horizon (3:18.6.2-5) unstable; urgency=medium . * Add patches: - Dont_load_user_role_assignment_or_groups_tabs_for_non-admins.patch - do-not-create-volume-by-default-when-launching-instance.patch nova (2:22.0.1-2) unstable; urgency=medium . * Add depend on python3-q-text-as-data (Closes: #990705). * Do not set [glance]/api_servers http://localhost:9292 as default: let Nova figure it out from the Keystone catalogue. python2.7 (2.7.18-8) unstable; urgency=medium . [ Andreas Beckmann ] * python2.7, libpython2.7-minimal: Add Breaks: python-dev (<< 2.7.18), libpython-dev (<< 2.7.18), python-dbg (<< 2.7.18), libpython-dbg (<< 2.7.18) to remove more unversioned python packages. Add Breaks: libgcj-common (<< 1:7), libvolk1-bin (<< 2), pysycache (<< 3.1-4~), python-catkin-pkg (<< 0.4.14-2~), python-chardet (<< 3.0.4-6~), python-extras (<< 1.0.0-4~), python-fixtures (<< 3.0.0-3~), python-genpy (<< 0.6.9-2~), python-iso8601 (<< 0.1.12-2~), python-linecache2 (<< 1.0.0-4~), python-pbr (<< 5.4.5), python-pyasn1 (<< 0.4.2-4~), python-pygame (<< 1.9.6+dfsg-3~), python-pyicu (<< 2.2-3~), python-rospkg (1.1.10-2~), python-std-msgs (<< 0.5.12-2~), python-testtools (<< 2.3.0-7~), python-traceback2 (<< 1.4.0-6~), python-traitlets (<< 4.3.3-3~), python-urllib3 (<< 1.25.8-2~), python-yaml (<< 5.3.1-2~) to remove some persisting obsolete module packages along the unversioned python packages on upgrades from buster. Closes: #990520. * libpython2.7-stdlib: Breaks: ${python27:Breaks}, too. rails (2:6.0.3.7+dfsg-2) unstable; urgency=medium . * Partially revert "Update minimum version of ruby-marcel to 1.0~". * Add patch relax marcel for bullseye. rails (2:6.0.3.7+dfsg-1) unstable; urgency=high . * Upload to unstable directly. * New upstream version 6.0.3.7+dfsg. (Closes: #988214) - Prevent slow regex when parsing host authorization header. (Fixed: CVE-2021-22904) - Prevent catastrophic backtracking during mime parsing. (Fixes: CVE-2021-22902) - Prevent string polymorphic route arguments. (Fixes: CVE-2021-22885) rails (2:6.0.3.6+dfsg-2) experimental; urgency=medium . * Install @rails/actioncable node module and Provide node-rails-actioncable rails (2:6.0.3.6+dfsg-1) experimental; urgency=medium . * Team Upload * New upstream version 6.0.3.6+dfsg (upgrade Active Storage’s Marcel dependency to version 1.0.0.) Before 1.0.0, Marcel—which is distributed under the terms of the MIT License, like Rails—indirectly depended on MIME type data released under the GNU General Public License making the effective license of rails applications GPL. Marcel 1.0.0 instead directly packages MIME type data adapted from Apache Tika, released under the permissive and compatible Apache License 2.0. * Update minimum version of ruby-marcel to 1.0~ ruby2.7 (2.7.4-1) unstable; urgency=medium . * New upstream version 2.7.4. (Fixes: CVE-2021-31799 CVE-2021-31810 CVE-2021-32066) (Closes: #990815) websockify (0.9.0+dfsg1-3) unstable; urgency=medium . [ Jochen Sprickerhof ] * Fix rebind.so not found (Closes: #990359), thanks to Mike Gabriel for the bug report, and Jochen Sprickerhof for the fix.