[ubuntu/lunar-proposed] libarchive 3.6.2-1ubuntu1 (Accepted)

Jeremy Bicha jbicha at ubuntu.com
Wed Jan 4 20:36:13 UTC 2023 

libarchive (3.6.2-1ubuntu1) lunar; urgency=medium

  * Sync with Debian. Remaining change:
    - Run dh_auto_test by default

libarchive (3.6.2-1) unstable; urgency=medium

  [ Debian Janitor ]
  * Set upstream metadata fields: Bug-Database.
  * Update standards version to 4.6.0, no changes needed.

  [ Peter Pentchev ]
  * Declare compliance with Policy 4.6.2 with no changes.
  * Fix the licensing of the blake2-related files.
    Closes: #1023392
  * New upstream version:
    - fix a ZIP read vulnerability (CVE-2022-28066)
      Closes: #1008953
    - fix a memory allocation vulnerability (CVE-2022-36227)
      Closes: #1024669
    - refresh the typos patch
    - remove a lot of libarchive internal functions from the shared
      library's symbols file. These functions were never present in
      any of the public-facing libarchive header files, so they should
      not be referenced by any libarchive consumers. In version 3.6.2,
      libarchive switched to a "hide internal symbols" policy, so that
      these symbols are now not present in the shipped shared library.
    - drop the optional internal symbols regular expressions, too;
      now that libarchive hides its internal symbols, the appearance of
      any names like that in the generated symbols file would be a bug
    - add the iconv-pkgconfig patch to drop the reference to "iconv"
      from the .pc file: on Debian systems, iconv(3) is part of glibc

Date: Wed, 04 Jan 2023 15:32:25 -0500
Changed-By: Jeremy Bicha <jbicha at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/libarchive/3.6.2-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Wed, 04 Jan 2023 15:32:25 -0500
Source: libarchive
Built-For-Profiles: noudeb
Architecture: source
Version: 3.6.2-1ubuntu1
Distribution: lunar
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jeremy Bicha <jbicha at ubuntu.com>
Closes: 1008953 1023392 1024669
Changes:
 libarchive (3.6.2-1ubuntu1) lunar; urgency=medium
 .
   * Sync with Debian. Remaining change:
     - Run dh_auto_test by default
 .
 libarchive (3.6.2-1) unstable; urgency=medium
 .
   [ Debian Janitor ]
   * Set upstream metadata fields: Bug-Database.
   * Update standards version to 4.6.0, no changes needed.
 .
   [ Peter Pentchev ]
   * Declare compliance with Policy 4.6.2 with no changes.
   * Fix the licensing of the blake2-related files.
     Closes: #1023392
   * New upstream version:
     - fix a ZIP read vulnerability (CVE-2022-28066)
       Closes: #1008953
     - fix a memory allocation vulnerability (CVE-2022-36227)
       Closes: #1024669
     - refresh the typos patch
     - remove a lot of libarchive internal functions from the shared
       library's symbols file. These functions were never present in
       any of the public-facing libarchive header files, so they should
       not be referenced by any libarchive consumers. In version 3.6.2,
       libarchive switched to a "hide internal symbols" policy, so that
       these symbols are now not present in the shipped shared library.
     - drop the optional internal symbols regular expressions, too;
       now that libarchive hides its internal symbols, the appearance of
       any names like that in the generated symbols file would be a bug
     - add the iconv-pkgconfig patch to drop the reference to "iconv"
       from the .pc file: on Debian systems, iconv(3) is part of glibc
Checksums-Sha1:
 29e056523ddfd665bac6715fe4f7061277c4d2dc 2615 libarchive_3.6.2-1ubuntu1.dsc
 35c971132e4ecb1679418d1713e328e415aac569 5213196 libarchive_3.6.2.orig.tar.xz
 9c5ae31f3a3850ea301c1db8ccbd312f01e572ff 659 libarchive_3.6.2.orig.tar.xz.asc
 430bdb12fff4fee63261fa9f8a39569457dd67ba 25376 libarchive_3.6.2-1ubuntu1.debian.tar.xz
 a0782a1a32137ba1f4e079769462d7c274af1f05 8003 libarchive_3.6.2-1ubuntu1_source.buildinfo
Checksums-Sha256:
 dc4eef6db5f927e533d6f2c66d4bdc6100003c6d9b49e36e5f2b0654a6c71c9b 2615 libarchive_3.6.2-1ubuntu1.dsc
 9e2c1b80d5fbe59b61308fdfab6c79b5021d7ff4ff2489fb12daf0a96a83551d 5213196 libarchive_3.6.2.orig.tar.xz
 c6f1cdc29571dd6b09d3776ae98404a81b2dbe970a2bd9dc0bd9ed183ca49b71 659 libarchive_3.6.2.orig.tar.xz.asc
 2f49baa07a4be8c66ac66bab2b5dc552427723d082ca54fa7e4d537a741f96a4 25376 libarchive_3.6.2-1ubuntu1.debian.tar.xz
 e34a7fc357ea1e9dd1589d9e3f3e65352f11cc37da3a86083c387e9f3a965868 8003 libarchive_3.6.2-1ubuntu1_source.buildinfo
Files:
 1589077d9d2425ae61e32fa31a60ddb2 2615 libs optional libarchive_3.6.2-1ubuntu1.dsc
 72cbb3c085624c825f627bfc8f52ce53 5213196 libs optional libarchive_3.6.2.orig.tar.xz
 fce14a9cae1725d38f714aa23a48e7da 659 libs optional libarchive_3.6.2.orig.tar.xz.asc
 2cf4fff80af743804efe20fd1b84a854 25376 libs optional libarchive_3.6.2-1ubuntu1.debian.tar.xz
 ff12edd9849b50356558e7b74cc10342 8003 libs optional libarchive_3.6.2-1ubuntu1_source.buildinfo
Original-Maintainer: Peter Pentchev <roam at debian.org>

More information about the lunar-changes mailing list