-
libsolv (0.6.36-2) unstable; urgency=medium
* debian/patches:
+ CVE-2019-20387: Add 0001_CVE-2019-20387.patch. Resolves heap-based buffer
over-read in repodata.c (Closes: #949611)."
* debian/control:
+ Bump Standards-Version: to 4.5.0. No changes needed.
-- Mike Gabriel <email address hidden> Thu, 30 Jan 2020 18:13:11 +0100
-
libsolv (0.6.36-1build1) focal; urgency=medium
* No-change rebuild to build with python3.8.
-- Matthias Klose <email address hidden> Sat, 25 Jan 2020 04:34:01 +0000
-
libsolv (0.6.36-1) unstable; urgency=medium
[ Mihai Moldovan ]
* Fix CMake module installation, prepare for DNF support (Closes: #889509).
Details see below.
* New upstream release.
- Fixes CVE-2018-20532 CVE-2018-20533 CVE-2018-20534. (Closes: #923002).
* debian/patches:
+ Drop 1004_cmake-module-path-fix.patch. Breaks package, since Find*
modules should actually be installed in the modules directory and this
file does NOT provide version information.
+ Add 1005_install-cmake-module-into-libdir.patch. Installs
FindLibSolv.cmake into ${libdir}/cmake/libsolv/.
+ Rename 1006_various-types.patch to 1006_various-typos.patch and refresh.
+ Add 3000_ext-repo_rpmdb_debian-style-home-dir-rpmdb.patch for RPMDB
handling in home directories, compatible with Debian's rpm package.
+ Add 3010_ext-libsolvext.ver_add-rpm_state_create_real.patch for binary
compatibility and exporting the newly inserted symbol.
+ Add 3020_tools-rpmdb2solve.c-add-homedir-functionality.patch,
implementing homedir-based RPMDB support via the -H flag in the
rpmdb2solve tool.
+ Add 9000_ext_repo_updateinfoxml.c_add-support-for-modular-data-
aac9f0c2d791fa96bc9423231050f9e18fb973d6.patch to backport the
modular updateinfo.xml functionality.
* debian/libsolvext0.symbols:
+ Update.
* debian/rules:
+ Enable Fedora comps support.
+ Add DEB_DH_MISSING_ARGS with --fail-missing, since the option is
deprecated in dh_install and has been removed in compat 12. We'll keep it
around due to using compat 10 for now.
* debian/libsolv0-dev.install:
+ Install FindLibSolv.cmake correctly.
* debian/copyright:
+ Add missing files/information.
* debian/:
+ Add libsolv-tools.lintian-overrides.
+ Add libsolvext0.lintian-overrides.
* debian/libsolv{-tools,ext0}.lintian-overrides:
+ Silence warning about modifying/reading the dpkg database directly.
libsolv's capabilities are actually useful here.
* debian/libsolv{,ext}0.symbols:
+ Add Build-Depends-Package tag mentioning libsolv0-dev package.
[ Mike Gabriel ]
* debian/control:
+ Bump Standards-Version: to 4.4.1. No changes needed.
+ Add Rules-Requires-Root: field and set it to "no".
* debian/*:
+ Drop Py2 python-solv bin.pkg. (Closes: #936923).
-- Mike Gabriel <email address hidden> Sun, 24 Nov 2019 14:43:50 +0100
-
libsolv (0.6.35-2ubuntu2) focal; urgency=medium
* No-change rebuild for the perl update.
-- Matthias Klose <email address hidden> Fri, 18 Oct 2019 19:22:02 +0000
-
libsolv (0.6.35-2ubuntu1) disco; urgency=medium
* SECURITY UPDATE: NULL pointer dereference and illegal address access
- debian/patches/CVE-2018-20532-20534-1.patch: Fix: Dereference of null
pointer
- debian/patches/CVE-2018-20532-20534-2.patch: Fix: Add va_end() before
return
- debian/patches/CVE-2018-20532-20534-3.patch: Fix: Memory leaks
- debian/patches/CVE-2018-20532-20534-4.patch: Fix: testsolv segfault
- debian/patches/CVE-2018-20532-20534-5.patch: Fix: testsolv segfaults
- debian/patches/CVE-2018-20532-20534-6.patch: Fix: Be sure that NONBLOCK
is set
- debian/patches/CVE-2018-20532-20534-7.patch: Don't set values that are
never read
- CVE-2018-20532
- CVE-2018-20533
- CVE-2018-20534
-- Mike Salvatore <email address hidden> Tue, 19 Mar 2019 11:50:49 -0400