Change logs for dpkg source package in Maverick

  • dpkg (1.15.8.4ubuntu3.1) maverick-security; urgency=low
    
      * SECURITY UPDATE: relative directory and symlink following in source pkgs.
        - scripts/Dpkg/Source/Archive.pm, scripts/Dpkg/Source/Patch.pm,
          scripts/Dpkg/Source/Package/V2.pm: applied fixes from Raphael Hertzog,
          thanks to Raphael Geissert.
        - CVE-2010-1679
     -- Kees Cook <email address hidden>   Thu, 06 Jan 2011 10:17:50 -0800
  • dpkg (1.15.8.4ubuntu3) maverick; urgency=low
    
      * scripts/Dpkg/Source/Archive.pm: Drop -k parameter from the tar call used
        by dpkg-source to extract tarballs. Upstream binary files modified by the
        packager were not properly installed due to this.  Patch courtesy of
        Raphaël Hertzog (upstream, debian git). (LP: #633015)
     -- Dave Walker (Daviey) <email address hidden>   Wed, 08 Sep 2010 10:17:20 +0100
  • dpkg (1.15.8.4ubuntu2) maverick; urgency=low
    
      * Backport from sid branch (Guillem Jover):
        - Do not print a warning when parsing status or status log files on
          half-installed packages w/o a Description or Maintainer field, as this
          happens normally when the package was never installed before
          (LP: #619135).
     -- Colin Watson <email address hidden>   Mon, 23 Aug 2010 12:07:24 +0100
  • dpkg (1.15.8.4ubuntu1) maverick; urgency=low
    
      * Resynchronise with Debian.  Remaining changes:
        - Adjust versioned emacs22 conflicts to cope with versions in Ubuntu.
        - cputable: Set cpu to i686 for arch i386.
    
    dpkg (1.15.8.4) unstable; urgency=low
    
      [ Guillem Jover ]
      * Fix use after free segfault on update-alternatives --remove-all.
        Closes: #591653, #591654
      * Always print a massage on warning when parsing control files.
      * On database parsing only warn on bogus versions previously accepted,
        the other instances will keep producing errors, to avoid newly
        introduced bogosity. Closes: #590885, #590896, #591692, #591885
      * Fix compilation on Solaris and Darwin:
        - Link update-alternatives against libintl if libc does not have i18n
          support.
        - Include <limits.h> for _POSIX_MAX_PATH in update-alternatives.
        Thanks to Fabian Groffen <email address hidden>.
    
      [ Raphaël Hertzog ]
      * Fix make -C man install so that it actually finds the manual pages
        to install. Closes: #591588
      * When analyzing the ELF format of a binary in dpkg-shlibdeps, fallback on
        usual objdump when the cross objdump failed. Closes: #591522
    
      [ Sven Joachim ]
      * Ensure removal of leftover backup .dpkg-tmp files after unpacking
        failures, when the backup is still a hard link to the original file.
        Closes: #591993
    
    dpkg (1.15.8.3) unstable; urgency=low
    
      [ Raphaël Hertzog ]
      * Fix dpkg-divert test suite to cope with + and other special characters for
        regexps in the build directory name. Thanks to Jonathan Nieder for the
        patch and to Phil Kern for the report. Closes: #591182
    
      [ Guillem Jover ]
      * Fix buffer overflow in dpkg_ar_member_put_header causing it to write the
        header to fd 0 (instead of ar_fd) depending on the stack layout, affecting
        armel. Thanks to Phil Kern for the analysis and Reinhard Tartler for the
        initial patch. Closes: #591312
     -- Colin Watson <email address hidden>   Mon, 16 Aug 2010 14:57:09 +0100
  • dpkg (1.15.8.2ubuntu4) maverick; urgency=low
    
      * Cherry-pick d9af569 from dpkg.git sid branch to fix dpkg-shlibdeps in
        cross-builds:
    
      [ Raphaël Hertzog]
      * When analyzing the ELF format of a binary in dpkg-shlibdeps, fallback on
        usual objdump when the cross objdump failed. Closes: #591522
     -- Loic Minier <email address hidden>   Thu, 12 Aug 2010 07:03:19 +0200
  • dpkg (1.15.8.2ubuntu3) maverick; urgency=low
    
      * debian/rules: Globally set $PATH instead of just for dh_builddeb, so that
        it also applies to pkg-create-dbgsym.
     -- Martin Pitt <email address hidden>   Mon, 02 Aug 2010 11:26:48 +0200
  • dpkg (1.15.8.2ubuntu2) maverick; urgency=low
    
      * Fix buffer overflow in dpkg_ar_member_put_header. Cherrypicked from trunk.
        (LP: #612457, Debian #591312)
      * debian/rules: Add build-tree/dpkg-deb to $PATH when calling dh_builddeb,
        to pull ourselves out of above swamp.
     -- Martin Pitt <email address hidden>   Mon, 02 Aug 2010 11:03:18 +0200
  • dpkg (1.15.8.2ubuntu1) maverick; urgency=low
    
      * Resynchronise with Debian.  Remaining changes:
        - Adjust versioned emacs22 conflicts to cope with versions in Ubuntu.
        - cputable: Set cpu to i686 for arch i386.
    
    dpkg (1.15.8.2) unstable; urgency=low
    
      * Bump libdpkg-perl Depends on dpkg to 1.15.8, as it will break dpkg
        versions before that when installing and removing libdpkg-perl,
        because older update-alternatives and dpkg-divert require Dpkg.pm and
        Dpkg/Gettext.pm which will disappear due to the Replaces. Closes: #590867
        Thanks to Sven Joachim <email address hidden> for the analysis.
      * Allow specifying again absolute and relative paths for dpkg-buildpackage
        -r option. Closes: #591010
    
    dpkg (1.15.8.1) unstable; urgency=low
    
      * Fix off-by-one error in update-alternatives that lead to an infinite loop
        while writing the administrative file. Closes: #590854
    
    dpkg (1.15.8) unstable; urgency=low
    
      [ Raphaël Hertzog ]
      * Add new commands --before-build and --after-build to dpkg-source
        and modify dpkg-buildpackage to call them automatically at the
        start and at the end of the process. With "3.0 (quilt)" source packages
        this ensures patches are applied even in case of binary-only builds.
        Closes: #572526
      * Merge non-regression test for Ubuntu's specificities concerning
        changelog handling. Closes: #582389
      * Fix some copy-paste mistakes in dpkg-architecture(1). Thanks to Ian Fleming
        <email address hidden> for the patch and Colin Watson for forwarding out of
        Launchpad. Closes: #582404 LP: #564308
      * Clarify description of dpkg --configure in dpkg(1). Thanks to Colin Watson
        for the patch and to Robert Persson for the report.
        Closes: #582406 LP: #77287
      * Fix the non-regression test lib/dpkg/test/t-ar.c by not overflowing the
        size of ar_name. Thanks to Colin Watson for the report, analysis and patch.
        Closes: #582401
      * Modify Dpkg::Shlibs::Objdump to use the cross objdump binary when cross
        compiling. Thanks to Loïc Minier for the initial patch. Closes: #578365
      * Make dpkg-maintscript-helper more robust when required parameters are
        missing. Closes: #582814
      * Clarify that dpkg-maintscript-helper rm_conffile needs the last version of
        the package that did not remove the obsolete conffile if this was not
        implemented at the time the file became obsolete. Closes: #582893
      * Enhance dpkg-maintscript-helper rm_conffile and mv_conffile to work
        properly when <lastversion> is not given (or is empty). Closes: #582819
      * Small fix in dpkg-gensymbols' handling of tags. Closes: #583656
        Thanks to Michael Tautschnig <email address hidden> for the report and the fix.
      * update-alternatives has been rewritten in C, the only feature change
        should be that it uses its own logfile /var/log/alternatives.log (rotated
        like dpkg.log).
      * Implement new --unapply-patches option for dpkg-source with source formats
        2.0 and 3.0 (quilt) that unapplies the patches after a successful build.
        This option can be put in debian/source/local-options in the package VCS
        repository for instance.
      * Implement new --abort-on-upstream-changes option for dpkg-source with
        source formats 1.0, 2.0 and 3.0 (quilt). It aborts every time that you try
        to build a source package which contains (unmanaged) changes to the
        upstream source code. Closes: #579012
      * dpkg-source now captures the output of patch and prints it on error so
        that the user can better diagnose what went wrong. Closes: #575304
      * Fix Dpkg::Changelog to cope properly with an entry of version "0".
        Add non-regression test for this. Closes: #587382
      * Add --export command to dpkg-buildflags to be used in shell with eval.
      * Modify source format "3.0 (git)" to use git bundles. Thanks to Joey Hess
        for the patch.
        The usage of git bundle avoids distributing cruft. Closes: #477954
        It's no longer needed to tell which branch contains the debian packaging,
        it uses automatically the one that was used at build-time. Closes: #534637
      * Pass --no-name option to gzip to avoid encoding the timestamp in the file
        so that the result is more predictable. Closes: #587724
        Also pass --rsyncable to make source packages more rsync friendly.
      * Replace dpkg-source's tar ignore pattern "*~" with "*/*~" to avoid
        matching on the top level directory. Closes: #588265
      * In source formats "2.0" and "3.0 (quilt)", make sure to remove the
        upstream-provided debian directory before copying the debian-provided
        version of that directory in place. Closes: #590297
    
      [ Guillem Jover ]
      * Require gettext 0.18:
        - Remove embedded gettext files from the repository, now properly
          installed by autopoint for all po/ directories.
        - Add versioned Build-Depends.
      * Fix variable usage after delete in dselect.
      * Change default configure admindir to LOCALSTATEDIR/lib/dpkg from
        LOCALSTATEDIR/dpkg, so that we can use a correct --localstatedir=/var.
      * Add two new dpkg options --path-exclude and --path-include for filtering
        files on package installation. This allows embedded systems to skip
        /usr/share/doc, manpages, etc. Based on work from Tollef Fog Heen and
        Martin Pitt, thanks! Closes: #68788, #68861, #497304, #525567, #583902
      * Remove obsolete internal status aliases “postinst-failed” for
        stat_halfconfigured and “removal-failed” for stat_halfinstalled.
      * Check version syntax when parsing it from libdpkg based programs.
        Closes: #574704
      * Rewrite mksplit in C, and merge it into dpkg-split.
      * Rewrite dpkg-divert in C.
      * Use linux-any wildcard for libselinux1-dev Build-Depends instead of
        using a list of negated architectures.
      * Use Breaks instead of Conflicts in dpkg, dpkg-dev and libdpkg-perl binary
        packages.
      * Move Dpkg.pm and Dpkg/Gettext.pm from dpkg to libdpkg-perl.
      * Bump Standards-Version to 3.9.1.
      * Detect when another process has locked the database, and mention that
        problematic dpkg --audit results might be due to ongoing operations.
        Closes: #80252
      * Add new dpkg --force-confask option that forces a conffile prompt when
        the conffile from the new package does not differ from the previous one.
        Thanks to Henning Makholm <email address hidden>. Closes: #102609
      * On dpkg-divert --rename, check if the source file exists, and disable
        renaming if it does not. Closes: #550252
        As a side effect, this avoids useless errors when the destination
        directory is not existent or writable. Closes: #581544
      * Properly compute the longest package description from all to be displayed
        on “dpkg-query --list”, so that it does not get incorrectly trimmed.
      * Consistently use earlier/later instead of smaller/bigger when describing
        comparison relationships. Closes: #587641
      * Stop exporting DPKG_LIBDIR to maintainer scripts, no need for it anymore.
      * Assign correct SE Linux label on non-regular files. Based on a patch by
        Russell Coker <email address hidden>. Closes: #587949
      * Add -F option to dpkg-buildpackage to be able to explicitly specify a
        normal full build and combine it with -nc. Closes: #547993
      * Add missing mentions of the Breaks field alongside the other fields
        sharing the same syntax in deb-control(5).
        Thanks to Osamu Aoki <email address hidden>. Closes: #590472
    
      [ Updated programs translations ]
      * Catalan (Guillem Jover).
      * German (Sven Joachim).
      * Russian (Yuri Kozlov). Closes: #579149
      * Swedish (Peter Krefting).
    
      [ Updated man page translations ]
      * German (Helge Kreutzmann).
      * Russian (Yuri Kozlov). Closes: #579149
      * Spanish (Omar Campagne).
      * Swedish (Peter Krefting).
    
      [ New scripts translation ]
      * Spanish (Omar Campagne).
    
      [ Updated scripts translations ]
      * French (Christian Perrier).
      * German (Helge Kreutzmann). Improved by Holger Wansing.
      * Russian (Yuri Kozlov). Closes: #579149
      * Swedish (Peter Krefting).
     -- Colin Watson <email address hidden>   Sun, 01 Aug 2010 16:53:42 -0500
  • dpkg (1.15.7.2ubuntu2) maverick; urgency=low
    
      * Backport support for the file filtering feature as per the mobile team's
        request. Add two new dpkg options --path-exclude and --path-include
        (Upstream commit 4694cd64) and two followup bug fixes (commits 58b91fbb
        and f008d677).
     -- Martin Pitt <email address hidden>   Mon, 28 Jun 2010 10:23:45 +0200
  • dpkg (1.15.7.2ubuntu1) maverick; urgency=low
    
      * Resynchronise with Debian.  Remaining changes:
        - Adjust versioned emacs22 conflicts to cope with versions in Ubuntu.
        - Implement handling of hardening-wrapper options via DEB_BUILD_OPTIONS.
        - cputable: Set cpu to i686 for arch i386.
      * Drop change to output a newline after a postinst is run; this is
        probably not going to be merged in Debian and it's not worth carrying a
        delta for this.
      * Drop remnants of fixes for duplicate close/closedir calls; what's left
        no longer appears to make any practical difference, since the duplicate
        calls will at worst simply return EBADF/EINVAL.
      * libdpkg: Fix buffer overflow in ar test.
    
    dpkg (1.15.7.2) unstable; urgency=low
    
      [ Raphaël Hertzog ]
      * Update dpkg-buildflags to respect $XDG_CONFIG_HOME and to use
        $XDG_CONFIG_HOME/dpkg/buildflags.conf by default.
      * Update deb-substvars(5) to codify how variables containing multiple
        lines must be managed.
      * Fix boolean evaluation of Dpkg::Version so that version 0 evaluates to
        false and dpkg-shlibdeps can strip the minimal version specification.
        Closes: #579724
        Document this behaviour in the API and add non-regression test to ensure
        it's kept.
      * Let dpkg-buildflags error out when a required parameter is missing.
        Closes: #579722
      * Add Bug-Ubuntu field in DEP-3 template provided in the automatic header
        of patches in 3.0 (quilt) source packages. Thanks to Benjamin Drung
        <email address hidden> for the patch. Closes: #578002
      * Update deb-override(5) by removing references to usage of sections
        to place the packages on the mirrors and by indicating that the Debian
        policy offers a list of allowed values for section and priority.
        Closes: #575410
      * Update reference to triggers.txt.gz in dpkg-trigger(1) and deb-triggers(5)
        to match the new location. Closes: #580774
      * Drop mention of PKG_CONFIG_LIBDIR in dpkg-buildpackage(1), the feature has
        been removed in 1.15.6.
      * Rename /usr/lib/dpkg/maintscript-helper into
        /usr/bin/dpkg-maintscript-helper, it is a public interface even if working
        around known limitations.
      * Add "supports" command to dpkg-maintscript-helper to ensure the wanted
        command is supported before calling it.
    
      [ Guillem Jover ]
      * Add powerpcspe support to ostable and triplettable.
        Thanks to Sebastian Andrzej Siewior <email address hidden> and
        Kyle Moffett <email address hidden>. Closes: #568123, #575158
      * Fix dpkg --root by properly stripping again the root directory from the
        path of the maintainer script to execute. Closes: #580984
      * On Linux use sync() instead of an fsync() per file on deferred extraction,
        to workaround performance degradation on ext4. Closes: #578635
    
      [ Gerfried Fuchs ]
      * Fix syntax error in dpkg-name. Closes: #581315
    
    dpkg (1.15.7.1) unstable; urgency=low
    
      * Fix dpkg-source -b (without -i) for source packages 1.0. Closes: #578693
        It was erroneously ignoring all changes because the ignore regex was
        wrong (due to the change to ignore debian/source/local-options).
      * Add missing call to textdomain() in dpkg-mergechangelogs to make
        translations work.
    
    dpkg (1.15.7) unstable; urgency=low
    
      [ Raphaël Hertzog ]
      * Clarify the plan concerning dpkg-source, debian/source/format and
        the default source format in dpkg-source(1). Add a warning
        in dpkg-source to invite people to always create debian/source/format.
        We deprecate the fallback to "1.0" (it's there for backwards compatibility
        only) and debian/source/format is going to be mandatory at some point in
        the future. Closes: #553928
      * Add .gitattributes to list of files ignored by dpkg-source.
      * Document most common warnings and errors of dpkg-source in its manual
        page.
      * Let dpkg-source read options from debian/source/local-options as well but
        do not include that file in the generated source package.
      * Improve explanation of --all option in dpkg-parsechangelog(1). Thanks to
        Jari Aalto. Closes: #575706
      * Fix dpkg to not lose package metadata on filesystems where readdir()
        returns new files added after the opendir() call, btrfs in particular
        triggered the problematic behaviour. Closes: #575891
      * Tigthen the regex used by dpkg-source to match the component name of
        supplementary tarballs so that undercore (_) are not allowed as it was
        supposed to be.
      * Introduce a new script called dpkg-buildflags: its purpose is to retrieve
        compilation flags and it should be used within debian/rules to pass
        the right compilation flags to the build process. dpkg-builpackage still
        exports them to not break packages currently relying on them but packages
        should now start using dpkg-buildflags instead. Closes: #560070
      * For Ubuntu set default value of LDFLAGS to -Wl,-Bsymbolic-functions.
      * Cleanup some old Conflicts/Replaces, thanks to Helge Kreutzmann.
      * Modify dselect to treat all unknown package as known and marked for purge.
        This is a temporary work-around so that dselect doesn't try to reinstall
        packages of priority > standard that were removed or not installed. Thanks
        to Robert Luderda for the patch. Closes: #559519, #556889
      * dpkg now exports DPKG_MAINTSCRIPT_NAME to maintainer scripts with the
        type of maintainer script currently running (preinst, postinst, prerm,
        postrm). Closes: #546577
      * dpkg now exports DPKG_LIBDIR to maintainer scripts pointing to the
        private directory containing internal programs like the upcoming
        maintscript-helper.
      * Add $DPKG_LIBDIR/maintscript-helper program that can be used in
        maintainer scripts to perform common operations working around
        current dpkg limitations: first version supports removing obsolete
        conffiles and renaming conffiles. Closes: #514316
      * Fix "dpkg-scansources -e", it was calling a non-existing function.
        Closes: #578162
      * Add new script dpkg-mergechangelogs to do 3-way merges of Debian
        changelogs. Add libalgorithm-merge-perl to Recommends for the
        benefit of this script.
    
      [ Colin Watson ]
      * Modern tar files typically use NormalFile1 rather than NormalFile0 for
        file objects. A typo meant that the former never triggered rename
        deferral. Closes: #577756
      * Use the new list of files on rename deferral instead of old one, so that
        newly added files get installed.
    
      [ Guillem Jover ]
      * Report deferred trigger errors on status-fd. Closes: #574599
        Thanks to Michael Vogt <email address hidden>.
      * When creating hard links to normal files on extraction use the .dpkg-new
        filename for source as the file is not yet in place due to the rename
        deferral. Thanks to Colin Watson for the initial patch.
      * Do not output the Package-Type field on udeb.
      * Fix versioned Replaces to not produce file overwrite errors on downgrades.
        Closes: #568566
      * Fix installation of replaced and replacing packages in reverse order
        (first the replacing then the replaced) for which the replaced package
        is supposed to get disappeared, to disappear the correct package and not
        lose track of the ownership of the replaced files.
    
      [ Updated dpkg translations ]
      * German (Sven Joachim).
    
      [ Updated dselect translations ]
      * German (Sven Joachim).
    
      [ Updated man page translations ]
      * German (Helge Kreutzmann).
    
      [ Updated scripts translations ]
      * German (Helge Kreutzmann).
    
    dpkg (1.15.6.1) experimental; urgency=low
    
      [ Guillem Jover ]
      * Fix two memory leaks introduced in 1.15.6.
      * Always use C99 variadic macros, as the build requires them anyway, we
        avoid exposing the configure variable HAVE_C99 on installed headers.
      * Use __attribute__ keyword depending on compiler support, we avoid
        exposing the configure variable HAVE_C_ATTRIBUTE on installed headers.
      * Do not allow a --retry schedule in start-stop-daemon where forever is
        the last item, as it needs something to repeat over. Closes: #570938
      * Show dselect dependency/conflicts resolution screen again, by switching
        the code to use STL's min() and max() instead of preprocessor macros, to
        avoid multiple evaluation of arguments. Regression introduced in 1.15.6.
        Based on a patch by Robert Luberda <email address hidden>. Closes: #574816
      * Defer the fsync and rename for normal files in tar extraction so that
        it's done in one pass afterwards, to avoid massive I/O degradation due to
        the serialization from each write + fsync. This restores extraction times
        to numbers closer to the ones before the fsync patch introduced in 1.15.6.
    
      [ Raphaël Hertzog ]
      * Accept source packages without "Format" field for compatibility with very
        old source packages. Thanks to Colin Watson for the report and the patch.
        Closes: #574097
    
      [ Updated dpkg translations ]
      * French (Christian Perrier).
      * Swedish (Peter Krefting).
    
      [ Updated scripts translations ]
      * Swedish (Peter Krefting).
    
    dpkg (1.15.6) experimental; urgency=low
    
      [ Raphaël Hertzog ]
      * debian/control: Add the accent on my first name.
      * Perl API cleanup:
        - rename Dpkg::Deps dump() methods into output([$fh]), overload string
          representation ("$dep") to provide the result of $dep->output()
        - prefix public functions in Dpkg::Deps with deps_ and export them
          by default
        - rename Dpkg::Source::Compressor in Dpkg::Compression::Process
        - rename Dpkg::Source::CompressedFile in Dpkg::Compression::FileHandle
          and completely redesign its API
        - update Dpkg::Compression's API to use compression_* functions
          instead of granting direct access to variables, integrate
          there management of default compression
        - introduce Dpkg::Interface::Storable and update many modules
          to make use of it
        - update Dpkg::BuildOptions to provide an object-oriented interface
        - update Dpkg::Checksums to provide an object-oriented interface
      * Drop debian-maintainers from Suggests since it's obsolete, the
        corresponding keyring is in debian-keyring.
      * Merge support of symbol patterns in dpkg-gensymbols. Thanks to
        Modestas Vainius for his work (see further for more details).
      * Accept filename with spaces and colon in the output of objdump.
        Required so that dpkg-shlibdeps support such files properly.
        Thanks to Raphaël Geissert for the patch. Closes: #565712
      * When unpacking a "3.0 (quilt)" source package, tell quilt where
        patches are (to be) stored. Requires quilt >= 0.48-5 to work.
        Closes: #557619
      * Fix update-alternatives to not try to reinstall an unknown alternative
        when the link group is broken, instead switch to the best choice in
        automatic mode. Closes: #566406
      * Don't return duplicate bug numbers in Launchpad-Bugs-Fixed:.
        Thanks to Brian Murray <email address hidden> for the report
        and the patch. Closes: #569618
      * Add $VERSION numbers to all perl modules. Closes: #465256
        1.00 and higher means that the API should be stable
      * While parsing diff's output, accept any sentence that contains the word
        differ (as specified by POSIX) to identify that binary files could not be
        compared. Closes: #570008
      * dpkg-gencontrol does no longer accept arch-specific dependencies in
        arch: all packages. Closes: #560071
      * dpkg-gencontrol no longer warns if a substitution variable provided by -V
        is not used (the warning is meant to catch unused substitutions coming
        from the file, those are package specific with debhelper). Closes: #557133
      * dpkg-gencontrol now indicates which package is concerned by the substvars
        warning that it displays. Closes: #566837
      * dpkg-buildpackage now supports options --source-option=<opt> and
        --changes-option=<opt> to forward arbitrary options to dpkg-source and
        dpkg-genchanges respectively. Closes: #566230
      * The -T option of dpkg-{source,gencontrol,genchanges} can now be used
        multiple times to read substitution variables from multiple files.
        Closes: #363323
      * dpkg-source now supports an option --create-empty-orig in formats
        "2.0" and "3.0 (quilt)" to auto-create the main original tarball when
        there are supplementary tarballs. This makes it easier to bundle
        multiple software together. Closes: #554488
      * dpkg-source supports long option names --diff-ignore and --tar-ignore for
        -i and -I. A new option --extend-diff-ignore is introduced. Those options
        can thus now be used in debian/source/options.
      * Generate manual pages for perl modules.
      * Introduce the libdpkg-perl package and clarify its status in README.api.
      * Update Standards-Version to 3.8.4 (no changes needed).
      * Drop unused lintian override for arch-dep-package-has-big-usr-share on
        dselect.
      * The rewritten Dpkg::Checksums deals properly with filenames with
        spaces. Closes: #572030
      * dpkg-source does no longer fallback to other source formats if the
        requested one is not usable. Closes: #557459
      * Modify dpkg-source to error out when it would apply patches containing
        insecure paths (with "/../") and also error out when it would apply a
        patch through a symlink. Those checks are required as patch will happily
        modify files outside of the target directory and unpacking a source package
        should not be able to have any side-effect outside of the target
        directory. Fixes CVE-2010-0396.
      * Also error out when the quilt series contains a path with "/../" as this
        can cause patch to create files outside of the source package due
        to the -B .pc/$path option that it gets.
    
      [ Guillem Jover ]
      * Handle argument parsing in dpkg-checkbuilddeps and dpkg-scanpackages
        in a way consistent with the rest of the tools.
      * Recognize --help in addition to -h in dpkg-checkbuilddeps.
      * Add a --version option to dpkg-checkbuilddeps.
      * Improve and mark more messages in writedb() to make translators lifes
        easier. Closes: #408525
      * Improve update-alternatives --display output to use two leading spaces
        for current link and slave information. Use single quotes for both “best”
        and the alternative it's pointing to. Closes: #549167
      * Refer to “half configured” instead of “failed config” in «dpkg-query -l»
        header and dselect package status printing for consistency.
      * Make “dpkg-statoverride --quiet” actually do something, and quiesce
        most of the inoquous warning messages. Closes: #403211
      * Make “dpkg-statoverride --update --add” fail if it cannot update the
        mode and owner of the file. This would fail later on when dpkg itself
        applies the overrides, so better to signal this earlier.
      * Add sparc64 to cputable. Thanks to Aurelien Jarno <email address hidden>.
        Closes: #560010
      * Do not allow diverting a file to itself, which makes the file to get
        removed. Closes: #312206
      * Make the check for duplicate fields in a stanza in libdpkg actually work,
        which now makes it fatal, as was intended originally. This should not
        cause problems for anything using dpkg-dev to build packages as those
        are already fatal on that case.
      * Add new deb-split(5) man page.
      * Fix misspellings of “explicitly” all over the place.
      * Normalize ar member names when reading (removing trailing spaces and
        slash), this allows deb-split packages be created with GNU ar.
      * Validate compression level on dpkg-deb argument parsing.
      * Fix error handling, clean up and refactor compression code.
        Thanks to Jonathan Nieder for several of the patches.
      * Do not print unambiguous epoch on dpkg file overwrite error.
      * Rename Dpkg::IPC::fork_and_exec() to Dpkg::IPC::spawn().
      * Change dpkg-dev to Depend on perl instead of perl5 and perl-modules.
      * Fix small memory leaks related to scandir() in dpkg-deb and libdpkg.
      * Fix dpkg-query and dpkg-trigger to actually print a version on --version.
      * Always spawn a new shell on conffile prompt, instead of supporting
        self backgrounding, remove DPKG_NO_TSTP environment variable support.
        Closes: #38334
      * Set DPKG_SHELL_REASON, DPKG_CONFFILE_OLD and DPKG_CONFFILE_NEW environment
        variables when spawning a shell for conffile examination. Closes: #60329
        Thanks to Daniel Martin <email address hidden> for the idea.
      * Add support for disabling update-alternatives at configure time using
        --withouth-update-alternatives.
      * Add support for disabling install-info at configure time using
        --withouth-install-info.
      * Update debian/copyright.
      * Use Debian instead of ‘Debian GNU/Linux’ when referring to the
        distribution.
      * On dpkg --no-act with --install, --unpack or --record-avail, and
        dpkg-deb --info or --field use mkdtemp() to create a temporary directory
        instead of insecure tempnam() or tmpnam() functions.
      * Remove --license and --licence options from tools.
      * Securely remove newly installed files when rolling-back a failed unpack.
      * Change default lzma compression level from 9 to 6.
        Thanks to Jonathan Nieder for the initial patch.
      * Add support for xz compressed data.tar member of binary packages. Add
        xz-utils to dpkg's Pre-Depends. Closes: #542160
        Thanks to Jonathan Nieder for the initial patch.
      * Use xz command to handle lzma compressed files in dpkg and dpkg-dev.
        This removes the lzma package from both dpkg and dpkg-dev dependencies.
      * Do not set PKG_CONFIG_LIBDIR in dpkg-buildpackage when cross-building.
        The proper solution to this is to let the build system choose the
        appropriate pkg-config binary for the build or host system in the same
        way pkg.m4 is handling it now. Closes: #551118
      * Dynamically link against all external libraries. This includes libbz2
        and zlib for dpkg-deb and and libselinux for dpkg on GNU/Linux.
      * Mark the libdpkg.a API as volatile and require any possible users to set
        LIBDPKG_VOLATILE_API to acknowledge that fact.
      * Add a new libdpkg-dev package with the headers and the static library,
        although its API should be considered volatile.
      * Reorganize the doc contents that goes into each package:
        - README.multicd only in dselect.
        - README.api only in development packages, dpkg-dev and libdpkg-dev.
        - triggers.txt only in dpkg-dev.
      * Move source.lintian-overrides to debian/source/lintian-overrides.
      * Switch SE Linux support to explicitly set path context. This fixes the
        mislabeling of files under <admindir> on conffile extraction or on unpack
        errors, due to improper default context restoration. Closes: #498438
      * Use FIEMAP when available (on Linux based systems) to sort the .list
        files loading order. With a cold cache it improves up to a 70%.
        Thanks to Morten Hustveit <email address hidden>.
      * When FIEMAP is not available use posix_fadvise() to start preloading the
        .list files before loading them. With a cold cache it improves up to 40%.
        Thanks to Stefan Fritsch <email address hidden>. Closes: #557560
      * Call fsync(2) after writting files on disk, to get the atomicity
        guarantees when doing rename(2). Based on a patch by
        Jean-Baptiste Lallement <email address hidden>.
        Closes: #430958
      * Call fsync(2) on database directories after creating, renaming or
        unlinking files, to guarantee the new file entry is correctly listed
        in the directory. Base on a patch by
        Jean-Baptiste Lallement <email address hidden>.
      * Document in the man page the effects of setting TMPDIR for dpkg and
        dpkg-deb, HOME for dselect and dpkg and PAGER for dpkg. Closes: #572836
      * Document the exit codes for dpkg-query. Closes: #571798
      * Document “dpkg-query -l” abbreviated state information in the man page.
        Based on a patch by Marc-Jano Knopp <email address hidden>.
        Closes: #383869
      * Honour LINGUAS environment variable when installing translated man pages.
      * Allow disabling at configure time Unicode ncurses support for dselect.
        Based on a patch by Yuri Vasilevski <email address hidden>.
    
      [ Modestas Vainius ]
      * Implement symbol patterns (Closes: #563752). From now on, it is possible to
        match multiple symbols with a single entry in the symbol file template.
        While the concept is not new (wildcards also match multiple symbols),
        patterns cover much more ground and are a lot more flexible. Together with
        the framework, 3 basic pattern types are supported:
        - c++ - matching C++ symbols by their demangled name (as emitted by
          c++filt);
        - symver - matching by symbol version. It replaces the wildcards feature
          which is still supported for backwards compatibility but is reimplemented
          on top of the new framework;
        - regex - matching symbol names with perl regular expression.
        Basic patterns may be combined where it makes sense.
      * As a positive side effect of the new symbol patterns implementation,
        patterns are now treated like normal symbols whenever possible, e.g. a
        pattern is MISSING if it does not match anything. As a result,
        dpkg-gensymbols is now able to detect NEW/MISSING symbols when patterns are
        present in the symbol file (Closes: #541464). Please note, however, that
        there is no way to detect symbol changes in the pattern match sets.
      * Add source version to the dpkg-gensymbols diff label, reformat it according
        to the rules of dpkg-name.
      * Add -a<arch> option to dpkg-gensymbols.
      * Add -q option to dpkg-gensymbols. -c0 will never fail but still generate a
        diff. Use -c0 -q to keep dpkg-gensymbols completely quiet as before
        (Closes: #568228).
    
      [ Jonathan Nieder ]
      * Fix a file handle leak in “dpkg-deb --info”. Thanks to Raphael Geissert
        for the report and patch.
    
      [ Helge Kreutzmann ]
      * Add dpkg-gensymbols.1 to the translatable man page set.
    
      [ Updated dpkg translations ]
      * Catalan (Guillem Jover).
      * French (Christian PERRIER).
      * German (Sven Joachim).
      * Italian 'Milo Casagrande). Closes: #567531
      * Simplified Chinese (Aron Xua). Closes: #558794
      * Slovak (Ivan Masár). Closes: #559269
      * Swedish (Peter Krefting).
    
      [ Updated dselect translations ]
      * Catalan (Guillem Jover).
      * French (Christian Perrier).
      * German (Sven Joachim).
      * Spanish (Javier Fernández-Sanguino). Closes: #572861
      * Swedish (Peter Krefting).
    
      [ Updated man page translations ]
      * French (Christian Perrier): correcting inconsistencies for the translation
        of "original" here and there. Thanks to Julien Valroff for pointing this.
      * German (Helge Kreutzmann).
      * Swedish (Peter Krefting).
    
      [ Updated scripts translations ]
      * Catalan (Guillem Jover).
      * French (Christian PERRIER).
      * German (Helge Kreutzmann).
      * Swedish (Peter Krefting).
     -- Colin Watson <email address hidden>   Thu, 20 May 2010 15:41:52 +0100
  • dpkg (1.15.5.6ubuntu5) maverick; urgency=low
    
      * cputable: Set cpu to i686 for arch i386.
     -- Matthias Klose <email address hidden>   Tue, 18 May 2010 12:48:26 +0200
  • dpkg (1.15.5.6ubuntu4) lucid; urgency=low
    
      * Backport from upstream:
        - Restore fsync during package unpack (LP: #559915).  This is now done
          by deferring the fsync and rename for normal files in tar extraction
          so that it's done in one pass afterwards, to avoid massive I/O
          degradation due to the serialization from each write + fsync.  When
          creating hard links to normal files on extraction use the .dpkg-new
          filename for source as the file is not yet in place due to the rename
          deferral.
        - Fix dpkg to not lose package metadata on filesystems where readdir()
          returns new files added after the opendir() call, btrfs in particular
          triggered the problematic behaviour. Closes: #575891
        - Report deferred trigger errors on status-fd. Closes: #574599,
          LP: #540252
          Thanks to Michael Vogt <email address hidden>.
     -- Colin Watson <email address hidden>   Thu, 15 Apr 2010 12:38:50 +0100