** Description changed:

  Feature Freeze Justification
  ============================
  This release fixes to two CVE's and most notably has removed its custom AES 
crypto implementation with using openssl libraries. It is for the security 
reasons I am requesting this FFe this late in the cycle.
  
  Other Changes:
  - A bunch of bug fixes
  - A number of new features like bzip2 (this optional and could be disabled 
for 18.04), improved AES encryption support, some of the new features are other 
platforms only
- - Breaks API (only 1 symbol was removed though), soname bump, so will require 
a mini transition, all the 23-odd reverse-depends that I count are in universe. 
+ - Breaks API (only 1 symbol was removed though), soname bump, so will require 
a mini transition, all the 23-odd reverse-depends that I count are in universe.
  - they appear to have dropped their custom AES implementation in favour of 
using openssl (this should be a plus!)
  - Build system switched to Cmake in latest release
- 
+ - Ark will build with libzip support where it didnt before
  
  Testing:
  It has a fairly comprehensive test suite, but I did have to disable for now, 
a few problematic tests that fail in the launchpad buildd chroots, but not 
elsewhere like local machine or Debian schroot.
  
  I have run a test rebuild for all the rdepends in ppa:darkxst/libzip.
  All built successfully, except for 2 packages, cbmc and plume-creater
  that had unrelated fallout due to gcc7 and other packaging changes.
  
- Other Notes: 
+ Other Notes:
  - There are a bunch of presumably private symbols leaked into the debian 
symbols file. Not ideal, but probably not the only package in the archive like 
that.
  - I will follow up with upstream issues for the RPATH stuff, tests and 
symbols later
  - I will also push for the update into Debian
  
  Build Logs:
  
https://launchpadlibrarian.net/363222435/buildlog_ubuntu-bionic-amd64.libzip_1.5.0-0ubuntu1~bionic3_BUILDING.txt.gz
  
+ Reverse-depends of libzip4 that are seeded:
+ ark (from ark) is seeded in:
+   kubuntu: daily-live
+   lubuntu-next: daily-live
+ ideviceinstaller is seeded in:
+   ubuntu-mate: daily-live
+ libepub0 is seeded in:
+   kubuntu: daily-live
+   ubuntustudio: dvd
+ libpstoedit0c2a is seeded in:
+   kubuntu: supported
+ okular-extra-backends is seeded in:
+   kubuntu: daily-live
  
  Upstream Changelog
  ==================
  1.5.0 [2018-03-11]
  ==================
  
  * Use standard cryptographic library instead of custom AES implementation.
-   This also simplifies the license.
+   This also simplifies the license.
  * Use `clang-format` to format the source code.
  * More Windows improvements.
  
  1.4.0 [2017-12-29]
  ==================
  
  * Improve build with cmake
  * Retire autoconf/automake build system
  * Add `zip_source_buffer_fragment()`.
  * Add support to clone unchanged beginning of archive (instead of rewriting 
it).
-   Supported for buffer sources and on Apple File System.
+   Supported for buffer sources and on Apple File System.
  * Add support for Microsoft Universal Windows Platform.
  
  1.3.2 [2017-11-20]
  ==================
  * Fix bug introduced in last: zip_t was erroneously freed if zip_close() 
failed.
  
  1.3.1 [2017-11-19]
  ==================
  
  * Install zipconf.h into ${PREFIX}/include
  * Add zip_libzip_version()
  * Fix AES tests on Linux
  
  1.3.0 [2017-09-02]
  ==================
  
  * Support bzip2 compressed zip archives
  * Improve file progress callback code
  * Fix zip_fdopen()
  * CVE-2017-12858: Fix double free()
  * CVE-2017-14107: Improve EOCD64 parsing
  
  1.2.0 [2017-02-19]
  ==================
  
  * Support for AES encryption (Winzip version), both encryption
-   and decryption
+   and decryption
  * Support legacy zip files with >64k entries
  * Fix seeking in zip_source_file if start > 0
  * Add zip_fseek() for seeking in uncompressed data
  * Add zip_ftell() for telling position in uncompressed data
  * Add zip_register_progress_callback() for UI updates during zip_close()
  
  1.1.3 [2016-05-28]
  ==================
  
  * Fix build on Windows when using autoconf

-- 
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1674057

Title:
  [FFe] upgrade libzip to version 1.5.0

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libzip/+bug/1674057/+subscriptions

-- 
kubuntu-bugs mailing list
kubuntu-b...@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs

Reply via email to