Delta generated at: 2019-06-26 11:37 UTC

alembic 1.0.0-2ubuntu2 -> 1.0.0-3

* Last Uploader: James Page

Debian changes newer than ubuntu version:

alembic (1.0.0-3) unstable; urgency=medium

  * Require newer dh-python which cleans .pytest_cache directory
  * Revert removing of pytest_cache manually
  * Rename d/tests/control.autodep8 to d/tests/control.
  * Standards-Version is 4.3.0 now (no changes needed)

 -- Ondřej Nový   Tue, 22 Jan 2019 17:31:51 +0100

bind9 1:9.11.5.P4+dfsg-5ubuntu1 -> 1:9.11.5.P4+dfsg-5.1

* Last Uploader: Rafael David Tinoco (sponsored by Andreas Hasenack)

Debian changes newer than ubuntu version:

bind9 (1:9.11.5.P4+dfsg-5.1) unstable; urgency=high

  * Non-maintainer upload.
  * move item_out test inside lock in dns_dispatch_getnext() (CVE-2019-6471)
    (Closes: #930746)

 -- Salvatore Bonaccorso   Fri, 21 Jun 2019 11:24:31 +0200

byobu 5.129-0ubuntu1 -> 5.129-1

* Last Uploader: Dustin Kirkland 

Debian changes newer than ubuntu version:

byobu (5.129-1) unstable; urgency=medium

  * debian/control:
    - recommend less package, for BYOBU_PAGER

 -- Dustin Kirkland   Tue, 11 Jun 2019 19:56:15 -0500

cmd2 0.7.9-0ubuntu1 -> 0.8.5-2

* Last Uploader: Corey Bryant

Debian changes newer than ubuntu version:

cmd2 (0.8.5-2) unstable; urgency=medium

  [ Ondřej Nový ]
  * Add python-enum32 to D + B-D (Closes: #902514)
  * Add python-contextlib2 to D + B-D (Closes: #902518)
  * Add python{,3}-wcwidth to D + B-D
  * Enable autopkgtest-pkg-python testsuite
  * d/control: Remove ancient X-Python-Version field

  [ Federico Ceratto ]
  * Bump up Standards-Version

 -- Federico Ceratto   Thu, 12 Jul 2018 18:19:48 +0100

cmd2 (0.8.5-1) unstable; urgency=medium

  * New upstream release.

 -- Federico Ceratto   Mon, 14 May 2018 18:23:06 +0100

cmd2 (0.8.0-1) unstable; urgency=medium

  * New upstream release.
  * Patch out GTK import (Closes: #884875) Thanks to Corey Bryant

 -- Federico Ceratto   Sat, 24 Feb 2018 15:23:23 +0000

defusedxml 0.5.0-1ubuntu1 -> 0.5.0-2

* Last Uploader: James Page

Debian changes newer than ubuntu version:

defusedxml (0.5.0-2) unstable; urgency=medium

  [ Ondřej Nový ]
  * d/control: Set Vcs-* to salsa.debian.org
  * d/copyright: Use https protocol in Format field
  * d/changelog: Remove trailing whitespaces
  * d/control: Remove ancient X-Python-Version field
  * d/control: Remove ancient X-Python3-Version field
  * Convert git repository from git-dpm to gbp layout

  [ Jelmer Vernooij ]
  * Bump debhelper from old 9 to 10.
  * Re-export upstream signing key without extra signatures.
  * Add a basic debian/upstream/metadata.

 -- Jelmer Vernooij   Tue, 13 Feb 2018 10:18:18 +0100

ebtables 2.0.10.4+snapshot20181205-1ubuntu1 -> 2.0.10.4+snapshot20181205-3

* Last Uploader: Karl Stenerud (sponsored by Christian Ehrhardt )

Debian changes newer than ubuntu version:

ebtables (2.0.10.4+snapshot20181205-3) unstable; urgency=medium

  [ Arturo Borrero Gonzalez ]
  * [9b474c7] src:ebtables: add salsa CI integration

  [ Alberto Molina Coballes ]
  * [5dbd22d] Remove /sbin symlinks on not usr-merged systems (Closes: #926728)

 -- Alberto Molina Coballes   Mon, 15 Apr 2019 18:23:43 +0000

ebtables (2.0.10.4+snapshot20181205-2) unstable; urgency=medium

  [ Alberto Molina Coballes ]
  * [d0a79d0] d/rules: include build architecture compiler (Closes: #848948)
  * [322fbda] Revert "d/rules: include build architecture compiler"
  * [25138b7] d/ebtables.prerm: iptables verification deleted (Closes: #919583)
  * [22208c6] d/control: Mark ebtables as 'Multi-Arch: foreign'
    (Closes: #918787)
  * [b739b36] d/ebtables-{save,restore}.8 renamed

  [ Arturo Borrero Gonzalez ]
  * [a9cfc27] d/rules: make build verbose
  * [5e3d23f] d/stamp-autotools-files: delete file

  [ Alberto Molina Coballes ]
  * [7a58bd0] ebtables: System V init script removed (Closes: #918678)
  * [9d015e9] ebtables: remove, disable and purge systemvinit script and
    systemd service
  * [1292475] d/README.Debian: add explanation about nftables migration
  * [de05c5e] d/patches: minor update
  * [b4d4f1e] d/control: bump std-version to 4.3.0

 -- Alberto Molina Coballes   Sat, 02 Feb 2019 19:31:28 +0000

exim4 4.92-7ubuntu1 -> 4.92-8

* Last Uploader: Bryce Harrington

Debian changes newer than ubuntu version:

exim4 (4.92-8) unstable; urgency=low

  * Pulled from exim-4.92+fixes branch:
    + 75_11-GnuTLS-fix-tls_out_ocsp-under-hosts_request_ocsp.patch
      Fix expansion of $tls_out_ocsp under hosts_request_ocsp.
    + 75_12-GnuTLS-fix-the-advertising-of-acceptable-certs-by-th.patch
      When tls_verify_certificates was set to a directory instead of a file
      exim/GnuTLS would still send out the list of accepted certificates,
      This did not match documented behavior.
    + 75_13-Use-dsn_from-for-success-DSN-messages.-Bug-2404.patch
      The dsn_from option was not used for DSN success messages.
  * Pulled from upstream GIT master:
    + 75_14-Fix-smtp-response-timeout.patch
      Fix the timeout on smtp response to apply to the whole response instead
      of resetting for every byte received.
    + 75_15-Fix-detection-of-32b-platform-at-build-time.-Bug-240.patch
      https://bugs.exim.org/show_bug.cgi?id=2405
      ${eval } was broken on 32bit archs.

 -- Andreas Metzler   Sat, 08 Jun 2019 17:37:43 +0200

fetchmail 6.3.26-3ubuntu1 -> 6.4.0~beta4-3

* Last Uploader: Karl Stenerud (sponsored by Andreas Hasenack)

Debian changes newer than ubuntu version:

fetchmail (6.4.0~beta4-3) unstable; urgency=medium

  * Backport fix potential SIGSEGV in pop3_delete (closes: #921450).
  * Backport native name verification for OpenSSL.

 -- Laszlo Boszormenyi (GCS)   Wed, 06 Feb 2019 16:33:00 +0000

fetchmail (6.4.0~beta4-2) unstable; urgency=medium

  * Upload to Sid.
  * Update Standards-Version to 4.3.0 .

 -- Laszlo Boszormenyi (GCS)   Sun, 03 Feb 2019 15:45:40 +0000

fetchmail (6.4.0~beta4-1) experimental; urgency=medium

  * New major upstream beta release:
    - improved TLS support (closes: #768843).
  * Update watch file.
  * Disable Vcs-* fields for now.
  * Update debhelper level to 11:
    - remove dh-autoreconf build dependency,
    - remove autotools-dev build dependency,
    - don't specify parallel to debhelper,
    - specify restart-after-upgrade to dh_installinit .
  * Update Standards-Version to 4.1.4 .

  [ Russell Coker  ]
  * Run restorecon after creating directory from init script (closes: #752598).

  [ Nicolas Boulenguez  ]
  * Packaging updates (closes: #895366):
    - rename d/init to d/fetchmail.init, as recommended by policy,
    - give standard formatting to header of 01_fetchmailconf.patch ,
    - remove obsolete debian/pycompat ,
    - fix typo in manpage,
    - delegate installation of ppp and logcheck scripts to debhelper,
    - delegate manpages from dh_install to more specialized
      dh_installmanpages ,
    - install contrib files and resolvconf directly without intermediate copy
      in debian/tmp ,
    - switch copyright to format 1.0 and add some missing licenses.
    - delegate buggy installation of README.contrib to debhelper,
    - per policy 4.0.0, use invoke-rc.d instead of calling /etc/init.d/*
      directly,
    - rules: drop paragraphe preparing unused variable CONFFLAGS ,
    - rules: simplify some variable affectations,
    - delegate build flags stuff to dpkg-buildflags .

  [ Kevin Ryde  ]
  * Let fetchmail-mode run hook after other settings (closes: #710319).

 -- Laszlo Boszormenyi (GCS)   Sat, 23 Jun 2018 15:52:22 +0000

freeradius 3.0.17+dfsg-1ubuntu2.1 -> 3.0.17+dfsg-1.1

* Last Uploader: Leonidas S. Barbosa

Debian changes newer than ubuntu version:

freeradius (3.0.17+dfsg-1.1) unstable; urgency=high

  * Non-maintainer upload.
  * Cherry-Pick upstream commits to fix CVE-2019-11234 / CVE-2019-11235 /
    VU#871675 (Invalid Curve Attack and Reflection Attack on EAP-PWD, leading
    to authentication bypass) (Closes: #926958)

 -- Bernhard Schmidt   Mon, 22 Apr 2019 23:23:36 +0200

ghostscript 9.26~dfsg+0-0ubuntu8 -> 9.27~dfsg-2

* Last Uploader: Marc Deslauriers

Debian changes newer than ubuntu version:

ghostscript (9.27~dfsg-2) unstable; urgency=medium

  * Add patch cherry-picked upstream
    to fix regression resolving bounding box of font glyphs.
    Closes: Bug#927429. Thanks to Kenshi Muto.

 -- Jonas Smedegaard   Sat, 20 Apr 2019 10:16:50 +0200

ghostscript (9.27~dfsg-1) unstable; urgency=high

  [ upstream ]
  * New release.
    Closes: Bug#925256, 925257 (CVE-2019-3835, CVE-2019-3838).
    Thanks to Salvatore Bonaccorso.
  * Set urgency=high, due to CVE fix.

  [ Jonas Smedegaard ]
  * Drop patches cherry-picked upstream now applied.
  * Unfuzz patches.
  * Build-depend versioned on libjbig2dec0-dev
    (not unversioned on libjbig2dec-dev).
  * Use dpkg-provided snippet
    (not additional explicit dpkg-parsechangelog call)
    to resolve when build is targeted experimental suite.
  * Revert to again split ABI at ~ (not a)."
  * Update copyright info: Extend coverage for main upstream author.
  * Update testsuite to catch new error message.
  * Update symbols:
    + 18 private symbols dropped.
    + 51 private symbols dropped.

 -- Jonas Smedegaard   Thu, 04 Apr 2019 20:17:20 +0200

ghostscript (9.26a~dfsg-2) unstable; urgency=medium

  * Update symbols: 1 private added.
  * Add test to check that upstream bug 700317 is fixed,
    and a smoketest to check commanline options.
    Enable bugchecking and smoketest during build,
    and smoketest as autopkgtest.

 -- Jonas Smedegaard   Wed, 23 Jan 2019 20:26:09 +0100

ghostscript (9.26a~dfsg-1) unstable; urgency=high

  [ upstream ]
  * New security release.
    (CVE-2019-6116).
  * Set urgency=high, due to CVE fix.

  [ Jonas Smedegaard ]
  * Consult DEB_BUILD_OPTIONS (not bogusly DEB_BUILD_PROFILES)
    to decide if build is a profile.
  * Declare compliance with Debian Policy 4.3.0.
  * New upstream version 9.26a~dfsg
  * Update copyright info: Extend coverage of packaging.

 -- Jonas Smedegaard   Wed, 23 Jan 2019 12:47:56 +0100

golang n/a -> 2:1.6.1-2

Unknown (Probably auto sync.)

Debian changes newer than ubuntu version:


google-perftools 2.5-2.2ubuntu3 -> 2.7-1

* Last Uploader: Matthias Klose

Debian changes newer than ubuntu version:

google-perftools (2.7-1) unstable; urgency=medium

  * New upstream release.
  * Fix libprofiler build on ppc64el (closes: #894749).
  * Remove 0001-unbreak-printing-large-span-stats.patch as not needed.
  * Use short debhelper rules format.
  * Make package multiarch (closes: #893928).
  * Reference google-pprof in README (closes: #739572).
  * Update debhelper level to 11:
    - remove dh-autoreconf build dependency.
  * Update Standards-Version to 4.1.4 .
  * New maintainer (closes: #863782).

 -- Laszlo Boszormenyi (GCS)   Mon, 30 Apr 2018 06:52:01 +0000

google-perftools (2.6.90-0.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Upload to unstable.
  * Cherry-pick patches from upstream to fix tests on i386.

 -- YunQiang Su   Sun, 25 Mar 2018 19:20:03 +0800

google-perftools (2.6.90-0.1~exp) experimental; urgency=medium

  * Non-maintainer upload.
  * Migrate to salsa.debian.org, and convert to git.
  * New upstream release, and use arch list to 'any' for test on experimental
    (Closes: #872511, #837343, #856203, #857275, #761685)
  * Migrate to 3.0 (quilt) format. (Closes: #872512)
  * Build-Dep on libunwind-dev instead of libunwind8-dev. (Closes: #872593)
  * Drop build-dep on binutils. (Closes: #873141)
  * Use standard version 4.1.3.
  * Use multiarch dir as libdir.
  * cdbs: dh-autoreconf.

 -- YunQiang Su   Wed, 21 Mar 2018 13:06:54 +0800

ipxe 1.0.0+git-20190109.133f4c4-0ubuntu2 -> 1.0.0+git-20190125.36a4c85-1

* Last Uploader: Christian Ehrhardt 

Debian changes newer than ubuntu version:

ipxe (1.0.0+git-20190125.36a4c85-1) unstable; urgency=medium

  * New snapshot. (closes: #832765, #906365)
  * Add e1000e and vmxnet3 firmware for qemu. (closes: #884240, #868124)

 -- Bastian Blank   Sat, 09 Feb 2019 17:41:37 +0100

kerneloops 0.12+git20140509-6ubuntu2 -> 0.12+git20181124-7

* Last Uploader: Jeremy Bicha

Debian changes newer than ubuntu version:

kerneloops (0.12+git20181124-7) unstable; urgency=medium

  [ Stefan Bader ]
  * Change location of logfile.
    Changes the hard coded logfile into /var/log/kern.log

  [ Balint Reczey ]
  * Make kerneloops only suggest kerneloops-applet.
    The applet is not needed on servers and in Ubuntu Apport
    asks the user for permission to send the oops report.
  * Drop not working ExecStartPre option from kerneloops.service
    (Closes: #921210)
  * Add Salsa CI configuration
  * Migrate packaging to Salsa
  * New upstream snapshot 0.12+git20181124 (Closes: #875560)
  * Drop patches merged upstream
  * debian/control: Use my Ubuntu email address for Maintainer:
  * Bump debhelper version by build-depending on debhelper-compat (= 12)
  * Drop dh's --with systemd
  * Add Pre-Depends: ${misc:Pre-Depends} to kerneloops

 -- Balint Reczey   Sun, 16 Jun 2019 21:59:41 +0200

ldns 1.7.0-3ubuntu8 -> 1.7.0-4

* Last Uploader: Matthias Klose

Debian changes newer than ubuntu version:

ldns (1.7.0-4) unstable; urgency=medium

  * Fix invalid maintainer (Closes: #899938)
  * Add two upstream patches to address security issues:
   + CVE-2017-1000231: Memory corruption in ldns_rr_new_frm_fp_l
     (Closes: #882015)
   + CVE-2017-1000232: Memory corruption in ldns_str2rdf_long_str
     (Closes: #882014)
  * Bump debhelper compat to v12
  * Update the Vcs-* links to salsa.d.o
  * Bump the policy to the latest version (no change)
  * Add upstream Homepage link to d/control
  * Disable GOST and enable Ed25519 algorithm (see draft-wouters-sury-dnsop-algorithm-update)

 -- Ondřej Surý   Sun, 10 Mar 2019 21:56:02 +0000

ldns (1.7.0-3.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Don't build-depend on python3-all-dev, the build rules don't handle
    multiple versions of python3 correctly.  Closes: #904038
    Thanks to Steve Langasek  for the patch.
  * Enable parallel building.

 -- Mattia Rizzolo   Thu, 27 Sep 2018 10:36:04 +0200

libpam-radius-auth 1.3.17-0ubuntu5 -> 1.4.0-2

* Last Uploader: Nish Aravamudan

Debian changes newer than ubuntu version:

libpam-radius-auth (1.4.0-2) unstable; urgency=medium

  * QA upload.
  * Fix a regression that made libpam-radius-auth/1.4.0-1 use
    a different configuration file than intended.  This version
    restores /etc/pam_radius_auth.conf as the configuration
    file for Debian package of libpam-radius-auth.
    (Closes: #908006)
  * Use the new "debhelper-compat (= 11)" method for specifying
    debhelper compat version.

 -- Niels Thykier   Wed, 05 Sep 2018 19:44:07 +0000

libpam-radius-auth (1.4.0-1) unstable; urgency=low

  * QA upload.
  * New upstream release.  (Closes: #854284)
  * Drop patch that was applied upstream or no longer relevant.
  * Set Rules-Requires-Root to "no".
  * Bump Priority to "optional" since "extra" has been
    removed.
  * Rewrite rules file to the dh7-style.
  * Add ${misc:Depends} to the Depends field.
  * Add Homepage field.
  * Correct section to admin.
  * Change to source format 3.0 (quilt).
  * Bump debhelper compat to 11.
  * Enable bindnow hardening.
  * Update debian/copyright.
  * Bump Standards-Versions to 4.2.0 - no additional changes
    required.

 -- Niels Thykier   Sun, 19 Aug 2018 12:16:13 +0000

lxc 3.0.3-0ubuntu1 -> 1:3.1.0+really3.0.3-8

* Last Uploader: Stéphane Graber

Debian changes newer than ubuntu version:

lxc (1:3.1.0+really3.0.3-8) unstable; urgency=medium

  * d/control:
    - bin:lxc sets AppArmor as a Recommend instead of a Dependency
  * d/README.Debian:
    - Update the documentation to explain how to manage containers not
      starting if AppArmor is missing.

 -- Pierre-Elliott Bécue   Sun, 14 Apr 2019 15:46:47 +0200

lxc (1:3.1.0+really3.0.3-7) unstable; urgency=medium

  * d/ccontrol:
    - Add a dependency to AppArmor for lxc package as the default.conf file
      includes an AppArmor profile.
  * d/{NEWS,README.Debian}:
    - Add appropriate documentation for unprivileged containers
      (Closes: #925899)

 -- Pierre-Elliott Bécue   Tue, 09 Apr 2019 02:03:05 +0200

lxc (1:3.1.0+really3.0.3-6) unstable; urgency=medium

  * d/patches/0005: Tweaks the 0004 patch for CVE-2019-5736 (Closes: #923932)
  * d/NEWS: summary of the important changes since LXC2.

 -- Pierre-Elliott Bécue   Sat, 09 Mar 2019 15:49:21 +0100

lxc (1:3.1.0+really3.0.3-5) unstable; urgency=medium

  [ Christian Kastner ]
  * /etc/default/lxc.conf Change back to lxc.net.0.type
    (Closes: #923395)

  [ Frans Spiesschaert ]
  * debian/po/nl.po: Add Dutch translation of debconf messages
    (Closes: #923328)

 -- Antonio Terceiro   Sat, 02 Mar 2019 12:33:08 -0300

lxc (1:3.1.0+really3.0.3-4) unstable; urgency=medium

  [ Lev Lamberov ]
  * d/po/ru.po: Add russian translation for debconf templates (Closes: #920916)

  [ Américo Monteiro ]
  * d/po/pt.po: Add portuguese translation for debconf templates (Closes:
    #919221)

  [ Adriano Rafael Gomes ]
  * d/po/pr_BR.po: Add brazilian portuguese translation for debconf templates
    (Closes: #920543)

  [ Pierre-Elliott Bécue ]
  * d/patches/0004: Import the fix for CVE-2019-5736. (Closes: #922169)

 -- Pierre-Elliott Bécue   Sat, 16 Feb 2019 16:21:41 +0100

lxc (1:3.1.0+really3.0.3-3) unstable; urgency=medium

  * d/lxc.postinst:
    - Add a fallback method to handle the cases where apparmor_parser may
      fail while present. (nested virt or whatever else) (Closes: #921667)
  * d/patches:
    - Backports 3 patches from lxc 3.1 to have Apparmor confinement working
      properly with systemd 240. (Closes: #916639)
  * d/tests/exercise:
    - Update the configuration to match lxc 3 standards
  * d/contrib/default.conf:
    - Provide a minimalist default.conf including appropriate apparmor
      parameters.

 -- Pierre-Elliott Bécue   Mon, 11 Feb 2019 23:03:53 +0100

lxc (1:3.1.0+really3.0.3-2) unstable; urgency=medium

  [ Chris Leick ]
  * d/po/de.po:
    - Added German Debconf translation (Closes: #916263)

  [ Pierre-Elliott Bécue ]
  * d/lxc.postinst:
    - Add a call to apparmor_parser if present to ensure lxc containers work
      with apparmor after an upgrade. (Closes: #918842)
    - Add a check to make sure we're on a proper upgrade or a proper install
      to decide whether or not some code blocks are executed.
  * d/lxc.config:
    - Asks for the upgrade of configuration only when lxc is actually upgraded
      and not installed.

 -- Pierre-Elliott Bécue   Fri, 11 Jan 2019 01:12:41 +0100

lxc (1:3.1.0+really3.0.3-1) unstable; urgency=medium

  * Rollback to version 3.0.3 as this is a LTS release.
  * Revert symbols file.
  * d/control:
    - Bump Standards-Version to 4.3.0

 -- Pierre-Elliott Bécue   Thu, 10 Jan 2019 23:26:47 +0100

lxc (1:3.1.0-1) unstable; urgency=medium

  [ Pierre-Elliott Bécue ]
  * New upstream release 3.1.0

  [ Shengjing Zhu ]
  * d/liblxc1.symbols: Fix liblxc1 symbol version, missing the Debian epoch.
    Closes: #916362

 -- Pierre-Elliott Bécue   Sat, 22 Dec 2018 22:56:16 +0100

lxc (1:3.0.3-1) unstable; urgency=medium

  * New upstream version: 3.0.3
  * d/liblxc1.symbols: Updated symbols table
  * d/lxc.postinst: no absolute path for lxc-update-config (it's in the PATH)
  * d/copyright: remove statement for src/includes/ifaddrs.{c, h} as they're
    not shipped anymore
  * Release to unstable.

 -- Pierre-Elliott Bécue   Tue, 04 Dec 2018 08:04:18 +0100

lxc (1:3.0.2-1~exp+4) experimental; urgency=medium

  * d/rules: strip unnecessary DPKG_EXPORT_BUILDFLAGS and include that are not
    needed since dh compat 9
  * d/templates, d/po/*: updated templates and translation
  * d/lxc.config: refactor the config script a little

 -- Pierre-Elliott Bécue   Thu, 29 Nov 2018 22:24:03 +0100

lxc (1:3.0.2-1~exp+3) experimental; urgency=medium

  * d/control:
    - Update Recommends to suggest more recent tools.
      Replaces iptables => nftables | iptables
      Add iproute2 for more precise bridge manipulation
  * d/lxc{.config,.postinst}, d/templates, d/po/*
    - Implement a maintainer script allowing an auto-upgrade of lxc
      configuration files

 -- Pierre-Elliott Bécue   Thu, 29 Nov 2018 01:07:02 +0100

lxc (1:3.0.2-1~exp+2) experimental; urgency=medium

  * d/control:
    - Add explicit Recommend on lxc-templates
    - Version the Recommends
    - Update the Breaks on liblxc1
    - Add myself to uploaders

 -- Pierre-Elliott Bécue   Sun, 18 Nov 2018 23:57:26 +0100

lxc (1:3.0.2-1~exp+1) experimental; urgency=medium

  * Team upload
  * New upstream release: 3.0.2
  * d/p/000[1-3]*:
    - Dropped because Debian template got out of lxc release
  * d/p/000[4-7]*:
    - Upstream fixes taken into account into this release
  * d/control:
    - Drop packages lua-lxc and python3-lxc, as they got extracted from there
      by upstream
    - Raise debhelper dependency to 11
    - Bump Standards-Version to 4.2.1. No change required
    - Update VCS fields
    - Add libpam-cgfs that was previously in src:lxcfs
  * d/compat raised to 11
  * d/copyright:
    - Use HTTPS url for the copyright format link
    - Updated copyrights
  * d/watch:
    - Updated version and regex
  * d/libpam-cgfs* d/pam-cgfs.config added with pam-cgfs inclusion in the
    package
  * d/liblxc1.symbols added

 -- Pierre-Elliott Bécue   Sat, 17 Nov 2018 09:23:20 +0100

lxc (1:2.0.9-7) unstable; urgency=medium

  * debian/rules: pass --disable-werror to ./configure. Fixes FTBFS against
    python3 3.7

 -- Antonio Terceiro   Tue, 27 Nov 2018 14:53:56 -0200

lxc (1:2.0.9-6.2) unstable; urgency=medium

  * Non-maintainer upload.
  * autodev: adapt to changes in Linux 4.18 (Closes: #908223)

 -- Salvatore Bonaccorso   Mon, 22 Oct 2018 23:18:55 +0200

lxc (1:2.0.9-6.1) unstable; urgency=medium

  * Non-maintainer upload.
  * utils: add LXC_PROC_PID_FD_LEN
  * CVE 2018-6556: verify netns fd in lxc-user-nic (Closes: #905586)

 -- Salvatore Bonaccorso   Wed, 29 Aug 2018 15:22:46 +0200

lxc (1:2.0.9-6) unstable; urgency=medium

  * 0004-debian-Use-iproute2-instead-of-iproute.patch: fix creation of
    containers after the iproute binary has been removed.

 -- Antonio Terceiro   Sat, 27 Jan 2018 12:44:36 -0200

lxc (1:2.0.9-5) unstable; urgency=medium

  * Drop installation of disable-apparmor.conf. The issue that prevented lxc
    containers from starting with apparmor was fixed in apparmor 2.11.1-4.
  * debian/rules: drop --with autotools_dev in favor of debhelper built-in
    support for updating autotools files during build
  * Bump Standards-Version to 4.1.2; no changes needed
  * Drop debian/lxc-dev.lintian-overrides; false positive has been fixed in
    lintian.

 -- Antonio Terceiro   Tue, 19 Dec 2017 10:02:34 -0200

lxc (1:2.0.9-4) unstable; urgency=medium

  * Install disable-apparmor.conf disabling apparmor for all containers, until
    we can make it work. See #880502

 -- Antonio Terceiro   Thu, 02 Nov 2017 12:49:57 -0200

lxc (1:2.0.9-3) unstable; urgency=medium

  * 0002-lxc-debian-don-t-write-C.-locales-to-etc-locale.gen.patch: don't add
    C.UTF-8 to /etc/locale.gen (Closes: #879595)
  * 0003-lxc-debian-don-t-hardcode-valid-releases.patch: don't hardcode list
    of valid Debian releases

 -- Antonio Terceiro   Sat, 28 Oct 2017 09:12:47 -0200

lxc (1:2.0.9-2) unstable; urgency=medium

  * Add patch 0001-lxc-debian-allow-creating-testing-and-unstable.patch to
    allow creating `testing` and `unstable` containers.

 -- Antonio Terceiro   Thu, 26 Oct 2017 20:50:14 -0200

lxc (1:2.0.9-1) unstable; urgency=medium

  [ Evgeni Golov ]
  * New upstream version 2.0.9
  * track LTS release
  * drop use-lxc-stop-to-stop-systemd-service.patch, applied upstream
  * drop cgroups-workaround-gcc-7-bug.patch, applied upstream
  * drop the symbols file again

  [ Nicholas D Steeves ]
  * Update Suggests: btrfs-tools to btrfs-progs (Closes: #878908)

 -- Evgeni Golov   Sat, 21 Oct 2017 17:20:45 +0200

lxc (1:2.0.8-3) unstable; urgency=medium

  * Rebuild against python 3.6 (Closes: #878246)
  * Drop build-dependency on the deprecated dh-systemd package
  * Bump Standards-Version to 4.1.1; no changes needed
  * Add symbols file for liblxc1

 -- Antonio Terceiro   Wed, 11 Oct 2017 19:57:54 -0300

lxc (1:2.0.8-2) unstable; urgency=medium

  * Add cgroups-workaround-gcc-7-bug.patch from upstream to make lxc build
    against gcc 7 (Closes: #853531)

 -- Antonio Terceiro   Fri, 25 Aug 2017 18:20:29 -0300

lxc (1:2.0.8-1) unstable; urgency=medium

  [ Evgeni Golov ]
  * New upstream version 2.0.8
    + Make lxc-net return non-zero on failure (Closes: #854591)
  * drop old patches, all were cherry-picks from upstream
  * Use lxc-stop to stop systemd service (Closes: #863850)

  [ Baptiste Jonglez ]
  * Increase the maximum number of inotify listeners (Closes: #860974)

 -- Evgeni Golov   Sun, 18 Jun 2017 15:33:06 +0200

lxc (1:2.0.7-2) unstable; urgency=high

  * use bash-completion's pkg-config support and don't move files around
  * ignore lxc-test-cloneconfig if kernel has no overlay support
  * CVE-2017-5985: Ensure target netns is caller-owned (Closes: #857295)

 -- Evgeni Golov   Sat, 11 Mar 2017 09:47:20 +0100

lxc (1:2.0.7-1) unstable; urgency=medium

  * New upstream version 2.0.7
    + Closes: #847909, #847894, #847466

 -- Evgeni Golov   Mon, 23 Jan 2017 22:03:24 +0100

lxc (1:2.0.6-1) unstable; urgency=high

  * New upstream version 2.0.6
    + attach: do not send procfd to attached process
      Closes: #845465
      CVE-2016-8649
  * liblxc1: add depends on cgroupfs-mount | systemd (Closes: #844086)
  * drop patches applied/imported upstream
  * debian/tests: add iptables to tests depends

 -- Evgeni Golov   Thu, 24 Nov 2016 08:07:02 +0100

lxc (1:2.0.5-3) unstable; urgency=medium

  * add python3:Depends for lxc, so it gets a depends on python3
  * lxc-tests replace lxc-dev, not lxc
  * add a lintian override that the tests do not have a manpage
  * register lxc-dev docs with doc-base
  * add lintian override for ldconfig-trigger in lua-lxc
  * s/LUA/Lua/g in d/control

 -- Evgeni Golov   Sun, 06 Nov 2016 14:33:14 +0100

lxc (1:2.0.5-2) experimental; urgency=medium

  * split lua and python3 bindings in their own packages
  * split tests into their own package
  * only add bash completion links for commands we actually complete
  * backport two patches from Ubuntu
  * kill all the .la files, we do not need them
  * enable ALL the hardening flags
  * autopkgtest: only reboot if the memory cgroup is not activated yet
  * replace our lxc-dbg package by the autogenerated dbgsym one

 -- Evgeni Golov   Sun, 30 Oct 2016 17:59:32 +0100

lxc (1:2.0.5-1) unstable; urgency=medium

  * New upstream version 2.0.5
  * drop cgmanager support
    it's orphaned and upstream does recommend lxcfs instead
  * fix execution of tests on systems which do not have overlay.ko
  * add depends on lsb-base, thanks lintian

 -- Evgeni Golov   Sat, 08 Oct 2016 14:03:16 +0200

lxc (1:2.0.4-1) unstable; urgency=medium

  [ Antonio Terceiro ]
  * debian/rules: create symlinks for each lxc-* binary in
    /usr/share/bash-completion/completions/ so that bash completion actually
    works

  [ Evgeni Golov ]
  * Imported Upstream version 2.0.4
    + Uses SIGRTMIN+3 for systemd containers (Closes: #831691, #799541)
    + The debian template properly generates locaes (Closes: #806746)
  * drop 0020-fix-regression-when-creating-wheezy-containers.patch
  * rebase patches ontop of 2.0.4
  * add gnupg and dirmngr to recommends
  * improve autopkgtest execution, making most autopkgtest run properly

 -- Evgeni Golov   Thu, 25 Aug 2016 19:52:33 +0200

lxc (1:2.0.3-1) unstable; urgency=medium

  * Imported Upstream version 2.0.3
    - Fixes Inconsistent settings in lxc@.service (Closes: #826100)
  * drop patch hunks that were applied in 2.0.3
  * document how to change passwords in the container (Closes: #829239)

 -- Evgeni Golov   Sat, 16 Jul 2016 11:52:47 +0200

lxc (1:2.0.1-3) unstable; urgency=medium

  * 0020-lxc-debian-make-sure-init-is-installed.patch: update to fix
    regression when creating wheezy containers.

 -- Antonio Terceiro   Wed, 29 Jun 2016 15:10:57 -0300

lxc (1:2.0.1-2) unstable; urgency=medium

  * 0020-lxc-debian-make-sure-init-is-installed.patch: make sure init is
    included in Debian containers, since as of 1.34 it is not Essential
    anymore.

 -- Antonio Terceiro   Sat, 18 Jun 2016 09:16:43 -0300

lxc (1:2.0.1-1) unstable; urgency=medium

  * Imported Upstream version 2.0.1
  * drop patches applied upstream:
  * demote apparmor to suggests (Closes: #824120)

 -- Evgeni Golov   Sun, 22 May 2016 22:04:19 +0200

lxc (1:2.0.0-3) unstable; urgency=medium

  * drop lxcinitdir.patch
  * replace all patches by the versions accepted upstream
  * cherry-pick fix for creating unpriv container on non-systemd systems
  * add gbp.conf

 -- Evgeni Golov   Sun, 01 May 2016 13:00:16 +0200

lxc (1:2.0.0-2) unstable; urgency=medium

  [ Evgeni Golov ]
  * add lxcfs and libpam-cgfs to recommends
  * Standards-Version: 3.9.8

  [ Antonio Terceiro ]
  * Refresh patches
  * debian/patches/0018-lxc-create-fix-B-best-option.patch: Fix `-B best`
    option to lxc-create

 -- Antonio Terceiro   Mon, 11 Apr 2016 14:19:45 -0300

lxc (1:2.0.0-1) unstable; urgency=medium

  * Imported Upstream version 2.0.0
  * set Maintainer to pkg-lxc, Antonio and me as Uploaders
  * re-enable seccomp on almost all arches again

 -- Evgeni Golov   Wed, 06 Apr 2016 21:26:24 +0200

lxc (1:2.0.0~rc15-1) experimental; urgency=medium

  * Team upload.

  [ Evgeni Golov ]
  * Imported Upstream version 2.0.0~rc15
    + Updates supported Debian releases in template (Closes: #816710)
    + Does not enable non-free by default anymore (Closes: #793598)
    + Uses httpredir.debian.org (Closes: #805085)
  * add uidmap to Recommends (Closes: #817796)
  * Standards-Version: 3.9.7

  [ Reiner Herrmann ]
  * use the date from the latest changelog entry when building manpages
    (Closes: #807837)

 -- Evgeni Golov   Sun, 03 Apr 2016 16:09:25 +0200

lxc (1:2.0.0~rc13-1) experimental; urgency=medium

  * Team upload.

  [ Antonio Terceiro ]
  * debian/tests/control: require isolation-machine to run; the tests can't
    run under lxc themselves.
  * debian/control: add Vcs-* fields pointing fields to the new repository
    location on https://anonscm.debian.org/cgit/pkg-lxc/lxc.git

  [ Evgeni Golov ]
  * Add debian/NEWS entry about lxc.aa_allow_incomplete = 1
    Closes: #813954
  * Imported Upstream version 2.0.0~rc13
  * refresh patches for LXC 2.0.0
  * install hooks from /usr/lib too

 -- Evgeni Golov   Fri, 25 Mar 2016 16:44:25 +0100

lxc (1:1.1.5-1) unstable; urgency=medium

  [ Evgeni Golov ]
  * Imported Upstream version 1.1.5
  * drop patches either applied or obsoleted upstream
  * refresh patches
  * call dh_installinit for lxc-net
  * drop useless lintian override
  * add autopkgtests from Ubuntu
    - fix up some tests for Debian
  * add dnsmasq-base to test depends
  * debian/watch: updated to look for all LXC releases
  * use dh_apparmor
  * do not restart LXC on upgrades when using systemd
  * build-depend on gnutls-dev
  * update Depends/Recommends/Suggests based on the packaging in Ubuntu
  * properly pass the systemd unit dir to configure

  [ Antonio Terceiro ]
  * 0014-Fix-520-multiple-instances-of-agetty-on-systemd.patch: add
    upstream patch to avoid multiple instances of agetty on each console.

 -- Antonio Terceiro   Sun, 31 Jan 2016 18:22:40 -0200

lxc (1:1.0.8-1) unstable; urgency=medium

  * New upstream release
    - Includes fixes for CVE-2015-1335 (Closes: #800471)
    - Patches dropped for being already applied upstream:
      - CVE-2015-1331.patch
      - CVE-2015-1334.patch
      - lxc-clone-rsync-hardlinks.patch
      - lxc-clone-rsync-capabilities.patch
      - big-big-login-delays-in-CentOS-7-systemd.patch
      - lxc-debian-skip-security-updates-for-unstable-sid.patch
      - lxc-debian-support-stretch-Debian-9-images.patch
      - CVE-2015-1335.patch
    - Renumbered patches
    - Add cgmanager do Recommends:. Without it, lxc will always print a
      warning, which seems to be harmless but for example will break
      autopkgtest because of the unexpected output to stderr.
  * debian/watch: added
  * debian/upstream/signing-key.asc: added upstream signing key.

 -- Antonio Terceiro   Tue, 24 Nov 2015 19:10:28 -0200

lxc (1:1.0.7-12) unstable; urgency=high

  * Added 0025-CVE-2015-1335.patch from the final version of the fix for
    CVE_2015-1335 from the Ubuntu package (Closes: #800471)

 -- Antonio Terceiro   Fri, 13 Nov 2015 08:37:41 -0200

lxc (1:1.0.7-11) unstable; urgency=medium

  * New maintainer (myself)
    - Thanks Daniel Baumann for his previous efforts in maintaing lxc
  * Added patches (all already applied upstream):
    - 0019-big-big-login-delays-in-CentOS-7-systemd.patch
    - 0020-Centos7-systemd.patch
    - 0022-lxc-debian-skip-security-updates-for-unstable-sid.patch
    - 0023-lxc-debian-support-stretch-Debian-9-images.patch
    - 0024-lxc-debian-allow-not-including-contrib-non-free.patch

 -- Antonio Terceiro   Sun, 08 Nov 2015 10:52:37 -0200

lxc (1:1.0.7-10) unstable; urgency=low

  * Adding build-depends to dh-python.

 -- Daniel Baumann   Tue, 18 Aug 2015 14:12:31 +0200

lxc (1:1.0.7-9) unstable; urgency=low

  * Adjusting breaks (Closes: #795799).
  * Correcting email address in previous changelog entry.

 -- Daniel Baumann   Mon, 17 Aug 2015 06:42:20 +0200

lxc (1:1.0.7-8) unstable; urgency=low

  * Adding patch from upstream to preserve hardlinks in lxc-clone.
  * Adding patch from upstream to preserve capabilities in lxc-clone
    (Closes: #795422).

 -- Daniel Baumann   Sun, 16 Aug 2015 13:46:24 +0200

lxc (1:1.0.7-7) unstable; urgency=low

  * Moving shared library to dedicated package for future upload of lxd
    (#768073).
  * Re-adding lxc-dev which is now allowed again having the shared library
    split out (Closes: #774085, #793202).

 -- Daniel Baumann   Wed, 12 Aug 2015 18:03:23 +0200

lxc (1:1.0.7-6) unstable; urgency=low

  * Using misc:Pre-depends variable instead of hardcoding multiarch-
    support.
  * Moving bash-completion integration from /etc/bash-completion.d to
    /usr/share/bash-completion/completions.
  * Dropping obsolete syslog target from systemd service file.
  * Adding patch from upstream to fix errors in lxc-debian if dbus is not
    installed (Closes: #794207).
  * Updating lintian overrides.

 -- Daniel Baumann   Wed, 12 Aug 2015 17:25:44 +0200

lxc (1:1.0.7-5) unstable; urgency=low

  * Updating homepage field.
  * Updating debian copyright string.
  * Dropping conditionals for lua-alt-getopt, not needed anymore.
  * Dropping enforcing of xz compression, not needed anymore.
  * Dropping vcs fields in control for the time being.

 -- Daniel Baumann   Wed, 12 Aug 2015 11:09:50 +0200

lxc (1:1.0.7-4) unstable; urgency=high

  * Adding backported patch from upstream to prevent an unprivileged user
    to use LXC to create arbitrary file on the filesystem [CVE-2015-1331]
    (Closes: #793298).
  * Adding backported patch from upstream to prevent an user to use LXC
    to over-mount /proc which can be used to unconfined code execution
    [CVE-2015-1334] (Closes: #793298).

 -- Daniel Baumann   Wed, 22 Jul 2015 18:33:48 +0200

lxc (1:1.0.7-3) unstable; urgency=low

  * Building with cgmanager (Closes: #773421).

 -- Daniel Baumann   Tue, 28 Apr 2015 22:01:41 +0200

lxc (1:1.0.7-2) unstable; urgency=low

  * Dropping pre-jessie upgrade handling.
  * Dropping pre-jessie conflicts/replaces.

 -- Daniel Baumann   Sat, 25 Apr 2015 08:10:48 +0200

lxc (1:1.0.7-1) experimental; urgency=low

  * Merging upstream version 1.0.7.
  * Removing apparmor.patch, not needed anymore.
  * Removing lxc-create-manpage.patch, included upstream.
  * Removing lxc-debian-systemd.patch, included upstream.
  * Removing lxc-debian-init.patch, included upstream.
  * Renumbering patches.

 -- Daniel Baumann   Sat, 06 Dec 2014 13:11:57 +0100

lxc (1:1.0.6-5) unstable; urgency=low

  * Mounting /sys read-only in lxc-debian to prevent (one way of) escaping
    containers (Closes: #770901).
  * Adding patch from lxc 1.0.7 to make lxc-debian work with systemd
    (Closes: #766216).
  * Adding patch from lxc 1.0.7 to make lxc-debian handle switch of
    initsystem better.

 -- Daniel Baumann   Sat, 06 Dec 2014 13:00:36 +0100

lxc (1:1.0.6-4) unstable; urgency=low

  * Marking -t option in lxc-create manpage as required (Closes: #768778).

 -- Daniel Baumann   Tue, 11 Nov 2014 19:57:58 +0100

lxc (1:1.0.6-3) unstable; urgency=low

  * Preserving setuid on lxc-user-nic (Closes: #764815).

 -- Daniel Baumann   Mon, 13 Oct 2014 20:44:15 +0200

lxc (1:1.0.6-2) unstable; urgency=low

  * Correcting automatic lua:Suggests generation.
  * Adding openssl to recommends since upstreams lxc-debian template
    uses openssl for mac generation.

 -- Daniel Baumann   Tue, 07 Oct 2014 09:42:36 +0200

lxc (1:1.0.6-1) unstable; urgency=low

  * Merging upstream version 1.0.6.
  * Refreshing sysvinit-lsb-functions.patch.
  * Updating to standards version 3.9.6.
  * Setting options for systemd in debian.common.conf (Closes: #761196,
    #761197).

 -- Daniel Baumann   Mon, 29 Sep 2014 12:04:40 +0200

lxc (1:1.0.5-3) unstable; urgency=low

  * Dropping fixes for prefix in systemd unit file, not needed anymore.
  * Moving debootstrap to recommends.
  * Moving lua to suggests.
  * Adding lua suggests for non-debian system.
  * Showing warning when lxc is used on systemd with cgroups mounted in
    /etc/fstab (Closes: #760357).

 -- Daniel Baumann   Thu, 04 Sep 2014 04:30:47 +0200

lxc (1:1.0.5-2) unstable; urgency=low

  * Using and build-depending on dh-systemd (Closes: #758628).
  * Rewording changelog entry about merging upstream version 1.0.5.
  * Marking removal of lxc-top due to missing lua-alt-getopt in rules as
    debian only.
  * Dropping special handling of lxc-debian on progress-linux.
  * Renaming debian-config.patch to lxc-debian-fuse.patch.
  * Renaming lxc-sysvinit.patch to sysvinit-directory.patch.
  * Renaming lsb-init-headers.patch to sysvinit-lsb-headers.patch.
  * Renaming lsb-init-functions.patch to sysvinit-lsb-functions.patch.
  * Renaming lxc-init-lock.patch to sysvinit-lsb-lock.patch.
  * Renaming lxc-sigint.patch to lxc-attach-sigint.patch.
  * Adding references to upstreams bug tracker in all patches.
  * Adding patch from Ondřej Surý  to change
    PermitRootLogin yes to PermitRootLogin without-password in sshd_config
    (Closes: #758647).
  * Adding patch to set random root password in lxc-debian (Closes:
    #758643).
  * Removing /etc/default/lxc for upgrades of wheezy to jessie (Closes:
    #758800).

 -- Daniel Baumann   Thu, 21 Aug 2014 15:54:58 +0200

lxc (1:1.0.5-1) unstable; urgency=low

  * Due to 'popular demand', dropping Debian custom additions and shipping
    an (almost) vanilla lxc package in Debian from now on.
  * Removing Jonas from uploaders, thanks for your past support.
  * Dropping lxc-dev, according to ftp-master this is not acceptable
    anymore without having split out library package.
  * Merging upstream version 1.0.5 (Closes: #757326).
  * Refreshing lsb-init-functions.patch.
  * Refreshing debian-config.patch.
  * Adding debootstrap to suggests.

 -- Daniel Baumann   Sun, 10 Aug 2014 12:55:27 +0200

lxcfs 3.0.3-0ubuntu1 -> 3.0.3-2

* Last Uploader: Stéphane Graber

Debian changes newer than ubuntu version:

lxcfs (3.0.3-2) unstable; urgency=medium

  * Add a call to dpkg-maintscript-helper rm_conffile to handle properly the
    removal of /etc/init/lxcfs.conf (Closes: #914082)

 -- Pierre-Elliott Bécue   Sun, 09 Dec 2018 22:06:41 +0100

lxcfs (3.0.3-1) unstable; urgency=medium

  * New upstream release: 3.0.3
  * d/changelog: Add myself to uploaders
  * Release to unstable

 -- Pierre-Elliott Bécue   Tue, 04 Dec 2018 08:17:32 +0100

nagios-nrpe 3.2.1-1ubuntu1 -> 3.2.1-2

* Last Uploader: Dimitri John Ledkov

Debian changes newer than ubuntu version:

nagios-nrpe (3.2.1-2) unstable; urgency=medium

  * Bump Standards-Version to 4.1.5, no changes.
  * Update Vcs-* URLs for Salsa.
  * Drop dh-systemd build dependency, use debhelper (>= 9.20160709) instead.
  * Strip trailing whitespace from changelog file.

 -- Bas Couwenberg   Fri, 20 Jul 2018 21:04:36 +0200

nspr 2:4.20-1ubuntu1 -> 2:4.21-1

* Last Uploader: Karl Stenerud (sponsored by Christian Ehrhardt )

Debian changes newer than ubuntu version:

nspr (2:4.21-1) unstable; urgency=medium

  * New upstream release.

 -- Mike Hommey   Wed, 22 May 2019 09:21:06 +0900

nss 2:3.42-1ubuntu2 -> 2:3.44+really3.42.1-2

* Last Uploader: Marc Deslauriers

Debian changes newer than ubuntu version:

nss (2:3.44+really3.42.1-2) unstable; urgency=medium

  * debian/rules: Fix version exposed in nss-config and nss.pc.

 -- Mike Hommey   Wed, 05 Jun 2019 06:36:00 +0900

nss (2:3.44+really3.42.1-1) unstable; urgency=medium

  * Reverse to 3.42.1. Building against 3.44 induces some behavior
    differences when running against older versions, which could normally
    be solved with updates to the symbols file, but since 3.44 is not meant
    to ship in Buster, avoid disruption for nss reverse dependencies until
    Buster is released by going back to previous version.

 -- Mike Hommey   Sun, 02 Jun 2019 12:42:20 +0900

nss (2:3.44-1) unstable; urgency=medium

  * New upstream release.
  * debian/libnss3.symbols: Add NSS_3_43 and NSS_3_44 symbol versions.

 -- Mike Hommey   Sat, 01 Jun 2019 11:12:17 +0900

nss (2:3.42.1-1) unstable; urgency=medium

  * New upstream release.
    - Fixes CVE-2018-18508. Closes: #921614.

 -- Mike Hommey   Wed, 13 Feb 2019 13:19:39 +0900

pacemaker 2.0.1-4ubuntu1 -> 2.0.1-5

* Last Uploader: Gianfranco Costamagna

Debian changes newer than ubuntu version:

pacemaker (2.0.1-5) unstable; urgency=medium

  * [17ae230] Backport three more patches from upstream fixing memory safety
    bugs.
    Clearing up fallout from the preceding security fixes.
    Thanks to Ken Gaillot 

 -- Ferenc Wágner   Sun, 02 Jun 2019 14:01:06 +0200

partman-iscsi 40ubuntu4 -> 61

* Last Uploader: Mauricio Faria de Oliveira (sponsored by Eric Desrochers)

Debian changes newer than ubuntu version:

partman-iscsi (61) unstable; urgency=medium
  * Team upload

  [ Updated translations ]
  * Ukrainian (uk.po) by Anton Gladky

 -- Holger Wansing   Thu, 28 Mar 2019 22:09:37 +0100

partman-iscsi (60) unstable; urgency=medium
  * Team upload

  [ Updated translations ]
  * Arabic (ar.po) by Yaron Shahrabani
  * Hebrew (he.po) by Yaron Shahrabani
  * Vietnamese (vi.po) by Trần Ngọc Quân

 -- Holger Wansing   Sun, 03 Mar 2019 13:12:47 +0100

partman-iscsi (59) unstable; urgency=medium
  * Team upload

  * Switch copyright URL to https, to fix lintian tag.

  [ Updated translations ]
  * Arabic (ar.po) by ButterflyOfFire
  * Gujarati (gu.po) by Kartik Mistry

 -- Holger Wansing   Sun, 10 Feb 2019 12:12:51 +0100

partman-iscsi (58) unstable; urgency=medium

  * Team upload

  [ Updated translations ]
  * Arabic (ar.po) by ButterflyOfFire
  * Asturian (ast.po) by Xuacu Saturio
  * Icelandic (is.po) by Sveinn í Felli
  * Latvian (lv.po) by Tranzistors

 -- Holger Wansing   Mon, 29 Oct 2018 23:31:05 +0100

partman-iscsi (57) unstable; urgency=medium

  * Team upload

  [ Updated translations ]
  * Finnish (fi.po) by Arto Keiski
  * Hindi (hi.po) by Himanshu Awasthi

 -- Holger Wansing   Thu, 27 Sep 2018 20:52:05 +0200

partman-iscsi (56) unstable; urgency=medium

  * Team upload

  [ Cyril Brulebois ]
  * Update Vcs-{Browser,Git} to point to salsa (alioth's replacement).

  [ Updated translations ]
  * Finnish (fi.po) by Juhani Numminen
  * Hebrew (he.po) by Yaron Shahrabani

 -- Holger Wansing   Sun, 12 Aug 2018 19:33:09 +0200

partman-iscsi (55) unstable; urgency=medium

  [ Updated translations ]
  * Welsh (cy.po) by Huw Waters
  * Hebrew (he.po) by Yaron Shahrabani
  * Indonesian (id.po) by Andika Triwidada

 -- Christian Perrier   Sat, 07 Apr 2018 07:28:11 +0200

partman-iscsi (54) unstable; urgency=medium

  [ Updated translations ]
  * Hebrew (he.po) by Yaron Shahrabani
  * Indonesian (id.po) by Al Qalit
  * Tajik (tg.po) by Victor Ibragimov

 -- Christian Perrier   Mon, 19 Feb 2018 08:50:02 +0100

partman-iscsi (53) unstable; urgency=medium

  [ Updated translations ]
  * Norwegian Nynorsk (nn.po) by Petter Reinholdtsen
  * Tajik (tg.po) by Victor Ibragimov

 -- Christian Perrier   Wed, 24 Jan 2018 07:52:48 +0100

partman-iscsi (52) unstable; urgency=medium

  [ Updated translations ]
  * Icelandic (is.po) by Sveinn í Felli
  * Bokmål, Norwegian (nb.po) by Alexander Jansen
  * Panjabi (pa.po) by Aman ALam
  * Serbian (sr.po) by Filipovic Dragan

 -- Christian Perrier   Sun, 14 Jan 2018 10:08:50 +0100

partman-iscsi (51) unstable; urgency=medium

  [ Updated translations ]
  * Esperanto (eo.po) by Felipe Castro
  * Nepali (ne.po) by Jeewal Kunwar
  * Simplified Chinese (zh_CN.po) by Boyuan Yang

 -- Christian Perrier   Mon, 25 Dec 2017 18:08:22 +0100

partman-iscsi (50) unstable; urgency=medium

  [ Updated translations ]
  * Hungarian (hu.po) by Dr. Nagy Elemér Károly
  * Lithuanian (lt.po) by Rimas Kudelis
  * Swedish (sv.po) by Anders Jonsson

 -- Christian Perrier   Sun, 03 Dec 2017 16:19:52 +0100

partman-iscsi (49) unstable; urgency=medium

  [ Updated translations ]
  * Greek (el.po) by Sotirios Vrachas
  * Estonian (et.po) by Kristjan Räts
  * Norwegian Nynorsk (nn.po) by Allan Nordhøy
  * Swedish (sv.po) by Anders Jonsson

 -- Christian Perrier   Sun, 26 Nov 2017 07:54:07 +0100

partman-iscsi (48) unstable; urgency=medium

  [ Updated translations ]
  * Panjabi (pa.po) by A S Alam

 -- Christian Perrier   Tue, 31 Oct 2017 09:55:54 +0100

partman-iscsi (47) unstable; urgency=medium

  [ Updated translations ]
  * Latvian (lv.po) by Rūdolfs Mazurs

 -- Christian Perrier   Wed, 18 Oct 2017 09:06:00 +0200

partman-iscsi (46) unstable; urgency=medium

  [ Updated translations ]
  * Greek (el.po) by Sotirios Vrachas
  * Hebrew (he.po) by Lior Kaplan
  * Albanian (sq.po) by Redon Skikuli

 -- Christian Perrier   Mon, 18 Sep 2017 21:22:28 +0200

partman-iscsi (45) unstable; urgency=medium

  [ Updated translations ]
  * Traditional Chinese (zh_TW.po) by Yao Wei (魏銘廷)

 -- Christian Perrier   Thu, 29 Jun 2017 06:55:50 +0200

partman-iscsi (44) unstable; urgency=medium

  [ Updated translations ]
  * Serbian (sr.po) by Dragan Filipović

 -- Christian Perrier   Wed, 08 Jun 2016 19:00:17 +0200

partman-iscsi (43) unstable; urgency=medium

  [ Updated translations ]
  * Serbian (sr.po) by Dragan Filipović

 -- Christian Perrier   Mon, 25 Apr 2016 06:59:49 +0200

partman-iscsi (42) unstable; urgency=medium

  [ Colin Watson ]
  * Use HTTPS for Vcs-* URLs, and link to cgit rather than gitweb.

 -- Christian Perrier   Sun, 14 Feb 2016 08:08:47 +0100

partman-iscsi (41) unstable; urgency=medium

  [ Updated translations ]
  * Swedish (sv.po) by Martin Bagge / brother

 -- Christian Perrier   Wed, 27 Jan 2016 16:09:32 +0100

python-automaton 1.14.0-0ubuntu1 -> 1.15.0-1

* Last Uploader: Corey Bryant

Debian changes newer than ubuntu version:

python-automaton (1.15.0-1) unstable; urgency=medium

  [ Ondřej Nový ]
  * d/control: Use team+openstack@tracker.debian.org as maintainer

  [ Thomas Goirand ]
  * New upstream release.
  * Fixed (build-)depends for this release.
  * Using Python 3 when building the sphinx doc.

 -- Thomas Goirand   Tue, 04 Sep 2018 00:10:49 +0200

python-automaton (1.14.0-2) unstable; urgency=medium

  [ Ondřej Nový ]
  * d/control: Fix wrong Vcs-*

  [ Thomas Goirand ]
  * Uploading to unstable.

 -- Thomas Goirand   Sun, 25 Feb 2018 22:48:47 +0000

python-automaton (1.14.0-1) experimental; urgency=medium

  [ Ondřej Nový ]
  * Bumped debhelper compat version to 10

  [ Thomas Goirand ]
  * New upstream release.
  * Points VCS URLs to Salsa.
  * Ran wrap-and-sort -a.
  * Updating maintainer field.
  * Standards-Version is now 4.1.3.
  * Fixed (build-)depends for this release.
  * Using pkgos-dh_auto_{test,install}.

 -- Thomas Goirand   Thu, 15 Feb 2018 09:53:25 +0000

python-ceilometerclient 2.9.0-0ubuntu1 -> 2.9.0-2

* Last Uploader: Corey Bryant

Debian changes newer than ubuntu version:

python-ceilometerclient (2.9.0-2) unstable; urgency=medium

  * Uploading to unstable.

 -- Thomas Goirand   Wed, 01 Nov 2017 23:46:43 +0000

python-ceilometerclient (2.9.0-1) experimental; urgency=medium

  [ Ondřej Nový ]
  * Standards-Version is 3.9.8 now (no change)
  * Change directory to $ADTTMP before running Debian tests
  * d/copyright: Changed source URL to https protocol

  [ Daniel Baumann ]
  * Updating vcs fields.
  * Updating copyright format url.
  * Running wrap-and-sort -bast.
  * Updating maintainer field.
  * Updating standards version to 4.0.0.
  * Removing gbp.conf, not used anymore or should be specified in the
    developers dotfiles.
  * Correcting permissions in debian packaging files.
  * Updating standards version to 4.0.1.
  * Deprecating priority extra as per policy 4.0.1.
  * Updating standards version to 4.1.0.

  [ Thomas Goirand ]
  * New upstream release.
  * Fixed (build-)depends for this release.
  * Using pkgos-dh_auto_install.
  * Remove test patch.
  * Removed XS-Testsuite: field.

 -- Thomas Goirand   Wed, 04 Oct 2017 19:31:50 +0200

python-cotyledon 1.6.8-2ubuntu2 -> 1.6.8-3

* Last Uploader: Corey Bryant

Debian changes newer than ubuntu version:

python-cotyledon (1.6.8-3) unstable; urgency=medium

  [ Ondřej Nový ]
  * d/control: Set Vcs-* to salsa.debian.org
  * d/control: Use team+openstack@tracker.debian.org as maintainer

  [ Thomas Goirand ]
  * Run tests using PYTHONPATH=$(CURDIR) (Closes: #898421).

 -- Thomas Goirand   Thu, 10 Jan 2019 10:10:31 +0100

python-cryptography 2.3-1ubuntu2 -> 2.6.1-3

* Last Uploader: Matthias Klose

Debian changes newer than ubuntu version:

python-cryptography (2.6.1-3) unstable; urgency=medium

  * Fix autopkgtest dependencies.

 -- Tristan Seligmann   Sat, 09 Mar 2019 13:25:47 +0200

python-cryptography (2.6.1-2) unstable; urgency=medium

  [ Ondřej Nový ]
  * Convert git repository from git-dpm to gbp layout
  * Use 'python3 -m sphinx' instead of sphinx-build for building docs

  [ Tristan Seligmann ]
  * Fix merge.

 -- Tristan Seligmann   Fri, 08 Mar 2019 20:56:58 +0200

python-cryptography (2.6.1-1) unstable; urgency=medium

  * New upstream release.

 -- Tristan Seligmann   Fri, 08 Mar 2019 13:33:42 +0200

python-cursive 0.2.1-0ubuntu1 -> 0.2.1-2

* Last Uploader: Corey Bryant

Debian changes newer than ubuntu version:

python-cursive (0.2.1-2) unstable; urgency=medium

  * Uploading to unstable.

 -- Thomas Goirand   Sun, 25 Feb 2018 22:56:29 +0000

python-cursive (0.2.1-1) experimental; urgency=medium

  [ Ondřej Nový ]
  * d/control: Set Vcs-* to salsa.debian.org

  [ Thomas Goirand ]
  * New upstream release.
  * Fixed (build-)depends for this release.

 -- Thomas Goirand   Thu, 15 Feb 2018 07:30:00 +0000

python-microversion-parse 0.2.1-0ubuntu1 -> 0.2.1-2

* Last Uploader: Corey Bryant

Debian changes newer than ubuntu version:

python-microversion-parse (0.2.1-2) unstable; urgency=medium

  * Uploading to unstable.

 -- Ondřej Nový   Wed, 05 Sep 2018 10:04:48 +0200

python-microversion-parse (0.2.1-1) experimental; urgency=medium

  * New upstream release
  * Change build deps for new upstream release

 -- Ondřej Nový   Tue, 21 Aug 2018 14:19:33 +0200

python-mistralclient 1:3.7.0-0ubuntu1 -> 1:3.7.0-2

* Last Uploader: Corey Bryant

Debian changes newer than ubuntu version:

python-mistralclient (1:3.7.0-2) unstable; urgency=medium

  [ Ondřej Nový ]
  * Running wrap-and-sort -bast

  [ Thomas Goirand ]
  * Uploading to unstable.
  * Blacklist HTTPClientTest.test_get_request_options_with_profile_enabled() in
    Python 3.x.

 -- Thomas Goirand   Wed, 05 Sep 2018 00:08:49 +0200

python-mistralclient (1:3.7.0-1) experimental; urgency=medium

  [ Ondřej Nový ]
  * d/control: Use team+openstack@tracker.debian.org as maintainer

  [ Thomas Goirand ]
  * New upstream release.
  * Fixed (build-)depends for this release.
  * Building doc with Python 3.
  * Using pkgos-dh_auto_test.

 -- Thomas Goirand   Wed, 22 Aug 2018 11:12:32 +0200

python-os-client-config 1.31.2-0ubuntu1 -> 1.31.2-2

* Last Uploader: Corey Bryant

Debian changes newer than ubuntu version:

python-os-client-config (1.31.2-2) unstable; urgency=medium

  * Uploading to unstable.

 -- Thomas Goirand   Tue, 04 Sep 2018 22:28:31 +0200

python-os-client-config (1.31.2-1) experimental; urgency=medium

  [ Ondřej Nový ]
  * d/control: Set Vcs-* to salsa.debian.org
  * d/control: Use team+openstack@tracker.debian.org as maintainer

  [ Thomas Goirand ]
  * New upstream release.
  * Fixed (build-)depends for this release.
  * Using Python 3 for building sphinx doc.
  * Using pkgos-dh_auto_test.

 -- Thomas Goirand   Mon, 20 Aug 2018 18:46:00 +0200

python-pyvmomi 6.5.0.2017.5-0ubuntu1 -> 6.7.1-2

* Last Uploader: Dimitri John Ledkov

Debian changes newer than ubuntu version:

python-pyvmomi (6.7.1-2) unstable; urgency=medium

  * Upload to unstable

 -- Mathieu Parent   Sat, 17 Nov 2018 17:33:30 +0100

python-pyvmomi (6.7.1-1) experimental; urgency=medium

  [ Ondřej Nový ]
  * d/control: Set Vcs-* to salsa.debian.org
  * d/control: Add trailing tilde to min version depend to allow
    backports
  * d/control: Use team+openstack@tracker.debian.org as maintainer
  * d/control: Fix wrong Vcs-*

  [ Mathieu Parent ]
  * Upload to experimental
  * New upstream version (Closes: #860285)
    - Removing data_files.patch, merged upstream
    - Add patch to unpin vcrpy out of =1.12.0 and remove SSL tunnel tests
  * Package takeover:
    - Maintainer: Debian OpenStack -> Debian Python Modules Team
    - Uploaders: Remove Julien Danjou, Thomas Goirand, Mehdi Abaakouk and Joshua
      Kwan
    - Uploaders: Add myself
  * Update d/watch to github as doc is missing on pypi
  * Standards-Version: 4.2.1
  * Enable python3 tests and required Build-Depends
  * Debhelper compat: 9 -> 11
  * Add NOTICE.txt in python{,3}-pyvmomi.docs

 -- Mathieu Parent   Fri, 16 Nov 2018 06:22:46 +0100

python-scrypt 0.8.0-0ubuntu5 -> 0.8.0-0.1

* Last Uploader: Matthias Klose

Debian changes newer than ubuntu version:

python-scrypt (0.8.0-0.1) unstable; urgency=medium

  * Non-maintainer upload.
  * New upstream release (Closes: #877732).
  * Added Python 3 support (Closes: #742225).
  * Build-depends: on python{3,}-setuptools.

 -- Thomas Goirand   Thu, 05 Oct 2017 17:07:52 +0200

python-seamicroclient 0.4.0-1ubuntu1 -> 0.4.0-3

* Last Uploader: Andres Rodriguez

Debian changes newer than ubuntu version:

python-seamicroclient (0.4.0-3) unstable; urgency=medium

  [ Thomas Goirand ]
  * Uploading to unstable.
  * Added missing build-depends-indep: subunit.
  * Removed argparse from requirements.txt and lift pbr upper bound.
  * Added missing python-requests build-dep.
  * Blacklist a number of tests:
    - tests.test_http.ClientTest.test_get
    - test_http.ClientTest.test_post
    - v2.test_fantrays.FanTraysTest.test_list_fantrays
    - v2.test_scards.ScardsTest.test_list_scards
    - v2.test_servers.ServersTest.test_server_set_tagged_vlan
    - v2.test_servers.ServersTest.test_server_set_untagged_vlan
    - v2.test_servers.ServersTest.test_server_unset_tagged_vlan
    - v2.test_servers.ServersTest.test_server_unset_untagged_vlan
    - v2.test_system.Systemstest.test_list_system
  * Using OpenStack's Gerrit as VCS URLs.

  [ Ondřej Nový ]
  * Fixed VCS URLs (https).
  * d/rules: Changed UPSTREAM_GIT protocol to https
  * d/s/options: extend-diff-ignore of .gitreview
  * d/control: Use correct branch in Vcs-* fields

 -- Thomas Goirand   Thu, 10 Mar 2016 10:31:04 +0100

qemu 1:3.1+dfsg-2ubuntu5 -> 1:3.1+dfsg-8

* Last Uploader: Christian Ehrhardt 

Debian changes newer than ubuntu version:

qemu (1:3.1+dfsg-8) unstable; urgency=high

  * sun4u-add-power_mem_read-routine-CVE-2019-5008.patch
    fixes a null-pointer dereference in sparc/sun4u emulated hw
    Closes: #927439, CVE-2019-5008
  * enable-md-no.patch & enable-md-clear.patch
    mitigation for MDS (Microarchitectural Data Sampling) issues
    Closes: #929067,
    CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
  * qxl-check-release-info-object-CVE-2019-12155.patch
    fixes null-pointer deref in qxl cleanup code
    Closes: #929353, CVE-2019-12155
  * aarch32-exception-return-to-switch-from-hyp-mon.patch
    fixes booting U-Boot in UEFI mode on aarch32
    Closes: #927763
  * stop qemu-system-common pre-depending on adduser
    Closes: #929261

 -- Michael Tokarev   Mon, 27 May 2019 07:49:25 +0300

qemu (1:3.1+dfsg-7) unstable; urgency=high

  [ Michael Tokarev ]
  * device_tree-don-t-use-load_image-CVE-2018-20815.patch
    fix heap buffer overflow while loading device tree blob
    (Closes: CVE-2018-20815)

  [ Christian Ehrhardt ]
  * qemu-guest-agent: fix path of fsfreeze-hook (LP: #1820291)
   - d/qemu-guest-agent.install: use correct path for fsfreeze-hook
   - d/qemu-guest-agent.pre{rm|inst}/.postrm: special handling for
     mv_conffile since the new path is a directory in the old package
     version which can not be handled by mv_conffile.

 -- Michael Tokarev   Wed, 27 Mar 2019 14:24:06 +0300

qemu (1:3.1+dfsg-6) unstable; urgency=high

  * slirp-check-sscanf-result-when-emulating-ident-CVE-2019-9824.patch
    fix information leakage in slirp code (Closes: CVE-2019-9824)

 -- Michael Tokarev   Mon, 18 Mar 2019 14:41:51 +0300

qemu (1:3.1+dfsg-5) unstable; urgency=high

  * i2c-ddc-fix-oob-read-CVE-2019-3812.patch fixes
    OOB read in hw/i2c/i2c-ddc.c which allows for memory disclosure.
    Closes: #922635, CVE-2019-3812

 -- Michael Tokarev   Mon, 11 Mar 2019 14:30:44 +0300

qemu (1:3.1+dfsg-4) unstable; urgency=medium

  * mention closing of #855043 by 3.1+dfsg-3
  * disable pvrdma for now, it is a bit too buggy.
    Besides several security holes there are many other bugs there as well,
    and the amount of patches applied upstream after 3.1 release is large
    (Closes, or really makes unimportant again: CVE-2018-20123 CVE-2018-20124
     CVE-2018-20125 CVE-2018-20126 CVE-2018-20191 CVE-2018-20216)

 -- Michael Tokarev   Mon, 11 Feb 2019 14:00:09 +0300

qemu (1:3.1+dfsg-3) unstable; urgency=medium

  [ Michael Tokarev ]
  * mention #696289 closed by 2.10
  * move ovmf to recommends on debian and update aarch ovmf refs
    (Closes: #889885, #855043)
  * remove /dev/kvm permission handling (moved to systemd 239-6)
    (Closes: #892945)
  * build qemu-palcode using alpha cross-compiler
    (Closes: #913103)
  * fix path in qemu-guest-agent.service (#918378), fixs Bind[s]To
    (Closes: #918378
  * use int for sparc64 timeval.tv_usec
    (Closes: #920032)
  * build-depend on libglusterfs-dev not glusterfs-common
    (Closes: #919668, #881527)
  * add breaks: qemu-system-data to qemu-system-common,
    to close #916279 completely (all this can be removed after buster)
    (Closes: #916279)
  * scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6501.patch
    (Closes: #920222, CVE-2019-6501)
  * slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778.patch
    (Closes: #921525)
  * pvrdma-release-device-resources-on-error-CVE-2018-20123.patch
    (Closes: #916442, CVE-2018-20123)
  * enable rdma and pvrdma, build-depend on
    librdmacm-dev, libibverbs-dev, libibumad-dev
  * sync debian/qemu-user-static.1 and debian/qemu-user.1 generate the latter
    from the former (finally Closes: #901407)
  * move ivshmem-server & ivshmem-client from qemu-utils to qemu-system-common
    (the binaries are also specific to qemu-system, not useable alone)
  * move qemu-pr-helper from qemu-utils to qemu-system-common -
    this is an internal qemu-system helper, with possible socket activation,
    not intended for use outside of qemu-system

  [ Christian Ehrhardt ]
  * qemu-guest-agent: freeze-hook to ignore dpkg files (packaging changes)

 -- Michael Tokarev   Wed, 06 Feb 2019 12:23:01 +0300

rabbitmq-server 3.7.8-4ubuntu2 -> 3.7.8-5

* Last Uploader: James Page

Debian changes newer than ubuntu version:

rabbitmq-server (3.7.8-5) unstable; urgency=medium

  [ Ondřej Nový ]
  * Removing gbp.conf, not used anymore or should be specified in the
    developers dotfiles.

  [ Thomas Goirand ]
  * Also package rabbitmq-diagnostics.

 -- Thomas Goirand   Mon, 17 Jun 2019 22:59:25 +0200

resource-agents 1:4.2.0-1ubuntu2 -> 1:4.2.0-2

* Last Uploader: Heitor Alves de Siqueira (sponsored by Eric Desrochers)

Debian changes newer than ubuntu version:

resource-agents (1:4.2.0-2) unstable; urgency=medium

  * debian/rules: fix build with merged-usr (Closes: #915848)
  * debian/patches: use /run for ldirectord pid file

 -- Valentin Vidic   Sun, 09 Dec 2018 21:04:49 +0100

vlan 2.0.4ubuntu1 -> 2.0.5

* Last Uploader: Dan Streetman (sponsored by Eric Desrochers)

Debian changes newer than ubuntu version:

vlan (2.0.5) unstable; urgency=medium

  * debian/network/if-pre-up.d/vlan: add missing biosdevname (Closes: #922801).
    - Thanks to Dan Steetman for the patch.

 -- Willem van den Akker   Thu, 21 Feb 2019 08:29:59 +0100

webtest 2.0.28-1ubuntu1 -> 2.0.32-1

* Last Uploader: Corey Bryant

Debian changes newer than ubuntu version:

webtest (2.0.32-1) unstable; urgency=medium

  [ Ondřej Nový ]
  * d/control: Set Vcs-* to salsa.debian.org
  * d/watch: Use https protocol
  * d/control: Remove ancient X-Python-Version field
  * Convert git repository from git-dpm to gbp layout

  [ Piotr Ożarowski ]
  * New upstream release
  * Add patch to use default Sphinx theme (pylons_sphinx_theme is not packaged)
  * Standards-Version bumped to 4.3.0 (no changes needed)

 -- Piotr Ożarowski   Sat, 29 Dec 2018 22:14:13 +0100

xen 4.9.2-0ubuntu2 -> 4.11.1+92-g6c33308a8d-2

* Last Uploader: Matthias Klose

Debian changes newer than ubuntu version:

xen (4.11.1+92-g6c33308a8d-2) unstable; urgency=high

  * Mention MDS and the need for updated microcode and disabling
    hyper-threading in NEWS.
  * Mention the ucode=scan option in the grub.d/xen documentation.

 -- Hans van Kranenburg   Sat, 22 Jun 2019 11:15:08 +0200

xen (4.11.1+92-g6c33308a8d-1) unstable; urgency=high

  * Update to new upstream version 4.11.1+92-g6c33308a8d, which also
    contains the following security fixes:
    - Fix: grant table transfer issues on large hosts
      XSA-284 (no CVE yet) (Closes: #929991)
    - Fix: race with pass-through device hotplug
      XSA-285 (no CVE yet) (Closes: #929998)
    - Fix: x86: steal_page violates page_struct access discipline
      XSA-287 (no CVE yet) (Closes: #930001)
    - Fix: x86: Inconsistent PV IOMMU discipline
      XSA-288 (no CVE yet) (Closes: #929994)
    - Fix: missing preemption in x86 PV page table unvalidation
      XSA-290 (no CVE yet) (Closes: #929996)
    - Fix: x86/PV: page type reference counting issue with failed IOMMU update
      XSA-291 (no CVE yet) (Closes: #929995)
    - Fix: x86: insufficient TLB flushing when using PCID
      XSA-292 (no CVE yet) (Closes: #929993)
    - Fix: x86: PV kernel context switch corruption
      XSA-293 (no CVE yet) (Closes: #929999)
    - Fix: x86 shadow: Insufficient TLB flushing when using PCID
      XSA-294 (no CVE yet) (Closes: #929992)
    - Fix: Microarchitectural Data Sampling speculative side channel
      XSA-297 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091
      (Closes: #929129)
  * Note that the fixes for XSA-297 will only have effect when also loading
    updated cpu microcode with MD_CLEAR functionality. When using the
    intel-microcode package to include microcode in the dom0 initrd, it has to
    be loaded by Xen. Please refer to the hypervisor command line
    documentation about the 'ucode=scan' option.
  * Fixes for XSA-295 "Unlimited Arm Atomics Operations" will be added in the
    next upload.

 -- Hans van Kranenburg   Tue, 18 Jun 2019 09:50:19 +0200

xen (4.11.1+26-g87f51bf366-3) unstable; urgency=medium

  Minor useability improvements and fixes:
  * bash-completion: also complete 'xen'  [Hans van Kranenburg]
  * /etc/default/xen: Handle with ucf again, like in stretch.
    Closes:#923401.  [Ian Jackson]

  Build fix:
  * Fix FTBFS when building only arch-indep binaries (eg
    dpkg-buildpackage -A).  Was due to dh-exec bug wrt not-installed.
    Closes:#923013.  [Hans van Kranenburg; report from Santiago Vila]

  Documentation fix:
  * grub.d/xen.cfg: dom0_mem max IS needed  [Hans van Kranenburg]

 -- Ian Jackson   Thu, 28 Feb 2019 16:37:04 +0000

xen (4.11.1+26-g87f51bf366-2) unstable; urgency=medium

  * Packaging change: override spurious lintian warning about
    fsimage.so rpath.

 -- Ian Jackson   Fri, 22 Feb 2019 16:07:37 +0000

xen (4.11.1+26-g87f51bf366-1) unstable; urgency=medium

  Significant changes:
  * Update to new upstream version 4.11.1+26-g87f51bf366.
    (This is from the upstream stable branch.)  [Ian Jackson]
  * Build and use oxenstored rather than the C xenstored by default.
    [Ian Jackson and Hans van Kranenburg]
  * xen init script: rewrite and reorganise xenstored start logic.
    [Hans van Kranenburg]

  Documentation etc. improvements:
  * Refresh hypervisor and dom0 command line options documentation.
    (Closes: #919758)  [Hans van Kranenburg; report from Gergely]
  * Ship /etc/default/xen, a striped and tidied version of upstream
    sysconfig.xencommons.in.  [Hans van Kranenburg]

  Significant bugfixes:
  * xen init script: Do nothing if running for wrong Xen package.
    Avoids mystery loss of xenconsoled.  Closes:#851654.
    [Ian Jackson; report from Wolodja Wentland]
  * Make pygrub work again (by fixing python module and shared library
    paths).  Closes:#912381.  [Ian Jackson; earlier, Bastian Blank;
    report from Dimitar Angelov, also Torben Schou Jensen]

  Packaging bugfixes:
  * Have xen-utils-common suggest xen-doc, because it contains a broken
    symlink to it.  Closes:#911046.
    [Hans van Kranenburg; report from Andreas Beckmann]
  * Have xenstore-utils declare Breaks on xen-utils-common to make
    piuparts happy.  Closes:#911045.
    [Hans van Kranenburg, report from Andreas Beckmann]
  * hotplug-common: Strip arch-specific libdir from config file
    Closes:#862236.  [Ian Jackson; report from Stefan Bühler]
  * xendomains init script; Add dependency on $network.
    Closes:#798510.  [Francois Lesueur]
  * xendomains init script; Add should-dependency on nfs-kernel-server
    Closes:#826871.  [Geoffrey McRae]

  Packaging minor fixes and improvements [Hans van Kranenburg]:
  * debian/libxenstore3.0.symbols: revert ea2334dfe0
  * debian/control: add dh-python build-dep
  * d/xen-utils-V...: override xen-shim-syms lintian
  * debian/control: bump debhelper builddep to 10
  * debian/.gitignore: ignore more debhelper snippets
  * bash-completion: install completion rules for xl
  * xen init script: don't fail when being run in domU
  * Remove xend cruft from various init scripts etc.

  Packaging minor fixes and improvements [Ian Jackson]:
  * xen version/upgrade handling: Improve an error message
  * xen init script: silently exit status 0 if not running under xen
  * xen init script: Tidy up wrong/missing Xen version error handling
  * debian/rules: Fix tiny typos
  * hotplug-common: Do not adjust LD_LIBRARY_PATH

 -- Ian Jackson   Fri, 22 Feb 2019 15:11:45 +0000

xen (4.11.1-1) unstable; urgency=medium

  * debian/control: Add Homepage, Vcs-Browser and Vcs-Git.
    (Closes: #911457)
  * grub.d/xen.cfg: fix default entry when using l10n (Closes: #865086)
  * debian/rules: Don't exclude the actual pygrub script.
  * Update to new upstream version 4.11.1, which also contains:
    - Fix: insufficient TLB flushing / improper large page mappings with AMD
      IOMMUs
      XSA-275 CVE-2018-19961 CVE-2018-19962
    - Fix: resource accounting issues in x86 IOREQ server handling
      XSA-276 CVE-2018-19963
    - Fix: x86: incorrect error handling for guest p2m page removals
      XSA-277 CVE-2018-19964
    - Fix: x86: Nested VT-x usable even when disabled
      XSA-278 CVE-2018-18883
    - Fix: x86: DoS from attempting to use INVPCID with a non-canonical
      addresses
      XSA-279 CVE-2018-19965
    - Fix for XSA-240 conflicts with shadow paging
      XSA-280 CVE-2018-19966
    - Fix: guest use of HLE constructs may lock up host
      XSA-282 CVE-2018-19967
  * Update version handling patching to put the team mailing list address in
    the first hypervisor log line and fix broken other substitutions.
  * Disable handle_iptable hook in vif-common script. See #894013 for more
    information.

 -- Hans van Kranenburg   Wed, 02 Jan 2019 20:59:40 +0100

xen (4.11.1~pre.20180911.5acdd26fdc+dfsg-5) unstable; urgency=medium

  * debian/rules: Cope if xen-utils-common not being built
    (Fixes binary-indep FTBFS.)

 -- Ian Jackson   Mon, 15 Oct 2018 18:07:11 +0100

xen (4.11.1~pre.20180911.5acdd26fdc+dfsg-4) unstable; urgency=medium

  * Many packaging fixes to fix FTBFS on all arches other than amd64.
  * xen-vbd-interface(7): Provide properly-formatted NAME section
  * Add pandoc and markdown to Build-Depends - fixes missing docs.
  * Revert "tools-xenstore-compatibility.diff" apropos of discussion
    https://lists.xenproject.org/archives/html/xen-devel/2018-10/msg00838.html

 -- Ian Jackson   Mon, 15 Oct 2018 12:15:36 +0100

xen (4.11.1~pre.20180911.5acdd26fdc+dfsg-3) unstable; urgency=medium

  * hypervisor package postinst: Actually install (avoids need to
    run update-grub by hand).
  * debian/control: Adding Section to source stanza
  * debian/control: Add missing Replaces on old xen-utils-common
  * debian/rules: Add a -n to a gzip rune to improve reproducibility

 -- Ian Jackson   Fri, 12 Oct 2018 16:55:48 +0100

xen (4.11.1~pre.20180911.5acdd26fdc+dfsg-2) unstable; urgency=medium

  * Redo as an upload with binaries, because source-only uploads to NEW
    are not allowed.

 -- Ian Jackson   Fri, 05 Oct 2018 19:38:52 +0100

xen (4.11.1~pre.20180911.5acdd26fdc+dfsg-1) unstable; urgency=medium

  * Update to new upstream version 4.11.1~pre.20180911.5acdd26fdc+dfsg;
    merging in 4.11.1~pre.20180911.5acdd26fdc+dfsg-1~exp1.

 -- Ian Jackson   Fri, 05 Oct 2018 18:39:58 +0100

xen (4.11.1~pre+1.733450b39b-1) unstable; urgency=medium

  * Completely overhauled the packaging.  In the source package, things
    are very much simpler now with only a few hundred loc of templating
    and scriptery.  In the binary packages the resulting changes are:
     - We now provide -dbgsym packages in the standard way
      - Shared libraries with unstable ABI upstream (ie, whose
        ABI changes with the Xen version) are now in
        libxen-misc rather than libxen and
        have more conventional-looking filenames.
     - Shared libraries with a stable ABI upstream are now each in their
       own package, named after the soname (ABI version), as is
       conventional.  The sonames and minor versions of these are
       no longer mangled.
     - xs.h, replaced upstream by xenstore.h, is now in
       /usr/include/xenstore-compat (as shipped upstream), with
       symlinks left behind.
     - fsimage*.h is no longer shipped (it's namespace-grabbish).
     - libxenvchan.h is in /usr/include as it is in upstream,
       not buried in /usr/include/xen/io
     - /etc/xen/cpupool, a not very interesting example config file,
       has been moved into /usr/share/doc/.
     - There is a new xen-doc package, in which the upstream HTML
       documentation, and various other bits, is now provided.  This
       replaces the text format documentation previously provided in
       xen-utils-common (but the manpages are still there).
     - Utilities which use on libraries with stable ABIs upstream
       are no longer subjected to the Xen version wrapper.
     - Several utilities are now provided in /usr/bin which were
       previously only available buried in /usr/lib/xen-:
          xen-detect xenalyze xencons xencov_split xen-cpuid
       (version-wrapped, where necessary).
     - Likewise very many utilities and daemons in /usr/sbin:
          gdbsx xen-bugtool xen-ringwatch xen-tmem-list-parse
          xenmon xenpmd flask-* xen-kdd xen-diag xen-hptool
          xen-hvmcrash xen-hvmctx xen-livepatch xen-lowmemd
          xen-mfndump xenbaked xenconsoled xencov xenlockprof
          xenstored xenwatchdogd
     - xend and xm are long gone, so remove the support for the
       TOOLSTACK setting in /etc/default/xen.  /usr/sbin/xen just
       runs xl now.  Remove mentions of xend-config.sxp and all
       *.sxp files.  Drop the xend init script.
     - There is no longer any Built-Using.  This is no longer true for
       seabios, which is depended on and used at runtime, rather than
       being embedded into hvmloader.  (The source package also previously
       tried to mention ipxe-qemu in Built-Using but that's (i) dependent
       upstream on CONFIG_ROMBIOS which we disable, and not a
       build-dependency either.)
     - The hvmloader and xen-shim binaries no longer have their .note
       and .comment section(s) stripped.  .note is needed for xen-shim
       to work properly and to find the corresponding debug files.
       And .comment is tiny and harmless AFAICT.
     - Hypervisor debug map files are installed in /usr/lib/debug.
     - The xl bash_completion file from upstream is installed.
     - libxenvchan.h is installed.
     - We install xen-*.efi in /boot.
     - Sections of some packages have been rationalised.
     - We install a doc-base control file.

 -- Ian Jackson   Wed, 03 Oct 2018 18:45:02 +0100

xen (4.11.1~pre.20180911.5acdd26fdc+dfsg-1~exp1) experimental; urgency=medium

  * Update to new upstream version 4.11.1~pre.20180911.5acdd26fdc+dfsg.
  * Remove stubdom/grub.patches/00cvs from the upstream source because it's
    not DFSG compliant. (license-problem-gfdl-invariants)
  * Override statically-linked-binary lintian error about
    usr/lib/xen-4.11/boot/xen-shim

 -- Hans van Kranenburg   Tue, 11 Sep 2018 15:34:34 +0200

xen (4.11.1~pre+1.733450b39b-1~exp1) experimental; urgency=medium

  [ Hans van Kranenburg ]
  * Update to 4.11.1-pre commit 733450b39b, which also contains:
    - Additional fix for: Unlimited recursion in linear pagetable de-typing
      XSA-240 CVE-2017-15595 (listed as xsa240-4.8/0004)
    - Fix x86 PV guests may gain access to internally used pages
      XSA-248 CVE-2017-17566
    - Fix broken x86 shadow mode refcount overflow check
      XSA-249 CVE-2017-17563
    - Fix improper x86 shadow mode refcount error handling
      XSA-250 CVE-2017-17564
    - Fix improper bug check in x86 log-dirty handling
      XSA-251 CVE-2017-17565
    - Fix: DoS via non-preemptable L3/L4 pagetable freeing
      XSA-252 CVE-2018-7540
    - Fix x86: memory leak with MSR emulation
      XSA-253 CVE-2018-5244
    - Multiple parts of fixes for...
      Information leak via side effects of speculative execution
      XSA-254 CVE-2017-5753 CVE-2017-5715 CVE-2017-5754
      - XPTI stage 1 a.k.a. 'Meltdown band-aid', XPTI-S1 or XPTI-lite
      - Branch predictor hardening for ARM CPUs
      - Support compiling with indirect branch thunks (e.g. retpoline)
      - Report details of speculative mitigations in boot logging
    - Fix: grant table v2 -> v1 transition may crash Xen
      XSA-255 CVE-2018-7541
    - Fix: x86 PVH guest without LAPIC may DoS the host
      XSA-256 CVE-2018-7542
    - The "Comet" shim, which can be used as a mitigation for Meltdown to
      shield the hypervisor against 64-bit PV guests.
    - Fix: Information leak via crafted user-supplied CDROM
      XSA-258 CVE-2018-10472
    - Fix: x86: PV guest may crash Xen with XPTI
      XSA-259 CVE-2018-10471
    - Fix: x86: mishandling of debug exceptions
      XSA-260 CVE-2018-8897
    - Fix: x86 vHPET interrupt injection errors
      XSA-261 CVE-2018-10982
    - Fix: qemu may drive Xen into unbounded loop
      XSA-262 CVE-2018-10981
    - Fix: Speculative Store Bypass
      XSA-263 CVE-2018-3639
    - Fix: preemption checks bypassed in x86 PV MM handling
      XSA-264 CVE-2018-12891
    - Fix: x86: #DB exception safety check can be triggered by a guest
      XSA-265 CVE-2018-12893
    - Fix: libxl fails to honour readonly flag on HVM emulated SCSI disks
      XSA-266 CVE-2018-12892
    - Fix: Speculative register leakage from lazy FPU context switching
      XSA-267 CVE-2018-3665
    - Fix: Use of v2 grant tables may cause crash on ARM
      XSA-268 CVE-2018-15469
    - Fix: x86: Incorrect MSR_DEBUGCTL handling lets guests enable BTS
      XSA-269 CVE-2018-15468
    - Fix: oxenstored does not apply quota-maxentity
      XSA-272 CVE-2018-15470
    - Fix: L1 Terminal Fault speculative side channel
      XSA-273 CVE-2018-3620
  * Merge changes for 4.9 from the ubuntu packaging (thanks, Stefan Bader):
    - Rebase patches against upstream source (line numbers etc).
    - debian/rules.real:
      - Add a call to build common tool headers.
      - Add a call to install common tool headers.
    - debian/libxen-dev.install, d/p/ubuntu-tools-libs-abiname.diff:
      - Add additional modifications for new libxendevicemodel.
    - debian/patches/tools-fake-xs-restrict.patch:
      - Re-introduce (fake) xs_restrict call to keep libxenstore version at
        3.0 for now.
    - debian/libxenstore3.0.symbols: add xs_control_command
  * Rebase patches against 4.10 upstream source.
  * Rebase patches against 4.11 upstream source.
  * Add README.source.md to document how the packaging works.
  * This package builds correctly with gcc 7. (Closes: #853710)
  * Fix grub config file conflict when upgrading from Stretch. (Closes: #852545)
  * Init scripts: Do not kill per-domain qemu processes. (Closes: #879751)
  * debian/patches: Fix "'vwprintw' is deprecated" gcc 8 compilation error

  [ Mark Pryor ]
  * Fix shared library build dependencies for the new xentoolcore library.

  [ John Keates ]
  * Enable OVMF (Closes: #858962)

 -- Hans van Kranenburg   Sun, 08 Jul 2018 14:30:32 +0200