** Description changed: - Scheduled-For: 22.11 - Upstream: tbd - Debian: 1:1.10.12+submodules+notgz+20210212-1 + Upstream: 1.10.13 + Debian: 1:1.10.12+submodules+notgz+20210212-1 Ubuntu: 1:1.10.12+submodules+notgz+20210212-1ubuntu1 + Debian typically updates this package every 2 months, but has not done + so since 21.04. Check back monthly. + There is a new upstream version, however, so may be worth going ahead of + debian and/or updating it in Debian and syncing it. ### New Debian Changes ### php-pear (1:1.10.12+submodules+notgz+20210212-1) unstable; urgency=medium - [ Ondřej Surý ] - * (CVE-2020-36193) Update Archive_Tar to 1.4.12 (Closes: #980428) - * Remove .gitattributes from submodules as it breaks our build + [ Ondřej Surý ] + * (CVE-2020-36193) Update Archive_Tar to 1.4.12 (Closes: #980428) + * Remove .gitattributes from submodules as it breaks our build - [ Mathieu Parent ] - * Remove all *.tgz files, to ease copyright review + [ Mathieu Parent ] + * Remove all *.tgz files, to ease copyright review - -- Ondřej Surý <ond...@debian.org> Fri, 12 Feb 2021 09:05:38 +0100 + -- Ondřej Surý <ond...@debian.org> Fri, 12 Feb 2021 09:05:38 +0100 php-pear (1:1.10.12+submodules+notgz-1) unstable; urgency=medium - * Update PEAR to 1.10.12 - * Update Archive_Tar to 1.4.7 - * Update Console_Getopt to 1.4.2 - * Update Structures_Graph to latest trunk - * Update XML_Util to 1.4.3 - * Lower the dh_compat level to 10 to help with backports - * Remove .gitattributes from submodules as it breaks our build - * Use pristine-tar (first create and then use pristine-tar commit) + * Update PEAR to 1.10.12 + * Update Archive_Tar to 1.4.7 + * Update Console_Getopt to 1.4.2 + * Update Structures_Graph to latest trunk + * Update XML_Util to 1.4.3 + * Lower the dh_compat level to 10 to help with backports + * Remove .gitattributes from submodules as it breaks our build + * Use pristine-tar (first create and then use pristine-tar commit) - -- Ondřej Surý <ond...@debian.org> Sat, 10 Oct 2020 15:10:13 +0200 + -- Ondřej Surý <ond...@debian.org> Sat, 10 Oct 2020 15:10:13 +0200 php-pear (1:1.10.9+submodules+notgz-1) unstable; urgency=low - [ Ondřej Surý ] - * Update PEAR to 1.10.8 - * Update Archive_Tar to 1.4.6 - * Update Console_Getopt to 1.4.2 - * Update maintainer address - * Update gbp.conf for salsa and enable pristine-tar - * Bump policy to recent version (no change) + [ Ondřej Surý ] + * Update PEAR to 1.10.8 + * Update Archive_Tar to 1.4.6 + * Update Console_Getopt to 1.4.2 + * Update maintainer address + * Update gbp.conf for salsa and enable pristine-tar + * Bump policy to recent version (no change) - [ Mathieu Parent ] - * Update PEAR to 1.10.9 - - Fixes count() on non Countable (Closes: #890433) - * Update Archive_Tar to 1.4.7 - * Update Structures_Graph to v1.1.1 + 1 minor patch - * Add debian/README.source - * Fix package-uses-deprecated-source-override-location - * Fix insecure-copyright-format-uri - * Fix debian-watch-uses-insecure-uri - * Bump debhelper compat to 12 - * Update debian/php-pear.substvars-static - * Fix manpage-has-errors-from-man - * Standards-Version: 4.4.0 - * Add debian/salsa-ci.yml - * Implement the SOURCE_DATE_EPOCH specification (Closes: #750697) + [ Mathieu Parent ] + * Update PEAR to 1.10.9 + - Fixes count() on non Countable (Closes: #890433) + * Update Archive_Tar to 1.4.7 + * Update Structures_Graph to v1.1.1 + 1 minor patch + * Add debian/README.source + * Fix package-uses-deprecated-source-override-location + * Fix insecure-copyright-format-uri + * Fix debian-watch-uses-insecure-uri + * Bump debhelper compat to 12 + * Update debian/php-pear.substvars-static + * Fix manpage-has-errors-from-man + * Standards-Version: 4.4.0 + * Add debian/salsa-ci.yml + * Implement the SOURCE_DATE_EPOCH specification (Closes: #750697) - -- Mathieu Parent <sath...@debian.org> Thu, 01 Aug 2019 23:15:22 +0200 + -- Mathieu Parent <sath...@debian.org> Thu, 01 Aug 2019 23:15:22 +0200 php-pear (1:1.10.6+submodules+notgz-1) unstable; urgency=medium - * Update PEAR to 1.10.6 + * Update PEAR to 1.10.6 - -- Ondřej Surý <ond...@debian.org> Mon, 01 Oct 2018 12:15:44 +0000 + -- Ondřej Surý <ond...@debian.org> Mon, 01 Oct 2018 12:15:44 +0000 php-pear (1:1.10.5+submodules+notgz-1) unstable; urgency=medium - * Update PEAR to 1.10.5 - * Update Archive_Tar to 1.4.3 - * Update XML_Util to 1.4.3 + * Update PEAR to 1.10.5 + * Update Archive_Tar to 1.4.3 + * Update XML_Util to 1.4.3 - -- Ondřej Surý <ond...@debian.org> Thu, 10 Aug 2017 23:19:49 +0200 + -- Ondřej Surý <ond...@debian.org> Thu, 10 Aug 2017 23:19:49 +0200 php-pear (1:1.10.4+submodules+notgz-1) experimental; urgency=medium - * Update PEAR to 1.10.4 - * Rebase patches on top of 1.10.4+submodules+notgz - * Update submodules to latest PEAR packaged versions: - bdd47347df76dbaa89227c5e1afd6f6809985b4c submodules/Archive_Tar (1.4.2) - 82f05cd1aa3edf34e19aa7c8ca312ce13a6a577f submodules/Console_Getopt (v1.4.1) - 608fdc835a62fb238e61bd1cf0aaf6c7a4420b5c submodules/Structures_Graph (v1.1.1) - 0ee5f1d88573a935daf68d795048165b3491b5ff submodules/XML_Util (v1.4.2) + * Update PEAR to 1.10.4 + * Rebase patches on top of 1.10.4+submodules+notgz + * Update submodules to latest PEAR packaged versions: + bdd47347df76dbaa89227c5e1afd6f6809985b4c submodules/Archive_Tar (1.4.2) + 82f05cd1aa3edf34e19aa7c8ca312ce13a6a577f submodules/Console_Getopt (v1.4.1) + 608fdc835a62fb238e61bd1cf0aaf6c7a4420b5c submodules/Structures_Graph (v1.1.1) + 0ee5f1d88573a935daf68d795048165b3491b5ff submodules/XML_Util (v1.4.2) - -- Ondřej Surý <ond...@debian.org> Tue, 30 May 2017 16:18:19 +0200 + -- Ondřej Surý <ond...@debian.org> Tue, 30 May 2017 16:18:19 +0200 php-pear (1:1.10.1+submodules+notgz-9) unstable; urgency=medium - * Fix Vcs-* fields (was pointing to pkg-php-tools) - * Standards-Version: 3.9.8, no change + * Fix Vcs-* fields (was pointing to pkg-php-tools) + * Standards-Version: 3.9.8, no change - -- Mathieu Parent <sath...@debian.org> Wed, 25 Jan 2017 07:48:36 +0100 + -- Mathieu Parent <sath...@debian.org> Wed, 25 Jan 2017 07:48:36 +0100 php-pear (1:1.10.1+submodules+notgz-8) unstable; urgency=medium - * Remove /usr/share/php/{.depdb,.filemap} - - As they would be outdated. - - This also fixes the last remaining FTBR + * Remove /usr/share/php/{.depdb,.filemap} + - As they would be outdated. + - This also fixes the last remaining FTBR - -- Mathieu Parent <sath...@debian.org> Sun, 24 Apr 2016 00:54:49 +0200 + -- Mathieu Parent <sath...@debian.org> Sun, 24 Apr 2016 00:54:49 +0200 php-pear (1:1.10.1+submodules+notgz-7) unstable; urgency=medium - * Makes the build reproducible by fixing _lastmodified to be an int + * Makes the build reproducible by fixing _lastmodified to be an int - -- Mathieu Parent <sath...@debian.org> Wed, 20 Apr 2016 06:47:23 +0200 + -- Mathieu Parent <sath...@debian.org> Wed, 20 Apr 2016 06:47:23 +0200 php-pear (1:1.10.1+submodules+notgz-6) unstable; urgency=medium - ### Old Ubuntu Delta ### php-pear (1:1.10.12+submodules+notgz+20210212-1ubuntu1) impish; urgency=medium - * SECURITY REGRESSIONS: - - debian/patches/CVE-2020-36193-2.patch: fix out-of-path check for - virtual relative symlink in submodules/Archive_Tar/Archive/Tar.php. - - debian/patches/CVE-2020-36193-3.patch: PHP compat fix in - submodules/Archive_Tar/Archive/Tar.php. - * SECURITY UPDATE: incorrect symlink extraction - - debian/patches/CVE-2021-32610.patch: properly fix symbolic link path - traversal in submodules/Archive_Tar/Archive/Tar.php. - - CVE-2021-32610 + * SECURITY REGRESSIONS: + - debian/patches/CVE-2020-36193-2.patch: fix out-of-path check for + virtual relative symlink in submodules/Archive_Tar/Archive/Tar.php. + - debian/patches/CVE-2020-36193-3.patch: PHP compat fix in + submodules/Archive_Tar/Archive/Tar.php. + * SECURITY UPDATE: incorrect symlink extraction + - debian/patches/CVE-2021-32610.patch: properly fix symbolic link path + traversal in submodules/Archive_Tar/Archive/Tar.php. + - CVE-2021-32610 - -- Marc Deslauriers <marc.deslauri...@ubuntu.com> Wed, 28 Jul 2021 + -- Marc Deslauriers <marc.deslauri...@ubuntu.com> Wed, 28 Jul 2021 10:39:27 -0400
** Changed in: php-pear (Ubuntu) Milestone: None => ubuntu-22.01 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1946886 Title: Merge php-pear from Debian unstable for 22.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php-pear/+bug/1946886/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs