File: changelog

package info (click to toggle)
libmodule-signature-perl 0.68-1%2Bdeb7u3
  • links: PTS, VCS
  • area: main
  • in suites: wheezy
  • size: 484 kB
  • sloc: perl: 2,031; makefile: 5
file content (240 lines) | stat: -rw-r--r-- 8,797 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
 
libmodule-signature-perl (0.68-1+deb7u3) wheezy-security; urgency=high

  * Team upload.
  * Add 0001-make-skip-work-again.patch patch.
    Restore --skip functionality for cpansign. (Closes: #785701)

 -- Salvatore Bonaccorso <carnil@debian.org>  Wed, 20 May 2015 20:51:05 +0200

libmodule-signature-perl (0.68-1+deb7u2) wheezy-security; urgency=high

  * Team upload.
  * Add CVE-2015-3406_CVE-2015-3407_CVE-2015-3408.patch patch.
    CVE-2015-3406: Module::Signature parses the unsigned portion of the
    SIGNATURE file as the signed portion due to incorrect handling of PGP
    signature boundaries.
    CVE-2015-3407: Module::Signature incorrectly handles files that are not
    listed in the SIGNATURE file. This includes some files in the t/
    directory that would execute when tests are run.
    CVE-2015-3408: Module::Signature uses two argument open() calls to read
    the files when generating checksums from the signed manifest, allowing
    to embed arbitrary shell commands into the SIGNATURE file that would
    execute during the signature verification process. (Closes: #783451)
  * Add CVE-2015-3409.patch patch.
    CVE-2015-3409: Module::Signature incorrectly handles module loading
    allowing to load modules from relative paths in @INC. A remote attacker
    providing a malicious module could use this issue to execute arbitrary
    code during signature verification. (Closes: #783451)
  * Add Fix-signature-tests.patch patch.
    Fix signature tests by defaulting to verify(skip=>1) when
    $ENV{TEST_SIGNATURE} is true.

 -- Salvatore Bonaccorso <carnil@debian.org>  Thu, 14 May 2015 17:35:32 +0200

libmodule-signature-perl (0.68-1+deb7u1) wheezy; urgency=low

  * Team upload.
  * Add CVE-2013-2145.patch.
    CVE-2013-2145: Fixes arbitrary code execution when verifying SIGNATURE.
    (Closes: #711239)

 -- Salvatore Bonaccorso <carnil@debian.org>  Sun, 16 Jun 2013 22:51:28 +0200

libmodule-signature-perl (0.68-1) unstable; urgency=low

  [ Jotam Jr. Trejo ]
  * New upstream release
  * Bump DH compat level to 8

  [ gregor herrmann ]
  * Don't run test that needs network access.
  * Clean up (build) dependencies.

 -- Jotam Jr. Trejo <jotamjr@debian.org.sv>  Fri, 13 May 2011 21:19:36 -0600

libmodule-signature-perl (0.67-1) unstable; urgency=low

  [ Jotam Jr. Trejo ]
  * New upstream release
  * debian/control: add libipc-run-perl to B-D-I, needed for some tests
  * debian/copyright: refresh according to DEP 5 revision 135
  * debian/control: bump Standards Version to 3.9.2 (no changes)
  * Add myself to Uploaders and Copyright

  [ Ansgar Burchardt ]
  * debian/copyright: Update gregor herrmann's email address.

 -- Jotam Jr. Trejo <jotamjr@debian.org.sv>  Sat, 23 Apr 2011 17:50:09 -0600

libmodule-signature-perl (0.66-2) unstable; urgency=low

  [ Peter Pentchev ]
  * Team upload.
  * Install the t/0-signature.t file as an example.  Closes: #606974

  [ gregor herrmann ]
  * debian/copyright: update license stanzas.
  * debian/control: remove "perl (>= 5.10) | libdigest-sha-perl" from
    (Build-)Depends(-Indep), lenny has already perl 5.10.

 -- Peter Pentchev <roam@ringlet.net>  Mon, 13 Dec 2010 18:00:25 +0200

libmodule-signature-perl (0.66-1) unstable; urgency=low

  * New upstream release
  * debian/control: update Standards-Version to  3.9.1 without any changes
 
 -- Krzysztof Krzyżaniak (eloy) <eloy@debian.org>  Mon, 27 Sep 2010 17:55:15 +0200

libmodule-signature-perl (0.64-1) UNRELEASED; urgency=low

  Changes to source package only; no longer creates GnuPG
  configuration files when 'Makefile.PL' is invoked. No
  urgent need for upload, binaries wouldn't differ.
  IGNORE-VERSION: 0.64-1

  * New upstream release

 -- Jonathan Yu <jawnsy@cpan.org>  Sun, 09 May 2010 08:10:03 -0400

libmodule-signature-perl (0.63-1) unstable; urgency=low

  [ Jonathan Yu ]
  * New upstream release
  * No longer needs --with quilt
  * Update copyright information

  [ Krzysztof Krzyżaniak (eloy) ]
  * New upstream release
  * debian/control: update Standards-Version to 3.8.4 without any changes
  * debian/copyright: update dates
  * debian/source/format: created with value "3.0 (quilt)"
  * debian/README.source removed since new package type
  * debian/patches: removed, fixed upstream

 -- Jonathan Yu <jawnsy@cpan.org>  Wed, 07 Apr 2010 12:14:53 -0400

libmodule-signature-perl (0.61-1) unstable; urgency=low

  [ Jonathan Yu ]
  * New upstream release
  * Use new short debhelper rules format
  * Add myself to Uploaders and Copyright
  * Rewrite control description
  * Update copyright information (we're now using CC0)
  * Upgrade to debhelper 7.2.13 (for Module::AutoInstall)
  * Refresh keyserver.patch; add header
  * Remove unnecessary build dependencies

  [ gregor herrmann ]
  * Add debian/README.source to document quilt usage, as required by
    Debian Policy since 3.8.0.
  * debian/control: Changed: Switched Vcs-Browser field to ViewSVN
    (source stanza).
  * debian/control: Added: ${misc:Depends} to Depends: field.
  * Change my email address.

  [ Nathan Handler ]
  * debian/watch: Update to ignore development releases.

 -- Jonathan Yu <jawnsy@cpan.org>  Mon, 30 Nov 2009 15:57:30 -0500

libmodule-signature-perl (0.55-2) unstable; urgency=low

  * debian/control: Added: Vcs-Svn field (source stanza); Vcs-Browser
    field (source stanza); Homepage field (source stanza). Removed: XS-
    Vcs-Svn fields.
  * debian/rules:
    - delete /usr/lib/perl5 only if it exists (closes: #467870)
    - update based on dh-make-perl's templates
    - don't install README any more (no additional information)
  * debian/watch: use dist-based URL.
  * Set Standards-Version to 3.7.3 (no changes).
  * Add debian/compat instead of setting DH_COMPAT in debian/rules.
  * debian/copyright: add download URL and copy copyright/license terms
    verbatim from README to match reality.
  * Split the changes regarding the default keyserver (cf. #293080) out to
    keyserver.patch; and don't change the keyserver only in the test (which
    isn't actually run because it would fail due to the patch -- d'oh) but
    also in the module (and it's documentation) itself, which was the
    intention of the bug submitter ... Add quilt framework.

 -- gregor herrmann <gregor+debian@comodo.priv.at>  Sun, 09 Mar 2008 00:16:07 +0100

libmodule-signature-perl (0.55-1) unstable; urgency=low

  * New upstream release
  * debian/control:
   + Standards-Version: increased to 3.7.2.1

 -- Krzysztof Krzyzaniak (eloy) <eloy@debian.org>  Wed,  2 Aug 2006 16:13:43 +0200

libmodule-signature-perl (0.54-1) unstable; urgency=low

  * New upstream release.
  * Standard-Version upgraded to 3.7.2 (no changes needed).
  * Debhelper compatibility level upgraded to 5.
  * Move several dependencies to Build-Depends-Indep, as required by Policy.
  * Remove empty /usr/lib/perl5 directory from package.

 -- gregor herrmann <gregor+debian@comodo.priv.at>  Sun, 14 May 2006 01:45:03 +0200

libmodule-signature-perl (0.53-1) unstable; urgency=low

  * New upstream release, taking package for Perl Group 
    (closes: #329595) (closes: #357075)
  * debian/watch - added
  * debian/control:
   - Standards-Version: upgraded to 3.6.2
   - Uploaders: added me
   - Maintainer: set to Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>
   - libdigest-sha-perl added to dependencies
  * debian/rules: 
   - compat increased to 4
   - added PERL_MM_USE_DEFAULT=1
  
 -- Krzysztof Krzyzaniak (eloy) <eloy@debian.org>  Wed, 15 Mar 2006 17:18:22 +0100

libmodule-signature-perl (0.44-3) unstable; urgency=low

  * Re-upload with full source, as the 0.44-1 upload was borked so the
    0.44-2 upload was refused.

 -- Chip Salzenberg <chip@debian.org>  Fri,  8 Apr 2005 18:28:23 -0400

libmodule-signature-perl (0.44-2) unstable; urgency=low

  * Default to 'subkeys.pgp.net', not 'pgp.mit.edu'.  (closes: #293080)
  * Clean up dependencies.

 -- Chip Salzenberg <chip@debian.org>  Fri,  8 Apr 2005 17:42:20 -0400

libmodule-signature-perl (0.44-1) unstable; urgency=medium

  * New upstream release.

 -- Chip Salzenberg <chip@debian.org>  Tue,  8 Mar 2005 12:43:12 -0500

libmodule-signature-perl (0.35-2) unstable; urgency=high

  * Fix Build-Depends by deleting my hacked dpkg-source.

 -- Chip Salzenberg <chip@debian.org>  Sun,  5 Oct 2003 21:45:16 -0400

libmodule-signature-perl (0.35-1) unstable; urgency=low

  * New upstream release.

 -- Chip Salzenberg <chip@debian.org>  Fri,  3 Oct 2003 19:30:47 -0400

libmodule-signature-perl (0.26-1) unstable; urgency=low

  * New upstream release.

 -- Chip Salzenberg <chip@debian.org>  Thu, 24 Jul 2003 18:12:17 -0400

libmodule-signature-perl (0.21-1) unstable; urgency=low

  * Initial Release.

 -- Chip Salzenberg <chip@debian.org>  Sat, 15 Feb 2003 15:18:20 -0500