debian/0000755000000000000000000000000013370066500007166 5ustar debian/changelog0000644000000000000000000001634713370066500011053 0ustar libsys-syslog-perl (0.33-1+deb8u1build0.14.04.1) trusty-security; urgency=medium * fake sync from Debian -- Mike Salvatore Mon, 05 Nov 2018 11:18:08 -0500 libsys-syslog-perl (0.33-1+deb8u1) jessie-security; urgency=high * Team upload. * Remove . from @INC when loading modules dynamically [CVE-2016-1238] -- Dominic Hargreaves Sun, 24 Jul 2016 19:47:47 +0100 libsys-syslog-perl (0.33-1) unstable; urgency=low [ Ansgar Burchardt ] * debian/control: Convert Vcs-* fields to Git. [ Salvatore Bonaccorso ] * Change search.cpan.org based URIs to metacpan.org based URIs [ gregor herrmann ] * Don't run author tests during package build. [ Axel Beckert ] * debian/copyright: migrate pre-1.0 format to 1.0 using "cme fix dpkg- copyright" [ gregor herrmann ] * New upstream release. * Update years of copyright. * Use debhelper 9.20120312 to get all hardening flags. * Declare compliance with Debian Policy 3.9.4. -- gregor herrmann Sat, 14 Sep 2013 14:43:06 +0200 libsys-syslog-perl (0.29-1) unstable; urgency=low [ Jonathan Yu ] * Removed Alexis Sukrieh from Uploaders (Closes: #536160) [ gregor herrmann ] * debian/control: Changed: Switched Vcs-Browser field to ViewSVN (source stanza). [ Rene Mayorga ] * Email change: Rene Mayorga -> rmayorga@debian.org [ Nathan Handler ] * debian/watch: Update to ignore development releases. [ Ansgar Burchardt ] * Email change: Ansgar Burchardt -> ansgar@debian.org [ gregor herrmann ] * New upstream release (closes: #603251). * Switch to source format 3.0 (quilt); remove quilt framework. * Bump debhelper compatibility level to 8; use short dh debian/rules file. * Set Standards-Version to 3.9.2 (no changes). * Remove patch fix-man-page-line-too-long.patch, no longer needed. * debian/copyright: update years of upstream copyright and formatting. * debian/control: add libtest-portability-files-perl to Build-Depends. * Email change: Niko Tyni -> ntyni@debian.org -- gregor herrmann Tue, 19 Apr 2011 19:36:36 +0200 libsys-syslog-perl (0.27-1) unstable; urgency=low [ Ansgar Burchardt ] * New upstream release. * Add myself to Uploaders. * Convert debian/copyright to proposed machine-readable format. * Refresh debian/rules for debhelper 7 * Replace debian/README.source with a longer version [ gregor herrmann ] * debian/copyright: add information about fallback/syslog.h. * debian/rules: enable additional tests; leads to: * Strip URL mangling from fix-man-page-line-too-long.patch, lintian does not complain about them any more but Pod::Checker didn't like the syntax. -- Ansgar Burchardt Mon, 22 Sep 2008 12:08:18 +0200 libsys-syslog-perl (0.26-1) unstable; urgency=low * New upstream release. * debian/copyright: update years of copyright, correcty a small typo. * Refresh and extend patch fix-man-page-line-too-long.patch. * debian/control: change my email address. * Set Standards-Version to 3.8.0; add debian/README.source accordingly. * Make dependency on quilt versioned. * Refresh debian/rules, no functional changes. Don't install README any more. -- gregor herrmann Tue, 17 Jun 2008 17:57:11 +0200 libsys-syslog-perl (0.24-1) unstable; urgency=low * New upstream release. * Drop patch skip-test-that-needs-dev-log.dpatch, the problem is now fixed in the upstream test code. * Set Standards-Version to 3.7.3 (no changes needed). * debian/watch: use dist-based URL. * debian/rules: remove /usr/share/perl5 only if it exists. -- gregor herrmann Tue, 01 Jan 2008 22:06:17 +0100 libsys-syslog-perl (0.23-1) unstable; urgency=low [ gregor herrmann ] * New upstream release. * Update patch skip-test-that-needs-dev-log.dpatch. [ Damyan Ivanov ] * Fix usage of DESTDIR and PREFIX when invoking $(MAKE) install * Use '$@' when touching stamps * Re-wrapped Uploaders * Add dh_shlibdeps; add ${shlibs:Depends} and ${misc:Depends} to Depends -- gregor herrmann Sat, 17 Nov 2007 23:02:58 +0100 libsys-syslog-perl (0.22-1) unstable; urgency=low [ gregor herrmann ] * New upstream release. * debian/control: Added: Vcs-Svn field (source stanza); Vcs-Browser field (source stanza). Removed: XS-Vcs-Svn fields. * Drop patch eval_win32.patch, applied upstream. * Adapt patch fix-man-page-line-too-long.patch to new upstream code. * Update debian/copyright. * Install example script to /usr/share/doc/libsys-syslog-perl/examples/. [ Damyan Ivanov ] * [debian/rules] + Make build-stamp depend on configure-stamp (fixes parallel build) + Make configure-stamp depend on patch-stamp (avoids re-building) -- Damyan Ivanov Mon, 12 Nov 2007 15:01:00 +0200 libsys-syslog-perl (0.21-2) unstable; urgency=low * Add patch eval_win32.patch: don't try to use Sys::Syslog::Win32 (closes: #443878). * Add information about authors (from embedded documentation) to debian/copyright. -- gregor herrmann Sun, 30 Sep 2007 14:16:20 +0200 libsys-syslog-perl (0.21-1) unstable; urgency=low [ Damyan Ivanov ] * New upstream release * Fix upstream URL in debian/copyright * Added Homepage to debian/control * Added myself to Uploaders (and wrapped it) * Added fix-man-page-line-too-long.patch to break some rather long lines [ Rene Mayorga ] * libtest-distribution-perl added to Buld-Dep * Apply patch from previous version in order to skip tests if /dev/log is not present * use dpatch at debian/rules * Added myself to Uploaders * Moving Homapage from description as a Valid Control field -- Damyan Ivanov Mon, 24 Sep 2007 09:48:43 +0300 libsys-syslog-perl (0.20-1) UNRELEASED; urgency=low * New upstream release -- Damyan Ivanov Mon, 10 Sep 2007 16:04:04 +0300 libsys-syslog-perl (0.18-3) unstable; urgency=low * Fix warning from closelog(). (Closes: #417799) * Install the manual page. (Closes: #417800) * Mention in the long description that perl already includes an earlier version of this module. (Closes: #415969) * Use 'make distclean' instead of 'make clean' to clean up. * Update debian/watch. -- Niko Tyni Tue, 10 Apr 2007 22:04:14 +0300 libsys-syslog-perl (0.18-2) unstable; urgency=low [ gregor herrmann ] * New maintainer: Debian Perl Group. * Set debhelper compatibility level to 5. * Fix watch file. * Remove empty /usr/share/perl5 directory. * Add libtest-pod-perl and libtest-pod-coverage-perl to Build-Depends. * Don't ignore errors of $(MAKE) clean. [ Niko Tyni ] * t/syslog.t: skip tests that require a running syslogd. * Don't ignore the result of '$(MAKE) test'. [ Alexis Sukrieh ] * Fixed the Xs-Vcn-Svn entry (added a missing '/svn' in the path). -- Alexis Sukrieh Fri, 1 Dec 2006 10:35:50 +0100 libsys-syslog-perl (0.18-1) unstable; urgency=low * New upstream version. -- Matthias Klose Sun, 10 Sep 2006 22:16:54 +0000 libsys-syslog-perl (0.17-1) unstable; urgency=low * Initial package, dependency of mailscanner. -- Matthias Klose Sun, 20 Aug 2006 14:22:13 +0200 debian/compat0000644000000000000000000000000212745205231010365 0ustar 9 debian/rules0000755000000000000000000000003612745205231010246 0ustar #!/usr/bin/make -f %: dh $@ debian/patches/0000755000000000000000000000000012745206261010622 5ustar debian/patches/CVE-2016-1238.patch0000644000000000000000000000127412745206261013245 0ustar From 64cdffee5a52d4b73a707584d4aac3df9b119a5c Mon Sep 17 00:00:00 2001 From: Dominic Hargreaves Date: Sun, 24 Jul 2016 19:43:50 +0100 Subject: [PATCH] Remove . from @INC when loading modules dynamically [CVE-2016-1238] --- Syslog.pm | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Syslog.pm b/Syslog.pm index 25164af..eed224a 100644 --- a/Syslog.pm +++ b/Syslog.pm @@ -888,6 +888,8 @@ sub silent_eval (&) { sub can_load { my ($module, $verbose) = @_; local($SIG{__DIE__}, $SIG{__WARN__}, $@); + local @INC = @INC; + pop @INC if $INC[-1] eq '.'; my $loaded = eval "use $module; 1"; warn $@ if not $loaded and $verbose; return $loaded -- 2.1.4 debian/patches/series0000644000000000000000000000002412745205751012036 0ustar CVE-2016-1238.patch debian/control0000644000000000000000000000241612745205250010576 0ustar Source: libsys-syslog-perl Maintainer: Debian Perl Group Uploaders: gregor herrmann , Niko Tyni , Damyan Ivanov , Rene Mayorga , Ansgar Burchardt Section: perl Priority: optional Build-Depends: debhelper (>= 9.20120312), perl, libtest-distribution-perl, libtest-portability-files-perl Standards-Version: 3.9.4 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-perl/packages/libsys-syslog-perl.git Vcs-Git: git://anonscm.debian.org/pkg-perl/packages/libsys-syslog-perl.git Homepage: https://metacpan.org/release/Sys-Syslog/ Package: libsys-syslog-perl Architecture: any Depends: ${perl:Depends}, ${shlibs:Depends}, ${misc:Depends} Description: Perl interface to the UNIX syslog(3) calls Sys::Syslog is an interface to the UNIX syslog(3) program. Call syslog() with a string priority and a list of printf() args just like syslog(3). . Note that an earlier version of this module is included in the perl package, and this one will override it when installed. Please don't depend on this package unnecessarily if the older one is enough. debian/libsys-syslog-perl.examples0000644000000000000000000000000512745205231014505 0ustar eg/* debian/source/0000755000000000000000000000000012745205231010467 5ustar debian/source/format0000644000000000000000000000001412745205231011675 0ustar 3.0 (quilt) debian/copyright0000644000000000000000000000603212745205250011124 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: Sys-Syslog Upstream-Contact: Sebastien Aperghis-Tramoni Source: https://metacpan.org/release/Sys-Syslog/ Files: * Copyright: 1990-2012, Larry Wall and others License: Artistic or GPL-1+ Files: debian/* Copyright: 2006, Alexis Sukrieh 2006, Matthias Klose 2006-2013, gregor herrmann 2006-2007, Niko Tyni > 2007, Damyan Ivanov 2007, Rene Mayorga 2008, Ansgar Burchardt License: Artistic or GPL-1+ Files: ppport.h Copyright: 2004-2010, Marcus Holland-Moritz 2001, Paul Marquess (Version 2.x) 1999, Kenneth Albanowski (Version 1.x) License: Artistic or GPL-1+ Files: fallback/syslog.h Copyright: 1982, 1986, 1988, 1993, The Regents of the University of California License: BSD-3 Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 4. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. . THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. License: Artistic This program is free software; you can redistribute it and/or modify it under the terms of the Artistic License, which comes with Perl. . On Debian systems, the complete text of the Artistic License can be found in `/usr/share/common-licenses/Artistic'. License: GPL-1+ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 1, or (at your option) any later version. . On Debian systems, the complete text of version 1 of the GNU General Public License can be found in `/usr/share/common-licenses/GPL-1'. debian/watch0000644000000000000000000000015612745205250010223 0ustar version=3 https://metacpan.org/release/Sys-Syslog/ .*/Sys-Syslog-v?(\d[\d.]+)\.(?:tar(?:\.gz|\.bz2)?|tgz|zip)