[ubuntu/jammy-proposed] libarchive 3.6.0-1ubuntu1 (Accepted)

Thu Apr 7 13:30:57 UTC 2022

libarchive (3.6.0-1ubuntu1) jammy; urgency=medium

  * Sync with Debian. (LP: #1967127)
    - Includes upstream fixes for CVE-2021-36976
  * debian/rules: fix broken check for nocheck DEB_BUILD_OPTION
  * SECURITY UPDATE: possible out-of-bounds read
    - Cherry-pick CVE-2022-26280.patch to fix zipx_lzma_alone_init()
    - CVE-2022-26280

libarchive (3.6.0-1) unstable; urgency=medium

  * New upstream version (Closes: #1007120):
    - update the upstream copyright information
    - drop some patches that were taken from the upstream source:
      - lzip-large-dict
      - upstream-fix-32bit-size-cast
      - upstream-fixup-file-flags
      - upstream-fixup-symlinks
    - add another spelling correction to the typos patch
    - update the line numbers in the typos patch
  * Add the year 2022 to my debian/* copyright notice.
  * Reorder the copyright file so that it makes sense.

Date: Wed, 06 Apr 2022 16:33:16 -0400
Changed-By: Jeremy Bicha <jbicha at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/libarchive/3.6.0-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Wed, 06 Apr 2022 16:33:16 -0400
Source: libarchive
Built-For-Profiles: noudeb
Architecture: source
Version: 3.6.0-1ubuntu1
Distribution: jammy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jeremy Bicha <jbicha at ubuntu.com>
Closes: 1007120
Launchpad-Bugs-Fixed: 1967127
Changes:
 libarchive (3.6.0-1ubuntu1) jammy; urgency=medium
 .
   * Sync with Debian. (LP: #1967127)
     - Includes upstream fixes for CVE-2021-36976
   * debian/rules: fix broken check for nocheck DEB_BUILD_OPTION
   * SECURITY UPDATE: possible out-of-bounds read
     - Cherry-pick CVE-2022-26280.patch to fix zipx_lzma_alone_init()
     - CVE-2022-26280
 .
 libarchive (3.6.0-1) unstable; urgency=medium
 .
   * New upstream version (Closes: #1007120):
     - update the upstream copyright information
     - drop some patches that were taken from the upstream source:
       - lzip-large-dict
       - upstream-fix-32bit-size-cast
       - upstream-fixup-file-flags
       - upstream-fixup-symlinks
     - add another spelling correction to the typos patch
     - update the line numbers in the typos patch
   * Add the year 2022 to my debian/* copyright notice.
   * Reorder the copyright file so that it makes sense.
Checksums-Sha1:
 7eb1dbd0f1464b60f4d8a3d736c49144a7da1e2e 2615 libarchive_3.6.0-1ubuntu1.dsc
 b9aefcdd4ba117ca8c26d65040d563004ec60e19 6400620 libarchive_3.6.0.orig.tar.xz
 71c52950cfba58dc0667087a27d99219a858b41d 833 libarchive_3.6.0.orig.tar.xz.asc
 7ee77a6987f94a6599f3cfeef943d6fb465da5b8 24852 libarchive_3.6.0-1ubuntu1.debian.tar.xz
 ab63ede6e02b4b4d6cfdf3a04b7532ebad81451d 6224 libarchive_3.6.0-1ubuntu1_source.buildinfo
Checksums-Sha256:
 90065e154804270a147113175c9ff65cb96acbef8999e17685daa9c2ce370720 2615 libarchive_3.6.0-1ubuntu1.dsc
 df283917799cb88659a5b33c0a598f04352d61936abcd8a48fe7b64e74950de7 6400620 libarchive_3.6.0.orig.tar.xz
 75d1524d2aba1bed0d7ad3e38807d94b595c2bbbd4a14bb860f7d4a494a12f2c 833 libarchive_3.6.0.orig.tar.xz.asc
 90a3a48997c1aaae27322325a7057c80dc5fc886d791269fc88b8eddb293c540 24852 libarchive_3.6.0-1ubuntu1.debian.tar.xz
 e37d426b3e1663b36951e4b620fecefb107c97cab8e8120276658387a8d25bd0 6224 libarchive_3.6.0-1ubuntu1_source.buildinfo
Files:
 396f9e3e5da5ff60b12c8991aa94492a 2615 libs optional libarchive_3.6.0-1ubuntu1.dsc
 93f96acdb9e7277278edb154e5d76e49 6400620 libs optional libarchive_3.6.0.orig.tar.xz
 c9f88d98bf8e4bf912114b5c9031d6d7 833 libs optional libarchive_3.6.0.orig.tar.xz.asc
 9159b424064b0c7078dc49c421c021be 24852 libs optional libarchive_3.6.0-1ubuntu1.debian.tar.xz
 b4e66135c121c2aac3d56b5ab0839b0c 6224 libs optional libarchive_3.6.0-1ubuntu1_source.buildinfo
Original-Maintainer: Peter Pentchev <roam at debian.org>