Accepted dpkg 1.17.10 (source amd64 all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 05 Jun 2014 20:18:04 +0200
Source: dpkg
Binary: libdpkg-dev dpkg dpkg-dev libdpkg-perl dselect
Architecture: source amd64 all
Version: 1.17.10
Distribution: unstable
Urgency: medium
Maintainer: Dpkg Developers <debian-dpkg@lists.debian.org>
Changed-By: Guillem Jover <guillem@debian.org>
Description:
dpkg - Debian package management system
dpkg-dev - Debian package development tools
dselect - Debian package management front-end
libdpkg-dev - Debian package management static library
libdpkg-perl - Dpkg perl modules
Closes: 584233 731530 734452 746122 746498 746973 747148 747370 748012 748544 749044 749183 750105
Changes:
dpkg (1.17.10) unstable; urgency=medium
.
[ Guillem Jover ]
* Use libtool to build the static libraries, which makes it possible to
embed libcompat inside libdpkg, as required by some external programs
linking against the latter. Closes: #746122
* Fix word wrapping logic in dselect. Regression introduced in dpkg 1.17.3.
* Fix possible out of bounds buffer read access in the error output on
bogus ar member sizes.
* Fix memory leaks in buffer_copy() on error conditions.
* Test suite:
- Improve C code coverage.
- Add template test cases for most perl modules.
- Add test cases for Dpkg::Deps OR relationships.
- Add minimal test case for Dpkg::Source::Quilt.
- Add test cases for Dpkg::Source::Patch CVE-2014-0471 and CVE-2014-3127.
- Add test case for patch disabling hunks; not security sensitive.
* Fix non-security sensitive TOCTOU race in triggers database loading.
* Fix non-security sensitive TOCTOU race in update-alternative alternative
database loading.
* Fix non-security sensitive TOCTOU race in update-alternative rename code.
* Add a workaround to start-stop-daemon for bogus OpenVZ Linux kernels that
prepend, instead of appending, the " (deleted)" marker in /proc/PID/exe.
Closes: #731530
* Move dpkg-architecture -L argument to the Commands --help output section.
* Make dpkg-maintscript-helper print only once that we are moving a
conffile, and not on every interim state transition. Closes: #747370
* Do not use global match variables in perl code.
* Man pages:
- Attempt to clarify and improve wording of some strange or confused
constructs. Reported by Helge Kreutzmann.
- Expand Vcs-* field names into each supported field name in
deb-src-control(5) to make it easier to search for them.
- Change control.tar.gz reference to simply control.tar in deb(5).
- Document in dpkg-deb(1) -Z option that bzip2 and lzma are deprecated.
- Add notes in dpkg-gensymbols(1) about symbol backward-compatibility.
Based on a patch by Bernhard R. Link <brlink@debian.org>.
Closes: #746973
- Document that dpkg-buildpackage(1) -j argument is optional.
- Add current and deprecated media types to deb(5).
- Document in dpkg(1) that --audit now does more than just searching for
partially installed packages.
* Add support for automatic parallel job selection in dpkg-buildpackage,
matching currently active processors, when using -jauto. Closes: #748012
* Perl modules:
- Bump $VERSION for Dpkg::Patch, missed in 1.16.1.
- Bump $VERSION for Dpkg::Deps, missed in 1.17.0.
- Update and fix CHANGES POD sections for public modules.
- Add missing Dpkg::Deps::Multiple profile_is_concerned() and
reduce_profiles() methods, inherited by Dpkg::Deps::Union,
Dpkg::Deps::AND and Dpkg::Deps::OR.
* Do not mangle quilt series files with a missing newline on the last line.
Closes: #584233
* Quiesce tar warnings in cron job by redirecting stderr to /dev/null, as
it seems --warning=none does not work correctly. Closes: #748544
* Do not emit a trailing space from Dpkg::Control::Hash on a field's empty
first line. Bump dpkg-dev Breaks on devscripts to 2.14.4, as previous
versions expect a trailing space from dpkg-parsechangelog output.
Based on a patch by Johannes Schauer <j.schauer@email.de>. Closes: #749044
* Do not assume that sensible-editor is present on «dpkg-source --commit»,
as that command is very Debian specific. Fallback to try VISUAL, EDITOR,
or vi, if the previous commands are either unset or not found.
* Use badusage() instead of ohshit() on dpkg --ignore-depends argument
parsing errors.
* Add per package dpkg --audit support.
* Add support for DragonFlyBSD to ostable and triplettable.
Thanks to Hleb Valoshka <375gnu@gmail.com>.
* Add support for DragonFlyBSD to start-stop-daemon. Closes: #734452
Based on a patch by Hleb Valoshka <375gnu@gmail.com>.
* Correctly parse patch headers in Dpkg::Source::Patch, to avoid directory
traversal attempts from hostile source packages when unpacking them.
Reported by Javier Serrano Polo <javier@jasp.net> as an unspecified
directory traversal; meanwhile also independently found by me both
#749183 and what was supposed to be #746498, which was later on published
and ended up being just a subset of the other non-reported issue.
Fixes CVE-2014-3864 and CVE-2014-3865. Closes: #746498, #749183
.
[ Updated programs translations ]
* Catalan (Guillem Jover).
* Italian (Milo Casagrande). Closes: #750105
.
[ Updated scripts translations ]
* German (Helge Kreutzmann).
.
[ Updated manpages translations ]
* German (Helge Kreutzmann).
.
[ Raphaël Hertzog ]
* Let dpkg-source unpack additional tarballs in a deterministic order.
Thanks to Samuel Bronson for the report. Closes: #747148
Checksums-Sha1:
c91e1e1bb0dc5918f20e3874c4b371425dac0da3 2055 dpkg_1.17.10.dsc
2d88ef04db662d046fadb005bb31667fc0ba64de 4198340 dpkg_1.17.10.tar.xz
be325d2d7fac12f031e537b5ed269724542f118c 799530 libdpkg-dev_1.17.10_amd64.deb
ab90f4afdca78f0a5b8cf359b6c1c31c8c3f9e66 2704088 dpkg_1.17.10_amd64.deb
6e9d00f6e0e8155085c619090292a548373842c5 1059422 dselect_1.17.10_amd64.deb
8c56a5720faf36231f2ce88c271d34941bb4d61b 1425374 dpkg-dev_1.17.10_all.deb
6bbd6bddfe2a6af99cfbf547e5de9abbb48d7a81 974696 libdpkg-perl_1.17.10_all.deb
Checksums-Sha256:
8552763122f36a4ede1e040dee28a84202de9f4b65dbcc90e2c068101d2a599d 2055 dpkg_1.17.10.dsc
a3a6d4da2b99484c04b2aa8af83d59d87a988baea627d276308467b22310b4d9 4198340 dpkg_1.17.10.tar.xz
a6b8ed0b95af7748ee3daf9e297c94bb0ab166d7908bbc46e2f5ef5ab93c08b1 799530 libdpkg-dev_1.17.10_amd64.deb
81a2e6111e825e8a01caa8bf2c8876d806fe9e7297deea0eb61e5a9d93c9a82c 2704088 dpkg_1.17.10_amd64.deb
1a8a3924786f18c9e0432b8cb34c8c99576dd96221fab9cda2a0f3b5b7606d51 1059422 dselect_1.17.10_amd64.deb
ba58996d596f73a312b9d92bf01f40f2eeac1ba6db4011875bfbd685371c9619 1425374 dpkg-dev_1.17.10_all.deb
702028918cfda7e1eaf7391717818b2e6dd05b00b02e4091ea084791e8308234 974696 libdpkg-perl_1.17.10_all.deb
Files:
7c8852829f4caa99b6c3a232915ac28c 799530 libdevel optional libdpkg-dev_1.17.10_amd64.deb
90ba5aa300a72a9a54eeda5990b2641f 2704088 admin required dpkg_1.17.10_amd64.deb
b6f581a13931bfedde3719dc4340b476 1059422 admin optional dselect_1.17.10_amd64.deb
405cccbb6024ecb98fa6fc8939365cbc 1425374 utils optional dpkg-dev_1.17.10_all.deb
be5fa2aa735a59ec34d1e4c889c6b7d4 974696 perl optional libdpkg-perl_1.17.10_all.deb
274a6b2892d179ed04ad916dd2103676 2055 admin required dpkg_1.17.10.dsc
545f3cbac8b5f0b3d888574f3f79936c 4198340 admin required dpkg_1.17.10.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCAAGBQJTkMS1AAoJELlyvz6krlejNxcP+wT/0vQECEQh1CI3DIS9aPYE
FfvmpoHioGn8dE8Su318SeZy+IADIis9IeE6GytqwMGIIekh6tC4ES574GRuLiRc
Edy4IrAlLnrGfM5VbAh5f1F9vmgZkBy2Z8R/oRjnQthgy5SUbGe1Bx9jqbh2sR4k
94EsdCuAxTiDI9+O15prM2u3Vxe7TD4Z7n9kjD3Tj35THVp6okpj1qGbTQ9bQJ04
nIcaWtZf6NXxyTNvXJ9Ac8Cdv47q1/CB4yXNQf47v0U6Rjorvh3EHkWyEtVpP1Ps
JVprxVwuxb9ayYn5j2MeBcMWS3igyowsh9a23+lZCwz0SALChZMHeYV74TB1/b8p
Gc53g6jSjI6bKK5xy5hst7tcG/ALmY0HE+jpkgVK/EJPwGKYq1julwgjd6kmrHA+
MBGs3p5ZTbR2PmzLYAmyzD2Ctabz7dFHZpMJ0c3pPsrGLUYD89gSZqp2k4zmrPIp
EEkhJNCsUFJbnG0ZpEw5aYCCHgPcKWazvsGh/DgYYytrWatJkmzgZi4I8KW+jEYG
85volBskw5V6aqJWJ9Sum/W2A11iR3El46YKqfqqSI83D2ucLWE5eXaMF3o5x+LP
AJ/XshrbiouHSu4GKiH/N7WGbD9OSYpnU/fdNbtiw+GNUC5KfsztDFWUWmiX4JP1
XzNrK95rGu/atNhtRghC
=d8BF
-----END PGP SIGNATURE-----