Change log for php5 package in Debian
226 → 250 of 250 results | First • Previous • Next • Last |
php5 (5.3.1-5) unstable; urgency=low [ Sean Finney ] * Pass full path to php cli executable for unit tests * dont-gitclean-in-build.patch: Don't run git-clean via buildconf * update debian patch page_size_fixes.patch with upstream bug ref * new debian patch broken_5.3_test-posix_uname.patch (Closes: #570286) [ Raphael Geissert ] * Add build-dependency on netbase to fix a test (Closes: #570291) * Suhosin PAGE_SIZE fixes have been already forwarded * Fix a race condition on shtool's mkdir -p (Closes: #570111) * Actually test the binary that is to be shipped in the -cli package * Add some more documentation about the build system * Documentation updates * Update the suhosin patch version information * Build-dep on locales-all to enable multiple tests * Don't ship empty maintainer scripts * Add patch to allow building with qdbm * Test the extensions that don't require a special setup * Get the correct list of built-in extensions of apache2filter -- Raphael Geissert <email address hidden> Mon, 22 Feb 2010 10:41:51 -0600
php5 (5.3.1-4) unstable; urgency=low [ Raphael Geissert ] * Pass -O0 when using 'noopt' to actually disable any optimization * Add patch to use sysconf() to determine the page size * Add patch to remove PAGE_SIZE assumptions in suhosin code * Fix an unaligned memory access in the phar extension * Fix another unaligned memory access * Print the expected/actual output of failed test * Add missing PEAR directory (Closes: #542483) * Build sqlite3 as shared (Closes: #568956) * Add some more documentation about the source package [ Sean Finney ] * New debian patch fix_broken_5.3_tests.patch -- Raphael Geissert <email address hidden> Thu, 11 Feb 2010 02:22:47 -0600
php5 (5.3.1-3) unstable; urgency=low [ Ondřej Surý ] * get rid of php4 dependencies * Enable short_open_tag again (Closes: #537099) * fix dependency on automake1.4 in php5-dev package * fix typo s/firefox/firebird/ in changelog * Removed long inactive Adam Conrad and Jeroen van Wolffelaar from uploaders [ Raphael Geissert ] * Fix maintainer scripts to use php.ini-production (Closes: #565130) * Revert b22a350: Turn the phpapi dependencies into php5 | phpapi * Allow parallel building via parallel=n * Build with the hardening wrapper * Remove no-longer-needed dfsg-repack script * Add DEP-3-format metadata to some of the patches * Build the intl extension * Drop exif_read_data-segfault patch, merged upstream * Build the enchant extension * Add ${misc:Depends} where missing * Disable mod_php in user directories (Closes: #555606) * Add missing comment character to php.ini-paranoid (Closes: #564622) * Build the interbase extension on all the supported architectures [ Sean Finney ] * 5.3 upload for unstable. - Includes backported fix for "ref converted to value" (Closes: #556237). -- Raphael Geissert <email address hidden> Sun, 07 Feb 2010 23:31:51 -0600
Superseded in lenny-release |
php5 (5.2.6.dfsg.1-1+lenny4) stable-security; urgency=high * CVE-2009-2687: DoS via malformed JPEG images with invalid offset fields (Closes: #535888) * CVE-2009-2626: remote memory disclosure via ini_* functions (Closes: #540605) * CVE-2009-3292: multiple missing checks processing exif image data * CVE-2009-3291: improper handling of nul character in CommonName fields of X509 certificates * max_file_uploads: prevent, by limiting, temporary files exhaustion DoS * Add an entry to debian/NEWS about the new per-request file uploads limit -- Raphael Geissert <email address hidden> Sat, 21 Nov 2009 18:28:12 -0600
Superseded in experimental-release |
php5 (5.3.1-2) experimental; urgency=low * Merged changes from 5.2.x sid branch. * Adapt mssql-null-exception.patch and sybase-alias.patch to 5.3.1 * Update strcmp_null-OnUpdateErrorLog.patch; merged upstream, leave a patch with a test case * Removed check_ini_on_modify_status.patch and gentoo/117- 4_digit_year_big_endian.patch; merged upstream * Removed max_file_uploads.patch; no need for backwards compatibility between major releases * Refreshed 112-proc_open.patch,exif_read_data-segfault.patch * Fix duplicate Provides: in debian/control introduced by cherry- picking 94f0ec3 * Update sybase aliases to include correct arguments, needed for 5.3.x * Update Build-Depends: to include firefox2.1-dev as preferred alternative (Closes: #564691) * Reformat Build-Depends: to one-dependency-per-line * Reduce number of libdb*-dev to include only version in stable/testing/unstable * Switch to automake (>= 1.11) | automake1.11, depend on autoconf >= 2.63 (Closes: #549148) -- Ondřej Surý <email address hidden> Mon, 11 Jan 2010 16:56:01 +0100
php5 (5.2.12.dfsg.1-2) unstable; urgency=low * Update Build-Depends: to include firefox2.1-dev as preferred alternative (Closes: #564691) * Reformat Build-Depends: to one-dependency-per-line * Reduce number of firebird*-dev to include only version in stable/testing/unstable * Reduce number of libdb*-dev to include only version in stable/testing/unstable * Switch to automake (>= 1.11) | automake1.11, depend on autoconf (>= 2.63) (Closes: #549148) -- Ondřej Surý <email address hidden> Mon, 11 Jan 2010 17:31:33 +0100
Superseded in sid-release |
php5 (5.2.12.dfsg.1-1) unstable; urgency=low [ Thijs Kinkhorst ] * Change comment in module .ini snippets from # to ; to avoid deprecation warnings with PHP 5.3.0. [ Ondřej Surý ] * Imported Upstream version 5.2.12.dfsg.1 * Removed manpage_spelling.patch, merged upstream. * Removed libedit_is_editline.patch, merged upstream. * Refreshed max_file_uploads.patch, patch can be removed, it's kept to raise max_file_uploads to 50. * Refreshed and updated suhosin.patch * Refreshed 001-libtool_fixes.patch, 004-ldap_fix.patch, 006-debian_quirks.patch, 013-force_getaddrinfo.patch, 034-apache2_umask_fix.patch, 053-extension_api.patch, 056-mime_magic_liberal.patch, 115-autoconf_ftbfs.patch, gentoo/009_ob-memory-leaks.patch, mssql-null-exception.patch, use_embedded_timezonedb.patch * Removed autogenerated main/php_config.h.in from suhosin.patch (Ubuntu: #493761) * Short open tags are On again in php.ini-dist (Closes: #537099) * Don't leave .start if we are purging (Closes: #561739) * Add README.Debian file to /usr/share/doc/php-pear/PEAR, so the directory is not deleted (Closes: #563437, #542483) [ Upstream ] * Fix default pear.php.net channel definitions (Closes: #559029) -- Ondřej Surý <email address hidden> Fri, 08 Jan 2010 18:18:43 +0100
Superseded in experimental-release |
php5 (5.3.1-1) experimental; urgency=low * Imported Upstream version 5.3.1 * Change dependcy to libdb-dev instead on arbitrary version of libdb4.x-dev * Refreshed 006-debian_quirks patch to apply cleanly. * Removed 114-php_gd_segfault.patch, merged upstream. * Refreshed 115-autoconf_ftbfs.patch to apply cleanly * Updated suhosin.patch to 0.9.8 version for php-5.3.1 * Refreshed 001-libtool_fixes.patch * Refreshed 004-ldap_fix.patch * Refreshed 013-force_getaddrinfo.patch * Refreshed 036-fd_setsize_fix.patch * Refreshed 052-phpinfo_no_configure.patch * Refreshed 053-extension_api.patch * Refreshed 108-64_bit_datetime.patch * Refreshed 113-php.ini_securitynotes.patch * Refreshed 116-posixness_fix.patch * Refreshed gentoo/006_ext-curl-set_opt-crash.patch * Refreshed gentoo/009_ob-memory-leaks.patch * Refreshed libedit_is_editline.patch * Refreshed suhosin.patch * Add .gitignore file to ignore .pc/ directory * Removed README.CVS-RULES from debian/php5-common.docs, file is no longer shipped by upstream. -- Ondřej Surý <email address hidden> Thu, 07 Jan 2010 17:21:47 +0100
php5 (5.2.11.dfsg.1-2) unstable; urgency=high * max_file_uploads: limit the maximum number of file uploads to 50 + Reduces the chances of a temporary file exhaustion DoS * Add libdb4.8-dev as an alternative dependency (Closes: #555945) * Add libdb-dev as another alternative, hopefully the last one (Closes: #548486) * Add a versioned dependency on libtool 2.2 (Closes: #548015) * Use FilesMatch and SetHandler on apache setups (Closes: #491928) * Gentoo patch ext-curl-set_opt-crash has already been merged upstream * Drop unused lintian override -- Raphael Geissert <email address hidden> Sat, 21 Nov 2009 13:37:51 -0600
php5 (5.2.11.dfsg.1-1) unstable; urgency=low * New upstream release [ Fixes incorporated upstream ] * Fix 4-year digit year on big-endian platforms (Closes: #542301) * patch curl_streams_sleep.patch * patch strcmp_null-OnUpdateErrorLog.patch (partially addresses #540605) * patch check_ini_on_modify_status.patch [ Raphael Geissert ] * Add aliases to the mssql functions on the sybase extension (Closes: #523073) * Fix the rows_affected alias, it should be affected_rows * Avoid possible memory dumps via PG on restored ini values (Closes: #540605) [ Ondrej Sury ] * Fix FTBFS with current autoconf/automake (Closes: #542906, #542088) * Add avr32-linux-gnu to no -gstabs toolchains (Closes: #543278) * Fix FTBFS on Debian Hurd (Closes: #530281) * fix whitespace in libapache2-mod-php5.postinst [ Sean Finney ] * incorporate/ack previous NMU's, thanks Andreas. * update debian patch 115-autoconf_ftbfs.patch for new upstream version * update debian patch fix_broken_upstream_tests.patch * update debian patch mssql-null-exception.patch * refresh various quilt patches against new upstream version * remove no longer needed "legacy" support for conffile migration * add dpkg trigger in the apache2 and apache2filter sapis for reloading apache2 on extension updates (Closes: #490023, #524206) * let libmysqlclient15-dev be a fallback alternative for libmysqlclient-dev in case someone wants to backport the package. * update list of installed documentation -- Sean Finney <email address hidden> Sun, 20 Sep 2009 11:05:35 +0200
Superseded in experimental-release |
php5 (5.3.0-3) experimental; urgency=low * Fix segmentation fault in php-gd (Closes: #543496) * Update suhosin patch to 0.9.8 *BETA* and enable it again * Fix FTBFS with current autoconf/automake (Closes: #542906, #542088) * Add avr32-linux-gnu to no -gstabs toolchains (Closes: #543278) * Fix FTBFS on Debian Hurd (Closes: #530281) * Use updated (v7) version of use_embedded_timezonedb.patch (Closes: #535770) -- Ondřej Surý <email address hidden> Tue, 25 Aug 2009 16:12:13 +0200
php5 (5.2.10.dfsg.1-2.2) unstable; urgency=medium * Non-maintainer upload. * Drop hand-crafted dependency on libmysqlclient15. -- Andreas Barth <email address hidden> Mon, 31 Aug 2009 09:22:16 +0200
Superseded in experimental-release |
php5 (5.3.0-2) experimental; urgency=low * update configuration file names to new upstream naming convention -- Sean Finney <email address hidden> Wed, 01 Jul 2009 09:12:10 +0200
php5 (5.2.10.dfsg.1-2) unstable; urgency=low * Declare that PEAR replaces XML_UTIL (Closes: #534621) * Bump standards-version, no change needed * Fix an unconditional limit on dblib_driver.c (Closes: #534881) * Fix a segfault on exif_data_read with corrupted jpg files (Closes: #535888) * Recommend php5-suhosin, as suggested by Thijs (Closes: #529760) * Set sysconfig to /etc, to avoid getting /usr/etc in PHP_SYSCONFDIR * Add myself to uploaders * Fix the path to PEAR's config, directly in rules (Closes: #507762) -- Raphael Geissert <email address hidden> Thu, 09 Jul 2009 18:25:48 -0500
Superseded in lenny-release |
php5 (5.2.6.dfsg.1-1+lenny3) stable-security; urgency=low [ Sean Finney ] * CVE-2008-5814: XSS vulnerability via display_errors (Closes: #523028) * CVE-2009-0754.patch: mbstring.func_overload leakage between apache2 vhosts (Closes: #523049) * CVE-2009-1271: remote DoS in json_decode() * add note about CVE-2009-1272 in previous version's changelog entry [ Mark A. Hershberger ] * fix clean target to keep source in a consistant state for multiple builds -- Sean Finney <email address hidden> Sun, 26 Apr 2009 21:37:57 +0200
php5 (5.2.9.dfsg.1-4) unstable; urgency=high [ Thijs Kinkhorst ] * Update php5-cli package description to make it more neutral, thanks Daniel Hahler (closes: #528833). [ Sean Finney ] * fix syntax error in phpize5 caused by libtool2.2.patch - thanks to Michal Čihař (Closes: #529248) * this (and the previous libtool2.2 fix) should get to testing as fast as possible, so bumping prio to high. -- Sean Finney <email address hidden> Mon, 18 May 2009 21:47:25 +0200
Superseded in sid-release |
php5 (5.2.9.dfsg.1-3) unstable; urgency=low [ Sean Finney ] * add gbp.conf for use with git-buildpackage [ Raphael Geissert ] * Pick some bug fixing patches from Gentoo (thanks!) * Make phpize copy and use the separate m4 files needed by libtool 2.2 (Closes: #527004) -- Sean Finney <email address hidden> Mon, 11 May 2009 22:09:11 +0200
php5 (5.2.9.dfsg.1-2) unstable; urgency=low [ Mark A. Hershberger ] * fix up clean target [ Thijs Kinkhorst ] * Update package sections to match override. [ Raphael Geissert ] * Detect the path to ltmain.sh at build time and set conflicts appropriately * Add libdb4.7-dev as an ORed build dependency to fix FTBFS * Update the Vcs-* fields to reflect the move from svn to git * Turn the phpapi dependencies into php5 | phpapi to fix installability issues * Bump Standards-Version to 3.8.1, no change needed * Fix a typo in the code: s/adress/address * Add a set of lintian overrides for some FP spelling-error-in-binary * Avoid a useless 15 seconds sleep on php_curl_stream_read under heavy load [ Sean Finney ] * update our libtool patching to be a little cleaner and smarter * cleanup some of the phpize "cleanup" code in debian/rules * slightly refined way for supporting old/new libtool dirs -- Sean Finney <email address hidden> Thu, 23 Apr 2009 21:13:03 +0200
Superseded in sid-release |
php5 (5.2.9.dfsg.1-1) unstable; urgency=low * New upstream release (closes: #520538). - fixes regressions with parsing via libxml2 (closes: #520246, #520423). [ Sean Finney ] * Refresh all patches. * Update suhosin patch to 5.2.9, remove autotools-generated files (configure, php_config.h.in) and .dsp files from patch. * remove obsolete configure options from ./configure: --enable-memory-limit, --enable-track-vars, --enable-trans-sid, --enable-filepro and --enable-dbx. * Remove obsoleted patches which have been incorporated upstream: - snmp_leaks.patch - BG-initializing-fix.patch - CVE-2008-2829.patch - CVE-2008-3658.patch - CVE-2008-3659.patch - CVE-2008-3660.patch - CVE-2008-5557.patch - CVE-2008-5658.patch - pdo-fetchobject-prototype-error.patch - zend_object_handlers-invalid-write.patch - dba-inifile-truncation.patch - gentoo/freetds-compat.patch - gentoo/010_ticks-zts-crashes.patch - gentoo/019_new-memory-corruption.patch - gentoo/009_array-function-crashes.patch - gentoo/015_CVE-2008-2665-wrapper-safemode-bypass.patch - gentoo/017_xmlrpc-invalid-callback-crash.patch - gentoo/007_dom-setAttributeNode-crash.patch - gentoo/006_PDORow-crash.patch - gentoo/005_stream_context_set_params-crash.patch * Update fix_broken_upstream_tests.patch, one of the tests is fixed. -- Sean Finney <email address hidden> Tue, 24 Mar 2009 19:05:09 +0100
Superseded in lenny-release |
php5 (5.2.6.dfsg.1-1+lenny2) testing-security; urgency=low [ Sean Finney ] * Do not add -O2 to CFLAGS if DEB_BUILD_OPTIONS contains noopt. * Security related fixes: - php: inifile handler for the dba functions can be used to truncate a file Patch: dba-inifile-truncation.patch (closes: #507101). - CVE-2008-5658.patch: ZipArchive::extractTo directory traversal Patch: CVE-2008-5658.patch (closes: #507857). Thanks to Pierre Joye for help with the patch. [ Raphael Geissert ] * Picked up some patches from Gentoo (most included in PHP 5.2.7 and later): + patches/gentoo/005_stream_context_set_params-crash.patch + patches/gentoo/006_PDORow-crash.patch + patches/gentoo/007_dom-setAttributeNode-crash.patch + patches/gentoo/009_array-function-crashes.patch + patches/gentoo/010_ticks-zts-crashes.patch + patches/gentoo/015_CVE-2008-2665-wrapper-safemode-bypass.patch + patches/gentoo/017_xmlrpc-invalid-callback-crash.patch + patches/gentoo/019_new-memory-corruption.patch + patches/gentoo/freetds-compat.patch - was deprecated_freetds_check.patch -- Sean Finney <email address hidden> Sun, 25 Jan 2009 15:06:34 +0100
Superseded in sid-release |
Superseded in squeeze-release |
Superseded in squeeze-release |
Superseded in sid-release |
php5 (5.2.6.dfsg.1-3) unstable; urgency=low [ Sean Finney ] * Do not add -O2 to CFLAGS if DEB_BUILD_OPTIONS contains noopt. * Security related fixes: - php: inifile handler for the dba functions can be used to truncate a file Patch: dba-inifile-truncation.patch (closes: #507101). - CVE-2008-5658.patch: ZipArchive::extractTo directory traversal Patch: CVE-2008-5658.patch (closes: #507857). Thanks to Pierre Joye for help with the patch. [ Raphael Geissert ] * Picked up some patches from Gentoo (most included in PHP 5.2.7 and later): + patches/gentoo/005_stream_context_set_params-crash.patch + patches/gentoo/006_PDORow-crash.patch + patches/gentoo/007_dom-setAttributeNode-crash.patch + patches/gentoo/009_array-function-crashes.patch + patches/gentoo/010_ticks-zts-crashes.patch + patches/gentoo/015_CVE-2008-2665-wrapper-safemode-bypass.patch + patches/gentoo/017_xmlrpc-invalid-callback-crash.patch + patches/gentoo/019_new-memory-corruption.patch + patches/gentoo/freetds-compat.patch - was deprecated_freetds_check.patch -- Sean Finney <email address hidden> Sat, 24 Jan 2009 21:17:13 +0100
Superseded in sid-release |
php5 (5.2.6.dfsg.1-2) unstable; urgency=low [ Sean Finney ] * Make sure a file used to track state is properly removed in the postinst, thanks Raphael (closes: #511049). [ Thijs Kinkhorst ] * Fix watch file to mangle version. [ Raphael Geissert ] * Ship script used to take an upstream tarball and remove the non DFSG-free stuff, update watch file accordingly. -- Sean Finney <email address hidden> Tue, 13 Jan 2009 08:24:36 +0100
Superseded in lenny-release |
php5 (5.2.6.dfsg.1-0.1~lenny1) testing; urgency=low * Non-maintainer upload. * Remove exts/dbase from orig tarball (Closes: #341420) -- Ben Hutchings <email address hidden> Sat, 29 Nov 2008 19:19:28 +0000
Superseded in sid-release |
php5 (5.2.6.dfsg.1-0.1) unstable; urgency=low * Non-maintainer upload. * Remove exts/dbase from orig tarball (Closes: #341420) -- Ben Hutchings <email address hidden> Sat, 29 Nov 2008 19:19:28 +0000
php5 (5.2.6-5) unstable; urgency=high * Update debian/copyright to document that the DFSG-unfree email requirement in ext/standard/rand.c has been rescinded by the copyrightholder (Closes: #498621). -- Thijs Kinkhorst <email address hidden> Sun, 05 Oct 2008 11:32:35 +0200
226 → 250 of 250 results | First • Previous • Next • Last |