier Thu, 29 Jun 2017 06:55:50 +0200
partman-iscsi (44) unstable; urgency=medium
[ Updated translations ]
* Serbian (sr.po) by Dragan Filipović
-- Christian Perrier Wed, 08 Jun 2016 19:00:17 +0200
partman-iscsi (43) unstable; urgency=medium
[ Updated translations ]
* Serbian (sr.po) by Dragan Filipović
-- Christian Perrier Mon, 25 Apr 2016 06:59:49 +0200
partman-iscsi (42) unstable; urgency=medium
[ Colin Watson ]
* Use HTTPS for Vcs-* URLs, and link to cgit rather than gitweb.
-- Christian Perrier Sun, 14 Feb 2016 08:08:47 +0100
partman-iscsi (41) unstable; urgency=medium
[ Updated translations ]
* Swedish (sv.po) by Martin Bagge / brother
-- Christian Perrier Wed, 27 Jan 2016 16:09:32 +0100
* Last Uploader: Corey Bryant
Debian changes newer than ubuntu version:
python-automaton (1.15.0-1) unstable; urgency=medium
[ Ondřej Nový ]
* d/control: Use team+openstack@tracker.debian.org as maintainer
[ Thomas Goirand ]
* New upstream release.
* Fixed (build-)depends for this release.
* Using Python 3 when building the sphinx doc.
-- Thomas Goirand Tue, 04 Sep 2018 00:10:49 +0200
python-automaton (1.14.0-2) unstable; urgency=medium
[ Ondřej Nový ]
* d/control: Fix wrong Vcs-*
[ Thomas Goirand ]
* Uploading to unstable.
-- Thomas Goirand Sun, 25 Feb 2018 22:48:47 +0000
python-automaton (1.14.0-1) experimental; urgency=medium
[ Ondřej Nový ]
* Bumped debhelper compat version to 10
[ Thomas Goirand ]
* New upstream release.
* Points VCS URLs to Salsa.
* Ran wrap-and-sort -a.
* Updating maintainer field.
* Standards-Version is now 4.1.3.
* Fixed (build-)depends for this release.
* Using pkgos-dh_auto_{test,install}.
-- Thomas Goirand Thu, 15 Feb 2018 09:53:25 +0000
* Last Uploader: Corey Bryant
Debian changes newer than ubuntu version:
python-ceilometerclient (2.9.0-2) unstable; urgency=medium
* Uploading to unstable.
-- Thomas Goirand Wed, 01 Nov 2017 23:46:43 +0000
python-ceilometerclient (2.9.0-1) experimental; urgency=medium
[ Ondřej Nový ]
* Standards-Version is 3.9.8 now (no change)
* Change directory to $ADTTMP before running Debian tests
* d/copyright: Changed source URL to https protocol
[ Daniel Baumann ]
* Updating vcs fields.
* Updating copyright format url.
* Running wrap-and-sort -bast.
* Updating maintainer field.
* Updating standards version to 4.0.0.
* Removing gbp.conf, not used anymore or should be specified in the
developers dotfiles.
* Correcting permissions in debian packaging files.
* Updating standards version to 4.0.1.
* Deprecating priority extra as per policy 4.0.1.
* Updating standards version to 4.1.0.
[ Thomas Goirand ]
* New upstream release.
* Fixed (build-)depends for this release.
* Using pkgos-dh_auto_install.
* Remove test patch.
* Removed XS-Testsuite: field.
-- Thomas Goirand Wed, 04 Oct 2017 19:31:50 +0200
* Last Uploader: Corey Bryant
Debian changes newer than ubuntu version:
python-cotyledon (1.6.8-3) unstable; urgency=medium
[ Ondřej Nový ]
* d/control: Set Vcs-* to salsa.debian.org
* d/control: Use team+openstack@tracker.debian.org as maintainer
[ Thomas Goirand ]
* Run tests using PYTHONPATH=$(CURDIR) (Closes: #898421).
-- Thomas Goirand Thu, 10 Jan 2019 10:10:31 +0100
* Last Uploader: Matthias Klose
Debian changes newer than ubuntu version:
python-cryptography (2.6.1-3) unstable; urgency=medium
* Fix autopkgtest dependencies.
-- Tristan Seligmann Sat, 09 Mar 2019 13:25:47 +0200
python-cryptography (2.6.1-2) unstable; urgency=medium
[ Ondřej Nový ]
* Convert git repository from git-dpm to gbp layout
* Use 'python3 -m sphinx' instead of sphinx-build for building docs
[ Tristan Seligmann ]
* Fix merge.
-- Tristan Seligmann Fri, 08 Mar 2019 20:56:58 +0200
python-cryptography (2.6.1-1) unstable; urgency=medium
* New upstream release.
-- Tristan Seligmann Fri, 08 Mar 2019 13:33:42 +0200
* Last Uploader: Corey Bryant
Debian changes newer than ubuntu version:
python-cursive (0.2.1-2) unstable; urgency=medium
* Uploading to unstable.
-- Thomas Goirand Sun, 25 Feb 2018 22:56:29 +0000
python-cursive (0.2.1-1) experimental; urgency=medium
[ Ondřej Nový ]
* d/control: Set Vcs-* to salsa.debian.org
[ Thomas Goirand ]
* New upstream release.
* Fixed (build-)depends for this release.
-- Thomas Goirand Thu, 15 Feb 2018 07:30:00 +0000
* Last Uploader: Corey Bryant
Debian changes newer than ubuntu version:
python-microversion-parse (0.2.1-2) unstable; urgency=medium
* Uploading to unstable.
-- Ondřej Nový Wed, 05 Sep 2018 10:04:48 +0200
python-microversion-parse (0.2.1-1) experimental; urgency=medium
* New upstream release
* Change build deps for new upstream release
-- Ondřej Nový Tue, 21 Aug 2018 14:19:33 +0200
* Last Uploader: Corey Bryant
Debian changes newer than ubuntu version:
python-mistralclient (1:3.7.0-2) unstable; urgency=medium
[ Ondřej Nový ]
* Running wrap-and-sort -bast
[ Thomas Goirand ]
* Uploading to unstable.
* Blacklist HTTPClientTest.test_get_request_options_with_profile_enabled() in
Python 3.x.
-- Thomas Goirand Wed, 05 Sep 2018 00:08:49 +0200
python-mistralclient (1:3.7.0-1) experimental; urgency=medium
[ Ondřej Nový ]
* d/control: Use team+openstack@tracker.debian.org as maintainer
[ Thomas Goirand ]
* New upstream release.
* Fixed (build-)depends for this release.
* Building doc with Python 3.
* Using pkgos-dh_auto_test.
-- Thomas Goirand Wed, 22 Aug 2018 11:12:32 +0200
* Last Uploader: Corey Bryant
Debian changes newer than ubuntu version:
python-os-client-config (1.31.2-2) unstable; urgency=medium
* Uploading to unstable.
-- Thomas Goirand Tue, 04 Sep 2018 22:28:31 +0200
python-os-client-config (1.31.2-1) experimental; urgency=medium
[ Ondřej Nový ]
* d/control: Set Vcs-* to salsa.debian.org
* d/control: Use team+openstack@tracker.debian.org as maintainer
[ Thomas Goirand ]
* New upstream release.
* Fixed (build-)depends for this release.
* Using Python 3 for building sphinx doc.
* Using pkgos-dh_auto_test.
-- Thomas Goirand Mon, 20 Aug 2018 18:46:00 +0200
* Last Uploader: Dimitri John Ledkov
Debian changes newer than ubuntu version:
python-pyvmomi (6.7.1-2) unstable; urgency=medium
* Upload to unstable
-- Mathieu Parent Sat, 17 Nov 2018 17:33:30 +0100
python-pyvmomi (6.7.1-1) experimental; urgency=medium
[ Ondřej Nový ]
* d/control: Set Vcs-* to salsa.debian.org
* d/control: Add trailing tilde to min version depend to allow
backports
* d/control: Use team+openstack@tracker.debian.org as maintainer
* d/control: Fix wrong Vcs-*
[ Mathieu Parent ]
* Upload to experimental
* New upstream version (Closes: #860285)
- Removing data_files.patch, merged upstream
- Add patch to unpin vcrpy out of =1.12.0 and remove SSL tunnel tests
* Package takeover:
- Maintainer: Debian OpenStack -> Debian Python Modules Team
- Uploaders: Remove Julien Danjou, Thomas Goirand, Mehdi Abaakouk and Joshua
Kwan
- Uploaders: Add myself
* Update d/watch to github as doc is missing on pypi
* Standards-Version: 4.2.1
* Enable python3 tests and required Build-Depends
* Debhelper compat: 9 -> 11
* Add NOTICE.txt in python{,3}-pyvmomi.docs
-- Mathieu Parent Fri, 16 Nov 2018 06:22:46 +0100
* Last Uploader: Matthias Klose
Debian changes newer than ubuntu version:
python-scrypt (0.8.0-0.1) unstable; urgency=medium
* Non-maintainer upload.
* New upstream release (Closes: #877732).
* Added Python 3 support (Closes: #742225).
* Build-depends: on python{3,}-setuptools.
-- Thomas Goirand Thu, 05 Oct 2017 17:07:52 +0200
* Last Uploader: Andres Rodriguez
Debian changes newer than ubuntu version:
python-seamicroclient (0.4.0-3) unstable; urgency=medium
[ Thomas Goirand ]
* Uploading to unstable.
* Added missing build-depends-indep: subunit.
* Removed argparse from requirements.txt and lift pbr upper bound.
* Added missing python-requests build-dep.
* Blacklist a number of tests:
- tests.test_http.ClientTest.test_get
- test_http.ClientTest.test_post
- v2.test_fantrays.FanTraysTest.test_list_fantrays
- v2.test_scards.ScardsTest.test_list_scards
- v2.test_servers.ServersTest.test_server_set_tagged_vlan
- v2.test_servers.ServersTest.test_server_set_untagged_vlan
- v2.test_servers.ServersTest.test_server_unset_tagged_vlan
- v2.test_servers.ServersTest.test_server_unset_untagged_vlan
- v2.test_system.Systemstest.test_list_system
* Using OpenStack's Gerrit as VCS URLs.
[ Ondřej Nový ]
* Fixed VCS URLs (https).
* d/rules: Changed UPSTREAM_GIT protocol to https
* d/s/options: extend-diff-ignore of .gitreview
* d/control: Use correct branch in Vcs-* fields
-- Thomas Goirand Thu, 10 Mar 2016 10:31:04 +0100
* Last Uploader: Christian Ehrhardt
Debian changes newer than ubuntu version:
qemu (1:3.1+dfsg-8) unstable; urgency=high
* sun4u-add-power_mem_read-routine-CVE-2019-5008.patch
fixes a null-pointer dereference in sparc/sun4u emulated hw
Closes: #927439, CVE-2019-5008
* enable-md-no.patch & enable-md-clear.patch
mitigation for MDS (Microarchitectural Data Sampling) issues
Closes: #929067,
CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
* qxl-check-release-info-object-CVE-2019-12155.patch
fixes null-pointer deref in qxl cleanup code
Closes: #929353, CVE-2019-12155
* aarch32-exception-return-to-switch-from-hyp-mon.patch
fixes booting U-Boot in UEFI mode on aarch32
Closes: #927763
* stop qemu-system-common pre-depending on adduser
Closes: #929261
-- Michael Tokarev Mon, 27 May 2019 07:49:25 +0300
qemu (1:3.1+dfsg-7) unstable; urgency=high
[ Michael Tokarev ]
* device_tree-don-t-use-load_image-CVE-2018-20815.patch
fix heap buffer overflow while loading device tree blob
(Closes: CVE-2018-20815)
[ Christian Ehrhardt ]
* qemu-guest-agent: fix path of fsfreeze-hook (LP: #1820291)
- d/qemu-guest-agent.install: use correct path for fsfreeze-hook
- d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for
mv_conffile since the new path is a directory in the old package
version which can not be handled by mv_conffile.
-- Michael Tokarev Wed, 27 Mar 2019 14:24:06 +0300
qemu (1:3.1+dfsg-6) unstable; urgency=high
* slirp-check-sscanf-result-when-emulating-ident-CVE-2019-9824.patch
fix information leakage in slirp code (Closes: CVE-2019-9824)
-- Michael Tokarev Mon, 18 Mar 2019 14:41:51 +0300
qemu (1:3.1+dfsg-5) unstable; urgency=high
* i2c-ddc-fix-oob-read-CVE-2019-3812.patch fixes
OOB read in hw/i2c/i2c-ddc.c which allows for memory disclosure.
Closes: #922635, CVE-2019-3812
-- Michael Tokarev Mon, 11 Mar 2019 14:30:44 +0300
qemu (1:3.1+dfsg-4) unstable; urgency=medium
* mention closing of #855043 by 3.1+dfsg-3
* disable pvrdma for now, it is a bit too buggy.
Besides several security holes there are many other bugs there as well,
and the amount of patches applied upstream after 3.1 release is large
(Closes, or really makes unimportant again: CVE-2018-20123 CVE-2018-20124
CVE-2018-20125 CVE-2018-20126 CVE-2018-20191 CVE-2018-20216)
-- Michael Tokarev Mon, 11 Feb 2019 14:00:09 +0300
qemu (1:3.1+dfsg-3) unstable; urgency=medium
[ Michael Tokarev ]
* mention #696289 closed by 2.10
* move ovmf to recommends on debian and update aarch ovmf refs
(Closes: #889885, #855043)
* remove /dev/kvm permission handling (moved to systemd 239-6)
(Closes: #892945)
* build qemu-palcode using alpha cross-compiler
(Closes: #913103)
* fix path in qemu-guest-agent.service (#918378), fixs Bind[s]To
(Closes: #918378
* use int for sparc64 timeval.tv_usec
(Closes: #920032)
* build-depend on libglusterfs-dev not glusterfs-common
(Closes: #919668, #881527)
* add breaks: qemu-system-data to qemu-system-common,
to close #916279 completely (all this can be removed after buster)
(Closes: #916279)
* scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6501.patch
(Closes: #920222, CVE-2019-6501)
* slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778.patch
(Closes: #921525)
* pvrdma-release-device-resources-on-error-CVE-2018-20123.patch
(Closes: #916442, CVE-2018-20123)
* enable rdma and pvrdma, build-depend on
librdmacm-dev, libibverbs-dev, libibumad-dev
* sync debian/qemu-user-static.1 and debian/qemu-user.1 generate the latter
from the former (finally Closes: #901407)
* move ivshmem-server & ivshmem-client from qemu-utils to qemu-system-common
(the binaries are also specific to qemu-system, not useable alone)
* move qemu-pr-helper from qemu-utils to qemu-system-common -
this is an internal qemu-system helper, with possible socket activation,
not intended for use outside of qemu-system
[ Christian Ehrhardt ]
* qemu-guest-agent: freeze-hook to ignore dpkg files (packaging changes)
-- Michael Tokarev Wed, 06 Feb 2019 12:23:01 +0300
* Last Uploader: James Page
Debian changes newer than ubuntu version:
rabbitmq-server (3.7.8-5) unstable; urgency=medium
[ Ondřej Nový ]
* Removing gbp.conf, not used anymore or should be specified in the
developers dotfiles.
[ Thomas Goirand ]
* Also package rabbitmq-diagnostics.
-- Thomas Goirand Mon, 17 Jun 2019 22:59:25 +0200
* Last Uploader: Heitor Alves de Siqueira (sponsored by Eric Desrochers)
Debian changes newer than ubuntu version:
resource-agents (1:4.2.0-2) unstable; urgency=medium
* debian/rules: fix build with merged-usr (Closes: #915848)
* debian/patches: use /run for ldirectord pid file
-- Valentin Vidic Sun, 09 Dec 2018 21:04:49 +0100
* Last Uploader: Dan Streetman (sponsored by Eric Desrochers)
Debian changes newer than ubuntu version:
vlan (2.0.5) unstable; urgency=medium
* debian/network/if-pre-up.d/vlan: add missing biosdevname (Closes: #922801).
- Thanks to Dan Steetman for the patch.
-- Willem van den Akker Thu, 21 Feb 2019 08:29:59 +0100
* Last Uploader: Corey Bryant
Debian changes newer than ubuntu version:
webtest (2.0.32-1) unstable; urgency=medium
[ Ondřej Nový ]
* d/control: Set Vcs-* to salsa.debian.org
* d/watch: Use https protocol
* d/control: Remove ancient X-Python-Version field
* Convert git repository from git-dpm to gbp layout
[ Piotr Ożarowski ]
* New upstream release
* Add patch to use default Sphinx theme (pylons_sphinx_theme is not packaged)
* Standards-Version bumped to 4.3.0 (no changes needed)
-- Piotr Ożarowski Sat, 29 Dec 2018 22:14:13 +0100
* Last Uploader: Matthias Klose
Debian changes newer than ubuntu version:
xen (4.11.1+92-g6c33308a8d-2) unstable; urgency=high
* Mention MDS and the need for updated microcode and disabling
hyper-threading in NEWS.
* Mention the ucode=scan option in the grub.d/xen documentation.
-- Hans van Kranenburg Sat, 22 Jun 2019 11:15:08 +0200
xen (4.11.1+92-g6c33308a8d-1) unstable; urgency=high
* Update to new upstream version 4.11.1+92-g6c33308a8d, which also
contains the following security fixes:
- Fix: grant table transfer issues on large hosts
XSA-284 (no CVE yet) (Closes: #929991)
- Fix: race with pass-through device hotplug
XSA-285 (no CVE yet) (Closes: #929998)
- Fix: x86: steal_page violates page_struct access discipline
XSA-287 (no CVE yet) (Closes: #930001)
- Fix: x86: Inconsistent PV IOMMU discipline
XSA-288 (no CVE yet) (Closes: #929994)
- Fix: missing preemption in x86 PV page table unvalidation
XSA-290 (no CVE yet) (Closes: #929996)
- Fix: x86/PV: page type reference counting issue with failed IOMMU update
XSA-291 (no CVE yet) (Closes: #929995)
- Fix: x86: insufficient TLB flushing when using PCID
XSA-292 (no CVE yet) (Closes: #929993)
- Fix: x86: PV kernel context switch corruption
XSA-293 (no CVE yet) (Closes: #929999)
- Fix: x86 shadow: Insufficient TLB flushing when using PCID
XSA-294 (no CVE yet) (Closes: #929992)
- Fix: Microarchitectural Data Sampling speculative side channel
XSA-297 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091
(Closes: #929129)
* Note that the fixes for XSA-297 will only have effect when also loading
updated cpu microcode with MD_CLEAR functionality. When using the
intel-microcode package to include microcode in the dom0 initrd, it has to
be loaded by Xen. Please refer to the hypervisor command line
documentation about the 'ucode=scan' option.
* Fixes for XSA-295 "Unlimited Arm Atomics Operations" will be added in the
next upload.
-- Hans van Kranenburg Tue, 18 Jun 2019 09:50:19 +0200
xen (4.11.1+26-g87f51bf366-3) unstable; urgency=medium
Minor useability improvements and fixes:
* bash-completion: also complete 'xen' [Hans van Kranenburg]
* /etc/default/xen: Handle with ucf again, like in stretch.
Closes:#923401. [Ian Jackson]
Build fix:
* Fix FTBFS when building only arch-indep binaries (eg
dpkg-buildpackage -A). Was due to dh-exec bug wrt not-installed.
Closes:#923013. [Hans van Kranenburg; report from Santiago Vila]
Documentation fix:
* grub.d/xen.cfg: dom0_mem max IS needed [Hans van Kranenburg]
-- Ian Jackson Thu, 28 Feb 2019 16:37:04 +0000
xen (4.11.1+26-g87f51bf366-2) unstable; urgency=medium
* Packaging change: override spurious lintian warning about
fsimage.so rpath.
-- Ian Jackson Fri, 22 Feb 2019 16:07:37 +0000
xen (4.11.1+26-g87f51bf366-1) unstable; urgency=medium
Significant changes:
* Update to new upstream version 4.11.1+26-g87f51bf366.
(This is from the upstream stable branch.) [Ian Jackson]
* Build and use oxenstored rather than the C xenstored by default.
[Ian Jackson and Hans van Kranenburg]
* xen init script: rewrite and reorganise xenstored start logic.
[Hans van Kranenburg]
Documentation etc. improvements:
* Refresh hypervisor and dom0 command line options documentation.
(Closes: #919758) [Hans van Kranenburg; report from Gergely]
* Ship /etc/default/xen, a striped and tidied version of upstream
sysconfig.xencommons.in. [Hans van Kranenburg]
Significant bugfixes:
* xen init script: Do nothing if running for wrong Xen package.
Avoids mystery loss of xenconsoled. Closes:#851654.
[Ian Jackson; report from Wolodja Wentland]
* Make pygrub work again (by fixing python module and shared library
paths). Closes:#912381. [Ian Jackson; earlier, Bastian Blank;
report from Dimitar Angelov, also Torben Schou Jensen]
Packaging bugfixes:
* Have xen-utils-common suggest xen-doc, because it contains a broken
symlink to it. Closes:#911046.
[Hans van Kranenburg; report from Andreas Beckmann]
* Have xenstore-utils declare Breaks on xen-utils-common to make
piuparts happy. Closes:#911045.
[Hans van Kranenburg, report from Andreas Beckmann]
* hotplug-common: Strip arch-specific libdir from config file
Closes:#862236. [Ian Jackson; report from Stefan Bühler]
* xendomains init script; Add dependency on $network.
Closes:#798510. [Francois Lesueur]
* xendomains init script; Add should-dependency on nfs-kernel-server
Closes:#826871. [Geoffrey McRae]
Packaging minor fixes and improvements [Hans van Kranenburg]:
* debian/libxenstore3.0.symbols: revert ea2334dfe0
* debian/control: add dh-python build-dep
* d/xen-utils-V...: override xen-shim-syms lintian
* debian/control: bump debhelper builddep to 10
* debian/.gitignore: ignore more debhelper snippets
* bash-completion: install completion rules for xl
* xen init script: don't fail when being run in domU
* Remove xend cruft from various init scripts etc.
Packaging minor fixes and improvements [Ian Jackson]:
* xen version/upgrade handling: Improve an error message
* xen init script: silently exit status 0 if not running under xen
* xen init script: Tidy up wrong/missing Xen version error handling
* debian/rules: Fix tiny typos
* hotplug-common: Do not adjust LD_LIBRARY_PATH
-- Ian Jackson Fri, 22 Feb 2019 15:11:45 +0000
xen (4.11.1-1) unstable; urgency=medium
* debian/control: Add Homepage, Vcs-Browser and Vcs-Git.
(Closes: #911457)
* grub.d/xen.cfg: fix default entry when using l10n (Closes: #865086)
* debian/rules: Don't exclude the actual pygrub script.
* Update to new upstream version 4.11.1, which also contains:
- Fix: insufficient TLB flushing / improper large page mappings with AMD
IOMMUs
XSA-275 CVE-2018-19961 CVE-2018-19962
- Fix: resource accounting issues in x86 IOREQ server handling
XSA-276 CVE-2018-19963
- Fix: x86: incorrect error handling for guest p2m page removals
XSA-277 CVE-2018-19964
- Fix: x86: Nested VT-x usable even when disabled
XSA-278 CVE-2018-18883
- Fix: x86: DoS from attempting to use INVPCID with a non-canonical
addresses
XSA-279 CVE-2018-19965
- Fix for XSA-240 conflicts with shadow paging
XSA-280 CVE-2018-19966
- Fix: guest use of HLE constructs may lock up host
XSA-282 CVE-2018-19967
* Update version handling patching to put the team mailing list address in
the first hypervisor log line and fix broken other substitutions.
* Disable handle_iptable hook in vif-common script. See #894013 for more
information.
-- Hans van Kranenburg Wed, 02 Jan 2019 20:59:40 +0100
xen (4.11.1~pre.20180911.5acdd26fdc+dfsg-5) unstable; urgency=medium
* debian/rules: Cope if xen-utils-common not being built
(Fixes binary-indep FTBFS.)
-- Ian Jackson Mon, 15 Oct 2018 18:07:11 +0100
xen (4.11.1~pre.20180911.5acdd26fdc+dfsg-4) unstable; urgency=medium
* Many packaging fixes to fix FTBFS on all arches other than amd64.
* xen-vbd-interface(7): Provide properly-formatted NAME section
* Add pandoc and markdown to Build-Depends - fixes missing docs.
* Revert "tools-xenstore-compatibility.diff" apropos of discussion
https://lists.xenproject.org/archives/html/xen-devel/2018-10/msg00838.html
-- Ian Jackson Mon, 15 Oct 2018 12:15:36 +0100
xen (4.11.1~pre.20180911.5acdd26fdc+dfsg-3) unstable; urgency=medium
* hypervisor package postinst: Actually install (avoids need to
run update-grub by hand).
* debian/control: Adding Section to source stanza
* debian/control: Add missing Replaces on old xen-utils-common
* debian/rules: Add a -n to a gzip rune to improve reproducibility
-- Ian Jackson Fri, 12 Oct 2018 16:55:48 +0100
xen (4.11.1~pre.20180911.5acdd26fdc+dfsg-2) unstable; urgency=medium
* Redo as an upload with binaries, because source-only uploads to NEW
are not allowed.
-- Ian Jackson Fri, 05 Oct 2018 19:38:52 +0100
xen (4.11.1~pre.20180911.5acdd26fdc+dfsg-1) unstable; urgency=medium
* Update to new upstream version 4.11.1~pre.20180911.5acdd26fdc+dfsg;
merging in 4.11.1~pre.20180911.5acdd26fdc+dfsg-1~exp1.
-- Ian Jackson Fri, 05 Oct 2018 18:39:58 +0100
xen (4.11.1~pre+1.733450b39b-1) unstable; urgency=medium
* Completely overhauled the packaging. In the source package, things
are very much simpler now with only a few hundred loc of templating
and scriptery. In the binary packages the resulting changes are:
- We now provide -dbgsym packages in the standard way
- Shared libraries with unstable ABI upstream (ie, whose
ABI changes with the Xen version) are now in
libxen-misc rather than libxen and
have more conventional-looking filenames.
- Shared libraries with a stable ABI upstream are now each in their
own package, named after the soname (ABI version), as is
conventional. The sonames and minor versions of these are
no longer mangled.
- xs.h, replaced upstream by xenstore.h, is now in
/usr/include/xenstore-compat (as shipped upstream), with
symlinks left behind.
- fsimage*.h is no longer shipped (it's namespace-grabbish).
- libxenvchan.h is in /usr/include as it is in upstream,
not buried in /usr/include/xen/io
- /etc/xen/cpupool, a not very interesting example config file,
has been moved into /usr/share/doc/.
- There is a new xen-doc package, in which the upstream HTML
documentation, and various other bits, is now provided. This
replaces the text format documentation previously provided in
xen-utils-common (but the manpages are still there).
- Utilities which use on libraries with stable ABIs upstream
are no longer subjected to the Xen version wrapper.
- Several utilities are now provided in /usr/bin which were
previously only available buried in /usr/lib/xen-:
xen-detect xenalyze xencons xencov_split xen-cpuid
(version-wrapped, where necessary).
- Likewise very many utilities and daemons in /usr/sbin:
gdbsx xen-bugtool xen-ringwatch xen-tmem-list-parse
xenmon xenpmd flask-* xen-kdd xen-diag xen-hptool
xen-hvmcrash xen-hvmctx xen-livepatch xen-lowmemd
xen-mfndump xenbaked xenconsoled xencov xenlockprof
xenstored xenwatchdogd
- xend and xm are long gone, so remove the support for the
TOOLSTACK setting in /etc/default/xen. /usr/sbin/xen just
runs xl now. Remove mentions of xend-config.sxp and all
*.sxp files. Drop the xend init script.
- There is no longer any Built-Using. This is no longer true for
seabios, which is depended on and used at runtime, rather than
being embedded into hvmloader. (The source package also previously
tried to mention ipxe-qemu in Built-Using but that's (i) dependent
upstream on CONFIG_ROMBIOS which we disable, and not a
build-dependency either.)
- The hvmloader and xen-shim binaries no longer have their .note
and .comment section(s) stripped. .note is needed for xen-shim
to work properly and to find the corresponding debug files.
And .comment is tiny and harmless AFAICT.
- Hypervisor debug map files are installed in /usr/lib/debug.
- The xl bash_completion file from upstream is installed.
- libxenvchan.h is installed.
- We install xen-*.efi in /boot.
- Sections of some packages have been rationalised.
- We install a doc-base control file.
-- Ian Jackson Wed, 03 Oct 2018 18:45:02 +0100
xen (4.11.1~pre.20180911.5acdd26fdc+dfsg-1~exp1) experimental; urgency=medium
* Update to new upstream version 4.11.1~pre.20180911.5acdd26fdc+dfsg.
* Remove stubdom/grub.patches/00cvs from the upstream source because it's
not DFSG compliant. (license-problem-gfdl-invariants)
* Override statically-linked-binary lintian error about
usr/lib/xen-4.11/boot/xen-shim
-- Hans van Kranenburg Tue, 11 Sep 2018 15:34:34 +0200
xen (4.11.1~pre+1.733450b39b-1~exp1) experimental; urgency=medium
[ Hans van Kranenburg ]
* Update to 4.11.1-pre commit 733450b39b, which also contains:
- Additional fix for: Unlimited recursion in linear pagetable de-typing
XSA-240 CVE-2017-15595 (listed as xsa240-4.8/0004)
- Fix x86 PV guests may gain access to internally used pages
XSA-248 CVE-2017-17566
- Fix broken x86 shadow mode refcount overflow check
XSA-249 CVE-2017-17563
- Fix improper x86 shadow mode refcount error handling
XSA-250 CVE-2017-17564
- Fix improper bug check in x86 log-dirty handling
XSA-251 CVE-2017-17565
- Fix: DoS via non-preemptable L3/L4 pagetable freeing
XSA-252 CVE-2018-7540
- Fix x86: memory leak with MSR emulation
XSA-253 CVE-2018-5244
- Multiple parts of fixes for...
Information leak via side effects of speculative execution
XSA-254 CVE-2017-5753 CVE-2017-5715 CVE-2017-5754
- XPTI stage 1 a.k.a. 'Meltdown band-aid', XPTI-S1 or XPTI-lite
- Branch predictor hardening for ARM CPUs
- Support compiling with indirect branch thunks (e.g. retpoline)
- Report details of speculative mitigations in boot logging
- Fix: grant table v2 -> v1 transition may crash Xen
XSA-255 CVE-2018-7541
- Fix: x86 PVH guest without LAPIC may DoS the host
XSA-256 CVE-2018-7542
- The "Comet" shim, which can be used as a mitigation for Meltdown to
shield the hypervisor against 64-bit PV guests.
- Fix: Information leak via crafted user-supplied CDROM
XSA-258 CVE-2018-10472
- Fix: x86: PV guest may crash Xen with XPTI
XSA-259 CVE-2018-10471
- Fix: x86: mishandling of debug exceptions
XSA-260 CVE-2018-8897
- Fix: x86 vHPET interrupt injection errors
XSA-261 CVE-2018-10982
- Fix: qemu may drive Xen into unbounded loop
XSA-262 CVE-2018-10981
- Fix: Speculative Store Bypass
XSA-263 CVE-2018-3639
- Fix: preemption checks bypassed in x86 PV MM handling
XSA-264 CVE-2018-12891
- Fix: x86: #DB exception safety check can be triggered by a guest
XSA-265 CVE-2018-12893
- Fix: libxl fails to honour readonly flag on HVM emulated SCSI disks
XSA-266 CVE-2018-12892
- Fix: Speculative register leakage from lazy FPU context switching
XSA-267 CVE-2018-3665
- Fix: Use of v2 grant tables may cause crash on ARM
XSA-268 CVE-2018-15469
- Fix: x86: Incorrect MSR_DEBUGCTL handling lets guests enable BTS
XSA-269 CVE-2018-15468
- Fix: oxenstored does not apply quota-maxentity
XSA-272 CVE-2018-15470
- Fix: L1 Terminal Fault speculative side channel
XSA-273 CVE-2018-3620
* Merge changes for 4.9 from the ubuntu packaging (thanks, Stefan Bader):
- Rebase patches against upstream source (line numbers etc).
- debian/rules.real:
- Add a call to build common tool headers.
- Add a call to install common tool headers.
- debian/libxen-dev.install, d/p/ubuntu-tools-libs-abiname.diff:
- Add additional modifications for new libxendevicemodel.
- debian/patches/tools-fake-xs-restrict.patch:
- Re-introduce (fake) xs_restrict call to keep libxenstore version at
3.0 for now.
- debian/libxenstore3.0.symbols: add xs_control_command
* Rebase patches against 4.10 upstream source.
* Rebase patches against 4.11 upstream source.
* Add README.source.md to document how the packaging works.
* This package builds correctly with gcc 7. (Closes: #853710)
* Fix grub config file conflict when upgrading from Stretch. (Closes: #852545)
* Init scripts: Do not kill per-domain qemu processes. (Closes: #879751)
* debian/patches: Fix "'vwprintw' is deprecated" gcc 8 compilation error
[ Mark Pryor ]
* Fix shared library build dependencies for the new xentoolcore library.
[ John Keates ]
* Enable OVMF (Closes: #858962)
-- Hans van Kranenburg Sun, 08 Jul 2018 14:30:32 +0200