Martin Pitt
martin.pitt at ubuntu.com
Wed Nov 9 11:40:07 CST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Origin: Debian/unstable
Format: 1.7
Date: Wed, 09 Nov 2005 17:34:39 +0000
Source: cpio
Binary: cpio
Architecture: source
Version: 2.6-9
Distribution: dapper
Urgency: critical
Maintainer: Clint Adams <schizo at debian.org>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description:
cpio - GNU cpio -- a program to manage archives of files
Closes: 165217 170558 174470 222378 223970 238177 239130 253008 256199 275116 305372 306693 307035 319028 320085 321333 322608 322778 322999 323005 323141 325617 326090
Changes:
cpio (2.6-9) unstable; urgency=high
.
* configure.ac, src/extern.h, src/global.c: actually fix
the error with checksums on 64-bit platforms.
.
cpio (2.6-8) unstable; urgency=high
.
* src/copyout.c: fix regression of #100456 (checksum errors on
64-bit platforms), thanks to Jim Castleberry.
.
cpio (2.6-7) unstable; urgency=low
.
* src/mt.c: don't block on opening tape device.
closes: #239130.
.
cpio (2.6-6) unstable; urgency=critical
.
* Forward-port Martin Pitt's security patch from Ubuntu:
- SECURITY UPDATE: Modify permissions of arbitrary files, path traversal.
- copyin.c, copypass.c: Use fchmod() and fchown() before closing the output
file instead of chmod() and chown() after closing it. This avoids
exploiting this race condition with a hardlink attach to chmod/chown
arbitrary files. [CAN-2005-1111]. closes: #305372.
- copyin.c: Separate out path sanitizing to safer_name_suffix(): Apart from
leading slashes, filter out ".." components from output file names if
--no-absolute-filenames is given, to avoid path traversal. [CAN-2005-1229]
closes: #306693.
.
cpio (2.6-5) unstable; urgency=medium
.
* Fix 'ustar' format mtime overflow. closes: #238177.
* Fix symlink dereferencing problem.
closes: #322608, #323141, #326090.
.
cpio (2.6-4) unstable; urgency=low
.
* Restore previous mt behaviors.
* Add/improve density descriptions for DLT IV 4000, 7000, 8000;
uncompressed and compressed; thanks to Calum Mackay.
closes: #222378.
* Ship md5sums. closes: #325617.
.
cpio (2.6-3) unstable; urgency=high
.
* Fix inability to install if /usr/doc/cpio symlink did not exist.
closes: #322999, #323005.
.
cpio (2.6-2) unstable; urgency=medium
.
* Remove old /usr/doc/cpio symlink in postinst, since
the 2.5 packages did not remove it properly in prerm.
closes: #322778.
.
cpio (2.6-1) unstable; urgency=low
.
* New upstream version. closes: #275116, #319028.
- No longer has manpage typos reported by A Costa.
closes: #307035.
- No longer has manpage typo reported by Matthew Vernon.
closes: #170558.
- Checks for LFS. closes: #165217.
* New maintainer. closes: #321333.
* Bump Standards-Version to 3.6.2.
* Remove /usr/doc symlink code. closes: #320085.
* Remove a couple of nasty XSIisms in preinst, prerm, and rules.
closes: #253008, #256199.
* Fix "Wrong spelling (chechdir) in rules file". closes: #223970.
* Drop trailing period from short description. closes: #174470.
* Drop support for 'debug' in DEB_BUILD_OPTIONS, and add 'noopt'.
Files:
7d6b744d1e3b14cdb4601c5f7ac66f38 547 utils important cpio_2.6-9.dsc
76b4145f33df088a5bade3bf4373d17d 556018 utils important cpio_2.6.orig.tar.gz
a07dd45cfe840e40defb69740ceccbfd 404301 utils important cpio_2.6-9.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iQEVAwUBQ3IzLwF4adwMEr3XAQJo8Af+MT3P/+wLveRyM4Ls24etbRWn4x5r7NBo
74UzMjsvlWLzLPgCiNC5pegLRXTPgKQmaVuyegmgjQoSW/cjnrZkacfXPfHLkTGX
9ZBoKbdN3OrRDujHEY4FVxC1dzZirOon9HzI8Uf7uS0Gt8wVBPNvmZH45BKcZISl
iZCGbafx13OFQU1DfUx2r1EMdJpPM5YGAP9kCx0Cm/B0bQzD37AcjOA/gSO5MbeL
8teNikqOJL+6naoKxonTub1aD/yheY2APiNUiGFNE37zIV9ys9SUcN1dZB7OJaKr
FjalH+NtRiM2BhTNu/KwTOGjwdc8B/XQ9fM7DMY27vjXURrHP86kGg==
=g0c4
-----END PGP SIGNATURE-----
Accepted:
cpio_2.6-9.diff.gz
to pool/main/c/cpio/cpio_2.6-9.diff.gz
cpio_2.6-9.dsc
to pool/main/c/cpio/cpio_2.6-9.dsc
cpio_2.6.orig.tar.gz
to pool/main/c/cpio/cpio_2.6.orig.tar.gz
More information about the dapper-changes
mailing list