audio-visualizer-python (2.2.4-2) unstable; urgency=medium . * Rediff patches * Fix test for multi arch bird2 (2.19.0-1) unstable; urgency=medium . * New upstream release. bird3 (3.3.0-1) unstable; urgency=medium . * New upstream release. blaeu (2.2.1-1) unstable; urgency=medium . * New upstream version 2.2.1 * d/control: + Remove redundant priority optional field + Remove redundant rules requires root no field + Bump Standards-Version to 4.7.4 (no changes needed) capnproto (1.4.0-3) unstable; urgency=medium . * Patch for FTBFS against openssl 4.0 (Closes: #1137594) ceccomp (4.2.1-1) unstable; urgency=medium . * New upstream version 4.2.1 * debian/rules: Now packager is automatically set censys (2.2.19-2) unstable; urgency=medium . * Team upload. * Maintain in Debian Python Team * d/watch: - version=5 - Point to Github instead of PyPI * Standards-Version: 4.7.4 (Removed Priority field) * Update description check-dfsg-status (1.35) unstable; urgency=medium . * d/tests/control: drop skip-not-installable which is deprecated, thanks Martin-Éric Racine. Closes: #1134936. * Convert d/copyright to dep5, thanks Martin-Éric Racine. Closes: #1134936. * Drop transitional package vrms. * Bump standards version to 4.7.4, optional priority and rules not requiring root are defaults now. * Drop old .gitlab-ci.yml (from stretch times). * Use general salsaCI pipeline via debian/salsa-ci.yml. chktex (1.7.10-1) unstable; urgency=medium . * New upstream release. * debian/control: bump standard to 4.7.4 (no changes) * debian/control: remove Priority: and RRR: dh-rebar (0.0.7) unstable; urgency=medium . * Team upload * Add basic support for the rebar3 debhelper build system. * Refactor the install target in dh-rebar.Makefile. * Bump standards version to 4.7.4. dh-rebar (0.0.7~exp1) experimental; urgency=medium . * Team upload * Upload to experimental for testing Erlang 27. emacs-oauth2 (0.19-1) unstable; urgency=medium . * New upstream release ferm (2.7-5) unstable; urgency=medium . * improve autopkgtests that were added in 2.7-4 ferm (2.7-4) unstable; urgency=medium . * fix RC bugs in ferm.service: * add /run to ReadWritePaths Thanks to Petr Gajdůšek (Closes: #1137558) * add CAP_SYS_MODULE to CapabilityBoundingSet. Thanks to Petr Gajdůšek (Closes: #1137558) * remove After=network.target from ferm. Thanks to Petr Gajdůšek (Closes: #1137531) ferm (2.7-3) unstable; urgency=medium . * replace init script with systemd service * add debian/watch * add README.source * split Build-Depends to Build-Depends-Indep, wrap-and-sort * Standards-Version: 4.7.4 (no changes necessary) g-golf (0.8.7-3) unstable; urgency=medium . * Fixed dependencies in debian/control. gnome-boxes (50.0-3) unstable; urgency=medium . * Team upload * d/control: Only build on architectures where qemu is available. gnome-boxes is a UI for qemu-based virtual machines, so it can only be installable on architectures that have qemu available. Use a B-D on qemu-system-common as a representation of the qemu architectures, avoiding the need to duplicate the list here. Also B-D on architecture-is-64-bit, as a transitional mechanism to avoid the q-s-c dependency being satisfiable by "cruft" packages on armhf and i386. (Closes: #1137353) golang-github-aws-smithy-go (1.25.1-3) unstable; urgency=medium . * Team upload * Adjust Breaks for installing when backported to trixie golang-github-ibm-sarama (1.49.0-2) unstable; urgency=medium . * Cherry-pick upstream fix for FTBFS on 32bit architectures golang-github-ibm-sarama (1.49.0-1) unstable; urgency=medium . * New upstream release golang-github-mdlayher-socket (0.6.1-1) unstable; urgency=medium . * New upstream release * Switch debian/gitlab-ci.yml to debian/salsa-ci.yml. golang-github-prometheus-exporter-toolkit (0.16.0-1) unstable; urgency=medium . * New upstream release. * Remove «Rules-Requires-Root: no», which is now the default. * Remove «Priority: optional», which is now the default. * Bump Standards-Version to 4.7.4. * Switch to debian/watch format version 5. * Run wrap-and-sort -ast. * Add myself to Uploaders. golang-github-prometheus-procfs (0.20.1-2) unstable; urgency=medium . * Remove «Priority: optional», which is now the default. * Bump Standards-Version to 4.7.4. * Switch to debian/watch format version 5. * Run wrap-and-sort -ast. * Remove --buildsystem=golang implicit since dh 13.4. * Add myself to Uploaders. golang-github-valyala-histogram (1.2.0+ds1-1) unstable; urgency=medium . * Repack upstream release to match debian/watch. * Switch debian/gitlab-ci.yml to debian/salsa-ci.yml. golang-google-protobuf (1.36.10-2) unstable; urgency=medium . * Team upload to unstable. - version required by golang-opentelemetry-collector. * debian/control: drop Priority: optional (now the default). * debian/control: bump to Standards-version to 4.7.4. * debian/copyright: update. golang-google-protobuf (1.36.10-1) experimental; urgency=medium . * Team upload. * New upstream version 1.36.10. * debian/control: Drop Rules-Requires-Root: no (now the default). gsettings-desktop-schemas (50.1-2) unstable; urgency=medium . * Team upload * Upload to unstable - Please see debian/NEWS or the 50.0-1, 50.1-1 changelog entries regarding upstream changes to middle-click paste behaviour * Run settings migration on upgrade from versions < 50.0, not < 50.1. This will avoid a double migration after this change gets merged into Ubuntu. . gsettings-desktop-schemas (50.1-1) experimental; urgency=medium . * Team upload * New upstream release - Translation updates * Add user session migration for gtk-enable-primary-paste. Instead of unconditionally changing the default during upgrades, we can create a flag file indicating that the system was upgraded from GNOME 49 or older, and use that to arrange for migration to be carried out on upgraded systems but not on new installations. This change made the debian/NEWS from 50.0-1 misleading, so replace it with a new NEWS entry for this version. Implementation based on a similar migration done in Ubuntu, but using the maintainer scripts to distinguish between upgrades and new installations, instead of using information recorded by the Ubuntu installer. Thanks to Alessandro Astone (Closes: #1132612) (LP: #2145179) * d/watch: Switch to v5 format * Standards-Version: 4.7.4 (no changes required) . gsettings-desktop-schemas (50.0-1) experimental; urgency=medium . * Team upload * New upstream release - Since 50~beta upstream, middle click paste (primary selection paste) in GTK is disabled by default. Please see NEWS.Debian.gz for details. - d/p/schemas-update-the-deprecated-terminal-exec-arg-key-for-x.patch: Drop patch, applied upstream - Translation updates * d/NEWS: Add a NEWS entry for the removal of middle click paste by default gsettings-desktop-schemas (50.1-1) experimental; urgency=medium . * Team upload * New upstream release - Translation updates * Add user session migration for gtk-enable-primary-paste. Instead of unconditionally changing the default during upgrades, we can create a flag file indicating that the system was upgraded from GNOME 49 or older, and use that to arrange for migration to be carried out on upgraded systems but not on new installations. This change made the debian/NEWS from 50.0-1 misleading, so replace it with a new NEWS entry for this version. Implementation based on a similar migration done in Ubuntu, but using the maintainer scripts to distinguish between upgrades and new installations, instead of using information recorded by the Ubuntu installer. Thanks to Alessandro Astone (Closes: #1132612) (LP: #2145179) * d/watch: Switch to v5 format * Standards-Version: 4.7.4 (no changes required) gsettings-desktop-schemas (50.0-1) experimental; urgency=medium . * Team upload * New upstream release - Since 50~beta upstream, middle click paste (primary selection paste) in GTK is disabled by default. Please see NEWS.Debian.gz for details. - d/p/schemas-update-the-deprecated-terminal-exec-arg-key-for-x.patch: Drop patch, applied upstream - Translation updates * d/NEWS: Add a NEWS entry for the removal of middle click paste by default hsqldb1.8.0 (1.8.0.10+dfsg2-2) unstable; urgency=medium . * debian/watch: add Oversion-Mangle to also do s/_/./ there hunspell (1.7.3+really1.7.3-5) unstable; urgency=medium . * debian/watch: add Dversion-Mangle/Oversion-Mangle for +really to make upstream2orig happy hy (1.3.0-1) unstable; urgency=medium . * [cef005a] New upstream version 1.3.0 * [88b8fe5] Bump standards version to 4.7.4 no changes required icinga2 (2.16.1-1) unstable; urgency=medium . * Move from experimental to unstable. icinga2 (2.16.1-1~exp1) experimental; urgency=medium . * New upstream release. * Drop pr10780-parallel-tests.patch, features dropped upstream. * Update copyright file. icinga2 (2.16.0-3~exp4) experimental; urgency=medium . [ Bas Couwenberg ] * Re-enable parallel test execution, doesn't solve test failures. * Update PR 10780 patch with additional changes. . [ Luca Boccassi ] * Install and use sysusers.d config file. icinga2 (2.16.0-3~exp3) experimental; urgency=medium . * Disable parallel test execution. icinga2 (2.16.0-3~exp2) experimental; urgency=medium . * Update pr10780-parallel-unit-test.patch with additional changes. icinga2 (2.16.0-3~exp1) experimental; urgency=medium . * Add upstream patch to improve unit tests. ip4r (2.4.2-5) unstable; urgency=medium . * Cherry-pick pull requests: + Use PG_MODULE_MAGIC_EXT in PostgreSQL 18 and later + Support PostgreSQL 19 + Fully qualify format calls in update scripts ipdb (0.13.13-5) unstable; urgency=medium . * Team upload. * Patch complex setup.py that confuses dh-python javatools (0.82) unstable; urgency=medium . * Team upload. * Update standards version to 4.7.4, drop Priority: tag. * Drop "Rules-Requires-Root: no", it is now the default. . [ Debian Janitor ] * Apply multi-arch hints. + javahelper: Add Multi-Arch: foreign. . [ Luca Boccassi ] * jh_linkjars: skip any virtual/uninstalled Build-Depends ktextaddons (2.0.2-3) unstable; urgency=medium . [ Patrick Franz ] * Fix more reproducibility issues. ktextaddons (2.0.2-2) unstable; urgency=medium . [ Patrick Franz ] * Add patch to use SOURCE_DATE_EPOCH instead of the current timestamp. ktextaddons (2.0.2-1) unstable; urgency=medium . [ Patrick Franz ] * New upstream release (2.0.2). * Update build-deps and deps with the info from cmake. * Update list of installed files. * Update symbols from buildlogs. * Bump Standards-Version to 4.7.4 (no changes needed). * Update lintian-overrides. libaec (1.1.7-1) unstable; urgency=medium . * New upstream release * Standards-Version: 4.7.4 libauthen-radius-perl (0.37-1) unstable; urgency=medium . * Import upstream version 0.37. * Refresh 01_radius_port.patch (offset). * Add notice about behaviour change to debian/NEWS. (Blast-RADIUS mitigation) libbusiness-isbn-data-perl (20260523.001-1) unstable; urgency=medium . * Import upstream version 20260523.001. libcache-fastmmap-perl (1.62-1) unstable; urgency=medium . * Import upstream version 1.62. libcommons-codec-java (1.22.0-1) unstable; urgency=medium . * New upstream release - Build depend on libcommons-lang3-java (>= 3.20.0) * Standards-Version updated to 4.7.4 libcommons-lang3-java (3.20.0-1) unstable; urgency=medium . * New upstream release - Refreshed the patches * Standards-Version updated to 4.7.4 libcpansa-db-perl (20260524.001-1) unstable; urgency=medium . * Import upstream version 20260524.001. * autopkgtests: don't run new author test in t/utils like during buikd. libmongocrypt (1.18.2-1) unstable; urgency=medium . * New upstream release. libqofono (0.130-1) unstable; urgency=medium . * Team upload . [ Jeremy Bícha ] * New upstream release * Add lintian override for use of get-orig-source . [ Andres Salomon ] * d/patches/2001_path-adjustments.patch: fix main.qml installation path. * Make libqofono-examples depend upon qml6-module-ofono, as ofonotest requires it. libqofonoext (1.0.35-1) unstable; urgency=medium . * Team upload * New upstream release * Add lintian override for use of get-orig-source * Run wrap-and-sort -ast * Update Standards Version to 4.7.4 * Remove remaining patch: applied in new release librist (0.2.15+dfsg-1) unstable; urgency=medium . * [794eecf] d/copyright: fully exclude contrib/mbedtls * [086e941] New upstream version 0.2.15+dfsg * [e4a8921] d/copyright: update for new upstream release libsys-virt-perl (12.3.0-1) unstable; urgency=medium . * Import upstream version 12.3.0. * Bump versioned Build-Depends on libvirt-dev to (>= 12.3.0~) libusb-1.0 (2:1.0.30-1) unstable; urgency=medium . * New upstream release libusb-1.0 (2:1.0.30~rc2-1) experimental; urgency=medium . * New upstream release candidate libusb-1.0 (2:1.0.30~rc1-1) experimental; urgency=medium . * New upstream release candidate * Update symbols file * Replace pkg-config test-dependency by pkgconf * Bump Standards-Version to 4.7.3 (no changes) * Drop Rules-Requires-Root field from debian/control, now obsolete * Drop Priority field from debian/control, now redudant with the default value * Update debian/watch to version 5 libvirt (12.3.0-1) unstable; urgency=medium . [ Andrea Bolognani ] * [fc8fbe1] New upstream version 12.3.0 * [3839c78] patches: Drop debian/Drop-handling-of-secret-encryption-[...] - The issue that was preventing us from enabling this functionality has been fixed upstream * [5267f7e] Add Multi-Arch field for packages that were missing it . [ Pino Toscano ] * [e64433c] Build libvirt-clients-qemu only on QEMU architectures * [f7c3ccd] Drop QEMU driver on 32bit architectures - No longer supported as host architectures starting with QEMU 11.0 - Closes: #1134873 libvirt-python (12.3.0-1) unstable; urgency=medium . * New upstream version 12.3.0 lua-rexlib (2.9.3-1) unstable; urgency=medium . * New upstream release. mangohud (0.8.2-1.1) unstable; urgency=medium . * Non-maintainer upload. * Backport upstream FTBFS fix. (Closes: #1131944) mdanalysis (2.10.0-2) unstable; urgency=medium . * Team upload. * Enable all tests again. The current version does not hang anymore. Thanks to Paul Gevers. Closes: #1108309. * Mark test_offset_lock_created as XFAIL. * Drop "Rules-Requires-Root: no" (default). * Drop "Priority: optional" (default). * Update standards-version. memcached (1.6.42-1) unstable; urgency=high . * New upstream release. (Closes: #1137214) . - CVE-2026-47783: Username data for SASL password database authentication had a timing side-channel vulnerability, because a loop exits as soon as a valid username is found by the sasl_server_userdb_checkpass method. . - CVE-2026-47784: Password data for SASL password database authentication had a timing side-channel attack, because memcmp is used by the sasl_server_userdb_checkpass method. . * Bump Standards-Version to 4.7.4. memcached (1.6.41-2) unstable; urgency=medium . * Add procps to the autopkgtest dependencies as pidof is being moved out of the (Priority: Essential) package sysvinit-tools. (Closes: #1136530) meta-gnome (49+11) unstable; urgency=medium . * Team upload . [ Jeremy Bícha ] * gnome-devel: Add Depends: foundry. It's been described as a CLI version of GNOME Builder * Update Standards Version to 4.7.4 * Update minimum versions to 50 where appropriate . [ Simon McVittie ] * gnome-devel: Limit gnome-boxes dependency to architectures with qemu (Helps: #1137353) * gnome-devel: Limit sysprof dependency to architectures where it's built miniflux (2.3.0-1) unstable; urgency=medium . * Update d/watch to v5 syntax * New upstream version 2.3.0 mkdocs-rss-plugin (1.19.0-2) unstable; urgency=medium . * Team upload. * Add to python3-cachecontrol build-dependency (closes: #1137488). * Test nocheck and nodoc build profiles in Salsa CI. nagios4 (4.5.12+ds-1) unstable; urgency=low . * New upstream release (4.5.12). * Repack upstream tarball via uscan/mk-origtargz, per Developer's Reference "The standard for repacked tarballs". Files-Excluded: in debian/copyright strips - html/js/jquery-*.min.js (replaced by a symlink to libjs-jquery's /usr/share/javascript/jquery/jquery.min.js at install time, so we never actually ship the bundled minified blob) - base/wpres-phash.h, base/wp-phash.c (gperf output; the former is regenerated from base/wpres.gperf at build time, the latter is upstream cruft no longer referenced by any build target). debian/watch grows `opts="repacksuffix=+ds,dversionmangle=auto"`. . * Bump Standards-Version to 4.7.4. Declare Rules-Requires-Root: binary-targets to match the chown/chmod in debian/rules. . * Build-Depends: - migrate `debhelper (>= 10)` to `debhelper-compat (= 13)` (drops debian/compat) - add libssl-dev (upstream 4.5.x now hard-requires OpenSSL headers at configure time) - add gperf (needed at build time to regenerate base/wpres-phash.h from base/wpres.gperf, since we stripped the pre-generated file via Files-Excluded:) . * Audit upstream for phone-home / marketing / upsell content and rewrite the patches against 4.5.12: - 80_no_phone_home.patch (refreshed): strip the YouTube page-tour vidbox, "Check for updates" link, mainsplash CSP marketing div with utm_ tracking, and updateversioninfo block from html/main.php. - 81_no_update_api.patch (new): disable the daemon's 22-hour HTTP POST to api.nagios.org. Flips DEFAULT_CHECK_FOR_UPDATES to 0, sets check_for_updates=0 in sample nagios.cfg.in, and stubs query_update_api() in base/utils.c so no socket is opened regardless of config. - 82_no_tour_videos.patch (new): drop the "Nagios Core 4 Tour" YouTube vidbox emitted by cgi/tac.c, cgi/extinfo.c and cgi/status.c. The non-marketing #top_page_numbers append logic in status.c is kept. - 83_strip_marketing_links.patch (new): drop the navbar logo hyperlink to nagios.org in html/side.php; remove the library.nagios.com / support.nagios.com pointers from the Makefile.in install banner. - 84_replace_docs_index.patch (new): replace upstream's html/docs/index.html (a 534-char-paragraph redirect page to assets.nagios.com docs) with a small plain stub that points readers at the manpages. . * nagios4-common: - drop the now-obsolete lsb-base (>= 3.0-6) dependency; /lib/lsb/init-functions is provided by sysvinit-utils on bookworm/trixie/sid. - add Pre-Depends: ${misc:Pre-Depends} for the systemd helper maintainer-script snippets generated by dh_installsystemd. - wire up dh_installsystemd --name nagios4 in debian/rules so the nagios4.service unit file is actually installed (it had been silently ignored under the explicit-dh_* rules). - harden nagios4.service: ProtectSystem=full, ProtectHome=true, PrivateTmp=true, ProtectKernelTunables/Modules/ControlGroups, RestrictSUIDSGID, LockPersonality, RestrictRealtime, RestrictNamespaces, SystemCallArchitectures=native. NoNewPrivileges is deliberately *not* set -- plugins like check_ping rely on /bin/ping's cap_net_raw file capability. . * debian/copyright cleanup: - drop html/angularjs/* stanza (upstream removed angularjs) - drop lib/pqueue.[ch] stanza (upstream removed in 4.5.x) - drop the deprecated 51 Franklin St FSF mailing address - Format URI: http:// -> https:// . * debian/nagios4-cgi.install: drop angularjs/, bootstrap-*, d3/ and spin/ paths (upstream removed those directories). . * debian/nagios4-cgi.lintian-overrides: drop -- current lintian no longer emits the tag the overrides were suppressing. . * debian/nagios4-common.lintian-overrides: rewrite using the current `tag detail [path]` syntax so the resource.cfg 0600 permissions override matches lintian's emission. . * debian/nagios4-common.examples: drop the sample-config/template-object/{commands,localhost}.cfg entries (they were also shipped under examples/template-object/ via the .install file). . * debian/{nagios4,nagios4stats}.8: rewrite the FILES section to drop the nested `.TP ; .IP path` sequence (sid's newer groff rejects nested .TP). . * Maintainer scripts: switch `#!/bin/sh -e` shebang to `#!/bin/sh` followed by an explicit `set -e`. . * Add a stub debian/upstream/metadata pointing at upstream's GitHub repository and issue tracker. . * Modernise debian/watch: HTTPS via sf.net shortcut. Note: pgpsigurlmangle is not used because upstream does not publish detached OpenPGP signatures on GitHub or SourceForge. . * debian/rules: strip trailing whitespace; delete base/wpres-phash.h in the configure step so make's `wpres-phash.h: wpres.gperf` rule fires (only matters for the now-extremely-unlikely case where some future Files-Excluded drift lets the file survive into the source). . * debian/README.Debian: refresh the Documentation section -- point at the canonical upstream docs URL (https on assets.nagios.com, no marketing redirector) and replace the long-deprecated nagios-users@lists.sourceforge.net mailing list with the GitHub issue tracker. nagios4 (4.4.6-4.1) unstable; urgency=medium . * Non-maintainer upload. * No source change upload to move systemd units into /usr. nagios4 (4.4.6-4) unstable; urgency=low . * Fix syntax in nagios4.service. Closes: #986397. nagios4 (4.4.6-3) unstable; urgency=low . * Fix nagios4-ci not installing with recommends. Closes: #985043. nagios4 (4.4.6-2) unstable; urgency=low . * Source only upload for migration to testing. nagios4 (4.4.6-1) unstable; urgency=low . * New release - fixes memory leak. * Fix bad apache2 config. Closes: #931664 * Don't remove js function set_limit(). Closes: #945219 * Enable apache2 authz_groupfile on nagios4-cgi install. Closes: #931664. nagios4 (4.3.4-5) unstable; urgency=low . * Source only upload for testing. nagios4 (4.3.4-4) unstable; urgency=low . * Fix CVE-2020-13977 (closes: #962826) * Fix memory leak. (closes: #962873) https://github.com/NagiosEnterprises/nagioscore/issues/455 nagios4 (4.3.4-3) unstable; urgency=low . * Fix CVE-2018-18245 (closes: #902138) * Fix CVE-2018-13441, CVE-2018-13457, CVE-2018-13458 (closes: #917160) * Removed /etc/nagios4/htdigest.users purge (closes: #905523) * Fix unknown RPM_ARCH (closes: #902216) nagios4 (4.3.4-2) unstable; urgency=low . * Remove lookup of nagios_check_command from nagios4.init. It doesn't exist in nagios4. . * ITP (closes: #894696) nim (2.2.10-1) unstable; urgency=medium . * New upstream version. * d/control: new maintainers. (Closes: #1074512) * Bump standards version to 4.7.4. nipy (0.6.1-5) unstable; urgency=medium . * Team upload. * cme fix dpkg-control * Fix test failures caused by NumPy 2.x stricter scalar conversion rules Closes: #1131063 * Set upstream metadata fields: Documentation. node-jest (29.6.2~ds6+~cs73.45.28-1) unstable; urgency=medium . * Team upload. * Split import-local and resolve-exports node-jest (29.6.2~ds5+~cs73.45.28-3) unstable; urgency=medium . * Team upload . [ Bastien Roucariès ] * Prepare split of import-local and resolve-exports (Closes: #1135386) . [ Xavier Guimard ] * Port to read-pkg 10 (Closes: #1135430) * Enable skipLibCheck for type-fest 5 / TypeScript 5.2 node-undici (7.24.6+dfsg+~cs3.2.0-3) unstable; urgency=medium . * Use upstream patch to improve tls-cert-leak test. node-webpack (5.106.2+dfsg1+~cs15.15.23-3) unstable; urgency=medium . * Add breaks against node-copy-webpack-plugin node-webpack (5.106.2+dfsg1+~cs15.15.23-2) unstable; urgency=medium . [ Xavier Guimard ] . * Team upload * Embed local @types/estree . [ Bastien Roucariès ] * Upload to sid node-webpack (5.106.2+dfsg1+~cs15.15.23-1) unstable; urgency=medium . * Team upload * New upstream version 5.106.2+dfsg1+~cs15.15.23 * Refresh patches nova (2:33.0.1-2) unstable; urgency=medium . * Add weights_debug_log_stop_using_tuples_as_dict_keys.patch. ogre-14 (14.5.2+dfsg-3) unstable; urgency=medium . * Team upload * libogremain14.5: move plugins.cfg from /usr/share/OGRE-14.5 to /usr/lib/$(DEB_HOST_MULTIARCH)/OGRE-14.5 as it's content vary on every architecture and this prevent multiarch coinstability * d/control: mark libogremain14.5 as 'Multi-Arch: same' olm (3.2.16+dfsg-6) unstable; urgency=medium . * Team upload. * Install docs as markdown (Closes: #1133737) * Add patch for fuzz in header (Closes: #1046699) * Drop optional priority * Drop R³ * Bump policy version (no changes) * Drop debian/*.dirs * Add d/salsa-ci.yml pound (4.23-1) unstable; urgency=high . * New upstream release - Contains an important bugfix: A bug in "SendFile" allowed for reading files outside of the configured directory. prometheus-redis-exporter (1.84.0-1) unstable; urgency=medium . * New upstream release. * Switch debian/gitlab-ci.yml to debian/salsa-ci.yml. * Namespace debhelper fragment files with binary package name. putty (0.84-1) unstable; urgency=medium . * Drop "Rules-Requires-Root: no", default as of dpkg-dev 1.22.13. * New upstream release: - CVE-2026-4115: eddsa_verify: add check for out-of-range s (though this is not believed to be a vulnerability in the context of SSH). py7zr (1.1.2-1+really1.1.0+dfsg-2) unstable; urgency=medium . * Team upload. * Remove from python3-pycryptodome build-dependency (closes: #1137501). * Test nocheck build profile in Salsa CI. py7zr (1.1.2-1+really1.1.0+dfsg-1) unstable; urgency=medium . * Re-install upstream code * New upstream version 1.1.2-1+really1.1.0+dfsg Because ".git_archival.txt" may change by download method. This may breaks debaudit/upstream2orig check and also breaks reproducible build. Drop ".git_archival.txt" to pass debaudit check. Note: PyPI source can't usable because it drops test suite from Git tree. * Update version number generator * Display upstream version in build log py7zr (1.1.2+really1.1.0+dfsg-1) unstable; urgency=medium . * Drop v1.1.2 release * New upstream version 1.1.2+really1.1.0+dfsg * Manually set upstream version number for setuptools-scm * Salsa CI uses more comprex version string * Cosmetic fix pydata-sphinx-theme (0.17.1+dfsg-2) unstable; urgency=medium . * Team upload. * Build-depend on node-dedent (closes: #1136922). pyfltk (1.4.5.0+repack-1) unstable; urgency=medium . * New upstream version 1.4.5.0+repack pytest-salt (2019.6.13-1.1) unstable; urgency=medium . * Non-maintainer upload. * migrate from SafeConfigParser to ConfigParser (Closes: #1074682) * drop ancient X-Python-Version field from d/control pytest-salt (2019.6.13-1) unstable; urgency=medium . * New upstream version * Require at least Python >= 3.5 * Switch to debhelper 12 * Bump Standards-Version to 4.4.0 * Add autopkgtest-pkg-python testsuite pytest-salt (2018.1.13-1) unstable; urgency=medium . * Initial version. (Closes: #888004) python-intbitset (4.1.2-1) unstable; urgency=medium . * New upstream version 4.1.2 * Update packaging python-returns (0.27.0-1) unstable; urgency=medium . * New upstream version 0.27.0 * Update packagging * Drop patch 0001-hypothesis-strategy-mismatch.patch python-zombie-imp (0.0.4-2) unstable; urgency=medium . * Team upload. * Maintain in Debian Python Team * Add Homepage * Update description * d/watch: - version=5 - Point to Github instead of PyPI * Standards-Version: 4.7.4 (Removed Priority field) rdtool (0.6.39-1) unstable; urgency=medium . * Team upload [ Debian Janitor ] * Update watch file format version to 5. * Reorder Files paragraphs in debian/copyright by directory depth. * Update standards version to 4.7.4, no changes needed. . [ Abhijith PA ] * New upstream release. (Closes: #380559) * Refresh patches + 010_change_dot_rd2rc_path + 040_honour_SOURCE_DATE_EPOCH rocdbgapi (6.4.3-1.1) unstable; urgency=medium . * Non-maintainer upload. . [ Chris Lamb ] * CMakeLists.txt: Fix timezone-varying date. (Closes: #1098350) * debian/rules: Use fixed value for the "USER" environment variable. (Closes: #1098350) roundcube-plugin-authres-status (0.7.2+dfsg-1) unstable; urgency=medium . * New upstream release: + Fix compatibility with Roundcube 1.7. + Update translations. * d/control: Add new Build-Depends: roundcube-core (unless in nocheck profile). * d/control: Remove `Rules-Requires-Root: no`. * Update Standards-Version to 4.7.4. + Remove "Priority: optional" which is the current default and spelling it out is no longer recommended per Policy. * d/watch: Port to Version 5. roundcube-plugin-authres-status (0.7.0+dfsg-1) unstable; urgency=medium . * Upload to unstable. * Run upstream test suite at build time. This adds phpunit to Build-Depends (unless under ‘nocheck’ profile). * Add DEP-8 test with the upstream test suite. * debian/*.install: Drop duplicate forward slash in target directory. . roundcube-plugin-authres-status (0.7.0+dfsg-1~exp) experimental; urgency=low . * New upstream release: + Fix php 8.x warnings + Add support for opendmarc results * Refresh d/patches. * Update Standards-Version to 4.7.2 (no changes necessary). roundcube-plugin-authres-status (0.7.0+dfsg-1~exp) experimental; urgency=low . * New upstream release: + Fix php 8.x warnings + Add support for opendmarc results * Refresh d/patches. * Update Standards-Version to 4.7.2 (no changes necessary). roundcube-plugin-authres-status (0.6.3+dfsg-1) unstable; urgency=medium . * Upload to unstable. * New upstream release: + Fix compatibility with Roundcube 1.6.1 and later. + Fix some PHP 8 warnings. * Add d/README.Debian for instructions how to enable and configure this plugin. * d/gbp.conf: Set ‘compression = xz’. * d/gbp.conf: Drop ‘v’ prefix in upstream-vcs-tag. * Patch composer.json to demote php-dkim to Suggests from Depends. roundcube-plugin-authres-status (0.6.2+dfsg-1~exp) experimental; urgency=medium . * Initial release, split from roundcube-plugins-extra=1.4.10+1-4. roundcube-plugins-extra (1.6-1) unstable; urgency=low . * This source package is now a dummy transitional package. The third-party Rouncdube plugins it used to ship are now split across individual roundcube-plugin-* source packages. roundcube-plugins-extra (1.4.10+1-4) unstable; urgency=medium . [ Debian Janitor ] * Update lintian override info to new format on line 2, 3. . [ Guilhem Moulin ] * d/control: Build-Depends: Drop versioned constraint on uglifyjs. * Refresh lintian overrides to accommodate lintian v2.115. * Update standards version to 4.6.2, no changes needed. * Convert more Lintian overrides to new format. roundcube-plugins-extra (1.4.10+1-3) unstable; urgency=medium . * d/control: Fix plugin names (replace hyphens with underscores) in the long package description. roundcube-plugins-extra (1.4.10+1-2) unstable; urgency=medium . * Fix LESS imported source paths in sourcemaps. roundcube-plugins-extra (1.4.10+1-1) unstable; urgency=medium . [ Guilhem Moulin ] * New upstream release: - Update roundcube-sauserprefs to version 1.18.4 from 1.18.3. - Update thunderbird-labels to 1.4.10 from 1.4.9. * d/rules: Complete refactoring. * d/rules: Remove check for nocheck build option from override_dh_auto_test, as it's no longer needed in Debhelper compatibility level 13. * Rename Debian branch to debian/latest for DEP-14 compliance. * Require node-less 3 or later in Build-Depends (for the --rewrite-urls=all option). * Lintian overrides: Remove package annotations. * Replace Build-Depends: closure-compiler, yui-compressor with cleancss, uglifyjs (>=3), used respectively for CSS and Javascript minification. Build also source maps alongside the minified code. * Install upstream documentation and changelog files to /usr/share/doc/roundcube-plugins-extra/$PLUGIN_NAME/. * Lintian: Override false positive package-contains-documentation-outside-usr-share-doc * New Build-Depends: pigz. Ship gzipped (minified) JS and CSS files along side the non-compressed versions. Compatible HTTPds can send these files as is in order to avoid on-the-fly compression overhead. . [ Jesse Norell ] * Fix compose_addressbook plugin with classic theme. (Closes: #979526) roundcube-plugins-extra (1.4.9+2-1) unstable; urgency=medium . * New upstream release: - Update thunderbird-labels to version 1.4.9 from 1.4.8. * d/control: Replace lessc's deprecated --relative-urls option with --rewrite-urls=all. roundcube-plugins-extra (1.4.9+1-1) unstable; urgency=medium . * New upstream release: - Update contextmenu to 3.2.1 from 3.2 - Update sauserprefs to 1.18.3 from 1.18.2 * d/control: Bump Standards-Version to 4.5.1 (no changes needed). roundcube-plugins-extra (1.4.8+1-1) unstable; urgency=medium . * d/patches/fix-thunderbird-labels-coffee2js.patch: Mark 'Forwarded: not-needed'. * Update authres-status to version 0.6.2 from 0.6.1, which adds DMARC support. roundcube-plugins-extra (1.4.7+1-1) unstable; urgency=medium . * New upstream release: - Update thunderbird-labels to version 1.4.8 from 1.4.6. - Update authres-status to version 0.6.1 from 0.5.2. This includes new CSS for Roundcube's default "Elastic" theme which displays the authentication status more prominently. roundcube-plugins-extra (1.4.6+1-1) unstable; urgency=low . * Change versioning scheme to $roundcube_version+$revision-$debian_revision. This gives more flexibility as it allows upgrading plugins between two Roundcube package uploads, and even two uploads the same day. This change doesn't require an epoch. * debian/plugins/*/watch: Remove unused watch option 'oversionmangle'. * debian/scripts/plugins.py: Don't download/unpack orig tarballs. We use `debian/scripts/get-orig-tarballs` and `debian/scripts/extract-tarballs` for that. * debian/scripts/get-orig-tarballs: + Download orig tarballs into ${USCAN_DESTDIR:-..}. + Repack using mk-origtargz(1), so we don't have to parse d/copyright ourselves or define other exclude patterns. * debian/scripts/extract-tarballs: + Get orig tarballs from ${USCAN_DESTDIR:-..}. + Automatically update the git tree. * debian/copyright: Add generated CSS/JS to Files-Excluded-*:. * Update thunderbird-labels to version 1.4.6 from 1.4.2 * debian/rules: Fix FTBFS on systems where lessc(1) uses node 12.18.0. * debian/rules: Also minify CSS. This adds yui-compressor to Build-Depends. * debian/patches, debian/rules: Don't patch the LESS sources so the CSS can easily be rebuilt on the target system if desired. * debian/control: Drop dependency on libjs-jquery-mousewheel. contextmenu doesn't use it anymore since version 1.13. roundcube-plugins-extra (1.4.4-20200603) unstable; urgency=medium . * d/control: Update Maintainer: field to use @alioth-lists.debian.net not deprecated @lists.alioth.debian.org. * Update contextmenu to 3.2 from 3.1 * Update sauserprefs to 1.18.2 from 1.18.1 * d/control: Bump minimum Roundcube version to 1.4.4 (for contextmenu 3.2). * Bump debhelper compatibility level to 13. roundcube-plugins-extra (1.4.0-20200423) unstable; urgency=low . * Rename d/source.lintian-overrides to d/source/lintian-overrides. * d/control: Bump debhelper compatibility level to 12 and set debhelper-compat version in Build-Depends. * d/control: Set 'Rules-Requires-Root: no'. * d/control: Bump Standards-Version to 4.5.0 (no changes needed). * d/roundcube-plugins-extra.lintian-overrides: Use wildcard in path name. * d/rules: Check DEB_BUILD_OPTIONS in override_dh_auto_test. * d/control: Replace yui-compressor with closure-compiler in Build-Depends. * d/rules: Replace yui-compressor with closure-compiler as JavaScript minifier for consistency with Roundcube upstream (and >=1.4 in Debian). * d/plugins/*/watch: Bump format version to 4 from 3 (no change needed). * d/plugins/*/watch: Relax matching version pattern to v?(\d[\d.]*). roundcube-thunderbird_labels started prefixing versions with a 'v' in >1.0.0 (released 2014), causing uscan(1) to fail to discover later versions. * d/scripts/plugins.py: Preserve 'InstallName' field and value across plugins.overview updates. * Update contextmenu to 3.1 from 2.3 * Update sauserprefs to 1.18.1 from 1.17.1 * Update thunderbird-labels to 1.4.2 from 1.0.0 (closes: #940205) * Remove markasjunk2 (subsumed by markasjunk from roundcube-plugins) * Remove sieverules (subsumed by managesieve from roundcube-plugins) * Replace unmaintained dkimstatus plugin by new plugin authres_status (closes: #948030) * New plugin html5-notifier (Desktop Notifications for Roundcube) * d/control: Bump minimum Roundcube version to 1.4.0. * d/control: New Build-Depends: coffeescript (used to rebuild thunderbird-labels/tb_label.js from its .coffee sources). * d/control: New Build-Depends: node-less (used to rebuild generated CSS from their .less sources). This in turns pulls in roundcube-core to Build-Depends:. roundcube-plugins-extra (1.3.8-20190219) unstable; urgency=low . [ Guilhem Moulin ] * debian/control: + Add self to Uploaders. + Bump Standards-Version to 4.1.4. Replace priority 'extra' with 'optional'. + Migrate Vcs-Browser and Vcs-Git from Alioth to Salsa. . [ Sandro Knauß ] * Update keyboard-shortcuts to 2.5 * Update message-highlight to 4.4 * Update markasjunk2 to 1.11.2 * Update sauserprefs to 1.17.1 * Rename plugins to correct name (Closes: #888765): - thunderbird-labels -> thunderbird_labels - compose-addressbook -> compose_addressbook - dovecot-impersonate -> dovecot_impersonate - keyboard-shortcuts -> keyboard_shortcuts - message-highlight -> message_highlight - thunderbird-labels -> thunderbird_labels * Update watch files for components. * Update Build-Deps (debhelper 11). * Requires new roundcube (1.3.8). * Update patch hunks. * Bump Standards-Version to 4.3.0 (no changes needed). roundcube-plugins-extra (1.3.0-20170826) unstable; urgency=medium . * Update markasjunk to 1.11.1 * Update sauserprefs to 1.17 * Update contextmenu to 2.3 * Update listcommands to 2.5.2 * Update message-highlight to 3.1 * Bump compat level to 10 (no changes needed). * Update Standards-Version to 4.1.0 (no changes needed). roundcube-plugins-extra (1.2.1-20160803) unstable; urgency=medium . * Update listcommands to 2.4 * Update links to use https instead of http * Resort Uploaders and Maintainer * Bump Standards-Version to 3.9.8 (no changes needed) * Update comapt level (no changes needed) * Update lintian overrides roundcube-plugins-extra (1.1.3-20151025) unstable; urgency=medium . [ Vincent Bernat ] * Dependency on appropriate roundcube version. . [ Sandro Knauß ] * rename all plugins without version number * Add nonminified js code - Add yui-compressor as build-dep * Update patches to point to the correct files. * use uscan to search and update the plugins. * Also install readme.md and MANUAL.md in docs dir * There is no sieverules/lib/Net/Sieve.php anymore - delete dependency for php-net-sieve * Added overrides file * Bump Standards-Version to 3.9.6 - Update copyright to copyright-format/1.0 * Updated fail2ban to 1.3 * Updated sieverules to 2.3 roundcube-plugins-extra (1.1.2-20150821) unstable; urgency=medium . * Ensure compatibility with Roundcube 1.1.2. (Closes: #783679) * Updated contextmenu to 2.1.2 * Updated dovecot-impersonate to 2.1 * Updated fail2ban to 1.2 * Updated keyboard_shortcuts to 2.4.1 * Updated listcommands to 2.3.5 * Updated markasjunk2 to 1.9 * Updated message-highlight to 2.6 * Updated sauserprefs to 1.15 * Updated sieverules to 2.2 * Updated thunderbird_labels to 1.0.0 * remove copymessage - merged into roundcube core * remove quickrules - merged with sieverules * Updated patches * Updated copyright file * Added myself to Uploaders. roundcube-plugins-extra (0.9.2-20130819) unstable; urgency=low . * Ensure compatibility with Roundcube 0.9.2. (Closes: #657035, #671411, #711720, #719521) * Remove zipdownload as its part of Roundcube since 0.9. * Upgrade compose_addressbook to version 8.0.4. (Closes: #699331) * Upgrade contextmenu to version 1.10-20130303+dfsg. * Upgrade copymessage to version 1.3-20130224. * Upgrade dovecot_impersonate to version 2.0: - Refresh make-dovecot-impersonate-compatible-with-sieverules.patch. * Upgrade keyboard_shortcuts to version 2.1: - Refresh add-keyboard-shortcuts-l10n-fr.patch. - Refresh fix-keyboard-shortcuts-i18n.patch * Upgrade listcommands to version 2.2.3: - Remove obsolete add-listcommands-l10n-fr.patch * Upgrade markasjunk2 to version 1.6-20130427. * Upgrade message_highlight to version 2.3. * Upgrade quickrules to version 1.4-20130224. * Upgrade sauserprefs to version 1.10-20130224. * Upgrade sieverules to version 1.18-20130507. * Add thunderbird_labels (0.9) * Add support for .bz2 tarballs in get-orig-tarballs. * Also install files named 'Changelog' to handle thunderbird_labels. * Correctly sort plugins by name in debian/plugins. * Stop storing sources with Debian patches applied. * Switch to use --auto-compress tar flag in extract-tarballs. * Teach extract-tarballs about bz2 and xz compressed sources. * Use the more specific Expat instead of MIT in debian/copyright. . [ Jan Wagner ] * Add missing copyright for jquery.maskedinput.js roundcube-plugins-extra (0.7-20120110) unstable; urgency=low * Upgrade contextmenu to version 1.8-20111210. * Upgrade copymessage to version 1.1-20111122. * Upgrade dkimstatus to version 4.8. * Upgrade fail2ban to version 1.1+20111109: - Refresh debian/patches/adjust-fail2ban-readme.patch. * Drop jqueryui, now part of Roundcube releases: - Bump Depends to Roundcube >= 0.7-3~, - Remove Depends on libjs-jquery-ui, - Drop debian/patches/use-debian-jquery-ui.patch. * Upgrade markasjunk2 to version 1.3-20111210. * Upgrade quickrules to version 1.0-20111210. * Upgrade sieverules to version 1.16-20111210. * Upgrade sauserprefs to version 1.7-20111210. * Upgrade zipdownload to version 1.3-20111210. roundcube-plugins-extra (0.6-20111030) unstable; urgency=low * Use system-wide PEAR Net_Sieve instead of the embedded copy in sieverules. (Closes: #645637) roundcube-plugins-extra (0.6-20111017) unstable; urgency=low * Plugins now target Roundcube version 0.6. * Fix internationalization issue in keyboard_shortcuts. * Add french localization to keyboard_shortcuts. * Add french localization to listcommands. * Upgrade contextmenu to version 1.8-20110902. * Upgrade copymessage to version 1.1-20110218. * Upgrade markasjunk2 to version 1.3-20110922. * Add quickrules (1.0-20110926). * Upgrade sieverules to version 1.14-20110924. * Make dovecot_impersonate compatible with sieverules. * Upgrade zipdownload to version 1.3-20110619. * Adjust source and version for sauserprefs. * Update and fix debian/copyright. roundcube-plugins-extra (0.5.4-20110919) unstable; urgency=low * Bump version number for Roundcube to 0.5.4. * Upgrade sieverules to version 1.11-20110813. * Label jqueryui as version 1.8+dfsg instead of 1.8.12+dfsg. * Upgrade sauserprefs to version 1.6-20110828. * Upgrade markasjunk2 to version 1.3. * Fix typo in debian/copyright. * Use system-wide jQuery Mousewheel plugin in contextmenu. roundcube-plugins-extra (0.5.3-20110719) unstable; urgency=low * Compress plain tar archives in debian/scripts/get-orig-tarballs. * Exclude INSTALL and Exclude-patterns from installed files. * Add fail2ban (1.1). * Add zipdownload (1.3). * Add dkimstatus (4.7). roundcube-plugins-extra (0.5.3-20110619) unstable; urgency=low * Initial release. ruby-countries (8.1.0-2) unstable; urgency=medium . * Team upload * Use d/clean to remove unnecessary files created during build (Closes: #1045868) * Bump Standards-Version to 4.7.4 (no changes needed) * Update watch file version ruby-rugged (1.9.0+ds-1.1) unstable; urgency=medium . * Non-maintainer upload. [ Subin Siby ] * Add patch to fix build with libgit2 1.9 (Closes: #1136930) . [ Abhijith PA ] * Bump Standards-Version (No change needed) * Remove Rules-Requires-Root and Testsuite fields. ruby-sidekiq (7.3.2+dfsg-2) unstable; urgency=medium . [ Sruthi Chandran ] * Team upload. * Use d/clean to remove unnecessary files created during build (Closes: #1046846) * Bump Standards-Version to 4.7.4 (no changes needed) * Update watch file version . [ Lucas Nussbaum ] * debian/gbp.conf: Add for DEP-14 * debian/.gitattributes: remove * debian/salsa-ci.yml: use team-specific include rust-crc (3.4.0-1) unstable; urgency=medium . * Team upload. * Package crc 3.4.0 from crates.io using debcargo 2.8.2 rust-pyo3-macros-backend (0.28.2-2) unstable; urgency=medium . * Add patch determinism: make introspection JSON output deterministic. rust-sqlx-postgres (0.8.3-5) unstable; urgency=medium . * Team upload. * Package sqlx-postgres 0.8.3 from crates.io using debcargo 2.8.2 * Drop the relax-whoami.patch snowball-data (0+20260521-1) unstable; urgency=medium . * New upstream git snapshot (for snowball 3.1.0). * Add package to the Debian Commons. * Configure uscan to create git archive. * Bump Standards-Version to 4.7.4, drop Priority: optional. * Drop Rules-Requires-Root, no longer needed. soupsieve (2.8.4-1) unstable; urgency=medium . * New upstream point release. * Bump Standards-Version to 4.7.4, no changes needed. sphinxext-rediraffe (0.3.0-3) unstable; urgency=medium . * Team upload. * Maintain in Debian Python Team * Homepage, Source: Github repository has moved * d/watch: - version=5 - Point to Github instead of PyPI * Standards-Version: 4.7.4 (Removed Priority field) * Add import-name to pass autopkgtest spip (4.4.15+dfsg-1) unstable; urgency=medium . [ David Prévot ] * Document CVEs in previouss changelog entry * debian/watch: Update Source URL . [ Matthieu Marcillaud ] * build: up dependencies * build: Version 4.4.15 spip (4.4.14+dfsg-1) unstable; urgency=medium . [ David Prévot ] * Document CVE in previouss changelog entry * Update mutualisation to 2.0.1 * Update standards version to 4.7.4, no changes needed. . [ Matthieu Marcillaud ] * build: Ajout du polyfill PHP 8.5 * build: update dependencies * build: Version 4.4.14 spip (4.4.13+dfsg-1) unstable; urgency=medium . [ Matthieu Marcillaud ] * build: Version 4.4.13 spip (4.4.11+dfsg-1) unstable; urgency=medium . [ Matthieu Marcillaud ] * build: Version 4.4.11 . [ David Prévot ] * Document CVE fixes in previous changelog entries spip (4.4.10+dfsg-1) unstable; urgency=medium . [ Matthieu Marcillaud ] * build: Version 4.4.10 spip (4.4.9+dfsg-1) unstable; urgency=medium . [ Matthieu Marcillaud ] * build: Version 4.4.9 spip (4.4.8+dfsg-1) unstable; urgency=medium . [ Matthieu Marcillaud ] * build: Version 4.4.8 . [ David Prévot ] * Convert d/watch to version 5 * Update Standards-Version to 4.7.3 spip (4.4.7+dfsg-1) unstable; urgency=medium . [ Matthieu Marcillaud ] * build: Version 4.4.7 spip (4.4.6+dfsg-1) unstable; urgency=medium . [ Matthieu Marcillaud ] * build: Version 4.4.6 spip (4.4.5+dfsg-1) unstable; urgency=medium . * Upload to unstable now that Trixie has been released . [ Matthieu Marcillaud ] * build: Version 4.4.5 . [ David Prévot ] * Remove Rules-Requires-Root * Update Standards-Version to 4.7.2 spip (4.4.4+dfsg-1) experimental; urgency=medium . * Upload to experimental during the freeze . [ Matthieu Marcillaud ] * build: Version 4.4.4 spip (4.4.3+dfsg-1) unstable; urgency=medium . * Upload to unstable . [ Matthieu Marcillaud ] * build: Version 4.4.3 . [ David Prévot ] * Upstream tag without v * Update copyright spip (4.4.2+dfsg-1) experimental; urgency=medium . * Upload new major to experimental . [ Matthieu Marcillaud ] * build: Version 4.4.2 . [ David Prévot ] * Drop dh-sequence-phpcomposer usage * Embed spip-league/kernel * Drop some now useless exclusions * Install new config directory * Workaround Composer InstalledVersions feature spip (4.3.8+dfsg-1) unstable; urgency=medium . [ Maïeul Rouquette ] * security: Nettoyer certaines entrées des champs d’auteurs sur le formulaire d’édition d’auteur . [ Matthieu Marcillaud ] * fix: éviter de stocker une info erronée dans la meta `derniere_maj_notifiee` * fix: L’option `onload` de Minipage n’était pas appliquée * security: Mise à jour de l’écran de sécurité en version 1.6.5 * build: Version 4.3.8 . [ b_b ] * fix: Notifier uniquement les mises à jour de `patch` de SPIP en entête de page de l’espace privé . [ David Prévot ] * Track version 4.3 (for Trixie?) * Refresh patches header * Update Standards-Version to 4.7.2 spip (4.3.6+dfsg-1) unstable; urgency=medium . [ Maïeul Rouquette ] * fix: utiliser pour `IMAGETYPE_SVG` une valeur qui ne risque pas une collision avec un futur ajout de format image (19 a été pris par `IMAGETYPE_AVIF` entre temps) . [ JamesRezo ] * chore: Version max PHP 8.4 . [ b_b ] * security: bien tester les autorisations d'afficher le contenu des articles/rubriques dans les fragments chargés en ajax * security: sécuriser le contenu du message d'erreur affiché par l'API transmettre * build: up ecran de sécurité en version 1.6.4 . [ Matthieu Marcillaud ] * build: Version 4.3.6 spip (4.3.5+dfsg-1) unstable; urgency=medium . [ Maïeul Rouquette ] * change: message de retour de formulaire en `div` plutot qu'en `p` . [ Matthieu Marcillaud ] * build: version 4.3.5 spip (4.3.4+dfsg-1) unstable; urgency=medium . [ Maïeul Rouquette ] * fix: Pouvoir supprimer l’image définie pour l’écran de connexion * fix: ne pas cacher le pied de page de l'espace privé . [ Maïeul ] * fix: rétablir le fonctionnement du debuggeur cassé dans certains cas par 373bc3038a7f2a2950f1bf744ef5ed9f5608f090 * fix: retablir l'authentification LDAP si `REMOTE_USER` est vide ou `null` * fix: tenter de rejouer la session tant que le changement d'IP n'est pas résolu . [ Matthieu Marcillaud ] * fix: Erreur SQL lors de l’optimisations de certaines boucles paginées * build: version 4.3.4 spip (4.3.3+dfsg-1) unstable; urgency=medium . [ Matthieu Marcillaud ] * deprecate: Fonctions `verif_butineur()`, `editer_texte_recolle()` & `coupe_trop_long()` qui était code mort pour IE. * feat: Intégrer les polyfill PHP 8.3 et 8.4 . [ Franck Rousseau ] * fix: répare l'ajout de la config LDAP à l'install . [ ARNO* ] * feat: Pouvoir modifier logo de logo_on quand il y a un logo de survol . [ bricebou ] * fix: passer l'id_parent_ancien aux pipelines pre_edition et post_edition depuis article_instituer() à l'image de ce qui a été fait dans objet_modifier() . [ b_b ] * fix(ldap): vérifier les mots de passe même si `$_SERVER['REMOTE_USER']` est déclarée vide . [ cpol0 ] * fix: Servir des caches à jour pour les bots sur des redirections 301 . [ David Prévot ] * Update copyright (years) spip (4.3.2+dfsg-1) unstable; urgency=medium . [ Matthieu Marcillaud ] * revert: Le menu "Créer" du bando ne calcule pas de chaine de langue automatiquement. * fix: Affichage du mode `var_profile=1` dans l’espace privé * fix: Générer des contenus éditoriaux aussi compatibles xhtml * build: up ecran de sécurité en version 1.6.3 * build: version 4.3.2 spip (4.3.1+dfsg-1) unstable; urgency=medium . [ nicod_ ] * fix: ne pas désactiver le clic sur les `.btn_desactive` . [ b_b ] * fix: modifier `$spip_version_code` pour le mises à jour vers 4.3 . [ Matthieu Marcillaud ] * fix(css): Mieux cibler le menu déroulant du site sur les navigateurs sans `:has` * fix: Appliquer une seule fois le rétablissement des échappments de modèles dans une suite de filtres * build: version 4.3.1 spip (4.3.0+dfsg-1) unstable; urgency=medium . * Upload release to unstable . [ Matthieu Marcillaud ] * build: up ecran de sécurité en version 1.6.2 * build: version 4.3.0 spip (4.3.0~beta+dfsg-1) experimental; urgency=medium . [ Matthieu Marcillaud ] * build: up ecran de sécurité en version 1.6.1 * build: version 4.3.0-beta . [ David Prévot ] * Update mutualisation to 1.5.0 * d/control: Drop default branch from Vcs-Git spip (4.3.0~alpha.2+dfsg-1) experimental; urgency=medium . [ Cerdic ] * feat: une fonction `attribut_url()` pour formatter une URL qui doit être utilisée dans un attribut html * fix: utiliser la fonction attribut_url() pour insérer une url dans un lien html . [ Matthieu Marcillaud ] * build: up ecran de sécurité en version 1.16.0 * build: version 4.3.0-alpha2 . [ RastaPopoulos ] * fix: surcharge la fonction `propre()` pour pouvoir l'appliquer sans erreur dans les squelettes spip (4.3.0~alpha+dfsg-1) experimental; urgency=medium . * Upload alpha to experimental . [ Matthieu Marcillaud ] * build: version 4.3.0-alpha . [ David Prévot ] * Update copyright spip (4.2.14+dfsg-1) unstable; urgency=medium . [ Matthieu Marcillaud ] * build: up ecran de sécurité en version 1.6.1 * build: version 4.2.14 . [ David Prévot ] * Update mutualisation to 1.5.0 spip (4.2.13+dfsg-1) unstable; urgency=medium . [ Cerdic ] * fix: éviter une preg sur les longues chaînes si pas necessaire (perf issue) * feat: une fonction `attribut_url()` pour formatter une URL qui doit être utilisée dans un attribut html * fix: utiliser la fonction attribut_url() pour insérer une url dans un lien html . [ Matthieu Marcillaud ] * build: up ecran de sécurité en version 1.16.0 * build: version 4.2.13 . [ b_b ] * fix: rétablir la possibilité de masquer certains champs des formulaires editer_article & editer_rubrique depuis le pipeline `formulaire_charger` . [ David Prévot ] * Track version 4.2 for now spip (4.2.12+dfsg-1) unstable; urgency=medium . [ jluc ] * fix: Sur `email_valide`, éviter une regexp s'il n'y a rien à tester . [ Matthieu Marcillaud ] * build: version 4.2.12 . [ Cerdic ] * fix: ne pas interrompre la chaine de calcul des autorisations quand on appel autoriser() avec un id_auteur=0 ou inexistant * fix: ne pas provoquer une fatale quand on essaye de securiser une action qui a été appelée sans arg ni hash . [ nicod_ ] * fix: Une seule requête plus fiable pour tester l'unicité de l'email * fix: Passer #debug-nav par dessus #spip-debug . [ JamesRezo ] * feat: dépréciation formulaire_recherche() . [ b_b ] * fix: éviter un débordement du contenu des explications dans les formulaires de l'espace privé * fix: lors de la génération d'un nouveau mot de passe pour un auteur, ne pas envoyer d'email si SPIP n'a pas pu le modifier * fix: supprimer le DOCTYPE et les commentaires des SVG dans le filtre `balise_svg` . [ touti ] * fix: éviter que les identifiants se retrouvent sur deux lignes spip (4.2.11+dfsg-1) unstable; urgency=medium . [ Matthieu Marcillaud ] * build: Version SPIP 4.2.11 . [ JamesRezo ] * feat: PHP maxi 8.3 . [ David Prévot ] * debian/rules: Fix get-orig-source * debian/control: Update Standards-Version to 4.7.0 spip (4.2.10+dfsg-1) unstable; urgency=medium . [ Matthieu Marcillaud ] * fix: Affichage de Minipres avec des contenus imprévus (warnings php par exemple) * build: Version SPIP 4.2.10 . [ jluc ] * fix: Ne pas relancer par mail la validation de l'inscription des auteurs sans mail . [ Cerdic ] * fix: Éviter une fuite mémoire dans `generer_objet_info()`. . [ nicod ] * fix: ne pas réduire les icones en largeur en mode horizontal . [ David Prévot ] * Adapt get-orig-source to Gitlab hosting * Force system dependencies loading spip (4.2.9+dfsg-2) unstable; urgency=medium . * Upload compatible version with PHP 8.2 to unstable * Relax versioned dependency spip (4.2.9+dfsg-1) experimental; urgency=medium . [ JLuc ] * fix: `identifiant_slug()` peut avoir un séparateur vide * fix: toujours loger une erreur de squelette . [ Matthieu Marcillaud ] * fix: Éviter une fatale SQL lors de l’optimisation de liens avec des objets éditoriaux qui ne sont plus déclarés * fix: Tolérer un zéro dans l’analyse de certains critères `{critere 0,5}` * build: Version SPIP 4.2.9 . [ Cerdic ] * fix: ne pas oublier de déclarer les balise générique comme 'balise_calculee' pour éviter son échappement dans les boucles (DATA) spip (4.2.8+dfsg-1) experimental; urgency=medium . [ Matthieu Marcillaud ] * build: version 4.2.8 Fixes XSS in uploaded files using bigup spip (4.2.7+dfsg-1) experimental; urgency=medium . [ nicod_ ] * fix: boutons de gestion du logo en btn_mini et supprimer en btn_secondaire . [ Maïeul Rouquette ] * fix: lors d'une institution, passer l'objet aux pipelines `pre_edition` et `post_editon` * fix(#5752): formulaire multiétapes: si tout est bien passé, recommencer à zéro et pas à la dernière étape . [ Matthieu Marcillaud ] * fix: Traitement identique du paramètre type dans `autoriser_exception` et `autoriser` * build: version 4.2.7 . [ RealET ] * fix: un warning PHP avec var_profile=1 . [ placido ] * fix : erreur d'exécution en cas (tordu) d'appel sur image manquante . [ Cerdic ] * fix: si on installe un SPIP neuf sur une base sans champ backup_cles on ne peut pas créer de compte webmestre car on ne peut pas initialiser son mot de passe, la requete update echouant * fix(ux): ne pas avoir un bouton 'annuler le job' qui ressemble à un bouton 'fermer la notification' + une classe en trop * fix: si la lecture d'un stream ne trig jamais feof, se fier à fread()===false + reduire le timeout pour eviter de degrader trop les perf * fix: un nom plus long pour les caches d'image distant pour eviter les collisions, tout en renommant les anciens cache à la volée pour eviter de doublonner les caches * fix: quand le texte passe par echapper_html_suspect() il ne faut pas perdre le contexte des modèles * fix: les modèles insérés dans un texte héritent automatiquement du contexte, a l'insu des redacteurs. Securiser ce qui proviendrait de variables envoyées par l'utilisateur . [ tofulm ] * Fix: Évite une fatal error en php 8.2 sur `objet_inserer` et `article_inserer` . [ David Prévot ] * Update mutualisation to 1.4.13 spip (4.2.6+dfsg-1) experimental; urgency=medium . [ Maïeul Rouquette ] * fix(5725): Lorsque l'on appelle plus de 10 fois un modèle inexistant, ne pas bloquer les appels qui suivent. . [ RastaPopoulos ] * fix(5723): corriger le renseignement des JPG où parfois ça mettait jpeg au lieu de jpg et donc empêchait leur prise en compte. . [ Matthieu Marcillaud ] * fix: Éviter une erreur Sodium sur la migration vers SPIP 4.2 si des jetons d’auteurs sont présents * build: Version SPIP 4.2.6 spip (4.2.5+dfsg-1) experimental; urgency=medium . [ Matthieu Marcillaud ] * build: Version SPIP 4.2.5 . [ David Prévot ] * Update mutualisation to 1.4.12 spip (4.2.4+dfsg-1) experimental; urgency=medium . [ Cerdic ] * security: Utiliser une fonction dédiée pour nettoyer les données d’auteur lors de la préparation d’une session . [ Matthieu Marcillaud ] * build: Version 4.2.4 spip (4.2.3+dfsg-1) experimental; urgency=medium . [ Matthieu Marcillaud ] * build: Up écran de sécu en 1.5.3 * build: Version 4.2.3 . [ David Prévot ] * Build-depend on php-symfony-deprecation-contracts spip (4.2.2+dfsg-1) experimental; urgency=medium . * Upload to experimental during the freeze . [ Matthieu Marcillaud ] * build: Version SPIP 4.2.2 . [ David Prévot ] * Install upstream README * Update copyright * Update mutualisation to 1.4.11 * Update dependencies wrt composer.json * Build JavaScript Load Image from source * Provide homemade autoload.php . [ Guilhem Moulin ] * Add d/salsa-ci.yml for Salsa CI. spip (4.1.15+dfsg-2) unstable; urgency=medium . * Allow current version of PHP (Closes: #1063721) spip (4.1.15+dfsg-1) unstable; urgency=medium . [ Matthieu Marcillaud ] * build: version 4.1.14 Fixes XSS in uploaded files using bigup spip (4.1.13+dfsg-1) unstable; urgency=medium . [ Cerdic ] * fix: les modèles insérés dans un texte héritent automatiquement du contexte, a l'insu des redacteurs. Securiser ce qui proviendrait de variables envoyées par l'utilisateur . [ Matthieu Marcillaud ] * build: version 4.1.13 . [ David Prévot ] * Update mutualisation to 1.4.13 spip (4.1.12+dfsg-1) unstable; urgency=medium . [ Matthieu Marcillaud ] * build: Version 4.1.12 . [ David Prévot ] * Update mutualisation to 1.4.12 spip (4.1.11+dfsg-1) unstable; urgency=medium . [ Cerdic ] * security: Utiliser une fonction dédiée pour nettoyer les données d’auteur lors de la préparation d’une session . [ Matthieu Marcillaud ] * build: Version 4.1.11 spip (4.1.10+dfsg-1) unstable; urgency=medium . [ Cerdic ] * security: limiter la profondeur de recursion de `protege_champ` * security: Ameliorer c76770a en évitant un `unserialize` dans l'écran de sécurité . [ Matthieu Marcillaud ] * build: Version 4.1.10 * build: Up écran de sécu en 1.5.3 . [ David Prévot ] * Add CVE to previous changelog entry * Update documented branch * Update mutualisation to 1.4.11 spip (4.1.9+dfsg-1) unstable; urgency=medium . [ Cerdic ] * fix: eviter une erreur fatale quand le id de l'objet supposé pour l'introduction n'est pas trouvé . [ Matthieu Marcillaud ] * build: Version SPIP 4.1.9 spip (4.1.8+dfsg-1) unstable; urgency=medium . [ Matthieu Marcillaud ] * build: Version SPIP 4.1.8 . [ Cerdic ] * Fix: Sanitizer toutes les valeurs passées aux formulaires * fix: Sanitizer toutes les valeurs passées aux formulaires preventivement dans l'écran de sécurité . [ Guilhem Moulin ] * Add d/salsa-ci.yml for Salsa CI. . [ David Prévot ] * Track version 4.1 for now (bookworm?) spip (4.1.7+dfsg-1) unstable; urgency=medium . [ Matthieu Marcillaud ] * build: Version 4.1.7 . [ David Prévot ] * Update lintian override info format in d/source/lintian-overrides. * Update standards version to 4.6.2, no changes needed. spip (4.1.5+dfsg-1) unstable; urgency=medium . [ Matthieu Marcillaud ] * build: Version 4.1.5 . [ David Prévot ] * Update mutualisation to 1.4.10 spip (4.1.2+dfsg-1) unstable; urgency=medium . [ Matthieu Marcillaud ] * Version 4.1.2 . [ David Prévot ] * Update mutualisation to 1.4.9 * debian/rules: Don’t ship any .md file spip (4.1.1+dfsg-1) unstable; urgency=medium . * Upload release to unstable . [ Matthieu Marcillaud ] * Version 4.1.1 spip (4.1.0~rc+dfsg-1) experimental; urgency=medium . [ Matthieu Marcillaud ] * Version 4.1.0-rc . [ David Prévot ] * Adapt packaging to removed files spip (4.1.0~beta+dfsg-1) experimental; urgency=medium . [ Matthieu Marcillaud ] * Version 4.1.0-beta spip (4.1.0~alpha+dfsg-1) experimental; urgency=medium . * Upload alpha to experimental . [ Matthieu Marcillaud ] * Version 4.1.0-alpha . [ David Prévot ] * Track dev versions * Don’t ship test data * Drop php-pclzip dependency * Use libjs-jquery-jstree * Update copyright * Use shipped version of php-xml-htmlsax3 spip (4.0.5-1) unstable; urgency=medium . [ Matthieu Marcillaud ] * Version 4.0.5 . [ David Prévot ] * Track version 4.0 for now spip (4.0.4-1) unstable; urgency=medium . [ Matthieu Marcillaud ] * Version 4.0.4 . [ b_b ] * bien verifier le droit de modifier le login dans le formulaire_editer_auteur . [ David Prévot ] * Revert "Use libjs-sortable" spip (4.0.2-1) unstable; urgency=medium . * Upload version compatible with PHP 8 to unstable . [ Matthieu Marcillaud ] * Version 4.0.2 spip (4.0.1-1) experimental; urgency=medium . * Upload new major version to experimental . [ Matthieu Marcillaud ] * Version 4.0.1 * PHP 8 compat (Closes: #977340) . [ David Prévot ] * Revert "Track version 3 for now" * Factorize minification * Don’t ship: - vcs-control-file, - composer, phpcs, phpstan files, - icones sources * Drop dependencies: - libjs-jquery-ui - libjs-jquery-colorbox - libjs-jquery-flot - libjs-jquery-migrate-1 - libjs-excanvas - libjs-moment * Add dependencies: - libjs-twitter-bootstrap-datepicker - libjs-sortable - libjs-prefix-free * Update js.cookie.js path * Update copyright spip (3.2.12-1) unstable; urgency=medium . [ Matthieu Marcillaud ] * Version 3.2.12 . [ David Prévot ] * Track version 3 for now * Update copyright (years) * Update standards version to 4.6.0, no changes needed. * Drop misplaced changelog spip (3.2.11-3) unstable; urgency=medium . * Adapt symlink to changed path in latest node-js-cookie. Thanks to Andreas Beckmann (Closes: #988853) spip (3.2.11-2) unstable; urgency=medium . * Upload to unstable with the Release Team approval * Update debian/copyright spip (3.2.11-1) experimental; urgency=medium . * Upload to experimental during the freeze . [ Matthieu Marcillaud ] * Compat PHP 7.4 * Version SPIP 3.2.11 . [ David Prévot ] * Refresh patches header spip (3.2.9-1) unstable; urgency=medium . * Critical security fixes, allowing identified authors to execute arbitrary PHP code, and XSS . [ Matthieu Marcillaud ] * Version 3.2.9 . [ David Prévot ] * Update mutualisation to 1.4.7 * Simplify gbp import-orig spip (3.2.8-2) unstable; urgency=medium . * Document CVE IDs in previous changelog entries * Use minify instead of uglifyjs (Closes: #979960) * Update watch file format version to 4. * Update Standards-Version to 4.5.1 * Drop d/lintian-overrides, syntax changed spip (3.2.8-1) unstable; urgency=medium . * Critical security fix, allowing identified authors to execute arbitrary PHP code . [ Matthieu Marcillaud ] * Version 3.2.8 . [ David Prévot ] * Allow Apache to access some directories in /var/lib/spip/sites/ Thanks to Vincent * Rename main branch to debian/latest (DEP-14) * debian/watch: Adapt to lowercase spip * debian/control: - Set Rules-Requires-Root: no. - Update standards version to 4.5.0, no changes needed - Use debhelper-compat 13 * debian/rules: - Simplify dh_link override - Adapt get-orig-source to Git source * debian/mutualisation: - Update mutualisation as of r125427 - Update mutualisation to Git source * debian/upstream/metadata: - Set upstream metadata fields: Bug-Database, Bug-Submit. - Fix URLs * debian/copyright: - Update Source - Update years spip (3.2.7-1) unstable; urgency=medium . * Critical security fix, allowing identified authors to inject content into database . [ ben.spip@gmail.com ] * SPIP 3.2.7 . [ David Prévot ] * Add CVE ID to previous changelog entry * Update standards version to 4.4.1, no changes needed. * Set upstream metadata fields: Repository, Repository-Browse. spip (3.2.5-1) unstable; urgency=medium . * Critical security fix, allowing unidentified visitor to modify any published content and execute other modifications in database * Other security fixes: - better sanitization on redirections - don’t disclose if user exists when resetting password - better error message sanitization on login page . [ ben.spip@gmail.com ] * SPIP 3.2.5 . [ David Prévot ] * Add CVE ID to previous changelog entry * Refresh patch headers * Update standards version, no changes needed. * Fix manpage section spip (3.2.4-1) unstable; urgency=medium . * Critical security fix allowing arbitrary code execution to any identified visitor . [ ben.spip@gmail.com ] * SPIP 3.2.4 spip (3.2.3-1) unstable; urgency=medium . [ ben.spip@gmail.com ] * SPIP 3.2.3 tag spip . [ David Prévot ] * Update mutualisation to 1.4.5 * Update copyright * Use debhelper-compat 12 * Update Standards-Version to 4.3.0 spip (3.2.1-1) unstable; urgency=medium . [ David Prévot ] * New upstream version * Use priority optional * Update mutualisation to 1.4.4 * Drop dead list from Maintainer (and Romain from Uploaders) Closes: #899895 * Move project repository to salsa.d.o * Use https whenever possible in debian/ * Use debhelper-compat 11 * Update Standards-Version to 4.2.1 * Depend on - libjs-jquery-migrate-1 - libjs-moment - node-js-cookie instead of libjs-jquery-cookie - php-xml (split from php) * Recommend default-mysql-server instead of mysql-server (Closes: #848450) * Use shipped in version of php-html-safe * Get rid of Cherokee configuration * Use dh-apache2 to handle the default webserver configuration * Drop old symlink conversions * Update copyright * Update minimisation * Use rewrite for multisite * Make chown non-recursive in postinst * Drop trailing whitespace in changelog spip (3.1.4-4) unstable; urgency=medium . * Update security screen to 1.3.6 * Backport security fixes from 3.1.7 - Do not disclose PHP version in headers - Secure inserted URL in anchors - Secure URLs sent by self() - Escape charset in error message - Allow filter mode to be passed in interdire_scripts() - No onclick nor JS popup in footer - Fix missing escapes - Secure _T() and _L() arguments - Provide a sanitize option for _T() and _L() - Deactivate sanitization when calling _T() in affdate_debut_fin() that uses secured data - Cross-site scripting (XSS) vulnerability [CVE-2017-15736] (Closes: #879954) - [Privacy] add rel attribute (noopener noreferrer) in private footer * Backport security fix from 3.1.8 - PHP injection via XML file * Drop dead list from Maintainer (and Romain from Uploaders) (Closes: #899895) * Move project repository to salsa.d.o spip (3.1.4-3) unstable; urgency=high . * Track Stretch * Backport security fix from 3.1.6 - Execution of arbitrary code * Update security screen to 1.3.2 spip (3.1.4-2) unstable; urgency=medium . * Fix broken symlink with recent libjs-jquery-ui. Thanks to Andreas Beckman (Closes: #857818) * Backport security fixes from 3.2-alpha-1 - Reflected Cross Site Scripting Vulnerabilities in /ecrire/exec/puce_statut.php and /ecrire/exec/info_plugin.php [CVE-2016-9997] [CVE-2016-9998] (Closes: #848641) - Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php [CVE-2016-9152] (Closes: #847156) * Remove incorrect statement that those security issues had been fixed from the previous changelog entry * Remove incorrect execution bit for ecrire/inc/idna_convert.class.php spip (3.1.4-1) unstable; urgency=high . [ Adriano Rafael Gomes ] * Add Brazilian Portuguese debconf templates translation (Closes: #829339) . [ David Prévot ] * New upstream version 3.1.4, with security fixes: - Arbitrary PHP execution code - Reflected Cross Site Scripting (XSS) Vulnerabilities [CVE-2016-9997] [CVE-2016-9998] (Closes: #848641) - Cross-site scripting (XSS) vulnerability [CVE-2016-9152] (Closes: #847156) * Update mutualisation to 1.3.5 * Update copyright spip (3.1.3-1) unstable; urgency=high . * Upload stable 3.1 branch to unstable for Stretch * Document CVE in previous changelog entry * New upstream version 3.1.2, with non-critical XSS security fixes * New upstream version 3.1.3, with security fixes: - Exec Code Cross-Site Request Forgery [CVE-2016-7980] - Reflected Cross-Site Scripting [CVE-2016-7981] - File Enumeration / Path Traversal [CVE-2016-7982] - Template Compiler/Composer PHP Code Execution [CVE-2016-7998] - Server Side Request Forgery [CVE-2016-7999] * Refresh mutualisation as of r99658 * Update Standards-Version to 3.9.8 spip (3.1.1-1) experimental; urgency=high . * Imported Upstream version 3.1.1, with security fixes: - PHP code injection - Objects injection via unserialize * Update mutualisation to 1.2.8 * Depend on php-* instead of php5-* for the php 7.0 transition * Update copyright * Update Standards-Version to 3.9.7 spip (3.1.0-1) experimental; urgency=medium . * Imported Upstream version 3.1 * Refresh mutualisation as of r94388 * Update copyright (years) spip (3.1.0~rc3-1) experimental; urgency=medium . * Imported Upstream version 3.1.0~rc3 spip (3.1.0~rc-1) experimental; urgency=medium . * Imported Upstream version 3.1.0~rc * Update mutualisation do 1.2.6 * Update packaging to embedded jstree * Update copyright * Update watch URL spip (3.1.0~beta1-1) experimental; urgency=medium . [ erational@erational.org ] * remplacement des http://doc.spip.org par http://code.spip.net (Francky) * passage du copyright en 2015 . [ David Prévot ] * Use embedded partial copy of w3c-dtd-xhtml (Closes: #787179) * Update mutualisation to 1.2.5 * Update copyright spip (3.1.0~beta-1) experimental; urgency=medium . * Imported Upstream version 3.1.0~beta * Update mutualisation to 1.2.3 * Document upstream VCS * Update copyright * Minify new JavaScript file at build time spip (3.1.0~alpha-1) experimental; urgency=medium . * Adapt watch file for alpha * Update mutualisation to 85970 (doc URL changed) * Imported Upstream version 3.1.0~alpha spip (3.1~21775-1) experimental; urgency=medium . [ Frans Spiesschaert ] * Add Dutch translation of debconf messages (Closes: #766642) . [ David Prévot ] * Bump standards version to 3.9.6 * Exclude sourceless Flash and Silverlight files * Imported Upstream version 3.1~21775 * Update copyright * Update compressed JavaScript files * Update symlinks * Use libjs-mediaelement and php-getid3 instead of embedded copy spip (3.1~21533-1) experimental; urgency=medium . * Simplify install * Fix faulty symlinks * Imported Upstream version 3.1~21533 spip (3.1~21513-1) experimental; urgency=medium . * Imported Upstream version 3.1~21513 spip (3.1~21458-1) experimental; urgency=medium . * Imported Upstream version 3.1~21458 * Update copyright * Update jQuery UI internal path spip (3.1~21406-1) experimental; urgency=medium . * Imported Upstream version 3.1~21406 * Revert "Document repack": fixed upstream spip (3.1~21361+dfsg-1) experimental; urgency=medium . * Use Files-Excluded feature instead of d/repack.sh * Imported Upstream version 3.1~21361 * Strip away copyrighted ICC profiles * Document repack spip (3.1~21294-1) experimental; urgency=medium . * Imported Upstream version 3.1~21294 * Reorder rules * Depend on php-pclzip instead of libphp-pclzip spip (3.1~21281-1) experimental; urgency=medium . * Update mutualisation to 1.2.2 * Update copyright years * Imported Upstream version 3.1~21281 spip (3.1~21175-1) experimental; urgency=medium . * Document fixed security issue in 3.0.13 * Imported Upstream version 3.1~21175 spip (3.1~21100-1) experimental; urgency=medium . * Update mutualisation (PHP < 5.3 compat) * Imported Upstream version 3.1~21100 * Update copyright years spip (3.1~21086-1) experimental; urgency=medium . * Imported Upstream version 3.1~21086 spip (3.1~20970-1) experimental; urgency=low . * Update repack.sh for 3.1 * Imported Upstream version 3.1~20970 * Remove libjs-ie7 dependency: plugins-dist/msie_compat is not shipped anymore * Use libjs-jquery-colorbox back: the embedded version has been updated * Update packaging to 3.1 branch * Refresh patches * Factorize copyright spip (3.0.22-1) unstable; urgency=high . * Track the 3.0 branch * Imported Upstream version 3.0.22, with security fixes: - PHP code injection - Objects injection via unserialize * Update mutualisation to 1.2.8 * Depend on php-* instead of php5-* for the php 7.0 transition * Update Standards-Version to 3.9.7 * Update copyright (years) spip (3.0.21-1) unstable; urgency=medium . * Update watch URL * Update mutualisation do 1.2.6 * Imported Upstream version 3.0.21 spip (3.0.20-1) unstable; urgency=medium . * Imported Upstream version 3.0.20 * Update mutualisation to 1.2.5 * Update copyright spip (3.0.19-2) unstable; urgency=medium . * Use embedded partial copy of w3c-dtd-xhtml (Closes: #787179) spip (3.0.19-1) unstable; urgency=medium . * Imported Upstream version 3.0.19 spip (3.0.18-1) unstable; urgency=medium . * Update mutualisation to 1.2.3 * Use Files-Excluded feature instead of d/repack.sh * Imported Upstream version 3.0.18 spip (3.0.17-2) unstable; urgency=medium . [ Frans Spiesschaert ] * Add Dutch translation of debconf messages (Closes: #766642) . [ David Prévot ] * Update copyright * Bump standards version to 3.9.6 * Document current Git branch spip (3.0.17-1) unstable; urgency=medium . * Depend on php-pclzip instead of libphp-pclzip * Document a lintian false positive * Imported Upstream version 3.0.17 spip (3.0.16-1) unstable; urgency=medium . * Update mutualisation to 1.2.2 * Update copyright years * Imported Upstream version 3.0.16 spip (3.0.15-1) unstable; urgency=medium . * Document fixed security issue in 3.0.13 * Imported Upstream version 3.0.15 spip (3.0.14-1) unstable; urgency=medium . * Imported Upstream version 3.0.14 * Update mutualisation (PHP < 5.3 compat) * Update copyright years spip (3.0.13-1) unstable; urgency=low . * Upload to unstable: Jessie will not be released with 2.1 * Document CVE in previous changelog entries * Imported Upstream version 3.0.13 spip (3.0.12-1) experimental; urgency=low . * Imported Upstream version 3.0.12 (Closes: #729172) * Use embedded jQuery ColorBox outdated version: The current code actually depend on this version, and it doesn’t work well with the version from the Debian package * Recommend php5-sqlite, needed for DB export * Handle patch set with gbp pq * Update mutualisation’s translations * Bump standards version to 3.9.5 * Use uglifyjs instead of yui-compressor * Remove now useless README.source spip (3.0.11-1) experimental; urgency=low . * Imported Upstream version 3.0.11 * Update mutualisation’s copyright spip (3.0.10-2) experimental; urgency=low . * libjs-flot has been renamed into libjs-jquery-flot * Transition towards apache 2.4 (Closes: #669794) * Make symlinks relative (Policy 10.5) * Enable /spip alias by default * Make multisite.php PHP 5.5 compatible * Refer to Apache-2.0 from /usr/share/common-licenses * Update mutualisation to 1.2.1 spip (3.0.10-1) experimental; urgency=low . * Imported Upstream version 3.0.10: bugfix release * Document CVE in previous changelog entry spip (3.0.9-1) experimental; urgency=low . * New upstream version: fix privilege escalation (Closes: #709674) * Minify new prive/javascript/login-sha-min.js at build time spip (3.0.8-1) experimental; urgency=low . * New major upstream version * The web server should point to /usr/share/spip instead of /var/lib/spip * security screen now part of upstream tarball * extensions has moved into plugins-dist * squelettes-dist now installed in /usr/share/spip * debian/control: - Depends on libjs-excanvas, libjs-ie7, libjs-flot, libjs-jquery-colorbox, libjs-jquery-ui, libphp-pclzip, php-xml-htmlsax3, and w3c-dtd-xhtml - Build-Depends on yui-compressor * debian/rules: - Delete new unneeded files - Delete embedded copies and symlink to the new dependencies - Minify JavaScript files - Make dh_fixperms a bit more aggressive * debian/copyright: Update * debian/links, debian/repack.sh: - Adapt to safehtml move - Delete sourceless files from ie7-js * debian/patches/: Refresh patches * debian/examples: Move mutualisation/outils to examples * debian/README.source: - Renamed from debian/README.Debian-source - Document get-orig-source target ie7-js removal spip (2.1.24-1) unstable; urgency=high . * Imported Upstream version 2.1.24 (Closes: #729172) * Refresh patches * Update security screen to 1.1.8 * Update mutualisation to 0.10 * Update watch file to track the 2.1 branch spip (2.1.23-1) unstable; urgency=low . * Imported Upstream version 2.1.23: bugfix release * Update mutualisation to 0.9.2 * Document CVE in previous changelog entry spip (2.1.22-1) unstable; urgency=high . * New upstream version: fix privilege escalation (Closes: #709674) * Update security screen to 1.1.7 spip (2.1.21-1) unstable; urgency=low . * New upstream version: various minor bugs fixed * debian/control: - Vcs-Git and Vcs-Browser updated to the Git repository - Bump standards to 3.9.4 * debian/patches/: Refresh patches * debian/templates: Remove mention of old apache and apache-ssl spip (2.1.20-1) experimental; urgency=low . * New upstream version: various minor bugs fixed * debian/repack.sh: Automatise repack * debian/copyright: Update year * debian/patches/dont_display_next_version.patch: Refresh patch * debian/patches/fix_displayed_version.patch, debian/rules: Improve version substitution * Update security screen file to 1.1.5 spip (2.1.19-1) experimental; urgency=low . * New upstream version: - #PARAMETRE_FORUM fix; - various partial backup fixes; - 42 new document types; - array shortcut bug fix. * Update security screen file to 1.1.4. * Update mutualisation to r67950. * Remove now useless preinst. spip (2.1.17-1) unstable; urgency=low * New upstream version, fixes base disclosure (Closes: #683667). spip (2.1.16-1) unstable; urgency=high * New upstream version: - fixes PHP injection (Closes: #680118); - fixes growing session directory; - fixes PHP 5.4 compatibility. * Update security screen file to 1.1.3. spip (2.1.15-1) unstable; urgency=high * New upstream version, fixes cross site scripting. Closes: #677290 * Update security screen file to 1.1.2. spip (2.1.14-2) unstable; urgency=low * Don't display next upstream version in the private interface. * Make the copyright compliant to format 1.0. spip (2.1.14-1) unstable; urgency=low * New upstream version, fixes cross site scripting. Closes: #672961 * Update security screen file to 1.1.0. * Add CVE number to previous entry (#671264 related). spip (2.1.13-1) unstable; urgency=high * New upstream version, fixes cross site scripting. Closes: #670110 * Fix path in README. Closes: #651157 * Document more installation steps (partially address: #612467). * Add DEP-3 compliant headers. * Fix displayed version in the private interface. * Bumped standards to 3.9.3. * Update copyright. * Move more links from debian/rules to debian/links. * Update security screen file to 1.0.10. * Update mutualisation. spip (2.1.12-1) unstable; urgency=high * New upstream release, fixes privilege escalation and cross site scripting. Closes: #649113 * Add self as uploader. * Bumped standards to 3.9.2. * Depend on and use fonts-dustin, libjs-jquery-cookie and libjs-jquery-form instead of shipped ones. * Use dh 7. * Update security screen file to 1.0.6. spip (2.1.11-0.1) unstable; urgency=low * Non-maintainer upload. [ Romain Beauxis ] * New upstream release. Closes: #646758 * Switch to dpkg-source 3.0 (quilt) format. [ David Prévot ] * Add Vcs-* control fields. * Added da.po debconf translation, thanks to Joe Hansen. Closes: #623103 spip (2.1.1-3) unstable; urgency=high * Added security screen file (ecran_securite.php). Fixes all known security issues in spip. Closes: #609212, Closes: #610016 spip (2.1.1-2) unstable; urgency=high * Added patch to fix int overflow in articles' published date. Thanks to David Prévot for reporting. Closes: #597026 spip (2.1.1-1) unstable; urgency=low * New upstream release. * Bumped standards to 3.9.0 spip (2.1-5) unstable; urgency=high * Added es.po debconf translation, thanks to Ricardo Fraile. Closes: #580617 * Fixed safehtml class instantiation to use the packaged one. This issue lead to failures so setting priority to high to propagate quickly. spip (2.1-4) unstable; urgency=low * Added a themes/ directory to install optional themes. * Removed special chmod.php file not needed after the changes in the previous upload. * Now multisite can be defined using regexp. * Install missing extensions/ * Added debian/watch. spip (2.1-3) unstable; urgency=low * Fixed default rights for created directories and files. * Fixed default directory for automatically installed plugins. * Enabled short images option by default. spip (2.1-2) unstable; urgency=low * Fixed plugins and mutualisation: the variable _DIR_PLUGINS in mes_options.php is now called _DIR_PLUGINS_SUPPL * Fixed url_img_courtes. Thanks to David Prévot for reporting and proposing a patch. Closes: #577274 spip (2.1-1) experimental; urgency=low * New upstream release. * Removed safehtml patch, replaced by a symlink. * Bumped standards to 3.8.4 * There is a bug with the mutualisation and the plugins so uploading to experimental for now.. spip (2.0.10-1) unstable; urgency=low * New upstream release. * Bumped standards version to 3.8.3 spip (2.0.9-1) unstable; urgency=high * New upstream release, fixing security issue. See: http://www.spip-contrib.net/SPIP-Security-Alert-new-version for more details. spip (2.0.8-3) unstable; urgency=low * Fixed bashism in spip_rm_site script. Closes: #535885 spip (2.0.3-1) experimental; urgency=low * New upstream release. * Added Italian debconf translations, thanks to Vincenzo Campanella ! Closes: #510291 * Added Basque debconf translations, thanks to Piarres Beobide ! Closes: #510299 * Added Czech debconf translations, thanks to Martin Šín ! Closes: #510301 * Added Swedish debconf translations, thanks to Martin Bagge ! Closes: #510302 * Added Finnish debconf translations, thanks to Esko Arajärvi ! Closes: #510384 * Added Galician debconf translations, thanks to Marce Villarino ! Closes: #510391 * Added German debconf translations, thanks to Helge Kreutzmann ! Closes: #510541 * Added Portuguese debconf translations, thanks to Miguel Figueiredo ! Closes: #510640 * Added Japanese debconf translations, thanks to Hideki Yamane ! Closes: #510892 * Added French debconf translations, thanks to Jean Guillou ! Closes: #511008 * Added Russian debconf translations, thanks to Yuri Kozlov ! Closes: #512165 spip (1.9.3~svn10413-2) experimental; urgency=low * Patched source to work with php-html-safe spip (1.9.3~svn10413-1) experimental; urgency=low * Initial release (Closes: #426069) * Temporaly removed file HTMLSax3.php spip (1.7.0-1) unstable; urgency=high * New upstream release (1.7, and security fixi; CERT report on March, 14, 2004) (Closes: #228414, #232245, #224181, #224410) spip (1.6.0-7) unstable; urgency=low * Change dependency to mysql-client. * Correct a directory creation not done by spip package 1.6.0-4 (Closes: #221230) * Correct french translation and gettext format (closes: 217274, 217275) spip (1.6.0-6) unstable; urgency=low * Change the description * Stable release of multi instances SPIP package. * Correct postrm failure if spip-* not installed * Added french templates translations spip (1.6.0-5h) unstable; urgency=medium * Remove some -x and change spip-config delete bug. * Fourth pre-release (Closes: #207762) spip (1.6.0-4) unstable; urgency=low * Correct spip.postinst, there were a problem with the temporary mysql connection file. Thanks to Ted Bukov for his help (Closes: #206911). spip (1.6.0-3) unstable; urgency=low * Changed the README.debian (Closes: #206295) * Added debconf script, based on cacti (Closes: #206296) * Move files up to /var/lib/spip instead of /usr/share/spip, which is better regarding the FHS, before the upstreams authors enables the possibility to separate functionsand datas. spip (1.6.0-2) unstable; urgency=low * Better rights handled. * Correction of description (Closes #206030) * Correction of dependencies. Will make support of postgress later. (Closes #206027) spip (1.6.0-1) unstable; urgency=low * Initial Release. (Closes #200341) * Move licenses, add french documentation and create a documentation section Add apache configuration to set up a "spip/" virtual directory * Update policy compliance to follow 3.6.0 release sqlmap (1.10.5-1) unstable; urgency=medium . * New upstream version 1.10.5 * Update copyright file supercronic (0.2.45-1) unstable; urgency=medium . * Initial release. (Closes: #1137249) * Add patch to use perl instead of python in tests. sxid (4.20130802-8) unstable; urgency=medium . * Added debian/sxid.service and debian/sxid.timer: - Systemd timer and service to replace cron.daily" * Closed, bugs fixed (Closes: #318967, #291005) * debian/control: - Changed The project repository URL has been - Removed redundant Priority field - Removed redundant Rules-Requires-Root * debian/patches: - 011: Add EXCLUDE_FS to fix infinite loop in chroot (Closes: #156060) - 012: Add EXCLUDE_FS to example config * debian/sxid.logrotate: - Added logrotate config to compress old log files (Closes: #106219) * debian/salsa-ci.yml - Disable piuparts due to known bug #1031086 with systemd symlinks * debian/watch: - Updated to version 5 format tcltk-defaults (8.6.18) unstable; urgency=medium . * Bump version to match Tcl/Tk currently in forky. theme-d-intr (1.0.1-2) unstable; urgency=medium . * Closes: #1137411 * Changed g-golf dependencies to 0.8.7-3 in debian/control. * Added file debian/gbp.conf. * Changed Standards-Version to 4.7.4 in debian/control. * Removed Priority and Rules-Requires-Root from debian/control. tmux (3.6b-1) unstable; urgency=medium . [ Sébastien Delafond ] * d/watch: remove Uversion-mangle * Bump-up Standards-Version * New upstream version 3.6b ubertooth (2018.12.R1-6) unstable; urgency=medium . * Move Vcs to salsa's debian namespace * Salvage the package (Closes: #1135684) . [ A. Maitland Bottoms ] * update watch file vim (2:9.2.0524-1) unstable; urgency=medium . * New upstream tag + Security fixes - 9.2.0479: command injection in tar plugin (Closes: #1136803, CVE-2026-46483) - 9.2.0480: command injection in netrw via mf command (Closes: #1136828, CVE-2026-43961) * debian/rules: + Disable gtk4 configure check until new UI stabilizes + Remove obsolete --enable-sockerserver switch