[Bug 1946886] Re: Merge php-pear from Debian unstable for 22.04

Bryce Harrington Mon, 18 Oct 2021 20:41:05 -0700

** Description changed:

- Scheduled-For: 22.11
- Upstream: tbd
- Debian:   1:1.10.12+submodules+notgz+20210212-1    
+ Upstream: 1.10.13
+ Debian:   1:1.10.12+submodules+notgz+20210212-1
  Ubuntu:   1:1.10.12+submodules+notgz+20210212-1ubuntu1
  
+ Debian typically updates this package every 2 months, but has not done
+ so since 21.04.  Check back monthly.
  
+ There is a new upstream version, however, so may be worth going ahead of
+ debian and/or updating it in Debian and syncing it.
  
  ### New Debian Changes ###
  
  php-pear (1:1.10.12+submodules+notgz+20210212-1) unstable;
  urgency=medium
  
-   [ Ondřej Surý ]
-   * (CVE-2020-36193) Update Archive_Tar to 1.4.12 (Closes: #980428)
-   * Remove .gitattributes from submodules as it breaks our build
+   [ Ondřej Surý ]
+   * (CVE-2020-36193) Update Archive_Tar to 1.4.12 (Closes: #980428)
+   * Remove .gitattributes from submodules as it breaks our build
  
-   [ Mathieu Parent ]
-   * Remove all *.tgz files, to ease copyright review
+   [ Mathieu Parent ]
+   * Remove all *.tgz files, to ease copyright review
  
-  -- Ondřej Surý <[email protected]>  Fri, 12 Feb 2021 09:05:38 +0100
+  -- Ondřej Surý <[email protected]>  Fri, 12 Feb 2021 09:05:38 +0100
  
  php-pear (1:1.10.12+submodules+notgz-1) unstable; urgency=medium
  
-   * Update PEAR to 1.10.12
-   * Update Archive_Tar to 1.4.7
-   * Update Console_Getopt to 1.4.2
-   * Update Structures_Graph to latest trunk
-   * Update XML_Util to 1.4.3
-   * Lower the dh_compat level to 10 to help with backports
-   * Remove .gitattributes from submodules as it breaks our build
-   * Use pristine-tar (first create and then use pristine-tar commit)
+   * Update PEAR to 1.10.12
+   * Update Archive_Tar to 1.4.7
+   * Update Console_Getopt to 1.4.2
+   * Update Structures_Graph to latest trunk
+   * Update XML_Util to 1.4.3
+   * Lower the dh_compat level to 10 to help with backports
+   * Remove .gitattributes from submodules as it breaks our build
+   * Use pristine-tar (first create and then use pristine-tar commit)
  
-  -- Ondřej Surý <[email protected]>  Sat, 10 Oct 2020 15:10:13 +0200
+  -- Ondřej Surý <[email protected]>  Sat, 10 Oct 2020 15:10:13 +0200
  
  php-pear (1:1.10.9+submodules+notgz-1) unstable; urgency=low
  
-   [ Ondřej Surý ]
-   * Update PEAR to 1.10.8
-   * Update Archive_Tar to 1.4.6
-   * Update Console_Getopt to 1.4.2
-   * Update maintainer address
-   * Update gbp.conf for salsa and enable pristine-tar
-   * Bump policy to recent version (no change)
+   [ Ondřej Surý ]
+   * Update PEAR to 1.10.8
+   * Update Archive_Tar to 1.4.6
+   * Update Console_Getopt to 1.4.2
+   * Update maintainer address
+   * Update gbp.conf for salsa and enable pristine-tar
+   * Bump policy to recent version (no change)
  
-   [ Mathieu Parent ]
-   * Update PEAR to 1.10.9
-     - Fixes count() on non Countable (Closes: #890433)
-   * Update Archive_Tar to 1.4.7
-   * Update Structures_Graph to v1.1.1 + 1 minor patch
-   * Add debian/README.source
-   * Fix package-uses-deprecated-source-override-location
-   * Fix insecure-copyright-format-uri
-   * Fix debian-watch-uses-insecure-uri
-   * Bump debhelper compat to 12
-   * Update debian/php-pear.substvars-static
-   * Fix manpage-has-errors-from-man
-   * Standards-Version: 4.4.0
-   * Add debian/salsa-ci.yml
-   * Implement the SOURCE_DATE_EPOCH specification (Closes: #750697)
+   [ Mathieu Parent ]
+   * Update PEAR to 1.10.9
+     - Fixes count() on non Countable (Closes: #890433)
+   * Update Archive_Tar to 1.4.7
+   * Update Structures_Graph to v1.1.1 + 1 minor patch
+   * Add debian/README.source
+   * Fix package-uses-deprecated-source-override-location
+   * Fix insecure-copyright-format-uri
+   * Fix debian-watch-uses-insecure-uri
+   * Bump debhelper compat to 12
+   * Update debian/php-pear.substvars-static
+   * Fix manpage-has-errors-from-man
+   * Standards-Version: 4.4.0
+   * Add debian/salsa-ci.yml
+   * Implement the SOURCE_DATE_EPOCH specification (Closes: #750697)
  
-  -- Mathieu Parent <[email protected]>  Thu, 01 Aug 2019 23:15:22 +0200
+  -- Mathieu Parent <[email protected]>  Thu, 01 Aug 2019 23:15:22 +0200
  
  php-pear (1:1.10.6+submodules+notgz-1) unstable; urgency=medium
  
-   * Update PEAR to 1.10.6
+   * Update PEAR to 1.10.6
  
-  -- Ondřej Surý <[email protected]>  Mon, 01 Oct 2018 12:15:44 +0000
+  -- Ondřej Surý <[email protected]>  Mon, 01 Oct 2018 12:15:44 +0000
  
  php-pear (1:1.10.5+submodules+notgz-1) unstable; urgency=medium
  
-   * Update PEAR to 1.10.5
-   * Update Archive_Tar to 1.4.3
-   * Update XML_Util to 1.4.3
+   * Update PEAR to 1.10.5
+   * Update Archive_Tar to 1.4.3
+   * Update XML_Util to 1.4.3
  
-  -- Ondřej Surý <[email protected]>  Thu, 10 Aug 2017 23:19:49 +0200
+  -- Ondřej Surý <[email protected]>  Thu, 10 Aug 2017 23:19:49 +0200
  
  php-pear (1:1.10.4+submodules+notgz-1) experimental; urgency=medium
  
-   * Update PEAR to 1.10.4
-   * Rebase patches on top of 1.10.4+submodules+notgz
-   * Update submodules to latest PEAR packaged versions:
-     bdd47347df76dbaa89227c5e1afd6f6809985b4c submodules/Archive_Tar (1.4.2)
-     82f05cd1aa3edf34e19aa7c8ca312ce13a6a577f submodules/Console_Getopt 
(v1.4.1)
-     608fdc835a62fb238e61bd1cf0aaf6c7a4420b5c submodules/Structures_Graph 
(v1.1.1)
-     0ee5f1d88573a935daf68d795048165b3491b5ff submodules/XML_Util (v1.4.2)
+   * Update PEAR to 1.10.4
+   * Rebase patches on top of 1.10.4+submodules+notgz
+   * Update submodules to latest PEAR packaged versions:
+     bdd47347df76dbaa89227c5e1afd6f6809985b4c submodules/Archive_Tar (1.4.2)
+     82f05cd1aa3edf34e19aa7c8ca312ce13a6a577f submodules/Console_Getopt 
(v1.4.1)
+     608fdc835a62fb238e61bd1cf0aaf6c7a4420b5c submodules/Structures_Graph 
(v1.1.1)
+     0ee5f1d88573a935daf68d795048165b3491b5ff submodules/XML_Util (v1.4.2)
  
-  -- Ondřej Surý <[email protected]>  Tue, 30 May 2017 16:18:19 +0200
+  -- Ondřej Surý <[email protected]>  Tue, 30 May 2017 16:18:19 +0200
  
  php-pear (1:1.10.1+submodules+notgz-9) unstable; urgency=medium
  
-   * Fix Vcs-* fields (was pointing to pkg-php-tools)
-   * Standards-Version: 3.9.8, no change
+   * Fix Vcs-* fields (was pointing to pkg-php-tools)
+   * Standards-Version: 3.9.8, no change
  
-  -- Mathieu Parent <[email protected]>  Wed, 25 Jan 2017 07:48:36 +0100
+  -- Mathieu Parent <[email protected]>  Wed, 25 Jan 2017 07:48:36 +0100
  
  php-pear (1:1.10.1+submodules+notgz-8) unstable; urgency=medium
  
-   * Remove /usr/share/php/{.depdb,.filemap}
-     - As they would be outdated.
-     - This also fixes the last remaining FTBR
+   * Remove /usr/share/php/{.depdb,.filemap}
+     - As they would be outdated.
+     - This also fixes the last remaining FTBR
  
-  -- Mathieu Parent <[email protected]>  Sun, 24 Apr 2016 00:54:49 +0200
+  -- Mathieu Parent <[email protected]>  Sun, 24 Apr 2016 00:54:49 +0200
  
  php-pear (1:1.10.1+submodules+notgz-7) unstable; urgency=medium
  
-   * Makes the build reproducible by fixing _lastmodified to be an int
+   * Makes the build reproducible by fixing _lastmodified to be an int
  
-  -- Mathieu Parent <[email protected]>  Wed, 20 Apr 2016 06:47:23 +0200
+  -- Mathieu Parent <[email protected]>  Wed, 20 Apr 2016 06:47:23 +0200
  
  php-pear (1:1.10.1+submodules+notgz-6) unstable; urgency=medium
- 
  
  ### Old Ubuntu Delta ###
  
  php-pear (1:1.10.12+submodules+notgz+20210212-1ubuntu1) impish;
  urgency=medium
  
-   * SECURITY REGRESSIONS:
-     - debian/patches/CVE-2020-36193-2.patch: fix out-of-path check for
-       virtual relative symlink in submodules/Archive_Tar/Archive/Tar.php.
-     - debian/patches/CVE-2020-36193-3.patch: PHP compat fix in
-       submodules/Archive_Tar/Archive/Tar.php.
-   * SECURITY UPDATE: incorrect symlink extraction
-     - debian/patches/CVE-2021-32610.patch: properly fix symbolic link path
-       traversal in submodules/Archive_Tar/Archive/Tar.php.
-     - CVE-2021-32610
+   * SECURITY REGRESSIONS:
+     - debian/patches/CVE-2020-36193-2.patch: fix out-of-path check for
+       virtual relative symlink in submodules/Archive_Tar/Archive/Tar.php.
+     - debian/patches/CVE-2020-36193-3.patch: PHP compat fix in
+       submodules/Archive_Tar/Archive/Tar.php.
+   * SECURITY UPDATE: incorrect symlink extraction
+     - debian/patches/CVE-2021-32610.patch: properly fix symbolic link path
+       traversal in submodules/Archive_Tar/Archive/Tar.php.
+     - CVE-2021-32610
  
-  -- Marc Deslauriers <[email protected]>  Wed, 28 Jul 2021
+  -- Marc Deslauriers <[email protected]>  Wed, 28 Jul 2021
  10:39:27 -0400


** Changed in: php-pear (Ubuntu)
    Milestone: None => ubuntu-22.01

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1946886

Title:
  Merge php-pear from Debian unstable for 22.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/php-pear/+bug/1946886/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1946886] Re: Merge php-pear from Debian unstable for 22.04

Reply via email to