Publishing details

Changelog

dpkg (1.17.10) unstable; urgency=medium


  [ Guillem Jover ]
  * Use libtool to build the static libraries, which makes it possible to
    embed libcompat inside libdpkg, as required by some external programs
    linking against the latter. Closes: #746122
  * Fix word wrapping logic in dselect. Regression introduced in dpkg 1.17.3.
  * Fix possible out of bounds buffer read access in the error output on
    bogus ar member sizes.
  * Fix memory leaks in buffer_copy() on error conditions.
  * Test suite:
    - Improve C code coverage.
    - Add template test cases for most perl modules.
    - Add test cases for Dpkg::Deps OR relationships.
    - Add minimal test case for Dpkg::Source::Quilt.
    - Add test cases for Dpkg::Source::Patch CVE-2014-0471 and CVE-2014-3127.
    - Add test case for patch disabling hunks; not security sensitive.
  * Fix non-security sensitive TOCTOU race in triggers database loading.
  * Fix non-security sensitive TOCTOU race in update-alternative alternative
    database loading.
  * Fix non-security sensitive TOCTOU race in update-alternative rename code.
  * Add a workaround to start-stop-daemon for bogus OpenVZ Linux kernels that
    prepend, instead of appending, the " (deleted)" marker in /proc/PID/exe.
    Closes: #731530
  * Move dpkg-architecture -L argument to the Commands --help output section.
  * Make dpkg-maintscript-helper print only once that we are moving a
    conffile, and not on every interim state transition. Closes: #747370
  * Do not use global match variables in perl code.
  * Man pages:
    - Attempt to clarify and improve wording of some strange or confused
      constructs. Reported by Helge Kreutzmann.
    - Expand Vcs-* field names into each supported field name in
      deb-src-control(5) to make it easier to search for them.
    - Change control.tar.gz reference to simply control.tar in deb(5).
    - Document in dpkg-deb(1) -Z option that bzip2 and lzma are deprecated.
    - Add notes in dpkg-gensymbols(1) about symbol backward-compatibility.
      Based on a patch by Bernhard R. Link <email address hidden>.
      Closes: #746973
    - Document that dpkg-buildpackage(1) -j argument is optional.
    - Add current and deprecated media types to deb(5).
    - Document in dpkg(1) that --audit now does more than just searching for
      partially installed packages.
  * Add support for automatic parallel job selection in dpkg-buildpackage,
    matching currently active processors, when using -jauto. Closes: #748012
  * Perl modules:
    - Bump $VERSION for Dpkg::Patch, missed in 1.16.1.
    - Bump $VERSION for Dpkg::Deps, missed in 1.17.0.
    - Update and fix CHANGES POD sections for public modules.
    - Add missing Dpkg::Deps::Multiple profile_is_concerned() and
      reduce_profiles() methods, inherited by Dpkg::Deps::Union,
      Dpkg::Deps::AND and Dpkg::Deps::OR.
  * Do not mangle quilt series files with a missing newline on the last line.
    Closes: #584233
  * Quiesce tar warnings in cron job by redirecting stderr to /dev/null, as
    it seems --warning=none does not work correctly. Closes: #748544
  * Do not emit a trailing space from Dpkg::Control::Hash on a field's empty
    first line. Bump dpkg-dev Breaks on devscripts to 2.14.4, as previous
    versions expect a trailing space from dpkg-parsechangelog output.
    Based on a patch by Johannes Schauer <email address hidden>. Closes: #749044
  * Do not assume that sensible-editor is present on «dpkg-source --commit»,
    as that command is very Debian specific. Fallback to try VISUAL, EDITOR,
    or vi, if the previous commands are either unset or not found.
  * Use badusage() instead of ohshit() on dpkg --ignore-depends argument
    parsing errors.
  * Add per package dpkg --audit support.
  * Add support for DragonFlyBSD to ostable and triplettable.
    Thanks to Hleb Valoshka <email address hidden>.
  * Add support for DragonFlyBSD to start-stop-daemon. Closes: #734452
    Based on a patch by Hleb Valoshka <email address hidden>.
  * Correctly parse patch headers in Dpkg::Source::Patch, to avoid directory
    traversal attempts from hostile source packages when unpacking them.
    Reported by Javier Serrano Polo <email address hidden> as an unspecified
    directory traversal; meanwhile also independently found by me both
    #749183 and what was supposed to be #746498, which was later on published
    and ended up being just a subset of the other non-reported issue.
    Fixes CVE-2014-3864 and CVE-2014-3865. Closes: #746498, #749183

  [ Updated programs translations ]
  * Catalan (Guillem Jover).
  * Italian (Milo Casagrande). Closes: #750105

  [ Updated scripts translations ]
  * German (Helge Kreutzmann).

  [ Updated manpages translations ]
  * German (Helge Kreutzmann).

  [ Raphaël Hertzog ]
  * Let dpkg-source unpack additional tarballs in a deterministic order.
    Thanks to Samuel Bronson for the report. Closes: #747148

 -- Guillem Jover <email address hidden>  Thu, 05 Jun 2014 20:18:04 +0200

Builds

Package files