-
perl (5.12.4-4ubuntu0.2) oneiric-security; urgency=low
* SECURITY UPDATE: algorithmic complexity attack on hash keys
- debian/patches/CVE-2013-1667.patch: fix hsplit() in hv.c, fix tests
in ext/Hash-Util-FieldHash/t/10_hash.t, t/op/hash.t.
- CVE-2013-1667
-- Marc Deslauriers <email address hidden> Mon, 18 Mar 2013 10:49:35 -0400
-
perl (5.12.4-4ubuntu0.1) oneiric-security; urgency=low
* SECURITY UPDATE: Injection problem in Digest::new
- CVE-2011-3597
* SECURITY UPDATE: Heap overflow in "x" operator (LP: #1069034)
- CVE-2012-5195
* SECURITY UPDATE: CGI.pm improper cookie and p3p CRLF escaping
- CVE-2012-5526
-- Seth Arnold <email address hidden> Mon, 26 Nov 2012 11:27:49 -0800
-
perl (5.12.4-4) unstable; urgency=medium
* Fix decode_xs n-byte heap-overflow security bug in Unicode.xs
(Closes: #637376)
-- Dominic Hargreaves <email address hidden> Wed, 10 Aug 2011 19:25:23 +0100
-
perl (5.12.4-2) unstable; urgency=low
[ Niko Tyni ]
* debian/config.over: Force the multiarch directory /usr/lib/<triplet>
into $Config{libpth} even if doesn't exist yet. This should guarantee
that ExtUtils::Embed works on multiarch enabled system even when
the package isn't built on one. Thanks to Jonathan Nieder.
(Closes: #630399)
+ needs a build dependency on dpkg-dev (>= 1.16.0) for
"dpkg-architecture -qDEB_HOST_MULTIARCH".
* Fix tainting with index() of a constant. (Closes: #291450)
* Break older versions of doc-base to avoid a Storable binary
incompatibility issue in partial upgrades. (Closes: #633076)
* No longer prune -lnsl and -lutil in debian/config.over, this was
obsoleted by a related change in 5.6.1-7 (!)
* Match bzip2 archives in debian/watch.
-- Matthias Klose <email address hidden> Mon, 08 Aug 2011 10:16:23 +0000
-
perl (5.12.4-1ubuntu2) oneiric; urgency=low
* add breaks for doc-base to ensure that we don't run into
the "Byte order is not compatible at ../../lib/Storable.pm"
problem that happens with new perl but old doc-base
(LP: #781076)
-- Michael Vogt <email address hidden> Thu, 07 Jul 2011 09:52:44 +0200
-
perl (5.12.4-1ubuntu1) oneiric; urgency=low
* Merge with Debian; remaining changes:
- debian/config.over: Set i_libutil='undef', just in case libbsd-dev is
installed at build time.
perl (5.12.4-1) unstable; urgency=low
[ Niko Tyni ]
* New upstream release.
* Move debian/check-control to debian/t/ to anticipate new package
maintainer tests in the future.
* Switch to git-dpm for managing debian/patches
+ generate the patchlevel information from debian/patches at build time.
* Multiarch related fixes:
+ h2ph now correctly gets the header directories from gcc (Closes: #625808)
+ ODBM_File hints find libgdbm_compat again (Closes: #625634)
* Support the 'build-arch' and 'build-indep' debian/rules targets
as synonyms for 'build'.
* Remove a stale perlcc reference from the libperl-dev long description.
* Remove the Debian/Ubuntu specific multiarch path fix introduced in
5.12.3-3 and obsoleted by the upstream fix in 5.12.4.
[ Dominic Hargreaves ]
* Note removal of perl-suid in README.Debian and suggest alternatives
(Closes: #628042)
* Lengthen time-out in t/re/re.t; fixes FTBFS on sh4 (Closes: #626125)
* Add note about git format-patch signatures to git-dpm section of
README.source
* Revert obsolete patches:
- debian/arm_optim.diff
- debian/devel-ppport-ia64-optim.diff
- fixes/processPL.diff (Closes: #626094)
* Split up patch debian/extutils_hacks.diff into several logically
distinct patches (relates to: #624508)
* Update Vcs-* references to point to combined git-dpm based
repository at new anonscm URLs
* Don't use LD_RUN_PATH for multiarch directories (Closes: #631096)
(thanks, Ahmed El-Mahmoudy)
* Add Depends on libc6-dev | libc-dev to libperl-dev (Closes: #631308)
* Add a './perl.static -Ilib -V' invocation to the end of the build,
for the build log record (refers to: #630399)
perl (5.12.3-7) unstable; urgency=low
* Fix failing tilde test when run under a UID without a passwd entry
(Closes: #624850)
* Adjust debian/check-control to work with strict version checks
and release candidates
* Add Breaks: mrtg (<< 2.16.3-3.1) (see #625695)
* Add Breaks, Replaces, Provides for new dual-lived modules
libshell-perl, libdevel-dprof-perl
* Add Replaces, Provides for new deprecation module
libperl4-corelibs-perl
-- Matthias Klose <email address hidden> Mon, 04 Jul 2011 13:32:55 +0200
-
perl (5.12.3-6ubuntu4) oneiric; urgency=low
* Revert the last change.
* Properly search GCC include directories.
-- Matthias Klose <email address hidden> Thu, 05 May 2011 10:57:54 +0200
-
perl (5.12.3-6ubuntu3) oneiric; urgency=low
* Build-depend on gcc-multilib (needs the /usr/include/asm symlink).
* libperl-dev: Depend on gcc-multilib, where available.
-- Matthias Klose <email address hidden> Wed, 04 May 2011 19:04:34 +0200
-
perl (5.12.3-6ubuntu2) oneiric; urgency=low
* Link ODBM_File with -lgdbm_compat.
-- Matthias Klose <email address hidden> Wed, 04 May 2011 14:58:47 +0200
-
perl (5.12.3-6ubuntu1) oneiric; urgency=low
* Merge with Debian; remaining changes:
- debian/config.over: Set i_libutil='undef', just in case libbsd-dev is
installed at build time.
perl (5.12.3-6) unstable; urgency=low
* Upload to unstable.
perl (5.12.3-5) experimental; urgency=low
* Add new debian/check-control script written by Niko, backported
from 5.14 tree. This is used by maintainer targets in debian/rules
to check Provides/Replaces/Breaks against bundled modules.
* Apply upstream fix for Module::Corelist version number
* Correct various Breaks version numbers and add Breaks, Replaces,
Provides for new or missing dual-lived modules:
- libmath-complex-perl
- libextutils-command-perl
- libdigest-perl
- libextutils-install-perl
perl (5.12.3-4) experimental; urgency=low
* Revert gcc-4.3 on sparc workaround for #577016 which turned out to
be a kernel bug, now fixed (#581571). gcc-4.3 is no longer available
in sid.
* Build-depend on unversioned libdb-dev (see #621383)
* Merge 5.10.1-20 from unstable:
+ [SECURITY] CVE-2011-1487: taint laundering in lc, uc, et al.
(Closes: #622817)
+ Make the package fail to build instead of silently dropping the
DB_File module if -ldb doesn't work. (See #622916)
perl (5.12.3-3) experimental; urgency=low
[ Dominic Hargreaves ]
* Remove Eugene from Uploaders as requested
[ Niko Tyni ]
* Move to libdb5.1. (Closes: #621383)
* Merged from 5.10.1-19:
+ debian/config.debian: pass multiarch paths to the build (if
available) so that we're able to find libraries needed to build.
thanks to Steve Langasek. (Closes: #620189)
* debian/config.debian: never use <libutil.h>, even if libbsd-dev is
installed. Inspired by a similar Ubuntu change.
* Add Conflicts, Replaces, Provides for libunicode-collate-perl which is
now also packaged separately. (Closes: #599486)
[ Dominic Hargreaves ]
* Update Standards-Version to 3.9.2 (no changes)
perl (5.12.3-2) experimental; urgency=low
* Fix inconsistent mix of literal tabs and spaces in debian/perl.postinst
* Activate the 'perl-major-upgrade' trigger on major version upgrades
to notify other packages that might need to be restarted, or take some
other action (Closes: #230308)
* Merge 5.10.1-17 and 18 from unstable:
+ Include information about preparing the repository for use with
topgit in debian/README.source
+ Add Conflicts, Replaces, Provides for libfile-path-perl which is
packaged separately (Closes: #617985)
+ Include the full text of the license statements for BSD-style
licenses in debian/copyright, rather than the deprecated practice of
referring to an external copy
* Don't include full path for md5sum in perl-modules maintainer scripts
(thanks, Lintian)
* debian/rules: clean: remove .bak files created in cpan/DB_File/t
* Update Standards-Version to 3.9.1 (no changes)
perl (5.12.3-1) experimental; urgency=low
[ Dominic Hargreaves ]
* Add Conflicts, Replaces, Provides for libencode-perl which is
being packaged separately. (Closes: #608385)
[ Niko Tyni ]
* New upstream release.
+ [SECURITY] CVE-2010-2761 CVE-2010-4410 CVE-2010-4411:
fixes CGI.pm MIME boundary and multiline header vulnerabilities.
(Closes: #606995)
+ Update the conflict versions for libmodule-corelist-perl,
libmodule-build-perl, and libcgi-pm-perl.
* Don't traverse the current directory with "enc2xs -C". (Closes: #603686)
* Use versioned breaks instead of versioned conflicts, as suggested by
lintian. The sole exception is safe-rm, whose older versions we never
want unpacked at the same time because they break maintainer scripts.
perl (5.12.2-2) experimental; urgency=low
* Merge 5.10.1-15 and -16 from unstable:
+ Include the Text::Tabs license in debian/copyright. Thanks to "v.nix.is".
(Closes: #596844)
+ Downgrade the 'make' recommendation to a suggestion to avoid pulling
it in by default after all. (Closes: #596734) (Reopens: #293908)
+ Squelch useless locale warnings during package maintainer scripts.
(Closes: #508764)
+ Improve LC_NUMERIC documentation. (Closes: #379329)
+ Fix sprintf not to ignore LC_NUMERIC with constants. (Closes: #601549)
+ Fix stack pointer corruption in pp_concat() with "use encoding".
(Closes: #596105)
* Unapply the debian/use_gdbm patch, obsolete since 5.8.4.
* Fix h2ph header generation with GCC 4.5. Upstream patch by Robin Barker.
(Closes: #599933)
perl (5.12.2-1) experimental; urgency=low
* New upstream release.
perl (5.12.2~rc1-1) experimental; urgency=low
* New upstream release candidate.
+ includes the arm alignment fix (Closes: #289884)
+ upgrade the conflict versions of updated modules.
+ put the libfile-spec-perl conflict version in line with the separate
package, which uses four digits. (Closes: #595121)
* Merge 5.10.1-13 and -14 from unstable, most notably:
+ the GNU/Hurd @INC fix (Closes: #587901)
+ the gcc 4.5 build fix (Closes: #588799)
+ the binNMU regexp fix (Closes: #585678)
+ remove the Provides entries for the deprecated core modules
and update their conflict versions.
* Remove the libshell-perl recommendation, its deprecation has been
postponed for 5.14. (See #580034)
perl (5.12.1-1) experimental; urgency=low
* New upstream release.
+ upgrade the conflict versions of updated modules.
* Transition away from the deprecated core modules
(Shell, Switch, Pod::Plainer, Class::ISA). (Closes: #580034)
+ Recommend the now separately packaged versions
+ Modify the deprecation warnings to point to the Debian packages
instead of CPAN.
* Break libmarc-charset-perl (<< 1.2) because the earlier versions
were sensitive to Perl ABI changes like use64bitint. (Closes: #579521)
perl (5.12.0-2) experimental; urgency=low
* Revert -Dusemorebits but leave -Duse64bitint to aim for consistency
across all the Debian architectures. See the discussion at
http://lists.debian.org/debian-devel/2010/05/msg00078.html
+ fixes powerpc test failures due to non-IEEE compliant long doubles.
(Closes: #578295)
+ use gcc-4.3 on sparc to work around a numeric conversion bug in 4.4.
(Closes: #577016)
* Downgrade the optimization of sv.c on arm due to a gcc-4.4 bug.
(Closes: #580334)
* Fix the new libterm-readline-gnu-perl related failure in perl5db.t and
version the build conflict back to (<< 1.17).
perl (5.12.0-1) experimental; urgency=low
* New upstream release.
+ POD markup in the NAME section is now suppressed by podlators,
fixing garbled whatis information for perlpacktut. (Closes: #304143)
+ "runaway format" errors have been removed. (Closes: #77707)
+ Pod::Perldoc no longer generates broken markup for the last perlfunc
and perlvar entries. (Closes: #558147)
+ Data::Dumper no longer crashes on an invalid push call.
(Closes: #513935)
* Move CPANPLUS::Config::System to the right source directory.
* Fix CPANPLUS test failures when $HOME does not exist. (Closes: #577011)
* Build-Conflict with libfile-sharedir-perl to avoid Module-Build test
failures due to ABI incompatibilities. (Closes: #577018)
* Point Vcs-* fields to the experimental git repository.
* Set -Dusemorebits on all architectures to support long doubles.
+ apparently fixes use64bitint test failures on sparc. (Closes: #577016)
perl (5.12.0~rc3-1) experimental; urgency=low
* New upstream release candidate.
* Update conflicts/replaces/provides entries for the
numerous separately packaged modules.
* Unversion the libterm-readline-gnu-perl build conflict again due to a
new failure mode in lib/perl5db.t.
* Verify at build time that perl-base stays self contained.
+ re.so (and attributes.so) now need to go in perl-base
* Use 64 bit integers (-Duse64bitint) on all platforms. (Closes:
#310995)
perl (5.10.1-20) unstable; urgency=medium
[ Niko Tyni ]
* [SECURITY] CVE-2011-1487: taint laundering in lc, uc, et al.
(Closes: #622817)
* Make the package fail to build instead of silently dropping the
DB_File module if -ldb doesn't work. (See #622916)
[ Dominic Hargreaves ]
* debian/config.debian: never use <libutil.h>, even if libbsd-dev is
installed. Inspired by a similar Ubuntu change and merged from
perl 5.12.3-3.
perl (5.10.1-19) unstable; urgency=low
* Remove Eugene from Uploaders as requested
* debian/config.debian: pass multiarch paths to the build (if
available) so that we're able to find libraries needed to build.
Thanks to Steve Langasek. (Closes: #620189)
perl (5.10.1-18) unstable; urgency=low
* Add Conflicts, Replaces, Provides for libencode-perl which is
being packaged separately. (Closes: #608385)
* Include information about preparing the repository for use with
topgit in debian/README.source
* Fix h2ph header generation with GCC 4.5. Upstream patch by Robin Barker.
(Closes: #599933)
* Override Lintian error wrong-path-for-interpreter for
./usr/share/perl/5.10.1/Class/ISA.pm which is not expected to be
executed
* Add Conflicts, Replaces, Provides for libfile-path-perl which is
packaged separately (Closes: #617985)
* Include the full text of the license statements for BSD-style
licenses in debian/copyright, rather than the deprecated practice of
referring to an external copy
-- Matthias Klose <email address hidden> Wed, 04 May 2011 12:51:40 +0200
-
perl (5.10.1-17ubuntu4) natty; urgency=low
* debian/config.debian: pass multiarch paths to the build (if
available) so that we're able to find libraries needed to build.
LP: #739693.
-- Steve Langasek <email address hidden> Wed, 30 Mar 2011 13:44:06 -0700
