2021-10-19 03:30:32 |
Bryce Harrington |
description |
Scheduled-For: 22.11
Upstream: tbd
Debian: 1:1.10.12+submodules+notgz+20210212-1
Ubuntu: 1:1.10.12+submodules+notgz+20210212-1ubuntu1
### New Debian Changes ###
php-pear (1:1.10.12+submodules+notgz+20210212-1) unstable; urgency=medium
[ Ondřej Surý ]
* (CVE-2020-36193) Update Archive_Tar to 1.4.12 (Closes: #980428)
* Remove .gitattributes from submodules as it breaks our build
[ Mathieu Parent ]
* Remove all *.tgz files, to ease copyright review
-- Ondřej Surý <ondrej@debian.org> Fri, 12 Feb 2021 09:05:38 +0100
php-pear (1:1.10.12+submodules+notgz-1) unstable; urgency=medium
* Update PEAR to 1.10.12
* Update Archive_Tar to 1.4.7
* Update Console_Getopt to 1.4.2
* Update Structures_Graph to latest trunk
* Update XML_Util to 1.4.3
* Lower the dh_compat level to 10 to help with backports
* Remove .gitattributes from submodules as it breaks our build
* Use pristine-tar (first create and then use pristine-tar commit)
-- Ondřej Surý <ondrej@debian.org> Sat, 10 Oct 2020 15:10:13 +0200
php-pear (1:1.10.9+submodules+notgz-1) unstable; urgency=low
[ Ondřej Surý ]
* Update PEAR to 1.10.8
* Update Archive_Tar to 1.4.6
* Update Console_Getopt to 1.4.2
* Update maintainer address
* Update gbp.conf for salsa and enable pristine-tar
* Bump policy to recent version (no change)
[ Mathieu Parent ]
* Update PEAR to 1.10.9
- Fixes count() on non Countable (Closes: #890433)
* Update Archive_Tar to 1.4.7
* Update Structures_Graph to v1.1.1 + 1 minor patch
* Add debian/README.source
* Fix package-uses-deprecated-source-override-location
* Fix insecure-copyright-format-uri
* Fix debian-watch-uses-insecure-uri
* Bump debhelper compat to 12
* Update debian/php-pear.substvars-static
* Fix manpage-has-errors-from-man
* Standards-Version: 4.4.0
* Add debian/salsa-ci.yml
* Implement the SOURCE_DATE_EPOCH specification (Closes: #750697)
-- Mathieu Parent <sathieu@debian.org> Thu, 01 Aug 2019 23:15:22 +0200
php-pear (1:1.10.6+submodules+notgz-1) unstable; urgency=medium
* Update PEAR to 1.10.6
-- Ondřej Surý <ondrej@debian.org> Mon, 01 Oct 2018 12:15:44 +0000
php-pear (1:1.10.5+submodules+notgz-1) unstable; urgency=medium
* Update PEAR to 1.10.5
* Update Archive_Tar to 1.4.3
* Update XML_Util to 1.4.3
-- Ondřej Surý <ondrej@debian.org> Thu, 10 Aug 2017 23:19:49 +0200
php-pear (1:1.10.4+submodules+notgz-1) experimental; urgency=medium
* Update PEAR to 1.10.4
* Rebase patches on top of 1.10.4+submodules+notgz
* Update submodules to latest PEAR packaged versions:
bdd47347df76dbaa89227c5e1afd6f6809985b4c submodules/Archive_Tar (1.4.2)
82f05cd1aa3edf34e19aa7c8ca312ce13a6a577f submodules/Console_Getopt (v1.4.1)
608fdc835a62fb238e61bd1cf0aaf6c7a4420b5c submodules/Structures_Graph (v1.1.1)
0ee5f1d88573a935daf68d795048165b3491b5ff submodules/XML_Util (v1.4.2)
-- Ondřej Surý <ondrej@debian.org> Tue, 30 May 2017 16:18:19 +0200
php-pear (1:1.10.1+submodules+notgz-9) unstable; urgency=medium
* Fix Vcs-* fields (was pointing to pkg-php-tools)
* Standards-Version: 3.9.8, no change
-- Mathieu Parent <sathieu@debian.org> Wed, 25 Jan 2017 07:48:36 +0100
php-pear (1:1.10.1+submodules+notgz-8) unstable; urgency=medium
* Remove /usr/share/php/{.depdb,.filemap}
- As they would be outdated.
- This also fixes the last remaining FTBR
-- Mathieu Parent <sathieu@debian.org> Sun, 24 Apr 2016 00:54:49 +0200
php-pear (1:1.10.1+submodules+notgz-7) unstable; urgency=medium
* Makes the build reproducible by fixing _lastmodified to be an int
-- Mathieu Parent <sathieu@debian.org> Wed, 20 Apr 2016 06:47:23 +0200
php-pear (1:1.10.1+submodules+notgz-6) unstable; urgency=medium
### Old Ubuntu Delta ###
php-pear (1:1.10.12+submodules+notgz+20210212-1ubuntu1) impish; urgency=medium
* SECURITY REGRESSIONS:
- debian/patches/CVE-2020-36193-2.patch: fix out-of-path check for
virtual relative symlink in submodules/Archive_Tar/Archive/Tar.php.
- debian/patches/CVE-2020-36193-3.patch: PHP compat fix in
submodules/Archive_Tar/Archive/Tar.php.
* SECURITY UPDATE: incorrect symlink extraction
- debian/patches/CVE-2021-32610.patch: properly fix symbolic link path
traversal in submodules/Archive_Tar/Archive/Tar.php.
- CVE-2021-32610
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 28 Jul 2021 10:39:27 -0400
|
Upstream: 1.10.13
Debian: 1:1.10.12+submodules+notgz+20210212-1
Ubuntu: 1:1.10.12+submodules+notgz+20210212-1ubuntu1
Debian typically updates this package every 2 months, but has not done so since 21.04. Check back monthly.
There is a new upstream version, however, so may be worth going ahead of
debian and/or updating it in Debian and syncing it.
### New Debian Changes ###
php-pear (1:1.10.12+submodules+notgz+20210212-1) unstable; urgency=medium
[ Ondřej Surý ]
* (CVE-2020-36193) Update Archive_Tar to 1.4.12 (Closes: #980428)
* Remove .gitattributes from submodules as it breaks our build
[ Mathieu Parent ]
* Remove all *.tgz files, to ease copyright review
-- Ondřej Surý <ondrej@debian.org> Fri, 12 Feb 2021 09:05:38 +0100
php-pear (1:1.10.12+submodules+notgz-1) unstable; urgency=medium
* Update PEAR to 1.10.12
* Update Archive_Tar to 1.4.7
* Update Console_Getopt to 1.4.2
* Update Structures_Graph to latest trunk
* Update XML_Util to 1.4.3
* Lower the dh_compat level to 10 to help with backports
* Remove .gitattributes from submodules as it breaks our build
* Use pristine-tar (first create and then use pristine-tar commit)
-- Ondřej Surý <ondrej@debian.org> Sat, 10 Oct 2020 15:10:13 +0200
php-pear (1:1.10.9+submodules+notgz-1) unstable; urgency=low
[ Ondřej Surý ]
* Update PEAR to 1.10.8
* Update Archive_Tar to 1.4.6
* Update Console_Getopt to 1.4.2
* Update maintainer address
* Update gbp.conf for salsa and enable pristine-tar
* Bump policy to recent version (no change)
[ Mathieu Parent ]
* Update PEAR to 1.10.9
- Fixes count() on non Countable (Closes: #890433)
* Update Archive_Tar to 1.4.7
* Update Structures_Graph to v1.1.1 + 1 minor patch
* Add debian/README.source
* Fix package-uses-deprecated-source-override-location
* Fix insecure-copyright-format-uri
* Fix debian-watch-uses-insecure-uri
* Bump debhelper compat to 12
* Update debian/php-pear.substvars-static
* Fix manpage-has-errors-from-man
* Standards-Version: 4.4.0
* Add debian/salsa-ci.yml
* Implement the SOURCE_DATE_EPOCH specification (Closes: #750697)
-- Mathieu Parent <sathieu@debian.org> Thu, 01 Aug 2019 23:15:22 +0200
php-pear (1:1.10.6+submodules+notgz-1) unstable; urgency=medium
* Update PEAR to 1.10.6
-- Ondřej Surý <ondrej@debian.org> Mon, 01 Oct 2018 12:15:44 +0000
php-pear (1:1.10.5+submodules+notgz-1) unstable; urgency=medium
* Update PEAR to 1.10.5
* Update Archive_Tar to 1.4.3
* Update XML_Util to 1.4.3
-- Ondřej Surý <ondrej@debian.org> Thu, 10 Aug 2017 23:19:49 +0200
php-pear (1:1.10.4+submodules+notgz-1) experimental; urgency=medium
* Update PEAR to 1.10.4
* Rebase patches on top of 1.10.4+submodules+notgz
* Update submodules to latest PEAR packaged versions:
bdd47347df76dbaa89227c5e1afd6f6809985b4c submodules/Archive_Tar (1.4.2)
82f05cd1aa3edf34e19aa7c8ca312ce13a6a577f submodules/Console_Getopt (v1.4.1)
608fdc835a62fb238e61bd1cf0aaf6c7a4420b5c submodules/Structures_Graph (v1.1.1)
0ee5f1d88573a935daf68d795048165b3491b5ff submodules/XML_Util (v1.4.2)
-- Ondřej Surý <ondrej@debian.org> Tue, 30 May 2017 16:18:19 +0200
php-pear (1:1.10.1+submodules+notgz-9) unstable; urgency=medium
* Fix Vcs-* fields (was pointing to pkg-php-tools)
* Standards-Version: 3.9.8, no change
-- Mathieu Parent <sathieu@debian.org> Wed, 25 Jan 2017 07:48:36 +0100
php-pear (1:1.10.1+submodules+notgz-8) unstable; urgency=medium
* Remove /usr/share/php/{.depdb,.filemap}
- As they would be outdated.
- This also fixes the last remaining FTBR
-- Mathieu Parent <sathieu@debian.org> Sun, 24 Apr 2016 00:54:49 +0200
php-pear (1:1.10.1+submodules+notgz-7) unstable; urgency=medium
* Makes the build reproducible by fixing _lastmodified to be an int
-- Mathieu Parent <sathieu@debian.org> Wed, 20 Apr 2016 06:47:23 +0200
php-pear (1:1.10.1+submodules+notgz-6) unstable; urgency=medium
### Old Ubuntu Delta ###
php-pear (1:1.10.12+submodules+notgz+20210212-1ubuntu1) impish; urgency=medium
* SECURITY REGRESSIONS:
- debian/patches/CVE-2020-36193-2.patch: fix out-of-path check for
virtual relative symlink in submodules/Archive_Tar/Archive/Tar.php.
- debian/patches/CVE-2020-36193-3.patch: PHP compat fix in
submodules/Archive_Tar/Archive/Tar.php.
* SECURITY UPDATE: incorrect symlink extraction
- debian/patches/CVE-2021-32610.patch: properly fix symbolic link path
traversal in submodules/Archive_Tar/Archive/Tar.php.
- CVE-2021-32610
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 28 Jul 2021 10:39:27 -0400 |
|