X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=debian%2Fchangelog;h=eda3277f00cb950d0666b03fc1dac008a6112e6c;hb=2a852dfc9a5ea544f0ac3bb19a6aa0737b01db83;hp=4bbcd8857f1562f1f8e0b45b037f8649b69ce23c;hpb=dd5dd0520b5aa294199b21165e695053d1e0c54f;p=pkg-collectd.git

diff --git a/debian/changelog b/debian/changelog
index 4bbcd88..eda3277 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,44 @@
+collectd (5.6.0-1) UNRELEASED; urgency=medium
+
+  * New upstream release.
+
+ -- Sebastian Harl <tokkee@debian.org>  Sat, 24 Sep 2016 11:59:37 +0200
+
+collectd (5.5.2-2) unstable; urgency=low
+
+  * debian/changelog:
+    - Set urgency back to low.
+  * debian/control:
+    - Update GCrypt's package name to libgcrypt20-dev.
+  * debian/patches:
+    - Added configure_find_lc_all.patch: forcing locale in configure script
+      will hopefully fix build reproducibility on non-amd64 plafroms.
+
+ -- Marc Fournier <marc@bl.uem.li>  Wed, 21 Sep 2016 14:01:55 +0200
+
+collectd (5.5.2-1) unstable; urgency=high
+
+  * New upstream release.
+    - Fix heap overflow in the network plugin. Emilien Gaspar has identified a
+      heap overflow in parse_packet(), the function used by the network plugin
+      to parse incoming network packets. Thanks to Florian Forster for
+      reporting the bug in Debian. (Closes: #832507, CVE-2016-6254)
+    - Fix improper usage of gcry_control. A team of security researchers at
+      Columbia University and the University of Virginia discovered that
+      GCrypt's gcry_control is sometimes called without checking its return
+      value for an error. This may cause the program to be initialized without
+      the desired, secure settings. (Closes: #832577)
+  * debian/patches:
+    - bts832577-gcry-control.patch: Update for 5.5.2. Mostly part of the new
+      upstream release, except for: Don't abort() if gcrypt initialization
+      failed.
+    - Drop bts823012_librrd8.patch; merged upstream.
+  * Rebuild with linux-libc-dev >= 4.6 (now in testing and unstable) to
+    accommodate a change to rtnl_link_stats64. Thanks to Gábor Gombás for
+    reporting this (Closes: #829634).
+
+ -- Sebastian Harl <tokkee@debian.org>  Fri, 29 Jul 2016 00:02:11 +0200
+
 collectd (5.5.1-5) unstable; urgency=low
 
   * debian/control, debian/rules:
@@ -174,7 +215,7 @@ collectd (5.5.0-1) unstable; urgency=medium
 
  -- Marc Fournier <marc.fournier@camptocamp.com>  Fri, 21 Aug 2015 13:29:17 +0200
 
-collectd (5.4.1-6+deb8u1) jessie-security; urgency=medium
+collectd (5.4.1-6+deb8u1) jessie-security; urgency=high
 
   * debian/patches/CVE-2016-6254.dpatch: Fix heap overflow in the network
     plugin. Emilien Gaspar has identified a heap overflow in parse_packet(),