-
perl (5.20.2-3+deb8u11) jessie-security; urgency=high
* [SECURITY] CVE-2018-12015: fix directory traversal vulnerability
in Archive-Tar (Closes: #900834)
-- Dominic Hargreaves <email address hidden> Sun, 10 Jun 2018 18:40:37 +0100
-
perl (5.20.2-3+deb8u9) jessie-security; urgency=high
* Update upstream base.pm no-dot-in-inc fix patch description.
* [SECURITY] CVE-2017-12837: Fix a heap buffer overflow in regular
expression compiler. (Closes: #875596)
* [SECURITY] CVE-2017-12883: Fix a buffer over-read in regular
expression parser. (Closes: #875597)
+ also includes a separate upstream fix from the 5.23 cycle
-- Niko Tyni <email address hidden> Tue, 12 Sep 2017 20:00:57 +0300
-
perl (5.20.2-3+deb8u8) jessie; urgency=medium
* Apply upstream base.pm no-dot-in-inc fix (from 5.24.2-RC1)
(Closes: #867170)
-- Dominic Hargreaves <email address hidden> Tue, 11 Jul 2017 17:05:53 +0100
-
perl (5.20.2-3+deb8u6) jessie-security; urgency=high
[ Niko Tyni ]
* [SECURITY] CVE-2016-1238: opportunistic loading of optional
modules can make many programs unintentionally load code
from the current working directory (which might be changed to
another directory without the user realising).
+ allow user configurable removal of "." from @INC in
/etc/perl/sitecustomize.pl for a transitional period. (See: #588017)
+ backport patches from [perl #127834] to fix known vulnerabilities
even if the user does not configure "." to be removed from @INC
+ backport patches from [perl #127810] to fix various classes of
build failures in perl and CPAN modules if "." is removed from
@INC
[ Dominic Hargreaves ]
* [SECURITY] CVE-2016-6185: Make XSLoader skip relative paths not
on @INC. (Closes: #829578)
-- Dominic Hargreaves <email address hidden> Fri, 22 Jul 2016 16:30:45 +0100
-
perl (5.20.2-3+deb8u5) jessie; urgency=medium
* Apply patch from Niko Tyni fixing debugperl crashes with XS
modules (Closes: #816280)
* [SECURITY] CVE-2015-8853 fix regexp engine hang on illegal UTF8
input (Closes: #821848)
* Fix UTF8-related regexp engine crash (Closes: #820328)
* Apply selected bug-fix patches taken from 5.20.3 (Closes: #822336)
- /usr/share/doc/perl/perldebdelta.pod describes the changes in
more detail
-- Dominic Hargreaves <email address hidden> Mon, 23 May 2016 23:42:11 +0100
-
perl (5.20.2-3+deb8u4) jessie-security; urgency=high
* Work around a t/op/stat.t failure on GNU/kFreeBSD, possibly related
to softupdates. Fix by Steven Chamberlain. (Closes: #796798)
* [SECURITY] CVE-2016-2381 fix duplicate environment variable taint
checking issue
-- Dominic Hargreaves <email address hidden> Fri, 26 Feb 2016 21:41:47 +0000
-
perl (5.20.2-3+deb8u3) jessie; urgency=medium
* Backport Encode::Unicode BOM fix from Encode-2.77. (Closes: #798727)
+ break+replace libencode-perl (<< 2.63-1+deb8u1) accordingly
-- Dominic Hargreaves <email address hidden> Mon, 11 Jan 2016 23:06:58 +0000
-
perl (5.20.2-3+deb8u1) jessie; urgency=medium
* Make the perl debugger work with threaded programs again.
Thanks to James McCoy. (Closes: #779357)
-- Niko Tyni <email address hidden> Tue, 28 Apr 2015 22:41:15 +0300
-
perl (5.20.2-3) unstable; urgency=medium
* Improve the error message when a path is inaccessible during
module loading (Closes: #781120)
* Add more Breaks: entries for various packages which could be affected
by the perl-modules dependency change (see #777597)
-- Dominic Hargreaves <email address hidden> Sun, 29 Mar 2015 15:20:48 +0100
-
perl (5.20.2-2) unstable; urgency=medium
[ Dominic Hargreaves ]
* Make perl-modules Recommend perl
[ Niko Tyni ]
* Fix the Broken libfile-spec-perl versions.
* Backport upstream fix for a regexp performance regression
from 5.14. (Closes: #777556)
* Make perl-modules Break older versions of perl. (Closes: #779433)
* Make perl-modules Depend on a matching perl-base. (Closes: #779455)
-- Niko Tyni <email address hidden> Sun, 01 Mar 2015 19:58:59 +0200
-
perl (5.20.1-5) unstable; urgency=medium
* Make perl-base and perl-modules Break perl (<< 5.20.0~)
to fix trigger related upgrade paths from wheezy. (Closes: #774844)
+ also make perl-base, perl-modules, and perl Pre-Depend
on dpkg (>= 1.17.17) to get reliable trigger dependency
guarantees. (See #671711)
-- Niko Tyni <email address hidden> Sun, 25 Jan 2015 18:26:53 +0200
-
perl (5.20.1-4) unstable; urgency=medium
* Make perl-base and perl-modules Break pdl (<< 1:2.007-4)
to fix upgrade failures with dpkg triggers. (Closes: #773323)
-- Niko Tyni <email address hidden> Fri, 19 Dec 2014 18:55:26 +0200
-
perl (5.20.1-3) unstable; urgency=low
* Move File::Temp and its dependencies (File::Path, File::Basename,
and parent) to perl-base.
See https://lists.debian.org/debian-devel/2014/11/msg00216.html
-- Niko Tyni <email address hidden> Sun, 16 Nov 2014 18:54:17 +0200
-
perl (5.20.1-2) unstable; urgency=medium
* Fix IO::Uncompress::Gunzip gunzip to in-memory file handle
(Closes: #747363)
* Fix t/io/socket.t on Hurd: include upstream fixes (Closes: #758718)
-- Dominic Hargreaves <email address hidden> Sun, 19 Oct 2014 22:02:58 +0100
-
perl (5.20.1-1) unstable; urgency=medium
* New upstream release
* [SECURITY] CVE-2014-4330: don't recurse infinitely in Data::Dumper
(Closes: #762256)
* Update Standards-Version (no changes)
* Update maintainer tests to reflect the fact that libcgi-fast-perl
is not being shipped
* Update Breaks versions for libfile-spec-perl, libmodule-corelist-perl,
libversion-perl
* Update patch metadata to reflect upstream status
(Closes: #762270, #762269)
* Upload to unstable
-- Dominic Hargreaves <email address hidden> Sat, 20 Sep 2014 14:11:36 +0100
-
perl (5.20.0-6) unstable; urgency=medium
* Explicitly set mode of DEBIAN/conffiles to fix a Lintian error
in certain build environments
-- Dominic Hargreaves <email address hidden> Fri, 29 Aug 2014 21:32:22 -0700
-
perl (5.20.0-4) unstable; urgency=medium
* Drop the -exp1 suffix from perlapi-5.20.0: no further changes
to @INC are planned in this cycle.
* Build-depend on libc6-dev (>= 2.19-9) on s390x to make sure we
build against the "new" reverted jmp_buf ABI. (Closes: #753444)
* Upload to unstable.
-- Niko Tyni <email address hidden> Thu, 14 Aug 2014 21:47:11 +0300
-
perl (5.18.2-7) unstable; urgency=medium
* No longer Provide perlapi-5.18.1 and .2 on s390x. This completes
the jmp_buf transition. (Closes: #753444)
* Only disable the -ftree-vrp optimization on mips.
Thanks to Aurelien Jarno. (See: #754054)
-- Niko Tyni <email address hidden> Mon, 14 Jul 2014 23:13:55 +0300
-
perl (5.18.2-6) unstable; urgency=medium
* Downgrade the optimization of regcomp.c on mips due to a gcc-4.9 bug.
(Closes: #754054)
-- Niko Tyni <email address hidden> Tue, 08 Jul 2014 23:08:24 +0300
-
perl (5.18.2-4) unstable; urgency=medium
* Build with -fwrapv to fix build failures with GCC 4.9
(Closes: #746890)
* Add Provides/Breaks/Replaces for libpackage-constants-perl which
will be deprecated in 5.20 (see #747628)
-- Dominic Hargreaves <email address hidden> Mon, 12 May 2014 23:53:26 +0100
-
perl (5.18.2-3) unstable; urgency=medium
[ Niko Tyni ]
* Small changes to debian/copyright to placate Config::Model::Dpkg.
(Closes: #731570)
* Backport upstream patch fixing crashes with 'undef *_, goto &sub'.
(Closes: #736187)
[ Dominic Hargreaves ]
* Add Recommends on rename to perl (see #735134)
* Update Standards-Version (no changes)
* Fix typo in debian/t/copyright.t
-- Dominic Hargreaves <email address hidden> Mon, 05 May 2014 17:15:59 +0100
-
perl (5.18.2-2) unstable; urgency=medium
[ Niko Tyni ]
* Update debian/copyright to include the year 2013.
[ Dominic Hargreaves ]
* Upload to unstable
-- Dominic Hargreaves <email address hidden> Tue, 14 Jan 2014 19:47:33 +0000
-
perl (5.18.1-5) unstable; urgency=medium
[ Dominic Hargreaves ]
* Revert patches disabling GNU/Hurd tests which now succeed:
- debian/hurd_net_ping_disable_test.diff (Closes: #709385)
- debian/hurd_test_skip_io_pipe.diff (Closes: #650096)
- debian/hurd_test_skip_pipe.diff (Closes: #650187)
- debian/hurd_test_skip_sigdispatch.diff (Closes: #650188)
- debian/hurd_test_todo_syslog.diff (Closes: #650093)
* Various tidying of Copyright file in line with Lintian's suggestions
* Override Lintian tag spelling-error-in-copyright for an upstream error
* Override Lintian tag empty-binary-package for libperl5.18 as it
is a dummy package on some architectures
[ Niko Tyni ]
* Include upstream fix for regex \8 and \9 after literals.
(Closes: #731365)
* Fix spelling of IPC_CREAT in IPC-SysV documentation. (Closes: #730558)
-- Niko Tyni <email address hidden> Fri, 06 Dec 2013 20:05:55 +0200
-
perl (5.18.1-4) unstable; urgency=low
* Add Breaks on versions of libcommon-sense-perl which were built
with earlier version of perl (Closes: #722460)
* Add Module::Metadata fix for use in taint mode (Closes: #722210)
* Update Lintian override for wrong-path-for-interpreter false
positive
-- Dominic Hargreaves <email address hidden> Wed, 11 Sep 2013 23:30:25 +0100
-
perl (5.18.1-3) unstable; urgency=low
* Make perl-base conflict with all versions of libscalar-list-utils-perl,
which overrides Essential functionality in a way that breaks during
upgrades. (Closes: #721364)
-- Niko Tyni <email address hidden> Sat, 31 Aug 2013 18:32:36 +0300
-
perl (5.14.2-21) unstable; urgency=low
[ Dominic Hargreaves ]
* Update the Locale::Maketext fix by importing 1.23, to avoid
double-escaping problems (see: #695224)
-- Niko Tyni <email address hidden> Wed, 10 Apr 2013 19:11:35 +0300
