-
dpkg (1.14.24ubuntu1.2) jaunty-security; urgency=low
* SECURITY UPDATE: no change rebuild to use the new statically linked libbz2
which fixed CVE-2010-0405
-- Jamie Strandboge <email address hidden> Wed, 15 Sep 2010 13:30:46 -0500
-
dpkg (1.14.24ubuntu1.1) jaunty-security; urgency=low
* SECURITY UPDATE: arbitrary file overwriting via symlinks and relative
directories.
- upstream fixes thanks to Raphael Hertzog, backported inline to
scripts/Dpkg/Source/Package/V3/quilt.pm, and
scripts/Dpkg/Source/Patch.pm b/scripts/Dpkg/Source/Patch.pm.
- CVE-2010-0396
-- Kees Cook <email address hidden> Wed, 10 Mar 2010 13:54:45 -0800
-
dpkg (1.14.24ubuntu1) jaunty; urgency=low
* Resynchronise with Debian. Remaining changes:
Ubuntu-specific adjustments (probably):
- Use i686 for lpia in cputable and triplettable.
- Hack Dpkg::Arch to return i686 for lpia.
- Move various Conflicts to Breaks, since upgrades from stable Ubuntu
releases support Breaks.
- Check source package signatures using
/usr/share/keyrings/ubuntu-archive-keyring.gpg if it exists.
Miscellaneous bug fixes:
- Avoid closing fsys tarfile pipe twice even in normal operation -
normally EBADF but might sometimes close some other desired fd and
cause hideous doom.
- Avoid duplicate attempts to [f]close in obscure error situations which
might conceiveably close wrong fds.
- Add a few more comments around obscure bits of trigger handling code
which confused both me and Ian during the merge.
- Revert change to stop outputting a newline after a postinst is run
(Debian #392317).
- Use the two-arg form of open in Dpkg::Control so that "-" can be
passed to parse stdin as a control file (Debian #465340).
- chdir("/") after chroot() when executing maintainer scripts under
--instdir (Debian #509578).
Launchpad integration:
- Implement changelog-closes-bugs for Ubuntu (see
https://wiki.ubuntu.com/ClosingBugsFromChangelog).
- Add Launchpad-Bugs-Fixed to dpkg-genchanges too, to make it not
complain about unknown fields.
DebianMaintainerField:
- scripts/dpkg-source.pl: Check that debian/control complies with
https://wiki.ubuntu.com/DebianMaintainerField: If $DEBEMAIL contains
'@ubuntu.com', refuse to build a source package if we have an Ubuntu
version number, but Maintainer: is not an Ubuntu address. Output a
warning if $DEBEMAIL contains 'ubuntu' but not '@ubuntu.com', or if
there is no XSBC-Original-Maintainer: field for packages with an
Ubuntu version number (Debian #426752).
Build options:
- Point to https://wiki.ubuntu.com/DistCompilerFlags from
dpkg-buildpackage(1).
- Set default LDFLAGS to -Wl,-Bsymbolic-functions. (We've already taken
this hit in Ubuntu.)
- Implement handling of hardening-wrapper options via DEB_BUILD_OPTIONS.
dpkg (1.14.24) unstable; urgency=low
[ Raphael Hertzog ]
* Fix parsing of objdump output (by dpkg-shlibdeps) in a special case where
the symbol name is separated only with a single space. Closes: #506139
* Fix dpkg-shlibdeps behaviour when Build-Depends-Package is used in the
symbols file. It was merging all dependency templates into the generated
dependency instead of simply modifying the minimal version. Thanks to
Modestas Vainius <email address hidden>. Closes: #507346
* Fix dpkg-source to correctly extract a source package even when called
from a non-writable directory when a target directory has been specified
on the command line. Closes: #507217, #507219
[ Guillem Jover ]
* Do not allow installing packages with non-obsolete conffiles owned by
other packages without a proper Replaces field. Closes: #508392
[ Updated dselect translations ]
* Galician (Marce Villarino). Closes: #509887
[ Updated dpkg translations ]
* Galician (Marce Villarino). Closes: #509150
* Vietnamese (Clytie Siddall). Closes: #509424
[ Updated scripts translations ]
* Improve German translation.
-- Colin Watson <email address hidden> Wed, 07 Jan 2009 12:11:09 +0000
-
dpkg (1.14.23ubuntu1) jaunty; urgency=low
* Resynchronise with Debian. Remaining changes:
Ubuntu-specific adjustments (probably):
- Use i686 for lpia in cputable and triplettable.
- Hack Dpkg::Arch to return i686 for lpia.
- Move various Conflicts to Breaks, since upgrades from stable Ubuntu
releases support Breaks.
- Check source package signatures using
/usr/share/keyrings/ubuntu-archive-keyring.gpg if it exists.
Miscellaneous bug fixes:
- Avoid closing fsys tarfile pipe twice even in normal operation -
normally EBADF but might sometimes close some other desired fd and
cause hideous doom.
- Avoid duplicate attempts to [f]close in obscure error situations which
might conceiveably close wrong fds.
- Add a few more comments around obscure bits of trigger handling code
which confused both me and Ian during the merge.
- Revert change to stop outputting a newline after a postinst is run
(Debian #392317).
- Use the two-arg form of open in Dpkg::Control so that "-" can be
passed to parse stdin as a control file (Debian #465340).
- chdir("/") after chroot() when executing maintainer scripts under
--instdir (Debian #509578).
Launchpad integration:
- Implement changelog-closes-bugs for Ubuntu (see
https://wiki.ubuntu.com/ClosingBugsFromChangelog).
- Add Launchpad-Bugs-Fixed to dpkg-genchanges too, to make it not
complain about unknown fields.
DebianMaintainerField:
- scripts/dpkg-source.pl: Check that debian/control complies with
https://wiki.ubuntu.com/DebianMaintainerField: If $DEBEMAIL contains
'@ubuntu.com', refuse to build a source package if we have an Ubuntu
version number, but Maintainer: is not an Ubuntu address. Output a
warning if $DEBEMAIL contains 'ubuntu' but not '@ubuntu.com', or if
there is no XSBC-Original-Maintainer: field for packages with an
Ubuntu version number (Debian #426752).
Build options:
- Point to https://wiki.ubuntu.com/DistCompilerFlags from
dpkg-buildpackage(1).
- Set default LDFLAGS to -Wl,-Bsymbolic-functions. (We've already taken
this hit in Ubuntu.)
- Implement handling of hardening-wrapper options via DEB_BUILD_OPTIONS.
dpkg (1.14.23) unstable; urgency=low
[ Raphael Hertzog ]
* Blacklist "__gnu_local_gp" symbol for dpkg-gensymbols. Closes: #500188
Thanks to Thiemo Seufer <email address hidden>.
* Important bugfix in dpkg-gensymbols for people using includes in symbol
files: the current object didn't flow back from the included file to
the including file.
* Fix Dpkg::Version comparison code. Closes: #504135
[ Guillem Jover ]
* Untangle fatal abort condition from the “too many errors” one in the
archives and packages processing loop. Closes: #367226
* Abort on unrecoverable fatal errors instead of continuing execution, as
the recovery code assumed the execution would not be reaching it again
and some times bogus update files were created either with incompletely
written content or with '#padding' lines. Closes: #497041, #499070
[ Updated dpkg translations ]
* Brazilian Portuguese (Felipe Augusto van de Wiel).
* Catalan (Jordi Mallach).
* Czech (Miroslav Kure). Closes: #505910
* French (Christian Perrier)
* German (Sven Joachim).
* Greek (Emmanuel Galatoulas). Closes: #498585
* Japanese (Kenshi Muto).
* Korean (Changwoo Ryu). Closes: #505777
* Norwegian Bokmål (Hans F. Nordhaug).
* Polish (Wiktor Wandachowicz).
* Portuguese (Miguel Figueiredo). Closes: #505869
* Russian (Yuri Kozlov). Closes: #499028, #505735
* Romanian (Eddy Petrișor).
* Slovak (Ivan Masár). Closes: #506024
* Spanish (Javier Fernandez-Sanguino). Closes: #505836
[ Updated scripts translations ]
* Fix typo in Russian. Closes: #499736
* Fix wrong translation in French. Closes: #504123
* French (Christian Perrier).
[ Updated manpages translations ]
* German (Helge Kreutzmann).
-- Colin Watson <email address hidden> Tue, 23 Dec 2008 12:57:32 +0000
-
dpkg (1.14.22ubuntu1) jaunty; urgency=low
* Resynchronise with Debian. Remaining changes:
Ubuntu-specific adjustments (probably):
- Use i686 for lpia in cputable and triplettable.
- Hack Dpkg::Arch to return i686 for lpia.
- Move various Conflicts to Breaks, since upgrades from stable Ubuntu
releases support Breaks.
- Check source package signatures using
/usr/share/keyrings/ubuntu-archive-keyring.gpg if it exists.
Miscellaneous bug fixes:
- Avoid closing fsys tarfile pipe twice even in normal operation -
normally EBADF but might sometimes close some other desired fd and
cause hideous doom.
- Avoid duplicate attempts to [f]close in obscure error situations which
might conceiveably close wrong fds.
- Add a few more comments around obscure bits of trigger handling code
which confused both me and Ian during the merge.
- Revert change to stop outputting a newline after a postinst is run
(Debian bug #392317).
- Use the two-arg form of open in Dpkg::Control so that "-" can be
passed to parse stdin as a control file.
- chdir("/") after chroot() when executing maintainer scripts under
--instdir.
Launchpad integration:
- Implement changelog-closes-bugs for Ubuntu (see
https://wiki.ubuntu.com/ClosingBugsFromChangelog).
- Add Launchpad-Bugs-Fixed to dpkg-genchanges too, to make it not
complain about unknown fields.
DebianMaintainerField:
- scripts/dpkg-source.pl: Check that debian/control complies with
https://wiki.ubuntu.com/DebianMaintainerField: If $DEBEMAIL contains
'@ubuntu.com', refuse to build a source package if we have an Ubuntu
version number, but Maintainer: is not an Ubuntu address. Output a
warning if $DEBEMAIL contains 'ubuntu' but not '@ubuntu.com', or if
there is no XSBC-Original-Maintainer: field for packages with an
Ubuntu version number.
Build options:
- Point to https://wiki.ubuntu.com/DistCompilerFlags from
dpkg-buildpackage(1).
- Set default LDFLAGS to -Wl,-Bsymbolic-functions. (We've already taken
this hit in Ubuntu.)
- Implement handling of hardening-wrapper options via DEB_BUILD_OPTIONS.
* Drop changes only relevant to unsupported and unlikely upgrade paths:
- Rename triggers/Deferred to triggers/Unincorp to fix upgrades from
early versions of trigger support in Ubuntu.
dpkg (1.14.22) unstable; urgency=low
[ Raphael Hertzog ]
* The last "small fix" actually broke conversion of source packages to
"3.0 (quilt)" format when they have local changes and no pre-existing
quilt series file. Now always provide a valid name in QUILT_SERIES.
Closes: #496920
* Fix permissions of the automatically generated pacth in "2.0" and "3.0
(quilt)" format. They were improperly set to 0600 due to tempfile()
and were not reset to a sane value. Closes: #496925
* Fix dpkg-gensymbols to not scan (real) directories accessed through a
symlink contained in the build tree as they may well not be part of
the package (with absolute symlinks). It was already skipping symlinks
(since 1.14.16.6) for similar reasons.
[ Updated dpkg translations ]
* Basque (Piarres Beobide). Closes: #496753
* Brazilian Portuguese (Felipe Augusto van de Wiel).
* Galician (Jacobo Tarrio).
* Norwegian Bokmal (Hans Fredrik Nordhaug). Closes: #497309
* Swedish (Daniel Nylander and Peter Krefting).
* Vietnamese (Clytie Siddall). Closes: #497893
[ Updated manpages translations ]
* Swedish (Peter Krefting).
[ Updated scripts translations ]
* Swedish (Peter Krefting).
dpkg (1.14.21) unstable; urgency=low
[ Raphael Hertzog ]
* Small fix in "3.0 (quilt)" source format when using non-standard name
of the quilt series.
* Handle debian.tar.gz files like diff.gz in dpkg-buildpackage and
dpkg-genchanges to detect the kind of upload.
* Add "armel" to /usr/share/dpkg/archtable. Closes: #487768
* Modified Dpkg::BuildOptions to recognize and use spaces as separator
in DEB_BUILD_OPTIONS (in order to conform with the Debian policy
ruling established in #430649).
* Fix dpkg-source to not use -i and -I by default with "1.0" source
packages. Closes: #495138
[ Guillem Jover ]
* When loading the status file fix up any inconsistent package in state
triggers-awaited w/o the corresponding package with pending triggers.
Closes: #487637, #486843, #489068
* Fix --no-act in triggers related code. Closes: #495097
* Do not assert when dpkg stops processing packages due to too many
errors occurred while configuring or removing packages.
Thanks to Ian Jackson <email address hidden>. Closes: #483655
* Move lzma from dpkg Suggests to Pre-Depends. Closes: #456332
* Match description of -si option in dpkg-buildpackage to the one in
dpkg-genchanges. Closes: #493743
* Close --status-fd file descriptors on exec, so that they are not
inherited by the childs. Closes: #471488, #487684
* State that the preferred front-end is aptitude and replace one instance
of dselect usage with apt-get. Closes: #483785
[ Updated manpages translations ]
* French (Florent Usseil).
* German (Helge Kreutzmann).
[ Updated scripts translations ]
* Russian (Yuri Kozlov). Closes: #490076
* German (Helge Kreutzmann).
[ Updated dpkg translations ]
* Basque (Piarres Beobide). Closes: #490905
* Czech (Miroslav Kure).
* French (Christian Perrier).
* German (Sven Joachim).
* Korean (Changwoo Ryu).
* Romanian (Eddy Petrișor).
* Russian (Yuri Kozlov). Closes: #488689
* Simplified Chinese (Deng Xiyue). Closes: #496176
* Slovak (Ivan Masár). Closes: #488903, #495505
* Thai (Theppitak Karoonboonyanan). Closes: #488090
[ Added dpkg translations ]
* Lithuanian (Gintautas Miliauskas). Closes: #493326
[ Updated dselect translations ]
* Romanian (Eddy Petrișor).
-- Colin Watson <email address hidden> Sat, 01 Nov 2008 02:01:27 +0000
-
dpkg (1.14.20ubuntu6) intrepid; urgency=low
* Be more liberal when checking for an Ubuntu Maintainer field; a
case-insensitive check is good enough, and copes e.g. with mplayer's
"Maintainer: Ubuntu MOTU Media Team <email address hidden>".
-- Colin Watson <email address hidden> Wed, 03 Sep 2008 12:50:49 +0100