Accepted libarchive 3.6.2-1 (source) into unstable
- To: debian-devel-changes@lists.debian.org
- Subject: Accepted libarchive 3.6.2-1 (source) into unstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sat, 24 Dec 2022 23:50:55 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: libarchive_3.6.2-1_source.changes
- Debian-source: libarchive
- Debian-suite: unstable
- Debian-version: 3.6.2-1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=vsii80CMJM4SBsNarxm+WcqU8bBBF0sFc9Vq87X08E0=; b=CfeTJi9uWL3vtYViUALKqIJw2F FE7b439nAOAfzVvqabDFdcRABfX+wAjeBxwKYH41q77ZdO3ygfaIyHKcgTKrYtF19KWvkMZn/J1UA zbwKmpVPzwvLOkXU37obKDEHt9b1Tqw3Df/d9fefY3TKP+KsnAzrzi/0PFJzJc+E0BaJ3hqSn0YHj TShOpQt5h+bbAstlpaicapjkM3FhxLQfpieJ9LjzDDtf9/9o8uHDJKx6856pdWu0IE2rTAxaot3jP hE03Zn49R4xNhEtQ6BNFXTYqqP8HWd8mCwR6q/PVhPAX4F4+8K4KYY2cnJhnTBfV6Cbq+j3QvlhQE SE484xjA==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1p9EI3-00Ezsw-QA@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 24 Dec 2022 23:17:29 +0200
Source: libarchive
Architecture: source
Version: 3.6.2-1
Distribution: unstable
Urgency: medium
Maintainer: Peter Pentchev <roam@debian.org>
Changed-By: Peter Pentchev <roam@debian.org>
Closes: 1008953 1023392 1024669
Changes:
libarchive (3.6.2-1) unstable; urgency=medium
.
[ Debian Janitor ]
* Set upstream metadata fields: Bug-Database.
* Update standards version to 4.6.0, no changes needed.
.
[ Peter Pentchev ]
* Declare compliance with Policy 4.6.2 with no changes.
* Fix the licensing of the blake2-related files.
Closes: #1023392
* New upstream version:
- fix a ZIP read vulnerability (CVE-2022-28066)
Closes: #1008953
- fix a memory allocation vulnerability (CVE-2022-36227)
Closes: #1024669
- refresh the typos patch
- remove a lot of libarchive internal functions from the shared
library's symbols file. These functions were never present in
any of the public-facing libarchive header files, so they should
not be referenced by any libarchive consumers. In version 3.6.2,
libarchive switched to a "hide internal symbols" policy, so that
these symbols are now not present in the shipped shared library.
- drop the optional internal symbols regular expressions, too;
now that libarchive hides its internal symbols, the appearance of
any names like that in the generated symbols file would be a bug
- add the iconv-pkgconfig patch to drop the reference to "iconv"
from the .pc file: on Debian systems, iconv(3) is part of glibc
Checksums-Sha1:
9164ca861bee6d3a10e91e739624d2482ac48a17 2508 libarchive_3.6.2-1.dsc
35c971132e4ecb1679418d1713e328e415aac569 5213196 libarchive_3.6.2.orig.tar.xz
9c5ae31f3a3850ea301c1db8ccbd312f01e572ff 659 libarchive_3.6.2.orig.tar.xz.asc
8f28929965f84a16ba6d40de03cb6d0b9a7880ae 25264 libarchive_3.6.2-1.debian.tar.xz
d89cb29879f61f1733dcdefd7481a44cf42b7e11 8058 libarchive_3.6.2-1_amd64.buildinfo
Checksums-Sha256:
624069589f3712fed4026f034edfb07bac141ab533c8bbfdf3a69dee124909af 2508 libarchive_3.6.2-1.dsc
9e2c1b80d5fbe59b61308fdfab6c79b5021d7ff4ff2489fb12daf0a96a83551d 5213196 libarchive_3.6.2.orig.tar.xz
c6f1cdc29571dd6b09d3776ae98404a81b2dbe970a2bd9dc0bd9ed183ca49b71 659 libarchive_3.6.2.orig.tar.xz.asc
4947ff3435c9c55c27b79f1bef4808f083bdbcad7d5e54c59c7e41cf8188f386 25264 libarchive_3.6.2-1.debian.tar.xz
0b42c9ff08d8e8c081f30ebe43de9e2bedd98dbf5d32354bc275e231be0a479d 8058 libarchive_3.6.2-1_amd64.buildinfo
Files:
a91c3164c6c1b0d01ddd3683ce125cec 2508 libs optional libarchive_3.6.2-1.dsc
72cbb3c085624c825f627bfc8f52ce53 5213196 libs optional libarchive_3.6.2.orig.tar.xz
fce14a9cae1725d38f714aa23a48e7da 659 libs optional libarchive_3.6.2.orig.tar.xz.asc
d778ed77b21df62629e287be40794eef 25264 libs optional libarchive_3.6.2-1.debian.tar.xz
e315afc3cef7a09a8fa267f2e70913c1 8058 libs optional libarchive_3.6.2-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEELuenpRf8EkzxFcNUZR7vsCUn3xMFAmOnip8ACgkQZR7vsCUn
3xMOEQ/+PUl0tBhBsOP738MFgEnUBxTlNflVKcK/AODlHF2dksXPfs1jCmhmGy1m
EXeTNEpAjG8zqcNxJeNy2QMphd8cxuVW9flMAGvrpZ+yBuY/sFYDXjnYZWb36Y3m
+h+07ZZflwkKtGOCsZSqB+vwsf5t3IU4/+Ve9xDh4G9hrI+Z5WugjP1tEX0vjPyg
fI8FsMr/c6znWj+vaBrL/ZY+Pw7mfyh9cMFBi4pkOGa+c2hz840hrHtIFM6tRPer
u4cwApJLvJzxuyExm0MeKBEarxcv7XLkWjg0stpGhQsYNLjGgeseWCGFRD84e/Lw
D/io1BfYZIbHixRX3YBGYAd4zn9+gE5dZ6pHX9aMBJSXLHG4YDNbpe3FaYz4kPEs
tUOSpDIJrPMXXu9geM8exjW2GHuh+tTeZP+Oac+mHVawZp0pPzXPLg5QonSonyip
OO+i1J2Iq9JFBNogMZP8OPjM0StuA9uWKApK0EkcaoMcr1ObMq4oxgkhUIDbXr9v
scHNH7HFJqVvYNlqGyJOfVEE68ShNCcyCsEEnQcpraZZCv9DMqlYrqwjF06BigfL
NLZ+lUW6Sd9SU7y43TwA8Grexu7HoW7p54B4CjBjc/4LIsgwCcF2s3g10ZtWJ/8r
+P1BDEgaVYYGAwn0x2SgoOkI5mWIEhePOtAYN+AZYdp7sMA2njE=
=2vjd
-----END PGP SIGNATURE-----