26 files changed, 80 insertions, 50 deletions
diff --git a/Dockerfile b/Dockerfile
index b7af5f629..35db15863 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM debian:testing
+FROM ubuntu:bionic
 COPY . /tmp
 WORKDIR /tmp
 RUN sed -i s#://deb.debian.org#://cdn-fastly.deb.debian.org# /etc/apt/sources.list \
@@ -7,5 +7,6 @@ RUN sed -i s#://deb.debian.org#://cdn-fastly.deb.debian.org# /etc/apt/sources.li
     && env DEBIAN_FRONTEND=noninteractive apt-get install build-essential ccache ninja-build expect curl git -q -y \
     && env DEBIAN_FRONTEND=noninteractive ./prepare-release travis-ci \
     && dpkg-reconfigure ccache \
+    && rm -f /etc/dpkg/dpkg.cfg.d/excludes \
     && rm -r /tmp/* \
     && apt-get clean
diff --git a/apt-pkg/init.cc b/apt-pkg/init.cc
index 5c34113e7..927a5cca0 100644
--- a/apt-pkg/init.cc
+++ b/apt-pkg/init.cc
@@ -207,7 +207,7 @@ bool pkgInitConfig(Configuration &Cnf)
 
    Cnf.CndSet("Acquire::Changelogs::URI::Origin::Debian", "http://metadata.ftp-master.debian.org/changelogs/@CHANGEPATH@_changelog");
    Cnf.CndSet("Acquire::Changelogs::URI::Origin::Tanglu", "http://metadata.tanglu.org/changelogs/@CHANGEPATH@_changelog");
-   Cnf.CndSet("Acquire::Changelogs::URI::Origin::Ubuntu", "http://changelogs.ubuntu.com/changelogs/pool/@CHANGEPATH@/changelog");
+   Cnf.CndSet("Acquire::Changelogs::URI::Origin::Ubuntu", "https://changelogs.ubuntu.com/changelogs/pool/@CHANGEPATH@/changelog");
    Cnf.CndSet("Acquire::Changelogs::URI::Origin::Ultimedia", "http://packages.ultimediaos.com/changelogs/pool/@CHANGEPATH@/changelog.txt");
    Cnf.CndSet("Acquire::Changelogs::AlwaysOnline::Origin::Ubuntu", true);
 
diff --git a/apt-pkg/pkgcache.cc b/apt-pkg/pkgcache.cc
index ea34db469..119240cea 100644
--- a/apt-pkg/pkgcache.cc
+++ b/apt-pkg/pkgcache.cc
@@ -58,7 +58,7 @@ pkgCache::Header::Header()
 
    /* Whenever the structures change the major version should be bumped,
       whenever the generator changes the minor version should be bumped. */
-   APT_HEADER_SET(MajorVersion, 12);
+   APT_HEADER_SET(MajorVersion, 13);
    APT_HEADER_SET(MinorVersion, 0);
    APT_HEADER_SET(Dirty, false);
 
diff --git a/apt-pkg/pkgsystem.cc b/apt-pkg/pkgsystem.cc
index aa94418c6..5d74e882b 100644
--- a/apt-pkg/pkgsystem.cc
+++ b/apt-pkg/pkgsystem.cc
@@ -72,7 +72,7 @@ std::vector<std::string> pkgSystem::ArchitecturesSupported() const	/*{{{*/
    return {};
 }
 									/*}}}*/
-// pkgSystem::Set/GetVersionMapping - for internal/external communcation/*{{{*/
+// pkgSystem::Set/GetVersionMapping - for internal/external communication/*{{{*/
 void pkgSystem::SetVersionMapping(map_id_t const in, map_id_t const out)
 {
    if (in == out)
diff --git a/debian/NEWS b/debian/NEWS
index a8cd8f7ad..bf4ec8066 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,4 +1,12 @@
-apt (1.6~alpha8) UNRELEASED; urgency=medium
+apt (1.6~rc1) UNRELEASED; urgency=medium
+
+  Seccomp sandboxing has been turned off by default for now. If it works
+  for you, you are encouraged to reenable it by setting APT::Sandbox::Seccomp
+  to true.
+
+ -- Julian Andres Klode <jak@debian.org>  Fri, 06 Apr 2018 14:14:29 +0200
+
+apt (1.6~beta1) unstable; urgency=medium
 
   APT now verifies that the date of Release files is not in the future. By
   default, it may be 10 seconds in the future to allow for some clock drift.
@@ -12,7 +20,7 @@ apt (1.6~alpha8) UNRELEASED; urgency=medium
   disables checks on valid-until: It is considered to mean that your
   machine's time is not reliable.
 
- -- Julian Andres Klode <juliank@ubuntu.com>  Mon, 12 Feb 2018 12:53:18 +0100
+ -- Julian Andres Klode <jak@debian.org>  Mon, 26 Feb 2018 13:14:13 +0100
 
 apt (1.6~alpha1) unstable; urgency=medium
 
diff --git a/debian/changelog b/debian/changelog
index 28382e2f0..3f0474b55 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,24 +5,15 @@ apt (1.6~beta1) unstable; urgency=medium
   * add apt-helper drop-privs command…
   * restore gcc visibility=hidden for apt-private
   * ensure correct file permissions for auxfiles
-  * allow the apt/lists/auxfiles/ directory to be missing (Closes: 887624)
-  * add apt-helper drop-privs command…
-  * restore gcc visibility=hidden for apt-private
-  * ensure correct file permissions for auxfiles
 
   [ Julian Andres Klode ]
   * indexcopy: Copy uncompressed indices from cdrom again (LP: #1746807)
   * Work around test-method-mirror failure by setting umask at start
   * Check that Date of Release file is not in the future
   * apt.conf.autoremove: Add linux-cloud-tools to list (LP: #1698159)
-  * indexcopy: Copy uncompressed indices from cdrom again (LP: #1746807)
-  * Work around test-method-mirror failure by setting umask at start
-  * Check that Date of Release file is not in the future
-  * apt.conf.autoremove: Add linux-cloud-tools to list (LP: #1698159)
 
   [ Chris Leick ]
   * German manpage translation update
-  * German manpage translation update
 
  -- Julian Andres Klode <jak@debian.org>  Mon, 26 Feb 2018 13:14:13 +0100
 
diff --git a/debian/control b/debian/control
index db1a6aebe..333150ff8 100644
--- a/debian/control
+++ b/debian/control
@@ -68,6 +68,7 @@ Description: commandline package manager
 Package: libapt-pkg5.0
 Architecture: any
 Multi-Arch: same
+Priority: optional
 Pre-Depends: ${misc:Pre-Depends}
 Depends: ${misc:Depends}, ${shlibs:Depends}
 Breaks: appstream (<< 0.9.0-3~), apt (<< 1.1~exp14), libapt-inst1.5 (<< 0.9.9~)
@@ -93,6 +94,7 @@ Description: package management runtime library
 Package: libapt-inst2.0
 Architecture: any
 Multi-Arch: same
+Priority: optional
 Pre-Depends: ${misc:Pre-Depends}
 Depends: ${misc:Depends}, ${shlibs:Depends}
 Section: libs
diff --git a/doc/apt-get.8.xml b/doc/apt-get.8.xml
index 520cfc126..3c1e90744 100644
--- a/doc/apt-get.8.xml
+++ b/doc/apt-get.8.xml
@@ -593,7 +593,7 @@
      <literal>label</literal>, <literal>codename</literal>, <literal>suite</literal>,
      <literal>version</literal> and <literal>defaultpin</literal>. See also &apt-preferences;.
 
-     Configuration Item: <literal>Acquire::AllowReleaseInfoChanges</literal>.</para></listitem>
+     Configuration Item: <literal>Acquire::AllowReleaseInfoChange</literal>.</para></listitem>
      </varlistentry>
 
      <varlistentry><term><option>--show-progress</option></term>
diff --git a/doc/apt-transport-https.1.xml b/doc/apt-transport-https.1.xml
index 1bad8578b..1327b0a16 100644
--- a/doc/apt-transport-https.1.xml
+++ b/doc/apt-transport-https.1.xml
@@ -38,7 +38,7 @@ a user but used by APT tools based on user configuration.</para>
 which, as indicated by the appended S, is wrapped in an encrypted layer known as
 Transport Layer Security (TLS) to provide end-to-end encryption.
 A sufficiently capable attacker can still observe the communication partners
-and deeper analyse of the encrypted communcation might still reveal important details.
+and deeper analyse of the encrypted communication might still reveal important details.
 An overview over available alternative transport methods is given in &sources-list;.</para>
 </refsect1>
 
diff --git a/doc/apt-verbatim.ent b/doc/apt-verbatim.ent
index d7817cb79..a8aa0bf5e 100644
--- a/doc/apt-verbatim.ent
+++ b/doc/apt-verbatim.ent
@@ -93,6 +93,12 @@
   </citerefentry>"
 >
 
+<!ENTITY apt-transport-mirror "<citerefentry>
+    <refentrytitle><command>apt-transport-mirror</command></refentrytitle>
+    <manvolnum>1</manvolnum>
+  </citerefentry>"
+>
+
 <!ENTITY sources-list "<citerefentry>
     <refentrytitle><filename>sources.list</filename></refentrytitle>
     <manvolnum>5</manvolnum>
diff --git a/doc/po/apt-doc.pot b/doc/po/apt-doc.pot
index 036766a8c..2a9af09f4 100644
--- a/doc/po/apt-doc.pot
+++ b/doc/po/apt-doc.pot
@@ -1438,7 +1438,7 @@ msgid ""
 "<literal>codename</literal>, <literal>suite</literal>, "
 "<literal>version</literal> and <literal>defaultpin</literal>. See also "
 "&apt-preferences;.  Configuration Item: "
-"<literal>Acquire::AllowReleaseInfoChanges</literal>."
+"<literal>Acquire::AllowReleaseInfoChange</literal>."
 msgstr ""
 
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
@@ -7235,7 +7235,7 @@ msgid ""
 "&apt-transport-http;), which, as indicated by the appended S, is wrapped in "
 "an encrypted layer known as Transport Layer Security (TLS) to provide "
 "end-to-end encryption.  A sufficiently capable attacker can still observe "
-"the communication partners and deeper analyse of the encrypted communcation "
+"the communication partners and deeper analyse of the encrypted communication "
 "might still reveal important details.  An overview over available "
 "alternative transport methods is given in &sources-list;."
 msgstr ""
diff --git a/doc/po/de.po b/doc/po/de.po
index 35e1a6de1..ce9664693 100644
--- a/doc/po/de.po
+++ b/doc/po/de.po
@@ -2010,7 +2010,7 @@ msgid ""
 "certain fields like <literal>origin</literal>, <literal>label</literal>, "
 "<literal>codename</literal>, <literal>suite</literal>, <literal>version</"
 "literal> and <literal>defaultpin</literal>. See also &apt-preferences;.  "
-"Configuration Item: <literal>Acquire::AllowReleaseInfoChanges</literal>."
+"Configuration Item: <literal>Acquire::AllowReleaseInfoChange</literal>."
 msgstr ""
 "Es existieren Spezialoptionen (<literal>--allow-releaseinfo-change-</"
 "literal><replaceable>Feld</replaceable>), um Änderungen nur für bestimmte "
@@ -2018,7 +2018,7 @@ msgstr ""
 "<literal>codename</literal>, <literal>suite</literal>, <literal>version</"
 "literal> und <literal>defaultpin</literal> zu erlauben. Siehe auch &apt-"
 "preferences;. Konfigurationselement: <literal>Acquire::"
-"AllowReleaseInfoChanges</literal>."
+"AllowReleaseInfoChange</literal>."
 
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
 #: apt-get.8.xml
@@ -10349,7 +10349,7 @@ msgid ""
 "http;), which, as indicated by the appended S, is wrapped in an encrypted "
 "layer known as Transport Layer Security (TLS) to provide end-to-end "
 "encryption.  A sufficiently capable attacker can still observe the "
-"communication partners and deeper analyse of the encrypted communcation "
+"communication partners and deeper analyse of the encrypted communication "
 "might still reveal important details.  An overview over available "
 "alternative transport methods is given in &sources-list;."
 msgstr ""
diff --git a/doc/po/es.po b/doc/po/es.po
index 663ffa86e..73028c8cf 100644
--- a/doc/po/es.po
+++ b/doc/po/es.po
@@ -1415,7 +1415,7 @@ msgstr ""
 #| "directory is defined in the <literal>APT::Changelogs::Server</literal> "
 #| "variable (e.g. <ulink url=\"http://packages.debian.org/changelogs"
 #| "\">packages.debian.org/changelogs</ulink> for Debian or <ulink url="
-#| "\"http://changelogs.ubuntu.com/changelogs\">changelogs.ubuntu.com/"
+#| "\"https://changelogs.ubuntu.com/changelogs\">changelogs.ubuntu.com/"
 #| "changelogs</ulink> for Ubuntu).  By default it displays the changelog for "
 #| "the version that is installed.  However, you can specify the same options "
 #| "as for the <option>install</option> command."
@@ -1430,7 +1430,7 @@ msgstr ""
 "pager</command>. El nombre de servidor y el directorio base se define con la "
 "variable <literal>APT::Changelogs::Server</literal> (por ejemplo, <ulink url="
 "\"http://packages.debian.org/changelogs\">packages.debian.org/changelogs</"
-"ulink> para Debian o <ulink url=\"http://changelogs.ubuntu.com/changelogs"
+"ulink> para Debian o <ulink url=\"https://changelogs.ubuntu.com/changelogs"
 "\">changelogs.ubuntu.com/changelogs</ulink>  para Ubuntu). Por omisión, "
 "muestra el fichero de registro de cambios de la versión instalada. Por otra "
 "parte, puede definir las mismas opciones que con la orden <option>install</"
@@ -2075,7 +2075,7 @@ msgid ""
 "certain fields like <literal>origin</literal>, <literal>label</literal>, "
 "<literal>codename</literal>, <literal>suite</literal>, <literal>version</"
 "literal> and <literal>defaultpin</literal>. See also &apt-preferences;.  "
-"Configuration Item: <literal>Acquire::AllowReleaseInfoChanges</literal>."
+"Configuration Item: <literal>Acquire::AllowReleaseInfoChange</literal>."
 msgstr ""
 
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
@@ -10082,7 +10082,7 @@ msgid ""
 "http;), which, as indicated by the appended S, is wrapped in an encrypted "
 "layer known as Transport Layer Security (TLS) to provide end-to-end "
 "encryption.  A sufficiently capable attacker can still observe the "
-"communication partners and deeper analyse of the encrypted communcation "
+"communication partners and deeper analyse of the encrypted communication "
 "might still reveal important details.  An overview over available "
 "alternative transport methods is given in &sources-list;."
 msgstr ""
diff --git a/doc/po/fr.po b/doc/po/fr.po
index b7703c807..867391b53 100644
--- a/doc/po/fr.po
+++ b/doc/po/fr.po
@@ -2006,7 +2006,7 @@ msgid ""
 "certain fields like <literal>origin</literal>, <literal>label</literal>, "
 "<literal>codename</literal>, <literal>suite</literal>, <literal>version</"
 "literal> and <literal>defaultpin</literal>. See also &apt-preferences;.  "
-"Configuration Item: <literal>Acquire::AllowReleaseInfoChanges</literal>."
+"Configuration Item: <literal>Acquire::AllowReleaseInfoChange</literal>."
 msgstr ""
 
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
@@ -10254,7 +10254,7 @@ msgid ""
 "http;), which, as indicated by the appended S, is wrapped in an encrypted "
 "layer known as Transport Layer Security (TLS) to provide end-to-end "
 "encryption.  A sufficiently capable attacker can still observe the "
-"communication partners and deeper analyse of the encrypted communcation "
+"communication partners and deeper analyse of the encrypted communication "
 "might still reveal important details.  An overview over available "
 "alternative transport methods is given in &sources-list;."
 msgstr ""
diff --git a/doc/po/it.po b/doc/po/it.po
index 42c9ab3f4..3ba6c6756 100644
--- a/doc/po/it.po
+++ b/doc/po/it.po
@@ -2044,7 +2044,7 @@ msgid ""
 "certain fields like <literal>origin</literal>, <literal>label</literal>, "
 "<literal>codename</literal>, <literal>suite</literal>, <literal>version</"
 "literal> and <literal>defaultpin</literal>. See also &apt-preferences;.  "
-"Configuration Item: <literal>Acquire::AllowReleaseInfoChanges</literal>."
+"Configuration Item: <literal>Acquire::AllowReleaseInfoChange</literal>."
 msgstr ""
 
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
@@ -10239,7 +10239,7 @@ msgid ""
 "http;), which, as indicated by the appended S, is wrapped in an encrypted "
 "layer known as Transport Layer Security (TLS) to provide end-to-end "
 "encryption.  A sufficiently capable attacker can still observe the "
-"communication partners and deeper analyse of the encrypted communcation "
+"communication partners and deeper analyse of the encrypted communication "
 "might still reveal important details.  An overview over available "
 "alternative transport methods is given in &sources-list;."
 msgstr ""
diff --git a/doc/po/ja.po b/doc/po/ja.po
index 3666e8677..70ab3f40d 100644
--- a/doc/po/ja.po
+++ b/doc/po/ja.po
@@ -1979,7 +1979,7 @@ msgid ""
 "certain fields like <literal>origin</literal>, <literal>label</literal>, "
 "<literal>codename</literal>, <literal>suite</literal>, <literal>version</"
 "literal> and <literal>defaultpin</literal>. See also &apt-preferences;.  "
-"Configuration Item: <literal>Acquire::AllowReleaseInfoChanges</literal>."
+"Configuration Item: <literal>Acquire::AllowReleaseInfoChange</literal>."
 msgstr ""
 
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
@@ -9852,7 +9852,7 @@ msgid ""
 "http;), which, as indicated by the appended S, is wrapped in an encrypted "
 "layer known as Transport Layer Security (TLS) to provide end-to-end "
 "encryption.  A sufficiently capable attacker can still observe the "
-"communication partners and deeper analyse of the encrypted communcation "
+"communication partners and deeper analyse of the encrypted communication "
 "might still reveal important details.  An overview over available "
 "alternative transport methods is given in &sources-list;."
 msgstr ""
diff --git a/doc/po/nl.po b/doc/po/nl.po
index 4e869a3d5..cd27f3446 100644
--- a/doc/po/nl.po
+++ b/doc/po/nl.po
@@ -2077,14 +2077,14 @@ msgid ""
 "certain fields like <literal>origin</literal>, <literal>label</literal>, "
 "<literal>codename</literal>, <literal>suite</literal>, <literal>version</"
 "literal> and <literal>defaultpin</literal>. See also &apt-preferences;.  "
-"Configuration Item: <literal>Acquire::AllowReleaseInfoChanges</literal>."
+"Configuration Item: <literal>Acquire::AllowReleaseInfoChange</literal>."
 msgstr ""
 "Er bestaan specialistische opties (<literal>--allow-releaseinfo-change-</"
 "literal><replaceable>veld</replaceable>) om enkel veranderingen toe te staan "
 "voor bepaalde velden, zoals <literal>origin</literal>, <literal>label</"
 "literal>, <literal>codename</literal>, <literal>suite</literal>, "
 "<literal>version</literal> en <literal>defaultpin</literal>. Zie ook &apt-"
-"preferences;. Configuratie-item: <literal>Acquire::AllowReleaseInfoChanges</"
+"preferences;. Configuratie-item: <literal>Acquire::AllowReleaseInfoChange</"
 "literal>."
 
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
@@ -10475,7 +10475,7 @@ msgid ""
 "http;), which, as indicated by the appended S, is wrapped in an encrypted "
 "layer known as Transport Layer Security (TLS) to provide end-to-end "
 "encryption.  A sufficiently capable attacker can still observe the "
-"communication partners and deeper analyse of the encrypted communcation "
+"communication partners and deeper analyse of the encrypted communication "
 "might still reveal important details.  An overview over available "
 "alternative transport methods is given in &sources-list;."
 msgstr ""
diff --git a/doc/po/pl.po b/doc/po/pl.po
index fd89d98ea..2f111b3e2 100644
--- a/doc/po/pl.po
+++ b/doc/po/pl.po
@@ -1398,7 +1398,7 @@ msgstr ""
 #| "directory is defined in the <literal>APT::Changelogs::Server</literal> "
 #| "variable (e.g. <ulink url=\"http://packages.debian.org/changelogs"
 #| "\">packages.debian.org/changelogs</ulink> for Debian or <ulink url="
-#| "\"http://changelogs.ubuntu.com/changelogs\">changelogs.ubuntu.com/"
+#| "\"https://changelogs.ubuntu.com/changelogs\">changelogs.ubuntu.com/"
 #| "changelogs</ulink> for Ubuntu).  By default it displays the changelog for "
 #| "the version that is installed.  However, you can specify the same options "
 #| "as for the <option>install</option> command."
@@ -2084,7 +2084,7 @@ msgid ""
 "certain fields like <literal>origin</literal>, <literal>label</literal>, "
 "<literal>codename</literal>, <literal>suite</literal>, <literal>version</"
 "literal> and <literal>defaultpin</literal>. See also &apt-preferences;.  "
-"Configuration Item: <literal>Acquire::AllowReleaseInfoChanges</literal>."
+"Configuration Item: <literal>Acquire::AllowReleaseInfoChange</literal>."
 msgstr ""
 
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
@@ -9239,7 +9239,7 @@ msgid ""
 "http;), which, as indicated by the appended S, is wrapped in an encrypted "
 "layer known as Transport Layer Security (TLS) to provide end-to-end "
 "encryption.  A sufficiently capable attacker can still observe the "
-"communication partners and deeper analyse of the encrypted communcation "
+"communication partners and deeper analyse of the encrypted communication "
 "might still reveal important details.  An overview over available "
 "alternative transport methods is given in &sources-list;."
 msgstr ""
diff --git a/doc/po/pt.po b/doc/po/pt.po
index 058350339..af4c0b6f9 100644
--- a/doc/po/pt.po
+++ b/doc/po/pt.po
@@ -1393,7 +1393,7 @@ msgstr ""
 #| "directory is defined in the <literal>APT::Changelogs::Server</literal> "
 #| "variable (e.g. <ulink url=\"http://packages.debian.org/changelogs"
 #| "\">packages.debian.org/changelogs</ulink> for Debian or <ulink url="
-#| "\"http://changelogs.ubuntu.com/changelogs\">changelogs.ubuntu.com/"
+#| "\"https://changelogs.ubuntu.com/changelogs\">changelogs.ubuntu.com/"
 #| "changelogs</ulink> for Ubuntu).  By default it displays the changelog for "
 #| "the version that is installed.  However, you can specify the same options "
 #| "as for the <option>install</option> command."
@@ -2018,7 +2018,7 @@ msgid ""
 "certain fields like <literal>origin</literal>, <literal>label</literal>, "
 "<literal>codename</literal>, <literal>suite</literal>, <literal>version</"
 "literal> and <literal>defaultpin</literal>. See also &apt-preferences;.  "
-"Configuration Item: <literal>Acquire::AllowReleaseInfoChanges</literal>."
+"Configuration Item: <literal>Acquire::AllowReleaseInfoChange</literal>."
 msgstr ""
 
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
@@ -10018,7 +10018,7 @@ msgid ""
 "http;), which, as indicated by the appended S, is wrapped in an encrypted "
 "layer known as Transport Layer Security (TLS) to provide end-to-end "
 "encryption.  A sufficiently capable attacker can still observe the "
-"communication partners and deeper analyse of the encrypted communcation "
+"communication partners and deeper analyse of the encrypted communication "
 "might still reveal important details.  An overview over available "
 "alternative transport methods is given in &sources-list;."
 msgstr ""
diff --git a/doc/po/pt_BR.po b/doc/po/pt_BR.po
index 56bab5079..3401ed857 100644
--- a/doc/po/pt_BR.po
+++ b/doc/po/pt_BR.po
@@ -1410,7 +1410,7 @@ msgid ""
 "certain fields like <literal>origin</literal>, <literal>label</literal>, "
 "<literal>codename</literal>, <literal>suite</literal>, <literal>version</"
 "literal> and <literal>defaultpin</literal>. See also &apt-preferences;.  "
-"Configuration Item: <literal>Acquire::AllowReleaseInfoChanges</literal>."
+"Configuration Item: <literal>Acquire::AllowReleaseInfoChange</literal>."
 msgstr ""
 
 #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
@@ -7560,7 +7560,7 @@ msgid ""
 "http;), which, as indicated by the appended S, is wrapped in an encrypted "
 "layer known as Transport Layer Security (TLS) to provide end-to-end "
 "encryption.  A sufficiently capable attacker can still observe the "
-"communication partners and deeper analyse of the encrypted communcation "
+"communication partners and deeper analyse of the encrypted communication "
 "might still reveal important details.  An overview over available "
 "alternative transport methods is given in &sources-list;."
 msgstr ""
diff --git a/doc/sources.list.5.xml b/doc/sources.list.5.xml
index 75b5d94b9..e55c5b31e 100644
--- a/doc/sources.list.5.xml
+++ b/doc/sources.list.5.xml
@@ -409,6 +409,17 @@ deb-src [ option1=value1 option2=value2 ] uri suite [component1] [component2] [.
     alternative.</para></listitem>
     </varlistentry>
 
+    <varlistentry><term><command>mirror</command>, <command>mirror+<replaceable>scheme</replaceable></command> (&apt-transport-mirror;)</term>
+    <listitem><para>
+    The mirror scheme specifies the location of a mirrorlist. By default the
+    scheme used for the location is <literal>http</literal>, but any other
+    scheme can be used via <command>mirror+<replaceable>scheme</replaceable></command>.
+    The mirrorlist itself can contain many different URIs for mirrors the APT client
+    can transparently pick, choose and fallback between intended to help both
+    with distributing the load over the available mirrors and ensuring that
+    clients can acquire data even if some configured mirrors are not available.
+    </para></listitem>
+    </varlistentry>
 
     <varlistentry><term><command>file</command></term>
     <listitem><para>
diff --git a/methods/aptmethod.h b/methods/aptmethod.h
index 331411571..cb5a30e21 100644
--- a/methods/aptmethod.h
+++ b/methods/aptmethod.h
@@ -106,7 +106,7 @@ protected:
       if (SeccompFlags == 0)
 	 return true;
 
-      if (_config->FindB("APT::Sandbox::Seccomp", true) == false)
+      if (_config->FindB("APT::Sandbox::Seccomp", false) == false)
 	 return true;
 
       if (RunningInQemu() == true)
@@ -227,6 +227,7 @@ protected:
       ALLOW(rename);
       ALLOW(renameat);
       ALLOW(renameat2);
+      ALLOW(restart_syscall);
       ALLOW(rt_sigaction);
       ALLOW(rt_sigpending);
       ALLOW(rt_sigprocmask);
diff --git a/prepare-release b/prepare-release
index e9e9362da..a37962cd7 100755
--- a/prepare-release
+++ b/prepare-release
@@ -105,6 +105,12 @@ elif [ "$1" = 'pre-build' ]; then
 			echo "You probably want to run »./prepare-release pre-export« to fix this."
 			exit 1
 		fi
+		NEWSDISTRIBUTION=$(dpkg-parsechangelog -l debian/NEWS | sed -n -e '/^Distribution:/s/^Distribution: //p')
+		if [ "$NEWSDISTRIBUTION" = 'UNRELEASED' ]; then
+			 echo "changelog (${VERSION}) has a distribution (${DISTRIBUTION}) set, while the NEWS file hasn't!"
+			echo "You probably want to edit »debian/NEWS« to fix this."
+			exit 1
+		fi
 	fi
 elif [ "$1" = 'post-build' ]; then
 	if [ "$DISTRIBUTION" != "UNRELEASED" ]; then
diff --git a/shippable.yml b/shippable.yml
index 54a707cdd..5aafda9cf 100644
--- a/shippable.yml
+++ b/shippable.yml
@@ -2,8 +2,8 @@ language: none
 
 build:
   pre_ci_boot:
-    image_name: debian
-    image_tag: stretch
+    image_name: ubuntu
+    image_tag: bionic
     pull: true
   ci:
     - apt-get install -qq build-essential expect
@@ -11,5 +11,6 @@ build:
     - mkdir build
     - ( cd build && cmake -DWITH_CURL=OFF .. )
     - make -C build -j 4
+    - rm -f /etc/dpkg/dpkg.cfg.d/excludes
     - CTEST_OUTPUT_ON_FAILURE=1 make -C build test
     - unbuffer ./test/integration/run-tests -q -j 4
diff --git a/test/integration/framework b/test/integration/framework
index 739098320..38a084302 100644
--- a/test/integration/framework
+++ b/test/integration/framework
@@ -479,6 +479,9 @@ EOF
 	unset GREP_OPTIONS DEB_BUILD_PROFILES
 	unset http_proxy HTTP_PROXY https_proxy HTTPS_PROXY no_proxy
 
+	# Make gcov shut up
+	export GCOV_ERROR_FILE=/dev/null
+
 	# If gpgv supports --weak-digest, pass it to make sure we can disable SHA1
 	if aptkey verify --weak-digest SHA1 --help 2>/dev/null >/dev/null; then
 		echo 'Acquire::gpgv::Options { "--weak-digest"; "sha1"; };' > rootdir/etc/apt/apt.conf.d/no-sha1
diff --git a/test/integration/test-apt-get-changelog b/test/integration/test-apt-get-changelog
index ee7b3ef97..2a632d6db 100755
--- a/test/integration/test-apt-get-changelog
+++ b/test/integration/test-apt-get-changelog
@@ -27,12 +27,12 @@ releasechanger() {
 	rm -f rootdir/var/cache/apt/*.bin
 }
 releasechanger 'Origin' 'Ubuntu'
-testsuccessequal "'http://changelogs.ubuntu.com/changelogs/pool/main/f/foo/foo_1.0/changelog' foo.changelog
-'http://changelogs.ubuntu.com/changelogs/pool/main/libb/libbar/libbar_1.0/changelog' libbar.changelog" aptget changelog foo libbar --print-uris
+testsuccessequal "'https://changelogs.ubuntu.com/changelogs/pool/main/f/foo/foo_1.0/changelog' foo.changelog
+'https://changelogs.ubuntu.com/changelogs/pool/main/libb/libbar/libbar_1.0/changelog' libbar.changelog" aptget changelog foo libbar --print-uris
 
 releasechanger 'Label' 'Debian'
-testsuccessequal "'http://changelogs.ubuntu.com/changelogs/pool/main/f/foo/foo_1.0/changelog' foo.changelog
-'http://changelogs.ubuntu.com/changelogs/pool/main/libb/libbar/libbar_1.0/changelog' libbar.changelog" aptget changelog foo libbar --print-uris
+testsuccessequal "'https://changelogs.ubuntu.com/changelogs/pool/main/f/foo/foo_1.0/changelog' foo.changelog
+'https://changelogs.ubuntu.com/changelogs/pool/main/libb/libbar/libbar_1.0/changelog' libbar.changelog" aptget changelog foo libbar --print-uris
 
 testsuccessequal "'http://localhost:${APTHTTPPORT}/main/f/foo/foo_1.0.changelog' foo.changelog
 'http://localhost:${APTHTTPPORT}/main/libb/libbar/libbar_1.0.changelog' libbar.changelog" aptget changelog foo libbar --print-uris -o Acquire::Changelogs::URI::Label::Debian="http://localhost:${APTHTTPPORT}/@CHANGEPATH@.changelog"