radare2 (1.1.0+dfsg-5) unstable; urgency=high * Add upstream patch to fix security bug - CVE-2017-7946 (Closes: #860962) The get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 1.3.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted Mach0 file. -- Sebastian Reichel Sun, 23 Apr 2017 23:20:16 +0200 radare2 (1.1.0+dfsg-4) unstable; urgency=high * Add upstream patches to fix security bugs - CVE-2017-6194 (Closes: #859448) The relocs function in libr/bin/p/bin_bflt.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file. - CVE-2017-6448 (Closes: #859447) The dalvik_disassemble function in libr/asm/p/asm_dalvik.c allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file. -- Sebastian Reichel Tue, 11 Apr 2017 15:34:39 +0200 radare2 (1.1.0+dfsg-3) unstable; urgency=high * Add upstream patches to fix security bugs - CVE-2017-6415 (Closes: #856572) The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DEX file. - CVE-2017-6387 (Closes: #856574) The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DEX file. - CVE-2017-6319 (Closes: #856579) The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file. * Add small patch from Graham Inggs to fix FTBFS when linked with as-needed (Closes: #856329) -- Sebastian Reichel Fri, 03 Mar 2017 05:56:37 +0100 radare2 (1.1.0+dfsg-2) unstable; urgency=high * Add upstream patch to fix security bug (Closes: #856063) - CVE-2017-6197 The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by the r_read_le32 function. -- Sebastian Reichel Sat, 25 Feb 2017 06:23:09 +0100 radare2 (1.1.0+dfsg-1) unstable; urgency=medium * New upstream release - Fix ARM thumb code assembler (Closes: #844007) - preprocessor for ragg2 and rasm2 - per-node folding support in graph - New commands (fla, pdc, pir, dmS, ?*, ~?.) - New variables ($fl) - autocompletion after @ - implement bin.debase64 - support for ARM64 PE binaries - libmagic fixes to avoid warnings with GNU libmagic - Greatly improves AVR support - and many more features and bugfixes... * Switch to github based watch file * Drop David from Uploaders list in request of MIA team (Closes: #845288) -- Sebastian Reichel Tue, 20 Dec 2016 14:27:33 +0100 radare2 (1.0.2+dfsg-1) unstable; urgency=medium * New upstream bugfix release - comes with Debian's FTBFS bugfix patches - fix commands "izz" & "aeim-" - some other minor fixes * Disable debugging on arm64 (Closes: #843939) * Build with --with-libversion=1.0, since 1.0.2 is ABI compatible with 1.0 * Fix soname version of libr2.so via buildsystem patch -- Sebastian Reichel Fri, 11 Nov 2016 03:18:33 +0100 radare2 (1.0+dfsg-1) unstable; urgency=medium * New upstream version - Lots of new features & bugfixes - bash autocompletion support * DFSG relevant changes - m68k has been removed upstream - z80 plugin has been replaced with a GPLv3 licensed one - mach code has been replaced with LLVM code (BSD style license) * Debian Patches - all of them were applied upstream - introduce two new patches to fix FTBFS * Reproducible Build - upstream merged the source_epoch fix - additionally most occurrences of __FILE__ were removed upstream * Enable debugging support on arm64, ppc, ppc64, mips & mips64 * Switch to compat level 10 -- Sebastian Reichel Wed, 09 Nov 2016 05:45:27 +0100 radare2 (0.10.6+dfsg-1) unstable; urgency=medium * New upstream version * Add libkvm-dev build-dependency on kfreebsd to avoid FTBFS -- Sebastian Reichel Tue, 27 Sep 2016 05:27:05 +0200 radare2 (0.10.5+dfsg1-1) unstable; urgency=medium * Fixed DFSG source tarball - previously still contained the apple public source licensed mach code * Disable debugger on kfreebsd and hurd * Drop git build-depend - not needed with Debian's configuration -- Sebastian Reichel Thu, 01 Sep 2016 16:48:47 +0200 radare2 (0.10.5+dfsg-1) unstable; urgency=low * New upstream version (Closes: #778402, #748234, #766794): - Support for GameBoy added. - Support for Nintendo DS, NES, SNES, N64, DOL (Wii/Gamecube) - Support for Sega megadrive, SMS - Support for cr16, msp430, tms320, m68k, Spc700, Propeller - Support for i4004, LH5801, z80, pebble watch, xtensa, lanai, microblaze - Support for Capstone - Support for cryptography - Callgraph navigation view - Support for heap analysis (linux-glibc) - Improved PE & ELF parsers - DWARF support - ASCII Art graphs - Web Interface - Tons of bugs and segfaults fixed, some others added for sure. - ahi now supports IPv4 and syscall * debian/patches: - Dropped all old patches - Add a few new patches to fix manpage warnings from lintian - Disable m68k asm plugin to avoid linking GPL and BSD-4-clause code - Disable mach bin and z80 asm plugin (removed to be DFSG compatible) - add patch to generate GIT_NOW from SOURCE_DATE_EPOCH based on Chris Lamb's patch (Closes: #835262) * Dropped radare2-plugins package (included plugins are built statically) * Update Debian Standards Version to 3.9.8 * Add dependency to zlib to avoid built-in library * Drop -dbg packages (switch to automatically generated -dbgsym) * Add get-orig-source rule, which creates dfsg version * Make myself the Maintainer again (ender is MIA) -- Sebastian Reichel Fri, 26 Aug 2016 15:42:57 +0200 radare2 (0.9.6-3.1) unstable; urgency=medium * debian/patches/12_fix_strcasestr_declaration: Add #define _GNU_SOURCE as well, to get the definition of strcasestr (closes: #735921). -- Steve McIntyre <93sam@debian.org> Sun, 23 Mar 2014 14:38:44 +0000 radare2 (0.9.6-3) unstable; urgency=medium * debian/patches/12_fix_strcasestr_declaration: Fixed a missing include, thanks to Matthias Klose for pointing it (closes: #735921). -- David Martínez Moreno Tue, 28 Jan 2014 10:29:31 -0800 radare2 (0.9.6-2) unstable; urgency=low * debian/control: Switched Sebastian and myself as Maintainer/Uploader. * debian/patches/08_proper_tcc_build: Updated to fix a wrong ifeq in the Makefile. * debian/watch: Updated as it seems that pancake is releasing .tar.xz now. * debian/patches/01_fix-kfreebsd-compilation: Completely revamped from upstream commit 1941efc, to (hopefully) fix builds on kFreeBSD. * Added a lintian override for spelling-error-in-binary in libradare2-0.9.6, as it's invalid. -- David Martínez Moreno Fri, 17 Jan 2014 07:48:47 -0800 radare2 (0.9.6-1) unstable; urgency=low * New Year's release. Just in time! * New upstream release. Main changes are: - r2 now supports UTF-8, RGB and TrueColor ansi codes. - More platforms supported: ARM aarch64, TI c55x+, 8051, Javascript (emscripten), ARCcompact. - ASLR for PIE binaries is now supported by using the -B flag. - MACH0 XNU kernels are now properly loaded. - Added support for TE binaries. - Identify some PC BIOS and UEFI ROMs. - Java Class file parser has been rewritten to support Java7. - Python ctypes, D and Java JNI bindings. - An embedded webserver have been included, and you can invoke it using the `=h' or '=H' commands. - Improved JSON output for many commands. Just append 'j' to the command and it will use that format. - First release with an extensive test suite. - Lots of bugs has been fixed, overflows, memory leaks, and many handcrafted binaries can now be loaded without segfaults, crashes or lack of info (closes: #716192). * debian/patches: - 01_fix-kfreebsd-compilation: Refreshed. - 02_link-needed-libmagic: Fixed. - 03_unsafe_snprintf: New, partly taken from upstream commit 1289476 to fix an incomplete snprintf that was breaking the hardened build. - 04_remove_non-installable_library: New, to fix an extraneous t.0.9.6 that was appearing in the builds. - 05_typos: Added, some typos and wrong man macros. - 06_no_forced_rpath: Added, disable rpath when --with-rpath is not present. - 07_propagate_ldflags: New, propagate LDFLAGS from environment into compilation by making assignment additive, fixing hardened builds. - 08_proper_tcc_build: Add .so as the default suffix of libr_tcc. - 09_fix_internal_plugins: New, fixed a bunch of problems with the internal bindings: made the lua check support Debian's lua, fixed library prefix, and removed ncurses bogus linking. - 10_fix_rafind2_segfault: New, backported from e0f4364 to fix a segfault reported by the Mayhem team (closes: #716503). - 11_block_libtcc_install: New, backported from upstream 1531e96 to stop installing libtcc files. - 101_split_plugins_installation: New, Debian-only, to ease packaging of the plugins. Otherwise they ended up in libradare2. * debian/control: - Build-Depends on valabind (>> 0.7.4) and swig to generate internal plugins, plus python-dev and liblua5.2-dev for the corresponding extensions, and dh-exec to help with the packaging of radare2-plugins. - Updated descriptions. - Bumped Standards-Version to 3.9.5 (no changes). - Created another package (radare2-plugins) with the Python and Lua extensions (plus the dependency on Vala). - Make radare-plugins depend on valac; otherwise the vala extension is not functional. * debian/rules: - Fix a broken flag for configure (--without-debugger -> --disable-debugger) that was causing the debugger to be enabled back in several architectures where it was previously disabled, and thus breaking the builds (closes: #732853). - Force --fail-missing on dh_install to make sure that we don't miss new files in subsequent releases. * Removed the libradare2's symbols file because radare2 doesn't really try to have any sort of backwards compatibility. It's futile to dump it from scratch in every release. -- David Martínez Moreno Tue, 31 Dec 2013 23:57:03 -0800 radare2 (0.9.4-2) unstable; urgency=low [ Sebastian Reichel ] * r_debug_desc_plugin_native is not available on some architectures, so make tag it accordingly in *.symbols file. * Add patch to fix compilation under GNU/kFreeBSD. -- David Martínez Moreno Tue, 10 Dec 2013 11:17:44 -0800 radare2 (0.9.4-1) unstable; urgency=low * New upstream release * Update debian/copyright * Bump Debian Standards Version 3.9.2 -> 3.9.4 * Create new -common package for arch independent files -- Sebastian Reichel Sun, 22 Sep 2013 19:50:24 +0200 radare2 (0.9-3) unstable; urgency=low * Add Patch from Julian Taylor to fix FTBFS when building using ld --as-needed (Closes: #653873) -- Sebastian Reichel Sat, 31 Dec 2011 20:43:17 +0100 radare2 (0.9-2) unstable; urgency=low * readd fix in symbols file: r_debug_desc_plugin_native is only built for x86, x86-64 and arm -- Sebastian Reichel Tue, 06 Dec 2011 14:29:09 +0100 radare2 (0.9-1) unstable; urgency=low * New upstream release - automatic hurd detection * radare2 now recommends libradare2-dev - header files are used by ragg2-cc -- Sebastian Reichel Tue, 06 Dec 2011 01:36:55 +0100 radare2 (0.8.8-2) unstable; urgency=low * fix symbols file: r_debug_desc_plugin_native is only built for x86, x86-64 and arm * add patch to fix build on kFreeBSD * add upstream patch to fix a bug when redefining io sections -- Sebastian Reichel Fri, 04 Nov 2011 22:53:13 +0100 radare2 (0.8.8-1) unstable; urgency=low * new upstream release - fixed lintian warnings * update copyright information -- Sebastian Reichel Tue, 01 Nov 2011 13:03:36 +0100 radare2 (0.8.1-1) unstable; urgency=low * new upstream release * remove all patches (included upstream) * switch from cdbs to debhelper * update Debian Standards Version to 3.9.2 * make libradare2 multi-arch capable -- Sebastian Reichel Sun, 24 Jul 2011 15:06:17 +0200 radare2 (0.7-3) unstable; urgency=low * update the fcntl patch * new patch: honor --without-debugger to fix build on unsupported architectures * new patch: add kfreebsd support -- Sebastian Reichel Wed, 13 Apr 2011 11:04:00 +0200 radare2 (0.7-2) unstable; urgency=low * disable debugger on all arches except i386, amd64, arm to make them building * new patch: drx_add / drx_del should not be exported * new patch: add fcntl.h to fix build error on kfreebsd / hurd * new patch: fix cflags to build some failing plugins * Closes: #621412 -- Sebastian Reichel Mon, 04 Apr 2011 15:27:16 +0200 radare2 (0.7-1) unstable; urgency=low * New upstream release -- Sebastian Reichel Wed, 09 Mar 2011 00:54:02 +0100 radare2 (0.6-1) unstable; urgency=low * Initial Upload to Debian (Closes: #573345) -- Sebastian Reichel Mon, 07 Feb 2011 13:00:47 +0100