php-htmlpurifier (4.6.0-1) unstable; urgency=medium
* Team upload
* New upstream release, fixes security flaws (Closes: #764885)
* Restart packaging within the Debian PHP PEAR Maintainers team
* Move symlink to directory
* Use a default writable directory in /var/lib
* Convert copyright to format 1.0
-- David Prévot Fri, 17 Oct 2014 18:09:34 -0400
php-htmlpurifier (4.4.0+dfsg1-2) unstable; urgency=low
[ Martin von Wittich ]
* Fix undefined array index deref (Closes: #736835)
[ Thorsten Glaser ]
* Remove myself from Uploaders
-- Thorsten Glaser Tue, 11 Feb 2014 21:59:25 +0100
php-htmlpurifier (4.4.0+dfsg1-1) unstable; urgency=low
* New upstream release; upstream WHATSNEW says:
│HTML Purifier 4.4.0 is a minor security release addressing a
│security vulnerability associated with some optional functionality.
│It also contains an accumulation of new features and bugfixes over
│half a year. New configuration options include %HTML.TargetBlank,
│%HTML.AllowedComments, %HTML.AllowedCommentsRegexp,
│%HTML.SafeIframe, %URI.SafeIframeRegexp, %Core.EnableIDNA (requires
│PEAR Net_IDNA2 module and doesn't work for PHP 5.0.5). We also now
│support the 'scope' attribute on tables.
* Switch to debian/source/format 3.0 (quilt) with
the single-debian-patch local-option
* Omit .git* files when repacking any further .orig.tar.gz
* Use a paxcpio (from the pax package) feature to shrink .orig.tar.gz
* debian/rules: Modernise; add build-{arch,indep} targets
* debian/control: Add VCS-{git,Browser}, Policy 3.9.3 (no changes)
-- Thorsten Glaser Fri, 30 Mar 2012 11:42:47 +0200
php-htmlpurifier (4.3.0+dfsg1-1) unstable; urgency=low
* New upstream release; upstream WHATSNEW says:
│HTML Purifier 4.3.0 is a major security release addressing various
│security vulnerabilities related to user-submitted code and
│legitimate client-side scripts. It also contains an accumulation of
│new features and bugfixes over half a year. New configuration
│options include %CSS.Trusted, %CSS.AllowedFonts and
│%Cache.SerializerPermissions. There is a backwards-incompatible API
│change for customized raw definitions, see
│ for
│details.
* Document that %Cache.SerializerPath *MUST* be used, because the
upstream standard location cannot be written to in a packaged
version (being system-global) for security reasons. Also switch
%Cache.DefinitionImpl from "Serializer" to NULL to make the
standard installation, although with degraded performance, work
as-is. Document in README.Debian. (Closes: #611305)
* Solves TEMP-0000000-196897 security issue.
-- Thorsten Glaser Sat, 02 Apr 2011 16:55:15 +0000
php-htmlpurifier (4.2.0+dfsg1-1) unstable; urgency=low
* New upstream release; upstream WHATSNEW says:
│HTML Purifier 4.2.0 is a minor release that implements a number of
│feature requests accumulated over half a year. New configuration
│options include %Core.RemoveProcessingInstructions,
│%CSS.ForbiddenProperties, %HTML.FlashAllowFullScreen and
│%Core.NormalizeNewlines. Additionally,%URI.DisableResources is
│now functional and file: is an optionally supported URI scheme.
│There are also some minor bugfixes, usability improvements and
│documentation updates.
* Install NEWS as upstream changelog, as it’s its intentional use
* Policy 3.9.1 (no relevant changes)
-- Thorsten Glaser Wed, 13 Oct 2010 13:40:21 +0000
php-htmlpurifier (4.1.1+dfsg1-1) unstable; urgency=high
* New upstream release; upstream WHATSNEW says:
| HTML Purifier 4.1.1 is a major security and bugfix release that
| improves on 4.1's fix for an XSS vulnerability exploitable on Internet
| Explorer. It also contains a number of important bugfixes, including
| the removal of improper logic that could result in infinite loops and
| fixed parsing for single-attributes with entities with DirectLex.
* Set urgency=high due to second attempt at XSS bugfix, no CVE number
(SA39613) (Closes: #586061) (LP: #582576)
* /usr/share/php-htmlpurifier/tests/index.php no longer has a shebang,
so do not chmod +x it
-- Thorsten Glaser Thu, 17 Jun 2010 14:45:26 +0000
php-htmlpurifier (4.1.0+dfsg1-1) unstable; urgency=high
* New upstream release; upstream WHATSNEW says:
| HTML Purifier 4.1 is a major security release that fixes an XSS
| vulnerability exploitable on Internet Explorer. It also contains
| a number of new features, including dramatically more flexible Flash
| support, including %Output.FlashCompat to replace %HTML.SafeEmbed,
| optional support for the data: URI scheme and better HTML parsing
| capabilities.
Setting urgency=high due to XSS bugfix.
* debian/rules (get-orig-source): support uscan downloaded files
-- Thorsten Glaser Thu, 29 Apr 2010 09:10:27 +0000
php-htmlpurifier (4.0.0+dfsg1-1) unstable; urgency=low
* Take original upstream tarball, removing non-DFSG-free XHTML
schema and entities and other unlicenced material, instead
of what dh-make-pear produces.
* Completely re-do the packaging to avoid all that php-pear
brings with it, including “channels”. (Closes: #572184)
* Add myself and Roland Mas as Uploader due to request for help
of the maintainer.
* Install both library and documentation.
-- Thorsten Glaser Tue, 16 Mar 2010 14:04:20 +0000
php-htmlpurifier (4.0.0-2) unstable; urgency=low
* Add htmlpurifier.org.reg channel so build in a debootstrap env
works (Closes: #551243)
* Rewiewed autoformated description (Closes: #531019)
This time closes the right bug
-- Christian Bayle Tue, 03 Nov 2009 13:25:53 +0100
php-htmlpurifier (4.0.0-1) unstable; urgency=low
* New Upstream Version (Closes: #549343).
* Rewiewed autoformated description (Closes: #534019)
-- Christian Bayle Mon, 12 Oct 2009 21:02:41 +0200
php-htmlpurifier (3.3.0-1) unstable; urgency=low
* Initial Release (Closes: #462150).
-- Christian Bayle Tue, 12 May 2009 22:28:14 +0200