rinse 3.0.9 now adds the cpio dependency and fixes the wrong date in the changelog of 3.0.7. Here's the debdiff between the testing and unstable version.
diff -Nru rinse-3.0.7/bin/rinse rinse-3.0.9/bin/rinse --- rinse-3.0.7/bin/rinse 2014-07-25 13:22:30.000000000 +0200 +++ rinse-3.0.9/bin/rinse 2015-04-13 14:46:04.000000000 +0200 @@ -1147,13 +1147,13 @@ # Run the unpacking command. # my $cmd = - "rpm2cpio $file | (cd $CONFIG{'directory'} ; cpio --extract --make-directories --no-absolute-filenames --preserve-modification-time) 2>/dev/null >/dev/null"; + "rpm2cpio $file | (cd $CONFIG{'directory'} ; cpio --extract --extract-over-symlinks --make-directories --no-absolute-filenames --preserve-modification-time) 2>/dev/null >/dev/null"; if ( $file =~ /(fedora|centos|redhat|mandriva)-release-/ ) { my $rpmname = basename($file); $postcmd = "cp $file $CONFIG{'directory'}/tmp ; chroot $CONFIG{'directory'} rpm -ivh --force --nodeps /tmp/$rpmname ; rm $CONFIG{'directory'}/tmp/$rpmname"; } - system($cmd ); + system($cmd) == 0 or die "failed to extract $name: $?"; } print "\r"; diff -Nru rinse-3.0.7/debian/changelog rinse-3.0.9/debian/changelog --- rinse-3.0.7/debian/changelog 2015-02-25 12:02:18.000000000 +0100 +++ rinse-3.0.9/debian/changelog 2015-04-14 09:05:18.000000000 +0200 @@ -1,3 +1,19 @@ +rinse (3.0.9) unstable; urgency=high + + * add dependency on new cpio version + * fix date of 3.0.7 entry, Closes: #782518 + + -- Thomas Lange <la...@debian.org> Tue, 14 Apr 2015 09:03:48 +0200 + +rinse (3.0.8) unstable; urgency=high + + * add --extract-over-symlinks to cpio call, Closes: #768501 + this restores the old behaviour of cpio, which changed because of + CVE-2015-1197 (see #774669) + * add check if cpio call failed + + -- Thomas Lange <la...@debian.org> Mon, 13 Apr 2015 14:51:41 +0200 + rinse (3.0.7) unstable; urgency=high * control: change depends on perl-modules to perl, Closes: #779118, diff -Nru rinse-3.0.7/debian/control rinse-3.0.9/debian/control --- rinse-3.0.7/debian/control 2015-02-25 12:04:03.000000000 +0100 +++ rinse-3.0.9/debian/control 2015-04-14 08:55:37.000000000 +0200 @@ -10,7 +10,7 @@ Package: rinse Architecture: all -Depends: wget, libterm-size-perl, libwww-perl, perl, rpm +Depends: wget, libterm-size-perl, libwww-perl, perl, rpm, cpio (>= 2.11+dfsg-4.1) Description: RPM installation environment This is a tool for bootstrapping a basic RPM-based distribution of GNU/Linux. -- regards Thomas -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org