[ubuntu/vivid-proposed] dpkg 1.17.23ubuntu1 (Accepted)

Adam Conrad adconrad at ubuntu.com
Sat Jan 17 01:03:16 UTC 2015


dpkg (1.17.23ubuntu1) vivid; urgency=medium

  * Merge from Debian unstable.  Remaining changes:
    - Change native source version/format mismatch errors into warnings
      until the dust settles on Debian bug 737634 about override options.
    - Add DPKG_UNTRANSLATED_MESSAGES environment check so that higher-level
      tools can get untranslated dpkg terminal log messages while at the
      same time having translated debconf prompts.
    - Special-case arm{el,hf} ELF objects in Shlibs/Objdump.pm for multilib.
    - Map unqualified package names of multiarch-same packages to the native
      arch instead of throwing an error, so that we don't break on upgrade
      when there are unqualified names stored in the dpkg trigger database.
    - Apply a workaround from mvo to consider ^rc packages as multiarch,
      during the dpkg consistency checks. (see LP: 1015567 and 1057367).
    - Bump fontconfig Breaks to match Ubuntu version; can be reverted after
      vivid ships, as the Debian Breaks version was higher than trusty's.
    - Add ureadahead to the long list of trigger-related Breaks as well.
  * Remove multiarch upgrade code from postinst, which is no longer needed.

dpkg (1.17.23) unstable; urgency=low

  [ Guillem Jover ]
  * Use a matching group instead of ${^MATCH} in s/// in dselect build script.
  * Skip tar extractor tests if tar is not GNU tar >= 1.27.
  * Reset the trigger cycle tracking on unsatisfied dependencies during
    trigger processing. Closes: #771730
  * Fix out-of-bounds buffer read accesses when parsing field and trigger
    names or checking package ownership of conffiles and directories.
    Reported by Joshua Rogers <megamansec at gmail.com>.
  * Add versioned Breaks on packages creating trigger cycles. Namely auctex,
    apt-cudf, ccache, cups, distcc, fusionforge-plugin-mediawiki, gap-core,
    gxine, hoogle, icecc, libjs-protoaculous, mcollective, pypy, wordpress
    and xfonts-traditional.

  [ Updated programs translations ]
  * Basque (Iñaki Larrañaga Murgoitio). Closes: #771893
  * Catalan (Guillem Jover).
  * Czech (Miroslav Kure).
  * Esperanto (Felipe Castro).
  * French (Sébastien Poher).
  * Italian (Milo Casagrande).
  * Portuguese (Miguel Figueiredo).
  * Russian (Yuri Kozlov). Closes: #771691
  * Simplified Chinese (Zhou Mo). Closes: #771264
  * Spanish (Javier Fernández-Sanguino)
  * Swedish (Peter Krefting).
  * Thai (Theppitak Karoonboonyanan). Closes: #772965

  [ Updated scripts translations ]
  * Catalan (Guillem Jover).
  * Polish (Łukasz Dulny).
  * Russian (Yuri Kozlov). Closes: #772841

  [ Updated manpages translations ]
  * French (Sébastien Poher).
  * Italian (Beatrice Torracca). Closes: #771673

  [ Updated dselect translations ]
  * Catalan (Guillem Jover).
  * Czech (Miroslav Kure).
  * Norwegian Bokmål (Hans Fredrik Nordhaug).
  * Polish (Łukasz Dulny).
  * Portuguese (Miguel Figueiredo).
  * Russian (Yuri Kozlov). Closes: #771682
  * Spanish (Javier Fernández-Sanguino)
  * Vietnamese (Trần Ngọc Quân).

dpkg (1.17.22) unstable; urgency=low

  [ Guillem Jover ]
  * Add version introducing --ctrl-tarfile in dpkg-deb(1) man page.
  * Bump minimal version for dir_to_symlink and symlink_to_dir commands
    to 1.17.14 in dpkg-maintscript-helper(1) man page. Closes: #769843
  * Reintroduce update-alternatives, dpkg-divert and dpkg-statoverride
    compatibility symlinks under /usr/sbin/. There are still packages
    using those paths, but the relevant lintian check did not list any,
    so this got removed prematurely.
  * Add Breaks on old man-db, fontconfig and readahead-fedora packages using
    awaiting triggers, as they produce trigger cycles. Closes: #768599
  * Escape package and architecture names on control file parsing warning,
    as those get injected into a variable that is used as a format string,
    and they come from the package fields, which are under user control.
    Regression introduced in dpkg 1.16.0. Fixes CVE-2014-8625. Closes: #768485
    Reported by Joshua Rogers <megamansec at gmail.com>.
  * Do not match partial field names in control files. Closes: #769119
    Regression introduced in dpkg 1.10.
  * Fix build on Mac OS X. Regression introduced in dpkg 1.17.11.
    Reported by Dominyk Tiller <dominyktiller at gmail.com>.
  * Normalize tar entry uid and gid from the current system only in dpkg
    unpack. Regression introduced in dpkg 1.17.14. Closes: #769211
  * Restore multiple processing instances check for packages and archives
    specified on the command-line. Regression introduced in dpkg 1.17.20.
  * Fail on trigger processing when it is required to progress. Trigger
    processing is sometimes required and sometimes opportunistic, and we
    should only fail on the former but ignore the latter. Closes: #768852
  * Do not ignore trigger cycles for direct dependencies, these are just
    normal trigger cycles, and as such should not be special cased.
  * Register all pending triggers for deferred processing when being called
    as «dpkg --configure pkgname…». This is a mostly conformant workaround
    for frontends like apt that do not correctly call «dpkg --configure -a»
    or «dpkg --triggers-only -a» after their normal runs, and leave packages
    in triggers-pending and triggers-awaited states. Closes: #766758

  [ Updated programs translations ]
  * Catalan (Guillem Jover).
  * Danish (Joe Dalton).
  * French (Sébastien Poher).
  * German (Sven Joachim).
  * Japanese (Kenshi Muto). Closes: #771255
  * Polish (Łukasz Dulny).
  * Simplified Chinese (Zhou Mo). Closes: #766724, #770280
  * Swedish (Peter Krefting).
  * Turkish (Mert Dirik).
  * Vietnamese (Trần Ngọc Quân)

  [ Updated scripts translations ]
  * French (Sébastien Poher).
  * German (Helge Kreutzmann).
  * Swedish (Peter Krefting).

  [ Updated manpages translations ]
  * French (Sébastien Poher). Closes: #767934
  * German (Helge Kreutzmann). Closes: #752123
  * Simplified Chinese (Zhou Mo). Closes: #767573
  * Swedish (Peter Krefting).

  [ Updated dselect translations ]
  * Danish (Joe Dalton).
  * Dutch (Frans Spiesschaert). Closes: #771237
  * French (Sébastien Poher). Closes: #767918
  * Japanese (Kenshi Muto). Closes: #771256
  * Swedish (Peter Krefting).

Date: Fri, 05 Dec 2014 10:52:37 -0700
Changed-By: Adam Conrad <adconrad at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/dpkg/1.17.23ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 05 Dec 2014 10:52:37 -0700
Source: dpkg
Binary: libdpkg-dev dpkg dpkg-dev libdpkg-perl dselect
Architecture: source
Version: 1.17.23ubuntu1
Distribution: vivid
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Adam Conrad <adconrad at ubuntu.com>
Description:
 dpkg       - Debian package management system
 dpkg-dev   - Debian package development tools
 dselect    - Debian package management front-end
 libdpkg-dev - Debian package management static library
 libdpkg-perl - Dpkg perl modules
Closes: 752123 766724 766758 767573 767918 767934 768485 768599 768852 769119 769211 769843 770280 771237 771255 771256 771264 771673 771682 771691 771730 771893 772841 772965
Changes:
 dpkg (1.17.23ubuntu1) vivid; urgency=medium
 .
   * Merge from Debian unstable.  Remaining changes:
     - Change native source version/format mismatch errors into warnings
       until the dust settles on Debian bug 737634 about override options.
     - Add DPKG_UNTRANSLATED_MESSAGES environment check so that higher-level
       tools can get untranslated dpkg terminal log messages while at the
       same time having translated debconf prompts.
     - Special-case arm{el,hf} ELF objects in Shlibs/Objdump.pm for multilib.
     - Map unqualified package names of multiarch-same packages to the native
       arch instead of throwing an error, so that we don't break on upgrade
       when there are unqualified names stored in the dpkg trigger database.
     - Apply a workaround from mvo to consider ^rc packages as multiarch,
       during the dpkg consistency checks. (see LP: 1015567 and 1057367).
     - Bump fontconfig Breaks to match Ubuntu version; can be reverted after
       vivid ships, as the Debian Breaks version was higher than trusty's.
     - Add ureadahead to the long list of trigger-related Breaks as well.
   * Remove multiarch upgrade code from postinst, which is no longer needed.
 .
 dpkg (1.17.23) unstable; urgency=low
 .
   [ Guillem Jover ]
   * Use a matching group instead of ${^MATCH} in s/// in dselect build script.
   * Skip tar extractor tests if tar is not GNU tar >= 1.27.
   * Reset the trigger cycle tracking on unsatisfied dependencies during
     trigger processing. Closes: #771730
   * Fix out-of-bounds buffer read accesses when parsing field and trigger
     names or checking package ownership of conffiles and directories.
     Reported by Joshua Rogers <megamansec at gmail.com>.
   * Add versioned Breaks on packages creating trigger cycles. Namely auctex,
     apt-cudf, ccache, cups, distcc, fusionforge-plugin-mediawiki, gap-core,
     gxine, hoogle, icecc, libjs-protoaculous, mcollective, pypy, wordpress
     and xfonts-traditional.
 .
   [ Updated programs translations ]
   * Basque (Iñaki Larrañaga Murgoitio). Closes: #771893
   * Catalan (Guillem Jover).
   * Czech (Miroslav Kure).
   * Esperanto (Felipe Castro).
   * French (Sébastien Poher).
   * Italian (Milo Casagrande).
   * Portuguese (Miguel Figueiredo).
   * Russian (Yuri Kozlov). Closes: #771691
   * Simplified Chinese (Zhou Mo). Closes: #771264
   * Spanish (Javier Fernández-Sanguino)
   * Swedish (Peter Krefting).
   * Thai (Theppitak Karoonboonyanan). Closes: #772965
 .
   [ Updated scripts translations ]
   * Catalan (Guillem Jover).
   * Polish (Łukasz Dulny).
   * Russian (Yuri Kozlov). Closes: #772841
 .
   [ Updated manpages translations ]
   * French (Sébastien Poher).
   * Italian (Beatrice Torracca). Closes: #771673
 .
   [ Updated dselect translations ]
   * Catalan (Guillem Jover).
   * Czech (Miroslav Kure).
   * Norwegian Bokmål (Hans Fredrik Nordhaug).
   * Polish (Łukasz Dulny).
   * Portuguese (Miguel Figueiredo).
   * Russian (Yuri Kozlov). Closes: #771682
   * Spanish (Javier Fernández-Sanguino)
   * Vietnamese (Trần Ngọc Quân).
 .
 dpkg (1.17.22) unstable; urgency=low
 .
   [ Guillem Jover ]
   * Add version introducing --ctrl-tarfile in dpkg-deb(1) man page.
   * Bump minimal version for dir_to_symlink and symlink_to_dir commands
     to 1.17.14 in dpkg-maintscript-helper(1) man page. Closes: #769843
   * Reintroduce update-alternatives, dpkg-divert and dpkg-statoverride
     compatibility symlinks under /usr/sbin/. There are still packages
     using those paths, but the relevant lintian check did not list any,
     so this got removed prematurely.
   * Add Breaks on old man-db, fontconfig and readahead-fedora packages using
     awaiting triggers, as they produce trigger cycles. Closes: #768599
   * Escape package and architecture names on control file parsing warning,
     as those get injected into a variable that is used as a format string,
     and they come from the package fields, which are under user control.
     Regression introduced in dpkg 1.16.0. Fixes CVE-2014-8625. Closes: #768485
     Reported by Joshua Rogers <megamansec at gmail.com>.
   * Do not match partial field names in control files. Closes: #769119
     Regression introduced in dpkg 1.10.
   * Fix build on Mac OS X. Regression introduced in dpkg 1.17.11.
     Reported by Dominyk Tiller <dominyktiller at gmail.com>.
   * Normalize tar entry uid and gid from the current system only in dpkg
     unpack. Regression introduced in dpkg 1.17.14. Closes: #769211
   * Restore multiple processing instances check for packages and archives
     specified on the command-line. Regression introduced in dpkg 1.17.20.
   * Fail on trigger processing when it is required to progress. Trigger
     processing is sometimes required and sometimes opportunistic, and we
     should only fail on the former but ignore the latter. Closes: #768852
   * Do not ignore trigger cycles for direct dependencies, these are just
     normal trigger cycles, and as such should not be special cased.
   * Register all pending triggers for deferred processing when being called
     as «dpkg --configure pkgname…». This is a mostly conformant workaround
     for frontends like apt that do not correctly call «dpkg --configure -a»
     or «dpkg --triggers-only -a» after their normal runs, and leave packages
     in triggers-pending and triggers-awaited states. Closes: #766758
 .
   [ Updated programs translations ]
   * Catalan (Guillem Jover).
   * Danish (Joe Dalton).
   * French (Sébastien Poher).
   * German (Sven Joachim).
   * Japanese (Kenshi Muto). Closes: #771255
   * Polish (Łukasz Dulny).
   * Simplified Chinese (Zhou Mo). Closes: #766724, #770280
   * Swedish (Peter Krefting).
   * Turkish (Mert Dirik).
   * Vietnamese (Trần Ngọc Quân)
 .
   [ Updated scripts translations ]
   * French (Sébastien Poher).
   * German (Helge Kreutzmann).
   * Swedish (Peter Krefting).
 .
   [ Updated manpages translations ]
   * French (Sébastien Poher). Closes: #767934
   * German (Helge Kreutzmann). Closes: #752123
   * Simplified Chinese (Zhou Mo). Closes: #767573
   * Swedish (Peter Krefting).
 .
   [ Updated dselect translations ]
   * Danish (Joe Dalton).
   * Dutch (Frans Spiesschaert). Closes: #771237
   * French (Sébastien Poher). Closes: #767918
   * Japanese (Kenshi Muto). Closes: #771256
   * Swedish (Peter Krefting).
Checksums-Sha1:
 b89070a08a79aab3fb8a2b7b679c5fd7aa149b32 2164 dpkg_1.17.23ubuntu1.dsc
 20a77b5019045ca685751bb8d548e8862330c2b5 4434508 dpkg_1.17.23ubuntu1.tar.xz
Checksums-Sha256:
 bcd157012e5ccb2215f1b4661b4afad751b72f0e08525efc84cc2ded197a63b2 2164 dpkg_1.17.23ubuntu1.dsc
 dc850a0db34797a27037d255dee288e673e7de6a19e62b66b47f012b8ffe8922 4434508 dpkg_1.17.23ubuntu1.tar.xz
Files:
 e4e02a13ab8f202e180f83123bfb8ad5 2164 admin required dpkg_1.17.23ubuntu1.dsc
 af86352c668b2b65b5e9397df856da76 4434508 admin required dpkg_1.17.23ubuntu1.tar.xz
Original-Maintainer: Dpkg Developers <debian-dpkg at lists.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJUubIbAAoJEINAGjCxzeWPM0wQAIiBenrcuyq7G8vZjn2Tzqra
R7eV4RyExdWImrWukJyROUGUmh1mnI8ClM8DeCIHYjYp+s/X7v1UClXrlT74XQDE
bX0ZMN2M76yuCs9mu4ViXZe9iksDCHobfbjiIcww7r4RcJLn+gwVXvr6brNQ8LUp
539lrhsy12+o2piJKrzilNv5KcISxygtN7bA9qbWWSKerxwsHxT1OrFqsLGcspGA
gC6lOqt9cB3X9KstqYqbEI+R2TCRflNI1w96IAVssb70a/NFNuuAaPwTWeYfaX9P
mqTew03IFo9DsGHTgw+2lBtQa4N23lbCXcKMhllPzGb/ZqP2sZHZa86qHgSMWG15
D9YCjZ5WnDG4pEw+piUGt5qklI+p23fcgfORdfHyKACT9z9ZY0Kk+rRrFTZTMyCK
3Qk6/ZdEjLH8jU6Dg4swMCtZ+rAgj6XexVFKxJPpSWUX2uwJn6bsilBftBN3k840
5Dsgkewd9Qe4978LMDSBGHPxXE1znwyb3e99+u0pHCjBKapp+MNYQUfmkJkC+iZE
ZVdECDcFUTO3ciL8gdnPvB/TcWlBNSVmorxtnQPXpPrQk0IQHtGheWU0/v6a7RMP
sobsyU7koKpDYpbDT6J6OB7YAZrMyC0Jpdud8P/PRtZyAi5uV0lFZ8ret6XBWiFx
6glzr2uS5x8rB5kePaWQ
=5d7S
-----END PGP SIGNATURE-----


More information about the Vivid-changes mailing list