Accepted libarchive 3.6.2-1 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 24 Dec 2022 23:17:29 +0200
Source: libarchive
Architecture: source
Version: 3.6.2-1
Distribution: unstable
Urgency: medium
Maintainer: Peter Pentchev <roam@debian.org>
Changed-By: Peter Pentchev <roam@debian.org>
Closes: 1008953 1023392 1024669
Changes:
libarchive (3.6.2-1) unstable; urgency=medium
.
[ Debian Janitor ]
* Set upstream metadata fields: Bug-Database.
* Update standards version to 4.6.0, no changes needed.
.
[ Peter Pentchev ]
* Declare compliance with Policy 4.6.2 with no changes.
* Fix the licensing of the blake2-related files.
Closes: #1023392
* New upstream version:
- fix a ZIP read vulnerability (CVE-2022-28066)
Closes: #1008953
- fix a memory allocation vulnerability (CVE-2022-36227)
Closes: #1024669
- refresh the typos patch
- remove a lot of libarchive internal functions from the shared
library's symbols file. These functions were never present in
any of the public-facing libarchive header files, so they should
not be referenced by any libarchive consumers. In version 3.6.2,
libarchive switched to a "hide internal symbols" policy, so that
these symbols are now not present in the shipped shared library.
- drop the optional internal symbols regular expressions, too;
now that libarchive hides its internal symbols, the appearance of
any names like that in the generated symbols file would be a bug
- add the iconv-pkgconfig patch to drop the reference to "iconv"
from the .pc file: on Debian systems, iconv(3) is part of glibc
Checksums-Sha1:
9164ca861bee6d3a10e91e739624d2482ac48a17 2508 libarchive_3.6.2-1.dsc
35c971132e4ecb1679418d1713e328e415aac569 5213196 libarchive_3.6.2.orig.tar.xz
9c5ae31f3a3850ea301c1db8ccbd312f01e572ff 659 libarchive_3.6.2.orig.tar.xz.asc
8f28929965f84a16ba6d40de03cb6d0b9a7880ae 25264 libarchive_3.6.2-1.debian.tar.xz
d89cb29879f61f1733dcdefd7481a44cf42b7e11 8058 libarchive_3.6.2-1_amd64.buildinfo
Checksums-Sha256:
624069589f3712fed4026f034edfb07bac141ab533c8bbfdf3a69dee124909af 2508 libarchive_3.6.2-1.dsc
9e2c1b80d5fbe59b61308fdfab6c79b5021d7ff4ff2489fb12daf0a96a83551d 5213196 libarchive_3.6.2.orig.tar.xz
c6f1cdc29571dd6b09d3776ae98404a81b2dbe970a2bd9dc0bd9ed183ca49b71 659 libarchive_3.6.2.orig.tar.xz.asc
4947ff3435c9c55c27b79f1bef4808f083bdbcad7d5e54c59c7e41cf8188f386 25264 libarchive_3.6.2-1.debian.tar.xz
0b42c9ff08d8e8c081f30ebe43de9e2bedd98dbf5d32354bc275e231be0a479d 8058 libarchive_3.6.2-1_amd64.buildinfo
Files:
a91c3164c6c1b0d01ddd3683ce125cec 2508 libs optional libarchive_3.6.2-1.dsc
72cbb3c085624c825f627bfc8f52ce53 5213196 libs optional libarchive_3.6.2.orig.tar.xz
fce14a9cae1725d38f714aa23a48e7da 659 libs optional libarchive_3.6.2.orig.tar.xz.asc
d778ed77b21df62629e287be40794eef 25264 libs optional libarchive_3.6.2-1.debian.tar.xz
e315afc3cef7a09a8fa267f2e70913c1 8058 libs optional libarchive_3.6.2-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEELuenpRf8EkzxFcNUZR7vsCUn3xMFAmOnip8ACgkQZR7vsCUn
3xMOEQ/+PUl0tBhBsOP738MFgEnUBxTlNflVKcK/AODlHF2dksXPfs1jCmhmGy1m
EXeTNEpAjG8zqcNxJeNy2QMphd8cxuVW9flMAGvrpZ+yBuY/sFYDXjnYZWb36Y3m
+h+07ZZflwkKtGOCsZSqB+vwsf5t3IU4/+Ve9xDh4G9hrI+Z5WugjP1tEX0vjPyg
fI8FsMr/c6znWj+vaBrL/ZY+Pw7mfyh9cMFBi4pkOGa+c2hz840hrHtIFM6tRPer
u4cwApJLvJzxuyExm0MeKBEarxcv7XLkWjg0stpGhQsYNLjGgeseWCGFRD84e/Lw
D/io1BfYZIbHixRX3YBGYAd4zn9+gE5dZ6pHX9aMBJSXLHG4YDNbpe3FaYz4kPEs
tUOSpDIJrPMXXu9geM8exjW2GHuh+tTeZP+Oac+mHVawZp0pPzXPLg5QonSonyip
OO+i1J2Iq9JFBNogMZP8OPjM0StuA9uWKApK0EkcaoMcr1ObMq4oxgkhUIDbXr9v
scHNH7HFJqVvYNlqGyJOfVEE68ShNCcyCsEEnQcpraZZCv9DMqlYrqwjF06BigfL
NLZ+lUW6Sd9SU7y43TwA8Grexu7HoW7p54B4CjBjc/4LIsgwCcF2s3g10ZtWJ/8r
+P1BDEgaVYYGAwn0x2SgoOkI5mWIEhePOtAYN+AZYdp7sMA2njE=
=2vjd
-----END PGP SIGNATURE-----
Reply to: