Bug#894813: libzip: New upstream version 1.5.0

2018-04-07 Thread Tim 
Updated packaging is now on the Ubuntu bug above.

Most of the quirks (RPATH, leaking private symbols, man page syntax
errors, pkg-config file) have been committed upstream and cherry-picked
into that.

There will be an upstream 1.5.1 release soon-ish, they are working on
some other fixes first though.

Bug#894813: libzip: New upstream version 1.5.0

2018-04-04 Thread Tim 
And the related Ubuntu Bug (with quite a bit more info) is
https://bugs.launchpad.net/debian/+source/libzip/+bug/1674057

Bug#894813: libzip: New upstream version 1.5.0

2018-04-04 Thread Tim 
Attached is a debdiff with my work for version 1.5.0, The only thing
ubuntu specific is the skipped tests (which seem to work ok in my debian
sbuild chroot but not launchpad ones) the rest applies equally to Debian.

diff -Nru libzip-1.3.2/debian/changelog libzip-1.5.0/debian/changelog
--- libzip-1.3.2/debian/changelog   2017-11-21 07:39:26.0 +1100
+++ libzip-1.5.0/debian/changelog   2018-04-03 20:51:36.0 +1000
@@ -1,3 +1,29 @@
+libzip (1.5.0-1) UNRELEASED; urgency=medium
+
+  * New upstream release
+- Removes custom AES implementation in favour of using standard crypto libs
+  * Build with cmake, autotools support was dropped.
+  * Bump debhelper to compat 11
+  * debian/control:
+- Add Build-dep on libssl-dev and libbz2-dev
+  * debian/libzip5.symbols: Update with new symbols
+  * debian/patches:
+- drop_RPATH.patch: Don't set unnecessary RPATH's
+- pkg-config-Use-Libs.private.patch: Proposed upstream patch to correct 
+  pkgconfig file
+- disable_failing_tests.patch: Skip some problematic tests that fail in 
the 
+  launchpad sbuild chroots but pass elsewhere
+  * debian/rules:
+- Clean up Multi-arch support
+- set dh_missing to --fail-missing
+- Drop flags obsolete with dh 11
+  * debian/libzip-dev.install: don't install static lib, its not built with 
cmake
+  * debian/libzip5.lintian-overrides: override 
possible-gpl-code-linked-with-openssl
+libzip is BSD licensed only the debian packaging is licensed under GPLv3
+  * debian/copyright: Update to reflect removed code
+
+ -- Tim Lunn   Tue, 03 Apr 2018 20:51:36 +1000
+
 libzip (1.3.2-1) experimental; urgency=medium
 
   * Update to upstream version 1.3.2 (Closes: #881877)
diff -Nru libzip-1.3.2/debian/compat libzip-1.5.0/debian/compat
--- libzip-1.3.2/debian/compat  2017-11-21 07:39:26.0 +1100
+++ libzip-1.5.0/debian/compat  2018-04-03 20:02:30.0 +1000
@@ -1 +1 @@
-9
+11
diff -Nru libzip-1.3.2/debian/control libzip-1.5.0/debian/control
--- libzip-1.3.2/debian/control 2017-11-21 07:39:26.0 +1100
+++ libzip-1.5.0/debian/control 2018-04-03 20:51:36.0 +1000
@@ -2,8 +2,10 @@
 Priority: optional
 Maintainer: Stefan Schörghofer 
 Uploaders: Ondřej Surý 
-Build-Depends: debhelper (>= 9),
-   dh-autoreconf,
+Build-Depends: cmake,
+   debhelper (>= 11),
+   libbz2-dev,
+   libssl-dev,
unzip,
zlib1g-dev,
mandoc
diff -Nru libzip-1.3.2/debian/copyright libzip-1.5.0/debian/copyright
--- libzip-1.3.2/debian/copyright   2017-11-21 07:39:26.0 +1100
+++ libzip-1.5.0/debian/copyright   2018-04-03 20:51:36.0 +1000
@@ -25,12 +25,6 @@
 Copyright (C) 1987-2002 The Regents of the University of California.
 All rights reserved.
 
-Copyright for gladman-fcrypt:
-Files: lib/gladman-fcrypt/*
-
-Copyright (C) 2002, Dr Brian Gladman < >, Worcester, UK. 
-All rights reserved.
-
 License:
 
 Redistribution and use in source and binary forms, with or without
@@ -58,31 +52,6 @@
 OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-License gladman-fcrypt:
-
-The free distribution and use of this software in both source and binary
-form is allowed (with or without changes) provided that:
-
-1. distributions of this source code include the above copyright
-   notice, this list of conditions and the following disclaimer;
-
-2. distributions in binary form include the above copyright
-   notice, this list of conditions and the following disclaimer
-   in the documentation and/or other associated materials;
-
-3. the copyright holder's name is not used to endorse products
-   built using this software without specific written permission.
-
-ALTERNATIVELY, provided that this notice is retained in full, this product
-may be distributed under the terms of the GNU General Public License (GPL),
-in which case the provisions of the GPL apply INSTEAD OF those given above.
-
-DISCLAIMER
-
-This software is provided 'as is' with no explicit or implied warranties
-in respect of its properties, including, but not limited to, correctness
-and/or fitness for purpose.
-
 The Debian packaging is:
 
 Copyright (C) 2007-2010 Fathi Boudra 
diff -Nru libzip-1.3.2/debian/docs libzip-1.5.0/debian/docs
--- libzip-1.3.2/debian/docs2017-11-21 07:39:26.0 +1100
+++ libzip-1.5.0/debian/docs2018-04-03 20:06:57.0 +1000
@@ -1,3 +1,3 @@
-API-CHANGES
+API-CHANGES.md
 README.md
 TODO.md
diff -Nru libzip-1.3.2/debian/libzip5.lintian-overrides 
libzip-1.5.0/debian/libzip5.lintian-overrides
--- libzip-1.3.2/debian/libzip5.lintian-overrides   1970-01-01 
10:00:00.0 +1000
+++ libzip-1.5.0/debian/libzip5.lintian-overrides

Bug#894813: libzip: New upstream version 1.5.0

2018-04-04 Thread Tim Lunn 
Source: libzip
Version: 1.5.0
Severity: normal

Dear Maintainer,

libzip 1.5.0 has dumped the custom AES crypto implementation in favour of using 
openssl (or gnutls). I am hoping to push this through in Ubuntu before 18.04 
for the security improvements, pending FFe.

I will attach a debdiff with updated packaging for 1.5.0



-- System Information:
Debian Release: buster/sid
  APT prefers bionic
  APT policy: (500, 'bionic')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.15.0-13-generic (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_AU 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled