accounts-qml-module (0.7.1+git20231028.05e79eb-2) unstable; urgency=medium
 .
   [ Ratchanan Srirattanamet ]
   * debian/patches:
     + Update 1001-cmake-support.patch. Fix linking against
       libsignon-qt[56].so.1.

adns (1.6.2-3) unstable; urgency=medium
 .
   * Attempt to fix autopkgtest or at least debug it.
adns (1.6.2-2) unstable; urgency=medium
 .
   * Fix symbols file to refer consistently to 1.5.0~.  Closes: #1137222.
   * Mark libadns1-dev Multi-Arch: same.
   * Use Salsa CI pipeline.
   * Add an autopkgtest.

aevol (9.4.0-1) unstable; urgency=medium
 .
   * Adapt autopkgtest to new upstream version
     Closes: #1131937
   * Its known that the package does not build on 32 bit architectures
     but Build-Depends from architecture-is-64-bit to not even try
   * Do not build on i386 in Salsa CI
   * cme fix dpkg-control
   * Revert change of lintian-brush which broke references in upstream metadata
   * Remove `Rules-Requires-Root: no` which is default now
   * New upstream version
   * Set upstream metadata fields: Repository, Repository-Browse.
   * Build-Depends: libgmock-dev
   * Add nocheck profile for build time test dependencies
aevol (9.3.0-1) unstable; urgency=medium
 .
   * Team upload.
   * New upstream version
   * d/watch: version=5
   * Drop libboost-system-dev from Build-Depends
     Closes: #1127160
   * Standards-Version: 4.7.3 (routine-update)
   * Remove Priority field to comply with Debian Policy 4.7.3 (routine-
     update)
   * Reorder Files paragraphs in debian/copyright by directory depth.
   * Use secure URI in Homepage field.
   * Remove duplicate values for fields Author, Author, Author, Entry, Entry,
     Name, Title in debian/upstream/metadata.
   * Build-Depends: cmake, nlohmann-json3-dev, googletest, libgtest-dev
   * d/copyright: No need to remove files any more
aevol (5.0+ds-4) unstable; urgency=medium
 .
   * Team upload.
   * d/control: migrate to mpi-default-dev. (Closes: #1088626)
   * d/watch: upstream forge moved to gitlab.inria.fr.
   * d/control: declare compliance to standards version 4.7.0.
aevol (5.0+ds-3) unstable; urgency=medium
 .
   [ Andreas Tille ]
   * Team upload.
   * Do not call AM_INIT_AUTOMAKE twice
     Closes: #998479
   * Standards-Version: 4.6.0 (routine-update)
 .
   [ Étienne Mollier ]
   * Remove now unneeded maintainer manual pages.
   * Add groff-message.patch to fix multiple typos in the comment marker '.\"'.
aevol (5.0+ds-2) unstable; urgency=medium
 .
   * Team upload.
   * Standards-Version: 4.5.1 (routine-update)
   * debhelper-compat 13 (routine-update)
   * Add salsa-ci file (routine-update)
   * Rules-Requires-Root: no (routine-update)
aevol (5.0+ds-1) unstable; urgency=medium
 .
   * Team upload.
   * Strip m4 files and once at stripping unnneded autogenerated files
     from automake
     Closes: #933628
   * Build-Depends: libopenmpi-dev
   * Build-Depends: autoconf-archive
   * Remove debug code from autopkgtest
aevol (5.0-3) unstable; urgency=medium
 .
   * Team upload.
 .
   [ Jelmer Vernooij ]
   * Use secure copyright file specification URI.
 .
   [ Andreas Tille ]
   * Add copyright for src/libaevol/SFMT-src-1.4
   * debhelper-compat 12
   * Standards-Version: 4.4.0
 .
   [ Saira Hussain ]
   * Add autopkgtest
aevol (5.0-2) unstable; urgency=medium
 .
   * Team upload.
   * debhelper 11
   * Point Vcs fields to salsa.debian.org
   * Standards-Version: 4.2.1
aevol (5.0-1) unstable; urgency=medium
 .
   * Team upload.
   * New upstream version
   * Moved packaging from SVN to Git
   * Fixed watch file
   * debhelper 10
   * Standards-Version: 4.1.0 (no changes needed)
   * Add missing libboost Build-Depends
   * hardening=+all
   * Unique license name
aevol (4.4-1) unstable; urgency=low
 .
   * New upstream version
aevol (4.3-1) unstable; urgency=low
 .
   * New upstream version
   * Bumped Standards-Version to 3.9.5 (no changes needed)
aevol (4.2-1) unstable; urgency=low
 .
   * Initial release (Closes: #718887)

aiocache (0.12.3-3) unstable; urgency=medium
 .
   * Team upload.
   * Maintain in Debian Python Team
   * d/watch:
      - version=5
      - Point to Github instead of PyPI
   * d/copyright: Files: debian/* stanza
   * Standards-Version: 4.7.4 (Removed Priority field)
   * Strip code examples from long description

aiomcache (0.8.2-2) unstable; urgency=medium
 .
   * Team upload.
   * Maintain in Debian Python Team
   * Standards-Version: 4.7.4 (Removed Priority field)
   * d/watch:
      - version=5
      - Point to Github instead of PyPI
   * Capitalisation for Python
   * d/copyright: Files: debian/* stanza

asf-search (12.2.2-1) unstable; urgency=medium
 .
   * New upstream release.

ayatana-ido (0.10.4-1.1) unstable; urgency=medium
 .
   * Non-maintainer upload
   * d/control: Build-depend on dh-sequence-gir.
     Without this (or its imperative equivalent, `dh --with gir` or
     `dh_girepository`), ${gir:Depends} and similar substvars won't be
     populated. (Closes: #1132395)
   * d/control: Add ${gir:Depends} to libayatana-ido3-dev instead of
     hard-coding.
     This avoids mistakes, and will make it easier to implement the <!nogir>
     build-profile at a later date, if desired.
   * d/control: Add ${gir:Provides} to -dev package.
     This ensures that it will provide the appropriate systematic name
     derived from its .gir file, and signals that it was not built with
     GObject-Introspection disabled (which is not currently set up,
     but could be added later via the nogir build-profile).
   * d/control: Explicitly build-depend on gir1.2-gtk-3.0-dev.
     This virtual package name can be mechanically derived from the
     use of --include=Gtk-3.0 in the build system. It ensures that the
     build-dependencies will be unsatisfiable if GTK was built with the
     nogir build-profile during bootstrapping.
   * d/control: Drop build-dependency on libgirepository1.0-dev.
     This transitional package can't be
     multi-arch/cross-compilation-friendly. Since trixie, a B-D on
     gobject-introspection (>= 1.80) and the gir1.2-*-dev packages used
     by this particular package is preferred.
     (Closes: #1118788)
   * d/control: Make libayatana-ido3-dev Multi-Arch: same
     (Closes: #1132397)

bwidget (1.10.1-4) unstable; urgency=medium
 .
   * Make the bwidget binary package multi-arch foreign.
   * Fix trailing spaces in the changelog.
   * Bump version in debian/watch to 4.
   * Bump standards version to 4.7.4.

cppheaderparser (2.7.4+ds-1) unstable; urgency=low
 .
   * Initial release (Closes: #1137231)

dask-image (2026.5.0+ds-1) unstable; urgency=medium
 .
   [ Antonio Valentino ]
   New upstream release (Closes: #1131052).
   * debian/patches:
     - Drop 0002-Fix-installed-packages.patch, applied upstream.
   * debian/control:
     - Recommend python3-pandas.
 .
   [ Bas Couwenberg ]
   * Bump Standards-Version to 4.7.4, no changes.

davical (1.1.13-2) unstable; urgency=medium
 .
   * fix Debian autopkgtest / CI: prevent caching of phpunit results, like we
     do already for "make test"
davical (1.1.13-1) unstable; urgency=medium
 .
   [ Andrew Ruthven ]
   * New upstream release (Closes: #1040996, #1054143)
 .
   [ Florian Schlichting ]
   * Acknowledge NMUs by David Prévot - thank you! (closes: #1121419)
   * Depend on AWL 0.65
   * Update copyright years
   * Drop redundant "Priority: optional" and "Rules-Requires-Root: no" fields
     in debian/control
   * Update Doxyfile using "doxygen -u"
   * Add graphviz to Build-Depends, our doxygen config needs "dot"
   * Update debian/watch to version 5 (Gitlab template)
   * Declare compliance with Debian Policy 4.7.4
davical (1.1.12-2.3) unstable; urgency=medium
 .
   * Non-maintainer upload
   * No change upload for the reproducible effort
davical (1.1.12-2.2) unstable; urgency=medium
 .
   * Non-maintainer upload
   * Update latest patch to PHPUnit 12 syntax (Closes: #1099659)
davical (1.1.12-2.1) unstable; urgency=medium
 .
   * Non-maintainer upload
   * Add support for PHPUnit 10 (Closes: #1039746)
davical (1.1.12-2) unstable; urgency=medium
 .
   * Cherry-pick two bug fixes from upstream:
     + use "." to concatenate strings, not "+" (gitlab #288)
     + Add a missing space to a SQL statement to fix adding groups (gitlab #294)
davical (1.1.12-1) unstable; urgency=medium
 .
   [ Debian Janitor ]
   * Remove constraints unnecessary since buster (oldstable):
     + Remove 1 maintscript entries from 1 files.
 .
   [ Florian Schlichting ]
   * New upstream release
   * Depend on AWL 0.64
   * Update copyright years
   * Declare compliance with Debian Policy 4.6.2
   * Update lintian overrides (.txt is not necessarily documentation)
davical (1.1.11-1) unstable; urgency=medium
 .
   * New upstream release(closes: #1004285, #1004393)
   * Depend on AWL 0.63
   * Update copyright years
   * Declare compliance with Debian Policy 4.6.1
davical (1.1.10-1) unstable; urgency=medium
 .
   * New upstream release (closes: #703388)
   * Depend on AWL 0.62
   * Bump debhelper compat to level 13 (no changes necessary)
   * Bump d/watch to version 4 (no changes necessary)
   * Update copyright years
   * Add Rules-Requires-Root: no
   * Declare compliance with Debian Policy 4.5.1
davical (1.1.9.3-1.1) unstable; urgency=high
 .
   * Non-maintainer upload.
   * Stop using rst2pdf that might not be in bullseye. (Closes: #962653)
davical (1.1.9.3-1) unstable; urgency=medium
 .
   * New upstream release to support AWL 0.61
   * Restore rst2pdf dependency removed in 1.1.9.2
   * Use d/davical.maintscript instead of individual calls to rm_conffile
   * Amend d/upstream/metadata (add Bug-Database)
   * Update copyright years
   * Declare compliance with Debian Policy 4.5.0
davical (1.1.9.2-1) unstable; urgency=medium
 .
   * New upstream release (closes: #934106)
     + fixes CVE-2019-18345 CVE-2019-18346 CVE-2019-18347 (closes: #946343)
   * Drop dependency on rst2pdf to clear the blocker for testing migration
   * Use debian-compat dependency, level 12
   * Put API documentation into davical directory (instead of davical-doc), as
     has been suggested by policy for a while
   * Fix capitalization on Vcs- fields
   * Declare compliance with Debian Policy 4.4.1
   * Add a basic upstream metadata file, as suggested by the Debian Janitor
davical (1.1.8-1) unstable; urgency=medium
 .
   * New upstream release
   * Update debian/watch to changed Gitlab directory layout
   * Use system perl in dba/update-davical-database
   * Bump dependency on AWL to 0.60
   * Update copyright years
   * Declare compliance with Debian Policy 4.3.0
davical (1.1.7-1) unstable; urgency=medium
 .
   * New upstream release
   * Bump dependency on AWL to 0.59
   * Declare compliance with Debian Policy 4.1.3
   * Update lintian-overrides
davical (1.1.6-1) unstable; urgency=medium
 .
   * New upstream release (closes: #704069, #784282, #856467)
   * Update debian/watch to match changed Gitlab download URLs
   * Update debian/rules to use dpkg variables instead of parsing
     dpkg-parsechangelog output
   * Update debian/control: Priority is optional, not extra (obsolete)
   * Declare compliance with Debian Policy 4.1.1
davical (1.1.5-1) unstable; urgency=medium
 .
   * New upstream release (closes: #703130, #703138, #703342)
   * Separate rebuild-translations and building locale/*po files. This should
     make davical builds reproducible.
   * Ship davical-cli in /usr/share/davical/scripts
   * Use secure URIs where possible
   * Bump years on debian/copyright
   * Bump dependency on libawl-php to 0.57
   * Make extra sure that the orig-source tarball does not contain any cruft
   * Install example configs as /etc/davical/config.php and
     /etc/apache2/sites-available/davical.conf
   * Use jdupes to remove duplicate files in davical-doc
   * Mark davical-doc "Multi-Arch: foreign" as suggested by the Multiarch
     hinter
   * Override erroneous lintian errors
davical (1.1.4-3) unstable; urgency=medium
 .
   * Add missing dependency on php-xml, which is a separate package from PHP 7
davical (1.1.4-2) unstable; urgency=medium
 .
   * Update to work with both php5 and php7, mainly based on the Ubuntu patch
     by Nishanth Aravamudan (thanks!). Closes: #821673, #821477
   * Declare compliance with Debian Policy 3.9.8
davical (1.1.4-1) unstable; urgency=medium
 .
   * New upstream release (closes: #703128, #703294, #703287, #656020, #764915)
   * Ship all config examples and user documentation, but remove website
     references since it was moved to its own git repository.
   * Don't run make / make built-docs during package build to avoid nasty
     surprises; files should be up-to-date in git anyway
   * Purge /etc/davical/.keep directory
   * Clean source tree before creating orig-source tarball
davical (1.1.3.1-1) unstable; urgency=medium
 .
   * fix a critical typo in htdocs/always.php
davical (1.1.3-1) unstable; urgency=low
 .
   [ Andrew McMillan ]
   * New upstream release (closes: #656395, #702403, #703290, #703383, #703387,
     #740827)
   * Updated the control file Vcs-* fields to the new addresses of the
     canonical git upstream repository.
   * Removed README.Debian which didn’t contain any useful information.
 .
   [ Florian Schlichting ]
   * Takeover for the Davical Development Team (closes: #742498)
   * Use short-form debian/rules and fix source format declaration
     (closes: #730941)
   * Clean up duplicate files (symlink identical files in api documentation)
   * debian/control: update and sort dependencies, add php5, php5-cli
     (closes: #717043), php5-curl to Recommends (closes: #656390),
     php5-ldap as Suggests (LP: #479378)
   * Add doc-base registration for api doc and website in davical-doc
   * Add a README.Debian explaining the necessary steps for a basic
     installation
   * Bump dh compat to level 9
   * Add a debian/watch file
   * Switch d/copyright to copyright-format 1.0, amend CREDITS from git log
   * Bump dependency on awl to 0.55
   * Declare compliance with Debian Policy 3.9.6
   * Upload to Debian (closes: #726577)
davical (1.1.1-1) unstable; urgency=high

  * New upstream release (closes:#656392)

davical (1.1.0-1) unstable; urgency=low

  * New upstream release
  * New release to Debian (closes:#668980, #661985).

davical (1.0.2-1) unstable; urgency=low

  * New upstream release.
  * New release to Debian (closes:#643809, #618957).

davical (0.9.9.7-1) unstable; urgency=low

  * New upstream release.

davical (0.9.9.6-1) unstable; urgency=low

  * New upstream release (closes:#628566,#619513,#619477,#619515,#641591)
  * Switch to dpkg-source 3.0 (native) format

davical (0.9.9.5-1) unstable; urgency=low

  * New upstream release (closes:#610612, #639262)

davical (0.9.9.4-1) unstable; urgency=low

  * New upstream release
  * Run update-davical-database in postinst (closes: #578357)
  * Remove ancient references to rscds package.

davical (0.9.9.3-0) unstable; urgency=low

  * New upstream release

davical (0.9.9.2-0) unstable; urgency=low

  * New upstream release

davical (0.9.9-0) unstable; urgency=low

  * New upstream release (closes: #508673, #573687)

davical (0.9.8.4-0) unstable; urgency=low

  * New upstream release

davical (0.9.8.3-0) unstable; urgency=low

  * New upstream release

davical (0.9.7.6-0) unstable; urgency=low

  * New upstream release.

davical (0.9.7.4-0) unstable; urgency=low

  * New upstream release.

davical (0.9.7.2-0) unstable; urgency=low

  * New upstream version.

davical (0.9.7.1-0) unstable; urgency=low

  * New upstream release.
  * Updated french translation from Christian Perrier (closes: #537715)
  * Allow postgresql-client-8.4 as a possible dependency.


debian-keyring (2026.05.24) unstable; urgency=medium
 .
   * Add new DD key 0xA5FF4BB3EA53C5DF (Vivek K J) (RT #9994)
   * Add new DM key 0x6A3B5AF0CF483C50 (Ural Tunaboyu) (RT #9998)
   * Add new DM key 0xEB62B1057DE7A8B1 (Syed Shahrukh Hussain) (RT
     #10001)
   * Move 0x59E6FCB346D609D5 (Bernelle Verster) to emeritus (RT #9996)
   * Updates from keyring.debian.org HKP interface:
     * 0x02293A6FA4E53473 Antoine Beaupré <anarcat> sig:4
     * 0x083781A2D2ACE48B Adriano Rafael Gomes <adrianorg> sig:1
     * 0x125B57475E190D18 Barak A. Pearlmutter <bap> uid:1 sub:2 sig:3
     * 0x1AF4A75FE769BC68 Nadzeya Hutsko <nadzeya> uid:1 sig:3
     * 0x3A88669D54BA35B8 Manuel Traut <manut> uid:2 sig:2
     * 0x5D5F6C020398A60A Peter Wienemann <wiene> sig:2
     * 0x63FE10EAD55D0FDB Ondřej Kobližek <kobla> sig:4
     * 0x6594486E01294708 Guilherme Puida Moreira <puida> sub:2 sig:2
     * 0x68C287DFC6A80226 Colin King [DM] sig:1
     * 0x6F31F7545A885252 Nicolas Dandrimont <olasd> sig:7
     * 0x789D6F057FD863FE Salvatore Bonaccorso <carnil> sig:5
     * 0x922C1B66A3D3D022 Antonin Delpeuch <pintoch> sig:1
     * 0xA1F751F1A55357E8 Nattie Mayer-Hutchings <nattie> uid:2 sig:4
     * 0xA28C297118E9F23D Gabriel Filion <lelutin> sig:2
     * 0xA5E5C2A2D2FECB0B Stefano Brivio <sbrivio> sig:2
     * 0xB8B24C06AC128405 Ben Finney <bignose> sub:2 sig:2
     * 0xC0831D1F15E0DA64 Arnaud Rebillout <arnaudr> uid:1 sig:2
     * 0xC7EA1BE1574DED5D Sruthi Chandran <srud> uid:1 sig:6
     * 0xE3ADB00850605636 Sandro Knauß <hefee> sub:1 sig:4
     * 0xECBEDBB607B9B2BE Matthias Geiger <werdahias> sig:3
     * 0xF5C83C05D9CEEEEE Chris Boot <bootc> sig:4
     * 0xFE9007B8ED640421 Aryan Karamtoth <spaciouscoder78> sig:2

docker.io (28.5.2+dfsg4-2) unstable; urgency=medium
 .
   * Add debconf prompt to confirm removal of /var/lib/docker on purge
     (Closes: #1021914)
   * Ensure /var/lib/docker directory is removed on purge (Closes: #923577)
   * Backport upstream patches for engine/docker.io:
     - Fixes: CVE-2026-33997 CVE-2026-34040, (Closes: #1136031)

doctrine (3.6.7+dfsg-1) unstable; urgency=medium
 .
   [ Grégoire Paris ]
   * Use correct matrix element name
   * Address string default expression deprecation
   * Avoid adding the same foreign key twice for STI
   * Avoid passing arrays to get_class

fenrir (2026.0.1.28-1) unstable; urgency=medium
 .
   * New upstream release.
     - patches/systemd-path: Refresh.
     - copyright: Fix upstream URL.
     - control: Add build dependencies for tests.
     - tests: Add autopkgtest.

fonts-junicode (2.224+ds-1) unstable; urgency=medium
 .
   * New upstream version.

fritzing (1.0.1-1.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Build-Depend on libquazip1-qt5-dev instead of the obsolete predecessor.
     (Closes: #1136670)

gexiv2 (0.16.0-3) unstable; urgency=medium
 .
   * python3-gexiv2: Remove alternate dependency on gir1.2-gexiv2-0.10

git-quick-stats (2.11.0-1) unstable; urgency=medium
 .
   * New upstream release
   * debian/control:
    + bump Standards-Version to 4.7.4 (no changes required)
    + drop redundant Priority and Rules-Requires-Root fields

gnome-backgrounds (50.0-2) unstable; urgency=medium
 .
   * Update lintian overrides
   * Update Standards Version to 4.7.4

gnome-network-displays (0.99.0-4) unstable; urgency=medium
 .
   * Remove obsolete lintian overrides
   * Update Standards Version to 4.7.4

gnumach (2:1.8+git20260224-9) unstable; urgency=medium
 .
   * patches/git-cache-flush: Add cache flush support.

golang-github-coreos-bbolt (1.4.3-1) unstable; urgency=medium
 .
   * Team upload.
   * debian/gbp.conf: drop upstream-vcs-tag as it blocks gbp import-orig.
   * New upstream version 1.4.3.
   * debian/control: drop Priority: optional (now the default).
   * debian/control: Drop Rules-Requires-Root: no (now the default).
   * debian/control: bump to Standards-version to 4.7.4.
   * 0004-drop-unused-runtime-import.patch: added. Fix FTBFS.

golang-github-klauspost-compress (1.18.6+ds1-2) unstable; urgency=medium
 .
   * Fix Template value capitalization in debian/watch.
   * Remove --buildsystem=golang implicit since dh 13.4.
   * Switch debian/gitlab-ci.yml to debian/salsa-ci.yml.
   * Add missing DVersion-Mangle field in debian/watch for repacking.
   * Add License stanza for Apache-2.0 in debian/copyright.

golang-github-sigstore-timestamp-authority (2.1.0-1) unstable; urgency=medium
 .
   * New upstream (Closes: #1134150)
     - CVE-2026-39984
   * Use gbp upstream-vcs-tag
   * Drop d/watch Uversionmangle
   * Standards-Version: 4.7.4
   * Drop Priority: optional
   * Bump copyright years
   * Refresh patches
   * Improve debci/autopkgtest

grabix (0.1.7-6) unstable; urgency=medium
 .
   * Team upload.
 .
   [ Chris Lamb ]
   * d/rules: make the build reproducible (Closes: #1125729)
 .
   [ Étienne Mollier ]
   * d/control: drop redundant Priority: optional.
   * d/control: drop redundant Rules-Requires-Root: no.
   * d/patches/*: normalise Last-Update timestamps.
   * d/control: declare compliance to standards version 4.7.4.
   * d/watch: convert to v5 Github template.

gradia (1.13.0-2) unstable; urgency=medium
 .
   * d/control: add gir1.2-soup-3.0 & gir1.2-xdp-1.0 to Depens
   * Closes: #1137440
gradia (1.13.0-1) unstable; urgency=medium
 .
   * Initial release. (Closes: #1116515)

guile-lib (0.2.8.1-3) unstable; urgency=medium
 .
   [ Tommi Höynälänmaa ]
   * debian/patches: Add Fixed-aclocal-flags patch. (Closes: #1133150)
   * debian/control: Add versioned Build-Depends on gettext.
     (Closes: #1133150)
 .
   [ Vagrant Cascadian ]
   * debian/watch: Update to format version 5.
   * debian/control: Drop Rules-Requires-Root field.
   * debian/control: Drop Priority field.
   * debian/control: Update Standards-Version to 4.7.4.
   * debian/control: Set Debian Scheme Team as Maintainer.

hvcc (0.16.0-1) unstable; urgency=medium
 .
   * New upstream version 0.16.0
     + Refresh patches
   * Update copyright information
     + Update d/copyright
     + Bump copyright dates
     + Re-generate d/copyright_hints
   * Bump standards version to 4.7.4

hyperorg (0.1.0-1) unstable; urgency=medium
 .
   * Initial release. (Closes: #1125706)

hyprshutdown (0.1.1-1) unstable; urgency=medium
 .
   * Initial release. (Closes: #1137195)

imagemagick (8:7.1.2.23+dfsg1-1) unstable; urgency=medium
 .
   * New upstream version
   * Fix CVE-2026-42326:
     Heap Buffer Over-Read in IPTC encoder.
   * Fix CVE-2026-45031:
     Policy Bypass in PSD decoder.
   * Fix CVE-2026-45358:
     Heap Buffer Over-Read of a single byte in meta encoder.
   * Fix CVE-2026-45359:
     Heap Buffer Over-Read in connected components when
     the user supplies an invalid keep-top define.
   * Fix CVE-2026-45624:
     Heap Buffer Over-Read of 24 bytes in distort operation.
   * Fix CVE-2026-45664:
     Policy Bypass in MNG decoder.
   * Fix CVE-2026-46520:
     Heap Buffer Over-Write in IPL decoder when reading multiple
     images of different dimensions.
   * Fix CVE-2026-46521:
     Heap Buffer Over-Write in MIFF encoder when using LZMA compression.
   * Fix CVE-2026-46522:
     Infinite Loop in the MIFF decoder can lead to CPU exhaustion.
   * Fix CVE-2026-46523:
     Use-After-Free in MSL decoder.
   * Fix CVE-2026-46557:
     Stack overflow in fx operation.
   * Fix CVE-2026-46559:
     Heap Buffer Over-Write of a single byte in the JP2 encoder.
   * Fix CVE-2026-46692:
     Heap Buffer Over-Write in distributed pixel cache server.
   * Fix CVE-2026-46693:
     A Race Condition in distributed pixel cache server
     can result in file descriptor hijacking.
   * Fix CVE-2026-47165:
     Information Disclosure in distributed pixel cache server
     because it is not using a challenge–response authentication model.
   * Fix CVE-2026-47166:
     Heap Buffer Over-Read in distributed pixel cache server.

jq (1.8.1-7) unstable; urgency=high
 .
   * Cherry-pick upstream fix for CVE-2026-47770.
   * d/patches: Add no-forwarded for all upstream fixes.

jupyterlab (4.0.11+ds5+~cs11.25.27-1) unstable; urgency=medium
 .
   * Remove systeminformation
jupyterlab (4.0.11+ds4+~cs11.25.27-4) unstable; urgency=high
 .
   * Fix a transition bug and conflict bug for systeminformation
jupyterlab (4.0.11+ds4+~cs11.25.27-3) unstable; urgency=high
 .
   * Sourcefull build
jupyterlab (4.0.11+ds4+~cs11.25.27-2) unstable; urgency=medium
 .
   * Binary upload for fixing breakage with systeminfomation
   * Manually install systeminformation under galata
jupyterlab (4.0.11+ds4+~cs11.25.27-1) unstable; urgency=medium
 .
   * Embed temporary systeminformation to break build loop
jupyterlab (4.0.11+ds3+~cs11.25.27-1) unstable; urgency=medium
 .
   * Team upload
   * Deembed systeminformation
jupyterlab (4.0.11+ds2+~cs11.25.27-3) unstable; urgency=medium
 .
   * Team upload
   * Fix multiple FTBFS
   * Bug fix: "FTBFS: error TS2345", thanks to Santiago Vila
     (Closes: #1131655).
   * Bug fix: "Please fix Maintainer field email address to avoid future
     confusion", thanks to Jérémy Lal (Closes: #1109823).
   * Bug fix: "control Vcs-Browser please update link", thanks to onders
     (Closes: #1130626).

kwin-zones (1.0.12-3) unstable; urgency=medium
 .
   * Include epoch in kwin-wayland versioned dependency
kwin-zones (1.0.12-2) unstable; urgency=medium
 .
   * Pin binary package to kwin upstream version
     - Unfortunately, the KWin plugin ABI is even taking minor versions
       into account for its compat check, so we need to match the KWin
       version exactly. Maybe we can get binNMU'ed this way, but at the
       very least, the plugin won't break silently.

libayatana-appindicator (0.5.94-1.1) unstable; urgency=medium
 .
   * Non-maintainer upload
 .
   [ Mike Gabriel ]
   * debian/control: Add more Multi-Arch: {same,foreign} declarations.
     Thanks, Multi-Arch Hinter.
 .
   [ Simon McVittie ]
   * d/patches/series: Apply the patch.
     This file was present in the 0.5.94-1 upload to the archive, but
     not in the packaging git repo.
   * d/control: Use ${gir:Depends} in -dev package instead of hard-coding.
     This avoids mistakes, and will make it easier to implement the <!nogir>
     build-profile at a later date, if desired.
   * d/control: Add ${gir:Provides} to -dev package.
     This ensures that it will provide the appropriate systematic name
     derived from its .gir file, and signals that it was not built with
     GObject-Introspection disabled (which is not currently set up,
     but could be added later via the nogir build-profile).
   * d/control: Explicitly build-depend on gir1.2-*-dev packages.
     These virtual package names can be mechanically derived from the uses
     of --include=GObject-2.0 and --include=Gtk-3.0 in the build system,
     and are the preferred way to ensure that the required GIR XML is
     present at build-time.
   * d/control: Drop obsolete B-D on libgirepository1.0-dev.
     This transitional package can't be multiarch-friendly for historical
     reasons. In this package, its only value was to pull in the code
     generation tools and GLib's own GIR XML, but those are now depended
     on via gobject-introspection and gir1.2-gobject-2.0-dev respectively.
     (Closes: #1131260)
   * d/control: Drop obsolete B-D on libdbus-glib-dev (Closes: #955911)
 .
   [ Helmut Grohne ]
   * Fix FTCBFS: Disable gtkdoc in the arch-only build (Closes: #1117668)

libayatana-indicator (0.9.4-2.1) unstable; urgency=medium
 .
   * Non-maintainer upload
   * d/control: Make libayatana-indicator3-dev Multi-Arch: same.
     It will be co-installable for different architectures as soon as
     libayatana-ido3-dev is. (Closes: #1132399)
   * d/control: Correct Vcs-Browser (Closes: #1131260)

libhttp-daemon-perl (6.17-1) unstable; urgency=medium
 .
   * Import upstream version 6.17.
    - Fix CVE-2026-8450: 2-arg open() in send_file() enabled RCE / arbitrary
      file write / response-body exfiltration when a string argument was
      derived from attacker-influenced input. send_file() now uses 3-arg
      open() with an explicit '<' read mode, so the path is always treated as a
      literal filename and 2-arg open() shell-magic shapes ('| cmd', 'cmd |',
      '> path', etc.) are no longer interpreted.
    Closes: #1138050
   * Update years of upstream copyright.
   * Update Upstream-Contact in debian/copyright.
   * Declare compliance with Debian Policy 4.7.4.
   * Remove «Rules-Requires-Root: no», which is the current default.
   * Remove «Priority: optional», which is the current default.

libio-compress-perl (2.220-1) unstable; urgency=medium
 .
   * Import upstream version 2.220.
     Fix CVE-2026-48959, CVE-2026-48961, CVE-2026-48962.
     Closes: #1138051, #1138052, #1138055.
   * Declare compliance with Debian Policy 4.7.4.
   * Drop lintian overrides for removed tags.

libksba (1.8.0-3) unstable; urgency=medium
 .
   * Add dependency on libgpg-error-dev to libksba-dev
     ksba.h #includes gpg-error.h, and the pkg-config file Requires
     gpg-error. Closes: #1137571
libksba (1.8.0-2) unstable; urgency=medium
 .
   * Add minimal autopkgtest, copied from libgcrypt20
   * Upload to unstable.
libksba (1.8.0-1) experimental; urgency=low
 .
   * New upstream version.
     + Update symbol file.

libpqxx (8.0.1-5) unstable; urgency=medium
 .
   * Fix FTBFS on hurd.
libpqxx (8.0.1-4) unstable; urgency=medium
 .
   * Team upload to unstable.
libpqxx (8.0.1-3) experimental; urgency=medium
 .
   * Team upload.
   * More autoconf files copyright fixes.

libretro-beetle-psx (0.9.38.6+git20260515+ds-1) unstable; urgency=medium
 .
   * New upstream GIT snapshot
     + build with openbios as fallback, if the user don't provide their own
       retail BIOS dump.
   * d/control: Build-Depends on libchdr-dev (>= 0.3.0)
libretro-beetle-psx (0.9.38.6+git20260227-3) unstable; urgency=medium
 .
   * Fix build on Hurd
   * Remove integration files for GNOME Games. It was removed from Debian
     almost 3 years ago and it's successor, Highscore, isn't compatible with
     vanilla libretro ports.
libretro-beetle-psx (0.9.38.6+git20260227-2) unstable; urgency=medium
 .
   * Fix build on loong64 & various ports architectures
   * d/control: update Vcs-* fields
libretro-beetle-psx (0.9.38.6+git20260227-1) unstable; urgency=medium
 .
   * New upstream GIT snapshot
   * Build an OpenGL variant, installed as mednafen_psx_hw_libretro.so
   * Build a kodi-game-libretro-beetle-psx package
   * Update debian/copyright
   * Remove Sérgio Benjamim from uploaders, since he seems to be no longer
     active, and add myself.

luacheck (1.2.0-2) unstable; urgency=medium
 .
   * patches from upstream to support Lua5.5
   * d/watch version 5
   * d/salsa-ci.yml
   * Standards-Version 4.7.4, no changes needed

lupupy (0.3.2-3) unstable; urgency=medium
 .
   * Team upload
   * add patch to fix syntaxwarning (Closes: #1085673)

m4api (0.3~0.9646fd-4) unstable; urgency=medium
 .
   [ Niels Thykier ]
   * Replace `debian/compat` with `X-DH-Compat` (Closes: 1116069)
 .
   [ Vagrant Cascadian ]
   * debian/control: Remove Priority field.
   * debian/control: Remove Rules-Requires-Root field.
   * debian/control: Update Standards-Version to 4.7.4.

md4c (0.5.3-1) unstable; urgency=medium
 .
   [ Patrick Franz ]
   * New upstream release (0.5.3).
md4c (0.5.2-4) unstable; urgency=medium
 .
   [ Patrick Franz ]
   * Update d/copyright.
md4c (0.5.2-3) unstable; urgency=medium
 .
   [ Rene Engelhard ]
   * rename libmd4c-html0-dev to libmd4c-html-dev (closes: #1108179)
   * move usr/include/md4c-html.h  into libmd4c-html-dev
     (closes: #1108177)
 .
   [ Patrick Franz ]
   * Bump Standards-Version to 4.7.4 (no changes needed).
   * Drop Rules-Requires-Root: no, not needed anymore.
   * Remove Priority: optional, not needed anymore.
   * Update d/copyright.
   * Update d/watch to format version 5.

mkvtoolnix (99.0-1) unstable; urgency=medium
 .
   * New upstream release.

mssql-django (1.7.2-1) unstable; urgency=medium
 .
   * [06d3567] New upstream version 1.7.2

node-gulp-terser (2.1.0-6) unstable; urgency=medium
 .
   * Team upload
   * Remove nocheck for build depends used duting build
     (Closes: #1137489)
   * Bump Standards-Version to 4.7.4 (no changes needed)

node-read (5.0.1-4) unstable; urgency=medium
 .
   * Team upload
   * Remove <!nocheck> from node-mute-stream (Closes: #1137491)

node-tsx (4.21.0+~cs13.27.0-2) unstable; urgency=medium
 .
   * Team upload
   * Remove <!nocheck> from node-pretty-ms, node-expect

notification-position-reloaded (0.0~git20251208.fa8c234-2) unstable; urgency=medium
 .
   * Add gnome-50 support. (Closes: #1132299)
   * Update Standards-Version to 4.7.4
notification-position-reloaded (0.0~git20251208.fa8c234-1) unstable; urgency=medium
 .
   [ Jeremy Bícha ]
   * Automatically update supported GNOME Shell versions by parsing metadata.json
 .
   [ Sudip Mukherjee ]
   * New upstream version 0.0~git20251208.fa8c234 (Closes: #1115527)
   * Update Standards-Version to 4.7.3
notification-position-reloaded (0.0~git20250402.42cb38e-1) unstable; urgency=medium
 .
   * New upstream version 0.0~git20250402.42cb38e
   * Update to gnome-48. (Closes: #1095896)
   * Update Standards-Version to 4.7.2
notification-position-reloaded (0.0~git20241003.720f7e2-2) unstable; urgency=medium
 .
   * Switch to Architecture: all.
notification-position-reloaded (0.0~git20241003.720f7e2-1) unstable; urgency=medium
 .
   * Initial release. (Closes: #1088071)

ocp (1:3.3.1+ds-1) unstable; urgency=medium
 .
   * New upstream version.

os-autoinst (5.1777039154.e2faf810-7) unstable; urgency=medium
 .
   [ Roland Clobus ]
   * ARGS, the 'debrebase' dance is really mandatory
 .
 os-autoinst (5.1777039154.e2faf810-6) unstable; urgency=medium
 .
   [ Roland Clobus ]
   * PR2938: mouse_drag uses the clickpoints
 .
 os-autoinst (5.1777039154.e2faf810-5) unstable; urgency=medium
 .
   [ Roland Clobus ]
   * Build on 32bit platforms again, but without qemu in the tests
os-autoinst (5.1777039154.e2faf810-4) unstable; urgency=medium
 .
   * revert to Depends: qemu-*, rather than recomend  (closes: 1135693, 1135696)
os-autoinst (5.1777039154.e2faf810-3) unstable; urgency=medium
 .
   * only build for 64-bit archs (closes: 1131826)
 .
 os-autoinst (5.1777039154.e2faf810-2) unstable; urgency=medium
 .
   * Build-Depend on qemu only on arches where it exists (closes: 1131826)
os-autoinst (5.1777039154.e2faf810-2) unstable; urgency=medium
 .
   * Build-Depend on qemu only on arches where it exists (closes: 1131826)

osm2pgrouting (3.0.0-2) unstable; urgency=medium
 .
   * Team upload.
 .
   [ Bas Couwenberg ]
   * Drop Priority: optional, default since dpkg 1.22.13.
   * Bump Standards-Version to 4.7.4, changes: priority.
 .
   [ Christoph Berg ]
   * Allow building against libpqxx-8.0.

pcsx-redux-mips (0~git20260419+ds-1) unstable; urgency=low
 .
   * Initial release. (Closes: #1136730)

php-guzzlehttp-promises (2.4.1-1) unstable; urgency=medium
 .
   [ Graham Campbell ]
   * Fix inspect aggregate rejection reason (#188)
   * Fix empty EachPromise queue completion (#197)
   * Fix cancelling settled coroutines (#203)
   * Release 2.4.1
 .
   [ David Prévot ]
   * Ship upstream upgrade notes

php-symfony-polyfill (1.38.1-1) unstable; urgency=medium
 .
   [ Nicolas Grekas ]
   * [Intl][Idn] Reject xn-- labels whose Punycode payload decodes to ASCII-only
     [CVE-2026-46644]
   * Update changelog for v1.38.1

php-twig (3.27.0-1) unstable; urgency=medium
 .
   [ Fabien Potencier ]
   * Fix sandbox bypass in deprecated internal wrappers [CVE-2026-48805]
   * Fix sandbox bypass in the "column" filter under SourcePolicyInterface
     [CVE-2026-48808]
   * Fix sandbox __toString bypass via Traversable in join/replace filters
   * Fix sandbox `__toString` bypass via the `in` and `not in` operators
     [CVE-2026-48807]
   * Fix sandbox __toString policy bypass via dynamic mapping keys
     [CVE-2026-48806]
   * Fix sandbox filter/tag/function allow-list bypass when sandbox state
     changes between renders [CVE-2026-46636]
   * Prepare the 3.27.0 release
 .
   [ David Prévot ]
   * Add missing space in previous changelog entry

phpunit-environment (9.3.2+ds-1) unstable; urgency=medium
 .
   [ Sebastian Bergmann ]
   * Prepare release
phpunit-environment (9.3.1+ds-1) unstable; urgency=medium
 .
   [ Sebastian Bergmann ]
   * Do not wrap values returned by Runtime::getCurrentSettings() in quotes
   * Prepare release
 .
   [ David Prévot ]
   * Actually drop tools/ directory
   * Extend clean

phpunit-exporter (8.1.0+ds-1) unstable; urgency=medium
 .
   [ Sebastian Bergmann ]
   * Update security policy
   * Make binary string output readable for mostly-printable values
   * Prepare release
 .
   [ David Prévot ]
   * Actually drop tools/ directory
   * Use local package for tests

phpunit-type (7.0.1+ds-1) unstable; urgency=medium
 .
   [ Sebastian Bergmann ]
   * Update security policy
   * Remove superfluous requirement checks
   * Prepare release
 .
   [ David Prévot ]
   * Actually drop tools/ directory
   * Latest tag is not signed
   * Update template for tests
   * Mimic install path for tests
   * Upgrade upstream signing key to new packet format
   * Update standards version to 4.7.4

py-aosmith (1.0.18-1) unstable; urgency=medium
 .
   * New upstream release.
   * Remove debian/gbp.conf, switch to dgit.
   * Update Standards-Version.

pympress (1.8.5-4.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
 .
   [ Chris Lamb ]
   * Make the build reproducible (Closes: #1068795)
 .
   [ Vagrant Cascadian ]
   * pympress/app.py: Redact platform.release and platform.version for
     reproducible builds.
   * debian/rules: Force locale for documentation generation.

pyrfxtrx (0.34.0-1) unstable; urgency=medium
 .
   * New upstream release.
   * Remove debian/gbp.conf, switch to dgit.
   * Update Standards-Version.

pyshp (3.0.9-1) unstable; urgency=medium
 .
   * Team upload.
   * New upstream release.

python-aioasuswrt (1.4.0-3) unstable; urgency=medium
 .
   * Team upload
   * add pytest-asyncio build dependency (Closes: #1114287)
python-aioasuswrt (1.4.0-2) unstable; urgency=medium
 .
   * Reupload source-only.
python-aioasuswrt (1.4.0-1) unstable; urgency=medium
 .
   * Initial release. (Closes: #1077233)

python-alarmdecoder (1.13.11-3) unstable; urgency=medium
 .
   * Team upload.
   * fix regex syntaxwarnings (Closes: #1085838)

python-cykhash (2.0.0-4) unstable; urgency=medium
 .
   * d/watch: version=5
   * in1d was replaced by isin in numpy 2.4
     Closes: #1136869
   * Standards-Version: 4.7.4 (routine-update)
   * Reflow Uploaders field (cme)
   * Remove Priority field (cme)
   * Drop default 'Rules-Requires-Root: no' from d/control (routine-
     update)
   * debputy lint --auto-fix (routine-update)

python-ecobee-api (0.4.0-1) unstable; urgency=medium
 .
   * New upstream release.
   * Upstream now includes a test suite, add pytest and requests-mock as a test
     dependencies.
   * Remove debian/gbp.conf, switch to dgit.
   * Remove 'Priority: optional', now the default.
   * Update Standards-Version.
   * Update copyright year.
   * Add autopkgtest-pkg-pybuild.

python-gios (7.1.0-1) unstable; urgency=medium
 .
   * New upstream release.
   * Update Standards-Version.
   * Update copyright year.

python-keyutils (0.6-4) unstable; urgency=medium
 .
   * Team upload.
   * Maintain in Debian Python Team
   * d/watch: version=5
   * Github project vanished thus using PyPI as Homepage / Source URL
   * Strip unusual field spacing from debian/control.
   * Trim trailing whitespace.
   * Standards-Version: 4.7.4 (Removed Priority field)
   * Lintian-overrides: pypi-homepage

python-mitogen (0.3.48-1) unstable; urgency=medium
 .
   * New upstream release.

python-opuslib (3.0.1-3) unstable; urgency=medium
 .
   * Team upload.
   * fix syntaxwarning (Closes: #1086858)

python-sanix (1.0.6-2) unstable; urgency=medium
 .
   * Team upload
   * add patch to fix regex syntaxwarning (Closes: #1086959)

python-scverse-misc (0.0.7-1) unstable; urgency=medium
 .
   * Initial release (Closes: #1138035)

python-strenum (0.4.15-1) unstable; urgency=medium
 .
   * Initial release. (Closes: #1136417)

python-watson-developer-cloud (11.2.0-2) unstable; urgency=medium
 .
   * Team upload.
   * Fix SyntaxWarning for regex invalid escape sequences (Closes: #1086970)

python-wither (1.1-4) unstable; urgency=medium
 .
   * Team upload.
   * Fix SyntaxWarning for regex invalid escape sequences (Closes: #1086972)

python-xkcd (2.4.2-6) unstable; urgency=medium
 .
   * Team upload.
   * Maintain in Debian Python Team
   * d/watch: version=5
   * Standards-Version: 4.7.4 (Removed Priority field)

qt6-webview (6.10.2-3) unstable; urgency=medium
 .
   [ Patrick Franz ]
   * Remove kernel version from build artifacts to ensure reproducible
     builds.
   * Bump Standards-Version to 4.7.4 (no changes needed).

rpitalk (1.3) unstable; urgency=medium
 .
   * Added device name validation
   * Added flushSpeech() method; replaced safeSpeak() calls with it
   * Removed legacy openSerialPort2() method
   * Renamed variable range to prange to avoid conflict with built-in function
   * Fixed typos in setSpeechPitchRange and setSpeechVolume (bad method names)
   * Fixed setSpeechVolume: replaced bare int() calls with self.toInteger()
   * Corrected voice mapping table in setVoiceByID; added bounds check
   * Renamed safeSpeak to safeSpeech; fixed escape sequence detection

rust-bitfields (1.0.0-5) unstable; urgency=medium
 .
   * Team upload.
   * Package bitfields 1.0.0 from crates.io using debcargo 2.8.2
   * Skip two tests that expect < 1.95 compiler output

rust-command-fds (0.3.3-1) unstable; urgency=medium
 .
   * Package command-fds 0.3.3 from crates.io using debcargo 2.8.2

rust-gix-testtools (0.18.0-1) unstable; urgency=medium
 .
   * Package gix-testtools 0.18.0 from crates.io using debcargo 2.8.2 (Closes: #1137519).

rust-repro-threshold (0.1.2-1) unstable; urgency=medium
 .
   * Package repro-threshold 0.1.2 from crates.io using debcargo 2.8.2
   * Address RUSTSEC-2026-0145/GHSA-3cv2-h65g-fgmm

rust-sequoia-cert-store (0.7.3-1) unstable; urgency=medium
 .
   * Package sequoia-cert-store 0.7.3 from crates.io using debcargo 2.8.2

rust-whoami (2.1.2-2) unstable; urgency=medium
 .
   * Team upload.
   * Package whoami 2.1.2 from crates.io using debcargo 2.8.2
   * Target unstable
rust-whoami (2.1.2-1) experimental; urgency=medium
 .
   * Team upload.
   * Package whoami 2.1.2 from crates.io using debcargo 2.8.2
   * Disable objc2 and refresh patches

rust-whoami-1 (1.6.1-1) unstable; urgency=medium
 .
   * Package whoami 1.6.1 from crates.io using debcargo 2.8.2

shairport-sync (5.1~dev~git20260518-1) unstable; urgency=medium
 .
   * New upstream release
     - d/patches/typo-fixes.patch: remove; included upstream.
     - Ensure the correct PulseAudio backend is enabled.
   * d/gbp.conf: add to configure git-buildpackage.
   * d/copyright: review and add missing / update entries.
   * d/control: remove unnecessary Priority and Rules-Requires-Root fields
   * Enable the PipeWire backend.
   * Enable AirPlay 2 mode:
     - d/rules: enable AirPlay 2 and ffmpeg.
     - d/control: add new dependencies.
     - d/control: add nqptp to Recommends.
     - d/control: reword the description.
     - d/NEWS: add an entry describing the changes.
     - d/shairport-sync.service: incorporate upstream changes.
   * Add an optional (disabled by default) systemd user unit.
   * Install additional upstream documentation.
   * d/rules: enable metadata pipe and multicast support.
   * d/rules: minor fixes and modernisation.

snapd (2.75.2-2) unstable; urgency=medium
 .
   * Add patch allowing linking with libm (Closes: #1137435)

snmptt (1.5-3) unstable; urgency=medium
 .
   * Install and use sysusers.d/tmpfiles.d config files.

sorl-thumbnail (13.0.0-1) unstable; urgency=medium
 .
   * Team upload.
 .
   [ Martin ]
   * Migrate debian/watch to version 5.
   * Bump Standards-Version, drop R³: no and Priority: optional.
   * Add debian/gbp.conf.
 .
   [ Colin Watson ]
   * New upstream release (closes: #1135484).
   * Disable tests using pytest arguments rather than patches.
   * Use dh-sequence-python3 and dh-sequence-sphinxdoc.

sphinx-design (0.7.0-3) unstable; urgency=medium
 .
   * Team upload.
   * Maintain in Debian Python Team
   * Add debian/salsa-ci.yml
   * d/watch: version=5
   * Standards-Version: 4.7.4 (Removed Priority field)
   * Short description is no sentence
   * d/copyright: fix typo

sphinx-favicon (1.1.0-2) unstable; urgency=medium
 .
   * Team upload.
   * Maintain in Debian Python Team
   * Add Homepage
   * d/watch: version=5
   * Standards-Version: 4.7.4 (Removed Priority field)

swayimg (5.2-1) unstable; urgency=medium
 .
   * New upstream release
   * debian/control:
    + bum Standards-Version to 4.7.4 (no changes required)

symfony (7.4.13+dfsg-1) unstable; urgency=medium
 .
   [ Fabien Potencier ]
   * Update VERSION for 7.4.13
 .
   [ Nicolas Grekas ]
   * [HttpClient] Block IPv6 transition forms in NoPrivateNetworkHttpClient
     [CVE-2026-48736]
   * [HttpFoundation] Block IPv6 transition forms in IpUtils::PRIVATE_SUBNETS
     [CVE-2026-48736]
   * [Mailer] Pin Mailomat webhook signature algorithm to SHA-256
     [CVE-2026-48747]
   * [HtmlSanitizer] Reject percent-encoded BiDi marks and Unicode whitespace
     in URLs [CVE-2026-48760]
   * [HtmlSanitizer] Sanitize URL attributes on <object>, <applet>, <iframe>,
     <img>, and the URL inside <meta http-equiv="refresh"> content
     [CVE-2026-48761]
   * [Routing] Fix dot-segment encoding for chained "../" and "./" in generated
     URLs [CVE-2026-48784]
   * [Security] Don't honor user-supplied _failure_path on failure_forward
     [CVE-2026-48489]

systemd-cron (2.8.1-1) unstable; urgency=medium
 .
   * New upstream version 2.8.1
systemd-cron (2.8.0-1) unstable; urgency=medium
 .
   [ Alexandre Detiste ]
   * lintian-overrides: simplify now that UsrMerge is complete
   * prerm: allign open-code with the automatically generated snippet
 .
   [ наб ]
   * New upstream version 2.8.0
     + d/p/: drop, applied upstream

theme-d (7.3.3-1) unstable; urgency=medium
 .
   * New upstream version 7.3.3.
   * Changed Standards-Version to 4.7.4 in debian/control.
   * Removed Priority and Rules-Requires-Root from debian/control.

usgs (0.3.7-1) unstable; urgency=medium
 .
   [ Bas Couwenberg ]
   * Update lintian overrides.
   * Drop Rules-Requires-Root: no, default since dpkg 1.22.13.
   * Use test-build-validate-cleanup instead of test-build-twice.
   * Drop Priority: optional, default since dpkg 1.22.13.
   * Bump Standards-Version to 4.7.4, changes: priority.
 .
   [ Antonio Valentino ]
   * New usptream release.
   * debian/rules:
     - Skip broken test: test_logout_http_error.

uwsgi-plugin-pypy (0.0.6) unstable; urgency=medium
 .
   * fix pypylib path on i386
uwsgi-plugin-pypy (0.0.5) unstable; urgency=medium
 .
   * add missing gcc runtime dep
uwsgi-plugin-pypy (0.0.4) unstable; urgency=medium
 .
   [ Jonas Smedegaard ]
   * remove myself as uploader
 .
   [ Alexandre Rossi ]
   * add missing pypy dep on binary package
   * declare compliance to policy 4.7.3 (no change)
uwsgi-plugin-pypy (0.0.3) unstable; urgency=medium
 .
   [ Jonas Smedegaard ]
   * update copyright info:
     + fix license shortname
     + use field License-Grant
     + tidy copyright holders
   * update copyright info:
     + use field Reference
     + update coverage
   * tighten build-dependency on uwsgi-src
 .
   [ Alexandre Rossi ]
   * fix typo in d/copyright
   * have binary pkg depend on headers required at runtime
     (cffi bindings)
   * fix autpkgtest No module named 'unittest'
   * use upstream integration tests
uwsgi-plugin-pypy (0.0.2) unstable; urgency=medium
 .
   * no-changes source-only upload to enable testing migration
uwsgi-plugin-pypy (0.0.1) experimental; urgency=medium
 .
   [ Alexandre Rossi ]
   * initial separate packaging;
     closes: bug#732019
     (see source package uwsgi for earlier releases)

vncdotool (1.3.0-1) unstable; urgency=medium
 .
   * New upstream version 1.3.0
     - Update copyright.
     - Update dependency.
     - Ignore tests.
       - Tests uses curl to download files from github.
   * Standards-Version to 4.7.4

vtk9 (9.5.2+dfsg4-5) unstable; urgency=medium
 .
   * Team upload.
   * debian patch numpy_drop_in1d_MR12693.patch applies upstream
     MR#12693 to remove numpy.in1d, no longer provided by numpy 1.24
     (use numpy.isin instead). Closes: #1137015
   * Standards-Version: 4.7.4

xdvik-ja (22.87.06+j1.42-4) unstable; urgency=medium
 .
   * Refresh patches
   * Add patch: Fix FTBFS GCC-15/C23 (Closes: #1098134)
     * Thanks to Azeez Syed <azeezalishah@gmail.com>
   * d/watch: Bump version, ignore ci: test-uscan
xdvik-ja (22.87.06+j1.42-3) unstable; urgency=medium
 .
   [ Debian Janitor ]
   * Remove constraints unnecessary since buster
 .
   [ Janitor ]
   * Fix some issues reported by lintian
 .
   [ Youhei SASAKI ]
   * Update d/changelog
   * d/control: B-d, use pkgconf instead of pkg-config
xdvik-ja (22.87.06+j1.42-2) unstable; urgency=medium
 .
   * Add patch: support 2004-{H,V} entry (Closes: #1052607)
xdvik-ja (22.87.06+j1.42-1) unstable; urgency=medium
 .
   * Bump Standards-Version to 4.6.2 (no changes needed)
   * New upstream version 22.87.06+j1.42
   * Change location config.xdvi
   * Update README.Debian (Closes: #993597)
   * debian/control: Remove empty control field Recommends in package xdvik-ja.
   * d/control: Add build-depends libfreetype1-dev (Closes: #1003328)
   * d/control: Update Build-Depends
   * Typo. fixed
   * Refresh patches
   * d/patches: Add DEP-3 tag
   * Fix use-after-free bug (Closes: #1003327) Thanks to NIDE-san!
   * Add source/lintian-overrides: source-is-missing
xdvik-ja (22.87.05+j1.42-2) unstable; urgency=medium
 .
   * Re-Add debian/salsa-ci.yml
   * Imported Upstream version 22.87.03+j1.42
   * New upstream version 22.87.05
   * Refresh patches
   * Add d/control: Add Rules-Requires-Root
   * Update debian/changelog
   * d:control: Update Vcs-* field
xdvik-ja (22.87.05+j1.42-1) unstable; urgency=medium
 .
   * Drop salsa-ci.yml
   * New upstream version 22.87.05
   * Refresh patches
   * Add d/control: Add Rules-Requires-Root
xdvik-ja (22.87.03+j1.42-4) unstable; urgency=medium
 .
   * Add pkg-config into Build-Depends (Closes: #952100)
   * d/{control,compat}: use debhelper-compat
   * d/copyright: update copyright year
   * Add salsa-ci.yml
   * d/control: Bump Standard Version 4.5.0
xdvik-ja (22.87.03+j1.42-3) unstable; urgency=medium
 .
   * Add patch: follow gs9.27 changes (Closes: #939494)
     Thanks to NIDE, Naoyuki!
   * d/control: Bump Standard Version 4.4.0
   * d/{control,compat}: Bump Compat 12
xdvik-ja (22.87.03+j1.42-2) unstable; urgency=medium
 .
   [ Youhei SASAKI ]
   * d/control: Bump Standard-Version 4.2.1
   * d/control: update Vcs-{Git,Browser}. use salsa
   * d/changelog: remove trailing-whitespace
 .
   [ Hilko Bengen ]
   * Add patch to detect freetype2 via pkg-config (Closes: #892353)
   * Debian release
xdvik-ja (22.87.03+j1.42-1) unstable; urgency=medium
 .
   * Add debian/watch: use SourceForge as upstream
     - Bump version 4
   * Imported Upstream version 22.87.03+j1.42
   * Refresh, split patches for copyright
   * Drop obsolete lintian overrides
   * Update debian/rules: follow upstream change
   * Drop autotool generated file: c-auto.in
   * Update debian/copyright: format 1.0
     - Add Files-Excluded field in order to strip TeXLive build files
   * Update debian/control:
     - Drop obsolete: DM-Upload-Allowed line
     - Update Maintainer, drop Uploaders
     - Update Vcs-* field
   * Bump Compat: 9
   * Bump Standard version: 3.9.8
   * Add README.Debian
   * Update debhelper script: cosmetic, drop defoma entry
xdvik-ja (22.84.16-j1.40+t1lib-1) unstable; urgency=low

  [Youhei SASAKI]
  * New upstream release: TeXLive 2011(2012/dev) with t1lib + e-pTeX patches
  * Build with internal t1lib provided by TeXLive upstream sources
    - As t1lib is going to dissappear in Wheezy (Closes: #638764).
      There are no alternatives for CJKV DVI, and replacement to freetype 2 is
      still in progress.
    - I know, we should be avoided. libfreetype2 should be use instead.

xdvik-ja (22.84.16-j1.40-1) unstable; urgency=low

  [Youhei SASAKI]
  * New upstream release: TeXLive 2011(2012/dev) + apply e-pTeX patches
  * Bump Standard-Version: 3.9.3
  * Change debian/rules: use dh instead of CDBS
  * Update, rename patches:
    - 0001-tl11supp-pxdvi-120120.patch: e-pTeX patch, modified for Debian
    - 0002-Fix-Werror-format-security.patch
    - 0003-Fix-manpage-error.patch
    - 0004-Fix-Freetype-Invalid-Outline.patch
  * Drop obsolete patches:
    - 51_ld_as-needed.diff: use dh_autoreconf --as-needed
    - 10gcc.diff, 30common.mk, 40Makefile.in.diff, 50libtool-tag.diff:
      These patches obsolete because of upstream changes.

xdvik-ja (22.84.13-j1.34-4) unstable; urgency=low

  [Youhei SASAKI]
  * Add DM-Upload-Allowed: yes
  * Bump Standard-Version: 3.9.2
  * Update Depends: Font name changed.
    Thanks to Hideki Yamane (Closes: #642121, #642210)
  * Fix FTBFS with ld --as--needed.
    Thanks to Matthias Klose (Closes: #641292, LP: #832899)
  * Fix FTBFS: dpkg-buildflags
    Thanks to Hideki Yamane, Daniel T Chen (Closes: #644048)

xdvik-ja (22.84.13-j1.34-3) unstable; urgency=low

  [Youhei SASAKI]
  * Add me to Uploaders, thanks to Tsuchiya-san, Kohda-san.
  * Bump Standard-version: 3.8.4
  * Change source format: 3.0 (quilt)
  * Fix invalid outline from freetype (Closes: #583874).
  * Fix some lintian warnings:
    - Add copyright notice about original xdvik, localization patches
    - fix manpages error
  * Fix description in update-vfontmap: remove defoma entry.

xdvik-ja (22.84.13-j1.34-2.2) unstable; urgency=high

  * NMU.  Fix debian/xdvik-ja.prerm to close serious bug, so urgency is high.
    Thanks to Yamane-san <henrich AT debian.or.jp> for his help.
    (Closes: #574194)
  * debian/xdvik-ja.preinst
    - call defoma-app to remove unnecessary defoma entry.

xdvik-ja (22.84.13-j1.34-2.1) unstable; urgency=low

  * NMU.  In fact this is a co-operation with a maintainer and an uploader.
  [TSUCHIYA Masatoshi]
  * Removed defoma from depends and build-dep - closes: #458863
  * Call libtool with `--tag=cc' option - closes: #511908
  [Atsuhito Kohda]
  * Fixed to work under TeXLive2009 (kpathsea5).  (Closes: #527526, #560964)
  * Changed sponsor and uploader.
  * Fixed control, compat, rules and prerm files to erase lintian warnings.
   - added ${misc:Depends} and ttf-sazanami-mincho, ttf-vlgothic in control.
   - changed from 4 to 7 in compat file.
   - so replaced "dh_clean -k" with "dh_prep" in rules file.
   - removed prepended path in prerm.

xdvik-ja (22.84.12-j1.34-1) unstable; urgency=low

  * New upstream release. - closes: #336783
  * Remove libkpathsea4-dev from Build-Depends. - closes: #429679
  * Workaround patches (debian/patches/60kpse_enc_file.diff,
    debian/patches/80wideprototype.diff) are removed.

xdvik-ja (22.84.10-j1.33-1) unstable; urgency=low

  * New upstream release.
  * Configuration file paths are changed, because format of vfontmap is
    changed by upstream developers.
  * Use defoma to select appropriate fonts.
  * Added ttf-japanese-* to Depends.
  * Added texlive-base-bin to Depends - closes: #357200

xdvik-ja (22.84.8-j1.22-2) unstable; urgency=low

  * Works done at Codefest in Malaysia 2006.
  * Added me to Uploaders.
  * Tighten up dependencies.
  * Added ttf-sazanami-* to Depends - closes: #352006
  * Bumped to Standards-Version: 3.6.2.2 (no physical changes).

xdvik-ja (22.84.8-j1.22-1) unstable; urgency=low

  * New upstream release (closes: #277335)

xdvik-ja (22.84.8-j1.21-1) unstable; urgency=low

  * New upstream release

xdvik-ja (22.84.5-j1.21-1) unstable; urgency=low

  * New upstream release

xdvik-ja (22.84.3-j1.21-2) unstable; urgency=low

  * debian/patches/80tempfile-fix.diff: Change to avoid the reported bug.
    Thanks to Kenshi Muto and Fumitoshi UKAI for their kind help.
    - closes: #272437

xdvik-ja (22.84.3-j1.21-1) unstable; urgency=low

  * New upstream release.

xdvik-ja (22.84.1-j1.21-1) unstable; urgency=low

  * New upstream release.

xdvik-ja (22.84-j1.21-2) unstable; urgency=low

  * Add tmin and tgoth to 20ascii-ptex.map.

xdvik-ja (22.84-j1.21-1) experimental; urgency=low

  * New upstream release.
  * Use experimental Japanized patch.
  * debian/10keybind-option.diff: Removed.
  * Use libt1-dev instead of t1lib-dev. - closes: #251185

xdvik-ja (22.40y-j1.18-1) unstable; urgency=low

  * New upstream release.

xdvik-ja (22.40y-j1.17-1) unstable; urgency=low

  * New upstream release.

xdvik-ja (22.40x-j1.17-1) unstable; urgency=low

  * New upstream release.

xdvik-ja (22.40w-j1.17-2) unstable; urgency=low

  * Add libwww0 to Build-Depends filed of debian/control.  This addition
    must be done in 22.40v-j1.14-3, but, I made a mistake. - closes: #189117

xdvik-ja (22.40w-j1.17-1) unstable; urgency=low

  * New upstream release.

xdvik-ja (22.40v-j1.14-3) unstable; urgency=low

  * Updated Standard-Version: 3.5.9
  * Now Build-Depends: libwww-dev and libwww0 - closes: #188108

xdvik-ja (22.40v-j1.14-2) unstable; urgency=low

  * debian/patches/20scalebox.diff: A patch to fix scalebox bug.

xdvik-ja (22.40v-j1.14-1) unstable; urgency=low

  * New upstream release.
  * debian/xdvi-pl: Fix typo reported by Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp>.
  * debian/postinst: Fix a misusage of dpkg-divert.
  * Now upstream supports source special feature - closes: #94244

xdvik-ja (22.40v-j1.13-1) unstable; urgency=low

  * New Maintainer.
  * Sponsored by Masayuki Hatta <mhatta@debian.org>.
  * New upstream release - closes: #76355
  * Now Build-Depends: libxaw7-dev - closes: #170011
  * Now /usr/bin/xdvi-ja has gone - closes: #52853
  * Now generates /etc/texmf/vfontmap - closes: #138885