Delta generated at: 2022-05-24 11:37 UTC

apache2 2.4.52-1ubuntu4 -> 2.4.53-2

* Last Uploader: Bryce Harrington

Sync or Merge bug: Bug #1971248 in apache2 (Ubuntu): "Merge apache2 from Debian unstable for kinetic" (In Progress)

Debian changes newer than ubuntu version:

Error creating changes log. Please look manually

bind9 1:9.18.1-1ubuntu1 -> 1:9.18.3-1

* Last Uploader: Sergio Durigan Junior

Sync or Merge bug: Bug #1971250 in bind9 (Ubuntu): "Merge bind9 from Debian unstable for kinetic" (New)

Debian changes newer than ubuntu version:

bind9 (1:9.18.3-1) unstable; urgency=medium

  * New upstream version 9.18.3

 -- Ondřej Surý   Wed, 18 May 2022 16:53:01 +0200

bind9 (1:9.18.2-1) unstable; urgency=medium

  * Drop libldap2-dev from Build-Depends (Closes: #1008021)
  * New upstream version 9.18.2
  * Add runtime dependency on libuv1 >= 1.40.0 (Closes: #1009889)

 -- Ondřej Surý   Tue, 26 Apr 2022 11:03:35 +0200

cluster-glue 1.0.12-20ubuntu3 -> 1.0.12-21

* Last Uploader: Matthias Klose

Sync or Merge bug: Bug #1971268 in cluster-glue (Ubuntu): "Merge cluster-glue from Debian unstable for kinetic" (New)

Debian changes newer than ubuntu version:

cluster-glue (1.0.12-21) unstable; urgency=medium

  [ Lucas Kanashiro ]
  * d/t/logd: use journalctl to get logs if $LOG is not available

  [ Valentin Vidic ]
  * Update watch file url
  * Update build dependency on libltdl-dev (Closes: #1008889)
  * Add retries to logd autopkgtest
  * Update Standards-Version to 4.6.0
  * Update copyright file

 -- Valentin Vidic   Sun, 10 Apr 2022 16:17:14 +0200

corosync 3.1.6-1ubuntu1 -> 3.1.6-2

* Last Uploader: Miriam España Acebal (sponsored by Lucas Kanashiro)

Sync or Merge bug: Bug #1971270 in corosync (Ubuntu): "Merge corosync from Debian unstable for kinetic" (New)

Debian changes newer than ubuntu version:

corosync (3.1.6-2) unstable; urgency=medium

  [ Debian Janitor ]
  * [290ca16] Remove 2 obsolete maintscript entries in 2 files.
    Changes-By: lintian-brush
  * [8d89318] Update renamed lintian tag names in lintian overrides.
    Changes-By: lintian-brush
    Fixes: lintian: renamed-tag
    See-also: https://lintian.debian.org/tags/renamed-tag.html

  [ Ferenc Wágner ]
  * [f8c32e7] New patch: Remove bashism from configure script (Closes: #998785)

 -- Ferenc Wágner   Sun, 06 Mar 2022 20:07:05 +0100

crmsh 4.3.1-1ubuntu2 -> 4.3.1-3

* Last Uploader: Lucas Kanashiro

Sync or Merge bug: Bug #1971271 in crmsh (Ubuntu): "Merge crmsh from Debian unstable for kinetic" (New)

Debian changes newer than ubuntu version:

crmsh (4.3.1-3) unstable; urgency=medium

  [ Athos Ribeiro ]
  * d/p/0020-Use-crmsh-hb_report.patch: use the crmsh shipped hb_report script
    when available
  * d/p/0021-Support-python-310.patch: support Python 3.10
    (Closes: #1009087, #1009092)

  [ Valentin Vidic ]
  * d/patches: cleanup duplicate patch
  * d/rules: fix timestamps on patched files for reproducible build

 -- Valentin Vidic   Sun, 10 Apr 2022 09:48:28 +0200

crmsh (4.3.1-2) unstable; urgency=medium

  * d/tests: fix cluster init test
  * d/patches: add fix for python 3.10 (Closes: #1009087, #1009087)

 -- Valentin Vidic   Sun, 10 Apr 2022 07:11:23 +0200

cups-filters 1.28.15-0ubuntu1 -> 1.28.15-1

* Last Uploader: Till Kamppeter

Debian changes newer than ubuntu version:

cups-filters (1.28.15-1) unstable; urgency=medium

  * Update to new upstream version 1.28.15.

 -- Thorsten Alteholz   Tue, 12 Apr 2022 19:05:13 +0200

dovecot 1:2.3.16+dfsg1-3ubuntu3 -> 1:2.3.18+dfsg1-1

* Last Uploader: Steve Langasek

Sync or Merge bug: Bug #1971273 in dovecot (Ubuntu): "Merge dovecot from Debian unstable for kinetic" (New)

Debian changes newer than ubuntu version:

dovecot (1:2.3.18+dfsg1-1) unstable; urgency=medium

  [ Noah Meyerhans ]
  * [36966c8] New upstream version 2.3.18+dfsg1
  * [042bda4] Refresh patches for 1:2.3.18+dfsg1-1

 -- "Noah Meyerhans"   Thu, 10 Feb 2022 20:05:50 +0000

dovecot (1:2.3.17.1+dfsg1-1) unstable; urgency=medium

  [ Christian Göttsche ]
  * [40b0010] New upstream version 2.3.17+dfsg1
  * [3c377e0] New upstream version 2.3.17.1+dfsg1
  * [e2f1ce2] d/patches: rebase and drop upstream applied ones
  * [533b7ad] d/control: bump to standards version 4.6.0 (no further changes)
  * [02ed6cf] debian: reduce Lintian issues
  * [bb3ae48] d/salsa-ci.yml: skip cross build and do not fail on Lintian
    warnings
  * [bcda7e4] d/control: build against Lua 5.4
  * [9eed0dd] d/control: enable libunwind support on available archs
  * [1990699] d/patches: cherry-pick memory leak commit
  * [426df46] d/patches: cherry-pick imapsieve fix
  * [e3d0747] d/patches: add patch for LTO by avoiding unaligned access
    (Closes: #997513)

 -- Noah Meyerhans   Tue, 14 Dec 2021 09:24:23 -0800

exim4 4.95-4ubuntu2 -> 4.95-6

* Last Uploader: Sergio Durigan Junior

Sync or Merge bug: Bug #1971274 in exim4 (Ubuntu): "Merge exim4 from Debian unstable for kinetic" (New)

Debian changes newer than ubuntu version:

exim4 (4.95-6) unstable; urgency=high

  * Drop code for upgrading from ancient (4.80-7 and earlier) versions in
    maintainer-scripts. Closes: #1000962
  * 75_68-GnuTLS-Do-not-free-the-cached-creds-on-transport-con.patch:
    Fix segfault on deferred delivery on first MX. Closes: #1004740

 -- Andreas Metzler   Fri, 20 May 2022 19:37:43 +0200

exim4 (4.95-5) unstable; urgency=medium

  * More upstream fixes:
    + 75_60-Utilities-fix-exiqgrep-perl-syntax-add-testcases.-Bu.patch
      Closes: #1006661
    + 75_64-Logging-fix-crash-on-local_part-utf8-conversion-fail.patch
  * Update exiqgrep manpage.

 -- Andreas Metzler   Sun, 10 Apr 2022 13:57:43 +0200

fence-agents 4.7.1-1ubuntu8 -> 4.11.0-1

* Last Uploader: Lucas Kanashiro

Sync or Merge bug: Bug #1971275 in fence-agents (Ubuntu): "Merge fence-agents from Debian unstable for kinetic" (New)

Debian changes newer than ubuntu version:

fence-agents (4.11.0-1) unstable; urgency=medium

  * New upstream version 4.11.0
  * Refresh patches for new version
  * Create packages for fence-virt and fence-virtd
  * Update watch file url
  * Update Debian copyright
  * Update Standards-Version to 4.6.0
  * Cleanup lintian-overrides
  * Fix lintian warning for syslog.target
  * Replace deprecated logging.warn calls
  * Ignore warnings in metadata output

 -- Valentin Vidic   Sun, 01 May 2022 17:51:59 +0200

foomatic-db 20220223-0ubuntu1 -> 20220223-1

* Last Uploader: Till Kamppeter

Debian changes newer than ubuntu version:

foomatic-db (20220223-1) unstable; urgency=medium

  * New upstream version 20220223
  * debian/control: Add myself to Uploaders:
  * debian/control: use dh13
  * debian/coypright: fix BSD license name
  * debian/copyright: lintian seems to have a problem with hyphens

 -- Thorsten Alteholz   Sun, 27 Mar 2022 11:03:02 +0200

ghostscript 9.55.0~dfsg1-0ubuntu5 -> 9.56.1~dfsg-1

* Last Uploader: Łukasz Zemczak

Debian changes newer than ubuntu version:

ghostscript (9.56.1~dfsg-1) unstable; urgency=medium

  [ upstream ]
  * new release
    + fix text rendering mode 3 and pdfwrite;
      closes: bug#1009680, thanks to Paul Gevers and others

  [ Jonas Smedegaard ]
  * fix watch file
  * update symbols: 1 private symbol added

 -- Jonas Smedegaard   Wed, 20 Apr 2022 22:47:35 +0200

ghostscript (9.56.0~dfsg-1) unstable; urgency=medium

  [ upstream ]
  * new release

  [ Jonas Smedegaard ]
  * drop superfluous lintian overrides
  * New upstream version 9.56.0~dfsg
  * update symbols:
    + 56 private symbols added
    + 23 private symbols dropped
  * use semantic newlines in long descriptions

 -- Jonas Smedegaard   Wed, 30 Mar 2022 11:51:53 +0200

ghostscript (9.56.0~~rc2~dfsg-1) experimental; urgency=medium

  [ upstream ]
  * new pre-release

 -- Jonas Smedegaard   Mon, 21 Mar 2022 09:09:26 +0100

ghostscript (9.56.0~~rc1~dfsg-1) experimental; urgency=medium

  [ upstream ]
  * new pre-release

  [ Jonas Smedegaard ]
  * update copyright info:
    + add Reference and improve Comment
      for files covered by project-wide terms
    + fix interpret unversioned GPL/LGPL to mean any version
    + use multiple separate License-Grant fields
      (not multiple texts in one field, delimited by [...]
      which is hard to distinguish when parsing by a machine)
    + sort License sections alphabetically
    + fix drop bogus Files section
      (likely due to a false positive in older licensecheck
      flagging the word Adobe as a license grant)
    + fix avoid complex shell globbing in file listings
      (leftover from pre-1.0 file format)
    + update coverage
  * update lintian overrides regarding license shortnames
  * tighten lintian overrides
  * drop patches cherry-picked upstream now applied
  * drop patch 1003 adopted upstream
  * drop patch 2009 obsoleted by upstream changes;
    stop have ghostscript-doc depend on libjs-jquery
  * update and unfuzz patches
  * update Maintainer and Vcs-* fields, and drop Uploaders:
    package now maintained in collaborative debian area of Salsa

 -- Jonas Smedegaard   Mon, 07 Mar 2022 21:47:41 +0100

ldns 1.7.1-2ubuntu4 -> 1.8.1-1

* Last Uploader: Christian Ehrhardt 

Sync or Merge bug: Bug #1971283 in ldns (Ubuntu): "Merge ldns from Debian unstable for kinetic" (New)

Debian changes newer than ubuntu version:

ldns (1.8.1-1) unstable; urgency=medium

  * New upstream version 1.8.1
    Closes: #1008638 (FTBFS with python 3.10 due to distutils check)
    Closes: #1005646 (FTBFS with OpenSSL 3.0)
    Closes: #1009385 (output of ldns-key2ds changes after compiler changes)
    Closes: CVE-2020-19860 (heap buffer overflow in while verifying zone file)
    Closes: CVE-2020-19861 (heap overflow/leakage when reading a zone file)
  * rework the build system, fixing numerous issues:
   - stop overwriting files at install time from different builds
     and ending up using the build with wrong configure options
   - stop running install twice
   - stop removing system-installed files if any on clean
   - stop doing (re)build of everything just for the python build
   - build python bits in the main build and perform extra steps
     only if there's more than one python version to build for
     (this effectively eliminates miltiple builds completely)
   - clarify build with multiple pyversions and why it still fails
   - remove old, now irrelevant, stuff (like overriding options
     which are being in effect anyway, or which has no effect)
   - move variable-based custom install rule for libldns.pc
     into .install file once dh now allows variables in there
   - reduce startup time by eliminating dpkg's default.mk which is slow
   - remove the wrongly-generated staic lib for the python bindings
     (_ldns.{a,la}) in the install rules instead of ignoring them
     in dh_install -X
   - fix add --with-trust-anchor= so it actually works
   - replace dh --with python with Build-Depend: dh-sequence-python3
   - run dh only for supported targets/sequences
  * update symbols file for 1.8 version, adding 6 new symbols
  * remove Makefile-remove-install-libldns-pc.patch
  * update short descriptions of all packages to mention what is
    actually in there instead of being the same for all packages
  * remove Build-Dependes: chrpath & pkg-config (not used)
  * add fix-pyldns-include.patch to fix building pyldns outside source dir
  * d/control: update Stdandards-Version to  4.6.0.1 (no changes)
  * d/watch: rework, simplify, use https, enable pgp signature verification
  * add upstream/signing-key.asc with the followig key:
    E5F8F8212F77A498 "Willem Toorop "
  * remove trailing whitespace from d/changelog
  * add myself to uploaders

 -- Michael Tokarev   Tue, 26 Apr 2022 16:05:17 +0300

ldns (1.7.1-3) unstable; urgency=medium

  * Acknowledge NMU (thanks, Michael Tokarev!)

  [ Robert Edmonds ]

  * debian/rules: Add "--with-trust-anchor=/usr/share/dns/root.key"
    to configure parameters
  * debian/control: Add "Recommends: dns-root-data" to ldnsutils

  [ Daniel Kahn Gillmor ]

  * added myself to uploaders
  * Import upstream patch to fix SHA-256 on GCC 11 (Closes: #1009385)
  * d/watch: update to version 4 (and use https)
  * d/clean: clean up some generated files

 -- Daniel Kahn Gillmor   Wed, 13 Apr 2022 10:27:03 -0700

ldns (1.7.1-2.1) unstable; urgency=medium

  * Non-maintainer upload.
  * add fix-wrong-python-distutils-configure-check.diff to fix the
    incorrect distutils package check (it should be checking the
    return code not the emptiness of the output). This fixes FTBFS
    with new python (3.10) and allows the python3.10 transition to
    happen, but it is not fixing the actual issiue with ldns using
    distutils which should be addressed later.  Closes: #1008638

 -- Michael Tokarev   Thu, 07 Apr 2022 16:03:29 +0300

librabbitmq 0.10.0-1ubuntu2 -> 0.11.0-1

* Last Uploader: Jess Jang (sponsored by Utkarsh Gupta)

Sync or Merge bug: Bug #1971287 in librabbitmq (Ubuntu): "Merge librabbitmq from Debian unstable for kinetic" (New)

Debian changes newer than ubuntu version:

librabbitmq (0.11.0-1) unstable; urgency=low

  * New upstream release (Closes: #1004590, #1006244).
  * Add debian/gbp.conf.
  * Update d/watch to work with github again.
  * Bump debhelper version to 13.
  * Bump Standards-Version to 4.6.0.1.
  * Update year in d/copyright.
  * Install cmake files in librabbitmq-dev.
  * Update symbols for librabbitmq4.
  * Refresh patches and re-export with gbp numbering.
  * Add patch to fix typo in amqp-publish.1 manpage.
  * Install examples in librabbitmq-dev.
  * Add d/upstream/metadata.
  * Use uscan version 4.
  * Enable upstream testsuite for autopkgtests.

 -- Michael Fladischer   Mon, 21 Feb 2022 22:42:45 +0000

libvirt 8.0.0-1ubuntu8 -> 8.3.0-1

* Last Uploader: Christian Ehrhardt 

Sync or Merge bug: Bug #1971289 in libvirt (Ubuntu): "Merge libvirt from Debian unstable for kinetic" (New)

Debian changes newer than ubuntu version:

libvirt (8.3.0-1) unstable; urgency=medium

  * [f9dd871] New upstream version 8.3.0

 -- Andrea Bolognani   Sun, 15 May 2022 15:21:52 +0200

libvirt (8.2.0-1) unstable; urgency=medium

  * [4d84203] New upstream version 8.2.0
    - Fixes CVE-2022-0897 (Closes: #1009075)
  * [d1baa54] patches: Drop backports
  * [333c80a] control: Switch from fuse to fuse3
  * [4793ac2] libvirt-dev: Drop dependency on libxen-dev
    - Thanks to Pino Toscano

 -- Andrea Bolognani   Wed, 20 Apr 2022 22:51:26 +0200

libvirt (8.1.0-2) unstable; urgency=medium

  * [ba504f6] systemd: Hardcode output of dh_installsystemd
    - Stop using dh_installsystemd and hardcode slightly tweaked
      versions of its output in maintainer scripts instead, as a
      temporary workaround for #994204
  * [4c89356] systemd: Only ever restart libvirtd on upgrade
    - This avoids guests being stopped or crashing during upgrades

 -- Andrea Bolognani   Sat, 19 Mar 2022 19:06:47 +0100

libvirt (8.1.0-1) experimental; urgency=medium

  [ Andrea Bolognani ]
  * [224b64e] New upstream version 8.1.0
  * [06dea7a] patches: Drop backports
  * [9f3a2e6] patches: Add backport/qemu-segmentation-fault-[...].patch
    - Fixes a regression introduced in 8.1.0
  * [70e6209] control: Drop build dependency on dnsmasq-base
    - Availability is only checked at runtime

  [ Martin Pitt ]
  * [171a675] apparmor: Fix QEMU access for UEFI variable files
    - QEMU needs to read, write and lock the NVRAM *.fd files with
      UEFI firmware
    - Closes: #1006324
    - LP: #1962035

  [ Maximilian Engelhardt ]
  * [a06d5e5] control: Drop i386 from Xen arches
    - Starting with version 4.16, Xen is no longer built on the i386
      architecture in Debian
    - Thanks to Diederik de Haas for helping get this fix merged
    - Closes: #1006300

 -- Andrea Bolognani   Tue, 15 Mar 2022 23:53:49 +0100

lxcfs 5.0.0-0ubuntu2 -> 5.0.0-1

* Last Uploader: Stéphane Graber

Debian changes newer than ubuntu version:

lxcfs (5.0.0-1) unstable; urgency=medium

  * New upstream release 5.0.0
    - Drop d/p/0001
  * d/copyright: Upstream shifted to LGPL-2.1+ I do so for debian/
  * d/rules: update rules for init as the build system changed
    (Closes: #1008667)
  * d/control: Bump Standards-Version to 4.6.0

 -- Pierre-Elliott Bécue   Mon, 04 Apr 2022 23:15:49 +0200

mailman n/a -> 1:2.1.29-1

Unknown (Probably auto sync.)

Debian changes newer than ubuntu version:

mailman (1:2.1.29-1) unstable; urgency=medium

  * New upstream release.
    - Fixes CVE-2018-13796

 -- Thijs Kinkhorst   Wed, 05 Sep 2018 05:03:24 +0000

mailman (1:2.1.27-1.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Arbitrary text injection vulnerability in Mailman CGIs (CVE-2018-13796)
    (Closes: #903674)

 -- Salvatore Bonaccorso   Sun, 02 Sep 2018 22:23:45 +0200

mailman (1:2.1.27-1) unstable; urgency=medium

  * New upstream release.
    - Fixes CVE-2018-0618
  * Run dh_autoreconf to make build reproducble (closes: 889637).
    Thanks Chris Lamb for the patch.
  * Drop Debian patches mangling translations, upstream is in
    a much better shape nowadays (closes: 901810).
  * Checked for policy 4.1.4, no changes.
  * Set a SUBSCRIBE_FORM_SECRET in mm_cfg.py on new installs,
    to add protection against subscription spam in the default
    installation. Existing installs will not be changed because
    it might break external subscribe forms (closes: 900648).

 -- Thijs Kinkhorst   Sat, 23 Jun 2018 13:23:17 +0000

mailman (1:2.1.26-1) unstable; urgency=medium

  * New upstream release.
    - Fixes XSS in user options CGI (CVE-2018-5950, closes: #888201)
  * Document that this is the legacy branch of Mailman and that all
    major development is focused on Mailman 3 (package mailman3).

 -- Thijs Kinkhorst   Sun, 04 Feb 2018 18:23:18 +0000

mailman (1:2.1.25-1) unstable; urgency=medium

  * New upstream release.
  * Checked for policy 4.1.3: removed init.d invocation from
    prerm and also from user instructions.
  * Upgraded to debhelper compat level 11.
  * Replace init script with systemd service file.
    Thanks a lot to Stefan Bühler for the helpful suggestion!
    This also should improve robustness against log rotation.
    (Closes: #881329, #733475, #505638)
  * Packaging cleanups.

 -- Thijs Kinkhorst   Sun, 07 Jan 2018 18:22:51 +0000

mailman (1:2.1.24-1) unstable; urgency=medium

  * New upstream release.
  * Fixed broken dependencies in SpamAssassin.py (Closes: #838288).
    Thanks Stephen Rothwell for the patch.

 -- Thijs Kinkhorst   Tue, 05 Sep 2017 14:31:54 +0000

mailman (1:2.1.23-1) unstable; urgency=medium

  * New upstream release.
    - Fixes CSRF in user options (CVE-2016-6893, closes: #835970).

 -- Thijs Kinkhorst   Tue, 13 Sep 2016 16:01:59 +0000

mailman (1:2.1.22-1) unstable; urgency=medium

  * New upstream release. (Closes: #821367)
  * Checked for policy 3.9.8, no changes.

 -- Thijs Kinkhorst   Mon, 25 Apr 2016 16:39:06 +0000

mailman (1:2.1.20-1) unstable; urgency=medium

  * New upstream release. (Closes: #779911)
    - Drop obsolete patches:
      92_CVE-2015-2775.patch
  * Checked for policy 3.9.6, no changes.
  * Update to debhelper compat level 9.
  * Make postfix-to-mailman.py work with the full recipient email
    address, solving an issue when recipient_delimiter = "-".
    To take advantage of this, change "${user}" to "${recipient}"
    in Postfix' master.cf. Patch by Brian O'Connor. (Closes: #578986)
  * Make package build reproducibly by using install instead of cp
    for installing qmail-to-mailman.py. Patch by Jérémy Bobbio.
    (Closes: #783151)
  * Update example apache.conf for Apache 2.4.
  * Add cron-daemon as dependency alternative to cron. (Closes: #785193)

 -- Thijs Kinkhorst   Thu, 14 May 2015 14:09:42 +0000

mailman (1:2.1.18-2) unstable; urgency=high

  * Fix security issue: path traversal through local_part.
    Affects installations which use an Exim or Postfix transport
    instead of fixed aliases; attacker needs to be able to place
    files on the local filesystem.
    (CVE-2015-2775, Closes: 781626)

 -- Thijs Kinkhorst   Mon, 06 Apr 2015 15:36:15 +0000

mailman (1:2.1.18-1) unstable; urgency=medium

  * New upstream release.
    - Adds DMARC support. (Closes: #746592)
    - Drop obsolete patches:
      20_qmail_to_mailman.debian.patch
      80_sync_members_unicode.patch
  * Add lsb-release to debian/tests/control. (Closes: #734180)
  * Fix ownership on /var/lib/mailman/archives/private as upstream
    suggests, also reflecting group ownership for public archives.
    Thanks Luca Capello! (closes: #603904)
  * Checked for policy 3.6.5, no changes.

 -- Thijs Kinkhorst   Thu, 10 Jul 2014 19:27:46 +0200

mailman (1:2.1.16-2) unstable; urgency=medium

  * Upload to unstable, as requested by Thijs; we did not encounter
    any unexpected trouble with the version in experimental, and it
    does fix an RC bug as well as a release goal.

 -- Thorsten Glaser   Mon, 03 Feb 2014 14:00:37 +0100

mailman (1:2.1.16-1exp2) experimental; urgency=low

  * Try harder to use UTF-8

 -- Thorsten Glaser   Sun, 29 Dec 2013 14:40:17 +0000

mailman (1:2.1.16-1exp1) experimental; urgency=low

  * Convert to UTF-8. (Closes: #398777, #535296, #732929)
  * Apply upstream bugfix for sync_members. (Closes: #732741)

 -- Thorsten Glaser   Sun, 29 Dec 2013 02:08:38 +0000

mailman (1:2.1.16-1) unstable; urgency=low

  * New upstream release.

 -- Thijs Kinkhorst   Wed, 06 Nov 2013 19:57:54 +0100

mailman (1:2.1.16~rc2-1) unstable; urgency=low

  [ Thijs Kinkhorst ]
  * New upstream release candidate.
    - Exposes message-id to templates (closes: #614340).
  * Remove obsolete patches, applied upstream:
    21_newlist_help.patch
  * Updates to Russian debconf templates, thanks Ivan Krylov!
    (closes: #710268).
  * Needs at least version 3.8.0 of logrotate (closes: #687215).
  * Add autopkgtests, thanks Yolanda Robla! (closes: #710095)
  * Packaging cleanup: checked for policy 3.9.4, update Vcs URL,
    recommend default-mta instead of exim4.

  [ Thorsten Glaser ]
  * Prevent losing stderr in the init script when there are many lists.
    (closes: #702002)
  * debian/watch: mangle the epoch away so DDPO is green again.

 -- Thijs Kinkhorst   Sun, 04 Aug 2013 12:00:05 +0200

mailman (1:2.1.15-1) unstable; urgency=low

  * New upstream release.
  * Improve Exim4 instructions, thanks Andrew Hodgson.
  * Remove obsolete PRIVATE_ARCHIVE_URL variable, thanks Matthew Hall
    (closes: #676481).
  * Correct mmarch man page, thanks Francesco Potortì (closes: #583369).
  * Specify need for MTA=None in postfix-to-mailman.py (closes: #648976).

 -- Thijs Kinkhorst   Sat, 16 Jun 2012 12:04:40 +0200

mailman (1:2.1.15~rc1-1) unstable; urgency=low

  [ Thijs Kinkhorst ]
  * New upstream release candidate.
  * Remove obsolete patches, applied upstream:
    02_use_dpkg_buildflags.patch
    07_snooze.patch
    59_fix_missing_language_crash.patch
    70_invalid_utf8_dos.patch
    71_date_overflows.patch
    74_admin_non-ascii_emails.patch
    80_CVE-2011-0707_confirm_xss.patch
    99_js_templates.patch

  [ Thorsten Glaser ]
  * Update the watch file for Launchpad

 -- Thijs Kinkhorst   Sun, 20 May 2012 14:01:42 +0200

mailman (1:2.1.14-4) unstable; urgency=low

  * Ensure CPPFLAGS and LDFLAGS are actually used during build,
    thanks Simon Ruderich for the patch! (closes: #663590)
    Additionally, enable all available hardening features.
  * Checked for policy 3.9.3, add DEP3 patch headers.
  * Add Danish debconf translation, thanks Joe Dalton (closes: #659467).
  * Add 'su root list' statements to logrotate config, to cope
    with logrotate >= 3.8; thanks Joël Bertrand (closes: #653766).
  * Avoid config file prompt for mailman crontab entry if this
    file was unmodified (closes: #655837).

 -- Thijs Kinkhorst   Sun, 18 Mar 2012 14:12:49 +0100

mailman (1:2.1.14-3) unstable; urgency=low

  * Make man page descruptions match more keywords (closes: #597112).
  * Add cull_bad_shunt command to default cron job (closes: #615204)
    and improve cron job handling in the package.
  * Import dpkg buildflags, also enabling hardening features.
  * Remove gate_news debconf question.

 -- Thijs Kinkhorst   Sat, 08 Oct 2011 17:27:51 +0200

mailman (1:2.1.14-2) unstable; urgency=low

  [ Thijs Kinkhorst ]
  * Move mail-transport-agent to Recommends, since Mailman can be
    configured to run with a remote MTA (closes: #616292).
  * Update to policy 3.9.2, add build-{arch,indep} targets.

  [ Thorsten Glaser ]
  * Add myself to Uploaders, as suggested by Thijs.
  * Apply patch from Barry Warsaw to switch from python-support
    to dh_python2. (LP: #788514) (Closes: #637398)

 -- Thijs Kinkhorst   Wed, 17 Aug 2011 12:00:50 +0000

mailman (1:2.1.14-1) unstable; urgency=medium

  * New upstream release. Patches incorporated:
    - 15_mailmanctl_daemonize.patch
    - 83-CVE-2010-3089--bug599833.patch
  * Add upstream patch for CVE-2011-0707: XSS in confirmations.

 -- Thijs Kinkhorst   Sat, 19 Feb 2011 08:26:43 +0100

mailman (1:2.1.13-4.1) unstable; urgency=high

  * Non-maintainer upload.
  * debian/patches
    - (83): New. CVE-2010-3089 security fix from mailman 2.14. Patch
      thanks to  (grave, security; Closes: #599833).

 -- Jari Aalto   Sat, 16 Oct 2010 08:46:55 +0300

mailman (1:2.1.13-4) unstable; urgency=medium

  * Fix permissions on /var/lib/mailman/archives/private, so
    archiving works again. Problem introduced in 1:2.1.12-3.
  * Fix invocation of update-rc.d which yields an error when
    not using dependency-based boot (closes: #590249).
  * Checked for policy 3.9.1, no changes needed.

 -- Thijs Kinkhorst   Tue, 27 Jul 2010 22:56:03 +0200

mailman (1:2.1.13-3) unstable; urgency=low

  * Drop unneeded Indexes option from shipped apache.conf.
  * Eliminate update_rc.d warning by not passing runlevel 1 at stop.
  * Add 25_site_logo patch by Paul Wise (closes: #267243).
  * Do not compress PDF's under /u/s/d/mailman (closes: #582259).
  * Back up ./configure before running autoconf, so it can be restored
    in clean as not to generate irrelevant diff.gz content.
  * Switch to dpkg-source 3.0 (quilt) format.
  * Checked for policy 3.9.0, no changes needed.

 -- Thijs Kinkhorst   Tue, 13 Jul 2010 21:35:40 +0200

mailman (1:2.1.13-2) unstable; urgency=low

  * postfix-to-mailman.py: check for list existence before stripping off
    administrative suffixes, making it also work for mailing list names
    ending in e.g. -admin. Thanks Axel Beckert for the patch!
    (Closes: #570548)
  * Checked for policy 3.8.4, no changes.
  * Minor fixes pointed out by Lintian.

 -- Thijs Kinkhorst   Sat, 20 Mar 2010 21:57:55 +0100

mailman (1:2.1.13-1) unstable; urgency=low

  * New upstream release. Patches incorporated:
    - 16_update_debian (partially)
    - 30_pipermail_threads
    - 65_handle_templates_directories
    - 77_header_folding_in_attachments
  * Remove msgfmt.py, only used at build-time (closes: #555416).
  * Remove adduser calls for 'list' user. Base-passwd guarantees it
    to be available, and trying to add it if it were not present may
    lead to inconsistencies regarding expectations for that user.
  * Document second parameter of postfix-to-mailman.py to be
    ${mailbox}, effectively reverting inappropriate fix for #305762
    (closes: #549224).

 -- Thijs Kinkhorst   Thu, 31 Dec 2009 15:50:29 +0100

mailman (1:2.1.12-3) unstable; urgency=low

  * Remove potentially long running 'find' command in postinst, as
    permissions are already set correctly in the deb. Thanks Paul
    Slootman (closes: #544046).
  * Add Slovak debconf translation, thanks Ivan Masár (closes: #531576).
  * Update 30_pipermail_threads patch to use sequence ID instead of
    message ID, avoids thread breakage in archives. Thanks
    Mark Sapiro.
  * Checked for policy 3.8.3, no changes necessary.

 -- Thijs Kinkhorst   Sun, 27 Sep 2009 17:36:01 +0200

mailman (1:2.1.12-2) unstable; urgency=low

  [ Lionel Elie Mamane ]
  * README.Exim4.Debian: add debug_print statements
  * apply fix from upstream to 77_header_folding_in_attachments
    to fix bug it introduces: messages with lines starting with
    "From" are split into several messages in the archive.
  * Use autoconf >= 2.50, not 2.13
  * Ensure Mailman locks directory exists before calling update
    (Closes: #513988).

  [ Thijs Kinkhorst ]
  * Apply patch from Tanguy Ortolo updating postfix-to-mailman
    instructions to avoid backscatter mail (Closes: #520040).
  * Remove obsolete unicodify_archives for upgrading sarge->etch.

 -- Lionel Elie Mamane   Fri, 22 May 2009 11:09:49 +0200

mailman (1:2.1.12-1) unstable; urgency=low

  * New upstream release.
    + Minimum Python version is now 2.4.
    + Patches obsoleted (incorporated or not useful anymore):
      00_stolen_from_HEAD,
      11_handle_propfind.patch,
      32_MIME_fixup,
      62_new_list_bad_pending_requests,
      67_update_handle_old_versions,
      68_update_catalan,
      78_DeprecationWarning,
      80_fix_string_search.
      Refresh all others. Many thanks to Mark Sapiro and
      Paul Wise for the help in cleaning this up.
    + Fixes bounce handling NotAMemberError (closes: #517997).
  * Various packaging cleanups, upgrade debhelper to level 7.
  * Removes embedded copy of pythonlib/email module.
  * Checked for policy 3.8.1, remove shipped var/{run,lock}
    dirs, they are already created correctly by the init script.

 -- Thijs Kinkhorst   Sat, 14 Mar 2009 14:18:16 +0100

mailman (1:2.1.11-11) unstable; urgency=high

  [ Debconf Translations ]
  * Updated Vietnamese, thanks Clytie Siddall (closes: #513097).

 -- Thijs Kinkhorst   Mon, 26 Jan 2009 13:42:33 +0100

mailman (1:2.1.11-10) unstable; urgency=low

  [ Debconf Translations ]
  * Updated Catalan, thanks David Planella.

 -- Thijs Kinkhorst   Wed, 07 Jan 2009 23:09:56 +0100

mailman (1:2.1.11-9) unstable; urgency=high

  [ Debconf Translations ]
  * Updated Spanish, thanks Javier Fernández-Sanguino (closes: #510023).
  * Updated Japanese, thanks Kenshi Muto (closes: #509996).
  * Updated Galician, thanks Marce Villarino (closes: #510002).
  * Updated French, thanks Christian Perrier (closes: #510016).
  * Updated Italian, thanks Luca Monducci (closes: #510107).
  * Updated Swedish, thanks Martin Bagge and Daniel Nylander
    (closes: #510206).
  * Updated Czech, thanks Miroslav Kure (closes: #510230).
  * Updated German, thanks Holger Wansing (closes: #510361).
  * Updated Portuguese, thanks Miguel Figueiredo (closes: 510556).
  * Updated Russian, thanks Sergey Alyoshin (closes: #510614).

 -- Thijs Kinkhorst   Sun, 04 Jan 2009 12:30:58 +0100

mailman (1:2.1.11-8) unstable; urgency=low

  * Do not stop installation when queue files are present, and this is
    an upgrade from the same version that was already installed. Based
    on a patch by Marcin Owsiany (closes: #468569).
  * When queue files present, offer the administrator the option to
    continue regardless at their own risk. This unfortunately requires
    some extra strings to be translated.
  * Update Dutch translation.
  * Remove mail-transport-agent from init script deps (closes: #508800).

 -- Thijs Kinkhorst   Sat, 27 Dec 2008 15:18:55 +0100

mailman (1:2.1.11-7) unstable; urgency=low

  [ Thijs Kinkhorst ]
  * Clarify POSTFIX_STYLE_VIRTUAL_DOMAINS syntax, thanks Tomas Pospisek
    (closes: #507519).

  [ Lionel Elie Mamane ]
  * README.Exim4.Debian: Do lookup whole email (with domain, not only
    localpart) in virtual_mailman data file
    (bug introduced in 1:2.1.11-4)
  * README.Exim4.Debian: explain how to regenerate the aliases list
    manually (for people switching their existing configuration to the
    recommended one, or switching MTAs, as opposed to setting up a fresh
    system).

 -- Thijs Kinkhorst   Sat, 13 Dec 2008 18:40:34 +0100

mailman (1:2.1.11-6) unstable; urgency=high

  * Further site list detection improvements, thanks Adeodato Simó
    for his suggestions.

 -- Thijs Kinkhorst   Sun, 16 Nov 2008 13:17:10 +0100

mailman (1:2.1.11-5) unstable; urgency=high

  * Make init script also cope with non-specified site list.

 -- Thijs Kinkhorst   Sun, 09 Nov 2008 11:26:46 +0100

mailman (1:2.1.11-4) unstable; urgency=medium

  [ Lionel Elie Mamane ]
  * Add -loop to list of accepted suffixes for routers in
    README.Exim4.Debian

  [ Thijs Kinkhorst ]
  * Add mischief to logrotate configuration (closes: #504700).
  * Update Mailman group and aliases path in README.Exim4.Debian,
    thanks Kris Popendorf (closes: #504695).
  * Detect a nonstandard site list name, thanks Moritz Naumann
    (closes: #418062).

 -- Thijs Kinkhorst   Fri, 07 Nov 2008 09:48:10 +0100

mailman (1:2.1.11-3) unstable; urgency=low

  * Updated Catalan debconf translation, thanks David Planella Molas
    (Closes: #494110).
  * Added patch 68_update_catalan to update Catalan program translation,
    thanks Jordi Mallach (Closes: #492297).
  * Add a README.source file referring to quilt.

 -- Thijs Kinkhorst   Mon, 11 Aug 2008 16:06:19 +0200

mailman (1:2.1.11-2) unstable; urgency=low

  * Fix SpamAssassin handler to cope with changed behaviour
    of matches_p() (Closes: #488584).
  * Remove *.pyc from /usr/lb/mailman, and any stale locks on
    package remove (Closes: #458414).

 -- Thijs Kinkhorst   Tue,  8 Jul 2008 09:43:15 +0200

mailman (1:2.1.11-1) unstable; urgency=low

  * New upstream release.
    Incorporates the following Debian patches:
    - 81_fix_subscribe_2.1.10.patch
    - 61_fix_ru_siteowner.patch
    - 72_fblast_add_shebang.patch
    - 58_fix_es_translation.patch
    Fixes the following Debian bugs:
    - Use html entities when needed in Danish (Closes: #487491).

  * Update Galician debconf translation, thanks Jacobo Tarrio
    (Closes: #482137).
  * Some tweaks to newlist.8 (Closes: #485382).
  * Make quilt usage more dpkg source format 3.0 compatible and
    refresh all patches (Closes: #485253).
  * Checked for policy 3.8.0, no changes necessary.
  * Fix a number of buglets in 99_js_templates.patch.
  * Don't install stop symlinks in runlevels 0 and 6; the default
    sigterm functions very well to stop qrunner.
  * Clarify that MTA="None" is right when using postfix-to-mailman.py
    (Closes: #488644).
  * Remove pidfile after successful qrunner shutdown (Closes: #482880).

 -- Thijs Kinkhorst   Mon, 07 Jul 2008 23:58:33 +0200

mailman (1:2.1.10-2) unstable; urgency=low

  * Apply upstream patch to fix regression in cmd_subscribe
    so that email subscribe to the -subscribe or -join address or the
    -request address with a bare 'subscribe' command results in the message
    being shunted.

 -- Thijs Kinkhorst   Thu, 24 Apr 2008 19:30:49 +0200

mailman (1:2.1.10-1) unstable; urgency=low

  * New upstream release.

 -- Thijs Kinkhorst   Mon, 21 Apr 2008 22:43:08 +0200

mailman (1:2.1.10~b4-1) unstable; urgency=low

  * New upstream beta release.

 -- Thijs Kinkhorst   Fri, 14 Mar 2008 17:54:52 +0100

mailman (1:2.1.10~b3-1) unstable; urgency=low

  * New upstream beta release.
    + Restricts XSS by list admins, CVE-2008-0564.
    + Obsoletes 56_fix_de_broken_links.patch.
    + Obsoletes 81_backport_export.dpatch.
    + Makes list handling case sensitivity consistent (closes: #446257).
    + Archives do not drop headerless mime parts (Closes: #450399).
    + check_perms checks more perms (Closes: #260224).

 -- Thijs Kinkhorst   Fri, 22 Feb 2008 00:09:11 +0100

mailman (1:2.1.9-10) unstable; urgency=low

  * Be quiet when logrotation succeeds, prevents Cron spam (closes: #456954).
  * Fix typo in postinst message (closes: #458981).
  * Switch to debhelper level 6.

 -- Thijs Kinkhorst   Mon, 14 Jan 2008 12:10:05 +0100

mailman (1:2.1.9-9) unstable; urgency=low

  * Drop suggests for obsolete python-*-codecs and drop versioned
    dependencies for pre-oldstable versions.
  * Fix formatting of man pages (Closes: #432848).
  * Fix some bashisms in Debian packaging scripts.
  * Do not make /var/log/mailman world-readable, because it can contain
    a bit of semi-private information. Thanks Alexander Gerasiov.
    (Closes: #450927)
  * After logrotate, call 'mailmanctl reopen' instead of sending SIGHUP
    since that is the supported way of rotating logs (Closes: #424620).
  * Fix pidfile location in mailman.init, thanks Peter Rabbitson
    (Closes: #439325).
  * Make symlinks to /var/lo{g,ck}/mailman absolute, because the relative
    ones cause trouble on systems where people move these things around
    (Closes: #408855, #413604). Override lintian since this is allowed by
    policy.
  * Checked for policy 3.7.3, no changes required. Additional packaging
    cleanups.

 -- Thijs Kinkhorst   Tue, 04 Dec 2007 09:12:39 +0100

mailman (1:2.1.9-8) unstable; urgency=low

  [ Thijs Kinkhorst ]
  * Added Portuguese debconf translation by Miguel Figueiredo
    (Closes: #414365).
  * Make sure Mailman can be properly purged (Closes: #421676).
  * Remove obsolete upgrading code.
  * Do not break upgrades in case python is temporarily unavailable
    (Closes: #419563).

  [ Lionel Elie Mamane ]
  * Avoid implicit-sort-on-load of indexes being converted to Unicode
    (hopefully really closes: #412142 now)

 -- Thijs Kinkhorst   Mon, 11 Jun 2007 20:48:11 +0200

mailman (1:2.1.9-7) unstable; urgency=low

  * Upgrade subject and author indexes of _all_ archiving volumes to
    Unicode strings. (completely closes: #412142)

 -- Lionel Elie Mamane   Wed, 28 Feb 2007 21:59:36 +0100

mailman (1:2.1.9-6) unstable; urgency=medium

  [ Lionel Elie Mamane ]
  * Allow people that have list as a supplementary group to create new
    mailing lists.  (see bug#309339)
  * Upgrade subject and author indexes of current archiving volume to
    Unicode strings; possible slight data loss (non-ASCII characters
    transcoded wrongly) (closes: #412142)
  * Correct path to Mailman private modules dir in dh_pysupport invocation
    (the absolute symlinks won't work in the building area), and add
    private pythonlib dir.

  [ Thijs Kinkhorst ]
  * Fix path-typo in apache.conf dedicated virtual host example,
    thanks Alberto Furia (Closes: #409180).

 -- Lionel Elie Mamane   Tue, 27 Feb 2007 22:38:07 +0100

mailman (1:2.1.9-5) unstable; urgency=medium

  * Ship bin/export.py from upstream SVN to make automatic upgrades to
    lenny possible. (closes: #407260)

 -- Lionel Elie Mamane   Sat, 20 Jan 2007 05:04:11 +0100

mailman (1:2.1.9-4) unstable; urgency=medium

  [ Lionel Elie Mamane ]
  * Manually replace empty /var/lib/mailman/pythonlib/ by symlink to
    /usr/lib/mailman/pythonlib/ (closes: #403312)

 -- Lionel Elie Mamane   Sat, 16 Dec 2006 09:55:21 +0100

mailman (1:2.1.9-3) unstable; urgency=medium

  [ Lionel Elie Mamane ]
  * Follow requirements/requests of upgrade to new python policy more
    narrowly: build-depend on newer version of python-support, add
    XS-Python-Version/XB-Python-Version fields to control, give path to
    private python modules to dh_pysupport (Closes: #394181).
  * Move python-lib directory to /usr/lib/mailman/, like Mailman code;
    /var/lib/mailman is grossly wrong (Closes: #400005).

  [ Thijs Kinkhorst ]
  * Add subscribe/unsubscribe aliases to second half of example, and a
    note about chgrp when creating a new list through the web interface.
    Both in README.Exim4.Debian, thanks Ian Wienand (Closes: 387457).
  * Remove lintian overrides that are not needed with recent Lintians.

  [ Translations ]
  * Updated Vietnamese by Clytie Siddall (Closes: 395851).
  * Updated German by Holger Wansing (Closes: 400963).

 -- Thijs Kinkhorst   Thu, 14 Dec 2006 15:18:12 +0100

mailman (1:2.1.9-2) unstable; urgency=medium

  [ Thijs Kinkhorst ]
  * Medium urgency upload for RC upgrading bug.
  * Fix buggy sedding in postinst (Closes: #392995).
  * Drop disabled 73_list-id_strict_rfc patch; integrated upstream.
  * Clarify README.Debian about where to insert SpamAssassin integration
    (Closes: #369171).
  * Add 72_fblast_add_shebang patch; this script is set as executable
    thus needs an interpreter on the first line.

  [ Hector Garcia ]
  * Removed 12_savannah_wrapper.patch. Doesn't work and is not supported
    upstream any longer (Closes: #287554).

  [ Translations ]
  * Updated French by Florentin Duneau (Closes: #393096).
  * Updated Brazilian Portuguese by Felipe Augusto van de Wiel.

 -- Thijs Kinkhorst   Tue, 17 Oct 2006 10:14:57 +0200

mailman (1:2.1.9-1) unstable; urgency=medium

  [ Hector Garcia ]
  * New upstream bugfix release
    - Deleting included patches:
      24_CVE-2006-2941, 23_CVE-2006-3636, 25_CVE-2006-4624
    - Fixes German translation (Closes: #273469) and comment typo
      (Closes: #378509).
  * Updated patches.
  * Deleting 03_documentation_source.patch. Integrated upstream.
  * Deleting 68_translation_update_nl.patch. Too many upstream changes,
    doesn't apply any longer. Wrote to patch author in case it wants to
    update it.
  * Renamed 58_fix_translations to 58_fix_es_translations

  [ Thijs Kinkhorst ]
  * Tweak debconf templates according to best practices.
  * Update debconf templates, eliminates two, changes some, introduces
    new line numbering from debconf-updatepo.
  * Name languages together with their ISO code in the debconf question
    (Closes: #276505).
  * Add new languages Turkish, Interlingua, Arabic, Vietnamese
    to debconf choice, change Chinese from big5 to zh_CN and zh_TW.
  * Add subscribe/unsubscribe to example in README.Exim4.Debian,
    thanks Brian Foley (Closes: #387457).

  [ Riccardo Setti ]
  * Switched to the new python policy (Closes: #380876).

  [ Lionel Elie Mamane ]
  * Don't ship C sources with documentation; there is no reason for it.

  [ Translations ]
  * Updated vi.po. Translated by Clytie Siddall. (Closes: #388202)
  * Updated ja.po. Translated by Kenshi Muto. (Closes: #388206, #391532)
  * Updated nl.po. Translated by Kurt De Bree. (Closes: #388100)
  * Updated ru.po. Translated by Yuri Kozlov. (Closes: #388111, #391597)
  * Updated sv.po. Translated by Daniel Nylander. (Closes: #388090)
  * Updated hu.po. Translated by Laszlo Boszormenyi.
  * Updated it.po: Translated by Luca Monducci. (Closes: #388657, #391568)
  * Updated cs.po: Translated by Miroslav Kure. (Closes: #388663)
  * Updated pt_BR.po: Translated by Andre Luis Lopes.
  * Updated es.po: Translated by Javier Fernández-Sanguino Peña.
  * Updated fr.po: Translated by Philippe Batailler. (Closes: #388651)

 -- Thijs Kinkhorst   Mon,  9 Oct 2006 16:59:10 +0200

mailman (1:2.1.8-4) unstable; urgency=high

  * High-urgency upload to fix release-critical bug.
  * Add versioned depends on lsb-base (>= 3.0-6) to make sure a system
    has the lsb output functions (Closes: #390138).
  * Remove python2.2-korean-codecs from Suggests, replace with
    python-korean-codecs.

 -- Thijs Kinkhorst   Fri, 29 Sep 2006 17:33:09 +0200

mailman (1:2.1.8-3) unstable; urgency=medium

  [ Paul Wise ]
  * Switch from dpatch to quilt and regenerate all patches

  [ Thijs Kinkhorst ]
  * Use LSB output functions in init script.
  * Use chown root:list instead of deprecated root.list.
  * Remove pre-sarge upgrading code; this eliminates a lot of cruft,
    non-debconf prompting and two debconf templates.
  * Only use ucf on purge when it's available.

  [ Matej Vela ]
  * Rearrange find options in debian/postinst to prevent warnings.

  [ Lionel Elie Mamane ]
  * Use Mailman's fork of the Python email package instead of the one from
    Python; Mailman is incompatible with the one in Python 2.4
    (closes: #384016)

  [ Hector Garcia ]
  * Added 24_CVE-2006-2941 taken from Lionel's port to sarge
  * Added 23_CVE-2006-3636 taken from Lionel's port to sarge
  * Added 25_CVE-2006-4624 taken from Lionel's port to sarge

 -- Hector Garcia   Wed, 20 Sep 2006 20:22:17 +0200

mailman (1:2.1.8-2) unstable; urgency=low

  [ Thijs Kinkhorst ]
  * Add default apache.conf under /etc/mailman
    (Closes: #282460, #135148, #178543, #179253).
  * Update all man pages to be in line with current mailman functionality
    (Closes: #286607, #276952).
  * Add suggests on lynx (Closes: #296781).
  * Checked for policy 3.7.2, no changes necessary.
  * Add watch file.
  * Add LSB dependency info to init script.
  * Fix example in postfix-to-mailman.py to pass ${mailbox}, not ${user}
    (Closes: #305762).
  * Add Lintian overrides for those things that are legitimate.
  * Drop recommends on essential base-passwd >= a version from 1997.
  * Use apache2 instead of apache as the first alternative for httpd.
  * Move options to `find` in debian/rules to start of commandline to
    prevent warnings.

  [ Hector Garcia ]
  * Putting permision on archive/private to 770 www-data:list to prevent
    regular users from reading private lists. (Closes: #356877)
  * Changed '| xarg' for '-exec' on find to prevent problems when there are
    too many files (Closes: #366102)
  * Added a slash to the end of DEFAULT_URL_PATTERN on mm_cfg.py
    (Closes: #365881)
  * Documented on README.Debian the apache + suexec case. (Closes: #360905)
  * Updated Uploaders
  * Removed the find which deleted ../$(package)*dsc.asc. It is not needed.

  [ Riccardo Setti ]
  * epoch 1. Now people should upgrade mailman without problems. (closes: #366438)
  * Applied patch which fixes string search in admin.py. (closes: #359721)
  * Updated German debconf translation (closes: #353713)
  * Updated French debconf translation (closes: #355674)
  * Updated Italian debconf translation (closes: #352523)
  * Updated Russian debconf translation (closes: #361656)
  * Updated Dutch debconf translation (closes: #377254)
  * Applied patch of Martin Pitt which will create /var/run and
    /var/lock directory if missing. (closes: #376542)
  * Bumped debhelper compatibily to 5.
    - modified debian/control to reflect this change.

  [ Paul Wise ]
  * Add spamassassin example to the mm_cfg.py


 -- Thijs Kinkhorst   Mon, 14 Aug 2006 18:49:29 +0200

mdevctl 0.81-1 -> 1.1.0-1

Unknown (Probably auto sync.)

Debian changes newer than ubuntu version:

mdevctl (1.1.0-1) unstable; urgency=medium

  * New upstream version 1.1.0
    - fixes FTBFS in regard to env_logger (Closes: #998600)
  * d/control: bump Standards-Version to 4.6.0 (no changes needed)
  * d/control: use substvars provided by dh-cargo
  * d/p/lower-versions-for-unstable.patch: update for 1.1.0
  * d/control: librust-env-logger+default-dev now is new enough
  * d/p/tempfile-for-tempdir.patch: applied upstream
  * d/install: install man page

 -- Christian Ehrhardt   Tue, 09 Nov 2021 14:42:49 +0100

mdevctl (1.0.0-1) unstable; urgency=medium

  * New upstream version 1.0.0
  * d/control, d/rules: switch to rust build as specified upstream
  * d/control: lower versioned dependencies to what is available in
    unstable
  * d/control: with rust mdevctl is arch:any now
  * d/cargo-checksum.json: stub for cargo-checksum
  * d/p/lower-versions-for-unstable.patch: lower required dependency
    versions to match unstable
  * d/p/tempfile-for-tempdir.patch: tempfile replaced tempdir
  * d/control: add tempfile as replacement for the unavailbale tempdir lib
  * d/control: use librust-serde-json+indexmap-dev to resolve implicit
    indexmap dependencies
  * d/control: runtime dependencies not needed for non-libraries
  * d/control: librust-tempfile-dev only needed for tests, add 

 -- Christian Ehrhardt   Wed, 14 Jul 2021 12:55:04 +0200

mysql-8.0 8.0.29-0ubuntu3 -> 8.0.29-1

* Last Uploader: Lena Voytek (sponsored by Robie Basak)

Debian changes newer than ubuntu version:

mysql-8.0 (8.0.29-1) unstable; urgency=medium

  * New upstream version 8.0.29
  * Add libexpect-perl module to fix mysqlpump_bugs test (LP: #1972737)
    - d/control: Add libexpect-perl to dependency list
    - d/t/control: Use libexpect-perl in upstream tests
  * d/mysql-router.install, d/mysql-testsuite-8.0.install: Add new 8.0.29
    shared object files to package
  * Add support for openssl 3

 -- Lena Voytek   Tue, 17 May 2022 12:49:24 -0700

needrestart 3.5-5ubuntu2 -> 3.6-1

* Last Uploader: Christian Ehrhardt 

Debian changes newer than ubuntu version:

needrestart (3.6-1) unstable; urgency=high

  * New upstream release.
    - Drop merged patch 02-ruby-relative-path.
    - Drop merged patch 03-fix-wrong-default-comment.
    - Drop merged patch 04-verbose-and-verbosity-confusion.
    - Drop merged patch 05-ignore-nvidia-memfd.
    - Drop merged patch 06-dont-restart-bluetooth.
    - Drop merged patch 07-runit.
    - Fixes CVE-2022-30688: Not anchored regular expressions.
    - Replace strings(1) by GNU grep to drop binutils dependency.
      Closes: #986507
    - Fixes broken detection with cgroupv2.
      Closes: #1005953
    - Fixes microcode warnings without using systemd, also add systemd or
      libimvirt-perl as recommends.
      Closes: #984789
  * Bump Standards-Version to 4.6.1.
  * Merge 3.4-5+deb10u1 and 3.5-4+deb11u1 changelog.
  * Adjust mismatched lintian override.

 -- Patrick Matthäi   Tue, 17 May 2022 17:38:05 +0200

netcf n/a -> 1:0.2.8-1.1

Unknown (Probably auto sync.)

Debian changes newer than ubuntu version:

netcf (1:0.2.8-1.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Set package priority back to optional.
  * debian/control: Use current homepage. (Closes: #859848)
  * Multi-Archify packages. (Closes: #812920)
  * debian/rules: Do not install .pc file into /usr/share/pkgconfig/ since
    it violates multi-arch requirement. Using /usr/lib/*/pkgconfig/ is
    already good enough.
  * debian/watch: Monitor pagure.io upstream.
  * debian/copyright: Fix lintian warnings.

 -- Boyuan Yang   Mon, 28 Dec 2020 14:11:10 -0500

netcf (1:0.2.8-1) unstable; urgency=medium

  * Import new upstream 2.8.0
  * Drop existing patches which are applied upstream
  * debian/control: remove Vcs_Git and Vcs-Browser which were for upstream,
    not packaging trees.
  * Apply upstream patch fix-misplaced-tag
  * debian/libnetcf1.install: remove obsolete iptables-forward-bridged file

 -- Serge Hallyn   Tue, 22 Sep 2015 16:04:04 -0500

netcf (1:0.2.3-5) unstable; urgency=medium

  * cherrypick debian/patches/fix-if-h-problems-with-newer-libnl3 from
    upstream (Closes: #795328)
  * debian/patches/fix-uninitialized-variable: initialize 'r' for error
    path in two fns

 -- Serge Hallyn   Wed, 16 Sep 2015 13:59:07 -0500

netcf (1:0.2.3-4.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Use dh-autoreconf to fix FTBFS on ppc64el (Closes: #755777)

 -- Hilko Bengen   Thu, 28 Aug 2014 22:21:48 +0200

netcf (1:0.2.3-4) unstable; urgency=low

  * netcf-debian-memleak.patch: prevent a memory leak when listing
    interfaces

 -- Serge Hallyn   Tue, 13 Aug 2013 23:58:20 +0000

netcf (1:0.2.3-3) unstable; urgency=low

  * Set architecture to linux-any to preclude build failures in
    unsupported environments

 -- Serge Hallyn   Thu, 30 May 2013 11:45:47 -0400

netcf (1:0.2.3-2) unstable; urgency=low

  * Promote to unstable
  * Closes: #708563 -- promote to unstable from experimental
  * Closes: #697609 -- adds a symbol file
  * Closes: #697610 -- link with --as-needed flag

 -- Al Stone   Tue, 28 May 2013 14:21:39 -0600

netcf (1:0.2.3-1) experimental; urgency=low

  * Merge upstream 0.2.3
    - keep add-tests-debian patch, which is in upstream git tree but not
      in the release tarball.

 -- Serge Hallyn   Thu, 24 Jan 2013 14:43:43 -0600

netcf (1:0.2.2-3) experimental; urgency=low

  * Rebuild and upload to experimental, with consistent epoch numbers
    due to reverting version for sid

 -- Al Stone   Tue, 18 Dec 2012 14:14:47 -0700

netcf (1:0.2.0-5) unstable; urgency=low

  * Closes: #693744 -- revert to a version compatible with sid's
    libvirt0 instead of breaking libvirt installation; this forces
    the change to the epoch number
  * Closes: #694362 -- same issue as above, but reported from the
    standpoint of libvirt0 instead

 -- Al Stone   Tue, 18 Dec 2012 13:37:11 -0700

nginx 1.18.0-6ubuntu14.1 -> 1.20.2-2

* Last Uploader: David Fernandez Gonzalez

Sync or Merge bug: Bug #1971297 in nginx (Ubuntu): "Merge nginx from Debian unstable for kinetic" (New)

Debian changes newer than ubuntu version:

nginx (1.20.2-2) unstable; urgency=medium

  [ Thomas Ward ]
  * d/patches/CVE-2021-3618.patch: Include upstream changeset from NGINX 
    that adds mitigations into the Mail module for CVE-2021-3618.patch.
    (Closes: #991328)

  [ Jan Mojžíš ]
  * d/p/0003-define_gnu_source-on-other-glibc-based-platforms.patch update,
    fixes build on hurd-i386 platform

 -- Thomas Ward   Wed, 04 May 2022 16:04:59 -0400

nginx (1.20.2-1) unstable; urgency=medium

  [ Ondřej Nový ]
  * d/control: Update Uploaders for new maintainers.

  [ Thomas Ward ]
  * Update to latest upstream Stable version (1.20.2) (Closes: #1008855)
  * d/patches/Resolver-fixed-off-by-one-write-in-ngx_resolver
    _copy.patch: Drop CVE-2021-23017 patch, as this is fixed in 1.20.1
    and we are now using 1.20.2 which already contains the patch.
  * Refreshed d/patches/0002-Make-sure-signature-stays-the-same-
    in-all-nginx-buil.patch (fuzz thanks to 1.20.2)
  * d/conf/mime.types: Update mime.types to more match upstream mime.types
    and include upstream changes with mime.types from 1.21.x via nginx.org
    mercurial repository versions.
  * d/control: Remove self from Uploaders per other Debian devs, who want 
    that commit to be done by someone on the current uploaders/maintainers
    group instead.

 -- Thomas Ward   Tue, 19 Apr 2022 09:50:42 -0400

nginx (1.18.0-9) unstable; urgency=medium

  [ Jan Mojžíš ]
  * http-lua: Downgrade to 0.10.13 (Closes: #1008787).
  * http-lua: Backport upstream bugfix for segfault in nginx core >= 1.15.0
    when libnginx-mod-http-lua is loaded and init_worker_by_lua* is used.
  * d/control: Add mips64el,ppc64,kfreebsd-amd64 to list of luajit platforms.
  * d/control: fix Homepage nginx.net -> nginx.org (Closes: #976158)

  [ Thomas Ward ]
  * d/watch: Update watch syntax to match all even versions of NGINX releases
    rather than use a watch syntax that is static to one specific version.
    This will fix the untracked "New upstream stable versions" problem.
  * d/control: Update 'uploaders' as Thomas Ward is now a maintainer in 
    the Salsa repository.

 -- Jan Mojžíš   Tue, 05 Apr 2022 19:11:47 +0200

nginx (1.18.0-8) unstable; urgency=medium

  * Restore patch:
    d/p/Resolver-fixed-off-by-one-write-in-ngx_resolver_copy.patch

 -- Ondřej Nový   Tue, 15 Mar 2022 13:23:06 +0100

nginx (1.18.0-7) unstable; urgency=medium

  [ Ondřej Nový ]
  * d/p/CVE-2019-20372.patch: Drop, applied upstream.
  * http-auth-pam: Upgrade to 1.5.3.
  * http-echo: Upgrade to 0.62.
  * nchan: Upgrade to 1.2.15.
  * http-fancyindex: Upgrade to 0.5.2.
  * rtmp: Upgrade to 1.2.2.
  * http-lua: Upgrade to 0.10.15 (Closes: #994178).
  * http-lua: Rebase patch.
  * nchan: Drop GCC 10 patch, applied upstream.
  * d/watch: Bump version to 4.
  * Bump standards version to 4.6.1 (no changes).
  * d/copyright: Bump my copyright year.

  [ Ondřej Surý ]
  * Add arm64 and ppc64el to list of luajit platforms.

  [ Athos Ribeiro ]
  * d/nginx-common.nginx.service: Fix service shutdown description to mention
    SIGQUIT instead of SIGSTOP (LP: #1919965).

 -- Ondřej Nový   Tue, 15 Mar 2022 11:50:18 +0100

nginx (1.18.0-6.1) unstable; urgency=high

  * Non-maintainer upload.
  * Resolver: fixed off-by-one write in ngx_resolver_copy() (CVE-2021-23017)
    (Closes: #989095)

 -- Salvatore Bonaccorso   Sat, 29 May 2021 16:21:37 +0200

nss 2:3.68.2-0ubuntu1 -> 2:3.77-1

* Last Uploader: Athos Ribeiro (sponsored by Lucas Kanashiro)

Sync or Merge bug: Bug #1971299 in nss (Ubuntu): "Merge nss from Debian unstable for kinetic" (New)

Debian changes newer than ubuntu version:

nss (2:3.77-1) unstable; urgency=medium

  * New upstream release.
  * debian/libnss3.symbols: Add NSS_3.77 symbol version.

 -- Mike Hommey   Wed, 06 Apr 2022 09:18:22 +0900

nss (2:3.75-1) unstable; urgency=medium

  * New upstream release.

 -- Mike Hommey   Wed, 09 Feb 2022 08:46:51 +0900

nss (2:3.73.1-1) unstable; urgency=medium

  * New upstream release.

 -- Mike Hommey   Fri, 17 Dec 2021 06:16:55 +0900

nss (2:3.73-1) unstable; urgency=medium

  * New upstream release.
  * Fixes MFSA-2021-51, aka CVE-2021-43527: Memory corruption via DER-encoded
    DSA and RSA-PSS signatures.

 -- Mike Hommey   Thu, 02 Dec 2021 06:04:31 +0900

nss (2:3.72-2) unstable; urgency=medium

  * debian/control: libnss3-dev breaks libxmlsec1-dev (<< 1.2.33-1).
    Closes: #998733.

 -- Mike Hommey   Fri, 12 Nov 2021 06:21:05 +0900

nss (2:3.72-1) unstable; urgency=medium

  * New upstream release.
  * debian/libnss3.symbols, nss/lib/ssl/sslinfo.c, nss/lib/ssl/sslt.h,
    nss/cmd/selfserv/selfserv.c, nss/cmd/strsclnt/strsclnt.c,
    nss/cmd/tstclnt/tstclnt.c: Bump dependency version for SSL_GetChannelInfo
    symbol and remove the previous workaround. Closes: #990058.
  * debian/libnss3.lintian-overrides.in, debian/rules,
    nss/cmd/shlibsign/shlibsign.c, nss/lib/pk11wrap/pk11load.c,
    nss/lib/util/secload.c, nss/cmd/shlibsign/Makefile,
    nss/cmd/shlibsign/manifest.mn: Stop putting freebl, softokn, etc. in a
    subdirectory. It's a deviation from upstream that is causing more problems
    than it's worth keeping. Closes: #737855, #846012, #979159.
  * debian/libnss3-dev.links.in: Remove xulrunner-nss.pc.
  * debian/rules: Stop forcing xz compression.
  * debian/copyright: Add dot for continuation.
  * debian/watch: Upgrade to version 4.
  * debian/control: Upgrade Standard-Version to 4.6.0:
    - debian/rules: Build with `make -s` when DEB_BUILD_OPTIONS contains
      terse.
    - debian/control: Add Rules-Requires-Root: no.
  * debian/control: Remove conflict with libnss3-1d. The last Debian version
    with libnss3-1d was jessie, and it had a newer version anyways.
  * debian/rules: Enable all hardening options.
  * debian/libnss3-symbols: Add Build-Depends-Package in symbols file.
  * debian/*.lintian-overrides*: Remove
    copyright-refers-to-versionless-license-file lintian overrides.
  * debian/libnss3.lintian-overrides.in:
    - s/shlib-without-versioned-soname/shared-library-lacks-version/.
    - Add lacks-unversioned-link-to-shared-library overrides.
  * debian/nss-config.in, debian/rules: Ship upstream nss-config instead of
    ours. Closes: #737855, #963136.
  * debian/rules, debian/control: Always set Multi-Arch: same.
  * debian/copyright:
    - Remove commas in `Files`.
    - Add missing license name for ifparser.
    - Add missing `Copyright`.
    - Remove copyright for mkdepend, which is not in the source tree anymore.
  * debian/upstream/metadata: Add upstream bug tracking metadata.

  [ Daniel Kahn Gillmor ]
  * debian/control: correct Homepage (old URL redirects to 404)

  [ Janitor ]
  * debian/changelog: Trim trailing whitespace.
  * debian/copyright: Use secure copyright file specification URI.
  * debian/compat, debian/control:
    - Bump debhelper from deprecated 9 to 13.
    - Set debhelper-compat version in Build-Depends.
  * debian/upstream/metadata: Set upstream metadata fields: Repository.
  * debian/rules: Drop transition for old debug package migration.

 -- Mike Hommey   Tue, 02 Nov 2021 06:57:06 +0900

nss (2:3.70-1) unstable; urgency=medium

  * New upstream release.

 -- Mike Hommey   Wed, 08 Sep 2021 08:31:23 +0900

open-vm-tools 2:11.3.5-1ubuntu4 -> 2:12.0.0-2

* Last Uploader: Dave Jones (sponsored by Graham Inggs)

Sync or Merge bug: Bug #1971253 in open-vm-tools (Ubuntu): "Merge open-vm-tools from Debian unstable for kinetic" (New)

Debian changes newer than ubuntu version:

open-vm-tools (2:12.0.0-2) unstable; urgency=medium

  * [2eaee7c] Add dependencies for the containerinfo plugin.
  * [c21ef1d] Fix building containerinfo on i386
    %ld is not a 64bit integer on i386.
  * [5b23cd3] Use G_GINT64_FORMAT instead of lld

 -- Bernd Zeimetz   Mon, 02 May 2022 19:06:08 +0200

open-vm-tools (2:12.0.0-1) unstable; urgency=medium

  [ Debian Janitor Bot ]
  * [b8a7e72] Bump debhelper from old 12 to 13. + Rename debian/open-vm-tools-desktop.tmpfile to debian/open-vm-tools-desktop.tmpfiles.
    Changes-By: lintian-brush
    Fixes: lintian: package-uses-old-debhelper-compat-version
    See-also: https://lintian.debian.org/tags/package-uses-old-debhelper-compat-version.html
  * [db353fc] Update renamed lintian tag names in lintian overrides.
    Changes-By: lintian-brush
    Fixes: lintian: renamed-tag
    See-also: https://lintian.debian.org/tags/renamed-tag.html
  * [e836429] Set upstream metadata fields: Archive.
    Changes-By: lintian-brush

  [ Bernd Zeimetz ]
  * [c68b4a7] New upstream version 12.0.0 (Closes: #1006845)
  * [5e498c2] Refresh patches
  * [d1a0fb3] udevadm: trigger only for scsi devices on install.
    Thanks to Benjamin Drung (Closes: #1009194)

 -- Bernd Zeimetz   Wed, 27 Apr 2022 11:54:11 +0200

openldap 2.5.11+dfsg-1~exp1ubuntu3 -> 2.5.12+dfsg-2

* Last Uploader: Dave Jones (sponsored by Graham Inggs)

Sync or Merge bug: Bug #1971305 in openldap (Ubuntu): "Merge openldap from Debian unstable for kinetic" (New)

Debian changes newer than ubuntu version:

openldap (2.5.12+dfsg-2) unstable; urgency=medium

  * Stop slapd explicitly in prerm as a workaround for #1006147, which caused
    dpkg-reconfigure to not restart the service, so the new configuration was
    not applied. See also #994204. (Closes: #1010971)

 -- Ryan Tandy   Mon, 23 May 2022 10:14:53 -0700

openldap (2.5.12+dfsg-1) unstable; urgency=medium

  * New upstream release.
    - Fixed SQL injection in back-sql (ITS#9815) (CVE-2022-29155)
  * Update debconf translations:
    - German, thanks to Helge Kreutzmann. (Closes: #1007728)
    - Spanish, thanks to Camaleón. (Closes: #1008529)
    - Dutch, thanks to Frans Spiesschaert. (Closes: #1010034)

 -- Ryan Tandy   Wed, 04 May 2022 18:00:16 -0700

openldap (2.5.11+dfsg-1) unstable; urgency=medium

  * Upload to unstable.

 -- Ryan Tandy   Fri, 11 Mar 2022 19:38:02 -0800

openvpn 2.5.5-1ubuntu3 -> 2.6.0~git20220518+dco-1

* Last Uploader: Marc Deslauriers

Sync or Merge bug: Bug #1971306 in openvpn (Ubuntu): "Merge openvpn from Debian unstable for kinetic" (New)

Debian changes newer than ubuntu version:

openvpn (2.6.0~git20220518+dco-1) unstable; urgency=medium

  * New upstream version 2.6.0~git20220518+dco
  * Release to unstable
  * Revert "Build against OpenSSL 3.0", OpenSSL 3.0 has landed in unstable

 -- Bernhard Schmidt   Fri, 20 May 2022 08:35:29 +0200

openvpn (2.6.0~git20220510+dco-1) experimental; urgency=medium

  * New upstream version 2.6.0~git20220510+dco
  * Suggest openvpn-dco-dkms
  * Drop iproute2, linux builds use netlink
  * Limit libnl-genl-3-dev build-dep (for dco) to linux-any
  * Build against OpenSSL 3.0

 -- Bernhard Schmidt   Fri, 13 May 2022 00:01:35 +0200

openvpn (2.6.0~git20220317+dco-1) experimental; urgency=medium

  * New upstream version 2.6.0~git20220317+dco
    This is a snapshot of the upstream dco branch (data-channel offloading)

 -- Bernhard Schmidt   Mon, 21 Mar 2022 11:54:29 +0100

openvpn (2.5.6-1) unstable; urgency=high

  * New upstream version 2.5.6
    CVE-2022-0547 - Potential authentication by-pass with multiple deferred
    authentication plug-ins plug-ins (Closes: #1008015)

 -- Bernhard Schmidt   Sun, 20 Mar 2022 21:42:05 +0100

pep8 1.7.1-9ubuntu1 -> 1.7.1-10

* Last Uploader: Julian Andres Klode

Sync or Merge bug: Bug #1971309 in pep8 (Ubuntu): "Merge pep8 from Debian unstable for kinetic" (Incomplete)

Debian changes newer than ubuntu version:

pep8 (1.7.1-10) unstable; urgency=medium

  [ Ondřej Nový ]
  * d/control: Update Maintainer field with new Debian Python Team
    contact address.
  * d/control: Update Vcs-* fields with new Debian Python Team Salsa
    layout.

 -- Sandro Tosi   Wed, 04 May 2022 17:44:53 -0400

php8.1 8.1.2-1ubuntu4 -> 8.1.5-1

* Last Uploader: Athos Ribeiro

Debian changes newer than ubuntu version:

php8.1 (8.1.5-1) unstable; urgency=medium

  * New upstream version 8.1.5

 -- Ondřej Surý   Thu, 21 Apr 2022 11:51:30 +0200

php8.1 (8.1.4-1) unstable; urgency=medium

  * New upstream version 8.1.4

 -- Ondřej Surý   Sun, 20 Mar 2022 17:43:51 +0100

php8.1 (8.1.3-1) unstable; urgency=medium

  * New upstream version 8.1.3
   + CVE-2021-21708: Fix use-after-free due to php_filter_float() failing
     for ints (Closes: #1006672)

 -- Ondřej Surý   Mon, 21 Feb 2022 15:47:42 +0100

ppp 2.4.9-1+1ubuntu3 -> 2.4.9-1+1.1

* Last Uploader: Robie Basak

Debian changes newer than ubuntu version:

ppp (2.4.9-1+1.1) unstable; urgency=high

  * Non-maintainer upload

  [ Paul Wise ]
  * Compile for host architecture (Closes: #990021)

  [ Till Kamppeter ]
  * Let 0000usepeerdns exit when NetworkManager is in use (LP: #1778946)

  [ Eivind Næss ]
  * d/p/eap-mschap-v2-namelen.patch: fix the length of the username when
    responding to an EAP MSCHAPv2 challenge (LP: #1958196)

 -- Bastian Germann   Mon, 11 Apr 2022 11:11:33 +0200

python-django 2:3.2.12-2ubuntu1 -> 2:3.2.13-1

* Last Uploader: Marc Deslauriers

Sync or Merge bug: Bug #1971314 in python-django (Ubuntu): "Merge python-django from Debian unstable for kinetic" (New)

Debian changes newer than ubuntu version:

python-django (2:3.2.13-1) unstable; urgency=high

  * New upstream security release:

    - CVE-2022-28346: Potential SQL injection in QuerySet.annotate(),
      aggregate(), and extra().

      QuerySet.annotate(), aggregate(), and extra() methods were subject to SQL
      injection in column aliases, using a suitably crafted dictionary, with
      dictionary expansion, as the **kwargs passed to these methods.

    - CVE-2022-28347: Potential SQL injection via QuerySet.explain(**options)
      on PostgreSQL.

      QuerySet.explain() method was subject to SQL injection in option names,
      using a suitably crafted dictionary, with dictionary expansion, as the
      **options argument.

    See 
    for more info.

 -- Chris Lamb   Tue, 12 Apr 2022 18:22:30 +0200

qemu 1:6.2+dfsg-2ubuntu7 -> 1:7.0+dfsg-7

* Last Uploader: Christian Ehrhardt 

Sync or Merge bug: Bug #1971315 in qemu (Ubuntu): "Merge qemu from Debian unstable for kinetic" (New)

Debian changes newer than ubuntu version:

qemu (1:7.0+dfsg-7) unstable; urgency=medium

  * d/tests/test-qemu-user: rework ls/glob test a bit
  * d/tests/test-qemu-user: fix ppc64le qemu architecture name
  * d/binfmt-install: use proper name for binfmt.d (*.conf)
    Hopefully closes: #1011003
  * two virtio-scsi bugfixes from upstream:
    virtio-scsi-fix-ctrl-and-event-handler-functions-in-dataplane.patch
    virtio-scsi-don-t-waste-CPU-polling-the-event-virtqueue.patch
  * 3 patches from upstream to fix possible coroutine crashes:
    coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch
    coroutine-rename-qemu_coroutine_inc-dec_pool_size.patch
    coroutine-revert-to-constant-batch-size.patch
  * target-i386-do-not-consult-nonexistent-host-leaves.patch
  * d/control: stop suggesting sudo for qemu-user-static
  * Revert "d/rules: do not try to enable tcg-interpreter on unsupported
    targets, it does not help anymore" - it does help but it needs a bit
    more work
  * disable xen support for qemu-system-x86 build and create a wrapper
    for -i386 to redirect xen-related usage to xen-specific binary
    with a warning (for bookworm only)
  * common-user-no-user.patch: fix one of FTBFS on unsupported architectures
  * d/rules: use regular variable assignment for BUILD_PACKAGES
  * two trivial patches to fix spelling in roms:
    openbios-spelling-endianess.patch
    slof-spelling-seperator.patch

 -- Michael Tokarev   Sun, 15 May 2022 15:49:12 +0300

qemu (1:7.0+dfsg-6) unstable; urgency=medium

  * d/rules: the forgotten --enable-xen-pci-passthrough for the xen build
  * d/tests/test-qemu-user: rewrite to be more robust and complete and
    include test for qemu-user-static too.

 -- Michael Tokarev   Mon, 09 May 2022 01:37:56 +0300

qemu (1:7.0+dfsg-5) unstable; urgency=medium

  * d/tests/test-qemu-user.sh: more arch-specific debugging/updates

 -- Michael Tokarev   Sat, 07 May 2022 12:22:26 +0300

qemu (1:7.0+dfsg-4) unstable; urgency=medium

  * d/tests/: fix failing tests.
    - test-qemu-user: depend on gcc for dpkg-architecture to work,
      and print debugging info for future switch to uname -m
    - test-qemu-img: switch from using file to qemu-img info

 -- Michael Tokarev   Sat, 07 May 2022 11:33:23 +0300

qemu (1:7.0+dfsg-3) unstable; urgency=medium

  [ Michael Tokarev ]
  * d/binfmt-install: also generate binfmt.d/ entries for systemd
  * d/control: use systemd as preferred alternative to binfmt-support
    hopefully Closes: #789011 (Minimal dependencies to register binfmt)
    Closes: #985889 (make binfmt setup configurable)
  * d/control: remove Riku Voipio from Uploaders. Thank you Riku!
  * d/rules: simplify DEB_BUILD_OPTIONS=parallel=N parsing

  [ Guido Günther ]
  * Add minimal autopkgtest (Closes: #832982)

 -- Michael Tokarev   Sat, 07 May 2022 00:03:24 +0300

qemu (1:7.0+dfsg-2) unstable; urgency=medium

  * d/control: add Rules-Requires-Root: no
  * d/control: switch to debhelper-compat=13
  * d/control: drop "qemu" empty/dummy pseudopackage
  * d/control: do not build linux-user* on ia64 and powerpc
    (not supported by upstream anymore)
  * d/control: add Breaks for qemu-system-data for other packages from which
    it borrowed files in the past (Closes: #1008095)
  * d/rules: switch to the dh sequence (but keep build-{arch,indep}),
    rearrange some rules.
    This brings us dh_dwz (very slow) and dh_strip_nondeterminism.
  * d/rules: do not explicitly turn off slirp & capstone (now properly
    controlled by --with[out]-default-features option)
  * d/rules: do not try to enable tcg-interpreter on the unsupported
    targets, it does not help to build tools anymore
  * d/rules: do not chown -w d/control, it breaks dpkg-source
  * d/rules: clean up the clean target
  * d/not-installed: list many documentation files and qemu-plugin.h
  * configure-make-fortify_source-yes-by-default.patch: enable
    fortify-source for minimal builds too
  * d/changelog: mention #990562 (CVE-2021-3611) closed by 7.0

 -- Michael Tokarev   Sat, 30 Apr 2022 13:38:12 +0300

qemu (1:7.0+dfsg-1) unstable; urgency=medium

  * update to 7.0 release

 -- Michael Tokarev   Thu, 21 Apr 2022 14:19:51 +0300

qemu (1:7.0~rc4+dfsg-1) experimental; urgency=medium

  * New upstream 7.0 (rc)
    Closes: #990562, CVE-2021-3611
  * remove patches applied upstream
  * remove new binary file, pc-bios/edk2-x86_64-microvm.fd.bz2
  * d/control: remove libxfs-dev build dependency,
    the ioctl is implemented inline
  * d/control: stop build-depend-indep on libc6.1-dev-alpha-cross,
    not needed anymore
  * d/rules: update skiboot version check (skiboot hasn't canged since 6.1)
  * build & install vbootrom (npcm7xx_bootrom.bin), and
    build-depend-indep on gcc-arm-none-eabi
  * create a new binary package, qemu-system-xen, which provides
    /usr/libexec/xen-qemu-system-i386 binary for use by xen only.
    Once xen switches to use this binary instead of usual qemu-system-i386,
    xen support will be removed from the regular qemu-system-x86 build
  * use a fast inline version of /usr/share/dpkg/architecture.mk

 -- Michael Tokarev   Sun, 17 Apr 2022 15:08:40 +0300

qemu (1:6.2+dfsg-3) unstable; urgency=medium

  [ Christian Ehrhardt ]
  * d/rules: ensure xen is built on x86
  * d/rules: xen libexec dir is no more versioned
  * d/kvm-spice: fix when acceleration is already defined on the commandline

  [ Michael Tokarev ]
  * d/control, d/rules: do not compile xen support on i386,
    since it is amd64-only now (since 4.16)
  * d/control: add libbpf-dev & --enable-bpf for eBPF support
    (Closes: #994573)

 -- Michael Tokarev   Fri, 25 Feb 2022 12:01:46 +0300

resource-agents 1:4.7.0-1ubuntu7 -> 1:4.11.0-1

* Last Uploader: Lucas Kanashiro

Sync or Merge bug: Bug #1971317 in resource-agents (Ubuntu): "Merge resource-agents from Debian unstable for kinetic" (New)

Debian changes newer than ubuntu version:

resource-agents (1:4.11.0-1) unstable; urgency=medium

  * New upstream version 4.11.0
  * debian/patches: refresh for new version
  * debian/copyright: update copyright for debian directory

 -- Valentin Vidic   Wed, 06 Apr 2022 22:08:42 +0200

resource-agents (1:4.10.0-1) unstable; urgency=medium

  * New upstream version 4.10.0
  * debian/watch: update github url
  * debian/control: update Standards-Version to 4.6.0
  * debian/control: update build dependencies
  * debian/control: add bc to Depends (Closes: #1000644)
  * debian/patches: refresh for new version
  * debian/lintian-overrides: refresh for new version
  * debian/patches: fix shellcheck errors
  * debian/rules: fix version used for building
  * debian/rules: fix manpage header
  * debian/control: remove old Conflicts and Replaces
  * debian/lintian-overrides: ignore capitalization in agent names
  * debian/rules: move internal binaries to /usr/libexec/heartbeat

 -- Valentin Vidic   Sun, 03 Apr 2022 13:39:33 +0200

rrdtool 1.7.2-3ubuntu6 -> 1.7.2-4

* Last Uploader: Matthias Klose

Sync or Merge bug: Bug #1971318 in rrdtool (Ubuntu): "Merge rrdtool from Debian unstable for kinetic" (New)

Debian changes newer than ubuntu version:

rrdtool (1.7.2-4) unstable; urgency=medium

  [ Jean-Michel Vourgère ]
  * Changed maintainer team address from alioth to tracker.d.o.
  * d/copyright: Fixed tclrrd.c double entry.
  * Bumped debhelper compat level to 13:
    - librrds-perl.install and rrdtool-tcl.install use builtin variables
      expansion.
    - Dropped build-dependency on dh-exec.
    - Removed --fail-missing in dh_missing, as it is now the default.
  * Bumped d/watch to format 4.
  * New patch python3_example.
  * Drop package python3-rrdtool-dbg. (Closes: #994376)

  [ Debian Janitor ]
  * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
    Repository-Browse.
  * Wrap long lines in changelog entries: 1.0.42-2.

 -- Jean-Michel Vourgère   Thu, 18 Nov 2021 17:35:17 +0100

rsync 3.2.3-8ubuntu3 -> 3.2.4-1

* Last Uploader: Julian Andres Klode

Sync or Merge bug: Bug #1971319 in rsync (Ubuntu): "Merge rsync from Debian unstable for kinetic" (New)

Debian changes newer than ubuntu version:

rsync (3.2.4-1) unstable; urgency=medium

  [ Samuel Henrique ]
  * New upstream version 3.2.4
    - Work around a glibc bug where lchmod() breaks in a chroot w/o /proc
      mounted (closes: #995046).
    - rsync.1: remove prepended backticks which broke --stop-after and
      --stop-at formatting (closes: #1007990).
  * Ship new python-based rrsync with --with-rrsync:
    - rrsync was previouysly written in bash.
    - A manpage is now shipped for rrsync.
    - python3 and python3-cmarkgfm are new B-Ds since they're needed
      to generate the manpage.
  * d/control:
    - Add version requirement for some libxxhash-dev and libzstd-dev as
      per upstream docs.
    - Add python3-braceexpand to Suggests as it can be used by rrsync.
  * d/rsync.install: cull_options has been renamed to cull-options.
  * d/patches:
    - Refresh the following patches:
      ~ disable_reconfigure_req.diff;
      ~ perl_shebang.patch;
      ~ skip_devices_test.patch;
    - Drop the following patches, applied upstream now:
      ~ CVE-2020-14387.patch;
      ~ copy-devices.diff;
      ~ fix_delay_updates.patch;
      ~ fix_ftcbfs_configure.patch;
      ~ fix_mkpath.patch;
      ~ fix_rsync-ssl_RSYNC_SSL_CERT_feature.patch;
      ~ fix_sparse_inplace.patch;
      ~ manpage_upstream_fixes.patch;
      ~ update_rrsync_options.patch;
      ~ workaround_glibc_lchmod_regression.patch;

  [ Sergio Durigan Junior ]
  * d/rules: Disable ASM optimizations when building.
    This is not needed because the only ASM-optimized implementation
    available is the MD5 hash, which is actually a no-op because we link
    against OpenSSL and rsync ends up using that library's implementation
    of the hash.  Even then, the final binary ends up with the
    ASM-optimized version included, which makes it become
    CET-incompatible.
    Thanks to Dimitri John Ledkov 

 -- Samuel Henrique   Mon, 18 Apr 2022 14:44:44 +0100

ruby-defaults 1:3.0~exp1 -> 1:3.0+1

Unknown (Probably auto sync.)

Debian changes newer than ubuntu version:

ruby-defaults (1:3.0+1) unstable; urgency=medium

  * Remove ruby2.7 support.

 -- Lucas Kanashiro   Mon, 07 Mar 2022 17:37:10 -0300

ruby-defaults (1:3.0) unstable; urgency=medium

  * Re-add ruby2.7 as an alternative interpreter.
    ruby3.0 is still the default but to ease the transition (avoid any
    entanglement with other transitions) we are re-adding ruby2.7 and it
    will be removed as the next and final stage of the transition.

 -- Lucas Kanashiro   Thu, 17 Feb 2022 12:18:38 -0300

ruby3.0 3.0.2-7ubuntu2 -> 3.0.4-7

* Last Uploader: Leonidas S. Barbosa (sponsored by Marc Deslauriers)

Debian changes newer than ubuntu version:

ruby3.0 (3.0.4-7) unstable; urgency=medium

  * Complete the patch to disable compaction on architectures where it can't work.

 -- Antonio Terceiro   Sun, 01 May 2022 09:56:20 -0300

ruby3.0 (3.0.4-6) unstable; urgency=medium

  * Exclude TestGCCompact on s390x

 -- Antonio Terceiro   Thu, 28 Apr 2022 10:56:40 -0300

ruby3.0 (3.0.4-5) unstable; urgency=medium

  * Fix disabling compaction on platforms that can't support it.
    The initial patch was incomplete, and actually broke every other
    architecture that was not ppc64el.

 -- Antonio Terceiro   Wed, 27 Apr 2022 15:15:03 -0300

ruby3.0 (3.0.4-4) unstable; urgency=medium

  * Disable GC compaction on platforms that can't support it.
    This should fix some crashes hapenning on ppc64el

 -- Antonio Terceiro   Wed, 27 Apr 2022 12:55:10 -0300

ruby3.0 (3.0.4-3) unstable; urgency=medium

  * ppc64el: exclude TestGCCompact tests as they segfault

 -- Antonio Terceiro   Sat, 23 Apr 2022 08:31:14 -0300

ruby3.0 (3.0.4-2) unstable; urgency=medium

  * Exclude test TestGemInstaller#test_ensure_no_race_conditions_between_installing_and_loading_gemspecs

 -- Antonio Terceiro   Fri, 22 Apr 2022 09:58:51 -0300

ruby3.0 (3.0.4-1) unstable; urgency=medium

  [ John Paul Adrian Glaubitz ]
  * Disable some tests on powerpc (Closes: #999349)
  * Disable some tests on alpha (Closes: #999444)
  * Fix filenames for glibc SO files on alpha and ia64
    (Closes: #1007925)

  [ Antonio Terceiro ]
  * New upstream version 3.0.4
  * Includes fixes for the following security issues:
    - CVE-2022-28739: Buffer overrun in String-to-Float conversion
      (Closes: #1009956)
    - CVE-2022-28738: Double free in Regexp compilation
      (Closes: #1009958)
  * Refresh patches.
    The fix in rand_init-fix-off-by-one-error.patch has been done upstream
    differently; drop the patch.
  * TestZlibGzipFile: skip test unsupported on overlay filesystems

 -- Antonio Terceiro   Thu, 21 Apr 2022 13:52:50 -0300

ruby3.0 (3.0.3-1) unstable; urgency=medium

  * New upstream version 3.0.3.  Includes fixes for the following security
    issues (Closes: #1002995):
    - CVE-2021-41816: Buffer Overrun in CGI.escape_html
    - CVE-2021-41817: regular expression Denial of Service in Date.parse
    - CVE-2021-41819: mishandling of security prefixes in CGI::Cookie.parse
  * Refresh patches
  * autopkgtest: builtin-extensions: check openssl version
  * debian/libruby3.0.symbols: update
  * Fix generation of Provides:
  * Exclude some tests from TestGemServer

 -- Antonio Terceiro   Sun, 13 Mar 2022 21:02:08 -0300

samba 2:4.15.5~dfsg-0ubuntu6 -> 2:4.16.1+dfsg-4

* Last Uploader: Steve Langasek

Sync or Merge bug: Bug #1971256 in samba (Ubuntu): "Merge samba from Debian unstable for kinetic" (New)

Debian changes newer than ubuntu version:

samba (2:4.16.1+dfsg-4) unstable; urgency=medium

  [ Michael Tokarev ]
  * fix spelling in disable-setuid-confchecks.patch
  * d/NEWS: split it into different $package.NEWS files
  * d/upstream/metadata: add Bug-Database
  * d/samba.postinst: create sambashare group and usershare directory
    on new install only
  * libldb2: provide compat symlinks for bullseye ldb modules dir
  * d/rules: provide Build-Depends-Package: for python3-ldb
  * samba-vfs-modules.lintian-overrides: add spare-manual-page vfs_*.8 override
  * winbind.lintian-overrides: add spare-manual-page idmap_*.8 override

  [ Arnaud Rebillout ]
  * Fix patch testparm-do-not-fail-if-pid-dir-does-not-exist (Closes: #1010835)

 -- Michael Tokarev   Wed, 11 May 2022 09:50:03 +0300

samba (2:4.16.1+dfsg-3) unstable; urgency=medium

  * fix ldb package version generation in d/make_shlibs
    which was wrong in 2 previous uploads.
    Will I *ever* make it actually work someday?

 -- Michael Tokarev   Mon, 02 May 2022 18:32:24 +0300

samba (2:4.16.1+dfsg-2) unstable; urgency=medium

  * rethink ldb version *again*, to be 2.5.0+smb4.16.1-2
    or else 2.5.0+smb-1 from samba-4.16.1-2 sorts before
    2.5.0+smb-7 from samba-4.16.0-7.

 -- Michael Tokarev   Mon, 02 May 2022 17:02:16 +0300

samba (2:4.16.1+dfsg-1) unstable; urgency=medium

  * new upstream minor release 4.16.1
  * move-msg.sock-from-var-lib-samba-to-run-samba.patch:
    move /var/lib/samba/private/msg.sock/ to /run/samba/msg.sock/.
    This is a (private) socket directory for IPC, it should not be in /var.
  * Remove /var/lib/samba/private/msg.sock/ in postinst
  * testparm-do-not-fail-if-pid-dir-does-not-exist.patch:
    testparm deliberately fails if /run/samba does not exist,
    while testparam itself does not use it and daemons will
    create it on demand.  Just make it a warning instead of a
    fatal error, and we'll not need to pre-create this dir
    in a random place using hackish ways
  * ctdb-create-piddir.patch: create /run/ctdb/ in ctdb.service
    and ctdb.init before invoking ctdbd (as the latter does not
    create its pid directory on demand).
  * stop (ab)using tmpfiles.d to pre-create /run/samba/ and /run/ctdb/
    and stop creating /run/samba/ in samba-common-bin.postinst just to
    make testparam happy.
  * d/rules: minor tweaks

 -- Michael Tokarev   Mon, 02 May 2022 13:16:12 +0300

samba (2:4.16.0+dfsg-7) unstable; urgency=medium

  * another bunch of small tweaks to d/rules:
   - set SHELL to /bin/sh -e
   - rework the clean target
   - provide fast replacement of architecture.mk
   - better expression for DEB_REVISION
   - rearrange configure options
  * do not disable glusterfs on ubuntu-i386 (glusterfs is now in main)
  * mention closing of #1001053 by the 4.16 upload
  * change the ldb version string again, removing te "+samba*" suffix
    to allow bin-NMUs +b1 (Closes: #1010100)

 -- Michael Tokarev   Sun, 24 Apr 2022 16:56:34 +0300

samba (2:4.16.0+dfsg-6) unstable; urgency=medium

  * another attempt to fix/work around #221618. Re-enable
    libsmbclient-ensure-lfs-221618.patch and change it to just define
    an extra type array int[sizeof(off_t)-7]. If off_t is small it will
    become a compile error.  It is an ugly way to do it, but it should
    actually work, unlike various static_assert/_Static_assert which are
    language (C/C++) and standard-dependent.  Closes: #221618.

 -- Michael Tokarev   Sat, 09 Apr 2022 17:27:09 +0300

samba (2:4.16.0+dfsg-5) unstable; urgency=medium

  * disable libsmbclient-ensure-lfs-221618.patch for now.
    It throws errors in one or another configuration no matter what.
    Repoens: #221618
  * d/salsa-ci.yml: re-allow blhc salsa-ci test to fail again
    due to different bug in blhc

 -- Michael Tokarev   Sat, 09 Apr 2022 16:33:57 +0300

samba (2:4.16.0+dfsg-4) unstable; urgency=medium

  * libsmbclient-ensure-lfs-221618.patch: replace _Static_assert with
    static_assert (and include  to make C++ happy too
    (Closes: #1009211)
  * disable-setuid-confchecks.patch: when running configure tests,
    samba tries to verify setuid/setgid etc calls are actually
    *working*, not just exists. This is only possible when the
    configure is running as root. But it turns out in some salsa-ci
    configuration (namely in the reprotest), the second build is
    actually running as root, and in that environment, actual
    setegid call is failing somehow. Just disable the config-time
    check for correctly working setgid and assume it "just works"
    if present, exactly like non-root build will do.
  * d/salsa-ci.yml: do not expect failure in blhc test (the original
    prob has been fixed long ago), and stop requiring experimental
  * mention closing of #999876 by 4.16

 -- Michael Tokarev   Sat, 09 Apr 2022 00:42:38 +0300

samba (2:4.16.0+dfsg-3) unstable; urgency=medium

  * d/control: comment out the selftest-mode build deps for now
  * d/control: forgotten python3-samba:Replaces against samba package too,
    not just samba-libs, when moving dckeytab python lib (Closes: #1009175)

 -- Michael Tokarev   Fri, 08 Apr 2022 10:18:23 +0300

samba (2:4.16.0+dfsg-2) unstable; urgency=medium

  * use strict versioned dependency between samba-dsdb-modules and libldb2,
    since they're tied to each other and are now built from the same source
  * fix forgotten shlib symbols generation for python3-ldb
  * change libldb versioning scheme
     from   ldb_2:2.5.0+samba4.16.0-1
     to     ldb_2:2.5.0-1+samba4.16.0
    so that symbols versioning works correctly.  Unfortunately the previous
    upload to experimental used the first form which is greather than the
    correct one, so temporarily (just for this 2.5.0 version of ldb) use
    this:   ldb_2:2.5.0+smb-1+samba4.16.0
    (with "+smb" suffix to be removed for 2.5.1+)
  * exclude samba-vfs-modules for i386 ubuntu build since this package
    is useless without samba itself (which is not built on this environment)
  * create selftest rules and add !nocheck build-dependencies
    (but do not enable selftests for now as they're failing)
  * split build system into -arch and -indep parts. We build only one arch-all
    package (samba-common) which contains only static files from debian/,
    there's no need to build whole samba to build this package.
    Move almost all Build-Depends to Build-Depends-Arch (and reindent them).
  * various updates to d/rules

 -- Michael Tokarev   Thu, 07 Apr 2022 09:56:56 +0300

samba (2:4.16.0+dfsg-1) experimental; urgency=medium

  * New upstream major release.
    Closes: #1004690, CVE-2021-20316: Fileserver symlink metadata share escape
    Closes: #1004691, CVE-2021-43566: mkdir race condition allows share escape
    Closes: #1004692, CVE-2021-44141: UNIX extensions in SMB1 disclose whether
     the outside target of a symlink exists
    Closes: #1005642 (windows client data corruption due to cache poisoning)
    Closes: #1001053 (MIT-kerberos config broken after fix for CVE-2020-25717)
    Closes: #988197 (legacy printing support, 47d79d7e7e406f7dd2)
    Closes: #998423 (coredump connecting from macos to shares with var substs)
    Closes: #999876 (winbind allow trusted domains = no regression)
  * Notable changes in 4.16 series compared to 4.13:
    - modular VFS (see The_New_VFS.txt)
    - publishing printers in AD is more complete
    - group policies for winbindd cilents (like linux systems)
    - certificate auto enrollement in AD group policy
    - large list of improvements in samba-tool
    - SMB1 protocol has been deprecated, some subcommands has been removed
    - more consistend options/subcommands in samba commands
  * d/rules: export PYTHONHASHSEED=1. This makes lots of sporadic build-time
    debian-specific failures to go away, by preserving order of waf hashes
  * refresh patches, update build-depend versions (talloc, tdb, tevent)
  * refresh lintian-overrides files, add many new overrides
  * build-depend on python3-markdown
  * build-depend on libjson-perl for new heimdal bits
  * more consistent internal lib naming; refresh file lists everywhere
  * samba: install new rpc_* services, install samba-dcerpc
  * refresh symbols files
  * build libldb from samba sources, not from separate source
    (this moves ldb plugins from /usr/lib/$triple/ldb/plugin/ldb/ to
     /usr/lib/$triple/samba/ldb/ - the same where dsdb modules are).
  * optimizations for d/make_shlibs; also allow one to specify explicit
    version for some packages
  * as per clarifications for waf --{bundled,builtin}-libraries, remove
    now-wrong usage there. This also fixes build failures with current
    samba sources
  * d/rules: various optimizations to reduce startup costs by eliminating
    unnecessary external command calls during d/rules read by make.
    Including caching of LDB version information in d/ldb-version.mk file.
    This does not affect the buildd processing much (and does not affect
    runtime at all), but helps with build procedure debugging.
  * d/rules: numerous small fixes, cleanups and other changes, including:
    - clean up the install target
    - remove some now-irrelevant parts
    - fix no-glusterfs-build on non-linux
  * change build procedure: instead of `waf build', run `waf install'.
    `waf build' builds samba to be run from the build dir, and `waf install'
    rebuilds/relinks everything again for production. Build the production
    variant only, no build-dir one.
  * samba-common-bin.postinst: explicitly mkdir /run/samba before invoking
    samba binaries (Closes: #953530)
  * in the salsa git repository of samba, stop keeping debian patches in
    applied form, keep them in d/patches/ only as most other packages do.
  * move single python (helper) module, libsamba-policy, together with
    2 internal libraries used by it, from samba-libs package to python3-samba.
    This makes samba-libs to be free from python-related files, and makes
    python3-samba to be the only python-providing package.
    Closes: #1006875, #878612, #862338
  * also move dckeytab python module from samba to python3-samba
    (actually stop moving it from python3-samba to samba to incorrectly
    avoid a circular dependency). Also verify that python3-samba does
    not depend on samba package.
  * weak-crypto-allowed-clarify.diff: clarify "weak crypto is allowed"
    testparm message (Closes: #975882)
  * spelling.patch: fix many common spelling mistakes in the source
  * ctdb: simplify/cleanup instllation of READMEs/examples
  * d/control: remove breaks/replaces/depends on ancient versions of some
    packages (ancient dpkg version in Pre-Depends, ancient samba-libs)
  * d/rules: rework wrong shlibdeps handling
  * move helper programs from /usr/lib/$multiarch/ to /usr/libexec/
    where they belongs. This should not affect users.
  * smbclient: re-do the fix for an old bug, #221618. The original "fix"
    did not fix anything (it is too late already to #define _FILE_OFFSET_BITS
    when all types has already been defined).  From now on, raise an error
    if off_t is less than 64bits (it should >=64 when #include'ing
     with proper LFS defines).  In theory this can break
    some sources which either included libsmbclient.h without a reason or
    which didn't use any of the functions which deals with off_t (smbc_lseek
    etc), - which did not explicitly enable LFS on a 32bit system.
    Please email us if you faced such situation.
  * drop 07_private_lib patch: we do not need to force rpath for
    private libraries into every samba binary, upstream build system
    does a good job here.

 -- Michael Tokarev   Tue, 05 Apr 2022 16:01:25 +0300

snapd-glib 1.60-0ubuntu1 -> 1.60-1

* Last Uploader: Robert Ancell

Debian changes newer than ubuntu version:

snapd-glib (1.60-1) unstable; urgency=medium

  * New upstream release.
  * debian/*.symbols:
    + Update .symbols files.

 -- Mike Gabriel   Sat, 23 Apr 2022 00:54:39 +0200

spice 0.15.0-2ubuntu4 -> 0.15.0-4

* Last Uploader: Christian Ehrhardt 

Sync or Merge bug: Bug #1971324 in spice (Ubuntu): "Merge spice from Debian unstable for kinetic" (New)

Debian changes newer than ubuntu version:

spice (0.15.0-4) unstable; urgency=medium

  * test-leaks-fix-the-test-with-OpenSSL3.patch:
    patch from upstream to fix FTBFS with OpenSSL3

 -- Michael Tokarev   Sat, 14 May 2022 22:46:12 +0300

spice (0.15.0-3) unstable; urgency=medium

  * patch from upstream to fix ftbfs (Closes: #1005451):
    build-Correctly-check-for-Python-modules.patch

 -- Michael Tokarev   Mon, 14 Mar 2022 11:00:39 +0300

squid 5.2-1ubuntu4 -> 5.5-1

* Last Uploader: Athos Ribeiro

Sync or Merge bug: Bug #1971325 in squid (Ubuntu): "Merge squid from Debian unstable for kinetic" (New)

Debian changes newer than ubuntu version:

squid (5.5-1) unstable; urgency=medium

  [ Amos Jeffries  ]
  * New Upstream Release

  * debian/patches/
    - remove upstreamed 0004-Change-default-Makefiles-for-debian.patch

 -- Luigi Gangitano   Fri, 15 Apr 2022 14:39:54 +0200

sssd 2.6.3-1ubuntu3 -> 2.6.3-3

* Last Uploader: Andreas Hasenack

Sync or Merge bug: Bug #1971327 in sssd (Ubuntu): "Merge sssd from Debian unstable for kinetic" (New)

Debian changes newer than ubuntu version:

sssd (2.6.3-3) unstable; urgency=medium

  * tests: Dump the daemon status after restart, hoping to see what the
    error is if it fails to start.
  * rules: Drop --with-ldb-dir, use the default value from the pkgconfig
    file. (Closes: #1009223)

 -- Timo Aaltonen   Sun, 10 Apr 2022 10:57:30 +0300

sssd (2.6.3-2) unstable; urgency=medium

  * rules: Disable lto.
  * Rebuild against current python-defaults. (Closes: #1008583)

 -- Timo Aaltonen   Tue, 29 Mar 2022 10:04:50 +0300

strongswan 5.9.5-2ubuntu2 -> 5.9.6-1

* Last Uploader: Sergio Durigan Junior

Sync or Merge bug: Bug #1971328 in strongswan (Ubuntu): "Merge strongswan from Debian unstable for kinetic" (Incomplete)

Debian changes newer than ubuntu version:

strongswan (5.9.6-1) unstable; urgency=medium

  * New upstream version 5.9.6
  * d/p/0006-fix-format-string-issue-in-enum_flags_to_string added
  * d/libstrongswan.install: install kdf plugin in libstrongswan

 -- Yves-Alexis Perez   Sat, 07 May 2022 20:19:18 +0200

taglib 1.11.1+dfsg.1-3ubuntu4 -> 1.12-1

* Last Uploader: Jeremy Bicha

Debian changes newer than ubuntu version:

taglib (1.12-1) unstable; urgency=medium

  * Upload to unstable.
  * debian/libtag1v5-vanilla.symbols: Refresh symbols using buildd logs.
  * debian/patches/0003-Make-taglib-config-arch-independent.patch:
    Correct implementation.

 -- Boyuan Yang   Sun, 03 Oct 2021 10:05:07 -0400

taglib (1.12-1~exp1) experimental; urgency=low

  * New upstream release.
  * debian/libtag1v5-vanilla.symbols: Refresh symbols.
  * debian/patches: Refresh patches.

  [ Helmut Grohne ]
  * Drop unused gsfonts-x11 build dependency. (Closes: #981737)

  [ Debian Janitor ]
  * Trim trailing whitespace.
  * Use secure URI in Homepage field.
  * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
    Repository-Browse.
  * Remove constraints unnecessary since buster:
    + Build-Depends: Drop versioned constraint on cmake.

 -- Boyuan Yang   Sun, 03 Oct 2021 02:33:34 -0400

taglib (1.12~beta~1-1~exp1) experimental; urgency=medium

  * New upstream beta release.
    + Fix slow processing of Shoutcast data. (Closes: #854664)
  * debian/symbols: Add new symbols.
  * debian/control: Let libtag1-dev depends on dpkg-dev since the
    old-style config script is calling dpkg-architecture tool.

 -- Boyuan Yang   Fri, 24 Jul 2020 13:41:08 -0400

unbound 1.13.1-1ubuntu5 -> 1.15.0-11

* Last Uploader: Rico Tzschichholz (sponsored by Graham Inggs)

Sync or Merge bug: Bug #1971332 in unbound (Ubuntu): "Merge unbound from Debian unstable for kinetic" (New)

Debian changes newer than ubuntu version:

unbound (1.15.0-11) unstable; urgency=medium

  [ Simon Deziel ]
  * d/unbound.postinst: fix configure action to have unbound user/group created
  * d/apparmor-profile: use profile name specifier

  [ Michael Tokarev ]
  * tests/runzones: add 1s delay after starting daemon:
    apparently the pid file is created/written too late

 -- Michael Tokarev   Sun, 15 May 2022 22:22:19 +0300

unbound (1.15.0-10) unstable; urgency=medium

  * d/tests/: fix the test to not rely on presence of unbound.pid after
    daemon start. Apparently unbound creates the pid file at a wrong time

 -- Michael Tokarev   Sun, 08 May 2022 10:17:45 +0300

unbound (1.15.0-9) unstable; urgency=medium

  * d/apparmor-profile: remove old /var/run/ alternatives for /run
  * d/apparmor-profile: allow /etc/unbound/var/lib/unbound/ access too,
    for chrooting to upstream-preferred /etc/unbound (Closes: #1010517)
  * d/rules: stop explicitly exporting CFLAGS/LDFLAGS, dh_auto_* does this
    automatically since dh-compat 9
  * d/rules: do not enable --with-lto-server on kfreebsd (this fixes FTBFS)
    It is a good candicate for an autoconf test.
  * d/rules: add comments for --disable-lto, --with-libbsd
  * d/tests/: add simple autopkgtest (verify www.debian.org record with DNSSEC)

 -- Michael Tokarev   Sat, 07 May 2022 10:34:09 +0300

unbound (1.15.0-8) unstable; urgency=medium

  * fix the brown-paper bag bug in the previous upload. I did it again:
    it is var += newvalue, not var := newvalue.  This made the previous
    upload to built without many build options

 -- Michael Tokarev   Fri, 29 Apr 2022 18:33:16 +0300

unbound (1.15.0-7) unstable; urgency=medium

  * unbound-resolvconf.service:
   - do not (re)start it explicitly from the postinst script, it should
     only be started as a part of unbound.service. Closes: #1009928
   - add comments to this service file to clarify its purpose
   - add lintian overrides for this service file
  * /etc/resolvconf/update.d/unbound resolvconf hook script:
   - ship it enabled for new installs. Closes: #1003135
   - but do not re-enable it for previous installs
   - add more comments to this file clarifying its purpose and possible issues
   - add comments about various ways to enable/disable this hook,
   - implement ability to disable it by setting USE_RESOLVCONF_FORWARDS=false
     in /etc/default/unbound
   - multiple other small changes and cleanups
   - rename it in debian packaging from d/resolvconf to d/resolvconf-forwards
     to make it's purpose more explicit
  * use dns root.key stored in /usr/share/dns/ (as provided by dns-root-data
    package) instead of the unbound-owned /var/lib/unbound/root.key (which is
    managed by an untrusted user). This changes defaults for unbound-host and
    unbound-anchor.  Add Recommends: dns-root-data for unbound-host so it can
    find this root.key in the default install. Closes: #641704

 -- Michael Tokarev   Fri, 29 Apr 2022 16:53:50 +0300

unbound (1.15.0-6) unstable; urgency=medium

  * actually install the forgotten remote-control.conf.

 -- Michael Tokarev   Thu, 28 Apr 2022 20:15:21 +0300

unbound (1.15.0-5) unstable; urgency=medium

  * use unix-domain socket /run/unbound.ctl for the control interface
    instead of tcp localhost socket. This makes the keys/certs files
    for the remote contol to be unnecessary, so stop running
    unbound-control-setup in postinst too.
    (Closes: #1010271)
  * move remote-control section out of main unbound.conf file into
    unbound.conf.d/remote-control.conf. Main file now becomes the
    same as before version 1.15. There was no need to mess with the
    main config file since the NEWS file already gives the user
    enough information.
  * do-not-chown-control-socket.patch: stop chowning control socket
    to the unprivileged user, only group ownership is needed.
  * do-not-look-at-pidfile.patch: stop messing up with the pidfile.
    Unbound does not need to look at its pid file for the previous
    instance, since it will not be able to open listening sockets
    if the daemon is already running.  Remove whole reading of the
    pid file, and especially remove setting ownership of the pid file
    to the unprivileged user (done in order to be able to clean it up),
    since this is a potential security issue.
  * unbound.postrm: stop removing the unbound system user
  * fix wording and reformat the previous unbound.NEWS entry, and merge
    old NEWS file into unbound.NEWS, since all news in there are actually
    about the unbound package, not about all other binary packages we build.
  * a few more tweaks for d/unbound-helper, in do_resolvconf_{start|stop}.
    Thank you Simon Deziel for the ideas.

 -- Michael Tokarev   Thu, 28 Apr 2022 19:15:23 +0300

unbound (1.15.0-4) unstable; urgency=medium

  * d/unbound.conf: move and fix the remote-control section
    Move the remote-control section above the include directive so it is
    possible to override it there, and fix comment.  Do this remote-control
    section in unbound.conf directly (instead of in new unbound.conf.d/
    fragment), so it is more obvious that the default were flipped and
    the default value is changed.

 -- Michael Tokarev   Wed, 20 Apr 2022 10:52:26 +0300

unbound (1.15.0-3) unstable; urgency=medium

  * modify the default unbound.conf to include control-enale: yes so
    the remote control is enabled by default even if the default value
    is not flipped by a patch (upstream sets it to "no")
  * d/control: use the right spelling for Recommends:

 -- Michael Tokarev   Wed, 20 Apr 2022 00:37:17 +0300

unbound (1.15.0-2) experimental; urgency=medium

  [ Michael Stella ]
  * Add clarifying description to resolvconf hook

  [ Simon Deziel ]
  * debian/unbound.init: ask start-stop-daemon to remove the PID file
    when stopping the daemon. Closes: #947771

  [ Michael Tokarev ]
  * d/changelog: mention #1000201 closed by 1.15.0-1
  * d/changelog: mention install-pkgconfig-in-lib-not-all.patch in 1.15.0-1
  * stop resetting permissions of unbound resovconf hook from ancient
    pre-jessie (<<1.5.8-1) version
  * stop removing ancient pre-jessie (<<1.5.7-2) /etc/default/unbound conffile
  * add DEP12 d/upstream/metadata
  * d/rules: stop adding --as-needed linker flag (it is the default now)
  * stop flipping default value for remote-control: control-enable to "yes"
    (see the NEWS file) (Closes: #991017)
  * enable TCP Fast-Open (TFO) for both client and server (Closes: #903390)
    This can be configured in /proc/sys/net/ipv4/tcp_fastopen (bitmask):
    0x01 is client-side (enabled by default), 0x02 is server-side (disabled).
    To enable tfo for both client and server, enable both bits.
  * enable DNS over HTTP (DoH) for the server. This adds libnghttp2-dev
    to Build-Depends (Closes: #973793)
  * add source lintian-override to shut up a false positive (windows binary)
  * d/unbound-helper: rename from package-helper and move it from subdir in
    /usr/lib/unbound/ to /usr/libexec/unbound-helper.
  * d/unbound-helper: rework updating of the unbound copy of the root.key file:
    copy it to /var/lib/unbound/root.key.tmp first and rename to ..../root.key
    only when done.  Also do not do it as root in an untrusted directory.
    (Closes: #989959)
  * d/unbound-helper: do not perform chroot setup operations if chroot is
    not configured in the config file
  * d/unbound-helper: perform /run/systemd/notify bind-mount for any chroot
    if configured, not only for non-standard chroot which needs a copy of
    all config files.  Closes: #931583, Actually closes: #828699.
  * d/unbound-helper: other cleanups
  * d/unbound.init: set PATH={,/usr}/{,s}bin.  Closes: #900751
  * d/unbound.init: stop hiding update_trust_anchor messages and use "unbound"
    tag for logging them
  * d/control: since unbound does not use unbound-anchor directly anymore,
    drop the Depends
  * d/control: move openssl from Depends to Recommends. It is used only to
    generate remove-control keys for unbound-control, once, usually at the
    install time (in postinst) and never used after install. Also check if
    openssl is installed and print a friendly error message in
    unbound-control-setup if it is not. This is done in a new patch,
    unbound-control-setup-check-openssl.patch
  * d/control: move dns-root-data from Depends to Recommends. It is only
    used for root.key currently (in unbound-helper) and even there, once
    it is initially copied to unbound library directory, this file will
    be managed by unbound itself using RFC 5011 trust anchor tracking.
    So this package can be removed if necessary, without harming unbound.

 -- Michael Tokarev   Tue, 19 Apr 2022 20:39:12 +0300

unbound (1.15.0-1) experimental; urgency=medium

  * Acknowledge the NMU
  * New upstream release (1.15.0)
    Closes: #997694, #1001430, #1008918, #1000201
  * remove python3.10-related patches (included upstream)
  * add myself to Uploaders
  * redo the whole packag build procedure
   - switch to dh sequence
   - switch to debhelper-compat=13
   - switch to dh-sequence-python3
   - move configure/build/install parts out of binary target
     into the right places
   - move different builds into subdirs of b/ to stop building
     them one by one replacing results
   - perform 2 builds, one main (daemon & tools) and one libunbound
     --with-nettle (daemon can't be built with nettle);
     when installing, install libunbound build on top of the main
     install in d/tmp, replacing only the library
   - use pkg.unbound.libonly build profile in d/rules
   - use normal d/*.install way to install files instead of a lot
     of custom renaming in d/rules (Closes: #632096)
   - enable dh_missing (automatic with dh=13), with actual filelist
     and two *.la files in d/not-installed
   - include only required dpkg *.mk files (else it is slow)
  * install all *.3 manpages (for individual functions too)
  * install unbound-control-setup.8
  * enable-python-build-in-subdir.patch: fix 2 probs with python
    module building in a subdir (needs to go upstream)
  * add install-pkgconfig-in-lib-not-all.patch to fix another small
    install prob in Makefile.in (pkgconfig is installed in wrong place)
  * d/onttrol: bump Standards-Version to 4.6.0 (no changes needed)
  * d/control: add Pre-Depends: ${misc:Pre-Depends} to unbound package
    to satisfy current dh_installsystemd & dh_installinit maintscript
    fragments
  * d/control: Rules-Requires-Root: no
  * d/unbound.init: add short description to the init file
  * added simple d/salsa-ci.yml file

 -- Michael Tokarev   Mon, 18 Apr 2022 00:56:10 +0300

unbound (1.13.1-1.1) unstable; urgency=medium

  * Non-maintainer upload

  [ Rico Tzschichholz ]
  * Cherry-pick upstream commits for Python 3.10 compatibility (Closes:
    #1008641)

 -- Sebastian Ramacher   Wed, 06 Apr 2022 21:37:02 +0200

xen 4.16.0-1~ubuntu2 -> 4.16.1-1

* Last Uploader: Christian Ehrhardt 

Debian changes newer than ubuntu version:

xen (4.16.1-1) unstable; urgency=medium

  * Update to new upstream version 4.16.1, which also contains security fixes
    for the following issues:
    - Racy interactions between dirty vram tracking and paging log dirty
      hypercalls
      XSA-397 CVE-2022-26356
    - Multiple speculative security issues
      XSA-398 (no CVE yet)
    - race in VT-d domain ID cleanup
      XSA-399 CVE-2022-26357
    - IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues
      XSA-400 CVE-2022-26358 CVE-2022-26359 CVE-2022-26360 CVE-2022-26361
  * Note that the following XSA are not listed, because...
    - XSA-396 has patches for the Linux kernel.
  * Don't ship NEWS in libxen* packages. Instead, only ship relevant NEWS
    items for actual hypervisor and/or utils packages they belong to.
    (Closes: #962267)
  * d/control: make xen-hypervisor-common arch specific, just like
    xen-utils-common.
  * d/control: stop recommending qemu-system-x86 on arm, because qemu is not
    being built with xen support on arm...
  * Add a patch for tools/libs/light/Makefile which prevents build.o and
    build.opic to be rebuilt unneededly during the package install phase,
    causing a FTBFS because it triggers the use of ccache, which is not
    allowed in the install phase of building the Debian packages.

  Improvements related to Qemu integration:  [Michael Tokarev]
  * d/xen-utils-common.xen.init: properly disable qemu monitor/serial/parallel
    devices for qemu started at boot.
  * debian: switch from recommending qemu-system-x86 to qemu-system-xen and
    mention this change in the NEWS file.
  * Add patch "give meaningful error message if qemu device model is
    unavailable" to give a useful error message only in case the domU needs
    the qemu device model which is not installed, instead of giving a warning
    about missing qemu even if it is not used by this domain.

  Documentation, grammar and spelling fixes and improvements:
  * d/control: drop obsolete paragraph about separate xen linux kernel package
  * d/control: Harmonize the capitalization of the 'Xen' word  [Diederik de Haas]
  * d/control: Improve spelling and grammar  [Diederik de Haas]`

 -- Hans van Kranenburg   Mon, 09 May 2022 22:29:23 +0200

xen (4.16.0+51-g0941d6cb-1) unstable; urgency=medium

  * Update to new upstream version 4.16.0+51-g0941d6cb, which also contains
    security fixes for the following issues:
    - arm: guest_physmap_remove_page not removing the p2m mappings
      XSA-393 CVE-2022-23033
    - A PV guest could DoS Xen while unmapping a grant
      XSA-394 CVE-2022-23034
    - Insufficient cleanup of passed-through device IRQs
      XSA-395 CVE-2022-23035
  * Note that the following XSA are not listed, because...
    - XSA-391 and XSA-392 have patches for the Linux kernel.
  * Upload to unstable now, which obsoletes the Xen 4.14 FTBFS issue.
    (Closes: #1002658)

 -- Hans van Kranenburg   Sat, 19 Feb 2022 20:29:32 +0100