lua5.4 (5.4.6-3) unstable; urgency=high [ P. J. McDermott ] * Fix completely broken C++ library missing all "lua*" function symbols. 0003-extern_C.patch was removed in 5.4.6-1 per request in #1032533, replacing all the C symbols with C++ mangled names, but the export map debian/version-script listed only C symbols. (closes: #1063707) - Extend DEP-8 test to check C++ library. * Update liblua5.4-dev Recommends from pkg-config to pkgconf. (Fixes lintian error tag depends-on-obsolete-package) * Add Rules-Requires-Root: no. (Fixes lintian pedantic tag silent-on-rules-requiring-root) * Move "-e" from "#!" line to "set" command in lua5.4 prerm script. (Fixes lintian pedantic tag maintainer-script-without-set-e) * Add debian/salsa-ci.yml. -- Debian Lua Team Sun, 11 Feb 2024 07:29:32 -0500 lua5.4 (5.4.6-2) unstable; urgency=medium * Team upload [ Lena Voytek ] * Make some packaging improvements (closes: #1056991) - Add DEP-8 tests for basic functionality + d/t/interpreter: Test lua interpreter + d/t/liblua: Test lua C api - d/p/0001-build-system.patch: Use default test environment: Instead of overriding testing with libtool which now fails with -dlopen argument, the original ./$(LUA_T) -v is used as it is works correctly with 5.4.6 - d/configure.ac: Remove AC_PROG_LIBTOOL entry: AC_PROG_LIBTOOL is a deprecated macro for initializing libtool. LT_INIT already covers this functionality so no other action is required. - d/liblua5.4-0.symbols: Add symbols file for lua 5.4 libraries [ Gianfranco Costamagna ] * d/version-script: Export additional missing symbols (closes: #1034800) * Update watch file to version 4 * Fix some copyright typos * Drop trailing spaces and newlines * Add R^3: no * Use https for copyright machine readable file * Explicit set -e on prerm and postinst files to please lintian * Drop priority field on dbg to please lintian * Drop unused patch to please lintian * Drop dbg package to please lintian (closes: #1050990) * Drop quilt and auto* dependencies, already satisfied by newer debhelper and compat level 13 -- Lena Voytek Mon, 27 Nov 2023 08:23:09 -0700 lua5.4 (5.4.6-1) unstable; urgency=medium * New upstream release (closes: #1041902). * Remove no longer necessary patches which fixed CVE-2022-28805 and CVE-2022-33099 in version 5.4.4. * Refresh patches. * Fix building the package twice (closes: #1046480). * Bump the debhelper compatibility level to 13. * Bump the standards version to 4.6.2. -- Sergei Golovan Wed, 14 Jun 2023 15:52:06 +0300 lua5.4 (5.4.4-3) unstable; urgency=medium * Add a patch from upstream which fixes CVE-2022-33099, double free in a situation when error occurs while handling an error (closes: #1014935). -- Sergei Golovan Sun, 17 Jul 2022 14:56:01 +0300 lua5.4 (5.4.4-2) unstable; urgency=medium * Add a patch from upstream which fixes CVE-2022-28805, segmentation fault due to a heap overflow when parsing ENV with (closes: #1010265). -- Sergei Golovan Sat, 30 Apr 2022 07:38:29 +0300 lua5.4 (5.4.4-1) unstable; urgency=medium * New upstream release. This release fixes the following security bugs: - CVE-2021-43519, stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file (closes: #1000228). - CVE-2021-44647, Lua 5.4.4 and 5.4.2 are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service (closes: #1004189). -- Sergei Golovan Mon, 07 Feb 2022 10:34:34 +0300 lua5.4 (5.4.3-1) unstable; urgency=medium * New upstream release. * Refresh patches. -- Sergei Golovan Tue, 17 Aug 2021 10:50:26 +0300 lua5.4 (5.4.2-2) unstable; urgency=medium * Enable readline support (thanks to Widianto Nur F). -- Sergei Golovan Tue, 12 Jan 2021 23:02:10 +0300 lua5.4 (5.4.2-1) unstable; urgency=medium * New upstream release. * Refresh patches. -- Sergei Golovan Sun, 06 Dec 2020 14:05:10 +0300 lua5.4 (5.4.1-1) unstable; urgency=medium * New upstream release. This release fixes the following security bugs: - CVE-2020-15888, mishandling the interaction between stack resizes and garbage collection (closes: #972101) - CVE-2020-24342 allowing a stack redzone cross (closes: #971012) - CVE-2020-24369 attempting to access debug information via the line hook of a stripped function (closes: #971013) - CVE-2020-24370 allowing a negation overflow and segmentation fault in getlocal and setlocal (closes: #971613) - CVE-2020-24371 active barriers during sweep phase (closes: #971010) * Remove no longer necessary patches. -- Sergei Golovan Sat, 21 Nov 2020 17:58:27 +0300 lua5.4 (5.4.0-2) unstable; urgency=medium * Add patches by upstream, which fix a few freshly introduced bugs. -- Sergei Golovan Sat, 18 Jul 2020 18:10:14 +0300 lua5.4 (5.4.0-1) unstable; urgency=medium * The first upstream release. -- Sergei Golovan Tue, 30 Jun 2020 16:51:40 +0300 lua5.4 (5.4.0~rc5-1) experimental; urgency=medium * New upstream release candidate. -- Sergei Golovan Wed, 17 Jun 2020 12:49:10 +0300 lua5.4 (5.4.0~rc4-1) experimental; urgency=medium * New upstream release candidate. -- Sergei Golovan Tue, 02 Jun 2020 23:46:53 +0300 lua5.4 (5.4.0~rc3-1) experimental; urgency=medium * New upstream release candidate. -- Sergei Golovan Wed, 20 May 2020 10:12:52 +0300 lua5.4 (5.4.0~rc2-1) experimental; urgency=medium * New upstream release candidate. * Refresh patches. * Bump the standards version to 4.5.0. * Bump the debhelper compatibility level to 12. -- Sergei Golovan Wed, 06 May 2020 10:33:50 +0300 lua5.4 (5.4.0~beta-1) experimental; urgency=medium * New upstream preliminary release. * Refresh patches. -- Sergei Golovan Tue, 29 Oct 2019 10:23:48 +0300 lua5.4 (5.4.0~alpha-2) experimental; urgency=medium * Fix symbols in the linker version script. * Adapt a patch for lua5.3 by Helmut Grohne to fix FTCBFS. The patch libtoolizes during build to avoid a dependency on libtool-bin, and uses triplet-prefixed build tools (closes: #941649). * Fix the Lua version release number in pkgconfig scripts. * Add an alternatives for the lua.pc and lua-c++.pc pkgconfig scripts. -- Sergei Golovan Sun, 13 Oct 2019 10:33:54 +0300 lua5.4 (5.4.0~alpha-1) experimental; urgency=medium * Initial release (closes: #932316). -- Sergei Golovan Wed, 17 Jul 2019 18:28:48 +0300