-
perl (5.10.0-11.1ubuntu2.3) intrepid-security; urgency=low
* SECURITY UPDATE: denial of service via heap-based overflow
- debian/patches/37_fix_compress-raw-zlib-cve-2009-1391: Add an extra
byte for NUL termination.
- CVE-2009-1391
* Apply harmless missing part of 90_archive_tar_fix_symlink_unpack patch
(regression tests)
-- Marc Deslauriers <email address hidden> Fri, 26 Jun 2009 10:37:17 -0400
-
perl (5.10.0-11.1ubuntu2.2) intrepid-security; urgency=low
* SECURITY UPDATE: rmtree race could create setuid binaries (CVE-2008-5302).
- debian/patches/35_fix_file_path_rmtree_setuid: upstream patch
thanks to Niko Tyni.
- debian/patches/36_fix_file_temp_cleanup: handle rmtree on tempdirs,
thanks to Niko Tyni.
* SECURITY UPDATE: Archive::Tar would follow symlinks when unpacking
(CVE-2007-4829)
- debian/patches/99_archive_tar_fix_symlink_unpack: backported upstream
patches.
-- Kees Cook <email address hidden> Mon, 22 Dec 2008 14:25:10 -0800
-
perl (5.10.0-11.1ubuntu2) intrepid; urgency=low
* debian/control:
- add Breaks against doc-base (<< 0.8.16) to fix upgrade
issue from hardy->intrepid (LP: #243830)
-- Michael Vogt <email address hidden> Wed, 23 Jul 2008 22:06:34 +0200
-
perl (5.10.0-11.1ubuntu1) intrepid; urgency=low
* Resynchronise with Debian. Remaining changes:
- Drop perl-doc to Suggests.
perl (5.10.0-11.1) unstable; urgency=low
* Non-maintainer upload.
* Fix lost reference in PerlIO::via::via. (closes: #479698)
-- Colin Watson <email address hidden> Mon, 21 Jul 2008 10:41:54 +0100
-
perl (5.10.0-11ubuntu1) intrepid; urgency=low
* Drop perl-doc to Suggests; apt automatically installs Recommends now,
and perl-doc is too big for Ubuntu CD images.
-- Colin Watson <email address hidden> Wed, 02 Jul 2008 15:08:45 +0100
-
perl (5.10.0-11) unstable; urgency=high
* [SECURITY] File::Path::rmtree() no longer makes symlink targets
world-writable. Patch by Ben Hutchings. (Closes: #487319)
-- Ubuntu Archive Auto-Sync <email address hidden> Mon, 23 Jun 2008 13:55:52 +0100
-
perl (5.10.0-10) unstable; urgency=low
* Integrate NMU, thanks Bastian.
* Make h2ph allow the quote mark delimiter also for those #include directives
chased with "h2ph -a". (Closes: #479762)
* Adjust manual page sections in Module::Build::Base for the Debian Perl
policy. (Closes: #479460)
* Disable the "v-string in use/require is non-portable" warning again.
(Closes: #479863)
-- Ubuntu Archive Auto-Sync <email address hidden> Fri, 09 May 2008 09:36:07 +0100
-
perl (5.10.0-9.1) unstable; urgency=low
* Non-maintainer upload.
* Move Hash::Util into perl-base. (closes: #479202)
-- Ubuntu Archive Auto-Sync <email address hidden> Wed, 07 May 2008 11:14:25 +0100
-
perl (5.10.0-9) unstable; urgency=low
* Upload to unstable.
perl (5.10.0-8) experimental; urgency=low
* Apply upstream change 33388 to fix a segmentation fault with
'debugperl -Dm'. (Closes: #474613)
* Move Tie::Hash into perl-base, as it's now needed by POSIX.pm.
(Closes: #475909)
perl (5.10.0-7) experimental; urgency=low
* New comaintainer.
* Make perl replace libmodule-corelist-perl (<< 2.14-2) because of
/usr/bin/corelist. (Closes: #470385)
* Update the libmodule-corelist-perl conflict version to 2.13-1.
(Closes: #471515)
* Apply upstream change 33554 to make IO::Socket::INET able to
resolve "udp" without /etc/protocols.
* Make perl recommend netbase. Along with the new fallback defaults for the
most common protocols, this should be a good compromise for the
"IO::Socket::INET needs netbase" problem. (Closes: #185244)
perl (5.10.0-6) experimental; urgency=low
* More fiddling with libarchive-tar-perl conflict version on perl-modules
plus addition of replaces to perl due to ptar, ptardiff. Thanks to Niko
Tyni for picking this up (closes: #466874).
perl (5.10.0-5) experimental; urgency=low
* Really bump libarchive-tar-perl conflict version (closes: #466874).
* Fix typo in libmodule-corelist-perl conflict version (closes: #467112).
* Add conflicts/replaces/provides for libxsloader-perl (closes: #468121).
* Include debug info for all ELF files in /usr/lib/debug (closes: #468484).
* Apply upstream change 33287 (removes non-null contraint, closes: #467072).
* Regex engine in new version is no longer recursive--stops some
regexes from blowing the stack and segfaulting (closes: #466298).
perl (5.10.0-4) experimental; urgency=low
* New version fixes RT segfault in Text::Tabs (closes: #400733).
* New version fixes segfaulting oneliner (closes: #336920).
* Apply upstream change 33127: File::Find bydepth doc (closes: #460922).
* Convert upstream Changes file to UTF-8.
* Bump libarchive-tar-perl conflict version (closes: #466874).
* Fix spelling of libmodule-pluggable-perl in control file (closes: #467007).
perl (5.10.0-3) experimental; urgency=low
* New version retains pos after localizing target (closes: #49669).
* Add conflicts/replaces/provides for libperl-version (closes: #460915).
* Correct typo in CGI.pm documentaion (closes: #459841).
* Modify MakeMaker install target dependencies to facilitate parallel makes.
perl (5.10.0-2) experimental; urgency=low
* Fix libperl-dev depends (closes: #458135).
* Skip failing Sys::Syslog test when /dev/log unavailable (closes: #457760).
perl (5.10.0-1) experimental; urgency=low
* New upstream version.
* perlcc has been removed (closes: #162950, #88463).
* warn with non-ascii and I18N::Langinfo appears fixed (closes: #343831).
* Replace use of Source-Version with source:Version.
* Remove /etc/Net (incorrectly installed by perl 5.8, see #425850) on
upgrade and removal (closes: #453915, #450694).
* Add build-conflict for libterm-readline-gnu-perl to avoid a spurious
test failure of perl5db.pl
* Update perl conflict versions for:
libdigest-sha-perl (5.45) and
libtime-piece-perl (1.12).
* Update perl-modules conflict versions for:
libmodule-corelist-perl (2.12),
libio-zlib-perl (1.07),
libarchive-tar-perl (1.37.1),
libextutils-cbuilder-perl (0.21),
libmodule-build-perl (0.2808.1),
libmodule-load-perl (0.12),
liblocale-maketext-simple-perl (0.18),
libparams-check-perl (0.26),
libmodule-plugable-perl (3.6),
libmodule-load-conditional-perl (0.22) and
libcpan-plus-perl (0.83.09).
-- Ubuntu Archive Auto-Sync <email address hidden> Fri, 02 May 2008 02:22:18 +0100
-
perl (5.8.8-12) unstable; urgency=high
* SECURITY [CVE-2007-5116] (closes: #450456): Apply patch from
Will Drewry and Tavis Ormandy of the Google Security Team to fix a
UTF-8 related heap overflow in Perl's regular expression compiler,
probably allowing attackers to execute arbitrary code by compiling
specially crafted regular expressions.
* Support "nocheck" option in DEB_BUILD_OPTIONS (closes: #449549).
* Suppress Configure test for ualarm() so that setitimer() emulation
is used (closes: #448965).
perl (5.8.8-11.1) unstable; urgency=high
* Non-maintainer upload.
* Urgency high because of RC bug fix.
* Fix h2ph to generate a correct check to distinguish i386/amd64 systems.
(Closes: #443785)
perl (5.8.8-11) unstable; urgency=low
* Remove arm and alpha special cases (closes: #443353).
perl (5.8.8-10) unstable; urgency=low
* Add support for SH4 arch (closes: #424867).
* Add --strip-unneeded when stripping shared objects.
* Include stripped debugging symbols for perl and libperl.so in
/usr/lib/debug in perl-debug package (closes: #433631).
* Switch to libdb4.6 (closes: #427517).
* Re-instate libcgi-fast-perl, relocating module to vendor directory
(closes: #443236).
perl (5.8.8-9) unstable; urgency=low
* Fix perl-base replaces after move of PVA.pl etc.
* Remove ancient conflicts on perl-transition packages (perl-5.004, etc).
* Bump dependency of perl-modules on perl to version after move of
modules to perl-base (closes: #377385).
* Pod/Man.pm: preserve quote chars in verbatim paragraphs (closes: #393810).
* Fix typo in Locale::Maketext::TPJ13 docs (closes: #320060).
perl (5.8.8-8) unstable; urgency=low
* Include unicore/{PVA,Exact,Canonical}.pl in perl-base (closes: #437142).
* Install libnet.cfg in /etc/perl/Net (closes: #425850).
* Update makedepend.SH from perl-current to handle changed
preprocessor output from new gcc (closes: #381703).
* Fix CGI::upload when fileno == 0 (closes: #383378).
* Abort CPAN setup if stdin is not a tty (closes: #246511).
* Bump gcc build-depends to 4.2 and remove workaround added for register
declaration problems in g++ 4.1 (closes: #378399).
* Replace '_' with '.' in conflict version for libattribute-handlers-perl
(closes: #403249).
* Fix hang when using study + taint (closes: #415296).
* Remove libcgi-fast-perl as a separate package (closes: #422592).
* Pod/Man.pm: escape backslashes in index entries (closes: #440448).
* Pod/Html.pm: Fix handling of nested definition lists (closes: #423168).
-- Martin Pitt <email address hidden> Tue, 27 Nov 2007 10:15:15 +0000
