-
libarchive (3.6.0-1ubuntu1) jammy; urgency=medium
* Sync with Debian. (LP: #1967127)
- Includes upstream fixes for CVE-2021-36976
* debian/rules: fix broken check for nocheck DEB_BUILD_OPTION
* SECURITY UPDATE: possible out-of-bounds read
- Cherry-pick CVE-2022-26280.patch to fix zipx_lzma_alone_init()
- CVE-2022-26280
libarchive (3.6.0-1) unstable; urgency=medium
* New upstream version (Closes: #1007120):
- update the upstream copyright information
- drop some patches that were taken from the upstream source:
- lzip-large-dict
- upstream-fix-32bit-size-cast
- upstream-fixup-file-flags
- upstream-fixup-symlinks
- add another spelling correction to the typos patch
- update the line numbers in the typos patch
* Add the year 2022 to my debian/* copyright notice.
* Reorder the copyright file so that it makes sense.
-- Jeremy Bicha <email address hidden> Wed, 06 Apr 2022 16:33:16 -0400
-
libarchive (3.5.2-1ubuntu1) jammy; urgency=medium
* SECURITY UPDATE: use-after-free in copy_string
- debian/patches/CVE-2021-36976-1.patch: fixed out of bounds read in
some files in Makefile.am,
libarchive/archive_read_support_format_rar5.c,
libarchive/test/*.
- debian/patches/CVE-2021-36976-2.patch: fix invalid memory access in
some files in Makefile.am,
libarchive/archive_read_support_format_rar5.c,
libarchive/test/test_read_format_rar5.c, libarchive/test/*.
- CVE-2021-36976
-- Marc Deslauriers <email address hidden> Wed, 16 Feb 2022 08:22:57 -0500
-
libarchive (3.5.2-1) unstable; urgency=medium
* Declare compliance with Debian Policy 4.6.0 with no changes.
* Add the year 2021 to my debian/* copyright notice.
* Drop the Breaks/Replaces relations for pre-oldstable versions of
bsdtar and bsdcpio.
* Fix some shellcheck complaints about the minitar autopkgtest.
* Use a comma, not a semicolon, in the Origin DEP-3 header.
* Annotate the sharutils build dependency with <!nocheck>.
Closes: #981654
* Drop the obsolete libattr1-dev build dependency. At the moment it is
still pulled in by libacl1-dev, but there is no reason for us not to
do the right thing, so that everything goes right when libacl1-dev
corrects its build dependency. Closes: #953931
* New upstream version:
- fix handling of symlink ACLs; Closes: 1001986
- never follow symlinks when setting file flags; Closes: 1001990
- update the upstream copyright information
- drop some patches that were taken from the upstream source:
- upstream-cpio-hardlink-type
- upstream-cpio-rdev
- upstream-unneeded-strlen
- upstream-hardlink-to-self
- upstream-set-format-error
- upstream-rar-read-format
- upstream-memory-stdlib
- upstream-max-comp-level
- upstream-isint-w
- update the library symbols file
* Add the lzip-large-dict patch to support larger lzip dictionaries.
Closes: #1001901
* Add the upstream-fixup-symlinks, upstream-fixup-file-flags, and
upstream-fix-32bit-size-cast patches, importing three upstream
post-3.5.2 commits.
-- Peter Pentchev <email address hidden> Wed, 22 Dec 2021 19:51:54 +0200
-
libarchive (3.4.3-2build1) impish; urgency=medium
* No-change rebuild to build packages with zstd compression.
-- Matthias Klose <email address hidden> Thu, 07 Oct 2021 12:14:04 +0200
-
libarchive (3.4.3-2) unstable; urgency=medium
* Add some more upstream patches:
- upstream-isint-w
- upstream-unneeded-strlen
- upstream-hardlink-to-self
- upstream-set-format-error (with a typo corrected)
- upstream-rar-read-format
- upstream-memory-stdlib
- upstream-max-comp-level
* Drop the unused liblzo2 build dependency. According to upstream,
distributing libarchive binaries linked against liblzo2 violates
the liblzo2 GPL license, so libarchive does not even use it unless
explicitly requested, which we do not do anyway.
* Fix two problems related to cross-building libarchive.
Closes: #966637
- drop the gcc B-D that I added as a reminder that dropping --as-needed
was because it is handled automatically
- annotate the test dependencies with <!nocheck>; since we never run
the upstream test suite automatically, but only if the non-standard
"check" build option is specified, this has no effect on normal builds,
but it will fix cross-builds
-- Peter Pentchev <email address hidden> Sat, 01 Aug 2020 21:46:12 +0300
