gcab (0.7-4ubuntu0.1) artful-security; urgency=medium

  * SECURITY UPDATE: code execution via crafted .cab file
    - debian/patches/CVE-2018-5345.patch: add size check in
      libgcab/cabinet.c.
    - CVE-2018-5345

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 24 Jan 2018 07:47:47 -0500

gcab (0.7-4) unstable; urgency=medium

  * Add overrides for Lintian’s “spelling error” covering the use of “GNU
    Public License” (which refers to the general concept here).
  * Make gcab produce reproducible cabinets; thanks to Chris Lamb for the
    patch. Closes: #872460.
  * Fix an invalid libgcab-dev link in libgcab-doc.

 -- Stephen Kitt <skitt@debian.org>  Thu, 17 Aug 2017 22:43:03 +0200

gcab (0.7-3) unstable; urgency=medium

  * Switch to debhelper compatibility level 10.
  * As per the GObject-Introspection policy, the typelib package should be
    gir1.2-gcab-1.0, not gir1.2-libgcab-1.0; rename the package
    accordingly. The -dev package also needs a dependency on the typelib
    package.
  * Update debian/copyright.
  * Standards-Version 4.0.0, no further change required.

 -- Stephen Kitt <skitt@debian.org>  Tue, 11 Jul 2017 12:35:49 +0200

gcab (0.7-2) unstable; urgency=medium

  * Explicitly build-depend on intltool and pkg-config instead of relying
    on gnome-common. Closes: #837853.
  * Standards-Version 3.9.8, no change required.

 -- Stephen Kitt <skitt@debian.org>  Thu, 15 Sep 2016 23:02:12 +0200

gcab (0.7-1) unstable; urgency=medium

  * New upstream release.
  * Add unique license names for all the permissive licenses.
  * Migrate to dbgsym debug packages.
  * Switch to https: VCS URIs (see #810378).
  * Add the Ubuntu patch to avoid integer overflows in zalloc.
  * Standards-Version 3.9.7, no change required.
  * Enable all hardening options.

 -- Stephen Kitt <skitt@debian.org>  Fri, 18 Mar 2016 12:46:01 +0100

gcab (0.6-1) unstable; urgency=medium

  * New upstream release.
  * Drop afl-fixes.patch, merged upstream.

 -- Stephen Kitt <skitt@debian.org>  Fri, 20 Mar 2015 20:11:15 +0100

gcab (0.5-1) unstable; urgency=medium

  * New upstream release.
  * Drop patches fix-glib-linking, fix-gtkdoc-tests, cve-2015-0552.patch,
    merged upstream.
  * m4/intltool.m4 is no longer shipped, remove it from
    debian/copyright.

 -- Stephen Kitt <skitt@debian.org>  Thu, 12 Mar 2015 06:59:08 +0100

gcab (0.4-3) unstable; urgency=medium

  * Fix all the crashes detected by AFL. Thanks to Jakub Wilk for the
    suggestion! Closes: #775941.
  * Fix hyphens in the manpage.

 -- Stephen Kitt <skitt@debian.org>  Sun, 25 Jan 2015 23:51:15 +0100

gcab (0.4-2) unstable; urgency=medium

  * Indicate that libgcab/gcab-enums.* is licensed using LGPL-2.0+, not
    2.1+ like the rest of the project. Thanks to Thorsten Alteholz for
    pointing out that this should be indicated explicitly!
  * Prevent path traversals; contents of cabinet files are always
    extracted below the extraction point and cannot escape it. Closes:
    #774580. This is CVE-2015-0552.

 -- Stephen Kitt <skitt@debian.org>  Tue, 06 Jan 2015 00:14:58 +0100

gcab (0.4-1) unstable; urgency=low

  * Initial release. Closes: #771253.

 -- Stephen Kitt <skitt@debian.org>  Sat, 29 Nov 2014 00:12:00 +0100
