File: changelog

package info (click to toggle)
libarchive 3.7.4-4
links: PTS, VCS
area: main
in suites: forky, trixie
size: 26,584 kB
sloc: ansic: 163,058; sh: 5,417; makefile: 1,871; awk: 770; cpp: 41
file content (1065 lines) | stat: -rw-r--r-- 40,134 bytes
libarchive (3.7.4-4) unstable; urgency=medium

  * Add the CVE-2025-5914, CVE-2025-5915, CVE-2025-5916, and
    CVE-2025-5917 patches.
    Closes: #1107621, #1107622, #1107623, #1107626

 -- Peter Pentchev <roam@debian.org>  Thu, 24 Jul 2025 17:40:32 +0300

libarchive (3.7.4-3) unstable; urgency=medium

  * Rename the CVE-2025-1632 patch to CVE-2025-1632-25724, use the exact
    upstream commit that fixes two problems at once.
    Also closes: #1103479

 -- Peter Pentchev <roam@debian.org>  Sun, 27 Apr 2025 23:19:29 +0300

libarchive (3.7.4-2) unstable; urgency=high

  * Acknowledge NMU; thanks, Salvatore!
  * Point to the debian/trixie branch in the gbp.conf file since
    the master branch in the repository already contains changes that
    did not make it in time for the Trixie freeze.
  * Add the CVE-2025-1632 patch. Closes: #1103494
  * Add the year 2025 to my debian/* copyright notice.

 -- Peter Pentchev <roam@debian.org>  Sat, 26 Apr 2025 11:34:57 +0300

libarchive (3.7.4-1.1) unstable; urgency=medium

  * Non-maintainer upload.
  * rar4 reader: protect copy_from_lzss_window_to_unp() (CVE-2024-20696)
    (Closes: #1086155)

 -- Salvatore Bonaccorso <carnil@debian.org>  Fri, 01 Nov 2024 21:30:39 +0100

libarchive (3.7.4-1) unstable; urgency=medium

  * Drop a t64-related Lintian override.
  * Declare compliance with Policy 4.7.0 with no changes.
  * Use debhelper compat level 14:
    - use X-DH-Compat
    - let debhelper take care of some default dependencies
  * New upstream version:
    - use `git rm` in the `upstream` branch to remove two test files that
      was forgotten in the upstream tarball generation
    - update the symbols file
    - drop the fix-OOB-in-rar-e8-filter-2135, iso9660-hash, test-zstd-32bit, and
      robust-error-reporting patches, they were either taken from upstream or
      integrated there
    - refresh the typos patch
    - refresh the line numbers in the fix-OOB-* patches
  * Use debputy's X-Style: black.

 -- Peter Pentchev <roam@debian.org>  Wed, 07 Aug 2024 14:36:27 +0300

libarchive (3.7.2-2.1) unstable; urgency=medium

  * Non-maintainer upload.
  * fix: OOB in rar e8 filter (CVE-2024-26256) (Closes: #1072107)
  * fix: OOB in rar delta filter
  * fix: OOB in rar audio filter

 -- Salvatore Bonaccorso <carnil@debian.org>  Sat, 01 Jun 2024 15:50:51 +0200

libarchive (3.7.2-2) unstable; urgency=medium

  [ Luca Boccassi ]
  * libarchive-dev: depend on -dev packages in an attempt to
    fix pkg-config --static --libs
    Addresses: 1056317; more work needed on libarchive's own
    configure tests

  [ Peter Pentchev ]
  * Acknowledge Lukas Märdian 64-bit-time_t-related NMU. Thanks!
  * Add the year 2024 to my debian/* copyright notice.
  * Re-sort the dependencies lists in the debian/control file.
  * Switch the pkg-config dependency over to pkgconf.
  * Add the robust-error-reporting upstream patch. Closes: #1068047

 -- Peter Pentchev <roam@debian.org>  Sat, 30 Mar 2024 20:11:06 +0200

libarchive (3.7.2-1.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Rename libraries for 64-bit time_t transition.  Closes: #1062224

 -- Lukas Märdian <slyon@debian.org>  Thu, 29 Feb 2024 08:40:57 +0000

libarchive (3.7.2-1) unstable; urgency=medium

  * Add the iso9660-hash patch to fix file ordering. Closes: #1051322
  * Add the year 2023 to my debian/* copyright notice.
  * Declare compatibility with version 1 of the dpkg build API:
    - drop the implied Rules-Requires-Root declaration
    - include dpkg's default.mk file for completeness
  * Use dh-package-notes to record ELF package metadata.
  * New upstream version:
    - build and install the new bsdunzip tool in libarchive-tools
    - drop the iconv-pkgconfig patch, applied upstream
    - update the upstream copyright information
  * Do not detect -amd64 versions in the watch file.
  * Add the test-zstd-32bit upstream patch.

 -- Peter Pentchev <roam@debian.org>  Sat, 14 Oct 2023 18:28:55 +0300

libarchive (3.6.2-1) unstable; urgency=medium

  [ Debian Janitor ]
  * Set upstream metadata fields: Bug-Database.
  * Update standards version to 4.6.0, no changes needed.

  [ Peter Pentchev ]
  * Declare compliance with Policy 4.6.2 with no changes.
  * Fix the licensing of the blake2-related files.
    Closes: #1023392
  * New upstream version:
    - fix a ZIP read vulnerability (CVE-2022-28066)
      Closes: #1008953
    - fix a memory allocation vulnerability (CVE-2022-36227)
      Closes: #1024669
    - refresh the typos patch
    - remove a lot of libarchive internal functions from the shared
      library's symbols file. These functions were never present in
      any of the public-facing libarchive header files, so they should
      not be referenced by any libarchive consumers. In version 3.6.2,
      libarchive switched to a "hide internal symbols" policy, so that
      these symbols are now not present in the shipped shared library.
    - drop the optional internal symbols regular expressions, too;
      now that libarchive hides its internal symbols, the appearance of
      any names like that in the generated symbols file would be a bug
    - add the iconv-pkgconfig patch to drop the reference to "iconv"
      from the .pc file: on Debian systems, iconv(3) is part of glibc

 -- Peter Pentchev <roam@debian.org>  Sat, 24 Dec 2022 23:17:29 +0200

libarchive (3.6.0-1) unstable; urgency=medium

  * New upstream version (Closes: #1007120):
    - update the upstream copyright information
    - drop some patches that were taken from the upstream source:
      - lzip-large-dict
      - upstream-fix-32bit-size-cast
      - upstream-fixup-file-flags
      - upstream-fixup-symlinks
    - add another spelling correction to the typos patch
    - update the line numbers in the typos patch
  * Add the year 2022 to my debian/* copyright notice.
  * Reorder the copyright file so that it makes sense.

 -- Peter Pentchev <roam@debian.org>  Wed, 30 Mar 2022 13:04:33 +0300

libarchive (3.5.2-1) unstable; urgency=medium

  * Declare compliance with Debian Policy 4.6.0 with no changes.
  * Add the year 2021 to my debian/* copyright notice.
  * Drop the Breaks/Replaces relations for pre-oldstable versions of
    bsdtar and bsdcpio.
  * Fix some shellcheck complaints about the minitar autopkgtest.
  * Use a comma, not a semicolon, in the Origin DEP-3 header.
  * Annotate the sharutils build dependency with <!nocheck>.
    Closes: #981654
  * Drop the obsolete libattr1-dev build dependency. At the moment it is
    still pulled in by libacl1-dev, but there is no reason for us not to
    do the right thing, so that everything goes right when libacl1-dev
    corrects its build dependency. Closes: #953931
  * New upstream version:
    - fix handling of symlink ACLs; Closes: 1001986
    - never follow symlinks when setting file flags; Closes: 1001990
    - update the upstream copyright information
    - drop some patches that were taken from the upstream source:
      - upstream-cpio-hardlink-type
      - upstream-cpio-rdev
      - upstream-unneeded-strlen
      - upstream-hardlink-to-self
      - upstream-set-format-error
      - upstream-rar-read-format
      - upstream-memory-stdlib
      - upstream-max-comp-level
      - upstream-isint-w
    - update the library symbols file
  * Add the lzip-large-dict patch to support larger lzip dictionaries.
    Closes: #1001901
  * Add the upstream-fixup-symlinks, upstream-fixup-file-flags, and
    upstream-fix-32bit-size-cast patches, importing three upstream
    post-3.5.2 commits.

 -- Peter Pentchev <roam@debian.org>  Wed, 22 Dec 2021 19:51:54 +0200

libarchive (3.4.3-2) unstable; urgency=medium

  * Add some more upstream patches:
    - upstream-isint-w
    - upstream-unneeded-strlen
    - upstream-hardlink-to-self
    - upstream-set-format-error (with a typo corrected)
    - upstream-rar-read-format
    - upstream-memory-stdlib
    - upstream-max-comp-level
  * Drop the unused liblzo2 build dependency. According to upstream,
    distributing libarchive binaries linked against liblzo2 violates
    the liblzo2 GPL license, so libarchive does not even use it unless
    explicitly requested, which we do not do anyway.
  * Fix two problems related to cross-building libarchive.
    Closes: #966637
    - drop the gcc B-D that I added as a reminder that dropping --as-needed
      was because it is handled automatically
    - annotate the test dependencies with <!nocheck>; since we never run
      the upstream test suite automatically, but only if the non-standard
      "check" build option is specified, this has no effect on normal builds,
      but it will fix cross-builds

 -- Peter Pentchev <roam@debian.org>  Sat, 01 Aug 2020 21:46:12 +0300

libarchive (3.4.3-1) unstable; urgency=medium

  * New upstream release:
    - update the upstream signing key
    - update the typos patch, correct some more mistakes
    - drop all the upstream-* patches
    - add an upstream copyright notice for a new file
  * Add the upstream-cpio-rdev and upstream-cpio-hardlink-type patches.

 -- Peter Pentchev <roam@debian.org>  Wed, 03 Jun 2020 16:40:28 +0300

libarchive (3.4.2-1) unstable; urgency=medium

  * Minor correction to the debian/watch file to catch up with
    the upstream site links.
  * New upstream release:
    - drop some patches that were taken from upstream:
      - upstream-rar-use-after-free
      - upstream-rar-uaf-test-eof
      - upstream-rar-window-mask
      - upstream-rar-window-test
      - upstream-rar-filter-beyond
      - upstream-archive-read-sparse
      - upstream-archive-clean
      - upstream-doc-7zip-zip
      - upstream-open-without-openat
      - upstream-lz4-uint32
      - CVE-2020-9308 patch
    - drop most of the typos patch - integrated upstream
    - update the upstream copyright years
  * Add some more corrections to the typos patch.
  * Drop the Name and Contact upstream metadata fields.
  * Drop the phony "build" target.
  * Do not pass "--as-needed" to the linker: recent versions of the Debian
    GCC package do that by default. Just in case, add a build dependency on
    a recent version so that it is not forgotten e.g. in a backport.
  * Add some upstream patches since 3.4.2.
  * Update to debhelper compat level 13:
    - `dh_missing --fail-missing` is the default now
    - use execute_before/execute_after targets
  * Drop the local-options file.

 -- Peter Pentchev <roam@debian.org>  Sat, 09 May 2020 22:04:02 +0300

libarchive (3.4.0-2) unstable; urgency=medium

  * Declare compliance with Debian Policy 4.5.0 with no changes.
  * Add the year 2020 to my debian/* copyright notice.
  * Add the CVE-2020-9308 patch - invalid RAR5 headers. (Closes: #951759)
  * Make the autopkgtests cross-test-friendly. (Closes: #953140)

 -- Peter Pentchev <roam@debian.org>  Sat, 07 Mar 2020 16:28:00 +0200

libarchive (3.4.0-1) unstable; urgency=medium

  * Declare compliance with Debian Policy 4.4.0 with no changes.
  * Mark the adequate test as superficial and give it a name.
  * Update the watch file a bit:
    - use the version 4 format placeholders
    - drop the "pasv" option, no FTP upstream sites
    - add the upstream signing key
  * Run all available Salsa CI jobs.
  * Drop the bsdtar and bsdcpio transitional packages.
    Closes: #940745, #940753
  * New upstream version:
    - drop all the patches obtained from the upstream Git repository
      (CVE-2018-1000877, CVE-2018-1000878, CVE-2018-1000879,
       CVE-2018-1000880, CVE-2019-1000019, CVE-2019-1000020, and
       zip-nullptr)
    - update the library symbols file
  * Add some bugfix patches obtained from upstream.
  * Add the typos patch to correct some typographical and grammatical
    errors.
  * Update the upstream copyright information.

 -- Peter Pentchev <roam@debian.org>  Sat, 21 Sep 2019 01:44:44 +0300

libarchive (3.3.3-4) unstable; urgency=medium

  * Add three upstream patches:
    - CVE-2019-1000019: fix a crash when parsing some 7zip archives
    - CVE-2019-1000020: require the RockRidge extension for iso9660
    - zip-nullptr: fix a null pointer deference in ZIP files handling

 -- Peter Pentchev <roam@debian.org>  Wed, 06 Feb 2019 11:01:25 +0200

libarchive (3.3.3-3) unstable; urgency=medium

  [ Andreas Henriksson ]
  * Build-depend on libext2fs-dev instead of e2fslibs-dev (Closes: #890210)
  * CI: Use the salsa-ci-team pipeline

  [ Peter Pentchev ]
  * Declare compliance with Debian Policy 4.3.0 with no changes.
  * Bump the debhelper compatibility level to 12 with no changes.
  * Add my copyright notice for debian/*.
  * Extend Andreas Henriksson's copyright notice all the way to 2019.

 -- Peter Pentchev <roam@debian.org>  Sat, 05 Jan 2019 19:07:02 +0200

libarchive (3.3.3-2) unstable; urgency=medium

  * Add Daniel Axtens's security and reliability patches:
    - CVE-2018-1000877.patch: Closes: #916964
    - CVE-2018-1000878.patch: Closes: #916963
    - CVE-2018-1000879.patch: Closes: #916962
    - CVE-2018-1000880.patch: Closes: #916960
    - all merged upstream in https://github.com/libarchive/libarchive/pull/1105
    Thanks to Salvatore Bonaccorso for filing the Debian bugs!

 -- Peter Pentchev <roam@debian.org>  Fri, 21 Dec 2018 18:01:29 +0200

libarchive (3.3.3-1) unstable; urgency=medium

  [ Peter Pentchev ]
  * Declare compliance with Debian Policy 4.2.1 with no changes.
  * Drop the Lintian overrides related to B-D: debhelper-compat -
    Lintian 2.5.98 no longer emits these warnings and errors.
  * Build with zstd compression support.
  * Pass --fail-missing to dh_missing, not to dh_install any more.

  [ Andreas Henriksson ]
  * New upstream release.
  * Drop debian/patches/ now part of upstream release:
    - Avoid-a-read-off-by-one-error-for-UTF16-names-in-RAR.patch
    - Do-something-sensible-for-empty-strings-to-make-fuzz.patch
    - Fail-with-negative-lha-compsize-in-lha_read_file_header_1.patch
    - Reject-LHA-archive-entries-with-negative-size.patch
    - Reread-the-CAB-header-skipping-the-self-extracting-b.patch
    - archive_strncat_l-allocate-and-do-not-convert-if-len.patch
    - iso9660-validate-directory-record-length.patch
  * Update libarchive13.symbols

 -- Peter Pentchev <roam@debian.org>  Sat, 15 Dec 2018 02:01:01 +0200

libarchive (3.2.2-5) unstable; urgency=medium

  * Acknowledge NMUs; many thanks to Salvatore Bonaccorso!
  * Use my Debian e-mail address.
  * Declare compliance with Debian Policy 4.2.0:
    - add Rules-Requires-Root: no to the source control stanza
    - install the upstream release notes (NEWS)
  * Drop the duplicate Priority fields for the binary packages.
  * Switch to the HTTPS scheme in various upstream and Debian
    packaging URLs.
  * Drop some trailing whitespace from old changelog entries.
  * Bump the debhelper compatibility level to 11 with no changes and
    use the B-D: debhelper-compat (= 11) mechanism.
  * Add a trivial autopkgtest running adequate on the binary packages.

 -- Peter Pentchev <roam@debian.org>  Sat, 25 Aug 2018 18:28:10 +0300

libarchive (3.2.2-4.2) unstable; urgency=medium

  * Non-maintainer upload.
  * iso9660: validate directory record length (CVE-2017-14501)
    (Closes: #875966)

 -- Salvatore Bonaccorso <carnil@debian.org>  Sun, 05 Aug 2018 08:18:10 +0200

libarchive (3.2.2-4.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Reject LHA archive entries with negative size (CVE-2017-14503)
    (Closes: #875960)
  * Avoid a read off-by-one error for UTF16 names in RAR archives
    (CVE-2017-14502)
    (Closes: #875974)

 -- Salvatore Bonaccorso <carnil@debian.org>  Wed, 25 Jul 2018 21:29:42 +0200

libarchive (3.2.2-4) unstable; urgency=medium

  * Team upload.
  * debian/control: Update Vcs-* fields for move to salsa.debian.org
  * debian/control: Replace Priority: extra with optional

 -- Andreas Henriksson <andreas@fatal.se>  Thu, 31 May 2018 00:01:28 +0200

libarchive (3.2.2-3.1) unstable; urgency=high

  * Non-maintainer upload.
  * Reupload 3.2.2-2.1 on top of 3.2.2-3
  * archive_strncat_l(): allocate and do not convert if length == 0
    (CVE-2016-10209) (Closes: #859456)
  * Reread the CAB header skipping the self-extracting binary code
    (CVE-2016-10349, CVE-2016-10350) (Closes: #861609)
  * Do something sensible for empty strings to make fuzzers happy
    (CVE-2017-14166)
    Fixes heap-based buffer over-read in the atol8 function. (Closes: #874539)

 -- Salvatore Bonaccorso <carnil@debian.org>  Thu, 14 Sep 2017 16:02:10 +0200

libarchive (3.2.2-3) unstable; urgency=medium

  * Remove myself from uploaders
  * Promote Peter to primary maintainer replacing team address

 -- Andreas Henriksson <andreas@fatal.se>  Thu, 14 Sep 2017 11:08:48 +0200

libarchive (3.2.2-2) unstable; urgency=medium

  * Disable tests (Closes: #859455)

 -- Andreas Henriksson <andreas@fatal.se>  Mon, 03 Apr 2017 22:20:05 +0200

libarchive (3.2.2-1) unstable; urgency=medium

  * Shorten long line in previous changelog entry to please lintian.
  * debian/gbp.conf: add upstream-vcs-tag for import-orig
  * New upstream release.
  * Drop patches now part of upstream release.
  * Stop shipping README for now

 -- Andreas Henriksson <andreas@fatal.se>  Mon, 03 Apr 2017 17:17:02 +0200

libarchive (3.2.1-6) unstable; urgency=medium

  * Add d/p/Fail-with-negative-lha-compsize-in-lha_read_file_header_1.patch
    - Cherry-pick upstream commit 98dcbbf0bf4854bf987557
      "Fail with negative lha->compsize in lha_read_file_header_1()"
      Secunia SA74169, CVE-2017-5601 (Closes: #853278)

 -- Andreas Henriksson <andreas@fatal.se>  Tue, 31 Jan 2017 10:25:56 +0100

libarchive (3.2.1-5) unstable; urgency=medium

  * Cherry-pick upstream commits 7f17c791, eec077f5, e37b620f
    - Fixes for upstream issues 747, 761, 767 also known as
      CVE-2016-8689, CVE-2016-8688, CVE-2016-8687
    (Closes: #840934, #840935, #840936)

 -- Andreas Henriksson <andreas@fatal.se>  Sun, 16 Oct 2016 15:41:59 +0200

libarchive (3.2.1-4) unstable; urgency=medium

  * Bump debhelper compat to 10
  * Install manpages via debian/*.install
  * libarchive-dev: ship examples/ directory (Closes: #659650)
  * Use the "fail-missing" dh_install option
  * Cherry-pick upstream commits for CVE-2016-5418 (Closes: #837714)

 -- Andreas Henriksson <andreas@fatal.se>  Thu, 06 Oct 2016 23:01:41 +0200

libarchive (3.2.1-3) unstable; urgency=medium

  [ Michael Biebl ]
  * (Re)add debian/libarchive13.symbols (Closes: #838775)

  [ Andreas Henriksson ]
  * Mark leaked private symbols as optional for now until fixed upstream
  * Fail to build when symbols file is outdated

 -- Andreas Henriksson <andreas@fatal.se>  Thu, 06 Oct 2016 18:18:41 +0200

libarchive (3.2.1-2) unstable; urgency=medium

  * The "welcome Peter to the team" upload

  [ Peter Pentchev ]
  * Declare compliancy with Debian Policy 3.9.8 with no changes.
  * Remove the "XS-Testsuite: autopkgtest" header from the control file:
    it has not been "XS-" for some time, and it is added by default by
    dpkg-1.17.11 when debian/tests/control is present.
  * Use the HTTPS scheme for the Alioth VCS URLs.
  * Switch to Alioth's cgit in the Vcs-Browser source control field.
  * Convert the copyright file to the machine-readable format.
  * Fill in the upstream metadata file.
  * Enable full build hardening.
  * Pass --as-needed to the linker to avoid overlinking.
  * Bump the debhelper build dependency to version 9 to reflect
    the debhelper compatibility level and drop the now-unused Lintian
    override.
  * Fold the bsdtar and bsdcpio packages into the new libarchive-tools
    binary package and install bsdcat into it, too.  Make bsdtar and
    bsdcpio transitional dummy packages.
  * Drop the Breaks and Replaces relations to libarchive1, it's not
    even in oldstable any more.
  * Drop the misc:Pre-Depends that were needed for the multi-arch
    transition; dpkg-dev adds them automatically now.
  * Fix a typo in README.Debian.
  * Add an upstream patch to replace the use of SIGRTMAX with something
    that calculates the exact value of the highest signal actually used;
    hopefully this fixes the FTBFS on the GNU Hurd.
  * Drop the outdated and unused SONAME mismatch Lintian override.
  * Re-enable the use of minitar for extraction, too, in the CI test;
    keep the untar test for completeness.
  * Add the Typos patch to fix a couple of typographical errors.
  * Add the Candidate patch to fix a typographical error in a structure
    member field and, consequently, update all references to it.
  * Add the CPPCheck patch to fix some issues reported by cppcheck.

  [ Andreas Henriksson ]
  * Add Peter Pentchev to Uploaders

 -- Andreas Henriksson <andreas@fatal.se>  Mon, 25 Jul 2016 17:54:13 +0200

libarchive (3.2.1-1) unstable; urgency=medium

  * New upstream release.
    - Includes fixes for CVE-2015-8934, CVE-2016-4300, CVE-2016-4301,
      CVE-2016-4302, CVE-2016-4809 and CVE-2016-5844.
  * Add patch cherry-picked from upstream fixing build with xz-utils < 5.2

 -- Andreas Henriksson <andreas@fatal.se>  Sun, 26 Jun 2016 21:28:27 +0200

libarchive (3.2.0-2) unstable; urgency=medium

  * Add CVE identifiers to previous changelog entry.
  * Upload to unstable.

 -- Andreas Henriksson <andreas@fatal.se>  Wed, 01 Jun 2016 07:34:12 +0200

libarchive (3.2.0-1) experimental; urgency=medium

  * CVE-2016-1541: heap-based buffer overflow due to improper input
     validation (Closes: #823893)
  * New upstream test release (3.1.901a).
  * Add liblz4-dev build-dependency to enable lz4 support.
  * Enable new bsdcat utility in separate package
  * Drop all patches, now included in release.
  * Add pkg-config build-dependency
  * Have dh-autoreconf use upstream build/autogen.sh
  * New upstream release (3.2.0).

 -- Andreas Henriksson <andreas@fatal.se>  Fri, 06 May 2016 10:08:56 +0200

libarchive (3.1.2-11) unstable; urgency=medium

  * Add d/p/Add-ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS-option.patch
    (Closes: #778266)

 -- Andreas Henriksson <andreas@fatal.se>  Thu, 05 Mar 2015 14:54:43 +0100

libarchive (3.1.2-10) unstable; urgency=medium

  * Add d/p/Do-not-overwrite-file-size-if-the-local-file-header-.patch
    - cherry-picked from upstream git commit e234932de2474c4f99787
    Thanks to Maximiliano Curia (Closes: #769290)

 -- Andreas Henriksson <andreas@fatal.se>  Thu, 20 Nov 2014 21:10:43 +0100

libarchive (3.1.2-9) unstable; urgency=medium

  [ Andreas Henriksson ]
  * Drop Andres Mejia from Uploaders by request of MIA (Closes: #743538)

  [ Breno Leitao ]
  * Use dh-autoreconf for the benefit of ppc64el (Closes: #750483)

  [ Andreas Henriksson ]
  * Bump Standards-Version to 3.9.5

 -- Andreas Henriksson <andreas@fatal.se>  Sun, 17 Aug 2014 10:45:27 +0200

libarchive (3.1.2-8) unstable; urgency=medium

  [ Michael Terry ]
  * Fix DEP8 minitar test to use application/gzip (Closes: #731962)

  [ Daniel Schepler ]
  * Implement DEB_BUILD_OPTIONS=nocheck (Closes: #738159)

 -- Andreas Henriksson <andreas@fatal.se>  Wed, 12 Feb 2014 22:53:33 +0100

libarchive (3.1.2-7) unstable; urgency=low

  * Upload to unstable.

 -- Andres Mejia <amejia@debian.org>  Sat, 25 May 2013 16:07:06 -0400

libarchive (3.1.2-6) experimental; urgency=low

  [ Andreas Henriksson ]
  * Merge debian-wheezy branch containing package revision 3.0.4-3.

  [ Andres Mejia ]
  * Remove gbp config overrides.
  * Remove lrzip build dependency as test cases fail on certain architectures.

 -- Andres Mejia <amejia@debian.org>  Tue, 07 May 2013 21:44:50 -0400

libarchive (3.1.2-5) experimental; urgency=low

  * Update patch to fix LZO test cases to use changes from upstream.
  * Update homepage field for new homepage URL.
  * Add upstream changes to fix building libarchive with lrzip support.

 -- Andres Mejia <amejia@debian.org>  Sun, 24 Feb 2013 16:44:32 -0500

libarchive (3.1.2-4) experimental; urgency=low

  * Add mtree filename length fix from upstream.
  * Add fix for LZO test cases.
  * Renable LZO support.
  * Bump Standards-Version to 3.9.4.

 -- Andres Mejia <amejia@debian.org>  Sat, 23 Feb 2013 23:44:26 -0500

libarchive (3.1.2-3) experimental; urgency=low

  * Update gbp.conf to point to branches used for libarchive packaging in
    experimental.
  * Disable LZO support, it is broken on some architectures.

 -- Andres Mejia <amejia@debian.org>  Sun, 10 Feb 2013 12:43:35 -0500

libarchive (3.1.2-2) experimental; urgency=low

  * Update patches to use changes applied upstream.

 -- Andres Mejia <amejia@debian.org>  Sat, 09 Feb 2013 15:13:20 -0500

libarchive (3.1.2-1) experimental; urgency=low

  * New upstream release.
  * Enable LZO support.

 -- Andres Mejia <amejia@debian.org>  Sat, 09 Feb 2013 13:37:34 -0500

libarchive (3.1.1-1) experimental; urgency=low

  * New upstream release.

 -- Andres Mejia <amejia@debian.org>  Wed, 16 Jan 2013 17:06:36 -0500

libarchive (3.1.0-1) experimental; urgency=low

  [ Benjamin Drung ]
  * Add autopkgtest (LP: #1073390).

  [ Martin Pitt ]
  * Add examples-offset-type.patch: Fix offset data type in examples.

  [ Andres Mejia ]
  * New upstream release.

 -- Andres Mejia <amejia@debian.org>  Sun, 13 Jan 2013 22:00:14 -0500

libarchive (3.0.4-3) unstable; urgency=low

  * Add patch that fixes CVE-2013-0211. (Closes: #703957)

 -- Andreas Henriksson <andreas@fatal.se>  Wed, 27 Mar 2013 16:20:36 +0100

libarchive (3.0.4-2) unstable; urgency=low

  * Add debian/patches/gcc-4.7-fixes-from-upstream.patch
    (Closes: #674368, #672690)

 -- Andreas Henriksson <andreas@fatal.se>  Thu, 24 May 2012 14:49:41 +0200

libarchive (3.0.4-1) unstable; urgency=low

  * New upstream release.
  * Patches removed, applied upstream.

 -- Andres Mejia <amejia@debian.org>  Thu, 29 Mar 2012 09:44:15 -0400

libarchive (3.0.3-7) unstable; urgency=low

  * Allow the dev package to be multi-arch installable.
  * Set verbosity level to 1 for test programs. This incorporates upstream
    commit 7cd65cd07cfa2693455d174049b4887434041695. (Closes: #662716)
  * Fixup package description about ISO support. (Closes: #659651)

 -- Andres Mejia <amejia@debian.org>  Fri, 16 Mar 2012 16:21:21 -0400

libarchive (3.0.3-6) unstable; urgency=low

  * Add patch to fix infinite loop in xps files (Closes: #662603)
    - Thanks for the patch to Savvas Radevic!

 -- Andreas Henriksson <andreas@fatal.se>  Mon, 05 Mar 2012 16:23:05 +0100

libarchive (3.0.3-5) unstable; urgency=low

  * Detect if locales or locales-all is installed for use with test suite.
  * Bump Standards-Version to 3.9.3.

 -- Andres Mejia <amejia@debian.org>  Thu, 23 Feb 2012 19:29:24 -0500

libarchive (3.0.3-4) unstable; urgency=low

  * Ensure tests are not run via root. (Closes: #659294)

 -- Andres Mejia <amejia@debian.org>  Tue, 21 Feb 2012 16:01:26 -0500

libarchive (3.0.3-3) unstable; urgency=low

  * Update watch file to use new home for downloads.

 -- Andres Mejia <amejia@debian.org>  Mon, 06 Feb 2012 17:04:34 -0500

libarchive (3.0.3-2) unstable; urgency=low

  * Upload to unstable.
  * Update homepage to libarchive's new home.

 -- Andres Mejia <amejia@debian.org>  Mon, 06 Feb 2012 16:37:07 -0500

libarchive (3.0.3-1) experimental; urgency=low

  * New upstream release.
  * Fix for hurd build failure included in new release. (Closes: #653458)
  * Update copyright file.

 -- Andres Mejia <amejia@debian.org>  Mon, 16 Jan 2012 11:49:46 -0500

libarchive (3.0.2-3) experimental; urgency=low

  * Prepare an upload to experimental.

 -- Andres Mejia <amejia@debian.org>  Sat, 24 Dec 2011 20:39:17 -0500

libarchive (3.0.2-1) unstable; urgency=low

  * Prepare new upstream release.
  * Update package descriptions, deleting some information that doesn't
    apply to current build of packages.
  * Rename shared library package for soname bump.
  * Remove symbols files. Symbols file needs to be maintained better. Also,
    numerous symbols were in the file which were meant to stay private
    (all the __archive_* symbols for example).

 -- Andres Mejia <amejia@debian.org>  Sat, 24 Dec 2011 15:47:39 -0500

libarchive (3.0.1b-1) experimental; urgency=low

  * Package latest testing release.
  * Update debian/control, noting new 7zip support.
  * Fix package description for bsdcpio.
  * Update symbols file for new symbols added in libarchive-3.0.1b.

 -- Andres Mejia <amejia@debian.org>  Fri, 16 Dec 2011 17:28:03 -0500

libarchive (3.0.0a-1) experimental; urgency=low

  * Package testing release of libarchive for experimental.
  * Better ext2 file attribute/flag support included in new release.
    (Closes: #615875)
  * Remove all patches, applied in upstream source.
  * Add option to unapply patches for dpkg-source v3.
  * Change package name libarchive1 to libarchive11 to match soname bump.
  * Rename files used in packaging libarchive11.
  * Build depend on Nettle library.
  * Add mention of rar support in package description.
  * Remove installation of symlink for libarchive library file.
  * Explicitely build without openssl and with nettle support.
  * Add proper depends to new libarchive11 package.
  * Update symbols file for libarchive11.
  * Ensure bsdtar and bsdcpio are linked to shared library dynamically.
  * Build en_US.UTF-8 locale at runtime to pass test suite.

 -- Andres Mejia <amejia@debian.org>  Fri, 16 Dec 2011 16:31:37 -0500

libarchive (2.8.5-5) unstable; urgency=medium

  * Backport fixes for fix for CVE-2011-1777 and CVE-2011-1778.
    (Closes: #651844)
  * Fix build failure for GNU/Hurd. (Closes: #651995)
  * Regenerate autoreconf patch.

 -- Andres Mejia <amejia@debian.org>  Wed, 14 Dec 2011 12:18:31 -0500

libarchive (2.8.5-4) unstable; urgency=low

  [ Andres Mejia ]
  * Improve each packages' long description.
  * Refresh all patches.

  [ Samuel Thibault ]
  * Skip libacl1-dev build dependency on hurd (Closes: #645403)

  [ Andreas Henriksson ]
  * Add 0009-Patch-from-upstream-rev-3751.patch (Closes: #641265)
    + Thanks to Michael Cree for figuring out the details.

 -- Andres Mejia <amejia@debian.org>  Sun, 11 Dec 2011 21:55:59 -0500

libarchive (2.8.5-3) unstable; urgency=low

  * Fix upgrade breakage because of manpages being moved from libarchive1 to
    libarchive-dev. (Closes: #641978)
  * Make short descriptions for packages unique.
  * Explicitly set config options to be used during builds.

 -- Andres Mejia <amejia@debian.org>  Sun, 18 Sep 2011 10:25:34 -0400

libarchive (2.8.5-2) unstable; urgency=low

  * Add gbp.conf to enable pristine-tar to true by default.
  * Add myself to uploaders field.
  * Add default options to fail on any upstream changes during a build.
  * Bump Standards-Version to 3.9.2.
  * Remove duplicate "Section" field.
  * Remove unnecessary use of *.dirs dh files.
  * Remove unneeded build-deps.
  * Provide patch that implements changes made after running autoreconf -vif.
  * Remove generic comments from debian/rules.
  * Support parallel builds.
  * Remove commented lines from install file.
  * Add docs to all packages except the shared library package.
  * Remove unneeded use of 'debian/tmp' in path for install files.
  * Provide different mechanism to install symlink for libarchive1 package.
  * Move all manpages for libarchive1 to libarchive-dev.
  * Move libarchive-dev control stanza up. This will make libarchive-dev the
    default package for installing files into, such as the README.Debian.
  * Convert libarchive into multiarch library package.
  * Update Vcs-* entries.

 -- Andres Mejia <amejia@debian.org>  Sat, 17 Sep 2011 18:50:11 -0400

libarchive (2.8.5-1) unstable; urgency=low

  * Add 0010-Patch-from-upstream-rev-2811.patch
  * Drop "update-patch-series" target from debian/rules
  * Convert package to dh7
  * Imported Upstream version 2.8.5 (Closes: #640524)
  * Rebase patch queue and drop patches merged upstream
    - dropped 0003-Patch-from-upstream-rev-2516.patch
    - dropped 0010-Patch-from-upstream-rev-2811.patch

 -- Andreas Henriksson <andreas@fatal.se>  Mon, 05 Sep 2011 17:35:36 +0200

libarchive (2.8.4-2) unstable; urgency=low

  * update-patch-series:
    + replace local patch with upstream commit.
      (Rebase patches branch to drop commit/patch
       "0007-Ignore-ENOSYS-error-when-sett...", in favor of upstream
       revision 2537 added as "0007-Patch-from-upstream-rev-2537.patch")
    + add 0008-Patch-from-upstream-rev-2888.patch (Closes: #610079)
    + add 0009-Patch-from-upstream-rev-2940.patch (Closes: #610783)

 -- Andreas Henriksson <andreas@fatal.se>  Tue, 09 Aug 2011 13:39:10 +0200

libarchive (2.8.4-1) unstable; urgency=low

  * Update debian/watch for new code.google.com layout.
  * update patch series:
    + added 0003-Patch-from-upstream-rev-2516.patch
      - Compatibility with WinISO generated iso files (Closes: #587513)
    + added 0004-Patch-from-upstream-rev-2514.patch
    + added 0005-Patch-from-upstream-rev-2520.patch
      - Enable version stripping code in iso9660/joliet (Closes: #587316)
  * Imported Upstream version 2.8.4
  * update-patch-series:
    + added 0006-Patch-from-upstream-rev-2521.patch
    + added 0007-Ignore-ENOSYS-error-when-sett... (Closes: #588925)
      - Big thanks to Modestas Vainius for awesome debugging!

 -- Andreas Henriksson <andreas@fatal.se>  Thu, 15 Jul 2010 14:45:06 +0200

libarchive (2.8.3-1) unstable; urgency=low

  * Imported Upstream version 2.8.3
  * update-patch-series: 0001-Clear-archive_error_number-in-archiv...
    - gvfs has been fixed since, workaround not needed anymore.

 -- Andreas Henriksson <andreas@fatal.se>  Fri, 23 Apr 2010 13:25:33 +0200

libarchive (2.8.0-2) unstable; urgency=low

  * Clean up libarchive.la file. (Closes: #571468)
    - Thanks to Sune Vuorela for suggesting this fix.
  * Update patch series:
    + added two patches matching revision 1990, 1991 from upstream
      regarding PATH_MAX hopefully fixing build on Hurd.

 -- Andreas Henriksson <andreas@fatal.se>  Thu, 25 Feb 2010 22:31:13 +0100

libarchive (2.8.0-1) unstable; urgency=low

  * Set myself as maintainer (Closes: #570539).
    + co-maintainers welcome!
  * Imported Upstream version 2.8.0 (Closes: #559158)
  * Drop debian revision in symbols file.
  * Updated symbols for 2.8
  * Update rules for new build directory (config.aux -> build/autoconf)
  * Replace ${Source-Version} with ${source:Version} in control file.
  * Drop debian/shlibs.local.ex
  * Bump debhelper compatibility level to 5.
  * Stop trying to install non-existant usr/share/pkgconfig
  * Update Vcs fields to point to new collab-maint repository.
  * Update debian/copyright
  * Bump Standards-Version to 3.8.4
  * Add update-patch-series target in debian/rules.
  * Added patch to fix gvfsd-archive problems:
    + 0001-Clear-archive_error_number-in-archive_clear_error.patch
    (from http://bugs.gentoo.org/show_bug.cgi?id=289260#c1 )
  * Switch to dpkg-source 3.0 (quilt) format
  * Split Build-Depends on multiple lines.
  * Add liblzma-dev to Build-Depends for lzma support.
  * Add Build-Depends on libxml2-dev for xar support.
  * Explicitly give --without-openssl to configure.

 -- Andreas Henriksson <andreas@fatal.se>  Tue, 23 Feb 2010 20:50:25 +0100

libarchive (2.6.2-2) unstable; urgency=low

  * Orphaning the package; set maintainer to QA group.

 -- John Goerzen <jgoerzen@complete.org>  Fri, 19 Feb 2010 11:23:14 -0600

libarchive (2.6.2-1) unstable; urgency=low

  * New Upstream Version.  Closes: #516577.
  * Update watch file to new homepage.  Closes: #517398.

 -- John Goerzen <jgoerzen@complete.org>  Thu, 12 Mar 2009 09:32:31 -0500

libarchive (2.6.1-1) unstable; urgency=low

  * New Upstream Version
  * Update homepage.  Closes: #514835.
  * Clean up Debian rules.  Patch partially from Bernhard R. Link.
    Closes: #480495.

 -- John Goerzen <jgoerzen@complete.org>  Thu, 19 Feb 2009 09:28:57 -0600

libarchive (2.4.17-2) unstable; urgency=high

  [ John Goerzen ]
  * Ignore failures in test suite due to bugs in the testsuite that were
    turning into FTBFS bugs.  Closes: #474400.

  * Added README.Debian documenting need for largefile suport in
    sources. Mostly used suggested text found in #479728.  Closes:
    #479728.

  [ Bernhard R. Link ]
  * Added symbols file for libarchive.  Closes: #476516.

 -- John Goerzen <jgoerzen@complete.org>  Thu, 05 Jun 2008 15:42:57 -0500

libarchive (2.4.17-1) unstable; urgency=high

  * New Upstream Version
  * This upstream version corrected several problems with the testsuite.
    Therefore, we can now run test suite after build.  Closes: #473221.
  * uudecode is now used as part of the build.  Added build-dep on sharutils.
    Fixes FTBFS.  Closes: #473266.

 -- John Goerzen <jgoerzen@complete.org>  Thu, 03 Apr 2008 09:25:04 -0500

libarchive (2.4.14-1) unstable; urgency=high

  * New upstream release.  Closes: #465061, #448292.  #465061 is grave bug,
    so setting urgency high.
  * Added Vcs-* and Homepage lines to debian/control

 -- John Goerzen <jgoerzen@complete.org>  Sat, 29 Mar 2008 10:14:21 -0500

libarchive (2.4.11-1) unstable; urgency=low

  * New upstream version.
  * Move bsdtar to section utils.  Closes: #460988.
  * Added bsdcpio package due to new upstream cpio command.

 -- John Goerzen <jgoerzen@complete.org>  Mon, 21 Jan 2008 10:02:29 -0600

libarchive (2.2.4-1) unstable; urgency=high

  * New upstream version with security fixes.  Closes: #432924.
    Fixes: CVE-2007-3641, CVE-2007-3644, CVE-2007-3645

 -- John Goerzen <jgoerzen@complete.org>  Fri, 13 Jul 2007 08:14:00 -0500

libarchive (2.2.3-1) unstable; urgency=low

  * New upstream version.

 -- John Goerzen <jgoerzen@complete.org>  Wed, 06 Jun 2007 03:36:35 -0500

libarchive (2.0.25-3) unstable; urgency=low

  * SONAME should not be tied to the tarball version string
  (Closes: #418637) Provide libarchive.so.1 as a backwards-compatible
  symlink to libarchive.so.2, reverting the package name to libarchive1.
  Patch from Neil Williams.

 -- John Goerzen <jgoerzen@complete.org>  Mon, 16 Apr 2007 13:50:29 +0100

libarchive (2.0.25-2) unstable; urgency=low

  * Remove build-dep on linux-kernel-headers for compatibility with BSD
    ports.  Closes: #377480.

 -- John Goerzen <jgoerzen@complete.org>  Tue, 13 Mar 2007 20:03:37 -0500

libarchive (2.0.25-1) unstable; urgency=low

  * New upstream version
  * Remove unnecessary dep on libarchive1.  Closes: #396756.
  * Bump standards-version
  * Rename libarchive1 to libarchive2 to match new soname.

 -- John Goerzen <jgoerzen@complete.org>  Tue, 13 Mar 2007 07:03:53 -0500

libarchive (1.3.1-1) unstable; urgency=high

  * New upstream release.
  * Applied FreeBSD patch for potential DoS.
    This is CVS-2006-5680, FreeBSD SA-06:24.

 -- John Goerzen <jgoerzen@complete.org>  Mon, 18 Dec 2006 05:51:08 -0600

libarchive (1.2.53-2) unstable; urgency=low

  * Added build-dep on bison.  Closes: #374200.

 -- John Goerzen <jgoerzen@complete.org>  Sat, 17 Jun 2006 17:24:44 -0500

libarchive (1.2.53-1) unstable; urgency=low

  * New upstream version.
  * The bsdtar program has been integrated into the libarchive source
    package upstream.  This package, therefore, now generates the
    bsdtar binary package.

 -- John Goerzen <jgoerzen@complete.org>  Sat, 17 Jun 2006 10:44:05 -0500

libarchive (1.02.036-2) unstable; urgency=low

  * Added conflict on old libarchive-doc package.
    This package never existed in testing or stable, so this conflict
    can be removed before long.

 -- John Goerzen <jgoerzen@complete.org>  Tue, 18 Oct 2005 11:02:06 -0500

libarchive (1.02.036-1) unstable; urgency=low

  * New upstream version, now with support for building as a .so.
  * Added build-dep on libattr1-dev.
  * No more libarchive-doc; its files now live in libarchive1.
  * Thanks to Bernhard R. Link for ideas for this package.

 -- John Goerzen <jgoerzen@complete.org>  Mon, 17 Oct 2005 10:27:30 -0500

libarchive (1.02.034-2) unstable; urgency=low

  * Split off manpages into separate package libarchive-doc.
    The bsdtar manpages point readers to these.

 -- John Goerzen <jgoerzen@complete.org>  Tue, 11 Oct 2005 05:36:28 -0500

libarchive (1.02.034-1) unstable; urgency=low

  * Initial release Closes: #333222.

 -- John Goerzen <jgoerzen@complete.org>  Mon, 10 Oct 2005 19:24:56 -0500