Delta generated at: 2017-07-28 11:37 UTC

amavisd-new 1:2.10.1-4ubuntu1 -> 1:2.11.0-1

* Last Uploader: ChristianEhrhardt (sponsored by Robie Basak)

Debian changes newer than ubuntu version:

amavisd-new (1:2.11.0-1) unstable; urgency=medium

  * Disable Norman Virus Control by default. Closes: #832511.
  * New upstream version.
  * Update standards version to 4.0.0.
  * Add required depends on lsb-base (>= 3.0-6).
  * Don't hardcode path to deluser/delgroup in postrm.

 -- Brian May   Fri, 14 Jul 2017 12:16:01 +1000

apache2 2.4.25-3ubuntu3 -> 2.4.27-2

* Last Uploader: Nish Aravamudan

Debian changes newer than ubuntu version:

Error creating changes log. Please look manually

bind9 1:9.10.3.dfsg.P4-10.1ubuntu7 -> 1:9.10.3.dfsg.P4-12.5

* Last Uploader: Marc Deslauriers

Debian changes newer than ubuntu version:

bind9 (1:9.10.3.dfsg.P4-12.5) unstable; urgency=medium

  * Non-maintainer upload.
  * Change to fix CVE-2017-3142 and CVE-2017-3143 broke verification of TSIG
    signed TCP message sequences where not all the messages contain TSIG
    records. These may be used in AXFR and IXFR responses.
    (Closes: #868952)

 -- Salvatore Bonaccorso   Fri, 21 Jul 2017 22:28:32 +0200

bind9 (1:9.10.3.dfsg.P4-12.4) unstable; urgency=high

  * Non-maintainer upload.

  [ Yves-Alexis Perez ]
  * debian/patches:
    - debian/patches/CVE-2017-3142+CVE-2017-3143 added, fix TSIG bypasses
      CVE-2017-3142: error in TSIG authentication can permit unauthorized zone
      transfers. An attacker may be able to circumvent TSIG authentication of
      AXFR and Notify requests.
      CVE-2017-3143: error in TSIG authentication can permit unauthorized
      dynamic updates. An attacker may be able to forge a valid TSIG or SIG(0)
      signature for a dynamic update.
      (Closes: #866564)

 -- Salvatore Bonaccorso   Sun, 16 Jul 2017 22:13:21 +0200

bind9 (1:9.10.3.dfsg.P4-12.3) unstable; urgency=high

  * Non-maintainer upload.
  * Dns64 with "break-dnssec yes;" can result in a assertion failure
    (CVE-2017-3136) (Closes: #860224)
  * Some chaining (CNAME or DNAME) responses to upstream queries could trigger
    assertion failures (CVE-2017-3137) (Closes: #860225)
  * 'rndc ""' could trigger a assertion failure in named (CVE-2017-3138)
    (Closes: #860226)

 -- Salvatore Bonaccorso   Sun, 07 May 2017 15:22:46 +0200

bind9 (1:9.10.3.dfsg.P4-12.2) unstable; urgency=medium

  * Non-maintainer upload.
  * Replace 32_mips_atomic.diff with a version that uses C11 atomics. Fixes
    hangs and crashes on MIPS. (Closes: #778720)

 -- James Cowgill   Tue, 18 Apr 2017 16:42:50 +0100

bind9 (1:9.10.3.dfsg.P4-12.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Use /dev/urandom to avoid blocking in the server process.
    (closes: #854243)

 -- Bastian Blank   Fri, 17 Mar 2017 19:07:16 +0100

bind9 (1:9.10.3.dfsg.P4-12) unstable; urgency=high

  * Merge and accept the non-maintainer upload.
  * Fix regression caused by the fix for CVE-2016-8864 (closes: #855540).
  * Fix CVE-2017-3135: a malicously crafted query can cause named to crash if
    both DNS64 and RPZ are being used (closes: #855520).

 -- Michael Gilbert   Sun, 19 Feb 2017 22:39:32 +0000

bind9 (1:9.10.3.dfsg.P4-11.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Disable GOST to prevent ENGINE_by_id failed (crypto failure) in chroot.
    Patch by Marc Haber  (Closes: #820974).

 -- Arturo Borrero Gonzalez   Tue, 07 Feb 2017 10:42:00 +0100

bind9 (1:9.10.3.dfsg.P4-11) unstable; urgency=medium

  * Fix some lintian warnings.
  * Add lsb-base dependency to lwresd (closes: #848519).
  * Fix CVE-2016-2775: crash in lwresd due to a long query name
    (closes: #831796).
  * Fix CVE-2016-2776: maliciously crafted query can cause named to crash
    (closes: #839010).
  * Fix CVE-2016-8864: incorrect handling of a DNAME record can cause
    named to crash (closes: #842858).
  * Fix CVE-2016-9131: maliciously crafted response to an ANY query can
    cause named to crash (closes: #851065).
  * Fix CVE-2016-9147: query with contradictory DNSSEC information can
    cause named to crash (closes: #851063).
  * Fix CVE-2016-9444: maliciously formed DNSSEC Delegation Signer (DS)
    record can cause named to crash (closes: #851062).
  * Openssl 1.1 is not yet supported, so build with openssl 1.0 for now
    (closes: #828082).

  [ LaMont Jones ]
  * Update VCS fields in control.
  * -DDIG_SIGCHASE got dropped by the change in hardening.

  [ Stefan Bader ]
  * Use the defaults file in systemd.

 -- Michael Gilbert   Thu, 19 Jan 2017 04:03:28 +0000

bridge-utils 1.5-9ubuntu2 -> 1.5-14

* Last Uploader: Ryan Harper (sponsored by Mathieu Trudel-Lapierre)

Debian changes newer than ubuntu version:

bridge-utils (1.5-14) unstable; urgency=low

  * Fix a problem with some vlan interfaces not being created.

 -- Santiago Garcia Mantinan   Mon, 26 Jun 2017 17:48:37 +0200

bridge-utils (1.5-13) unstable; urgency=low

  * Fix a hardcoded interface name on bridge-utils.sh. Closes: #854841.

 -- Santiago Garcia Mantinan   Sat, 11 Feb 2017 00:16:45 +0100

bridge-utils (1.5-12) unstable; urgency=medium

  * Add vlan support so that old setups using vlans as ports don't break.

 -- Santiago Garcia Mantinan   Sun, 22 Jan 2017 00:23:50 +0100

bridge-utils (1.5-11) unstable; urgency=low

  * Change /etc/default/bridge-utils to enable addition of hotplugged
    interfaces.
  * Integration with the vlan package is causing problems, we have
    removed it and rely on ifupdown implementing it. Closes: #818849.

 -- Santiago Garcia Mantinan   Wed, 14 Dec 2016 23:26:05 +0100

bridge-utils (1.5-10) unstable; urgency=low

  * Fix wait when bridge is ready. Thanks Alexander. Closes: #779348.
  * Added some documentation on the README.Debian file to comment some
    config bugs. Closes: #765000, #815927.
  * Clarify pre-up commands changing an example on the man page for
    bridge-utils-interfaces. Closes: #783956.

 -- Santiago Garcia Mantinan   Thu, 10 Nov 2016 22:23:49 +0100

cifs-utils 2:6.6-5ubuntu1 -> 2:6.7-1

* Last Uploader: Dave Chiluk (sponsored by Steve Langasek)

Debian changes newer than ubuntu version:


cyrus-sasl2 2.1.27~101-g0780600+dfsg-2ubuntu1 -> 2.1.27~101-g0780600+dfsg-3

* Last Uploader: Logan Rosen (sponsored by Nish Aravamudan)

Debian changes newer than ubuntu version:


docker.io 1.12.6-0ubuntu7 -> 1.13.1~ds1-2

* Last Uploader: Stéphane Graber

Debian changes newer than ubuntu version:

docker.io (1.13.1~ds1-2) unstable; urgency=medium

  * Make test suite pass by using assorted patches to fix or disable
    tests that don't work under pbuilder. (Closes: #858269)
  * Suppress some unfixable Lintian warnings.
  * Verify CVE-2016-9962 is fixed. (Closes: #850952)

 -- Tim Potter   Wed, 07 Jun 2017 11:43:14 +1000

docker.io (1.13.1~ds1-1) unstable; urgency=medium

  * New upstream release.

 -- Tim Potter   Wed, 24 May 2017 11:44:10 +1000

docker.io (1.13.0~ds1-3) unstable; urgency=medium

  * Add api and client directories to dev package.

 -- Tim Potter   Mon, 24 Apr 2017 16:02:32 +1000

docker.io (1.13.0~ds1-2) unstable; urgency=medium

  * Re-enable logfiles.com logging support after upstream license
    change.
  * Run nuke-graph-directory.sh using bash instead of regular sh.
  * Fix dockerd location for sysvinit and upstart scripts. (Closes: #858249)

 -- Tim Potter   Tue, 28 Mar 2017 15:41:55 +1100

docker.io (1.13.0~ds1-1) experimental; urgency=medium

  [ Paul Tagliamonte ]
  * Remove myself as maintainer, and swap out tpot. Sadly, these days, I'm
    mostly just in the way, and not actually helping all that much with
    the Docker packaging. My last upload was basically forever ago, and
    tianon and tpot have been doing all the work since than. As such, I'm
    going to make an unilateral executive decision to tell everyone who
    listens to actually just listen to tpot. I plan to continue to be around in
    the form of cruft and chaos monkey. You should also listen to tianon.

  [ Tianon Gravi ]
  * Update basic-smoke test with "set -x" for debuggability and proper Depends
  * Build from within GOPATH so Go packages are resolved properly
  * Split "dh_auto_build-arch" from "dh_auto_build-indep"
  * Update "debian/watch" to use "uscan.tianon.xyz" so older versions are still
    easily fetchable without excess work outside uscan
  * Fix d/copyright text about Apache version 2.0 being in
    "/usr/share/common-licenses/GPL-2" (Closes: #835440); thanks cascardo!
  * Add Tim Potter to Uploaders ♥
  * Add a bit more formatting to README.Debian (and a short intro to explain
    what kinds of things this file includes)
  * Add an explicit note about "systemd.legacy_systemd_cgroup_controller=yes"
    in README.Debian (Closes: #843530)
  * Add explicit new "golang-golang-x-oauth2-google-dev" package to Depends

  [ Tim Potter ]
  * Add missing "golang-github-docker-go-events-dev" B-D (Closes: #850793)
  * New upstream version.
  * Refresh patches and remove obsolete ones.
  * Remove logentries.com log driver as upstream module is unlicensed.

 -- Tianon Gravi   Fri, 19 Aug 2016 12:52:55 -0700

dovecot 1:2.2.27-3ubuntu1 -> 1:2.2.31-1

* Last Uploader: ChristianEhrhardt

Debian changes newer than ubuntu version:

dovecot (1:2.2.31-1) unstable; urgency=medium

  * [9b058f3] New upstream version 2.2.31
    + [2b577c1] Bump pigeonhole version to 0.4.19
  * Enable TLS by default:
    + [7ca4b1c] Update SSL cert location patch; cert/key should reside under
      /etc/dovecot/private by default.
    + [05d3d0f] Use ssl-cert-snakeoil certificates to setup SSL by default
      (Closes: #376146, #786570)
    + [862901f] dovecot-core.postinst: manage 10-ssl.conf using ucf
      (Closes: #850538)
    + [418df05] README.Debian: document the new TLS setup
    + [47bade9] dovecot-core.NEWS: document TLS support
  * [8356bc0] Handle /etc/dovecot/private mode using dpkg-statoverride
  * dovecot-core.postinst: cleanup
    + [afbd33f] dovecot-core.postinst: always call adduser
    + [ee22dc5] dovecot-core.postinst: remove obsolete conffile handling
    + [7bb298b] dovecot-core.postinst: do not remove the imapd user/group
  * [815a2d1] README.Debian: cleanup
  * [91115a3] Use noawait dpkg triggers (lintian warning)
  * [e845cec] Add basic usage DEP-8 test, doing end-to-end tests involving
    LDA, IMAP and POP3.
  * [71c73ef] systemd: convert service to Type=simple and start after
    network-online.target (Closes: #865546, #825562)
  * [1534fac] dovecot.service: enable ProtectSystem=full
  * [d276c69] B-D only on default-libmysqlclient-dev

 -- Apollon Oikonomopoulos   Tue, 27 Jun 2017 18:18:12 +0300

dovecot (1:2.2.30.2-1) unstable; urgency=medium

  * [401e83d] New upstream version 2.2.30.2
  * [1ea8321] Bump pigeonhole version to 0.4.18
  * [97bf8ec] Drop CVE-2017-2669 patch
  * [9c1bbe2] Drop fix-sha3-on-big-endian.patch
  * [d3c607b] Refresh dovecot_name.patch
  * [5c64268] Bump Standards to 4.0.0; no changes needed
  * [0b884fc] Bump compat to 10
    + B-D on debhelper (>= 10)
    + Drop B-D on dh-systemd, now provided by debhelper
    + Run dh --without=autoreconf, since we use autotools-dev

 -- Apollon Oikonomopoulos   Thu, 22 Jun 2017 22:22:59 +0300

drbd8 n/a -> 2:8.4.4-1

Unknown (Probably auto sync.)

Debian changes newer than ubuntu version:


exim4 4.89-3ubuntu2 -> 4.89-4

* Last Uploader: Matthias Klose

Debian changes newer than ubuntu version:

exim4 (4.89-4) unstable; urgency=low

  * 80_Repair-manualroute-transport-name-not-last-option.patch from GIT
    master: Starting with 4.85 a transport name needed to specified after
    options in route_list. Closes: #865287
  * Add 81_Fix-log-line-corruption-for-DKIM-status.patch from GIT master.
  * Drop 78_Disable-chunking-BDAT-by-default.patch, enable BDAT/Chunking by
    default.
  * Standards-Version: 4.0.0
    + Do not check for availability of invoke-rc.d, use it always and do not
      fall back to invoking the init-script directly.
    + Drop eximon menu file.
  * Migrate to automatic debug packages. Bump b-d on debhelper since
    --dbgsym-migration was introduced in debhelper 9.20160114.

 -- Andreas Metzler   Sat, 15 Jul 2017 12:46:16 +0200

gfs2-utils 3.1.9-2ubuntu1 -> 3.1.10-1

* Last Uploader: Bhavani Shankar

Debian changes newer than ubuntu version:

gfs2-utils (3.1.10-1) unstable; urgency=medium

  * New upstream version
  * Refresh debian/patches
  * debian/watch: use pagure
  * debian/copyright: update Format URL
  * debian/control: update Homepage to pagure
  * debian/control: update Standards-Version to 4.0.0 with no changes

 -- Valentin Vidic   Wed, 21 Jun 2017 21:43:58 +0200

ghostscript 9.19~dfsg+1-0ubuntu10 -> 9.21~dfsg-1

* Last Uploader: Steve Beattie (sponsored by Marc Deslauriers)

Debian changes newer than ubuntu version:

ghostscript (9.21~dfsg-1) unstable; urgency=medium

  [ upstream ]
  * New release.
    Highlights:
    + pdfwrite preserves annotations from input PDFs where possible.
    + GhostXPS pass required data to pdfwrite to emit a ToUnicode CMap,
      resulting in fully searchable PDFs created from XPS in most cases.
    + Allow default color space for PDF transparency blends.
    + Improved support for cross-compiling in configure script.
    + tiffscaled and tiffscaled4 supports ETS (Even Tone Screening).
    + toolbin/pdf_info.ps utility emits PDF XML metadata.
    + New scan converter, more performant with large and complex paths.

  [ Jonas Smedegaard ]
  * Modernize cdbs:
    + Do copyright-check in maintainer script (not during build).
  * Avoid compressing pdf documentation.
  * Revive git-ignore file, lost importing NMUs.
  * Update watch file: Fix track releases (not tags).
  * Update copyright info:
    + Fix update main Files section to include all directory wildcards
      declared in root LICENSE file.
    + Stop track files no longer shipped upstream.
    + Add copyright holder Raph Levien.
    + Extend coverage for main upstream author.
    + Use https protocol in format string.
  * Update patches:
    + Drop patches applied upstream.
    + Normalize patch names.
    + Tidy DEP3 patch headers.
    + Add patch cherry-picked upstream to fix the shared openjpeg build.
    + Add patch cherry-picked upstream to fix shared lib build with
      openjpeg >= 2.1.1, replacing patch 1001.
  * Update package relations:
    + Relax build-dependency on cdbs.
    + Stop build-depend on licensecheck libregexp-assemble-perl
      libimage-exiftool-perl libfont-ttf-perl.
  * Relax symbols check when targeting experimental.
  * Update symbols: 16 dropped. 37 added.
  * Declare compliance with Debian Policy 4.0.0.

 -- Jonas Smedegaard   Mon, 19 Jun 2017 19:19:55 +0200

ghostscript (9.20~dfsg-3.2) unstable; urgency=medium

  * Non-maintainer upload.
  * Fix regression introduced by CVE-2017-8291 fix.
    When using the "DELAYBIND" feature, it turns out that .eqproc can be
    called with parameters that are not both procedures. In this case, it
    turns out, the expectation is for the operator to return 'false', rather
    than throw an error. (Closes: #862779)

 -- Salvatore Bonaccorso   Sun, 21 May 2017 19:22:52 +0200

ghostscript (9.20~dfsg-3.1) unstable; urgency=high

  * Non-maintainer upload.
  * -dSAFER bypass and remote command execution via a "/OutputFile  (%pipe%"
    substring (CVE-2017-8291) (Closes: #861295)
  * use the correct param list enumerator (CVE-2017-5951) (Closes: #859696)
  * fix crash with bad data supplied to makeimagedevice (CVE-2016-10220)
    (Closes: #859694)
  * Avoid divide by 0 in scan conversion code (CVE-2016-10219)
    (Closes: #859666)
  * Dont create new ctx when pdf14 device reenabled (CVE-2016-10217)
    (Closes: #859662)

 -- Salvatore Bonaccorso   Fri, 28 Apr 2017 06:50:05 +0200

ghostscript (9.20~dfsg-3) unstable; urgency=medium

  * Fix NULL pointer dereference in mem_get_bits_rectangle().
    Closes: Bug#697676 (CVE-2017-7207). Thanks to Salvatore Bonaccorso.

 -- Jonas Smedegaard   Tue, 21 Mar 2017 17:20:00 +0100

ghostscript (9.20~dfsg-2) unstable; urgency=medium

  * Add patch cherry-picked upstream to always print full PWG Raster
    bitmap.
    Closes: Bug#843095. Thanks to Brian Potkin.
  * Modernize Vcs-Browser field: Use git subdir (not cgit).
  * Stop override lintian for
    package-needs-versioned-debhelper-build-depends: Fixed in lintian.
  * Update watch file: Use github pattern from documentation.
  * Update copyright info: Extend coverage of Debian packaging.
  * Git-ignore quilt .pc subdir.
  * Revert to not have git import-orig use merge-strategy replace.

 -- Jonas Smedegaard   Wed, 25 Jan 2017 05:26:10 +0100

ghostscript (9.20~dfsg-1) unstable; urgency=medium

  * Fix spelling error in chengelog entry for 9.19~dfsg-3.1.
  * Adjust symbols (Fix version. Synv with experimental builds.

 -- Jonas Smedegaard   Tue, 29 Nov 2016 03:21:17 +0100

ghostscript (9.20~dfsg-1~exp1) experimental; urgency=medium

  [ upstream ]
  * New release.

  [ Jonas Smedegaard ]
  * Avoid non-DFSG embedded code copy of ConvertUTF:
    + Avoid when repackaging.
    + Stop track ConvertUTF files in copyright file.
    + Add patches cherry-pricked upstream to improve Unicode handling in
      PDF files.
    Closes: Bug#823100. Thanks to Francesco Poli.
  * Update copyright info:
    + Tidy repackaging to only cover what is still shipped upstream.
    + Add Files and License sections for new file licensed as ISC.
  * Have git import-orig use merge-strategy replace.
  * Update patches:
    + Drop patches cherry-picked upstream and now applied.
    + Consistently apply cherry-picked upstream patches first.
    + Unfuzz patches.
  * Stop build static library (seemingly no longer supported with
    upstream makefiles).
  * Update symbols file (92 missing).

 -- Jonas Smedegaard   Fri, 18 Nov 2016 16:07:47 +0100

golang n/a -> 2:1.6.1-2

Unknown (Probably auto sync.)

Debian changes newer than ubuntu version:


golang-1.7 1.7.4-2ubuntu1 -> 1.7.6-2

* Last Uploader: Michael Hudson-Doyle

Debian changes newer than ubuntu version:

golang-1.7 (1.7.6-2) unstable; urgency=medium

  * Add 0001-Fix-FTBFS-with-Perl-526.patch
  * Rename old style config section [git-dch] to [dch]

 -- Michael Stapelberg   Tue, 25 Jul 2017 08:23:42 +0200

golang-1.7 (1.7.6-1) unstable; urgency=medium

  * New upstream release. (Closes: #863308)
  * Remove d/patches/cl-29995--tzdata-2016g.patch, applied upstream.

 -- Michael Hudson-Doyle   Thu, 01 Jun 2017 21:31:53 +1200

golang-1.8 1.8.1-1ubuntu3 -> 1.8.3-2

* Last Uploader: Michael Hudson-Doyle

Debian changes newer than ubuntu version:

golang-1.8 (1.8.3-2) unstable; urgency=medium

  * Add 0001-Fix-FTBFS-with-Perl-526.patch
  * Rename old style config section [git-dch] to [dch]

 -- Michael Stapelberg   Mon, 24 Jul 2017 22:51:01 +0200

golang-1.8 (1.8.3-1) unstable; urgency=medium

  * New upstream release. (Closes: 863292, 863307)

 -- Michael Hudson-Doyle   Thu, 01 Jun 2017 21:06:00 +1200

golang-github-gosexy-gettext 0~git20130221-0ubuntu13 -> 0~git20130221-2

* Last Uploader: Michael Hudson-Doyle

Debian changes newer than ubuntu version:


golang-go.crypto 1:0.0~git20170407.0.55a552f-1ubuntu1 -> 1:0.0~git20170629.0.5ef0053-1

* Last Uploader: Michael Hudson-Doyle

Debian changes newer than ubuntu version:

golang-go.crypto (1:0.0~git20170629.0.5ef0053-1) unstable; urgency=medium

  * New upstream snapshot.
  * Delete previously cherry-picked security patch:
    The security fix 0001-ssh-require-host-key-checking_CVE-2017-3204.patch
    is already in the new upstream snapshot.
  * Bump Standards-Version to 4.0.0:
    Use https form of the copyright-format URL in debian/copyright.

 -- Anthony Fok   Fri, 30 Jun 2017 09:10:48 -0600

golang-go.crypto (1:0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1) unstable; urgency=medium

  * Reverts previous upload to permit freeze exception.
  * patches/0001-ssh-require-host-key-checking_CVE-2017-3204.patch:
    + CVE-2017-3204: Default behavior changed to require explicitly
      registering a hostkey verification mechanism. (Closes: #859655)

 -- Michael Lustfield   Wed, 26 Apr 2017 02:42:23 -0500

golang-golang-x-net-dev 1:0.0+git20170114.0.f249948+dfsg-0ubuntu2 -> 1:0.0+git20170629.c81e7f2+dfsg-1

* Last Uploader: Michael Hudson-Doyle

Debian changes newer than ubuntu version:

golang-golang-x-net-dev (1:0.0+git20170629.c81e7f2+dfsg-1) unstable; urgency=medium

  [ Martín Ferrari ]
  * Switch to golang-any.
  * Add versioned dependency on golang 1.5, due to API differences in net/http.

  [ Anthony Fok ]
  * New upstream snapshot.  It contains a fix (dated 2016-10-30) to
    recently-broken tests in webdav_test.go.  See
    https://go.googlesource.com/net/+/d6520b84c835d97913ea0e7cf5f43cca5693ef16
    for details. (Closes: #866092)
  * Bump Standards-Version to 4.0.0.
    Use https form of the copyright-format URL in debian/copyright.
  * Add myself to the list of Uploaders.
  * Update Lintian overrides:
     - Update name of source package (was golang-go.net-dev, now
       golang-golang-x-net-dev) so that the override for
       debian-watch-file-is-missing works again.
     - Add override for mention of old
       code.google.com repository.
     - Remove unused-override
       copyright-should-refer-to-common-license-file-for-gpl.

 -- Anthony Fok   Thu, 29 Jun 2017 06:56:30 -0600

golang-x-text 0.0~git20161013.0.c745997-2ubuntu2 -> 0.0~git20170627.0.6353ef0-1

* Last Uploader: Michael Hudson-Doyle

Debian changes newer than ubuntu version:

golang-x-text (0.0~git20170627.0.6353ef0-1) unstable; urgency=medium

  * New upstream version.
  * Bump Standards-Version to 4.0.0:
    Use https form of the copyright-format URL in debian/copyright.

 -- Anthony Fok   Thu, 29 Jun 2017 04:22:14 -0600

golang-yaml.v2 0.0+git20170125.0.4c78c97-0ubuntu2 -> 0.0+git20170407.0.cd8b52f-1

* Last Uploader: Michael Hudson-Doyle

Debian changes newer than ubuntu version:

golang-yaml.v2 (0.0+git20170407.0.cd8b52f-1) unstable; urgency=medium

  * New upstream version, with decode test fix for Go 1.8, see
    https://github.com/go-yaml/yaml/pull/217. (Closes: #866091)
  * Remove unnecessary Built-Using field for non-compiled -dev package
  * Bump Standards-Version to 4.0.0:
    Use https form of the copyright-format URL in debian/copyright.

 -- Anthony Fok   Tue, 27 Jun 2017 14:50:04 -0600

google-perftools 2.5-0ubuntu4 -> 2.5-2.2

* Last Uploader: Chuck Short

Debian changes newer than ubuntu version:


graphviz 2.38.0-16ubuntu2 -> 2.38.0-17

* Last Uploader: Matthias Klose

Debian changes newer than ubuntu version:


ifenslave 2.7ubuntu1 -> 2.9

* Last Uploader: Louis Bouchard (sponsored by Mathieu Trudel-Lapierre)

Debian changes newer than ubuntu version:


ilmbase 2.2.0-11ubuntu2 -> 2.2.0-12

* Last Uploader: Matthias Klose

Debian changes newer than ubuntu version:


ipset 6.30-2ubuntu1 -> 6.32-1

* Last Uploader: Adam Conrad

Debian changes newer than ubuntu version:

ipset (6.32-1) unstable; urgency=medium

  * Upload to unstable
  * [22ca89c] d/control: maintainer is now the netfilter team, update VCS-*
  * [ad77df4] d/patches/fix-ipset-cmd-replacement.patch: fix description
  * [04d66a6] d/control: Bump Standards-Version to 4.0.0, no changes needed

 -- Neutron Soutmun   Wed, 21 Jun 2017 11:43:07 +0700

ipset (6.32-1~exp2) experimental; urgency=medium

  * Add a patch to fix test failed to run
    * debian/patches/fix-ipset-cmd-replacement.patch:
      - In the upstream test, 'ipset' command should be replaced with
        '/sbin/ipset' but the recent script adds the line of command to
        replace it twice. The patch fixes the second replacement.
  * debian/patches/adjust-test-scripts-for-debian.patch: Refresh the patch
  * Add workaround patch
    * debian/patches/workaround-iphash-delete-one-by-one-test-failed.patch:
      - A workaround patch for iphash delete one-by-one test failed due to
        the bug [1] in the kernel module.
      [1] Fix bug: sometimes valid entries in hash:* types of sets were evicted
          https://git.netfilter.org/ipset/commit/?id=728fed0f689c76cb5cd77499b022764e93d91932
  * Revise test control file and split patch.
    Thanks Adam Conrad for suggestion and initial patch.
    * debian/tests/control:
      - Drop autopkgtest which is unnecessary.
      - Depends on kmod and netbase.
      - Depends on net-tools which the test script requires 'netstat'.
    * debian/patches/adjust-test-scripts-for-debian.patch,
      debian/patches/test-installed.patch:
      - Split Debian's kernel unrelated patch from
        adjust-test-scripts-for-debian.patch to test-installed.patch.
        Make it easy for Ubuntu that has a recent kernel than Debian to just
        drop unnecessary patches. (Closes: #860032)
  * debian/tests/regression: Add hash:mac.t to the list, Debian kernel supported

 -- Neutron Soutmun   Wed, 31 May 2017 08:10:22 +0700

ipset (6.32-1~exp1) experimental; urgency=medium

  * New upstream version 6.32
  * debian/control: Add "Multi-Arch: same" to libipset-dev package

 -- Neutron Soutmun   Thu, 23 Mar 2017 11:22:00 +0700

ipxe 1.0.0+git-20150424.a25a16d-1ubuntu2 -> 1.0.0+git-20161027.b991c67-1

* Last Uploader: Steve Beattie (sponsored by Tyler Hicks)

Debian changes newer than ubuntu version:


irqbalance 1.1.0-2ubuntu2 -> 1.1.0-2.3

* Last Uploader: Steve Langasek

Debian changes newer than ubuntu version:


ldns 1.7.0-1ubuntu1 -> 1.7.0-3

* Last Uploader: Balint Reczey (sponsored by Mathieu Trudel-Lapierre)

Debian changes newer than ubuntu version:

ldns (1.7.0-3) unstable; urgency=medium

  * Build depend on OpenSSL >= 1.1.0 to support offline DANE verification

 -- Ondřej Surý   Fri, 23 Jun 2017 10:12:00 +0200

ldns (1.7.0-2) unstable; urgency=medium

  [ Christoph Egger ]
  * Add python3 bindings

 -- Ondřej Surý   Mon, 19 Jun 2017 10:38:39 +0200

leveldb 1.18-5 -> 1.19-2

Unknown (Probably auto sync.)

Debian changes newer than ubuntu version:


libnss-ldap 265-3ubuntu3 -> 265-5

* Last Uploader: Jon Grimm (sponsored by Robie Basak)

Sync or Merge bug: Bug #1200203 in libnss-ldap (Ubuntu): "please merge libnss-ldap 264-2.5 (main) from Debian unstable (main)" (Fix Committed)

Debian changes newer than ubuntu version:


libpam-ldap 184-8.7ubuntu1 -> 186-4

* Last Uploader: Michael Vogt

Debian changes newer than ubuntu version:

libpam-ldap (186-4) unstable; urgency=medium

  * Install /usr/share/pam-configs/ldap
      needed for pam-auth-update. (Closes: #863201)

 -- Lucas de Castro Borges   Wed, 31 May 2017 14:19:41 -0300

libpam-ldap (186-3) unstable; urgency=medium

  * Aplied patch for build reproducibility ( Thanks to Chris Lamb)

 -- Lucas de Castro Borges   Sat, 11 Feb 2017 02:03:58 -0300

libpam-ldap (186-2) unstable; urgency=medium

  * Bumped Standards-Version to 3.9.8.
  * Updated DH level to 10.
  * Updated Maintainer e-mail address.
  * Added debian/patches/configfile_install.patch:
      - Fix pam_ldap.conf file path. (Closes: #844666)
  * Added debian/patches/configfile_references.patch:
      - Updated references to new config file path.

 -- Lucas de Castro Borges   Mon, 12 Dec 2016 13:03:15 -0300

libpam-ldap (186-1) unstable; urgency=medium

  * New upstream release
  * Bumped Standard-Version to 3.9.6.
  * Updated DH Level to 9.
  * New  maintainer. Closes: #699116
  * debian/copyright
      - Updated to DEP-5.
  * debian/control
      - Added homepage.
      - Updated build-depends.
  * debian/clean: removed vers.c, which is generated during the build.
  * debian/libpam-ldap.dirs: Removed, directories already created by debhelper.
  * debian/libpam-ldap.install: Updated to match new, clean debian/rules.
  * debian/libpam-ldap.postinst
      - Changed to 'set -e' in code.
  * debian/patches/manpage_fix_spell.patch
      - Added to fix spell typos.
  * debian/rules
      - Removed all the custom code and switched to a clean dh-based makefile.
  * debian/source/format
      - Changed to 3.0 quilt.
  * Acknownledge NMUs. (Closes: #532470, #532476, #532506, #532621, #532962,
    #533243, #533732, #533756, #533877, #534245, #534336, #534390, #534438,
    #546300, #578638, #548000, #537422, #563361, #563615, #579510, #706185,
    #653681, #654163, #655320, #664650)

 -- Lucas de Castro Borges   Mon, 04 Apr 2016 00:25:21 -0300

libwmf 0.2.8.4-10.6ubuntu1 -> 0.2.8.4-11

* Last Uploader: Balint Reczey (sponsored by Mathieu Trudel-Lapierre)

Debian changes newer than ubuntu version:

libwmf (0.2.8.4-11) unstable; urgency=medium

  * Ack NMUs; thanks!
  * Add autopkgtests to the package.
  * Bump Standards-Version to 3.9.8.
  * Orphan – set maintainer to QA group.

 -- Loïc Minier   Mon, 19 Jun 2017 22:11:59 +0000

lxc 2.0.8-0ubuntu3 -> 1:2.0.8-1

* Last Uploader: Stéphane Graber

Debian changes newer than ubuntu version:

lxc (1:2.0.8-1) unstable; urgency=medium

  [ Evgeni Golov ]
  * New upstream version 2.0.8
    + Make lxc-net return non-zero on failure (Closes: #854591)
  * drop old patches, all were cherry-picks from upstream
  * Use lxc-stop to stop systemd service (Closes: #863850)

  [ Baptiste Jonglez ]
  * Increase the maximum number of inotify listeners (Closes: #860974)

 -- Evgeni Golov   Sun, 18 Jun 2017 15:33:06 +0200

lxc (1:2.0.7-2) unstable; urgency=high

  * use bash-completion's pkg-config support and don't move files around
  * ignore lxc-test-cloneconfig if kernel has no overlay support
  * CVE-2017-5985: Ensure target netns is caller-owned (Closes: #857295)

 -- Evgeni Golov   Sat, 11 Mar 2017 09:47:20 +0100

lxc (1:2.0.7-1) unstable; urgency=medium

  * New upstream version 2.0.7
    + Closes: #847909, #847894, #847466

 -- Evgeni Golov   Mon, 23 Jan 2017 22:03:24 +0100

lxc (1:2.0.6-1) unstable; urgency=high

  * New upstream version 2.0.6
    + attach: do not send procfd to attached process
      Closes: #845465
      CVE-2016-8649
  * liblxc1: add depends on cgroupfs-mount | systemd (Closes: #844086)
  * drop patches applied/imported upstream
  * debian/tests: add iptables to tests depends

 -- Evgeni Golov   Thu, 24 Nov 2016 08:07:02 +0100

lxc (1:2.0.5-3) unstable; urgency=medium

  * add python3:Depends for lxc, so it gets a depends on python3
  * lxc-tests replace lxc-dev, not lxc
  * add a lintian override that the tests do not have a manpage
  * register lxc-dev docs with doc-base
  * add lintian override for ldconfig-trigger in lua-lxc
  * s/LUA/Lua/g in d/control

 -- Evgeni Golov   Sun, 06 Nov 2016 14:33:14 +0100

lxc (1:2.0.5-2) experimental; urgency=medium

  * split lua and python3 bindings in their own packages
  * split tests into their own package
  * only add bash completion links for commands we actually complete
  * backport two patches from Ubuntu
  * kill all the .la files, we do not need them
  * enable ALL the hardening flags
  * autopkgtest: only reboot if the memory cgroup is not activated yet
  * replace our lxc-dbg package by the autogenerated dbgsym one

 -- Evgeni Golov   Sun, 30 Oct 2016 17:59:32 +0100

lxc (1:2.0.5-1) unstable; urgency=medium

  * New upstream version 2.0.5
  * drop cgmanager support
    it's orphaned and upstream does recommend lxcfs instead
  * fix execution of tests on systems which do not have overlay.ko
  * add depends on lsb-base, thanks lintian

 -- Evgeni Golov   Sat, 08 Oct 2016 14:03:16 +0200

lxc (1:2.0.4-1) unstable; urgency=medium

  [ Antonio Terceiro ]
  * debian/rules: create symlinks for each lxc-* binary in
    /usr/share/bash-completion/completions/ so that bash completion actually
    works

  [ Evgeni Golov ]
  * Imported Upstream version 2.0.4
    + Uses SIGRTMIN+3 for systemd containers (Closes: #831691, #799541)
    + The debian template properly generates locaes (Closes: #806746)
  * drop 0020-fix-regression-when-creating-wheezy-containers.patch
  * rebase patches ontop of 2.0.4
  * add gnupg and dirmngr to recommends
  * improve autopkgtest execution, making most autopkgtest run properly

 -- Evgeni Golov   Thu, 25 Aug 2016 19:52:33 +0200

lxc (1:2.0.3-1) unstable; urgency=medium

  * Imported Upstream version 2.0.3
    - Fixes Inconsistent settings in lxc@.service (Closes: #826100)
  * drop patch hunks that were applied in 2.0.3
  * document how to change passwords in the container (Closes: #829239)

 -- Evgeni Golov   Sat, 16 Jul 2016 11:52:47 +0200

lxc (1:2.0.1-3) unstable; urgency=medium

  * 0020-lxc-debian-make-sure-init-is-installed.patch: update to fix
    regression when creating wheezy containers.

 -- Antonio Terceiro   Wed, 29 Jun 2016 15:10:57 -0300

lxc (1:2.0.1-2) unstable; urgency=medium

  * 0020-lxc-debian-make-sure-init-is-installed.patch: make sure init is
    included in Debian containers, since as of 1.34 it is not Essential
    anymore.

 -- Antonio Terceiro   Sat, 18 Jun 2016 09:16:43 -0300

lxc (1:2.0.1-1) unstable; urgency=medium

  * Imported Upstream version 2.0.1
  * drop patches applied upstream:
  * demote apparmor to suggests (Closes: #824120)

 -- Evgeni Golov   Sun, 22 May 2016 22:04:19 +0200

lxc (1:2.0.0-3) unstable; urgency=medium

  * drop lxcinitdir.patch
  * replace all patches by the versions accepted upstream
  * cherry-pick fix for creating unpriv container on non-systemd systems
  * add gbp.conf

 -- Evgeni Golov   Sun, 01 May 2016 13:00:16 +0200

lxc (1:2.0.0-2) unstable; urgency=medium

  [ Evgeni Golov ]
  * add lxcfs and libpam-cgfs to recommends
  * Standards-Version: 3.9.8

  [ Antonio Terceiro ]
  * Refresh patches
  * debian/patches/0018-lxc-create-fix-B-best-option.patch: Fix `-B best`
    option to lxc-create

 -- Antonio Terceiro   Mon, 11 Apr 2016 14:19:45 -0300

lxc (1:2.0.0-1) unstable; urgency=medium

  * Imported Upstream version 2.0.0
  * set Maintainer to pkg-lxc, Antonio and me as Uploaders
  * re-enable seccomp on almost all arches again

 -- Evgeni Golov   Wed, 06 Apr 2016 21:26:24 +0200

lxc (1:2.0.0~rc15-1) experimental; urgency=medium

  * Team upload.

  [ Evgeni Golov ]
  * Imported Upstream version 2.0.0~rc15
    + Updates supported Debian releases in template (Closes: #816710)
    + Does not enable non-free by default anymore (Closes: #793598)
    + Uses httpredir.debian.org (Closes: #805085)
  * add uidmap to Recommends (Closes: #817796)
  * Standards-Version: 3.9.7

  [ Reiner Herrmann ]
  * use the date from the latest changelog entry when building manpages
    (Closes: #807837)

 -- Evgeni Golov   Sun, 03 Apr 2016 16:09:25 +0200

lxc (1:2.0.0~rc13-1) experimental; urgency=medium

  * Team upload.

  [ Antonio Terceiro ]
  * debian/tests/control: require isolation-machine to run; the tests can't
    run under lxc themselves.
  * debian/control: add Vcs-* fields pointing fields to the new repository
    location on https://anonscm.debian.org/cgit/pkg-lxc/lxc.git

  [ Evgeni Golov ]
  * Add debian/NEWS entry about lxc.aa_allow_incomplete = 1
    Closes: #813954
  * Imported Upstream version 2.0.0~rc13
  * refresh patches for LXC 2.0.0
  * install hooks from /usr/lib too

 -- Evgeni Golov   Fri, 25 Mar 2016 16:44:25 +0100

lxc (1:1.1.5-1) unstable; urgency=medium

  [ Evgeni Golov ]
  * Imported Upstream version 1.1.5
  * drop patches either applied or obsoleted upstream
  * refresh patches
  * call dh_installinit for lxc-net
  * drop useless lintian override
  * add autopkgtests from Ubuntu
    - fix up some tests for Debian
  * add dnsmasq-base to test depends
  * debian/watch: updated to look for all LXC releases
  * use dh_apparmor
  * do not restart LXC on upgrades when using systemd
  * build-depend on gnutls-dev
  * update Depends/Recommends/Suggests based on the packaging in Ubuntu
  * properly pass the systemd unit dir to configure

  [ Antonio Terceiro ]
  * 0014-Fix-520-multiple-instances-of-agetty-on-systemd.patch: add
    upstream patch to avoid multiple instances of agetty on each console.

 -- Antonio Terceiro   Sun, 31 Jan 2016 18:22:40 -0200

lxc (1:1.0.8-1) unstable; urgency=medium

  * New upstream release
    - Includes fixes for CVE-2015-1335 (Closes: #800471)
    - Patches dropped for being already applied upstream:
      - CVE-2015-1331.patch
      - CVE-2015-1334.patch
      - lxc-clone-rsync-hardlinks.patch
      - lxc-clone-rsync-capabilities.patch
      - big-big-login-delays-in-CentOS-7-systemd.patch
      - lxc-debian-skip-security-updates-for-unstable-sid.patch
      - lxc-debian-support-stretch-Debian-9-images.patch
      - CVE-2015-1335.patch
    - Renumbered patches
    - Add cgmanager do Recommends:. Without it, lxc will always print a
      warning, which seems to be harmless but for example will break
      autopkgtest because of the unexpected output to stderr.
  * debian/watch: added
  * debian/upstream/signing-key.asc: added upstream signing key.

 -- Antonio Terceiro   Tue, 24 Nov 2015 19:10:28 -0200

lxc (1:1.0.7-12) unstable; urgency=high

  * Added 0025-CVE-2015-1335.patch from the final version of the fix for
    CVE_2015-1335 from the Ubuntu package (Closes: #800471)

 -- Antonio Terceiro   Fri, 13 Nov 2015 08:37:41 -0200

lxc (1:1.0.7-11) unstable; urgency=medium

  * New maintainer (myself)
    - Thanks Daniel Baumann for his previous efforts in maintaing lxc
  * Added patches (all already applied upstream):
    - 0019-big-big-login-delays-in-CentOS-7-systemd.patch
    - 0020-Centos7-systemd.patch
    - 0022-lxc-debian-skip-security-updates-for-unstable-sid.patch
    - 0023-lxc-debian-support-stretch-Debian-9-images.patch
    - 0024-lxc-debian-allow-not-including-contrib-non-free.patch

 -- Antonio Terceiro   Sun, 08 Nov 2015 10:52:37 -0200

lxc (1:1.0.7-10) unstable; urgency=low

  * Adding build-depends to dh-python.

 -- Daniel Baumann   Tue, 18 Aug 2015 14:12:31 +0200

lxc (1:1.0.7-9) unstable; urgency=low

  * Adjusting breaks (Closes: #795799).
  * Correcting email address in previous changelog entry.

 -- Daniel Baumann   Mon, 17 Aug 2015 06:42:20 +0200

lxc (1:1.0.7-8) unstable; urgency=low

  * Adding patch from upstream to preserve hardlinks in lxc-clone.
  * Adding patch from upstream to preserve capabilities in lxc-clone
    (Closes: #795422).

 -- Daniel Baumann   Sun, 16 Aug 2015 13:46:24 +0200

lxc (1:1.0.7-7) unstable; urgency=low

  * Moving shared library to dedicated package for future upload of lxd
    (#768073).
  * Re-adding lxc-dev which is now allowed again having the shared library
    split out (Closes: #774085, #793202).

 -- Daniel Baumann   Wed, 12 Aug 2015 18:03:23 +0200

lxc (1:1.0.7-6) unstable; urgency=low

  * Using misc:Pre-depends variable instead of hardcoding multiarch-
    support.
  * Moving bash-completion integration from /etc/bash-completion.d to
    /usr/share/bash-completion/completions.
  * Dropping obsolete syslog target from systemd service file.
  * Adding patch from upstream to fix errors in lxc-debian if dbus is not
    installed (Closes: #794207).
  * Updating lintian overrides.

 -- Daniel Baumann   Wed, 12 Aug 2015 17:25:44 +0200

lxc (1:1.0.7-5) unstable; urgency=low

  * Updating homepage field.
  * Updating debian copyright string.
  * Dropping conditionals for lua-alt-getopt, not needed anymore.
  * Dropping enforcing of xz compression, not needed anymore.
  * Dropping vcs fields in control for the time being.

 -- Daniel Baumann   Wed, 12 Aug 2015 11:09:50 +0200

lxc (1:1.0.7-4) unstable; urgency=high

  * Adding backported patch from upstream to prevent an unprivileged user
    to use LXC to create arbitrary file on the filesystem [CVE-2015-1331]
    (Closes: #793298).
  * Adding backported patch from upstream to prevent an user to use LXC
    to over-mount /proc which can be used to unconfined code execution
    [CVE-2015-1334] (Closes: #793298).

 -- Daniel Baumann   Wed, 22 Jul 2015 18:33:48 +0200

lxc (1:1.0.7-3) unstable; urgency=low

  * Building with cgmanager (Closes: #773421).

 -- Daniel Baumann   Tue, 28 Apr 2015 22:01:41 +0200

lxc (1:1.0.7-2) unstable; urgency=low

  * Dropping pre-jessie upgrade handling.
  * Dropping pre-jessie conflicts/replaces.

 -- Daniel Baumann   Sat, 25 Apr 2015 08:10:48 +0200

lxc (1:1.0.7-1) experimental; urgency=low

  * Merging upstream version 1.0.7.
  * Removing apparmor.patch, not needed anymore.
  * Removing lxc-create-manpage.patch, included upstream.
  * Removing lxc-debian-systemd.patch, included upstream.
  * Removing lxc-debian-init.patch, included upstream.
  * Renumbering patches.

 -- Daniel Baumann   Sat, 06 Dec 2014 13:11:57 +0100

lxc (1:1.0.6-5) unstable; urgency=low

  * Mounting /sys read-only in lxc-debian to prevent (one way of) escaping
    containers (Closes: #770901).
  * Adding patch from lxc 1.0.7 to make lxc-debian work with systemd
    (Closes: #766216).
  * Adding patch from lxc 1.0.7 to make lxc-debian handle switch of
    initsystem better.

 -- Daniel Baumann   Sat, 06 Dec 2014 13:00:36 +0100

lxc (1:1.0.6-4) unstable; urgency=low

  * Marking -t option in lxc-create manpage as required (Closes: #768778).

 -- Daniel Baumann   Tue, 11 Nov 2014 19:57:58 +0100

lxc (1:1.0.6-3) unstable; urgency=low

  * Preserving setuid on lxc-user-nic (Closes: #764815).

 -- Daniel Baumann   Mon, 13 Oct 2014 20:44:15 +0200

lxc (1:1.0.6-2) unstable; urgency=low

  * Correcting automatic lua:Suggests generation.
  * Adding openssl to recommends since upstreams lxc-debian template
    uses openssl for mac generation.

 -- Daniel Baumann   Tue, 07 Oct 2014 09:42:36 +0200

lxc (1:1.0.6-1) unstable; urgency=low

  * Merging upstream version 1.0.6.
  * Refreshing sysvinit-lsb-functions.patch.
  * Updating to standards version 3.9.6.
  * Setting options for systemd in debian.common.conf (Closes: #761196,
    #761197).

 -- Daniel Baumann   Mon, 29 Sep 2014 12:04:40 +0200

lxc (1:1.0.5-3) unstable; urgency=low

  * Dropping fixes for prefix in systemd unit file, not needed anymore.
  * Moving debootstrap to recommends.
  * Moving lua to suggests.
  * Adding lua suggests for non-debian system.
  * Showing warning when lxc is used on systemd with cgroups mounted in
    /etc/fstab (Closes: #760357).

 -- Daniel Baumann   Thu, 04 Sep 2014 04:30:47 +0200

lxc (1:1.0.5-2) unstable; urgency=low

  * Using and build-depending on dh-systemd (Closes: #758628).
  * Rewording changelog entry about merging upstream version 1.0.5.
  * Marking removal of lxc-top due to missing lua-alt-getopt in rules as
    debian only.
  * Dropping special handling of lxc-debian on progress-linux.
  * Renaming debian-config.patch to lxc-debian-fuse.patch.
  * Renaming lxc-sysvinit.patch to sysvinit-directory.patch.
  * Renaming lsb-init-headers.patch to sysvinit-lsb-headers.patch.
  * Renaming lsb-init-functions.patch to sysvinit-lsb-functions.patch.
  * Renaming lxc-init-lock.patch to sysvinit-lsb-lock.patch.
  * Renaming lxc-sigint.patch to lxc-attach-sigint.patch.
  * Adding references to upstreams bug tracker in all patches.
  * Adding patch from Ondřej Surý  to change
    PermitRootLogin yes to PermitRootLogin without-password in sshd_config
    (Closes: #758647).
  * Adding patch to set random root password in lxc-debian (Closes:
    #758643).
  * Removing /etc/default/lxc for upgrades of wheezy to jessie (Closes:
    #758800).

 -- Daniel Baumann   Thu, 21 Aug 2014 15:54:58 +0200

lxc (1:1.0.5-1) unstable; urgency=low

  * Due to 'popular demand', dropping Debian custom additions and shipping
    an (almost) vanilla lxc package in Debian from now on.
  * Removing Jonas from uploaders, thanks for your past support.
  * Dropping lxc-dev, according to ftp-master this is not acceptable
    anymore without having split out library package.
  * Merging upstream version 1.0.5 (Closes: #757326).
  * Refreshing lsb-init-functions.patch.
  * Refreshing debian-config.patch.
  * Adding debootstrap to suggests.

 -- Daniel Baumann   Sun, 10 Aug 2014 12:55:27 +0200

lxcfs 2.0.7-0ubuntu4 -> 2.0.7-2

* Last Uploader: Stéphane Graber

Debian changes newer than ubuntu version:

lxcfs (2.0.7-2) unstable; urgency=medium

  * import patches from the upstream stable branch
    + 0002-pam-report-back-we-found-the-unified-hierarchy.patch
      0003-bindings-add-mountpoint-for-unified-hierarchy.patch
      Closes: #843450
    + 0004-pam-chown-cgroup.procs-file-on-unified-hierarchy.patch
      Closes: #867619
    + 0005-bindings-calculate-uptime-via-proc-pid-stat.patch
      0006-bindings-calculate-btime-correctly.patch
      0007-tests-fix-invalid-comparison.patch
      0008-temporarily-revert-the-virtualization-of-btime-field.patch
      These have no Debian bugs, but improve the uptime and btime handling.
    + 0010-add-cgroupfs-mount-to-Should-Start-Stop-sysvinit-LSB.patch
      Closes: #859220
  * add 0001-pam-non-functional-changes, otherwise 0004 won't apply

 -- Evgeni Golov   Sun, 16 Jul 2017 15:04:34 +0200

lxcfs (2.0.7-1) unstable; urgency=medium

  * New upstream version 2.0.7
    + virtualize the 'btime' field of /proc/stat
      LP: #1654310

 -- Evgeni Golov   Sat, 20 May 2017 11:00:52 +0200

mod-wsgi 4.5.11-1ubuntu1 -> 4.5.17-1

* Last Uploader: Michael Hudson-Doyle

Debian changes newer than ubuntu version:

mod-wsgi (4.5.17-1) unstable; urgency=medium

  [ Felix Geyer ]
  * [0e844af] Remove myself from Uploaders.

  [ Scott Kitterman ]
  * [8a3cee5] * Fix min/max Python 3 version determination for multiple versions.   (closes: #866575)

  [ Bernd Zeimetz ]
  * [f2fada2] Merge tag 'upstream/4.5.17'
    Upstream version 4.5.17

 -- Bernd Zeimetz   Sun, 09 Jul 2017 13:46:03 +0200

mysql-5.7 5.7.18-0ubuntu1 -> 5.7.18-1

* Last Uploader: Lars Tangvald (sponsored by Marc Deslauriers)

Debian changes newer than ubuntu version:


mysql-defaults 1.0.2ubuntu1 -> 1.0.3

* Last Uploader: Robie Basak

Debian changes newer than ubuntu version:

mysql-defaults (1.0.3) unstable; urgency=medium

  [ Andreas Beckmann ]
  * default-mysql-server: Add Breaks against the transitional mysql-server
    package in stretch to reduce future upgrade problems.
  * Use substvars for the defaults and dpkg-vendor to distinguish between
    Debian and Ubuntu at build time.
  * Set Ubuntu defaults to the mysql-5.7 family.
  * Bump Standards-Version to 4.0.0, no changes needed.

  [ Pino Toscano ]
  * Add default-libmysqld-dev package.  (Closes: #852102)

 -- Andreas Beckmann   Wed, 28 Jun 2017 13:12:15 +0200

nagios-nrpe 3.0.1-3ubuntu1 -> 3.2.0-4

* Last Uploader: Eric Desrochers (sponsored by Marc Deslauriers)

Debian changes newer than ubuntu version:

nagios-nrpe (3.2.0-4) unstable; urgency=medium

  * Add upstream patch to turn seteuid errors into warnings.
    (closes: #868326)

 -- Bas Couwenberg   Fri, 14 Jul 2017 16:51:12 +0200

nagios-nrpe (3.2.0-3) unstable; urgency=medium

  * Re-enable SSL support by default.
    Compatibility with older versions has been fixed.

 -- Bas Couwenberg   Fri, 07 Jul 2017 14:08:13 +0200

nagios-nrpe (3.2.0-2) unstable; urgency=medium

  * Fix 11_reproducible_dh.h.patch to not leave USE_SSL_DH undefined.
    Thanks to Johan Carlquist for pointing out this issue.
  * Drop --with-need-dh=no configure option, dh is needed.
  * Remove deterministic "openssl dhparam" output handling,
    dh.h not included in upstream source.

 -- Bas Couwenberg   Thu, 06 Jul 2017 14:33:39 +0200

nagios-nrpe (3.2.0-1) unstable; urgency=medium

  * New upstream release.
    (closes: #565643)
  * Bump Standards-Version to 4.0.0, no changes.
  * Add autopkgtest to test installability.
  * Set --with-logdir configure option to /var/log.
  * Update watch file for GitHub releases.
  * Update copyright file.
  * Refresh patches.
  * Reinstate 11_reproducible_dh.h.patch for reproducible dh.h.
  * Regenerate dh.h with OpenSSL 1.1.0.

 -- Bas Couwenberg   Wed, 05 Jul 2017 09:53:06 +0200

nagios-nrpe (3.1.1-1) unstable; urgency=medium

  * Move from experimental to unstable.

 -- Bas Couwenberg   Sun, 18 Jun 2017 13:39:05 +0200

nagios-nrpe (3.1.1-1~exp1) experimental; urgency=medium

  * New upstream release.
  * Drop format-security.patch, applied upstream.
  * Use --with-need-dh=no configure option instead of patch.

 -- Bas Couwenberg   Sat, 27 May 2017 10:57:03 +0200

nagios-nrpe (3.1.0-1~exp1) experimental; urgency=medium

  * New upstream release.
    (closes: #849417, #445976, #691328)
  * Fix typo in manpage.
    (closes: #856658)
  * Drop 10_reproducible_build.patch, applied upstream.
    Refresh remaining patches.
  * Update build dependency for OpenSSL 1.1.0.
    (closes: #859223)
  * Add patch to fix FTBFS with -Werror=format-security.

 -- Bas Couwenberg   Wed, 19 Apr 2017 19:28:05 +0200

nagios3 3.5.1.dfsg-2.1ubuntu8 -> 3.5.1.dfsg-2.2

* Last Uploader: Matthias Klose

Debian changes newer than ubuntu version:


net-snmp 5.7.3+dfsg-1ubuntu6 -> 5.7.3+dfsg-1.7

* Last Uploader: Matthias Klose

Debian changes newer than ubuntu version:


nginx 1.12.1-0ubuntu2 -> 1.13.3-1

* Last Uploader: Matthias Klose

Debian changes newer than ubuntu version:

nginx (1.13.3-1) unstable; urgency=high

  * New upstream version 1.13.3.
    Fixes CVE-2017-7529 (Closes: #868109)
  * Drop gzip_disable "msie6" directive. (Closes: #867024)

 -- Christos Trochalakis   Wed, 12 Jul 2017 11:20:27 +0300

nginx (1.13.2-1) unstable; urgency=medium

  [ Christos Trochalakis ]
  * New upstream version 1.13.2.
  * Fix nginx-cache-purge segfaults (Closes: #866750)
  * Merge ca translations.
    Thanks to Alytidae (Closes: #865996)
  * Merge es translations.
    Thanks to Jonathan Bustillos (Closes: #855610)
  * Merge pt translations.
    Thanks to Rui Branco (Closes: #858741)
  * Bump Standards to 4.0.0.
    - Switch the copyright-format URL to https.

  [ Nicolas Dandrimont ]
  * Introduce libnginx-mod-rtmp (Closes: #843777)

 -- Christos Trochalakis   Mon, 03 Jul 2017 13:44:59 +0300

nginx (1.13.1-2) unstable; urgency=medium

  * Upload to unstable.

 -- Christos Trochalakis   Tue, 20 Jun 2017 14:16:52 +0300

nginx (1.13.1-1) experimental; urgency=medium

  * New upstream version 1.13.1.

 -- Christos Trochalakis   Wed, 31 May 2017 11:41:59 +0300

nginx (1.13.0-1) experimental; urgency=medium

  * New upstream release.
    We now target nginx mainline (1.13.x).

 -- Christos Trochalakis   Wed, 10 May 2017 11:40:38 +0300

nspr 2:4.13.1-0ubuntu1 -> 2:4.15-1

* Last Uploader: Marc Deslauriers

Debian changes newer than ubuntu version:

nspr (2:4.15-1) unstable; urgency=medium

  * New upstream release.

 -- Mike Hommey   Sat, 17 Jun 2017 06:34:23 +0900

nspr (2:4.14-1) experimental; urgency=medium

  * New upstream release.

 -- Mike Hommey   Wed, 19 Apr 2017 20:07:34 +0900

nspr (2:4.13.1-1) experimental; urgency=medium

  * New upstream release.
  * debian/control:
    - Change Vcs-{Git,Browser} URLs.
    - Bump Standards-Version to 3.9.8. No changes required.
  * debian/rules:
    - Avoid ignoring make clean errors.
    - Move the --sourcedirectory option after dh target.
  * debian/compat, debian/control: Bump debian/compat to 9.
  * debian/libnspr4.lintian-overrides.in: Add a lintian override for
    dev-pkg-without-shlib-symlink for the same reason there is a lintian
    override for shlib-without-versioned-soname.

 -- Mike Hommey   Sat, 19 Nov 2016 08:07:09 +0900

nss 2:3.28.4-0ubuntu2 -> 2:3.31-1

* Last Uploader: Marc Deslauriers

Debian changes newer than ubuntu version:

nss (2:3.31-1) unstable; urgency=medium

  * New upstream release.
  * debian/libnss3.symbols: Add NSS_3_31 and NSSUTIL_3.31 symbol versions.

 -- Mike Hommey   Sat, 17 Jun 2017 06:41:41 +0900

nss (2:3.30.2-1) experimental; urgency=medium

  * New upstream release.

 -- Mike Hommey   Fri, 19 May 2017 14:06:03 +0900

nss (2:3.30.1-1) experimental; urgency=medium

  * New upstream release.

 -- Mike Hommey   Wed, 19 Apr 2017 20:09:48 +0900

nss (2:3.30-1) experimental; urgency=medium

  * New upstream release.
  * debian/libnss3.symbols: Add NSS_3.30 and NSS_3.30.0.1 symbol versions.

 -- Mike Hommey   Sat, 18 Mar 2017 15:34:23 +0900

nss (2:3.29.1-1) experimental; urgency=medium

  * New upstream release.

 -- Mike Hommey   Sat, 25 Feb 2017 09:27:44 +0900

nss (2:3.29-1) experimental; urgency=medium

  * New upstream release.
  * debian/libnss3.symbols: Add NSSUTIL_3.25 symbol version.

 -- Mike Hommey   Mon, 13 Feb 2017 07:42:36 +0900

numactl 2.0.11-1ubuntu2 -> 2.0.11-2.1

* Last Uploader: Dimitri John Ledkov

Debian changes newer than ubuntu version:


open-iscsi 2.0.874-2ubuntu2 -> 2.0.874-4

* Last Uploader: Eric Desrochers (sponsored by Marc Deslauriers)

Debian changes newer than ubuntu version:

open-iscsi (2.0.874-4) unstable; urgency=medium

  * [0347300] initramfs: populate PROTO= entry in /run/net-*.conf from iBFT
    (Closes: #866213)

 -- Christian Seiler   Sun, 02 Jul 2017 18:01:09 +0200

open-iscsi (2.0.874-3) unstable; urgency=medium

  * [e506ea0] udeb: don't update initramfs when iSCSI is not used.
    (Closes: #863435)

 -- Christian Seiler   Sun, 18 Jun 2017 22:01:22 +0200

openldap 2.4.44+dfsg-8ubuntu2 -> 2.4.45+dfsg-1

* Last Uploader: Matthias Klose

Debian changes newer than ubuntu version:

openldap (2.4.45+dfsg-1) unstable; urgency=medium

  * New upstream release.
    - fixed a use-after-free in GnuTLS options handling
      (ITS#8385) (Closes: #820244) (LP: #1557248)
    - fixed unsafe concurrent SASL calls causing memory corruption
      (ITS#8648) (Closes: #860947) (LP: #1688575)
    - fixed syncrepl infinite looping with multi-master delta-syncrepl
      (ITS#8432) (Closes: #868753)
  * Rebase patches to apply cleanly:
    - do-not-second-guess-sonames
    - no-AM_INIT_AUTOMAKE
  * Drop patches applied upstream:
    - ITS-8554-kFreeBSD-is-like-BSD.patch
    - ITS-8644-wait-for-slapd-to-start-in-test064.patch
    - ITS-8655-paged-results-double-free.patch
  * Upgrade to debhelper compat level 10.
    - Depend on debhelper 10.
    - Stop enabling parallel and autoreconf explicitly. They are now enabled 
      by default.
    - Drop dh-autoreconf from build-depends since debhelper requires it.
  * Add -Wno-format-extra-args to CFLAGS to reduce the noise in the build 
    logs, as this warning is emitted on each use of the Debug() macro.
  * Drop libldap-2.4-4-dbg and slapd-dbg binary packages in favour of 
    automatic dbgsym packages.
  * Update Standards-Version to 4.0.0; no changes required.
  * Drop Priority and Section from binary package stanzas when they only 
    duplicate information from the source stanza.
  * Update Priority of slapd-smbk5pwd and libldap2-dev to optional to match 
    the archive.
  * Remove retired developer, Roland Bauerschmidt, from Uploaders.
    (Closes: #856422)
  * Remove Timo Aaltonen from Uploaders, with his agreement.
  * debian/patches/ITS8650-retry-gnutls_handshake-after-GNUTLS_E_AGAIN.patch: 
    If gnutls_handshake() returns EAGAIN, call it again. Fixes TLS handshake 
    failures when the ServerHello message exceeds 16K.
    (ITS#8650) (Closes: #861838)
  * Drop time from Build-Depends. The upstream testsuite no longer calls it.

 -- Ryan Tandy   Thu, 27 Jul 2017 18:04:41 -0700

openssh 1:7.5p1-3ubuntu1 -> 1:7.5p1-5

* Last Uploader: Dimitri John Ledkov

Debian changes newer than ubuntu version:

openssh (1:7.5p1-5) unstable; urgency=medium

  * Upload to unstable.
  * Fix syntax error in debian/copyright.

 -- Colin Watson   Sun, 18 Jun 2017 12:08:42 +0100

openssh (1:7.5p1-4) experimental; urgency=medium

  * Drop README.Debian section on privilege separation, as it's no longer
    optional.
  * Only call "initctl set-env" from agent-launch if $UPSTART_SESSION is set
    (LP: #1689299).
  * Fix incoming compression statistics (thanks, Russell Coker; closes:
    #797964).
  * Relicense debian/* under a two-clause BSD licence for bidirectional
    compatibility with upstream, with permission from Matthew Vernon and
    others.

 -- Colin Watson   Tue, 06 Jun 2017 15:17:58 +0100

opus 1.1.2-1ubuntu1 -> 1.2~alpha2-1

* Last Uploader: Matthias Klose

Debian changes newer than ubuntu version:


pacemaker 1.1.16-1ubuntu1 -> 1.1.17-1

* Last Uploader: Nish Aravamudan

Debian changes newer than ubuntu version:

pacemaker (1.1.17-1) unstable; urgency=medium

  [ Christoph Berg ]
  * [d3d1561] Remove myself from Uploaders.

  [ Ferenc Wágner ]
  * [a5a42be] crm.h and stonith-ng.h include libxml/tree.h
  * [76d3188] We apparently won't need more transitional packages
  * [5a1da57] New upstream release (1.1.17)
  * [608c6b8] Remove upstreamed patches, refresh the rest
  * [3f7a663] Some internal symbols disappeared, some new ones got introduced
  * [ab7ef54] Update Standards-Version to 4.0.0 (HTTPS is preferred for
    copyright-format)
  * [42d3457] Use debhelper compat level 10
  * [9a4e43d] New patch consider-ac_tool_prefix-for-pkg-config.patch
    Thanks to Helmut Grohne

 -- Ferenc Wágner   Sat, 08 Jul 2017 23:00:09 +0200

partman-iscsi 40ubuntu3 -> 45

* Last Uploader: Mathieu Trudel-Lapierre

Debian changes newer than ubuntu version:

partman-iscsi (45) unstable; urgency=medium

  [ Updated translations ]
  * Traditional Chinese (zh_TW.po) by Yao Wei (魏銘廷)

 -- Christian Perrier   Thu, 29 Jun 2017 06:55:50 +0200

partman-iscsi (44) unstable; urgency=medium

  [ Updated translations ]
  * Serbian (sr.po) by Dragan Filipović

 -- Christian Perrier   Wed, 08 Jun 2016 19:00:17 +0200

partman-iscsi (43) unstable; urgency=medium

  [ Updated translations ]
  * Serbian (sr.po) by Dragan Filipović

 -- Christian Perrier   Mon, 25 Apr 2016 06:59:49 +0200

partman-iscsi (42) unstable; urgency=medium

  [ Colin Watson ]
  * Use HTTPS for Vcs-* URLs, and link to cgit rather than gitweb.

 -- Christian Perrier   Sun, 14 Feb 2016 08:08:47 +0100

partman-iscsi (41) unstable; urgency=medium

  [ Updated translations ]
  * Swedish (sv.po) by Martin Bagge / brother

 -- Christian Perrier   Wed, 27 Jan 2016 16:09:32 +0100

php7.0 7.0.18-2ubuntu1 -> 7.0.20-2

* Last Uploader: Nish Aravamudan

Debian changes newer than ubuntu version:

php7.0 (7.0.20-2) unstable; urgency=medium

  * Add Ferenc Kovacs signing key to upstream GPG keyring
  * Add upstream patch to fix broken support for HOST/PATH ini sections

 -- Ondřej Surý   Wed, 14 Jun 2017 07:30:04 +0200

php7.0 (7.0.20-1) unstable; urgency=medium

  * Kill extra TAB character in the ini file that was causing insserv
    troubles
  * Add signature support to d/watch
  * New upstream version 7.0.20
  * Refresh patches on top of PHP 7.0.20 release

 -- Ondřej Surý   Fri, 09 Jun 2017 10:04:20 +0200

php7.0 (7.0.19-1) unstable; urgency=medium

  * New upstream version 7.0.19
  * Remove OpenSSL 1.1.0 support patch; it was merged upstream
  * Rebase patches on top of PHP 7.0.19

 -- Ondřej Surý   Thu, 11 May 2017 16:04:47 +0200

php7.0 (7.0.18-3) unstable; urgency=medium

  * php-fpm has to depend on procps due kill usage in systemd service file
    (Closes: #861855)
  * Regenerate d/control
  * Do a fresh rewrap of debian/ directory

 -- Ondřej Surý   Mon, 08 May 2017 10:25:18 +0200

python-bcrypt 3.1.3-0ubuntu1 -> 3.1.3-1

* Last Uploader: James Page

Debian changes newer than ubuntu version:

python-bcrypt (3.1.3-1) unstable; urgency=medium

  * New upstream release.
  * drop git-dpm regime (remove deb/.git-dpm, add deb/gbp.conf).
  * use debhelper level 10 (changes in deb/compat and deb/control).
  * deb/copyright:
    + expanded copyright spans.
    + use https in Format field according to standards update.
    + bump standards version to 4.0.0 (no further changes needed).
  * deb/control:
    + build binaries for linux-any (Closes: #834062).
  * deb/tests/control:
    + add python{,3}-all packages to test deps.

 -- Daniel Stender   Thu, 20 Jul 2017 19:49:16 +0200

python-cursive 0.1.1-1ubuntu1 -> 0.1.1-2

* Last Uploader: James Page

Debian changes newer than ubuntu version:

python-cursive (0.1.1-2) unstable; urgency=medium

  * Uploading to unstable.
  * Fixed oslotest EPOCH.
  * Added myself as uploader.
  * Using pkgos-dh_auto_{test,install} from openstack-pkg-tools >= 52~.

 -- Thomas Goirand   Wed, 28 Sep 2016 10:10:32 +0200

python-dogpile.cache 0.6.2-0ubuntu1 -> 0.6.2-5

* Last Uploader: James Page

Debian changes newer than ubuntu version:

python-dogpile.cache (0.6.2-5) unstable; urgency=medium

  * Revert another non-deterministic test (Closes: #861173).

 -- Thomas Goirand   Tue, 25 Apr 2017 16:27:04 +0200

python-dogpile.cache (0.6.2-4) unstable; urgency=medium

  * Adds remove-non-deterministic-tests.patch (Closes: #841516).

 -- Thomas Goirand   Mon, 31 Oct 2016 09:20:00 +0100

python-dogpile.cache (0.6.2-3) unstable; urgency=medium

  [ Ondřej Nový ]
  * d/s/options: extend-diff-ignore of .gitreview
  * d/control: Use correct branch in Vcs-* fields

  [ Thomas Goirand ]
  * Uploading to unstable.

 -- Thomas Goirand   Tue, 04 Oct 2016 10:52:16 +0200

python-dogpile.cache (0.6.2-2) experimental; urgency=medium

  * Using OpenStack's Gerrit as VCS URLs.
  * Fixed .gitreview file.
  * Using pkgos-dh_auto_install from openstack-pkg-tools >= 52~.
  * Removed unactive uploaders.

 -- Thomas Goirand   Tue, 13 Sep 2016 22:51:09 +0200

python-dogpile.cache (0.6.2-1) experimental; urgency=medium

  * New upstream release.

 -- James Page   Tue, 30 Aug 2016 14:33:58 +0100

python-formencode 1.3.0-0ubuntu5 -> 1.3.0-2

* Last Uploader: LaMont Jones

Debian changes newer than ubuntu version:

python-formencode (1.3.0-2) unstable; urgency=medium

  * Add myself to Uploaders field.
  * Don't ship files in /usr/lib/python{2.7,3}/dist-packages/docs.
    (Closes: #860146)

 -- Chris Lamb   Fri, 14 Apr 2017 09:11:53 +0100

python-formencode (1.3.0-1) unstable; urgency=low

  [ Neil Muller]
  * New upstream release.
  * Add recent fixes from upstream to fix syntax errors in the *.po
    files.
  * Reformat copyright to the machine readable format.
    - Update some stale information.
  * Add myself to Uploaders.
  * Bump standards version to 3.9.8 (No further changes needed).
  * Tweak packages descriptions.
  * Add debian/0004-Remove-test_email-dns-tests.patch to disable new
    tests which require dns.

  [ Piotr Ożarowski ]
  * Bump minimum required Python version to 2.6
  * Add python3-formencode binary package
  * Replace python-dns with python-dnspython dependency
  * Add disable_pkg_resources_in_tests patch - this makes it possible to run
    tests after build (and is useless anyway)

  [ Stefano Rivera ]
  * Refresh patches.
  * Move from SVN to Git, update Vcs-* fields.

  [ Ondřej Nový ]
  * Fixed VCS URL (https)

 -- Neil Muller   Fri, 17 Jun 2016 22:47:57 +0000

python-networkx 1.11-1ubuntu1 -> 1.11-2

* Last Uploader: Matthias Klose

Debian changes newer than ubuntu version:


python-pika 0.10.0-1ubuntu1 -> 0.10.0-3

* Last Uploader: Barry Warsaw

Debian changes newer than ubuntu version:

python-pika (0.10.0-3) unstable; urgency=medium

  * Team upload.
  * Fix "python-pika FTBFS: rm: cannot remove version_history.txt: No
    such file or directory" filename now version_history.rst.txt (Closes:
    #867990)
  * Fix spelling in debian/python-pika-doc.doc-base 
  * Add autopkgtests 
  * Bump standards version from 3.9.6 to 4.0.0 (no change required) 

 -- Christopher Hoskin   Fri, 28 Jul 2017 04:48:19 +0100

python-pika (0.10.0-2) UNRELEASED; urgency=medium

  * Fixed VCS URL (https)

 -- Ondřej Nový   Tue, 29 Mar 2016 22:15:48 +0200

python-pika-pool 0.1.3-1ubuntu2 -> 0.1.3-2

* Last Uploader: Michael Hudson-Doyle

Debian changes newer than ubuntu version:

python-pika-pool (0.1.3-2) unstable; urgency=medium

  [ Corey Bryant ]
  * d/watch: Get orig tarball from pypi.debian.net.
  * d/control, d/rules, d/tests/*: Add autopkgtests to run unit tests since
    they require a running rabbitmq-server.

  [ Ondřej Nový ]
  * d/rules: Changed UPSTREAM_GIT protocol to https
  * d/s/options: extend-diff-ignore of .gitreview
  * d/control: Using OpenStack's Gerrit as VCS URLs.

 -- Corey Bryant   Fri, 04 Mar 2016 13:54:32 -0500

python-pyeclib 1.3.1-1ubuntu2 -> 1.4.0-2

* Last Uploader: Michael Hudson-Doyle

Debian changes newer than ubuntu version:

python-pyeclib (1.4.0-2) unstable; urgency=medium

  * Prevent division by zero in tests (patch from upstream)

 -- Ondřej Nový   Sun, 25 Dec 2016 21:01:35 +0100

python-pyeclib (1.4.0-1) unstable; urgency=medium

  * New upstream release
  * Bump debhelper version to 10
  * debian/tests/control: Add isa_l_rs_cauchy backend test

 -- Ondřej Nový   Tue, 13 Dec 2016 23:30:09 +0100

python-pysaml2 3.0.0-3ubuntu1 -> 3.0.0-5

* Last Uploader: Łukasz Zemczak

Debian changes newer than ubuntu version:

python-pysaml2 (3.0.0-5) unstable; urgency=medium

  [ Ondřej Nový ]
  * Bumped debhelper compat version to 10

  [ Thomas Goirand ]
  * Add upstream patch for XML External Entity attack (Closes: #850716).

 -- Thomas Goirand   Mon, 09 Jan 2017 16:28:55 +0100

python-pysaml2 (3.0.0-4) unstable; urgency=medium

  [ gustavo panizzo ]
  * Increase the minimun version of python-pyasn1 required.

  [ Ondřej Nový ]
  * Fixed VCS URLs (https).
  * d/rules: Changed UPSTREAM_GIT protocol to https
  * d/copyright: Changed source URL to https protocol
  * d/s/options: extend-diff-ignore of .gitreview
  * d/control: Using OpenStack's Gerrit as VCS URLs.

 -- Ondřej Nový   Sun, 28 Feb 2016 15:47:50 +0100

python-requestsexceptions 1.1.2-0ubuntu1 -> 1.1.2-2

* Last Uploader: Corey Bryant (sponsored by James Page)

Debian changes newer than ubuntu version:

python-requestsexceptions (1.1.2-2) unstable; urgency=medium

  * Fixed VCS URLs (https).
  * d/rules: Changed UPSTREAM_GIT protocol to https
  * d/s/options: extend-diff-ignore of .gitreview
  * d/control: Using OpenStack's Gerrit as VCS URLs.

 -- Ondřej Nový   Sun, 28 Feb 2016 15:49:05 +0100

python-requestsexceptions (1.1.2-1) unstable; urgency=medium

  * New release.
  * Fix dependencies.

 -- Ivan Udovichenko   Tue, 12 Jan 2016 00:40:34 +0200

python-rjsmin 1.0.12+dfsg1-2ubuntu2 -> 1.0.12+dfsg1-4

* Last Uploader: Michael Hudson-Doyle

Debian changes newer than ubuntu version:

python-rjsmin (1.0.12+dfsg1-4) unstable; urgency=medium

  [ Ondřej Nový ]
  * Fixed VCS URLs (https).

  [ Thomas Goirand ]
  * Added debian/source.lintian-overrides.

  [ Ondřej Nový ]
  * d/rules: Changed UPSTREAM_GIT protocol to https
  * d/s/options: extend-diff-ignore of .gitreview
  * d/control: Using OpenStack's Gerrit as VCS URLs.
  * Fix typo on long desc (Closes: #839685).

 -- Thomas Goirand   Thu, 10 Mar 2016 10:43:35 +0100

python-seamicroclient 0.4.0-1ubuntu1 -> 0.4.0-3

* Last Uploader: Andres Rodriguez

Debian changes newer than ubuntu version:

python-seamicroclient (0.4.0-3) unstable; urgency=medium

  [ Thomas Goirand ]
  * Uploading to unstable.
  * Added missing build-depends-indep: subunit.
  * Removed argparse from requirements.txt and lift pbr upper bound.
  * Added missing python-requests build-dep.
  * Blacklist a number of tests:
    - tests.test_http.ClientTest.test_get
    - test_http.ClientTest.test_post
    - v2.test_fantrays.FanTraysTest.test_list_fantrays
    - v2.test_scards.ScardsTest.test_list_scards
    - v2.test_servers.ServersTest.test_server_set_tagged_vlan
    - v2.test_servers.ServersTest.test_server_set_untagged_vlan
    - v2.test_servers.ServersTest.test_server_unset_tagged_vlan
    - v2.test_servers.ServersTest.test_server_unset_untagged_vlan
    - v2.test_system.Systemstest.test_list_system
  * Using OpenStack's Gerrit as VCS URLs.

  [ Ondřej Nový ]
  * Fixed VCS URLs (https).
  * d/rules: Changed UPSTREAM_GIT protocol to https
  * d/s/options: extend-diff-ignore of .gitreview
  * d/control: Use correct branch in Vcs-* fields

 -- Thomas Goirand   Thu, 10 Mar 2016 10:31:04 +0100

qemu 1:2.8+dfsg-3ubuntu4 -> 1:2.8+dfsg-6

* Last Uploader: ChristianEhrhardt

Debian changes newer than ubuntu version:

qemu (1:2.8+dfsg-6) unstable; urgency=high

  * 9pfs-local-forbid-client-access-to-metadata-CVE-2017-7493.patch
    Closes: CVE-2017-7493
  * group all 9p patches together
  * drop obsolete comment about libiscsi on ubuntu from d/control

 -- Michael Tokarev   Tue, 23 May 2017 09:58:03 +0300

qemu (1:2.8+dfsg-5) unstable; urgency=high

  * Security fix release
  * 9pfs-local-set-path-of-export-root-to-dot-CVE-2017-7471.patch
    Closes: #860785, CVE-2017-7471
  * 9pfs-xattr-fix-memory-leak-in-v9fs_list_xattr-CVE-2017-8086.patch
    Closes: #861348, CVE-2017-8086
  * vmw_pvscsi-check-message-ring-page-count-at-init-CVE-2017-8112.patch
    Closes: #861351, CVE-2017-8112
  * scsi-avoid-an-off-by-one-error-in-megasas_mmio_write-CVE-2017-8380.patch
    Closes: #862282, CVE-2017-8380
  * input-limit-kbd-queue-depth-CVE-2017-8379.patch
    Closes: #862289, CVE-2017-8379
  * audio-release-capture-buffers-CVE-2017-8309.patch
    Closes: #862280, CVE-2017-8309

 -- Michael Tokarev   Wed, 17 May 2017 09:01:24 +0300

qemu (1:2.8+dfsg-4) unstable; urgency=high

  * usb-ohci-limit-the-number-of-link-eds-CVE-2017-6505.patch
    Closes: #856969, CVE-2017-6505
  * linux-user-fix-apt-get-update-on-linux-user-hppa.patch
    Closes: #846084
  * update to 2.8.1 upstream stable/bugfix release
    (v2.8.1.diff from upstream, except of seabios blob bits).
    Closes: #857744, CVE-2016-9603
    Patches dropped because they're included in 2.8.1 release:
     9pfs-symlink-attack-fixes-CVE-2016-9602.patch
     char-fix-ctrl-a-b-not-working.patch
     cirrus-add-blit_is_unsafe-to-cirrus_bitblt_cputovideo-CVE-2017-2620.patch
     cirrus-fix-oob-access-issue-CVE-2017-2615.patch
     cirrus-ignore-source-pitch-as-needed-in-blit_is_unsafe.patch
     linux-user-fix-s390x-safe-syscall-for-z900.patch
     nbd_client-fix-drop_sync-CVE-2017-2630.patch
     s390x-use-qemu-cpu-model-in-user-mode.patch
     sd-sdhci-check-data-length-during-dma_memory_read-CVE-2017-5667.patch
     virtio-crypto-fix-possible-integer-and-heap-overflow-CVE-2017-5931.patch
     vmxnet3-fix-memory-corruption-on-vlan-header-stripping-CVE-2017-6058.patch
  * bump seabios dependency to 1.10.2 due to ahci fix in 2.8.1
  * 9pfs-fix-file-descriptor-leak-CVE-2017-7377.patch
    (Closes: #859854, CVE-2017-7377)
  * dma-rc4030-limit-interval-timer-reload-value-CVE-2016-8667.patch
    Closes: #840950, CVE-2016-8667
  * make d/control un-writable to stop users from changing a generated file
  * two patches from upstream to fix user-mode network with IPv6
    slirp-make-RA-build-more-flexible.patch
    slirp-send-RDNSS-in-RA-only-if-host-has-an-IPv6-DNS.patch
    (Closes: #844566)

 -- Michael Tokarev   Mon, 03 Apr 2017 16:28:49 +0300

samba 2:4.5.8+dfsg-2ubuntu5 -> 2:4.6.5+dfsg-8

* Last Uploader: Dimitri John Ledkov

Debian changes newer than ubuntu version:

samba (2:4.6.5+dfsg-8) unstable; urgency=medium

  * Remove dependency on update-inetd, not used anymore
  * vfs_ceph and vfs_glusterfs are linux only (d/rules part)
  * Remove build-dependency on faketime, not used anymore

 -- Mathieu Parent   Sun, 23 Jul 2017 19:56:07 +0200

samba (2:4.6.5+dfsg-7) unstable; urgency=medium

  * xfslibs-dev is only available on linux
  * Fix logrotate for /var/log/samba/log.samba to send SIGHUP to all processes
    of the service (systemd only)
  * Add reportbug script for samba-common, samba and winbind (Closes: #682861)

 -- Mathieu Parent   Fri, 21 Jul 2017 06:19:57 +0200

samba (2:4.6.5+dfsg-6) unstable; urgency=medium

  * libcephfs-dev is only available on linux
  * Fix libpam-winbind.prerm to be multiarch-safe (Closes: #647430)
  * Add missing logrotate for /var/log/samba/log.samba (Closes: #803924)
  * Use smbcontrol in logrotate when available (Closes: #804705)
  * From upstream: Fix outdated DNS Root servers (Closes: #865406)
  * Drop xsltproc_dont_build_smb.conf.5.patch, as #750593 is marked fixed
    (Closes: #776223)

 -- Mathieu Parent   Wed, 19 Jul 2017 22:53:50 +0200

samba (2:4.6.5+dfsg-5) unstable; urgency=medium

  * Remove bug_598313_upstream_7499-nss_wins-dont-clobber-daemons-logs.patch,
    unused
  * Remove samba-ad-dc.templates
  * Remove upstart files on upgrade (Closes: #867688)
  * glusterfs-common is only available on linux
  * Remove the samba service
  * Ensure /var/log/samba permissions are set (Closes: #711138)

 -- Mathieu Parent   Tue, 18 Jul 2017 23:29:44 +0200

samba (2:4.6.5+dfsg-4) unstable; urgency=high

  * This is a security release in order to address the following defects:
    - CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
      (Closes: #868209)
  * Other fixes:
    - Remove empty samba-common.maintscript (leading to empty preinst and
      prerm)

 -- Mathieu Parent   Thu, 13 Jul 2017 14:38:32 +0200

samba (2:4.6.5+dfsg-3) unstable; urgency=medium

  * Remove upstart code
  * Remove empty prerm for samba and samba-common-bin (Closes: #866258,
    #866284)
  * sysv: Use --pidfile in addition to --exec to avoid matching daemons in
    containers (Closes: #810794)
  * Standards-Version: 4.0.0
    - Use https form of the copyright-format URL (Debian Policy 4.0.0)
  * Remove debian/bzr-builddeb.conf
  * Remove empty debian/diversions
  * Remove "ugly workaround to get the manpages on every architecture to be
    identical", xsltproc now honour SOURCE_DATE_EPOCH
  * Remove dh-exec shbang in libnss-winbind.install
  * Remove empty debian/libsmbclient.manpages
  * Remove pre-jessie maintscript snipsets
  * Move to debhelper compat 10 (Major change: dh_installinit command now
    defaults to --restart-after-upgrade)
  * Remove unused samba-ad-dc package metadata (Closes: #866138)
  * Fix "Non-kerberos logins fails on winbind 4.X when krb5_auth is configured
    in PAM" (Closes: #739768)

 -- Mathieu Parent   Thu, 29 Jun 2017 09:45:59 +0200

samba (2:4.6.5+dfsg-2) unstable; urgency=medium

  * Upload to unstable
  * Move runtime dependencies of vfs_ceph and vfs_snapper to Recommends
  * Fix typo s/DESTIDR/DESTDIR/ in d/rules
  * Enable vfs_glusterfs (Closes: #864862)
  * Add libdbus-1-dev as Build-Depends to allow vfs_snapper to build (Closes:
    #804781). Patch by Willy Vanlid.

 -- Mathieu Parent   Mon, 19 Jun 2017 23:56:56 +0200

samba (2:4.6.5+dfsg-1) experimental; urgency=medium

  * New upstream version (Closes: #859390)
    - d/gbp.conf, d/watch: Change major version to 4.6
    - Bump Build-dependencies of talloc, tdb, tevent and ldb to resp. 2.1.9,
      1.3.12, O.9.31 and 1.1.29
    - Remove CVE-2017-7494.patch: applied upstream
    - Add Build-Depends: libcmocka-dev (>= 1.0)
    - Update d/*.install
    - d/samba-common.docs: Roadmap removed upstream
  * Update README.source, about importing major versions
  * d/control cleanup:
    - Remove Conflicts and Replaces on pre-wheezy samba4 packages
    - Remove Conflicts, Breaks and Replaces on pre-wheezy samba packages
    - Remove Conflicts, Breaks and Replaces on pre-jessie samba packages
    - Remove Conflicts, Breaks and Replaces on (pre-jessie) samba4 packages
    - Remove Conflicts on pre-jessie libldb1 package
    - Remove Breaks on pre-jessie qtsmbstatus-server package
    - Remove Replaces on pre-wheezy smbget package
    - wrap-and-sort
  * Add libcephfs-dev as b-d to build vfs_ceph (Closes: #856998). Patch from
    Ubuntu
  * Enable avahi support (Closes: #859875). Patch from Laurent Bigonville.
  * Translations:
    - Portuguese translation for debconf messages (Closes: #864172). Patch from
    Rui Branco
    - Hungarian translation for debconf messages (Closes: #708277)
  * Properly quote subshell invocation in samba-common.preinst (Closes: #771689)
  * Add Build-Depends: xfslibs-dev, for XFS quotas

 -- Mathieu Parent   Mon, 12 Jun 2017 08:09:43 +0200

spice 0.12.8-2.1ubuntu0.1 -> 0.12.8-2.2

* Last Uploader: Marc Deslauriers

Debian changes newer than ubuntu version:

spice (0.12.8-2.2) unstable; urgency=medium

  * Non-maintainer upload.
  * Fix CVE-2017-7506: (Closes: #868083)
    Possible buffer overflow via invalid monitor configurations.

 -- Markus Koschany   Fri, 21 Jul 2017 23:34:38 +0200

sqlalchemy 1.1.9+ds1-0ubuntu2 -> 1.1.11+ds1-1

* Last Uploader: Michael Hudson-Doyle

Debian changes newer than ubuntu version:

sqlalchemy (1.1.11+ds1-1) unstable; urgency=medium

  * New upstream release
  * Standards-Version bumped to 4.0.0 (no changes needed)

 -- Piotr Ożarowski   Tue, 20 Jun 2017 20:28:45 +0200

squid3 3.5.23-1ubuntu1 -> 3.5.23-5

* Last Uploader: Robie Basak

Debian changes newer than ubuntu version:

squid3 (3.5.23-5) unstable; urgency=medium

  * Reload squid so that it uses modified config, not default one.

 -- Santiago Garcia Mantinan   Sat, 03 Jun 2017 00:36:55 +0200

squid3 (3.5.23-4) unstable; urgency=medium

  [ Andreas Beckmann  ]
  * debian/squid.postinst
    - Fix another upgrade edge case from 2.7 default install (Closes: #801564)

  [ Amos Jeffries  ]
  * debian/squid.logrotate
    - Add missing piece of fix for sarg daily reports (LP: #1414754)

 -- Santiago Garcia Mantinan   Fri, 02 Jun 2017 00:19:55 +0200

squid3 (3.5.23-3) unstable; urgency=medium

  [ Amos Jeffries  ]
  * debian/squid.preinst
    - Fix upgrade sequence from jesse squid3 package (Closes: #858556)

  [ Santiago Garcia Mantinan  ]
  * debian/squid.{preinst,postinst,postrm}
    - Fix problems with empty squid3 dir and squid 2.7 installed
      (use the right logic with better checks).
    - Avoid install abortion by stopping squid3 only when it runs.

  [ Eric Veiras Galisson  ]
  * debian/squid.rc
    - Fix returncode is wrong with conf file with errors (Closes: #857137)

 -- Santiago Garcia Mantinan   Sat, 08 Apr 2017 02:52:28 +0200

squid3 (3.5.23-2) unstable; urgency=medium

  [ Santiago Garcia Mantinan  ]
  * debian/squid.{preinst,postinst,postrm}
    - Fix upgrade sequence from 2.7 packages (Closes: #801564)

  [ Amos Jeffries  ]
  * debian/control
    - Relax dependency between squid and squid-common packages (Closes: #399489)
    - Add squidclient Recommends on ssl-cert

  [ Robie Basak  ]
  * debian/control
    - Add missing pre-depends on adduser
    - Add Vcs-Browser URL

 -- Santiago Garcia Mantinan   Sun, 19 Mar 2017 23:23:57 +0100

strongswan 5.5.1-4ubuntu1 -> 5.5.3-2

* Last Uploader: ChristianEhrhardt

Debian changes newer than ubuntu version:

strongswan (5.5.3-2) unstable; urgency=medium

  * debian/control:
    - fix typo in libstrongswan-extra-plugins long description.
  * move curve25519 plugin from libcharon-extra-plugins to
    libstrongswan-extra-plugins 

 -- Yves-Alexis Perez   Wed, 28 Jun 2017 13:07:19 +0200

strongswan (5.5.3-1) unstable; urgency=medium

  * New upstream release.
  * debian/control:
    - update standards version to 4.0.0

 -- Yves-Alexis Perez   Fri, 23 Jun 2017 14:07:42 +0200

strongswan (5.5.2-1) experimental; urgency=medium

  * New upstream release.
  * debian/patches/03_systemd-service refreshed.
  * debian/libcharon-extra-plugins.install:
    - include curve25519 plugin.
  * debian/libstrongswan-extra-plugins.install:
    - install libtpmtss library.

 -- Yves-Alexis Perez   Fri, 19 May 2017 11:32:00 +0200

tomcat8 8.0.38-2ubuntu2 -> 8.5.16-1

* Last Uploader: Joshua Powers (sponsored by Robie Basak)

Debian changes newer than ubuntu version:

tomcat8 (8.5.16-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
    - Refreshed the patches
  * Standards-Version updated to 4.0.0

 -- Emmanuel Bourg   Mon, 26 Jun 2017 16:03:53 +0200

tomcat8 (8.5.15-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
    - Refreshed the patches

 -- Emmanuel Bourg   Wed, 21 Jun 2017 13:00:44 +0200

tomcat8 (8.5.14-2) unstable; urgency=high

  * Team upload.
  * Fixed CVE-2017-5664: Static error pages can be overwritten if the
    DefaultServlet is configured to permit writes (Closes: #864447)

 -- Emmanuel Bourg   Thu, 08 Jun 2017 12:28:34 +0200

tomcat8 (8.5.14-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
    - Removed the CVE patches (fixed in this release)

 -- Emmanuel Bourg   Mon, 08 May 2017 00:17:52 +0200

tomcat8 (8.5.12-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
    - Refreshed the patches

 -- Emmanuel Bourg   Tue, 18 Apr 2017 09:53:23 +0200

tomcat8 (8.5.11-2) unstable; urgency=medium

  * Team upload.
  * Fix the following security vulnerabilities (Closes: #860068):
    Thanks to Salvatore Bonaccorso for the report.
   - CVE-2017-5647:
     A bug in the handling of the pipelined requests when send file was used
     resulted in the pipelined request being lost when send file processing of
     the previous request completed. This could result in responses appearing
     to be sent for the wrong request. For example, a user agent that sent
     requests A, B and C could see the correct response for request A, the
     response for request C for request B and no response for request C.
   - CVE-2017-5648:
     It was noticed that some calls to application listeners did not use the
     appropriate facade object. When running an untrusted application under a
     SecurityManager, it was therefore possible for that untrusted application
     to retain a reference to the request or response object and thereby access
     and/or modify information associated with another web application.
   - CVE-2017-5650:
     The handling of an HTTP/2 GOAWAY frame for a connection did not close
     streams associated with that connection that were currently waiting for a
     WINDOW_UPDATE before allowing the application to write more data. These
     waiting streams each consumed a thread. A malicious client could therefore
     construct a series of HTTP/2 requests that would consume all available
     processing threads.
   - CVE-2017-5651:
     The refactoring of the HTTP connectors for 8.5.x onwards, introduced a
     regression in the send file processing. If the send file processing
     completed quickly, it was possible for the Processor to be added to the
     processor cache twice. This could result in the same Processor being used
     for multiple requests which in turn could lead to unexpected errors and/or
     response mix-up.
  *  debian/control: tomcat8: Fix Lintian error and depend on lsb-base.

 -- Markus Koschany   Wed, 12 Apr 2017 09:58:46 +0200

tomcat8 (8.5.11-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
    - Refreshed the patches
  * Recommend Java 8 in /etc/default/tomcat8

 -- Emmanuel Bourg   Tue, 17 Jan 2017 15:09:30 +0100

tomcat8 (8.5.9-2) unstable; urgency=medium

  * Team upload.
  * Require Java 8 or higher (Closes: #848612)

 -- Emmanuel Bourg   Mon, 19 Dec 2016 15:35:19 +0100

tomcat8 (8.5.9-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
    - Refreshed the patches
  * Restored the classloading from the common, server and shared directories
    under CATALINA_BASE (Closes: #847137)
  * Fixed the installation error when JAVA_OPTS in /etc/default/tomcat8
    contains the '%' character (Closes: #770911)

 -- Emmanuel Bourg   Thu, 08 Dec 2016 22:26:36 +0100

tomcat8 (8.5.8-2) unstable; urgency=medium

  * Team upload.
  * Upload to unstable.
  * No longer make /etc/tomcat8/Catalina/localhost writable by the tomcat8 user
    in the postinst script (Closes: #845393)
  * The tomcat8 user is no longer removed when the package is purged
    (Closes: #845385)
  * Compress and remove the access log files with a .txt extension
    (Closes: #845661)
  * Added the delaycompress option to the logrotate configuration
    of catalina.out (Closes: #843135)
  * Changed the home directory for the tomcat8 user from /usr/share/tomcat8
    to /var/lib/tomcat8 (Closes: #833261)
  * Aligned the logging configuration with the upstream one
  * Set the proper permissions for /etc/tomcat8/jaspic-providers.xml
  * Install the new library jaspic-api.jar
  * Install the Maven artifacts for tomcat-storeconfig
  * Simplified debian/rules

 -- Emmanuel Bourg   Thu, 01 Dec 2016 18:41:14 +0100

tomcat8 (8.5.8-1) experimental; urgency=medium

  * Team upload.
  * New upstream release
    - Refreshed the patches
    - Tomcat no longer builds tomcat-embed-logging-juli.jar
    - Updated the policy files
    - Added a NEWS file detailing the major changes in Tomcat 8.5.x
  * Enabled the APR library loading by default (required for HTTP/2 support)
  * Promoted libtcnative-1 from suggested to recommended dependency
  * Enabled the APR tests
  * Fixed the test failure with TestStandardContextAliases
  * Added a link to the Tomcat 8.5 migration guide in README.Debian
  * Adapted debian/orig-tar.sh to download the 8.5.x releases

 -- Emmanuel Bourg   Thu, 17 Nov 2016 23:54:35 +0100

tomcat8 (8.0.39-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
    - Refreshed the patches

 -- Emmanuel Bourg   Tue, 15 Nov 2016 15:37:48 +0100

u-boot 2016.03+dfsg1-6ubuntu2 -> 2017.07+dfsg1-1

* Last Uploader: Paolo Pisati (sponsored by Tim Gardner)

Debian changes newer than ubuntu version:

u-boot (2017.07+dfsg1-1) unstable; urgency=medium

  * New upstream release.
  * debian/patches:
    - Refresh am57xx/omap5_distro_bootcmd.
    - Refresh distro_bootcmd patches for am57xx and odroid.
    - Sync mx6cuboxi4x4 patch with mx6cuboxi.
  * u-boot-sunxi: Install README.sunxi64.
  * [arm64] u-boot-sunxi: Install additional pine64 targets needed to
    manually build an SPL image.
  * [arm64] u-boot-rockchip: Add firefly-rk3399 target.
  * [armhf] Add Build-Depends on libpython-dev:native and swig.
  * [arm64] Add build-depends on libpython-dev:native, python and swig.
  * debian/rules: Split generation of rksd images into script, supporting
    generation for both rk3288 and rk3399 systems.
  * debian/copyright: Remove entries from Files-Excluded no longer present
    upstream.

 -- Vagrant Cascadian   Mon, 10 Jul 2017 12:46:22 -0700

u-boot (2017.05+dfsg1-1) experimental; urgency=medium

  * New upstream release.
  * Remove patches, applied upstream:
    - odroid-c2/0001-meson-gxbb-enable-MMC-as-boot-target.patch
    - odroid-c2/0002-meson-gxbb-change-ramdisk_addr_r.patch
  * Refresh patches:
    - am57xx/omap5_distro_bootcmd
    - n900-bootz-raw-initrd.diff
  * Split Build-Depends into multiple lines.
  * Add dependencies for cross-building arm64, armhf and armel.

 -- Vagrant Cascadian   Mon, 08 May 2017 17:17:42 -0700

u-boot (2017.05~rc2+dfsg1-1) experimental; urgency=medium

  * New upstream release candidate.

  * Remove patches applied upstream:
    - mx6cuboxi/serial_console_speed
    - Makefile-Fix-linking-with-modern-binutils

  * Refresh patches:
    - am57xx/omap5_distro_bootcmd
    - arndale/board-spl-rule

  * [arm64] Add u-boot-amlogic
    - Enable the odroid-c2 target.
    - Add patches:
      + Enable MMC boot on odroid-c2.
      + Fix ramdisk load address on odroid-c2.

 -- Vagrant Cascadian   Tue, 18 Apr 2017 20:24:42 -0700

u-boot (2017.05~rc1+dfsg1-1) experimental; urgency=medium

  * New upstream release candidate.

  * Refresh patches:
    - beagleboneblack usb-mass-storage.
    - mx6cuboxi4x4.
    - Update am57xx distro_bootcmd patch and also fix for dra7xx_evm.

  * Remove patches applied upstream:
    - orangepi_zero
    - openrd

  * Add patches from upstream:
    - Fix building with binutils.

  * Update lintian overrides with openrd targets.

 -- Vagrant Cascadian   Wed, 12 Apr 2017 10:47:29 -0700

u-boot (2016.11+dfsg1-4) unstable; urgency=medium

  [ Vagrant Cascadian ]
  * [armel] Apply a patch from upstream to fix openrd targets which failed
    to boot, and re-enable the openrd targets (Closes: #856441). Thanks to
    Albert ARIBAUD for the patch, Martin Michlmayr for pointing out the
    patch, and Phil Hands and Rick Thomas for testing on various openrd
    platforms.

  [ Martin Michlmayr ]
  * u-boot-rpi: typo in README.Debian (Closes: #858574).

 -- Vagrant Cascadian   Mon, 27 Mar 2017 14:39:51 -0400

u-boot (2016.11+dfsg1-3) unstable; urgency=medium

  [ Peter Michael Green ]
  * u-boot-imx: Add patch to add an mx6cuboxi4x4 target, supporting boards
    with 4GB of ram (Closes: #848911).

  [ Vagrant Cascadian ]
  * u-boot-sunxi: Add patches to support orangepi_zero.
    (Closes: #848557). Thanks to Mateusz Łukasik.
  * Add Rick Thomas to mx6cuboxi testers.

 -- Vagrant Cascadian   Wed, 21 Dec 2016 20:44:44 -0800

u-boot (2016.11+dfsg1-2) unstable; urgency=medium

  * u-boot-sunxi: Add nanopi_neo target.
    Thanks to Paul Tagliamonte. (Closes: #845932).

 -- Vagrant Cascadian   Fri, 16 Dec 2016 14:10:52 +0100

u-boot (2016.11+dfsg1-1) unstable; urgency=medium

  * New upstream release.
  * Remove mksunxiboot-spl patch, applied upstream.
  * Refresh patches.
  * Enable Cubieboard4 target.
  * Remove patches for ram detection on rk3288, applied upstream.

 -- Vagrant Cascadian   Thu, 17 Nov 2016 11:10:12 -0800

u-boot (2016.11~rc2+dfsg1-1) experimental; urgency=medium

  * New upstream release candidate.
  * Refresh patch for am57xx to use distro_bootcmd support.
  * Remove patches from 2016.09.01, applied upstream.
  * Add patches to enable ram detection on rockchip rk3288 platforms.
  * Update lintian overrides for openrd removal.

 -- Vagrant Cascadian   Thu, 27 Oct 2016 11:25:47 -0700

u-boot (2016.09+dfsg1-2) unstable; urgency=medium

  * odroid-xu3: Add patch to use the default bootdelay from
    distro_bootcmd.
  * Remove Philip Rinn from Cubieboard2 testers.
  * u-boot-rpi: Add documentation for configuring raspberry pi to use
    u-boot.
  * debian/watch: Add signature checking of upstream tarball.
  * u-boot-tools: Add device-tree-compiler to Recommends. Thanks to
    Pierre-Hugues Husson.  (Closes: #841351).
  * Apply patches from v2016.09.01:
    - 0001-Revert-Increase-default-of-CONFIG_SYS_MALLOC_F_LEN-f.patch
    - 0002-Revert-image-fit-switch-ENOLINK-to-ENOENT.patch
  * Remove openrd targets, as they do not boot (Closes: #837629).

 -- Vagrant Cascadian   Sun, 23 Oct 2016 19:36:36 -0700

u-boot (2016.09+dfsg1-1) unstable; urgency=medium

  * New upstream version.

  [ Vagrant Cascadian ]
  * Remove Ian Campbell from the list of arndale testers.
  * Remove Joey Hess from the A10-OLinuXino-Lime testers.
  * [armhf] u-boot-sunxi: Enable the CHIP target.
  * Refresh and remove patches applied upstream.

 -- Vagrant Cascadian   Mon, 12 Sep 2016 12:43:29 -0700

u-boot (2016.09~rc2+dfsg1-1) experimental; urgency=medium

  [ Vagrant Cascadian ]
  * New upstream release candidate.
  * Simplify cross-building in debian/rules.
  * Refresh debian/patches/tools-only-in-no-dot-config-targets.diff
  * u-boot-omap:
    - Add omap3_pandora target.
    - Add patches to switch omap3-pandora to use distro bootcmd.
  * Add patches from upstream to fix cache issues.

  [ Martin Michlmayr ]
  * Generate bootable image for DragonBoard 410c (Closes: #835656).

  [ Vagrant Cascadian ]
  * [arm64] Fix cross-building of DragonBoard 410c:
    - Allow skales:native to satisfy build-dependency.
    - Add build-depends on libfdt-dev:native.

 -- Vagrant Cascadian   Tue, 30 Aug 2016 11:36:35 -0700

u-boot (2016.09~rc1+dfsg1-1) experimental; urgency=medium

  * New upstream release candidate.
  * Remove patches applied upstream.
  * Remove redundant u-boot-rockchip.docs, as it is handled in the
    u-boot-rockchip.install file.
  * u-boot-sunxi: Install README for pine64 target.
  * Add build-depends on python:any [armhf], which is now required to
    build the firefly-rk3288 target.
  * Fix build of firefly-rk3288 target, which now uses u-boot-spl.bin to
    generate rksd image.
  * Build u-boot.img and u-boot.bin instead of deprecated u-boot-dtb.*
    targets.

 -- Vagrant Cascadian   Mon, 01 Aug 2016 00:42:12 -0700

u-boot (2016.07~rc3+dfsg1-2) experimental; urgency=medium

  * [armel] Apply patch from upstream that fixes FTBFS on openrd variants.
    (Closes: #830169).

 -- Vagrant Cascadian   Thu, 07 Jul 2016 11:17:30 +0200

u-boot (2016.07~rc3+dfsg1-1) experimental; urgency=medium

  * New upstream release candidate.

  [ Vagrant Cascadian ]
  * u-boot-sunxi: Enable on arm64.
  * u-boot-sunxi: Enable pine64_plus target on arm64.
  * Remove reproducibility patches, applied upstream.

  [ Ricardo Salveti ]
  * [arm64] Add u-boot-qcom package and enable dragonboard410c target
    (Closes: #824955).
  * Add patch submitted upstream "dragonboard410c: adding missing default
    addr for script and pxe boot."
  * Add patch submitted upstream "dragonboard410c: prefer sdcard boot over
    emmc"

 -- Vagrant Cascadian   Tue, 05 Jul 2016 12:34:49 +0200

u-boot (2016.07~rc1+dfsg1-3) experimental; urgency=medium

  [ Martin Michlmayr ]
  * Add NVIDIA to Tegra description
  * u-boot-tegra.README.Debian: fix name of package
  * u-boot-tegra.README.Debian: improve Jetson TK instructions.
    (Closes: #827081).

  [ Vagrant Cascadian ]
  * debian/control: u-boot-tools is not needed when cross-building on
    arm64.
  * Add patch to respect SOURCE_DATE_EPOCH when building FIT images,
    fixing reproducibility issues with dra7xx_evm target. Thanks to HW42
    for the patch.

 -- Vagrant Cascadian   Thu, 16 Jun 2016 12:29:51 -0700

u-boot (2016.07~rc1+dfsg1-2) experimental; urgency=medium

  * u-boot-tegra: Only install p2371-2180 symlink on arm64.
    (Closes: #826905). Thanks to Martin Michlmayr for the report!
  * Add patch to fix reproducibility issues with ld and some
    locales. Thanks to HW42!

 -- Vagrant Cascadian   Sun, 12 Jun 2016 06:15:22 -0700

u-boot (2016.07~rc1+dfsg1-1) experimental; urgency=medium

  * New upstream release candidate.

  [ Martin Michlmayr ]
  * u-boot-tegra:
    - Add Jetson TX1 (P2371-2180) target (Closes: #825458).
    - Add arm64 arch.
    - Update README.Debian for Jetson TX1.

  [ Vagrant Cascadian ]
  * u-boot-omap: Update use dra7xx_evm target.
  * u-boot-imx: Remove patch to us private libgcc on imx systems.
  * u-boot-exynos:
    - Refresh odroid distro_bootcmd patch.
    - Increase default environment size on odroid-u3 to support
      distro_bootcmd.
  * u-boot-sunxi: Enable Cubietruck_plus target.

 -- Vagrant Cascadian   Tue, 07 Jun 2016 12:04:16 -0700

u-boot (2016.05+dfsg1-1) experimental; urgency=medium

  * New upstream version.

  [ Ryan Finnie ]
  * u-boot-rpi: Add rpi_3, rpi_3_32b target (Closes: #823524).
  * u-boot-rpi: Add arm64 arch.
 
  [ Vagrant Cascadian ]
  * Remove patches applied upstream:
   - Revert-ti_armv7_common.h-Fix-U-Boot-location-on-eMMC.patch
   - Revert-rockchip-rk3288-correct-sdram-setting.patch
   - odroid-Update-README-with-correct-firmware-link-and-.patch

 -- Vagrant Cascadian   Tue, 17 May 2016 13:03:11 -0700

u-boot (2016.05~rc3+dfsg1-1) experimental; urgency=medium

  * New upstream release candidate.
  * Update debian/patches for 2016.05-rc3.
  * u-boot-rockchip:
    - Revert upstream patch to fix detected ram size on Firefly boards.
  * u-boot-imx:
    - Add patch to fix FTBFS by using u-boot's private libgcc.
  * u-boot-tools:
    - Add fw_env.config for openrd (Closes: #821056).
      Thanks to Rick Thomas.
  * u-boot-omap:
    - Revert upstream patch changing the default offsets for loading
      u-boot from eMMC.
  * u-boot-exynos:
    - Add odroid-xu3 target, tested on Odroid-XU4.
    - Add patch from upstream with updated documentation about Odroid-XU4
      target.

 -- Vagrant Cascadian   Sat, 30 Apr 2016 18:53:04 -0700

unattended-upgrades 0.93.1ubuntu7 -> 0.93.1+nmu2

* Last Uploader: Julian Andres Klode

Debian changes newer than ubuntu version:

unattended-upgrades (0.93.1+nmu2) unstable; urgency=medium

  * Non-maintainer upload.
  * Fix PEP8 failures (replace except: with except Exception:) 
    (Closes: #865897)

 -- Julian Andres Klode   Thu, 20 Jul 2017 10:51:11 +0200

unattended-upgrades (0.93.1+nmu1) unstable; urgency=medium

  * Non-maintainer upload.

  [ Louis Bouchard ]
  * Fix the unattended-upgrades.service unit not correctly working:
    - d/rules : Remove the override_dh_installinit. The stop option is no longer
      available so the command falls back to default. This is the normal
      behavior so the override is not required
    - d/unattended-upgrades.init : Add Default-Start runlevels, otherwise the 
      unattended-upgrades.service unit cannot be enabled on boot
    - d/postinst : Cleanup the stop symlinks created by the wrong
      override_dh_installinit. Without that, the systemd unit cannot be
      enabled correctly.
      Force disable the service before deb-systemd-helper runs so the old 
      symlink is not left dangling (workaround for Debian Bug #797108).
      Force enable and start of the systemd unit to work around Debian Bug
      #797108 which fails to enable systemd units correctly when WantedBy=
      statement is changed which is the case here.
    - d/unattended-upgrades.service : Fix the service so it runs correctly on
      shutdown :
        Remove DefaultDependencies=no : Breaks normal shutdown dependencies
        Set After= to network.target and local-fs.target. Since our service is
        now ExecStop, it will run before network and local-fs become
        unavailable. Add RequiresMountsFor=/var/log /var/run /var/lib /boot : 
        Necessary if /var is a separate file system. Set WantedBy= to
        multi-user.target
    - Add DEP8 tests to verify the following :
      Verify that the unattended-upgrades.service unit is enabled and started.
      Verify that InstallOnShutdown works when configured.
    (Closes: #809669)

 -- Gaudenz Steinlin   Sat, 06 May 2017 19:42:14 +0200

webtest 2.0.23-1ubuntu1 -> 2.0.27-1

* Last Uploader: Chuck Short

Debian changes newer than ubuntu version:

webtest (2.0.27-1) unstable; urgency=medium

  * New upstream release
  * Standards-Version bumped to 4.0.0 (no changes needed)

 -- Piotr Ożarowski   Tue, 20 Jun 2017 20:01:46 +0200

webtest (2.0.24-1) unstable; urgency=medium

  * New upstream release

 -- Piotr Ożarowski   Wed, 21 Dec 2016 12:45:16 +0100

xapian-bindings 1.4.3-1ubuntu2 -> 1.4.4-3

* Last Uploader: Michael Hudson-Doyle

Debian changes newer than ubuntu version:

xapian-bindings (1.4.4-3) unstable; urgency=medium

  * Upload to unstable.
  * debian/control.in: Declare conformance with standards-version 4.0.0.
  * debian/watch: Update to use https links.

 -- Olly Betts   Sat, 01 Jul 2017 14:55:29 +1200

xapian-bindings (1.4.4-2) experimental; urgency=medium

  * debian/control: Needs libxapian-dev (>= 1.4.4) for elimination of
    superfluous "0 *" from query descriptions.

 -- Olly Betts   Wed, 26 Apr 2017 16:01:17 +1200

xapian-bindings (1.4.4-1) experimental; urgency=medium

  * New upstream release
    + Fix QueryParser methods add_boolean_prefix() and add_prefix() to accept
      a string for the `grouping` parameter.  (Closes: #849722)

 -- Olly Betts   Wed, 26 Apr 2017 11:14:16 +1200

xen 4.8.0-1ubuntu2 -> 4.8.1-1+deb9u1

* Last Uploader: Stefan Bader

Debian changes newer than ubuntu version:

xen (4.8.1-1+deb9u1) unstable; urgency=medium

  * Security fixes for XSA-213 (Closes:#861659) and XSA-214
    (Closes:#861660).  (Xen 4.7 and later is not affected by XSA-215.)

 -- Ian Jackson   Tue, 02 May 2017 12:19:57 +0100

xen (4.8.1-1) unstable; urgency=high

  * Update to upstream 4.8.1 release.
    Changes include numerous bugfixes, including security fixes for:
      XSA-212 / CVE-2017-7228   Closes:#859560
      XSA-207 / no cve yet      Closes:#856229
      XSA-206 / no cve yet      no Debian bug

 -- Ian Jackson   Tue, 18 Apr 2017 18:05:00 +0100

xen (4.8.1~pre.2017.01.23-1) unstable; urgency=medium

  * Update to current upstream stable-4.8 git branch (Xen 4.8.1-pre).
    Contains bugfixes.
  * debian/control-real etc.: debian.py: Allow version numbers like this.

 -- Ian Jackson   Mon, 23 Jan 2017 16:03:31 +0000