Change log for cpio package in Debian
| 1 → 46 of 46 results | First • Previous • Next • Last |
| Published in sid-release |
cpio (2.15+dfsg-1) unstable; urgency=medium
* New upstream release
Noteworthy changes in this release:
- Fix operation of --no-absolute-filenames --make-directories
- Restore access and modification times of symlinks in copy-in
and copy-pass modes.
* Update debian/watch
* Move files to /usr
Patch by Helmut Grohne <email address hidden>
Closes: #1059756
-- Anibal Monsalve Salazar <email address hidden> Mon, 15 Jan 2024 20:38:45 +1100
Available diffs
- diff from 2.14+dfsg-1 to 2.15+dfsg-1 (412.9 KiB)
| Superseded in sid-release |
cpio (2.14+dfsg-1) unstable; urgency=medium
* New upstream release
Closes: #1049402
Noteworthy changes in this release:
- New option --ignore-dirnlink
Valid in copy-out mode, it instructs cpio to ignore the actual number
of links reported for each directory member and always store 2
instead.
- Changes in --reproducible option
The --reproducible option implies --ignore-dirlink. In other words,
it is equivalent to --ignore-devno --ignore-dirnlink --renumber-inodes.
- Use GNU ls algorithm for deciding timestamp format in -tv mode
- Bugfixes
- Fix cpio header verification.
- Fix handling of device numbers on copy out.
- Fix calculation of CRC in copy-out mode.
- Rewrite the fix for CVE-2015-1197.
- Fix combination of --create --append --directory.
- Fix appending to archives bigger than 2G.
* Update uploaders list
Closes: #925021
* Standards-Version: 4.6.2
* Fix Path traversal vulnerability due to partial revert of fix for CVE-2015-1197
Closes: #1059163
* cpio-win32 is no longer needed
Closes: #1059238
-- Anibal Monsalve Salazar <email address hidden> Fri, 22 Dec 2023 16:38:54 +1100
Available diffs
- diff from 2.13+dfsg-7.1 to 2.14+dfsg-1 (1.5 MiB)
| Published in bullseye-release |
cpio (2.13+dfsg-7.1~deb11u1) bullseye; urgency=medium * Non-maintainer upload. * Rebuild for bullseye. -- Adrian Bunk <email address hidden> Sat, 30 Sep 2023 15:18:55 +0300
cpio (2.13+dfsg-7.1) unstable; urgency=medium * Non-maintainer upload. * Suggest libarchive-dev (Closes: #662718). * d/copyright: Convert to machine-readable format. * Fix CRC with new ASCII format when file > 2GB (Closes: #962188). -- Bastian Germann <email address hidden> Wed, 14 Sep 2022 21:45:55 +0200
Available diffs
- diff from 2.13+dfsg-7 to 2.13+dfsg-7.1 (2.0 KiB)
| Superseded in sid-release |
cpio (2.13+dfsg-7) unstable; urgency=medium [ Salvatore Bonaccorso ] * Fix dynamic string reallocations (Closes: #992192) -- Anibal Monsalve Salazar <email address hidden> Sun, 22 Aug 2021 15:21:53 +1000
Available diffs
| Superseded in sid-release |
cpio (2.13+dfsg-6) unstable; urgency=high
* Fix regression of original fix for CVE-2021-38185
Add patch 992098-regression-of-orig-fix-for-CVE-2021-38185
Closes: #992098
-- Anibal Monsalve Salazar <email address hidden> Fri, 13 Aug 2021 13:06:27 +1000
| Superseded in sid-release |
cpio (2.13+dfsg-5) unstable; urgency=medium
* Fix CVE-2021-38185
Add patch 992045-CVE-2021-38185-rewrite-dynamic-string-support
Closes: #992045
-- Anibal Monsalve Salazar <email address hidden> Wed, 11 Aug 2021 01:18:33 +1000
cpio (2.13+dfsg-4) unstable; urgency=medium
* Source only upload to enable migration.
Closes: #969660
-- Anibal Monsalve Salazar <email address hidden> Thu, 17 Sep 2020 21:16:18 +1000
Available diffs
- diff from 2.13+dfsg-3 to 2.13+dfsg-4 (345 bytes)
| Superseded in sid-release |
cpio (2.13+dfsg-3) unstable; urgency=medium
* Fix FTBFS multiple definition of 'program_name'
src/global.c: Remove superfluous declaration of program_name
Add patch 963304-remove-superfluous-declaration-of-program_name
Closes: #963304
-- Anibal Monsalve Salazar <email address hidden> Tue, 07 Jul 2020 23:12:56 -0500
Available diffs
- diff from 2.13+dfsg-2 to 2.13+dfsg-3 (912 bytes)
| Superseded in sid-release |
cpio (2.13+dfsg-2) unstable; urgency=medium
* Fix a regression in handling of CVE-2015-1197 & --no-absolute-filenames by
reverting part of an upstream commit. (Closes: #946267, #946469)
* Add Vcs-Git and Vcs-Browser pointing to my personal Salsa repository (in
lieu of anything at all).
* Bump Standards-Version to 4.5.0.
-- Chris Lamb <email address hidden> Sat, 01 Feb 2020 14:11:00 +0100
Available diffs
- diff from 2.13+dfsg-1 to 2.13+dfsg-2 (1.5 KiB)
| Superseded in sid-release |
cpio (2.13+dfsg-1) unstable; urgency=medium
* New upstream release.
* Autoreconf using version 1.16.1 and update autoreconf.patch.
* Update patches:
- Drop patch for CVE-2016-2037; applied upstream.
- Drop CVE-2015-1197.patch; now addressed upstream.
- Modify doc/Makefile.am (vs. doc/Makefile.in) prior to autoreconfing vs.
the generated doc/Makefile.in.
- Refresh whitespace, etc. in patches via pq import/export.
* debian/control:
- Bump Standards-Version to 4.4.1
- Drop misleading Vcs-{Git,Browser}.
- Use HTTPS Homepage URI.
- Specify Rules-Requires-Root: binary-targets.
-- Chris Lamb <email address hidden> Wed, 20 Nov 2019 13:33:36 -0500
Available diffs
cpio (2.12+dfsg-9) unstable; urgency=medium
* Reinstate the call to update-alternatives(1) that I didnt see in the prerm
script. Thanks again to Ivo De Decker. (Closes: #926698)
-- Chris Lamb <email address hidden> Tue, 23 Apr 2019 16:29:37 +0100
Available diffs
- diff from 2.12+dfsg-6 to 2.12+dfsg-9 (615 bytes)
- diff from 2.12+dfsg-8 to 2.12+dfsg-9 (645 bytes)
| Superseded in sid-release |
cpio (2.12+dfsg-8) unstable; urgency=medium
* Drop symlink removal - it's been gone since 2001 anyway. Thanks, Ivo De
Decker. (Closes: #926698)
-- Chris Lamb <email address hidden> Tue, 23 Apr 2019 13:15:20 +0100
cpio (2.12+dfsg-6) unstable; urgency=medium
* Upload to unstable.
- Update debian/gbp.conf.
* Remove empty directories under usr/share/man.
* debian/control: "Priority: extra" has been replaced with "Priority:
optional".
-- Chris Lamb <email address hidden> Sat, 02 Dec 2017 09:27:39 +0000
Available diffs
- diff from 2.11+dfsg-6 to 2.12+dfsg-6 (1.3 MiB)
| Deleted in experimental-release (Reason: None provided.) |
cpio (2.12+dfsg-5) experimental; urgency=medium
* debian/rules:
- Don't set dpkg-architecture variables with "=".
- Don't parse the output of dpkg-parsechangelog.
* Bump Standards-Version to 4.1.1.
* Use HTTPS URI in debian/watch.
* Drop whitespace from end of changelog.
-- Chris Lamb <email address hidden> Tue, 28 Nov 2017 19:45:14 +0900
| Superseded in experimental-release |
cpio (2.12+dfsg-4) experimental; urgency=medium * Add missing autoconf to Build-Depends (Closes: #855572) -- Chris Lamb <email address hidden> Fri, 10 Mar 2017 10:57:56 +0000
| Superseded in experimental-release |
cpio (2.12+dfsg-3) experimental; urgency=medium * Remove rmt.8.gz. (Closes: #854584) -- Chris Lamb <email address hidden> Sat, 11 Feb 2017 22:55:11 +1300
| Superseded in experimental-release |
cpio (2.12+dfsg-2) experimental; urgency=medium * Add missing autoconf to Build-Depends. -- Chris Lamb <email address hidden> Tue, 03 Jan 2017 10:32:27 +0000
| Superseded in experimental-release |
cpio (2.12+dfsg-1) experimental; urgency=medium
* Add myself to Uploaders.
* Add debian/gbp.conf.
* New upstream release. (Closes: #804063)
- Refresh patches.
* Add autoreconf.patch for automake-1.15.
* Add fix.win32-compat.patch.
* Pass --enable-mt to ./configure instead setting CPIO_MT_PROG=mt environment
variable.
-- Chris Lamb <email address hidden> Sun, 01 Jan 2017 11:17:41 +0000
cpio (2.11+dfsg-6) unstable; urgency=medium
* Man page for "mt" describes how to "fast erase"
Patch by Kees Cook
Add fix.mt-erase.manpage.patch
Closes: #770198
* Backport "New options to create device and inode-independent
archives." from cpio 2.12
Patch by Chris Lamb
Add reproducible.patch
See #804063
* Standards-Version: 3.9.8
* Refresh patches
-- Anibal Monsalve Salazar <email address hidden> Tue, 29 Nov 2016 12:31:53 +0000
Available diffs
| Published in wheezy-release |
cpio (2.11+dfsg-0.1+deb7u2) wheezy-security; urgency=high * Non-maintainer upload by the Security Team. * CVE-2016-2037: 1-byte out-of-bounds write (Closes: #812401) -- Salvatore Bonaccorso <email address hidden> Sun, 14 Feb 2016 13:51:33 +0100
| Published in jessie-release |
cpio (2.11+dfsg-4.1+deb8u1) jessie-security; urgency=high * Non-maintainer upload by the Security Team. * CVE-2016-2037: 1-byte out-of-bounds write (Closes: #812401) -- Salvatore Bonaccorso <email address hidden> Sun, 14 Feb 2016 13:42:19 +0100
cpio (2.11+dfsg-5) unstable; urgency=medium
[ Salvatore Bonaccorso ]
* CVE-2016-2037: 1-byte out-of-bounds write (Closes: #812401)
[ Jérémy Bobbio ]
* Make the package build reproducibly:
- Fix mtimes before building binary packages.
- Stop recording the current time when creating gzip files.
- Sort file list in md5sums.
Closes: #774426
[ Anibal Monsalve Salazar ]
* Standards-Version: 3.9.6
-- Anibal Monsalve Salazar <email address hidden> Sun, 14 Feb 2016 12:01:51 +0000
cpio (2.11+dfsg-4.1) unstable; urgency=medium
* Apply patch by Vitezslav Cizek of SuSE to fix CVE-2015-1197.
Upstream is dormant or no longer existing. To restore the old
behaviour use --extract-over-symlinks (Closes: #774669)
This issue has been discovered by Alexander Cherepanov.
-- Moritz Muehlenhoff <email address hidden> Thu, 05 Mar 2015 11:44:25 +0100
| Superseded in wheezy-release |
cpio (2.11+dfsg-0.1+deb7u1) stable-security; urgency=high
* Non-maintainer upload by the Security Team.
* Fix CVE-2014-9112: out of bounds write, insufficient range checking, and
null pointer dereference issues (closes: #772793).
-- Michael Gilbert <email address hidden> Mon, 22 Dec 2014 22:13:01 +0000
cpio (2.11+dfsg-4) unstable; urgency=high
[ Michael Gilbert <email address hidden> ]
* Fix CVE-2014-9112: null pointer dereference issues.
Add the following upstream patches:
fd262d11.patch
f6a8a2cb.patch
Closes: #772793.
-- Anibal Monsalve Salazar <email address hidden> Mon, 22 Dec 2014 11:42:11 +0000
| Superseded in sid-release |
cpio (2.11+dfsg-2.1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Fix CVE-2014-9112: out of bounds write, insufficient range checking, and
null pointer dereference issues (closes: #772793).
-- Michael Gilbert <email address hidden> Sun, 21 Dec 2014 21:09:44 +0000
| Deleted in experimental-release (Reason: None provided.) |
cpio (2.11+dfsg-3) experimental; urgency=medium
* Use default compression source options
* Fix CVE-2014-9112.
Add the following upstream patches:
746f3ff6.patch
54d1c42a.patch
58df4f1b.patch
Closes: #772793.
-- Anibal Monsalve Salazar <email address hidden> Fri, 12 Dec 2014 10:41:11 +0000
cpio (2.11+dfsg-2) unstable; urgency=medium
[ Stephen Kitt ]
* Build using mingw-w64 instead of mingw32. Closes: #623402.
* Clean up autom4te.cache and config.guess/config.sub to allow building
twice in a row.
[ Anibal Monsalve Salazar ]
* Standards Version is 3.9.5
* Commented out Vcs-Git and Vcs-Browser in debian/control
-- Anibal Monsalve Salazar <email address hidden> Thu, 27 Mar 2014 01:49:54 +0000
cpio (2.11+dfsg-1) unstable; urgency=low
* Standards Version is 3.9.4
* Remove reference to texinfo documntation in cpio man page
Update debian/patches/695717-no-cpio.info.patch
Closes: #695717
* Build depends on autotools-dev
Autoconf update for arm64 building
Drop debian/patches/autoconfupdate.patch
Closes: #689612
* Update debian/watch
-- Anibal Monsalve Salazar <email address hidden> Sat, 01 Jun 2013 08:54:41 +1000
cpio (2.11+dfsg-0.2) unstable; urgency=low
* Non-maintainer upload.
* Make cpio build with glibc 2.16 and newer, closes: 701389
* Make cpio multiarch ready before the bug gets one year old: closes: #678385
* remove dependency on install-info/dpkg since info file was dropped in
#695717
* Update config.guess and config.sub for aarch64 bootstrapping
-- Riku Voipio <email address hidden> Thu, 23 May 2013 09:46:11 +0300
cpio (2.11+dfsg-0.1) unstable; urgency=low
* Non-maintainer upload.
* Remove non DFSG-compliant doc/cpio.info and doc/cpio.texi from source.
Closes: #695717
* Do not build nor ship cpio.info because of the above.
-- David Prévot <email address hidden> Sat, 29 Dec 2012 22:02:30 -0400
| Superseded in jessie-release |
| Superseded in wheezy-release |
| Superseded in sid-release |
| Superseded in wheezy-release |
| Superseded in sid-release |
cpio (2.11-8) unstable; urgency=low
* Enable hardened build flags
Patch by Moritz Muehlenhoff
Closes: #654522
* Cross-building issues
- Fix invalid redefinition of stat() during cross-building cpio
Patch by Steve McIntyre
Add 627444-invalid-redefinition-of-stat.patch
- Use the strip that's provided by the cross-binutils
Patch by Steve Langasek
Closes: #627444
* Standards version is 3.9.3
* Fix debian-rules-missing-recommended-target
-- Anibal Monsalve Salazar <email address hidden> Tue, 12 Jun 2012 20:55:53 +1000
cpio (2.11-7) unstable; urgency=low * New mantainer. Closes: #609990. * Add a 'Reporting Bugs' section to manpages. Closes: #218086. * Add a 'See Also' section to manpages mentioning cpio(5), and Add a 'Suggests: libarchive1' for cpio(5). Closes: #588020. -- Ruben Molina <email address hidden> Thu, 10 Feb 2011 23:16:52 -0500
cpio (2.11-6) unstable; urgency=low * New mantainer: adopt the package. closes: 604790 * debian/copyright: change link to GPL3 file * debian/control: add homepage field * Fix manpages section * Minor changes in postinst and prerm scripts -- Monica Ramirez Arceda <email address hidden> Thu, 02 Dec 2010 07:43:11 +0100
cpio (2.11-5) unstable; urgency=low * Bump to Standards-Version 3.9.1. * Orphan the package. -- Clint Adams <email address hidden> Sun, 14 Nov 2010 00:50:05 -0500
| Published in lenny-release |
cpio (2.9-13lenny1) stable; urgency=low * Backport fix for rmt_read__ buffer overflow (CVE-2010-0624). -- Clint Adams <email address hidden> Thu, 11 Mar 2010 20:33:59 -0500
cpio (2.11-4) unstable; urgency=low
* Apply patch from Didier Raboud to fix win32 output again.
closes: #579533.
-- Clint Adams <email address hidden> Thu, 29 Apr 2010 15:07:57 -0400
cpio (2.11-2) unstable; urgency=medium
* Patch from Sven Joachim to prevent /usr/share/info/dir.gz being
shipped when install-info is present in the build environment.
closes: #576620.
-- Clint Adams <email address hidden> Tue, 06 Apr 2010 08:18:20 -0400
cpio (2.11-1) unstable; urgency=high
* New upstream version.
- Fixes CVE-2010-0624: Heap-based buffer overflow in GNU
Tar and GNU Cpio.
* Tweak mingw build to not fail.
* Update watch file to pick bzip2-compressed tarballs.
* Bump to Standards-Version 3.8.4.
* Switch to 3.0 (quilt) source format.
-- Clint Adams <email address hidden> Thu, 11 Mar 2010 00:05:20 -0500
cpio (2.10-1) unstable; urgency=low * New upstream version. * Bump to Standards-Version 3.8.2. -- Clint Adams <email address hidden> Sat, 20 Jun 2009 11:53:36 -0400
cpio (2.9.90-3) unstable; urgency=low
* Fix some variable types leading to spurious "file grew" errors for
files larger than 4GB. closes: #506714.
-- Clint Adams <email address hidden> Mon, 02 Mar 2009 17:32:20 -0500
cpio (2.9.90-2) unstable; urgency=low * New upstream alpha release. -- Clint Adams <email address hidden> Tue, 24 Feb 2009 13:12:16 -0500
cpio (2.9-15) unstable; urgency=medium
* Apply patch from Kees Cook to return proper exit codes. closes:
#514936.
-- Clint Adams <email address hidden> Sat, 14 Feb 2009 13:55:42 -0500
cpio (2.9-14) unstable; urgency=low
[ James Westby ]
* Make sure that HAVE_GETPWNAM, HAVE_GETGRNAM, HAVE_GETPWUID and
HAVE_GETGRGID are defined so that the real functions are used, rather
than dummy ones. Having HAVE_GETPWNAM defined makes --owner work with
user and group names again.
- Also switch lib/system.h to use HAVE_GETPWUID instead of HAVE_PWUID.
closes: #500264.
[ Clint Adams ]
* Bump to Standards-Version 3.8.0.
-- Clint Adams <email address hidden> Fri, 26 Sep 2008 16:58:29 -0400
cpio (2.9-13) unstable; urgency=low * Remove pre-sarge fixup from postinst, and remove preinst entirely. -- Clint Adams <email address hidden> Thu, 03 Apr 2008 10:56:30 -0400
| 1 → 46 of 46 results | First • Previous • Next • Last |
