From e355bfb57253ef00b37eb50fd6aa6bb8e287a46a Mon Sep 17 00:00:00 2001 From: Kornel Date: Sun, 31 Mar 2024 00:07:37 +0000 Subject: [PATCH] xz note --- README.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index dfa4414..b571bf7 100644 --- a/README.md +++ b/README.md @@ -2,8 +2,10 @@ This is a [Cargo](https://doc.rust-lang.org/cargo/) helper command which automatically creates binary [Debian packages](https://www.debian.org/doc/debian-policy/ch-binary.html) (`.deb`) from Cargo projects. -> **Note** -> Since v2.0.0 the deb package version will have a "-1" suffix. You can disable this by adding `--deb-revision=""` flag or `revision = ""` in Cargo metadata. The default suffix is for compliance with Debian's packaging standard. + +> [!NOTE] +> cargo-deb uses the [xz2](https://lib.rs/crates/xz2) crate that bundles an old safe version of liblzma 5.2 by the original maintainer, and a simple Cargo-based build script. +> It is **unaffected** by the CVE-2024-3094. ## Installation @@ -30,6 +32,9 @@ Debug symbols are stripped from the main binary by default, unless `[profile.rel ## Configuration +> [!IMPORTANT] +> Since v2.0.0 the deb package version will have a "-1" suffix. You can disable this by adding `--deb-revision=""` flag or `revision = ""` in Cargo metadata. The default suffix is for compliance with Debian's packaging standard. + No configuration is necessary to make a basic package from a Cargo project with a binary. This command obtains basic information it needs from [the `Cargo.toml` file](https://doc.rust-lang.org/cargo/reference/manifest.html). It uses Cargo fields: `name`, `version`, `license`, `license-file`, `description`, `readme`, `homepage`, and `repository`. For a more complete Debian package, you may also define a new table, `[package.metadata.deb]` that contains `maintainer`, `copyright`, `license-file`, `changelog`, `depends`, `conflicts`, `breaks`, `replaces`, `provides`, `extended-description`/`extended-description-file`, `section`, `priority`, and `assets`.