slocate (3.1-1.1ubuntu3) hardy; urgency=low * debian/cron.daily: Don't run if mlocate is installed. -- Colin Watson Thu, 14 Feb 2008 11:14:02 +0000 slocate (3.1-1.1ubuntu2) hardy; urgency=low Findutils split locate into its own package and that breaks the dpkg-divert code in slocate. The fix for this was taken from Andreas Metzler (thanks!) from Debian Bug: #451792: * Switch to update-alternatives: Closes: #57749 - Kill diversions in preinst, setup/delete alternatives in postinst/prerm - Do not rely on argv[0]==updatedb in cronjob, simply specify option -u instead. - Install updated.1 manpage as /usr/share/man/man1/updatedb.slocate.1.gz - Stop shipping links /usr/bin/locate -> slocate, /usr/bin/updatedb -> slocate and /usr/share/man/man1/locate.1.gz -> slocate.1.gz in debian package. - Conflicts with findutils (<= 4.2.31-2) -- Michael Vogt Tue, 18 Dec 2007 18:55:47 +0100 slocate (3.1-1.1ubuntu1) hardy; urgency=low * Merge from debian unstable, remaining changes: - use nice/ionice in cron.daily - maintainer field set to ubuntu -- Michael Vogt Mon, 03 Dec 2007 10:10:11 +0100 slocate (3.1-1.1) unstable; urgency=high * Non-maintainer upload by the testing security team * Include patch to prevent users obtaining names of private files (apply patch directly, since no patch system is used so far) (Closes: #411937) Fixes: CVE-2007-0227 Thanks to Kees Cook -- Steffen Joeris Mon, 13 Aug 2007 10:15:47 +0000 slocate (3.1-1ubuntu3) gutsy; urgency=low * debian/cron.daily: fix small typo in shell variable usage (LP: #148456). -- Kees Cook Wed, 03 Oct 2007 11:02:47 -0700 slocate (3.1-1ubuntu2) gutsy; urgency=low * debian/cron.daily: Use ionice. It looks for settings from /etc/updatedb.conf and uses "best effort" class by default. Quite the same for "nice", defaulting to "10". (LP: #134692) -- dAniel hAhler Wed, 26 Sep 2007 02:31:46 +0200 slocate (3.1-1ubuntu1) feisty; urgency=low * SECURITY UPDATE: directories lacking +r allowed contents to be browseable * src/utils.c: adjusted to perform access checks similar to 2.7 version. * References CVE-2007-0227 -- Kees Cook Wed, 21 Feb 2007 15:01:48 -0800 slocate (3.1-1) unstable; urgency=low * User defines database paths were not being parsed correctly. Thanks to Vincent Lefevre for finding it and providing a patch. Closes: #346341 * This was the only bug reported in the 2 months since the last public beta release. Moving it to v3.1 Stable. -- Kevin Lindsay Tue, 7 Mar 2006 20:31:08 -0800 slocate (3.0.beta.r3-1) unstable; urgency=low * The environment variable LOCATE_PATH was not being used properly. It will now be used the same as in v2.7. Closes: #345646 * slocate was returning non zero for -h, --help, -V and --version. It now returns zero. * PRUNEFS was being ignored in /etc/updatedb.conf * Added documentation describing how /etc/updatedb.conf is used and what is supported to the README and the slocate.1 and updatedb.1 man pages. * README.debian was removed in 3.0.beta.r1-1 to close bug 272131, but it was accidently readded in 3.0.beta.r2-1. I now have a use for it, so it is now here to stay. -- Kevin Lindsay Fri, 6 Jan 2006 09:36:28 -0800 slocate (3.0.beta.r2-1) unstable; urgency=low * When upgrading from 2.7-4, the existing database will be removed due to a change in the format. This was causing slocate to fail until the database was recreated. Closes: #344478 * Reformatted the 'copyright' file as expected. Closes: #345043 * Removed debian/ directory from original source. * Added fix to compensate for default unsigned chars on PPC. Closes: #345171 * Fixed segfault due to 0 length char array. oops. Closes: #346072 * Fixed a bug where dangling links were ignored. Closes: #345026 -- Kevin Lindsay Thu, 5 Jan 2006 15:04:47 -0800 slocate (3.0.beta.r1-1) unstable; urgency=low * New release. 3.0 beta r1. This is a complete redesign/rewrite. * Closes: #300760, #159235, #300778, #338652, #217608, #324951, #266530 * Closes: #271695, #272131 * Closes: #274538 . updatedb will not print an error message if no database exists. * Closes: #296033 . Renamed DEBUG to SL_DEBUG. * Closes: #229198 -- Kevin Lindsay Wed, 19 Dec 2005 21:54:52 -0800 slocate (2.7-4) unstable; urgency=high * Added a case to handle broken diversion. /usr/bin/locate and /usr/bin/updatedb must be symlinks to /usr/bin/slocate. In the case that they are not, the removal of the diversion fails. A check is done to detect the diversion and forcefully removes /usr/bin/locate and /usr/bin/updatedb before diverting the old findutils binaries back. (closes: #270762) -- Kevin Lindsay Tue, 14 Sep 2004 05:22:24 +0000 slocate (2.7-3) unstable; urgency=high * 'slocate' sgid privileges are now dropped when searching databases that are not apart of the 'slocate' group. This will prevent malicious user supplied databases from elevating user access to the 'slocate' group. See CAN-2003-0848, (closes: #226103) * Changed diversion /etc/cron.daily.find.notslocate to /etc/cron.daily/find.notslocate (closes: #234563) * I also made the database creation feature drop privileges so that the SGID binary can't chown the group of the database to 'slocate' unless the user has explicit access. * Added a patch which caused LOCATE_PATH to be ignored when '-d' was used, and vice versa. This also fixed an off by 1 overflow bug. -- Kevin Lindsay Tue, 7 Sep 2004 03:20:42 +0000 slocate (2.7-2) unstable; urgency=low * Closing ITA. (closes: #194037) * Removed diverted /etc/cron.daily/find.notslocate out of the cron.daily directory so that multiple copies of updatedb are not run. (closes: #210845) * The diversion handling has been changed since this bug so I will close it and if the problem persists, please reopen. (closes: #132284) * Updated description. (closes: #185907) * slocate group will now be added as a system group on new installs. (closes: #203885) * Fixed updatedb manpage. (closes: #152770) -- Kevin Lindsay Tue, 30 Dec 2003 21:54:56 +0000 slocate (2.7-1) unstable; urgency=high * Non-maintainer upload * New upstream version * Fixes buffer overflow causing segfault. (closes: #179338) -- Kevin Lindsay Mon, 17 Feb 2003 23:59:39 +0000 slocate (2.6-1.4) unstable; urgency=low * Non-maintainer upload * Handle long filenames. (Patch from David D. Kilzer, closes: #92454) * debian/rules (clean): Use distclean, and remove config.h too. -- Gergely Nagy Mon, 2 Sep 2002 00:56:07 +0200 slocate (2.6-1.3) unstable; urgency=low * A "make woody great" NMU. * Only conflict with dlocate versions older than 0.5-0.1 (closes: #138265). * Don't remove & readd slocate group on every upgrade -- create it with addgroup unless already present when configuring, use delgroup instead of groupdel on removal (closes: #101253). * Usage of addgroup should also alleviate any problems with NIS and/or nscd so remove the conflict with nscd (closes: #101094, #101485, #80176). * Don't zilch out the database on every upgrade, just on removals. * Make the postinst less noisy, and don't print the information about building the first database if the database already exists (closes: #101063). * In cron.daily, do nothing if /usr/bin/slocate doesn't exist (typically if the package is in the conffiles stage). Closes: #132287. * Kill suid(un)register cruft, and depend on a dpkg with dpkg-statoverride. * Remove commented out, obsolete stuff from some scripts. * Clean up config.status as well (lintian). * Emacs local variables excised from this changelog. -- Robert Bihlmeyer Sun, 17 Mar 2002 14:51:47 +0100 slocate (2.6-1.2) unstable; urgency=medium * Non-maintainer upload. * Correct memory allocation in load_file() (thanks, Gergely Nagy; closes: #128477). -- Colin Watson Sun, 3 Feb 2002 16:57:19 +0000 slocate (2.6-1.1) unstable; urgency=low * Non-maintainer upload. * Fix printf-is-a-macro issue (gcc 3.0). Patch courtesy of rbradetich@uswest.net. Closes: #105026 -- LaMont Jones Fri, 20 Jul 2001 22:33:42 -0600 slocate (2.6-1) unstable; urgency=low * no more suidregister(lintian, go figure) * now conflicts with nscd - There's been too many bugs opened due to the groupadd issues with this pkg Closes: #95636 * now conflicts with dlocate too. It seems that is there's a diversion, each package must know about each other. That sucks. I'm going to implement alternatives when I get time but until then here's my solution. Closes: #57126, #61789, #87654 * now requires adduser (really the command addgroup), thanks joy@cibalia.gkvk.hr Closes: #78465 * I'm such an idiot. This is just correcting syntax below. Closes: #78190, #76543, #71373, #71371, #71365, #66566, #66206, #56351 -- R Garth Wood Thu, 14 Jun 2001 00:23:50 -0400 slocate (2.4-1) stable unstable; urgency=high * according to author the "S(ecure)Locate heap corruption" issue is resolved Closes #78190 * according to author slocate is now impervious to mtab being a link Closes #76543 * according to author there is now more than very little error checking (will this satisfy Wichert? Hell ya. ) Closes #71373 * according to author will not segfault on deep dirs Closes #71371 * copyright now gives props to the FSF Closes #71365 * /var/lib/slocate/* now removed in prerm Closes #66566 * now suidunregisters itself Closes #66206 * upgrade should be fine. I think this is a bug in the bts Closes #56351 -- R Garth Wood Wed, 29 Nov 2000 22:54:56 -0800 slocate (2.2-0.0) frozen unstable; urgency=low * NMU to fix a security issue. Slocate has an potentially exploitable buffer overrun in LOCATE_PATH. If exploited, the attacker could access info about files they normally cannot see the presense of. Updated to version 2.2 to fix the problem (no other changes in this new version). Closes: #66718 * -- Joey Hess Wed, 29 Nov 2000 22:54:14 -0800 slocate (2.1-5.1) frozen unstable; urgency=low * (closes Bug#59366) strange -c is defined in main.c and in --help ?? -- R Garth Wood Sat, 4 Mar 2000 13:05:17 -0800 slocate (2.1-5) frozen unstable; urgency=low * another attempt at (closes Bug#56981) -- R Garth Wood Thu, 2 Mar 2000 22:01:40 -0800 slocate (2.1-4) frozen unstable; urgency=low * added -O3 (instead of -O2) and removed -g3 (not needed for release) * (closes Bug#56349) Actually done in -3 but I forgot to include it (same as 56357,56424) * (closes Bug#58537) ??? This installs cleanly on my system. I cannot reproduce this bug. This is probably a woody and not a potato * (closes Bug#56417, #57011) if for some strange reason /var/lib/slocate does not exist(it should) then it creates it * now suggests anacron * (closes Bug#57046, #57530, #58023, #56981) tries to check for linked diversions and rm's them before hand -- R Garth Wood Tue, 8 Feb 2000 00:50:39 -0800 slocate (2.1-3) frozen unstable; urgency=low * (closes Bug#56417) /var/lib/slocate/ : No such file or directory * (closes Bug#56388, #56505#, #53904, #56357, #56424) actually the same bug * (closes Bug#5184) I now make "helpful" diversions -- R Garth Wood Wed, 26 Jan 2000 21:19:23 -0800 slocate (2.1-2) frozen unstable; urgency=low * (closes: Bug#53905) added suggestion to install anacron * fixed some lintian 'E's -- R Garth Wood Wed, 26 Jan 2000 01:53:18 -0600 slocate (2.1-1) frozen; urgency=low * new upstream fixes some segfaults * (closes: Bug#52696) actually an old one * (closes: Bug#53904) actually an old one -- R Garth Wood Sun, 23 Jan 2000 22:32:19 -0800 slocate (2.0-3) unstable; urgency=low * Bug#49763, version fixed in manpage * Bug#45635, LICENSE file is not included anymore; copyright points to GPL * Bug#43346, Bug#42560? squashed. Now adds a system group with groupadd -- R Garth Wood Thu, 7 Oct 1999 09:12:01 -0700 slocate (2.0-2) unstable; urgency=low * updatedb now actually parses /etc/updatedb.conf by default -- R Garth Wood Tue, 6 Jul 1999 17:40:31 -0700 slocate (2.0-1) unstable; urgency=low * new upstream * fixed #40262: slocate postinst fails with sh==/bin/ash * fixed Bug#39800: slocate: should make use of suidregister -- R Garth Wood Sun, 4 Jul 1999 23:21:40 -0700 slocate (1.6-5) unstable; urgency=low * fixed Bug#39788 and Bug#39798 (the same bug) slocate not creat()ing it's database. * fixed future bug: slocate always returns 1 -- R Garth Wood Sun, 20 Jun 1999 16:13:28 -0700 slocate (1.6-4) unstable; urgency=low * changed maintainer so that I could pgp sign the pkg -- R Garth Wood Wed, 9 Jun 1999 18:40:26 -0700 slocate (1.6-3) unstable; urgency=low * added /var/lib/slocate to dirs -- R Garth Wood Wed, 9 Jun 1999 18:26:24 -0700 slocate (1.6-2) unstable; urgency=low * misc fix -- R Garth Wood Mon, 31 May 1999 11:19:47 -0700 slocate (1.6-1) unstable; urgency=low * new upstream -- R Garth Wood Mon, 31 May 1999 10:56:06 -0700 slocate (1.5-3) unstable; urgency=low * added diversion for updatedb.1.gz -- R Garth Wood Mon, 17 May 1999 11:10:24 -0700 slocate (1.5-2) unstable; urgency=low * added diversion for find cronjob -- R Garth Wood Wed, 12 May 1999 03:20:37 -0700 slocate (1.5-1) unstable; urgency=low * new upstream -- R Garth Wood Wed, 5 May 1999 13:18:07 -0700 slocate (1.4-1) unstable; urgency=low * Initial Release. -- R Garth Wood Tue, 4 May 1999 17:00:14 -0700