gcab (0.7-7) unstable; urgency=high * Switch to debhelper compatibility level 11. * Apply upstream fix for CVE-2018-5345. Closes: #887776. This also fixes the out-of-bounds read in cdata_finish(). Closes: #881922. * Standards-Version 4.1.3, no change required. -- Stephen Kitt Tue, 23 Jan 2018 14:25:04 +0100 gcab (0.7-6) unstable; urgency=medium * Apply upstream fix to the fix for checksum calculations on big-endian and little-endian platforms. LP: #1737723. * Standards-Version 4.1.2, no change required. -- Stephen Kitt Tue, 12 Dec 2017 20:36:48 +0100 gcab (0.7-5) unstable; urgency=medium * Apply upstream fix for checksum calculations on big-endian platforms; thanks to Mario Limonciello for the report and pointer to the patch. Closes: #882013. * Standards-Version 4.1.1, no further change required. -- Stephen Kitt Mon, 20 Nov 2017 20:06:54 +0100 gcab (0.7-4) unstable; urgency=medium * Add overrides for Lintian’s “spelling error” covering the use of “GNU Public License” (which refers to the general concept here). * Make gcab produce reproducible cabinets; thanks to Chris Lamb for the patch. Closes: #872460. * Fix an invalid libgcab-dev link in libgcab-doc. -- Stephen Kitt Thu, 17 Aug 2017 22:43:03 +0200 gcab (0.7-3) unstable; urgency=medium * Switch to debhelper compatibility level 10. * As per the GObject-Introspection policy, the typelib package should be gir1.2-gcab-1.0, not gir1.2-libgcab-1.0; rename the package accordingly. The -dev package also needs a dependency on the typelib package. * Update debian/copyright. * Standards-Version 4.0.0, no further change required. -- Stephen Kitt Tue, 11 Jul 2017 12:35:49 +0200 gcab (0.7-2) unstable; urgency=medium * Explicitly build-depend on intltool and pkg-config instead of relying on gnome-common. Closes: #837853. * Standards-Version 3.9.8, no change required. -- Stephen Kitt Thu, 15 Sep 2016 23:02:12 +0200 gcab (0.7-1) unstable; urgency=medium * New upstream release. * Add unique license names for all the permissive licenses. * Migrate to dbgsym debug packages. * Switch to https: VCS URIs (see #810378). * Add the Ubuntu patch to avoid integer overflows in zalloc. * Standards-Version 3.9.7, no change required. * Enable all hardening options. -- Stephen Kitt Fri, 18 Mar 2016 12:46:01 +0100 gcab (0.6-1) unstable; urgency=medium * New upstream release. * Drop afl-fixes.patch, merged upstream. -- Stephen Kitt Fri, 20 Mar 2015 20:11:15 +0100 gcab (0.5-1) unstable; urgency=medium * New upstream release. * Drop patches fix-glib-linking, fix-gtkdoc-tests, cve-2015-0552.patch, merged upstream. * m4/intltool.m4 is no longer shipped, remove it from debian/copyright. -- Stephen Kitt Thu, 12 Mar 2015 06:59:08 +0100 gcab (0.4-3) unstable; urgency=medium * Fix all the crashes detected by AFL. Thanks to Jakub Wilk for the suggestion! Closes: #775941. * Fix hyphens in the manpage. -- Stephen Kitt Sun, 25 Jan 2015 23:51:15 +0100 gcab (0.4-2) unstable; urgency=medium * Indicate that libgcab/gcab-enums.* is licensed using LGPL-2.0+, not 2.1+ like the rest of the project. Thanks to Thorsten Alteholz for pointing out that this should be indicated explicitly! * Prevent path traversals; contents of cabinet files are always extracted below the extraction point and cannot escape it. Closes: #774580. This is CVE-2015-0552. -- Stephen Kitt Tue, 06 Jan 2015 00:14:58 +0100 gcab (0.4-1) unstable; urgency=low * Initial release. Closes: #771253. -- Stephen Kitt Sat, 29 Nov 2014 00:12:00 +0100