-
dpkg (1.16.7ubuntu6.2) quantal-security; urgency=medium
* SECURITY UPDATE: directory traversal in dpkg-source
- scripts/Dpkg/Source/Patch.pm: outright reject C-style filenames in
patches
- a12eb58959d0a10584a428f4a3103a49204c410f
- CVE-2014-0471
-- Marc Deslauriers <email address hidden> Thu, 01 May 2014 08:03:52 -0400
-
dpkg (1.16.7ubuntu6.1) quantal-security; urgency=medium
* SECURITY UPDATE: directory traversal in dpkg-source
- scripts/Dpkg/Source/Patch.pm: correctly parse C-style diff
filenames.
- Patch thanks to Guillem Jover <email address hidden>
- CVE-2014-0471
-- Marc Deslauriers <email address hidden> Wed, 23 Apr 2014 19:50:12 -0400
-
dpkg (1.16.7ubuntu6) quantal; urgency=low
[ Raphaël Hertzog ]
* Fix dpkg-source regression in "3.0 (quilt)" source packages while
unapplying patches that remove all files in a directory. Closes:
#683547 (LP: #1057886)
-- Barry Warsaw <email address hidden> Mon, 01 Oct 2012 14:39:06 -0400
-
dpkg (1.16.7ubuntu5) quantal; urgency=low
* Fix scoping issues in dpkg postinst, so we don't end up doing
the foreign-architecture migration on every single dpkg upgrade
-- Adam Conrad <email address hidden> Fri, 28 Sep 2012 18:37:28 -0600
-
dpkg (1.16.7ubuntu4) quantal; urgency=low
* Apply a workaround from mvo to consider RC packages as multiarch,
during the dpkg consistency checks. (LP: #1015567). Opened bug 1057367
to upgrade status database.
-- Dmitrijs Ledkovs <email address hidden> Thu, 27 Sep 2012 09:40:47 +0100
-
dpkg (1.16.7ubuntu3) quantal; urgency=low
* Restore the :native qualier to the implicit build-essential
dep in dpkg-checkbuilddeps, now that build-essential is fixed
-- Adam Conrad <email address hidden> Fri, 13 Jul 2012 21:43:37 -0600
-
dpkg (1.16.7ubuntu2) quantal; urgency=low
* Remove the :native qualifier from the automatic build-dep on
build-essential in dpkg-checkbuilddeps: this broke everything
-- Adam Conrad <email address hidden> Fri, 06 Jul 2012 04:03:53 -0600
-
dpkg (1.16.7ubuntu1) quantal; urgency=low
* Merge from Debian unstable. Remaining changes:
- Change the multiarch downgrade version checks in prerm/postrm
from 1.16.2 to 1.16.0~ to reflect when multiarch landed in Ubuntu.
- Migrate dpkg multiarch conffile (and other multi-arch-related
conf settings) to the new DB with dpkg --add-architecture, but
keep a copy of the old conffile if it was modified.
- Out of paranoia, keep an option handler for foreign-architecture
that informs people that they need to scrub their config files
and upgrade, on the off chance that the above migration fails
for some reason (this mitigates the chances of leaving users with
a dpkg that fails to run due to a broken config).
- Add DPKG_UNTRANSLATED_MESSAGES environment check so that higher-level
tools can get untranslated dpkg terminal log messages while at the
same time having translated debconf prompts. This is useful for tools
that hide the dpkg terminal by default and use apport for bug
reporting with the untranslated error message.
- Build-depend on gettext:any for cross-building support.
- Apply patch from Steve McIntyre to special-case armhf/armel ELF
objects in Shlibs/Objdump.pm, so we don't get incorrect deps.
- lib/dpkg/pkg-spec.c: map unqualified package names of multiarch-same
packages to the native arch instead of throwing an error, so that we
don't break on upgrade when there are unqualified names stored in
dpkg's own trigger database.
- Add logic to the postinst to `dpkg --add-architecture i386' on new
installs on amd64, and to also do so on upgrades from pre-conffile
Ubuntu versions, mimicking our previous behaviour with the conffile.
* Alter the foreign-architecture option handler to output to stderr
instead of stdout, for people who prefer their stdout less noisy.
dpkg (1.16.7) unstable; urgency=low
[ Guillem Jover ]
* Fix bogus dpkg-query --control-show badusage() strings.
[ Raphaël Hertzog ]
* Fix dpkg-gencontrol to correctly compute the source version
in the case of "old-style" bin-nmus. Closes: #679959
[ Updated dselect translations ]
* Catalan (Guillem Jover).
* French (Christian Perrier).
* German (Sven Joachim).
* Swedish (Peter Krefting).
[ Updated programs translations ]
* French (Christian Perrier).
* German (Sven Joachim).
* Italian (Milo Casagrande).
* Swedish (Peter Krefting).
[ Updated man page translations ]
* Swedish (Peter Krefting).
[ Updated scripts translations ]
* Swedish (Peter Krefting).
dpkg (1.16.6) unstable; urgency=low
[ Guillem Jover ]
* Do not translate SE Linux context to human readable form while unpacking,
as that might cause the operation to fail if the mcstransd daemon
stopped running during the transaction. Closes: #679641
Thanks to Russell Coker <email address hidden>.
* Add --control-list and --control-show to dpkg-query --help output.
[ Raphaël Hertzog ]
* Fix import of error functions in dpkg-buildflags. Regression introduced
in 1.16.5.
[ Updated scripts translations ]
* German (Helge Kreutzmann).
[ Updated man page translations ]
* German (Helge Kreutzmann).
dpkg (1.16.5) unstable; urgency=low
[ Raphaël Hertzog ]
* dpkg-source will now clean up after a failed application of a quilt
patch. Closes: #652970
And it will display a message explaining the most likely cause of
failure (patch applying with fuzz).
* When dpkg-source regenerates the automatic patch (with formats "2.0"
or "3.0 (quilt)") it will keep the current patch header to avoid
losing changes made by the maintainer.
* Modify dpkg-source --commit to auto-whitelist modified binary files.
That way the same command can be used whatever kind of upstream files
has been modified.
* dpkg-source now supports a new option --no-unapply-patches to force
patches to be kept applied after build (used by formats "2.0" and "3.0
(quilt)"). Closes: #643043
[ Guillem Jover ]
* Add a dpkg-buildflags --status action to describe the flag settings.
Thanks to Bernhard R. Link <email address hidden>. Closes: #664058
* Add support for “binary-only” key-value option in changelogs, to allow
marking changelog entries as part of a binary only upload, having a
different version from the source package. Closes: #440094, #672723
* Minimize source architecture list on «dpkg-source -b» by removing
architectures already covered by architecture wildcards. Closes: #675333
* Do not assume $ENV{'HOME'} is defined in Dpkg::Source::Package.
Thanks to Niels Thykier <email address hidden>. Closes: #677631
* Document in more detail in deb(5) the supported ar archive format.
* Document in deb-src-control(5) the “Private-” field prefix.
* Add new start-stop-daemon --no-close option to disable closing file
descriptors on --background. Closes: #627333, #646425
* Switch source compression to xz.
* Detect ar header fields truncation due to too long member names or too
large member sizes. Closes: #678933
* Add new dpkg-query --control-list and --control-show commands, which
replace the now deprecated --control-path.
* Print master and slave alternarive link names in update-alternatives
--query and always print alternative link in --config. Closes: #679010
* Cleanup and clarify buffer I/O error reporting. Closes: #621763
* Avoid full stop and double newline at the end of errors and warnings.
Thanks to Jonathan Nieder <email address hidden>. Closes: #624000
* Change all programs to accept -? instead of -h for help output.
* Add support for specific arch-qualified dependencies. Closes: #676232
Thanks to Thibaut Girka <email address hidden>.
* Accept “:native” arch-qualified Build-Dependencies. Closes: #558095
Thanks to Thibaut Girka <email address hidden>.
* Do not use undefined values returned form deps_parse() in dpkg-shlibdeps.
Closes: #640676
* Add an Architecture column to «dpkg-query -l» before the Description
column. Suggested by Jonathan Nieder <email address hidden>. Closes: #673190
[ Updated dpkg translations ]
* Swedish (Peter Krefting).
[ Updated dselect translations ]
* Swedish (Peter Krefting).
[ Updated scripts translations ]
* German (Helge Kreutzmann).
[ Updated man page translations ]
* German (Helge Kreutzmann).
* Swedish (Peter Krefting).
-- Adam Conrad <email address hidden> Fri, 06 Jul 2012 02:17:10 -0600
-
dpkg (1.16.4.3ubuntu1) quantal; urgency=low
* Merge from Debian unstable. Remaining changes:
- Change the multiarch downgrade version checks in prerm/postrm
from 1.16.2 to 1.16.0~ to reflect when multiarch landed in Ubuntu.
- Migrate dpkg multiarch conffile (and other multi-arch-related
conf settings) to the new DB with dpkg --add-architecture, but
keep a copy of the old conffile if it was modified.
- Out of paranoia, keep an option handler for foreign-architecture
that informs people that they need to scrub their config files
and upgrade, on the off chance that the above migration fails
for some reason (this mitigates the chances of leaving users with
a dpkg that fails to run due to a broken config).
- Add DPKG_UNTRANSLATED_MESSAGES environment check so that higher-level
tools can get untranslated dpkg terminal log messages while at the
same time having translated debconf prompts. This is useful for tools
that hide the dpkg terminal by default and use apport for bug
reporting with the untranslated error message.
- Build-depend on gettext:any for cross-building support.
- Apply patch from Steve McIntyre to special-case armhf/armel ELF
objects in Shlibs/Objdump.pm, so we don't get incorrect deps.
- lib/dpkg/pkg-spec.c: map unqualified package names of multiarch-same
packages to the native arch instead of throwing an error, so that we
don't break on upgrade when there are unqualified names stored in
dpkg's own trigger database.
* Add logic to the postinst to `dpkg --add-architecture i386' on new
installs on amd64, and to also do so on upgrades from pre-conffile
Ubuntu versions, mimicking our previous behaviour with the conffile.
-- Adam Conrad <email address hidden> Wed, 20 Jun 2012 22:57:24 -0600
-
dpkg (1.16.3ubuntu2) quantal; urgency=low
* lib/dpkg/pkg-spec.c: map unqualified package names of multiarch-same
packages to the native arch instead of throwing an error, so that we
don't break on upgrade when there are unqualified names stored in dpkg's
own trigger database. LP: #1015329.
-- Steve Langasek <email address hidden> Tue, 19 Jun 2012 18:08:02 -0700
-
dpkg (1.16.3ubuntu1) quantal; urgency=low
* Merge with 1.16.3 from unstable:
- Change the multiarch downgrade version checks in prerm/postrm
from 1.16.2 to 1.16.0~ to reflect when multiarch landed in Ubuntu.
- Migrate dpkg multiarch conffile (and other multi-arch-related
conf settings) to the new DB with dpkg --add-architecture, but
keep a copy of the old conffile if it was modified.
- Out of paranoia, keep an option handler for foreign-architecture
that informs people that they need to scrub their config files
and upgrade, on the off chance that the above migration fails
for some reason (this mitigates the chances of leaving users with
a dpkg that fails to run due to a broken config).
* Changes remaining from previous Ubuntu versions:
- Add DPKG_UNTRANSLATED_MESSAGES environment check so that higher-level
tools can get untranslated dpkg terminal log messages while at the
same time having translated debconf prompts. This is useful for tools
that hide the dpkg terminal by default and use apport for bug
reporting with the untranslated error message.
- Build-depend on gettext:any for cross-building support.
- Apply patch from Steve McIntyre to special-case armhf/armel ELF
objects in Shlibs/Objdump.pm, so we don't get incorrect deps.
dpkg (1.16.3) unstable; urgency=low
[ Guillem Jover ]
* Do not look for newline beyond the read buffer on dpkg-deb extract.
* Check update-alternative name and link arguments for all commands.
Closes: #665050
* Check all dpkg-divert filename arguments to be absolute and to not
contain newlines. Closes: #21722
* Print errors while reading the file list files on a new line instead
of just after the progress percentage. Closes: #552517
* Document in dpkg-source(1) that patches for source format “3.0 (quilt)”
are expected to apply without any fuzz. Closes: #666752
Based on a patch by Luca Capello <email address hidden>.
* Remove redundant -Wformat-security from default dpkg-buildflags, which
is already implied by -Werror=format-security. Closes: #664964
Suggested by Peter Eisentraut <email address hidden>.
* Document in dpkg-query(1) that commands producing multiple paragraphs
will preserve the order of the packages specified on the argument list.
* Change start-stop-daemon --exec on GNU/Hurd, FreeBSD, NetBSD, OpenBSD
and Solaris to check for executables matching device and inode numbers
instead of filenames.
* Change start-stop-daemon --name on GNU/Hurd to check the process' argv[1]
in addition to argv[0], to handle both binaries and interpreted scripts.
Reported by Mats Erik Andersson <email address hidden>.
* Handle deb format versions as major.minor integers instead of strings or
floats, the latter being susceptible to parsing errors depending on the
current locale (although this was only affecting the old deb format).
* Ignore the minor format version number for deb-split format, unifying
the behaviour with the deb format.
* Add support for an abitable containing arch attribute overrides.
* Add x32 support to abitable, ostable and triplettable. Closes: #667037
* Fix start-stop-daemon to work with relative --exec arguments and --chdir.
Closes: #669047
* Ignore request to rename a file owned by the diverting package on
«dpkg-divert --add --rename». Closes: #588077
* Clarify dpkg-gensymbols(1) by way of examples that architecture wildcards
are supported in symbols files. Closes: #670048
* Fix memory leak due to Dpkg::Control objects not being garbage-collected.
Thanks to Ben Harris <email address hidden>. Closes: #669012
* Compute the md5sum hash on unpack for empty files too, so that these
can be checked correctly for matching content when installing multiple
package instances.
* Generate md5sums files automatically at unpack time if missing from the
binary package. Closes: #155676, #155799
* Add missing list and md5sums database file checks to «dpkg --audit».
[ Helge Kreutzmann ]
* Fix a typo in man/dpkg-buildflags.1.
[ Updated dpkg translations ]
* French (Christian Perrier).
* German (Sven Joachim).
* Swedish (Peter Krefting).
[ Updated dselect translations ]
* French (Christian Perrier).
* German (Sven Joachim).
* Swedish (Peter Krefting).
[ Updated scripts translations ]
* French (Christian Perrier).
* Swedish (Peter Krefting).
[ Updated scripts translations ]
* French (Christian Perrier).
* German (Helge Kreutzmann).
* Swedish (Peter Krefting).
dpkg (1.16.2) unstable; urgency=low
[ Guillem Jover ]
* Move <config.h> and <compat.h> to the top of trigdeferred.l to properly
use the configured features and compat code.
* Honour --disable-nls when the system lacks obstack support, by updating
the obstack compat module from gnulib.
* Link the libdpkg unit tests with libcompat and libintl, so that systems
needing them will compile correctly.
* Check for the presence of the strnlen declaration and correctly provide
the compat one in case the systems lacks it.
* Do not assume existence of paths on the build system in the test suite.
* Do not fail to link dselect on MacOS X when using --disable-nls.
* Remove versioned coreutils Pre-Depends from dpkg due to the ancient
md5sum transition. Reported by Bill Allombert <email address hidden>.
Closes: #643746
* Change dpkg-architecture to only compute the requested variables. This:
- Fixes the bootstrapping problem, as the dpkg build system only needs
the host architecture, for which dpkg itself is not required.
- Reduces the amount of work performed, including loading and parsing
unnecessary table files or calling either of gcc or dpkg programs.
* Improve error message in dpkg-gencontrol and dpkg-gensymbols when
debian/control does not have any package stanza. Closes: #642473
Based on a patch by Kyle Willmon <email address hidden>.
* Add Pre-Depends on tar >= 1.23 (satisfied in stable) to dpkg due to it
using the ‘--warning=no-timestamp’ option. Closes: #642802
* Do not segfault on GNU/Linux when dpkg cannot retrieve the block size
for the filesystem containing the info database. LP: #872734
* Fix two memory leaks per tar entry in the tar extractor used on unpack.
* Mark dpkg and dselect as Multi-Arch foreign.
Reported by Steve Langasek <email address hidden>.
* Mark dpkg-dev and libdpkg-perl as Multi-Arch foreign. Closes: #648217
Thanks to Colin Watson <email address hidden>.
* Add new deb-origin.5 man page. Closes: #608884
Thanks to Matt Kraai <email address hidden>.
* Return correct status on start-stop-daemon --status when using --pidfile.
* Treat dpkg-deb compression level independently for each backend. This
has the effect of changing the current behaviour for level 0 on all
compressors except gzip.
* Add new dpkg-deb -S option to specify the compression strategy. The only
currently supported value is “extreme” for xz. Closes: #647915
* Stop using brace expansion to install man pages by using dh_installman
instead of dh_install, the former does not abort on empty glob expansion.
* Do not use absolute paths for programs in perl and shell code.
* Add missing ‘*’ in asprintf() and vasprintf() compat declarations.
* Add support for virtual output binary:Summary and db:Status-Abbrev fields.
Closes: #192619, #427945
* Add support for virtual output source:Package and source:Version fields.
Closes: #653575
* Use a different temporary file per process on libcompat's vsnprintf()
function to avoid race conditions from children after fork(3).
Reported by Daniel Ruoso <email address hidden>. Closes: #655411
* Fix start-stop-daemon --exec and --name options on FreeBSD, NetBSD and
OpenBSD by swapping the process matching implementations.
* Fix start-stop-daemon --name option on GNU/Hurd to match the process name.
* Document in more detail the implications of start-stop-daemon matching
options. Closes: #367608
* Improve and clarify dpkg-shlibdeps superfluous linking warning messages.
Based on a patch by Peter Eisentraut <email address hidden>. Closes: #656496
* Relax --merge-avail Packages file parser, to not fail on bogus versions.
* When building only arch-indep binaries with «dpkg-buildpackage -A», name
the .changes file using ‘all’ as architecture. Closes: #661638
* Handle unknown architectures gracefully in dpkg-buildflags.
Closes: #663004
* Add missing --status-logger to dpkg --help output.
* Do not print bogus errno string for invalid package names in dpkg
--ignore-depends option.
* Change dpkg-query to not load the available file by default for --list
and --show, add a new --load-avail option to expose the old behaviour.
* Only allow setting selections via «dpkg --set-selections» for known
packages (i.e. those present in either the status or available files).
* Always ignore older versions when parsing the available file, not only
for --update-avail and --merge-avail.
* Mark not-installed non-arch-qualified selections for removal.
* Add new «dpkg --assert-multi-arch» command to allow checking for
multi-arch support availability.
* Bump Standards-Version to 3.9.3 (no changes needed).
* Add architecture consistency checks to «dpkg --audit».
* Add new dpkg --add-architecture and --remove-architecture commands to
track supported architectures.
[ Raphaël Hertzog ]
* Update Dpkg::Shlibs to look into multiarch paths when cross-building
too. Closes: #595144
* Rewrite architecture.mk with explicit loops instead of duplicating many
similar lines. Based on a patch by Thorsten Glaser <email address hidden>.
* Modify dpkg-gencontrol and dpkg-distaddfile to grab a write lock
on debian/control before updating debian/files to avoid simultaneous
updates. Closes: #642608
Add libfile-fcntllock-perl to dpkg-dev's Depends since we use this module
to handle the locking.
* Update dpkg-gensymbols(1) to clarify that -e accepts shell patterns
expansions and not regular expressions. And let dpkg-gensymbols output a
warning when a pattern doesn't match any file. Closes: #649248
* Add new option "-a <arch>" to dpkg-checkbuilddeps to check build
dependencies for another architecture. This is really basic for now since
it assumes all build dependencies must be satisfied on the listed
architecture. Closes: #648180 Thanks to Colin Watson for the patch.
* Error out if a dpkg database .list file is not a regular file. LP: #369898
* Fix dpkg-mergechangelogs to not error out on invalid versions.
Closes: #651993
* Fix dpkg-source --commit on "3.0 (quilt)" when an explicit patch file
is given with a relative filename. Closes: #652414
* Further clarify in dpkg-source(1) the conditions under which it's possible
to pass an explicit patch file to dpkg-source --commit.
* Add new --query-features command to dpkg-buildflags. Thanks to Kees Cook
for the patch. Closes: #651481
* Fix description of Multi-Arch in deb-control(5). Closes: #654453
Thanks to Jakub Wilk for spotting the mistake.
* Drop misleading spaces in deb-symbols(5) in the format description.
* Clean up dpkg-architecture(1) dropping useless information and
adding a reference to /usr/share/dpkg/architecture.mk.
* Update dpkg-buildpackage to use the "build-arch" (for -B) and
"build-indep" (for -A) targets unless "make -qn" says that they do not
exist. Closes: #229357
* Improve deb-shlibs(5) to mention that the dependency field must
use the same syntax as a Depends field. Closes: #658696
* Update dpkg-maintscript-helper(1) to recommend usage of the version
removing/renaming a conffile with a "~" suffix as "priorversion"
parameter. Thanks to Sam Morris <email address hidden> for the patch.
Closes: #658854
* Fix debug output of dpkg-maintscript-helper. LP: #936340
[ Jonathan Nieder ]
* Bump po4a version in Build-Depends to 0.41, since earlier versions do
not handle --srcdir correctly. Closes: #644370
[ Guillem Jover, Steve Langasek, Raphaël Hertzog ]
* Add new dpkg --print-foreign-architectures command.
* Add support for virtual output binary:Package field.
* Implement Multi-Arch support.
[ Helge Kreutzmann ]
* Fix a typo in man/dpkg-deb.1.
[ Updated dpkg translations ]
* German (Sven Joachim).
* Italian (Milo Casagrande). Closes: #627832, #657849
* Swedish (Peter Krefting).
* French (Christian Perrier)
* Polish (Michał Kułach). Closes: #658126
[ Updated scripts translations ]
* German (Helge Kreutzmann).
* Spanish (Omar Campagne). Closes: #636238
* Swedish (Peter Krefting).
[ Updated man page translations ]
* German (Helge Kreutzmann), including typo fix in dpkg-genchanges
Closes: #646496, sub optimal translation of package states LP: #368783
and an fix by Chris Leick
* Japanese (TAKAHASHI Motonobu).
* Spanish (Omar Campagne). Closes: #643969
* Swedish (Peter Krefting).
* Minor errors corrected in French (thanks to David Prévot)
* Fix translation of -B and -A options of dpkg-buildpackage.
Thanks to Vincent Danjean. Closes: #654626
[ Updated dselect translations ]
* Dutch (Jeroen Schot). Closes: #651813
-- Adam Conrad <email address hidden> Thu, 07 Jun 2012 10:07:38 -0600
-
dpkg (1.16.1.2ubuntu8) quantal; urgency=low
* Revert hack to export compiler flags in dpkg-buildpackage. Any package
depending on this should be fixed to use dpkg-buildflags instead.
-- Colin Watson <email address hidden> Mon, 30 Apr 2012 12:49:51 +0100
-
dpkg (1.16.1.2ubuntu7) precise; urgency=low
* Apply missing patch from upstream to let dselect's resolver deal
with multi-arch Provides in the same way as dpkg (LP: #853679)
-- Adam Conrad <email address hidden> Thu, 12 Apr 2012 16:59:09 -0600
