View Bazaar branches
Get this repository:
git clone https://git.launchpad.net/ubuntu/+source/libarchive
Members of Ubuntu Server Dev import team can upload to this repository. Log in for directions.

Branches

Name Last Modified Last Commit
importer/ubuntu/dsc 2019-07-30 22:10:35 UTC 2019-07-30
DSC file for 3.2.2-3.1ubuntu0.4

Author: Ubuntu Git Importer
Author Date: 2019-07-30 22:10:35 UTC

DSC file for 3.2.2-3.1ubuntu0.4

applied/ubuntu/bionic-proposed 2019-07-30 21:58:18 UTC 2019-07-30
Import patches-applied version 3.2.2-3.1ubuntu0.4 to applied/ubuntu/bionic-pr...

Author: Sebastien Bacher
Author Date: 2019-06-28 19:20:28 UTC

Import patches-applied version 3.2.2-3.1ubuntu0.4 to applied/ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 9915fc404d0dc2cce147f92d829d4fc52a5c630a
Unapplied parent: 9d44261394a52057a4692e7233f817d6787511a3

New changelog entries:
  * debian/patches/git_zip_directories.patch:
    - backport a fix for an issue where files are created instead of
      directories (lp: #1830629)

ubuntu/bionic-proposed 2019-07-30 21:58:18 UTC 2019-07-30
Import patches-unapplied version 3.2.2-3.1ubuntu0.4 to ubuntu/bionic-proposed

Author: Sebastien Bacher
Author Date: 2019-06-28 19:20:28 UTC

Import patches-unapplied version 3.2.2-3.1ubuntu0.4 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 6f1115f931c3e3c93da6e6d1073e9a7bbffd0fe6

New changelog entries:
  * debian/patches/git_zip_directories.patch:
    - backport a fix for an issue where files are created instead of
      directories (lp: #1830629)

ubuntu/bionic-devel 2019-07-30 21:58:18 UTC 2019-07-30
Import patches-unapplied version 3.2.2-3.1ubuntu0.4 to ubuntu/bionic-proposed

Author: Sebastien Bacher
Author Date: 2019-06-28 19:20:28 UTC

Import patches-unapplied version 3.2.2-3.1ubuntu0.4 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 6f1115f931c3e3c93da6e6d1073e9a7bbffd0fe6

New changelog entries:
  * debian/patches/git_zip_directories.patch:
    - backport a fix for an issue where files are created instead of
      directories (lp: #1830629)

applied/ubuntu/bionic-devel 2019-07-30 21:58:18 UTC 2019-07-30
Import patches-applied version 3.2.2-3.1ubuntu0.4 to applied/ubuntu/bionic-pr...

Author: Sebastien Bacher
Author Date: 2019-06-28 19:20:28 UTC

Import patches-applied version 3.2.2-3.1ubuntu0.4 to applied/ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 9915fc404d0dc2cce147f92d829d4fc52a5c630a
Unapplied parent: 9d44261394a52057a4692e7233f817d6787511a3

New changelog entries:
  * debian/patches/git_zip_directories.patch:
    - backport a fix for an issue where files are created instead of
      directories (lp: #1830629)

applied/ubuntu/bionic-updates 2019-07-30 21:58:18 UTC 2019-07-30
Import patches-applied version 3.2.2-3.1ubuntu0.4 to applied/ubuntu/bionic-pr...

Author: Sebastien Bacher
Author Date: 2019-06-28 19:20:28 UTC

Import patches-applied version 3.2.2-3.1ubuntu0.4 to applied/ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 9915fc404d0dc2cce147f92d829d4fc52a5c630a
Unapplied parent: 9d44261394a52057a4692e7233f817d6787511a3

New changelog entries:
  * debian/patches/git_zip_directories.patch:
    - backport a fix for an issue where files are created instead of
      directories (lp: #1830629)

ubuntu/bionic-updates 2019-07-30 21:58:18 UTC 2019-07-30
Import patches-unapplied version 3.2.2-3.1ubuntu0.4 to ubuntu/bionic-proposed

Author: Sebastien Bacher
Author Date: 2019-06-28 19:20:28 UTC

Import patches-unapplied version 3.2.2-3.1ubuntu0.4 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 6f1115f931c3e3c93da6e6d1073e9a7bbffd0fe6

New changelog entries:
  * debian/patches/git_zip_directories.patch:
    - backport a fix for an issue where files are created instead of
      directories (lp: #1830629)

importer/debian/dsc 2019-02-16 17:39:18 UTC 2019-02-16
DSC file for 3.2.2-2+deb9u1

Author: Ubuntu Git Importer
Author Date: 2019-02-16 17:39:18 UTC

DSC file for 3.2.2-2+deb9u1

debian/stretch 2019-02-16 17:08:22 UTC 2019-02-16
Import patches-unapplied version 3.2.2-2+deb9u1 to debian/stretch

Author: Markus Koschany
Author Date: 2018-12-21 20:11:50 UTC

Import patches-unapplied version 3.2.2-2+deb9u1 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: bff56950c829e095473da75ac0874fac308601ee

New changelog entries:
  * Non-maintainer upload.
  * Fix the following security vulnerabilities:
    CVE-2016-10209, CVE-2016-10349, CVE-2016-10350, CVE-2017-14166,
    CVE-2017-14501, CVE-2017-14502, CVE-2017-14503, CVE-2018-1000877,
    CVE-2018-1000878, CVE-2018-1000879 and CVE-2018-1000880.
    Multiple security vulnerabilities were found in libarchive, a multi-format
    archive and compression library. Heap-based buffer over-reads, NULL pointer
    dereferences, use-after-frees and out-of-bounds reads allow remote
    attackers to cause a denial-of-service (application crash) via specially
    crafted archive files.
    (Closes: #859456, #861609, #874539, #875966, #875974, #875960, #916964,
    #916963, #916960)

applied/debian/stretch 2019-02-16 17:08:22 UTC 2019-02-16
Import patches-applied version 3.2.2-2+deb9u1 to applied/debian/stretch

Author: Markus Koschany
Author Date: 2018-12-21 20:11:50 UTC

Import patches-applied version 3.2.2-2+deb9u1 to applied/debian/stretch

Imported using git-ubuntu import.

Changelog parent: 5e3a226161343b8cf81e3ad1317ab139db97ca87
Unapplied parent: a95ea3b9b719c74d372e87ed33545d00edb32c23

New changelog entries:
  * Non-maintainer upload.
  * Fix the following security vulnerabilities:
    CVE-2016-10209, CVE-2016-10349, CVE-2016-10350, CVE-2017-14166,
    CVE-2017-14501, CVE-2017-14502, CVE-2017-14503, CVE-2018-1000877,
    CVE-2018-1000878, CVE-2018-1000879 and CVE-2018-1000880.
    Multiple security vulnerabilities were found in libarchive, a multi-format
    archive and compression library. Heap-based buffer over-reads, NULL pointer
    dereferences, use-after-frees and out-of-bounds reads allow remote
    attackers to cause a denial-of-service (application crash) via specially
    crafted archive files.
    (Closes: #859456, #861609, #874539, #875966, #875974, #875960, #916964,
    #916963, #916960)

applied/ubuntu/trusty-devel 2019-02-07 12:03:23 UTC 2019-02-07
Import patches-applied version 3.1.2-7ubuntu2.8 to applied/ubuntu/trusty-secu...

Author: Leonidas S. Barbosa
Author Date: 2019-02-06 11:48:45 UTC

Import patches-applied version 3.1.2-7ubuntu2.8 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: afb6eab260e9569e95d1d324bfcc7dfbfb5e8e74
Unapplied parent: 0b233f5752e310b98d3887516a53841292388a17

New changelog entries:
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000019.patch: fix in
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2019-1000019
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000020.patch: fix in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2019-1000020

ubuntu/trusty-security 2019-02-07 12:03:23 UTC 2019-02-07
Import patches-unapplied version 3.1.2-7ubuntu2.8 to ubuntu/trusty-security

Author: Leonidas S. Barbosa
Author Date: 2019-02-06 11:48:45 UTC

Import patches-unapplied version 3.1.2-7ubuntu2.8 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 6934cf74bf26eabb83886951ce62174f2690e854

New changelog entries:
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000019.patch: fix in
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2019-1000019
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000020.patch: fix in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2019-1000020

applied/ubuntu/trusty-security 2019-02-07 12:03:23 UTC 2019-02-07
Import patches-applied version 3.1.2-7ubuntu2.8 to applied/ubuntu/trusty-secu...

Author: Leonidas S. Barbosa
Author Date: 2019-02-06 11:48:45 UTC

Import patches-applied version 3.1.2-7ubuntu2.8 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: afb6eab260e9569e95d1d324bfcc7dfbfb5e8e74
Unapplied parent: 0b233f5752e310b98d3887516a53841292388a17

New changelog entries:
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000019.patch: fix in
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2019-1000019
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000020.patch: fix in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2019-1000020

ubuntu/bionic-security 2019-02-07 12:03:23 UTC 2019-02-07
Import patches-unapplied version 3.2.2-3.1ubuntu0.3 to ubuntu/bionic-security

Author: Leonidas S. Barbosa
Author Date: 2019-02-06 11:54:50 UTC

Import patches-unapplied version 3.2.2-3.1ubuntu0.3 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: d61e033e35231d40421305c70f9f9286c892a17e

New changelog entries:
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000019.patch: fix in
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2019-1000019
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000020.patch: fix in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2019-1000020

applied/ubuntu/trusty-updates 2019-02-07 12:03:23 UTC 2019-02-07
Import patches-applied version 3.1.2-7ubuntu2.8 to applied/ubuntu/trusty-secu...

Author: Leonidas S. Barbosa
Author Date: 2019-02-06 11:48:45 UTC

Import patches-applied version 3.1.2-7ubuntu2.8 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: afb6eab260e9569e95d1d324bfcc7dfbfb5e8e74
Unapplied parent: 0b233f5752e310b98d3887516a53841292388a17

New changelog entries:
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000019.patch: fix in
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2019-1000019
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000020.patch: fix in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2019-1000020

ubuntu/xenial-devel 2019-02-07 12:03:23 UTC 2019-02-07
Import patches-unapplied version 3.1.2-11ubuntu0.16.04.6 to ubuntu/xenial-sec...

Author: Leonidas S. Barbosa
Author Date: 2019-02-06 11:53:41 UTC

Import patches-unapplied version 3.1.2-11ubuntu0.16.04.6 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 809ff5c9c658ea914a5b748f5909ef4c37ba2b4d

New changelog entries:
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000019.patch: fix in
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2019-1000019
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000020.patch: fix in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2019-1000020

ubuntu/trusty-updates 2019-02-07 12:03:23 UTC 2019-02-07
Import patches-unapplied version 3.1.2-7ubuntu2.8 to ubuntu/trusty-security

Author: Leonidas S. Barbosa
Author Date: 2019-02-06 11:48:45 UTC

Import patches-unapplied version 3.1.2-7ubuntu2.8 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 6934cf74bf26eabb83886951ce62174f2690e854

New changelog entries:
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000019.patch: fix in
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2019-1000019
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000020.patch: fix in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2019-1000020

applied/ubuntu/bionic-security 2019-02-07 12:03:23 UTC 2019-02-07
Import patches-applied version 3.2.2-3.1ubuntu0.3 to applied/ubuntu/bionic-se...

Author: Leonidas S. Barbosa
Author Date: 2019-02-06 11:54:50 UTC

Import patches-applied version 3.2.2-3.1ubuntu0.3 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 2867a79a389ca72b48b7661bdc91819db8ad15d0
Unapplied parent: d9f02fe91bf7f5d32445a1c7fe38d9a88d18ab45

New changelog entries:
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000019.patch: fix in
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2019-1000019
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000020.patch: fix in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2019-1000020

applied/ubuntu/cosmic-updates 2019-02-07 12:03:23 UTC 2019-02-07
Import patches-applied version 3.2.2-5ubuntu0.2 to applied/ubuntu/cosmic-secu...

Author: Leonidas S. Barbosa
Author Date: 2019-02-06 11:55:41 UTC

Import patches-applied version 3.2.2-5ubuntu0.2 to applied/ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: b633248024bd082d1c1b9f3b96082b051bfbb448
Unapplied parent: 55f9de3f0c4ac158bd69d35aaebd049f6a58535d

New changelog entries:
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000019.patch: fix in
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2019-1000019
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000020.patch: fix in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2019-1000020

applied/ubuntu/xenial-devel 2019-02-07 12:03:23 UTC 2019-02-07
Import patches-applied version 3.1.2-11ubuntu0.16.04.6 to applied/ubuntu/xeni...

Author: Leonidas S. Barbosa
Author Date: 2019-02-06 11:53:41 UTC

Import patches-applied version 3.1.2-11ubuntu0.16.04.6 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 54fce7d61c74c4caf015508b4a1d5d918024e861
Unapplied parent: ef1083e1267fdde3da9ef097172b790fe9083610

New changelog entries:
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000019.patch: fix in
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2019-1000019
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000020.patch: fix in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2019-1000020

applied/ubuntu/cosmic-security 2019-02-07 12:03:23 UTC 2019-02-07
Import patches-applied version 3.2.2-5ubuntu0.2 to applied/ubuntu/cosmic-secu...

Author: Leonidas S. Barbosa
Author Date: 2019-02-06 11:55:41 UTC

Import patches-applied version 3.2.2-5ubuntu0.2 to applied/ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: b633248024bd082d1c1b9f3b96082b051bfbb448
Unapplied parent: 55f9de3f0c4ac158bd69d35aaebd049f6a58535d

New changelog entries:
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000019.patch: fix in
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2019-1000019
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000020.patch: fix in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2019-1000020

ubuntu/cosmic-updates 2019-02-07 12:03:23 UTC 2019-02-07
Import patches-unapplied version 3.2.2-5ubuntu0.2 to ubuntu/cosmic-security

Author: Leonidas S. Barbosa
Author Date: 2019-02-06 11:55:41 UTC

Import patches-unapplied version 3.2.2-5ubuntu0.2 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 56427107438786204f603375626edbd12ec99fcc

New changelog entries:
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000019.patch: fix in
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2019-1000019
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000020.patch: fix in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2019-1000020

applied/ubuntu/cosmic-devel 2019-02-07 12:03:23 UTC 2019-02-07
Import patches-applied version 3.2.2-5ubuntu0.2 to applied/ubuntu/cosmic-secu...

Author: Leonidas S. Barbosa
Author Date: 2019-02-06 11:55:41 UTC

Import patches-applied version 3.2.2-5ubuntu0.2 to applied/ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: b633248024bd082d1c1b9f3b96082b051bfbb448
Unapplied parent: 55f9de3f0c4ac158bd69d35aaebd049f6a58535d

New changelog entries:
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000019.patch: fix in
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2019-1000019
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000020.patch: fix in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2019-1000020

applied/ubuntu/xenial-updates 2019-02-07 12:03:23 UTC 2019-02-07
Import patches-applied version 3.1.2-11ubuntu0.16.04.6 to applied/ubuntu/xeni...

Author: Leonidas S. Barbosa
Author Date: 2019-02-06 11:53:41 UTC

Import patches-applied version 3.1.2-11ubuntu0.16.04.6 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 54fce7d61c74c4caf015508b4a1d5d918024e861
Unapplied parent: ef1083e1267fdde3da9ef097172b790fe9083610

New changelog entries:
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000019.patch: fix in
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2019-1000019
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000020.patch: fix in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2019-1000020

applied/ubuntu/xenial-security 2019-02-07 12:03:23 UTC 2019-02-07
Import patches-applied version 3.1.2-11ubuntu0.16.04.6 to applied/ubuntu/xeni...

Author: Leonidas S. Barbosa
Author Date: 2019-02-06 11:53:41 UTC

Import patches-applied version 3.1.2-11ubuntu0.16.04.6 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 54fce7d61c74c4caf015508b4a1d5d918024e861
Unapplied parent: ef1083e1267fdde3da9ef097172b790fe9083610

New changelog entries:
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000019.patch: fix in
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2019-1000019
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000020.patch: fix in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2019-1000020

ubuntu/cosmic-devel 2019-02-07 12:03:23 UTC 2019-02-07
Import patches-unapplied version 3.2.2-5ubuntu0.2 to ubuntu/cosmic-security

Author: Leonidas S. Barbosa
Author Date: 2019-02-06 11:55:41 UTC

Import patches-unapplied version 3.2.2-5ubuntu0.2 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 56427107438786204f603375626edbd12ec99fcc

New changelog entries:
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000019.patch: fix in
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2019-1000019
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000020.patch: fix in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2019-1000020

ubuntu/trusty-devel 2019-02-07 12:03:23 UTC 2019-02-07
Import patches-unapplied version 3.1.2-7ubuntu2.8 to ubuntu/trusty-security

Author: Leonidas S. Barbosa
Author Date: 2019-02-06 11:48:45 UTC

Import patches-unapplied version 3.1.2-7ubuntu2.8 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 6934cf74bf26eabb83886951ce62174f2690e854

New changelog entries:
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000019.patch: fix in
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2019-1000019
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000020.patch: fix in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2019-1000020

ubuntu/xenial-security 2019-02-07 12:03:23 UTC 2019-02-07
Import patches-unapplied version 3.1.2-11ubuntu0.16.04.6 to ubuntu/xenial-sec...

Author: Leonidas S. Barbosa
Author Date: 2019-02-06 11:53:41 UTC

Import patches-unapplied version 3.1.2-11ubuntu0.16.04.6 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 809ff5c9c658ea914a5b748f5909ef4c37ba2b4d

New changelog entries:
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000019.patch: fix in
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2019-1000019
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000020.patch: fix in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2019-1000020

ubuntu/xenial-updates 2019-02-07 12:03:23 UTC 2019-02-07
Import patches-unapplied version 3.1.2-11ubuntu0.16.04.6 to ubuntu/xenial-sec...

Author: Leonidas S. Barbosa
Author Date: 2019-02-06 11:53:41 UTC

Import patches-unapplied version 3.1.2-11ubuntu0.16.04.6 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 809ff5c9c658ea914a5b748f5909ef4c37ba2b4d

New changelog entries:
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000019.patch: fix in
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2019-1000019
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000020.patch: fix in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2019-1000020

ubuntu/cosmic-security 2019-02-07 12:03:23 UTC 2019-02-07
Import patches-unapplied version 3.2.2-5ubuntu0.2 to ubuntu/cosmic-security

Author: Leonidas S. Barbosa
Author Date: 2019-02-06 11:55:41 UTC

Import patches-unapplied version 3.2.2-5ubuntu0.2 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 56427107438786204f603375626edbd12ec99fcc

New changelog entries:
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000019.patch: fix in
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2019-1000019
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000020.patch: fix in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2019-1000020

applied/ubuntu/eoan-devel 2019-02-06 16:37:28 UTC 2019-02-06
Import patches-applied version 3.3.3-4 to applied/debian/sid

Author: Peter Pentchev
Author Date: 2019-02-06 09:01:25 UTC

Import patches-applied version 3.3.3-4 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: d3c14aaf6b79a057122d84d10a2ec2a1df256857
Unapplied parent: 84d76bee88b9d7248c39b86f47779cdcdb170900

New changelog entries:
  * Add three upstream patches:
    - CVE-2019-1000019: fix a crash when parsing some 7zip archives
    - CVE-2019-1000020: require the RockRidge extension for iso9660
    - zip-nullptr: fix a null pointer deference in ZIP files handling

applied/ubuntu/eoan 2019-02-06 16:37:28 UTC 2019-02-06
Import patches-applied version 3.3.3-4 to applied/debian/sid

Author: Peter Pentchev
Author Date: 2019-02-06 09:01:25 UTC

Import patches-applied version 3.3.3-4 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: d3c14aaf6b79a057122d84d10a2ec2a1df256857
Unapplied parent: 84d76bee88b9d7248c39b86f47779cdcdb170900

New changelog entries:
  * Add three upstream patches:
    - CVE-2019-1000019: fix a crash when parsing some 7zip archives
    - CVE-2019-1000020: require the RockRidge extension for iso9660
    - zip-nullptr: fix a null pointer deference in ZIP files handling

ubuntu/eoan 2019-02-06 16:37:28 UTC 2019-02-06
Import patches-unapplied version 3.3.3-4 to debian/sid

Author: Peter Pentchev
Author Date: 2019-02-06 09:01:25 UTC

Import patches-unapplied version 3.3.3-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b3732f8027e0b6d7ac08e65995bd2703515008d0

New changelog entries:
  * Add three upstream patches:
    - CVE-2019-1000019: fix a crash when parsing some 7zip archives
    - CVE-2019-1000020: require the RockRidge extension for iso9660
    - zip-nullptr: fix a null pointer deference in ZIP files handling

ubuntu/eoan-devel 2019-02-06 16:37:28 UTC 2019-02-06
Import patches-unapplied version 3.3.3-4 to debian/sid

Author: Peter Pentchev
Author Date: 2019-02-06 09:01:25 UTC

Import patches-unapplied version 3.3.3-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b3732f8027e0b6d7ac08e65995bd2703515008d0

New changelog entries:
  * Add three upstream patches:
    - CVE-2019-1000019: fix a crash when parsing some 7zip archives
    - CVE-2019-1000020: require the RockRidge extension for iso9660
    - zip-nullptr: fix a null pointer deference in ZIP files handling

debian/sid 2019-02-06 16:37:28 UTC 2019-02-06
Import patches-unapplied version 3.3.3-4 to debian/sid

Author: Peter Pentchev
Author Date: 2019-02-06 09:01:25 UTC

Import patches-unapplied version 3.3.3-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b3732f8027e0b6d7ac08e65995bd2703515008d0

New changelog entries:
  * Add three upstream patches:
    - CVE-2019-1000019: fix a crash when parsing some 7zip archives
    - CVE-2019-1000020: require the RockRidge extension for iso9660
    - zip-nullptr: fix a null pointer deference in ZIP files handling

ubuntu/disco 2019-02-06 16:37:28 UTC 2019-02-06
Import patches-unapplied version 3.3.3-4 to debian/sid

Author: Peter Pentchev
Author Date: 2019-02-06 09:01:25 UTC

Import patches-unapplied version 3.3.3-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b3732f8027e0b6d7ac08e65995bd2703515008d0

New changelog entries:
  * Add three upstream patches:
    - CVE-2019-1000019: fix a crash when parsing some 7zip archives
    - CVE-2019-1000020: require the RockRidge extension for iso9660
    - zip-nullptr: fix a null pointer deference in ZIP files handling

applied/ubuntu/disco-devel 2019-02-06 16:37:28 UTC 2019-02-06
Import patches-applied version 3.3.3-4 to applied/debian/sid

Author: Peter Pentchev
Author Date: 2019-02-06 09:01:25 UTC

Import patches-applied version 3.3.3-4 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: d3c14aaf6b79a057122d84d10a2ec2a1df256857
Unapplied parent: 84d76bee88b9d7248c39b86f47779cdcdb170900

New changelog entries:
  * Add three upstream patches:
    - CVE-2019-1000019: fix a crash when parsing some 7zip archives
    - CVE-2019-1000020: require the RockRidge extension for iso9660
    - zip-nullptr: fix a null pointer deference in ZIP files handling

ubuntu/disco-devel 2019-02-06 16:37:28 UTC 2019-02-06
Import patches-unapplied version 3.3.3-4 to debian/sid

Author: Peter Pentchev
Author Date: 2019-02-06 09:01:25 UTC

Import patches-unapplied version 3.3.3-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b3732f8027e0b6d7ac08e65995bd2703515008d0

New changelog entries:
  * Add three upstream patches:
    - CVE-2019-1000019: fix a crash when parsing some 7zip archives
    - CVE-2019-1000020: require the RockRidge extension for iso9660
    - zip-nullptr: fix a null pointer deference in ZIP files handling

ubuntu/disco-proposed 2019-02-06 16:37:28 UTC 2019-02-06
Import patches-unapplied version 3.3.3-4 to debian/sid

Author: Peter Pentchev
Author Date: 2019-02-06 09:01:25 UTC

Import patches-unapplied version 3.3.3-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b3732f8027e0b6d7ac08e65995bd2703515008d0

New changelog entries:
  * Add three upstream patches:
    - CVE-2019-1000019: fix a crash when parsing some 7zip archives
    - CVE-2019-1000020: require the RockRidge extension for iso9660
    - zip-nullptr: fix a null pointer deference in ZIP files handling

ubuntu/devel 2019-02-06 16:37:28 UTC 2019-02-06
Import patches-unapplied version 3.3.3-4 to debian/sid

Author: Peter Pentchev
Author Date: 2019-02-06 09:01:25 UTC

Import patches-unapplied version 3.3.3-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b3732f8027e0b6d7ac08e65995bd2703515008d0

New changelog entries:
  * Add three upstream patches:
    - CVE-2019-1000019: fix a crash when parsing some 7zip archives
    - CVE-2019-1000020: require the RockRidge extension for iso9660
    - zip-nullptr: fix a null pointer deference in ZIP files handling

applied/ubuntu/disco 2019-02-06 16:37:28 UTC 2019-02-06
Import patches-applied version 3.3.3-4 to applied/debian/sid

Author: Peter Pentchev
Author Date: 2019-02-06 09:01:25 UTC

Import patches-applied version 3.3.3-4 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: d3c14aaf6b79a057122d84d10a2ec2a1df256857
Unapplied parent: 84d76bee88b9d7248c39b86f47779cdcdb170900

New changelog entries:
  * Add three upstream patches:
    - CVE-2019-1000019: fix a crash when parsing some 7zip archives
    - CVE-2019-1000020: require the RockRidge extension for iso9660
    - zip-nullptr: fix a null pointer deference in ZIP files handling

applied/debian/sid 2019-02-06 16:37:28 UTC 2019-02-06
Import patches-applied version 3.3.3-4 to applied/debian/sid

Author: Peter Pentchev
Author Date: 2019-02-06 09:01:25 UTC

Import patches-applied version 3.3.3-4 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: d3c14aaf6b79a057122d84d10a2ec2a1df256857
Unapplied parent: 84d76bee88b9d7248c39b86f47779cdcdb170900

New changelog entries:
  * Add three upstream patches:
    - CVE-2019-1000019: fix a crash when parsing some 7zip archives
    - CVE-2019-1000020: require the RockRidge extension for iso9660
    - zip-nullptr: fix a null pointer deference in ZIP files handling

debian/buster 2019-02-06 16:37:28 UTC 2019-02-06
Import patches-unapplied version 3.3.3-4 to debian/sid

Author: Peter Pentchev
Author Date: 2019-02-06 09:01:25 UTC

Import patches-unapplied version 3.3.3-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b3732f8027e0b6d7ac08e65995bd2703515008d0

New changelog entries:
  * Add three upstream patches:
    - CVE-2019-1000019: fix a crash when parsing some 7zip archives
    - CVE-2019-1000020: require the RockRidge extension for iso9660
    - zip-nullptr: fix a null pointer deference in ZIP files handling

applied/debian/buster 2019-02-06 16:37:28 UTC 2019-02-06
Import patches-applied version 3.3.3-4 to applied/debian/sid

Author: Peter Pentchev
Author Date: 2019-02-06 09:01:25 UTC

Import patches-applied version 3.3.3-4 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: d3c14aaf6b79a057122d84d10a2ec2a1df256857
Unapplied parent: 84d76bee88b9d7248c39b86f47779cdcdb170900

New changelog entries:
  * Add three upstream patches:
    - CVE-2019-1000019: fix a crash when parsing some 7zip archives
    - CVE-2019-1000020: require the RockRidge extension for iso9660
    - zip-nullptr: fix a null pointer deference in ZIP files handling

applied/ubuntu/devel 2019-02-06 16:37:28 UTC 2019-02-06
Import patches-applied version 3.3.3-4 to applied/debian/sid

Author: Peter Pentchev
Author Date: 2019-02-06 09:01:25 UTC

Import patches-applied version 3.3.3-4 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: d3c14aaf6b79a057122d84d10a2ec2a1df256857
Unapplied parent: 84d76bee88b9d7248c39b86f47779cdcdb170900

New changelog entries:
  * Add three upstream patches:
    - CVE-2019-1000019: fix a crash when parsing some 7zip archives
    - CVE-2019-1000020: require the RockRidge extension for iso9660
    - zip-nullptr: fix a null pointer deference in ZIP files handling

applied/ubuntu/disco-proposed 2019-02-06 16:37:28 UTC 2019-02-06
Import patches-applied version 3.3.3-4 to applied/debian/sid

Author: Peter Pentchev
Author Date: 2019-02-06 09:01:25 UTC

Import patches-applied version 3.3.3-4 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: d3c14aaf6b79a057122d84d10a2ec2a1df256857
Unapplied parent: 84d76bee88b9d7248c39b86f47779cdcdb170900

New changelog entries:
  * Add three upstream patches:
    - CVE-2019-1000019: fix a crash when parsing some 7zip archives
    - CVE-2019-1000020: require the RockRidge extension for iso9660
    - zip-nullptr: fix a null pointer deference in ZIP files handling

ubuntu/cosmic 2018-08-25 22:32:37 UTC 2018-08-25
Import patches-unapplied version 3.2.2-5 to debian/sid

Author: Peter Pentchev
Author Date: 2018-08-25 15:28:10 UTC

Import patches-unapplied version 3.2.2-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: e9a01a756ca56a1f7f9812d4023bb2d368abb5cf

New changelog entries:
  * Acknowledge NMUs; many thanks to Salvatore Bonaccorso!
  * Use my Debian e-mail address.
  * Declare compliance with Debian Policy 4.2.0:
    - add Rules-Requires-Root: no to the source control stanza
    - install the upstream release notes (NEWS)
  * Drop the duplicate Priority fields for the binary packages.
  * Switch to the HTTPS scheme in various upstream and Debian
    packaging URLs.
  * Drop some trailing whitespace from old changelog entries.
  * Bump the debhelper compatibility level to 11 with no changes and
    use the B-D: debhelper-compat (= 11) mechanism.
  * Add a trivial autopkgtest running adequate on the binary packages.

ubuntu/cosmic-proposed 2018-08-25 22:32:37 UTC 2018-08-25
Import patches-unapplied version 3.2.2-5 to debian/sid

Author: Peter Pentchev
Author Date: 2018-08-25 15:28:10 UTC

Import patches-unapplied version 3.2.2-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: e9a01a756ca56a1f7f9812d4023bb2d368abb5cf

New changelog entries:
  * Acknowledge NMUs; many thanks to Salvatore Bonaccorso!
  * Use my Debian e-mail address.
  * Declare compliance with Debian Policy 4.2.0:
    - add Rules-Requires-Root: no to the source control stanza
    - install the upstream release notes (NEWS)
  * Drop the duplicate Priority fields for the binary packages.
  * Switch to the HTTPS scheme in various upstream and Debian
    packaging URLs.
  * Drop some trailing whitespace from old changelog entries.
  * Bump the debhelper compatibility level to 11 with no changes and
    use the B-D: debhelper-compat (= 11) mechanism.
  * Add a trivial autopkgtest running adequate on the binary packages.

applied/ubuntu/cosmic-proposed 2018-08-25 22:32:37 UTC 2018-08-25
Import patches-applied version 3.2.2-5 to applied/debian/sid

Author: Peter Pentchev
Author Date: 2018-08-25 15:28:10 UTC

Import patches-applied version 3.2.2-5 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 5acaf5e221942f72ae94dceb655a4c71bb113942
Unapplied parent: 7a3b904c45e7d219b49d98f22874e53622ef7e2a

New changelog entries:
  * Acknowledge NMUs; many thanks to Salvatore Bonaccorso!
  * Use my Debian e-mail address.
  * Declare compliance with Debian Policy 4.2.0:
    - add Rules-Requires-Root: no to the source control stanza
    - install the upstream release notes (NEWS)
  * Drop the duplicate Priority fields for the binary packages.
  * Switch to the HTTPS scheme in various upstream and Debian
    packaging URLs.
  * Drop some trailing whitespace from old changelog entries.
  * Bump the debhelper compatibility level to 11 with no changes and
    use the B-D: debhelper-compat (= 11) mechanism.
  * Add a trivial autopkgtest running adequate on the binary packages.

applied/ubuntu/cosmic 2018-08-25 22:32:37 UTC 2018-08-25
Import patches-applied version 3.2.2-5 to applied/debian/sid

Author: Peter Pentchev
Author Date: 2018-08-25 15:28:10 UTC

Import patches-applied version 3.2.2-5 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 5acaf5e221942f72ae94dceb655a4c71bb113942
Unapplied parent: 7a3b904c45e7d219b49d98f22874e53622ef7e2a

New changelog entries:
  * Acknowledge NMUs; many thanks to Salvatore Bonaccorso!
  * Use my Debian e-mail address.
  * Declare compliance with Debian Policy 4.2.0:
    - add Rules-Requires-Root: no to the source control stanza
    - install the upstream release notes (NEWS)
  * Drop the duplicate Priority fields for the binary packages.
  * Switch to the HTTPS scheme in various upstream and Debian
    packaging URLs.
  * Drop some trailing whitespace from old changelog entries.
  * Bump the debhelper compatibility level to 11 with no changes and
    use the B-D: debhelper-compat (= 11) mechanism.
  * Add a trivial autopkgtest running adequate on the binary packages.

importer/ubuntu/pristine-tar 2018-03-28 07:08:21 UTC 2018-03-28
pristine-tar data for libarchive_3.2.2.orig.tar.gz

Author: Ubuntu Git Importer
Author Date: 2018-03-28 07:08:21 UTC

pristine-tar data for libarchive_3.2.2.orig.tar.gz

importer/debian/pristine-tar 2018-03-28 06:44:18 UTC 2018-03-28
pristine-tar data for libarchive_3.2.2.orig.tar.gz

Author: Ubuntu Git Importer
Author Date: 2018-03-28 06:44:18 UTC

pristine-tar data for libarchive_3.2.2.orig.tar.gz

applied/ubuntu/artful-devel 2017-09-14 22:34:17 UTC 2017-09-14
Import patches-applied version 3.2.2-3.1 to applied/debian/sid

Author: Salvatore Bonaccorso
Author Date: 2017-09-14 14:02:10 UTC

Import patches-applied version 3.2.2-3.1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 2dc104f802727d3457a9c13f7b535bb03c917052
Unapplied parent: 3d2a65827a79ffae932bfd3d9e9e0ea5cba87205

New changelog entries:
  * Non-maintainer upload.
  * Reupload 3.2.2-2.1 on top of 3.2.2-3
  * archive_strncat_l(): allocate and do not convert if length == 0
    (CVE-2016-10209) (Closes: #859456)
  * Reread the CAB header skipping the self-extracting binary code
    (CVE-2016-10349, CVE-2016-10350) (Closes: #861609)
  * Do something sensible for empty strings to make fuzzers happy
    (CVE-2017-14166)
    Fixes heap-based buffer over-read in the atol8 function. (Closes: #874539)

ubuntu/bionic 2017-09-14 22:34:17 UTC 2017-09-14
Import patches-unapplied version 3.2.2-3.1 to debian/sid

Author: Salvatore Bonaccorso
Author Date: 2017-09-14 14:02:10 UTC

Import patches-unapplied version 3.2.2-3.1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: d4b2822716f6d63288b822e268840966a0641480

New changelog entries:
  * Non-maintainer upload.
  * Reupload 3.2.2-2.1 on top of 3.2.2-3
  * archive_strncat_l(): allocate and do not convert if length == 0
    (CVE-2016-10209) (Closes: #859456)
  * Reread the CAB header skipping the self-extracting binary code
    (CVE-2016-10349, CVE-2016-10350) (Closes: #861609)
  * Do something sensible for empty strings to make fuzzers happy
    (CVE-2017-14166)
    Fixes heap-based buffer over-read in the atol8 function. (Closes: #874539)

applied/ubuntu/artful-proposed 2017-09-14 22:34:17 UTC 2017-09-14
Import patches-applied version 3.2.2-3.1 to applied/debian/sid

Author: Salvatore Bonaccorso
Author Date: 2017-09-14 14:02:10 UTC

Import patches-applied version 3.2.2-3.1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 2dc104f802727d3457a9c13f7b535bb03c917052
Unapplied parent: 3d2a65827a79ffae932bfd3d9e9e0ea5cba87205

New changelog entries:
  * Non-maintainer upload.
  * Reupload 3.2.2-2.1 on top of 3.2.2-3
  * archive_strncat_l(): allocate and do not convert if length == 0
    (CVE-2016-10209) (Closes: #859456)
  * Reread the CAB header skipping the self-extracting binary code
    (CVE-2016-10349, CVE-2016-10350) (Closes: #861609)
  * Do something sensible for empty strings to make fuzzers happy
    (CVE-2017-14166)
    Fixes heap-based buffer over-read in the atol8 function. (Closes: #874539)

ubuntu/artful 2017-09-14 22:34:17 UTC 2017-09-14
Import patches-unapplied version 3.2.2-3.1 to debian/sid

Author: Salvatore Bonaccorso
Author Date: 2017-09-14 14:02:10 UTC

Import patches-unapplied version 3.2.2-3.1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: d4b2822716f6d63288b822e268840966a0641480

New changelog entries:
  * Non-maintainer upload.
  * Reupload 3.2.2-2.1 on top of 3.2.2-3
  * archive_strncat_l(): allocate and do not convert if length == 0
    (CVE-2016-10209) (Closes: #859456)
  * Reread the CAB header skipping the self-extracting binary code
    (CVE-2016-10349, CVE-2016-10350) (Closes: #861609)
  * Do something sensible for empty strings to make fuzzers happy
    (CVE-2017-14166)
    Fixes heap-based buffer over-read in the atol8 function. (Closes: #874539)

ubuntu/artful-devel 2017-09-14 22:34:17 UTC 2017-09-14
Import patches-unapplied version 3.2.2-3.1 to debian/sid

Author: Salvatore Bonaccorso
Author Date: 2017-09-14 14:02:10 UTC

Import patches-unapplied version 3.2.2-3.1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: d4b2822716f6d63288b822e268840966a0641480

New changelog entries:
  * Non-maintainer upload.
  * Reupload 3.2.2-2.1 on top of 3.2.2-3
  * archive_strncat_l(): allocate and do not convert if length == 0
    (CVE-2016-10209) (Closes: #859456)
  * Reread the CAB header skipping the self-extracting binary code
    (CVE-2016-10349, CVE-2016-10350) (Closes: #861609)
  * Do something sensible for empty strings to make fuzzers happy
    (CVE-2017-14166)
    Fixes heap-based buffer over-read in the atol8 function. (Closes: #874539)

ubuntu/artful-proposed 2017-09-14 22:34:17 UTC 2017-09-14
Import patches-unapplied version 3.2.2-3.1 to debian/sid

Author: Salvatore Bonaccorso
Author Date: 2017-09-14 14:02:10 UTC

Import patches-unapplied version 3.2.2-3.1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: d4b2822716f6d63288b822e268840966a0641480

New changelog entries:
  * Non-maintainer upload.
  * Reupload 3.2.2-2.1 on top of 3.2.2-3
  * archive_strncat_l(): allocate and do not convert if length == 0
    (CVE-2016-10209) (Closes: #859456)
  * Reread the CAB header skipping the self-extracting binary code
    (CVE-2016-10349, CVE-2016-10350) (Closes: #861609)
  * Do something sensible for empty strings to make fuzzers happy
    (CVE-2017-14166)
    Fixes heap-based buffer over-read in the atol8 function. (Closes: #874539)

applied/ubuntu/artful 2017-09-14 22:34:17 UTC 2017-09-14
Import patches-applied version 3.2.2-3.1 to applied/debian/sid

Author: Salvatore Bonaccorso
Author Date: 2017-09-14 14:02:10 UTC

Import patches-applied version 3.2.2-3.1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 2dc104f802727d3457a9c13f7b535bb03c917052
Unapplied parent: 3d2a65827a79ffae932bfd3d9e9e0ea5cba87205

New changelog entries:
  * Non-maintainer upload.
  * Reupload 3.2.2-2.1 on top of 3.2.2-3
  * archive_strncat_l(): allocate and do not convert if length == 0
    (CVE-2016-10209) (Closes: #859456)
  * Reread the CAB header skipping the self-extracting binary code
    (CVE-2016-10349, CVE-2016-10350) (Closes: #861609)
  * Do something sensible for empty strings to make fuzzers happy
    (CVE-2017-14166)
    Fixes heap-based buffer over-read in the atol8 function. (Closes: #874539)

applied/ubuntu/bionic 2017-09-14 22:34:17 UTC 2017-09-14
Import patches-applied version 3.2.2-3.1 to applied/debian/sid

Author: Salvatore Bonaccorso
Author Date: 2017-09-14 14:02:10 UTC

Import patches-applied version 3.2.2-3.1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 2dc104f802727d3457a9c13f7b535bb03c917052
Unapplied parent: 3d2a65827a79ffae932bfd3d9e9e0ea5cba87205

New changelog entries:
  * Non-maintainer upload.
  * Reupload 3.2.2-2.1 on top of 3.2.2-3
  * archive_strncat_l(): allocate and do not convert if length == 0
    (CVE-2016-10209) (Closes: #859456)
  * Reread the CAB header skipping the self-extracting binary code
    (CVE-2016-10349, CVE-2016-10350) (Closes: #861609)
  * Do something sensible for empty strings to make fuzzers happy
    (CVE-2017-14166)
    Fixes heap-based buffer over-read in the atol8 function. (Closes: #874539)

ubuntu/zesty 2017-04-04 04:15:52 UTC 2017-04-04
Import patches-unapplied version 3.2.2-2 to debian/sid

Author: Andreas Henriksson
Author Date: 2017-04-03 20:20:05 UTC

Import patches-unapplied version 3.2.2-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 47cc4433d159e690cc165258221a045f67e26fd4

New changelog entries:
  * Disable tests (Closes: #859455)

applied/ubuntu/zesty-proposed 2017-04-04 04:15:52 UTC 2017-04-04
Import patches-applied version 3.2.2-2 to applied/debian/sid

Author: Andreas Henriksson
Author Date: 2017-04-03 20:20:05 UTC

Import patches-applied version 3.2.2-2 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 21057d283f60388e8df0df16cd53698ae074e144
Unapplied parent: 4c629041c9e56ae4464b18c11b0309cf0140665f

New changelog entries:
  * Disable tests (Closes: #859455)

applied/ubuntu/zesty-devel 2017-04-04 04:15:52 UTC 2017-04-04
Import patches-applied version 3.2.2-2 to applied/debian/sid

Author: Andreas Henriksson
Author Date: 2017-04-03 20:20:05 UTC

Import patches-applied version 3.2.2-2 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 21057d283f60388e8df0df16cd53698ae074e144
Unapplied parent: 4c629041c9e56ae4464b18c11b0309cf0140665f

New changelog entries:
  * Disable tests (Closes: #859455)

applied/ubuntu/zesty 2017-04-04 04:15:52 UTC 2017-04-04
Import patches-applied version 3.2.2-2 to applied/debian/sid

Author: Andreas Henriksson
Author Date: 2017-04-03 20:20:05 UTC

Import patches-applied version 3.2.2-2 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 21057d283f60388e8df0df16cd53698ae074e144
Unapplied parent: 4c629041c9e56ae4464b18c11b0309cf0140665f

New changelog entries:
  * Disable tests (Closes: #859455)

ubuntu/zesty-devel 2017-04-04 04:15:52 UTC 2017-04-04
Import patches-unapplied version 3.2.2-2 to debian/sid

Author: Andreas Henriksson
Author Date: 2017-04-03 20:20:05 UTC

Import patches-unapplied version 3.2.2-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 47cc4433d159e690cc165258221a045f67e26fd4

New changelog entries:
  * Disable tests (Closes: #859455)

ubuntu/zesty-proposed 2017-04-04 04:15:52 UTC 2017-04-04
Import patches-unapplied version 3.2.2-2 to debian/sid

Author: Andreas Henriksson
Author Date: 2017-04-03 20:20:05 UTC

Import patches-unapplied version 3.2.2-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 47cc4433d159e690cc165258221a045f67e26fd4

New changelog entries:
  * Disable tests (Closes: #859455)

applied/ubuntu/precise-updates 2017-03-09 18:33:18 UTC 2017-03-09
Import patches-applied version 3.0.3-6ubuntu1.4 to applied/ubuntu/precise-sec...

Author: Marc Deslauriers
Author Date: 2017-03-09 16:34:04 UTC

Import patches-applied version 3.0.3-6ubuntu1.4 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: e8be0bbc247ae848eb753eaae08b76fc37f3cfda
Unapplied parent: 0f86878f8bcf4854f0d526228495d2d71fdcf848

New changelog entries:
  * SECURITY UPDATE: arbitrary file write via hardlink entries
    - debian/patches/CVE-2016-5418-1.patch: enforce sandbox with very long
      pathnames in libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-2.patch: fix path handling in
      libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-3.patch: add test cases to Makefile.am,
      libarchive/test/CMakeLists.txt, libarchive/test/main.c,
      libarchive/test/test.h, libarchive/test/test_write_disk_secure744.c,
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-4.patch: fix testcases in
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-5.patch: correct PATH_MAX usage in
      libarchive/archive_write_disk_posix.c.
    - CVE-2016-5418
  * SECURITY UPDATE: denial of service and possible code execution when
    writing an ISO9660 archive
    - debian/patches/CVE-2016-6250.patch: check for overflow in
      libarchive/archive_write_set_format_iso9660.c.
    - CVE-2016-6250
  * SECURITY UPDATE: denial of service via recursive decompression
    - debian/patches/CVE-2016-7166.patch: limit number of filters in
      libarchive/archive_read.c, added test to Makefile.am,
      libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_too_many_filters.c,
      libarchive/test/test_read_too_many_filters.gz.uu.
    - CVE-2016-7166
  * SECURITY UPDATE: denial of service via non-printable multibyte
    character in a filename
    - debian/patches/CVE-2016-8687.patch: expand buffer size in tar/util.c.
    - CVE-2016-8687
  * SECURITY UPDATE: denial of service via multiple long lines
    - debian/patches/CVE-2016-8688.patch: fix bounds in
      libarchive/archive_read_support_format_mtree.c, added test to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_mtree_crash747.c,
      libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu.
    - CVE-2016-8688
  * SECURITY UPDATE: denial of service via multiple EmptyStream attributes
    - debian/patches/CVE-2016-8689.patch: reject files with multiple
      markers in libarchive/archive_read_support_format_7zip.c.
    - CVE-2016-8689
  * SECURITY UPDATE: denial of service via invalid compressed file size
    - debian/patches/CVE-2017-5601.patch: add check to
      libarchive/archive_read_support_format_lha.c.
    - CVE-2017-5601

applied/ubuntu/precise-security 2017-03-09 18:33:18 UTC 2017-03-09
Import patches-applied version 3.0.3-6ubuntu1.4 to applied/ubuntu/precise-sec...

Author: Marc Deslauriers
Author Date: 2017-03-09 16:34:04 UTC

Import patches-applied version 3.0.3-6ubuntu1.4 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: e8be0bbc247ae848eb753eaae08b76fc37f3cfda
Unapplied parent: 0f86878f8bcf4854f0d526228495d2d71fdcf848

New changelog entries:
  * SECURITY UPDATE: arbitrary file write via hardlink entries
    - debian/patches/CVE-2016-5418-1.patch: enforce sandbox with very long
      pathnames in libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-2.patch: fix path handling in
      libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-3.patch: add test cases to Makefile.am,
      libarchive/test/CMakeLists.txt, libarchive/test/main.c,
      libarchive/test/test.h, libarchive/test/test_write_disk_secure744.c,
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-4.patch: fix testcases in
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-5.patch: correct PATH_MAX usage in
      libarchive/archive_write_disk_posix.c.
    - CVE-2016-5418
  * SECURITY UPDATE: denial of service and possible code execution when
    writing an ISO9660 archive
    - debian/patches/CVE-2016-6250.patch: check for overflow in
      libarchive/archive_write_set_format_iso9660.c.
    - CVE-2016-6250
  * SECURITY UPDATE: denial of service via recursive decompression
    - debian/patches/CVE-2016-7166.patch: limit number of filters in
      libarchive/archive_read.c, added test to Makefile.am,
      libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_too_many_filters.c,
      libarchive/test/test_read_too_many_filters.gz.uu.
    - CVE-2016-7166
  * SECURITY UPDATE: denial of service via non-printable multibyte
    character in a filename
    - debian/patches/CVE-2016-8687.patch: expand buffer size in tar/util.c.
    - CVE-2016-8687
  * SECURITY UPDATE: denial of service via multiple long lines
    - debian/patches/CVE-2016-8688.patch: fix bounds in
      libarchive/archive_read_support_format_mtree.c, added test to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_mtree_crash747.c,
      libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu.
    - CVE-2016-8688
  * SECURITY UPDATE: denial of service via multiple EmptyStream attributes
    - debian/patches/CVE-2016-8689.patch: reject files with multiple
      markers in libarchive/archive_read_support_format_7zip.c.
    - CVE-2016-8689
  * SECURITY UPDATE: denial of service via invalid compressed file size
    - debian/patches/CVE-2017-5601.patch: add check to
      libarchive/archive_read_support_format_lha.c.
    - CVE-2017-5601

applied/ubuntu/precise-devel 2017-03-09 18:33:18 UTC 2017-03-09
Import patches-applied version 3.0.3-6ubuntu1.4 to applied/ubuntu/precise-sec...

Author: Marc Deslauriers
Author Date: 2017-03-09 16:34:04 UTC

Import patches-applied version 3.0.3-6ubuntu1.4 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: e8be0bbc247ae848eb753eaae08b76fc37f3cfda
Unapplied parent: 0f86878f8bcf4854f0d526228495d2d71fdcf848

New changelog entries:
  * SECURITY UPDATE: arbitrary file write via hardlink entries
    - debian/patches/CVE-2016-5418-1.patch: enforce sandbox with very long
      pathnames in libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-2.patch: fix path handling in
      libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-3.patch: add test cases to Makefile.am,
      libarchive/test/CMakeLists.txt, libarchive/test/main.c,
      libarchive/test/test.h, libarchive/test/test_write_disk_secure744.c,
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-4.patch: fix testcases in
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-5.patch: correct PATH_MAX usage in
      libarchive/archive_write_disk_posix.c.
    - CVE-2016-5418
  * SECURITY UPDATE: denial of service and possible code execution when
    writing an ISO9660 archive
    - debian/patches/CVE-2016-6250.patch: check for overflow in
      libarchive/archive_write_set_format_iso9660.c.
    - CVE-2016-6250
  * SECURITY UPDATE: denial of service via recursive decompression
    - debian/patches/CVE-2016-7166.patch: limit number of filters in
      libarchive/archive_read.c, added test to Makefile.am,
      libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_too_many_filters.c,
      libarchive/test/test_read_too_many_filters.gz.uu.
    - CVE-2016-7166
  * SECURITY UPDATE: denial of service via non-printable multibyte
    character in a filename
    - debian/patches/CVE-2016-8687.patch: expand buffer size in tar/util.c.
    - CVE-2016-8687
  * SECURITY UPDATE: denial of service via multiple long lines
    - debian/patches/CVE-2016-8688.patch: fix bounds in
      libarchive/archive_read_support_format_mtree.c, added test to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_mtree_crash747.c,
      libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu.
    - CVE-2016-8688
  * SECURITY UPDATE: denial of service via multiple EmptyStream attributes
    - debian/patches/CVE-2016-8689.patch: reject files with multiple
      markers in libarchive/archive_read_support_format_7zip.c.
    - CVE-2016-8689
  * SECURITY UPDATE: denial of service via invalid compressed file size
    - debian/patches/CVE-2017-5601.patch: add check to
      libarchive/archive_read_support_format_lha.c.
    - CVE-2017-5601

ubuntu/precise-devel 2017-03-09 18:33:18 UTC 2017-03-09
Import patches-unapplied version 3.0.3-6ubuntu1.4 to ubuntu/precise-security

Author: Marc Deslauriers
Author Date: 2017-03-09 16:34:04 UTC

Import patches-unapplied version 3.0.3-6ubuntu1.4 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 933df5037ca0a4911e7228edae15e96b054c0ba7

New changelog entries:
  * SECURITY UPDATE: arbitrary file write via hardlink entries
    - debian/patches/CVE-2016-5418-1.patch: enforce sandbox with very long
      pathnames in libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-2.patch: fix path handling in
      libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-3.patch: add test cases to Makefile.am,
      libarchive/test/CMakeLists.txt, libarchive/test/main.c,
      libarchive/test/test.h, libarchive/test/test_write_disk_secure744.c,
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-4.patch: fix testcases in
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-5.patch: correct PATH_MAX usage in
      libarchive/archive_write_disk_posix.c.
    - CVE-2016-5418
  * SECURITY UPDATE: denial of service and possible code execution when
    writing an ISO9660 archive
    - debian/patches/CVE-2016-6250.patch: check for overflow in
      libarchive/archive_write_set_format_iso9660.c.
    - CVE-2016-6250
  * SECURITY UPDATE: denial of service via recursive decompression
    - debian/patches/CVE-2016-7166.patch: limit number of filters in
      libarchive/archive_read.c, added test to Makefile.am,
      libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_too_many_filters.c,
      libarchive/test/test_read_too_many_filters.gz.uu.
    - CVE-2016-7166
  * SECURITY UPDATE: denial of service via non-printable multibyte
    character in a filename
    - debian/patches/CVE-2016-8687.patch: expand buffer size in tar/util.c.
    - CVE-2016-8687
  * SECURITY UPDATE: denial of service via multiple long lines
    - debian/patches/CVE-2016-8688.patch: fix bounds in
      libarchive/archive_read_support_format_mtree.c, added test to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_mtree_crash747.c,
      libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu.
    - CVE-2016-8688
  * SECURITY UPDATE: denial of service via multiple EmptyStream attributes
    - debian/patches/CVE-2016-8689.patch: reject files with multiple
      markers in libarchive/archive_read_support_format_7zip.c.
    - CVE-2016-8689
  * SECURITY UPDATE: denial of service via invalid compressed file size
    - debian/patches/CVE-2017-5601.patch: add check to
      libarchive/archive_read_support_format_lha.c.
    - CVE-2017-5601

ubuntu/precise-security 2017-03-09 18:33:18 UTC 2017-03-09
Import patches-unapplied version 3.0.3-6ubuntu1.4 to ubuntu/precise-security

Author: Marc Deslauriers
Author Date: 2017-03-09 16:34:04 UTC

Import patches-unapplied version 3.0.3-6ubuntu1.4 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 933df5037ca0a4911e7228edae15e96b054c0ba7

New changelog entries:
  * SECURITY UPDATE: arbitrary file write via hardlink entries
    - debian/patches/CVE-2016-5418-1.patch: enforce sandbox with very long
      pathnames in libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-2.patch: fix path handling in
      libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-3.patch: add test cases to Makefile.am,
      libarchive/test/CMakeLists.txt, libarchive/test/main.c,
      libarchive/test/test.h, libarchive/test/test_write_disk_secure744.c,
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-4.patch: fix testcases in
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-5.patch: correct PATH_MAX usage in
      libarchive/archive_write_disk_posix.c.
    - CVE-2016-5418
  * SECURITY UPDATE: denial of service and possible code execution when
    writing an ISO9660 archive
    - debian/patches/CVE-2016-6250.patch: check for overflow in
      libarchive/archive_write_set_format_iso9660.c.
    - CVE-2016-6250
  * SECURITY UPDATE: denial of service via recursive decompression
    - debian/patches/CVE-2016-7166.patch: limit number of filters in
      libarchive/archive_read.c, added test to Makefile.am,
      libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_too_many_filters.c,
      libarchive/test/test_read_too_many_filters.gz.uu.
    - CVE-2016-7166
  * SECURITY UPDATE: denial of service via non-printable multibyte
    character in a filename
    - debian/patches/CVE-2016-8687.patch: expand buffer size in tar/util.c.
    - CVE-2016-8687
  * SECURITY UPDATE: denial of service via multiple long lines
    - debian/patches/CVE-2016-8688.patch: fix bounds in
      libarchive/archive_read_support_format_mtree.c, added test to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_mtree_crash747.c,
      libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu.
    - CVE-2016-8688
  * SECURITY UPDATE: denial of service via multiple EmptyStream attributes
    - debian/patches/CVE-2016-8689.patch: reject files with multiple
      markers in libarchive/archive_read_support_format_7zip.c.
    - CVE-2016-8689
  * SECURITY UPDATE: denial of service via invalid compressed file size
    - debian/patches/CVE-2017-5601.patch: add check to
      libarchive/archive_read_support_format_lha.c.
    - CVE-2017-5601

ubuntu/precise-updates 2017-03-09 18:33:18 UTC 2017-03-09
Import patches-unapplied version 3.0.3-6ubuntu1.4 to ubuntu/precise-security

Author: Marc Deslauriers
Author Date: 2017-03-09 16:34:04 UTC

Import patches-unapplied version 3.0.3-6ubuntu1.4 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 933df5037ca0a4911e7228edae15e96b054c0ba7

New changelog entries:
  * SECURITY UPDATE: arbitrary file write via hardlink entries
    - debian/patches/CVE-2016-5418-1.patch: enforce sandbox with very long
      pathnames in libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-2.patch: fix path handling in
      libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-3.patch: add test cases to Makefile.am,
      libarchive/test/CMakeLists.txt, libarchive/test/main.c,
      libarchive/test/test.h, libarchive/test/test_write_disk_secure744.c,
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-4.patch: fix testcases in
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-5.patch: correct PATH_MAX usage in
      libarchive/archive_write_disk_posix.c.
    - CVE-2016-5418
  * SECURITY UPDATE: denial of service and possible code execution when
    writing an ISO9660 archive
    - debian/patches/CVE-2016-6250.patch: check for overflow in
      libarchive/archive_write_set_format_iso9660.c.
    - CVE-2016-6250
  * SECURITY UPDATE: denial of service via recursive decompression
    - debian/patches/CVE-2016-7166.patch: limit number of filters in
      libarchive/archive_read.c, added test to Makefile.am,
      libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_too_many_filters.c,
      libarchive/test/test_read_too_many_filters.gz.uu.
    - CVE-2016-7166
  * SECURITY UPDATE: denial of service via non-printable multibyte
    character in a filename
    - debian/patches/CVE-2016-8687.patch: expand buffer size in tar/util.c.
    - CVE-2016-8687
  * SECURITY UPDATE: denial of service via multiple long lines
    - debian/patches/CVE-2016-8688.patch: fix bounds in
      libarchive/archive_read_support_format_mtree.c, added test to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_mtree_crash747.c,
      libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu.
    - CVE-2016-8688
  * SECURITY UPDATE: denial of service via multiple EmptyStream attributes
    - debian/patches/CVE-2016-8689.patch: reject files with multiple
      markers in libarchive/archive_read_support_format_7zip.c.
    - CVE-2016-8689
  * SECURITY UPDATE: denial of service via invalid compressed file size
    - debian/patches/CVE-2017-5601.patch: add check to
      libarchive/archive_read_support_format_lha.c.
    - CVE-2017-5601

applied/ubuntu/yakkety-updates 2017-03-09 18:33:18 UTC 2017-03-09
Import patches-applied version 3.2.1-2ubuntu0.1 to applied/ubuntu/yakkety-sec...

Author: Marc Deslauriers
Author Date: 2017-03-09 15:35:20 UTC

Import patches-applied version 3.2.1-2ubuntu0.1 to applied/ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 6c1a360f6481bbb2a8a74bce3aed9d1454b92e0a
Unapplied parent: e8d30d0307332fb9302715d10d4d91ce8b39b512

New changelog entries:
  * SECURITY UPDATE: arbitrary file write via hardlink entries
    - debian/patches/CVE-2016-5418-1.patch: enforce sandbox with very long
      pathnames in libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-2.patch: fix path handling in
      libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-3.patch: add test cases to Makefile.am,
      libarchive/test/CMakeLists.txt, libarchive/test/main.c,
      libarchive/test/test.h, libarchive/test/test_write_disk_secure744.c,
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-4.patch: fix testcases in
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-5.patch: correct PATH_MAX usage in
      libarchive/archive_write_disk_posix.c.
    - CVE-2016-5418
  * SECURITY UPDATE: denial of service via non-printable multibyte
    character in a filename
    - debian/patches/CVE-2016-8687.patch: expand buffer size in tar/util.c.
    - CVE-2016-8687
  * SECURITY UPDATE: denial of service via multiple long lines
    - debian/patches/CVE-2016-8688.patch: fix bounds in
      libarchive/archive_read_support_format_mtree.c, added test to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_mtree_crash747.c,
      libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu.
    - CVE-2016-8688
  * SECURITY UPDATE: denial of service via multiple EmptyStream attributes
    - debian/patches/CVE-2016-8689.patch: reject files with multiple
      markers in libarchive/archive_read_support_format_7zip.c.
    - CVE-2016-8689
  * SECURITY UPDATE: denial of service via invalid compressed file size
    - debian/patches/CVE-2017-5601.patch: add check to
      libarchive/archive_read_support_format_lha.c.
    - CVE-2017-5601

applied/ubuntu/yakkety-security 2017-03-09 18:33:18 UTC 2017-03-09
Import patches-applied version 3.2.1-2ubuntu0.1 to applied/ubuntu/yakkety-sec...

Author: Marc Deslauriers
Author Date: 2017-03-09 15:35:20 UTC

Import patches-applied version 3.2.1-2ubuntu0.1 to applied/ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 6c1a360f6481bbb2a8a74bce3aed9d1454b92e0a
Unapplied parent: e8d30d0307332fb9302715d10d4d91ce8b39b512

New changelog entries:
  * SECURITY UPDATE: arbitrary file write via hardlink entries
    - debian/patches/CVE-2016-5418-1.patch: enforce sandbox with very long
      pathnames in libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-2.patch: fix path handling in
      libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-3.patch: add test cases to Makefile.am,
      libarchive/test/CMakeLists.txt, libarchive/test/main.c,
      libarchive/test/test.h, libarchive/test/test_write_disk_secure744.c,
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-4.patch: fix testcases in
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-5.patch: correct PATH_MAX usage in
      libarchive/archive_write_disk_posix.c.
    - CVE-2016-5418
  * SECURITY UPDATE: denial of service via non-printable multibyte
    character in a filename
    - debian/patches/CVE-2016-8687.patch: expand buffer size in tar/util.c.
    - CVE-2016-8687
  * SECURITY UPDATE: denial of service via multiple long lines
    - debian/patches/CVE-2016-8688.patch: fix bounds in
      libarchive/archive_read_support_format_mtree.c, added test to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_mtree_crash747.c,
      libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu.
    - CVE-2016-8688
  * SECURITY UPDATE: denial of service via multiple EmptyStream attributes
    - debian/patches/CVE-2016-8689.patch: reject files with multiple
      markers in libarchive/archive_read_support_format_7zip.c.
    - CVE-2016-8689
  * SECURITY UPDATE: denial of service via invalid compressed file size
    - debian/patches/CVE-2017-5601.patch: add check to
      libarchive/archive_read_support_format_lha.c.
    - CVE-2017-5601

applied/ubuntu/yakkety-devel 2017-03-09 18:33:18 UTC 2017-03-09
Import patches-applied version 3.2.1-2ubuntu0.1 to applied/ubuntu/yakkety-sec...

Author: Marc Deslauriers
Author Date: 2017-03-09 15:35:20 UTC

Import patches-applied version 3.2.1-2ubuntu0.1 to applied/ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 6c1a360f6481bbb2a8a74bce3aed9d1454b92e0a
Unapplied parent: e8d30d0307332fb9302715d10d4d91ce8b39b512

New changelog entries:
  * SECURITY UPDATE: arbitrary file write via hardlink entries
    - debian/patches/CVE-2016-5418-1.patch: enforce sandbox with very long
      pathnames in libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-2.patch: fix path handling in
      libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-3.patch: add test cases to Makefile.am,
      libarchive/test/CMakeLists.txt, libarchive/test/main.c,
      libarchive/test/test.h, libarchive/test/test_write_disk_secure744.c,
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-4.patch: fix testcases in
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-5.patch: correct PATH_MAX usage in
      libarchive/archive_write_disk_posix.c.
    - CVE-2016-5418
  * SECURITY UPDATE: denial of service via non-printable multibyte
    character in a filename
    - debian/patches/CVE-2016-8687.patch: expand buffer size in tar/util.c.
    - CVE-2016-8687
  * SECURITY UPDATE: denial of service via multiple long lines
    - debian/patches/CVE-2016-8688.patch: fix bounds in
      libarchive/archive_read_support_format_mtree.c, added test to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_mtree_crash747.c,
      libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu.
    - CVE-2016-8688
  * SECURITY UPDATE: denial of service via multiple EmptyStream attributes
    - debian/patches/CVE-2016-8689.patch: reject files with multiple
      markers in libarchive/archive_read_support_format_7zip.c.
    - CVE-2016-8689
  * SECURITY UPDATE: denial of service via invalid compressed file size
    - debian/patches/CVE-2017-5601.patch: add check to
      libarchive/archive_read_support_format_lha.c.
    - CVE-2017-5601

ubuntu/yakkety-security 2017-03-09 18:33:18 UTC 2017-03-09
Import patches-unapplied version 3.2.1-2ubuntu0.1 to ubuntu/yakkety-security

Author: Marc Deslauriers
Author Date: 2017-03-09 15:35:20 UTC

Import patches-unapplied version 3.2.1-2ubuntu0.1 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: d3d704c1bc791ad9e8d86fb5c57a8a7ba2f21b2f

New changelog entries:
  * SECURITY UPDATE: arbitrary file write via hardlink entries
    - debian/patches/CVE-2016-5418-1.patch: enforce sandbox with very long
      pathnames in libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-2.patch: fix path handling in
      libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-3.patch: add test cases to Makefile.am,
      libarchive/test/CMakeLists.txt, libarchive/test/main.c,
      libarchive/test/test.h, libarchive/test/test_write_disk_secure744.c,
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-4.patch: fix testcases in
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-5.patch: correct PATH_MAX usage in
      libarchive/archive_write_disk_posix.c.
    - CVE-2016-5418
  * SECURITY UPDATE: denial of service via non-printable multibyte
    character in a filename
    - debian/patches/CVE-2016-8687.patch: expand buffer size in tar/util.c.
    - CVE-2016-8687
  * SECURITY UPDATE: denial of service via multiple long lines
    - debian/patches/CVE-2016-8688.patch: fix bounds in
      libarchive/archive_read_support_format_mtree.c, added test to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_mtree_crash747.c,
      libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu.
    - CVE-2016-8688
  * SECURITY UPDATE: denial of service via multiple EmptyStream attributes
    - debian/patches/CVE-2016-8689.patch: reject files with multiple
      markers in libarchive/archive_read_support_format_7zip.c.
    - CVE-2016-8689
  * SECURITY UPDATE: denial of service via invalid compressed file size
    - debian/patches/CVE-2017-5601.patch: add check to
      libarchive/archive_read_support_format_lha.c.
    - CVE-2017-5601

ubuntu/yakkety-devel 2017-03-09 18:33:18 UTC 2017-03-09
Import patches-unapplied version 3.2.1-2ubuntu0.1 to ubuntu/yakkety-security

Author: Marc Deslauriers
Author Date: 2017-03-09 15:35:20 UTC

Import patches-unapplied version 3.2.1-2ubuntu0.1 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: d3d704c1bc791ad9e8d86fb5c57a8a7ba2f21b2f

New changelog entries:
  * SECURITY UPDATE: arbitrary file write via hardlink entries
    - debian/patches/CVE-2016-5418-1.patch: enforce sandbox with very long
      pathnames in libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-2.patch: fix path handling in
      libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-3.patch: add test cases to Makefile.am,
      libarchive/test/CMakeLists.txt, libarchive/test/main.c,
      libarchive/test/test.h, libarchive/test/test_write_disk_secure744.c,
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-4.patch: fix testcases in
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-5.patch: correct PATH_MAX usage in
      libarchive/archive_write_disk_posix.c.
    - CVE-2016-5418
  * SECURITY UPDATE: denial of service via non-printable multibyte
    character in a filename
    - debian/patches/CVE-2016-8687.patch: expand buffer size in tar/util.c.
    - CVE-2016-8687
  * SECURITY UPDATE: denial of service via multiple long lines
    - debian/patches/CVE-2016-8688.patch: fix bounds in
      libarchive/archive_read_support_format_mtree.c, added test to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_mtree_crash747.c,
      libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu.
    - CVE-2016-8688
  * SECURITY UPDATE: denial of service via multiple EmptyStream attributes
    - debian/patches/CVE-2016-8689.patch: reject files with multiple
      markers in libarchive/archive_read_support_format_7zip.c.
    - CVE-2016-8689
  * SECURITY UPDATE: denial of service via invalid compressed file size
    - debian/patches/CVE-2017-5601.patch: add check to
      libarchive/archive_read_support_format_lha.c.
    - CVE-2017-5601

ubuntu/yakkety-updates 2017-03-09 18:33:18 UTC 2017-03-09
Import patches-unapplied version 3.2.1-2ubuntu0.1 to ubuntu/yakkety-security

Author: Marc Deslauriers
Author Date: 2017-03-09 15:35:20 UTC

Import patches-unapplied version 3.2.1-2ubuntu0.1 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: d3d704c1bc791ad9e8d86fb5c57a8a7ba2f21b2f

New changelog entries:
  * SECURITY UPDATE: arbitrary file write via hardlink entries
    - debian/patches/CVE-2016-5418-1.patch: enforce sandbox with very long
      pathnames in libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-2.patch: fix path handling in
      libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-3.patch: add test cases to Makefile.am,
      libarchive/test/CMakeLists.txt, libarchive/test/main.c,
      libarchive/test/test.h, libarchive/test/test_write_disk_secure744.c,
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-4.patch: fix testcases in
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-5.patch: correct PATH_MAX usage in
      libarchive/archive_write_disk_posix.c.
    - CVE-2016-5418
  * SECURITY UPDATE: denial of service via non-printable multibyte
    character in a filename
    - debian/patches/CVE-2016-8687.patch: expand buffer size in tar/util.c.
    - CVE-2016-8687
  * SECURITY UPDATE: denial of service via multiple long lines
    - debian/patches/CVE-2016-8688.patch: fix bounds in
      libarchive/archive_read_support_format_mtree.c, added test to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_mtree_crash747.c,
      libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu.
    - CVE-2016-8688
  * SECURITY UPDATE: denial of service via multiple EmptyStream attributes
    - debian/patches/CVE-2016-8689.patch: reject files with multiple
      markers in libarchive/archive_read_support_format_7zip.c.
    - CVE-2016-8689
  * SECURITY UPDATE: denial of service via invalid compressed file size
    - debian/patches/CVE-2017-5601.patch: add check to
      libarchive/archive_read_support_format_lha.c.
    - CVE-2017-5601

debian/jessie 2017-01-14 17:26:24 UTC 2017-01-14
Import patches-unapplied version 3.1.2-11+deb8u3 to debian/jessie

Author: Salvatore Bonaccorso
Author Date: 2016-09-24 11:25:26 UTC

Import patches-unapplied version 3.1.2-11+deb8u3 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: 8645d67b774100884ae5b53e5f38b5450e603ff8

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * CVE-2016-7166: Denial of service using a crafted gzip file
  * CVE-2016-6250: Integer overflow in the ISO9660 writer
  * CVE-2016-5418: Archive Entry with type 1 (hardlink), but has a non-zero
    data size file overwrite (Closes: #837714)

applied/debian/jessie 2017-01-14 17:26:24 UTC 2017-01-14
Import patches-applied version 3.1.2-11+deb8u3 to applied/debian/jessie

Author: Salvatore Bonaccorso
Author Date: 2016-09-24 11:25:26 UTC

Import patches-applied version 3.1.2-11+deb8u3 to applied/debian/jessie

Imported using git-ubuntu import.

Changelog parent: a41ffd4ffd8e7de7e8df44fd38263f2bf1fdc27e
Unapplied parent: aff21464baeb61a8ae68a805c299d096b918d170

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * CVE-2016-7166: Denial of service using a crafted gzip file
  * CVE-2016-6250: Integer overflow in the ISO9660 writer
  * CVE-2016-5418: Archive Entry with type 1 (hardlink), but has a non-zero
    data size file overwrite (Closes: #837714)

applied/ubuntu/xenial-backports 2016-07-28 14:39:24 UTC 2016-07-28
Import patches-applied version 3.2.1-2~ubuntu16.04.1 to applied/ubuntu/xenial...

Author: Iain Lane
Author Date: 2016-07-28 13:28:03 UTC

Import patches-applied version 3.2.1-2~ubuntu16.04.1 to applied/ubuntu/xenial-backports

Imported using git-ubuntu import.

Changelog parent: 6c1a360f6481bbb2a8a74bce3aed9d1454b92e0a
Unapplied parent: 25dcc5aaac70380e9139f63cedf9cded58ac57cd

New changelog entries:
  * No-change backport to xenial (LP: #1607385)

ubuntu/xenial-backports 2016-07-28 14:39:24 UTC 2016-07-28
Import patches-unapplied version 3.2.1-2~ubuntu16.04.1 to ubuntu/xenial-backp...

Author: Iain Lane
Author Date: 2016-07-28 13:28:03 UTC

Import patches-unapplied version 3.2.1-2~ubuntu16.04.1 to ubuntu/xenial-backports

Imported using git-ubuntu import.

Changelog parent: d3d704c1bc791ad9e8d86fb5c57a8a7ba2f21b2f

New changelog entries:
  * No-change backport to xenial (LP: #1607385)

applied/ubuntu/yakkety-proposed 2016-07-26 16:14:04 UTC 2016-07-26
Import patches-applied version 3.2.1-2 to applied/debian/sid

Author: Andreas Henriksson
Author Date: 2016-07-25 15:54:13 UTC

Import patches-applied version 3.2.1-2 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 2b20c1d61077c1462310f49a3460643ef33e7a31
Unapplied parent: b983d8c6ab8fba36b9c17b85eec5f7ca8d9d9d7b

New changelog entries:
  * The "welcome Peter to the team" upload
  [ Peter Pentchev ]
  * Declare compliancy with Debian Policy 3.9.8 with no changes.
  * Remove the "XS-Testsuite: autopkgtest" header from the control file:
    it has not been "XS-" for some time, and it is added by default by
    dpkg-1.17.11 when debian/tests/control is present.
  * Use the HTTPS scheme for the Alioth VCS URLs.
  * Switch to Alioth's cgit in the Vcs-Browser source control field.
  * Convert the copyright file to the machine-readable format.
  * Fill in the upstream metadata file.
  * Enable full build hardening.
  * Pass --as-needed to the linker to avoid overlinking.
  * Bump the debhelper build dependency to version 9 to reflect
    the debhelper compatibility level and drop the now-unused Lintian
    override.
  * Fold the bsdtar and bsdcpio packages into the new libarchive-tools
    binary package and install bsdcat into it, too. Make bsdtar and
    bsdcpio transitional dummy packages.
  * Drop the Breaks and Replaces relations to libarchive1, it's not
    even in oldstable any more.
  * Drop the misc:Pre-Depends that were needed for the multi-arch
    transition; dpkg-dev adds them automatically now.
  * Fix a typo in README.Debian.
  * Add an upstream patch to replace the use of SIGRTMAX with something
    that calculates the exact value of the highest signal actually used;
    hopefully this fixes the FTBFS on the GNU Hurd.
  * Drop the outdated and unused SONAME mismatch Lintian override.
  * Re-enable the use of minitar for extraction, too, in the CI test;
    keep the untar test for completeness.
  * Add the Typos patch to fix a couple of typographical errors.
  * Add the Candidate patch to fix a typographical error in a structure
    member field and, consequently, update all references to it.
  * Add the CPPCheck patch to fix some issues reported by cppcheck.
  [ Andreas Henriksson ]
  * Add Peter Pentchev to Uploaders

applied/ubuntu/yakkety 2016-07-26 16:14:04 UTC 2016-07-26
Import patches-applied version 3.2.1-2 to applied/debian/sid

Author: Andreas Henriksson
Author Date: 2016-07-25 15:54:13 UTC

Import patches-applied version 3.2.1-2 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 2b20c1d61077c1462310f49a3460643ef33e7a31
Unapplied parent: b983d8c6ab8fba36b9c17b85eec5f7ca8d9d9d7b

New changelog entries:
  * The "welcome Peter to the team" upload
  [ Peter Pentchev ]
  * Declare compliancy with Debian Policy 3.9.8 with no changes.
  * Remove the "XS-Testsuite: autopkgtest" header from the control file:
    it has not been "XS-" for some time, and it is added by default by
    dpkg-1.17.11 when debian/tests/control is present.
  * Use the HTTPS scheme for the Alioth VCS URLs.
  * Switch to Alioth's cgit in the Vcs-Browser source control field.
  * Convert the copyright file to the machine-readable format.
  * Fill in the upstream metadata file.
  * Enable full build hardening.
  * Pass --as-needed to the linker to avoid overlinking.
  * Bump the debhelper build dependency to version 9 to reflect
    the debhelper compatibility level and drop the now-unused Lintian
    override.
  * Fold the bsdtar and bsdcpio packages into the new libarchive-tools
    binary package and install bsdcat into it, too. Make bsdtar and
    bsdcpio transitional dummy packages.
  * Drop the Breaks and Replaces relations to libarchive1, it's not
    even in oldstable any more.
  * Drop the misc:Pre-Depends that were needed for the multi-arch
    transition; dpkg-dev adds them automatically now.
  * Fix a typo in README.Debian.
  * Add an upstream patch to replace the use of SIGRTMAX with something
    that calculates the exact value of the highest signal actually used;
    hopefully this fixes the FTBFS on the GNU Hurd.
  * Drop the outdated and unused SONAME mismatch Lintian override.
  * Re-enable the use of minitar for extraction, too, in the CI test;
    keep the untar test for completeness.
  * Add the Typos patch to fix a couple of typographical errors.
  * Add the Candidate patch to fix a typographical error in a structure
    member field and, consequently, update all references to it.
  * Add the CPPCheck patch to fix some issues reported by cppcheck.
  [ Andreas Henriksson ]
  * Add Peter Pentchev to Uploaders

ubuntu/yakkety 2016-07-26 16:14:04 UTC 2016-07-26
Import patches-unapplied version 3.2.1-2 to debian/sid

Author: Andreas Henriksson
Author Date: 2016-07-25 15:54:13 UTC

Import patches-unapplied version 3.2.1-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: c33e09b3ff021ee0132abdaa7374234e6f76da91

New changelog entries:
  * The "welcome Peter to the team" upload
  [ Peter Pentchev ]
  * Declare compliancy with Debian Policy 3.9.8 with no changes.
  * Remove the "XS-Testsuite: autopkgtest" header from the control file:
    it has not been "XS-" for some time, and it is added by default by
    dpkg-1.17.11 when debian/tests/control is present.
  * Use the HTTPS scheme for the Alioth VCS URLs.
  * Switch to Alioth's cgit in the Vcs-Browser source control field.
  * Convert the copyright file to the machine-readable format.
  * Fill in the upstream metadata file.
  * Enable full build hardening.
  * Pass --as-needed to the linker to avoid overlinking.
  * Bump the debhelper build dependency to version 9 to reflect
    the debhelper compatibility level and drop the now-unused Lintian
    override.
  * Fold the bsdtar and bsdcpio packages into the new libarchive-tools
    binary package and install bsdcat into it, too. Make bsdtar and
    bsdcpio transitional dummy packages.
  * Drop the Breaks and Replaces relations to libarchive1, it's not
    even in oldstable any more.
  * Drop the misc:Pre-Depends that were needed for the multi-arch
    transition; dpkg-dev adds them automatically now.
  * Fix a typo in README.Debian.
  * Add an upstream patch to replace the use of SIGRTMAX with something
    that calculates the exact value of the highest signal actually used;
    hopefully this fixes the FTBFS on the GNU Hurd.
  * Drop the outdated and unused SONAME mismatch Lintian override.
  * Re-enable the use of minitar for extraction, too, in the CI test;
    keep the untar test for completeness.
  * Add the Typos patch to fix a couple of typographical errors.
  * Add the Candidate patch to fix a typographical error in a structure
    member field and, consequently, update all references to it.
  * Add the CPPCheck patch to fix some issues reported by cppcheck.
  [ Andreas Henriksson ]
  * Add Peter Pentchev to Uploaders

ubuntu/yakkety-proposed 2016-07-26 16:14:04 UTC 2016-07-26
Import patches-unapplied version 3.2.1-2 to debian/sid

Author: Andreas Henriksson
Author Date: 2016-07-25 15:54:13 UTC

Import patches-unapplied version 3.2.1-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: c33e09b3ff021ee0132abdaa7374234e6f76da91

New changelog entries:
  * The "welcome Peter to the team" upload
  [ Peter Pentchev ]
  * Declare compliancy with Debian Policy 3.9.8 with no changes.
  * Remove the "XS-Testsuite: autopkgtest" header from the control file:
    it has not been "XS-" for some time, and it is added by default by
    dpkg-1.17.11 when debian/tests/control is present.
  * Use the HTTPS scheme for the Alioth VCS URLs.
  * Switch to Alioth's cgit in the Vcs-Browser source control field.
  * Convert the copyright file to the machine-readable format.
  * Fill in the upstream metadata file.
  * Enable full build hardening.
  * Pass --as-needed to the linker to avoid overlinking.
  * Bump the debhelper build dependency to version 9 to reflect
    the debhelper compatibility level and drop the now-unused Lintian
    override.
  * Fold the bsdtar and bsdcpio packages into the new libarchive-tools
    binary package and install bsdcat into it, too. Make bsdtar and
    bsdcpio transitional dummy packages.
  * Drop the Breaks and Replaces relations to libarchive1, it's not
    even in oldstable any more.
  * Drop the misc:Pre-Depends that were needed for the multi-arch
    transition; dpkg-dev adds them automatically now.
  * Fix a typo in README.Debian.
  * Add an upstream patch to replace the use of SIGRTMAX with something
    that calculates the exact value of the highest signal actually used;
    hopefully this fixes the FTBFS on the GNU Hurd.
  * Drop the outdated and unused SONAME mismatch Lintian override.
  * Re-enable the use of minitar for extraction, too, in the CI test;
    keep the untar test for completeness.
  * Add the Typos patch to fix a couple of typographical errors.
  * Add the Candidate patch to fix a typographical error in a structure
    member field and, consequently, update all references to it.
  * Add the CPPCheck patch to fix some issues reported by cppcheck.
  [ Andreas Henriksson ]
  * Add Peter Pentchev to Uploaders

applied/ubuntu/wily-updates 2016-07-14 19:05:29 UTC 2016-07-14
Import patches-applied version 3.1.2-11ubuntu0.15.10.2 to applied/ubuntu/wily...

Author: Marc Deslauriers
Author Date: 2016-07-13 15:17:13 UTC

Import patches-applied version 3.1.2-11ubuntu0.15.10.2 to applied/ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: c76ebafcdddd2ee23eff8b0767e6fd1d2b1d2d1b
Unapplied parent: cf9f88c52b5282d7929c086034da3460fb489736

New changelog entries:
  * SECURITY UPDATE: denial of service via malformed rar or cab files
    - debian/patches/CVE-2015-8916.patch: ignore entries with empty
      filenames in tar/read.c.
    - CVE-2015-8916
    - CVE-2015-8917
  * SECURITY UPDATE: denial of service via malformed lzh file
    - debian/patches/CVE-2015-8919.patch: recognize empty dir name in
      libarchive/archive_read_support_format_lha.c.
    - CVE-2015-8919
  * SECURITY UPDATE: buffer underflow parsing ar header
    - debian/patches/CVE-2015-8920.patch: check for empty filenames in
      libarchive/archive_read_support_format_ar.c.
    - CVE-2015-8920
  * SECURITY UPDATE: read past end of string parsing
    - debian/patches/CVE-2015-8921.patch: properly calculate string length
      in libarchive/archive_entry.c.
    - CVE-2015-8921
  * SECURITY UPDATE: segfault on malformed 7z archive
    - debian/patches/CVE-2015-8922.patch: reject some malformed files in
      libarchive/archive_read_support_format_7zip.c, added tests to
      Makefile.am, libarchive/test/test_read_format_7zip_malformed.7z.uu,
      libarchive/test/test_read_format_7zip_malformed.c,
      libarchive/test/test_read_format_7zip_malformed2.7z.uu,
      libarchive/test/CMakeLists.txt.
    - CVE-2015-8922
  * SECURITY UPDATE: segfault on malformed Zip archive
    - debian/patches/CVE-2015-8923.patch: properly handle sizes in
      libarchive/archive_read_support_format_zip.c, added tests to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_zip_malformed.c,
      libarchive/test/test_read_format_zip_malformed1.zip.uu.
    - CVE-2015-8923
  * SECURITY UPDATE: buffer overflow when processing tar files
    - debian/patches/CVE-2015-8924.patch: properly handle empty filenames
      in libarchive/archive_read_support_format_tar.c.
    - CVE-2015-8924
  * SECURITY UPDATE: improper newline parsing
    - debian/patches/CVE-2015-8925.patch: fix escaped newline parsing in
      libarchive/archive_read_support_format_mtree.c, added tests to
      libarchive/test/test_read_format_mtree.c,
      libarchive/test/test_read_format_mtree.mtree.uu.
    - CVE-2015-8925
  * SECURITY UPDATE: segfault on invalid rar archive
    - debian/patches/CVE-2015-8926.patch: properly handle return code in
      libarchive/archive_read_support_format_rar.c.
    - CVE-2015-8926
  * SECURITY UPDATE: out-of-bounds read in mtree
    - debian/patches/CVE-2015-8928.patch: properly handle filename parsing
      in libarchive/archive_read_support_format_mtree.c.
    - CVE-2015-8928
  * SECURITY UPDATE: segfault via dir loop in malformed ISO
    - debian/patches/CVE-2015-8930.patch: limit recursion in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2015-8930
  * SECURITY UPDATE: integer overflow parsing time values
    - debian/patches/CVE-2015-8931.patch: fix time handling in
      libarchive/archive_read_support_format_mtree.c.
    - CVE-2015-8931
  * SECURITY UPDATE: crash via invalid compressed data
    - debian/patches/CVE-2015-8932.patch: add more checks to
      libarchive/archive_read_support_filter_compress.c, added tests to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_filter_compress.c.
    - CVE-2015-8932
  * SECURITY UPDATE: integer overflow via negative-sized sparse blocks
    - debian/patches/CVE-2015-8933.patch: add check to
      libarchive/archive_read_support_format_tar.c.
    - CVE-2015-8933
  * SECURITY UPDATE: heap overflow parsing malformed tar archives
    - debian/patches/CVE-2015-8934.patch: properly check reading from lzss
      decompression buffer in libarchive/archive_read_support_format_rar.c,
      added tests to Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_rar_invalid1.c,
      libarchive/test/test_read_format_rar_invalid1.rar.uu.
    - CVE-2015-8934
  * SECURITY UPDATE: overflow reading 7-Zip with large number of substreams
    - debian/patches/CVE-2016-4300.patch: add another limit to
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2016-4300
  * SECURITY UPDATE: crash via rar files with zero dictionary size
    - debian/patches/CVE-2016-4302.patch: handle zero-sized disctionary in
      libarchive/archive_ppmd7.c,
      libarchive/archive_read_support_format_rar.c.
    - CVE-2016-4302
  * SECURITY UPDATE: memory allocation issues with large cpio symlinks
    - debian/patches/CVE-2016-4809.patch: reject large symlinks in
      libarchive/archive_read_support_format_cpio.c.
    - CVE-2016-4809
  * SECURITY UPDATE: integer overflow when computing volume descriptor
    - debian/patches/CVE-2016-5844.patch: fix multiplications in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2016-5844

applied/ubuntu/wily-security 2016-07-14 19:05:29 UTC 2016-07-14
Import patches-applied version 3.1.2-11ubuntu0.15.10.2 to applied/ubuntu/wily...

Author: Marc Deslauriers
Author Date: 2016-07-13 15:17:13 UTC

Import patches-applied version 3.1.2-11ubuntu0.15.10.2 to applied/ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: c76ebafcdddd2ee23eff8b0767e6fd1d2b1d2d1b
Unapplied parent: cf9f88c52b5282d7929c086034da3460fb489736

New changelog entries:
  * SECURITY UPDATE: denial of service via malformed rar or cab files
    - debian/patches/CVE-2015-8916.patch: ignore entries with empty
      filenames in tar/read.c.
    - CVE-2015-8916
    - CVE-2015-8917
  * SECURITY UPDATE: denial of service via malformed lzh file
    - debian/patches/CVE-2015-8919.patch: recognize empty dir name in
      libarchive/archive_read_support_format_lha.c.
    - CVE-2015-8919
  * SECURITY UPDATE: buffer underflow parsing ar header
    - debian/patches/CVE-2015-8920.patch: check for empty filenames in
      libarchive/archive_read_support_format_ar.c.
    - CVE-2015-8920
  * SECURITY UPDATE: read past end of string parsing
    - debian/patches/CVE-2015-8921.patch: properly calculate string length
      in libarchive/archive_entry.c.
    - CVE-2015-8921
  * SECURITY UPDATE: segfault on malformed 7z archive
    - debian/patches/CVE-2015-8922.patch: reject some malformed files in
      libarchive/archive_read_support_format_7zip.c, added tests to
      Makefile.am, libarchive/test/test_read_format_7zip_malformed.7z.uu,
      libarchive/test/test_read_format_7zip_malformed.c,
      libarchive/test/test_read_format_7zip_malformed2.7z.uu,
      libarchive/test/CMakeLists.txt.
    - CVE-2015-8922
  * SECURITY UPDATE: segfault on malformed Zip archive
    - debian/patches/CVE-2015-8923.patch: properly handle sizes in
      libarchive/archive_read_support_format_zip.c, added tests to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_zip_malformed.c,
      libarchive/test/test_read_format_zip_malformed1.zip.uu.
    - CVE-2015-8923
  * SECURITY UPDATE: buffer overflow when processing tar files
    - debian/patches/CVE-2015-8924.patch: properly handle empty filenames
      in libarchive/archive_read_support_format_tar.c.
    - CVE-2015-8924
  * SECURITY UPDATE: improper newline parsing
    - debian/patches/CVE-2015-8925.patch: fix escaped newline parsing in
      libarchive/archive_read_support_format_mtree.c, added tests to
      libarchive/test/test_read_format_mtree.c,
      libarchive/test/test_read_format_mtree.mtree.uu.
    - CVE-2015-8925
  * SECURITY UPDATE: segfault on invalid rar archive
    - debian/patches/CVE-2015-8926.patch: properly handle return code in
      libarchive/archive_read_support_format_rar.c.
    - CVE-2015-8926
  * SECURITY UPDATE: out-of-bounds read in mtree
    - debian/patches/CVE-2015-8928.patch: properly handle filename parsing
      in libarchive/archive_read_support_format_mtree.c.
    - CVE-2015-8928
  * SECURITY UPDATE: segfault via dir loop in malformed ISO
    - debian/patches/CVE-2015-8930.patch: limit recursion in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2015-8930
  * SECURITY UPDATE: integer overflow parsing time values
    - debian/patches/CVE-2015-8931.patch: fix time handling in
      libarchive/archive_read_support_format_mtree.c.
    - CVE-2015-8931
  * SECURITY UPDATE: crash via invalid compressed data
    - debian/patches/CVE-2015-8932.patch: add more checks to
      libarchive/archive_read_support_filter_compress.c, added tests to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_filter_compress.c.
    - CVE-2015-8932
  * SECURITY UPDATE: integer overflow via negative-sized sparse blocks
    - debian/patches/CVE-2015-8933.patch: add check to
      libarchive/archive_read_support_format_tar.c.
    - CVE-2015-8933
  * SECURITY UPDATE: heap overflow parsing malformed tar archives
    - debian/patches/CVE-2015-8934.patch: properly check reading from lzss
      decompression buffer in libarchive/archive_read_support_format_rar.c,
      added tests to Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_rar_invalid1.c,
      libarchive/test/test_read_format_rar_invalid1.rar.uu.
    - CVE-2015-8934
  * SECURITY UPDATE: overflow reading 7-Zip with large number of substreams
    - debian/patches/CVE-2016-4300.patch: add another limit to
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2016-4300
  * SECURITY UPDATE: crash via rar files with zero dictionary size
    - debian/patches/CVE-2016-4302.patch: handle zero-sized disctionary in
      libarchive/archive_ppmd7.c,
      libarchive/archive_read_support_format_rar.c.
    - CVE-2016-4302
  * SECURITY UPDATE: memory allocation issues with large cpio symlinks
    - debian/patches/CVE-2016-4809.patch: reject large symlinks in
      libarchive/archive_read_support_format_cpio.c.
    - CVE-2016-4809
  * SECURITY UPDATE: integer overflow when computing volume descriptor
    - debian/patches/CVE-2016-5844.patch: fix multiplications in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2016-5844

applied/ubuntu/wily-devel 2016-07-14 19:05:29 UTC 2016-07-14
Import patches-applied version 3.1.2-11ubuntu0.15.10.2 to applied/ubuntu/wily...

Author: Marc Deslauriers
Author Date: 2016-07-13 15:17:13 UTC

Import patches-applied version 3.1.2-11ubuntu0.15.10.2 to applied/ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: c76ebafcdddd2ee23eff8b0767e6fd1d2b1d2d1b
Unapplied parent: cf9f88c52b5282d7929c086034da3460fb489736

New changelog entries:
  * SECURITY UPDATE: denial of service via malformed rar or cab files
    - debian/patches/CVE-2015-8916.patch: ignore entries with empty
      filenames in tar/read.c.
    - CVE-2015-8916
    - CVE-2015-8917
  * SECURITY UPDATE: denial of service via malformed lzh file
    - debian/patches/CVE-2015-8919.patch: recognize empty dir name in
      libarchive/archive_read_support_format_lha.c.
    - CVE-2015-8919
  * SECURITY UPDATE: buffer underflow parsing ar header
    - debian/patches/CVE-2015-8920.patch: check for empty filenames in
      libarchive/archive_read_support_format_ar.c.
    - CVE-2015-8920
  * SECURITY UPDATE: read past end of string parsing
    - debian/patches/CVE-2015-8921.patch: properly calculate string length
      in libarchive/archive_entry.c.
    - CVE-2015-8921
  * SECURITY UPDATE: segfault on malformed 7z archive
    - debian/patches/CVE-2015-8922.patch: reject some malformed files in
      libarchive/archive_read_support_format_7zip.c, added tests to
      Makefile.am, libarchive/test/test_read_format_7zip_malformed.7z.uu,
      libarchive/test/test_read_format_7zip_malformed.c,
      libarchive/test/test_read_format_7zip_malformed2.7z.uu,
      libarchive/test/CMakeLists.txt.
    - CVE-2015-8922
  * SECURITY UPDATE: segfault on malformed Zip archive
    - debian/patches/CVE-2015-8923.patch: properly handle sizes in
      libarchive/archive_read_support_format_zip.c, added tests to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_zip_malformed.c,
      libarchive/test/test_read_format_zip_malformed1.zip.uu.
    - CVE-2015-8923
  * SECURITY UPDATE: buffer overflow when processing tar files
    - debian/patches/CVE-2015-8924.patch: properly handle empty filenames
      in libarchive/archive_read_support_format_tar.c.
    - CVE-2015-8924
  * SECURITY UPDATE: improper newline parsing
    - debian/patches/CVE-2015-8925.patch: fix escaped newline parsing in
      libarchive/archive_read_support_format_mtree.c, added tests to
      libarchive/test/test_read_format_mtree.c,
      libarchive/test/test_read_format_mtree.mtree.uu.
    - CVE-2015-8925
  * SECURITY UPDATE: segfault on invalid rar archive
    - debian/patches/CVE-2015-8926.patch: properly handle return code in
      libarchive/archive_read_support_format_rar.c.
    - CVE-2015-8926
  * SECURITY UPDATE: out-of-bounds read in mtree
    - debian/patches/CVE-2015-8928.patch: properly handle filename parsing
      in libarchive/archive_read_support_format_mtree.c.
    - CVE-2015-8928
  * SECURITY UPDATE: segfault via dir loop in malformed ISO
    - debian/patches/CVE-2015-8930.patch: limit recursion in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2015-8930
  * SECURITY UPDATE: integer overflow parsing time values
    - debian/patches/CVE-2015-8931.patch: fix time handling in
      libarchive/archive_read_support_format_mtree.c.
    - CVE-2015-8931
  * SECURITY UPDATE: crash via invalid compressed data
    - debian/patches/CVE-2015-8932.patch: add more checks to
      libarchive/archive_read_support_filter_compress.c, added tests to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_filter_compress.c.
    - CVE-2015-8932
  * SECURITY UPDATE: integer overflow via negative-sized sparse blocks
    - debian/patches/CVE-2015-8933.patch: add check to
      libarchive/archive_read_support_format_tar.c.
    - CVE-2015-8933
  * SECURITY UPDATE: heap overflow parsing malformed tar archives
    - debian/patches/CVE-2015-8934.patch: properly check reading from lzss
      decompression buffer in libarchive/archive_read_support_format_rar.c,
      added tests to Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_rar_invalid1.c,
      libarchive/test/test_read_format_rar_invalid1.rar.uu.
    - CVE-2015-8934
  * SECURITY UPDATE: overflow reading 7-Zip with large number of substreams
    - debian/patches/CVE-2016-4300.patch: add another limit to
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2016-4300
  * SECURITY UPDATE: crash via rar files with zero dictionary size
    - debian/patches/CVE-2016-4302.patch: handle zero-sized disctionary in
      libarchive/archive_ppmd7.c,
      libarchive/archive_read_support_format_rar.c.
    - CVE-2016-4302
  * SECURITY UPDATE: memory allocation issues with large cpio symlinks
    - debian/patches/CVE-2016-4809.patch: reject large symlinks in
      libarchive/archive_read_support_format_cpio.c.
    - CVE-2016-4809
  * SECURITY UPDATE: integer overflow when computing volume descriptor
    - debian/patches/CVE-2016-5844.patch: fix multiplications in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2016-5844

ubuntu/wily-updates 2016-07-14 19:05:29 UTC 2016-07-14
Import patches-unapplied version 3.1.2-11ubuntu0.15.10.2 to ubuntu/wily-security

Author: Marc Deslauriers
Author Date: 2016-07-13 15:17:13 UTC

Import patches-unapplied version 3.1.2-11ubuntu0.15.10.2 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: 4611965fd7986146fe73c4222e2a9f76ce1edf47

New changelog entries:
  * SECURITY UPDATE: denial of service via malformed rar or cab files
    - debian/patches/CVE-2015-8916.patch: ignore entries with empty
      filenames in tar/read.c.
    - CVE-2015-8916
    - CVE-2015-8917
  * SECURITY UPDATE: denial of service via malformed lzh file
    - debian/patches/CVE-2015-8919.patch: recognize empty dir name in
      libarchive/archive_read_support_format_lha.c.
    - CVE-2015-8919
  * SECURITY UPDATE: buffer underflow parsing ar header
    - debian/patches/CVE-2015-8920.patch: check for empty filenames in
      libarchive/archive_read_support_format_ar.c.
    - CVE-2015-8920
  * SECURITY UPDATE: read past end of string parsing
    - debian/patches/CVE-2015-8921.patch: properly calculate string length
      in libarchive/archive_entry.c.
    - CVE-2015-8921
  * SECURITY UPDATE: segfault on malformed 7z archive
    - debian/patches/CVE-2015-8922.patch: reject some malformed files in
      libarchive/archive_read_support_format_7zip.c, added tests to
      Makefile.am, libarchive/test/test_read_format_7zip_malformed.7z.uu,
      libarchive/test/test_read_format_7zip_malformed.c,
      libarchive/test/test_read_format_7zip_malformed2.7z.uu,
      libarchive/test/CMakeLists.txt.
    - CVE-2015-8922
  * SECURITY UPDATE: segfault on malformed Zip archive
    - debian/patches/CVE-2015-8923.patch: properly handle sizes in
      libarchive/archive_read_support_format_zip.c, added tests to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_zip_malformed.c,
      libarchive/test/test_read_format_zip_malformed1.zip.uu.
    - CVE-2015-8923
  * SECURITY UPDATE: buffer overflow when processing tar files
    - debian/patches/CVE-2015-8924.patch: properly handle empty filenames
      in libarchive/archive_read_support_format_tar.c.
    - CVE-2015-8924
  * SECURITY UPDATE: improper newline parsing
    - debian/patches/CVE-2015-8925.patch: fix escaped newline parsing in
      libarchive/archive_read_support_format_mtree.c, added tests to
      libarchive/test/test_read_format_mtree.c,
      libarchive/test/test_read_format_mtree.mtree.uu.
    - CVE-2015-8925
  * SECURITY UPDATE: segfault on invalid rar archive
    - debian/patches/CVE-2015-8926.patch: properly handle return code in
      libarchive/archive_read_support_format_rar.c.
    - CVE-2015-8926
  * SECURITY UPDATE: out-of-bounds read in mtree
    - debian/patches/CVE-2015-8928.patch: properly handle filename parsing
      in libarchive/archive_read_support_format_mtree.c.
    - CVE-2015-8928
  * SECURITY UPDATE: segfault via dir loop in malformed ISO
    - debian/patches/CVE-2015-8930.patch: limit recursion in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2015-8930
  * SECURITY UPDATE: integer overflow parsing time values
    - debian/patches/CVE-2015-8931.patch: fix time handling in
      libarchive/archive_read_support_format_mtree.c.
    - CVE-2015-8931
  * SECURITY UPDATE: crash via invalid compressed data
    - debian/patches/CVE-2015-8932.patch: add more checks to
      libarchive/archive_read_support_filter_compress.c, added tests to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_filter_compress.c.
    - CVE-2015-8932
  * SECURITY UPDATE: integer overflow via negative-sized sparse blocks
    - debian/patches/CVE-2015-8933.patch: add check to
      libarchive/archive_read_support_format_tar.c.
    - CVE-2015-8933
  * SECURITY UPDATE: heap overflow parsing malformed tar archives
    - debian/patches/CVE-2015-8934.patch: properly check reading from lzss
      decompression buffer in libarchive/archive_read_support_format_rar.c,
      added tests to Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_rar_invalid1.c,
      libarchive/test/test_read_format_rar_invalid1.rar.uu.
    - CVE-2015-8934
  * SECURITY UPDATE: overflow reading 7-Zip with large number of substreams
    - debian/patches/CVE-2016-4300.patch: add another limit to
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2016-4300
  * SECURITY UPDATE: crash via rar files with zero dictionary size
    - debian/patches/CVE-2016-4302.patch: handle zero-sized disctionary in
      libarchive/archive_ppmd7.c,
      libarchive/archive_read_support_format_rar.c.
    - CVE-2016-4302
  * SECURITY UPDATE: memory allocation issues with large cpio symlinks
    - debian/patches/CVE-2016-4809.patch: reject large symlinks in
      libarchive/archive_read_support_format_cpio.c.
    - CVE-2016-4809
  * SECURITY UPDATE: integer overflow when computing volume descriptor
    - debian/patches/CVE-2016-5844.patch: fix multiplications in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2016-5844

ubuntu/wily-devel 2016-07-14 19:05:29 UTC 2016-07-14
Import patches-unapplied version 3.1.2-11ubuntu0.15.10.2 to ubuntu/wily-security

Author: Marc Deslauriers
Author Date: 2016-07-13 15:17:13 UTC

Import patches-unapplied version 3.1.2-11ubuntu0.15.10.2 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: 4611965fd7986146fe73c4222e2a9f76ce1edf47

New changelog entries:
  * SECURITY UPDATE: denial of service via malformed rar or cab files
    - debian/patches/CVE-2015-8916.patch: ignore entries with empty
      filenames in tar/read.c.
    - CVE-2015-8916
    - CVE-2015-8917
  * SECURITY UPDATE: denial of service via malformed lzh file
    - debian/patches/CVE-2015-8919.patch: recognize empty dir name in
      libarchive/archive_read_support_format_lha.c.
    - CVE-2015-8919
  * SECURITY UPDATE: buffer underflow parsing ar header
    - debian/patches/CVE-2015-8920.patch: check for empty filenames in
      libarchive/archive_read_support_format_ar.c.
    - CVE-2015-8920
  * SECURITY UPDATE: read past end of string parsing
    - debian/patches/CVE-2015-8921.patch: properly calculate string length
      in libarchive/archive_entry.c.
    - CVE-2015-8921
  * SECURITY UPDATE: segfault on malformed 7z archive
    - debian/patches/CVE-2015-8922.patch: reject some malformed files in
      libarchive/archive_read_support_format_7zip.c, added tests to
      Makefile.am, libarchive/test/test_read_format_7zip_malformed.7z.uu,
      libarchive/test/test_read_format_7zip_malformed.c,
      libarchive/test/test_read_format_7zip_malformed2.7z.uu,
      libarchive/test/CMakeLists.txt.
    - CVE-2015-8922
  * SECURITY UPDATE: segfault on malformed Zip archive
    - debian/patches/CVE-2015-8923.patch: properly handle sizes in
      libarchive/archive_read_support_format_zip.c, added tests to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_zip_malformed.c,
      libarchive/test/test_read_format_zip_malformed1.zip.uu.
    - CVE-2015-8923
  * SECURITY UPDATE: buffer overflow when processing tar files
    - debian/patches/CVE-2015-8924.patch: properly handle empty filenames
      in libarchive/archive_read_support_format_tar.c.
    - CVE-2015-8924
  * SECURITY UPDATE: improper newline parsing
    - debian/patches/CVE-2015-8925.patch: fix escaped newline parsing in
      libarchive/archive_read_support_format_mtree.c, added tests to
      libarchive/test/test_read_format_mtree.c,
      libarchive/test/test_read_format_mtree.mtree.uu.
    - CVE-2015-8925
  * SECURITY UPDATE: segfault on invalid rar archive
    - debian/patches/CVE-2015-8926.patch: properly handle return code in
      libarchive/archive_read_support_format_rar.c.
    - CVE-2015-8926
  * SECURITY UPDATE: out-of-bounds read in mtree
    - debian/patches/CVE-2015-8928.patch: properly handle filename parsing
      in libarchive/archive_read_support_format_mtree.c.
    - CVE-2015-8928
  * SECURITY UPDATE: segfault via dir loop in malformed ISO
    - debian/patches/CVE-2015-8930.patch: limit recursion in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2015-8930
  * SECURITY UPDATE: integer overflow parsing time values
    - debian/patches/CVE-2015-8931.patch: fix time handling in
      libarchive/archive_read_support_format_mtree.c.
    - CVE-2015-8931
  * SECURITY UPDATE: crash via invalid compressed data
    - debian/patches/CVE-2015-8932.patch: add more checks to
      libarchive/archive_read_support_filter_compress.c, added tests to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_filter_compress.c.
    - CVE-2015-8932
  * SECURITY UPDATE: integer overflow via negative-sized sparse blocks
    - debian/patches/CVE-2015-8933.patch: add check to
      libarchive/archive_read_support_format_tar.c.
    - CVE-2015-8933
  * SECURITY UPDATE: heap overflow parsing malformed tar archives
    - debian/patches/CVE-2015-8934.patch: properly check reading from lzss
      decompression buffer in libarchive/archive_read_support_format_rar.c,
      added tests to Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_rar_invalid1.c,
      libarchive/test/test_read_format_rar_invalid1.rar.uu.
    - CVE-2015-8934
  * SECURITY UPDATE: overflow reading 7-Zip with large number of substreams
    - debian/patches/CVE-2016-4300.patch: add another limit to
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2016-4300
  * SECURITY UPDATE: crash via rar files with zero dictionary size
    - debian/patches/CVE-2016-4302.patch: handle zero-sized disctionary in
      libarchive/archive_ppmd7.c,
      libarchive/archive_read_support_format_rar.c.
    - CVE-2016-4302
  * SECURITY UPDATE: memory allocation issues with large cpio symlinks
    - debian/patches/CVE-2016-4809.patch: reject large symlinks in
      libarchive/archive_read_support_format_cpio.c.
    - CVE-2016-4809
  * SECURITY UPDATE: integer overflow when computing volume descriptor
    - debian/patches/CVE-2016-5844.patch: fix multiplications in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2016-5844

ubuntu/wily-security 2016-07-14 19:05:29 UTC 2016-07-14
Import patches-unapplied version 3.1.2-11ubuntu0.15.10.2 to ubuntu/wily-security

Author: Marc Deslauriers
Author Date: 2016-07-13 15:17:13 UTC

Import patches-unapplied version 3.1.2-11ubuntu0.15.10.2 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: 4611965fd7986146fe73c4222e2a9f76ce1edf47

New changelog entries:
  * SECURITY UPDATE: denial of service via malformed rar or cab files
    - debian/patches/CVE-2015-8916.patch: ignore entries with empty
      filenames in tar/read.c.
    - CVE-2015-8916
    - CVE-2015-8917
  * SECURITY UPDATE: denial of service via malformed lzh file
    - debian/patches/CVE-2015-8919.patch: recognize empty dir name in
      libarchive/archive_read_support_format_lha.c.
    - CVE-2015-8919
  * SECURITY UPDATE: buffer underflow parsing ar header
    - debian/patches/CVE-2015-8920.patch: check for empty filenames in
      libarchive/archive_read_support_format_ar.c.
    - CVE-2015-8920
  * SECURITY UPDATE: read past end of string parsing
    - debian/patches/CVE-2015-8921.patch: properly calculate string length
      in libarchive/archive_entry.c.
    - CVE-2015-8921
  * SECURITY UPDATE: segfault on malformed 7z archive
    - debian/patches/CVE-2015-8922.patch: reject some malformed files in
      libarchive/archive_read_support_format_7zip.c, added tests to
      Makefile.am, libarchive/test/test_read_format_7zip_malformed.7z.uu,
      libarchive/test/test_read_format_7zip_malformed.c,
      libarchive/test/test_read_format_7zip_malformed2.7z.uu,
      libarchive/test/CMakeLists.txt.
    - CVE-2015-8922
  * SECURITY UPDATE: segfault on malformed Zip archive
    - debian/patches/CVE-2015-8923.patch: properly handle sizes in
      libarchive/archive_read_support_format_zip.c, added tests to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_zip_malformed.c,
      libarchive/test/test_read_format_zip_malformed1.zip.uu.
    - CVE-2015-8923
  * SECURITY UPDATE: buffer overflow when processing tar files
    - debian/patches/CVE-2015-8924.patch: properly handle empty filenames
      in libarchive/archive_read_support_format_tar.c.
    - CVE-2015-8924
  * SECURITY UPDATE: improper newline parsing
    - debian/patches/CVE-2015-8925.patch: fix escaped newline parsing in
      libarchive/archive_read_support_format_mtree.c, added tests to
      libarchive/test/test_read_format_mtree.c,
      libarchive/test/test_read_format_mtree.mtree.uu.
    - CVE-2015-8925
  * SECURITY UPDATE: segfault on invalid rar archive
    - debian/patches/CVE-2015-8926.patch: properly handle return code in
      libarchive/archive_read_support_format_rar.c.
    - CVE-2015-8926
  * SECURITY UPDATE: out-of-bounds read in mtree
    - debian/patches/CVE-2015-8928.patch: properly handle filename parsing
      in libarchive/archive_read_support_format_mtree.c.
    - CVE-2015-8928
  * SECURITY UPDATE: segfault via dir loop in malformed ISO
    - debian/patches/CVE-2015-8930.patch: limit recursion in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2015-8930
  * SECURITY UPDATE: integer overflow parsing time values
    - debian/patches/CVE-2015-8931.patch: fix time handling in
      libarchive/archive_read_support_format_mtree.c.
    - CVE-2015-8931
  * SECURITY UPDATE: crash via invalid compressed data
    - debian/patches/CVE-2015-8932.patch: add more checks to
      libarchive/archive_read_support_filter_compress.c, added tests to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_filter_compress.c.
    - CVE-2015-8932
  * SECURITY UPDATE: integer overflow via negative-sized sparse blocks
    - debian/patches/CVE-2015-8933.patch: add check to
      libarchive/archive_read_support_format_tar.c.
    - CVE-2015-8933
  * SECURITY UPDATE: heap overflow parsing malformed tar archives
    - debian/patches/CVE-2015-8934.patch: properly check reading from lzss
      decompression buffer in libarchive/archive_read_support_format_rar.c,
      added tests to Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_rar_invalid1.c,
      libarchive/test/test_read_format_rar_invalid1.rar.uu.
    - CVE-2015-8934
  * SECURITY UPDATE: overflow reading 7-Zip with large number of substreams
    - debian/patches/CVE-2016-4300.patch: add another limit to
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2016-4300
  * SECURITY UPDATE: crash via rar files with zero dictionary size
    - debian/patches/CVE-2016-4302.patch: handle zero-sized disctionary in
      libarchive/archive_ppmd7.c,
      libarchive/archive_read_support_format_rar.c.
    - CVE-2016-4302
  * SECURITY UPDATE: memory allocation issues with large cpio symlinks
    - debian/patches/CVE-2016-4809.patch: reject large symlinks in
      libarchive/archive_read_support_format_cpio.c.
    - CVE-2016-4809
  * SECURITY UPDATE: integer overflow when computing volume descriptor
    - debian/patches/CVE-2016-5844.patch: fix multiplications in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2016-5844

debian/experimental 2016-05-06 22:10:55 UTC 2016-05-06
Import patches-unapplied version 3.2.0-1 to debian/experimental

Author: Andreas Henriksson
Author Date: 2016-05-06 08:08:56 UTC

Import patches-unapplied version 3.2.0-1 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: 4fd14c8e11ec78f2401f81f9841ff40782dc80d9

New changelog entries:
  * New upstream test release (3.1.901a).
  * Add liblz4-dev build-dependency to enable lz4 support.
  * Enable new bsdcat utility in separate package
  * Drop all patches, now included in release.
  * Add pkg-config build-dependency
  * Have dh-autoreconf use upstream build/autogen.sh
  * New upstream release (3.2.0).

applied/debian/experimental 2016-05-06 22:10:55 UTC 2016-05-06
Import patches-applied version 3.2.0-1 to applied/debian/experimental

Author: Andreas Henriksson
Author Date: 2016-05-06 08:08:56 UTC

Import patches-applied version 3.2.0-1 to applied/debian/experimental

Imported using git-ubuntu import.

Changelog parent: 83d3eb8b2cf0ceb27d4dc30643a2dfec14febdc4
Unapplied parent: 4e22485b837f1469ab3718920a6a67591a565c02

New changelog entries:
  * New upstream test release (3.1.901a).
  * Add liblz4-dev build-dependency to enable lz4 support.
  * Enable new bsdcat utility in separate package
  * Drop all patches, now included in release.
  * Add pkg-config build-dependency
  * Have dh-autoreconf use upstream build/autogen.sh
  * New upstream release (3.2.0).

applied/debian/wheezy 2015-09-05 17:03:14 UTC 2015-09-05
Import patches-applied version 3.0.4-3+wheezy1 to applied/debian/wheezy

Author: Alessandro Ghedini
Author Date: 2015-03-05 10:26:19 UTC

Import patches-applied version 3.0.4-3+wheezy1 to applied/debian/wheezy

Imported using git-ubuntu import.

Changelog parent: b4e585eb9f548f029275f3e7ba6a55da1756cabb
Unapplied parent: 1775368d81c97f9a9cefa6752bcc8d2534c01e90

New changelog entries:
  * Fix directory traversal vulnerability in bsdcpio (Closes: #778266)

debian/wheezy 2015-09-05 17:03:14 UTC 2015-09-05
Import patches-unapplied version 3.0.4-3+wheezy1 to debian/wheezy

Author: Alessandro Ghedini
Author Date: 2015-03-05 10:26:19 UTC

Import patches-unapplied version 3.0.4-3+wheezy1 to debian/wheezy

Imported using git-ubuntu import.

Changelog parent: 9dbb0f2e90ecb73f78faab770eb3fedc3db2aa00

New changelog entries:
  * Fix directory traversal vulnerability in bsdcpio (Closes: #778266)

applied/ubuntu/xenial 2015-06-14 07:38:30 UTC 2015-06-14
Import patches-applied version 3.1.2-11build1 to applied/ubuntu/wily-proposed

Author: Adam Conrad
Author Date: 2015-06-14 07:30:37 UTC

Import patches-applied version 3.1.2-11build1 to applied/ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: 83d3eb8b2cf0ceb27d4dc30643a2dfec14febdc4
Unapplied parent: cde5a91f7c12b1d74379789d6c4c146498ed43ca

New changelog entries:
  * Rebuild for the libnettle6 transition.

applied/ubuntu/wily-proposed 2015-06-14 07:38:30 UTC 2015-06-14
Import patches-applied version 3.1.2-11build1 to applied/ubuntu/wily-proposed

Author: Adam Conrad
Author Date: 2015-06-14 07:30:37 UTC

Import patches-applied version 3.1.2-11build1 to applied/ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: 83d3eb8b2cf0ceb27d4dc30643a2dfec14febdc4
Unapplied parent: cde5a91f7c12b1d74379789d6c4c146498ed43ca

New changelog entries:
  * Rebuild for the libnettle6 transition.

applied/ubuntu/wily 2015-06-14 07:38:30 UTC 2015-06-14
Import patches-applied version 3.1.2-11build1 to applied/ubuntu/wily-proposed

Author: Adam Conrad
Author Date: 2015-06-14 07:30:37 UTC

Import patches-applied version 3.1.2-11build1 to applied/ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: 83d3eb8b2cf0ceb27d4dc30643a2dfec14febdc4
Unapplied parent: cde5a91f7c12b1d74379789d6c4c146498ed43ca

New changelog entries:
  * Rebuild for the libnettle6 transition.

ubuntu/wily 2015-06-14 07:38:30 UTC 2015-06-14
Import patches-unapplied version 3.1.2-11build1 to ubuntu/wily-proposed

Author: Adam Conrad
Author Date: 2015-06-14 07:30:37 UTC

Import patches-unapplied version 3.1.2-11build1 to ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: 4fd14c8e11ec78f2401f81f9841ff40782dc80d9

New changelog entries:
  * Rebuild for the libnettle6 transition.

1100 of 206 results

Other repositories

Name Last Modified
lp:ubuntu/+source/libarchive 2019-09-04
11 of 1 result
You can't create new repositories for libarchive in Ubuntu.