-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 26 Sep 2018 15:13:22 +0200 Source: dpkg Binary: dpkg libdpkg-dev dpkg-dev libdpkg-perl dselect Architecture: source Version: 1.19.1 Distribution: unstable Urgency: medium Maintainer: Dpkg Developers <debian-dpkg@lists.debian.org> Changed-By: Guillem Jover <guillem@debian.org> Description: dpkg - Debian package management system dpkg-dev - Debian package development tools dselect - Debian package management front-end libdpkg-dev - Debian package management static library libdpkg-perl - Dpkg perl modules Closes: 365921 616342 746766 821177 822914 854438 878899 878919 879124 879982 880166 881051 881401 881403 881488 883085 886252 888787 888964 888983 890806 895004 898010 898603 900033 900035 900040 900088 900547 902616 904060 904258 905887 907772 Changes: dpkg (1.19.1) unstable; urgency=medium . [ Guillem Jover ] * Fix logic in dpkg-buildpackage to decide whether to run build targets, which broke tons of packages that are violating Debian policy MUSTs. Thanks to James Clarke <jrtc27@debian.org>. Closes: #878899 * Do not try to recompute hashes for the .dsc file when signing binary-only builds in dpkg-buildpackage. Reported by Ximin Luo <infinity0@debian.org>. * Pass the correct source stanza to the dpkg-buildpackage code parsing the Rules-Requires-Root field. This meant the field was being ignored. * Run dpkg-source directly from the current working directory in dpkg-buildpackage, instead of changing directory back and forth. * Setup and check rootcommand in dpkg-buildpackage only if it is going to be needed. Reported by Niels Thykier <niels@thykier.net>. * Add color support to dpkg-maintscript-helper (a shell script). * Fix warning by including <sys/sysmacros.h> for makedev() in libdpkg. * Fix directory traversal with dpkg-deb --raw-extract, by guaranteeing that the DEBIAN pathname does not exist. Closes: #879982 Reported by Jakub Wilk <jwilk@jwilk.net>. * Add new AS, STRIP, OBJCOPY, OBJDUMP, NM, AR and RANLIB buildtools variables to buildtools.mk. Prompted by Helmut Grohne <helmut@subdivi.de>. * Restore rejecting negated architectures in Architecture field in dpkg-gencontrol and dpkg-genchanges. Regression introduced in dpkg 1.18.5. * Fix dpkg-gensymbols to print "error" instead of "warning" when these are fatal. Closes: #881488 * Rename DPKG_GAIN_ROOT_CMD to DEB_GAIN_ROOT_CMD in the R³ support, as the variable is expected to be set by any builder, not just dpkg. And introduce ephemeral backwards compatibility even though there are no known users. * Do not set DEB_GAIN_ROOT_CMD in dpkg-buildpackage when the R³ value is <implementations-keywords>, following the specification. * Specify that DEB_GAIN_ROOT_CMD in R³ should preserve the environment. Proposed by Josh Triplett <josh@joshtriplett.org>. * Specify new DEB_RULES_REQUIRES_ROOT variable for R³ support. * Add new --rules-requires-root option to dpkg-buildpackage. * Declare R³ specification as "recommendation, stable" with version 1.0. * Export architecture variables by default from architecture.mk, as documented in dpkg-architecture(1). Closes: #888964 Thanks to Jack Bates <wdz7eo@nottheoilrig.com> * Increment the line number on dpkg --set-selections on unknown packages. Reported by Heinz Repp <heinz.repp@arcor.de>. Closes: #888983 * Switch a DEBIAN/conffile parsing assert() in dpkg due to empty lines into an ohshit(), because this is really a run-time error. * Fix assert() in dselect to expect the method lock file descriptor to be initialized, instead of non-zero. * Switch a fatal() call in start-stop-daemon into the new BUG() macro, because it is really an internal error. * Switch all assert() calls (except in update-alternatives) into internerr() or BUG() calls, to get way better reporting with variable contents and descriptions, and to make them always present independent of NDEBUG. * Add a new --no-rename option to dpkg-divert. This is the current default behavior, but it will make it possible to do a default switch in 1.20.x. * Warn when using dpkg-divert --add or --remove w/o --rename or --no-rename. * Warn when using dpkg-divert --rename on a file from an Essential package. * Use a single “struct filenamenode” definition for the entire code base. Closes: #746766 * Add support for frontend locking. This makes it possible for frontends using this new protocol, to safely lock the dpkg database w/o risk of race conditions with other dpkg instances or frontends supporting the same protocol. Thanks to Julian Andres Klode <jak@debian.org>. * Do not emit perl warnings in dpkg-source --help on source formats w/o options. * Make dpkg-buildpackage validate OpenPGP signing key IDs length. Error out for short key IDs and warn for long key IDs. * On the dpkg conffile prompt, print the set of environment variables setup for the conffile shell, for easier discoverability. * Fix dpkg-buildpackage option --rules-file parsing. It was trying to parse it as --rules-target, which due to the ordering was a no-op. * Only check for fallback build targets presence on binary builds in dpkg-buildpackage. * Only check required build dependencies for known targets specified with dpkg-buildpackage --rules-target option. Reported by Johannes Schauer <josch@debian.org>. * Track package status dirtiness in dpkg to only log and report in status-fd when it has changed, removing duplication in output. Closes: #365921 * Use Synopsis instead of Summary for the short Description, to unify the nomenclature and to make it more descriptive. Add a new binary:Synopsis virtual field to dpkg-query show format. * Add new dpkg-buildpackage --no-post-clean option, to be able to explicitly select the current default behavior. * Dump database package records in alphabetical order. This will give reproducible status and available database files, and make it possible to output other deb822 formatted data in a deterministic way. * Require both standard input and output to be connected to a terminal to use a pager. * Run dpkg-query --list output through a pager if we are on a terminal, instead of truncating it, to avoid data loss. Closes: #898603 * Fix use after free in dpkg maintainer script handling. Regression introduced in dpkg 1.19.0. * Flush output for dpkg-query --status, --print-avail and --listfiles at the end, instead of after each stanza. * Add support for dumping all dpkg-query --status and --print-avail records from the database when no arguments are specified. Closes: #616342 * Add new dpkg-gensymbols -l option to avoid having to abuse LD_LIBRARY_PATH for cross-build paths. * Check that DPKG_MAINTSCRIPT_PACKAGE is defined in dpkg-maintscript-helper. Closes: #907772 * Switch dpkg-gencontrol and dpkg-genchanges to track automatically generated artifacts by using the Auto-Built-Package field from the binary package instead of hardcoding package name patterns (such as «-dbgsym$»). * Add new --reverse option to dpkg-parsechangelog, to list the changelog entries in reverse order. * Architecture support: - Add support for riscv64 CPU. Closes: #822914 Thanks to Manuel A. Fernandez Montecelo <mafm@debian.org> - Document the purpose and columns in the tupletable file. * Portability: - Add libcompat md5 module to the libcompat-test library, so that we always make sure it builds, even when we use an external implementation. - Convert libcompat md5 module to use C99 int types, instead of mapping them from the BSD types at configure time. - Use MD5_CTX instead of struct MD5Context, as the prevalent more portable type on system's <md5.h> headers. - Check for ldconfig command in dpkg only on platforms that do have it. - Fix file descriptor leak in start-stop-daemon on AIX. - libcompat: Add new strchrnul() implementation. * Perl modules: - Dpkg::Source::Package::V1: Check that $tarname is defined before use. Thanks to Christoph Biedl <debian.axhn@manchmal.in-ulm.de>. Closes: #879124 - Dpkg::Vendor::Debian: Use proper %use_feature key. This was causing perl errors on paths not accepted for fixdebugpath. Reported by Mattia Rizzolo <mattia@debian.org>, on IRC. Closes: #881051 - Dpkg::Changelog: Print versions for incorrect changelog range warnings. Thanks to Paul Wise <pabs@debian.org>. - Dpkg::Shlibs::SymbolFile: Check that $state->{seen} exists instead of $state being just defined. Fixes regression in dpkg-gensymbols symbols output. Thanks to Dmitry Shachnev <mitya57@debian.org>. Closes: #880166 - Dpkg::Arch: Add new positive options argument to arch validators. - Dpkg::Vendor::Debian: Mark hurd-i386 as having gcc builtin PIE. Requested by Samuel Thibault <sthibault@debian.org>. - Dpkg::Source::Package::V2: Print one building line per existing tarball. - Dpkg::Source::Package: Print building lines for upstream tarball signatures. Closes: #888787 - Dpkg::Deps: Turn virtualpkg tracking from an arrayyref into a hashref. - Dpkg::Vendor::Debian: Mark riscv64 as having gcc builtin PIE. - Dpkg::Shlibs::Objdump: Fix ELF program detection, for PIE binaries and executable libraries. - Dpkg::Version: Fix bool overload behavior back to be an is_valid() alias. Emit a specific perl warning until 1.20.x so that users can check whether the semantic change has any impact on the code, which can then be quiesced. Closes: #895004 - Dpkg::Changelog::Parse: When detecting the changelog format, read the last 4KiB of the file instead of using «tail -n40», which should be both faster and more portable, as the default tail(1) is not POSIX compliant on all systems (c.f. Solaris). - Dpkg::Build::Types: Add new set_build_type_from_targets() function. - Dpkg::Shlibs::SymbolFile: Always assign a proper Dpkg::Version to the deprecated variable, otherwise the scalar value 0 can get confused on scalar context to denote it is *not* deprecated instead of being version 0. - Dpkg::Shlibs: Disable bool overload Dpkg::Version warnings. - Dpkg::Vendor::Debian: Inline _parse_feature_area() into _add_build_flags(), for a small speed up and line count reduction. - Dpkg::BuildFlags: Move default flags setting into the Dpkg::Vendor modules. - Dpkg::Gettext: Fix fallback textdomain() to honor its expected interface. - Dpkg::Deps: Split subpackages into their own separate modules. - Dpkg::Source: Do not change patch permissions if not necessary. Closes: #898010 - Dpkg::Substvars: Reword used/unused warnings to clarify their meaning. Closes: #904258 - Dpkg::Shlibs: Warn when using LD_LIBRARY_PATH with a private library directory which is a descendent of the current working directory. - Dpkg::Source::Package::V3::Quilt: Print series file used when applying patches. - Dpkg::OpenPGP: Return the destination path on successful ASCII armor conversion. - Dpkg::Control::Fields: Do not use & sigil for function calls. - Dpkg::Shlibs: Ignore nonexistent directories present in LD_LIBRARY_PATH. - Dpkg::Deps::KnownFacts: Satisfy :native with arch:all packages too. These are treated as native packages everywhere else in the multi-arch design, this was the only exception, which has become a source of packaging problems as of late. This was apparently an oversight in the original implementation. Closes: #854438 - Dpkg::Vendor::Debian: Add fixfilepath support to reproducible feature. - Dpkg::Dist::Files: Add support for file attributes. * Documentation: - Update gettext minimal version in README. - Add a missing dot on the dpkg-buildflags(1) «lfs» feature paragraph. Spotted by Helge Kreutzmann <debian@helgefjell.de>. - Document DPKG_COLORS environment variable for all programs using it. - Document DPKG_NLS environment variable for all programs using it. - Document the Testsuite and Testsuite-Triggers fields in deb-src-control(5). Prompted by Mattia Rizzolo <mattia@debian.org>. - Update git URLs for move away from alioth.debian.org. - Fix set_build_type_from_options() description in Dpkg::Build::Types. - Clarify PIE build flag feature semantics. Closes: #900088 - Clarify dpkg-buildpackage pre and post-clean options and their default state. - Add --build option equivalents for dpkg-buildpackage short build type options in --help output. - Fold dpkg-buildpackage --[no-]check-builddeps in --help into both -D and -d option descriptions. - Mark profiles as a replaceable item in dpkg-buildpackage --help output. - Update test suite requirements in README. - Document textdomain() and ngettext() replacement functions in Dpkg::Gettext POD. - Clarify arch-qualified dependency simplification in Dpkg::Deps POD. - Improve Dpkg::Deps modules and methods documentation. - Fix typo in deb-changes(5). Closes: #902616 - Clarify awaiting state for interest and activate directives. Closes: #904060 - Fix man page markup. Closes: #900033, #900035, #900040 Thanks to Bjarni Ingi Gislason <bjarniig@rhi.hi.is>. - Fix Doxygen comment for libdpkg dpkg_arch_find() function. - Document the dangers of using start-stop-daemon(8) only with --pidfile as matching option with the pid file owned by a non-privileged user. * Code internals: - Do not use stringy eval to define different sub implementations, just assign an anonymous sub to the typeglob. - Use memccpy() instead of strncpy() to quiesce a gcc-8 warning. - Change pkgbin_name_needs_arch() to never arch-qualify packages that have an empty or no architecture, which was already handled as part of varbuf_add_archqual(). - libdpkg: Factor out cached arch-qualified package name generation into new pkgbin_name_archqual() function. - libdpkg: Add new pkg_name() and pkgbin_name() const variants. - libdpkg, dselect: Use new pkg_name_const() and pkgbin_name_const(). - libdpkg: Rename struct pkginfo files member to archives. - dpkg: Call ensure_package_clientdata() defensively. - dpkg: For read-only state functions, check that clientdata is allocated before using it. - libdpkg: Move files list information from dpkg clientdata to pkginfo. - dpkg: Move ensure_package_clientdata() into its own file. - libdpkg: Move db-fsys code from src to lib/dpkg. - libdpkg: Rename pkg-db module to pkg-hash. - libdpkg: Simplify pkg_files_blank() by using a pointer to pointer to track the previous entry. - libdpkg: Factor out package files handling into its own module. - libdpkg: Switch to a new tiny struct to track file on-disk identity. This should reduce the run-time memory used. - libdpkg: Reset nfiles in files_db_reset(). - libdpkg: Split push_cleanup() into push_cleanup_fallback(). - Switch from strchr() + strlen() to strchrnul(). - libdpkg: Change dpkg_error to track errno values. - libdpkg: Add new varbuf_new() and varbuf_free() functions. - libdpkg: Add new file_slurp() function. - libdpkg: Switch db-fsys to use the new file_slurp() function. - libdpkg: Add new pkg_infodb_reset_dir(). - libdpkg: Add new m_dup() function. - libdpkg: Factor out package stanza printing into its own function. - libdpkg: Split pager specific code into its own module. - libdpkg: Add pager spawning and reaping support. - Use new pager spawning support instead of open-coding it, or piping it via a shell invocation, which required metacharacter escaping. - dpkg-query: Split enqperpackage() into each different action. * Build system: - Set distribution tarball format to ustar, instead of default v7 format. - Mark PO4A and POD2MAN as precious variables. - Automatically replace -Wno- with -W when testing compiler flags, instead of passing the positive form manually. - Enable clang -Wdocumentation warning if available. - Enable gcc-7 -Wregister warning if available. - Add CPAN distribution machinery for the perl modules. Closes: #821177 - Add an autogen script to help people bootstrap the project. - Distribute the man.stamp from VPATH. - Preserve timestamps when distributing man pages. - Add a GitLab CI configuration file. - Disable C optimization levels when configuring for code coverage. * Packaging: - Install update-alternatives policykit-1 file. - Add Breaks to libdpkg-perl against pkg-kde-tools (<< 0.15.28~), as that package is using private modules with no API guarantees, that obviously broke due to recent changes in 1.19.0. Closes: #878919 - Add Breaks on debhelper << 10.10.1~ to dpkg-dev, so that debhelper users wanting to use R³ support do not need a versioned dependency on dpkg-dev. - Add Breaks dgit << 3.13~ to libdpkg-perl, as older dgit versions assumed that Dpkg::Compression::Process was available, via implicit import from Dpkg::Source::Package. Reported by Ian Jackson <ijackson@chiark.greenend.org.uk>. - Bump Standards-Version to 4.1.1 (no changes needed). - Add bzip2 and xz-utils to Build-Depends, required by the functional test suite, but shadowed by dpkg-dev from the build system pulling those in. - Add versioned libncurses-dev as the first Build-Depends alternative. Thanks to Sven Joachim <svenjoac@gmx.de>. - Do not pass VERBOSE to test suite, as we are not using any automake test driver, so it does not get honored. - Rename maintainer-build DEB_BUILD_OPTIONS to new standardized terse. - Enable verbose test suite only in non-terse builds. - Add a Suggests on sensible-utils to libdpkg-perl. - Switch libdpkg-perl again to depend on perl:any, now that debootstrap in stable (stretch) supports arch-qualified dependencies. - Update libdpkg-perl public module list in package description. - Add Breaks on apt (<< 1.7~b) for --status-fd duplicate removals. * Test suite: - Skip Dpkg::OpenPGP test if gpg is not present. - Check POD in all perl scripts. - Consider *.PL also to be perl files. - Infer automatically the unit test data directory. - Infer automatically the unit test temp directory. - Add new po author test case (use i18nspector if available). - Add new test cases to clarify arch-qualified dependency simplification. - Add several TODO tests cases for dependency simplification. - Add new cppcheck author test. - Add support for new test_get_srcdir() test_get_builddir(). - Add new unit tests for namevalue, fsys-hash and pkg-hash libdpkg modules. - Improve coverage of perl unit tests. - Delete fixup lines from i18nspector output instead of emptying them. - Add new codespell author test. - Add new test that the public libdpkg headers can be compiled with C++. . [ Josh Triplett ] * Perl: Replace all calls to Cwd::cwd with Cwd::getcwd; the former calls /bin/pwd, while the latter uses the getcwd() syscall directly. . [ Updated programs translations ] * Dutch (Frans Spiesschaert). Closes: #881401 * German (Sven Joachim). * Italian (Milo Casagrande). Closes: #883085 * Polish (Łukasz Dulny). * Simplified Chinese (Zhou Mo, Boyuan Yang). Closes: #900547, #890806 * Spanish (Javier Fernández-Sanguino). * Traditional Chinese (Buo-ren Lin). Closes: #905887 * Turkish (Mert Dirik). Closes: #886252 . [ Updated scripts translations ] * German (Helge Kreutzmann). . [ Updated man pages translations ] * Dutch (Frans Spiesschaert). Closes: #881403 * German (Helge Kreutzmann). * Simplified Chinese (Zhou Mo). Checksums-Sha1: 4610ff59e4dadd44faf0f62e096c684aa1ae8a61 2031 dpkg_1.19.1.dsc 221ad60567f5b340eae94425404bedd7ceeb005f 4600848 dpkg_1.19.1.tar.xz f7855562856e0e0c412c5af6fee632918b578c05 7338 dpkg_1.19.1_amd64.buildinfo Checksums-Sha256: a86b584f4adc9a503599050ea4a67d01688fcb57fe132d44f99d70b0afabd8b1 2031 dpkg_1.19.1.dsc ae3978a6b7bddc3e3196804ae0d49ea008c84a8a7a60b7d212af1e1d469e7ccf 4600848 dpkg_1.19.1.tar.xz e3cf78ef66661bffe2b8964974709d031bb2256fdb63ac4ad6889a93944c739c 7338 dpkg_1.19.1_amd64.buildinfo Files: e90859d5de75cc9661d623c13c16fec9 2031 admin required dpkg_1.19.1.dsc acd735ae1cc4d789a210803cf7f459e2 4600848 admin required dpkg_1.19.1.tar.xz e4fe9774590aa6bf050e189d9aa315cd 7338 admin required dpkg_1.19.1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEETz509DYFDBD1aWV0uXK/PqSuV6MFAlur0aQACgkQuXK/PqSu V6MCHQ//RQT6MSbKZhGpjAwawxlMkLa5tFK78pW98TMl3x/9hVFCqMiiw+7I5Ihz pb9PlmeTlV1Wu0N6vOWrDrybugqeymsWnq45kG12qRRUZivAMPQxRsTMcntjA9Ih fPzRlQQXpKZM3FLoL+8hD2upexdF5c4zYpLI5LlYhrTfDbjYvopirKNen05DNY0F /odCqu09sPIQPhuqaw/X1oQX0Pkh0geTLEseyNUTJDf/ksYC7/tL4CzJ0zEyEcL1 Bgqeg78JClCrYVPgzO9L9isa5c8RbEd+zOAyY37VNSoFDn3mjjIY0y+Qn+AqiaQ0 lHK/JxfU911fJsev9iV5aRQfRZqqx2Ksh2vjHf2J9xSeOKebPR4DpBHhkWiysIc7 ZzvQWh9OjIFl5FdTerrqXtByQwzooem21CGKuMWoy4Gqc6gHWU56A6pqRm3F6ysX OFfAuXeSJEjho8YnHcoa3Vwz7Y4Ruv3NjBq/HIw5vQFHj0clT0moDqbkKeUfwAuO hoNEX68mrF6xDRXBDZW0LmZyNzWLnYsGi041BO7WkppK1OgdcYWC0vI7nlLB0gKA 8Wd6f9oe5r0/NNuhREL9EAcc96wwKF4ACCRLA+v751Ret/XuPLjjYdSICYtc1qhm O46qIHwtwbvu9cTUP4t2j5v6DJPycIh/G4Jf5IeSaMBY4h+Ow+E= =YREB -----END PGP SIGNATURE-----