** Description changed: Feature Freeze Justification ============================ This release fixes to two CVE's and most notably has removed its custom AES crypto implementation with using openssl libraries. It is for the security reasons I am requesting this FFe this late in the cycle. Other Changes: - A bunch of bug fixes - A number of new features like bzip2 (this optional and could be disabled for 18.04), improved AES encryption support, some of the new features are other platforms only - - Breaks API (only 1 symbol was removed though), soname bump, so will require a mini transition, all the 23-odd reverse-depends that I count are in universe. + - Breaks API (only 1 symbol was removed though), soname bump, so will require a mini transition, all the 23-odd reverse-depends that I count are in universe. - they appear to have dropped their custom AES implementation in favour of using openssl (this should be a plus!) - Build system switched to Cmake in latest release - + - Ark will build with libzip support where it didnt before Testing: It has a fairly comprehensive test suite, but I did have to disable for now, a few problematic tests that fail in the launchpad buildd chroots, but not elsewhere like local machine or Debian schroot. I have run a test rebuild for all the rdepends in ppa:darkxst/libzip. All built successfully, except for 2 packages, cbmc and plume-creater that had unrelated fallout due to gcc7 and other packaging changes. - Other Notes: + Other Notes: - There are a bunch of presumably private symbols leaked into the debian symbols file. Not ideal, but probably not the only package in the archive like that. - I will follow up with upstream issues for the RPATH stuff, tests and symbols later - I will also push for the update into Debian Build Logs: https://launchpadlibrarian.net/363222435/buildlog_ubuntu-bionic-amd64.libzip_1.5.0-0ubuntu1~bionic3_BUILDING.txt.gz + Reverse-depends of libzip4 that are seeded: + ark (from ark) is seeded in: + kubuntu: daily-live + lubuntu-next: daily-live + ideviceinstaller is seeded in: + ubuntu-mate: daily-live + libepub0 is seeded in: + kubuntu: daily-live + ubuntustudio: dvd + libpstoedit0c2a is seeded in: + kubuntu: supported + okular-extra-backends is seeded in: + kubuntu: daily-live Upstream Changelog ================== 1.5.0 [2018-03-11] ================== * Use standard cryptographic library instead of custom AES implementation. - This also simplifies the license. + This also simplifies the license. * Use `clang-format` to format the source code. * More Windows improvements. 1.4.0 [2017-12-29] ================== * Improve build with cmake * Retire autoconf/automake build system * Add `zip_source_buffer_fragment()`. * Add support to clone unchanged beginning of archive (instead of rewriting it). - Supported for buffer sources and on Apple File System. + Supported for buffer sources and on Apple File System. * Add support for Microsoft Universal Windows Platform. 1.3.2 [2017-11-20] ================== * Fix bug introduced in last: zip_t was erroneously freed if zip_close() failed. 1.3.1 [2017-11-19] ================== * Install zipconf.h into ${PREFIX}/include * Add zip_libzip_version() * Fix AES tests on Linux 1.3.0 [2017-09-02] ================== * Support bzip2 compressed zip archives * Improve file progress callback code * Fix zip_fdopen() * CVE-2017-12858: Fix double free() * CVE-2017-14107: Improve EOCD64 parsing 1.2.0 [2017-02-19] ================== * Support for AES encryption (Winzip version), both encryption - and decryption + and decryption * Support legacy zip files with >64k entries * Fix seeking in zip_source_file if start > 0 * Add zip_fseek() for seeking in uncompressed data * Add zip_ftell() for telling position in uncompressed data * Add zip_register_progress_callback() for UI updates during zip_close() 1.1.3 [2016-05-28] ================== * Fix build on Windows when using autoconf
-- You received this bug notification because you are a member of Kubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1674057 Title: [FFe] upgrade libzip to version 1.5.0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libzip/+bug/1674057/+subscriptions -- kubuntu-bugs mailing list kubuntu-b...@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs
