avy (0.4.0+git20190328.85b5d574-1) unstable; urgency=medium . * New upstream snapshot, incorporating bug fixes backports.functools-lru-cache (1.5-3) unstable; urgency=medium . * Team upload. * dh_pypy now supports namespace packages. Use it. (Closes: #924677) busybox (1:1.30.1-3) unstable; urgency=high . * Ignore any valid_lft or preferred_lft parameters to ip, thanks Steve Langasek. Closes: #924442 * Fix ip oneline, thanks Dominik George. Closes: #924374 cnvkit (0.9.5-3) unstable; urgency=medium . * Fix buster rebuilds (Closes: #925568) d/patches/controldir.patch csound (1:6.12.2~dfsg-3.1) unstable; urgency=medium . * Non-maintainer upload. * Fix diskgrain, syncgrain and syncloop when sample rate of sample differs from orchestra, Closes: #924260 cups (2.2.10-5) unstable; urgency=medium . [ Helge Kreutzmann ] * Correct error in german manpage translation . [ Didier Raboud ] * Backport patches from upstream's 2.2 "stable" branch: - Add USB quirks rule for Xerox printers (Issue #5523) - Add a USB quirks rule for the DYMO 450 Turbo (Issue #5521) debian-edu-install (2.10.21) unstable; urgency=medium . [ Wolfgang Schweer ] * Set version number to 10+edu0 in preparation of the Debian Buster release. debian-reference (2.76) unstable; urgency=medium . * Complete translation for de, it, ja, pt, and zh-cn. Closes: #924863 * Update filepath to comply with doc-base CGI script restrictions. Closes: #900360, #924686 * Add lintian override for missing-depends-on-sensible-utils, * Update package and popcon data entity. * Ready for buster release by setting buster as stable release. debmirror (1:2.32) unstable; urgency=medium . [ Jamie Strandboge ] * Support downloading command-not-found metadata (LP: #1821251). di-netboot-assistant (0.62) unstable; urgency=medium . * Revert bump in dh compat level for buster. * Purge stretch in autopkgtest. di-netboot-assistant (0.61) unstable; urgency=medium . * Fix typo in manual page. * Bump dh compat level to 12. No changes needed. * Remove jessie and wheezy from the list of supported releases, they have been archived. Adapt autopkgtest accordingly (closes: #925368). dns-root-data (2019031302) unstable; urgency=medium . * cryptographically verify root.hints * get_orig_source: refresh root-anchors.{xml,p7s} as well * update root data to 2019031302 * standards-version: bump to 4.3.0 (no changes needed) * parse-root-anchors.sh: account for validity windows * check: deliberately skip the TTL generated by ldns-key2ds * dns-root-data is Multi-Arch: foreign dpkg (1.19.6) unstable; urgency=medium . [ Guillem Jover ] * libdpkg: Add a new TAR_FORMAT_UNKNOWN enum value. * libdpkg: Set tar_entry to zero on tar_entry_destroy(), to avoid double free()s and the subsequent crashes. * libdpkg: Handle non end-of-tape errors from tar_header_decode(). * libdpkg: Use ERANGE instead of EINVAL for tar_atol8() out-of-range error. * dpkg-gencontrol: Check presence of package build dir before traversing it. * Perl modules: - Dpkg::Source::Package::V1: Change default build option style to -sa. Using -sA by default means the user might lose data on overwrite if there is already a directory with the same name laying around. Closes: #910737 - Dpkg::Source::Package: Handle Format field being undefined. On source format 1.0, the default is for the debian/source/format file not being present, which means we'll start with an empty Format field name. Regression introduced in dpkg 1.19.3. * Packaging: - Update usertags. - Install a lintian profile for dpkg based on the debian profile, so that we can suppress Debian-specific tags, such as the controversial one on vendor-specific patch series files. - Add Breaks on lsb-base due to start-stop-daemon exposing breakage in the killproc function from /lib/lsb/init-functions. Closes: #923861 * Test suite: - Stop requiring (pseudo-)root in the functional test suite. - Export and move TESTDATA definition close to the PATH definition. - Quote the 'yes' command to make a comment clearer. . [ Updated programs translations ] * Dutch (Frans Spiesschaert). Closes: #924776 . [ Updated scripts translations ] * German (Helge Kreutzmann). . [ Updated man pages translations ] * Dutch (Frans Spiesschaert). Closes: #924777 * German (Helge Kreutzmann). dwww (1.13.4+nmu3) unstable; urgency=medium . * NMU * Really revert dependency changes to 1.13.4. dwww (1.13.4+nmu2) unstable; urgency=medium . * NMU * Revert dependency changes to 1.13.4. dwww (1.13.4+nmu1) unstable; urgency=medium . * NMU . [ Ondřej Nový ] * d/control: Set Vcs-* to salsa.debian.org . Closes: #924709 . [ Osamu Aoki ] * Document properly to enable CGI script. Closes: #781987, #822323 * Apply patch from Daniel Reichelt to make sleep time after each file configurable for dwww-index++. Closes: #881189 fish (3.0.2-2) unstable; urgency=medium . * Discard stderr message from systemd 241 when doing completion. (Closes: #925308) flatpak (1.2.4-1) unstable; urgency=medium . * New upstream stable release - Canonicalize XDG_RUNTIME_DIR if it's a symlink - Support device nodes for multiple Nvidia graphics cards if the proprietary driver is used - Fix a crash when certain errors occur while updating apps - Fix "flatpak list --arch" - Make "Installing %d/%d..." translatable * d/p/run-Only-compare-the-lowest-32-ioctl-arg-bits-for-TIOCSTI.patch: Drop patch, applied upstream flatpak (1.2.3-2) unstable; urgency=high . * seccomp: Reject all ioctls that the kernel will interpret as TIOCSTI, including those where the high 32 bits in a 64-bit word are nonzero. (Closes: #925541, CVE-2019-10063) fwupd (1.2.5-2) unstable; urgency=medium . * debian/gen_signing_json: Update the format of the json metadata to match new requirements: + Move all the data under a new top-level "packages" key + Add an empty "trusted_certs" key - our binaries do not do any further verification with an embedded key. fwupdate (12-4) unstable; urgency=medium . [ Steve McIntyre ] * debian/gen_signing_json: Update the format of the json metadata to match new requirements: + Move all the data under a new top-level "packages" key + Add an empty "trusted_certs" key - our binaries do not do any further verification with an embedded key. . [ Mario Limonciello ] * Install signed packages for secure boot automatically * Use a virtual package fwupdate-signed to resolve the correct package * Stop producing UEFI archive for Ubuntu signed images (LP: #1787254) gcc-8 (8.3.0-4) unstable; urgency=medium . * Update to SVN 20190326 (r269936) from the gcc-8-branch. - Fix PR tree-optimization/89546, PR target/89523 (x86), PR fortran/84394, PR fortran/66089, PR fortran/66695, PR fortran/77746, PR fortran/79485, PR libgcc/60790, PR target/89775 (S390), PR debug/88389, PR rtl-optimization/89753, PR middle-end/88273, PR fortran/71861, PR fortran/68009. * gcc-8-base: Breaks gnat-6 (<< 6.4) to ease upgrades. Closes: #924911. * Fix cross building gdc (Helmut Grohne). Closes: #925040. * Fix package descriptions for cross packages. * Fix PR jit/87808: Don't rely on the gcc driver. Let libgccjit0 depend on binutils and libgcc-dev. Closes: #911668. * Fix stripping the gcc-hppa64 package. gcc-8 (8.3.0-3) unstable; urgency=medium . * Update to SVN 20190316 (r269720) from the gcc-8-branch. - Fix PR tree-optimization/89505, PR target/89517 (AArch64), PR bootstrap/89539, PR debug/88878, PR debug/89514, PR tree-optimization/89536, PR target/88100 (PPC), PR target/89397 (x86), PR target/89361 (S390), PR c++/89212, PR fortran/89077, PR fortran/77583, PR fortran/89174, PR fortran/87689, PR fortran/84387, PR fortran/89516, PR fortran/89492, PR fortran/89266, PR fortran/88326, PR libfortran/89020, PR target/88530 (AArch64), PR target/88530 (AArch64), PR ipa/88235, PR c++/88820, PR c++/88869, PR c++/88419, PR c++/88690, PR c++/87921, PR c++/89381, PR c++/89576, PR c++/89422, PR c++/87513, PR c++/88183, PR c++/89585, PR fortran/71544, PR fortran/87734, PR fortran/71203, PR fortran/72714, PR middle-end/89572, PR target/85860, PR middle-end/89677, PR middle-end/89497, PR tree-optimization/89296, PR tree-optimization/89664, PR rtl-optimization/89588, PR lto/88147, PR target/86952 (x86), PR lto/88147, PR fortran/87673, PR c++/89383, PR lto/87525, PR other/89712, PR testsuite/85368. * Backport libgo patches for the Hurd from the trunk (Svante Signell). * Add some more breaks to libstdc++6. Closes: #866354. geogebra (4.0.34.0+dfsg1-7) unstable; urgency=medium . * Remove dependency on icedtea, which is going to be removed. * Fix jh_build options that used to randomly fail the compilation. golang-github-google-martian (2.1.0+git20181219.d0b5ad3-3) unstable; urgency=medium . * Skip flaky test (Closes: #923819) horizon (3:14.0.2-3) unstable; urgency=medium . * openstack-dashboard: Add Breaks against obsolete packages from Stretch: python-app-catalog-ui, python-designate-dashboard, python-ironic-ui, python-murano-dashboard, python-zaqar-ui (Closes: #925226). Thanks a lot to Andreas Beckmann for his report, patch and tests. ibuffer-projectile (0.2-3) unstable; urgency=medium . * Explicitly depend on elpa-dash (Closes: #924295) installation-guide (20190323) unstable; urgency=medium . [ Holger Wansing ] * Add chapter "What is the Debian Installer?" by Miguel Figueiredo; thanks for the patch. Closes: #606287 * Slight update for network configuration in 'Installing Debian GNU/Linux from a Unix/Linux System' chapter. Closes: #911020 * Some changings/removal of 'FTP' occurrences due to Debians FTP server shutdown. * Add missing installation step in chapter 3.1 (install overview). * Minor clarification on the reliability of the Debian Installer system. * Update/switch URL entities from http to https. * Add additional info for net booting on UEFI machines. Patch by Vincent McIntyre, thanks. Closes: #907837 * Convert win32-loader.exe string into a clickable link. * Remove 'Laptop' entry from table 'Disk Space Needed for Tasks' (there is no such task option in the installer anymore). * Rename a forgotten occurrence of 'aptitude' into 'apt'. * Remove a sentence which describes the old tasksel behaviour calling aptitude to allow selection of individual packages. * Correct order of modules in 'Using the installer' chapter: clock setup is after user account setup, not before. * Add debian/source/format file, to fix lintian warning. * Remove trailing whitespaces from changelog file, to fix lintian tag. * Document dark menu entry. . [ Samuel Thibault ] * control: Mark packages as multi-arch: foreign. * Document the soundcard selection prompt. . [ Updated translations ] * Danish by Joe Hansen * Dutch by Frans Spiesschaert * French by Baptiste Jammet * German by Holger Wansing * Italian by Luca Monducci * Portuguese by Miguel Figueiredo * Russian by Yuri Kozlov lemonldap-ng (2.0.2+ds-6) unstable; urgency=medium . * Add patch to fix missing userControl calls (little security fix) lemonldap-ng (2.0.2+ds-5) unstable; urgency=medium . * Fix bad build dependency: Authen::2F::Tester instead of Authen::2F * Split autopkgtests to test each library separately libfurl-perl (3.13-2) unstable; urgency=medium . * Team upload. . [ Salvatore Bonaccorso ] * Update Vcs-* headers for switch to salsa.debian.org . [ gregor herrmann ] * debian/copyright: update CPAN and GitHub URLs. * Add patch to adjust proxy tests to changes in libhttp-proxy-perl. libhttp-proxy-perl, since 0.304-4, supports IPv6, so when running on the default 'localhost', this can be 127.0.0.0/8 or ::1. Adjust the three proxy-using tests to run the proxy server explicitly on 127.0.0.1, as that's what the rest of the test code expects. (Closes: #924859) libmatio (1.5.13-3) unstable; urgency=medium . * fix-reading-vars-from-mat-v5.patch: fix regression in testsuite. Update this patch by backporting another upstream commit. Fixes test failures on some archs. libmatio (1.5.13-2) unstable; urgency=medium . * Fix security issues + fix-reading-vars-from-mat-v5.patch: new patch backported from upstream. Fixes CVE-2019-9026, CVE-2019-9027, CVE-2019-9028, CVE-2019-9029, CVE-2019-9030, CVE-2019-9031, CVE-2019-9032, CVE-2019-9033, CVE-2019-9034, CVE-2019-9035, CVE-2019-9038. + fix-printing-vars-from-mat-v5.patch: new patch backported from upstream. Fixes CVE-2019-9037. + avoid-int-mult-overflow.patch: new patch backported from upstream. Fixes CVE-2019-9036. + d/copyright: mention two files added by the latest patch. (Closes: #924185) libsys-statistics-linux-perl (0.66-3) unstable; urgency=medium . * Fix parsing linux 4.18+ diskstats (closes: #925207) lxqt-config (0.14.1-2) unstable; urgency=medium . * Fixed keyboard layout switch shortcut (Closes: #925346) matrix-synapse (0.99.2-3) unstable; urgency=medium . * Make the code querying the location of the key file actually work. Closes: #923573. * Verify the presence of TLS cert/key files. * Make sure warnings are not shown when querying configuration settings. matrix-synapse (0.99.2-2) unstable; urgency=medium . * Make sure the key file is owned by the user running synapse (Closes: #923573). * No longer enable webclient by default (Closes: #923574). * Print a warning when the server name has not been set (Closes: #923586). * Update NEWS with a note on .well-known vs SRV. nanoc (4.11.0-3) unstable; urgency=medium . * Change (build-)dependencies from ruby-fog (removed from the archive) to ruby-fog-local (Closes: #924845) node-external-editor (2.0.4+dfsg-2) unstable; urgency=medium . * Team upload . [ Paolo Greppi ] * Update Vcs fields for migration to https://salsa.debian.org/ . [ Xavier Guimard ] * Add upstream/metadata * Update debian/copyright format URL * Test: replace the use of deprecated "--compilers" by a test on generated files (fixes debci) * Use debian/clean instead of an override * Declare compliance with policy 4.3.0 node-jschardet (1.6.0+dfsg-3) unstable; urgency=medium . * Team upload * Revert "Add Multi-Arch: foreign" and bump debhelper compatibility level to 9 (See: #925235) node-jschardet (1.6.0+dfsg-2) unstable; urgency=medium . * Team upload * Add debian/clean * Use node-uglify if uglifyjs isn't available (Closes: #924807) * Bump debhelper compatibility level to 11 * Declare compliance with policy 4.3.0 * Fix VCS fields * Fix debian/copyright URL format * Switch minimal test to pkg-js-tools * Add upstream/metadata * Update lintian-overrides * Add Multi-Arch: foreign node-opencv (6.0.0+git20180416.cfc96ba0-3) unstable; urgency=medium . * Team upload . [ Xavier Guimard ] * Add dh_installexamples -Xtmp/ to make build reproductible. Thanks to Chris Lamb (Closes: #924462) . [ Utkarsh Gupta ] * Add patch to fix CVE-2019-10061 (Closes: #925571) node-timeago.js (3.0.2+dfsg-3) unstable; urgency=medium . * Team upload * Revert "Add Multi-Arch: foreign" (See: #925237) node-timeago.js (3.0.2+dfsg-2) unstable; urgency=medium . * Team upload * Switch minimal test to autopkgtest * Add upstream/metadata * Patch package.json to use unminified file * Remove build dependency to uglifyjs and use the one installed with webpack (Closes: #924809) * Declare compliance with policy 4.3.0 * Add Multi-Arch: foreign * Update homepage nwchem (6.8.1-5) unstable; urgency=medium . * Team upload * Fix clean target Closes: #924817 open-vm-tools (2:10.3.10-1) unstable; urgency=high . * [122e511] Update upstream source from tag 'upstream/10.3.10' Update to upstream version '10.3.10' with Debian dir fb12c7cfc99a9497795475c29306e78d08cc3712 - Closes: #925940 - Bugfix release for the 10.3 series. - Correct and/or improve handling of certain quiesced snapshot failures (shipped as patch in 2:10.3.5-6). - Fix some bad derefs in primary NIC gather code - Fix possible security issue with the permissions of the intermediate staging directory and path. Closes: #925959 - CONSTANT_EXPRESSION_RESULT in TimeUtil_StringToDate() Found by coverity. - Deploypkg log files of linux should not be world readable. They might contain sensitive data. - General code clean-up: - Treat local variables "len" consistently as "size_t" type in Posix_Getmntent_r() - Improve readability of error handling logic in ShrinkDoWipeAndShrink() and remove another line of dead code. - Setting "errno" to ENOENT when there is no passwd entry for the user. - Fix NULL pointer dereference and remove three lines of dead code. - Other changes/fixes, not related to Debian: - Update copyright years - Fix CentOS 7.6 detection - Include vmware/tools/log.h to define g_info (fix for SLES) - Special-case profile loading for StartProgram (Win32 only) - Changes to common source files not applicable to open-vm-tools. (Code used by other vmware tools, unrelated to open-vm-tools). - Bump up the SYSIMAGE_VERSION for VMware tools 10.3.10 . * [18de70f] Removing backported patches, shipped in 10.3.10. pbuilder (0.230.3) unstable; urgency=medium . [ Marcin Sulikowski ] * buildpackage-funcs: Fix whitespace handling in .dsc paths. MR: !4 . [ Hideki Yamane ] * createbuildenv: + Use packages from APTCACHE during debootstrap. Closes: #432088; MR: !6 * doc: + Use deb.debian.org as defalut example. MR: !5 * pbuilder.8: + Mention qemu-debootstrap as a valid --debootstrap option. MR: !7 . [ Mattia Rizzolo ] * modules: + Always call `systemctl stop` if using systemd's cgroups, preventing stray slices from being left behind. . [ James Clarke ] * buildpackage-funcs: + While setting up the cross-build env, only look at installed bin:gcc, not all available ones. + Print a useful error if GCC version detection fails. + Handle minor GCC versions and unversioned GCC dependencies. pcre2 (10.32-5) unstable; urgency=high . * Patch from Guillem Jover to only use SSE2 instructions on those i386 CPUs that support them (Closes: #925360) pkg-kde-tools (0.15.29) unstable; urgency=medium . [ Kunal Mehta ] * Replace broken alioth URLs in man pages (Closes: #905845). . [ Simon Quigley ] * Bump Standards-version to 4.1.4, no changes needed. * Run wrap-and-sort. . [ Dmitry Shachnev ] * Update Vcs fields for move to salsa.debian.org. . [ Andreas Ferber ] * dh_qmlcdeps: don't exit on first package without qmlc files (Closes: #905736). postfix (3.4.4-1) unstable; urgency=medium . [Wietse Venema] . * 3.4.2 - Bugfix (introduced: 20181226): broken DANE trust anchor file support, caused by left-over debris from the 20181226 TLS library overhaul. Scott Kitterman. File: tls/tls_dane.c. Closes: #924183 - Bugfix (introduced: Postfix-1.0.1): null pointer read, while logging a warning after a corrupted bounce log file. File: global/bounce_log.c. - Bugfix (introduced: Postfix-2.9.0): null pointer read, while logging a warning after a postscreen_command_filter read error. File: postscreen/postscreen_smtpd.c. global/bounce_log.c * 3.4.3 - Bitrot: LINUX5s support, after some sanity checks with a rawhide prerelease version. Files: makedefs, util/sys_defs.h. Closes: #922477 * 3.4.4 - Bugfix (introduced: Postfix 2.2): reject_multi_recipient_bounce has been producing false rejects starting with the Postfix 2.2 smtpd_end_of_data_restrictons, and for the same reasons, does the same with the Postfix 3.4 BDAT command. The latter was reported by Andreas Schulze. File: smtpd/smtpd_check.c. Closes: #925082 pypy (7.0.0+dfsg-3) unstable; urgency=medium . * Update watch file regex, upstream calls it pypy2.7 now. * pypycompile and pypyclean now read namespaces from /usr/share/pypy/ns (following dh_pypy). (Closes: #924676) - Breaks old pypy-backports.functools-lru-cache, using the old location. python-aioxmpp (0.10.3-3) unstable; urgency=medium . * Fix test failure due to updated Python 3.7. This applies the unreleased upstream commit 13ab00d [1]. . [1]: https://github.com/horazont/aioxmpp/commit/ 13ab00d64094b9a13d9d6984d7509bb40efb1fce . closes: #924801 python-btrfs (11-2) unstable; urgency=medium . * d/patches: Fix crash because of stray underscores (Closes: #925267) * d/patches: space-calculator: quickfix crash when using raid5 (Closes: #925271) qtspeech-opensource-src (5.11.3-3) unstable; urgency=medium . * Backport upstream change to fix volume for flite (closes: #924799). qtwebkit-opensource-src (5.212.0~alpha2-21) unstable; urgency=medium . * Add fastcall attribute to JSImageConstructor::construct method. This fixes crash on i386 (closes: #909366, #924402). Thanks Bernhard Übelacker for the patch! * Remove -fpermissive from build flags. It was wrong and not needed with the applied patch. ricochet-im (1.1.4-3) unstable; urgency=medium . * Drop useless B-D on libubsan0. (Closes: #924013) * Update Vcs-* control fields to salsa. ruby-carrierwave (1.3.1-2) unstable; urgency=medium . * Team upload * Update dependencies in d/control (Closes: #924830, #830542) * Remove unnecessary dependencies ruby-chromedriver-helper (2.1.0-7) unstable; urgency=medium . * Team upload * Add patch to remove examples using internet connection (Closes: #924125) * Update d/rules to remove usr/bin * Update d/control ruby-coveralls (0.8.22-2) unstable; urgency=medium . * Fix manpage creation during build time (Closes: #924383) * Declare compliance with Debian Policu 4.3.0 shim (15+1533136590.3beb971-6) unstable; urgency=medium . [ Steve McIntyre ] * Add Provides: and Breaks: to shim-helpers-$arch-signed to fix clashes with the old shim-signed package for fbx64.efi.signed and mmx64.efi.signed. Closes: #924619 . [ Helmut Grohne ] * Fix FTCBFS: Set CROSS_COMPILE. (Closes: #922152) shim (15+1533136590.3beb971-5) unstable; urgency=medium . [ Ansgar Burchardt ] * Correct maintainer address in signing template . [ Steve McIntyre ] * Remove Rules-Requires-Root in the signing template. We manually install things owned by root. There might be better ways to do this, but this will do for now. shim (15+1533136590.3beb971-4) unstable; urgency=medium . [ Steve McIntyre ] * No-change sourceful upload to get rebuilds (and hence build logs) from the buildds. Hoping to get this version signed by Microsoft, so let's make our setup as clean as possible. shim (15+1533136590.3beb971-3) unstable; urgency=medium . [ Philipp Hahn ] * debian/rules: fixing permissions no longer required * debian/rules: Disable ephemeral key on Debian. * Rename binary package to 'shim-unsigned' * Add template for signing {mm,fb}$ARCH.efi. (Closes: #922228) . [ Luca Boccassi ] * Override lintian error about template rules file. * Include /usr/share/dpkg/architecture.mk instead of shelling out. * Add uname.patch to avoid embedding the kernel architecture in the binary and to use a fixed string instead. . [ Steve McIntyre ] * Change maintenance address to be the EFI team * Add me and vorlon to the Uploaders list * Rename the helper binary packages to shim-helpers-$arch. * Update the signing-template JSON metadata to match new practice: + Move all the data under a new top-level "packages" key + Add an empty "trusted_certs" key - the helper binaries do not do any further verification with an embedded key. shim (15+1533136590.3beb971-2) unstable; urgency=medium . * Update debian/watch. * Update VCS to point to salsa. * Fix debian/rules syntax for arm64 build. * Enable build for i386. * Ensure DEB_HOST_ARCH is set even if not present in the environment. * Update Standards-Version. * Update debian/copyright (drop reference to file no longer in source) shim (15+1533136590.3beb971-1) unstable; urgency=medium . * New upstream release. - debian/patches/second-stage-path: dropped; the default loader path now includes an arch suffix. - debian/patches/sbsigntool-no-pesign: dropped; no longer needed. * Drop remaining patches that were not being applied. * Sync packaging from Ubuntu: - debian/copyright: Update upstream source location. - debian/control: add a Build-Depends on libelf-dev. - Enable arm64 build. - debian/patches/fixup_git.patch: don't run git in clean; we're not really in a git tree. - debian/rules, debian/shim.install: use the upstream install target as intended, and move files to the target directory using dh_install. - define RELEASE and COMMIT_ID for the snapshot. - Set ENABLE_HTTPBOOT to enable the HTTP Boot feature. - Update dh_auto_build/dh_auto_clean/dh_auto_install for new upstream options: set MAKELEVEL. - Define an EFI_ARCH variable, and use that for paths to shim. This makes it possible to build a shim for other architectures than amd64. - Set EFIDIR=$distro for dh_auto_install; that will let files be installed in the "right" final directories, and makes boot.csv for us. - Set ENABLE_SHIM_CERT, to keep using ephemeral self-signed certs built at compile-time for MokManager and fallback. - Set ENABLE_SBSIGN, to use sbsign instead of pesign for signing fallback and MokManager. sqlite3 (3.27.2-2) unstable; urgency=high . * Backport security related patches: - use unsigned integers to count the number of pages in a freelist during an integrity_check, to avoid any possibility of a signed integer overflow, - fix a crash that could occur if the RHS of an IN expression is a correlated sub-query that refers to the outer query from within a window frame definition only, - ensure that ALTER TABLE commands open statement transactions, - CVE-2019-9937: fix an fts5 problem with interleaving reads and writes in a single transaction (closes: #925290), - CVE-2019-9936: fix a buffer overread that could occur when running fts5 prefix queries inside a transaction (closes: #925289). sweethome3d (6.1.2+dfsg-2) unstable; urgency=medium . * Replace dependency on icedtea-netx-common with icedtea-netx. (Closes: #924594) sweethome3d-furniture-editor (1.24-2) unstable; urgency=medium . * Depend on icedtea-netx instead of icedtea-netx-common. - Thank you to Matthias Klose for the bug report. (Closes: #924604) sweethome3d-textures-editor (1.6-2) unstable; urgency=medium . * Depend on icedtea-netx instead of icedtea-netx-common. (Closes: #924605) - Thank you to Matthias Klose for the bug report. x2godesktopsharing (3.2.0.0-2) unstable; urgency=medium . [ Helmut Grohne ] * Fix FTCBFS: (Closes: #917894) + Add missing Build-Depends: qt5-qmake:native for lrelease. + Run the right qmake through dh_auto_configure. Run it once only. . [ Mike Gabriel ] * debian/control: + Bump Standards-Version: to 4.3.0. No changes needed. * debian/copyright: + Update auto-generated copyright.in file.