libarchive (3.1.2-11ubuntu0.16.04.8) xenial-security; urgency=medium

  * SECURITY UPDATE: Out-of-read and Denial of service
    - debian/patches/CVE-2019-19221.patch: Bugfix and optimize
      archive_wstring_append_from_mbs() in libarchive/archive_string.c.
    - CVE-2019-19221

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Thu, 20 Feb 2020 14:45:19 -0300

libarchive (3.1.2-11ubuntu0.16.04.7) xenial-security; urgency=medium

  * SECURITY UPDATE: Use-after-free
    - debian/patches/CVE-2019-18408.patch: RAR reader: fix use after free
      in libarchive/archive_read_support_format_rar.c.
    - CVE-2019-18408

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Mon, 28 Oct 2019 10:57:06 -0300

libarchive (3.1.2-11ubuntu0.16.04.6) xenial-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000019.patch: fix in
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2019-1000019
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-1000020.patch: fix in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2019-1000020

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Wed, 06 Feb 2019 08:53:41 -0300

libarchive (3.1.2-11ubuntu0.16.04.5) xenial-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds read
    - debian/patches/CVE-2017-14502.patch: fix in
      libarchive/archive_read_support_format_rar.c.
    - CVE-2017-14502
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-1000877.patch: fix in
      libarchive/archive_read_support_format_rar.c.
    - CVE-2018-1000877
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-1000878.patch: fix in
      libarchive/archive_read_support_format_rar.c.
    - CVE-2018-1000878

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Mon, 14 Jan 2019 09:30:58 -0300

libarchive (3.1.2-11ubuntu0.16.04.4) xenial-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2016-10209.patch: fix in
      libarchive/archive_string.c.
    - CVE-2016-10209
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2016-10349-and-CVE-2016-10350.patch: fix in
      libarchive/archive_read_support_format_cab.c.
    - CVE-2016-10349
    - CVE-2016-10350
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2017-14166.patch: fix in
      libarchive/archive_read_support_format_xar.c.
    - CVE-2017-14166
  * SECURITY UPDATE: Out-of-bounds read
    - debian/patches/CVE-2017-14501.patch: fix in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2017-14501
  * SECURITY UPDATE: Out-of-bounds read
    - debian/patches/CVE-2017-14503.patch: fix in
      libarchive/archive_read_support_format_lha.c.
    - CVE-2017-14503

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Wed, 08 Aug 2018 15:28:16 -0300

libarchive (3.1.2-11ubuntu0.16.04.3) xenial-security; urgency=medium

  * SECURITY UPDATE: arbitrary file write via hardlink entries
    - debian/patches/CVE-2016-5418-1.patch: enforce sandbox with very long
      pathnames in libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-2.patch: fix path handling in
      libarchive/archive_write_disk_posix.c.
    - debian/patches/CVE-2016-5418-3.patch: add test cases to Makefile.am,
      libarchive/test/CMakeLists.txt, libarchive/test/main.c,
      libarchive/test/test.h, libarchive/test/test_write_disk_secure744.c,
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-4.patch: fix testcases in
      libarchive/test/test_write_disk_secure745.c,
      libarchive/test/test_write_disk_secure746.c.
    - debian/patches/CVE-2016-5418-5.patch: correct PATH_MAX usage in
      libarchive/archive_write_disk_posix.c.
    - CVE-2016-5418
  * SECURITY UPDATE: denial of service and possible code execution when
    writing an ISO9660 archive
    - debian/patches/CVE-2016-6250.patch: check for overflow in
      libarchive/archive_write_set_format_iso9660.c.
    - CVE-2016-6250
  * SECURITY UPDATE: denial of service via recursive decompression
    - debian/patches/CVE-2016-7166.patch: limit number of filters in
      libarchive/archive_read.c, added test to Makefile.am,
      libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_too_many_filters.c,
      libarchive/test/test_read_too_many_filters.gz.uu.
    - CVE-2016-7166
  * SECURITY UPDATE: denial of service via non-printable multibyte
    character in a filename
    - debian/patches/CVE-2016-8687.patch: expand buffer size in tar/util.c.
    - CVE-2016-8687
  * SECURITY UPDATE: denial of service via multiple long lines
    - debian/patches/CVE-2016-8688.patch: fix bounds in
      libarchive/archive_read_support_format_mtree.c, added test to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_mtree_crash747.c,
      libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu.
    - CVE-2016-8688
  * SECURITY UPDATE: denial of service via multiple EmptyStream attributes
    - debian/patches/CVE-2016-8689.patch: reject files with multiple
      markers in libarchive/archive_read_support_format_7zip.c.
    - CVE-2016-8689
  * SECURITY UPDATE: denial of service via invalid compressed file size
    - debian/patches/CVE-2017-5601.patch: add check to
      libarchive/archive_read_support_format_lha.c.
    - CVE-2017-5601

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 09 Mar 2017 11:01:45 -0500

libarchive (3.1.2-11ubuntu0.16.04.2) xenial-security; urgency=medium

  * SECURITY UPDATE: denial of service via malformed rar or cab files
    - debian/patches/CVE-2015-8916.patch: ignore entries with empty
      filenames in tar/read.c.
    - CVE-2015-8916
    - CVE-2015-8917
  * SECURITY UPDATE: denial of service via malformed lzh file
    - debian/patches/CVE-2015-8919.patch: recognize empty dir name in
      libarchive/archive_read_support_format_lha.c.
    - CVE-2015-8919
  * SECURITY UPDATE: buffer underflow parsing ar header
    - debian/patches/CVE-2015-8920.patch: check for empty filenames in
      libarchive/archive_read_support_format_ar.c.
    - CVE-2015-8920
  * SECURITY UPDATE: read past end of string parsing
    - debian/patches/CVE-2015-8921.patch: properly calculate string length
      in libarchive/archive_entry.c.
    - CVE-2015-8921
  * SECURITY UPDATE: segfault on malformed 7z archive
    - debian/patches/CVE-2015-8922.patch: reject some malformed files in
      libarchive/archive_read_support_format_7zip.c, added tests to
      Makefile.am, libarchive/test/test_read_format_7zip_malformed.7z.uu,
      libarchive/test/test_read_format_7zip_malformed.c,
      libarchive/test/test_read_format_7zip_malformed2.7z.uu,
      libarchive/test/CMakeLists.txt.
    - CVE-2015-8922
  * SECURITY UPDATE: segfault on malformed Zip archive
    - debian/patches/CVE-2015-8923.patch: properly handle sizes in
      libarchive/archive_read_support_format_zip.c, added tests to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_zip_malformed.c,
      libarchive/test/test_read_format_zip_malformed1.zip.uu.
    - CVE-2015-8923
  * SECURITY UPDATE: buffer overflow when processing tar files
    - debian/patches/CVE-2015-8924.patch: properly handle empty filenames
      in libarchive/archive_read_support_format_tar.c.
    - CVE-2015-8924
  * SECURITY UPDATE: improper newline parsing
    - debian/patches/CVE-2015-8925.patch: fix escaped newline parsing in
      libarchive/archive_read_support_format_mtree.c, added tests to
      libarchive/test/test_read_format_mtree.c,
      libarchive/test/test_read_format_mtree.mtree.uu.
    - CVE-2015-8925
  * SECURITY UPDATE: segfault on invalid rar archive
    - debian/patches/CVE-2015-8926.patch: properly handle return code in
      libarchive/archive_read_support_format_rar.c.
    - CVE-2015-8926
  * SECURITY UPDATE: out-of-bounds read in mtree
    - debian/patches/CVE-2015-8928.patch: properly handle filename parsing
      in libarchive/archive_read_support_format_mtree.c.
    - CVE-2015-8928
  * SECURITY UPDATE: segfault via dir loop in malformed ISO
    - debian/patches/CVE-2015-8930.patch: limit recursion in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2015-8930
  * SECURITY UPDATE: integer overflow parsing time values
    - debian/patches/CVE-2015-8931.patch: fix time handling in
      libarchive/archive_read_support_format_mtree.c.
    - CVE-2015-8931
  * SECURITY UPDATE: crash via invalid compressed data
    - debian/patches/CVE-2015-8932.patch: add more checks to
      libarchive/archive_read_support_filter_compress.c, added tests to
      Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_filter_compress.c.
    - CVE-2015-8932
  * SECURITY UPDATE: integer overflow via negative-sized sparse blocks
    - debian/patches/CVE-2015-8933.patch: add check to
      libarchive/archive_read_support_format_tar.c.
    - CVE-2015-8933
  * SECURITY UPDATE: heap overflow parsing malformed tar archives
    - debian/patches/CVE-2015-8934.patch: properly check reading from lzss
      decompression buffer in libarchive/archive_read_support_format_rar.c,
      added tests to Makefile.am, libarchive/test/CMakeLists.txt,
      libarchive/test/test_read_format_rar_invalid1.c,
      libarchive/test/test_read_format_rar_invalid1.rar.uu.
    - CVE-2015-8934
  * SECURITY UPDATE: overflow reading 7-Zip with large number of substreams
    - debian/patches/CVE-2016-4300.patch: add another limit to
      libarchive/archive_read_support_format_7zip.c.
    - CVE-2016-4300
  * SECURITY UPDATE: crash via rar files with zero dictionary size
    - debian/patches/CVE-2016-4302.patch: handle zero-sized disctionary in
      libarchive/archive_ppmd7.c,
      libarchive/archive_read_support_format_rar.c.
    - CVE-2016-4302
  * SECURITY UPDATE: memory allocation issues with large cpio symlinks
    - debian/patches/CVE-2016-4809.patch: reject large symlinks in
      libarchive/archive_read_support_format_cpio.c.
    - CVE-2016-4809
  * SECURITY UPDATE: integer overflow when computing volume descriptor
    - debian/patches/CVE-2016-5844.patch: fix multiplications in
      libarchive/archive_read_support_format_iso9660.c.
    - CVE-2016-5844

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 13 Jul 2016 09:20:10 -0400

libarchive (3.1.2-11ubuntu0.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: code execution via incorrect compressed size
    - debian/patches/CVE-2016-1541.patch: check sizes in
      libarchive/archive_read_support_format_zip.c.
    - CVE-2016-1541
  * SECURITY UPDATE: denial of service via malformed cpio archive
    - debian/patches/issue502.patch: fix implicit cast in
      libarchive/archive_read_support_format_cpio.c, reject attempts to
      move the file pointer by a negative amount in
      libarchive/archive_read.c.
    - CVE number pending.

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 13 May 2016 09:24:48 -0400

libarchive (3.1.2-11build1) wily; urgency=medium

  * Rebuild for the libnettle6 transition.

 -- Adam Conrad <adconrad@ubuntu.com>  Sun, 14 Jun 2015 01:30:37 -0600

libarchive (3.1.2-11) unstable; urgency=medium

  * Add d/p/Add-ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS-option.patch
    (Closes: #778266)

 -- Andreas Henriksson <andreas@fatal.se>  Thu, 05 Mar 2015 14:54:43 +0100

libarchive (3.1.2-10) unstable; urgency=medium

  * Add d/p/Do-not-overwrite-file-size-if-the-local-file-header-.patch
    - cherry-picked from upstream git commit e234932de2474c4f99787
    Thanks to Maximiliano Curia (Closes: #769290)

 -- Andreas Henriksson <andreas@fatal.se>  Thu, 20 Nov 2014 21:10:43 +0100

libarchive (3.1.2-9) unstable; urgency=medium

  [ Andreas Henriksson ]
  * Drop Andres Mejia from Uploaders by request of MIA (Closes: #743538)

  [ Breno Leitao ]
  * Use dh-autoreconf for the benefit of ppc64el (Closes: #750483)

  [ Andreas Henriksson ]
  * Bump Standards-Version to 3.9.5

 -- Andreas Henriksson <andreas@fatal.se>  Sun, 17 Aug 2014 10:45:27 +0200

libarchive (3.1.2-8) unstable; urgency=medium

  [ Michael Terry ]
  * Fix DEP8 minitar test to use application/gzip (Closes: #731962)

  [ Daniel Schepler ]
  * Implement DEB_BUILD_OPTIONS=nocheck (Closes: #738159)

 -- Andreas Henriksson <andreas@fatal.se>  Wed, 12 Feb 2014 22:53:33 +0100

libarchive (3.1.2-7) unstable; urgency=low

  * Upload to unstable.

 -- Andres Mejia <amejia@debian.org>  Sat, 25 May 2013 16:07:06 -0400

libarchive (3.1.2-6) experimental; urgency=low

  [ Andreas Henriksson ]
  * Merge debian-wheezy branch containing package revision 3.0.4-3.

  [ Andres Mejia ]
  * Remove gbp config overrides.
  * Remove lrzip build dependency as test cases fail on certain architectures.

 -- Andres Mejia <amejia@debian.org>  Tue, 07 May 2013 21:44:50 -0400

libarchive (3.1.2-5) experimental; urgency=low

  * Update patch to fix LZO test cases to use changes from upstream.
  * Update homepage field for new homepage URL.
  * Add upstream changes to fix building libarchive with lrzip support.

 -- Andres Mejia <amejia@debian.org>  Sun, 24 Feb 2013 16:44:32 -0500

libarchive (3.1.2-4) experimental; urgency=low

  * Add mtree filename length fix from upstream.
  * Add fix for LZO test cases.
  * Renable LZO support.
  * Bump Standards-Version to 3.9.4.

 -- Andres Mejia <amejia@debian.org>  Sat, 23 Feb 2013 23:44:26 -0500

libarchive (3.1.2-3) experimental; urgency=low

  * Update gbp.conf to point to branches used for libarchive packaging in
    experimental.
  * Disable LZO support, it is broken on some architectures.

 -- Andres Mejia <amejia@debian.org>  Sun, 10 Feb 2013 12:43:35 -0500

libarchive (3.1.2-2) experimental; urgency=low

  * Update patches to use changes applied upstream.

 -- Andres Mejia <amejia@debian.org>  Sat, 09 Feb 2013 15:13:20 -0500

libarchive (3.1.2-1) experimental; urgency=low

  * New upstream release.
  * Enable LZO support.

 -- Andres Mejia <amejia@debian.org>  Sat, 09 Feb 2013 13:37:34 -0500

libarchive (3.1.1-1) experimental; urgency=low

  * New upstream release.

 -- Andres Mejia <amejia@debian.org>  Wed, 16 Jan 2013 17:06:36 -0500

libarchive (3.1.0-1) experimental; urgency=low

  [ Benjamin Drung ]
  * Add autopkgtest (LP: #1073390).

  [ Martin Pitt ]
  * Add examples-offset-type.patch: Fix offset data type in examples.

  [ Andres Mejia ]
  * New upstream release.

 -- Andres Mejia <amejia@debian.org>  Sun, 13 Jan 2013 22:00:14 -0500

libarchive (3.0.4-3) unstable; urgency=low

  * Add patch that fixes CVE-2013-0211. (Closes: #703957)

 -- Andreas Henriksson <andreas@fatal.se>  Wed, 27 Mar 2013 16:20:36 +0100

libarchive (3.0.4-2) unstable; urgency=low

  * Add debian/patches/gcc-4.7-fixes-from-upstream.patch
    (Closes: #674368, #672690)

 -- Andreas Henriksson <andreas@fatal.se>  Thu, 24 May 2012 14:49:41 +0200

libarchive (3.0.4-1) unstable; urgency=low

  * New upstream release.
  * Patches removed, applied upstream.

 -- Andres Mejia <amejia@debian.org>  Thu, 29 Mar 2012 09:44:15 -0400

libarchive (3.0.3-7) unstable; urgency=low

  * Allow the dev package to be multi-arch installable.
  * Set verbosity level to 1 for test programs. This incorporates upstream
    commit 7cd65cd07cfa2693455d174049b4887434041695. (Closes: #662716)
  * Fixup package description about ISO support. (Closes: #659651)

 -- Andres Mejia <amejia@debian.org>  Fri, 16 Mar 2012 16:21:21 -0400

libarchive (3.0.3-6) unstable; urgency=low

  * Add patch to fix infinite loop in xps files (Closes: #662603)
    - Thanks for the patch to Savvas Radevic!

 -- Andreas Henriksson <andreas@fatal.se>  Mon, 05 Mar 2012 16:23:05 +0100

libarchive (3.0.3-5) unstable; urgency=low

  * Detect if locales or locales-all is installed for use with test suite.
  * Bump Standards-Version to 3.9.3.

 -- Andres Mejia <amejia@debian.org>  Thu, 23 Feb 2012 19:29:24 -0500

libarchive (3.0.3-4) unstable; urgency=low

  * Ensure tests are not run via root. (Closes: #659294)

 -- Andres Mejia <amejia@debian.org>  Tue, 21 Feb 2012 16:01:26 -0500

libarchive (3.0.3-3) unstable; urgency=low

  * Update watch file to use new home for downloads.

 -- Andres Mejia <amejia@debian.org>  Mon, 06 Feb 2012 17:04:34 -0500

libarchive (3.0.3-2) unstable; urgency=low

  * Upload to unstable.
  * Update homepage to libarchive's new home.

 -- Andres Mejia <amejia@debian.org>  Mon, 06 Feb 2012 16:37:07 -0500

libarchive (3.0.3-1) experimental; urgency=low

  * New upstream release.
  * Fix for hurd build failure included in new release. (Closes: #653458)
  * Update copyright file.

 -- Andres Mejia <amejia@debian.org>  Mon, 16 Jan 2012 11:49:46 -0500

libarchive (3.0.2-3) experimental; urgency=low

  * Prepare an upload to experimental.

 -- Andres Mejia <amejia@debian.org>  Sat, 24 Dec 2011 20:39:17 -0500

libarchive (3.0.2-1) unstable; urgency=low

  * Prepare new upstream release.
  * Update package descriptions, deleting some information that doesn't
    apply to current build of packages.
  * Rename shared library package for soname bump.
  * Remove symbols files. Symbols file needs to be maintained better. Also,
    numerous symbols were in the file which were meant to stay private
    (all the __archive_* symbols for example).

 -- Andres Mejia <amejia@debian.org>  Sat, 24 Dec 2011 15:47:39 -0500

libarchive (3.0.1b-1) experimental; urgency=low

  * Package latest testing release.
  * Update debian/control, noting new 7zip support.
  * Fix package description for bsdcpio.
  * Update symbols file for new symbols added in libarchive-3.0.1b.

 -- Andres Mejia <amejia@debian.org>  Fri, 16 Dec 2011 17:28:03 -0500

libarchive (3.0.0a-1) experimental; urgency=low

  * Package testing release of libarchive for experimental.
  * Better ext2 file attribute/flag support included in new release.
    (Closes: #615875)
  * Remove all patches, applied in upstream source.
  * Add option to unapply patches for dpkg-source v3.
  * Change package name libarchive1 to libarchive11 to match soname bump.
  * Rename files used in packaging libarchive11.
  * Build depend on Nettle library.
  * Add mention of rar support in package description.
  * Remove installation of symlink for libarchive library file.
  * Explicitely build without openssl and with nettle support.
  * Add proper depends to new libarchive11 package.
  * Update symbols file for libarchive11.
  * Ensure bsdtar and bsdcpio are linked to shared library dynamically.
  * Build en_US.UTF-8 locale at runtime to pass test suite.

 -- Andres Mejia <amejia@debian.org>  Fri, 16 Dec 2011 16:31:37 -0500

libarchive (2.8.5-5) unstable; urgency=medium

  * Backport fixes for fix for CVE-2011-1777 and CVE-2011-1778.
    (Closes: #651844)
  * Fix build failure for GNU/Hurd. (Closes: #651995)
  * Regenerate autoreconf patch.

 -- Andres Mejia <amejia@debian.org>  Wed, 14 Dec 2011 12:18:31 -0500

libarchive (2.8.5-4) unstable; urgency=low

  [ Andres Mejia ]
  * Improve each packages' long description.
  * Refresh all patches.

  [ Samuel Thibault ]
  * Skip libacl1-dev build dependency on hurd (Closes: #645403)

  [ Andreas Henriksson ]
  * Add 0009-Patch-from-upstream-rev-3751.patch (Closes: #641265)
    + Thanks to Michael Cree for figuring out the details.

 -- Andres Mejia <amejia@debian.org>  Sun, 11 Dec 2011 21:55:59 -0500

libarchive (2.8.5-3) unstable; urgency=low

  * Fix upgrade breakage because of manpages being moved from libarchive1 to
    libarchive-dev. (Closes: #641978)
  * Make short descriptions for packages unique.
  * Explicitly set config options to be used during builds.

 -- Andres Mejia <amejia@debian.org>  Sun, 18 Sep 2011 10:25:34 -0400

libarchive (2.8.5-2) unstable; urgency=low

  * Add gbp.conf to enable pristine-tar to true by default.
  * Add myself to uploaders field.
  * Add default options to fail on any upstream changes during a build.
  * Bump Standards-Version to 3.9.2.
  * Remove duplicate "Section" field.
  * Remove unnecessary use of *.dirs dh files.
  * Remove unneeded build-deps.
  * Provide patch that implements changes made after running autoreconf -vif.
  * Remove generic comments from debian/rules.
  * Support parallel builds.
  * Remove commented lines from install file.
  * Add docs to all packages except the shared library package.
  * Remove unneeded use of 'debian/tmp' in path for install files.
  * Provide different mechanism to install symlink for libarchive1 package.
  * Move all manpages for libarchive1 to libarchive-dev.
  * Move libarchive-dev control stanza up. This will make libarchive-dev the
    default package for installing files into, such as the README.Debian.
  * Convert libarchive into multiarch library package.
  * Update Vcs-* entries.

 -- Andres Mejia <amejia@debian.org>  Sat, 17 Sep 2011 18:50:11 -0400

libarchive (2.8.5-1) unstable; urgency=low

  * Add 0010-Patch-from-upstream-rev-2811.patch
  * Drop "update-patch-series" target from debian/rules
  * Convert package to dh7
  * Imported Upstream version 2.8.5 (Closes: #640524)
  * Rebase patch queue and drop patches merged upstream
    - dropped 0003-Patch-from-upstream-rev-2516.patch
    - dropped 0010-Patch-from-upstream-rev-2811.patch

 -- Andreas Henriksson <andreas@fatal.se>  Mon, 05 Sep 2011 17:35:36 +0200

libarchive (2.8.4-2) unstable; urgency=low

  * update-patch-series:
    + replace local patch with upstream commit.
      (Rebase patches branch to drop commit/patch
       "0007-Ignore-ENOSYS-error-when-sett...", in favor of upstream
       revision 2537 added as "0007-Patch-from-upstream-rev-2537.patch")
    + add 0008-Patch-from-upstream-rev-2888.patch (Closes: #610079)
    + add 0009-Patch-from-upstream-rev-2940.patch (Closes: #610783)

 -- Andreas Henriksson <andreas@fatal.se>  Tue, 09 Aug 2011 13:39:10 +0200

libarchive (2.8.4-1) unstable; urgency=low

  * Update debian/watch for new code.google.com layout.
  * update patch series:
    + added 0003-Patch-from-upstream-rev-2516.patch
      - Compatibility with WinISO generated iso files (Closes: #587513)
    + added 0004-Patch-from-upstream-rev-2514.patch
    + added 0005-Patch-from-upstream-rev-2520.patch
      - Enable version stripping code in iso9660/joliet (Closes: #587316)
  * Imported Upstream version 2.8.4
  * update-patch-series:
    + added 0006-Patch-from-upstream-rev-2521.patch
    + added 0007-Ignore-ENOSYS-error-when-sett... (Closes: #588925)
      - Big thanks to Modestas Vainius for awesome debugging!

 -- Andreas Henriksson <andreas@fatal.se>  Thu, 15 Jul 2010 14:45:06 +0200

libarchive (2.8.3-1) unstable; urgency=low

  * Imported Upstream version 2.8.3
  * update-patch-series: 0001-Clear-archive_error_number-in-archiv...
    - gvfs has been fixed since, workaround not needed anymore.

 -- Andreas Henriksson <andreas@fatal.se>  Fri, 23 Apr 2010 13:25:33 +0200

libarchive (2.8.0-2) unstable; urgency=low

  * Clean up libarchive.la file. (Closes: #571468)
    - Thanks to Sune Vuorela for suggesting this fix.
  * Update patch series:
    + added two patches matching revision 1990, 1991 from upstream
      regarding PATH_MAX hopefully fixing build on Hurd.

 -- Andreas Henriksson <andreas@fatal.se>  Thu, 25 Feb 2010 22:31:13 +0100

libarchive (2.8.0-1) unstable; urgency=low

  * Set myself as maintainer (Closes: #570539).
    + co-maintainers welcome!
  * Imported Upstream version 2.8.0 (Closes: #559158)
  * Drop debian revision in symbols file.
  * Updated symbols for 2.8
  * Update rules for new build directory (config.aux -> build/autoconf)
  * Replace ${Source-Version} with ${source:Version} in control file.
  * Drop debian/shlibs.local.ex
  * Bump debhelper compatibility level to 5.
  * Stop trying to install non-existant usr/share/pkgconfig
  * Update Vcs fields to point to new collab-maint repository.
  * Update debian/copyright
  * Bump Standards-Version to 3.8.4
  * Add update-patch-series target in debian/rules.
  * Added patch to fix gvfsd-archive problems:
    + 0001-Clear-archive_error_number-in-archive_clear_error.patch
    (from http://bugs.gentoo.org/show_bug.cgi?id=289260#c1 )
  * Switch to dpkg-source 3.0 (quilt) format
  * Split Build-Depends on multiple lines.
  * Add liblzma-dev to Build-Depends for lzma support.
  * Add Build-Depends on libxml2-dev for xar support.
  * Explicitly give --without-openssl to configure.

 -- Andreas Henriksson <andreas@fatal.se>  Tue, 23 Feb 2010 20:50:25 +0100

libarchive (2.6.2-2) unstable; urgency=low

  * Orphaning the package; set maintainer to QA group.

 -- John Goerzen <jgoerzen@complete.org>  Fri, 19 Feb 2010 11:23:14 -0600

libarchive (2.6.2-1) unstable; urgency=low

  * New Upstream Version.  Closes: #516577.
  * Update watch file to new homepage.  Closes: #517398.

 -- John Goerzen <jgoerzen@complete.org>  Thu, 12 Mar 2009 09:32:31 -0500

libarchive (2.6.1-1) unstable; urgency=low

  * New Upstream Version
  * Update homepage.  Closes: #514835.
  * Clean up Debian rules.  Patch partially from Bernhard R. Link.
    Closes: #480495.

 -- John Goerzen <jgoerzen@complete.org>  Thu, 19 Feb 2009 09:28:57 -0600

libarchive (2.4.17-2) unstable; urgency=high

  [ John Goerzen ]
  * Ignore failures in test suite due to bugs in the testsuite that were
    turning into FTBFS bugs.  Closes: #474400.

  * Added README.Debian documenting need for largefile suport in
    sources. Mostly used suggested text found in #479728.  Closes:
    #479728.

  [ Bernhard R. Link ]
  * Added symbols file for libarchive.  Closes: #476516.

 -- John Goerzen <jgoerzen@complete.org>  Thu, 05 Jun 2008 15:42:57 -0500

libarchive (2.4.17-1) unstable; urgency=high

  * New Upstream Version
  * This upstream version corrected several problems with the testsuite.
    Therefore, we can now run test suite after build.  Closes: #473221.
  * uudecode is now used as part of the build.  Added build-dep on sharutils.
    Fixes FTBFS.  Closes: #473266.
  
 -- John Goerzen <jgoerzen@complete.org>  Thu, 03 Apr 2008 09:25:04 -0500

libarchive (2.4.14-1) unstable; urgency=high

  * New upstream release.  Closes: #465061, #448292.  #465061 is grave bug,
    so setting urgency high.
  * Added Vcs-* and Homepage lines to debian/control

 -- John Goerzen <jgoerzen@complete.org>  Sat, 29 Mar 2008 10:14:21 -0500

libarchive (2.4.11-1) unstable; urgency=low

  * New upstream version.
  * Move bsdtar to section utils.  Closes: #460988.
  * Added bsdcpio package due to new upstream cpio command.

 -- John Goerzen <jgoerzen@complete.org>  Mon, 21 Jan 2008 10:02:29 -0600

libarchive (2.2.4-1) unstable; urgency=high

  * New upstream version with security fixes.  Closes: #432924.
    Fixes: CVE-2007-3641, CVE-2007-3644, CVE-2007-3645

 -- John Goerzen <jgoerzen@complete.org>  Fri, 13 Jul 2007 08:14:00 -0500

libarchive (2.2.3-1) unstable; urgency=low

  * New upstream version.

 -- John Goerzen <jgoerzen@complete.org>  Wed, 06 Jun 2007 03:36:35 -0500

libarchive (2.0.25-3) unstable; urgency=low

  * SONAME should not be tied to the tarball version string 
  (Closes: #418637) Provide libarchive.so.1 as a backwards-compatible 
  symlink to libarchive.so.2, reverting the package name to libarchive1.
  Patch from Neil Williams.

 -- John Goerzen <jgoerzen@complete.org>  Mon, 16 Apr 2007 13:50:29 +0100

libarchive (2.0.25-2) unstable; urgency=low

  * Remove build-dep on linux-kernel-headers for compatibility with BSD
    ports.  Closes: #377480.

 -- John Goerzen <jgoerzen@complete.org>  Tue, 13 Mar 2007 20:03:37 -0500

libarchive (2.0.25-1) unstable; urgency=low

  * New upstream version
  * Remove unnecessary dep on libarchive1.  Closes: #396756.
  * Bump standards-version
  * Rename libarchive1 to libarchive2 to match new soname.

 -- John Goerzen <jgoerzen@complete.org>  Tue, 13 Mar 2007 07:03:53 -0500

libarchive (1.3.1-1) unstable; urgency=high

  * New upstream release.
  * Applied FreeBSD patch for potential DoS.
    This is CVS-2006-5680, FreeBSD SA-06:24.

 -- John Goerzen <jgoerzen@complete.org>  Mon, 18 Dec 2006 05:51:08 -0600

libarchive (1.2.53-2) unstable; urgency=low

  * Added build-dep on bison.  Closes: #374200.

 -- John Goerzen <jgoerzen@complete.org>  Sat, 17 Jun 2006 17:24:44 -0500

libarchive (1.2.53-1) unstable; urgency=low

  * New upstream version.
  * The bsdtar program has been integrated into the libarchive source
    package upstream.  This package, therefore, now generates the
    bsdtar binary package.

 -- John Goerzen <jgoerzen@complete.org>  Sat, 17 Jun 2006 10:44:05 -0500

libarchive (1.02.036-2) unstable; urgency=low

  * Added conflict on old libarchive-doc package.
    This package never existed in testing or stable, so this conflict
    can be removed before long.

 -- John Goerzen <jgoerzen@complete.org>  Tue, 18 Oct 2005 11:02:06 -0500

libarchive (1.02.036-1) unstable; urgency=low

  * New upstream version, now with support for building as a .so.
  * Added build-dep on libattr1-dev.
  * No more libarchive-doc; its files now live in libarchive1.
  * Thanks to Bernhard R. Link for ideas for this package.

 -- John Goerzen <jgoerzen@complete.org>  Mon, 17 Oct 2005 10:27:30 -0500

libarchive (1.02.034-2) unstable; urgency=low

  * Split off manpages into separate package libarchive-doc.
    The bsdtar manpages point readers to these.

 -- John Goerzen <jgoerzen@complete.org>  Tue, 11 Oct 2005 05:36:28 -0500

libarchive (1.02.034-1) unstable; urgency=low

  * Initial release Closes: #333222.

 -- John Goerzen <jgoerzen@complete.org>  Mon, 10 Oct 2005 19:24:56 -0500

