Publishing details
Changelog
perl (5.22.1-9ubuntu0.6~ubuntu12.04.1~ppa2) precise; urgency=medium
* No-change backport to precise
perl (5.22.1-9ubuntu0.6) xenial-security; urgency=medium
* SECURITY UPDATE: Integer overflow leading to buffer overflow
- debian/patches/fixes/CVE-2018-18311.patch: handle integer wrap in
util.c.
- CVE-2018-18311
* SECURITY UPDATE: Heap-buffer-overflow write / reg_node overrun
- debian/patches/fixes/CVE-2018-18312.patch: fix logic in regcomp.c.
- CVE-2018-18312
* SECURITY UPDATE: Heap-buffer-overflow read
- debian/patches/fixes/CVE-2018-18313.patch: convert some strchr to
memchr in regcomp.c.
- CVE-2018-18313
* SECURITY UPDATE: Heap-based buffer overflow
- debian/patches/fixes/CVE-2018-18314.patch: fix extended charclass in
pod/perldiag.pod, pod/perlrecharclass.pod, regcomp.c,
t/re/reg_mesg.t, t/re/regex_sets.t.
- CVE-2018-18314
perl (5.22.1-9ubuntu0.5) xenial-security; urgency=medium
* SECURITY UPDATE: Directory traversal vulnerability
- debian/patches/fixes/CVE-2018-12015.patch: fix ing
cpan/Archive-Tar/lib/Archive/Tar.pm.
- CVE-2018-12015
perl (5.22.1-9ubuntu0.3) xenial-security; urgency=medium
* SECURITY UPDATE: arbitrary code exec via library in cwd
- debian/patches/fixes/CVE-2016-6185.patch: properly handle paths in
dist/XSLoader/XSLoader_pm.PL, dist/XSLoader/t/XSLoader.t.
- CVE-2016-6185
* SECURITY UPDATE: race condition in rmtree and remove_tree
- debian/patches/fixes/CVE-2017-6512-pre.patch: correct the order of
tests of chmod() in cpan/ExtUtils-Command/t/eu_command.t.
- debian/patches/fixes/CVE-2017-6512.patch: prevent race in
cpan/File-Path/lib/File/Path.pm, cpan/File-Path/t/Path.t.
- CVE-2017-6512
* SECURITY UPDATE: heap write overflow bug
- debian/patches/fixes/CVE-2018-6797.patch: restart a node if we change
to uni rules within the node and encounter a sharp S in regcomp.c.
- CVE-2018-6797
* SECURITY UPDATE: heap read overflow bug
- debian/patches/fixes/CVE-2018-6798-1.patch: check lengths in
regexec.c, t/lib/warnings/regexec.
- debian/patches/fixes/CVE-2018-6798-2.patch: account for non-utf8
target in regexec.c, t/re/re_tests.
- debian/patches/fixes/CVE-2018-6798-3.patch: no longer warns in
t/lib/warnings/regexec.
- CVE-2018-6798
* SECURITY UPDATE: heap buffer overflow bug
- debian/patches/fixes/CVE-2018-6913.patch: fix various space
calculation issues in pp_pack.c, t/op/pack.t.
- CVE-2018-6913
perl (5.22.1-9ubuntu0.2) xenial-security; urgency=medium
* SECURITY UPDATE: Buffer overflow via crafted regular expressiion
- debian/patches/fixes/CVE-2017-12883.patch: fix crafted expression
with invalid '\N{U+...}' escape in regcomp.c
- CVE-2017-12883
* SECURITY UPDATE: heap-based buffer overflow in S_regatom
- debian/patches/fixes/CVE-2017-12837.patch: fix issue in regcomp.c
- CVE-2017-12837
perl (5.22.1-9) unstable; urgency=medium
* Add cross build support files for alpha, hppa, sparc64, x32, mips,
and hurd-i386. (Closes: #816217)
* Use the standard library from the build tree, fixing non-cross
bootstrapping. (Closes: #817948)
perl (5.22.1-8) unstable; urgency=high
* [SECURITY] CVE-2016-2381 fix duplicate environment variable taint
checking issue
perl (5.22.1-7) unstable; urgency=medium
* small tweaks to cross support file import infrastructure
* debian/copyright: include CC0-1.0 License for Test-Simple
* Changes prompted by lintian:
+ debian/copyright: move license grants into Comment sections
+ Bump build dependency on dpkg-dev to 1.17.14 for build profile support
(Closes: #813811)
+ Call ldconfig in libperl5.22 postrm script.
+ Override lintian warning about file conflict over /usr/bin/perldoc.
+ Install manual pages for perl5.22-<arch> and cpan5.22-<arch>.
+ Fix POD errors in Memoize, Encode-Unicode and ok.
* Remove libperl-dev dependency on perl. (Closes: #813384)
+ this enables experimental support for cross building applications
linking against libperl; see /usr/share/doc/libperl-dev/README.cross
for more information.
* Add cross build support files for amd64, i386, powerpc, ppc64el, armel,
armhf, arm64, s390x, mipsel, mips64el, kfreebsd-amd64 and kfreebsd-i386.
(Closes: #285559)
* Upload to unstable.
perl (5.22.1-6) experimental; urgency=medium
* Annotate test suite specific build dependencies with <!nocheck> for
better build profile support.
* Add packaging infrastructure for cross build support (#285559 et al.)
+ Configure probes still need to run on native builds; we now stash
the results in libperl5.22 and copy them back to the source
package. See debian/cross/README.
+ The full process is not quite established yet, and no commitment
is made on the long term feasibility of this approach. We will
see how it goes.
+ Uploading to experimental to bootstrap the thing: we can then
gather the generated files from autobuilt binary packages.
perl (5.22.1-5) unstable; urgency=medium
[ Dominic Hargreaves ]
* Add Breaks entry for versions of mailagent not compatible with
perl 5.22
[ Niko Tyni ]
* Make perl-modules-5.22 Conflict with perl-modules rather than Break it.
Thanks to Adam Conrad. (Closes: #810164)
* Fix umask in mkstemp(3) calls. (Closes: #810924)
perl (5.22.1-4) unstable; urgency=high
* Add Breaks entry for versions of libsbuild-perl, maildirsync,
and backuppc not compatible with perl 5.22
(Closes: #808805, #809562, #810118)
* Apply patch from Niko Tyni restoring debugperl functionality
(Closes: #810326)
* [SECURITY] CVE-2015-8607 fix untaint issue with File::Spec::canonpath()
(Closes: #810719)
perl (5.22.1-3) unstable; urgency=medium
[ Dominic Hargreaves ]
* psed was removed in 5.22, so remove the (broken) manpage symlink
too (Closes: #808683)
[ Niko Tyni ]
* Fix an autodie scoping issue with "no autodie" and the "system" sub.
(Closes: #808629)
+ break libautodie-perl (<< 2.29-2) to make sure it won't override the fix
perl (5.22.1-2) unstable; urgency=low
* Work around a t/op/stat.t failure on GNU/kFreeBSD, possibly related
to softupdates. Fix by Steven Chamberlain. (Closes: #796798)
perl (5.22.1-1) unstable; urgency=low
* New upstream release.
* Backport Encode::Unicode BOM fix from Encode-2.77.
(Closes: #798727)
+ break+replace libencode-perl (<< 2.77) accordingly
* Upload to unstable.
+ drop perlapi-5.22.0 for transition purposes
perl (5.22.1~rc4-2) experimental; urgency=low
* Activate the "perl-major-upgrade" trigger in "noawait" mode.
(Closes: #807647)
perl (5.22.1~rc4-1) experimental; urgency=low
* New upstream release candidate.
perl (5.22.1~rc3-2) experimental; urgency=low
* Fix a podlators test failure when building under SOURCE_DATE_EPOCH.
(Closes: #807086)
* Apply upstream patch to skip tests only intended for long double
configurations, failing on big-endian architectures. (Closes: #807038)
* Slightly patch Devel-PPPort to make its XS code reproducible
rather than vary with system file ordering. (Closes: #801523)
perl (5.22.1~rc3-1) experimental; urgency=low
* New upstream release candidate.
* Rename the license of the Sys-Syslog syslog.h file in debian/copyright
(Closes: #799014)
* Backport SOURCE_DATE_EPOCH support in Pod::Man from podlators-4.00.
(Closes: #801621)
* Remove strcpy usage from debian/patches/debian/mod_paths.diff,
now policed by t/porting/libperl.t
perl (5.22.0-4) experimental; urgency=medium
[ Dominic Hargreaves ]
* Move perl-debug from the debug to the devel section (Closes: #796834)
[ gregor herrmann ]
* Convert /usr/share/doc/libperl5.22 symlink into a directory.
[ Niko Tyni ]
* Remove obsolete debian/*.moduledocs references
* Don't try to install cpan/libnet/Config.eg, it's gone with 5.22
* Split out binary-only changelog entries (Closes: #797106)
* Unbreak libperl5.22 binNMUs by using ${binary:Version} in shlibs.local
perl (5.22.0-3) experimental; urgency=medium
* The "reproducible builds" release. (Closes: #774422)
[ Jérémy Bobbio ]
* Fix mtimes before building binary packages
* Set a deterministic configuration time
* Sort file list when generating md5sums
* Set mtime of patchlevel.h to highest mtime of Debian patches
[ Niko Tyni ]
* Override $Config{osvers} and $Config{myuname} to deterministic values
* Set the timezone to UTC when building as a workaround for #791362
* Set LC_ALL=C for the build to ensure stable sort ordering
* Replace __DATE__/__TIME__ usage with a deterministic time stamp
[ Dominic Hargreaves ]
* Document the special case of modifying Configure in
debian/README.Source (Closes: #762638)
perl (5.22.0-2) experimental; urgency=medium
* Drop the ExtUtils::MakeMaker changes we've been carrying for much too long
to keep "make install PREFIX=something" working after upstream stopped
supporting it. (Closes: #788883)
* Describe and rename the remaining inherited "ExtUtils hack" patch
that makes MakeMaker honour MANnEXT settings in generated manpage
headers. (See #247370)
* Provide libtest-use-ok-perl and libtest-tester-perl. (Closes: #790302)
* Make Replaces entries for dual life module packages versioned.
(Closes: #789339)
perl (5.22.0-1) experimental; urgency=medium
[ Dominic Hargreaves ]
* New upstream release
[ Niko Tyni ]
* Add upstream patch to fix a 5.22 regression with 'perl -C<number>'.
(Closes: #788636)
perl (5.22.0~rc2-2) experimental; urgency=medium
* Small build system tweaks:
+ stash Config* files by copying them rather than renaming
+ remove deprecated dpkg-gencontrol -isp options
* Restore the short version symlinks on privlib/archlib.
(Closes: #787158)
* Add infrastructure for cross compiling XS module packages:
+ link Config.pm to /usr/lib/<triplet>/perl/cross-config-5.22.0/
(Closes: #717433)
+ make libperl5.22 Provide a perl-cross-config virtual package
* Ship a cpan5.22-<arch> "binary" in the libperl5.22 package
to compensate for the lack of packaged XS modules visible to
embedded interpreters which don't match the version or architecture
of /usr/bin/perl.
perl (5.22.0~rc2-1) experimental; urgency=medium
[ Dominic Hargreaves ]
* New upstream release candidate
- fixes FTBFS under pbuilder with USENETWORK=no (Closes: #759799)
- fixes UTF8 issues with $!, $@ etc. (Closes: #409704)
- fixes fatal warnings hiding syntax errors (Closes: #663544)
- add Getopt::Long bundling_values option (Closes: #764621)
- libperl5.20 becomes libperl5.22
- update Breaks/Provides/Replaces to reflect changes to
dual-lived packages
- activate the perl-major-upgrade trigger
* Merge multiarch changes from Niko Tyni as detailed below
[ Niko Tyni ]
* Make the libperl5.22 package co-installable between different
major versions and architectures (Closes: #495394, #786575)
+ perl-modules is renamed to perl-modules-5.22
+ the standard library is now in libperl5.22 + perl-modules-5.22
instead of perl + perl-modules
+ perl-base has a copy of the essential parts of the standard library
(~3M) in /usr/lib/<triplet>/perl-base
+ libperl5.22 includes a thin /usr/bin/perl5.22-<triplet>, linked
against the shared libperl.
* change @INC to contain the full upstream version instead of the
short one (5.22.0 vs. 5.22) for the core paths (privlib and archlib)
* Prefix $Config{cc}, ld, and cpp with DEB_HOST_GNU_TYPE as a step
towards enabling multiarch and crosscompiling. While at it, explicitly
use gcc now. (Closes: #775009)
[ Dominic Hargreaves ]
* Various cleanups to dependency fields
- we no longer provide the perl5, perl5-base, and data-dumper virtual
packages
* Upload to experimental from the Barcelona Perl team sprint
perl (5.20.2-6) unstable; urgency=low
* Remove two obsolete lintian overrides.
* Make libperl5.20 Break older perl-base versions to ensure perl-base
is upgraded first.
* Upload to unstable.
perl (5.20.2-5) experimental; urgency=medium
* Link /usr/bin/perl statically against libperl on all architectures.
(Closes: #781476)
* Relax the perl-modules -> perl-base dependency. (Closes: #784574)
* Upload to experimental.
perl (5.20.2-4) unstable; urgency=medium
* Make the perl debugger work with threaded programs again.
Thanks to James McCoy. (Closes: #779357)
* Make t/run/locale more robust against subtly broken locale settings
common in pbuilder chroot builds. (Closes: #782068)
* Backport upstream patches for gcc-5 compatibility. (Closes: #778060)
* Replace a few ancient and incorrect DEB_BUILD_{GNU_TYPE,ARCH_CPU}
occurrences with the corresponding DEB_HOST_* ones. (Closes: #782803)
* Make perl-doc suggest groff-base instead of the full groff.
(Closes: #206211)
* Backport podlators patches to base the Pod::Man footer date
on UTC instead of the local time zone. (Closes: #780259)
* Backport podlators patch to make Pod::Man support an empty
POD_MAN_DATE variable. (See #780259)
* Backport podlators patch to improve error handling with standard
input. (Closes: #777405)
* Minor improvements to the package maintainer test framework.
+ remove the obsolete debian/check-control script
perl (5.20.2-3) unstable; urgency=medium
* Improve the error message when a path is inaccessible during
module loading (Closes: #781120)
* Add more Breaks: entries for various packages which could be affected
by the perl-modules dependency change (see #777597)
perl (5.20.2-2) unstable; urgency=medium
[ Dominic Hargreaves ]
* Make perl-modules Recommend perl
[ Niko Tyni ]
* Fix the Broken libfile-spec-perl versions.
* Backport upstream fix for a regexp performance regression
from 5.14. (Closes: #777556)
* Make perl-modules Break older versions of perl. (Closes: #779433)
* Make perl-modules Depend on a matching perl-base. (Closes: #779455)
perl (5.20.2-1) unstable; urgency=medium
* New upstream release
* Update Breaks versions for libfile-spec-perl, libmodule-corelist-perl,
libstorable-perl
* Break circular dependency between perl and perl-modules
(Closes: #777597, #502455)
* Add Breaks: entries for various packages which could be affected by
the above change, where they have been fixed
perl (5.20.1-5) unstable; urgency=medium
* Make perl-base and perl-modules Break perl (<< 5.20.0~)
to fix trigger related upgrade paths from wheezy. (Closes: #774844)
+ also make perl-base, perl-modules, and perl Pre-Depend
on dpkg (>= 1.17.17) to get reliable trigger dependency
guarantees. (See #671711)
perl (5.20.1-4) unstable; urgency=medium
* Make perl-base and perl-modules Break pdl (<< 1:2.007-4)
to fix upgrade failures with dpkg triggers. (Closes: #773323)
perl (5.20.1-3) unstable; urgency=low
* Move File::Temp and its dependencies (File::Path, File::Basename,
and parent) to perl-base. (Closes: #757905)
See https://lists.debian.org/debian-devel/2014/11/msg00216.html
perl (5.20.1-2) unstable; urgency=medium
* Fix IO::Uncompress::Gunzip gunzip to in-memory file handle
(Closes: #747363)
* Fix t/io/socket.t on Hurd: include upstream fixes (Closes: #758718)
perl (5.20.1-1) unstable; urgency=medium
* New upstream release
* [SECURITY] CVE-2014-4330: don't recurse infinitely in Data::Dumper
(Closes: #762256)
* Update Standards-Version (no changes)
* Update maintainer tests to reflect the fact that libcgi-fast-perl
is not being shipped
* Update Breaks versions for libfile-spec-perl, libmodule-corelist-perl,
libversion-perl
* Update patch metadata to reflect upstream status
(Closes: #762270, #762269)
* Upload to unstable
perl (5.20.1~rc2-1) experimental; urgency=low
* New upstream release candidate
perl (5.20.1~rc1-1) experimental; urgency=low
* New upstream release candidate
* Don't skip dist/threads/t/stack.t on GNU/Hurd as Hurd now has
support for varying stack length sizes (Closes: #650175)
* Disable failing test in t/io/socket.t on GNU/Hurd (see: #758718)
* Modify $Config{libperl} to avoid exposing the full version
(Closes: #759989)
* Ensure that all manpage directories are installed with
appropriate permissions, fixing Lintian warnings
* Support POD_MAN_DATE in Pod::Man for the left-hand footer to
help with reproducible builds; thanks to Russ Allbery
(Closes: #759405)
perl (5.20.0-6) unstable; urgency=medium
* Explicitly set mode of DEBIAN/conffiles to fix a Lintian error
in certain build environments
perl (5.20.0-5) unstable; urgency=medium
[ Niko Tyni ]
* Fix visible escape sequences in perldoc output by passing the "-R"
option to the "less" pager. (Closes: #758689)
* Pass explicit LD settings through to subdirectories again even if
the build system sets LD. (Closes: #758471)
* Drop the libcgi-fast-perl binary package, which is moving to
a source package of its own. (Closes: #759187)
[ Dominic Hargreaves ]
* Note simplified developer tools requirements
perl (5.20.0-4) unstable; urgency=medium
* Drop the -exp1 suffix from perlapi-5.20.0: no further changes
to @INC are planned in this cycle.
* Build-depend on libc6-dev (>= 2.19-9) on s390x to make sure we
build against the "new" reverted jmp_buf ABI. (Closes: #753444)
* Upload to unstable.
perl (5.20.0-3) experimental; urgency=medium
* Disable the gcc -ftree-vrp optimization of regcomp.c on mips and
mipsel to work around a possible gcc-4.9 bug.
Thanks to Aurelien Jarno. (Closes: #754054)
perl (5.20.0-2) experimental; urgency=medium
* Adjust the Breaks versions of libalien-wxwidgets-perl, libjcode-perl, and
libanyevent-perl now that fixed versions are in the archive. (See #750017)
* Break older versions of libgtk2-perl-doc, which installed documentation
in /usr/lib/perl5.
* update maintainer tests in debian/t/control.t to accommodate added
digits in libmodule-corelist-perl versioning
perl (5.20.0-1) experimental; urgency=low
* New upstream release.
* Move @INC to multiarch enabled paths. (See #748380)
+ provide perlapi-5.20.0-exp1 for now (and set $Config{debian_abi}
accordingly), because @INC might still change.
+ break libalien-wxwidgets-perl, libjcode-perl, and libanyevent-perl,
which use /usr/lib/perl5 without a dependency on perlapi-* or the
current perl version.
* debian/rules: clean: no need to remove DB_File .bak files anymore.
* Include the ABI version in the vendorarch directory.
(See https://lists.debian.org/debian-perl/2014/05/msg00139.html)
+ solves the problem with dual life modules in perl-base (Closes: #743690)
+ libscalar-list-utils-perl can be made installable again (Closes: #725899)
+ no need for the ABI skew induced Build-Conflicts anymore
* Make perl Multi-Arch:allowed and perl-modules Multi-Arch:foreign.
(See https://lists.debian.org/debian-devel/2014/05/msg00058.html)
(Closes: #717881)
perl (5.18.2-3) unstable; urgency=medium
[ Niko Tyni ]
* Small changes to debian/copyright to placate Config::Model::Dpkg.
(Closes: #731570)
* Backport upstream patch fixing crashes with 'undef *_, goto &sub'.
(Closes: #736187)
[ Dominic Hargreaves ]
* Add Recommends on rename to perl (see #735134)
* Update Standards-Version (no changes)
* Fix typo in debian/t/copyright.t
perl (5.18.2-2) unstable; urgency=medium
[ Niko Tyni ]
* Update debian/copyright to include the year 2013.
[ Dominic Hargreaves ]
* Upload to unstable
perl (5.18.2-1) experimental; urgency=low
* New upstream release.
perl (5.18.1-5) unstable; urgency=medium
[ Dominic Hargreaves ]
* Revert patches disabling GNU/Hurd tests which now succeed:
- debian/hurd_net_ping_disable_test.diff (Closes: #709385)
- debian/hurd_test_skip_io_pipe.diff (Closes: #650096)
- debian/hurd_test_skip_pipe.diff (Closes: #650187)
- debian/hurd_test_skip_sigdispatch.diff (Closes: #650188)
- debian/hurd_test_todo_syslog.diff (Closes: #650093)
* Various tidying of Copyright file in line with Lintian's suggestions
* Override Lintian tag spelling-error-in-copyright for an upstream error
* Override Lintian tag empty-binary-package for libperl5.18 as it
is a dummy package on some architectures
[ Niko Tyni ]
* Include upstream fix for regex \8 and \9 after literals.
(Closes: #731365)
* Fix spelling of IPC_CREAT in IPC-SysV documentation. (Closes: #730558)
perl (5.18.1-4) unstable; urgency=low
* Add Breaks on versions of libcommon-sense-perl which were built
with earlier version of perl (Closes: #722460)
* Add Module::Metadata fix for use in taint mode (Closes: #722210)
* Update Lintian override for wrong-path-for-interpreter false
positive
perl (5.18.1-3) unstable; urgency=low
* Make perl-base conflict with all versions of libscalar-list-utils-perl,
which overrides Essential functionality in a way that breaks during
upgrades. (Closes: #721364)
perl (5.18.1-2) unstable; urgency=low
* Remove redundant Provides: perlapi-5.18.0
* Update Module::Metadata documentation to fix CVE-2013-1437
by clarifying that Module::Metadata does execute code from the
module it is acting on
* Upload to unstable
perl (5.18.1-1) experimental; urgency=low
[ Dominic Hargreaves ]
* Apply patch from upstream fixing Digest::SHA double-free
crash (Closes: #711206)
[ Niko Tyni ]
* Amend the perlbug patchlevel fix for #710842 so that the list
of local patches is looked up at perlbug run time.
* Fix the permissions of the md5sums control files in the binary
packages. (Closes: #714408)
* Import new upstream release.
+ update Breaks versions for the libmodule-corelist-perl and
libdigest-sha-perl packages.
* Apply upstream patches to (partially) fix qr// precompilation
and the /p flag. (Closes: #718209)
* Add Breaks and Replaces entries for older versions of the (deprecated)
libobject-accessor-perl package.
perl (5.18.0-3) experimental; urgency=low
* Remove the Provides entries for the deprecated core modules. (See #702096)
* Make perlbug.PL run patchlevel.h through cpp where possible.
(Closes: #710842)
* Migrate the maintainer tests from 'config-edit' to 'cme'.
perl (5.18.0-2) experimental; urgency=low
* Apply patches from upstream fixing FTBFS on sparc relating to
pmop alignment (Closes: #708792)
* Update the deprecation warning to point to the Debian packages for
modules deprecated in 5.18
* Disable failing Net-Ping tests for GNU/Hurd (see: 709385)
* Apply patch from Jonathan Nieder fixing Memoize::Storable 'nstore'
option (Closes: #677292)
* Apply patch from Peter Pentchev fixing Net::FTP failure handling
(Closes: #491062)
* Add Breaks/Provides/Replaces/Recommends/Suggests on deprecated
modules (Closes: #702096)
perl (5.18.0-1) experimental; urgency=low
* New upstream release
- update Breaks version for libpod-simple-perl
* Additional bugs fixed since 5.14:
- pending signals are processed in both the parent and child process
after a fork() (Closes: 495788)
- occasional test failures from Time-HiRes (Closes: #637470)
- Storing shared_clone with overload in shared_clone strips off
overload (Closes: #677588)
- segfaults when freeing deeply nested structures (Closes: #624759)
- creating and destroying threads with perl results in memory leak
(Closes: #700624)
- double free or corruption crash after thread->join when POE::Kernel
is loaded (Closes: #707206)
- Behaviour changed in Text::Wrap (Closes: #101933)
- pod2html doesn't remove temporary files (Closes: #378328)
- Syslog.pm adds newline and later EOL whitespace to spamassassin
/var/log/syslog messages (Closes: #496254)
- Pod::PlainText doesn't recognize =encoding (Closes: #587733)
- libdate-manip-perl: Memory Leak (Closes: #600231)
- perlembed.pod and perlmodinstall.pod contain invariant sections
(Closes: #630149)
- perl debugger dies for PDL scripts with "Can't return a temporary
from lvalue subroutine" (Closes: #654387)
- pod2man: no exit code & empty files left behind (Closes: #659939)
- Man.pm: Undefined strings and a number register in groff
(Closes: #674206)
- perlcall(1) incorrectly refers to "X windows" (Closes: #233214)
- perl-base: IO::Handle manual lies about write() (Closes: #335694)
- perl-doc: be more explicit about how to use $! (Closes: #484021)
- perl-base: Doesn't throw an error if first parameter is a directory
(Closes: #689412)
- mention "use diagnostics" on perldiag (Closes: #485467)
- Please don't pollute manpages with "POD ERRORS" sections
(Closes: #497866)
* Override lintian warning doc-package-depends-on-main-package
as perl-doc really depends on perl
* Override lintian warning wrong-path-for-interpreter for a perl
module
perl (5.18.0~rc1-1) experimental; urgency=low
[ Niko Tyni ]
* Reorder the packages in debian/control to improve robustness of
the installation step.
[ Dominic Hargreaves ]
* Merge 5.14.2-21 from unstable:
+ Update the Locale::Maketext fix by importing 1.23, to avoid
double-escaping problems (see: #695224)
* Provide a more modern description of Perl in the long description
of the perl package (Closes: #678307)
* New upstream release
- update Breaks versions in debian/control for dual-lived modules
[ Niko Tyni ]
* Update debian/copyright for 5.17.11.
* Fix a few false positive format-security warnings from gcc.
* Use the DESTDIR mechanism for installation instead of mangling the
install paths before and after.
* New upstream release candidate.
perl (5.16.3-1) experimental; urgency=low
* Remove Depends/Recommends/Suggests on modules deprecated in 5.12 and
5.14 (Closes: #702094)
* Fix FTBFS with findutils from experimental by not using deprecated
permissions check syntax; thanks to Roland Stigge (Closes: #702562)
* Merge 5.14.2-17, 5.14.2-18, 5.14.2-19 and 5.14.2-20 from unstable
+ Fix a double-free bug in Digest::SHA. (Closes: #698174)
+ update the Breaks: entry accordingly.
+ Avoid wraparound when casting unsigned size_t to signed ssize_t.
(Closes: #698320)
+ [SECURITY] CVE-2013-1667: fix a rehashing DoS opportunity
against code that uses arbitrary user input as hash keys.
(Closes: #702296)
+ Fix an Encode memory leak that occurred in the UTF-8 encoding.
(Closes: #702416)
+ upgrade the Broken versions of the separate libencode-perl
package accordingly.
* Update debian/t/control.t to reflect Module::CoreList version
inconsistency and to remove references to non-existent Breaks
* Remove unneeded versioned dependencies on gcc and cpio
(Closes: #678138)
* Fix debian/copyright syntax (thanks, Lintian)
* Include correct branch name in Vcs-Git field
* New upstream release
perl (5.16.2-2) experimental; urgency=low
[ Dominic Hargreaves ]
* Merge 5.14.2-15 and 5.14.2-16 from unstable
+ [SECURITY] CVE-2012-5526: CGI.pm improper cookie and p3p
CRLF escaping (Closes: #693420)
+ [SECURITY] Fix misparsing of maketext strings which could allow
arbitrary code execution from untrusted maketext templates
(Closes: #695224)
+ [SECURITY] add warning to Storable documentation that Storable
documents should not be accepted from untrusted sources
(Closes: #695223)
+ Fix CPAN::FirstTime defaults with nonexisting site dirs if a parent
is writable. (Closes: #688842)
+ Don't overwrite $Config{lddlflags} or ccdlflags on GNU/kFreeBSD.
(Closes: #689713)
[ Niko Tyni ]
* Minor packaging improvements:
+ present Debian bugs consistently in patchlevel.h.
+ use gzip -n for reproducible results
+ support comments in file lists
+ fix a syntax error in debian/copyright
+ support the '**' notation in file lists for matching subdirectories
perl (5.16.2-1) experimental; urgency=low
* New upstream release
- update debian/copyright version (no changes)
- update Breaks version for libmodule-corelist-perl
* Merge 5.14.2-13 and 5.14.2-14 from unstable
perl (5.16.1-1) experimental; urgency=low
* Merge 5.14.2-11 and 5.14.2-12 from unstable
* New upstream release
- update Breaks/Replaces/Provides for libscalar-list-utils-perl
- update debian/copyright version (no changes)
* Update Breaks/Replaces/Provides for new libsocket-perl
perl (5.16.0-1) experimental; urgency=low
* New upstream release
- update debian/copyright
- update Breaks versions in debian/control for dual-lived modules
- remove Provides/Replaces/Breaks for removed modules
libdevel-dprof-perl, libperl4-corelibs-perl, libshell-perl
- add Provides/Replaces/Breaks for new libcpan-meta-requirements-perl
- add new files to perl-base to keep it self-contained
* Add patch from Daniel Kahn Gillmor fixing propagation of socket
type information (Closes: #659075)
* Fix test failure with t/op/getpid.t on kFreeBSD by including a
linuxthreads version check
perl (5.14.2-21) unstable; urgency=low
[ Dominic Hargreaves ]
* Update the Locale::Maketext fix by importing 1.23, to avoid
double-escaping problems (see: #695224)
perl (5.14.2-20) unstable; urgency=low
* Fix an Encode memory leak that occurred in the UTF-8 encoding.
(Closes: #702416)
+ upgrade the Broken versions of the separate libencode-perl
package accordingly.
perl (5.14.2-19) unstable; urgency=high
* [SECURITY] CVE-2013-1667: fix a rehashing DoS opportunity
against code that uses arbitrary user input as hash keys.
(Closes: #702296)
perl (5.14.2-18) unstable; urgency=low
* Fix a squeeze regression with STDIN and signal handlers.
(Closes: #700171)
perl (5.14.2-17) unstable; urgency=low
* Fix a double-free bug in Digest::SHA. (Closes: #698174)
+ update the Breaks: entry accordingly.
* Avoid wraparound when casting unsigned size_t to signed ssize_t.
(Closes: #698320)
perl (5.14.2-16) unstable; urgency=medium
* [SECURITY] CVE-2012-5526: CGI.pm improper cookie and p3p
CRLF escaping (Closes: #693420)
* [SECURITY] Fix misparsing of maketext strings which could allow
arbitrary code execution from untrusted maketext templates
(Closes: #695224)
* [SECURITY] add warning to Storable documentation that Storable
documents should not be accepted from untrusted sources
(Closes: #695223)
perl (5.14.2-15) unstable; urgency=low
* Fix CPAN::FirstTime defaults with nonexisting site dirs if a parent
is writable. (Closes: #688842)
* Don't overwrite $Config{lddlflags} or ccdlflags on GNU/kFreeBSD.
(Closes: #689713)
* Fix tainted smart matching. (Closes: #690571)
* Cherry-pick fixes from 5.14.3:
+ /i regexps match correctly with latin1 characters again (Closes: #690975)
+ /i regexps match beyond the start of the string with multi-char folds
again. (Closes: #690976)
+ /[[:lower:]]/i and /[[:upper:]]/i match the opposite cases again
(Closes: #690979)
+ <$fh> no longer hangs or eats memory on a glob copy (Closes: #629363)
+ enforce Any ~~ Object smartmatch precedence (Closes: #691102)
+ update perlcheat.pod to 5.14. (Closes: #691112)
perl (5.14.2-14) unstable; urgency=high
* [SECURITY] CVE-2012-5195: fix a heap buffer overrun with
the 'x' string repeat operator. (Closes: #689314)
perl (5.14.2-13) unstable; urgency=low
* Apply patch fixing IPC::Open3 when command is '-' (Closes: #683894)
* Add Breaks/Replaces/Provides for new dual-lived libsocket-perl
(Closes: #679154)
perl (5.14.2-12) unstable; urgency=low
* Re-enable thread tests on kFreeBSD now that libc breakage has been
resolved (Closes: #672152, #677045)
* Update Standards-Version (no changes)
* Add minimal Copyright fields to debian/copyright paragraphs that
were missing them, to fix Lintian warnings about missing required
fields
perl (5.14.2-11) unstable; urgency=low
[ Dominic Hargreaves ]
* Add patch from Daniel Kahn Gillmor fixing propagation of socket
type information (Closes: #659075)
[ Niko Tyni ]
* Temporarily disable thread tests on kFreeBSD to work around libc breakage.
(See #672152 and #673711)
* Remove empty Copyright lines from debian/copyright to appease
Config::Model.
perl (5.14.2-10) unstable; urgency=low
* Properly propagate tainted errors (Closes: #663158)
* Invoke x-terminal-emulator rather than xterm in perl5db.pl
(Closes: #668490)
* Add Conflicts with mono-gac (<< 2.10.8.1-3) to perl-base and
perl-modules (Closes: #665384)
perl (5.14.2-9) unstable; urgency=low
[ Dominic Hargreaves ]
* Add Breaks on various packages which had 5.12/5.14 compatibility
bugs fixed since squeeze, to help with partial upgrades
* Add Breaks on ftpmirror for the same reason (Closes: #659799)
[ Niko Tyni ]
* No longer disable the 'pie' build flags: the implementation was
overwriting DEB_BUILD_MAINT_OPTIONS altogether.
* Modify Config_heavy.pl after the build to remove dpkg-buildflags
effects on ccflags and lddlflags; we don't want to force them on
all XS modules at this stage. (See #657853)
* Update the DEP-5 URL in debian/copyright now that it is finally stabilized.
* Make EU::MM pass LD through to recursive Makefile.PL invocations.
(Closes: #660195)
perl (5.14.2-8) experimental; urgency=low
[ Dominic Hargreaves ]
* Include some notes in debian/rules about not using perl more than
necessary
* Fix CGI.pm to not use the deprecated shellwords.pl library
* Don't use _POSIX_PATH_MAX as a fallback PATH_MAX (Closes: #656869)
[ Niko Tyni ]
* Pass system zlib information to the Compress-Raw-Zlib build system
with environment variables instead of patching the source.
* Make perl-base and perl-modules conflict with defoma (<< 0.11.12),
whose older versions may break when invoked from preinst scripts
during squeeze -> wheezy upgrades. (Closes: #657940)
* Use dpkg-buildflags (when available) to enable hardened builds.
(Closes: #657853)
+ explicitly disable the 'pie' flags until somebody finds a way
to make them work with the build system
perl (5.14.2-7) unstable; urgency=low
[ Dominic Hargreaves ]
* Re-enable tests dist/threads/t/libc.t, ext/Socket/t/socketpair.t
on GNU/Hurd fixed by changes in hurd (20111206-1)
* Re-enable test cpan/autodie/t/recv.t on GNU/Hurd fixed by changes in
eglibc (2.13-22)
* Add missing POD descriptions in modules from CPAN, to fix Lintian
warnings (Closes: #650448, #650450, #650451, #650452)
* Fix AE ligature fallback handling in Pod::Man (thanks to
Russ Allbery for the fix) (Closes: #652851)
* Update references to the FSF's postal address (fixes Lintian warnings)
* Add Lintian overrides for missing manpages for perldoc stub and
cpanp-run-perl utility script (Closes: #654652)
* Fix POD formatting in Term-Cap and Pod-Parser (fixes Lintian warnings)
* Remove special-case override for non-overridable no-copyright-file
Lintian tag (see #522827 and #553262)
[ Jonathan Nieder ]
* Add Homepage field pointing to dev.perl.org (Closes: #657274)
-- Jason Gross <email address hidden> Fri, 22 Mar 2019 01:57:52 -0400
Builds
Package files