-
dpkg (1.15.11) squeeze-security; urgency=high
[ Guillem Jover ]
* Test suite:
- Add test cases for Dpkg::Source::Patch CVE-2014-0471 and CVE-2014-3127.
- Add test case for patch disabling hunks; not security sensitive.
* Correctly parse patch headers in Dpkg::Source::Patch, to avoid directory
traversal attempts from hostile source packages when unpacking them.
Reported by Javier Serrano Polo <email address hidden> as an unspecified
directory traversal; meanwhile also independently found by me both
#749183 and what was supposed to be #746498, which was later on published
and ended up being just a subset of the other non-reported issue.
Fixes CVE-2014-3864 and CVE-2014-3865. Closes: #746498, #749183
-- Guillem Jover <email address hidden> Thu, 05 Jun 2014 22:52:45 +0200
-
dpkg (1.15.8.13) stable; urgency=low
[ Guillem Jover ]
* Do not translate SE Linux context to human readable form while unpacking,
as that might cause the operation to fail if the mcstransd daemon
stopped running during the transaction. Closes: #679641
Thanks to Russell Coker <email address hidden>.
[ Updated man page translations ]
* German (Helge Kreutzmann). Fix sub optimal translation of package states
LP: #368783, a fix by Chris Leick and other fixes.
-- Guillem Jover <email address hidden> Fri, 07 Sep 2012 08:28:56 +0200
-
dpkg (1.15.8.12) stable; urgency=low
[ Guillem Jover ]
* Do not fail to unpack shared directories missing on the file system
from packages being replaced by other packages. Closes: #631808
* Defer hardlink renames so that there's never a point were the new
file contents are accessible from the final path before they have
been fsync()ed and cannot be executed causing ETXTBSY when trying
to open the to be installed paths for writing.
Thanks to Jonathan Nieder <email address hidden>. Closes: #635683
* Add armhf support to ostable and triplettable. Closes: #594179, #639674
[ Updated man page translations ]
* German (Helge Kreutzmann). Minor fixe(s), including improvement by "Flo".
[ Updated scripts translations ]
* German (Helge Kreutzmann). Minor fix from Sven Joachim.
Typo fixes. Closes: #646496
-- Guillem Jover <email address hidden> Thu, 10 Nov 2011 07:20:52 +0100
-
dpkg (1.15.8.11) stable; urgency=high
[ Guillem Jover ] * Do not segfault on “dpkg -i --no-act”. * Add missing semicolon to the vsnprintf() compat declaration. Thanks to Robert Millan. Closes: #612203 * Fix typo in «dpkg-name --overwrite» argument parsing so that it actually works at all. Thanks to Ivan Gagis <email address hidden>. LP: #728708 * Fix dpkg-split to not corrupt binary part metadata when generating the split packages on 32-bit systems. [ Raphaël Hertzog ] * Fix a regression in dpkg-divert where using --rename led to a failure when the rename implies crossing file systems. Thanks to Durk Strooisma for spotting it. [ Updated dpkg translations ] * German (Sven Joachim). [ Updated man page translations ] * German (Helge Kreutzmann). Minor fixe(s). -- Guillem Jover <email address hidden> Tue, 26 Apr 2011 08:21:04 +0200
-
dpkg (1.15.8.10) unstable; urgency=low
* Do not segfault on “update-alternatives --auto” when the link group only has alternatives which are dangling symlinks. Closes: #611545 -- Guillem Jover <email address hidden> Sun, 30 Jan 2011 20:28:27 +0100
-
dpkg (1.15.8.9) unstable; urgency=low
[ Raphaël Hertzog ] * Drop Breaks on konqueror to avoid some lenny -> squeeze upgrade problems. It was only needed to ensure install-info is installed even for partial upgrades. Closes: #610991 * Do the same for all emacs/jed packages. For jed, the breaks has been rendered useless as the maintainers dropped the install-info dependencies anyway. [ Updated dpkg translations ] * Remove space before "…" in several Catalan strings (Jordi Mallach). * Romanian (Stan Ioan-Eugen). -- Raphaël Hertzog <email address hidden> Mon, 24 Jan 2011 20:24:53 +0100
-
dpkg (1.15.8.8) unstable; urgency=low
[ Guillem Jover ] * Truncate the output part file on “dpkg-split -s”. Regression introduced with the C rewrite. [ Updated man page translations ] * Two typos fixed in French (Christian Perrier, thanks to Julien Valroff). [ Raphaël Hertzog ] * Fix multiple security issues with dpkg-source (CVE-2010-1679): - Enhance checks to catch maliciously crafted patches which could modify files outside of the unpacked source package. - Do not consider a top-level symlink like a directory when extracting a tarball. - Exclude .pc while extracting the upstream tarball in 3.0 (quilt) as patch blindly writes in that directory during unpack (and would follow any existing symlink). -- Raphaël Hertzog <email address hidden> Thu, 06 Jan 2011 21:04:33 +0100
-
dpkg (1.15.8.7) unstable; urgency=low
[ Guillem Jover ] * Defer symlink renames so that there's never a point were a symlink is broken, this is particularly important for shared libraries. Closes: #605536 * On Linux use sync_file_range() to initiate asynchronous writeback of just unpacked files. Suggested by Ted Ts'o <email address hidden>. Thanks to Jonathan Nieder <email address hidden>. Closes: #605009 * On non-Linux use posix_fadvise(POSIX_FADV_DONTNEED) to notify the kernel dpkg does not need the unpacked files any longer, and that it can start writeback to be able to evict them from the cache at a later point. * Fix stanza delimiting on -L, -s and -p output. This was making the output for multiple packages unrealiable to parse. Closes: #606315 [ Updated dpkg translations ] * Basque (Iñaki Larrañaga Murgoitio). Closes: #607253 * Catalan (Guillem Jover). * Czech (Miroslav Kure). Closes: #605099 * Esperanto (Felipe E. F. de Castro). Closes: #607437 * French (Christian Perrier). * German (Sven Joachim). * Indonesian (Arief S Fitrianto). Closes: #605248 * Italian (Milo Casagrande). Closes: #607306 * Japanese (Kenshi Muto). Closes: #607259 * Norwegian Bokmål (Hans Fredrik Nordhaug). * Portuguese (Miguel Figueiredo). Closes: #605506 * Russian (Yuri Kozlov). Closes: #607292 * Simplified Chinese (Aron Xu). * Slovak (Ivan Masár). Closes: #607302 * Spanish (Javier Fernandez-Sanguino). * Thai (Theppitak Karoonboonyanan). Closes: #607501 [ Updated man page translations ] * French (Christian Perrier). * German (Helge Kreutzmann). * Spanish (Omar Campagne). [ Updated dselect translations ] * Spanish (Javier Fernandez-Sanguino). [ Updated scripts translations ] * German (fix by Sven Joachim). * Spanish (Javier Fernandez-Sanguino). -- Guillem Jover <email address hidden> Mon, 20 Dec 2010 02:26:26 +0100
-
dpkg (1.15.8.5) unstable; urgency=low
[ Guillem Jover ]
* Do not print a warning when parsing status or status log files on
half-installed packages w/o a Description or Maintainer field, as
this happens normally when the package was never installed before.
Closes: #594167
* Improve git format documentation in dpkg-source(1).
Thanks to Joey Hess, based on a patch by Tanguy Ortolo.
* Clarify effect of “dpkg --purge” on homedir files in dpkg(1).
Thanks to The Fungi <email address hidden>. Closes: #593628
* Add gettext plurals infrastructure support.
* Add gettext messages for plural forms. Closes: #594218
* Fix possible but improbable segfault in update-alternatives in case
the master file name contains a format string specifier. Reported by
Sandro Cazzaniga.
* Fix realloc usage on compat scandir() implementation.
[ Raphaël Hertzog ]
* Fix dpkg-genchanges to not split the short description in the middle of a
UTF8 character. Closes: #593442
* Drop -k parameter from the tar call used by dpkg-source to extract
tarballs. Upstream binary files modified by the packager were not properly
installed due to this. Thanks to James Westby for the report.
Closes: #594440
* Make dpkg Breaks: dpkg-dev (<< 1.15.8) so that older versions of dpkg-dev
that did not depend on libdpkg-perl must be upgraded together with dpkg.
Closes: #596417
[ Helge Kreutzmann ]
* Fix encoding of German addendum. Closes: #595643
[ Updated programs translations ]
* Esperanto (Felipe Castro). Closes: #596173
* French (Christian Perrier).
* German (Sven Joachim).
* Indonesian (Arief S Fitrianto). Closes: #596657
* Italian (Milo Casagrande). Closes: #592953, #595615
* Japanese (Kenshi Muto). Closes: #595468
* Korean (Changwoo Ryu). Closes: #595556
* Norwegian Bokmål (Hans Nordhaug). Closes: #595208
* Simplified Chinese (Aron Xu). Closes: #594513
* Slovak (Ivan Masár). Closes: #595968
* Swedish (Peter Krefting).
* Thai (Theppitak Karoonboonyanan). Closes: #594011
[ Updated man page translations ]
* French (Christian Perrier).
* German (Helge Kreutzmann).
* Swedish (Peter Krefting).
[ Updated scripts translations ]
* French (Christian Perrier). Includes a fix to a specific
message translation that was imprecise. Closes: #596333
* German (Helge Kreutzmann). Improved by Holger Wansing.
* Norwegian Bokmål (Hans Fredrik Nordhaug). Closes: #595299
* Spanish (Omar Campagne). Closes: #596518
* Swedish (Peter Krefting).
* Russian (Yuri Kozlov). Closes: #595175
-- Guillem Jover <email address hidden> Tue, 14 Sep 2010 01:26:21 +0200
-
dpkg (1.15.8.4) unstable; urgency=low
[ Guillem Jover ]
* Fix use after free segfault on update-alternatives --remove-all.
Closes: #591653, #591654
* Always print a massage on warning when parsing control files.
* On database parsing only warn on bogus versions previously accepted,
the other instances will keep producing errors, to avoid newly
introduced bogosity. Closes: #590885, #590896, #591692, #591885
* Fix compilation on Solaris and Darwin:
- Link update-alternatives against libintl if libc does not have i18n
support.
- Include <limits.h> for _POSIX_MAX_PATH in update-alternatives.
Thanks to Fabian Groffen <email address hidden>.
[ Raphaël Hertzog ]
* Fix make -C man install so that it actually finds the manual pages
to install. Closes: #591588
* When analyzing the ELF format of a binary in dpkg-shlibdeps, fallback on
usual objdump when the cross objdump failed. Closes: #591522
[ Sven Joachim ]
* Ensure removal of leftover backup .dpkg-tmp files after unpacking
failures, when the backup is still a hard link to the original file.
Closes: #591993
-- Guillem Jover <email address hidden> Fri, 13 Aug 2010 06:02:10 +0200
-
dpkg (1.15.7.2) unstable; urgency=low
[ Raphaël Hertzog ]
* Update dpkg-buildflags to respect $XDG_CONFIG_HOME and to use
$XDG_CONFIG_HOME/dpkg/buildflags.conf by default.
* Update deb-substvars(5) to codify how variables containing multiple
lines must be managed.
* Fix boolean evaluation of Dpkg::Version so that version 0 evaluates to
false and dpkg-shlibdeps can strip the minimal version specification.
Closes: #579724
Document this behaviour in the API and add non-regression test to ensure
it's kept.
* Let dpkg-buildflags error out when a required parameter is missing.
Closes: #579722
* Add Bug-Ubuntu field in DEP-3 template provided in the automatic header
of patches in 3.0 (quilt) source packages. Thanks to Benjamin Drung
<email address hidden> for the patch. Closes: #578002
* Update deb-override(5) by removing references to usage of sections
to place the packages on the mirrors and by indicating that the Debian
policy offers a list of allowed values for section and priority.
Closes: #575410
* Update reference to triggers.txt.gz in dpkg-trigger(1) and deb-triggers(5)
to match the new location. Closes: #580774
* Drop mention of PKG_CONFIG_LIBDIR in dpkg-buildpackage(1), the feature has
been removed in 1.15.6.
* Rename /usr/lib/dpkg/maintscript-helper into
/usr/bin/dpkg-maintscript-helper, it is a public interface even if working
around known limitations.
* Add "supports" command to dpkg-maintscript-helper to ensure the wanted
command is supported before calling it.
[ Guillem Jover ]
* Add powerpcspe support to ostable and triplettable.
Thanks to Sebastian Andrzej Siewior <email address hidden> and
Kyle Moffett <email address hidden>. Closes: #568123, #575158
* Fix dpkg --root by properly stripping again the root directory from the
path of the maintainer script to execute. Closes: #580984
* On Linux use sync() instead of an fsync() per file on deferred extraction,
to workaround performance degradation on ext4. Closes: #578635
[ Gerfried Fuchs ]
* Fix syntax error in dpkg-name. Closes: #581315
-- Guillem Jover <email address hidden> Wed, 19 May 2010 07:57:14 +0200
-
dpkg (1.15.7.1) unstable; urgency=low
* Fix dpkg-source -b (without -i) for source packages 1.0. Closes: #578693
It was erroneously ignoring all changes because the ignore regex was
wrong (due to the change to ignore debian/source/local-options).
* Add missing call to textdomain() in dpkg-mergechangelogs to make
translations work.
-- Raphaël Hertzog <email address hidden> Thu, 22 Apr 2010 08:05:20 +0200
-
dpkg (1.15.5.6) unstable; urgency=low
* dpkg-source: with format "3.0 (quilt)" ensure quilt's .pc directory is
created before trying to register a new patch in .pc/applied-patches.
Thanks to Tommi Vainikainen <email address hidden> for the report and the
patch. Closes: #561237
* Fix dpkg-buildpackage to set "parallel=" in DEB_BUILD_OPTIONS instead of
the invalid "parallel=-1" when option "-j" is given. Closes: #562038
* Clarify how dpkg-source --print-format works and display messages on
STDERR when the requested format is discarded. Closes: #560391
* Add ${misc:Depends} in all Depends fields.
-- Raphael Hertzog <email address hidden> Fri, 08 Jan 2010 17:57:43 +0100
-
dpkg (1.15.5.5) unstable; urgency=low
* Allow again new lines in dpkg-source and dpkg-genchanges on substvar and
maintainer arguments.
-- Guillem Jover <email address hidden> Tue, 22 Dec 2009 09:49:49 +0100
-
dpkg (1.15.5.4) unstable; urgency=low
* Fix Dpkg::Index::get() and remove(). Thanks to Roderich Schupp
<email address hidden> for the patch. Closes: #558595
* Modify implementation of "3.0 (quilt)" source format to not be
behave differently depending on whether quilt is installed or not.
The option --without-quilt is thus gone and dpkg-source creates
and relies on the .pc directory to know whether patches are applied
or not. Closes: #557667
* Add new dpkg-source option --single-debian-patch supported by the source
format "3.0 (quilt)" so that it behaves more like 1.0 and its single diff
that is constantly updated with all upstream changes. Useful if the
workflow is VCS based and can't generate a full patch set.
* dpkg-source now uses debian/source/patch-header as header of the automatic
Debian patch in format "3.0 (quilt)".
* Fix Debian changelog parser so that the trailer line is again checked.
-- Raphael Hertzog <email address hidden> Mon, 07 Dec 2009 09:24:31 +0100
-
dpkg (1.15.4.1) unstable; urgency=medium
* Do not mark any package as unseen in dselect. This is a workaround
until it learns how to store such information again. Closes: #545366
-- Guillem Jover <email address hidden> Mon, 19 Oct 2009 15:15:17 +0200
-
dpkg (1.15.3.1) unstable; urgency=low
[ Modestas Vainius ]
* Fix wildcard support in symbol files. Closes: #536034
-- Guillem Jover <email address hidden> Wed, 08 Jul 2009 11:26:36 +0200
-
dpkg (1.15.2) unstable; urgency=low
[ Guillem Jover ]
* Fix FTBFS on GNU/Hurd due to a missmatched define usage in
start-stop-daemon. Closes: #530446
* Remove obsolete priorities support from dselect.
Thanks to Sven Joachim <email address hidden>.
* Fix bashism (“echo -e”) in dselect disk setup method. Closes: #530071
* Properly parse fdisk output in dselect disk setup method.
* Fix memory leaks due to not destroying some pkg iterators.
[ Updated dpkg translations ]
* Asturian (Marcos Alvarez Costales). Closes: #529889
* Basque (Piarres Beobide). Closes: #529857
* French (Christian Perrier).
* German (Sven Joachim).
[ Updated man page translations ]
* German (Helge Kreutzmann).
[ Updated dselect translations ]
* French (Christian Perrier).
[ Updated scripts translations ]
* French (Christian Perrier).
* German (Helge Kreutzmann).
-- Guillem Jover <email address hidden> Tue, 26 May 2009 01:00:36 +0200
-
dpkg (1.14.26) unstable; urgency=low
[ Raphael Hertzog ]
* Fix dpkg-source to not die when uncompressor processes are killed by
SIGPIPE due to tar closing the pipe without exhausting all the data
available. Closes: #523329
[ Updated scripts translations ]
* German (Helge Kreutzmann).
* Polish (Wiktor Wandachowicz). Closes: #514106
* Swedish (Peter Krefting).
[ Updated manpages translations ]
* German (Helge Kreutzmann).
* Polish (Wiktor Wandachowicz). Closes: #514106
* Swedish (Peter Krefting).
-- Raphael Hertzog <email address hidden> Thu, 09 Apr 2009 19:07:40 +0200
-
dpkg (1.14.25) unstable; urgency=low
[ Guillem Jover ]
* Fix typo in package description ('privides' -> 'provides').
Thanks to Pascal De Vuyst <email address hidden>. Closes: #510755
* Do not lose conffiles while replacing them from another package on the
same install run. Closes: #513857
As a side effect this fixes the following symptoms:
- Do not do unneeded conffile prompts when it wasn't locally changed.
- Do not ensure (and thus do not output debug information) that the
.dpkg-new and .dpkg-tmp directories for an existing directory do not
exist. Closes: #80416
[ Raphael Hertzog ]
* dpkg-deb now always produces GNU tarballs inside .deb and ignores
TAR_OPTIONS. Closes: #513863
[ Updated dpkg translations ]
* Basque (Piarres Beobide). Closes: #506092, #509851
* Simplified Chinese (Deng Xiyue). Closes: #506177
* Traditional Chinese (Tetralet). Closes: #513312
[ Updated dselect translations ]
* Basque (Piarres Beobide). Closes: #509852
* Norwegian Bokmål (Hans F. Nordhaug).
* Portuguese (Miguel Figueiredo). Closes: #509904
[ Updated scripts translations ]
* Add missing space in French translation.
Thanks to Cyril "Oeil de lynx" Brulebois.
-- Guillem Jover <email address hidden> Tue, 03 Feb 2009 00:00:41 +0200
