-
dpkg (1.19.0.5ubuntu2.4) bionic-security; urgency=medium
* SECURITY UPDATE: Directory traversal issue in dpkg-source
- scripts/Dpkg/Source/Archive.pm, scripts/t/Dpkg_Source_Archive.t:
Prevent directory traversal for in-place extracts.
- CVE-2022-1664
-- Marc Deslauriers <email address hidden> Wed, 25 May 2022 07:14:56 -0400
-
dpkg (1.19.0.5ubuntu2.3) bionic; urgency=medium
* d/rules: always run dh_autoreconf (LP: #1842947)
-- Dan Streetman <email address hidden> Thu, 05 Sep 2019 17:05:14 -0400
-
dpkg (1.19.0.5ubuntu2.2) bionic; urgency=medium
* Cherry-pick upstream fixes for trigger loops (LP: #1828639)
- dpkg: Negate tortoise_not_in_hare() function name and return value
- dpkg: Initialize trigcyclenode's next member once
- dpkg: Factor trigproc_new_cyclenode() out from check_trigger_cycle()
- dpkg: Mark the package we are giving up on a trigger cycle as istobe normal
- dpkg: Switch dependtry from an int to an enum
- dpkg: Reset progress_bytrigproc once we have injected into the current iteration
- dpkg: Split trigger processing types into required, try-queued and try-deferred
- dpkg: Convert one trigger processing required type into the new try-queued
- dpkg: Move trigproc cycle reset inside try-deferred conditional
- dpkg: Introduce a new dependency try level for trigger processing
- dpkg: Introduce a new dependency try level for trigger cycle checks
-- Julian Andres Klode <email address hidden> Tue, 16 Jul 2019 14:57:11 +0200
-
dpkg (1.19.0.5ubuntu2.1) bionic; urgency=medium
* Apply patch from upstream to add frontend locking (LP: #1796081):
- Add support for frontend locking. This makes it possible for frontends
using this new protocol, to safely lock the dpkg database w/o risk of
race conditions with other dpkg instances or frontends supporting the
same protocol.
-- Julian Andres Klode <email address hidden> Thu, 04 Oct 2018 14:21:49 +0200
-
dpkg (1.19.0.5ubuntu2) bionic; urgency=medium
* Add Zstandard compression and decompression support for binary packages
(LP: #1764220)
-- Balint Reczey <email address hidden> Mon, 16 Apr 2018 04:25:21 +0200
-
dpkg (1.19.0.5ubuntu1) bionic; urgency=medium
* Merge from current Debian testing; remaining Ubuntu changes:
- Change native source version/format mismatch errors into warnings
until the dust settles on Debian bug 737634 about override options.
- Add DPKG_UNTRANSLATED_MESSAGES environment check so that higher-level
tools can get untranslated dpkg terminal log messages while at the
same time having translated debconf prompts.
- Special-case arm{el,hf} ELF objects in Shlibs/Objdump.pm for multilib.
- Map unqualified package names of multiarch-same packages to the native
arch instead of throwing an error, so that we don't break on upgrade
when there are unqualified names stored in the dpkg trigger database.
- Apply a workaround from mvo to consider ^rc packages as multiarch,
during the dpkg consistency checks. (see LP: 1015567 and 1057367).
- dpkg-gencontrol: Fix Package-Type override handling for ddeb support.
dpkg (1.19.0.5) unstable; urgency=medium
* Fix directory traversal with dpkg-deb --raw-extract, by guaranteeing
that the DEBIAN pathname does not exist. Closes: #879982
Reported by Jakub Wilk <email address hidden>.
* Rename DPKG_GAIN_ROOT_CMD to DEB_GAIN_ROOT_CMD in the R³ support, as
the variable is expected to be set by any builder, not just dpkg. And
introduce ephemereal backwards compatibility even though there are no
known users.
* Do not set DEB_GAIN_ROOT_CMD in dpkg-buildpackage when the R³ value is
<implementations-keywords>, following the specification.
* Specify that DEB_GAIN_ROOT_CMD in R³ should preserve the environment.
Proposed by Josh Triplett <email address hidden>.
* Specify new DEB_RULES_REQUIRES_ROOT variable for R³ support.
* Declare R³ specification as "recommendation, stable" with version 1.0.
* Architecture support:
- Add support for riscv64 CPU. Closes: #822914
Thanks to Manuel A. Fernandez Montecelo <email address hidden>
* Perl modules:
- Dpkg::Vendor::Debian: Use proper %use_feature key. This was causing perl
errors on paths not accapted for fixdebugpath.
Reported by Mattia Rizzolo <email address hidden>, on IRC. Closes: #881051
- Check that $state->{seen} exists instead of $state being just defined.
Fixes regression in dpkg-gensymbols symbols output.
Thanks to Dmitry Shachnev <email address hidden>. Closes: #880166
- Mark hurd-i386 as having gcc builtin PIE in Dpkg::Vendor::Debian.
Requested by Samuel Thibault <email address hidden>.
-- Adam Conrad <email address hidden> Wed, 24 Jan 2018 15:19:21 -0700
-
dpkg (1.19.0.4ubuntu1) bionic; urgency=medium
* Merge from current Debian unstable; remaining Ubuntu changes:
- Change native source version/format mismatch errors into warnings
until the dust settles on Debian bug 737634 about override options.
- Add DPKG_UNTRANSLATED_MESSAGES environment check so that higher-level
tools can get untranslated dpkg terminal log messages while at the
same time having translated debconf prompts.
- Special-case arm{el,hf} ELF objects in Shlibs/Objdump.pm for multilib.
- Map unqualified package names of multiarch-same packages to the native
arch instead of throwing an error, so that we don't break on upgrade
when there are unqualified names stored in the dpkg trigger database.
- Apply a workaround from mvo to consider ^rc packages as multiarch,
during the dpkg consistency checks. (see LP: 1015567 and 1057367).
- dpkg-gencontrol: Fix Package-Type override handling for ddeb support.
dpkg (1.19.0.4) unstable; urgency=medium
* Perl modules:
- Check that $tarname is defined before use in Dpkg::Source::Package::V1.
Thanks to Christoph Biedl <email address hidden>.
Closes: #879124
* Packaging:
- Add Breaks on debhelper << 10.10.1~ to dpkg-dev, so that debhelper users
wanting to use R³ support do not need a versioned dependency on dpkg-dev.
- Add Breaks dgit << 3.13~ to libdpkg-perl, as older dgit versions assumed
that Dpkg::Compression::Process was available, via implicit import
from Dpkg::Source::Package.
Reported by Ian Jackson <email address hidden>.
dpkg (1.19.0.3) unstable; urgency=medium
* Pass the correct source stanza to the dpkg-buildpackage code parsing the
Rules-Requires-Root field. This meant the field was being ignored.
* Setup and check rootcommand in dpkg-buildpackage only if it is going to
be needed. Reported by Niels Thykier <email address hidden>.
* Documentation:
- Add a missing dot on the dpkg-buildflags(1) «lfs» feature paragraph.
Spotted by Helge Kreutzmann <email address hidden>.
* Packaging:
- Comment out Rules-Requires-Root field until debhelper supports it.
dpkg (1.19.0.2) unstable; urgency=medium
* Fix logic in dpkg-buildpackage to decide whether to run build targets,
which broke tons of packages that are violating Debian policy MUSTs.
Thanks to James Clarke <email address hidden>. Closes: #878899
* Do not try to recompute hashes for the .dsc file when signing binary-only
builds in dpkg-buildpackage. Reported by Ximin Luo <email address hidden>.
* Packaging:
- Add Breaks to libdpkg-perl against pkg-kde-tools (<< 0.15.28~), as
that package is using private modules with no API guarantees, that
obviously broke due to recent changes in 1.19.0. Closes: #878919
dpkg (1.19.0.1) unstable; urgency=medium
* Packaging:
- Install update-alternatives policykit-1 file.
* Test suite:
- Skip Dpkg::OpenPGP test if gpg is not present.
dpkg (1.19.0) unstable; urgency=medium
[ Guillem Jover ]
* Remove an unused variable in dpkg-shlibdeps.
Thanks to Niels Thykier <email address hidden>.
* Parse start-stop-daemon usernames and groupnames starting with digits in
-u and -c correctly. Reported by Bodo Eggert <email address hidden>.
* Cache the result of «dpkg-query --control-path» calls in dpkg-shlibdeps.
Based on a patch by Niels Thykier <email address hidden>. Closes: #846405
* Always use the binary version for the .buildinfo filename in
dpkg-genbuildinfo. Reported by Raphaël Hertzog <email address hidden>.
Closes: #869236
* Fix integer overflow in deb(5) format version parser.
Closes: #868356
* Re-enable upstream tar signatures when building source format 1.0.
* Make dpkg-deb --build sanity check the config maintainer script file type
and permissions.
* Add support to dpkg-deb for rootless builds, by setting the owner and
group for the control.tar entries to root:root, and making it possible to
do the same for the data.tar entries via the new --root-owner-group option.
Based on a patch by Niels Thykier <email address hidden>. Closes: #291320
* Make dpkg-buildpackage error out if --as-root is passed without
--rules-target.
* Add support for rootless builds in dpkg-buildpackage by honoring the
Rules-Requires-Root (R³) field.
* Add new dpkg-buildflags --query command, which is like --status but in
deb822 format.
* Remove long obsolete dselect floppy method.
* Remove traces of non-US support from dselect methods.
* Add support for a new Build-Kernel-Version field in .buildinfo files,
that can be emitted with a new dpkg-genbuildinfo --always-include-kernel
option. Closes: #873937
* Make dpkg-genchanges honor substvars in .changes Description field.
Closes: #856547
* Add support for source package Description and substvars. This new
field in the debian/control source stanza will be copied into the .dsc
file, and will also be used to initialize the new source:Synopsis and
source:Extended-Description substvars that will be available when
generating the DEBIAN/control and .changes files. Closes: #555743
* Add new “future” feature area in dpkg-buildflags:
- Add new «lfs» feature, to be used instead of the getconf(1) interface
which cannot support cross-building.
* Add new buildtools.mk make fragment to support build tools variable
setup, for both TOOL and TOOL_FOR_BUILD variables. Not included by
default from default.mk.
* Make --uniform-compression the new default dpkg-deb behavior. Add support
for negating the option via --no-uniform-compression.
* Clarify subprocess error message by shuffling words around.
* Print the package name on maintainter script errors. Closes: #877521
* Fix capitalization of Debian in dpkg-deb output messages.
* Add a policikit file for running update-alternatives via pkexec.
Propose by Boyuan Yang <email address hidden>.
* Perl modules:
- Switch from Dpkg::Util to List::Util, now that the module in the
new required Perl contains the needed functions.
- Add a new "unique_tuple_key" option to Dpkg::Index set_options() to
set better default "get_key_func" options, which will become the default
behavior in 1.20.x. Prompted by Johannes Schauer <email address hidden>.
- Mark ppc64 and powerpc as having gcc builtin PIE in Dpkg::Vendor::Debian.
- Make the Dpkg::Substvars warnings output deterministic.
Thanks to Chris Lamb <email address hidden>. Closes: #870221
- Remove unused POSIX module imports.
- Use Errno module instead of the slow to import POSIX.
- Remove unused Dpkg::Path from Dpkg::Vendor::Ubuntu.
- Only load POSIX from Dpkg::Compression::FileHandle if we are going to
use signal definitions, reducing the load time of many other modules.
- Only load Dpkg::BuildOptions and Dpkg::Arch from Dpkg::Vendor-specific
modules if we are going to use them, reducing the load time of many
other modules.
- Only load Term::ANSIColor from Dpkg::ErrorHandling if we are going to
use colors, reducing the load time of many other modules.
- Move color setup into report_pretty in Dpkg::ErrorHandling.
- Move printforhelp initialization into usageerr() in Dpkg::ErrorHandling.
- Avoid many function arguments in Dpkg::Shlibs::SymbolFile parse().
- Avoid many function arguments in Dselect::Ftp do_connect().
- Add new Dpkg::Interface::Storable option to disable compression support,
so that we can load Dpkg::Compression::FileHandle only when enabled.
- Disable decompression support for Dpkg::Vendor origin files.
- Move file_lock() function into a new Dpkg::Lock module, to reduce the
module load chain for several Dpkg modules.
- Add support for new DPKG_NLS environment variable in Dpkg::Gettext,
that when set to 0 will disable NLS (i18n) support in the Dpkg modules,
and reduce the load chain.
- Disable compression when using the default file in
Dpkg::Changelog::Parse.
- Mark all missing CTRL_INDEX_SRC and CTRL_INDEX_PKG fields as allowed
in Dpkg::Control::FieldsCore.
- Complete field order for CTRL_PKG_DEB and CTRL_FILE_STATUS types in
Dpkg::Control::FieldsCore.
- Switch to use lowercase field names for all internal field name
handling in Dpkg::Control::FieldsCore, giving a significant speed up.
- Remove dependency on Dpkg::Checksums from Dpkg::Control::FieldsCore.
- Do not execute code when importing Dpkg::Control::FieldsCore.
- Use substr instead of a regex to match the first line characters in
when parsing control files in Dpkg::Control::HashCore.
- Merge build flag methods into a single _add_build_flags private method
in Dpkg::Vendor::Debian.
- Do not use an intermediate variable in Dpkg::Control::HashCore::Tie
STORE method.
- Expect deb822 stanza delimiters more often than OpenPGP Armor Headers
in Dpkg::Control::HashCore parse method.
- Optimize trailing space matching on Dpkg::Control::HashCore parse
method, by trimming it just once at the beginning of the iteration.
- Optimize trailing space trimming on Dpkg::Control::HashCore parse
method, by requiring that at least one whitespace is present.
- Optimize first character matching in Dpkg::Control::HashCore parse
method, by storing the first character in a variable.
- Optimize field/value parsing in Dpkg::Control::HashCore parse method,
by switching from a capturing regex to split() plus a checking regex.
- Auto-convert binary signatures to OpenPGP ASCII Armor in
Dpkg::Source::Package when building source packages.
- Switch Dpkg::Source::Package::V3 modules to use find_command() instead
of ad-hoc code.
- Call source format prerequisites Dpkg::Source::Package method if
present. Addresses: #877688
- Unify Dpkg::ErrorHandling subprocess errors with the ones from libdpkg.
- Do not emit a perl warning if gcc or dpkg is not found from Dpkg::Arch,
the code already handles the commands not being present.
- Do not unnecessarily require setting the host_arch in Dpkg::Deps.
Closes: #856396
- Do not normalize args past a passthrough stop word in Dpkg::Getopt.
Some commands pass some arguments through to another command, and
those must not be normalized as that might break their invocation.
Reported by Helmut Grohne <email address hidden>.
* Documentation:
- Document currently accepted syntax for changelogs in deb-changelog(5).
Closes: #858579
- Mark source:Version substvar in bold in deb-substvars(5).
- Clarify behavior for dpkg-maintscript-helper. Closes: #857852
- Use <command-string> instead of <command> for -c argument value in
dpkg-architecture(1). Reported by Johannes Schauer <email address hidden>.
- Itemize the CTRL_* constants in the Dpkg::Index POD.
- Update buildinfo information in dpkg-buildpackage man page to match
the current implementation.
- Add all source files to POTFILES.in files.
- Move deb-version man page to section 7.
- Remove reference to obsolete dpkg-cross(1).
- Sort control field export markers by tool order in deb-src-control(5).
- Document Package-Type and Enhances fields in deb-control(5).
- Write the actual glyphs used to delimit dependency restrictions in
deb-src-control(5).
- Move Package-Type description just after the Package field in
deb-src-control(5).
- Move udeb-specific fields to the end of the list of fields in
deb-src-control(5), and mention these are really udeb-specific.
- Document that dependency fields in binary stanza can have restrictions
in deb-src-control(5).
- Clarify that the Testsuite field is comma-separarted.
- Fix update-alternatives man page section in alternatives/README file
reference. Closes: #872309
- Use correct name for archname validator value in dpkg(1) man page.
Reported by Niels Thykier <<email address hidden>.
- Add new deb-src-rules(5) man page.
- Document that trailing commas are valid in debian/control dependency
fields, which get stripped when generating output files.
Prompted by Mattia Rizzolo <email address hidden>.
- Clarify that sanitize options should not be used for production builds.
- Remove recommendation to use Pre-Depends for trigger directives from
deb-triggers(5). Closes: #864882
- Add new rootless build experimental draft specification.
Initial proposal by Niels Thykier <email address hidden>, wording fixes
and spec clarifications by Guillem Jover <email address hidden>.
- Fix several function signature documentation.
* Code internals:
- Switch perl code to use -> operator for function variables.
- Switch perl code from split() with /\s+/ to ' '.
* Build system:
- Require Perl 5.20.2, the version in Debian oldstable (jessie).
- Use new gcc-7 -Wrestrict and -Wshift-negative-value warnings if
available.
- Do not override the default DEPENDENCIES for libdpkg, extend it instead.
- Install perl man pages in section 3perl.
* Packaging:
- Remove preinst maintainer scripts for dselect and dpkg-dev, for an
ancient /usr/share/doc symlink to directory switch. Closes: #867327
- Remove now unused libio-string-perl Build-Depends, and versioned
dpkg-dev as we do not use build profiles any more.
- Set Rules-Requires-Root field to no.
- Do not set redundant source compression to xz.
- Bump Standards-Version to 4.1.0 (no changes needed).
- Switch to debhelper compatibility level 10.
- Split alternatives logrotate into its own configuration file to help
downstreams and derivatives.
- Remove ancient code recompressing the alternatives database backups
from xz to gzip in the dpkg daily cron job.
- Remove Replaces and Breaks for ancient transitions.
- Remove workaround for ancient gcc lacking stackprotectorstrong support.
- Remove maintainer script code to handle downgrades to pre-triggers and
pre-multiarch dpkg versions.
- Remove alternative logs when purging dpkg (!?).
- Add support for DPKG_ROOT in dpkg maintainer scripts.
- Add git and bzr to libdpkg-perl Suggests. Closes: #877688
* Test suite:
- Enable perlcritic Documentation::RequirePodSections and
Miscellanea::ProhibitTies.
- Disable perlcritic ValuesAndExpressions::ProhibitEscapedCharacter.
- Add a new all_perl_modules function to Test::Dpkg.
- Add a new module-version unit test to check that module $VERSION
matches the newest entry in the CHANGES section.
- Use Module::Metadata instead of grepping for $VERSION in pod-coverage.
- Avoid many function arguments in Dpkg_Changelog.t check_options().
- Add a new unit test for Dpkg::Control::FieldsCore.
- Switch from IO::String to native open() scalar support.
- Use UTC0 when setting TZ.
[ Updated programs translations ]
* German (Sven Joachim).
* Italian (Pietro Battiston). Closes: #864509
* Portuguese (Miguel Figueiredo). Closes: #868800
* Simplified Chinese (Zhou Mo, Boyuan Yang). Closes: #867133, #877929
[ Updated scripts translations ]
* German (Helge Kreutzmann).
[ Updated man pages translations ]
* Dutch (Frans Spiesschaert). Closes: #862924
* German (Helge Kreutzmann).
-- Adam Conrad <email address hidden> Wed, 25 Oct 2017 18:17:32 -0600
-
dpkg (1.18.24ubuntu1) artful; urgency=medium
* Merge from current Debian testing; remaining Ubuntu changes:
- Change native source version/format mismatch errors into warnings
until the dust settles on Debian bug 737634 about override options.
- Add DPKG_UNTRANSLATED_MESSAGES environment check so that higher-level
tools can get untranslated dpkg terminal log messages while at the
same time having translated debconf prompts.
- Special-case arm{el,hf} ELF objects in Shlibs/Objdump.pm for multilib.
- Map unqualified package names of multiarch-same packages to the native
arch instead of throwing an error, so that we don't break on upgrade
when there are unqualified names stored in the dpkg trigger database.
- Apply a workaround from mvo to consider ^rc packages as multiarch,
during the dpkg consistency checks. (see LP: 1015567 and 1057367).
- dpkg-gencontrol: Fix Package-Type override handling for ddeb support.
* scripts/Dpkg/Vendor/Ubuntu.pm: Drop hardening changes merged upstream.
* dpkg-buildpackage: Drop stale debian/files cleaning, solved differently.
dpkg (1.18.24) unstable; urgency=medium
[ Guillem Jover ]
* Add missing symbols to the libdpkg map file.
* Fix dpkg-shlibdeps to preserve the Dpkg::Shlibs::find_library() order
when scanning symbols/shlibs files. This was causing generation of bogus
dependencies when multiple packages provide the same SONAME on different
directories. Regression introduced in dpkg 1.18.17. Closes: #860979
* Make dpkg-maintscript-helper print all unowned files from a directory
when printing the error message, to ease debugging those problems after
the fact. Closes: #813454, #860238
Based on a patch by Bastien ROUCARIÈS <email address hidden>.
* Add duplicate prevention code for debian/files to dpkg-genbuildinfo, so
that successive runs with different versions and equivalent build types
do not generate multiple .buildinfo entries to be uploaded, which is
similar to what dpkg-gencontrol is doing for .deb files.
* Fix conffile takeover handling during unpack in dpkg on --root or
on diversions. Closes: #837051, #858004
* Fix digest inference for shared conffiles, causing bogus takeover
unpack errors. Regression introduced in dpkg 1.16.9. Closes: #861217
* Improve tar entry metadata parsing in dpkg:
- Do not parse device numbers for non block nor char tar entry objects.
- Make the existing octal parser more robust, by checking for the
expected format of leading zeros or spaces, followed by any ASCII
octal characters (0-7), followed by zero or more space or NULs.
- Add support for base-256 encoded numeric fields, to support large
values, for UID/GID, device number, size and even signed timestamps.
This is necessary not only to be able to store larger values, but to
cover packages that can already be generated by dpkg-deb, given that
it uses the system GNU tar when building. Closes: #850834
* Architecture support:
- Add support for ARM64 ILP32. Closes: #824742
Thanks to Wookey <email address hidden>.
* Perl modules:
- Remove obsolete hardening-wrapper support from Dpkg::Vendor::Ubuntu.
Thanks to Adam Conrad <adconrad@0c3.net>.
- Bump $Dpkg::Deps::VERSION to match the one documented in CHANGES.
- Ignore by default debian/files.new and debian/files for all source
formats in Dpkg::Source::Package, because these are generated files
with well known pathnames, part of the public interface, and with
dpkg-genbuildinfo always injecting .buildinfo entries into
debian/files, this meant this could disrupt previous workflows based
on not cleaning the source tree.
* Documentation:
- Many spelling fixes. Thanks to Josh Soref <email address hidden>.
- Do not include mispellings in changelogs, as that makes detecting them
more difficult.
* Build system:
- Use libexec variable for auxiliary internal programs, and set it to
/usr/lib on Debian and derivatives.
- Check that the detected tar is a GNU tar.
- Check that the detected patch is a GNU patch, so that we get a directory
traversal resistant patch implementation. This fixes CVE-2017-8283 by
delegating those checks to patch(1), so that we trap blank-indented
diff hunks trying to escape from the source tree.
* Test suite:
- Add a test case for blank-indented patches which were the cause for
CVE-2017-8283.
- Handle files with non-zero sizes in c-tarextract libdpkg test code.
[ Updated programs translations ]
* Catalan (Guillem Jover).
* Czech (Miroslav Kure).
[ Updated dselect translations ]
* Catalan (Guillem Jover).
[ Updated scripts translations ]
* Catalan (Guillem Jover).
[ Updated man pages translations ]
* German (Helge Kreutzmann, David Rabel). Closes: #857449
* Spanish (Javier Fernández-Sanguino).
-- Adam Conrad <email address hidden> Mon, 05 Jun 2017 11:35:51 -0600
