New changelog entries:
* SECURITY UPDATE: Out-of-read and Denial of service
- debian/patches/CVE-2019-19221.patch: Bugfix and optimize
archive_wstring_append_from_mbs() in libarchive/archive_string.c.
- CVE-2019-19221
* SECURITY UPDATE: SIGSEGV denial of service
- debian/patches/CVE-2020-9308.patch: reject files that
declare invalid header flags fix in
libarchive/archive_read_support_format_rar5.c,
libarchive/test/test_read_format_rar5.c,
libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu.
- CVE-2020-9308
New changelog entries:
* Declare compliance with Debian Policy 4.4.0 with no changes.
* Mark the adequate test as superficial and give it a name.
* Update the watch file a bit:
- use the version 4 format placeholders
- drop the "pasv" option, no FTP upstream sites
- add the upstream signing key
* Run all available Salsa CI jobs.
* Drop the bsdtar and bsdcpio transitional packages.
Closes: #940745, #940753
* New upstream version:
- drop all the patches obtained from the upstream Git repository
(CVE-2018-1000877, CVE-2018-1000878, CVE-2018-1000879, CVE-2018-1000880, CVE-2019-1000019, CVE-2019-1000020, and
zip-nullptr)
- update the library symbols file
* Add some bugfix patches obtained from upstream.
* Add the typos patch to correct some typographical and grammatical
errors.
* Update the upstream copyright information.
f5bd55d...
by
Peter Pentchev <email address hidden>
Import patches-unapplied version 3.3.3-4 to debian/sid
New changelog entries:
* Add three upstream patches:
- CVE-2019-1000019: fix a crash when parsing some 7zip archives
- CVE-2019-1000020: require the RockRidge extension for iso9660
- zip-nullptr: fix a null pointer deference in ZIP files handling
b3732f8...
by
Peter Pentchev <email address hidden>
Import patches-unapplied version 3.3.3-3 to debian/sid
New changelog entries:
[ Andreas Henriksson ]
* Build-depend on libext2fs-dev instead of e2fslibs-dev (Closes: #890210)
* CI: Use the salsa-ci-team pipeline
[ Peter Pentchev ]
* Declare compliance with Debian Policy 4.3.0 with no changes.
* Bump the debhelper compatibility level to 12 with no changes.
* Add my copyright notice for debian/*.
* Extend Andreas Henriksson's copyright notice all the way to 2019.
073798e...
by
Peter Pentchev <email address hidden>
Import patches-unapplied version 3.3.3-2 to debian/sid
New changelog entries:
[ Peter Pentchev ]
* Declare compliance with Debian Policy 4.2.1 with no changes.
* Drop the Lintian overrides related to B-D: debhelper-compat -
Lintian 2.5.98 no longer emits these warnings and errors.
* Build with zstd compression support.
* Pass --fail-missing to dh_missing, not to dh_install any more.
[ Andreas Henriksson ]
* New upstream release.
* Drop debian/patches/ now part of upstream release:
- Avoid-a-read-off-by-one-error-for-UTF16-names-in-RAR.patch
- Do-something-sensible-for-empty-strings-to-make-fuzz.patch
- Fail-with-negative-lha-compsize-in-lha_read_file_header_1.patch
- Reject-LHA-archive-entries-with-negative-size.patch
- Reread-the-CAB-header-skipping-the-self-extracting-b.patch
- archive_strncat_l-allocate-and-do-not-convert-if-len.patch
- iso9660-validate-directory-record-length.patch
* Update libarchive13.symbols