[ddh-sys] apt-listchanges: news for less

root root op ddh.nl
Wo Jun 12 21:22:34 CEST 2013

gnutls26 (2.6.6-1) unstable; urgency=high

  * libgnutls: Check expiration/activation time on untrusted certificates.
    Before the library did not check activation/expiration times on
    certificates, and was documented as not doing so. We have realized that
    many applications that use libgnutls, including gnutls-cli, fail to
    perform proper checks.  Implementing similar logic in all applications
    leads to code duplication.  Hence, we decided to check whether the
    current time (as reported by the time function) is within the
    activation/expiration period of certificates when verifying untrusted

    This changes the semantics of gnutls_x509_crt_list_verify, which in
    turn is used by gnutls_certificate_verify_peers and
    gnutls_certificate_verify_peers2.  We add two new
    gnutls_certificate_status_t codes for reporting the new error
    add a new gnutls_certificate_verify_flags flag,
    GNUTLS_VERIFY_DISABLE_TIME_CHECKS, that can be used to disable the new
    GNUTLS-SA-2009-3 CVE-2009-1417

 -- Andreas Metzler <ametzler op debian.org>  Thu, 30 Apr 2009 19:00:21 +0200

mysql-5.1 (5.1.61-1) stable-security; urgency=high

   Due to the non-disclosure of security patch information from Oracle,
   we are forced to ship this upstream version update of MySQL 5.1 into
   all releases that carry MySQL 5.1. There are several known incompatible
   changes, which are listed below, taken from dev.mysql.com's changelogs,
   available here: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-x.html

    Incompatible Change: Previously, if you flushed the logs using FLUSH
    LOGS or mysqladmin flush-logs and mysqld was writing the error log to
    a file (for example, if it was started with the --log-error option),
    it renamed the current log file with the suffix -old, then created a
    new empty log file. This had the problem that a second log-flushing
    operation thus caused the original error log file to be lost unless
    you saved it under a different name. For example, you could use the
    following commands to save the file:
    shell> mysqladmin flush-logs
    shell> mv host_name.err-old backup-directory
    To avoid the preceding file-loss problem, renaming no longer
    occurs. The server merely closes and reopens the log file. To rename
    the file, you can do so manually before flushing. Then flushing the
    logs reopens a new file with the original file name. For example, you
    can rename the file and create a new one using the following commands:
    shell> mv host_name.err host_name.err-old
    shell> mysqladmin flush-logs
    shell> mv host_name.err-old backup-directory
    (Bug #29751)
    References: See also Bug #56821.

    Incompatible Change: When auto_increment_increment is greater than
    one, values generated by a bulk insert that reaches the maximum
    column value could wrap around rather producing an overflow error.
    As a consequence of the fix, it is no longer possible for an
    auto-generated value to be equal to the maximum BIGINT UNSIGNED
    value. It is still possible to store that value manually, if the
    column can accept it. (Bug #39828, Bug #11749800)

    Incompatible Change: Handling of a date-related assertion was
    However, a consequence of this change is that several functions
    become more strict when passed a DATE() function value as their
    argument and reject incomplete dates with a day part of zero. These
    functions are affected: CONVERT_TZ(), DATE_ADD(), DATE_SUB(),
    WEEK(), WEEKDAY(), WEEKOFYEAR(), YEARWEEK(). Because this changes
    date-handling behavior in General Availability-status series (MySQL
    5.1 and 5.5), it was reverted in 5.1.62 and 5.5.21. The change is
    retained in MySQL 5.6.
    References: See also Bug #13458237.

 -- Clint Byrum <clint op ubuntu.com>  Thu, 01 Mar 2012 23:25:34 -0800
php5 (5.3.3-7+squeeze5) squeeze-security; urgency=high

  * The following new directives were added as part of security fixes:
    - max_input_vars - specifies how many GET/POST/COOKIE input variables
      may be accepted.  Default value is set to 1000.
    - xsl.security_prefs - define forbidden operations within XSLT
      stylesheets.  Write operations are now disabled by default.

 -- Ondřej Surý <ondrej op debian.org>  Mon, 23 Jan 2012 12:22:26 +0100

php5 (5.3.3-7+squeeze4) squeeze-security; urgency=low

  * Updated blowfish crypt() algorithm fixes the 8-bit character handling
    vulnerability (CVE-2011-2483) and adds more self-tests.  Unfortunately
    this change is incompatible with some old (wrong) generated hashes for
    passwords containing 8-bit characters.  Therefore the new salt prefix
    '$2x$' was introduced which can be used as a replacement for '$2a$'
    salt prefix in the password database in case the incompatibility is

 -- Ondřej Surý <ondrej op debian.org>  Mon, 04 Jul 2011 10:31:16 +0200

php5 (5.3.1-3) unstable; urgency=low

  * mod_php disabled in userdirs.

  The default Debian libapache2-mod-php5 package now disables the PHP
  engine on ~/public_html directories when mod_userdir is enabled, for
  security reasons.  Although discouraged, it can be re-enabled by
  commenting the <IfModule mod_userdir.c> block in

  * PHP 5.2 compatibility settings

  Given the short time to the Squeeze release freeze, the
  short_open_tag setting has been turned On again (upstream now
  defaults to Off on the php.ini files.) However, the request_order and
  auto_globals_jit settings continue to be the default from upstream
  ("GP" and On, respectively.)

 -- Raphael Geissert <geissert op debian.org>  Mon, 11 Jan 2010 16:49:28 -0600

php5 (5.2.11.dfsg.1-2) unstable; urgency=high

  * Maximum number of file uploads per request limited

  To prevent Denial of Service attacks by exhausting the number of
  available temporary file names, upstream introduced the max_file_uploads
  option in 5.3.1 and 5.2.12.

  Due to the nature of this new option a default limit has been set
  to 50, hoping it is sensible enough to not to cause disruptions on
  existing services.
  The value of this new limit can be changed in the php.ini file.

  If you installed the php5-suhosin extension there was a limiting
  mechanism in place already. In this case you may want to make sure
  the new limit imposed by PHP itself is not smaller than suhosin's.

 -- Raphael Geissert <geissert op debian.org>  Sat, 21 Nov 2009 13:37:51 -0600

spamassassin (3.3.0-2) unstable; urgency=low

   Prior to version 3.3.0, spamassassin defaulted to having the
   auto-whitelist plugin enabled.  This is no longer the case.  If you
   wish to continue using it, you will want to add 
   loadplugin Mail::SpamAssassin::Plugin::AWL
   to /etc/spamassassin/local.pre
   Additionally, note that if you have added any custom configuration
   options related to the auto-whitelist plugin (e.g.
   auto_whitelist_factory), the upgrade from to 3.3.0 from prior 
   versions may fail unless you explicitly enable the plugin.

 -- Noah Meyerhans <noahm op debian.org>  Sun, 28 Feb 2010 19:37:34 -0800

spamassassin (3.2.5-7) unstable; urgency=high

   This version of SpamAssassin fixes a bug which caused mails sent
   in 2010 to be flagged as suspiciously spammy. If upgrading to this
   version, you are recommended to update any per-user caches previously
   created by sa-compile, and to check mail already in your spam folder
   for false positives more carefully than usual.

 -- Joey Hess <joeyh op debian.org>  Fri, 01 Jan 2010 12:03:40 -0500

viewvc (1.1.5-1) unstable; urgency=medium

  * The ViewVC packages (viewvc, viewvc-query and viewcvs) have been
    reorganised rather extensively.  However, upgrading from an older
    version _should_ result in a still-working installation.

  * The Apache mod-python modules are now part of the Debian packages;
    these are installed to /usr/lib/viewvc/mod-python.  See README.Debian
    for information on how to use these modules.

  * All references to Debconf have been removed.  Previous versions of
    this package violated Debian policy (section 10.7.3): the file
    /etc/viewvc/viewvc.conf is a conffile, and maintainer scripts must NOT
    modify it at any time.  The shipped viewvc.conf file does not have any
    CVS or Subversion repositories defined.

  * The "*docroot*" path has been moved from /usr/share/viewvc to
    /usr/share/viewvc/docroot.  This new location better complies with the
    Webapps Policy, section 3.1.

 -- John Zaitseff <J.Zaitseff op zap.org.au>  Thu, 01 Apr 2010 13:08:05 +1100
apt (0.7.26~exp3) experimental; urgency=low

  * apt-ftparchive now reads the standard configuration files in
    /etc/apt/apt.conf and /etc/apt/apt.conf.d.

 -- Julian Andres Klode <jak op debian.org>  Fri, 26 Mar 2010 15:34:16 +0100

apt (0.7.24) unstable; urgency=low

  * Already included in the last version but now with better documentation
    is the possibility to add/prefer different compression types while
    downloading archive information, which can decrease the time needed for
    update on slow machines. See apt.conf (5) manpage for details.
  * APT manages his manpage translations now with po4a, thanks to Nicolas
    Franšois and Kurasawa Nozomu, who also provide the ja translation.
    Thanks to Christian Perrier we have already a fr translation and
    a few more are hopefully added in the near future.
  * This version also introduces some _experimental_ configuration options
    to make more aggressive use of dpkg's triggers. If you want to help
    testing these _experimental_ options see apt.conf (5) manpage.

 -- David Kalnischkies <kalnischkies op gmail.com>  Thu, 24 Sep 2009 15:13:16 +0200

apt (0.7.23) unstable; urgency=low

  * Code that determines which proxy to use was changed. Now
    'Acquire::{http,ftp}::Proxy[::<host>]' options have the highest priority,
    and '{http,ftp}_proxy' environment variables are used only if options
    mentioned above are not specified.

 -- Eugene V. Lyubimkin <jackyf.devel op gmail.com>  Thu, 19 Aug 2009 11:26:16 +0200

aptitude ( unstable; urgency=low

  Summary: the behavior of "full-upgrade"/"dist-upgrade" has changed
  in a way that could break scripts.  See below for details.

  This version changes the behavior of the full-upgrade/dist-upgrade
  command when additional arguments are present.  Previous versions of
  aptitude used the command-line arguments to extend the default upgrade
  set, so that

    # aptitude full-upgrade wesnoth

  would install "wesnoth" while attempting to upgrade all other
  upgradable packages.

  In version, aptitude now uses the list of packages as the
  explicit list of upgrades to perform.  Thus, the same command

    # aptitude full-upgrade wesnoth

  will upgrade wesnoth and not perform any other actions.  If wesnoth
  isn't installed, nothing will happen.  To get the old behavior, add
  "?upgradable" as the first argument following "full-upgrade" and add
  "+" to the end of each package that had no qualifiers:

    # aptitude full-upgrade "?upgradable" wesnoth+

 -- Daniel Burrows <dburrows op debian.org>  Sun, 17 Jan 2010 22:27:30 -0800
arno-iptables-firewall (1.9.2.a-1) unstable; urgency=low

  * With this release the syntax of the config file is slightly changed. From
    now on the '#' (hash-character) is used as the new separator for interface
    restrictions (i.e. eth0#....).

 -- Michael Hanke <michael.hanke op gmail.com>  Tue, 09 Jun 2009 10:12:23 +0200

arno-iptables-firewall (1.9.0.a-1) unstable; urgency=low

  * The syntax and layout of the configuration file has been changed. Several
    variable names have been modified, but the most notable difference is the
    switch from ':' to '~' as port separator string. Although most
    installations that exclusively use the debconf-managed configuration
    settings should also work with this version, it is nevertheless recommend
    to verify the firewall setup before reenabling the firewall after
    upgrading. more information is available in
  * The 1.9 branch now uses a leightweight init.d script without a verbose
    status dump during startup. The 'old' status report is available when
    manually starting the firewall using /usr/sbin/arno-iptables-firewall.
    Additionally, this script, as well as the init.d scripti, provides a details
    iptables configuration dump via the 'status' command.
  * A default rsyslog configuration (and corresponding logrotate setup) for
    firewall-related messages is has been added. Such messages will now be
    logged into /var/log/arno-iptables-firewall.

 -- Michael Hanke <michael.hanke op gmail.com>  Fri, 20 Feb 2009 07:31:15 +0100

ca-certificates (20090708) unstable; urgency=low

  * Removed CA files:
    - cacert.org/root.crt and cacert.org/class3.crt:
      Both certificate files were deprecated with 20080809.  Users of these
      root certificates are encouraged to switch to
      `cacert.org/cacert.org.crt' which contains both class 1 and class 3
      roots joined in a single file.
    - quovadis.bm/QuoVadis_Root_Certification_Authority.crt:
      This certificate has been added into the Mozilla truststore and
      is available as `mozilla/QuoVadis_Root_CA.crt'.

 -- Philipp Kern <pkern op debian.org>  Wed, 08 Jul 2009 23:19:56 +0200

ca-certificates (20090701) unstable; urgency=low

  * Readded Equifax Secure Global eBusiness CA.

 -- Philipp Kern <pkern op debian.org>  Wed, 01 Jul 2009 14:47:02 +0200

ca-certificates (20090624) unstable; urgency=low

  * This update eases the installation of local certification authorities
    by providing a canonical location in `/usr/local/share/ca-certificates'.
    All certificates found in this directory will automatically be included
    into the list of trusted certificates.  For details please see
  * New CA certificates:
    - COMODO ECC Certification Authority
    - DigiNotar Root CA
    - Network Solutions Certificate Authority
    - WellsSecure Public Root Certificate Authority
  * Removed CA certificates:
    - Equifax Secure Global eBusiness CA
    - UTN USERFirst Object Root CA

 -- Philipp Kern <pkern op debian.org>  Wed, 24 Jun 2009 21:04:45 +0200

cron (3.0pl1-110) unstable; urgency=low

    In the past, long-running jobs caused certain MTAs to time out,
    resulting in no output being sent. Justin Pryzby's patch to fix this
    has been included.

    crontab(1) now refuses any crontabs missing a newline before EOF.

    cron(8) now recovers from broken symlinks in /etc/cron.d. This fix
    may cause power management issues (disk spin-ups), feedback welcome.

 -- Christian Kastner <debian op kvr.at>  Thu, 29 Apr 2010 13:25:09 +0200

glibc (2.9-8) unstable; urgency=low

  Starting with version 2.9-8, unified IPv4/IPv6 lookup have been enabled
  in the glibc's resolver. This is faster, fixes numerous of bugs, but is
  problematic on some broken DNS servers and/or wrongly configured 
  If such a DNS server is detected, the resolver switches (permanently
  for that process) to a mode where the second request is sent only when
  the first answer has been received. This means the first request will
  be timeout, but subsequent requests should be fast again. This 
  behaviour can be enabled permanently by adding 'options single-request'
  to /etc/resolv.conf.  

 -- Aurelien Jarno <aurel32 op debian.org>  Thu, 23 Apr 2009 21:14:32 +0200

grub2 (1.96+20090609-1) experimental; urgency=low

  Before this version, grub-efi was 32bit on i386 and 64bit on amd64.
  However, EFI can be 32bit even if you have a 64bit CPU, like in the
  first MacBook models with Core 2 Duo released in late 2006.  Thus,
  grub-efi has been split into grub-efi-amd64 and grub-efi-ia32 which are
  available on both amd64 and i386.
  If you've experienced problems trying to load grub.efi, please try
  again using the package that doesn't match your CPU's architecture.

 -- Felix Zielcke <fzielcke op z-51.de>  Tue, 09 Jun 2009 19:21:15 +0200

initramfs-tools (0.94) unstable; urgency=low

    To improve boot speed and avoid some complications, video drivers are
    no longer included in the initramfs by default (MODULES=most).

 -- maximilian attems <maks op debian.org>  Mon, 05 Apr 2010 08:10:34 +0200

krb5 (1.8+dfsg~alpha1-1) unstable; urgency=low

  This version of MIT Kerberos disables DES and 56-bit RC4 by default.
  These encryption types are generally regarded as weak; defeating them
  is well within the expected resources of some attackers.  However,
  some applications, such as OpenAFS or Kerberized NFS, still rely on
  DES.  To re-enable DES support add allow_weak_crypto=true to the
  libdefaults section of /etc/krb5.conf

 -- Sam Hartman <hartmans op debian.org>  Fri, 08 Jan 2010 22:41:14 -0500

krb5 (1.6.dfsg.4~beta1-7) unstable; urgency=low

  * In response to MIT's 2006 announcement that Kerberos 4 is at end of
    life and no longer under development, this version of the krb5 package
    removes most support for krb4.  In particular, krb4 headers are no
    longer included; applications with krb4 support cannot be built using
    libkrb5-dev.  In addition, krb4 support has been removed from the KDC
    and user utilities.  If you do not use Kerberos 4 and do not have
    krb4-config installed, you should notice no changes.  However, if you
    do use Kerberos 4, you must transition away from Kerberos 4 before
    upgrading to this version. 
  * Downgrading from this version to a previous version can  be
    difficult because of library name changes.  Please follow these
      - Get the libkrb53 and libkadm55 debs you want to downgrade to
      -dpkg --force-depends --remove  libkrb5-3 libkrb5support0 libdes425-3
        libgssapi-krb5-2 libgssrpc4 libkadm5clnt5 libkadm5srv5 libkdb5-4
      -  At this point your system has broken Kerberos libraries
      - dpkg -i libkrb53*deb libkadm55*deb (using the debs you got above)
      - aptitude -f install to fix any other packages that may be broken
 -- Sam Hartman <hartmans op debian.org>  Thu, 26 Feb 2009 21:12:41 -0500

linux-latest-2.6 (26) unstable; urgency=low

  * The old IDE (PATA) drivers are no longer developed.  Most PATA
    controllers can be handled by new drivers using 'libata', which is
    already used for SATA controllers.  The new kernel package, which
    this package depends on, enables all the new drivers that are
    considered stable and disables the old drivers that they replace.

    While the old drivers presented device names beginning with 'hd',
    libata makes PATA drives appear as SCSI devices and presents device
    names beginning with 'sd' (hard drive), 'sr' (optical) or 'st' (tape).
    In a system that already has other SCSI or SCSI-like devices, names
    may change unpredictably.

    During the upgrade from earlier versions, you will be prompted to
    update configuration files which refer to device names that may
    change.  You can choose to do this yourself or to follow an automatic
    upgrade process.  Unfortunately the automatic upgrade process does not
    cover tape drives.  All changed configuration files are backed up with
    a suffix of '.old' (or '^old' in one case).

    The automatic upgrade code does not support the configuration files
    of many of the boot loaders used on non-PC architectures, so you may
    be prompted to make changes manually.

 -- Ben Hutchings <ben op decadent.org.uk>  Tue, 04 May 2010 02:10:04 +0100
lm-sensors-3 (1:3.1.1-2) unstable; urgency=low

  Starting with libsensors4 version 3.1.0, it is now recommended to not
  modify /etc/sensors3.conf, but to drop a file in /etc/sensors.d/
  instead. Files with names that start with a dot are ignored.

 -- Aurelien Jarno <aurel32 op debian.org>  Wed, 01 Jul 2009 21:40:52 +0000

lm-sensors-3 (1:3.0.2-2) unstable; urgency=low

  Starting with libsensors4, the syntax for the configuration file has
  - /etc/sensors.conf is used by libsensors3 ;
  - /etc/sensors3.conf is used by libsensors4.

  You may want to generate /etc/sensors3.conf from /etc/sensors.conf using
 -- Aurelien Jarno <aurel32 op debian.org>  Thu, 04 Sep 2008 12:28:53 +0200

localepurge (0.6.0) unstable; urgency=low

    Thanks to a convenient rewrite of the actual localepurge script by
    Francesco Potorti, now also all unneeded Gnome/KDE related localization 
    files are considered for removals. 
    On a fresh install of a new standard Debian system this can actually 
    free up almost half a GB's worth of disk space. :-)

 -- Paul Seelig <pseelig op debian.org>  Sat, 25 Jul 2009 20:23:51 +0200
munin-node (1.4.0-1) unstable; urgency=low

    munin-node-configure-snmp command is no longer available, use 
    munin-node-configure --snmp to configure snmp hosts.

    If upgrading from 1.2.6, please review the 
    /usr/share/doc/munin/UPGRADING file as there is an issue with truncated
    field names in plugins (especially with the df plugin), resulting
    in loss of history, which can be fixed manually.

 -- Tom Feiner <feiner.tom op gmail.com>  Fri, 04 Dec 2009 18:29:16 +0200

mutt (1.5.20-6) unstable; urgency=low
  The behavior of the write_bcc option has changed, now write_bcc is only
  used to decide if an Fcc message should have its Bcc header written;
  if the message is sent outside using SMTP the Bcc header will never be
  written, see the description of debian-specific/467432-write_bcc.patch
  for details

 -- Antonio Radici <antonio op dyne.org>  Tue, 19 Jan 2010 21:57:48 +0000

mutt (1.5.20-1) unstable; urgency=low

  As result of http://bugs.mutt.org/3097 getopt() is now used in a way that
  behaves consistently on all POSIX systems, unfortunately this has broken
  the way attachments are added from the command line.
  Now "--" is mandatory *before* any address if a file is attached from CLI,
  the mutt manpage correctly documents this behavior.

 -- Antonio Radici <antonio op dyne.org>  Sun, 14 Jun 2009 20:53:18 +0100

openssh (1:5.4p1-2) unstable; urgency=low

  Smartcard support is now available using PKCS#11 tokens.  If you were
  previously using an unofficial build of Debian's OpenSSH package with
  OpenSC-based smartcard support added, then note that commands like
  'ssh-add -s 0' will no longer work; you need to use 'ssh-add -s
  /usr/lib/opensc-pkcs11.so' instead.

 -- Colin Watson <cjwatson op debian.org>  Sat, 10 Apr 2010 01:08:59 +0100

pam (1.1.0-3) unstable; urgency=low

  * pam_rhosts_auth module obsolete, symlink removed

    The pam_rhosts_auth module was dropped upstream prior to the lenny
    release and a compatibility symlink provided in the libpam-modules
    package, pointing at the new (and not 100% compatible) pam_rhosts
    module.  This symlink has now been dropped.  If you still have
    references to pam_rhosts_auth in your /etc/pam.d/* config files, you
    will need to fix these, since they no longer work.

    For information on using pam_rhosts, see the pam_rhosts(8) manpage.

 -- Steve Langasek <vorlon op debian.org>  Wed, 02 Sep 2009 16:17:16 -0700

pam (1.1.0-1) unstable; urgency=low

  * pam_cracklib no longer checks for reuse of old passwords

    The pam_cracklib module no longer checks /etc/security/opasswd to see
    if the proposed password is one that was previously used.  This
    functionality has been split out into a new module, pam_pwhistory.

    The pam_unix module still does its own check of /etc/security/opasswd,
    so if you are using this module you should not need to change anything.

  * Change in handling of /etc/shadow fields

    The Debian PAM package included a patch to treat a value of 0 in certain
    fields in /etc/shadow as the same as an empty field.  This patch has
    been dropped, since it caused the behavior of pam_unix to differ from
    both that of PAM upstream and that of the shadow package.

    The main consequences of this change are that:

    - a "0" in the sp_expire field will be treated as a date of Jan 1, 1970
      instead of a "never expires" value, so users with this set will be
      unable to log in

    - a "0" in the sp_inact field will indicate that the user should not be
      allowed to change an expired password at all, instead of being allowed
      to change an expired at any time after the expiry.

    See Debian bug #308229 for more information about this change.

 -- Steve Langasek <vorlon op debian.org>  Tue, 25 Aug 2009 00:13:57 -0700

patch (2.6-1) unstable; urgency=low

  The patch versions shipped in Debian Etch and Lenny (2.5.9-4 and 2.5.9-5)
  contained two patches that would create reject files in unified format, and
  collect all rejects in a single, "global" reject file. These patches are now
  part of patch 2.6.

  However, the arguments have been renamed:

   * -U or --unified-reject-files  is now  --reject-format=format.
     Additionally, reject files will automatically be in unified format if the
     input patch is in that format.

   * --global-reject-file=file  is now a synonym for  --reject-file=file (-r)
     which has been fixed not to overwrite reject hunks from different files.

  The old syntax is still supported, but will be removed for the Debian
  release following Squeeze.

 -- Christoph Berg <myon op debian.org>  Mon, 30 Nov 2009 14:01:54 +0100
phpmyadmin (4: unstable; urgency=low

  phpMyAdmin setup script now does not allow to write configuration by
  default. See README.Debian for information how to enable writing

 -- Michal Čihař <nijel op debian.org>  Wed, 14 Oct 2009 10:32:31 +0200

phpmyadmin (4:3.0.0-1) unstable; urgency=low

  phpMyAdmin now uses dbconfig-common for configuring control user and
  phpmyadmin auxiliary databases. If you have used custom configuration, you
  might need to merge it with the one shipped in package or at least use
  generated password from /etc/phpmyadmin/config-db.php.

 -- Michal Čihař <nijel op debian.org>  Sun, 07 Sep 2008 23:33:13 +0200
proftpd-dfsg (1.3.2e-1) unstable; urgency=low

    A new contributed module mod_vroot has been added to the provided modules pool.
    Note that it is *still* experimental, so use it at your own risk.

 -- Francesco Paolo Lovergine <frankie op debian.org>  Mon Apr 19 13:13:45 CEST 2010
proftpd-dfsg (1.3.2a-1) unstable; urgency=low

    The traditional monthly cron job to collect statistics has been removed
    and ftpstats is now run at logrotate execution as a post rotation job. 
    You can safely remove the /etc/cron.monthly/proftpd{-basic}.disabled
    script(s) after upgrading and customize the /etc/logrotate.d/proftpd-basic 
    instead as you prefer. Note that until release 1.3.2-1 the log rotation was
    also performed without using logrotate, and it has been introduced to be
    more homogeneous with other services.

 -- Francesco Paolo Lovergine <frankie op debian.org>  Fri, 17 Jul 2009 13:21:01 +0200

proftpd-dfsg (1.3.2-1) unstable; urgency=low

    Starting from 1.3.2 ProFTPD supports external DSO modules development.
    External modules can be built using proftpd-dev package and its utilities
    and files, prxs and pkg-config specifically. If you'd like some contributed 
    modules were distributed, but they are not distributed with the main 
    package, feel free to ask with a RFP and I will evaluate if the module is 
    in shape and potentially useful for that.

 -- Francesco Paolo Lovergine <frankie op debian.org>  Sun, 17 Feb 2009 11:19:44 +0100

udev (0.140-1) unstable; urgency=low

  Starting from this release the last applicable NAME directive will be
  used instead of the first one: check any custom udev rules.
  The default rules files have been moved to /lib/udev/rules.d/ and
  /etc/udev/rules.d/ is supposed to contain only generated files or
  custom directives.

 -- Marco d'Itri <md op linux.it>  Wed, 18 Mar 2009 02:34:13 +0100
uw-imap (8:2007b~dfsg-2) unstable; urgency=low

  * Maildir support dropped!  Patch earlier applied was not freely
    licensed and its author has explicitly requested its removal.
    No alternative reliable Maildir patch is known to exist currently.

 -- Jonas Smedegaard <dr op jones.dk>  Tue, 11 Oct 2005 23:09:28 +0200

vim (2:7.2c.000-1) experimental; urgency=low

  The autoindent option is no longer enabled by default because:
  - 'autoindent' is rather na´ve and turning on filetype-specific indentation
    (via "filetype indent on") is usually a better choice.
  - not having any automatic indenting enabled by default prevents new users
    from encountering the bad indentation issue when pasting text.

  Filetype plugins are no longer enabled by default because certain actions
  (like preventing the loading of the default menus) *must* occur before
  filetype detection is enabled.  By enabling filetype plugins (and detection)
  in debian.vim, we are preventing the user from being able to make changes to
  Vim's behavior.  Filetype plugins can be re-enabled via
  "filetype plugin on".

 -- James Vega <jamessan op debian.org>  Thu, 07 Aug 2008 12:25:39 -0400

Meer informatie over de ddh-sys maillijst