Change log for dpkg package in Ubuntu

175 of 247 results
Published in disco-release 3 hours ago
Deleted in disco-proposed (Reason: moved to release)
dpkg (1.19.4ubuntu3) disco; urgency=medium

  * scripts/Dpkg/Source/Package.pm: use Dpkg::Source:Format (closes: #921031)

 -- Adam Conrad <email address hidden>  Tue, 19 Feb 2019 07:37:22 -0700
Superseded in disco-proposed on 2019-02-19
dpkg (1.19.4ubuntu2) disco; urgency=medium

  * scripts/Dpkg/Shlibs/Objdump.pm: use Dpkg::IPC to fix armhf ABI checks.

Available diffs

Deleted in disco-proposed on 2019-01-24 (Reason: remove broken dpkg)
dpkg (1.19.4ubuntu1) disco; urgency=medium

  * Merge from current Debian testing; remaining Ubuntu changes:
    - Change native source version/format mismatch errors into warnings
      until the dust settles on Debian bug 737634 about override options.
    - Add DPKG_UNTRANSLATED_MESSAGES environment check so that higher-level
      tools can get untranslated dpkg terminal log messages while at the
      same time having translated debconf prompts.
    - Special-case arm{el,hf} ELF objects in Shlibs/Objdump.pm for multilib.
    - Map unqualified package names of multiarch-same packages to the native
      arch instead of throwing an error, so that we don't break on upgrade
      when there are unqualified names stored in the dpkg trigger database.
    - Apply a workaround from mvo to consider ^rc packages as multiarch,
      during the dpkg consistency checks. (see LP: 1015567 and 1057367).
    - dpkg-gencontrol: Fix Package-Type override handling for ddeb support.
    - Add Zstd compression and decompression support for binary packages.

Available diffs

Superseded in disco-release 3 hours ago
Deleted in disco-proposed (Reason: moved to release)
dpkg (1.19.2ubuntu2) disco; urgency=medium

  * scripts/Dpkg/Vendor/Ubuntu.pm: Instead of running the Debian hooks after
    the Ubuntu buildflags are set up, run them first, and then strip/prepend
    the bits we need to change. This fixes compiler optimisation on ppc64el.

 -- Adam Conrad <email address hidden>  Fri, 07 Dec 2018 10:51:35 -0700

Available diffs

Superseded in disco-release on 2018-12-14
Deleted in disco-proposed on 2018-12-16 (Reason: moved to release)
dpkg (1.19.2ubuntu1) disco; urgency=medium

  * Merge from current Debian testing; remaining Ubuntu changes:
    - Change native source version/format mismatch errors into warnings
      until the dust settles on Debian bug 737634 about override options.
    - Add DPKG_UNTRANSLATED_MESSAGES environment check so that higher-level
      tools can get untranslated dpkg terminal log messages while at the
      same time having translated debconf prompts.
    - Special-case arm{el,hf} ELF objects in Shlibs/Objdump.pm for multilib.
    - Map unqualified package names of multiarch-same packages to the native
      arch instead of throwing an error, so that we don't break on upgrade
      when there are unqualified names stored in the dpkg trigger database.
    - Apply a workaround from mvo to consider ^rc packages as multiarch,
      during the dpkg consistency checks. (see LP: 1015567 and 1057367).
    - dpkg-gencontrol: Fix Package-Type override handling for ddeb support.
    - Add Zstd compression and decompression support for binary packages.
  * Fix implicit declaration of getenv in i18n.c and signedness errors in
    zstd patches (nod to Gianfranco Costamagna for being a human -Werror).

Available diffs

Published in xenial-updates on 2018-10-29
Deleted in xenial-proposed (Reason: moved to -updates)
dpkg (1.18.4ubuntu1.5) xenial; urgency=medium

  * Apply patch from upstream to add frontend locking (LP: #1796081):
    - Add support for frontend locking. This makes it possible for frontends
      using this new protocol, to safely lock the dpkg database w/o risk of
      race conditions with other dpkg instances or frontends supporting the
      same protocol.

 -- Julian Andres Klode <email address hidden>  Thu, 04 Oct 2018 14:21:49 +0200
Published in bionic-updates on 2018-10-29
Deleted in bionic-proposed (Reason: moved to -updates)
dpkg (1.19.0.5ubuntu2.1) bionic; urgency=medium

  * Apply patch from upstream to add frontend locking (LP: #1796081):
    - Add support for frontend locking. This makes it possible for frontends
      using this new protocol, to safely lock the dpkg database w/o risk of
      race conditions with other dpkg instances or frontends supporting the
      same protocol.

 -- Julian Andres Klode <email address hidden>  Thu, 04 Oct 2018 14:21:49 +0200
Superseded in disco-release on 2018-12-02
Published in cosmic-release on 2018-09-16
Deleted in cosmic-proposed (Reason: moved to release)
dpkg (1.19.0.5ubuntu5) cosmic; urgency=medium

  * Manually do autoreconf -fi to pick up new automake 1.16

 -- Gianfranco Costamagna <email address hidden>  Thu, 13 Sep 2018 13:46:04 +0200
Superseded in cosmic-release on 2018-09-16
Deleted in cosmic-proposed on 2018-09-18 (Reason: moved to release)
dpkg (1.19.0.5ubuntu4) cosmic; urgency=medium

  * Apply patch from upstream to add frontend locking:
    - Add support for frontend locking. This makes it possible for frontends
      using this new protocol, to safely lock the dpkg database w/o risk of
      race conditions with other dpkg instances or frontends supporting the
      same protocol. Thanks to Julian Andres Klode <email address hidden>.

 -- Julian Andres Klode <email address hidden>  Wed, 08 Aug 2018 10:58:53 +0200
Superseded in cosmic-release on 2018-08-29
Deleted in cosmic-proposed on 2018-08-30 (Reason: moved to release)
dpkg (1.19.0.5ubuntu3) cosmic; urgency=medium

  * No-change rebuild for ncurses soname changes.

 -- Matthias Klose <email address hidden>  Thu, 03 May 2018 15:19:09 +0000

Available diffs

Superseded in cosmic-release on 2018-05-10
Published in bionic-release on 2018-04-19
Deleted in bionic-proposed (Reason: moved to release)
dpkg (1.19.0.5ubuntu2) bionic; urgency=medium

  * Add Zstandard compression and decompression support for binary packages
    (LP: #1764220)

 -- Balint Reczey <email address hidden>  Mon, 16 Apr 2018 04:25:21 +0200
Superseded in xenial-updates on 2018-10-29
Deleted in xenial-proposed on 2018-10-30 (Reason: moved to -updates)
dpkg (1.18.4ubuntu1.4) xenial; urgency=medium

  * Cherry-pick d01212f2d7e59fc713c66b5d60421ac2296c1463 from 1.18.5:
    - Allow detached upstream orig tarball signatures when extracting
      version 1.0 non-native source packages (LP: #1751114)

 -- Adam Conrad <email address hidden>  Wed, 14 Mar 2018 13:17:08 -0600

Available diffs

Published in trusty-updates on 2018-03-14
Deleted in trusty-proposed (Reason: moved to -updates)
dpkg (1.17.5ubuntu5.8) trusty; urgency=medium

  * Add support for .deb archives with a control member not compressed
    (control.tar) or compressed with xz (control.tar.xz) LP: #1730627.

 -- Adam Conrad <email address hidden>  Mon, 04 Dec 2017 12:15:45 -0700
Superseded in bionic-release on 2018-04-19
Deleted in bionic-proposed on 2018-04-21 (Reason: moved to release)
dpkg (1.19.0.5ubuntu1) bionic; urgency=medium

  * Merge from current Debian testing; remaining Ubuntu changes:
    - Change native source version/format mismatch errors into warnings
      until the dust settles on Debian bug 737634 about override options.
    - Add DPKG_UNTRANSLATED_MESSAGES environment check so that higher-level
      tools can get untranslated dpkg terminal log messages while at the
      same time having translated debconf prompts.
    - Special-case arm{el,hf} ELF objects in Shlibs/Objdump.pm for multilib.
    - Map unqualified package names of multiarch-same packages to the native
      arch instead of throwing an error, so that we don't break on upgrade
      when there are unqualified names stored in the dpkg trigger database.
    - Apply a workaround from mvo to consider ^rc packages as multiarch,
      during the dpkg consistency checks. (see LP: 1015567 and 1057367).
    - dpkg-gencontrol: Fix Package-Type override handling for ddeb support.

Superseded in bionic-release on 2018-02-09
Deleted in bionic-proposed on 2018-02-11 (Reason: moved to release)
dpkg (1.19.0.4ubuntu1) bionic; urgency=medium

  * Merge from current Debian unstable; remaining Ubuntu changes:
    - Change native source version/format mismatch errors into warnings
      until the dust settles on Debian bug 737634 about override options.
    - Add DPKG_UNTRANSLATED_MESSAGES environment check so that higher-level
      tools can get untranslated dpkg terminal log messages while at the
      same time having translated debconf prompts.
    - Special-case arm{el,hf} ELF objects in Shlibs/Objdump.pm for multilib.
    - Map unqualified package names of multiarch-same packages to the native
      arch instead of throwing an error, so that we don't break on upgrade
      when there are unqualified names stored in the dpkg trigger database.
    - Apply a workaround from mvo to consider ^rc packages as multiarch,
      during the dpkg consistency checks. (see LP: 1015567 and 1057367).
    - dpkg-gencontrol: Fix Package-Type override handling for ddeb support.

Available diffs

Superseded in xenial-updates on 2018-03-14
Deleted in xenial-proposed on 2018-03-16 (Reason: moved to -updates)
dpkg (1.18.4ubuntu1.3) xenial; urgency=medium

  * Use ohshit() instead of internerr() for unhandled dpkg-split exit
    codes. (i.e. do not abort). Closes: #812679, LP: #1601998

 -- Brian Murray <email address hidden>  Fri, 20 Oct 2017 16:14:06 -0700

Available diffs

Superseded in bionic-release on 2017-10-28
Published in artful-release on 2017-06-06
Deleted in artful-proposed (Reason: moved to release)
dpkg (1.18.24ubuntu1) artful; urgency=medium

  * Merge from current Debian testing; remaining Ubuntu changes:
    - Change native source version/format mismatch errors into warnings
      until the dust settles on Debian bug 737634 about override options.
    - Add DPKG_UNTRANSLATED_MESSAGES environment check so that higher-level
      tools can get untranslated dpkg terminal log messages while at the
      same time having translated debconf prompts.
    - Special-case arm{el,hf} ELF objects in Shlibs/Objdump.pm for multilib.
    - Map unqualified package names of multiarch-same packages to the native
      arch instead of throwing an error, so that we don't break on upgrade
      when there are unqualified names stored in the dpkg trigger database.
    - Apply a workaround from mvo to consider ^rc packages as multiarch,
      during the dpkg consistency checks. (see LP: 1015567 and 1057367).
    - dpkg-gencontrol: Fix Package-Type override handling for ddeb support.
  * scripts/Dpkg/Vendor/Ubuntu.pm: Drop hardening changes merged upstream.
  * dpkg-buildpackage: Drop stale debian/files cleaning, solved differently.

Available diffs

Superseded in artful-release on 2017-06-06
Deleted in artful-proposed on 2017-06-07 (Reason: moved to release)
dpkg (1.18.23ubuntu7) artful; urgency=medium

  * scripts/Dpkg/Vendor/Debian.pm: Re-enable PIE on all architectures.

 -- Adam Conrad <email address hidden>  Tue, 09 May 2017 23:48:36 -0600

Available diffs

Superseded in artful-release on 2017-05-21
Deleted in artful-proposed on 2017-05-22 (Reason: moved to release)
dpkg (1.18.23ubuntu6) artful; urgency=medium

  * dpkg-buildpackage: Move debian/files test and removal to after clean.

 -- Adam Conrad <email address hidden>  Tue, 09 May 2017 23:45:31 -0600
Superseded in artful-proposed on 2017-05-10
dpkg (1.18.23ubuntu5) artful; urgency=medium

  * dpkg-buildpackage: Remove stale debian/files during initialisation.

 -- Adam Conrad <email address hidden>  Tue, 09 May 2017 22:05:49 -0600

Available diffs

Superseded in artful-release on 2017-05-10
Deleted in artful-proposed on 2017-05-12 (Reason: moved to release)
dpkg (1.18.23ubuntu4) artful; urgency=medium

  * dpkg-genchanges: Add buildinfo files to changes now that LP is fixed.

 -- Adam Conrad <email address hidden>  Fri, 21 Apr 2017 12:00:18 -0600
Superseded in artful-proposed on 2017-04-21
dpkg (1.18.23ubuntu3) artful; urgency=medium

  * dpkg-gencontrol: Fix Package-Type override handling (LP: #1623256)

 -- Adam Conrad <email address hidden>  Thu, 20 Apr 2017 20:51:40 -0600

Available diffs

Superseded in artful-proposed on 2017-04-21
dpkg (1.18.23ubuntu2) artful; urgency=medium

  * dpkg-genchanges: Don't add buildinfo files to the changes file.

Available diffs

Deleted in artful-proposed on 2017-04-21 (Reason: buildinfo support breaks Launchpad)
dpkg (1.18.23ubuntu1) artful; urgency=medium

  * Merge from Debian (LP: #1654905, #1652945); remaining Ubuntu changes:
    - Change native source version/format mismatch errors into warnings
      until the dust settles on Debian bug 737634 about override options.
    - Add DPKG_UNTRANSLATED_MESSAGES environment check so that higher-level
      tools can get untranslated dpkg terminal log messages while at the
      same time having translated debconf prompts.
    - Special-case arm{el,hf} ELF objects in Shlibs/Objdump.pm for multilib.
    - Map unqualified package names of multiarch-same packages to the native
      arch instead of throwing an error, so that we don't break on upgrade
      when there are unqualified names stored in the dpkg trigger database.
    - Apply a workaround from mvo to consider ^rc packages as multiarch,
      during the dpkg consistency checks. (see LP: 1015567 and 1057367).
  * scripts/Dpkg/Vendor/Ubuntu.pm: Drop obsolete hardening-wrapper control.
  * scripts/Dpkg/Vendor/Debian.pm: Adjust PIE builtin architecture list.

Available diffs

Superseded in xenial-updates on 2017-11-30
Deleted in xenial-proposed on 2017-12-01 (Reason: moved to -updates)
dpkg (1.18.4ubuntu1.2) xenial; urgency=medium

  * Cherry-pick patch from git to limit preallocation to files over
    16KiB, fixing installation performance regression (LP: #1663749)

 -- Adam Conrad <email address hidden>  Mon, 10 Apr 2017 04:08:19 -0600

Available diffs

Superseded in artful-release on 2017-04-22
Obsolete in zesty-release on 2018-06-22
Deleted in zesty-proposed on 2018-06-22 (Reason: moved to release)
dpkg (1.18.10ubuntu2) zesty; urgency=medium

  * Cherry-pick patch from git to limit preallocation to files over
    16KiB, fixing installation performance regression (LP: #1663749)

 -- Adam Conrad <email address hidden>  Mon, 10 Apr 2017 04:08:19 -0600

Available diffs

Obsolete in yakkety-updates on 2018-01-23
Deleted in yakkety-proposed on 2018-01-23 (Reason: moved to -updates)
dpkg (1.18.10ubuntu1.1) yakkety; urgency=medium

  * Cherry-pick patch from git to limit preallocation to files over
    16KiB, fixing installation performance regression (LP: #1663749)

 -- Adam Conrad <email address hidden>  Mon, 10 Apr 2017 04:08:19 -0600

Available diffs

Superseded in zesty-release on 2017-04-11
Obsolete in yakkety-release on 2018-01-23
Deleted in yakkety-proposed on 2018-01-23 (Reason: moved to release)
dpkg (1.18.10ubuntu1) yakkety; urgency=medium

  * Merge from Debian testing; remaining Ubuntu changes:
    - Change native source version/format mismatch errors into warnings
      until the dust settles on Debian bug 737634 about override options.
    - Add DPKG_UNTRANSLATED_MESSAGES environment check so that higher-level
      tools can get untranslated dpkg terminal log messages while at the
      same time having translated debconf prompts.
    - Special-case arm{el,hf} ELF objects in Shlibs/Objdump.pm for multilib.
    - Map unqualified package names of multiarch-same packages to the native
      arch instead of throwing an error, so that we don't break on upgrade
      when there are unqualified names stored in the dpkg trigger database.
    - Apply a workaround from mvo to consider ^rc packages as multiarch,
      during the dpkg consistency checks. (see LP: 1015567 and 1057367).

Available diffs

Superseded in yakkety-release on 2016-08-16
Deleted in yakkety-proposed on 2016-08-17 (Reason: moved to release)
dpkg (1.18.9ubuntu2) yakkety; urgency=medium

  * Cherry pick the following patch from git to fix APT's testsuite

  [ Guillem Jover ]
  * When activating file triggers on conffile purge, use the conffile name
    instead of the real pathname it might refer to. This fixes a segfault
    when using --instdir, or when the conffile has been moved around and
    replaced with a symlink to the target.
    Regression introduced in dpkg 1.18.8. Closes: #830267

 -- Julian Andres Klode <email address hidden>  Fri, 08 Jul 2016 06:42:07 +0200

Available diffs

Superseded in yakkety-release on 2016-07-08
Deleted in yakkety-proposed on 2016-07-09 (Reason: moved to release)
dpkg (1.18.9ubuntu1) yakkety; urgency=medium

  * Merge with Debian unstable, pulling in fix for dpkg-buildpackage.

Deleted in yakkety-proposed on 2016-07-04 (Reason: broken)
dpkg (1.18.8ubuntu2) yakkety; urgency=medium

  * Require Dpkg::Control::Info in dpkg-buildpackage.
    Initially reported by Helmut Grohne <email address hidden>.
    Regression introduced in dpkg 1.18.8. Closes: #829542

 -- Martin Pitt <email address hidden>  Mon, 04 Jul 2016 12:36:37 +0200

Available diffs

Deleted in yakkety-proposed on 2016-07-04 (Reason: broken)
dpkg (1.18.8ubuntu1) yakkety; urgency=medium

  * Merge from Debian unstable (LP: #1491145); remaining Ubuntu changes:
    - Change native source version/format mismatch errors into warnings
      until the dust settles on Debian bug 737634 about override options.
    - Add DPKG_UNTRANSLATED_MESSAGES environment check so that higher-level
      tools can get untranslated dpkg terminal log messages while at the
      same time having translated debconf prompts.
    - Special-case arm{el,hf} ELF objects in Shlibs/Objdump.pm for multilib.
    - Map unqualified package names of multiarch-same packages to the native
      arch instead of throwing an error, so that we don't break on upgrade
      when there are unqualified names stored in the dpkg trigger database.
    - Apply a workaround from mvo to consider ^rc packages as multiarch,
      during the dpkg consistency checks. (see LP: 1015567 and 1057367).

Available diffs

Superseded in trusty-updates on 2018-03-14
Deleted in trusty-proposed on 2018-03-16 (Reason: moved to -updates)
dpkg (1.17.5ubuntu5.7) trusty; urgency=medium

  * Backport from Debian (LP: #1587667):
    - Allow detached upstream signatures for upstream orig.tar files in the
      .dsc file. Suggested by Daniel Kahn Gillmor <email address hidden>.
      Closes: #759478
    - Allow detached upstream orig tarball signatures when extracting
      version 1.0 non-native source packages.

 -- Colin Watson <email address hidden>  Tue, 14 Jun 2016 19:31:28 +0100
Published in precise-updates on 2016-06-23
Deleted in precise-proposed (Reason: moved to -updates)
dpkg (1.16.1.2ubuntu7.8) precise; urgency=medium

  * Backport from Debian (LP: #1587667):
    - Allow detached upstream signatures for upstream orig.tar files in the
      .dsc file. Suggested by Daniel Kahn Gillmor <email address hidden>.
      Closes: #759478
    - Allow detached upstream orig tarball signatures when extracting
      version 1.0 non-native source packages.

 -- Colin Watson <email address hidden>  Tue, 14 Jun 2016 19:22:53 +0100
Superseded in yakkety-release on 2016-07-04
Deleted in yakkety-proposed on 2016-07-06 (Reason: moved to release)
dpkg (1.18.7ubuntu1) yakkety; urgency=medium

  * Merge from Debian unstable; remaining changes in the Ubuntu delta:
    - Change native source version/format mismatch errors into warnings
      until the dust settles on Debian bug 737634 about override options.
    - Add DPKG_UNTRANSLATED_MESSAGES environment check so that higher-level
      tools can get untranslated dpkg terminal log messages while at the
      same time having translated debconf prompts.
    - Special-case arm{el,hf} ELF objects in Shlibs/Objdump.pm for multilib.
    - Map unqualified package names of multiarch-same packages to the native
      arch instead of throwing an error, so that we don't break on upgrade
      when there are unqualified names stored in the dpkg trigger database.
    - Apply a workaround from mvo to consider ^rc packages as multiarch,
      during the dpkg consistency checks. (see LP: 1015567 and 1057367).
  * Drop Breaks/Conflicts for triggers/upgrades now that xenial is released.

Available diffs

Superseded in xenial-updates on 2017-04-27
Deleted in xenial-proposed on 2017-04-28 (Reason: moved to -updates)
dpkg (1.18.4ubuntu1.1) xenial; urgency=medium

    * Add Breaks on ufw (<< 0.35-0ubuntu2~) for trigger loops (LP: #1571174)

 -- Adam Conrad <email address hidden>  Thu, 12 May 2016 04:35:55 -0600

Available diffs

Superseded in yakkety-release on 2016-05-19
Deleted in yakkety-proposed on 2016-05-20 (Reason: moved to release)
dpkg (1.18.4ubuntu2) yakkety; urgency=medium

  * No-change rebuild to pick up -fPIE on amd64 and ppc64el.

 -- Matthias Klose <email address hidden>  Fri, 29 Apr 2016 13:53:32 +0200

Available diffs

Published in trusty-security on 2016-04-26
Superseded in trusty-updates on 2016-06-23
Deleted in trusty-proposed (Reason: moved to -updates)
dpkg (1.17.5ubuntu5.6) trusty; urgency=medium

  * dpkg-maintscript-helper: s/exit/return/ in subshells (LP: #1574285)

 -- Adam Conrad <email address hidden>  Mon, 25 Apr 2016 12:44:01 -0600
Superseded in yakkety-release on 2016-05-03
Published in xenial-release on 2016-01-13
Deleted in xenial-proposed (Reason: moved to release)
dpkg (1.18.4ubuntu1) xenial; urgency=medium

  * Merge from Debian testing; remaining changes in the Ubuntu delta:
    - Change native source version/format mismatch errors into warnings
      until the dust settles on Debian bug 737634 about override options.
    - Add DPKG_UNTRANSLATED_MESSAGES environment check so that higher-level
      tools can get untranslated dpkg terminal log messages while at the
      same time having translated debconf prompts.
    - Special-case arm{el,hf} ELF objects in Shlibs/Objdump.pm for multilib.
    - Map unqualified package names of multiarch-same packages to the native
      arch instead of throwing an error, so that we don't break on upgrade
      when there are unqualified names stored in the dpkg trigger database.
    - Apply a workaround from mvo to consider ^rc packages as multiarch,
      during the dpkg consistency checks. (see LP: 1015567 and 1057367).
    - Carry over Breaks/Conflicts for triggers/upgrades until post-16.04.

Available diffs

Obsolete in vivid-updates on 2018-01-18
Obsolete in vivid-security on 2018-01-18
dpkg (1.17.25ubuntu1.1) vivid-security; urgency=medium

  * SECURITY UPDATE: multiple security issues
    - dpkg-deb/extract.c: Fix off-by-one write access on versionbuf
      variable.
    - dpkg-deb/extract.c: Fix off-by-one write access on ctrllenbuf
      variable. (CVE-2015-0860)
    - lib/dpkg/ar.c: Fix an off-by-one read access in ar member name
      variable.
    - Thanks to Guillem Jover and Hanno Böck for the patches!

 -- Marc Deslauriers <email address hidden>  Thu, 26 Nov 2015 07:58:25 -0500
Obsolete in wily-updates on 2018-01-22
Obsolete in wily-security on 2018-01-22
dpkg (1.18.2ubuntu5.1) wily-security; urgency=medium

  * SECURITY UPDATE: multiple security issues
    - dpkg-deb/extract.c: Fix off-by-one write access on ctrllenbuf
      variable. (CVE-2015-0860)
    - lib/dpkg/ar.c: Fix an off-by-one read access in ar member name
      variable.
    - Thanks to Guillem Jover and Hanno Böck for the patches!

 -- Marc Deslauriers <email address hidden>  Thu, 26 Nov 2015 08:00:10 -0500
Superseded in trusty-updates on 2016-04-26
Superseded in trusty-security on 2016-04-26
dpkg (1.17.5ubuntu5.5) trusty-security; urgency=medium

  * SECURITY UPDATE: multiple security issues
    - dpkg-deb/extract.c: Fix off-by-one write access on versionbuf
      variable.
    - dpkg-deb/extract.c: Fix off-by-one write access on ctrllenbuf
      variable. (CVE-2015-0860)
    - lib/dpkg/ar.c: Fix an off-by-one read access in ar member name
      variable.
    - Thanks to Guillem Jover and Hanno Böck for the patches!

 -- Marc Deslauriers <email address hidden>  Thu, 26 Nov 2015 07:57:34 -0500

Available diffs

Superseded in precise-updates on 2016-06-23
Published in precise-security on 2015-11-26
dpkg (1.16.1.2ubuntu7.7) precise-security; urgency=medium

  * SECURITY UPDATE: multiple security issues
    - dpkg-deb/extract.c: Fix off-by-one write access on versionbuf
      variable.
    - dpkg-deb/extract.c: Fix off-by-one write access on ctrllenbuf
      variable. (CVE-2015-0860)
    - lib/dpkg/ar.c: Fix an off-by-one read access in ar member name
      variable.
    - Thanks to Guillem Jover and Hanno Böck for the patches!

 -- Marc Deslauriers <email address hidden>  Thu, 26 Nov 2015 07:40:52 -0500
Superseded in xenial-release on 2016-01-13
Deleted in xenial-proposed on 2016-01-14 (Reason: moved to release)
dpkg (1.18.3ubuntu1) xenial; urgency=medium

  * Merge from Debian testing; remaining changes in the Ubuntu delta:
    - Change native source version/format mismatch errors into warnings
      until the dust settles on Debian bug 737634 about override options.
    - Add DPKG_UNTRANSLATED_MESSAGES environment check so that higher-level
      tools can get untranslated dpkg terminal log messages while at the
      same time having translated debconf prompts.
    - Special-case arm{el,hf} ELF objects in Shlibs/Objdump.pm for multilib.
    - Map unqualified package names of multiarch-same packages to the native
      arch instead of throwing an error, so that we don't break on upgrade
      when there are unqualified names stored in the dpkg trigger database.
    - Apply a workaround from mvo to consider ^rc packages as multiarch,
      during the dpkg consistency checks. (see LP: 1015567 and 1057367).
    - Carry over Breaks/Conflicts for triggers/upgrades until post-16.04.

Available diffs

Superseded in xenial-release on 2015-10-28
Obsolete in wily-release on 2018-01-22
Deleted in wily-proposed on 2018-01-22 (Reason: moved to release)
dpkg (1.18.2ubuntu5) wily; urgency=medium

  * Pull packaging changes from 1.18.3 to fix libdir issues (LP: #1504761)
  * Fix an off-by-one write access in dpkg-deb when parsing the deb magic.
  * Fix a segfault when using «dpkg --no-act» with a synthetic --admindir.

 -- Adam Conrad <email address hidden>  Sat, 17 Oct 2015 12:47:12 -0600

Available diffs

Superseded in wily-release on 2015-10-18
Deleted in wily-proposed on 2015-10-19 (Reason: moved to release)
dpkg (1.18.2ubuntu4) wily; urgency=medium

  * Add a Breaks on software-center (<< 13.10-0ubuntu9~) for trigger loops.

 -- Adam Conrad <email address hidden>  Fri, 11 Sep 2015 11:11:01 -0600

Available diffs

Superseded in wily-release on 2015-09-14
Deleted in wily-proposed on 2015-09-15 (Reason: moved to release)
dpkg (1.18.2ubuntu3) wily; urgency=medium

  * Cherrypick fix from git to be less strict about week day parsing.
  * Extend the above to also be less strict about month name parsing.

 -- Adam Conrad <email address hidden>  Wed, 26 Aug 2015 16:39:42 -0600

Available diffs

Superseded in wily-release on 2015-08-27
Deleted in wily-proposed on 2015-08-28 (Reason: moved to release)
dpkg (1.18.2ubuntu2) wily; urgency=medium

  * Add a Breaks on dbus (<< 1.8.12-1ubuntu6~) to avoid the noawait trigger.

 -- Adam Conrad <email address hidden>  Tue, 18 Aug 2015 13:51:02 -0600

Available diffs

Superseded in wily-release on 2015-08-24
Deleted in wily-proposed on 2015-08-25 (Reason: moved to release)
dpkg (1.18.2ubuntu1) wily; urgency=medium

  * Merge with Debian unstable, bringing in a whole host of new bugfixes.

Superseded in wily-release on 2015-08-13
Deleted in wily-proposed on 2015-08-14 (Reason: moved to release)
dpkg (1.18.1ubuntu1) wily; urgency=medium

  * Merge from Debian testing; remaining changes in the Ubuntu delta:
    - Change native source version/format mismatch errors into warnings
      until the dust settles on Debian bug 737634 about override options.
    - Add DPKG_UNTRANSLATED_MESSAGES environment check so that higher-level
      tools can get untranslated dpkg terminal log messages while at the
      same time having translated debconf prompts.
    - Special-case arm{el,hf} ELF objects in Shlibs/Objdump.pm for multilib.
    - Map unqualified package names of multiarch-same packages to the native
      arch instead of throwing an error, so that we don't break on upgrade
      when there are unqualified names stored in the dpkg trigger database.
    - Apply a workaround from mvo to consider ^rc packages as multiarch,
      during the dpkg consistency checks. (see LP: 1015567 and 1057367).
  * Carry over Breaks/Conflicts for triggers/upgrades until post-16.04.

Superseded in wily-release on 2015-07-28
Obsolete in vivid-release on 2018-01-18
Deleted in vivid-proposed on 2018-01-19 (Reason: moved to release)
dpkg (1.17.25ubuntu1) vivid; urgency=medium

  * Merge with Debian, pulling in the upstream fix for CVE-2015-0840,
    a couple of updated translations, and several trivial bug fixes.
 -- Adam Conrad <email address hidden>   Fri, 10 Apr 2015 21:36:44 -0600
Superseded in vivid-release on 2015-04-11
Deleted in vivid-proposed on 2015-04-12 (Reason: moved to release)
dpkg (1.17.24ubuntu2) vivid; urgency=medium

  * SECURITY UPDATE: OpenPGP Armor Header Line parsing issue
    - scripts/Dpkg/Control/HashCore.pm: adjust whitespace parsing.
    - scripts/Makefile.*, scripts/t/Dpkg_Control.t,
      scripts/t/Dpkg_Control/bogus-armor-formfeed.dsc: added tests.
    - Patch thanks to Guillem Jover
    - CVE-2015-0840
 -- Marc Deslauriers <email address hidden>   Thu, 09 Apr 2015 11:41:14 -0400

Available diffs

Obsolete in lucid-updates on 2016-10-26
Obsolete in lucid-security on 2016-10-26
dpkg (1.15.5.6ubuntu4.10) lucid-security; urgency=medium

  * SECURITY UPDATE: OpenPGP Armor Header Line parsing issue
    - scripts/Dpkg/Control/{Hash,Package}.pm: adjust parsing logic.
    - scripts/Makefile.*, scripts/t/700_Dpkg_Control.t,
      scripts/t/700_Dpkg_Control/*: added bunch of tests.
    - Patch thanks to Guillem Jover
    - CVE-2015-0840
 -- Marc Deslauriers <email address hidden>   Thu, 09 Apr 2015 10:47:12 -0400
Superseded in precise-updates on 2015-11-26
Superseded in precise-security on 2015-11-26
dpkg (1.16.1.2ubuntu7.6) precise-security; urgency=medium

  * SECURITY UPDATE: OpenPGP Armor Header Line parsing issue
    - scripts/Dpkg/Control/{Hash,Package}.pm: adjust parsing logic.
    - scripts/Makefile.*, scripts/t/700_Dpkg_Control.t,
      scripts/t/700_Dpkg_Control/*: added bunch of tests.
    - Patch thanks to Guillem Jover
    - CVE-2015-0840
 -- Marc Deslauriers <email address hidden>   Thu, 09 Apr 2015 09:22:25 -0400
Obsolete in utopic-updates on 2016-11-03
Obsolete in utopic-security on 2016-11-03
dpkg (1.17.13ubuntu1.1) utopic-security; urgency=medium

  * SECURITY UPDATE: OpenPGP Armor Header Line parsing issue
    - scripts/Dpkg/Control/HashCore.pm: adjust whitespace parsing.
    - scripts/Makefile.*, scripts/t/Dpkg_Control.t,
      scripts/t/Dpkg_Control/bogus-armor-formfeed.dsc: added tests.
    - Patch thanks to Guillem Jover
    - CVE-2015-0840
 -- Marc Deslauriers <email address hidden>   Thu, 09 Apr 2015 08:08:57 -0400
Superseded in trusty-updates on 2015-11-26
Superseded in trusty-security on 2015-11-26
dpkg (1.17.5ubuntu5.4) trusty-security; urgency=medium

  * SECURITY UPDATE: OpenPGP Armor Header Line parsing issue
    - scripts/Dpkg/Control/HashCore.pm: adjust whitespace parsing.
    - scripts/Makefile.*, scripts/t/700_Dpkg_Control.t,
      scripts/t/700_Dpkg_Control/bogus-armor-formfeed.dsc: added tests.
    - Patch thanks to Guillem Jover
    - CVE-2015-0840
 -- Marc Deslauriers <email address hidden>   Thu, 09 Apr 2015 08:41:39 -0400
Superseded in vivid-release on 2015-04-10
Deleted in vivid-proposed on 2015-04-11 (Reason: moved to release)
dpkg (1.17.24ubuntu1) vivid; urgency=medium

  * Merge with Debian unstable, which pulls in bugfixes, and disables
    dependency checks on trigger processing, quieting trigger cycles.

Available diffs

Superseded in vivid-release on 2015-03-21
Deleted in vivid-proposed on 2015-03-23 (Reason: moved to release)
dpkg (1.17.23ubuntu1) vivid; urgency=medium

  * Merge from Debian unstable.  Remaining changes:
    - Change native source version/format mismatch errors into warnings
      until the dust settles on Debian bug 737634 about override options.
    - Add DPKG_UNTRANSLATED_MESSAGES environment check so that higher-level
      tools can get untranslated dpkg terminal log messages while at the
      same time having translated debconf prompts.
    - Special-case arm{el,hf} ELF objects in Shlibs/Objdump.pm for multilib.
    - Map unqualified package names of multiarch-same packages to the native
      arch instead of throwing an error, so that we don't break on upgrade
      when there are unqualified names stored in the dpkg trigger database.
    - Apply a workaround from mvo to consider ^rc packages as multiarch,
      during the dpkg consistency checks. (see LP: 1015567 and 1057367).
    - Bump fontconfig Breaks to match Ubuntu version; can be reverted after
      vivid ships, as the Debian Breaks version was higher than trusty's.
    - Add ureadahead to the long list of trigger-related Breaks as well.
  * Remove multiarch upgrade code from postinst, which is no longer needed.

Available diffs

Superseded in vivid-release on 2015-01-17
Deleted in vivid-proposed on 2015-01-18 (Reason: moved to release)
dpkg (1.17.21ubuntu2) vivid; urgency=medium

  * Cherry-pick from Debian (LP: #1394893)
    + Add Breaks on old man-db, fontconfig and readahead-fedora packages using
      awaiting triggers, as they produce trigger cycles. Closes: #768599
  * Modify the above to specify the version of fontconfig that included this
    change in Ubuntu, and to add ureadahead.
 -- Iain Lane <email address hidden>   Mon, 08 Dec 2014 12:09:15 +0000

Available diffs

Superseded in vivid-release on 2014-12-14
Deleted in vivid-proposed on 2014-12-15 (Reason: moved to release)
dpkg (1.17.21ubuntu1) vivid; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Change native source version/format mismatch errors into warnings
      until the dust settles on Debian bug 737634 about override options.
    - Add DPKG_UNTRANSLATED_MESSAGES environment check so that higher-level
      tools can get untranslated dpkg terminal log messages while at the
      same time having translated debconf prompts.
    - Special-case arm{el,hf} ELF objects in Shlibs/Objdump.pm for multilib.
    - Map unqualified package names of multiarch-same packages to the native
      arch instead of throwing an error, so that we don't break on upgrade
      when there are unqualified names stored in the dpkg trigger database.
    - Add logic to the postinst to `dpkg --add-architecture i386' on new
      installs on amd64, mimicking our previous behaviour with the conffile.
    - Apply a workaround from mvo to consider ^rc packages as multiarch,
      during the dpkg consistency checks. (see LP: 1015567 and 1057367).
  * drop po/pot delta that was generated by MoM
  * run touch configure configure.ac build-aux/* to ensure that timestamps
    match and automake is not invoked again

Available diffs

Superseded in vivid-release on 2014-11-03
Obsolete in utopic-release on 2016-11-03
Deleted in utopic-proposed on 2016-11-03 (Reason: moved to release)
dpkg (1.17.13ubuntu1) utopic; urgency=medium

  * Merge from Debian unstable.  Remaining changes:
    - Allow -fstack-protector on arm64 now that GCC and glibc support it.
    - Change native source version/format mismatch errors into warnings
      until the dust settles on Debian bug 737634 about override options.
    - Add DPKG_UNTRANSLATED_MESSAGES environment check so that higher-level
      tools can get untranslated dpkg terminal log messages while at the
      same time having translated debconf prompts.
    - Special-case arm{el,hf} ELF objects in Shlibs/Objdump.pm for multilib.
    - Map unqualified package names of multiarch-same packages to the native
      arch instead of throwing an error, so that we don't break on upgrade
      when there are unqualified names stored in the dpkg trigger database.
    - Add logic to the postinst to `dpkg --add-architecture i386' on new
      installs on amd64, mimicking our previous behaviour with the conffile.
    - Apply a workaround from mvo to consider ^rc packages as multiarch,
      during the dpkg consistency checks. (see LP: 1015567 and 1057367).

Available diffs

Superseded in utopic-release on 2014-08-22
Deleted in utopic-proposed on 2014-08-23 (Reason: moved to release)
dpkg (1.17.12ubuntu1) utopic; urgency=medium

  * Merge with Debian; remaining changes:
    - Change native source version/format mismatch errors into warnings
      until the dust settles on Debian bug 737634 about override options.
    - Add DPKG_UNTRANSLATED_MESSAGES environment check so that higher-level
      tools can get untranslated dpkg terminal log messages while at the
      same time having translated debconf prompts.
    - Special-case arm{el,hf} ELF objects in Shlibs/Objdump.pm for multilib.
    - Map unqualified package names of multiarch-same packages to the native
      arch instead of throwing an error, so that we don't break on upgrade
      when there are unqualified names stored in the dpkg trigger database.
    - Add logic to the postinst to `dpkg --add-architecture i386' on new
      installs on amd64, mimicking our previous behaviour with the conffile.
    - Apply a workaround from mvo to consider ^rc packages as multiarch,
      during the dpkg consistency checks. (see LP: 1015567 and 1057367).

Available diffs

Superseded in utopic-release on 2014-08-18
Deleted in utopic-proposed on 2014-08-19 (Reason: moved to release)
dpkg (1.17.10ubuntu1) utopic; urgency=medium

  * Merge from Debian unstable.  Remaining changes:
    - Allow -fstack-protector on arm64 now that GCC and glibc support it.
    - Change native source version/format mismatch errors into warnings
      until the dust settles on Debian bug 737634 about override options.
    - Add DPKG_UNTRANSLATED_MESSAGES environment check so that higher-level
      tools can get untranslated dpkg terminal log messages while at the
      same time having translated debconf prompts.
    - Special-case arm{el,hf} ELF objects in Shlibs/Objdump.pm for multilib.
    - Map unqualified package names of multiarch-same packages to the native
      arch instead of throwing an error, so that we don't break on upgrade
      when there are unqualified names stored in the dpkg trigger database.
    - Add logic to the postinst to `dpkg --add-architecture i386' on new
      installs on amd64, mimicking our previous behaviour with the conffile.
    - Apply a workaround from mvo to consider ^rc packages as multiarch,
      during the dpkg consistency checks. (see LP: 1015567 and 1057367).

Available diffs

Superseded in lucid-updates on 2015-04-09
Superseded in lucid-security on 2015-04-09
dpkg (1.15.5.6ubuntu4.9) lucid-security; urgency=medium

  * SECURITY UPDATE: arbitrary file modification via dpkg-source
    - scripts/Dpkg/Source/Patch.pm: Use a better regex for patch header
      parsing
    - 5348cbc981a65c3c9b05bb4d13553bda930c2d78
    - CVE-2014-3864
    - CVE-2014-3865
 -- Marc Deslauriers <email address hidden>   Mon, 09 Jun 2014 13:03:40 -0400
Superseded in precise-updates on 2015-04-09
Superseded in precise-security on 2015-04-09
dpkg (1.16.1.2ubuntu7.5) precise-security; urgency=medium

  * SECURITY UPDATE: arbitrary file modification via dpkg-source
    - scripts/Dpkg/Source/Patch.pm: Use a better regex for patch header
      parsing
    - 5348cbc981a65c3c9b05bb4d13553bda930c2d78
    - CVE-2014-3864
    - CVE-2014-3865
 -- Marc Deslauriers <email address hidden>   Mon, 09 Jun 2014 13:00:47 -0400
Superseded in trusty-updates on 2015-04-09
Superseded in trusty-security on 2015-04-09
dpkg (1.17.5ubuntu5.3) trusty-security; urgency=medium

  * SECURITY UPDATE: arbitrary file modification via dpkg-source
    - scripts/Dpkg/Source/Patch.pm: Use a better regex for patch header
      parsing
    - 5348cbc981a65c3c9b05bb4d13553bda930c2d78
    - CVE-2014-3864
    - CVE-2014-3865
 -- Marc Deslauriers <email address hidden>   Mon, 09 Jun 2014 12:34:57 -0400

Available diffs

Obsolete in saucy-updates on 2015-04-24
Obsolete in saucy-security on 2015-04-24
dpkg (1.16.12ubuntu1.3) saucy-security; urgency=medium

  * SECURITY UPDATE: arbitrary file modification via dpkg-source
    - scripts/Dpkg/Source/Patch.pm: Use a better regex for patch header
      parsing
    - 5348cbc981a65c3c9b05bb4d13553bda930c2d78
    - CVE-2014-3864
    - CVE-2014-3865
 -- Marc Deslauriers <email address hidden>   Mon, 09 Jun 2014 12:52:24 -0400
Superseded in precise-updates on 2014-06-10
Superseded in precise-security on 2014-06-10
dpkg (1.16.1.2ubuntu7.4) precise-security; urgency=medium

  * SECURITY UPDATE: directory traversal in dpkg-source
    - scripts/Dpkg/Source/Patch.pm: outright reject C-style filenames in
      patches
    - a12eb58959d0a10584a428f4a3103a49204c410f
    - CVE-2014-0471
 -- Marc Deslauriers <email address hidden>   Thu, 01 May 2014 08:04:51 -0400
Superseded in lucid-updates on 2014-06-10
Superseded in lucid-security on 2014-06-10
dpkg (1.15.5.6ubuntu4.8) lucid-security; urgency=medium

  * SECURITY UPDATE: directory traversal in dpkg-source
    - scripts/Dpkg/Source/Patch.pm: outright reject C-style filenames in
      patches
    - a12eb58959d0a10584a428f4a3103a49204c410f
    - CVE-2014-0471
 -- Marc Deslauriers <email address hidden>   Thu, 01 May 2014 08:05:44 -0400
Obsolete in quantal-updates on 2015-04-24
Obsolete in quantal-security on 2015-04-24
dpkg (1.16.7ubuntu6.2) quantal-security; urgency=medium

  * SECURITY UPDATE: directory traversal in dpkg-source
    - scripts/Dpkg/Source/Patch.pm: outright reject C-style filenames in
      patches
    - a12eb58959d0a10584a428f4a3103a49204c410f
    - CVE-2014-0471
 -- Marc Deslauriers <email address hidden>   Thu, 01 May 2014 08:03:52 -0400

Available diffs

Superseded in saucy-updates on 2014-06-10
Superseded in saucy-security on 2014-06-10
dpkg (1.16.12ubuntu1.2) saucy-security; urgency=medium

  * SECURITY UPDATE: directory traversal in dpkg-source
    - scripts/Dpkg/Source/Patch.pm: outright reject C-style filenames in
      patches
    - a12eb58959d0a10584a428f4a3103a49204c410f
    - CVE-2014-0471
 -- Marc Deslauriers <email address hidden>   Thu, 01 May 2014 08:02:44 -0400
Superseded in trusty-updates on 2014-06-10
Superseded in trusty-security on 2014-06-10
dpkg (1.17.5ubuntu5.2) trusty-security; urgency=medium

  * SECURITY UPDATE: directory traversal in dpkg-source
    - scripts/Dpkg/Source/Patch.pm: outright reject C-style filenames in
      patches
    - a12eb58959d0a10584a428f4a3103a49204c410f
    - CVE-2014-0471
 -- Marc Deslauriers <email address hidden>   Thu, 01 May 2014 07:59:19 -0400
Superseded in utopic-release on 2014-06-09
Deleted in utopic-proposed on 2014-06-11 (Reason: moved to release)
dpkg (1.17.9ubuntu1) utopic; urgency=medium

  * Merge with Debian unstable, fixing the testsuite's failure to fail.

Available diffs

Superseded in utopic-release on 2014-05-01
Deleted in utopic-proposed on 2014-05-02 (Reason: moved to release)
dpkg (1.17.8ubuntu1) utopic; urgency=medium

  * Merge with Debian unstable to bring in several bugfixes, including
    the hostile patch unpack directory traversal fix for CVE-2014-0471

Available diffs

Superseded in lucid-updates on 2014-05-01
Superseded in lucid-security on 2014-05-01
dpkg (1.15.5.6ubuntu4.7) lucid-security; urgency=medium

  * SECURITY UPDATE: directory traversal in dpkg-source
    - scripts/Dpkg/Source/Patch.pm: correctly parse C-style diff
      filenames.
    - Patch thanks to Guillem Jover <email address hidden>
    - CVE-2014-0471
 -- Marc Deslauriers <email address hidden>   Wed, 23 Apr 2014 19:52:02 -0400
175 of 247 results