[ubuntu/focal-security] cargo 0.66.0+ds0ubuntu0.libgit2-0ubuntu0.20.04 (Accepted)

Nishit Majithia nishit.majithia at canonical.com
Tue Feb 28 09:50:24 UTC 2023 

cargo (0.66.0+ds0ubuntu0.libgit2-0ubuntu0.20.04) focal; urgency=medium

  * Backport to Focal (LP: #2000839)
  * Re-enable libgit2 vendoring:
    - d/control: remove libgit2-dev and libhttp-parser-dev from B-D
    - include Rust provided patches to fix CVE-2022-46176
  * Remove the need of dh-cargo

cargo (0.66.0+ds1-1ubuntu1) lunar; urgency=medium

  * Merge from Debian unstable (LP: #2000839):
    Remaining changes:
    - Add an explicit mechanism to customize the vendoring process
    - d/p/proxy-skip-tests.patch: skip a test when there's a proxy configured
      to accommodate Ubuntu autopkgtest setup
    - d/p/i386-crossbuild-tests.patch: disable some failing tests for
      cross-building from i386
    - d/p/remove-badges.patch: remove badges from documentation for privacy
      reasons (refreshed)
    - autopkgtests: test on all arches on Ubuntu
    - d/control: update the Vcs fields to point to Launchpad
    - make_orig_multi.sh: fix orig tarball compression to xz on Ubuntu
    - Track vendored dependencies
    - Bump the libgit2-related crates to get libgit2 1.5.0 bindings
    - make_orig_multi.sh: only use xz for vendor orig tarball on Ubuntu
  * Update vendored sources information

cargo (0.66.0+ds1-1) unstable; urgency=medium

  [ Fabian Grünbichler ]
  * fix CVE-2022-46176 (Thanks Peter Green!)
  * repack vendored sources with required libgit2-sys/git2/git2-curl versions
  * update unsuspicious files

cargo (0.66.0-1) unstable; urgency=medium

  * new upstream version 0.66

  [ Blair Noctis ]
  * Update debcargo-conf.patch, unapply tempfile patch to match vendored
  * Refresh patches and remove upstream applied CVE patches
  * Patch test macro to work around qemu vfork bug when command not found

  [ Fabian Grünbichler ]
  * no longer pin git2/libgit2-sys
  * update debcargo-conf.patch (concolor, clap)
  * update unsuspicious files
  * d/control: depend on rustc 1.63
  * drop armel workaround

  [ Rob Shearman ]
  * d/control: update minimum cargo, rustc and libstd-rust-dev versions

cargo (0.64.0ubuntu1-0ubuntu1) lunar; urgency=medium

  * New upstream release (LP: #1995096):
    - Update vendored sources info
  * Bump the libgit2-related crates to get libgit2 1.5.0 bindings
  * make_orig_multi.sh: only use xz for vendor orig tarball on Ubuntu

cargo (0.63.1-3) unstable; urgency=medium

  * workaround armel breakage

cargo (0.63.1-2ubuntu1) lunar; urgency=medium

  * Merge from Debian unstable.
    Remaining changes:
    - Add an explicit mechanism to customize the vendoring process
    - d/p/proxy-skip-tests.patch: skip a test when there's a proxy configured
      to accommodate Ubuntu autopkgtest setup
    - d/p/i386-crossbuild-tests.patch: disable some failing tests for
      cross-building from i386
    - d/p/remove-badges.patch: remove badges from documentation for privacy
      reasons
    - autopkgtests: test on all arches on Ubuntu
    - d/control: update the Vcs fields to point to Launchpad
    - make_orig_multi.sh: fix orig tarball compression to xz on Ubuntu
    - Track vendored dependencies

cargo (0.63.1-2) unstable; urgency=medium

  [ Ryan Gonzalez ]
  * Fix path remapping for crate dependencies

  [ Fabian Grünbichler ]
  * disable utf-8 fs-specific test
  * fix i386 build / cross tests

cargo (0.63.1-1) unstable; urgency=medium

  * New upstream release
  * switch to libgit2-1.5 (Closes: #1021504, #1017828)
  * Update guess-crate-copyright to handle missing authors field gracefully
  * Update audit-vendor-source to handle ZFS and similar file systems
  * silence GZIP deprecation warning
  * fix CVE-2022-36113/CVE-2022-36114 (Closes: #1021142)

  [ Helmut Grohne ]
  * Fix FTCBFS: Missing Build-Depends: zlib1g-dev:native. (Closes: #1019491)

cargo (0.62.0ubuntu1-0ubuntu2) kinetic; urgency=medium

  * d/p/i386-crossbuild-tests.patch: disable some failing tests for
    cross-building from i386

cargo (0.62.0ubuntu1-0ubuntu1) kinetic; urgency=medium

  * New upstream release (LP: #1986648)

Date: 2023-01-25 16:43:11.699198+00:00
Changed-By: Zixing Liu <zixing.liu at canonical.com>
Signed-By: Nishit Majithia <nishit.majithia at canonical.com>
https://launchpad.net/ubuntu/+source/cargo/0.66.0+ds0ubuntu0.libgit2-0ubuntu0.20.04
-------------- next part --------------
Sorry, changesfile not available.

More information about the Focal-changes mailing list