Copied from
ubuntu utopic in
Primary Archive for Ubuntu
by William Grant
Changelog
dpkg (1.17.10ubuntu1) utopic; urgency=medium
* Merge from Debian unstable. Remaining changes:
- Allow -fstack-protector on arm64 now that GCC and glibc support it.
- Change native source version/format mismatch errors into warnings
until the dust settles on Debian bug 737634 about override options.
- Add DPKG_UNTRANSLATED_MESSAGES environment check so that higher-level
tools can get untranslated dpkg terminal log messages while at the
same time having translated debconf prompts.
- Special-case arm{el,hf} ELF objects in Shlibs/Objdump.pm for multilib.
- Map unqualified package names of multiarch-same packages to the native
arch instead of throwing an error, so that we don't break on upgrade
when there are unqualified names stored in the dpkg trigger database.
- Add logic to the postinst to `dpkg --add-architecture i386' on new
installs on amd64, mimicking our previous behaviour with the conffile.
- Apply a workaround from mvo to consider ^rc packages as multiarch,
during the dpkg consistency checks. (see LP: 1015567 and 1057367).
dpkg (1.17.10) unstable; urgency=medium
[ Guillem Jover ]
* Use libtool to build the static libraries, which makes it possible to
embed libcompat inside libdpkg, as required by some external programs
linking against the latter. Closes: #746122
* Fix word wrapping logic in dselect. Regression introduced in dpkg 1.17.3.
* Fix possible out of bounds buffer read access in the error output on
bogus ar member sizes.
* Fix memory leaks in buffer_copy() on error conditions.
* Test suite:
- Improve C code coverage.
- Add template test cases for most perl modules.
- Add test cases for Dpkg::Deps OR relationships.
- Add minimal test case for Dpkg::Source::Quilt.
- Add test cases for Dpkg::Source::Patch CVE-2014-0471 and CVE-2014-3127.
- Add test case for patch disabling hunks; not security sensitive.
* Fix non-security sensitive TOCTOU race in triggers database loading.
* Fix non-security sensitive TOCTOU race in update-alternative alternative
database loading.
* Fix non-security sensitive TOCTOU race in update-alternative rename code.
* Add a workaround to start-stop-daemon for bogus OpenVZ Linux kernels that
prepend, instead of appending, the " (deleted)" marker in /proc/PID/exe.
Closes: #731530
* Move dpkg-architecture -L argument to the Commands --help output section.
* Make dpkg-maintscript-helper print only once that we are moving a
conffile, and not on every interim state transition. Closes: #747370
* Do not use global match variables in perl code.
* Man pages:
- Attempt to clarify and improve wording of some strange or confused
constructs. Reported by Helge Kreutzmann.
- Expand Vcs-* field names into each supported field name in
deb-src-control(5) to make it easier to search for them.
- Change control.tar.gz reference to simply control.tar in deb(5).
- Document in dpkg-deb(1) -Z option that bzip2 and lzma are deprecated.
- Add notes in dpkg-gensymbols(1) about symbol backward-compatibility.
Based on a patch by Bernhard R. Link <email address hidden>.
Closes: #746973
- Document that dpkg-buildpackage(1) -j argument is optional.
- Add current and deprecated media types to deb(5).
- Document in dpkg(1) that --audit now does more than just searching for
partially installed packages.
* Add support for automatic parallel job selection in dpkg-buildpackage,
matching currently active processors, when using -jauto. Closes: #748012
* Perl modules:
- Bump $VERSION for Dpkg::Patch, missed in 1.16.1.
- Bump $VERSION for Dpkg::Deps, missed in 1.17.0.
- Update and fix CHANGES POD sections for public modules.
- Add missing Dpkg::Deps::Multiple profile_is_concerned() and
reduce_profiles() methods, inherited by Dpkg::Deps::Union,
Dpkg::Deps::AND and Dpkg::Deps::OR.
* Do not mangle quilt series files with a missing newline on the last line.
Closes: #584233
* Quiesce tar warnings in cron job by redirecting stderr to /dev/null, as
it seems --warning=none does not work correctly. Closes: #748544
* Do not emit a trailing space from Dpkg::Control::Hash on a field's empty
first line. Bump dpkg-dev Breaks on devscripts to 2.14.4, as previous
versions expect a trailing space from dpkg-parsechangelog output.
Based on a patch by Johannes Schauer <email address hidden>. Closes: #749044
* Do not assume that sensible-editor is present on «dpkg-source --commit»,
as that command is very Debian specific. Fallback to try VISUAL, EDITOR,
or vi, if the previous commands are either unset or not found.
* Use badusage() instead of ohshit() on dpkg --ignore-depends argument
parsing errors.
* Add per package dpkg --audit support.
* Add support for DragonFlyBSD to ostable and triplettable.
Thanks to Hleb Valoshka <email address hidden>.
* Add support for DragonFlyBSD to start-stop-daemon. Closes: #734452
Based on a patch by Hleb Valoshka <email address hidden>.
* Correctly parse patch headers in Dpkg::Source::Patch, to avoid directory
traversal attempts from hostile source packages when unpacking them.
Reported by Javier Serrano Polo <email address hidden> as an unspecified
directory traversal; meanwhile also independently found by me both
#749183 and what was supposed to be #746498, which was later on published
and ended up being just a subset of the other non-reported issue.
Fixes CVE-2014-3864 and CVE-2014-3865. Closes: #746498, #749183
[ Updated programs translations ]
* Catalan (Guillem Jover).
* Italian (Milo Casagrande). Closes: #750105
[ Updated scripts translations ]
* German (Helge Kreutzmann).
[ Updated manpages translations ]
* German (Helge Kreutzmann).
[ Raphaël Hertzog ]
* Let dpkg-source unpack additional tarballs in a deterministic order.
Thanks to Samuel Bronson for the report. Closes: #747148
-- Adam Conrad <email address hidden> Mon, 09 Jun 2014 12:18:09 -0600