pkgsrc/misc/dpkg
adam 2707ff0247 dpkg: updated to 1.18.24
dpkg 1.18.24:
* Add missing symbols to the libdpkg map file.
* Fix dpkg-shlibdeps to preserve the Dpkg::Shlibs::find_library() order
  when scanning symbols/shlibs files. This was causing generation of bogus
  dependencies when multiple packages provide the same SONAME on different
  directories. Regression introduced in dpkg 1.18.17.
* Make dpkg-maintscript-helper print all unowned files from a directory
  when printing the error message, to ease debugging those problems after
  the fact.
  Based on a patch by Bastien ROUCARI?<88>S <roucaries.bastien@gmail.com>.
* Add duplicate prevention code for debian/files to dpkg-genbuildinfo, so
  that successive runs with different versions and equivalent build types
  do not generate multiple .buildinfo entries to be uploaded, which is
  similar to what dpkg-gencontrol is doing for .deb files.
* Fix conffile takeover handling during unpack in dpkg on --root or
  on diversions.
* Fix digest inference for shared conffiles, causing bogus takeover
  unpack errors. Regression introduced in dpkg 1.16.9.
* Improve tar entry metadata parsing in dpkg:
  - Do not parse device numbers for non block nor char tar entry objects.
  - Make the existing octal parser more robust, by checking for the
    expected format of leading zeros or spaces, followed by any ASCII
    octal characters (0-7), followed by zero or more space or NULs.
  - Add support for base-256 encoded numeric fields, to support large
    values, for UID/GID, device number, size and even signed timestamps.
    This is necessary not only to be able to store larger values, but to
    cover packages that can already be generated by dpkg-deb, given that
    it uses the system GNU tar when building.
* Architecture support:
  - Add support for ARM64 ILP32.
* Perl modules:
  - Remove obsolete hardening-wrapper support from Dpkg::Vendor::Ubuntu.
  - Bump $Dpkg::Deps::VERSION to match the one documented in CHANGES.
  - Ignore by default debian/files.new and debian/files for all source
    formats in Dpkg::Source::Package, because these are generated files
    with well known pathnames, part of the public interface, and with
    dpkg-genbuildinfo always injecting .buildinfo entries into
    debian/files, this meant this could disrupt previous workflows based
    on not cleaning the source tree.
* Documentation:
  - Many spelling fixes.
  - Do not include mispellings in changelogs, as that makes detecting them
    more difficult.
* Build system:
  - Use libexec variable for auxiliary internal programs, and set it to
    /usr/lib on Debian and derivatives.
  - Check that the detected tar is a GNU tar.
  - Check that the detected patch is a GNU patch, so that we get a directory
    traversal resistant patch implementation. This fixes CVE-2017-8283 by
    delegating those checks to patch(1), so that we trap blank-indented
    diff hunks trying to escape from the source tree.
* Test suite:
  - Add a test case for blank-indented patches which were the cause for
    CVE-2017-8283.
  - Handle files with non-zero sizes in c-tarextract libdpkg test code.
2017-12-07 12:35:41 +00:00
..
DESCR
distinfo dpkg: updated to 1.18.24 2017-12-07 12:35:41 +00:00
Makefile dpkg: updated to 1.18.24 2017-12-07 12:35:41 +00:00
PLIST dpkg: updated to 1.18.24 2017-12-07 12:35:41 +00:00