dpkg (1.18.25)
* Parse start-stop-daemon usernames and groupnames starting with digits in
-u and -c correctly.
* Always use the binary version for the .buildinfo filename in
dpkg-genbuildinfo.
* Fix integer overflow in deb(5) format version parser.
* Fix directory traversal with dpkg-deb --raw-extract, by guaranteeing
that the DEBIAN pathname does not exist.
* Do not try to recompute hashes for the .dsc file when signing binary-only
builds in dpkg-buildpackage.
* Architecture support:
- Add support for riscv64 CPU.
* Perl modules:
- Do not normalize args past a passthrough stop word in Dpkg::Getopt.
Some commands pass some arguments through to another command, and
those must not be normalized as that might break their invocation.
* Documentation:
- Update buildinfo information in dpkg-buildpackage man page to match
the current implementation.
- Use correct name for archname validator value in dpkg(1) man page.
- Update git URLs for move away from alioth.debian.org.
* Packaging:
- Add versioned Build-Depends on tar, due to the --clamp-mtime option
being used in Dpkg::Source::Archive which is used by dpkg-source,
used by the test suite.
dpkg 1.18.24:
* Add missing symbols to the libdpkg map file.
* Fix dpkg-shlibdeps to preserve the Dpkg::Shlibs::find_library() order
when scanning symbols/shlibs files. This was causing generation of bogus
dependencies when multiple packages provide the same SONAME on different
directories. Regression introduced in dpkg 1.18.17.
* Make dpkg-maintscript-helper print all unowned files from a directory
when printing the error message, to ease debugging those problems after
the fact.
Based on a patch by Bastien ROUCARI?<88>S <roucaries.bastien@gmail.com>.
* Add duplicate prevention code for debian/files to dpkg-genbuildinfo, so
that successive runs with different versions and equivalent build types
do not generate multiple .buildinfo entries to be uploaded, which is
similar to what dpkg-gencontrol is doing for .deb files.
* Fix conffile takeover handling during unpack in dpkg on --root or
on diversions.
* Fix digest inference for shared conffiles, causing bogus takeover
unpack errors. Regression introduced in dpkg 1.16.9.
* Improve tar entry metadata parsing in dpkg:
- Do not parse device numbers for non block nor char tar entry objects.
- Make the existing octal parser more robust, by checking for the
expected format of leading zeros or spaces, followed by any ASCII
octal characters (0-7), followed by zero or more space or NULs.
- Add support for base-256 encoded numeric fields, to support large
values, for UID/GID, device number, size and even signed timestamps.
This is necessary not only to be able to store larger values, but to
cover packages that can already be generated by dpkg-deb, given that
it uses the system GNU tar when building.
* Architecture support:
- Add support for ARM64 ILP32.
* Perl modules:
- Remove obsolete hardening-wrapper support from Dpkg::Vendor::Ubuntu.
- Bump $Dpkg::Deps::VERSION to match the one documented in CHANGES.
- Ignore by default debian/files.new and debian/files for all source
formats in Dpkg::Source::Package, because these are generated files
with well known pathnames, part of the public interface, and with
dpkg-genbuildinfo always injecting .buildinfo entries into
debian/files, this meant this could disrupt previous workflows based
on not cleaning the source tree.
* Documentation:
- Many spelling fixes.
- Do not include mispellings in changelogs, as that makes detecting them
more difficult.
* Build system:
- Use libexec variable for auxiliary internal programs, and set it to
/usr/lib on Debian and derivatives.
- Check that the detected tar is a GNU tar.
- Check that the detected patch is a GNU patch, so that we get a directory
traversal resistant patch implementation. This fixes CVE-2017-8283 by
delegating those checks to patch(1), so that we trap blank-indented
diff hunks trying to escape from the source tree.
* Test suite:
- Add a test case for blank-indented patches which were the cause for
CVE-2017-8283.
- Handle files with non-zero sizes in c-tarextract libdpkg test code.
dpkg (1.18.23) unstable; urgency=medium
* Handle unmatched arch-qualified virtual packages in dpkg-genbuildinfo,
instead of letting perl die. Closes: #849944
* Declare .buildinfo format as stable with version 1.0.
* Do not depend on cxxabi.h to have declared __cxa_pure_virtual, use
the same “__cxxabiv1” namespace as specified in the C++ ABI, instead
of using the “abi” alias intended for use by userland.
Thanks to Jörg Sonnenberger <joerg@netbsd.org>.
* Add a comment on any C code switch case that falls through. Fixes new
gcc-7 warnings.
* Use snprintf() instead of sprintf() in libdpkg when constructing the ar
member header, as we might overflow depending on the input data.
* Portability:
- Do not redeclare sys_siglist in libcompat when the system does so.
Thanks to Thomas Klausner <wiz@NetBSD.org>.
- Rename err variable to ret in start-stop-daemon as the former is a
function on BSDs.
- Use 5-argument kvm_getprocs() call form on OpenBSD in start-stop-daemon.
- Use correct struct kinfo_proc ruid submember name on NetBSD in
start-stop-daemon.
- Define _KMEMUSER for NetBSD to get declarations for various
struct kinfo_proc members in start-stop-daemon.
* Perl modules:
- Do not special case EM_SPARC32PLUS for NetBSD in Dpkg::Shlibs::Objdump,
the code has been fixed in NetBSD as that situation could not happen.
- Fix read() error handling in Dpkg::Shlibs::Objdump::get_format() to
gracefully ignore non-ELF files again. Closes: #854536
- Emit an explicit warning from Dpkg::Shlibs::Objdump::Object::analyze()
for unknown executable formats instead of relying on objdump doing so.
- Do not parse bogus ELF binaries in Dpkg::Shlibs::Objdump::get_format().
Reported by Niels Thykier <niels@thykier.net>.
- Add ‘.mnt-ignore’ to the default ignore lists in Dpkg::Source::Package,
as we were already ignoring the ‘_MTN’ pathnames. Closes: #855450
Thanks to Nicolas Boulenguez <nicolas@debian.org>.
- Mark kfreebsd-amd64, kfreebsd-i386, sparc and sparc64 architectures as
having gcc builtin PIE in Dpkg::Vendor::Debian.
- Switch PIE handling in Dpkg::Vendor::Debian to have no default (!) and
delegate the setting to gcc or an explicit request by a user. This is
needed to cope with the general PIE brokenness situation in Debian, and
the current specific brokenness of a Debian gcc patch mangling the dpkg
build flags. Closes: #848129, #845550
* Documentation:
- Clarify the requirements for deb-conffile(5) pathnames. Closes: #854417
Proposed by Dieter Adriaenssens <dieter.adriaenssens@gmail.com>.
- Document dpkg-source --before-build and --after-build in --help output.
- Document dpkg-buildpackage --ignore-builtin-builddeps in --help output.
* Build system:
- Check <sys/proc.h> by also including <sys/param.h>, on several BSD
systems the header is not self-contained.
- Handle libmd implementations built into system libc, as found on some
BSD systems.
- Do not fail on missing compression libraries or headers on automatic
detection mode. Regression introduced in dpkg 1.18.14.
* Test suite:
- Use the detected perl interpreter instead of a random one from PATH.
[ Updated programs translations ]
* Dutch (Frans Spiesschaert). Closes: #856325
[ Updated scripts translations ]
* German (Helge Kreutzmann).
[ Updated man pages translations ]
* Dutch (Frans Spiesschaer). Closes: #856326
-- Guillem Jover <guillem@debian.org> Mon, 06 Mar 2017 05:41:11 +0100
dpkg (1.16.17) wheezy-security; urgency=high
[ Guillem Jover ]
* Fix an off-by-one write access in dpkg-deb when parsing the .deb magic.
Reported by Jacek Wielemborek <d33tah@gmail.com>. Closes: #798324
* Fix an off-by-one write access in dpkg-deb when parsing the old format
.deb control member size. Thanks to Hanno Böck <hanno@hboeck.de>.
Fixes CVE-2015-0860.
* Fix an off-by-one read access in dpkg-deb when parsing ar member names.
Thanks to Hanno Böck <hanno@hboeck.de>.
[ Updated programs translations ]
* Catalan (Jordi Mallach).
[ Updated man page translations ]
* Fix incorrect translation in German (Helge Kreutzmann)
-- Guillem Jover <guillem@debian.org> Wed, 25 Nov 2015 22:34:58 +0100
dpkg (1.16.16) wheezy-security; urgency=high
[ Guillem Jover ]
* Do not leak long tar names on bogus or truncated archives.
* Do not leak the filepackages iterator when a directory is used by other
packages.
* Do not leak color string on «dselect --color».
* Fix memory leaks when parsing alternatives.
* Fix memory leaks in buffer_copy() on error conditions.
* Fix possible out of bounds buffer read access in the error output on
bogus ar member sizes.
* Fix file triggers/Unincorp descriptor leak on subprocesses. Regression
introduced with the initial triggers implementation in dpkg 1.14.17.
Closes: #751021
* Fix a descriptor leak on dselect subprocesses when --debug is used.
* Do not run qsort() over the scandir() list in libcompat if it is NULL.
* Fix off-by-one stack buffer overrun in start-stop-daemon on GNU/Linux and
GNU/kFreeBSD if the executable pathname is longer than _POSIX_PATH_MAX.
Although this should not have security implications as the buffer is
surrounded by two arrays (so those catch accesses even if the stack
grows up or down), and we are compiling with -fstack-protector anyway.
* Add a workaround to start-stop-daemon for bogus OpenVZ Linux kernels that
prepend, instead of appending, the " (deleted)" marker in /proc/PID/exe.
Closes: #731530
* Fix off-by-one error in libdpkg command argv size calculation.
Based on a patch by Bálint Réczey <balint@balintreczey.hu>. Closes: #760690
* Escape package and architecture names on control file parsing warning,
as those get injected into a variable that is used as a format string,
and they come from the package fields, which are under user control.
Regression introduced in dpkg 1.16.0. Fixes CVE-2014-8625. Closes: #768485
Reported by Joshua Rogers <megamansec@gmail.com>.
* Do not match partial field names in control files. Closes: #769119
Regression introduced in dpkg 1.10.
* Fix out-of-bounds buffer read accesses when parsing field and trigger
names or checking package ownership of conffiles and directories.
Reported by Joshua Rogers <megamansec@gmail.com>.
* Add powerpcel support to cputable. Thanks to Jae Junh <jaejunh@embian.com>.
* Fix OpenPGP Armor Header Line parsing in Dpkg::Control::Hash. We should
only accept [\r\t ] as trailing whitespace, although RFC4880 does not
clarify what whitespace really maps to, we should really match the GnuPG
implementation anyway, as that's what we use to verify the signatures.
Reported by Jann Horn <jann@thejh.net>. Fixes CVE-2015-0840.
[ Raphaël Hertzog ]
* Drop myself from Uploaders.
[ Updated scripts translations ]
* Fix typos in German (Helge Kreutzmann)
* Swedish (Peter Krefting).
[ Updated man page translations ]
* Fix typos in German (Helge Kreutzmann)
* Swedish (Peter Krefting).
-- Guillem Jover <guillem@debian.org> Thu, 09 Apr 2015 08:45:47 +0200
dpkg (1.16.15) wheezy-security; urgency=high
[ Guillem Jover ]
* Test suite:
- Add test cases for Dpkg::Source::Patch CVE-2014-0471 and CVE-2014-3127.
- Add test case for patch disabling hunks; not security sensitive.
* Correctly parse patch headers in Dpkg::Source::Patch, to avoid directory
traversal attempts from hostile source packages when unpacking them.
Reported by Javier Serrano Polo <javier@jasp.net> as an unspecified
directory traversal; meanwhile also independently found by me both
#749183 and what was supposed to be #746498, which was later on published
and ended up being just a subset of the other non-reported issue.
Fixes CVE-2014-3864 and CVE-2014-3865. Closes: #746498, #749183
[ Updated programs translations ]
* Merge translated strings from master.
[ Updated scripts translations ]
* German (Helge Kreutzmann).
[ Updated man page translations ]
* Merge translated strings from master.
* Unfuzzy or update trivial translations (Guillem Jover).
-- Guillem Jover <guillem@debian.org> Thu, 05 Jun 2014 22:24:36 +0200
dpkg (1.16.14) wheezy-security; urgency=high
[ Guillem Jover ]
* Do not allow patch files with C-style encoded filenames. Closes: #746306
Fixes CVE-2014-3127 and unconditionally fixes CVE-2014-0471.
Reported by Javier Serrano Polo <javier@jasp.net>.
[ Updated scripts translations ]
* German (Helge Kreutzmann).
[ Updated man page translations ]
* German (Helge Kreutzmann).
-- Guillem Jover <guillem@debian.org> Wed, 30 Apr 2014 08:14:16 +0200
dpkg (1.16.13) wheezy-security; urgency=high
[ Guillem Jover ]
* Do not NULL-terminate the list in the compat scandir(), as this might
cause a segfault in case the function returns 0 entries.
* Do not generate perl warnings on undef versions in
Dpkg::Deps::deps_compare(). See: #737731
* Do not overwrite triplet mappings with latter matches in Dpkg::Arch.
Required for the new mipsn32(el) and mips64(el) architecture entries.
* Add support for mipsn32(el) and mips64(el) to arch tables.
Thanks to YunQiang Su <wzssyqa@gmail.com>. Closes: #685096, #707323
* Add ppc64el support to cputable. Closes: #718945
Thanks to Jeff Bailey <jeffbailey@google.com>.
* Add OpenRISC or1k support to cputable.
Thanks to Christian Svensson <christian@cmd.nu>. Closes: #736717
* Clarify that dpkg --set-selections needs an up-to-date available db,
by documenting it on the dpkg(1) man page, and warning whenever dpkg
finds unknown packages while setting the selections. Closes: #703092
* Improve documentation on how to update the available database before
setting package selections. Suggested by Klaus Ita <koki.eml@gmail.com>.
* Recognize «start-stop-daemon -C» as documented. Closes: #719746
Reported by Brian S. Julin <bri@abrij.org>.
* Correctly parse C-style diff filenames in Dpkg::Source::Patch, to avoid
directory traversal attempts from hostile source packages when unpacking
them. Reported by Jakub Wilk <jwilk@debian.org>. Fixes CVE-2014-0471.
[ Updated scripts translations ]
* Fix a typo in the German scripts translation.
[ Updated man page translations ]
* Fix and unify translation in German man pages.
-- Guillem Jover <guillem@debian.org> Fri, 25 Apr 2014 04:38:33 +0200
dpkg (1.16.12) stable; urgency=low
* Fix value caching in Dpkg::Arch by not shadowing the variables.
Closes: #724949
-- Guillem Jover <guillem@debian.org> Mon, 30 Sep 2013 16:52:37 +0200
dpkg (1.16.11) stable; urgency=low
[ Raphaël Hertzog ]
* Fix usage of non-existent _() function in multiple places of the Perl
code. Thanks to Lincoln Myers <lincoln@netapp.com> for the patch.
Closes: #708607
[ Guillem Jover ]
* Fix chmod() arguments order in Dpkg::Source::Quilt. Closes: #710265
Thanks to Pablo Oliveira <pablo@sifflez.org>.
* Only ignore older packages if the existing version is informative. This
allows any program using libdpkg to parse the available file to see again
packages with versions lesser than 0-0 (like 0~0-0). Closes: #676664
* Fix use after free in dpkg_arch_load_list() on libdpkg.
Reported by Pedro Ribeiro <pedrib@gmail.com>.
[ Updated programs translations ]
* Vietnamese (Trần Ngọc Quân). Closes: #715334
[ Added man page translations ]
* Italian (Beatrice Torracca). Closes: #711647
[ Updated man page translations ]
* Japanese (TAKAHASHI Motonobu). Closes: #704240
-- Guillem Jover <guillem@debian.org> Mon, 23 Sep 2013 16:51:18 +0200
Problems found locating distfiles:
Package colorls: missing distfile ls.tar.gz
Package molden: missing distfile molden-4.6/molden4.6.tar.gz
Package softmaker-office-demo: missing distfile ofl06trial.tgz
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
with some fixes mentioned in PR pkg/47234.
dpkg (1.16.10) unstable; urgency=low
[ Guillem Jover ]
* Fix typos in 1.16.9 changelog entry. Closes: #691954
Thanks to Nicolás Alvarez <nicolas.alvarez@gmail.com>.
* Add missing @LIBLZMA_LIBS@ to Libs.Private in libdpkg.pc.in.
* Do not use an undefined va_list variable in dpkg_put_errno().
* Abort installation if we cannot set the security context for a file.
* Fix OpenPGP armored signature parsing, to be resilient against doctored
input, including source package control files. Closes: #695919
* Make sure the OpenGPG armor contains a signature block, even on EOF.
* Do not accept Armor Header Lines inside a paragraph.
* Do not abort dselect when multiarch is detected, as that only makes
users downgrade and hold on an older version w/ worse multiarch support.
* Fix warning in Dpkg::Source::Archive with «perl -w» due to redefinition
of getcwd() by removing unused POSIX modules usage. Closes: #700978
[ Updated programs translations ]
* Esperanto (Felipe Castro).
* Spanish (Javier Fernández-Sanguino).
* Vietnamesea (Trần Ngọc Quân). Closes: #692100
[ Updated scripts translations ]
* Fix mistranslation in French translation of scripts.
Thanks to Filipus Klutiero. Closes: #698530
* Fix typos in French translation of scripts.
Thanks to Sylvestre Ledru. Closes: #702627
* Fix Russian translation (wrong order of parameters in a string).
Thanks to Andrey Rahmatullin for noticing and Yuri Kozlov for fixing
the translation. Closes: #698869
-- Guillem Jover <guillem@debian.org> Fri, 08 Mar 2013 04:41:26 +0100
dpkg (1.16.9) unstable; urgency=low
[ Raphaël Hertzog ]
* Fix dpkg-source regression in "3.0 (quilt)" source packages while
unapplying patches that remove all files in a directory. Closes: #683547
* Fix segfault in field format parsing on empty strings, affecting
«dpkg-query -W -f ''» and «dpkg-deb -W --showformat=''». LP: #1035512
* Fix dpkg's French usage string which was missing the final “s“ in
--print-foreign-architectures. Closes: #685863
[ Guillem Jover ]
* Use “statoverrides” instead of “statusoverrides” in dpkg-statoverride.
Closes: #686995
* Comment out dpkg(1) documentation about disabled --command-fd option.
Closes: #685677
* Cleanup dpkg-divert unit-test environment to avoid build failures.
Closes: #687656
* Fix update-alternatives test suite to behave correctly on non-Debian
binary paths. Known to be affecting at least Gentoo and Mac OS X.
* Do not leak subcall command arguments in update-alternatives.
* Fix segfault on update-alternatives when passing --slave without any
action at all. LP: #1037431
* Fix memory leak in dpkg filesavespackage().
* Do not print garbage (or worse) on dpkg shared conffile debug output.
* Use a hash instead of a ref to a hash for keys() in Dpkg::BuildFlags
get_feature_areas(). This causes compilation failures with older perl
versions, which can be an issue with partial upgrades.
* Fix filter subpattern debug output format string to print an actual
value instead of just blanks.
* Ignore trailing filter subpattern slashes on reinclusion comparison.
This makes sure to reinclude directories previously excluded so that
contained files marked for inclusion do not fail to unpack due to a
missing directory. Closes: #688416
* Do not consider obsolete conffiles as actively owned by the package.
This ensures conffile entries are not mishandled nor mixed up when
configuring packages owning the non-obsolete conffiles. Closes: #689836
Based on a patch by Andreas Beckmann <debian@abeckmann.de>.
* Properly mark in the database obsolete conffiles on package replaces.
* Sync the Conffiles field values for all package instances. Because
only the first package instance being configured will have a *.dpkg-new
conffile available to be processed, the subsequent ones need to use the
hash from the previously processed entries.
* Fix logic for previously configured conffiles, so that the shared
conffile checks actually work on reinstallation. Closes: #684776
* Avoid info database corruption and bogus accesses on unknown format
values, by always reading the format file and validating it.
* Clarify that the most probable reason for multiarch database
inconsistencies is due to upgrades from unofficial dpkg versions.
* Only satisfy a dependency on a “Multi-Arch: foreign” if arch-unqualified.
* Take architecture into account in virtual packages on remove and
configure dpkg actions. Closes: #683411
* Update update-alternatives --query format and examples in man page to
match the implementation.
* Add two missing 3rd person ‘s’ in dpkg-gensymbols(1). Closes: #689863
Thanks to Paul Menzel <pm.debian@googlemail.com>.
* Fix regression on old-style binNMUs for packages that specify an
explicit binary version to dpkg-gencontrol, by always fixing up the
source version. Closes: #690823
[ Updated programs translations ]
* Catalan (Guillem Jover).
* Czech (Miroslav Kure).
* Danish (Joe Dalton). Closes: #690808
* French (Christian Perrier).
* German (Sven Joachim).
* Italian (Milo Casagrande).
* Japanese (Kenshi Muto).
* Polish (Michał Kułach). Closes: #690449
* Portuguese (Miguel Figueiredo). Closes: #682582, #690431
* Russian (Yuri Kozlov). Closes: #688050, #690415
* Slovak (Ivan Masár). Closes: #690426
* Swedish (Peter Krefting).
* Thai (Theppitak Karoonboonyanan). Closes: #690678
* Traditional Chinese (imacat). Closes: #687002
[ Updated scripts translations ]
* Polish (Michał Kułach). Closes: #683104
* Spanish (Omar Campagne). Closes: #685297
[ Updated dselect translations ]
* Basque (Iñaki Larrañaga Murgoitio). Closes: #686421
* Czech (Miroslav Kure).
* Danish (Joe Dalton). Closes: #689820
* Polish (Michał Kułach).
[ Updated man page translations ]
* French (Thomas Vincent, Sylvestre Ledru, Christian Perrier).
Closes: #682978, #683221
* German (Helge Kreutzmann).
* Japanese (Hideki Yamane). Closes: #685103
* Polish (Michał Kułach).
* Spanish (Omar Campagne, Guillem Jover). Closes: #683514
* Swedish (Peter Krefting).
-- Guillem Jover <guillem@debian.org> Sat, 20 Oct 2012 05:59:50 +0200
dpkg (1.16.8) unstable; urgency=low
[ Updated programs translations ]
* Esperanto (Felipe Castro).
* French (Christian Perrier).
* Polish (Michał Kułach). Closes: #680561
* Russian (Yuri Kozlov). Closes: #677850, #680411
* Slovak (Ivan Masár).
* Spanish (Javier Fernández-Sanguino)
[ Updated man page translations ]
* French (Christian Perrier).
[ Updated scripts translations ]
* French (Christian Perrier).
* Russian (Yuri Kozlov).
[ Updated dselect translations ]
* Danish (Joe Dalton). Closes: #680108
* Russian (Yuri Kozlov).
* Traditional Chinese (Asho Yeh - 阿信).
-- Guillem Jover <guillem@debian.org> Sat, 21 Jul 2012 02:11:04 +0200
dpkg (1.16.7) unstable; urgency=low
[ Guillem Jover ]
* Fix bogus dpkg-query --control-show badusage() strings.
[ Raphaël Hertzog ]
* Fix dpkg-gencontrol to correctly compute the source version
in the case of "old-style" bin-nmus. Closes: #679959
[ Updated dselect translations ]
* Catalan (Guillem Jover).
* French (Christian Perrier).
* German (Sven Joachim).
* Swedish (Peter Krefting).
[ Updated programs translations ]
* French (Christian Perrier).
* German (Sven Joachim).
* Italian (Milo Casagrande).
* Swedish (Peter Krefting).
[ Updated man page translations ]
* Swedish (Peter Krefting).
* French (Christian Perrier).
[ Updated scripts translations ]
* Swedish (Peter Krefting).
* French (Christian Perrier).
-- Raphaël Hertzog <hertzog@debian.org> Mon, 02 Jul 2012 21:16:12 +0200
dpkg (1.16.6) unstable; urgency=low
[ Guillem Jover ]
* Do not translate SE Linux context to human readable form while unpacking,
as that might cause the operation to fail if the mcstransd daemon
stopped running during the transaction. Closes: #679641
Thanks to Russell Coker <russell@coker.com.au>.
* Add --control-list and --control-show to dpkg-query --help output.
[ Raphaël Hertzog ]
* Fix import of error functions in dpkg-buildflags. Regression introduced
in 1.16.5.
[ Updated scripts translations ]
* German (Helge Kreutzmann).
[ Updated man page translations ]
* German (Helge Kreutzmann).
-- Guillem Jover <guillem@debian.org> Sat, 30 Jun 2012 21:45:10 +0200
dpkg (1.16.5) unstable; urgency=low
[ Raphaël Hertzog ]
* dpkg-source will now clean up after a failed application of a quilt
patch. Closes: #652970
And it will display a message explaining the most likely cause of
failure (patch applying with fuzz).
* When dpkg-source regenerates the automatic patch (with formats "2.0"
or "3.0 (quilt)") it will keep the current patch header to avoid
losing changes made by the maintainer.
* Modify dpkg-source --commit to auto-whitelist modified binary files.
That way the same command can be used whatever kind of upstream files
has been modified.
* dpkg-source now supports a new option --no-unapply-patches to force
patches to be kept applied after build (used by formats "2.0" and "3.0
(quilt)"). Closes: #643043
[ Guillem Jover ]
* Add a dpkg-buildflags --status action to describe the flag settings.
Thanks to Bernhard R. Link <brlink@debian.org>. Closes: #664058
* Add support for “binary-only” key-value option in changelogs, to allow
marking changelog entries as part of a binary only upload, having a
different version from the source package. Closes: #440094, #672723
* Minimize source architecture list on «dpkg-source -b» by removing
architectures already covered by architecture wildcards. Closes: #675333
* Do not assume $ENV{'HOME'} is defined in Dpkg::Source::Package.
Thanks to Niels Thykier <niels@thykier.net>. Closes: #677631
* Document in more detail in deb(5) the supported ar archive format.
* Document in deb-src-control(5) the “Private-” field prefix.
* Add new start-stop-daemon --no-close option to disable closing file
descriptors on --background. Closes: #627333, #646425
* Switch source compression to xz.
* Detect ar header fields truncation due to too long member names or too
large member sizes. Closes: #678933
* Add new dpkg-query --control-list and --control-show commands, which
replace the now deprecated --control-path.
* Print master and slave alternarive link names in update-alternatives
--query and always print alternative link in --config. Closes: #679010
* Cleanup and clarify buffer I/O error reporting. Closes: #621763
* Avoid full stop and double newline at the end of errors and warnings.
Thanks to Jonathan Nieder <jnieder@gmail.com>. Closes: #624000
* Change all programs to accept -? instead of -h for help output.
* Add support for specific arch-qualified dependencies. Closes: #676232
Thanks to Thibaut Girka <thib@sitedethib.com>.
* Accept “:native” arch-qualified Build-Dependencies. Closes: #558095
Thanks to Thibaut Girka <thib@sitedethib.com>.
* Do not use undefined values returned form deps_parse() in dpkg-shlibdeps.
Closes: #640676
* Add an Architecture column to «dpkg-query -l» before the Description
column. Suggested by Jonathan Nieder <jnieder@gmail.com>. Closes: #673190
[ Updated dpkg translations ]
* Swedish (Peter Krefting).
[ Updated dselect translations ]
* Swedish (Peter Krefting).
[ Updated scripts translations ]
* German (Helge Kreutzmann).
[ Updated man page translations ]
* German (Helge Kreutzmann).
* Swedish (Peter Krefting).
-- Guillem Jover <guillem@debian.org> Sat, 30 Jun 2012 04:28:51 +0200
dpkg (1.16.4.3) unstable; urgency=low
* On «update-alternatives --install» only warn for now on out of range
priorities and clamp the values, as there seems to be packages using
priorities > INT_MAX, which although bogus as they were previously
overflowing the int used to store them, that would cause installation
failures when upgrading from squeeze. This will be reverted to an
error after wheezy. Closes: #676874
-- Guillem Jover <guillem@debian.org> Sun, 17 Jun 2012 10:56:15 +0200
dpkg (1.16.4.2) unstable; urgency=low
* Check correctly for out of range negative field width values in dpkg-query
--show format strings. Regression introduced in 1.16.4. Closes: #676796
-- Guillem Jover <guillem@debian.org> Sat, 09 Jun 2012 16:16:17 +0200
dpkg (1.16.4.1) unstable; urgency=low
* Fix explicit file trigger activation. Regression introduced in 1.16.4.
Closes: #676684
-- Guillem Jover <guillem@debian.org> Fri, 08 Jun 2012 23:17:11 +0200
dpkg (1.16.4) unstable; urgency=low
[ Guillem Jover ]
* Deprecate compressing .deb files with lzma, by making dpkg-deb issue a
warning, as the format has several deficiencies that have been addressed
by upstream in xz. Although unpacking will be kept being supported to
handle existing lzma compressed .deb files.
* Add alternative changelog formats documentation from the policy manual
to dpkg-parsechangelog(1). Closes: #584141
* Add MiNT support to ostable and triplettable.
Requested by Thorsten Glaser <tg@mirbsd.de>.
* Add new frontend.txt file to dpkg-dev documenting some public interfaces
for dpkg frontends. Closes: #670897
* Clarify in dpkg(1) when --force-conf* options cause action.
Suggested by Sven Joachim <svenjoac@gmx.de>. Closes: #391818
* Add “gcc | c-compiler” to libdpkg-perl Suggests, due to Dpkg::Arch usage.
Closes: #671198
* Do not mask PIE from dpkg-buildflags on m68k, it appears to work now.
Requested by Thorsten Glaser <tg@mirbsd.de>.
* Remove deprecated support for PGP style signing command interface from
dpkg-buildpackage.
* Remove obsolete --udeb dpkg-scanpackages option.
* Add arm64 support to cputable. Closes: #672408
Thanks Wookey <wookey@wookware.org>.
* Check parsed integers for invalid or no digit errors in start-stop-daemon
and update-alternatives.
* Check all parsed integers for out of range errors; i.e. that no negative
values are allowed if not appropriate, and that no overflows occur.
Closes: #580038
* Switch start-stop-daemon(8) man page examples from /var/run to /run.
* Do not obscure Dpkg::Source::Package ‘require’ errors with custom
error message. Thanks to Thomas Adam <thomas.adam@smoothwall.net> and
Jonathan Nieder <jrnieder@gmail.com>.
* Add new Dpkg::Substvars::set_as_used() member function.
* Rename Dpkg::Substvars no_warn() member function to mark_as_used(), keep
the old name aliased to the new one producing a deprecation warning.
* Add support for Build-Depends-Arch and Build-Conflicts-Arch fields, and
a new -A option to dpkg-checkbuilddeps. Closes: #629480
Thanks to Roger Leigh <rleigh@debian.org>.
* Add support for “none” as a valid dpkg-deb compression strategy value.
Closes: #674711
* Clarify in dpkg(1) that the «dpkg -l» example only lists installed
packages, and that to list available packages «dpkg-query --load-avail»
has to be used instead. Closes: #673305
* Clarify also in the dpkg(1) man page (already present in the dpkg.cfg(5)
man page) the valid filenames for /etc/dpkg/dpkg.cfg.d/ fragment files.
Closes: #674674
* Fix start-stop-daemon to not follow symlinks when creating pidfiles.
Thanks to Carsten Hey <carsten@debian.org>. Closes: #675918
* Refactor the file locking logic into a new Dpkg::File module, and move
the libfile-fcntllock-perl dependency from dpkg-dev to libdpkg-perl.
* Demote the libfile-fcntllock-perl Depends to a Recommends by falling back
to use flock based locking, because it being an XS module makes building
a new perl package bumping the perl ABI impossible, as both packages
become uninstallable. Thanks to Dominic Hargreaves <dom@earth.li>.
Closes: #675947
* Put an & before field_capitalize() calls in Dpkg::Control::Fields to
fix a usage before declaration warning with perl 5.16. Closes: #676262
* Do not warn in dpkg-divert on missing files list file for packages never
installed before. Closes: #673518
* Add support for liblzma to handle .xz and .lzma compressed files, and
switch to it instead of using xz-utils. This removes the xz-utils
Pre-Depends from dpkg. Thanks to Jonathan Nieder <jrnieder@gmail.com>.
* Always activate all path components for file triggers, this fixes file
trigger handling for conffiles and dpkg-trigger invocations.
Closes: #675613, #676061, #676062, #676107, #676118, #676122
* Do not reset Multi-Arch field in the update log when removing the package.
Closes: #676496
* Fix dpkg-split to honour the DPKG_ADMINDIR environment variable.
[ Updated man page translations ]
* German (Helge Kreutzmann).
* French (Christian Perrier). Fixes a mistranslation and some
inconsistencies reported by Vincent Danjean( thanks). Closes: #673158
-- Guillem Jover <guillem@debian.org> Thu, 07 Jun 2012 23:43:19 +0200
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package
Like last time, where this caused no complaints.
about the Perl version. Instead of baking the version number into the
PLIST, control it from the Makefile. Also, depend on the current
major/minor version of Perl. Ideally this version should come from
something in lang/perl5, but there isn't any obvious way to do that.
But at least now this only has to be updated in one place when Perl
changes.
Bump PKGREVISION because of the depends changes.
Lots of upstream changes since 1.10.28 (three years ago).
pkgsrc changes:
- the database location has changed to ${VARBASE}/db/dpkg
- man pages are installed
PKGLOCALEDIR and which install their locale files directly under
${PREFIX}/${PKGLOCALEDIR} and sort the PLIST file entries. From now
on, pkgsrc/mk/plist/plist-locale.awk will automatically handle
transforming the PLIST to refer to the correct locale directory.
developer is officially maintaining the package.
The rationale for changing this from "tech-pkg" to "pkgsrc-users" is
that it implies that any user can try to maintain the package (by
submitting patches to the mailing list). Since the folks most likely
to care about the package are the folks that want to use it or are
already using it, this would leverage the energy of users who aren't
developers.
around at either build-time or at run-time is:
USE_TOOLS+= perl # build-time
USE_TOOLS+= perl:run # run-time
Also remove some places where perl5/buildlink3.mk was being included
by a package Makefile, but all that the package wanted was the Perl
executable.
