-
libarchive (3.4.3-2) unstable; urgency=medium
* Add some more upstream patches:
- upstream-isint-w
- upstream-unneeded-strlen
- upstream-hardlink-to-self
- upstream-set-format-error (with a typo corrected)
- upstream-rar-read-format
- upstream-memory-stdlib
- upstream-max-comp-level
* Drop the unused liblzo2 build dependency. According to upstream,
distributing libarchive binaries linked against liblzo2 violates
the liblzo2 GPL license, so libarchive does not even use it unless
explicitly requested, which we do not do anyway.
* Fix two problems related to cross-building libarchive.
Closes: #966637
- drop the gcc B-D that I added as a reminder that dropping --as-needed
was because it is handled automatically
- annotate the test dependencies with <!nocheck>; since we never run
the upstream test suite automatically, but only if the non-standard
"check" build option is specified, this has no effect on normal builds,
but it will fix cross-builds
-- Peter Pentchev <email address hidden> Sat, 01 Aug 2020 21:46:12 +0300
-
libarchive (3.4.3-1build1) groovy; urgency=medium
* No change rebuild against new libnettle8 and libhogweed6 ABI.
-- Dimitri John Ledkov <email address hidden> Mon, 29 Jun 2020 22:27:25 +0100
-
libarchive (3.4.3-1) unstable; urgency=medium
* New upstream release:
- update the upstream signing key
- update the typos patch, correct some more mistakes
- drop all the upstream-* patches
- add an upstream copyright notice for a new file
* Add the upstream-cpio-rdev and upstream-cpio-hardlink-type patches.
-- Peter Pentchev <email address hidden> Wed, 03 Jun 2020 16:40:28 +0300
-
libarchive (3.4.2-1) unstable; urgency=medium
* Minor correction to the debian/watch file to catch up with
the upstream site links.
* New upstream release:
- drop some patches that were taken from upstream:
- upstream-rar-use-after-free
- upstream-rar-uaf-test-eof
- upstream-rar-window-mask
- upstream-rar-window-test
- upstream-rar-filter-beyond
- upstream-archive-read-sparse
- upstream-archive-clean
- upstream-doc-7zip-zip
- upstream-open-without-openat
- upstream-lz4-uint32
- CVE-2020-9308 patch
- drop most of the typos patch - integrated upstream
- update the upstream copyright years
* Add some more corrections to the typos patch.
* Drop the Name and Contact upstream metadata fields.
* Drop the phony "build" target.
* Do not pass "--as-needed" to the linker: recent versions of the Debian
GCC package do that by default. Just in case, add a build dependency on
a recent version so that it is not forgotten e.g. in a backport.
* Add some upstream patches since 3.4.2.
* Update to debhelper compat level 13:
- `dh_missing --fail-missing` is the default now
- use execute_before/execute_after targets
* Drop the local-options file.
-- Peter Pentchev <email address hidden> Sat, 09 May 2020 22:04:02 +0300
-
libarchive (3.4.0-2ubuntu1) focal; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/patches/CVE-2019-19221.patch: Bugfix and optimize
archive_wstring_append_from_mbs() in libarchive/archive_string.c.
- CVE-2019-19221
libarchive (3.4.0-2) unstable; urgency=medium
* Declare compliance with Debian Policy 4.5.0 with no changes.
* Add the year 2020 to my debian/* copyright notice.
* Add the CVE-2020-9308 patch - invalid RAR5 headers. (Closes: #951759)
* Make the autopkgtests cross-test-friendly. (Closes: #953140)
-- Gianfranco Costamagna <email address hidden> Thu, 02 Apr 2020 12:33:18 +0200
