php-htmlpurifier (4.6.0-1) unstable; urgency=medium * Team upload * New upstream release, fixes security flaws (Closes: #764885) * Restart packaging within the Debian PHP PEAR Maintainers team * Move symlink to directory * Use a default writable directory in /var/lib * Convert copyright to format 1.0 -- David Prévot Fri, 17 Oct 2014 18:09:34 -0400 php-htmlpurifier (4.4.0+dfsg1-2) unstable; urgency=low [ Martin von Wittich ] * Fix undefined array index deref (Closes: #736835) [ Thorsten Glaser ] * Remove myself from Uploaders -- Thorsten Glaser Tue, 11 Feb 2014 21:59:25 +0100 php-htmlpurifier (4.4.0+dfsg1-1) unstable; urgency=low * New upstream release; upstream WHATSNEW says: │HTML Purifier 4.4.0 is a minor security release addressing a │security vulnerability associated with some optional functionality. │It also contains an accumulation of new features and bugfixes over │half a year. New configuration options include %HTML.TargetBlank, │%HTML.AllowedComments, %HTML.AllowedCommentsRegexp, │%HTML.SafeIframe, %URI.SafeIframeRegexp, %Core.EnableIDNA (requires │PEAR Net_IDNA2 module and doesn't work for PHP 5.0.5). We also now │support the 'scope' attribute on tables. * Switch to debian/source/format 3.0 (quilt) with the single-debian-patch local-option * Omit .git* files when repacking any further .orig.tar.gz * Use a paxcpio (from the pax package) feature to shrink .orig.tar.gz * debian/rules: Modernise; add build-{arch,indep} targets * debian/control: Add VCS-{git,Browser}, Policy 3.9.3 (no changes) -- Thorsten Glaser Fri, 30 Mar 2012 11:42:47 +0200 php-htmlpurifier (4.3.0+dfsg1-1) unstable; urgency=low * New upstream release; upstream WHATSNEW says: │HTML Purifier 4.3.0 is a major security release addressing various │security vulnerabilities related to user-submitted code and │legitimate client-side scripts. It also contains an accumulation of │new features and bugfixes over half a year. New configuration │options include %CSS.Trusted, %CSS.AllowedFonts and │%Cache.SerializerPermissions. There is a backwards-incompatible API │change for customized raw definitions, see │ for │details. * Document that %Cache.SerializerPath *MUST* be used, because the upstream standard location cannot be written to in a packaged version (being system-global) for security reasons. Also switch %Cache.DefinitionImpl from "Serializer" to NULL to make the standard installation, although with degraded performance, work as-is. Document in README.Debian. (Closes: #611305) * Solves TEMP-0000000-196897 security issue. -- Thorsten Glaser Sat, 02 Apr 2011 16:55:15 +0000 php-htmlpurifier (4.2.0+dfsg1-1) unstable; urgency=low * New upstream release; upstream WHATSNEW says: │HTML Purifier 4.2.0 is a minor release that implements a number of │feature requests accumulated over half a year. New configuration │options include %Core.RemoveProcessingInstructions, │%CSS.ForbiddenProperties, %HTML.FlashAllowFullScreen and │%Core.NormalizeNewlines. Additionally,%URI.DisableResources is │now functional and file: is an optionally supported URI scheme. │There are also some minor bugfixes, usability improvements and │documentation updates. * Install NEWS as upstream changelog, as it’s its intentional use * Policy 3.9.1 (no relevant changes) -- Thorsten Glaser Wed, 13 Oct 2010 13:40:21 +0000 php-htmlpurifier (4.1.1+dfsg1-1) unstable; urgency=high * New upstream release; upstream WHATSNEW says: | HTML Purifier 4.1.1 is a major security and bugfix release that | improves on 4.1's fix for an XSS vulnerability exploitable on Internet | Explorer. It also contains a number of important bugfixes, including | the removal of improper logic that could result in infinite loops and | fixed parsing for single-attributes with entities with DirectLex. * Set urgency=high due to second attempt at XSS bugfix, no CVE number (SA39613) (Closes: #586061) (LP: #582576) * /usr/share/php-htmlpurifier/tests/index.php no longer has a shebang, so do not chmod +x it -- Thorsten Glaser Thu, 17 Jun 2010 14:45:26 +0000 php-htmlpurifier (4.1.0+dfsg1-1) unstable; urgency=high * New upstream release; upstream WHATSNEW says: | HTML Purifier 4.1 is a major security release that fixes an XSS | vulnerability exploitable on Internet Explorer. It also contains | a number of new features, including dramatically more flexible Flash | support, including %Output.FlashCompat to replace %HTML.SafeEmbed, | optional support for the data: URI scheme and better HTML parsing | capabilities. Setting urgency=high due to XSS bugfix. * debian/rules (get-orig-source): support uscan downloaded files -- Thorsten Glaser Thu, 29 Apr 2010 09:10:27 +0000 php-htmlpurifier (4.0.0+dfsg1-1) unstable; urgency=low * Take original upstream tarball, removing non-DFSG-free XHTML schema and entities and other unlicenced material, instead of what dh-make-pear produces. * Completely re-do the packaging to avoid all that php-pear brings with it, including “channels”. (Closes: #572184) * Add myself and Roland Mas as Uploader due to request for help of the maintainer. * Install both library and documentation. -- Thorsten Glaser Tue, 16 Mar 2010 14:04:20 +0000 php-htmlpurifier (4.0.0-2) unstable; urgency=low * Add htmlpurifier.org.reg channel so build in a debootstrap env works (Closes: #551243) * Rewiewed autoformated description (Closes: #531019) This time closes the right bug -- Christian Bayle Tue, 03 Nov 2009 13:25:53 +0100 php-htmlpurifier (4.0.0-1) unstable; urgency=low * New Upstream Version (Closes: #549343). * Rewiewed autoformated description (Closes: #534019) -- Christian Bayle Mon, 12 Oct 2009 21:02:41 +0200 php-htmlpurifier (3.3.0-1) unstable; urgency=low * Initial Release (Closes: #462150). -- Christian Bayle Tue, 12 May 2009 22:28:14 +0200