[ubuntu/lucid] dpkg 1.15.5.6ubuntu2 (Accepted)

Colin Watson cjwatson at ubuntu.com
Thu Mar 11 00:50:40 GMT 2010 

dpkg (1.15.5.6ubuntu2) lucid; urgency=high

  * Backport from upstream:
    - Use FIEMAP when available (on Linux based systems) to sort the .list
      files loading order. With a cold cache it improves up to a 70%.
      Thanks to Morten Hustveit <morten at debian.org>. LP: #442114
    - Call fsync(2) after writing files on disk, to get the atomicity
      guarantees when doing rename(2). Based on a patch by Jean-Baptiste
      Lallement <jeanbaptiste.lallement at gmail.com>.
      Closes: #430958, LP: #512096
  * Security fixes by Raphaël Hertzog, also backported from upstream
    (CVE-2010-0396):
    - Modify dpkg-source to error out when it would apply patches containing
      insecure paths (with "/../") and also error out when it would apply a
      patch through a symlink. Those checks are required as patch will
      happily modify files outside of the target directory and unpacking a
      source package should not be able to have any side-effect outside of
      the target directory. LP: #532445
    - Also error out when the quilt series contains a path with "/../" as
      this can cause patch to create files outside of the source package due
      to the -B .pc/$path option that it gets.

Date: Thu, 11 Mar 2010 00:34:28 +0000
Changed-By: Colin Watson <cjwatson at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Colin Watson <cjwatson at canonical.com>
https://launchpad.net/ubuntu/lucid/+source/dpkg/1.15.5.6ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 11 Mar 2010 00:34:28 +0000
Source: dpkg
Binary: dpkg dpkg-dev dselect
Architecture: source
Version: 1.15.5.6ubuntu2
Distribution: lucid
Urgency: high
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Colin Watson <cjwatson at ubuntu.com>
Description: 
 dpkg       - Debian package management system
 dpkg-dev   - Debian package development tools
 dselect    - Debian package management front-end
Closes: 430958
Launchpad-Bugs-Fixed: 442114 512096 532445
Changes: 
 dpkg (1.15.5.6ubuntu2) lucid; urgency=high
 .
   * Backport from upstream:
     - Use FIEMAP when available (on Linux based systems) to sort the .list
       files loading order. With a cold cache it improves up to a 70%.
       Thanks to Morten Hustveit <morten at debian.org>. LP: #442114
     - Call fsync(2) after writing files on disk, to get the atomicity
       guarantees when doing rename(2). Based on a patch by Jean-Baptiste
       Lallement <jeanbaptiste.lallement at gmail.com>.
       Closes: #430958, LP: #512096
   * Security fixes by Raphaël Hertzog, also backported from upstream
     (CVE-2010-0396):
     - Modify dpkg-source to error out when it would apply patches containing
       insecure paths (with "/../") and also error out when it would apply a
       patch through a symlink. Those checks are required as patch will
       happily modify files outside of the target directory and unpacking a
       source package should not be able to have any side-effect outside of
       the target directory. LP: #532445
     - Also error out when the quilt series contains a path with "/../" as
       this can cause patch to create files outside of the source package due
       to the -B .pc/$path option that it gets.
Checksums-Sha1: 
 5756bc6388d81d8c352877269f7528970dcafc94 2001 dpkg_1.15.5.6ubuntu2.dsc
 4566c929b947702149eb66079ba1e0df1cb0aa9c 4702429 dpkg_1.15.5.6ubuntu2.tar.bz2
Checksums-Sha256: 
 feecbca3893f4b9c850b4367b3bbaf8a074d3b1d350002f2b662ebb5abc74ec8 2001 dpkg_1.15.5.6ubuntu2.dsc
 eb3d678415e46dc3a4288c5335005190365bab9cbf437008c1af794b68b32afe 4702429 dpkg_1.15.5.6ubuntu2.tar.bz2
Files: 
 daaed53f6444a613ce9b0ab3f692415e 2001 admin required dpkg_1.15.5.6ubuntu2.dsc
 262ade449a37c17577674288ac43e419 4702429 admin required dpkg_1.15.5.6ubuntu2.tar.bz2
Original-Maintainer: Dpkg Developers <debian-dpkg at lists.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Colin Watson <cjwatson at debian.org> -- Debian developer

iQIVAwUBS5g9Bzk1h9l9hlALAQgGiQ//cvbN/M2y9Hwz+L5Gg0lKdT9Y+LV2G9+C
7rQqZHtaLDHxc6HgJMKh3J0Sd9eA02m/5Wul8GcAlc3hGrRTLmMTmXAV+yUr69M0
tlcW/JMbJ/U4VoB9fcwaYyNEGkQYRy4OU9nQ+uSkfSHakmRetS2Pu1ZSxF44HnJZ
zpICFIqk/EVgXwZQTOQkNeWgiUExyAiF5cMPIOWpnimawb2I6KyMEDxRFT//2OFL
CFsMokUEWOyoUV2TwXQdSayUzJXwNFjV4eggYNNPY9nof5uPqTIbbI6uvpSZacgt
v7R8rri094WGUKJQDRLILknikOwdlcsi2PFhHHX/fBTv3bJfMRsF9DYXWA7DGbgr
d24EsrMa9WF/ifnpIJkNPL3PikdOwNw1STOolKewFiqnDUepelgjp0nmgJz88hjE
5IhB4d/zGujQ+QgoHW7qLJ7+ZrQsRSaH2+vqbYTBFtq8avHV5Zj9MpYKJO75XQwA
oBBmBRm0Jn0yBOrX6ssCthThM0Cz+J0vjMAbaec5Ko5EDIZgy/Q/7dQ5YU6v621t
hrRtJPUxKvp0je2ME4SJ8T06jwlF5T4nLFYpZ17dpMMlaKqLwWaSKvpLDASj5Hxd
aKT4ydBxXcjFKJWWi2vYORC5ffxZACEHDce2xnxfqmuspX6hbgiLY4U3sSFoswt6
B47z1dCeV+I=
=6xYU
-----END PGP SIGNATURE-----

More information about the Lucid-changes mailing list