-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 22 Dec 2023 16:38:54 +1100 Source: cpio Architecture: source Version: 2.14+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Anibal Monsalve Salazar <anibal@debian.org> Changed-By: Anibal Monsalve Salazar <anibal@debian.org> Closes: 925021 1049402 1059163 1059238 Changes: cpio (2.14+dfsg-1) unstable; urgency=medium . * New upstream release Closes: #1049402 Noteworthy changes in this release: - New option --ignore-dirnlink Valid in copy-out mode, it instructs cpio to ignore the actual number of links reported for each directory member and always store 2 instead. - Changes in --reproducible option The --reproducible option implies --ignore-dirlink. In other words, it is equivalent to --ignore-devno --ignore-dirnlink --renumber-inodes. - Use GNU ls algorithm for deciding timestamp format in -tv mode - Bugfixes - Fix cpio header verification. - Fix handling of device numbers on copy out. - Fix calculation of CRC in copy-out mode. - Rewrite the fix for CVE-2015-1197. - Fix combination of --create --append --directory. - Fix appending to archives bigger than 2G. * Update uploaders list Closes: #925021 * Standards-Version: 4.6.2 * Fix Path traversal vulnerability due to partial revert of fix for CVE-2015-1197 Closes: #1059163 * cpio-win32 is no longer needed Closes: #1059238 Checksums-Sha1: eb78be01c0a20b510407d20c8b6271aafa6359b8 1906 cpio_2.14+dfsg-1.dsc c07f9046d70b4d83f873138bb7561e7b218ce6b9 1515680 cpio_2.14+dfsg.orig.tar.bz2 9336fac43abbb385ffc8637c67120a90e508ec0d 15096 cpio_2.14+dfsg-1.debian.tar.xz 0b09f929fb782060d6594b90aa49d8d7326bebd5 5582 cpio_2.14+dfsg-1_amd64.buildinfo Checksums-Sha256: 1317473ea3b00cebce77af6ed954f98088087a460aa7a804c87c5def78b990a3 1906 cpio_2.14+dfsg-1.dsc a45e1c39445fe663e0184d4d72b9f3d5f7ca273e875ce1992fafe49babff592c 1515680 cpio_2.14+dfsg.orig.tar.bz2 345cacb20aa4407f5db41ce9ea47c53a0304db8cec7031536f033bc1c44ac957 15096 cpio_2.14+dfsg-1.debian.tar.xz d3468c3b3527726a39db610cd94eecd15c718cd96e9c9f46251ea9cdce4f6273 5582 cpio_2.14+dfsg-1_amd64.buildinfo Files: 24196598763567c4564a0444d0f4863e 1906 utils important cpio_2.14+dfsg-1.dsc a13f5918ce2580c1da5ea98dd8b34722 1515680 utils important cpio_2.14+dfsg.orig.tar.bz2 33392e3b8e3a8d5acf3ef044ef2ace1c 15096 utils important cpio_2.14+dfsg-1.debian.tar.xz 75094246fbcf85ac90766840c2d36711 5582 utils important cpio_2.14+dfsg-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEExgRcgTiHt3wt/5elfFas/pR4l9gFAmWFIcUACgkQfFas/pR4 l9hmTQ//SNNwjdHybVL6YDzuOy4I0mfLiWzu22NJyl6LrkpX5fhvL6RKKAN8gkSE OuT/WE3HnXF4Yi/zyYxdzCHAJMrRNzIq9gGU77trgMGiFRrL/oLvAZt02a4TfwkE ZvnWjpgws/jw3hQRik0SMK0u60G+IVDWjSu3EeJWaQudw6ssdOKpc+OBFTQpXwYI 2W6NhXTEMpKIPChUXLevHlPJOf9XvA8CA/NxRyGpAUt9d0miubE4qjLGVo617Jv7 CXoy/vACeK47nd4POYaSXqqo2M96btqc8AKPMkdk9/ZlHR9PEor0GWVCatXyXckK 7oWBoUdCuwsMu3mRukDd+sPNyIdtvakLzdRLn5VzeWviqVSRmn1PZDYWA74S37Ur QQe8G8V3kdr33vkTrQV3feFcYnH1v0zupMb9lqCCuiVdXmgK0AbBUwdtrgvYH9M4 0EGm13k1pvLH2EU7cHVV1kArGgTqXKcQ1ewyoCYLo4+8THTUPaa7VeQQtuzLycCC U1UPs+YRLt+3TdltOpXdq0kO8xYPCKriy8cArpvpVzwc62DVR8cF6kPro0b8OJzA 4sEoyKsNSafRoRn6McNfmydQEs0wPIeCe4t7TKTX55NKSyEy/10jKJtDXjCstKNg NSpQkefjoaPMKsnxUzu/t2OI9CTcNEz/0DFoRqQOXt1Rbl3yYrc= =yVvG -----END PGP SIGNATURE-----
