libarchive (3.2.2-4.2) unstable; urgency=medium * Non-maintainer upload. * iso9660: validate directory record length (CVE-2017-14501) (Closes: #875966) -- Salvatore Bonaccorso Sun, 05 Aug 2018 08:18:10 +0200 libarchive (3.2.2-4.1) unstable; urgency=medium * Non-maintainer upload. * Reject LHA archive entries with negative size (CVE-2017-14503) (Closes: #875960) * Avoid a read off-by-one error for UTF16 names in RAR archives (CVE-2017-14502) (Closes: #875974) -- Salvatore Bonaccorso Wed, 25 Jul 2018 21:29:42 +0200 libarchive (3.2.2-4) unstable; urgency=medium * Team upload. * debian/control: Update Vcs-* fields for move to salsa.debian.org * debian/control: Replace Priority: extra with optional -- Andreas Henriksson Thu, 31 May 2018 00:01:28 +0200 libarchive (3.2.2-3.1) unstable; urgency=high * Non-maintainer upload. * Reupload 3.2.2-2.1 on top of 3.2.2-3 * archive_strncat_l(): allocate and do not convert if length == 0 (CVE-2016-10209) (Closes: #859456) * Reread the CAB header skipping the self-extracting binary code (CVE-2016-10349, CVE-2016-10350) (Closes: #861609) * Do something sensible for empty strings to make fuzzers happy (CVE-2017-14166) Fixes heap-based buffer over-read in the atol8 function. (Closes: #874539) -- Salvatore Bonaccorso Thu, 14 Sep 2017 16:02:10 +0200 libarchive (3.2.2-3) unstable; urgency=medium * Remove myself from uploaders * Promote Peter to primary maintainer replacing team address -- Andreas Henriksson Thu, 14 Sep 2017 11:08:48 +0200 libarchive (3.2.2-2) unstable; urgency=medium * Disable tests (Closes: #859455) -- Andreas Henriksson Mon, 03 Apr 2017 22:20:05 +0200 libarchive (3.2.2-1) unstable; urgency=medium * Shorten long line in previous changelog entry to please lintian. * debian/gbp.conf: add upstream-vcs-tag for import-orig * New upstream release. * Drop patches now part of upstream release. * Stop shipping README for now -- Andreas Henriksson Mon, 03 Apr 2017 17:17:02 +0200 libarchive (3.2.1-6) unstable; urgency=medium * Add d/p/Fail-with-negative-lha-compsize-in-lha_read_file_header_1.patch - Cherry-pick upstream commit 98dcbbf0bf4854bf987557 "Fail with negative lha->compsize in lha_read_file_header_1()" Secunia SA74169, CVE-2017-5601 (Closes: #853278) -- Andreas Henriksson Tue, 31 Jan 2017 10:25:56 +0100 libarchive (3.2.1-5) unstable; urgency=medium * Cherry-pick upstream commits 7f17c791, eec077f5, e37b620f - Fixes for upstream issues 747, 761, 767 also known as CVE-2016-8689, CVE-2016-8688, CVE-2016-8687 (Closes: #840934, #840935, #840936) -- Andreas Henriksson Sun, 16 Oct 2016 15:41:59 +0200 libarchive (3.2.1-4) unstable; urgency=medium * Bump debhelper compat to 10 * Install manpages via debian/*.install * libarchive-dev: ship examples/ directory (Closes: #659650) * Use the "fail-missing" dh_install option * Cherry-pick upstream commits for CVE-2016-5418 (Closes: #837714) -- Andreas Henriksson Thu, 06 Oct 2016 23:01:41 +0200 libarchive (3.2.1-3) unstable; urgency=medium [ Michael Biebl ] * (Re)add debian/libarchive13.symbols (Closes: #838775) [ Andreas Henriksson ] * Mark leaked private symbols as optional for now until fixed upstream * Fail to build when symbols file is outdated -- Andreas Henriksson Thu, 06 Oct 2016 18:18:41 +0200 libarchive (3.2.1-2) unstable; urgency=medium * The "welcome Peter to the team" upload [ Peter Pentchev ] * Declare compliancy with Debian Policy 3.9.8 with no changes. * Remove the "XS-Testsuite: autopkgtest" header from the control file: it has not been "XS-" for some time, and it is added by default by dpkg-1.17.11 when debian/tests/control is present. * Use the HTTPS scheme for the Alioth VCS URLs. * Switch to Alioth's cgit in the Vcs-Browser source control field. * Convert the copyright file to the machine-readable format. * Fill in the upstream metadata file. * Enable full build hardening. * Pass --as-needed to the linker to avoid overlinking. * Bump the debhelper build dependency to version 9 to reflect the debhelper compatibility level and drop the now-unused Lintian override. * Fold the bsdtar and bsdcpio packages into the new libarchive-tools binary package and install bsdcat into it, too. Make bsdtar and bsdcpio transitional dummy packages. * Drop the Breaks and Replaces relations to libarchive1, it's not even in oldstable any more. * Drop the misc:Pre-Depends that were needed for the multi-arch transition; dpkg-dev adds them automatically now. * Fix a typo in README.Debian. * Add an upstream patch to replace the use of SIGRTMAX with something that calculates the exact value of the highest signal actually used; hopefully this fixes the FTBFS on the GNU Hurd. * Drop the outdated and unused SONAME mismatch Lintian override. * Re-enable the use of minitar for extraction, too, in the CI test; keep the untar test for completeness. * Add the Typos patch to fix a couple of typographical errors. * Add the Candidate patch to fix a typographical error in a structure member field and, consequently, update all references to it. * Add the CPPCheck patch to fix some issues reported by cppcheck. [ Andreas Henriksson ] * Add Peter Pentchev to Uploaders -- Andreas Henriksson Mon, 25 Jul 2016 17:54:13 +0200 libarchive (3.2.1-1) unstable; urgency=medium * New upstream release. - Includes fixes for CVE-2015-8934, CVE-2016-4300, CVE-2016-4301, CVE-2016-4302, CVE-2016-4809 and CVE-2016-5844. * Add patch cherry-picked from upstream fixing build with xz-utils < 5.2 -- Andreas Henriksson Sun, 26 Jun 2016 21:28:27 +0200 libarchive (3.2.0-2) unstable; urgency=medium * Add CVE identifiers to previous changelog entry. * Upload to unstable. -- Andreas Henriksson Wed, 01 Jun 2016 07:34:12 +0200 libarchive (3.2.0-1) experimental; urgency=medium * CVE-2016-1541: heap-based buffer overflow due to improper input validation (Closes: #823893) * New upstream test release (3.1.901a). * Add liblz4-dev build-dependency to enable lz4 support. * Enable new bsdcat utility in separate package * Drop all patches, now included in release. * Add pkg-config build-dependency * Have dh-autoreconf use upstream build/autogen.sh * New upstream release (3.2.0). -- Andreas Henriksson Fri, 06 May 2016 10:08:56 +0200 libarchive (3.1.2-11) unstable; urgency=medium * Add d/p/Add-ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS-option.patch (Closes: #778266) -- Andreas Henriksson Thu, 05 Mar 2015 14:54:43 +0100 libarchive (3.1.2-10) unstable; urgency=medium * Add d/p/Do-not-overwrite-file-size-if-the-local-file-header-.patch - cherry-picked from upstream git commit e234932de2474c4f99787 Thanks to Maximiliano Curia (Closes: #769290) -- Andreas Henriksson Thu, 20 Nov 2014 21:10:43 +0100 libarchive (3.1.2-9) unstable; urgency=medium [ Andreas Henriksson ] * Drop Andres Mejia from Uploaders by request of MIA (Closes: #743538) [ Breno Leitao ] * Use dh-autoreconf for the benefit of ppc64el (Closes: #750483) [ Andreas Henriksson ] * Bump Standards-Version to 3.9.5 -- Andreas Henriksson Sun, 17 Aug 2014 10:45:27 +0200 libarchive (3.1.2-8) unstable; urgency=medium [ Michael Terry ] * Fix DEP8 minitar test to use application/gzip (Closes: #731962) [ Daniel Schepler ] * Implement DEB_BUILD_OPTIONS=nocheck (Closes: #738159) -- Andreas Henriksson Wed, 12 Feb 2014 22:53:33 +0100 libarchive (3.1.2-7) unstable; urgency=low * Upload to unstable. -- Andres Mejia Sat, 25 May 2013 16:07:06 -0400 libarchive (3.1.2-6) experimental; urgency=low [ Andreas Henriksson ] * Merge debian-wheezy branch containing package revision 3.0.4-3. [ Andres Mejia ] * Remove gbp config overrides. * Remove lrzip build dependency as test cases fail on certain architectures. -- Andres Mejia Tue, 07 May 2013 21:44:50 -0400 libarchive (3.1.2-5) experimental; urgency=low * Update patch to fix LZO test cases to use changes from upstream. * Update homepage field for new homepage URL. * Add upstream changes to fix building libarchive with lrzip support. -- Andres Mejia Sun, 24 Feb 2013 16:44:32 -0500 libarchive (3.1.2-4) experimental; urgency=low * Add mtree filename length fix from upstream. * Add fix for LZO test cases. * Renable LZO support. * Bump Standards-Version to 3.9.4. -- Andres Mejia Sat, 23 Feb 2013 23:44:26 -0500 libarchive (3.1.2-3) experimental; urgency=low * Update gbp.conf to point to branches used for libarchive packaging in experimental. * Disable LZO support, it is broken on some architectures. -- Andres Mejia Sun, 10 Feb 2013 12:43:35 -0500 libarchive (3.1.2-2) experimental; urgency=low * Update patches to use changes applied upstream. -- Andres Mejia Sat, 09 Feb 2013 15:13:20 -0500 libarchive (3.1.2-1) experimental; urgency=low * New upstream release. * Enable LZO support. -- Andres Mejia Sat, 09 Feb 2013 13:37:34 -0500 libarchive (3.1.1-1) experimental; urgency=low * New upstream release. -- Andres Mejia Wed, 16 Jan 2013 17:06:36 -0500 libarchive (3.1.0-1) experimental; urgency=low [ Benjamin Drung ] * Add autopkgtest (LP: #1073390). [ Martin Pitt ] * Add examples-offset-type.patch: Fix offset data type in examples. [ Andres Mejia ] * New upstream release. -- Andres Mejia Sun, 13 Jan 2013 22:00:14 -0500 libarchive (3.0.4-3) unstable; urgency=low * Add patch that fixes CVE-2013-0211. (Closes: #703957) -- Andreas Henriksson Wed, 27 Mar 2013 16:20:36 +0100 libarchive (3.0.4-2) unstable; urgency=low * Add debian/patches/gcc-4.7-fixes-from-upstream.patch (Closes: #674368, #672690) -- Andreas Henriksson Thu, 24 May 2012 14:49:41 +0200 libarchive (3.0.4-1) unstable; urgency=low * New upstream release. * Patches removed, applied upstream. -- Andres Mejia Thu, 29 Mar 2012 09:44:15 -0400 libarchive (3.0.3-7) unstable; urgency=low * Allow the dev package to be multi-arch installable. * Set verbosity level to 1 for test programs. This incorporates upstream commit 7cd65cd07cfa2693455d174049b4887434041695. (Closes: #662716) * Fixup package description about ISO support. (Closes: #659651) -- Andres Mejia Fri, 16 Mar 2012 16:21:21 -0400 libarchive (3.0.3-6) unstable; urgency=low * Add patch to fix infinite loop in xps files (Closes: #662603) - Thanks for the patch to Savvas Radevic! -- Andreas Henriksson Mon, 05 Mar 2012 16:23:05 +0100 libarchive (3.0.3-5) unstable; urgency=low * Detect if locales or locales-all is installed for use with test suite. * Bump Standards-Version to 3.9.3. -- Andres Mejia Thu, 23 Feb 2012 19:29:24 -0500 libarchive (3.0.3-4) unstable; urgency=low * Ensure tests are not run via root. (Closes: #659294) -- Andres Mejia Tue, 21 Feb 2012 16:01:26 -0500 libarchive (3.0.3-3) unstable; urgency=low * Update watch file to use new home for downloads. -- Andres Mejia Mon, 06 Feb 2012 17:04:34 -0500 libarchive (3.0.3-2) unstable; urgency=low * Upload to unstable. * Update homepage to libarchive's new home. -- Andres Mejia Mon, 06 Feb 2012 16:37:07 -0500 libarchive (3.0.3-1) experimental; urgency=low * New upstream release. * Fix for hurd build failure included in new release. (Closes: #653458) * Update copyright file. -- Andres Mejia Mon, 16 Jan 2012 11:49:46 -0500 libarchive (3.0.2-3) experimental; urgency=low * Prepare an upload to experimental. -- Andres Mejia Sat, 24 Dec 2011 20:39:17 -0500 libarchive (3.0.2-1) unstable; urgency=low * Prepare new upstream release. * Update package descriptions, deleting some information that doesn't apply to current build of packages. * Rename shared library package for soname bump. * Remove symbols files. Symbols file needs to be maintained better. Also, numerous symbols were in the file which were meant to stay private (all the __archive_* symbols for example). -- Andres Mejia Sat, 24 Dec 2011 15:47:39 -0500 libarchive (3.0.1b-1) experimental; urgency=low * Package latest testing release. * Update debian/control, noting new 7zip support. * Fix package description for bsdcpio. * Update symbols file for new symbols added in libarchive-3.0.1b. -- Andres Mejia Fri, 16 Dec 2011 17:28:03 -0500 libarchive (3.0.0a-1) experimental; urgency=low * Package testing release of libarchive for experimental. * Better ext2 file attribute/flag support included in new release. (Closes: #615875) * Remove all patches, applied in upstream source. * Add option to unapply patches for dpkg-source v3. * Change package name libarchive1 to libarchive11 to match soname bump. * Rename files used in packaging libarchive11. * Build depend on Nettle library. * Add mention of rar support in package description. * Remove installation of symlink for libarchive library file. * Explicitely build without openssl and with nettle support. * Add proper depends to new libarchive11 package. * Update symbols file for libarchive11. * Ensure bsdtar and bsdcpio are linked to shared library dynamically. * Build en_US.UTF-8 locale at runtime to pass test suite. -- Andres Mejia Fri, 16 Dec 2011 16:31:37 -0500 libarchive (2.8.5-5) unstable; urgency=medium * Backport fixes for fix for CVE-2011-1777 and CVE-2011-1778. (Closes: #651844) * Fix build failure for GNU/Hurd. (Closes: #651995) * Regenerate autoreconf patch. -- Andres Mejia Wed, 14 Dec 2011 12:18:31 -0500 libarchive (2.8.5-4) unstable; urgency=low [ Andres Mejia ] * Improve each packages' long description. * Refresh all patches. [ Samuel Thibault ] * Skip libacl1-dev build dependency on hurd (Closes: #645403) [ Andreas Henriksson ] * Add 0009-Patch-from-upstream-rev-3751.patch (Closes: #641265) + Thanks to Michael Cree for figuring out the details. -- Andres Mejia Sun, 11 Dec 2011 21:55:59 -0500 libarchive (2.8.5-3) unstable; urgency=low * Fix upgrade breakage because of manpages being moved from libarchive1 to libarchive-dev. (Closes: #641978) * Make short descriptions for packages unique. * Explicitly set config options to be used during builds. -- Andres Mejia Sun, 18 Sep 2011 10:25:34 -0400 libarchive (2.8.5-2) unstable; urgency=low * Add gbp.conf to enable pristine-tar to true by default. * Add myself to uploaders field. * Add default options to fail on any upstream changes during a build. * Bump Standards-Version to 3.9.2. * Remove duplicate "Section" field. * Remove unnecessary use of *.dirs dh files. * Remove unneeded build-deps. * Provide patch that implements changes made after running autoreconf -vif. * Remove generic comments from debian/rules. * Support parallel builds. * Remove commented lines from install file. * Add docs to all packages except the shared library package. * Remove unneeded use of 'debian/tmp' in path for install files. * Provide different mechanism to install symlink for libarchive1 package. * Move all manpages for libarchive1 to libarchive-dev. * Move libarchive-dev control stanza up. This will make libarchive-dev the default package for installing files into, such as the README.Debian. * Convert libarchive into multiarch library package. * Update Vcs-* entries. -- Andres Mejia Sat, 17 Sep 2011 18:50:11 -0400 libarchive (2.8.5-1) unstable; urgency=low * Add 0010-Patch-from-upstream-rev-2811.patch * Drop "update-patch-series" target from debian/rules * Convert package to dh7 * Imported Upstream version 2.8.5 (Closes: #640524) * Rebase patch queue and drop patches merged upstream - dropped 0003-Patch-from-upstream-rev-2516.patch - dropped 0010-Patch-from-upstream-rev-2811.patch -- Andreas Henriksson Mon, 05 Sep 2011 17:35:36 +0200 libarchive (2.8.4-2) unstable; urgency=low * update-patch-series: + replace local patch with upstream commit. (Rebase patches branch to drop commit/patch "0007-Ignore-ENOSYS-error-when-sett...", in favor of upstream revision 2537 added as "0007-Patch-from-upstream-rev-2537.patch") + add 0008-Patch-from-upstream-rev-2888.patch (Closes: #610079) + add 0009-Patch-from-upstream-rev-2940.patch (Closes: #610783) -- Andreas Henriksson Tue, 09 Aug 2011 13:39:10 +0200 libarchive (2.8.4-1) unstable; urgency=low * Update debian/watch for new code.google.com layout. * update patch series: + added 0003-Patch-from-upstream-rev-2516.patch - Compatibility with WinISO generated iso files (Closes: #587513) + added 0004-Patch-from-upstream-rev-2514.patch + added 0005-Patch-from-upstream-rev-2520.patch - Enable version stripping code in iso9660/joliet (Closes: #587316) * Imported Upstream version 2.8.4 * update-patch-series: + added 0006-Patch-from-upstream-rev-2521.patch + added 0007-Ignore-ENOSYS-error-when-sett... (Closes: #588925) - Big thanks to Modestas Vainius for awesome debugging! -- Andreas Henriksson Thu, 15 Jul 2010 14:45:06 +0200 libarchive (2.8.3-1) unstable; urgency=low * Imported Upstream version 2.8.3 * update-patch-series: 0001-Clear-archive_error_number-in-archiv... - gvfs has been fixed since, workaround not needed anymore. -- Andreas Henriksson Fri, 23 Apr 2010 13:25:33 +0200 libarchive (2.8.0-2) unstable; urgency=low * Clean up libarchive.la file. (Closes: #571468) - Thanks to Sune Vuorela for suggesting this fix. * Update patch series: + added two patches matching revision 1990, 1991 from upstream regarding PATH_MAX hopefully fixing build on Hurd. -- Andreas Henriksson Thu, 25 Feb 2010 22:31:13 +0100 libarchive (2.8.0-1) unstable; urgency=low * Set myself as maintainer (Closes: #570539). + co-maintainers welcome! * Imported Upstream version 2.8.0 (Closes: #559158) * Drop debian revision in symbols file. * Updated symbols for 2.8 * Update rules for new build directory (config.aux -> build/autoconf) * Replace ${Source-Version} with ${source:Version} in control file. * Drop debian/shlibs.local.ex * Bump debhelper compatibility level to 5. * Stop trying to install non-existant usr/share/pkgconfig * Update Vcs fields to point to new collab-maint repository. * Update debian/copyright * Bump Standards-Version to 3.8.4 * Add update-patch-series target in debian/rules. * Added patch to fix gvfsd-archive problems: + 0001-Clear-archive_error_number-in-archive_clear_error.patch (from http://bugs.gentoo.org/show_bug.cgi?id=289260#c1 ) * Switch to dpkg-source 3.0 (quilt) format * Split Build-Depends on multiple lines. * Add liblzma-dev to Build-Depends for lzma support. * Add Build-Depends on libxml2-dev for xar support. * Explicitly give --without-openssl to configure. -- Andreas Henriksson Tue, 23 Feb 2010 20:50:25 +0100 libarchive (2.6.2-2) unstable; urgency=low * Orphaning the package; set maintainer to QA group. -- John Goerzen Fri, 19 Feb 2010 11:23:14 -0600 libarchive (2.6.2-1) unstable; urgency=low * New Upstream Version. Closes: #516577. * Update watch file to new homepage. Closes: #517398. -- John Goerzen Thu, 12 Mar 2009 09:32:31 -0500 libarchive (2.6.1-1) unstable; urgency=low * New Upstream Version * Update homepage. Closes: #514835. * Clean up Debian rules. Patch partially from Bernhard R. Link. Closes: #480495. -- John Goerzen Thu, 19 Feb 2009 09:28:57 -0600 libarchive (2.4.17-2) unstable; urgency=high [ John Goerzen ] * Ignore failures in test suite due to bugs in the testsuite that were turning into FTBFS bugs. Closes: #474400. * Added README.Debian documenting need for largefile suport in sources. Mostly used suggested text found in #479728. Closes: #479728. [ Bernhard R. Link ] * Added symbols file for libarchive. Closes: #476516. -- John Goerzen Thu, 05 Jun 2008 15:42:57 -0500 libarchive (2.4.17-1) unstable; urgency=high * New Upstream Version * This upstream version corrected several problems with the testsuite. Therefore, we can now run test suite after build. Closes: #473221. * uudecode is now used as part of the build. Added build-dep on sharutils. Fixes FTBFS. Closes: #473266. -- John Goerzen Thu, 03 Apr 2008 09:25:04 -0500 libarchive (2.4.14-1) unstable; urgency=high * New upstream release. Closes: #465061, #448292. #465061 is grave bug, so setting urgency high. * Added Vcs-* and Homepage lines to debian/control -- John Goerzen Sat, 29 Mar 2008 10:14:21 -0500 libarchive (2.4.11-1) unstable; urgency=low * New upstream version. * Move bsdtar to section utils. Closes: #460988. * Added bsdcpio package due to new upstream cpio command. -- John Goerzen Mon, 21 Jan 2008 10:02:29 -0600 libarchive (2.2.4-1) unstable; urgency=high * New upstream version with security fixes. Closes: #432924. Fixes: CVE-2007-3641, CVE-2007-3644, CVE-2007-3645 -- John Goerzen Fri, 13 Jul 2007 08:14:00 -0500 libarchive (2.2.3-1) unstable; urgency=low * New upstream version. -- John Goerzen Wed, 06 Jun 2007 03:36:35 -0500 libarchive (2.0.25-3) unstable; urgency=low * SONAME should not be tied to the tarball version string (Closes: #418637) Provide libarchive.so.1 as a backwards-compatible symlink to libarchive.so.2, reverting the package name to libarchive1. Patch from Neil Williams. -- John Goerzen Mon, 16 Apr 2007 13:50:29 +0100 libarchive (2.0.25-2) unstable; urgency=low * Remove build-dep on linux-kernel-headers for compatibility with BSD ports. Closes: #377480. -- John Goerzen Tue, 13 Mar 2007 20:03:37 -0500 libarchive (2.0.25-1) unstable; urgency=low * New upstream version * Remove unnecessary dep on libarchive1. Closes: #396756. * Bump standards-version * Rename libarchive1 to libarchive2 to match new soname. -- John Goerzen Tue, 13 Mar 2007 07:03:53 -0500 libarchive (1.3.1-1) unstable; urgency=high * New upstream release. * Applied FreeBSD patch for potential DoS. This is CVS-2006-5680, FreeBSD SA-06:24. -- John Goerzen Mon, 18 Dec 2006 05:51:08 -0600 libarchive (1.2.53-2) unstable; urgency=low * Added build-dep on bison. Closes: #374200. -- John Goerzen Sat, 17 Jun 2006 17:24:44 -0500 libarchive (1.2.53-1) unstable; urgency=low * New upstream version. * The bsdtar program has been integrated into the libarchive source package upstream. This package, therefore, now generates the bsdtar binary package. -- John Goerzen Sat, 17 Jun 2006 10:44:05 -0500 libarchive (1.02.036-2) unstable; urgency=low * Added conflict on old libarchive-doc package. This package never existed in testing or stable, so this conflict can be removed before long. -- John Goerzen Tue, 18 Oct 2005 11:02:06 -0500 libarchive (1.02.036-1) unstable; urgency=low * New upstream version, now with support for building as a .so. * Added build-dep on libattr1-dev. * No more libarchive-doc; its files now live in libarchive1. * Thanks to Bernhard R. Link for ideas for this package. -- John Goerzen Mon, 17 Oct 2005 10:27:30 -0500 libarchive (1.02.034-2) unstable; urgency=low * Split off manpages into separate package libarchive-doc. The bsdtar manpages point readers to these. -- John Goerzen Tue, 11 Oct 2005 05:36:28 -0500 libarchive (1.02.034-1) unstable; urgency=low * Initial release Closes: #333222. -- John Goerzen Mon, 10 Oct 2005 19:24:56 -0500