Ubuntu dpkg 1.15.5.6ubuntu2
This e-mail has been sent due to an upload to Ubuntu that contains Ubuntu
changes. It contains the difference between the new version and the
previous version of the same source package in Ubuntu.
Format: 1.8
Date: Thu, 11 Mar 2010 00:34:28 +0000
Source: dpkg
Binary: dpkg dpkg-dev dselect
Architecture: source
Version: 1.15.5.6ubuntu2
Distribution: lucid
Urgency: high
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Changed-By: Colin Watson <cjwatson@ubuntu.com>
Description:
dpkg - Debian package management system
dpkg-dev - Debian package development tools
dselect - Debian package management front-end
Closes: 430958
Launchpad-Bugs-Fixed: 442114 512096 532445
Changes:
dpkg (1.15.5.6ubuntu2) lucid; urgency=high
.
* Backport from upstream:
- Use FIEMAP when available (on Linux based systems) to sort the .list
files loading order. With a cold cache it improves up to a 70%.
Thanks to Morten Hustveit <morten@debian.org>. LP: #442114
- Call fsync(2) after writing files on disk, to get the atomicity
guarantees when doing rename(2). Based on a patch by Jean-Baptiste
Lallement <jeanbaptiste.lallement@gmail.com>.
Closes: #430958, LP: #512096
* Security fixes by Raphaël Hertzog, also backported from upstream
(CVE-2010-0396):
- Modify dpkg-source to error out when it would apply patches containing
insecure paths (with "/../") and also error out when it would apply a
patch through a symlink. Those checks are required as patch will
happily modify files outside of the target directory and unpacking a
source package should not be able to have any side-effect outside of
the target directory. LP: #532445
- Also error out when the quilt series contains a path with "/../" as
this can cause patch to create files outside of the source package due
to the -B .pc/$path option that it gets.
Checksums-Sha1:
5756bc6388d81d8c352877269f7528970dcafc94 2001 dpkg_1.15.5.6ubuntu2.dsc
4566c929b947702149eb66079ba1e0df1cb0aa9c 4702429 dpkg_1.15.5.6ubuntu2.tar.bz2
Checksums-Sha256:
feecbca3893f4b9c850b4367b3bbaf8a074d3b1d350002f2b662ebb5abc74ec8 2001 dpkg_1.15.5.6ubuntu2.dsc
eb3d678415e46dc3a4288c5335005190365bab9cbf437008c1af794b68b32afe 4702429 dpkg_1.15.5.6ubuntu2.tar.bz2
Files:
daaed53f6444a613ce9b0ab3f692415e 2001 admin required dpkg_1.15.5.6ubuntu2.dsc
262ade449a37c17577674288ac43e419 4702429 admin required dpkg_1.15.5.6ubuntu2.tar.bz2
Original-Maintainer: Dpkg Developers <debian-dpkg@lists.debian.org>
diff -pruN 1.15.5.6ubuntu1/aclocal.m4 1.15.5.6ubuntu2/aclocal.m4
--- 1.15.5.6ubuntu1/aclocal.m4 2010-02-14 01:40:26.000000000 +0000
+++ 1.15.5.6ubuntu2/aclocal.m4 2010-03-11 00:40:53.000000000 +0000
@@ -1,4 +1,4 @@
-# generated automatically by aclocal 1.11 -*- Autoconf -*-
+# generated automatically by aclocal 1.11.1 -*- Autoconf -*-
# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
# 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc.
@@ -192,7 +192,7 @@ AC_DEFUN([AM_AUTOMAKE_VERSION],
[am__api_version='1.11'
dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
dnl require some minimum version. Point them to the right macro.
-m4_if([$1], [1.11], [],
+m4_if([$1], [1.11.1], [],
[AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
])
@@ -208,7 +208,7 @@ m4_define([_AM_AUTOCONF_VERSION], [])
# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
-[AM_AUTOMAKE_VERSION([1.11])dnl
+[AM_AUTOMAKE_VERSION([1.11.1])dnl
m4_ifndef([AC_AUTOCONF_VERSION],
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
diff -pruN 1.15.5.6ubuntu1/config.h.in 1.15.5.6ubuntu2/config.h.in
--- 1.15.5.6ubuntu1/config.h.in 2010-02-14 01:40:26.000000000 +0000
+++ 1.15.5.6ubuntu2/config.h.in 2010-03-11 00:40:53.000000000 +0000
@@ -83,6 +83,9 @@
/* Define to 1 if you have the <libintl.h> header file. */
#undef HAVE_LIBINTL_H
+/* Define to 1 if you have the <linux/fiemap.h> header file. */
+#undef HAVE_LINUX_FIEMAP_H
+
/* Define to 1 if you have the <locale.h> header file. */
#undef HAVE_LOCALE_H
diff -pruN 1.15.5.6ubuntu1/configure 1.15.5.6ubuntu2/configure
--- 1.15.5.6ubuntu1/configure 2010-02-14 01:40:26.000000000 +0000
+++ 1.15.5.6ubuntu2/configure 2010-03-11 00:40:53.000000000 +0000
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.65 for dpkg 1.15.5.6.
+# Generated by GNU Autoconf 2.65 for dpkg 1.15.5.6ubuntu2.
#
# Report bugs to <debian-dpkg@lists.debian.org>.
#
@@ -552,8 +552,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='dpkg'
PACKAGE_TARNAME='dpkg'
-PACKAGE_VERSION='1.15.5.6'
-PACKAGE_STRING='dpkg 1.15.5.6'
+PACKAGE_VERSION='1.15.5.6ubuntu2'
+PACKAGE_STRING='dpkg 1.15.5.6ubuntu2'
PACKAGE_BUGREPORT='debian-dpkg@lists.debian.org'
PACKAGE_URL=''
@@ -1333,7 +1333,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures dpkg 1.15.5.6 to adapt to many kinds of systems.
+\`configure' configures dpkg 1.15.5.6ubuntu2 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1403,7 +1403,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of dpkg 1.15.5.6:";;
+ short | recursive ) echo "Configuration of dpkg 1.15.5.6ubuntu2:";;
esac
cat <<\_ACEOF
@@ -1528,7 +1528,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-dpkg configure 1.15.5.6
+dpkg configure 1.15.5.6ubuntu2
generated by GNU Autoconf 2.65
Copyright (C) 2009 Free Software Foundation, Inc.
@@ -2208,7 +2208,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by dpkg $as_me 1.15.5.6, which was
+It was created by dpkg $as_me 1.15.5.6ubuntu2, which was
generated by GNU Autoconf 2.65. Invocation command line was
$ $0 $@
@@ -4463,7 +4463,7 @@ fi
# Define the identity of the package.
PACKAGE='dpkg'
- VERSION='1.15.5.6'
+ VERSION='1.15.5.6ubuntu2'
cat >>confdefs.h <<_ACEOF
@@ -8760,7 +8760,7 @@ $as_echo "#define STDC_HEADERS 1" >>conf
fi
for ac_header in stddef.h error.h locale.h libintl.h kvm.h \
- sys/cdefs.h sys/syscall.h
+ sys/cdefs.h sys/syscall.h linux/fiemap.h
do :
as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
@@ -10331,7 +10331,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_wri
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by dpkg $as_me 1.15.5.6, which was
+This file was extended by dpkg $as_me 1.15.5.6ubuntu2, which was
generated by GNU Autoconf 2.65. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -10397,7 +10397,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-dpkg config.status 1.15.5.6
+dpkg config.status 1.15.5.6ubuntu2
configured by $0, generated by GNU Autoconf 2.65,
with options \\"\$ac_cs_config\\"
diff -pruN 1.15.5.6ubuntu1/configure.ac 1.15.5.6ubuntu2/configure.ac
--- 1.15.5.6ubuntu1/configure.ac 2010-02-14 01:40:26.000000000 +0000
+++ 1.15.5.6ubuntu2/configure.ac 2010-03-11 00:40:53.000000000 +0000
@@ -79,7 +79,7 @@ fi
# Checks for header files.
AC_HEADER_STDC
AC_CHECK_HEADERS([stddef.h error.h locale.h libintl.h kvm.h \
- sys/cdefs.h sys/syscall.h])
+ sys/cdefs.h sys/syscall.h linux/fiemap.h])
DPKG_CHECK_DEFINE(TIOCNOTTY, [sys/ioctl.h])
# Checks for typedefs, structures, and compiler characteristics.
diff -pruN 1.15.5.6ubuntu1/debian/changelog 1.15.5.6ubuntu2/debian/changelog
--- 1.15.5.6ubuntu1/debian/changelog 2010-02-14 01:40:26.000000000 +0000
+++ 1.15.5.6ubuntu2/debian/changelog 2010-03-11 00:40:53.000000000 +0000
@@ -1,3 +1,27 @@
+dpkg (1.15.5.6ubuntu2) lucid; urgency=high
+
+ * Backport from upstream:
+ - Use FIEMAP when available (on Linux based systems) to sort the .list
+ files loading order. With a cold cache it improves up to a 70%.
+ Thanks to Morten Hustveit <morten@debian.org>. LP: #442114
+ - Call fsync(2) after writing files on disk, to get the atomicity
+ guarantees when doing rename(2). Based on a patch by Jean-Baptiste
+ Lallement <jeanbaptiste.lallement@gmail.com>.
+ Closes: #430958, LP: #512096
+ * Security fixes by Raphaël Hertzog, also backported from upstream
+ (CVE-2010-0396):
+ - Modify dpkg-source to error out when it would apply patches containing
+ insecure paths (with "/../") and also error out when it would apply a
+ patch through a symlink. Those checks are required as patch will
+ happily modify files outside of the target directory and unpacking a
+ source package should not be able to have any side-effect outside of
+ the target directory. LP: #532445
+ - Also error out when the quilt series contains a path with "/../" as
+ this can cause patch to create files outside of the source package due
+ to the -B .pc/$path option that it gets.
+
+ -- Colin Watson <cjwatson@ubuntu.com> Thu, 11 Mar 2010 00:34:28 +0000
+
dpkg (1.15.5.6ubuntu1) lucid; urgency=low
* Resynchronise with Debian. Remaining changes:
diff -pruN 1.15.5.6ubuntu1/.dist-version 1.15.5.6ubuntu2/.dist-version
--- 1.15.5.6ubuntu1/.dist-version 2010-02-14 01:40:26.000000000 +0000
+++ 1.15.5.6ubuntu2/.dist-version 2010-03-11 00:40:53.000000000 +0000
@@ -1 +1 @@
-1.15.5.6ubuntu1
+1.15.5.6ubuntu2
diff -pruN 1.15.5.6ubuntu1/dpkg-deb/build.c 1.15.5.6ubuntu2/dpkg-deb/build.c
--- 1.15.5.6ubuntu1/dpkg-deb/build.c 2010-02-14 01:40:26.000000000 +0000
+++ 1.15.5.6ubuntu2/dpkg-deb/build.c 2010-03-11 00:40:54.000000000 +0000
@@ -569,6 +569,10 @@ void do_build(const char *const *argv) {
if (putc('\n',ar) == EOF)
werr(debar);
}
+ if (fflush(ar))
+ ohshite(_("unable to flush file '%s'"), debar);
+ if (fsync(fileno(ar)))
+ ohshite(_("unable to sync file '%s'"), debar);
if (fclose(ar)) werr(debar);
exit(0);
diff -pruN 1.15.5.6ubuntu1/dpkg-deb/Makefile.in 1.15.5.6ubuntu2/dpkg-deb/Makefile.in
--- 1.15.5.6ubuntu1/dpkg-deb/Makefile.in 2010-02-14 01:40:26.000000000 +0000
+++ 1.15.5.6ubuntu2/dpkg-deb/Makefile.in 2010-03-11 00:40:54.000000000 +0000
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.11 from Makefile.am.
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
diff -pruN 1.15.5.6ubuntu1/dpkg-split/join.c 1.15.5.6ubuntu2/dpkg-split/join.c
--- 1.15.5.6ubuntu1/dpkg-split/join.c 2010-02-14 01:40:26.000000000 +0000
+++ 1.15.5.6ubuntu2/dpkg-split/join.c 2010-03-11 00:40:54.000000000 +0000
@@ -24,6 +24,7 @@
#include <assert.h>
#include <limits.h>
#include <string.h>
+#include <unistd.h>
#include <stdlib.h>
#include <stdio.h>
@@ -68,6 +69,10 @@ void reassemble(struct partinfo **partli
nr= fwrite(buffer,1,pi->thispartlen,output);
if (nr != pi->thispartlen) werr(outputfile);
}
+ if (fflush(output))
+ ohshite(_("unable to flush file '%s'"), outputfile);
+ if (fsync(fileno(output)))
+ ohshite(_("unable to sync file '%s'"), outputfile);
if (fclose(output)) werr(outputfile);
printf(_("done\n"));
}
diff -pruN 1.15.5.6ubuntu1/dpkg-split/Makefile.in 1.15.5.6ubuntu2/dpkg-split/Makefile.in
--- 1.15.5.6ubuntu1/dpkg-split/Makefile.in 2010-02-14 01:40:26.000000000 +0000
+++ 1.15.5.6ubuntu2/dpkg-split/Makefile.in 2010-03-11 00:40:54.000000000 +0000
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.11 from Makefile.am.
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
diff -pruN 1.15.5.6ubuntu1/dpkg-split/queue.c 1.15.5.6ubuntu2/dpkg-split/queue.c
--- 1.15.5.6ubuntu1/dpkg-split/queue.c 2010-02-14 01:40:26.000000000 +0000
+++ 1.15.5.6ubuntu2/dpkg-split/queue.c 2010-03-11 00:40:54.000000000 +0000
@@ -166,6 +166,10 @@ void do_auto(const char *const *argv) {
if (!part) ohshite(_("unable to open new depot file `%.250s'"),p);
nr= fwrite(buffer,1,refi->filesize,part);
if (nr != refi->filesize) werr(p);
+ if (fflush(part))
+ ohshite(_("unable to flush file '%s'"), p);
+ if (fsync(fileno(part)))
+ ohshite(_("unable to sync file '%s'"), p);
if (fclose(part)) werr(p);
if (rename(p,q)) ohshite(_("unable to rename new depot file `%.250s' to `%.250s'"),p,q);
diff -pruN 1.15.5.6ubuntu1/dselect/Makefile.in 1.15.5.6ubuntu2/dselect/Makefile.in
--- 1.15.5.6ubuntu1/dselect/Makefile.in 2010-02-14 01:40:26.000000000 +0000
+++ 1.15.5.6ubuntu2/dselect/Makefile.in 2010-03-11 00:40:54.000000000 +0000
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.11 from Makefile.am.
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -437,7 +437,7 @@ distclean-compile:
# (which will cause the Makefiles to be regenerated when you run `make');
# (2) otherwise, pass the desired values on the `make' command line.
$(RECURSIVE_TARGETS):
- @failcom='exit 1'; \
+ @fail= failcom='exit 1'; \
for f in x $$MAKEFLAGS; do \
case $$f in \
*=* | --[!k]*);; \
@@ -462,7 +462,7 @@ $(RECURSIVE_TARGETS):
fi; test -z "$$fail"
$(RECURSIVE_CLEAN_TARGETS):
- @failcom='exit 1'; \
+ @fail= failcom='exit 1'; \
for f in x $$MAKEFLAGS; do \
case $$f in \
*=* | --[!k]*);; \
diff -pruN 1.15.5.6ubuntu1/dselect/methods/Makefile.in 1.15.5.6ubuntu2/dselect/methods/Makefile.in
--- 1.15.5.6ubuntu1/dselect/methods/Makefile.in 2010-02-14 01:40:26.000000000 +0000
+++ 1.15.5.6ubuntu2/dselect/methods/Makefile.in 2010-03-11 00:40:55.000000000 +0000
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.11 from Makefile.am.
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
diff -pruN 1.15.5.6ubuntu1/lib/compat/Makefile.in 1.15.5.6ubuntu2/lib/compat/Makefile.in
--- 1.15.5.6ubuntu1/lib/compat/Makefile.in 2010-02-14 01:40:26.000000000 +0000
+++ 1.15.5.6ubuntu2/lib/compat/Makefile.in 2010-03-11 00:40:56.000000000 +0000
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.11 from Makefile.am.
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
diff -pruN 1.15.5.6ubuntu1/lib/dpkg/Makefile.in 1.15.5.6ubuntu2/lib/dpkg/Makefile.in
--- 1.15.5.6ubuntu1/lib/dpkg/Makefile.in 2010-02-14 01:40:26.000000000 +0000
+++ 1.15.5.6ubuntu2/lib/dpkg/Makefile.in 2010-03-11 00:40:56.000000000 +0000
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.11 from Makefile.am.
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -431,7 +431,7 @@ distclean-compile:
# (which will cause the Makefiles to be regenerated when you run `make');
# (2) otherwise, pass the desired values on the `make' command line.
$(RECURSIVE_TARGETS):
- @failcom='exit 1'; \
+ @fail= failcom='exit 1'; \
for f in x $$MAKEFLAGS; do \
case $$f in \
*=* | --[!k]*);; \
@@ -456,7 +456,7 @@ $(RECURSIVE_TARGETS):
fi; test -z "$$fail"
$(RECURSIVE_CLEAN_TARGETS):
- @failcom='exit 1'; \
+ @fail= failcom='exit 1'; \
for f in x $$MAKEFLAGS; do \
case $$f in \
*=* | --[!k]*);; \
diff -pruN 1.15.5.6ubuntu1/lib/dpkg/test/Makefile.in 1.15.5.6ubuntu2/lib/dpkg/test/Makefile.in
--- 1.15.5.6ubuntu1/lib/dpkg/test/Makefile.in 2010-02-14 01:40:26.000000000 +0000
+++ 1.15.5.6ubuntu2/lib/dpkg/test/Makefile.in 2010-03-11 00:40:56.000000000 +0000
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.11 from Makefile.am.
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
diff -pruN 1.15.5.6ubuntu1/lib/dpkg/triglib.c 1.15.5.6ubuntu2/lib/dpkg/triglib.c
--- 1.15.5.6ubuntu1/lib/dpkg/triglib.c 2010-02-14 01:40:26.000000000 +0000
+++ 1.15.5.6ubuntu2/lib/dpkg/triglib.c 2010-03-11 00:40:56.000000000 +0000
@@ -397,6 +397,12 @@ trk_explicit_interest_change(const char
if (ferror(nf))
ohshite(_("unable to write new trigger interest file `%.250s'"),
newfn.buf);
+ if (fflush(nf))
+ ohshite(_("unable to flush new trigger interest file '%.250s'"),
+ newfn.buf);
+ if (fsync(fileno(nf)))
+ ohshite(_("unable to sync new trigger interest file '%.250s'"),
+ newfn.buf);
pop_cleanup(ehflag_normaltidy);
if (fclose(nf))
ohshite(_("unable to close new trigger interest file `%.250s'"),
@@ -499,6 +505,12 @@ trig_file_interests_save(void)
if (ferror(nf))
ohshite(_("unable to write new file triggers file `%.250s'"),
triggersnewfilefile);
+ if (fflush(nf))
+ ohshite(_("unable to flush new file triggers file '%.250s'"),
+ triggersnewfilefile);
+ if (fsync(fileno(nf)))
+ ohshite(_("unable to sync new file triggers file '%.250s'"),
+ triggersnewfilefile);
pop_cleanup(ehflag_normaltidy);
if (fclose(nf))
ohshite(_("unable to close new file triggers file `%.250s'"),
diff -pruN 1.15.5.6ubuntu1/lib/Makefile.in 1.15.5.6ubuntu2/lib/Makefile.in
--- 1.15.5.6ubuntu1/lib/Makefile.in 2010-02-14 01:40:26.000000000 +0000
+++ 1.15.5.6ubuntu2/lib/Makefile.in 2010-03-11 00:40:55.000000000 +0000
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.11 from Makefile.am.
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -276,7 +276,7 @@ $(am__aclocal_m4_deps):
# (which will cause the Makefiles to be regenerated when you run `make');
# (2) otherwise, pass the desired values on the `make' command line.
$(RECURSIVE_TARGETS):
- @failcom='exit 1'; \
+ @fail= failcom='exit 1'; \
for f in x $$MAKEFLAGS; do \
case $$f in \
*=* | --[!k]*);; \
@@ -301,7 +301,7 @@ $(RECURSIVE_TARGETS):
fi; test -z "$$fail"
$(RECURSIVE_CLEAN_TARGETS):
- @failcom='exit 1'; \
+ @fail= failcom='exit 1'; \
for f in x $$MAKEFLAGS; do \
case $$f in \
*=* | --[!k]*);; \
diff -pruN 1.15.5.6ubuntu1/Makefile.in 1.15.5.6ubuntu2/Makefile.in
--- 1.15.5.6ubuntu1/Makefile.in 2010-02-14 01:40:26.000000000 +0000
+++ 1.15.5.6ubuntu2/Makefile.in 2010-03-11 00:40:53.000000000 +0000
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.11 from Makefile.am.
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -415,7 +415,7 @@ uninstall-dist_pkgdataDATA:
# (which will cause the Makefiles to be regenerated when you run `make');
# (2) otherwise, pass the desired values on the `make' command line.
$(RECURSIVE_TARGETS):
- @failcom='exit 1'; \
+ @fail= failcom='exit 1'; \
for f in x $$MAKEFLAGS; do \
case $$f in \
*=* | --[!k]*);; \
@@ -440,7 +440,7 @@ $(RECURSIVE_TARGETS):
fi; test -z "$$fail"
$(RECURSIVE_CLEAN_TARGETS):
- @failcom='exit 1'; \
+ @fail= failcom='exit 1'; \
for f in x $$MAKEFLAGS; do \
case $$f in \
*=* | --[!k]*);; \
@@ -607,7 +607,8 @@ distdir: $(DISTFILES)
top_distdir="$(top_distdir)" distdir="$(distdir)" \
dist-hook
-test -n "$(am__skip_mode_fix)" \
- || find "$(distdir)" -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+ || find "$(distdir)" -type d ! -perm -755 \
+ -exec chmod u+rwx,go+rx {} \; -o \
! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
! -type d ! -perm -400 -exec chmod a+r {} \; -o \
! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
@@ -651,17 +652,17 @@ dist dist-all: distdir
distcheck: dist
case '$(DIST_ARCHIVES)' in \
*.tar.gz*) \
- GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(am__untar) ;;\
+ GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\
*.tar.bz2*) \
- bunzip2 -c $(distdir).tar.bz2 | $(am__untar) ;;\
+ bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
*.tar.lzma*) \
- unlzma -c $(distdir).tar.lzma | $(am__untar) ;;\
+ lzma -dc $(distdir).tar.lzma | $(am__untar) ;;\
*.tar.xz*) \
xz -dc $(distdir).tar.xz | $(am__untar) ;;\
*.tar.Z*) \
uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
*.shar.gz*) \
- GZIP=$(GZIP_ENV) gunzip -c $(distdir).shar.gz | unshar ;;\
+ GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\
*.zip*) \
unzip $(distdir).zip ;;\
esac
diff -pruN 1.15.5.6ubuntu1/man/Makefile.in 1.15.5.6ubuntu2/man/Makefile.in
--- 1.15.5.6ubuntu1/man/Makefile.in 2010-02-14 01:40:26.000000000 +0000
+++ 1.15.5.6ubuntu2/man/Makefile.in 2010-03-11 00:40:56.000000000 +0000
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.11 from Makefile.am.
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
diff -pruN 1.15.5.6ubuntu1/scripts/Dpkg/Source/Package/V3/quilt.pm 1.15.5.6ubuntu2/scripts/Dpkg/Source/Package/V3/quilt.pm
--- 1.15.5.6ubuntu1/scripts/Dpkg/Source/Package/V3/quilt.pm 2010-02-14 01:40:27.000000000 +0000
+++ 1.15.5.6ubuntu2/scripts/Dpkg/Source/Package/V3/quilt.pm 2010-03-11 00:40:58.000000000 +0000
@@ -121,6 +121,7 @@ sub read_patch_list {
}
}
next if $opts{"skip_auto"} and $_ eq $auto_patch;
+ error(_g("%s contains an insecure path: %s"), $file, $_) if m{(^|/)\.\./};
push @patches, $_;
}
close(SERIES);
diff -pruN 1.15.5.6ubuntu1/scripts/Dpkg/Source/Patch.pm 1.15.5.6ubuntu2/scripts/Dpkg/Source/Patch.pm
--- 1.15.5.6ubuntu1/scripts/Dpkg/Source/Patch.pm 2010-02-14 01:40:27.000000000 +0000
+++ 1.15.5.6ubuntu2/scripts/Dpkg/Source/Patch.pm 2010-03-11 00:40:58.000000000 +0000
@@ -328,8 +328,9 @@ sub analyze {
error(_g("expected ^--- in line %d of diff `%s'"), $., $diff);
}
$_ = strip_ts($_);
- if ($_ eq '/dev/null' or s{^(\./)?[^/]+/}{$destdir/}) {
+ if ($_ eq '/dev/null' or s{^[^/]+/}{$destdir/}) {
$fn = $_;
+ error(_g("%s contains an insecure path: %s"), $diff, $_) if m{/\.\./};
}
if (/\.dpkg-orig$/) {
error(_g("diff `%s' patches file with name ending .dpkg-orig"), $diff);
@@ -342,8 +343,9 @@ sub analyze {
error(_g("line after --- isn't as expected in diff `%s' (line %d)"), $diff, $.);
}
$_ = strip_ts($_);
- if ($_ eq '/dev/null' or s{^(\./)?[^/]+/}{$destdir/}) {
+ if ($_ eq '/dev/null' or s{^[^/]+/}{$destdir/}) {
$fn2 = $_;
+ error(_g("%s contains an insecure path: %s"), $diff, $_) if m{/\.\./};
} else {
unless (defined $fn) {
error(_g("none of the filenames in ---/+++ are relative in diff `%s' (line %d)"),
@@ -369,6 +371,17 @@ sub analyze {
if ($dirname =~ s{/[^/]+$}{} && not -d $dirname) {
$dirtocreate{$dirname} = 1;
}
+
+ # Sanity check, refuse to patch through a symlink
+ $dirname = $fn;
+ while (1) {
+ if (-l $dirname) {
+ error(_g("diff %s modifies file %s through a symlink: %s"),
+ $diff, $fn, $dirname);
+ }
+ last unless $dirname =~ s{/[^/]+$}{};
+ }
+
if (-e $fn and not -f _) {
error(_g("diff `%s' patches something which is not a plain file"), $diff);
}
diff -pruN 1.15.5.6ubuntu1/scripts/Makefile.in 1.15.5.6ubuntu2/scripts/Makefile.in
--- 1.15.5.6ubuntu1/scripts/Makefile.in 2010-02-14 01:40:27.000000000 +0000
+++ 1.15.5.6ubuntu2/scripts/Makefile.in 2010-03-11 00:40:58.000000000 +0000
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.11 from Makefile.am.
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -536,7 +536,7 @@ uninstall-nobase_dist_perllibDATA:
# (which will cause the Makefiles to be regenerated when you run `make');
# (2) otherwise, pass the desired values on the `make' command line.
$(RECURSIVE_TARGETS):
- @failcom='exit 1'; \
+ @fail= failcom='exit 1'; \
for f in x $$MAKEFLAGS; do \
case $$f in \
*=* | --[!k]*);; \
@@ -561,7 +561,7 @@ $(RECURSIVE_TARGETS):
fi; test -z "$$fail"
$(RECURSIVE_CLEAN_TARGETS):
- @failcom='exit 1'; \
+ @fail= failcom='exit 1'; \
for f in x $$MAKEFLAGS; do \
case $$f in \
*=* | --[!k]*);; \
diff -pruN 1.15.5.6ubuntu1/src/archives.c 1.15.5.6ubuntu2/src/archives.c
--- 1.15.5.6ubuntu1/src/archives.c 2010-02-14 01:40:27.000000000 +0000
+++ 1.15.5.6ubuntu2/src/archives.c 2010-03-11 00:40:59.000000000 +0000
@@ -654,6 +654,8 @@ int tarobject(struct TarInfo *ti) {
am=(nifd->namenode->statoverride ? nifd->namenode->statoverride->mode : ti->Mode) & ~S_IFMT;
if (fchmod(fd,am))
ohshite(_("error setting permissions of `%.255s'"),ti->Name);
+ if (fsync(fd))
+ ohshite(_("unable to sync file '%.255s'"), ti->Name);
pop_cleanup(ehflag_normaltidy); /* fd= open(fnamenewvb.buf) */
if (close(fd))
ohshite(_("error closing/writing `%.255s'"),ti->Name);
diff -pruN 1.15.5.6ubuntu1/src/filesdb.c 1.15.5.6ubuntu2/src/filesdb.c
--- 1.15.5.6ubuntu1/src/filesdb.c 2010-02-14 01:40:27.000000000 +0000
+++ 1.15.5.6ubuntu2/src/filesdb.c 2010-03-11 00:40:59.000000000 +0000
@@ -22,6 +22,11 @@
#include <config.h>
#include <compat.h>
+#ifdef HAVE_LINUX_FIEMAP_H
+#include <linux/fiemap.h>
+#include <linux/fs.h>
+#include <sys/ioctl.h>
+#endif
#include <sys/types.h>
#include <sys/stat.h>
@@ -39,6 +44,7 @@
#include <dpkg/dpkg-db.h>
#include <dpkg/path.h>
#include <dpkg/buffer.h>
+#include <dpkg/pkg-array.h>
#include <dpkg/progress.h>
#include "filesdb.h"
@@ -58,6 +64,7 @@ ensure_package_clientdata(struct pkginfo
pkg->clientdata->istobe = itb_normal;
pkg->clientdata->fileslistvalid = 0;
pkg->clientdata->files = NULL;
+ pkg->clientdata->listfile_phys_offs = 0;
pkg->clientdata->trigprocdeferred = NULL;
}
@@ -253,10 +260,81 @@ ensure_packagefiles_available(struct pkg
pkg->clientdata->fileslistvalid= 1;
}
+#if defined(HAVE_LINUX_FIEMAP_H)
+static int
+pkg_sorter_by_listfile_phys_offs(const void *a, const void *b)
+{
+ const struct pkginfo *pa = *(const struct pkginfo **)a;
+ const struct pkginfo *pb = *(const struct pkginfo **)b;
+
+ /* We can't simply subtract, because the difference may be greater than
+ * INT_MAX. */
+ if (pa->clientdata->listfile_phys_offs < pb->clientdata->listfile_phys_offs)
+ return -1;
+ else
+ return 1;
+}
+
+static void
+pkg_files_optimize_load(struct pkg_array *array)
+{
+ int i;
+ int blocksize = 0;
+
+ /* Sort packages by the physical location of their list files, so that
+ * scanning them later will minimize disk drive head movements. */
+ for (i = 0; i < array->n_pkgs; i++) {
+ struct pkginfo *pkg = array->pkgs[i];
+ struct {
+ struct fiemap fiemap;
+ struct fiemap_extent extent;
+ } fm;
+ const char *listfile;
+ int fd;
+
+ ensure_package_clientdata(pkg);
+
+ if (pkg->status == stat_notinstalled ||
+ pkg->clientdata->listfile_phys_offs != 0)
+ continue;
+
+ pkg->clientdata->listfile_phys_offs = -1;
+
+ listfile = pkgadminfile(pkg, LISTFILE);
+
+ fd = open(listfile, O_RDONLY);
+ if (fd < 0)
+ continue;
+
+ if (!blocksize && ioctl(fd, FIGETBSZ, &blocksize) < 0)
+ break;
+
+ memset(&fm, 0, sizeof(fm));
+ fm.fiemap.fm_start = 0;
+ fm.fiemap.fm_length = blocksize;
+ fm.fiemap.fm_flags = 0;
+ fm.fiemap.fm_extent_count = 1;
+
+ if (ioctl(fd, FS_IOC_FIEMAP, (unsigned long)&fm) == 0)
+ pkg->clientdata->listfile_phys_offs = fm.fiemap.fm_extents[0].fe_physical;
+
+ close(fd);
+ }
+
+ pkg_array_sort(array, pkg_sorter_by_listfile_phys_offs);
+}
+#else
+static void
+pkg_files_optimize_load(struct pkg_array *array)
+{
+}
+#endif
+
void ensure_allinstfiles_available(void) {
- struct pkgiterator *it;
+ struct pkg_array array;
struct pkginfo *pkg;
struct progress progress;
+ int i;
if (allpackagesdone) return;
if (saidread<2) {
@@ -266,14 +344,20 @@ void ensure_allinstfiles_available(void)
progress_init(&progress, _("(Reading database ... "), max);
}
- it= iterpkgstart();
- while ((pkg = iterpkgnext(it)) != NULL) {
+ pkg_array_init_from_db(&array);
+
+ pkg_files_optimize_load(&array);
+
+ for (i = 0; i < array.n_pkgs; i++) {
+ pkg = array.pkgs[i];
ensure_packagefiles_available(pkg);
if (saidread == 1)
progress_step(&progress);
}
- iterpkgend(it);
+
+ pkg_array_free(&array);
+
allpackagesdone= 1;
if (saidread==1) {
diff -pruN 1.15.5.6ubuntu1/src/main.h 1.15.5.6ubuntu2/src/main.h
--- 1.15.5.6ubuntu1/src/main.h 2010-02-14 01:40:27.000000000 +0000
+++ 1.15.5.6ubuntu2/src/main.h 2010-03-11 00:40:59.000000000 +0000
@@ -43,6 +43,8 @@ struct perpackagestate {
struct fileinlist *files;
int replacingfilesandsaid;
+ off_t listfile_phys_offs;
+
/* Non-NULL iff in trigproc.c:deferred. */
struct pkg_list *trigprocdeferred;
};
diff -pruN 1.15.5.6ubuntu1/src/Makefile.in 1.15.5.6ubuntu2/src/Makefile.in
--- 1.15.5.6ubuntu1/src/Makefile.in 2010-02-14 01:40:27.000000000 +0000
+++ 1.15.5.6ubuntu2/src/Makefile.in 2010-03-11 00:40:59.000000000 +0000
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.11 from Makefile.am.
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
diff -pruN 1.15.5.6ubuntu1/src/statcmd.c 1.15.5.6ubuntu2/src/statcmd.c
--- 1.15.5.6ubuntu1/src/statcmd.c 2010-02-14 01:40:27.000000000 +0000
+++ 1.15.5.6ubuntu2/src/statcmd.c 2010-03-11 00:40:59.000000000 +0000
@@ -238,6 +238,10 @@ statdb_write(void)
statdb_node_print(dbfile, file);
iterfileend(i);
+ if (fflush(dbfile))
+ ohshite(_("unable to flush file '%s'"), dbname_new.buf);
+ if (fsync(fileno(dbfile)))
+ ohshite(_("unable to sync file '%s'"), dbname_new.buf);
fclose(dbfile);
chmod(dbname_new.buf, 0644);
diff -pruN 1.15.5.6ubuntu1/utils/Makefile.in 1.15.5.6ubuntu2/utils/Makefile.in
--- 1.15.5.6ubuntu1/utils/Makefile.in 2010-02-14 01:40:27.000000000 +0000
+++ 1.15.5.6ubuntu2/utils/Makefile.in 2010-03-11 00:40:59.000000000 +0000
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.11 from Makefile.am.
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
diff -pruN 1.15.5.6ubuntu1/utils/start-stop-daemon.c 1.15.5.6ubuntu2/utils/start-stop-daemon.c
--- 1.15.5.6ubuntu1/utils/start-stop-daemon.c 2010-02-14 01:40:27.000000000 +0000
+++ 1.15.5.6ubuntu2/utils/start-stop-daemon.c 2010-03-11 00:40:59.000000000 +0000
@@ -1580,6 +1580,10 @@ main(int argc, char **argv)
fatal("Unable to open pidfile '%s' for writing: %s",
pidfile, strerror(errno));
fprintf(pidf, "%d\n", pidt);
+ if (fflush(pidf))
+ fatal("unable to flush pidfile '%s'", pidfile);
+ if (fsync(fileno(pidf)))
+ fatal("unable to sync pidfile '%s'", pidfile);
fclose(pidf);
}
if (changeroot != NULL) {
Reply to: