-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 26 Apr 2025 11:34:57 +0300
Source: libarchive
Architecture: source
Version: 3.7.4-2
Distribution: unstable
Urgency: high
Maintainer: Peter Pentchev <roam@debian.org>
Changed-By: Peter Pentchev <roam@debian.org>
Closes: 1103494
Changes:
libarchive (3.7.4-2) unstable; urgency=high
.
* Acknowledge NMU; thanks, Salvatore!
* Point to the debian/trixie branch in the gbp.conf file since
the master branch in the repository already contains changes that
did not make it in time for the Trixie freeze.
* Add the CVE-2025-1632 patch. Closes: #1103494
* Add the year 2025 to my debian/* copyright notice.
Hi Peter,
On Sat, Apr 26, 2025 at 09:20:46AM +0000, Debian FTP Masters wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 26 Apr 2025 11:34:57 +0300
Source: libarchive
Architecture: source
Version: 3.7.4-2
Distribution: unstable
Urgency: high
Maintainer: Peter Pentchev <roam@debian.org>
Changed-By: Peter Pentchev <roam@debian.org>
Closes: 1103494
Changes:
libarchive (3.7.4-2) unstable; urgency=high
.
* Acknowledge NMU; thanks, Salvatore!
* Point to the debian/trixie branch in the gbp.conf file since
the master branch in the repository already contains changes that
did not make it in time for the Trixie freeze.
* Add the CVE-2025-1632 patch. Closes: #1103494
* Add the year 2025 to my debian/* copyright notice.
Was there a reason not to pick the upstream commited https://github.com/libarchive/libarchive/commit/8ce2aca6c7d6f004f860c6619cb6cc98d51ac69a
?
On Sat, Apr 26, 2025 at 11:36:46AM +0200, Salvatore Bonaccorso wrote:
Hi Peter,
On Sat, Apr 26, 2025 at 09:20:46AM +0000, Debian FTP Masters wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 26 Apr 2025 11:34:57 +0300
Source: libarchive
Architecture: source
Version: 3.7.4-2
Distribution: unstable
Urgency: high
Maintainer: Peter Pentchev <roam@debian.org>
Changed-By: Peter Pentchev <roam@debian.org>
Closes: 1103494
Changes:
libarchive (3.7.4-2) unstable; urgency=high
.
* Acknowledge NMU; thanks, Salvatore!
* Point to the debian/trixie branch in the gbp.conf file since
the master branch in the repository already contains changes that
did not make it in time for the Trixie freeze.
* Add the CVE-2025-1632 patch. Closes: #1103494
* Add the year 2025 to my debian/* copyright notice.
Was there a reason not to pick the upstream commited https://github.com/libarchive/libarchive/commit/8ce2aca6c7d6f004f860c6619cb6cc98d51ac69a
?
That was actually a very good question. The only reason I can give you
is that I had a bit of a neuron misfire and made a silly mistake -
I had two versions of the patch ready for testing and somehow I forgot
which one was which, and I kept forgetting even after adding it to
my copy of the package.
So, yeah... Later today or tomorrow I will upload a new version of
libarchive with the upstream patch instead of this one,
Thanks a lot for catching this, I really have no idea how it happened.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 489 |
Nodes: | 16 (2 / 14) |
Uptime: | 24:27:36 |
Calls: | 9,665 |
Files: | 13,716 |
Messages: | 6,168,299 |