Import Debian changes 3.1.34+20190228.1.c9f0de05+selfpack1-1

smarty3 (3.1.34+20190228.1.c9f0de05+selfpack1-1) unstable; urgency=medium

  * New upstream release.
  * debian/control:
    + Bump Standards-Version: to 4.4.1. No changes needed.
    + Add Rules-Requires-Root: field and set it to "no".
  * debian/{control,compat}:
    + Switch to debhelper-compat notation. Bump DH comat level to version 12.

smarty3 (3.1.33+20180830.1.3a78a21f+selfpack1-1) unstable; urgency=medium

  * New upstream release.
    - CVE-2018-16831: Don't bypass trusted directories with "../". (Closes:
      #908698).
  * debian/control:
    + Bump Standards-Version: to 4.2.1. No changes needed.

smarty3 (3.1.32+20180424.1.ac9d4b58+selfpack1-1) unstable; urgency=medium

  * New upstream release.
  * debian/*: White-space clean-up at EOL.
  * debian/patches:
    + Drop 0001_CVE-2017-1000480.patch. Applied upstream.
  * debian/rules:
    + Avoid using dpkg-parsechangelog.
  * debian/copyright:
    + Update copyright attributions.
    + Use secure URI to obtain copyright references.
    + Add global Comment: field. Explain about brokenness of upstream tarballs.
  * debian/control:
    + Update Vcs-*: fields. Packaging Git has been migrated to
      salsa.debian.org.
    + Bump Standards-Version: to 4.1.4. No changes needed.
  * debian/{control,compat}:
    + Bump DH version level to 11.

smarty3 (3.1.31+20161214.1.c7d42e4+selfpack1-3) unstable; urgency=medium

  * debian/patches:
    + Add 0001_CVE-2017-1000480.patch. Fixes CVE-2017-1000480. (Closes:
      #886460).

smarty3 (3.1.31+20161214.1.c7d42e4+selfpack1-2) unstable; urgency=medium

  * Re-upload to Debian unstable to enforce package rebuild (as we don't
    have binNMUs for arch:all packages).

  * debian/control:
    + Update versioned B-D on smarty-lexer (>=  3.1.30+dfsg1-1.1~).
      This is to assure correct lexer/parser generation which was broken by
      smarty-lexer 3.1.30+dfsg1-1. See Debian bug #847571 for further
      reference.

smarty3 (3.1.31+20161214.1.c7d42e4+selfpack1-1) unstable; urgency=medium

  * New upstream release.
  * debian/rules:
    + Self-pack orig tarball from Git commit, due to broken upstream
      tarball generation on Github. For details see:
      smarty-php/smarty#325
  * debian/copyright:
    + Update copyright attributions.

smarty3 (3.1.30-1) unstable; urgency=medium

  * Upload to unstable.
  * Update versioned B-D:
    + smarty-lexert (>= 3.1.30+dfsg1-1~).

smarty3 (3.1.30-1~exp1) experimental; urgency=medium

  * New upstream release. Upload to experimental for testing with
    GOsa, FusionDirectory and other web portals that depend on Smarty3.
  * debian/copyright:
    + Update copyright attributions.

smarty3 (3.1.29-2) unstable; urgency=medium

  * Re-upload unchanged to unstable.

smarty3 (3.1.29-1) experimental; urgency=medium

  * New upstream release. (Closes: #825250).
  * debian/smarty3-lexer:
    + Remove shipped-with .plex and .y files for template and configfile
      parser/lexer. This version uses smarty-lexer src:package at build
      time instead.
  * debian/control:
    + Add B-D pkg-php-tools (for dh_phpcomposer)
    + Versioned B-D: debhelper (>= 9).
    + Use encrypted URLs for Vcs-*: field.
    + Bump Standards: to 3.9.8. No changes needed.
  * debian/{control,rules}:
    + Create internal lexer and parser PHP code at package build time (using
      B-D smarty-lexer). (Closes: #765730). This also solves issues in Debian
      package smarty3 3.1.21-1 caused by lexer/parser PHP files using the old
      trigger_error class API of Smarty.class.php. (Closes: #799282).
  * debian/smarty3.{install,docs}:
    + Use debhelper for installing bin:package files.
  * debian/compat:
    + Bump to DH version level 9.
  * debian/watch:
    + Upstream location has changed, now on Github.
  * debian/rules:
    + Use pure debhelper, with phpcomposer.
    + Make package build idempotent.
  * debian/copyright:
    + Update copyright attributions.

smarty3 (3.1.21-1.1) unstable; urgency=medium

  * Non-maintainer upload in coordination with the maintainer.
  * Update depends and README.Debian for the php 7.0 transition. Thanks to
    Wolfgang Schweer for the patch! (Closes: #821660)

smarty3 (3.1.21-1) unstable; urgency=medium

  * New upstream release. (Closes: #765920).
  * debian/smarty3-lexer:
    + Add 4 files from smarty3 SVN that are used to generate some PHP
      files in the upstream tarball. See README.lexer for details.
      (Closes: #636148).
  * debian/copyright:
    + Add copyright information for debian/smarty3-lexer/*.
    + Fix upstream license (LGPL-3 -> LGPL-3+) after reading the upstream-
      shipped COPYING.lib file more thoroughly.
    + Relicense debian/* under same license as upstream sources (LGPL-3+).
  * debian/control:
    + Bump Standards: to 3.9.6. No changes needed.

smarty3 (3.1.19-1) unstable; urgency=medium

  * New upstream release.
    + Obtain upstream sources as zip files from upstream. Stop checking out
      SVN tags. This change drops three embedded PHP libraries and files with
      problematic PHP licenses. (Closes: #752614).
  * debian/control:
    + Alioth-canonicalize Vcs-Git field.
    + Bump Standards: to 3.9.5. No changes needed.
  * lintian:
    + Drop unused override: embedded-php-library.

smarty3 (3.1.13-1) unstable; urgency=low

  * New upstream release.
  * /debian/control:
    + Use my DD address in Maintainer: field.
    + Bump Standards: to 3.9.4. No changes needed.
  * /debian/patches:
    + Drop patch: 001_escape-smarty-exception-messages.patch, included in new
      upstream release.

smarty3 (3.1.10-2) unstable; urgency=low

  * Fix CVE-2012-4437: Add patch 001_escape-smarty-exception-messages.patch.
    Closes: #688153.

smarty3 (3.1.10-1) unstable; urgency=low

  * New upstream release. Closes: #678095.

smarty3 (3.1.8-2) unstable; urgency=low

  * Package smarty3 provides smarty (closes: #657536).
  * Make /debian/copyright machine parsable, explicitly names files that
    have dissenting licenses, license /debian folder under GPLv2+.

smarty3 (3.1.8-1) experimental; urgency=low

  * New upstream release (rev. 4611).
  * New package maintainer (closes: #668200).
  * Add watch file (closes: #657385).
  * Add Vcs-* lines to control file.
  * Add README.source that explains how we obtain code from
    upstream SVN. Make sure all upstream source files are
    shipped with the Debian source package (closes: #636148).

smarty3 (3.1.0-1) experimental; urgency=low

  * New upstream release (rev. 4284)
  * Used the code source from subversion (Closes: #636148)
  * debian/copyright:
    + added LexerGenerator copyright
    + added ParserGenerator copyright
  * Fixed security holes:
    + multiple unspecified vulnerabilities (CVE-2009-5052, CVE-2009-5053,
      CVE-2010-4722, CVE-2010-4724, CVE-2010-4726)
    + not consider the umask value when setting the permissions of files
      (CVE-2009-5054)
    + not prevent access to the dynamic and private object members of an
      assigned object (CVE-2010-4723)
    + not properly handle an on value of the asp_tags option in the php.ini file
      (CVE-2010-4725)
    + not properly handle the <?php and ?> tags (CVE-2010-4727)

smarty3 (3.0.8-1) unstable; urgency=low

  * New upstream release (Closes: #631619)
  * Bumped Standards-Version to 3.9.2
  * Updated licence to LGPL-3

smarty3 (3.0~rc1-2) unstable; urgency=low

  * Bumped Standards-Version to 3.9.1
  * Removed debian/watch

smarty3 (3.0~rc1-1) unstable; urgency=low

  * Initial release (Closes: #580754)

debian/README.Debian

@@ -0,0 +1,12 @@
+smarty3 for Debian
+------------------
+
+In order to use Smarty 3 from your php scripts, you'll have to add
+/usr/share/php/smarty3 on the include_path of php, that is in the
+file /etc/php/{apache,apache2}/php.ini or use
+require("smarty3/Smarty.class.php");
+
+On smarty update, please note you will have to clear out all smarty
+generated files, by default in a templates_c directory.
+
+ -- Thierry Randrianiriana <thierry@debian.org>, Sat,  8 May 2010 15:05:10 +0300

debian/changelog

@@ -0,0 +1,253 @@
+smarty3 (3.1.34+20190228.1.c9f0de05+selfpack1-1) unstable; urgency=medium
+
+  * New upstream release.
+  * debian/control:
+    + Bump Standards-Version: to 4.4.1. No changes needed.
+    + Add Rules-Requires-Root: field and set it to "no".
+  * debian/{control,compat}:
+    + Switch to debhelper-compat notation. Bump DH comat level to version 12.
+
+ -- Mike Gabriel <sunweaver@debian.org>  Mon, 18 Nov 2019 10:49:54 +0100
+
+smarty3 (3.1.33+20180830.1.3a78a21f+selfpack1-1) unstable; urgency=medium
+
+  * New upstream release.
+    - CVE-2018-16831: Don't bypass trusted directories with "../". (Closes:
+      #908698).
+  * debian/control:
+    + Bump Standards-Version: to 4.2.1. No changes needed.
+
+ -- Mike Gabriel <sunweaver@debian.org>  Mon, 17 Sep 2018 13:04:18 +0200
+
+smarty3 (3.1.32+20180424.1.ac9d4b58+selfpack1-1) unstable; urgency=medium
+
+  * New upstream release.
+  * debian/*: White-space clean-up at EOL.
+  * debian/patches:
+    + Drop 0001_CVE-2017-1000480.patch. Applied upstream.
+  * debian/rules:
+    + Avoid using dpkg-parsechangelog.
+  * debian/copyright:
+    + Update copyright attributions.
+    + Use secure URI to obtain copyright references.
+    + Add global Comment: field. Explain about brokenness of upstream tarballs.
+  * debian/control:
+    + Update Vcs-*: fields. Packaging Git has been migrated to
+      salsa.debian.org.
+    + Bump Standards-Version: to 4.1.4. No changes needed.
+  * debian/{control,compat}:
+    + Bump DH version level to 11.
+
+ -- Mike Gabriel <sunweaver@debian.org>  Sun, 27 May 2018 23:21:33 +0200
+
+smarty3 (3.1.31+20161214.1.c7d42e4+selfpack1-3) unstable; urgency=medium
+
+  * debian/patches:
+    + Add 0001_CVE-2017-1000480.patch. Fixes CVE-2017-1000480. (Closes:
+      #886460).
+
+ -- Mike Gabriel <sunweaver@debian.org>  Sun, 14 Jan 2018 11:13:16 +0100
+
+smarty3 (3.1.31+20161214.1.c7d42e4+selfpack1-2) unstable; urgency=medium
+
+  * Re-upload to Debian unstable to enforce package rebuild (as we don't
+    have binNMUs for arch:all packages).
+
+  * debian/control:
+    + Update versioned B-D on smarty-lexer (>=  3.1.30+dfsg1-1.1~).
+      This is to assure correct lexer/parser generation which was broken by
+      smarty-lexer 3.1.30+dfsg1-1. See Debian bug #847571 for further
+      reference.
+
+ -- Mike Gabriel <sunweaver@debian.org>  Tue, 21 Mar 2017 10:13:01 +0100
+
+smarty3 (3.1.31+20161214.1.c7d42e4+selfpack1-1) unstable; urgency=medium
+
+  * New upstream release.
+  * debian/rules:
+    + Self-pack orig tarball from Git commit, due to broken upstream
+      tarball generation on Github. For details see:
+      https://github.com/smarty-php/smarty/issues/325
+  * debian/copyright:
+    + Update copyright attributions.
+
+ -- Mike Gabriel <sunweaver@debian.org>  Tue, 24 Jan 2017 21:17:51 +0100
+
+smarty3 (3.1.30-1) unstable; urgency=medium
+
+  * Upload to unstable.
+  * Update versioned B-D:
+    + smarty-lexert (>= 3.1.30+dfsg1-1~).
+
+ -- Mike Gabriel <sunweaver@debian.org>  Fri, 25 Nov 2016 19:52:30 +0100
+
+smarty3 (3.1.30-1~exp1) experimental; urgency=medium
+
+  * New upstream release. Upload to experimental for testing with
+    GOsa, FusionDirectory and other web portals that depend on Smarty3.
+  * debian/copyright:
+    + Update copyright attributions.
+
+ -- Mike Gabriel <sunweaver@debian.org>  Thu, 20 Oct 2016 14:00:22 +0200
+
+smarty3 (3.1.29-2) unstable; urgency=medium
+
+  * Re-upload unchanged to unstable.
+
+ -- Mike Gabriel <sunweaver@debian.org>  Fri, 07 Oct 2016 14:03:44 +0200
+
+smarty3 (3.1.29-1) experimental; urgency=medium
+
+  * New upstream release. (Closes: #825250).
+  * debian/smarty3-lexer:
+    + Remove shipped-with .plex and .y files for template and configfile
+      parser/lexer. This version uses smarty-lexer src:package at build
+      time instead.
+  * debian/control:
+    + Add B-D pkg-php-tools (for dh_phpcomposer)
+    + Versioned B-D: debhelper (>= 9).
+    + Use encrypted URLs for Vcs-*: field.
+    + Bump Standards: to 3.9.8. No changes needed.
+  * debian/{control,rules}:
+    + Create internal lexer and parser PHP code at package build time (using
+      B-D smarty-lexer). (Closes: #765730). This also solves issues in Debian
+      package smarty3 3.1.21-1 caused by lexer/parser PHP files using the old
+      trigger_error class API of Smarty.class.php. (Closes: #799282).
+  * debian/smarty3.{install,docs}:
+    + Use debhelper for installing bin:package files.
+  * debian/compat:
+    + Bump to DH version level 9.
+  * debian/watch:
+    + Upstream location has changed, now on Github.
+  * debian/rules:
+    + Use pure debhelper, with phpcomposer.
+    + Make package build idempotent.
+  * debian/copyright:
+    + Update copyright attributions.
+
+ -- Mike Gabriel <sunweaver@debian.org>  Mon, 30 May 2016 14:03:16 +0200
+
+smarty3 (3.1.21-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload in coordination with the maintainer.
+  * Update depends and README.Debian for the php 7.0 transition. Thanks to
+    Wolfgang Schweer for the patch! (Closes: #821660)
+
+ -- Holger Levsen <holger@debian.org>  Mon, 23 May 2016 11:32:02 +0200
+
+smarty3 (3.1.21-1) unstable; urgency=medium
+
+  * New upstream release. (Closes: #765920).
+  * debian/smarty3-lexer:
+    + Add 4 files from smarty3 SVN that are used to generate some PHP
+      files in the upstream tarball. See README.lexer for details.
+      (Closes: #636148).
+  * debian/copyright:
+    + Add copyright information for debian/smarty3-lexer/*.
+    + Fix upstream license (LGPL-3 -> LGPL-3+) after reading the upstream-
+      shipped COPYING.lib file more thoroughly.
+    + Relicense debian/* under same license as upstream sources (LGPL-3+).
+  * debian/control:
+    + Bump Standards: to 3.9.6. No changes needed.
+
+ -- Mike Gabriel <sunweaver@debian.org>  Sun, 19 Oct 2014 23:45:18 +0200
+
+smarty3 (3.1.19-1) unstable; urgency=medium
+
+  * New upstream release.
+    + Obtain upstream sources as zip files from upstream. Stop checking out
+      SVN tags. This change drops three embedded PHP libraries and files with
+      problematic PHP licenses. (Closes: #752614).
+  * debian/control:
+    + Alioth-canonicalize Vcs-Git field.
+    + Bump Standards: to 3.9.5. No changes needed.
+  * lintian:
+    + Drop unused override: embedded-php-library.
+
+ -- Mike Gabriel <sunweaver@debian.org>  Mon, 04 Aug 2014 21:32:20 +0200
+
+smarty3 (3.1.13-1) unstable; urgency=low
+
+  * New upstream release.
+  * /debian/control:
+    + Use my DD address in Maintainer: field.
+    + Bump Standards: to 3.9.4. No changes needed.
+  * /debian/patches:
+    + Drop patch: 001_escape-smarty-exception-messages.patch, included in new
+      upstream release.
+
+ -- Mike Gabriel <sunweaver@debian.org>  Mon, 06 May 2013 10:19:14 +0200
+
+smarty3 (3.1.10-2) unstable; urgency=low
+
+  * Fix CVE-2012-4437: Add patch 001_escape-smarty-exception-messages.patch.
+    Closes: #688153.
+
+ -- Mike Gabriel <mike.gabriel@das-netzwerkteam.de>  Sat, 22 Sep 2012 21:32:58 +0200
+
+smarty3 (3.1.10-1) unstable; urgency=low
+
+  * New upstream release. Closes: #678095.
+
+ -- Mike Gabriel <mike.gabriel@das-netzwerkteam.de>  Tue, 19 Jun 2012 16:41:06 +0200
+
+smarty3 (3.1.8-2) unstable; urgency=low
+
+  * Package smarty3 provides smarty (closes: #657536).
+  * Make /debian/copyright machine parsable, explicitly names files that
+    have dissenting licenses, license /debian folder under GPLv2+.
+
+ -- Mike Gabriel <mike.gabriel@das-netzwerkteam.de>  Thu, 17 May 2012 00:32:29 +0200
+
+smarty3 (3.1.8-1) experimental; urgency=low
+
+  * New upstream release (rev. 4611).
+  * New package maintainer (closes: #668200).
+  * Add watch file (closes: #657385).
+  * Add Vcs-* lines to control file.
+  * Add README.source that explains how we obtain code from
+    upstream SVN. Make sure all upstream source files are
+    shipped with the Debian source package (closes: #636148).
+
+ -- Mike Gabriel <mike.gabriel@das-netzwerkteam.de>  Thu, 10 May 2012 10:44:55 +0200
+
+smarty3 (3.1.0-1) experimental; urgency=low
+
+  * New upstream release (rev. 4284)
+  * Used the code source from subversion (Closes: #636148)
+  * debian/copyright:
+    + added LexerGenerator copyright
+    + added ParserGenerator copyright
+  * Fixed security holes:
+    + multiple unspecified vulnerabilities (CVE-2009-5052, CVE-2009-5053,
+      CVE-2010-4722, CVE-2010-4724, CVE-2010-4726)
+    + not consider the umask value when setting the permissions of files
+      (CVE-2009-5054)
+    + not prevent access to the dynamic and private object members of an
+      assigned object (CVE-2010-4723)
+    + not properly handle an on value of the asp_tags option in the php.ini file
+      (CVE-2010-4725)
+    + not properly handle the <?php and ?> tags (CVE-2010-4727)
+
+ -- Thierry Randrianiriana <thierry@debian.org>  Sat, 17 Sep 2011 21:22:11 +0300
+
+smarty3 (3.0.8-1) unstable; urgency=low
+
+  * New upstream release (Closes: #631619)
+  * Bumped Standards-Version to 3.9.2
+  * Updated licence to LGPL-3
+
+ -- Thierry Randrianiriana <thierry@debian.org>  Wed, 20 Jul 2011 11:29:24 +0300
+
+smarty3 (3.0~rc1-2) unstable; urgency=low
+
+  * Bumped Standards-Version to 3.9.1
+  * Removed debian/watch
+
+ -- Thierry Randrianiriana <thierry@debian.org>  Tue, 21 Sep 2010 14:45:44 +0300
+
+smarty3 (3.0~rc1-1) unstable; urgency=low
+
+  * Initial release (Closes: #580754)
+
+ -- Thierry Randrianiriana <thierry@debian.org>  Sat, 08 May 2010 14:36:04 +0300

debian/control

@@ -0,0 +1,37 @@
+Source: smarty3
+Section: web
+Priority: optional
+Maintainer: Mike Gabriel <sunweaver@debian.org>
+Uploaders:
+ Debian Edu Packaging Team <debian-edu-pkg-team@lists.alioth.debian.org>,
+Build-Depends:
+ debhelper-compat (= 12),
+ pkg-php-tools (>= 1.7~),
+ smarty-lexer (>= 3.1.30+dfsg1-1.1~),
+Standards-Version: 4.4.1
+Rules-Requires-Root: no
+Vcs-Git: https://salsa.debian.org/debian/smarty3.git
+Vcs-Browser: https://salsa.debian.org/debian/smarty3
+Homepage: http://www.smarty.net/
+
+Package: smarty3
+Architecture: all
+Depends:
+ php | php-cgi | php-cli,
+ ${misc:Depends},
+ ${phpcomposer:Debian-require},
+Provides:
+ ${phpcomposer:Debian-provide},
+Suggests:
+ ${phpcomposer:Debian-suggest},
+Conflicts:
+ ${phpcomposer:Debian-conflict},
+Description: ${phpcomposer:description}
+ Smarty is a template engine for PHP. More specifically, it
+ facilitates a manageable way to separate application logic and content
+ from its presentation.
+ .
+ Smarty 3.1 is a departure from 2.0 compatibility. Most notably, all
+ backward compatibility has been moved to a separate class file named
+ SmartyBC.class.php. If you require compatibility with 2.0, you will
+ need to use this class.

debian/copyright

@@ -0,0 +1,52 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: Smarty
+Upstream-Contact:
+ Monte Ohrt <monte@ohrt.com>
+ Uwe Tews <uwe.tews@googlemail.com>
+Source: http://www.smarty.net
+Comment:
+ Tarball self-packed due to broken upstream tarballs (since 3.1.31).
+ See: https://github.com/smarty-php/smarty/issues/325
+
+Files: change_log.txt
+       COMPOSER_RELEASE_NOTES.txt
+       demo/*
+       lexer/*
+       libs/*
+       utilities/*
+       INHERITANCE_RELEASE_NOTES.txt
+       NEW_FEATURES.txt
+       README
+       README.md
+       SMARTY_2_BC_NOTES.txt
+       SMARTY_3.0_BC_NOTES.txt
+       SMARTY_3.1_NOTES.txt
+       composer.json
+       error_reporting.ini
+Copyright:
+ 2001-2008, New Digital Group, Inc.
+License: LGPL-3+
+
+Files: debian/*
+Copyright:
+ 2010-2011, Thierry Randrianiriana <thierry@debian.org>
+ 2012, Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
+License: LGPL-3+
+
+License: LGPL-3+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Library General Public
+ License as published by the Free Software Foundation; either
+ version 3 of the License, or (at your option) any later version.
+ .
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ Library General Public License for more details.
+ .
+ You should have received a copy of the GNU Library General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ .
+ On Debian systems, the complete text of the GNU Library General
+ Public License version 3 can be found in "/usr/share/common-licenses/LGPL-3".