1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
php-htmlpurifier (4.4.0+dfsg1-1) unstable; urgency=low
* New upstream release; upstream WHATSNEW says:
│HTML Purifier 4.4.0 is a minor security release addressing a
│security vulnerability associated with some optional functionality.
│It also contains an accumulation of new features and bugfixes over
│half a year. New configuration options include %HTML.TargetBlank,
│%HTML.AllowedComments, %HTML.AllowedCommentsRegexp,
│%HTML.SafeIframe, %URI.SafeIframeRegexp, %Core.EnableIDNA (requires
│PEAR Net_IDNA2 module and doesn't work for PHP 5.0.5). We also now
│support the 'scope' attribute on tables.
* Switch to debian/source/format 3.0 (quilt) with
the single-debian-patch local-option
* Omit .git* files when repacking any further .orig.tar.gz
* Use a paxcpio (from the pax package) feature to shrink .orig.tar.gz
* debian/rules: Modernise; add build-{arch,indep} targets
* debian/control: Add VCS-{git,Browser}, Policy 3.9.3 (no changes)
-- Thorsten Glaser <tg@mirbsd.de> Fri, 30 Mar 2012 11:42:47 +0200
php-htmlpurifier (4.3.0+dfsg1-1) unstable; urgency=low
* New upstream release; upstream WHATSNEW says:
│HTML Purifier 4.3.0 is a major security release addressing various
│security vulnerabilities related to user-submitted code and
│legitimate client-side scripts. It also contains an accumulation of
│new features and bugfixes over half a year. New configuration
│options include %CSS.Trusted, %CSS.AllowedFonts and
│%Cache.SerializerPermissions. There is a backwards-incompatible API
│change for customized raw definitions, see
│<http://htmlpurifier.org/docs/enduser-customize.html#optimized> for
│details.
* Document that %Cache.SerializerPath *MUST* be used, because the
upstream standard location cannot be written to in a packaged
version (being system-global) for security reasons. Also switch
%Cache.DefinitionImpl from "Serializer" to NULL to make the
standard installation, although with degraded performance, work
as-is. Document in README.Debian. (Closes: #611305)
* Solves TEMP-0000000-196897 security issue.
-- Thorsten Glaser <tg@mirbsd.de> Sat, 02 Apr 2011 16:55:15 +0000
php-htmlpurifier (4.2.0+dfsg1-1) unstable; urgency=low
* New upstream release; upstream WHATSNEW says:
│HTML Purifier 4.2.0 is a minor release that implements a number of
│feature requests accumulated over half a year. New configuration
│options include %Core.RemoveProcessingInstructions,
│%CSS.ForbiddenProperties, %HTML.FlashAllowFullScreen and
│%Core.NormalizeNewlines. Additionally,%URI.DisableResources is
│now functional and file: is an optionally supported URI scheme.
│There are also some minor bugfixes, usability improvements and
│documentation updates.
* Install NEWS as upstream changelog, as it’s its intentional use
* Policy 3.9.1 (no relevant changes)
-- Thorsten Glaser <tg@mirbsd.de> Wed, 13 Oct 2010 13:40:21 +0000
php-htmlpurifier (4.1.1+dfsg1-1) unstable; urgency=high
* New upstream release; upstream WHATSNEW says:
| HTML Purifier 4.1.1 is a major security and bugfix release that
| improves on 4.1's fix for an XSS vulnerability exploitable on Internet
| Explorer. It also contains a number of important bugfixes, including
| the removal of improper logic that could result in infinite loops and
| fixed parsing for single-attributes with entities with DirectLex.
* Set urgency=high due to second attempt at XSS bugfix, no CVE number
(SA39613) (Closes: #586061) (LP: #582576)
* /usr/share/php-htmlpurifier/tests/index.php no longer has a shebang,
so do not chmod +x it
-- Thorsten Glaser <tg@mirbsd.de> Thu, 17 Jun 2010 14:45:26 +0000
php-htmlpurifier (4.1.0+dfsg1-1) unstable; urgency=high
* New upstream release; upstream WHATSNEW says:
| HTML Purifier 4.1 is a major security release that fixes an XSS
| vulnerability exploitable on Internet Explorer. It also contains
| a number of new features, including dramatically more flexible Flash
| support, including %Output.FlashCompat to replace %HTML.SafeEmbed,
| optional support for the data: URI scheme and better HTML parsing
| capabilities.
Setting urgency=high due to XSS bugfix.
* debian/rules (get-orig-source): support uscan downloaded files
-- Thorsten Glaser <tg@mirbsd.de> Thu, 29 Apr 2010 09:10:27 +0000
php-htmlpurifier (4.0.0+dfsg1-1) unstable; urgency=low
* Take original upstream tarball, removing non-DFSG-free XHTML
schema and entities and other unlicenced material, instead
of what dh-make-pear produces.
* Completely re-do the packaging to avoid all that php-pear
brings with it, including “channels”. (Closes: #572184)
* Add myself and Roland Mas as Uploader due to request for help
of the maintainer.
* Install both library and documentation.
-- Thorsten Glaser <tg@mirbsd.de> Tue, 16 Mar 2010 14:04:20 +0000
php-htmlpurifier (4.0.0-2) unstable; urgency=low
* Add htmlpurifier.org.reg channel so build in a debootstrap env
works (Closes: #551243)
* Rewiewed autoformated description (Closes: #531019)
This time closes the right bug
-- Christian Bayle <bayle@debian.org> Tue, 03 Nov 2009 13:25:53 +0100
php-htmlpurifier (4.0.0-1) unstable; urgency=low
* New Upstream Version (Closes: #549343).
* Rewiewed autoformated description (Closes: #534019)
-- Christian Bayle <bayle@debian.org> Mon, 12 Oct 2009 21:02:41 +0200
php-htmlpurifier (3.3.0-1) unstable; urgency=low
* Initial Release (Closes: #462150).
-- Christian Bayle <bayle@debian.org> Tue, 12 May 2009 22:28:14 +0200
|
