[ddh-sys] apt-listchanges: changelogs for less

root root op ddh.nl
Wo Jun 12 21:22:33 CEST 2013


krb5 (1.8.3+dfsg-4squeeze7) oldstable-security; urgency=medium

  * Fix "cve-2002-2443: kpasswd udp ping-pong"  (Closes: #708267)

 -- Sam Hartman <hartmans op debian.org>  Wed, 22 May 2013 07:33:24 -0400

krb5 (1.8.3+dfsg-4squeeze6) stable-security; urgency=high

  * MITKRB5-SA-2012-001 CVE-2012-1015: KDC frees uninitialized pointer

 -- Sam Hartman <hartmans op debian.org>  Tue, 31 Jul 2012 07:24:39 -0400

krb5 (1.8.3+dfsg-4squeeze5) squeeze-security; urgency=high

  *     CVE-2011-1529: null pointer dereference in KDC LDAP back end,
    Closes: #629558
  *     CVE-2011-1528: assertion failure in multiple KDC back ends
    regarding account lockout

 -- Sam Hartman <hartmans op debian.org>  Wed, 19 Oct 2011 11:55:43 -0400

krb5 (1.8.3+dfsg-4squeeze2) stable; urgency=low

  * Upstream ticket 6852: permit gss_set_allowable_enctypes to restirct
    acceptor enctypes. Required in order to permit newer than squeeze
    clients to talk to a squeeze nfs server without degrading security
    for non-nfs applications on the box, Closes: #622146

 -- Sam Hartman <hartmans op debian.org>  Tue, 09 Aug 2011 10:53:59 -0400

krb5 (1.8.3+dfsg-4squeeze1) stable; urgency=low

  * Fix double free with pkinit on KDC, CVE-2011-0284, Closes: #618517
  * Updated Danish debconf translations, thanks  Joe Dalton, Closes:
    #584282
  * KDC/LDAP DOS    (CVE-2010-4022, CVE-2011-0281, and CVE-2011-0282,
    Closes: #613487
  * Fix delegation of credentials against Windows servers; significant
    interoperability issue, Closes: #611906
  * Set nt-srv-inst on TGS names to work against W2K8R2 KDCs, Closes:
    #616429
  * Don't fail authentication when PAC verification fails; support hmac-
    md5 checksums even for non-RC4 keys, Closes: #616728
  * Port fix to upstream ticket 6899: fix invalid free in kadmind change
    password case, Closes: #622681

 -- Sam Hartman <hartmans op debian.org>  Thu, 02 Jun 2011 13:14:03 -0400

krb5 (1.8.3+dfsg-4) unstable; urgency=medium

  * Ignore PACs without a server signature generated by OS X Open
    Directory rather than failing authentication, Closes: #604925

 -- Sam Hartman <hartmans op debian.org>  Tue, 14 Dec 2010 11:53:26 -0500

krb5 (1.8.3+dfsg-3) unstable; urgency=emergency

  * MITKRB5-SA-2010-007
        * CVE-2010-1324: An unauthenticated attacker can inject arbitrary
        content into an existing GSS connection that appears to be integrity
        protected from the legitimate peer under some circumstances
      * GSS applications may accept a PAC produced by an attacker as if it
        were signed by a KDC
      * CVE-2010-1323: attackers have a 1/256 chance of being able to
        produce krb_safe messages that appear to be from legitimate remote
        sources. Other than use in KDC database copies this may not be a
        huge issue only because no one actually uses krb_safe
        messages. Similarly, an attacker can force clients to display
        challenge/response values of the attacker's choice.
      * CVE-2010-4020: An attacker may be able to generate what is
        accepted as a ad-signedpath or ad-kdc-issued checksum with 1/256
        probability
  * New   Vietnamese debconf translations, Thanks Clytie Siddall,
    Closes: #601533
  * Update standards version to 3.9.1 (no changes required

 -- Sam Hartman <hartmans op debian.org>  Sat, 20 Nov 2010 14:50:54 -0500

krb5 (1.8.3+dfsg-2) unstable; urgency=high

  * MITKRB5-SA-2010-006 [CVE-2010-1322]: null pointer dereference in
    kdc_authdata.c leading to KDC crash, Closes: #599237
  * Fix two memory leaks in krb5_get_init_creds path; one of these memory
    leaks is quite common for any application such as PAM or kinit that
    gets initial credentials, thanks Bastian Blank, Closes: #598032
  * Install doc/CHANGES only in krb5-doc, not in all packages, saves
    several megabytes on most Debian systems, Closes: #599562

 -- Sam Hartman <hartmans op debian.org>  Wed, 13 Oct 2010 10:41:19 -0400

krb5 (1.8.3+dfsg-1) unstable; urgency=low

  * New Upstream release; only change is version bump from beta1 to final 
  * Bring back a libkrb53 oldlibs package. Note that this is technically a
    policy violation because it doesn't provide libdes425.so.3 or
    libkrb4.so.2 and thus provides a different ABI. However, some
    packages, such as postgres8.4 require the lenny version to be present
    for the squeeze transition, so we cannot force the removal of
    libkrb53's reverse dependencies. We can conflict or break with lenny
    packages that will not work with this libkrb53, but we may break
    out-of-archive packages without notice. Absent someone coming up with
    a patch to the modern libk5crypto-3 that allows it to work with the
    lenny libkrb53 (a weekend's worth of work proved this would be quite
    difficult), this is the best solution we've come up with, Closes: #596678

 -- Sam Hartman <hartmans op debian.org>  Sun, 19 Sep 2010 14:59:46 -0400

krb5 (1.8.3+dfsg~beta1-2) unstable; urgency=low

  * Remove documentation that has moved to the krb5-appl package and is
    not shipped upstream from Debian diff

 -- Sam Hartman <hartmans op debian.org>  Tue, 10 Aug 2010 15:33:15 -0400

krb5 (1.8.3+dfsg~beta1-1) unstable; urgency=low

  * New Upstream version
  * Add breaks with libkrb53 because libdes425 cannot work with new
    libk5crypto3 (Closes: #557929)
  * You want this version: it fixes an incompatibility with how PACs are
    verified with Windows 2008
  * As a result of libkrb53 breaks, we no longer get into problems with
    krb5int_hmac, Closes: #566988 
  * Note that libkdb5-4 breaks rather than conflicts libkadm5srv6, Closes:
    #565429
  * Start kdc  before x display managers, Closes: #588536

 -- Sam Hartman <hartmans op debian.org>  Thu, 05 Aug 2010 12:15:50 -0400

krb5 (1.8.1+dfsg-5) unstable; urgency=low

  * Ignore duplicate token sent in mechListMIC from Windows 2000 SPNEGO
    (LP: #551901)
  * krb5-admin-server starts after krb5-kdc, Closes: #583494

 -- Sam Hartman <hartmans op debian.org>  Wed, 04 Aug 2010 16:10:02 -0400

krb5 (1.8.1+dfsg-4) unstable; urgency=low

  * fix prerm script (Closes: #577389), thanks Harald Dunkel


 -- Sam Hartman <hartmans op debian.org>  Thu, 20 May 2010 12:33:43 -0400

krb5 (1.8.1+dfsg-3) unstable; urgency=high

  * CVE-2010-1321 GSS-API accept sec context null pointer deref, Closes:
    #582261
  * Force use of bash for build, Closes: #581473
  * Start slapd before krb5 when krb5-kdc-ldap installed, Closes:
    #582122


 -- Sam Hartman <hartmans op debian.org>  Wed, 19 May 2010 16:37:36 -0400

krb5 (1.8.1+dfsg-2) unstable; urgency=high

  * Fix crash in renewal and validation, Thanks Joel Johnson for such a
    prompt bug report, Closes: #577490

 -- Sam Hartman <hartmans op debian.org>  Mon, 12 Apr 2010 13:08:35 -0400

krb5 (1.8.1+dfsg-1) unstable; urgency=high

  * New upstream release
  * Fixes significant ABI incompatibility between Heimdal and MIT in the
    init_creds_step API; backward incompatible change in the meaning of
    the flags API.  Since this was introduced in 1.8 and since no better
    solution was found, it's felt that getting 1.8.1 out everywhere that
    had 1.8 very promptly is the right approach.  Otherwise software build
    against 1.8 will be broken in the future.
  * Testing of Kerberos 1.8 showed an incompatibility between Heimdal/MIT
    Kerberos and Microsoft Kerberos; resolve this incompatibility.  As a
    result, mixing KDCs between 1.8 and 1.8.1 in the same realm may
    produce undesirable results for constrained delegation.  Again,
    another reason to replace 1.8 with 1.8.1 as soon as possible.
  * Acknowledge security team upload, thanks for picking up the slack and
    sorry it was necessary

 -- Sam Hartman <hartmans op debian.org>  Sun, 11 Apr 2010 10:12:59 -0400

krb5 (1.8+dfsg-1.1) unstable; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fixed CVE-2010-0628: denial of service (assertion failure and daemon crash)
    via an invalid packet that triggers incorrect preparation of an error
    token. (Closes: 575740)
  * Makes src/slave/kpropd.c ISO C90 compliant (Closes: #574703)

 -- Giuseppe Iuculano <iuculano op debian.org>  Fri, 09 Apr 2010 19:11:50 +0200

krb5 (1.8+dfsg-1) unstable; urgency=low

  * New upstream version
  * Include new upstream notice file in docs
  * Update symbols files
  * Include upstream ticket 6676: fix handling of cross-realm tickets
    issued by W2K8R2
  * Add ipv6 support to kprop,  Michael Stapelberg, Closes: #549476
  * New Brazilian Portuguese translations, Thanks Eder L. Marques,
    Closes: #574149

 -- Sam Hartman <hartmans op debian.org>  Wed, 17 Mar 2010 15:51:54 -0400

krb5 (1.8+dfsg~alpha1-7) unstable; urgency=high

  * MITKRB5-SA-2010-001: Avoid an assertion failure leading to a denial of
    service in the KDC by doing better input validation.  (CVE-2010-0283)
  * Update standards version to 3.8.4 (no changes required).

 -- Russ Allbery <rra op debian.org>  Tue, 16 Feb 2010 12:20:51 -0800

krb5 (1.8+dfsg~alpha1-6) unstable; urgency=medium

  * Import upstream fixes including:
     - A non-conformance with RFC 4120 that causes  enc_padata to be
    included when the client may not support it
      - Weak crypto acts as a filter and does not reject if DES is
    included in krb5.conf, fixes Samba net ads join, Closes: #566977
    * Medium urgency because of the samba bug fix.  If the samba maintainers
    request the release team to bump to high I'd support that.
  * Update libkdb5 symbols for new upstream internal interface

 -- Sam Hartman <hartmans op debian.org>  Fri, 12 Feb 2010 12:24:26 -0500

krb5 (1.8+dfsg~alpha1-5) unstable; urgency=high

  [ Sam Hartman ]
  * New API to allow an application to enable weak crypto
  * Rename libkadm5clnt and libkadm5srv to libkadm5clnt_mit and
    libkadm5srv_mit in order to avoid conflicts with Heimdal packages.
    Sorry for the second trip through new, but we needed to coordinate
    with upstream  on the ABI issues involved with this change.
  * Medium urgency in order to get a fix for openafs-krb5 weak crypto into
    testing sooner
  * Include fix for pam-krb5 segfault with wrong password; bump urgency to
    high.

  [ Russ Allbery ]
  * Change libkrb5-dbg to only depend on libkrb5-3, libk5crypto3, or
    libkrb5support0.  All of the other packages for which it provides
    debugging symbols also depend on one of those packages and always
    will, so listing the disjunction of every library package is
    overkill.  Remove from the Depends several obsolete library packages
    no longer included.
  * Drop obsolete Replaces for libkadm5srv-mit7 and libkadm5clnt-mit7.
  * Wrap krb5-multidev dependencies and description and shorten the short
    description.
  * Reformat NEWS.Debian to avoid using a bulleted list per devref.

  [ Sam Hartman ]
  * Link libkadm5{clnt,srv}.so specially so that the links work without
    libkrb5-dev installed

 -- Sam Hartman <hartmans op debian.org>  Fri, 22 Jan 2010 23:35:09 -0500

krb5 (1.8+dfsg~alpha1-4) unstable; urgency=high

  * Add replaces to deal with moving files from krb5-multidev to
    libkrb5-dev, Closes: #565217 
  * This is definitely the getting all the conflicts combinations right is
    tricky series of releases.  Sorry about the wasted cycles.

 -- Sam Hartman <hartmans op debian.org>  Wed, 13 Jan 2010 19:00:37 -0500

krb5 (1.8+dfsg~alpha1-3) unstable; urgency=high

  * Move files to avoid overlap between heimdal-dev and krb5-multidev,
    Closes: #565132 

 -- Sam Hartman <hartmans op debian.org>  Wed, 13 Jan 2010 04:18:32 -0500

krb5 (1.8+dfsg~alpha1-2) unstable; urgency=high

  * While Kerberos 1.8 is not vulnerable to CVE-2009-4212 (the vulnerable
    code was removed during the 1.8 release process for code
    simplification and code size reasons), this is urgency high to get a
    version of Kerberos that fixes that integer underflow in the AES and
    RC4 code  into testing.
  * For now,  heimdal and MIT shared libraries for kadm5 will conflict;
    discussions of how to fix this are ongoing upstream, Closes: #564666
  * New translations; sorry about missing them in the last upload
      - Vietnamese,  Thanks Clytie Siddall, Closes: #548204
      - Basque, Thanks Piarres Beobide, Closes: #534284
  * Update standards version (no changes required)
  * Pull upstream changes made since alpha1 into the package.  In
    particular this includes a fix to a bug where unkeyed checksums are
    accepted by the FAST KDC backend.  That bug was introduced between 1.7
    and 1.8 alpha1 so is only present in prior Debian packages of 1.8. See
    upstream tickets 6632 and 6633.

 -- Sam Hartman <hartmans op debian.org>  Tue, 12 Jan 2010 19:26:09 -0500

krb5 (1.8+dfsg~alpha1-1) unstable; urgency=low

  * Include symlinks in libkrb5-dev too
  * New upstream release
  * Fix .so symlinks in krb5-multidev

 -- Sam Hartman <hartmans op debian.org>  Fri, 08 Jan 2010 22:41:23 -0500

krb5 (1.8+dfsg~aa+r23527-1) experimental; urgency=low

  * MIT krb5 trunk prior to 1.8 branch
  * Remove krb5-telnet, krb5-ftpd, krb5-clients, krb5-rsh-server, no
    longer provided upstream.  These are provided now in a separate source
    distribution. 
  * Bring back functions needed by Samba, Closes: #531635
  * I know that the symbols revisions are generating lintian warnings;
    that will be cleaned up when upstream actually makes an alpha release 
  * Implement krb5-multidev similar to heimdal-multidev so that packages
    can be built against both MIT Kerberos and Heimdal 

 -- Sam Hartman <hartmans op debian.org>  Sun, 03 Jan 2010 17:54:04 -0500

krb5 (1.7+dfsg-4) unstable; urgency=high


  * cve-2009-3295, MIT-KRB5-SA-2009-003: KDC crash when failing to find
    the realm of a host., Thanks 2Jakob Haufe for the report to Debian

 -- Sam Hartman <hartmans op debian.org>  Mon, 28 Dec 2009 10:42:32 -0500

krb5 (1.7+dfsg-3) unstable; urgency=low

  * Fix typo in control file
  * Exclude usr/lib/krb5/plugins from  dh_makeshlibs call to deal with
    behavior change in dh_makeshlibs, Closes: #558719

 -- Sam Hartman <hartmans op debian.org>  Sun, 29 Nov 2009 23:24:01 -0500

krb5 (1.7+dfsg-2) unstable; urgency=low

  * Only picked up part of the upstream fix to #557979; upstream fully
    reverted to 1.6. 

 -- Sam Hartman <hartmans op debian.org>  Sun, 29 Nov 2009 19:34:44 -0500

krb5 (1.7+dfsg-1) unstable; urgency=low

  * New upstream version, Closes: #554225
  * Several fixes applied after the 1.7 release:
      - 6506: correctly handle keytab vs stash file
    - 6508: kadmind ACL parsing could reference uninitialized memory
    - 6509: kadmind can reference null pointer on ACL error
    - 6511: uninitialized memory passed to krb5_free_error in change
    password client path
    - 6514: none replay cache memory leak
    - 6515: profile library mutex performance improvements
    - 6541: memory leak in PAC verify code
    - 6542: Check for null characters in pkinit certs
    - 6543: login vs user order in ftpd sometimes wrong
    - 6551: Memory leak in spnego accept_sec_context error path
  * libkrb5-dev depends on libkadm5clnt6 (LP: #472080)
  *  Avoid locking out accounts on PREAUTH_FAILED, Closes: #557979, (LP:
    #489418)

 -- Sam Hartman <hartmans op debian.org>  Sun, 29 Nov 2009 17:29:26 -0500

krb5 (1.7dfsg~beta3-2) UNRELEASED; urgency=low

  * Update to policy 3.8.2 (no changes)

 -- Sam Hartman <hartmans op debian.org>  Sat, 20 Jun 2009 06:32:22 -0400

krb5 (1.7dfsg~beta3-1) unstable; urgency=low

  * New upstream release
  * Revert relaxation of Debian symbol versions introduced in
    1.7dfsg~beta1-3 
  * Fix kproplog's manpage (LP: #374819)

 -- Sam Hartman <hartmans op debian.org>  Wed, 27 May 2009 21:15:41 -0400

krb5 (1.7dfsg~beta2-4) unstable; urgency=low

  * Upstream fixes to RT #6490, Closes: #528729
      - Use MS  usage 9 not 8 for tgs-rep encrypted in subkey
      - Do not use keyed checksum with RC4; WS2003  expects it to be
    encrypted in the subsession key, everyone else expects the session
    key.  Note that a keyed checksum for RC4 would work against WS2008.
  * Patch from Marc Dequ?nes (Duck)   for HURD portability, Closes:
    #528828 

 -- Sam Hartman <hartmans op debian.org>  Wed, 20 May 2009 08:57:53 -0400

krb5 (1.7dfsg~beta2-3) unstable; urgency=low

  * Use correct enctype identifier in lucid security context export,
    Closes: #528514 

 -- Sam Hartman <hartmans op debian.org>  Mon, 18 May 2009 14:59:46 -0400

krb5 (1.7dfsg~beta2-2) unstable; urgency=low

  * Apply upstream patch from ticket 6488  intended to fix
    gss_krb5_export_lucid_sec_context and thus NFS; hopefully fixes
    #528514 
  *  Apply patch from ticket 6489 to fix UCS2 handling in RC4 string to
    key and PAC routines

 -- Sam Hartman <hartmans op debian.org>  Thu, 14 May 2009 16:21:48 -0400

krb5 (1.7dfsg~beta2-1) unstable; urgency=low

  * New Upstream release including FAST support for DES and 3DES.
  * Remove non-free content accidentally reintroduced in beta1, Closes: #528555
  * Add strict dependency from libgssapi-krb5-2 to libkrb5-3 as discussed
    in #528514

 -- Sam Hartman <hartmans op debian.org>  Wed, 13 May 2009 14:09:31 -0400

krb5 (1.7dfsg~beta1-4) unstable; urgency=low

  * When  decrypting the TGS response fails with the subkey, try with the
    session key to work around Heimdal bug, Closes: #527353 

 -- Sam Hartman <hartmans op debian.org>  Thu, 07 May 2009 16:16:34 -0400

krb5 (1.7dfsg~beta1-3) unstable; urgency=low

  * Relax symbol versions of symbols that exist in krb5 1.6.dfsg.2 to
    1.6.dfsg.2.  No software currently in Debian uses the new
    functionality, and this will ease the transition because it allows
    krb5 to move independently of packages that are being rebuilt.  This
    change will be reverted before the end of May, 2009.

 -- Sam Hartman <hartmans op debian.org>  Tue, 05 May 2009 09:01:17 -0400

krb5 (1.7dfsg~beta1-2) unstable; urgency=low

  * Upload to unstable  with permission of release team; note that this
    upload will make anything that depends on libkrb53 uninstallable in
    unstable.  The release team will make binary only NMUs to rebuild any
    such packages and they will depend on the new libraries.  Packages
    built since 1.6.dfsg.4~beta1-9 entered unstable should not be affected.
  * Upstream change: return PREAUTH_REQUIRED not PREAUTH_FAILED on unknown
    preauth type in the KDC.
  * Remove a bunch of patches applied ustream from debian/patches

 -- Sam Hartman <hartmans op debian.org>  Mon, 04 May 2009 16:19:09 -0400

krb5 (1.7dfsg~beta1-1) experimental; urgency=low

  * New upstream release
    - kadmin and related commands moved to /usr/bin, Closes: #477296
    - Kadmin headers are Public: Closes: #191616 
    - KDC supports loopback address, Closes: #478425
  
 -- Sam Hartman <hartmans op debian.org>  Wed, 22 Apr 2009 09:53:15 -0400

krb5 (1.7dfsg~alpha1-1) experimental; urgency=low

  * New upstream version

 -- Sam Hartman <hartmans op debian.org>  Sun, 05 Apr 2009 20:46:14 -0400

krb5 (1.6.dfsg.4~beta1-13) unstable; urgency=high

  * MITKRB5-SA-2009-001: Fix read-beyond-end-of-buffer DOS in SPNEGO, an
    SPNEGO null pointer dereference, and incorrect length validation in
    an ASN.1 decoder.  (CVE-2009-0844, CVE-2009-0845, CVE-2009-0847)
  * MITKRB5-SA-2009-002: ASN.1 general time decoder can free uninitialized
    pointer.  (CVE-2009-0846)
  * Add dependency on libkrb53 from libkrb5-dev.  This should make it
    significantly more difficult for buildds to get out of sync.  I don't
    think we can do better within the constraints of this transition,
    Closes: #522469

 -- Sam Hartman <hartmans op debian.org>  Tue, 07 Apr 2009 14:58:31 -0400

krb5 (1.6.dfsg.4~beta1-12) unstable; urgency=low

  * Translation updates:
    - Romanian, thanks Eddy Petrișor.  (Closes: #519660)
    - Finnish, thanks Esko Arajärvi.  (Closes: #519741)
    - Russian, thanks Sergey Alyoshin.  (Closes: #519744)
    - Spanish, thanks Francisco Javier Cuadrado.  (Closes: #519808)

 -- Russ Allbery <rra op debian.org>  Fri, 27 Mar 2009 11:24:28 -0700

krb5 (1.6.dfsg.4~beta1-11) unstable; urgency=low

  * Upload from the partial-krb4 branch not the master branch so we don't
    break unstable. 
      - Restore libkrb53 and libkadm55 
  * Resync the aes test files from upstream to fix a line ending problem
    and significantly shrink the debian diff 

 -- Sam Hartman <hartmans op debian.org>  Fri, 13 Mar 2009 10:19:42 -0400

krb5 (1.6.dfsg.4~beta1-10) unstable; urgency=low

  * Add Homepage control field.
  * Add ${misc:Depends} to dependencies for all packages.
  * Expand the packages that satisfy the libkrb5-dbg dependency.
  * Include a few more details about the differences between the various
    library packages in their long descriptions and fix some whitespace
    inconsistencies.  Thanks, Gerfried Fuchs.  (Closes: #519403)
  * Remove empty usr/include/kerberosIV directory in libkrb5-dev.
  * Use set -e instead of #!/bin/sh -e for all maintainer scripts.
  * Use which without a path to check for update-inetd.
  * Improve the leading comment in /etc/default/krb5-kdc.
  * Remove unnecessary section override for krb5-pkinit.
  * Update to debhelper compatibility level V7.
    - Use dh_lintian to install Lintian overrides.
    - Use dh_prep instead of dh_clean -k.
  * Update standards version to 3.8.1 (no changes required).
  * Fix superfluous space in the krb5-kdc debconf templates and unfuzzy
    translations.  Thanks, Helge Kreutzmann.  (Closes: #518403)
  * Translation updates:
    - French, thanks Christian Perrier.  (Closes: #518221)
    - Japanese, thanks TANAKA Atushi.  (Closes: #518345)
    - Swedish, thanks Martin Bagge.  (Closes: #518347)
    - German, thanks Helge Kreutzmann.  (Closes: #518402)
    - Czech, thanks Miroslav Kure.  (Closes: #518993)
    - Portuguese, thanks Miguel Figueiredo.  (Closes: #519000)
    - Italian, thanks Luca Monducci.  (Closes: #519178)
    - Galician, thanks Marce Villarino.  (Closes: #519481)

 -- Russ Allbery <rra op debian.org>  Thu, 12 Mar 2009 18:00:31 -0700
krb5 (1.6.dfsg.4~beta1-9) unstable; urgency=medium

  * Fix typo in downgrade instructions in NEWS file.
  * Fix override for libkadm55
  * Upload to unstable.

 -- Sam Hartman <hartmans op debian.org>  Sun, 01 Mar 2009 15:33:58 -0500

krb5 (1.6.dfsg.4~beta1-8) experimental; urgency=low

  * Re-introduce libkrb53 and libkadm55 based on discussion on
    debian-devel; in this version, libkrb53 contains only libkrb4.  Both
    libkrb53 and libkadm55 depend on  the split library packages.  These
    dependencies are unversioned; that means that before any symbols are
    added the shlibs files need to be repointed away from libkrb53 and
    libkadm55.  Any version of the split library packages can satisfy the
    symbols needed by the libraries previously shipped in libkrb53.
  * Perform two builds; one without krb4 and one with krb4 for the only
    warnings; they will go away when the shlibs files are repointed.
  * Remove krb4 support from  debconf and init scripts.
  * Remove the krb4 migration guide from doc-base
  * Fix up replaces in control file so that libraries that used to be in
    libkadm55 claim to replace libkadm55 
  * Only use parallel builds on the krb5 build; it breaks krb4  enabled
    builds. 
  * Used versioned replaces; this seems to make it harder to get a system
    into a broken state if you remove the new packages, Closes: #517483 

 -- Sam Hartman <hartmans op debian.org>  Sat, 28 Feb 2009 00:42:51 -0500

krb5 (1.6.dfsg.4~beta1-7) experimental; urgency=low

  * Do not build krb4 support; this is being removed upstream with 1.7 and
    it is strongly desirable to  examine the debian implications.
  * As a result, the libraries which were previously all in libkrb53 need
    to change package names as we are dropping some libraries.  So, split
    out the libraries into lib<libraryname>-<soname> per policy.  The old
    format was consistent with policy when it was written 8 years ago, and
    has lasted well.  As a result, a significant number of new library
    packages are introduced.
  * Use dpkg-gensymbols support for .symbols files for better version tracking
  * Update to policy 3.8.0
      - Support parallel=

 -- Sam Hartman <hartmans op debian.org>  Fri, 20 Feb 2009 16:57:43 -0500

krb5 (1.6.dfsg.4~beta1-6) unstable; urgency=low

  * In the krb5-install info pages, document the need to create an empty
    database on new slaves before the first database propagation to work
    around a bug in kdb5_util.  This is a workaround for Bug#512670, which
    won't be fixed in time for the lenny release.

 -- Russ Allbery <rra op debian.org>  Sun, 01 Feb 2009 10:07:37 -0800

acpid (1:2.0.7-1squeeze4) stable-proposed-updates; urgency=low

  * Really fix CVE-2011-1159 (Closes: #663249)

 -- Michael Meskes <meskes op debian.org>  Tue, 01 May 2012 17:01:26 +0200

acpid (1:2.0.7-1squeeze3) stable-security; urgency=low

  * Rebuild to work around dak orig.tar.gz ugliness

 -- Moritz Muehlenhoff <jmm op debian.org>  Thu, 08 Dec 2011 19:55:01 +0000

acpid (1:2.0.7-1squeezy2) stable-security; urgency=low

  * Fix shell command injection in powerbtn.sh
  * Fix CVE-2011-1159	

 -- Moritz Muehlenhoff <jmm op debian.org>  Tue, 06 Dec 2011 20:28:04 +0100

acpid (1:2.0.7-1squeezy1) stable-security; urgency=low

  * Applied upstream patch to set umask to 0077 for scripts run
    by acpid.

 -- Michael Meskes <meskes op debian.org>  Tue, 02 Aug 2011 19:05:21 +0200

acpid (1:2.0.7-1) unstable; urgency=low

  * Imported Upstream version 2.0.7

 -- Michael Meskes <meskes op debian.org>  Tue, 16 Nov 2010 08:47:57 +0100

acpid (1:2.0.6-2) unstable; urgency=low

  * Added prepatch from 2.0.7 to remove superfluous logging. (Closes:
    #598198)
  * Added prepatch from 2.0.7 to add support for more buttons. (Closes:
    #600564) - thanks to Stanislav Maslovski
    <stanislav.maslovski op gmail.com>
  * Bumped Standards-Version to 3.9.1, no changes needed.

 -- Michael Meskes <meskes op debian.org>  Sun, 14 Nov 2010 15:14:38 +0100

acpid (1:2.0.6-1) unstable; urgency=low

  * Imported Upstream version 2.0.6

 -- Michael Meskes <meskes op debian.org>  Fri, 18 Jun 2010 11:07:01 +0200

acpid (1:2.0.5-1) unstable; urgency=low

  * Imported Upstream version 2.0.5

 -- Michael Meskes <meskes op debian.org>  Sun, 16 May 2010 11:24:54 +0200

acpid (1:2.0.4-1) unstable; urgency=low

  * New Upstream version 2.0.4
  * Added source format file.

 -- Michael Meskes <meskes op debian.org>  Thu, 22 Apr 2010 09:44:05 +0200

acpid (1:2.0.3-1) unstable; urgency=low

  * New Upstream version 2.0.3

 -- Michael Meskes <meskes op debian.org>  Wed, 17 Mar 2010 10:05:04 +0100

acpid (1:2.0.2-1) unstable; urgency=low

  * New upstream version.
  * Bumped Standards-Version to 3.8.4, no changes needed.

 -- Michael Meskes <meskes op debian.org>  Mon, 15 Feb 2010 16:25:13 +0100

acpid (1:2.0.1-2) unstable; urgency=low

  * Acpid does work on non-i386/amd64 archs but not on non-linux
    systems.
  * Prevent breakage of Xserver resulting from a may connection number
    that was set too low. (Closes: #565908) - thanks to Willi Mann
    <willi op wm1.at>
  * Extended kacpimon description to explain the package a little bit
    better.
  * Escape unescaped dashes in manpage.

 -- Michael Meskes <meskes op debian.org>  Sun, 24 Jan 2010 14:30:56 +0100

acpid (1:2.0.1-1) unstable; urgency=low

  * Imported Upstream version 2.0.1
  * Removed patch system which is no longer needed because upstream included
    all our patches.
  * Install kacpimon manpage.

 -- Michael Meskes <meskes op debian.org>  Sat, 16 Jan 2010 11:35:14 +0100

acpid (1:2.0.0-2) unstable; urgency=low

  * Put kacpimon back into the right section and priority.
  * Make loading of all modules work with modules.dep files with
    relative paths. (Closes: #563915)
  * Do not include /etc/default/rcS in init script because it is not needed.

 -- Michael Meskes <meskes op debian.org>  Fri, 08 Jan 2010 09:16:54 +0100

acpid (1:2.0.0-1) unstable; urgency=low

  * New Upstream version from new source tree that already incorporates the
    netlink patch..
  * Build kacpimon from the new source tree too.

 -- Michael Meskes <meskes op debian.org>  Mon, 21 Dec 2009 13:03:48 +0100

acpid (1.0.10-5) unstable; urgency=high

  * Correct permissions that were incorrectly set by very old acpid versions.
    This fixes CVE-2009-4235. (Closes: #560771)

 -- Michael Meskes <meskes op debian.org>  Tue, 15 Dec 2009 13:11:29 +0100

acpid (1.0.10-4) unstable; urgency=low

  * Updated netlink patch to version 6.

 -- Michael Meskes <meskes op debian.org>  Tue, 17 Nov 2009 14:50:01 +0100

acpid (1.0.10-3) unstable; urgency=low

  * Made acpid recommend correct version of acpi-support-base.
  * Added missing input defines for Thinkpads. (Closes: #521280) -
    thanks to Harald Braumann <harry op unheit.net>
  * Fixed package description. (Closes: #549948) - thanks to Justin B
    Rye <jbr op edlug.org.uk>
  * Clarify some wording. - thanks to Thiemo Nagel
    <thiemo.nagel op ph.tum.de>
  * Bumped Standards-Version to 3.8.3, no changes needed.
  * Fix some lintian warnings.
  * Updated list of power managers. (Closes: #547326)
  * Stopping for single user mode could be done by sendsigs as well.
  * Updated to netlink patch to version 1.0.10-netlink5. (Closes:
    #522756)

 -- Michael Meskes <meskes op debian.org>  Mon, 09 Nov 2009 14:46:15 +0100

acpid (1.0.10-2) unstable; urgency=low

  * Updated netlink patch to version 1.0.10-netlink2.
  * Added patch to make acpid compile with gcc 4.4, closes: #526665

 -- Michael Meskes <meskes op debian.org>  Mon, 04 May 2009 14:41:24 +0200

acpid (1.0.10-1) unstable; urgency=high

  * New upstream version fixing CVE-2009-0798.
  * Removed fixfd patch which was applied upstream.
  * Made example powerbtn.sh script work with kde4, closes: #526000

 -- Michael Meskes <meskes op debian.org>  Tue, 28 Apr 2009 09:24:25 +0200

acpid (1.0.8-8) unstable; urgency=low

  * Fixed netlink patch to not expect long option --netlink to carry an
    argument, closes: #524223
  * Do not remove /etc/acpi/ config at each upgrade, closes: #524528

 -- Michael Meskes <meskes op debian.org>  Mon, 20 Apr 2009 14:04:32 +0200

acpid (1.0.8-7) unstable; urgency=low

  * Fixed ioctl call to use correct buffer size, closes: #521512
  * Do not print error message for missing event file unless we are in debug
    mode, closes: #521666
  * Bumped Standards-Version to 3.8.1, no changes needed.

 -- Michael Meskes <meskes op debian.org>  Sun, 29 Mar 2009 17:13:02 +0200

acpid (1.0.8-6) unstable; urgency=low

  * Start acpid even if /proc/acpi/event doesn't exist, closes: #516079
  * Recommend acpi-support-base so a script handling power button pressing is
    installed.
  * If the power button script had been changed, not only rename it but also
    keep a changed events file to not lose functionality, closes: #516083

 -- Michael Meskes <meskes op debian.org>  Thu, 19 Feb 2009 10:03:40 +0100

acpid (1.0.8-5) unstable; urgency=low

  * Reverted redirection patch, it broke debug mode.

 -- Michael Meskes <meskes op debian.org>  Thu, 19 Feb 2009 09:44:59 +0100

acpid (1.0.8-4) unstable; urgency=low

  * Added patch to correctly redirect stdin/stdout/stderr to /dev/null.
  * Added patch by Ted Felix <ted op tedfelix.com> adding netlink support to
    acpid, closes: #462467, #515773

 -- Michael Meskes <meskes op debian.org>  Wed, 18 Feb 2009 12:05:51 +0100

acpid (1.0.8-3) unstable; urgency=low

  * Only conditionally restart hal on purge, closes: #515650
  * Remove the remaining scriptlets in /etc/acpi. All files are still available
    and installed as examples under /usr/share/doc/acpid/examples but not under
    /etc/acpi anymore.
  * Fixed GPL version information in copyright file.

 -- Michael Meskes <meskes op debian.org>  Tue, 17 Feb 2009 11:10:42 +0100

acpid (1.0.8-2) unstable; urgency=low

  [ Loic Minier ]
  * Add git-buildpackage config debian/gbp.conf.

  [ Michael Meskes ]
  * Added patch by Harald Braumann <harry op unheit.net> to correctly open
    /dev/null, closes: #483805
  * Removed old syslog patch as upstream has the same/similar functionality
    nowadays, closes: #496574
  * Made powerbtn.sh script fall back to shutdown if dbus fails, closes: #492756
  * Restart hal in case of acpid removal, closes: #505663

 -- Michael Meskes <meskes op debian.org>  Wed, 11 Feb 2009 16:53:06 +0100

apache2 (2.2.16-6+squeeze11) squeeze-security; urgency=high

  * CVE-2013-1048: Fix symlink vulnerability when creating /var/lock/apache2
  * CVE-2012-3499, CVE-2012-4558: Fix XSS flaws in various modules.

 -- Stefan Fritsch <sf op debian.org>  Sun, 03 Mar 2013 12:25:22 +0100

apache2 (2.2.16-6+squeeze10) squeeze-security; urgency=low

  [ Arno Töll ]
  * Backport disable-ssl-compression.patch from Wheezy. This patch disabled
    SSL compression upon request by introducing a "Compression on|off"
    directive to mod_ssl. This is to mitigate impact of CRIME attacks to SSL -
    which is a browser issue, however.
    See also Debian bug #674142 and #689936.

  [ Stefan Fritsch ]
  * CVE-2012-4557: mod_proxy_ajp: Remote denial of service (temporary, until
    mod_proxy_ajp's retry timeout expired).

 -- Stefan Fritsch <sf op debian.org>  Fri, 30 Nov 2012 09:26:36 +0100

apache2 (2.2.16-6+squeeze8) squeeze; urgency=low

  * CVE-2012-2687: mod_negotiation: Escape filenames in variant list to
    prevent a possible XSS vulnerability for a site where untrusted users
    can upload files to a location with MultiViews enabled.
  * Send 408 status instead of 400 if reading of a request fails with a
    timeout. This allows browsers to retry. Closes: #677086
  * mod_cache: Prevent Partial Content responses from being cached and served
    as normal response. Closes: #671204
  * mpm_itk: Fix an issue where users can sometimes get spurious 403s on
    persistent connections. Closes: #672333

 -- Stefan Fritsch <sf op debian.org>  Sun, 09 Sep 2012 23:08:04 +0200

apache2 (2.2.16-6+squeeze7) squeeze-security; urgency=high

  * CVE-2012-0216: Remove "Alias /doc /usr/share/doc" from the default virtual
    hosts' config files.
    If scripting modules like mod_php or mod_rivet are enabled on systems
    where either 1) some frontend server forwards connections to an apache2
    backend server on the localhost address, or 2) the machine running
    apache2 is also used for web browsing, this could allow a remote
    attacker to execute example scripts stored under /usr/share/doc.
    Depending on the installed packages, this could lead to issues like cross
    site scripting, code execution, or leakage of sensitive data.

 -- Stefan Fritsch <sf op debian.org>  Sun, 01 Apr 2012 00:20:48 +0200

apache2 (2.2.16-6+squeeze6) squeeze-security; urgency=high

  * Rebuild with distribution set to squeeze-security.

 -- Stefan Fritsch <sf op debian.org>  Sun, 05 Feb 2012 21:58:00 +0100

apache2 (2.2.16-6+squeeze5) squeeze; urgency=high

  * Prevent unintended pattern expansion in some reverse proxy
    configurations by strictly validating the request-URI. Fixes
    CVE-2011-3368, CVE-2011-3639, CVE-2011-4317.
  * CVE-2011-3607: Fix integer overflow in ap_pregsub(), which allowed local
    privilege escalation.
  * CVE-2012-0031: Fix client process being able to crash parent process
    during shutdown.
  * CVE-2012-0053: Fix an issue in code 400 error responses that could expose
    "httpOnly" cookies.

 -- Stefan Fritsch <sf op debian.org>  Sat, 04 Feb 2012 17:54:54 +0100

apache2 (2.2.16-6+squeeze4) squeeze; urgency=low

  * Fix CVE-2011-3348: Possible denial of service in mod_proxy_ajp
    if combined with mod_proxy_balancer.
  * Make exit code of '/etc/init.d/apache2 status' more LSB compatible.
    Closes: #613969
  * Fix typo in init script. Closes: #615866
  * For multiple instance setups, correctly determine the config dir in the
    init script if it is called via a start/stop link. Closes: #627061
  * Add hint in README.Debian about 403 error with mod_dav PUT.
    Closes: #613438
  * Add hint in README.Debian about how to increase max number of open
    files. Closes: #615632
  * Make it clear in README.multiple-instances that the MPMs are shipped
    in the apache2.2-bin package.
  * Tweak patch header to fix "dpatch unapply" with unstable's patch/dpatch.

 -- Stefan Fritsch <sf op debian.org>  Mon, 26 Sep 2011 00:12:23 +0200

apache2 (2.2.16-6+squeeze3) squeeze-security; urgency=high

  * Fix regressions related to range requests introduced by 2.2.16-6+squeeze2.
    Closes: #639825

 -- Stefan Fritsch <sf op debian.org>  Sun, 04 Sep 2011 22:24:42 +0200

apache2 (2.2.16-6+squeeze2) squeeze-security; urgency=high

  * Fix CVE-2011-3192: DoS by high memory usage for a large number of
    overlapping ranges.

 -- Stefan Fritsch <sf op debian.org>  Mon, 29 Aug 2011 20:23:01 +0200

apache2 (2.2.16-6+squeeze1) stable-security; urgency=high

  * Fix CVE-2011-1176 in apache2-mpm-itk: If NiceValue was set, the default
    with no AssignUserID was to run as root:root instead of the default Apache
    user and group. Closes: #618857

 -- Stefan Fritsch <sf op debian.org>  Tue, 22 Mar 2011 21:44:39 +0100

apache2 (2.2.16-6) unstable; urgency=low

  * Also add $named to the secondary-init-script example.

 -- Stefan Fritsch <sf op debian.org>  Sat, 01 Jan 2011 22:55:15 +0100

apache2 (2.2.16-5) unstable; urgency=medium

  * Add $named to the init script dependency header, since apache depends on
    DNS in some configurations. Closes: #608437
  * Update outdated description of /etc/apache2/magic in README.Debian.
    Closes: #603586

 -- Stefan Fritsch <sf op debian.org>  Fri, 31 Dec 2010 01:22:19 +0100

apache2 (2.2.16-4) unstable; urgency=medium

  * Increase the mod_reqtimeout default timeouts to avoid potential problems
    with CRL-requesting browsers. Also extend the comments in reqtimeout.conf.
  * Remove bogus comment in conf.d/security about default in the "release
    after Lenny".
  * Clarify comments in suexec-custom's default config file. LP: #673289

 -- Stefan Fritsch <sf op debian.org>  Sun, 14 Nov 2010 19:05:55 +0100

apache2 (2.2.16-3) unstable; urgency=high

  * CVE-2010-1623: mod_reqtimeout: Fix potential DoS by high memory usage.
  * Fix "Could not reliably determine the server's ..." error message in
    README.Debian, to make it easier to search for it.  Closes: #590528

 -- Stefan Fritsch <sf op debian.org>  Sat, 09 Oct 2010 20:59:34 +0200

apache2 (2.2.16-2) unstable; urgency=low

  * Force -j1 for 'make install' to fix occasional FTBFS. Closes: #593036
  * Add a note about the new behaviour of SSL/TLS renegotiation and the new
    directive SSLInsecureRenegotiation to NEWS.Debian. Closes: #593334
  * Support 'graceful' as alias for 'reload' in the init script.
  * In README.Debian, suggest an Apache configuration change to get rid of the
    "Could not reliably determine the server's fully qualified domain name"
    warning, as alternative to changing DNS or /etc/hosts.  Closes: #590528
  * Add notes to README.Debian on how to reduce memory usage.
  * Bump Standards-Version (no changes).

 -- Stefan Fritsch <sf op debian.org>  Sun, 29 Aug 2010 15:29:21 +0200

apache2 (2.2.16-1) unstable; urgency=medium

  * Urgency medium for security fix.
  * New upstream release:
    - CVE-2010-1452: mod_dav, mod_cache: Fix denial of service vulnerability
      due to incorrect handling of requests without a path segment.
    - mod_dir: add FallbackResource directive, to enable admin to specify
      an action to happen when a URL maps to no file, without resorting
      to ErrorDocument or mod_rewrite
  * Fix mod_ssl header line corruption because of using memcpy for overlapping
    buffers. PR 45444. LP: #609290, #589611, #595116

 -- Stefan Fritsch <sf op debian.org>  Sat, 24 Jul 2010 22:18:43 +0200

apache2 (2.2.15-6) unstable; urgency=low

  * Fix init script not correctly killing htcacheclean. Closes: #580971
  * Add a separate entry in README.Debian about the need to use apache2ctl
    for starting instead of calling apache2 directly. Closes: #580445
  * Fix debug info to allow gdb loading it automatically. Closes: #581514
  * Fix install target in Makefile created by apxs2 -n. Closes: #588787
  * Fix ab sending more requests than specified by the -n parameter.
    Closes: #541158
  * Add apache2 monit configuration to apache2.2-commons examples dir.
    Closes: #583127
  * Build as PIE, since gdb in squeeze now supports it.
  * Update the postrm script to also purge the version of /var/www/index.html
    introduced in 2.2.11-7.
  * Bump Standards-Version (no changes).

 -- Stefan Fritsch <sf op debian.org>  Fri, 16 Jul 2010 23:41:08 +0200

apache2 (2.2.15-5) unstable; urgency=low

  * Conflict with apache package as we now include apachectl. Closes: #579065
  * Remove conflicts with old apache 2.0 modules. The conflicts are not
    necessary anymore as skipping a stable release is not supported anyway.
  * Silence the grep in preinst.

 -- Stefan Fritsch <sf op debian.org>  Sun, 25 Apr 2010 10:46:09 +0200

apache2 (2.2.15-4) unstable; urgency=low

  * Move definition of other_vhosts_access.log to new config file
    /etc/apache2/conf.d/other-vhosts-access-log, but disable it
    if it has been disabled by the admin. Closes: #576572. LP: #507616
  * Comment out the contents of mods-available/proxy.conf, as it just
    is a nuisance for use of apache2 as a reverse proxy, which is much
    more common than the use as forward proxy. Extend the comments
    in the file.
  * Change defaults or add example configs for some modules:
    status.conf:
      - enable ExtendedStatus by default
      - enable ProxyStatus by default
      - document SeeRequestTail directive
    proxy_ftp.conf:
      - set 'ProxyFtpDirCharset UTF-8' by default
    ldap.conf:
      - enable /ldap-status page, allow it from localhost by default
    proxy_balancer.conf:
      - add (disabled) example for /balancer-manager page
    ssl.conf:
      - document SSLStrictSNIVHostCheck directive
  * Add symlink from apachectl to apache2ctl to be more compatible with
    upstream. Apache httpd 1.3 hasn't been in Debian for some time.
  * Simplify logrotate script. Closes: #576105
  * Remove empty directory /usr/lib/debug/usr/sbin in mpm packages.
    Closes: #576089
  * Fix apxs2 to work with perl 5.12rc3. Closes: #577239
  * Add source/format file to make lintian happy.

 -- Stefan Fritsch <sf op debian.org>  Tue, 20 Apr 2010 23:11:09 +0200

apache2 (2.2.15-3) unstable; urgency=low

  * mod_reqtimeout: backport bugfixes from upstream trunk up to r928881,
    including a fix for mod_proxy CONNECT requests.
  * mod_dav_fs: Use correct permissions when creating new files. LP: #540747

 -- Stefan Fritsch <sf op debian.org>  Mon, 29 Mar 2010 22:16:24 +0200

apache2 (2.2.15-2) unstable; urgency=low

  * Make the Files ~ "^\.ht" block in apache2.conf more secure by adding
    Satisfy all. Closes: #572075
  * mod_reqtimeout: Various bug fixes, including:
    - Don't mess up timeouts of mod_proxy's backend connections.
      Closes: #573163

 -- Stefan Fritsch <sf op debian.org>  Wed, 10 Mar 2010 21:06:06 +0100

apache2 (2.2.15-1) unstable; urgency=low

  * New upstream version:
    - CVE-2010-0408: mod_proxy_ajp: Fixes denial of service vulnerability
    - CVE-2009-3555: mod_ssl: Improve the mitigation against SSL/TLS protocol
      prefix injection attack.
    - CVE-2010-0434: mod_headers: Fix potential information leak with threaded
      MPMs.
    - mod_reqtimeout: New module limiting the time waiting for receiving
      a request from the client. This is a (partial) mitigation against
      slowloris-type resource exhaustion attacks. The module is enabled by
      default. Closes: #533661
    - mod_ssl: Add SSLInsecureRenegotiation directive to allows insecure
      renegotiation with clients which do not yet support the secure
      renegotiation protocol. As this requires openssl 0.9.8m, bump
      build dependency accordingly.
  * Fix bash completion for a2ensite if the site name contains 'conf' or
    'load'. Closes: #572232
  * Do a configcheck in the init script before doing a non-graceful restart.
    Closes: #571461

 -- Stefan Fritsch <sf op debian.org>  Sun, 07 Mar 2010 23:22:56 +0100

apache2 (2.2.14-7) unstable; urgency=low

  * Fix potential memory leaks related to the usage of apr_brigade_destroy().
  * Add hints about correct mod_dav_fs configuration to README.Debian.
    Closes: #257945
  * Fix error in Polish translation of 404 error page. Closes: #570228
  * Document ThreadLimit in apache2.conf's comments.

 -- Stefan Fritsch <sf op debian.org>  Sat, 20 Feb 2010 12:38:30 +0100

apache2 (2.2.14-6) unstable; urgency=low

  * Use environment variables APACHE_RUN_DIR, APACHE_LOCK_DIR, and
    APACHE_LOG_DIR in the default configuration. If you have modified
    /etc/apache2/envvars, make sure that these variables are set and exported.
  * Add support for multiple apache2 instances to initscript and apache2ctl.
    See /usr/share/doc/apache2.2-common/README.multiple-instances for details.
    Closes: #353450
  * Set default compiled-in ServerRoot to /etc/apache2 and make paths in
    apache2.conf relative to ServerRoot.
  * Move ab and logresolve from /usr/sbin to /usr/bin. Closes: #351450, #564061
  * Fix symlinks in apache2-dbg package. Closes: #567076
  * Fix mod_cache CacheIgnoreURLSessionIdentifiers handling. Closes: #556383
  * Add new init script action graceful-stop (LP: #456381)
  * Add more languages to mime.conf. To limit this to useful entries, we only
    add those for which a translation of the Debian intaller exists. LP: #217964
  * Unset $HOME in /etc/apache2/envvars.
  * Change default config of mod_info and mod_status to use IP addresses
    instead of hostnames. Otherwise the hostname is sometimes logged even with
    'HostnameLookup Off'. Closes: #568409
  * Add a hook to apache2.2-common's postrm script that may come in handy
    when upgrading to 2.4.
  * Make bug script also display php extensions.
  * Bump Standards-Version (no changes).
  * Remove Adam Conrad from Uploaders. Thanks for your work in the past.

 -- Stefan Fritsch <sf op debian.org>  Sun, 07 Feb 2010 17:29:45 +0100

apache2 (2.2.14-5) unstable; urgency=low

  * Security: Further mitigation for the TLS renegotation attack
    (CVE-2009-3555): Disable keep-alive if parts of the next request have
    already been received when doing a renegotiation. This defends against
    some request splicing attacks.
  * Print a useful error message if 'apache2ctl status' fails. Add a comment
    to /etc/apache2/envvars on how to change the options for www-browser.
    Closes: #561496, #272069
  * Improve function to detect apache2 pid in init-script (closes: #562583).
  * Add hint README.Debian on how to pass auth info to CGI scripts.
    Closes: #483219
  * Re-introduce objcopy magic to avoid dangling symlinks to the debug info
    in the mpm packages. Closes: #563278
  * Make apxs2 use a2enmod and /etc/apache2/mods-available. Closes: #470178,
    LP: #500703
  * Point to README.backtrace in apache2-dbg's description.
  * Use more debhelper functions to simplify debian/rules.
  * Add misc-depends to various packages to make lintian happy.
  * Change build-dep from libcap2-dev to libcap-dev because of package rename.

 -- Stefan Fritsch <sf op debian.org>  Sat, 02 Jan 2010 22:44:15 +0100

apache2 (2.2.14-4) unstable; urgency=low

  * Disable localized error pages again by default because they break
    configurations with "<Location /> SetHandler ...". A workaround is
    described in the comments in /etc/apache2/conf.d/localized-error-pages
    (closes: #543333).
  * mod_rewrite: Fix URLs in redirects with literal IPv6 hosts
    (closes: #557015).
  * Automatically listen on port 443 if mod_gnutls is loaded (closes: #558234).
  * Add man page for split-logfile.
  * Link with -lcrypt where necessary to fix a FTBFS with binutils-gold
    (closes: #553946).

 -- Stefan Fritsch <sf op debian.org>  Sun, 13 Dec 2009 20:05:37 +0100

apache2 (2.2.14-3) unstable; urgency=low

  * Backport various mod_dav/mod_dav_fs fixes from upstream trunk svn. This
    includes:
    - Make PUT replace files atomically (closes: #525137).
    - Make MOVE not delete the destination if the source file disappeared in
      the meantime (closes: #273476).
    NOTE: The format of the DavLockDB has changed. The default DavLockDB will
    be deleted on upgrade. Non-default DavLockDBs should be deleted manually.
  * Fix output of "/etc/init.d/apache2 status" (closes: #555687).
  * Update the comment about SNI in ports.conf (closes: #556932).
  * Set redirect-carefully for Konqueror/4.

 -- Stefan Fritsch <sf op debian.org>  Sat, 21 Nov 2009 10:20:54 +0100

apache2 (2.2.14-2) unstable; urgency=medium

  * Security:
    Reject any client-initiated SSL/TLS renegotiations. This is a partial fix
    for the TLS renegotiation prefix injection attack (CVE-2009-3555).
    Any configuration which requires renegotiation for per-directory/location
    access control is still vulnerable.
  * Allow RemoveType to override the types from /etc/mime.types. This allows
    to use .es and .tr for Spanish and Turkish files in mod_negotiation.
    Closes: #496080
  * Fix 'CacheEnable disk http://'. Closes: #442266
  * Fix missing dependency by changing killall to pkill in the init script.
    LP: #460692
  * Add X-Interactive header to init script as it may ask for the ssl key
    passphrase. Closes: #554824
  * Move httxt2dbm man page into apache2.2-bin, which includes httxt2dbm, too.
  * Enable keepalive for MSIE 7 and newer in default-ssl site and README.Debian

 -- Stefan Fritsch <sf op debian.org>  Sat, 07 Nov 2009 14:37:37 +0100

apache2 (2.2.14-1) unstable; urgency=low

  * New upstream version:
    - new module mod_proxy_scgi
  * Disable hardening option -pie again, as gdb in Debian does not support
    it properly and it is broken on mips*.

 -- Stefan Fritsch <sf op debian.org>  Tue, 29 Sep 2009 20:55:05 +0200

apache2 (2.2.13-2) unstable; urgency=high

  * mod_proxy_ftp security fixes (closes: #545951):
    - DoS by malicious ftp server (CVE-2009-3094) 
    - missing input sanitization: a user could execute arbitrary ftp commands
      on the backend ftp server (CVE-2009-3095)
  * Add entries to NEWS.Debian and README.Debian about Apache being stricter
    about certain misconfigurations involving name based SSL virtual hosts.
    Also make Apache print the location of the misconfigured VirtualHost when
    it complains about a missing SSLCertificateFile statement. Closes: #541607
  * Add Build-Conflicts: autoconf2.13 (closes: #541536).
  * Adjust priority of apache2-mpm-itk to extra.
  * Switch apache2.2-common and the four mpm packages from architecture all to
    any. This is stupid but makes apache2 binNMUable again (closes: #544509).
  * Bump Standards-Version (no changes).

 -- Stefan Fritsch <sf op debian.org>  Wed, 16 Sep 2009 20:55:02 +0200

apache2 (2.2.13-1) unstable; urgency=low

  * New upstream release:
    - Fixes segfault with mod_deflate and mod_php (closes: #542623).

 -- Stefan Fritsch <sf op debian.org>  Mon, 31 Aug 2009 20:28:56 +0200

apache2 (2.2.12-1) unstable; urgency=low

  * New upstream release:
    - Adds support for TLS Server Name Indication (closes: #461917 LP: #184131).
      (The Debian default configuration will be changed to use SNI in a later
      version.)
    - Fixes timefmt config in SSI (closes: #363964).
    - mod_ssl: Adds SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN directives
      to enable stricter checking of remote server certificates.
  * Make mod_deflate not compress the content for HEAD requests. This is a
    similar issue as CVE-2009-1891.
  * Enable hardening compile options.
  * Switch default LogFormat from %b (size of file sent) to %O (bytes actually
    sent) (closes: #272476 LP: #255124)
  * Add the default LANG=C to /etc/apache2/envvars and document it in
    README.Debian (closes: #511878).
  * Enable localized error pages by default if the necessary modules are
    loaded. Move the config for it from apache2.conf to
    /etc/apache2/conf.d/localized-error-pages (closes: #467004). Clarify the
    required order of the aliases in the comment (closes: #196795).
  * Change default for ServerTokens to 'OS', to not announce the exact module
    versions to the world (LP: #205996)
  * Make a2ensite and friends ignore the same filenames as apache does for
    included config files, even if LANG is not C.
  * Merge source packages apache2 and apache2-mpm-itk (current itk version is
    2.2.11-02). This removes the binNMU mess necessary for every apache2 upload
    (closes: #500885, #512084). Add Steinar to Uploaders. Remove apache2-src
    package, which is no longer necessary.
  * Ship our own version of the magic config file (taken from file 4.17-5etch3)
    which is still compatible with mod_mime_magic (closes: #483111).
  * Add ThreadLimit to the default config and put ThreadsPerChild and
    MaxClients into the correct order so that Apache does not complain
    (closes: #495656).
    Also add a configuration block for the event MPM in apache2.conf.
  * Fix HTTP PUT with mod_dav failing to detect an aborted connection
    (closes: #451563).
  * Change references to httpd.conf in apache2-doc to apache2.conf
    (closes: #465393).
  * Clarify the recommended permissions for SSL certificates in README.Debian
    (closes: #512778).
  * Document in README.Debian how to name files in conf.d to avoid conflicts
    with packages (closes: #493252)
  * Remove 2.0 -> 2.2 upgrade logic from maintainer scripts.
  * Remove other_vhosts_access.log on package purge.

 -- Stefan Fritsch <sf op debian.org>  Tue, 04 Aug 2009 11:02:34 +0200

apache2 (2.2.11-7) unstable; urgency=low

  * Security fixes:
    - CVE-2009-1890: denial of service in mod_proxy
    - CVE-2009-1891: denial of service in mod_deflate (closes: #534712)
  * Add symlinks for the debug info to the mpm packages.
  * Be slightly more informative in the default index.html without pointing
    to Apache or Debian (LP: #89364)
  * Remove dependency on net-tools, which is no longer necessary 
    (closes: #535849)
  * Bump Standards-Version (no changes)

 -- Stefan Fritsch <sf op debian.org>  Fri, 10 Jul 2009 22:42:57 +0200

apache2 (2.2.11-6) unstable; urgency=high

  * CVE-2009-1195: mod_include allowed to bypass IncludesNoExec for Server
    Side Includes (closes: #530834).
  * Fix postinst scripts (closes: #532278).

 -- Stefan Fritsch <sf op debian.org>  Mon, 08 Jun 2009 19:22:58 +0200

apache2 (2.2.11-5) unstable; urgency=low

  * Move all binaries into a new package apache2.2-bin and make
    apache2.2-common depend on it. This allows to
    - run apache as user process only, e.g. with gnome-user-share.
      Closes: #468690
    - run multiple instances of apache with different MPMs. This configuration
      is not supported in any way, though. Closes: #517572
  * Switch to debhelper compatibility level 7 and remove some code duplication
    in debian/rules.
  * Override some Lintian warnings about old autotools helper files and being
    not binNMUable (apache2 is not binNMUable anyway, because of the
    apache2 <-> apache2-mpm-itk dependency).

 -- Stefan Fritsch <sf op debian.org>  Fri, 22 May 2009 19:30:20 +0200

apache2 (2.2.11-4) unstable; urgency=low

  [ Stefan Fritsch ]
  * Disable TRACE method by default (closes: #492130).
  * Compress some more mime types with mod_deflate by default. This may cause
    problems with MSIE 6, but that browser should now be considered obsolete.
    Closes: #397526, #521209
  * Various backports from upstream svn branches/2.2.x:
    - CVE-2009-1191: mod_proxy_ajp: Avoid delivering content from a previous
      request which failed to send a request body
    - Fix FollowSymlinks / SymlinksIfOwnerMatch ignored with
      server-side-includes PR 45959 (closes: #524474)
    - Fix mod_rewrite "B" flag breakage PR 45529 (closes: #524268)
    - Fix mod_deflate etag handling PR 45023 (LP: #358314)
    - Fix mod_ldap segfault if LDAP initialization failed PR 45994
  * Allow apache2-mpm-itk as alternate dependency in apache2 meta package
    (closes: #527225).
  * Fix some misuse of command substitution in the init script. Thanks to
    Jari Aalto for the patch. (Closes: #523398)
  * Extend the gnome-vfs DAV workaround to gvfs (closes: #522845).
  * Add more info to check_forensic man page (closes: #528424).
  * Make "apache2ctl help" point to help on apache2 args (closes: #528425).
  * Lintian warnings:
    - fix spelling error in apache2-utils description
    - tweak debian/copyright to make lintian not complain about pointers to GPL
    - bump standards-version (no changes)

  [ Peter Samuelson ]
  * Adjust sections to match recent ftpmaster overrides.

 -- Stefan Fritsch <sf op debian.org>  Tue, 19 May 2009 22:55:27 +0200

apache2 (2.2.11-3) unstable; urgency=low

  * Rebuild against apr-util 1.3, to fix undefined symbol errors in mod_ldap
    (see #521899). This also creates the dependencies on the new external
    libaprutil1-dbd-* and libaprutil1-ldap packages.

 -- Stefan Fritsch <sf op debian.org>  Tue, 31 Mar 2009 21:07:26 +0200

apache2 (2.2.11-2) unstable; urgency=low

  * Report an error instead instead of segfaulting when apr_pollset_create
    fails (PR 46467). On Linux kernels since 2.6.27.8, the value in
    /proc/sys/fs/epoll/max_user_instances needs to be larger than twice the
    value of MaxClients in the Apache configuration. Closes: #511103

 -- Stefan Fritsch <sf op debian.org>  Fri, 16 Jan 2009 19:01:59 +0100

apache2 (2.2.11-1) unstable; urgency=low

  [Thom May]
  * New Upstream Version (Closes: #508186, LP: #307397)
    - Contains rewritten shmcb code which should fix alignment problems on
      alpha (Closes: #419720).
    - Notable new features: chroot support, mod_proxy improvements.

  [Ryan Niebur]
  * fix segfault in ab when being verbose on ssl sites (Closes: #495982)
  * remove trailing slash for DocumentRoot (Closes: #495110)

 -- Stefan Fritsch <sf op debian.org>  Sun, 14 Dec 2008 09:34:24 +0100

apache2 (2.2.9-11) unstable; urgency=low

  * Regression fix from upstream svn for mod_proxy:
    Prevent segmentation faults by correctly adjusting the lifetime of the
    buckets read from the proxy backend. PR 45792
  * Fix from upstream svn for mpm_worker:
    Crosscheck that idle workers are still available before using them and
    thus preventing an overflow of the worker queue which causes a SegFault.
    PR 45605
  * Add a comment to ports.conf to point to NEWS.Debian.gz in case of
    upgrading problems.

 -- Stefan Fritsch <sf op debian.org>  Wed, 26 Nov 2008 23:10:22 +0100

apr (1.4.2-6+squeeze4) stable; urgency=low

  * Fix apr_file_trunc() bug which could lead to subversion repository
    corruption in some rare cases. Closes: #664451

 -- Stefan Fritsch <sf op debian.org>  Sun, 01 Apr 2012 00:50:32 +0200

apr (1.4.2-6+squeeze3) stable; urgency=low

  * Fix apr_ino_t changing size depending on -D_FILE_OFFSET_BITS on
    kfreebsd-*. Closes: #616323

 -- Stefan Fritsch <sf op debian.org>  Mon, 13 Jun 2011 12:15:22 +0200

apr (1.4.2-6+squeeze2) stable-security; urgency=low

  * Fix regression introduced by fix for CVE-2011-0419:
    apr_fnmatch may consume 100% CPU. CVE-2011-1928
    Closes: #627182

 -- Stefan Fritsch <sf op debian.org>  Thu, 19 May 2011 07:49:05 +0200

apr (1.4.2-6+squeeze1) stable-security; urgency=high

  * Fix DoS in apr_fnmatch (CVE-2011-0419) which can be exploited via
    Apache HTTPD's mod_autoindex.

 -- Stefan Fritsch <sf op debian.org>  Fri, 13 May 2011 23:52:15 +0200

apr (1.4.2-6) unstable; urgency=low

  * Also disable robust pthread mutexes on alpha, to fix hang in the test
    suite on Linux 2.6.32.

 -- Stefan Fritsch <sf op debian.org>  Mon, 30 Aug 2010 23:42:23 +0200

apr (1.4.2-5) unstable; urgency=medium

  * Fix FTBFS on armel: Disable robust pthread mutexes on armel, as they
    cause a hang in the test suite on Linux 2.6.32.

 -- Stefan Fritsch <sf op debian.org>  Sun, 29 Aug 2010 22:00:11 +0200

apr (1.4.2-4) unstable; urgency=low

  * Fix building with libtool 1.x. Closes: #575380
  * Fix pool life-time issue with apr_socket_addr_get(), resulting in a memory
    leak in Apache mod_proxy.
  * Under Linux, if configure does not detect POSIX semaphores due to /dev/shm
    not being mounted, abort the build. Closes: #591286

 -- Stefan Fritsch <sf op debian.org>  Tue, 17 Aug 2010 23:16:56 +0200

apr (1.4.2-3) unstable; urgency=low

  * Upload to unstable.

 -- Stefan Fritsch <sf op debian.org>  Sun, 31 Jan 2010 10:56:45 +0100

apr (1.4.2-2) experimental; urgency=low

  * Fix FTBFS on kfreebsd: Create os specific symbols file: With *_epoll on
    linux, with *_kqueue on kfreebsd, with neither on hurd.
  * Bump Standards-Version:
    - In the rules file, use the DEB_*_ARCH* instead of the DEB_*_GNU*
      variables, where applicable.

 -- Stefan Fritsch <sf op debian.org>  Thu, 28 Jan 2010 20:28:07 +0100

apr (1.4.2-1) experimental; urgency=low

  [ Stefan Fritsch ]
  * New upstream release
  * Enable use of O_CLOEXEC. This raises the minimum required kernel version
    to 2.6.23. Disable the other new APIs (which would require 2.6.27 or
    2.6.28) by using configure flags instead of patching the source.

  [ Peter Samuelson ]
  * Apply patch from Nobuhiro Iwamatsu to disable some pthread
    functionality on SH4.  (Closes: #549153)

 -- Stefan Fritsch <sf op debian.org>  Thu, 28 Jan 2010 07:33:48 +0100

apr (1.3.8-1) unstable; urgency=high

  [ Stefan Fritsch ]
  * Enable -fstack-protector for arm/armel. A workaround has been added to
    gcc.

  [ Peter Samuelson ]
  * New upstream security release.
    - Fix CVE-2009-2412, overflow in pool allocations due to alignment.

 -- Peter Samuelson <peter op p12n.org>  Thu, 06 Aug 2009 13:00:03 -0500

apr (1.3.7-1) unstable; urgency=low

  * New upstream release.

 -- Stefan Fritsch <sf op debian.org>  Fri, 24 Jul 2009 11:12:20 +0200

apr (1.3.5-2) unstable; urgency=low

  * Mark non-inheritable file descriptors with FD_CLOEXEC, to prevent leaking
    them to processes exec'ed by applications that fail to use the apr API
    correctly (i.e. mod_php). Closes: #366124
  * Bump standards-version (no changes).
  * Override soname lintian warning (too late to change that).

 -- Stefan Fritsch <sf op debian.org>  Tue, 23 Jun 2009 22:15:02 +0200

apr (1.3.5-1) unstable; urgency=low

  * New upstream version (really)

 -- Stefan Fritsch <sf op debian.org>  Mon, 08 Jun 2009 18:45:15 +0200

apr (1.3.4-1) unstable; urgency=low

  * New upstream version
  * Fix FTBFS on hurd (thanks to Marc Dequènes, closes: #530286)
    - define _GNU_SOURCE earlier
    - disable tests on hurd for now
    - Deactivate missing multicast support on Hurd (by removing
      HAVE_STRUCT_IPMREQ manually). 
  * Omit spurious libs from apr-1-config --libs output (closes: #463399)

 -- Stefan Fritsch <sf op debian.org>  Sun, 07 Jun 2009 21:15:32 +0200

apr (1.3.3-4) unstable; urgency=low

  [ Ryan Niebur ]
  * change the -dbg package's section to debug
  * Fix building with newer libtool, thanks to John Wright for the patch
    (Closes: #526346)
  * use a symbols file without apr_socket_sendfile on kfreebsd based
    architectures, fixing FTBFS (Closes: #520857)
  * support nocheck in DEB_BUILD_OPTIONS
  * Debian Policy 3.8.1

  [ Stefan Fritsch ]
  * Force use of bash in the embedded libtool

 -- Stefan Fritsch <sf op debian.org>  Sun, 10 May 2009 10:14:43 +0200

apr (1.3.3-3) unstable; urgency=low

  * Reduce stack size for the 'testatomic' test since it may otherwise run out
    of virtual memory on some buildds. This sometimes caused FTBFS on hppa.

 -- Stefan Fritsch <sf op debian.org>  Fri, 27 Feb 2009 14:58:02 +0100

apr (1.3.3-2) unstable; urgency=low

  [ Ryan Niebur ]
  * added support for parallel in DEB_BUILD_OPTIONS
  * add me to Uploaders

  [ Stefan Fritsch ]
  * Correct description for libapr1-dbg (closes: #508144).
  * Work around flock bug on hppa. This fixes the last remaining test failure,
    testprocmutex (closes: #492295).
  * Upload to unstable.

 -- Stefan Fritsch <sf op debian.org>  Mon, 23 Feb 2009 22:44:07 +0100

apr (1.3.3-1) experimental; urgency=low

  * New upstream release.
  * Not only ignore testsockets but also testsock to fix some more build
    failures.
  * Add some debugging output for m68k test problems (#495400).
  * Add -Wformat to CFLAGS to actually make use of -Wformat-security.

 -- Stefan Fritsch <sf op debian.org>  Fri, 26 Sep 2008 19:52:14 +0200

apr (1.3.2-3) experimental; urgency=low

  * Add netbase to build-deps to fix testsock test.
  * Ignore testsockets test only on vservers and if IPv6 is not configured.
  * Rerun buildconf during package build. This fixes FTBFS on powerpc (because
    of broken autoconf used by upstream, see #490820).
  * Remove kfreebsd hack no longer necessary with 1.3.x.

 -- Stefan Fritsch <sf op debian.org>  Mon, 04 Aug 2008 22:50:30 +0200

apr (1.3.2-2) experimental; urgency=low

  * Make tests more verbose to make debugging FTBFS easier.
  * Ignore testsock and testsockets tests which seem to fail if IPv6 is not
    configured.
  * Change watch file to www.apache.org, which is more reliable than
    www.eu.apache.org.

 -- Stefan Fritsch <sf op debian.org>  Sun, 27 Jul 2008 10:19:00 +0200

apr (1.3.2-1) experimental; urgency=low

  [ Ryan Niebur ]
  * new upstream version
  * use symbol files

  [ Stefan Fritsch ]
  * Upload to experimental

 -- Stefan Fritsch <sf op debian.org>  Wed, 23 Jul 2008 20:49:02 +0200

apr (1.2.12-6) UNRELEASED; urgency=low

  [ Ryan Niebur ]
  * Upgraded to policy version 3.8.0
    - Added support for noopt in DEB_BUILD_OPTIONS
    - Added a README.source

  [ Stefan Fritsch ]
  * Add upstream homepage to debian/control.

 -- Ryan Niebur <RyanRyan52 op gmail.com>  Fri, 27 Jun 2008 14:39:29 -0700

apr-util (1.3.9+dfsg-5) unstable; urgency=low

  * Backports from 1.3.10:
    - apr_thread_pool: Fix some potential deadlock situations.  PR 49709.
    - apr_thread_pool_create: Fix pool corruption caused by multithreaded
      use of the pool when multiple initial threads are created.  PR 47843.
    - apr_thread_pool_create: Only set the output variable on success.

 -- Stefan Fritsch <sf op debian.org>  Fri, 01 Oct 2010 22:05:54 +0200

apr-util (1.3.9+dfsg-4) unstable; urgency=high

  * CVE-2010-1623: Fix denial of service vulnerability through memory
    consumption in apr_brigade_split_line()

 -- Stefan Fritsch <sf op debian.org>  Fri, 01 Oct 2010 18:19:38 +0200

apr-util (1.3.9+dfsg-3) unstable; urgency=low

  * Update to db4.8 (closes: #550443)
  * Bump standards-version:
    - Use DEB_*_ARCH_* where applicable

 -- Stefan Fritsch <sf op debian.org>  Sun, 01 Nov 2009 10:40:53 +0100

apr-util (1.3.9+dfsg-2) unstable; urgency=low

  * Fix FTBFS (closes: #545718). The FTBFS didn't happen with dash as /bin/sh
    due to dash bug #514863.
  * Ship the html documentation in the -dev package. Thanks to Joel Smith for
    the patch (closes: #543554).
  * Make libaprutil1-dev depend on libmysqlclient-dev instead of
    libmysqlclient15-dev.

 -- Stefan Fritsch <sf op debian.org>  Sat, 12 Sep 2009 15:04:55 +0200

apr-util (1.3.9+dfsg-1) unstable; urgency=high

  [ Stefan Fritsch ]
  * Enable -fstack-protector for arm/armel. A workaround has been added to
    gcc.
  * Remove obsolete libmysqlclient15off dependency. Update build-dep to
    libmysqlclient-dev.

  [ Peter Samuelson ]
  * New upstream security release.
    - Fix CVE-2009-2412, overflow in RMM allocations due to alignment.
  * Add myself to Uploaders.

 -- Peter Samuelson <peter op p12n.org>  Thu, 06 Aug 2009 13:21:48 -0500

apr-util (1.3.8+dfsg-1) unstable; urgency=low

  * New upstream version.
  * Add two CVE ids to 1.3.7+dfsg-1 changelog entry.
  * Bump standards version (no changes).
  * Make libaprutil1-dbd-sqlite3 the default dbd driver, to reduce the size
    of dependencies pulled in by apache2.2-bin by default (closes: #536466)

 -- Stefan Fritsch <sf op debian.org>  Sat, 25 Jul 2009 20:08:37 +0200

apr-util (1.3.7+dfsg-1) unstable; urgency=high

  * New upstream version:
    - CVE-2009-0023: Fix underflow in apr_strmatch_precompile() which causes
      remotely exploitable DoS vulnerabilities in mod_dav_svn and libapreq2.
    - CVE-2009-1955: Fix DoS vulnerability (memory consumption) in handling of
      internal xml entities.
    - CVE-2009-1956: Fix off by one overflow in apr_brigade_vprintf.
  * Disable test suite on hurd for now (closes: #530287).
  * Override lintian warning about soname.

 -- Stefan Fritsch <sf op debian.org>  Thu, 04 Jun 2009 20:53:47 +0200

apr-util (1.3.4+dfsg-2) unstable; urgency=low

  [ Ryan Niebur ]
  * move the versioned libmysqlclient15off dependency from libaprutil1
    to libaprutil1-dbd-mysql (Closes: #481976)

  [ Stefan Fritsch ]
  * Add workaround to fix FTBFS when doing parallel build (closes: #527812)
  * Add "Breaks: apache2.2-common << 2.2.11-3", to make upgrades from lenny
    to squeeze less noisy.

 -- Stefan Fritsch <sf op debian.org>  Sun, 10 May 2009 19:18:48 +0200

apr-util (1.3.4+dfsg-1) unstable; urgency=low

  [ Ryan Niebur ]
  * New upstream version
  * add me to Uploaders
  * add repack.sh
  * update to libdb4.7-dev (Closes: #519818)
  * Debian policy 3.8.1
  * remove *.dirs, they're not needed
  * lintian overrides for the symbols file depending on different
    packages, we have those "unusual circumstances" :)
    - debhelper 6 (needed for dh_lintian)
  * remove build/apr_common.m4 in the clean target, it gets modified
    during build and is automatically generated
  * switch the libaprutil1-dbg package to the debug section
  * don't output ldap libs by default from apu-config
  * upload to unstable this time

  [ Stefan Fritsch ]
  * Fix description for libaprutil1-dbg (closes: #508145).
  * Recognize DEB_BUILD_OPTIONS=nocheck in addition to notest (closes: #515352).
  * Make dpkg-shlibdeps automatically generate the needed dependencies for
    programs that use apr_ldap_init() or apr_dbd_init().
    For dbd, we will genreate an ORed dependency on all libaprutil1-dbd-*
    packages, using libaprutil1-dbd-mysql as default.

 -- Ryan Niebur <ryanryan52 op gmail.com>  Thu, 26 Mar 2009 22:25:48 -0700

apr-util (1.3.2+dfsg-1) experimental; urgency=low

  [ Ryan Niebur ]
  * new upstream release
  * added a note to README.source about repackaging upstream tarballs
  * put the mysql, sqlite3, pgsql, and ldap drivers into their own package.
    (Closes: #481976, #482946)
  * use symbol files
  * fixed watch file

  [ Stefan Fritsch ]
  * Compile drivers for odbc and freetds and add packages for them.

 -- Stefan Fritsch <sf op debian.org>  Tue, 29 Jul 2008 23:09:01 +0200

bind9 (1:9.7.3.dfsg-1~squeeze10) squeeze-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Compile without regular expression support to fix CVE-2013-2266.
    Prevent a denial of service vulnerability found in the libdns
    library. A remote attacker could use this flaw to send a specially-
    crafted DNS query to named that, when processed, would cause
    named to use an excessive amount of memory, or possibly crash.
    (Closes: #704174)

 -- Salvatore Bonaccorso <carnil op debian.org>  Fri, 29 Mar 2013 08:03:20 +0100

bind9 (1:9.7.3.dfsg-1~squeeze9) squeeze-proposed-updates; urgency=low

  * Update db.root with new IP for D.root-servers.net.  Closes: #697352

 -- LaMont Jones <lamont op debian.org>  Tue, 08 Jan 2013 07:07:02 -0700

bind9 (1:9.7.3.dfsg-1~squeeze8) squeeze-security; urgency=high

  * Apply patch extracted from 9.7.6-P4 to fix CVE-2012-5166

 -- Florian Weimer <fw op deneb.enyo.de>  Sat, 20 Oct 2012 19:39:32 +0200

bind9 (1:9.7.3.dfsg-1~squeeze7) squeeze-security; urgency=high

  * Apply patch extracted from 9.7.6-P3 to fix CVE-2012-4244

 -- Florian Weimer <fw op deneb.enyo.de>  Wed, 12 Sep 2012 20:00:45 +0200

bind9 (1:9.7.3.dfsg-1~squeeze6) squeeze-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fi denial of service through assert because of using bad cache
    data before initialization (CVE-2012-3817).

 -- Nico Golde <nion op debian.org>  Mon, 30 Jul 2012 10:47:30 +0000

bind9 (1:9.7.3.dfsg-1~squeeze5) squeeze-security; urgency=high

  * Apply patch from ISC to fix zero-length RDATA handling (CVE-2012-1667)

 -- Florian Weimer <fw op deneb.enyo.de>  Mon, 04 Jun 2012 21:05:55 +0200

bind9 (1:9.7.3.dfsg-1~squeeze4) squeeze-security; urgency=high

  * Apply patch from ISC to fix query.c crash (CVE-2011-4313)

 -- Florian Weimer <fw op deneb.enyo.de>  Wed, 16 Nov 2011 20:12:40 +0100

bind9 (1:9.7.3.dfsg-1~squeeze3) squeeze-security; urgency=high

  * Apply patch from ISC BIND 9.7.3-P3 to address CVE-2011-2464.

 -- Florian Weimer <fw op deneb.enyo.de>  Tue, 05 Jul 2011 18:47:02 +0200

bind9 (1:9.7.3.dfsg-1~squeeze2) squeeze-security; urgency=high

  * Apply patches from 9.7.3-P1 to address crasher in negative caching
    (CVE-2011-1910) and resolution failures in DLV mode.

 -- Florian Weimer <fw op deneb.enyo.de>  Fri, 27 May 2011 20:04:04 +0200

bind9 (1:9.7.3.dfsg-1~squeeze1) stable-security; urgency=high

  * Build for squeeze-security

 -- Florian Weimer <fw op deneb.enyo.de>  Tue, 29 Mar 2011 22:24:54 +0200

bind9 (1:9.7.3.dfsg-1) unstable; urgency=low

  [Peter Palfrader]

  * Add db-4.6 to bdb_libnames in dlz/config.dlz.in so that it finds the right
    db.

  [Internet Systems Consortium, Inc]

  * 9.7.3 - Closes: #612287

  [Mahyuddin Susanto]

  * Updated Indonesian debconf templates.  Closes: #608559

  [LaMont Jones]

  * soname changes

 -- LaMont Jones <lamont op debian.org>  Wed, 23 Feb 2011 09:14:36 -0700

bind9 (1:9.7.3.dfsg~rc1-1) unstable; urgency=low

  [Internet Software Consortium, Inc]

  * New upstream

  [Peter Palfrader]

  * Add db-4.6 to bdb_libnames in dlz/config.dlz.in so that it finds the right
    db.

  [Mahyuddin Susanto]

  * Updated Indonesian debconf templates.  Closes: #608559

  [LaMont Jones]

  * soname changes for new upstream

 -- LaMont Jones <lamont op debian.org>  Fri, 04 Feb 2011 21:20:05 -0700

bind9 (1:9.7.2.dfsg.P3-1) unstable; urgency=high

  [ISC]
  * Fix denial of service via ncache entry and a rrsig for the
    same type (CVE-2010-3613)
  * answers were incorrectly marked as insecure during key algorithm
    rollover (CVE-2010-3614)
  * Using "allow-query" in the "options" or "view" statements to
    restrict access to authoritative zones had no effect.
    (CVE-2010-3615)

  [LaMont Jones]

  * Adjust indentation for dpkg change.  Closes: #597171

 -- LaMont Jones <lamont op debian.org>  Wed, 01 Dec 2010 16:32:48 -0700

bind9 (1:9.7.2.dfsg.P2-3) unstable; urgency=low

  [LaMont Jones]

  * Adjust indentation for dpkg change.  Closes: #597171
  * acknowledge and incorporate ubuntu change.

 -- LaMont Jones <lamont op debian.org>  Fri, 26 Nov 2010 05:18:43 -0700

bind9 (1:9.7.2.dfsg.P2-2ubuntu1) natty; urgency=low

  [ Andres Rodriguez ]
  * Add apport hook (LP: #533601):
    - debian/bind9.apport: Added.

  [ Martin Pitt ]
  * debian/rules: Install Apport hook when building on Ubuntu.

 -- Martin Pitt <martin.pitt op ubuntu.com>  Fri, 26 Nov 2010 10:50:17 +0100

bind9 (1:9.7.2.dfsg.P2-2) unstable; urgency=low

  [Roy Jamison]

  * lib/isc/unix/resource.c was missing inttypes.h include.  LP: #674199

 -- LaMont Jones <lamont op debian.org>  Fri, 12 Nov 2010 10:52:32 -0700

bind9 (1:9.7.2.dfsg.P2-1) unstable; urgency=low

  [Joe Dalton]

  * Add Danish translation of debconf templates.  Closes: #599431

  [Internet Software Consortium, Inc]

  * v9.7.2-P2

  [José Figueiredo]

  * Add Brazilian Portuguese debconf templates translation.  Closes: #597616

  [LaMont Jones]

  * drop this v3 (quilt) source format idea.  Closes: #589916

 -- LaMont Jones <lamont op debian.org>  Sun, 10 Oct 2010 19:01:57 -0600

bind9 (1:9.7.1.dfsg.P2-2) unstable; urgency=low

  * Correct conflicts for bind9-host

 -- LaMont Jones <lamont op debian.org>  Fri, 16 Jul 2010 05:24:38 -0600

bind9 (1:9.7.1.dfsg.P2-1) unstable; urgency=low

  [Internet Software Consortium, Inc]

  * Temporarily and partially disable change 2864 because it would cause
    inifinite attempts of RRSIG queries.  This is an urgent care fix; we'll
    revisit the issue and complete the fix later.  [RT #21710]
  * Temporarially rollback change 2748. [RT #21594]
  * Named failed to accept uncachable negative responses from insecure zones.
    [RT# 21555]

  [LaMont Jones]

  * freshen copyright file

 -- LaMont Jones <lamont op debian.org>  Thu, 15 Jul 2010 15:07:54 -0600

bind9 (1:9.7.1.dfsg.0-1) unstable; urgency=low

  * Repack to drop zkt/doc/{draft,rfc}*  Closes: #588055

 -- LaMont Jones <lamont op debian.org>  Mon, 05 Jul 2010 07:21:34 -0600

bind9 (1:9.7.1.dfsg-2) unstable; urgency=low

  [Regid Ichira]

  * explicitly add nsupdate to dynamic updates in README.Debian. 
    Closes: #577398

  [LaMont Jones]

  * Cleanup bind9-host description.  Closes: #579421
  * switch to 3.0 (quilt) source format, but not to quilt.  Closes: #578210

  [Stephen Gran]

  * updated geoip patch for ipv6, based on work by John 'Warthog9' Hawley
    <warthog9 op eaglescrag.net>.  Closes: #584603

 -- LaMont Jones <lamont op debian.org>  Fri, 02 Jul 2010 08:19:29 -0600

bind9 (1:9.7.1.dfsg-1) unstable; urgency=low

  [Internet Software Consortium, Inc]

  * 9.7.1

  [LaMont Jones]

  * Add freebsd support.  Closes: #578447
  * soname changes
  * freshen root cache.  LP: #596363

 -- LaMont Jones <lamont op debian.org>  Mon, 21 Jun 2010 09:53:30 -0600

bind9 (1:9.7.0.dfsg.P1-1) unstable; urgency=low

  [Internet Software Consortium, Inc]

  * 9.7.0-P1
    - 2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619]

 -- LaMont Jones <lamont op debian.org>  Wed, 17 Mar 2010 08:06:42 -0600

bind9 (1:9.7.0.dfsg.1-1) unstable; urgency=low

  [Niko Tyni]

  * fix mips/mipsel startup.  Closes: #516616

  [LaMont Jones]

  * ignore failures due to a lack of /etc/bind/named.conf*.  LP: #422968
  * ldap API changed regarding % sign.  LP: #227344
  * Drop more rfc and draft files.  Closes: #572606
  * update config.guess, config.sub.  Closes: #572528

 -- LaMont Jones <lamont op debian.org>  Fri, 12 Mar 2010 14:56:08 -0700

bind9 (1:9.7.0.dfsg-2) unstable; urgency=low

  [Aurelien Jarno]

  * kfreebsd has linux threads.  Closes: #470500

  [LaMont Jones]

  * do not error out on initial install.  Closes: #572443

 -- LaMont Jones <lamont op debian.org>  Thu, 04 Mar 2010 09:32:13 -0700

bind9 (1:9.7.0.dfsg-1) unstable; urgency=low

  * New upstream release

 -- LaMont Jones <lamont op debian.org>  Wed, 17 Feb 2010 14:53:36 -0700

bind9 (1:9.7.0.dfsg~rc2-1) experimental; urgency=low

  * New upstream release

 -- LaMont Jones <lamont op debian.org>  Thu, 28 Jan 2010 05:46:50 -0700

bind9 (1:9.7.0.dfsg~b3-2) experimental; urgency=low

  * merge changes from 9.6.1.dfsg.P2-1
  * meta: drop verisoned depends from library packages, for less upgrade pain
  * apparmor: allow named to create /var/run/named/session.key

 -- LaMont Jones <lamont op debian.org>  Sun, 06 Dec 2009 11:46:17 -0700

bind9 (1:9.7.0.dfsg~b3-1) experimental; urgency=low

  [Internet Software Consortium, Inc]

  * 9.7.0b3

  [LaMont Jones]

  * Merge remote branch 'origin/master'
  * soname changes

 -- LaMont Jones <lamont op debian.org>  Mon, 30 Nov 2009 21:07:58 -0700

bzip2 (1.0.5-6+squeeze1) stable; urgency=low

  * Non-maintainer upload by the Security Team
  * Fix CVE-2011-4089, thanks to vladz (Closes: #632862)

 -- Moritz Muehlenhoff <jmm op debian.org>  Mon, 26 Dec 2011 11:39:27 +0000

bzip2 (1.0.5-6) unstable; urgency=high

  * Fix integer overflow 
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0405
    http://www.debian.org/security/2010/dsa-2112
    Closes: 597585

 -- Anibal Monsalve Salazar <anibal op debian.org>  Tue, 21 Sep 2010 10:33:49 +1000

bzip2 (1.0.5-5) unstable; urgency=low

  * Provide missing symlinks in lib32bz2-1.0 and lib64bz2-1.0
    Patch by Michael Gilbert
    Closes: 594733

 -- Anibal Monsalve Salazar <anibal op debian.org>  Sun, 05 Sep 2010 00:06:01 +1000

bzip2 (1.0.5-4) unstable; urgency=low

  [Jorge Ernesto Guevara Cuenca]
  * New co-maintainer. Jorge Ernesto Guevara Cuenca <jguevara op debiancolombia.org> 
  * Add -h and --help options to the manual page (Closes: 517257)

  [Santiago Ruano Rincón]
  * Move DEBIAN/md5sums to a macro and rewrite to be more robust using find | 
    xargs and to drop the broken chmod calls. Thank to Loïc Minier from
    Ubuntu. (Closes: #565393)

 -- Santiago Ruano Rincón <santiago op debian.org>  Mon, 18 Jan 2010 10:46:25 +0100

bzip2 (1.0.5-3) unstable; urgency=low

  [ Santiago Ruano Rincón ]
  * Add md5sums files. (Closes: #484342)
  * Update debian/copyright.

  [ Anibal Monsalve Salazar ]
  * Merge from Ubuntu
  * Install into /usr/lib32 as /emul/ia32-linux is deprecated
    lib32bz2-1.0 pre-depends on libc6-i386 (>= 2.9-18)
    Closes: #533007

 -- Anibal Monsalve Salazar <anibal op debian.org>  Tue, 23 Jun 2009 15:23:59 +1000

bzip2 (1.0.5-2ubuntu1) karmic; urgency=low

  * Merge from Debian unstable, remaining changes:
    - debian/rules: install to /usr/lib32 on amd64

 -- Michael Vogt <michael.vogt op ubuntu.com>  Mon, 15 Jun 2009 10:34:48 +0200

bzip2 (1.0.5-2) unstable; urgency=low

  * Standards version is 3.8.1
  * Add Vcs-* fields in control file
  * Reinstate the $(CROSS) variable in the call to $(MAKE)
    Closes: #529404

 -- Anibal Monsalve Salazar <anibal op debian.org>  Tue, 09 Jun 2009 22:49:51 +1000

ca-certificates (20090814+nmu3squeeze1) stable; urgency=low

  * Non-maintainer upload.
  * No-change upload with incremented version number to avoid a
    version number conflict with '20090814+nmu3'.

 -- Thijs Kinkhorst <thijs op debian.org>  Tue, 13 Sep 2011 11:29:21 +0200

ca-certificates (20090814+nmu3) squeeze-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Blacklist "DigiNotar Root CA" (Closes: #639744)

 -- Raphael Geissert <geissert op debian.org>  Tue, 30 Aug 2011 21:37:34 -0500

ca-certificates (20090814+nmu2) unstable; urgency=low

  * Non-maintainer upload.
  * Fixes buggy shell functions included in the postinst script.
    (Closes: #591607)

 -- Maximiliano Curia <maxy op debian.org>  Fri, 13 Aug 2010 20:16:21 -0300

ca-certificates (20090814+nmu1) unstable; urgency=low

  * Non-maintainer upload.
  * Preserve user changes to the /etc/ca-certificates.conf.
    (Closes: #514220)

 -- Maximiliano Curia <maxy op debian.org>  Fri, 30 Jul 2010 12:55:28 -0400

ca-certificates (20090814) unstable; urgency=low

  * Call Debconf and its db_purge as early as possible in postrm.
    (Closes: #541275)

 -- Philipp Kern <pkern op debian.org>  Fri, 14 Aug 2009 11:10:00 +0200

ca-certificates (20090709) unstable; urgency=low

  * Fix purge by checking for `/etc/ssl/certs' first.  (Closes: #536331)

 -- Philipp Kern <pkern op debian.org>  Thu, 09 Jul 2009 10:35:39 +0200

ca-certificates (20090708) unstable; urgency=low

  * Removed CA files:
    - cacert.org/root.crt and cacert.org/class3.crt:
      Both certificate files were deprecated with 20080809.  Users of these
      root certificates are encouraged to switch to
      `cacert.org/cacert.org.crt' which contains both class 1 and class 3
      roots joined in a single file.
    - quovadis.bm/QuoVadis_Root_Certification_Authority.crt:
      This certificate has been added into the Mozilla truststore and
      is available as `mozilla/QuoVadis_Root_CA.crt'.
  * Do not redirect c_rehash error messages to /dev/null.
    (Closes: #495224)
  * Remove dangling symlinks on purge, which also gets rid of the hash
    symlink for ca-certificates.crt.  (Closes: #475240)
  * Use subshells when grepping for certificates in config, avoiding
    SIGPIPE because of grep's immediate exit after it finds the pattern.
    (Closes: #486737)
  * Fix VERBOSE_ARG usage in update-ca-certificates.  Thanks to
    Robby Workman of Slackware.
  * Updated Standards-Version and FSF portal address in the copyright file.

 -- Philipp Kern <pkern op debian.org>  Wed, 08 Jul 2009 23:19:56 +0200

ca-certificates (20090701) unstable; urgency=low

  * Reactivated "Equifax Secure Global eBusiness CA".  (Closes: #534674)
    Rationale: The rogue collision CA has its validity period in the past.
    Thus it does not impose a risk upon us at the moment.
  * Restrict search for local certificates to add on files ending with '.crt'.
  * Canonicalize PEM names by applying the same set of substitions to
    local and other certificates like the Mozilla certdata dumper does.

 -- Philipp Kern <pkern op debian.org>  Wed, 01 Jul 2009 14:50:00 +0200

ca-certificates (20090624) unstable; urgency=low

  * Allow local certificate installation.  All certificates found
    in `/usr/local/share/ca-certificates' will be automatically added
    to the list of trusted certificates in `/etc/ssl/certs'.
    (Closes: #352637, #419491, #473677, #476663, #511150)
  * Updated Mozilla certificates from nss 3.12.3-1 (certdata.txt revision
    1.51):
    + COMODO ECC Certification Authority
    + DigiNotar Root CA
    + Network Solutions Certificate Authority
    + WellsSecure Public Root Certificate Authority
    - Equifax Secure Global eBusiness CA
    - UTN USERFirst Object Root CA
  * Reimplemented the Mozilla certdata parser mainly to exclude explicitly
    untrusted certificates.  This led to the exclusion of the
    "MD5 Collisions Forged Rogue CA 23c3" and its parent
    "Equifax Secure Global eBusiness CA".  Furthermore code signing-only
    certificates are no longer included neither.
  * Remove the purging of old PEM files in postinst dating back to
    versions earlier than 20030414.
  * Hooks are now called at every invocation of `update-ca-certificates'.
    If no changes were done to `/etc/ssl/certs', the input for the
    hooks will be empty, though.  Failure exit codes of hooks will not
    tear down the upgrade process anymore.  They are printed but ignored.

 -- Philipp Kern <pkern op debian.org>  Tue, 24 Jun 2009 21:04:08 +0200

ca-certificates (20081127) unstable; urgency=low

  * Remove /etc/ssl{,/certs} in postrm to please piuparts.  (Closes:
    #454334)

 -- Philipp Kern <pkern op debian.org>  Thu, 27 Nov 2008 19:13:17 +0100

cpio (2.11-4) unstable; urgency=low

  * Apply patch from Didier Raboud to fix win32 output again.
    closes: #579533.

 -- Clint Adams <schizo op debian.org>  Thu, 29 Apr 2010 15:07:57 -0400

cpio (2.11-3) unstable; urgency=low

  * Return MT_EXIT_FAILURE instead of MT_EXIT_INVOP for fatal exits from
    mt.
  * Do not link mt with fatal.o even when automake is installed.
    closes: #576637.

 -- Clint Adams <schizo op debian.org>  Sat, 17 Apr 2010 11:17:31 -0400

cpio (2.11-2) unstable; urgency=medium

  * Patch from Sven Joachim to prevent /usr/share/info/dir.gz being
    shipped when install-info is present in the build environment.
    closes: #576620.

 -- Clint Adams <schizo op debian.org>  Tue, 06 Apr 2010 08:18:20 -0400

cpio (2.11-1) unstable; urgency=high

  * New upstream version.
    - Fixes CVE-2010-0624: Heap-based buffer overflow in GNU
      Tar and GNU Cpio.
  * Tweak mingw build to not fail.
  * Update watch file to pick bzip2-compressed tarballs.
  * Bump to Standards-Version 3.8.4.
  * Switch to 3.0 (quilt) source format.

 -- Clint Adams <schizo op debian.org>  Thu, 11 Mar 2010 00:05:20 -0500

cpio (2.10-2) unstable; urgency=low

  * Patch from Carl Miller to better handle device nodes from cramfs.
    closes: #565474.
  * Remove install-info invocations from prerm and postinst.
  * Depend on dpkg (>= 1.15.4) | install-info.
  * Bump to Standards-Version 3.8.3.

 -- Clint Adams <schizo op debian.org>  Mon, 18 Jan 2010 21:30:39 -0500

cpio (2.10-1) unstable; urgency=low

  * New upstream version.
  * Bump to Standards-Version 3.8.2.

 -- Clint Adams <schizo op debian.org>  Sat, 20 Jun 2009 11:53:36 -0400

cpio (2.9.90-3) unstable; urgency=low

  * Fix some variable types leading to spurious "file grew" errors for
    files larger than 4GB.  closes: #506714.

 -- Clint Adams <schizo op debian.org>  Mon, 02 Mar 2009 17:32:20 -0500

cpio (2.9.90-2) unstable; urgency=low

  * New upstream alpha release.

 -- Clint Adams <schizo op debian.org>  Tue, 24 Feb 2009 13:12:16 -0500

cpio (2.9-15) unstable; urgency=medium

  * Apply patch from Kees Cook to return proper exit codes.  closes:
    #514936.

 -- Clint Adams <schizo op debian.org>  Sat, 14 Feb 2009 13:55:42 -0500

cpio (2.9-14) unstable; urgency=low

  [ James Westby ]
  * Make sure that HAVE_GETPWNAM, HAVE_GETGRNAM, HAVE_GETPWUID and
    HAVE_GETGRGID are defined so that the real functions are used, rather
    than dummy ones. Having HAVE_GETPWNAM defined makes --owner work with
    user and group names again.
    - Also switch lib/system.h to use HAVE_GETPWUID instead of HAVE_PWUID.
    closes: #500264.

  [ Clint Adams ]
  * Bump to Standards-Version 3.8.0.

 -- Clint Adams <schizo op debian.org>  Fri, 26 Sep 2008 16:58:29 -0400

cron (3.0pl1-116) unstable; urgency=high

  * Upload with approval from Release Team to get RC bug fixes in Squeeze
    (see http://lists.debian.org/debian-release/2010/12/msg00719.html)
  * do_command.c, popen.c:
    - Use fork() instead of vfork().
  * do_command.c:
    - Close an unused stream in the fork()ed child prior to exec'ing the
      user's command, thereby avoiding an fd leak. Closes: #604181, LP: #665912
      Previously to this, in conjunction with LVM, the fd leak may have the
      effect of the user being spammed by warnings every time a cron job was
      executed.
  * crontab.5:
    - Fixed the example demonstrating how to run a job on a certain weekday of
      the month (date range was off-by-one). Also, the same example contained
      a superfluous escape, resulting in wrong output. Closes: #606325
  * cron.init:
    - Added $named to Should-Start, in case @reboot jobs need DNS resolution.
      Closes: #602903
    - Added nslcd to Should-Start. LP: #27520 

 -- Christian Kastner <debian op kvr.at>  Wed, 10 Nov 2010 21:13:19 +0100

cron (3.0pl1-115) unstable; urgency=high

  * cron.c: set LC_COLLATE to 'C' in order to properly work when locales
    are set that change the collation order expected by the regular
    expressions used in load_database(). By setting locale we were
    skipping some crontabs unexpectedly due to [a-z] not matching all the ascii
    characters in some languages (such as Estonian).  (Closes: #600310)
    Thanks to Michael Tokarev for spotting this issue and for
    Bastian Blank for pointing for the fix.
  * debian/cron.init: 
      - Fix typo that prevented it from properly loading LC_CTYPE (Closes:
        #600082)
      - Force LC_COLLATE to 'C' regardless of user locale settings.

 -- Javier Fernandez-Sanguino Pen~a <jfs op debian.org>  Sat, 16 Oct 2010 13:05:02 +0200

cron (3.0pl1-114) unstable; urgency=low

  * Cleanup of the package in preparation of the next Debian release.
     - Notice that only one change introduces new behaviour (debian/cron.pam),
       the other changes are just documentation fixes or cleanups to the
       packaging.
  * debian/cron.pam:
    - In addition to the reading /etc/security/pam_env.conf and 
      /etc/environment (obsolete config file) previous default,
      cron will now also read /etc/default/locale in order to setup
      the proper localisation environment for tasks.
  [ Documentation fixes ]
  * debian/cron.{default,init}, cron.8, crontab.5:
    - Updated documentation (comments in scripts and manpages) regarding the
      reading and setting of locale information for the cron daemon and for
      cron tasks to document the new behaviour due to the above change.
  * debian/{preinst,postinst,postrm}:
    - Since /etc/cron.monthly/standard does not provide any worthwhile task
      anymore, remove obsolete /etc/cron.monthly/standard after upgrading
      (local changes are preserved, however). Closes: #585680
  * crontab.1
    - Minor typo fixes to the manpage.
  * crontab.5:
    - Added an example submitted by jidanni (thanks!), showing how to run a
      command on the second Saturday of the month. Closes: #584514 
    - Minor fixes
  [ Fixes to the packaging ]
  * debian/control:
    - Bumped Standards-Version to 3.9.1 (no changes needed)
    - Added Pre-Depends for dpkg (>= 1.15.7.2) for a dpkg-maintscript-helper
      with support for safely removing conffiles
    - Added Homepage: field
    - Added Vcs-* fields
    - Upgraded debhelper dependency version for dh_bugscripts
  * debian/rules:
    - Replace deprecated dh_clean -k with dh_prep
  * debian/NEWS:
    - Apply Steve Langasek's patch to remove non-newsworthy content, avoiding
      unnecessary output from apt-listchanges during upgrade. Closes: #591005
  * debian/source/format:
    - Make source format explicit (1.0)

 -- Christian Kastner <debian op kvr.at>  Sun, 18 Jul 2010 22:51:21 +0200

cron (3.0pl1-113) unstable; urgency=medium

  [ Christian Kastner / Javier Fernandez-Sanguino ]
  * debian/postinst:
    - Now that permissions and ownership of crontabs are changed unconditionally,
      do not attempt to chown user crontabs if none are present. Closes: #585636
    - Only change permissions if the crontabs directory exist

 -- Christian Kastner <debian op kvr.at>  Sat, 12 Jun 2010 18:25:59 +0200

cron (3.0pl1-112) unstable; urgency=low

  [ Christian Kastner ]
  * do_command.c:
    - Don't send mail when a job exits non-zero, only send mail if the job sent
      output to stderr. This behaviour was introduced erroneously; while it
      does have merit, it is completly against standard cron behaviour.
      Closes: #581612
  * debian/compat:
    - Bumped debhelper compatibility to 7
  * debian/control:
    - Bumped Standards-Version to 3.8.4 (no change needed)
    - Build-Depend on debhelper (>= 7.0.50~)
    - Added dependency on ${misc:Depends} to package cron
  * debian/cron.init:
    - Changed Default-Stop from (1) to (empty). rc0 and rc6 were removed in
      3.0pl1-101 because the stop action -- sending SIGTERM/SIGKILL to cron
      on shutdown/reboot -- was redundant. This, however, also applies to
      rc1, because killprocs will do that for us.
  * debian/postinst:
    - Removed obsolete dpkg file backup code, this has been handed over to dpkg
      in 3.0pl1-109
    - Removed last remaining stop action (for rc1) from upate-rc.d (see above)
    - Add dpkg-statoverride for /usr/bin/crontab, and unconditionally change
      permissions of /var/spool/cron/crontabs. Closes: #304036, #460095
  * debian/standard.monthly:
    - Removed because it had been empty for years and therefore served no
      purpose
  * debian/cron.bug-{control,script}
    - Added to extend information submitted by reportbug
  * debian/rules:
    - Applied changes for standard.monthly and cron.bug-{control,script} above
  * debian/copyright:
    - Updated to reflect recent contributions
  * debian/README:
    - Updated ancient information with the current status (PAM support, SELinux
      support, etc.)
  * debian/TODO:
    - Added new entry regarding clarification of the purpose behind /etc/cron.d
  * debian/REFS:
    - Summary of links to relevant development threads; re-added for
      informational purposes.
  [ Javier Fernandez-Sanguino ]
  * debian/cron.init:
    - Fix typo (Closes: #585399)

 -- Christian Kastner <debian op kvr.at>  Thu, 10 Jun 2010 15:21:39 +0200

cron (3.0pl1-111) unstable; urgency=low

  [ Christian Kastner ]
  * debian/cron.init:
    - When both /etc/environment and /etc/default/locale contain locale
    information, warn that variables from /etc/environment will be ignored.
    Closes: #543895, #580942
    - Add autofs and NIS+ to Should-Starts, because especially NIS+ must be run
    before cron, if present. Closes: #512757
    - init script should be stopped in runlevel 0 and 6, too
  [ Javier Fernandez-Sanguino ]
  * do_command.c: Revert change so that mails are not sent if MAILTO
    is null. Closes: #580938

 -- Javier Fernandez-Sanguino Pen~a <jfs op debian.org>  Sun, 16 May 2010 15:16:24 +0200

cron (3.0pl1-110) unstable; urgency=medium
  [ Christian Kastner ]
  * user.c
     - Fix broken parsing and handling of crontabs with no-newline-before-EOF
     - Refuse to install such crontabs via crontab(1). Closes: #79037
     - Log crontabs missing newline before EOF to syslog. This is only relevant
       for crontabs not installed via crontab(1), ie. /etc/cron.d/* and
       /etc/crontab. Closes: #76625
     - Add a log message explicitly stating that all jobs of crontabs with
       syntax errors will not be run (ie, all-or-nothing). See #555954 
  * crontab.c
     - Tell the user which chars are expected on retry, too
  * cron.c
     - Don't let the daemon die when directories disappear, eg. when moving
       directories around. Patch provided by Justin Pryzby (thanks!).
       Closes: #470564
  * database.c
     - Recover from broken symlinks in /etc/cron.d/ (Closes: #433609)
     - Don't report wrong file owner in /etc/cron.d/ as wrong symlink owner 
     - Check the permissions of symlink targets (writeable only by root)
  * do_command.c
     - Don't let long-running commands time out certain MTAs. Patch provided by
       Justin Pryzby, based on an analysis by Alexis Huxley (thanks!). Debian's
       default MTA, exim, does not time out, so it shouldn't have been
       affected.  Closes: #155109, #443615
     - Bypass mail generation/sending code when no MTA is installed.
       Previously, jobs with a lot of output would die once the pipe's buffer
       was filled.  Closes: #577133
  * popen.c
     - Check return value of setgid() call, also associated with the
       CVE-2006-2607 fix
     - Move signal handling away from ancient API. Patch provided by Justin
       Pryzby (thanks!).
  * misc.c
     - On startup, when recreating missing directories, do so with permissions
       reflecting Debian's SGID crontab vs upstream's SUID
  * entry.c
     - Explicitly check for valid ranges in range values instead of upstream's
       broken approach which misses certain combinations of ranges and steps.
       Closes: #533726
  * env.c
     - Backport environment variable parser from 4.1. The 3.0 parser has a
       number of issues, especially with otherwise trivial matters such as
       whitespace. Closes: #437180
  * cron.8
     - Document symlink behaviour.
  * crontab.1
     - Document the new EOF handling described above.
  * crontab.5
     - Clarify parsing of empty variables (Closes: #497742)
  * debian/TODO
     - Remove obsolete entries; add a table of planned milestones
  * debian/NEWS
     - Briefly describe the most important changes since lenny's release
  * debian/control
     - Add Christian Kastner to the Maintainers list (Closes: #565143)

  [ Javier Fernandez-Sanguino Pen~a ]
  * debian/rules: Install the cron.default file properly
  * debian/standard.daily:
     - Do not indicate that lost+found does not exist if the filesystem is XFS
       (Closes: #577508 577536)

 -- Christian Kastner <debian op kvr.at>  Thu, 29 Apr 2010 16:23:38 +0200

cron (3.0pl1-109) unstable; urgency=medium

  * cron.c: 
     - Apply patch derived from OpenBSD's cron by Petya Kohts to
       handle properly DST and avoid running cron jobs twice, or 
       skip cron jobs when there is a savings time change.
       Closes: #217836, #458123, #474157, LP: #36690
  * crontab.c: 
     - Revert the behaviour  that prevented 'alias crontab="crontab -i"' from
       working. Now the -i flag is allowed regardless of other command line
       switches.  (Closes: #513379)
     - Be more verbose in the example provided for first-time users than run
       'crontab -e'
     - Check if the crontab exists before attempting its removal and before
       prompting the user (whe using -i)
     - When prompting, tell the user which chars are expected
  * crontab.1: 
     - Change usage to match crontab's output
     - Clarify use of the cron.allow and cron.deny files (Closes: #511782)
  * crontab.5:
     - Describe a known limitation related to the lack of the cron daemon's
       per-user timezone support (Closes: #497741, 353246, 166533)
     - Describe the use of tilde (~) as a substitute for $HOME (Closes: 477198)
     - Describe the lack of replacements of variables (Closes: #493636)
  * popen.c: Check return call of initgroups(), associated with
     CVE-2006-2607 fix. Thanks to Christian Kastner for the heads up.
  * cron.8:
     - Describe how the environment is managed in Debian
  * debian/cron.init: Also use /etc/timezone to setup the timezone environment
    (TZ) if not set.
  * debian/standard.daily:
     - Do not make a backup copy of dpkg files anymore since dpkg (1.15.4) does
       this already (when #541412 was fixed) (Closes: #541415)
     - Fix a bug in lost+found reporting. Files in lost+found were never +
       actually reported. [ Patch from Teemu Kiviniemi ]
     - Added ext4 for lost+found searches. [ Patch from Teemu Kiviniemi ]
     Closes LP: #367383
  * debian/control:
      - Add a Breaks dpkg (<< 1.15.4) to ensure that one always has the backup
        functionality either via cron or via dpkg.
      - Provides: cron-daemon, which was reinstated in the virtual package
        list in November 2009 (Closes: #349170)
  
 -- Javier Fernandez-Sanguino Pen~a <jfs op debian.org>  Sat, 10 Apr 2010 12:48:42 +0200

cron (3.0pl1-108) unstable; urgency=high

  * Add a Depends: on libpam-runtime (>= 1.0.1-11) since this 
    is required for the use of common-session-noninteractive
    (Closes: 575342) 

 -- Javier Fernandez-Sanguino Pen~a <jfs op debian.org>  Fri, 26 Mar 2010 00:17:02 +0100

cron (3.0pl1-107) unstable; urgency=low

  * debian/cron.pam: Use common-session-noninteractive in pam.d configuration
    instead of common-session so that libpam-ssh is not run. If libpam-ssh was
    installed the previous configuration resulted in cron spawning
    many ssh-agent processes (Closes: #572292)
  * debian/cron.init: Add Should-Start/Stop dependency to slapd so that cron
  * can start up tasks for users define in an LDAP (Closes: #557659, #546367)
  * Fix the use of perror so that the error message is correct when
    printing the reason why an operation failed. Thanks to
    Justin Pryzby for the patch. (Closes: 470587)
  * pathnames.h: Use /usr/bin/sensible-editor instead of /usr/bin/editor when
    calling crontab -e (Closes: #482284)
  * Fix debian/control description, thanks to Justin B Rye for the patch
    (Closes: #535227)
  * crontab.c: Produce a different warning message when root tries to setup a 
    crontab for a user that is not allowed to do so, and do not log the
    action (Closes: #505288)
  * Only allow -i if -r has been specified previously (Closes: #513379)
  * Update debian/README.Debian to indicate that the package is 
    being maintained at Alioth, thanks Tomas Pospisek for the patch 
    (Closes: #511740)
  * crontab.c: Update the usage() call so that it refers to the use 
    of -i when removing (-r)
  * crontab.1: Update the manpage:
     - Use the same option listing as in the crontab usage() call
     - Remove 'tweaked', explain what -u does in each context. 
     - Remove V3, use 'Vixie Cron' instead
    (Closes: #572249)
     - Update the manpage years (Closes: #563296)
     - Describe the usage of the crontab group wrt /var/spool/cron/crontabs
    (Closes: #539182)
  * Use debhelper compatibility version 5
  * Include cross build support with patch to debian/rules provided by Neil
    Williams  (Closes: #465077)
  * Change maintainer's email address

 -- Javier Fernandez-Sanguino Pen~a <jfs op debian.org>  Tue, 16 Mar 2010 22:55:26 +0100

cron (3.0pl1-106) unstable; urgency=high

   * SECURITY UPDATE: cron does not check the return code of setgid() and
   initgroups(), which under certain circumstances could cause
   applications to run with elevated group privileges. Note that the more
   serious issue of not checking the return code of setuid() was fixed already
   in 3.0pl1-64.  (Closes: #528434)
    - do_command.c: check return code of setgid() and initgroups()
    - This fixes (hopefully completely) CVE-2006-2607
   * crontab.c: 
      - close the temporary file after it is edited and
        before calling cleanup_tmp_crontab() to behave properly on NFS
        mounted / (Closes: #413962)
      - if crontab is run without argument then it will read stdin to replace
        the users crontab. This way it is POSIXLY_CORRECT. More information at
        http://www.opengroup.org/onlinepubs/9699919799/utilities/crontab.html
        (Closes: #514062)
   * crontab.5 : 
      - Add details about multiple recipients in MAILTO (LP: #235464) 
        (Closes: #502650)
      - Indicate that it also reads environment from /etc/environment
      - Substitute ATT for AT&T (Closes: #405474)
   * Proper fix for PAM configuration to make cron read the system
     environment (Closes: #511684)
   * debian/cron.init:
       - Add support for 'status' in the init.d (Closes: #514721)
       - Use 'cron' instead of 'crond' (Closes: #497699)
   * Change lockfile-progs from Suggests: to Recommends: and remove wording
     related to dselect, which is no longer relevant (Closes: #452460, #468262)
   * Add justification of checksecurity being in the Suggests: line
   * Change the (outdated) wording of the description based on an example
     provided by Justin B Rye (Closes: 485452)
   * Change the postinst so that update-rc.d is only run if /etc/init.d/cron is
     executable (Closes: #500610)

 -- Javier Fernandez-Sanguino Pen~a <jfs op debian.org>  Wed, 13 May 2009 01:05:41 +0200

cups (1.4.4-7+squeeze3) stable; urgency=low

  [ Didier Raboud ]
  * Ship cups-files.conf's manpage in cups (Closes: #697543)
    - Update the configuration files split patch to also build the
      manpage;
    - Install the english manpage.
  * Generate translated cups-files.conf's manpage in the po4a
    infrastructure.
  * Minimally update French manpage translation

  [ Helge Kreutzmann ]
  * Update German manpage translation. (Closes: #697860)

 -- Didier Raboud <odyx op debian.org>  Sat, 12 Jan 2013 17:46:27 +0100

cups (1.4.4-7+squeeze2) stable-security; urgency=high

  * Backport upstream configuration files split:
    - Add split-configuration-files-STR4223.dpatch
    - Install the new cups-files.conf
    Fixes: CVE-2012-5519 (Closes: #692791)
  * Make cupsd.conf a non-conffile, as it is managed by cups itself.
    - On new installs, set it up from cupsd.conf.default.
    - On upgrades, move it away in preinst and move it back in postinst.
    - On aborted upgrades, move the file back in place.
    - On purge, delete it too.
  * Document changes in cups.NEWS.

 -- Didier Raboud <odyx op debian.org>  Sat, 29 Dec 2012 12:33:27 +0100

cups (1.4.4-7+squeeze1) stable-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * debian/patches:
    - str3867 added, fix an infinite loop / heap-based buffer overflow in the
      gif_read_lzw() function (CVE-2011-2896)
    - str3914 added, complete the fix for the previous issue (CVE-2011-3170).

 -- Yves-Alexis Perez <yves-alexis.perez op ssi.gouv.fr>  Mon, 28 Nov 2011 15:07:37 +0100

cups (1.4.4-7) unstable; urgency=low

  [ Till Kamppeter ]
  * debian/local/filters/pdf-filters/pdftopdf/parseargs.c,
    debian/local/filters/pdf-filters/pdftopdf/parseargs.cxx,
    debian/local/filters/pdf-filters/pdftopdf/parseargs.h,
    debian/local/filters/pdf-filters/pdftopdf/Makefile: Made pdftopdf
    building with Poppler 0.15.x. Thanks to Koji Otani for this patch.
  * debian/control: Added dependency on "cups-ppdc" package to the "cups"
    package, so that the PPDs of the drivers which come with CUPS get built
    (LP: #485383).

  [ Martin Pitt ]
  * ubuntu-upstart.dpatch: Wait until daemon is ready, to avoid race
    conditions with init scripts which expect cups tools to work right after
    restarting it. (LP: #647369)
  * ubuntu-upstart.dpatch: If D-BUS is not available, start on runlevels 2 to
    5, so that this also works in server environments. (LP: #650893)
  * debian/local/apparmor-profile: Allow access to /usr/local/lib/cups/**.
    (LP: #160092)
  * debian/local/apparmor-profile: Allow reading /usr/local/**, in case
    third-party printer drivers need auxiliary files.
  * debian/local/apparmor-profile: Allow reading /var/run/**. (LP: #659961)
  * ubuntu-upstart.dpatch: Time out after 5 seconds when the local socket
    doesn't get created. Apparently a lot of users disable it in cupsd.conf.
    (LP: #672438)
  * debian/local/filters/pdf-filters/addtocups: Link pdftoijs with $(CXX),
    since it's a C++ program. Fixes FTBFS with gcc 4.5.
  * debian/local/filters/pdf-filters/pdftopdf/Makefile: Explicitly pdftopdf
    with -lz. gcc 4.5 does not automatically link to transitive library
    dependencies any more.
  * drop_unnecessary_dependencies.dpatch: Drop hunk for reduced krb5/gssapi
    linkage. With gcc 4.5, we now need -lkrb5.
  
  [ Marc Deslauriers ]
  * Add CVE-2010-2941.dpatch: Fix denial of service and possible code execution
    via invalid free. Skip over and reserve unused tags in cups/ipp.{c,h}.
    [CVE-2010-2941]

 -- Martin Pitt <mpitt op debian.org>  Fri, 12 Nov 2010 11:07:33 +0100

cups (1.4.4-6) unstable; urgency=low

  * debian/cups.preinst: Go back to using lsb-release, since dpkg-vendor is
    not installed by default (it's in dpkg-dev). Bump the version guard to
    this version, to reattempt the migration. (LP: #645328)

 -- Martin Pitt <mpitt op debian.org>  Thu, 23 Sep 2010 08:47:11 +0200

cups (1.4.4-5) unstable; urgency=low

  [ Martin Pitt ]
  * ubuntu-upstart.dpatch: Drop the dependency "on starting smbd", it causes
    samba to hang on package upgrades or manual restarts. There doesn't seem
    to be a good way to express this dependency right now. (LP: #639768)
    Instead, send a SIGHUP to smbd if it is running, which causes it to reload
    printers.

  [ Till Kamppeter ]
  * pstops-based-workflow-only-for-printing-ps-on-a-ps-printer.dpatch:
    Let CUPS use the former PostScript-based filter chain only if the input
    file is PostScript and the printer is a PostScript printer with
    manufacturer-supplied PPD file. This avoids ugly PS->PDF->PS conversions
    which are bad for the performance and sometimes cause issues
    (Closes: #593338, requested by Ricoh).

 -- Martin Pitt <mpitt op debian.org>  Thu, 16 Sep 2010 18:57:06 +0200

cups (1.4.4-4) unstable; urgency=low

  [ Till Kamppeter ]
  * default-ripcache-size-auto.dpatch: Replaced patch for letting CUPS default
    RIP_MAX_CACHE to 1/4 of the system's RAM by a patch defaulting
    RIP_MAX_CACHE to "auto". See LP: #628030.
  * debian/patches/cups-snmp-oids-device-id-hp-ricoh.dpatch: Let the "snmp"
    backend also use the manufacturer-specific MIBs of HP and Ricoh to
    obtain the device IDs of network-connected printers. This way we get more
    reliable information about make and model and in addition the supported
    page description languages, which allow to identify whether an optional
    PostScript add-on is installed or for an unsupported printer which
    generic PPD is the best choice (requested by Ricoh, thanks to Tim Waugh
    from Red Hat to create the patch).

  [ Martin Pitt ]
  * debian/control: Drop perl-modules dependency. The only script that uses
    perl is oopstops, which uses IO::Handle, and this is in perl-base.
  * debian/control, debian/rules, ubuntu-*.dpatch: Replace lsb_release call
    with dpkg-vendor, and drop lsb-release build dependency.
  * Upstartify for Ubuntu:
    - Add ubuntu-upstart.dpatch: Add debian/cups.upstart script, which now
      causes Samba to wait for cups to start. Don't have it in debian/ by
      default, since dh_installinit unconditionally prefers it over .init.
    - debian/rules: Call dh_installinit with --upstart-only when building on
      Ubuntu.
    - debian/cups.preinst: Remove old init script on upgrades when running on
      Ubuntu.
  * debian/cups.preinst: Remove some obsolete transitional code.
  * debian/cups.init.d, debian/cups.postinst: Move custom PPD directory setup
    from init script into postinst. No need to do that on every boot.

 -- Martin Pitt <mpitt op debian.org>  Tue, 14 Sep 2010 18:49:39 +0200

cups (1.4.4-3) unstable; urgency=low

  [ Jamie Strandboge ]
  * debian/cups.post{inst,rm}: update for local include file
  * debian/local/apparmor-profile: add local include file

  [ Martin Pitt ]
  * debian/rules: Stop building with --enable-threads, since currenu GnuTLS
    does not work with threads. This brings back the lost SSL/TLS support.
    (Closes: #588234, #591509)
  * debian/libcups2.symbols: Readd _http{Read,Write}GNUTLS op Base symbols to
    ensure that autogenerated shlibs dependencies for libcups get tight
    enough.
  * manpage-translations.dpatch: Update German manpage translations, thanks
    Helge Kreutzmann! (Closes: #588028)
  * debian/rules: Set DPKG_GENSYMBOLS_CHECK_LEVEL to 4 to point out outdated
    .symbols files more strongly.
  * debian/libcups2.symbols, debian/libcupsimage2.symbols: Subsume private
    optional symbols into regexps.

 -- Martin Pitt <mpitt op debian.org>  Wed, 11 Aug 2010 19:03:01 +0200

cups (1.4.4-2) unstable; urgency=low

  [ Till Kamppeter ]
  * debian/local/filters/pdf-filters/filter/fontembed/bitset.h,
    debian/local/filters/pdf-filters/filter/fontembed/sfnt.c,
    debian/local/filters/pdf-filters/filter/texttopdf.c: Fixed bug with
    subsetting certain composite chars (LP: #605479).
  * debian/local/acroread.conf, debian/local/pdftops.conf, debian/cups.install:
    Removed /etc/cups/acroread.conf and /etc/cups/pdftops.conf. These two files
    were used by the alternative pdftops filter from Helge Blischke. As we
    switched back to the original pdftops filter these files are not needed any
    more (LP: #605564).
  * debian/local/filters/cpdftocps: The PostScript level from the PPD file
    was not used, but always the default value "2" instead. This made Xerox
    color laser printers crash on some files. Thanks to Roel van Os for the
    patch (LP: #600972).

  [ Martin Pitt ]
  * debian/control: Reintroduce the libcupsys2{-dev} Provides:, since some
    third-party printer drivers still depend on them. (LP: #433311)
  * debian/control: Have libcups2 break older cups versions. (Closes: #588643)

 -- Martin Pitt <mpitt op debian.org>  Sat, 24 Jul 2010 19:38:50 +0200

cups (1.4.4-1) unstable; urgency=medium

  [ Till Kamppeter ]
  * debian/cups.init.d: When loading kernel modules for the parallel port
    load also the "parport_pc" module (LP: #369850).
  * debian/filters/pstopdf: Fixed the problem of the UseCIEColor warning of
    Ghostscript correctly. The file format converter should not do any kind
    of color correction but simply pass the colors through (LP: #578181).
  * debian/patches/cups-deviced-allow-device-ids-with-newline.dpatch: Some
    printers have broken device IDs with newline characters inside. These
    break the cups-deviced printer discovery mechanism and so the printers
    get ignored. This patch allows newline characters in device IDs
    (LP: #468701).

  [ Martin Pitt ]
  * New upstream bug fix/security release. Therefore "medium" urgency.
    - CUPS could overwrite files as root in directories owned or writable by
      non-root users. [STR #3510, CVE-2010-2431]
    - The web interface now includes additional CSRF protection.
      [STR #3498, CVE-2010-0540]
    - The texttops filter did not check the results of allocations.
      [STR #3516, CVE-2010-0542]
    - The web admin interface could disclose the contents of memory.
      [STR #3577, CVE-2010-1748]
  * Drop select_use_after_free.dpatch: Applied upstream.
  * do-not-broadcast-with-hostnames.dpatch: Update to apply to new version.
  * debian/libcups2.symbols, debian/libcupscgi1.symbols: Update for new
    version.
  * Add support-gzipped-charmaps.dpatch: Support gzipped charset → UTF8 maps;
    they compress very well and take a lot of space.
  * debian/rules: Compress /usr/share/cups/charmaps/*.txt in cups-common.
  * debian/local/filters/pdf-filters/*: Reenable call of setErrorFunction() on
    armel, now that poppler on arm has been fixed (see #575262)
  * debian/cups.postinst: Drop some obsolete transition code.
  * debian/cups.postinst: Some versions of cups-pdf (and perhaps other
    packages) changed the permissions of /usr/lib/cups/backend. Fix that
    during upgrade. (Closes: #582942)
  * debian/control: Drop all the transitional cupsys* packages and the
    remaining provides/conflicts/replaces on them. All packages in sid are now
    transitioned to the new package names, and Lenny already had them.

 -- Martin Pitt <mpitt op debian.org>  Tue, 29 Jun 2010 19:03:39 +0200

cups (1.4.3-1) unstable; urgency=low

  [ Till Kamppeter ]
  * debian/filters/pstopdf: Use "-dUseCIEColor" for the Ghostscript call in the
    pstopdf filter, to eliminate the warning "Set UseCIEColor for
    UseDeviceIndependentColor to work properly.".

  [ Martin Pitt ]
  * New upstream bug fix release. See http://www.cups.org/articles.php?L594
    for details.
  * Drop CVE-2010-0393.dpatch, upstream now.
  * Update usb-backend-both-usblp-and-libusb.dpatch for new version.
  * select_use_after_free.dpatch: Add additional fix by Tim Waugh and Vincent
    Danen for CVE-2010-0302, and update tag header. (Closes: #572940)

 -- Martin Pitt <mpitt op debian.org>  Fri, 09 Apr 2010 16:19:16 +0200

cups (1.4.2-10) unstable; urgency=low

  [ Till Kamppeter ]
  * debian/local/filters/pdf-filters/pdftopdf/P2PDoc.cxx: Output of the
    pdftopdf filter was not completely complying with the Adobe specs for PDF.
    Thanks to Duncan Lock for finding and reporting the bug and Johann Felix
    Soden for creating the patch to fix it (LP: #544636).

  [ Martin Pitt ]
  * Add no-conffile-timestamp.dpatch: Disable time stamps in conffiles, to
    avoid ever-changing files in /etc. Thanks Joey Hess!
    (Rejected upstream, STR#3067; Closes: #549673)
  * CVE-2010-0393.dpatch: Replace with patch from upstream, and tag
    header. (Closes: #572940)
  * debian/local/filters/pdf-filters/*: Disable call of setErrorFunction() on
    armel for now, since armel's libpoppler is broken. This works around
    #575262, so that cups can finally go into testing again (which is more
    than overdue).

 -- Martin Pitt <mpitt op debian.org>  Wed, 24 Mar 2010 16:50:56 +0100

cups (1.4.2-9.1) unstable; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fix loading of localized message string from arbitrary files
    through exporting the LOCALEDIR environment variable when lppasswd
    has a setuid bit set (CVE-2010-0393).

 -- Nico Golde <nion op debian.org>  Wed, 03 Mar 2010 21:28:13 +0100

cups (1.4.2-9) unstable; urgency=low

  * debian/control: Build depend on virtual libjpeg-dev package only.
    (Closes: #570381)
  * debian/cups.init.d: Fix syntax error which caused coldplug_usb_printers()
    to needlessly run udev-configure-printer for all USB devices.
  * Bump Standards-Version to 3.8.4 (no changes necesssary).
  * debian/libcupscgi1.symbols: Add new symbol from 1.4.2.
  * debian/cups.init.d: Add missing $remote_fs dependency.

 -- Martin Pitt <mpitt op debian.org>  Thu, 18 Feb 2010 15:16:26 +0100

cups (1.4.2-8) unstable; urgency=low

  [ Till Kamppeter ]
  * dynamic-default-ripcache-size.dpatch: Fixed the copy of thr new function
    cupsdDefaultRIPCacheSize() which goes into the cupsfilter utility. It did
    not return its result and made cupsfilter segfaulting independent of the
    input (LP: #442283).

  [ Martin Pitt ]
  * debian/control: Update libjpeg62-dev build/binary dependency to
    libjpeg8-dev | libjpeg-dev. (Closes: #569230)
  * Acknowledge Bdale Garbee's NMU to work around bad pdftotext behaviour due
    to a bug in ttf-freefont. This has been worked around in texttopdf itself
    in the previous upload (see LP #447961). (Closes: #519643)

 -- Till Kamppeter <till.kamppeter op gmail.com>  Thu, 11 Feb 2010 14:26:33 +0100

cups (1.4.2-7) unstable; urgency=low

  [ Till Kamppeter ]
  * debian/local/filters/pdf-filters/filter/texttopdf.c: Workaround for
    bug in ttf-freefont which messed up the output of the texttopdf filter.
    Thanks to Hin-Tak Leung and Steve White to find this solution (LP: #447961).
  * debian/local/filters/pdf-filters/pdftopdf/P2PDoc.cxx,
    debian/local/filters/pdf-filters/pdftopdf/P2PGfx.cxx,
    debian/local/filters/pdf-filters/pdftopdf/P2PGfx.h,
    debian/local/filters/pdf-filters/pdftopdf/P2PObject.h,
    debian/local/filters/pdf-filters/pdftopdf/P2POutput.cxx: Upstream
    fix from Koji Otani for the following: (1) Fixed some memory leak;
    (2) pdftopdf now delays fetching a referenced object until when it is
    written to the output. This fixes memory hogging with N-up output
    (N pages per sheet). The fix is mainly done by (2). This fixes
    LP: #508731.

  [ Martin Pitt ]
  * manpage-translations.dpatch: Update to German manpage translations, thanks
    Helge Kreutzmann! (Closes: #502908)
  * debian/cups.postinst: Do not symlink snakeoil SSL certificate if
    server.{crt,key} already exist as broken symlinks. Thanks Andreas
    Büsching! (Closes: #554579)

 -- Martin Pitt <mpitt op debian.org>  Wed, 27 Jan 2010 09:19:32 +0100

cups (1.4.2-6) unstable; urgency=medium

  [ Till Kamppeter ]
  * Urgency medium, this only fixes a highly visible crash.
  * debian/local/filters/pdf-filters/pdftopdf/P2PGfx.cxx: Fixed segfault of
    the pdftopdf filter when the input PDF file has ICC-profile-based color
    space inline images. Thanks to Koji Otani for the fix. Fixes:
    LP: #407344, LP: #466119, LP: #467919, LP: #475330, LP: #488752.

  [ Martin Pitt ]
  * debian/rules: Have a failed test suite fail the build on Ubuntu again,
    buildds were fixed. (LP: #447919)

 -- Martin Pitt <mpitt op debian.org>  Mon, 21 Dec 2009 10:19:44 +0100

cups (1.4.2-5) unstable; urgency=low

  * debian/local/filters/pdf-filters/addtocups,
    debian/local/filters/pdf-filters/config-scripts/cups-pdf-filters.m4,
    debian/local/filters/pdf-filters/pdftoopvp/Makefile,
    debian/local/filters/pdf-filters/pdftoopvp/OPVPOutputDev.cxx,
    debian/local/filters/pdf-filters/pdftopdf/P2PGfx.cxx,
    debian/local/filters/pdf-filters/pdftopdf/P2PPattern.cxx: Synced
    the PDF CUPS filters with upstream. This introduces a change by Koji Otani
    to also support Poppler 0.12.2 and newer with a change in its API/ABI.
    This version compiles with both the new and the old Poppler, but it 
    runs only with the Poppler with which it got compiled. This allows to
    build this package with both Ubuntu which ships the unchanged upstream
    version of Poppler 0.12.2 and Debian where the ABI changes got reverted
    by a Debian-only patch.

 -- Till Kamppeter <till.kamppeter op gmail.com>  Wed, 09 Dec 2009 15:04:39 +0100

cups (1.4.2-4) unstable; urgency=high

  * High urgency, since this fixes a security issue and should not block the
    already messy poppler transition any further.
  * pdftopdf, pdftoopvp: Revert patch to build against new upstream 0.12.2
    poppler ABI, since it was reverted in poppler's -2 package. Tighten build
    dependency and conflict to any libpoppler5 < 0.12.2-2 now.
    (Closes: #558906, #559038, #559094)
  * Add select_use_after_free.dpatch: Fix use-after-free segfault, causing a
    remote DoS. (STR #3200, CVE-2009-3553, Closes: #557740)

 -- Martin Pitt <mpitt op debian.org>  Wed, 02 Dec 2009 09:39:28 +0100

cups (1.4.2-3) unstable; urgency=low

  * pdftopdf, pdftoopvp: Patch to build with poppler 0.12.2, which broke ABI
    without bumping SONAME or even just shlibs :-(. Thanks to Jonathan Guthrie
    for the patch! (Closes: #558755)

 -- Martin Pitt <mpitt op debian.org>  Mon, 30 Nov 2009 22:58:04 +0100

cups (1.4.2-2) unstable; urgency=low

  * debian/control, debian/rules: Drop dpkg-substvars hack for poppler-utils
    dependency, since 0.12 is in Debian now. Bump poppler-utils dependency.
  * debian/rules: Don't fail the build on test suite failure on Ubuntu, since
    its buildds currently can't resolve their own hostname. (See LP#447919)
  * poppler is now built on all architectures, so cups will build on amd64,
    too. (Closes: #556359)

 -- Martin Pitt <mpitt op debian.org>  Tue, 17 Nov 2009 07:13:55 -0600

cups (1.4.2-1) unstable; urgency=low

  [ Till Kamppeter ]
  * debian/patches/log-debug-history-nearly-unlimited.dpatch: Made automatic
    debug logging of failed jobs (without need of "LogLevel debug") practically
    unlimited by raising the default limit from 200 to 99999 lines.
  * debian/local/filters/pdf-filters/pdftopdf/pdftopdf.cxx: pdftopdf did
    note collate for printers when they have "Collate" and 
    "cupsManualCopies:True" in the PPD. Thanks to Koji Otani from BBR Japan 
    for the fix.
  * debian/local/filters/cpdftocps: Fixed turning off duplex via command line
    (http://bugs.linux-foundation.org/show_bug.cgi?id=397).
  * debian/patches/usb-backend-both-usblp-and-libusb.dpatch: Fixed a bug
    of modifying the URI of the current print queue when comparing it with
    discovered URIs. Made the USB backend also compatible with URIS generated
    by old versions of CUPS, without serial number or with "serial=?"
    (LP: #450513).
  * debian/cups.init.d: Make cold-plugging of USB printers also correctly
    work if the usblp kernel module is loaded.

  [ Martin Pitt ]
  * New upstream security/bug fix release:
    - The CUPS web interface was vulnerable to several XSS and HTTP
      header/body attacks via attribute injection (STR #3367, STR #3401,
      CVE-2009-2820; Closes: #555666)
  * Drop maintain-default-option-settings.dpatch, applied upstream.
  * Update patches to new upstream version.
  * debian/control: Drop trademark stuff from package descriptions. No other
    package does that, and it's uninteresting here. The current ones with
    "easysw" were out of date, too. (Closes: #552781)
  * Now that poppler 0.12 is in Debian, drop
    disable-pdftoopvp-with-old-poppler.dpatch and bump libpoppler-dev build
    dependency.
  * poppler now ships fofi include files, which fixes the build.
    (Closes: #552818, #552223); rebuilding against new poppler ABI fixes
    uninstallability (Closes: #552456)

 -- Martin Pitt <mpitt op debian.org>  Thu, 12 Nov 2009 15:03:41 +0100

cups (1.4.1-5) unstable; urgency=low

  [ Till Kamppeter ]
  * debian/patches/do-not-broadcast-with-hostnames.dpatch: Do not use host
    names for broadcasting print queues and managing print queues broadcasted
    from other servers by default. Many networks do not have valid host names
    for all machines (LP: #449586).
  * debian/cups.postinst: Clear cache for upgrade to CUPS 1.4.x (LP: #420490).
  * usb-backend-both-usblp-and-libusb.dpatch: Removed some lines which were
    temporarily inserted for debugging.

  [ Martin Pitt ]
  * usb-backend-both-usblp-and-libusb.dpatch: Add upstream link.
  * Drop: disable-pie-mipsen.dpatch: Didn't help to fix the mipsen segfault.
  * debian/cups.postinst: Simplify structure and avoid calling invoke-rc.d in
    Till's change above.
  * Add ppdc-dynamic-linking.dpatch: Dynamically link ppdc, to work around
    segfault on mipsen. Thanks to Sune Vuorela! (Closes: #548246)

  [ Tormod Volden ]
  * debian/cups.init.d: honour blacklist when loading ppdev and lp kernel
    modules (LP: #424795)

 -- Martin Pitt <mpitt op debian.org>  Tue, 13 Oct 2009 09:57:11 +0200

cups (1.4.1-4) unstable; urgency=low

  [ Till Kamppeter ]
  * debian/patches/usb-backend-both-usblp-and-libusb.dpatch: Make the USB
    backend supporting both printer access via libusb and via the usblp kernel
    module. Make it also printing via libusb if the URI for the queue was
    generated via usblp and vice versa. This should solve most USB printing
    problems which occured on the transition to CUPS 1.4.x (LP: #420015,
    LP: #436495; Closes: #546558, #545288, #545453).

  [ Martin Pitt ]
  * debian/rules: Make the USB backend run as root again, udev rules do not
    cover all printers. (LP: #420015)
  * Drop debian/blacklist-cups.conf, and remove it on upgrade. With Till's fix
    from above this is not necessary any more.

 -- Martin Pitt <mpitt op debian.org>  Wed, 30 Sep 2009 15:17:53 +0200

cups (1.4.1-3) unstable; urgency=low

  * Add disable-pie-mipsen.dpatch: Disable PIE on mipsen, its binutils
    segfaults with it. (Closes: #548246)

 -- Martin Pitt <mpitt op debian.org>  Tue, 29 Sep 2009 09:22:12 +0200

cups (1.4.1-2) unstable; urgency=low

  [ Till Kamppeter ]
  * debian/local/filters/cpdftocps: Double-sided printing did not work on
    PostScript printers when the "sides" command line option for "lp"/"lpr"
    was used (LP: #411392).
  * debian/patches/maintain-default-option-settings.dpatch: For options with
    an underscore (or any other allowed non-alphanumeric character) in their
    names the default settings were not conserved when the PPD got replaced
    ("lpadmin -p ... -m ...", system-config-printer, automatic PPD update
    for existing print queues). Fixes LP: #432902 and CUPS STR #3340.

  [ Martin Pitt ]
  * debian/cups.init.d: Don't actually re-trigger udev events for printer
    coldplugging, since according to Scott James Remnant this slows down boot
    and kills kittens. Instead, just call it with --dry-run and manually call
    udev-configure-printer.
  * debian/cups.init.d: Only run udevadm if udev and the callout are actually
    available. Drop udev dependency to a suggests. This unbreaks cups on
    platforms which do not have udev, such as kfreebsd. (Closes: #546922)
  * debian/cups.init.d: Drop "cupsctl RIPCache" setting. It changes our
    conffile (causing dpkg prompts on upgrade), and overwrites the admin's
    setting without warning.
  * Add dynamic-default-ripcache-size.dpatch: Replace above functionality by
    setting the internal default value of RIPCache to MemTotal/4, if not given
    in the configuration file.
  * debian/rules: Do not let the usb backend run as root in Ubuntu any more,
    since that has a recent enough udev. Still keep it for Debian.
  * debian/cups-ppdc.install: Update path for Martin-Éric's section change of
    drv manpage.
 
  [ Martin-Éric Racine ]
  * Add manual-section-for-drv.dpatch: Fix incorrect man section 7 -> 1 as
    reported by Lintian.

 -- Martin Pitt <mpitt op debian.org>  Wed, 23 Sep 2009 23:58:15 +0200

cups (1.4.1-1) unstable; urgency=low

  [ Till Kamppeter ]
  * debian/cups.postinst: Fixed "lpstat -r" check for the auto update of
    PPDs of existing queues. "lpstat -r" exits always with status 0, we must
    check the actual output.
  * debian/cups.postinst: Updated PPD auto update, so that it works with the
    new CUPS sample driver PPDs which are dynamically generated now.

  [ Martin Pitt ]
  * New upstream bug fix release.
  * Drop patches accepted  upstream:
    - ppdc-locale-formatting.dpatch
    - usb-backend-infinite-loop-on-end-of-job.dpatch
    - dns-sd-check-typo.dpatch
  * debian/cups.preinst: Add cleanup of obsolete symlinks in /usr/share/ppd/.
    Drop cleanup from debian/cups.prerm. (Closes: #545298)
  * debian/control: Add udev dependency, since the init script calls udevadm.
    (LP: #429880)
  * debian/cups.postinst, debian/cups.init.d: Call client tools with 
    "-h /var/run/cups/cups.sock" instead of "-h localhost", just in case the
    server isn't configured to listen on a TCP port.
  * dnssd-avahi.dpatch: Update to latest Fedora version, which fixes the dnssd
    backend so that it only reports devices once avahi resolution has
    completed.  This makes it report Device IDs.

 -- Martin Pitt <mpitt op debian.org>  Tue, 15 Sep 2009 11:30:07 +0200

cups (1.4.0-5) unstable; urgency=low

  * Drop shlibs files and add symbols files for all libraries, to avoid too
    weak dependencies. (Closes: #545244)
  * debian/control: Tighten dependencies between server, client, and -common
    versions.

 -- Martin Pitt <mpitt op debian.org>  Sun, 06 Sep 2009 13:17:12 +0200

cups (1.4.0-4) unstable; urgency=low

  Upload 1.4 to unstable.

  [ Till Kamppeter ]
  * debian/patches/usb-backend-infinite-loop-on-end-of-job.dpatch: Fixed the
    patch so that the usb backend really terminates after a job (LP: #420797).
  * debian/local/apparmor-profile: cupsd needs also to be allowed to read
    the /dev/bus/usb/ directory, given with the "/" in the end. This should
    finally fix LP: #420015.

  [ Martin Pitt ]
  * debian/control: Drop the transitional cupsys packages.
  * printer-filtering.dpatch: Fix sometimes overzealous filtering, thanks to
    Stéphane Graber!
  * debian/rules: Drop autoconf call on build again, we have a proper upstream
    release.
  * debian/cups.postinst, debian/cups.init.d: Call lpstat, lpadmin, and
    cupsctl with "-h localhost" to avoid querying network printers set up in
    /etc/cups/client.conf, and asking for passwords. Thanks to Martin-Éric
    Racine for tracking this down and the solution! (Closes: #543468)
  * debian/control: Bump Standards-Version to 3.8.3 (no changes).
  * debian/cups.postinst: Use signal names instead of numbers for trap.
    Quiesces a lintian bashism warning.
  * Add debian/README.source.
  * debian/local/filters/pdf-filters/filter/fontembed/Makefile: Build
    libfontembed with -fPIC to also work on HPPA. (Closes: #543973)
  * debian/local/filters/pdf-filters/pdftoopvp/Makefile: Don't install font
    configuration file as executable.
  * debian/cups.lintian-overrides: Update for currently installed backends.
  * debian/control: Re-add transitional cupsys packages (except the
    libraries), they are still needed for upgrades from Ubuntu 8.04. Add the
    "You can safely remove after upgrade" note to their description.

 -- Martin Pitt <mpitt op debian.org>  Sat, 05 Sep 2009 15:31:07 +0200

cups (1.4.0-3) experimental; urgency=low

  [ Till Kamppeter ]
  * debian/patches/usb-backend-infinite-loop-on-end-of-job.dpatch: Fixed
    upstream bug of the new libusb-based CUPS "usb" backend falling into
    an infinite loop after completing the job, blocking the next job
    (LP: #420797).

  [ Martin Pitt ]
  * debian/local/filters/pdf-filters/pdftopdf/P2PDoc.cxx: Update for poppler
    0.11.3 API, thanks to Koji Otani <sho op bbr.jp>!
  * disable-pdftoopvp-with-old-poppler.dpatch: Revert above change when
    building with poppler 0.10.x.

 -- Martin Pitt <mpitt op debian.org>  Tue, 01 Sep 2009 09:44:33 +0200

cups (1.4.0-2) experimental; urgency=low

  * Add debian/blacklist-cups.conf: Blacklist the usblp module, it's obsolete.
    CUPS uses libusb directly now. (LP: #420015, part 1)
  * debian/local/apparmor-profile: Allow cupsd to access /dev/bus/usb/.
    (LP: #420015, part 2)
  * debian/rules: Make the usb backend run as root, since /dev/bus/usb/* are
    root:root, and cups does not use the usblp kernel module any more.
    (LP: #420015, part 3)
  * disable-pdftoopvp-with-old-poppler.dpatch: Update.

 -- Martin Pitt <mpitt op debian.org>  Mon, 31 Aug 2009 17:34:48 +0200

cups (1.4.0-1) experimental; urgency=low

  [ Martin Pitt ]
  * Final 1.4.0 release.
  * Add ppdc-locale-formatting.dpatch: Fix locale handling in ppdc to avoid
    broken PPD files in non-English locales. (STR#3300)

  [ Till Kamppeter ]
  * debian/control: Let the cups package only suggest cups-ppdc and not
    recommend it, as cups-ppdc is only interesting for developers.

 -- Martin Pitt <mpitt op debian.org>  Sun, 30 Aug 2009 21:20:46 +0200

cups (1.4.0~svn8773-1) experimental; urgency=low

  * New upstream prerelease snapshot.
    [ Changes listed explicitly here as they are not yet available on
      www.cups.org ]
    1. accept and reject; the accept and reject commands have been
       officially renamed to cupsaccept and cupsreject. The old names are
       still supported via symlinks.
    2. cupsdisable and cupsenable; the cupsdisable command now supports a
       --hold option to stop printing after the current job and the
       cupsenable command now supports a --release option to release
       pending jobs for printing.
    3. cupsfilter; the cupsfilter program now supports filtering of
       already-queued print job files and can also run printer-specific
       filters specified in the PPD file.
    4. cupstestdsc; the cupstestdsc utility has been improved to better
       detect problems with PostScript print files.
    5. cupstestppd; the cupstestppd utility has been improved to test new
       PPD keywords and better detect impossible constraints.
    6. lpadmin; the lpadmin command now supports options to hold and
       release new jobs on a printer or all printers.
    7. lpoptions; the lpoptions command now describes custom options and
       their parameters.
    8. lppasswd; the lppasswd program is no longer installed setuid by
       default.
    9. lpstat; the lpstat command now supports a -H option to show the
       current default server and no longer slows down when a printer is
       specified.
   10. Look-n-feel; the web interface has been given a new look.
   11. PHP support; the "php-cgi" program is used, when available, to
       process PHP pages in the CUPS web interface.
   12. Printer configuration; improvements have been made to the add and
       modify printer pages.
   13. Printer options; the Set Default Options page now provides a
       "query" button that queries the default and installed options from
       the printer.
   14. Printer sharing; the "share printer" and "unshare printer" buttons
       are now only shown when printer sharing is enabled in the
       scheduler.
   15. Security; the web interface has been updated to support
       authentication for printing of test pages and RSS subscription
       operations.
   16. Server settings; the Administration page now provides access to
       common "advanced" server settings.
   17. Bonjour (DNS-SD) printing support; a new mdns backend provides
       Bonjour-based printer discovery and the ipp, lpd, and socket
       backends now support Bonjour address resolution.
   18. Bonjour (DNS-SD) perforance tuning; the scheduler now only uses a
       single file descriptor for printer sharing. It previously used one
       per printer.
   19. Bonjour (DNS-SD) web interface registry; when remote access is
       enabled, the scheduler can register the web interface for easier
       access.
   20. LPD client support; the cups-lpd mini-daemon now provides the
       document-name for print jobs and supports specification of a CUPS
       server.
   21. PWG Port Monitor MIB; the snmp backend now supports the PWG Port
       Monitor MIB to better choose the device URI to use.
   22. SNMP-based monitoring; the ipp, lpd, and socket backends now report
       supply levels and printer status using SNMP queries.
   23. IPP/2.x support; CUPS now conforms to the draft IPP/2.0 and IPP/2.1
       specifications.
   24. CUPS-Add-Modify-Printer operation; the scheduler now supports
       setting the printer-state-reasons attribute using this operation.
   25. CUPS-Get-Document operation; the scheduler now supports a "get
       document" operation to download files from a print job.
   26. Device location; the scheduler and backend discovery interface now
       support a device-location attribute.
   27. Hold-New-Jobs and Release-Held-New-Jobs operations; the scheduler
       now supports the Hold-New-Jobs and Release-Held-New-Jobs
       operations.
   28. Access control; the scheduler now supports multiple addresses in
       Allow and Deny lines. It also now returns a HTTP 403 (forbidden)
       status when a user authenticates successfully but is not allowed to
       perform an operation.
   29. Access logging; the scheduler now supports an AccessLogLevel
       directive to control what is logged in the access_log file.
   30. Configuration files; the default cupsd.conf file now provides an
       "authenticated" policy for easy authenticated sharing of printers.
   31. Default LogLevel; the default LogLevel is now "warn" instead of
       "info".
   32. Automatic debug logging; the scheduler now records up to the last N
       (default 200) debug messages for failed print jobs.
   33. Default paper size; the scheduler now supports a DefaultPaperSize
       directive to override the default paper size defined by the locale
       or libpaper configuration.
   34. Encryption support; the scheduler now supports a SSLOptions
       directive to optionally support Windows clients in "FIPS" mode. It
       also now loads both the server and CA certificates (if present)
       from the ServerCertificate file.
   35. Error logging; the scheduler now logs unsuccessful operations as
       errors in the error_log file.
   36. Error policies; the scheduler now supports a retry-current-job
       error policy that retries the current job immediately.
   37. Fatal error handling; the scheduler now supports a FatalErrors
       directive to control which startup errors should be considered
       fatal.
   38. Filter command-line; the scheduer now passes the
       job-originating-host-name attribute as a CUPS option to filters and
       backends.
   39. Filter environment; the scheduler now includes CUPS_JOBTYPE,
       PRINTER_INFO, and PRINTER_LOCATION variables in the environment
       passed to filters and backends.
   40. Job progress; the scheduler now supports a job-media-progress
       attribute to track the printing progress of each page.
   41. MIME database; MIME types now support a priority attribute to
       override the default (alphabetical) rules of precedence.
   42. Page logging; the scheduler now supports a PageLogFormat directive
       to control the format of the page_log file.
   43. PAM support; the scheduler now sets more PAM attributes to better
       support third-party authentication schemes.
   44. PDF job ticket support; the scheduler now supports cupsJobTicket
       comments at the beginning of PDF print jobs.
   45. Performance tuning; the scheduler now coalesces configuration and
       state file changes to reduce the amount of disk activity and caches
       printer attributes to further reduce startup time.
   46. Printcap support; the scheduler no longer clears the printcap file
       when shutting down, and can now create XML "plist" printcap files
       as well.
   47. RSS subscriptions; the scheduler now starts the notifier for RSS
       subscriptions after creation so the feed is available immediately.
   48. Sandbox support; the scheduler now runs child processes using
       restrictive policies on Mac OS X for improved security and job
       isolation.
   49. Test option; the scheduler now supports a test mode via the "-t"
       option.
   50. Device discovery; the cups-deviced helper now runs backends in
       parallel for faster discovery and streams the results of discovery
       as the backends provide them.
   51. Driver development kit; the CUPS DDK is now a standard part of
       CUPS.
   52. Driver information file support; the cups-driverd helper program
       now directly supports PPD compiler driver information files.
   53. Dynamic PPD support; drivers can now set PPD keywords dynamically
       using PPD: messages.
   54. Generic PostScript command filter; a new CUPS command file filter
       for PostScript printers provides auto-configuration, self-test
       page, and status and supply level reporting functions.
   55. New printer drivers; new generic PostScript and PCL drivers provide
       improved support for laser printers, the CUPS DDK drivers offer
       support for many HP DesignJet printers, and new label drivers offer
       support for Seiko and Tharo label printers.
   56. PJL support; the cupsPJLDisplay PPD attribute controls the PJL
       commands used to display the current user and job on the printer.
   57. PPD compiler improvements; the PPD compiler now supports Mac OS X
       .strings files, OID query strings, conditional directives, long
       file names, and a test mode. It also fixes many other bugs from the
       CUPS DDK 1.2.3 release.
   58. USB printer support; the usb backend now uses libusb when available
       to allow it to better work with third-party scanning and printing
       solutions.
   59. Banner filter; the bundled banner ("job-sheets") pages are now
       generated using a new banner filter provides easier customization
       and better support for UTF-8 text.
   60. Image filters; the standard image filters now support image files
       larger than 2GB.
   61. PDF filter; the pdftops filter has been replaced with a wrapper
       program that runs the Xpdf, poppler, or Ghostscript PDF to
       PostScript utilities.
   62. Backend API; a new cupsBackendReport function is provided to report
       a device from a backend and handles any needed quoting of the
       make-and-model, info, device-id, and location strings.
   63. Device discovery; the new cupsGetDevices function streams
       discovered devices to an application-provided callback function.
   64. IPP API; the IPP read and write functions no longer use a large
       stack-based buffer when reading and writing IPP attributes.
   65. PPD support; several new functions are provided: cupsGetPPD3,
       cupsResolveConflicts, ppdInstallableConflict, ppdLocalizeAttr,
       ppdLocalizeMarkerName and ppdPageSizeLimits.
   66. Side-Channel API; new cupsSideChannelSNMPGet and
       cupsSideChannelSNMPWalk functions allow printer drivers to do SNMP
       queries via the standard network backends.
   67. Streaming API; a new streaming request API provides asynchronous
       job creation and request submission.
  * debian/patches/freebsd.dpatch,
    debian/patches/manpage-typos.dpatch,
    debian/patches/search_mime_files_in_usr_share.dpatch,
    debian/patches/cupsaccept.dpatch,
    debian/patches/gnutls-pkgconfig.dpatch: Removed backport patches of upstream
    features.
  * debian/patches/testsuite-increase-wait-timeout.dpatch: Removed, fixed
    upstream.
  * debian/patches/removecvstag.dpatch,
    debian/patches/pidfile.dpatch,
    debian/patches/ppd-poll-with-client-conf.dpatch,
    debian/patches/quiesce-bonjour-warning.dpatch,
    debian/patches/rootbackends-worldreadable.dpatch,
    debian/patches/drop_unnecessary_dependencies.dpatch,
    debian/patches/reactivate_recommended_driver.dpatch,
    debian/patches/default_log_settings.dpatch,
    debian/patches/confdirperms.dpatch,
    debian/patches/printer-filtering.dpatch,
    debian/patches/ubuntu-disable-browsing.dpatch: Regenerated.
  * debian/local/backends/dnssd, debian/control, debian/cups.install,
    debian/rules: "dnssd" backend removed, DNS-SD discovery backend is now
    provided upstream.
  * debian/patches/dns-sd-check-typo.dpatch: Fixed typo in upstream code to
    check for the availability of dns_sd.h.
  * debian/patches/dnssd-avahi.dpatch: Added avahi support for the "dnssd" CUPS
    backend (patch from Fedora). CUPS' DNS-SD support does not build with the
    libdns_sd of avahi.
  * debian/patches/show-compile-command-lines.dpatch: Show compiler command
    lines in the output of the "make" process.
  * debian/control: Added libusb-dev to the build dependencies, the new USB
    printer backend uses libusb and not any more the usblp kernel module.
  * debian/control: Added libavahi-common-dev and libavahi-client-dev to
    the build dependencies, for the avahi patch for the DNS-SD support.
  * debian/control: Added new packages for the new shared libraries and also
    cups-ppdc for the PPD manipulation utilities of the former CUPS DDk. Added
    transitional package for CUPS DDK. Added Conflicts:/Replaces: as cupsddk
    is replaced by cups-ppdc and the files of cupsddk-drivers go into the
    main cups package.
  * debian/rules: Added "--enable-libusb" to the ./configure command line.
  * debian/rules: Added "--enable-avahi" to the ./configure command line.
  * debian/rules: Call autoconf, as we have an SVN snapshot currently.
  * debian/rules: Updated individual file installation and adaptation steps
    for the new CUPS version.
  * debian/libcups2-dev.install: Added new header file versioning.h.
  * debian/libcupscgi1-dev.install, debian/libcupscgi1.install,
    debian/libcupsdriver1-dev.install, debian/libcupsdriver1.install,
    debian/libcupsmime1-dev.install, debian/libcupsmime1.install,
    debian/libcupsppdc1-dev.install, debian/libcupsppdc1.install: Added install
    file lists for newly added libraries.
  * debian/cups-ppdc.install: File list for new cups-ppdc package. This package
    holds the PPD file manipulation tools which were in CUPS DDK formerly.
  * debian/cups-common.install, debian/cups.install: Updated for new CUPS
    version.
  * debian/cups.install, debian/cups-client.install, debian/cups-ppdc.install:
    Commented out lines for missing translated man pages.
  * debian/cups.postinst: Do not create the /usr/share/ppd/1-local-admin
    and /usr/share/ppd/2-third-party links. They are not needed with current
    CUPS and they also break the test procedure during package build.
  * debian/libcups2.postinst, debian/libcupsimage2.postinst: Removed no-op
    maintainer scripts.
  * debian/local/filters/pdf-filters/addtocups,
    debian/local/filters/pdf-filters/config-scripts/cups-pdf-filters.m4,
    debian/local/filters/pdf-filters/filter/texttopdf.c: Let ./configure
    script check the CUPS version so that in texttopdf.c a missing variable
    can get defined if CUPS is 1.4.x or newer.
  * debian/local/filters/pdf-filters/pdftoopvp/Makefile,
    debian/local/filters/pdf-filters/pdftopdf/Makefile: Added missing
    "unittests", "install-data", "install-headers", "install-libs",
    "install-exec", "libs", "apihelp", and "framedhelp" targets to the
    Makefiles of the PDF filters.

  [ Martin Pitt ]
  * debian/cups.install, debian/local/filters/pdf-filters/addtocups: Enable
    pdftoopvp filter.
  * Add disable-pdftoopvp-with-old-poppler.dpatch: Disable pdftoopvp if we
    build against a poppler older than 0.11, since pdftoopvp needs that new
    API. (This uses pkg-config --atleast-version in the dpatch script header.)
  * ubuntu-disable-browsing.dpatch: Restore Ubuntu check.
  * dnssd-avahi.dpatch: Add upstream bug link.
  * dnssd-avahi.dpatch: Do not error out of the dnssd backend if system D-Bus
    is not running. This unbreaks the test suite when running in a build
    environment.

 -- Martin Pitt <mpitt op debian.org>  Tue, 25 Aug 2009 22:07:17 +0200

cups (1.3.11-2) unstable; urgency=low

  [ Till Kamppeter ]
  * debian/cups.init.d: Trigger udev event for all USB printers right after
    starting the CUPS daemon to run the udev callouts for the printers. This
    allows automatic print queue setup and re-enabling print queues also if
    the printer is cold-plugged (connected before CUPS and/or udev got
    started).
  * debian/cups.init.d: Set CUPS RIP cache to 1/4 of the total RAM when CUPS
    is started. This way CUPS Raster drivers get enough memory for reliable
    and quick operation even if large paper sizes with high resolutions are
    printed.
  * debian/local/filters/pdf-filters/pdftoopvp/OPVPOutputDev.cxx,
    debian/local/filters/pdf-filters/pdftoopvp/OPVPOutputDev.h,
    debian/local/filters/pdf-filters/pdftoopvp/pdftoopvp.cxx,
    debian/local/filters/pdf-filters/pdftoopvp/opvp/opvp.h,
    debian/local/filters/pdf-filters/pdftoopvp/opvp/opvp_0_2_0.h: Adapted
    pdftoopvp filter to the new API of Poppler 0.11.2. Thanks to upstream
    author Koji Otani for the patch.
  * debian/rules: Explicitly create empty file pdftoopvp/Dependencies after
    applying the PDF filters add-on as the build servers seem to not copy
    empty files.
  * debian/patches/default_log_warn.dpatch,
    debian/patches/default_log_settings.dpatch: Renamed patch for cupsd.conf
    logging settings and added "MaxLogSize 0" so that CUPS does not do its
    own log rotation, as our log rotation is much better.
  * debian/cups-bsd.postinst, debian/cups.postinst: Moved handling of
    /etc/printcap symlink from the post-install script of the cups-bsd
    package to the cups package. Should assure that the symlink gets
    also set on initial system installation (LP: #415825).
  * debian/local/filters/cpdftocps: Updated filter to not use the pdftops
    filter of CUPS, as from version 1.3.11 on CUPS' pdftops filter integrates
    the call of pstops, and in the PDF workflow this would duplicate the
    application of page management options, like N-up, even/odd pages, and
    even the number of copies for some printers (LP: #412709).

  [ Jamie Strandboge ]
  * debian/cups.postinst: reload individual cups profile, not all of apparmor
    (LP: #412745)

  [ Martin Pitt ]
  * debian/local/apparmor-profile: Allow cups-pdf to run /bin/cp.
  * debian/control: Drop smbclient to Suggests. (Closes: #542464)

 -- Martin Pitt <mpitt op debian.org>  Sat, 22 Aug 2009 17:49:59 +0200

cups (1.3.11-1) unstable; urgency=low

  [ Till Kamppeter ]
  * debian/local/filters/textonly: Adding a final form feed to the job (via
    PPD option) did not work (LP: #396673).
  * debian/local/filters/pdf-filters/filter/imagetopdf.c: imagetopdf proceeded
    the PDF output with a blank line. This made some filters misbehave.
  * debian/patches/read-embedded-options-from-incoming-postscript-and-add-to-ipp-attrs.dpatch:
    Make CUPS read the number of copies out of Windows print jobs reliably by
    also considering lines like "%%BeginNonPPDFeature: NumCopies 2". Thanks
    to Dan Sheridan from Adelard (djs at adelard dot com) for this improvement
    of the patch.

  [ Stéphane Graber ]
  * Add printer-filtering.dpatch: Add support for printer filtering.
    With this patch, when the PRINTER_LIST environment variable is defined
    only the printers (comma separated) in it will be displayed.

  [ Martin Pitt ]
  * New upstream bug fix release. See http://www.cups.org/articles.php?L586
    for details.
  * Drop pdftops-testsuite.dpatch (fixed upstream).
  * poppler-based-pdftops-fixes.dpatch, search_mime_files_in_usr_share.dpatch:
    Update to new upstream version.

 -- Martin Pitt <mpitt op debian.org>  Sat, 11 Jul 2009 17:27:03 +0200

cups (1.3.10-5) unstable; urgency=low

  * debian/patches/read-embedded-options-from-incoming-postscript-and-add-to-ipp-attrs.dpatch:
    Make CUPS reading all option settings in PostScript print jobs and add
    the option settings to the filter command line before starting the filter
    chain. This fixes the problem that in the PDF printing workflow (where
    incoming PostScript gets converted to PDF by pstopdf) option settings
    embedded in the incoming PostScript code do not get obeyed. Especially
    the options of jobs from Windows clients get ignored.
  * debian/filters/pstopdf: Do not let Ghostscript generate multiple copies
    of the job if the filter command line from CUPS already supplies the
    correct number of copies.
  * debian/local/filters/pdf-filters/addtocups: The disabling of the
    pdftoopvp filter in cups 1.3.10-3 also disabled pdftopdf. Re-enabled
    pdftopdf.

 -- Till Kamppeter <till.kamppeter op gmail.com>  Mon, 15 Jun 2009 10:50:33 +0200

cups (1.3.10-4) unstable; urgency=low

  * Add ghostscript-cups dependency. (LP: #385606)
  * debian/control: Add back dropped comma, which led to the ssl-cert
    dependency being dropped. (Closes: #532845)
  * debian/local/apparmor-profile: Allow reading /proc/sys/crypto/**. 
    (LP: #335898)
  * debian/local/apparmor-profile: Allow dac_override to cups-pdf. This is
    unfortunate, but required with some $HOME permissions; the profile is very
    tight, so this shouldn't actually considerably increase privileges.
    (LP: #224365)

 -- Martin Pitt <mpitt op debian.org>  Fri, 12 Jun 2009 11:32:28 +0200

cups (1.3.10-3) unstable; urgency=low

  [ Till Kamppeter ]
  * debian/cups.install, debian/rules: Move added *.convs and *.types files to
    /usr/share/cups/mime/ so that they are not considered config files
    by dpkg.
  * debian/local/text.convs: Turn all text input formats to text/plain at
    a high cost, so that the text-only printer (which accepts only text/plain)
    accepts them (LP: #385797).
  * debian/rules: Switch the pdftops filter back to Poppler, as Ghostscript
    has a lot of problems in generating PostScript (LP: #382379).
  * debian/patches/poppler-based-pdftops-fixes.dpatch: Fixes for the pdftops
    filter in Poppler mode: Do not emit PostScript level 3 as it Poppler's
    PostScript level 3 output is not compatible with HP's PostScript printers
    (LP: #277404); Added support for the new "-origpagesizes" option of
    Poppler's pdftops, so that documents with pages of different sizes get
    correctly printed (LP: #310575).
  * debian/filters/pstopdf: Do not call Ghostscript with asymmetric resolutions
    (like 1200x600 dpi), as it leads to problems with images in some cases.
    See http://bugs.ghostscript.com/show_bug.cgi?id=690504.
  * debian/local/filters/pdf-filters/pdftopdf/P2PObject.h,
    debian/local/filters/pdf-filters/pdftopdf/P2POutput.cxx: Fixed infinite
    loop which occured for some PDF files (LP: #382880).
  * debian/filters/pstopdf: Make it also correctly working if PaperDimension
    and ImageableArea entries in the PPD have no translation strings. Thanks
    to Koji Otani to find the bug.
  * debian/local/filters/pdf-filters/pdftoopvp/,
    debian/local/filters/pdf-filters/README,
    debian/local/filters/pdf-filters/addtocups,
    debian/local/filters/pdf-filters/removefromcups,
    debian/local/filters/pdf-filters/config-scripts/cups-pdf-filters.m4:
    Added pdftoopvp CUPS filter as part of the PDF filter add-on.
  * debian/cups.install: Make /etc/fonts/conf.d/99pdftoopvp.conf of pdftoopvp
    be installed as part of the cups package
  * debian/control: Added build dependencies needed by pdftoopvp: liblcms1-dev,
    libfreetype6-dev, libfontconfig1-dev
  * debian/control: Moved dependency on cups-client to Depends:, as
    cups-client is needed by the post-install script for the update of the
    PPDs of existing print queues.
  * debian/cups.postinst: Case-insensitive check for model names when updating
    PPDs of already existing print queues.

  [ Martin Pitt ]
  * Add gnutls-pkgconfig.dpatch: Use "pkg-config gnutls" instead of deprecated
    libgnutls-config. (Closes: #529903)
  * Bump Standards-Version to 3.8.1 (no changes necessary).
  * debian/control: Point Vcs-Browser: to bzr.d.o. loggerhead, and use http://
    URL for Vcs-Bzr.
  * debian/control: Drop ghostscript build dependency again, pdftops filter
    uses poppler again. Also Drop alternative xpdf-utils build dependency,
    since configure now checks for poppler's pdftops capabilities.
  * debian/control, debian/rules: Do a build-time check if pdftops supports
    -origpagesizes, and dynamically set the poppler-utils dependency. This is
    a hack until https://bugs.freedesktop.org/show_bug.cgi?id=19777 makes it
    into Debian.
  * debian/cups.install, debian/local/filters/pdf-filters/addtocups: Disable
    new pdftoopvp filter for now, since sid does not yet have poppler 0.11.
    Lower libpoppler-dev build dependency again.

 -- Martin Pitt <mpitt op debian.org>  Thu, 11 Jun 2009 12:19:33 +0200

cups (1.3.10-2) unstable; urgency=low

  [ Till Kamppeter ]
  * debian/local/filters/pdf-filters/pdftopdf/P2PFont.cxx: Make the pdftopdf
    filter also building with Poppler 0.11.0.
  * debian/filters/pstopdf: Make pstopdf also reading default values from the
    PPD if there is no space between the colon and the value. Some programs
    seem to remove this space when setting the defaults. Fixes problem of
    Shaun Crampton in LP: #357732.

  [ Martin Pitt ]
  * debian/control: Lift cups-driver-gutenprint from Suggests to Recommends,
    it's needed by many printers and not very large. (Closes: #522428)
  * debian/control: Drop cups-bsd's Recommends: cups to a Suggests:. Client
    packages shouldn't pull in the server by default. (Closes: #529630)
  * debian/libcups2.dirs: Drop, obsolete.
  * debian/cups.dirs: Remove most directories, not necessary to explicitly
    create them.

  [ Martin-Éric Racine]
  * Cleaned Lintian errors:
    (source)
    E: debian-rules-ignores-make-clean-error
    W: debhelper-but-no-misc-depends
    W: dbg-package-missing-depends
    (cups)
    E: dir-or-file-in-var-run 
    (cups-common)
    W: symlink-should-be-relative
  * Added Lintian overrides:
    (cups)
    W: non-standard-executable-perm
       usr/lib/cups/backend-available/[ipp|lpd|serial] 0744 != 0755

 -- Martin Pitt <mpitt op debian.org>  Thu, 21 May 2009 19:01:37 +0200

cups (1.3.10-1) unstable; urgency=medium

  [ Martin Pitt ]
  * New upstream security/bug fix release:
    - The scheduler now protects against DNS rebinding attacks. Please note
      that this could lead to some regressions. (CVE-2009-0164)
    - Fixed TIFF integer overflow in image filters. (CVE-2009-0163)
    - Lots of bug fixes.
  * Drop patches included upstream:
    - hpgl-regression.dpatch
    - runloop-backchannel-eof-spin.dpatch
    - png-image-int-overflow.dpatch
    - CVE-2008-5183.dpatch
    - pdftops-cups-1.4.dpatch
  * Add pdftops-testsuite.dpatch: Fix path to pdftops in the test suite.
  * debian/rules: Specify --with-pdftops=gs, so that the pdftops filter is
    built with intended ghostscript support.

  [ Till Kamppeter ]
  * debian/filters/pstopdf: Added support for custom page sizes to the
    pstopdf CUPS filter.
  * debian/filters/pstopdf: Call Ghostscript with the default paper size
    (from PPD or from CUPS filter command line) on its command line. Some
    applications generate PostScript without PageSize requests.
    Multi-page-size jobs (LP: 310575) do not get broken by this as
    Ghostscript uses the given page size only as default and gives priority
    to page sizes requested by the document (in contrary to Poppler).
    Fixes LP: #357732).

 -- Martin Pitt <mpitt op debian.org>  Fri, 17 Apr 2009 11:53:48 +0200

cups (1.3.9-17) unstable; urgency=low

  [ Till Kamppeter ]
  * debian/filters/pstopdf: Added "-dDoNumCopies" to the "ps2pdf" call in
    the pstopdf CUPS filter, so that Ghostscript takes into account
    /#copies and /NumCopies when converting incoming PostScript to PDF
    (Ghostscript upstream bug #690355, LP: #320391).

  [ Martin Pitt ]
  * debian/control: Update section of cups-dbg to "debug".

 -- Martin Pitt <mpitt op debian.org>  Sun, 05 Apr 2009 18:04:33 -0700

cups (1.3.9-16) unstable; urgency=low

  [ Till Kamppeter ]
  * debian/local/filters/pdf-filters/pdftopdf/P2PResources.cxx: Fixed
    corruption of output when generating mmultiple copies of EOG or GIMP
    output files (LP: #345183).
  * debian/cups.postinst: Silenced non-fatal error messages when
    post-install script updates PPDs and there are PPDs not belonging to
    a CUPS queue in /etc/cups/ppd/ (LP: #345866).

  [ Martin Pitt ]
  * debian/local/apparmor-profile: Drop 'm' permission for /etc/passwd and
    friends, which was a workaround for a kernel apparmor bug on i386. This is
    fixed in current kernels. Thanks to Kees Cook for pointing this out!
    (LP: #270663)
  * debian/cups.install: Do not install the unnecessary (and broken) D-BUS
    configuration file any more. All cupsd does is to send signals, which are
    allowed by default. It does not provide any D-BUS service right now. Also
    remove the obsolete file on upgrades in debian/cups.preinst.
    (Closes: #510634, LP: #318742)
  * Add logfiles_adm_readable.dpatch: Make log files readable by group "adm".
    (LP: #345953)
  * debian/changelog: Fix cruft at the end of file.
  * debian/local/apparmor-profile: Explicitly deny access to /dev/tty and
    writing access to /etc/krb5.conf, so that accesses to them do not create
    log spewage. (LP: #348556)

 -- Martin Pitt <mpitt op debian.org>  Fri, 27 Mar 2009 09:35:56 +0100

cups (1.3.9-15) unstable; urgency=low

  * Add debian/local/apport-hook.py: Apport package hook, thanks to
    Brian Murray! Install it in debian/rules if we build for Ubuntu.
    (LP: #334080)
  * debian/rules: Move init script priority to 50, so that cups starts later
    in the boot sequence. There is no reason why it should start so early
    (before e. g. gdm). Do the transition on upgrades in debian/cups.postinst.
  * debian/control: Promote ttf-freefont from Recommends to Depends, since the
    PDF filter chain needs it. (Closes: #516335)
  * debian/control: Add "Breaks: foomatic-filters (<< 4.0)", and bump
    Recommends: version. Earlier foomatic-filters do not support the PDF
    filter chain. (Closes: #511009)
  * debian/local/apparmor-profile: Add a few missing rules for Kerberos
    authentication. (LP: #324645)
  * Add bzr-builddeb configuration (merge mode).
  * debian/watch: Update so that it works again.
  * debian/local/apparmor-profile: Allow cups to read /etc/likewise, for
    authentication. (LP: #303927)
  * Add testsuite-increase-wait-timeout.dpatch: Increase test suite's timeout
    for waiting for jobs to 10 minutes, for slower architectures like arm and
    m68k. (Closes: #518787)

 -- Martin Pitt <mpitt op debian.org>  Tue, 10 Mar 2009 13:46:19 +0100

cups (1.3.9-14) unstable; urgency=low

  * debian/patches/pdftops-cups-1.4.dpatch: Revert previous change to
    define HAVE_PDFTOPS and CUPS_PDFTOPS, since Till says the filter
    should actually use ghostscript now. Add ghostscript build
    dependency instead. (LP: #329991)
  * Add drop_unnecessary_dependencies.dpatch: Do not link libcups.so
    and libcupsimage.so against unnecessary libraries. This avoids
    unnecessary package dependencies for both libcups, as well as for
    packages using cups-config. (Closes: #438067)
  * debian/control: Drop XSBC-Original-Maintainer Ubuntu-ism which
    accidentally crept in in r607.

 -- Martin Pitt <mpitt op debian.org>  Mon, 16 Feb 2009 18:05:21 +0100

cups (1.3.9-13) unstable; urgency=low

  [ Till Kamppeter ]
  * debian/local/filters/pdf-filters/filter/imagetopdf.c: Added support for
    the new "fit-to-page" option (new, more intuitive name for "fitplot").
  * debian/filters/pstopdf: Only apply paper size if the "fitplot" or the
    "fit-to-page" option is set.
  * debian/local/filters/cpdftocps: Only the last digit of the number of
    copies was used (LP: #309314).
  * debian/local/filters/pdf-filters/pdftopdf/pdftopdf.cxx: Do not preceed the
    PDF output with a newline (LP: #303691). Only impose the page size from
    the PPD file to all pages if the "fitplot" or the "fit-to-page" option is 
    set. This prevented from automatic paper tray switching to the correct paper
    sizes when a multiple-page-size document is printed (partial fix for
    LP: #310575).
  * debian/patches/pdftops-cups-1.4.dpatch: Updated from CUPS 1.4 SVN. Contains
    fixes for multiple-page-size document printing (partial fix for
    LP: #310575).
  * debian/patches/pdftops-dont_fail_on_cancel.dpatch: Removed, should be
    fixed in the new upstream version of pdftops.

  [ Martin Pitt ]
  * debian/patches/pdftops-cups-1.4.dpatch: Add definition of
    HAVE_PDFTOPS and CUPS_PDFTOPS, so that the filter actually gets
    again built with pdftops support. (Fixes Till's change from above).

 -- Martin Pitt <mpitt op debian.org>  Sun, 15 Feb 2009 18:39:03 +0100

cups (1.3.9-12) experimental; urgency=low

  [ Till Kamppeter ]
  * debian/local/filters/pdf-filters/pdftopdf/P2PPage.cxx,
    debian/local/filters/pdf-filters/pdftopdf/pdftopdf.cxx: Do not reposition
    the pages when an automatic rotation did not actually take place and
    do not apply the page size and margins from the PPD file or the coomand
    line if no manipulations affecting the printout size are done (N-up,
    scaling, fitplot, ...). This caused LP: #310575.

  * debian/cups.postinst: Let the PPD files of the existing print queues get
    automatically updated after each installation of this package (if they
    use PPDs of this package).

  [ Marc Deslauriers ]
  * SECURITY UPDATE: denial of service by adding a large number of RSS
    subscriptions (Closes: #506180, LP: #298241)
    - debian/patches/CVE-2008-5183.dpatch: gracefully handle MaxSubscriptions
      being reached in scheduler/{ipp.c,subscriptions.c}
    - CVE-2008-5183

  [ Martin Pitt ]
  * pidfile.dpatch: Adapt to changes from MaxSubscriptions fix from
    above.

 -- Till Kamppeter <till.kamppeter op gmail.com>  Sun, 25 Jan 2009 12:05:44 +0100

cups (1.3.9-11) experimental; urgency=low

  * debian/local/filters/cpdftocps: Fixed the fix for the number of copies.
    In some cases it failed and pstops was called with 0 copies requested
    (LP: #309314, LP: #300312, LP: #286048).

 -- Till Kamppeter <till.kamppeter op gmail.com>  Fri, 19 Dec 2008 15:58:55 +0100

cups (1.3.9-10) experimental; urgency=low

  [ Till Kamppeter ]
  * debian/local/filters/pdf-filters/pdftopdf/P2PCatalog.cxx,
    debian/local/filters/pdf-filters/pdftopdf/P2PCatalog.h,
    debian/local/filters/pdf-filters/pdftopdf/P2PDoc.cxx,
    debian/local/filters/pdf-filters/pdftopdf/P2PDoc.h,
    debian/local/filters/pdf-filters/pdftopdf/P2PPage.cxx,
    debian/local/filters/pdf-filters/pdftopdf/P2PPage.h,
    debian/local/filters/pdf-filters/pdftopdf/P2PPageTree.cxx,
    debian/local/filters/pdf-filters/pdftopdf/P2PPageTree.h,
    debian/local/filters/pdf-filters/pdftopdf/pdftopdf.cxx: Fixed problem
    of Landscape-oriented PDF files being printed in the wrong orientation
    (LP: #47649, LP: #244840).

  * debian/local/filters/cpdftocps: Made correct number of copies being
    printed on PostScript printers with hardware copy handling (LP: #286048).

  [ Martin Pitt ]
  * debian/local/apparmor-profile: Allow cupsd to run Brother drivers.
    (LP: #237256)

 -- Martin Pitt <mpitt op debian.org>  Wed, 17 Dec 2008 07:46:04 +0100

cups (1.3.9-9) experimental; urgency=low

  [ Till Kamppeter ]
  * debian/local/filters/pdf-filters/pdftopdf/P2PPage.cxx,
    debian/local/filters/pdf-filters/pdftopdf/P2PResources.cxx: Added
    processing of the rotate tag (LP: #300312).

  [ Martin Pitt ]
  * Add png-image-int-overflow.dpatch: Fix integer overflow in the PNG image
    reader (Closes: #507183, STR #2974, CVE-2008-5286)

 -- Martin Pitt <mpitt op debian.org>  Mon, 01 Dec 2008 15:47:10 -0800

cups (1.3.9-8) experimental; urgency=low

  * debian/local/filters/pdf-filters/pdftopdf/P2POutputStream.cxx,
    debian/local/filters/pdf-filters/pdftopdf/P2POutputStream.h: Removed
    an endianess dependency from the pdftopdf filter, so that it also
    works on non-PC platforms like PowerPC (LP: #271350). This also fixes the
    filter on mipsel and makes the test suite, and thus the build, succeed
    again. (Closes: #500305)
  * debian/filters/pstopdf: Do not supply the margins from the PPD to the
    ps2pdf process, as this breaks full-bleed printing and is also disturbs 
    the printing if PPDs have too conservative margin definitions (LP: #282186).

 -- Till Kamppeter <till.kamppeter op gmail.com>  Wed, 26 Nov 2008 15:14:57 +0100

cups (1.3.9-7) experimental; urgency=low

  * Previous upload had some cruft in the diff.gz which caused some changed
    defaults in cupsd.conf. Reupload with a clean diff.gz. *Brown paperbag*

 -- Martin Pitt <mpitt op debian.org>  Thu, 20 Nov 2008 18:49:46 +0100

cups (1.3.9-6) experimental; urgency=low

  [ Till Kamppeter ]
  * debian/local/filters/cpdftocps: The cpdftocps filter did case-sensitive
    checking for CUPS options to keep them away from the pstops filter. CUPS
    treats such options case-insensitive, so in some cases CUPS options got
    applied twice (LP: #299707).

  [ Martin Pitt ]
  * debian/rules: Install the serial backend with 0744 permissions to make it
    run as root, since /dev/ttyS* are root:dialout and thus not accessible as
    user "lp". Thanks to Chanoch (Ken) Bloom. (part of #506181, LP: #154277)

 -- Martin Pitt <mpitt op debian.org>  Thu, 20 Nov 2008 13:43:27 +0100

cups (1.3.9-5) experimental; urgency=low

  * hpgl-regression.dpatch: Replaced with version which got committed
    upstream.
  * Add runloop-backchannel-eof-spin.dpatch: Fix backend runloop spin on
    backchannel EOF (select() returns "ready for read" on EOF). This
    completely broke printing with e. g. HPJetDirect. Thanks to
    Samuel Thibault for tracking down the problem! (Closes: #489045)
  * debian/cups-bsd.postinst: Assume default printcap path (in /var/run/cups/)
    if not specified in cupsd.conf. This brings back the lost /etc/printcap
    for legacy applications. (Closes: #482186, LP: #282667)
  * debian/rules: Drop arm/armel -f-no-stack-protector workaround, since SSP
    works on these architectures now. (See #469517)
  * debian/cups-bsd.postinst: Robustify the cupsd.conf parsing for Printcap,
    as per suggestion from Jo Mills.
  * rootbackends-worldreadable.dpatch: Apply the same relaxed permission check
    to cups-deviced, so that backends installed as 0744 don't disappear from
    printer detecttion. (Closes: #503644, LP: #275407)

 -- Martin Pitt <mpitt op debian.org>  Mon, 17 Nov 2008 08:50:34 +0100

cups (1.3.9-4) experimental; urgency=low

  [ Till Kamppeter ]
  * debian/local/filters/pdf-filters/conf/pdftoraster.convs,
    debian/local/filters/pdf-filters/filter/pdftoraster.cxx,
    debian/local/filters/pdf-filters/README,
    debian/local/filters/pdf-filters/addtocups,
    debian/local/filters/pdf-filters/removefromcups, debian/rules, 
    debian/copyright: Removed Poppler-based pdftoraster filter. It will be 
    replaced by a Ghostscript-based pdftoraster filter filter provided by the
    Ghostscript package, requested via Debian bug #505282 (fixes LP: #290395).

  * debian/filters/pstopdf: Fixed debug output.

 -- Till Kamppeter <till.kamppeter op gmail.com>  Tue, 11 Nov 2008 13:46:55 +0100

cups (1.3.9-3) experimental; urgency=low

  [ Till Kamppeter ]
  * debian/filters/pstopdf: Fixed several bugs in the pstopdf filter. First,
    removed the use of CUPS' pstops filter for inserting option settings. This
    also inserts PJL headers and then Ghostscript cannot convert the PostScript
    to PDF in the next step. Fixed also the sed magic so that the paper size
    and the margins get really read from the PPD and fixed the calculation of
    the top and bottom margins, they were exchanged. Fixes LP: #289759,
    LP: #292690, LP: #282186. Possible fix for LP #293883.

  [ Martin Pitt ]
  * debian/local/apparmor-profile: Allow dnssd backend to create various less
    common network protocols (x25, appletalk, etc.) for detection. Also allow
    it to read /proc/*/net/, which the bonjour avahi library apparently uses.
    (LP: #254022)

 -- Martin Pitt <mpitt op debian.org>  Wed, 29 Oct 2008 11:41:38 +0100

cups (1.3.9-2) experimental; urgency=low

  * debian/local/filters/cpdftocps, debian/filters/pstopdf: Avoid duplicate
    execution of the number of copies. Sending a PostScript job to a
    non-PostScript printer produced n*n copies instead of n copies, also
    sending a non-PostScript job to a PostScript printer. A PostScript job
    sent to a PostScript printer could even produce n*n*n copies (LP: #286048).

 -- Till Kamppeter <till.kamppeter op gmail.com>  Mon, 20 Oct 2008 08:18:20 +0200

cups (1.3.9-1) experimental; urgency=low

  * New upstream security/bug fix release:
    - The HP-GL/2 filter did not range check pen numbers. [CVE-2008-3641]
    - The SGI image file reader did not range check 16-bit run lengths.
      [CVE-2008-3639]
    - The text filter did not range check cpi, lpi, or column values.
      [CVE-2008-3640]
    - Fix incompatibility with Firefox 3.0 when using SSL.
    - Update the French admin.tmpl, to have the missing "Find new printer"
      button and the "Subscriptions" section. Thanks to Yves-Alexis Perez!
      (Closes: #475270)
    - Lots of other bug fixes, see http://www.cups.org/articles.php?L575.
  * Drop patches accepted upstream:
    - cupsfilter-path-typo.dpatch
    - pjl-display-ready-message.dpatch
    - dont-chown-symlinked-ssl.dpatch
  * Add hpgl-regression.dpatch: Revert the SP_select_pen() enumeration change
    introduced in STR #2911, because it changes the color mapping (e. g. "SP1"
    would now select a white pen instead of a black one, and "SP0" would not
    be valid at all any more). Also fix a remaining off-by-one loop. (STR
    #2966)

 -- Martin Pitt <mpitt op debian.org>  Fri, 10 Oct 2008 11:07:17 +0200

cups (1.3.8-13) experimental; urgency=low

  [ Till Kamppeter ]
  * debian/local/filters/pdf-filters/pdftopdf/P2PCatalog.cxx,
    debian/local/filters/pdf-filters/pdftopdf/P2PCatalog.h,
    debian/local/filters/pdf-filters/pdftopdf/P2PDoc.cxx,
    debian/local/filters/pdf-filters/pdftopdf/P2PDoc.h,
    debian/local/filters/pdf-filters/pdftopdf/P2PPageTree.cxx,
    debian/local/filters/pdf-filters/pdftopdf/P2PPageTree.h,
    debian/local/filters/pdf-filters/pdftopdf/pdftopdf.cxx:
    When N-up printing and selection of only the even or odd pages
    (for manual duplex) was used together the pages were selected
    the wrong way (number-up=2 page-set=even with an 8-page document gave 
    2+4, 6+8 and should give 3+4, 7+8). This is fixed now. The behavior
    of pdftopdf is now exactly the same as of pstops.

  [ Martin Pitt ]
  * debian/local/apparmor-profile: Allow locking on /var/cache/cups/**.
    (Mentioned in LP #270046)

 -- Martin Pitt <mpitt op debian.org>  Wed, 08 Oct 2008 11:19:36 +0200

cups (1.3.8-12) experimental; urgency=low

  [ Till Kamppeter ]
  * debian/filters/pstopdf,
    debian/local/filters/pdf-filters/filter/pdftoraster.cxx,
    debian/local/filters/pdf-filters/pdftopdf/*: Fixed paper
    size handling of pstopdf, pdftopdf, and pdftoraster which led SpliX
    to crash (LP: #261363, LP: #268510), fixed monochrome CUPS Raster
    output of pdftoraster which led to black pages being printed
    (LP: #269691).

 -- Martin Pitt <mpitt op debian.org>  Mon, 06 Oct 2008 16:33:02 +0200

cups (1.3.8-11) experimental; urgency=low

  * debian/rules: Explicitly configure with --with-dbusdir. For some obscure
    reason, the automatic check fails on the buildds, causing the D-BUS
    configuratin not to be installed. Fixes FTBFS. (Closes: #498664)

 -- Martin Pitt <mpitt op debian.org>  Sat, 13 Sep 2008 10:59:31 +0200

cups (1.3.8-10) experimental; urgency=low

  [ Martin Pitt ]
  * rootbackends-worldreadable.dpatch: Do not run backends as root if they are
    group or world writable (this is by and large a paranoia fix, though).
  * dont-chown-symlinked-ssl.dpatch: Replace patch with the upstream committed
    version, which is more general.
  * debian/control: Package development moved to bzr, update Vcs- tags.
  * cupsaccept.dpatch: Replaced with the more comprehensive solution upstream
    committed to 1.4 trunk. Removed debian/cups-client.links, since the links
    are now installed by upstream. Adapt manpage-translations.dpatch
    accordingly.
  * Move installation of D-BUS configuration files from debian/rules to
    debian/cups.install.
  * debian/libcups2-dev.install: Add missing sidechannel.h.

  [ Johan Kiviniemi ]
  * debian/filters/pstopdf: Apply PPD settings (resolution, page size, page
    margins) to the conversion (LP: #263049).
  * debian/control: cups Depends: bc (for margin calculation).

 -- Martin Pitt <mpitt op debian.org>  Thu, 11 Sep 2008 13:43:34 +0200

cups (1.3.8-9) experimental; urgency=low

  * Previous upload had some cruft in the diff.gz which caused some changed
    defaults in cupsd.conf. Reupload with a clean diff.gz. *Brown paperbag*

 -- Martin Pitt <mpitt op debian.org>  Sun, 07 Sep 2008 00:22:23 +0200

cups (1.3.8-8) experimental; urgency=low

  * Remove debian/patches/dont_force_ssl.dpatch; gnome-cups-manager is ancient
    and removed from Debian, and newer GUIs like system-config-printer get
    along fine with the default setting.
  * Add quiesce-bonjour-warning.dpatch: Silence the "Apple Bonjour
    compatibility layer of Avahi" warning, since it can cause SIGPIPE crashes
    when being issued in a child process without stderr. (Closes: #497492)
  * confdirperms.dpatch, manpage-translations.dpatch: Revert note that Debian
    doesn't install lppasswd suid root, since we do. (Closes: #478280)
  * debian/control: Drop the "It can be safely removed from your system" from
    the old package names, since that is untrue until the transition is
    actually complete. (Closes: #489246)
  * debian/control: Bump Standards-Version (no actual changes necessary).
  * Remove classes_crash.dpatch, it has been fixed upstream a while ago.
  * cupsaccept.dpatch: Rewrite to be consistent with current upstream code,
    and send it upstream.
  * Drop quiesce_ipp_logging.dpatch: It was only necessary for the polling
    from gnome-cups-icon, but fortunately gnome-cups-manager has been removed
    now.
  * confdirperms.dpatch: Remove a few hunks which were only relevant for
    running cups as system user. Remove the SSL certificate bits as well,
    rewrite it to be upstream compatible, split it out to
    dont-chown-symlinked-ssl.dpatch, reported it upstream.
  * Remove device_uri.dpatch, does not seem to be necessary any more.
  * Add rootbackends-worldreadable.dpatch: Install root backends
    world-readable, to comply to Debian Policy and because it is both
    nonsensical to to not do so, and also breaks system checkers, bug
    reporting, etc. (Closes: #410171)

 -- Martin Pitt <mpitt op debian.org>  Sat, 06 Sep 2008 18:21:01 +0200

cups (1.3.8-7) experimental; urgency=low

  * Previous upload had some cruft in the diff.gz which caused some changed
    defaults in cupsd.conf. Reupload with a clean diff.gz.

 -- Martin Pitt <mpitt op debian.org>  Tue, 02 Sep 2008 12:27:18 +0200

cups (1.3.8-6) experimental; urgency=low

  [ Till Kamppeter ]
  * debian/local/filters/pdf-filters/filter/texttopdf.c,
    debian/local/filters/pdf-filters/filter/pdfutils.c,
    debian/local/filters/pdf-filters/filter/test_pdf2.c,
    debian/local/filters/pdf-filters/filter/fontembed/test_ps.c,
    debian/local/filters/pdf-filters/filter/fontembed/test_pdf.c,
    debian/local/filters/pdf-filters/filter/fontembed/sfnt.h,
    debian/local/filters/pdf-filters/filter/fontembed/main.c,
    debian/local/filters/pdf-filters/filter/fontembed/iofn.h,
    debian/local/filters/pdf-filters/filter/fontembed/fontfile.h,
    debian/local/filters/pdf-filters/filter/fontembed/fontfile.c,
    debian/local/filters/pdf-filters/filter/fontembed/embed.h,
    debian/local/filters/pdf-filters/filter/fontembed/embed.c,
    debian/local/filters/pdf-filters/filter/fontembed/Makefile,
    debian/local/filters/pdf-filters/addtocups:
    Fixed crashes of texttopdf on bad or missing fonts, make texttopdf
    also working without configuration of the fonts (at least for ASCII).
  * debian/local/filters/pdf-filters/filter/pdftoijs.cxx,
    debian/local/filters/pdf-filters/conf/HP-PhotoSmart_Pro_B8300-hpijs-pdftoijs.ppd
    debian/local/filters/pdf-filters/addtocups,
    debian/local/filters/pdf-filters/config-scripts/cups-pdf-filters.m4,
    debian/local/filters/pdf-filters/removefromcups,
    debian/local/filters/pdf-filters/README,
    debian/control, debian/rules: Added pdftoijs filter.

  [ Johan Kiviniemi ]
  * debian/filters/pstopdf:
    - Adobe Reader generates DRM-infested PostScript from encrypted PDF files.
      This PostScript contains code which stops Ghostscript with an error when
      one tries to convert it to (now unencrypted) PDF. Change the filter to
      normalize such PostScript using ps2ps before conversion.

  [ Martin Pitt ]
  * Add alternative dependency "gsfonts-x11" for ttf-freefonts. 
    (Closes: #495598)
  * debian/patches/: Update the status of patches, add some upstream
    references, update status in 00list.
  * Drop obsolete include_krb5_h_in_job_h.dpatch, package builds fine in
    current unstable.
  * debian/rules: Enable PIE and other compiler flags security enhancements
    with DEB_BUILD_HARDENING=1. Add hardening-wrapper build dependency. Thanks
    to Kees Cook!
  * Add debian/local/cups.ufw.profile: "ufw" firewall profile. Install it
    for Ubuntu builds only for now, until ufw enters Debian as well. Thanks to
    Didier Roche and Jamie Strandboge! (https://launchpad.net/bugs/261903)

 -- Martin Pitt <mpitt op debian.org>  Tue, 02 Sep 2008 11:34:54 +0200

cups (1.3.8-5) experimental; urgency=low

  [ Till Kamppeter ]
  * debian/local/filters/pdf-filters/filter/texttopdf.c: Added bug fix
    from upstream so that texttopdf does not segfault on missing or bad
    fonts any more. Backed out Johan Kiviniemi's patch of replacing
    Courier by FreeMono.
  * Remove hardcoded -march=pentium from texttopdf Makefile.
    (Closes: #495220)

  * debian/local/filters/pdf-filters/conf/imagetopdf.convs: Reduced cost
    factor to prefer this filter instead of imagetops.

  [ Johan Kiviniemi ]
  * debian/local/filters/cpdftocps, debian/local/cpdftocps.convs,
    debian/cups.install, debian/rules:
    - Add an application/vnd.cups-pdf → application/vnd.cups-postscript
      filter, thus making the PDF filter chain possible for PostScript
      printers.
    - The filter’s cost is 22, making the total cost of pstopdf → pdftopdf →
      cpdftocps 66 after the following change.
  * debian/local/filters/pdf-filters/conf/pdftopdf.convs,
    debian/local/pstopdf.convs, debian/rules:
    - Change filter costs to prefer the PDF chain over pstops.
      • pdftopdf: 22 instead of 66.
      • pstopdf: 22 instead of 100.
      • pstops: 100 instead of 66.
  * Add pjl-display-ready-message.dpatch:
    - According to the PJL spec, one should use "" (not "READY") to return the
      display to the normal ready message.

 -- Martin Pitt <mpitt op debian.org>  Fri, 15 Aug 2008 15:54:36 +0200

cups (1.3.8-4) experimental; urgency=low

  [ Till Kamppeter ]
  * debian/control, debian/rules,
    debian/local/filters/pdf-filters/filter/pdfutils.h,
    debian/local/filters/pdf-filters/filter/texttopdf.c,
    debian/local/filters/pdf-filters/filter/fontembed,
    debian/local/filters/pdf-filters/filter/test.sh,
    debian/local/filters/pdf-filters/filter/test_pdf1.c,
    debian/local/filters/pdf-filters/filter/test_pdf2.c,
    debian/local/filters/pdf-filters/filter/pdfutils.c,
    debian/local/filters/pdf-filters/conf/texttopdf.convs,
    debian/local/filters/pdf-filters/AUTHORS,
    debian/local/filters/pdf-filters/addtocups,
    debian/local/filters/pdf-filters/data,
    debian/local/filters/pdf-filters/data/pdf.utf-8.simple,
    debian/local/filters/pdf-filters/data/pdf.utf-8.heavy,
    debian/local/filters/pdf-filters/removefromcups,
    debian/local/filters/pdf-filters/README: Added texttopdf filter.
    Added "Depends: ttf-freefont" for the cups package, as the
    texttopdf filter needs these fonts.

  [ Johan Kiviniemi ]
  * Add cupsfilter-path-typo.dpatch: Fix a typo in scheduler/cupsfilter.c,
    which caused filters not to have /bin in their PATH.
  * debian/filters/pstopdf:
    - Do not log to /tmp/pstopdf.log. A user running the filter (e.g. via
      cupsfilter) made all other users (including cups itself) unable to run
      the filter because of no permission to open the logfile.
    - Put unquoted variables into quotes where appropriate.
    - Never create an outfile in the same directory as the given infile; the
      process might not have write access there.
    - set -e.
  * debian/local/filters/pdf-filters/filter/texttopdf.c:
    - Use FreeMono instead of Courier, since texttopdf requires a TrueType
      font.

  [ Martin Pitt ]
  * Bump shlibs version for libcups2 and libcupsimage2. (Closes: #494168)

 -- Martin Pitt <mpitt op debian.org>  Fri, 15 Aug 2008 08:02:32 +0200

cups (1.3.8-3) experimental; urgency=low

  [ Till Kamppeter ]
  * debian/local/filters/pdf-filters/addtocups,
    debian/local/filters/pdf-filters/removefromcups,
    debian/local/filters/pdf-filters/config-scripts/cups-pdf-filters.m4,
    pdftopdf/Makefile: Avoid that all executables and libraries of CUPS
    get linked against libpoppler. This especially leads to all packages
    dependent on CUPS needing libpoppler, even for building.

 -- Martin Pitt <mpitt op debian.org>  Mon, 11 Aug 2008 16:48:59 +0200

cups (1.3.8-2) experimental; urgency=low

  [ Till Kamppeter ]
  * debian/local/filters/pdf-filters/, debian/local/pstopdf.convs,
    debian/rules, debian/control, debian/copyright, debian/cups.install:
    Introduced the first bunch of infrastructure for using PDF as standard
    print job format. Added CUPS filters imagetopdf, pstopdf, pdftopdf,
    pdftoraster, added build dependency on libpoppler-dev, as the new filters
    are Poppler-based. texttopdf and pdftoijs will be added soon.
    All this is temporary, as the filters are planned to be added to the
    upstream package of CUPS (CUPS STR #2897, #1595).
  * debian/patches/search_mime_files_in_usr_share.dpatch: Replaced by the
    changes which were done for this purpose in CUPS 1.4. In addition to
    the introduction of /usr/share/cups/mime for installing file detection and
    conversion rules as non-conffiles it also changes the reading order to
    all *.types files and the all *.convs files (instead of all in
    /usr/share/cups/mime and then all in /etc/cups). This way
    /usr/share/cups/mime can contain conversion rules based on file types
    defined by files in /etc/cups (CUPS STR #2719, CUPS SVN revs #7670 and 
    #7694).
    
  [ Martin Pitt ]
  * Add missing CVE and more verbose descriptions to security fixes to 1.3.6-1
    changelog.

 -- Martin Pitt <mpitt op debian.org>  Sat,  9 Aug 2008 23:48:59 +0200

cyrus-sasl2 (2.1.23.dfsg1-7) unstable; urgency=low

  [ Luca Capello ]
  * Fix for (Closes: #601977), the idea coming from Gaudenz Steinlin
    <gaudenz op debian.org>:
    + debian/control:
      - cyrus-sasl2-dbg Depends: on one of the two GSSAPI dbg packages.
      - new cyrus-sasl2-mit-dbg package which Conflicts: with
        cyrus-sasl2-heimdal-dbg.
      - cyrus-sasl2-heimdal-dbg now Conflicts: with cyrus-sasl2-mit-dbg.
    + debian/cyrus-sasl2-heimdal-dbg.preinst:
      - remove, useless.
    + debian/cyrus-sasl2-heimdal-dbg.postrm:
      - remove, useless.
    + debian/cyrus-sasl2-mit-dbg.dirs:
      - create /usr/lib/debug/usr/lib/sasl2/.
    + debian/rules:
      - mv MIT libgssapiv2.so.2.0.23 into cyrus-sasl2-mit-dbg.

  [ Roberto C. Sanchez ]
  * Thanks to Luca Capello for providing the patch.

 -- Roberto C. Sanchez <roberto op connexer.com>  Sat, 18 Dec 2010 11:14:59 -0500

cyrus-sasl2 (2.1.23.dfsg1-6) unstable; urgency=low

  * Acknowledge NMU (thanks to Ben Hutchings)
  * Merge cyrus-sasl2 and cyrus-sasl2-heimdal source packages (Closes: #568358)
    + Build against new heimdal-multidev (Closes: #591147)
  * Properly detect presence of Heimdal (Closes: #590912); thanks tremendously
    to Russ Allbery for the patch

 -- Roberto C. Sanchez <roberto op connexer.com>  Thu, 19 Aug 2010 20:45:57 -0400

cyrus-sasl2 (2.1.23.dfsg1-5.1) unstable; urgency=low

  * Non-maintainer upload.
  * Remove incorrect conflict between cyrus-sasl2-dbg and
    cyrus-sasl2-heimdal-dbg (Closes: #590759); the conflicting file
    is now diverted by the latter

 -- Ben Hutchings <ben op decadent.org.uk>  Thu, 29 Jul 2010 03:34:07 +0100

cyrus-sasl2 (2.1.23.dfsg1-5) unstable; urgency=low

  * Finish switch to db4.8 by changing db4.7-util dependency to db4.8-util
    (Closes: #562895)

 -- Roberto C. Sanchez <roberto op connexer.com>  Mon, 28 Dec 2009 18:12:26 -0500

cyrus-sasl2 (2.1.23.dfsg1-4) unstable; urgency=low

  [ Fabian Fagerholm ]
  * debian/control, debian/sasl2-bin.postinst,
    debian/patches/0017_db4.8.dpatch: Bump libdb version to 4.8.
    (Closes: #556609)
  * debian/rules, debian/sasl2-bin.postinst, debian/sasl2-bin.saslauthd.init:
    No longer explicitly run stop init script on shutdown and reboot.
    (Closes: #560748)
  * debian/sasl2-bin.postinst: Don't attempt sasldb upgrade if the database
    file does not exist. (Closes: #521852)
  * debian/sasl2-bin.saslauthd.init: Fix return code comparisons.
    (Closes: #525424)
  * debian/control: Change upstream home page, this seems to be the active
    page and the old one contains less useful information.

 -- Fabian Fagerholm <fabbe op debian.org>  Mon, 28 Dec 2009 13:37:20 +0200

cyrus-sasl2 (2.1.23.dfsg1-3) unstable; urgency=low

  * Acknowledge NMU (Thanks to Christian Perrier)
  * Change package priority important -> standard, because of override
    disparity email

 -- Roberto C. Sanchez <roberto op connexer.com>  Sat, 07 Nov 2009 09:31:23 -0500

cyrus-sasl2 (2.1.23.dfsg1-2.1) unstable; urgency=low

  * Non-maintainer upload.
  * Fix pending l10n issues. Debconf translations:
    - French (Odile Bénassy).  Closes: #518593

 -- Christian Perrier <bubulle op debian.org>  Sat, 07 Nov 2009 08:04:09 +0100

cyrus-sasl2 (2.1.23.dfsg1-2) unstable; urgency=high

  [ Fabian Fagerholm ]
  * debian/control: Change Vcs-* fields to point to trunk.
  * debian/rules: Remove build-indep-stamp and build-arch-stamp when cleaning
    up (from Ubuntu) (Closes: #516538).
  * debian/patches/0014_avoid_pic_overwrite.dpatch: Also apply to
    lib/Makefile.am. Thanks to Amadeu A. Barbosa Jr. (Closes: #502910)

  [ Roberto C. Sanchez ]
  * Acknowledge NMU (thanks to Andreas Barth)
  * Document the sync mechanism between cyrus-sasl2 and cyrus-sasl2-heimdal.
    Urgency 'high' since current package is uninstallable.
  * Bump Standards-Version to 3.8.3 (no changes)

 -- Roberto C. Sanchez <roberto op connexer.com>  Wed, 07 Oct 2009 21:45:57 -0400

cyrus-sasl2 (2.1.23.dfsg1-1.1) unstable; urgency=medium

  * Build-Depend also on mysqlclient-dev. Closes: #542904
  * Conflict cyrus-sasl2-heimdal-dbg as both packages provide the file 
    /usr/lib/debug/usr/lib/sasl2/libgssapiv2.so.2.0.23 Closes: #530781

 -- Andreas Barth <aba op not.so.argh.org>  Sat, 29 Aug 2009 11:47:55 +0200

cyrus-sasl2 (2.1.23.dfsg1-1) unstable; urgency=high

  * New upstream release
    - Security fix for CVE-2009-0688 (Closes: #528749).
    - debian/patches/0020_saslauthd_manpage.dpatch: Remove, integrated
      upstream.
    - debian/rules: Change chrpath invocation to match new version number of
      libsql.so.

 -- Fabian Fagerholm <fabbe op debian.org>  Sun, 24 May 2009 20:56:01 +0300

cyrus-sasl2 (2.1.22.dfsg1-26) UNRELEASED; urgency=low

  * NOT RELEASED
  * debian/control: Set section to debug to match override.

 -- Fabian Fagerholm <fabbe op debian.org>  Sun, 10 May 2009 09:55:01 +0300

cyrus-sasl2 (2.1.22.dfsg1-25) unstable; urgency=high

  * debian/patches/0017_db4.7.dpatch: Update db4.6 patch to db4.7.
    (Closes: #523007)

 -- Fabian Fagerholm <fabbe op debian.org>  Sun, 10 May 2009 08:51:30 +0300

cyrus-sasl2 (2.1.22.dfsg1-24) unstable; urgency=high

  [ Fabian Fagerholm ]
  * debian/patches/0021_no_mutex_changes_after_init.dpatch: Added patch to
    disallow mutex function changes once sasl_client_init and/or
    sasl_server_init have been called. Hand-picked and applied from upstream
    CVS revision 1.117, thanks to Eric Leblond. (Closes: #499770)
  * debian/control: Add ${misc:Depends} to applicable binary packages.
  * debian/rules, debian/libsasl2-modules, debian/libsasl2-modules-otp,
    debian/sasl2-bin: Add overrides for possible-gpl-code-linked-with-openssl
    lintian error.
  * debian/source.lintian-overrides: Add override for ancient-libtool lintian
    warning.
  * debian/sasl2-bin.postinst: Use set -e.
  * debian/patches/0022_gcc4.4_preprocessor_syntax.dpatch: Added patch to use
    test condition for #elif preprocessor directive. Required by GCC 4.4.
    Thanks to Martin Michlmayr. (Closes: #505042)
  * debian/cyrus-sasl2-dbg.dirs, debian/cyrus-sasl2-dbg.lintian-overrides,
    debian/rules: Add override because our -dbg package is not standardly
    named.
  * debian/control: Bump libdb version to 4.7. (Closes: #523007)
  * debian/sasl2-bin.postinst: Update to reflect libdb version change.
    Not strictly necessary since there were no database format changes
    betweek 4.6 and 4.7, but in the interest of completeness...

 -- Fabian Fagerholm <fabbe op debian.org>  Sat, 09 May 2009 22:56:52 +0300

defoma (0.11.11) unstable; urgency=low

  * QA upload to fix prehistoric i18n bug and a few lintian
    thingies
  * Bump debhelper compatibility to 7
  * Switch to 3.0 source format
  * Package is native
  * No longer ignore erros from make in the clean target
  * Drop useless debian/defoma.conffiles
  * Drop all hardcoded paths to commands in maintainer scripts
  * No longer ignore errors in prerm script (set -e)
  * Switch to po4a for manpages translation. Thanks to
    Nicolas François and Thomas Huriaux for patches
    Closes: #326548

 -- Christian Perrier <bubulle op debian.org>  Wed, 31 Mar 2010 22:08:16 +0200

defoma (0.11.10-4) unstable; urgency=high

  * QA upload.
  * Fix dh_installdefoma: Use “if [ -x "`which foo 2>/dev/null`" ]”
    instead of test -x `which foo` since test -x without parameter
    succeeds, leading to the execution of the next command, breaking
    maintainer scripts (Closes: #563121).
  * Set urgency to “high” accordingly.
  * Introduce ${misc:Depends} for all binary packages.

 -- Cyril Brulebois <kibi op debian.org>  Thu, 31 Dec 2009 13:16:08 +0100

defoma (0.11.10-3) unstable; urgency=low

  * QA upload to fix errors in previous QA upload
  * Fix prerm snippets to properly call "defoma-font purge-all"
    and not "defoma-font update". Closes: #557321

 -- Christian Perrier <bubulle op debian.org>  Sun, 22 Nov 2009 15:34:49 +0100

defoma (0.11.10-2) unstable; urgency=low

  * QA upload to deal with lintian warnings in my packages
  * Drop hardcoded patch in defoma utilities calls in
    debhelper snippets. Closes: #533636
  * Drop code dealing with upgrades from very old pre-0.4.12 versions
    as it unconditionnally waits from user input
    Closes: #553280

 -- Christian Perrier <bubulle op debian.org>  Sun, 08 Nov 2009 18:33:42 +0100

defoma (0.11.10-1) unstable; urgency=low

  * QA upload.
  * Fix dependency on libftp-perl (Closes: #514635, #285653)

 -- Don Armstrong <don op debian.org>  Tue, 18 Aug 2009 16:15:28 -0700

dpkg (1.15.8.13) stable; urgency=low

  [ Guillem Jover ]
  * Do not translate SE Linux context to human readable form while unpacking,
    as that might cause the operation to fail if the mcstransd daemon
    stopped running during the transaction. Closes: #679641
    Thanks to Russell Coker <russell op coker.com.au>.

  [ Updated man page translations ]
  * German (Helge Kreutzmann). Fix sub optimal translation of package states
    LP: #368783, a fix by Chris Leick and other fixes.

 -- Guillem Jover <guillem op debian.org>  Fri, 07 Sep 2012 08:28:56 +0200

dpkg (1.15.8.12) stable; urgency=low

  [ Guillem Jover ]
  * Do not fail to unpack shared directories missing on the file system
    from packages being replaced by other packages. Closes: #631808
  * Defer hardlink renames so that there's never a point were the new
    file contents are accessible from the final path before they have
    been fsync()ed and cannot be executed causing ETXTBSY when trying
    to open the to be installed paths for writing.
    Thanks to Jonathan Nieder <jrnieder op gmail.com>. Closes: #635683
  * Add armhf support to ostable and triplettable. Closes: #594179, #639674

  [ Updated man page translations ]
  * German (Helge Kreutzmann). Minor fixe(s), including improvement by "Flo".

  [ Updated scripts translations ]
  * German (Helge Kreutzmann). Minor fix from Sven Joachim.
    Typo fixes. Closes: #646496

 -- Guillem Jover <guillem op debian.org>  Thu, 10 Nov 2011 07:20:52 +0100

dpkg (1.15.8.11) stable; urgency=high

  [ Guillem Jover ]
  * Do not segfault on “dpkg -i --no-act”.
  * Add missing semicolon to the vsnprintf() compat declaration.
    Thanks to Robert Millan. Closes: #612203
  * Fix typo in «dpkg-name --overwrite» argument parsing so that it actually
    works at all. Thanks to Ivan Gagis <igagis op gmail.com>. LP: #728708
  * Fix dpkg-split to not corrupt binary part metadata when generating the
    split packages on 32-bit systems.

  [ Raphaël Hertzog ]
  * Fix a regression in dpkg-divert where using --rename led to a failure when
    the rename implies crossing file systems. Thanks to Durk Strooisma for
    spotting it.

  [ Updated dpkg translations ]
  * German (Sven Joachim).

  [ Updated man page translations ]
  * German (Helge Kreutzmann). Minor fixe(s).

 -- Guillem Jover <guillem op debian.org>  Tue, 26 Apr 2011 08:21:04 +0200

dpkg (1.15.8.10) unstable; urgency=low

  * Do not segfault on “update-alternatives --auto” when the link group only
    has alternatives which are dangling symlinks. Closes: #611545

 -- Guillem Jover <guillem op debian.org>  Sun, 30 Jan 2011 20:28:27 +0100

dpkg (1.15.8.9) unstable; urgency=low

  [ Raphaël Hertzog ]
  * Drop Breaks on konqueror to avoid some lenny -> squeeze upgrade
    problems. It was only needed to ensure install-info is installed
    even for partial upgrades. Closes: #610991
  * Do the same for all emacs/jed packages. For jed, the breaks has been
    rendered useless as the maintainers dropped the install-info dependencies
    anyway.

  [ Updated dpkg translations ]
  * Remove space before "…" in several Catalan strings (Jordi Mallach).
  * Romanian (Stan Ioan-Eugen).

 -- Raphaël Hertzog <hertzog op debian.org>  Mon, 24 Jan 2011 20:24:53 +0100

dpkg (1.15.8.8) unstable; urgency=low

  [ Guillem Jover ]
  * Truncate the output part file on “dpkg-split -s”. Regression introduced
    with the C rewrite.

  [ Updated man page translations ]
  * Two typos fixed in French (Christian Perrier, thanks to Julien
    Valroff).

  [ Raphaël Hertzog ]
  * Fix multiple security issues with dpkg-source (CVE-2010-1679):
    - Enhance checks to catch maliciously crafted patches which could modify
      files outside of the unpacked source package.
    - Do not consider a top-level symlink like a directory when
      extracting a tarball.
    - Exclude .pc while extracting the upstream tarball in 3.0 (quilt)
      as patch blindly writes in that directory during unpack (and would
      follow any existing symlink).

 -- Raphaël Hertzog <hertzog op debian.org>  Thu, 06 Jan 2011 21:04:33 +0100

dpkg (1.15.8.7) unstable; urgency=low

  [ Guillem Jover ]
  * Defer symlink renames so that there's never a point were a symlink
    is broken, this is particularly important for shared libraries.
    Closes: #605536
  * On Linux use sync_file_range() to initiate asynchronous writeback
    of just unpacked files. Suggested by Ted Ts'o <tytso op mit.edu>.
    Thanks to Jonathan Nieder <jrnieder op gmail.com>. Closes: #605009
  * On non-Linux use posix_fadvise(POSIX_FADV_DONTNEED) to notify the kernel
    dpkg does not need the unpacked files any longer, and that it can start
    writeback to be able to evict them from the cache at a later point.
  * Fix stanza delimiting on -L, -s and -p output. This was making the output
    for multiple packages unrealiable to parse. Closes: #606315

  [ Updated dpkg translations ]
  * Basque (Iñaki Larrañaga Murgoitio). Closes: #607253
  * Catalan (Guillem Jover).
  * Czech (Miroslav Kure). Closes: #605099
  * Esperanto (Felipe E. F. de Castro). Closes: #607437
  * French (Christian Perrier).
  * German (Sven Joachim).
  * Indonesian (Arief S Fitrianto). Closes: #605248
  * Italian (Milo Casagrande). Closes: #607306
  * Japanese (Kenshi Muto). Closes: #607259
  * Norwegian Bokmål (Hans Fredrik Nordhaug).
  * Portuguese (Miguel Figueiredo). Closes: #605506
  * Russian (Yuri Kozlov). Closes: #607292
  * Simplified Chinese (Aron Xu).
  * Slovak (Ivan Masár). Closes: #607302
  * Spanish (Javier Fernandez-Sanguino).
  * Thai (Theppitak Karoonboonyanan). Closes: #607501

  [ Updated man page translations ]
  * French (Christian Perrier).
  * German (Helge Kreutzmann).
  * Spanish (Omar Campagne).

  [ Updated dselect translations ]
  * Spanish (Javier Fernandez-Sanguino).

  [ Updated scripts translations ]
  * German (fix by Sven Joachim).
  * Spanish (Javier Fernandez-Sanguino).

 -- Guillem Jover <guillem op debian.org>  Mon, 20 Dec 2010 02:26:26 +0100

dpkg (1.15.8.6) unstable; urgency=low

  [ Raphaël Hertzog ]
  * Ensure debian/source/local-options is always excluded from the source
    package even if the user provides customized -i or -I options.
    Closes: #597023
  * Fix Dpkg::Version's handling of version with a debian revision but an
    empty version (e.g. "-0.1"). Thanks to James Vega <jamessan op debian.org>
    for the patch. Closes: #597651
  * With "3.0 (quilt)" source package, create .pc/.quilt_series with the
    correct series file if the source package provides vendor specific patch
    sets.

  [ Guillem Jover ]
  * Disable by default usage of synchronous sync(2), as it causes undesired
    I/O on unrelated file systems. Closes: #588339, #595927, #600075
  * Add new --force-unsafe-io to disable safe I/O operations on unpack.
    Closes: #584254

  [ Updated man page translations ]
  * French (Christian Perrier). Including a typo fix and a typographical
    change reported by Vincent Danjean. Closes: #601852
  * Spanish (Omar Campagne). Closes: #596519

  [ Updated programs translations ]
  * Basque (Iñaki Larrañaga Murgoitio). Closes: #599923
  * Catalan (Jordi Mallach).
  * Danish (Ask Hjorth Larsen). Closes: #600240
  * German (Sven Joachim). Improved by Holger Wansing.
  * Italian (Pietro Battiston). Fix translation of "however". Closes: #602518
  * Portuguese (Miguel Figueiredo). Closes: #596168
  * Romanian (Andrei Popescu). Closes: #604769
  * Russian (Yuri Kozlov). Closes: #595455
  * Vietnamese (Clytie Siddall). Closes: #598473

  [ Updated scripts translations ]
  * Catalan (Jordi Mallach).
  * German (Sven Joachim).

  [ Updated dselect translations ]
  * Catalan (Jordi Mallach).
  * German (Sven Joachim).

 -- Guillem Jover <guillem op debian.org>  Thu, 25 Nov 2010 07:10:48 +0100

dpkg (1.15.8.5) unstable; urgency=low

  [ Guillem Jover ]
  * Do not print a warning when parsing status or status log files on
    half-installed packages w/o a Description or Maintainer field, as
    this happens normally when the package was never installed before.
    Closes: #594167
  * Improve git format documentation in dpkg-source(1).
    Thanks to Joey Hess, based on a patch by Tanguy Ortolo.
  * Clarify effect of “dpkg --purge” on homedir files in dpkg(1).
    Thanks to The Fungi <fungi op yuggoth.org>. Closes: #593628
  * Add gettext plurals infrastructure support.
  * Add gettext messages for plural forms. Closes: #594218
  * Fix possible but improbable segfault in update-alternatives in case
    the master file name contains a format string specifier. Reported by
    Sandro Cazzaniga.
  * Fix realloc usage on compat scandir() implementation.

  [ Raphaël Hertzog ]
  * Fix dpkg-genchanges to not split the short description in the middle of a
    UTF8 character. Closes: #593442
  * Drop -k parameter from the tar call used by dpkg-source to extract
    tarballs. Upstream binary files modified by the packager were not properly
    installed due to this. Thanks to James Westby for the report.
    Closes: #594440
  * Make dpkg Breaks: dpkg-dev (<< 1.15.8) so that older versions of dpkg-dev
    that did not depend on libdpkg-perl must be upgraded together with dpkg.
    Closes: #596417

  [ Helge Kreutzmann ]
  * Fix encoding of German addendum. Closes: #595643

  [ Updated programs translations ]
  * Esperanto (Felipe Castro). Closes: #596173
  * French (Christian Perrier).
  * German (Sven Joachim).
  * Indonesian (Arief S Fitrianto). Closes: #596657
  * Italian (Milo Casagrande). Closes: #592953, #595615
  * Japanese (Kenshi Muto). Closes: #595468
  * Korean (Changwoo Ryu). Closes: #595556
  * Norwegian Bokmål (Hans Nordhaug). Closes: #595208
  * Simplified Chinese (Aron Xu). Closes: #594513
  * Slovak (Ivan Masár). Closes: #595968
  * Swedish (Peter Krefting).
  * Thai (Theppitak Karoonboonyanan). Closes: #594011

  [ Updated man page translations ]
  * French (Christian Perrier).
  * German (Helge Kreutzmann).
  * Swedish (Peter Krefting).

  [ Updated scripts translations ]
  * French (Christian Perrier). Includes a fix to a specific
    message translation that was imprecise. Closes: #596333
  * German (Helge Kreutzmann). Improved by Holger Wansing.
  * Norwegian Bokmål (Hans Fredrik Nordhaug). Closes: #595299
  * Spanish (Omar Campagne).  Closes: #596518
  * Swedish (Peter Krefting).
  * Russian (Yuri Kozlov). Closes: #595175

 -- Guillem Jover <guillem op debian.org>  Tue, 14 Sep 2010 01:26:21 +0200

dpkg (1.15.8.4) unstable; urgency=low

  [ Guillem Jover ]
  * Fix use after free segfault on update-alternatives --remove-all.
    Closes: #591653, #591654
  * Always print a massage on warning when parsing control files.
  * On database parsing only warn on bogus versions previously accepted,
    the other instances will keep producing errors, to avoid newly
    introduced bogosity. Closes: #590885, #590896, #591692, #591885
  * Fix compilation on Solaris and Darwin:
    - Link update-alternatives against libintl if libc does not have i18n
      support.
    - Include <limits.h> for _POSIX_MAX_PATH in update-alternatives.
    Thanks to Fabian Groffen <grobian op gentoo.org>.

  [ Raphaël Hertzog ]
  * Fix make -C man install so that it actually finds the manual pages
    to install. Closes: #591588
  * When analyzing the ELF format of a binary in dpkg-shlibdeps, fallback on
    usual objdump when the cross objdump failed. Closes: #591522

  [ Sven Joachim ]
  * Ensure removal of leftover backup .dpkg-tmp files after unpacking
    failures, when the backup is still a hard link to the original file.
    Closes: #591993

 -- Guillem Jover <guillem op debian.org>  Fri, 13 Aug 2010 06:02:10 +0200

dpkg (1.15.8.3) unstable; urgency=low

  [ Raphaël Hertzog ]
  * Fix dpkg-divert test suite to cope with + and other special characters for
    regexps in the build directory name. Thanks to Jonathan Nieder for the
    patch and to Phil Kern for the report. Closes: #591182

  [ Guillem Jover ]
  * Fix buffer overflow in dpkg_ar_member_put_header causing it to write the
    header to fd 0 (instead of ar_fd) depending on the stack layout, affecting
    armel. Thanks to Phil Kern for the analysis and Reinhard Tartler for the
    initial patch. Closes: #591312

 -- Guillem Jover <guillem op debian.org>  Mon, 02 Aug 2010 10:38:07 +0200

dpkg (1.15.8.2) unstable; urgency=low

  * Bump libdpkg-perl Depends on dpkg to 1.15.8, as it will break dpkg
    versions before that when installing and removing libdpkg-perl,
    because older update-alternatives and dpkg-divert require Dpkg.pm and
    Dpkg/Gettext.pm which will disappear due to the Replaces. Closes: #590867
    Thanks to Sven Joachim <svenjoac op gmx.de> for the analysis.
  * Allow specifying again absolute and relative paths for dpkg-buildpackage
    -r option. Closes: #591010

 -- Guillem Jover <guillem op debian.org>  Sat, 31 Jul 2010 04:20:01 +0200

dpkg (1.15.8.1) unstable; urgency=low

  * Fix off-by-one error in update-alternatives that lead to an infinite loop
    while writing the administrative file. Closes: #590854

 -- Raphaël Hertzog <hertzog op debian.org>  Thu, 29 Jul 2010 21:18:16 +0200

dpkg (1.15.8) unstable; urgency=low

  [ Raphaël Hertzog ]
  * Add new commands --before-build and --after-build to dpkg-source
    and modify dpkg-buildpackage to call them automatically at the
    start and at the end of the process. With "3.0 (quilt)" source packages
    this ensures patches are applied even in case of binary-only builds.
    Closes: #572526
  * Merge non-regression test for Ubuntu's specificities concerning
    changelog handling. Closes: #582389
  * Fix some copy-paste mistakes in dpkg-architecture(1). Thanks to Ian Fleming
    <iflema op yahoo.com.au> for the patch and Colin Watson for forwarding out of
    Launchpad. Closes: #582404 LP: #564308
  * Clarify description of dpkg --configure in dpkg(1). Thanks to Colin Watson
    for the patch and to Robert Persson for the report.
    Closes: #582406 LP: #77287
  * Fix the non-regression test lib/dpkg/test/t-ar.c by not overflowing the
    size of ar_name. Thanks to Colin Watson for the report, analysis and patch.
    Closes: #582401
  * Modify Dpkg::Shlibs::Objdump to use the cross objdump binary when cross
    compiling. Thanks to Loïc Minier for the initial patch. Closes: #578365
  * Make dpkg-maintscript-helper more robust when required parameters are
    missing. Closes: #582814
  * Clarify that dpkg-maintscript-helper rm_conffile needs the last version of
    the package that did not remove the obsolete conffile if this was not
    implemented at the time the file became obsolete. Closes: #582893
  * Enhance dpkg-maintscript-helper rm_conffile and mv_conffile to work
    properly when <lastversion> is not given (or is empty). Closes: #582819
  * Small fix in dpkg-gensymbols' handling of tags. Closes: #583656
    Thanks to Michael Tautschnig <mt op debian.org> for the report and the fix.
  * update-alternatives has been rewritten in C, the only feature change
    should be that it uses its own logfile /var/log/alternatives.log (rotated
    like dpkg.log).
  * Implement new --unapply-patches option for dpkg-source with source formats
    2.0 and 3.0 (quilt) that unapplies the patches after a successful build.
    This option can be put in debian/source/local-options in the package VCS
    repository for instance.
  * Implement new --abort-on-upstream-changes option for dpkg-source with
    source formats 1.0, 2.0 and 3.0 (quilt). It aborts every time that you try
    to build a source package which contains (unmanaged) changes to the
    upstream source code. Closes: #579012
  * dpkg-source now captures the output of patch and prints it on error so
    that the user can better diagnose what went wrong. Closes: #575304
  * Fix Dpkg::Changelog to cope properly with an entry of version "0".
    Add non-regression test for this. Closes: #587382
  * Add --export command to dpkg-buildflags to be used in shell with eval.
  * Modify source format "3.0 (git)" to use git bundles. Thanks to Joey Hess
    for the patch.
    The usage of git bundle avoids distributing cruft. Closes: #477954
    It's no longer needed to tell which branch contains the debian packaging,
    it uses automatically the one that was used at build-time. Closes: #534637
  * Pass --no-name option to gzip to avoid encoding the timestamp in the file
    so that the result is more predictable. Closes: #587724
    Also pass --rsyncable to make source packages more rsync friendly.
  * Replace dpkg-source's tar ignore pattern "*~" with "*/*~" to avoid
    matching on the top level directory. Closes: #588265
  * In source formats "2.0" and "3.0 (quilt)", make sure to remove the
    upstream-provided debian directory before copying the debian-provided
    version of that directory in place. Closes: #590297

  [ Guillem Jover ]
  * Require gettext 0.18:
    - Remove embedded gettext files from the repository, now properly
      installed by autopoint for all po/ directories.
    - Add versioned Build-Depends.
  * Fix variable usage after delete in dselect.
  * Change default configure admindir to LOCALSTATEDIR/lib/dpkg from
    LOCALSTATEDIR/dpkg, so that we can use a correct --localstatedir=/var.
  * Add two new dpkg options --path-exclude and --path-include for filtering
    files on package installation. This allows embedded systems to skip
    /usr/share/doc, manpages, etc. Based on work from Tollef Fog Heen and
    Martin Pitt, thanks! Closes: #68788, #68861, #497304, #525567, #583902
  * Remove obsolete internal status aliases “postinst-failed” for
    stat_halfconfigured and “removal-failed” for stat_halfinstalled.
  * Check version syntax when parsing it from libdpkg based programs.
    Closes: #574704
  * Rewrite mksplit in C, and merge it into dpkg-split.
  * Rewrite dpkg-divert in C.
  * Use linux-any wildcard for libselinux1-dev Build-Depends instead of
    using a list of negated architectures.
  * Use Breaks instead of Conflicts in dpkg, dpkg-dev and libdpkg-perl binary
    packages.
  * Move Dpkg.pm and Dpkg/Gettext.pm from dpkg to libdpkg-perl.
  * Bump Standards-Version to 3.9.1.
  * Detect when another process has locked the database, and mention that
    problematic dpkg --audit results might be due to ongoing operations.
    Closes: #80252
  * Add new dpkg --force-confask option that forces a conffile prompt when
    the conffile from the new package does not differ from the previous one.
    Thanks to Henning Makholm <henning op makholm.net>. Closes: #102609
  * On dpkg-divert --rename, check if the source file exists, and disable
    renaming if it does not. Closes: #550252
    As a side effect, this avoids useless errors when the destination
    directory is not existent or writable. Closes: #581544
  * Properly compute the longest package description from all to be displayed
    on “dpkg-query --list”, so that it does not get incorrectly trimmed.
  * Consistently use earlier/later instead of smaller/bigger when describing
    comparison relationships. Closes: #587641
  * Stop exporting DPKG_LIBDIR to maintainer scripts, no need for it anymore.
  * Assign correct SE Linux label on non-regular files. Based on a patch by
    Russell Coker <russell op coker.com.au>. Closes: #587949
  * Add -F option to dpkg-buildpackage to be able to explicitly specify a
    normal full build and combine it with -nc. Closes: #547993
  * Add missing mentions of the Breaks field alongside the other fields
    sharing the same syntax in deb-control(5).
    Thanks to Osamu Aoki <osamu op debian.org>. Closes: #590472

  [ Updated programs translations ]
  * Catalan (Guillem Jover).
  * German (Sven Joachim).
  * Russian (Yuri Kozlov). Closes: #579149
  * Swedish (Peter Krefting).

  [ Updated man page translations ]
  * German (Helge Kreutzmann).
  * Russian (Yuri Kozlov). Closes: #579149
  * Spanish (Omar Campagne).
  * Swedish (Peter Krefting).

  [ New scripts translation ]
  * Spanish (Omar Campagne).

  [ Updated scripts translations ]
  * French (Christian Perrier).
  * German (Helge Kreutzmann). Improved by Holger Wansing.
  * Russian (Yuri Kozlov). Closes: #579149
  * Swedish (Peter Krefting).

 -- Guillem Jover <guillem op debian.org>  Thu, 29 Jul 2010 09:37:35 +0200

dpkg (1.15.7.2) unstable; urgency=low

  [ Raphaël Hertzog ]
  * Update dpkg-buildflags to respect $XDG_CONFIG_HOME and to use
    $XDG_CONFIG_HOME/dpkg/buildflags.conf by default.
  * Update deb-substvars(5) to codify how variables containing multiple
    lines must be managed.
  * Fix boolean evaluation of Dpkg::Version so that version 0 evaluates to
    false and dpkg-shlibdeps can strip the minimal version specification.
    Closes: #579724
    Document this behaviour in the API and add non-regression test to ensure
    it's kept.
  * Let dpkg-buildflags error out when a required parameter is missing.
    Closes: #579722
  * Add Bug-Ubuntu field in DEP-3 template provided in the automatic header
    of patches in 3.0 (quilt) source packages. Thanks to Benjamin Drung
    <bdrung op ubuntu.com> for the patch. Closes: #578002
  * Update deb-override(5) by removing references to usage of sections
    to place the packages on the mirrors and by indicating that the Debian
    policy offers a list of allowed values for section and priority.
    Closes: #575410
  * Update reference to triggers.txt.gz in dpkg-trigger(1) and deb-triggers(5)
    to match the new location. Closes: #580774
  * Drop mention of PKG_CONFIG_LIBDIR in dpkg-buildpackage(1), the feature has
    been removed in 1.15.6.
  * Rename /usr/lib/dpkg/maintscript-helper into
    /usr/bin/dpkg-maintscript-helper, it is a public interface even if working
    around known limitations.
  * Add "supports" command to dpkg-maintscript-helper to ensure the wanted
    command is supported before calling it.

  [ Guillem Jover ]
  * Add powerpcspe support to ostable and triplettable.
    Thanks to Sebastian Andrzej Siewior <sebastian op breakpoint.cc> and
    Kyle Moffett <Kyle.D.Moffett op boeing.com>. Closes: #568123, #575158
  * Fix dpkg --root by properly stripping again the root directory from the
    path of the maintainer script to execute. Closes: #580984
  * On Linux use sync() instead of an fsync() per file on deferred extraction,
    to workaround performance degradation on ext4. Closes: #578635

  [ Gerfried Fuchs ]
  * Fix syntax error in dpkg-name. Closes: #581315

 -- Guillem Jover <guillem op debian.org>  Wed, 19 May 2010 07:57:14 +0200

dpkg (1.15.7.1) unstable; urgency=low

  * Fix dpkg-source -b (without -i) for source packages 1.0. Closes: #578693
    It was erroneously ignoring all changes because the ignore regex was
    wrong (due to the change to ignore debian/source/local-options).
  * Add missing call to textdomain() in dpkg-mergechangelogs to make
    translations work.

 -- Raphaël Hertzog <hertzog op debian.org>  Thu, 22 Apr 2010 08:05:20 +0200

dpkg (1.15.7) unstable; urgency=low

  [ Raphaël Hertzog ]
  * Clarify the plan concerning dpkg-source, debian/source/format and
    the default source format in dpkg-source(1). Add a warning
    in dpkg-source to invite people to always create debian/source/format.
    We deprecate the fallback to "1.0" (it's there for backwards compatibility
    only) and debian/source/format is going to be mandatory at some point in
    the future. Closes: #553928
  * Add .gitattributes to list of files ignored by dpkg-source.
  * Document most common warnings and errors of dpkg-source in its manual
    page.
  * Let dpkg-source read options from debian/source/local-options as well but
    do not include that file in the generated source package.
  * Improve explanation of --all option in dpkg-parsechangelog(1). Thanks to
    Jari Aalto. Closes: #575706
  * Fix dpkg to not lose package metadata on filesystems where readdir()
    returns new files added after the opendir() call, btrfs in particular
    triggered the problematic behaviour. Closes: #575891
  * Tigthen the regex used by dpkg-source to match the component name of
    supplementary tarballs so that undercore (_) are not allowed as it was
    supposed to be.
  * Introduce a new script called dpkg-buildflags: its purpose is to retrieve
    compilation flags and it should be used within debian/rules to pass
    the right compilation flags to the build process. dpkg-builpackage still
    exports them to not break packages currently relying on them but packages
    should now start using dpkg-buildflags instead. Closes: #560070
  * For Ubuntu set default value of LDFLAGS to -Wl,-Bsymbolic-functions.
  * Cleanup some old Conflicts/Replaces, thanks to Helge Kreutzmann.
  * Modify dselect to treat all unknown package as known and marked for purge.
    This is a temporary work-around so that dselect doesn't try to reinstall
    packages of priority > standard that were removed or not installed. Thanks
    to Robert Luderda for the patch. Closes: #559519, #556889
  * dpkg now exports DPKG_MAINTSCRIPT_NAME to maintainer scripts with the
    type of maintainer script currently running (preinst, postinst, prerm,
    postrm). Closes: #546577
  * dpkg now exports DPKG_LIBDIR to maintainer scripts pointing to the
    private directory containing internal programs like the upcoming
    maintscript-helper.
  * Add $DPKG_LIBDIR/maintscript-helper program that can be used in
    maintainer scripts to perform common operations working around
    current dpkg limitations: first version supports removing obsolete
    conffiles and renaming conffiles. Closes: #514316
  * Fix "dpkg-scansources -e", it was calling a non-existing function.
    Closes: #578162
  * Add new script dpkg-mergechangelogs to do 3-way merges of Debian
    changelogs. Add libalgorithm-merge-perl to Recommends for the
    benefit of this script.

  [ Colin Watson ]
  * Modern tar files typically use NormalFile1 rather than NormalFile0 for
    file objects. A typo meant that the former never triggered rename
    deferral. Closes: #577756
  * Use the new list of files on rename deferral instead of old one, so that
    newly added files get installed.

  [ Guillem Jover ]
  * Report deferred trigger errors on status-fd. Closes: #574599
    Thanks to Michael Vogt <michael.vogt op ubuntu.com>.
  * When creating hard links to normal files on extraction use the .dpkg-new
    filename for source as the file is not yet in place due to the rename
    deferral. Thanks to Colin Watson for the initial patch.
  * Do not output the Package-Type field on udeb.
  * Fix versioned Replaces to not produce file overwrite errors on downgrades.
    Closes: #568566
  * Fix installation of replaced and replacing packages in reverse order
    (first the replacing then the replaced) for which the replaced package
    is supposed to get disappeared, to disappear the correct package and not
    lose track of the ownership of the replaced files.

  [ Updated dpkg translations ]
  * German (Sven Joachim).

  [ Updated dselect translations ]
  * German (Sven Joachim).

  [ Updated man page translations ]
  * German (Helge Kreutzmann).

  [ Updated scripts translations ]
  * German (Helge Kreutzmann).

 -- Guillem Jover <guillem op debian.org>  Wed, 21 Apr 2010 04:05:55 +0200

dpkg (1.15.6.1) experimental; urgency=low

  [ Guillem Jover ]
  * Fix two memory leaks introduced in 1.15.6.
  * Always use C99 variadic macros, as the build requires them anyway, we
    avoid exposing the configure variable HAVE_C99 on installed headers.
  * Use __attribute__ keyword depending on compiler support, we avoid
    exposing the configure variable HAVE_C_ATTRIBUTE on installed headers.
  * Do not allow a --retry schedule in start-stop-daemon where forever is
    the last item, as it needs something to repeat over. Closes: #570938
  * Show dselect dependency/conflicts resolution screen again, by switching
    the code to use STL's min() and max() instead of preprocessor macros, to
    avoid multiple evaluation of arguments. Regression introduced in 1.15.6.
    Based on a patch by Robert Luberda <robert op debian.org>. Closes: #574816
  * Defer the fsync and rename for normal files in tar extraction so that
    it's done in one pass afterwards, to avoid massive I/O degradation due to
    the serialization from each write + fsync. This restores extraction times
    to numbers closer to the ones before the fsync patch introduced in 1.15.6.

  [ Raphaël Hertzog ]
  * Accept source packages without "Format" field for compatibility with very
    old source packages. Thanks to Colin Watson for the report and the patch.
    Closes: #574097

  [ Updated dpkg translations ]
  * French (Christian Perrier).
  * Swedish (Peter Krefting).

  [ Updated scripts translations ]
  * Swedish (Peter Krefting).

 -- Guillem Jover <guillem op debian.org>  Wed, 24 Mar 2010 13:56:28 +0100

dpkg (1.15.6) experimental; urgency=low

  [ Raphaël Hertzog ]
  * debian/control: Add the accent on my first name.
  * Perl API cleanup:
    - rename Dpkg::Deps dump() methods into output([$fh]), overload string
      representation ("$dep") to provide the result of $dep->output()
    - prefix public functions in Dpkg::Deps with deps_ and export them
      by default
    - rename Dpkg::Source::Compressor in Dpkg::Compression::Process
    - rename Dpkg::Source::CompressedFile in Dpkg::Compression::FileHandle
      and completely redesign its API
    - update Dpkg::Compression's API to use compression_* functions
      instead of granting direct access to variables, integrate
      there management of default compression
    - introduce Dpkg::Interface::Storable and update many modules
      to make use of it
    - update Dpkg::BuildOptions to provide an object-oriented interface
    - update Dpkg::Checksums to provide an object-oriented interface
  * Drop debian-maintainers from Suggests since it's obsolete, the
    corresponding keyring is in debian-keyring.
  * Merge support of symbol patterns in dpkg-gensymbols. Thanks to
    Modestas Vainius for his work (see further for more details).
  * Accept filename with spaces and colon in the output of objdump.
    Required so that dpkg-shlibdeps support such files properly.
    Thanks to Raphaël Geissert for the patch. Closes: #565712
  * When unpacking a "3.0 (quilt)" source package, tell quilt where
    patches are (to be) stored. Requires quilt >= 0.48-5 to work.
    Closes: #557619
  * Fix update-alternatives to not try to reinstall an unknown alternative
    when the link group is broken, instead switch to the best choice in
    automatic mode. Closes: #566406
  * Don't return duplicate bug numbers in Launchpad-Bugs-Fixed:.
    Thanks to Brian Murray <brian op ubuntu.com> for the report
    and the patch. Closes: #569618
  * Add $VERSION numbers to all perl modules. Closes: #465256
    1.00 and higher means that the API should be stable
  * While parsing diff's output, accept any sentence that contains the word
    differ (as specified by POSIX) to identify that binary files could not be
    compared. Closes: #570008
  * dpkg-gencontrol does no longer accept arch-specific dependencies in
    arch: all packages. Closes: #560071
  * dpkg-gencontrol no longer warns if a substitution variable provided by -V
    is not used (the warning is meant to catch unused substitutions coming
    from the file, those are package specific with debhelper). Closes: #557133
  * dpkg-gencontrol now indicates which package is concerned by the substvars
    warning that it displays. Closes: #566837
  * dpkg-buildpackage now supports options --source-option=<opt> and
    --changes-option=<opt> to forward arbitrary options to dpkg-source and
    dpkg-genchanges respectively. Closes: #566230
  * The -T option of dpkg-{source,gencontrol,genchanges} can now be used
    multiple times to read substitution variables from multiple files.
    Closes: #363323
  * dpkg-source now supports an option --create-empty-orig in formats
    "2.0" and "3.0 (quilt)" to auto-create the main original tarball when
    there are supplementary tarballs. This makes it easier to bundle
    multiple software together. Closes: #554488
  * dpkg-source supports long option names --diff-ignore and --tar-ignore for
    -i and -I. A new option --extend-diff-ignore is introduced. Those options
    can thus now be used in debian/source/options.
  * Generate manual pages for perl modules.
  * Introduce the libdpkg-perl package and clarify its status in README.api.
  * Update Standards-Version to 3.8.4 (no changes needed).
  * Drop unused lintian override for arch-dep-package-has-big-usr-share on
    dselect.
  * The rewritten Dpkg::Checksums deals properly with filenames with
    spaces. Closes: #572030
  * dpkg-source does no longer fallback to other source formats if the
    requested one is not usable. Closes: #557459
  * Modify dpkg-source to error out when it would apply patches containing
    insecure paths (with "/../") and also error out when it would apply a
    patch through a symlink. Those checks are required as patch will happily
    modify files outside of the target directory and unpacking a source package
    should not be able to have any side-effect outside of the target
    directory. Fixes CVE-2010-0396.
  * Also error out when the quilt series contains a path with "/../" as this
    can cause patch to create files outside of the source package due
    to the -B .pc/$path option that it gets.

  [ Guillem Jover ]
  * Handle argument parsing in dpkg-checkbuilddeps and dpkg-scanpackages
    in a way consistent with the rest of the tools.
  * Recognize --help in addition to -h in dpkg-checkbuilddeps.
  * Add a --version option to dpkg-checkbuilddeps.
  * Improve and mark more messages in writedb() to make translators lifes
    easier. Closes: #408525
  * Improve update-alternatives --display output to use two leading spaces
    for current link and slave information. Use single quotes for both “best”
    and the alternative it's pointing to. Closes: #549167
  * Refer to “half configured” instead of “failed config” in «dpkg-query -l»
    header and dselect package status printing for consistency.
  * Make “dpkg-statoverride --quiet” actually do something, and quiesce
    most of the inoquous warning messages. Closes: #403211
  * Make “dpkg-statoverride --update --add” fail if it cannot update the
    mode and owner of the file. This would fail later on when dpkg itself
    applies the overrides, so better to signal this earlier.
  * Add sparc64 to cputable. Thanks to Aurelien Jarno <aurel32 op debian.org>.
    Closes: #560010
  * Do not allow diverting a file to itself, which makes the file to get
    removed. Closes: #312206
  * Make the check for duplicate fields in a stanza in libdpkg actually work,
    which now makes it fatal, as was intended originally. This should not
    cause problems for anything using dpkg-dev to build packages as those
    are already fatal on that case.
  * Add new deb-split(5) man page.
  * Fix misspellings of “explicitly” all over the place.
  * Normalize ar member names when reading (removing trailing spaces and
    slash), this allows deb-split packages be created with GNU ar.
  * Validate compression level on dpkg-deb argument parsing.
  * Fix error handling, clean up and refactor compression code.
    Thanks to Jonathan Nieder for several of the patches.
  * Do not print unambiguous epoch on dpkg file overwrite error.
  * Rename Dpkg::IPC::fork_and_exec() to Dpkg::IPC::spawn().
  * Change dpkg-dev to Depend on perl instead of perl5 and perl-modules.
  * Fix small memory leaks related to scandir() in dpkg-deb and libdpkg.
  * Fix dpkg-query and dpkg-trigger to actually print a version on --version.
  * Always spawn a new shell on conffile prompt, instead of supporting
    self backgrounding, remove DPKG_NO_TSTP environment variable support.
    Closes: #38334
  * Set DPKG_SHELL_REASON, DPKG_CONFFILE_OLD and DPKG_CONFFILE_NEW environment
    variables when spawning a shell for conffile examination. Closes: #60329
    Thanks to Daniel Martin <Daniel.Martin op jhu.edu> for the idea.
  * Add support for disabling update-alternatives at configure time using
    --withouth-update-alternatives.
  * Add support for disabling install-info at configure time using
    --withouth-install-info.
  * Update debian/copyright.
  * Use Debian instead of ‘Debian GNU/Linux’ when referring to the
    distribution.
  * On dpkg --no-act with --install, --unpack or --record-avail, and
    dpkg-deb --info or --field use mkdtemp() to create a temporary directory
    instead of insecure tempnam() or tmpnam() functions.
  * Remove --license and --licence options from tools.
  * Securely remove newly installed files when rolling-back a failed unpack.
  * Change default lzma compression level from 9 to 6.
    Thanks to Jonathan Nieder for the initial patch.
  * Add support for xz compressed data.tar member of binary packages. Add
    xz-utils to dpkg's Pre-Depends. Closes: #542160
    Thanks to Jonathan Nieder for the initial patch.
  * Use xz command to handle lzma compressed files in dpkg and dpkg-dev.
    This removes the lzma package from both dpkg and dpkg-dev dependencies.
  * Do not set PKG_CONFIG_LIBDIR in dpkg-buildpackage when cross-building.
    The proper solution to this is to let the build system choose the
    appropriate pkg-config binary for the build or host system in the same
    way pkg.m4 is handling it now. Closes: #551118
  * Dynamically link against all external libraries. This includes libbz2
    and zlib for dpkg-deb and and libselinux for dpkg on GNU/Linux.
  * Mark the libdpkg.a API as volatile and require any possible users to set
    LIBDPKG_VOLATILE_API to acknowledge that fact.
  * Add a new libdpkg-dev package with the headers and the static library,
    although its API should be considered volatile.
  * Reorganize the doc contents that goes into each package:
    - README.multicd only in dselect.
    - README.api only in development packages, dpkg-dev and libdpkg-dev.
    - triggers.txt only in dpkg-dev.
  * Move source.lintian-overrides to debian/source/lintian-overrides.
  * Switch SE Linux support to explicitly set path context. This fixes the
    mislabeling of files under <admindir> on conffile extraction or on unpack
    errors, due to improper default context restoration. Closes: #498438
  * Use FIEMAP when available (on Linux based systems) to sort the .list
    files loading order. With a cold cache it improves up to a 70%.
    Thanks to Morten Hustveit <morten op debian.org>.
  * When FIEMAP is not available use posix_fadvise() to start preloading the
    .list files before loading them. With a cold cache it improves up to 40%.
    Thanks to Stefan Fritsch <sf op sfritsch.de>. Closes: #557560
  * Call fsync(2) after writting files on disk, to get the atomicity
    guarantees when doing rename(2). Based on a patch by
    Jean-Baptiste Lallement <jeanbaptiste.lallement op gmail.com>.
    Closes: #430958
  * Call fsync(2) on database directories after creating, renaming or
    unlinking files, to guarantee the new file entry is correctly listed
    in the directory. Base on a patch by
    Jean-Baptiste Lallement <jeanbaptiste.lallement op gmail.com>.
  * Document in the man page the effects of setting TMPDIR for dpkg and
    dpkg-deb, HOME for dselect and dpkg and PAGER for dpkg. Closes: #572836
  * Document the exit codes for dpkg-query. Closes: #571798
  * Document “dpkg-query -l” abbreviated state information in the man page.
    Based on a patch by Marc-Jano Knopp <pub_br_debian.org op marc-jano.de>.
    Closes: #383869
  * Honour LINGUAS environment variable when installing translated man pages.
  * Allow disabling at configure time Unicode ncurses support for dselect.
    Based on a patch by Yuri Vasilevski <yvasilev op gentoo.org>.

  [ Modestas Vainius ]
  * Implement symbol patterns (Closes: #563752). From now on, it is possible to
    match multiple symbols with a single entry in the symbol file template.
    While the concept is not new (wildcards also match multiple symbols),
    patterns cover much more ground and are a lot more flexible. Together with
    the framework, 3 basic pattern types are supported:
    - c++ - matching C++ symbols by their demangled name (as emitted by
      c++filt);
    - symver - matching by symbol version. It replaces the wildcards feature
      which is still supported for backwards compatibility but is reimplemented
      on top of the new framework;
    - regex - matching symbol names with perl regular expression.
    Basic patterns may be combined where it makes sense.
  * As a positive side effect of the new symbol patterns implementation,
    patterns are now treated like normal symbols whenever possible, e.g. a
    pattern is MISSING if it does not match anything. As a result,
    dpkg-gensymbols is now able to detect NEW/MISSING symbols when patterns are
    present in the symbol file (Closes: #541464). Please note, however, that
    there is no way to detect symbol changes in the pattern match sets.
  * Add source version to the dpkg-gensymbols diff label, reformat it according
    to the rules of dpkg-name.
  * Add -a<arch> option to dpkg-gensymbols.
  * Add -q option to dpkg-gensymbols. -c0 will never fail but still generate a
    diff. Use -c0 -q to keep dpkg-gensymbols completely quiet as before
    (Closes: #568228).

  [ Jonathan Nieder ]
  * Fix a file handle leak in “dpkg-deb --info”. Thanks to Raphael Geissert
    for the report and patch.

  [ Helge Kreutzmann ]
  * Add dpkg-gensymbols.1 to the translatable man page set.

  [ Updated dpkg translations ]
  * Catalan (Guillem Jover).
  * French (Christian PERRIER).
  * German (Sven Joachim).
  * Italian 'Milo Casagrande). Closes: #567531
  * Simplified Chinese (Aron Xua). Closes: #558794
  * Slovak (Ivan Masár). Closes: #559269
  * Swedish (Peter Krefting).

  [ Updated dselect translations ]
  * Catalan (Guillem Jover).
  * French (Christian Perrier).
  * German (Sven Joachim).
  * Spanish (Javier Fernández-Sanguino). Closes: #572861
  * Swedish (Peter Krefting).

  [ Updated man page translations ]
  * French (Christian Perrier): correcting inconsistencies for the translation
    of "original" here and there. Thanks to Julien Valroff for pointing this.
  * German (Helge Kreutzmann).
  * Swedish (Peter Krefting).

  [ Updated scripts translations ]
  * Catalan (Guillem Jover).
  * French (Christian PERRIER).
  * German (Helge Kreutzmann).
  * Swedish (Peter Krefting).

 -- Guillem Jover <guillem op debian.org>  Fri, 12 Mar 2010 00:15:31 +0100

dpkg (1.15.5.6) unstable; urgency=low

  * dpkg-source: with format "3.0 (quilt)" ensure quilt's .pc directory is
    created before trying to register a new patch in .pc/applied-patches.
    Thanks to Tommi Vainikainen <thv+debian op iki.fi> for the report and the
    patch. Closes: #561237
  * Fix dpkg-buildpackage to set "parallel=" in DEB_BUILD_OPTIONS instead of
    the invalid "parallel=-1" when option "-j" is given. Closes: #562038
  * Clarify how dpkg-source --print-format works and display messages on
    STDERR when the requested format is discarded. Closes: #560391
  * Add ${misc:Depends} in all Depends fields.

 -- Raphaël Hertzog <hertzog op debian.org>  Fri, 08 Jan 2010 17:57:43 +0100

dpkg (1.15.5.5) unstable; urgency=low

  * Allow again new lines in dpkg-source and dpkg-genchanges on substvar and
    maintainer arguments.

 -- Guillem Jover <guillem op debian.org>  Tue, 22 Dec 2009 09:49:49 +0100

dpkg (1.15.5.4) unstable; urgency=low

  * Fix Dpkg::Index::get() and remove(). Thanks to Roderich Schupp
    <roderich.schupp op googlemail.com> for the patch. Closes: #558595
  * Modify implementation of "3.0 (quilt)" source format to not be
    behave differently depending on whether quilt is installed or not.
    The option --without-quilt is thus gone and dpkg-source creates
    and relies on the .pc directory to know whether patches are applied
    or not. Closes: #557667
  * Add new dpkg-source option --single-debian-patch supported by the source
    format "3.0 (quilt)" so that it behaves more like 1.0 and its single diff
    that is constantly updated with all upstream changes. Useful if the
    workflow is VCS based and can't generate a full patch set.
  * dpkg-source now uses debian/source/patch-header as header of the automatic
    Debian patch in format "3.0 (quilt)".
  * Fix Debian changelog parser so that the trailer line is again checked.

 -- Raphaël Hertzog <hertzog op debian.org>  Mon, 07 Dec 2009 09:24:31 +0100

dpkg (1.15.5.3) unstable; urgency=low

  [ Raphaël Hertzog ]
  * Avoid usage of IO::String in dpkg-scanpackages, rely on Dpkg::IPC
    instead to directly get a pipe file descriptor. Closes: #557013
  * Put "3.0 (quilt)" in the default list of formats tried by dpkg-source
    after "1.0" and before "3.0 (native)".
  * Let dpkg-source fail if several upstream orig.tar files are available
    (using different compression scheme) since we don't know which one
    to use.
  * Add missing "use Dpkg::Gettext" in Dpkg::Changelog::Entry::Debian.
    Closes: #557668
  * When building "3.0 (quilt)" source packages, use QUILT_PATCH_OPTS="-t -F 0
    -N -u -V never -g0" so that quilt is as strict as dpkg-source's internal
    implementation of quilt. Closes: #557664, #558233
  * Before accepting to build a 3.0 (quilt) source packages, ensure that
    debian/patches is a directory (or non-existing) and that
    debian/patches/series is a file (or non-existing). Closes: #557618
  * Dpkg::IPC::fork_and_exec() now includes the changed environment
    variables in the default error message displayed when the sub-process
    fails.

  [ Guillem Jover ]
  * Verify that the alternative used in update-alternatives --set has been
    registered instead of failing with an undefined value in the slave
    method. Closes: #554136
  * Strip leading spaces in the first line of a field's value in
    Dpkg::Control::Hash. Closes: #557547

 -- Guillem Jover <guillem op debian.org>  Fri, 27 Nov 2009 19:23:36 +0100

dpkg (1.15.5.2) unstable; urgency=low

  * Change Dpkg::Version API to accept invalid versions by default and add
    is_valid() method. The boolean evaluation of a version object returns
    true if the version is valid, false otherwise.
  * Update dpkg-shlibdeps to always use Dpkg::Version now that it can
    contain the empty version string. Closes: #556786
  * Keep compatibility with perl 5.8 by avoiding the _ prototype.

 -- Raphaël Hertzog <hertzog op debian.org>  Wed, 18 Nov 2009 11:54:50 +0100

dpkg (1.15.5.1) unstable; urgency=low

  * Fix build failures due to off_t type missmatch caused by not including
    <config.h> first on the unit tests. Suggested by Pierre Habouzit and
    Julien Cristau, thanks!

 -- Guillem Jover <guillem op debian.org>  Tue, 17 Nov 2009 16:42:00 +0100

dpkg (1.15.5) unstable; urgency=low

  [ Guillem Jover ]
  * Remove obsolete conffiles on purge. Closes: #421367, #453005, #454628
  * Update list of binaries dpkg checks on the PATH.
    - Remove install-info, now a wrapper that will disappear soonish.
    - Add programs used by dpkg itself: sh, rm, find, tar and dpkg-deb.
  * Check and warn on duplicate conffiles in dpkg-deb. Closes: #131633
  * Make the upstream build system silent by default with automake 1.11 or
    newer, and always verbose when building the Debian packages.
  * Fix small leak when parsing ‘--ignore-depends’ option values.
  * Define compatibility WCOREDUMP only if the system does not have it.
  * When start-stop-daemon fails to set the io scheduling warn instead of
    finishing fatally. Closes: #553580
  * Update md5 file paths in debian/copyright.
    Thanks to Jonathan Nieder <jrnieder op gmail.com>.
  * On ‘dpkg-trigger --help’ print the default admindir instead of the one
    passed on the command line.
  * Abort on configure if the required C99 extensions are not supported.
  * Add C coding style document.
  * Make dpkg as strict as dpkg-statoverride on input when validating the
    parsed data from the statdb.
  * Rewrite dpkg-statoverride in C.
  * Use C99 snprintf function family semantics to avoid having to call them
    in a loop to grow the varbuf buffer. This should reduce memory usage and
    be slightly faster on varbufprintf calls.
  * Use the size from stat to allocate the buffers for readlink, instead of
    indefinitely calling readlink and growing the buffer. This should reduce
    memory usage when handling lots of symlinks, and be slightly faster.
  * Rework varbuf api to avoid increasing buffers indefinitely when adding
    content to them, regardless of space being already available.
  * Fix build macros to allow start-stop-deaemon to use TIOCNOTTY.
  * Generate the autoconf version from git to make it easier to see when a
    snapshot version is being used.
  * Add infrastructure for doxygen, for now not installed anywhere.
  * Allow overriding the pkg-config path to ease cross-compilation.
    Suggested by Tollef Fog Heen <tfheen op err.no>.
  * Fix spelling errors in the Catalan translation. Closes: #553328
    Thanks to Robert Millan.
  * Update the FSF postal address in the source code license headers by
    replacing it with a URL to the gnu.org page.
  * Fix a file descriptor leak in dpkg-deb.
    Reported by Raphael Geissert <atomo64 op gmail.com>.
  * Fix resource leaks on error conditions in compat scandir.
  * Add a new status-fd action when disappearing a package. Closes: #537338

  [ Raphaël Hertzog ]
  * Add versioned dependency on base-files (>= 5.0.0) to dpkg-dev to ensure
    that /etc/dpkg/origins/default exists. Closes: #545274
  * Update Standards-Version to 3.8.3 (no changes needed).
  * Major changes to the perl API:
    - Dpkg::Control is now Dpkg::Control::Info
    - Dpkg::Cdata is gone and is replaced by a new Dpkg::Control
    - Dpkg::Control::Fields contains authoritative information
      about fields allowed in various types of control information
      (and can be customized by each vendor). It also integrates
      information that was previously available through Dpkg::Deps.
    - Dpkg::Changelog has been split in multiple modules and largely
      modified to offer an interface that is now more in line with the
      other modules.
  * All dpkg-* perl programs that work with control information have been
    updated to use the new Dpkg::Control interface.
    In this process, dpkg-scanpackages has been fixed to not skip non-standard
    fields. Closes: #494136
  * Create Launchpad-Bugs-Fixed directly in the changelog parsing code thanks
    to a new vendor hook post-process-changelog-entry. Closes: #536066
  * Integrate dpkg-ftp into dselect. Add the required Replaces and Conflicts.
  * dpkg-scanpackages/dpkg-scansources now supports compressed override files.
  * dpkg-scanpackages now supports a new --medium option as needed to
    generate Packages.cd file for consumption by the multicd dselect access
    method. Closes: #402527
  * Integrate dpkg-multicd into dselect. Add the required Replaces and
    Conflicts. The dpkg-scanpackages fork is dropped. Closes: #516631
  * Fix bashisms in dselect multicd access method. Closes: #530070
  * Add support of "xz" compression method for source packages. Add dependency
    dpkg-dev → xz-utils to ensure xz and unxz are available.
  * Fix dpkg-source --include-binaries to correctly compute the path name of
    the discovered binary files. Closes: #554612
  * Remove extra quoting that should not be there while passing an exclude
    file to git ls-files during build of 3.0 (git) source package.
    Thanks to Courtney Bane for the patch. Closes: #551829
  * Optimize dpkg-source -b by avoiding many diff calls when not required.
    Thanks to Mike Hommey for the idea. Closes: #554689
  * Add new option --print-format to dpkg-source to be able to know by advance
    the source format that would be used during a build.
  * Modify dpkg-source -b to use default build options from
    debian/source/options. Thus it's now possible to have sticky options, for
    example for the choice of a compression method (--compression=<comp>).
  * dpkg-source outputs the list of upstream files modified by the diff.gz
    (applies only to source packages using format 1.0). Closes: #482166
    It also recommends usage of 3.0 (quilt) format during dpkg-source -b if it
    detects changes to upstream files that are stored in the .diff.gz.
  * Add DEP-3 compliant headers to automatic patches created by dpkg-source
    in 3.0 (quilt) source format. Closes: #543581
  * Switch dpkg to source format "3.0 (native)" with bzip2 compression.

  [ Updated dpkg translations ]
  * Czech (Miroslav Kure).
  * French (Christian Perrier).
  * German (Sven Joachim).
  * Italian (Milo Casagrande). Closes: #548615, #555806
  * Polish (Wiktor Wandachowicz). Closes: #548541
  * Swedish (Peter Krefting).

  [ Updated dselect translations ]
  * Czech (Miroslav Kure).
  * French (Christian Perrier).
  * German (Sven Joachim).
  * Polish (Wiktor Wandachowicz). Closes: #548541
  * Swedish (Peter Krefting).

  [ Updated man page translations ]
  * French (Christian Perrier).
  * French translation error fixed (Christian Perrier)
    Thanks to Pietro Battiston for spotting it. Closes: #545446
  * German (Helge Kreutzmann).
  * Polish (Wiktor Wandachowicz). Closes: #548541
  * Swedish (Peter Krefting).

  [ Updated scripts translations ]
  * German (Helge Kreutzmann).
  * Polish (Wiktor Wandachowicz). Closes: #548541
  * Swedish (Peter Krefting).

 -- Guillem Jover <guillem op debian.org>  Tue, 17 Nov 2009 10:17:57 +0100

dpkg (1.15.4.1) unstable; urgency=medium

  * Do not mark any package as unseen in dselect. This is a workaround
    until it learns how to store such information again. Closes: #545366

 -- Guillem Jover <guillem op debian.org>  Mon, 19 Oct 2009 15:15:17 +0200

dpkg (1.15.4) unstable; urgency=low

  [ Guillem Jover ]
  * Call _g instead of g_ in dpkg-name.
  * Fix inverted logic when deciding to assume the architecture in dpkg-name
    when the package didn't have such field.
  * Do not take into account Revision and Package_Revision fields in dpkg-name
    and dpkg-scanpackages as they have been handled already by “dpkg-deb -I”.
  * Switch dpkg-scansources to use Dpkg::Cdata instead of duplicating the
    .dsc parsing code. As a side effect it now handles properly bogus files.
  * Do not remap obsolete fields in dpkg-scanpackages as they have been
    handled already by “dpkg-deb -I”.
  * Properly mark packages being purged for disappearance from the database.
    This will make the status database not be left behind with traces of old
    not-installed packages. Closes: #472208
  * On parse mark not-installed leftover packages for automatic removal from
    the database on next dump. This obsoletes the --forget-old-unavail option,
    thus making it now a no-op. Closes: #33394, #429262
  * Document “hold” under package selection states instead of flags in dpkg(1).
  * Remove trailing ‘/’ and ‘/.’ from the directory name to be used as the
    package name on “dpkg-deb -b”. Closes: #218018, #373602
  * Remove obsolete ‘hold’ and ‘hold-reinstreq’ internal status flags.
  * Add fakeroot to dpkg-dev Recommends. Closes: #536821
  * Fix an always false test when trying to decide which package to deselect
    to resolve a dependency problem in dselect.
  * Add uClibc Linux support to ostable and triplettable. Closes: #455501
  * Add uClinux support to ostable and triplettable.
    Thanks to Simon Richter <sjr op debian.org>.
  * When aborting due to file conflicts print the version of the conflicted
    package. Closes: #540019
  * Remove double slash in database path visible to the user in some error
    conditions.
  * Stop macthing sparc64-*-* GNU triplets with sparc Debian architecture.
  * Add support for config.d style directories in dpkg and dselect,
    (/etc/dpkg/dpkg.cfg.d and /etc/dpkg/dselect.cfg.d respectively).
  * Define DPKG_MAINTSCRIPT_ARCH on the maintainer script environment to the
    architecture the package got built for.
  * Document DPKG_MAINTSCRIPT_PACKAGE maintainer script environment variable
    in dpkg man page.
  * Document DPKG_RUNNING_VERSION maintainer script environment variable
    in dpkg man page.
  * Change po4a usage to not create unwated changes depending if doing out or
    in-tree builds.
  * Use po4a “--previous” support when updating the man pages.
    Suggested by Christian Perrier <bubulle op debian.org>.
  * On configuration error print file name and line number.
  * Allow quoting values in configuration file options.
  * Add new --pre-invoke and --post-invoke hooks in dpkg.
  * Add new --control-path command to dpkg-query.
  * Use ohshit on bad version syntax in --compare-versions.
  * Add Multi-Arch to the list of known binary package fields for dpkg-dev.
    Thanks to Steve Langasek <vorlon op debian.org>.

  [ Raphaël Hertzog ]
  * Replace install-info by a wrapper around GNU's install-info. The wrapper
    will be dropped in squeeze+1. dpkg now Breaks: old versions of
    info-browsers that do not depend on the new install-info package
    that provides the real functionality. Closes: #9771, #523980
    See http://wiki.debian.org/Transitions/DpkgToGnuInstallInfo for details.
  * Fix dpkg's preinst in case /var/lib/dpkg/alternatives contains unexpected
    sub-directories. Closes: #535138
    And also when one of the file doesn't contain correct alternatives
    information (improper number of lines). Closes: #537558
  * Upgrade Standards-Version to 3.8.2 (no changes).
  * Update deb-substvars(5) to list fields that do not support substvars.
    Closes: #535353
  * Fix dpkg-parsechangelog to include all entries with -v0 parameter.
    Closes: #537800
  * Fix update-alternatives to mention the correct slave link that can't
    be installed due to a conflicting file instead of quoting the master link.
  * Add support for extra override file in dpkg-scanpackages. Thanks to Robert
    Millan for the patch. Closes: #537559
  * Add support for extra override file in dpkg-scansources.
  * Document format of extra override file in a new manual page
    deb-extra-override(5).
  * Update sample in dpkg-gensymbols(1) to give an accurate listing of
    64 bit arches. Thanks to Julien Cristau for the patch. Closes: #540382
  * Create /etc/cron.daily/dpkg to handle the backup of
    /var/lib/dpkg/status in /var/backups. This is taken out of the cron
    package and need no conflicts/breaks as the code does nothing if
    the current status file is already backupped. Thanks to Leo 'costela'
    Antunes <costela op debian.org> for the patch. Closes: #541412
  * Change behaviour of dpkg --merge-avail to not update a package's
    information if the version provided is older than the one already listed
    in the available file. Thanks to Ian Jackson
    <ian op davenant.greenend.org.uk> for the patch. Closes: #496114
  * dpkg-architecture can now export DEB_{HOST,BUILD}_ARCH_{BITS,ENDIAN}
    (pointer size and endianness):
    - cputable (in dpkg) modified to contain those information
    - dpkg-dev depends on dpkg (>= 1.15.4) to ensure that we have an updated
      cputable (and so that a versioned build-dependency on dpkg-dev is enough
      to use this new feature)
    Closes: #531307
  * Split overly long Binary: field values over multiple lines. This is
    allowed since policy 3.8.3. Closes: #494714
  * Improve performance of dpkg-shlibdeps by caching minimal version
    associated to each library in Dpkg::Shlib::SymbolFile. Thanks to
    Jiří Paleček <jpalecek op web.de> for the patch.
  * Slightly improve dpkg-source(1) by giving the section name that we're
    referring to. Closes: #544037
  * Fix translation error in german manpage of dpkg-buildpackage. Thanks
    to Joachim Breitner <nomeata op debian.org>. Closes: #541829

  [ Modestas Vainius ]
  * Provide a meaningful label for dpkg-gensymbols diff.

  [ Updated dpkg translations ]
  * Asturian (Marcos Alvarez Costales). Closes: #535327
  * French (Christian Perrier).
  * German (Sven Joachim).
  * Italian (Milo Casagrande). Closes: #536538
  * Russian (Yuri Kozlov). Closes: #542254
  * Slovak (Ivan Masár). Closes: #537742
  * Swedish (Peter Krefting).

  [ Updated dselect translations ]
  * Russian (Yuri Kozlov). Closes: #542254
  * Slovak (Ivan Masár). Closes: #537741

  [ Updated man page translations ]
  * French (Christian Perrier).
  * German (Helge Kreutzmann), proofread by Jens Seidel.
  * Swedish (Peter Krefting).

  [ Updated scripts translations ]
  * French completed (Christian Perrier).
  * German (Helge Kreutzmann).
  * Russian (Yuri Kozlov). Closes: #542254
  * Swedish (Peter Krefting).

 -- Guillem Jover <guillem op debian.org>  Sun, 06 Sep 2009 09:37:45 +0200

dpkg (1.15.3.1) unstable; urgency=low

  [ Modestas Vainius ]
  * Fix wildcard support in symbol files. Closes: #536034

 -- Guillem Jover <guillem op debian.org>  Wed, 08 Jul 2009 11:26:36 +0200

dpkg (1.15.3) unstable; urgency=low

  [ Guillem Jover ]
  * Unset TAR_OPTIONS when extracting .deb archives.
  * Use default compressor values in dpkg-source from Dpkg::Source::Compressor.
  * Fix dpkg-scanpackages to properly detect spurious overrides.
  * Rewrite dpkg-name in perl.
  * Do not close already closed files in some error conditions in libdpkg.
  * Use the correct units (KiB) in dpkg-split when referring to partsize.
  * Document in dpkg-statoverride(8) that mode needs to be specified in
    octal. Closes: #534551
  * Mark argument names in dpkg-statoverride.1 in italic.
  * Explicitly pass field argument to Dpkg::ErrorHandling::unknown().
  * Move unknown() from Dpkg::ErrorHandling to Dpkg::Fields.

  [ Raphaël Hertzog ]
  * Unset TAR_OPTIONS when creating/extracting tar archives for source
    packages. Closes: #530860
  * Add cleanup of all invalid (master) alternatives in preinst script.
    Closes: #530633, #531611, #532739, #521760
  * Let update-alternatives fix a manual alternative with a dangling symlink
    by switching it to automatic mode. Closes: #529999
  * Add missing paragraph separator in dpkg-buildpackage(1). Thanks to Per
    Andersson <avtobiff op gmail.com>. Closes: #532769
  * Fix english mistake (“as you request” → “as you requested”) in several
    places. Thanks to David Stansby for the patch. Closes: #533171
  * Support tags before symbols in symbols file contained in source packages.
    The first two tags are "optional" (use it to not fail if the symbol might
    disappear from the library without breaking the ABI) and "arch" to
    restrict the set of architectures where the symbol is supposed to exist.
    Thanks to Modestas Vainius <modestas op vainius.eu> for the patch.
    See dpkg-gensymbols(1) for more information. Closes: #521551
  * Do not include #MISSING lines in symbols files integrated in binary
    packages. Closes: #526251
  * Assume an implicit version of "Base" for all unversioned symbols
    that are merged into a SymbolFile. Closes: #533181
  * Add new tag "ignore-blacklist" to force-include symbols which are
    normally blacklisted. This can be useful for libgcc to include symbols
    that the toolchain allows to be shared but that are often static (and
    hence are blacklisted for this reason). Closes: #533642
  * In dpkg-source, explicitly pass --keyring ~/.gnupg/trustedkeys.gpg to
    gpgv as it does not use it if other --keyring parameters are given.
    Closes: #530769
  * In dpkg-vendor, allow to use dashes instead of spaces in vendor
    filenames. Closes: #532222
  * Skip dpkg-genchanges' warning about lower version numbers for backports
    (recognized by ~bpo or ~vola in their version number). Closes: #525115
  * Support all checksum algorithms in dpkg-scanpackages/dpkg-scansources.
    Closes: #533828
  * Fix dependency parsing code in Dpkg::Deps to not accept "foo\nbar"
    even if foo is valid. Closes: #534464
    Thanks to Andrew Sayers for spotting the problem.

  [ Joachim Breitner ]
  * Warn about unused substvars in dpkg-gencontrol. Closes: #532760

  [ Updated dpkg translations ]
  * Catalan (Jordi Mallach). Closes: #532109
  * Czech (Miroslav Kure).
  * German (Sven Joachim). Closes: #534831
  * Simplified Chinese (Deng Xiyue). Closes: #531387
  * Swedish (Peter Krefting).

  [ Updated dselect translations ]
  * Czech (Miroslav Kure).

  [ Updated man page translations ]
  * German (Helge Kreutzmann).
  * Swedish (Peter Krefting).

  [ Updated scripts translations ]
  * German (Helge Kreutzmann).
  * Swedish (Peter Krefting).

 -- Guillem Jover <guillem op debian.org>  Sat, 27 Jun 2009 19:06:43 +0200

dpkg (1.15.2) unstable; urgency=low

  [ Guillem Jover ]
  * Fix FTBFS on GNU/Hurd due to a missmatched define usage in
    start-stop-daemon. Closes: #530446
  * Remove obsolete priorities support from dselect.
    Thanks to Sven Joachim <svenjoac op gmx.de>.
  * Fix bashism (“echo -e”) in dselect disk setup method. Closes: #530071
  * Properly parse fdisk output in dselect disk setup method.
  * Fix memory leaks due to not destroying some pkg iterators.

  [ Updated dpkg translations ]
  * Asturian (Marcos Alvarez Costales). Closes: #529889
  * Basque (Piarres Beobide). Closes: #529857
  * French (Christian Perrier).
  * German (Sven Joachim).

  [ Updated man page translations ]
  * German (Helge Kreutzmann).

  [ Updated dselect translations ]
  * French (Christian Perrier).

  [ Updated scripts translations ]
  * French (Christian Perrier).
  * German (Helge Kreutzmann).

 -- Guillem Jover <guillem op debian.org>  Tue, 26 May 2009 01:00:36 +0200

dpkg (1.15.1) unstable; urgency=low

  [ Raphaël Hertzog ]
  * Fix dpkg-genchanges to not include the additional upstream tarballs
    when they are not desired (specific to source packages using format 3.0
    quilt).
  * Call quilt only once to apply all patches instead of once per patch
    when building 3.0 (quilt) source packages. Closes: #518453
  * Fix dpkg-shlibdeps so that it works again when analyzing binaries
    outside of package's directory. Closes: #518687
  * Modify dpkg-shlibdeps to let shlibs.local override symbols files too.
  * Drop support of debian/control's “Format” field used by dpkg-source while
    it's not too late. Instead debian/source/format should be used to indicate
    the desired source package format.
  * Update deb-triggers(5) and dpkg-trigger(1) to add a reference to
    /usr/share/doc/dpkg/triggers.txt.gz. Closes: #519717
  * Avoid perl warnings in dpkg-gencontrol and dpkg-genchanges when the
    Architecture field is missing in a binary package. Closes: #510282
  * Modify Dpkg::Version::check_version() to not die by default.
    Closes: #510615
  * dpkg-source now ignores all possible vi swap file extensions (and not
    only .swp). The corresponding exclude pattern for -I also got tightened to
    only catch filenames starting with a dot. Closes: #515540
  * dpkg-gencontrol displays a better error message when an ORed dependency
    is used in a union field like Conflicts, Replaces or Breaks.
    Closes: #489238
  * dpkg-source's signature check is now done with gpgv if possible and
    timeouts if not completed within 10 seconds. Closes: #490929
    When using gpg, use --no-default-keyring to be consistent with gpgv's
    behaviour to not use the user's keyring. Closes: #440841
  * Update dpkg-dev dependencies: Closes: #472942
    - Move gnupg to Recommends. It's needed to sign .dsc and .changes.
    - Add gpgv to Recommends. Useful to check signatures of extracted packages.
    - Add debian-maintainers to Suggests. Together with debian-keyring they
    contain all the GPG keys required to verify official Debian packages.
  * Drop /etc/dpkg/origins as it's taken over by base-files (see #487437).
  * Fix dpkg-shlibdeps to properly initialize a symbol-based dependency
    even when some symbols are associated with a (fake) version "0". Such a
    version means that the symbol has always existed in all versions of the
    package.
  * When dpkg delegates to dpkg-query or dpkg-deb to do the actual work, add
    the "--" marker to explicitly document the end of options so that
    arguments starting with a dash are not interpreted as options.
    Closes: #293163
    Thanks to Bill Allombert for the patch.
  * dpkg now correctly refuses empty parameters when an integer value is
    wanted. Closes: #386197 Based on a patch by Bill Allombert.
  * Fix a mistake in the french translation of dpkg's manual page.
    Thanks to Jonathan Gibert. Closes: #522032
  * Fix dpkg-source to not die when uncompressor processes are killed by
    SIGPIPE due to tar closing the pipe without exhausting all the data
    available. Closes: #523329
  * dpkg-gencontrol now handles properly (empty) dependencies which contain
    only spaces. Closes: #522787
  * dpkg-source now accepts additional tarballs (in format "3.0 (quilt)")
    with a "component" name containing dashes. Closes: #524376
  * Fix dpkg-source to not complain on binary files that are ignored and are
    not going to be included in the debian tarball of a "3.0 (quilt)" source
    package. Closes: #524375
  * Bump Standards-Version to 3.8.1 (no change required).
  * Do not store usernames and group names in tarballs created by dpkg-source,
    they are anyway ignored at unpack time. Closes: #523184
  * Fix update-alternatives to not remove real files installed in place of
    an alternative link when the corresponding alternative is fully removed.
    Closes: #526538
  * Add a new dpkg-vendor tool to query vendor information stored in
    /etc/dpkg/origins. It can be used in debian/rules to enable different
    behaviour depending on the current vendor at the time of the build.
    Closes: #498380
    Modify dpkg-buildpackage to not set the DEB_VENDOR environment variable,
    packages should use the dpkg-vendor program instead.
  * Ensure that the automatic patch created in format "3.0 (quilt)" is always
    well registered with quilt even when it's updated by a new call to
    dpkg-source. Thanks to Goswin von Brederlow for the initial patch.
    Closes: #525858
  * Do not update/create debian/patches/.dpkg-source-applied during build,
    it's only meant to document what patches have been applied at extraction
    time. Closes: #525835
  * Let dpkg-buildpackage add the missing execute right on debian/rules if
    needed. Display a warning when it happens. Closes: #499088
  * Allow to combine -nc and -S in dpkg-buildpackage but display a warning
    saying that it's not advised. Closes: #304404
  * Let dpkg-buildpackage error out with subprocerr() when dpkg-checkbuilddeps
    is interrupted/killed by a signal. Closes: #498734
  * Fix dpkg-buildpackage/dpkg-genchanges to properly interpret option -v0.
    Closes: #475916
  * Improves how dpkg-parsechangelog handles non-existing versions
    in its --since, --until, --to, --from options. Approximate the intent
    by selectioning the nearest version instead. Closes: #477638
  * Update dpkg-parsechangelog's documentation to make it clearer that spaces
    are not allowed between single characters options and their values.
    Closes: #494883
  * Don't let dpkg-scanpackages complain about missing overrides when
    no overrides file has been given. Closes: #468106
    Thanks to Piotr Engelking for the patch.

  [ Guillem Jover ]
  * Fix typo in dpkg output (‘unexecpted’ → ‘unexpected’). Closes: #519082
    Thanks to Ivan Masár.
  * Sync archtable with architectures currently present in Debian sid.
    - Remove m68k.
    - Add kfreebsd-i386 and kfreebsd-amd64.
  * Add avr32 to cputable. Closes: #523456
  * Detect the curses headers to use instead of hardcoding them.
  * Make dpkg-source do not set arch:any in .dsc on arch-restricted packages.
    Thanks to Philipp Kern <pkern op debian.org>. Closes: #526617
  * Add '.hgtags' to the default dpkg-source -i regex and -I pattern.
    Closes: #525854
  * Use backticks instead of non-portable make $(shell) function in automake.
  * Do not install dselect and start-stop-daemon man pages when the programs
    have been disabled from configure.
  * Move Debian specific keyrings to the Debian vendor class and change the
    Ubuntu vendor class to inherit from it.
  * Do not set the Arch substvar in dpkg-source, avoiding generating warnings
    when there's no compiler present. Closes: #526132
  * Preserve faulting errno when printing reason in start-stop-daemon fatal
    function.
  * Only print fatal errno string in start-stop-daemon if it was non-zero.
  * Print the valid values for the IO scheduler class in start-stop-daemon
    --help output.
  * Print a warning when using obsolete '--print-installation-architecture'.
    Closes: #528171
  * Remove obsolete --largemem and --smallmem dpkg options.
  * Remove obsolete --force-auto-select dpkg option.
  * Remove obsolete priorities support from dpkg.
  * Remove obsolete 822-date program.
  * Do not right justify the database reading progress percent counter.
  * Remove deprecated status on substvars for dpkg-source dpkg-genchanges,
    and stop producing warnings.
  * Make deprecated dpkg-scanpackages --udeb option produce a warning.
  * Change dpkg-source --help output to state there's no default substvar
    file to match reality.
  * Warn in start-stop-daemon if the argument to --name is longer than the
    supported kernel process name size. Closes: #353015, #519128
  * Do not warn in dpkg-deb when parsing unknown fields with the “Private-”
    prefix. Based on a patch by Nils Rennebarth. Closes: #353040

  [ Frank Lichtenheld ]
  * Dpkg::Version: Remove unnecessary function next_elem which just
    replicates the standard shift behaviour.

  [ Colin Watson ]
  * Add "keyrings" vendor hook, used by dpkg-source to allow vendors to
    supply additional keyrings against which source package signatures will
    be verified. Implement this for Ubuntu. Closes: #525834

  [ Updated dselect translations ]
  * German (Sven Joachim).
  * Swedish (Peter Krefting).

  [ Updated scripts translations ]
  * French (Christian Perrier).
  * German (Helge Kreutzmann).
  * Swedish (Peter Krefting).

  [ Added dpkg translations ]
  * Asturian (Marcos Alvarez Costales). Closes: #519478, #519813, #519998
  * Esperanto (Felipe Castro). Closes: #523023

  [ Updated dpkg translations ]
  * French (Christian Perrier).
  * German (Sven Joachim).
  * Slovak (Ivan Masár). Closes: #519084
  * Swedish (Peter Krefting).
  * Russian (Yuri Kozlov). Closes: #526659

  [ Updated man page translations ]
  * German (Helge Kreutzmann).
  * Swedish (Peter Krefting).

 -- Guillem Jover <guillem op debian.org>  Thu, 21 May 2009 06:45:45 +0200

dpkg (1.15.0) experimental; urgency=low

  [ Guillem Jover ]
  * Do not suggest manually changing the alternative symlinks on
    update-alternative's verbose mode. Closes: #412487
  * Refactor subprocess signal setup.
  * Mark and coalesce similar strings for translation.
  * Add '.be' to the default dpkg-source -i regex. Closes: #481716
    Based on a patch by Ben Finney.
  * Fix link order when using libcompat.a and libintl.a by placing them after
    libdpkg.a. Based on a patch by Martin Koeppe. Closes: #481805
  * Remove duplicate program name from dpkg-trigger badusage output.
  * Trim trailing slash and slash dot from 'dpkg -S' arguments when those
    are path names, but not on patterns. Closes: #129577
  * Fix the support for passing more than one --status-fd option to dpkg.
    Until now only the last one was being used.
  * Replace realloc plus error checking usage with m_realloc.
  * Add '.hgignore' to the default dpkg-source -i regex and -I pattern.
    Closes: #485365
  * Support diverting files when origin and destination are on different file
    systems. Based on a patch by Juergen Kreileder. Closes: #102144, #149961
  * Do not silently enable --rename on dpkg-divert --remove. Closes: #160848
  * Do not allocate memory when lstat fails during package upgrade.
  * Properly lstat the correct file when using --root on package upgrade.
    Thanks to Egmont Koblinger. Closes: #281057
  * Print a longer string when a disallowed field value is found when parsing.
  * Use $(filter ...) instead of $(findstring ...) to extract space separated
    options from DEB_BUILD_OPTIONS in debian/rules.
  * Do not leave new conffile as .dpkg-new when it has been diverted, also
    properly activate the file trigger for the diverted conffile.
    Based on a patch by Timothy G Abbott. Closes: #58735, #476899
  * Improve comment on BUGS section in dpkg-deb.1 about lack of authentication
    and checksum support in .deb files. Closes: #492052
  * Use a troff special character for the copyright symbol on man pages.
  * Mark program names in dpkg-trigger.1 in bold.
  * Unmark dselect debug messages for translation.
  * Use a the warning function to uniformly print all warning messages.
  * Properly use internerr to report about programming bugs.
  * Do not log repeated strings when the write call wrote partial data.
  * Change dir to / after chroot when using --instdir.
    Thanks to Colin Watson <cjwatson op ubuntu.com>. Closes: #509578
  * Make dpkg log files user readable. Closes: #480556
  * Clarify in the start-stop-daemon man page that the signal sent by default
    is TERM not KILL. Closes: #507568
  * Warn in dpkg-deb man page that -x will modify the extraction directory
    permissions. Closes: #502496
  * Make start-stop-daemon behave the same way whether --chuid gets a user
    name or a uid. Closes: #368000
  * Add new option --procsched to start-stop-daemon to be able to set the
    process scheduling policy and priority. Closes: #175740
  * Add initial C unit test suite for libdpkg.
  * Sanitize --status-fd output by replacing newlines with spaces.
    Closes: #505172
  * Remove unneeded cpio dependency from dpkg-dev.
  * Add kopensolaris support to ostable and triplettable. Closes: #509312
  * Document in deb.5 in detail the currently supported format, ar member
    names, types of tar archives and data.tar members.
  * Print correct feature name on «dpkg --assert-*» failures.
  * Add progress reporting to dpkg while reading the file list database.
    Based on a patch by Romain Francoise.
  * Add new option --iosched to start-stop-daemon to be able to set the
    IO scheduling class and priority. Closes: #443535
    Thanks to Chris Coulson <chrisccoulson op googlemail.com>.
  * Add tar format detection support to the internal extractor.
  * Add support for ustar long names using the prefix field. Closes: #474092
  * Code refactoring and cleanup, some of the major changes include:
    - Use standard interfaces instead of ad-hoc ones.
    - Fix memory leaks.
    - Fix compilation warnings.
    - Constify string members in structures and arguments in functions.
    - Make local functions static.
    - Remove unused functions, macros and variables.
    - Fix and cleanup libcompat broken replacement implementations.
    - Reduction of module interdependencies.
    - Rename function and variable names to make them more clear.
    - Cleanup and split of header files.

  [ Raphaël Hertzog ]
  * Enhance dpkg-shlibdeps's error message when a library can't be found to
    include the ELF format of the desired library. Closes: #474671
  * dpkg-gensymbols now refuses empty values for the the -v -P and -e
    parameters.
  * Update dpkg(1) to refer to conffile whenever we speak of configuration
    file handled by dpkg. Thus harmonize vocabulary with the policy. Thanks
    to Helge Kreutzmann <debian op helgefjell.de>. Closes: #381219
  * Improve error message stating that dpkg is unable to create a file so that
    it also refers to the real filename instead of the non-diverted name only.
    Thanks to Daniel Hahler for the patch. Closes: #457135
  * dpkg-gencontrol can now again read the control file from its standard
    input with "-c-". Closes: #465340
  * Add DEB_VENDOR environment variable in the build environment to be able
    to change behaviour dynamically depending on the vendor of the current
    system (or target system when the user overrides DEB_VENDOR by setting
    it himself). Closes: #457371
  * dpkg-shlibdeps give less strong warnings for symbols not found in NEEDED
    libraries when the shared library is a non-public directory and is likely
    to be a plugin. Closes: #481165
  * Clarify list of packages displayed by dpkg --get-selections and
    dpkg-query -l. Thanks to Jidanni. Closes: #487455
  * Document -A option in dpkg-buildpackage(1). Closes: #482834
  * Add some warning concerning the available file and the related commands.
    They are mostly obsolete for APT users. Closes: #481185
  * Add new option --listpackage to dpkg-divert. Thanks to Timothy G Abbott
    <tabbott op MIT.EDU> for the patch. Closes: #485012
  * Add new option --require-valid-signature to dpkg-source. Closes: #390282
  * In dpkg-query(1) document the origin of the various fields and warn that
    they are not always available. Closes: #488293
  * Improve error message in install-info when the file doesn't exist.
    Thanks to Thomas Hood <jdthood op yahoo.co.uk>. Closes: #107098
  * Use description of installed package as fallback in dselect.
    Based on a patch from Bruce Sass <bmsass op shaw.ca>. Closes: #21659
  * Reduce memory usage of dselect by avoiding usage of a big infopad.
    Thanks to Michel Lespinasse <walken op zoy.org> for the patch.
    Closes: #395140
  * Largely improve and update dpkg-buildpackage's manual page.
  * Clarify two points in dpkg-source(1). Closes: #490693
  * Support RUNPATH exactly like RPATH in dpkg-shlibdeps. Closes: #502258
    Thanks to Javier Serrano Polo <jasp00 op terra.es>.
  * Set Standards-Version to 3.8.0 (no changes needed).
  * Drop some unneeded lintian overrides.
  * Fix a chmod call in dpkg-source to not fail when POSIXLY_CORRECT is set.
    Closes: #506028
  * Optimize dpkg-shlibdeps by caching parsed symbols files and
    objdump objects. Thanks to Modestas Vainius <modestas op vainius.eu> for the
    patch. Closes: #503954
  * Add new framework to hook vendor-specific logic (see
    module Dpkg::Vendor::Default).
  * Add Ubuntu vendor object implementing lookup of launchpad bugs in
    changelogs and a safety-check for Maintainer fields of forked packages
    (launched during source build). Closes: #426752, #499924
  * Improve behaviour of update-alternatives --config. Thanks to
    Osamu Aoki <osamu op debian.org> for the initial patch. We can know
    select between manual and auto in --config and --all. Closes: #392430
  * Fix update-alternatives to not switch to manual mode an alternative
    with a broken symlink (instead let the current action fix it).
    Also ensure that a message is displayed by default when such a switch is
    made. Closes: #141325, #87677
  * Fix update-alternatives' logic to rename files. It failed to ignore errors
    in some cases where it wanted to when the source file didn't exist.
    Closes: #99870
    This also makes update-alternatives less noisy when this happens since we
    don't call mv when we know that it's going to fail.
    Closes: #98822
  * Properly remove inappropriate slave links in update-alternatives even when
    we switch to manual mode with --set or --config. Closes: #388313
  * Modify update-alternatives to always remove the alternative group when the
    last alternative is removed (even in manual mode).
  * Ensure that update-alternative --install fix the links if the alternative
    installed is the one currently selected. Closes: #100135
  * Let update-alternatives deal with empty files in its administrative
    directory by ignoring them. Closes: #457863
  * Add new --target and --as-root options to dpkg-buildpackage to call
    any debian/rules target with the proper build environment.
    Closes: #477916
  * Move update-alternatives, dpkg-divert and dpkg-statoverride to /usr/bin
    but keep compatibility symlinks in /usr/sbin for the squeeze release
    until all maintainer scripts are fixed (see
    http://lintian.debian.org/tags/command-with-path-in-maintainer-script.html).
    Closes: #216606
  * Use dh_lintian to install lintian overrides. Build-Depends on debhelper
    (>= 6.0.7) for this. Update debhelper compatility level to 6 at the same
    time.
  * Drop cleanup-info script.
  * Reset umask to 0022 in dpkg-gencontrol and dpkg-gensymbols to ensure that
    files created in the DEBIAN directory have sane permissions.
    Closes: #516481
  * Rewrite update-alternatives (so that we can understand it again) and
    implement new features on top of it:
    - the --config output is now sorted. Closes: #437060
    - it now logs information to /var/log/dpkg.log. Closes: #445270
    - it forbids reusing master alternative as slave and vice-versa.
      Closes: #342566
    - it forbids reusing alternative links managed by other alternatives
    - new sanity checks on --install parameters. Closes: #423176
    - install slave link only if the corresponding slave file is available.
      Closes: #143701
    - new option --get-selections to export the configuration of all
      alternatives. It's a simple way to discover the name of all available
      alternatives. Closes: #273406, #392429
    - new option --set-selections to reconfigure a set of alternatives in
      a single command.
  * Document in update-alternatives(8) how one can repair all broken
    alternatives with a single command. Closes: #250258, #395556
  * Modify dpkg-gensymbols to replace #PACKAGE# on the fly while installing
    symbols files so that package having libraries whose name varies between
    architectures do not need to hardcode the package name. Closes: #517264

  [ Pierre Habouzit ]
  * Add a --query option to update-alternatives. Closes: #336091, #441904

  [ Updated scripts translations ]
  * Polish (Wiktor Wandachowicz). Closes: #514106

  [ Updated manpages translations ]
  * Polish (Wiktor Wandachowicz). Closes: #514106

  [ Updated dpkg translations ]
  * Portuguese (Miguel Figueiredo).
  * Korean (Changwoo Ryu).
  * Romanian (Eddy Petri?or)
  * Slovak (Ivan Masár). Closes: #514490

 -- Guillem Jover <guillem op debian.org>  Mon, 02 Mar 2009 06:13:53 +0200

dump (0.4b43-1) unstable; urgency=low

  * new upstream version, closes: #574667
  * let the dump man page admit that ext4 works now, too

 -- Bdale Garbee <bdale op gag.com>  Fri, 11 Jun 2010 09:51:57 -0600

dump (0.4b42-2) unstable; urgency=low

  * build-dep on libreadline-dev so we track new versions, closes: #553747

 -- Bdale Garbee <bdale op gag.com>  Sun, 01 Nov 2009 20:03:02 -0700

dump (0.4b42-1) unstable; urgency=low

  * new upstream version, closes: #378349, #511651
  * add build dependencies on libdevmapper-dev, libselinux1-dev
  * add lintian override since we intentionally statically link against zlib
    so that restore can work without /usr being present as per #117496

 -- Bdale Garbee <bdale op gag.com>  Thu, 18 Jun 2009 14:02:13 -0600

dump (0.4b41-6) unstable; urgency=high

  * increase urgency since this minor fix would be good for lenny
  * fix bashisms in example shell script, closes: #489570

 -- Bdale Garbee <bdale op gag.com>  Fri, 29 Aug 2008 08:51:32 -0600

e2fsprogs (1.41.12-4stable1) stable; urgency=high

  * Upload to proposed-updates
  * Fix "mke2fs -n" so it won't issue a discard and thus trash all
     the data on an SSD (oops!!!)

 -- Theodore Y. Ts'o <tytso op mit.edu>  Sat, 18 Jun 2011 13:19:53 -0400

e2fsprogs (1.41.12-4) unstable; urgency=high

  * Clear ext4 error fields in the superblock.  Otherwise users will see
    scary messages every 24 hours after a file system error is detected,
    even after e2fsck has fixed it, if they are using Linux 2.6.35 or later.
  * Fix usage message for logsave (Closes: #619788)

 -- Theodore Y. Ts'o <tytso op mit.edu>  Sat, 07 May 2011 21:22:54 -0400

e2fsprogs (1.41.12-3) unstable; urgency=high

  * Fix signed vs. unsigned char bug in getopt in e2fsprogs which
    afflicts systems with default unsigned char
  * Fix bug in e2fsck where it would fail to fix file systems
    where both the primary and backup block group descriptors are
    corrupted.  (Addresses Ubuntu Launchpad bug: #711799)
  * Fix package description: fsck has been moved to util-linux
    (Closes: #588726)
  * Fix badblocks so it the progress message correctly handles UTF-8
    characters for I18N systems (Closes: #583782, #587834)
  * Prevent e2fsck from accidentally scrambling a file system when
    checking a snapshot which has an external journal device (which has
    not been snapshotted).  (Closes: #587531)
  * Fix inode nlink accounting that would lead to very scary PROGRAMMING
    BUG errors.  (Closes: #555456)
  * Fix typos, spelling mistakes, spelling-out-the-obvious-to-clueless-
    sysadmins, etc. in man pages.  (Closes: #589345, #594004, #580236,
    #591083, #505719, #599786)

 -- Theodore Y. Ts'o <tytso op mit.edu>  Sat, 30 Apr 2011 12:30:24 -0400

e2fsprogs (1.41.12-2) unstable; urgency=high

  * Allow tune2fs to set uninit_bg without requiring an fsck
  * Fix test in e2fsck to correctly check for EOFBLOCKS files
  * Fix dependencies for libuuid and libblkid (Closes: #583551)

 -- Theodore Y. Ts'o <tytso op mit.edu>  Thu, 03 Jun 2010 09:30:36 -0400

e2fsprogs (1.41.12-1) unstable; urgency=low

  * New upstream release
  * mke2fs now gives the correct error message if the external journal
    is device is not found
  * The resize2fs program will refuse to print the minimum size needed
    for a file system if it is not clean.
  * E2fsck now tests for extents that begin at physical block 0 and
    rejects them as invalid.
  * Fixed a bug in e2fsck which could cause it to crash when trying to
    remove an invalid extent and the block bitmaps hadn't yet been loaded.
  * E2fsck will now completely skip time-based checks if the system
    clock looks insane or if the broken_system_clock option is set
    in /etc/e2fsck.conf.  (Closes: #549861, #540152)
  * Fixed a bug in e2fsck which caused e2fsck to complain about i_blocks
    with a 4T file created using posix_fallocate()
  * E2fsck will now correctly mark a sparse journal as invalid and will
    delete and recreate the journal to address the problem.
  * Fixed e2fsck not to ask permission from the user to abort if it's
    going to abort regardless of what the user is going to say...
  * E2fsck can now continue even if it fails to recreate the resize inode
  * E2fsck will now avoid removing directory entries for inods found in
    the unused region of the inode table until after it restarts the fs
    check to avoid removing valid data.
  * E2fsck will now longer try to set the block group checksums if it
    is interrupted.
  * Mke2fs will check both the physical and logical blocksizes of a
    device to better support 4k sector drives.
  * Mke2fs will accept the valid (but rarely useful) flex_bg size of 1
  * E2fsck will check for cases where the EOFBLOCKS_FL is set whe nit is
    not needed, and offer to clear it.
  * The com_err library will now only output a CR character if the
    stderr is connected to a tty in raw mode.
  * Update Czech, Chinese, Dutch, French, Germany, Indonesian, Polish,
    and Vietnamese translations (from the Translation Project)
  * Add an fsck.ext4 symlink in the e2fsprogs-udeb package (Closes: #571247)
  * Fix makefile dependency so dpkg-buildpackage -j2 works (Closes: #563487)

 -- Theodore Y. Ts'o <tytso op mit.edu>  Mon, 17 May 2010 19:43:52 -0400

e2fsprogs (1.41.11-1) unstable; urgency=medium

  * New upstream release
  * Add Heimdal function com_right_r() to libcom_err (Closes: #558910)
  * Allow e2fsck to run even if the physical device has more than 2**32 blocks
  * Debugfs's "logdump -b <blk>" now properly shows the allocation status
    of the block <blk>.  (Closes: #564084)
  * Make e2fsck's "the filesystem is mounted" message is now more scary
    to hopefully dissuade users from thinking, "surely that message
    doesn't apply to *me*"  :-(
  * e2fsck -n will now always open the file system read-only.   We now
    disallow certain combination of options which previously were manual
    exceptions; this is bad because it causes users to think they are
    smarter than they really are.   So "-n -c", "-n -l", "-n -L", and
    "-n -D" are no longer supported.
  * If the partition is badly aligned, have mke2fs just print a warning
    message and continue.  Previously mke2fs would ask to confirm, and
    this broke distro installation scripts.
  * Fix a bug in libext2fs caused the creation of very large journals
    for ext4 to be _very_ slow.
  * E2fsck now understands the EOFBLOCKS_FL flag which will be used in
    2.6.34 kernels to make e2fsck not complain about blocks deliberately
    fallocated() beyond an inode's i_size.
  * Fix a bug in e2fsck which could cause e2fsck -D to corrupt
    non-indexed directories.  (Closes: #572453)
  * debian/rules: can be compiled statically with stack protector now.
    (Closes: #573923)
  * Update debian policy compliance to 3.8.4

 -- Theodore Y. Ts'o <tytso op mit.edu>  Mon, 15 Mar 2010 00:16:35 -0400

e2fsprogs (1.41.10-1) unstable; urgency=low

  * New upstream release
  * Fix resize2fs bug which causes it to access invalid memory
  * Add libss support for libreadline.so.6
  * Fix e2fsck's check for extent-mapped directory with an incorrect file type
  * Add new e2fsck.conf configuration option:
    default/broken_system_clock for system with broken CMOS hardware
    clocks.  (Closes: #559776)
  * Fix flex_bg inode table placement algorithm used by mke2fs for
    certain specific file system sizes
  * Add source lintian overrids for weak-library-dev-dependency
  * Fix FTBFS problem caused by texi2html changing (again) its output
    location.  (Closes: #552934)
  * Make e2fsck to avoid rehashing directories which can fit in a
    single directory block.
  * Fix how e2fsck fixes sparse directories which are extent-mapped.
  * Fix some big-endian bugs in e2fsck and libext2fs
  * Teach e2fsck to detect and fix sparse extent-mapped directories
  * Fix filefrag from core dumping on file systems with 8k block sizes
  * E2fsck was depending on i_size to be correct to detect and fix
    certain directory problems before actually fixing the
    directory's i_size.  This caused certain rare corruptions to
    require two runs of e2fsck to address.
  * Update Czech, Indonesian, Polish and Vietnamese translations
    (from the Translation Project)
  * Fix e2fsck to find and correct duplicate directory entries in
    non-indexed directories.
  * Add support for calling BLKDISCARD to mke2fs.
  * Enhance libext2fs so it works around bug in Linux version 2.6.19
    and earlier where the /proc/swaps file was missing the header on
    the first line.
  * Fix resize2fs so it works correctly on file systems with external journals
  * Fix libss so that it does not seg fault when using a readline
    library which does not supply a readline_shutdown() function.
  * Add a pre-depends for util-linux-ng (Closes: #551795)
  * Update and clarify various man pages.
  * Corrected dumpe2fs's usage message
  * Teach libext2fs to ignore the high 32 bits of the i_blocks field
    when huge_file file system feature is set, but the inode does not
    have the HUGE_FILE_FL flag set.
  * Change e2fsck to accept superblock times to be fudged by up to 24
    hours by default.  Most distributions have fixed their init scripts,
    but apparently now they have buggy virtualization scripts.  :-(  I
    give up, too many buggy user space set ups out there.  (Closes: #557636)
  * Fix e2fsck to correctly print > 32-bit i_blocks numbers in problem reports
  * Improve e2fsck so it prints "Illegal indirect block" instead of
    "Illegal block #-1"
  * Teach mke2fs to get device topology information from blkid and use
    it to populate the superblock stride and stripe sizes and warn if
    the block device is misaligned
  * Fix a file descriptor leak in debugfs when sourcing a command file
  * Fix a file descriptor leak in fsck
  * Round up the bitmap size to prevent spurious segmentation faults on
    BSD platforms.
  * Fix resize2fs to correctly calculate the minimum size needed, when
    flex_bg is enabled, to prevent resize2fs -M from failing.
  * Dumpe2fs now displays more information about the contents of the journal
  * Make sure the libblkid1 and libblkid1-dbg packags have changelogs
  * On low memory systems, e2fsck can print some very scary looking
    error messages.  Clean up them up to avoid user panic.  (Closes: #509529)
  * Enhance blkid to support .ko.gz files in the modules.dep parser
  * Fix tune2fs -j for mounted exted-enabled file systems
  * Use the feature name "extent" instead of "extents" in mke2fs.conf.
    Both work, but the latter is what is documented in the man page.
    (Closes: #540111)

 -- Theodore Y. Ts'o <tytso op mit.edu>  Sun, 07 Feb 2010 20:56:47 -0500

e2fsprogs (1.41.9-1) unstable; urgency=low

  * New upstream release
  * Fix tune2fs -I to work correctly in the face of bad blocks and
    filesystems formatted for RAID arrays, and ENOSPC errors
  * Require the user to only answer one question instead of multiple
    ones for multiple bad block group checksums, or when an inode
    table needs to be moved.
  * Fix e2fsck to handle moving inode tables in FLEX_BG filesystems more
    gracefully by looking in the entire flex_bg for space, instead of
    just in the block group; if that doesn't work, try looking for
    space in the entire filesystem.
  * Fix the filefrag code to avoid printing the extent header if it
    needs to fallback to using the FIBMAP ioctl.
  * Fix filefrag to print the correct number of extents for zero-length
    files when using FIBMAP.  (Closes: #540376)
  * Add a filefrag -B option to make it easier to debug the FIBMAP
    support.
  * Allow e2fsprogs programs to allocate from uninitalized block groups.
  * Add a new program, e2freefrag, which displays information about the
    free space fragmentation in an ext2/3/4 filesystem.
  * E2fsck will now print much fuller information when the last mount
    time or last written time is in the future, since most people can't
    seem to believe their distribution has buggy init scripts, or they
    have a failed CMOS/RTS clock battery.
  * Update French, Polish, Czech, and Sweedish translation from the
    Translation Project.
  * Enhance debugfs's 'stat' command to print basic extent information
    for extent-mapped inodes, and add a new command, 'dump_extents'
    which prints detailed information about an inode's extent tree.

 -- Theodore Y. Ts'o <tytso op mit.edu>  Sun, 23 Aug 2009 10:08:52 -0400

e2fsprogs (1.41.8-2) unstable; urgency=low

  * Fix regression in ext2fs_extent_set_bmap() which caused e2fsck -fD
    to fail on ext4 filesystems if the directory needs to shrink by more
    than a block (Closes: #537510)
  * Fixed filefrag for non-extent based files
  * Fix use of apostrohe's in package descriptions
  * Don't use dietlibc when building for mips and mipsel architectures

 -- Theodore Y. Ts'o <tytso op mit.edu>  Mon, 20 Jul 2009 09:38:21 -0400

e2fsprogs (1.41.8-1) unstable; urgency=low

  * New upstream release
  * Fix resize2fs bugs when shrinking ext4 filesystems
  * Update debian policy compliance to 3.8.2
  * Update package descriptions to mention ext3 and ext4 filesytems
      (Closes: #535530)
  * Update French, Polish, Czech, Indonesian, and Sweedish translation
      from the Translation Project.
  * If the resize2fs operation fails, the user will be told to fix up
    the filesystem using e2fsck -fy.

 -- Theodore Y. Ts'o <tytso op mit.edu>  Sat, 11 Jul 2009 17:26:16 -0400

e2fsprogs (1.41.7-2) unstable; urgency=low

  * Fix online resizing using resize2fs (Closes: #535452)
  * Fix the filefrag program for files with more than 144 extents
  * Update and clarify various man pages.
  * Fix potential filesystem corruptions caused by using resize2fs to
    shrink filesystems with extents enabled.

 -- Theodore Y. Ts'o <tytso op mit.edu>  Tue, 07 Jul 2009 23:21:46 -0400

e2fsprogs (1.41.7-1) unstable; urgency=low

  * New upstream release
  * Fix memory leaks in e2fsprogs, including a very large memory leak
    which can cause e2fsck to run out of memory when checking very large
    filesystems using extents.
  * Fix a bug in libext2fs which can cause e2fsck and resize2fs to write
    uninitalized data into the portion of the inode beyond the first 128
    bytes when operating on extents; potentially corrupting filesystems.
  * The logsave program will now filter out the ^A and ^B characters when
    writing to the console.
  * Update/clarify man pages (Closes: #531385, #523063)
  * Fix filefrag progam so it correctly checks for errors from the
    fiemap ioctl.
  * Change badblocks to allow block sizes larger than 4k.
  * Fix libext2fs to properly initialize i_extra_size when creating the
    journal and resize inodes.
  * Resize2fs will now update the journal backup fileds in the
    superblock if the journal is moved; this avoids an unnecessary full
    fsck after resizing the filesystem.
  * Use the same encoding as the kernel for rec_len == 64k in 64k block
    filesystems.
  * Fix lsattr to exit with a non-zero status when it encounters errors.
  * Enhance badblocks to print the currently tested block number when
    interrupted with ^C.
  * Fix debugfs from core dumping if the logdump command fails to open the
    output file.
  * Harden ext2fs_validate_entry() so that lsdel will not read beyond the
    end of the block even if the directory block is corrupted.
  * Update Chinese and Czech translation from the Translation Project.

 -- Theodore Y. Ts'o <tytso op mit.edu>  Mon, 29 Jun 2009 15:12:14 -0400

e2fsprogs (1.41.6-1) unstable; urgency=low

  * New upstream release
  * Update and clarify man pages
  * Fix a number of Lintian warnings, including to updating to debian
    policy 3.8.1
  * Update config.guess and config.sub to the latest (2009-04-17)
    version so that e2fsprogs will build on the avr32 platform
    (Closes: #528330)
  * Add an explicit error message if the /etc/mtab file is missing
    when running e2fsck or resize2fs (Closes: #527859)
  * Enhance e2fsck to handle the case where the primary block group
    descriptors need fixing, and the backup superblock is corrupt.
    (Closes: #516820)
  * Add an "-a" option to debugfs's close_filesys command
  * e2fsck will no longer abort a preen operation if an inode's
    i_file_acl_hi field is non-zero.  (Closes: #526524)
  * The chattr program can now migrate inodes from using direct/indirect
    blocks to extent trees.
  * Speed up e2fsck if there are multiple block groups with inodes in
    use in the unused portion of the block group's inode table.
  * Update Chinese translation from the translation project
  * Fix resize2fs so it won't corrupt ext4 filesystem when asked to
    shrink a filesystem smaller than the minimum suggested size.
  * Fix e2fsck regression which can corrupt ext4 filesystems when
    replaying the journal.
  * Add support to e2fsck for handling I/O errors while replaying the
    journal
  * Fix a bug in e2fsck which could cause it to crash if an inode has a
    corrupt extent header, and the user declines to clear the inode.
  * Fix blkid to prefer the /dev/mapper/<name> device names over the
    private /dev/dm-N device names.
  * Add support for the FIEMAP ioctl to the filefrag program
  * Further speed up e2fsck by skipping journal checks if the filesystem
    is mounted read-only and is marked as not needing journal replay.
  * Add a build depends in the control file indicating that dietlibc
    must be newer than version 0.30 (Closes: #506064)

 -- Theodore Y. Ts'o <tytso op mit.edu>  Fri, 30 May 2009 13:26:23 -0400

e2fsprogs (1.41.5-1) unstable; urgency=low

  * New upstream release
  * E2fsck will now detect and fix inodes that have a non-zero
    i_file_acl_high field on 32-bit filesystems.
  * Update build-depends to indicate that dietlibc 0.30 doesn't work.
    (Closes: #506064)

 -- Theodore Y. Ts'o <tytso op mit.edu>  Fri, 24 Apr 2009 08:52:47 -0400

e2fsprogs (1.41.4-3) unstable; urgency=low

  * Update/clarify man pages (Closes: #365619)
  * Fix a problem where the 'device names' for pseudo-filesystems in
    /proc/mounts could confuse the e2fsprogs into thinking that a
    filesystem image stored in a regular file was mounted when it was not
  * Remove whole-disk entries from the blkid cache when partitions are found
  * Reduce the number of disk reads needed when the filesystem is clean
  * Add Chinese (simplified) translation from the Translation Project

 -- Theodore Y. Ts'o <tytso op mit.edu>  Thu, 23 Apr 2009 01:35:22 -0400

e2fsprogs (1.41.4-2) unstable; urgency=low

  * Update the debian copyright files to point at the version-specific
    GPL and LGPL files.
  * Update the debhelper compat level to 7
  * Fix a number of filesystem corruption bugs in resize2fs when growing
    or shrinking ext4 filesystems off-line (i.e., when the ext4
    filesystem is not mounted).
  * Clarify tune2fs man page  (Closes: #515693)
  * Add homepage field to the debian control file (Closes: #506279)
  * Fix Hurd compilation problem (Closes: #521602)
  * Debugfs can now set i_file_acl_high via the set_inodes_field command
  * Debugfs will now display a 64-bit file acl block
  * Fix various gcc compilation warnings and other programming cleanups
  * Make sure libuuid closes all file descriptors before starting the
    uuidd daemon.
  * Avoid running e2fsck unnecessarily after doing an online resize
  * Mke2fs -S will now avoid trying to create the journal
  * Update the Czech translation from the translation project.
  * Fix support for external journals (which was broken in e2fsprogs 1.41.4)
  * Fix a compatibility issue with libext2fs info page and makeinfo 4.12
  * Fix a segfault in debugfs when running stat without an open filesystem
  * Teach the blkid library that starting in 2.6.29, ext4 can support
    filesystems without journals.
  * Add error check preventing the reserved_ratio argument to mke2fs and
    tune2fs from being negative.  (Closes: #517015)
  * Add support for tracking the number kilobytes written to the
    filesystem via the superblock field s_kbytes_written

 -- Theodore Y. Ts'o <tytso op mit.edu>  Sun, 19 Apr 2009 23:05:53 -0400

e2fsprogs (1.41.4-1) unstable; urgency=low

  * New upstream release
  * Fix bug which could sometimes cause blkid to return an exit value of
    zero for a non-existent device (Closes: #502541)
  * Fix spelling mistake in Debian changelog (Closes: #502323)
  * Fix blkid to deal with an ext3 filesystem with the test_fs flag
  * Fix debugfs's ncheck output to suppress extra characters at the end
    of the file name
  * Tune2fs now updates the block group checksums after changing the
    filesystem's UUID
  * Speed up tune2fs's inode resizing code so it is no longer vastly
    inefficient for moderate to large filesystems
  * Fix dumpe2fs so it doesn't attempt to print the inline journal
    information on filesystems with an external journal
  * Update the Catalan translation
  * Filter out linux-vdso.so lines when determining the library
    dependencies while building the initial ramdisk (Closes: #503057)
  * Fix e2fsck so an errant INODE_UNINIT flag set in a block group
    doesn't cause e2fsck to abort.
  * E2fsck now distinguishes between fragmented directories and
    fragmented files in verbose mode statistics and in the fragcheck
    report.
  * Avoid double-counting non-contiguous extent-based inodes in the
    verbose mode statistics.
  * E2fsck now leaves slack space when repacking directories so that a
    few new directory entries won't cause leaf nodes to become split
    right away.
  * E2fsck was previously not handling the case of a corrupted interior
    node in the extent tree, and would crash in that case.  It now will
    handle this and related failures robustly.
  * E2fsck problem descriptions involving the journal are no longer
    referred to as "ext3" problems, since ext4 filesystems also have
    journals.
  * Fix a long-standing bug in e2fsck which would cause it to crash when
    replying journals for filesystems with block sizes greater than 8k.
  * Fix a regression in debugfs's logdump command so it works for
    filesystems with 32-bit block numbers.  This was accidentally broken
    when the header files were changed to support the 64-bit block numbers.
  * Fix resize2fs for ext4 filesystems.  Some blocks that that need moving
    when shrinking filesystems with uninit_bg feature would not be
    moved.  In addition, blocks and inode table blocks were not being
    correctly freed when shrinking filesystems with the flex_bg feable,
    which caused resize2fs -M to fail.  Finally, when blocks are moved,
    make sure the uninitialized flag in extents is preserved.
  * Add mkfs.ext4 symlink to the e2fsprogs-udeb package (Closes: #511207)
  * Resize2fs now reserves some extra block when calculating the minimum
    size to shrink the filesystem in case some extent allocation trees
  * Add a "set -e" to uuid-runtime's prerm script to make Lintian happy
  * The blkid library will now recognize btrfs filesystems and swap
    devices currently used by user-level software suspend.
  * tune2fs will not allow changing the inode size for filesystems that
    have the flex_bg feature enabled, since the code currently assumes
    the each block group's portion inode table is located in its own
    block group.
  * Fix tune2fs -I so it won't corrupt ext3/ext4 filesystem configured
    for RAID storage devices.
  * Mke2fs now understands a -U option which allows the UUID to be
    specified for the new filesystem.
  * Mke2fs will now treat devices with exactly 16TB as if they have 16TB
    minus one block, since many users expect ext4 to support 16TB
    devices, and the true maximum size is 16TB-1.
  * E2fsck will now flag filesystems that have an insane s_first_ino
    field in their superblock.

 -- Theodore Y. Ts'o <tytso op mit.edu>  Tue, 27 Jan 2009 11:50:49 -0500

eglibc (2.11.3-4) stable; urgency=low

  * Enable patches/any/cvs-dlopen-tls.diff, not enabled by mistake.  Closes:
    #637239.
  * patches/any/cvs-FORTIFY_SOURCE-format-strings.diff: new patch from
    upstream to fix FORTIFY_SOURCE format string protection bypass.  Closes:
    #660611.
  * patches/any/local-sunrpc-dos.diff: fix a DoS in RPC implementation
    (CVE-2011-4609).  Closes: #671478.

 -- Aurelien Jarno <aurel32 op debian.org>  Wed, 06 Jun 2012 18:03:02 +0200

eglibc (2.11.3-3) stable; urgency=low

  * patches/any/cvs-tzfile.diff: fix integer overflow in timezone code.
    (CVE-2009-5029).  Closes: #650790.
  * patches/any/submitted-resolv-first-query-failure.diff: new patch to fix
    resolving issues with broken servers returning NOTIMP or FORMERR to AAAA
    queries.  Closes: #658171.
  * local/manpages/gai.conf.5: update from latest RedHat version.  Closes:
    #659504.

 -- Aurelien Jarno <aurel32 op debian.org>  Thu, 02 Feb 2012 22:20:02 +0100

eglibc (2.11.3-2) stable; urgency=low

  * Add patches/arm/cvs-tls-unallocated.diff and
    patches/mips/cvs-tls-unallocated.diff to fix FTBFS on armel, mips
    and mipsel.

 -- Aurelien Jarno <aurel32 op debian.org>  Sat, 17 Dec 2011 02:09:58 +0100

eglibc (2.11.3-1) stable; urgency=low

  * Update from stable upstream version, and update from the upstream 
    stable branch:
    - fix wrong memmove/bcopy optimization with gcc-4.6.  Closes: #619963.
    - fix an integer overflow in fnmatch() (CVE-2011-1659).  Closes: #626370.
    - fix spurious warning in bswap_16() with -Wconversion.  Closes: #561249.
    - fix auxiliary cache file creation.  Closes: #588218.
    - fix memory corruption in fnmatch() that can lead to code execution 
      (CVE-2011-1071).  Closes: #615120
    - fix strchr() on x86-64 CPU with SSE4.2.  Closes: #635885
  * Update patches:
    - patches/locale/locale-print-LANGUAGE.diff
    - patches/hppa/local-stack-grows-up.diff
    - patches/m68k/cvs-tls-support.patch
    - patches/any/local-disable-test-tgmath2.diff
    - patches/any/submitted-longdouble.diff
    - patches/any/submitted-bits-fcntl_h-at.diff
    - patches/kfreebsd/local-readdir_r.diff
  * Drop obsolete patches:
    - patches/any/cvs-redirect-throw.diff
    - patches/any/cvs-flush-cache-textrels.diff
    - patches/hurd-i386/cvs-linkat.diff
    - patches/hurd-i386/cvs-select.diff
    - patches/sparc/submitted-epoll.diff
    - patches/any/cvs-dont-expand-dst-twice.diff
    - patches/amd64/cvs-avx-tcb-alignment.diff
    - patches/any/submitted-etc-resolv.conf.diff
    - patches/any/cvs-audit-suid.diff
  * kfreebsd/local-sysdeps.diff, update to r3763 (from squeeze glibc-bsd).
    - fixes LD_PRELOAD with a kfreebsd-9 kernel. Closes: #630695.
    - uses upstream RFTSIGZMB for exit signal selection when available.
    - fixes a crash in if_nameindex() with more than 3 interfaces.
    - alter faccessat() X_OK tests similarly as access(). See #640334.
    - fix __libc_sa_len() for AF_LOCAL. See #645527.
  * Fix preinst script wrt 3.0 kernel. Patch by Colin Watson.  Closes: 
    #630077.
  * Update submitted-resolv.conf-thread.diff from upstream to fix a 
    deadlock in some rare cases.
  * Add patches/any/cvs-resolv-different-nameserver.diff and
    patches/any/submitted-resolv-assert.diff to try a different
    nameserver if the first one returns REFUSED.  Closes: #535504.
  * Add patches/any/cvs-getaddrinfo-single-lookup.diff to fix fallback to
    single lookup dns requests.  Closes: #541167.
  * Add patches/any/cvs-pthread-setgroups.diff to fix setgroups() with
    multiple threads.
  * Add debian/patches/cvs-dl_close-scope-handling.diff from upstream to
    fix issues with dl_close() when resolving locally-defined symbols.
    Closes: #625250.
  * patches/i386/local-cpuid-level2.diff: fix a typo.  Closes: #609389.
  * patches/any/cvs-nptl-pthread-race.diff: fix a race in NPTL code that
    sometimes causes a deadlock when calling fork() from a thread.
  * patches/amd64/cvs-avx-detection.diff: do not use AVX if hardware support
    is present, but not enabled in the kernel.  Closes: #646549.
  * patches/any/cvs-statvfs-mount-flags.diff: get the mount flags directly
    from the kernel when possible instead of parsing /proc/mounts.  Closes: 
    #639897.
  * patches/any/cvs-dlopen-tls.diff:  fix handling of static TLS in
    dlopen'ed objects.  Closes: #637239.

 -- Aurelien Jarno <aurel32 op debian.org>  Tue, 13 Dec 2011 11:23:12 +0100

eglibc (2.11.2-10) unstable; urgency=low

  * Add patches/amd64/cvs-avx-tcb-alignment.diff from upstream to fix 
    alignement issues on CPU supporting the AVX instruction set. Closes:
    #610657.

 -- Aurelien Jarno <aurel32 op debian.org>  Sun, 23 Jan 2011 19:54:44 +0100

eglibc (2.11.2-9) unstable; urgency=low

  * Disable build failure in case of testsuite regressions, will be 
    re-enabled after squeeze release.

 -- Aurelien Jarno <aurel32 op debian.org>  Thu, 20 Jan 2011 12:44:11 +0100

eglibc (2.11.2-8) unstable; urgency=low

  [ Clint Adams ]
  * Japanese debconf translation update from Nobuhiro Iwamatsu.
    closes: #604752.

  [ Samuel Thibault ]
  * Add expected gettext failure on hurd-i386.

  [ Aurelien Jarno ]
  * Update patches/localedata/locale-et_EE.diff to switch Estonian currency
    to euro. Closes: #608803.
  * Revert incorrect upstream patch for CVE-2010-3847 and use the correct
    set of patches:
    - Remove patches/any/submitted-origin.diff
    - Add patches/any/cvs-dont-expand-dst-twice.diff
    - Add debian/patches/any/cvs-ignore-origin-privileged.diff
    - Keep debian/patches/any/cvs-audit-suid.diff

 -- Aurelien Jarno <aurel32 op debian.org>  Wed, 12 Jan 2011 15:32:15 +0100

eglibc (2.11.2-7) unstable; urgency=low

  [ Samuel Thibault ]
  * patches/hurd-i386/cvs-sendmsg-leak.diff: New upstream patch from Emilio
    Pozuelo Monfort to fix a memory leak on the error path of sendmsg.
  * patches/hurd-i386/local-sendmsg-SCM_RIGHTS.diff: New patch from Emilio
    Pozuelo Monfort to implement SCM_RIGHTS in sendmsg().

  [ Aurelien Jarno ]
  * Update Portuguese debconf translation, by Pedro Ribeiro.  Closes: #597348.
  * Add any/submitted-origin.diff from Andreas Schwab to forbid the use
    of $ORIGIN in privileged programs. Add any/cvs-audit-suid.diff to
    only load SUID audit objects in SUID binaries. Fix CVE-2010-3847.
    Closes: #600667.
  * Update Catalan debconf translation, by Jordi Mallach. Closes: #601085.
  * Update Vietnamese debconf translation, by Clytie Siddall.  Closes:
    #601531.
  * Add arm/local-sigaction.diff to match sigaction with SA_RESTORER
    behaviour with other architectures.  Closes: #595403.

 -- Aurelien Jarno <aurel32 op debian.org>  Sat, 30 Oct 2010 18:15:54 +0200

eglibc (2.11.2-6) unstable; urgency=low

  [ Aurelien Jarno ]
  * Update Arabic debconf translation, by Ossama Khayat.  Closes: #596161.
  * libc6-i386: remplace <= breaks by << breaks now that the transitioned
    version of the packages is known.  Closes: #566720.
  * kfreebsd/local-linuxthreads29.diff: correctly disable SO_CLOEXEC
    support when it is not available.  Closes: #596367.
  * update-locale: if LANGUAGE is not compatible with the selected default
    locale, emit a warning and disable it instead of failing.
    Closes: #596695.
  * Add armhf support.  Closes: #596804.
  * any/submitted-resolv.conf-thread.diff: new patch to correctly reload
    resolv.conf for all threads.  Closes: #596499.

  [ Samuel Thibault ]
  * patches/hurd-i386/submitted-catch-signal.diff: New patch to fix
    signal-catching functions.

 -- Aurelien Jarno <aurel32 op debian.org>  Wed, 15 Sep 2010 01:53:09 +0200

eglibc (2.11.2-5) unstable; urgency=low

  [ Samuel Thibault ]
  * mv patches/hurd-i386/{submitted,cvs}-sched_param.diff.

  [ Aurelien Jarno ]
  * Replace any/cvs-etc-resolv.conf.diff by my previous version
    any/submitted-etc-resolv.conf.diff. At least it really fixes the
    original issue.  Closes: bug#595269.
  * testsuite/alpha: allow tst-timer4.out to fail as it fails on one of
    the build daemon.
  * Update any/cvs-sunrpc-license.diff from upstream.

 -- Aurelien Jarno <aurel32 op debian.org>  Fri, 03 Sep 2010 19:16:09 +0200

eglibc (2.11.2-4) unstable; urgency=low

  [ Samuel Thibault ]
  * patches/hurd-i386/submitted-sched_param.diff: New patch to permit other
    headers to get a __sched_param structure.

  [ Aurelien Jarno ]
  * Remove manpages now provided by manpages-dev (closes: bug#595194):
    - pthread_kill_other_threads_np (3)
    - pthread_sigmask (3)

 -- Aurelien Jarno <aurel32 op debian.org>  Wed, 01 Sep 2010 23:15:05 +0200

eglibc (2.11.2-3) unstable; urgency=low

  [ Samuel Thibault ]
  * testsuite-checking/expected-results-i486-gnu-libc: update.
  * patches/hurd-i386/cvs-select.diff: New patch to fix select timeout
    value.
  * patches/hurd-i386/local-locarchive.diff: Extend to permit generating several
    locales.
  * mv patches/hurd-i386/{submitted,cvs}-ttyname.diff.
  * mv patches/hurd-i386/{submitted,cvs}-getnprocs.diff.
  * patches/hurd-i386/local-i686.diff: New patch to fix i686 build.
  * patches/hurd-i386/local-no-hp-timing.diff: New patch to disable i686 HP
    timing support.
  * testsuite-checking/expected-results-i686-{i386,i686,xen}: New
    expected results.
  * debian/control, debian/control.in/libc, debian/control/opt,
    debian/sysdeps/hurd-i386.mk: Add lib0.3-{i686,xen} variants.

  [ Petr Salinger ]
  * kfreebsd/local-sysdeps.diff: update to revision 3156 (from glibc-bsd).
    Closes: #522698.
  * Add kfreebsd/local-grantpt.diff to handle EINTR returned by waitpid.
    It fixes konsole blank (terminal) display on kfreebsd-*. Closes: #573063.

  [ Clint Adams ]
  * Reflect EGLIBC in binary package short descriptions.  closes: #587586.

  [ Finn Thain ]
  * Backport m68k TLS from version 2.12.  Closes: #586005.

  [ Aurelien Jarno ]
  * Always try to restart init when needed, and ignore the possible errors.
    Closes: #588922, 590175.
  * Look for apache2.2-common instead of apache2-common in nsscheck.
    Closes: #586527.
  * Update Galician debconf translation, by Jorge Barreiro.  Closes: #592807.
  * Replace any/submitted-etc-resolv.conf.diff by upstream version
    patches/any/cvs-etc-resolv.conf.diff.
  * Add mips/cvs-non-pic-n32-64-syscall.diff from upstream to fix non-PIC
    syscall on MIPS n32 and 64 ABI.
  * debian/control.in/libc: conflicts with prelink (<= 0.0.20090311-1).
    Earlier versions corrupts libc 2.11 libraries.  Closes: #593966.
  * Add alpha/submitted-epoll.diff and sparc/submitted-epoll.diff to fix
    epoll_create1() on Alpha and SPARC.  Closes: #576826.
  * Remove patches/alpha/cvs-longjmp-chk.diff and restore
    patches/alpha/local-longjmp-chk.diff as the upstream version causes
    regressions.
  * Add localedata/locale-tt_RU.diff from upstream to fix the name of the
    tt_RU.UTF-8 op iqtelif locale.  Closes: #588478.
  * Add any/cvs-sunrpc-license.diff from upstream to fix the license of
    Sun RPC: contrary to what Simon Phipps announced on his blog, and
    according to the lawyers, the copy in glibc wasn't contained in the
    agreement from February, 2009. In August, 2010, Oracle confirmed that
    the code has been relicensed under BSD. Update debian/copyright
    accordingly.
  * Disable any/cvs-flush-cache-textrels.diff to workaround a possible
    CPU or kernel bug.  Closes: #594807.

 -- Aurelien Jarno <aurel32 op debian.org>  Wed, 01 Sep 2010 11:46:14 +0200

eglibc (2.11.2-2) unstable; urgency=medium

  [ Aurelien Jarno ]
  * control.in/libc: update the Conflicts on binutils to (<< 2.20.1-1)
    and add a Conflicts on binutils-gold (<< 2.20.1-11). Closes: #585937.
  * Replace patches/alpha/local-longjmp-chk.diff by upstream version
    patches/alpha/cvs-longjmp-chk.diff.
  * Add patches/any/cvs-redirect-throw.diff to fix some header files
    with regard to C++.
  * Add patches/any/cvs-flush-cache-textrels.diff to fix random crashes
    on ARM, if the executable or shared library has TEXTREL.
  * Add patches/any/cvs-__block.diff from upstream to not conflict with
    clang.
  * script.in/nohwcap.sh: consider all packages not in status "n" (not
    installed) and not in status "c" (conf-files) as installed.  Closes:
    bug#586241.

  [ Samuel Thibault ]
  * patches/hurd-i386/local-pthread_posix-option.diff: Avoid letting glibc try
    to install its own headers for libpthread.

  [ Carlos O'Donell]
  * Add patches/hppa/cvs-vfork.diff to fix stack frame creating during
    vfork in multithreaded environments.

 -- Aurelien Jarno <aurel32 op debian.org>  Thu, 24 Jun 2010 21:03:55 +0200

eglibc (2.11.2-1) unstable; urgency=low

  * New upstream stable release:
    - Remove debian/patches/amd64/submitted-cpuid.diff (merged).
    - Remove debian/patches/sh4/cvs-register_dump.diff (merged).

  [ Samuel Thibault ]
  * Add patches/hurd-i386/local-mkdir_root.diff to fix busybox' mkdir -p.

  [ Aurelien Jarno ]
  * Danish debconf translation update from Joe Hansen.  Closes: #585548.
  * Add patches/localedata/submitted-translit-colon.diff to add
    transliteration support for ₡ sign.  Closes: #585727.
  * control.in/libc: add a Breaks: on locales (<< 2.11), locales-all
    (<< 2.11).  Closes: bug#585737.
  * Add patches/any/submitted-group_member.diff to fix an off-by-one error
    in group_member().  Closes: bug#570047.
  * Update local/manpages/getconf.1.  Closes: bug#576691.

 -- Aurelien Jarno <aurel32 op debian.org>  Sun, 13 Jun 2010 23:22:29 +0200

eglibc (2.11.1-3) unstable; urgency=low

  [ Samuel Thibault ]
  * Add patches/hurd-i386/cvs-linkat.diff to fix new coreutils' ln.
  * Add patches/hurd-i386/submitted-ttyname.diff to fix io/tst-ttyname_r,
    marked as such in testsuite-checking/expected-results-i486-gnu-libc.
  * Restore patches/hurd-i386/submitted-getnprocs.diff which got lost during
    the 2.11 merge.

  [ Aurelien Jarno ]
  * Add patches/i386/local-cpuid-level2.diff to not trigger an abort
    when an i586 Intel CPU is running the i686 library, as valgrind does.
    Closes: bug#584748.
  * mips testsuite: allow failure of tst-tls3 as it is not a regression.
  * Add patches/any/submitted-string2-strcmp.diff to fix warnings in the
    testsuite on armel.
  * Add patches/alpha/submitted-syscall.diff from Mike Hommey to add support
    for 6th argument system calls on alpha.  Closes: bug#583911.
  * Temporarily add patches/i386/local-pthread_cond_wait.diff to use the C
    version of pthread_cond_wait() which uses cleanup functions to reacquire
    the mutex on cancellation (instead of unwinding for the assembly
    version).  Closes: bug#551903.

 -- Aurelien Jarno <aurel32 op debian.org>  Tue, 08 Jun 2010 10:05:49 +0200

eglibc (2.11.1-2) unstable; urgency=low

  [ Aurelien Jarno]
  * nscd.init: don't use and absolute path to call start-stop-daemon, the
    PATH variable already take care of that.
  * check-execstack.out is a new test, therefore not a regression. Mark it
    as failing in expected-results-powerpc64-linux-gnu-ppc64.
  * Update tst-ttyname_r.out error value in expected-results-i486-gnu-libc
    as part of the test is now passing.
  * Add patches/mips/cvs-mips-atomic_h.diff to fix atomic issues on MIPS.
  * Add patches/amd64/submitted-cpuid.diff to fix properly check CPU
    family and model.
  * sysdeps/i386.mk, control.in/main: switch i386 to gcc-4.4.  Closes:
    bug#583858.

 -- Aurelien Jarno <aurel32 op debian.org>  Tue, 01 Jun 2010 05:50:51 +0200

eglibc (2.11.1-1) unstable; urgency=low

  [ Clint Adams ]
  * New upstream release:
    - Fixes a house of mind attack.  Closes: bug#568488.
    - Add the fallocate64() syscall.  Closes: bug#568924.
    - Add RES_USE_DNSSEC support.  Closes: bug#569592.
    - Don't abort in getifaddrs.  Closes: bug#582383.
    - Update debian/patches/all/local-pthread-manpages.diff
    - Remove debian/patches/alpha/submitted-getsysstats.diff (merged)
    - Remove debian/patches/alpha/submitted-includes.diff (merged)
    - Remove debian/patches/alpha/submitted-lowlevellock.diff (merged)
    - Remove debian/patches/alpha/submitted-procfs_h.diff (merged)
    - Remove debian/patches/any/cvs-broken-dns.diff (merged)
    - Remove debian/patches/any/cvs-getutmpx-compat.diff (merged)
    - Remove debian/patches/any/cvs-ksm.diff (merged)
    - Remove debian/patches/any/cvs-malloc_info-output.diff (merged)
    - Remove debian/patches/any/cvs-nis-not-configured.diff (merged)
    - Remove debian/patches/any/cvs-nptl-init.diff (merged)
    - Remove debian/patches/any/cvs-resolv-edns0.diff (merged)
    - Remove debian/patches/any/cvs-resolv-init.diff (merged)
    - Remove debian/patches/any/cvs-resolv-uninitialized.diff (merged)
    - Remove debian/patches/any/cvs-resolv-v6mapped.diff (merged)
    - Remove debian/patches/any/cvs-sched_h.diff (merged)
    - Remove debian/patches/any/local-dynamic-resolvconf.diff (merged)
    - Update debian/patches/any/local-libgcc-compat-main.diff
    - Remove debian/patches/any/submitted-confname.h.diff (merged)
    - Remove debian/patches/any/submitted-getent-gshadow.diff (merged)
    - Remove debian/patches/any/submitted-getaddrinfo-nodata.diff (merged)
    - Remove debian/patches/any/submitted-gethostbyname3.diff (merged)
    - Update debian/patches/any/submitted-missing-etc-hosts.diff.
    - Remove debian/patches/arm/cvs-setjmp-longjmp-fpu.diff (merged)
    - Update debian/patches/hppa/cvs-nptl-compat.diff.
    - Update debian/patches/hppa/local-stack-grows-up.diff from
      Carlos O'Donell.
    - Remove debian/patches/hppa/submitted-pie.diff (merged)
    - Remove debian/patches/hppa/submitted-sock_nonblock.diff (merged)
    - Update debian/patches/hurd-i386/cvs-setsid.diff.
    - Remove debian/patches/hurd-i386/cvs-termios-IXANY.patch (merged)
    - Remove debian/patches/hurd-i386/submitted-getnprocs.diff (merged)
    - Update debian/patches/hurd-i386/submitted-readlinkat.diff
    - Remove debian/patches/ia64/cvs-memchr.diff (merged)
    - Remove debian/patches/ia64/submitted-memchr.diff (merged)
    - Remove debian/patches/ia64/submitted-siginfo.diff (merged)
    - Update debian/patches/kfreebsd/local-readdir_r.diff.
    - Remove debian/patches/locale/cvs-C-first_weekday.diff (merged)
    - Update debian/patches/localedata/first_weekday.diff
    - Update debian/patches/localedata/tailor-iso14651_t1.diff
    - Remove debian/patches/mips/local-lazy-eval.diff (obsolete)
    - Remove debian/patches/s390/submitted-siginfo.diff (merged)
    - testsuite-checking/expected-results-ia64-linux-gnu-libc: update
    - Update testsuite-checking/expected-results-sparc-linux-gnu-libc
    - Update testsuite-checking/expected-results-sparcv9b-linux-gnu-sparcv9b

  * Add debian/patches/alpha/local-fcntl_h.diff.
  * Add debian/patches/ia64/local-dlfptr.diff and
    debian/patches/hppa/local-dlfptr.diff from Carlos O'Donnell.
  * Add debian/patches/localedata/locale-hsb_DE.diff

  [ Aurelien Jarno ]
  * Enable multi-arch.
  * kfreebsd/local-sysdeps.diff: update to revision 3039 (from glibc-bsd).
  * Add debian/patches/alpha/local-longjmp-chk.diff and
    debian/patches/alpha/cvs-timer_settime.diff to fix FTBFS on alpha, and
    debian/patches/alpha/local-lowlevellock.diff to fix the testsuite.
  * Add debian/patches/mips/local-lowlevellock.diff to fix the testsuite
    on mips.
  * Re-enable the testsuite on mips/mipsel build daemons.
  * Add debian/patches/arm/local-atomic.diff and
    debian/patches/arm/local-lowlevellock.diff to fix the testsuite on arm.
  * Add debian/patches/hppa/local-longjmp-chk.diff to fix FTBFS on hppa.
  * Add debian/patches/hppa/local-lowlevellock.diff to fix the testsuite
    on hppa.
  * Add debian/patches/s390/cvs-makecontext.diff from upstream to fix
    makecontext() on s390.
  * Replace debian/patches/submitted/cvs-stat-issock.diff by the upstream patch
    debian/patches/any/cvs-stat-issock.diff.
  * Explictely call /sbin/start-stop-daemon in nscd.init.  Closes: bug#575404.
  * Add debian/patches/any/cvs-getaddrinfo.diff from upstream to not abort
    the getaddrinfo loop on the first successful.
  * Add debian/patches/any/cvs-umount-nofollow.diff from upstream to define
    UMOUNT_NOFOLLOW.
  * Add debian/patches/any/cvs-glob.diff from upstream to fix glob() with empty
    pattern.
  * Add debian/patches/submitted-tst-audit6-avx.diff to skip AVX tests if if
    AVX is not available.
  * Allow failures of the testsuite on HPPA until bugs are fixed:
    - tstdiomisc.out (due to bug #582787 on gcc-4.4)
    - tst-fork1.out (due to bug #561203 on linux-2.6)
  * Add debian/patches/sh4/cvs-register_dump.diff from upstream to fix
    iov[] size register-dump.h.
  * Add debian/patches/hurd-i386/submitted-regex_internal.diff to fix FTBFS on
    hurd-i386.

  [ Samuel Thibault ]
  * debian/patches/hurd-i386/submitted-rtld_lock_recursive.diff: New patch to
    fix elf/ build on hurd-i386.
  * debian/patches/hurd-i386/local-longjmp_chk.diff: New patch to fix
    debug/____longjmp_chk.S build on hurd-i386.
  * Update debian/patches/hurd-i386/local-pthread.diff.
  * Update debian/testsuite-checking/expected-results-i486-gnu-libc.

  [ Petr Salinger]
  * define __rtld_lock_initialize also in linuxthreads <bits/libc-lock.h>
    variant (enhance local-linuxthreads-weak.diff).
  * allow failure of tst-longjmp_chk.out on GNU/kFreeBSD
  * Add kfreebsd/local-dosavesse.diff, which does not work,
    so rather use also added kfreebsd/local-nosavesse.diff

 -- Aurelien Jarno <aurel32 op debian.org>  Sat, 29 May 2010 14:31:50 +0200

eglibc (2.10.2-9) unstable; urgency=low

  [ Aurelien Jarno ]
  * Add powerpcspe port support. Closes: #579778.

  [ Petr Salinger ]
  * kfreebsd/local-sysdeps.diff: update to revision 3038 (from glibc-bsd).
    Closes: #581545.

  [ Aurelien Jarno ]
  * debian/control.in/libc: don't make libc0.1/0.3/6/6.1 depends on
    ${misc:Depends} as suggested by lintian, as it is turned out into a
    debconf depends.  Closes: #581835.
  * debian/debhelper.in/nscd.init: stop supporting the reload argument.
    Closes: #578870.
  * debian/script.in/nsscheck.sh: correctly detect stopped and running
    services. Closes: #573247, #575868.
  * debian/patches/mips/submitted-rld_map.diff: don't segfault for MIPS
    binaries with RLD_MAP set to 0. Closes: #579917.
  * Add debian/source/format and debian/source/lintian-overrides files.

 -- Aurelien Jarno <aurel32 op debian.org>  Thu, 20 May 2010 12:09:58 +0200

eglibc (2.10.2-8) unstable; urgency=low

  [ Petr Salinger ]
  * kfreebsd/local-sysdeps.diff: update to revision 3036 (from glibc-bsd).

  [ Clint Adams ]
  * Spanish debconf translation update from Omar Campagne Polaino.
    closes: #579351.
  * Add patches/arm/cvs-setjmp-longjmp-fpu.diff.  closes: #580529
    ("setjmp/longjmp broken on ARM w/ FPU").

 -- Clint Adams <schizo op debian.org>  Tue, 27 Apr 2010 20:33:40 -0400

eglibc (2.10.2-7) unstable; urgency=low

  [ Samuel Thibault ]
  * patches/hurd-i386/local-pthread.diff: Refresh patch.
  * Update debian/testsuite-checking/expected-results-i486-gnu-libc.
  * patches/hurd-i386/cvs-setsid.diff: Update to git version.
  * patches/hurd-i386/local-locarchive.diff: New patch to fix installation of
    locales-all.
  * patches/hurd-i386/cvs-remove.diff: New upstream patch to fix remove()
    on directory on non-Linux ports.

  [ Aurelien Jarno ]
  * debian/control.in/*: add ${misc:Depends} to all binary packages.
  * debian/*symbols*: simplify symbol files by using the new #PACKAGE#
    feature.
  * Bump to Standards-Version 3.8.4.
  * Update patches/alpha/submitted-sock_nonblock.diff to also fix
    SOCK_CLOEXEC.  Closes: #569646.
  * Update patches/hppa/submitted-sock_nonblock.diff to also fix
    SOCK_CLOEXEC.
  * Add patches/any/submitted-stat-issock.diff to define the S_ISSOCK
    macro starting with POSIX 2001.  Closes: #569517.
  * scripts.in/nsscheck.sh: remove non-breaking space.  Closes: #569701.
  * rules.d/debhelper.mk: remove obsolete comment.  Closes: #570946.
  * Replace patches/sparc/local-sparcv9-memchr.diff by
    patches/sparc/cvs-sparcv9-memchr.diff.
  * Add patches/sparc/submitted-msgrcv.diff to fix msgrcv() on sparc64,
    and with it fakeroot.
  * Add patches/any/submitted-nptl-invalid-td.patch to also catch
    uninitialized thread descriptors in INVALID_TD_P macro.  Closes:
    #571639.
  * Fix lang_ab field in es_CR locales.  Closes: #571755.

  [ Petr Salinger]
  * kfreebsd/local-sysdeps.diff: update to revision 3034 (from glibc-bsd).
  * any/local-linuxthreads-stacksize.diff: New patch to restrict
    max stack size in threads

  [ Clint Adams ]
  * Add any/local-gai-rfc1918-scope-global.patch.  closes: #468801.

 -- Clint Adams <schizo op debian.org>  Thu, 22 Apr 2010 09:38:27 -0400

eglibc (2.10.2-6) unstable; urgency=low

  [ Aurelien Jarno ]
  * kfreebsd/local-sysdeps.diff: update to revision 2957 (from glibc-bsd).
  * Don't run the testsuite in parallel, as it sometimes causes some failures
    in some tests.
  * Add patches/any/cvs-malloc_info-init.diff to fix malloc_info() with no
    malloc() done.  Closes: #562679.
  * Add patches/sh4/submitted-set_fpscr.diff to add __set_fpscr() prototype.
    Closes: #565369.
  * debian/rules.d/build.mk: Add --with-pkgversion and --with-bugurl
    arguments.
  * Add patches/ia64/submitted-memchr.diff to fix memchr() overshoot on ia64.
    Closes: #563882
  * Add patches/any/submitted-leading-zero-stack-guard.diff and
    patches/any/submitted-stack-guard-quick-randomization.diff from Ubuntu and
    Fedora to improve stack randomisation.  Closes: #568488.
  * Update es_CR locale from Marcelo Magallon.  Closes: #567351.
  * debian/script.in/nsscheck.sh: Only restart services that are currently
    running.  Closes: #528755.
  * Move locales and locales-all to section localization.  Closes: #568753.

  [ Samuel Thibault ]
  * patches/hurd-i386/local-pthread.diff: New hurd-only patch to provide
    LIBPTHREAD_SO and disable nscd.
  * patches/hurd-i386/local-pthread_posix-option.diff: Tell glibc Makefiles that
    we have a libpthread.
  * testsuite-checking/expected-results-i486-linux-gnu-libc: Update results.
  * patches/hurd-i386/submitted-posix_opt.h.diff: Update.
  * patches/hurd-i386/submitted-sysvshm.diff: Resync.
  * patches/hurd-i386/submitted-net.diff: New patch to factorize net/ files
    between Linux and Hurd.
  * patches/hurd-i386/submitted-getnprocs.diff: New patch to add get_nprocs()
    and such weak aliases.

 -- Aurelien Jarno <aurel32 op debian.org>  Sun, 07 Feb 2010 16:54:24 +0100

eglibc (2.10.2-5) unstable; urgency=low

  [ Petr Salinger]
  * Update kfreebsd/local-no-SOCK_NONBLOCK.diff to cvs-resolv-* changes.
    Move it into any/local-no-SOCK_NONBLOCK.diff, as it is used also on hurd.
    Closes: #564008.

  [ Samuel Thibault ]
  * patches/hurd-i386/submitted-posix_opt.h.diff: New patch to update standard
    macros in posix_opt.h.
  * patches/hurd-i386/local-pthread_posix-option.diff: Refresh and update
    standard macros in posix_opt.h.
  * patches/hurd-i386/submitted-sysvshm.diff: Add standard macro _XOPEN_SHM in
    posix_opt.h.
  * patches/hurd-i386/local-tls-support.diff: Use kern_return_t instead of
    error_t to avoid a dependency on a GNU-specific type.
  * patches/hurd-i386/submitted-getcwd.diff: renamed to cvs-getcwd.diff since
    merged upstream.
  * patches/hurd-i386/submitted-setsid.diff: renamed to cvs-setsid.diff since
    merged upstream.

  [ Aurelien Jarno ]
  * Fix sparc64 build.

 -- Aurelien Jarno <aurel32 op debian.org>  Thu, 07 Jan 2010 20:57:49 +0100

eglibc (2.10.2-4) unstable; urgency=low

  [ Samuel Thibault ]
  * testsuite-checking/expected-results-i486-linux-gnu-libc: Add
    tst-atime.out failure.

  [ Aurelien Jarno ]
  * Also build a libc6-sparcv9b package on sparc64.
  * Disable debian/patches/any/cvs-futimens.diff. Addresses: #563726,
    #563754.
  * Add debian/patches/localedata/locale-et_EE.diff to change weekday
    and workday to Monday.  Closes: #563636.
  * Add debian/patches/any/cvs-resolv-init.diff to fix mixing IPv4 and
    IPv6 name server in resolv.conf.
  * Add debian/patches/any/cvs-resolv-uninitialized.diff to fix an
    uninitialized variable in resolv code.
  * Add debian/patches/any/cvs-resolv-bindv6only.diff to not use
    IPV4-mapped addresses in the resolver code.  Closes: #563552.
  * Add debian/patches/any/cvs-resolv-edns0.diff to handle overly large
    answer buffers in resolver.
  * Add debian/patches/any/cvs-resolv-v6mapped.diff to fix lookup failure
    with IPv6 mapping enabled and big answers.  Closes: #558984.
  * Add debian/patches/any/submitted-nis-shadow.diff to remove encrypted
    passwords from passwd entries, and add them in shadow entries.
    Closes: #560333.

  [ Petr Salinger]
  * kfreebsd/local-sysdeps.diff: update to revision 2907 (from glibc-bsd).

 -- Aurelien Jarno <aurel32 op debian.org>  Wed, 06 Jan 2010 22:18:19 +0100

eglibc (2.10.2-3) unstable; urgency=low

  [ Aurelien Jarno ]
  * Update from the latest SVN, branch eglibc-2_11:
    - Remove any/cvs-malloc-check.diff (merged upstream).
  * debhelper.in/libc.postinst: also restart incron on upgrade.  Closes:
    #557801.
  * debhelper.in/libc.postinst: restart the services instead of stopping
    them and then starting them again.  Closes: #211784.
  * Use gcc/g++-4.4 on hppa, hurd-i386, mips and mipsel.
  * Mention EGLIBC in packages description.  Closes: #559121.
  * Add support for sparc64 architecture.
  * debian/sysdeps/mips.mk, debian/sysdeps/mipsel.mk: remove hack to support
    buildds kernels now that they have been upgraded.
  * debian/control.in/main: add a Homepage: pseudo header.  Closes: #561034.
  * debian/local/manpages/gai.conf.5: fix a typo.  Closes: #560144.
  * Replace debian/any/submitted-nis-not-configured.diff by upstream patch
    debian/any/cvs-nis-not-configured.diff.
  * Add debian/patches/any/local-ntp-update.diff to partially update the NTP
    API, backported from upstream.  Closes: #559482.
  * Add debian/patches/any/cvs-malloc_info-output.diff from upstream to fix
    malloc_info() output.  Closes: #562678.
  * Add debian/patches/any/cvs-futimens.diff from upstream to correctly handle
    AT_FDCWD in futimens().

  [ Samuel Thibault ]
  * testsuite-checking/expected-results-i486-linux-gnu-libc: Add hurd-i386
    testsuite results.
  * sysdeps/hurd.mk: Enable testsuite.
  * patches/hurd-i386/submitted-getcwd.diff: Add patch to fix duplicate port
    deallocation.
  * patches/hurd-i386/submitted-setsid.diff: Add patch to fix bogus port
    deallocation.

  [ Petr Salinger]
  * kfreebsd/local-sysdeps.diff: update to revision 2904 (from glibc-bsd).

 -- Aurelien Jarno <aurel32 op debian.org>  Sat, 02 Jan 2010 13:07:44 +0100

eglibc (2.10.2-2) unstable; urgency=low

  [ Carlos O'Donell]
  * debian/patches/hppa/cvs-nptl-compat.diff: new version to fix
    pthread structures alignment on hppa.

  [ Aurelien Jarno ]
  * debian/control: bump libc-bin breaks on libc0.1/0.3/6/6.1 to (<< 2.10).
    Closes: #556945.
  * patches/localedata/submitted-pt_BR.diff: new patch to fix the thousand
    separator on pt_BR locale.  Closes: #474479.
  * debhelper.in/locales.postinst: if an selected entry is present more than
    once, only uncomment the first one.  Closes: #529368.
  * patches/any/submitted-gethostbyname3.diff: return an error if the
    nameserver timeouts.  Closes: #499781.

 -- Aurelien Jarno <aurel32 op debian.org>  Tue, 24 Nov 2009 06:12:57 +0100

eglibc (2.10.2-1) unstable; urgency=low

  [ Aurelien Jarno ]
  * New upstream minor release.
    - fix build timeout on SH4.  Closes: #552407.
    - disabled patches/svn-updates.diff.
    - remove patches/powerpc/cvs-readahead.diff (merged).
    - remove patches/any/submitted-libgcc_s.so.diff (merged).
    - remove patches/any/cvs-preadv-pwritev.diff (merged).
    - remove patches/any/cvs-getaddrinfo-nss-notfound.diff (merged).
  * patches/ia64/cvs-memchr.diff: new patch from upstream replacing
    patches/ia64/submitted-memchr.diff.
  * patches/any/cvs-malloc-check.diff: new patch from upstream to fix bugs
    with MALLOC_CHECK.  Closes: #557158.
  * patches/any/cvs-ksm.diff: add support to KSM, define MADV_MERGEABLE and
    MADV_UNMERGEABLE. Closes: #556631.
  * Replace patches/locale/fix-C-first_weekday.diff by upstream version
    patches/locale/cvs-C-first_weekday.diff.  Closes: #556884.
  * rules.d/debhelper.mk: don't use --strip-unneeded when stripping .o
    objects.  Closes: #556951.
  * patches/any/submitted-bits-fcntl_h-at.diff: new patch to move AT_*
    constants from <fcntl.h> to <bits/fcntl.h>. Closes: #555303.
  * Replace patches/any/submitted-sched_h.2.diff by upstream version
    patches/any/cvs-sched_h.diff.
  * Use gcc/g++-4.4 on sparc.
  * patches/any/submitted-nis-not-configured.diff: fix getaddrinfo() if
    NIS is not configured. Fixes CVE-2010-0015.  Closes: #556600.
  * patches/any/submitted-getaddrinfo-nodata.diff: new patch from Michael
    Stone to fix getaddrinfo() if a plugin returns TRY_AGAIN or NO_DATA.
    Closes: #557596.

  [ Carlos O'Donell]
  * patches/hppa/local-stack-grows-up.diff: new version.

  [ Petr Salinger]
  * kfreebsd/local-sysdeps.diff: update to revision 2859 (from glibc-bsd).
    Closes: #557248.

 -- Aurelien Jarno <aurel32 op debian.org>  Mon, 23 Nov 2009 09:46:23 +0100

eglibc (2.10.1-7) unstable; urgency=low

  [ Aurelien Jarno ]
  * patches/all/local-ldd.diff: new patch to handle the case where ld.so is
    not executable (wrong architecture), and always trace dynamic library
    dependencies through the dynamic linker.  Closes: #502189,
    #552518, #499016.
  * Strip *.o files manually (dh_strip does not do it) to prevent
    leakage of the build directory (has been lost in a merge).
  * script.in/nsscheck.sh: fix call to invoke-rc.d.  Closes: #555463.
  * patches/ia64/submitted-memchr.diff: fix memchr() when data is shorter
    than software pipeline.
  * Bump to Standards-Version 3.8.3.
  * Re-enable PIE on mips and build-depends on binutils (>= 2.20-3).
  * Build-depends on g++-4.4 (>= 4.4.2-2) and use gcc-4.4 on armel.
  * libc-bin-dev: recommends manpages-dev.  Closes: #485608.
  * Generate /usr/lib{,32,64}/gconv/gconv-modules.cache at build time
    instead of during package installation. Closes: #548042.
  * debhelper.in/locales-all.prerm: remove /usr/lib/locale on removal, to
    make puiparts happy.

  [ Carlos O'Donell]
  * patches/hppa/local-stack-grows-up.diff: fix pthread stack related
    functions when the stack grows up.  Closes: #553722.

 -- Aurelien Jarno <aurel32 op debian.org>  Thu, 12 Nov 2009 12:53:04 +0100

eglibc (2.10.1-6) unstable; urgency=high

  [ Aurelien Jarno ]
  * Don't ask to stop gdm before an upgrade, but run reload in the postint
    Closes: #553362.
  * patches/powerpc/cvs-readahead.diff: fix readahead on PowerPC.
  * patches/any/cvs-preadv-pwritev.diff: fix preadv, pwritev and fallocate
    for-D_FILE_OFFSET_BITS=64.  Closes: #554608.
  * patches/any/submitted-sched_h.2.diff: allow const argument to CPU_ISSET()
    Closes: #554901.
  * kfreebsd/local-sysdeps.diff: update to revision 2819 (from glibc-bsd).
  * patches/any/submitted-etc-resolv.conf.diff: also handle case when the file
    is present, but a nameserver entry is missing.  Closes: #552010.

 -- Aurelien Jarno <aurel32 op debian.org>  Sun, 08 Nov 2009 18:56:15 +0100

eglibc (2.10.1-5) unstable; urgency=low

  [ Samuel Thibault ]
  * patches/hurd-i386/local-disable-ioctls.diff: New patch to disable some
    non-working ioctls.
  * patches/hurd-i386/local-pthread_types.diff: Fix path typo.

  [ Aurelien Jarno ]
  * Move xz-utils to Build-Depends from Build-Depends-Indep.

 -- Aurelien Jarno <aurel32 op debian.org>  Sun, 01 Nov 2009 17:19:00 +0100

eglibc (2.10.1-4) unstable; urgency=low

  [ Aurelien Jarno ]
  * patches/any/submitted-localedef-mmap.diff: new patch to cope with
    different mmap alignment restrictions between MMAP_SHARED and
    MMAP_PRIVATE. On SPARC64, MMAP_SHARED implies a 16kB alignment (L1
    D-Cache size), while MMAP_PRIVATE implies a 8kB alignment (page
    size).  Closes: #552233.
  * patches/any/submitted-confname.h.diff: new patch to fix build of
    bits/confname.h with -pedantic-errors.  Closes: #552819.
  * kfreebsd/local-sysdeps.diff: update to revision 2817 (from glibc-bsd).
    Fixes <netinet/icmp6.h>.  Closes: #552138.
  * Disable PIE on MIPS/MIPSEL.
  * Replace patches/s390/submitted-getutmpx.diff by upstream version
    (patches/any/cvs-getutmpx-compat.diff).
  * Don't include debian/ and stamp-dir/ in eglibc source tarball.  Closes:
    #553053.
  * Switch to the more common xz format from lzma for eglibc-source
    tarball.

 -- Aurelien Jarno <aurel32 op debian.org>  Fri, 30 Oct 2009 09:48:09 +0100

eglibc (2.10.1-3) unstable; urgency=low

  [ Samuel Thibault ]
  * patches/hurd-i386/local-bigmem.diff: Fix patch.

  [ Aurelien Jarno ]
  * patches/s390/submitted-getutmpx.diff: new patch to fix getutmpx() on
    s390.  Closes: #544838.
  * patches/any/submitted-missing-etc-resolv.conf.diff: new patch to fix
    name resolution with empty or missing /etc/resolv.conf.  Closes:
    #552453.
  * debian/sysdeps/i386.mk: build with gcc-4.3 on i386.  Closes: #551903.

 -- Aurelien Jarno <aurel32 op debian.org>  Mon, 26 Oct 2009 19:40:34 +0100

eglibc (2.10.1-2) unstable; urgency=low

  [ Petr Salinger ]
  * kfreebsd/local-sysdeps.diff: update to revision 2806 (from glibc-bsd).
  * Drop kfreebsd/local-sysdeps-2.10.diff (merged in local-sysdeps.diff).

  [ Samuel Thibault ]
  * patches/hurd-i386/local-bigmem.diff: New patch to fix dl.so crash when
    running on GNU Mach with VM_MAX_ADDRESS < 0xc0000000.

  [ Aurelien Jarno ]
  * patches/any/submitted-missing-etc-hosts.diff: return HOST_NOT_FOUND
    instead of NO_DATA.  Closes: #551622, #551760, #551879, #552010.
  * Restart NSS related services after upgrade. Closes: #551971, #551885.
  * testsuite-checking/*kfreebsd*: the *at syscalls emulation is not
    working under all conditions, allow failure of related tests. That
    should be removed after switching to kernel 8.0.

 -- Aurelien Jarno <aurel32 op debian.org>  Fri, 23 Oct 2009 08:48:29 +0200

eglibc (2.10.1-1) unstable; urgency=low

  [ Aurelien Jarno ]
  * New upstream release.
    - Fix C++ declaration of string functions.  Closes: #496763.
    - Add Handling for group shadow files.  Closes: #519479.
    - Use AT_RANDOM for randomized stack protector value.  Closes:
      #533077.
    - don't trigger assertion on __pthread_mutex_lock anymore.  Closes:
      #479952.
    - Fix week specifier in en_GB.  Closes: #511474.
    - Update sys/timex.h.  Closes: #550857.
    - debian/copyright, debian/*symbols*, debian/shlibver,
      debian/locales-depver, debian/debhelper.in/*.lintian: upgrade
      to 2.10.
    - alpha has been moved to ports, update debian/sysdeps/alpha.mk and
      debian/patches/alpha/* accordingly.
    - Remove debian/patches/arm/submitted-setjmp.diff (merged).
    - Remove debian/patches/arm/submitted-fpu_control_h.diff (merged).
    - Remove debian/patches/hppa/cvs-tsd.diff (merged).
    - Remove debian/patches/hppa/cvs-nptl.diff (merged).
    - Remove debian/patches/hurd-i386/cvs-resource-prio.diff (merged).
    - Remove debian/patches/hurd-i386/cvs-hurdsig-fix.diff (merged).
    - Remove debian/patches/hurd-i386/cvs-net-headers.diff (merged).
    - Remove debian/patches/hurd-i386/cvs-report-wait-fix.diff (merged).
    - Remove debian/patches/hurd-i386/cvs-get_pc_thunk.diff (merged).
    - Remove debian/patches/hurd-i386/cvs-strerror_l.diff (merged).
    - Remove debian/patches/hurd-i386/cvs-rtld.diff (merged).
    - Update debian/patches/hurd-i386/local-tls-support.diff.
    - Update debian/patches/hurd-i386/submitted-extern_inline.diff.
    - Update debian/patches/hurd-i386/local-atomic-no-multiple_threads.diff.
    - Remove debian/patches/mips/cvs-context.diff (merged).
    - Remove debian/patches/sparc/cvs-siginfo.diff (merged).
    - Remove debian/patches/all/submitted-readme-version.diff (merged).
    - Remove debian/patches/any/submitted-install-map-files.diff (merged).
    - Remove debian/patches/any/cvs-pthread_h.diff (merged).
    - Remove debian/patches/any/local-bashisms.diff (merged).
    - Remove debian/patches/any/cvs-bz7058-nss_nss-nis.diff (merged).
    - Remove debian/patches/any/cvs-iconv-utf16.diff (merged).
    - Remove debian/patches/any/submitted-cross-zic.diff (merged).
    - Remove debian/patches/any/cvs-binutils_2.20.diff (merged).
    - Remove debian/patches/any/submitted-nss-nsswitch.diff (merged).
    - Remove debian/patches/any/cvs-bz9706-nss_nss-files_files-parse.diff
      (merged).
    - Update debian/patches/any/cvs-broken-dns.diff.
    - Remove debian/patches/any/cvs-bz9697-posix-regcomp.diff (merged).
    - Remove debian/patches/any/cvs-bz697-posix-regexec.diff (merged).
    - Remove debian/patches/any/submitted-broken-dns.diff (merged).
    - Remove debian/patches/any/submitted-mount_h.diff (merged).
    - Update debian/patches/any/submitted-futex_robust_pi.diff.
    - Update debian/patches/any/local-dynamic-resolvconf.diff.
    - Update debian/patches/any/local-libgcc-compat-main.diff.
    - Update debian/patches/any/local-libgcc-compat-ports.diff.
    - Update debian/patches/any/local-no-pagesize.diff.
    - Remove debian/patches/any/submitted-date-and-unknown-tz.diff (merged).
    - Remove debian/patches/any/cvs-sunrpc-license.diff (merged).
    - Remove debian/patches/any/submitted-tst-cpucount.diff (merged).
    - Remove debian/patches/any/submitted-signalfd-eventfd.diff (merged).
    - Remove debian/patches/any/cvs-unsetenv.diff (merged).
    - Remove debian/patches/localedata/mt_MT_euro.diff (merged).
    - Remove debian/patches/localedata/submitted-bz9731-el_CY_euro.diff
      (merged).
    - Remove debian/patches/localedata/sk_SK_euro.diff (merged).
    - Remove debian/patches/localedata/submitted-bz9730-locale-sv_FI.diff
      (merged).
    - Remove debian/patches/localedata/cvs-el_CY-el_GR-frac_digits.diff
      (merged).
    - Update debian/patches/localedata/sort-UTF8-first.diff.
    - Update debian/patches/localedata/fr_CA-first_weekday.diff
    - Update debian/patches/localedata/fr_BE-first_weekday.diff
    - Update debian/patches/localedata/cy_GB-first_weekday.diff
    - Remove debian/patches/localedata/submitted-bz9835-en_GB-first_day.diff
      (merged).
    - Update debian/patches/localedata/first_weekday.diff
    - Update debian/patches/localedata/fr_LU-first_weekday.diff
    - Update debian/patches/localedata/fr_CH-first_weekday.diff
    - Remove debian/patches/sh4/cvs-headers-update.diff (merged).
    - Remove debian/patches/any/local-revert-3270.diff (fixed upstream).
  * Remove localedata/locale-fr_FR.diff as coreutils has been fixed.
  * Add debian/patches/any/submitted-autotools.diff to update config.guess
    and config.sub.
  * Remove debian/patches/powerpc/local-sysconf.diff, as it only concerns
    kernel that are not supported anymore.
  * Add debian/patches/ia64/submitted-sysconf.diff to fix sysconf() on ia64.
  * Add debian/patches/alpha/submitted-getsysstats.diff,
    debian/patches/alpha/submitted-includes.diff and
    debian/patches/alpha/submitted-lowlevellock.diff to partially fix FTBFS
    on alpha.
  * Add debian/patches/any/local-linuxthreads-unwind.diff to fix exception
    handling with linuxthreads.
  * Add debian/patches/any/cvs-nptl-init.diff to allow overwriting
    architectures init.c in csu and nptl individually.
  * Add debian/patches/any/submitted-accept4-hidden.diff to fix build
    on non Linux architectures.
  * Add debian/patches/kfreebsd/local-sysdeps-2.10.diff to update sysdeps
    for glibc 2.10 on GNU/kFreeBSD.
  * Add debian/patches/alpha/submitted-rtld-fPIC.diff to fix build on alpha.
  * Add debian/patches/any/submitted-getent-gshadow.diff to add gshadow
    support to getent.
  * debian/rules.d/tarball.mk: store the checkout revision in the tarball
    (file .svn-revision).
  * debian/rules.d/tarball.mk: add an "update-from-upstream-svn" rule to
    automatically update debian/patches/svn-updates.diff.
  * patches/ia64/submitted-libm.diff: new patch to fix errors in the
    math testsuite on ia64.
  * Use gcc 4.4 by default, except on armel, hppa, mips, mipsel, sparc and
    hurd-i386.
  * Update to upstream revision 8758.
  * patches/any/submitted-missing-etc-hosts.diff: new patch from Steve
    Langasek to treat a missing /etc/hosts as a simple "not found", not as
    an internal error.  Closes: bug#539950.
  * libc.postinst: only call telinit on Linux as originally.
  * Fix package name in alpha/ia64 private symbols versioning.
  * Add patches/sparc/local-sparcv9-memchr.diff to fix test-memchr.

  [ Petr Salinger ]
  * Add kfreebsd/local-no-SOCK_NONBLOCK.diff to fix build on GNU/kFreeBSD.

  [ Samuel Thibault ]
  * Add debian/patches/hurd-i386/local-_dl_random.diff to fix build on
    hurd-i386.
  * Add debian/patches/hurd-i386/local-unwind-resume.diff to fix build on
    hurd-i386.
  * Fix debian/patches/hurd-i386/local-tls-support.diff to align up includes
    on Linux, to fix build.

  [ Carlos O'Donell ]
  * Add hppa/cvs-nptl-compat.diff to keep ABI compatibility between
    linuxthreads and NPTL on HPPA.
  * sysdeps/hppa.mk: switch to NPTL. Closes: bug#538513.
  * testsuite-checking/expected-results-hppa-linux-gnu-libc: update.

 -- Aurelien Jarno <aurel32 op debian.org>  Sun, 18 Oct 2009 18:35:20 +0200

eglibc (2.9-27) unstable; urgency=low

  [ Aurelien Jarno ]
  * Extend description of libc-bin, patch by Christoph Berg. Closes:
    bug#544389.
  * Strip *.o files manually (dh_strip does not do it) to prevent
    leakage of the build directory.
  * libc.postinst: re-add "telinit u", removed by accident in version
    2.9-24. Closes: bug#545179.
  * nscd.init: set PATH to "/sbin:/usr/sbin:/bin:/usr/bin". Closes:
    bug#544942.
  * nscd.conf.5: add documentation for max-db-size and auto-propagate
    options. Closes: bug#544544.
  * Merge from the multiarch branch:
    - allow to specify libdir and slibdir also for the main flavor.
    - use real dependencies between the build_* and binaryinst_*
      targets.
    - simplify clean target.
  * Set the minimum kernel version to 6.0.0 for biarch library on
    kfreebsd-amd64 to match the main library.
  * alpha/submitted-sock_nonblock.diff: adjust patch location (alpha is
    still a main architecture in glibc 2.9). Closes: bug#540871.

  [ Samuel Thibault ]
  * debian/debhelper.in/libc.install: Install libc/*-gnu*/ instead of
    libc/*-*-gnu*/, to fix FTBFS on hurd-i386 due to it now being i486-gnu/.
  * debian/patches/hurd-i386/submitted-null-pathname.diff: New patch to fix
    chdir("") and chroot("") into returning ENOENT.
  * debian/patches/hurd-i386/submitted-sbrk.diff: New patch to fix sbrk beyond
    128MB.
  * debian/patches/hurd-i386/local-thread-cancel.diff: New patch to fix ext2fs
    crash.
  * debian/patches/hurd-i386/submitted-readlinkat.diff: New patch to add
    support for readlinkat(), to fix insserv build.
  * debian/patches/hurd-i386/cvs-termios-IXANY.patch: New patch to
    define IXANY in XOpen environment too, to fix libgphoto2 build.
  * debian/patches/hurd-i386/submitted-SOL_IP.patch: New patch to add SOL_IP
    definition, to fix directfb build.

  [ Petr Salinger ]
  * kfreebsd/local-sysdeps.diff: update to revision 2779 (from glibc-bsd).

  [ Clint Adams ]
  * debian/rules.d/debhelper.mk: make sure that snippets are included
    before doing CURRENT_VER substitution; fix thanks to Steve
    Langasek.
  * Bump to Standards-Version 3.8.3.

 -- Clint Adams <schizo op debian.org>  Wed, 30 Sep 2009 16:24:56 -0400

eglibc (2.9-26) unstable; urgency=low

  [ Aurelien Jarno ]
  * alpha/submitted-sock_nonblock.diff, hppa/submitted-sock_nonblock.diff:
    create the files at the correct location. Closes: bug#540871.
  * Use the full triplet for optimized and biarch packages.
  * cvs-unsetenv.diff: new patch to not segfault in unsetenv() if run after
    clearenv().

  [ Samuel Thibault ]
  * Convert config_os' gnu-gnu into gnu to fix multiarch paths.

  [ Petr Salinger ]
  * kfreebsd/local-sysdeps.diff: update to revision 2744 (from glibc-bsd).
  * any/local-linuxthreads-kill_other.diff, fixes ruby 1.9 testsuite failure

 -- Aurelien Jarno <aurel32 op debian.org>  Mon, 31 Aug 2009 07:05:00 +0200

eglibc (2.9-25) unstable; urgency=low

  * Remove Ben Collins <bcollins op debian.org> from the uploaders (Closes:
    bug#540901).
  * Recommends libc6-i686 on i386 and libc0.1-i686 on kfreebsd-i386
    (instead of amd64 and kfreebsd-amd64). Closes: bug#455603.
  * rules.d/debheper.in: fix a one letter typo causing libc6-udeb to be
    empty. Closes: bug#541725.
  * alpha/submitted-sock_nonblock.diff, hppa/submitted-sock_nonblock.diff:
    new patches to accommodate SOCK_NONBLOCK != O_NONBLOCK on these
    architectures. Closes: bug#540871.
  * Add dependency on $syslog in /etc/init.d/nscd. Closes: bug#541492.

 -- Aurelien Jarno <aurel32 op debian.org>  Sun, 16 Aug 2009 13:43:11 +0200

eglibc (2.9-24) unstable; urgency=low

  [ Aurelien Jarno ]
  * Remove any/cvs-pthread_mutex_lock.diff following upstream decision.
  * Replace debian/sysdeps/depflags.{mk,pl} by entries in debian/control
    using the "new" dpkg-dev features. Clean-out some very old entries.
  * Recommends libc6-i686 on amd64 and libc0.1-i686 on kfreebsd-amd64
    (Closes: bug#455603).
  * Don't access dpkg files directly in libc6.preinst.
  * patches/any/local-ld-multiarch.diff: convert i586 and i686 into i486
    (Closes: bug#540646).
  * debian/rules.d/debhelper.mk: use dh_lintian instead doing the work
    manually.
  * Split out libc-bin from libc6 and libc-dev-bin from libc6-dev.
    (Closes: #330735).

  [ Petr Salinger ]
  * kfreebsd/local-sysdeps.diff: update to revision 2696 (from glibc-bsd).

 -- Aurelien Jarno <aurel32 op debian.org>  Mon, 10 Aug 2009 14:32:35 +0200

eglibc (2.9-23) unstable; urgency=low

  * debhelper.in/libc.postinst, sysdeps/depflags.pl: remove upgrade code
    for pre-etch installations.
  * Don't ship /etc/init.d/glibc.sh anymore: the GNU libc is now smart
    enough to print "FATAL: kernel too old" alone. This also speed up
    the boot a bit.
  * Don't ship /usr/share/doc/libc6/TODO, but keep the file in the
    sources.
  * Don't ship /usr/share/doc/libc6/{README,PROJECT}.gz, they are
    irrelevant for an already built GNU libc.
  * Move /usr/share/doc/libc6/{CONFORMANCE,NAMESPACE,NOTES}.gz to
    libc6-dev.
  * Move all upstream changelogs in glibc-docs, and install a small
    changelog file explaining the reason.
  * Ship README.libm in libc6-dev.
  * Update any/cvs-broken-dns.diff from upstream.
  * any/cvs-pthread_mutex_lock.diff: new patch from upstream to fix
    a memory ordering problem in pthread_mutex_{,timed}lock.
  * Replace any/submitted-signalfd-eventfd.diff by upstream version
    any/cvs-signalfd-eventfd.diff.
  * alpha/submitted-asm-memchr.diff: new patch to fix broken prefetching
    in memchr() on alpha.
  * control.in/i386: replace the Pre-Depends by a Conflicts.  Closes:
    #538807. Update the breaks version of the packages not yet
    transitioned.

 -- Aurelien Jarno <aurel32 op debian.org>  Mon, 27 Jul 2009 15:37:54 +0200

eglibc (2.9-22) unstable; urgency=low

  * kfreebsd/local-sysdeps.diff: update to revision 2670 (from glibc-bsd).
  * any/submitted-signalfd-eventfd.diff: new patch to support < 2.6.27
    kernels in eventfd/signalfd.  Closes: #537509.
  * alpha/submitted-fdatasync.diff: update to keep fdatasync() as a
    cancellation point.  Closes: #537586.
  * sparc/cvs-siginfo.diff, s390/submitted-siginfo.diff,
    ia64/submitted-siginfo.diff: new patches to get "struct sigevent"
    from bits/siginfo.h in sync with the kernel version. Closes: #534548.
  * debhelper.in/libc-alt.preinst: also clear old /lib32 and /usr/lib32
    symlinks on install, as they might have been left by a previous
    installation of the package.
  * patches/any/cvs-getaddrinfo-nss-notfound.diff: new patch to correctly
    handle missing NSS modules.  Closes: #535106, #298290.
  * Add X-Interactive: true to /etc/init.d/glibc.sh.  Closes: #538435.

 -- Aurelien Jarno <aurel32 op debian.org>  Sun, 26 Jul 2009 10:16:30 +0200

eglibc (2.9-21) unstable; urgency=low

  [ Aurelien Jarno ]
  * Re-add /usr/include/scsi/scsi.h.  Closes: #537354.
  * libc6-dev-i386: pre-depends on libc6-i386.  Closes: #535313.
  * /etc/bindresvport.blacklist: add rsync (port 873). Closes: #537289.
  * any/local-bindresvport_blacklist.diff: update from latest openSUSE
    version.
  * kfreebsd/local-sysdeps.diff: update to revision 2643 (from glibc-bsd).
    Closes: #537492.
  * debian/local/etc_init.d/glibc.sh: add support for start/stop/restart/
    force-reload options.
  * debian/debhelper.in/libc-alt.preinst: add set -e.

 -- Aurelien Jarno <aurel32 op debian.org>  Sun, 19 Jul 2009 21:09:38 +0200

eglibc (2.9-20) unstable; urgency=low

  [ Clint Adams ]
  * Bump to Standards-Version 3.8.2.

  [ Aurelien Jarno ]
  * Don't ship /usr/include/scsi/scsi.h anymore.  Closes: #535809.
  * Add sysdeps/sh4.mk.  Closes: #536199.
  * debian/control.in/main: Build-Depends on dpkg-dev (>= 1.15.3.1).
    Closes: #536482.
  * kfreebsd/local-sysdeps.diff: update to revision 2624 (from glibc-bsd).

 -- Aurelien Jarno <aurel32 op debian.org>  Sun, 12 Jul 2009 14:39:01 +0200

eglibc (2.9-19) unstable; urgency=low

  [ Petr Salinger ]
  * kfreebsd/local-sysdeps.diff: update to revision 2611 (from glibc-bsd).
    Closes: #534115. Thanks to Javier Mendez Gomez.

  [ Aurelien Jarno ]
  * libc6-i386/presubj: remove.  Closes: #533768.
  * eu.po update from Piarres Beobide.  closes: #534283.
  * arm/local-hwcap-updates.diff, arm/local-no-hwcap.diff: update ARM
    hwcaps to support NEON and VFP.  Closes: #534126.
  * control.in/i386: add a breaks nvidia-glx-ia32 (<= 185.18.14-1) and
    nvidia-libvdpau-ia32 (<= 185.18.14-1).  Closes: #534874.
  * Merge any/submitted-broken-dns.diff into any/cvs-broken-dns.diff and
    update from upstream.

  [ Clint Adams ]
  * ru.po update from Yuri Kozlov.  closes: #534781.
  * cs.po update from Miroslav Kure.  closes: #534787.

 -- Clint Adams <schizo op debian.org>  Sun, 05 Jul 2009 11:49:39 -0400

eglibc (2.9-18) unstable; urgency=low

  * Remove /lib32 and /usr/lib32 in the libc6-i386 preinst.  closes: #533773.

 -- Clint Adams <schizo op debian.org>  Sun, 21 Jun 2009 03:17:50 -0400

eglibc (2.9-17) unstable; urgency=low

  [ Aurelien Jarno ]
  * Fix the versionned conflict of libc6-i386 with libc6-i386-dev. Closes:
    #533482.

  [ Clint Adams ]
  * Use Breaks instead of Conflicts for the /emul/ia32-linux transition.
    closes: #533503.

  [ Petr Salinger ]
  * kfreebsd/local-sysdeps.diff: update to revision 2599 (from glibc-bsd).

 -- Clint Adams <schizo op debian.org>  Thu, 18 Jun 2009 18:36:51 -0400

eglibc (2.9-16) unstable; urgency=low

  * Restore /lib/ld-linux.so.2 symlink. Closes: #533364.
  * control.in/i386: tighten a bit the conflicts given the recent uploads.

 -- Aurelien Jarno <aurel32 op debian.org>  Wed, 17 Jun 2009 07:32:47 +0200

eglibc (2.9-15) unstable; urgency=low

  * kfreebsd/local-sysdeps.diff: update to revision 2587 (from glibc-bsd).
    Update expected testsuite results accordingly.
  * any/cvs-broken-dns.diff: backport more parts from upstream.
  * Update Italian debconf translation, by Luca Monducci.  Closes: #531431.
  * sh4/cvs-headers-update.diff: new patch from upstream to fix build failure
    on SH4.  Closes: #532385.
  * sysdeps/amd64.mk: fix i386_slibdir.
  * control.in/i386: remove duplicate entries.

 -- Aurelien Jarno <aurel32 op debian.org>  Sat, 13 Jun 2009 22:25:41 +0200

eglibc (2.9-14) unstable; urgency=low

  [ Aurelien Jarno ]
  * debian/debhelper.in/locales.postrm: remove /etc/default/locale on
    purge.  Closes: #530902.

  [ Clint Adams ]
  * Move /emul/ia32-linux libraries to /usr/lib32.

 -- Clint Adams <schizo op debian.org>  Sat, 13 Jun 2009 09:51:12 -0400

eglibc (2.9-13) unstable; urgency=low

  * debian/debhelper.in/nscd.init: fix return code when querying status
    and nscd is not running to comply with LSB.  Closes: #527883.
  * debian/debhelper.in/locales.config: don't use "echo -e".  Closes:
    #527945, #529173.
  * debian/patches/localedata/supported.diff: add kk_KZ.RK1048 locale.
    Closes: #528177.
  * debian/debhelper.in/locales.config: use previous debconf settings if
    /etc/environment and /etc/default/locale do not exist.
  * debian/bug/locales/presubj: fix a typo.  Closes: #528353.
  * debian/local/manpages/validlocale.8: fix a typo.  Closes: #528658.
  * debian/patches/any/cvs-sunrpc-license.diff: new patch from upstream
    to change the SUNRPC license into BSD one. Update debian/copyright
    accordingly.  Closes: #382175.
  * debian/patches/any/submitted-tst-cpucount.diff: new patch to fix
    tst-cpucount test on non Linux kernels.
  * kfreebsd/local-sysdeps.diff: update to revision 2545 (from glibc-bsd).
  * debian/patches/kfreebsd/local-config_h_in.patch: new patch to correctly
    define __KFREEBSD_KERNEL_VERSION.
  * debian/sysdeps/kfreebsd.mk: bump minimal kernel version to 6.0.
  * debian/debhelper.in/libc.NEWS: detail the exact line that has to be
    added to /etc/resolv.conf.

 -- Aurelien Jarno <aurel32 op debian.org>  Tue, 26 May 2009 13:45:58 +0200

eglibc (2.9-12) unstable; urgency=low

  [ Petr Salinger ]
  * kfreebsd/local-sysdeps.diff: update to revision 2503 (from glibc-bsd).

  [ Aurelien Jarno ]
  * any/local-revert-3270.diff: new patch to revert fix for PR nptl/3270.
    (closes: bug#527541).

 -- Aurelien Jarno <aurel32 op debian.org>  Fri, 08 May 2009 11:57:16 +0200

eglibc (2.9-11) unstable; urgency=low

  * Switch to Embedded GLIBC (EGLIBC), sources taken from the 2.9
    branch.
    - Update all/submitted-readme-version.diff.
    - Update any/local-bashisms.diff.
    - Update any/cvs-bz9697-posix-regcomp.diff.
    - Update any/cvs-binutils_2.20.diff.
    - Drop any/local-makeconfig.diff.
    - Drop any/submitted-getcwd-sys_param_h.diff (merged in eglibc).
    - Add any/submitted-cross-zic.diff to fix biarch builds.
    - Add any/submitted-nss-nsswitch.diff to fix linuxthreads builds.
    - Add any/submitted-install-map-files.diff to fix GNU/Hurd builds.
    - More tests of flavour/biarch builds are run, update the expected
      testsuite results accordingly.
    - Rename glibc-source package into eglibc-source.

 -- Aurelien Jarno <aurel32 op debian.org>  Tue, 05 May 2009 09:54:14 +0200

glibc (2.9-10) unstable; urgency=low

  [ Samuel Thibault ]
  * hurd-i386/local-pthread_posix-option.diff: Set _POSIX_TIMEOUTS to 200112
    too, to fix gthread compilation in gcc-4.4

  [ Petr Salinger ]
  * fix up GNU/kFreeBSD specific macro LIST_FOREACH_SAFE.

  [ Aurelien Jarno ]
  * any/cvs-broken-dns.diff: backport more parts from upstream.
  * any/submitted-broken-dns.diff: new patch to not raise an error if one
    query returns NOTIMP or FORMERR and the other NOERROR.  Closes: #526823.

 -- Aurelien Jarno <aurel32 op debian.org>  Tue, 05 May 2009 01:39:50 +0200

glibc (2.9-9) unstable; urgency=low

  * mips/cvs-context.diff: add missing part from upstream.

 -- Aurelien Jarno <aurel32 op debian.org>  Tue, 28 Apr 2009 23:11:30 +0200

glibc (2.9-8) unstable; urgency=low

  [ Aurelien Jarno ]
  * Update Swedish debconf translation, by Martin Bagger.  Closes: #522982.
  * mips/cvs-context.diff: new patch from upstream to add getcontext,
    setcontext, makecontext, swapcontext.
  * any/submitted-mount_h.diff: new patch to add MNT_DETACH and MNT_EXPIRE to
    sys/mount.h.  Closes: #523952.
  * arm/submitted-fpu_control_h.diff: new patch to disable macros from
    <fpu_control.h> on EABI.  Closes: #525261.
  * any/cvs-iconv-utf16.diff: new patch from upstream to reject UTF-8-encoded
    UTF-16 surrogates in iconv.  Closes: #525299.
  * any/local-getaddrinfo-interface.diff: ignore addresses with no interface
    assigned while sorting with rule 7.  Closes: #521439.
  * any/cvs-broken-dns.diff: new patch from CVS to provide a fallback for
    broken DNS server while doing unified IPv4/IPv6 requests. The first lookup
    will be slow, but subsequent requests will fallback to the previous
    behaviour. This can be enabled by default by setting 'single-request' in
    /etc/resolv.conf.
  * debhelper.in/libc.NEWS: add entry explaining the new behaviour and the new
    option.
  * any/local-disable-gethostbyname4.diff: disabled this patch to re-enable
    unified IPv4/IPv6 requests.  Closes: bug#343140, bug#435646.
  * localedata/cvs-el_CY-el_GR-frac_digits.diff: new patch from CVS to fix
    frac_digits and int_frac_digits on el_CY ad el_GR locales.  Closes:
    bug#511621.
  * mips_asm_unistd.h, sysdeps/mipsel.mk, sysdeps/mips.mk: use our own version
    of unistd.h corresponding to the one of a 2.6.24 kernel to workaround kernel
    bugs on the build daemons.
  * any/cvs-binutils_2.20.diff: new patch from upstream to fix build failure
    with binutils 2.20.

  [ Petr Salinger ]
  * kfreebsd/local-sysdeps.diff: update to revision 2482 (from glibc-bsd).
    Closes: #522686. Thanks to Jan Christoph Nordholz.

  [ Samuel Thibault ]
  * hurd-i386/cvs-rtld.diff: new patch, fixes boot of glibc built with
    binutils >= 2.19.

 -- Aurelien Jarno <aurel32 op debian.org>  Mon, 27 Apr 2009 00:44:59 +0200

glibc (2.9-7) unstable; urgency=low

  [ Aurelien Jarno ]
  * Update German debconf translation, by Helge Kreutzman.  Closes: #519992.
  * Update testsuite results on alpha, tst-timer.out exits with SIGILL on
    some machines, it was already the case with glibc 2.7 on the same
    machines.
  * Update testsuite results on hppa, tst-posix_fallocate.out and
    tst-makecontext.out are known to fail with a 32-bit kernel.
  * debian/script.in/nsscheck.sh: fix a typo.  Closes: #520455.
  * kfreebsd/local-sysdeps.diff: update to revision 2390 (from glibc-bsd).
  * libc6.1.symbols.alpha: fix package name for private symbols.

  [ Samuel Thibault ]
  * debian/rules.d/debhelper.mk: let grep libpthread.so fail because on
    hurd-i386 glibc does not provide it.

 -- Aurelien Jarno <aurel32 op debian.org>  Tue, 07 Apr 2009 07:58:50 +0200

glibc (2.9-6) unstable; urgency=low

  [ Samuel Thibault ]
  * debian/patches/hurd-i386/local-tls-support.diff: fix typo in tlsdesc.sym.

  [ Aurelien Jarno ]
  * debian/po/de.po: fix German translation.  Closes: bug#519612.
  * Update French debconf translation, by Christian Perrier.  Closes: #519662.
  * any/local-disable-gethostbyname4.diff: disable unified lookup for
    getaddrinfo(). While unified lookup fix the problem of DNS servers simply
    dropping AAAA requests, it breaks lookup with even more broken DNS servers
    only returning a broken AAAA answer. As it seems the second type of broken
    DNS concerns more users, let's revert to the old behaviour.  Closes:
    #516218.
  * any/submitted-getaddrinfo-lo.diff: correctly handle the lo interface and
    associated addresses when checking for native connection.  Closes:
    bug#519545.
  * debian/control.in/libc: change -dbg packages to section debug.
  * debian/control.in/main: update Standards-Version to 3.8.1:
    - debian/local/etc_init.d/glibc.sh: move set -e out from the shebang line.
    - debian/debhelper.in/nscd.init: exit successfully if the daemon was
      already running.
  * debian/debhelper.in/nscd.dirs: remove /var/run/nscd directory.

 -- Aurelien Jarno <aurel32 op debian.org>  Sun, 15 Mar 2009 21:22:48 +0100

glibc (2.9-5) unstable; urgency=low

  [ Clint Adams ]
  * Change first day of the week in ru_UA locale to Monday.  closes:
    #517386.

  [ Aurelien Jarno ]
  * testsuite-checking/expected-results-i486-linux-gnu-libc,
    testsuite-checking/expected-results-i686-linux-i686: remove
    testgrp.out from the ignore list, it was due to a misconfiguration
    of the build daemon.
  * debhelper.in/libc.{preinst,postint}: bump the version triggering the
    restart of NSS related services to 2.9-5.
  * debhelper.in/libc.postint: change cupsys into cups.
  * script.in/nsscheck.sh: convert mysql-server into mysql. Closes:
    bug#172123.
  * merge lost patch from lenny:
    - debhelper.in/locales.config: use previous debconf settings if
      /etc/locales does not exists. Closes: bug#517884.
  * debian/local/manpages/ld.so.8: fix a typo.  Closes: bug#518394.
  * debhelper.in/libc.preinst, debhelper.in/libc.templates: warn users
    about the need to disable xscreensaver and xlockmore before libc6
    is unpacked.  Closes: bug#517795.

  [ Samuel Thibault ]
  * debian/patches/hurd-i386/cvs-ECANCELED.diff: rename into
    submitted-ECANCELED.diff
  * debian/patches/hurd-i386/local-net-headers.diff: rename into
    cvs-net-headers.diff
  * debian/patches/hurd-i386/local-pthread_types.diff: make it create a new
    sysdep/mach/hurd/bits/pthreadtypes.h instead of modifying
    bits/pthreadtypes.h.  Move from series.hurd-i386 to series.
  * debian/patches/hurd-i386/local-tls-dtv-offset.diff: remove patch, make
    local-tls-support.diff create tlsdesc.sym instead.
  * debian/patches/hurd-i386/local-no-strerror_l.diff: remove patch, replaced
    by...
  * debian/patches/hurd-i386/cvs-strerror_l.diff: new patch from Thomas
    Schwinge.

 -- Aurelien Jarno <aurel32 op debian.org>  Thu, 12 Mar 2009 00:13:02 +0100

glibc (2.9-4) unstable; urgency=low

  * testsuite-checking/expected-results-ia64-linux-gnu-libc: ignore
    result of tst-oddstacklimit.out, it is known to fail with old
    kernels, just like in glibc 2.7.
  * debian/debhelper.in/libc{-alt,-otherbuild,}.lintian: remove outdated
    overrides.
  * debhelper.in/libc.postinst: restart NSS services on upgrades from
    versions prior to 2.9-1.
  * testsuite-checking/expected-results-arm-linux-gnueabi-libc: ignore
    result of test-fenv.out and test-fpucw.out, as they were already
    failing with glibc 2.7.
  * patches/any/submitted-futex_robust_pi.diff: new patch to correctly
    define when PI futexes and robust mutexes have been introduced
    in the kernel, on a per architecture basis.
  * testsuite-checking/expected-results-{alpha,ia64}-linux-gnu-libc:
    remove PI futexes failures.
  * patches/all/submitted-readme-version.diff: fix the upstream version
    number in upstream README.  Closes: bug#516908.
  * debian/rules.d/build.mk: disable the testsuite on ball/mayr/mayer/rem
    build daemons.
  * debian/rules.d/info.mk: new file to dump useful info in the build log.
  * debian/rules: always define and export SHELL as "/bin/bash -e".
    Closes: bug#517077.
  * patches/any/cvs-bz7058-nss_nss-nis.diff: new patch to fix crash when
    doing host lookup with nss-nis.  Closes: bug#517094.
  * Add debian/libc6-mips{n32,64}.symbols.mips{el,} symbol files.
  * debian/debhelper.in/glibc-source.install, debian/rules.d/build.mk:
    switch the format of glibc-source to lzma, sparing 6MB.
  * debian/libc6.1.symbols.{alpha,ia64}: fix symbols.
  * debian/*symbols*: rename symbols.common into libc6.symbols.common.
  * rules.d/debhelper.mk: don't strip debugging symbols. Remove
    debhelper.in/libc-dbg.{install,lintian} and wrapper/objcopy.
    control.in/libc: update description of libc-dbg.  Closes: bug#516516.
  * patches/kfreebsd/local-scripts.diff: correctly define the soname of
    libthread_db.
  * libc0.1.symbols.common, libc0.1.symbols.kfreebsd-{amd64,i386],
    libc0.1-i386.symbols.kfreebsd-amd64: new files.

 -- Aurelien Jarno <aurel32 op debian.org>  Fri, 27 Feb 2009 19:01:26 +0100

glibc (2.9-3) unstable; urgency=low

  * debhelper.in/nscd.init: fix the for loop.  Closes: bug#516509.

 -- Aurelien Jarno <aurel32 op debian.org>  Sat, 21 Feb 2009 11:40:24 +0100

glibc (2.9-2) unstable; urgency=low

  [ Aurelien Jarno ]
  * testsuite-checking/*: ignore tst-cpuclock2 test, as it fails on
    machines using cpufreq.
  * Rename submitted/cvs-tsd.diff into hppa/cvs-tsd.diff.
  * patches/any/local-bashisms.diff: fix more bashisms in the testsuite.
  * rules.d/build.mk: define SHELL as /bin/bash.
  * patches/any/cvs-pthread_h.diff: patch from upstream to fix warning
    in pthread.h.
  * debhelper.in/libc.preinst: restart NSS services on upgrades from
    versions prior to 2.9-1.
  * debhelper.in/*symbols*, rules.d/debhelper.mk: allow linking against
    private symbols again, but with a strict dependency on the upstream
    version.
  * debhelper.in/nscd.init: fix cache flushing on restart/reload.  Closes:
    bug#516212.

  [ Petr Salinger ]
  * kfreebsd/local-sysdeps.diff: update to revision 2370 (from glibc-bsd).
  * drop kfreebsd/local-sysdeps28.diff (merged into local-sysdeps.diff).

 -- Aurelien Jarno <aurel32 op debian.org>  Fri, 20 Feb 2009 22:25:19 +0100

glibc (2.9-1) unstable; urgency=low

  [ Aurelien Jarno ]
  * New upstream release.
    - This version has been tagged in the CVS, update debian/rules and
      debian/rules.d/tarball.mk accordingly.
    - shs_CA locale is enabled.  Closes: #504663.
    - fix snprintf with low-memory.  Closes: #481543.
    - fix mtrace warning message.  Closes: #507488.
    - Disable m68k/local-mathinline_h.diff.
    - Update any/local-bashisms.diff.
    - Update hurd-i386/local-tls-support.diff.
    - Update localedata/locale-en_DK.diff.
    - Update localedata/sort-UTF8-first.diff.
    - Update localedata/supported.diff.
    - Update localedata/first_weekday.diff.
    - Remove all/submitted-iconv-latin9.diff (merged).
    - Remove any/submitted-user_h.diff (merged).
    - Remove any/cvs-bug-iconv6_tst-iconv7.diff (merged).
    - Remove any/cvs-getaddrinfo.diff (merged).
    - Remove any/cvs-iconv-braces.diff (merged).
    - Remove any/cvs-nscd-getservbyport.diff (merged).
    - Remove any/cvs-regex_anchor.diff (merged).
    - Remove any/cvs-tst-regex.diff (merged).
    - Remove any/submitted-rpcgen-makefile.diff (merged).
    - Remove hppa/cvs-context.diff (merged).
    - Remove hppa/submitted-atomic_h.diff (merged).
    - Remove hppa/submitted-fesetenv.diff (merged).
    - Remove hurd-i386/cvs-lock-memory-clobber.diff (merged).
    - Remove hurd-i386/cvs-mig-init.diff (merged).
    - Remove hurd-i386/cvs-MSG_NOSIGNAL.diff (merged).
    - Remove hurd-i386/cvs-open_2.diff (merged).
    - Remove hurd-i386/cvs-signal-werror.diff (merged).
    - Remove hurd-i386/cvs-termios.diff (merged).
    - Remove hurd-i386/cvs-fcntl-types.diff (merged).
    - Remove mips/local-setjmp.diff (merged).
    - Remove sparc/cvs-context.diff (merged).
    - Remove localedata/locale-ks_IN.diff (replaced upstream by
      ks_IN op devanagari).
    - debian/shlibver: bump to 2.9.
    - debian/locales-depver: bump to 2.9.
    - debian/sysdeps/depflags.pl: add a conflict on nscd (<< 2.9) to libc.
    - Finnish (fi_FI) time format is fixed.  closes: #468849.
  * debhelper.in/locales.config: convert ks_IN into ks_IN op devanagari.
  * symbols.wildcards: update for glibc 2.9.
  * debhelper.in/*.lintian: update for glibc 2.9.
  * testsuite-checking/compare.sh: don't assume expected and current
    testsuite results in same order.  Closes: bug#504031.
  * testsuite-checking/expected-results-powerpc64-linux-ppc64: update.
  * debian/local/etc_init.d/glibc.sh: add Description and Short-Description.
    Closes: bug#510083.
  * Remove manpage that will be provided by manpages-dev.  Closes: bug#506515,
    bug#505784.
  * debian/copyright: update.  Closes: bug#506881.
  * any/submitted-popen.diff: new patch from Gentoo to fix popen() on >= 2.6.27
    kernels.  Closes: bug#512238.
  * arm/submitted-setjmp.diff: new patch to fix build on arm.
  * debian/rules: set BUILD_CC (host compiler) to gcc, and set CC (target
    compiler) to gcc-4.3. The later can be override on a per target basis.
  * debian/rules.d/build.mk: enable stackguard randomization.  Closes:
    bug#511811.
  * expected-results-i486-linux-gnu-libc, expected-results-i686-linux-i686:
    Add tests that fail on a Xen machine. Sigh.
  * any/local-linuxthreads-thread_self.diff: new patch to fix a warning on
    linuxthreads builds.
  * rules.d/build.mk: unset LANG to make sure testsuite errors are not
    localized.
  * debian/rules: remove *.mo file in the clean target.
  * sysdeps/alpha.mk, control.in/main: use gcc-4.3 on alpha.
  * debhelper.in/locales.postinst: make sure /etc/default/locale is always
    created.  Closes: bug#515099.
  * debian/wrapper/objcopy: apply special strip to libraries only.  Closes:
    bug#513882.
  * debian/localedata/locale-fr_FR.diff: revert change of week of day and
    month abbreviations in fr_FR locale.  Closes: bug#509191.

  [ Clint Adams ]
  * patches/any/cvs-bz697-posix-regexec.diff: regex fix from Paolo Bonzini.
  * patches/any/cvs-bz9697-posix-regcomp.diff: regex fix from Paolo Bonzini,
    closes: #510219.
  * patches/localedata/submitted-bz9725-locale-sv_SE.diff: fix from David
    Weinehall for incorrect sv_SE date format.  closes: #489960.
  * patches/any/cvs-bz9706-nss_nss-files_files-parse.diff: unify NSS
    behavior between 32-bit and 64-bit platforms.  addresses: #483645.
  * localedata/submitted-bz9730-locale-sv_FI.diff: make sv_FI time format
    conform to that of fi_FI.  closes: #489946.
  * Rename patches/localedata/el_CY_euro.diff to
    patches/localedata/submitted-bz9731-el_CY_euro.diff.
  * Rename patches/localedata/dz_BT-collation.diff to
    patches/localedata/submitted-bz9732-dz_BT-collation.diff.
  * patches/localedata/submitted-bz9835-en_GB-first_day.diff: new patch to
    fix first_weekday and first_workday for en_GB.  closes: #512343.

  [ Arthur Loiret ]
  * patches/any/local-nss-overflow.diff: new patch to ignore uids and gids
    greater than UINT_MAX.  Closes: #483645.
  * patches/hppa/submitted-tsd.diff: new patch from to fix build on hppa.
    Closes: #511430.

  [ Petr Salinger ]
  * kfreebsd/local-sysdeps.diff: update to revision 2352 (from glibc-bsd).
  * add kfreebsd/local-linuxthreads29.diff:
    update to fix build on kfreebsd architectures.

  [ Samuel Thibault ]
  * hurd-i386/cvs-resource-prio.diff: new patch to fix detection of PRIO_*
    values in some packages
  * hurd-i386/cvs-hurdsig-fix.diff: new patch to fix hurd signal FD locking.
  * hurd-i386/cvs-report-wait-fix.diff: patch from CVS instead of
    hurd-i386/submitted-report-wait.diff.
  * hurd-i386/submitted-critical-sections.diff: new patch to fix some missing
    critical sections.
  * hurd-i386/submitted-dup2-fix.diff: new patch to fix dup2 FD locking.
  * hurd-i386/local-net-headers.diff: new patch to install net/*.h headers.
  * hurd-i386/local-tls-dtv-offset.diff: new patch to fix DTV_OFFSET macro.
  * hurd-i386/local-pthread_posix-option.diff: put back to series.
  * hurd-i386/local-check_native.diff: new patch to provide a dummy
    __check_native() function.
  * hurd-i386/cvs-get_pc_thunk.diff: new patch to fix missing
    __i686.get_pc_thunk.bx reference.
  * hurd-i386/submitted-dl-sysdep.diff: new patch to fix static linking.
  * hurd-i386/submitted-stat.diff: clean up patch.
  * hurd-i386/submitted-itimer-lock.diff: new patch fixing itimer unlocking.

 -- Aurelien Jarno <aurel32 op debian.org>  Tue, 17 Feb 2009 22:49:15 +0100

glibc (2.8+20080809-3) experimental; urgency=low

  [ Aurelien Jarno ]
  * New upstream release.
    - Fix conversions to ISO-2022-JP.  Closes: #466340.
    - "Tarballs are a completely outdated concept":
      + use a flat .orig.tar.gz
      + rules.d/tarball.mk: remove all, add a get-orig-source target
      + rules.d/quilt.mk: fix the unpatch target
    - Update any/cvs-getaddrinfo.diff.
    - Update any/submitted-i686-timing.diff.
    - Update hurd-i386/cvs-lock-memory-clobber.diff.
    - Update kfreebsd/local-sys_queue_h.diff
    - Update locale/preprocessor-collate-uli-sucks.diff
    - Update localedata/tailor-iso14651_t1.diff.
    - Update localedata/locales-fr.diff.
    - Update localedata/cy_GB-first_weekday.diff.
    - Update localedata/fr_BE-first_weekday.diff.
    - Update localedata/fr_CA-first_weekday.diff.
    - Update localedata/fr_CH-first_weekday.diff.
    - Update localedata/fr_LU-first_weekday.diff.
    - Remove alpha/submitted-xstat.diff (outdated).
    - Remove amd64/cvs-vdso_clock_gettime.diff (merged).
    - Remove arm/cvs-ioperm.diff (merged).
    - Remove arm/cvs-gcc4-inline.diff (merged).
    - Remove arm/local-args6.diff (merged).
    - Remove arm/submitted-RTLD_SINGLE_THREAD_P.diff (merged).
    - Remove hppa/cvs-atomic.diff (merged).
    - Remove hppa/cvs-lowlevellock.diff (merged).
    - Remove hurd-i386/cvs-kernel-features.diff (merged).
    - Remove hurd-i386/cvs-O_CLOEXEC_fix.diff (merged).
    - Remove hurd-i386/cvs-epfnosupport.diff (merged).
    - Remove hurd-i386/cvs-df.diff (merged).
    - Remove hurd-i386/cvs-blocked-exceptions.diff (merged).
    - Remove i386/cvs-short-for-fnstsw.diff (merged).
    - Remove mips/cvs-memory-barriers.diff (merged).
    - Remove mips/cvs-mknod.diff (merged).
    - Remove mips/cvs-fcsr.diff (merged).
    - Remove mips/cvs-mipsn32.diff (merged).
    - Remove sh4/cvs-nptl-private-futexes.diff (merged).
    - Remove all/cvs-gai_conf.diff (merged).
    - Remove any/cvs-epoll_h.diff (merged).
    - Remove any/cvs-ether_line.diff (merged).
    - Remove any/cvs-ethertype.diff (merged).
    - Remove any/cvs-fchmodat.diff (merged).
    - Remove any/cvs-gcc-4.3.diff (merged).
    - Remove any/cvs-iconv-iso2022jp-loop-bug.diff (merged).
    - Remove any/cvs-isoc99_vscanf.diff (merged).
    - Remove any/cvs-rfc3484.diff (merged).
    - Remove any/cvs-sched_h.diff (merged).
    - Remove any/cvs-strerror_r.diff (merged).
    - Remove any/local-strfry.diff (merged).
    - Remove any/cvs-strtod.diff (merged).
    - Remove any/cvs-tzfile.diff (merged).
    - Remove any/cvs-vfscanf.diff (merged).
    - Remove any/cvs-sunrpc_rpc_thread.diff (merged).
    - Remove any/cvs-wchar_h.diff (merged).
    - Remove any/local-dl-execstack.diff (outdated).
    - Remove any/local-gcc4-wcstol_l.diff (outdated).
    - Remove any/local-ip6-localhost.diff (fixed differently).
    - Remove any/local-notls.diff (outdated).
    - Remove any/submitted-ieee754_h.diff (merged).
    - Remove any/submitted-link-local_resolver.diff (merged).
    - Remove localedata/cvs-locale-ig_NG.diff (merged).
    - Remove localedata/cvs-locale-lo_LA.diff (merged).
    - Remove localedata/cvs-locale-ug_CN.diff (merged).
    - Remove localedata/locale-es_CR.diff (merged).
    - Remove localedata/locale-pt_PT.diff (merged).
    - Add patches/alpha/submitted-creat64.diff from Gentoo.
    - Add patches/alpha/submitted-dl-support.diff from Gentoo.
    - debian/shlibver: bump to 2.8.
    - debian/locales-depver: bump to 2.8.
  * Convert all patch to patchlevel -p1.  Closes: #485165.
  * debian/rules.d/quilt.mk: add a refresh target.
  * local/manpages/*: fix comments to make lintian happy.
  * locale/check-unknown-symbols.diff: changes errors to warnings.
  * debian/control.in/main: update Standards-Version to 3.8.0:
    - Add debian/README.source.
  * debian/rules, debian/rules.d/build.mk, debian/testsuite-checking/*:
    implement regression check, based on a patch from Carlos O'Donell.
  * testsuite-checking/expected-results-alpha-linux-gnu-libc: new file.
  * testsuite-checking/expected-results-alphaev67-linux-alphaev67: new file.
  * testsuite-checking/expected-results-arm-linux-gnueabi-libc: new file.
  * testsuite-checking/expected-results-hppa-linux-gnu-libc: new file.
  * testsuite-checking/expected-results-i486-kfreebsd-gnu-libc: new file.
  * testsuite-checking/expected-results-i486-linux-gnu-libc: new file.
  * testsuite-checking/expected-results-i686-kfreebsd-i386: new file.
  * testsuite-checking/expected-results-i686-kfreebsd-i686: new file.
  * testsuite-checking/expected-results-i686-linux-i386: new file.
  * testsuite-checking/expected-results-i686-linux-i686: new file.
  * testsuite-checking/expected-results-i686-linux-xen: new file.
  * testsuite-checking/expected-results-ia64-linux-gnu-libc: new file.
  * testsuite-checking/expected-results-mips-linux-gnu-libc: new file
  * testsuite-checking/expected-results-mips32-linux-mipsn32: new file.
  * testsuite-checking/expected-results-mips64-linux-mips64: new file.
  * testsuite-checking/expected-results-mips32el-linux-mipsn32: new file.
  * testsuite-checking/expected-results-mips64el-linux-mips64: new file.
  * testsuite-checking/expected-results-mipsel-linux-gnu-libc: new file.
  * testsuite-checking/expected-results-powerpc-linux-gnu-libc: new file.
  * testsuite-checking/expected-results-powerpc64-linux-ppc64: new file.
  * testsuite-checking/expected-results-s390-linux-gnu-libc: new file.
  * testsuite-checking/expected-results-s390x-linux-s390x: new file.
  * testsuite-checking/expected-results-sparc64-linux-sparc64: new file.
  * testsuite-checking/expected-results-sparc-linux-gnu-libc: new file.
  * testsuite-checking/expected-results-sparcv9b-linux-sparcv9b: new file.
  * testsuite-checking/expected-results-x86_64-kfreebsd-gnu-libc: new file.
  * testsuite-checking/expected-results-x86_64-linux-amd64: new file.
  * testsuite-checking/expected-results-x86_64-linux-gnu-libc: new file.
  * control.in/main: build-depends on dpkg (>= 1.14.17).
  * Add symbols files for the various libraries, based on a patch by
    Raphaël Hertzog.  Closes: #462444.
  * localedata/supported.diff: sort locales by alphabetical order.  Closes:
    #493231.
  * debian/rules, debian/rules.d/build.mk, debian/sysdeps.mk/*: use a common
    huge TIMEOUTFACTOR for all architectures.
  * debian/sysdeps/mipsel.mk: use the correct triplet for mipsn32 and mips64
    builds.
  * debian/sysdeps/kfreebsd-amd64.mk: remove wrong symlink /lib32/lib32.
  * debian/sysdeps/amd64.mk,kfreebsd-amd64.mk: enable i686 optimizations.
  * debhelper.in/locales-all.prerm, debhelper.in/locales.postinst: remove
    prepended path.
  * debian/sysdeps/hppa.mk: use relative symlinks for hppa64 include
    directories.
  * patches/all/submitted-iconv-latin9.diff: add latin9 as an alias to
    latin-9 for consistency with other charsets.  Closes: #497449.
  * rules, rules.d/build.mk, debhelper.in/glibc-doc.manpages: install
    preprocessed manpages instead of raw ones.
  * debian/sysdeps/*.mk, script.in/kernelcheck.sh: bump minimal kernel
    version to 2.6.18.  Closes: #499689.
  * debian/control.in/main: add Vcs-Svn and Vcs-Browser field.  Closes:
    #499769.
  * debian/sysdeps/depflags.pl: add a conflict on nscd (<< 2.8) to libc
    Closes: #498516).
  * rules, rules.d/build.mk, debhelper.in/glibc-doc.manpages: install the
    generated manpages.
  * any/cvs-bug-iconv6_tst-iconv7.diff: new patch from upstream to fix
    bug-iconv6 and tst-iconv7 when the locales package is not installed.

  [ Petr Salinger ]
  * add any/local-linuxthreads-ptw.diff. Closes: #494908.
  * add kfreebsd/local-sysdeps28.diff, glibc 2.8 specific kfreebsd sysdeps.

  [ Samuel Thibault ]
  * Add hurd-i386/submitted-report-wait.diff.

 -- Aurelien Jarno <aurel32 op debian.org>  Sat, 25 Oct 2008 21:22:39 +0200

exim4 (4.72-6+squeeze3) stable-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * CVE-2012-5671: Fix heap-based buffer overflow in DKIM handling.

 -- Nico Golde <nion op debian.org>  Thu, 25 Oct 2012 08:43:03 +0000

exim4 (4.72-6+squeeze2) stable-security; urgency=low

  * [83_dkimexpand.diff] Pulled from upstream git. Do not use string expansion
    on DKIM domain or identity. CVE-2011-1407.

 -- Andreas Metzler <ametzler op debian.org>  Thu, 12 May 2011 19:05:10 +0200

exim4 (4.72-6+squeeze1) stable-security; urgency=high

  * [82_dkimpercent.diff] Pulled from upstream git. Don't pass DKIM compound
    log line as format string. CVE-2011-1764. Closes: #624670

 -- Andreas Metzler <ametzler op debian.org>  Thu, 05 May 2011 19:11:00 +0200

exim4 (4.72-6) unstable; urgency=high

  * 80_4.74_filtertesting.diff: Do not abort when setgid fails if privileges
    were dropped. This fixes a regression from 4.72-2, it was not possible to
    test filter files with exim4 -bf anymore.

 -- Andreas Metzler <ametzler op debian.org>  Mon, 31 Jan 2011 19:05:48 +0100

exim4 (4.72-5) unstable; urgency=medium

  * 80_4.74_deliverylogging.patch (Pulled from upstream git): If a non-debug
    daemon was invoked with a non-whitelisted macro, then logs from after
    attempting delivery would be silently lost, including for successful
    delivery.  This log-loss bug was introduced as part of the security
    lockdown for fixing CVE-2010-4345. Closes: #610611

 -- Andreas Metzler <ametzler op debian.org>  Sat, 29 Jan 2011 14:33:36 +0100

exim4 (4.72-4) unstable; urgency=medium

  * In spf example use spf-tools-perl's spfquery instead of the one from
    libmail-spf-query-perl. Do not try to use unimplemented best-guess
    support. Update Suggests accordingly. Closes: #608336
  * 80_4.74_CVE-2011-0017.patch (Pulled from upstream git): Check return
    values of setgid/setuid. This is a privilege escalation vulnerability
    whereby the Exim run-time user can cause root to append content of the
    attacker's choosing to arbitrary files.

 -- Andreas Metzler <ametzler op debian.org>  Sat, 22 Jan 2011 17:48:19 +0100

exim4 (4.72-3) unstable; urgency=low

  * [README.Debian*] Correct command for manual paniclog rotation. (Thanks,
    Jörg Sommer) Closes: #602188
  * 67_unnecessaryCopt.diff: Do not use exim's -C option in utility scripts.
    This would not work with ALT_CONFIG_PREFIX.
  * Pull changes related to fixing CVE-2010-4345 from exim 4.73 rc1.
    Closes: #606527
    + 1_cfile_norw_eximuid: Don't allow a configure file which is writeable by
      the Exim user or group.
    + 2_permcheck_configurefile: Check configure file permissions even for
      non-default files if still privileged.
    + 3_remove_ALT_CONFIG_ROOT_ONLY: Remove ALT_CONFIG_ROOT_ONLY build option,
      effectively making it always true.
    + 4_FD_CLOEXEC: Set FD_CLOEXEC on SMTP sockets after forking in the
      daemon, to ensure  that rogue child processes cannot use them.
    + 5_TRUSTED_CONFIG_LIST: Add TRUSTED_CONFIG_LIST compile option.
    + 6_nonroot_system_filter_user: If the system filter needs to be run as
      root, let that be explicitly configured.  The default is now the Exim
      run-time user.
    + 7_filter_D_option: Add a (compiletime) whitelist of acceptable values
      for the -D option.
    + 8_updatedocumentation: Update documentation to reflect the changes.
  * Build with WHITELIST_D_MACROS=OUTGOING. Post patch 7_filter_D_option exim
    will not regain root privileges (usually necessary for local delivery) if
    the -D option was used. Macro identifiers listed in WHITELIST_D_MACROS are
    exempted from this restriction. mailscanner (4.79.11-2.2) uses -DOUTGOING.
  * Build with TRUSTED_CONFIG_LIST=/etc/exim4/trusted_configs. Post patch
    3_remove_ALT_CONFIG_ROOT_ONLY exim will not re-gain root privileges
    (usually necessary for local delivery) if the -C option was used. This
    makes it impossible to start a fully functional damon with an alternate
    configuration file. /etc/exim4/trusted_configs (can) contain a list of
    filenames (one per line, full path given) to which this restriction does
    not apply.

 -- Andreas Metzler <ametzler op debian.org>  Sun, 26 Dec 2010 15:13:08 +0100

exim4 (4.72-2) unstable; urgency=low

  [ Marc Haber ]
  * Apply patch to russian (ru) debconf template, thanks to Тим
    Алексеевский and Tim Alexeevsky. Closes: #576202
  * fix exim4-config_files man page, mention
    {host|sender}_local_deny_exceptions instead of
    local_{host|sender}_whitelist. Thanks to Fabien André in #578176
  * add !acl = acl_local_deny_exceptions to defer stanzas in SPF code.
    Thanks to Fabien André. Closes: #578176
  * Re-work config.autogenerated header to more exactly reflect
    configuration source. (mh) Closes: #593984
  
  [ Andreas Metzler ]
  * Fix getopt invocation to make update-exim4.conf.template -o work. (Thank
    you Matthew W. S. Bell) Closes: #590333
  * 40_dkimnotinpaniclog.diff pulled from upstream git. Stop logging
    non-critical DKIM errors in paniclog. Closes: #567876
  * Debconf translations:
    - Danish. Closes: #592792

 -- Andreas Metzler <ametzler op debian.org>  Sat, 30 Oct 2010 13:38:26 +0200

exim4 (4.72-1) unstable; urgency=low

  * New upstream release. (Identical to the git snapshot previously 
    uploaded to experimental.)

 -- Andreas Metzler <ametzler op debian.org>  Thu, 03 Jun 2010 17:42:52 +0200

exim4 (4.72~20100529-1) experimental; urgency=low

  * Git snapshot 20100529.
    + Fix documentation for exipick -bpra. #574778
    + CVE-2010-2024: Protect against symlink attacks on MBX lockfile in /tmp.
      (Debian's default configuration does not use MBX format, but the
      exim4-daemon-heavy binary supports MBX.)
    + CVE-2010-2023 Prevent hardlink attack on mbox sticky mail directory.
      (Probably not relevant for Debian systems at all, since the mail spool
      is 2775 root:mail.)
    + Dovecot authenticator ignores unknown keywords, making it compatible
      with version 1.1 of Dovecot authentication protocol. (= dovecot 2.0).
    See Changelog for complete list.
   * Drop patches included upstream: 36_typoinexipick.diff
     20_PDKIM-Upgrade-PolarSSL.diff.

 -- Andreas Metzler <ametzler op debian.org>  Sun, 30 May 2010 14:01:52 +0200

exim4 (4.71-4) unstable; urgency=low

  * Drop unneeded lintian overrides.
    + description-contains-homepage
    + debian/source.lintian-overrides dbg-package-missing-depends exim4-dbg.
    + partially-translated-question
    + maintainer-script-needs-depends-on-update-inetd
    + possible-bashism-in-maintainer-script
    + binary-without-manpage
    + possible-debconf-note-abuse
    + changelog-not-compressed-with-max-compression
  * Lintian informational hints:
    + hyphen-used-as-minus-sign. debian/manpages/exim4-config_files.5
      debian/manpages/update-exim4.conf.8 debian/manpages/exiwhat.8
  * Use dh_lintian.
  * Fix sourcing of lsb-functions in init-script. Test for existence of
    /usr/lib/exim4/exim4 first. Unconditionally read /lib/lsb/init-functions.
    If they are not present the package's dependencies are not installed.
    Bump dependency on lsb-base to 3.0-6. (log_action_*)
  * Update reference to spec.txt in README.Debian. Closes: #568051
  * Invoke spfquery as spfquery.mail-spf-query-perl. There are three different
    implementations of spfquery in Debian, with incompatible commandline
    switches and different exit codes. Closes: #573956

 -- Andreas Metzler <ametzler op debian.org>  Thu, 25 Mar 2010 17:34:30 +0100

exim4 (4.71-3) unstable; urgency=low

  * exim4-base.cron.daily: Do not run exim_tidydb on Berkeley DB logfiles.
    Closes: #501892
  * exim4-base.postinst: If exim_dumpdb fails to read a hints-db also remove
    Berkeley DB logfiles.
  * Switch to Berkeley DB 4.8 (from 4.6). Zap hints db on upgrade. Temporarily
    make -daemon packages depend on exim4-base >> 4.71-2. (This can be removed
    after the next upstream release.)
    Closes: #548479
  * control: Drop bzip2 from Build-Depends. Use line-wrapping for
    Build-Depends.
  * 36_typoinexipick.diff: Fix a typo in exipick manpage. (Lintian).
  * exim4-base.postinst: Redirect status message to stderr.

 -- Andreas Metzler <ametzler op debian.org>  Fri, 01 Jan 2010 13:41:44 +0100

exim4 (4.71-2) unstable; urgency=low

  * Pulled from upstream: 20_PDKIM-Upgrade-PolarSSL.diff. Update files copied
    from PolarSSL to 0.12.1.
  * Add example file to set smarthost from /etc/network/interfaces (mh)
  * Add DKIM_* macros on remote smtp transports for setting the corresponding
    dkim_* options.
  * Upload to unstable.

 -- Andreas Metzler <ametzler op debian.org>  Sat, 12 Dec 2009 13:24:21 +0100

exim4 (4.71-1) experimental; urgency=low

  * New upstream version.
    + Drop patches included upstream. 51_dkimrelatedcrash.diff
      51_noreject_unsigned.diff.

 -- Andreas Metzler <ametzler op debian.org>  Sat, 28 Nov 2009 12:03:50 +0100

exim4 (4.70-2) experimental; urgency=low

  * 51_noreject_unsigned.diff Fix a dkim related expansion error that appears
    when the expanded value of dkim_verify_signers winds up empty and
    acl_smtp_dkim is defined. (This has the effect of rejecting any mail
    without DKIM signature.)
  * Work around 490937 by removing CHANGES.

 -- Andreas Metzler <ametzler op debian.org>  Sat, 21 Nov 2009 10:15:41 +0100

exim4 (4.70-1) experimental; urgency=low

  * Point watchfile to ftp.exim.org.
  * Use dpkg-source v3 instead of dpatch, simplifying debian/rules a little
    bit.
  * New upstream version.
    + Pull 51_dkimrelatedcrash.diff fixing a segfault only applying to the
      4.7x series. http://bugs.exim.org/show_bug.cgi?id=912
  * debhelper v7 mode.
    + Use -XCHANGES to Keep dh_installchangelogs v7 from insisting to install
      ./CHANGES as upstream changelog.
    + Bump build-dependency.
    + Use dh_prep instead of dh_clean -k.

 -- Andreas Metzler <ametzler op debian.org>  Sun, 15 Nov 2009 13:10:32 +0100

exim4 (4.70~rc4-1) experimental; urgency=low

  * New upstream version.

 -- Andreas Metzler <ametzler op debian.org>  Wed, 11 Nov 2009 19:04:35 +0100

exim4 (4.70~cvs+20091030-1) experimental; urgency=low

  * New upstream snapshot.

 -- Andreas Metzler <ametzler op debian.org>  Sat, 31 Oct 2009 10:08:55 +0100

exim4 (4.70~cvs+20091026-1) experimental; urgency=low

  * New snapshot.
    + Fixes segfault in dovecot authenticator. Closes: #551106
    + Improved documentation regarding certifacte verification on outgoing
      SMTP connections. Closes: #544472
  * Drop 40_boolean_redefine_protect.dpatch - included upstream.
  * Drop unapplied superfluous patches from diff: 36_pcre 37_exiwhatpsmisc.

 -- Andreas Metzler <ametzler op debian.org>  Mon, 26 Oct 2009 16:09:32 +0100

exim4 (4.70~cvs+20091017-1) experimental; urgency=low

  * Fix syntax errors in README.Debian.xml. (Thank's, Daniel Leidert)
  * New upstream cvs snapshot.
    + Drop unnecessary patches: 36_pcre 37_exiwhatpsmisc.
    + Close dovecot socket after wrong password was given. Closes: #515503
    + Standalone DKIM support. Obsoletes and therefore 
      Closes: #486437,#459883
  * Drop upstream URL from package descriptions. Closes: #471425
  * [patches/00_unpack.dpatch] Drop workaround for tar 1.14, even oldstable
    has 1.16. Closes: #486436.
  * Do not set 'tls_try_verify_hosts = *' by default anymore. Some clients
    (e.g Outlook) will terminate the SSL connection when the server presents
    the long list of accepted TLS certificates after STARTTLS. If TLS
    certificate validation of clients is needed you'll need to set
    MAIN_TLS_TRY_VERIFY_HOSTS again and point MAIN_TLS_VERIFY_CERTIFICATES to
    a file containing only the accepted certificates.
    Closes: #515999, #316522, #482012
  * Add debian/README.source. (Policy 3.8.3)
  * Fix typo in update-exim4.conf.8.
    Thanks to Calum Mackay. Closes: #543354
  * Listen on IPv6 loopback interface by default. (Only applies to fresh
    installations.) Closes: #544292
  * upstream default configure file explicitly disables dkim in some
    instances. Merge into Debian config and update debian/example.conf.md5.
    Bump Conflicts of exim4-config package.

 -- Andreas Metzler <ametzler op debian.org>  Sat, 17 Oct 2009 14:26:54 +0200

exim4 (4.69-11) unstable; urgency=medium

  * Build-Depend on lynx-cur|lynx instead of lynx. (lynx is just a dummy
    package currently, and due its strict dependencies uninstallable until
    the most recent version of lynx-cur has been built.)
  * Work around sed's improved unicode support, not accepting latin1
    characters as pattern delimiters in UTF-8 locales anymore. Closes: #527445
    + [update-exim4.conf] Go for / as separator instead. - This might have
      served a purpose in earlier releases with free-form replacements but is
      just overcomplicated now.
    + [update-exim4defaults]: The tricky bits for exim options are the
      ones that take a filename as argument (e.g. -C and -oX) or -D for
      overriding macros. Use LC_CTYPE=C.
    + [exim4-config.config] The sed commands deals with (lists of) hostnames
      and IP(v6) addresses and nets. Use LC_CTYPE=C.

 -- Andreas Metzler <ametzler op debian.org>  Sun, 10 May 2009 10:15:34 +0200

exim4 (4.69-10) unstable; urgency=low

  [ Andreas Metzler ]
  * Use macro CONFDIR in lowuid_aliases router, too. Closes: #507124
  * Disable shell filename expansion in update-exim4.conf using set -f.
    Closes: #515668
  * Stop using set -u in update-exim4.conf. With version 4.0 bash changed its
    behavior to throw an error on expansion of $* or $@ with set -u if no
    positional parameters were given. Working around this is obnoxious and
    harms readability, imho doing away with set -u's benefits. Closes: #518752
  * Allow setting outgoing smtp helo/ehlo by setting
    REMOTE_SMTP_HELO_DATA macro directly. Previously this was just supposed
    to be used as a helper macro for REMOTE_SMTP_HELO_FROM_DNS.
    REMOTE_SMTP_HELO_FROM_DNS overrides a manual REMOTE_SMTP_HELO_DATA data
    setting. Closes: #514113
  * [README.Debian] Bring documentation for Diffie-Hellman parameters up to
    current practice, mainly by deleting most of the outdated docs.
    Closes: #508749
  * [exim4 init-script]. Modify check for smtp inetd entry to use an anchored
    pattern, matching "smtp" but not "smtp-foo". Closes: #516146
  * exim4-daemon-light now Provides: default-mta. See #508644.
  * Ship both transport-filter.pl and ratelimit.pl in 
    /usr/share/doc/exim4-base/examples. Closes: #518836
  * [lintian] Add ${misc:Depends} to all Depends.
  * [lintian] Add override for dbg-package-missing-depends exim4-dbg.
  * Sync debian/control with override file by moving *-dbg to section debug.
  * Fix grammar error in update-exim4.conf.8. (Thank's, Gerfried Fuchs)
    Closes: #525248

  [ Christian Perrier ]
  * Debconf translations:
    - Asturian. Closes: #511624
    - Belarusian. Closes: #516049
    - Kazakh added. Closes: #520996
    - Slovak. Closes: #523447
    - Bengali added.

 -- Andreas Metzler <ametzler op debian.org>  Sat, 02 May 2009 09:05:56 +0200

file (5.04-5+squeeze2) squeeze-security; urgency=high

  * Fix overeager detection of CDF file as Word documents

 -- Florian Weimer <fw op deneb.enyo.de>  Sun, 04 Mar 2012 16:55:53 +0100

file (5.04-5+squeeze1) squeeze-security; urgency=high

  * Switch to the CDF parser from file 5.11.  Fixes crashes detected by
    CERT/CC BFF fuzzer.
  * Keep old prefix "CDF V2" in file types.

 -- Florian Weimer <fw op deneb.enyo.de>  Wed, 29 Feb 2012 20:05:56 +0100

file (5.04-5) unstable; urgency=low

  [ Daniel Baumann ]
  * Adding patch from Adam Buchbinder <adam.buchbinder op gmail.com> to fix
    false positives in Bio-Rad PIC detection (Closes: #589056).
  * Adding patch from Adam Buchbinder <adam.buchbinder op gmail.com> to add
    new magics for JFS filesystem images (Closes: #589067).
  * Adding patch from Nahuel Greco <ngreco op gmail.com> to add new magics
    for Erlang DETS files (Closes: #589723).

  [ Judit Foglszinger ]
  * Adding myself to uploaders.
  * Replacing dh_python with dh_pysupport in debian/rules (Closes:
    #529351).

 -- Daniel Baumann <daniel op debian.org>  Thu, 05 Aug 2010 17:06:03 +0200

file (5.04-4) unstable; urgency=low

  * Adding patch from Arnaud Giersch <arnaud.giersch op iut-bm.univ-
    fcomte.fr> to fix that file does not always correctly report the
    faulty command for core files (Closes: #422524, #427876).
  * Adding patch from Adam Buchbinder <adam.buchbinder op gmail.com> to
    update qemu magics (Closes: #451524).
  * Adding patch from Ori Avtalion <ori op avtalion.name> to fix a typo and
    a formating issue in file manpage (Closes: #499754).
  * Renumbering patches.
  * Adding patch from Adam Buchbinder <adam.buchbinder op gmail.com> to add
    new magic for datafork fonts (Closes: #291908).
  * Adding patch from Adam Buchbinder <adam.buchbinder op gmail.com> to add
    new magics for PDB files (Closes: #480829).
  * Adding patch from Adam Buchbinder <adam.buchbinder op gmail.com> to
    update PSF2 magics (Closes: #492035).
  * Adding patch from Adam Buchbinder <adam.buchbinder op gmail.com> to add
    new magics for Canon CRW and CR2 files (Closes: #516054).
  * Adding patch from Richard Smith <busreply op broadmeadow.eu> to update
    Dyalog APL magics (Closes: #537893).
  * Adding patch from Євгеній Мещеряков <eugen op debian.org> to add new
    magic for GDSII (Closes: #576462).
  * Adding patch from Frédéric Brière <fbriere op fbriere.net> to add new
    magics for Git index files (Closes: #583679).

 -- Daniel Baumann <daniel op debian.org>  Tue, 13 Jul 2010 19:37:04 +0200

file (5.04-3) unstable; urgency=low

  * Adding patch to add new magic for DACT (Closes: #582945).
  * Updating magic-add-dact.patch to append to compress instead of
    archive magic files.
  * Updating standards version to 3.9.0.
  * Adding patch from Eloi Notario <entfe001 op gmail.com> to update lzma
    magics (Closes: #576950).
  * Adding (empty) directory holding custom magics (Closes: #582944).
  * Adding patch for consistent spelling of XZ compression (Closes:
    #541087).

 -- Daniel Baumann <daniel op debian.org>  Sun, 11 Jul 2010 02:41:19 +0200

file (5.04-2) unstable; urgency=low

  * Bumping versioned build-depends on debhelper because of dh_bugfiles
    usage.
  * Shortening package long-descriptions (Closes: #570817).
  * Updating copyright file to current state of the art (Closes:
    #573519).
  * Sorting and wrapping build-depends.
  * Sorting and wrapping depends.
  * Sorting fields in control.
  * Stopping to ship (partially outdated) plain text mime files, which
    was always unsupported, the only supported interface still is using
    the library.
  * Adding README.Debian to file to tell users and package maintainers
    on how to add their own magics.
  * Dropping la files.
  * Moving local magics stubs from file to libmagic1 where they actually
    belong.

 -- Daniel Baumann <daniel op debian.org>  Sat, 27 Mar 2010 11:55:37 +0100

file (5.04-1) unstable; urgency=low

  * Updating year in copyright file.
  * Updating to standards 3.8.4.
  * Merging upstream version 5.04.
  * Removing magic-update-asf.patch, went upstream.
  * Rediffing magic-update-awk.patch.
  * Rediffing magic-update-bash.patch.
  * Rediffing magic-update-tcsh.patch.
  * Rediffing magic-update-linuxswap.patch.
  * Removing magic-update-ruby.patch, went upstream.
  * Removing magic-update-postscript-fonts.patch, went upstream.
  * Rediffing magic-add-par2.patch.
  * Rediffing magic-add-cromfs.patch.
  * Rediffing magic-add-bacula.patch.
  * Removing magic-add-ppc-swapfile.patch, went upstream.
  * Rediffing file-mgc.patch.
  * Removing file-hurd.patch, went upstream.
  * Updating magic-add-freemind.patch for new upstream.
  * Using debhhelper bug files rather than manual installing in rules
    file.
  * Renaming directory for storing local debian additions to more common
    name.

 -- Daniel Baumann <daniel op debian.org>  Mon, 01 Feb 2010 14:26:27 +0100

file (5.03-5) unstable; urgency=low

  * Adding explicit debian source version 1.0 until switch to 3.0.
  * Updating setup.py calls in rules for python2.6 again, thanks to
    Jakub Wilk <ubanus op users.sf.net> (Closes: #555208).

 -- Daniel Baumann <daniel op debian.org>  Sat, 19 Dec 2009 20:03:32 +0100

file (5.03-4) unstable; urgency=low

  * Adding README.source.
  * Adding patch to add new magic for Lyx (Closes: #556194).
  * Adding patch from Adam Buchbinder <adam.buchbinder op gmail.com> to add
    new magic for bacula volumes (Closes: #556981).
  * Adding patch from Adam Buchbinder <adam.buchbinder op gmail.com> to add
    new magic for olympus orf files (Closes: #519305).
  * Adding patch from Josh Triplett <josh op joshtriplett.org> to add new
    magic for gstreamer binary registry files (Closes: #559117).
  * Adding patch from Daniel Novotny <dnovotny op redhat.com> to add new
    magic for MDMP crash report data files.
  * Adding patch from Daniel Novotny <dnovotny op redhat.com> to add update
    magic for postscript fonts.
  * Adding patch from Daniel Novotny <dnovotny op redhat.com> to add new
    magic for xfs dumps.
  * Adding patch from Daniel Novotny <dnovotny op redhat.com> to add new
    magic for ppc swapfiles.
  * Adding patch from Daniel Novotny <dnovotny op redhat.com> to add new
    magic for delta iso files.
  * Adding patch from Daniel Novotny <dnovotny op redhat.com> to add new
    magic for delta rpm files.
  * Adding patch from Alexander Danilov <alexander.a.danilov op gmail.com>
    to add new magic for AVCHD Clip Information files (Closes: #538847).
  * Adding patch to add new magic for Chiasmus (Closes: #540368).
  * Adding patch from Adam Buchbinder <adam.buchbinder op gmail.com> to
    update magic for truetype collections (Closes: #545709).
  * Adding patch from Joerg Friedrich <Joerg.Friedrich op friedrich-kn.de>
    to add support for all flags from magic.h in python-magic (Closes:
    #529354).
  * Adding patch from Adam Buchbinder <adam.buchbinder op gmail.com> to add
    new magic for HDR formats (Closes: #520416).
  * Adding patch from Adam Buchbinder <adam.buchbinder op gmail.com> to add
    new magic for Foveon X3F (Closes: #516800).
  * Adding patch from Adam Buchbinder <adam.buchbinder op gmail.com> to add
    new magic for Paint.NET images (Closes: #504779).
  * Adding patch to add mime type for 7-zip files (Closes: #552742).

 -- Daniel Baumann <daniel op debian.org>  Sat, 05 Dec 2009 19:04:48 +0100

file (5.03-3) unstable; urgency=low

  * Updating tgif magic, thanks to Hugo Graumann <graumann op ucalgary.ca>
    (Closes: #549601).
  * Enabling nut magic patch.
  * Correcting wrong vcs-browser field.
  * Updating setup.py calls in rules for python2.6, thanks to Piotr
    Ozarowski <piotr op debian.org> (Closes: #555208).

 -- Daniel Baumann <daniel op debian.org>  Tue, 10 Nov 2009 19:46:51 +0100

file (5.03-2) unstable; urgency=low

  * Adding patch from Adam Buchbinder <adam.buchbinder op gmail.com> to add
    new magic for the NUT Container format (Closes: #528242).
  * Adding patch from Alan Woodland <ajw05 op aber.ac.uk> to add new magic
    for BLCR context files (Closes: #538407).
  * Updating standards version to 3.8.3.
  * Updating maintainer field.
  * Updating vcs fields.

 -- Daniel Baumann <daniel op debian.org>  Sun, 04 Oct 2009 11:28:34 +0200

file (5.03-1) unstable; urgency=high

  * Merging upstream version 5.03:
    - Fixes more buffer overflows.

 -- Daniel Baumann <daniel op debian.org>  Fri, 08 May 2009 23:07:54 +0200

file (5.02-1) unstable; urgency=high

  * Using correct rfc-2822 date formats in changelog.
  * Merging upstream version 5.02:
    - Fixes a buffer overflow.

 -- Daniel Baumann <daniel op debian.org>  Tue, 05 May 2009 00:05:44 +0200

file (5.01-1) unstable; urgency=low

  * Adding patch from  Adam Buchbinder <adam.buchbinder op gmail.com> to
    fix false matches against Z-machine pattern (Closes: #499748).
  * Adding patch from Adam Buchbinder <adam.buchbinder op gmail.com> to
    improve XWD magic in order to not give false results on mp3 files
    (Closes: #511764).
  * Adding patch from Adam Buchbinder <adam.buchbinder op gmail.com> to fix
    unescaped spaces in erlang magic (Closes: #514056).
  * Updating UUID patches to cope with leading zeroes, thanks to Bjorn
    Mork <bjorn op mork.no> (Closes: #515019).
  * Updating section for python-magic-dbg.
  * Adding patch from Adam Buchbinder <adam.buchbinder op gmail.com> to fix
    a spacing error in the manpage (Closes: #515761).
  * Adding patch from Adam Buchbinder <adam.buchbinder op gmail.com> to
    updated utf-8 big-endian magic (Closes: #513526).
  * Adding patch from Adam Buchbinder <adam.buchbinder op gmail.com> to add
    new magic for git packs and indexes (Closes: #509942).
  * Adding patch from Adam Buchbinder <adam.buchbinder op gmail.com> to
    update magic for spectrum tap files (Closes: #501589).
  * Merging upstream version 5.01.
  * Removing magic-update-erlang.patch, went upstream.
  * Rediffing magic-add-qdbm.patch.
  * Rediffing magic-add-tokyocabinet.patch.
  * Manually renaming magic directory in rules to correct name.
  * Updating file-mgc.patch for file 5, produces raw magics again now
    (Closes: #522433).

 -- Daniel Baumann <daniel op debian.org>  Sun, 03 May 2009 11:02:00 +0200

file (5.00-1) unstable; urgency=low

  * Merging upstream version 5.00 (Closes: #520532).
  * Using quilt rather than dpatch.
  * Updating years in copyright file.
  * Reordering rules file.
  * Stopping to rebootstrap autofoo, it is not needed anymore.
  * Updating to standards version 3.8.1.
  * Updating conglomeration.patch.

 -- Daniel Baumann <daniel op debian.org>  Sat, 21 Mar 2009 09:59:00 +0100

file (4.26-2) unstable; urgency=medium

  * Using patch-stamp rather than patch in rules file.
  * Replacing obsolete dh_clean -k with dh_prep.
  * Adding patch from Toeroek Edwin <edwintorok op gmail.com> to update llvm magics
    (Closes: #505805).
  * Adding patch to add mime entries for ruby (Closes: #502201).
  * Adding patch from Ori Avtalion <ori op avtalion.name> to update gimp magics
    (Closes: #501200).
  * Corrected spelling of 'ScummVM' in magic-add-scummvm.dpatch.
  * Adding patch from Adam Buchbinder <adam.buchbinder op gmail.com> to update wav
    magics (Closes: #508174).

 -- Daniel Baumann <daniel op debian.org>  Tue, 09 Dec 2008 13:28:00 +0100

freetype (2.4.2-2.1+squeeze4) stable-security; urgency=low

  * CVE-2012-11[33|34|36|42|44]

 -- Moritz Muehlenhoff <jmm op debian.org>  Wed, 07 Mar 2012 17:46:07 +0100

freetype (2.4.2-2.1+squeeze3) stable-security; urgency=low

  * Non-maintainer upload by the Security Team.
  * Upload prepared by Michael Gilbert!
  * Fix CVE-2011-3439: vulnerability in CID-keyed Type 1 fonts.	

 -- Moritz Muehlenhoff <jmm op pisco>  Fri, 18 Nov 2011 20:24:48 +0000

freetype (2.4.2-2.1+squeeze2) stable-security; urgency=low

  * Non-maintainer upload by the Security Team
  * CVE-2011-3256

 -- Moritz Muehlenhoff <jmm op debian.org>  Mon, 24 Oct 2011 16:12:56 +0000

freetype (2.4.2-2.1+squeeze1) stable-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * CVE-2011-0226: Vulnerability in parsing Type 1 fonts

 -- Kan-Ru Chen <koster op debian.org>  Thu, 04 Aug 2011 00:24:59 +0800

freetype (2.4.2-2.1) unstable; urgency=medium

  * Non-maintainer upload by the Security Team.
  * Fix CVE-2010-3855 and CVE-2010-3814 (Closes: #602221)

 -- Moritz Muehlenhoff <jmm op debian.org>  Thu, 18 Nov 2010 21:16:12 +0100

freetype (2.4.2-2) unstable; urgency=low

  * debian/patches-ft2demos/f2tdemos-grkey.patch: update to fix another
    problem when building under gcc-4.5 that was overlooked in the previous
    version of the patch.  LP: #624740.

 -- Steve Langasek <vorlon op debian.org>  Sat, 28 Aug 2010 02:27:15 +0000

freetype (2.4.2-1) unstable; urgency=high

  * New upstream release
    - High urgency upload for RC security bugfix.
    - Corrects a stack overflow in the interpreter for CFF fonts
      (CVE-2010-1797).  Closes: #592399.
    - drop debian/patches-freetype/opentype-missing-glyphs, included
      upstream.
  * Update libfreetype6.symbols for two new functions.

 -- Steve Langasek <vorlon op debian.org>  Tue, 10 Aug 2010 00:19:04 -0700

freetype (2.4.0-2) unstable; urgency=medium

  * debian/patches-freetype/opentype-missing-glyphs: fix from upstream for
    glyphs from OpenType fonts failing to render.  Closes: #589256,
    LP: #605858.
  * Medium-urgency upload to fix important regression.

 -- Steve Langasek <vorlon op debian.org>  Fri, 16 Jul 2010 12:37:03 -0700

freetype (2.4.0-1) unstable; urgency=high

  * New upstream release (closes: #572576).
    - fixes CVE-2010-2497, CVE-2010-2498, CVE-2010-2499, CVE-2010-2500,
      CVE-2010-2519, and CVE-2010-2520
    - high-urgency upload for security bugfixes.
    - drop debian/patches-freetype/freetype-bytecode-interpreter.patch and
      debian/patches-freetype/enable-full-bytecode-interpreter - the
      bytecode interpreter is now enabled by default upstream at last!
    - drop debian/patches-freetype/freetype-bdflib-large-encodings.patch and
      debian/patches-freetype/uninitialized-vars.patch, applied upstream.
    - drop debian/patches-freetype/331-hmtx-no-shorts.diff, implemented
      differently upstream.
    - new symbol FT_Library_SetLcdFilterWeights added to the symbols table,
      bump the shlibs.
    - fixes problem with outlines for some OpenType fonts.  Closes; #583868.
  * Add a debian/watch file - though we won't use it internally due to the
    multiple tarball issues.
  * Begin to simplify debian/rules a little by trimming dead code.
  * Don't set SHELL = /bin/bash in debian/rules, no bashisms found in
    the current package.
  * debian/patches/ft2demos-grkey.patch: don't point grKEY() at an enum when
    it's being passed values that aren't defined in that enum, fixing a build
    failure with gcc 4.5.  Thanks to Brian M. Carlson for the preliminary
    patch.  Closes: #564989.
  * docs/PATENTS no longer exists, so we don't install it.
  * Add ${misc:Depends} substitutions to all packages, per lintian.
  * Standards-Version to 3.8.4, no changes required.
  * Clarify in debian/copyright that freetype can be used under GPLv2 or
    later.

 -- Steve Langasek <vorlon op debian.org>  Tue, 13 Jul 2010 17:09:32 -0700

freetype (2.3.11-1) unstable; urgency=low

  * New upstream release
    - drop debian/patches-freetype/proper-armel-asm-declaration.patch and
      debian/patches-freetype/CVE-2009-0946.patch, applied upstream.
    - new symbol tt_cmap13_class_rec added to the symbols table, bump the
      shlibs.

 -- Steve Langasek <vorlon op debian.org>  Mon, 12 Oct 2009 14:14:49 -0700

freetype (2.3.9-5) unstable; urgency=low

  * Pass proper --host/--build args to ./configure, to support
    cross-building.  Closes: #465292.
  * clean up a number of unused variables in debian/rules; maybe someday
    we'll get this package to converge on debhelper 7... :)
  * Fix the doc-base section for libfreetype6-dev.  Closes: #315845.
  * Remove one final reference to /usr/X11R6 in debian/rules.
  * Drop incorrect Replaces: freetype0, freetype1
  * Add debian/README.source, documenting the madness that is this source
    package.
  * Standards-Version to 3.8.0.
  * Fix multiple integer overflows leading to arbitrary code execution
    or DoS (CVE-2009-0946; Closes: #524925).  Thanks to Nico Golde for the
    NMU.

 -- Steve Langasek <vorlon op debian.org>  Mon, 01 Jun 2009 04:37:19 -0700

freetype (2.3.9-4) unstable; urgency=low

  * debian/patches-ft2demos/compiler-hardening-fixes.patch: always check the
    return value of fread(), to appease hardened compilers such as what's
    used in Ubuntu by default.  Set a good example, even if these demos
    shouldn't be security-sensitive!  Also, along the way catch and fix a
    small memory leak on error. :)
  * debian/patches-freetype/proper-armel-asm-declaration.patch: use __asm__
    for declaring assembly instead of asm, fixing a build failure on armel.

 -- Steve Langasek <vorlon op debian.org>  Sat, 14 Mar 2009 14:35:23 -0700

freetype (2.3.9-3) unstable; urgency=low

  * Drop spurious Suggests: on libfreetype6-dev.  Closes: #363937.
  * debian/patches-freetype/enable-subpixel-rendering.patch: enable subpixel
    rendering features, used by libcairo and xft to provide LCD colour
    filtering.  This is considered no more or less evil than the bytecode
    interpreter which we also enable.
  * Move debian/libfreetype6.copyright to debian/copyright, and selectively
    install it to the single binary package in debian/rules; the same
    copyright file is used for all the binaries anyway via symlinks, so
    there's no reason it shouldn't ship as debian/copyright.
    Closes: #381228.
  * Clip redundant LICENSE.TXT and GPL.TXT files from the
    libfreetype6-dev package.  Closes: #459802.

 -- Steve Langasek <vorlon op debian.org>  Fri, 13 Mar 2009 23:09:50 -0700

freetype (2.3.9-2) unstable; urgency=low

  * debian/rules: bump the shlibs version, since 2.3.9 introduces a handful
    of new symbols
  * debian/libfreetype6.symbols: add a new symbols file, which should cause
    most packages to have relaxed dependencies of libfreetype6 now.

 -- Steve Langasek <vorlon op debian.org>  Fri, 13 Mar 2009 16:57:23 -0700

freetype (2.3.9-1) unstable; urgency=low

  * New upstream version; closes: #519168.
    * fixes a SIGFPE in evince when displaying some PDFs.  Closes: #494350,
      LP: #277294.
    * fix a rendering issue with embedded Myriad_Pro fonts in some PDFs.
      LP: #330438.
    * fix a rendering issue with some glyphs not rendering in PDFs when
      an embedded font uses CID 0.  LP: #252250.
    * drop patches-freetype/no-segfault-on-load_mac_face, included
      upstream.
    * patches-ft2demos/ft2demos-2.1.7-ftbench.patch: drop unused
      patch chunk
  * fix up the get-orig-source target to autodetect the upstream version
    using the changelog by default.

 -- Steve Langasek <vorlon op debian.org>  Fri, 13 Mar 2009 01:07:28 -0700

gettext (0.18.1.1-3) unstable; urgency=high

  * Do not include /usr/share/info/dir.gz file in binary package if
    install-info is present during the build. Closes: #597407.

 -- Santiago Vila <sanvila op debian.org>  Sun, 19 Sep 2010 17:09:36 +0200

gettext (0.18.1.1-2) unstable; urgency=medium

  * Changed lynx to lynx-cur in gettext Recommends, as lynx is a dummy
    transitional package. Closes: #595741.

 -- Santiago Vila <sanvila op debian.org>  Sat, 11 Sep 2010 13:11:40 +0200

gettext (0.18.1.1-1) unstable; urgency=low

  * New upstream release.
  * Added Conflicts: autopoint (<= 0.17-11) to gettext, as the old dummy
    autopoint had a dependency on gettext that should have been versioned
    and the current gettext package no longer contains the autopoint script.
  * Dropped cvs and rcs from Build-Depends. No longer needed.
  * Dropped options --without-cvs and --with-git from ./configure call,
    as those are now the default.
  * Added Build-Depends: libunistring-dev.

 -- Santiago Vila <sanvila op debian.org>  Sun, 13 Jun 2010 14:34:30 +0200

gettext (0.18-1) unstable; urgency=low

  * New upstream release.
  * When called with options --statistics and --verbose, msgfmt now prints
    the filename as a prefix of the statistics line. Closes: #320174.
  * Changed 50gettext.el to behave if gettext-el is removed but not purged.
    Thanks to Kevin Ryde. Closes: #422664.
  * Fixed infinite loop in po-previous-translated-entry. Closes: #496944.
  * Makevars now allows passing options for msgmerge. Closes: #538137.
  * autopoint now supports multiple PO directories. Closes: #538150.
  * Upstream includes zh_CN translation. Closes: #559051.
  * Lots of programs now support --color. Closes: #573704.
  * Fixed xgettext problem with perl strings. Closes: #573770.
  * Changed autopoint so that it uses git instead of cvs. As the autopoint
    package was created to avoid gettext to depend on cvs, we are not going
    to make gettext to depend on git now. Moreover, as packages using
    autopoint and still having cvs in their build-depends would not work
    anymore even if autopoint is still kept in the gettext package, this
    effectively puts an end to the transition period: packages using
    autopoint must build-depend on autopoint now.
  * Do the actual move of autopoint stuff to the autopoint package.
  * Applied patch from Bruno Haible to not publicize the builder's name
    and email in the small git repository created for autopoint.
  * Added cvs, rcs and git to build-depends, because of the above.
  * Updated README.Debian to match current status of autopoint package.
  * Removed way obsolete versioned Replaces everywhere, as we don't
    support upgrades which skip releases.

 -- Santiago Vila <sanvila op debian.org>  Tue, 18 May 2010 13:52:36 +0200

gettext (0.17-11) unstable; urgency=low

  * Enable java on all architectures, by using default-jdk.
    Thanks to Petr Salinger. Closes: #578602.

 -- Santiago Vila <sanvila op debian.org>  Fri, 23 Apr 2010 20:21:10 +0200

gettext (0.17-10) unstable; urgency=low

  * Switch to 3.0 (quilt) source format, 10 patches.
  * Create an autopoint package. Packages using autopoint should now
    build-depend on it and drop cvs if they don't use it directly.
    After packages have been updated, the autopoint script will actually
    be moved to the autopoint package. This procedure avoids breaking
    affected packages during the transition period.
  * gettext now recommends autopoint, not cvs.
  * Rewrite of README.Debian to match reality.
  * Added homepage.

 -- Santiago Vila <sanvila op debian.org>  Sun, 28 Feb 2010 17:43:26 +0100

gettext (0.17-9) unstable; urgency=low

  * Added several lintian overrides.
  * Do not ship empty directories in /usr/share/locale.
  * gettext-el: Update Depends to current emacs (emacs23).
  * Disable java for hurd-i386, kfreebsd-amd64 and kfreebsd-i386,
    as they don't have openjdk yet. Closes: #568390.

 -- Santiago Vila <sanvila op debian.org>  Sun, 14 Feb 2010 16:48:00 +0100

gettext (0.17-8) unstable; urgency=low

  * Modified Makefile.in files to avoid /usr/share/info/dir.gz.
  * Handle info files as indicated by policy 3.8.3.
  * Removed useless calls to install-docs.
  * Updated config.guess and config.sub.
  * Removed useless .la files.

 -- Santiago Vila <sanvila op debian.org>  Sun, 30 Aug 2009 16:25:06 +0200

gettext (0.17-7) unstable; urgency=low

  * Moved gettext-el to section lisp.
  * Disabled mono stuff, as compilation now fails in squeeze.
  * Moved cvs from Suggests to Recommends, as indicated by DEPENDENCIES
    document in source, for the benefit of people who tell apt to treat
    recommends as depends and just want to play with gettext. People building
    Debian packages should still read README.Debian. Closes: #506022.
  * Recognize the perl 5.10 operator '//'. Closes: #519759.
  * Build-Depends on openjdk-6-jdk, not jikes-classpath. Closes: #529496.
  * Really depend on libxml2 instead of using the embedded version.

 -- Santiago Vila <sanvila op debian.org>  Mon, 17 Aug 2009 18:08:54 +0200

gettext (0.17-6) unstable; urgency=low

  * Added libncurses5-dev, libxml2-dev, libglib2.0-dev and libcroco3-dev
    to Build-Depends, needed for the --color option of the various programs.
    Otherwise, an embedded version is used, which is forbidden by policy.
  * Standards-Version: 3.8.0.

 -- Santiago Vila <sanvila op debian.org>  Fri, 28 Nov 2008 12:49:56 +0100

gettext (0.17-5) unstable; urgency=low

  * Changed gettext-el dependency from emacsen to "emacs22 | emacsen".
  * Run "make distclean" only if Makefile exists, but do not ignore errors.
  * po-mode: Do not duplicate headers with emacs23. Closes: #504356.

 -- Santiago Vila <sanvila op debian.org>  Fri, 28 Nov 2008 11:12:15 +0100

gnupg (1.4.10-4+squeeze1) stable-security; urgency=high

  * Apply upstream patch to fix memory and key database corruption
    when importing with invalid keys (CVE-2012-6085, closes: #697108).

 -- Thijs Kinkhorst <thijs op debian.org>  Wed, 02 Jan 2013 20:43:39 +0100

gnupg (1.4.10-4) unstable; urgency=high

  * debian/patches/mips_gcc4.4: added to fix build failure on
    mips(el) due to the removal of the 'h' constraint for MIPS
    in gcc-4.4.x versions. Urgency high for fixing ftbfs.
    Thanks Florian Fainelli for the patch.

 -- Thijs Kinkhorst <thijs op debian.org>  Tue, 25 May 2010 20:54:22 +0200

gnupg (1.4.10-3) unstable; urgency=low

  [ Daniel Leidert (dale) ]
  * debian/control (Description): Added note about gnupg2 (closes: #566081).
  * debian/patches/489225_catch_expired_primary_key_with_valid_subkey.dpatch:
    Added.
    - g10/sig-check.c (do_check_messages): Evaluate the HAS_EXPIRED flag to
      fix missing status line signature verification done with a subkey while
      on the main key has expired (closes: #489225).
  * debian/patches/551709_fix_info_link_entry.dpatch: Added.
    - doc/gnupg1.texi, gnupg1.info: Fix direntry (closes: #551709).
  * debian/patches/553175_document_primary_uid_sign.dpatch: Added.
    - doc/gpg.texi: Document the primary user id sign in --edit-key mode
      (closes: #553175).
  * debian/patches/560692_fix_fatal_after_homedir_creation.dpatch: Added.
    - g10/tdbio.c (tdbio_set_dbname): Fix a mistaken fatal error after homedir
      creation (closes: #560692).
  * debian/patches/560995_fix_ftbfs_on_sparc64.dpatch: Added.
    - mpi/config.links: Fix FTBFS on sparc64, where it tries to use SPARC32
      assembly code (closes: #560995).
  * debian/patches/567580_menu_prompt_reflects_program.dpatch: Added.
    - Use a less ambiguous command prompt (closes: #567580).
  * debian/patches/567593_improve_info_and_faq.dpatch: Added.
    - Improve the info/manual pages, fix grammar and add/fix the bug-reporting
      address (closes: #567593).
  * debian/patches/fix_infinite_loop_r5264.dpatch: Added.
    - Avoid infinite loop in case of invalid data.
  * debian/patches/00list: Adjusted.

  [ Thijs Kinkhorst ]
  * Checked for policy 3.8.4, no changes.

 -- Thijs Kinkhorst <thijs op debian.org>  Mon, 22 Mar 2010 20:12:42 +0100

gnupg (1.4.10-2) unstable; urgency=low

  [ Thijs Kinkhorst ]
  * Correct build issue when backporting to lenny, thanks Andreas Metzler
    (closes: #545268).

  [ Daniel Leidert ]
  * debian/control: Added gnupg-curl package which ships the keyserver helper
    tools built with libcurl. gnupg recommends this package.
    (Build-Depends): Changed to generic libreadline-dev (see pkg-gnupg-maint
    list 09/2009).
    (Description): Adjusted for gnupg vs. gnupg-curl.
  * debian/gnupg.doc-base.faq: Added to register the GnuPG FAQ with doc-base.
  * debian/gnupg-curl.preinst,
    debian/gnupg-curl.postrm: Added to add/remove the diversions for
    gpgkeys_curl and gpgkeys_hkp.
  * debian/rules: Added targets to build the gnupg binary and helper tools
    explicitly with libcurl. Move the gpgkeys_curl and gpgkeys_hkp keyserver
    tools built with libcurl into the gnupg-curl package.
    (build-deb/config.status): Build the gnupg binary with the "curl shim"
    variant and without libcurl, so we don't depend on packages with priority
    lower important (closes: #545275).
    (install): Delete /usr/share/info/dir.gz (closes: #546552).
    (binary-arch): Add missing relevant ChangeLog files.

 -- Thijs Kinkhorst <thijs op debian.org>  Fri, 25 Sep 2009 10:34:50 +0200

gnupg (1.4.10-1) unstable; urgency=low

  [ Daniel Leidert (dale) ]
  * New upstream release GnuPG 1.4.10.
    - Better cope with unicode characters in any output (closes: #540340).
    - Output a warning when trying to revoke a signature from a key,
      that is not signed by any of your keys (closes: #543530).

  For more information please read /usr/share/doc/gnupg/changelog.gz.

  * debian/control (Standards-Version): Bumped to 3.8.3.
  * debian/gnupg.bug-presubj: Added note about debian/README.BUGS.Debian.
  * debian/gnupg.docs: Added debian/README.BUGS.Debian.
  * debian/gnupg.udev: Added udev rules to support several SCM smartcard
    readers. Thanks to Michael Bienia (closes: #543216).
  * debian/rules (binary-arch): Install udev rules and bug control files.
  * debian/README.BUGS.Debian: Added. Collect information about limitations
    which have been reported to the BTS and might be in the future too. This
    will replace the open bug reports, so the bug count decreases and
    readability increases (closes: #44910, #89094, #282061, #359758, #427857,
    #472642, #485458).
  * debian/patches/24_gpgv_manpage_cleanup.dpatch: Dropped (applied upstream).
  * debian/patches/25_fr.po_fixes.dpatch: Ditto.
  * debian/patches/25_it.po_fixes.dpatch: Ditto.

  [ Thijs Kinkhorst ]
  * Add misc:depends substvar to facilitate install-info transition.

 -- Thijs Kinkhorst <thijs op debian.org>  Sat, 05 Sep 2009 15:43:18 +0200

gnupg (1.4.10~rc1-1) experimental; urgency=low

  * First release candidate of GnuPG 1.4.10.
    - Improved lockfile handling (closes: #58260).
    - Fixes error using the --local-user switch together with the same options
      string (closes: #130363).
    - Fixes memory leak importing (large) keyrings (closes: #172115, #345911).
    - Send HTTP requests with "Pragma: no-cache" (closes: #177716).
    - Reference to unimplemented --fix-trustdb switch has been replaced by
      short howto for recovery (closes: #196860).
    - Resets terminal after SIGINT (LP: #294115; closes: #321871).
    - Fixes error using the --fingerprint switch together with the
      with-fingerprint options string (closes: #382794).
    - Removing some strange old special case code in gpg fixes an error thrown
      for a special signature (closes: #402600). This needs well testing ...
      see https://bugs.g10code.com/gnupg/issue931.
    - Fixes misleading error messages (closes: #205596, #494040).
    - Fixes building with libcurl (closes: #502558).
    - Fixes a parsing loop specific to amd64 systems (closes: #503853).
    - Fixes the non-zero exit status after smartcard insert prompt (closes:
      #513464).
    - Fixes/improves documentation (LP: #389694; closes: #496921, #527351).
    - Fixes several issues in the German (closes: #536827), the Dutch
      (LP: #397395) and the French (closes: #525404) translation.
    - Added IDN (Internationalized Domain Names) support (closes: #537122).
    
    For more information please read /usr/share/doc/gnupg/changelog.gz.

  [ Thijs Kinkhorst ]
  * Re-enable build-time tests, accidentally disabled due to false
    logic in debian/rules. Thanks Neil Williams, closes: #521884.
  * Checked for policy 3.8.2 and updated to debhelper 7.
  * Install NEWS as upstream changelog.

  [ Daniel Leidert ]
  * debian/control (Build-Depends): Added libcurl4-gnutls-dev (LP: #62864).
  * debian/rules (CONFARGS): Add --enable-noexecstack to build gnupg without
    executable stack on i386 (LP: #49323; closes: #527630).
    (binary-arch): Register .info documentation (closes: #527570).
  * debian/patches/24_gpgv_manpage_cleanup.dpatch: Party dropped (applied
    upstream).
  * debian/patches/25_de.po_fixes.dpatch: Dropped (applied upstream).
  * debian/patches/99_yat2m_fix_samp_handling.dpatch: Ditto.
  * debian/patches/00list: Adjusted.

 -- Thijs Kinkhorst <thijs op debian.org>  Sat, 15 Aug 2009 18:43:03 +0200

gnupg (1.4.9-4) unstable; urgency=low

  [ Daniel Leidert (dale) ]
  * debian/compat: Added to define debhelper compat level 5.
  * debian/control: (Build-Depends): Added debhelper v5.
  * debian/gnupg.dirs: Added for new debhelper-based debian/rules.
  * debian/gnupg.docs: Ditto.
  * debian/gnupg.links: Ditto.
  * debian/gnupg.manpages: Ditto.
  * debian/gnupg-udeb.install: Ditto.
  * debian/gpgv.files: Ditto.
  * debian/gpgv-udeb.install: Ditto.
  * debian/rules: Complete rewrite using debhelper (closes: #437050, #430459).
 
  [ Thijs Kinkhorst ]
  * We don't install setuid root anymore, and have not even built
    with capability support anyway in recent times. Drop libcap-dev
    build-dependency and associated patches. (Closes: #492622).
  * No longer install gpg-convert-from-106 in the path, but ship
    this script to convert from GnuPG 1.0.6 and earlier as an
    example.
  * Add --disable-asm build flag on ppc64 architecture (Closes: #343434).
  * Rephrase description on the subject of IDEA (Closes: #509853).

 -- Thijs Kinkhorst <thijs op debian.org>  Mon, 16 Feb 2009 18:35:15 +0100

gnutls26 (2.8.6-1+squeeze2) stable-security; urgency=high

  * Apply patch to fix crashes in record parsing (CVE-2012-1573)

 -- Florian Weimer <fw op deneb.enyo.de>  Sun, 25 Mar 2012 13:37:15 +0200

gnutls26 (2.8.6-1+squeeze1) stable; urgency=low

  * Pull fixes for buffer overflow in gnutls_session_get_data() from upstream
    git. (CVE-2011-4128: GNUTLS-SA-2011-2) Closes: #648441
    20_CVE-2011-4128.part1.diff 20_CVE-2011-4128.part2.diff

 -- Andreas Metzler <ametzler op debian.org>  Thu, 22 Dec 2011 18:07:26 +0100

gnutls26 (2.8.6-1) unstable; urgency=low

  * Use dh_lintian.
  * Use dh_makeshlibs for the guile stuff, too. This gets us 
    a) ldconfig in postinst. Closes: #553109
    and
    b) a shlibs file.
    However the shared objects /usr/lib/libguile-gnutls*so* are still not
    designed to be used as libraries (linking) but are dlopened. guile-1.10
    will address this issue by keeping this stuff in a private directory.
  * hotfix pkg-config files (proper fix to be included upstream).
  * Stop unneeeded linkage against libgpg-error. 16_unnecessarydep.diff

 -- Andreas Metzler <ametzler op debian.org>  Sat, 20 Mar 2010 15:53:35 +0100

gnutls26 (2.8.5-2) unstable; urgency=low

  * Add a huge bunch of lintian overrides for the guile stuff to make dak
    happy.

 -- Andreas Metzler <ametzler op debian.org>  Fri, 13 Nov 2009 19:53:04 +0100

gnutls26 (2.8.5-1) unstable; urgency=low

  * Add datefudge to build-depends. (Only needed for the pkcs1-pad test.)
  * Switch to '3.0 (quilt)' source format, allowing us to use upstreams
    orig.tar.bz2 without repacking it to gz.
  * New upstream version.
    + Drop patches/20_fixtimebomb.diff.

 -- Andreas Metzler <ametzler op debian.org>  Thu, 12 Nov 2009 19:57:08 +0100

gnutls26 (2.8.4-2) unstable; urgency=high

  * [20_fixtimebomb.diff] Fix testsuite error. Closes: #552920

 -- Andreas Metzler <ametzler op debian.org>  Sun, 01 Nov 2009 13:21:27 +0100

gnutls26 (2.8.4-1) unstable; urgency=low

  * New upstream version.
    + Drop debian/patches/15_openpgp.diff.
  * Sync priorities with override file, libgnutls26 has been bumped from
    important to standard.

 -- Andreas Metzler <ametzler op debian.org>  Sat, 26 Sep 2009 10:33:52 +0200

gnutls26 (2.8.3-3) unstable; urgency=low

  * Empty dependency_libs in la-files. (Squeeze release goal.)

 -- Andreas Metzler <ametzler op debian.org>  Sat, 05 Sep 2009 09:09:22 +0200

gnutls26 (2.8.3-2) unstable; urgency=low

  * [ debian/patches/15_openpgp.diff ] The CVE-2009-2730 patch broke
    openpgp connections.

 -- Andreas Metzler <ametzler op debian.org>  Sat, 22 Aug 2009 14:14:48 +0200

gnutls26 (2.8.3-1) unstable; urgency=high

  * New upstream version.
    + Stops hardcoding a hard dependency on the versions of gcrypt and tasn it
      was built against. Closes: #540449
    + Fixes CVE-2009-2730, a vulnerability related to NUL bytes in X.509
      certificate name fields. Closes: #541439        GNUTLS-SA-2009-4
      http://lists.gnu.org/archive/html/help-gnutls/2009-08/msg00011.html
  * Drop 15_chainverify_expiredcert.diff, included upstream.
  * Urgency high, since 541439 applies to testing, too.

 -- Andreas Metzler <ametzler op debian.org>  Fri, 14 Aug 2009 19:14:29 +0200

gnutls26 (2.8.1-2) unstable; urgency=low

  [ Simon Josefsson ]
  * Remove cruft in rules file.
  * Remove patches/15_tasn1inpc.diff, not needed.

  [ Andreas Metzler ]
  * Finally add an entry to the NEWS.Debian file concerning the deprecation of
    RSA-MD2 and RSA-MD5 for signature verification. Closes: #514578
  * Upload to unstable.
  * 15_chainverify_expiredcert.diff: New patch, pulled from upstream GIT.
    Fix testsuite error caused by expired certificate.

 -- Andreas Metzler <ametzler op debian.org>  Thu, 06 Aug 2009 19:12:51 +0200

gnutls26 (2.8.1-1) experimental; urgency=low

  * New upstream stable release.

 -- Andreas Metzler <ametzler op debian.org>  Thu, 11 Jun 2009 09:15:28 +0200

gnutls26 (2.7.14-1) experimental; urgency=low

  * [debian/control] set section setting of source package to libs instead of
    devel.
  * New upstream version.
    + Drop debian/patches/16_symbolversioning_fix.diff, included upstream.
    + Bump shlibs, new symbols added.

 -- Andreas Metzler <ametzler op debian.org>  Tue, 26 May 2009 19:51:41 +0200

gnutls26 (2.7.12-1) experimental; urgency=low

  * Fix typo in changelog. Closes: #526427
  * New upstream release.
    + Does not ship the scripts libgnutls-extra-config and libgnutls-config
      and the .m4 snippet to use it anymore. Please switch to pkg-config or
      standard autoconf test. Drop manpages and
      both patches/13_lessdeps_gnutls-config.diff and
      patches/13_lessdeps_gnutls-config.diff from the debian diff.
    + Update remaining patches.
    + Bump shlibs, new symbols added.
  * [patches/16_symbolversioning_fix.diff] Since gnutls_x509_crq_set_key was
    already present in 2.6.x it needs to be versioned GNUTLS_1_4 instead of
    GNUTLS_2_8.
  * New upstream uses separate ./configure scripts for the different
    libraries. Invoke the main ./configure script with
    --cache-file=$(CURDIR)/config.cache to speed things up.

 -- Andreas Metzler <ametzler op debian.org>  Thu, 21 May 2009 11:18:35 +0200

gnutls26 (2.6.6-1) unstable; urgency=high

  * use @LTLIBTASN1@ instead of @LIBTASN1@ in Libs.private of *.pc.in. This
    way lib-link.m4 gives us -ltasn1 instead of /usr/lib/libtasn1.so.
  * New upstream security release.
    + libgnutls: Corrected double free on signature verification failure.
      GNUTLS-SA-2009-1 CVE-2009-1415
    + libgnutls: Fix DSA key generation. Noticed when investigating the
      previous GNUTLS-SA-2009-1 problem. All DSA keys generated using GnuTLS
      2.6.x are corrupt.  See the advisory for more details.
      GNUTLS-SA-2009-2 CVE-2009-1416
    + libgnutls: Check expiration/activation time on untrusted certificates.
      Before the library did not check activation/expiration times on
      certificates, and was documented as not doing so.
      GNUTLS-SA-2009-3 CVE-2009-1417
   * The former two issues only apply to gnutls 2.6.x. The latter is a
     behavior change, add a NEWS.Debian file to document it.

 -- Andreas Metzler <ametzler op debian.org>  Thu, 30 Apr 2009 19:00:21 +0200

gnutls26 (2.6.5-1) unstable; urgency=low

  * Sync sections in debian/control with override file. libgnutls26-dbg is
    section debug, guile-gnutls is section lisp.
  * New upstream version. (Needed for Libtasn1-3 2.0)
  * New patch 15_tasn1inpc.diff. Make sure libtasn1 is listed in Libs.private.
  * Standards-Version: 3.8.1, no changes required.

 -- Andreas Metzler <ametzler op debian.org>  Tue, 14 Apr 2009 14:23:19 +0200

gnutls26 (2.6.4-2) unstable; urgency=low

  * Upload to unstable.
  * Merge changelog entries from unstable and experimental.

 -- Andreas Metzler <ametzler op debian.org>  Mon, 16 Feb 2009 16:43:37 +0100

gnutls26 (2.6.4-1) experimental; urgency=low

  * New upstream version.

 -- Andreas Metzler <ametzler op debian.org>  Sat, 07 Feb 2009 14:32:57 +0100

gnutls26 (2.6.3-1) experimental; urgency=low

  * New upstream version.
    + Corrects bug gnutls-cli which caused a rehandshake request
      to be ignored. Closes: #396867
  * Drop debian/patches/21_GNUTLS-SA-2008-3.fix.patch (included upstream)

 -- Andreas Metzler <ametzler op debian.org>  Sun, 21 Dec 2008 10:46:38 +0100

gnutls26 (2.6.2-2) experimental; urgency=low
 
  * 21_GNUTLS-SA-2008-3.fix.patch Another fix for the verification fix. Some
    correct certificate chains were not recognized as verified.
    Closes: #507633
  * [lintian] Add ${misc:Depends} to multiple dendency lines.

 -- Andreas Metzler <ametzler op debian.org>  Sat, 06 Dec 2008 13:31:58 +0100

gnutls26 (2.6.2-1) experimental; urgency=low

  * New upstream version.
    + Fixes certification verifaction error CVE-2008-4989. Closes: #505360
    + Drop 20_fix_501077.diff.
  * ia64 has guile-1.8 nowadays, let's try building the guile-gnutls wrappper
    there.
  * Add Simon Josefsson to uploaders.

 -- Andreas Metzler <ametzler op debian.org>  Thu, 13 Nov 2008 19:30:06 +0100

gnutls26 (2.6.0-1) experimental; urgency=low

  * New upstream stable release.
  * Add debian/patches/20_fix_501077.diff to fix an out of bound access in
    gnutls-openssl. (Thanks, Thomas Viehmann). Closes: #501077

 -- Andreas Metzler <ametzler op debian.org>  Sat, 25 Oct 2008 09:59:03 +0200

gnutls26 (2.5.9-1) experimental; urgency=low

  * New upstream development version.
  * Bump shlibs.

 -- Andreas Metzler <ametzler op debian.org>  Sat, 04 Oct 2008 12:40:01 +0200

grep (2.6.3-3) unstable; urgency=high

  * Ignore MMAP_OPTION
    Add 06-578709-ignore-MMAP_OPTION.patch
    Closes: 578709

 -- Anibal Monsalve Salazar <anibal op debian.org>  Thu, 22 Apr 2010 10:36:48 +1000

grep (2.6.3-2) unstable; urgency=low

  * Don't ship /usr/share/info/dir.gz which is created when install-info is
    present in the build environment, see
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576620
    Closes: 576787
  * Make grep not fail to diagnose a failed malloc
    Add 05-kwset.c.patch

 -- Anibal Monsalve Salazar <anibal op debian.org>  Thu, 08 Apr 2010 06:26:31 +1000

grep (2.6.3-1) unstable; urgency=low

  * New upstream version
    Closes: 576315
    Fix "seg fault with 'grep -i' on multiple files"
    Closes: 510196
    Fix "Incorrect matches with grep -w"
    Closes: 576155
  * Merged upstream:
      60-dfa.c-case_fold.patch
      61-dfa.c-case_fold-charclass.patch
      63-dfa.c-case_fold-range.patch
      66-match_icase.patch
      69-mbtowc.patch
    Rejected upstream:
      65-dfa-optional.patch
      67-w.patch
    Failed patches:
      64-egf-speedup.patch
      75-dfa_calloc.patch
  * Remove 65-dfa-optional.patch and 67-w.patch as upstream rejected them
    Fix "fgrep -i does not always match what grep matches"
    Closes: 575300
    Fix "-x and -w interfere?"
    Closes: 429435
  * Include debugging symbols
    Closes: 440883
  * Debian source format is 3.0 (quilt)
  * Fix out-of-date-standards-version
  * Fix debhelper-but-no-misc-depends
  * Fix copyright-refers-to-symlink-license
  * fix missing-dependency-on-install-info

 -- Anibal Monsalve Salazar <anibal op debian.org>  Mon, 05 Apr 2010 10:02:23 +1000

grep (2.5.4-4) unstable; urgency=low

  * dlopen PCRE so we can have -P; 03-dlopen-pcre.patch by Reuben Thomas 
    closes: #238237, #318680, #364998, #397262, #441373, #443103
    - Remove --disable-perl-regexp as configure parameter
  * Suggests libpcre3
  * Standards version is 3.8.1

 -- Anibal Monsalve Salazar <anibal op debian.org>  Wed, 25 Mar 2009 12:25:23 +1100

grep (2.5.4-3) unstable; urgency=low

  * Updated copyright. The grep.texi removal notice is not longer
    needed.
  * Adding --without-included-regex to solve problems with glibc-2.9.
    Thanks to the Ubuntu team. (Closes: #491158)
  * Updated debhelper compat to version 7

 -- Santiago Ruano Rincón <santiago op debian.org>  Mon, 09 Mar 2009 22:50:47 +0100

grep (2.5.4-2) unstable; urgency=low

  * Upload to unstable

 -- Anibal Monsalve Salazar <anibal op debian.org>  Mon, 16 Feb 2009 10:39:12 +1100

grep (2.5.4-1) experimental; urgency=low

  * New upstream version
    Documentation was re-licensed without the invariant section
    Remove 68-no-grep.texi.patch
  * Don't build-depend on cdbs
  * Build-Depend on autotools-dev and quilt
  * Standards version is 3.8.0
  * Patches merged upstream:
    75-dfa_calloc.patch
  * Get mbtowc to look at the character before and after the match to
    check if the match is a whole word. Patch by Peter De Wachter.
    Add 69-mbtowc.patch. Closes: #446270
  * Fix the following lintian issues:
    W: grep: ancient-dpkg-predepends-check preinst:5

 -- Anibal Monsalve Salazar <anibal op debian.org>  Wed, 11 Feb 2009 12:30:01 +1100

grub2 (1.98+20100804-14+squeeze1) stable; urgency=low

  [ Colin Watson ]
  * Backport from upstream:
    - Handle Xen split-partition disk image devices (closes: 601974).
    - Ensure uniqueness of RAID array numbers even if some elements have a
      name (closes: #609804).

  [ Robert Millan ]
  * Fix grub-probe detection for ATA devices using `ata' driver on kFreeBSD 9.
    - kfreebsd-9_ada_devices.patch
  * Mark la_array as packed.
    - zfs_packed_la_array.patch

 -- Robert Millan <rmh op debian.org>  Sun, 18 Sep 2011 18:53:13 +0200

grub2 (1.98+20100804-14) unstable; urgency=low

  [ Updated translations ]
  * Kazakh (Baurzhan Muftakhidinov / Timur Birsh).  Closes: #609187

  [ Alexander Kurtz ]
  * 05_debian_theme:
    - If we find a background image and no colours were specified, use
      upstream defaults for color_normal and color_highlight rather than
      setting color_normal to black/black.
    - Don't try the other alternatives when $GRUB_BACKGROUND is set; you can
      now add GRUB_BACKGROUND= to /etc/default/grub to force no background
      image (closes: #608263).

 -- Colin Watson <cjwatson op debian.org>  Mon, 17 Jan 2011 23:19:38 +0000

grub2 (1.98+20100804-13) unstable; urgency=low

  * Backport from upstream:
    - Don't add spurious RAID array members (closes: #605357).

 -- Colin Watson <cjwatson op debian.org>  Tue, 04 Jan 2011 14:07:14 +0000

grub2 (1.98+20100804-12) unstable; urgency=low

  * Backport from upstream:
    - Support big ext2 files (closes: #543924).
    - Fix gettext quoting to work with bash as /bin/sh, and make echo
      UTF-8-clean so that (at least) Catalan boot messages are displayed
      properly (closes: #605615).
    - Initialise next pointer when creating multiboot module (closes:
      #605567).
    - Fix PCI probing hangs by skipping remaining functions on devices that
      do not implement function 0 (closes: #594967).
  * Use semicolons rather than commas to separate size from model in debconf
    disk and partition descriptions; commas are too easily confused with the
    multiselect choice separator, and in particular make it impossible to
    answer questions properly in the editor frontend (closes: #608449).
    Unfuzzy all translations where possible.

 -- Colin Watson <cjwatson op debian.org>  Tue, 04 Jan 2011 00:42:29 +0000

grub2 (1.98+20100804-11) unstable; urgency=low

  * Exit silently from zz-update-grub kernel hook if update-grub does not
    exist (e.g. if grub-pc has been removed but not purged; closes:
    #606184).
  * Apply debconf template review by debian-l10n-english and mark several
    more strings for translation, thanks to David Prévot and Justin B Rye
    (closes: #605748).
  * Unfuzzy some translations that were not updated in this round (thanks,
    David Prévot; closes: #606921).
  * Incorporate rewritten 05_debian_theme by Alexander Kurtz, which works
    when /usr is inaccessible by GRUB (closes: #605705).
  * Backport from upstream:
    - Recognise DDF1 DM-RAID (closes: #603354).

  [ Updated translations ]
  * Chinese (YunQiang Su).  Closes: #606426
  * Indonesian (Arief S Fitrianto).  Closes: #606431
  * Slovenian (Vanja Cvelbar).  Closes: #606445
  * Swedish (Martin Bagge / brother).  Closes: #606455
  * Ukrainian (Yatsenko Alexandr).  Closes: #606538
  * Basque (Iñaki Larrañaga Murgoitio).  Closes: #606644
  * Slovak (Slavko).  Closes: #606663
  * Catalan (Jordi Mallach).
  * Bulgarian (Damyan Ivanov).  Closes: #606452
  * Persian (Morteza Fakhraee).  Closes: #606672
  * Russian (Yuri Kozlov).  Closes: #606753
  * Dutch (Paul Gevers).  Closes: #606807
  * Japanese (Hideki Yamane).  Closes: #606836
  * French (Christian Perrier).  Closes: #606842
  * Czech (Miroslav Kure).  Closes: #606854
  * Spanish (Francisco Javier Cuadrado).  Closes: #606903
  * Portuguese (Tiago Fernandes / Miguel Figueiredo).  Closes: #606908
  * German (Martin Eberhard Schauer).  Closes: #606896

 -- Colin Watson <cjwatson op debian.org>  Sat, 18 Dec 2010 17:20:09 +0000

grub2 (1.98+20100804-10) unstable; urgency=low

  * fix_crash_condition_in_kfreebsd_loader.patch: Import from upstream.
    Fixes crash condition in case kfreebsd_* commands are used after
    kfreebsd has (gracefully) failed.

 -- Robert Millan <rmh op debian.org>  Tue, 30 Nov 2010 19:40:11 +0100

grub2 (1.98+20100804-9) unstable; urgency=low

  [ Robert Millan ]
  * Import from upstream:
    - refuse_embedingless_cross_disk.patch: Refuse to do a cross-disk
      embeddingless install rather than creating a broken install.
    - fix_grub_install_error_msg.patch: Replace useless recomendation to
      pass --modules with a recomendation to report a bug.
    - message_refresh.patch: Make error messages visible again. (Closes: #605485)

  [ Jordi Mallach ]
  * Update Catalan translation with latest file from the Translation Project.

  [ Updated translations ]
  * Slovenian (Vanja Cvelbar).  Closes: #604003
  * Dzongkha (dawa pemo via Tenzin Dendup).  Closes: #604102

 -- Robert Millan <rmh op debian.org>  Tue, 30 Nov 2010 15:44:02 +0100

grub2 (1.98+20100804-8) unstable; urgency=low

  [ Robert Millan ]
  * increase_disk_limit.patch: Increase SCSI/IDE disk limits to cope with
    Sun Fire X4500.
  * linux_mdraid_1x.patch: Support for Linux MD RAID v1.x.  (Closes: #593652)
  * yeeloong_boot_info.patch: On Yeeloong, pass machine type information
    to Linux.

  [ Updated translations ]
  * Portuguese fixed by Christian Perrier (variable names
    were translated)

 -- Robert Millan <rmh op debian.org>  Fri, 05 Nov 2010 23:43:15 +0100

grub2 (1.98+20100804-7) unstable; urgency=low

  [ Robert Millan ]
  * zfs_fix_mkrelpath.patch: Replace with proper fix from upstream Bazaar.
    (Closes: #601087)

  [ Updated translations ]
  * Vietnamese (Clytie Siddall). Closes: #598327
  * Icelandic (Sveinn í Felli).  Closes: #600126

 -- Robert Millan <rmh op debian.org>  Sun, 24 Oct 2010 16:35:37 +0200

grub2 (1.98+20100804-6) unstable; urgency=low

  [ Robert Millan ]
  * zfs_v23.patch: Accept ZFS up to v23 (no changes required).
  * fix_usb_boot.patch: Fix boot on USB devices, for BIOSes that
    expose them as floppies.  (Closes: #600580)
  * zfs_fix_mkrelpath.patch: Fix grub-mkrelpath for non-root ZFS.
    (Closes: #600578)

  [ Updated translations ]
  * Kazakh (kk.po) by Baurzhan Muftakhidinov via Timur Birsh (closes:
    #598188).
  * Portuguese (pt.po) by Tiago Fernandes via Rui Branco (closes: #599767).
  * Catalan (ca.po) by Jordi Mallach.

 -- Robert Millan <rmh op debian.org>  Thu, 21 Oct 2010 23:45:23 +0200

grub2 (1.98+20100804-5) unstable; urgency=low

  [ Updated translations ]
  * Hebrew (he.po) by Omer Zak and Lior Kaplan (closes: #593855).
  * Romanian (ro.po) by ioan-eugen STAN (closes: #595727).
  * Esperanto (eo.po) by Felipe Castro (closes: #596171).

  [ Colin Watson ]
  * Make grub-efi-amd64 conflict with grub-pc as well as the other way
    round.
  * Backport upstream patches to fix DM-RAID support (closes: #594221,
    LP: #634840).

  [ Robert Millan ]
  * enable_zfs.patch: Fix grub-fstest build problem.
  * zfs_fix_label_arg.patch: Fix kfreebsd_device initialization on ZFS
    for non-main filesystems.

 -- Colin Watson <cjwatson op debian.org>  Fri, 17 Sep 2010 23:45:10 +0100

grub2 (1.98+20100804-4) unstable; urgency=low

  [ Updated translations ]
  * Italian (it.po) by Luca Monducci (closes: #593685).
  * Finnish (fi.po) by Esko Arajärvi (closes: #593921).

  [ Colin Watson ]
  * Run update-grub from kernel hooks if DEB_MAINT_PARAMS is unset, for
    compatibility with old kernel packages.  This may produce duplicate runs
    of update-grub, but that's better than not running it at all (closes:
    #594037).

 -- Colin Watson <cjwatson op debian.org>  Mon, 23 Aug 2010 12:11:55 +0100

grub2 (1.98+20100804-3) unstable; urgency=low

  [ Updated translations ]
  * Brazilian Portuguese (pt_BR.po) by Flamarion Jorge (closes: #592156).
  * Asturian (ast.po) by Maacub (closes: #592313).
  * Galician (gl.po) by Jorge Barreiro (closes: #592816).

  [ Robert Millan ]
  * Backport ZFS bugfixes from upstream Bazaar:
    - zfs_fix_chroot.patch: Fix breakage when running grub-probe inside chroot.
    - zfs_fix_label_arg.patch: Fix grub-probe fs_label argument.
    - zfs_fix_pathname.patch: Fix pathname for non-root ZFS filesystems.
    - zfs_fix_segfault.patch: Fix segfault when /dev is not mounted.

  [ Colin Watson ]
  * Escape single quotes when removing them from $mode in zz-update-grub, so
    that this works when /bin/sh is bash (thanks, Will Dyson; closes:
    #593242).
  * Add support for ext2 root on GNU/kFreeBSD (thanks, Aurelien Jarno;
    closes: #593467).

 -- Colin Watson <cjwatson op debian.org>  Thu, 19 Aug 2010 18:21:45 +0100

grub2 (1.98+20100804-2) unstable; urgency=low

  [ Colin Watson ]
  * Make /etc/kernel/postrm.d/zz-update-grub a real file rather than a
    symlink (closes: #592076).

  [ Updated translations ]
  * Norwegian Bokmål (nb.po) by Hans Nordhaug (closes: #591569).

 -- Colin Watson <cjwatson op debian.org>  Sat, 07 Aug 2010 17:53:34 +0100

grub2 (1.98+20100804-1) unstable; urgency=low

  * New Bazaar snapshot.
    - Fix grub-emu build on GNU/kFreeBSD (closes: #591490).

  [ Colin Watson ]
  * Add kernel hook scripts and remove any uses of update-grub as a
    postinst_hook or postrm_hook in /etc/kernel-img.conf (closes: #554175).
    Thanks to Ben Hutchings for advice and to Harald Braumann for an early
    implementation.
  * Extend the existing GRUB_LEGACY_0_BASED_PARTITIONS handling to avoid
    new-style partition naming when generating output for GRUB Legacy
    (closes: #590554).

  [ Updated translations ]
  * Slovak (sk.po) by Slavko (closes: #591458).

 -- Colin Watson <cjwatson op debian.org>  Wed, 04 Aug 2010 04:48:11 +0100

grub2 (1.98+20100802-1) unstable; urgency=low

  * New Bazaar snapshot.
    - Remove compatibility with terminal.mod prior to
      terminal_input/terminal_output separation (LP: #519358).
    - Enable `grub-probe -t device' resolution on ZFS.
    - Don't use UUID for LVM root when generating Xen entries (closes:
      #591093).
    - Restore missing whitespace to commands' --help output (closes:
      #590874).
    - Select unique numbers for named RAID arrays, for use as keys in the
      disk cache.

  [ Updated translations ]
  * German (Martin Eberhard Schauer).  Closes: #590108
  * Spanish (Francisco Javier Cuadrado).  Closes: #590448
  * Traditional Chinese (Tetralet).  Closes: #591191
  * Danish (Joe Hansen).  Closes: #591223
  * Dutch (Paul Gevers).  Closes: #590864
  * Japanese (Hideki Yamane).  Closes: #591058

  [ Robert Millan ]
  * postinst.in: Fill in device size and model information on GNU/kFreeBSD,
    using camcontrol.
  * patches/enable_zfs.patch: New patch. Link ZFS from grub-extras into
    grub-probe and grub-setup.
  * control: Build-Depend on libzfs-dev and libnvpair-dev on kfreebsd-*.

  [ Colin Watson ]
  * Offer RAID devices as GRUB installation targets if they contain /,
    /boot, or /boot/grub.

 -- Colin Watson <cjwatson op debian.org>  Tue, 03 Aug 2010 02:13:07 +0100

grub2 (1.98+20100722-1) unstable; urgency=low

  * New Bazaar snapshot.
    - Don't count named RAID arrays when looking for unused array numbers.

  [ Colin Watson ]
  * Merge from Ubuntu:
    - grub-common Breaks: lupin-support (<< 0.30) due to a grub-mkimage
      syntax change (lupin-support isn't in Debian, but this is harmless
      anyway).

 -- Colin Watson <cjwatson op debian.org>  Thu, 22 Jul 2010 14:33:34 +0100

grub2 (1.98+20100720-1) unstable; urgency=low

  * New Bazaar snapshot.
    - Link to Info documentation on changes from GRUB Legacy in README
      (closes: #502623).
    - Add support for mdadm metadata formats 1.x (closes: #492897).

  [ Aaron M. Ucko ]
  * Compare -trunk kernels earlier than numeric ABIs (closes: #568160).

  [ Colin Watson ]
  * Remove /boot/grub/device.map, /boot/grub/grubenv,
    /boot/grub/installed-version, and /boot/grub/locale/ on purge, if
    permitted (closes: #547679).
  * Convert from CDBS to dh.
  * Use exact-version dependencies in grub2 and grub-efi, to reduce
    potential confusion.
  * Raise priority of grub-common and grub-pc to optional (also done in
    archive overrides).
  * Copy-edit debian/presubj.
  * Use 'mktemp -t' rather than hardcoding /tmp (closes: #589537).

  [ Mario 'BitKoenig' Holbe ]
  * Update /etc/grub.d/05_debian_theme to handle multiple entries in
    GRUB_TERMINAL_OUTPUT (closes: #589322).

  [ Updated translations ]
  * Simplified Chinese (zh_CN.po) by YunQiang Su (closes: #589013).
  * Russian (ru.po) by Yuri Kozlov (closes: #589244).
  * Swedish (sv.po) by Martin Bagge / brother (closes: #589259).
  * Bulgarian (bg.po) by Damyan Ivanov (closes: #589272).
  * Indonesian (id.po) by Arief S Fitrianto (closes: #589318).
  * Arabic (ar.po) by Ossama M. Khayat.
  * Basque (eu.po) by Iñaki Larrañaga Murgoitio (closes: #589489).
  * Persian (fa.po) by Bersam Karbasion (closes: #589544).
  * Czech (cs.po) by Miroslav Kure (closes: #589568).
  * Belarusian (be.po) by Viktar Siarheichyk (closes: #589634).

 -- Colin Watson <cjwatson op debian.org>  Wed, 21 Jul 2010 09:11:14 +0100

grub2 (1.98+20100710-1) unstable; urgency=low

  * New Bazaar snapshot.
    - Handle degraded RAID arrays in grub-probe and grub-setup.
    - Fix gfxterm pager handling.

  [ Fabian Greffrath ]
  * Get value of correct debconf question when deciding whether to purge
    /boot/grub (closes: #588331).

  [ Colin Watson ]
  * Generate device.map in something closer to the old ordering (thanks,
    Vadim Solomin).

  [ Updated translations ]
  * Croatian (hr.po) by Josip Rodin, closes: #588350.
  * French (fr.po) by Christian Perrier (closes: #588695).

 -- Colin Watson <cjwatson op debian.org>  Mon, 12 Jul 2010 11:46:53 +0100

grub2 (1.98+20100706-1) unstable; urgency=low

  * New Bazaar snapshot.
    - USB hub support.
    - Fix GRUB_BACKGROUND configuration ordering.
    - Fix corruption of first entry name in a reiserfs directory.
    - Don't include MD devices when generating device.map (if you're using
      RAID and upgraded through 1.98+20100702-1 or 1.98+20100705-1, you may
      need to fix this up manually).

 -- Colin Watson <cjwatson op debian.org>  Tue, 06 Jul 2010 18:06:40 +0100

grub2 (1.98+20100705-1) unstable; urgency=medium

  * New Bazaar snapshot.
    - Bidi and diacritics support.
      + Use terminfo for ieee1275 terminals (closes: #586953).
    - Don't use empty grub_device in EFI grub-install (closes: #587838).
    - Fix grub-setup core.img comparison when not embedding (thanks, Matt
      Kraai and M. Vefa Bicakci; closes: #586621).

  * Update Source: in debian/copyright (thanks, Jörg Sommer).
  * Convert by-id disk device names from device.map to traditional device
    names for display (closes: #587951).
  * Set urgency=medium.  We've cleared out most of the apparent regressions
    at this point, and #550704 is getting more and more urgent to fix in
    testing.

 -- Colin Watson <cjwatson op debian.org>  Mon, 05 Jul 2010 02:09:58 +0100

grub2 (1.98+20100702-1) unstable; urgency=low

  * New Bazaar snapshot.
    - Use video functions in Linux loader rather than hardcoding UGA; load
      all available video backends (closes: #565576, probably).
    - Add support for initrd images on Fedora 13.
    - Output grub.cfg stanzas for Xen (closes: #505517).
    - Add 'cat --dos' option to treat DOS-style "\r\n" line endings as
      simple newlines (closes: #586358).
    - Change grub-mkdevicemap to emit /dev/disk/by-id/ names where possible
      on Linux.
    - Return CF correctly in mmap e820/e801 int15 hook (closes: #584846).
    - The info documentation now has no broken references, although of
      course it could still use more work (closes: #553460).
    - Support GRUB_BADRAM in grub-mkconfig.
    - Skip LVM snapshots (closes: #574863).

  [ Colin Watson ]
  * Mention grub-rescue-usb.img in grub-rescue-pc description (closes:
    #586462).
  * Add instructions for using grub-rescue-usb.img (closes: #586463).
  * Remove /usr/lib/grub/mips-* from grub-common rather than the incorrect
    /usr/lib/grub/mipsel-*, so that it stops clashing with grub-yeeloong;
    add a versioned Replaces to grub-yeeloong just in case (closes:
    #586526).
  * Remove qemu-system build-dependency on hurd-i386, where it doesn't seem
    to exist.  Disable tests if qemu-system-i386 isn't available.
  * Mark "upgrade-from-grub-legacy" paragraph in
    grub-pc/chainload_from_menu.lst as untranslatable.
  * Update Homepage field (thanks, Sedat Dilek).
  * On Linux, if /boot/grub/device.map exists on upgrade to this version,
    regenerate it to use stable device names in /dev/disk/by-id/.  If it had
    more than one entry, then display a critical-priority debconf note
    (sorry, but it's better than silently breaking boot menu entries)
    advising people to check custom boot menu entries and update them if
    necessary (closes: #583271).
  * Use 'set -e' rather than '#! /bin/sh -e' or '#! /bin/bash -e', to avoid
    accidents when debugging with 'sh -x'.
  * Store grub-pc/install_devices as persistent device names under
    /dev/disk/by-id/ (closes: #554790).  Migrate previous device names to
    that, with explicit confirmation in non-trivial cases to make sure we
    got the right ones.  If the devices we were told to install to ever go
    away, ask again.  (This is based on the implementation in Ubuntu.)
  * If grub-install fails during upgrade-from-grub-legacy, allow the user to
    try again with a different device, but failing that cancel the upgrade
    (closes: #587790).
  * Remove numbering from patch files.  The order is now explicit in a quilt
    series file, and renumbering from time to time is tedious.

  [ Updated translations ]
  * Ukrainian (uk.po) by Yatsenko Alexandr / Borys Yanovych (closes:
    #586611).
  * Indonesian (id.po) by Arief S Fitrianto (closes: #586799).
  * Swedish (sv.po) by Martin Bagge (closes: #586827).
  * Persian (fa.po) by Behrad Eslamifar (closes: #587085).
  * French (fr.po) by Christian Perrier (closes: #587383).
  * Galician (gl.po) by Jorge Barreiro (closes: #587796).

  [ Robert Millan ]
  * Add commented GRUB_BADRAM example in debian/default/grub.

 -- Colin Watson <cjwatson op debian.org>  Fri, 02 Jul 2010 17:42:56 +0100

grub2 (1.98+20100617-1) unstable; urgency=low

  * New Bazaar snapshot.
    - Fix i386-pc prefix handling with nested partitions (closes: #585068).

  * When running grub-pc.postinst from upgrade-from-grub-legacy, tell it to
    disregard the fact that /boot/grub/stage2 and /boot/grub/menu.lst still
    exist (closes: #550477).
  * Touch a marker file when grub-install is run but GRUB Legacy files are
    still around.  If that marker file is present, pretend that GRUB Legacy
    files are missing when upgrading.
  * If GRUB Legacy files are present when upgrading, scan boot sectors of
    all disks for GRUB 2.  If we find GRUB 2 installed anywhere, then ask
    the user if they want to finish conversion to GRUB 2, and warn them that
    not doing so may render the system unbootable (closes: #586143).  Thanks
    to Sedat Dilek for helping to narrow down this bug.
  * Leaving grub-pc/install_devices empty makes sense in some situations,
    but more often than not is a mistake.  On the other hand, automatically
    selecting all disk devices would upset some people too.  Compromise by
    simply asking for explicit confirmation if grub-pc/install_devices is
    left empty, defaulting to false so that simply selecting all the
    defaults in debconf can't leave you with an unbootable system (closes:
    #547944, #557425).

 -- Colin Watson <cjwatson op debian.org>  Sat, 19 Jun 2010 01:31:40 +0100

grub2 (1.98+20100614-2) unstable; urgency=low

  * Build-depend on gcc-4.4-multilib on i386 and kopensolaris-i386 too, in
    order to build grub-efi-amd64.
  * Ignore non-option arguments in grub-mkconfig (closes: #586056).

 -- Colin Watson <cjwatson op debian.org>  Wed, 16 Jun 2010 17:58:48 +0100

grub2 (1.98+20100614-1) unstable; urgency=low

  * New Bazaar snapshot.
    - Make target-related error messages from grub-mkimage slightly more
      helpful (closes: #584415).
    - Fix underquoting that broke savedefault (thanks, Mario 'BitKoenig'
      Holbe; closes: #584812).
    - Expand 'info grub' substantially, including a new section on
      configuring authentication (closes: #584822).
    - Give all manual pages proper NAME sections (closes: #496706).

  * Update 915resolution from grub-extras:
    - Fix a hang with 945GME (thanks, Sergio Perticone; closes: #582142).

  [ Colin Watson ]
  * Disable grub-emu on sparc for the time being.  We're currently trying to
    use TARGET_* flags to build it, which won't work.
  * Don't build-depend on libsdl1.2-dev on hurd-i386.  Although
    libsdl1.2-dev exists there, it's currently uninstallable due to missing
    libpulse-dev, and we can happily live without it for now.
  * kfreebsd-amd64 needs gcc-4.4-multilib too (closes: #585668).
  * Warn and return without error from prepare_grub_to_access_device if
    /boot is a dm-crypt device (thanks, Marc Haber; closes: #542165).
  * Make /etc/grub.d/05_debian_theme usable by shells other than bash
    (thanks, Alex Chiang; closes: #585561).
  * Remove grub-mkisofs leftovers from debian/copyright.
  * Fix reversed sense of DEB_BUILD_OPTIONS=nocheck handling.
  * Build-depend on qemu-system for grub-pc tests.

 -- Colin Watson <cjwatson op debian.org>  Tue, 15 Jun 2010 12:45:35 +0100

grub2 (1.98+20100602-2) unstable; urgency=low

  * Only build-depend on libdevmapper-dev on Linux architectures.
  * Don't build-depend on libusb-dev on hurd-i386, where it doesn't seem to
    be available.
  * Fix printf format mismatch in disk/usbms.c (closes: #584474).
  * Fix verbose error output when device-mapper isn't supported by the
    running kernel (closes: #584196).
  * Prepend "part_" to partmap module names in grub-mkconfig, in line with
    grub-install (closes: #584426).

 -- Colin Watson <cjwatson op debian.org>  Fri, 04 Jun 2010 14:01:58 +0100

grub2 (1.98+20100602-1) unstable; urgency=low

  * New Bazaar snapshot.
    - Add btrfs probing support, currently only in the single-device case
      (closes: #540786).
    - Fix grub-emu build on mips/powerpc/sparc.
    - Add safety check to make sure that /boot/grub/locale exists before
      trying to probe it (closes: #567211).
    - Several 'info grub' improvements, including a new section on
      configuration file generation using grub-mkconfig which documents the
      available keys in /etc/default/grub (closes: #497085).
    - Many USB fixes.

  [ Colin Watson ]
  * Reorganise configure and build targets in debian/rules to use stamp
    files.  configure/* never existed and build/* was always a directory, so
    make never considered either of them up to date (closes: #450505).
  * Remove config.h.in from AUTOGEN_FILES, since autoheader doesn't
    necessarily update it.
  * Remove conf/gcry.mk from AUTOGEN_FILES, and conf/gcry.rmk from their
    dependencies.  autogen.sh runs util/import_gcry.py after autoconf et al,
    so conf/gcry.rmk's timestamp will be later than some of the
    autogenerated outputs.
  * Go back to shipping rescue images in the grub-rescue-pc .deb itself
    rather than generating them in the postinst.  This means that (a) they
    get removed when the package is removed (closes: #584176); (b) they are
    listed in package metadata, as is proper for files in /usr (closes:
    #584218); (c) grub-rescue-pc can potentially be used as a
    build-dependency for other packages that need to build GRUB images into
    installation media etc., without having to build-depend on grub-pc which
    isn't coinstallable with other platform variants and does invasive
    things in its postinst.
  * Add grub-mkrescue patch from Thomas Schmitt to allow reducing the size
    of xorriso-created images.  Use this to ensure that
    grub-rescue-floppy.img fits well within size limits (closes: #548320).

 -- Colin Watson <cjwatson op debian.org>  Thu, 03 Jun 2010 11:24:41 +0100

grub2 (1.98+20100527-2) unstable; urgency=low

  * Always override statically-linked-binary Lintian tag for kernel.img;
    dynamic linking makes no sense here.
  * kernel.img is stripped upstream where it can be, but override Lintian's
    error for the cases where it can't.
  * Override binary-from-other-architecture for kernel.img as well as *.mod
    when building grub-efi-amd64 on i386.

 -- Colin Watson <cjwatson op debian.org>  Tue, 01 Jun 2010 13:48:14 +0100

grub2 (1.98+20100527-1) unstable; urgency=low

  * New Bazaar snapshot.
    - Support multiple terminals in grub-mkconfig, e.g.
      GRUB_TERMINAL='serial console' (closes: #506707).
    - Speed up consecutive hostdisk operations on the same device (closes:
      #508834, #574088).
    - Fix grammar error in grub-setup warning (closes: #559005).
    - Use xorriso for image creation rather than embedding a modified copy
      of mkisofs (closes: #570156).
    - Issue an error rather than segfaulting if only some LVM component
      devices are in device.map (closes: #577808).
    - Fix typo in make_device_name which caused grub-probe problems on
      systems with BSD disk labels (closes: #578201).
    - Add DM-RAID probe support (closes: #579919).
    - Include all gnumach kernels on Hurd, not just gnumach and gnumach.gz
      (closes: #581584).

  [ Colin Watson ]
  * Restore TEXTDOMAINDIR correction in grub.d files, lost by mistake in a
    merge.  Noticed by Anthony Fok.
  * Don't fail on purge if the ucf association has already been taken over
    by a different grub package (closes: #574176).
  * Add debian/grub-extras/*/conf/*.mk to AUTOGEN_FILES.
  * Remove support for the lpia architecture, now removed from Ubuntu.
  * Conflict with grub (<< 0.97-54) as well as grub-legacy.
  * Build-depend on libdevmapper-dev for DM-RAID probe support.
  * Switch to quilt.
  * Suggest xorriso (>= 0.5.6.pl00) in grub-common, since grub-mkrescue now
    needs it.  Depend on it in grub-rescue-pc.
  * Move grub-mkimage to grub-common, now that it only has one
    implementation.
  * Clean up temporary files used while building grub-firmware-qemu.
  * Make grub-probe work with symlinks under /dev/mapper (closes: #550704).
  * When upgrading a system where GRUB 2 is chainloaded from GRUB Legacy and
    upgrade-from-grub-legacy has not been run, upgrade the chainloaded image
    rather than confusing the user by prompting them where they want to
    install GRUB (closes: #546822).
  * Build-depend on libsdl1.2-dev for SDL support in grub-emu.
  * Don't leak debconf's file descriptor to update-grub, so that the LVM
    tools called from os-prober don't complain about it (closes: #549976).
    Other leaks are not this package's fault, may not be bugs at all, and in
    any case os-prober 1.36 suppresses the warnings.
  * Build-depend on flex (>= 2.5.35).
  * Build-depend on gcc-4.4-multilib on amd64.

  [ Updated translations ]
  * Slovenian (sl.po) by Vanja Cvelbar (closes: #570110).
  * Vietnamese (vi.po) by Clytie Siddall (closes: #574578).
  * Tamil (ta.po) by Tirumurti Vasudevan (closes: #578282).
  * Portuguese (pt.po) by Tiago Fernandes (closes: #580140).
  * Romanian (ro.po) by Eddy Petrișor / Andrei Popescu (closes: #583185).

 -- Colin Watson <cjwatson op debian.org>  Tue, 01 Jun 2010 11:24:38 +0100

grub2 (1.98-1) unstable; urgency=low

  * New upstream release (closes: #572898).
    - Fix grub-script-check to handle empty lines (closes: #572302).
    - Fix offset computation when reading last sectors.  Partition reads and
      writes within and outside a partition (closes: #567469, #567884).
    - Fix script execution error handling bug that meant that an error in a
      menuentry's last statement caused the whole menuentry to fail (closes:
      #566538, LP: #464743).
    - Support GRUB_GFXPAYLOAD_LINUX (closes: #536453, LP: #416772).

  [ Samuel Thibault ]
  * Add GRUB_INIT_TUNE example to /etc/default/grub (closes: #570340).

  [ Colin Watson ]
  * Build-depend on libusb-dev so that grub-emu is reliably built with USB
    support (closes: #572854).
  * Update directions in debian/rules on exporting grub-extras to account
    for it being maintained in Bazaar nowadays.
  * Add myself to Uploaders.
  * Acknowledge NMUs, thanks to Torsten Landschoff and Julien Cristau.

 -- Colin Watson <cjwatson op debian.org>  Tue, 09 Mar 2010 13:25:35 +0000

grub2 (1.98~20100128-1.2) unstable; urgency=low

  * Non-maintainer upload.
  * Stop setting gfxpayload=keep (closes: #567245).

 -- Julien Cristau <jcristau op debian.org>  Sun, 14 Feb 2010 20:37:51 +0100

grub2 (1.98~20100128-1.1) unstable; urgency=low

  * Non-maintainer upload.
  * Apply trivial patch (already merged upstream) fixing the offset
    computation for non-cached reads (closes: #567637).

 -- Torsten Landschoff <torsten op debian.org>  Mon, 08 Feb 2010 22:15:01 +0100

grub2 (1.98~20100128-1) unstable; urgency=low

  * New Bazaar snapshot.
    - Fix corruption problem when reading files from CDROM.  (Closes: #567219)

  [ Felix Zielcke ]
  * Never strip kernel.img in rules. Upstream already does it when it
    can be done. (Closes: #561933)
  * Bump Standards-Version to 3.8.4.

  [ Robert Millan ]
  * rules: Run the testsuite (make check) when building grub-pc.

 -- Robert Millan <rmh.debian op aybabtu.com>  Thu, 28 Jan 2010 16:28:45 +0100

grub2 (1.98~20100126-1) unstable; urgency=low

  * New Bazaar snapshot.
    - Includes mipsel-yeeloong port.

  [ Robert Millan ]
  * config.in: Lower priority of grub2/linux_cmdline_default.

  [ Felix Zielcke ]
  * Drop `CFLAGS=-O0' workaround on powerpc. Should be fixed correctly now.
  * Ship grub-bin2h and grub-script-check in grub-common.
  * Terminate NEWS.Debian with a blank line like lintian would suggest
    if that check would be working correctly.

 -- Felix Zielcke <fzielcke op z-51.de>  Tue, 26 Jan 2010 19:26:25 +0100

grub2 (1.98~20100115-1) unstable; urgency=low

  * New Bazaar snapshot.
    - Includes savedefault / grub-reboot branch.
    - Includes Multiboot video support (from latest 1.x draft).

 -- Robert Millan <rmh.debian op aybabtu.com>  Fri, 15 Jan 2010 18:15:26 +0100

grub2 (1.98~20100110-1) unstable; urgency=low

  * New Bazaar snapshot.

  [ Robert Millan ]
  * grub-rescue-pc.postinst: Fix image generation during upgrades.
    (Closes: #564261)

 -- Robert Millan <rmh.debian op aybabtu.com>  Sun, 10 Jan 2010 02:45:52 +0100

grub2 (1.98~20100107-1) unstable; urgency=low

  * New Bazaar snapshot.

  [ Robert Millan ]
  * grub-rescue-pc.postinst: Use grub-mkrescue for floppy as well.

  [ Updated translations ]
  * Chinese (zh_TW.po) by Tetralet. (Closes: #564044)

 -- Robert Millan <rmh.debian op aybabtu.com>  Thu, 07 Jan 2010 17:56:10 +0100

grub2 (1.98~20100101-1) unstable; urgency=high

  * New Bazaar snapshot.
    - Fix FTBS on sparc.

  [ Robert Millan ]
  * rules: Auto-update version from debian/changelog.

  [ Felix Zielcke ]
  * Add -O0 to CFLAGS on powerpc to avoid the `_restgpr_31_x in boot is
    not defined' FTBFS.

 -- Felix Zielcke <fzielcke op z-51.de>  Fri, 01 Jan 2010 00:31:37 +0100

grub2 (1.98~20091229-1) unstable; urgency=high

  * New Bazaar snapshot.
    - Fix slowness when $prefix uses an UUID.
      (Closes: #541145, LP: #420933)
    - Correctly set TARGET_CFLAGS. (Closes: #562953)

  [ Robert Millan ]
  * grub-rescue-pc.postinst: Build USB rescue image.
  * rules: Invoke configure with relative path.  This makes binaries smaller,
    since dprintf strings are constructed using this path.

  [ Felix Zielcke ]
  * Urgency=high due to RC bug fix.
  * Fix version comparison in grub-common.preinst for handling obsolete
    /etc/grub.d/10_freebsd. (Closes: #562921)

 -- Felix Zielcke <fzielcke op z-51.de>  Tue, 29 Dec 2009 16:05:00 +0100

grub2 (1.98~20091222-1) unstable; urgency=low

  * New Baazar snapshot.
    - Make 30_os-prober again dash compatible. (Closes: #562034) 

 -- Felix Zielcke <fzielcke op z-51.de>  Tue, 22 Dec 2009 12:50:57 +0100

grub2 (1.98~20091221-1) unstable; urgency=low

  * New Bazaar snapshot.
    - Fix search command failing on some broken BIOSes. (Closes: #530357)

  [ Felix Zielcke ]
  * Add Replaces:/Conflicts: grub-linuxbios to grub-coreboot. (Closes: #561811)
  * Delete obsolete /etc/grub.d/10_freebsd if it has not been modified,
    else disable it. (Closes: #560346)

 -- Robert Millan <rmh.debian op aybabtu.com>  Mon, 21 Dec 2009 22:04:17 +0100

grub2 (1.98~20091210-1) unstable; urgency=low

  * Version bump.

 -- Robert Millan <rmh.debian op aybabtu.com>  Mon, 14 Dec 2009 14:52:59 +0100

grub2 (1.97+20091210-1) unstable; urgency=low

  * New Bazaar snapshot.
    - patches/02_fix_mountpoints_in_mkrelpath.diff: Remove (merged). 
    - Fixes FTBFS on powerpc (again) and sparc.
    - patches/903_grub_legacy_0_based_partitions.diff: Resync (merged into
      debian branch).

  * Fix dpkg dependency for lenny compatibility.

 -- Robert Millan <rmh.debian op aybabtu.com>  Thu, 10 Dec 2009 00:35:20 +0100

grub2 (1.97+20091130-1) unstable; urgency=low

  * New Bazaar snapshot.
  * Enable ntldr-img from grub-extras.

 -- Robert Millan <rmh.debian op aybabtu.com>  Mon, 30 Nov 2009 02:33:03 +0100

grub2 (1.97+20091125-2) unstable; urgency=low

  [ Updated translations ]
  * Bulgarian (bg.po) by Damyan Ivanovi (Closes: #558039)

  [ Robert Millan ]
  * control: Remove genisoimage from Build-Depends/Suggests (no longer
    used).
  * grub.d/05_debian_theme: Make output string distro-agnostic.

  [ Felix Zielcke ]
  * patches/02_fix_mountpoints_in_mkrelpath.diff: New patch to handle
    mount points like the old shell function did. (Closes: #558042)

 -- Felix Zielcke <fzielcke op z-51.de>  Sun, 29 Nov 2009 21:38:00 +0100

grub2 (1.97+20091125-1) unstable; urgency=low

  [ Robert Millan ]
  * New upstream snapshot.
    - Fixes script parser load error.

  * Add gettext to Build-Depends and gettext-base to grub-common's
    Depends.

 -- Felix Zielcke <fzielcke op z-51.de>  Wed, 25 Nov 2009 19:22:51 +0100

grub2 (1.97+20091124-1) unstable; urgency=low

  * New upstream snapshot.
    - Fix grub-mkisofs related FTBFS on powerpc. (Closes: #557704)
    - Create fake GRUB devices for devices not listed in device.map.
      This also makes dmraid and multipath work as long as
      search --fs-uuid works. (Closes: #442382, #540549, LP: #392136)
    - rules: grub-emu is now built as a port.

  [ Felix Zielcke ]
  * Change the bt-utf-source build dependency to xfonts-unifont. It's
    more complete, better maintained and grub-mkfont supports actually
    more then BDF fonts as input, thanks to libfreetype.
  * Use grub-probe to get the GRUB device of /boot/grub instead of
    passing (hd0) to grub-install when creating the core.img with
    chainloading. This avoids the (UUID=) hack slowness in case
    /boot/grub is on a different disk then (hd0) in device.map.
  * patches/903_grub_legacy_0_based_partitions.diff: Update.
  * Add a build dependency on automake and python.
  * Set TARGET_CC=$(CC) to really use gcc-4.4 everywhere. Also pass it
    and CC as arguments to ./configure instead of env vars so they get
    preserved.
  * Ship grub-mkrelpath in grub-common.
  * Ship the locale files in grub-common.
  * Add a dependency on 'dpkg (>= 1.15.4) | install-info' for grub-common
    as recommended by Policy and lintian.


 -- Felix Zielcke <fzielcke op z-51.de>  Tue, 24 Nov 2009 21:20:00 +0100

grub2 (1.97+20091115-1) unstable; urgency=low

  * New upstream snapshot.
    - Fix security problem with password checking.  (Closes: #555195)
    - Fix the generated GNU/Hurd menu entries and also add support for
      it in 30_os-prober. (Closes: #555188)
    - Same grub-mkrescue for grub-pc and grub-coreboot, used by
      grub-rescue-pc during postinst now. (Closes: #501867)

  [ Felix Zielcke ]
  * Ship grub-mkisofs in grub-common.
  * patches/002_grub.d_freebsd.in.diff: Remove (merged upstream).
  * patches/906_grub_extras.diff: Remove. Superseded by GRUB_CONTRIB variable
    in recent upstream trunk.
  * rules: Export GRUB_CONTRIB to enable grub-extras add-ons.
  * Pass --force to grub-install in the postinst. (Closes: #553415) 
  * Don't strip debug symbols from grub-emu. It's meant for debugging
    and with them it's much more useful.
  * Ship grub-mkfloppy in grub-pc.
  * Revert the Replaces: grub-common to (<= 1.96+20080413-1) on the
    grub-pc package. It was wrongly modified long ago.

  [ Robert Millan ]
  * copyright: Document mkisofs.
  * control: Update Vcs- fields (moved to Bazaar).
  * rules: Update debian/legacy/update-grub rule to Bazaar.

 -- Felix Zielcke <fzielcke op z-51.de>  Sun, 15 Nov 2009 19:13:31 +0100

grub2 (1.97-1) unstable; urgency=low

  [ Robert Millan ]
  * patches/905_setup_force.diff: Remove, no longer needed as of
    grub-installer >= 1.47.
  * grub.d/05_debian_theme: Attempt to source grub_background.sh from
    desktop-base (Needed for #495282, #495616, #500134, see also
    #550984).

  [ Felix Zielcke ]
  * Add a build dependency on texinfo.
  * Fix little typo in /etc/default/grub. (LP: #457703)

  [ Updated translations ]
  * Finnish (fi.po) by Esko Arajärvi. (Closes: #551912)

 -- Felix Zielcke <fzielcke op z-51.de>  Sun, 25 Oct 2009 19:50:21 +0100

grub2 (1.97~beta4-1) unstable; urgency=low

  * New upstream beta release.

  [ Felix Zielcke ]
  * Change the Recommends: os-prober to (>= 1.33).
  * patches/907_grub.cfg_400.diff: Really add it. Somehow it was a 0 byte file.
    (Closes: #547409)
  * Convert newlines back to spaces when parsing kopt from
    GRUB Legacy's menu.lst, before giving the value to Debconf.
    Thanks to Colin Watson. (Closes: #547649)
  * Ship the info docs in grub-common. (Closes: #484074)
  * Remove generated /usr/share/info/dir* files.
  * Update the presubj bug file and also install it for grub-common.

  [ Robert Millan ]
  * Enable ZFS and 915resolution in grub-extras (now requires explicit
    switch).
  * grub-common conflicts with grub-doc (<< 0.97-32) and grub-legacy-doc
    (<< 0.97-59).
  * Move grub-emu to a separate package.

  [ Updated translations ]
  * Japanese (ja.po) by Hideki Yamane. (Closes: #549599)

 -- Robert Millan <rmh.debian op aybabtu.com>  Mon, 05 Oct 2009 20:03:04 +0200

grub2 (1.97~beta3-1) unstable; urgency=high

  * New upstream beta release.
    - Make it more clear how to use /etc/grub.d/40_custom. (Closes: #545153)
    - fix a serious memory corruption in the graphical subsystem.
      (Closes: #545364, #544155, #544639, #544822, LP: #424503)
    - patches/003_grub_probe_segfault.diff: Remove (merged).

  * Change the watch file so upstream beta releases are recognized.
  * Include /etc/default/grub in bug reports.
  * Recommend os-prober (>= 1.32). (Closes: #491872)
  * Change the gcc-multilib [sparc] build dependency to gcc-4.4-multilib
    [sparc].
  * patches/907_grub.cfg_400.diff: New patch to make grub.cfg again mode
    444 if it does not contain a password line.
  * Use `su' in the bug reporting script to read grub.cfg in case the user
    is not allowed to read it.
  * Readd grub-pc/kopt-extracted template.

  [ Updated translations ]
  * Brazilian Portuguese (pt_BR.po) by Flamarion Jorge.
  * Japanese (ja.po) by Hideki Yamane. (Closes: #545331)
  * Spanish (es.po) by Francisco Javier Cuadrado. (Closes: #545566)
  * Italian (it.po) by Luca Monducci. (Closes: #546035)

 -- Felix Zielcke <fzielcke op z-51.de>  Sat, 12 Sep 2009 15:28:20 +0200

grub2 (1.97~beta2-2) unstable; urgency=low

  [ Updated translations ]
  * Dutch (nl.po) by Paul Gevers. (Closes: #545050)

  [ Felix Zielcke ]
  * Move GRUB Legacy's grub-set-default to /usr/lib/grub-legacy in
    preparation for GRUB 2's grub-set-default.
  * Remove password lines in bug script.

  [ Robert Millan ]
  * Do not conflict with `grub' dummy package (this prevented upgrades).
  * patches/003_grub_probe_segfault.diff: Disable file test codepath, which
    wasn't normally used before.

 -- Felix Zielcke <fzielcke op z-51.de>  Sat, 05 Sep 2009 00:27:22 +0200

grub2 (1.97~beta2-1) unstable; urgency=low

  * New upstream beta release.
    - Fix loading of FreeBSD modules. (Closes: #544305)

  [ Updated translations ]
  * French (fr.po) by Christian Perrier. (Closes: #544320)
  * Czech (cs.po) by Miroslav Kure. (Closes: #544327)
  * Belarusian (be.po) by Hleb Rubanau.
  * Arabic (ar.po) by Ossama M. Khayat.
  * Catalan (ca.po) by Juan Andrés Gimeno Crespo.
  * Russian (ru.po) by Yuri Kozlov. (Closes: #544730)
  * Swedish (sv.po) by Martin Ågren. (Closes: #544759)
  * Brazilian Portuguese (pt_BR.po) by Flamarion Jorge. (Closes: #544810)
  * German (de.po) by Helge Kreutzmann. (Closes: #544912)

  [ Robert Millan ]
  * Build with GCC 4.4.

 -- Robert Millan <rmh.debian op aybabtu.com>  Fri, 04 Sep 2009 14:40:20 +0200

grub2 (1.97~beta1-1) unstable; urgency=low

  * New upstream beta release.

  [ Updated translations ]
  * German (de.po) by Helge Kreutzmann. (Closes: #544261)
  * Asturian (ast.po) by Marcos.
  * Georgian (ka.po) by Aiet Kolkhi.

  [ Robert Millan ]
  * Merge config, templates, postinst, postrm, dirs and install files
    into a single source.
  * Disable Linux-specific strings on GNU/kFreeBSD.  Enable translations
    in grub2/linux_cmdline_default.  Add grub2/kfreebsd_* strings (still
    unused).

 -- Felix Zielcke <fzielcke op z-51.de>  Sun, 30 Aug 2009 18:01:40 +0200

grub2 (1.96+20090829-1) unstable; urgency=low

  * New SVN snapshot.
    - Fix filesystem mapping on GNU/kFreeBSD.  (Closes: #543950)

  * New grub-extras SVN snapshot.
    - Add 915resolution support to the GMA500 (poulsbo) graphics chipset.
      Thanks to Pedro Bulach Gapski. (Closes: #543917)

  * Use `cp -p' to copy /usr/share/grub/default/grub to the temporary
    file to preverse permissions.
  * Remove also efiemu files from /boot/grub on purge if requested.
  * Check that GRUB_CMDLINE_LINUX and GRUB_CMDLINUX_LINUX_DEFAULT is at
    the start of line in *.postinst.
  * Don't check that $GRUB_CMDLINE_LINUX{,DEFAULT} are non empty strings
    in *.config.
  * Add empty GRUB_CMDLINE_LINUX to /usr/share/grub/default/grub.
  * Factorise the editing of the temporary file. Thanks to Martin F
    Krafft.
  * Read in /etc/default/grub in *.config files.

  [ Updated translations ]
  * French (fr.po) by Christian Perrier. (Closes: #544023)
  * Russian (ru.po) by Yuri Kozlov. (Closes: #544077)
  * Italian (it.po) by Luca Monducci. (Closes: #544200)

 -- Felix Zielcke <fzielcke op z-51.de>  Sat, 29 Aug 2009 17:01:17 +0200

grub2 (1.96+20090826-3) unstable; urgency=low

  * Add missing quotes in grub-pc.config and *.postinst.

 -- Felix Zielcke <fzielcke op z-51.de>  Wed, 26 Aug 2009 19:14:23 +0200

grub2 (1.96+20090826-2) unstable; urgency=low

  * Really use the correct templates in grub-pc.config. ARGS.

 -- Felix Zielcke <fzielcke op z-51.de>  Wed, 26 Aug 2009 14:10:41 +0200

grub2 (1.96+20090826-1) unstable; urgency=low

  * New SVN snapshot.

  * Use the right templates in grub-pc.config. (Closes: #543615)

 -- Felix Zielcke <fzielcke op z-51.de>  Wed, 26 Aug 2009 11:00:36 +0200

grub2 (1.96+20090825-1) unstable; urgency=low

  * New SVN snapshot.
    - Enable gfxterm only if there's a suitable video backend and don't
      print an error if not. (Closes: #520846)

  [ Felix Zielcke ]
  * Copy unicode.pf2 instead of ascii.pf2 to /boot/grub in grub-pc
    postinst (Closes: #542314).
  * Update Standards version to 3.8.3.
  * Use DEB_HOST_ARCH_CPU for the generation of the lintian overrides.
  * Fix calling the grub-pc/postrm_purge_boot_grub template in
    grub-pc.postinst.
  * Handle GRUB_CMDLINE_LINUX and GRUB_CMDLINE_LINUX_DEFAULT via
    debconf. Thanks to Martin F. Krafft and Colin Watson for idea and
    hints.
  * Use ucfr --force when /etc/default/grub is registered to a grub-* package.
  * Use #!/bin/sh in *.config and fix a small bashism in grub-pc.config.

  [ Robert Millan ]
  * patches/907_terminal_output_workaround.diff: Remove.  It seems that
    it wasn't really necessary.
  * grub-pc.postinst: Avoid printing an error if /etc/kernel-img.conf
    doesn't exist, because it is misleading.  We simply refrain from
    fixing it and move along.
  * grub-pc.postinst: Don't schedule generation of grub.cfg via "grub-install"
    code path unless we actually run grub-install.
  * grub-pc.postinst: Only copy unicode.pf2 and moreblue-orbit-grub.png when
    /boot/grub/grub.cfg is scheduled to be generated.
  * legacy/upgrade-from-grub-legacy: Reset grub-pc/install_devices.
    Thanks Colin Watson.  (Closes: #541230)

 -- Felix Zielcke <fzielcke op z-51.de>  Tue, 25 Aug 2009 21:45:24 +0200

grub2 (1.96+20090808-1) unstable; urgency=low

  * New SVN snapshot.
    - Fix XFS with inode size different then 256. (Closes: #528761)
    - Add support for multiple LVM metadata areas. (LP: #408580)
    - patches/008_dac_palette_width.diff: Remove. (merged)
    - Prefer unicode over ascii font. (LP: #352034)

  [ Felix Zielcke ]
  * Fix the generation of the lintian override for efiemu64.o.
  * Remove the Conflicts dmsetup.
  * Use ?= for setting DEB_HOST_ARCH.
  * Document GRUB_DISABLE_LINUX_RECOVERY in /etc/default/grub.
    (Closes: #476536 LP: #190207)
  * Add docs/grub.cfg to examples.
  * patches/01_uuids_and_lvm_dont_play_along_nicely.diff: Updated to
    also disable UUIDs on LVM over RAID.
  * Add a debconf prompt to remove all grub2 files from /boot/grub on
    purge. (Closes: #527068, #470400)
  * Move the Suggests: os-prober from grub-pc to grub-common. 
  * patches/901_dpkg_version_comparison.diff: Updated.
  * Update the Replaces on grub-common for the other packages to (<<
    1.96+20080831-1). (Closes: #540492)

  [ Robert Millan ]
  * Reorganize grub-pc.{config,postinst} logic.  The idea being that if there's
    no trace of GRUB Legacy, the grub-pc/install_devices template will be
    shown even if this is the first install.
  * When setting grub-pc/install_devices, obtain input dynamically from
    grub-mkdevicemap (rather than devices.map). (Closes: #535525)
  * Add a note to grub-pc/install_devices template that it's also possible
    to install GRUB to a partition boot record.
  * patches/002_grub.d_freebsd.in.diff: New patch.  Reimplement
    10_freebsd.in to handle multiple kernel versions & acpi.ko.

 -- Robert Millan <rmh.debian op aybabtu.com>  Mon, 10 Aug 2009 18:49:52 +0200

grub2 (1.96+20090725-1) unstable; urgency=high

  * New SVN snapshot.
    - Don't add drivemap call with Windows Vista/7. It breaks Win 7.
      (LP: #402154)

  [ Felix Zielcke ]
  * Don't build grub-efi-amd64 on hurd-i386.
  * Change DEB_BUILD_ARCH to DEB_HOST_ARCH in the check for sparc.
  * Don't add the lintian override for kernel.img for sparc and grub-pc.
  * Add a lintian override for binary-from-other-architecture for
    grub-efi-amd64 and grub-pc on i386.
  * Use wildcards in the lintian overrides.
  * Add a Conflicts/Replaces for all packages except grub-common.
    (Closes: #538177)

  [ Robert Millan ]
  * 008_dac_palette_width.diff: New patch.  Fix blank screen when booting
    Linux with vga= parameter set to a packed color mode (<= 8-bit).
    (Closes: #535026)
  * Set urgency=high because #535026 affects 1.96+20090709-1 which is in
    testing now.
  * patches/907_terminal_output_workaround.diff: Work around recent regression
    with terminal_output command (not critical, just breaks gfxterm).

 -- Robert Millan <rmh.debian op aybabtu.com>  Sat, 25 Jul 2009 19:00:53 +0200

grub2 (1.96+20090721-4) unstable; urgency=low

  * Place grub-ofpathname only in grub-common. (Closes: #537999)

 -- Felix Zielcke <fzielcke op z-51.de>  Wed, 22 Jul 2009 13:38:24 +0200

grub2 (1.96+20090721-3) unstable; urgency=low

  * Don't strip kernel.img on sparc.
  * Suggest efibootmgr on grub-efi-{amd64,ia32}.
  * Pass --disable-grub-fstest to configure. (Closes: #537897)

 -- Felix Zielcke <fzielcke op z-51.de>  Tue, 21 Jul 2009 21:46:01 +0200

grub2 (1.96+20090721-2) unstable; urgency=low

  * Add back Conflicts/Replaces grub.

 -- Felix Zielcke <fzielcke op z-51.de>  Tue, 21 Jul 2009 11:24:45 +0200

grub2 (1.96+20090721-1) unstable; urgency=low

  * New SVN snapshot.

  * Change License of my update-grub(8) and update-grub2(8) manpages to
    GPL3+ to match new copyright file.
  * Merge from Ubuntu: Don't build grub-efi-amd64 on lpia.
  * Don't pass `--enable-efiemu' to configure. On kfreebsd-i386 it won't
    compile and it should be now auto detected if it's compilable.
    (Closes: #536783)
  * Don't build grub-efi-amd64 on kfreebsd-i386. It lacks 64bit compiler
    support.
  * Rename the lintian override for kernel.elf to kernel.img.
  * Strip kernel.img not kernel.elf, but not in the case of grub-pc.
  * Rename the Conflicts/Replaces grub to grub-legacy. (Closes: #537824)

 -- Felix Zielcke <fzielcke op z-51.de>  Tue, 21 Jul 2009 10:50:20 +0200

grub2 (1.96+20090709-1) unstable; urgency=low

  * New SVN snapshot.

  * control (Build-Depends): Add gcc-multilib [sparc].
  * copyright: Rewrite using DEP-5 format.
  * Merge grub-extras into the package, and integrate it with GRUB's
    build system.
    - patches/906_grub_extras.diff
    - rules
    - copyright

 -- Robert Millan <rmh.debian op aybabtu.com>  Thu, 09 Jul 2009 00:26:49 +0200

grub2 (1.96+20090702-1) unstable; urgency=low

  * New SVN snapshot.
  * rules: Remove duplicated files in sparc64-ieee1275 port.
  * rules: Comment out -DGRUB_ASSUME_LINUX_HAS_FB_SUPPORT=1 setting.  We'll
    re-evaluate using it when it's more mature.  (Closes: #535026).

 -- Robert Millan <rmh.debian op aybabtu.com>  Thu, 02 Jul 2009 13:23:51 +0200

grub2 (1.96+20090629-1) unstable; urgency=low

  * New SVN snapshot.
    - Misc fixes in Linux loader.

  * control (grub-firmware-qemu): Make it buildable only on i386/amd64.
  * control: Add sparc (grub-ieee1275), remove remnants of ppc64.
  * rules: Include all modules in grub-firmware-qemu build.

 -- Robert Millan <rmh.debian op aybabtu.com>  Mon, 29 Jun 2009 19:22:37 +0200

grub2 (1.96+20090628-1) unstable; urgency=low

  * New SVN snapshot.
  * Re-enable QEMU port.

 -- Robert Millan <rmh.debian op aybabtu.com>  Sun, 28 Jun 2009 01:11:10 +0200

grub2 (1.96+20090627-2) unstable; urgency=low

  * Disable QEMU port untill it goes through NEW.
  * Upload to unstable.

 -- Robert Millan <rmh.debian op aybabtu.com>  Sat, 27 Jun 2009 18:40:17 +0200

grub2 (1.96+20090627-1) experimental; urgency=low

  * New SVN snapshot.
    - Fix parsing of --output in grub-mkconfig. (Closes: #532956)

  [ Felix Zielcke ]
  * Use ucfr --force in grub-ieee1275.postinst in case we're upgrading
    from previous version. It registered /etc/default/grub wrongly with
    package iee1275.
  * Drop the build dependency on libc6-dev-i386.
  * Remove ppc64 from the Architectures. It's totally dead.
  * Add a note to /etc/default/grub that update-grub needs to be run to
    update grub.cfg. (Closes: #533026)
  * Fix the svn-snapshot rule.
  * Update Standards version to 3.8.2. No changes needed.

  [ Robert Millan ]
  * legacy/upgrade-from-grub-legacy: Invoke grub-pc.postinst directly rather
    than dpkg-reconfigure.  Since we pretend we're upgrading, it will DTRT.
  * Add grub-firmware-qemu package.
    - patches/008_qemu.diff: QEMU port (patch from upstream).
    - control (grub-firmware-qemu): New package.
    - rules: Add grub-firmware-qemu targets.
    - debian/grub-firmware-qemu.dirs
    - debian/grub-firmware-qemu.install
  * patches/906_revert_to_linux16.diff: Remove, now that gfxpayload is
    supported.

 -- Robert Millan <rmh.debian op aybabtu.com>  Sat, 27 Jun 2009 00:46:23 +0200

grub2 (1.96+20090611-1) experimental; urgency=low

  * New SVN snapshot.

  * Append .diff to patches/01_uuids_and_lvm_dont_play_along_nicely so
    it gets really applied.
  * Drop completely the build dependency on gcc-multilib.
  * Instead of arborting in the preinst if /etc/kernel-img.conf still
    contains /sbin/update-grub, change the file with sed. Policy allows
    thisi, because it's not a conffile, according to Colin Watson.
  * Change /etc/default/grub to an ucf managed file instead of dpkg
    conffile.

 -- Felix Zielcke <fzielcke op z-51.de>  Fri, 12 Jun 2009 11:46:24 +0200

grub2 (1.96+20090609-1) experimental; urgency=low

  * New SVN snapshot.
    - Fix variable parsing inside strings. (Closes: #486180)
    - Add `true' command. (Closes: #530736)

  [ Robert Millan ]
  * Split grub-efi in grub-efi-ia32 and grub-efi-amd64, both available
    on i386 and amd64.  (Closes: #524756)
  * Add kopensolaris-i386 to arch list.

  [ Felix Zielcke ]
  * Add a NEWS entry about the grub-efi split. 
  * Drop the build dependency on gcc-multilib for all *i386.
  * Change upgrade-from-grub-legacy to use `dpkg-reconfigure grub-pc' to
    install grub2 into MBR.

  [ New translations ]
  * Catalan (ca.po) by Jordi Mallach.

  [ Updated translations ]
  * Spanish (es.po) by Francisco Javier Cuadrado. (Closes: #532407)

 -- Jordi Mallach <jordi op debian.org>  Tue, 09 Jun 2009 19:21:15 +0200

grub2 (1.96+20090603-1) unstable; urgency=low

  * New SVN snapshot.

  * Abort the install of grub-pc if /etc/kernel-img.conf still contains
    /sbin/update-grub (Closes: #500631).

 -- Felix Zielcke <fzielcke op z-51.de>  Wed, 03 Jun 2009 20:01:11 +0200

grub2 (1.96+20090602-1) unstable; urgency=low

  * New SVN snapshot.

  [ Felix Zielcke ]
  * Skip floopies in the grub-install debconf prompt in grub-pc postinst.
    Patch by Fabian Greffrath. (Closes: #530848)

  [ Robert Millan ]
  * Change Vcs-Browser field to viewsvn.

  [ Felix Zielcke ]
  * Change Vcs-Svn field to point to the trunk. (Closes: #531391)
  * patches/01_uuids_and_lvm_dont_play_along_nicely: New patch.
    On Debian root=UUID= with lvm still doestn't work so disable it.
    (Closes: #530357)
  * Remove Otavio Salvador from Uploaders with his permission.
  * add grub-pc.preinst

 -- Felix Zielcke <fzielcke op z-51.de>  Wed, 03 Jun 2009 14:42:11 +0200

grub2 (1.96+20090523-1) unstable; urgency=low

  * New SVN snapshot.
    - Add drivemap command, similar to grub-legacy's map command.
      (Closes: 503630)
    - Export GRUB_TERMINAL_INPUT in grub-mkconfig. (Closes: #526741)

  [ Robert Millan ]
  * rules: Set GRUB_ASSUME_LINUX_HAS_FB_SUPPORT=1 in CFLAGS.
  * patches/905_setup_force.diff: Relax blocklist warnings.
  * patches/906_revert_to_linux16.diff: Keep using linux16 for now.

  [ Felix Zielcke ]
  * patches/07_core_in_fs.diff: Updated.
  * Remove /etc/grub.d/10_hurd on non-Hurd systems in the grub-common
    preinst. Likewise for 10_freebsd for non kFreebsd and 10_linux on
    kFreebsd and Hurd. (Closes: #523777)

 -- Felix Zielcke <fzielcke op z-51.de>  Sat, 23 May 2009 20:05:10 +0200

grub2 (1.96+20090504-1) experimental; urgency=low

  * New SVN snapshot.
    - Add support for parttool command, which can be used to hide partitions.
      (Closes: #505905)
    - Fix a segfault with LVM on RAID. (Closes: #520637)
    - Add support for char devices on (k)FreeBSD. (Closes: #521292)
    - patches/08_powerpc-ieee1275_build_fix.patch: Remove (merged).

  [ Updated translations ]
  * Basque (eu.po) by Piarres Beobide. (Closes: #522457)
  * German (de.po) by Helge Kreutzmann. (Closes: #522815)

  [ Robert Millan ]
  * Update my email address.
  * Remove 04_uuids_and_abstraction_dont_play_along_nicely.diff now that
    bugs #435983 and #455746 in mdadm and dmsetup have been fixed.

  [ Felix Zielcke ]
  * Place new grub-dumpbios in grub-common.
  * Add lpia to the archictectures to reduce the ubuntu delta.
  * Add a manpage for the update-grub and update-grub2 stubs, written by
    me. (Closes: #523876)
  * Suggest genisoimage on grub-pc and grub-ieee1275, because grub-mkrescue
    needs it to create a cd image. (Closes: #525845)
  * Add a dependency on $(AUTOGEN_FILES) for the configure/grub-common target,
    this is needed now that upstream removed the autogenerated files from SVN.
  * Add `--enable-efiemu to' `./configure' flags.
  * Add a build dependency on gcc-multilib for i386.
  * Drop alternate build dependency on gcc-4.1 (<< 4.1.2).

 -- Felix Zielcke <fzielcke op z-51.de>  Mon, 04 May 2009 21:01:22 +0200

grub2 (1.96+20090402-1) experimental; urgency=low

  * New SVN snapshot.
    - Fix regression in disk/raid.c.  (Closes: #521897, #514338)
    - Fix handling of filename string lengths in HFS.
      (Really closes: #516458).
  * Add myself to Uploaders.
  * Add patch 08_powerpc-ieee1275_build_fix.patch to fix powerpc-ieee1275
    builds which were lacking header files for kernel_elf_HEADERS. Thanks
    Vladimir Serbinenko.

 -- Jordi Mallach <jordi op debian.org>  Fri, 03 Apr 2009 20:58:37 +0200

grub2 (1.96+20090401-1) experimental; urgency=low

  [ Felix Zielcke ]
  * New SVN snapshot.
    - Pass grub's gfxterm mode to Linux kernel. (Closes: #519506)
    - Fix ext4 extents on powerpc. (Closes: #520286)

  [ Robert Millan ]
  * Remove grub-of transitional package (Lenny had grub-ieee1275 already).
  * Fix kopt parsing in grub-pc.config. Thanks Marcus Obst. (Closes: #514837)
  * Add debconf template to automatically run grub-install during upgrades
    (prior user confirmation).  (Closes: #514705)

 -- Robert Millan <rmh op aybabtu.com>  Wed, 01 Apr 2009 01:19:45 +0200

grub2 (1.96+20090317-1) unstable; urgency=low

  * New SVN snapshot.
    - Fix loading of files with underscore in HFS. (Closes: #516458)

  * Update Standards version to 3.8.1. No changes needed.

  [ Updated translations ]
  * Brazilian Portuguese (pt_BR.po) by Flamarion Jorge. (Closes: #519417)

 -- Felix Zielcke <fzielcke op z-51.de>  Tue, 17 Mar 2009 14:42:10 +0100

grub2 (1.96+20090309-1) unstable; urgency=low

  * New SVN snapshot.

 -- Felix Zielcke <fzielcke op z-51.de>  Mon, 09 Mar 2009 10:03:13 +0100

grub2 (1.96+20090307-1) unstable; urgency=low

  * New SVN snapshot.
    - Add support for /dev/md/dNNpNN mdraid devices. (Closes: #509960)
    - Add new PF2 fontengine. (Closes: #510344)
    - Avoid mounting ext2 partitions with backward-incompatible features.
      (Closes: #502333)
    - Try to avoid false positives with FAT. (Closes: #514263)

  [ Felix Zielcke ]
  * Remove build-dependency on unifont package and add one for bf-utf-source
    package and libfreetype6-dev
  * grub-pc.postinst: Copy new ascii.pf2 instead of old ascii.pff to /boot/grub.
  * Add `--enable-grub-mkfont' to configure flags.
  * Put new grub-mkfont in grub-common package.
  * Add a dependency for ${misc:Depends} to all packages to make lintian a bit
    more happy.
  * Detect when grub-setup leaves core.img in filesystem, and include that
    info in bug report templates.
    - debian/patches/07_core_in_fs.diff
    - debian/script
  * Add myself to Uploads and add `DM-Upload-Allowed: yes' tag.

  [ Updated translations ]
  * Asturian (ast.po) by Marcos Alvarez Costales. (Closes: #511144)
  * Traditional Chinese (zh_TW.po) by Tetralet. (Closes: #513918)
  * Belarusian (be.po) by Pavel Piatruk. (Closes: #516243)

 -- Felix Zielcke <fzielcke op z-51.de>  Sat, 07 Mar 2009 11:54:43 +0100

grub2 (1.96+20081201-1) experimental; urgency=low

  * New SVN snapshot.

 -- Robert Millan <rmh op aybabtu.com>  Mon,  1 Dec 2008 00:07:31 +0100

grub2 (1.96+20081120-1) experimental; urgency=low

  * New SVN snapshot.

  * Update to new debian theme.
    - grub-pc.postinst: Switch to moreblue-orbit-grub.png.
    - grub.d/05_debian_theme: Likewise.
  * grub.d/05_debian_theme:
      - Update to use new grub-mkconfig_lib instead of the deprecated
        update-grub_lib.
      - Update to check if `GRUB_TERMINAL_OUTPUT' is `gfxterm' instead of
        `GRUB_TERMINAL'.

   [ Updated translations ]
  * Romanien (ro.po) by Eddy Petrișor. (Closes: #506039)

 -- Felix Zielcke <fzielcke op z-51.de>  Thu, 20 Nov 2008 20:25:56 +0100

grub2 (1.96+20081108-1) experimental; urgency=low

  * New SVN snapshot.
    - Add support for /dev/md/N style mdraid devices. (Closes: #475585)
    - Handle LVM dash escaping. (Closes: #464215)
    - Use case insensitive match in NTFS. (Closes: #497889)
    - Use hd%d drive names in grub-mkdevicemap for all architectures.
      (Closes: #465365)
    - Handle LVM circular metadata. (Closes: #462835, #502953)
    - Fix NULL dereference and failure paths in LVM.  Thanks Guillem Jover.
      (Closes: #500482)
    - Provides GRUB header files (only in grub-common).

  [ Updated translations ]
  * Dutch (nl.po) by Paul Gevers. (Closes: #500514)
  * French (fr.po) by Christian Perrier. (Closes: #503708)
  * Georgian (ka.po) by Aiet Kolkhi. (Closes: #503715)
  * Czech (cs.po) by Miroslav Kure. (Closes: #503809)
  * German (de.po) by Helge Kreutzmann. (Closes: #503841)
  * Japanese (ja.po) by Hideki Yamane. (Closes: #503869)
  * Italian (it.po) by Luca Monducci. (Closes: #504076)
  * Swedish (sv.po) by Martin Ågren. (Closes: #504207)
  * Arabic (ar.po) by Ossama Khayat. (Closes: #504254)
  * Portuguese (pt.po) by Miguel Figueiredo. (Closes: #504280)
  * Russian (ru.po) by Yuri Kozlov. (Closes: #504324)
  * Finnish (fi.po) by Esko Arajärvi. (Closes: #504310)
  * Basque (eu.po) by Piarres Beobide. (Closes: #504466)
  * Dutch (nl.po) by Paul Gevers. (Closes: #504683)

  [ Felix Zielcke ]
  * patches/01_grub_legacy_0_based_partitions.diff: Rename to
  * patches/903_grub_legacy_0_based_partitions.diff: this and adapt for
    s/biosdisk.c/hostdisk.c/ rename upstream.
  * patches/03_disable_floppies.diff
    patches/904_disable_floppies.diff: Likewise.
  * update-grub has been renamed to grub-mkconfig, so provide a stub for
    compatibility.
  * Make grub-pc/linux_cmdline debconf template translatable. (Closes: #503478)
  * Remove ro.po and ta.po. They don't contain a single translated
    message.

  [ Robert Millan ]
  * control: Make grub-common dependency = ${binary:Version}.
  * default/grub: Set GRUB_CMDLINE_LINUX=quiet to syncronize with
    default D-I settings.

 -- Robert Millan <rmh op aybabtu.com>  Sat,  8 Nov 2008 13:54:10 +0100

grub2 (1.96+20080831-1) experimental; urgency=low

  * New SVN snapshot.
   - patches/00_fix_double_prefix.diff: Remove (merged). (Closes: #487565)
   - patches/00_getline.diff: Remove (merged). (Closes: #493289)
   - Handle errors in RAID/LVM scan routine (rather than letting the upper
     layer cope with them).  (Closes: #494501, #495049)
   - patches/901_linux_coreboot.diff: Remove (replaced).
   - Add support for GFXMODE variable (Closes: #493106)
   - Skips /dev/.* in grub-probe.  (Closes: #486624)
   - RAID code has various fixes. (Closes: #496573)
   - Buffered file read is now used to read the background image faster.
     (Closes: #490584)

  * We are already using LZMA, because upstream includes it's own lzma encoder,
    so drop completely the liblzo handling in control and rules files.

  [ Felix Zielcke ]
  * Remove the 1.95 partition numbering transition debconf warning
    from grub2 package and removed it from all languages (*.po).
    (Closes: #493744)
  * Add a comment for the new GFXMODE in default/grub.
  * debian/rules:
      - Remove 2 ./configure options which it didn't understand.
      - New grub-mkelfimage belongs to grub-common.
  * debian/control:
      - Change debhelper compat level to 7 and build depend on it >= 7.
      - Remove ${misc:Depend} dependency on all packages except grub-pc which is
        the only one using debconf.
      - Replace deprecated ${Source-Version} with ${source:Version} for <<
        dependency and with ${build:Version} for = ones.
      - Remove versioned dependency of Build-Depends patchutils and cdbs,
        because etch has newer versions then the one used.
      - Remove dpkg-dev completely from Build-Depends because it's
        build-essentail and a non versioned dependency results in a lintian error.
      - Remove Conflict/Replaces pupa, it has been removed from Debian 2004.
      - Change build-dependency of unifont-bin to unifont (>= 1:5.1.20080820),
        it's the new package containing unifont.hex and that version to avoid
        licensing problems (Closes: #496061)
      - Remove Jason Thomas from Uploaders with his permission.
  * Preserve arguments in update-grub2 stub. (Closes: #496610)

  [ Updated translations ]
  * Japanese (ja.po) by Hideki Yamane (Closes: #493347)

  [ Robert Millan ]
  * Move a few files to grub-common and remove them from the arch-
    specific packages.
  * patches/02_old_linux_version_comparison.diff: Replace with ...
  * patches/901_dpkg_version_comparison.diff: ... this.
    Use dpkg --compare-versions in update-grub. (Closes: #494158)
  * patches/03_disable_floppies.diff: Free .drive struct member when skipping
    floppy drives.  (Closes: #496040)
  * patches/902_boot_blocklist_hack.diff: Support separate /boot when using
    blocklists.  (Closes: #496820, #489287, #494589)

 -- Robert Millan <rmh op aybabtu.com>  Sun, 31 Aug 2008 18:40:09 +0200

grub2 (1.96+20080730-1) experimental; urgency=low

  * New SVN snapshot.
    - patches/00_fix_overflow.diff: Remove (merged).
    - patches/00_uuid_boot.diff: Remove (merged).
    - patches/00_raid_duped_disks.diff: Remove (merged).
    - patches/00_xfs.diff: Remove (merged).
    - patches/00_strengthen_apple_partmap_check.diff: Remove (merged).
    - patches/00_skip_dev_dm.diff: Remove (merged).

  * patches/901_linux_coreboot.diff: Implements Linux load on Coreboot
    (patch from Coresystems).

  * grub-linuxbios -> grub-coreboot rename again.

 -- Robert Millan <rmh op aybabtu.com>  Wed, 30 Jul 2008 22:12:07 +0200

gzip (1.3.12-9+squeeze1) stable; urgency=low

  * Non-maintainer upload to stable.
  * Backport upstream patch to avoid using memcpy on overlapping
    memory regions.  (Closes: #627121)

 -- Niels Thykier <niels op thykier.net>  Sat, 05 Jan 2013 11:31:24 +0100

gzip (1.3.12-9) unstable; urgency=high

  * fix applied for CVE-2010-0001 which identified an integer underflow when 
    decompressing files that are compressed using the LZW algorithm. This 
    could lead to the execution of arbitrary code when trying to decompress 
    a crafted LZW compressed gzip archive.
  * switch to using dh_lintian for override delivery

 -- Bdale Garbee <bdale op gag.com>  Thu, 21 Jan 2010 07:38:41 +1300

gzip (1.3.12-8) unstable; urgency=low

  * Add Carl Worth as an uploader.
  * Fix "-f -" to work with zgrep, closes: #168606 
  * Avoid creating undersized hufts table, closes: #507263 

 -- Carl Worth <cworth op cworth.org>  Fri, 27 Feb 2009 12:54:37 -0800

gzip (1.3.12-7) unstable; urgency=low

  * improve package descriptions, remove ancient package relationship spec
    in control file, closes: #484547

 -- Bdale Garbee <bdale op gag.com>  Sun, 15 Feb 2009 10:54:48 -0700

initramfs-tools (0.98.8) unstable; urgency=high

  [ maximilian attems ]
  * [67c1d32] initramfs-tools: MODULES=dep fix for ubifs /
    (Closes: #608339)
  * [ca4d08a] mkinitramfs: Fix noexec /tmp detection for long device
    names. (Closes: #608865) Thanks to Ian Campbell <ijc op hellion.org.uk>

  [ Ben Hutchings ]
  * [78d9e04] initramfs-tools: Handle hidden dependency of libcrc32c on
    crc32c. (Closes: #608538)


 -- maximilian attems <maks op debian.org>  Fri, 28 Jan 2011 15:11:10 +0100

initramfs-tools (0.98.7) unstable; urgency=high

  [ Aad dame ]
  * [1caecd2] initramfs-tools: Fix MODULES=dep on an AOE device.
    (Closes: #607509)

  [ maximilian attems ]
  * [78337a4] MODULES=dep Fix partitioned raid setup (Closes: #605824)

 -- maximilian attems <maks op debian.org>  Mon, 20 Dec 2010 12:56:01 +0100

initramfs-tools (0.98.6) unstable; urgency=high

  [ Milan Kupcevic ]
  * [dd40f3a] initramfs-tools: Load PowerMac G5 thermal modules.
    (Closes: #603981)

  [ maximilian attems ]
  * [c103d08] initramfs-tools: cryptsetup Lenny dist upgrade fix.
    (Closes: #607090)

  [ Ben Hutchings ]
  * [1e46a47] Fix condition for adding IDE or SCSI disk driver when
    MODULES=dep

 -- maximilian attems <maks op debian.org>  Thu, 16 Dec 2010 14:45:29 +0100

initramfs-tools (0.98.5) unstable; urgency=high

  [ maximilian attems ]
  * [6b6cbe0] mkininitramfs: MODULES=dep fallback to /proc/mounts for
    rootdev (Closes: #600453)
  * [f3b696b] Small enhancements to Maintainer docs.

  [ Marc Herbert ]
  * [478ba89] Minor documentation fix in /etc/initramfs-tools/modules.
    (LP: #177263)

 -- maximilian attems <maks op debian.org>  Thu, 21 Oct 2010 13:53:17 +0200

initramfs-tools (0.98.4) unstable; urgency=high

  * [bfb0742] reportbug: list force loaded modules.
  * [a103aea] hooks/thermal: Add windfarm_pm121 for powerpc on initramfs.
  * [1c64a45] initramfs-tools.8: udev gets loaded earlier.
    (Closes: #596984)

 -- maximilian attems <maks op debian.org>  Sat, 25 Sep 2010 20:25:30 +0200

initramfs-tools (0.98.3) unstable; urgency=high

  * [365e06b] Ubuntu merge: Conflict with older versions of usplash.

 -- maximilian attems <maks op debian.org>  Fri, 10 Sep 2010 09:40:10 +0200

initramfs-tools (0.98.2) unstable; urgency=high

  [ Eckhart Wörner ]
  * [97f20c5] initramfs-tools: Add hid-cherry and hid-logitech to
    initramfs (Closes: #595827)

 -- maximilian attems <maks op debian.org>  Tue, 07 Sep 2010 12:54:01 +0200

initramfs-tools (0.98.1) unstable; urgency=high

  [ Vagrant Cascadian ]
  * [85fbb23] configure_networking(): Look for presence of
    /tmp/net-*.conf files to not recall ipconfig. (Closes: #584583)

 -- maximilian attems <maks op debian.org>  Wed, 25 Aug 2010 22:13:18 +0200

initramfs-tools (0.98) unstable; urgency=low

  [ Michael Prokop ]
  * [7faeb32] fix typos in manpage, scripts/functions and
    conf/initramfs.conf - thanks lintian
  * [f1360c9] debian/NEWS: drop asterisk chars to make lintian happy
  * [c4a1981] install doc-base file for doc-base-registration
  * [f813bd9] add debian/source/format with "3.0 (native)" to make
    lintian happy
  * [38ee1a0] maintainer-notes: document "git remote prune origin" -
    thanks to maximilian attems <maks op debian.org>
  * [2390db8] maintainer-notes: use git config instead of environment
    variables - thanks to Gerfried Fuchs <rhonda op deb.at>
  * [c85bb1f] some minor rewording of sentences about development
    mailinglists
  * [7af6ef4] mkinitramfs: do not execute compress command under quotes
    (Closes: #588517)
  * [b65a486] update-initramfs: stop buildprocess if any script is
    failing
  * [e7daaf7] init: provide validate_init() wrapper to support absolute
    symlinks. (Closes: #590744)
  * [a0c3140] init: provide fastforward path for the common case when
    validating init binary.
  * [b343994] Bump Standards-Version to 3.9.1.

  [ maximilian attems ]
  * [837f261] mkinitramfs: set nounset and errexit
  * [be71015] reportbug: list the mkinitramfs hook scripts of reporting
    box
  * [295bca7] initramfs-tools.8: Enhance documentation of boot option
  * [c327689] update-initramfs: run_bootloader() return after zipl and
    flash-kernel
  * [089a903] mkinitramfs: set COMPRESS=gzip to be more consistent. -
    thanks to Colin Watson <cjwatson op ubuntu.com>
  * [210c83c] control: conform to latest policy without changes
  * [9613412] mkinitramfs: Provide error code of failed mkinitramfs
    creation
  * [51a8d5f] revert mkinitramfs errexit and nounset
  * [6bcb867] Maintainer notes document dev mailinglists
  * [7c6221d] maintainer notes: underline that mail to one of the 2
    lists is good
  * [762ae2a] update-initramfs: revert nounset (Closes: #588915)
  * [a4e1a9e] initramfs-tools: only allow hook scripts to errexit on
    mkinitramfs
  * [6f0b646] update-initramfs: run_bootloader() invoke Initramfs hooks

  [ Stephen Powell ]
  * [09d251a] postinst hook: respect INITRD variable
  * [ff6116f] Redirect STDOUT to STDERR for post{inst,rm} hooks

 -- Michael Prokop <mika op debian.org>  Sat, 07 Aug 2010 09:41:39 -0400

initramfs-tools (0.97.2) unstable; urgency=high

  * [ce732c3] initramfs-tools: output name of script that errexits.
    (Closes: 586554)

 -- maximilian attems <maks op debian.org>  Tue, 06 Jul 2010 12:58:37 +0200

initramfs-tools (0.97.1) unstable; urgency=high

  * [90d99e4] mkinitramfs: Fix initramfs generation without COMPRESS set.
    (Closes: 587608) - thanks Valentin QUEQUET <valentin.quequet op orange.fr>

 -- maximilian attems <maks op debian.org>  Mon, 05 Jul 2010 21:50:47 +0200

initramfs-tools (0.97) unstable; urgency=low

  [ Martin Michlmayr ]
  * [e65ee48] Produce an error when root cannot be determined with
    MODULES=dep
  * [bb66fc2] hook-functions/init/scripts/local: add support for ubifs.
    (Closes: #582858) - thanks to Martin Michlmayr <tbm op cyrius.com>

  [ Ferenc Wagner ]
  * [1d66ae1] scripts/nfs: cleanup retry logic

  [ Colin Watson ]
  * [3054e3e] initramfs-tools: work around 'find -printf %Y' bug

  [ maximilian attems ]
  * [a8a5ce4] script: Add update-initramfs.conf to bug report
  * [cc6077a] update-initramfs: Fix another unbound variable (Closes:
    #583695)
  * [b1f74e6] get_fstype: reference blkid in comment - thanks to
    Christoph Anton Mitterer <calestyo op scientia.net>
  * [eb93a7e] pre_mountroot(): reduce timeout to 30 seconds
  * [38563fe] scripts/functions: On panic change to tty1 if chvt around
    - thanks to Colin Watson <cjwatson op ubuntu.com>
  * [2031379] mkinitramfs: No point in hardcoding busybox path
  * [68c87cd] mkinitramfs: check syntax of boot and hook scripts
  * [ae02e4b] scripts/functions: beautify a bit reduce_satisfied()
  * [22d996c] maintainer doc: use git commands without the dash
  * [6147641] nfsmount: more small cleanups
  * [e967b03] mkinitramfs, lsinitramfs: Better error message for
    non-GNU getopt
  * Add lsinitramfs (to list content of an initramfs image) ([a39db63]
    [969f8fd] [fafede5] [2f3eb88])

  [ Michael Prokop ]
  * [2a8c990] hook-functions/mkinitramfs/update-initramfs: consequently
    output error messages to stderr
  * [04b8619] init: display warning message if devtmpfs could not be
    mounted. - thanks to Ferenc Wagner <wferi op niif.hu>
  * [60afd2a] code cleanup: drop trailing whitespaces.
  * [ab28c77] code cleanup: consequently replace spaces in indentions
    with tabs to unify coding stile
  * [3a02c6f] code cleanup: consequently use "W:" for warnings.
  * [b1fff5e] add bash-completion for update-initramfs (Closes: #537139)
    - thanks to Stéphane Jourdois <stephane op jourdois.fr>
  * [5697c3b] hook-functions: replace awk calls with sed in
    dep_add_modules() (Closes: #585991) - thanks to Thorsten Glaser
    <tg op mirbsd.de>
  * [7afab22] debian/script: append /proc/mdstat (iff present) to
    bugreports
  * [5b565be] scripts/functions: allow hooks to abort build (Closes:
    #396388)
  * [528ba78] hook-functions: do not install ubi module by default via
    auto_add_modules()
  * [ecb8416] lsinitramfs: be more defensive against cmdline options
  * [2ff4ba2] scripts/functions: fix usage of test for script execution
  * [74f71c9] scripts/functions: fix another sh -n usage and fix typo
  * [91f5947] hook-functions: install virtio_pci module if
    /sys/bus/virtio is present and using modules=dep (Closes: #585992) -
    thanks to Vincent Danjean <vdanjean op debian.org>
  * [d25f610] slightly improve manpage lsinitramfs.8
  * Provide maintainer-notes.html, being "Maintainer documentation for
    initramfs-tools" ([7fc1ee5] [afafea4] [e506ee7] [d53a839] [6af23c2])

 -- Michael Prokop <mika op debian.org>  Fri, 18 Jun 2010 12:28:04 +0200

initramfs-tools (0.96.1) unstable; urgency=low

  * hook-functions: Make sure copy_exec hook function does not
    exit with a non-zero return value in non-verbose mode.
    [Closes: #584520]
  * docs/framebuffer: Document mode vs. mode_option option in
    framebuffer example script. [Closes: #439846]
  * hook-functions: make device name handling for /proc/mdstat
    more flexible for MODULES=dep. [Closes: #549680, #514756]
  * mkinitramfs / scripts/functions + initramfs-tools.8:
    Support dashes inside scripts names. [Closes: #566056]
  * hook-functions: handle ubifs in dep_add_modules() and return
    since ubifs root is a char device, (see issue #582858).
  * mkinitramfs: warn if TMPDIR is mounted noexec + fall back
    to not cache run scripts then. [Closes: #576678]
  * Add myself to uploaders.

 -- Michael Prokop <mika op debian.org>  Tue, 08 Jun 2010 15:59:08 +0200

initramfs-tools (0.95.1) unstable; urgency=low

  [ Michael Prokop ]
  * NMU as requested by maintainer.
  * update-initramfs: fix unbound variables. [Closes: #583695]
    Based on patch by Jonathan Nieder.

  [ Jonathan Nieder ]
  * update-initramfs: use $* instead of $@.

 -- Michael Prokop <mika op debian.org>  Sun, 30 May 2010 22:09:15 +0200

initramfs-tools (0.95) unstable; urgency=low

  [ maximilian attems ]
  * update TODO list.
  * hook-functions: refactor copy_exec.
  * mkinitramfs: check only once for existing ldd.
  * mkinitramfs: Use eventual TMPDIR definition.
  * mkinitramfs: guard against empty EXTRA_CONF.
  * update-initramfs: Use nounset.
  * mkinitramfs: Fix several unbound variables.
  * mkinitramfs: On verbose indicate what we rm.
  * bug script: include sizes of generated initramfs.
  * debian/script: add generated resume param to bug.
  * hook-functions: manual_add_modules simplify.
  * hook-functions: copy_modules_dir() small simplifications.
  * mkinitramfs.8: Fix wrong sourcing in boot script. (Closes: #545728)
  * initramfs-tools.8: Mention /scritps/functions.
  * initramfs-tools.8: cryptopts param gone.
  * initramfs-tools.8: document BOOTIF variable.
  * configure_networking(): work with empty DEVICE string.
    (Closes: #566295, #575766)
  * hook-functions: add hid-apple. (Closes: #577253)
  * Revert "mkinitramfs: only copy modprobe conf files". (Closes: #577981)
  * initramfs-tools: change license to GPL.
  * hook-functions: re-add hid-microsoft. (Closes: #577253)
  * initramfs-tools: drop outdated breaks.
  * debian/copyright: add boilerplate to keep lintian happy.
  * hook-functions: Fix copy_modules_dir().

  [ Axel Beckert ]
  * mkinitramfs.8: Add information about $TMPDIR environment variable.

  [ bert schulze ]
  * mkinitramfs: add LZO support.
  * mkinitramfs: use -9 for lzop.

  [ Vagrant Cascadian ]
  * configure_networking: pxelinux BOOTIF fixes.
  * init: add BOOTIF bootarg.

  [ Michael Prokop ]
  * Support booting from USB 3 xHCI-based controllers.

  [ Claus Herwig ]
  * mkinitramfs: fix MODULES=dep on mylex raid devices (DAC960).
    (Closes: #579702)

 -- maximilian attems <maks op debian.org>  Fri, 28 May 2010 17:22:56 -0700

initramfs-tools (0.94.4) unstable; urgency=low

  * init: fix hardcoded resume handling. (Closes: #576700)

 -- maximilian attems <maks op debian.org>  Thu, 08 Apr 2010 06:02:28 +0200

initramfs-tools (0.94.3) unstable; urgency=low

  * debian/control: Add Breaks against experimental findutils.
    (closes: #576677)

 -- maximilian attems <maks op debian.org>  Thu, 08 Apr 2010 03:50:28 +0200

initramfs-tools (0.94.2) unstable; urgency=low

  * debian/control: amend Breaks for exp mdadm.

 -- maximilian attems <maks op debian.org>  Tue, 06 Apr 2010 23:50:06 +0200

initramfs-tools (0.94.1) unstable; urgency=low

  * debian/control: Add a breaks mdadm.
  * debian/control: Fix Breaks version comparison.

 -- maximilian attems <maks op debian.org>  Tue, 06 Apr 2010 16:18:25 +0200

initramfs-tools (0.94) unstable; urgency=low

  * The "Litte Bang" release

  [ maximilian attems ]
  * Nuke kernelextras hooks.
  * Create a klibc hook script.
  * Redefinde MODULES=most to not carry any fb driver per default.
  * Nuke framebuffer boot script.
  * Revert "hook-functions: Add hid_* modules."
  * Move busybox addition to a hook script.
  * mkinitramfs fix comment.
  * hook-functions: Fix mounted /sys check for openvz container.
  * initramfs-tools.8: fix boot example script to execute.
    scripts/functions. (closes: #545728)
  * Fix out-of-date-standards-version.
  * /etc/kernel hook script support for make deb-pkg generated linux-images
    and kernel-package. (closes: #523735, #561289)
  * update-initramfs: allow -t takeover on delete.
  * /etc/kernel/postrm.d/i-t: use now takeover on delete.
    (closes: #524534, #547365, #559619)
  * Nuke useless unused dir.
  * kernel hook scripts: Fix typo, add comments.
  * hook-funcitions: Only warn about missing firmware if /proc/modules
    exists. (closes: #560266, #575154)
  * mkinitramfs: Be opportunistic when calling modprobe thus showing
    errors. (closes: #554873)
  * copy_exec: Check if ldd is around.
  * scripts/local: Use blkid as backup fstype detection. (closes: #568527)
  * mkinitramfs: only copy modprobe conf files. (closes: #506533)
  * blacklist earlier at init-top stage.
  * scripts/local: fix blkid invocation.
  * init: export and unset BOOTIF.
  * init: rexport resume to reallow it's hardcoded usage. (closes: #572858)
  * update-initramfs: -d delete .bak file. (closes: #559535)
  * control: bump standards version without changes.
  * control: Clean up Uploaders field.
  * switch from cdbs to debhelper 7.
  * update-initramfs: Stop second guessing lilo usage. (closes: #574553)
  * mkinitramfs: allow to build initramfs for unmodular linux images.
    (closes: #415474, #433708)
  * initramfs.conf.5: document UMASK variable for sensitive initramfs.
    (closes: #536195)
  * update-initramfs: only run elilo if configured. (closes: #534201)
  * update-initramfs: fix previous elilo commit.
  * MODULES=DEP Use driver/module syfs attribute. (closes: #567189)
  * panic: quote variable.
  * MODULES=DEP: Check rootfs on mkinitramfs. (closes: #519800)
  * Use ata_generic driver on all_generic_ide bootarg
  * scripts/functions: add get_fstype() from scripts/local. (closes: #487409)
  * mkinitramfs.8: update date.
  * Keep acpi modules in initramfs so that udev can load them early.
  * mkinitramfs: no longer copy depmod.
  * init: Silence "Loading essential drivers..." on quiet boot.
  * hook-functions: Add btrfs to base modules.
  * init: export BOOT for casper and friends.
  * hooks/klibc: Keep gzip in initramfs.
  * modernize docs to todays standards.
  * examples: shipp old framebuffer boot script.
  * initramfs.conf.5, update-initramfs.conf.5: Add FILES section.
    (closes: #565386)
  * mkinitramfs: be silent if no modules.map was generated in first place.
  * debian/control: Add a breaks cryptsetup.

  [ Tormod Volden ]
  * blacklist boot hook write to /etc/modprobe.d/initramfs.conf.
    (closes: #541864)

  [ Michael Prokop ]
  * Fix path to nfsroot.txt in documentation.
  * hook-functions: Avoid firmware copy error. (closes: #570678)

  [ Joey Hess ]
  * scripts/local: avoid mount -t unknown. (closes: #567065)

  [ Avi Rozen ]
  * mkinitramfs: add all usb storage devices. (closes: #543568)

  [ Ferenc Wagner ]
  * initramfs-tools: make the panic argument available in the rescue
    shell. (closes: #569033)

  [ Maximilian Gass ]
  * mkinitramfs: KEYMAP option fails to work due to missing keymap.
    (closes: #565416)

  [ Vagrant Cascadian ]
  * configure_networking: support BOOTIF variable set by pxelinux.
    (closes: #535008)

  [ Ben Hutchings ]
  * copy_modules_dir: Take a list of exclusions after the base directory.
  * auto_add_modules: Copy all modules from net, excluding some
    subdirectories.

  [ Scott James Remnant ]
  * init: Mount devtmpfs on /dev.
  * mkinitramfs: Call depmod before packing the initramfs.
    (closes: #465760, #562561)
  * init: load the netconsole module with netconsole bootarg
  * init: mount /dev/pts as well as /dev.

  [ Ben Collins ]
  * update-initramfs: Default to not keep .bak backups.

  [ Piotr Lewandowski ]
  * update-initramfs breaks if /etc/mtab is a symlink to /proc/mounts.
    (closes: #525606)

  [ Martin Michlmayr ]
  * MODULES=dep fix boot with MMC. (closes: #548711)

  [ Nikolaus Schulz ]
  * hook-functions: let dep_add_modules() recurse into lvm slave devices.
    (closes: 573761)

  [ Anna Jonna Armannsdottir ]
  * configure_networking: Try repeatedly ipconfig with increasing
    timeout.

  [ Colin Watson ]
  * mkinitramfs: Filter out looping or broken symlinks from the
    initramfs. (closes: #575157)
  * mkinitramfs: set initramfs root to 755.

  [ Bert Schulze ]
  * initramfs-tools: support different compression tools in mkinitramfs.
    (closes: #533903)
  * mkinitramfs: -c compression support / commandline override.
    (closes: #576429)

 -- maximilian attems <maks op debian.org>  Mon, 05 Apr 2010 05:25:48 +0200

initramfs-tools (0.93.4) unstable; urgency=medium

  [ Aaron M. Ucko ]
  * scripts/init-top/framebuffer: i915 needs intel-agp too. (closes: #533258)

  [ maximilian attems ]
  * preinst: Don't hardcode vol_id cmd.
  * initramfs-tools.8: Convert hyphen to minus sign.
  * control: bump versioned dep on debhelper.
  * control: bump standards version without changes.
  * hook-functions: Fix loading of entries without newline in
    /etc/initramfs-tools/modules. (closes: #532745)
  * MODULES=most: Add virtio_net to initramfs. (closes: #533894)

 -- maximilian attems <maks op debian.org>  Wed, 29 Jul 2009 14:55:04 +0200

initramfs-tools (0.93.3) unstable; urgency=low

  [ maximilian attems ]
  * cleanup LABEL handling code.
  * update-initramfs: Use exit code of command -v too.
  * hook-functions: Add i915 module for kms.
  * update-initramfs: Pass version to flash-kernel. (closes: #523711)
  * update-initramfs: Don't hardcode path for lilo or elilo. (closes: #524928)
  * hook-functions: MODULES=dep error out if sysfs not mounted on /sys.
    (closes: #524179)
  * debian/control: No longer mention EVMS in long description.
  * hook-functions: MODULES=most fix old typo s/smc911x/smc91x/.
    (closes: #528094)
  * mkinitramfs: Invoke dpkg --print-architecture. (closes: #529222)

  [ Loic Minier ]
  * copy_exec: also avoid picking sse2, neon, and vfp hwcaps libs.

 -- maximilian attems <maks op debian.org>  Tue, 21 Apr 2009 15:05:40 +0200

initramfs-tools (0.93.2) unstable; urgency=low

  [ François Delawarde ]
  * hook-functions: MODULES=dep fix for luks over cciss devices.
    (closes: #517072, #522030)

  [ maximilian attems ]
  * hook-functions: stricter match on loaded module for firmware
    warning.
  * hook-functions: Add first firmware from $(uname -r) versioned
    directories. (closes: #521370)
  * hook-functions: MODULES=most add all fb modules per default.
  * update-initramfs: Cleanup run_bootloader()
  * update-initramfs: mbr_check() use /boot/grub/grub.cfg for grub2
    search. (closes: #427509)
  * update-initramfs: Run update on highest version instead of
    /initrd.img link. (closes: #493863)
  * hook-functions: MODULES=most fb add all available agp modules.
  * update-initramfs: Fix error message on wrong -k version argument.
  * hooks/thermal: Prevent inclusion of windfarm modules on PS3.
  * mkinitramfs: Allow dots in boot and script filenames.

  [ Maik Zumstrull ]
  * init-top/framebuffer: Load intel-agp for intelfb.
    (closes: #416063, #455876)

 -- maximilian attems <maks op debian.org>  Thu, 02 Apr 2009 12:44:33 +0200

initramfs-tools (0.93.1) unstable; urgency=low

  [ maximilian attems ]
  * init: export ip root param for configure_networking(). (closes: #516746)
  * initramfs-tools.8: Document exported IP kernel parameter.
  * initramfs-tools.preinst: Nuke initrd-tools related migration path.
  * MODULES=dep: ide-disk got renamed to ide-gd_mod since 2.6.28.
  * mkinitramfs: usage() fix conffile name.
  * update copyright year of my contributions.
  * control: conform to latest policy without changes.
  * hook-functions: reword MODULES=dep error message.
  * hook-functions: MODULES=dep fix for mmc root. (closes: #520198)
  * debian/compat: Set debhelper compatibility version 5.

  [ Matt Kraai ]
  * mkinitramfs-kpkg misspells "deprecation" as "depreciation".
    (closes: #517344)

  [ Michael Vogt ]
  * update-initramfs: set_linked_version() check if the links point to
    an existing initrd.img.

  [ Scott James Remnant ]
  * mkinitramfs: include the modules.order file.

  [ Ben Collins ]
  * init-top/framebuffer: ignore blacklist for forced vga= usage.

 -- maximilian attems <maks op debian.org>  Mon, 23 Mar 2009 07:55:16 +0100

initramfs-tools (0.93) unstable; urgency=low

  Release "Fischia il vento e infuria la bufera"

  [ maximilian attems ]
  * manpages: Set Linux as necessary OS.
  * initramfs-tools.8: Fix path of debug log - now kept after boot.
    (closes: #488804)
  * mkinitramfs: Use cp with correct DESTDIR instead of copy_exec for configs.
    Fixes relative pathes for -d option. (closes: #472409)
  * initramfs-tools.8: Document default 180s rootdelay.
  * update-initramfs: Fix run_bootloader() to check for grub2.
    (closes: #511514)
  * control: Add ${misc:Depends} depends.
  * nuke old lvm hook scripts.
  * mkinitramfs-kpkg: deprecate it's usage.
  * hook-functions: just ship old iee1394 if around.
  * mkinitramfs: Post-Lenny cleanup.
  * udevhelper: nuke as need for partial upgrades between etch/lenny.
  * mkinitramfs: Fix new pipe construct to really work inside
    "${DESTDIR}".
  * thermal boot script: Don't load thermal+fan on acpi=off. (closes: #514997)
  * MODULES=dep fix for minor partitions > 9. (closes: #513958)
  * initramfs-tools.8: Document mkinitramfs and init env variables.
    (closes: #512453)
  * init: Fix boot with LABEL containting one or several '/'. Thanks to
    Andres Salomon <dilinger op debian.org> for testing. (closes: #489008)
  * scripts/local-premount/resume: Fix resume with LABEL containing '/'.

  [ e2xbegqsdyt21hfc ]
  * update-initramfs.8: mentions the specific conf file.

  [ Kel Modderman ]
  * init: variable `break' unset before `maybe_break init' is evaluated.
    (closes: #509637)

  [ Kees Cook ]
  * minitramfs: find/cpio exit codes ignored while building initramfs.
    (closes: #514938)
  * mkinitramfs: Do not pass exit code through on pipe failure.

  [ Luke Yelavich ]
  * hook-functions: Add hid_* modules, since some keyboards will not be
    usable at the initramfs/busybox prompt without them. (closes: #515866)

  [ Andres Salomon ]
  * allow root=mtd0 to be used; skip root checks if ROOT doesn't start
    with /dev. (closes: #497133)
  * initramfs-tools: Readd support for linux-2.6 make deb-pkg target.
    (closes: #504551)

  [ Ian Campbell ]
  * MODULES=dep fix for Xen virtual block devices.

 -- maximilian attems <maks op debian.org>  Wed, 18 Feb 2009 19:10:23 +0100

iputils (3:20100418-3) unstable; urgency=low

  * Apply upstream's fix to a coding error that prevented the broadcast
    address from being set correctly in arping (Closes: 585591)

 -- Noah Meyerhans <noahm op debian.org>  Fri, 23 Jul 2010 21:44:24 -0700

iputils (3:20100418-2) unstable; urgency=high

  * Fix CVE-2010-2529 - resource consumption triggered by specially crafted
    ICMP echo reply

 -- Noah Meyerhans <noahm op debian.org>  Fri, 23 Jul 2010 21:30:40 -0700

iputils (3:20100418-1) unstable; urgency=low

  * New upstream release.
  * Provide an iputils-clockdiff package (Closes: #199500)

 -- Noah Meyerhans <noahm op debian.org>  Fri, 07 May 2010 23:58:53 -0700

iputils (3:20100214-1) unstable; urgency=low

  * New upstream release.
  * Convert to source format 3.0 (quilt)
  * Update standards version to 3.8.4.0.
  * Switch to debhelper compatibility version 7
  * Remove netkit-ping from debian/control; we don't built it anymore

 -- Noah Meyerhans <noahm op debian.org>  Sun, 04 Apr 2010 00:26:37 -0700

isc-dhcp (4.1.1-P1-15+squeeze8) squeeze-security; urgency=high

  * Non-maintainer upload.
  * Fix DoS in some situations via changing IPv6 lease expiration
    times (CVE-2012-3955).

 -- Nico Golde <nion op debian.org>  Sat, 21 Sep 2012 13:42:16 +0000

isc-dhcp (4.1.1-P1-15+squeeze6) squeeze-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Reorder patches in 00list as it seems some are deapplied during the
    build process. Thanks Mark Deslauriers for spotting this.
 
 -- Nico Golde <nion op debian.org>  Thu, 02 Aug 2012 17:32:44 +0000

isc-dhcp (4.1.1-P1-15+squeeze5) squeeze-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Make sure patches for 4.1.1-P1-15+squeeze4 are correctly applied
  * Fix CVE-2011-4539: DoS when processing evaluated regular expressions.
 
 -- Nico Golde <nion op debian.org>  Tue, 31 Jul 2012 17:32:44 +0000

isc-dhcp (4.1.1-P1-15+squeeze4) squeeze-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Backport upstream changes for the following security issues:
    - CVE-2012-3954: memory leaks in dhcpv6 mode
    - CVE-2012-3571: DoS via malformed client ids

 -- Nico Golde <nion op debian.org>  Wed, 24 Jul 2012 11:03:40 +0000

isc-dhcp (4.1.1-P1-15+squeeze3) squeeze-security; urgency=high

  * Apply patch from ISC to fix CVE-2011-2748 and CVE-2011-2749.

 -- Florian Weimer <fw op deneb.enyo.de>  Tue, 09 Aug 2011 20:20:35 +0200

isc-dhcp (4.1.1-P1-15+squeeze2) stable-security; urgency=high

  * Fix cve-2011-0997: remote code execution vulnerability in dhclient.

 -- Michael Gilbert <michael.s.gilbert op gmail.com>  Sat, 09 Apr 2011 17:13:36 +0000

isc-dhcp (4.1.1-P1-15+squeeze1) stable-security; urgency=high

  * Non-maintainer upload.
  * Fix cve-2011-0413: remote ipv6 denial-of-service (daemon crash). 

 -- Michael Gilbert <michael.s.gilbert op gmail.com>  Sat, 26 Feb 2011 16:24:06 -0500

isc-dhcp (4.1.1-P1-15) unstable; urgency=low

  * Remove isc-dhcp/server/dhcpv6.c.orig from CVE-2010-3611.dpatch

 -- Andrew Pollock <apollock op debian.org>  Sat, 27 Nov 2010 09:42:20 -0800

isc-dhcp (4.1.1-P1-14) unstable; urgency=low

  * Backport fix for CVE-2010-3611 from 4.1.2

 -- Andrew Pollock <apollock op debian.org>  Fri, 19 Nov 2010 20:54:19 -0800

isc-dhcp (4.1.1-P1-13) unstable; urgency=low

  * Updated Spanish debconf template translation (closes: #603122)

 -- Andrew Pollock <apollock op debian.org>  Sun, 14 Nov 2010 13:16:13 -0800

isc-dhcp (4.1.1-P1-12) unstable; urgency=low

  * Updated patch to correct groff warnings in man pages, to be more
    anatomically correct (thanks to Colin Watson) (closes: #602114)
  * Updated Vietnamese debconf template translation (closes: #601535)
  * Added patch that came from Ubuntu by way of Colin Watson to update
    dhclient-script(8) to mention the exit hook functionality (closes: #469203)

 -- Andrew Pollock <apollock op debian.org>  Tue, 02 Nov 2010 23:27:59 -0700

isc-dhcp (4.1.1-P1-11) unstable; urgency=low

  * debian/control: make isc-dhcp-client's dependency on iproute Linux-only
    (closes: #601154)

 -- Andrew Pollock <apollock op debian.org>  Sat, 23 Oct 2010 14:26:41 -0700

isc-dhcp (4.1.1-P1-10) unstable; urgency=low

  * Updated Japanese debconf template translation (closes: #590239)
  * Updated Russian debconf template translation (closes: #591240)
  * Updated Swedish debconf template translation (closes: #592044)
  * Updated Spanish debconf template translation (closes: #592173)
  * Updated Galacian debconf template translation (closes: #592810)
  * Updated Czech debconf template translation (closes: #593228)
  * Updated Italian debconf template translation (closes: #593576)
  * debian/dhcp3-server.postinst: reinstate, remove obsolete init script
    (closes: #594527)
  * debian/dhcp3-relay.postinst: reinstate, remove obsolete init script
  * debian/control: make all of the transitional dummy packages Priority: extra
    and Section: oldlibs (closes: #594339)
  * debian/control: add iproute to dependencies of isc-dhcp-client
  * Updated Portugeuse debconf template translation (closes: #597143)
  * Added Danish debconf template translation (closes: #600748)
  * debian/control: bumped Standards-Version (no changes)
  * debian/control: added pkg-config to Build-Depends
  * Added patch from Simon McVittie to stop unnecessary linking with libcrypto
    (closes: #592361)
  * debian/control: added Vcs-Git and Vcs-Browser fields
  * debian/README.source: made a more explicit mention of how the build works
  * Add debian/source/format (sticking with 1.0 for now)

 -- Andrew Pollock <apollock op debian.org>  Thu, 21 Oct 2010 22:25:59 -0700

isc-dhcp (4.1.1-P1-9) unstable; urgency=high

  * debian/control: really don't make the new packages conflict with the
    old/transitional packages (closes: #590186)
  * debian/control: rather than depend on the version of ifupdown that invokes
    dhclient correctly, conflict with older versions of ifupdown that do not
    (closes: #546883, #590092)
  * Updated Russian debconf template translation (closes: #589252)
  * Updated Swedish debconf template translation (closes: #589261)
  * Updated French debconf template translation (closes: #589492)
  * Updated German debconf template translation (closes: #589578)

 -- Andrew Pollock <apollock op debian.org>  Sat, 24 Jul 2010 10:33:04 -0700

isc-dhcp (4.1.1-P1-8) unstable; urgency=low

  * debian/dhcp3-client.postrm: bring back to clean up cruft (closes: #588203)
  * debian/dhcp3-server.postrm: bring back to clean up cruft
  * Updated French debconf templates translation (closes: #588281)
  * debian/isc-dhcp-server.templates: corrected /etc/dhcp3 -> /etc/dhcp
  * debian/rules: correctly build LDAP-enabled DHCP server (closes: #574754)
  * debian/control: build-depend on autoconf and automake
  * debian/control: bump Standards-Version (no changes)

 -- Andrew Pollock <apollock op debian.org>  Wed, 14 Jul 2010 22:28:21 -0700

isc-dhcp (4.1.1-P1-7) unstable; urgency=low

  * The "There goes the neighbourhood" release
  * No changes rebuild to upload to unstable

 -- Andrew Pollock <apollock op debian.org>  Sun, 04 Jul 2010 22:58:02 -0700

isc-dhcp (4.1.1-P1-6) experimental; urgency=low

  * debian/rules: configure client to use correct path for DHCPv6 leases file
    (closes: #587884)

 -- Andrew Pollock <apollock op debian.org>  Fri, 02 Jul 2010 21:04:16 -0700

isc-dhcp (4.1.1-P1-5) experimental; urgency=low

  * split out the udeb dhclient-script so there's one for Linux and one for
    kFreeBSD (closes: #551054)

 -- Andrew Pollock <apollock op debian.org>  Tue, 29 Jun 2010 22:34:06 -0700

isc-dhcp (4.1.1-P1-4) experimental; urgency=low

  * debian/rules: really enable DHCPv6 (closes: #587269)
  * debian/control: conflict with resolvconf <= 1.45 (closes: #586095)

 -- Andrew Pollock <apollock op debian.org>  Sat, 26 Jun 2010 22:33:43 -0700

isc-dhcp (4.1.1-P1-3) experimental; urgency=low

  * debian/rules: stop invoking dh_installinit with --noscripts so the
    update-rc.d stuff is done properly
  * debian/isc-dhcp-{relay,server}.{postinst,postrm}: remove calls to
    update-rc.d and invoke-rc.d, let dh_installinit handle it
  * debian/isc-dhcp-server.init.d: add a start-time dependency on $named
    (closes: #586035)
  * debian/{rules,isc-dhcp-server.{prerm,postinst}}: ignore failure to start
    the DHCP server

 -- Andrew Pollock <apollock op debian.org>  Tue, 15 Jun 2010 23:20:30 -0700

isc-dhcp (4.1.1-P1-2) experimental; urgency=low

  * debian/isc-dhcp-{server,relay}.init: go back to not mentioning any
    runlevels for Default-Stop
  * debian/isc-dhcp-server.postinst: don't specify any runlevels for stop
    scripts when invoking update-rc.d

 -- Andrew Pollock <apollock op debian.org>  Mon, 07 Jun 2010 19:41:25 -0700

isc-dhcp (4.1.1-P1-1) experimental; urgency=low

  * New Upstream Version
    - Fix for fencepost error on zero-length client identifier
    - CVE-2010-2156
    - VU#541921
  * debian/isc-dhcp-{server,relay}.init: adjust Default-Stop to match
    invocation of update-rc.d in postinst to avoid warning from update-rc.d

 -- Andrew Pollock <apollock op debian.org>  Mon, 07 Jun 2010 09:41:34 -0700

isc-dhcp (4.1.1-3) experimental; urgency=low

  * debian/control: don't make the new packages conflict with the
    old/transitional packages

 -- Andrew Pollock <apollock op debian.org>  Sun, 06 Jun 2010 20:01:22 -0700

isc-dhcp (4.1.1-2) experimental; urgency=low

  * debian/control: make dhcp3-* packages match what the override file says
  * debian/rules: DHCPv6 support builds now, stop disabling (closes: #549060)
  * debian/README.Debian: stop mentioning DHCPv6 is disabled

 -- Andrew Pollock <apollock op debian.org>  Fri, 04 Jun 2010 10:46:42 -0700

isc-dhcp (4.1.1-1) experimental; urgency=low

  * New Upstream Version
  * Re-add LDAP patches
  * debian/control: bump Standards-Version (no changes)
  * debian/isc-dhcp-server.init.d: don't mention any runlevels for Default-Stop

 -- Andrew Pollock <apollock op debian.org>  Sat, 06 Mar 2010 18:59:54 -0800

isc-dhcp (4.1.0-2) experimental; urgency=low

  * debian/README.Debian: update for current upstream version, specifically
    mention that DHCPv6 is disabled
  * debian/rules: provide a pointer to why DHCPv6 is disabled
  * Fix dhclient-script so that changes in the DHCP-provided hostname
    cause a hostname change to occur on the client
  * Remove unnecessary sleep from dhclient-script
  * Updated LDAP patch

 -- Andrew Pollock <apollock op debian.org>  Sun, 01 Nov 2009 15:02:10 -0800

isc-dhcp (4.1.0-1) experimental; urgency=low

  * The "throw everything out and start over" release
  * New upstream release
  * debian/control: drop 3 from the binary package names, adjust dependencies,
    maintainer scripts, accordingly
  * use debhelper more extensively, de-cruft debian/rules
  * remove dhcp-server preinst
  * add debug packages
  * add transitional packages
  * add debian/README.source
  * debian/control: bumped Standards-Version
  * debian/isc-dhcp-server.postinst: transfer existing config and lease files
    when upgrading from dhcp3-server
  * debian/isc-dhcp-client.postinst: transfer existing config file when
    upgrading from dhcp3-client
  * debian/changelog: added marker for legacy malformed changelog entry to
    placate Lintian
  * add a patch to correct groff warnings in man pages
  * add a patch to ignore checksums on the loopback interface
  * debian/control: make isc-dhcp-client depend on ifupdown that invokes
    /sbin/dhclient correctly

 -- Andrew Pollock <apollock op debian.org>  Wed, 02 Sep 2009 22:34:25 -0700

dhcp3 (3.1.2-1) unstable; urgency=low

  * New upstream release
  * Removed pretty_print_option() patch (incorporated upstream)
  * debian/dhclient-script.linux: apply patch from Kees Cook to ignore
    DHCP-supplied MTUs below 576 (closes: #513616)
  * debian/dhclient.conf: (re)add ntp-servers to the request list (closes:
    #407667)
  * debian/rfc3442-classless-routes: also run for REBOOT reason (closes:
    #515756)
  * debian/control: bumped Standards-Version (no changes)
  * debian/compat: bump compatibility to 5
  * debian/dhcp3-server.NEWS: adjust indenting to please Lintian
  * debian/control: added ${misc:Depends} to dependencies of dhcp-client and
    dhcp3-dev

 -- Andrew Pollock <apollock op debian.org>  Wed, 01 Apr 2009 22:26:51 -0700

dhcp3 (3.1.1-7) unstable; urgency=low

  * debian/control: make dhcp-client Priority: extra

 -- Andrew Pollock <apollock op debian.org>  Sun, 01 Feb 2009 22:37:55 -0800

joe (3.7-2) unstable; urgency=high

  * Fix the crash when typing too many dashes on a line, d'oh,
    cherry-picked upstream CVS fix for uformat.c by Joseph Allen, and
    fixed that in turn to actually assign the value of x to orgx, silly,
    closes: #508159.
  * Fix the various segfaults when called with more than one file, d'oh.
    Thanks to Oyvind Aabling for a patch, but actually it seems that
    this was a copy&waste error that crept up into the 3.7 tarball yet
    was coded properly in CVS (main.c r1.79), so simply used that line
    from the CVS version, closes: #514512.
  * Fix the Ins key for jstar users by replacing the obsolete marker
    "overtype" with "overwrite" in rc/jstarrc.in, thanks to Adam Borowski,
    closes: #508797.
  * Fix the matching of python<numbered> interpreters in rc/ftyperc,
    thanks to Piotr Engelking, closes: #549277.
  * Undo the mail formatting horror by reverting to the 3.5-2 (lenny)
    version of syntax/mail.jsf.in. Neither the upstream commits nor the
    NEWS file really explain the benefits of the new stuff, I only see
    the bugs and all the excess red that's making me nauseous, too,
    closes: #597825.
  * Update standards version to 3.9.1.
    + Update menu section from Apps/Editors to Applications/Editors. (3.7.3)
    + Add Homepage field. (3.8.0)
  * Declare 1.0 in debian/source/format explicitly.

 -- Josip Rodin <joy-packages op debian.org>  Sat, 13 Nov 2010 21:38:30 +0100

joe (3.7-1) unstable; urgency=low

  * New upstream version, closes: #504122, #504439.
    (Thanks to Jari Aalto for all the help with the BTS.)
    + jstar is now able to set the left margin to 1, closes: #386883.
    + Preserves timestamps of backup files once again, closes: #356267.
    + Non-French sentence/paragraph spacing rules are now working properly,
      closes: #389410.
    + The French input (o) to the yes query now works (but thanks to
      Jari Aalto for the alternative patch anyway), closes: #402565.
    + Should now separate the interface locale from the input locale
      (although I still had to forward-port my patch which unbreaks
      langinfo.h CODESET detection), closes: #453310.
    + Can now work with files/directories whose names begin with "!",
      provided that they are doubly-escaped, closes: #163628.
    + Can now work with files/directories whose names include "\",
      provided that they are doubly-escaped, closes: 204449.
    + Option -guess-indent no longer breaks -istep, closes: #430565.
    + %a/%A fields in the status bar now work on (multibyte) chars,
      closes: #443181.
    + syntax/css.jsf no longer forces bold white on keywords, just bold,
      closes: #414245.
    + Improved Emacs keybindings in the find/replace query, closes: #440158.
    + syntax/lua.jsf no longer has a syntax error on line 183,
      closes: #505489.

 -- Josip Rodin <joy-packages op debian.org>  Sat, 06 Dec 2008 16:08:31 +0100

klibc (1.5.20-1+squeeze1) stable; urgency=low

  * ipconfig: handle multiple connected network dev. (closes: #621065)
  * ipconfig: Escape DHCP options. (CVE-2011-1930)

 -- maximilian attems <maks op debian.org>  Mon, 30 May 2011 17:17:18 +0200

klibc (1.5.20-1) unstable; urgency=high

  * New upstream release
    - ipconfig: fix infinite loop. (closes: #552554)
    - ipconfig: fix multiple dns domains. (closes: #594208)
  * klibc-utils.postinst: Nuke non empty dirs too. (closes: #594651)

 -- maximilian attems <maks op debian.org>  Sat, 28 Aug 2010 12:23:51 +0200

klibc (1.5.19-1) unstable; urgency=high

  * New upstream release
   - resume: silence warning on resume try. (closes: #586006)
   - sh4: syscalls fixes. (closes: #578076)
  * Fix doc symlinks on upgrade. (closes: #588763)
    Thanks Sven Joachim <svenjoac op gmx.de>.
  * Pump standard version to 3.9.1 without changes.

 -- maximilian attems <maks op debian.org>  Wed, 25 Aug 2010 13:07:03 +0200

klibc (1.5.18-1) unstable; urgency=medium

  * New upstream release (dash 0.5.6)
    - fstype btrfs (closes: #548047), ext4 !journal (closes: #536592)
    - sh4 build fix (closes: #574834)
    - shipp renamed README.ipconfig (closes: #478589)

 -- maximilian attems <maks op debian.org>  Thu, 22 Apr 2010 03:38:55 +0200

klibc (1.5.17-4) unstable; urgency=medium

  * libklibc-dev: On preinst remove old include dirs that hinder
    shipped symlinks to linux-libc-dev. (closes: #574854)

 -- maximilian attems <maks op debian.org>  Sun, 21 Mar 2010 22:51:11 +0100

klibc (1.5.17-3) unstable; urgency=low

  * Override dh_auto_test to pass DEB_HOST_ARCH on make test. (closes: #574746)

 -- maximilian attems <maks op debian.org>  Sat, 20 Mar 2010 20:52:09 +0100

klibc (1.5.17-2) unstable; urgency=low

  * Set DEB_HOST_ARCH using dpkg-architecture. (closes: #574740)

 -- maximilian attems <maks op debian.org>  Sat, 20 Mar 2010 18:24:16 +0100

klibc (1.5.17-1) unstable; urgency=low

  [ Jan Hauke Rahm ]
  * Switch from cdbs to debhelper 7
  * Switch to Source Format 3.0 (quilt) (closes: #573908)
  * Make documentation of klibc-utils and libklibc-dev be a symlink to
    libklibc

  [ maximilian attems ]
  * New upstream release
    - Fix FTFBS i386/sparc. (closes: #573926)
    - sparc, sparc64 use sys_socketcall unconditionally. (closes: #444087)
    - ipconfig may discard useful packets. (closes: #511959)

 -- maximilian attems <maks op debian.org>  Sat, 20 Mar 2010 02:11:20 +0100

klibc (1.5.16-1) unstable; urgency=low

  [ maximilian attems ]
  * New upstream release
    - ipconfig: raise field length for rootpath DHCP option.
      (closes: #497800)
    - ipconfig: send requested hostname in DHCP discover/request.
      (closes: #367301)
    - ipconfig: set null ciaddr on DHCPREQUEST during SELECTING state.
      (closes: #497879)
    - mount: list fs all mounted fs, support -t switch for one fs.
      (closes: #491067)
    - refresh 10_insmod.patch.
    - readlink be silent on failure. (closes: #565224)
    - fix compilation against up to 2.6.33 linux-libc-dev. (closes: #552825)
  * watch file fixup for new upstream directories.
  * Pump standard version to 3.8.4 without changes.
  * Add lintian overrides for embedded-zlib needed for early userspace.

  [ Nobuhiro Iwamatsu ]
  * klibc: add support Renesas SH(sh4) (closes: #540126)

  [ Ben Hutchings ]
  * Fix klibc Debian specific build with 02-klibc_linux_libc_dev.patch.
  * Add libklibc-dev depends on linux-libc-dev.

 -- maximilian attems <maks op debian.org>  Sun, 14 Mar 2010 22:46:21 +0100

klibc (1.5.15-1) unstable; urgency=low

  [ maximilian attems ]
  * New upstream release:
    - fstype ext4 support. (closes: #510758)
    - chroot cmd fixed. (closes: #494829)
  * Pump standard version to 3.8.0 without changes.
  * Drop arm of the klibc-utils-floppy-udeb arch list.
  * Fix debhelper-but-no-misc-depends.
  * debian/copyright refer to GPL v2.
  * debian/rules nuke old commented unused lines.

  [ Colin Watson ]
  * Add lpia to the architecture list for klibc-utils-floppy-udeb.
    (closes: #506427)

  [ Thiemo Seufer ]
  * Fix FTBFS on MIPS64 kernel. (closes: #496175)

 -- maximilian attems <maks op debian.org>  Mon, 16 Feb 2009 16:41:51 +0100

klibc (1.5.14-1~exp1) experimental; urgency=low

  * New upstream version
    - nuke merged 11_klibc-Default-signal-3-to-bsd_signal-3.patch
    - no longer hardcode gcc

 -- maximilian attems <maks op debian.org>  Mon, 11 Aug 2008 16:34:11 +0200

libapache2-mod-perl2 (2.0.4-7+squeeze1) stable-security; urgency=high

  * Fix FTBFS with versions of perl including the CVE-2013-1667
    fix (Closes: #702821)

 -- Dominic Hargreaves <dom op earth.li>  Sat, 16 Mar 2013 15:17:51 +0000

libapache2-mod-perl2 (2.0.4-7) unstable; urgency=low

  * change source Section to 'httpd'
  * add a patch from Niko Tyni avoiding two warnings about use of uninitialized
    values, which break tests under Perl 5.12. (Closes: #578481)
  * add a patch fixinf spelling errors in POD and other documentation
  * add a patch fixinng POD errors
  * add a patch fixing bad manpage whatis name
  * Standards-Version: 3.8.4
    + support 'nockeck' in DEB_BUILD_OPTIONS as per Policy 3.8.1
  * describe all patches

 -- Damyan Ivanov <dmn op debian.org>  Wed, 21 Apr 2010 12:48:11 +0300

libapache2-mod-perl2 (2.0.4-6) unstable; urgency=high

  [ gregor herrmann ]
  * debian/control: Changed: (build-)depend on perl instead of perl-
    modules.

  [ Dario Minnucci ]
  * docs/index_top.html: Issued patch 099-fix-url-on-index_top.patch 
    to fix link URL. (Closes: #507606)

  [ Damyan Ivanov ]
  * add 100-svn-XSS-Status.patch; fixes XSS in Apache2::Status (CVE-2009-0796)
    Patch taken from r760926 of upstream SVN.
    Closes: #567635
  * .docs: drop debian/NEWS.Debian and Changes
  * -doc: depend on ${misc:Depends}
  * drop debian/NEWS (documents changes before oldstable)

 -- Damyan Ivanov <dmn op debian.org>  Sat, 30 Jan 2010 18:00:43 +0200

libcap2 (1:2.19-3) unstable; urgency=high

  * Add a versioned dependency on libpam-runtime to libcap2-bin because
    pam-auth-update is needed in postinst. (Closes: #593250)
  * Set urgency to high because we are fixing a RC bug.

 -- Torsten Werner <twerner op debian.org>  Mon, 16 Aug 2010 23:13:50 +0200

libcap2 (1:2.19-2) unstable; urgency=medium

  * Add -lpam to LDLIBS. Thanks to Sebastian Ramacher for suggesting the patch!
    (Closes: 591410)
  * Set urgency to medium.
  * Improve patch description.

 -- Torsten Werner <twerner op debian.org>  Wed, 04 Aug 2010 05:22:23 +0200

libcap2 (1:2.19-1) unstable; urgency=low

  [ Kees Cook ]
  * Add pam_cap.so to the default PAM auth stack. (Closes: #573089)

  [ Torsten Werner ]
  * New upstream release.
  * Convert package to source format 3.0.
  * Remove quilt from Build-Depends.
  * Add static library to -dev package. Thanks to Stephan Sürken. (Closes:
    #589840)
  * Fix typo in Description. Thanks to Pascal De Vuyst. (Closes: #557496)
  * Add a patch to fix the man page cap_from_text(3). Thanks to Roland
    Koebler. (Closes: #567350)
  * Update Standards-Version: 3.9.0 (no changes).

 -- Torsten Werner <twerner op debian.org>  Thu, 22 Jul 2010 23:50:25 +0200

libcap2 (1:2.17-2) unstable; urgency=low

  * Explain in the long description of the -bin package that the manpage
    cap_from_text(3) is part of -dev package. (Closes: #548080)

 -- Torsten Werner <twerner op debian.org>  Sun, 18 Oct 2009 19:55:39 +0200

libcap2 (1:2.17-1) unstable; urgency=low

  * new upstream release
  * Switch from cdbs to dh.
  * Update Standards-Version: 3.8.3 (no changes).
  * Use gbp-pq to edit quilt patch.
  * Change Build-Depends: debhelper (>= 7.0.50~).
  * Add README.source.
  * Add man page capsh.8.

 -- Torsten Werner <twerner op debian.org>  Wed, 30 Sep 2009 22:26:51 +0200

libcap2 (1:2.16-5) unstable; urgency=low

  * Remove reference to kernel version 2.2 in debian/control. (Closes:
    #260005)
  * Add Suggests: libcap-dev to binary package libcap2-bin. (Closes: #433782)

 -- Torsten Werner <twerner op debian.org>  Wed, 01 Apr 2009 23:32:37 +0200

libcap2 (1:2.16-4) unstable; urgency=low

  * Add Conflicts: and Replaces: libcap2-dev to binary package libcap-dev.
  * Add epoch to version number because the old package had an epoch.
  * Add missing files to package libcap-dev which got lost in the previous
    version.

 -- Torsten Werner <twerner op debian.org>  Sun, 22 Mar 2009 21:23:50 +0100

libcap2 (2.16-3) unstable; urgency=low

  * Rename binary package libcap2-dev to libcap-dev as requested by the
    release team to continue the transition from libcap1. (Closes: #520553)
  * Add Provides: libcap2-dev to binary package libcap-dev to ease transition
    from older versions of libcap2.
  * Remove Conflicts: libcap-dev.

 -- Torsten Werner <twerner op debian.org>  Sat, 21 Mar 2009 21:22:24 +0100

libcap2 (2.16-2) unstable; urgency=low

  * upload to unstable

 -- Torsten Werner <twerner op debian.org>  Sun, 15 Feb 2009 22:09:04 +0100

libcap2 (2.16-1) experimental; urgency=low

  * new upstream release
  * Always install libraries into /lib (never /lib64).
    (Closes: #508315)

 -- Torsten Werner <twerner op debian.org>  Sun, 14 Dec 2008 12:24:50 +0100

libcap2 (2.15-3) experimental; urgency=low

  * Set Priority: standard for binary package libcap2. (Closes: #507781)

 -- Torsten Werner <twerner op debian.org>  Thu, 04 Dec 2008 14:15:48 +0100

libcap2 (2.15-2) experimental; urgency=low

  * Update shlibs file libcap2 (>= 2.10). (Closes: #464712)

 -- Torsten Werner <twerner op debian.org>  Wed, 03 Dec 2008 23:42:19 +0100

libcap2 (2.15-1) experimental; urgency=low

  * new upstream release
  * Add Homepage header.
  * Bump Up Standards-Version: 3.8.0.
  * Update patch build.diff.

 -- Torsten Werner <twerner op debian.org>  Mon, 01 Dec 2008 00:26:09 +0100

libcompress-raw-zlib-perl (2.026-1) unstable; urgency=low

  * New upstream release.
  * Add myself to Uploaders and copyright.

 -- Chris Butler <chrisb op debian.org>  Thu, 15 Apr 2010 22:22:22 +0100

libcompress-raw-zlib-perl (2.025-1) unstable; urgency=low

  * New upstream release.
  * Convert to source format 3.0 (quilt). Remove quilt framework.
  * debian/rules: set TEST_SKIP_VERSION_CHECK for tests.
  * debian/copyright: update dates for included (and unused) third-party
    library.

 -- gregor herrmann <gregoa op debian.org>  Mon, 29 Mar 2010 21:35:16 +0200

libcompress-raw-zlib-perl (2.024-1) unstable; urgency=low

  [ Jonathan Yu ]
  * New upstream release
  * Refresh copyright to new DEP5 format

  [ gregor herrmann ]
  * Update headers in use-debian-zlib.patch.
  * Set Standards-Version to 3.8.4 (no changes).

 -- gregor herrmann <gregoa op debian.org>  Thu, 11 Feb 2010 15:36:17 +0100

libcompress-raw-zlib-perl (2.023-1) unstable; urgency=low

  [ Jonathan Yu ]
  * New upstream release
  * Rewrite control description
  * Drop perl version dependency

  [ Ryan Niebur ]
  * Update ryan52's email address

 -- Jonathan Yu <jawnsy op cpan.org>  Tue, 10 Nov 2009 09:16:36 -0500

libcompress-raw-zlib-perl (2.021-1) unstable; urgency=low

  [ gregor herrmann ]
  * debian/rules: fix path to perl in example scripts, adjust debhelper build
    dependency; thanks to Dario Minnucci for the bug report (closes: #543672).

  [ Ryan Niebur ]
  * New upstream release
  * Add myself to Uploaders
  * Debian Policy 3.8.3

 -- Ryan Niebur <ryanryan52 op gmail.com>  Tue, 01 Sep 2009 13:54:51 -0700

libcompress-raw-zlib-perl (2.020-1) unstable; urgency=low

  [ Jeremiah C. Foster ]
  * New upstream release (2.017)

  [ gregor herrmann ]
  * debian/control: Changed: Switched Vcs-Browser field to ViewSVN
    (source stanza).

  [ Nathan Handler ]
  * New upstream release (2.020)
  * debian/control:
    - Add myself to list of Uploaders
  * debian/README.source:
    - Updated to default version
  * debian/patches/use-debian-zlib.patch:
    - Add header
  * debian/copyright:
    - Switch to new format
    - Update years
  * debian/rules:
    - Update to dh-make-perl's default with quilt
  * debian/watch: Update to ignore development releases.

  [ Niko Tyni ]
  * debian/patches/CVE-2009-1391: dropped, included upstream.

  [ gregor herrmann ]
  * Set Standards-Version to 3.8.2 (no changes).
  * debian/patches/use-debian-zlib.patch: fix typo.
  * Use tiny debian/rules, adjust debhelper/quilt build dependency.

 -- gregor herrmann <gregoa op debian.org>  Fri, 24 Jul 2009 13:22:50 +0200

libcompress-raw-zlib-perl (2.015-2) unstable; urgency=high

  * [SECURITY] CVE-2009-1391: Fix a buffer overflow in inflate().
    (Closes: #532738)
  * Add myself to Uploaders.

 -- Niko Tyni <ntyni op debian.org>  Sat, 13 Jun 2009 21:49:34 +0300

libcompress-raw-zlib-perl (2.015-1) unstable; urgency=low

  * New upstream release
  * Added myself as an uploader

 -- Gunnar Wolf <gwolf op debian.org>  Thu, 11 Sep 2008 23:31:35 -0500

libedit (2.11-20080614-2) unstable; urgency=high

  * libedit2.shlibs: Fix minimal dependency version 
    Patch by Agustin Martin
    Closes: 523260 

 -- Anibal Monsalve Salazar <anibal op debian.org>  Tue, 21 Sep 2010 12:24:54 +1000

libedit (2.11-20080614-1) unstable; urgency=low

  * Fix typo in 03-el.c-MAXPATHLEN.diff 
  * Standards version is 3.8.2
  * Use libbsd
    Patch by Guillem Jover
    Closes: 513027

 -- Anibal Monsalve Salazar <anibal op debian.org>  Mon, 22 Jun 2009 11:55:49 +1000

libedit (2.11~20080614-2) unstable; urgency=low

  * Merge with Ubuntu 
    - debian/patches/20-fortify.patch: handle error conditions found
      by -D_FORTIFY_SOURCE=2; closes: #488456
  * Suggests libbsd0; closes: #513027
  * Support crossbuilding; closes: #489846, #489847
  * Homepage is
    http://ftp.netbsd.org/pub/NetBSD/NetBSD-release-5-0/src/lib/libedit/
  * Standards version is 3.8.1
  * debhelper compatibility is 7

 -- Anibal Monsalve Salazar <anibal op debian.org>  Fri, 22 May 2009 10:29:58 +1000

libedit (2.11~20080614-1ubuntu1) intrepid; urgency=low

  * debian/patches/20-fortify.patch: handle error conditions found
    by -D_FORTIFY_SOURCE=2.

 -- Kees Cook <kees op ubuntu.com>  Sat, 28 Jun 2008 17:59:27 -0700

libgd2 (2.0.36~rc1~dfsg-5) unstable; urgency=low

  * Workaround CDBS not honoring per-flavor configure flags yet.
    Closes: bug#595709. Thanks to brian m. carlson.
  * Ease building with git-buildpackage:
    + Git-ignore quilt .pc dir.
    + Add dpkg source local-options.
  * Update copyright-check suppression:
    + Fix add ./ prefix.
    + Suppress demo/test graphics.
    + Avoid suppressing the whole debian subdir.

 -- Jonas Smedegaard <dr op jones.dk>  Sun, 17 Oct 2010 15:11:45 +0200

libgd2 (2.0.36~rc1~dfsg-4) unstable; urgency=low

  * Acknowledge NMUs. Thanks to Giuseppe Iuculano and Robert Lemmen.
  * Drop local CDBS snippets: All included in main cdbs package now. As
    local snippets conflicted with recent releases of the cdbs package
    this closes: bug#564374. Thanks to Lucas Nussbaum and Philipp Kern.
    Tighten build-dependency on cdbs.
  * Use dpkg source format "3.0 (quilt)". Drop patchsys-quilt.mk and
    related dependencies.
  * Packaging moved to Git:
    + Update Vcs-* stanzas.
    + Add git-buildpackage config enabling pristine-tar and signed tags.
  * Add README.source documenting use of CDBS and git-buildpackage, and
    drop README.cdbs-tweaks. Drop cdbs comments in debian/rules.
  * Add DEP3 hints ot patch.
  * Update packaging hall of shame in TODO.
  * Rewrite debian/copyright using draft DEP5 format rev. 135.
  * Preserve (not clean) upstream-shipped tempfile during build.
  * Depend on ${misc:Depends}. Thanks to lintian.
  * Bump up standards-version to 3.9.1.
  * Use $(filter ...) instead of $(findstring ...) to extract space-
    separated options from DEB_BUILD_OPTIONS in debian/rules.
  * Build-depend unversioned on d-shlibs (needed version satisfied in
    oldstable).

 -- Jonas Smedegaard <dr op jones.dk>  Sun, 05 Sep 2010 14:36:52 +0200

libgd2 (2.0.36~rc1~dfsg-3.2) unstable; urgency=low

  * Non-maintainer upload.
  * Fixed libjpeg dependency (Closes: #569682)

 -- Robert Lemmen <robertle op semistable.com>  Tue, 23 Mar 2010 17:06:39 +0000

libgd2 (2.0.36~rc1~dfsg-3.1) unstable; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fixed CVE-2009-3546: possible buffer overflow or buffer over-read attacks
    via crafted files (Closes: #552534)

 -- Giuseppe Iuculano <iuculano op debian.org>  Mon, 09 Nov 2009 21:19:11 +0100

libmcrypt (2.5.8-3.1) unstable; urgency=high

  * Non-maintainer upload.
  * High-urgency upload for RC bugfix.
  * Add missing Replaces: from libmcrypt-dev to libmcrypt4 (<< 2.5.8-1).
    Closes: #523310.

 -- Steve Langasek <vorlon op debian.org>  Fri, 14 Aug 2009 14:50:23 -0700

libmcrypt (2.5.8-3) unstable; urgency=low

  * Applied the following patches from sourceforge.net's bugtracker:
    - libmcrypt-2.5.8-prototypes.diff
      http://sourceforge.net/tracker/?func=detail&aid=1872799&group_id=87941&atid=584895
    - libmcrypt-rotate-mask.patch (this should fix build on 64bit archs)
      http://sourceforge.net/tracker/?func=detail&aid=2424445&group_id=87941&atid=584895

 -- RISKO Gergely <risko op debian.org>  Mon, 30 Mar 2009 01:59:02 +0300

libmcrypt (2.5.8-2) unstable; urgency=low

  * debian/rules: fix the clean target, which wasn't runnable after
    extracting the source package
  * remove unneeded libltdl-dev build dependency

 -- RISKO Gergely <risko op debian.org>  Sun, 29 Mar 2009 16:53:12 +0300

libmcrypt (2.5.8-1) unstable; urgency=low

  * Imported Upstream version 2.5.8 (closes: #427437)
    - fixes lib/libmcrypt.m4 quoting bug (closes: #305288)
  * debian/rules: simplified packaging by using dh
  * new control fields (homepage, vcs-*), watch file, debian/compat = 7
  * include the mcrypt.3 manpage as libmcrypt.3 in the dev package
  * enable static library in the dev package
  * put .so and .la into the dev instead of the lib package
    (closes: #501680)
  * debian/copyright cleanups
  * ${Source-Versions} -> ${binary:Version} in debian/control
  * Depends: ${misc:Depends} in debian/control
  * lintian source package overrides: debian/source.lintian-overrides
  * config.sub, config.guess patch to use the versions from
    /usr/share/misc
  * support 40 and 80 bits long keys in cast5
    patch sent to upstream
    (closes: #299509)

 -- RISKO Gergely <risko op debian.org>  Sat, 28 Mar 2009 22:25:40 +0200

libmcrypt (2.5.7-5.1) unstable; urgency=low

  * NMU upload.
  * Fix spurious aclocal warning thanks to a patch from Alban
    Browaeys. Closes: #305288.

 -- Vincent Bernat <bernat op debian.org>  Sat, 13 Dec 2008 15:10:43 +0100

libnet-ldap-perl (1:0.4001-2) unstable; urgency=high

  * add localize-dollar_.patch, fixing using of non-localized $_ in
    Net::LDAP::Constant, causing FTBFS in lemonldap-ng (Closes: #577340)

 -- Damyan Ivanov <dmn op debian.org>  Mon, 19 Apr 2010 23:54:25 +0300

libnet-ldap-perl (1:0.4001-1) unstable; urgency=low

  [ Jonathan Yu ]
  * New upstream release
    + Fix for multiple consecutive spaces in canonical_dn, as
      described in RT#51165 (Closes: #553188)
    + Avoid escaping regular expressions twice (Closes: #540938)
  * Standards-Version 3.8.4 (drop perl version dep)
  * Add myself to Uploaders and Copyright
  * Rewrite control description
  * Use new short debhelper rules format
  * Use 3.0 (quilt) source format
  * Update copyright information
  * Move to new DEP5 copyright format
  * Add a patch to fix POD spelling errors

  [ gregor herrmann ]
  * debian/control: Changed: Switched Vcs-Browser field to ViewSVN
    (source stanza).
  * debian/control: Added: ${misc:Depends} to Depends: field.

  [ Nathan Handler ]
  * debian/watch: Update to ignore development releases.

  [ gregor herrmann ]
  * debian/watch: add uversionmangle to catch potential two-digit versions in
    the future.

 -- Jonathan Yu <jawnsy op cpan.org>  Sat, 03 Apr 2010 13:44:07 -0400

libnet-ldap-perl (1:0.39-1) unstable; urgency=low

  * New upstream release.
  * Add myself to Uploaders.

 -- Ansgar Burchardt <ansgar op 43-1.org>  Sun, 02 Nov 2008 12:41:51 +0100

libnet-ldap-perl (1:0.38-1) unstable; urgency=low

  * New upstream release.
  * debian/control: remove leading article and capital letter from short
    description.

 -- gregor herrmann <gregoa op debian.org>  Fri, 26 Sep 2008 17:01:15 +0200

libnet-ldap-perl (1:0.37-1) unstable; urgency=low

  * New upstream release (closes: #499566).
  * Remove sasl-round-robin.patch, integrated upstreams.
  * debian/copyright: switch to new format, add information about
    inc/Module/*.
  * Refresh debian/rules, no functional changes.
  * Remove lintian override about the non-breakable URL, not needed any more.
  * Add /me to Uploaders.
  * Add patch pod-ellipsis.patch to work around a POD/man problem.

 -- gregor herrmann <gregoa op debian.org>  Sat, 20 Sep 2008 01:19:35 +0200

libpng (1.2.44-1+squeeze4) stable-security; urgency=low

  * CVE-2011-3048

 -- Moritz Muehlenhoff <jmm op debian.org>  Wed, 04 Apr 2012 18:08:48 +0000

libpng (1.2.44-1+squeeze3) stable-security; urgency=high

  * CVE-2011-3045 

 -- Moritz Muehlenhoff <jmm op pisco>  Thu, 22 Mar 2012 16:56:42 +0000

libpng (1.2.44-1+squeeze2) stable-security; urgency=high

  * Fix integer overflow (chromium #112822)

 -- Moritz Muehlenhoff <jmm op pisco>  Wed, 15 Feb 2012 18:07:34 +0000

libpng (1.2.44-1+squeeze1) stable-security; urgency=high

  * Apply upstream patch to 1-byte uninitialized memory reference in
    png_format_buffer(). (Closes: #632786, CVE-2011-2501)
  * Apply upstream patch to buffer overwrite in png_rgb_to_gray.
    (Closes: #633871, CVE-2011-2690)
  * Apply upstream patch to crash in png_default_error due to use of
    NULL Pointer. (Closes: #633871, CVE-2011-2691)
  * Apply upstream patch to memory corruption when handling empty sCAL chunks.
    (Closes: #633871, CVE-2011-2692)

 -- Nobuhiro Iwamatsu <iwamatsu op debian.org>  Fri, 15 Jul 2011 13:06:17 +0900

libpng (1.2.44-1) unstable; urgency=low

  * New upstream release 
    Stop memory leak when reading a malformed sCAL chunk

 -- Anibal Monsalve Salazar <anibal op debian.org>  Sat, 26 Jun 2010 13:32:43 +1000

libpng (1.2.43-1) unstable; urgency=high

  * New upstream release 
  * Fix CVE-2010-0205 and Cert VU#576029
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205
    https://www.kb.cert.org/vuls/id/576029
    Do not stall and consume large quantities of memory while processing
    certain Portable Network Graphics (PNG) files
    Closes: 572308

 -- Anibal Monsalve Salazar <anibal op debian.org>  Wed, 03 Mar 2010 16:44:47 +1100

libpng (1.2.42-2) unstable; urgency=low

  * Merge 1.2.42-1ubuntu1
    Move libpng from /usr/lib to /lib, so that plymouth is usable on
    systems with a separate /usr.
  * Fix out-of-date-standards-version

 -- Anibal Monsalve Salazar <anibal op debian.org>  Sun, 14 Feb 2010 13:09:51 +1100

libpng (1.2.42-1ubuntu1) lucid; urgency=low

  * Merge from Debian testing.  Remaining changes:
    - Move libpng from /usr/lib to /lib, so that plymouth is usable on
      systems with a separate /usr.

 -- Steve Langasek <steve.langasek op ubuntu.com>  Thu, 28 Jan 2010 11:57:34 +0000

libpng (1.2.42-1) unstable; urgency=low

  * New upstream release
  * Remove 02-export-png_set_strip_error_numbers.patch (merged)
  * Fix debhelper-but-no-misc-depends

 -- Anibal Monsalve Salazar <anibal op debian.org>  Sat, 16 Jan 2010 17:53:14 +1100

libpng (1.2.41-1ubuntu1) lucid; urgency=low

  * Move libpng from /usr/lib to /lib, so that plymouth is usable on systems
    with a separate /usr.

 -- Steve Langasek <steve.langasek op ubuntu.com>  Mon, 25 Jan 2010 00:18:15 -0800

libpng (1.2.41-1) unstable; urgency=low

  * New upstream release
  * Debian source format is 3.0 (quilt)
  * Update debian/watch
  * Add 02-export-png_set_strip_error_numbers.patch
    Define PNG_ERROR_NUMBERS_SUPPORTED
    Upstream doesn't define PNG_ERROR_NUMBERS_SUPPORTED since 1.2.41. As
    a consecuence, the symbol png_set_strip_error_numbe@@PNG12_0 wasn't
    exported.

 -- Anibal Monsalve Salazar <anibal op debian.org>  Fri, 04 Dec 2009 11:23:50 +1100

libpng (1.2.40-1) unstable; urgency=low

  * New upstream release

 -- Anibal Monsalve Salazar <anibal op debian.org>  Wed, 07 Oct 2009 12:44:09 +1100

libpng (1.2.39-1) unstable; urgency=low

  * New upstream release
  * Fix out-of-date-standards-version
  * Fix patch-system-but-no-source-readme

 -- Anibal Monsalve Salazar <anibal op debian.org>  Thu, 20 Aug 2009 14:57:46 +1000

libpng (1.2.38-1) unstable; urgency=low

  * New upstream release
  * Fix out-of-date-standards-version
  * Update upstream homepage
    Closes: 536474

 -- Anibal Monsalve Salazar <anibal op debian.org>  Sat, 18 Jul 2009 05:44:23 +1000

libpng (1.2.37-1) unstable; urgency=low

  * New upstream release

 -- Anibal Monsalve Salazar <anibal op debian.org>  Thu, 04 Jun 2009 23:03:58 +1000

libpng (1.2.36-1) unstable; urgency=low

  * New upstream release
  * Standards-Version is 3.8.1
  * debhelper compat is 7
  * Run dh_prep instead of dh_clean -k

 -- Anibal Monsalve Salazar <anibal op debian.org>  Fri, 22 May 2009 09:11:26 +1000

libpng (1.2.35-1) unstable; urgency=high

  * New upstream release
    - http://secunia.com/advisories/33970/
      Fix a vulnerability reported by Tavis Ormandy in which
      some arrays of pointers are not initialized prior to using
      "malloc" to define the pointers.
      Closes: #516256
    - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5907
      The png_check_keyword function in pngwutil.c in libpng, might
      allow context-dependent attackers to set the value of an
      arbitrary memory location to zero via vectors involving
      creation of crafted PNG files with keywords, related to an
      implicit cast of the '\0' character constant to a NULL pointer.
  * Don't build libpng3 when binary-indep target is not called.
    Closes: #486415

 -- Anibal Monsalve Salazar <anibal op debian.org>  Sat, 21 Feb 2009 15:50:52 +1100

libpng (1.2.33-2) unstable; urgency=low

  * Fix the following lintian issues:
    W: libpng12-0: copyright-refers-to-versionless-license-file
       usr/share/common-licenses/GPL

 -- Anibal Monsalve Salazar <anibal op debian.org>  Mon, 16 Feb 2009 11:32:17 +1100

libpng (1.2.33-1) experimental; urgency=low

  * New upstream release
    - Fix memory leak after reading a malformed tEXt chunk

 -- Anibal Monsalve Salazar <anibal op debian.org>  Sat, 01 Nov 2008 17:21:56 +1100

libpng (1.2.32-1) experimental; urgency=low

  * New upstream release
    - libpng.pc is configured to do static linking; closes: #483477
    - use autoconf variables in .pc and libpng-config; closes: #483478
  * Remove debian/patches/02-501109-pngtest.c.diff; it was merged

 -- Anibal Monsalve Salazar <anibal op debian.org>  Sun, 05 Oct 2008 08:20:20 +1100

libselinux (2.0.96-1) unstable; urgency=low

  * New upstream release
    + Add const qualifiers to public API where appropriate by KaiGai
      Kohei.
    + Remove duplicate slashes in paths in selabel_lookup from Chad Sellers
    + Adds a chcon method to the libselinux python bindings from Steve Lawrence

 -- Manoj Srivastava <srivasta op debian.org>  Tue, 20 Jul 2010 23:27:20 -0700

libselinux (2.0.94-1) unstable; urgency=low

  * New upstream release
    * Set errno=EINVAL for invalid contexts from Dan Walsh.
    * Show strerror for security_getenforce() by Colin Walters.
    * Merged selabel database support by KaiGai Kohei.
    * Modify netlink socket blocking code by KaiGai Kohei.
    * Fix from Eric Paris to fix leak on non-selinux systems.
    * regenerate swig wrappers
    * pkgconfig fix to respect LIBDIR from Dan Walsh.
    * Change the AVC to only audit the permissions specified by the
      policy, excluding any permissions specified via dontaudit or not
      specified via auditallow.
    * Fix compilation of label_file.c with latest glibc headers.
    * add/reformat man pages by Guido Trentalancia <guido op trentalancia.com>.
    * Change exception.sh to be called with bash by Manoj Srivastava
      <srivasta op debian.org>
  * Bug fix: "memory leak", thanks to Sam Hocevar. Upstream fixed bug
    a wee bit differently.                              (Closes: #570639).


 -- Manoj Srivastava <srivasta op debian.org>  Sun, 28 Mar 2010 08:40:37 -0700

libselinux (2.0.89-4) unstable; urgency=low

  * Revert decision not to ship /selinux; instead, ask policy folks to add
    an exception.                                Closes: #496752

 -- Manoj Srivastava <srivasta op debian.org>  Fri, 20 Nov 2009 13:00:47 -0600

libselinux (2.0.89-3) unstable; urgency=low

  * Fix breakage in python-selinux.

 -- Manoj Srivastava <srivasta op debian.org>  Thu, 19 Nov 2009 23:58:10 -0600

libselinux (2.0.89-2) unstable; urgency=low

  * [libselinux 16a76cd]: Do not ship /selinux
    Shipping /selinux is a violation of the FHS, and is proscribed by
    Debian policy. There is nothing that actually depends on /selinux
    being present, possibly apart from user scripts. From this point on,
    the machine operator will have to decide where to locate the mount
    point for selinuxfs, and modify /etc/fstab accordingly. SELinux
    modules scan for selinuxfs in /proc/mounts, so everything should
    adjust to the location of the selinuxfs mount automatically.
    Bug fix: "/selinux not in FHS", thanks to Kees Cook (Closes: #556972).

 -- Manoj Srivastava <srivasta op debian.org>  Thu, 19 Nov 2009 01:16:30 -0600

libselinux (2.0.89-1) unstable; urgency=low

  * New upstream point release
    + Add pkgconfig file. This eliminates a patch we have been carrying fr
      a while.
  * Update build dependency on libsepol so we pick up the typo fix in
    libsepol. 

 -- Manoj Srivastava <srivasta op debian.org>  Tue, 17 Nov 2009 13:31:24 -0600

libselinux (2.0.88-1) unstable; urgency=low

  * New upstream point release
    + Rename and export selinux_reset_config()
  
 -- Manoj Srivastava <srivasta op debian.org>  Sun, 25 Oct 2009 12:13:46 -0500

libselinux (2.0.87-3) unstable; urgency=low

  * [8dc8610]: [topic--exception-fix] exception.sh contains bashisms Use
    bash to run exception.sh (fails with non bash /bin/sh. Also, one now
    has to make swigify before building in ./src; this is the poximate
    cause of the bug.
    Bug fix: "python-selinux python modules are missing", thanks to Kees
    Cook (Closes: #551664).

 -- Manoj Srivastava <srivasta op debian.org>  Mon, 19 Oct 2009 19:05:26 -0500

libselinux (2.0.87-2) unstable; urgency=high

  * [937ad58]: [libselinux] Add pkg-config as a build dependency
  * Bug fix: "python-selinux python modules are missing", thanks to Kees
    Cook                                               (Closes: #551664).

 -- Manoj Srivastava <srivasta op debian.org>  Mon, 19 Oct 2009 17:45:51 -0500

libselinux (2.0.87-1) unstable; urgency=low

  * New upstream point release
    + Add exception handling in libselinux from Dan Walsh. This uses a
      shell script called exception.sh to generate a swig interface file.
    + Make matchpathcon print <<none>> if path not found in fcontext file.
    + Removal of reference counting on userspace AVC SID's.
  * Bug fix: "cross-build fixes", thanks to Colin Watson (Closes: #550731).

 -- Manoj Srivastava <srivasta op debian.org>  Tue, 13 Oct 2009 23:53:30 -0500

libselinux (2.0.85-4) unstable; urgency=high

  * Handle the ase of init=/bin/sh in postinst. We now make sure that
    /proc/init/exe is actually /sbin/init, and that we have /dev/initctl,
    before calling tellinit.
    Bug fix: "postinst script fails if there is no /dev/initctl", thanks
    to Johannes Schauer (Closes: #545647).
    Bug fix: "postinst script fails if there is no /dev/initctl", thanks
    to Johannes Schauer (Closes: #545673).

 -- Manoj Srivastava <srivasta op debian.org>  Tue, 08 Sep 2009 12:40:15 -0500

libselinux (2.0.85-3) unstable; urgency=low

  * First cut at providing symbols files.
    Bug fix: "please distribute a .symbols file", thanks to Marco
    d'Itri                                                 (Closes: #544364).
  * Check for extra libraries and shlib version numbers.  Unless there is
    a nocheck option in the deb build options variable, now we look to see
    if there are extra libraries we have linked to. Might need to back
    this out later, if this causes problems on the buildds.

 -- Manoj Srivastava <srivasta op debian.org>  Tue, 01 Sep 2009 23:04:59 -0500

libselinux (2.0.85-2) unstable; urgency=low

  * Re-nenable building in parallel, which was disabled in the last
    upload. 

 -- Manoj Srivastava <srivasta op debian.org>  Sat, 22 Aug 2009 18:42:50 -0500

libselinux (2.0.85-1) unstable; urgency=low

  * New upstream release
    + Reverted Tomas Mraz's fix for freeing thread local storage to avoid
      pthread dependency.
    + Removed fini_context_translations() altogether.
    + Merged lazy init patch from Stephen Smalley based on original patch
      by Steve Grubb.
    + Add per-service seuser support from Dan Walsh.
    + Let load_policy gracefully handle selinuxfs being mounted from
      Stephen Smalley.
    + Check /proc/filesystems before /proc/mounts for selinuxfs from Eric
      Paris.
  * Bug fix: "parallel building fails sometimes", thanks to Kees Cook
    Disabled for now.                                    (Closes: #536840).
  * Bug fix: "It fails to install into an (experimental) chroot", thanks
    to Francesco Paolo Lovergine. Stole chroot detection code from udev's
    postinst. In effect, we stat / and ensure that is the same as
    /proc/1/root's lstat value.                          (Closes: #537888).

 -- Manoj Srivastava <srivasta op debian.org>  Fri, 14 Aug 2009 00:57:32 -0500

libselinux (2.0.82-1) unstable; urgency=low

  * New upstream release
    + Fix improper use of thread local storage from Tomas Mraz
      <tmraz op redhat.com>.
      Bug fix: "ends with Segmentation fault", thanks to Greg Auger
                                               (Closes:    #505920).
    + Label substitution support from Dan Walsh.
    + Support for labeling virtual machine images from Dan Walsh.

 -- Manoj Srivastava <srivasta op debian.org>  Wed, 24 Jun 2009 14:06:41 -0500

libselinux (2.0.81-1) unstable; urgency=low

  * New upstream release
    + Trim / from the end of input paths to matchpathcon from Dan Walsh.
    + Fix leak in process_line in label_file.c from Hiroshi Shinji.
    + Move matchpathcon to /sbin, add matchpathcon to clean target from
      Dan Walsh.
    + getdefaultcon to print just the correct match and add verbose option
      from Dan Walsh.
  * [9d523e1]: [topic--debian]: The matchpathcon symbolic link should be
    absolute As per Debian policy.

 -- Manoj Srivastava <srivasta op debian.org>  Sat, 20 Jun 2009 22:50:21 -0500

libselinux (2.0.80-1) unstable; urgency=low

  * New upstream release
    + deny_unknown wrapper function from KaiGai Kohei.
    + security_compute_av_flags API from KaiGai Kohei.
    + Netlink socket management and callbacks from KaiGai Kohei.
    + Netlink socket handoff patch from Adam Jackson.
    + AVC caching of compute_create results by Eric Paris.
    + Fix incorrect conversion in discover_class code.
    + add restorecon to python bindings from Dan Walsh.
    + Client support for translating raw contexts to colors via setrans.
    + Allow shell-style wildcards in x_contexts file.
    + Correct message types in AVC log messages.
    + Make matchpathcon -V pass mode from Dan Walsh.
    + Add man page for selinux_file_context_cmp from Dan Walsh.
    + New man pages from Dan Walsh.
    + Update flask headers from refpolicy trunk from Dan Walsh.

 -- Manoj Srivastava <srivasta op debian.org>  Thu, 30 Apr 2009 00:39:00 -0500

libselinux (2.0.71-1) unstable; urgency=low

  * New upstream release
     + Add group support to seusers using %groupname syntax from Dan Walsh.
     + Mark setrans socket close-on-exec from Stephen Smalley.
     + Only apply nodups checking to base file contexts from Stephen
       Smalley.
     + Merge ruby bindings from Dan Walsh.
     + Handle duplicate file context regexes as a fatal error from Stephen
       Smalley. This prevents adding them via semanage.
     + Fix audit2why shadowed variables from Stephen Smalley.
     + Note that freecon NULL is legal in man page from Karel Zak.
     + New and revised AVC, label, and mapping man pages from Eamon
       Walsh.
     + Add swig python bindings for avc interfaces from Dan Walsh.
  * Added ruby bindings package
  * Updated the watch file
  * Updated the build system to the make -j friendly, non-double-colon
    taget based system. This should make building the package more
    robust.

 -- Manoj Srivastava <srivasta op debian.org>  Tue, 10 Feb 2009 11:48:35 -0600

libsepol (2.0.41-1) unstable; urgency=low

  * Added myself to the uploaders.
  * This version is a trivial new upstream release, so it seems that we might
    as well just include it for Squeeze.

 -- Russell Coker <russell op coker.com.au>  Wed, 26 May 2010 14:54:26 +1000

libsepol (2.0.40-2) unstable; urgency=low

  * Fix typo found by lintian.
  * [25329c6]: [spelling fix]: cannnot -> cannot and suport -> support
    This was reported after a lintian check found this on any package
    linked with libsepol. Closes: #556390

 -- Manoj Srivastava <srivasta op debian.org>  Tue, 17 Nov 2009 10:29:54 -0600

libsepol (2.0.40-1) unstable; urgency=low

  * New upstream point release
    + Added pkgconfig file. This eliminates the last patch we were
      carrying against upstream.

 -- Manoj Srivastava <srivasta op debian.org>  Tue, 17 Nov 2009 09:53:02 -0600

libsepol (2.0.39-1) unstable; urgency=low

  * New upstream point release. Adds support for building Xen policies
    from Paul Nuzzi. 

 -- Manoj Srivastava <srivasta op debian.org>  Thu, 15 Oct 2009 22:53:54 -0500

libsepol (2.0.38-2) unstable; urgency=high

  * Handle the init=/bin/sh case in postinst    
    The previous tests did not check to see if the process running with
    process id 1 was actually /sbin/init, or if /dev/initctl was present to
    be talked to.
  * Note that checklibs fails with a spurious error on IA64.
  * Urgency high, since this is causing all kinds of failures in
    situations were init=/bin/sh, like qemubuilder.

 -- Manoj Srivastava <srivasta op debian.org>  Tue, 08 Sep 2009 11:52:21 -0500

libsepol (2.0.38-1) unstable; urgency=low

  * New upstream release
     Check last offset in the module package against the file size.
     Reported by Manoj Srivastava for bug filed by Max Kellermann.
  * Bug fix: "out of memory", thanks to Max Kellermann   (Closes: #543915).
  * Bug fix: "/etc/.initctl: ENOENT breaks debootstrap on kfreebsd",
    thanks to Philipp Kern. This package has been removed from all !linux
    architectures, and no longer builds on them.         (Closes: #543938).
  * First cut at providing symbols files.
  *  Check for extra libraries and shlib version numbers.  Unless there is
    a nocheck option in the deb build options variable, now we look to see
    if there are extra libraries we have linked to. Might need to back
    this out later, if this causes problems on the buildds.

 -- Manoj Srivastava <srivasta op debian.org>  Tue, 01 Sep 2009 16:58:24 -0500

libsepol (2.0.37-2) unstable; urgency=low

  * [f7ba986]: [libsepol]: common code update: Make sure the jobserver is
    no killed.
  * [b8570c3]: [libsepol] only run init -u when not in a chroot
    This fix was done 10 days ago, I just forgot to upload the new
    version; and then I was wondering how the bugs could possibly happen,
    since the code in front of me would prevent that.
    Bug fix: "postinst script fails in chroot environment", thanks to
    Ondřej Surý (Closes: #543347).
    Bug fix: "telinit doesn't work inside chroot", thanks to Sylvain
    Le Gall (Closes: #543344).

 -- Manoj Srivastava <srivasta op debian.org>  Mon, 24 Aug 2009 09:36:01 -0500

libsepol (2.0.37-1) unstable; urgency=low

  * New upstream release
    + Add method to check disable dontaudit flag from Christopher Pardy.

 -- Manoj Srivastava <srivasta op debian.org>  Thu, 13 Aug 2009 23:51:54 -0500

libsepol (2.0.36-1) unstable; urgency=low

  * New upstream release
    + Fix boolean state smashing from Joshua Brindle.
    + Fix alias field in module format, caused by boundary format change
      from Caleb Case.
    + Add bounds support from KaiGai Kohei.
    + Fix invalid aliases bug from Joshua Brindle.
    + Revert patch that removed expand_rule.

 -- Manoj Srivastava <srivasta op debian.org>  Wed, 29 Apr 2009 20:43:17 -0500

libsepol (2.0.32-1) unstable; urgency=low

  * New upstream release
    + Allow require then declare in the source policy from Joshua
      Brindle.
    + Fix mls_semantic_level_expand() to handle a user require w/o MLS
      information from Stephen Smalley.
  * Updated the watch and copyright files to reflect the new source
    location.

 -- Manoj Srivastava <srivasta op debian.org>  Mon, 09 Feb 2009 23:51:49 -0600

libthai (0.1.14-2) unstable; urgency=medium

  * Urgency medium due to RC bug fix.
  * patches/01_ftbfs-manpages.patch: Added to turn off manpages generation,
    which are unused anyway. (Closes: #573663)

 -- Theppitak Karoonboonyanan <thep op debian.org>  Sun, 14 Mar 2010 16:58:52 +0700

libthai (0.1.14-1) unstable; urgency=low

  * New upstream release.
  * Bump Standards-Version to 3.8.4 (no changes needed)

 -- Theppitak Karoonboonyanan <thep op debian.org>  Sun, 28 Feb 2010 13:25:47 +0700

libthai (0.1.13-1) unstable; urgency=high

  * New upstream security update release
    - Fix integer overflow vulnerabilities (CVE-2009-4012).
  * debian/rules: Fix failure to build twice in a row:
    - Fix typo '$(MAKE) maintainerclan'
    - Clean other changed files left over from 'make maintainer-clean'
    - 'config.status' depends on 'configure.in' instead of 'configure'

 -- Theppitak Karoonboonyanan <thep op debian.org>  Fri, 15 Jan 2010 17:37:19 +0700

libthai (0.1.12-2) unstable; urgency=low

  * debian/control:
    - Update my e-mail address to @debian.org.
    - Drop DM-Upload-Allowed.
  * debian/copyright:
    - Update my e-mail address for debian/* to @debian.org.
  * debian/rules:
    - Run autoreconf instead of just updating config.{sub,guess}, as required
      by libtool
    - Run 'make maintainerclean' instead of 'make distclean' on clean target,
      to clear all autoconf-generated files
  * debian/control:
    - Build-Depends on libtool, automake, autoconf, for autoreconf.
    - Drop Build-Depends on autotools-dev
  * Switch to "3.0 (quilt)" source format.
  * Bump Standards-Version to 3.8.3 (no changes needed)

 -- Theppitak Karoonboonyanan <thep op debian.org>  Thu, 10 Dec 2009 10:10:35 +0700

libthai (0.1.12-1) unstable; urgency=low

  * New upstream release.
  * debian/control: Drop duplicated "section" fields for libthai0 and
    libthai-data [lintian].
  * Declare libthai0 as Enhances: kdelibs5.
  * Drop libthai.la, as kdelibs5 has now replaced substantial parts of KDE,
    obsoleting the last package set that requires it:
    - debian/libthai-dev.install: Remove *.la
    - debian/rules: Remove libthai.la dependency emptying code
    - debian/control: Remove Enhances: kdelibs declaration from libthai-dev
  * Shared lib updates due to symbol versioning:
    - debian/rules:
      + Bump shlib dep to 0.1.12
    - debian/libthai0.symbols:
      + Update symbols, setting minver to 0.1.12 for all symbols
  * Bump Standards-Version to 3.8.2 (no changes needed)

 -- Theppitak Karoonboonyanan <thep op linux.thai.net>  Sun, 21 Jun 2009 08:34:02 +0700

libthai (0.1.11-3) unstable; urgency=low

  * Version libthai-dev dep on libdatrie-dev (>= 0.2.0).
  * debian/rules:
    - Empty the dependency_libs in the *.la files
    - Define LDFLAGS outside the configure line, for easy adjustment

 -- Theppitak Karoonboonyanan <thep op linux.thai.net>  Wed, 15 Apr 2009 11:15:20 +0700

libthai (0.1.11-2) unstable; urgency=low

  * Version b-dep on libdatrie-dev (>= 0.2.0).
  * Drop versioned b-dep on dpkg-dev, as Vcs-Cvs: is no more needed.
  * Upload to unstable.

 -- Theppitak Karoonboonyanan <thep op linux.thai.net>  Mon, 13 Apr 2009 11:01:07 +0700

libthai (0.1.11-1) experimental; urgency=low

  * Versioned Conflicts on libdatrie0 (<< 0.1.4), i.e. lenny version, which
    lacked symbol versioning and caused symbol clashes.
  * New upstream release.

 -- Theppitak Karoonboonyanan <thep op linux.thai.net>  Mon, 06 Apr 2009 13:54:19 +0700

libthai (0.1.10-1) experimental; urgency=low

  * New upstream release, with updated dependency and data format change
    - Build-dep on libdatrie-dev (>= 0.2.0) instead of libdatrie0-dev
    - Build-dep on libdatrie1-bin instead of libdatrie-bin
    - libthai-dev depends on libdatrie-dev instead of libdatrie0-dev
    - libthai0 depends on libthai-data (>= 0.1.10)
    - libthai-data conflicts with libthai0 (<< 0.1.10)
  * VCS moved from CVS to SVN; update Vcs-* fields accordingly.
  * debian/libdatrie0.symbols: Add new export symbol '_libthai_on_unload';
    No shlibs version bump, because the new symbol is just for housekeeping
  * Bump debhelper compat to level 7
    - Bump debian/compat to 7
    - Build-dep on debhelper (>= 7)
    - debian/rules:
      + Replace obsoleted 'dh_clean -k' with 'dh_prep'
      + Remove *-stamp clean-ups in clean target, as dh_clean now does it
  * Update debian/copyright to proposal rev 454:
    - Add Upstream-Name:
    - Use Upstream-Maintainer: instead of Upstream-Author:
    - Use Upstream-Source: instead of Original-Source-Location:
    - Drop Packaged-By: and Packaged-Date:
    - Move 'Files: *' section to top
    - Replace GPL-2+ and LGPL-2+ license message with 'On Debian ...'
  * debian/copyright: Update copyright years
  * Bump Standards-Version to 3.8.1 (no changes needed)

 -- Theppitak Karoonboonyanan <thep op linux.thai.net>  Mon, 30 Mar 2009 17:28:52 +0700

libx11 (2:1.3.3-4+squeeze1) squeeze-security; urgency=high

  * CVE-2013-1981: integer overflows calculating memory needs for replies
  * CVE-2013-1997: buffer overflows due to not validating length or offset
    values in replies
  * CVE-2013-2004: unbounded recursion parsing user-specified files
    (closes: #145048)

 -- Julien Cristau <jcristau op debian.org>  Tue, 21 May 2013 22:26:20 +0200

libx11 (2:1.3.3-4) unstable; urgency=low

  * Cherry-pick patches from upstream, 1.3-branch:
    - man: Fix typo in Makefile
    - Bug 27465 - Rewritten fi_FI.UTF-8 Compose file
    - Fix typo in new fi_FI.UTF-8 that was reported by "make check"
    - man: Redirect users from XKeycodeToKeysym to XkbKeycodeToKeysym #25732
    - man: Fix return value specification of XkbKeyActionEntry
    - man: Return value of XkbGetState is Status and not Bool
    - man: Add missing geometry component flag
    - man: Correct the XkbAllAccessXEventsMask mask name
    - Fix manual typos.
    - Allow X11 users to compose anarchism
    - Clarify requirements in XRestackWindows man page
    - Fix typo that made configure always report "none" for man page suffix
    - Define FILE_MAN_DIR_SUFFIX so XCompose shadow page has correct path
    - Compose.man: default user compose file is .XCompose, not .Xcompose
    - Make Compose-comma map to Ogonek for A and E in UTF-8 locales.
    - Make Compose-comma map to ogonek for I and U in UTF-8 locales.
    - NLS: Add \o/ Compose sequence
    - nls: Switch one of the interrobang sequences to gnaborretni
    - Bug 29773: aliases for nb_NO.utf8 and nn_NO.utf8

 -- Cyril Brulebois <kibi op debian.org>  Fri, 19 Nov 2010 17:52:14 +0100

libx11 (2:1.3.3-3) unstable; urgency=low

  [ Julien Cristau ]
  * Drop manpage from libx11-6-udeb.
  * Don't install X11 locale data in the udeb.  The installer uses only gtk
    apps so this is useless (and big).

  [ Cyril Brulebois ]
  * Cherry-pick patch from upstream to run user's synchandlers as well as
    any internal synchandlers: 75ea8c3793. This fixes xnee issues when
    RECORD extension is enabled (Closes: #536491; LP: #378648).
  * Merge xsfbs/debian-unstable to fix double autoreconf runs.

 -- Cyril Brulebois <kibi op debian.org>  Tue, 13 Apr 2010 14:46:16 +0200

libx11 (2:1.3.3-2) unstable; urgency=low

  [ Julien Cristau ]
  * Update debian/copyright from upstream COPYING.
  * Remove myself from Uploaders

  [ Brice Goglin ]
  * Remove Jamey Sharp and Josh Triplett from Uploaders, closes: #568274.

  [ Cyril Brulebois ]
  * Add udeb needed for the graphical installer: libx11-6-udeb.
  * Bump the B-D on libxcb1-dev to ensure libx11-6-udeb gets a dependency
    on libxcb1-udeb.
  * Bump Standards-Version from 3.8.3 to 3.8.4 (no changes needed).
  * Add myself to Uploaders.

 -- Cyril Brulebois <kibi op debian.org>  Thu, 11 Mar 2010 01:06:06 +0100

libx11 (2:1.3.3-1) unstable; urgency=low

  * xtrans has been fixed to not make us export a weak in6addr_any.  Adjust
    libx11-6.symbols accordingly (closes: #560648).
  * Rename the build directory to not include DEB_BUILD_GNU_TYPE for no
    good reason.  Thanks, Colin Watson!
  * Update symbols file for sparc64 (closes: #560400).  Thanks, Aurélien
    Jarno!
  * New upstream release
    + fix XCopyGC argument order in manpage (LP: #408337)
  * Bump xutils-dev build-dep for new util-macros.
  * Install the Compose man page in libx11-data.
  * Rediff patches 003_recognize_glibc_2.3.2_locale_names.diff,
    007_iso8859-15_Compose_fix.diff, 008_remove_ko_Compose.diff,
    009_remove_th_Compose.diff, 015_russian_locale_alias.diff.
  * libx11-6.symbols: add xlocaledir, made non-static in 1.3.3.

 -- Julien Cristau <jcristau op debian.org>  Sat, 16 Jan 2010 22:47:32 +0000

libx11 (2:1.3.2-1) unstable; urgency=low

  [ Julien Cristau ]
  * libx11-6.symbols: _XkbReadBufferCopy32, _XkbReadCopyData32 and
    _XkbWriteCopyData32 are only present on 64-bit architectures.
  * Unmark the following symbols as private, they're being used:
    - _XRegisterFilterByMask
    - _XRegisterFilterByType
    - _XUnregisterFilter
    - _XInitKeysymDB
    - _Xevent_to_mask
  * Build the Xlib specs and install them in libx11-dev.
  * Upload to unstable.

  [ Timo Aaltonen ]
  * New upstream release.
  * Bump the build-dep on xutils-dev (>= 1:7.5~1).

 -- Julien Cristau <jcristau op debian.org>  Mon, 23 Nov 2009 20:50:03 +0100

libx11 (2:1.3-1) experimental; urgency=low

  * libx11-6.symbols: mark some more stuff as private.
  * libx11-6.symbols: add kfreebsd-amd64 tag for 64-bit symbols.
  * Run dpkg-gensymbols with -c4 to catch mismatches between the symbols file
    and the library.
  * New upstream release.
  * Cherry-pick patch from upstream git to avoid an error in configure due to
    underquoting.
  * Fix 006_tailor_pt_BR.UTF-8_Compose.diff to apply on new upstream.
  * Bump Standards-Version to 3.8.3.

 -- Julien Cristau <jcristau op debian.org>  Mon, 12 Oct 2009 15:28:23 +0200

libx11 (2:1.2.99.901-1) experimental; urgency=low

  [ Brice Goglin ]
  * Bump Standards-Version to 3.8.2.

  [ Julien Cristau ]
  * Drop 002_arm_abi_brain_damage.diff, the old ABI arm port is gone.
  * Use a glob in libx11-6.install and libx11-xcb1.install.
  * Add tentative symbols file for libX11.so.6.  Many private symbols still
    included.
  * Build-depend on dpkg 1.15.3, to get support for tags in the symbols file.
  * New upstream release candidate
    + add {left,right}wards arrow to en_US.UTF-8 compose table
      (closes: #532117).  Thanks, Filippo Giunchedi!

 -- Julien Cristau <jcristau op debian.org>  Wed, 05 Aug 2009 17:04:28 +0200

libx11 (2:1.2.2-1) unstable; urgency=low

  [ Julien Cristau ]
  * Move dbg packages to new debug section.
  * Kill preinst which handled upgrades from early Ubuntu versions (before
    breezy).  This is long obsolete.

  [ Brice Goglin ]
  * New upstream release.
    + Fix fi_FI.UTF-8, closes: #519474.
    + Fix thai XIM filtering keys when NumLock/CapsLock is on, closes: #443800.
  * Add myself to Uploaders.

 -- Brice Goglin <bgoglin op debian.org>  Sun, 19 Jul 2009 19:21:16 +0200

libx11 (2:1.2.1-1) unstable; urgency=low

  * New upstream release.
    + fixes fi_FI.UTF-8 locale (closes: #519474)
    + adds sr_RS locale (closes: #507940)
    + adds hu_HU.utf8 locale alias (closes: #407573)
    + Compose entries for some standard mathematical operators
      (closes: #411734)
  * Patch 012_ru_RU_UTF-8_XLC_LOCALE.diff removed, applied upstream.
  * Update patches 003_recognize_glibc_2.3.2_locale_names.diff,
    006_tailor_pt_BR.UTF-8_Compose.diff and 015_russian_locale_alias.diff.
  * 003_recognize_glibc_2.3.2_locale_names.diff: don't comment out the
    microsoft-cp* entries from compose.dir (closes: #511354).  Thanks, Sergei
    Golovan!
  * 003_recognize_glibc_2.3.2_locale_names.diff: don't comment out the eo_XX
    entries from compose.dir and locale.dir (closes: #479058).  Thanks, Luiz
    Portella!
  * 009_remove_th_Compose.diff: new patch, comment out the th_TH.UTF-8 entry
    from compose.dir, to allow Thai XIM as default for X apps
    (closes: #520509).  Thanks, Theppitak Karoonboonyanan!

 -- Julien Cristau <jcristau op debian.org>  Wed, 08 Apr 2009 12:31:21 +0100

libx11 (2:1.2-1) unstable; urgency=low

  * New upstream release.
  * Remove obsolete ld.so.conf handling from libx11-6 postinst.
  * Run autoreconf on build; add build-deps on automake, libtool, xutils-dev.
  * Handle parallel builds.
  * Refresh patches 003_recognize_glibc_2.3.2_locale_names.diff and
    012_ru_RU_UTF-8_XLC_LOCALE.diff.
  * Use a wildcard for usr/share/X11/locale instead of listing every single
    file.

 -- Julien Cristau <jcristau op debian.org>  Mon, 09 Mar 2009 16:36:09 +0100

libx11 (2:1.1.99.2-1) experimental; urgency=low

  * New upstream release.
  * Use new xcb socket handoff mechanism, update (build-)dependencies.
  * Refresh patches.
  * Build-dep on x11proto-core-dev >= 7.0.13.

 -- Julien Cristau <jcristau op debian.org>  Mon, 01 Dec 2008 22:37:28 +0100

libxfont (1:1.4.1-3) squeeze-security; urgency=high

  * Fix LZW decompression heap corruption (CVE-2011-2895).

 -- Julien Cristau <jcristau op debian.org>  Thu, 11 Aug 2011 16:15:30 +0200

libxfont (1:1.4.1-2) unstable; urgency=low

  [ Julien Cristau ]
  * Rename the build directory to not include DEB_BUILD_GNU_TYPE for no
    good reason.  Thanks, Colin Watson!
  * Remove myself from Uploaders

  [ Cyril Brulebois ]
  * Use dh_makeshlibs’s -V argument instead of debian/libxfont1.shlibs
  * Add udeb needed for the graphical installer: libxfont1-udeb.
  * Version the B-D on libfontenc-dev to ensure libxfont1-udeb gets a
    dependency on libfontenc1-udeb.
  * Use a bzip2-less flavour for the udeb.
  * Bump Standards-Version from 3.8.3 to 3.8.4 (no changes needed).
  * Fix obsolete-relation-form-in-source by using “<<” instead of “<” for
    xprint in Conflicts, thanks to lintian.
  * Add myself to Uploaders.

 -- Cyril Brulebois <kibi op debian.org>  Wed, 10 Mar 2010 20:05:31 +0100

libxfont (1:1.4.1-1) unstable; urgency=low

  * New upstream release.
  * Bump xutils-dev build-dep for new util-macros.
  * Build documentation, install it in libxfont-dev.
  * Enable support for bzip2 compressed bitmap fonts.
  * Don't use LDFLAGS from the environment.  Ubuntu sets that to
    -Bsymbolic-functions, which breaks libXfont's weak symbols usage.

 -- Julien Cristau <jcristau op debian.org>  Wed, 02 Dec 2009 11:12:13 +0100

libxfont (1:1.4.0-3) unstable; urgency=low

  * libxfont1 Conflicts: xprint (< 2:1.6.0-1). 
    The requiem release of xprint (1.6) will not conflict with
    libxfont1. I am assured the garlic wreaths should prove most
    efficacious at protecting the general public from the undead. 
  * Standards version 3.8.3.

 -- Drew Parsons <dparsons op debian.org>  Sat, 31 Oct 2009 11:29:34 +1100

libxfont (1:1.4.0-2) unstable; urgency=high

  * libxfont1 Conflicts with xprint, printer font support was removed upstream
    in 1.4.0 (closes: #535952).
  * Add README.source from xsfbs.  Bump Standards-Version to 3.8.2.

 -- Julien Cristau <jcristau op debian.org>  Sun, 02 Aug 2009 13:36:46 +0200

libxfont (1:1.4.0-1) unstable; urgency=low

  * New upstream release.
  * Move libxfont1-dbg to new section 'debug'.

 -- Julien Cristau <jcristau op debian.org>  Mon, 13 Apr 2009 12:11:23 +0100

libxfont (1:1.3.4-2) unstable; urgency=low

  * Update debian/copyright from upstream COPYING.
  * Upload to unstable.

 -- Julien Cristau <jcristau op debian.org>  Mon, 16 Feb 2009 19:31:59 +0100

libxfont (1:1.3.4-1) experimental; urgency=low

  * Wrap build-deps in debian/control.
  * Run autoreconf on build; build-dep on xutils-dev, autoconf, automake and
    libtool.
  * Handle parallel builds.
  * New upstream release.
  * Drop obsolete x11proto-fontcache-dev build-dependency.

 -- Julien Cristau <jcristau op debian.org>  Tue, 23 Dec 2008 15:06:37 +0100

libxml2 (2.7.8.dfsg-2+squeeze7) stable-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fix cve-2013-0338 and cve-2013-0339: large memory consuption issues when 
    performing string substition during entity expansion (closes: #702260).

 -- Michael Gilbert <mgilbert op debian.org>  Mon, 25 Mar 2013 23:52:58 +0000

libxml2 (2.7.8.dfsg-2+squeeze6) stable-security; urgency=high

  [ Daniel Veillard ]
  * Fix potential out of bound access
    CVE-2012-5134, Closes: #694521.

 -- Aron Xu <aron op debian.org>  Wed, 28 Nov 2012 22:43:42 +0800

libxml2 (2.7.8.dfsg-2+squeeze5) stable-security; urgency=low

  [ Daniel Veillard ]
  * Fix parser local buffers size problems
  * Fix entities local buffers size problems
  CVE-2012-2807, Closes: #679280.

 -- Aron Xu <aron op debian.org>  Thu, 19 Jul 2012 16:49:45 +0800

libxml2 (2.7.8.dfsg-2+squeeze4) stable-security; urgency=high

  * CVE-2011-3102

 -- Moritz Muehlenhoff <jmm op debian.org>  Wed, 23 May 2012 17:12:45 +0000

libxml2 (2.7.8.dfsg-2+squeeze3) stable-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Apply upstream patch to add randomization to hashing with large
    dictionaries to mitigate hash DoS (CVE-2012-0841; Closes: #660846).

 -- Nico Golde <nion op debian.org>  Wed, 22 Feb 2012 11:17:27 +0000

libxml2 (2.7.8.dfsg-2+squeeze2) stable-security; urgency=high

  * Security update.
  * parser.c: Fix an allocation error when copying entities.
    CVE-2011-3919. Closes: #656377.
  * parser.c: Make sure parser returns when getting a Stop order.
    CVE-2011-3905.
  * encoding.c: Fix off by one error. CVE-2011-0216. Closes: 652352.
  * xpath.c: Fix for undefined namespaces. CVE-2011-2834.
  * xpath.c, xpointer.c, include/libxml/xpath.h: 
    Hardening of XPath evaluation. CVE-2011-2821. Closes: 643648.

 -- Aron Xu <aron op debian.org>  Tue, 24 Jan 2012 03:25:23 +0800

libxml2 (2.7.8.dfsg-2+squeeze1) stable-security; urgency=low

  * xpath.c: Fix some potential problems on reallocation failures.
    Closes: #628537.

 -- Mike Hommey <glandium op debian.org>  Sat, 04 Jun 2011 10:40:06 +0900

libxml2 (2.7.8.dfsg-2) unstable; urgency=low

  * xpath.c: Fix a double-freeing error in XPath processing code.
    (CVE-2010-4494). Closes: #607922.

 -- Mike Hommey <glandium op debian.org>  Sat, 25 Dec 2010 10:48:27 +0100

libxml2 (2.7.8.dfsg-1) unstable; urgency=low

  * New upstream release.
  * configure.in: Applied upstream fix to reactivate symbol versioning script.

 -- Mike Hommey <glandium op debian.org>  Fri, 05 Nov 2010 08:23:58 +0100

libxml2 (2.7.7.dfsg-4) unstable; urgency=low

  * debian/rules:
    - Use a variable to express which sub-targets to invoke for
      configure/build/install.
    - Refactor configure-% and build-% rules.
    - Avoid possible renaming of _d.so files to _d_d.so files in the
      install-python%-dbg rules.
  * debian/control, debian/control.udeb, debian/libxml2-udeb.install,
    debian/rules: Add an udeb package when building for Ubuntu.
    Closes: #583767.
  * debian/control:
    - Remove old Conflicts/Replaces for packages that have disappeared before
      etch.
    - Bump Standards-Version to 3.9.0.0.

 -- Mike Hommey <glandium op debian.org>  Tue, 29 Jun 2010 12:42:35 +0200

libxml2 (2.7.7.dfsg-3) unstable; urgency=low

  * debian/rules: Use build_python* instead of build-python* as build
    directory when configuring python modules. build-python$* would get
    matched by make as an existing file and would prevent evaluation of the
    corresponding build rule. Thanks Loïc Minier.
  * debian/python-libxml2.install: Don't hardcode site-/dist-packages in
    .install. Cope with builds which don't have any dist-packages (or
    site-packages) based python versions. Thanks Loïc Minier.
  * debian/rules, debian/python-libxml2-dbg.install, debian/control:
    Add a python-libxml2-dbg package. Closes: #583582.
  * debian/rules: Don't link against libpython.
  * python-libxml2-dbg.preinst: Remove /usr/share/doc/python-libxml2-dbg
    symlink when it exists (which is the case with older Ubuntu packages).

 -- Mike Hommey <glandium op debian.org>  Wed, 23 Jun 2010 18:52:51 +0200

libxml2 (2.7.7.dfsg-2) unstable; urgency=low

  * debian/libxml2-dbg.preinst, debian/libxml2-dev.preinst,
    debian/libxml2-utils.preinst: Remove /usr/share/doc symbolic links on
    upgrade. They will then be replaced by directories by dpkg.
    Closes: #577025.

 -- Mike Hommey <glandium op debian.org>  Fri, 09 Apr 2010 10:21:02 +0200

libxml2 (2.7.7.dfsg-1) unstable; urgency=low

  * New upstream release.
  * debian/control:
    + Bump Standards-Version to 3.8.4.0.
    + Depend on a version of debhelper that provides dh and supports
      overrides.
  * debian/compat: Bump to 7.
  * debian/rules:
    + Don't avoid to build in example/. There is no reason to do so anymore.
    + Remove remains of WORKAROUND_MODIFIED_FILES, that was removed 2 years
      ago.
    + Change the way python libs are built. We now use configure to set
      different environment with and without python, and arrange things so
      that we don't have to build the base libxml2 library several times.
    + Deduplicate in /usr/lib/pyshared, not
      /usr/lib/python-support/python-libxml2.
    + Remove old source and diff rules that only displayed a message
      inviting to use dpkg-source -b.
    + Force -Wl,--as-needed at the beginning of the gcc command line.
    + Simplify rules by switching to dh.
    + Don't refresh COPYING during clean target, it appears not to be
      necessary anymore.
    + Use a common cache for main and python configure passes.
  * debian/python-libxml2.install: Install python files from
    /usr/lib/python*/dist-packages.
  * python/generator.py: Sort python generated stubs so that libxml2.py
    doesn't differ between python 2.5 and 2.6.
  * doc/devhelp/Makefile.{am,in}: Properly install devhelp files when
    builddir != srcdir.

 -- Mike Hommey <glandium op debian.org>  Sun, 21 Mar 2010 09:51:17 +0100

libxml2 (2.7.6.dfsg-2) unstable; urgency=low

  * Cherry-picks from upstream git:
    + globals.c: fix the initialization of the mutex.
    + xmlIO.c: remove an abuse of zlib API and use a clean interface
      available in zlib >= 1.2.3. Closes: #565683, #565823.
  * debian/control:
    + Put libreadline-dev before libreadline5-dev in Build-Deps.
      Closes: #553803.
    + Add misc:Depends dependencies where they are missing.

 -- Mike Hommey <glandium op debian.org>  Tue, 19 Jan 2010 18:41:49 +0100

libxml2 (2.7.6.dfsg-1) unstable; urgency=low

  * New upstream release.
  * debian/control:
    + Bump Standards-Version to 3.8.3.0.
    + Set libxml2 package priority to standard to match override.

 -- Mike Hommey <glandium op debian.org>  Sat, 10 Oct 2009 23:55:41 +0200

libxml2 (2.7.5.dfsg-1) unstable; urgency=low

  * New upstream release.
    + Fixed a RelaxNG bug introduced in 2.7.4. Closes: #546442.

 -- Mike Hommey <glandium op debian.org>  Fri, 25 Sep 2009 22:28:53 +0200

libxml2 (2.7.4.dfsg-2) unstable; urgency=low

  * debian/libxml2.symbols: Force binaries that use versioned symbols to
    depend on version 2.7.4 at least.
  * parser.c: Fix a parsing problem with little data at startup.
    Cherry-picked from upstream git. Closes: #546254, #546488.

 -- Mike Hommey <glandium op debian.org>  Wed, 16 Sep 2009 00:12:50 +0200

libxml2 (2.7.4.dfsg-1) unstable; urgency=low

  * New upstream release.
  * Revert old change to entities.c.
  * debian/copyright: Change upstream url. Closes: #541082.
  * debian/libxml2.symbols: Change symbols file to use newly introduced
    symbol versioning
  * debian/rules: bump shlibs to current version.

 -- Mike Hommey <glandium op debian.org>  Thu, 10 Sep 2009 23:04:35 +0200

libxml2 (2.7.3.dfsg-2.1) unstable; urgency=high

  * Non-maintainer upload by the Security Team (Closes: #540865).
  * Fix multiple use-after-free flaws when parsing notation and
    enumeration attribute types (CVE-2009-2416).
  * Fix stack overflow when parsing root XML document element DTD
    definition (CVE-2009-2414).

 -- Nico Golde <nion op debian.org>  Sun, 16 Aug 2009 17:45:17 +0200

libxml2 (2.7.3.dfsg-2) unstable; urgency=low

  * debian/no-upstream-changelog: Removed.
  * debian/rules: Don't use symlinks in /usr/share/doc anymore, and only
    install the upstream changelog in the libxml2 package. Considering
    its size, we don't need it everywhere. Closes: #496959.
  * include/libxml/*.h: change ATTRIBUTE_PRINTF into LIBXML_ATTR_FORMAT
    to avoid macro name. Cherry-pick upstream f076f34. Closes: #521994.
  * error.c: fix structured error handling problems. Cherry-pick upstream
    719f397. Closes: #522669.
  * debian/control:
    + Change libxml2-dbg's section to "debug".
    + Bump Standards-Version to 3.8.2.0.
    + Add Homepage, Vcs-Git and Vcs-Browser fields.

 -- Mike Hommey <glandium op debian.org>  Mon, 13 Jul 2009 08:56:37 +0200

libxml2 (2.7.3.dfsg-1) unstable; urgency=low

  * New upstream release.
  * parser.c: Remove useless nbParse* variables and avoid exporting them as
    symbols.
  * debian/libxml2.symbols: Reference the new symbols.
  * debian/rules: bump shlibs to current version.

 -- Mike Hommey <glandium op debian.org>  Sun, 01 Mar 2009 11:57:55 +0100

libxmu (2:1.0.5-2) unstable; urgency=high

  [ Julien Cristau ]
  * Rename the build directory to not include DEB_BUILD_GNU_TYPE for no
    good reason.  Thanks, Colin Watson!
  * Remove myself from Uploaders
  * Don't pass both -s and -Nfoo/-pfoo to dh_strip.  This resulted in an empty
    libxmuu1-dbg (Closes: #594500).  Thanks to Luca Falavigna for the report.

  [ Cyril Brulebois ]
  * Add myself to Uploaders.
  * Bump urgency to “high” for the RC bugfix. Thanks to Jakub Wilk as well
    for the report.

 -- Cyril Brulebois <kibi op debian.org>  Sat, 04 Sep 2010 14:32:30 +0200

libxmu (2:1.0.5-1) unstable; urgency=low

  [ Timo Aaltonen ]
  * New upstream release.
    + Fix 64bit support (closes: #521887)

  [ Julien Cristau ]
  * Bump Standards-Version to 3.8.3.

 -- Julien Cristau <jcristau op debian.org>  Wed, 25 Nov 2009 19:20:17 +0100

libxmu (2:1.0.4-2) unstable; urgency=low

  [ Julien Cristau ]
  * Drop -1 debian revisions from build-deps.
  * libxmu6{,-dbg}, libxmu-dev, libxmuu1{,-dbg} and libxmuu-dev don't need a
    dependency on x11-common.
  * Build libxmu-headers in binary-indep instead of binary-arch
    (closes: #486418).  Thanks, Martin Koeppe!
  * Run autoreconf on build; build-depend on automake, libtool, xutils-dev.
  * Handle parallel builds.

  [ Brice Goglin ]
  * Add a link to www.X.org and a reference to the upstream module
    in the long description.
  * Add upstream URL to debian/copyright.
  * Add README.source, bump Standards-Version to 3.8.2.
  * Use updated xsfbs, closes: #538587.
  * Move -dbg packages to section debug.

 -- Julien Cristau <jcristau op debian.org>  Fri, 07 Aug 2009 14:30:36 +0200

libxslt (1.1.26-6+squeeze3) stable-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Add patches to fix denial of service vulnerability (CVE-2012-6139)
    (Closes: #703933)

 -- Salvatore Bonaccorso <carnil op debian.org>  Tue, 26 Mar 2013 21:48:42 +0100

libxslt (1.1.26-6+squeeze2) stable-security; urgency=high

  * Patch to fix three CVEs (Closes: #689422):
    - CVE-2012-2870 by Daniel Veillard and Chris Evans
    - CVE-2012-2871 by Daniel Veillard
    - CVE-2012-2893 by Chris Evans

 -- Aron Xu <aron op debian.org>  Wed, 03 Oct 2012 00:02:59 +0800

libxslt (1.1.26-6+squeeze1) stable; urgency=low

  [ Daniel Veillard ]
  * Fix generate-id() to not expose object addresses
    CVE-2011-1202, Closes: #617413.

  [ Abhishek Arya ]
  * Fix some case of pattern parsing errors
    CVE-2011-3970, Closes: #660650.

  [ Chris Evans ]
  * [PATCH] Fix crash with unexpected DTD nodes in XSLT.
    CVE-2012-2825, Closes: #679283.

 -- Aron Xu <aron op debian.org>  Thu, 05 Jul 2012 11:31:18 +0800

libxslt (1.1.26-6) unstable; urgency=low

  * debian/python-libxslt1-dbg.preinst: Add preinst snippet to remove
    /usr/share/doc/python-libxslt1-dbg symlink on Ubuntu. This is an
    Ubuntu-only fix, but allows Ubuntu to just use the Debian package
    without further modifications.
    Closes: #587910

 -- Mike Hommey <glandium op debian.org>  Thu, 26 Aug 2010 11:42:01 +0200

libxslt (1.1.26-5) unstable; urgency=low

  * debian/rules: Avoid possible renaming of _d.so files to _d_d.so files in
    the install-python%-dbg rules.
  * debian/control:
    - Add missing dependency on python-libxml2-dbg to python-libxslt1-dbg.
    - Remove old Conflicts/Replaces for packages that have disappeared before
      etch.
    - Bump Standards-Version to 3.9.0.0.
    - Add Homepage.
    - Add Vcs-{Git,Browser} fields.

 -- Mike Hommey <glandium op debian.org>  Tue, 29 Jun 2010 12:38:30 +0200

libxslt (1.1.26-4) unstable; urgency=low

  * debian/rules:
    - Refactor configure-% and build-% rules.
    - Hack to link with -Wl,--as-needed.
  * debian/python-libxslt1.install: Don't hardcode site-/dist-packages in
    .install. Cope with builds which don't have any dist-packages (or
    site-packages) based python versions. Thanks Loïc Minier.
  * debian/control:
    - Add missing XB-Python-Version to python-libxslt1.
    - Mention the version of XSLT implemented. Closes: #579244.
    - Fix typo in libxslt1-dev package description. Closes: #579241.
  * debian/control, debian/python-libxslt1-dbg.install, debian/rules: Add a
    python-libxslt1-dbg package.
  * doc/xsltproc.xml, doc/xsltproc.1: Document what happens when there is
    no output and -o is specified. Closes: #539890.

 -- Mike Hommey <glandium op debian.org>  Mon, 28 Jun 2010 19:10:30 +0200

libxslt (1.1.26-3) unstable; urgency=low

  * debian/compat: Switch to debhelper compat level 7.
  * debian/control: Build depend on debhelper >= 7.0.50~.
  * debian/rules:
    + Remove old source and diff rules. They only displayed a message
      inviting to use dpkg-source -b.
    + Remove workarounds for modified and deleted files. The modified file
      is not modified anymore, and as we're not using svn-buildpackage we
      also don't care about deleted files anymore.
    + Trust dpkg-buildpackage to set the CFLAGS.
    + Change the way python libs are built. We now use configure to set
      different environment with and without python, and arrange things so
      that we don't have to build the base libxslt library several times.
    + Use a common cache for main and python configure passes.
    + Modify libexslt.la in place in debian/tmp.
    + Switch to dh.
    + Deduplicate in /usr/lib/pyshared, not
      /usr/lib/python-support/python-libxslt1.
  * debian/python-libxslt1.install: Install python files from
    /usr/lib/python*/dist-packages.
  * python/Makefile.am, python/Makefile.in, python/generator.py: Don't
    generate python API intermediate files in $srcdir.
  * debian/libxslt1-dev.install: Install libexslt.la with dh_install.

 -- Mike Hommey <glandium op debian.org>  Fri, 09 Apr 2010 15:18:51 +0200

libxslt (1.1.26-2) unstable; urgency=low

  * debian/control:
    + Add missing ${misc:Depends}.
    + Bump Standards-Version to 3.8.4.0.
    + Put libxslt1-dbg in section debug.
  * debian/libxslt1-dev.install: Install /usr/share/aclocal files.
    Closes: #569066.
  * debian/rules, debian/libxslt1.1.symbols: Add symbols file and bump
    shlibs. Closes: #563399.

 -- Mike Hommey <glandium op debian.org>  Mon, 22 Feb 2010 10:57:27 +0100

libxslt (1.1.26-1) unstable; urgency=low

  * New upstream release.
    + Allow both --xinclude and --output options at the same time in xsltproc.
      Closes: #497585.

 -- Mike Hommey <glandium op debian.org>  Fri, 25 Sep 2009 22:42:15 +0200

linux-latest-2.6 (29) unstable; urgency=low

  * Add xen-linux-system-2.6-* meta-packages (Closes: #402414)
  * Add bug presubj message for image meta packages directing users to the
    real image packages (Closes: #549591)
  * Fix repetition in description of linux-image-2.6-xen-amd64
    (Closes: #598648)
  * [x86] Correct lists of suitable processors

 -- Ben Hutchings <ben op decadent.org.uk>  Wed, 12 Jan 2011 01:57:08 +0000

linux-latest-2.6 (28) unstable; urgency=low

  * Move NEWS from linux-2.6, since apt-listchanges only shows it for
    upgraded packages
  * Add linux-tools-2.6 meta package
  * Change versions for linux-doc-2.6 and linux-source-2.6 to match those
    of the other meta packages

 -- Ben Hutchings <ben op decadent.org.uk>  Tue, 06 Jul 2010 14:39:54 +0100

linux-latest-2.6 (27) unstable; urgency=low

  * Really build linux-doc-2.6 and linux-source-2.6 meta packages

 -- Ben Hutchings <ben op decadent.org.uk>  Tue, 04 May 2010 02:23:44 +0100

linux-latest-2.6 (26) unstable; urgency=low

  [ Joachim Breitner ]
  * Create linux-doc-2.6 and linux-source-2.6 meta packages (Closes: 347284)

  [ Ben Hutchings ]
  * Update to 2.6.32-5.
  * Update standards-version to 3.8.4; no changes required.
  * Explicitly describe all packages as meta-packages.

 -- Ben Hutchings <ben op decadent.org.uk>  Tue, 04 May 2010 02:10:04 +0100

linux-latest-2.6 (25) unstable; urgency=high

  * Update package description templates in line with linux-2.6.
  * Update to 2.6.32-3.
  * Set urgency to 'high' since this must transition with linux-2.6.

 -- Ben Hutchings <ben op decadent.org.uk>  Wed, 10 Mar 2010 00:43:47 +0000

linux-latest-2.6 (24) unstable; urgency=low

  * Update to 2.6.32-2.

 -- Ben Hutchings <ben op decadent.org.uk>  Tue, 16 Feb 2010 21:43:50 +0000

linux-latest-2.6 (23) unstable; urgency=low

  * Update to 2.6.32-trunk.

 -- Ben Hutchings <ben op decadent.org.uk>  Thu, 17 Dec 2009 03:31:19 +0000

linux-latest-2.6 (22) unstable; urgency=low

  * Update to 2.6.31-1.

 -- Ben Hutchings <ben op decadent.org.uk>  Sun, 25 Oct 2009 18:33:06 +0000

linux-latest-2.6 (21) unstable; urgency=low

  [ Bastian Blank ]
  * Update to 2.6.30-2.

  [ Ben Hutchings ]
  * Add myself to uploaders.

 -- Ben Hutchings <ben op decadent.org.uk>  Sat, 03 Oct 2009 17:43:55 +0100

linux-latest-2.6 (20) unstable; urgency=low

  * Move into kernel section.
  * Update to 2.6.30-1.

 -- Bastian Blank <waldi op debian.org>  Mon, 29 Jun 2009 19:13:54 +0200

linux-latest-2.6 (19) unstable; urgency=low

  * Update to 2.6.29-2.
  * Use debhelper compat level 7.
  * Update copyright file.

 -- Bastian Blank <waldi op debian.org>  Sun, 10 May 2009 14:10:07 +0200

linux-latest-2.6 (18) unstable; urgency=low

  * Update to 2.6.29-1.
  * Use dh_prep.
  * Remove lenny transition packages.

 -- Bastian Blank <waldi op debian.org>  Sun, 26 Apr 2009 15:47:42 +0200

linux-latest-2.6 (17) unstable; urgency=low

  * Use correct part of the config for image type.
  * Add description parts to all image packages.

 -- Bastian Blank <waldi op debian.org>  Wed, 10 Dec 2008 13:25:41 +0100

linux-latest-2.6 (16) unstable; urgency=low

  * Rebuild to pick up new images

 -- Bastian Blank <waldi op debian.org>  Sun, 31 Aug 2008 18:42:36 +0200

linux-latest-2.6 (15) unstable; urgency=low

  * Update to 2.6.26-1.
  * Make linux-image-* complete meta packages.

 -- Bastian Blank <waldi op debian.org>  Mon, 04 Aug 2008 14:58:33 +0200

linux-latest-2.6 (14) unstable; urgency=low

  * Update to 2.6.25-2.

 -- Bastian Blank <waldi op debian.org>  Tue, 20 May 2008 13:28:45 +0200

linux-latest-2.6 (13) unstable; urgency=low

  * Add transitional packages for k7.

 -- Bastian Blank <waldi op debian.org>  Mon, 04 Feb 2008 10:22:13 +0100

linux-latest-2.6 (12) unstable; urgency=low

  * Update to 2.6.24-1.

 -- Bastian Blank <waldi op debian.org>  Thu, 31 Jan 2008 20:29:28 +0100

linux-latest-2.6 (11) unstable; urgency=low

  * Update to 2.6.22-3.

 -- Bastian Blank <waldi op debian.org>  Tue, 30 Oct 2007 15:50:30 +0100

linux-latest-2.6 (10) unstable; urgency=low

  * Update to 2.6.22-2.

 -- Bastian Blank <waldi op debian.org>  Thu, 06 Sep 2007 15:38:40 +0200

linux-latest-2.6 (9) unstable; urgency=low

  * Update to 2.6.22-1.

 -- Bastian Blank <waldi op debian.org>  Mon, 23 Jul 2007 14:13:49 +0200

linux-latest-2.6 (8) unstable; urgency=low

  * Update to 2.6.21-2.
  * Add modules meta packages.
  * Provide linux-latest-modules-*. (closes: #428783)

 -- Bastian Blank <waldi op debian.org>  Mon, 02 Jul 2007 14:22:21 +0200

linux-latest-2.6 (7) unstable; urgency=low

  * Update to 2.6.21-1.
  * Remove etch transition packages.

 -- Bastian Blank <waldi op debian.org>  Tue, 29 May 2007 14:26:20 +0200

linux-latest-2.6 (6) unstable; urgency=low

  * Update to 2.6.18-4.
  * i386: Add amd64 transition packages.

 -- Bastian Blank <waldi op debian.org>  Fri,  2 Feb 2007 17:45:58 +0100

linux-latest-2.6 (5) unstable; urgency=low

  * Update to 2.6.18-3.

 -- Bastian Blank <waldi op debian.org>  Thu, 30 Nov 2006 10:28:53 +0100

linux-latest-2.6 (4) unstable; urgency=low

  * Update to 2.6.18-2.

 -- maximilian attems <maks op sternwelten.at>  Tue,  7 Nov 2006 16:38:14 +0100

linux-latest-2.6 (3) unstable; urgency=low

  * Update linux-latest to 2.6.18.

 -- Frederik Schüler <fs op debian.org>  Mon,  2 Oct 2006 13:16:57 +0200

logrotate (3.7.8-6) unstable; urgency=low

  * New patch:
    + ucf-taboos.patch. Add common ucf files to default taboo list. Thanks
      to Noah Massey.

 -- Paul Martin <pm op debian.org>  Sat, 17 Apr 2010 22:01:47 +0100

logrotate (3.7.8-5) unstable; urgency=low

  * New patch:
    + parser571033.patch: fix the config parser to not get confused when
      a wildcard produces no results. (Closes: 571033)
  * Switch to dpkg-source 3.0 (quilt) format
  * Bump debhelper version to 7 (dh_clean -k -> dh_prep).
  * Update standards version to 3.8.4 (no changes).

 -- Paul Martin <pm op debian.org>  Sat, 20 Mar 2010 19:37:26 +0000

logrotate (3.7.8-4) unstable; urgency=high

  * New patch:
    + security-388608.patch: A race condition in the creation of 
      compressed and copied log files makes it possible to overwrite 
      arbitrary files by generating a link or symlink during a window 
      of opportunity between logrotate renaming a log file and creating 
      the copy of the next. (Closes: #388608) Once again, many thanks to
      Florian Zumbiehl for forcing me to think.
  * Uploading to unstable.

 -- Paul Martin <pm op debian.org>  Fri, 14 Aug 2009 23:22:04 +0100

logrotate (3.7.8-3) experimental; urgency=low

  * New patch:
    + nofollow.patch: If a logfile is a symlink, it may be read when
      being compressed, being copied (copy, copytruncate) or mailed.
      Secure data (eg. password files) may be exposed. Thanks to
      Florian Zumbiehl for getting me thinking about this one.

 -- Paul Martin <pm op debian.org>  Thu, 06 Aug 2009 16:35:41 +0100

logrotate (3.7.8-2) experimental; urgency=low

  * New patch:
    + create-388608.patch: Really squash the race condition for the 
      creation of compressed log files and the creation of new ones.
      (Closes: 388608)

 -- Paul Martin <pm op debian.org>  Tue, 04 Aug 2009 21:16:03 +0100

logrotate (3.7.8-1) experimental; urgency=low

  * New upstream release:
    - do not exit on status file errors
    - limit config file inclusion nesting
    - use hashes for status file handling (patch by Petr Tesarik 
      <ptesarik op suse.cz> and Leonardo Chiquitto)
    - dateformat to allow unixtime (patch by Sami Kerola <kerolasa op iki.fi>)
  * Upstream has taken some of our patches:
    - manpage.patch: partial uptake, updated
    - man-189243.patch: fully applied upstream
    - man-sizetypo.patch: fully applied upstream
    - man-overriden.patch: fully applied upstream
  * Added a watch file (but upstream has a redirect to https).
  * Upstream has also fixed createOutputFile to be more secure
    (Closes: #388608)
  * New Debian patch:
    + sharedscripts-519432.patch: Prerotate and postrotate scripts get the 
      list of rotated files passed to them as arguments. (Closes: #519432)
    + chown-484762.patch: If running as non-root, warn but don't abort if
      we can't chown the compressed log file. (Closes: #484762)
  * Update Standards-Version to 3.8.2. (No changes)

 -- Paul Martin <pm op debian.org>  Tue, 04 Aug 2009 15:18:18 +0100

logrotate (3.7.7-4) unstable; urgency=low

  * Update location of upstream in debian/copyright.

 -- Paul Martin <pm op debian.org>  Thu, 19 Feb 2009 11:54:07 +0000

logrotate (3.7.7-3) unstable; urgency=low

  * Fix sharedcycles. (Closes: #512152)

 -- Paul Martin <pm op debian.org>  Sun, 18 Jan 2009 00:48:49 +0000

logrotate (3.7.7-2) unstable; urgency=low

  * Upload to unstable.
  * Patches from upstream (3.7.7-4):
    + rh-curdir2.patch: logrotate would crash under SELinux.
    + rh-toolarge.patch: abort if the config file looks as though it 
      might be a huge log file, rather than segfaulting.
      (Closes: #435086)

 -- Paul Martin <pm op debian.org>  Wed, 17 Dec 2008 13:12:27 +0000

logrotate (3.7.7-1) experimental; urgency=low

  * New upstream release (based on upstream 3.7.7-1)
    + The source code has been run through "indent" which makes looking 
      for differences "interesting".
    + Debian patches no longer required:
      - compress-499502.patch: upstream has fix.
      - globfix-277652: upstream has a fix. In addition, logrotate will
        attempt to continue rather than stopping dead if there are any 
        errors in its config files. (Closes: #285858)
      - script-argument.patch: upstream has fixed this.
      - rh-dateext.patch: upstream has it.
      - rh-maxage.patch: upstream has it.
      - rh-noTMPDIR.patch: upstream has it.
      - rh-selinux.patch: upstream has it.
      - taboo-to-debug.patch: upstream has it.
      - scripterrors.patch: upstream has fix.
      - man-lastaction.patch: upstream has it.
      - man-mailtypo.patch: upstream has it.
      - man-rh-1.patch: upstream has it.
      - man-333996.patch: upstream has fix.
    + New features:
      - yearly rotations
      - minsize
      - optionally use shred when deleting files
      - dateformat, to control the date format when using dateext
      - Tabooexts can be wildcards.
    + Upstream fixes:
      - Manpage fixed for example using /var/log/news. (Closes: #339502)

  * dateext-504079.patch: If dateext is used with delaycompress and 
    mailfirst, the wrong filename (one that has compressext added) is 
    attempted to be mailed. (Closes: #504079,#433496)
  * dst.patch: Update to add the current "hour" to the struct tm, so 
    that DST changes don't cause the date to be off by one.
    (Closes: #416177)
  * Corrected upstream URL (Closes: #410420)
  * deb-taboos.patch: added .cfsaved to taboo list. (Closes: #463581)

 -- Paul Martin <pm op debian.org>  Fri, 07 Nov 2008 02:27:18 +0000

lsb (3.2-23.2squeeze1) testing-proposed-updates; urgency=high

  * Add Debian 6.0 codename (squeeze) to lsb_release.py.  (Closes: #609325)

 -- Chris Lawrence <lawrencc op debian.org>  Mon, 10 Jan 2011 20:39:12 -0600

lsb (3.2-23.1) unstable; urgency=low

  * Non-maintainer upload.
  * Fix dependencies of lsb-core on kfreebsd-* and hurd-* to make the
    package installable. Thanks to Aurelien Jarno for the patch and the
    bugreport.  (Closes: #539284)
  * Set XS-Python-Version to all to make lsb-release available for all
    supported Python versions. Thanks to Sandro Tosi for the bug report.
    (Closes: #570586)
  * Don't make lsb-core conflict with python (>= 2.6).

 -- Jakub Wilk <jwilk op debian.org>  Sun, 21 Mar 2010 15:39:47 +0100

lsb (3.2-23) unstable; urgency=low

  * Fix tests for $TERM in log_use_fancy_output().  (Closes: #537112, #536190)
  * Add libnss3-1d and libqt4-sql-sqlite to lsb-desktop dependencies.
    (Closes: #534277, #534452)
  * Properly trap open() failures in lsb_release.  (Closes: #521462)
  * Ignore empty arguments in /etc/lsb-release.  (Closes: #485565)
    May also fix #514041.
  * Better test for existant but unreadable PID file.  (Closes: #527890)
  * Add some punctuation to log_{warning,failure}_msg.  (Closes: #525684)
  * lsb-core depends on cups-bsd | lpr, since it is more likely that
    someone in 2009 will have CUPS installed already than want to use lpr
    instead.  (Closes: #512098)

 -- Chris Lawrence <lawrencc op debian.org>  Tue, 21 Jul 2009 04:03:41 -0500

lsb (3.2-22) unstable; urgency=low

  * Fix quoting of $PWD in start-stop-daemon call.  (Closes: #520499)

 -- Chris Lawrence <lawrencc op debian.org>  Fri, 20 Mar 2009 11:40:50 -0500

lsb (3.2-21) unstable; urgency=low

  * Provide lsb_release module for Python applications.  (Closes: #486262)
  * Change working directory to $PWD in start-stop-daemon, for better
    compatibility with LSB applications.  (Closes: #519817)
  * return 3 rather than 4 in pidofproc if a PID file is specified and
    the daemon is not found.  (Closes: #494623)
  * Improve handling of future testing versions unknown to lsb-release.
    Patch by Jan Muszynski (Closes: #517594).
  * Fix DeprecationWarning with Python 2.6; patch from Colin Watson and
    Anders Kaseorg.  (Closes: #517819)
  * Bypass guess_debian_release() if /etc/lsb-release is complete.
    Patch from Scott James Remnant.  (Closes: #511952)
  * 'time' was missing from lsb-core dependencies.  (Closes: #510488)
  * Demote lsb to a suggestion by lsb-release.  (Closes: #509611)

 -- Chris Lawrence <lawrencc op debian.org>  Thu, 19 Mar 2009 16:29:25 -0500

lvm2 (2.02.66-5) unstable; urgency=low

  * Remove old libdevmapper1.02 init script on upgrade. (closes: #549316)
  * Conflict against libdevmapper1.02.

 -- Bastian Blank <waldi op debian.org>  Sun, 23 Jan 2011 18:30:01 +0100

lvm2 (2.02.66-4) unstable; urgency=low

  * Make libdevmapper break old lvm2, it missuses the udev sync
    interface. (closes: #599596)
  * Make lvm2 break old grub-common. (closes: #588026)
  * Use correct binary name in clvm init script. (closes: #600089)

 -- Bastian Blank <waldi op debian.org>  Sat, 30 Oct 2010 18:04:20 +0200

lvm2 (2.02.66-3) unstable; urgency=high

  * Import upstream version 2.02.72:
    - CVE-2010-2526: Fix insecure communication between lvm2 and clvmd.
     (Closes: #591204)          
    - Only use single node clvm if explicitly requested.

 -- Bastian Blank <waldi op debian.org>  Thu, 19 Aug 2010 14:44:02 +0200

lvm2 (2.02.66-2) unstable; urgency=medium

  * Make libdevmapper1.02.1 depend on dmsetup. libdevmapper needs new enough
    udev rules, which needs dmsetup for now. (closes: #585786)
    - Set urgency to medium, as this can break the boot.

 -- Bastian Blank <waldi op debian.org>  Fri, 18 Jun 2010 11:39:39 +0200

lvm2 (2.02.66-1) unstable; urgency=low

  * New upstream version.
  * Define and use a union for semaphore access as mandated by the standard.
    (closes: #583677)
  * Don't longer overwrite names of dm devices.

 -- Bastian Blank <waldi op debian.org>  Fri, 04 Jun 2010 11:47:51 +0200

lvm2 (2.02.64-1) unstable; urgency=low

  * New upstream version.
  * Don't longer build static libraries.
  * Fix readline support. (closes: #575640)
  * Built-in cluster locking.
  * Build liblvm2app and liblvm2cmd. (closes: #564810)
  * Adopt some upstream udev rule changes.
  * Enable udev sync, remove explicit udev dependency, bump dmsetup dependency
    to get it working. (closes: #543163)

 -- Bastian Blank <waldi op debian.org>  Wed, 19 May 2010 13:33:09 +0000

lvm2 (2.02.62-1) unstable; urgency=low

  * New upstream version.
  * Use 3.0 (quilt) source format.
    - Fix permission of hook script. (closes: 569286)
  * Remove DM_HIDE from the documentation. (closes: #573154)

 -- Bastian Blank <waldi op debian.org>  Sat, 20 Mar 2010 18:09:20 +0100

lvm2 (2.02.54-1) unstable; urgency=low

  * New upstream version.
  * Remove notify rules, unused for now.
  * Add better documentation about the udev rules.
  * Update list of to be ignored hidden lvm subvolumes.
  * Make libdevmapper-dev depend against libselinux1-dev.
  * Update complete udev ruleset.
  * Remove conflict against devicekit-disks.
  * Use bash for new script.

 -- Bastian Blank <waldi op debian.org>  Fri, 06 Nov 2009 18:20:39 +0100

lvm2 (2.02.53-2) unstable; urgency=medium

  * Fix variable assignment in udev rules. (closes: #550100, RC bugfix)
  * Install udev rules into initramfs.
  * Add initramfs-tools hook to dmsetup.
  * Trigger initramfs update.

 -- Bastian Blank <waldi op debian.org>  Thu, 08 Oct 2009 18:17:43 +0200

lvm2 (2.02.53-1) unstable; urgency=low

  * New upstream version.
  * Make dmsetup conflicts against devicekit-disks, it duplicates the udev
    rules.
  * Add possibility to hide creation of extra symlinks via udev.
  * Ignore temporary cryptsetup devices.

 -- Bastian Blank <waldi op debian.org>  Wed, 30 Sep 2009 05:27:35 +0200

lvm2 (2.02.52-1) unstable; urgency=low

  * New upstram version.
  * Fix clvm init script. (closes: #542169)
  * Remove dmsetup export support, unused.

 -- Bastian Blank <waldi op debian.org>  Fri, 18 Sep 2009 17:44:29 +0000

lvm2 (2.02.51-4) unstable; urgency=low

  * Fix version in conffile removal. (closes: #542942)
  * Add example udev rules file for permission setup. (closes: #450793)

 -- Bastian Blank <waldi op debian.org>  Sun, 06 Sep 2009 13:40:08 +0200

lvm2 (2.02.51-3) unstable; urgency=low

  * Remove obsolete udev rule files. (closes: #542942)
  * Add Homepage and Vcs-{Browser,Svn} fields. (closes: #486552, #516486)
  * Apply upstream patch for pvcreate breakage. (closes: #542702)

 -- Bastian Blank <waldi op debian.org>  Sat, 05 Sep 2009 14:02:48 +0200

lvm2 (2.02.51-2) unstable; urgency=low

  * Make mapper/* the real device, dm-* a symlink. (closes: #542422)

 -- Bastian Blank <waldi op debian.org>  Thu, 20 Aug 2009 21:23:14 +0200

lvm2 (2.02.51-1) unstable; urgency=low

  * New upstream version.
  * Add multipath as prereq of initramfs-tools script. (closes: #511903)
  * Don't explicitly load special dm modules in initramfs-tools script.
  * Fix dependencies of init script for mdadm and multipath-tools.
    (closes: #514665, #532661)
  * Add new libdevmapper symbols.
  * Forcible remove old lvm init script.
  * Update udev rules, but not enable udev sync yet.
    - Use blkid. (closes: #541885)
    - Make lvm2 depend on dmsetup.
    - Make dmsetup depend on new util-linux for blkid.
    - Make dmsetup depend on udev.
  * Install fsadm.
  * Use dmsetup name split support in initramfs-tools script.
  * Only enable needed LVs in initramfs-tools script.

 -- Bastian Blank <waldi op debian.org>  Mon, 17 Aug 2009 17:29:04 +0000

lvm2 (2.02.44-3) unstable; urgency=low

  * Merge remaining settings for devmapper.
    - Fix device group and mode. (closes: #518361)
    - Disable selinux support in udeb. (closes: #518527)

 -- Bastian Blank <waldi op debian.org>  Tue, 10 Mar 2009 11:32:36 +0100

lvm2 (2.02.44-2) unstable; urgency=low

  * Fix implicit pointer conversion. (closes: #516867)
  * Drop unused ncurses dependency.

 -- Bastian Blank <waldi op debian.org>  Sat, 28 Feb 2009 11:51:01 +0100

lvm2 (2.02.44-1) unstable; urgency=low

  * New upstream version.
    - Merge devmapper sources.
  * Add devmapper binary packages.
  * Use debhelper compat level 7.
  * Add new libdevmapper symbols.
  * Update copyright file.

 -- Bastian Blank <waldi op debian.org>  Mon, 23 Feb 2009 20:51:17 +0100

lynx-cur (2.8.8dev.5-1) unstable; urgency=high

  * New upstream release.  This should fix a security bug so urgency=high.
  * Fixed a security bug, CVE-2010-2810  (Closes: #594300)
  * A fix for #592078 with patch-3 is not necessary so removed it.
  * Some bugs forgotten to be closed.
   - unable to reproduce. (Closes: #575922)
   - a problem of gnutls. (Closes: #592718)
   - if necessary, please reopen. (Closes: #490265)
   - only a report of a patch for 2.8.7dev9-1.1 (Closes: #489360)

 -- Atsuhito KOHDA <kohda op debian.org>  Thu, 26 Aug 2010 09:50:33 +0900

lynx-cur (2.8.8dev.4-3) unstable; urgency=low

  * Applied a patch from the upstream.  (Closes: #592078)

 -- Atsuhito KOHDA <kohda op debian.org>  Mon, 09 Aug 2010 11:06:00 +0900

lynx-cur (2.8.8dev.4-2) unstable; urgency=low

  * Applied a patch from the upstream (Mon, 28 Jun 2010 20:32:58 -0400 (EDT)).

 -- Atsuhito KOHDA <kohda op debian.org>  Tue, 29 Jun 2010 09:44:13 +0900

lynx-cur (2.8.8dev.4-1) unstable; urgency=low

  * New upstream release.

 -- Atsuhito KOHDA <kohda op debian.org>  Sat, 26 Jun 2010 12:19:47 +0900

lynx-cur (2.8.8dev.3-3) unstable; urgency=low

  * Fixed a problem of ssl connection by a patch from the upstream.
    Closes: #579501

 -- Atsuhito KOHDA <kohda op debian.org>  Thu, 06 May 2010 10:48:26 +0900

lynx-cur (2.8.8dev.3-2) unstable; urgency=low

  * Fixed a small error in 2.8.8dev.3

 -- Atsuhito KOHDA <kohda op debian.org>  Tue, 27 Apr 2010 20:45:15 +0900

lynx-cur (2.8.8dev.3-1) unstable; urgency=low

  * New Upstream Release.
   - modify print_wwwfile_to_fd() to add field values to the printed form
     Closes: #574940
   - correct a place where LYStrExtent2 was used where byte-count is needed
     Closes: #561363

 -- Atsuhito KOHDA <kohda op debian.org>  Mon, 26 Apr 2010 15:22:19 +0900

lynx-cur (2.8.8dev.2-1.1) unstable; urgency=low

  * Non-maintainer upload.
  * Dropped empty lynx-cur-wrapper.postrm
  * Fix pending l10n issues. Debconf translations:
    - Finnish (Esko Arajärvi).  Closes: #537446

 -- Christian Perrier <bubulle op debian.org>  Fri, 19 Mar 2010 06:42:57 +0100

lynx-cur (2.8.8dev.2-1) unstable; urgency=low

  * New Upstream Release.
   - modify trimming of URI in LYSetCookie() to eliminate trimming of 
     final leaf  (Closes: #460108)
  * Updated rules, control and patches files.
  * Changed lynx.cfg and now we set LOCALE_CHARSET:TRUE
  * Added libidn11-dev to Build-Depends to fix #541694  (Closes: #541694)

 -- Atsuhito KOHDA <kohda op debian.org>  Sun, 19 Dec 2009 20:04:44 +0900

lynx-cur (2.8.8dev.1-1) unstable; urgency=low

  * New Upstream Release.
   - add optional support for IDNA using GNU libidn (Closes: #352596)
   - ignore LEFT-TO-RIGHT-MARK (U+200E) in HTML files (Closes: #408835)
   - correct check for return-value from gnutls_certificate_verify_peers2(),
     which caused some sites to be treated as if they were version-1 X.509 CAs
     (Closes: #231609)
   - change compiled-in default for SYSLOG_REQUESTED_URLS to false.
     (Closes: #537907)

 -- Atsuhito KOHDA <kohda op debian.org>  Mon, 31 Aug 2009 20:04:44 +0900

lynx-cur (2.8.7rel.1-1) unstable; urgency=low

  * New Upstream Release.
  * Linked against libbsd to fix a security problem.  (Closes: #532520)

 -- Atsuhito KOHDA <kohda op debian.org>  Wed,  8 Jul 2009 21:08:12 +0900

lynx-cur (2.8.7pre6-1) unstable; urgency=low

  * New Upstream Release.

 -- Atsuhito KOHDA <kohda op debian.org>  Wed, 24 Jun 2009 12:24:37 +0900

lynx-cur (2.8.7pre5-1) unstable; urgency=low

  * New Upstream Release.

 -- Atsuhito KOHDA <kohda op debian.org>  Sun,  7 Jun 2009 21:50:20 +0900

lynx-cur (2.8.7pre4-1) unstable; urgency=low

  * New Upstream Release.
   - amend fix for Debian #388622  (Closes: #388622)
   - suppress check for "disabled" attribute in a select, as a workaround
     (Closes: #525934)
   - accommodate (in)compatibility "feature" in HTML5 draft  (Closes: #514897)
   - Sanitize build-dependencies.  Applied suggested patch which I forgot 
     to do in former versions.  (Closes: #481767)
  * Sanitize build-dependencies.  Removed exim4, bzip2, unzip, zip also.
     There remain sharutils, telnet, openssh-client now.
  * Uncomment SSL_CERT_FILE line in lynx.cfg  (Closes: #529482)

 -- Atsuhito KOHDA <kohda op debian.org>  Wed, 27 May 2009 12:44:09 +0900

lynx-cur (2.8.7pre2-1) unstable; urgency=low

  * New Upstream Release.
   - modify Lynx's DTD information.  (Closes: #398986)
   - correct length of padding with underscores.  (Closes: #519199)
   - fix a few cases where PUTC's intended for pretty-src would display in the
     HTML view.  (Closes: #521489)
  * Can use persistent cookies now but please edit /etc/lynx-cur/lynx.cfg
    and make it looks as "PERSISTENT_COOKIES:TRUE"  (Closes: #426481)
  * Updated patch-1 so it should be applied cleanly.
  * Fixed typo in 2.8.7pre1-1 changelog.

 -- Atsuhito KOHDA <kohda op debian.org>  Fri, 01 May 2009 13:02:04 +0900

lynx-cur (2.8.7pre1-1) unstable; urgency=low

  * New Upstream Release.
  * Changed default setting in lynx.cfg "SHOW_CURSOR:TRUE" for test.
    There could be more smart way however.  (Closes: #516726)

 -- Atsuhito KOHDA <kohda op debian.org>  Sun, 22 Mar 2009 18:14:38 +0900

lynx-cur (2.8.7dev13-1) unstable; urgency=low

  * New Upstream Release.
  * Stopped to apply patches/patch-2 which was unnecessary anymore.

 -- Atsuhito KOHDA <kohda op debian.org>  Mon, 02 Feb 2009 19:57:58 +0900

lynx-cur (2.8.7dev12-2) unstable; urgency=low

  * Fixed broken UTF-8 displaying in local files with dev12.
    The patch is fetched from lynx-dev ML and stored in patches/patch-2.

 -- Atsuhito KOHDA <kohda op debian.org>  Tue, 20 Jan 2009 09:50:51 +0900

lynx-cur (2.8.7dev12-1) unstable; urgency=low

  * New Upstream Release.
  * Removed unnecessary patch-2 and updated patch-1
  * Fixed Description, i.e. removed reference to lynx.  (Closes: #509929)
  * It seemed I forgot to close #258859 which was fixed long time ago. 
    (Closes: #258859)
  * Clean up preinst a bit.

 -- Atsuhito KOHDA <kohda op debian.org>  Fri, 02 Jan 2009 20:48:55 +0900

lynx-cur (2.8.7dev11-2) unstable; urgency=low

  * Fix HTFile.c with a patch of Thomas Dickey.  (Closes: #509321)
  * Fix lynx.cur.wrapper so that it will read the default lynx.cfg
    (Closes: #509411)

 -- Atsuhito KOHDA <kohda op debian.org>  Tue, 23 Dec 2008 17:08:55 +0900

lynx-cur (2.8.7dev11-1) unstable; urgency=low

  * New Upstream Release (2.8.7dev11).  Also applied lynx2.8.7dev.11a.patch.
  * A patch of Thomas Viehmann was merged in the upstream so removed it
    from debian/patches/00list file.

 -- Atsuhito KOHDA <kohda op debian.org>  Thu, 18 Dec 2008 22:03:36 +0900

lynx-cur (2.8.7dev10-5) unstable; urgency=low

  * Fixed postinst and now a handling of local.cfg should be correct.
    (Closes: #492468) 

 -- Atsuhito KOHDA <kohda op debian.org>  Sun, 23 Nov 2008 07:51:09 +0900

lynx-cur (2.8.7dev10-4) unstable; urgency=low

  * Oops, I overlooked Thomas Viehmann's upload and fix.  Sorry Thomas!
  * Reduced Build-Dependency.  (Closes: #506210)
  * Added Homepage in control.  (Closes: #506278)

 -- Atsuhito KOHDA <kohda op debian.org>  Fri, 21 Nov 2008 09:02:02 +0900

lynx-cur (2.8.7dev10-3) unstable; urgency=low

  * Fixed postinst so that it didn't touch local.cfg if it wasn't a regular
    file.  (Closes: #492468)

 -- Atsuhito KOHDA <kohda op debian.org>  Fri, 26 Sep 2008 12:38:16 +0900

lynx-cur (2.8.7dev10-2.1) unstable; urgency=medium

  * Non-maintainer upload.
  * fix src/tidy_tls.c X509_get_issuer_name to actually take the issuer
    DN of the present certificate and not hope that it is the same as
    taking the subject DN of the "next" certificate which
    may or may not exist. Closes: #499945
    This is debian/patches/patch-3.

 -- Thomas Viehmann <tv op beamnet.de>  Fri, 03 Oct 2008 23:24:41 +0200

lynx-cur (2.8.7dev10-2) unstable; urgency=low

  * Installed new (dummy) lynx-cur-wrapper.postrm because an old version,
    which was empty, caused an error.

 -- Atsuhito KOHDA <kohda op debian.org>  Thu, 25 Sep 2008 08:11:00 +0900

lynx-cur (2.8.7dev10-1) unstable; urgency=low

  * New Upstream Release.
   - modify initial active link in download-page (Closes: #376259)
   - revise introductory comment written to ".lynxrc" (Closes: #461158)
   - suppress computation in TrimmedLength() for source-view (Closes: #204515)
   - adapt/extend parsdate.y from tin to improve parsing of cookie expiration
     times (Closes: #480144)

 -- Atsuhito KOHDA <kohda op debian.org>  Wed, 24 Sep 2008 11:55:24 +0900

mailagent (1:3.1-65-2) unstable; urgency=low

  * Bug fix: "postinst fails if debconf question skipped", thanks to Aaron
    M. Ucko                                               (Closes: #553628).

 -- Manoj Srivastava <srivasta op debian.org>  Sun, 01 Nov 2009 21:32:56 -0600

mailagent (1:3.1-65-1) unstable; urgency=low

  * New upstream release.
    + Do not propagate Followup-To headers via POST, unless the value is
      "poster". Indeed, INN2 will reject the article if the newsgroup
      listed there is invalid. 
    + Be more picky about message IDs used for news: ensure there is but
      one "@".
    + Be even stricter with X- headers in POST: only let a few selected
      ones through.
    + Have POST strip more headers from the message, since INN2 will reject
      the message anyway if they are present.

 -- Manoj Srivastava <srivasta op debian.org>  Sat, 31 Oct 2009 02:46:47 -0500

mailagent (1:3.1-56-1) unstable; urgency=low

  * New upstream VCS snapshot.
    + Protect against SIGPIPE during BOUNCE and FORWARD, relying on the
      exit code at close() time to detect failures. (closes: #267879)
    + Make sure we suggest the use of "-i" in mailopt when they use
      sendmail. Automatically protect lines with a single "." when they
      did not supply -i to avoid failure of FORWARD and BOUNCE commands.
                                                     (Closes: #128114)

 -- Manoj Srivastava <srivasta op debian.org>  Tue, 02 Sep 2008 23:50:40 -0500

mailagent (1:3.1-24-2) unstable; urgency=high

  * Swedish strings for mailagent debconf, thanks to
    brother op bsnet.se. This is an i18n upload.      Closes: #491775

 -- Manoj Srivastava <srivasta op debian.org>  Tue, 02 Sep 2008 23:09:35 -0500

mailman (1:2.1.13-5) stable-security; urgency=high

  * Upload to stable to fix security issue.
  * CVE-2011-0707: Cross site scripting in subscriber names.

 -- Thijs Kinkhorst <thijs op debian.org>  Wed, 16 Feb 2011 20:36:49 +0100

mailman (1:2.1.13-4.1) unstable; urgency=high

  * Non-maintainer upload.
  * debian/patches
    - (83): New. CVE-2010-3089 security fix from mailman 2.14. Patch
      thanks to <d+deb op vdr.jp> (grave, security; Closes: #599833).

 -- Jari Aalto <jari.aalto op cante.net>  Sat, 16 Oct 2010 08:46:55 +0300

mailman (1:2.1.13-4) unstable; urgency=medium

  * Fix permissions on /var/lib/mailman/archives/private, so
    archiving works again. Problem introduced in 1:2.1.12-3.
  * Fix invocation of update-rc.d which yields an error when
    not using dependency-based boot (closes: #590249).
  * Checked for policy 3.9.1, no changes needed.

 -- Thijs Kinkhorst <thijs op debian.org>  Tue, 27 Jul 2010 22:56:03 +0200

mailman (1:2.1.13-3) unstable; urgency=low

  * Drop unneeded Indexes option from shipped apache.conf.
  * Eliminate update_rc.d warning by not passing runlevel 1 at stop.
  * Add 25_site_logo patch by Paul Wise (closes: #267243).
  * Do not compress PDF's under /u/s/d/mailman (closes: #582259).
  * Back up ./configure before running autoconf, so it can be restored
    in clean as not to generate irrelevant diff.gz content.
  * Switch to dpkg-source 3.0 (quilt) format.
  * Checked for policy 3.9.0, no changes needed.

 -- Thijs Kinkhorst <thijs op debian.org>  Tue, 13 Jul 2010 21:35:40 +0200

mailman (1:2.1.13-2) unstable; urgency=low

  * postfix-to-mailman.py: check for list existence before stripping off
    administrative suffixes, making it also work for mailing list names
    ending in e.g. -admin. Thanks Axel Beckert for the patch!
    (Closes: #570548)
  * Checked for policy 3.8.4, no changes.
  * Minor fixes pointed out by Lintian.

 -- Thijs Kinkhorst <thijs op debian.org>  Sat, 20 Mar 2010 21:57:55 +0100

mailman (1:2.1.13-1) unstable; urgency=low

  * New upstream release. Patches incorporated:
    - 16_update_debian (partially)
    - 30_pipermail_threads
    - 65_handle_templates_directories
    - 77_header_folding_in_attachments
  * Remove msgfmt.py, only used at build-time (closes: #555416).
  * Remove adduser calls for 'list' user. Base-passwd guarantees it
    to be available, and trying to add it if it were not present may
    lead to inconsistencies regarding expectations for that user.
  * Document second parameter of postfix-to-mailman.py to be
    ${mailbox}, effectively reverting inappropriate fix for #305762
    (closes: #549224).

 -- Thijs Kinkhorst <thijs op debian.org>  Thu, 31 Dec 2009 15:50:29 +0100

mailman (1:2.1.12-3) unstable; urgency=low

  * Remove potentially long running 'find' command in postinst, as
    permissions are already set correctly in the deb. Thanks Paul
    Slootman (closes: #544046).
  * Add Slovak debconf translation, thanks Ivan Masár (closes: #531576).
  * Update 30_pipermail_threads patch to use sequence ID instead of
    message ID, avoids thread breakage in archives. Thanks
    Mark Sapiro.
  * Checked for policy 3.8.3, no changes necessary.

 -- Thijs Kinkhorst <thijs op debian.org>  Sun, 27 Sep 2009 17:36:01 +0200

mailman (1:2.1.12-2) unstable; urgency=low

  [ Lionel Elie Mamane ]
  * README.Exim4.Debian: add debug_print statements
  * apply fix from upstream to 77_header_folding_in_attachments
    to fix bug it introduces: messages with lines starting with
    "From" are split into several messages in the archive.
  * Use autoconf >= 2.50, not 2.13
  * Ensure Mailman locks directory exists before calling update
    (Closes: #513988).

  [ Thijs Kinkhorst ]
  * Apply patch from Tanguy Ortolo updating postfix-to-mailman
    instructions to avoid backscatter mail (Closes: #520040).
  * Remove obsolete unicodify_archives for upgrading sarge->etch.

 -- Lionel Elie Mamane <lmamane op debian.org>  Fri, 22 May 2009 11:09:49 +0200

mailman (1:2.1.12-1) unstable; urgency=low

  * New upstream release.
    + Minimum Python version is now 2.4.
    + Patches obsoleted (incorporated or not useful anymore):
      00_stolen_from_HEAD,
      11_handle_propfind.patch,
      32_MIME_fixup,
      62_new_list_bad_pending_requests,
      67_update_handle_old_versions,
      68_update_catalan,
      78_DeprecationWarning,
      80_fix_string_search.
      Refresh all others. Many thanks to Mark Sapiro and
      Paul Wise for the help in cleaning this up.
    + Fixes bounce handling NotAMemberError (closes: #517997).
  * Various packaging cleanups, upgrade debhelper to level 7.
  * Removes embedded copy of pythonlib/email module.
  * Checked for policy 3.8.1, remove shipped var/{run,lock}
    dirs, they are already created correctly by the init script.

 -- Thijs Kinkhorst <thijs op debian.org>  Sat, 14 Mar 2009 14:18:16 +0100

mawk (1.3.3-15) unstable; urgency=high

  * Fix debian/copyright to correctly list the license as GPLv2, not GPLv2
    or later.  Closes: #536689

 -- Steve Langasek <vorlon op debian.org>  Mon, 27 Jul 2009 11:26:47 -0700

mawk (1.3.3-14) unstable; urgency=low

  * Build-Conflict with byacc, as the current version doesn't appear to be
    compatible with mawk; though we ought to fix the upstream build rules
    to not check for byacc first in this case, this is an ok fix for now.
    Closes: #509832.

 -- Steve Langasek <vorlon op debian.org>  Fri, 26 Dec 2008 16:17:53 -0800

mawk (1.3.3-13) unstable; urgency=low

  * New maintainer; closes: #496711.
  * Drop versioned gcc build-dependency, which has been satisfied since
    before oldstable.
  * debian/rules: fix up clean target to use a simpler, standard distclean
    call, fixing a lintian warning.
  * debian/rules: future-proof the clean target for patch interaction
    with the build system, moving all the cleaning into a
    "clean-patched" target that fires before the unpatch target

 -- Steve Langasek <vorlon op debian.org>  Wed, 27 Aug 2008 10:03:33 -0700

mawk (1.3.3-12) unstable; urgency=low

  * New maintainer; closes: 496711
  * Fix the following lintian issues:
    W: ancient-standards-version 3.5.10.0 (current is 3.8.0)
    W: mawk: unknown-section base
    W: mawk: old-fsf-address-in-copyright-file

 -- Anibal Monsalve Salazar <anibal op debian.org>  Wed, 27 Aug 2008 17:41:50 +1000

module-init-tools (3.12-2+b1) squeeze; urgency=low

  * Binary-only non-maintainer upload for i386; no source changes.
  * Rebuild in a clean environment

 -- i386 Build Daemon (murphy) <buildd_i386-murphy op buildd.debian.org>  Mon, 23 Jan 2012 01:09:54 +0000

module-init-tools (3.12-2) stable; urgency=low

  * Backported upstream commit 3328d17 to support 3.x kernels.

 -- Marco d'Itri <md op linux.it>  Sun, 30 Oct 2011 03:09:19 +0100

module-init-tools (3.12-1) unstable; urgency=low

  * New upstream release.
    + modprobe -o is not supported anymore.
    + Added support for modules.devname for the benefit of udev.

 -- Marco d'Itri <md op linux.it>  Sun, 27 Jun 2010 22:18:36 +0200

module-init-tools (3.12~pre2-3) unstable; urgency=high

  * Fixed spurious output of modprobe. (Closes: #574584, #574797)

 -- Marco d'Itri <md op linux.it>  Thu, 15 Apr 2010 03:04:10 +0200

module-init-tools (3.12~pre2-2) unstable; urgency=high

  * Fixed an init scripts dependency loop introduced in -1. (Closes: #574535)

 -- Marco d'Itri <md op linux.it>  Mon, 22 Mar 2010 12:21:18 +0100

module-init-tools (3.12~pre2-1) unstable; urgency=medium

  * New upstream snapshot.

 -- Marco d'Itri <md op linux.it>  Fri, 12 Mar 2010 19:39:28 +0100

module-init-tools (3.12~pre1-1) unstable; urgency=low

  * New upstream snapshot.

 -- Marco d'Itri <md op linux.it>  Tue, 26 Jan 2010 22:51:50 +0100

module-init-tools (3.11-1) unstable; urgency=low

  * New upstream release.
    + Fixes a fork bombing issue with kernels <= 2.6.19. (Closes: #524940)
  * Removed a bashism from the init script. (Closes: #547754)

 -- Marco d'Itri <md op linux.it>  Sat, 17 Oct 2009 00:39:38 +0200

module-init-tools (3.10-3) unstable; urgency=high

  * Remove for real this time the architecture-specific aliases for
    architectures != i386. (Closes: #543616)

 -- Marco d'Itri <md op linux.it>  Wed, 26 Aug 2009 14:36:27 +0200

module-init-tools (3.10-2) unstable; urgency=low

  * Do not fail in preinst if the arch directory does not exist.
    (Closes: #542357)

 -- Marco d'Itri <md op linux.it>  Thu, 20 Aug 2009 23:44:38 +0200

module-init-tools (3.10-1) unstable; urgency=low

  * New upstream release.
  * After two years removed /sbin/update-modules to break the packages
    still trying to use it. (Closes: #539988)
  * Removed the architecture-specific aliases. If your platform needs one
    you will have to fix the kernel instead.
  * Removed patch ignore_arch_directory.
  * Renamed /etc/modprobe.d/aliases to /etc/modprobe.d/aliases.conf.
  * Removed patch suppress_conf_warnings.
  * Make sure that the man pages are regenerated. (Closes: #523837)

 -- Marco d'Itri <md op linux.it>  Mon, 17 Aug 2009 23:47:30 +0200

module-init-tools (3.9-2) unstable; urgency=medium

  * Fixed a postinst failure on some architectures. (Closes: #533174)
  * Added a 60 seconds sleep in update-modules to annoy whoever may still
    be using it.

 -- Marco d'Itri <md op linux.it>  Mon, 15 Jun 2009 15:57:45 +0200

module-init-tools (3.9-1) unstable; urgency=medium

  * New upstream release.
  * /etc/modprobe.d/aliases: load ehci-hcd using --use-blacklist.
    (Closes: #521331)
  * Documented the -m option of depmod. (Closes: #523837)
  * Removed the obsolete parts from the code supporting architecture-specific
    alias files. (Closes: #532548)

 -- Marco d'Itri <md op linux.it>  Mon, 15 Jun 2009 04:00:20 +0200

module-init-tools (3.7-pre9-1) unstable; urgency=medium

  * Since we are already providing workarounds for kernel shortcomings,
    add to the aliases file directives to load ehci-hcd before the other
    HCD drivers. (Closes: #500001)
  * docbook-to-man build-dependency replaced by docbook-utils which is
    less broken.
  * debhelper version upgraded from 4 to 5.

 -- Marco d'Itri <md op linux.it>  Fri, 13 Mar 2009 00:42:17 +0100

module-init-tools (3.7-pre5-1) unstable; urgency=low

  * New upstream snapshot.
    + Fixed some issues when modprobing multiple modules.
      (Closes: #321662, #500035, #504088)
    + Removed modules file locking. (Closes: #414711)
  * Install the architecture-specific aliases on i386 systems using a
    64 bit kernel. (Closes: #517958)
  * Added patch suppress_conf_warnings: suppress .conf warnings for our
    own files. (Closes: #517954)
  * Escaped the backslashes in the man pages to work around some
    unexplained brokeness in docbook-to-man. (Closes: #517924) 

 -- Marco d'Itri <md op linux.it>  Tue, 03 Mar 2009 17:55:42 +0100

module-init-tools (3.7-pre2-1) unstable; urgency=low

  * New upstream snapshot. (Closes: #506557)
    + Reads the configuration files in a deterministic order. (Closes: #397765)
    + Mentions modinfo(8) in other man pages. (Closes: #486716)
    + Documents the -b modprobe argument. (Closes: #491437)
  * Added patch no_maps_by_default: stop building the maps files by default
    and see what happens.
  * Removed patch runparts_like_names which has been replaced by a similar
    official feature.
  * Removed a wrong vcs-git URL. (Closes: #504090)
  * Fixed the URL in the debian/watch file. (Closes: #506367)
  * Commented some redundant module aliases.
  * Tries harder to clean up the old diversions. (Closes: #509575)
  * Removed support for /lib/modules/boot/.

 -- Marco d'Itri <md op linux.it>  Mon, 02 Mar 2009 23:07:40 +0100

mysql-5.1 (5.1.66-0+squeeze1) stable-security; urgency=high

  * SECURITY UPDATE: Unspecified vulnerabilities identified by Oracle in
    all versions of MySQL 5.1 earlier than 5.1.66.
    CVE-2012-3163 CVE-2012-3158 CVE-2012-3177 CVE-2012-3166 CVE-2012-3173
    CVE-2012-3150 CVE-2012-3180 CVE-2012-3167 CVE-2012-3197 CVE-2012-3160
  * SECURITY UPDATE: Fix a buffer overflow in MySQL versions 5.1.66
    and earlier which allows an authenticated user to crash the server or
    execute arbitrary code with the privileges of the mysqld process.
    Found by the MariaDB development team. CVE-2012-5611

 -- Clint Byrum <clint op ubuntu.com>  Wed, 28 Nov 2012 15:18:32 -0800

mysql-5.1 (5.1.63-0+squeeze1) stable-security; urgency=high

  * SECURITY UPDATE: Unspecified vulnerabilities identified by Oracle:
    CVE-2012-0583 CVE-2012-1688 CVE-2012-1690 CVE-2012-1703.
    (Closes: 670636)
  * SECURITY UPDATE: New upstream version fixes authentication bypass.
    CVE-2012-2122 (Closes: #677018) 
  * d/rules: Change get-orig-source to a working mirror.
  * Source also properly downloaded/repacked with get-orig-source
    to remove non DFSG compliant Docs files.

 -- Clint Byrum <clint op ubuntu.com>  Tue, 12 Jun 2012 06:12:57 -0700

mysql-5.1 (5.1.61-0+squeeze1) stable-security; urgency=high

  * SECURITY UPDATE: Unspecified vulnerabilities identified by Oracle.
    in all versions of MySQL 5.1 earlier than 5.1.61. CVE list is as
    follows: CVE-2011-2262 CVE-2012-0075 CVE-2012-0087 CVE-2012-0101
    CVE-2012-0102 CVE-2012-0112 CVE-2012-0113 CVE-2012-0114 CVE-2012-0115
    CVE-2012-0116 CVE-2012-0118 CVE-2012-0119 CVE-2012-0120 CVE-2012-0484
    CVE-2012-0485 CVE-2012-0490 CVE-2012-0492. (Closes: #659687)
  * d/patches/61_CVE* - Removed as the new upstream version carries all of
    these fixes.
  * d/patches/99_fix_testsuite_for_installed_env.dpatch: Superseded
    upstream.
  * Upstream removed the file file EXCEPTIONS-CLIENT from their tarballs,
    however the exception is still granted.

 -- Clint Byrum <clint op ubuntu.com>  Sat, 03 Mar 2012 08:21:27 -0800

mysql-5.1 (5.1.49-3) unstable; urgency=high

  * SECURITY UPDATE: denial of service via incorrect propagation of type
    errors.
    - debian/patches/61_CVE-2010-3833.dpatch: properly check for execution
      errors in sql/item_func.cc. Add tests to mysql-test/*.
    - CVE-2010-3833
  * SECURITY UPDATE: denial of service via derived table materializing.
    - debian/patches/61_CVE-2010-3834.dpatch: handle temporary tables in
      sql/field.cc, sql/sql_select.*. Add tests to mysql-test/*.
    - CVE-2010-3834
  * SECURITY UPDATE: denial of service via user-variable assignment
    expression.
    - debian/patches/61_CVE-2010-3835.dpatch: fix logic in sql/item_func.*,
      Add tests to mysql-test/*.
    - CVE-2010-3835
  * SECURITY UPDATE: denial of service via pre-evaluation of LIKE
    predicates during view preparation.
    - debian/patches/61_CVE-2010-3836.dpatch: make sure we're not in view
      preparation mode in sql/item_cmpfunc.cc. Add tests to mysql-test/*.
    - CVE-2010-3836
  * SECURITY UPDATE: denial of service via use of GROUP_CONCAT() and
    WITH ROLLUP together.
    - debian/patches/61_CVE-2010-3837.dpatch: create a copy of the order
      structures in sql/item_sum.cc, sql/table.h. Add tests to
      mysql-test/*.
    - CVE-2010-3837
  * SECURITY UPDATE: denial of service via longblob and union or update
    with subquery.
    - debian/patches/61_CVE-2010-3838.dpatch: handle REAL_RESULT in
      sql/item_func.cc. Add tests to mysql-test/*.
    - CVE-2010-3838
  * SECURITY UPDATE: denial of service via certain queries with nested
    joins.
    - debian/patches/61_CVE-2010-3839.dpatch: fix nesting in
      sql/sql_select.cc. Add tests to mysql-test/*.
    - CVE-2010-3839
  * SECURITY UPDATE: denial of service via PolyFromWKB() function and
    improper data.
    - debian/patches/61_CVE-2010-3840.dpatch: improve data handling in
      sql/spatial.cc. Add tests to mysql-test/*.
    - CVE-2010-3840

  * Patches and changelog entries taken from Ubuntu. (closes: #599937)
  * Import and ACK NMU 5.1.49-2.1. (closes: #595120, #601152)

 -- Norbert Tretkowski <norbert op tretkowski.de>  Tue, 30 Nov 2010 09:20:33 +0100

mysql-5.1 (5.1.49-2.1) unstable; urgency=high

  * Non-maintainer upload.
  * debian/mysql-server-5.1.mysql.init: Remove $named from
    Should-Start/Should-Stop (closes: #595120).
    Thanks for Clint Byrum <clint op ubuntu.com> patch.
  * Update Portuguese translation (closes: #601152).
    Thanks for Miguel Figueiredo <elmig op debianpt.org> patch.

 -- Xavier Oswald <xoswald op debian.org>  Sat, 27 Nov 2010 17:43:13 +0100

mysql-5.1 (5.1.49-2) unstable; urgency=low

  * Check for server binary before executing any script. (closes: #583611)
  * Move my_print_defaults and perror from mysql-server-5.1 to mysql-client-5.1
    package. (closes: #591373)
  * Update debconf translations:
    - Spanish, from Javier Fernández-Sanguino. (closes: #592171)
    - Galician, from Jorge Barreiro. (closes: #592813)
    - Arabic, from Ossama Khayat. (closes: #596169, #600884)
    - Czech, from Miroslav Kure. (closes: #598339)
    - Danish, from Joe Dalton. (closes: #599483)
    - Portuguese, from Rui Branco. (closes: #599759)
    - Catalan, from Jordi Mallach. (closes: #601098)
  * Add patch 99_fix_testsuite_for_installed_env.dpatch from Ubuntu to fix
    mysql-testsuite to work with the installation location.
  * Add README.source file to make lintian happy.
  * Update Standards-Version to 3.9.1, no changes required.

 -- Norbert Tretkowski <norbert op tretkowski.de>  Wed, 27 Oct 2010 14:41:19 +0200

mysql-5.1 (5.1.49-1) unstable; urgency=low

  * New upstream release.

 -- Norbert Tretkowski <norbert op tretkowski.de>  Sat, 31 Jul 2010 12:34:43 +0200

mysql-5.1 (5.1.48-1) unstable; urgency=low

  * New upstream release.

 -- Norbert Tretkowski <norbert op tretkowski.de>  Thu, 17 Jun 2010 22:38:56 +0200

mysql-5.1 (5.1.47-1) unstable; urgency=low

  * New upstream release. (closes: #582526)
  * Add patch to fix compile issue with embedded enabled.

 -- Norbert Tretkowski <norbert op tretkowski.de>  Sat, 22 May 2010 08:59:41 +0200

mysql-5.1 (5.1.46-1) unstable; urgency=low

  * New upstream release.

 -- Norbert Tretkowski <norbert op tretkowski.de>  Tue, 11 May 2010 18:47:32 +0200

mysql-5.1 (5.1.45-3) unstable; urgency=low

  * Upload to unstable.

 -- Norbert Tretkowski <norbert op tretkowski.de>  Sat, 10 Apr 2010 19:22:55 +0200

mysql-5.1 (5.1.45-2) experimental; urgency=low

  * Add mysql-server-core-5.1 package, containing the package and its manpage,
    to let packages like akonadi use the mysqld binary without using system
    databases. Thanks to Didier Raboud for the patch! (closes: #548419)
  * Add libterm-readkey-perl suggestion to mysql-client-5.1 package.
    (closes: #574505, #575769)

 -- Norbert Tretkowski <norbert op tretkowski.de>  Wed, 31 Mar 2010 11:36:25 +0200

mysql-5.1 (5.1.45-1) unstable; urgency=low

  * New upstream release.
  * Drop patch 10_readline_build_fix.dpatch.
  * Rename source package to mysql-5.1.

 -- Norbert Tretkowski <norbert op tretkowski.de>  Wed, 17 Mar 2010 14:56:02 +0100

mysql-dfsg-5.1 (5.1.44-3) unstable; urgency=low

  * Add patch that reinstates the reloading of character set data when a
    mysql_library_init() is done after a mysql_library_end().
    (closes: #569549, #569595)

 -- Norbert Tretkowski <norbert op tretkowski.de>  Mon, 01 Mar 2010 18:22:35 +0100

mysql-dfsg-5.1 (5.1.44-2) unstable; urgency=low

  * Disable innodb.innodb_information_schema test in testsuite run, it fails
    randomly on at least i386. (closes: #570693)

 -- Norbert Tretkowski <norbert op tretkowski.de>  Sun, 21 Feb 2010 20:45:59 +0100

mysql-dfsg-5.1 (5.1.44-1) unstable; urgency=low

  * New upstream release.

 -- Norbert Tretkowski <norbert op tretkowski.de>  Thu, 18 Feb 2010 21:38:09 +0100

mysql-dfsg-5.1 (5.1.43-1) unstable; urgency=low

  * New upstream release.
  * Drop patches:
    + 11_binlog_wrong_offset.dpatch
    + 96_SECURITY_CVE-2009-4484.dpatch
  * Disable SSL related test in the testsuite until MySQL gets shipped with an
    updated SSL certificate.
  * Include symlinks for mysqlcheck manpages. (closes: #558760)
  * Fix some lintian warnings:
    + debian-news-entry-has-unknown-version
    + postinst-has-useless-call-to-ldconfig
    + postrm-has-useless-call-to-ldconfig
  * Bump Standards-Version to 3.8.4, no changes required.

 -- Norbert Tretkowski <norbert op tretkowski.de>  Mon, 01 Feb 2010 22:03:42 +0100

mysql-dfsg-5.1 (5.1.41-4) unstable; urgency=high

  * SECURITY:
    Fix for CVE-2009-4484: Copying name tags into an internal buffer from
    incoming stream we didn't check the buffer overflow. That may lead to
    memory overrun, crash etc.
  * Add -fno-strict-aliasing to $CFLAGS to get around testsuite errors when
    building with gcc 4.4.x. (closes: #554207)

 -- Norbert Tretkowski <norbert op tretkowski.de>  Mon, 18 Jan 2010 19:03:25 +0100

mysql-dfsg-5.1 (5.1.41-3) unstable; urgency=low

  * Let mysql-server-5.1 replace libmysqlclient-dev (>= 5.1.41-1) because of
    moved InnoDB plugin. (closes: #557806)

 -- Norbert Tretkowski <norbert op tretkowski.de>  Tue, 24 Nov 2009 19:20:36 +0100

mysql-dfsg-5.1 (5.1.41-2) unstable; urgency=low

  * Move InnoDB plugin into -server package.
  * Fix some lintian errors and warnings:
    + weak-library-dev-dependency
    + dir-or-file-in-var-run
    + command-with-path-in-maintainer-script
  * Ignore errors in testsuite run on s390.

 -- Norbert Tretkowski <norbert op tretkowski.de>  Sat, 21 Nov 2009 13:37:17 +0100

mysql-dfsg-5.1 (5.1.41-1) unstable; urgency=medium

  * New upstream release.
  * Drop patch 60_zlib_innodb_workaround.dpatch, merged upstream.
  * Make $DATADIR readable/writeable only for user mysql. (closes: #555626)
  * Build with --without-readline to use system readline instead of bundled
    copy. (closes: #552003)

 -- Norbert Tretkowski <norbert op tretkowski.de>  Fri, 20 Nov 2009 17:35:42 +0100

mysql-dfsg-5.1 (5.1.40-1) unstable; urgency=low

  * New upstream release.
  * Set thread_stack size to 192K rather than 128K.

 -- Norbert Tretkowski <norbert op tretkowski.de>  Fri, 23 Oct 2009 19:12:45 +0200

mysql-dfsg-5.1 (5.1.39-1) unstable; urgency=low

  * New upstream release.
  * New patch 60_zlib_innodb_workaround.dpatch to fix an incompatibility
    between zlib and innodb during testsuite run.
  * Wait in the SIGHUP trap to avoid killing an existing mysqld process when a
    HUP signal is sent to mysqld_safe, patch based based on Mathias Gug's fix
    from 5.0 series. (closes: #545044)
  * Update debconf translations:
    - Japanese, from Hideki Yamane. (closes: #545329)
    - Swedish, from Martin Bagge. (closes: #545731)
  * Fix some options in my.cnf about log_file have their named changed, patch
    from Mathias Gug. (closes: #545761)
  * Do not upgrade if there is an ndb management node configured, patch from
    Mathias Gug. (closes: #545760)
  * Switch build-dependency from libreadline5-dev to libreadline-dev.

 -- Norbert Tretkowski <norbert op tretkowski.de>  Mon, 28 Sep 2009 17:41:51 +0200

mysql-dfsg-5.1 (5.1.37-2) unstable; urgency=low

  * Update debconf translations:
    - Swedish, from Martin Bagge. (closes: #539207)
    - Russian, from Yuri Kozlov. (closes: #540216)
    - French, from Christian Perrier. (closes: #540508)
    - Italian, from Luca Monducci. (closes: #541465)
    - German, from Thomas Mueller. (closes: #544477)
  * Handle DEB_BUILD_OPTIONS correctly, patch from Stephen Depooter.
    (closes: #523928)
  * Support ANSI mode in debian-start.inc.sh, patch from Mathias Gug.
    (closes: #534606)
  * Enable hardening. (closes: #542746)
  * Drop old_passwords option. (closes: #540366)

 -- Norbert Tretkowski <norbert op tretkowski.de>  Wed, 02 Sep 2009 20:26:59 +0200

mysql-dfsg-5.1 (5.1.37-1) unstable; urgency=low

  * New upstream release.
  * Drop empty transitional package libmysqlclient15-dev, and provide/replace
    it with libmysqlclient-dev. (closes: #538659)
  * Ignore errors in testsuite on all archs but amd64, i386, ia64 and s390.
    (closes: #539679)
  * Update debconf translations:
    - French, from Christian Perrier. (closes: #539703)
  * Fixed typo regarding log_type in my.cnf.

 -- Norbert Tretkowski <norbert op tretkowski.de>  Tue, 04 Aug 2009 19:25:45 +0200

mysql-dfsg-5.1 (5.1.36-5) unstable; urgency=low

  [ Christian Hammers ]
  * Applied debconf template patch from debian-l10n-english (thanks to
    Justin B Rye).
  * Added a missing misc:Depends to debian/control for lintian.
  * Fixes typo in initscript (thanks to Gaspar Lajos).

  [ Norbert Tretkowski ]
  * Ignore errors in testsuite run on mips. (closes: #539095)
  * Update debconf translations:
    - Basque, from Piarres Beobide. (closes: #539130)
    - Russian, from Yuri Kozlov. (closes: #539459)

 -- Norbert Tretkowski <norbert op tretkowski.de>  Sat, 01 Aug 2009 11:13:55 +0200

mysql-dfsg-5.1 (5.1.36-4) unstable; urgency=low

  * dpkg-gensymbols caused a lot of FTBFS because the C++ libraries have
    slightly different symbol names on other archs (long vs. int somebody
    told me on IRC). We now limit the ABI compatibility check to amd64.

 -- Christian Hammers <ch op debian.org>  Sun, 26 Jul 2009 11:46:20 +0200

mysql-dfsg-5.1 (5.1.36-3) unstable; urgency=low

  * Moving from experimental to unstable!

 -- Christian Hammers <ch op debian.org>  Sat, 25 Jul 2009 20:42:39 +0200

mysql-dfsg-5.1 (5.1.36-2) experimental; urgency=low

  * Build both -fPIC (libmysql_pic.a) and non -fPIC (libmysqld.a) as
    some packages seem to need the -fPIC variant for their own build
    process. Documented in README.Debian. Thanks to Modestas Vainius
    for the patch. Closes: #508406
  * Switch to out-of-source true build mode was a side effect of this change.
  * Added libmysqlclient16.symbols file (thanks to Raphael Hertzog).
  * Raised debian/compat from 4 to 7.
  * Updated innotop to 1.7.1.
  * Minor cleanups that lintian suggested.

 -- Christian Hammers <ch op debian.org>  Sun, 19 Jul 2009 18:48:53 +0200

mysql-dfsg-5.1 (5.1.36-1) experimental; urgency=low

  * Ex-maintainer upload :)
  * New upstream release.
  * SECURITY: Upstream fix for "mysql client does not escape strings in 
    --html mode." (CVE-2008-4456) Closes: #526254
  * Upstream fixes REPEAT() function. Closes: #447028
  * Upstream fixes problems when mixing ORDER and GROUP BY. Closes: #470854
  * There were many innodb fixes in the last two years, probably
    also for this unreproducible crash. CLoses: #447713
  * Removed amd64 specific -fPIC compiler option that was introduced
    especially for building the NDB cluster module which is no longer
    part of this package (thanks to Modestas Vainius). Closes: #508406
  * Put /etc/mysql/conf.d to mysql-server-5.1.dirs (thanks to Alexander 
    Gerasiov). Closes: #515145
  * Fixed mysql-test suite by adding 50_mysql-test__db_test.dpatch.
    It now passes 100% of the tests again. Also Closes: #533999
  * Preinst now prevents Installation if NDB configuration is detected.
  * Applied Ubuntu patch that fixes privilege bootstrapping in postinst
    (thanks to Mathias Gug). Closes: #535492
  * Applied Ubuntu patch that sets the debconf prio for the root password
    question to high and prevents it from being asked on 5.0 -> 5.1 upgrades
    (thanks to Mathias Gug). Closes: #535500
  * Removed the check for ISAM tables as the only supported upgrade path is
    from lenny's MySQL-5.0.
  * Added /etc/mysql/conf.d/mysqld_safe_syslog.cnf which enables mysqld_safe
    to pipe all mysqld output into the syslog. The reason for not letting dpkg
    handle it via a normal config file change was that my.cnf is usually
    heavily tuned by the admin so the setting would go lost too easily.
  * Updated mysqlreport to version 3.5 (including two minor patches by me).

 -- Christian Hammers <ch op debian.org>  Wed, 01 Jul 2009 20:54:58 +0200

mysql-dfsg-5.1 (5.1.34-1) experimental; urgency=low

  * New upstream release.

 -- Norbert Tretkowski <norbert op tretkowski.de>  Mon, 20 Apr 2009 20:23:10 +0200

mysql-dfsg-5.1 (5.1.33-2) experimental; urgency=low

  * Remove no longer active developers from uploaders field.
  * Drop workaround for upgrades from MySQL 3.23, not necessary any more.

 -- Norbert Tretkowski <norbert op tretkowski.de>  Tue, 07 Apr 2009 11:23:25 +0200

mysql-dfsg-5.1 (5.1.33-1) experimental; urgency=low

  * New upstream release.

 -- Norbert Tretkowski <norbert op tretkowski.de>  Thu, 02 Apr 2009 21:12:23 +0200

mysql-dfsg-5.1 (5.1.32-1) experimental; urgency=low

  * New upstream release.

 -- Norbert Tretkowski <norbert op tretkowski.de>  Fri, 06 Mar 2009 18:48:23 +0100

mysql-dfsg-5.1 (5.1.31-2) experimental; urgency=low

  * Update SSL certificates, and re-enable SSL related tests when running
    the testsuite.

 -- Norbert Tretkowski <norbert op tretkowski.de>  Tue, 10 Feb 2009 16:08:42 +0100

mysql-dfsg-5.1 (5.1.31-1) experimental; urgency=low

  * New upstream release.

 -- Norbert Tretkowski <norbert op tretkowski.de>  Sun, 08 Feb 2009 17:07:11 +0100

mysql-dfsg-5.1 (5.1.30-2) experimental; urgency=low

  * Drop MySQL Cluster support, it's deprecated since 5.1.24-RC.
  * Fix FTBFS if build twice in a row. (closes: #487091)

 -- Norbert Tretkowski <norbert op tretkowski.de>  Fri, 05 Dec 2008 21:04:55 +0100

mysql-dfsg-5.1 (5.1.30-1) experimental; urgency=low

  * New upstream release.

 -- Norbert Tretkowski <norbert op tretkowski.de>  Thu, 27 Nov 2008 09:09:55 +0100

mysql-dfsg-5.1 (5.1.29rc-1) experimental; urgency=low

  * New upstream release.

 -- Norbert Tretkowski <norbert op tretkowski.de>  Mon, 27 Oct 2008 20:00:43 +0100

mysql-dfsg-5.1 (5.1.26rc-1) experimental; urgency=low

  * New upstream release.

 -- Norbert Tretkowski <norbert op tretkowski.de>  Mon, 14 Jul 2008 21:46:59 +0200

mysql-dfsg-5.1 (5.1.25rc-1) experimental; urgency=low

  * New upstream release.

 -- Norbert Tretkowski <norbert op tretkowski.de>  Sat, 21 Jun 2008 13:55:02 +0200

mysql-dfsg-5.1 (5.1.24rc-1) experimental; urgency=low

  * New upstream release.
  * Ignore errors in testsuite on ia64 and s390.

 -- Norbert Tretkowski <norbert op tretkowski.de>  Wed, 16 Apr 2008 22:03:44 +0200

mysql-dfsg-5.1 (5.1.23rc-1) experimental; urgency=low

  * New upstream release.

  [ Christian Hammers ]
  * Add PIC support for NDB libraries on amd64 (thanks to Monty Taylor).
  * Add extra information when aborting due to a detected downgrade (thanks to
    Raphael Pinson).
  * Move libndbclient.so.3 to its own package as it now has a version != 0
    (thanks to Raphael Pinson for reminding me).

  [ Monty Taylor ]
  * Remove 85_ndb__staticlib.dpatch since we have a libndbclient package now.
  * Add myself to the uploaders so that I don't get complaints about package
    signing.
  * Add libndbclient-dev package to go with libndbclient3.

  [ Norbert Tretkowski ]
  * Update patches:
    + 41_scripts__mysql_install_db.sh__no_test.dpatch
  * Drop patches:
    + 70_upstream_debian__configure.dpatch
    + 71_upstream_debian__Makefile.in.dpatch
    + 99_TEMP_minmax.dpatch
  * Remove Adam Conrad from uploaders on his request. Thanks for your work in
    the past!
  * Ignore errors in testsuite on amd64 and i386.

 -- Norbert Tretkowski <norbert op tretkowski.de>  Fri, 29 Feb 2008 10:38:27 +0100

mysql-dfsg-5.1 (5.1.22rc-1) experimental; urgency=low

  * New upstream version.
  * Let mysql-server-5.1 pre-depend on debconf as it uses it in the preinst.
  * Fixed mysql-client-5.1 menu entry for upcoming menu policy 1.4.

 -- Christian Hammers <ch op debian.org>  Tue, 02 Oct 2007 22:45:37 +0200

mysql-dfsg-5.1 (5.1.21beta-1) experimental; urgency=low

  * My "Greetings from FrOSCon!" release.
  * New upstream version.
  * libmysqlclient.so.15 has been superseded by libmysqlclient.so.16.
  * Renamed libmysqlclient15-dev to libmysqlclient-dev but added an empty
    package libmysqlclient15-dev to ease the transition for packages with
    a versioned build-dep to libmysqlclient15-dev which is something that
    currently does not work with "Provides:".
  * Synced with 5.0 branch up to subversion release r909.
  * Commented out most of the compile conditionals in the hope that
    all architectures can be build the same way.
  * Added a lot of new binaries and manpages.
  * Switched to plugin based engines.

 -- Christian Hammers <ch op debian.org>  Sat, 25 Aug 2007 14:24:40 +0200

mysql-dfsg-5.1 (5.1.19beta-1) experimental; urgency=low

  * New upstream release.

 -- Christian Hammers <ch op debian.org>  Mon, 11 Jun 2007 23:18:35 +0200

mysql-dfsg-5.1 (5.1.16beta-4) experimental; urgency=high

  * Merged with 5.0 r850:
    * SECURITY:
      In some previous versions mysql_install_db was not idempotent and did
      always create passwordless root accounts although it should only on
      initial installs (thanks to Olaf van der Spek). Closes: #418672
    * Added check for passwordless root accounts to debian-start.
    * As MySQL-5.0 is, at least currently, incompatible with Kernel 2.4 the
      installation is aborted for such old kernels. Debian Etch does not
      support them anyway according to the release notes but this might be 
      unexpected and many production servers still have self build ones 
      installed (thanks to Marc-Christian Petersen). See: #416841
    * Adjusted TeX build-deps to texlive.
    * Added innotop. 
    * Changed maintainer email address to
      pkg-mysql-commits op lists.alioth.debian.org 

 -- Christian Hammers <ch op debian.org>  Thu, 19 Apr 2007 19:29:29 +0200

mysql-dfsg-5.1 (5.1.16beta-3) experimental; urgency=low

  * Merged with 5.0 r837:
    * Activated the blackhole engine as it's needed for replicating partition
      designs (thanks to Cyril SCETBON). 
    * Fixed segfault on i486 systems without cpuid instruction (thanks to
      Lennart Sorensen). Closes: #410474
    * Only use of the non-essential debconf package in postrm if it is
      still installed (thanks to Michael Ablassmeier). Closes: #416838

 -- Christian Hammers <ch op debian.org>  Sun, 18 Mar 2007 21:48:11 +0100

mysql-dfsg-5.1 (5.1.16beta-2) experimental; urgency=low

  * Merged with 5.0 r818:
    * Fixed FTBFS on Sparc introduced with the "make -j" trick in
      5.0.32-8 (thanks to Frank Lichtenheld). Closes: #415026

 -- Christian Hammers <ch op debian.org>  Sun, 18 Mar 2007 21:20:11 +0100

mysql-dfsg-5.1 (5.1.16beta-1) experimental; urgency=low

  * New upstream release. 
    * SECURITY: Using an INFORMATION_SCHEMA table with ORDER BY in a subquery
      could cause a server crash (CVE-2007-1420).
    * Added temporary patch 90_TEMP_sqlparse-ifdef to avoid build problems.
  * Merged with 5.0 r809:
    * Updated mysqlreport to latest upstream (and patched --help usage
      message and "return if qcache_size==0").
  * Merged with 5.0 r798:
    * Adapt MAKE_J to use the -j option with the number of available
      processors. (thanks to Raphael Pinson).
  * Merged with 5.0 r758:
    * Changed minimum required version in dh_makeshlibs to 5.0.27-1 as
      5.0.26 had an ABI breakage in it!
      This is the cause for Perl programs crashing with the following error: 
      Transactions not supported by database at /usr/lib/perl5/DBI.pm line 672
    * Added some more comments to the default my.cnf.
    * Added support for /etc/mysql/conf.d/.
    * The debian-start script that runs on every server start now first upgrades
      the system tables (if neccessary) and then check them as it sometimes did
      not work the other way around (e.g. for MediaWiki). The script now uses 
      mysql_update instead of mysql_update_script as recommended. See: 409780

 -- Christian Hammers <ch op debian.org>  Fri,  2 Mar 2007 01:00:55 +0100

mysql-dfsg-5.1 (5.1.15beta-1) experimental; urgency=low

  * New upstream release.
  [Monty Taylor]
  * Removed patches/25_mysys__default.c - fixed upstream.
  * Removed patches/26_client__mysql_upgrade.c - fixed upstream.
  * Removed patches/29_scripts__mysqlbug.sh - fixed upstream.
  * Removed patches/39_scripts__mysqld_safe.sh__port_dir - fixed upstream.
  * Removed patches/42_scripts__mysqldumpslow__slowdir - fixed upstream.
  * Removed patches/45_warn-CLI-passwords - fixed upstream.
  * Removed patches/89_ndb__records.dpatch - fixed upstream.
  * Removed patches/86_ndbapi_tc_selection.dpatch - fixed upstream.
  [Christian Hammers]
  * Synced with 5.0.32-4.
    * mysql-server-5.0 pre-depends on adduser now and has --disabled-login
      explicitly added to be on the safe side (thanks to the puiparts team).
      Closes: #408362
    * Corrections the terminology regarding NDB in the comments of all config
      files and init scripts (thanks to Geert Vanderkelen of MySQL).

 -- Christian Hammers <ch op debian.org>  Wed,  7 Feb 2007 11:34:52 -0200

mysql-dfsg-5.1 (5.1.14beta-2) experimental; urgency=low

  [Christian Hammers]
  * Readded 85_ndb__staticlib.dpatch with slight modifications. 
  * Backported debian-start scripts from 5.0.
  [Monty Taylor]
  * Now build-depends on bison.
  * Updated to standards 3.7.2.
  * Removed references to comp_err.
  * build-depend on automake1.9 to match upstream 
  * Merged runlevel changes from 5.0.
  * Added 26_client__mysql_upgrade.c.dpatch to fix a segfault in mysql_upgrade
    when using a password. It's been fixed upstream in 5.1.15. 
  * Moved BDB check to sanity_checks() and added a note about deprecation.
  * Use my_print_defaults instead of mysqld --print-defaults
  * Changed NDB Data and Management node startup seqence. Prevented both
    from restarting on upgrade to address rolling upgrade issues.
  * Added a "start-initial" option to the Data Node init script to support
    initial node starts.
  * Added 86_ndbapi_tc_selection.dpatch to fix a bug that causes a segfault
    when using the NdbApi. http://bugs.mysql.com/bug.php?id=24914
    Fixed in 5.1.15
  * Added 89_ndb__records.dpatch to fix
    http://bugs.mysql.com/bug.php?id=25567, which causes a table scan per
    table per query.

 -- Christian Hammers <ch op debian.org>  Wed, 31 Jan 2007 01:17:35 +0100

mysql-dfsg-5.1 (5.1.14beta-1) experimental; urgency=low

  * New upstream.
  * Removed references to mysql_explain_log
  * Changed context for patch to mysqld_multi.1
  * Removed 70_kfreebsd.dpatch - applied to upstream
  * Removed 87_ps_Hurd - applied to upstream
  * Replaced --without-readline to --with-libedit to configure options, as
    --without-readline doesn't seem to do the right thing anymore.

 -- Monty Taylor <mordred op inaugust.com>  Wed, 10 Jan 2007 12:59:55 -0800

mysql-dfsg-5.1 (5.1.11beta-1) experimental; urgency=low

  * Starting new 5.1 branch!
  * FIXME: Following patch couldn't be applied:
      ## 85_ndb__staticlib.dpatch by  <ch op debian.org>
  * FIXME: Following patch couldn't be applied:
      ## 86_PATH_MAX.dpatch

 -- Christian Hammers <ch op debian.org>  Sat, 29 Jul 2006 11:35:42 +0200

mysql-dfsg-5.0 (5.0.84-1) unstable; urgency=low

  * New upstream release.
  * Update patches:
    + debian/patches/60_disabled_tests.dpatch

 -- Norbert Tretkowski <norbert op tretkowski.de>  Fri, 24 Jul 2009 18:05:11 +0200

mysql-dfsg-5.0 (5.0.83-1) unstable; urgency=low

  * New upstream release.
  * Update patches:
    + debian/patches/45_warn-CLI-passwords.dpatch (closes: #536548)
    + debian/patches/60_disabled_tests.dpatch

 -- Norbert Tretkowski <norbert op tretkowski.de>  Sat, 18 Jul 2009 08:18:53 +0200

mysql-dfsg-5.0 (5.0.81-1) unstable; urgency=low

  * New upstream release.
  * Remove patches:
    + debian/patches/63_update_ssl_certs.dpatch

 -- Norbert Tretkowski <norbert op tretkowski.de>  Mon, 04 May 2009 18:53:05 +0200

mysql-dfsg-5.0 (5.0.77-1) unstable; urgency=low

  * New upstream release.

 -- Norbert Tretkowski <norbert op tretkowski.de>  Tue, 17 Feb 2009 18:42:46 +0100

mysql-dfsg-5.0 (5.0.75-1) unstable; urgency=low

  * New upstream release.
  * Update patches:
    + debian/patches/33_scripts__mysql_create_system_tables__no_test.dpatch
  * Remove patches:
    + debian/patches/50_fix_agg_functions.dpatch

 -- Norbert Tretkowski <norbert op tretkowski.de>  Mon, 22 Dec 2008 11:01:38 +0100

mysql-dfsg-5.0 (5.0.67-3) unstable; urgency=low

  * Really apply patch from 5.0.74 to fix check for non-aggregated columns
    in queries.

 -- Norbert Tretkowski <norbert op tretkowski.de>  Tue, 16 Dec 2008 07:19:23 +0100

mysql-dfsg-5.0 (5.0.67-2) unstable; urgency=low

  * New patch from 5.0.74 to fix check for non-aggregated columns in queries.
    (closes: #505179, #505181)
  * Add patch from Dan Munckton:
    + Clearly indicate that we do not support running multiple instances
      of mysqld by duplicating the init script.
      (closes: #314785, #324834, #435165, #444216)
    + Properly parameterize all existing references to the mysql config
      file (/etc/mysql/my.cnf).
  * Really fix FTBFS if build twice in a row. (closes: #442684)

 -- Norbert Tretkowski <norbert op tretkowski.de>  Sun, 14 Dec 2008 10:12:30 +0100

mysql-dfsg-5.0 (5.0.67-1) unstable; urgency=low

  * New upstream release.
  * Update patches:
    + debian/patches/25_mysys__default.c.dpatch
    + debian/patches/80_fix_user_setup_on_localhost.dpatch
  * Remove patches:
    + debian/patches/50_fix_mysqldump.dpatch
    + debian/patches/51_incorrect-order.dpatch
    + debian/patches/52_ndb-gcc-4.2.dpatch
    + debian/patches/53_integer-gcc-4.2.dpatch
    + debian/patches/54_ssl-client-support.dpatch
    + debian/patches/55_testsuite-2008.dpatch
    + debian/patches/56_fix_order_by.dpatch
    + debian/patches/57_fix_mysql_replication.dpatch
    + debian/patches/58_disable-ndb-backup-print.dpatch
    + debian/patches/59_fix_relay_logs_corruption.dpatch
    + debian/patches/60_rpl_test_failure.dpatch
    + debian/patches/90_upstreamdebiandir.dpatch
    + debian/patches/91_SECURITY_CVE-2007-5925.dpatch
    + debian/patches/92_SECURITY_CVE-2008-2079.dpatch
    + debian/patches/93_SECURITY_CVE-2008-3963.dpatch
  * Fix FTBFS if build twice in a row. (closes: #442684)

 -- Norbert Tretkowski <norbert op tretkowski.de>  Sun, 02 Nov 2008 13:51:50 +0100

neon27 (0.29.3-3) unstable; urgency=low

  * Fix client certificate negotiation with a patch that got included in
    v0.29.5 (closes: #480041).
  * Updated Standards-Version to 3.9.1 .

 -- Laszlo Boszormenyi (GCS) <gcs op debian.hu>  Sun, 24 Oct 2010 18:20:49 +0200

neon27 (0.29.3-2) unstable; urgency=low

  * Fix SNI TLS breakage until upstream fix (closes: #569639).

 -- Laszlo Boszormenyi (GCS) <gcs op debian.hu>  Tue, 23 Feb 2010 19:46:02 +0000

neon27 (0.29.3-1) unstable; urgency=low

  * New upstream release.
  * Updated Standards-Version to 3.8.4 and added watch file.

 -- Laszlo Boszormenyi (GCS) <gcs op debian.hu>  Thu, 04 Feb 2010 20:03:25 +0000

neon27 (0.29.0-1) unstable; urgency=low

  * New major upstream release (still API and ABI compatible with 0.27.x).
  * Step towards to enable testsuite during building, but doesn't enable it
    yet, as it causes FTBFS in a pbuilder chroot.

 -- Laszlo Boszormenyi (GCS) <gcs op debian.hu>  Wed, 23 Sep 2009 19:04:54 +0000

neon27 (0.28.6-1) unstable; urgency=high

  * New upstream release, fixing CVE-2009-2474 (closes: #542926); for gnutls
    version building with gnutls 2.8.2 or later required, updated
    build-dependency accordingly.
  * CVE-2009-2473 doesn't affect this package as it's compiled with a libxml2
    version greater than 2.6.32 .

 -- Laszlo Boszormenyi (GCS) <gcs op debian.hu>  Sat, 22 Aug 2009 10:19:54 +0000

neon27 (0.28.5-1) unstable; urgency=low

  * New upstream release,  fix use of builds with SOCK_CLOEXEC support
    (closes: #533241).

 -- Laszlo Boszormenyi (GCS) <gcs op debian.hu>  Sat, 01 Aug 2009 09:55:01 +0000

neon27 (0.28.4-3) unstable; urgency=low

  * Use upstream solution to runtime detect SOCK_CLOEXEC option.
  * Build-Depend on pkg-config for library detections (closes: #529839).

 -- Laszlo Boszormenyi (GCS) <gcs op debian.hu>  Sat, 13 Jun 2009 12:14:53 +0000

neon27 (0.28.4-2) unstable; urgency=low

  * Add 01_runtime_detect_sock_cloexec.dpatch to detect if neon27 is running
    on a kernel that supports SOCK_CLOEXEC (closes: #529920).

 -- Laszlo Boszormenyi (GCS) <gcs op debian.hu>  Sat, 30 May 2009 12:32:51 +0000

neon27 (0.28.4-1) unstable; urgency=low

  * New upstream release and accept Frank's upload (closes: #496482).

 -- Laszlo Boszormenyi (GCS) <gcs op debian.hu>  Wed, 20 May 2009 17:36:23 +0000

netbase (4.45) unstable; urgency=high

  * etc-services: added 4691 (mtn). (Closes: #607858)
  * etc-protocols: added dccp (33). (Closes: #610536)

 -- Marco d'Itri <md op linux.it>  Wed, 19 Jan 2011 23:14:59 +0100

netbase (4.44) unstable; urgency=medium

  * etc-services: added 5666 (nrpe/tcp), mysql-proxy (6446).
    (Closes: #604830)

 -- Marco d'Itri <md op linux.it>  Sun, 05 Dec 2010 19:59:54 +0100

netbase (4.43) unstable; urgency=medium

  * etc-services: added nbd (10809/tcp), epmd (4369).
    (Closes: #591568, #599526)

 -- Marco d'Itri <md op linux.it>  Sat, 23 Oct 2010 01:40:49 +0200

netbase (4.42) unstable; urgency=low

  * Stop setting net.ipv6.bindv6only=1 by default. (Closes: #560238)
  * Remove /etc/hosts and /etc/networks on purge to please mindless
    nitpickers and piuparts. (Closes: #585708)
  * Do not add IPv6-related names to /etc/hosts on upgrades to allow
    people to remove them and break their own systems. (Closes: #579752)
  * Create /etc/hosts and /etc/networks if missing on the first install
    (e.g. when installing with debootstrap).
  * etc-services: added dcap (22125/tcp), gsidcap (22128/tcp).
    (Closes: #586396)

 -- Marco d'Itri <md op linux.it>  Fri, 25 Jun 2010 22:17:24 +0200

netbase (4.41) unstable; urgency=low

  * Do not disable networking on shutdown if the root file system is
    mounted over iSCSI. (Closes: #576785)
  * etc-protocols: added shim6 (140), wesp (141), rohc (142).

 -- Marco d'Itri <md op linux.it>  Mon, 19 Apr 2010 00:41:46 +0200

netbase (4.40) unstable; urgency=low

  * Fixed removal of /etc/sysctl.d/ on purge. (Closes: #560164)
  * etc-services: added zabbix-agent (10050), zabbix-trapper (10051).
    (Closes: #560175)

 -- Marco d'Itri <md op linux.it>  Thu, 10 Dec 2009 13:33:47 +0100

netbase (4.39) unstable; urgency=low

  * Create /etc/sysctl.d/ if it does not exist and do nothing on non-Linux
    systems. (Closes: #559754)

 -- Marco d'Itri <md op linux.it>  Mon, 07 Dec 2009 19:02:29 +0100

netbase (4.38) unstable; urgency=low

  * Create /etc/sysctl.d/bindv6only.conf on upgrades and new installs
    to set net.ipv6.bindv6only=1.
  * Made the init script check for swap over the network. (Closes: #540697)
  * Temporarily depend on initscripts to work around a bug in multistrap.
    (Closes: #556399)
  * etc-services: added sieve (4190/tcp). 
  * etc-services: removed sieve (2000/tcp). (Closes: #555664)
  * Made the init script warn that using the force-reload and restart
    parameters is not a good idea. (Closes: #550240)

 -- Marco d'Itri <md op linux.it>  Sun, 06 Dec 2009 17:09:41 +0100

netbase (4.37) unstable; urgency=high

  * Use Should-Start/Should-Stop instead of Start/Stop since nowadays
    ifupdown now is only a Recommends. (Closes: #538948)
  * etc-services: added dhcpv6-client (546), dhcpv6-server (547), idfp (549).
    (Closes: #533001)

 -- Marco d'Itri <md op linux.it>  Wed, 29 Jul 2009 12:20:21 +0200

netbase (4.36) unstable; urgency=medium

  * postinst: run update-rc.d only if the init script is executable.
    (Closes: #533499)
  * etc-services: added svrloc (427). (Closes: #350521)

 -- Marco d'Itri <md op linux.it>  Sat, 04 Jul 2009 16:26:30 +0200

netbase (4.35) unstable; urgency=low

  * Do not add ff02::3 to /etc/hosts because it is not actually assigned.
    (Closes: #499800)
  * etc-services: added gsigatekeeper (2119), gris (2135), gsiftp (2811),
    amqp (5672/tcp,udp,sctp), xmms2 (9667).
    (Closes: #514226, #527893, #533001)
  * etc-services: updated the description of mon. (Closes: #525322)

 -- Marco d'Itri <md op linux.it>  Wed, 17 Jun 2009 02:34:11 +0200

newt (0.52.11-1) unstable; urgency=low

  * New upstream. Closes: #575561. 
    Merged upstream:
     029_crash_fix.patch
     040_pkgconfig.patch
     310_libfixes.patch 
     320_valgrind_fixes.patch (partial)
     040_pkgconfig.patch
     410_marathi.patch 
     420_checkbox_width.patch
     600_CVE-2009-2905.patch
     720_newt_combiwrap.patch
     730_gujarati.patch
   * Fix to allow ESC key to work in whiptail. Closes: #584098.

 -- Alastair McKinstry <mckinstry op debian.org>  Sat, 19 Jun 2010 20:54:29 +0100

newt (0.52.10-8) unstable; urgency=low

  * Remove unnecessary libgpm-dev, as it breaks kfreebsd. Closes: #572230. 

 -- Alastair McKinstry <mckinstry op debian.org>  Wed, 03 Mar 2010 10:14:59 +0000

newt (0.52.10-7) unstable; urgency=low

  * Enable GPM support on Linux, kFreeBSD. Closes: #572274, #569172 .
  * Build-depend on libgpm-dev.
  * Standards-Version: 3.8.4. No changes required. 

 -- Alastair McKinstry <mckinstry op debian.org>  Wed, 03 Mar 2010 08:34:30 +0000

newt (0.52.10-6) unstable; urgency=low

  * Fix for 020_bidi.patch that now requires TRUE/FALSE to be defined.
    Thanks to Theppitak Karoonboonyanan. Closes: #570663.
  * Initialize space for fribidi to zero. Fix thanks to Colin Watson.
    Closes: #570581. 
  * Fix for text incorrectly wrapping at combining characters.
    Thanks to Theppitak Karoonboonyanan. Closes: #570630.
  * Translations:
     Gujarati, thanks to Kartik Mistry. Closes: #571682. 

 -- Alastair McKinstry <mckinstry op debian.org>  Tue, 02 Mar 2010 13:33:00 +0000

newt (0.52.10-5) unstable; urgency=low

  * Acknowledge NMU with thanks. 
  * Remove double spaces in control that breaks dpkg-dev. Closes: #557543.
  * Move to Standards-Version 3.8.3. No changes required.
  * Add -ldl to Libs line. Closes: #560542, #555771.
  * Translations:
    Updated Bengali patch that documens plural forms. Closes: #524974
    Updated Italian patch (in UTF-8). Closes: #559499.
    Updated Asturian patch (in UTF-8). Closes: #538951.

 -- Alastair McKinstry <mckinstry op debian.org>  Fri, 18 Dec 2009 02:07:51 +0000

newt (0.52.10-4.1) unstable; urgency=high

  * Non-maintainer upload by the testing Security Team.
  * Include patch to fix buffer overflow in content processing code
    Fixes: CVE-2009-2905 Closes: #548198

 -- Giuseppe Iuculano <iuculano op debian.org>  Tue, 06 Oct 2009 17:29:33 +0200

newt (0.52.10-4) unstable; urgency=low

  * Add Ubuntu patch for python-newt-dbg package from Michael Vogt.
    Closes: #531725.
  * Add Ubuntu patch from Michael Vogt for crash when re-using text box
    multiple times. Thanks. Closes: #531724. 
  * Set the CHARSET specification in Marathi translation to UTF-8.
    Thanks to Christian Perrier. Closes: #531394. 

 -- Alastair McKinstry <mckinstry op debian.org>  Wed, 03 Jun 2009 23:20:22 +0100

newt (0.52.10-3) unstable; urgency=low

  * Marathi translation, thanks to Priti Patil. Closes: #416811. 
  * Patch from Neil Williams for cross-build support. Closes: #465105.
  * Add patch from Baruch Evan to allow checkboxes be aligned;
    wanted for LTR languages. Experimental API addition. Closes: #429351.

 -- Alastair McKinstry <mckinstry op debian.org>  Tue, 05 May 2009 20:51:49 +0100

newt (0.52.10-2) unstable; urgency=low

  * Change Priority: for python-newt to optional. 
  * Remove old message about experimental SONAME for
    README.Debian. Closes: #430104. 
  * Add asturian po file from Marcos Alverez Costales.  Closes: #518982.
  * Add Homepage: and Vcs-Git: fields to debian/control. Closes: #489612.
  * Cross-build support for kfreebsd from Guillem Jover. Closes: #465196.

 -- Alastair McKinstry <mckinstry op debian.org>  Fri, 01 May 2009 11:09:34 +0100

newt (0.52.10-1) unstable; urgency=low

  * New upstream release.  
    The following patches were merged, and have been removed:
     015_slang2_utf8.patch
     035_topleft_a11y.patch 
     040_bengali.patch      
     045_snack_entrywindow.patch 
     050_updated_greek.patch
     060_pgupdown_crash.patch 
     065_scrollbars.patch
     070_cursor_a11y.patch
     080_pa_rename.patch
     090_khmer.patch     
     100_dzongkha.patch
     110_a11y.patch
     130_colors.patch
     140_screensize.patch
     150_thai.patch
     160_esperanto.patch
     170_nepali.patch
     180_cursor.patch
     190_focus.patch
     200_cbtpos.patch
     222_fix_gauge_crash.patch 
     330_tamil.patch
     340_sl_fix.patch
     500_cope_with_backward_system_time_jumps.patch 
  * Build-Conflicts: autoconf2.13 no longer necessary.
  * Move DH_COMPAT=5 to file debian/COMPAT.
  * Move to Standards-Version: 3.8.1: replace dependencies 
    on Source-Version to binary:Version.
  * newt-tcl now built with tcl8.5-dev and works with tcl8.{3,4,5}.
  * Add libnewt.pc file to libnewt-dev.

 -- Alastair McKinstry <mckinstry op debian.org>  Mon, 20 Apr 2009 22:57:48 +0100

ntp (1:4.2.6.p2+dfsg-1+b1) unstable; urgency=low

  * Binary-only non-maintainer upload for i386; no source changes.
  * Rebuilt against new libedit2

 -- i386 Build Daemon <buildd_i386-biber op buildd.debian.org>  Sun, 17 Oct 2010 13:44:15 +0000

ntp (1:4.2.6.p2+dfsg-1) unstable; urgency=low

  [ Peter Eisentraut ]
  * Update command options section in ntp.conf(5) man page, drop "dynamic"
    option (closes: #553976, #439734)
  * Document ntpd -I option and ntp.conf interface command (closes: #506389)
  * Fix type in ntpdate man page (closes: #566621)
  * Added explanation of options to ntptrace man page (closes: #558289)
  * Removed no longer needed build conflict against libreadline-dev

  [ Kurt Roeckx ]
  * New upstream version.
    - Fixes problem with ipv6 multicast (Closes: #584927)
  * Move dhcp exit hooks from /etc/dhcp3/dhclient-enter-hooks.d to
    /etc/dhcp/dhclient-enter-hooks.d.  Add dpkg-maintscript-helper
    to maintainer scripts to move them, and add a Breaks on
    dhcp3-client (<< 4.1.0-1) (Closes: #585054, #585055)
  * Remove ntp's Replaces on logcheck-database, we don't ship log
    logcheck entries anymore for ntp.

 -- Kurt Roeckx <kurt op roeckx.be>  Tue, 13 Jul 2010 20:33:47 +0200

ntp (1:4.2.6.p1+dfsg-1) unstable; urgency=low

  * New upstream version
    - They no longer ship arlib, adjust dfsg.patch.
    - Drop kfreebsd.patch, applied upstream
    - Update patches for upstream changes.
  * Remove the obsolete config files:

    for ntp:
    - /etc/logcheck/ignore.d.server/ntp, removed in 1:4.2.6+dfsg-1
    - /etc/dhcp3/dhclient-enter-hooks.d/ntp, replaced by exit hooks in
      1:4.2.4p4+dfsg-3
    - /etc/network/if-up.d/ntp, removed in 1:4.2.4p0+dfsg-1

    for ntpdate:
    - /etc/dhcp3/dhclient-enter-hooks.d/ntpdate, replaced by exit hooks in
      1:4.2.4p4+dfsg-3

    Use dpkg 1.15.7.2's dpkg-maintscript-helper.  This needs
    a Pre-Depends to work, else it's never going to be removed.
    (Closes: #569530)
  * Add "Depends: ${misc:Depends}" to ntp-doc.

 -- Kurt Roeckx <kurt op roeckx.be>  Mon, 24 May 2010 11:09:51 +0200

ntp (1:4.2.6+dfsg-1) unstable; urgency=low

  * New upstream version
    - They no longer use the built in md5 with unclear license: adjust
      dfsg.sh and dfsg.patch.
    - Location of the html pages has changed location: adjust dfsg.sh
    - Remove ntptimeval.patch and ntptrace-getopt.patch, applied upstream.
    - Change libedit.patch and call configure with
      --with-lineeditlibs=edit instead.
    - Update nanokernel-status.patch to also do it for the new
      direct_freq() function.
    - includes.diff: Stop including ntp_refclock.h, since it breaks things.
    - Upstream no longer provides an ntpdsim.1 manpage, so don't try to
      to remove it.
  * Use the system libopts instead of the internal copy: add build-dependency
    on autogen, call configure with --disable-local-libopts.  There is also
    no need anymore to remove the usr/lib dir.
  * Remove ntp_gettime.patch, it wasn't used, and we have libc calls that
    wrap adjtimex now anyway.
  * Remove the doc.patch, it's either just wrong or more confusing than the
    original text.
  * Merge the ntpd-char-fix.patch into ntpd-ni-maxhost.patch
  * Fix kfreebsd.patch's comment to be about the right patch.
  * Add comment to dfsg.patch
  * Update autotools.patch's comment on how to recreate it.
  * Split ntpd-linux-caps.patch in ntpd-linux-caps-runtime.patch and
    ntpd-linux-caps-inheritable.patch and add comments
  * Don't run init script to stop ntpd, just let sendsigs/killprocs deal
    with it.  (Closes: #540694)
  * Compile with --enable-ntp-signd to enable mssntp for use with samba
    (Closes: #562065)
  * Remove ntp.logcheck.ignore.server, none of those messages are
    send to syslog now.  (Closes: #498992)

 -- Kurt Roeckx <kurt op roeckx.be>  Sat, 26 Dec 2009 14:12:22 +0100

ntp (1:4.2.4p8+dfsg-1) unstable; urgency=high

  * New upstream release.
    - Fixes DoS with mode 7 packets (CVE-2009-3563) (Closes: #560074)

 -- Kurt Roeckx <kurt op roeckx.be>  Tue, 08 Dec 2009 21:41:51 +0100

ntp (1:4.2.4p7+dfsg-4) unstable; urgency=low

  * Use uname -s instead of dpkg-architecture to found the kernel we're
    running on.  dpkg-architecture is part of dpkg-dev. (Closes: #558145)
  * Make the package fail to build on hurd since it does not provided
    the needed system calls for ntpd to work.

 -- Kurt Roeckx <kurt op roeckx.be>  Thu, 26 Nov 2009 22:16:37 +0100

ntp (1:4.2.4p7+dfsg-3) unstable; urgency=low

  * Don't pass --enable-linuxcaps to configure anymore.  It now detects it
    itself when it's available, and it breaks on non-Linux systems.
  * Configure didn't know what to set certain options to on kfreebsd.
    Patch by Aurelien Jarno.  (Closes: #522696)
  * Running as user ntp does not work on kfreebsd because it doesn't support
    capabilities.  Adjust the init script to start as root.

 -- Kurt Roeckx <kurt op roeckx.be>  Wed, 25 Nov 2009 20:03:58 +0100

ntp (1:4.2.4p7+dfsg-2) unstable; urgency=low

  * Refresh libedit patch because it's fuzzy and fails to apply on
    the buildds.

 -- Kurt Roeckx <kurt op roeckx.be>  Sat, 21 Nov 2009 18:01:36 +0000

ntp (1:4.2.4p7+dfsg-1) unstable; urgency=low

  [ Peter Eisentraut ]
  * Fixed FTBFS because of missing MOD_NANO definition (closes: #552882)
  * Changed source format to 3.0 (quilt)

  [ Kurt Roeckx ]
  * New upstream version.
    - Remove patches for CVE-2009-1252.patch and CVE-2009-0159.patch,
      applied upstream
    - Regenerate patches to apply to the current version.
  * Detect that we run a kernel with nano support or not.  Otherwise
    it breaks when running on kernels older than 2.6.26.

 -- Kurt Roeckx <kurt op roeckx.be>  Sat, 21 Nov 2009 17:27:11 +0100

ntp (1:4.2.4p6+dfsg-2) unstable; urgency=medium

  * Fixed typo in ntpdate man page (closes: #526086)
  * Updated standards version
  * Moved .dhcp version of configuration files to /var/lib/ntp and 
    /var/lib/ntpdate (closes: #524035)
  * Cleaned up man pages to satisfy lintian's hyphen-used-as-minus-sign
    complaint
  * Fixed limited buffer overflow in ntpq (CVE-2009-0159) (closes: #525373)
  * Fixed stack buffer overflow in ntpd (CVE-2009-1252) (closes: #525373)
  * Use new status_of_proc function to report status in ntp init script
  * Updated the config.guess/sub handling as recommended by autotools-dev to
    not clutter the diff, added autotools-dev to build dependencies

 -- Peter Eisentraut <petere op debian.org>  Fri, 12 Jun 2009 17:24:22 +0300

ntp (1:4.2.4p6+dfsg-1) unstable; urgency=low

  * New upstream release
    - Updated ntpdate-ipv6.patch, autotools.patch
    - Obsoletes no-ipv6-fix.patch, CVE-2009-0021.patch
  * Switched build dependency from libcap-dev to libcap2-dev (closes: #474639)
  * Added -D_GNU_SOURCE to CPPFLAGS, to support glibc 2.8 (closes: #507806)
  * Recognize "adjust" in ntpdate logcheck rules (closes: #493907)
  * Removed "dynamic" key word from default ntp.conf, because this is now 
    obsolete and the default

 -- Peter Eisentraut <petere op debian.org>  Wed, 18 Feb 2009 20:24:14 +0200

openldap (2.4.23-7.3) stable; urgency=low

  * Non-maintainer upload targeted at stable
  * Dump the database in prerm if we're upgrading. Closes: #665199

 -- Wouter Verhelst <wouter op debian.org>  Sun, 16 Dec 2012 12:44:59 +0100

openldap (2.4.23-7.2) stable; urgency=low

  * Non-maintainer upload targeted at stable.
  * Fix "dpkg-reconfigure slapd". Closes: #596343

 -- Thijs Kinkhorst <thijs op debian.org>  Wed, 15 Jun 2011 13:27:46 +0200

openldap (2.4.23-7.1) stable; urgency=low

  * Non-maintainer upload targeted at stable.
  * Picked the following patches from various sources:

  [ Matthijs Möhlmann ]
  * Update patch service-operational-before-detach (Closes: #616164, #598361)

  [ Ubuntu Security Team / Jamie Strandboge ]
  * SECURITY UPDATE: fix successful anonymous bind via chain overlay when
    using forwarded authentication failures
    - debian/patches/CVE-2011-1024
    - CVE-2011-1024
  * SECURITY UPDATE: verify password when authenticating to rootdn and using ndb
    backend. Note: Debian is not compiled with --enable-ndb by default
    - debian/patches/CVE-2011-1025
    - CVE-2011-1025
  * SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests
    and requestDN is empty
    - debian/patches/CVE-2011-1081
    - CVE-2011-1081
    - LP: #742104, Closes: 617606

 -- Thijs Kinkhorst <thijs op debian.org>  Tue, 31 May 2011 11:13:02 +0200

openldap (2.4.23-7) unstable; urgency=low

  * Updated vietnamese translation, thanks Clytie Siddall
    (Closes: #601537, #598575)
  * Updated portuguese translation, thanks Traduz (Closes: #599760)
  * Updated danish translation, thanks Joe Dalton (Closes: #599835)

 -- Matthijs Mohlmann <matthijs op cacholong.nl>  Sat, 06 Nov 2010 12:13:01 +0100

openldap (2.4.23-6) unstable; urgency=high

  * Check for an empty directory to prevent an rm -f /*. (Closes: #597704)

 -- Matthijs Mohlmann <matthijs op cacholong.nl>  Thu, 23 Sep 2010 10:17:50 +0200

openldap (2.4.23-5) unstable; urgency=high

  [ Steve Langasek ]
  * High-urgency upload for RC bugfix.
  * debian/slapd.scripts-common: fix gratuitous (and wrong) use of grep in
    get_suffix(), which causes us to incorrectly parse any slapd.conf that
    uses tabs instead of spaces.  Closes: #595672.
  * debian/slapd.init, debian/slapd.scripts-common: when $SLAPD_CONF is not
    set in /etc/default/slapd, we should always set a default value, giving
    precedence to slapd.d and falling back to slapd.conf.  Users who don't
    want to use an existing slapd.d should point at slapd.conf explicitly.
    Closes: #594714, #596343.
  * debian/slapd.init: 'invoke-rc.d slapd stop' should not fail due to the
    absence of a slapd configuration; we should still exit 0 so that the
    package can be removed gracefully.  Closes: #596100.
  * drop build-conflicts with libssl-dev; we explicitly pass
    --with-tls=gnutls to configure, so there's no risk of a misbuild here.
  * debian/slapd.default: now that we have a sensible default behavior in
    both slapd.init and the maintainer scripts, leave SLAPD_CONF empty to
    save pain later.
  * debian/slapd.scripts-common: ... and do the same in
    migrate_to_slapd_d_style, we just need to comment out the user's
    previous entry instead of blowing it away.
  * debian/slapd.scripts-common: call get_suffix in a way that lets us
    separate responses by newlines, to properly handle the case when a
    DN has embedded spaces.  Introduces a few more stupid fd tricks to work
    around possible problems with debconf.  Closes: #595466.
  * debian/slapd.scripts-common: when parsing the names of includes, handle
    double-quotes and escape characters as described in slapd.conf(5).
    Closes: #595784.
  * debian/slapd.scripts-common, debian/slapd.postinst: on upgrade from
    versions <= 2.4.23-4, explicitly grant access to cn=Subschema, which
    otherwise is blocked by our added olcAccess settings.  Closes: #596326.
  * debian/slapd.init.ldif: set the acl in the default LDIF for new installs,
    too.
  * Likewise, grant access to dn.exact="" so that base dn autodiscovery
    works as intended.  Closes: #596049.
  * debian/slapd.init.ldif: synchronize our behavior on new installs with
    that on upgrades, avoiding the non-standard cn=localroot,cn=config.
  * debian/slapd.scripts-common: don't run the migration code if slapd.d
    already exists.  Closes: #593965.

  [ Matthijs Mohlmann ]
  * Remove upgrade_supported_from_backend, implemented patch from
    Peter Marschall <peter op adpm.de> to automatically detect if an upgrade is
    supported. (Closes: #594712)

  [ Peter Marschall ]
  * debian/slapd.init: correctly set the slapd.conf argument even when
    SLAPD_PIDFILE is non-empty in /etc/default/slapd.  Closes: #593880.
  * debian/slapd.scripts-common: pass -g to slapadd/slapcat, so that
    subordinate databases aren't incorrectly included in the dump/restore of
    the parent database.  Closes: #594821.

 -- Steve Langasek <vorlon op debian.org>  Mon, 13 Sep 2010 06:59:11 +0000

openldap (2.4.23-4) unstable; urgency=low

  [ Steve Langasek ]
  * Bump the database upgrade version check to 2.4.23-4; should have been
    set to 2.4.23-1 when we switched to db4.8, but was missed so we need to
    clean up.  Closes: #593550.

  [ Matthijs Mohlmann ]
  * Fix root access to cn=config on upgrades from configuration style slapd.conf
    Thanks to Mathias Gug (Closes: #593566, #593878)

 -- Matthijs Mohlmann <matthijs op cacholong.nl>  Thu, 26 Aug 2010 20:30:51 +0200

openldap (2.4.23-3) unstable; urgency=low

  * Configure the newly installed openldap package using slapd.d instead of
    slapd.conf, merged from ubuntu. (Closes: #562723, #494155, #333428)
  * Update the debconf templates by running debconf-updatepo.
  * We do not support upgrades from older releases then lenny, so removed some
    upgrade functions from slapd.scripts-common.
  * Updated japanese translation, thanks Kenshi Muto (Closes: #589508)
  * Updated czech translation, thanks Miroslav Kure (Closes: #589569)
  * Update slapd.README.Debian and slapd.NEWS and note the new configuration
    style.
  * Fixes CVE-2010-0211 and CVE-2010-0212 (Closes: #589852)
  * Update italian translation, thanks Luca Monducci (Closes: #590154)
  * Update spanish translation, thanks Francisco Javier Cuadrado
    (Closes: #590829)
  * Update basque translation, thanks Iñaki Larrañaga Murgoitio
  * Bump Standards-Version to 3.9.1
  * Added debian specific patch to wait until slapd is operational before
    detaching to the terminal (Closes: #589915)
  * Add a lintian overrides for libldap.
  * Empty dependency_libs line in .la files. (Closes: #591550)
  * Update galician translation, thanks Jorge Barreiro (Closes: #592815)

 -- Matthijs Mohlmann <matthijs op cacholong.nl>  Tue, 17 Aug 2010 22:00:16 +0200

openldap (2.4.23-2) unstable; urgency=medium

  * Depend on libdb4.8 >= 4.8.30 (Closes: #588969)
  * Urgency previous as previous version fixes a RC bug.

 -- Matthijs Mohlmann <matthijs op cacholong.nl>  Wed, 14 Jul 2010 10:17:27 +0200

openldap (2.4.23-1) unstable; urgency=low

  * New upstream version
  * Change to build dependency libdb4.8-dev instead of libdb4.7-dev
  * Updated french translation thanks Christian Perrier (Closes: #579192)
  * Updated swedish translation thanks Martin Bagge (Closes: #580145)
  * Updated german translation thanks Helge Kreutzmann (Closes: #579582)
  * Updated russian translation thanks Yuri Kozlov (Closes: #585688)
  * Fix bashisms in debian/rules (Closes: #581454)
  * Add documentation patch (Closes: #513270)
  * Refreshed all quilt patches.
  * Bump Standards-Version to 3.9.0

 -- Matthijs Mohlmann <matthijs op cacholong.nl>  Mon, 12 Jul 2010 13:25:00 +0200

openldap (2.4.21-1) unstable; urgency=low

  [ Steve Langasek ]
  * New upstream version
    (Closes: #561144, #465024, #502769, #528695, #564686, #504728)
  * Add upstream manpage for ldapexop; thanks to Peter Marschall
    <peter op adpm.de>.  Closes: #549291.

  [ Matthijs Mohlmann ]
  * Ack NMU (Closes: #553432)
  * Update Standards-Version to 3.8.4
  * Fix NEWS entry to have the correct version number
  * Improve the wording for the slapd/invalid_config question (Closes: #452834)
  * Make lintian a bit more happy (Closes: #518660)
  * Fix bashism (Closes: #518657)
  * Refresh all patches
  * Add patch from upstream (Closes: #549642)
  * Reworked the configure.options a bit to include some more options
  * Enable dynamic acls
  * Use slappasswd to create a secure password (Closes: #490930)
  * Set a rootdn and rootpw if no password is given by debconf (Closes: #231950)
  * Better document the TLSCipherSuite in slapd.conf manpage (Closes: #563113)
  * Better document the TLS_CIPHER_SUITE in ldap.conf manpage (Closes: #510346)
  * Add smbk5pwd slapd module, used patch from Mark Hymers (Closes: #443073)
  * Add autogroup slapd module, used patch from Mathieu Parent (Closes: #575900)
  * Add lsb logging, used patch from David Härdeman (Closes: #385898)
  * Use dh_lintian to install the lintian-overrides
  * Added critical error report when slapcat fails (Closes: #226090)

 -- Matthijs Mohlmann <matthijs op cacholong.nl>  Thu, 22 Apr 2010 23:40:30 +0200

openldap (2.4.17-2.1) unstable; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fixed CVE-2009-3767: libraries/libldap/tls_o.c doesn't properly handle NULL
    character in subject Common Name (Closes: #553432)

 -- Giuseppe Iuculano <iuculano op debian.org>  Tue, 10 Nov 2009 19:09:45 +0100

openldap (2.4.17-2) unstable; urgency=low

  * Fix up the lintian warnings:
    - add missing misc-depends on all packages
    - slapd, libldap-2.4-2-dbg sections changed to 'debug' to match archive
      overrides
    - bump Standards-Version to 3.8.2, no changes required.
  * slapd.scripts-common: fix upgrade to correctly handle multiple database
    declarations; thanks, Peter Marschall <peter op adpm.de>!  Closes: #517556
  * Add 'status' argument to init script; thanks to Peter Eisentraut
    <petere op debian.org>.  Closes: #545898.
  * New patch, do-not-second-guess-sonames, to remove an incorrect check for
    the Cyrus SASL version number at runtime.  If there's any reason this is
    needed, it needs to be addressed in the cyrus-sasl soname and Debian
    shlibs, not here.  Closes: #546885.

 -- Steve Langasek <vorlon op debian.org>  Tue, 22 Sep 2009 20:06:34 -0700

openldap (2.4.17-1) unstable; urgency=low

  * New upstream version.
    - Fixes FTBFS on ia64 with -fPIE. Closes: #524770.
    - Fixes some TLS issues with GnuTLS.  Closes: #505191.
  * Update priority of libldap-2.4-2 to match the archive override.
  * Add the missing ldapexop and ldapurl tools to ldap-utils, as well as the
    ldapurl(1) manpage.  Thanks to Peter Marschall for the patch.
    Closes: #496749.
  * Bump build-dependency on debhelper to 6 instead of 5, since that's
    what we're using.  Closes: #498116.
  * Set the default SLAPD_SERVICES to ldap:/// ldapi:///, instead of using
    the built-in default of ldap:/// only.
  * Build-depend on libltdl-dev | libltdl3-dev (>= 1.4.3), for the package
    name change.  Closes: #522965.

  [ Updated debconf translations ]
  * Spanish, thanks to Francisco Javier Cuadrado <fcocuadrado op gmail.com>.
    Closes: #521804.

 -- Steve Langasek <vorlon op debian.org>  Tue, 28 Jul 2009 10:17:15 -0700

openldap (2.4.15-1) unstable; urgency=low

  * New upstream version
    - Fixes a bug with the pcache overlay not returning cached entries
      (closes: #497697)
    - Update evolution-ntlm patch to apply to current Makefiles.
    - (tentatively) drop gnutls-ciphers, since this bug was reported to be
      fixed upstream in 2.4.8.  The fix applied in 2.4.8 didn't match the
      patch from the bug report, so this should be watched for regressions.
  * Build against db4.7 instead of db4.2 at last!  Closes: #421946.
  * Build with --disable-ndb, to avoid a misbuild when libmysqlclient is
    installed in the build environment.
  * Add -D_GNU_SOURCE to CFLAGS, apparently required for building with
    current headers in unstable

 -- Steve Langasek <vorlon op debian.org>  Tue, 24 Feb 2009 14:27:35 -0800

openssh (1:5.5p1-6+squeeze3) stable; urgency=low

  * CVE-2010-5107: Improve DoS resistance by changing default of MaxStartups
    to 10:30:100 (closes: #700102).

 -- Colin Watson <cjwatson op debian.org>  Fri, 08 Feb 2013 21:39:15 +0000

openssh (1:5.5p1-6+squeeze2) stable; urgency=high

  * CVE-2012-0814: Don't send the actual forced command in a debug message,
    which allowed remote authenticated users to obtain potentially sensitive
    information by reading these messages (closes: #657445).

 -- Colin Watson <cjwatson op debian.org>  Mon, 20 Feb 2012 02:23:55 +0000

openssh (1:5.5p1-6+squeeze1) stable; urgency=low

  * Quieten logs when multiple from= restrictions are used in different
    authorized_keys lines for the same key; it's still not ideal, but at
    least you'll only get one log entry per key (closes: #630606).

 -- Colin Watson <cjwatson op debian.org>  Thu, 28 Jul 2011 16:43:48 +0000

openssh (1:5.5p1-6) unstable; urgency=low

  * Touch /var/run/sshd/.placeholder in the preinst so that /var/run/sshd,
    which is intentionally no longer shipped in the openssh-server package
    due to /var/run often being a temporary directory, is not removed on
    upgrade (closes: #575582).

 -- Colin Watson <cjwatson op debian.org>  Sun, 26 Dec 2010 18:09:29 +0000

openssh (1:5.5p1-5) unstable; urgency=low

  * Use an architecture wildcard for libselinux1-dev (closes: #591740).
  * debconf template translations:
    - Update Danish (thanks, Joe Hansen; closes: #592800).

 -- Colin Watson <cjwatson op debian.org>  Mon, 23 Aug 2010 22:59:03 +0100

openssh (1:5.5p1-4) unstable; urgency=low

  [ Sebastian Andrzej Siewior ]
  * Add powerpcspe to architecture list for libselinux1-dev build-dependency
    (closes: #579843).

  [ Colin Watson ]
  * Allow ~/.ssh/authorized_keys and other secure files to be
    group-writable, provided that the group in question contains only the
    file's owner; this extends a patch previously applied to ~/.ssh/config
    (closes: #581919).
  * Check primary group memberships as well as supplementary group
    memberships, and only allow group-writability by groups with exactly one
    member, as zero-member groups are typically used by setgid binaries
    rather than being user-private groups (closes: #581697).

 -- Colin Watson <cjwatson op debian.org>  Sat, 22 May 2010 23:37:20 +0100

openssh (1:5.5p1-3) unstable; urgency=low

  * Discard error messages while checking whether rsh, rlogin, and rcp
    alternatives exist (closes: #579285).
  * Drop IDEA key check; I don't think it works properly any more due to
    textual changes in error output, it's only relevant for direct upgrades
    from truly ancient versions, and it breaks upgrades if
    /etc/ssh/ssh_host_key can't be loaded (closes: #579570).

 -- Colin Watson <cjwatson op debian.org>  Wed, 28 Apr 2010 22:12:47 +0100

openssh (1:5.5p1-2) unstable; urgency=low

  * Use dh_installinit -n, since our maintainer scripts already handle this
    more carefully (thanks, Julien Cristau).

 -- Colin Watson <cjwatson op debian.org>  Sat, 17 Apr 2010 12:55:56 +0100

openssh (1:5.5p1-1) unstable; urgency=low

  * New upstream release:
    - Unbreak sshd_config's AuthorizedKeysFile option for $HOME-relative
      paths.
    - Include a language tag when sending a protocol 2 disconnection
      message.
    - Make logging of certificates used for user authentication more clear
      and consistent between CAs specified using TrustedUserCAKeys and
      authorized_keys.

 -- Colin Watson <cjwatson op debian.org>  Fri, 16 Apr 2010 10:27:30 +0100

openssh (1:5.4p1-2) unstable; urgency=low

  * Borrow patch from Fedora to add DNSSEC support: if glibc 2.11 is
    installed, the host key is published in an SSHFP RR secured with DNSSEC,
    and VerifyHostKeyDNS=yes, then ssh will no longer prompt for host key
    verification (closes: #572049).
  * Convert to dh(1), and use dh_installdocs --link-doc.
  * Drop lpia support, since Ubuntu no longer supports this architecture.
  * Use dh_install more effectively.
  * Add a NEWS.Debian entry about changes in smartcard support relative to
    previous unofficial builds (closes: #231472).

 -- Colin Watson <cjwatson op debian.org>  Sat, 10 Apr 2010 01:08:59 +0100

openssh (1:5.4p1-1) unstable; urgency=low

  * New upstream release (LP: #535029).
    - After a transition period of about 10 years, this release disables SSH
      protocol 1 by default.  Clients and servers that need to use the
      legacy protocol must explicitly enable it in ssh_config / sshd_config
      or on the command-line.
    - Remove the libsectok/OpenSC-based smartcard code and add support for
      PKCS#11 tokens.  This support is enabled by default in the Debian
      packaging, since it now doesn't involve additional library
      dependencies (closes: #231472, LP: #16918).
    - Add support for certificate authentication of users and hosts using a
      new, minimal OpenSSH certificate format (closes: #482806).
    - Added a 'netcat mode' to ssh(1): "ssh -W host:port ...".
    - Add the ability to revoke keys in sshd(8) and ssh(1).  (For the Debian
      package, this overlaps with the key blacklisting facility added in
      openssh 1:4.7p1-9, but with different file formats and slightly
      different scopes; for the moment, I've roughly merged the two.)
    - Various multiplexing improvements, including support for requesting
      port-forwardings via the multiplex protocol (closes: #360151).
    - Allow setting an explicit umask on the sftp-server(8) commandline to
      override whatever default the user has (closes: #496843).
    - Many sftp client improvements, including tab-completion, more options,
      and recursive transfer support for get/put (LP: #33378).  The old
      mget/mput commands never worked properly and have been removed
      (closes: #270399, #428082).
    - Do not prompt for a passphrase if we fail to open a keyfile, and log
      the reason why the open failed to debug (closes: #431538).
    - Prevent sftp from crashing when given a "-" without a command.  Also,
      allow whitespace to follow a "-" (closes: #531561).

  * Fix 'debian/rules quilt-setup' to avoid writing .orig files if some
    patches apply with offsets.
  * Include debian/ssh-askpass-gnome.png in the Debian tarball now that
    we're using a source format that permits this, rather than messing
    around with uudecode.
  * Drop compatibility with the old gssapi mechanism used in ssh-krb5 <<
    3.8.1p1-1.  Simon Wilkinson refused this patch since the old gssapi
    mechanism was removed due to a serious security hole, and since these
    versions of ssh-krb5 are no longer security-supported by Debian I don't
    think there's any point keeping client compatibility for them.
  * Fix substitution of ETC_PAM_D_SSH, following the rename in 1:4.7p1-4.
  * Hardcode the location of xauth to /usr/bin/xauth rather than
    /usr/bin/X11/xauth (thanks, Aron Griffis; closes: #575725, LP: #8440).
    xauth no longer depends on x11-common, so we're no longer guaranteed to
    have the /usr/bin/X11 symlink available.  I was taking advantage of the
    /usr/bin/X11 symlink to smooth X's move to /usr/bin, but this is far
    enough in the past now that it's probably safe to just use /usr/bin.
  * Remove SSHD_OOM_ADJUST configuration.  sshd now unconditionally makes
    itself non-OOM-killable, and doesn't require configuration to avoid log
    spam in virtualisation containers (closes: #555625).
  * Drop Debian-specific removal of OpenSSL version check.  Upstream ignores
    the two patchlevel nybbles now, which is sufficient to address the
    original reason this change was introduced, and it appears that any
    change in the major/minor/fix nybbles would involve a new libssl package
    name.  (We'd still lose if the status nybble were ever changed, but that
    would mean somebody had packaged a development/beta version rather than
    a proper release, which doesn't appear to be normal practice.)
  * Drop most of our "LogLevel SILENT" (-qq) patch.  This was originally
    introduced to match the behaviour of non-free SSH, in which -q does not
    suppress fatal errors, but matching the behaviour of OpenSSH upstream is
    much more important nowadays.  We no longer document that -q does not
    suppress fatal errors (closes: #280609).  Migrate "LogLevel SILENT" to
    "LogLevel QUIET" in sshd_config on upgrade.
  * Policy version 3.8.4:
    - Add a Homepage field.

 -- Colin Watson <cjwatson op debian.org>  Tue, 06 Apr 2010 22:38:31 +0100

openssh (1:5.3p1-3) unstable; urgency=low

  * Convert to source format 3.0 (quilt).
  * Update README.source to match, and add a 'quilt-setup' target to
    debian/rules for the benefit of those checking out the package from
    revision control.
  * All patches are now maintained separately and tagged according to DEP-3.
  * Add GSSAPIStoreCredentialsOnRekey to 'sshd -T' configuration dump.
  * Remove documentation of building for Debian 3.0 in README.Debian.
    Support for this was removed in 1:4.7p1-2.
  * Remove obsolete header from README.Debian dating from when people
    expected non-free SSH.
  * Update copyright years for GSSAPI patch.

 -- Colin Watson <cjwatson op debian.org>  Sun, 28 Feb 2010 01:35:53 +0000

openssh (1:5.3p1-2) unstable; urgency=low

  * Link with -Wl,--as-needed (closes: #560155).
  * Install upstream sshd_config as an example (closes: #415008).
  * Use dh_lintian.
  * Honour DEB_BUILD_OPTIONS=nocheck.

 -- Colin Watson <cjwatson op debian.org>  Mon, 22 Feb 2010 12:43:24 +0000

openssh (1:5.3p1-1) unstable; urgency=low

  * New upstream release.
  * Update to GSSAPI patch from
    http://www.sxw.org.uk/computing/patches/openssh-5.3p1-gsskex-all-20100124.patch.
  * Backport from upstream:
    - Do not fall back to adding keys without constraints (ssh-add -c / -t
      ...) when the agent refuses the constrained add request. This was a
      useful migration measure back in 2002 when constraints were new, but
      just adds risk now (LP: #209447).
  * Drop change from 1:3.8p1-3 to avoid setresuid() and setresgid() system
    calls.  This only applied to Linux 2.2, which it's no longer feasible to
    run anyway (see 1:5.2p1-2 changelog).

 -- Colin Watson <cjwatson op debian.org>  Tue, 26 Jan 2010 11:55:29 +0000

openssh (1:5.2p1-2) unstable; urgency=low

  [ Colin Watson ]
  * Backport from upstream:
    - After sshd receives a SIGHUP, ignore subsequent HUPs while sshd
      re-execs itself.  Prevents two HUPs in quick succession from resulting
      in sshd dying (LP: #497781).
    - Output a debug if we can't open an existing keyfile (LP: #505301).
  * Use host compiler for ssh-askpass-gnome when cross-compiling.
  * Don't run tests when cross-compiling.
  * Drop change from 1:3.6.1p2-5 to disable cmsg_type check for file
    descriptor passing when running on Linux 2.0.  The previous stable
    release of Debian dropped support for Linux 2.4, let alone 2.0, so this
    very likely has no remaining users depending on it.

  [ Kees Cook ]
  * Implement DebianBanner server configuration flag that can be set to "no"
    to allow sshd to run without the Debian-specific extra version in the
    initial protocol handshake (closes: #562048).

 -- Colin Watson <cjwatson op debian.org>  Sat, 16 Jan 2010 01:28:58 +0000

openssh (1:5.2p1-1) unstable; urgency=low

  * New upstream release (closes: #536182). Yes, I know 5.3p1 has been out
    for a while, but there's no GSSAPI patch available for it yet.
    - Change the default cipher order to prefer the AES CTR modes and the
      revised "arcfour256" mode to CBC mode ciphers that are susceptible to
      CPNI-957037 "Plaintext Recovery Attack Against SSH".
    - Add countermeasures to mitigate CPNI-957037-style attacks against the
      SSH protocol's use of CBC-mode ciphers. Upon detection of an invalid
      packet length or Message Authentication Code, ssh/sshd will continue
      reading up to the maximum supported packet length rather than
      immediately terminating the connection. This eliminates most of the
      known differences in behaviour that leaked information about the
      plaintext of injected data which formed the basis of this attack
      (closes: #506115, LP: #379329).
    - ForceCommand directive now accepts commandline arguments for the
      internal-sftp server (closes: #524423, LP: #362511).
    - Add AllowAgentForwarding to available Match keywords list (closes:
      #540623).
    - Make ssh(1) send the correct channel number for
      SSH2_MSG_CHANNEL_SUCCESS and SSH2_MSG_CHANNEL_FAILURE messages to
      avoid triggering 'Non-public channel' error messages on sshd(8) in
      openssh-5.1.
    - Avoid printing 'Non-public channel' warnings in sshd(8), since the
      ssh(1) has sent incorrect channel numbers since ~2004 (this reverts a
      behaviour introduced in openssh-5.1; closes: #496017).
    - Disable nonfunctional ssh(1) ~C escape handler in multiplex slave
      connections (closes: #507541).
    - Fix "whitepsace" typo in ssh_config(5) (closes: #514313, LP: #303835).
  * Update to GSSAPI patch from
    http://www.sxw.org.uk/computing/patches/openssh-5.2p1-gsskex-all-20090726.patch,
    including cascading credentials support (LP: #416958).
  * Use x11.pc when compiling/linking gnome-ssh-askpass2 (closes: #555951).
  * Moved to bzr.debian.org; add Vcs-Bzr and Vcs-Browser control fields.
  * Add debian/README.source with instructions on bzr handling.
  * Make ChrootDirectory work with SELinux (thanks, Russell Coker; closes:
    #556644).
  * Initialise sc to NULL in ssh_selinux_getctxbyname (thanks, Václav Ovsík;
    closes: #498684).
  * Don't duplicate backslashes when displaying server banner (thanks,
    Michał Górny; closes: #505378, LP: #425346).
  * Use hardening-includes for hardening logic (thanks, Kees Cook; closes:
    #561887).
  * Update OpenSSH FAQ to revision 1.110.
  * Remove ssh/new_config, only needed for direct upgrades from potato which
    are no longer particularly feasible anyway (closes: #420682).
  * Cope with insserv reordering of init script links.
  * Remove init script stop link in rc1, as killprocs handles it already.
  * Adjust short descriptions to avoid relying on previous experience with
    rsh, based on suggestions from Reuben Thomas (closes: #512198).
  * Remove manual page references to login.conf, which aren't applicable on
    non-BSD systems (closes: #154434).
  * Remove/adjust manual page references to BSD-specific /etc/rc (closes:
    #513417).
  * Refer to sshd_config(5) rather than sshd(8) in postinst-written
    /etc/ssh/sshd_config, and add UsePAM commentary from upstream-shipped
    configuration file (closes: #415008, although unfortunately this will
    only be conveniently visible on new installations).
  * Include URL to OpenBSD's ssl(8) in ssh(1), since I don't see a better
    source for the same information among Debian's manual pages (closes:
    #530692, LP: #456660).

 -- Colin Watson <cjwatson op debian.org>  Mon, 04 Jan 2010 13:23:35 +0000

openssh (1:5.1p1-8) unstable; urgency=low

  * Build with just -fPIC on mips/mipsel, not -fPIE as well (thanks, LIU Qi;
    closes: #538313).
  * Build-depend on libselinux1-dev on sh4 too (thanks, Nobuhiro Iwamatsu;
    closes: #547103).
  * Fix grammar in if-up script (closes: #549128).
  * Pass $SSHD_OPTS when checking configuration too (thanks, "sobtwmxt";
    closes: #548662).

 -- Colin Watson <cjwatson op debian.org>  Mon, 05 Oct 2009 13:30:49 +0100

openssh (1:5.1p1-7) unstable; urgency=low

  * Update config.guess and config.sub from autotools-dev 20090611.1
    (closes: #538301).
  * Set umask to 022 in the init script as well as postinsts (closes:
    #539030).
  * Add ${misc:Depends} to keep Lintian happy.
  * Use 'which' rather than 'type' in maintainer scripts.
  * Upgrade to debhelper v7.

 -- Colin Watson <cjwatson op debian.org>  Fri, 31 Jul 2009 16:28:10 +0100

openssh (1:5.1p1-6) unstable; urgency=low

  * Open /proc/self/oom_adj with O_RDONLY or O_WRONLY as necessary, rather
    than O_RDWR.
  * Disable OOM adjustment for vserver/OpenVZ (thanks, Karl Chen; closes:
    #511771).
  * Add ufw integration (thanks, Didier Roche; see
    https://wiki.ubuntu.com/UbuntuFirewall#Integrating%20UFW%20with%20Packages;
    LP: #261884).
  * Add a comment above PermitRootLogin in sshd_config pointing to
    README.Debian.
  * Check if delgroup is present in openssh-client.postrm (closes: #530501).
  * Build with -fPIC on mips/mipsel (thanks, Luk Claes; closes: #531942).
  * Remove /var/run/sshd from openssh-server package; it will be created at
    run-time before starting the server.
  * Use invoke-rc.d in openssh-server's if-up script.

 -- Colin Watson <cjwatson op debian.org>  Fri, 05 Jun 2009 11:56:03 +0100

openssl (0.9.8o-4squeeze14) squeeze-security; urgency=low

  * Fix CVE-2013-0166 and CVE-2013-0169

 -- Kurt Roeckx <kurt op roeckx.be>  Mon, 11 Feb 2013 20:41:07 +0100

openssl (0.9.8o-4squeeze13) squeeze-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fix CVE-2012-2333: DoS via explicit IV in DTLS

 -- Raphael Geissert <geissert op debian.org>  Wed, 16 May 2012 16:39:28 -0500

openssl (0.9.8o-4squeeze12) squeeze-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fix CVE-2012-2131: incomplete fix of CVE-2012-2110

 -- Raphael Geissert <geissert op debian.org>  Tue, 24 Apr 2012 16:41:03 -0500

openssl (0.9.8o-4squeeze11) squeeze-security; urgency=low

  * Really apply CVE-2012-2110

 -- Kurt Roeckx <kurt op roeckx.be>  Thu, 19 Apr 2012 21:12:34 +0200

openssl (0.9.8o-4squeeze10) squeeze-security; urgency=low

  * Fix CVE-2012-2110
  * update CVE-2012-0884 patch to include detecting symmetric crypto errors
    in PKCS7_decrypt

 -- Kurt Roeckx <kurt op roeckx.be>  Thu, 19 Apr 2012 20:30:38 +0200

openssl (0.9.8o-4squeeze9) squeeze-security; urgency=low

  * Fix CVE-2012-1165

 -- Kurt Roeckx <kurt op roeckx.be>  Sat, 17 Mar 2012 15:56:07 +0100

openssl (0.9.8o-4squeeze8) squeeze-security; urgency=low

  * Fix CVE-2012-0884
  * Updated patch for CVE-2011-4619

 -- Kurt Roeckx <kurt op roeckx.be>  Tue, 13 Mar 2012 21:47:38 +0100

openssl (0.9.8o-4squeeze7) squeeze-security; urgency=low

  * Re-upload with new version number.

 -- Kurt Roeckx <kurt op roeckx.be>  Sun, 22 Jan 2012 10:45:12 +0000

openssl (0.9.8o-4squeeze6) squeeze-security; urgency=low

  * Fix CVE-2012-0050

 -- Kurt Roeckx <kurt op roeckx.be>  Wed, 18 Jan 2012 20:59:12 +0100

openssl (0.9.8o-4squeeze5) squeeze-security; urgency=low

  * Fix CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4619
    and CVE-2011-4577
  * Send alert instead of assertion failure for incorrectly formatted DTLS
    fragments.  (Closes: #645805)

 -- Kurt Roeckx <kurt op roeckx.be>  Sat, 14 Jan 2012 22:23:53 +0100

openssl (0.9.8o-4squeeze4) squeeze-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Block Malaysian's Digicert Sdn. Bhd. certificates by marking them
    as revoked.

 -- Raphael Geissert <geissert op debian.org>  Sun, 06 Nov 2011 11:24:18 -0600

openssl (0.9.8o-4squeeze3) squeeze; urgency=low

  * Non-maintainer upload by the Security Team.
  * Fix CVE-2011-3210: SSL memory handling for (EC)DH ciphersuites

 -- Raphael Geissert <geissert op debian.org>  Sat, 24 Sep 2011 18:57:14 -0500

openssl (0.9.8o-4squeeze2) squeeze-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Block DigiNotar certificates
  * Fix CVE-2011-1945: timing attacks against ECDHE_ECDSA makes
    it easier to determine private keys.

 -- Raphael Geissert <geissert op debian.org>  Mon, 12 Sep 2011 19:49:18 -0500

openssl (0.9.8o-4squeeze1) stable-security; urgency=low

  * Fix OCSP stapling parse error (CVE-2011-0014)

 -- Kurt Roeckx <kurt op roeckx.be>  Thu, 10 Feb 2011 19:06:09 +0100

openssl (0.9.8o-4) unstable; urgency=low

  * Fix CVE-2010-4180 (Closes: #529221)

 -- Kurt Roeckx <kurt op roeckx.be>  Mon, 06 Dec 2010 20:33:21 +0100

openssl (0.9.8o-3) unstable; urgency=high

  * Fix TLS extension parsing race condition (CVE-2010-3864) (Closes: #603709)
  * Re-add the engines.  They were missing since 0.9.8m-1.
    Patch by Joerg Schneider. (Closes: #603693)
  * Not all architectures were build using -g (Closes: #570702)
  * Add powerpcspe support (Closes: #579805)
  * Add armhf support (Closes: #596881)
  * Update translations:
    - Brazilian Portuguese (Closes: #592154)
    - Danish (Closes: #599459)
    - Vietnamese (Closes: #601536)
    - Arabic (Closes: #596166)
  * Generate the proper stamp file so that everything doesn't get build twice.

 -- Kurt Roeckx <kurt op roeckx.be>  Tue, 16 Nov 2010 19:20:55 +0100

openssl (0.9.8o-2) unstable; urgency=high

  * Fix CVE-2010-2939: Double free using ECDH. (Closes: #594415)

 -- Kurt Roeckx <kurt op roeckx.be>  Thu, 26 Aug 2010 18:25:29 +0200

openssl (0.9.8o-1) unstable; urgency=low

  * New upstream version
    - Add SHA2 algorithms to SSL_library_init().
    - aes-x86_64.pl is now PIC, update pic.patch.
  * Add sparc64 support (Closes: #560240)

 -- Kurt Roeckx <kurt op roeckx.be>  Sun, 18 Apr 2010 01:42:44 +0200

openssl (0.9.8n-1) unstable; urgency=high

  * New upstream version.
    - Fixes CVE-2010-0740.
    - Drop cfb.patch, applied upstream.

 -- Kurt Roeckx <kurt op roeckx.be>  Thu, 25 Mar 2010 20:30:52 +0100

openssl (0.9.8m-2) unstable; urgency=low

  * Revert CFB block length change preventing reading older files.
    (Closes: #571810, #571940)

 -- Kurt Roeckx <kurt op roeckx.be>  Sun, 28 Feb 2010 22:08:49 +0100

openssl (0.9.8m-1) unstable; urgency=low

  * New upstream version
    - Implements RFC5746, reenables renegotiation but requires the extension.
    - Fixes CVE-2009-3245
    - Drop patches CVE-2009-4355.patch, CVE-2009-1378.patch,
      CVE-2009-1377.patch, CVE-2009-1379.patch, CVE-2009-3555.patch,
      CVE-2009-2409.patch, CVE-2009-1387.patch, tls_ext_v3.patch,
      no_check_self_signed.patch: applied upstream
    - pk7_mime_free.patch removed, code rewritten
    - ca.diff partially applied upstream
    - engines-path.patch adjusted, upstream made some minor changes to the
      build system.
    - some flags changed values, bump shlibs.
  * Switch to 3.0 (quilt) source package.
  * Make sure the package is properly cleaned.
  * Add ${misc:Depends} to the Depends on all packages.
  * Fix spelling of extension in the changelog file.

 -- Kurt Roeckx <kurt op roeckx.be>  Sat, 27 Feb 2010 12:24:03 +0000

openssl (0.9.8k-8) unstable; urgency=high

  * Clean up zlib state so that it will be reinitialized on next use and
    not cause a memory leak.  (CVE-2009-4355, CVE-2008-1678)

 -- Kurt Roeckx <kurt op roeckx.be>  Wed, 13 Jan 2010 21:26:49 +0100

openssl (0.9.8k-7) unstable; urgency=low

  * Bump the shlibs to require 0.9.8k-1.  The following symbols
    to added between g and k: AES_wrap_key, AES_unwrap_key,
    ASN1_TYPE_set1, ASN1_STRING_set0, asn1_output_data_fn,
    SMIME_read_ASN1, BN_X931_generate_Xpq, BN_X931_derive_prime_ex,
    BN_X931_generate_prime_ex, COMP_zlib_cleanup, CRYPTO_malloc_debug_init,
    int_CRYPTO_set_do_dynlock_callback, CRYPTO_set_mem_info_functions,
    CRYPTO_strdup, CRYPTO_dbg_push_info, CRYPTO_dbg_pop_info,
    CRYPTO_dbg_remove_all_info, OPENSSL_isservice, OPENSSL_init,
    ENGINE_set_load_ssl_client_cert_function,
    ENGINE_get_ssl_client_cert_function, ENGINE_load_ssl_client_cert,
    EVP_CIPHER_CTX_set_flags, EVP_CIPHER_CTX_clear_flags,
    EVP_CIPHER_CTX_test_flags, HMAC_CTX_set_flags, OCSP_sendreq_new
    OCSP_sendreq_nbio, OCSP_REQ_CTX_free, RSA_X931_derive_ex,
    RSA_X931_generate_key_ex, X509_ALGOR_set0, X509_ALGOR_get0,
    X509at_get0_data_by_OBJ, X509_get1_ocsp

 -- Kurt Roeckx <kurt op roeckx.be>  Sat, 28 Nov 2009 14:34:26 +0100

openssl (0.9.8k-6) unstable; urgency=low

  * Disable SSL/TLS renegotiation (CVE-2009-3555) (Closes: #555829)

 -- Kurt Roeckx <kurt op roeckx.be>  Thu, 12 Nov 2009 18:10:31 +0000

openssl (0.9.8k-5) unstable; urgency=low

  * Don't check self signed certificate signatures in X509_verify_cert()
    (Closes: #541735)

 -- Kurt Roeckx <kurt op roeckx.be>  Fri, 11 Sep 2009 15:42:32 +0200

openssl (0.9.8k-4) unstable; urgency=low

  * Split all the patches into a separate files
  * Stop undefinging HZ, the issue on alpha should be fixed.
  * Remove MD2 from digest algorithm table.  (CVE-2009-2409) (Closes: #539899)

 -- Kurt Roeckx <kurt op roeckx.be>  Tue, 11 Aug 2009 21:19:18 +0200

openssl (0.9.8k-3) unstable; urgency=low

  * Make rc4-x86_64 PIC.  Based on patch from Petr Salinger (Closes: #532336)
  * Add workaround for kfreebsd that can't see the different between
    two pipes.  Patch from Petr Salinger.

 -- Kurt Roeckx <kurt op roeckx.be>  Sat, 13 Jun 2009 18:15:46 +0200

openssl (0.9.8k-2) unstable; urgency=low

  * Move libssl0.9.8-dbg to the debug section.
  * Use the rc4 assembler on kfreebsd-amd64 (Closes: #532336)
  * Split the line to generate md5-x86_64.s in the Makefile.  This will
    hopefully fix the build issue on kfreebsd that now outputs the file
    to stdout instead of the file.
  * Fix denial of service via an out-of-sequence DTLS handshake message
    (CVE-2009-1387) (Closes: #532037)

 -- Kurt Roeckx <kurt op roeckx.be>  Mon, 08 Jun 2009 19:05:56 +0200

openssl (0.9.8k-1) unstable; urgency=low

  * New upstream release
    - 0.9.8i fixed denial of service via a DTLS ChangeCipherSpec packet
      that occurs before ClientHello (CVE-2009-1386)
  * Make aes-x86_64.pl use PIC.
  * Fix security issues (Closes: #530400)
    - "DTLS record buffer limitation bug." (CVE-2009-1377)
    - "DTLS fragment handling" (CVE-2009-1378)
    - "DTLS use after free" (CVE-2009-1379)
  * Fixed Configure for hurd: use -mtune=i486 instead of -m486
    Patch by Marc Dequènes (Duck) <duck op hurdfr.org> (Closes: #530459)
  * Add support for avr32 (Closes: #528648)

 -- Kurt Roeckx <kurt op roeckx.be>  Sat, 16 May 2009 17:33:55 +0200

openssl (0.9.8g-16) unstable; urgency=high

  * Properly validate the length of an encoded BMPString and UniversalString
    (CVE-2009-0590)  (Closes: #522002)

 -- Kurt Roeckx <kurt op roeckx.be>  Wed, 01 Apr 2009 22:04:53 +0200

pam (1.1.1-6.1+squeeze1) stable-security; urgency=low

  * Non-maintainer upload by the Security Team
  * Fix CVE-2011-3148 and CVE-2011-3149

 -- Moritz Muehlenhoff <jmm op debian.org>  Mon, 17 Oct 2011 18:28:52 +0000

pam (1.1.1-6.1) unstable; urgency=low

  * Non-maintainer upload.
  * Fix pending l10n issues. Debconf translations:
    - Czech (Miroslav Kure).  Closes: #598329
    - Slovak (Ivan Masár).  Closes: #600164
    - Japanese (Kenshi Muto).  Closes: #600247
    - Finnish (Esko Arajärvi).  Closes: #600641

 -- Christian Perrier <bubulle op debian.org>  Tue, 19 Oct 2010 07:30:49 +0200

pam (1.1.1-6) unstable; urgency=low

  * Updated debconf translations:
    - Swedish, thanks to Martin Bagge <brother op bsnet.se> (closes: #575875)

 -- Steve Langasek <vorlon op debian.org>  Sun, 05 Sep 2010 23:36:35 -0700

pam (1.1.1-5) unstable; urgency=low

  * debian/rules: pass getconf LFS_CFLAGS so that we get a 64-bit rlimit
    interface.  Closes: #579402.
  * Update debian/source.lintian-overrides to clean up some spurious
    warnings.
  * Bump Standards-Version to 3.9.1.
  * Add lintian overrides for a few more spurious warnings.
  * debian/patches-applied/no_PATH_MAX_on_hurd: define PATH_MAX for
    compatibility when it's not already set.  Closes: #552043.
  * debian/local/pam-auth-update: Don't try to pass embedded newlines to
    debconf; backslash-escape them instead and use CAPB escape.
  * debian/local/pam-auth-update: sort additional module options before
    writing them out, so that we don't wind up with a different config file
    on every invocation.  Thanks to Jim Paris <jim op jtan.com> for the patch.
    Closes: #594123.

 -- Steve Langasek <vorlon op debian.org>  Sun, 05 Sep 2010 12:42:34 -0700

pam (1.1.1-4) unstable; urgency=low

  * debian/patches/conditional_module,_conditional_man: if we don't have the
    libraries required for building pam_tty_audit, we shouldn't install the
    manpage either. LP: #588547.
  * Updated debconf translations:
    - Portuguese, thanks to Eder L. Marques <eder op edermarques.net>
      (closes: #581746)
    - Spanish, thanks to Javier Fernandez-Sanguino Peña <jfs op debian.org>
      (closes: #592172)
    - Galician, thanks to Jorge Barreiro <yortx.barry op gmail.com>
      (closes: #592808)
  * Don't pass --version-script options when linking executables,
    only when linking libraries.  Thanks to Julien Cristau
    <jcristau op debian.org> for the fix.  Closes: #582362.

 -- Steve Langasek <vorlon op debian.org>  Sun, 15 Aug 2010 21:53:46 -0700

pam (1.1.1-3) unstable; urgency=low

  * pam-auth-update: fix a bug in our handling of module options when the
    module name contains digits, caused by a buggy regexp. :/  Partially
    addresses LP #369575.
  * Install /sbin/pam_tally2 in the libpam-modules package; thanks to
    Olivier BONHOMME <obonhomme op nerim.net> for reporting.  Closes: #554010.

 -- Steve Langasek <vorlon op debian.org>  Sun, 25 Apr 2010 05:53:44 -0700

pam (1.1.1-2) unstable; urgency=low

  * Document the new symbols added in 1.1.1 in debian/libpam0g.symbols, and
    raise the minimum version for the service restarting code.
    Closes: #568480.

 -- Steve Langasek <vorlon op debian.org>  Wed, 17 Feb 2010 23:21:23 -0800

pam (1.1.1-1) unstable; urgency=low

  * New upstream version.
    - restore proper netgroup handling in pam_access.
      Closes: #567385, LP: #513955.
  * Drop patches pam.d-manpage-section, namespace_with_awk_not_gawk, and
    pam_securetty_tty_check_before_user_check, which are included upstream.
  * debian/patches/026_pam_unix_passwd_unknown_user: don't return
    PAM_USER_UNKNOWN on password change of a user that has no shadow entry,
    upstream now implements auto-creating the shadow entry in this case.
  * Updated debconf translations:
    - French, thanks to Jean-Baka Domelevo Entfellner <domelevo op gmail.com>
      (closes: #547039)
    - Bulgarian, thanks to Damyan Ivanov <dmn op debian.org> (closes: #562835)
  * debian/patches/sys-types-include.patch: fix pam_modutil.h so that it can
    be included directly, without having to include sys/types.h first.
    Closes: #556203.
  * Add postgresql-8.3 to the list of services in need of restart on upgrade.
    Closes: #563674.
  * And drop postgresql-{7.4,8.1} from the list, neither of which is present
    in stable.
  * debian/patches/007_modules_pam_unix: recognize that *all* of the password
    hashes other than traditional crypt handle passwords >8 chars in length.
    LP: #356766.

 -- Steve Langasek <vorlon op debian.org>  Mon, 01 Feb 2010 02:04:33 -0800

pam (1.1.0-4) unstable; urgency=low

  * debian/patches/pam_securetty_tty_check_before_user_check: new patch,
    to make pam_securetty always return success on a secure tty regardless
    of what username was passed.  Thanks to Nicolas François
    <nicolas.francois op centraliens.net> for the patch.  Closes: #537848
  * debian/local/pam-auth-update: only reset the seen flag on the template
    when there's new information; this avoids reprompting users for the same
    information on upgrade, regardless of the debconf priority used.
    Closes: #544805.
  * libpam0g no longer depends on libpam-runtime; packages that use
    /etc/pam.d/common-* must depend directly on libpam-runtime, and most do
    (including the Essential: yes ones), so let's break this circular
    dependency.  Closes: #545086, LP: #424566.

 -- Steve Langasek <vorlon op debian.org>  Mon, 14 Sep 2009 18:47:25 -0700

pam (1.1.0-3) unstable; urgency=low

  * Bump debian/compat to 7, so we can use sane contents in debian/*.install
  * Switch all packages over to dh_install
  * Rename debian/*.lintian to debian/*.lintian-overrides and use dh_lintian
  * Move installation logic out of debian/rules into individual .install
    files
  * Drop superfluous options to dh_installchangelogs, dh_shlibdeps
  * Use debian/clean instead of rm -f'ing files in debian/rules clean target
  * Drop ./configure options that are no-ops
  * Drop the /lib/security/pam_unix_*.so symlinks, which have been deprecated
    now for 10 years and are not used at all if pam-auth-update is in play.
  * Drop the pam_rhosts_auth.so symlink as well, and document in NEWS.Debian
    that this is now obsolete.
  * Drop stale content from README.debian: some of this should have been in
    NEWS.Debian instead (but is so old it's not worth putting it there now),
    some of it is obsolete by the change in package VCS.
  * Convert debian/rules to debhelper 7 and add versioned build-dependencies
    on debhelper and quilt to suit.
  * Drop CFLAGS that we don't need anymore (-fPIC, -D_REENTRANT,
    -D_GNU_SOURCE).
  * Explicitly add -O0 to CFLAGS when noopt is set.
  * debian/patches/autoconf.patch: pull ltmain.sh in, to fix some spurious
    library linkage in the modules.
  * Move pam_cracklib manpage to the libpam-cracklib package, and add the
    requisite Replaces
  * Drop dh_makeshlibs -V; everything from lenny on should use the .symbols
    file instead, making the shlibs redundant so we don't need to care what
    version gets listed there.

 -- Steve Langasek <vorlon op debian.org>  Mon, 07 Sep 2009 18:47:45 -0700

pam (1.1.0-2) unstable; urgency=low

  [ Steve Langasek ]
  * debian/patches/pam_unix_dont_trust_chkpwd_caller.patch: fix this patch
    to call setregid() instead of always returning an error on username
    mismatch in unix_chkpwd, needed in the SELinux case and in some corner
    cases with the broken_shadow option.  Thanks to Michael Spang for the
    analysis.  Closes: #543589.
  * fix the PAM mini-policy to not tell app maintainers that they don't need
    to depend on libpam-modules if they reference modules from there.
  * make libpam-runtime depend on libpam-modules (>= 1.0.1-6) - nothing else
    guarantees that we have pam_unix available for use by pam-auth-update.
  * Use /bin/sh instead of /bin/bash for libpam0g.postinst, since we've
    confirmed there are no longer any bashisms there.  Closes: #519973.
  * Clean up the libpam0g postinst a bit; invoke-rc.d has been a guaranteed
    interface for two stable release cycles now
  * debian/patches/namespace_with_awk_not_gawk: fix the sample
    namespace.init script's dependency on non-POSIX features of gawk, since
    we don't use gawk by default.  Closes: #518908.
  * Updated debconf translations:
    - German, thanks to Sven Joachim <svenjoac op gmx.de> (closes: #544464)

  [ Kees Cook ]
  * debian/local/common-password, debian/pam-configs/unix: switch from "md5"
    to "sha512" as password crypt default.

 -- Steve Langasek <vorlon op debian.org>  Mon, 31 Aug 2009 14:21:27 -0700

pam (1.1.0-1) unstable; urgency=low

  * New upstream version.
    - pam_access no longer does DNS lookups when we know we're comparing
      with a tty name or a service name.  Closes: #376209.
    - fixes for manpage spelling.  Closes: #488690.
    - fix evaluation of or'ed list of users in time.conf and group.conf.
      Closes: #326407, #514423.
  * Drop patches pam_unix_thread-safe_save_old_password.patch,
    pam_env_ignore_garbage.patch, dont_freeze_password_chain,
    pam_1.0.4_mindays, pam_mail-fix-quiet, pam_unix-chkpwd-wait, and
    cve-2009-0887-libpam-pam_misc.patch, which are included upstream.
  * Trim pam.d-manpage-section patch, which was mostly but not completely
    applied upstream.
  * Update debian/libpam0g.symbols for new extension.
  * Bump the shlibs version as well, for our dpkg-shlibdeps fallback.
  * And bump the version checks in the libpam-modules {pre,post}inst, so that
    the necessary services get restarted for any modules that need the new
    symbols.
  * Add /sbin/mkhomedir_helper to libpam-modules.
  * Document that pam_cracklib no longer checks /etc/security/opasswd.
    Closes: #263767.
  * debian/patches/007_modules_pam_unix: drop divergence from upstream
    that treats "0" as a special value in various fields in /etc/shadow,
    and document this in debian/NEWS.  Thanks to Nicolas François
    <nicolas.francois op centraliens.net> for the detailed analysis.
    Closes: #308229.
  * Updated debconf translations:
    - French, thanks to Jean-Baka Domelevo Entfellner <domelevo op gmail.com>
      (closes: #521266)
  * Build with LDFLAGS=-Wl,-z,defs to guard against the possibility of
    any undefined symbols (due to typos or otherwise) at build time.
    Closes: #102311.
  * On upgrade from versions before 1.1.0-1, if
    /etc/pam.d/common-session-noninteractive has not been created (because
    the user declined use of pam-auth-update), create it by copying
    /etc/pam.d/common-session.  Closes: #543401.
  * debian/patches/fix-man-crud: new patch, fix "undefined macro" errors in
    manpages caused by oddities of toolchain used when generating them
    upstream.

 -- Steve Langasek <vorlon op debian.org>  Tue, 25 Aug 2009 20:35:26 -0700

pam (1.0.1-11) unstable; urgency=low

  * debian/libpam-runtime.postinst: bump the --force version check to
    1.0.1-11, to allow for a new common-session-noninteractive config file;
    and include md5sum checking logic that will work the same with old
    unmanaged and new managed /etc/pam.d/common-* files.
  * debian/local/common-{auth,account,session,password}.md5sums: document
    the known md5sums for the new managed files.
  * debian/local/common-session-noninteractive{,.md5sums},
    debian/local/pam-auth-update: split out a session-noninteractive include
    file, so that we can at last distinguish between interactive and
    non-interactive PAM sessions at a policy level.  Closes: #169930,
    LP: #287715.
  * debian/local/pam-auth-update: prune md5sums for unsupported upgrade
    paths (intrepid pre-release -> karmic/squeeze)
  * Clean up the PAM mini-policy, which hasn't been touched in a number of
    years and was looking a bit crufty
  * debian/libpam-runtime.templates:  correctly tag the URL as a
    non-translatable string.
  * Updated debconf translations:
    - Swedish, thanks to Martin Bagge <brother op bsnet.se> (closes: #541399)
    - Portuguese, thanks to Américo Monteiro <a_monteiro op netcabo.pt>
      (closes: #541108)
    - Russian, thanks to Yuri Kozlov <yuray op komyakino.ru> (closes: #541094)

 -- Steve Langasek <vorlon op debian.org>  Sun, 23 Aug 2009 18:07:11 -0700

pam (1.0.1-10) unstable; urgency=high

  [ Steve Langasek ]
  * Updated debconf translations:
    - Finnish, thanks to Esko Arajärvi <edu op iki.fi> (closes: #520785)
    - Russian, thanks to Yuri Kozlov <yuray op komyakino.ru> (closes: #521874)
    - German, thanks to Sven Joachim <svenjoac op gmx.de> (closes: #521530)
    - Basque, thanks to Piarres Beobide <pi+debian op beobide.net>
      (closes: #524285)
  * When no profiles are chosen in pam-auth-update, throw an error message
    and prompt again instead of letting the user end up with an insecure
    system.  This introduces a new debconf template.  Closes: #519927,
    LP: #410171.

  [ Kees Cook ]
  * Add debian/patches/pam_1.0.4_mindays: backport upstream 1.0.4 fixes
    for MINDAYS-Field regression (closes: #514437).
  * debian/control: add missing misc:Depends for packages that need it.

  [ Sam Hartman ]
  * Remove conflicts information for transitions prior to woody release
  * Fix lintian overrides for libpam-runtime
  * Overrides for lintian finding quilt patches
  * pam_mail-fix-quiet: patch from Andreas Henriksson
    applied upstream to fix quiet option of pam_mail, Closes: #439268 

  [ Dustin Kirkland ]
  * debian/patches/update-motd: run the update-motd scripts in pam_motd;
    render update-motd obsolete, LP: #399071

  [ Sam Hartman ]
  * cve-2009-0887-libpam-pam_misc.patch: avoid integer signedness problem
    (CVE-2009-0887) (Closes: #520115) 

 -- Steve Langasek <vorlon op debian.org>  Thu, 06 Aug 2009 17:54:32 +0100

pam (1.0.1-9) unstable; urgency=low

  * Move the pam module packages to section 'admin'.
  * 027_pam_limits_better_init_allow_explicit_root: defaults need to be
    declared as LIMITS_DEF_DEFAULT instead of LIMITS_DEF_ALL, otherwise
    global limits will fail to be applied.  LP: #314222.

 -- Steve Langasek <vorlon op debian.org>  Fri, 20 Mar 2009 19:48:47 -0700

pam (1.0.1-8) unstable; urgency=low

  * Updated debconf translations:
    - Bulgarian, thanks to Damyan Ivanov <dmn op debian.org> (closes: #518121)
    - Spanish, thanks to Javier Fernandez-Sanguino Peña <jfs op debian.org>
      (closes: #518214)
    - Swedish, thanks to Martin Bagge <brother op bsnet.se> (closes: #518324)
    - Vietnamese, thanks to Clytie Siddall <clytie op riverland.net.au>
      (closes: #518329)
    - Japanese, thanks to Kenshi Muto <kmuto op debian.org> (closes: #518335) 
    - Slovak, thanks to Ivan Masár <helix84 op centrum.sk> (closes: #518341)
    - Czech, thanks to Miroslav Kure <kurem op debian.cz> (closes: #518992)
    - Portuguese, thanks to Américo Monteiro <a_monteiro op netcabo.pt>
      (closes: #519204)
    - Galician, thanks to Marce Villarino <mvillarino op users.sourceforge.net>
      (closes: #519447)
    - Romanian, thanks to Eddy Petrișor <eddy.petrisor op gmail.com>
      (closes: #520552)
  * 027_pam_limits_better_init_allow_explicit_root: set the RLIMIT_MEMLOCK
    limit correctly to match the kernel default, which is not RLIM_INFINITY.
    Closes: #472629.

 -- Steve Langasek <vorlon op debian.org>  Fri, 20 Mar 2009 18:15:07 -0700

pam (1.0.1-7) unstable; urgency=low

  * 027_pam_limits_better_init_allow_explicit_root:
    - fix the patch so that our limit resets are actually *applied*, 
      which has apparently been broken for who knows how long!
    - shadow the finite kernel defaults for RLIMIT_SIGPENDING and
      RLIMIT_MSGQUEUE as well, so that the preceding change doesn't
      suddenly expose systems to DoS or other issues.
    - include documentation in the patch, giving examples of how to set 
      limits for root.  Thanks to Jonathan Marsden.
  * pam-auth-update: swap out known md5sums from intrepid pre-release 
    versions with the md5sums from the released intrepid version
  * pam-auth-update: set the umask, so we don't accidentally mark
    /etc/pam.d/common-* unreadable.  Thanks to Martin Krafft for catching.
    Closes: #518042.

 -- Steve Langasek <vorlon op debian.org>  Tue, 03 Mar 2009 17:18:42 -0800

pam (1.0.1-6) unstable; urgency=low

  * Updated debconf translations:
    - Vietnamese, thanks to Clytie Siddall <clytie op riverland.net.au>
  * New patch dont_freeze_password_chain, cherry-picked from upstream:
    don't always follow the same path through the password stack on
    the PAM_UPDATE_AUTHTOK pass as was used in the PAM_PRELIM_CHECK
    pass; this Linux-PAM deviation from the original PAM spec causes a
    number of problems, in particular causing wrong return values when
    using the refactored pam-auth-update stack.  LP: #303515, #305882.
  * debian/local/pam-auth-update (et al): new interface for managing
    /etc/pam.d/common-*, using drop-in config snippets provided by module
    packages.

 -- Steve Langasek <vorlon op debian.org>  Sat, 28 Feb 2009 13:36:57 -0800

pango1.0 (1.28.3-1+squeeze2) stable-security; urgency=high

  * 02_CVE-2011-0064.patch: patch from Behdad Esfahbod and Karl 
    Tomlinson to fix buffer overwrite on OOM realloc failure.
    CVE-2011-0064, Mozilla #606997.

 -- Josselin Mouette <joss op debian.org>  Sun, 27 Feb 2011 13:34:08 +0100

pango1.0 (1.28.3-1+squeeze1) unstable; urgency=low

  * 01_CVE-2011-0020.patch: patch from Behdad Esfahbod to fix heap 
    corruption. Closes: #610792, CVE-2011-0020. LP: #696616.

 -- Josselin Mouette <joss op debian.org>  Mon, 24 Jan 2011 21:39:46 +0100

pango1.0 (1.28.3-1) unstable; urgency=low

  * New upstream stable release.
    + Fixes SIGFPE in opentype renderer. Closes: #598166.

 -- Josselin Mouette <joss op debian.org>  Tue, 19 Oct 2010 23:37:45 +0200

pango1.0 (1.28.1-1) unstable; urgency=low

  * New upstream bugfix release:
    + debian/libpango1.0-0.symbols:
      - Update for renamed exported symbol that is not declared in any
        public header and only used internally.
  * debian/patches/10_scan-module-files-in-dirs.patch,
    debian/patches/11_module-files-append-module-files-d.patch,
    debian/patches/12_module-files-append-compat-module-files-d.patch:
    + Refreshed.

 -- Sebastian Dröge <slomo op debian.org>  Tue, 15 Jun 2010 18:17:45 +0200

pango1.0 (1.28.0-1) unstable; urgency=low

  * New upstream stable release.

 -- Sebastian Dröge <slomo op debian.org>  Wed, 31 Mar 2010 09:07:17 +0200

pango1.0 (1.27.1-3) experimental; urgency=low

  * debian/control.in:
    - Bump libcairo2-dev build dependency to ensure we don't get a
      dependency on the old libcairo-directfb2-udeb.

 -- Emilio Pozuelo Monfort <pochu op debian.org>  Wed, 17 Mar 2010 07:58:08 +0100

pango1.0 (1.27.1-2) experimental; urgency=low

  [ Cyril Brulebois ]
  * Switch udeb from DirectFB to Xlib to prepare the move to an X11-based
    graphical installer. Closes: #573498.
     - Remove the --without-x flag from the udeb_configure_flags variable.
  * Bump some B-D to make sure the udeb gets proper dependencies on the
    recently added udebs:
     - libx11-dev
     - libxft-dev
  * Thanks to Julien Cristau for his initial patch.

  [ Emilio Pozuelo Monfort ]
  * debian/control.in:
    - Bump Standards-Version to 3.8.4, no changes needed.

 -- Emilio Pozuelo Monfort <pochu op debian.org>  Sat, 13 Mar 2010 19:44:35 +0100

pango1.0 (1.27.1-1) experimental; urgency=low

  * New upstream development release:
    + debian/rules:
      - Include check-dist.mk to prevent accidental uploads to unstable.

 -- Sebastian Dröge <slomo op debian.org>  Tue, 23 Feb 2010 10:42:39 +0100

pango1.0 (1.26.2-1) unstable; urgency=low

  * New upstream bugfix release.

 -- Sebastian Dröge <slomo op debian.org>  Tue, 15 Dec 2009 10:04:01 +0100

pango1.0 (1.26.1-1) unstable; urgency=low

  * New upstream bugfix release.

 -- Sebastian Dröge <slomo op debian.org>  Wed, 18 Nov 2009 07:40:39 +0100

pango1.0 (1.26.0-1) unstable; urgency=low

  * New upstream stable release.

 -- Sebastian Dröge <slomo op debian.org>  Tue, 22 Sep 2009 05:28:36 +0200

pango1.0 (1.25.6-1) experimental; urgency=low

  * New upstream development release.

 -- Sebastian Dröge <slomo op debian.org>  Wed, 09 Sep 2009 07:49:30 +0200

pango1.0 (1.25.5-1) experimental; urgency=low

  * New upstream development release:
    + debian/rules:
      - Include check-dist.mk to prevent accidental uploads to unstable. 
    + debian/rules,
      debian/libpango1.0-0.symbols:
      - Update for API additions.
  * debian/control.in:
    + Update Standards-Version to 3.8.3.

 -- Sebastian Dröge <slomo op debian.org>  Sat, 05 Sep 2009 07:36:44 +0200

pango1.0 (1.24.5-1) unstable; urgency=low

  [ Emilio Pozuelo Monfort ]
  * libpango1.0-udeb is priority optional according to the override.

  [ Sebastian Dröge ]
  * New upstream bugfix release.

 -- Sebastian Dröge <slomo op debian.org>  Tue, 21 Jul 2009 07:59:34 +0200

pango1.0 (1.24.4-1) unstable; urgency=low

  * New upstream bugfix release.

 -- Josselin Mouette <joss op debian.org>  Sat, 11 Jul 2009 11:36:49 +0200

pango1.0 (1.24.3-1) unstable; urgency=low

  * New upstream bugfix release.
  * debian/patches/90_relibtoolize.patch:
    + Dropped, not necessary anymore.
  * debian/control.in:
    + Update Standards-Version to 3.8.2.

 -- Sebastian Dröge <slomo op debian.org>  Sat, 20 Jun 2009 10:02:18 +0200

pango1.0 (1.24.2-1) unstable; urgency=low

  [ Luca Bruno ]
  * New upstream bugfix release:
    - Be more tolerant on the "fontmap" property setting. Closes: #522675
  * debian/patches/13_pango-view-undefined-references.patch,
    debian/patches/14_gnome-panel-crash.patch:
    - Remove as applied upstream.

  [ Josselin Mouette ]
  * Add libglib2.0-doc to b-d-i to ensure proper xrefs.

  [ Sebastian Dröge ]
  * New upstream bugfix release:
    + debian/patches/90_relibtoolize.patch:
      - Updated for the new version.

 -- Sebastian Dröge <slomo op debian.org>  Thu, 14 May 2009 09:34:23 +0200

pango1.0 (1.24.0-4) UNRELEASED; urgency=low

  [ Josselin Mouette ]
  * Fix section for debugging package.
  * Standards version is 3.8.1.

  [ Loic Minier ]
  * Move udeb to Priority extra.
  * Drop duplicate Section/Priority fields.
  * Set opt_configure_flags to $(shared_configure_flags) in the sample opt
    flavor for armel and move the opt flavor and check flavors below the
    definition of other flags.

 -- Josselin Mouette <joss op debian.org>  Wed, 08 Apr 2009 11:01:46 +0200

pango1.0 (1.24.0-3) unstable; urgency=low

  * debian/patches/14_gnome-panel-crash.patch:
    + Fix a crash in gnome-panel that happend because of invalid
      memory accesses in pango. Patch from upstream GIT.

 -- Sebastian Dröge <slomo op debian.org>  Wed, 08 Apr 2009 08:47:32 +0200

pango1.0 (1.24.0-2) unstable; urgency=low

  * Upload to unstable, this won't break any transitions because of the
    use of symbol files.

 -- Sebastian Dröge <slomo op debian.org>  Wed, 01 Apr 2009 15:48:15 +0200

pango1.0 (1.24.0-1) experimental; urgency=low

  * New upstream release:
    + debian/patches/90_relibtoolize.patch:
      - Updated for the new version.
    + debian/control.in:
      - Update build dependencies.
    + debian/rules,
      debian/libpango1.0-0.symbols:
      - Update for API additions.
  * debian/patches/13_pango-view-undefined-references.patch:
    + Fix linking of pango-view for the udeb.

 -- Sebastian Dröge <slomo op debian.org>  Sun, 22 Mar 2009 15:11:40 +0100

pango1.0 (1.22.4-3) unstable; urgency=low

  [ Loic Minier ]
  * Drop useless --disable-static and --enable-shared flags to simplify
    configure flags.
  * Rework flavor-specific vars.
    - Introduce $(flavor) which is set to $* to clarify implicit rules.
    - Rename common_configure_flags to configure_flags.
    - Introduce the flavor_get macro to use a flavor specific override or
      fallback to the common defaults for make vars.
    - Use $(call flavor_get, ) to retrieve configure_flags, CFLAGS, and
      LDFLAGS allowing to override these per flavor; for example:
      "udeb_CFLAGS = $(CFLAGS) -Os".
  * Drop note about shared flavor being required, they all are as they are
    mentionned in the install files.
  * Move update-pangox-aliases man pages from section 1 to section 8; thanks
    jidanni op jidanni.org; closes: #512448.
  * Rewrite dh_pangomodules description; also fixes a lintian warning.
  * Add support for an optimized pass, implemented as a flavor.
    - Define a default OPTLIBDIR and replace it in the sed foo for %.in files;
      this is like LIBDIR, but with some hwcaps extension, e.g. usr/lib/vfp.
    - Add sample vars to build an optimized vfp flavor for armel with
      additional CFLAGS.
    - Add the "opt" special flavor to flavors to run the testsuites on,
      CHECK_FLAVORS.
    - Also sed and append %.opt after %.in when generating % files from %.in;
      the %.opt file is optional and only included if the opt flavor is
      included.
    - Add a debian/libpango1.0-0.install.opt which lists files from the
      optimized flavor to install in libpango1.0-0.
  * Build-dep on dpkg-dev >= 1.14.17 and drop -g -O$(if $(findstring
    noopt,$(DEB_BUILD_OPTIONS)),0,2) from CFLAGS, only keeping -Wall as honor
    the default CFLAGS.
  * dh_pangomodules: Demote warning when skipping non-existent modules dir to
    verbose_print(); use -v to see it.

  [ Sebastian Dröge ]
  * debian/libpango1.0-0.symbols,
    debian/rules:
    + Add symbols file.

 -- Sebastian Dröge <slomo op debian.org>  Sun, 22 Mar 2009 14:36:22 +0100

pango1.0 (1.22.4-2) unstable; urgency=low

  * Upload to unstable, remove check-dist.mk include.

 -- Sebastian Dröge <slomo op debian.org>  Tue, 17 Feb 2009 10:07:37 +0100

pango1.0 (1.22.4-1) experimental; urgency=low

  [ Loic Minier ]
  * Don't purge /etc/pango/pango.modules during first configuration.

  [ Josselin Mouette ]
  * New upstream release.
    + Take into account the width of CJK characters when computing the 
      size of text boxes. Closes: #505780.
  * 90_relibtoolize.patch: relibtoolize to avoid the rpath issue on 
    amd64.
  * dh_pangomodules.in: fix pod2man error.

 -- Josselin Mouette <joss op debian.org>  Tue, 06 Jan 2009 13:30:54 +0100

pango1.0 (1.22.3-1) experimental; urgency=low

  [ Josselin Mouette ]
  * Replace ttf-kochi-* suggests by ttf-japanese-*.

  [ Sebastian Dröge ]
  * New upstream bugfix release.

 -- Sebastian Dröge <slomo op debian.org>  Mon, 24 Nov 2008 08:07:32 +0100

pango1.0 (1.22.2-1) experimental; urgency=low

  [ Loic Minier ]
  * Also bump the libcairo-directfb2-dev bdep and the libcairo2-dev deps.
  * New upstream stable release; no API change; bug fixes.
    - Bump libcairo-directfb2-dev and libcairo2-dev bdeps to >= 1.7.6.

  [ Deng Xiyue ]
  * New upstream release.
    - Bump SHVERSION to 1.22.0 due to API tweak to adapt cairo-1.7.6.
  * Remove bdep on libcairo-directfb2-dev due to cairo structure changes,
    hence bump libcairo2-dev bdep to >= 1.8.2-2.
  * Target watch file to stable releases again.

  [ Sebastian Dröge ]
  * Fix dh_shlibdeps call for the udeb.

 -- Sebastian Dröge <slomo op debian.org>  Fri, 07 Nov 2008 09:33:19 +0100

pango1.0 (1.21.6-1) experimental; urgency=low

  * Don't hardcode the pathes to defoma-app and update-pangox-aliases in
    maintainer scripts.
  * Refresh patches 60_link-pangoxft-to-fontconfig and 70_automake and convert
    60_link-pangoxft-to-fontconfig to a -p1 level patch to support
    dpkg-source's quilt format.
  * Let libpango1.0-dev recommend debhelper for dh_pangomodules.
  * New upstream development releases; new API, API depreciations, and slights
    changes in semantics of the finalization of fontmaps.
    - Bump up bdeps to libcairo2-dev >= 1.7.4 and libglib2.0-dev >= 2.17.3.
    - Drop patch 60_link-pangoxft-to-fontconfig, fixed upstream.
    - Drop patch 70_automake, was only useful for
      60_link-pangoxft-to-fontconfig.
    - Bump shlibs version to 1.21.6.

 -- Loic Minier <lool op dooz.org>  Wed, 13 Aug 2008 16:59:28 +0200

pango1.0 (1.21.3-1) experimental; urgency=low

  [ Deng Xiyue ]
  * New upstream development release, APIs are not stable yet.
    + Update libcairo{,-directfb}2-dev dependency to >= 1.6.4 as per
      configure.in.
    + Update SHVERSION to 1.21.3.
    + Make debian/watch target development releases.

  [ Loic Minier ]
  * Target experimental and include check-dist.mk for now.

 -- Deng Xiyue <manphiz-guest op users.alioth.debian.org>  Thu, 07 Aug 2008 20:10:07 +0800

pciutils (1:3.1.7-6) unstable; urgency=medium

  * Update pci.ids with version 2010.11.24
  * Pass parameters -Zbzip2 and -z9 to dpkg-deb via dh_builddeb

 -- Anibal Monsalve Salazar <anibal op debian.org>  Fri, 26 Nov 2010 16:19:45 +1100

pciutils (1:3.1.7-5) unstable; urgency=medium

  * Update pci.ids with version 2010.08.23 
  * Fix out-of-date-standards-version
  * Fix xc-package-type-in-debian-control

 -- Anibal Monsalve Salazar <anibal op debian.org>  Tue, 24 Aug 2010 19:10:27 +1000

pciutils (1:3.1.7-4) unstable; urgency=low

  * Update pci.ids with snapshot dated 2010-06-12

 -- Anibal Monsalve Salazar <anibal op debian.org>  Sat, 26 Jun 2010 14:17:57 +1000

pciutils (1:3.1.7-3) unstable; urgency=medium

  * Update pci.ids with snapshot dated 2010-04-09 03:15:02 

 -- Anibal Monsalve Salazar <anibal op debian.org>  Sun, 11 Apr 2010 07:50:00 +1000

pciutils (1:3.1.7-2) unstable; urgency=medium

  * Update pci.ids with snapshot dated 2010-03-01 03:15:01

 -- Anibal Monsalve Salazar <anibal op debian.org>  Sun, 14 Mar 2010 12:17:33 +1100

pciutils (1:3.1.7-1) unstable; urgency=low

  * New upstream version 
  * Update pci.ids with snapshot dated 2010-02-11 03:15:02
  * Fix out-of-date-standards-version

 -- Anibal Monsalve Salazar <anibal op debian.org>  Fri, 12 Feb 2010 17:54:56 +1100

pciutils (1:3.1.6-1) unstable; urgency=low

  * New upstream version 
  * Debian source format is 3.0 (quilt)
  * Don't define GZIP in update-pciids
    Closes: 566311

 -- Anibal Monsalve Salazar <anibal op debian.org>  Wed, 27 Jan 2010 14:32:37 +1100

pciutils (1:3.1.4-5) unstable; urgency=low

  * Update pci.ids with snapshot dated 2010-01-11 03:15:02
  * Fix debhelper-but-no-misc-depends

 -- Anibal Monsalve Salazar <anibal op debian.org>  Sat, 16 Jan 2010 17:44:24 +1100

pciutils (1:3.1.4-4) unstable; urgency=low

  * Update pci.ids with snapshot dated 2009-11-23 03:15:02

 -- Anibal Monsalve Salazar <anibal op debian.org>  Tue, 24 Nov 2009 14:58:29 +1100

pciutils (1:3.1.4-3) unstable; urgency=low

  * Update pci.ids with snapshot dated 2009-10-22 03:15:02 
  * Build twice in a row successfully
    Closes: 544011
  * Ship libpci.a in libpci-dev
    Closes: 545877

 -- Anibal Monsalve Salazar <anibal op debian.org>  Sat, 07 Nov 2009 20:06:09 +1100

pciutils (1:3.1.4-2) unstable; urgency=medium

  * Update pci.ids with snapshot dated 2009-09-18 03:15:01 

 -- Anibal Monsalve Salazar <anibal op debian.org>  Fri, 09 Oct 2009 12:28:51 +1100

pciutils (1:3.1.4-1) unstable; urgency=low

  * New upstream version 
  * Fix out-of-date-standards-version
  * Update pci.ids with snapshot dated 2009-08-18 03:15:02

 -- Anibal Monsalve Salazar <anibal op debian.org>  Thu, 20 Aug 2009 15:41:13 +1000

pciutils (1:3.1.3-2) unstable; urgency=high

  [ Julien Cristau ]
  * update-pciids: make sure the new pci.ids file has the same
    owner/permissions as the old one. Closes: 540664

  [ Anibal Monsalve Salazar ]
  * Fix shlibs dependency
    Closes: 516848, 519608, 529032
  * Fix priority disparity
  * Update pci.ids with snapshot dated 2009-07-27 03:15:01

 -- Anibal Monsalve Salazar <anibal op debian.org>  Sun, 09 Aug 2009 16:20:14 +0200

pciutils (1:3.1.3-1) unstable; urgency=low

  * New upstream version
  * DH level compatibility is 7
  * Fix out-of-date-standards-version
  * Fix dh-clean-k-is-deprecated

 -- Anibal Monsalve Salazar <anibal op debian.org>  Mon, 06 Jul 2009 08:50:14 +1000

pciutils (1:3.1.2-5) unstable; urgency=medium

  * Update pci.ids with snapshot dated 2009-06-02 03:15:01

 -- Anibal Monsalve Salazar <anibal op debian.org>  Fri, 12 Jun 2009 15:17:01 +1000

pciutils (1:3.1.2-4) unstable; urgency=low

  * Update pci.ids with snapshot dated 2009-05-19 03:15:01
  * Fix typo in setpci manpage; closes: #525258

 -- Anibal Monsalve Salazar <anibal op debian.org>  Fri, 22 May 2009 12:28:39 +1000

pciutils (1:3.1.2-3) unstable; urgency=medium

  * Update pci.ids with snapshot dated 2009-03-29 03:15:02 
  * Fix shlibs; closes: #521176

 -- Anibal Monsalve Salazar <anibal op debian.org>  Mon, 30 Mar 2009 13:31:08 +1100

pciutils (1:3.1.2-2) unstable; urgency=low

  * Update pci.ids with snapshot dated 2009-03-19 03:15:02
  * Fix "FTBFS on GNU/kFreeBSD"; patch by Petr Salinger; closes: #520343
  * Standards version is 3.8.1

 -- Anibal Monsalve Salazar <anibal op debian.org>  Sun, 22 Mar 2009 16:42:57 +1100

pciutils (1:3.1.2-1) unstable; urgency=low

  * New upstream version
  * Update pci.ids with snapshot dated 2009-02-20 03:15:01

 -- Anibal Monsalve Salazar <anibal op debian.org>  Tue, 03 Mar 2009 13:46:34 +1100

pciutils (1:3.0.3-2) unstable; urgency=low

  * Upload to unstable 
  * Put back Matthew Wilcox in uploaders
  * Update pci.ids with snapshot dated 2009-02-14 03:15:02

 -- Anibal Monsalve Salazar <anibal op debian.org>  Mon, 16 Feb 2009 12:49:19 +1100

pciutils (1:3.0.3-1) experimental; urgency=low

  * New upstream version
  * Update pci.ids with snapshot dated 2008-11-14 03:15:02
  * Support cross-building; patch by Neil Williams; closes: #481672
  * Fix libpci3 long description; closes: #481313

 -- Anibal Monsalve Salazar <anibal op debian.org>  Sun, 16 Nov 2008 18:54:07 +1100

pciutils (1:3.0.2-2) experimental; urgency=low

  * New pci.ids header format; closes: #501612 
  * Update pci.ids with snapshot dated 2008-10-27 03:15:01

 -- Anibal Monsalve Salazar <anibal op debian.org>  Sun, 02 Nov 2008 09:16:00 +1100

perl (5.10.1-17squeeze6) stable-security; urgency=low

  * [SECURITY] CVE-2013-1667: fix a rehashing DoS opportunity
    against code that uses arbitrary user input as hash keys.
    (Closes: #702296)

 -- Niko Tyni <ntyni op debian.org>  Tue, 05 Mar 2013 21:50:01 +0200

perl (5.10.1-17squeeze5) stable; urgency=low

  * [SECURITY] CVE-2012-6329: Fix misparsing of maketext strings which
    could allow arbitrary code execution from untrusted maketext templates
    (Closes: #695224)

 -- Dominic Hargreaves <dom op earth.li>  Sat, 16 Feb 2013 19:00:31 +0000

perl (5.10.1-17squeeze4) stable-security; urgency=low

  * [SECURITY] CVE-2012-5195: fix a heap buffer overrun with
    the 'x' string repeat operator. (Closes: #689314)
  * [SECURITY] CVE-2012-5526: CGI.pm improper cookie and p3p
    CRLF escaping (Closes: #693420)
  * [SECURITY] add warning to Storable documentation that Storable
    documents should not be accepted from untrusted sources
    (Closes: #695223)

 -- Dominic Hargreaves <dom op earth.li>  Tue, 11 Dec 2012 14:07:34 +0000

perl (5.10.1-17squeeze3) stable; urgency=low

  * [SECURITY] CVE-2011-2939: Fix decode_xs n-byte heap-overflow security
    bug in Unicode.xs (Closes: #637376)
  * [SECURITY] CVE-2011-3597: Fix unsafe use of eval in Digest->new();
    thanks to Ansgar Burchardt for the notification (Closes: #644108)
  * Unregister signal handler before destroying my_perl; fixes segfault
    (Closes: #604902)

 -- Dominic Hargreaves <dom op earth.li>  Tue, 20 Dec 2011 20:01:23 +0000

perl (5.10.1-17squeeze2) stable-security; urgency=low

  * [SECURITY] CVE-2010-1447: further Safe.pm fixes for breaking out
    of safe compartment using subroutine references (Closes: #631529)

 -- Dominic Hargreaves <dom op earth.li>  Sun, 26 Jun 2011 16:10:22 +0100

perl (5.10.1-17squeeze1) stable-security; urgency=low

  * [SECURITY] CVE-2011-1487: taint laundering in lc, uc, et al.
    (Closes: #622817)

 -- Niko Tyni <ntyni op debian.org>  Sat, 16 Apr 2011 09:02:05 +0300

perl (5.10.1-17) unstable; urgency=medium

  * [SECURITY] CVE-2010-2761 CVE-2010-4410 CVE-2010-4411:
    fix CGI.pm MIME boundary and multiline header vulnerabilities.
    (Closes: #606995)

 -- Niko Tyni <ntyni op debian.org>  Fri, 07 Jan 2011 13:57:42 +0200

perl (5.10.1-16) unstable; urgency=low

  * Improve LC_NUMERIC documentation. (Closes: #379329)
  * Fix sprintf not to ignore LC_NUMERIC with constants. (Closes: #601549)
  * Fix stack pointer corruption in pp_concat() with "use encoding".
    (Closes: #596105)

 -- Niko Tyni <ntyni op debian.org>  Tue, 02 Nov 2010 10:17:28 +0200

perl (5.10.1-15) unstable; urgency=low

  * Include the Text::Tabs license in debian/copyright. Thanks to "v.nix.is".
    (Closes: #596844)
  * Downgrade the 'make' recommendation to a suggestion to avoid pulling
    it in by default after all. (Closes: #596734) (Reopens: #293908)
  * Put the libfile-spec-perl conflict version in line with the separate
    package, which uses four digits. (Closes: #595121)
  * Squelch useless locale warnings during package maintainer scripts.
    (Closes: #508764)

 -- Niko Tyni <ntyni op debian.org>  Wed, 06 Oct 2010 21:45:00 +0300

perl (5.10.1-14) unstable; urgency=medium

  * Don't override -DDEBIAN on GNU/Hurd, fixing @INC breakage and other
    things. Thanks to Samuel Thibault. (Closes: #587901)
  * Fix builds on gcc 4.5 by passing PERL_PATCHLEVEL_H_IMPLICIT to cpp.
    Thanks to Loïc Minier and Paul Brook. (Closes: #588799)
  * Fix builds when the name of the current directory contains regexp
    metacharacters, particularly binNMUs with current sbuild versions.
    Thanks to Kyle Moffett and Ansgar Burchardt. (Closes: #585678)
  * Releasing with 'medium' urgency due to an RC bug fix.

 -- Niko Tyni <ntyni op debian.org>  Wed, 04 Aug 2010 13:52:05 +0300

perl (5.10.1-13) unstable; urgency=low

  * [SECURITY] CVE-2010-1974: Update to Safe-2.25, fixing code injection
    and execution vulnerabilities. (Closes: #582978)
  * Add conflicts/replaces/provides for the new libswitch-perl,
    libclass-isa-perl, and libpod-plainer-perl packages. (See #580034)
  * Fix a tell() crash on bad arguments. (Closes: #578577)
  * Fix a format/write crash. (Closes: #579537)
  * Prevent gcc from optimizing the u32align check away, finally fixing
    MD5 on armel. Thanks to Marc Pignat. (Closes: #289884)
  * Fix a test failure in CGI/t/fast.t when FCGI is available.

 -- Niko Tyni <ntyni op debian.org>  Sun, 30 May 2010 11:09:48 +0300

perl (5.10.1-12) unstable; urgency=low

  * Fix the location of an Archive::Tar test file.
  * Update conflict versions on libscalar-list-utils-perl, libxsloader-perl,
    and libnet-perl.
  * Properly include the 5.10.0 site directories on @INC as per Perl policy.
    (Closes: #575030)
  * Fix an errno stringification bug in taint mode. (Closes: #574129) 
  * Move Config_heavy.pl into perl-base and unapply the DynaLoader
    changes introduced in 5.10.1-5. (Closes: #575308)
  * Remove B and B::Deparse from perl-base, they haven't worked without
    the perl package for a long time if ever. (Closes: #576153)
  * Upgrade to Standards-Version 3.8.4 with no changes.

 -- Niko Tyni <ntyni op debian.org>  Sun, 11 Apr 2010 22:55:05 +0300

perl (5.10.1-11) unstable; urgency=low

  * Unapply obsolete Debian patches:
    - Object::Accessor POD patch (fixed in 5.10.1)
    - "missing /etc/hosts"       (fixed in 5.10.1)
    - "arm fp non-IEEE rounding" (fixed in armel)
    - "ppc/ia64 optimization upgrade" (no-op since 5.10.0-5)
    - "arm optimization downgrade" (fixed sometime after gcc 4.0)
  * Make perl-base conflict with older versions of safe-rm to unbreak
    maintainer scripts on partial upgrades. (Closes: #566080)
  * Update debian/README.source to recommend using quilt in NMUs.
  * Include upstream commit information in patchlevel.h.
  * Upload to unstable.

 -- Niko Tyni <ntyni op debian.org>  Wed, 03 Feb 2010 22:38:26 +0200

perl (5.10.1-10) experimental; urgency=low

  * Add conflicts/replaces/provides for libtime-local-perl. (Closes: #567188)
  * Really add the new perl-modules README.Debian. (Closes: #565721)
  * Make libcgi-fast-perl depend on perl (<< 5.10.2~) because
    it's now in the core directory. (Closes: #567092)
  * Switch to dpkg v3 source format.
    + remove the obsoleted quilt-series-but-no-build-dep lintian override.
  * Describe the applied Debian patches in patchlevel.h (and therefore
    `perl -V' output too.) (Closes: #567489)
  * Include minimal copyright and license information on the Debian
    packaging in debian/copyright.
  * Don't try to ship Changes5.* or patching.pod in perl-doc anymore,
    they have been removed upstream for 5.10.1.
  * Upload to experimental to verify that the source format changes work

 -- Niko Tyni <ntyni op debian.org>  Fri, 29 Jan 2010 21:52:06 +0200

perl (5.10.1-9) unstable; urgency=low

  * Move CGI/Fast.pm back to the core directory so that libcgi-pm-perl
    can override it. (Closes: #563713)
  * Add a README.Debian file to perl-modules.
  * Other packages should not depend on perl-modules but perl;
    clarify this in the perl-modules long description and the new
    README.Debian file. (Closes: #552052)
  * Fix a NULL pointer dereference when looking for a DESTROY method.
    (Closes: #564074)
  * Add conflicts/replaces/provides for libfile-spec-perl. (Closes: #556789)
    + note that perl-base contains part of libfile-spec-perl, so it has
      a conflicts entry for earlier versions but does not provide and
      replace it. The rest of the functionality is in perl-modules.

 -- Niko Tyni <ntyni op debian.org>  Sat, 16 Jan 2010 22:13:15 +0200

perl (5.10.1-8) unstable; urgency=medium

  * Fix another perl-suid/i386 dependency bug by using dpkg-shlibdeps
    correctly. (Closes: #556847)
  * Add Conflicts/Replaces/Provides for libthread-queue-perl.
    (Closes: #556793)

 -- Niko Tyni <ntyni op debian.org>  Sat, 21 Nov 2009 21:01:14 +0200

perl (5.10.1-7) unstable; urgency=medium

  * Only run dpkg-shlibdeps when all the shlibs files have been created.
    This fixes perl-suid dependencies on i386. (Closes: #552797)
  * Set myself as Maintainer and remove Brendan O'Dea from the control
    file at his request.
  * Make the threads-shared test suite more robust, fixing failures on hppa.
    (Closes: #554218)

 -- Niko Tyni <ntyni op debian.org>  Fri, 06 Nov 2009 22:18:07 +0200

perl (5.10.1-6) unstable; urgency=high

  * Added /me to Uploaders.
  * Apply upstream fix to resolve some crash in pattern matching against
    non-Unicode tainted string. This fixes CVE-2009-3626. (Closes: #552291)

 -- Eugene V. Lyubimkin <jackyf op debian.org>  Thu, 22 Oct 2009 23:21:24 +0300

perl (5.10.1-5) unstable; urgency=low

  * Make DynaLoader work without Config_heavy.pl again. (Closes: #549170)

 -- Niko Tyni <ntyni op debian.org>  Thu, 01 Oct 2009 10:52:33 +0300

perl (5.10.1-4) unstable; urgency=low

  * Temporarily work around an internal compiler error in Devel::PPPort
    on ia64+gcc-4.3. (Closes: #548943)

 -- Niko Tyni <ntyni op debian.org>  Tue, 29 Sep 2009 22:28:23 +0300

perl (5.10.1-3) unstable; urgency=low

  * Upload to unstable.

 -- Niko Tyni <ntyni op debian.org>  Fri, 25 Sep 2009 21:47:47 +0300

perl (5.10.1-2) experimental; urgency=low

  * reinstate Debian change to ExtUtils::MakeMaker for now to allow
    overriding PREFIX at installation time again. (Closes: #545904)
  * Separate Archive::Tar instance error strings from each other.
    (Closes: #539355)
  * Fix a crash with \G on first match. (Closes: #545234)

 -- Niko Tyni <ntyni op debian.org>  Tue, 15 Sep 2009 21:23:45 +0300

perl (5.10.1-1) experimental; urgency=low

  * New upstream release.
  * Remove traces of libcpan-plus-perl provides/conflicts/replaces in favour
    of libcpanplus-perl.
  * Clean an accidentally duplicated libcpanplus-perl conflict entry.
  * Add conflicts/replaces/provides for
    + libio-compress-bzip2-perl
  * Don't test .ph file syntax when DEB_BUILD_OPTIONS contains "nocheck"
    or "x-perl-notest"
  * Replace /usr/share/doc symlinks with separate changelog and copyright
    files in the arch-independent packages (perl-doc and perl-modules)
    to make sure they correspond to the right package version.
    (Closes: #536384, #542137)
  * Add support for abstract sockets. Thanks to Lubomir Rintel.
    (Closes: #329291, #490660)
  * In versions older than 5.10.0-24, CPANPLUS system configuration would be
    erroneously saved under /usr/share. Avoid loss of local configuration by
    copying it to /etc/perl/CPANPLUS/Config/System.pm on upgrades before the
    new package overwrites it. (Closes: #543910)
  * Add gcc predefined macros to $Config{cppsymbols} on GNU/Hurd.
    Thanks to Samuel Thibault. (Closes: #544307)
  * Fix autodie on hppa by allowing for flock returning EAGAIN instead
    of EWOULDBLOCK. (Closes: #543731)
  * Move /usr/share/perl/5.10/unicore/To into perl-base. (See #543149)

 -- Niko Tyni <ntyni op debian.org>  Thu, 03 Sep 2009 23:41:17 +0300

perl (5.10.1~rc2-1) experimental; urgency=low

  * New upstream release candidate.
    + Archive::Tar now supports bzip2 files. (Closes: #457326)
    + Module::CoreList now includes ExtUtils::Miniperl. (Closes: #508696)
    + ExtUtils::Manifest now handles whitespace correctly. (Closes: #538005)
    + CGI.pm unwanted UTF-8 conversion in URLs is fixed. (Closes: #516129)
    + FileCache needs symbolic references, documentation updated.
      (Closes: #318579)
    + perldoc.pod now references perlpod.pod. (Closes: #479638)
    + Long regular expressions work again. (Closes: #527039)
    + File::Temp::tempfile now supports TMPDIR. (Closes: #351373)
    + File::Temp now works with ACLs. (Closes: #531770)
    + IPC::Cmd now works with arrayrefs. (Closes: #533380)
    + perlpod.pod documentation fix: =encoding affects the whole document.
      (Closes: #527023)
    + CPAN.pm no longer passes make arguments through to Build.
      (Closes: #508183)
    + using the same lexically scoped variable in a foreach loop twice
      no longer segfaults. (Closes: #511589)
    + unwanted filehandle stringification in CGI.pm is fixed. (Closes: #483144)
    + script_name() in CGI.pm is fixed. (Closes: #493965)
    + revision information removed from perlfaq whatis entries
      (Closes: #402046)
  * Updated the conflicts list for the various dual-lived modules.
  * Added conflicts/replaces/provides for 
    + libio-compress-perl
    + libcompress-raw-bzip2-perl
    + libthreads-perl
    + libthreads-shared-perl
    + libparse-cpan-meta-perl
    + libparent-perl
    + libautodie-perl
  * Update the search path in the h2ph check. Thanks to Marius Vollmer.
  * Build-Depend on libbz2-dev instead of using the bundled library in
    ext/Compress-Raw-Bzip2.

 -- Niko Tyni <ntyni op debian.org>  Wed, 19 Aug 2009 23:39:54 +0300

perl (5.10.0-25) unstable; urgency=low

  * Fix File::Copy::copy with pipes on GNU/kFreeBSD.
    Thanks to Petr Salinger. (Closes: #537555)
  * Module::Build::Compat makefiles now support 'distclean'.
    Thanks to Ryan Niebur. (Closes: #527993)
  * Honor TMPDIR when open()ing an anonymous temporary file.
    Thanks to Norbert Buchmuller. (Closes: #528544)
  * Move to libdb4.7. (Closes: #536443)

 -- Niko Tyni <ntyni op debian.org>  Sat, 15 Aug 2009 23:24:30 +0300

perl (5.10.0-24) unstable; urgency=low

  * Change the perl-debug package section and priority to debug/extra.
  * POD fix for Module::Build::Cookbook.
  * Fix a memory leak with the map operator. (Closes: #528332)
  * Add gcc predefined macros to $Config{cppsymbols} on GNU/kFreeBSD.
    (Closes: #533098) 
  * Fix CPAN and CPANPLUS configuration to consistently use the
    site directories with both Build.PL and Makefile.PL. (Closes: #533707)
  * Save local versions of CPANPLUS::Config::System into /etc/perl.
    (See #533707)

 -- Niko Tyni <ntyni op debian.org>  Wed, 08 Jul 2009 23:21:31 +0300

perl (5.10.0-23) unstable; urgency=high

  * Don't try to check nonexistent .ph files: the kFreeBSD port
    doesn't have <asm/termios.h>. (Closes: #526974)
  * [SECURITY] CVE-2009-1391: Fix a buffer overflow in Compress::Raw::Zlib.
    (Closes: #532736)

 -- Niko Tyni <ntyni op debian.org>  Fri, 12 Jun 2009 21:26:18 +0300

perl (5.10.0-22) unstable; urgency=low

  * Make Archive::Extract work with recent versions of GNU tar.
    (Closes: #526822)

 -- Niko Tyni <ntyni op debian.org>  Sun, 03 May 2009 22:09:50 +0300

perl (5.10.0-21) unstable; urgency=low

  * Make the perl package recommend make because /usr/bin/cpan uses it.
    (Closes: #293908)
  * Add a .NOTPARALLEL debian/rules target to explicitly disable parallel
    builds. (Closes: #523940)
  * Squelch 'Constant subroutine ... undefined' warnings from .ph files.
    (Closes: #379757)
  * Elaborate PERL_SYS_* documentation a bit. 
  * Fix a segmentation fault with array ties. (Closes: #525180)
  * Improve Archive::Tar error reporting on short corrupted archives.
    (Closes: #521613)
  * Fix use of -section in Pod::Usage and =over, =back. (Closes: #519785)
  * Archive::Tar now validates archives created by SunOS and HP-UX tar.
    (Closes: #516472)
  * XS_VERSION_BOOTCHECK may break if $VERSION is a long floating point number,
    so recommend using a string instead. (Closes: #482139)

 -- Niko Tyni <ntyni op debian.org>  Sun, 03 May 2009 15:08:58 +0300

perl (5.10.0-20) experimental; urgency=low

  * Manage debian/patches with TopGit as documented in README.source.
    + tweak patch descriptions to consistently have a one-line subject
  * Fixes cherry-picked from upstream:
    + Elaborate a confusing cross-reference in 'perldoc -f sort'.
      (Closes: #405470)
    + Fix a crash on binary-or lvalue operation on qr//. (Closes: #483150)
    + Fix h2xs enum handling with C++ comments. (Closes: #320286) 
    + Fix Data::Dumper::new() argument checking. (Closes: #512036)
    + setpgrp() no longer corrupts the stack. (Closes: #512796)
    + Document PERL_SYS_* macros. (Closes: #522099)
    + Fix pod2man to escape backslashes in .IX entries. (Closes: #521256)
    + Fix h2xs enum handling. (Closes: #502297)
    + Add a SEE ALSO section to perldoc.pod. (Closes: #444932)
  * Activate delayed-branch optimizations on hppa and mips again.
  * Disable ext/threads/shared/t/waithires.t on m68k due to missing TLS.
    (Closes: #517938)
  * Make perlivp skip include directories in /usr/local. (Closes: #510895)
  * Wrap overlong dependency lines in debian/control.
  * Add conflicts/replaces/provides for
    + libcpanplus-perl (Closes: #516289)
    + libsys-syslog-perl (Closes: #498885)
    + libcompress-zlib-perl
    + libcompress-raw-zlib-perl
    + libio-compress-zlib-perl
    + libio-compress-base-perl
    + libpod-escapes-perl
  * Version the build-conflict with libterm-readline-gnu-perl.
    (Closes: #498807)
  * Remove the Etch->Lenny upgrade specific conflicts introduced in 5.10.0-14.
  * Remove the obsolete replacement of libclass-multimethods-perl.
  * Remove the obsolete conflict with libapache-mod-perl.
  * Include copyright and license information for
    + the Unicode database (Closes: #493421)
    + the embedded zlib source in Compress::Raw::Zlib
    + the Cwd module
    + the C parts of File::Glob
  * Test .ph files during the build phase. Thanks to Kees Cook for the patch.
    (Closes: #511848)
    + fix h2ph to find <syslimits.h> again. (Closes: #522673)
  * Various lintian fixes and overrides, most importantly:
    + Use ${binary:Version} for arch:any->any dependencies.
    + Disable zlib bundling in Compress::Raw::Zlib.
      * needs a build-dependency on zlib1g-dev | libz-dev.
  * Include sysexits.ph. (Closes: #505289)
  * Upgrade to Standards-Version 3.8.1.
  * Upload to experimental to test the new h2ph checks.

 -- Niko Tyni <ntyni op debian.org>  Mon, 13 Apr 2009 00:01:02 +0300

php5 (5.3.3-7+squeeze15) squeeze-security; urgency=high

  * [CVE-2013-1635] Fixed external entity loading
  * [CVE-2013-1643] Check if soap.wsdl_cache_dir confirms to open_basedir

 -- Ondřej Surý <ondrej op debian.org>  Mon, 04 Mar 2013 13:34:39 +0100

php5 (5.3.3-7+squeeze14) squeeze-security; urgency=high

  * CVE-2012-2688: potential overflow in _php_stream_scandir
  * CVE-2012-3450: parsing bug in PDO can lead to access violations

 -- Ondřej Surý <ondrej op debian.org>  Mon, 06 Aug 2012 15:47:26 +0200

php5 (5.3.3-7+squeeze13) squeeze-security; urgency=high

  * Rebuild to work around against dak troubles.

 -- Florian Weimer <fw op deneb.enyo.de>  Sun, 10 Jun 2012 09:16:12 +0200

php5 (5.3.3-7+squeeze12) squeeze-security; urgency=low

  * CVE-2012-2386: one additional, similar vulnerable code construct in
    the Phar extension

 -- Ondřej Surý <ondrej op debian.org>  Tue, 29 May 2012 10:12:36 +0200

php5 (5.3.3-7+squeeze11) squeeze-security; urgency=low

  * Fix a regression which caused crash accessing global object itself
    returned from its __get() (Closes: #672687)
  * CVE-2012-2386: Fix integer overflow leading to heap-buffer overflow
    in the Phar extension

 -- Ondřej Surý <ondrej op debian.org>  Mon, 28 May 2012 16:02:31 +0200

php5 (5.3.3-7+squeeze9) squeeze-security; urgency=high

  * Add more return value checks for CVE-2011-4153 (pulled from OpenSUSE)
  * CVE-2012-1172: Fix insufficient validation of upload name leading
    to corrupted $_FILES indices
  * CVE-2012-1823,CVE-2012-2311: Fix PHP-CGI query string parameter
    vulnerability

 -- Ondřej Surý <ondrej op debian.org>  Tue, 08 May 2012 12:18:57 +0200

php5 (5.3.3-7+squeeze8) squeeze-security; urgency=low

  * Deprecated error should use E_DEPRECATED and not E_WARNING
    (Closes: #632838)
  * CVE-2012-0781: Fix for Tidy::diagnose() NULL pointer dereference
  * CVE-2011-4153: Fix PHP 5 does not always check the return value of
    the zend_strndup function
  * CVE-2010-4697: use-after-free vulnerability
  * CVE-2011-1092: denial of service and possible data disclosure
    through integer overflow
  * CVE-2011-1148: improve reference counting
  * CVE-2011-1464: limit amount of precision to ensure fitting within
    MAX_BUF_SIZE
  * CVE-2011-1467: check for invalid attribute symbols in
    NumberFormatter::setSymbol()
  * CVE-2011-1468: fix memory leak of openssl contexts
  * CVE-2011-1469: improve pointer handling to fix denial of service
    through application crash when using HTTP proxy with the FTP wrapper
  * CVE-2011-1470: denial of service through application crash when
    handling ziparchive streams
  * CVE-2011-1657: DoS in zip handling due to addGlob() crashing on
    invalid flags
  * CVE-2011-3182: DoS due to failure to check for memory allocation
    errors
  * CVE-2011-3267: DoS in errorlog() when passed NULL
  * CVE-2012-0788: PDORow session denial of service
  * CVE-2012-0831: magic_quotes_gpc remote disable vulnerability
    (NOTE: magic_quotes_gpc is DEPRECATED and will be removed from
    PHP 5.4, e.g. you should not use them in any case!)
  * CVE-2011-1072,CVE-2011-1144: symlink tmp races in pear install

 -- Ondřej Surý <ondrej op debian.org>  Fri, 10 Feb 2012 10:21:11 +0100

php5 (5.3.3-7+squeeze7) squeeze-security; urgency=low

  * CVE-2012-0830: Fix PHP remote vulnerability (code injection) in the
    implementation of the max_input_vars configuration variable

 -- Ondřej Surý <ondrej op debian.org>  Thu, 02 Feb 2012 18:24:21 +0100

php5 (5.3.3-7+squeeze6) squeeze-security; urgency=low

  * CVE-2012-0057: Pull complete fix including setting the default

 -- Ondřej Surý <ondrej op debian.org>  Tue, 31 Jan 2012 10:58:24 +0100

php5 (5.3.3-7+squeeze5) squeeze-security; urgency=high

  * Add Conflicts/Provides: php5-idn to php5-intl (Closes: #637057)
  * Refresh patches to apply cleanly on current source tree
  * CVE-2011-4566: integer overflow in exif_process_IFD_TAG() may
    lead to DoS or arbitrary memory disclosure
  * CVE-2011-4885: hash table collisions CPU usage DoS (oCERT-2011-003)
  * CVE-2012-0057: XSLT file writing vulnerability (Closes: #656308)

 -- Ondřej Surý <ondrej op debian.org>  Mon, 23 Jan 2012 12:24:12 +0100

php5 (5.3.3-7+squeeze4) squeeze-security; urgency=low

  * Fix regression when the salt is empty (Closes: #623220)
  * Fix CVE-2011-2483: 8-bit character mishandling allows different
    password pairs to produce the same hash (Closes: #631347)
  * Add support for $2x$ identifier as blowfish variant in crypt.c to
    allow backward compatibility with old invalid hashes
  * Fix CVE-2011-1938: Stack-based buffer overflow in the socket_connect
    function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might
    allow context-dependent attackers to execute arbitrary code via a
    long pathname for a UNIX socket.
  * Fix regression in crypt() blowfish algorithm which would fallback
    to DES if invalid blowfish salt rounds is given.  Now it returns
    the fail string (*0) to match with upstream.

 -- Ondřej Surý <ondrej op debian.org>  Mon, 04 Jul 2011 10:30:25 +0200

php5 (5.3.3-7+squeeze3) squeeze-security; urgency=low
  * Fix CVE-2011-2202: File path injection vulnerability in RFC1867 File
    upload filename
  * Refresh CVE-2011-2202 patch
  * Update gbp.conf for debian-squeeze branch

 -- Ondřej Surý <ondrej op debian.org>  Tue, 28 Jun 2011 10:03:34 +0200

php5 (5.3.3-7+squeeze2) squeeze-security; urgency=low

  * Fix regression with missing CRYPT_SALT_LENGTH symbol
  * Fix CVE-2011-0420: a NULL pointer dereference in grapheme_extract
  * Fix CVE-2011-0421: _zip_name_locate function in zip_name_locate.c
  * Fix CVE-2011-0708: incorrect cast on 64-bit platforms in exif.c
  * Fix CVE-2011-1153: multiple format string vulnerabilities in phar_object.c
  * Fix CVE-2011-1467: Already fixed in 5.3.3-7; just rename patch
  * Fix CVE-2011-1466: Already fixed in 5.3.3-7; just rename patch
  * Fix CVE-2011-1471: for integer signedness error in zip_stream.c
  * Fix reject-filenames-with-null-r305507.patch to not break oci8
    extension (doesn't affect any built code)

 -- Ondřej Surý <ondrej op debian.org>  Sat, 14 May 2011 16:59:49 +0200

php5 (5.3.3-7+squeeze1) squeeze-security; urgency=high

  * Fix CVE-2011-0441: arbitrary files removal via cronjob (Closes #618489)

 -- Raphael Geissert <geissert op debian.org>  Thu, 17 Mar 2011 21:06:26 -0600

php5 (5.3.3-7) unstable; urgency=low

  * Cherry pick patches for:
    + double free vulnerability in the imap_do_open function in the IMAP
      extension (CVE-2010-4150)
    + infinite loop with x87 CPU
    + extract() to not overwrite $GLOBALS and $this when using
      EXTR_OVERWRITE
    + crash if aa steps are invalid in GD extension
    + crash with entitity declaration in simplexml.c
    + NULL dereference in Zend language scanner
    + integer overflow in SdnToJulian
    + memory leaks and possible crash introduced by NULL poisoning patch
    + leaks and crash when passing the callback as a variable
    + leak in highlight_string
    + segmentation fault in pgsql_stmt_execute when postgres is down
    + segmentation fault when extending SplFixedArray
    + segmentation fault when node is NULL in simplexml.c
    + segmentation fault when using several cloned intl objects
    + segmentation fault when using bad column_number in sqlite3 columnName
  * Add comment about cherry picked patches (and last revision) from
    upstream SVN to README.source

 -- Ondřej Surý <ondrej op debian.org>  Wed, 05 Jan 2011 11:06:20 +0100

php5 (5.3.3-6) unstable; urgency=medium

  * Cherry-pick fix for crashes on invalid parameters in intl extension.
    (CVE-2010-4409).
  * Cherry pick fix for crash in zip extract method (possible CWE-170)
  * Cherry pick fix for unaligned memory access in ext/hash/hash_tiger.c
  * Update CVE-2010-3870 to include test case
  * Cherry pick complete fix to reject filenames with NULL (CVE requested)

 -- Ondřej Surý <ondrej op debian.org>  Tue, 07 Dec 2010 11:15:58 +0100

php5 (5.3.3-5) unstable; urgency=high

  * Add firebird support for armhf (Closes: #604526)
  * More updates to open_basedir (Closes: #605391)

 -- Ondřej Surý <ondrej op debian.org>  Tue, 30 Nov 2010 12:00:37 +0100

php5 (5.3.3-4) unstable; urgency=low

  * Cherry pick patches for (Closes: #603751):
    + NULL pointer dereference in ZipArchive::getArchiveComment
      (CVE-2010-3709)
    + utf8_decode xml_utf8_decode vulnerability (CVE-2010-3870)
    + mb_strcut() returns garbage with the excessive length parameter
      (CVE-2010-4156)
    + possible flaw in open_basedir (CVE-2010-3436)
    + segfault in SplFileObject::fscanf
    + memory leak in PDO::FETCH_INTO
    + crash when storing many SPLFixedArray in an array
    + possible crash in php_mssql_get_column_content_without_type()
    + cURL leaks handle and causes assertion error (CURLOPT_STDERR)
    + segfault when optional parameters are not passed in to mssql_connect
    + segfault when ssl stream option capture_peer_cert_chain used
    + crash in GC because of incorrect reference counting
    + crash when calling enchant_broker_get_dict_path before set_path
    + crash in pdo_firebird getAttribute()

 -- Ondřej Surý <ondrej op debian.org>  Wed, 17 Nov 2010 10:31:58 +0100

php5 (5.3.3-3) unstable; urgency=high

  * Fix segfault in filter_var with FILTER_VALIDATE_EMAIL with large
    amount of data (CVE-2010-3710, Closes: #601619)

 -- Ondřej Surý <ondrej op debian.org>  Wed, 27 Oct 2010 23:39:37 +0200

php5 (5.3.3-2) unstable; urgency=low

  * Upload 5.3.3 to unstable
    + Fixes CVE-2010-2225, CVE-2010-2094, CVE-2010-1917, CVE-2010-1866,
      CVE-2010-2531, CVE-2010-3065.
  * Don't build FPM SAPI now
  * Bump standards version to 3.9.1
  * Synchronize system crypt patch
  * Cherry pick upstream fix for format vulnerability in phar/stream.c
    + Fixes CVE-2010-2950.
  * Set explicit error level to hide warnings on systems with modified
    php.ini (Closes: #590485)
  * Apply patch to fix loading of extensions without [PHP] section
    (Closes: #595761)
  * Set session.gc_probability back to 0 (Closes: #595706)
  * Update PHP5 description to not include references to C, Java and
    Perl (Closes: #351032)

 -- Ondřej Surý <ondrej op debian.org>  Thu, 21 Oct 2010 16:57:53 +0200

php5 (5.3.3-1) experimental; urgency=low

  * Upload PHP 5.3.3 to experimental for further testing
    + Fixes odbc_autocommit (Closes: #586570)
    + Adds support for sqlite3_busy_timout (Closes: #589473)
    + Fixes CVE-2010-2225, CVE-2010-2094, CVE-2010-1917, CVE-2010-1866
      and other CVEs that do not apply to the Debian packages or are
      irrelevant as per the pre-5.3.2-2 security policy.
  * Changes pending update from unstable:
    + Use system crypt
  * Build the FPM SAPI.

 -- Raphael Geissert <geissert op debian.org>  Sat, 31 Jul 2010 15:53:12 -0400

php5 (5.3.2-2) unstable; urgency=low

  [ Ondřej Surý ]
  * Fix unittest about failing crypt() calls with invalid salt

  [ Raphael Geissert ]
  * Cherry pick upstream fix for mysqli_ssl_set (Closes: #572122)
  * Cherry pick patch to reset error status on beginTransaction()
  * Cherry pick patch to add missing definition of JSON_ERROR_UTF8
  * Cherry pick patch to fix SplFileInfo::getPathName()
  * Cherry pick patch to fix a memory leak in the cyclical gc
  * Cherry pick fix for memory leak in date when gc is enabled
  * Cherry pick patch to fix an unaligned mem access in the dba ext
  * Cherry pick fix for memory issues in mysqli_options (Closes: #577784)
  * Set default session.save_path to /var/lib/php5 (Closes: #576593)
  * Don't install an extra copy of php.ini-production
  * Remove obsolete TODO list
  * Add debian/source/format and set it to 1.0
  * Add doc-base registration for Structuctures_Graph documentation
  * Cherry pick patch to fix multiple typos
  * Synchronize enchant patch with changes committed upstream
  * Cherry pick patch to workaround BDB 4.8 bc changes (Closes: #570149)
  * Cherry pick patch to allow the timeout on mssql to be effective p/query
  * Cherry pick patch to correctly determine length of doc_root
  * Cherry pick patch to fix a memory leak in SoapServer::handle
  * Cherry pick patch to fix SplFileInf::fscanf()'s prototype
  * Test the mysql extensions too
  * Update the security policy for Squeeze and greater
  * Include ext_skel script (Closes: #530757)

  [ Sean Finney ]
  * Fix for parallel FTBFS in (Closes: #584348)
  * Import upstream fix for pdo_mysql segfaults (Closes: #581911)
    - thanks to Richard van den Berg <richard op vdberg.org>
  * Dynamically determine maxlifetime if possible. (Closes: #504053)
    - thanks to Chris Butler <chrisb op debian.org>

 -- Raphael Geissert <geissert op debian.org>  Sun, 18 Jul 2010 15:35:06 -0500

php5 (5.3.2-1) unstable; urgency=high

  [ Sean Finney ]
  * Fix improper signed overflow detection in filter extension
    (Closes: #570287)
  * Another integer overflow/underflow logic fix. (Closes: #570144)
  * new debian patch fix_filter_var_email_test.patch (Closes: #571764)
  * New debian patch fix_var_dump_64bit.phpt.patch (Closes: #571772)
  * New debian patch use_embedded_timezonedb_fixes.patch (Closes: #571762)

  [ Raphael Geissert ]
  * Build with qdbm support
  * Really run extensions' tests
  * Add a note about user_dirs in apache conf file (Closes: #571714)
  * Fix typo in debian/NEWS
  * Don't install a(nother) useless Structures_Graph sh script
  * Re-enable short_open_tag for CLI too (Closes: #573367)
  * Disable memory limit in CLI, letting ulimit do its job (Closes: #407425)
  * Fix the locale name in some tests (Closes: #573511)
  * Fix some gd tests that need the bundled library
  * Fix a null pointer dereference when processing invalid XML-RPC
    requests (CVE-2010-0397, Closes: #573573)
  * Fix an unaligned memory access in enchant_dict_suggest()
  * Fix another unaligned memory access in enchant
  * Test that the list of extensions to test is never empty
  * Update the list of alternative dependencies of php5-dbg
  * debian/rules cleanup
  * debian/control cleanup
  * Build against the system oniguruma library
  * Add libjpeg-dev as an alternative to libjpeg62-dev for future
    transitions

  [ Ondřej Surý ]
  * Imported Upstream version 5.3.2
  * Updated suhosin patch to 0.9.9.1 version.
  * Removed debian/patches/suhosin_page_size_fixes.patch. (Closes: #571974)
  * Refreshed debian/patches/001-libtool_fixes.patch
  * Refreshed debian/patches/006-debian_quirks.patch
  * Adapt debian patches to 5.3.2.
  * Remove "binary" contents from
    debian/patches/fix_var_dump_64bit.phpt.patch
  * New debian patch fix_broken_sha2_test.patch
  * New debian patch always_use_system_crypt.patch (Closes: #572601)
  * New debian patch php_crypt_revamped.patch (Closes: #572601)

 -- Raphael Geissert <geissert op debian.org>  Sat, 13 Mar 2010 15:11:48 -0600

php5 (5.3.1-5) unstable; urgency=low

  [ Sean Finney ]
  * Pass full path to php cli executable for unit tests
  * dont-gitclean-in-build.patch: Don't run git-clean via buildconf
  * update debian patch page_size_fixes.patch with upstream bug ref
  * new debian patch broken_5.3_test-posix_uname.patch (Closes: #570286)

  [ Raphael Geissert ]
  * Add build-dependency on netbase to fix a test (Closes: #570291)
  * Suhosin PAGE_SIZE fixes have been already forwarded
  * Fix a race condition on shtool's mkdir -p (Closes: #570111)
  * Actually test the binary that is to be shipped in the -cli package
  * Add some more documentation about the build system
  * Documentation updates
  * Update the suhosin patch version information
  * Build-dep on locales-all to enable multiple tests
  * Don't ship empty maintainer scripts
  * Add patch to allow building with qdbm
  * Test the extensions that don't require a special setup
  * Get the correct list of built-in extensions of apache2filter

 -- Raphael Geissert <geissert op debian.org>  Mon, 22 Feb 2010 10:41:51 -0600

php5 (5.3.1-4) unstable; urgency=low

  [ Raphael Geissert ]
  * Pass -O0 when using 'noopt' to actually disable any optimization
  * Add patch to use sysconf() to determine the page size
  * Add patch to remove PAGE_SIZE assumptions in suhosin code
  * Fix an unaligned memory access in the phar extension
  * Fix another unaligned memory access
  * Print the expected/actual output of failed test
  * Add missing PEAR directory (Closes: #542483)
  * Build sqlite3 as shared (Closes: #568956)
  * Add some more documentation about the source package

  [ Sean Finney ]
  * New debian patch fix_broken_5.3_tests.patch

 -- Raphael Geissert <geissert op debian.org>  Thu, 11 Feb 2010 02:22:47 -0600

php5 (5.3.1-3) unstable; urgency=low

  [ Ondřej Surý ]
  * get rid of php4 dependencies
  * Enable short_open_tag again (Closes: #537099)
  * fix dependency on automake1.4 in php5-dev package
  * fix typo s/firefox/firebird/ in changelog
  * Removed long inactive Adam Conrad and Jeroen van Wolffelaar from uploaders

  [ Raphael Geissert ]
  * Fix maintainer scripts to use php.ini-production (Closes: #565130)
  * Revert b22a350: Turn the phpapi dependencies into php5 | phpapi
  * Allow parallel building via parallel=n
  * Build with the hardening wrapper
  * Remove no-longer-needed dfsg-repack script
  * Add DEP-3-format metadata to some of the patches
  * Build the intl extension
  * Drop exif_read_data-segfault patch, merged upstream
  * Build the enchant extension
  * Add ${misc:Depends} where missing
  * Disable mod_php in user directories (Closes: #555606)
  * Add missing comment character to php.ini-paranoid (Closes: #564622)
  * Build the interbase extension on all the supported architectures

  [ Sean Finney ]
  * 5.3 upload for unstable. 
    - Includes backported fix for "ref converted to value" (Closes: #556237).

 -- Raphael Geissert <geissert op debian.org>  Sun, 07 Feb 2010 23:31:51 -0600

php5 (5.3.1-2) experimental; urgency=low

  * Merged changes from 5.2.x sid branch.  
  * Adapt mssql-null-exception.patch and sybase-alias.patch to 5.3.1
  * Update strcmp_null-OnUpdateErrorLog.patch; merged upstream, leave a
    patch with a test case
  * Removed check_ini_on_modify_status.patch and gentoo/117-
    4_digit_year_big_endian.patch; merged upstream
  * Removed max_file_uploads.patch; no need for backwards compatibility
    between major releases
  * Refreshed 112-proc_open.patch,exif_read_data-segfault.patch
  * Fix duplicate Provides: in debian/control introduced by cherry-
    picking 94f0ec3
  * Update sybase aliases to include correct arguments, needed for 5.3.x
  * Update Build-Depends: to include firebird2.1-dev as preferred
    alternative (Closes: #564691)
  * Reformat Build-Depends: to one-dependency-per-line
  * Reduce number of libdb*-dev to include only version in
    stable/testing/unstable
  * Switch to automake (>= 1.11) | automake1.11, depend on autoconf >=
    2.63 (Closes: #549148)

 -- Ondřej Surý <ondrej op debian.org>  Mon, 11 Jan 2010 16:56:01 +0100

php5 (5.3.1-1) experimental; urgency=low

  * Imported Upstream version 5.3.1
  * Change dependcy to libdb-dev instead on arbitrary version of
    libdb4.x-dev
  * Refreshed 006-debian_quirks patch to apply cleanly.
  * Removed 114-php_gd_segfault.patch, merged upstream.
  * Refreshed 115-autoconf_ftbfs.patch to apply cleanly
  * Updated suhosin.patch to 0.9.8 version for php-5.3.1
  * Refreshed 001-libtool_fixes.patch
  * Refreshed 004-ldap_fix.patch
  * Refreshed 013-force_getaddrinfo.patch
  * Refreshed 036-fd_setsize_fix.patch
  * Refreshed 052-phpinfo_no_configure.patch
  * Refreshed 053-extension_api.patch
  * Refreshed 108-64_bit_datetime.patch
  * Refreshed 113-php.ini_securitynotes.patch
  * Refreshed 116-posixness_fix.patch
  * Refreshed gentoo/006_ext-curl-set_opt-crash.patch
  * Refreshed gentoo/009_ob-memory-leaks.patch
  * Refreshed libedit_is_editline.patch
  * Refreshed suhosin.patch
  * Add .gitignore file to ignore .pc/ directory
  * Removed README.CVS-RULES from debian/php5-common.docs, file is no
    longer shipped by upstream.

 -- Ondřej Surý <ondrej op debian.org>  Thu, 07 Jan 2010 17:21:47 +0100

php5 (5.3.0-3) experimental; urgency=low

  * Fix segmentation fault in php-gd (Closes: #543496)
  * Update suhosin patch to 0.9.8 *BETA* and enable it again
  * Fix FTBFS with current autoconf/automake (Closes: #542906, #542088)
  * Add avr32-linux-gnu to no -gstabs toolchains (Closes: #543278)
  * Fix FTBFS on Debian Hurd (Closes: #530281)
  * Use updated (v7) version of use_embedded_timezonedb.patch (Closes: #535770)

 -- Ondřej Surý <ondrej op debian.org>  Tue, 25 Aug 2009 16:12:13 +0200

php5 (5.2.12.dfsg.1-2) unstable; urgency=low

  * Update Build-Depends: to include firebird2.1-dev as preferred
    alternative (Closes: #564691)
  * Reformat Build-Depends: to one-dependency-per-line
  * Reduce number of firebird*-dev to include only version in
    stable/testing/unstable
  * Reduce number of libdb*-dev to include only version in
    stable/testing/unstable
  * Switch to automake (>= 1.11) | automake1.11, depend on autoconf 
    (>= 2.63) (Closes: #549148)

 -- Ondřej Surý <ondrej op debian.org>  Mon, 11 Jan 2010 17:31:33 +0100

php5 (5.2.12.dfsg.1-1) unstable; urgency=low

  [ Thijs Kinkhorst ]
  * Change comment in module .ini snippets from # to ; to avoid deprecation
    warnings with PHP 5.3.0.

  [ Ondřej Surý ]
  * Imported Upstream version 5.2.12.dfsg.1
  * Removed manpage_spelling.patch, merged upstream.
  * Removed libedit_is_editline.patch, merged upstream.
  * Refreshed max_file_uploads.patch, patch can be removed, it's kept to
    raise max_file_uploads to 50.
  * Refreshed and updated suhosin.patch
  * Refreshed 001-libtool_fixes.patch, 004-ldap_fix.patch,
    006-debian_quirks.patch, 013-force_getaddrinfo.patch,
    034-apache2_umask_fix.patch, 053-extension_api.patch,
    056-mime_magic_liberal.patch, 115-autoconf_ftbfs.patch,
    gentoo/009_ob-memory-leaks.patch, mssql-null-exception.patch,
    use_embedded_timezonedb.patch
  * Removed autogenerated main/php_config.h.in from suhosin.patch
    (Ubuntu: #493761)
  * Short open tags are On again in php.ini-dist (Closes: #537099)
  * Don't leave .start if we are purging (Closes: #561739)
  * Add README.Debian file to /usr/share/doc/php-pear/PEAR, so the
    directory is not deleted (Closes: #563437, #542483)

  [ Upstream ]
  * Fix default pear.php.net channel definitions (Closes: #559029)

 -- Ondřej Surý <ondrej op debian.org>  Fri, 08 Jan 2010 18:18:43 +0100

php5 (5.2.11.dfsg.1-2) unstable; urgency=high

  * max_file_uploads: limit the maximum number of file uploads to 50
    + Reduces the chances of a temporary file exhaustion DoS
  * Add libdb4.8-dev as an alternative dependency (Closes: #555945)
  * Add libdb-dev as another alternative, hopefully the last one
    (Closes: #548486)
  * Add a versioned dependency on libtool 2.2 (Closes: #548015)
  * Use FilesMatch and SetHandler on apache setups (Closes: #491928)
  * Gentoo patch ext-curl-set_opt-crash has already been merged upstream
  * Drop unused lintian override

 -- Raphael Geissert <geissert op debian.org>  Sat, 21 Nov 2009 13:37:51 -0600

php5 (5.2.11.dfsg.1-1) unstable; urgency=low

  * New upstream release

  [ Fixes incorporated upstream ]
  * Fix 4-year digit year on big-endian platforms (Closes: #542301)
  * patch curl_streams_sleep.patch
  * patch strcmp_null-OnUpdateErrorLog.patch (partially addresses #540605)
  * patch check_ini_on_modify_status.patch

  [ Raphael Geissert ]
  * Add aliases to the mssql functions on the sybase extension (Closes: #523073)
  * Fix the rows_affected alias, it should be affected_rows
  * Avoid possible memory dumps via PG on restored ini values (Closes: #540605)

  [ Ondrej Sury ]
  * Fix FTBFS with current autoconf/automake (Closes: #542906, #542088)
  * Add avr32-linux-gnu to no -gstabs toolchains (Closes: #543278)
  * Fix FTBFS on Debian Hurd (Closes: #530281)
  * fix whitespace in libapache2-mod-php5.postinst

  [ Sean Finney ]
  * incorporate/ack previous NMU's, thanks Andreas.
  * update debian patch 115-autoconf_ftbfs.patch for new upstream version
  * update debian patch fix_broken_upstream_tests.patch
  * update debian patch mssql-null-exception.patch
  * refresh various quilt patches against new upstream version
  * remove no longer needed "legacy" support for conffile migration
  * add dpkg trigger in the apache2 and apache2filter sapis for reloading
    apache2 on extension updates (Closes: #490023, #524206)
  * let libmysqlclient15-dev be a fallback alternative for libmysqlclient-dev
    in case someone wants to backport the package.
  * update list of installed documentation

 -- Sean Finney <seanius op debian.org>  Sun, 20 Sep 2009 11:05:35 +0200

php5 (5.2.10.dfsg.1-2.2) unstable; urgency=medium

   * Non-maintainer upload.
   * Drop hand-crafted dependency on libmysqlclient15.

 -- Andreas Barth <aba op not.so.argh.org>  Mon, 31 Aug 2009 09:22:16 +0200

php5 (5.2.10.dfsg.1-2.1) unstable; urgency=medium

   * Non-maintainer upload.
   * Fix FTBFS with new autoconf. Thanks to Russ Allbery for the patch.
     Closes: #542906

 -- Andreas Barth <aba op not.so.argh.org>  Sun, 30 Aug 2009 13:49:40 +0200 

php5 (5.2.10.dfsg.1-2) unstable; urgency=low

  * Declare that PEAR replaces XML_UTIL (Closes: #534621)
  * Bump standards-version, no change needed
  * Fix an unconditional limit on dblib_driver.c (Closes: #534881)
  * Fix a segfault on exif_data_read with corrupted jpg files (Closes: #535888)
  * Recommend php5-suhosin, as suggested by Thijs (Closes: #529760)
  * Set sysconfig to /etc, to avoid getting /usr/etc in PHP_SYSCONFDIR
  * Add myself to uploaders
  * Fix the path to PEAR's config, directly in rules (Closes: #507762)

 -- Raphael Geissert <geissert op debian.org>  Thu, 09 Jul 2009 18:25:48 -0500

php5 (5.3.0-2) experimental; urgency=low

  * update configuration file names to new upstream naming convention

 -- Sean Finney <seanius op debian.org>  Wed, 01 Jul 2009 09:12:10 +0200

php5 (5.3.0-1) experimental; urgency=low

  * New Upstream Version

  [ Sean Finney ]
  * use ';' instead of '#' as comments in module ini files
  * remove binary package for php5-mhash which is now built-in
  * update removed windows modules in 006-debian_quirks.patch
  * quilt refresh for new upstream release

 -- Sean Finney <seanius op debian.org>  Tue, 30 Jun 2009 20:09:07 +0200

php5 (5.3.0~RC4-1) UNRELEASED; urgency=low

  * New Upstream Version

  [ Sean Finney ]
  * (temporarily) disable suhosin patch while it does not apply to 5.3
  * refresh various debian patches, fixing whitespace and offsets
  * copy the gbp.conf from debian-sid and adapt it for experimental
  * cherry-pick relevant gentoo patches from unstable
  * cherry-pick debian fixes in libtool2.2.patch from unstable
  * Update package sections to match override.

  [ Raphael Geissert ]
  * Detect the path to ltmain.sh at build time and set conflicts
    appropriately
  * Add libdb4.7-dev as an ORed build dependency to fix FTBFS
  * Update the Vcs-* fields to reflect the move from svn to git
  * Turn the phpapi dependencies into php5 | phpapi to fix
    installability issues
  * Bump Standards-Version to 3.8.1, no change needed
  * Add a set of lintian overrides for some FP spelling-error-in-binary

  [ Thijs Kinkhorst ]
  * Update php5-cli package description to make it more neutral

 -- Sean Finney <seanius op debian.org>  Mon, 29 Jun 2009 07:54:51 +0200

php5 (5.3.0~RC1-1) unstable; urgency=low

  * New Upstream Version

 -- Mark A. Hershberger <mhershberger op intrahealth.org>  Wed, 25 Mar 2009 19:39:48 -0400

php5 (5.2.9.dfsg.1-1) unstable; urgency=low

  * New upstream release (closes: #520538).
    - fixes regressions with parsing via libxml2 (closes: #520246, #520423).

  [ Sean Finney ]
  * Refresh all patches.
  * Update suhosin patch to 5.2.9, remove autotools-generated files (configure,
    php_config.h.in) and .dsp files from patch.
  * remove obsolete configure options from ./configure: --enable-memory-limit,
    --enable-track-vars, --enable-trans-sid, --enable-filepro and --enable-dbx.
  * Remove obsoleted patches which have been incorporated upstream:
    - snmp_leaks.patch
    - BG-initializing-fix.patch
    - CVE-2008-2829.patch
    - CVE-2008-3658.patch
    - CVE-2008-3659.patch
    - CVE-2008-3660.patch
    - CVE-2008-5557.patch
    - CVE-2008-5658.patch
    - pdo-fetchobject-prototype-error.patch
    - zend_object_handlers-invalid-write.patch
    - dba-inifile-truncation.patch
    - gentoo/freetds-compat.patch
    - gentoo/010_ticks-zts-crashes.patch
    - gentoo/019_new-memory-corruption.patch
    - gentoo/009_array-function-crashes.patch
    - gentoo/015_CVE-2008-2665-wrapper-safemode-bypass.patch
    - gentoo/017_xmlrpc-invalid-callback-crash.patch
    - gentoo/007_dom-setAttributeNode-crash.patch
    - gentoo/006_PDORow-crash.patch
    - gentoo/005_stream_context_set_params-crash.patch
  * Update fix_broken_upstream_tests.patch, one of the tests is fixed.

 -- Sean Finney <seanius op debian.org>  Tue, 24 Mar 2009 19:05:09 +0100

php5 (5.2.6.dfsg.1-3) unstable; urgency=low

  [ Sean Finney ]
  * Do not add -O2 to CFLAGS if DEB_BUILD_OPTIONS contains noopt.
  * Security related fixes:
    - php: inifile handler for the dba functions can be used to truncate a file
      Patch: dba-inifile-truncation.patch (closes: #507101).
    - CVE-2008-5658.patch: ZipArchive::extractTo directory traversal
      Patch: CVE-2008-5658.patch (closes: #507857).
      Thanks to Pierre Joye for help with the patch.

  [ Raphael Geissert ]
  * Picked up some patches from Gentoo (most included in PHP 5.2.7 and later):
    + patches/gentoo/005_stream_context_set_params-crash.patch
    + patches/gentoo/006_PDORow-crash.patch
    + patches/gentoo/007_dom-setAttributeNode-crash.patch
    + patches/gentoo/009_array-function-crashes.patch
    + patches/gentoo/010_ticks-zts-crashes.patch
    + patches/gentoo/015_CVE-2008-2665-wrapper-safemode-bypass.patch
    + patches/gentoo/017_xmlrpc-invalid-callback-crash.patch
    + patches/gentoo/019_new-memory-corruption.patch
    + patches/gentoo/freetds-compat.patch
      - was deprecated_freetds_check.patch

 -- Sean Finney <seanius op debian.org>  Sat, 24 Jan 2009 21:17:13 +0100

php5 (5.2.6.dfsg.1-2) unstable; urgency=low

  [ Sean Finney ]
  * Make sure a file used to track state is properly removed in the 
    postinst, thanks Raphael (closes: #511049).

  [ Thijs Kinkhorst ]
  * Fix watch file to mangle version.

  [ Raphael Geissert ]
  * Ship script used to take an upstream tarball and remove the non
    DFSG-free stuff, update watch file accordingly.

 -- Sean Finney <seanius op debian.org>  Tue, 13 Jan 2009 08:24:36 +0100

phpmyadmin (4:3.3.7-7) stable-security; urgency=low

  * Upload to stable for security issues.
  * CVE-2011-4107: XML external entity (XXE) injection attack
    (closes: 656247).
  * CVE-2011-1940, CVE-2011-3181: XSS in tracking feature.

  * Properly apply fix for minor issues
    CVE-2011-2642, CVE-2011-2719.

 -- Thijs Kinkhorst <thijs op debian.org>  Sun, 22 Jan 2012 13:34:08 +0100

phpmyadmin (4:3.3.7-6) stable-security; urgency=high

  * Upload to stable for security issues.
  * CVE-2011-2505: Possible session manipulation in Swekey
    authentication.
  * CVE-2011-2506: Possible code injection in setup script
    in case session variables are compromised.
  * CVE-2011-2507: Regular expression quoting issue in Synchronize
    code.
  * CVE-2011-2508: Possible directory traversal.
  * CVE-2011-2642: XSS in table Print view.
  * PMASA-2011-12: Possible superglobal and local variables
    manipulation in swekey authentication. [CVE-2011-2719]

 -- Thijs Kinkhorst <thijs op debian.org>  Tue, 26 Jul 2011 19:58:03 +0200

phpmyadmin (4:3.3.7-5) stable-security; urgency=high

  * Fixes SQL injection (PMASA-2011-2, CVE-2011-0987).

 -- Michal Čihař <nijel op debian.org>  Wed, 05 Jan 2011 10:19:01 +0100

phpmyadmin (4:3.3.7-3) unstable; urgency=high

  * Address two security issues (Closes: #608290):
  - It was possible to display arbitrary text and link to external site
    using parameters passed to particular script
    (CVE-2010-4480, PMASA-2010-9).
  - Phpinfo could be visible to not logged in users if this feature was
    enabled (minor issue; CVE-2010-4481, PMASA-2010-10).

 -- Thijs Kinkhorst <thijs op debian.org>  Thu, 30 Dec 2010 17:48:08 +0100

phpmyadmin (4:3.3.7-2) unstable; urgency=high

  * Fix XSS on search (PMASA-2010-8, CVE-2010-4329).

 -- Michal Čihař <nijel op debian.org>  Wed, 01 Dec 2010 15:08:04 +0100

phpmyadmin (4:3.3.7-1) unstable; urgency=low

  * New upstream release (Closes: #595974).
    - Fixes XSS in setup script (PMASA-2010-7, CVE-2010-3263).

 -- Michal Čihař <nijel op debian.org>  Thu, 09 Sep 2010 08:31:57 +0200

phpmyadmin (4:3.3.6-1) unstable; urgency=low
  
  [ Thijs Kinkhorst ]
  * New upstream bugfix release (Closes: #594755).

  [ Michal Čihař ]
  * Include configuration for tracking (Closes: #594188).

 -- Thijs Kinkhorst <thijs op debian.org>  Sun, 29 Aug 2010 10:48:09 +0200

phpmyadmin (4:3.3.5.1-1) unstable; urgency=low

  * New upstream security release (CVE-2010-3056).

 -- Michal Čihař <nijel op debian.org>  Fri, 20 Aug 2010 14:24:31 +0200

phpmyadmin (4:3.3.5-1) unstable; urgency=low

  * New upstream version.
  * Bump standards to 3.9.1.

 -- Michal Čihař <nijel op debian.org>  Tue, 27 Jul 2010 10:05:24 +0200

phpmyadmin (4:3.3.4-1) unstable; urgency=low

  * New upstream version.
  * Do not try to restart webserver if it is not installed (LP:  #573847),
  * Bump standards to 3.9.0.

 -- Michal Čihař <nijel op debian.org>  Mon, 28 Jun 2010 21:45:43 +0200

phpmyadmin (4:3.3.3-1) unstable; urgency=low

  * New upstream version (Closes: #581585).

 -- Michal Čihař <nijel op debian.org>  Fri, 14 May 2010 13:57:37 +0200

phpmyadmin (4:3.3.2-2) unstable; urgency=low

  * Add SQL to create tracking table on upgrade (LP:  #565627).
  * Include SQL script to create table with fixed SQL comments (LP: #563256).

 -- Michal Čihař <nijel op debian.org>  Mon, 26 Apr 2010 14:23:37 +0200

phpmyadmin (4:3.3.2-1) unstable; urgency=medium

  * New upstream release (closes: #577753).
  * Drop unneeded Indexes option from shipped apache.conf.
  * Anchor regexp to prevent truncation of schema (closes: #577395).

 -- Thijs Kinkhorst <thijs op debian.org>  Wed, 14 Apr 2010 10:55:42 +0200

phpmyadmin (4:3.3.1-1) unstable; urgency=low

  * New upstream release.

 -- Thijs Kinkhorst <thijs op debian.org>  Tue, 16 Mar 2010 21:52:33 +0100

phpmyadmin (4:3.3.0-1) unstable; urgency=low

  * New upstream version.
  * Rediff debian/patches.
  * Fix permissions on mediawiki export extension.

 -- Michal Čihař <nijel op debian.org>  Mon, 08 Mar 2010 15:25:00 +0100

phpmyadmin (4:3.2.5-2) unstable; urgency=low

  * Add conflict with broken mootools versions (Closes: #566601).
  * Fixup permissions only if file exists (LP: #481786).
  * Enable fastcgi module in lighttpd on install (Closes: #567336) 
    (LP: #283801).
  * Do not try to create Avahi service symlink if it already exists 
    (LP: #512246).
  * Bump standards to 3.8.4.

 -- Michal Čihař <nijel op debian.org>  Thu, 04 Feb 2010 13:21:28 +0100

phpmyadmin (4:3.2.5-1) unstable; urgency=low

  * New upstream release.

 -- Thijs Kinkhorst <thijs op debian.org>  Mon, 11 Jan 2010 21:42:18 +0100

phpmyadmin (4:3.2.4-2) unstable; urgency=low

  * Include also mootools extra which is required (Closes: #563211).

 -- Michal Čihař <nijel op debian.org>  Mon, 04 Jan 2010 16:16:22 +0100

phpmyadmin (4:3.2.4-1) unstable; urgency=low

  * New upstream release.

 -- Thijs Kinkhorst <thijs op debian.org>  Tue, 08 Dec 2009 18:35:56 +0100

phpmyadmin (4:3.2.3-4) unstable; urgency=low

  * Add missing symlink to mootools (LP: #487241).
  * Fix inverted logic of detecting dbconfig-common failure.

 -- Michal Čihař <nijel op debian.org>  Tue, 24 Nov 2009 14:33:09 +0100

phpmyadmin (4:3.2.3-3) unstable; urgency=low

  * Add DEP-3 patch headers.
  * Split documentation patch as it really should be separate.
  * Use dbconfig configuration only if it exists (LP: #416183).

 -- Michal Čihař <nijel op debian.org>  Mon, 16 Nov 2009 15:37:13 +0100

phpmyadmin (4:3.2.3-2) unstable; urgency=low

  * Do not hard fail if dbconfig configuration fails (LP: #456674).
  * Document that migration from pre dbconfig version might need configuration
    merge (Closes: #535058).
  * Document order of processing configuration files (Closes: #532960).
  * Convert to 3.0 (quilt) source format.

 -- Michal Čihař <nijel op debian.org>  Mon, 16 Nov 2009 15:18:59 +0100

phpmyadmin (4:3.2.3-1) unstable; urgency=low

  * New upstream release.
  * Improve description a bit (administrator does not support mysqli) 
    (Closes: #551788).

 -- Michal Čihař <nijel op debian.org>  Wed, 04 Nov 2009 08:51:57 +0100

phpmyadmin (4:3.2.2.1-1) unstable; urgency=low

  * New upstream version.
    - Fixes XSS (PMASA-2009-6, CVE-2009-3696, CVE-2009-3697).
  * Register documentation on doc-base.
  * Use mootools from Debian package rather than own copy.
  * Allow saving of configuration from setup script only after explicit action
    from administrator (Closes: #535044, #543460).

 -- Michal Čihař <nijel op debian.org>  Wed, 14 Oct 2009 10:58:28 +0200

phpmyadmin (4:3.2.2-1) unstable; urgency=low

  * New upstream version.
  * Bump policy to 3.8.3.

 -- Michal Čihař <nijel op debian.org>  Mon, 21 Sep 2009 10:26:22 +0200

phpmyadmin (4:3.2.1-1) unstable; urgency=high
  
  [ Thijs Kinkhorst ]
  * New upstream release. Fixes a (rather unimportant) security
    issue, bump urgency just to be sure.

  [ Michal Čihař ]
  * Fix path to setup script in README.Debian and debconf templates
    (Closes: #539518).

 -- Thijs Kinkhorst <thijs op debian.org>  Mon, 10 Aug 2009 21:14:19 +0200

phpmyadmin (4:3.2.0.1-1) unstable; urgency=high

  * New upstream version fixing XSS (PMASA-2009-5, CVE-2009-2284).
  * Document no empty password in README.Debian and the shipped sample
    configuration file (LP: #388703).
  * Install service file for avahi (if web service enabled and if avahi is
    installed) (LP: #369244).
  * Mention protecting of setup if not using provided configuration snippets
    for webservers.
  * Call ucf with --debconf-ok in postrm (Closes: #534894).

 -- Michal Čihař <nijel op debian.org>  Tue, 30 Jun 2009 14:05:13 +0200

phpmyadmin (4:3.2.0-1) unstable; urgency=low

  [ Thijs Kinkhorst ]
  * New upstream release.
    - Warns when gc_maxlifetime is less than cookie validity
      (closes: #499399).

  [ Michal Čihař ]
  * Adjust patches to make use of new upstream vendor configuration.
  * Switch to quilt from dpatch.
  * Update to policy 3.8.2 (no changes needed).

 -- Michal Čihař <nijel op debian.org>  Wed, 17 Jun 2009 16:37:11 +0200

phpmyadmin (4:3.1.5-1) unstable; urgency=low

  * New upstream release.

 -- Thijs Kinkhorst <thijs op debian.org>  Sun, 17 May 2009 12:55:15 +0200

phpmyadmin (4:3.1.4-1) unstable; urgency=low

  * New upstream release.

 -- Thijs Kinkhorst <thijs op debian.org>  Sat, 25 Apr 2009 19:03:00 +0200

phpmyadmin (4:3.1.3.1-1) unstable; urgency=high

  * New upstream security fix release.
    [CVE-2009-1148 CVE-2009-1149 CVE-2009-1150 CVE-2009-1151]
  * Checked package for policy 3.8.1, no changes necessary.

 -- Thijs Kinkhorst <thijs op debian.org>  Wed, 25 Mar 2009 19:10:40 +0100

phpmyadmin (4:3.1.3-1) unstable; urgency=low

  * New upstream release.

 -- Thijs Kinkhorst <thijs op debian.org>  Sun, 01 Mar 2009 12:01:59 +0100

phpmyadmin (4:3.1.2-2) unstable; urgency=low

  * Upload to unstable.
  * [INTL:es] Spanish debconf template update (Closes: #513690).

 -- Thijs Kinkhorst <thijs op debian.org>  Mon, 16 Feb 2009 17:58:28 +0100

phpmyadmin (4:3.1.2-1) experimental; urgency=low
  
  [ Thijs Kinkhorst ]
  * New upstream release.
  * Replace dh_clean -k by dh_prep.

  [ Michal Čihař ]
  * Better describe steps needed to access phpMyAdmin in README.Debian
    (Closes: #508703).

 -- Thijs Kinkhorst <thijs op debian.org>  Mon, 19 Jan 2009 20:59:17 +0100

phpmyadmin (4:3.1.1-1) experimental; urgency=high

  * New upstream release.
    - Fixes security issue PMASA-2008-10 (SQL injection).
      [CVE-2008-5621, CVE-2008-5622]

 -- Thijs Kinkhorst <thijs op debian.org>  Tue, 09 Dec 2008 21:08:00 +0100

phpmyadmin (4:3.1.0-1) experimental; urgency=low

  [ Thijs Kinkhorst ]
  * New upstream release.
    - Prevents logging in as root by default (Closes: #496442).

  [ Michal Čihař ]
  * New setup code in upstream.
    - Patch for setup.php is obsolete.
    - New patch for similar changes in new setup code.
    - Adjusted paths in webserver configs to new setup
    - Limit access to setup libraries in same way we do it for libraries.
  * Use upstream code for displaying changelog with links.
  * Use htpasswd backend for lighttpd.

 -- Michal Čihař <nijel op debian.org>  Sun, 30 Nov 2008 13:44:20 +0100

phpmyadmin (4:3.0.1.1-1) experimental; urgency=high

  * New upstream release to fix a security issue.
    [PMASA-2008-9, CVE-2008-4775]

 -- Thijs Kinkhorst <thijs op debian.org>  Fri, 31 Oct 2008 11:04:02 +0100

phpmyadmin (4:3.0.1-1) experimental; urgency=low

  * New upstream release.
    - Updates French translation (Closes: #502520).

 -- Thijs Kinkhorst <thijs op debian.org>  Tue, 28 Oct 2008 22:54:03 +0100

phpmyadmin (4:3.0.0-1) experimental; urgency=low

  * New upstream release.
    Includes security fix [PMASA-2008-8, CVE-2008-4326]

 -- Thijs Kinkhorst <thijs op debian.org>  Sun, 28 Sep 2008 11:11:04 +0200

phpmyadmin (4:3.0.0~rc2-1) experimental; urgency=high

  * New upstream release candidate.
    + Fixes code execution by authenticated users
      [CVE-2008-4096, PMASA-2008-7]
  * Make config-db.php owned by root:www-data and mode 0640.
  * Add recommends on mysql-cient for dbconfig-common.

 -- Thijs Kinkhorst <thijs op debian.org>  Tue, 16 Sep 2008 09:00:50 +0200

phpmyadmin (4:3.0.0~rc1-2) experimental; urgency=low

  * Create phpmyadmin databases by dbconfig-common.
  * Default phpMyAdmin configuration now comes from dbconfig-common.
  * Update README.Debian to match above changes.

 -- Michal Čihař <nijel op debian.org>  Sun, 07 Sep 2008 23:33:13 +0200

phpmyadmin (4:3.0.0~rc1-1) experimental; urgency=low

  [ Thijs Kinkhorst ]
  * New upstream release candidate.
  
  [ Michal Čihař ]
  * Disallow access to libraries when using lighttpd.

 -- Thijs Kinkhorst <thijs op debian.org>  Sun, 07 Sep 2008 18:34:18 +0200

phpmyadmin (4:3.0.0~beta-1) experimental; urgency=low

  * New upstream bèta release.

 -- Thijs Kinkhorst <thijs op debian.org>  Fri, 22 Aug 2008 14:03:36 +0200

phpmyadmin (4:3.0.0~alpha-1) experimental; urgency=low

  * New upstream alpha release: 3.0.0.
  * Don't install readme.php if we don't install README.
  * Use debhelper level 7.
  * Remove dependencies for PHP4 and Apache 1 (Closes: #431885),
    and legacy upgrading code.
  * Remove paths from lighty-{en,dis}able-mod.

 -- Thijs Kinkhorst <thijs op debian.org>  Mon, 11 Aug 2008 17:06:26 +0200

postgresql-8.4 (8.4.17-0squeeze1) stable-security; urgency=high

  * New upstream security/bug fix release:
    - Reset OpenSSL randomness state in each postmaster child process.
      This avoids a scenario wherein random numbers generated by
      "contrib/pgcrypto" functions might be relatively easy for another
      database user to guess. The risk is only significant when the
      postmaster is configured with ssl = on but most connections don't
      use SSL encryption. [CVE-2013-1900]
    - Fix GiST indexes to not use "fuzzy" geometric comparisons when it's
      not appropriate to do so.
      The core geometric types perform comparisons using "fuzzy"
      equality, but gist_box_same must do exact comparisons, else GiST
      indexes using it might become inconsistent. After installing this
      update, users should "REINDEX" any GiST indexes on box, polygon,
      circle, or point columns, since all of these use gist_box_same.
    - Fix erroneous range-union and penalty logic in GiST indexes that
      use "contrib/btree_gist" for variable-width data types, that is
      text, bytea, bit, and numeric columns.
      These errors could result in inconsistent indexes in which some
      keys that are present would not be found by searches, and also in
      useless index bloat. Users are advised to "REINDEX" such indexes
      after installing this update.
    - Fix bugs in GiST page splitting code for multi-column indexes.
      These errors could result in inconsistent indexes in which some
      keys that are present would not be found by searches, and also in
      indexes that are unnecessarily inefficient to search. Users are
      advised to "REINDEX" multi-column GiST indexes after installing
      this update.
    - See HISTORY/changelog.gz for the other bug fixes.

 -- Martin Pitt <mpitt op debian.org>  Tue, 02 Apr 2013 11:27:17 +0200

postgresql-8.4 (8.4.16-0squeeze1) stable-security; urgency=high

  * New upstream security/bug fix release:
    - Prevent execution of enum_recv from SQL
      The function was misdeclared, allowing a simple SQL command to crash the
      server.  In principle an attacker might be able to use it to examine the
      contents of server memory.  Our thanks to Sumit Soni (via Secunia SVCRP)
      for reporting this issue. (CVE-2013-0255)
    - See HISTORY/changelog.gz for the other bug fixes.

 -- Martin Pitt <mpitt op debian.org>  Sat, 16 Feb 2013 21:55:37 +0100

postgresql-8.4 (8.4.15-0squeeze1) stable; urgency=low

  * New upstream bug fix release:
    - Fix multiple bugs associated with "CREATE INDEX CONCURRENTLY"
      Fix "CREATE INDEX CONCURRENTLY" to use in-place updates when
      changing the state of an index's pg_index row. This prevents race
      conditions that could cause concurrent sessions to miss updating
      the target index, thus resulting in corrupt concurrently-created
      indexes.
      Also, fix various other operations to ensure that they ignore
      invalid indexes resulting from a failed "CREATE INDEX CONCURRENTLY"
      command. The most important of these is "VACUUM", because an
      auto-vacuum could easily be launched on the table before corrective
      action can be taken to fix or remove the invalid index.
    - See HISTORY/changelog.gz for details about other bug fixes.

 -- Martin Pitt <mpitt op debian.org>  Mon, 10 Dec 2012 16:45:16 +0100

postgresql-8.4 (8.4.13-0squeeze1) stable-security; urgency=low

  * New upstream security/bug fix release:
    - Prevent access to external files/URLs via XML entity references.
      xml_parse() would attempt to fetch external files or URLs as needed
      to resolve DTD and entity references in an XML value, thus allowing
      unprivileged database users to attempt to fetch data with the
      privileges of the database server. While the external data wouldn't
      get returned directly to the user, portions of it could be exposed
      in error messages if the data didn't parse as valid XML; and in any
      case the mere ability to check existence of a file might be useful
      to an attacker. (CVE-2012-3489)
    - Prevent access to external files/URLs via "contrib/xml2"'s
      xslt_process().
      libxslt offers the ability to read and write both files and URLs
      through stylesheet commands, thus allowing unprivileged database
      users to both read and write data with the privileges of the
      database server. Disable that through proper use of libxslt's
      security options. (CVE-2012-3488)
      Also, remove xslt_process()'s ability to fetch documents and
      stylesheets from external files/URLs. While this was a documented
      "feature", it was long regarded as a bad idea. The fix for
      CVE-2012-3489 broke that capability, and rather than expend effort
      on trying to fix it, we're just going to summarily remove it.
    - Prevent too-early recycling of btree index pages.
      When we allowed read-only transactions to skip assigning XIDs, we
      introduced the possibility that a deleted btree page could be
      recycled while a read-only transaction was still in flight to it.
      This would result in incorrect index search results. The
      probability of such an error occurring in the field seems very low
      because of the timing requirements, but nonetheless it should be
      fixed.
    - Fix crash-safety bug with newly-created-or-reset sequences.
      If "ALTER SEQUENCE" was executed on a freshly created or reset
      sequence, and then precisely one nextval() call was made on it, and
      then the server crashed, WAL replay would restore the sequence to a
      state in which it appeared that no nextval() had been done, thus
      allowing the first sequence value to be returned again by the next
      nextval() call. In particular this could manifest for serial
      columns, since creation of a serial column's sequence includes an
      "ALTER SEQUENCE OWNED BY" step.
    - Ensure the "backup_label" file is fsync'd after pg_start_backup().
    - Back-patch 9.1 improvement to compress the fsync request queue.
      This improves performance during checkpoints. The 9.1 change has
      now seen enough field testing to seem safe to back-patch.
    - Only allow autovacuum to be auto-canceled by a directly blocked
      process.
      The original coding could allow inconsistent behavior in some
      cases; in particular, an autovacuum could get canceled after less
      than deadlock_timeout grace period.
    - Improve logging of autovacuum cancels.
    - Fix log collector so that log_truncate_on_rotation works during the
      very first log rotation after server start.
    - Fix WITH attached to a nested set operation
      (UNION/INTERSECT/EXCEPT).
    - Ensure that a whole-row reference to a subquery doesn't include any
      extra GROUP BY or ORDER BY columns.
    - Disallow copying whole-row references in CHECK constraints and
      index definitions during "CREATE TABLE".
      This situation can arise in "CREATE TABLE" with LIKE or INHERITS.
      The copied whole-row variable was incorrectly labeled with the row
      type of the original table not the new one. Rejecting the case
      seems reasonable for LIKE, since the row types might well diverge
      later. For INHERITS we should ideally allow it, with an implicit
      coercion to the parent table's row type; but that will require more
      work than seems safe to back-patch.
    - Fix memory leak in ARRAY(SELECT ...) subqueries.
    - Fix extraction of common prefixes from regular expressions.
      The code could get confused by quantified parenthesized
      subexpressions, such as ^(foo)?bar. This would lead to incorrect
      index optimization of searches for such patterns.
    - Fix bugs with parsing signed "hh":"mm" and "hh":"mm":"ss" fields in
      interval constants.
    - Report errors properly in "contrib/xml2"'s xslt_process().

 -- Martin Pitt <mpitt op debian.org>  Fri, 24 Aug 2012 08:25:46 +0200

postgresql-8.4 (8.4.12-0squeeze1) stable-security; urgency=low

  * New upstream security/bug fix release:
    - Fix incorrect password transformation in "contrib/pgcrypto"'s DES
      crypt() function.
      If a password string contained the byte value 0x80, the remainder
      of the password was ignored, causing the password to be much weaker
      than it appeared. With this fix, the rest of the string is properly
      included in the DES hash. Any stored password values that are
      affected by this bug will thus no longer match, so the stored
      values may need to be updated. (CVE-2012-2143)
    - Ignore SECURITY DEFINER and SET attributes for a procedural
      language's call handler.
      Applying such attributes to a call handler could crash the server.
      (CVE-2012-2655)
    - Allow numeric timezone offsets in timestamp input to be up to 16
      hours away from UTC.
      Some historical time zones have offsets larger than 15 hours, the
      previous limit. This could result in dumped data values being
      rejected during reload.
    - Fix timestamp conversion to cope when the given time is exactly the
      last DST transition time for the current timezone.
      This oversight has been there a long time, but was not noticed
      previously because most DST-using zones are presumed to have an
      indefinite sequence of future DST transitions.
    - Fix text to name and char to name casts to perform string
      truncation correctly in multibyte encodings.
    - Fix memory copying bug in to_tsquery().
    - Fix planner's handling of outer PlaceHolderVars within subqueries.
      This bug concerns sub-SELECTs that reference variables coming from
      the nullable side of an outer join of the surrounding query. In
      9.1, queries affected by this bug would fail with "ERROR:
      Upper-level PlaceHolderVar found where not expected". But in 9.0
      and 8.4, you'd silently get possibly-wrong answers, since the value
      transmitted into the subquery wouldn't go to null when it should.
    - Fix slow session startup when pg_attribute is very large.
      If pg_attribute exceeds one-fourth of shared_buffers, cache
      rebuilding code that is sometimes needed during session start would
      trigger the synchronized-scan logic, causing it to take many times
      longer than normal. The problem was particularly acute if many new
      sessions were starting at once.
    - Ensure sequential scans check for query cancel reasonably often.
      A scan encountering many consecutive pages that contain no live
      tuples would not respond to interrupts meanwhile.
    - Ensure the Windows implementation of PGSemaphoreLock() clears
      ImmediateInterruptOK before returning.
      This oversight meant that a query-cancel interrupt received later
      in the same query could be accepted at an unsafe time, with
      unpredictable but not good consequences.
    - Show whole-row variables safely when printing views or rules.
      Corner cases involving ambiguous names (that is, the name could be
      either a table or column name of the query) were printed in an
      ambiguous way, risking that the view or rule would be interpreted
      differently after dump and reload. Avoid the ambiguous case by
      attaching a no-op cast.
    - Fix "COPY FROM" to properly handle null marker strings that
      correspond to invalid encoding.
      A null marker string such as E'\\0' should work, and did work in
      the past, but the case got broken in 8.4.
    - Ensure autovacuum worker processes perform stack depth checking
      properly.
      Previously, infinite recursion in a function invoked by
      auto-"ANALYZE" could crash worker processes.
    - Fix logging collector to not lose log coherency under high load.
      The collector previously could fail to reassemble large messages if
      it got too busy.
    - Fix logging collector to ensure it will restart file rotation after
      receiving SIGHUP.
    - Fix WAL replay logic for GIN indexes to not fail if the index was
      subsequently dropped>
    - Fix memory leak in PL/pgSQL's "RETURN NEXT" command.
    - Fix PL/pgSQL's "GET DIAGNOSTICS" command when the target is the
      function's first variable.
    - Fix potential access off the end of memory in psql's expanded
      display ("\x") mode.
    - Fix several performance problems in pg_dump when the database
      contains many objects.
      pg_dump could get very slow if the database contained many schemas,
      or if many objects are in dependency loops, or if there are many
      owned sequences.
    - Fix "contrib/dblink"'s dblink_exec() to not leak temporary database
      connections upon error.
    - Fix "contrib/dblink" to report the correct connection name in error
      messages.
  * debian/patches/15-revert-typmod-check.patch: Unfuzz to apply to new
    version.
  * debian/control: Move bzr branches to alioth, so that other members of
    pkg-postgresql can commit. Update Vcs-* tags.

 -- Martin Pitt <mpitt op debian.org>  Mon, 04 Jun 2012 09:53:26 +0200

postgresql-8.4 (8.4.11-0squeeze1) stable-security; urgency=high

  * New upstream bug fix/security release:
    - Require execute permission on the trigger function for "CREATE
      TRIGGER".
      This missing check could allow another user to execute a trigger
      function with forged input data, by installing it on a table he
      owns. This is only of significance for trigger functions marked
      SECURITY DEFINER, since otherwise trigger functions run as the
      table owner anyway. (CVE-2012-0866)
    - Remove arbitrary limitation on length of common name in SSL
      certificates.
      Both libpq and the server truncated the common name extracted from
      an SSL certificate at 32 bytes. Normally this would cause nothing
      worse than an unexpected verification failure, but there are some
      rather-implausible scenarios in which it might allow one
      certificate holder to impersonate another. The victim would have to
      have a common name exactly 32 bytes long, and the attacker would
      have to persuade a trusted CA to issue a certificate in which the
      common name has that string as a prefix. Impersonating a server
      would also require some additional exploit to redirect client
      connections. (CVE-2012-0867)
    - Convert newlines to spaces in names written in pg_dump comments.
      pg_dump was incautious about sanitizing object names that are
      emitted within SQL comments in its output script. A name containing
      a newline would at least render the script syntactically incorrect.
      Maliciously crafted object names could present a SQL injection risk
      when the script is reloaded. (CVE-2012-0868)
    - Fix btree index corruption from insertions concurrent with
      vacuuming.
      An index page split caused by an insertion could sometimes cause a
      concurrently-running "VACUUM" to miss removing index entries that
      it should remove. After the corresponding table rows are removed,
      the dangling index entries would cause errors (such as "could not
      read block N in file ...") or worse, silently wrong query results
      after unrelated rows are re-inserted at the now-free table
      locations. This bug has been present since release 8.2, but occurs
      so infrequently that it was not diagnosed until now. If you have
      reason to suspect that it has happened in your database, reindexing
      the affected index will fix things.
    - Update per-column permissions, not only per-table permissions, when
      changing table owner.
      Failure to do this meant that any previously granted column
      permissions were still shown as having been granted by the old
      owner. This meant that neither the new owner nor a superuser could
      revoke the now-untraceable-to-table-owner permissions.
    - Allow non-existent values for some settings in "ALTER USER/DATABASE
      SET".
      Allow default_text_search_config, default_tablespace, and
      temp_tablespaces to be set to names that are not known. This is
      because they might be known in another database where the setting
      is intended to be used, or for the tablespace cases because the
      tablespace might not be created yet. The same issue was previously
      recognized for search_path, and these settings now act like that
      one.
    - Avoid crashing when we have problems deleting table files
      post-commit.
      Dropping a table should lead to deleting the underlying disk files
      only after the transaction commits. In event of failure then (for
      instance, because of wrong file permissions) the code is supposed
      to just emit a warning message and go on, since it's too late to
      abort the transaction. This logic got broken as of release 8.4,
      causing such situations to result in a PANIC and an unrestartable
      database.
    - Track the OID counter correctly during WAL replay, even when it
      wraps around.
      Previously the OID counter would remain stuck at a high value until
      the system exited replay mode. The practical consequences of that
      are usually nil, but there are scenarios wherein a standby server
      that's been promoted to master might take a long time to advance
      the OID counter to a reasonable value once values are needed.
    - Fix regular expression back-references with - attached.
      Rather than enforcing an exact string match, the code would
      effectively accept any string that satisfies the pattern
      sub-expression referenced by the back-reference symbol.
      A similar problem still afflicts back-references that are embedded
      in a larger quantified expression, rather than being the immediate
      subject of the quantifier. This will be addressed in a future
      PostgreSQL release.
    - Fix recently-introduced memory leak in processing of inet/cidr
      values.
    - Fix dangling pointer after "CREATE TABLE AS"/"SELECT INTO" in a
      SQL-language function.
      In most cases this only led to an assertion failure in
      assert-enabled builds, but worse consequences seem possible.
    - Fix I/O-conversion-related memory leaks in plpgsql.
    - Improve pg_dump's handling of inherited table columns.
      pg_dump mishandled situations where a child column has a different
      default expression than its parent column. If the default is
      textually identical to the parent's default, but not actually the
      same (for instance, because of schema search path differences) it
      would not be recognized as different, so that after dump and
      restore the child would be allowed to inherit the parent's default.
      Child columns that are NOT NULL where their parent is not could
      also be restored subtly incorrectly.
    - Fix pg_restore's direct-to-database mode for INSERT-style table
      data.
      Direct-to-database restores from archive files made with
      "--inserts" or "--column-inserts" options fail when using
      pg_restore from a release dated September or December 2011, as a
      result of an oversight in a fix for another problem. The archive
      file itself is not at fault, and text-mode output is okay.
    - Allow AT option in ecpg DEALLOCATE statements.
      The infrastructure to support this has been there for awhile, but
      through an oversight there was still an error check rejecting the
      case.
    - Fix error in "contrib/intarray"'s int[] & int[] operator.
      If the smallest integer the two input arrays have in common is 1,
      and there are smaller values in either array, then 1 would be
      incorrectly omitted from the result.
    - Fix error detection in "contrib/pgcrypto"'s encrypt_iv() and
      decrypt_iv().
      These functions failed to report certain types of invalid-input
      errors, and would instead return random garbage values for
      incorrect input.
    - Fix one-byte buffer overrun in "contrib/test_parser".
      The code would try to read one more byte than it should, which
      would crash in corner cases. Since "contrib/test_parser" is only
      example code, this is not a security issue in itself, but bad
      example code is still bad.
    - Use __sync_lock_test_and_set() for spinlocks on ARM, if available.
      This function replaces our previous use of the SWPB instruction,
      which is deprecated and not available on ARMv6 and later. Reports
      suggest that the old code doesn't fail in an obvious way on recent
      ARM boards, but simply doesn't interlock concurrent accesses,
      leading to bizarre failures in multiprocess operation.
    - Use "-fexcess-precision=standard" option when building with gcc
      versions that accept it.
      This prevents assorted scenarios wherein recent versions of gcc
      will produce creative results.
    - Allow use of threaded Python on FreeBSD.
      Our configure script previously believed that this combination
      wouldn't work; but FreeBSD fixed the problem, so remove that error
      check.
  * Drop 04-armel-tas.patch, applied upstream.

 -- Martin Pitt <mpitt op debian.org>  Sat, 25 Feb 2012 11:52:09 +0100

postgresql-8.4 (8.4.10-0squeeze1) stable; urgency=low

  * New upstream bug fix release:
    - Fix bugs in information_schema.referential_constraints view.
      This view was being insufficiently careful about matching the
      foreign-key constraint to the depended-on primary or unique key
      constraint. That could result in failure to show a foreign key
      constraint at all, or showing it multiple times, or claiming that
      it depends on a different constraint than the one it really does.
      Since the view definition is installed by initdb, merely upgrading
      will not fix the problem. If you need to fix this in an existing
      installation, you can (as a superuser) drop the information_schema
      schema then re-create it by sourcing
      "SHAREDIR/information_schema.sql". (Run pg_config --sharedir if
      you're uncertain where "SHAREDIR" is.) This must be repeated in
      each database to be fixed.
    - Fix incorrect replay of WAL records for GIN index updates.
      This could result in transiently failing to find index entries
      after a crash, or on a hot-standby server. The problem would be
      repaired by the next "VACUUM" of the index, however.
    - Fix TOAST-related data corruption during CREATE TABLE dest AS
      SELECT - FROM src or INSERT INTO dest SELECT * FROM src.
      If a table has been modified by "ALTER TABLE ADD COLUMN", attempts
      to copy its data verbatim to another table could produce corrupt
      results in certain corner cases. The problem can only manifest in
      this precise form in 8.4 and later, but we patched earlier versions
      as well in case there are other code paths that could trigger the
      same bug.
    - Fix race condition during toast table access from stale syscache
      entries.
    - Track dependencies of functions on items used in parameter default
      expressions. Previously, a referenced object could be dropped without
      having dropped or modified the function, leading to misbehavior when the
      function was used. Note that merely installing this update will not fix
      the missing dependency entries; to do that, you'd need to "CREATE OR
      REPLACE" each such function afterwards. If you have functions whose
      defaults depend on non-built-in objects, doing so is recommended.
    - Allow inlining of set-returning SQL functions with multiple OUT
      parameters.
    - Make DatumGetInetP() unpack inet datums that have a 1-byte header,
      and add a new macro, DatumGetInetPP(), that does not.
    - Improve locale support in money type's input and output.
      Aside from not supporting all standard lc_monetary formatting
      options, the input and output functions were inconsistent, meaning
      there were locales in which dumped money values could not be
      re-read.
    - Don't let transform_null_equals affect CASE foo WHEN NULL ...
      constructs. transform_null_equals is only supposed to affect foo = NULL
      expressions written directly by the user, not equality checks
      generated internally by this form of CASE.
    - Change foreign-key trigger creation order to better support
      self-referential foreign keys. For a cascading foreign key that
      references its own table, a row update will fire both the ON UPDATE
      trigger and the CHECK trigger as one event. The ON UPDATE trigger must
      execute first, else the CHECK will check a non-final state of the row
      and possibly throw an inappropriate error. However, the firing order of
      these triggers is determined by their names, which generally sort in
      creation order since the triggers have auto-generated names following
      the convention "RI_ConstraintTrigger_NNNN". A proper fix would require
      modifying that convention, which we will do in 9.2, but it seems risky
      to change it in existing releases. So this patch just changes the
      creation order of the triggers. Users encountering this type of error
      should drop and re-create the foreign key constraint to get its triggers
      into the right order.
    - Avoid floating-point underflow while tracking buffer allocation
      rate.
    - Preserve blank lines within commands in psql's command history.
      The former behavior could cause problems if an empty line was
      removed from within a string literal, for example.
    - Fix pg_dump to dump user-defined casts between auto-generated
      types, such as table rowtypes.
    - Use the preferred version of xsubpp to build PL/Perl, not
      necessarily the operating system's main copy.
    - Fix incorrect coding in "contrib/dict_int" and "contrib/dict_xsyn".
    - Honor query cancel interrupts promptly in pgstatindex().
    - Ensure VPATH builds properly install all server header files.
    - Shorten file names reported in verbose error messages.
      Regular builds have always reported just the name of the C file
      containing the error message call, but VPATH builds formerly
      reported an absolute path name.

 -- Martin Pitt <mpitt op debian.org>  Sat, 03 Dec 2011 16:56:34 +0100

postgresql-8.4 (8.4.9-0squeeze1) stable-security; urgency=low

  * New upstream bug fix/security release:
     - Fix bugs in indexing of in-doubt HOT-updated tuples.
       These bugs could result in index corruption after reindexing a
       system catalog. They are not believed to affect user indexes.
     - Fix multiple bugs in GiST index page split processing.
       The probability of occurrence was low, but these could lead to
       index corruption.
     - Fix possible buffer overrun in tsvector_concat().
       The function could underestimate the amount of memory needed for
       its result, leading to server crashes.
     - Fix crash in xml_recv when processing a "standalone" parameter.
     - Make pg_options_to_table return NULL for an option with no value.
       Previously such cases would result in a server crash.
     - Avoid possibly accessing off the end of memory in "ANALYZE" and in
       SJIS-2004 encoding conversion.
       This fixes some very-low-probability server crash scenarios.
     - Prevent intermittent hang in interactions of startup process with
       bgwriter process.
       This affected recovery in non-hot-standby cases.
     - Fix race condition in relcache init file invalidation.
       There was a window wherein a new backend process could read a stale
       init file but miss the inval messages that would tell it the data
       is stale. The result would be bizarre failures in catalog accesses,
       typically "could not read block 0 in file ..." later during
       startup.
     - Fix memory leak at end of a GiST index scan.
       Commands that perform many separate GiST index scans, such as
       verification of a new GiST-based exclusion constraint on a table
       already containing many rows, could transiently require large
       amounts of memory due to this leak.
     - Fix incorrect memory accounting (leading to possible memory bloat)
       in tuplestores supporting holdable cursors and plpgsql's RETURN
       NEXT command.
     - Fix performance problem when constructing a large, lossy bitmap.
     - Fix join selectivity estimation for unique columns.
       This fixes an erroneous planner heuristic that could lead to poor
       estimates of the result size of a join.
     - Fix nested PlaceHolderVar expressions that appear only in
       sub-select target lists. This mistake could result in outputs of an
       outer join incorrectly appearing as NULL.
     - Allow nested EXISTS queries to be optimized properly.
     - Fix array- and path-creating functions to ensure padding bytes are
       zeroes.  This avoids some situations where the planner will think that
       semantically-equal constants are not equal, resulting in poor
       optimization.
     - Fix "EXPLAIN" to handle gating Result nodes within inner-indexscan
       subplans.  The usual symptom of this oversight was "bogus varno" errors.
     - Work around gcc 4.6.0 bug that breaks WAL replay.  This could lead to
       loss of committed transactions after a server crash.
     - Fix dump bug for VALUES in a view.
     - Disallow SELECT FOR UPDATE/SHARE on sequences.
       This operation doesn't work as expected and can lead to failures.
     - Fix "VACUUM" so that it always updates pg_class.reltuples/relpages.
       This fixes some scenarios where autovacuum could make increasingly
       poor decisions about when to vacuum tables.
     - Defend against integer overflow when computing size of a hash table.
     - Fix cases where "CLUSTER" might attempt to access already-removed
       TOAST data.
     - Fix portability bugs in use of credentials control messages for
       "peer" authentication.
     - Fix SSPI login when multiple roundtrips are required.
       The typical symptom of this problem was "The function requested is
       not supported" errors during SSPI login.
     - Throw an error if "pg_hba.conf" contains hostssl but SSL is
       disabled.  This was concluded to be more user-friendly than the
       previous behavior of silently ignoring such lines.
     - Fix typo in pg_srand48 seed initialization.
       This led to failure to use all bits of the provided seed. This
       function is not used on most platforms (only those without
       srandom), and the potential security exposure from a
       less-random-than-expected seed seems minimal in any case.
     - Avoid integer overflow when the sum of LIMIT and OFFSET values
       exceeds 2^63.
     - Add overflow checks to int4 and int8 versions of generate_series().
     - Fix trailing-zero removal in to_char().  In a format with FM and no
       digit positions after the decimal point, zeroes to the left of the
       decimal point could be removed incorrectly.
     - Fix pg_size_pretty() to avoid overflow for inputs close to 2^63.
     - Weaken plpgsql's check for typmod matching in record values.
       An overly enthusiastic check could lead to discarding length
       modifiers that should have been kept.
     - Fix pg_upgrade to preserve toast tables' relfrozenxids during an
       upgrade from 8.3. Failure to do this could lead to "pg_clog" files
       being removed too soon after the upgrade.
     - Fix psql's counting of script file line numbers during COPY from a
       different file.
     - Fix pg_restore's direct-to-database mode for
       standard_conforming_strings.  pg_restore could emit incorrect commands
       when restoring directly to a database server from an archive file that
       had been made with standard_conforming_strings set to on.
     - Be more user-friendly about unsupported cases for parallel
       pg_restore.  This change ensures that such cases are detected and
       reported before any restore actions have been taken.
     - Fix write-past-buffer-end and memory leak in libpq's LDAP service
       lookup code.
     - In libpq, avoid failures when using nonblocking I/O and an SSL
       connection.
     - Improve libpq's handling of failures during connection startup.
       In particular, the response to a server report of fork() failure
       during SSL connection startup is now saner.
     - Improve libpq's error reporting for SSL failures.
     - Fix PQsetvalue() to avoid possible crash when adding a new tuple to
       a PGresult originally obtained from a server query.
     - Make ecpglib write double values with 15 digits precision.
     - In ecpglib, be sure LC_NUMERIC setting is restored after an error.
     - Apply upstream fix for blowfish signed-character bug
       (CVE-2011-2483) (Closes: #631285)
       "contrib/pg_crypto"'s blowfish encryption code could give wrong
       results on platforms where char is signed (which is most), leading
       to encrypted passwords being weaker than they should be.
     - Fix memory leak in "contrib/seg".
     - Fix pgstatindex() to give consistent results for empty indexes.
     - Allow building with perl 5.14. (Closes: #628503)
  * 15-revert-typmod-check.patch: Update for new upstream release.

 -- Martin Pitt <mpitt op debian.org>  Tue, 04 Oct 2011 11:32:12 +0200

postgresql-8.4 (8.4.8-0squeeze2) stable; urgency=low

  * Add 15-revert-typmod-check.patch: Back out "Fix plpgsql's issues with
    dropped columns in rowtypes in 8.4 branch.", which introduces a
    regression. Thanks a lot to Philipp Kern for preparing the fix, and to
    Josip Rodin for testing this! (Closes: #632028)

 -- Martin Pitt <mpitt op debian.org>  Wed, 29 Jun 2011 20:43:50 +0100

postgresql-8.4 (8.4.8-0squeeze1) stable; urgency=low

  * New upstream bug fix release: (Closes: #626559)
    - If your installation was upgraded from a previous major release by
      running pg_upgrade, you should take action to prevent possible data loss
      due to a now-fixed bug in pg_upgrade. The recommended solution is to run
      "VACUUM FREEZE" on all TOAST tables.  More information is available at
      http://wiki.postgresql.org/wiki/20110408pg_upgrade_fix.
    - Fix pg_upgrade's handling of TOAST tables.
      This error poses a significant risk of data loss for installations
      that have been upgraded with pg_upgrade. This patch corrects the
      problem for future uses of pg_upgrade, but does not in itself cure
      the issue in installations that have been processed with a buggy
      version of pg_upgrade.
    - Suppress incorrect "PD_ALL_VISIBLE flag was incorrectly set"
      warning.
    - Disallow including a composite type in itself.
    - Avoid potential deadlock during catalog cache initialization.
    - Fix dangling-pointer problem in BEFORE ROW UPDATE trigger handling
      when there was a concurrent update to the target tuple.
    - Disallow "DROP TABLE" when there are pending deferred trigger
      events for the table.
      Formerly the "DROP" would go through, leading to "could not open
      relation with OID nnn" errors when the triggers were eventually
      fired.
    - Prevent crash triggered by constant-false WHERE conditions during
      GEQO optimization.
    - Improve planner's handling of semi-join and anti-join cases.
    - Fix selectivity estimation for text search to account for NULLs.
    - Improve PL/pgSQL's ability to handle row types with dropped columns.
    - Fix PL/Python memory leak involving array slices.
    - Fix pg_restore to cope with long lines (over 1KB) in TOC files.
    - Put in more safeguards against crashing due to division-by-zero
      with overly enthusiastic compiler optimization. (Closes: #616180)

 -- Martin Pitt <mpitt op debian.org>  Sun, 22 May 2011 15:12:47 +0200

postgresql-8.4 (8.4.7-0squeeze2) stable-security; urgency=low

  * New upstream security/bug fix release:
    - Fix buffer overrun in "contrib/intarray"'s input function for the
      query_int type.
      This bug is a security risk since the function's return address
      could be overwritten. Thanks to Apple Inc's security team for
      reporting this issue and supplying the fix. (CVE-2010-4015)
    - Avoid failures when "EXPLAIN" tries to display a simple-form CASE
      expression.
      If the CASE's test expression was a constant, the planner could
      simplify the CASE into a form that confused the expression-display
      code, resulting in "unexpected CASE WHEN clause" errors.
    - Fix assignment to an array slice that is before the existing range
      of subscripts.
      If there was a gap between the newly added subscripts and the first
      pre-existing subscript, the code miscalculated how many entries
      needed to be copied from the old array's null bitmap, potentially
      leading to data corruption or crash.
    - Avoid unexpected conversion overflow in planner for very distant
      date values.
      The date type supports a wider range of dates than can be
      represented by the timestamp types, but the planner assumed it
      could always convert a date to timestamp with impunity.
    - Fix pg_restore's text output for large objects (BLOBs) when
      standard_conforming_strings is on.
      Although restoring directly to a database worked correctly, string
      escaping was incorrect if pg_restore was asked for SQL text output
      and standard_conforming_strings had been enabled in the source
      database.
    - Fix erroneous parsing of tsquery values containing ... &
      !(subexpression) | ... .
      Queries containing this combination of operators were not executed
      correctly. The same error existed in "contrib/intarray"'s query_int
      type and "contrib/ltree"'s ltxtquery type.
    - Fix bug in "contrib/seg"'s GiST picksplit algorithm.
      This could result in considerable inefficiency, though not actually
      incorrect answers, in a GiST index on a seg column. If you have
      such an index, consider "REINDEX"ing it after installing this
      update. (This is identical to the bug that was fixed in
      "contrib/cube" in the previous update.)

 -- Martin Pitt <mpitt op debian.org>  Tue, 01 Feb 2011 17:14:21 +0100

postgresql-8.4 (8.4.6-1) unstable; urgency=low

  * New upstream bug fix release:
    - Force the default wal_sync_method to be fdatasync on Linux.
      The default on Linux has actually been fdatasync for many years,
      but recent kernel changes caused PostgreSQL to choose open_datasync
      instead. This choice did not result in any performance improvement,
      and caused outright failures on certain filesystems, notably ext4
      with the data=journal mount option.
    - Fix assorted bugs in WAL replay logic for GIN indexes.
      This could result in "bad buffer id: 0" failures or corruption of
      index contents during replication.
    - Fix recovery from base backup when the starting checkpoint WAL
      record is not in the same WAL segment as its redo point.
    - Fix persistent slowdown of autovacuum workers when multiple workers
      remain active for a long time.
      The effective vacuum_cost_limit for an autovacuum worker could drop
      to nearly zero if it processed enough tables, causing it to run
      extremely slowly.
    - Add support for detecting register-stack overrun on IA64.
      The IA64 architecture has two hardware stacks. Full prevention of
      stack-overrun failures requires checking both.
    - Add a check for stack overflow in copyObject().
      Certain code paths could crash due to stack overflow given a
      sufficiently complex query.
    - Fix detection of page splits in temporary GiST indexes.
      It is possible to have a "concurrent" page split in a temporary
      index, if for example there is an open cursor scanning the index
      when an insertion is done. GiST failed to detect this case and
      hence could deliver wrong results when execution of the cursor
      continued.
    - Fix error checking during early connection processing.
      The check for too many child processes was skipped in some cases,
      possibly leading to postmaster crash when attempting to add the new
      child process to fixed-size arrays.
    - Improve efficiency of window functions.
      Certain cases where a large number of tuples needed to be read in
      advance, but work_mem was large enough to allow them all to be held
      in memory, were unexpectedly slow. percent_rank(), cume_dist() and
      ntile() in particular were subject to this problem.
    - Avoid memory leakage while "ANALYZE"'ing complex index expressions.
    - Ensure an index that uses a whole-row Var still depends on its
      table.
      An index declared like create index i on t (foo(t.-)) would not
      automatically get dropped when its table was dropped.
    - Do not "inline" a SQL function with multiple OUT parameters.
      This avoids a possible crash due to loss of information about the
      expected result rowtype.
    - Behave correctly if ORDER BY, LIMIT, FOR UPDATE, or WITH is
      attached to the VALUES part of INSERT ... VALUES.
    - Fix constant-folding of COALESCE() expressions.
      The planner would sometimes attempt to evaluate sub-expressions
      that in fact could never be reached, possibly leading to unexpected
      errors.
    - Fix postmaster crash when connection acceptance (accept() or one of
      the calls made immediately after it) fails, and the postmaster was
      compiled with GSSAPI support.
    - Fix missed unlink of temporary files when log_temp_files is active.
      If an error occurred while attempting to emit the log message, the
      unlink was not done, resulting in accumulation of temp files.
    - Add print functionality for InhRelation nodes.
      This avoids a failure when debug_print_parse is enabled and certain
      types of query are executed.
    - Fix incorrect calculation of distance from a point to a horizontal
      line segment.
      This bug affected several different geometric distance-measurement
      operators.
    - Fix incorrect calculation of transaction status in ecpg.
    - Fix PL/pgSQL's handling of "simple" expressions to not fail in
      recursion or error-recovery cases.
    - Fix PL/Python's handling of set-returning functions.
      Attempts to call SPI functions within the iterator generating a set
      result would fail.
    - Fix bug in "contrib/cube"'s GiST picksplit algorithm.
      This could result in considerable inefficiency, though not actually
      incorrect answers, in a GiST index on a cube column. If you have
      such an index, consider "REINDEX"ing it after installing this
      update.
    - Don't emit "identifier will be truncated" notices in
      "contrib/dblink" except when creating new connections.
    - Fix potential coredump on missing public key in "contrib/pgcrypto".
    - Fix memory leak in "contrib/xml2"'s XPath query functions.

 -- Martin Pitt <mpitt op debian.org>  Sat, 18 Dec 2010 23:04:15 +0100

postgresql-8.4 (8.4.5-2) unstable; urgency=low

  * debian/control: Build against libedit instead of libreadline. We can't
    simultaneously link against readline (GPL) and libssl (incompatible with
    GPL). (Closes: #603598)

 -- Martin Pitt <mpitt op debian.org>  Wed, 17 Nov 2010 18:02:46 +0100

postgresql-8.4 (8.4.5-1) unstable; urgency=medium

  * Urgency medium, since this fixes a security bug (but also a lot of other
    bugs, it's not a pinpointed patch).
  * New upstream security/bug fix update:
    - Use a separate interpreter for each calling SQL userid in PL/Perl
      and PL/Tcl.
      This change prevents security problems that can be caused by
      subverting Perl or Tcl code that will be executed later in the same
      session under another SQL user identity (for example, within a
      SECURITY DEFINER function). Most scripting languages offer numerous
      ways that that might be done, such as redefining standard functions
      or operators called by the target function. Without this change,
      any SQL user with Perl or Tcl language usage rights can do
      essentially anything with the SQL privileges of the target
      function's owner.
      The cost of this change is that intentional communication among
      Perl and Tcl functions becomes more difficult. To provide an escape
      hatch, PL/PerlU and PL/TclU functions continue to use only one
      interpreter per session. This is not considered a security issue
      since all such functions execute at the trust level of a database
      superuser already.
      It is likely that third-party procedural languages that claim to
      offer trusted execution have similar security issues. We advise
      contacting the authors of any PL you are depending on for
      security-critical purposes.
      Our thanks to Tim Bunce for pointing out this issue
      (CVE-2010-3433).
    - Prevent possible crashes in pg_get_expr() by disallowing it from
      being called with an argument that is not one of the system catalog
      columns it's intended to be used with.
    - Fix incorrect placement of placeholder evaluation.
      This bug could result in query outputs being non-null when they
      should be null, in cases where the inner side of an outer join is a
      sub-select with non-strict expressions in its output list.
    - Fix possible duplicate scans of UNION ALL member relations.
    - Fix "cannot handle unplanned sub-select" error.
      This occurred when a sub-select contains a join alias reference
      that expands into an expression containing another sub-select.
    - Fix mishandling of whole-row Vars that reference a view or
      sub-select and appear within a nested sub-select.
    - Fix mishandling of cross-type IN comparisons.
      This could result in failures if the planner tried to implement an
      IN join with a sort-then-unique-then-plain-join plan.
    - Fix computation of "ANALYZE" statistics for tsvector columns.
      The original coding could produce incorrect statistics, leading to
      poor plan choices later.
    - Improve planner's estimate of memory used by array_agg(),
      string_agg(), and similar aggregate functions.
      The previous drastic underestimate could lead to out-of-memory
      failures due to inappropriate choice of a hash-aggregation plan.
    - Fix failure to mark cached plans as transient.
      If a plan is prepared while "CREATE INDEX CONCURRENTLY" is in
      progress for one of the referenced tables, it is supposed to be
      re-planned once the index is ready for use. This was not happening
      reliably.
    - Reduce PANIC to ERROR in some occasionally-reported btree failure
      cases, and provide additional detail in the resulting error
      messages.
      This should improve the system's robustness with corrupted indexes.
    - Fix incorrect search logic for partial-match queries with GIN
      indexes.
      Cases involving AND/OR combination of several GIN index conditions
      didn't always give the right answer, and were sometimes much slower
      than necessary.
    - Prevent show_session_authorization() from crashing within
      autovacuum processes.
    - Defend against functions returning setof record where not all the
      returned rows are actually of the same rowtype.
    - Fix possible corruption of pending trigger event lists during
      subtransaction rollback.
      This could lead to a crash or incorrect firing of triggers.
    - Fix possible failure when hashing a pass-by-reference function
      result.
    - Improve merge join's handling of NULLs in the join columns.
      A merge join can now stop entirely upon reaching the first NULL, if
      the sort order is such that NULLs sort high.
    - Take care to fsync the contents of lockfiles (both "postmaster.pid"
      and the socket lockfile) while writing them.
      This omission could result in corrupted lockfile contents if the
      machine crashes shortly after postmaster start. That could in turn
      prevent subsequent attempts to start the postmaster from
      succeeding, until the lockfile is manually removed.
    - Avoid recursion while assigning XIDs to heavily-nested
      subtransactions.
      The original coding could result in a crash if there was limited
      stack space.
    - Avoid holding open old WAL segments in the walwriter process.
      The previous coding would prevent removal of no-longer-needed
      segments.
    - Fix log_line_prefix's %i escape, which could produce junk early in
      backend startup.
    - Prevent misinterpretation of partially-specified relation options
      for TOAST tables.
      In particular, fillfactor would be read as zero if any other
      reloption had been set for the table, leading to serious bloat.
    - Fix inheritance count tracking in "ALTER TABLE ... ADD CONSTRAINT"
    - Fix possible data corruption in "ALTER TABLE ... SET TABLESPACE"
      when archiving is enabled.
    - Allow "CREATE DATABASE" and "ALTER DATABASE ... SET TABLESPACE" to
      be interrupted by query-cancel.
    - Improve "CREATE INDEX"'s checking of whether proposed index
      expressions are immutable.
    - Fix "REASSIGN OWNED" to handle operator classes and families.
    - Fix possible core dump when comparing two empty tsquery values.
    - Fix LIKE's handling of patterns containing % followed by _.
      We've fixed this before, but there were still some
      incorrectly-handled cases.
    - Re-allow input of Julian dates prior to 0001-01-01 AD.
      Input such as 'J100000'::date worked before 8.4, but was
      unintentionally broken by added error-checking.
    - Fix PL/pgSQL to throw an error, not crash, if a cursor is closed
      within a FOR loop that is iterating over that cursor.
    - In PL/Python, defend against null pointer results from
      PyCObject_AsVoidPtr and PyCObject_FromVoidPtr.
    - In libpq, fix full SSL certificate verification for the case where
      both host and hostaddr are specified.
    - Make psql recognize "DISCARD ALL" as a command that should not be
      encased in a transaction block in autocommit-off mode.
    - Fix some issues in pg_dump's handling of SQL/MED objects.
      Notably, pg_dump would always fail if run by a non-superuser, which
      was not intended.
    - Improve pg_dump and pg_restore's handling of non-seekable archive
      files.
      This is important for proper functioning of parallel restore.
    - Improve parallel pg_restore's ability to cope with selective
      restore (-L option).
      The original code tended to fail if the -L file commanded a
      non-default restore ordering.
    - Fix ecpg to process data from RETURNING clauses correctly.
    - Fix some memory leaks in ecpg.
    - Improve "contrib/dblink"'s handling of tables containing dropped
      columns.
    - Fix connection leak after "duplicate connection name" errors in
      "contrib/dblink".
    - Fix "contrib/dblink" to handle connection names longer than 62
      bytes correctly.
    - Add hstore(text, text) function to "contrib/hstore".
      This function is the recommended substitute for the now-deprecated
      => operator. It was back-patched so that future-proofed code can be
      used with older server versions. Note that the patch will be
      effective only after "contrib/hstore" is installed or reinstalled
      in a particular database. Users might prefer to execute the "CREATE
      FUNCTION" command by hand, instead.
    - Update build infrastructure and documentation to reflect the source
      code repository's move from CVS to Git.
  * debian/postgresql-8.4.preinst: Add missing debhelper token.
  * debian/control: Bump Standards-Version to 3.9.1 (no changes necessary).

 -- Martin Pitt <mpitt op debian.org>  Tue, 05 Oct 2010 20:41:08 +0200

postgresql-8.4 (8.4.4-2) unstable; urgency=low

  * Migrate to a common init script for all server versions, to avoid
    providing the "postgresql" service in multiple packages (which causes
    insserv to complain bitterly):
    - Drop debian/postgresql-8.4.init.
    - debian/control: Bump dependency to postgresql-common to ensure we have a
      common /etc/init.d/postgresql init script.
    - debian/postgresql-8.4.preinst: Remove/rename our init script on upgrade.	
    - debian/postgresql-8.4.prerm: Call stop_version on upgrade.
    - debian/rules: Drop dh_installinit arguments.
    - (Closes: #585890)

 -- Martin Pitt <mpitt op debian.org>  Mon, 19 Jul 2010 23:29:03 +0200

postgresql-8.4 (8.4.4-1) unstable; urgency=medium

  * Urgency medium due to security fixes.
  * New upstream security/bug fix release:
    - Enforce restrictions in plperl using an opmask applied to the whole
      interpreter, instead of using "Safe.pm".
      Recent developments have convinced us that "Safe.pm" is too
      insecure to rely on for making plperl trustable. This change
      removes use of "Safe.pm" altogether, in favor of using a separate
      interpreter with an opcode mask that is always applied. Pleasant
      side effects of the change include that it is now possible to use
      Perl's strict pragma in a natural way in plperl, and that Perl's $a
      and $b variables work as expected in sort routines, and that
      function compilation is significantly faster. (CVE-2010-1169)
    - Prevent PL/Tcl from executing untrustworthy code from pltcl_modules.
      PL/Tcl's feature for autoloading Tcl code from a database table
      could be exploited for trojan-horse attacks, because there was no
      restriction on who could create or insert into that table. This
      change disables the feature unless pltcl_modules is owned by a
      superuser. (However, the permissions on the table are not checked,
      so installations that really need a less-than-secure modules table
      can still grant suitable privileges to trusted non-superusers.)
      Also, prevent loading code into the unrestricted "normal" Tcl
      interpreter unless we are really going to execute a pltclu
      function. (CVE-2010-1170)
    - Fix data corruption during WAL replay of ALTER ... SET TABLESPACE.
      When archive_mode is on, ALTER ... SET TABLESPACE generates a WAL
      record whose replay logic was incorrect. It could write the data to
      the wrong place, leading to possibly-unrecoverable data corruption.
      Data corruption would be observed on standby slaves, and could
      occur on the master as well if a database crash and recovery
      occurred after committing the ALTER and before the next checkpoint.
    - Fix possible crash if a cache reset message is received during
      rebuild of a relcache entry.
      This error was introduced in 8.4.3 while fixing a related failure.
    - Apply per-function GUC settings while running the language
      validator for the function. This avoids failures if the function's code
      is invalid without the setting; an example is that SQL functions may not
      parse if the search_path is not correct.
    - Do constraint exclusion for inherited "UPDATE" and "DELETE" target
      tables when constraint_exclusion = partition.
      Due to an oversight, this setting previously only caused constraint
      exclusion to be checked in "SELECT" commands.
    - Do not allow an unprivileged user to reset superuser-only parameter
      settings.
      Previously, if an unprivileged user ran ALTER USER ... RESET ALL
      for himself, or ALTER DATABASE ... RESET ALL for a database he
      owns, this would remove all special parameter settings for the user
      or database, even ones that are only supposed to be changeable by a
      superuser. Now, the "ALTER" will only remove the parameters that
      the user has permission to change.
    - Avoid possible crash during backend shutdown if shutdown occurs
      when a CONTEXT addition would be made to log entries.
      In some cases the context-printing function would fail because the
      current transaction had already been rolled back when it came time
      to print a log message.
    - Fix erroneous handling of %r parameter in recovery_end_command.
      The value always came out zero.
    - Ensure the archiver process responds to changes in archive_command
      as soon as possible.
    - Fix pl/pgsql's CASE statement to not fail when the case expression
      is a query that returns no rows.
    - Update pl/perl's "ppport.h" for modern Perl versions.
    - Fix assorted memory leaks in pl/python.
    - Handle empty-string connect parameters properly in ecpg.
    - Prevent infinite recursion in psql when expanding a variable that
      refers to itself.
    - Fix psql's \copy to not add spaces around a dot within \copy
      (select ...).
      Addition of spaces around the decimal point in a numeric literal
      would result in a syntax error.
    - Avoid formatting failure in psql when running in a locale context
      that doesn't match the client_encoding.
    - Fix unnecessary "GIN indexes do not support whole-index scans"
      errors for unsatisfiable queries using "contrib/intarray" operators.
    - Ensure that "contrib/pgstattuple" functions respond to cancel
      interrupts promptly.

 -- Martin Pitt <mpitt op debian.org>  Sat, 15 May 2010 13:31:46 +0200

postgresql-8.4 (8.4.3-1) unstable; urgency=low

  * New upstream bug fix release:
    - Add new configuration parameter ssl_renegotiation_limit to control
      how often we do session key renegotiation for an SSL connection.
      This can be set to zero to disable renegotiation completely, which
      may be required if a broken SSL library is used. In particular,
      some vendors are shipping stopgap patches for CVE-2009-3555 that
      cause renegotiation attempts to fail.
    - Fix possible deadlock during backend startup.
    - Fix possible crashes due to not handling errors during relcache
      reload cleanly.
    - Fix possible crash due to use of dangling pointer to a cached plan.
    - Fix possible crash due to overenthusiastic invalidation of cached
      plan for "ROLLBACK".
    - Fix possible crashes when trying to recover from a failure in
      subtransaction start.
    - Fix server memory leak associated with use of savepoints and a
      client encoding different from server's encoding.
    - Fix incorrect WAL data emitted during end-of-recovery cleanup of a
      GIST index page split.
    - Fix bug in WAL redo cleanup method for GIN indexes.
    - Fix incorrect comparison of scan key in GIN index search.
    - Make substring() for bit types treat any negative length as meaning
      "all the rest of the string". The previous coding treated only -1 that
      way, and would produce an invalid result value for other negative
      values, possibly leading to a crash (CVE-2010-0442).
    - Fix integer-to-bit-string conversions to handle the first
      fractional byte correctly when the output bit width is wider than
      the given integer by something other than a multiple of 8 bits.
    - Fix some cases of pathologically slow regular expression matching.
    - Fix bug occurring when trying to inline a SQL function that returns
      a set of a composite type that contains dropped columns.
    - Fix bug with trying to update a field of an element of a
      composite-type array column.
    - Avoid failure when "EXPLAIN" has to print a FieldStore or
      assignment ArrayRef expression.
      These cases can arise now that "EXPLAIN VERBOSE" tries to print
      plan node target lists.
    - Avoid an unnecessary coercion failure in some cases where an
      undecorated literal string appears in a subquery within
      "UNION"/"INTERSECT"/"EXCEPT".
      This fixes a regression for some cases that worked before 8.4.
    - Avoid undesirable rowtype compatibility check failures in some
      cases where a whole-row Var has a rowtype that contains dropped
      columns.
    - Fix the STOP WAL LOCATION entry in backup history files to report
      the next WAL segment's name when the end location is exactly at a
      segment boundary.
    - Always pass the catalog ID to an option validator function
      specified in "CREATE FOREIGN DATA WRAPPER".
    - Fix some more cases of temporary-file leakage.
      This corrects a problem introduced in the previous minor release.
      One case that failed is when a plpgsql function returning set is
      called within another function's exception handler.
    - Add support for doing FULL JOIN ON FALSE.
      This prevents a regression from pre-8.4 releases for some queries
      that can now be simplified to a constant-false join condition.
    - Improve constraint exclusion processing of boolean-variable cases,
      in particular make it possible to exclude a partition that has a
      "bool_column = false" constraint.
    - Prevent treating an INOUT cast as representing binary compatibility.
    - Include column name in the message when warning about inability to
      grant or revoke column-level privileges.
      This is more useful than before and helps to prevent confusion when
      a "REVOKE" generates multiple messages, which formerly appeared to
      be duplicates.
    - When reading "pg_hba.conf" and related files, do not treat
      @something as a file inclusion request if the @ appears inside
      quote marks; also, never treat @ by itself as a file inclusion
      request.
      This prevents erratic behavior if a role or database name starts
      with @. If you need to include a file whose path name contains
      spaces, you can still do so, but you must write @"/path to/file"
      rather than putting the quotes around the whole construct.
    - Prevent infinite loop on some platforms if a directory is named as
      an inclusion target in "pg_hba.conf" and related files.
    - Fix possible infinite loop if SSL_read or SSL_write fails without
      setting errno.
      This is reportedly possible with some Windows versions of openssl.
    - Disallow GSSAPI authentication on local connections, since it
      requires a hostname to function correctly.
    - Protect ecpg against applications freeing strings unexpectedly.
    - Make ecpg report the proper SQLSTATE if the connection disappears.
    - Fix translation of cell contents in psql \d output.
    - Fix psql's numericlocale option to not format strings it shouldn't
      in latex and troff output formats.
    - Fix a small per-query memory leak in psql.
    - Make psql return the correct exit status (3) when ON_ERROR_STOP and
      --single-transaction are both specified and an error occurs during
      the implied "COMMIT".
    - Fix pg_dump's output of permissions for foreign servers.
    - Fix possible crash in parallel pg_restore due to out-of-range
      dependency IDs.
    - Fix plpgsql failure in one case where a composite column is set to
      NULL.
    - Fix possible failure when calling PL/Perl functions from PL/PerlU
      or vice versa.
    - Add volatile markings in PL/Python to avoid possible
      compiler-specific misbehavior>
    - Ensure PL/Tcl initializes the Tcl interpreter.
      The only known symptom of this oversight is that the Tcl clock
      command misbehaves if using Tcl 8.5 or later.
    - Prevent ExecutorEnd from being run on portals created within a
      failed transaction or subtransaction.
      This is known to cause issues when using "contrib/auto_explain".
    - Prevent crash in "contrib/dblink" when too many key columns are
      specified to a dblink_build_sql_- function.
    - Allow zero-dimensional arrays in "contrib/ltree" operations.
      This case was formerly rejected as an error, but it's more
      convenient to treat it the same as a zero-element array. In
      particular this avoids unnecessary failures when an ltree operation
      is applied to the result of ARRAY(SELECT ...) and the sub-select
      returns no rows.
    - Fix assorted crashes in "contrib/xml2" caused by sloppy memory
      management.
  * Rebuild against libossp-uuid16. (Closes: #570108, LP: #538284)

 -- Martin Pitt <mpitt op debian.org>  Sat, 13 Mar 2010 16:44:46 +0100

postgresql-8.4 (8.4.2-2) unstable; urgency=low

  [ Alexander Sack ]
  * Add 04-armel-tas.patch: Fix ftbfs on armel: Use gcc intrinsics rather
    than assembler to implement tas (test and set). (LP: #497331)

  [ Martin Pitt ]
  * Drop 15-dict-fallback-dir.patch: p-common 104 now directly creates the
    names tsearch is looking for. Bump p-common dependency accordingly.

 -- Martin Pitt <mpitt op debian.org>  Tue, 19 Jan 2010 23:25:34 +0100

postgresql-8.4 (8.4.2-1) unstable; urgency=medium

  Medium urgency due to security fixes.

  [ Peter Eisentraut ]
  * debian/control: Added Homepage
  * debian/control: Added ${misc:Depends} on all packages, per lintian
  * debian/control: Added versioned dependencies on the shared libraries used 
    by the libecpg-dev package
  * debian/control: Removed obsolete build dependency bzip2
  * debian/control: Added Vcs fields

  [ Martin Pitt ]
  * New upstream security/bug fix release:
    - Protect against indirect security threats caused by index functions
      changing session-local state. This change prevents allegedly-immutable
      index functions from possibly subverting a superuser's session
      (CVE-2009-4136).
    - Reject SSL certificates containing an embedded null byte in the
      common name (CN) field. This prevents unintended matching of a
      certificate to a server or client name during SSL validation
      (CVE-2009-4034).
    - Fix hash index corruption. The 8.4 change that made hash indexes keep
      entries sorted by hash value failed to update the bucket splitting and
      compaction routines to preserve the ordering. So application of either
      of those operations could lead to permanent corruption of an index, in
      the sense that searches might fail to find entries that are present. To
      deal with this, it is recommended to REINDEX any hash indexes you may
      have after installing this update.
    - Fix possible crash during backend-startup-time cache initialization.
    - Avoid crash on empty thesaurus dictionary.
    - Prevent signals from interrupting VACUUM at unsafe times.
    - Fix possible crash due to integer overflow in hash table size
      calculation.
    - Fix crash if a DROP is attempted on an internally-dependent object.
    - Fix very rare crash in inet/cidr comparisons.
    - Ensure that shared tuple-level locks held by prepared transactions
      are not ignored.
    - Fix premature drop of temporary files used for a cursor that is
      accessed within a subtransaction.
    - Fix memory leak in syslogger process when rotating to a new CSV
      logfile.
    - Fix memory leak in postmaster when re-parsing "pg_hba.conf".
    - Make FOR UPDATE/SHARE in the primary query not propagate into WITH
      queries.
    - Fix bug with a WITH RECURSIVE query immediately inside another one.
    - Fix concurrency bug in hash indexes.
    - Fix incorrect logic for GiST index page splits, when the split
      depends on a non-first column of the index.
    - Fix wrong search results for a multi-column GIN index with
      fastupdate enabled.
    - Fix bugs in WAL entry creation for GIN indexes.
    - Don't error out if recycling or removing an old WAL file fails at
      the end of checkpoint.
    - Fix PAM password processing to be more robust.
      The previous code is known to fail with the combination of the
      Linux pam_krb5 PAM module with Microsoft Active Directory as the
      domain controller. It might have problems elsewhere too, since it
      was making unjustified assumptions about what arguments the PAM
      stack would pass to it.
    - Raise the maximum authentication token (Kerberos ticket) size in
      GSSAPI and SSPI authentication methods. While the old 2000-byte limit
      was more than enough for Unix Kerberos implementations, tickets issued
      by Windows Domain Controllers can be much larger.
    - Ensure that domain constraints are enforced in constructs like
      ARRAY[...]::domain, where the domain is over an array type.
    - Fix foreign-key logic for some cases involving composite-type
      columns as foreign keys.
    - Ensure that a cursor's snapshot is not modified after it is created.
    - Fix CREATE TABLE to properly merge default expressions coming from
      different inheritance parent tables. This used to work but was broken in
      8.4.
    - Re-enable collection of access statistics for sequences. This used to
      work but was broken in 8.3.
    - Fix processing of ownership dependencies during CREATE OR REPLACE
      FUNCTION.
    - Fix incorrect handling of WHERE "x"="x" conditions.
      In some cases these could get ignored as redundant, but they aren't
      -- they're equivalent to "x" IS NOT NULL.
    - Fix incorrect plan construction when using hash aggregation to
      implement DISTINCT for textually identical volatile expressions
    - Fix Assert failure for a volatile SELECT DISTINCT ON expression
    - Fix ts_stat() to not fail on an empty tsvector value
    - Make text search parser accept underscores in XML attributes
    - Fix encoding handling in xml binary input.
      If the XML header doesn't specify an encoding, we now assume UTF-8
      by default; the previous handling was inconsistent.
    - Fix bug with calling plperl from plperlu or vice versa.
    - Fix session-lifespan memory leak when a PL/Perl function is
      redefined.
    - Ensure that Perl arrays are properly converted to PostgreSQL arrays
      when returned by a set-returning PL/Perl function.
    - Fix rare crash in exception processing in PL/Python.
    - Fix ecpg problem with comments in DECLARE CURSOR statements
    - Fix ecpg to not treat recently-added keywords as reserved words
      This affected the keywords CALLED, CATALOG, DEFINER, ENUM,
      FOLLOWING, INVOKER, OPTIONS, PARTITION, PRECEDING, RANGE, SECURITY,
      SERVER, UNBOUNDED, and WRAPPER.
    - Re-allow regular expression special characters in psql's \df
      function name parameter.
    - Put FREEZE and VERBOSE options in the right order in the VACUUM
      command that "contrib/vacuumdb" produces.
    - Fix possible leak of connections when "contrib/dblink" encounters
      an error
    - Make the postmaster ignore any application_name parameter in
      connection request packets, to improve compatibility with future
      libpq versions.
  * debian/control: libreadline5-dev → libreadline-dev. (Closes: #553831)
  * Add 03-sh-architecture.patch: Support Renesas' SuperH architecture, thanks
    Nobuhiro Iwamatsu! (Closes: #548847)

 -- Martin Pitt <mpitt op debian.org>  Mon, 14 Dec 2009 19:02:38 +0100

postgresql-8.4 (8.4.1-1) unstable; urgency=medium

  * Urgency medium due to security fix.
  * New upstream security/bug fix release:
    - Disallow "RESET ROLE" and "RESET SESSION AUTHORIZATION" inside
      security-definer functions. This covers a case that was missed in the
      previous patch that disallowed "SET ROLE" and "SET SESSION
      AUTHORIZATION" inside security-definer functions. [CVE-2007-6600]
    - Fix WAL page header initialization at the end of archive recovery.
      This could lead to failure to process the WAL in a subsequent archive
      recovery.
    - Fix "cannot make new WAL entries during recovery" error.
    - Fix problem that could make expired rows visible after a crash.
      This bug involved a page status bit potentially not being set
      correctly after a server crash.
    - Make "LOAD" of an already-loaded loadable module into a no-op.
      Formerly, "LOAD" would attempt to unload and re-load the module,
      but this is unsafe and not all that useful.
    - Make window function PARTITION BY and ORDER BY items always be
      interpreted as simple expressions.
      In 8.4.0 these lists were parsed following the rules used for
      top-level GROUP BY and ORDER BY lists. But this was not correct per
      the SQL standard, and it led to possible circularity.
    - Fix several errors in planning of semi-joins. These led to wrong query
      results in some cases where IN or EXISTS was used together with another
      join.
    - Fix handling of whole-row references to subqueries that are within
      an outer join. An example is SELECT COUNT(ss.-) FROM ... LEFT JOIN
      (SELECT ...) ss ON .... Here, ss.- would be treated as
      ROW(NULL,NULL,...) for null-extended join rows, which is not the same as
      a simple NULL.  Now it is treated as a simple NULL.
    - Fix locale handling with plperl. This bug could cause the server's
      locale setting to change when a plperl function is called, leading to
      data corruption.
    - Fix handling of reloptions to ensure setting one option doesn't
      force default values for others.
    - Ensure that a "fast shutdown" request will forcibly terminate open
      sessions, even if a "smart shutdown" was already in progress.
    - Avoid memory leak for array_agg() in GROUP BY queries.
    - Treat to_char(..., 'TH') as an uppercase ordinal suffix with
      'HH'/'HH12'.  It was previously handled as 'th'.
    - Include the fractional part in the result of EXTRACT(second) and
      EXTRACT(milliseconds) for time and time with time zone inputs.
      This has always worked for floating-point datetime configurations,
      but was broken in the integer datetime code.
    - Fix overflow for INTERVAL 'x ms' when "x" is more than 2 million
      and integer datetimes are in use.
    - Improve performance when processing toasted values in index scans.
      This is particularly useful for PostGIS.
    - Fix a typo that disabled commit_delay.
    - Output early-startup messages to "postmaster.log" if the server is
      started in silent mode. Previously such error messages were discarded,
      leading to difficulty in debugging.
    - Remove translated FAQs. They are now on the wiki. The main FAQ was moved
      to the wiki some time ago.
    - Fix pg_ctl to not go into an infinite loop if "postgresql.conf" is
      empty.
    - Fix several errors in pg_dump's --binary-upgrade mode. pg_dump
      --binary-upgrade is used by pg_migrator.
    - Fix "contrib/xml2"'s xslt_process() to properly handle the maximum
      number of parameters (twenty).
    - Improve robustness of libpq's code to recover from errors during
      "COPY FROM STDIN".
    - Avoid including conflicting readline and editline header files when
      both libraries are installed.
    - Work around gcc bug that causes "floating-point exception" instead
      of "division by zero" on some platforms.
  * debian/control: Bump Standards-Version to 3.8.3 (no changes necessary).

 -- Martin Pitt <mpitt op debian.org>  Sun, 06 Sep 2009 14:11:13 +0200

postgresql-8.4 (8.4.0-2) unstable; urgency=low

  * debian/libpq-dev.install: Ship catalog/genbki.h. (Closes: #536139)
  * debian/rules: Drop --enable-cassert for final release.

 -- Martin Pitt <mpitt op debian.org>  Sat, 11 Jul 2009 16:59:35 +0200

postgresql-8.4 (8.4.0-1) unstable; urgency=low

  * Final 8.4.0 release. Major enhancements:
    - Windowing Functions
    - Common Table Expressions and Recursive Queries
    - Default and variadic parameters for functions
    - Parallel Restore
    - Column Permissions
    - Per-database locale settings
    - Improved hash indexes
    - Improved join performance for EXISTS and NOT EXISTS queries
    - Easier-to-use Warm Standby
    - Automatic sizing of the Free Space Map
    - Visibility Map (greatly reduces vacuum overhead for slowly-changing
      tables)
    - Version-aware psql (backslash commands work against older servers)
    - Support SSL certificates for user authentication
    - Per-function runtime statistics
    - Easy editing of functions in psql
    - New contrib modules: pg_stat_statements, auto_explain, citext,
      btree_gin 
    Upload to unstable, 8.4 is the new default. 
  * debian/control: Build the versionless metapackages and have them point to
    8.4.

 -- Martin Pitt <mpitt op debian.org>  Wed, 01 Jul 2009 17:41:41 +0200

postgresql-8.4 (8.4~rc1-1) experimental; urgency=low

  * First