-
dpkg (1.16.12ubuntu1.3) saucy-security; urgency=medium
* SECURITY UPDATE: arbitrary file modification via dpkg-source
- scripts/Dpkg/Source/Patch.pm: Use a better regex for patch header
parsing
- 5348cbc981a65c3c9b05bb4d13553bda930c2d78
- CVE-2014-3864
- CVE-2014-3865
-- Marc Deslauriers <email address hidden> Mon, 09 Jun 2014 12:52:24 -0400
-
dpkg (1.16.12ubuntu1.2) saucy-security; urgency=medium
* SECURITY UPDATE: directory traversal in dpkg-source
- scripts/Dpkg/Source/Patch.pm: outright reject C-style filenames in
patches
- a12eb58959d0a10584a428f4a3103a49204c410f
- CVE-2014-0471
-- Marc Deslauriers <email address hidden> Thu, 01 May 2014 08:02:44 -0400
-
dpkg (1.16.12ubuntu1.1) saucy-security; urgency=medium
* SECURITY UPDATE: directory traversal in dpkg-source
- scripts/Dpkg/Source/Patch.pm: correctly parse C-style diff
filenames.
- Patch thanks to Guillem Jover <email address hidden>
- CVE-2014-0471
-- Marc Deslauriers <email address hidden> Wed, 23 Apr 2014 19:49:35 -0400
-
dpkg (1.16.12ubuntu1) saucy; urgency=low
* Merge with Debian stable-proposed-updates, remaining changes:
- Change the multiarch downgrade version checks in prerm/postrm
from 1.16.2 to 1.16.0~ to reflect when multiarch landed in Ubuntu.
- Migrate dpkg multiarch conffile (and other multi-arch-related
conf settings) to the new DB with dpkg --add-architecture, but
keep a copy of the old conffile if it was modified.
- Out of paranoia, keep an option handler for foreign-architecture
that informs people that they need to scrub their config files
and upgrade, on the off chance that the above migration fails
for some reason (this mitigates the chances of leaving users with
a dpkg that fails to run due to a broken config).
- Add DPKG_UNTRANSLATED_MESSAGES environment check so that higher-level
tools can get untranslated dpkg terminal log messages while at the
same time having translated debconf prompts. This is useful for tools
that hide the dpkg terminal by default and use apport for bug
reporting with the untranslated error message.
- Apply patch from Steve McIntyre to special-case armhf/armel ELF
objects in Shlibs/Objdump.pm, so we don't get incorrect deps.
- lib/dpkg/pkg-spec.c: map unqualified package names of multiarch-same
packages to the native arch instead of throwing an error, so that we
don't break on upgrade when there are unqualified names stored in
dpkg's own trigger database.
- Add logic to the postinst to `dpkg --add-architecture i386' on new
installs on amd64, and to also do so on upgrades from pre-conffile
Ubuntu versions, mimicking our previous behaviour with the conffile.
- Apply a workaround from mvo to consider RC packages as multiarch,
during the dpkg consistency checks. (see LP: 1015567 and 1057367).
- Don't set unsupported -fstack-protector in dpkg-buildflags on arm64.
* Add ppc64el/powerpc64le support to cputable (backported from 1.17.2)
dpkg (1.16.12) stable; urgency=low
* Fix value caching in Dpkg::Arch by not shadowing the variables.
Closes: #724949
dpkg (1.16.11) stable; urgency=low
[ Raphaël Hertzog ]
* Fix usage of non-existent _() function in multiple places of the Perl
code. Thanks to Lincoln Myers <email address hidden> for the patch.
Closes: #708607
[ Guillem Jover ]
* Fix chmod() arguments order in Dpkg::Source::Quilt. Closes: #710265
Thanks to Pablo Oliveira <email address hidden>.
* Only ignore older packages if the existing version is informative. This
allows any program using libdpkg to parse the available file to see again
packages with versions lesser than 0-0 (like 0~0-0). Closes: #676664
* Fix use after free in dpkg_arch_load_list() on libdpkg.
Reported by Pedro Ribeiro <email address hidden>.
[ Updated programs translations ]
* Vietnamese (Trần Ngọc Quân). Closes: #715334
[ Added man page translations ]
* Italian (Beatrice Torracca). Closes: #711647
[ Updated man page translations ]
* Japanese (TAKAHASHI Motonobu). Closes: #704240
-- Adam Conrad <email address hidden> Fri, 04 Oct 2013 00:26:28 -0600
-
dpkg (1.16.10ubuntu3) saucy; urgency=low
* scripts/Dpkg/Shlibs/Objdump.pm: Adjust armel/armhf special-casing
in dpkg-shlibdeps to try the new ELF ABI flags before arch tags.
-- Adam Conrad <email address hidden> Mon, 08 Jul 2013 08:05:57 -0600
-
dpkg (1.16.10ubuntu2) saucy; urgency=low
* Don't set -fstack-protector in dpkg-buildflags on arm64 (not yet
supported).
-- Matthias Klose <email address hidden> Tue, 11 Jun 2013 09:33:34 +0200
-
dpkg (1.16.10ubuntu1) raring; urgency=low
* Merge from Debian unstable. Remaining changes:
- Change the multiarch downgrade version checks in prerm/postrm
from 1.16.2 to 1.16.0~ to reflect when multiarch landed in Ubuntu.
- Migrate dpkg multiarch conffile (and other multi-arch-related
conf settings) to the new DB with dpkg --add-architecture, but
keep a copy of the old conffile if it was modified.
- Out of paranoia, keep an option handler for foreign-architecture
that informs people that they need to scrub their config files
and upgrade, on the off chance that the above migration fails
for some reason (this mitigates the chances of leaving users with
a dpkg that fails to run due to a broken config).
- Add DPKG_UNTRANSLATED_MESSAGES environment check so that higher-level
tools can get untranslated dpkg terminal log messages while at the
same time having translated debconf prompts. This is useful for tools
that hide the dpkg terminal by default and use apport for bug
reporting with the untranslated error message.
- Apply patch from Steve McIntyre to special-case armhf/armel ELF
objects in Shlibs/Objdump.pm, so we don't get incorrect deps.
- lib/dpkg/pkg-spec.c: map unqualified package names of multiarch-same
packages to the native arch instead of throwing an error, so that we
don't break on upgrade when there are unqualified names stored in
dpkg's own trigger database.
- Add logic to the postinst to `dpkg --add-architecture i386' on new
installs on amd64, and to also do so on upgrades from pre-conffile
Ubuntu versions, mimicking our previous behaviour with the conffile.
- Apply a workaround from mvo to consider RC packages as multiarch,
during the dpkg consistency checks. (see LP: 1015567 and 1057367).
dpkg (1.16.10) unstable; urgency=low
[ Guillem Jover ]
* Fix typos in 1.16.9 changelog entry. Closes: #691954
Thanks to Nicolás Alvarez <email address hidden>.
* Add missing @LIBLZMA_LIBS@ to Libs.Private in libdpkg.pc.in.
* Do not use an undefined va_list variable in dpkg_put_errno().
* Abort installation if we cannot set the security context for a file.
* Fix OpenPGP armored signature parsing, to be resilient against doctored
input, including source package control files. Closes: #695919
* Make sure the OpenGPG armor contains a signature block, even on EOF.
* Do not accept Armor Header Lines inside a paragraph.
* Do not abort dselect when multiarch is detected, as that only makes
users downgrade and hold on an older version w/ worse multiarch support.
* Fix warning in Dpkg::Source::Archive with «perl -w» due to redefinition
of getcwd() by removing unused POSIX modules usage. Closes: #700978
[ Updated programs translations ]
* Esperanto (Felipe Castro).
* Spanish (Javier Fernández-Sanguino).
* Vietnamesea (Trần Ngọc Quân). Closes: #692100
[ Updated scripts translations ]
* Fix mistranslation in French translation of scripts.
Thanks to Filipus Klutiero. Closes: #698530
* Fix typos in French translation of scripts.
Thanks to Sylvestre Ledru. Closes: #702627
* Fix Russian translation (wrong order of parameters in a string).
Thanks to Andrey Rahmatullin for noticing and Yuri Kozlov for fixing
the translation. Closes: #698869
-- Adam Conrad <email address hidden> Fri, 22 Mar 2013 12:09:02 -0600
