php-pear (1:1.10.9+submodules+notgz-1ubuntu0.20.04.3) focal-security; urgency=medium * SECURITY UPDATE: incorrect symlink extraction - debian/patches/CVE-2021-32610.patch: properly fix symbolic link path traversal in submodules/Archive_Tar/Archive/Tar.php. - CVE-2021-32610 -- Marc Deslauriers Wed, 28 Jul 2021 10:48:22 -0400 php-pear (1:1.10.9+submodules+notgz-1ubuntu0.20.04.2) focal-security; urgency=medium * SECURITY UPDATE: directory traversal attack in Archive_Tar - debian/patches/CVE-2020-36193-1.patch: disallow symlinks to out-of-path filenames in submodules/Archive_Tar/Archive/Tar.php. - debian/patches/CVE-2020-36193-2.patch: fix out-of-path check for virtual relative symlink in submodules/Archive_Tar/Archive/Tar.php. - debian/patches/CVE-2020-36193-3.patch: PHP compat fix in submodules/Archive_Tar/Archive/Tar.php.. - CVE-2020-36193 -- Marc Deslauriers Thu, 04 Feb 2021 10:37:22 -0500 php-pear (1:1.10.9+submodules+notgz-1ubuntu0.20.04.1) focal-security; urgency=medium * SECURITY UPDATE: unserialization attack in Archive_Tar - debian/patches/CVE-2020-2894x.patch: catch additional malicious or crafted filenames in submodules/Archive_Tar/Archive/Tar.php. - CVE-2020-28948 - CVE-2020-28949 -- Marc Deslauriers Mon, 30 Nov 2020 09:55:16 -0500 php-pear (1:1.10.9+submodules+notgz-1) unstable; urgency=low [ Ondřej Surý ] * Update PEAR to 1.10.8 * Update Archive_Tar to 1.4.6 * Update Console_Getopt to 1.4.2 * Update maintainer address * Update gbp.conf for salsa and enable pristine-tar * Bump policy to recent version (no change) [ Mathieu Parent ] * Update PEAR to 1.10.9 - Fixes count() on non Countable (Closes: #890433) * Update Archive_Tar to 1.4.7 * Update Structures_Graph to v1.1.1 + 1 minor patch * Add debian/README.source * Fix package-uses-deprecated-source-override-location * Fix insecure-copyright-format-uri * Fix debian-watch-uses-insecure-uri * Bump debhelper compat to 12 * Update debian/php-pear.substvars-static * Fix manpage-has-errors-from-man * Standards-Version: 4.4.0 * Add debian/salsa-ci.yml * Implement the SOURCE_DATE_EPOCH specification (Closes: #750697) -- Mathieu Parent Thu, 01 Aug 2019 23:15:22 +0200 php-pear (1:1.10.6+submodules+notgz-1) unstable; urgency=medium * Update PEAR to 1.10.6 -- Ondřej Surý Mon, 01 Oct 2018 12:15:44 +0000 php-pear (1:1.10.5+submodules+notgz-1) unstable; urgency=medium * Update PEAR to 1.10.5 * Update Archive_Tar to 1.4.3 * Update XML_Util to 1.4.3 -- Ondřej Surý Thu, 10 Aug 2017 23:19:49 +0200 php-pear (1:1.10.4+submodules+notgz-1) experimental; urgency=medium * Update PEAR to 1.10.4 * Rebase patches on top of 1.10.4+submodules+notgz * Update submodules to latest PEAR packaged versions: bdd47347df76dbaa89227c5e1afd6f6809985b4c submodules/Archive_Tar (1.4.2) 82f05cd1aa3edf34e19aa7c8ca312ce13a6a577f submodules/Console_Getopt (v1.4.1) 608fdc835a62fb238e61bd1cf0aaf6c7a4420b5c submodules/Structures_Graph (v1.1.1) 0ee5f1d88573a935daf68d795048165b3491b5ff submodules/XML_Util (v1.4.2) -- Ondřej Surý Tue, 30 May 2017 16:18:19 +0200 php-pear (1:1.10.1+submodules+notgz-9) unstable; urgency=medium * Fix Vcs-* fields (was pointing to pkg-php-tools) * Standards-Version: 3.9.8, no change -- Mathieu Parent Wed, 25 Jan 2017 07:48:36 +0100 php-pear (1:1.10.1+submodules+notgz-8) unstable; urgency=medium * Remove /usr/share/php/{.depdb,.filemap} - As they would be outdated. - This also fixes the last remaining FTBR -- Mathieu Parent Sun, 24 Apr 2016 00:54:49 +0200 php-pear (1:1.10.1+submodules+notgz-7) unstable; urgency=medium * Makes the build reproducible by fixing _lastmodified to be an int -- Mathieu Parent Wed, 20 Apr 2016 06:47:23 +0200 php-pear (1:1.10.1+submodules+notgz-6) unstable; urgency=medium * Add mv_conffile to move existing /etc/pear.conf to /etc/pear/pear.conf -- Ondřej Surý Tue, 22 Mar 2016 09:48:02 +0100 php-pear (1:1.10.1+submodules+notgz-5) unstable; urgency=medium * Replace /usr/share/doc/php-pear symlink by a dir (Closes: #817814) * Set PHP_PEAR_SYSCONF_DIR to /etc/pear (Closes: #818271) * Fix "PECL extensions FTBFS with PHP Fatal error: Call to a member function getFilelist() on null" (Closes: #805222) * Standards-Version: 3.9.7 * Updated Vcs-* fields to use https * Add lintian override for pear-package-without-pkg-php-tools-builddep -- Mathieu Parent Sat, 19 Mar 2016 22:43:58 +0100 php-pear (1:1.10.1+submodules+notgz-4) unstable; urgency=medium * pecl command needs to run without -n to pickup default PHP cli configuration, so XML module gets loaded * php-pear needs to pull XML extension as packaged in php-xml both into Depends and Build-Depends -- Ondřej Surý Thu, 03 Mar 2016 11:17:21 +0100 php-pear (1:1.10.1+submodules+notgz-3) unstable; urgency=medium * Depend on generic php-cli instead of php5-cli * Fix debian/php-pear.substvars-static to not depend on php5-* * Move included modules from Depends to Provides -- Ondřej Surý Mon, 07 Dec 2015 16:00:56 +0100 php-pear (1:1.10.1+submodules+notgz-2) experimental; urgency=medium * Don't depend on included libs: Structures_Graph, Console_Getopt, XML_Util -- Mathieu Parent Tue, 08 Dec 2015 23:17:52 +0100 php-pear (1:1.10.1+submodules+notgz-1) experimental; urgency=low * Initial release. (Closes: #801919) * Using epoch, as package was previously in src:php5 (Closes: #714848) * Install manpages (Closes: #414878) -- Mathieu Parent Fri, 27 Nov 2015 23:30:21 +0100