Your message dated Thu, 05 Mar 2026 06:18:41 +0000
with message-id <[email protected]>
and subject line Bug#1126665: fixed in dpkg 1.23.6
has caused the Debian Bug report #1126665,
regarding dpkg-source: Incomplete feedback when creating a new source package
and there are extra files
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1126665: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126665
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: dpkg-dev
Version: 1.23.5
Severity: wishlist
Hello Guillem et al.
This bug is a sister of #1126558.
When dpkg-source reports the extra files that it found, sometimes
it does not report everything which is wrong.
This often lead maintainers (this happened to me, so including myself!)
to implement an incomplete fix. Then the bug has to be reported again
or reopened, which seems like a suboptimal way to handle all this.
I'm going to use the same package as before as an example:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1045695
The initial report suggests that the po/*.gmo files need to be removed,
but after doing so, file "po/stamp-po" still needs to be removed
(but it was not reported the first time).
This can be reproduced easily in trixie, by building the source
after the binary build, then adding po/*.gmo to debian/clean
as a quick fix, then trying to build the source again.
Note: I have no idea of easy/difficult this would be to implement.
If it's not easy I would maybe suggest adding a warning/caveat
at the end like "There may be more errors, you should try again
after fixing the errors above" (of course not with such wording
but you get the idea).
Thanks.
--- End Message ---
--- Begin Message ---
Source: dpkg
Source-Version: 1.23.6
Done: Guillem Jover <[email protected]>
We believe that the bug you reported is fixed in the latest version of
dpkg, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guillem Jover <[email protected]> (supplier of updated dpkg package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 05 Mar 2026 06:54:58 +0100
Source: dpkg
Architecture: source
Version: 1.23.6
Distribution: unstable
Urgency: medium
Maintainer: Dpkg Developers <[email protected]>
Changed-By: Guillem Jover <[email protected]>
Closes: 1126507 1126508 1126558 1126665 1127383 1127882 1127884 1128325 1128406
1128529 1129722
Changes:
dpkg (1.23.6) unstable; urgency=medium
.
[ Guillem Jover ]
* dpkg-query: Fix segfault with empty -S argument. LP: #2092676
* dpkg-deb: Be more robust against truncated ar archives.
Reported by Yashashree Gund <[email protected]>.
* dpkg-deb: Reject ar archives with 0 sized tar members.
Reported by Yashashree Gund <[email protected]>.
* libdpkg, scripts: Detect corrupt ar archive with non-even byte sizes.
* dpkg-source: Fix running from within the source tree.
Reported by Umut <[email protected]> (on IRC).
* dpkg-source: Support running --commit from within the source tree w/o
«.». Closes: #1127383
* dpkg-source: Fix format in maintainer error message.
Thanks to Marko Zajc <[email protected]>.
* dpkg-scanpackages: Add new --no-implicit-arch option. Closes: #1128325
* Perl modules:
- Dpkg::Shlibs::Objdump::Object: Clarify code comment.
- Dpkg::Source::Package::V2: Do not print source root on modified files
list. Closes: #1126558
- Dpkg::Source::Patch: Speed up patched filename retrieval in patches.
- Dpkg::Source::Patch: Add comment about the use of tr{}{} as char counter.
- Dpkg::OpenPGP::Backend::GnuPG: Add missing Dpkg::Gettext import.
Closes: #1128406
- Dpkg::OpenPGP::Backend::GnuPG: Refactor _file_read_header().
- Dpkg::OpenPGP::Backend::GnuPG: Detect and warn on LibrePGP artifacts.
- Dpkg::Email::Address: Warn on email domains with a single label.
Closes: #1126508
- Dpkg::Source::Patch: Fix code comment.
- Dpkg::Source::Patch: Add new has_errors() method.
- Dpkg::Source::Package::V2: Delay unrepresentable error after local
changes list. Closes: #1126665
- Dpkg::Vendor: Fix taint mode in get_vendor_object().
- Dpkg::Compression: Remove deprecated function compression_get_property().
- Dpkg::Archive::Ar: Switch header variables into a hash.
- Dpkg::Archive::Ar: Check that no header field is empty.
* Code internals:
- libdpkg: Use varbuf_str() instead of directly accessing buf.
- scripts: Parse and validate all Changed-By and Maintainer field inputs.
Closes: #1126507
- libdpkg: Terminate zstd decompression when we have no more data.
Reported by Yashashree Gund <[email protected]>. Closes: #1129722
Fixes CVE-2026-2219.
- dpkg-deb: Refactor ar member size into an intermediate variable.
* Build system:
- Add URL, Maintainer and License fields to .pc file.
* Test suite:
- Add basic Perl taint mode checks.
* Localization:
- Update Dutch translations.
Thanks to Frans Spiesschaert <[email protected]>.
Closes: #1127882, #1127884
- Update Swedish translations.
Thanks to Peter Krefting <[email protected]>. Closes: #1128529
Checksums-Sha1:
467eac6e8da889222d7f3ae3d132e1c3a05d50de 3474 dpkg_1.23.6.dsc
4cacba17d73eab5dbfb446559861664a5a0a72a4 5839252 dpkg_1.23.6.tar.xz
3e671d9bc59c605a93d9638aa76651697c84c41f 8015 dpkg_1.23.6_amd64.buildinfo
Checksums-Sha256:
14e1fa4f14b938930ad6345d50ffc31d59c1c38a7b0e0d3c088822b949293ea8 3474
dpkg_1.23.6.dsc
798ea0aca00c915560d8d37ba47c188783ba104b4f779cd0dbf0ee9fb7e7af32 5839252
dpkg_1.23.6.tar.xz
0ea7516fb00554b9488d32e6949f6220250ffa6f69efda3c1e4f864a7ab300a6 8015
dpkg_1.23.6_amd64.buildinfo
Files:
0966e39af76b263669adb4d327acf4a8 3474 admin required dpkg_1.23.6.dsc
64c6ecdc9c5f072aa3be22069479cb68 5839252 admin required dpkg_1.23.6.tar.xz
2bb9de0ae52195b1b31a46843400650a 8015 admin required
dpkg_1.23.6_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
wsG7BAEBCgBvBYJpqR5RCRC5cr8+pK5Xo0cUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmf9FFR3cslXqjGoGDmbp0SrgWNGcKjeUI1z0reSn9EN
FxYhBE8+dPQ2BQwQ9WlldLlyvz6krlejAAAIWA//Tey25E/JBTXoXhJgIeRFztyE
hWdpiYpcslmEMLoFaQlASumwYvXJgV+bYk6l0SqnlwTizvSQyohYM35xr1dZBlEf
c26MU0YmAcPrDX203ZAEE6NzE8X/jIMSy8fzHytwquqWqNKhJdp+E16mN3AwyGx8
rLsX52FvSqk2LZCBYlyMu3NJ6IzS8BJvvwssKBfRR2qhGJ8NxxAmlrE56PzGIy9U
GbQKJH3FsjZ74SITR6b1qp9PjFCop76wzdkhY6UPO48X0x9LDoSODPwNrMX7S4i0
boIrC2KT4l6CZTkOcc3J0BJu7/cjlfEJRB2reXL96pJwFvYdKmwZnzBqEbs0ot4U
FGXhSax7aQVkvgFvbZ56d2T1TJlGcKDLb1smFSAEJ2zooXPM+A+WTVOWittUdfY6
mzfOYgXq/96oxNbKAPo+QP/q+2qN3uYbWiu0C+f+DjV41xmJXnK7PepW00vxAAHF
zcFeg615nj+ptM4vkObz6inrFlwdK0fCEuybX+Y5IVHgIDmYsiqCFa+8Qd6S3wWs
JF1TyEvuXvGqD6qXWKW1GQ81ohvCBgTGUaI2Q+d7oOMXHZP0dx1Ia3liszyKa1RJ
+zMlkEm60o+gnbHyjbZMAFGcclJCOKt8eqJbVOgMdSLbDox7Hzxx7HVBAfYeX5C+
ufx3Z5E9fC0cYeXk9rU=
=s66m
-----END PGP SIGNATURE-----
pgpBN3EhKQFMo.pgp
Description: PGP signature
--- End Message ---
