Change log for php5 package in Debian
| 226 → 250 of 250 results | First • Previous • Next • Last |
php5 (5.3.1-5) unstable; urgency=low [ Sean Finney ] * Pass full path to php cli executable for unit tests * dont-gitclean-in-build.patch: Don't run git-clean via buildconf * update debian patch page_size_fixes.patch with upstream bug ref * new debian patch broken_5.3_test-posix_uname.patch (Closes: #570286) [ Raphael Geissert ] * Add build-dependency on netbase to fix a test (Closes: #570291) * Suhosin PAGE_SIZE fixes have been already forwarded * Fix a race condition on shtool's mkdir -p (Closes: #570111) * Actually test the binary that is to be shipped in the -cli package * Add some more documentation about the build system * Documentation updates * Update the suhosin patch version information * Build-dep on locales-all to enable multiple tests * Don't ship empty maintainer scripts * Add patch to allow building with qdbm * Test the extensions that don't require a special setup * Get the correct list of built-in extensions of apache2filter -- Raphael Geissert <email address hidden> Mon, 22 Feb 2010 10:41:51 -0600
php5 (5.3.1-4) unstable; urgency=low [ Raphael Geissert ] * Pass -O0 when using 'noopt' to actually disable any optimization * Add patch to use sysconf() to determine the page size * Add patch to remove PAGE_SIZE assumptions in suhosin code * Fix an unaligned memory access in the phar extension * Fix another unaligned memory access * Print the expected/actual output of failed test * Add missing PEAR directory (Closes: #542483) * Build sqlite3 as shared (Closes: #568956) * Add some more documentation about the source package [ Sean Finney ] * New debian patch fix_broken_5.3_tests.patch -- Raphael Geissert <email address hidden> Thu, 11 Feb 2010 02:22:47 -0600
php5 (5.3.1-3) unstable; urgency=low
[ Ondřej Surý ]
* get rid of php4 dependencies
* Enable short_open_tag again (Closes: #537099)
* fix dependency on automake1.4 in php5-dev package
* fix typo s/firefox/firebird/ in changelog
* Removed long inactive Adam Conrad and Jeroen van Wolffelaar from uploaders
[ Raphael Geissert ]
* Fix maintainer scripts to use php.ini-production (Closes: #565130)
* Revert b22a350: Turn the phpapi dependencies into php5 | phpapi
* Allow parallel building via parallel=n
* Build with the hardening wrapper
* Remove no-longer-needed dfsg-repack script
* Add DEP-3-format metadata to some of the patches
* Build the intl extension
* Drop exif_read_data-segfault patch, merged upstream
* Build the enchant extension
* Add ${misc:Depends} where missing
* Disable mod_php in user directories (Closes: #555606)
* Add missing comment character to php.ini-paranoid (Closes: #564622)
* Build the interbase extension on all the supported architectures
[ Sean Finney ]
* 5.3 upload for unstable.
- Includes backported fix for "ref converted to value" (Closes: #556237).
-- Raphael Geissert <email address hidden> Sun, 07 Feb 2010 23:31:51 -0600
| Superseded in lenny-release |
php5 (5.2.6.dfsg.1-1+lenny4) stable-security; urgency=high
* CVE-2009-2687: DoS via malformed JPEG images with invalid offset fields
(Closes: #535888)
* CVE-2009-2626: remote memory disclosure via ini_* functions
(Closes: #540605)
* CVE-2009-3292: multiple missing checks processing exif image data
* CVE-2009-3291: improper handling of nul character in CommonName fields
of X509 certificates
* max_file_uploads: prevent, by limiting, temporary files exhaustion DoS
* Add an entry to debian/NEWS about the new per-request file uploads limit
-- Raphael Geissert <email address hidden> Sat, 21 Nov 2009 18:28:12 -0600
| Superseded in experimental-release |
php5 (5.3.1-2) experimental; urgency=low
* Merged changes from 5.2.x sid branch.
* Adapt mssql-null-exception.patch and sybase-alias.patch to 5.3.1
* Update strcmp_null-OnUpdateErrorLog.patch; merged upstream, leave a
patch with a test case
* Removed check_ini_on_modify_status.patch and gentoo/117-
4_digit_year_big_endian.patch; merged upstream
* Removed max_file_uploads.patch; no need for backwards compatibility
between major releases
* Refreshed 112-proc_open.patch,exif_read_data-segfault.patch
* Fix duplicate Provides: in debian/control introduced by cherry-
picking 94f0ec3
* Update sybase aliases to include correct arguments, needed for 5.3.x
* Update Build-Depends: to include firefox2.1-dev as preferred
alternative (Closes: #564691)
* Reformat Build-Depends: to one-dependency-per-line
* Reduce number of libdb*-dev to include only version in
stable/testing/unstable
* Switch to automake (>= 1.11) | automake1.11, depend on autoconf >=
2.63 (Closes: #549148)
-- Ondřej Surý <email address hidden> Mon, 11 Jan 2010 16:56:01 +0100
php5 (5.2.12.dfsg.1-2) unstable; urgency=low
* Update Build-Depends: to include firefox2.1-dev as preferred
alternative (Closes: #564691)
* Reformat Build-Depends: to one-dependency-per-line
* Reduce number of firebird*-dev to include only version in
stable/testing/unstable
* Reduce number of libdb*-dev to include only version in
stable/testing/unstable
* Switch to automake (>= 1.11) | automake1.11, depend on autoconf
(>= 2.63) (Closes: #549148)
-- Ondřej Surý <email address hidden> Mon, 11 Jan 2010 17:31:33 +0100
| Superseded in sid-release |
php5 (5.2.12.dfsg.1-1) unstable; urgency=low
[ Thijs Kinkhorst ]
* Change comment in module .ini snippets from # to ; to avoid deprecation
warnings with PHP 5.3.0.
[ Ondřej Surý ]
* Imported Upstream version 5.2.12.dfsg.1
* Removed manpage_spelling.patch, merged upstream.
* Removed libedit_is_editline.patch, merged upstream.
* Refreshed max_file_uploads.patch, patch can be removed, it's kept to
raise max_file_uploads to 50.
* Refreshed and updated suhosin.patch
* Refreshed 001-libtool_fixes.patch, 004-ldap_fix.patch,
006-debian_quirks.patch, 013-force_getaddrinfo.patch,
034-apache2_umask_fix.patch, 053-extension_api.patch,
056-mime_magic_liberal.patch, 115-autoconf_ftbfs.patch,
gentoo/009_ob-memory-leaks.patch, mssql-null-exception.patch,
use_embedded_timezonedb.patch
* Removed autogenerated main/php_config.h.in from suhosin.patch
(Ubuntu: #493761)
* Short open tags are On again in php.ini-dist (Closes: #537099)
* Don't leave .start if we are purging (Closes: #561739)
* Add README.Debian file to /usr/share/doc/php-pear/PEAR, so the
directory is not deleted (Closes: #563437, #542483)
[ Upstream ]
* Fix default pear.php.net channel definitions (Closes: #559029)
-- Ondřej Surý <email address hidden> Fri, 08 Jan 2010 18:18:43 +0100
| Superseded in experimental-release |
php5 (5.3.1-1) experimental; urgency=low
* Imported Upstream version 5.3.1
* Change dependcy to libdb-dev instead on arbitrary version of
libdb4.x-dev
* Refreshed 006-debian_quirks patch to apply cleanly.
* Removed 114-php_gd_segfault.patch, merged upstream.
* Refreshed 115-autoconf_ftbfs.patch to apply cleanly
* Updated suhosin.patch to 0.9.8 version for php-5.3.1
* Refreshed 001-libtool_fixes.patch
* Refreshed 004-ldap_fix.patch
* Refreshed 013-force_getaddrinfo.patch
* Refreshed 036-fd_setsize_fix.patch
* Refreshed 052-phpinfo_no_configure.patch
* Refreshed 053-extension_api.patch
* Refreshed 108-64_bit_datetime.patch
* Refreshed 113-php.ini_securitynotes.patch
* Refreshed 116-posixness_fix.patch
* Refreshed gentoo/006_ext-curl-set_opt-crash.patch
* Refreshed gentoo/009_ob-memory-leaks.patch
* Refreshed libedit_is_editline.patch
* Refreshed suhosin.patch
* Add .gitignore file to ignore .pc/ directory
* Removed README.CVS-RULES from debian/php5-common.docs, file is no
longer shipped by upstream.
-- Ondřej Surý <email address hidden> Thu, 07 Jan 2010 17:21:47 +0100
php5 (5.2.11.dfsg.1-2) unstable; urgency=high
* max_file_uploads: limit the maximum number of file uploads to 50
+ Reduces the chances of a temporary file exhaustion DoS
* Add libdb4.8-dev as an alternative dependency (Closes: #555945)
* Add libdb-dev as another alternative, hopefully the last one
(Closes: #548486)
* Add a versioned dependency on libtool 2.2 (Closes: #548015)
* Use FilesMatch and SetHandler on apache setups (Closes: #491928)
* Gentoo patch ext-curl-set_opt-crash has already been merged upstream
* Drop unused lintian override
-- Raphael Geissert <email address hidden> Sat, 21 Nov 2009 13:37:51 -0600
php5 (5.2.11.dfsg.1-1) unstable; urgency=low
* New upstream release
[ Fixes incorporated upstream ]
* Fix 4-year digit year on big-endian platforms (Closes: #542301)
* patch curl_streams_sleep.patch
* patch strcmp_null-OnUpdateErrorLog.patch (partially addresses #540605)
* patch check_ini_on_modify_status.patch
[ Raphael Geissert ]
* Add aliases to the mssql functions on the sybase extension (Closes: #523073)
* Fix the rows_affected alias, it should be affected_rows
* Avoid possible memory dumps via PG on restored ini values (Closes: #540605)
[ Ondrej Sury ]
* Fix FTBFS with current autoconf/automake (Closes: #542906, #542088)
* Add avr32-linux-gnu to no -gstabs toolchains (Closes: #543278)
* Fix FTBFS on Debian Hurd (Closes: #530281)
* fix whitespace in libapache2-mod-php5.postinst
[ Sean Finney ]
* incorporate/ack previous NMU's, thanks Andreas.
* update debian patch 115-autoconf_ftbfs.patch for new upstream version
* update debian patch fix_broken_upstream_tests.patch
* update debian patch mssql-null-exception.patch
* refresh various quilt patches against new upstream version
* remove no longer needed "legacy" support for conffile migration
* add dpkg trigger in the apache2 and apache2filter sapis for reloading
apache2 on extension updates (Closes: #490023, #524206)
* let libmysqlclient15-dev be a fallback alternative for libmysqlclient-dev
in case someone wants to backport the package.
* update list of installed documentation
-- Sean Finney <email address hidden> Sun, 20 Sep 2009 11:05:35 +0200
| Superseded in experimental-release |
php5 (5.3.0-3) experimental; urgency=low * Fix segmentation fault in php-gd (Closes: #543496) * Update suhosin patch to 0.9.8 *BETA* and enable it again * Fix FTBFS with current autoconf/automake (Closes: #542906, #542088) * Add avr32-linux-gnu to no -gstabs toolchains (Closes: #543278) * Fix FTBFS on Debian Hurd (Closes: #530281) * Use updated (v7) version of use_embedded_timezonedb.patch (Closes: #535770) -- Ondřej Surý <email address hidden> Tue, 25 Aug 2009 16:12:13 +0200
php5 (5.2.10.dfsg.1-2.2) unstable; urgency=medium * Non-maintainer upload. * Drop hand-crafted dependency on libmysqlclient15. -- Andreas Barth <email address hidden> Mon, 31 Aug 2009 09:22:16 +0200
| Superseded in experimental-release |
php5 (5.3.0-2) experimental; urgency=low * update configuration file names to new upstream naming convention -- Sean Finney <email address hidden> Wed, 01 Jul 2009 09:12:10 +0200
php5 (5.2.10.dfsg.1-2) unstable; urgency=low * Declare that PEAR replaces XML_UTIL (Closes: #534621) * Bump standards-version, no change needed * Fix an unconditional limit on dblib_driver.c (Closes: #534881) * Fix a segfault on exif_data_read with corrupted jpg files (Closes: #535888) * Recommend php5-suhosin, as suggested by Thijs (Closes: #529760) * Set sysconfig to /etc, to avoid getting /usr/etc in PHP_SYSCONFDIR * Add myself to uploaders * Fix the path to PEAR's config, directly in rules (Closes: #507762) -- Raphael Geissert <email address hidden> Thu, 09 Jul 2009 18:25:48 -0500
| Superseded in lenny-release |
php5 (5.2.6.dfsg.1-1+lenny3) stable-security; urgency=low
[ Sean Finney ]
* CVE-2008-5814: XSS vulnerability via display_errors (Closes: #523028)
* CVE-2009-0754.patch: mbstring.func_overload leakage between apache2
vhosts (Closes: #523049)
* CVE-2009-1271: remote DoS in json_decode()
* add note about CVE-2009-1272 in previous version's changelog entry
[ Mark A. Hershberger ]
* fix clean target to keep source in a consistant state for multiple builds
-- Sean Finney <email address hidden> Sun, 26 Apr 2009 21:37:57 +0200
php5 (5.2.9.dfsg.1-4) unstable; urgency=high
[ Thijs Kinkhorst ]
* Update php5-cli package description to make it more neutral, thanks
Daniel Hahler (closes: #528833).
[ Sean Finney ]
* fix syntax error in phpize5 caused by libtool2.2.patch
- thanks to Michal Čihař (Closes: #529248)
* this (and the previous libtool2.2 fix) should get to testing as
fast as possible, so bumping prio to high.
-- Sean Finney <email address hidden> Mon, 18 May 2009 21:47:25 +0200
| Superseded in sid-release |
php5 (5.2.9.dfsg.1-3) unstable; urgency=low
[ Sean Finney ]
* add gbp.conf for use with git-buildpackage
[ Raphael Geissert ]
* Pick some bug fixing patches from Gentoo (thanks!)
* Make phpize copy and use the separate m4 files needed by libtool 2.2
(Closes: #527004)
-- Sean Finney <email address hidden> Mon, 11 May 2009 22:09:11 +0200
php5 (5.2.9.dfsg.1-2) unstable; urgency=low
[ Mark A. Hershberger ]
* fix up clean target
[ Thijs Kinkhorst ]
* Update package sections to match override.
[ Raphael Geissert ]
* Detect the path to ltmain.sh at build time and set conflicts
appropriately
* Add libdb4.7-dev as an ORed build dependency to fix FTBFS
* Update the Vcs-* fields to reflect the move from svn to git
* Turn the phpapi dependencies into php5 | phpapi to fix
installability issues
* Bump Standards-Version to 3.8.1, no change needed
* Fix a typo in the code: s/adress/address
* Add a set of lintian overrides for some FP spelling-error-in-binary
* Avoid a useless 15 seconds sleep on php_curl_stream_read under heavy
load
[ Sean Finney ]
* update our libtool patching to be a little cleaner and smarter
* cleanup some of the phpize "cleanup" code in debian/rules
* slightly refined way for supporting old/new libtool dirs
-- Sean Finney <email address hidden> Thu, 23 Apr 2009 21:13:03 +0200
| Superseded in sid-release |
php5 (5.2.9.dfsg.1-1) unstable; urgency=low
* New upstream release (closes: #520538).
- fixes regressions with parsing via libxml2 (closes: #520246, #520423).
[ Sean Finney ]
* Refresh all patches.
* Update suhosin patch to 5.2.9, remove autotools-generated files (configure,
php_config.h.in) and .dsp files from patch.
* remove obsolete configure options from ./configure: --enable-memory-limit,
--enable-track-vars, --enable-trans-sid, --enable-filepro and --enable-dbx.
* Remove obsoleted patches which have been incorporated upstream:
- snmp_leaks.patch
- BG-initializing-fix.patch
- CVE-2008-2829.patch
- CVE-2008-3658.patch
- CVE-2008-3659.patch
- CVE-2008-3660.patch
- CVE-2008-5557.patch
- CVE-2008-5658.patch
- pdo-fetchobject-prototype-error.patch
- zend_object_handlers-invalid-write.patch
- dba-inifile-truncation.patch
- gentoo/freetds-compat.patch
- gentoo/010_ticks-zts-crashes.patch
- gentoo/019_new-memory-corruption.patch
- gentoo/009_array-function-crashes.patch
- gentoo/015_CVE-2008-2665-wrapper-safemode-bypass.patch
- gentoo/017_xmlrpc-invalid-callback-crash.patch
- gentoo/007_dom-setAttributeNode-crash.patch
- gentoo/006_PDORow-crash.patch
- gentoo/005_stream_context_set_params-crash.patch
* Update fix_broken_upstream_tests.patch, one of the tests is fixed.
-- Sean Finney <email address hidden> Tue, 24 Mar 2009 19:05:09 +0100
| Superseded in lenny-release |
php5 (5.2.6.dfsg.1-1+lenny2) testing-security; urgency=low
[ Sean Finney ]
* Do not add -O2 to CFLAGS if DEB_BUILD_OPTIONS contains noopt.
* Security related fixes:
- php: inifile handler for the dba functions can be used to truncate a file
Patch: dba-inifile-truncation.patch (closes: #507101).
- CVE-2008-5658.patch: ZipArchive::extractTo directory traversal
Patch: CVE-2008-5658.patch (closes: #507857).
Thanks to Pierre Joye for help with the patch.
[ Raphael Geissert ]
* Picked up some patches from Gentoo (most included in PHP 5.2.7 and later):
+ patches/gentoo/005_stream_context_set_params-crash.patch
+ patches/gentoo/006_PDORow-crash.patch
+ patches/gentoo/007_dom-setAttributeNode-crash.patch
+ patches/gentoo/009_array-function-crashes.patch
+ patches/gentoo/010_ticks-zts-crashes.patch
+ patches/gentoo/015_CVE-2008-2665-wrapper-safemode-bypass.patch
+ patches/gentoo/017_xmlrpc-invalid-callback-crash.patch
+ patches/gentoo/019_new-memory-corruption.patch
+ patches/gentoo/freetds-compat.patch
- was deprecated_freetds_check.patch
-- Sean Finney <email address hidden> Sun, 25 Jan 2009 15:06:34 +0100
| Superseded in sid-release |
| Superseded in squeeze-release |
| Superseded in squeeze-release |
| Superseded in sid-release |
php5 (5.2.6.dfsg.1-3) unstable; urgency=low
[ Sean Finney ]
* Do not add -O2 to CFLAGS if DEB_BUILD_OPTIONS contains noopt.
* Security related fixes:
- php: inifile handler for the dba functions can be used to truncate a file
Patch: dba-inifile-truncation.patch (closes: #507101).
- CVE-2008-5658.patch: ZipArchive::extractTo directory traversal
Patch: CVE-2008-5658.patch (closes: #507857).
Thanks to Pierre Joye for help with the patch.
[ Raphael Geissert ]
* Picked up some patches from Gentoo (most included in PHP 5.2.7 and later):
+ patches/gentoo/005_stream_context_set_params-crash.patch
+ patches/gentoo/006_PDORow-crash.patch
+ patches/gentoo/007_dom-setAttributeNode-crash.patch
+ patches/gentoo/009_array-function-crashes.patch
+ patches/gentoo/010_ticks-zts-crashes.patch
+ patches/gentoo/015_CVE-2008-2665-wrapper-safemode-bypass.patch
+ patches/gentoo/017_xmlrpc-invalid-callback-crash.patch
+ patches/gentoo/019_new-memory-corruption.patch
+ patches/gentoo/freetds-compat.patch
- was deprecated_freetds_check.patch
-- Sean Finney <email address hidden> Sat, 24 Jan 2009 21:17:13 +0100
| Superseded in sid-release |
php5 (5.2.6.dfsg.1-2) unstable; urgency=low
[ Sean Finney ]
* Make sure a file used to track state is properly removed in the
postinst, thanks Raphael (closes: #511049).
[ Thijs Kinkhorst ]
* Fix watch file to mangle version.
[ Raphael Geissert ]
* Ship script used to take an upstream tarball and remove the non
DFSG-free stuff, update watch file accordingly.
-- Sean Finney <email address hidden> Tue, 13 Jan 2009 08:24:36 +0100
| Superseded in lenny-release |
php5 (5.2.6.dfsg.1-0.1~lenny1) testing; urgency=low * Non-maintainer upload. * Remove exts/dbase from orig tarball (Closes: #341420) -- Ben Hutchings <email address hidden> Sat, 29 Nov 2008 19:19:28 +0000
| Superseded in sid-release |
php5 (5.2.6.dfsg.1-0.1) unstable; urgency=low * Non-maintainer upload. * Remove exts/dbase from orig tarball (Closes: #341420) -- Ben Hutchings <email address hidden> Sat, 29 Nov 2008 19:19:28 +0000
php5 (5.2.6-5) unstable; urgency=high
* Update debian/copyright to document that the DFSG-unfree email
requirement in ext/standard/rand.c has been rescinded by the
copyrightholder (Closes: #498621).
-- Thijs Kinkhorst <email address hidden> Sun, 05 Oct 2008 11:32:35 +0200
| 226 → 250 of 250 results | First • Previous • Next • Last |
