mayo (0.9.0+ds-2) unstable; urgency=medium . * Apply patch: src/3rdparty/fast_float/float_common.h: Add loongarch64 support. (Closes: #1103407) Thanks Dandan Zhang. * d/copyright: short license formatting fixed. mayo (0.9.0+ds-1) unstable; urgency=medium . * New upstream version. node-debug (4.4.1+~4.1.12-1) UNRELEASED; urgency=medium . * Team upload * Declare compliance with policy 4.7.2 * debian/watch version 5 * New upstream version 4.4.1+~4.1.12 * Update test * Test-Depends: +node-sinon postgresql-17 (17.6-1) unstable; urgency=medium . * New upstream version 17.6. . + Tighten security checks in planner estimation functions (Dean Rasheed) . The fix for CVE-2017-7484, plus followup fixes, intended to prevent leaky functions from being applied to statistics data for columns that the calling user does not have permission to read. Two gaps in that protection have been found. One gap applies to partitioning and inheritance hierarchies where RLS policies on the tables should restrict access to statistics data, but did not. . The other gap applies to cases where the query accesses a table via a view, and the view owner has permissions to read the underlying table but the calling user does not have permissions on the view. The view owner's permissions satisfied the security checks, and the leaky function would get applied to the underlying table's statistics before we check the calling user's permissions on the view. This has been fixed by making security checks on views occur at the start of planning. That might cause permissions failures to occur earlier than before. . The PostgreSQL Project thanks Dean Rasheed for reporting this problem. (CVE-2025-8713) . + Prevent pg_dump scripts from being used to attack the user running the restore (Nathan Bossart) . Since dump/restore operations typically involve running SQL commands as superuser, the target database installation must trust the source server. However, it does not follow that the operating system user who executes psql to perform the restore should have to trust the source server. The risk here is that an attacker who has gained superuser-level control over the source server might be able to cause it to emit text that would be interpreted as psql meta-commands. That would provide shell-level access to the restoring user's own account, independently of access to the target database. . To provide a positive guarantee that this can't happen, extend psql with a \restrict command that prevents execution of further meta-commands, and teach pg_dump to issue that before any data coming from the source server. . The PostgreSQL Project thanks Martin Rakhmanov, Matthieu Denais, and RyotaK for reporting this problem. (CVE-2025-8714) . + Convert newlines to spaces in names included in comments in pg_dump output (Noah Misch) . Object names containing newlines offered the ability to inject arbitrary SQL commands into the output script. (Without the preceding fix, injection of psql meta-commands would also be possible this way.) CVE-2012-0868 fixed this class of problem at the time, but later work reintroduced several cases. . The PostgreSQL Project thanks Noah Misch for reporting this problem. (CVE-2025-8715) . * Add Turkish debconf translation by Atila KOÇ, thanks! (Closes: #1107984) * Drop hurd-iovec patch, implemented upstream. * Drop obsolete patches: focal-arm64-outline-atomics, jit-s390x. rust-openssl (0.10.73-1) unstable; urgency=medium . * Team upload. * Package openssl 0.10.73 from crates.io using debcargo 2.7.10 systemd (258~rc3-1) unstable; urgency=medium . * systemd-boot: install kernel hooks to /usr/share/ It is now supported since Trixie, so shim the hooks in /usr/share/ so they can be overridden in /etc/ * Update upstream source from tag 'upstream/258_rc3' Update to upstream version '258~rc3' with Debian dir 024c11377e68f4e54703104737379ce23e48c7cf (Closes: #1111326 #1110997) systemd (258~rc2-2) unstable; urgency=medium . * Stop installing /var/lib/systemd in the package. /var/ needs to be handled by tmpfiles.d, not by the package, so that it can be deleted and recreated as needed on first boot. * NEWS: fixlets and adjustments (Closes: #1110569) . systemd (258~rc2-1) experimental; urgency=medium . * Install usr/share/factory files and restore nsswitch.conf/pam.d/issue on factory reset * systemd-boot: register interest in systemd-boot-signed trigger (Closes: #1109984) * NEWS: fix typo (Closes: #1109979) * systemd-boot: fix registering/removing uncompressed kernels * d/t/control: prefer systemd-boot-tools if available * systemd-boot: make efibootmgr a dependency. Ensures efivars can be set up correctly * Update upstream source from tag 'upstream/258_rc2' Update to upstream version '258~rc2' with Debian dir 164978ce9ff194871416f304705979b7d540a8e2 * systemd-container: update lintian overrides for more false positives . systemd (258~rc1-1) experimental; urgency=medium . * ukify: recommend sbsigntool | pesign for signing (Closes: #1108803) * Move bootctl zsh completion file too to new package * systemd-boot-tools: change architecture to linux-any. The tool can be used for cross-building, and it's available on all architectures, not just EFI ones * systemd-boot: fix initramfs post-update hook for uncompressed kernels (Closes: #1109098) * d/watch: remove restriction to v257.x series * Update upstream source from tag 'upstream/258_rc1' Update to upstream version '258~rc1' with Debian dir 79d831e85f4a665f4ecdd61d0fbe6121b48ff7f3 * Add and remove files for 258~rc1 * Enable sd-vmspawn (Closes: #1074433) * NEWS: note cgroupv1 removal * Drop world-writable /run/lock debianism * Drop all workarounds that are obsolete after trixie * NEWS: note removal of telinit/runlevel * Update symbols file for 258~rc1 * Update Lintian overrides * Add a few more conflicts to packages providing the same files * d/copyright: update paths systemd (258~rc2-1) experimental; urgency=medium . * Install usr/share/factory files and restore nsswitch.conf/pam.d/issue on factory reset * systemd-boot: register interest in systemd-boot-signed trigger (Closes: #1109984) * NEWS: fix typo (Closes: #1109979) * systemd-boot: fix registering/removing uncompressed kernels * d/t/control: prefer systemd-boot-tools if available * systemd-boot: make efibootmgr a dependency. Ensures efivars can be set up correctly * Update upstream source from tag 'upstream/258_rc2' Update to upstream version '258~rc2' with Debian dir 164978ce9ff194871416f304705979b7d540a8e2 * systemd-container: update lintian overrides for more false positives systemd (258~rc1-1) experimental; urgency=medium . * ukify: recommend sbsigntool | pesign for signing (Closes: #1108803) * Move bootctl zsh completion file too to new package * systemd-boot-tools: change architecture to linux-any. The tool can be used for cross-building, and it's available on all architectures, not just EFI ones * systemd-boot: fix initramfs post-update hook for uncompressed kernels (Closes: #1109098) * d/watch: remove restriction to v257.x series * Update upstream source from tag 'upstream/258_rc1' Update to upstream version '258~rc1' with Debian dir 79d831e85f4a665f4ecdd61d0fbe6121b48ff7f3 * Add and remove files for 258~rc1 * Enable sd-vmspawn (Closes: #1074433) * NEWS: note cgroupv1 removal * Drop world-writable /run/lock debianism * Drop all workarounds that are obsolete after trixie * NEWS: note removal of telinit/runlevel * Update symbols file for 258~rc1 * Update Lintian overrides * Add a few more conflicts to packages providing the same files * d/copyright: update paths