cpio (2.13+dfsg-7ubuntu0.1) jammy-security; urgency=medium
* SECURITY UPDATE: Path traversal vulnerability
- debian/patches/CVE-2023-7207.patch: Create symlink placeholder
if --no-absolute-filenames was given and replace placeholders
after extraction.
- debian/patches/revert-CVE-2015-1197-handling.patch: Removed.
- CVE-2023-7207
-- Fabian Toepfer <fabian.toepfer@canonical.com> Sun, 28 Apr 2024 14:30:36 +0200
cpio (2.13+dfsg-7) unstable; urgency=medium
[ Salvatore Bonaccorso ]
* Fix dynamic string reallocations (Closes: #992192)
-- Anibal Monsalve Salazar <anibal@debian.org> Sun, 22 Aug 2021 15:21:53 +1000
cpio (2.13+dfsg-6) unstable; urgency=high
* Fix regression of original fix for CVE-2021-38185
Add patch 992098-regression-of-orig-fix-for-CVE-2021-38185
Closes: #992098
-- Anibal Monsalve Salazar <anibal@debian.org> Fri, 13 Aug 2021 13:06:27 +1000
cpio (2.13+dfsg-5) unstable; urgency=medium
* Fix CVE-2021-38185
Add patch 992045-CVE-2021-38185-rewrite-dynamic-string-support
Closes: #992045
-- Anibal Monsalve Salazar <anibal@debian.org> Wed, 11 Aug 2021 01:18:33 +1000
cpio (2.13+dfsg-4) unstable; urgency=medium
* Source only upload to enable migration.
Closes: #969660
-- Anibal Monsalve Salazar <anibal@debian.org> Thu, 17 Sep 2020 21:16:18 +1000
cpio (2.13+dfsg-3) unstable; urgency=medium
* Fix FTBFS multiple definition of 'program_name'
src/global.c: Remove superfluous declaration of program_name
Add patch 963304-remove-superfluous-declaration-of-program_name
Closes: #963304
-- Anibal Monsalve Salazar <anibal@debian.org> Tue, 07 Jul 2020 23:12:56 -0500
cpio (2.13+dfsg-2) unstable; urgency=medium
* Fix a regression in handling of CVE-2015-1197 & --no-absolute-filenames by
reverting part of an upstream commit. (Closes: #946267, #946469)
* Add Vcs-Git and Vcs-Browser pointing to my personal Salsa repository (in
lieu of anything at all).
* Bump Standards-Version to 4.5.0.
-- Chris Lamb <lamby@debian.org> Sat, 01 Feb 2020 14:11:00 +0100
cpio (2.13+dfsg-1) unstable; urgency=medium
* New upstream release. (Closes: #946267)
* Autoreconf using version 1.16.1 and update autoreconf.patch.
* Update patches:
- Drop patch for CVE-2016-2037; applied upstream.
- Drop CVE-2015-1197.patch; now addressed upstream.
- Modify doc/Makefile.am (vs. doc/Makefile.in) prior to autoreconfing vs.
the generated doc/Makefile.in.
- Refresh whitespace, etc. in patches via pq import/export.
* debian/control:
- Bump Standards-Version to 4.4.1
- Drop misleading Vcs-{Git,Browser}.
- Use HTTPS Homepage URI.
- Specify Rules-Requires-Root: binary-targets.
-- Chris Lamb <lamby@debian.org> Wed, 20 Nov 2019 13:33:36 -0500
cpio (2.12+dfsg-9) unstable; urgency=medium
* Reinstate the call to update-alternatives(1) that I didnt see in the prerm
script. Thanks again to Ivo De Decker. (Closes: #926698)
-- Chris Lamb <lamby@debian.org> Tue, 23 Apr 2019 16:29:37 +0100
cpio (2.12+dfsg-8) unstable; urgency=medium
* Drop symlink removal - it's been gone since 2001 anyway. Thanks, Ivo De
Decker. (Closes: #926698)
-- Chris Lamb <lamby@debian.org> Tue, 23 Apr 2019 13:15:20 +0100
# For older changelog entries, run 'apt-get changelog cpio'
Generated by dwww version 1.14 on Fri Aug 15 02:10:24 CEST 2025.