apparmor (2.13.2-10) unstable; urgency=medium . * Don't load AppArmor policy when running in a Debian Live environment that uses overlayfs (Closes: #922378). Rationale: the storage stack set up by live-boot with overlayfs is not supported by our AppArmor policy at the moment, resulting in breakage of confined software such as Evince and LibreOffice. * Ship nvidia_modprobe in enforce mode (Closes: #923273). - Rationale: as explained by Seth Arnold on #923273#32, profiles in complain mode can chew up essentially unlimited amounts of non-swappable kernel memory and huge amounts of IO bandwidth logging ALLOWED messages, which can in turn use large amounts of storage. This is why Ubuntu has applied this change already for their upcoming release. - Scope of this change: in Buster, this profile is used in one single place — the usr.lib.libreoffice.program.soffice.bin profile — for which it was developed and tested in the first place. So the risk and potential problematic impact of this change seems pretty low. * Cherry-pick the most important and non-invasive fixes from the upstream apparmor-2.13 maintenance branch: - base abstraction: allow mr on *.so* in common library paths, i.e. don't assume all common libraries' name starts with "lib". At the very least, this fixes Qt5 applications under some VirtualBox graphics configuration, where otherwise they would not start at all (Closes: Tails#16414). Upstream commits: 8dff7dc, 08f9d16 - Fix 2 segfaults spotted upstream while writing automated tests for the multicache support (upstream MR!348): · in overlaydirat_for_each, segfault caused by repeatedly freeing the same memory area; · when loading policy cache files, due to incorrect size passed to qsort(). Upstream commits: 5704fba, 01aec04 bwa (0.7.17-3) unstable; urgency=medium . * Team upload. . [ Dylan Aïssi ] * Add patch from upstream to fix CVE-2019-10269. (Closes: #926014) . [ Jelmer Vernooij ] * Trim trailing whitespace. clamav (0.101.2+dfsg-1) unstable; urgency=high . * Import 0.101.2 - CVE-2019-1787 (An out-of-bounds heap read condition may occur when scanning PDF documents) - CVE-2019-1789 (An out-of-bounds heap read condition may occur when scanning PE files) - CVE-2019-1788 (An out-of-bounds heap write condition may occur when scanning OLE2 files) - CVE-2019-1786 (An out-of-bounds heap read condition may occur when scanning malformed PDF documents) - CVE-2019-1785 (A path-traversal write condition may occur as a result of improper input validation when scanning RAR archives) - CVE-2019-1798 (A use-after-free condition may occur as a result of improper error handling when scanning nested RAR archives) - update symbols file - Remove DetectBrokenExecutables option from clamd template, it is deprecated. * Drop the dbgsym migration line. * Bump standards-version to 4.3.0 without further change hw-detect (1.137) unstable; urgency=medium . * Team upload . [ Updated translations ] * Ukrainian (uk.po) by Anton Gladky hw-detect (1.136) unstable; urgency=medium . * Team upload . [ Updated translations ] * Vietnamese (vi.po) by Trần Ngọc Quân iso-scan (1.75) unstable; urgency=medium . * Team upload . [ Updated translations ] * Ukrainian (uk.po) by Anton Gladky iso-scan (1.74) unstable; urgency=medium . * Team upload . [ Updated translations ] * Vietnamese (vi.po) by Trần Ngọc Quân lava (2019.01-5) unstable; urgency=medium . [ Steve McIntyre ] * Clean up obsolete conffiles causing piuparts failures. Closes: #925353 . [ Neil Williams ] * Remove GitLab support due to Docker limits libclamunrar (0.101.2-1) unstable; urgency=high . * Import 0.101.2 - CVE-2019-1785 (A path-traversal write condition may occur as a result of improper input validation when scanning RAR archives) - CVE-2019-1798 (A use-after-free condition may occur as a result of improper error handling when scanning nested RAR archives) libinput (1.12.6-2) unstable; urgency=medium . * Ship /usr/share/libinput in the udeb, since that's now needed by the libinput X driver. mitmproxy (4.0.4-5) unstable; urgency=medium . * Add dependency on python3-pkg-resources (Closes: #923354) openexr (2.2.1-4.1) unstable; urgency=medium . * Non-maintainer upload. * bug909865.patch: Add -ffloat-store when compiling tests, to fix test failures on i386. Patch backported from experimental. (Closes: #909865) openipmi (2.0.25-2.1) unstable; urgency=medium . * Non-maintainer upload, with pre-approval from current maintainer. * Increase MAX_CONFIG_LINE from 1024 to 10240, patching lanserv/OpenIPMI/serv.h, which makes it possible to have long enough command line when using ipmi_sim (Closes: #923873). pdns (4.1.6-2) unstable; urgency=high . [ Salvatore Bonaccorso ] * Insufficient validation in the HTTP remote backend (CVE-2019-3871) (Closes: #924966) weston (5.0.0-3) unstable; urgency=medium . * debian/control: add libdbus-1-dev to Build-Depends - Fixes "won't start despite having an active logind session" (Closes: #799325) Thanks Paul Menzel for analysis. * debian/patches/reproducible-build-899358.patch: new patch - Make the build reproducible (Closes: #899358) whois (5.4.2) unstable; urgency=medium . * Added the .ss and .xn--mgbah1a3hjkrd (موريتانيا, Mauritania) TLD servers. * Updated the .in TLD and related IDN TLDs servers. * Updated the .fm TLD server.