Change log for perl package in Ubuntu

76150 of 247 results
Superseded in xenial-updates
Superseded in xenial-security
perl (5.22.1-9ubuntu0.5) xenial-security; urgency=medium

  * SECURITY UPDATE: Directory traversal vulnerability
    - debian/patches/fixes/CVE-2018-12015.patch: fix ing
      cpan/Archive-Tar/lib/Archive/Tar.pm.
    - CVE-2018-12015

 -- <email address hidden> (Leonidas S. Barbosa)  Tue, 12 Jun 2018 16:30:44 -0300
Superseded in cosmic-release
Deleted in cosmic-proposed (Reason: moved to release)
perl (5.26.2-6) unstable; urgency=high

  * [SECURITY] CVE-2018-12015: fix directory traversal vulnerability
    in Archive-Tar (Closes: #900834)

 -- Dominic Hargreaves <email address hidden>  Sat, 09 Jun 2018 13:38:44 +0100

Available diffs

Superseded in cosmic-proposed
perl (5.26.2-5) unstable; urgency=medium

  [ Dominic Hargreaves ]
  * Remove Breaks and Conflicts entries relating to packages which were
    fixed in oldstable or before

  [ Niko Tyni ]
  * autopkgtest improvements:
    + add a missing Testsuite header
    + run a syntax check on (almost) all the Perl modules we ship
    + verify that perl-base stays self contained
  * Move Provides entries from libperl5.26 and perl-modules-5.26 to perl.
    (Closes: #899110)

 -- Niko Tyni <email address hidden>  Sat, 19 May 2018 19:05:17 +0300

Available diffs

Superseded in cosmic-proposed
perl (5.26.2-4) unstable; urgency=medium

  * Add cross build support files for riscv64.
  * Add Breaks/Replaces/Provides for libb-debug-perl.
  * Add rudimentary autopkgtest regression checks. (Closes: #782760)

 -- Niko Tyni <email address hidden>  Fri, 18 May 2018 17:13:34 +0300

Available diffs

Superseded in cosmic-proposed
perl (5.26.2-3) unstable; urgency=medium

  [ Dominic Hargreaves ]
  * Update Vcs-* fields to point to salsa

  [ Niko Tyni ]
  * Refresh cross build support files for most Debian architectures.
    (Closes: #895992)
  * Increase test timeout of t/re/fold_grind.t on riscv64.
    (Closes: #896827)

 -- Niko Tyni <email address hidden>  Wed, 25 Apr 2018 19:55:24 +0300
Superseded in cosmic-release
Published in bionic-release
Deleted in bionic-proposed (Reason: moved to release)
perl (5.26.1-6) unstable; urgency=high

  * [SECURITY] CVE-2018-6797: buffer overflow related to regex
                              unicode semantics.
  * [SECURITY] CVE-2018-6798: heap buffer overflow when matching
                              malformed UTF-8 characters.
  * [SECURITY] CVE-2018-6913: heap buffer overflow with large data blocks.

 -- Niko Tyni <email address hidden>  Sat, 10 Mar 2018 20:40:42 +0200

Available diffs

Superseded in artful-updates
Superseded in artful-security
perl (5.26.0-8ubuntu1.1) artful-security; urgency=medium

  * SECURITY UPDATE: heap write overflow bug
    - debian/patches/fixes/CVE-2018-6797.patch: restart a node if we change
      to uni rules within the node and encounter a sharp S in regcomp.c.
    - CVE-2018-6797
  * SECURITY UPDATE: heap read overflow bug
    - debian/patches/fixes/CVE-2018-6798-1.patch: check lengths in
      regexec.c, t/lib/warnings/regexec.
    - debian/patches/fixes/CVE-2018-6798-2.patch: account for non-utf8
      target in regexec.c, t/re/re_tests.
    - debian/patches/fixes/CVE-2018-6798-3.patch: no longer warns in
      t/lib/warnings/regexec.
    - debian/patches/fixes/CVE-2018-6798-4.patch: don't dump malformation
      past first NUL in utf8.c.
    - CVE-2018-6798
  * SECURITY UPDATE: heap buffer overflow bug
    - debian/patches/fixes/CVE-2018-6913.patch: fix various space
      calculation issues in pp_pack.c, t/op/pack.t.
    - CVE-2018-6913

 -- Marc Deslauriers <email address hidden>  Thu, 05 Apr 2018 08:23:57 -0400
Superseded in xenial-updates
Superseded in xenial-security
perl (5.22.1-9ubuntu0.3) xenial-security; urgency=medium

  * SECURITY UPDATE: arbitrary code exec via library in cwd
    - debian/patches/fixes/CVE-2016-6185.patch: properly handle paths in
      dist/XSLoader/XSLoader_pm.PL, dist/XSLoader/t/XSLoader.t.
    - CVE-2016-6185
  * SECURITY UPDATE: race condition in rmtree and remove_tree
    - debian/patches/fixes/CVE-2017-6512-pre.patch: correct the order of
      tests of chmod() in cpan/ExtUtils-Command/t/eu_command.t.
    - debian/patches/fixes/CVE-2017-6512.patch: prevent race in
      cpan/File-Path/lib/File/Path.pm, cpan/File-Path/t/Path.t.
    - CVE-2017-6512
  * SECURITY UPDATE: heap write overflow bug
    - debian/patches/fixes/CVE-2018-6797.patch: restart a node if we change
      to uni rules within the node and encounter a sharp S in regcomp.c.
    - CVE-2018-6797
  * SECURITY UPDATE: heap read overflow bug
    - debian/patches/fixes/CVE-2018-6798-1.patch: check lengths in
      regexec.c, t/lib/warnings/regexec.
    - debian/patches/fixes/CVE-2018-6798-2.patch: account for non-utf8
      target in regexec.c, t/re/re_tests.
    - debian/patches/fixes/CVE-2018-6798-3.patch: no longer warns in
      t/lib/warnings/regexec.
    - CVE-2018-6798
  * SECURITY UPDATE: heap buffer overflow bug
    - debian/patches/fixes/CVE-2018-6913.patch: fix various space
      calculation issues in pp_pack.c, t/op/pack.t.
    - CVE-2018-6913

 -- Marc Deslauriers <email address hidden>  Thu, 05 Apr 2018 08:48:47 -0400
Superseded in trusty-updates
Superseded in trusty-security
perl (5.18.2-2ubuntu1.4) trusty-security; urgency=medium

  * SECURITY UPDATE: infinite loop via crafted utf-8 data
    - debian/patches/fixes/CVE-2015-8853-1.patch: fix hangs in regexec.c,
      t/re/pat.t.
    - debian/patches/fixes/CVE-2015-8853-2.patch: use
      Perl_croak_nocontext() in regexec.c.
    - CVE-2015-8853
  * SECURITY UPDATE: arbitrary code exec via library in cwd
    - debian/patches/fixes/CVE-2016-6185.patch: properly handle paths in
      dist/XSLoader/XSLoader_pm.PL, dist/XSLoader/t/XSLoader.t.
    - CVE-2016-6185
  * SECURITY UPDATE: race condition in rmtree and remove_tree
    - debian/patches/fixes/CVE-2017-6512-pre.patch: correct the order of
      tests of chmod() in cpan/ExtUtils-Command/t/eu_command.t.
    - debian/patches/fixes/CVE-2017-6512.patch: prevent race in
      cpan/File-Path/lib/File/Path.pm, cpan/File-Path/t/Path.t.
    - CVE-2017-6512
  * SECURITY UPDATE: heap buffer overflow bug
    - debian/patches/fixes/CVE-2018-6913.patch: fix various space
      calculation issues in pp_pack.c, t/op/pack.t.
    - CVE-2018-6913

 -- Marc Deslauriers <email address hidden>  Thu, 05 Apr 2018 12:49:25 -0400
Superseded in bionic-release
Deleted in bionic-proposed (Reason: moved to release)
perl (5.26.1-5) unstable; urgency=medium

  * Mark _LIB_VERSION as an optional symbol for glibc 2.27 compatibility.
    Patch by Aurelien Jarno. (Closes: #890242)
  * Refresh cross build support files.
  * Apply an upstream patch by Yves Orton to fix a regexp related memory
    leak, regressed in 5.26. (Closes: #891196)
  * Build-Depend on libgdbm-compat-dev to restore the NDBM_File and
    ODBM_File modules. (Closes: #891229)

 -- Niko Tyni <email address hidden>  Fri, 23 Feb 2018 17:23:43 +0200
Superseded in bionic-release
Deleted in bionic-proposed (Reason: moved to release)
perl (5.26.1-4build1) bionic; urgency=medium

  * Rebuild against new libgdbm5.

 -- Gianfranco Costamagna <email address hidden>  Fri, 02 Feb 2018 15:26:29 +0100
Superseded in bionic-release
Deleted in bionic-proposed (Reason: moved to release)
perl (5.26.1-4) unstable; urgency=medium

  [ Dominic Hargreaves ]
  * Use dpkg-vendor to configure perl with a vendor-specific
    "configured by" string (Closes: #884924)

  [ Niko Tyni ]
  * Also look in <version>/<archname> subdirectories for binary compatible
    modules built for older Perl versions. (Closes: #886494)
  * Backport upstream Encode patch fixing find_encoding() infinite recursion.
    (Closes: #880085)

 -- Niko Tyni <email address hidden>  Fri, 12 Jan 2018 21:31:09 +0200

Available diffs

Superseded in bionic-release
Deleted in bionic-proposed (Reason: moved to release)
perl (5.26.1-3) unstable; urgency=medium

  [ Dominic Hargreaves ]
  * Include a note about debugging information in perl-debug in the package
    description (Closes: #880117)

  [ Niko Tyni ]
  * Restore SIGUNUSED on glibc >= 2.26 to preserve ABI compatibility.
    (Closes: #875927)
  * No longer use xlocale.h, removed in glibc 2.26. (Closes: #882978)

 -- Niko Tyni <email address hidden>  Tue, 28 Nov 2017 19:44:14 +0200
Superseded in xenial-updates
Superseded in xenial-security
perl (5.22.1-9ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow via crafted regular expressiion
    - debian/patches/fixes/CVE-2017-12883.patch: fix crafted expression
      with invalid '\N{U+...}' escape in regcomp.c
    - CVE-2017-12883
  * SECURITY UPDATE: heap-based buffer overflow in S_regatom
    - debian/patches/fixes/CVE-2017-12837.patch: fix issue in regcomp.c
    - CVE-2017-12837

 -- <email address hidden> (Leonidas S. Barbosa)  Fri, 10 Nov 2017 11:39:06 -0300
Obsolete in zesty-updates
Obsolete in zesty-security
perl (5.24.1-2ubuntu1.1) zesty-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow via crafted regular expressiion
    - debian/patches/fixes/CVE-2017-12883.patch: fix crafted expression
      with invalid '\N{U+...}' escape in regcomp.c
    - CVE-2017-12883
  * SECURITY UPDATE: heap-based buffer overflow in S_regatom
    - debian/patches/fixes/CVE-2017-12837.patch: fix issue in regcomp.c
    - CVE-2017-12837

 -- <email address hidden> (Leonidas S. Barbosa)  Fri, 10 Nov 2017 11:07:03 -0300
Superseded in trusty-updates
Superseded in trusty-security
perl (5.18.2-2ubuntu1.3) trusty-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow via crafted regular expressiion
    - debian/patches/CVE-2017-12883.patch: fix crafted expression
      with invalid '\N{U+...}' escape in regcomp.c
    - CVE-2017-12883
  * SECURITY UPDATE: heap-based buffer overflow in S_regatom
    - debian/patches/CVE-2017-12837.patch: fix issue in regcomp.c
    - CVE-2017-12837

 -- <email address hidden> (Leonidas S. Barbosa)  Fri, 10 Nov 2017 08:42:39 -0300
Superseded in bionic-release
Deleted in bionic-proposed (Reason: moved to release)
Deleted in bionic-proposed (Reason: remove temporarily to let ocaml clear, as a lesser evil)
perl (5.26.1-2ubuntu1) bionic; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Build-depend on libc6-dev (>= 2.26).
    - Restore the SIGUNUSED signal. LP: #1717367.
    - Changes can be dropped with the next perl ABI bump, or with a perl
      upstream fix to restore ABI compatibility with glibc-2.26.

Superseded in bionic-release
Obsolete in artful-release
Deleted in artful-proposed (Reason: moved to release)
perl (5.26.0-8ubuntu1) artful; urgency=medium

  * Build-depend on libc6-dev (>= 2.26).
  * Restore the SIGUNUSED signal. LP: #1717367.
  * Changes can be dropped with the next perl ABI bump, or with a perl
    upstream fix to restore ABI compatibility with glibc-2.26.

Superseded in artful-proposed
perl (5.26.0-7) unstable; urgency=medium

  * Upload to unstable
  * Break older versions of slic3r-prusa (Closes: #873728)
  * Remove Recommends: rename according to announced deprecation plan

 -- Dominic Hargreaves <email address hidden>  Tue, 05 Sep 2017 21:48:47 +0100

Available diffs

Superseded in artful-release
Deleted in artful-proposed (Reason: moved to release)
perl (5.26.0-5) unstable; urgency=medium

  * Make perl-base Break intltool (<< 0.51.0-4). (Closes: #869612)
  * Amend debian/CVE-2016-1238/base-pm-amends-pt2.diff description based
    on the final upstream commit information.
  * Lower the optimization level of opmini.c on hppa. (Closes: #869122)
  * Also lower the optimization level of op.c and opmini.c on sh4.
    (Closes: #869373)

 -- Niko Tyni <email address hidden>  Sun, 30 Jul 2017 19:15:47 +0300
Superseded in artful-proposed
perl (5.26.0-4) unstable; urgency=medium

  * Upload to unstable.

 -- Niko Tyni <email address hidden>  Thu, 20 Jul 2017 22:23:29 +0300
Superseded in artful-release
Deleted in artful-proposed (Reason: moved to release)
perl (5.24.1-7ubuntu1) artful; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - d/p/f/Compress-Raw-Zlib-2.071-Adapt-tests-to-zlib-1.2.11.patch,
    - d/p/f/0001-Adapt-tests-to-zlib-1.2.11.patch:
      - backport upstream patch to fix t/02zlib.t because of new zlib

 -- Gianfranco Costamagna <email address hidden>  Mon, 10 Jul 2017 23:39:14 +0200
Superseded in artful-proposed
perl (5.24.1-5ubuntu1) artful; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - d/p/f/Compress-Raw-Zlib-2.071-Adapt-tests-to-zlib-1.2.11.patch,
    - d/p/f/0001-Adapt-tests-to-zlib-1.2.11.patch:
      - backport upstream patch to fix t/02zlib.t because of new zlib

 -- Gianfranco Costamagna <email address hidden>  Tue, 04 Jul 2017 12:26:07 +0200
Superseded in artful-release
Deleted in artful-proposed (Reason: moved to release)
perl (5.24.1-4ubuntu1) artful; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - d/p/f/Compress-Raw-Zlib-2.071-Adapt-tests-to-zlib-1.2.11.patch,
    - d/p/f/0001-Adapt-tests-to-zlib-1.2.11.patch:
      - backport upstream patch to fix t/02zlib.t because of new zlib

 -- Gianfranco Costamagna <email address hidden>  Wed, 21 Jun 2017 09:40:13 +0200
Superseded in artful-release
Deleted in artful-proposed (Reason: moved to release)
perl (5.24.1-3ubuntu1) artful; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - d/p/f/Compress-Raw-Zlib-2.071-Adapt-tests-to-zlib-1.2.11.patch,
    - d/p/f/0001-Adapt-tests-to-zlib-1.2.11.patch:
      - backport upstream patch to fix t/02zlib.t because of new zlib

 -- Gianfranco Costamagna <email address hidden>  Sat, 03 Jun 2017 11:13:45 +0200
Superseded in artful-release
Obsolete in zesty-release
Deleted in zesty-proposed (Reason: moved to release)
perl (5.24.1-2ubuntu1) zesty; urgency=medium

  * d/p/f/Compress-Raw-Zlib-2.071-Adapt-tests-to-zlib-1.2.11.patch,
    d/p/f/0001-Adapt-tests-to-zlib-1.2.11.patch:
    - backport upstream patch to fix t/02zlib.t because of new zlib

 -- Gianfranco Costamagna <email address hidden>  Sat, 18 Mar 2017 18:00:39 +0100
Superseded in zesty-proposed
perl (5.24.1-2) unstable; urgency=medium

  * Apply patch from upstream fixing leak in list assignment
    (Closes: #855064)
  * Clarify documentation of 'do' in the face of '.' being removed
    from @INC (Closes: #839536)

 -- Dominic Hargreaves <email address hidden>  Thu, 16 Mar 2017 11:11:46 +0000

Available diffs

Superseded in zesty-release
Deleted in zesty-proposed (Reason: moved to release)
perl (5.24.1-1) unstable; urgency=medium

  [ Dominic Hargreaves ]
  * Break libexception-class-perl (<< 1.42) since this version fixes an
    @INC related vulnerability potentially exposed by the reversion of the
    base.pm changes below.
  * Remove <nocheck> profile flag for build dependency on file, as it
    is needed outside the test suite (Closes: #850296)

  [ Niko Tyni ]
  * Use https for URLs in the patchlevel list.
  * Refresh cross build support files.

  [ Dominic Hargreaves ]
  * New upstream release

 -- Dominic Hargreaves <email address hidden>  Sun, 15 Jan 2017 23:35:20 +0000

Available diffs

Superseded in zesty-release
Deleted in zesty-proposed (Reason: moved to release)
perl (5.24.1~rc4-1) unstable; urgency=medium

  [ Dominic Hargreaves ]
  * Fix Vcs-Git header. Thanks to Axel Beckert (Closes: #839057)
  * Add Breaks on dh-haskell (<< 0.3) (Closes: #839018)
  * Add workaround for optimization test failure on HPPA (Closes: #838613)

  [ Niko Tyni ]
  * Import new upstream release candidate with improved @INC localizing
    in base.pm.
  * Patch Test::Builder to fix a 'used only once' warning. (Closes: #840968)
  * Sort the binary package conffile lists for reproducibility.
  * Break amanda-common versions built against perlapi-5.22. (See #843700)
  * Patch Configure to filter longdblinfbytes randomness for
    build reproducibility. (Closes: #844752)
  * Patch installman to generate man pages with UTF-8 characters.
    (Closes: #840211)

 -- Niko Tyni <email address hidden>  Sat, 26 Nov 2016 23:12:44 +0200

Available diffs

Superseded in zesty-release
Deleted in zesty-proposed (Reason: moved to release)
perl (5.24.1~rc3-3) unstable; urgency=medium

  * Reinstate perl-modules virtual package (Closes: #838855)

 -- Niko Tyni <email address hidden>  Sun, 25 Sep 2016 23:22:41 +0300

Available diffs

Superseded in zesty-release
Obsolete in yakkety-release
Deleted in yakkety-proposed (Reason: moved to release)
perl (5.22.2-3) unstable; urgency=high

  * [SECURITY] CVE-2016-1238: opportunistic loading of optional
    modules can make many programs unintentionally load code
    from the current working directory (which might be changed to
    another directory without the user realising).
    + allow user configurable removal of "." from @INC in
      /etc/perl/sitecustomize.pl for a transitional period. (See: #588017)
    + backport patches from [perl #127834] to fix known vulnerabilities
      even if the user does not configure "." to be removed from @INC
    + backport patches from [perl #127810] to fix various classes of
      build failures in perl and CPAN modules if "." is removed from
      @INC

 -- Dominic Hargreaves <email address hidden>  Mon, 25 Jul 2016 16:00:43 +0100

Available diffs

Superseded in yakkety-release
Deleted in yakkety-proposed (Reason: moved to release)
perl (5.22.2-2) unstable; urgency=medium

  [ Niko Tyni ]
  * Make XSLoader skip relative paths not on @INC. (Closes: #829578)
  * Add patch from Chris Lamb making the output of ExtUtils::ParseXS
    reproducible. (Closes: #829296)
  * Refresh cross build support files for all architectures.

  [ Dominic Hargreaves ]
  * Update wrong-path-for-interpreter override for 5.22.2, fixing
    Lintian error introduced in previous upload
  * Switch Vcs-Browser from gitweb to cgit and Vcs-Git to https

 -- Niko Tyni <email address hidden>  Thu, 07 Jul 2016 20:40:41 +0200

Available diffs

Superseded in yakkety-release
Deleted in yakkety-proposed (Reason: moved to release)
perl (5.22.2-1) unstable; urgency=medium

  [ Niko Tyni ]
  * Refresh cross build support files for alpha, amd64, arm64, i386
    kfreebsd-amd64, kfreebsd-i386, powerpc, ppc64el and s390x.
  * Add cross build support files for ppc64.
  * Merge 5.22.1-10 from unstable.
  * Fix libperl5.22.triggers permissions.
  * Work around t/op/stat.t problems on GNU/Hurd. (Closes: #822735)

  [ Dominic Hargreaves ]
  * New upstream release
    + update version of libmodule-corelist-perl Breaks and Replaces
      for 5.22.2
  * Upload to unstable

 -- Dominic Hargreaves <email address hidden>  Sat, 30 Apr 2016 13:20:51 +0100

Available diffs

Superseded in yakkety-release
Deleted in yakkety-proposed (Reason: moved to release)
perl (5.22.1-10) unstable; urgency=medium

  * Replace libperl5.22 manual ldconfig calls with an explicit trigger.
    (Closes: #820500)
  * Only conflict with versioned (i.e. non-virtual) perl-modules packages.
    (Closes: #821161)
  * Emulate 'uname -m' output for reproducibility regardless of kernel arch.
    (Closes: #821182)
  * Add cross build support files for m68k, powerpcspe and sh4.

 -- Niko Tyni <email address hidden>  Sun, 17 Apr 2016 22:08:08 +0300

Available diffs

Superseded in yakkety-release
Published in xenial-release
Deleted in xenial-proposed (Reason: moved to release)
perl (5.22.1-9) unstable; urgency=medium

  * Add cross build support files for alpha, hppa, sparc64, x32, mips,
    and hurd-i386. (Closes: #816217)
  * Use the standard library from the build tree, fixing non-cross
    bootstrapping. (Closes: #817948)

 -- Niko Tyni <email address hidden>  Sun, 13 Mar 2016 13:54:18 +0200

Available diffs

Superseded in xenial-release
Deleted in xenial-proposed (Reason: moved to release)
perl (5.22.1-8) unstable; urgency=high

  * [SECURITY] CVE-2016-2381 fix duplicate environment variable taint
    checking issue

 -- Dominic Hargreaves <email address hidden>  Fri, 26 Feb 2016 21:59:01 +0000

Available diffs

Superseded in precise-updates
Superseded in precise-security
perl (5.14.2-6ubuntu2.5) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via regular expression invalid
    backreference
    - debian/patches/CVE-2013-7422.patch: properly handle big
      backreferences in regcomp.c.
    - CVE-2013-7422
  * SECURITY UPDATE: denial of service in Data::Dumper
    - debian/patches/CVE-2014-4330.patch: limit recursion in MANIFEST,
      dist/Data-Dumper/Dumper.pm, dist/Data-Dumper/Dumper.xs,
      dist/Data-Dumper/t/recurse.t.
    - CVE-2014-4330
  * SECURITY UPDATE: environment variable confusion issue
    - debian/patches/CVE-2016-2381.patch: remove duplicate environment
      variables from environ in perl.c.
    - CVE-2016-2381

 -- Marc Deslauriers <email address hidden>  Tue, 01 Mar 2016 11:02:10 -0500
Superseded in trusty-updates
Superseded in trusty-security
perl (5.18.2-2ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via regular expression invalid
    backreference
    - debian/patches/fixes/CVE-2013-7422.patch: properly handle big
      backreferences in regcomp.c.
    - CVE-2013-7422
  * SECURITY UPDATE: denial of service in Data::Dumper
    - debian/patches/fixes/CVE-2014-4330.patch: limit recursion in
      MANIFEST, dist/Data-Dumper/Dumper.pm, dist/Data-Dumper/Dumper.xs,
      dist/Data-Dumper/t/recurse.t.
    - CVE-2014-4330
  * SECURITY UPDATE: environment variable confusion issue
    - debian/patches/fixes/CVE-2016-2381.patch: remove duplicate
      environment variables from environ in perl.c.
    - CVE-2016-2381

 -- Marc Deslauriers <email address hidden>  Tue, 01 Mar 2016 07:32:17 -0500
Obsolete in wily-updates
Obsolete in wily-security
perl (5.20.2-6ubuntu0.2) wily-security; urgency=medium

  * SECURITY UPDATE: environment variable confusion issue
    - debian/patches/fixes/CVE-2016-2381.patch: remove duplicate
      environment variables from environ in perl.c.
    - CVE-2016-2381

 -- Marc Deslauriers <email address hidden>  Tue, 01 Mar 2016 08:48:24 -0500
Superseded in xenial-release
Deleted in xenial-proposed (Reason: moved to release)
perl (5.22.1-7) unstable; urgency=medium

  * small tweaks to cross support file import infrastructure
  * debian/copyright: include CC0-1.0 License for Test-Simple
  * Changes prompted by lintian:
    + debian/copyright: move license grants into Comment sections
    + Bump build dependency on dpkg-dev to 1.17.14 for build profile support
      (Closes: #813811)
    + Call ldconfig in libperl5.22 postrm script.
    + Override lintian warning about file conflict over /usr/bin/perldoc.
    + Install manual pages for perl5.22-<arch> and cpan5.22-<arch>.
    + Fix POD errors in Memoize, Encode-Unicode and ok.
  * Remove libperl-dev dependency on perl. (Closes: #813384)
    + this enables experimental support for cross building applications
      linking against libperl; see /usr/share/doc/libperl-dev/README.cross
      for more information.
  * Add cross build support files for amd64, i386, powerpc, ppc64el, armel,
    armhf, arm64, s390x, mipsel, mips64el, kfreebsd-amd64 and kfreebsd-i386.
    (Closes: #285559)
  * Upload to unstable.

 -- Niko Tyni <email address hidden>  Mon, 08 Feb 2016 22:09:56 +0200

Available diffs

Superseded in xenial-release
Deleted in xenial-proposed (Reason: moved to release)
perl (5.22.1-5) unstable; urgency=medium

  [ Dominic Hargreaves ]
  * Add Breaks entry for versions of mailagent not compatible with
    perl 5.22

  [ Niko Tyni ]
  * Make perl-modules-5.22 Conflict with perl-modules rather than Break it.
    Thanks to Adam Conrad. (Closes: #810164)
  * Fix umask in mkstemp(3) calls. (Closes: #810924)

 -- Niko Tyni <email address hidden>  Sat, 30 Jan 2016 11:41:34 +0200

Available diffs

Obsolete in vivid-updates
Obsolete in vivid-security
perl (5.20.2-2ubuntu0.1) vivid-security; urgency=medium

  * SECURITY UPDATE: canonpath function doesn't preserve taint
    - debian/patches/fixes/CVE-2015-8607_file_spec_taint_fix.diff: ensure
      File::Spec::canonpath() preserves taint in dist/PathTools/Cwd.xs,
      added tests to dist/PathTools/t/taint.t.
    - CVE-2015-8607

 -- Marc Deslauriers <email address hidden>  Wed, 20 Jan 2016 09:08:09 -0500
Superseded in wily-updates
Superseded in wily-security
perl (5.20.2-6ubuntu0.1) wily-security; urgency=medium

  * SECURITY UPDATE: canonpath function doesn't preserve taint
    - debian/patches/fixes/CVE-2015-8607_file_spec_taint_fix.diff: ensure
      File::Spec::canonpath() preserves taint in dist/PathTools/Cwd.xs,
      added tests to dist/PathTools/t/taint.t.
    - CVE-2015-8607

 -- Marc Deslauriers <email address hidden>  Wed, 20 Jan 2016 09:04:44 -0500
Superseded in xenial-release
Deleted in xenial-proposed (Reason: moved to release)
perl (5.22.1-4) unstable; urgency=high

  * Add Breaks entry for versions of libsbuild-perl, maildirsync,
    and backuppc not compatible with perl 5.22
    (Closes: #808805, #809562, #810118)
  * Apply patch from Niko Tyni restoring debugperl functionality
    (Closes: #810326)
  * [SECURITY] CVE-2015-8607 fix untaint issue with File::Spec::canonpath()
    (Closes: #810719)

 -- Dominic Hargreaves <email address hidden>  Mon, 11 Jan 2016 22:29:23 +0000

Available diffs

Superseded in xenial-release
Deleted in xenial-proposed (Reason: moved to release)
perl (5.22.1-3) unstable; urgency=medium

  [ Dominic Hargreaves ]
  * psed was removed in 5.22, so remove the (broken) manpage symlink
    too (Closes: #808683)

  [ Niko Tyni ]
  * Fix an autodie scoping issue with "no autodie" and the "system" sub.
    (Closes: #808629)
    + break libautodie-perl (<< 2.29-2) to make sure it won't override the fix

 -- Niko Tyni <email address hidden>  Sat, 26 Dec 2015 09:28:43 +0200
Superseded in xenial-proposed
perl (5.22.1-2) unstable; urgency=low

  * Work around a t/op/stat.t failure on GNU/kFreeBSD, possibly related
    to softupdates. Fix by Steven Chamberlain. (Closes: #796798)

 -- Niko Tyni <email address hidden>  Fri, 18 Dec 2015 14:31:00 +0200

Available diffs

Superseded in xenial-proposed
perl (5.22.1-1) unstable; urgency=low

  * New upstream release.
  * Backport Encode::Unicode BOM fix from Encode-2.77.
    (Closes: #798727)
    + break+replace libencode-perl (<< 2.77) accordingly
  * Upload to unstable.
    + drop perlapi-5.22.0 for transition purposes

 -- Niko Tyni <email address hidden>  Wed, 16 Dec 2015 20:13:17 +0200
Superseded in xenial-release
Obsolete in wily-release
Deleted in wily-proposed (Reason: moved to release)
perl (5.20.2-6) unstable; urgency=low

  * Remove two obsolete lintian overrides.
  * Make libperl5.20 Break older perl-base versions to ensure perl-base
    is upgraded first.
  * Upload to unstable.

 -- Niko Tyni <email address hidden>  Thu, 14 May 2015 13:38:21 +0300

Available diffs

Superseded in wily-proposed
perl (5.20.2-4) unstable; urgency=medium


  * Make the perl debugger work with threaded programs again.
    Thanks to James McCoy. (Closes: #779357)
  * Make t/run/locale more robust against subtly broken locale settings
    common in pbuilder chroot builds. (Closes: #782068)
  * Backport upstream patches for gcc-5 compatibility. (Closes: #778060)
  * Replace a few ancient and incorrect DEB_BUILD_{GNU_TYPE,ARCH_CPU}
    occurrences with the corresponding DEB_HOST_* ones. (Closes: #782803)
  * Make perl-doc suggest groff-base instead of the full groff.
    (Closes: #206211)
  * Backport podlators patches to base the Pod::Man footer date
    on UTC instead of the local time zone. (Closes: #780259)
  * Backport podlators patch to make Pod::Man support an empty
    POD_MAN_DATE variable. (See #780259)
  * Backport podlators patch to improve error handling with standard
    input. (Closes: #777405)
  * Minor improvements to the package maintainer test framework.
    + remove the obsolete debian/check-control script

 -- Niko Tyni <email address hidden>  Sun, 26 Apr 2015 13:00:50 +0300
Superseded in wily-release
Obsolete in vivid-release
Deleted in vivid-proposed (Reason: moved to release)
perl (5.20.2-2) unstable; urgency=medium


  [ Dominic Hargreaves ]
  * Make perl-modules Recommend perl

  [ Niko Tyni ]
  * Fix the Broken libfile-spec-perl versions.
  * Backport upstream fix for a regexp performance regression
    from 5.14. (Closes: #777556)
  * Make perl-modules Break older versions of perl. (Closes: #779433)
  * Make perl-modules Depend on a matching perl-base. (Closes: #779455)

 -- Niko Tyni <email address hidden>  Sun, 01 Mar 2015 19:58:59 +0200

Available diffs

Superseded in vivid-release
Deleted in vivid-proposed (Reason: moved to release)
perl (5.20.1-5) unstable; urgency=medium


  * Make perl-base and perl-modules Break perl (<< 5.20.0~)
    to fix trigger related upgrade paths from wheezy. (Closes: #774844)
    + also make perl-base, perl-modules, and perl Pre-Depend
      on dpkg (>= 1.17.17) to get reliable trigger dependency
      guarantees. (See #671711)

 -- Niko Tyni <email address hidden>  Sun, 25 Jan 2015 18:26:53 +0200

Available diffs

Superseded in vivid-release
Deleted in vivid-proposed (Reason: moved to release)
perl (5.20.1-4) unstable; urgency=medium


  * Make perl-base and perl-modules Break pdl (<< 1:2.007-4)
    to fix upgrade failures with dpkg triggers. (Closes: #773323)

 -- Niko Tyni <email address hidden>  Fri, 19 Dec 2014 18:55:26 +0200

Available diffs

Superseded in vivid-release
Deleted in vivid-proposed (Reason: moved to release)
perl (5.20.1-3) unstable; urgency=low


  * Move File::Temp and its dependencies (File::Path, File::Basename,
    and parent) to perl-base.
    See https://lists.debian.org/debian-devel/2014/11/msg00216.html

 -- Niko Tyni <email address hidden>  Sun, 16 Nov 2014 18:54:17 +0200

Available diffs

Superseded in vivid-release
Deleted in vivid-proposed (Reason: moved to release)
perl (5.20.1-2) unstable; urgency=medium


  * Fix IO::Uncompress::Gunzip gunzip to in-memory file handle
    (Closes: #747363)
  * Fix t/io/socket.t on Hurd: include upstream fixes (Closes: #758718)

 -- Dominic Hargreaves <email address hidden>  Sun, 19 Oct 2014 22:02:58 +0100

Available diffs

Superseded in vivid-release
Obsolete in utopic-release
Deleted in utopic-proposed (Reason: moved to release)
perl (5.20.1-1) unstable; urgency=medium


  * New upstream release
  * [SECURITY] CVE-2014-4330: don't recurse infinitely in Data::Dumper
    (Closes: #762256) 
  * Update Standards-Version (no changes)
  * Update maintainer tests to reflect the fact that libcgi-fast-perl
    is not being shipped
  * Update Breaks versions for libfile-spec-perl, libmodule-corelist-perl,
    libversion-perl
  * Update patch metadata to reflect upstream status
    (Closes: #762270, #762269)
  * Upload to unstable

 -- Dominic Hargreaves <email address hidden>  Sat, 20 Sep 2014 14:11:36 +0100

Available diffs

Superseded in utopic-release
Deleted in utopic-proposed (Reason: moved to release)
perl (5.20.0-6) unstable; urgency=medium


  * Explicitly set mode of DEBIAN/conffiles to fix a Lintian error
    in certain build environments

 -- Dominic Hargreaves <email address hidden>  Fri, 29 Aug 2014 21:32:22 -0700

Available diffs

Superseded in utopic-release
Deleted in utopic-proposed (Reason: moved to release)
perl (5.20.0-4) unstable; urgency=medium


  * Drop the -exp1 suffix from perlapi-5.20.0: no further changes
    to @INC are planned in this cycle.
  * Build-depend on libc6-dev (>= 2.19-9) on s390x to make sure we
    build against the "new" reverted jmp_buf ABI. (Closes: #753444)
  * Upload to unstable.

 -- Niko Tyni <email address hidden>  Thu, 14 Aug 2014 21:47:11 +0300

Available diffs

Superseded in utopic-release
Deleted in utopic-proposed (Reason: moved to release)
perl (5.18.2-7) unstable; urgency=medium


  * No longer Provide perlapi-5.18.1 and .2 on s390x. This completes
    the jmp_buf transition. (Closes: #753444)
  * Only disable the -ftree-vrp optimization on mips.
    Thanks to Aurelien Jarno. (See: #754054)

 -- Niko Tyni <email address hidden>  Mon, 14 Jul 2014 23:13:55 +0300

Available diffs

Superseded in utopic-release
Deleted in utopic-proposed (Reason: moved to release)
perl (5.18.2-6) unstable; urgency=medium


  * Downgrade the optimization of regcomp.c on mips due to a gcc-4.9 bug.
    (Closes: #754054)

 -- Niko Tyni <email address hidden>  Tue, 08 Jul 2014 23:08:24 +0300

Available diffs

Superseded in utopic-release
Deleted in utopic-proposed (Reason: moved to release)
perl (5.18.2-5) unstable; urgency=medium


  * Additionally provide perlapi-5.18.2d on s390x as preparation for
    fixing partial upgrades due to jmp_buf ABI changes in glibc 2.19.
    (See: #753444)

 -- Niko Tyni <email address hidden>  Sat, 05 Jul 2014 21:06:13 +0300

Available diffs

Superseded in utopic-release
Deleted in utopic-proposed (Reason: moved to release)
perl (5.18.2-4) unstable; urgency=medium


  * Build with -fwrapv to fix build failures with GCC 4.9
    (Closes: #746890)
  * Add Provides/Breaks/Replaces for libpackage-constants-perl which
    will be deprecated in 5.20 (see #747628)

 -- Dominic Hargreaves <email address hidden>  Mon, 12 May 2014 23:53:26 +0100
Superseded in utopic-release
Published in trusty-release
Deleted in trusty-proposed (Reason: moved to release)
perl (5.18.2-2ubuntu1) trusty; urgency=medium

  * Fix undefined behaviour in sv.c, resulting in test failures when
    built with GCC 4.9. Patch by Marek Polacek.
 -- Matthias Klose <email address hidden>   Tue, 25 Mar 2014 17:52:36 +0100
Obsolete in quantal-updates
Obsolete in quantal-security
perl (5.14.2-13ubuntu0.3) quantal-security; urgency=medium

  * SECURITY UPDATE: arbitrary command execution via _compile function in
    Maketext.pm
    - debian/patches/CVE-2012-6329.patch: escape backslashes and reject
      method names with colons or apostrophes in
      dist/Locale-Maketext/lib/Locale/Maketext.pm.
    - CVE-2012-6329
 -- Marc Deslauriers <email address hidden>   Tue, 04 Feb 2014 15:54:36 -0500
Superseded in precise-updates
Superseded in precise-security
perl (5.14.2-6ubuntu2.4) precise-security; urgency=medium

  * SECURITY UPDATE: arbitrary command execution via _compile function in
    Maketext.pm
    - debian/patches/CVE-2012-6329.patch: escape backslashes and reject
      method names with colons or apostrophes in
      dist/Locale-Maketext/lib/Locale/Maketext.pm.
    - CVE-2012-6329
 -- Marc Deslauriers <email address hidden>   Tue, 04 Feb 2014 16:02:26 -0500
Obsolete in lucid-updates
Obsolete in lucid-security
perl (5.10.1-8ubuntu2.4) lucid-security; urgency=medium

  * SECURITY UPDATE: arbitrary command execution via _compile function in
    Maketext.pm
    - debian/patches/fixes/CVE-2012-6329.patch: escape backslashes and
      reject method names with colons or apostrophes in
      dist/Locale-Maketext/lib/Locale/Maketext.pm.
    - CVE-2012-6329
 -- Marc Deslauriers <email address hidden>   Tue, 04 Feb 2014 16:12:30 -0500
Superseded in trusty-release
Deleted in trusty-proposed (Reason: moved to release)
perl (5.18.2-2) unstable; urgency=medium


  [ Niko Tyni ]
  * Update debian/copyright to include the year 2013.

  [ Dominic Hargreaves ]
  * Upload to unstable

 -- Dominic Hargreaves <email address hidden>  Tue, 14 Jan 2014 19:47:33 +0000

Available diffs

Superseded in trusty-release
Deleted in trusty-proposed (Reason: moved to release)
perl (5.18.1-5) unstable; urgency=medium


  [ Dominic Hargreaves ]
  * Revert patches disabling GNU/Hurd tests which now succeed:
    - debian/hurd_net_ping_disable_test.diff (Closes: #709385)
    - debian/hurd_test_skip_io_pipe.diff (Closes: #650096)
    - debian/hurd_test_skip_pipe.diff (Closes: #650187)
    - debian/hurd_test_skip_sigdispatch.diff (Closes: #650188)
    - debian/hurd_test_todo_syslog.diff (Closes: #650093)
  * Various tidying of Copyright file in line with Lintian's suggestions
  * Override Lintian tag spelling-error-in-copyright for an upstream error
  * Override Lintian tag empty-binary-package for libperl5.18 as it
    is a dummy package on some architectures

  [ Niko Tyni ]
  * Include upstream fix for regex \8 and \9 after literals.
    (Closes: #731365)
  * Fix spelling of IPC_CREAT in IPC-SysV documentation. (Closes: #730558)

 -- Niko Tyni <email address hidden>  Fri, 06 Dec 2013 20:05:55 +0200
Superseded in trusty-release
Deleted in trusty-proposed (Reason: moved to release)
perl (5.18.1-4build1) trusty; urgency=low

  * No change rebuild against db 5.3.
 -- Dmitrijs Ledkovs <email address hidden>   Fri, 01 Nov 2013 23:52:36 +0000
Superseded in trusty-release
Deleted in trusty-proposed (Reason: moved to release)
Deleted in trusty-release (Reason: accidentally copied to release rather than proposed)
perl (5.18.1-4) unstable; urgency=low


  * Add Breaks on versions of libcommon-sense-perl which were built
    with earlier version of perl (Closes: #722460)
  * Add Module::Metadata fix for use in taint mode (Closes: #722210)
  * Update Lintian override for wrong-path-for-interpreter false
    positive

 -- Dominic Hargreaves <email address hidden>  Wed, 11 Sep 2013 23:30:25 +0100
Superseded in trusty-release
Superseded in trusty-release
Obsolete in saucy-release
Deleted in saucy-proposed (Reason: moved to release)
perl (5.14.2-21build1) saucy; urgency=low

  * No change rebuild.
 -- Matthias Klose <email address hidden>   Thu, 18 Jul 2013 23:41:05 +0200
Superseded in saucy-release
Obsolete in raring-release
Deleted in raring-proposed (Reason: moved to release)
perl (5.14.2-21) unstable; urgency=low


  [ Dominic Hargreaves ]
  * Update the Locale::Maketext fix by importing 1.23, to avoid
    double-escaping problems (see: #695224)

 -- Niko Tyni <email address hidden>  Wed, 10 Apr 2013 19:11:35 +0300

Available diffs

Superseded in quantal-updates
Superseded in quantal-security
perl (5.14.2-13ubuntu0.2) quantal-security; urgency=low

  * SECURITY UPDATE: algorithmic complexity attack on hash keys
    - debian/patches/CVE-2013-1667.patch: fix hsplit() in hv.c, fix tests
      in ext/Hash-Util-FieldHash/t/10_hash.t, t/op/hash.t.
    - CVE-2013-1667
 -- Marc Deslauriers <email address hidden>   Mon, 18 Mar 2013 10:45:31 -0400
Superseded in precise-updates
Superseded in precise-security
perl (5.14.2-6ubuntu2.3) precise-security; urgency=low

  * SECURITY UPDATE: algorithmic complexity attack on hash keys
    - debian/patches/CVE-2013-1667.patch: fix hsplit() in hv.c, fix tests
      in ext/Hash-Util-FieldHash/t/10_hash.t, t/op/hash.t.
    - CVE-2013-1667
 -- Marc Deslauriers <email address hidden>   Mon, 18 Mar 2013 10:48:33 -0400
Obsolete in oneiric-updates
Obsolete in oneiric-security
perl (5.12.4-4ubuntu0.2) oneiric-security; urgency=low

  * SECURITY UPDATE: algorithmic complexity attack on hash keys
    - debian/patches/CVE-2013-1667.patch: fix hsplit() in hv.c, fix tests
      in ext/Hash-Util-FieldHash/t/10_hash.t, t/op/hash.t.
    - CVE-2013-1667
 -- Marc Deslauriers <email address hidden>   Mon, 18 Mar 2013 10:49:35 -0400
Obsolete in hardy-updates
Obsolete in hardy-security
perl (5.8.8-12ubuntu0.8) hardy-security; urgency=low

  * SECURITY UPDATE: algorithmic complexity attack on hash keys
    - debian/patches/79_CVE-2013-1667: fix hsplit() in hv.c, fix tests in
      t/op/hash.t.
    - CVE-2013-1667
 -- Marc Deslauriers <email address hidden>   Mon, 18 Mar 2013 12:32:01 -0400
76150 of 247 results