[ubuntu/lucid] dpkg 1.15.5.6ubuntu2 (Accepted)
Colin Watson
cjwatson at ubuntu.com
Thu Mar 11 00:50:40 GMT 2010
dpkg (1.15.5.6ubuntu2) lucid; urgency=high
* Backport from upstream:
- Use FIEMAP when available (on Linux based systems) to sort the .list
files loading order. With a cold cache it improves up to a 70%.
Thanks to Morten Hustveit <morten at debian.org>. LP: #442114
- Call fsync(2) after writing files on disk, to get the atomicity
guarantees when doing rename(2). Based on a patch by Jean-Baptiste
Lallement <jeanbaptiste.lallement at gmail.com>.
Closes: #430958, LP: #512096
* Security fixes by Raphaël Hertzog, also backported from upstream
(CVE-2010-0396):
- Modify dpkg-source to error out when it would apply patches containing
insecure paths (with "/../") and also error out when it would apply a
patch through a symlink. Those checks are required as patch will
happily modify files outside of the target directory and unpacking a
source package should not be able to have any side-effect outside of
the target directory. LP: #532445
- Also error out when the quilt series contains a path with "/../" as
this can cause patch to create files outside of the source package due
to the -B .pc/$path option that it gets.
Date: Thu, 11 Mar 2010 00:34:28 +0000
Changed-By: Colin Watson <cjwatson at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Colin Watson <cjwatson at canonical.com>
https://launchpad.net/ubuntu/lucid/+source/dpkg/1.15.5.6ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 11 Mar 2010 00:34:28 +0000
Source: dpkg
Binary: dpkg dpkg-dev dselect
Architecture: source
Version: 1.15.5.6ubuntu2
Distribution: lucid
Urgency: high
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Colin Watson <cjwatson at ubuntu.com>
Description:
dpkg - Debian package management system
dpkg-dev - Debian package development tools
dselect - Debian package management front-end
Closes: 430958
Launchpad-Bugs-Fixed: 442114 512096 532445
Changes:
dpkg (1.15.5.6ubuntu2) lucid; urgency=high
.
* Backport from upstream:
- Use FIEMAP when available (on Linux based systems) to sort the .list
files loading order. With a cold cache it improves up to a 70%.
Thanks to Morten Hustveit <morten at debian.org>. LP: #442114
- Call fsync(2) after writing files on disk, to get the atomicity
guarantees when doing rename(2). Based on a patch by Jean-Baptiste
Lallement <jeanbaptiste.lallement at gmail.com>.
Closes: #430958, LP: #512096
* Security fixes by Raphaël Hertzog, also backported from upstream
(CVE-2010-0396):
- Modify dpkg-source to error out when it would apply patches containing
insecure paths (with "/../") and also error out when it would apply a
patch through a symlink. Those checks are required as patch will
happily modify files outside of the target directory and unpacking a
source package should not be able to have any side-effect outside of
the target directory. LP: #532445
- Also error out when the quilt series contains a path with "/../" as
this can cause patch to create files outside of the source package due
to the -B .pc/$path option that it gets.
Checksums-Sha1:
5756bc6388d81d8c352877269f7528970dcafc94 2001 dpkg_1.15.5.6ubuntu2.dsc
4566c929b947702149eb66079ba1e0df1cb0aa9c 4702429 dpkg_1.15.5.6ubuntu2.tar.bz2
Checksums-Sha256:
feecbca3893f4b9c850b4367b3bbaf8a074d3b1d350002f2b662ebb5abc74ec8 2001 dpkg_1.15.5.6ubuntu2.dsc
eb3d678415e46dc3a4288c5335005190365bab9cbf437008c1af794b68b32afe 4702429 dpkg_1.15.5.6ubuntu2.tar.bz2
Files:
daaed53f6444a613ce9b0ab3f692415e 2001 admin required dpkg_1.15.5.6ubuntu2.dsc
262ade449a37c17577674288ac43e419 4702429 admin required dpkg_1.15.5.6ubuntu2.tar.bz2
Original-Maintainer: Dpkg Developers <debian-dpkg at lists.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Colin Watson <cjwatson at debian.org> -- Debian developer
iQIVAwUBS5g9Bzk1h9l9hlALAQgGiQ//cvbN/M2y9Hwz+L5Gg0lKdT9Y+LV2G9+C
7rQqZHtaLDHxc6HgJMKh3J0Sd9eA02m/5Wul8GcAlc3hGrRTLmMTmXAV+yUr69M0
tlcW/JMbJ/U4VoB9fcwaYyNEGkQYRy4OU9nQ+uSkfSHakmRetS2Pu1ZSxF44HnJZ
zpICFIqk/EVgXwZQTOQkNeWgiUExyAiF5cMPIOWpnimawb2I6KyMEDxRFT//2OFL
CFsMokUEWOyoUV2TwXQdSayUzJXwNFjV4eggYNNPY9nof5uPqTIbbI6uvpSZacgt
v7R8rri094WGUKJQDRLILknikOwdlcsi2PFhHHX/fBTv3bJfMRsF9DYXWA7DGbgr
d24EsrMa9WF/ifnpIJkNPL3PikdOwNw1STOolKewFiqnDUepelgjp0nmgJz88hjE
5IhB4d/zGujQ+QgoHW7qLJ7+ZrQsRSaH2+vqbYTBFtq8avHV5Zj9MpYKJO75XQwA
oBBmBRm0Jn0yBOrX6ssCthThM0Cz+J0vjMAbaec5Ko5EDIZgy/Q/7dQ5YU6v621t
hrRtJPUxKvp0je2ME4SJ8T06jwlF5T4nLFYpZ17dpMMlaKqLwWaSKvpLDASj5Hxd
aKT4ydBxXcjFKJWWi2vYORC5ffxZACEHDce2xnxfqmuspX6hbgiLY4U3sSFoswt6
B47z1dCeV+I=
=6xYU
-----END PGP SIGNATURE-----
More information about the Lucid-changes
mailing list