Author: Niko Tyni
Revision Date: 2012-05-25 10:14:00 UTC

[ Dominic Hargreaves ]
* Add patch from Daniel Kahn Gillmor fixing propagation of socket
  type information (Closes: #659075)

[ Niko Tyni ]
* Temporarily disable thread tests on kFreeBSD to work around libc breakage.
  (See #672152 and #673711)
* Remove empty Copyright lines from debian/copyright to appease
  Config::Model.

Author: Niko Tyni
Revision Date: 2012-05-25 10:14:00 UTC

[ Dominic Hargreaves ]
* Add patch from Daniel Kahn Gillmor fixing propagation of socket
  type information (Closes: #659075)

[ Niko Tyni ]
* Temporarily disable thread tests on kFreeBSD to work around libc breakage.
  (See #672152 and #673711)
* Remove empty Copyright lines from debian/copyright to appease
  Config::Model.

Author: Niko Tyni
Revision Date: 2012-05-25 10:14:00 UTC

[ Dominic Hargreaves ]
* Add patch from Daniel Kahn Gillmor fixing propagation of socket
  type information (Closes: #659075)

[ Niko Tyni ]
* Temporarily disable thread tests on kFreeBSD to work around libc breakage.
  (See #672152 and #673711)
* Remove empty Copyright lines from debian/copyright to appease
  Config::Model.

Author: Niko Tyni
Revision Date: 2012-05-25 10:14:00 UTC

[ Dominic Hargreaves ]
* Add patch from Daniel Kahn Gillmor fixing propagation of socket
  type information (Closes: #659075)

[ Niko Tyni ]
* Temporarily disable thread tests on kFreeBSD to work around libc breakage.
  (See #672152 and #673711)
* Remove empty Copyright lines from debian/copyright to appease
  Config::Model.

Author: Niko Tyni
Revision Date: 2012-05-25 10:14:00 UTC

[ Dominic Hargreaves ]
* Add patch from Daniel Kahn Gillmor fixing propagation of socket
  type information (Closes: #659075)

[ Niko Tyni ]
* Temporarily disable thread tests on kFreeBSD to work around libc breakage.
  (See #672152 and #673711)
* Remove empty Copyright lines from debian/copyright to appease
  Config::Model.

Author: Niko Tyni
Revision Date: 2012-05-25 10:14:00 UTC

[ Dominic Hargreaves ]
* Add patch from Daniel Kahn Gillmor fixing propagation of socket
  type information (Closes: #659075)

[ Niko Tyni ]
* Temporarily disable thread tests on kFreeBSD to work around libc breakage.
  (See #672152 and #673711)
* Remove empty Copyright lines from debian/copyright to appease
  Config::Model.

Author: Niko Tyni
Revision Date: 2012-05-25 10:14:00 UTC

[ Dominic Hargreaves ]
* Add patch from Daniel Kahn Gillmor fixing propagation of socket
  type information (Closes: #659075)

[ Niko Tyni ]
* Temporarily disable thread tests on kFreeBSD to work around libc breakage.
  (See #672152 and #673711)
* Remove empty Copyright lines from debian/copyright to appease
  Config::Model.

Author: Steve Langasek
Revision Date: 2012-03-23 14:59:33 UTC

releasing version 5.14.2-6ubuntu2

Author: Dominic Hargreaves
Revision Date: 2011-08-10 19:25:23 UTC

Fix decode_xs n-byte heap-overflow security bug in Unicode.xs
(Closes: #637376)

Author: Marc Deslauriers
Revision Date: 2011-04-26 09:32:28 UTC

* SECURITY UPDATE: multiple intended restriction bypasses in Safe.pm
  - debian/patches/fixes/CVE-2010-1447.diff: update Safe.pm to version
    2.29 to fix multiple issues.
  - debian/patches/series: disable superseded fixes/safe-upgrade.diff.
  - CVE-2010-1447
* SECURITY UPDATE: taint protection bypass via missing taint attributes
  - debian/patches/fixes/CVE-2011-1487.diff: put taint logic at the end
    of pp_* functions.
  - CVE-2011-1487

Author: Marc Deslauriers
Revision Date: 2011-04-21 11:24:47 UTC

* SECURITY UPDATE: multiple intended restriction bypasses in Safe.pm
  - debian/patches/debian/CVE-2010-1168.diff: update Safe.pm to version
    2.29 to fix multiple issues.
  - CVE-2010-1168
  - CVE-2010-1447
* SECURITY UPDATE: multiple issues in CGI.pm: hardcoded MIME boundary,
  and CRLF injections.
  - debian/patches/fixes/cgi-multiline-header.diff: fix issues with
    patch obtained from (5.10.1-17).
  - CVE-2010-2716
  - CVE-2010-4410
  - CVE-2010-4411
* SECURITY UPDATE: taint protection bypass via missing taint attributes
  - debian/patches/fixes/CVE-2011-1487.diff: put taint logic at the end
    of pp_* functions.
  - CVE-2011-1487

Author: Marc Deslauriers
Revision Date: 2011-04-21 13:22:49 UTC

* SECURITY UPDATE: multiple intended restriction bypasses in Safe.pm
  - debian/patches/debian/CVE-2010-1168.diff: update Safe.pm to version
    2.29 to fix multiple issues.
  - CVE-2010-1168
  - CVE-2010-1447
* SECURITY UPDATE: multiple issues in CGI.pm: hardcoded MIME boundary,
  and CRLF injections.
  - debian/patches/fixes/cgi-multiline-header.diff: fix issues with
    patch obtained from (5.10.1-17).
  - CVE-2010-2716
  - CVE-2010-4410
  - CVE-2010-4411
* SECURITY UPDATE: taint protection bypass via missing taint attributes
  - debian/patches/fixes/CVE-2011-1487.diff: put taint logic at the end
    of pp_* functions.
  - CVE-2011-1487

Author: Marc Deslauriers
Revision Date: 2011-04-26 09:32:28 UTC

* SECURITY UPDATE: multiple intended restriction bypasses in Safe.pm
  - debian/patches/fixes/CVE-2010-1447.diff: update Safe.pm to version
    2.29 to fix multiple issues.
  - debian/patches/series: disable superseded fixes/safe-upgrade.diff.
  - CVE-2010-1447
* SECURITY UPDATE: taint protection bypass via missing taint attributes
  - debian/patches/fixes/CVE-2011-1487.diff: put taint logic at the end
    of pp_* functions.
  - CVE-2011-1487

Author: Marc Deslauriers
Revision Date: 2011-04-21 11:24:47 UTC

* SECURITY UPDATE: multiple intended restriction bypasses in Safe.pm
  - debian/patches/debian/CVE-2010-1168.diff: update Safe.pm to version
    2.29 to fix multiple issues.
  - CVE-2010-1168
  - CVE-2010-1447
* SECURITY UPDATE: multiple issues in CGI.pm: hardcoded MIME boundary,
  and CRLF injections.
  - debian/patches/fixes/cgi-multiline-header.diff: fix issues with
    patch obtained from (5.10.1-17).
  - CVE-2010-2716
  - CVE-2010-4410
  - CVE-2010-4411
* SECURITY UPDATE: taint protection bypass via missing taint attributes
  - debian/patches/fixes/CVE-2011-1487.diff: put taint logic at the end
    of pp_* functions.
  - CVE-2011-1487

Author: Marc Deslauriers
Revision Date: 2011-04-21 13:22:49 UTC

* SECURITY UPDATE: multiple intended restriction bypasses in Safe.pm
  - debian/patches/debian/CVE-2010-1168.diff: update Safe.pm to version
    2.29 to fix multiple issues.
  - CVE-2010-1168
  - CVE-2010-1447
* SECURITY UPDATE: multiple issues in CGI.pm: hardcoded MIME boundary,
  and CRLF injections.
  - debian/patches/fixes/cgi-multiline-header.diff: fix issues with
    patch obtained from (5.10.1-17).
  - CVE-2010-2716
  - CVE-2010-4410
  - CVE-2010-4411
* SECURITY UPDATE: taint protection bypass via missing taint attributes
  - debian/patches/fixes/CVE-2011-1487.diff: put taint logic at the end
    of pp_* functions.
  - CVE-2011-1487

Author: Marc Deslauriers
Revision Date: 2011-04-22 13:05:34 UTC

* SECURITY UPDATE: multiple intended restriction bypasses in Safe.pm
  - debian/patches/71_CVE-2010-1168: update Safe.pm to version 2.29 to
    fix multiple issues.
  - CVE-2010-1168
  - CVE-2010-1447
* SECURITY UPDATE: multiple issues in CGI.pm: hardcoded MIME boundary,
  and CRLF injections.
  - debian/patches/72_cgi-multiline-header: fix issues with patch
    obtained from (5.10.1-17).
  - CVE-2010-2716
  - CVE-2010-4410
  - CVE-2010-4411

Author: Marc Deslauriers
Revision Date: 2011-04-22 13:05:34 UTC

* SECURITY UPDATE: multiple intended restriction bypasses in Safe.pm
  - debian/patches/71_CVE-2010-1168: update Safe.pm to version 2.29 to
    fix multiple issues.
  - CVE-2010-1168
  - CVE-2010-1447
* SECURITY UPDATE: multiple issues in CGI.pm: hardcoded MIME boundary,
  and CRLF injections.
  - debian/patches/72_cgi-multiline-header: fix issues with patch
    obtained from (5.10.1-17).
  - CVE-2010-2716
  - CVE-2010-4410
  - CVE-2010-4411

Author: Marc Deslauriers
Revision Date: 2011-04-22 12:48:43 UTC

* SECURITY UPDATE: multiple intended restriction bypasses in Safe.pm
  - debian/patches/74_CVE-2010-1168: update Safe.pm to version 2.29 to
    fix multiple issues.
  - CVE-2010-1168
  - CVE-2010-1447
* SECURITY UPDATE: multiple issues in CGI.pm: hardcoded MIME boundary,
  and CRLF injections.
  - debian/patches/75_cgi-multiline-header: fix issues with patch
    obtained from (5.10.1-17).
  - CVE-2010-2716
  - CVE-2010-4410
  - CVE-2010-4411

Author: Marc Deslauriers
Revision Date: 2011-04-22 12:48:43 UTC

* SECURITY UPDATE: multiple intended restriction bypasses in Safe.pm
  - debian/patches/74_CVE-2010-1168: update Safe.pm to version 2.29 to
    fix multiple issues.
  - CVE-2010-1168
  - CVE-2010-1447
* SECURITY UPDATE: multiple issues in CGI.pm: hardcoded MIME boundary,
  and CRLF injections.
  - debian/patches/75_cgi-multiline-header: fix issues with patch
    obtained from (5.10.1-17).
  - CVE-2010-2716
  - CVE-2010-4410
  - CVE-2010-4411

Author: Peter Pearse
Revision Date: 2011-04-21 09:12:08 UTC

And fix the patchlevel

Author: Steve Langasek
Revision Date: 2011-03-30 13:44:06 UTC

debian/config.debian: pass multiarch paths to the build (if
available) so that we're able to find libraries needed to build.
LP: #739693.

Author: Loïc Minier
Revision Date: 2010-07-12 10:31:16 UTC

Release 5.10.1-12ubuntu2

Author: Paul Brook
Revision Date: 2010-07-12 09:50:27 UTC

Fix build with recent GCC.
Make configure define PERL_PATCHLEVEL_H_IMPLICIT so that patchlevel.h does
not require git_version.h.

Author: Andrew Mitchell
Revision Date: 2010-04-23 12:23:44 UTC

Make perl-base conflict with older versions of safe-rm to unbreak
maintainer scripts on partial upgrades. (LP: #568670)

Author: Marc Deslauriers
Revision Date: 2009-06-26 08:33:34 UTC

* SECURITY UPDATE: denial of service via heap-based overflow
  - debian/patches/40_fix_compress-raw-zlib-cve-2009-1391: Add an extra
    byte for NUL termination.
  - CVE-2009-1391

Author: Marc Deslauriers
Revision Date: 2009-06-26 08:33:34 UTC

* SECURITY UPDATE: denial of service via heap-based overflow
  - debian/patches/40_fix_compress-raw-zlib-cve-2009-1391: Add an extra
    byte for NUL termination.
  - CVE-2009-1391

Author: Matthias Klose
Revision Date: 2009-09-29 19:51:02 UTC

On sparc, build with -O1 instead of -O2. See #438876.

Author: Matthias Klose
Revision Date: 2009-01-05 20:33:12 UTC

* Merge with Debian; remaining changes:
  - Ignore test results on hppa (thread tests fail).

Author: Marc Deslauriers
Revision Date: 2009-06-26 10:37:17 UTC

* SECURITY UPDATE: denial of service via heap-based overflow
  - debian/patches/37_fix_compress-raw-zlib-cve-2009-1391: Add an extra
    byte for NUL termination.
  - CVE-2009-1391
* Apply harmless missing part of 90_archive_tar_fix_symlink_unpack patch
  (regression tests)

Author: Marc Deslauriers
Revision Date: 2009-06-26 10:37:17 UTC

* SECURITY UPDATE: denial of service via heap-based overflow
  - debian/patches/37_fix_compress-raw-zlib-cve-2009-1391: Add an extra
    byte for NUL termination.
  - CVE-2009-1391
* Apply harmless missing part of 90_archive_tar_fix_symlink_unpack patch
  (regression tests)

Author: Michael Vogt
Revision Date: 2008-07-23 22:06:34 UTC

* debian/control:
  - add Breaks against doc-base (<< 0.8.16) to fix upgrade
    issue from hardy->intrepid (LP: #243830)

Author: Brendan O'Dea
Revision Date: 2007-11-08 08:42:01 UTC

* SECURITY [CVE-2007-5116] (closes: #450456): Apply patch from
  Will Drewry and Tavis Ormandy of the Google Security Team to fix a
  UTF-8 related heap overflow in Perl's regular expression compiler,
  probably allowing attackers to execute arbitrary code by compiling
  specially crafted regular expressions.

* Support "nocheck" option in DEB_BUILD_OPTIONS (closes: #449549).
* Suppress Configure test for ualarm() so that setitimer() emulation
  is used (closes: #448965).

Author: Kees Cook
Revision Date: 2008-12-05 14:17:28 UTC

* SECURITY UPDATE: race condition in File::Path::rmtree could allow
  arbitrary file removal and setuid file creation.
  - 17_fix_file_path: upstream fixes, thanks to Niko Tyni.
  - 17_fix_file_path_chdir: fix regressions in rmtree symantics.
  - CVE-2008-5302 CVE-2008-5303
* SECURITY UPDATE: crash on 64bit via crafted utf8 encodings.
  - 48_utf8_heap_overflow: upstream fixes, thanks to Niko Tyni and
    Florian Weimer.
  - CVE-2008-1927

Author: Kees Cook
Revision Date: 2008-12-05 14:17:28 UTC

* SECURITY UPDATE: race condition in File::Path::rmtree could allow
  arbitrary file removal and setuid file creation.
  - 17_fix_file_path: upstream fixes, thanks to Niko Tyni.
  - 17_fix_file_path_chdir: fix regressions in rmtree symantics.
  - CVE-2008-5302 CVE-2008-5303
* SECURITY UPDATE: crash on 64bit via crafted utf8 encodings.
  - 48_utf8_heap_overflow: upstream fixes, thanks to Niko Tyni and
    Florian Weimer.
  - CVE-2008-1927

Author: LaMont Jones
Revision Date: 2007-09-28 10:56:29 UTC

Fix illegal Conflicts, based on existing versions of
libattribute-handlers-perl. LP: #132702

Author: Kees Cook
Revision Date: 2007-11-30 14:42:44 UTC

* SECURITY UPDATE: arbitrary code execution via regex flaws.
* regcomp.c: applied upstream fixes, thanks to Yves Orton and Florian
  Weimer.
* makedepend.SH: fixed for dash/bash syntax errors, causing FTBFS.
* References
  CVE-2007-5116

Author: Kees Cook
Revision Date: 2007-11-30 14:42:44 UTC

* SECURITY UPDATE: arbitrary code execution via regex flaws.
* regcomp.c: applied upstream fixes, thanks to Yves Orton and Florian
  Weimer.
* makedepend.SH: fixed for dash/bash syntax errors, causing FTBFS.
* References
  CVE-2007-5116

Author: Matthias Klose
Revision Date: 2007-03-05 01:24:28 UTC

Rebuild for changes in the amd64 toolchain.

Author: Kees Cook
Revision Date: 2007-11-30 11:08:32 UTC

* SECURITY UPDATE: arbitrary code execution via regex flaws.
* regcomp.c: applied upstream fixes, thanks to Yves Orton and Florian
  Weimer.
* References
  CVE-2007-5116

Author: Kees Cook
Revision Date: 2007-11-30 11:08:32 UTC

* SECURITY UPDATE: arbitrary code execution via regex flaws.
* regcomp.c: applied upstream fixes, thanks to Yves Orton and Florian
  Weimer.
* References
  CVE-2007-5116

Author: Brendan O'Dea
Revision Date: 2006-06-11 22:38:12 UTC

* Work around g++-4.1 issue with register parameter declarations.
* Add errno.ph (simple wrapper around Errno module).

Author: Adam Conrad
Revision Date: 2005-12-16 18:20:04 UTC

Merge with Debian, dropping 99_ubuntu_dbfile_version_check in favour
of Debian's fix for the same problem.

Author: Martin Pitt
Revision Date: 2005-12-12 13:39:37 UTC

* Replace band-aid patch debian/patches/70_CVE-2005-3962 with official
  upstream version that covers more cases.
* CVE-2005-3962

Author: Matthias Klose
Revision Date: 2005-09-21 12:07:19 UTC

* Synchronize with unstable.
  - Remove the version constraint from the cpio build-dependency.
  - Disable the Net/hostent.t test.

Author: Martin Pitt
Revision Date: 2005-12-12 12:17:14 UTC

* Replace band-aid patch debian/patches/70_CVE-2005-3962 with official
  upstream version that covers more cases.
* CVE-2005-3962

Author: Martin Pitt
Revision Date: 2005-03-07 16:14:34 UTC

* SECURITY UPDATE:
* lib/File/Path.pm: Stole patch from Debian revision, original changelog:
  SECURITY [CAN-2005-0448]: rewrite File::Path::rmtree to avoid race
  condition which allows an attacker with write permission on
  directories in the tree being removed to make files setuid or to
  remove arbitrary files (closes: #286905, #286922). Supersedes
  the previous patch for CAN-2004-0452.

Author: Martin Pitt
Revision Date: 2005-12-12 14:32:43 UTC

* Replace band-aid patch debian/patches/70_CVE-2005-3962 with official
  upstream version that covers more cases.
* CVE-2005-3962

Author: Brendan O'Dea
Revision Date: 2004-05-11 23:29:02 UTC

* Revert DynaLoader version permit programs linked with pre-5.8.4 perl
  to libperl.so to work (closes: #247291).

* Modify MakeMaker to pass the full section name to pod2man (closes:
  #247370).