1. 14 Mar, 2022 3 commits
  2. 23 Feb, 2022 3 commits
  3. 15 Feb, 2022 3 commits
  4. 18 Aug, 2021 2 commits
  5. 11 Mar, 2021 1 commit
  6. 23 Feb, 2021 1 commit
    • Laszlo Boszormenyi (GCS)'s avatar
      Import Debian changes 2.2.10-2 · ec8f8592
      Laszlo Boszormenyi (GCS) authored
      expat (2.2.10-2) unstable; urgency=medium
      
        * Provide stage1 (bootstrap) build profile (closes: #896011).
      
        [ Matthias Klose <doko@ubuntu.com> ]
        * Don't build the udeb package when requested (closes: #983324).
      
      expat (2.2.10-1) unstable; urgency=medium
      
        * New upstream release.
        * Update Standards-Version to 4.5.0 .
      
      expat (2.2.9-1) unstable; urgency=medium
      
        * New upstream release.
        * Update Standards-Version to 4.4.0 .
      
      expat (2.2.7-2) unstable; urgency=high
      
        * Fix CVE-2019-15903: deny internal entities closing the doctype
          (closes: #939394).
      
      expat (2.2.7-1) unstable; urgency=medium
      
        * New upstream release.
        * Update libexpat1 symbols.
      ec8f8592
  7. 06 Mar, 2021 1 commit
  8. 15 Feb, 2021 1 commit
  9. 11 Aug, 2020 1 commit
  10. 30 Mar, 2020 1 commit
  11. 23 Oct, 2019 2 commits
    • Salvatore Bonaccorso's avatar
      Import Debian changes 2.2.6-2+deb10u1 · 0f685e9d
      Salvatore Bonaccorso authored and Ritesh Raj Sarraf's avatar Ritesh Raj Sarraf committed
      
      
      expat (2.2.6-2+deb10u1) buster-security; urgency=high
      
        * Non-maintainer upload by the Security Team.
        * xmlparse.c: Deny internal entities closing the doctype (CVE-2019-15903)
          (Closes: #939394)
      Signed-off-by: Ritesh Raj Sarraf's avatarRitesh Raj Sarraf <ritesh.sarraf@collabora.com>
      0f685e9d
    • Salvatore Bonaccorso's avatar
      Import Debian changes 2.2.6-2+deb10u1 · 0849e068
      Salvatore Bonaccorso authored and Ritesh Raj Sarraf's avatar Ritesh Raj Sarraf committed
      expat (2.2.6-2+deb10u1) buster-security; urgency=high
      
        * Non-maintainer upload by the Security Team.
        * xmlparse.c: Deny internal entities closing the doctype (CVE-2019-15903)
          (Closes: #939394)
      
      expat (2.2.6-2) unstable; urgency=high
      
        * Fix extraction of namespace prefix from XML name (CVE-2018-20843)
          (closes: #931031).
      
      expat (2.2.6-1) unstable; urgency=medium
      
        * New upstream release.
        * Disable Vcs-* fields for now.
        * Update Standards-Version to 4.1.5 .
      
      expat (2.2.5-3) unstable; urgency=medium
      
        * Don't install irrelevant README.md (closes: #884818).
      
      expat (2.2.5-2) unstable; urgency=medium
      
        * Upload to Sid.
        * Install AUTHORS file.
        * Update project homepage.
        * Migrate d/copyright to format 1.0 .
        * Update debhelper level to 11 .
      
      expat (2.2.5-1) experimental; urgency=medium
      
        * New upstream release (closes: #883708).
        * Use the main source for packaging (closes: #874177).
        * Drop outdated multilib packages (closes: #775942, #779459).
        * Add docbook2x build dependency.
        * Update libexpat1 symbols.
        * Update Standards-Version to 4.1.2 .
      
      expat (2.2.3-2) unstable; urgency=medium
      
        * Do not install .la files (closes: #880110).
        * Don't expose libbsd-dev dependency on libexpat1-dev .
        * Update Standards-Version to 4.1.1:
          - change libexpat1-udeb priority to optional.
      
      expat (2.2.3-1) unstable; urgency=medium
      
        * New upstream release.
        * Remove dh-autoreconf build dependency.
      
      expat (2.2.2-2) unstable; urgency=medium
      
        * Build with libbsd on Hurd as well.
      
      expat (2.2.2-1) unstable; urgency=high
      
        * New upstream release:
          - fix non-NULL parser parameter validation in XML_Parse; resulted in
            NULL dereference.
      
      expat (2.2.1-3) unstable; urgency=medium
      
        * Add libbsd-dev dependency to libexpat1-dev on kFreeBSD architectures
          (closes: #867252).
      
      expat (2.2.1-2) unstable; urgency=medium
      
        * Fix mis-detection of getrandom() on kFreeBSD.
        * Utilize libbsd for arc4random_buf() on kFreeBSD.
      
      expat (2.2.1-1) unstable; urgency=high
      
        * New upstream release:
          - upstream fix for CVE-2016-9063 to prevent undefined behavior from signed
            integer overflow,
          - fix CVE-2017-9233: external entity infinite loop DoS,
          - fix regression from fix to CVE-2016-0718 cutting off longer tag names,
          - use high quality entropy for hash initialization for part of
            CVE-2016-5300,
          - change hash algorithm to William Ahern's version of SipHash to go
            further with fixing CVE-2012-0876.
      
      expat (2.2.0-2) unstable; urgency=high
      
        * Use fix from Mozilla for CVE-2016-9063: integer overflow during the
          parsing of XML.
        * Replace deprecated -s debhelper switch with the -a one.
      
      expat (2.2.0-1) unstable; urgency=low
      
        * New upstream release, update symbols accordingly.
        * Use upstream manpage for xmlwf.
        * Drop all patches as this release contains those.
      
      expat (2.1.1-3) unstable; urgency=high
      
        * Use upstream fix for the following security vulnerabilities:
          - CVE-2012-6702, unanticipated internal calls to srand
          - CVE-2016-5300, use of too little entropy
      
      expat (2.1.1-2) unstable; urgency=high
      
        * Avoid relying on undefined behavior in CVE-2015-1283 fix.
        * Apply upstream patch to fix the root cause of CVE-2016-0718 and
          CVE-2016-0719 vulnerabilities.
        * Update Standards-Version to 3.9.8 .
      
      expat (2.1.1-1) unstable; urgency=low
      
        * New upstream release.
        * Remove all patches, applied upstream.
        * Update Standards-Version to 3.9.7 .
      
      expat (2.1.0-7) unstable; urgency=high
      
        * Fix CVE-2015-1283, multiple integer overflows in the XML_GetBuffer
          function (closes: #793484).
        * Update Standards-Version to 3.9.6 .
      
      expat (2.1.0-6) unstable; urgency=low
      
        * Really do the Ubuntu sync (closes: #748250).
      
      expat (2.1.0-5) unstable; urgency=low
      
        * Move to Standards-Version 3.9.5 and to debhelper level 9 .
        * Sync with Ubuntu.
      
        [ Matthias Klose <doko@ubuntu.com> ]
        * Use dh-autoreconf (closes: #748250).
        * Enable parallel builds.
      
      expat (2.1.0-4) unstable; urgency=low
      
        * New maintainer (closes: #660681).
        * Update to Standards-Version 3.9.4 , no changes needed.
        * Move to compat level 8 .
      
      expat (2.1.0-3) unstable; urgency=low
      
        * QA upload, set maintainer address to the QA team.
        * Move expat_config.h into the multiarch include location.
        * Make libexpat1-dev Multi-Arch: same.
        * Update config.{guess,sub} for aarch64 (Wookey). Closes: #689619.
        * Don't ship the pkgconfig file in lib64expat1-dev. Closes: #706932.
      
      expat (2.1.0-1) unstable; urgency=low
      
        * QA upload.
        * expat 2.1.0 release.
      
      expat (2.1.0~beta3-2) unstable; urgency=medium
      
        * Fix symbol version for XML_SetHashSalt. Addresses #665362.
      
      expat (2.1.0~beta3-1) unstable; urgency=low
      
        * QA upload.
        * Beta release 2.1.0 beta3. Closes: #663579.
          - CVE-2012-1147 - Resource leak in readfilemap.c.
          - CVE-2012-1148 - Memory leak in poolGrow.
          - CVE-2012-0876 - Hash DOS attack.
          - Remove patches applied upstream.
        * Remove Daniel from uploaders (orphaned package).
        * Update package format to 3.0.
        * Enable hardened build. Closes: #653526.
        * Add a symbols file.
        * Install expat pkgconfig file.
      
      expat (2.0.1-7.2ubuntu1) precise; urgency=low
      
        * CVE-2012-0876: Randomize hashes of xml attributes in the expat library
          to avoid a denial of service due to hash collisions.  Patch by David
          Malcolm with some modifications by the expat project.
      
      expat (2.0.1-7.2) unstable; urgency=low
      
        * Non-maintainer upload.
        * Fix symlink breakage introduced with my last upload.  (Closes: #647340)
      
      expat (2.0.1-7.1) unstable; urgency=low
      
        * Non-maintainer upload.
        * Multi-arch support (patch from Steve Langaseck).  (Closes: #632261)
        * Move libexpat.so.1 to /lib.  (Closes: #637101)
      
      expat (2.0.1-7) unstable; urgency=low
      
        * debian/control (Depends): Fixed debhelper-but-no-misc-depends.
        * debian/patches/560901_CVE_2009_3560.dpatch: Adjusted.
          - lib/xmlparse.c (doProlog): Revised patch for CVE-2009-3560 after
            regressions have been detected (closes: #561658). Many thanks to
            Niko Tyni and Karl Waclawek for their help and the fix.
      
      expat (2.0.1-6) unstable; urgency=medium
      
        * debian/patches/560901_CVE_2009_3560.dpatch: Added.
          - lib/xmlparse.c (doProlog): Fix DoS vulnerability CVE-2009-3560 (closes:
            #560901).
        * debian/patches/00list: Adjusted.
      
      expat (2.0.1-5) unstable; urgency=medium
      
        * debian/control (Standards-Version): Bumped to 3.8.3.
          (Priority, Section): Fixed binary-control-field-duplicates-source.
          (Description): Fixed extended-description-is-probably-too-short and
          duplicate-long-description.
        * debian/rules (CFLAGS): Drop useless '-pthread -D_REENTRANT' from version
          1.95-8-1 (closes: #551079).
        * debian/README.source: Added for policy compliance.
        * debian/patches/551936_CVE_2009_2625.dpatch: Added.
          - lib/xmltok_impl.c (updatePosition): Fix DoS vulnerability CVE-2009-2625
            and CVE-2009-3720 (closes: #551936).
        * debian/patches/00list: Adjusted.
      
      expat (2.0.1-4) unstable; urgency=low
      
        * debian/libexpat1-dev.install: Install the libtool .la files again and drop
          them after Lenny (closes: #485460).
      
      expat (2.0.1-3) unstable; urgency=low
      
        * debian/patches/485129_fix_underquotation_in_m4.dpatch: Added.
          - conftools/expat.m4: Fixed underquotation in AC_DEFUN (closes: #485129).
        * debian/patches/00list: Adjusted.
      
      expat (2.0.1-2) unstable; urgency=low
      
        * debian/rules: Set correct host flags to prevent FTBFS on architectures,
          where we build the lib64expat* packages.
          (build-stamp, install): Fixed a stupid mistake leading to an FTBFS on the
          architectures, where we don't build the lib64expat* packages.
      
      expat (2.0.1-1) unstable; urgency=low
      
        * New upstream release 2.0.1 (closes: #429175).
      
        [ Matthias Klose ]
        * debian/control: Added 64bit libraries.
          (Build-Depends): Added gcc-multilib.
        * debian/lib64expat1-dev.install: Added.
        * debian/lib64expat1.install: Ditto.
        * debian/lib64expat1.shlibs: Ditto.
        * debian/libexpat1.links: Remove the old libexpat.so.0 symlink.
        * debian/libexpat1-udeb.links: Ditto.
        * debian/libexpat1.shlibs: Removed libexpat.so.0.
      
        [ Daniel Leidert ]
        * Removed Debian-written autotools stuff.
        * debian/control: Added Homepage and Vcs* fields. Added conflicts with wink
          package version, relying on the compat symlink.
          (Standards-Version): Increased to 3.7.3.
          (Build-Depends): Added dpatch and docbook-to-man.
          (Uploaders): Added myself.
          (Depends): lib64expat1-dev should depend on libexpat1-dev.
        * debian/copyright: Added missing copyright of the last years.
        * debian/expat.install: Do not copy the upstream manpage (see debian/rules).
        * debian/libexpat1-dev.install: Install the expat.m4 macro file. Do not
          install the libtool .la files.
        * debian/lib64expat1-dev.install: Do not install the libtool .la files
          either.
        * debian/libexpat1-dev.examples: Only install the C sources.
        * debian/libexpat1-udeb.install: Make sure, only libexpat is installed (for
          the moment).
        * debian/libexpat1.shlibs: Adjusted for libexpatw.
        * debian/lib64expat1.shlibs: Ditto.
        * debian/rules: Rewritten to make it shorter (yeah sorry, I removed the
          comments too).
          - Added dpatch stuff.
          - Create the manpage xmlwf.1 on-the-fly (there is doc/xmlwf.1, but it has
            issues and gets patched, so we recreate it).
          - Build and install libexpatw with XML_UNICODE support enabled (closes:
            #277133).
        * debian/patches/82763_xmlwf_error_out_2.dpatch: Added (#82763).
        * debian/patches/302191_install_expat_config_h.dpatch: Added (#302191).
        * debian/patches/342684_libtoolize.dpatch: Added (#342684).
          - Further update configure (closes: #439127).
        * debian/patches/412786_xmlwf_man_standard_fix.dpatch: Added (#412786).
        * debian/patches/00list: Added.
      
      expat (2.0.1-0ubuntu1) hardy; urgency=low
      
        * New upstream version. LP: #133808.
        * Remove the old libexpat.so.0 symlink; this bug predates Ubuntu (was
          fixed in version 1.95.5-1).
        * Drop the extra build files in bcb5/.
      
      expat (1.95.8-4ubuntu1) gutsy; urgency=low
      
        * Build 64bit packages.
      
      expat (1.95.8-4) unstable; urgency=low
      
        * Acknowledged NMUs 1.95.8-3.1 - 1.95.8-3.4
          ( closes: Bug#355937, Bug#354244, Bug#342684)
        * lib/expat.h: removed trailing comma from enum XML_Status
          (closes: Bug#344298)
        * debian/control: removed 'Provides' from libexpat1-udeb stanza
          (closes: Bug#419606)
        * xmlwf/xmlwf.1: removed incorrect statement on well-formedness
          (closes: Bug#412786
        * debian/TODO: updated
        * debian/control: upgraded to Debian Policy 3.7.2 (no changes)
          (thanks Bryan Donlan <bdonlan@fushizen.net> !)
        * debian/rules: replaced $(PWD) by $(CURDIR)
        * debian/control: replaced ${Source-Version} by ${Source-Version}
          (thanks Bryan Donlan <bdonlan@fushizen.net> !)
      
      expat (1.95.8-3.4) unstable; urgency=low
      
        * Porter NMU.
        * Libtool update (closes: bug#342684).
      
      expat (1.95.8-3.3) unstable; urgency=low
      
        * NMU
        * Use fixed watch file from Bart Martens.  closes: #354244.
      
      expat (1.95.8-3.2) unstable; urgency=low
      
        * Non Maintainer Upload
        * Correct mistake in patch for #355937 so that udeb: lines in shlibs file
          actually refer to the udeb package
      
      expat (1.95.8-3.1) unstable; urgency=low
      
        * Non Maintainer Upload (closes: #355937)
        * Add support for udeb dependency resolution in shlibs file
        * Simplify debian/rules by making use of udeb support in debhelper
        * Update debhelper compatibility to level 5
      
      expat (1.95.8-3) unstable; urgency=low
      
        * Makefile.in: added $(srcdir)/expat_config.h to APIHEADER
          (closes: Bug#302191)
        * rebuild against latest libtool for kfreebsd-gnu
          (closes: Bug#295825)
      
      expat (1.95.8-2) unstable; urgency=low
      
        * rebuild against latest libtool for kfreebsd-gnu
      
      expat (1.95.8-1) unstable; urgency=low
      
        * New upstream release
          (closes: Bug#263858)
        * debian/rules: added '-pthread -D_REENTRANT' to 'CFLAGS'
        * Added debian/watch
      
      expat (1.95.6-8) unstable; urgency=low
      
        * debian/control: fixed typo in maintainer's email address
      
      expat (1.95.6-7) unstable; urgency=low
      
        * debian/control: upgraded to Debian Policy 3.6.1 (no changes)
        * debian/control: changed 'Maintainer' to 'Debian XML/SGML Group
          <debian-xml-sgml-pkgs@lists.alioth.debian.org>' and added current
          maintainer as 'Uploader'
      
      expat (1.95.6-6) unstable; urgency=low
      
        * debian/control: changed section of 'libexpat1-dev' from 'devel'
          to 'libdevel' to align with override
        * debian/control: changed priority of 'libexpat1-udeb' from 'optional'
          to 'extra' to aliagn with override
      
      expat (1.95.6-5) unstable; urgency=low
      
        * debian/control: changed build dependency on 'debhelper' to '(>= 4.1)'
        * debian/control: upgraded to Debian Policy 3.6.0 (no changes)
      
      expat (1.95.6-4) unstable; urgency=low
      
        * Added support to generate a 'libexpat1-udeb' package for the upcoming
          gtk frontend for the new debian installer
          (closes: Bug#183830)
        * debian/rules: moved debhelper compatibility level setting to
          'debian/compat' per latest debhelper best practices
      
      expat (1.95.6-3) unstable; urgency=low
      
        * lib/expat.h: moved declaration of 'enum XML_Status' up
          (closes: Bug#179914)
      
      expat (1.95.6-2) unstable; urgency=low
      
        * debian/libexpat1.shlibs: changed to 1.95.6 (oops!)
      
      expat (1.95.6-1) unstable; urgency=low
      
        * New upstream release
          - fixes frequent segfault on nontrivial documents using namespaces
            (closes: Bug#179462)
      
      expat (1.95.5-1) unstable; urgency=low
      
        * New upstream release
          (closes: Bug#164202)
        * debian/control: changed dependency for package 'libexpat1-dev' on the
          C library from 'libc6-dev' to 'libc6-dev | libc-dev'
        * debian/libexpat1.shlibs: added to provide info about libexpat.so.0
          (which is a symlink to libexpat.so.1 due to an NMU mishap, see below)
          (closes: Bug#147751)
      
      expat (1.95.2-10) unstable; urgency=low
      
        * autogen.sh: upgraded to 'automake1.7'
        * debian/rules: removed 'autotools' target as its function is now handled
          by 'autogen.sh'
        * debian/control: removed obsolete build dependency on 'autotools-dev'
        * debian/control: added 'Provides' and 'Conflicts' with 'libexpat-dev'
          for package 'libexpat1-dev'
        * debian/control: upgraded to Debian Policy 3.5.8
      
      expat (1.95.2-9) unstable; urgency=low
      
        * debian/rules: migrated documentation installation handling to debhelper
      
      expat (1.95.2-8) unstable; urgency=low
      
        * debian/rules: migrated to autoconf 2.52 and above
      
      expat (1.95.2-7) unstable; urgency=low
      
        * debian/rules: upgraded to debhelper v4
        * debian/control: changed build dependency on debhelper accordingly
        * debian/rules: migrated from 'dh_movefiles' to 'dh_install'
        * debian/rules: split off 'install' target from 'binary-arch' target
      
      expat (1.95.2-6) unstable; urgency=low
      
        * debian/control: removed unnecessary build dependency on 'autoconf'
      
      expat (1.95.2-5) unstable; urgency=low
      
        * Added man page for 'xmlwf'
          (closes: Bug#39461)
        * Converted to autotools-dev
        * debian/control: added build dependency on 'autotools-dev'
        * debian/control: removed build dependency on 'automake' and 'libtool'
      
      expat (1.95.2-4) unstable; urgency=low
      
        * Removed explicit 'dhelp' support since 'doc-base' now takes care of this
        * debian/control: upgraded to Debian Policy 3.5.6
      
      expat (1.95.2-3) unstable; urgency=high
      
        * Includes NMU 1.95.2-2.1
          (closes: Bug#111957)
        * Added symlink from libexpat.so.0 to libexpat.so.1 to handle the
          problems caused by the library soname change introduced by this NMU
          (closes: Bug#116724, Bug#116727)
      
      expat (1.95.2-2.1) unstable; urgency=low
      
        * NMU.
        * Added call to aclocal before call to autoconf in Makefile.in.
          Closes: #111957.
        * Ran 'libtoolize --force --copy' to update libtool info.  This
          works around problem with libtool version skew during build.
          Should this be done in Makefile.in?
      
      expat (1.95.2-2) unstable; urgency=low
      
        * debian/control: added build dependency on 'libtool'
          (closes: Bug#111693)
      
      expat (1.95.2-1) unstable; urgency=low
      
        * New upstream release
        * debian/copyright: updated
      
      expat (1.95.1-6) unstable; urgency=low
      
        * debian/rules: fixed doc directory handling
          (closes: Bug#104460)
        * debian/control: upgraded to Debian Policy 3.5.5
        * xmlwf/xmlwf.c: changed to return error code 2 upon the first
          processing error
          (closes: Bug#82763)
      
      expat (1.95.1-5) unstable; urgency=low
      
        * conftools/config.*: updated to latest version
          (closes: Bug#94772)
      
      expat (1.95.1-4) unstable; urgency=low
      
        * debian/control: added build dependency on 'autoconf' and 'automake'
          (closes: Bug#95296)
      
      expat (1.95.1-3) unstable; urgency=low
      
        * debian/control: updated debhelper dependency to remove 'dh_testversion'
        * debian/control: upgraded to Debian Policy 3.5.2
      
      expat (1.95.1-2) unstable; urgency=low
      
        * debian/control: fixed section override disparity
      
      expat (1.95.1-1) unstable; urgency=low
      
        * New upstream release
          (closes: Bug#74383, Bug#81866)
        * Added doc-base and dhelp support
      
      expat (1.1-3) unstable; urgency=low
      
        * New maintainer
      
      expat (1.1-2) unstable; urgency=low
      
        * debian/rules: more debhelperification and use more FHS stuff
        * debian/control: standards bumped to 3.2.1 (closes: Bug#70336)
      
      expat (1.1-1) unstable; urgency=low
      
        * new upstream version
        * debian/rules: aesthetic cleanups, use a bit more debhelper stuff to
          reduce complexity
      
      expat (1.0.2-1) unstable; urgency=low
      
        * new upstream version
        * maintainer name change
        * standards-version: bumped to 2.5.0 (no changes required)
      
      expat (1.0-2) unstable; urgency=low
      
        * debian/rules: fix symlink for docdir of libxmltok1-dev
      
      expat (1.0-1) unstable; urgency=low
      
        * Initial release.
        * Makefile: added MPL notice as required by license, modifications to
          enable building of xmltok and xmlparse as shared and static
          libraries.
        * xmltok/Makefile: created to enable building libxmltok.a and
          libxmltok.so
        * xmlparse/Makefile: created to enable building libxmlparse.a and and
          libxmlparse.so
        * debian/*: Debian-specific files
      0849e068
  12. 17 Aug, 2019 1 commit
  13. 24 Jun, 2019 1 commit
  14. 31 May, 2019 2 commits
  15. 15 Aug, 2018 1 commit
    • Laszlo Boszormenyi (GCS)'s avatar
      Import Debian changes 2.2.6-1 · 8748db63
      Laszlo Boszormenyi (GCS) authored
      expat (2.2.6-1) unstable; urgency=medium
      
        * New upstream release.
        * Disable Vcs-* fields for now.
        * Update Standards-Version to 4.1.5 .
      
      expat (2.2.5-3) unstable; urgency=medium
      
        * Don't install irrelevant README.md (closes: #884818).
      
      expat (2.2.5-2) unstable; urgency=medium
      
        * Upload to Sid.
        * Install AUTHORS file.
        * Update project homepage.
        * Migrate d/copyright to format 1.0 .
        * Update debhelper level to 11 .
      
      expat (2.2.5-1) experimental; urgency=medium
      
        * New upstream release (closes: #883708).
        * Use the main source for packaging (closes: #874177).
        * Drop outdated multilib packages (closes: #775942, #779459).
        * Add docbook2x build dependency.
        * Update libexpat1 symbols.
        * Update Standards-Version to 4.1.2 .
      
      expat (2.2.3-2) unstable; urgency=medium
      
        * Do not install .la files (closes: #880110).
        * Don't expose libbsd-dev dependency on libexpat1-dev .
        * Update Standards-Version to 4.1.1:
          - change libexpat1-udeb priority to optional.
      
      expat (2.2.3-1) unstable; urgency=medium
      
        * New upstream release.
        * Remove dh-autoreconf build dependency.
      
      expat (2.2.2-2) unstable; urgency=medium
      
        * Build with libbsd on Hurd as well.
      
      expat (2.2.2-1) unstable; urgency=high
      
        * New upstream release:
          - fix non-NULL parser parameter validation in XML_Parse; resulted in
            NULL dereference.
      
      expat (2.2.1-3) unstable; urgency=medium
      
        * Add libbsd-dev dependency to libexpat1-dev on kFreeBSD architectures
          (closes: #867252).
      
      expat (2.2.1-2) unstable; urgency=medium
      
        * Fix mis-detection of getrandom() on kFreeBSD.
        * Utilize libbsd for arc4random_buf() on kFreeBSD.
      
      expat (2.2.1-1) unstable; urgency=high
      
        * New upstream release:
          - upstream fix for CVE-2016-9063 to prevent undefined behavior from signed
            integer overflow,
          - fix CVE-2017-9233: external entity infinite loop DoS,
          - fix regression from fix to CVE-2016-0718 cutting off longer tag names,
          - use high quality entropy for hash initialization for part of
            CVE-2016-5300,
          - change hash algorithm to William Ahern's version of SipHash to go
            further with fixing CVE-2012-0876.
      
      expat (2.2.0-2) unstable; urgency=high
      
        * Use fix from Mozilla for CVE-2016-9063: integer overflow during the
          parsing of XML.
        * Replace deprecated -s debhelper switch with the -a one.
      
      expat (2.2.0-1) unstable; urgency=low
      
        * New upstream release, update symbols accordingly.
        * Use upstream manpage for xmlwf.
        * Drop all patches as this release contains those.
      
      expat (2.1.1-3) unstable; urgency=high
      
        * Use upstream fix for the following security vulnerabilities:
          - CVE-2012-6702, unanticipated internal calls to srand
          - CVE-2016-5300, use of too little entropy
      
      expat (2.1.1-2) unstable; urgency=high
      
        * Avoid relying on undefined behavior in CVE-2015-1283 fix.
        * Apply upstream patch to fix the root cause of CVE-2016-0718 and
          CVE-2016-0719 vulnerabilities.
        * Update Standards-Version to 3.9.8 .
      
      expat (2.1.1-1) unstable; urgency=low
      
        * New upstream release.
        * Remove all patches, applied upstream.
        * Update Standards-Version to 3.9.7 .
      
      expat (2.1.0-7) unstable; urgency=high
      
        * Fix CVE-2015-1283, multiple integer overflows in the XML_GetBuffer
          function (closes: #793484).
        * Update Standards-Version to 3.9.6 .
      
      expat (2.1.0-6) unstable; urgency=low
      
        * Really do the Ubuntu sync (closes: #748250).
      
      expat (2.1.0-5) unstable; urgency=low
      
        * Move to Standards-Version 3.9.5 and to debhelper level 9 .
        * Sync with Ubuntu.
      
        [ Matthias Klose <doko@ubuntu.com> ]
        * Use dh-autoreconf (closes: #748250).
        * Enable parallel builds.
      
      expat (2.1.0-4) unstable; urgency=low
      
        * New maintainer (closes: #660681).
        * Update to Standards-Version 3.9.4 , no changes needed.
        * Move to compat level 8 .
      
      expat (2.1.0-3) unstable; urgency=low
      
        * QA upload, set maintainer address to the QA team.
        * Move expat_config.h into the multiarch include location.
        * Make libexpat1-dev Multi-Arch: same.
        * Update config.{guess,sub} for aarch64 (Wookey). Closes: #689619.
        * Don't ship the pkgconfig file in lib64expat1-dev. Closes: #706932.
      
      expat (2.1.0-1) unstable; urgency=low
      
        * QA upload.
        * expat 2.1.0 release.
      
      expat (2.1.0~beta3-2) unstable; urgency=medium
      
        * Fix symbol version for XML_SetHashSalt. Addresses #665362.
      
      expat (2.1.0~beta3-1) unstable; urgency=low
      
        * QA upload.
        * Beta release 2.1.0 beta3. Closes: #663579.
          - CVE-2012-1147 - Resource leak in readfilemap.c.
          - CVE-2012-1148 - Memory leak in poolGrow.
          - CVE-2012-0876 - Hash DOS attack.
          - Remove patches applied upstream.
        * Remove Daniel from uploaders (orphaned package).
        * Update package format to 3.0.
        * Enable hardened build. Closes: #653526.
        * Add a symbols file.
        * Install expat pkgconfig file.
      
      expat (2.0.1-7.2ubuntu1) precise; urgency=low
      
        * CVE-2012-0876: Randomize hashes of xml attributes in the expat library
          to avoid a denial of service due to hash collisions.  Patch by David
          Malcolm with some modifications by the expat project.
      
      expat (2.0.1-7.2) unstable; urgency=low
      
        * Non-maintainer upload.
        * Fix symlink breakage introduced with my last upload.  (Closes: #647340)
      
      expat (2.0.1-7.1) unstable; urgency=low
      
        * Non-maintainer upload.
        * Multi-arch support (patch from Steve Langaseck).  (Closes: #632261)
        * Move libexpat.so.1 to /lib.  (Closes: #637101)
      
      expat (2.0.1-7) unstable; urgency=low
      
        * debian/control (Depends): Fixed debhelper-but-no-misc-depends.
        * debian/patches/560901_CVE_2009_3560.dpatch: Adjusted.
          - lib/xmlparse.c (doProlog): Revised patch for CVE-2009-3560 after
            regressions have been detected (closes: #561658). Many thanks to
            Niko Tyni and Karl Waclawek for their help and the fix.
      
      expat (2.0.1-6) unstable; urgency=medium
      
        * debian/patches/560901_CVE_2009_3560.dpatch: Added.
          - lib/xmlparse.c (doProlog): Fix DoS vulnerability CVE-2009-3560 (closes:
            #560901).
        * debian/patches/00list: Adjusted.
      
      expat (2.0.1-5) unstable; urgency=medium
      
        * debian/control (Standards-Version): Bumped to 3.8.3.
          (Priority, Section): Fixed binary-control-field-duplicates-source.
          (Description): Fixed extended-description-is-probably-too-short and
          duplicate-long-description.
        * debian/rules (CFLAGS): Drop useless '-pthread -D_REENTRANT' from version
          1.95-8-1 (closes: #551079).
        * debian/README.source: Added for policy compliance.
        * debian/patches/551936_CVE_2009_2625.dpatch: Added.
          - lib/xmltok_impl.c (updatePosition): Fix DoS vulnerability CVE-2009-2625
            and CVE-2009-3720 (closes: #551936).
        * debian/patches/00list: Adjusted.
      
      expat (2.0.1-4) unstable; urgency=low
      
        * debian/libexpat1-dev.install: Install the libtool .la files again and drop
          them after Lenny (closes: #485460).
      
      expat (2.0.1-3) unstable; urgency=low
      
        * debian/patches/485129_fix_underquotation_in_m4.dpatch: Added.
          - conftools/expat.m4: Fixed underquotation in AC_DEFUN (closes: #485129).
        * debian/patches/00list: Adjusted.
      
      expat (2.0.1-2) unstable; urgency=low
      
        * debian/rules: Set correct host flags to prevent FTBFS on architectures,
          where we build the lib64expat* packages.
          (build-stamp, install): Fixed a stupid mistake leading to an FTBFS on the
          architectures, where we don't build the lib64expat* packages.
      
      expat (2.0.1-1) unstable; urgency=low
      
        * New upstream release 2.0.1 (closes: #429175).
      
        [ Matthias Klose ]
        * debian/control: Added 64bit libraries.
          (Build-Depends): Added gcc-multilib.
        * debian/lib64expat1-dev.install: Added.
        * debian/lib64expat1.install: Ditto.
        * debian/lib64expat1.shlibs: Ditto.
        * debian/libexpat1.links: Remove the old libexpat.so.0 symlink.
        * debian/libexpat1-udeb.links: Ditto.
        * debian/libexpat1.shlibs: Removed libexpat.so.0.
      
        [ Daniel Leidert ]
        * Removed Debian-written autotools stuff.
        * debian/control: Added Homepage and Vcs* fields. Added conflicts with wink
          package version, relying on the compat symlink.
          (Standards-Version): Increased to 3.7.3.
          (Build-Depends): Added dpatch and docbook-to-man.
          (Uploaders): Added myself.
          (Depends): lib64expat1-dev should depend on libexpat1-dev.
        * debian/copyright: Added missing copyright of the last years.
        * debian/expat.install: Do not copy the upstream manpage (see debian/rules).
        * debian/libexpat1-dev.install: Install the expat.m4 macro file. Do not
          install the libtool .la files.
        * debian/lib64expat1-dev.install: Do not install the libtool .la files
          either.
        * debian/libexpat1-dev.examples: Only install the C sources.
        * debian/libexpat1-udeb.install: Make sure, only libexpat is installed (for
          the moment).
        * debian/libexpat1.shlibs: Adjusted for libexpatw.
        * debian/lib64expat1.shlibs: Ditto.
        * debian/rules: Rewritten to make it shorter (yeah sorry, I removed the
          comments too).
          - Added dpatch stuff.
          - Create the manpage xmlwf.1 on-the-fly (there is doc/xmlwf.1, but it has
            issues and gets patched, so we recreate it).
          - Build and install libexpatw with XML_UNICODE support enabled (closes:
            #277133).
        * debian/patches/82763_xmlwf_error_out_2.dpatch: Added (#82763).
        * debian/patches/302191_install_expat_config_h.dpatch: Added (#302191).
        * debian/patches/342684_libtoolize.dpatch: Added (#342684).
          - Further update configure (closes: #439127).
        * debian/patches/412786_xmlwf_man_standard_fix.dpatch: Added (#412786).
        * debian/patches/00list: Added.
      
      expat (2.0.1-0ubuntu1) hardy; urgency=low
      
        * New upstream version. LP: #133808.
        * Remove the old libexpat.so.0 symlink; this bug predates Ubuntu (was
          fixed in version 1.95.5-1).
        * Drop the extra build files in bcb5/.
      
      expat (1.95.8-4ubuntu1) gutsy; urgency=low
      
        * Build 64bit packages.
      
      expat (1.95.8-4) unstable; urgency=low
      
        * Acknowledged NMUs 1.95.8-3.1 - 1.95.8-3.4
          ( closes: Bug#355937, Bug#354244, Bug#342684)
        * lib/expat.h: removed trailing comma from enum XML_Status
          (closes: Bug#344298)
        * debian/control: removed 'Provides' from libexpat1-udeb stanza
          (closes: Bug#419606)
        * xmlwf/xmlwf.1: removed incorrect statement on well-formedness
          (closes: Bug#412786
        * debian/TODO: updated
        * debian/control: upgraded to Debian Policy 3.7.2 (no changes)
          (thanks Bryan Donlan <bdonlan@fushizen.net> !)
        * debian/rules: replaced $(PWD) by $(CURDIR)
        * debian/control: replaced ${Source-Version} by ${Source-Version}
          (thanks Bryan Donlan <bdonlan@fushizen.net> !)
      
      expat (1.95.8-3.4) unstable; urgency=low
      
        * Porter NMU.
        * Libtool update (closes: bug#342684).
      
      expat (1.95.8-3.3) unstable; urgency=low
      
        * NMU
        * Use fixed watch file from Bart Martens.  closes: #354244.
      
      expat (1.95.8-3.2) unstable; urgency=low
      
        * Non Maintainer Upload
        * Correct mistake in patch for #355937 so that udeb: lines in shlibs file
          actually refer to the udeb package
      
      expat (1.95.8-3.1) unstable; urgency=low
      
        * Non Maintainer Upload (closes: #355937)
        * Add support for udeb dependency resolution in shlibs file
        * Simplify debian/rules by making use of udeb support in debhelper
        * Update debhelper compatibility to level 5
      
      expat (1.95.8-3) unstable; urgency=low
      
        * Makefile.in: added $(srcdir)/expat_config.h to APIHEADER
          (closes: Bug#302191)
        * rebuild against latest libtool for kfreebsd-gnu
          (closes: Bug#295825)
      
      expat (1.95.8-2) unstable; urgency=low
      
        * rebuild against latest libtool for kfreebsd-gnu
      
      expat (1.95.8-1) unstable; urgency=low
      
        * New upstream release
          (closes: Bug#263858)
        * debian/rules: added '-pthread -D_REENTRANT' to 'CFLAGS'
        * Added debian/watch
      
      expat (1.95.6-8) unstable; urgency=low
      
        * debian/control: fixed typo in maintainer's email address
      
      expat (1.95.6-7) unstable; urgency=low
      
        * debian/control: upgraded to Debian Policy 3.6.1 (no changes)
        * debian/control: changed 'Maintainer' to 'Debian XML/SGML Group
          <debian-xml-sgml-pkgs@lists.alioth.debian.org>' and added current
          maintainer as 'Uploader'
      
      expat (1.95.6-6) unstable; urgency=low
      
        * debian/control: changed section of 'libexpat1-dev' from 'devel'
          to 'libdevel' to align with override
        * debian/control: changed priority of 'libexpat1-udeb' from 'optional'
          to 'extra' to aliagn with override
      
      expat (1.95.6-5) unstable; urgency=low
      
        * debian/control: changed build dependency on 'debhelper' to '(>= 4.1)'
        * debian/control: upgraded to Debian Policy 3.6.0 (no changes)
      
      expat (1.95.6-4) unstable; urgency=low
      
        * Added support to generate a 'libexpat1-udeb' package for the upcoming
          gtk frontend for the new debian installer
          (closes: Bug#183830)
        * debian/rules: moved debhelper compatibility level setting to
          'debian/compat' per latest debhelper best practices
      
      expat (1.95.6-3) unstable; urgency=low
      
        * lib/expat.h: moved declaration of 'enum XML_Status' up
          (closes: Bug#179914)
      
      expat (1.95.6-2) unstable; urgency=low
      
        * debian/libexpat1.shlibs: changed to 1.95.6 (oops!)
      
      expat (1.95.6-1) unstable; urgency=low
      
        * New upstream release
          - fixes frequent segfault on nontrivial documents using namespaces
            (closes: Bug#179462)
      
      expat (1.95.5-1) unstable; urgency=low
      
        * New upstream release
          (closes: Bug#164202)
        * debian/control: changed dependency for package 'libexpat1-dev' on the
          C library from 'libc6-dev' to 'libc6-dev | libc-dev'
        * debian/libexpat1.shlibs: added to provide info about libexpat.so.0
          (which is a symlink to libexpat.so.1 due to an NMU mishap, see below)
          (closes: Bug#147751)
      
      expat (1.95.2-10) unstable; urgency=low
      
        * autogen.sh: upgraded to 'automake1.7'
        * debian/rules: removed 'autotools' target as its function is now handled
          by 'autogen.sh'
        * debian/control: removed obsolete build dependency on 'autotools-dev'
        * debian/control: added 'Provides' and 'Conflicts' with 'libexpat-dev'
          for package 'libexpat1-dev'
        * debian/control: upgraded to Debian Policy 3.5.8
      
      expat (1.95.2-9) unstable; urgency=low
      
        * debian/rules: migrated documentation installation handling to debhelper
      
      expat (1.95.2-8) unstable; urgency=low
      
        * debian/rules: migrated to autoconf 2.52 and above
      
      expat (1.95.2-7) unstable; urgency=low
      
        * debian/rules: upgraded to debhelper v4
        * debian/control: changed build dependency on debhelper accordingly
        * debian/rules: migrated from 'dh_movefiles' to 'dh_install'
        * debian/rules: split off 'install' target from 'binary-arch' target
      
      expat (1.95.2-6) unstable; urgency=low
      
        * debian/control: removed unnecessary build dependency on 'autoconf'
      
      expat (1.95.2-5) unstable; urgency=low
      
        * Added man page for 'xmlwf'
          (closes: Bug#39461)
        * Converted to autotools-dev
        * debian/control: added build dependency on 'autotools-dev'
        * debian/control: removed build dependency on 'automake' and 'libtool'
      
      expat (1.95.2-4) unstable; urgency=low
      
        * Removed explicit 'dhelp' support since 'doc-base' now takes care of this
        * debian/control: upgraded to Debian Policy 3.5.6
      
      expat (1.95.2-3) unstable; urgency=high
      
        * Includes NMU 1.95.2-2.1
          (closes: Bug#111957)
        * Added symlink from libexpat.so.0 to libexpat.so.1 to handle the
          problems caused by the library soname change introduced by this NMU
          (closes: Bug#116724, Bug#116727)
      
      expat (1.95.2-2.1) unstable; urgency=low
      
        * NMU.
        * Added call to aclocal before call to autoconf in Makefile.in.
          Closes: #111957.
        * Ran 'libtoolize --force --copy' to update libtool info.  This
          works around problem with libtool version skew during build.
          Should this be done in Makefile.in?
      
      expat (1.95.2-2) unstable; urgency=low
      
        * debian/control: added build dependency on 'libtool'
          (closes: Bug#111693)
      
      expat (1.95.2-1) unstable; urgency=low
      
        * New upstream release
        * debian/copyright: updated
      
      expat (1.95.1-6) unstable; urgency=low
      
        * debian/rules: fixed doc directory handling
          (closes: Bug#104460)
        * debian/control: upgraded to Debian Policy 3.5.5
        * xmlwf/xmlwf.c: changed to return error code 2 upon the first
          processing error
          (closes: Bug#82763)
      
      expat (1.95.1-5) unstable; urgency=low
      
        * conftools/config.*: updated to latest version
          (closes: Bug#94772)
      
      expat (1.95.1-4) unstable; urgency=low
      
        * debian/control: added build dependency on 'autoconf' and 'automake'
          (closes: Bug#95296)
      
      expat (1.95.1-3) unstable; urgency=low
      
        * debian/control: updated debhelper dependency to remove 'dh_testversion'
        * debian/control: upgraded to Debian Policy 3.5.2
      
      expat (1.95.1-2) unstable; urgency=low
      
        * debian/control: fixed section override disparity
      
      expat (1.95.1-1) unstable; urgency=low
      
        * New upstream release
          (closes: Bug#74383, Bug#81866)
        * Added doc-base and dhelp support
      
      expat (1.1-3) unstable; urgency=low
      
        * New maintainer
      
      expat (1.1-2) unstable; urgency=low
      
        * debian/rules: more debhelperification and use more FHS stuff
        * debian/control: standards bumped to 3.2.1 (closes: Bug#70336)
      
      expat (1.1-1) unstable; urgency=low
      
        * new upstream version
        * debian/rules: aesthetic cleanups, use a bit more debhelper stuff to
          reduce complexity
      
      expat (1.0.2-1) unstable; urgency=low
      
        * new upstream version
        * maintainer name change
        * standards-version: bumped to 2.5.0 (no changes required)
      
      expat (1.0-2) unstable; urgency=low
      
        * debian/rules: fix symlink for docdir of libxmltok1-dev
      
      expat (1.0-1) unstable; urgency=low
      
        * Initial release.
        * Makefile: added MPL notice as required by license, modifications to
          enable building of xmltok and xmlparse as shared and static
          libraries.
        * xmltok/Makefile: created to enable building libxmltok.a and
          libxmltok.so
        * xmlparse/Makefile: created to enable building libxmlparse.a and and
          libxmlparse.so
        * debian/*: Debian-specific files
      8748db63