Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted dpkg 1.23.6 (source) into unstable
Date: Thu, 05 Mar 2026 06:18:41 +0000
Signed by: Guillem Jover <guillem@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 05 Mar 2026 06:54:58 +0100
Source: dpkg
Architecture: source
Version: 1.23.6
Distribution: unstable
Urgency: medium
Maintainer: Dpkg Developers <debian-dpkg@lists.debian.org>
Changed-By: Guillem Jover <guillem@debian.org>
Closes: 1126507 1126508 1126558 1126665 1127383 1127882 1127884 1128325 1128406 1128529 1129722
Changes:
 dpkg (1.23.6) unstable; urgency=medium
 .
   [ Guillem Jover ]
   * dpkg-query: Fix segfault with empty -S argument. LP: #2092676
   * dpkg-deb: Be more robust against truncated ar archives.
     Reported by Yashashree Gund <yash_gund@live.com>.
   * dpkg-deb: Reject ar archives with 0 sized tar members.
     Reported by Yashashree Gund <yash_gund@live.com>.
   * libdpkg, scripts: Detect corrupt ar archive with non-even byte sizes.
   * dpkg-source: Fix running from within the source tree.
     Reported by Umut <ue16@gmx.de> (on IRC).
   * dpkg-source: Support running --commit from within the source tree w/o
     «.». Closes: #1127383
   * dpkg-source: Fix format in maintainer error message.
     Thanks to Marko Zajc <marko@zajc.tel>.
   * dpkg-scanpackages: Add new --no-implicit-arch option. Closes: #1128325
   * Perl modules:
     - Dpkg::Shlibs::Objdump::Object: Clarify code comment.
     - Dpkg::Source::Package::V2: Do not print source root on modified files
       list. Closes: #1126558
     - Dpkg::Source::Patch: Speed up patched filename retrieval in patches.
     - Dpkg::Source::Patch: Add comment about the use of tr{}{} as char counter.
     - Dpkg::OpenPGP::Backend::GnuPG: Add missing Dpkg::Gettext import.
       Closes: #1128406
     - Dpkg::OpenPGP::Backend::GnuPG: Refactor _file_read_header().
     - Dpkg::OpenPGP::Backend::GnuPG: Detect and warn on LibrePGP artifacts.
     - Dpkg::Email::Address: Warn on email domains with a single label.
       Closes: #1126508
     - Dpkg::Source::Patch: Fix code comment.
     - Dpkg::Source::Patch: Add new has_errors() method.
     - Dpkg::Source::Package::V2: Delay unrepresentable error after local
       changes list. Closes: #1126665
     - Dpkg::Vendor: Fix taint mode in get_vendor_object().
     - Dpkg::Compression: Remove deprecated function compression_get_property().
     - Dpkg::Archive::Ar: Switch header variables into a hash.
     - Dpkg::Archive::Ar: Check that no header field is empty.
   * Code internals:
     - libdpkg: Use varbuf_str() instead of directly accessing buf.
     - scripts: Parse and validate all Changed-By and Maintainer field inputs.
       Closes: #1126507
     - libdpkg: Terminate zstd decompression when we have no more data.
       Reported by Yashashree Gund <yash_gund@live.com>. Closes: #1129722
       Fixes CVE-2026-2219.
     - dpkg-deb: Refactor ar member size into an intermediate variable.
   * Build system:
     - Add URL, Maintainer and License fields to .pc file.
   * Test suite:
     - Add basic Perl taint mode checks.
   * Localization:
     - Update Dutch translations.
       Thanks to Frans Spiesschaert <Frans.Spiesschaert@yucom.be>.
       Closes: #1127882, #1127884
     - Update Swedish translations.
       Thanks to Peter Krefting <peter@softwolves.pp.se>. Closes: #1128529
Checksums-Sha1:
 467eac6e8da889222d7f3ae3d132e1c3a05d50de 3474 dpkg_1.23.6.dsc
 4cacba17d73eab5dbfb446559861664a5a0a72a4 5839252 dpkg_1.23.6.tar.xz
 3e671d9bc59c605a93d9638aa76651697c84c41f 8015 dpkg_1.23.6_amd64.buildinfo
Checksums-Sha256:
 14e1fa4f14b938930ad6345d50ffc31d59c1c38a7b0e0d3c088822b949293ea8 3474 dpkg_1.23.6.dsc
 798ea0aca00c915560d8d37ba47c188783ba104b4f779cd0dbf0ee9fb7e7af32 5839252 dpkg_1.23.6.tar.xz
 0ea7516fb00554b9488d32e6949f6220250ffa6f69efda3c1e4f864a7ab300a6 8015 dpkg_1.23.6_amd64.buildinfo
Files:
 0966e39af76b263669adb4d327acf4a8 3474 admin required dpkg_1.23.6.dsc
 64c6ecdc9c5f072aa3be22069479cb68 5839252 admin required dpkg_1.23.6.tar.xz
 2bb9de0ae52195b1b31a46843400650a 8015 admin required dpkg_1.23.6_amd64.buildinfo


-----BEGIN PGP SIGNATURE-----

wsG7BAEBCgBvBYJpqR5RCRC5cr8+pK5Xo0cUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmf9FFR3cslXqjGoGDmbp0SrgWNGcKjeUI1z0reSn9EN
FxYhBE8+dPQ2BQwQ9WlldLlyvz6krlejAAAIWA//Tey25E/JBTXoXhJgIeRFztyE
hWdpiYpcslmEMLoFaQlASumwYvXJgV+bYk6l0SqnlwTizvSQyohYM35xr1dZBlEf
c26MU0YmAcPrDX203ZAEE6NzE8X/jIMSy8fzHytwquqWqNKhJdp+E16mN3AwyGx8
rLsX52FvSqk2LZCBYlyMu3NJ6IzS8BJvvwssKBfRR2qhGJ8NxxAmlrE56PzGIy9U
GbQKJH3FsjZ74SITR6b1qp9PjFCop76wzdkhY6UPO48X0x9LDoSODPwNrMX7S4i0
boIrC2KT4l6CZTkOcc3J0BJu7/cjlfEJRB2reXL96pJwFvYdKmwZnzBqEbs0ot4U
FGXhSax7aQVkvgFvbZ56d2T1TJlGcKDLb1smFSAEJ2zooXPM+A+WTVOWittUdfY6
mzfOYgXq/96oxNbKAPo+QP/q+2qN3uYbWiu0C+f+DjV41xmJXnK7PepW00vxAAHF
zcFeg615nj+ptM4vkObz6inrFlwdK0fCEuybX+Y5IVHgIDmYsiqCFa+8Qd6S3wWs
JF1TyEvuXvGqD6qXWKW1GQ81ohvCBgTGUaI2Q+d7oOMXHZP0dx1Ia3liszyKa1RJ
+zMlkEm60o+gnbHyjbZMAFGcclJCOKt8eqJbVOgMdSLbDox7Hzxx7HVBAfYeX5C+
ufx3Z5E9fC0cYeXk9rU=
=s66m
-----END PGP SIGNATURE-----
News for package dpkg
