astroid (4.1.1-1) unstable; urgency=medium . * New upstream version 4.1.1 (Closes: #1125340) * debian/control + Remove Rules-Requires-Root field + Bump Standards-Version to 4.7.3 * debian/source/lintian-overrides + Remove unused lintian override * debian/copyright + Extend debian copyright holders years babelfish (0.6.1-2) unstable; urgency=medium . * Team upload. * Use dh-sequence-python3 * Bump Standards-Version to 4.7.3, drop Priority: tag * Add debian/salsa-ci.yml * Drop python3-setuptools from build-deps, this uses Poetry * Rewrite d/watch in v5 format ca-certificates-java (20260311) unstable; urgency=medium . * Team upload . [ Bastien Roucariès ] . * Enable salsa-ci * harden logic for pkcs12 conversion . [ Arnaud Rebillout ] . * Fix conversion from pkcs12 that fail due to bashism check-patroni (2.2.0-3) unstable; urgency=medium . * Team upload. * Final Vcs location is https://salsa.debian.org/postgresql/check-patroni. (Closes: #1130482) chromium (146.0.7680.71-1) unstable; urgency=high . [ Andres Salomon ] * New upstream stable release. - CVE-2026-3913: Heap buffer overflow in WebML. Reported by Tobias Wienand - CVE-2026-3914: Integer overflow in WebML. Reported by cinzinga. - CVE-2026-3915: Heap buffer overflow in WebML. Reported by Tobias Wienand - CVE-2026-3916: Out of bounds read in Web Speech. Reported by Grischa Hauser. - CVE-2026-3917: Use after free in Agents. Reported by Syn4pse. - CVE-2026-3918: Use after free in WebMCP. Reported by Syn4pse. - CVE-2026-3919: Use after free in Extensions. Reported by Huinian Yang (@vmth6) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd - CVE-2026-3920: Out of bounds memory access in WebML. Reported by Google. - CVE-2026-3921: Use after free in TextEncoding. Reported by Pranamya Keshkamat & Cantina.xyz. - CVE-2026-3922: Use after free in MediaStream. Reported by c6eed09fc8b174b0f3eebedcceb1e792. - CVE-2026-3923: Use after free in WebMIDI. Reported by c6eed09fc8b174b0f3eebedcceb1e792. - CVE-2026-3924: Use after free in WindowDialog. Reported by c6eed09fc8b174b0f3eebedcceb1e792. - CVE-2026-3925: Incorrect security UI in LookalikeChecks. Reported by NDevTK and Alesandro Ortiz. - CVE-2026-3926: Out of bounds read in V8. Reported by qymag1c. - CVE-2026-3927: Incorrect security UI in PictureInPicture. Reported by Barath Stalin K. - CVE-2026-3928: Insufficient policy enforcement in Extensions. Reported by portsniffer443. - CVE-2026-3929: Side-channel information leakage in ResourceTiming. Reported by Povcfe of Tencent Security Xuanwu Lab. - CVE-2026-3930: Unsafe navigation in Navigation. Reported by Povcfe of Tencent Security Xuanwu Lab. - CVE-2026-3931: Heap buffer overflow in Skia. Reported by Huinian Yang (@vmth6) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd - CVE-2026-3932: Insufficient policy enforcement in PDF. Reported by Ayato Shitomi. - CVE-2026-3934: Insufficient policy enforcement in ChromeDriver. Reported by Povcfe of Tencent Security Xuanwu Lab. - CVE-2026-3935: Incorrect security UI in WebAppInstalls. Reported by Barath Stalin K. - CVE-2026-3936: Use after free in WebView. Reported by Am4deu$. - CVE-2026-3937: Incorrect security UI in Downloads. Reported by Abhishek Kumar. - CVE-2026-3938: Insufficient policy enforcement in Clipboard. Reported by vicevirus. - CVE-2026-3939: Insufficient policy enforcement in PDF. Reported by NDevTK - CVE-2026-3940: Insufficient policy enforcement in DevTools. Reported by Jorian Woltjer, Mian, bug_blitzer. - CVE-2026-3941: Insufficient policy enforcement in DevTools. Reported by Lyra Rebane (rebane2001). - CVE-2026-3942: Incorrect security UI in PictureInPicture. Reported by Barath Stalin K. * d/rules: update rustc version string for new upstream expectations of no spaces. * d/patches: - upstream/disable-unrar.patch: drop, merged upstream. - disable/signin.patch: drop part of the patch. This patch should be reviewed in the future and coordinated w/ ungoogled-chromium, since it originally came from them. - disable/glic.patch: add a bunch more glic removals. - disable/license-headless-shell.patch: refresh. - disable/unrar.patch: refresh. - system/rollup.patch: refresh. - bookworm/foreach.patch: refresh. - ungoogled/disable-privacy-sandbox.patch: sync from ungoogled-chromium. - disable/catapult.patch: update to remove some more catapult deps. - fixes/force-rust-nightly.patch: drop, no longer needed. - llvm-22/ignore-for-ubsan.patch: add a build fix for a compiler flag/feature added to llvm-23. - fixes/bytemuck.patch: add rust build fix in bytemuck. - llvm-19/clang-19-crash.patch: add build fix; delete code that makes clang-19++ crash. - llvm-19/keyfactory.patch: add build fix for what I suspect is a clang-19 issue. - loongarch64/0018-fix-study-crash.patch: refresh. - ppc64le/breakpad/0001-Implement-support-for-ppc64-on-Linux.patch: refresh. - ppc64le/fixes/fix-study-crash.patch: refresh. - llvm-19/clone-traits.patch: add patch to remove a static assertion. - llvm-19/octal.patch: add patch to work around 0o666 vs 0666 support. - upstream/profile.patch: add header inclusion build fix from upstream. - trixie/value-or.patch: move to llvm-19/ directory & also add another place that clang-19 gets confused during build. - rust-1.85/jxl-features.patch: refresh [trixie, bookworm]. - rust-1.85/jxl-simd-avx512.patch: update for (numerous) upstream changes, and added unsafe{} blocks to the macro definitions to shrink this patch in the future [trixie, bookworm]. - fixes/missing-dep.patch: add patch for dependency-related build failure that only happens sometimes. . [ Timothy Pearson ] * d/patches/ppc64le: - third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh for upstream changes - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for upstream changes . [ Daniel Richard G. ] * d/patches: - disable/lint.patch: New patch to disable CSS/JS linting tools. - bookworm/node18-compat.patch: New patch to fix various compatibility issues with nodejs 18 [bookworm]. - trixie/gn-len.patch: Zap another instance of len() for older GN [trixie, bookworm]. debmutate (0.82) unstable; urgency=medium . * Add support for watch format v5. django-modeltranslation (0.20.2-1) unstable; urgency=medium . * Team upload. * New upstream release. * Drop "Rules-Requires-Root: no", default as of dpkg-dev 1.22.13. * Drop "Priority: optional", default as of dpkg-dev 1.22.13. * Standards-Version: 4.7.3. exchange-calendars (4.13.2-1) unstable; urgency=medium . * New upstream release. * Skip minute-resolution tests on riscv64 to avoid autopkgtest timeout. (Closes: #1127661) * Reduce the number of skipped tests. flux-led (1.2.0-2) unstable; urgency=medium . * Team upload. * Add versioned dependency on latest python3-webcolors flux-led (1.2.0-1) unstable; urgency=medium . * Team Upload * New upstream version 1.2.0 (Closes: #1129874) * Switch to pybuild-plugin-pyproject * Add build-dep on python3-pytest-asyncio * Add debian/salsa-ci.yml * Bump Standards-Version to 4.7.3, drop Priority: tag * Drop "Rules-Requires-Root: no": it is the default now * Rename file under debian/ for debhelper 15 compatibility * Rewrite d/watch as v5 format * Rewrite d/rules in newer & shorter syntax * Drop old patch gcc-16-cross (7) unstable; urgency=medium . * Pass configure flags for libgcobol cross builds. gcc-16-cross (6) unstable; urgency=medium . * Build using gcc 16-20260307-1. gcc-16-cross (5) experimental; urgency=medium . * Build using gcc 16-20260208-1. * Fix building on architecture variants. gcc-16-cross (3) experimental; urgency=medium . * Build using gcc 16-20260203-2. * Fix installation of stage0 packages. * Unset DEB_HOST_ARCH_VARIANT when calling dpkg-buildflags for the target. Setting a variant without looking at the architecture is broken. See LP: #2138929. * Stop building s390x multilib packages. * Bump standards version. gcc-16-cross (2) experimental; urgency=medium . * Build using gcc 16-20260119-1. * Update debian/packages.invalid-s390x for GCC 16. * In a staged build, build libxml2 for the target first, needed for libgcobol. Embed the library in the libgcobol binary and mark it with Built-Using: libxml2. gcc-16-cross (1) experimental; urgency=medium . * Build using gcc 16-20251214-1. * Build liblsan and libtsan packages for s390x. golang-github-envoyproxy-go-control-plane (0.13.2-2) unstable; urgency=medium . * debian/control: added dependency needed for dh-golang-autopkgtest. (Closes: #1130464) * debian/rules: skip TestLinearConcurrentSetWatch due to it timeouts on some test environment. (Closes: #1129875) golang-github-envoyproxy-go-control-plane (0.13.2-1) unstable; urgency=medium . * debian/watch: switch to version 5. * New upstream version 0.13.2 * debian/control: update dependency. Drop build-deps on golang-github- census-instrumentation-opencensus-proto-dev due to dead upstream. (Closes: #1129575) golang-gopkg-square-go-jose.v2 (2.6.3-4) unstable; urgency=medium . * Team upload * Upload to unstable * Fix typo 'pacakge' in rename-to-square.patch . golang-gopkg-square-go-jose.v2 (2.6.3-4~exp0) experimental; urgency=medium . * Team upload. * Avoid pristine-tar (broken since 2.6.0) * Fix watch file URL * Add gopkg.in/go-jose symlink (Closes: #1130066) * Standards-Version: 4.7.3 * Drop Priority: optional * Drop Rules-Requires-Root: no * Bump debian/* copyright years golang-gopkg-square-go-jose.v2 (2.6.3-4~exp0) experimental; urgency=medium . * Team upload. * Avoid pristine-tar (broken since 2.6.0) * Fix watch file URL * Add gopkg.in/go-jose symlink (Closes: #1130066) * Standards-Version: 4.7.3 * Drop Priority: optional * Drop Rules-Requires-Root: no * Bump debian/* copyright years isc-kea (3.0.2-3) unstable; urgency=medium . * d/control: replace libboost-system-dev with libboost-numpy-dev (Closes: #1127214) * d/patches: fix build for boost 1.90 (Closes: #1129820) langtable (0.0.70-1) unstable; urgency=medium . * Team upload. * New upstream release. libarray-iterator-perl (0.136-1) unstable; urgency=medium . * Team upload. . [ Samuel Young ] * New upstream version 0.136. * Declare compliance with Debian Policy 4.7.3. * Remove <>, which is the current default. * Remove <>, which is the current default. . [ gregor herrmann ] * Update debian/upstream/metadata. libbusiness-isbn-perl (3.013-1) unstable; urgency=medium . * Team upload. * New upstream version 3.013. * Update upstream copyright. * Declare compliance with Debian Policy 4.7.3. * Remove <>, which is the current default. * Remove <>, which is the current default. * Update homepage URL. libcpan-audit-perl (20260308.002-1) unstable; urgency=medium . * Import upstream version 20260308.002. * Make test and runtime dependency on libcpansa-db-perl versioned. * Update years of upstream and packaging copyright. * Declare compliance with Debian Policy 4.7.3. libdata-alias-perl (1.30-1) unstable; urgency=medium . * Team upload. * New upstream version 1.30. libzonemaster-ldns-perl (5.0.2+ds-1) unstable; urgency=medium . [ gregor herrmann ] * Use Metacpan template in debian/watch. . [ Étienne Mollier ] * Import upstream version 5.0.2+ds. * Declare compliance with Debian Policy 4.7.3. * fix-pod-conversion-message.patch: new: ditto. linux (6.19.6-2) unstable; urgency=high . * apparmor: validate DFA start states are in bounds in unpack_pdb * apparmor: fix memory leak in verify_header * apparmor: replace recursive profile removal with iterative approach * apparmor: fix: limit the number of levels of policy namespaces * apparmor: fix side-effect bug in match_char() macro usage * apparmor: fix missing bounds check on DEFAULT table in verify_dfa() * apparmor: Fix double free of ns_name in aa_replace_profiles() * apparmor: fix unprivileged local user can do privileged policy management * apparmor: fix differential encoding verification * apparmor: fix race on rawdata dereference * apparmor: fix race between freeing data and fs accessing it mkdocs-get-deps (0.2.0-3) unstable; urgency=medium . * Team Upload * Rebuild against today's dh-python to drop the alternative dependency on python3-importlib-metadata * Add debian/salsa-ci.yml * Drop "Rules-Requires-Root: no": it is now the default * Bump Standards-Version to 4.7.3, drop Priority: tag mpdecimal (4.0.1-6) unstable; urgency=medium . * Team upload. * libmpdec++-dev depends libmpdec-dev Closes: #1127463 * Add Vcs fields * Secure URI in Homepage, Source and d/copyright format * d/watch: version=5 * cme fix dpkg-control * add debian/salsa-ci.yml to permit blhc failures netcat-openbsd (1.234-2) unstable; urgency=medium . [ Nicolas Le Cam ] * Add ability to override Makefile LIBS variable. . [ Guilhem Moulin ] * Refresh d/patches to fix FTBFS. * d/README.source: Set $NETCAT_VERSION to the highest version number among all source files. * d/p/set-TCP-MD5SIG-correctly-for-client-connections.patch: Fix buffer overread in set_common_sockopts(). * d/copyright: Update Source URL. (Closes: #1129576) * d/control: Remove `Rules-Requires-Root: no`. * Update Standards-Version to 4.7.3 (no changes necessary). node-foreground-child (4.0.3-1) unstable; urgency=medium . * New upstream version 4.0.3 * Update control fields * Switch to tshy * Now Blue Oak Model License * Update salsa-ci.yml, watch node-js-sdsl (4.1.4-4) unstable; urgency=medium . * Team upload * Fix build for modern typescript. Closes: #1090014. node-js-sdsl (4.1.4-3) unstable; urgency=low . [ Yadd ] * Team upload * Set upstream metadata fields: Repository-Browse * Update standards version to 4.6.2, no changes needed . [ Ying-Chun Liu (PaulLiu) ] * Update ttypescript version from 1.5.13 to 1.5.15 (Closes: #1058553) node-js-sdsl (4.1.4-2) unstable; urgency=medium . [ Debian Janitor ] * Apply multi-arch hints. + node-js-sdsl: Add Multi-Arch: foreign. node-js-sdsl (4.1.4-1) unstable; urgency=low . [ Edward Betts ] * Correct homepage URL . [ Ying-Chun Liu (PaulLiu) ] * New upstream version 4.1.4 node-js-sdsl (4.1.3-1) unstable; urgency=medium . * Team upload * Breaks: node-number-allocator < 1.0.11~ * Update homepage * New upstream version 4.1.3 * Back to unstable node-js-sdsl (4.0.3-1) experimental; urgency=medium . * Team upload * Declare compliance with policy 4.6.1 * Download from source not npm registry!!! * New upstream version 4.0.3 * Build with typescript * Update test node-js-sdsl (2.1.4-2) unstable; urgency=medium . * Team upload * Trim trailing whitespace * Source-only upload to allow migration node-js-sdsl (2.1.4-1) unstable; urgency=low . * Initial release (Closes: #1005240) node-resolve-import (1.4.6+~3.0.1-1) unstable; urgency=medium . * New upstream version node-resolve-import (1.4.1+~3.0.1-2) unstable; urgency=medium . * Sourcefull upload node-resolve-import (1.4.1+~3.0.1-1) unstable; urgency=medium . * Initial release (Closes: #1129704) node-trust-webcrypto (0.9.2-2) unstable; urgency=medium . * Team upload . [ Debian Janitor ] * Bump debhelper from old 9 to 12. * Set debhelper-compat version in Build-Depends. * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository. * Set upstream metadata fields: Repository. * Update standards version to 4.5.0, no changes needed. * Set upstream metadata fields: Repository-Browse. . [ Alexandre Detiste ] * refresh d/copyright-check . [ Yadd ] * Bump debhelper compatibility level to 13 * Declare compliance with policy 4.7.3 * Drop "Rules-Requires-Root: no" * Enable real autopkgtest using dh-sequence-nodejs * Add patch for OpenSSL 3 (Closes: #1002262) node-trust-webcrypto (0.9.2-1) unstable; urgency=medium . * Add patch 2002 ti skip tests failing with mocha 4.1.0. node-trust-webcrypto (0.9.2-1~exp1) experimental; urgency=low . * Initial release. Closes: Bug#921303. node-tshy (1.18.0-1) unstable; urgency=medium . * New upstream version node-tshy (1.11.0-1) unstable; urgency=medium . * New upstream version node-tshy (1.8.2-1) unstable; urgency=medium . * New upstream version node-tshy (1.3.0-1) unstable; urgency=medium . * New upstream version node-tshy (1.0.0-4) unstable; urgency=medium . * Add manpage node-tshy (1.0.0-3) unstable; urgency=medium . * Bug fix: "Bad dependency to node-typescrip, should be node-typescript", thanks to Yadd (Closes: #1129625). * Add salsa-ci * Bug fix: "autopkgtest test fails", thanks to Yadd (Closes: #1129628). tshy does not yet self build. node-tshy (1.0.0-2) unstable; urgency=medium . * Source full upload node-tshy (1.0.0-1) experimental; urgency=medium . * Initial release (Closes: #1128810) node-uvu (0.5.6+~cs4.10.4-5) unstable; urgency=medium . [ Jérémy Lal ] * Drop useless test_modules/esm * Update salsa-ci.yml * Fix commonjs case. Closes: #1123408. * Modernize rules . [ Xavier Guimard ] * Declare compliance with policy 4.7.3 * Drop "Rules-Requires-Root: no" * debian/watch version 5 octave-image (2.20.0-1) unstable; urgency=medium . * New upstream version 2.20.0 * d/s/lintian-overrides: Add override for Lintian warning debian-watch-lacks-sourceforge-redirector octave-optim (1.6.3-1) unstable; urgency=medium . * New upstream version 1.6.3 * d/watch: Fix Matching-Pattern URL * Drop patch (applied upstream): + d/p/octave7.patch + d/p/remove-Makefile-in-distclean-rule.patch + d/p/octave10.patch * d/s/lintian-overrides: + Drop unused override for debian-watch-lacks-sourceforge-redirector + Adjust overrides for Lintian warning source-is-missing pgsentinel (1.4.1-1) unstable; urgency=medium . * New upstream version 1.4.1. pikepdf (10.5.0+dfsg-1) unstable; urgency=medium . * New upstream release. pox (0.3.7-1) unstable; urgency=medium . * Team upload. * New upstream release. pybtex (0.25.1-2) unstable; urgency=medium . * Team upload. * Rebuild against today's dh-python to drop the alternative dependency on python3-importlib-metadata * Add debian/salsa-ci.yml * Drop "Rules-Requires-Root: no": it is the default now * Bump Standards-Version to 4.7.3, drop Priority: tag * Rewrite d/watch in v5 format pykoplenti (1.5.0-1) unstable; urgency=medium . * New upstream release. * Upstream switched build system to hatchling. * Remove 'Priority: optional', now the default. * Update Standards-Version. * Update copyright year. pylint (4.0.5-1) unstable; urgency=medium . * Team upload. * New upstream version 4.0.5 * debian/copyright + Fix old FSF address * debian/control + Remove redundant Priority and Rules-Requires-Root fields + Update standards version to 4.7.3 + Bump python3-astroid to 4.1.1 * debian/patches + Add bump-astroid-4.1.1.patch + Update tests outputs to work with new astroid (Closes: #1129892) pytables (3.11.1-1) unstable; urgency=medium . * New upstream release. * debianpatches: - Drop 0008-Fix-blosc2-loading.patch, applied upstream- - Refresh remaining patches. python-electrum-ecc (0.0.7+ds-1) unstable; urgency=medium . * New upstream version. * Update control file to new standards: - Bump standards version to 4.7.3, remove redundant priority tag. * Update copyright file: - Fix trailing in removed directory inside copyright file. - Update year for copyright holders. * Override PGP key related lintian tag with a source lintian-overrides. python-mkdocs (1.6.1+dfsg1-3) unstable; urgency=medium . * Team Upload * Rebuild against today's dh-python to drop the alternative dependency on python3-importlib-metadata * Apply Multi-Arch: hint * Disable one more Salsa CI job * Drop "Rules-Requires-Root: no": it is the default now * Bump Standards-Version to 4.7.3, drop Priority: tag python-ohme (1.7.0-1) unstable; urgency=medium . * New upstream release. python-ohme (1.6.0-1) unstable; urgency=medium . * Initial release. (Closes: #1130034) python-virtualenv (21.2.0+ds-1) unstable; urgency=medium . * New upstream release. * Refresh patches. * Build-Depend on python3-discovery. ruby-bcrypt (3.1.21-1) unstable; urgency=medium . [ Lucas Nussbaum ] * debian/gbp.conf: Add for DEP-14 * debian/.gitattributes: remove * debian/salsa-ci.yml: use team-specific include . [ Simon Quigley ] * Team upload. * New upstream release. * Update Standards-Version to 4.7.3, no changes needed. rust-futures-io (0.3.32-1) unstable; urgency=medium . * Team upload. * Package futures-io 0.3.32 from crates.io using debcargo 2.8.2 rust-ratatui-core (0.1.0-2) unstable; urgency=medium . * Upload to unstable rust-ratatui-core (0.1.0-1) experimental; urgency=medium . * Package ratatui-core 0.1.0 from crates.io using debcargo 2.7.11 * Initial release (Closes: #1128231) samba (2:4.23.6+dfsg-2) unstable; urgency=medium . * samba-bgqd.service: ship a unit file, but not auto-enable it * d/rules: do not enable nmbd by default * d/control: drop libnss-winbind & libpam-winbind from samba-ad-dc:Recommends (Closes: #1130068) trove-classifiers (2026.1.14.14-1) unstable; urgency=medium . * Team upload. * New upstream release. vera++ (1.3.0-2) unstable; urgency=medium . * Team upload. * [38799a9] fix(debian): support Boost 1.90 (Closes: #1127295) * [7bee01e] chore(debian): update standards and patch metadata * [342f260] test(debian): add autopkgtests webcolors (25.10.0-4) unstable; urgency=medium . * Also Breaks: weechat-matrix webcolors (25.10.0-3) unstable; urgency=medium . * Add 'Breaks: python3-flux-led (<= 1.2.0)' to unstuck migration webcolors (25.10.0-2) unstable; urgency=medium . * Enable autopkgtest-pkg-pybuild webcolors (25.10.0-1) unstable; urgency=medium . * New upstream version 25.10.0 * Replace python3-setuptools with python3-pdm-backend for building * Add build-dependency on python3-pytest * Add debian/upstream/metadata weechat-matrix (0.3.0-3.4.) unstable; urgency=medium . * Non-maintainer upload. * Fix compatibility with new "webcolors" (Closes: #1129917) * Trim previous NMU patch, python3-future has been dropped completely. * Drop "Rules-Requires-Root: no": it is the default now * Bump Standards-Version to 4.7.3, drop Priority: tag * Add debian/salsa-ci.yml * Rename file under debian/ for debhelper 15 compatibility . [ Kyle Robbertze ] * Move to DEP-14 REMOVED: octave-brain2mesh 0.7.9-3 REMOVED: hyperkitty 1.3.12-3 REMOVED: mailman-hyperkitty 1.2.1-3 REMOVED: robot-detection 0.4.0-4 REMOVED: mailman-suite 0+20240312-2 REMOVED: mailman3 3.3.10-2 REMOVED: octave-iso2mesh 1.9.8+ds-2