Skip to content

Commit

Permalink
Import Debian changes 3.1.34+20190228.1.c9f0de05+selfpack1-1
Browse files Browse the repository at this point in the history 
smarty3 (3.1.34+20190228.1.c9f0de05+selfpack1-1) unstable; urgency=medium

  * New upstream release.
  * debian/control:
    + Bump Standards-Version: to 4.4.1. No changes needed.
    + Add Rules-Requires-Root: field and set it to "no".
  * debian/{control,compat}:
    + Switch to debhelper-compat notation. Bump DH comat level to version 12.

smarty3 (3.1.33+20180830.1.3a78a21f+selfpack1-1) unstable; urgency=medium

  * New upstream release.
    - CVE-2018-16831: Don't bypass trusted directories with "../". (Closes:
      #908698).
  * debian/control:
    + Bump Standards-Version: to 4.2.1. No changes needed.

smarty3 (3.1.32+20180424.1.ac9d4b58+selfpack1-1) unstable; urgency=medium

  * New upstream release.
  * debian/*: White-space clean-up at EOL.
  * debian/patches:
    + Drop 0001_CVE-2017-1000480.patch. Applied upstream.
  * debian/rules:
    + Avoid using dpkg-parsechangelog.
  * debian/copyright:
    + Update copyright attributions.
    + Use secure URI to obtain copyright references.
    + Add global Comment: field. Explain about brokenness of upstream tarballs.
  * debian/control:
    + Update Vcs-*: fields. Packaging Git has been migrated to
      salsa.debian.org.
    + Bump Standards-Version: to 4.1.4. No changes needed.
  * debian/{control,compat}:
    + Bump DH version level to 11.

smarty3 (3.1.31+20161214.1.c7d42e4+selfpack1-3) unstable; urgency=medium

  * debian/patches:
    + Add 0001_CVE-2017-1000480.patch. Fixes CVE-2017-1000480. (Closes:
      #886460).

smarty3 (3.1.31+20161214.1.c7d42e4+selfpack1-2) unstable; urgency=medium

  * Re-upload to Debian unstable to enforce package rebuild (as we don't
    have binNMUs for arch:all packages).

  * debian/control:
    + Update versioned B-D on smarty-lexer (>=  3.1.30+dfsg1-1.1~).
      This is to assure correct lexer/parser generation which was broken by
      smarty-lexer 3.1.30+dfsg1-1. See Debian bug #847571 for further
      reference.

smarty3 (3.1.31+20161214.1.c7d42e4+selfpack1-1) unstable; urgency=medium

  * New upstream release.
  * debian/rules:
    + Self-pack orig tarball from Git commit, due to broken upstream
      tarball generation on Github. For details see:
      smarty-php/smarty#325
  * debian/copyright:
    + Update copyright attributions.

smarty3 (3.1.30-1) unstable; urgency=medium

  * Upload to unstable.
  * Update versioned B-D:
    + smarty-lexert (>= 3.1.30+dfsg1-1~).

smarty3 (3.1.30-1~exp1) experimental; urgency=medium

  * New upstream release. Upload to experimental for testing with
    GOsa, FusionDirectory and other web portals that depend on Smarty3.
  * debian/copyright:
    + Update copyright attributions.

smarty3 (3.1.29-2) unstable; urgency=medium

  * Re-upload unchanged to unstable.

smarty3 (3.1.29-1) experimental; urgency=medium

  * New upstream release. (Closes: #825250).
  * debian/smarty3-lexer:
    + Remove shipped-with .plex and .y files for template and configfile
      parser/lexer. This version uses smarty-lexer src:package at build
      time instead.
  * debian/control:
    + Add B-D pkg-php-tools (for dh_phpcomposer)
    + Versioned B-D: debhelper (>= 9).
    + Use encrypted URLs for Vcs-*: field.
    + Bump Standards: to 3.9.8. No changes needed.
  * debian/{control,rules}:
    + Create internal lexer and parser PHP code at package build time (using
      B-D smarty-lexer). (Closes: #765730). This also solves issues in Debian
      package smarty3 3.1.21-1 caused by lexer/parser PHP files using the old
      trigger_error class API of Smarty.class.php. (Closes: #799282).
  * debian/smarty3.{install,docs}:
    + Use debhelper for installing bin:package files.
  * debian/compat:
    + Bump to DH version level 9.
  * debian/watch:
    + Upstream location has changed, now on Github.
  * debian/rules:
    + Use pure debhelper, with phpcomposer.
    + Make package build idempotent.
  * debian/copyright:
    + Update copyright attributions.

smarty3 (3.1.21-1.1) unstable; urgency=medium

  * Non-maintainer upload in coordination with the maintainer.
  * Update depends and README.Debian for the php 7.0 transition. Thanks to
    Wolfgang Schweer for the patch! (Closes: #821660)

smarty3 (3.1.21-1) unstable; urgency=medium

  * New upstream release. (Closes: #765920).
  * debian/smarty3-lexer:
    + Add 4 files from smarty3 SVN that are used to generate some PHP
      files in the upstream tarball. See README.lexer for details.
      (Closes: #636148).
  * debian/copyright:
    + Add copyright information for debian/smarty3-lexer/*.
    + Fix upstream license (LGPL-3 -> LGPL-3+) after reading the upstream-
      shipped COPYING.lib file more thoroughly.
    + Relicense debian/* under same license as upstream sources (LGPL-3+).
  * debian/control:
    + Bump Standards: to 3.9.6. No changes needed.

smarty3 (3.1.19-1) unstable; urgency=medium

  * New upstream release.
    + Obtain upstream sources as zip files from upstream. Stop checking out
      SVN tags. This change drops three embedded PHP libraries and files with
      problematic PHP licenses. (Closes: #752614).
  * debian/control:
    + Alioth-canonicalize Vcs-Git field.
    + Bump Standards: to 3.9.5. No changes needed.
  * lintian:
    + Drop unused override: embedded-php-library.

smarty3 (3.1.13-1) unstable; urgency=low

  * New upstream release.
  * /debian/control:
    + Use my DD address in Maintainer: field.
    + Bump Standards: to 3.9.4. No changes needed.
  * /debian/patches:
    + Drop patch: 001_escape-smarty-exception-messages.patch, included in new
      upstream release.

smarty3 (3.1.10-2) unstable; urgency=low

  * Fix CVE-2012-4437: Add patch 001_escape-smarty-exception-messages.patch.
    Closes: #688153.

smarty3 (3.1.10-1) unstable; urgency=low

  * New upstream release. Closes: #678095.

smarty3 (3.1.8-2) unstable; urgency=low

  * Package smarty3 provides smarty (closes: #657536).
  * Make /debian/copyright machine parsable, explicitly names files that
    have dissenting licenses, license /debian folder under GPLv2+.

smarty3 (3.1.8-1) experimental; urgency=low

  * New upstream release (rev. 4611).
  * New package maintainer (closes: #668200).
  * Add watch file (closes: #657385).
  * Add Vcs-* lines to control file.
  * Add README.source that explains how we obtain code from
    upstream SVN. Make sure all upstream source files are
    shipped with the Debian source package (closes: #636148).

smarty3 (3.1.0-1) experimental; urgency=low

  * New upstream release (rev. 4284)
  * Used the code source from subversion (Closes: #636148)
  * debian/copyright:
    + added LexerGenerator copyright
    + added ParserGenerator copyright
  * Fixed security holes:
    + multiple unspecified vulnerabilities (CVE-2009-5052, CVE-2009-5053,
      CVE-2010-4722, CVE-2010-4724, CVE-2010-4726)
    + not consider the umask value when setting the permissions of files
      (CVE-2009-5054)
    + not prevent access to the dynamic and private object members of an
      assigned object (CVE-2010-4723)
    + not properly handle an on value of the asp_tags option in the php.ini file
      (CVE-2010-4725)
    + not properly handle the <?php and ?> tags (CVE-2010-4727)

smarty3 (3.0.8-1) unstable; urgency=low

  * New upstream release (Closes: #631619)
  * Bumped Standards-Version to 3.9.2
  * Updated licence to LGPL-3

smarty3 (3.0~rc1-2) unstable; urgency=low

  * Bumped Standards-Version to 3.9.1
  * Removed debian/watch

smarty3 (3.0~rc1-1) unstable; urgency=low

  * Initial release (Closes: #580754)
  • Loading branch information
Mike Gabriel authored and testbot committed Dec 15, 2020
1 parent 8301417 commit a679d05
Show file tree
Hide file tree
Showing 10 changed files with 461 additions and 0 deletions.
12 changes: 12 additions & 0 deletions debian/README.Debian
View file
@@ -0,0 +1,12 @@
smarty3 for Debian
------------------

In order to use Smarty 3 from your php scripts, you'll have to add
/usr/share/php/smarty3 on the include_path of php, that is in the
file /etc/php/{apache,apache2}/php.ini or use
require("smarty3/Smarty.class.php");

On smarty update, please note you will have to clear out all smarty
generated files, by default in a templates_c directory.

-- Thierry Randrianiriana <thierry@debian.org>, Sat, 8 May 2010 15:05:10 +0300
253 changes: 253 additions & 0 deletions debian/changelog
View file
@@ -0,0 +1,253 @@
smarty3 (3.1.34+20190228.1.c9f0de05+selfpack1-1) unstable; urgency=medium

* New upstream release.
* debian/control:
+ Bump Standards-Version: to 4.4.1. No changes needed.
+ Add Rules-Requires-Root: field and set it to "no".
* debian/{control,compat}:
+ Switch to debhelper-compat notation. Bump DH comat level to version 12.

-- Mike Gabriel <sunweaver@debian.org> Mon, 18 Nov 2019 10:49:54 +0100

smarty3 (3.1.33+20180830.1.3a78a21f+selfpack1-1) unstable; urgency=medium

* New upstream release.
- CVE-2018-16831: Don't bypass trusted directories with "../". (Closes:
#908698).
* debian/control:
+ Bump Standards-Version: to 4.2.1. No changes needed.

-- Mike Gabriel <sunweaver@debian.org> Mon, 17 Sep 2018 13:04:18 +0200

smarty3 (3.1.32+20180424.1.ac9d4b58+selfpack1-1) unstable; urgency=medium

* New upstream release.
* debian/*: White-space clean-up at EOL.
* debian/patches:
+ Drop 0001_CVE-2017-1000480.patch. Applied upstream.
* debian/rules:
+ Avoid using dpkg-parsechangelog.
* debian/copyright:
+ Update copyright attributions.
+ Use secure URI to obtain copyright references.
+ Add global Comment: field. Explain about brokenness of upstream tarballs.
* debian/control:
+ Update Vcs-*: fields. Packaging Git has been migrated to
salsa.debian.org.
+ Bump Standards-Version: to 4.1.4. No changes needed.
* debian/{control,compat}:
+ Bump DH version level to 11.

-- Mike Gabriel <sunweaver@debian.org> Sun, 27 May 2018 23:21:33 +0200

smarty3 (3.1.31+20161214.1.c7d42e4+selfpack1-3) unstable; urgency=medium

* debian/patches:
+ Add 0001_CVE-2017-1000480.patch. Fixes CVE-2017-1000480. (Closes:
#886460).

-- Mike Gabriel <sunweaver@debian.org> Sun, 14 Jan 2018 11:13:16 +0100

smarty3 (3.1.31+20161214.1.c7d42e4+selfpack1-2) unstable; urgency=medium

* Re-upload to Debian unstable to enforce package rebuild (as we don't
have binNMUs for arch:all packages).

* debian/control:
+ Update versioned B-D on smarty-lexer (>= 3.1.30+dfsg1-1.1~).
This is to assure correct lexer/parser generation which was broken by
smarty-lexer 3.1.30+dfsg1-1. See Debian bug #847571 for further
reference.

-- Mike Gabriel <sunweaver@debian.org> Tue, 21 Mar 2017 10:13:01 +0100

smarty3 (3.1.31+20161214.1.c7d42e4+selfpack1-1) unstable; urgency=medium

* New upstream release.
* debian/rules:
+ Self-pack orig tarball from Git commit, due to broken upstream
tarball generation on Github. For details see:
https://github.com/smarty-php/smarty/issues/325
* debian/copyright:
+ Update copyright attributions.

-- Mike Gabriel <sunweaver@debian.org> Tue, 24 Jan 2017 21:17:51 +0100

smarty3 (3.1.30-1) unstable; urgency=medium

* Upload to unstable.
* Update versioned B-D:
+ smarty-lexert (>= 3.1.30+dfsg1-1~).

-- Mike Gabriel <sunweaver@debian.org> Fri, 25 Nov 2016 19:52:30 +0100

smarty3 (3.1.30-1~exp1) experimental; urgency=medium

* New upstream release. Upload to experimental for testing with
GOsa, FusionDirectory and other web portals that depend on Smarty3.
* debian/copyright:
+ Update copyright attributions.

-- Mike Gabriel <sunweaver@debian.org> Thu, 20 Oct 2016 14:00:22 +0200

smarty3 (3.1.29-2) unstable; urgency=medium

* Re-upload unchanged to unstable.

-- Mike Gabriel <sunweaver@debian.org> Fri, 07 Oct 2016 14:03:44 +0200

smarty3 (3.1.29-1) experimental; urgency=medium

* New upstream release. (Closes: #825250).
* debian/smarty3-lexer:
+ Remove shipped-with .plex and .y files for template and configfile
parser/lexer. This version uses smarty-lexer src:package at build
time instead.
* debian/control:
+ Add B-D pkg-php-tools (for dh_phpcomposer)
+ Versioned B-D: debhelper (>= 9).
+ Use encrypted URLs for Vcs-*: field.
+ Bump Standards: to 3.9.8. No changes needed.
* debian/{control,rules}:
+ Create internal lexer and parser PHP code at package build time (using
B-D smarty-lexer). (Closes: #765730). This also solves issues in Debian
package smarty3 3.1.21-1 caused by lexer/parser PHP files using the old
trigger_error class API of Smarty.class.php. (Closes: #799282).
* debian/smarty3.{install,docs}:
+ Use debhelper for installing bin:package files.
* debian/compat:
+ Bump to DH version level 9.
* debian/watch:
+ Upstream location has changed, now on Github.
* debian/rules:
+ Use pure debhelper, with phpcomposer.
+ Make package build idempotent.
* debian/copyright:
+ Update copyright attributions.

-- Mike Gabriel <sunweaver@debian.org> Mon, 30 May 2016 14:03:16 +0200

smarty3 (3.1.21-1.1) unstable; urgency=medium

* Non-maintainer upload in coordination with the maintainer.
* Update depends and README.Debian for the php 7.0 transition. Thanks to
Wolfgang Schweer for the patch! (Closes: #821660)

-- Holger Levsen <holger@debian.org> Mon, 23 May 2016 11:32:02 +0200

smarty3 (3.1.21-1) unstable; urgency=medium

* New upstream release. (Closes: #765920).
* debian/smarty3-lexer:
+ Add 4 files from smarty3 SVN that are used to generate some PHP
files in the upstream tarball. See README.lexer for details.
(Closes: #636148).
* debian/copyright:
+ Add copyright information for debian/smarty3-lexer/*.
+ Fix upstream license (LGPL-3 -> LGPL-3+) after reading the upstream-
shipped COPYING.lib file more thoroughly.
+ Relicense debian/* under same license as upstream sources (LGPL-3+).
* debian/control:
+ Bump Standards: to 3.9.6. No changes needed.

-- Mike Gabriel <sunweaver@debian.org> Sun, 19 Oct 2014 23:45:18 +0200

smarty3 (3.1.19-1) unstable; urgency=medium

* New upstream release.
+ Obtain upstream sources as zip files from upstream. Stop checking out
SVN tags. This change drops three embedded PHP libraries and files with
problematic PHP licenses. (Closes: #752614).
* debian/control:
+ Alioth-canonicalize Vcs-Git field.
+ Bump Standards: to 3.9.5. No changes needed.
* lintian:
+ Drop unused override: embedded-php-library.

-- Mike Gabriel <sunweaver@debian.org> Mon, 04 Aug 2014 21:32:20 +0200

smarty3 (3.1.13-1) unstable; urgency=low

* New upstream release.
* /debian/control:
+ Use my DD address in Maintainer: field.
+ Bump Standards: to 3.9.4. No changes needed.
* /debian/patches:
+ Drop patch: 001_escape-smarty-exception-messages.patch, included in new
upstream release.

-- Mike Gabriel <sunweaver@debian.org> Mon, 06 May 2013 10:19:14 +0200

smarty3 (3.1.10-2) unstable; urgency=low

* Fix CVE-2012-4437: Add patch 001_escape-smarty-exception-messages.patch.
Closes: #688153.

-- Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Sat, 22 Sep 2012 21:32:58 +0200

smarty3 (3.1.10-1) unstable; urgency=low

* New upstream release. Closes: #678095.

-- Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Tue, 19 Jun 2012 16:41:06 +0200

smarty3 (3.1.8-2) unstable; urgency=low

* Package smarty3 provides smarty (closes: #657536).
* Make /debian/copyright machine parsable, explicitly names files that
have dissenting licenses, license /debian folder under GPLv2+.

-- Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Thu, 17 May 2012 00:32:29 +0200

smarty3 (3.1.8-1) experimental; urgency=low

* New upstream release (rev. 4611).
* New package maintainer (closes: #668200).
* Add watch file (closes: #657385).
* Add Vcs-* lines to control file.
* Add README.source that explains how we obtain code from
upstream SVN. Make sure all upstream source files are
shipped with the Debian source package (closes: #636148).

-- Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Thu, 10 May 2012 10:44:55 +0200

smarty3 (3.1.0-1) experimental; urgency=low

* New upstream release (rev. 4284)
* Used the code source from subversion (Closes: #636148)
* debian/copyright:
+ added LexerGenerator copyright
+ added ParserGenerator copyright
* Fixed security holes:
+ multiple unspecified vulnerabilities (CVE-2009-5052, CVE-2009-5053,
CVE-2010-4722, CVE-2010-4724, CVE-2010-4726)
+ not consider the umask value when setting the permissions of files
(CVE-2009-5054)
+ not prevent access to the dynamic and private object members of an
assigned object (CVE-2010-4723)
+ not properly handle an on value of the asp_tags option in the php.ini file
(CVE-2010-4725)
+ not properly handle the <?php and ?> tags (CVE-2010-4727)

-- Thierry Randrianiriana <thierry@debian.org> Sat, 17 Sep 2011 21:22:11 +0300

smarty3 (3.0.8-1) unstable; urgency=low

* New upstream release (Closes: #631619)
* Bumped Standards-Version to 3.9.2
* Updated licence to LGPL-3

-- Thierry Randrianiriana <thierry@debian.org> Wed, 20 Jul 2011 11:29:24 +0300

smarty3 (3.0~rc1-2) unstable; urgency=low

* Bumped Standards-Version to 3.9.1
* Removed debian/watch

-- Thierry Randrianiriana <thierry@debian.org> Tue, 21 Sep 2010 14:45:44 +0300

smarty3 (3.0~rc1-1) unstable; urgency=low

* Initial release (Closes: #580754)

-- Thierry Randrianiriana <thierry@debian.org> Sat, 08 May 2010 14:36:04 +0300
37 changes: 37 additions & 0 deletions debian/control
View file
@@ -0,0 +1,37 @@
Source: smarty3
Section: web
Priority: optional
Maintainer: Mike Gabriel <sunweaver@debian.org>
Uploaders:
Debian Edu Packaging Team <debian-edu-pkg-team@lists.alioth.debian.org>,
Build-Depends:
debhelper-compat (= 12),
pkg-php-tools (>= 1.7~),
smarty-lexer (>= 3.1.30+dfsg1-1.1~),
Standards-Version: 4.4.1
Rules-Requires-Root: no
Vcs-Git: https://salsa.debian.org/debian/smarty3.git
Vcs-Browser: https://salsa.debian.org/debian/smarty3
Homepage: http://www.smarty.net/

Package: smarty3
Architecture: all
Depends:
php | php-cgi | php-cli,
${misc:Depends},
${phpcomposer:Debian-require},
Provides:
${phpcomposer:Debian-provide},
Suggests:
${phpcomposer:Debian-suggest},
Conflicts:
${phpcomposer:Debian-conflict},
Description: ${phpcomposer:description}
Smarty is a template engine for PHP. More specifically, it
facilitates a manageable way to separate application logic and content
from its presentation.
.
Smarty 3.1 is a departure from 2.0 compatibility. Most notably, all
backward compatibility has been moved to a separate class file named
SmartyBC.class.php. If you require compatibility with 2.0, you will
need to use this class.
52 changes: 52 additions & 0 deletions debian/copyright
View file
@@ -0,0 +1,52 @@
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: Smarty
Upstream-Contact:
Monte Ohrt <monte@ohrt.com>
Uwe Tews <uwe.tews@googlemail.com>
Source: http://www.smarty.net
Comment:
Tarball self-packed due to broken upstream tarballs (since 3.1.31).
See: https://github.com/smarty-php/smarty/issues/325

Files: change_log.txt
COMPOSER_RELEASE_NOTES.txt
demo/*
lexer/*
libs/*
utilities/*
INHERITANCE_RELEASE_NOTES.txt
NEW_FEATURES.txt
README
README.md
SMARTY_2_BC_NOTES.txt
SMARTY_3.0_BC_NOTES.txt
SMARTY_3.1_NOTES.txt
composer.json
error_reporting.ini
Copyright:
2001-2008, New Digital Group, Inc.
License: LGPL-3+

Files: debian/*
Copyright:
2010-2011, Thierry Randrianiriana <thierry@debian.org>
2012, Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
License: LGPL-3+

License: LGPL-3+
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Library General Public
License as published by the Free Software Foundation; either
version 3 of the License, or (at your option) any later version.
.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Library General Public License for more details.
.
You should have received a copy of the GNU Library General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
.
On Debian systems, the complete text of the GNU Library General
Public License version 3 can be found in "/usr/share/common-licenses/LGPL-3".

0 comments on commit a679d05

Please sign in to comment.