./misc/dpkg, Package maintenance system for Debian

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.18.25, Package name: dpkg-1.18.25, Maintainer: pkgsrc-users

This package contains the programs which handle the installation and
removal of Debian packages on your system. The primary interface for
the dpkg suite is the `dselect' program; a more low-level and less
user-friendly interface is available in the form of the `dpkg'
command.


Required to run:
[archivers/gtar-base] [lang/perl5] [devel/patch]

Required to build:
[textproc/po4a] [pkgtools/cwrappers]

Master sites: (Expand)

SHA1: 49e827b0fef7e3b335cace31cba8ff6b340a4e27
RMD160: dd6ef449130ab14fd9104d3d849f45fe5cea5cfe
Filesize: 4435.195 KB

Version history: (Expand)


CVS history: (Expand)


   2018-08-31 15:58:44 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
dpkg: updated to 1.18.25

dpkg (1.18.25)

  * Parse start-stop-daemon usernames and groupnames starting with digits in
    -u and -c correctly.
  * Always use the binary version for the .buildinfo filename in
    dpkg-genbuildinfo.
  * Fix integer overflow in deb(5) format version parser.
  * Fix directory traversal with dpkg-deb --raw-extract, by guaranteeing
    that the DEBIAN pathname does not exist.
  * Do not try to recompute hashes for the .dsc file when signing binary-only
    builds in dpkg-buildpackage.
  * Architecture support:
    - Add support for riscv64 CPU.
  * Perl modules:
    - Do not normalize args past a passthrough stop word in Dpkg::Getopt.
      Some commands pass some arguments through to another command, and
      those must not be normalized as that might break their invocation.
  * Documentation:
    - Update buildinfo information in dpkg-buildpackage man page to match
      the current implementation.
    - Use correct name for archname validator value in dpkg(1) man page.
    - Update git URLs for move away from alioth.debian.org.
  * Packaging:
    - Add versioned Build-Depends on tar, due to the --clamp-mtime option
      being used in Dpkg::Source::Archive which is used by dpkg-source,
      used by the test suite.
   2018-08-22 11:48:07 by Thomas Klausner | Files touched by this commit (3558)
Log message:
Recursive bump for perl5-5.28.0
   2018-01-29 12:17:46 by Adam Ciarcinski | Files touched by this commit (1)
Log message:
Pass correct TAR variable to configure
   2017-12-07 13:35:41 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
dpkg: updated to 1.18.24

dpkg 1.18.24:
* Add missing symbols to the libdpkg map file.
* Fix dpkg-shlibdeps to preserve the Dpkg::Shlibs::find_library() order
  when scanning symbols/shlibs files. This was causing generation of bogus
  dependencies when multiple packages provide the same SONAME on different
  directories. Regression introduced in dpkg 1.18.17.
* Make dpkg-maintscript-helper print all unowned files from a directory
  when printing the error message, to ease debugging those problems after
  the fact.
  Based on a patch by Bastien ROUCARI?<88>S \ 
<roucaries.bastien@gmail.com>.
* Add duplicate prevention code for debian/files to dpkg-genbuildinfo, so
  that successive runs with different versions and equivalent build types
  do not generate multiple .buildinfo entries to be uploaded, which is
  similar to what dpkg-gencontrol is doing for .deb files.
* Fix conffile takeover handling during unpack in dpkg on --root or
  on diversions.
* Fix digest inference for shared conffiles, causing bogus takeover
  unpack errors. Regression introduced in dpkg 1.16.9.
* Improve tar entry metadata parsing in dpkg:
  - Do not parse device numbers for non block nor char tar entry objects.
  - Make the existing octal parser more robust, by checking for the
    expected format of leading zeros or spaces, followed by any ASCII
    octal characters (0-7), followed by zero or more space or NULs.
  - Add support for base-256 encoded numeric fields, to support large
    values, for UID/GID, device number, size and even signed timestamps.
    This is necessary not only to be able to store larger values, but to
    cover packages that can already be generated by dpkg-deb, given that
    it uses the system GNU tar when building.
* Architecture support:
  - Add support for ARM64 ILP32.
* Perl modules:
  - Remove obsolete hardening-wrapper support from Dpkg::Vendor::Ubuntu.
  - Bump $Dpkg::Deps::VERSION to match the one documented in CHANGES.
  - Ignore by default debian/files.new and debian/files for all source
    formats in Dpkg::Source::Package, because these are generated files
    with well known pathnames, part of the public interface, and with
    dpkg-genbuildinfo always injecting .buildinfo entries into
    debian/files, this meant this could disrupt previous workflows based
    on not cleaning the source tree.
* Documentation:
  - Many spelling fixes.
  - Do not include mispellings in changelogs, as that makes detecting them
    more difficult.
* Build system:
  - Use libexec variable for auxiliary internal programs, and set it to
    /usr/lib on Debian and derivatives.
  - Check that the detected tar is a GNU tar.
  - Check that the detected patch is a GNU patch, so that we get a directory
    traversal resistant patch implementation. This fixes CVE-2017-8283 by
    delegating those checks to patch(1), so that we trap blank-indented
    diff hunks trying to escape from the source tree.
* Test suite:
  - Add a test case for blank-indented patches which were the cause for
    CVE-2017-8283.
  - Handle files with non-zero sizes in c-tarextract libdpkg test code.
   2017-08-01 16:59:08 by Thomas Klausner | Files touched by this commit (211)
Log message:
Follow some http -> https redirects.
   2017-03-10 16:47:58 by Thomas Klausner | Files touched by this commit (1)
Log message:
Use ${TOOLS_PLATFORM.gtar} to find GNU tar.
   2017-03-09 12:52:26 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
Updated dpkg to 1.18.23nb1.

Set TAR so that GNU tar is found.
Enable start-stop-daemon now that it builds on NetBSD.
Add a test dependency.
   2017-03-06 23:47:04 by Thomas Klausner | Files touched by this commit (4) | Package updated
Log message:
Updated dpkg to 1.18.23.

dpkg (1.18.23) unstable; urgency=medium

  * Handle unmatched arch-qualified virtual packages in dpkg-genbuildinfo,
    instead of letting perl die. Closes: #849944
  * Declare .buildinfo format as stable with version 1.0.
  * Do not depend on cxxabi.h to have declared __cxa_pure_virtual, use
    the same “__cxxabiv1” namespace as specified in the C++ ABI, instead
    of using the “abi” alias intended for use by userland.
    Thanks to Jörg Sonnenberger <joerg@netbsd.org>.
  * Add a comment on any C code switch case that falls through. Fixes new
    gcc-7 warnings.
  * Use snprintf() instead of sprintf() in libdpkg when constructing the ar
    member header, as we might overflow depending on the input data.
  * Portability:
    - Do not redeclare sys_siglist in libcompat when the system does so.
      Thanks to Thomas Klausner <wiz@NetBSD.org>.
    - Rename err variable to ret in start-stop-daemon as the former is a
      function on BSDs.
    - Use 5-argument kvm_getprocs() call form on OpenBSD in start-stop-daemon.
    - Use correct struct kinfo_proc ruid submember name on NetBSD in
      start-stop-daemon.
    - Define _KMEMUSER for NetBSD to get declarations for various
      struct kinfo_proc members in start-stop-daemon.
  * Perl modules:
    - Do not special case EM_SPARC32PLUS for NetBSD in Dpkg::Shlibs::Objdump,
      the code has been fixed in NetBSD as that situation could not happen.
    - Fix read() error handling in Dpkg::Shlibs::Objdump::get_format() to
      gracefully ignore non-ELF files again. Closes: #854536
    - Emit an explicit warning from Dpkg::Shlibs::Objdump::Object::analyze()
      for unknown executable formats instead of relying on objdump doing so.
    - Do not parse bogus ELF binaries in Dpkg::Shlibs::Objdump::get_format().
      Reported by Niels Thykier <niels@thykier.net>.
    - Add ‘.mnt-ignore’ to the default ignore lists in \ 
Dpkg::Source::Package,
      as we were already ignoring the ‘_MTN’ pathnames. Closes: #855450
      Thanks to Nicolas Boulenguez <nicolas@debian.org>.
    - Mark kfreebsd-amd64, kfreebsd-i386, sparc and sparc64 architectures as
      having gcc builtin PIE in Dpkg::Vendor::Debian.
    - Switch PIE handling in Dpkg::Vendor::Debian to have no default (!) and
      delegate the setting to gcc or an explicit request by a user. This is
      needed to cope with the general PIE brokenness situation in Debian, and
      the current specific brokenness of a Debian gcc patch mangling the dpkg
      build flags. Closes: #848129, #845550
  * Documentation:
    - Clarify the requirements for deb-conffile(5) pathnames. Closes: #854417
      Proposed by Dieter Adriaenssens <dieter.adriaenssens@gmail.com>.
    - Document dpkg-source --before-build and --after-build in --help output.
    - Document dpkg-buildpackage --ignore-builtin-builddeps in --help output.
  * Build system:
    - Check <sys/proc.h> by also including <sys/param.h>, on several BSD
      systems the header is not self-contained.
    - Handle libmd implementations built into system libc, as found on some
      BSD systems.
    - Do not fail on missing compression libraries or headers on automatic
      detection mode. Regression introduced in dpkg 1.18.14.
  * Test suite:
    - Use the detected perl interpreter instead of a random one from PATH.

  [ Updated programs translations ]
  * Dutch (Frans Spiesschaert). Closes: #856325

  [ Updated scripts translations ]
  * German (Helge Kreutzmann).

  [ Updated man pages translations ]
  * Dutch (Frans Spiesschaer). Closes: #856326

 -- Guillem Jover <guillem@debian.org>  Mon, 06 Mar 2017 05:41:11 +0100