lua5.4 (5.4.7-1) unstable; urgency=medium

  * New upstream release.
  * Bump the standards version to 4.7.0.

 -- Sergei Golovan <sgolovan@debian.org>  Thu, 28 Nov 2024 12:14:18 +0300

lua5.4 (5.4.6-3) unstable; urgency=high

  [ P. J. McDermott ]
  * Fix completely broken C++ library missing all "lua*" function symbols.
    0003-extern_C.patch was removed in 5.4.6-1 per request in #1032533,
    replacing all the C symbols with C++ mangled names, but the export map
    debian/version-script listed only C symbols. (closes: #1063707)
    - Extend DEP-8 test to check C++ library.
  * Update liblua5.4-dev Recommends from pkg-config to pkgconf.
    (Fixes lintian error tag depends-on-obsolete-package)
  * Add Rules-Requires-Root: no.
    (Fixes lintian pedantic tag silent-on-rules-requiring-root)
  * Move "-e" from "#!" line to "set" command in lua5.4 prerm script.
    (Fixes lintian pedantic tag maintainer-script-without-set-e)
  * Add debian/salsa-ci.yml.

 -- Debian Lua Team <pkg-lua-devel@lists.alioth.debian.org>  Sun, 11 Feb 2024 07:29:32 -0500

lua5.4 (5.4.6-2) unstable; urgency=medium

  * Team upload

  [ Lena Voytek ]
  * Make some packaging improvements (closes: #1056991)
    - Add DEP-8 tests for basic functionality
      + d/t/interpreter: Test lua interpreter
      + d/t/liblua: Test lua C api
    - d/p/0001-build-system.patch: Use default test environment:
      Instead of overriding testing with libtool which now fails with -dlopen
      argument, the original ./$(LUA_T) -v is used as it is works correctly
      with 5.4.6
    - d/configure.ac: Remove AC_PROG_LIBTOOL entry:
      AC_PROG_LIBTOOL is a deprecated macro for initializing libtool. LT_INIT
      already covers this functionality so no other action is required.
    - d/liblua5.4-0.symbols: Add symbols file for lua 5.4 libraries

  [ Gianfranco Costamagna ]
  * d/version-script: Export additional missing symbols (closes: #1034800)
  * Update watch file to version 4
  * Fix some copyright typos
  * Drop trailing spaces and newlines
  * Add R^3: no
  * Use https for copyright machine readable file
  * Explicit set -e on prerm and postinst files to please lintian
  * Drop priority field on dbg to please lintian
  * Drop unused patch to please lintian
  * Drop dbg package to please lintian (closes: #1050990)
  * Drop quilt and auto* dependencies, already satisfied by newer debhelper
    and compat level 13

 -- Lena Voytek <lena.voytek@canonical.com>  Mon, 27 Nov 2023 08:23:09 -0700

lua5.4 (5.4.6-1) unstable; urgency=medium

  * New upstream release (closes: #1041902).
  * Remove no longer necessary patches which fixed CVE-2022-28805 and
    CVE-2022-33099 in version 5.4.4.
  * Refresh patches.
  * Fix building the package twice (closes: #1046480).
  * Bump the debhelper compatibility level to 13.
  * Bump the standards version to 4.6.2.

 -- Sergei Golovan <sgolovan@debian.org>  Wed, 14 Jun 2023 15:52:06 +0300

lua5.4 (5.4.4-3) unstable; urgency=medium

  * Add a patch from upstream which fixes CVE-2022-33099, double free
    in a situation when error occurs while handling an error
    (closes: #1014935).

 -- Sergei Golovan <sgolovan@debian.org>  Sun, 17 Jul 2022 14:56:01 +0300

lua5.4 (5.4.4-2) unstable; urgency=medium

  * Add a patch from upstream which fixes CVE-2022-28805, segmentation fault
    due to a heap overflow when parsing ENV with <const> (closes: #1010265).

 -- Sergei Golovan <sgolovan@debian.org>  Sat, 30 Apr 2022 07:38:29 +0300

lua5.4 (5.4.4-1) unstable; urgency=medium

  * New upstream release. This release fixes the following security bugs:
    - CVE-2021-43519, stack overflow in lua_resume of ldo.c in Lua
      Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of
      Service via a crafted script file (closes: #1000228).
    - CVE-2021-44647, Lua 5.4.4 and 5.4.2 are affected by SEGV by type
      confusion in funcnamefromcode function in ldebug.c which can cause
      a local denial of service (closes: #1004189).

 -- Sergei Golovan <sgolovan@debian.org>  Mon, 07 Feb 2022 10:34:34 +0300

lua5.4 (5.4.3-1) unstable; urgency=medium

  * New upstream release.
  * Refresh patches.

 -- Sergei Golovan <sgolovan@debian.org>  Tue, 17 Aug 2021 10:50:26 +0300

lua5.4 (5.4.2-2) unstable; urgency=medium

  * Enable readline support (thanks to Widianto Nur F).

 -- Sergei Golovan <sgolovan@debian.org>  Tue, 12 Jan 2021 23:02:10 +0300

lua5.4 (5.4.2-1) unstable; urgency=medium

  * New upstream release.
  * Refresh patches.

 -- Sergei Golovan <sgolovan@debian.org>  Sun, 06 Dec 2020 14:05:10 +0300

lua5.4 (5.4.1-1) unstable; urgency=medium

  * New upstream release. This release fixes the following security bugs:
    - CVE-2020-15888, mishandling the interaction between stack resizes
      and garbage collection (closes: #972101)
    - CVE-2020-24342 allowing a stack redzone cross (closes: #971012)
    - CVE-2020-24369 attempting to access debug information via the line
      hook of a stripped function (closes: #971013)
    - CVE-2020-24370 allowing a negation overflow and segmentation fault
      in getlocal and setlocal (closes: #971613)
    - CVE-2020-24371 active barriers during sweep phase (closes: #971010)
  * Remove no longer necessary patches.

 -- Sergei Golovan <sgolovan@debian.org>  Sat, 21 Nov 2020 17:58:27 +0300

lua5.4 (5.4.0-2) unstable; urgency=medium

  * Add patches by upstream, which fix a few freshly introduced bugs.

 -- Sergei Golovan <sgolovan@debian.org>  Sat, 18 Jul 2020 18:10:14 +0300

lua5.4 (5.4.0-1) unstable; urgency=medium

  * The first upstream release.

 -- Sergei Golovan <sgolovan@debian.org>  Tue, 30 Jun 2020 16:51:40 +0300

lua5.4 (5.4.0~rc5-1) experimental; urgency=medium

  * New upstream release candidate.

 -- Sergei Golovan <sgolovan@debian.org>  Wed, 17 Jun 2020 12:49:10 +0300

lua5.4 (5.4.0~rc4-1) experimental; urgency=medium

  * New upstream release candidate.

 -- Sergei Golovan <sgolovan@debian.org>  Tue, 02 Jun 2020 23:46:53 +0300

lua5.4 (5.4.0~rc3-1) experimental; urgency=medium

  * New upstream release candidate.

 -- Sergei Golovan <sgolovan@debian.org>  Wed, 20 May 2020 10:12:52 +0300

lua5.4 (5.4.0~rc2-1) experimental; urgency=medium

  * New upstream release candidate.
  * Refresh patches.
  * Bump the standards version to 4.5.0.
  * Bump the debhelper compatibility level to 12.

 -- Sergei Golovan <sgolovan@debian.org>  Wed, 06 May 2020 10:33:50 +0300

lua5.4 (5.4.0~beta-1) experimental; urgency=medium

  * New upstream preliminary release.
  * Refresh patches.

 -- Sergei Golovan <sgolovan@debian.org>  Tue, 29 Oct 2019 10:23:48 +0300

lua5.4 (5.4.0~alpha-2) experimental; urgency=medium

  * Fix symbols in the linker version script.
  * Adapt a patch for lua5.3 by Helmut Grohne to fix FTCBFS. The patch
    libtoolizes during build to avoid a dependency on libtool-bin, and
    uses triplet-prefixed build tools (closes: #941649).
  * Fix the Lua version release number in pkgconfig scripts.
  * Add an alternatives for the lua.pc and lua-c++.pc pkgconfig scripts.

 -- Sergei Golovan <sgolovan@debian.org>  Sun, 13 Oct 2019 10:33:54 +0300

lua5.4 (5.4.0~alpha-1) experimental; urgency=medium

  * Initial release (closes: #932316).

 -- Sergei Golovan <sgolovan@debian.org>  Wed, 17 Jul 2019 18:28:48 +0300