developers-reference (14.11) unstable; urgency=medium
 .
   [ Holger Levsen ]
   * conf.py: update number of packages to 40000 and architectures to 8.
 .
   [ Ian Jackson ]
   * conf.py: fix warning from sphinx.

ghostscript (10.07.1~dfsg-1) unstable; urgency=medium
 .
   * New upstream version
   * Standards-Version: 4.7.4 (routine-update)

golang-github-go-ini-ini (1.67.2-1) unstable; urgency=medium
 .
   * Team upload
 .
   [ Chris Lamb ]
   * Update d/rules to make build reproducible (Closes: #1135192)
 .
   [ Mathias Gibbens ]
   * New upstream release
   * Update Standards-Version to 4.7.4 in d/control (no changes needed)

golang-github-opencontainers-cgroups (0.0.5-3) unstable; urgency=medium
 .
   * Team upload.
   * d/p/fix-compat-cilium-ebpf-0.21.patch: Drop removed
     ProgramInfo.RunCount/Runtime calls for cilium/ebpf >= 0.19.

golang-github-tjfoc-gmsm (1.4.1-1) unstable; urgency=medium
 .
   [ Simon Josefsson ]
   * Use gbp sign-tags and upstream-vcs-tag
   * Use watch v5 dropping +ds (fixed upstream)
   * Standards-Version: 4.7.4
   * Drop Rules-Requires-Root: no
   * Drop Priority: optional
   * Section:golang
   * Use dh-sequence-golang
   * Use debhelper-compat 13
   * Refresh B-D/D's
   * Adopt package (Closes: #940435)
   * Silence lintian debian-changelog-line-too-long
   * Fix self-tests
   * Improve d/copyright
   * Improve reproducibility
 .
   [ Chris Lamb ]
   * Fix reproducibility (Closes: #1122019)

joserfc (1.6.8-1) unstable; urgency=medium
 .
   * New upstream release.

libsdl3 (3.4.8+ds-2) unstable; urgency=medium
 .
   * d/p/x11-Disable-the-X-Synchronization-Extension-by-default.patch:
     Cherry-pick a patch recommended by upstream.
     Using XSync doesn't work for all apps/games, so it's better for that
     feature to be opt-in rather than opt-out.

libxml-libxml-perl (2.0207+dfsg+really+2.0134-8) unstable; urgency=medium
 .
   * Team upload.
   * fix: replace domParseChar with xmlValidateName to prevent OOB UTF-8 read
     (CVE-2026-8177) (Closes: #1136300)

node-pretty-ms (9.3.0-1) unstable; urgency=medium
 .
   * Team upload
   * Remove patch running tests with tape instead of ava
   * Update standards version to 4.7.4
   * New upstream version 9.3.0

node-systeminformation (5.31.6-4) unstable; urgency=medium
 .
   * MA: foreign
   * Add test
node-systeminformation (5.31.6-3) unstable; urgency=medium
 .
   * Breaks against recent jupyterlab (Closes: #1137617)
node-systeminformation (5.31.6-2) unstable; urgency=medium
 .
   * Upload to unstable
   * Remove binary under /usr/bin
   * Fix permissions of binary under nodejs tree
node-systeminformation (5.31.6-1) experimental; urgency=medium
 .
   * Initial release (Closes: #1137322)

octave-datatypes (1.2.3-1) unstable; urgency=medium
 .
   * New upstream version 1.2.3
   * keyhash-endianess.patch: drop patch, applied upstream
   * Tighten build-dependency on dh-octave to >= 1.14.3. The latter
     incorporates a workaround for packages that clear all variables in
     PKG_DEL, such as this one in this new version.

octave-statistics (1.8.3-1) unstable; urgency=medium
 .
   [ Sébastien Villemot ]
   * New upstream version 1.8.3
   * Tighten build-depedency on octave-datatypes to >= 1.2.3, following upstream
   * d/copyright: reflect upstream changes
 .
   [ Rafael Laboissière ]
   * d/control: Bump Standards-Version to 4.7.4 (no changes needed)
   * Change Maintainer and Vcs-* paths to octave-team

openssh (1:10.3p1-2) unstable; urgency=medium
 .
   * Correctly set extended type for client-side channels.  Fixes interactive
     vs bulk IPQoS for client->server traffic.
   * Build-depend on libselinux-dev rather than libselinux1-dev.

postgresql-hll (2.20-1) unstable; urgency=medium
 .
   * New upstream version 2.20.

python-cachecontrol (0.14.4-1) unstable; urgency=medium
 .
   * New upstream point release.
   * Refresh patches.
   * Bump copyright years.
   * Bump Standards-Version to 4.7.4, drop Priority: optional.
   * Drop Rules-Requires-Root: no, this is now the default.
   * Upstream now builds with python3-uv-build, instead of flit.

python-certifi (2026.5.20+ds-1) unstable; urgency=medium
 .
   * New upstream release.

python-selectolax (0.4.10-1) unstable; urgency=medium
 .
   * New upstream version
   * [c92459c] deactivate broken tests.

r-cran-rcppprogress (0.4.2-3) unstable; urgency=medium
 .
   * Team upload.
   * Packaging update (routine-update)
   * Standards-Version: 4.7.3 (routine-update)
   * debhelper-compat 13 (routine-update)
   * Reflow Uploaders field (cme)
   * Remove Priority field (cme)
   * Restrict to 64-bits architectures (routine-update)
   * Restrict to little-endian architectures (routine-update)

rust-bytecount (0.6.9-2) unstable; urgency=medium
 .
   * Team upload.
   * Package bytecount 0.6.9 from crates.io using debcargo 2.8.2
   * Disable generic-simd feature again, it requires nightly toolchains

rust-cargo-edit (0.13.10-1) unstable; urgency=medium
 .
   * Package cargo-edit 0.13.10 from crates.io using debcargo 2.8.2
     Based on prior work of Robin Krahl.

rust-clap-cargo (0.18.3-2) unstable; urgency=medium
 .
   * Team upload.
   * Disable tests failing because of files missing in the tarball.
rust-clap-cargo (0.18.3-1) unstable; urgency=medium
 .
   * Package clap-cargo 0.18.3 from crates.io using debcargo 2.8.2

rust-signal-hook-registry (1.4.8-1) unstable; urgency=medium
 .
   * Team upload.
   * Package signal-hook-registry 1.4.8 from crates.io using debcargo 2.8.2

samba (2:4.24.3+dfsg-1) unstable; urgency=medium
 .
   * This is a security release in order to address the following defects:
 .
     CVE-2026-1933: Missing access checks on reparse point operations
 .
       On a share marked "read only = yes" and on file handles opened R/O users
       can set or delete the reparse point xattrs on files that the user has
       write-access in the file system for.
 .
       https://www.samba.org/samba/security/CVE-2026-1933.html
 .
     CVE-2026-2340: WORM vfs module does not block overwrites
 .
       The WORM (Write-Once, Read Many) vfs module is supposed to lock write
       access to shared files, so they cannot be altered after initial writes.
       It was allowing files to be overwritten by renaming a newly created file
       over a protected file.
 .
       https://www.samba.org/samba/security/CVE-2026-2340.html
 .
     CVE-2026-3012: auto-enrolment GPO installing CA certificate over http
       without verification
 .
       To bootstrap a certificate chain a domain member must fetch a certificate
       without TLS. It was trusting HTTP for this when a more secure encrypted
       LDAP channel was also available.
 .
       https://www.samba.org/samba/security/CVE-2026-3012.html
 .
     CVE-2026-3238: Denial of service against AD DC WINS server
 .
       The WINS server component of the Active Directory Domain controller code
       in Samba is vulnerable to a NULL pointer dereference and crash caused by
       an unauthenticated UDP packet.
 .
       https://www.samba.org/samba/security/CVE-2026-3238.html
 .
     CVE-2026-4408: Unauthenticated Remote Code Execution in Samba DCE/RPC
       SAMR server
 .
       Samba file servers and classic (non-AD) domain controllers with
       samba-dcerpcd started as a system service and with a "check password
       script" that has the %u substitution character are vulnerable to a
       remote code execution.
 .
       https://www.samba.org/samba/security/CVE-2026-4408.html
 .
     CVE-2026-4480: Unauthenticated Remote Code Execution in Samba
       printing subsystem
 .
       Samba print servers with a "print command" that has the %J substitution
       character are vulnerable to a Remote Code Execution.
 .
       https://www.samba.org/samba/security/CVE-2026-4480.html