[ubuntu/quantal] php5 5.4.4-1ubuntu1 (Accepted)
Clint Byrum
clint at ubuntu.com
Tue Jun 19 06:20:41 UTC 2012
php5 (5.4.4-1ubuntu1) quantal; urgency=low
* Merge from Debian unstable. Remaining changes:
- d/rules: Simplify apache config settings since we never build
interbase or firebird.
- debian/rules: export DEB_HOST_MULTIARCH properly.
- Add build-dependency on lemon, which we now need.
- Dropped firebird2.1-dev, libc-client-dev, libmcrypt-dev as it is in universe.
- Dropped libcurl-dev not in the archive.
- debian/control: replace build-depends on mysql-server with
mysql-server-core-5.5 and mysql-client-5.5 to avoid upstart and
mysql-server-5.5 postinst confusion with starting up multiple
mysqlds listening on the same port.
- Dropped php5-imap, php5-interbase, php5-mcrypt since we have versions
already in universe.
- Dropped libonig-dev and libqgdbm since its in universe. (libonig MIR
has been declined due to an inactive upstream. So this is probably
a permanent change).
- modulelist: Drop imap, interbase, sybase, and mcrypt.
- debian/rules:
* Dropped building of mcrypt, imap, and interbase.
* Install apport hook for php5.
* stop mysql instance on clean just in case we failed in tests
* Dropped Changes:
* d/rules: enable Suhosin patch with PHP5_SUHOSIN=yes -- Upstream suhosin
has been slow to adopt PHP 5.4, and is showing signs of disengagement.
Therefore, we will follow Debian's lead and drop Suhosin for now.
- d/control: build-depend on mysql 5.5 instead of 5.1 for running tests.
-- Debian just deps on mysql-server
- Suggest php5-suhosin rather than recommends. -- Dropping suhosin
- d/setup-mysql.sh: modify to work with mysql 5.5 differences -- superseded
in Debian.
- Only build php5-sqlite for sqlite3, dropping the obsolete sqlite2. --
superseded in Debian
- d/maxlifetime: Improve maxlifetime script to scan for more SAPIs and
scan all *.ini in conf.d directory. -- Change came from Debian
- d/libapache2-mod-php5.postinst,libapache2-mod-php5filter.postinst:
Restart apache on first install to ensure module is fully enabled.
-- Change came from Debian
- debian/patches/php5-CVE-2012-1823.patch: filter query strings that
are prefixed with '-' -- Fixed upstream
- debian/control: Recommend php5-dev for php-pear. -- This was a poorly
conceived idea anyway.
- Pre-Depend on a new enough version of dpkg for dpkg-maintscript-helper
rather than checking whether it exists at run-time, leading to more
predictable behaviour on upgrades. -- Applied in Debian
- d/p/gd-multiarch-fix.patch: superseded
* d/NEWS: add note explaining that SUHOSIN is no longer enabled in the
Ubuntu packages.
php5 (5.4.4-1) unstable; urgency=low
* Imported Upstream version 5.4.4
* Generate 16 char salt instead of 12 char salt for SHA-512
php5 (5.4.4~rc2-1) unstable; urgency=low
* Imported Upstream version 5.4.4~rc2
php5 (5.4.4~rc1-1) unstable; urgency=low
* Imported Upstream version 5.4.4~rc1
+ CVE-2012-2386: Fix integer overflow leading to heap-buffer overflow
in the Phar extension
* Remove some READMEs removed by upstream
+ README.SVN-RULES - upstream has moved to git
+ README.Zeus - Zeus Web Server is dead
* CVE-2012-2386: one additional, similar vulnerable code construct in
the Phar extension
php5 (5.4.3-6) unstable; urgency=low
[ Ondřej Surý ]
* Merge 5.3.10-1 and 5.3.10-2 changelog
* Remove *.patch from .gitignore, it broke adding quilt patches
* Revert "Use system libzip (Pulled from Fedora)" (Closes: #674151)
* Add patch to fix tt-rss backend php crash (Closes: #666200)
[ Thorsten Glaser ]
* Add support for Linux/m68k atomics needed by the FPM SAPI
(Closes: #672277)
[ Gedalya ]
* Add logrotate script for php5-fpm (Closes: #673558)
php5 (5.4.3-5) unstable; urgency=low
* Pull patches from Fedora:
+ Update use_embedded_timezonedb.patch to r8: fix compile error
without --with-system-tzdata configured
+ Add ldconfig post/postun for -embedded (Hans de Goede)
+ Use RTLD_NOW instead of RTLD_LAZY (pulled from Fedora)
+ Use system libzip (pulled from Fedora)
* Disable undefined ZIP_OVERWRITE to allow compile with system libzip
php5 (5.4.3-4) unstable; urgency=low
* Fix tests ([ERROR] Can't start server: bind-address refers to
multiple interfaces!) (Closes: #672588)
php5 (5.4.3-3) unstable; urgency=low
* Disable log redirection in debian/setup-mysql.sh to help diagnose
the setup-mysql.sh failure (still not fixed, but not reproduceable
on my local box)
php5 (5.4.3-2) unstable; urgency=low
* Add --no-defaults to rest of the mysql commands in setup-mysql.sh
script (Closes: #672588)
* Add debugging info to debian/setup-mysql.sh to help diagnose any
further problems
php5 (5.4.3-1) unstable; urgency=low
* Imported Upstream version 5.4.3
+ CVE-2012-2311: Complete fix for PHP-CGI query string parameter
vulnerability
+ CVE-2012-2329: Fix a buffer overflow vulnerability in the
apache_request_headers() (PHP 5.3 is not vulnerable)
php5 (5.4.2-1) unstable; urgency=low
* Imported Upstream version 5.4.2
+ CVE-2012-1823: Fix PHP-CGI query string parameter vulnerability.
php5 (5.4.1-1) unstable; urgency=low
* Imported Upstream version 5.4.1
+ Fixed insufficient validating of upload name leading to corrupted
$_FILES indices). (CVE-2012-1172).
+ Add open_basedir checks to readline_write_history and
readline_read_history.
+ Add Apache 2.4 support (.deb package in experimental comming soon)
+ Added debug info handler to DOM objects.
* Remove Breaks: on php applications on maintainer requests:
+ simplesamlphp
+ php-horde-auth
* Add better configuration snippet for CGI (Closes: #571795)
* Update a description of PHP language based on the text from upstream
web page (http://www.php.net/manual/en/intro-whatis.php)
* Enable embed SAPI (Closes: #380731)
* Add lintian override for libphp5-embed: embedded-library
usr/lib/libphp5.so: file
* Add ldconfig to libphp5-embed.{postinst,postrm}
* Fix #EXTRA# processing for SAPIs (extra ; at the end of sed cmd)
php5 (5.4.1~rc1-1) unstable; urgency=low
* Add information about flavor of INI file inside the INI file,
install php.ini-development INI to /usr/share/php5 (Closes: #667711)
* Imported Upstream version 5.4.1~rc1
* Update patches for the 5.4.1RC1 release
php5 (5.4.0-4) unstable; urgency=low
* Change id -u+getent combo to whoami (Courtesy of Michiel van
Leening)
* Fix missing FOUND declaration (pulled from dotdeb)
* Add Breaks for all known broken packages not working with PHP 5.4
(Closes: #666411)
php5 (5.4.0-3) unstable; urgency=high
[ Thijs Kinkhorst ]
* Correct version number; 5.4.0~rc7-3 never existed
* Add placeholder build-arch, build-indep targets
* Each module needs to depend on ucf, as it's used in postinst
* Newer version of roundcube available that isn't broken anymore
* Checked for policy 3.9.3
[ Ondřej Surý ]
* Remove Pre-Depends on dpkg-maintscript-helper
* Remove obsolete configure options
* Add support for *.extra.{post,pre}{inst,rm} files
* Add support for MultiArch libgd2-xpm-dev
* Add support for MultiArch libmysqlclient-dev
* Add Lior to maintainers
* setup-mysql.sh changed to:
+ never run as root (fix needed for MySQL 5.5 in pbuilder)
+ drop and create database test which may or may not exist
* Restart apache2 instead of reloading on first install
(Closes: #589386)
[ Julien Cristau ]
* Fix postinst scripts to not use 'local' outside functions (Closes:
#664853, #664849)
php5 (5.4.0-2) unstable; urgency=low
* Build depend on libpng-dev | libpng12-dev (Closes: #662466)
php5 (5.4.0-1) unstable; urgency=low
* PHP 5.4 has landed in unstable
* Imported Upstream version 5.4.0
* Use $(filter pattern...,text) instead of $(findstring find,in) in
debian/rules to match against space separated list of words and not
substrings (Closes: #660647)
php5 (5.4.0~rc8-2) experimental; urgency=low
* Use $(filter pattern...,text) instead of $(findstring find,in) in
debian/rules to match against space separated list of words and not
just substrings (i386 != hurd-i386) (Closes: #660647)
php5 (5.4.0~rc8-1) experimental; urgency=low
* Imported Upstream version 5.4.0~rc8
* Improve maxlifetime script to scan for more SAPIs and scan all *.ini
in conf.d directory
* Move php5-mysqlnd to Priority: extra to make debcheck happy
* Check for dpkg-maintscript-helper existence in php5-fpm maintainer
scripts
* Add Pre-Depends: dpkg (>= 1.15.7.2~) | dpkg-maintscript-helper to
allow single upgrade path (dpkg-maintscript-helper package will be
provided for Ubuntu Lucid PPA)
php5 (5.4.0~rc7-2) experimental; urgency=low
* Use corrected module PHPAPI (20100525) and not (220100525)
* Use $ZEND_MODULE_API_NO for $DEBIAN_PHP_API. Check for PHPAPI
changes, so we don't become binary incompatible without knowing it.
* Update debian/README.Debian.security:
+ register_globals was removed from PHP 5.4
+ Remove safe_mode (removed upstream) and update and reformat text
slightly
+ Reviewed by english l10n team (thanks a lot)
* php5-fpm now listen on socket instead of localhost by default
(Closes: #650204)
* Add NEWS about change of default location of php5-fpm socket
* Stop php5-fpm on runlevels 0 1 6 (Closes: #650203)
* Add -ignore_readdir_race to find call in session cleanup (#634864)
* Don't prefix extension list automatically, it's done by subsvars now
(Closes: #633491)
* Depends on non-forking fuser in psmisc (Closes: #633100)
* php5-common.README.Debian additions and cleanup:
+ Add a paragraph about PHP_INI_SCAN_DIR (Closes: #659123)
+ Reformat README.Debian to common formatting
+ Mention php5-fpm where appropriate
+ Use 'PHP 5' and 'Apache HTTP Server' instead of php5 and apache2
php5 (5.4.0~rc7-1) experimental; urgency=low
[ Thijs Kinkhorst ]
* Textual improvements to README.Debian.security, NEWS
(closes: #632675,#643015,#658208).
[ Ondřej Surý ]
* Imported Upstream version 5.4.0~rc7
+ CVE-2012-0830: Fix PHP remote vulnerability (code injection) in the
implementation of the max_input_vars configuration variable
+ CVE-2011-3389: Fix possible attack in SSL sockets with SSL 3.0/TLS 1.0.
php5 (5.4.0~rc6-3) experimental; urgency=low
* ucfize php5-module.* and store priority in module .ini file
* Store dsonames in maintainer scripts to make postrm work
* Make php5enmod idempotent
php5 (5.4.0~rc6-2) experimental; urgency=low
* Merge all changes from Debian unstable branch (up to 5.3.9-6)
* Fix -Wformat-security error in mysqlnd
* Add php5{en,dis}mod to enable/disable modules from maintainer
scripts (Closes: #447826, #582320, #627145)
(Initial work courtesy of Clint Byrum)
* Modify comments in php.inis to match compiled default session
* Adjust new 5.3 patches for 5.4 branch
* Ensure pdo.so is loaded before all other modules
* Add trigger to restart php5-fpm when module is installed/removed
* Remove --with-ttf and --with-t1lib (Closes: #658248, #638755)
* Add debian/NEWS item about missing t1lib functions
php5 (5.4.0~rc6-1) experimental; urgency=low
* Imported Upstream version 5.4.0~rc6
php5 (5.4.0~rc5-1) experimental; urgency=low
* Imported Upstream version 5.4.0~rc5
* Update patches for new release
* Disable suhosin patch
php5 (5.4.0~beta2-1) experimental; urgency=low
* Remove obsolete sqlite(2) module from php5-sqlite
* Use correct signals in php5-fpm init script (Closes: #645934)
* Update gbp.conf for experimental branch
* Imported Upstream version 5.4.0~beta2
* Refresh patches for the 5.4.0beta2 release
* Remove php.ini-paranoid, it's almost useless now
* Remove safe_mode setting from suhosin, it has been removed upstream
* Remove the php_stream stuff to allow compiling with system-wide
libgd
* php5-common.docs: Don't install non-existant TODO file
php5 (5.3.10-2) unstable; urgency=low
* Use $(filter pattern...,text) instead of $(findstring find,in) in
debian/rules to match against space separated list of words and not
substrings (Closes: #660647)
* CVE-2012-0831: magic_quotes_gpc remote disable vulnerability (NOTE:
magic_quotes_gpc is DEPRECATED and will be removed from PHP 5.4,
e.g. you should not use them!), also fix regression in CVE-2012-0831
(LP#930115)
* Depends on non-forking fuser in psmisc (Closes: #633100)
* Add Pre-Depends: dpkg (>= 1.15.7.2~) | dpkg-maintscript-helper to
allow single upgrade path (dpkg-maintscript-helper package will be
provided for Ubuntu Lucid PPA)
Date: Mon, 18 Jun 2012 16:10:26 -0700
Changed-By: Clint Byrum <clint at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/quantal/+source/php5/5.4.4-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 18 Jun 2012 16:10:26 -0700
Source: php5
Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-fpm libphp5-embed php5-dev php5-dbg php-pear php5-curl php5-enchant php5-gd php5-gmp php5-intl php5-ldap php5-mysql php5-mysqlnd php5-odbc php5-pgsql php5-pspell php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl
Architecture: source
Version: 5.4.4-1ubuntu1
Distribution: quantal
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Clint Byrum <clint at ubuntu.com>
Description:
libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 module)
libapache2-mod-php5filter - server-side, HTML-embedded scripting language (apache 2 filter mo
libphp5-embed - HTML-embedded scripting language (Embedded SAPI library)
php-pear - PEAR - PHP Extension and Application Repository
php5 - server-side, HTML-embedded scripting language (metapackage)
php5-cgi - server-side, HTML-embedded scripting language (CGI binary)
php5-cli - command-line interpreter for the php5 scripting language
php5-common - Common files for packages built from the php5 source
php5-curl - CURL module for php5
php5-dbg - Debug symbols for PHP5
php5-dev - Files for PHP5 module development
php5-enchant - Enchant module for php5
php5-fpm - server-side, HTML-embedded scripting language (FPM-CGI binary)
php5-gd - GD module for php5
php5-gmp - GMP module for php5
php5-intl - internationalisation module for php5
php5-ldap - LDAP module for php5
php5-mysql - MySQL module for php5
php5-mysqlnd - MySQL module for php5 (Native Driver)
php5-odbc - ODBC module for php5
php5-pgsql - PostgreSQL module for php5
php5-pspell - pspell module for php5
php5-recode - recode module for php5
php5-snmp - SNMP module for php5
php5-sqlite - SQLite module for php5
php5-sybase - Sybase / MS SQL Server module for php5
php5-tidy - tidy module for php5
php5-xmlrpc - XML-RPC module for php5
php5-xsl - XSL module for php5
Closes: 380731 447826 571795 582320 589386 627145 632675 633100 633491 638755 643015 645934 650203 650204 658208 658248 659123 660647 662466 664849 664853 666200 666411 667711 672277 672588 673558 674151
Changes:
php5 (5.4.4-1ubuntu1) quantal; urgency=low
.
* Merge from Debian unstable. Remaining changes:
- d/rules: Simplify apache config settings since we never build
interbase or firebird.
- debian/rules: export DEB_HOST_MULTIARCH properly.
- Add build-dependency on lemon, which we now need.
- Dropped firebird2.1-dev, libc-client-dev, libmcrypt-dev as it is in universe.
- Dropped libcurl-dev not in the archive.
- debian/control: replace build-depends on mysql-server with
mysql-server-core-5.5 and mysql-client-5.5 to avoid upstart and
mysql-server-5.5 postinst confusion with starting up multiple
mysqlds listening on the same port.
- Dropped php5-imap, php5-interbase, php5-mcrypt since we have versions
already in universe.
- Dropped libonig-dev and libqgdbm since its in universe. (libonig MIR
has been declined due to an inactive upstream. So this is probably
a permanent change).
- modulelist: Drop imap, interbase, sybase, and mcrypt.
- debian/rules:
* Dropped building of mcrypt, imap, and interbase.
* Install apport hook for php5.
* stop mysql instance on clean just in case we failed in tests
* Dropped Changes:
* d/rules: enable Suhosin patch with PHP5_SUHOSIN=yes -- Upstream suhosin
has been slow to adopt PHP 5.4, and is showing signs of disengagement.
Therefore, we will follow Debian's lead and drop Suhosin for now.
- d/control: build-depend on mysql 5.5 instead of 5.1 for running tests.
-- Debian just deps on mysql-server
- Suggest php5-suhosin rather than recommends. -- Dropping suhosin
- d/setup-mysql.sh: modify to work with mysql 5.5 differences -- superseded
in Debian.
- Only build php5-sqlite for sqlite3, dropping the obsolete sqlite2. --
superseded in Debian
- d/maxlifetime: Improve maxlifetime script to scan for more SAPIs and
scan all *.ini in conf.d directory. -- Change came from Debian
- d/libapache2-mod-php5.postinst,libapache2-mod-php5filter.postinst:
Restart apache on first install to ensure module is fully enabled.
-- Change came from Debian
- debian/patches/php5-CVE-2012-1823.patch: filter query strings that
are prefixed with '-' -- Fixed upstream
- debian/control: Recommend php5-dev for php-pear. -- This was a poorly
conceived idea anyway.
- Pre-Depend on a new enough version of dpkg for dpkg-maintscript-helper
rather than checking whether it exists at run-time, leading to more
predictable behaviour on upgrades. -- Applied in Debian
- d/p/gd-multiarch-fix.patch: superseded
* d/NEWS: add note explaining that SUHOSIN is no longer enabled in the
Ubuntu packages.
.
php5 (5.4.4-1) unstable; urgency=low
.
* Imported Upstream version 5.4.4
* Generate 16 char salt instead of 12 char salt for SHA-512
.
php5 (5.4.4~rc2-1) unstable; urgency=low
.
* Imported Upstream version 5.4.4~rc2
.
php5 (5.4.4~rc1-1) unstable; urgency=low
.
* Imported Upstream version 5.4.4~rc1
+ CVE-2012-2386: Fix integer overflow leading to heap-buffer overflow
in the Phar extension
* Remove some READMEs removed by upstream
+ README.SVN-RULES - upstream has moved to git
+ README.Zeus - Zeus Web Server is dead
* CVE-2012-2386: one additional, similar vulnerable code construct in
the Phar extension
.
php5 (5.4.3-6) unstable; urgency=low
.
[ Ondřej Surý ]
* Merge 5.3.10-1 and 5.3.10-2 changelog
* Remove *.patch from .gitignore, it broke adding quilt patches
* Revert "Use system libzip (Pulled from Fedora)" (Closes: #674151)
* Add patch to fix tt-rss backend php crash (Closes: #666200)
.
[ Thorsten Glaser ]
* Add support for Linux/m68k atomics needed by the FPM SAPI
(Closes: #672277)
.
[ Gedalya ]
* Add logrotate script for php5-fpm (Closes: #673558)
.
php5 (5.4.3-5) unstable; urgency=low
.
* Pull patches from Fedora:
+ Update use_embedded_timezonedb.patch to r8: fix compile error
without --with-system-tzdata configured
+ Add ldconfig post/postun for -embedded (Hans de Goede)
+ Use RTLD_NOW instead of RTLD_LAZY (pulled from Fedora)
+ Use system libzip (pulled from Fedora)
* Disable undefined ZIP_OVERWRITE to allow compile with system libzip
.
php5 (5.4.3-4) unstable; urgency=low
.
* Fix tests ([ERROR] Can't start server: bind-address refers to
multiple interfaces!) (Closes: #672588)
.
php5 (5.4.3-3) unstable; urgency=low
.
* Disable log redirection in debian/setup-mysql.sh to help diagnose
the setup-mysql.sh failure (still not fixed, but not reproduceable
on my local box)
.
php5 (5.4.3-2) unstable; urgency=low
.
* Add --no-defaults to rest of the mysql commands in setup-mysql.sh
script (Closes: #672588)
* Add debugging info to debian/setup-mysql.sh to help diagnose any
further problems
.
php5 (5.4.3-1) unstable; urgency=low
.
* Imported Upstream version 5.4.3
+ CVE-2012-2311: Complete fix for PHP-CGI query string parameter
vulnerability
+ CVE-2012-2329: Fix a buffer overflow vulnerability in the
apache_request_headers() (PHP 5.3 is not vulnerable)
.
php5 (5.4.2-1) unstable; urgency=low
.
* Imported Upstream version 5.4.2
+ CVE-2012-1823: Fix PHP-CGI query string parameter vulnerability.
.
php5 (5.4.1-1) unstable; urgency=low
.
* Imported Upstream version 5.4.1
+ Fixed insufficient validating of upload name leading to corrupted
$_FILES indices). (CVE-2012-1172).
+ Add open_basedir checks to readline_write_history and
readline_read_history.
+ Add Apache 2.4 support (.deb package in experimental comming soon)
+ Added debug info handler to DOM objects.
* Remove Breaks: on php applications on maintainer requests:
+ simplesamlphp
+ php-horde-auth
* Add better configuration snippet for CGI (Closes: #571795)
* Update a description of PHP language based on the text from upstream
web page (http://www.php.net/manual/en/intro-whatis.php)
* Enable embed SAPI (Closes: #380731)
* Add lintian override for libphp5-embed: embedded-library
usr/lib/libphp5.so: file
* Add ldconfig to libphp5-embed.{postinst,postrm}
* Fix #EXTRA# processing for SAPIs (extra ; at the end of sed cmd)
.
php5 (5.4.1~rc1-1) unstable; urgency=low
.
* Add information about flavor of INI file inside the INI file,
install php.ini-development INI to /usr/share/php5 (Closes: #667711)
* Imported Upstream version 5.4.1~rc1
* Update patches for the 5.4.1RC1 release
.
php5 (5.4.0-4) unstable; urgency=low
.
* Change id -u+getent combo to whoami (Courtesy of Michiel van
Leening)
* Fix missing FOUND declaration (pulled from dotdeb)
* Add Breaks for all known broken packages not working with PHP 5.4
(Closes: #666411)
.
php5 (5.4.0-3) unstable; urgency=high
.
[ Thijs Kinkhorst ]
* Correct version number; 5.4.0~rc7-3 never existed
* Add placeholder build-arch, build-indep targets
* Each module needs to depend on ucf, as it's used in postinst
* Newer version of roundcube available that isn't broken anymore
* Checked for policy 3.9.3
.
[ Ondřej Surý ]
* Remove Pre-Depends on dpkg-maintscript-helper
* Remove obsolete configure options
* Add support for *.extra.{post,pre}{inst,rm} files
* Add support for MultiArch libgd2-xpm-dev
* Add support for MultiArch libmysqlclient-dev
* Add Lior to maintainers
* setup-mysql.sh changed to:
+ never run as root (fix needed for MySQL 5.5 in pbuilder)
+ drop and create database test which may or may not exist
* Restart apache2 instead of reloading on first install
(Closes: #589386)
.
[ Julien Cristau ]
* Fix postinst scripts to not use 'local' outside functions (Closes:
#664853, #664849)
.
php5 (5.4.0-2) unstable; urgency=low
.
* Build depend on libpng-dev | libpng12-dev (Closes: #662466)
.
php5 (5.4.0-1) unstable; urgency=low
.
* PHP 5.4 has landed in unstable
* Imported Upstream version 5.4.0
* Use $(filter pattern...,text) instead of $(findstring find,in) in
debian/rules to match against space separated list of words and not
substrings (Closes: #660647)
.
php5 (5.4.0~rc8-2) experimental; urgency=low
.
* Use $(filter pattern...,text) instead of $(findstring find,in) in
debian/rules to match against space separated list of words and not
just substrings (i386 != hurd-i386) (Closes: #660647)
.
php5 (5.4.0~rc8-1) experimental; urgency=low
.
* Imported Upstream version 5.4.0~rc8
* Improve maxlifetime script to scan for more SAPIs and scan all *.ini
in conf.d directory
* Move php5-mysqlnd to Priority: extra to make debcheck happy
* Check for dpkg-maintscript-helper existence in php5-fpm maintainer
scripts
* Add Pre-Depends: dpkg (>= 1.15.7.2~) | dpkg-maintscript-helper to
allow single upgrade path (dpkg-maintscript-helper package will be
provided for Ubuntu Lucid PPA)
.
php5 (5.4.0~rc7-2) experimental; urgency=low
.
* Use corrected module PHPAPI (20100525) and not (220100525)
* Use $ZEND_MODULE_API_NO for $DEBIAN_PHP_API. Check for PHPAPI
changes, so we don't become binary incompatible without knowing it.
* Update debian/README.Debian.security:
+ register_globals was removed from PHP 5.4
+ Remove safe_mode (removed upstream) and update and reformat text
slightly
+ Reviewed by english l10n team (thanks a lot)
* php5-fpm now listen on socket instead of localhost by default
(Closes: #650204)
* Add NEWS about change of default location of php5-fpm socket
* Stop php5-fpm on runlevels 0 1 6 (Closes: #650203)
* Add -ignore_readdir_race to find call in session cleanup (#634864)
* Don't prefix extension list automatically, it's done by subsvars now
(Closes: #633491)
* Depends on non-forking fuser in psmisc (Closes: #633100)
* php5-common.README.Debian additions and cleanup:
+ Add a paragraph about PHP_INI_SCAN_DIR (Closes: #659123)
+ Reformat README.Debian to common formatting
+ Mention php5-fpm where appropriate
+ Use 'PHP 5' and 'Apache HTTP Server' instead of php5 and apache2
.
php5 (5.4.0~rc7-1) experimental; urgency=low
.
[ Thijs Kinkhorst ]
* Textual improvements to README.Debian.security, NEWS
(closes: #632675,#643015,#658208).
.
[ Ondřej Surý ]
* Imported Upstream version 5.4.0~rc7
+ CVE-2012-0830: Fix PHP remote vulnerability (code injection) in the
implementation of the max_input_vars configuration variable
+ CVE-2011-3389: Fix possible attack in SSL sockets with SSL 3.0/TLS 1.0.
.
php5 (5.4.0~rc6-3) experimental; urgency=low
.
* ucfize php5-module.* and store priority in module .ini file
* Store dsonames in maintainer scripts to make postrm work
* Make php5enmod idempotent
.
php5 (5.4.0~rc6-2) experimental; urgency=low
.
* Merge all changes from Debian unstable branch (up to 5.3.9-6)
* Fix -Wformat-security error in mysqlnd
* Add php5{en,dis}mod to enable/disable modules from maintainer
scripts (Closes: #447826, #582320, #627145)
(Initial work courtesy of Clint Byrum)
* Modify comments in php.inis to match compiled default session
* Adjust new 5.3 patches for 5.4 branch
* Ensure pdo.so is loaded before all other modules
* Add trigger to restart php5-fpm when module is installed/removed
* Remove --with-ttf and --with-t1lib (Closes: #658248, #638755)
* Add debian/NEWS item about missing t1lib functions
.
php5 (5.4.0~rc6-1) experimental; urgency=low
.
* Imported Upstream version 5.4.0~rc6
.
php5 (5.4.0~rc5-1) experimental; urgency=low
.
* Imported Upstream version 5.4.0~rc5
* Update patches for new release
* Disable suhosin patch
.
php5 (5.4.0~beta2-1) experimental; urgency=low
.
* Remove obsolete sqlite(2) module from php5-sqlite
* Use correct signals in php5-fpm init script (Closes: #645934)
* Update gbp.conf for experimental branch
* Imported Upstream version 5.4.0~beta2
* Refresh patches for the 5.4.0beta2 release
* Remove php.ini-paranoid, it's almost useless now
* Remove safe_mode setting from suhosin, it has been removed upstream
* Remove the php_stream stuff to allow compiling with system-wide
libgd
* php5-common.docs: Don't install non-existant TODO file
.
php5 (5.3.10-2) unstable; urgency=low
.
* Use $(filter pattern...,text) instead of $(findstring find,in) in
debian/rules to match against space separated list of words and not
substrings (Closes: #660647)
* CVE-2012-0831: magic_quotes_gpc remote disable vulnerability (NOTE:
magic_quotes_gpc is DEPRECATED and will be removed from PHP 5.4,
e.g. you should not use them!), also fix regression in CVE-2012-0831
(LP#930115)
* Depends on non-forking fuser in psmisc (Closes: #633100)
* Add Pre-Depends: dpkg (>= 1.15.7.2~) | dpkg-maintscript-helper to
allow single upgrade path (dpkg-maintscript-helper package will be
provided for Ubuntu Lucid PPA)
Checksums-Sha1:
488d887d5969412c968c27109bb6d3e7e335a167 3788 php5_5.4.4-1ubuntu1.dsc
5b218c805078dca5925bef26bb3fb7a9cf98a940 14060505 php5_5.4.4.orig.tar.gz
b778e9dd45b4f327bc8a1d53f4639f74ad1ccb18 313937 php5_5.4.4-1ubuntu1.diff.gz
Checksums-Sha256:
5f7627a1ce0200bec899f44eb4e015c0225b273be69a1146b5ef127fa825418b 3788 php5_5.4.4-1ubuntu1.dsc
0404b517ff938aca2c445fd61d10467e275acb031607cb09bf678241ba205edf 14060505 php5_5.4.4.orig.tar.gz
8e55e5e848774285dbc1a0bf47ca69bec9ee38d8049108898b5895d98f449b08 313937 php5_5.4.4-1ubuntu1.diff.gz
Files:
d7f4ee31492f060b3ef56e75bf05adbc 3788 php optional php5_5.4.4-1ubuntu1.dsc
8366c3626f2275ab8c7ef5e2d6bc5bd7 14060505 php optional php5_5.4.4.orig.tar.gz
ee4530eda1cc47627feb2d9d94bc448b 313937 php optional php5_5.4.4-1ubuntu1.diff.gz
Original-Maintainer: Debian PHP Maintainers <pkg-php-maint at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEcBAEBAgAGBQJP4BgKAAoJEFOMB2b0vLOOr3MIANsZ0oHx/+/7hopWdCxxNtug
3kgrDYBJotWTgU9/ZauXfIgUyY4N1iCvOEFy0++skzZn78BjWoxuWatQiHOQw6tn
rtFrlx/EcQ5Gm7GvCec4Q9LV8DfmauJULrTnjyc/I9jmty8AwXS+ktjJaGzn8Os9
KRKNaMssJhAaYqCX77OwqoB/xMkSYYIPYqY723ePal4U/5aEnzS1q5qDr+fHac8S
5YEkYupT87SZilOSFACgGFiX0JrhvQvHjQQXfbyVfteXiTAVUIZg4ABXpGPY80k6
vYuRUtCCzl6VCIh81mt+xPVFluudMgTOXxp4njjhIScYMAzN3wNkfDkSFaqVBvQ=
=QNUM
-----END PGP SIGNATURE-----
More information about the Quantal-changes
mailing list