1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
|
libmodule-signature-perl (0.73-1+deb8u2) jessie-security; urgency=high
* Team upload.
* Add 0001-make-skip-work-again.patch patch.
Restore --skip functionality for cpansign. (Closes: #785701)
-- Salvatore Bonaccorso <carnil@debian.org> Wed, 20 May 2015 20:36:38 +0200
libmodule-signature-perl (0.73-1+deb8u1) jessie-security; urgency=high
* Team upload.
* Add CVE-2015-3406_CVE-2015-3407_CVE-2015-3408.patch patch.
CVE-2015-3406: Module::Signature parses the unsigned portion of the
SIGNATURE file as the signed portion due to incorrect handling of PGP
signature boundaries.
CVE-2015-3407: Module::Signature incorrectly handles files that are not
listed in the SIGNATURE file. This includes some files in the t/
directory that would execute when tests are run.
CVE-2015-3408: Module::Signature uses two argument open() calls to read
the files when generating checksums from the signed manifest, allowing
to embed arbitrary shell commands into the SIGNATURE file that would
execute during the signature verification process. (Closes: #783451)
* Add CVE-2015-3409.patch patch.
CVE-2015-3409: Module::Signature incorrectly handles module loading
allowing to load modules from relative paths in @INC. A remote attacker
providing a malicious module could use this issue to execute arbitrary
code during signature verification. (Closes: #783451)
* Add Fix-signature-tests.patch patch.
Fix signature tests by defaulting to verify(skip=>1) when
$ENV{TEST_SIGNATURE} is true.
-- Salvatore Bonaccorso <carnil@debian.org> Thu, 14 May 2015 12:58:30 +0200
libmodule-signature-perl (0.73-1) unstable; urgency=low
* Team upload.
[ Ansgar Burchardt ]
* debian/control: Convert Vcs-* fields to Git.
[ Salvatore Bonaccorso ]
* Imported Upstream version 0.73
- Fixes CVE-2013-2145: arbitrary code execution when verifying SIGNATURE
(Closes: #711239).
* Change Vcs-Git to canonical URI (git://anonscm.debian.org)
* Change search.cpan.org based URIs to metacpan.org based URIs
* Update debian/copyright file information.
Update format to copyright-format 1.0 as released together with Debian
policy 3.9.3.
Update copyright years for included copy of Module::Install.
Add missing stanza for ReadmeFromPod.pm (from
Module::Install::ReadmeFromPod).
* Bump Standards-Version to 3.9.4
* Add an alternative Recommends on gnupg2
-- Salvatore Bonaccorso <carnil@debian.org> Fri, 07 Jun 2013 23:16:42 +0200
libmodule-signature-perl (0.68-1) unstable; urgency=low
[ Jotam Jr. Trejo ]
* New upstream release
* Bump DH compat level to 8
[ gregor herrmann ]
* Don't run test that needs network access.
* Clean up (build) dependencies.
-- Jotam Jr. Trejo <jotamjr@debian.org.sv> Fri, 13 May 2011 21:19:36 -0600
libmodule-signature-perl (0.67-1) unstable; urgency=low
[ Jotam Jr. Trejo ]
* New upstream release
* debian/control: add libipc-run-perl to B-D-I, needed for some tests
* debian/copyright: refresh according to DEP 5 revision 135
* debian/control: bump Standards Version to 3.9.2 (no changes)
* Add myself to Uploaders and Copyright
[ Ansgar Burchardt ]
* debian/copyright: Update gregor herrmann's email address.
-- Jotam Jr. Trejo <jotamjr@debian.org.sv> Sat, 23 Apr 2011 17:50:09 -0600
libmodule-signature-perl (0.66-2) unstable; urgency=low
[ Peter Pentchev ]
* Team upload.
* Install the t/0-signature.t file as an example. Closes: #606974
[ gregor herrmann ]
* debian/copyright: update license stanzas.
* debian/control: remove "perl (>= 5.10) | libdigest-sha-perl" from
(Build-)Depends(-Indep), lenny has already perl 5.10.
-- Peter Pentchev <roam@ringlet.net> Mon, 13 Dec 2010 18:00:25 +0200
libmodule-signature-perl (0.66-1) unstable; urgency=low
* New upstream release
* debian/control: update Standards-Version to 3.9.1 without any changes
-- Krzysztof Krzyżaniak (eloy) <eloy@debian.org> Mon, 27 Sep 2010 17:55:15 +0200
libmodule-signature-perl (0.64-1) UNRELEASED; urgency=low
Changes to source package only; no longer creates GnuPG
configuration files when 'Makefile.PL' is invoked. No
urgent need for upload, binaries wouldn't differ.
IGNORE-VERSION: 0.64-1
* New upstream release
-- Jonathan Yu <jawnsy@cpan.org> Sun, 09 May 2010 08:10:03 -0400
libmodule-signature-perl (0.63-1) unstable; urgency=low
[ Jonathan Yu ]
* New upstream release
* No longer needs --with quilt
* Update copyright information
[ Krzysztof Krzyżaniak (eloy) ]
* New upstream release
* debian/control: update Standards-Version to 3.8.4 without any changes
* debian/copyright: update dates
* debian/source/format: created with value "3.0 (quilt)"
* debian/README.source removed since new package type
* debian/patches: removed, fixed upstream
-- Jonathan Yu <jawnsy@cpan.org> Wed, 07 Apr 2010 12:14:53 -0400
libmodule-signature-perl (0.61-1) unstable; urgency=low
[ Jonathan Yu ]
* New upstream release
* Use new short debhelper rules format
* Add myself to Uploaders and Copyright
* Rewrite control description
* Update copyright information (we're now using CC0)
* Upgrade to debhelper 7.2.13 (for Module::AutoInstall)
* Refresh keyserver.patch; add header
* Remove unnecessary build dependencies
[ gregor herrmann ]
* Add debian/README.source to document quilt usage, as required by
Debian Policy since 3.8.0.
* debian/control: Changed: Switched Vcs-Browser field to ViewSVN
(source stanza).
* debian/control: Added: ${misc:Depends} to Depends: field.
* Change my email address.
[ Nathan Handler ]
* debian/watch: Update to ignore development releases.
-- Jonathan Yu <jawnsy@cpan.org> Mon, 30 Nov 2009 15:57:30 -0500
libmodule-signature-perl (0.55-2) unstable; urgency=low
* debian/control: Added: Vcs-Svn field (source stanza); Vcs-Browser
field (source stanza); Homepage field (source stanza). Removed: XS-
Vcs-Svn fields.
* debian/rules:
- delete /usr/lib/perl5 only if it exists (closes: #467870)
- update based on dh-make-perl's templates
- don't install README any more (no additional information)
* debian/watch: use dist-based URL.
* Set Standards-Version to 3.7.3 (no changes).
* Add debian/compat instead of setting DH_COMPAT in debian/rules.
* debian/copyright: add download URL and copy copyright/license terms
verbatim from README to match reality.
* Split the changes regarding the default keyserver (cf. #293080) out to
keyserver.patch; and don't change the keyserver only in the test (which
isn't actually run because it would fail due to the patch -- d'oh) but
also in the module (and it's documentation) itself, which was the
intention of the bug submitter ... Add quilt framework.
-- gregor herrmann <gregor+debian@comodo.priv.at> Sun, 09 Mar 2008 00:16:07 +0100
libmodule-signature-perl (0.55-1) unstable; urgency=low
* New upstream release
* debian/control:
+ Standards-Version: increased to 3.7.2.1
-- Krzysztof Krzyzaniak (eloy) <eloy@debian.org> Wed, 2 Aug 2006 16:13:43 +0200
libmodule-signature-perl (0.54-1) unstable; urgency=low
* New upstream release.
* Standard-Version upgraded to 3.7.2 (no changes needed).
* Debhelper compatibility level upgraded to 5.
* Move several dependencies to Build-Depends-Indep, as required by Policy.
* Remove empty /usr/lib/perl5 directory from package.
-- gregor herrmann <gregor+debian@comodo.priv.at> Sun, 14 May 2006 01:45:03 +0200
libmodule-signature-perl (0.53-1) unstable; urgency=low
* New upstream release, taking package for Perl Group
(closes: #329595) (closes: #357075)
* debian/watch - added
* debian/control:
- Standards-Version: upgraded to 3.6.2
- Uploaders: added me
- Maintainer: set to Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>
- libdigest-sha-perl added to dependencies
* debian/rules:
- compat increased to 4
- added PERL_MM_USE_DEFAULT=1
-- Krzysztof Krzyzaniak (eloy) <eloy@debian.org> Wed, 15 Mar 2006 17:18:22 +0100
libmodule-signature-perl (0.44-3) unstable; urgency=low
* Re-upload with full source, as the 0.44-1 upload was borked so the
0.44-2 upload was refused.
-- Chip Salzenberg <chip@debian.org> Fri, 8 Apr 2005 18:28:23 -0400
libmodule-signature-perl (0.44-2) unstable; urgency=low
* Default to 'subkeys.pgp.net', not 'pgp.mit.edu'. (closes: #293080)
* Clean up dependencies.
-- Chip Salzenberg <chip@debian.org> Fri, 8 Apr 2005 17:42:20 -0400
libmodule-signature-perl (0.44-1) unstable; urgency=medium
* New upstream release.
-- Chip Salzenberg <chip@debian.org> Tue, 8 Mar 2005 12:43:12 -0500
libmodule-signature-perl (0.35-2) unstable; urgency=high
* Fix Build-Depends by deleting my hacked dpkg-source.
-- Chip Salzenberg <chip@debian.org> Sun, 5 Oct 2003 21:45:16 -0400
libmodule-signature-perl (0.35-1) unstable; urgency=low
* New upstream release.
-- Chip Salzenberg <chip@debian.org> Fri, 3 Oct 2003 19:30:47 -0400
libmodule-signature-perl (0.26-1) unstable; urgency=low
* New upstream release.
-- Chip Salzenberg <chip@debian.org> Thu, 24 Jul 2003 18:12:17 -0400
libmodule-signature-perl (0.21-1) unstable; urgency=low
* Initial Release.
-- Chip Salzenberg <chip@debian.org> Sat, 15 Feb 2003 15:18:20 -0500
|
