[ubuntu/jaunty] php5 5.2.6.dfsg.1-3ubuntu1 (Accepted)
Chuck Short
zulcss at ubuntu.com
Fri Feb 13 15:30:17 GMT 2009
php5 (5.2.6.dfsg.1-3ubuntu1) jaunty; urgency=low
* Merge from debian unstable, remaining changes:
- debian/control, debian/rules: Disable a few build dependencies and
accompanying binary packages which we do not want to support in main:
+ firebird2-dev/php5-interbase (we have a seperate php-interbase source)
+ libc-client/php5-imap (we have a seperate php-imap source)
+ libmcrypt-dev/php5-mcrypt (seperate php-mycrpt source)
+ readline support again, now that the libedit issue is fixed.
- debian/control: Add build dependency: libdedit-dev (>= 2.9.cvs.20050518-1)
CLI readline support
- debian/rules:
- Correctly mangle PHP5_* macros for lpia
- Point /usr/lib/php5/build/{libtool.m4, ltmain.sh} to the right locations.
- Configure with --build=$(DEB_BUILD_GNU_TYPE) --host=$(DEB_HOST_GNU_TYPE)
to fix a build failure on armel.
- debian/patches/use-specific-libdb-version.patch (LP: #165247), mangle
version ordering in patch to match code for clean application.
- debian/patches/119-sybase-alias.patch:
+ Fix sybase regression since change to mssql. (LP: #240519)
- debian/control: Use libdb-4.6-dev
- Revert to using upstreams' bundled libtool for now, until either upstream
moves to libtool 2.x, or Debian/Ubuntu have the time to rewrite some m4.
* Manually copy autotools-dev's versions of config.{sub.guess} since we
no long have libtoolize doing it for us, thanks to the above changes.
* debian/patches/fix-pecl-libtool.dpatch: fix libtool brokenness with pecl.
(LP: #262251)
* Dropped debian/patches/deprecated_freetds_check.patch in favor of Debian's.
php5 (5.2.6.dfsg.1-3) unstable; urgency=low
[ Sean Finney ]
* Do not add -O2 to CFLAGS if DEB_BUILD_OPTIONS contains noopt.
* Security related fixes:
- php: inifile handler for the dba functions can be used to truncate a file
Patch: dba-inifile-truncation.patch (closes: #507101).
- CVE-2008-5658.patch: ZipArchive::extractTo directory traversal
Patch: CVE-2008-5658.patch (closes: #507857).
Thanks to Pierre Joye for help with the patch.
[ Raphael Geissert ]
* Picked up some patches from Gentoo (most included in PHP 5.2.7 and later):
+ patches/gentoo/005_stream_context_set_params-crash.patch
+ patches/gentoo/006_PDORow-crash.patch
+ patches/gentoo/007_dom-setAttributeNode-crash.patch
+ patches/gentoo/009_array-function-crashes.patch
+ patches/gentoo/010_ticks-zts-crashes.patch
+ patches/gentoo/015_CVE-2008-2665-wrapper-safemode-bypass.patch
+ patches/gentoo/017_xmlrpc-invalid-callback-crash.patch
+ patches/gentoo/019_new-memory-corruption.patch
+ patches/gentoo/freetds-compat.patch
- was deprecated_freetds_check.patch
php5 (5.2.6.dfsg.1-2) unstable; urgency=low
[ Sean Finney ]
* Make sure a file used to track state is properly removed in the
postinst, thanks Raphael (closes: #511049).
[ Thijs Kinkhorst ]
* Fix watch file to mangle version.
[ Raphael Geissert ]
* Ship script used to take an upstream tarball and remove the non
DFSG-free stuff, update watch file accordingly.
php5 (5.2.6.dfsg.1-1) unstable; urgency=high
[ Sean Finney ]
* Incorporate previous NMU.
* Updated system tzdata patch from Joe Orton.
* Removed tzdb-nofree_ents_ifnotzdata.patch, which is now incorporated
into Joe's patch.
* Two backported fixes from 5.2.8, thanks to Olivier Bonvalet for looking
them up.
- Upstream bug #46157 (PDOStatement::fetchObject prototype error)
Patch: pdo-fetchobject-prototype-error.patch
- Upstream bug #46308 (Invalid write in zend object handler / getter)
Patch: zend_object_handlers-invalid-write.patch
* Security related fixes:
- CVE-2008-5624: Incorporate fix from 5.3 for proper initialization of
uid/gid for apache2 sapi.
Patch: BG-initializing-fix.patch
- CVE-2008-5557: heap overflows in the mbstring extension.
Patch: CVE-2008-5557.patch (closes: #511493).
[ Thijs Kinkhorst ]
* Correct description typo, thanks Mathias Brodala (Closes: #508989).
php5 (5.2.6.dfsg.1-0.1) unstable; urgency=low
* Non-maintainer upload.
* Remove exts/dbase from orig tarball (Closes: #341420)
php5 (5.2.6-5) unstable; urgency=high
* Update debian/copyright to document that the DFSG-unfree email
requirement in ext/standard/rand.c has been rescinded by the
copyrightholder (Closes: #498621).
php5 (5.2.6-4) unstable; urgency=high
[ Sean Finney ]
* Take three unreleased fixes from upstream CVS:
- CVE-2008-3658: Buffer overflow in the imageloadfont function.
Patch: CVE-2008-3658.patch (closes: #499989)
- CVE-2008-3659: Buffer overflow in the memnstr function.
Patch: CVE-2008-3659.patch (closes: #499988)
- CVE-2008-3660: Remote DoS in fastcgi module
Patch: CVE-2008-3660.patch (closes: #499987)
[ Raphael Geissert ]
* snmp_leaks.patch: fixes memory leaks in the snmp extension (Closes: #423296)
- Thanks to Rodrigo Campos <rodrigocc at gmail.com> for the follow up
- Thanks to Federico Cuello for the original patch
* php5-dev.lintian-override: fix it so it actually works
php5 (5.2.6-3) unstable; urgency=high
[ Thijs Kinkhorst ]
* Drop unneeded php5-timezonedb Suggests and obsolete php3 Conflicts.
* Add documentation about the timezonedb change (Closes: #492025).
[ Adam Conrad ]
* Modify 033-we_WANT_libtool.patch to cope with newer versions of
libtool that only copy auxilliary files when --install is used,
while still working with older versions that DTRT without.
[ Raphael Geissert ]
* debian/rules:
+ Avoid installing useless test suites in php-pear (Closes: #478995)
+ Remove any empty directory in php-pear
+ Also get rid of usr/share/php/data/Structures_Graph/*
- Those were meant to be used by upstream maintainer
* debian/php5-dev.lintian-overrides:
- usr/lib/php5/build/run-tests.php is not meant to be used directly
* debian/control: bumped Standards Version to 3.8.0, no changes needed
* bad_whatis_entries.patch: fixes the whatis entries of all the manpages
* deprecated_freetds_check.patch: fixes the freetds detection routine
+ Closes: #494230
- Thanks to jklowden at freetds.org and the Gentoo folks for the patch
(RC bugfix, upload urgency bumped)
* debian/libapache2-mod-php5*-{prerm,postinst}:
- Create a status file when removing the package (but not purging)
while having the mod enabled so reinstallation of the package
does not end up disabling the module (Closes: #471548)
[ Sean Finney ]
* Bump dependency on libmysqlclient15off to require the version from
lenny or later, in order to avoid subtle problems not previously detected
with libmysqlclient_r on mixed etch/lenny/sid systems (closes: #495575).
Date: Wed, 04 Feb 2009 21:52:47 +0000
Changed-By: Chuck Short <zulcss at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Chuck Short <chuck.short at canonical.com>
https://launchpad.net/ubuntu/jaunty/+source/php5/5.2.6.dfsg.1-3ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 04 Feb 2009 21:52:47 +0000
Source: php5
Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-dev php5-dbg php-pear php5-curl php5-gd php5-gmp php5-ldap php5-mhash php5-mysql php5-odbc php5-pgsql php5-pspell php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl
Architecture: source
Version: 5.2.6.dfsg.1-3ubuntu1
Distribution: jaunty
Urgency: high
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Chuck Short <zulcss at ubuntu.com>
Description:
libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 module)
libapache2-mod-php5filter - server-side, HTML-embedded scripting language (apache 2 filter mo
php-pear - PEAR - PHP Extension and Application Repository
php5 - server-side, HTML-embedded scripting language (metapackage)
php5-cgi - server-side, HTML-embedded scripting language (CGI binary)
php5-cli - command-line interpreter for the php5 scripting language
php5-common - Common files for packages built from the php5 source
php5-curl - CURL module for php5
php5-dbg - Debug symbols for PHP5
php5-dev - Files for PHP5 module development
php5-gd - GD module for php5
php5-gmp - GMP module for php5
php5-ldap - LDAP module for php5
php5-mhash - MHASH module for php5
php5-mysql - MySQL module for php5
php5-odbc - ODBC module for php5
php5-pgsql - PostgreSQL module for php5
php5-pspell - pspell module for php5
php5-recode - recode module for php5
php5-snmp - SNMP module for php5
php5-sqlite - SQLite module for php5
php5-sybase - Sybase / MS SQL Server module for php5
php5-tidy - tidy module for php5
php5-xmlrpc - XML-RPC module for php5
php5-xsl - XSL module for php5
Closes: 341420 423296 471548 478995 492025 494230 495575 498621 499987 499988 499989 507101 507857 508989 511049 511493
Launchpad-Bugs-Fixed: 165247 240519 262251
Changes:
php5 (5.2.6.dfsg.1-3ubuntu1) jaunty; urgency=low
.
* Merge from debian unstable, remaining changes:
- debian/control, debian/rules: Disable a few build dependencies and
accompanying binary packages which we do not want to support in main:
+ firebird2-dev/php5-interbase (we have a seperate php-interbase source)
+ libc-client/php5-imap (we have a seperate php-imap source)
+ libmcrypt-dev/php5-mcrypt (seperate php-mycrpt source)
+ readline support again, now that the libedit issue is fixed.
- debian/control: Add build dependency: libdedit-dev (>= 2.9.cvs.20050518-1)
CLI readline support
- debian/rules:
- Correctly mangle PHP5_* macros for lpia
- Point /usr/lib/php5/build/{libtool.m4, ltmain.sh} to the right locations.
- Configure with --build=$(DEB_BUILD_GNU_TYPE) --host=$(DEB_HOST_GNU_TYPE)
to fix a build failure on armel.
- debian/patches/use-specific-libdb-version.patch (LP: #165247), mangle
version ordering in patch to match code for clean application.
- debian/patches/119-sybase-alias.patch:
+ Fix sybase regression since change to mssql. (LP: #240519)
- debian/control: Use libdb-4.6-dev
- Revert to using upstreams' bundled libtool for now, until either upstream
moves to libtool 2.x, or Debian/Ubuntu have the time to rewrite some m4.
* Manually copy autotools-dev's versions of config.{sub.guess} since we
no long have libtoolize doing it for us, thanks to the above changes.
* debian/patches/fix-pecl-libtool.dpatch: fix libtool brokenness with pecl.
(LP: #262251)
* Dropped debian/patches/deprecated_freetds_check.patch in favor of Debian's.
.
php5 (5.2.6.dfsg.1-3) unstable; urgency=low
.
[ Sean Finney ]
* Do not add -O2 to CFLAGS if DEB_BUILD_OPTIONS contains noopt.
* Security related fixes:
- php: inifile handler for the dba functions can be used to truncate a file
Patch: dba-inifile-truncation.patch (closes: #507101).
- CVE-2008-5658.patch: ZipArchive::extractTo directory traversal
Patch: CVE-2008-5658.patch (closes: #507857).
Thanks to Pierre Joye for help with the patch.
.
[ Raphael Geissert ]
* Picked up some patches from Gentoo (most included in PHP 5.2.7 and later):
+ patches/gentoo/005_stream_context_set_params-crash.patch
+ patches/gentoo/006_PDORow-crash.patch
+ patches/gentoo/007_dom-setAttributeNode-crash.patch
+ patches/gentoo/009_array-function-crashes.patch
+ patches/gentoo/010_ticks-zts-crashes.patch
+ patches/gentoo/015_CVE-2008-2665-wrapper-safemode-bypass.patch
+ patches/gentoo/017_xmlrpc-invalid-callback-crash.patch
+ patches/gentoo/019_new-memory-corruption.patch
+ patches/gentoo/freetds-compat.patch
- was deprecated_freetds_check.patch
.
php5 (5.2.6.dfsg.1-2) unstable; urgency=low
.
[ Sean Finney ]
* Make sure a file used to track state is properly removed in the
postinst, thanks Raphael (closes: #511049).
.
[ Thijs Kinkhorst ]
* Fix watch file to mangle version.
.
[ Raphael Geissert ]
* Ship script used to take an upstream tarball and remove the non
DFSG-free stuff, update watch file accordingly.
.
php5 (5.2.6.dfsg.1-1) unstable; urgency=high
.
[ Sean Finney ]
* Incorporate previous NMU.
* Updated system tzdata patch from Joe Orton.
* Removed tzdb-nofree_ents_ifnotzdata.patch, which is now incorporated
into Joe's patch.
* Two backported fixes from 5.2.8, thanks to Olivier Bonvalet for looking
them up.
- Upstream bug #46157 (PDOStatement::fetchObject prototype error)
Patch: pdo-fetchobject-prototype-error.patch
- Upstream bug #46308 (Invalid write in zend object handler / getter)
Patch: zend_object_handlers-invalid-write.patch
* Security related fixes:
- CVE-2008-5624: Incorporate fix from 5.3 for proper initialization of
uid/gid for apache2 sapi.
Patch: BG-initializing-fix.patch
- CVE-2008-5557: heap overflows in the mbstring extension.
Patch: CVE-2008-5557.patch (closes: #511493).
.
[ Thijs Kinkhorst ]
* Correct description typo, thanks Mathias Brodala (Closes: #508989).
.
php5 (5.2.6.dfsg.1-0.1) unstable; urgency=low
.
* Non-maintainer upload.
* Remove exts/dbase from orig tarball (Closes: #341420)
.
php5 (5.2.6-5) unstable; urgency=high
.
* Update debian/copyright to document that the DFSG-unfree email
requirement in ext/standard/rand.c has been rescinded by the
copyrightholder (Closes: #498621).
.
php5 (5.2.6-4) unstable; urgency=high
.
[ Sean Finney ]
* Take three unreleased fixes from upstream CVS:
- CVE-2008-3658: Buffer overflow in the imageloadfont function.
Patch: CVE-2008-3658.patch (closes: #499989)
- CVE-2008-3659: Buffer overflow in the memnstr function.
Patch: CVE-2008-3659.patch (closes: #499988)
- CVE-2008-3660: Remote DoS in fastcgi module
Patch: CVE-2008-3660.patch (closes: #499987)
.
[ Raphael Geissert ]
* snmp_leaks.patch: fixes memory leaks in the snmp extension (Closes: #423296)
- Thanks to Rodrigo Campos <rodrigocc at gmail.com> for the follow up
- Thanks to Federico Cuello for the original patch
* php5-dev.lintian-override: fix it so it actually works
.
php5 (5.2.6-3) unstable; urgency=high
.
[ Thijs Kinkhorst ]
* Drop unneeded php5-timezonedb Suggests and obsolete php3 Conflicts.
* Add documentation about the timezonedb change (Closes: #492025).
.
[ Adam Conrad ]
* Modify 033-we_WANT_libtool.patch to cope with newer versions of
libtool that only copy auxilliary files when --install is used,
while still working with older versions that DTRT without.
.
[ Raphael Geissert ]
* debian/rules:
+ Avoid installing useless test suites in php-pear (Closes: #478995)
+ Remove any empty directory in php-pear
+ Also get rid of usr/share/php/data/Structures_Graph/*
- Those were meant to be used by upstream maintainer
* debian/php5-dev.lintian-overrides:
- usr/lib/php5/build/run-tests.php is not meant to be used directly
* debian/control: bumped Standards Version to 3.8.0, no changes needed
* bad_whatis_entries.patch: fixes the whatis entries of all the manpages
* deprecated_freetds_check.patch: fixes the freetds detection routine
+ Closes: #494230
- Thanks to jklowden at freetds.org and the Gentoo folks for the patch
(RC bugfix, upload urgency bumped)
* debian/libapache2-mod-php5*-{prerm,postinst}:
- Create a status file when removing the package (but not purging)
while having the mod enabled so reinstallation of the package
does not end up disabling the module (Closes: #471548)
.
[ Sean Finney ]
* Bump dependency on libmysqlclient15off to require the version from
lenny or later, in order to avoid subtle problems not previously detected
with libmysqlclient_r on mixed etch/lenny/sid systems (closes: #495575).
Checksums-Sha1:
691a51271a36b358dacddc4efce5d40735ca8dcf 2534 php5_5.2.6.dfsg.1-3ubuntu1.dsc
b674ca6e080b23ecb97b20739b00fd9a04ec5435 12173741 php5_5.2.6.dfsg.1.orig.tar.gz
ef88c99d624b5a32f565755e7b237546932e7373 184109 php5_5.2.6.dfsg.1-3ubuntu1.diff.gz
Checksums-Sha256:
ebea0864d204a8f02d937e6b927f055f701a1eadb73f1f5b0fc60a33c371025e 2534 php5_5.2.6.dfsg.1-3ubuntu1.dsc
86c5040915321aea53d870c2b1ecb1dc048e60eaf6c7addc1d421f363e642a3a 12173741 php5_5.2.6.dfsg.1.orig.tar.gz
fb71f40848f067c6beb05b4ce62a5c9266a027e78c46e1acc3ecb7fc56ed3ef8 184109 php5_5.2.6.dfsg.1-3ubuntu1.diff.gz
Files:
f619f08dbff3ae9d52029d0f4cd5579e 2534 web optional php5_5.2.6.dfsg.1-3ubuntu1.dsc
b80fcee38363f031229368ceff8ced58 12173741 web optional php5_5.2.6.dfsg.1.orig.tar.gz
f147918ca1b448fb98639d5432b5dfa1 184109 web optional php5_5.2.6.dfsg.1-3ubuntu1.diff.gz
Original-Maintainer: Debian PHP Maintainers <pkg-php-maint at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkmViBAACgkQIHZ33voUATufpACZATDqDrA7fSq93Ug7EEFjVbTP
010AoKnGkcnth4Y5WFm9elOH3nerzGHL
=UItQ
-----END PGP SIGNATURE-----
More information about the Jaunty-changes
mailing list