-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 07 Jul 2020 07:57:48 +0200 Source: dpkg Architecture: source Version: 1.20.4 Distribution: unstable Urgency: medium Maintainer: Dpkg Developers <debian-dpkg@lists.debian.org> Changed-By: Guillem Jover <guillem@debian.org> Closes: 870383 964017 964111 964234 Changes: dpkg (1.20.4) unstable; urgency=medium . [ Guillem Jover ] * Improve PIE flags support: - Prefix the specs file spec string self_spec with + instead of *. This way we do not override any previous setting, otherwise when passing the -specs options twice (f.ex. to compile and link), only the last one will take effect, which can break the build. Closes: #870383 * Perl modules: - Dpkg::Source::Package: Explicitly initialize constructor options to their implicit values, otherwise other code end up assuming different defaults. Closes: #964017 - Dpkg::OpenPGP: Use a temporary directory for the GnuPG homedir in verify_signature(), to make sure we do not write to the user home directory, except for the trustkeys.db file if present. - Dpkg::Path: Refactor new check_directory_traversal() function out of Dpkg::Source::Package->extract(). - Dpkg::Path: Do not do partial matches for directory traversal checks, expect a trailing slash after the base directory name. - Dpkg::Path: Catch uncanonicanizable pathnames with a proper error. Closes: #964111 - Dpkg::Path: Do not consider missing symlink targets a directory traversal attempt. Closes: #964234 - Dpkg::Path: Allow /dev/null for directory traversals. Reported by Holger Levsen <holger@layer-acht.org>. * Build system: - Add Module::Signature as configure recommends for CPAN. * Test suite: - Use File::Path::make_path() instead of chained mkdir() in Dpkg_Path.t. - Add unit tests for Dpkg::Path::check_directory_traversal(). . [ Updated programs translations ] * German (Sven Joachim). Checksums-Sha1: 12983dabc712157582b2bcff0c1b0e6f1de9e65c 2109 dpkg_1.20.4.dsc 41a445efe3c51e07b38948defd51e601683a5448 4715020 dpkg_1.20.4.tar.xz 413c302f34195f09a53ef23943c9ebda3f811802 7501 dpkg_1.20.4_amd64.buildinfo Checksums-Sha256: 2762a810d5c151316d170bc0ab6e610283e6454c5df5c34edd2fd33d0c79a64a 2109 dpkg_1.20.4.dsc 3430d76d75b66eeccad8382dad7148e6f46fedce90587964608f0c5c733abe52 4715020 dpkg_1.20.4.tar.xz e78395058970d3c8dc03b462de8459104fbe12edc71f88af9c0617264da2bc2b 7501 dpkg_1.20.4_amd64.buildinfo Files: 19ca3ea2f56ee6cf181a4e5dc14e16e6 2109 admin required dpkg_1.20.4.dsc 58f92b5d3d464629119148a1fa3eb331 4715020 admin required dpkg_1.20.4.tar.xz 6b8be7267af03c5acb91430f3d8e2325 7501 admin required dpkg_1.20.4_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEETz509DYFDBD1aWV0uXK/PqSuV6MFAl8EET0ACgkQuXK/PqSu V6Ms6g//Y1YBiJHcObBffo1yrWIVQxmDJx1V52NMjMQcZiJEoRDsCkHJzoBoeyHq VzI807ztMGXpr4P9+2kdgN1N0JcG6vKEB/VtnIbNdoEmIx13RoBM5WVnG04oRevL Sh6lCsFkET/in71O/CO6hpMV5KsNaoXuiLsJwZ3ggTeuKBinRhlCRfphU28gM8hE 8HvM+oBnitmuCLItoOT9MUps4B0LU1cCLf+mpsbKcJiTIZinbH8EyDx5BvNxf4fe avX2++4WTJirlesXkkOh3A/PjwRER6QGJqV24unDDjStQSab2TVKKk5pmna+V0kT ifI8qqOvLDbflT7MAyOklHTxnVK6TDUNSSNC+CyzO/g+vDuFweIpNQF7fcbtMT8w HF37am4F6UjiQiVpKEAhlVPK1dunG37IYZAQWAY069ywQ48WJPc9KdsbuEPSqH8J oAdrdx4OFLwz4KD9c31mMnzPzmJjWNtNMf/rxh0/fHypSbftF1ylVHcmVdy0mk7t 9JdHTS3PV37aQnOS4O450IujaUrbBkSU56By+jfsKaDW9W/nsk0+M2MHHAHfvV4f qNjopmgDbi8CwIZcf8z4aWbXNSWstMa1fXrDQvMPsCDd20qeH9N6Cb//800l5/jF E00ilFm/yykwBgBJxR/ujv7R0sWB3oxnXAN9cMT9cAB8qR2A1ZA= =ra/4 -----END PGP SIGNATURE-----
