[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

dpkg_1.18.24_amd64.changes ACCEPTED into unstable


Hash: SHA512

Format: 1.8
Date: Wed, 17 May 2017 13:16:25 +0200
Source: dpkg
Binary: dpkg libdpkg-dev dpkg-dev libdpkg-perl dselect
Architecture: source
Version: 1.18.24
Distribution: unstable
Urgency: medium
Maintainer: Dpkg Developers <debian-dpkg@lists.debian.org>
Changed-By: Guillem Jover <guillem@debian.org>
 dpkg       - Debian package management system
 dpkg-dev   - Debian package development tools
 dselect    - Debian package management front-end
 libdpkg-dev - Debian package management static library
 libdpkg-perl - Dpkg perl modules
Closes: 813454 824742 837051 850834 857449 858004 860238 860979 861217
 dpkg (1.18.24) unstable; urgency=medium
   [ Guillem Jover ]
   * Add missing symbols to the libdpkg map file.
   * Fix dpkg-shlibdeps to preserve the Dpkg::Shlibs::find_library() order
     when scanning symbols/shlibs files. This was causing generation of bogus
     dependencies when multiple packages provide the same SONAME on different
     directories. Regression introduced in dpkg 1.18.17. Closes: #860979
   * Make dpkg-maintscript-helper print all unowned files from a directory
     when printing the error message, to ease debugging those problems after
     the fact. Closes: #813454, #860238
     Based on a patch by Bastien ROUCARIÈS <roucaries.bastien@gmail.com>.
   * Add duplicate prevention code for debian/files to dpkg-genbuildinfo, so
     that successive runs with different versions and equivalent build types
     do not generate multiple .buildinfo entries to be uploaded, which is
     similar to what dpkg-gencontrol is doing for .deb files.
   * Fix conffile takeover handling during unpack in dpkg on --root or
     on diversions. Closes: #837051, #858004
   * Fix digest inference for shared conffiles, causing bogus takeover
     unpack errors. Regression introduced in dpkg 1.16.9. Closes: #861217
   * Improve tar entry metadata parsing in dpkg:
     - Do not parse device numbers for non block nor char tar entry objects.
     - Make the existing octal parser more robust, by checking for the
       expected format of leading zeros or spaces, followed by any ASCII
       octal characters (0-7), followed by zero or more space or NULs.
     - Add support for base-256 encoded numeric fields, to support large
       values, for UID/GID, device number, size and even signed timestamps.
       This is necessary not only to be able to store larger values, but to
       cover packages that can already be generated by dpkg-deb, given that
       it uses the system GNU tar when building. Closes: #850834
   * Architecture support:
     - Add support for ARM64 ILP32. Closes: #824742
       Thanks to Wookey <wookey@wookware.org>.
   * Perl modules:
     - Remove obsolete hardening-wrapper support from Dpkg::Vendor::Ubuntu.
       Thanks to Adam Conrad <adconrad@0c3.net>.
     - Bump $Dpkg::Deps::VERSION to match the one documented in CHANGES.
     - Ignore by default debian/files.new and debian/files for all source
       formats in Dpkg::Source::Package, because these are generated files
       with well known pathnames, part of the public interface, and with
       dpkg-genbuildinfo always injecting .buildinfo entries into
       debian/files, this meant this could disrupt previous workflows based
       on not cleaning the source tree.
   * Documentation:
     - Many spelling fixes. Thanks to Josh Soref <jsoref@gmail.com>.
     - Do not include mispellings in changelogs, as that makes detecting them
       more difficult.
   * Build system:
     - Use libexec variable for auxiliary internal programs, and set it to
       /usr/lib on Debian and derivatives.
     - Check that the detected tar is a GNU tar.
     - Check that the detected patch is a GNU patch, so that we get a directory
       traversal resistant patch implementation. This fixes CVE-2017-8283 by
       delegating those checks to patch(1), so that we trap blank-indented
       diff hunks trying to escape from the source tree.
   * Test suite:
     - Add a test case for blank-indented patches which were the cause for
     - Handle files with non-zero sizes in c-tarextract libdpkg test code.
   [ Updated programs translations ]
   * Catalan (Guillem Jover).
   * Czech (Miroslav Kure).
   [ Updated dselect translations ]
   * Catalan (Guillem Jover).
   [ Updated scripts translations ]
   * Catalan (Guillem Jover).
   [ Updated man pages translations ]
   * German (Helge Kreutzmann, David Rabel). Closes: #857449
   * Spanish (Javier Fernández-Sanguino).
 50bb679a90095d6466345db327426649f9f0ec1f 2032 dpkg_1.18.24.dsc
 155fe5c91728bdf82756674d5aa85e4ff2e3eac6 4530444 dpkg_1.18.24.tar.xz
 f6485a48925083c714615accf84668e58e3b8aa0 7371 dpkg_1.18.24_amd64.buildinfo
 9f1560a0d237ec570f98f8aacfd1cbdd372371cce40e4c7ee4a31315b0c40823 2032 dpkg_1.18.24.dsc
 d853081d3e06bfd46a227056e591f094e42e78fa8a5793b0093bad30b710d7b4 4530444 dpkg_1.18.24.tar.xz
 d7e7756b4ddf7db4f9df0612c019c795cd9715e0fe84783cf2763baa559bb362 7371 dpkg_1.18.24_amd64.buildinfo
 fcc066dbc043e32b1238567052ff437d 2032 admin required dpkg_1.18.24.dsc
 02e8af8faf1e689228da806c3e8c6882 4530444 admin required dpkg_1.18.24.tar.xz
 6c5714c7ea0701f57165e8b888e818cd 7371 admin required dpkg_1.18.24_amd64.buildinfo



Thank you for your contribution to Debian.

Reply to: