--- php5-5.2.4.orig/main/php_version.h
+++ php5-5.2.4/main/php_version.h
@@ -3,6 +3,6 @@
#define PHP_MAJOR_VERSION 5
#define PHP_MINOR_VERSION 2
#define PHP_RELEASE_VERSION 4
-#define PHP_EXTRA_VERSION ""
-#define PHP_VERSION "5.2.4"
+#define PHP_EXTRA_VERSION "-2ubuntu1"
+#define PHP_VERSION "5.2.4-2ubuntu1"
#define PHP_VERSION_ID 50204
--- php5-5.2.4.orig/debian/php5-sybase.postinst.extra
+++ php5-5.2.4/debian/php5-sybase.postinst.extra
@@ -0,0 +1,6 @@
+OLD_CONFFILE=/etc/php5/conf.d/sybase_ct.ini
+if [ -e "$OLD_CONFFILE" ] && dpkg --compare-versions "$2" lt-nl 5.2.3-2
+then
+ rm $OLD_CONFFILE
+fi
+
--- php5-5.2.4.orig/debian/libapache2-mod-php5.load
+++ php5-5.2.4/debian/libapache2-mod-php5.load
@@ -0,0 +1 @@
+LoadModule php5_module /usr/lib/apache2/modules/libphp5.so
--- php5-5.2.4.orig/debian/php5-cli.prerm
+++ php5-5.2.4/debian/php5-cli.prerm
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -e
+
+#DEBHELPER#
+
+if [ "$1" = "remove" -o "$1" = "deconfigure" ]; then
+ update-alternatives --remove php /usr/bin/php5
+fi
+
+exit 0
--- php5-5.2.4.orig/debian/php5-sapi.links
+++ php5-5.2.4/debian/php5-sapi.links
@@ -0,0 +1 @@
+etc/php5/conf.d etc/php5/@sapi@/conf.d
--- php5-5.2.4.orig/debian/php5-module.postinst
+++ php5-5.2.4/debian/php5-module.postinst
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+set -e
+
+# here we test for upgrades from versions prior to the config-file-scan-dir
+# migration.
+#
+# to avoid lots of scary warnings about duplicate-loaded modules, each
+# module will remove its "extension=" line from each SAPI's php.ini file
+# when upgrading from a "prior version". this will be the last time we
+# ever muck with such files in maintainer scripts. really. promise :)
+
+if [ "$2" ] && dpkg --compare-versions "$2" lt "5.1.6-5"; then
+ extension_re='^[[:space:]]*extension[[:space:]]*=[[:space:]]*@dsoname@\.so$'
+ for SAPI in apache apache2 cgi cli; do
+ ini_file="/etc/php5/$SAPI/php.ini"
+ if [ -f "$ini_file" ]; then
+ if grep -q "$extension_re" $ini_file; then
+ sed -i -e "/$extension_re/d" $ini_file
+ fi
+ fi
+ done
+fi
+
+#EXTRA#
+#DEBHELPER#
+
--- php5-5.2.4.orig/debian/php5-common.postrm
+++ php5-5.2.4/debian/php5-common.postrm
@@ -0,0 +1,12 @@
+#! /bin/bash
+
+set -e
+
+if [ "$1" = "purge" ]
+then
+ rm -rf /var/lib/php5
+fi
+
+#DEBHELPER#
+
+exit 0
--- php5-5.2.4.orig/debian/modulelist
+++ php5-5.2.4/debian/modulelist
@@ -0,0 +1,19 @@
+curl CURL
+gd GD
+gmp GMP
+imap IMAP
+interbase Interbase
+ldap LDAP
+mcrypt MCrypt
+mhash MHASH
+mysql MySQL
+odbc ODBC
+pgsql PostgreSQL
+pspell pspell
+recode recode
+snmp SNMP
+sqlite SQLite
+sybase Sybase mssql
+tidy tidy
+xmlrpc XML-RPC
+xsl XSL
--- php5-5.2.4.orig/debian/libapache2-mod-php5.prerm
+++ php5-5.2.4/debian/libapache2-mod-php5.prerm
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+set -e
+
+#DEBHELPER#
+
+if [ "$1" != "remove" -a "$1" != "purge" ]; then
+ exit 0
+fi
+
+if [ -e /etc/apache2/apache2.conf ]; then
+ a2dismod php5 || true
+fi
+
+exit 0
--- php5-5.2.4.orig/debian/php5-common.TODO
+++ php5-5.2.4/debian/php5-common.TODO
@@ -0,0 +1,7 @@
+- Debconf: support removing of extension lines from php.ini on
+ dpkg-reconfigure, not just adding. Adjust wording of debconf template
+ to match.
+- move default config files out of /usr/share/doc/php5/examples, per
+ policy
+- more modules
+- roxen support (oh my)
--- php5-5.2.4.orig/debian/libapache2-mod-php5.dirs
+++ php5-5.2.4/debian/libapache2-mod-php5.dirs
@@ -0,0 +1,3 @@
+/etc/apache2/mods-available
+/etc/php5/apache2
+/usr/lib/apache2/modules
--- php5-5.2.4.orig/debian/libapache2-mod-php5.conf
+++ php5-5.2.4/debian/libapache2-mod-php5.conf
@@ -0,0 +1,4 @@
+
+ AddType application/x-httpd-php .php .phtml .php3
+ AddType application/x-httpd-php-source .phps
+
--- php5-5.2.4.orig/debian/php5-dev.prerm
+++ php5-5.2.4/debian/php5-dev.prerm
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+set -e
+
+#DEBHELPER#
+
+if [ "$1" != "remove" -a "$1" != "purge" ]; then
+ exit 0
+fi
+
+for i in php-config phpize; do
+ update-alternatives --remove $i /usr/bin/"$i"5
+done
+
+exit 0
--- php5-5.2.4.orig/debian/NEWS
+++ php5-5.2.4/debian/NEWS
@@ -0,0 +1,18 @@
+php5 (5.2.3-2) unstable; urgency=low
+
+ The suhosin patch is now enabled by default!
+
+ For more information, see
+ .
+
+ Special thanks to Blars Blarson for providing a sparc machine for testing
+ that the patch seems to work okay on that architecture. If you experience
+ otherwise let us know!
+
+ Suggestions are welcome for default configuration options, examples,
+ documentation, etc.
+
+ In any event please report successes and/or failures to us at
+ pkg-php-maint@lists.alioth.debian.org.
+
+ -- sean finney Thu, 12 Jul 2007 23:38:43 +0200
--- php5-5.2.4.orig/debian/php5-cgi.postinst
+++ php5-5.2.4/debian/php5-cgi.postinst
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+#DEBHELPER#
+
+if [ "$1" != "configure" ]; then
+ exit 0
+fi
+
+phpini="/etc/php5/cgi/php.ini"
+# LEGACY SUPPORT
+# previous versions of php did not ship $phpini as a conffile nor did
+# they use anything like ucf. as a result, we need to help transition
+# those files into ucf a little more easily by updating unmodified
+# ini files before registering them
+#
+# if we're upgrading from a pre-ucf version of php:
+if dpkg --compare-versions "$2" le-nl "5.1.6-4"; then
+ # if the SAPI config file already exists and is unmodified
+ if [ -f "$phpini" ]; then
+ oldmd5=`md5sum $phpini | cut -d' ' -f1`
+ if [ "$oldmd5" = "c85605baab79fbcd3c289e442eb3caa2" ]; then
+ # then silently update it before registering via ucf
+ cp /usr/share/php5/php.ini-dist $phpini
+ fi
+ fi
+fi
+# END LEGACY SUPPORT
+
+ucf /usr/share/php5/php.ini-dist $phpini
+
+update-alternatives \
+ --install /usr/bin/php-cgi php-cgi /usr/bin/php5-cgi 50 \
+ --slave /usr/share/man/man1/php-cgi.1.gz php-cgi.1.gz /usr/share/man/man1/php5-cgi.1.gz
+
+update-alternatives \
+ --install /usr/lib/cgi-bin/php php-cgi-bin /usr/lib/cgi-bin/php5 50
+
+exit 0
--- php5-5.2.4.orig/debian/php5-common.README.Debian
+++ php5-5.2.4/debian/php5-common.README.Debian
@@ -0,0 +1,143 @@
+Table of Contents:
+---------------------------------------------------------------------
+* Using php5 with threaded webservers (eg. apache2-mpm-worker, caudium)
+* Problems starting apache2 with php5
+* Session storage
+* Other caveats
+* php5-cgi and apache2
+* Restarting your web server after installing modules
+* Configuration layout
+* Further documentation, errata, etc
+
+
+Using php5 with threaded webservers (eg. apache2-mpm-worker, caudium)
+---------------------------------------------------------------------
+
+ After much back-and-forth with upstream (and even building our
+ packages thread-safe for a while), we're currently admitting defeat
+ on that front, and are NOT building any thread-safe versions of
+ PHP for any webservers. Our recommendation is that, if you need
+ to use a threaded webserver, you should use php5-cgi in either
+ 'normal' CGI mode, or in FastCGI mode.
+
+Adam Conrad Sun, 06 Feb 2005 08:24:56 -0700
+
+
+Problems starting apache2 with php5
+----------------------------------
+
+ At the time of writing, there are no *known* incompatibilities
+ between any of the php5 modules we ship. However, there have been
+ many bug reports in the past due to dynamically-loaded extensions,
+ and it's possible there are still bugs in the released packages. If
+ Apache fails to start after you install php5, check your list of
+ enabled extensions at the bottom of /etc/php5/apache2/php.ini (and in
+ the per-sapi configuration directory), and try commenting out or
+ reordering the extensions until you find a combination that works.
+
+ For example, in the past the mhash extension was incompatible with
+ some other common extensions. To work around this, you could list
+ the mhash extension first in php.ini.
+
+ If you find an extension-related bug in the Debian packages, and you
+ are willing to help debug the problem, please send us a bug report
+ that lists all enabled PHP5 extensions (extension=), in the order
+ in which they appear in php.ini, as well as all enabled Apache modules
+ (LoadModule), with version numbers where possible.
+
+Steve Langasek Fri, 26 Apr 2002 13:39:00 -0500
+
+
+Session storage
+---------------
+
+ Session files are stored in /var/lib/php5. For security purposes, this
+ directory is unreadable by non-root users. This means that php5 running
+ from apache2, for example, will not be able to clean up stale session
+ files. Instead, we have a cron job run every 30 mins that cleans up
+ stale session files; /etc/cron.d/php5. You may need to modify how
+ often this runs, if you've modified session.gc_maxlifetime in your
+ php.ini; otherwise, it may be too lax or overly aggressive in cleaning
+ out stale session files.
+
+Andres Salomon Fri, 03 Sep 2004 03:12:54 -0400
+
+
+Other caveats
+-------------
+
+ * extension_dir and include_path should be commented out, if you don't need
+ special settings for them so php will look in compiled-in paths. If you set
+ them, you should also add appropriate php install directories there.
+
+php5-cgi and apache2
+---------------------------
+
+In 99% of cases, what you probably want isn't php5-cgi at all, but rather
+the libapache2-mod-php5 package, which will configure themselves on
+installation and Just Work(tm). If, however, you have a need to use
+the CGI version of php5 with apache2, the following should help
+get you going, though there are dozens of different ways to do this.
+
+Please note that this process will never be made automatic, as php5-cgi
+is meant to be a webserver-agnostic package that can be used with any
+httpd, and we don't want it to conflict with the httpd-specific packages
+such as libapache2-mod-php5. If both were installed side-by-side and both
+were automatically enabled, the results would be a bit confusing, obviously.
+
+To use php5-cgi with apache2
+ 1) activate CGI (it's on by default in default debian setups)
+ a) If using the prefork MPM, use 'a2enmod cgi'
+ b) If using a threaded MPM, use 'a2enmod cgid'
+ 2) activate mod_actions (a2enmod actions)
+ 3) Add the following to a config snippet in /etc/apache2/conf.d
+
+ Action application/x-httpd-php /cgi-bin/php5
+
+
+Adam Conrad Sat, 04 Sep 2004 23:04:26 -0600
+
+Restarting your web server after installing modules
+---------------------------------------------------------------------
+
+Many of the php modules (php5-mysql, for example) require that you
+restart your webserver after installation. This currently isn't
+done automatically, so changes won't take affect until you run
+/etc/init.d/apache2 reload or your webserver's equivalent (some cases
+may need to use "restart" instead of "reload" too)
+
+sean finney Sat, 09 Dec 2006 12:42:21 +0100
+
+Configuration Layout
+---------------------------------------------------------------------
+
+Each of the 3 SAPI's (apache2/cgi/cli) have a different
+central configuration file /etc/php5/$SAPI/php.ini.
+
+Additionally, each SAPI is configured with the compile-time option
+
+ --with-config-file-scan-dir=/etc/php5/$SAPI/conf.d
+
+which for all SAPI's is actually a symlink pointing to a central
+directory /etc/php5/conf.d. Any file found in this directory ending
+in .ini will be treated as a configuration file by the php SAPI.
+
+The rationale with this method is that each SAPI can thus be
+identically configured with a minimal amount of conffile handling,
+but at the same time if you want to have SAPI-specific configuration,
+you can just remove the symlink.
+
+sean finney Thu, 19 Oct 2006 23:33:05 +0200
+
+Further documentation, errata, etc
+---------------------------------------------------------------------
+
+Errata and other general information about PHP in Debian can be found
+in the debian wiki at:
+
+ http://wiki.debian.org/PHP
+
+If after reading the documentation in this file you still have unanswered
+questions, that's a good next place to go.
+
+sean finney Thu, 19 Oct 2006 22:57:52 +0200
--- php5-5.2.4.orig/debian/php5-module.ini
+++ php5-5.2.4/debian/php5-module.ini
@@ -0,0 +1,2 @@
+# configuration for php @extname@ module
+extension=@dsoname@.so
--- php5-5.2.4.orig/debian/php5-dev.dirs
+++ php5-5.2.4/debian/php5-dev.dirs
@@ -0,0 +1 @@
+/usr/bin
--- php5-5.2.4.orig/debian/php5-cgi.prerm
+++ php5-5.2.4/debian/php5-cgi.prerm
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+set -e
+
+#DEBHELPER#
+
+if [ "$1" != "remove" -a "$1" != "purge" ]; then
+ exit 0
+fi
+
+update-alternatives --remove php-cgi /usr/bin/php5-cgi
+update-alternatives --remove php-cgi-bin /usr/lib/cgi-bin/php5
+
+exit 0
--- php5-5.2.4.orig/debian/php5-sybase.prerm
+++ php5-5.2.4/debian/php5-sybase.prerm
@@ -0,0 +1,12 @@
+#!/bin/sh
+set -e
+
+OLD_CONFFILE=/etc/php5/conf.d/sybase_ct.ini
+NEW_CONFFILE=/etc/php5/conf.d/mssql.ini
+if [ "$1" = "upgrade" ] && dpkg --compare-versions "$2" lt 5.2.3-2
+then
+ sed -e's/\(extension=[[:space:]]*\)mssql\.so/\1sybase_ct.so/' \
+ $NEW_CONFFILE > $OLD_CONFFILE
+fi
+
+#DEBHELPER#
--- php5-5.2.4.orig/debian/php5-common.php5.cron.d
+++ php5-5.2.4/debian/php5-common.php5.cron.d
@@ -0,0 +1,7 @@
+# /etc/cron.d/php5: crontab fragment for php5
+# This purges session files older than X, where X is defined in seconds
+# as the largest value of session.gc_maxlifetime from all your php.ini
+# files, or 24 minutes if not defined. See /usr/lib/php5/maxlifetime
+
+# Look for and purge old sessions every 30 minutes
+09,39 * * * * root [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm
--- php5-5.2.4.orig/debian/changelog
+++ php5-5.2.4/debian/changelog
@@ -0,0 +1,2880 @@
+php5 (5.2.4-2ubuntu5.4) hardy-proposed; urgency=low
+
+ * debian/rules:
+ - Use system tzdata.
+ * debian/patches/use_embedded_timezonedb.patch
+ - Patch taken from intrepid, allows us to default to using the system
+ provided timezone database insteam of the one bundled with PHP.
+ (LP: #279980)
+ * debian/patches/fix-xmlrpc-datetime.diff
+ - Patch taken from php CVS, prevents stack smashing when using xmlrpc and datetime.
+ (LP: #239513)
+
+ -- Chuck Short Wed, 22 Oct 2008 13:08:33 +0000
+
+php5 (5.2.4-2ubuntu5.3) hardy-security; urgency=low
+
+ [ Tormod Volden ]
+ * Backport security fixes from 5.2.6: (LP: #227464)
+ - debian/patches/SECURITY_CVE-2008-2050.patch
+ + Fixed possible stack buffer overflow in FastCGI SAPI
+ + Fixed sending of uninitialized paddings which may contain some
+ information
+ - debian/patches/SECURITY_CVE-2008-0599.patch
+ + Fixed security issue detailed in CVE-2008-0599
+ - debian/patches/SECURITY_CVE-2007-4850.patch
+ + Fixed a safe_mode bypass in cURL identified by Maksymilian
+ Arciemowicz
+ - debian/patches/security526-pcre_compile.patch:
+ + avoid stack overflow (fix from pcre 7.6)
+
+ [ Jamie Strandboge ]
+ * debian/patches/SECURITY_CVE-2008-2051.patch: properly address incomplete
+ multibyte chars inside escapeshellcmd() (thanks Tormod Volden)
+ * Add debian/patches/SECURITY_CVE-2007-5898.patch: don't accept partial utf8
+ sequences. Backported upstream fixes.
+ * Add debian/patches/SECURITY_CVE-2007-5899.patch: don't send session id to
+ remote forms. Backported upstream fixes.
+ * Add debian/patches/SECURITY_CVE-2008-2829.patch: unsafe usage of
+ deprecated imap functions (patch from Debian)
+ * Add debian/patches/SECURITY_CVE-2008-1384.patch: integer overflow in
+ printf() (patch from Debian)
+ * Add debian/patches/SECURITY_CVE-2008-2107+2108.patch: weak random number
+ seed. Backported upstream patches.
+ * Add debian/patches/SECURITY_CVE-2007-4782.patch: DoS via long string in
+ the fnmatch functions
+ * Add debian/patches/SECURITY_CVE-2008-2371.patch: buffer overflow.
+ Backported upstream patches.
+ * References
+ CVE-2008-2050
+ CVE-2008-2051
+ CVE-2008-0599
+ CVE-2007-4850
+ CVE-2007-5898
+ CVE-2007-5899
+ CVE-2008-2829
+ CVE-2008-1384
+ CVE-2008-2107
+ CVE-2008-2108
+ CVE-2007-4782
+ CVE-2008-2371
+
+ -- Jamie Strandboge Fri, 18 Jul 2008 11:50:38 -0400
+
+php5 (5.2.4-2ubuntu5.2) hardy-proposed; urgency=low
+
+ * debian/patches/119-sybase-alias.patch.
+ - Fixes missing sybase support. (LP: #240519)
+
+ -- Chuck Short Thu, 19 Jun 2008 13:51:19 -0400
+
+php5 (5.2.4-2ubuntu5.1) hardy-proposed; urgency=low
+
+ * debian/patches/043-recode_size_t.patch.
+ - Fix php-recode segfaulting on amd64. (LP: #219528).
+
+ -- Chuck Short Wed, 30 Apr 2008 13:37:19 -0400
+
+php5 (5.2.4-2ubuntu5) hardy; urgency=low
+
+ * fixes strtotime support for 64 bit timestamps (LP: #194318)
+ - Upstream: http://bugs.php.net/bug.php?id=44209
+ * Update tests to account for newly working timestamps
+ - Upstream: http://bugs.php.net/?id=44219
+
+ -- Dustin Kirkland Wed, 27 Feb 2008 13:00:18 -0500
+
+php5 (5.2.4-2ubuntu4) hardy; urgency=low
+
+ * No-change rebuild against libldap-2.4-2.
+
+ -- Steve Langasek Fri, 25 Jan 2008 14:19:57 +0000
+
+php5 (5.2.4-2ubuntu3) hardy; urgency=low
+
+ * Rebuild again, some build dependency still pulled in db4.5 last time.
+
+ -- Martin Pitt Fri, 04 Jan 2008 08:45:05 +0100
+
+php5 (5.2.4-2ubuntu2) hardy; urgency=low
+
+ * debian/patches/use-specific-libdb-version.patch: Support db4.6, too.
+ * debian/control: Build against db4.6.
+
+ -- Martin Pitt Thu, 03 Jan 2008 11:13:25 +0100
+
+php5 (5.2.4-2ubuntu1) hardy; urgency=low
+
+ * Merge from Debian unstable (LP: #176011). Remaining Ubuntu changes:
+ - debian/control, debian/rules: Disable a few build dependencies and
+ accompanying binary packages which we do not want to support in main:
+ + firebird2-dev/php5-interbase (we have a separate php-interbase source)
+ + libc-client-dev/php5-imap (we have a separate php-imap source)
+ + libmcrypt-dev/php5-mcrypt (separate php-mcrypt source)
+ - debian/rules: Correctly mangle PHP5_* macros for lpia
+ - debian/control: DebianMaintainerField
+ * Builds php5-gmp (LP: #176013)
+ * Fixes sybase_ct for MS SQL (LP: #21995)
+ * New Ubuntu changes:
+ - debian/rules: use 32M memory_limit for CLI and 16M for cgi/libapache
+ (LP: #148871)
+ - debian/control, debian/rules: Configure CLI with --with-libedit for
+ readline support again, now that the libedit issue is fixed.
+ Extended debian/patches/027-readline_is_editline.patch (LP: #124846)
+ - Force build against db4.4 (by ignoring db4.5 if it is installed),
+ debian/patches/use-specific-libdb-version.patch (LP: #165247)
+
+ -- dAniel hAhler Wed, 19 Dec 2007 10:48:04 +0100
+
+php5 (5.2.4-2) unstable; urgency=low
+
+ [ sean finney ]
+ * for posterity revised previous changelog to reference the CVE id's
+ of security issues resolved by the latest upstream release.
+ * lintian: use debian/compat instead of DH_COMPAT in debian/rules.
+ * lintian: use source:Version and binary:Version where appropriate,
+ instead of Source-Version
+ * lintian: remove a couple pieces of cruft in the changelog that were causing
+ false-postive wrong-bug-number-in-closes, but were generally useless
+ anyway.
+
+ [ Raphael Geissert ]
+ * Using test-results.txt as a target
+ * cronjob now checks for existance of /usr/lib/php5/maxlifetime (Closes: #439286)
+ * Fixed memory limit of 1232M in php.ini for cli (Closes: #440624)
+ * Build the interbase extension using firebird2.0-dev (Closes: #433736)
+ * Unapply patches with debian/rules clean
+
+ [ Steve Langasek ]
+ * Don't patch configure or php_config.h.in in suhosin.patch, as these are
+ auto-generated and including them in the patch results in a race
+ condition for the necessary build-time regeneration. Thanks to Daniel
+ Schepler for reporting, and to Damyan Ivanov for helping to sort out the
+ fix. Closes: #443637.
+ * Also remove the modified auto-generated files in the clean target,
+ which triggers a warning about disappearing files when building the
+ source package but avoids carrying irrelevant diffs to these files
+ in the Debian diff.
+ * Now that the testsuite is being run at build time, test failures cause
+ a bunch of junk files to be left around in the Debian diff. So clean up
+ several false-positive failures:
+ - 052-phpinfo_no_configure.patch: we're patching the output of phpinfo(),
+ so patch the test as well
+ - fix_broken_upstream_tests.patch: use a local directory for tests that
+ use sessions, skip the phpinfo test after all because it doesn't appear
+ to be compatible with current testsuite behavior, and disable the
+ moneyformat test if en_US locale is not available.
+ There are still several other failing tests, but these are not false
+ positives and remain enabled pending investigation.
+
+ -- sean finney Wed, 24 Oct 2007 21:51:14 +0200
+
+php5 (5.2.4-1) unstable; urgency=low
+
+ * New upstream release.
+ * Security issues resolved in the latest release:
+ - CVE-2007-2519 - Directory traversal vulnerability in PEAR
+
+
+ [ sean finney ]
+ * patch from Jan Wagner to be able to conditionally disable any
+ patches that break binary-compatibility with official php
+ binary-only extensions. see debian/rules for more information.
+ * now incorporate the php unit tests into the build process. for
+ those interested the output is stored in the file
+ /usr/share/doc/php5-common/test-results.txt .
+ * by default we now ship with enable_dl = Off, as there are some
+ fairly significant ramifications security-wise to having it on.
+ * we shipping with the suhosin patch enabled by default.
+ special thanks to Blars Blarson for providing a sparc machine for
+ testing purposes with 5.2.3 (closes: #397179).
+ * new binary package php5-gmp, with the newly enabled gmp extension,
+ since whatever reason for not doing so either never existed or no
+ no longer exists (closes: #344137). Build-Depends added for libgmp3-dev.
+
+ [ Steve Langasek ]
+ * php5-module.postinst: don't assume that the postinst is only relevant
+ when called with 'configure' as an argument, some future debhelper code
+ could apply in the case of other methods of invocation.
+ * Clean up build dependencies for recent library transitions:
+ - libsnmp-dev is now the real package name, and is supported as a virtual
+ package for backports.
+ - re-add firebird2-dev as an alternative to firebird1.5-dev, to support
+ backports.
+ - the curl -dev package name has changed from libcurl3-openssl-dev to
+ libcurl4-openssl-dev; update to the proper name, with libcurl-dev as
+ an alternative.
+ * Switch php5-sybase to use the mssql extension instead of the sybase_ct
+ extension. Closes: #418734, #329065.
+
+ -- sean finney Sun, 16 Sep 2007 14:46:06 +0200
+
+php5 (5.2.3-1ubuntu7) hardy; urgency=low
+
+ * Rebuild for libsnmp10 -> libsnmp15 transition.
+
+ -- Steve Kowalik Mon, 10 Dec 2007 20:33:11 +1100
+
+php5 (5.2.3-1ubuntu6) gutsy; urgency=low
+
+ * Trigger rebuild for hppa
+
+ -- LaMont Jones Thu, 04 Oct 2007 12:18:16 -0600
+
+php5 (5.2.3-1ubuntu5) gutsy; urgency=low
+
+ * debian/rules:
+ - Fix broken memory_limit mangling for php5-cli. (LP: #109079)
+ - Don't clean out debian/copyright. (iz soyuz bug..)
+ * debian/php5-cli.postinst, debian/rules:
+ - Use same php.ini-dist for all flavours. The only difference used to be
+ cli having a higher memory_limit value, but upstream has changed this to
+ 128MB, which is higher than both of the previous values.
+
+ -- Soren Hansen Mon, 03 Sep 2007 08:51:34 +0200
+
+php5 (5.2.3-1ubuntu4) gutsy; urgency=low
+
+ * debian/rules: Correctly mangle PHP5_* macros for lpia.
+
+ -- Matthias Klose Fri, 10 Aug 2007 08:20:08 +0000
+
+php5 (5.2.3-1ubuntu2) gutsy; urgency=low
+
+ * Rebuild for the libcurl transition mess.
+
+ -- Steve Kowalik Thu, 5 Jul 2007 00:12:51 +1000
+
+php5 (5.2.3-1ubuntu1) gutsy; urgency=low
+
+ * Merge from debian unstable, remaining changes:
+ - debian/changelog: Add some missing CVEs.
+ - debian/control: DebianMaintainerField
+ - debian/control, debian/rules: Disable a few build dependencies and
+ accompanying binary packages which we do not want to support in main:
+ + firebird2-dev/php5-interbase (we have a separate php-interbase source)
+ + libc-client-dev/php5-imap (we have a separate php-imap source)
+ + libmcrypt-dev/php5-mcrypt (separate php-mcrypt source)
+
+ -- Soren Hansen Mon, 11 Jun 2007 20:32:54 +0200
+
+php5 (5.2.3-1) unstable; urgency=low
+
+ * new upstream release.
+ * upstream has incorporated the last of the recent CVE fixes, so
+ the patches have been removed.
+ * change build dependencies for firebird2-dev -> firebird1.5-dev,
+ as the firebird maintainer has changed names in order to provide
+ more clarity since there's also a firebird2.0 now (closes: #427181).
+ * now include, but do not apply by default, the suhosin patch. see
+ NEWS.Debian for more information.
+
+ -- sean finney Mon, 04 Jun 2007 22:02:10 +0200
+
+php5 (5.2.2-2) unstable; urgency=low
+
+ [sean finney]
+ - build with --with-ldap-sasl and modify build-depends to include
+ libsasl2-dev in order to get the ldap_sasl_bind function (closes: #422490).
+ - the json extension is now on by default in php builds, so there's
+ no need for the php5-json package. added a Provides/Conflicts to
+ help set an upgrade path.
+ - apache 1.x support is soon disappearing. as a consequence we are
+ no longer building the libapache-mod-php5 module. the php5 metapackage
+ should as a result bring in libapache2-mod-php5 by default for those who
+ already have it installed.
+
+ -- sean finney Sun, 20 May 2007 21:59:56 +0200
+
+php5 (5.2.2-1ubuntu1) gutsy; urgency=low
+
+ * Merge to Debian unstable; remaining Ubuntu changes:
+ - debian/changelog: Add some missing CVEs.
+ - debian/control, debian/rules: Disable a few build dependencies and
+ accompanying binary packages which we do not want to support in main:
+ + apache-dev/libapache-mod-php5 (die, Apache 1, die!)
+ + firebird2-dev/php5-interbase (we have a separate php-interbase source)
+ + libc-client-dev/php5-imap (we have a separate php-imap source)
+ + libmcrypt-dev/php5-mcrypt (separate php-mcrypt source)
+ - Add missing libsqlite3-dev build dependency.
+
+ -- Martin Pitt Tue, 15 May 2007 16:15:43 +0200
+
+php5 (5.2.2-1) unstable; urgency=low
+
+ [ sean finney ]
+ * new upstream release (closes: #422405).
+ * /most/ of the previous CVE patches have been committed upstream, though:
+ - the patch for MOPB-41 was fixed in a different way and we'll be keeping
+ our fix for the time being.
+ - it doesn't seem like MOPB-45 has been fixed yet.
+ * remove build-dependency option on libmysqlclient12-dev, since the mysqli
+ option requires it, and 15 is in stable now anyway. thanks to
+ Henk van de kamer for finding this (closes: #422224).
+ * now includes requested fix for mysql row counts (closes: #418471).
+ * needle/haystack issues are reported fixed (closes: #399924).
+ * oh yeah, because we're using quilt now: (closes: #338315).
+ * update build-deps to libdb4.5-dev | libdb4.4-dev (closes: #421929).
+ note that the resulting php packages won't actually build against
+ libdb4.5 until all of our build-dependant packages do too.
+
+ -- sean finney Sat, 05 May 2007 19:56:30 +0200
+
+php5 (5.2.0-12) unstable; urgency=high
+
+ [ sean finney ]
+ * modify the build-depends to play more nicely when the net-snmp
+ maintainers decide to change their package names (closes: #421061).
+
+ -- sean finney Tue, 01 May 2007 14:24:01 +0200
+
+php5 (5.2.0-11) unstable; urgency=high
+
+ [ sean finney ]
+ * The following security issues are addressed with this update:
+ - CVE-2007-0910/MOPB-32 session_decode() Double Free Vulnerability
+ * note that this is an update to the previous version of the upstream
+ fix for CVE-2007-0910, which introduced a seperate exploit path.
+ - CVE-2007-1286/MOPB-04 unserialize() ZVAL Reference Counter Overflow
+ - CVE-2007-1380/MOPB-10 php_binary Session Deserialization Information Leak
+ - CVE-2007-1375/MOPB-14 substr_compare() Information Leak Vulnerability
+ - CVE-2007-1376/MOPB-15 shmop Functions Resource Verification Vulnerability
+ - CVE-2007-1453/MOPB-18 ext/filter HTML Tag Stripping Bypass Vulnerability
+ - CVE-2007-1453/MOPB-19 ext/filter Space Trimming Buffer Underflow Vuln.
+ - CVE-2007-1521/MOPB-22 session_regenerate_id() Double Free Vulnerability
+ - CVE-2007-1583/MOPB-26 mb_parse_str() register_globals Activation Vuln.
+ - CVE-2007-1700/MOPB-30 _SESSION unset() Vulnerability
+ - CVE-2007-1718/MOPB-34 mail() Header Injection
+ - CVE-2007-1777/MOPB-35 zip_entry_read() Integer Overflow Vulnerability
+ - CVE-2007-1887-1888/MOPB-41 sqlite_udf_decode_binary() Buffer Overflow
+ - CVE-2007-1824/MOPB-42 php_stream_filter_create() Off By One Vulnerablity
+ - CVE-2007-1889/MOPB-44 Memory Manager Signed Comparision Vulnerability
+ - CVE-2007-1900/MOPB-45 ext/filter Email Validation Vulnerability
+ * The other security issues resulting from the "Month of PHP bugs" either
+ did not affect the version of php5 shipped in unstable, or did not merit
+ a security update according to the established security policy for php
+ in debian. You are encouraged to verify that your configuration is not
+ affected by any of the other vulnerabilities by visiting:
+ http://www.php-security.org/
+ * other, less interesting changes:
+ - now use quilt for managing local patches.
+ - massage all of the patches, eliminating fuzz and offsets.
+
+ -- sean finney Mon, 23 Apr 2007 19:02:51 +0200
+
+php5 (5.2.0-10) unstable; urgency=high
+
+ [ sean finney ]
+ * The php security update contained a regression in the streams
+ module. this version contains an updated version of the patch
+ for CVE-2007-0906 (116-CVE-2007-0906_streams.patch), which should
+ fix the regression. Thanks to Martin Pitt for noticing this.
+ * Fix the patch names in the previous changelog entry, and fix a factual
+ inaccuracy that was accidentally pasted from the php4 changelog.
+ * The previous update was missing two fixes from CVE-2007-0906:
+ * interbase: (116-CVE-2007-0906_interbase.patch)
+ * zip: (116-CVE-2007-0906_zip.patch)
+
+ -- sean finney Wed, 07 Mar 2007 23:11:29 +0100
+
+php5 (5.2.0-9) unstable; urgency=high
+
+ [ sean finney ]
+ * The following security issues are addressed with this update:
+ - CVE-2007-0906: Multiple buffer overflows in various code:
+ * session (116-CVE-2007-0906_session.patch)
+ * imap (116-CVE-2007-0906_imap.patch)
+ * str_replace: (116-CVE-2007-0906_string.patch)
+ * the sqlite and mail related vulnerabilities in this CVE do not
+ affect the php5 source packages.
+ - CVE-2007-0907: sapi_header_op buffer underflow (116-CVE-2007-0907.patch)
+ - CVE-2007-0908: wddx information disclosure (116-CVE-2007-0908.patch)
+ - CVE-2007-0909: More buffer overflows:
+ * the odbc_result_all function (116-CVE-2007-0909_odbc.patch)
+ * various formatted print functions (116-CVE-2007-0909_print.patch)
+ - CVE-2007-0910: Clobbering of super-globals (116-CVE-2007-0910.patch)
+ - CVE-2007-0988: 64bit unserialize DoS (116-CVE-2007-0988.patch)
+ Closes: #410995.
+ * The package maintainers would like to thank Joe Orton from redhat and
+ Martin Pitt from ubuntu for their help in preparation of this update.
+ * backport upstream fix for AUTH PLAIN support in imap extension
+ Closes: #401712.
+
+ -- sean finney Sat, 03 Mar 2007 11:13:33 +0100
+
+php5 (5.2.0-8) unstable; urgency=high
+
+ [ sean finney ]
+ * Update package information to say simply "Apache 2" instead
+ of "Apache 2.0" (ref: #400306).
+ * Update package description for php-pear to mention needing
+ phpN-dev for building PECL extensions (closes: #401825).
+ * Add mention of Freetype fonts to php5-gd package description,
+ thanks to Ole Laursen for the suggestion (closes: #387881).
+ * Include a backported version of upstream's fix for
+ alignment calculatations which cause FTBFS problems for
+ some arches. Thanks to Roman Zippel for finding this (closes: #401129).
+ patch: 114-zend_alloc.c_m68k_alignment.patch
+ * Remove --enable-yp, as it's no longer used and seperately
+ packaged. Thanks to Martijn Grendelman for mentioning this
+ (closes: #402161).
+ * Add mention to README.Debian of needing to restart apache when
+ installing modules (closes: #392249).
+ * Don't strip the DSO modules if building with DEB_BUILD_OPTIONS
+ containing nostrip
+ * Backported a patch from upstream CVS to fix a rather nasty
+ memory leak in zend_alloc (closes: #402506).
+ patch: 115-zend_alloc.c_memleak.patch
+ * The memleak and FTBFS are targeted at etch, and there aren't
+ any other significant changes, so priority=high.
+
+ -- sean finney Sun, 17 Dec 2006 16:49:35 +0100
+
+php5 (5.2.0-7ubuntu2) feisty; urgency=low
+
+ * debian/control: Add missing build dependency libsqlite3-dev to fix FTBFS.
+
+ -- Martin Pitt Wed, 6 Dec 2006 16:27:03 +0100
+
+php5 (5.2.0-7ubuntu1) feisty; urgency=low
+
+ * Merge to Debian unstable; remaining Ubuntu changes:
+ - debian/control, debian/rules: Disable apache-dev build dependency and
+ remove libapache-mod-php5 package, since we do not support apache 1.3.
+ - debian/control: Build with db4.3, as long as our apache needs it.
+ - debian/changelog: Add some missing CVEs.
+ * debian/control:
+ - Remove firebird2-dev build dependency and php5-interbase package, since
+ we don't support Firebird and keep the separate php-interbase source.
+ - Remove libc-client-dev build dependency and php5-imap package, since
+ uw-imapd is in universe and we keep the separate php-imap source.
+ - Remove libmcrypt-dev build dependency and php5-mcrypt package, since
+ it is in universe and we keep the separate php-mcrypt source.
+ - libapr1-dev -> libapr0-dev, as long as we still have Apache 2.0.
+ * debian/rules: Disable above modules, and fix up dependency generation for
+ Apache 2.0 instead of 2.2.
+
+ -- Martin Pitt Wed, 6 Dec 2006 12:55:44 +0100
+
+php5 (5.2.0-7) unstable; urgency=high
+
+ [ Steve Langasek ]
+ * Also disable firebird in the PDO config for archs other than
+ i386/amd64.
+
+ -- sean finney Fri, 24 Nov 2006 15:20:53 +0100
+
+php5 (5.2.0-6) unstable; urgency=high
+
+ [ sean finney ]
+ * firebird2-dev (and thus php5-interbase) is only available on
+ i386/amd64, so update the control/rules information accordingly.
+ thanks to Bastian Blank for reporting this (closes: #399558).
+
+ -- sean finney Wed, 22 Nov 2006 19:04:04 +0100
+
+php5 (5.2.0-5) unstable; urgency=high
+
+ [ sean finney ]
+ * bring some of the mainline php4 modules back into the php source
+ package instead of distributing them in independant source packages:
+ - php5-imap
+ - php5-interbase
+ - php5-mcrypt
+ - php5-pspell
+ - php5-tidy
+ these modules are still provided in the same binary packages as
+ before, but will now be built in tandem with the core php packages.
+ * fix for pdo.so duplicate loading warnings, thanks to Jan Wagner
+ (closes: #398367, #399248).
+
+ -- sean finney Mon, 20 Nov 2006 12:41:37 +0100
+
+php5 (5.2.0-4) unstable; urgency=high
+
+ * Re-re-enable LFS support, forward-porting vorlon's fixes in
+ the php4 tree.
+ * Add a bit of support in upgrade scripts to avoid unnecessary
+ ucf prompting during upgrades (closes: #398363).
+ * Update build-dependencies to reflect that libpcre3-dev >= 6.6
+ is required. Thanks to Jan Wagner for pointing this out.
+ * loosen dependencys for libapache2-mod-php5 to allow usage with
+ apache2-mpm-itk as an alternative to prefork.
+ Closes: #398580, #398481.
+
+ -- sean finney Wed, 15 Nov 2006 08:33:28 +0100
+
+php5 (5.2.0-3) unstable; urgency=high
+
+ * Unify PHP options for pear binaries to:
+ -d output_buffering=1 -d open_basedir="" -d safe_mode=0 -d memory_limit="-1"
+ (Closes: #397625)
+ * [debian/rules]: Enable PDO building only in apache2 build.
+
+ -- Ondřej Surý Fri, 10 Nov 2006 14:09:00 +0100
+
+php5 (5.2.0-2) unstable; urgency=high
+
+ [ Ondřej Surý ]
+ * Revert Large File Support for this moment. We will try to found
+ root of the problem for etch, but we do not promise anything.
+ (Closes: #397465)
+
+ -- Ondřej Surý Wed, 8 Nov 2006 01:13:48 +0100
+
+php5 (5.2.0-1) unstable; urgency=high
+
+ [ sean finney ]
+ * new upstream release. since this means the 5.1 series is deadware
+ in the eyes of its developers, we better get on this train before
+ it's too late. Note: this also fixes the htmlentities() exploit.
+ Reference: CVE-2006-5465.
+ Closes: #396766.
+ * s/postinst/postrm/ on one critical line in debian/rules. whoops.
+ Thanks to Bart Martens for finding this (closes: #396873).
+ * as a pennance i've enabled LFS support (closes: #359686).
+ * new version now includes all mbstring headers (closes: #391368).
+ * enable new built-in zip support.
+ * enable pdo support for currently supported db types, and place the
+ extensions in the respective extension packages. future db
+ types will be added, but probably post-etch as they will probably
+ introduce new packages/dependencies (closes: #348882).
+ * move the mysqli module into the mysql module's package, and remove
+ the no longer necessary mysqli package.
+ * massaging/removal of various patches to upstream changes:
+ D patches/106-strptime_xopen.patch
+ D patches/110-CVE-2006-4812_zend_alloc.patch
+ M patches/006-debian_quirks.patch
+ D patches/111-mbstring-headers.patch
+ M patches/053-extension_api.patch
+
+ [ Ondřej Surý ]
+ * Package checked, upload to unstable.
+
+ -- Ondřej Surý Tue, 7 Nov 2006 09:26:51 +0100
+
+php5 (5.1.6-6) unstable; urgency=high
+
+ [ sean finney ]
+ * add notes to php.ini(-dist) about "unsupported" security features.
+ patch: 113-php.ini_securitynotes.patch
+
+ [ Ondřej Surý ]
+ * SECURITY: include patch for html buffer overflows in ext/standard/html.c
+ Reference: CVE-2006-5465
+ Patch: 114-CVE-2006-5465_htmlentities.patch
+ Closes: #396766
+
+ -- Ondřej Surý Fri, 3 Nov 2006 12:32:50 +0100
+
+php5 (5.1.6-5) unstable; urgency=high
+
+ [sean finney]
+ * add a README.Debian.security to clarify how we handle/respond
+ to security problems in stable releases.
+ * SECURITY: include patch for integer overflow in zend_alloc.c.
+ Reference: CVE-2006-04812 (closes: #391586).
+ patch: 110-CVE-2006-4812_zend_alloc.patch
+ * bump the debhelper compatibility level to 4.
+ * remove cyclic depends for mysql/mysqli.
+ * the long overdue rework of configuration file handling. this also
+ removes the need for debconf and template translations
+ (closes: #361211, #393788, #388697).
+ * start using ucf to manage the the various SAPI php.ini files.
+ * cleanup and consolidation of a few things in the ./debian dir
+ * bump the memory limit to 32M for the cli API (closes: #375070, #340586).
+ * include a fix for missing mbstring headers reported by Jan Wagner
+ (closes: #391368).
+ patch: 111-mbstring-headers.patch.
+ * include support for PTY's in proc_open, as reported by Eike Dehling.
+ according to php's BTS (http://bugs.php.net/bug.php?id=39224) the
+ feature was disabled only because the configure script couldn't
+ accurately determine whether the feature was available, and we know
+ it is :) (closes: #381438).
+ patch: 112-proc_open.patch.
+ * update standards-version to 3.7.2
+
+ -- sean finney Sat, 28 Oct 2006 14:29:44 +0200
+
+php5 (5.1.6-4) unstable; urgency=high
+
+ [sean finney]
+ * no longer build against GPL'd gdbm library (closes: #390452).
+ * updated apache2 module dependencies to build against and coexist
+ with apache2.2 (closes: #390455).
+
+ -- sean finney Sat, 07 Oct 2006 12:06:09 +0200
+
+php5 (5.1.6-3) unstable; urgency=low
+
+ [ sean finney ]
+ * php5 was building against db4.3 even though db4.4 headers were
+ installed. fix applied to ./ext/dba/config.m4 while we wait
+ for a real fix from upstream (closes: #388601).
+
+ -- sean finney Mon, 02 Oct 2006 17:42:50 +0200
+
+php5 (5.1.6-2) unstable; urgency=low
+
+ [ sean finney ]
+ * enable the mysqli extension (closes: #320835).
+
+ -- sean finney Tue, 19 Sep 2006 19:31:27 +0200
+
+php5 (5.1.6-1ubuntu3) feisty; urgency=low
+
+ * Rebuild for ldbl128 change on powerpc and sparc.
+
+ -- Matthias Klose Thu, 2 Nov 2006 10:00:32 +0000
+
+php5 (5.1.6-1ubuntu2) edgy; urgency=low
+
+ * SECURITY UPDATE: Safe mode bypass, remote arbitrary code execution.
+ * Fix/add CVE numbers in/to 5.1.4-0.1 and 5.1.6-1 changelogs.
+ * Add debian/patches/CVE-2006-4625.patch:
+ - Fix open_basedir/safe_mode bypass with ini_restore().
+ - Ported from upstream CVS:
+ http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_ini.c?r1=1.39.2.2&r2=1.39.2.3
+ * Add debian/patches/CVE-2006-4812.patch:
+ - Fix integer overflow in Zend's ecalloc().
+ - Ported from upstream CVS:
+ http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_alloc.c?r1=1.161&r2=1.162
+
+ -- Martin Pitt Tue, 10 Oct 2006 18:25:01 +0200
+
+php5 (5.1.6-1ubuntu1) edgy; urgency=low
+
+ * Merge from Debian unstable, bringing in a myriad of security fixes.
+ * Revert libdb4.3->libdb4.4 migration until we're ready to do this.
+
+ -- Adam Conrad Wed, 13 Sep 2006 23:11:09 +1000
+
+php5 (5.1.6-1) unstable; urgency=high
+
+ [ Adam Conrad ]
+ * Drop 041-shut_up_snmp.patch, which was no longer needed as of 5.1.0.
+
+ [ Ondřej Surý ]
+ * Acknowledge NMU.
+ * New upstream release (Closes: #383596)
+ - Added missing safe_mode/open_basedir checks inside the error_log(),
+ file_exists(), imap_open() and imap_reopen() functions.
+ - Fixed overflows inside str_repeat() and wordwrap() functions on 64bit
+ systems.
+ - Fixed possible open_basedir/safe_mode bypass in cURL extension and
+ with realpath cache. (CVE-2006-2563) (Closes: #370165)
+ - Fixed overflow in GD extension on invalid GIF images.
+ - Fixed a buffer overflow inside sscanf() function. (CVE-2006-4020)
+ (Closes: #382256)
+ - Fixed an out of bounds read inside stripos() function.
+ - Fixed memory_limit restriction on 64 bit system (really with 5.1.6).
+ * Bump libdb build-dep from libdb4.3 to libdb4.4, to match with apache.
+
+ -- Ondřej Surý Sat, 19 Aug 2006 14:41:43 +0200
+
+php5 (5.1.4-0.1ubuntu1) edgy; urgency=low
+
+ * Merge from debian unstable.
+
+ -- Fabio M. Di Nitto Wed, 12 Jul 2006 17:06:38 +0200
+
+php5 (5.1.4-0.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * New upstream release. (Closes: #366109)
+ * Fixes information leak in html_entity_decode() (CVE-2006-1490).
+ (Closes: #359907)
+ * Fixes phpinfo() XSS (CVE-2006-0996). (Closes: #361914)
+ * Fixes copy() safe mode bypass (CVE-2006-1608). (Closes: #361915)
+ * Fixes tempnam() open_basedir bypass (CVE-2006-1494). (Closes: #361916)
+ * Fixes wordwrap() buffer overflow (CVE-2006-1990). (Closes: #365312)
+ * Fixes substr_compare() DoS condition (CVE-2006-1991).
+ * Fixes crash during too deep recursion (CVE-2006-1549). (Closes: #361917)
+ * Fixes injection in mb_send_mail() (CVE-2006-1014, CVE-2006-1015); not
+ mentioned in upstream changelog. (Closes: #368595)
+ * 044-strtod_arm_fix.patch: Adapted for new upstream; pulled in from
+ Piotr Roszatycki's packages.
+ * 108-64bit_datetime.patch: Patch to fix possible segfault on systems where
+ sizeof(void*) > sizeof(int); patch from David Mosberger-Tang.
+
+ -- Steinar H. Gunderson Tue, 13 Jun 2006 22:38:33 +0200
+
+php5 (5.1.2-1ubuntu3) dapper; urgency=low
+
+ * Enable the mysqli extension, which is required for full functionality
+ of the ubuntu-server LAMP stack for dapper (launchpad.net/27904)
+ * Make php5-{mysql,mysqli} depend on each other to ease the pain of the
+ planned transition for Etch/Edgy where both will be packaged together.
+ * Comment out the EXTRA_VERSION hack, since it served its purpose when
+ we were providing CVS snapshots, but is now just a cause of complaints.
+
+ -- Adam Conrad Thu, 18 May 2006 12:12:27 +1000
+
+php5 (5.1.2-1ubuntu2) dapper; urgency=low
+
+ * Rebuild against the new libmysqlclient15off with correct symbols.
+
+ -- Adam Conrad Thu, 6 Apr 2006 12:48:51 +1000
+
+php5 (5.1.2-1ubuntu1) dapper; urgency=low
+
+ * Resynchronise with Debian, bringing in security fixes and PEAR fix.
+
+ -- Adam Conrad Wed, 18 Jan 2006 18:09:55 +1100
+
+php5 (5.1.2-1) unstable; urgency=low
+
+ * New upstream bugfix and security update release (closes: #347894)
+ - Fixes multiple cross-site-scripting vulnerabilities; CVE-2006-0208
+ - Resolves multiple HTTP response splitting vulnerabilities, allowing
+ arbitrary header injection via Set-Cookie headers; see CVE-2006-0207
+ - While we don't currently build it, this release also fixes a format
+ string vulnerability in the mysqli extension; see CVE-2006-0200
+ - Includes a new version of the PEAR installer that seems to have a
+ slightly better clue about the difference between INSTALL_ROOT and
+ PHP_PEAR_INSTALL_DIR, fixing pear.conf (closes: #346479, #346501)
+ * While the above is partially true, the PEAR installer is still a bit
+ broken (it won't install correctly under fakeroot anymore, YAY), so
+ shuffle debian/rules to have a build-pear-stamp target, as a stopgap.
+ * Add 106-strptime_xopen.patch, moving the _XOPEN_SOURCE definition down
+ in ext/standard/datetime.c, below the php.h include (closes: #346550)
+ * Add 107-reflection_is_ext.patch, munging ext/reflection/config.m4 to
+ properly call the PHP_ARG_ENABLE macro for an extension, not built-in.
+ * Stop php-pear from Replacing and Conflicting with php-html-template-it,
+ as we only now ship the bare essential to make the pear installer go.
+
+ -- Adam Conrad Mon, 16 Jan 2006 16:12:31 +1100
+
+php5 (5.1.1-1ubuntu1) dapper; urgency=low
+
+ * Resynchronise with Debian, bringing in a myriad of security fixes.
+
+ -- Adam Conrad Sun, 8 Jan 2006 02:07:20 +1100
+
+php5 (5.1.1-1) unstable; urgency=low
+
+ * New upstream bugfix release, skipping the problematic 5.1.0 release:
+ - Fixes a zend.ze1_compatibility_mode segfault (closes: #333374)
+ - Remove libtool patch from acinclude.m4, now integrated upstream.
+ - Remove 038-round_test_fix.patch, now integrated upstream.
+ - Remove 049-exported-headers.patch, as upstream's build system has
+ gotten more clever about what they should and shouldn't export.
+ - Remove 054-open_basedir_slash.patch, now integrated upstream.
+ - Remove 055-gd_safe_mode_checks.patch, fixed differently upstream.
+ - Mangle 101-sqlite_is_shared.patch, to deal with upstream changes.
+ - Remove 104-64_bit_serialize.patch, now integrated upstream.
+ - Remove 105-64_bit_imagettftext.patch, now integrated upstream.
+ * Many security vulnerabilities fixed (closes: #341368, #336005, #336654):
+ - Resolves a local denial of service in the apache2 SAPI, which can
+ be triggered by using session.save_path in .htaccess; CVE-2005-3319
+ - Resolves an infinite loop in the exif_read_data function which can
+ be triggered with a specially-crafted JPEG image; CVE-2005-3353
+ - Resolves a vulnerability in the parse_str function whereby a remote
+ attacker can fool PHP into turning on register_globals, thus making
+ applications vulnerable to global variable injections; CVE-2005-3389
+ - Resolves a vulnerability in the RFC1867 file upload feature where, if
+ register_globals is enabled, a remote attacker can modify the GLOBALS
+ array with a multipart/form-data POST request; see CVE-2005-3390
+ - Resolves numerous safe_mode and open_basedir bypasses; CVE-2005-3391
+ - Resolves INI settings leaks in the apache2 SAPI, leading to safe_mode
+ and open_basedir bypasses between virtual hosts; CVE-2005-3392
+ - Resolves a CRLF injection vulnerability in the mb_send_mail function,
+ allowing injection of arbitrary mail headers; see CVE-2005-3883
+ - Includes PEAR 1.4.5, resolving a vulnerability in the pear installer
+ which could lead to arbitrary code execution; see CVE-2005-4154
+ * Bump libdb build-dep from libdb4.2 to libdb4.3, to match with apache.
+ * Bump our MySQL build-dep to 5.0's libmysqlclient15-dev (closes: #343793)
+ * Automate the process of getting the list of built-in modules into the
+ package descriptions, so it stays fresh in the future (closes: #341867)
+ * Intentionally disable PDO support until I've sorted out the best way to
+ deal with shipping this shiny new feature that won't break the world.
+ * The new PEAR happens to fix the Command.php greedy match bug filed in
+ Debian as part of the fix for the wider security issue (closes: #334969)
+ * Create 056-mime_magic_strings.patch, making the mime_magic extension
+ more liberal about what mime-types is accepts, as well as making it skip
+ over ones it dislikes, rather than disabling itself (closes: #335674)
+ * Add 057-no_apache_installed.patch, to stop spewing a mess of errors in
+ configure because we don't have the apache binaries in the build chroot.
+ * Fix small typo in the php5-xsl package description (closes: #344816)
+
+ -- Adam Conrad Thu, 15 Dec 2005 14:46:56 +1100
+
+php5 (5.0.5-3) unstable; urgency=low
+
+ * Build-Depend on libcurl3-openssl-dev, since libcurl3-dev is going away
+ soon. Keep libcurl3-dev as an alternate for backporting (see: #334367)
+ * Switch from libmysqlclient12 to libmysqlclient14; this puts us on the
+ *other* side of the line regarding which combinations of DSOs cause
+ segfaults, so hopefully the others catch up with us soon (closes: #332453)
+ * Look for magic.mime in /usr/share/file now instead of /usr/share/misc/file,
+ as the path has been changed to comply with the FHS (see: #334510)
+ * Make the above backportable as well, by searching for both files, and
+ picking the one that's currently installed on the user's system.
+ * Include swedish debconf translation from Daniel Nylander (closes: #330763)
+ * Make pear use '/usr/bin/php' instead of just 'php' to make sure we don't
+ get some random binary on $PATH that won't work right (closes: #329415)
+ * Set PHP_PEAR_SIG_BIN to /usr/bin/gpg, and have php-pear Recommends: gnupg
+
+ -- Adam Conrad Fri, 21 Oct 2005 02:30:19 +1000
+
+php5 (5.0.5-2ubuntu1) breezy; urgency=low
+
+ * Resync with Debian, bringing in two security fixes, a file conflict fix,
+ and two 64-bit memory corruption and segfault fixes (no other changes).
+
+ -- Adam Conrad Sun, 9 Oct 2005 03:14:32 +1000
+
+php5 (5.0.5-2) unstable; urgency=medium
+
+ * Remove Andres Salomon from the Uploaders field, at his request. Thanks
+ for all your work on the PHP packages, Andres, now fix our kernel bugs.
+ * Add 054-open_basedir_slash.patch, which fixes a bug where if open_basedir
+ is set to "/foo/", users can access files in "/foobar/", which is not the
+ documented behaviour; this addresses CAN-2005-3054 (see: #323585)
+ * Add 104-64_bit_serialize.patch from Joe Orton, resolving a segfault when
+ serializing objects on all 64-bit architectures (closes: #329768)
+ * Add 105-64_bit_imagettftext.patch, fixing a type mismatch in the GD
+ extension, causing memory corruption on 64-bit arches (closes: #331001)
+ * Add 055-gd_safe_mode_checks.patch from PHP CVS, adding missing safe_mode
+ checks to the _php_image_output and _php_image_output_ctx GD functions.
+ * Make php-pear Provide, Replace, and Conflict php-html-template-it, which
+ we appear to have absorbed into the main PEAR packaging (closes: #332393)
+
+ -- Adam Conrad Tue, 27 Sep 2005 16:09:29 +1000
+
+php5 (5.0.5-1ubuntu1) breezy; urgency=low
+
+ * Resync with Debian, lowering libsnmp-dev build-dep to libsnmp5-dev.
+ * This new upstream includes a fixed XML_RPC class in php-pear, which
+ addresses CAN-2005-2498 and closes Ubuntu bug #13701.
+
+ -- Adam Conrad Tue, 13 Sep 2005 14:52:10 +1000
+
+php5 (5.0.5-1) unstable; urgency=low
+
+ * New upstream release, adjust patch offsets and fuzz, and drop patches:
+ - Drop 009-snmp-int-sizes.patch, finally fixed upstream.
+ - Drop 051-gcc-4.0.patch, fixed differently upstream.
+ - Drop 102-php_streams.patch, fixed upstream.
+ - Drop 103-catch_segv.patch, also fixed upstream.
+ - Includes PEAR XML_RPC fix for CAN-2005-2498.
+ - Includes phpinfo() XSS fix for CVE-2005-3388.
+ * Distribute the shiny new manpages for php-config and phpize.
+
+ -- Adam Conrad Mon, 12 Sep 2005 02:29:24 +1000
+
+php5 (5.0.4-4) unstable; urgency=low
+
+ * Ondřej Surý :
+ - Add patch from CVS to fix regression in PHP 5.0.4, where file related
+ functions all stop reading at 2,000,000 bytes (closes: #321930)
+ * Adam Conrad :
+ - Enable support for gdbm files in the dba handler; half the base system
+ already appears to depend on libgdm, so we can't make things worse.
+ - Add another patch from CVS to fix a segfault in the catch/throw
+ handler under interesting nesting cases (closes: #322507)
+ - Rebuild against libsnmp9-dev for new libsnmp SOVER (closes: #327107)
+
+ -- Adam Conrad Thu, 8 Sep 2005 00:36:36 +1000
+
+php5 (5.0.4-3ubuntu1) breezy; urgency=low
+
+ * Resync with Debian, bringing in important changes to php5-dev and the
+ dependency relationships between php5 SAPIs and php5 extensions, as
+ well as making sure that php5 is backportable to hoary without changes.
+
+ -- Adam Conrad Mon, 1 Aug 2005 09:54:24 +1000
+
+php5 (5.0.4-3) unstable; urgency=low
+
+ * And fix the module/extension API situation one last time, this time
+ we read ZEND_EXTENSION_API_NO, ZEND_MODULE_API_NO, and PHP_API_VERSION,
+ pick the most recent of the three, assume things broke in ways we're
+ not willing to cope with, and both change the extension directory to
+ use that value, as well as setting it to the provides/depends for the
+ various SAPI and extension packages.
+ * Add a new option to php-config, 'php-config --phpapi', which extension
+ packagers should now be using to get the current phpapi they're building
+ against and set their dependencies accordingly.
+ * Strip the -gnu off the end of the DEB_*_* variables and drop the
+ versioned dpkg-dev build-dep to ease backporting to sarge and hoary;
+ doing so in such a way as to still allow for easy cross-compiling.
+ * Add postgresql-dev build-dep alternate for easy hoary/sarge backports.
+ * Make libapache2-mod-php5 the default alternate dependency for the php5
+ metapackage, since we really do want to encourage the apache upgrade.
+ * Make php5-dev stop shipping copies of files from autotools-dev, shtool,
+ and libtool, and instead symlink to them and depend on those packages,
+ thus avoiding the shtool issues from CAN-2005-1751 and CAN-2005-1759.
+
+ -- Adam Conrad Sun, 31 Jul 2005 03:05:08 +1000
+
+php5 (5.0.4-2) unstable; urgency=low
+
+ * We now have a mailing list. Set the maintainer to the list, and move
+ myself to Uploaders where, apparently, I belong.
+ * Use ZEND_MODULE_API_NO rather than PHP_API_VERSION for extension deps,
+ as recent upstream ABI breakage in 4.4.0 leads me to believe this is
+ the only constant they actually bother to update on ABI changes.
+ * Bring back some concflicts that went missing (libapache-mod-php5 needs
+ to conflict with libapache-mod-php4 and older versions of php4, while
+ the two libapache2-mod-php[45] modules also need to conflict).
+ * Adjust debian/watch to not match on upstream's alpha/beta/rc releases.
+
+ -- Adam Conrad Wed, 27 Jul 2005 22:30:42 +1000
+
+php5 (5.0.4-1ubuntu2) breezy; urgency=low
+
+ * libapache2-mod-php5 needs to conflict with libapache2-mod-php4 to
+ prevent people from shooting their own feet and breaking apache2.
+
+ -- Adam Conrad Wed, 27 Jul 2005 22:29:14 +1000
+
+php5 (5.0.4-1ubuntu1) breezy; urgency=low
+
+ * Upload to breezy, disabling the libapache-mod-php5 build.
+
+ -- Adam Conrad Wed, 27 Jul 2005 02:22:23 +1000
+
+php5 (5.0.4-1) unstable; urgency=low
+
+ * Initial PHP5 release; packaging forked from php4 4:4.3.11-1.
+ - Closes: #262977, #293832
+ * Ondrej Sury :
+ - Removed some obsolete cruft, since there wasn't any previous php5
+ packages there is no need, to check /usr/share/doc/*, etc.
+ - Removed apache2 IfModule hack, it's been fixed in php5.
+ - Updated patches to php5, removing those which are obsolete.
+ - Changes xslt extension to xsl (using libxslt).
+ - Updated debian/* including changelog.
+ - Raised update-alternatives priority to 50.
+ * Adam Conrad :
+ - Merged with php4 4:4.4.0-1 packaging.
+ - Re-roll upstream tarball to include PEAR::XML_RPC 1.3.3, which
+ includes a security fix for CVE CAN-2005-1921.
+ - Bump to Standards-Version 3.6.2, with no source changes.
+ - Stop distributing the phpextdist binary, as upstream has stopped.
+ - Drop the ext_skel binary and skeleton dir from php5-dev, as it has
+ been deemed obsolete upstream and the version in the tarball is not
+ considered useful anymore. PEAR::PECL_Gen upstream will replace it.
+ - Fix longstanding broken shebang lines in debconf config scripts.
+ - Remove lintian overrides for modules; lintian no longer complains
+ about missing shlibs for libraries outside the linker path.
+ - Add a linda override for the non-standard directory permissions on
+ /var/lib/php5 in php5-common.
+ - Rename php5-pear to php-pear, have it replace php4-pear, and depend
+ on php5-cli OR php4-cli; make sure it works with both.
+ - Compile in SOAP extension (closes: #307580)
+ - Enable SQLite extension as shared, make the xmlrpc extension shared.
+ - Enabled the pgsql extension, and disabled the imap extension (which
+ will be moving to another source package and become the example
+ package for out-of-tree builds).
+
+ -- Adam Conrad Sat, 16 Jul 2005 23:42:36 +1000
+
+php4 (4:4.3.11-1) unstable; urgency=low
+
+ * New upstream release (closes: #304052)
+ - Drop CVS patches, we're back in step with upstream versions.
+ - Remove 048-x509_multiple_orgUnits.patch, incorporated in 4.3.11.
+ - Remove 050-4.3.11_file_copy_fix.patch, incorporated in 4.3.11.
+ - Remove 040-curl_open_basedir.patch, as upstream has solved this
+ in a different fashion.
+ - Adjust patches for offset and fuzz.
+ - Remove bits from debian/rules dealing with the DB PEAR extension,
+ since it's no longer shipped in the php4-pear package.
+ * Rebuild against newer version of freetds library (closes: #317369)
+ * Add 052-phpinfo_no_configure.patch, which disables the display of our
+ "Configure Command" in phpinfo(), which was the source of many bogus
+ bug reports over the years, due to people misinterpreting its meaning.
+ * New translations to Vietnamese and Russian (closes: #316821, #310199)
+ - vi.po contributed by Clytie Siddall
+ - ru.po contributed by Yuriy Talakan'
+ * Mention FastCGI in the description of php4-cgi (closes: #310810)
+
+ -- Adam Conrad Mon, 4 Jul 2005 17:47:32 +1000
+
+php4 (4:4.3.10-15) unstable; urgency=low
+
+ * Bring back the shipping of /usr/share/doc symlinks in our packages,
+ as this, in concert with moving the migration detection from preinst
+ to postinst (which was done in the last upload), seems to give us the
+ sanest upgrade path. Thanks to Steve Langasek for smacking me around
+ with unpack/upgrade scenarios for a while to convince me of this.
+
+ -- Adam Conrad Mon, 9 May 2005 02:13:19 -0600
+
+php4 (4:4.3.10-14) unstable; urgency=high
+
+ * Revert the directory->symlink magic to work how it used to, since the
+ new behaviour broke hideously on upgrades from Woody, causing certain
+ files (like the changelog) to mysteriously go missing (closes: #307591)
+ * Move our template php.ini to /usr/share/php4, so we stop violating
+ policy by using files from /usr/share/doc (as seen in #307591)
+ * Remove 'readline' from the php4-cli package description, since we don't
+ actually build with readline support enabled anymore (closes: #306571)
+
+ -- Adam Conrad Wed, 4 May 2005 01:48:19 -0600
+
+php4 (4:4.3.10-13) unstable; urgency=low
+
+ * Update email address for Andres Salomon
+ * Add Portuguese translation from Miguel Figueiredo (closes: #305038)
+ * Include 051-gcc-4.0.patch, which resolves a build failure in
+ libxmlrpc (from the xmlrpc extension) with gcc-4.0 (closes: #287956)
+
+ -- Adam Conrad Mon, 18 Apr 2005 00:29:54 -0600
+
+php4 (4:4.3.10-12) unstable; urgency=low
+
+ * Add 050-4.3.11_file_copy_fix.patch, which reverts a broken 'fix'
+ made to the copy() function, causing it to fail in particularly
+ spectacular ways when used on remote files (closes: #304601)
+ * Use -g instead of -gstabs on powerpc64-linux (closes: #301571)
+
+ -- Adam Conrad Thu, 14 Apr 2005 03:53:27 -0600
+
+php4 (4:4.3.10-11) unstable; urgency=medium
+
+ * Address an FTBFS waiting to happen in the php4-dev package:
+ - Remove Win32 and Netware specific headers.
+ - Stop shipping php4-pgsql headers.
+ - Stop shipping the expat headers, since we don't even
+ use the bundled expat library.
+ - Make php4-dev depend on libssl-dev, since it wants to include
+ ssl.h when you use it to build network-using extensions.
+ * Stop building extensions twice; we don't need two copies.
+
+ -- Adam Conrad Tue, 12 Apr 2005 03:14:03 -0600
+
+php4 (4:4.3.10-10) unstable; urgency=low
+
+ * Update to 200503131325 CVS (AKA: 4.3.11RC1), fixing several bugs
+ including a segfault in mysql_fetch_field() (closes: #299608)
+ * Remove 042-remove_windows_paths.patch, incorporated upstream.
+ * Add 048-x509_multiple_orgUnits.patch to bring the openssl extension
+ in line with the upcoming 4.3.11 behaviour of listing multiple
+ Organisational Units in an x509 cert as an array, rather than only
+ listing the last in the list.
+ * After much talk with upstream, revert the ZTS changes. We are no
+ longer building a thread-safe PHP. (closes: #299820, #297223, #297679)
+ * ZTS was breaking file search paths, leading to errors loading files
+ from the cwd (closes: #298282, #298518, #299089, #299356)
+ * Stop building caudium-php4 (closes: #294718, #297702, #295100)
+ - We can't link against the GPL pike7.2, which we've been doing. Oops.
+ - Even if the above weren't true, upstream has insisted that ZTS is a
+ horribly broken solution, slated for eventual removal, and should
+ never, ever be used. In light of that, caudium users should instead
+ use php4-cgi, either as a plain CGI, or as a FastCGI backend.
+ - Not even attempting to provide an upgrade path, as it would be
+ needlessly complex, and caudium-php4 in previous stable releases
+ was nothing more than a useless toy, given that it had nearly no
+ useful extensions built-in or supported.
+ * Rewrite 041-shut_up_snmp.patch to take a different approach, this time
+ regrettably reverting a fix for a memory leak, in the name of making
+ things work properly, including squashing the putenv() intecaction
+ bug between PHP and other apache modules (closes: #298511, #300628)
+ * On sidegrades from distributions where different modules may be built
+ from their own source, and thus have their own doc directories, bad
+ things happen when we try to replace those with symlinks, so now we
+ check for this in preinst, and fix stuff up magically to Just Work.
+ * Add Jeroen van Wolffelaar to Uploaders.
+ * Fix up modules regexes to use "\.so" instead of ".so" (cf: #300998)
+
+ -- Adam Conrad Wed, 16 Mar 2005 22:46:05 -0700
+
+php4 (4:4.3.10-9) unstable; urgency=low
+
+ * Update 040-curl_open_basedir.patch once more to make sure it doesn't
+ segfault when fed a null or uninitialised URL (closes: #295447)
+ * Add 047-zts_with_dl.patch, courtesy of Steve Langasek to re-enable the
+ dl() function in our builds, despite upstream's claim that it "might
+ not be threadsafe on all platforms"; it is on ours (closes: #297839)
+ * Make the php4-dev binaries versioned with alternatives (closes: #295903)
+ * Update build-deps to libmysqlclient12-dev (closes: #290989, #227549)
+
+ -- Adam Conrad Sun, 6 Mar 2005 07:30:35 -0700
+
+php4 (4:4.3.10-8) unstable; urgency=high
+
+ * Add 046-zend_plist_buggery.patch which unrolls the changes made to
+ zend.c in CVS post-4.3.10. The memory leaks fixed by these changes
+ seem to not have been hurting us terribly so far, while the "fix"
+ (breaking persistent lists) was, uhm, bad (closes: #295998, #296694)
+ * Revise 041-shut_up_snmp.patch to call init_snmp with 'snmpapp' as the
+ appname, rather than 'php', to maintain backward compatibility, and to
+ wrap our setenv/unsetenv magic only around snmp_shutdown, which seems to
+ solve a segfault when php4-snmp is loaded with mod_perl (closes: #296282)
+ * Fix 042-remove_windows_paths.patch to catch both cases where windows
+ path stripping should occur (closes: #296406)
+
+ -- Adam Conrad Tue, 22 Feb 2005 07:49:32 -0700
+
+php4 (4:4.3.10-7) unstable; urgency=high
+
+ * Rewrite 040-curl_open_basedir.patch, so it now does what it's supposed
+ to (addressing CAN-2004-1392) and no longer segfaults (closes: #295447)
+
+ -- Adam Conrad Thu, 17 Feb 2005 00:06:36 -0700
+
+php4 (4:4.3.10-6) unstable; urgency=high
+
+ * Add 044-strtod_arm_fix.patch to fix the FPU confusion FTBFS on arm.
+ * Add 045-exif_nesting_level.patch to bump the exif header parsing max
+ nesting level to something that actually works with most JPEG images.
+
+ -- Adam Conrad Mon, 14 Feb 2005 16:04:28 -0700
+
+php4 (4:4.3.10-5) unstable; urgency=low
+
+ * Add 043-recode_size_t.patch to fix 32/64-bit issues causing the recode
+ extension to segfault on alpha/amd64/ia64 (closes: #294986)
+ * Move the ./buildconf stuff in the unpatch target inside the test
+ for patch-stamp, as it's uselss unless we're unpatching.
+
+ -- Adam Conrad Sun, 13 Feb 2005 19:09:39 -0700
+
+php4 (4:4.3.10-4) unstable; urgency=medium
+
+ * Make php4-dev arch:any, as it contains some arch-specific defines.
+ * Add 042-remove_windows_paths.patch, a patch to rfc1867.c to strip Windows
+ paths from uploaded filenames, like it used to. (closes: #294305)
+ * Fix up caudium description to reflect the fact that caudium it is no
+ longer restricted from sharing extensions with other SAPIs.
+ * Build-dep on apache2-threaded-dev (>= 2.0.53-3) to make sure we
+ get a version with non-broken headers.
+
+ -- Adam Conrad Wed, 9 Feb 2005 11:52:10 -0700
+
+php4 (4:4.3.10-3) unstable; urgency=medium
+
+ * Update to CVS, as of 200502060530 (closes: #288672)
+ - Fixes two vulnerabilities in exif.c, CAN-2005-1042 and CAN-2005-1043
+ - Fixes two vulnerabilities in image.c, CAN-2005-0524 and CAN-2005-0525
+ - File uploads with "'" in them aren't cut off anymore (closes: #288679)
+ - unserialize() is no longer ridiculously slow (closes: #291392)
+ - Add 000-200502060530_CVS.patch
+ - Adapt debian/rules to the realities of upstream's new buildconf
+ - Add 033-we_WANT_libtool.patch, to force relibtoolizing with Debian's
+ libtool, rather than using upstream's broken bundled libtool
+ - Drop 031_zend_strtod_1.1.2.10.patch and 032_zend_strtod_debian.patch
+ - Adjust patches for offsets and fuzz
+ - Force --with-pic, as policy demands it, and the build system doesn't
+ * Added several patches, yanked from the Fedora PHP sources:
+ - 034-apache2_umask_fix.patch, fixes umask not being properly reset
+ after each request (closes: #286225)
+ - 036-fd_setsize_fix.patch, fixes misuse of FD_SET()
+ - 038-round_test_fix.patch, makes the rounding test work on gcc-3.3
+ * Removed --with-libedit, as being able to background php is more useful,
+ in my opinion, than using readline functions (see #286356)
+ * Include zip support in all SAPIs (closes: #288534, #288909)
+ * Enable Zend Thread Safety for all SAPIs, meaning that our modules
+ are now compiled for ZTS APIs as well. (closes: #278212, #264015)
+ - Make sure caudium-php4 now provides phpapi-$(ver), and modules can
+ be configured with the caudium SAPI.
+ - Add 039-reentrant_libs.patch to link to the reentrant versions of
+ libldap and libmysqlclient
+ * Stop suggesting phpdoc, as it's undistributable anyway.
+ * Add 040-curl_open_basedir.patch, to make php4-curl respect the value
+ of open_basedir, thanks to Martin Pitt (closes: #291410)
+ * Add 041-shut_up_snmp.patch, to prevent libsnmp5 from attempting (and
+ failing) to write persistent data every time it shuts down. Ugh.
+
+ -- Adam Conrad Sun, 6 Feb 2005 05:32:11 -0700
+
+php4 (4:4.3.10-2) unstable; urgency=high
+
+ * Patch Zend/zend_strtod.c twice:
+ - Patch from upstream CVS to fix FTBFS on Sparc/Linux systems
+ - Patch from me to fix FTBFS on __mc68000__, __ia64__, and __s390__
+
+ -- Adam Conrad Sat, 18 Dec 2004 19:35:30 -0700
+
+php4 (4:4.3.10-1) unstable; urgency=high
+
+ * New upstream release, including the following security fixes:
+ - CAN-2004-1018 - shmop_write() out of bounds memory write access.
+ - CAN-2004-1018 - integer overflow/underflow in pack() and unpack()
+ functions.
+ - CAN-2004-1019 - possible information disclosure, double free and
+ negative reference index array underflow in deserialization code.
+ - CAN-2004-1020 - addslashes() not escaping \0 correctly.
+ - CAN-2004-1063 - safe_mode execution directory bypass.
+ - CAN-2004-1064 - arbitrary file access through path truncation.
+ - CAN-2004-1065 - exif_read_data() overflow on long sectionname.
+ - magic_quotes_gpc could lead to one level directory traversal with
+ file uploads.
+ * Adjust patch offsets for new upstream, fix 013-force_getaddrinfo.patch
+ to match with new configure.in and drop 026-4.3.10_session_fixes.patch
+ which is included in 4.3.10.
+
+ -- Adam Conrad Wed, 15 Dec 2004 17:17:40 -0700
+
+php4 (4:4.3.9-2) unstable; urgency=low
+
+ * Adam Conrad :
+ - Add -fno-strict-aliasing to CFLAGS, as the (several thousand)
+ warnings I'm getting from GCC are frightening me a tad.
+ - Remove the php-cgi alternative in php4-cgi's prerm, to avoid
+ leaving dangling symlinks (closes: #275962, #282315)
+ - Include 030-imap_getacl.patch, adding the imap_getacl() function
+ required by the GOsa project (closes: #282484)
+ - Include php.ini-paranoid in doc/examples, provided and maintained
+ by Javier Fernández-Sanguino Peña (closes: #274374)
+ - Make /cgi-bin/php4 an alternative for /cgi-bin/php (closes: #282464)
+ - Remove obsolete info from README.Debian relating to session_mm,
+ since we stopped building with libmm a while back.
+ - Reintroduce /usr/lib/php4/libexec that went missing in a previous
+ upload, since the build uses it as the default safe_mode exec dir.
+ * Andres Salomon :
+ - Add patch to include gd headers in php4-dev, as some PECL modules
+ (notably, pdflib) expect it; 028-export_gd_headers.patch.
+ - Lintian fix: Add missing #DEBHELPER# token to php4-common.postrm.
+
+ -- Adam Conrad Wed, 01 Dec 2004 18:48:13 -0700
+
+php4 (4:4.3.9-1) unstable; urgency=high
+
+ * New upstream release, removed the following patches fixed upstream:
+ 014-apache2handler_CVS_fixes.patch, 015-gdNewDynamicCtx_Add_Ex.patch,
+ 018-unix_socket_fd_leak.patch, 020-4.3.9_overflow_fixes.patch,
+ 021-4.3.9_sybase_ct_fixes.patch, 022-4.3.9_sprintf_fixes.patch,
+ 023-4.3.9_array_fixes.patch, 024-4.3.9_glob_fix.patch,
+ and 025-4.3.9_domxml_segfaults.patch
+ * Resolves undiscolsed vulnerabilities in GPC processing and rfc1867
+ handling of file uploads via the $_FILES array; these have since
+ been assigned CVE CAN-2004-0958 and CAN-2004-0959 (closes: #274206)
+ * After some fairly heavy testing from several users and developers,
+ finally update php4-snmp to use libsnmp5 (closes: #195929)
+ * Add 026-4.3.10_session_fixes.patch from CVS, which prevents PHP
+ from segfaulting when a nonexistant or unsupported save_handler or
+ serialize_handler is specified in php.ini.
+ * Add /etc/apache/conf.d/php4.conf, setting up our mime-types, on the
+ off chance that the user's /etc/mime.types is broken (closes: #271171)
+ * Reintroduce a CGI binary at /usr/bin/php4-cgi, so people who can't
+ make use of the --force-cgi-redirect CGI binary in /usr/lib/cgi-bin
+ can instead use #!/usr/bin/php4-cgi scripts (closes: #273143)
+ * Enable FastCGI for both CGI binaries, now that it no longer conflicts
+ with, but rather complements, the CGI SAPI (closes: #233849)
+ * Bump libgd2 build-dep a notch to make sure we build against a version
+ that actually has XPM support built in (closes: #270435)
+ * Finally drop the bogus libapache-mod-ssl dependency from the apache1.3
+ php4 module, as glibc (>= 2.3.2.ds1-17) has fixed the dlopen refcount
+ bug that we were hacking around (closes: #205553, #230956, #271000)
+ * Remove the mm session handler from the apache1.3 build. Since the
+ files handler now works on all arches, and is configured to be secure
+ by default, mm seems to have outlived its usefulness.
+ (closes: #119902, #149430, #166811, #272463, #232840)
+ * Rename sapi/apache2handler/sapi_apache2.c to mod_php4.c so that
+ directives aren't ambiguous between php4 and php5.
+ * Add Czech translation, thanks to Miroslav Kure (closes: #274038)
+ * Configure CLI with --with-libedit for readline support, and add
+ 027-readline_is_editline.patch, since Debian's libedit headers are
+ not installed in /usr/include/readline (closes: #274031)
+ * libcurl grew a new SONAME somewhere along the way, and upgrading
+ doesn't seem to cause regressions in php4-curl, so upgrade we shall,
+ changing build-deps accordingly (closes: #260389)
+
+ -- Adam Conrad Mon, 4 Oct 2004 22:57:37 -0600
+
+php4 (4:4.3.8-12) unstable; urgency=high
+
+ * On new php4-cli installations, if php4-cgi is installed, we copy its
+ php.ini as a starting reference, so that command line scripts that
+ used to work don't start mysteriously failing (closes: #270153)
+ * php4-common has grown a postrm script to make sure we completely
+ clean out and remove /var/lib/php4 during the purge phase.
+ * Optimize garbage collection cronjob to use 'xargs -r -0 rm', so we
+ aren't forking for every session file we delete (closes: #268918)
+
+ -- Adam Conrad Sun, 5 Sep 2004 19:17:42 -0600
+
+php4 (4:4.3.8-11) unstable; urgency=high
+
+ * Andres Salomon :
+ - Fix bashism in maxlifetime script (closes: #270015)
+ * Adam Conrad :
+ - Clarify setup instructions in README.Debian for using php4-cgi
+ with the apache and apache2 packages (closes: #228342, #228343)
+
+ -- Adam Conrad Sat, 04 Sep 2004 23:21:21 -0600
+
+php4 (4:4.3.8-10) unstable; urgency=high
+
+ * Andres Salomon :
+ - Change frequency of session file cleansing, based on the maximum value
+ of session.gc_maxlifetime from all php.ini files (closes: #269688).
+ - Update README.Debian to mention session cleaning cron job.
+ * Adam Conrad :
+ - Drop php4-cgi from the list of alternate dependencies for the php4
+ metpackage to smooth upgrades for woody users who have both php4 and
+ php4-cgi installed (closes: #269628, #269348, #269377)
+ - Fix cut-n-paste issue in php4-cli postinst (closes: #269466)
+ - Add 023-4.3.9_array_fixes.patch, which fixes problems with the
+ extract() function misbehaving with multiple element references.
+ - Add 024-4.3.9_glob_fix.patch to fix broken return values from glob()
+ when it succeeds with no matches (closes: #269287)
+ - Add 025-4.3.9_domxml_segfaults.patch, fixing segfaults in the domxml
+ extension when it shares memory space with other libxml2-using libs.
+ - Update the comments in php.ini to point out that, due to dilinger's
+ changes above, session.gc_maxlifetime is honoured by the gc cronjob.
+
+ -- Adam Conrad Fri, 03 Sep 2004 20:42:56 -0600
+
+php4 (4:4.3.8-9) unstable; urgency=high
+
+ * Re-introduce the changelog.Debian that went missing in the last
+ upload due to the php4-common move from arch:all to arch:any
+ * Clean up lintian warnings regarding scripts that weren't executable
+ and executables that weren't scripts.
+ * Add a lintian override for the non-standard-dir-perm of /var/lib/php4
+ * Update to Standards-Version 3.6.1 (no changes, other than the above)
+
+ -- Adam Conrad Thu, 26 Aug 2004 21:53:27 -0600
+
+php4 (4:4.3.8-8) unstable; urgency=low
+
+ * Default session.save_path is now compiled in to php4, allowing
+ us to, again, comment out the value in php.ini.
+ * Comment out session.gc_probability in the default php.ini, as we've
+ now compiled in a default of 0, allowing the cronjob to do the
+ garbage collection for us instead. (closes: #267720)
+ * Make the 5 SAPI postinsts smarter, allowing them to poke around in
+ people's configs and make sure that sessions won't be broken
+ after we upgraded them from a perfectly functional system.
+ * Add 022-4.3.9_sprintf_fixes.patch, fixing incorrect formatting of
+ floats with padding by sprintf().
+ * Make php4-common arch:any, and loosen up some of the other any->all
+ package dependencies to make sure binNMUs won't break.
+
+ -- Adam Conrad Tue, 24 Aug 2004 03:09:43 -0600
+
+php4 (4:4.3.8-7) unstable; urgency=high
+
+ * Back out LFS support AGAIN, as we're disabling LFS in apache2 for
+ the Sarge release. (closes: #266869)
+ * Add 021-4.3.9_sybase_ct_fixes.patch, backporting several fixes
+ for the sybase_ct extension from 4.3.9rc1.
+ * Tidy up descriptions a fair bit:
+ - Disambiguate short descriptions of SAPIs. (closes: #244571)
+ - Refresh the (now much longer) lists of built-in modules for each SAPI.
+ - Explain why caudium-php4 can't use any loadable extensions.
+ - Remove silly advertising blurb for Zend, since very few people are
+ still using php3, and those who are can't be convinced to upgrade
+ just by telling them "Hey, it's faster!".
+ - Add Homepage URI to each SAPI description.
+ - Fix typo in php4-domxml description. (closes: #146124)
+ * Make caudium-php4 provide php4-mysql and php4-pgsql, so it can be used
+ with packages that depend on something like "php4, php4-mysql".
+ * Enable --with-mime-magic and make sure all SAPIs depend on libmagic1
+ to pull in /usr/share/misc/file/magic.mime (closes: #175136)
+
+ -- Adam Conrad Thu, 19 Aug 2004 18:27:17 -0600
+
+php4 (4:4.3.8-6) unstable; urgency=high
+
+ * Add libgcrypt11-dev to the build-depends, as something seems to be
+ pulling it in and causing an FTBFS (closes: #265952)
+ * Add 020-4.3.9_overflow_fixes, backporting fix for integer overflows
+ in array_slice(), array_splice(), substr(), substr_replace(),
+ strspn() and strcspn().
+ * Bump the apache2 build-dep to (>= 2.0.50-9) to ensure we're building
+ against the new ABI-incompatble libapr0, which brings in proper
+ large file support. Bump the apache2 binary dependency as well.
+ (closes: #266210, #266192)
+ * Enable large file support on all SAPIs except for caudium, as I'm not
+ sure how caudium will react to the change, and I don't want to
+ destabilise anything just before release. This change has been
+ heavily tested with apache2/apache/cgi/cli, and all is well there.
+ * Re-enable 019-z_off_t_as_long.patch, which is needed to make sure
+ that LFS-enabled SAPIs can still use zlib file functions correctly.
+ * Rework the apache2 restarting logic to only restart apache2 if
+ apache2ctl configtest succeeds, otherwise kick out a warning to
+ the user. Even then, we run force-reload with ||true, in case
+ apache2 fails to start for other reasons (closes: #264958)
+ * Make php4-gd Provide php4-gd2, so packages which still depend on
+ php4-gd2 are installable (and so packaging frontends can take the
+ provides/conflicts/replaces hint and DTRT with it)
+ * Split php4-cgi to php4-cgi and php4-cli (closes: #227915)
+ - Add php4-cli to debian/control, replaces older php4-cgi versions
+ - php4-cgi depends on php4-cli for smooth transitions
+ - php4-pear now depends on php4-cli (closes: #243214, #221434)
+ - Add php4-cli to list of SAPIs configurable for modules
+ - Munge php.1 manpage to include -cli info
+ - Enable pcntl and ncurses in -cli (closes: #135861, #190947, #241806)
+ * Move all of php4's files to libapache-mod-php4, and make php4 a
+ metapackage that depends on libapache-mod-php4 | libapache2-mod-php4 |
+ php4-cgi | caudium-php4 (closes: #244573, #246654, #244571, #266517)
+ * Include skeleton directory in php4-dev (closes: #95832, #211338)
+ * Include php.ini-recommended in php4-common's examples (closes: #181396)
+ * Move /var/lib/php4 to php4-common and install a cronjob that cleans
+ out old sessions every 30 minutes (closes: #256831, #257111)
+ * Move the libapache-mod-ssl dependency from php4-imap to
+ libapache-mod-php4 to stop irritating users of other SAPIs
+ (closes: #240003, #246887, #263381)
+ * Compile pgsql and mysql support into the caudium SAPI, so it's
+ slightly less useless (closes: #181175)
+
+ -- Adam Conrad Sun, 15 Aug 2004 19:56:14 -0600
+
+php4 (4:4.3.8-5) unstable; urgency=low
+
+ * Build-depend on chrpath and use it to nuke rpath from modules
+ during the install target of debian/rules.
+ * Add 018-unix_socket_fd_leak.patch to get rid of UNIX socket file
+ descriptor leak on failed fsockopen() calls. (closes: #257269)
+ * It would seem that if we want LFS support, all SAPIs and all extensions
+ that do file access need to be built with LFS support, and since
+ apache2 currently doesn't have LFS, this presents a problem. As
+ such, I'm disabling LFS accross the board until apache2 supports it.
+ (closes: #263962)
+ * Add 019-z_off_t_as_long.patch, including local headers for zlib,
+ forcing off_t = long for gzip file functions, however disable it
+ for now, as we'll only need it if we reenable LFS (closes: #208608)
+ * Add the Debian package revision as EXTRAVERSION to PHP, so one can
+ more easily tell what version is currently running (for instance,
+ if a user fails to restart Apache after an upgrade of php4, this
+ would become obvious to them in the version banner and in phpinfo()
+ * Fixed up debian/patches, adjusting offsets and adding newlines,
+ so patch stops complaining and applies them cleanly.
+ * libapache2-mod-php4 postinst now forces a reload of apache2, which
+ should get the module properly working in all cases where people
+ previously thought 'apachectl graceful' would cut it.
+ (closes: #241352, #263424, #228343)
+ * debian/rules explicitly sets PROG_SENDMAIL during configure so
+ that builds on buildds with no sendmail installed don't get the
+ mail() function disabled. (closes: #180734)
+ * Enable XMLRPC-EPI support for all SAPIs (closes: #228825, #249368)
+ * Enable sysvmsg support for all SAPIs (closes: #236190)
+ * Enable dbx support for all SAPIs (closes: #229508, #249797)
+ * Nuke aclocal.m4 before we run ./buildconf to ensure we get it
+ regenerated correctly, and we get an up-to-date libtoolization.
+
+ -- Adam Conrad Mon, 9 Aug 2004 07:47:46 -0600
+
+php4 (4:4.3.8-4) unstable; urgency=low
+
+ * Drop 016-pread_pwrite_XOPEN_SOURCE_500.patch, as it didn't seem to
+ solve anything, really, and add 017-pread_pwrite_disable.patch,
+ wich completely disables pread/pwrite usage, fixing session support
+ on sparc, and pread/pwrite usage on amd64. (closes: #261311)
+
+ -- Adam Conrad Mon, 26 Jul 2004 06:15:59 -0600
+
+php4 (4:4.3.8-3) unstable; urgency=low
+
+ * Steve Langasek :
+ - Give php4-pear a versioned dependency on php4-cgi, due to
+ backwards-compatibility issues (closes: #260924).
+
+ * Adam Conrad :
+ - Added a debian/watch file for the curious, or people running
+ automated uscan scripts over the entire archive.
+ - Bump libgd2 build-dep to 2.0.28 to buy us guaranteed GIF
+ support in php4-gd (closes: #66293)
+ - Add 015-gdNewDynamicCtx_Add_Ex.patch, which fixes three double-free
+ errors in php4-gd. This, in concert with the librrd0 update
+ (see #261323) should clear up all known segfaults in php4-gd
+ (closes: #220196, #234571, #241270, #246833, #251220, #260790)
+ Thanks to Klaus Reimer for the tip.
+ - Add 016-pread_pwrite_XOPEN_SOURCE_500.patch, which fixes use of
+ pread/pwrite in conjunction with LFS64. This should fix the files
+ session handler on sparc, as well as the amd64 build failure.
+ (closes: #234766, #239420, #261311, #248765)
+ - Clean up debian/rules to remove a bunch of obsolete cruft, as well
+ as introducing an LFSFLAGS, allowing us to easily turn LFS support
+ on and off for each SAPI.
+ - Re-enable LFS for apache 1.3, as it was enable in Woody and we should
+ remain backward compatible.
+
+ -- Adam Conrad Sun, 25 Jul 2004 18:49:31 -0600
+
+php4 (4:4.3.8-2) unstable; urgency=high
+
+ * Urgency "high" to make up for the last upload which contained
+ security fixes but was uploaded urgency "low".
+
+ * Adam Conrad :
+ - Bump debhelper build-dep to >= 3, as we were using DH_COMPAT=3
+ in debian/rules. Not sure how this was missed for so long.
+ - Add 014-apache2handler_CVS_fixes.patch, which fixes a memory
+ leak in the apache2handler SAPI, as well as a logical mishandling
+ of fatal errors during activation.
+
+ * Steve Langasek :
+ - Revert large file support, which appears to cause
+ ABI-incompatibilities (and therefore segfaults) for apache2
+ (closes: #259659).
+
+ -- Adam Conrad Mon, 19 Jul 2004 20:44:00 -0600
+
+php4 (4:4.3.8-1) unstable; urgency=low
+
+ * Adam Conrad :
+ - New upstream release (4.3.8). Fixes several security issues:
+ + Fixed strip_tags() to correctly handle '\0' characters.
+ + Improved stability during startup when memory_limit is used.
+ + Replace alloca() with emalloc() for better stack protection.
+ + Added missing safe_mode checks inside ftok and itpc.
+ + Fixed address allocation routine in IMAP extension.
+ + Prevent open_basedir bypass via MySQL's LOAD DATA LOCAL.
+ + Fixes DoS in readfile() function, see CAN-2005-0596.
+ - php4-pear now includes PEAR::Mail 1.1.3 (closes: #257688)
+ - debian/control: change libpng3-dev build-dep to libpng12-dev
+ - Add Turkish debconf translation, thanks to Osman Yuksel.
+ (closes: #252940)
+
+ * Andres Salomon :
+ - New upstream release (4.3.7). The following patches are dropped:
+ 007-dba_fix.patch
+ 008-xbithack.patch
+ 011-curl_api_update.patch
+ 012-curl_deprecated_opts.patch.
+ - Add 013-force_getaddrinfo.patch, so that getaddrinfo support is
+ always enabled (instead of doing check during build).
+
+ * Steve Langasek :
+ - Enumerate supported SAPIs in both the module postinst and the module
+ config script, to avoid "question not found" errors from debconf.
+ This doesn't give us automatic support for new SAPIs as they're
+ added, but it avoids trying to configure SAPIs that we don't support
+ (e.g., caudium), and it also sidesteps shell syntax errors caused by
+ strangely-named subdirectories.
+ - Remove apache2 from the TODO list, because it's done
+ (closes: #243793).
+ - Add /var/lib/php4 to the list of directories for the apache2 module,
+ so we don't end up with a missing session dir (closes: #240962).
+ - s/modules-config/apache-modconf/, now that the canonical name of the
+ apache-common tool has changed
+ - Drop references to php3 in README.Debian, and document the
+ simplified process for enabling php4 in apache 1.3 (closes: #244564).
+ - Enable large files support for all SAPIs (closes: #249500).
+ - Fix commented-out default include path in php.ini (closes: #250274).
+
+ -- Adam Conrad Wed, 14 Jul 2004 18:06:42 -0600
+
+php4 (4:4.3.4-4) unstable; urgency=low
+
+ * Drop apache2 work-around patch and add build-dep on apache2 2.0.48-8,
+ now that #228840 is fixed.
+ * Fix FTBFS problem caused by curl api changes, adding patches 011 and
+ 012 (closes: #239159).
+ * Add phpapi Provides for libapache2-mod-php4 (closes: #240386).
+ * Add versioned build-dep for pcre, as apache2 has proven that pcre-3.9
+ and older won't work (closes: #215069).
+ * Tighten build-dep versions to match upstream's autoconf version checks
+ (closes: #214060).
+
+ -- Andres Salomon Fri, 26 Mar 2004 23:27:27 -0500
+
+php4 (4:4.3.4-3) unstable; urgency=low
+
+ * Andres Salomon :
+ - Fix incorrect php.ini path in CLI manpage (closes: #233757).
+ - Add libapache2-mod-php4 module (closes: #214611).
+ * Updated Japanese debconf translation; thanks to Kenshi Muto
+ (closes: #222424).
+ * Build php4-gd against libgd2-xpm, removing the need for a separate
+ php4-gd2 package (closes: #235390, #206045, #135664).
+ * Add new Catalan debconf translation; thanks to Aleix Badia i Bosch
+ (closes: #236630).
+ * Add new Spanish debconf translation; thanks to Carlos Valdivia
+ Yagüe (closes: #235052).
+
+ -- Steve Langasek Sat, 28 Feb 2004 12:11:57 -0600
+
+php4 (4:4.3.4-2) unstable; urgency=low
+
+ * Add build-depends on autoconf, missed earlier (closes: #235012).
+ * Minor updates to README.Debian list of supported extensions.
+ * Fix integer size mismatch in snmp extension affecting 64-bit
+ platforms
+
+ -- Steve Langasek Thu, 26 Feb 2004 22:25:27 -0600
+
+php4 (4:4.3.4-1) unstable; urgency=low
+
+ * New upstream version. Update local patch set accordingly, with help
+ from Andres Salomon .
+ - includes fix for snmpget() not closing its socket
+ (closes: #207363).
+ * Update build-depends to libdb4.2-dev, to match apache-dev
+ (closes: #231692).
+ * Drop translations of stale templates, and add new German debconf
+ translation; thanks to Alwin Meschede
+ (closes: #232270).
+ * Add new Danish debconf translation; thanks to Claus Hindsgaul
+ (closes: #233887).
+ * Move local patches into debian/patches/ for easier management, and
+ add debian/rules targets for build-time application of patches.
+ * Fix a problem with PHP "xbithack" causing ini scope leakage
+ (closes: #230047).
+ * Re-enable the openssl extension statically, since we now know for
+ sure that the php4-imap problems are a glibc bug (closes: #197450).
+ * Fix pear to set /usr/bin/php4 instead of /usr/bin/php for the value
+ of php_bin, so PEAR-managed scripts work correctly
+ (closes: #228381). In addition, use alternatives for /usr/bin/php
+ for the benefit of user scripts (closes: #185283).
+ * Set the default session save_path to /var/lib/php4 instead of to
+ /tmp, and create this directory such that all users (for php4-cgi)
+ can create files there and access their own files once created, but
+ not see the names of other files in the directory (closes: #139810).
+ * Drop our override of upstream's register_globals default
+ (closes: #230878).
+
+ -- Steve Langasek Sat, 14 Feb 2004 10:23:24 -0600
+
+php4 (4:4.3.3-5) unstable; urgency=low
+
+ * Have php4-pear Suggest: php4-dev, for PECL extensions
+ (closes: #225969).
+ * Recompiled against the new version of libxslt, to get rid of the
+ dependency on libxsltbreakpoint (closes: #224806).
+ * Also recompiled against the new version of libc-client (closes: #227347).
+ * Fix pear to not expect to be able to twiddle locks when running as
+ non-root, which also seems to fix a memory utilization problem
+ (closes: #225026).
+ * Make php4-imap depend on libapache-mod-ssl, since this seems to be
+ the only reliable way of getting apache to stop segfaulting.
+ * Build-depend on libt1-dev, which replaces t1lib-dev.
+
+ -- Steve Langasek Mon, 5 Jan 2004 22:53:18 -0600
+
+php4 (4:4.3.3-4) unstable; urgency=low
+
+ * Fix prerm script to remove mod_php4, *not* mod_perl, from the
+ config (Closes: #216889).
+ * Use /etc/$i/httpd.conf instead of /etc/$i to decide whether to
+ call modules-config.
+ * Don't invoke debconf unless we have to in the postinst, to reduce
+ the risk of interactions between modules-config and our questions.
+ * Add Dutch debconf translation; thanks to Tim Dijkstra
+ (closes: #221439).
+ * Sync dba lock handling against upstream CVS HEAD, to fix a bug with
+ truncating db4 files when opening with 'c' (create).
+ (Closes: #221559).
+
+ -- Steve Langasek Tue, 21 Oct 2003 16:49:03 -0500
+
+php4 (4:4.3.3-3) unstable; urgency=low
+
+ * Disable -gstabs on ia64, since this debugging symbol type is
+ apparently unknown there; we should now have clean builds (with
+ appropriate debugging symbols) on all archs.
+
+ -- Steve Langasek Mon, 20 Oct 2003 19:07:40 -0500
+
+php4 (4:4.3.3-2) unstable; urgency=low
+
+ * Don't call db_stop in the postinst, as this seems to cause problems
+ for modules-config (closes: #215663, #215584).
+ * Remove duplicate -prefer-pic flag on caudium build, in hope of
+ making libtool do something sensible on ia64,hppa (closes: #216020).
+ * Always build with debugging symbols, per current policy.
+ * Unconditionally call dh_strip, which knows about DEB_BUILD_OPTIONS;
+ and call install -s when installing shared extensions by hand.
+ * Fix upstream build rules to not call libtool --silent.
+
+ -- Steve Langasek Wed, 15 Oct 2003 23:19:55 -0500
+
+php4 (4:4.3.3-1) unstable; urgency=low
+
+ * New upstream release.
+ * Add Japanese debconf translation; thanks to Kenshi Muto
+ (closes: #211961).
+ * Fix caudium handling to always grab the current pike version from
+ dpkg when constructing include paths (closes: #212585).
+ * Bump the c-client build dependencies to use the new -dev package
+ name.
+ * Convert php4 postinst/prerm scripts to use the new apache
+ modules-config interface.
+
+ -- Steve Langasek Sun, 21 Sep 2003 17:26:31 -0500
+
+php4 (4:4.3.2+rc3-6) unstable; urgency=low
+
+ * Add Brazilian Portuguese debconf translation; thanks to André Luís
+ Lopes (closes: #207078).
+ * Catch debian/control up with debian/rules for the zendapi -> phpapi
+ transition.
+
+ -- Steve Langasek Sun, 31 Aug 2003 20:35:57 -0500
+
+php4 (4:4.3.2+rc3-5) unstable; urgency=low
+
+ * Kill the lintian warning on the grammar in the copyright file.
+ * Redirect apacheconfig I/O to /dev/tty, to work around debconf
+ behavior (for real this time). Closes: #207468, #206404.
+ * Replace 'zendapi' with 'phpapi', since the former does not
+ accurately describe the ABI changes that affect modules and can
+ leave some packages installable but broken (closes: #208020). Also,
+ remove the versioned conflicts with php4-{mysql,pgsql}, since this
+ now supersedes.
+ * Add French debconf translation; thanks to Michel Grentzinger
+ (closes: #207662).
+
+ -- Steve Langasek Sat, 23 Aug 2003 21:43:24 -0500
+
+php4 (4:4.3.2+rc3-4) unstable; urgency=low
+
+ * Have all php extensions automatically detect and configure for any
+ installed SAPIs (closes: #143436).
+ * Remove spurious dependencies from php4-dev, and replace autoconf2.13
+ with autoconf (closes: #180497).
+ * Conflict with old php4-pgsql as we do with php4-mysql, as it
+ manifests the same bug.
+ * Add preliminary rules for building apache2 SAPI, but don't enable.
+ * Call db_stop before trying to run apacheconfig (closes: #206404).
+ * Check for the existence of /etc/php4 before trying to rmdir it,
+ since there are apparently those who remove such directories
+ prematurely (closes: #206120).
+
+ -- Steve Langasek Sun, 17 Aug 2003 00:19:38 -0500
+
+php4 (4:4.3.2+rc3-3) unstable; urgency=low
+
+ * Fixes for spurious package dependencies
+ * Fix the paths emitted by php-config, so we can build php4-pgsql et al.
+
+ -- Steve Langasek Fri, 15 Aug 2003 23:44:55 -0500
+
+php4 (4:4.3.2+rc3-2) unstable; urgency=low
+
+ * Make sure pear.conf is properly marked as a conffile, by bumping
+ DH_COMPAT to 3.
+ * Generate all per-extension postinsts/prerms at build time, instead
+ of managing them by hand.
+ * Get rid of bogus, non-FHS directories from the caudium build.
+ * Install the upstream php manpage in the php4-cgi package
+ (closes: #175836).
+ * Prevent null dereferencing in ldap_explode_dn() (closes: #205405).
+ * Hard-code /usr/share/pear at the end of the include path, for
+ backwards compatibility.
+ * Debconf support for PHP extension registration, including
+ po-debconf support (closes: #122353).
+ * Fix interpreter path in /usr/bin/pear.
+ * Make php4-pear depends: php4-cgi (closes: #182393).
+
+ -- Steve Langasek Wed, 13 Aug 2003 22:39:08 -0500
+
+php4 (4:4.3.2+rc3-1) unstable; urgency=low
+
+ * New upstream version.
+ - includes fix for buffer overflow crashes in imap module
+ (closes: #191640)
+ - includes fix for dysfunctional open_basedir directive
+ (closes: #197803)
+ - include fix for various XSS vulnerabilities (closes: #200736)
+ * Recompile against newest libc-client libs, following another soname
+ change (closes: #199049)
+ * Replace db2 with db4.
+ * Trim down the cgi sapi rules, since it will now build both cli and
+ cgi for us by default.
+ * Kludge the caudium sapi, by hard-coding the include path we need for
+ pike headers.
+ * Copy the lex/yacc-generated .c and .h files into the build
+ directories, since generating them at build time gives wildly
+ different, and undisputably broken, results.
+ * Update the install rules so they're compatible with current upstream
+ handling of pear and the various SAPIs.
+ * Add '=shared' to the --enable-xslt option, to get the right results
+ for that extension.
+ * Move PEAR extensions from /usr/share/pear to /usr/share/php.
+ * Conflict with php4-mysql=4:4.2.3-14, due to bizarre Zend errors.
+
+ -- Steve Langasek Wed, 6 Aug 2003 22:43:28 -0500
+
+php4 (4:4.2.3-14) unstable; urgency=low
+
+ * Disable openssl extensions AGAIN. It appears that this double-linking mess
+ is still causing nasty segfaults.
+ (closes: #188014, #188025, #188058, #189202, #189653)
+
+ -- Adam Conrad Sun, 20 Apr 2003 17:31:59 -0600
+
+php4 (4:4.2.3-13) unstable; urgency=low
+
+ * Revert NET-SNMP patch and build php4-snmp against UCD-SNMP again
+ (closes: #185534)
+ * Build against libmm13, as libmm12 no longer exists (closes: #187401)
+ * Rebuild caudium-php4 against latest caudium-dev
+ * Re-enable openssl linking and functions, now that our glibc 2.3
+ problems appear to be ironed out.
+ * Enable xslt and exslt support in php4-domxml (closes: #172881)
+
+ -- Adam Conrad Thu, 3 Apr 2003 05:53:24 -0700
+
+php4 (4:4.2.3-12) unstable; urgency=low
+
+ * Rebuild php4-sybase against libct1 (closes: #184461)
+
+ -- Steve Langasek Sat, 8 Mar 2003 20:03:33 -0600
+
+php4 (4:4.2.3-11) unstable; urgency=low
+
+ * Remove pike header location detection from debian/rules and do it
+ properly in sapi/caudium/config.m4, using pike7.2-config --version
+
+ -- Adam Conrad Mon, 3 Mar 2003 23:33:26 -0700
+
+php4 (4:4.2.3-10) unstable; urgency=low
+
+ * Added patch to build with NET-SNMP 5.x
+ * Updated build-dep for libc-client to 2003debian
+ (closes: #181565, #182854, #169886)
+ * Updated build-dep for libcurl to libcurl2-dev (closes: #179722)
+ * Added -mieee to alpha build to solve FPE errors (closes: #180656)
+ * Removed arch-specific logic to build with gcc-3.2 on arm, since gcc-3.2
+ is now the default compiler on all architectures.
+ * Add libwrap0-dev to the end of the build-depends to work around #183041.
+ Someone remember to remove this later when the bug is fixed. :)
+ * Build against newer libsablot0-dev (closes: #179886, #181550)
+ * Introduce ugly hack in debian/rules to get the pike includes
+ directory right for the caudium SAPI.
+
+ -- Adam Conrad Sun, 2 Mar 2003 12:49:07 -0700
+
+php4 (4:4.2.3-9) unstable; urgency=low
+
+ * Fix caudium-php4 to not conflict with php4-pear (closes: #175415).
+
+ -- Steve Langasek Sun, 5 Jan 2003 16:40:20 -0600
+
+php4 (4:4.2.3-8) unstable; urgency=low
+
+ * Fix typo in debian/rules
+ * Rebuild to bring in sync with latest caudium packages
+
+ -- Adam Conrad Wed, 25 Dec 2002 20:00:59 -0700
+
+php4 (4:4.2.3-7) unstable; urgency=low
+
+ * Set a sane default for safe_mode_exec_dir (closes: #122920).
+ * Rebuild against libmm-dev on i386, instead of against the
+ no-longer-available libmm11-dev which Provides: the same
+ (closes: #173509).
+
+ -- Steve Langasek Mon, 16 Dec 2002 22:48:40 -0600
+
+php4 (4:4.2.3-6) unstable; urgency=low
+
+ * Build with PEAR for all SAPIs, so that the built-in include_path is
+ set correctly (overkill?). Closes: #169786, #172321
+ * Change section of php4-dev package to devel.
+ * Add libkrb5-dev to build-depends, since libc-client2002-dev doesn't
+ pull it in (closes: #173313).
+ * Depend on coreutils instead of fileutils, since the latter is now an
+ empty package (closes: #171265).
+
+ -- Steve Langasek Sun, 15 Dec 2002 23:20:30 -0600
+
+php4 (4:4.2.3-5) unstable; urgency=low
+
+ * Fix (snip, snip) the upstream build scripts, so that libphp4.so
+ isn't worthlessly linked against the problematic openssl libs
+ (closes: #165699, #165718, #165719, #166414).
+ * Update config.{sub,guess} so that the package builds on mips
+ platforms (closes #173218)
+ * Replace libc-client-ssl2001-dev with libc-client2002-dev in build
+ dependencies, fixing various php4-imap segfaults (closes: #169610,
+ #169769).
+
+ -- Steve Langasek Sun, 15 Dec 2002 19:42:43 -0600
+
+php4 (4:4.2.3-4) unstable; urgency=low
+
+ * Remove build dependency on non-extant libmagick5-dev, which is no
+ longer used anyway (closes: #169829, #172402).
+ * Add myself to the Uploaders: field of the control file.
+
+ -- Steve Langasek Sat, 14 Dec 2002 12:52:06 -0600
+
+php4 (4:4.2.3-3) unstable; urgency=low
+
+ * Backport a patch from CVS to sanitize control characters in php_url_parse()
+ to prevent ASCII control injection in fopen() calls.
+
+ -- Adam Conrad Thu, 12 Sep 2002 16:29:46 -0600
+
+php4 (4:4.2.3-2) unstable; urgency=low
+
+ * I'm a moron (thanks to James Troup for pointing this out).
+ * Change gcc-3.1 references in debian/rules to gcc-3.2.
+ * Change GD build-dep to libgd-xpm-dev until GD package mess is worked out.
+
+ -- Adam Conrad Tue, 10 Sep 2002 12:18:21 -0600
+
+php4 (4:4.2.3-1) unstable; urgency=low
+
+ * New upstream version
+ * Added a patch from Ginger Alliance to eliminate warnings in xslt compile
+ * Messed with the php4-imap build:
+ - compiling with SSL support (closes: #122700)
+ - commented out the static-on-i386 hack, libc-client is now linked dynamically
+ * Sessions should finally be fixed, however I won't tag the bugs "woody"
+ until I know for sure. (if you were affected, please test and send
+ followups to me)
+ * Updated arm build-dep to use gcc-3.2 since gcc-3.1 is gone now.
+
+ -- Adam Conrad Tue, 10 Sep 2002 09:02:51 -0600
+
+php4 (4:4.2.2-3) unstable; urgency=low
+
+ * Fix typo resulting in php4-odbc not having a postinst
+ (closes: #157116, #157927)
+ * Build against latest caudium-dev to made caudium-php4 installable
+ again. (closes: #158247)
+ * Update build-deps to swap libpng3 for libpng2. (closes: #158908)
+
+ -- Adam Conrad Sat, 7 Sep 2002 01:22:57 -0600
+
+php4 (4:4.2.2-2) unstable; urgency=low
+
+ * Pulled --with-ndbm out of ./configure, as libc6 no longer ships with
+ headers or the library for db1 (closes: #156141, #155889)
+ * Update build deps to build against libmm12 (closes: #155042)
+ * php4-curl no longer depends on libcurl2-ssl (closes: #155015)
+
+ -- Adam Conrad Sat, 10 Aug 2002 01:12:47 -0600
+
+php4 (4:4.2.2-1) unstable; urgency=medium
+
+ * New upstream
+ * Fixes input validation vulnerability in rfc1867.c (closes: #153850)
+ * Added missing prerm/postinst for php4-xslt (oops)
+
+ -- Adam Conrad Mon, 22 Jul 2002 11:58:53 -0600
+
+php4 (4:4.2.1-3) unstable; urgency=low
+
+ * Yet more build fixes. This time, bump the arm build-dep from gcc-3.0 to
+ gcc-3.1 to avoid compiler errors. I love the arm toolchain. No, really.
+
+ -- Adam Conrad Wed, 29 May 2002 17:40:30 -0600
+
+php4 (4:4.2.1-2) unstable; urgency=low
+
+ * Applied small patch to fix building on non-32-bit architectures
+ (closes: #148231)
+ * Added still /more/ documentation about the unserializer, sessions,
+ and the session.save_handler php.ini option.
+
+ -- Adam Conrad Sun, 26 May 2002 14:43:55 -0600
+
+php4 (4:4.2.1-1) unstable; urgency=low
+
+ * The "When is Debian going to have new software like XF^H^HPHP 4.2?" release.
+ * Probably the last update (barring huge packaging bugs or plain broken
+ binaries) before starting on a complete reorg of the PHP packages.
+ * Deserializer now works on big-endian architectures (addresses bug #121391
+ and probably others)
+ * This release probably fixes a whole bunch of bugs. Will be going through
+ the bug list and playing the reproducibility game after the upload.
+ * Default include_path in php.ini now set to include pear.
+ * Upstream default for register_globals HAS CHANGED. In the Debian php.ini
+ we are still using "register_globals = On" for compatibility reasons,
+ however our packages will change too. This is a warning for anyone
+ packaging PHP scripts and applications to make sure you'll be compatible
+ with the new default once it's set.
+
+ -- Adam Conrad Sun, 26 May 2002 06:24:21 -0600
+
+php4 (4:4.1.2-4) unstable; urgency=high
+
+ * No binaries were harmed in the making up this upload.
+ * Updated README.Debian and changelog. All other files untouched,
+ as the binaries were merely unpacked and repacked.
+ - Added a note to README.Debian about how to properly set up
+ Apache for use with php4, if the installation didn't (and it usually
+ doesn't ) get it right.
+ - Added a note to README.Debian about the unserializer (and sessions)
+ being messed up on big endian architectures. It's too late to try
+ to get a proper fix in for this, so we're just going to have to cope.
+
+ -- Adam Conrad Fri, 26 Apr 2002 12:27:40 -0600
+
+php4 (4:4.1.2-3.1) unstable; urgency=low
+
+ * The 'I broke it, I have to take credit for it' release.
+ * Rebuild the package to get proper binary dependencies on alpha.
+
+ -- Steve Langasek Sun, 31 Mar 2002 17:13:09 -0600
+
+php4 (4:4.1.2-3) unstable; urgency=low
+
+ * Switched to --with-regex=php (from =system). This fixes all the
+ problems with eregi/parse_url/fopen/etc on Alpha.
+ * Cleaned up long descriptions (closes: #130977, #130954)
+
+ -- Adam Conrad Wed, 27 Mar 2002 15:11:43 -0700
+
+php4 (4:4.1.2-2) unstable; urgency=low
+
+ * New maintainer (closes: #132980)
+ * Enabling unixodbc support (closes: #107201)
+ * Changed the install-modules target in build/rules_pear.mk so that
+ it will error out in the case of an empty modules directory or
+ failure to install modules (closes: #135304)
+
+ -- Adam Conrad Tue, 12 Mar 2002 00:25:41 -0700
+
+php4 (4:4.1.2-1) unstable; urgency=high
+
+ * New upstream version with a security fix. This
+ supercedes 4.1.1-2.2 from Steve Langasek:
+ * Fix an error in the handling of MIME file upload headers, which left
+ open a potential security hole. (Closes: #136063)
+ * Fixed gcc-3.0 fix :-)
+ * Thanks for fixing apache-common fix
+ * This version should fix session bugs with upstream fix (closes: #133877)
+ * With a brutal change to main/SAPI.c try to fix(?) authorize bugs
+
+ -- Petr Cech Thu, 28 Feb 2002 11:14:26 +0100
+
+php4 (4:4.1.1-2.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * loosen apache-common dependency to make us forwards-compatible, as
+ recommended by the apache maintainer.
+ * use gcc-3.0 when building on arm, because the default toolchain on
+ that arch has Issues (closes: #135906, #135913).
+
+ -- Steve Langasek Tue, 26 Feb 2002 09:59:49 -0600
+
+php4 (4:4.1.1-2) unstable; urgency=medium
+
+ * Rebuild with apache 1.3.23.
+ * This package is in maintainer change mode. Though I orphaned it I'm not
+ going to change maintainer to QA, because we already have fresh blood.
+ * ext/gd/gd.c: s/HAVE_GD_GIF/HAVE_GD_GIF_CREATE/ to build correctly with
+ libgd which has GIF support (fixed included upstream)
+ * debian/control:
+ - Build-Depends: s/libgd1g-dev/libgd-dev/
+ also libc-client at least version 4:2001adebian-6 to fix some segfaults
+ * ext/standard/head.c: make the setcookie() thingie test more simple
+
+ -- Petr Cech Mon, 11 Feb 2002 20:07:22 +0100
+
+php4 (4:4.1.1-1) unstable; urgency=high
+
+ * New upstream bugfix release.
+ * debian/control: php4-gd - Conflicts/Replaces: php4-gd2 if I ever get
+ to upload it
+ * debian/rules: Correctly supply modified CFLAGS to build process
+
+ -- Petr Cech Fri, 28 Dec 2001 23:23:47 +0100
+
+php4 (4:4.1.0-2) unstable; urgency=low
+
+ * debian/php4-cgi.README.Debian: fix typo (closes: #123866)
+ * debian/rules: remove --enable-mbstr-enc-trans as it breaks parametr
+ parsing (closes: #121403)
+ * debian/README.Debian: document shmmax increase (closes: #119688)
+
+ -- Petr Cech Fri, 14 Dec 2001 09:59:59 +0100
+
+php4 (4:4.1.0-1) unstable; urgency=high
+
+ * Finally final 4.1.0
+ * Urgency to reflect previous version
+ * debian/control: php4-pear depends on php4-cgi
+
+ -- Petr Cech Thu, 13 Dec 2001 23:09:54 +0100
+
+php4 (3:4.1-2) unstable; urgency=high
+
+ * FIxes from CSV 4.1.0RC5. Looks like it was not the release after all.
+ * ext/exif/exif.c: MFH
+ * ext/ldap/ldap.c: small crash fix from HEAD
+ * and misc tiny changes. Really :-)
+ * ext/imap/php_imap.c: HIGH. fix from CVS (imap_rfc822_parse_adrlist) changing
+ the argument
+
+ -- Petr Cech Sun, 9 Dec 2001 00:01:37 +0100
+
+php4 (3:4.1-1) unstable; urgency=medium
+
+ * Final 4.1.0 (not released)
+ * NEWS: s/4.0/4.1/
+ * Build with GD1. It should fix some GD bugs, as gd 2.0.1 is supposed to be
+ a beta version with known bugs. How should I know.
+ * sablot extension removed upstream. So use XSLT (C/R in place)
+ * Apply fix for file_exists() from tilo (closes: #114409)
+ * "Cannot redeclare" were fixed in previous RCs (closes: #112341)
+ * previous version is build in hppa and ia64, so I assume it
+ (closes: #115391)
+ * Add note to sybase_ct, that it conflicts with mod_gzip folowing a user
+ report.
+ * This should fix the "final HTML> stripped" bug that was introduced
+ in 4.0.6-3. (closes: #110415).
+ * add --enable-ucd-snmp-hack to try to fix segfaults with ucd-snmp
+
+ -- Petr Cech Mon, 26 Nov 2001 14:56:50 +0100
+
+php4 (3:4.0.100-1) unstable; urgency=low
+
+ * Really a 4.1.0RC2
+ * Remove hack for apache 1.3.14, as we build-depends on 1.3.22 anyway
+ * Build-depends: libexpat1 (>= 1.95.2-2.1) for the .1
+ * Added Provides: zendapi-$version to php4 and php4-cgi
+ * Made modules depend on zendapi-$version instead of php4|php4-cgi.
+ Please use this in your php4-$module packages
+ * Apply c-client hack only to i386 most architectures don't support linking
+ both PIC and non-PIC code. I'm still affrai to do this on i386, as it
+ crashes a lot more :(
+ * Apply some CVS patches
+
+ -- Petr Cech Wed, 14 Nov 2001 20:50:19 +0100
+
+php4 (3:4.0.99-4) unstable; urgency=medium
+
+ * Recompile because of new version of caudium.
+ (I really hope this gets into testing soon as php in testing
+ now doesn't do apache 1.3.22)
+
+ -- Petr Cech Fri, 9 Nov 2001 11:11:46 +0100
+
+php4 (3:4.0.99-3) unstable; urgency=medium
+
+ * Recompile for new libexpat1 (closes: #116623 and others)
+ * upstream: ext/gd/gd.c, ext/iconv/iconv.c
+ * crypt(): defalt to using DES crypt() (closes: #117092)
+ * debian/rules: disable libmm in -cgi build. Will lesser the impact
+ of the infamous /tmp/session_mm.reg
+ * apply patch to Zend, which should fix the "cannot redeclare" error.
+ It's still a bug in your code though (use include_once). More changes
+ to this are comming (upstream).
+ * Add some documentation to sybase
+
+ -- Petr Cech Mon, 22 Oct 2001 11:20:46 +0200
+
+php4 (3:4.0.99-2) unstable; urgency=low
+
+ * "Some days are just no good" release.
+ * Recompile with apache 1.3.22 from Incoming
+ * Deal with automake going to 1:1.4 and automake1.5
+
+ -- Petr Cech Fri, 19 Oct 2001 15:02:00 +0200
+
+php4 (3:4.0.99-1) unstable; urgency=low
+
+ * This is really 4.1.0RC1, but ...
+ * Applied setcookie(), which is not in upstream yet
+
+ -- Petr Cech Fri, 19 Oct 2001 12:05:20 +0200
+
+php4 (3:4.0.6.7rc3-3) unstable; urgency=medium
+
+ * Fix dependency in caudium-php4. Sorry for this
+
+ -- Petr Cech Fri, 19 Oct 2001 11:28:07 +0200
+
+php4 (3:4.0.6.7rc3-2) unstable; urgency=medium
+
+ * Recompile with recent caudium/pike. Please, no new version so it can get
+ into testing :)
+ * debian/control: move php4-pear to suggests
+ * Fix setcookie() again. I really hate this bug
+ * Build-Depends: re2c - it's usually not needed, but if you make some
+ strange changes to the parser ...
+ * FIx automake 1.5 build problems (I hope)
+
+ -- Petr Cech Thu, 18 Oct 2001 12:03:39 +0200
+
+php4 (3:4.0.6.7rc3-1) unstable; urgency=low
+
+ * New upstream test release.
+
+ -- Petr Cech Fri, 5 Oct 2001 09:23:35 +0000
+
+php4 (3:4.0.6.7rc2-3) unstable; urgency=low
+
+ * "Let's try to fix some bugs" release.
+ * Add some patches: ldap (does this fix things?), pgsql,
+ domxml
+ * Build-Conflicts: automake (>= 1.5) for now
+
+ -- Petr Cech Tue, 2 Oct 2001 10:55:23 +0200
+
+php4 (3:4.0.6.7rc2-2) unstable; urgency=low
+
+ * Enable recode extension (the library is LGPL) - shared
+ * Enable iconv extension - in main php4. Experimental
+ * Build-Depends: s/libgd-dev/libgd2-dev/
+ * Build-Depends: libxml2-dev (>= 2.4.2) (Closes: #112304)
+ and fix autoconf macros (Closes: #113980)
+ * Improve?? description of PEAR (Closes: #112432)
+
+ -- Petr Cech Sat, 22 Sep 2001 10:37:42 +0200
+
+php4 (3:4.0.6.7rc2-1) unstable; urgency=medium
+
+ * 2nd release candidate
+ * ext/mbstring: fix compile (cp1252)
+ * ext/standard/url_scanner_ex: off by one
+ * WARNING: caudium builds with Zend Threading enabled, but other
+ modules don't. So you cannot safely use DSO with caudium
+ * Added some Build-Conflicts - with broken libmysqlclient
+ - with libtool 1.4b
+
+ -- Petr Cech Mon, 10 Sep 2001 18:04:27 +0200
+
+php4 (3:4.0.6-6) unstable; urgency=medium
+
+ * The "Paul Hampson fixes release".
+ * Closed those atexit() bugs. Now to find out, how to make libtool link with
+ gcc instead of ld :((
+ * ext/standard/head.c: Fix setcookie("bla) (closes: #109524, #109697)
+ Thanks to Paul Hampson for finding the cause, though I've used another
+ fix - fixed changes in CVS made in -3 I think. Silly me to think, that
+ all "small" changes are fixes.
+ * libc-client2001 was fixed in -5, so add a (closes: #109202) here
+ * Conflicts: only with libtool 1.4b-{1,2,3}. libtool 1.4.1 is OK
+
+ -- Petr Cech Sat, 1 Sep 2001 20:59:40 +0200
+
+php4 (3:4.0.6-5) unstable; urgency=low
+
+ * Recompile for libc-client2001 (I hope it doesn't break anything else)
+ And many other libraries.
+ * ATTENTION. php4 still doesn't work with autoconf 2.52 and thus libtool 1.4b!!
+ You have to get libtool 1.4 to be able to use phpize.
+
+ -- Petr Cech Wed, 22 Aug 2001 23:26:08 +0200
+
+php4 (3:4.0.6-4) unstable; urgency=high
+
+ * Add pear/CODING_STANDARDS into php4-pear (fixes 105574. closed too early. sorry)
+ * Fix the nasty segfaults with mail(). That'll teach me taking upstream
+ changes without looking. Thanks Cvetan Ivanov for the correct fix (also upstream now)
+ (closes: #105686, #105878).
+
+ -- Petr Cech Fri, 20 Jul 2001 23:07:30 +0200
+
+php4 (3:4.0.6-3) unstable; urgency=high
+
+ * ext/standard/mail.c: security fix
+ * debian/control: Build-Depends: libtool (>= 1.4)
+ * ext/curl/curl.c: fix typo
+ * ext/gd/config.m4: fix typo
+ * ext/mcrypt/mcrypt.c: upstream buffer overflow fix
+ * ext/mhash/mhash.c: upstream buffer overflow fix
+ * ext/pgsql/pgsql.c: fix
+ * ext/posix/config.m4: check for getpgid
+ * ext/sablot/sablot.c: fix leaks
+ * ext/standard/url* : fixes
+ * ext/sysvshm/sysvshm.c: fixes
+ * Zend/*: small fixes
+
+ -- Petr Cech Fri, 13 Jul 2001 16:21:04 +0200
+
+php4 (3:4.0.6-2) unstable; urgency=low
+
+ * pear/Makefile.in: add IT_Error.php to installed files (closes: #103087)
+ * debian/control: - allow also libcurl-ssl-dev as Build-Depends (closes: #103618)
+ - libfreetype6-dev to Build-Depends
+ - add auto* suite to php4-dev depends (closes: #104199)
+ * debian/rules: - build gd module with freetype2 support
+ - move common ./configure flags to COMMON_CONFIG
+ - build with mbstring support
+
+ -- Petr Cech Fri, 13 Jul 2001 08:22:02 +0200
+
+php4 (3:4.0.6-1) unstable; urgency=medium
+
+ * New upstream release.
+ * NOTE: new extension will probably be in another upload, to get this
+ into testing ...
+
+ -- Petr Cech Mon, 25 Jun 2001 20:43:24 +0200
+
+php4 (3:4.0.5.6rc3-3) unstable; urgency=low
+
+ * The "I hate sablot release". Recompile with 0.60
+ * debian/php4-domxml.postrm: also fix the :: (closes: #101306)
+ * debian/rules: --enable-ctype - still EXPERIMENTAL!!! Bug upstream
+
+ -- Petr Cech Mon, 18 Jun 2001 09:46:17 +0200
+
+php4 (3:4.0.5.6rc3-2) unstable; urgency=low
+
+ * ext/sablot/config.m4: link sablot.so with -lsablot, not main php4
+ * build/ ... : upstream fix for building with automake 1.4-pX
+ * don't fail, when libssl-dev is not installed. sigh
+
+ -- Petr Cech Thu, 14 Jun 2001 23:36:34 +0200
+
+php4 (3:4.0.5.6rc3-1) unstable; urgency=low
+
+ * New upstream test release.
+ * Recompile with apache 1.3.20
+ * debian/control:
+ - php4-dev: Depends: bison, flex (closes: #100634)
+ - Build-Depends: libcurl-dev (>=7.8)
+ * debian/rules:
+ - add --enable-bcmath to all rules (closes: #100491)
+ * Zend/zend.c: apply upstream fix to allow building of caudium
+
+ -- Petr Cech Tue, 12 Jun 2001 22:27:26 +0200
+
+php4 (3:4.0.5.6rc2-1) unstable; urgency=low
+
+ * New upstream test release.
+ * FIx regex/regex.h (int regoff_t)
+ * fix php4-cgi build with pcre - don't use supplied pcre
+ * Fix wddx support (closes: #99468)
+ * Add missing $(INSTALL_ROOT) to sapi/caudium/config.m4
+
+ -- Petr Cech Fri, 8 Jun 2001 11:37:07 +0200
+
+php4 (3:4.0.5.6rc1-1) unstable; urgency=low
+
+ * New upstream test release with new bugs :))
+ * moved pear from /usr/lib/php4 to /usr/share/php4
+ * Whups. Sorry about the epoch 3: . It somehow slipped in, so I'll
+ have to live with it
+
+ -- Petr Cech Wed, 16 May 2001 14:14:04 +0200
+
+php4 (3:4.0.5-2) unstable; urgency=low
+
+ * Build-Depend on newer libmhash-dev, as it supposedly doesn't
+ compile on current woody (closes: #96555)
+ * Build-Depends: s/freetype2/libttf-dev/
+ * Stop building php4-pgsql - move to non-US
+ * Build-Deps on new libsablot0
+
+ -- Petr Cech Thu, 10 May 2001 10:43:02 +0200
+
+php4 (3:4.0.5-1) unstable; urgency=medium
+
+ * New upstream release.
+ * recompile with new sablot - how I hate this (closes: #95401)
+ * Merge XML into main php4
+ * Reword README.Debian (closes: #89667)
+ * Enable wddx
+ * debian/*.postinst: * only ask upon first install, not upgrade (closes: #93452)
+ * fix typos (closes: #94118)
+ * Added support for Sybase/MS SQL Server (using FreeTDS)
+ using patch from:
+ http://rpms.arvin.dk/php/source/patches/php-sybase_ct.patch
+ thanks to Bradley Bell for the patch
+ * ext/pcre : two upstream fixes
+ * ext/sablot/sablot.c: small upstream fix
+ * build/buildcheck.sh : fixes to allow compile with libtool 1.4
+ * ext/standard/exec.c: upstream fixes
+ * sapi/apache/mod_php4.c: off by one fix
+ * sapi/cgi/cgi_main.c: fix POST bug
+ * main/snprintf.c: upstream fix
+
+ -- Petr Cech Wed, 3 May 2001 22:17:10 +0200
+
+php4 (4.0.4.5rc6-2) unstable; urgency=low
+
+ * Build-depends: libcurl-dev will pull libcurl2 (closes: #92994)
+ * TSRM/TSRM.c: upstream fix
+ * ext/pgsql: upstream fix
+
+ -- Petr Cech Thu, 5 Apr 2001 17:51:09 +0200
+
+php4 (4.0.4.5rc6-1) unstable; urgency=low
+
+ * New upstream test release.
+ * Don't mention CGI support, as it's not so for a long time.
+
+ -- Petr Cech Wed, 4 Apr 2001 13:47:45 +0200
+
+php4 (4.0.4.5rc5-1) unstable; urgency=low
+
+ * New upstream test release.
+ * ask about /etc/php4/cgi/php.ini also
+ * It's really recompiled for 1.3.19 (closes: #91901, #91822)
+ * problems with modules documented (closes: #81141, #82611)
+
+ -- Petr Cech Mon, 2 Apr 2001 09:38:16 +0200
+
+php4 (4.0.4.5rc3-1) unstable; urgency=low
+
+ * New upstream RC release
+ * debian/rules: s/with-yp/enable-yp/ to really enable YP support. Discovered
+ on broken potato upload. -0potato2 is fixed
+ * Looks like there was a bug in latest build, this should fix it (closes: #92018)
+ * remove libmcal0 workaround
+
+ -- Petr Cech Wed, 28 Mar 2001 21:15:36 +0200
+
+php4 (4.0.4.5rc2-1) unstable; urgency=low
+
+ * New upstream release test release 4.0.5RC2.
+ * debian/rules: Add lintian overrides
+ * debian/control: * add libexpat1-dev to Build-Depends
+ * add libmcal0 to Build-Depends since libmcal0-dev is
+ missing this dependancy :(( Bug filled
+ * ext/socket/socket.c: minor upstream patch
+
+ -- Petr Cech Mon, 26 Mar 2001 20:43:49 +0200
+
+php4 (4.0.4pl1-6) unstable; urgency=low
+
+ * NEVER RELEASED
+ * Build-depends on libcurl1-dev (>= 7.6.1-5), which fixes the libcurl1 or
+ libcurl1-ssl problem.
+ * remove dh_testversion and use versioned Build-depends instead
+
+ -- Petr Cech Tue, 13 Mar 2001 23:20:58 +0100
+
+php4 (4.0.4pl1-5) unstable; urgency=low
+
+ * Add lintian overrides
+ * Rebuild with correct libgd-dev installed. Sorry
+ (closes: #88490, #88255, #88371, #88619, #88635)
+ * Closed by fixed libjpeg (closes: #85865, #88141)
+
+ -- Petr Cech Tue, 6 Mar 2001 17:26:41 +0100
+
+php4 (4.0.4pl1-4) unstable; urgency=low
+
+ * The "Enable what you can" release.
+ * Enable sablot extension (many files) (closes: #84073)
+ * Enable mcal extension (finaly closes: #65688, #85925)
+ * Build-Conflicts: bind-dev - this supposedly causes unresolved symbols.
+ Why?
+ * ext/pgsql/pgsql.c: apply tiny patch, which should fix postgres
+ problems. There is a better patch in CVS, but it needs changes to Zend
+ * pear/pear.in: binary is php4 no php (closes: #87848)
+ * ext/domxml/config.m4: link with -lxml2 (closes: #87457)
+ * debian/README.Debian: add notes about ldap, imap and mhash extensions
+ * debian/{control,rules}: activate bz2 extension
+ * php4.ini-dist: comment out include_path so php will use compiled in
+ path (closes 2nd part of 87848)
+
+ -- Petr Cech Wed, 28 Feb 2001 10:18:11 +0100
+
+php4 (4.0.4pl1-3) unstable; urgency=medium
+
+ * Fixed postrm issues. Sorry
+
+ -- Petr Cech Sun, 4 Feb 2001 06:13:00 +0100
+
+php4 (4.0.4pl1-2) unstable; urgency=medium
+
+ * debian/control: Build-depends: xlibs-dev (seems it's missing and causes
+ failed builds for arm, m68k and powerpc)
+ s/libsnmp4.1/libsnmp4.2/ (closes: #84139)
+ * debian/php4.*: make LoadModule matching case insensitive (fixes 83641
+ for unstable)
+
+ -- Petr Cech Wed, 31 Jan 2001 10:14:29 +0100
+
+php4 (4.0.4pl1-1) unstable; urgency=high
+
+ * New upstream version.
+ * This release fixes some security problems.
+ * Some patches from previous versions are not here.
+ * debian/control: Build-depends on newer libcurl1-dev, remove librecode-dev
+ * debian/control: add libjpeg62-dev to build-depends from powerpc buildlog
+ (hmm. Where ir Roman?)
+ * debian/php4{,-cgi}.postinst: don't mark php.ini as conffile and install it
+ when it doesn't already exist. I should find a way to check, that the default
+ php.ini changed and user should update it.
+ * debian/php4{,-cgi}.postrm: cleanup the /etc/php4 dir after purge
+ * fix xml.so not working with php4-cgi
+
+ -- Petr Cech Thu, 23 Jan 2001 11:12:59 +0100
+
+php4 (4.0.4final-6) unstable; urgency=medium
+
+ * OK. Now also fix the prerm issues (closes: #81418) and to ease
+ that thanks for submiting bugs (closes: #81818, #81819)
+ * some upstream updates: browsercap, php-config
+
+ -- Petr Cech Wed, 10 Jan 2001 14:04:19 +0100
+
+php4 (4.0.4final-5) unstable; urgency=medium
+
+ * OK. Take a deep breath and fix those bloody postinst
+ bugs - fix it and rewrite from ed -> sed, because ed is not essential :(
+ closes: #80801.
+ * apply some upstream fixes.
+ * disable ctype extension - not yet ready
+
+ -- Petr Cech Tue, 2 Jan 2001 13:40:35 +0100
+
+php4 (4.0.4final-4) unstable; urgency=low
+
+ * debian/libc-client.la: add -lpam -ldl -lcrypt
+ * fix php4-cgi.postinst bugs (closes: #80817, #80805, #80801)
+
+ -- Petr Cech Fri, 29 Dec 2000 11:40:43 +0100
+
+php4 (4.0.4final-3) unstable; urgency=low
+
+ * Brown Xmas Sock Release
+ * Grr. correctly fix the php4 postinst error
+ (closes: #80303, #80324, #80326, #80359)
+ NMU by Wichert Akkerman (closes: #80381)
+ * also fix php4-cgi. NMU by Marcelo E. Magallon
+ (closes: #80406).
+ * fix fix for php4-cgi postinst s/apache/cgi/
+ * apply some upstream fixes to ext/session/
+ * domxml/config.m4: fix my -Lshared,/usr/lib error
+ * debian/rules:
+ * add --enable-ctype to both targets
+ * --diable-pear to CGI target
+ * generate Depends: php4 (=ver) | php4-cgi (=ver)
+
+ -- Petr Cech Wed, 27 Dec 2000 15:29:56 +0100
+
+php4 (4.0.4final-2) unstable; urgency=low
+
+ * Run apacheconfig with --force-modules.
+ * Fix stupid bug in php4 and php4-cgi postinst.
+ * ext/sysvshm/sysvshm.c : upstream fix
+
+ -- Petr Cech Thu, 21 Dec 2000 22:58:27 +0100
+
+php4 (4.0.4final-1) unstable; urgency=low
+
+ * New upstream version.
+ * Sorry for the version, but da-katie doesn't allow overwriting of files, notably
+ .orig.tar.gz. It's my fault I know, but it worked till now.
+
+ -- Petr Cech Wed, 20 Dec 2000 01:32:34 +0100
+
+php4 (4.0.4-0RC6.1) unstable; urgency=low
+
+ * OK. Final final RC for 4.0.4.
+ * Build-depends on libxml2-dev (>= 2.2.7) because php needs this.
+ * Activate ndbm dba driver.
+
+ -- Petr Cech Sun, 17 Dec 2000 19:43:51 +0100
+
+php4 (4.0.4-0RC5.1) unstable; urgency=low
+
+ * UNRELEASED.
+ * Final RC for 4.0.4.
+ * Some mods to README.Debian and TODO
+
+ -- Petr Cech Wed, 13 Dec 2000 00:01:08 +0100
+
+php4 (4.0.4-0RC4.1) unstable; urgency=low
+
+ * New upstream beta release. Let's stabilize things now and add new
+ modules after final release of 4.0.4.
+
+ -- Petr Cech Thu, 7 Dec 2000 10:12:11 +0100
+
+php4 (4.0.4-0RC3.2) unstable; urgency=low
+
+ * recompile with new libc-client200-dev.
+ * fix source recompile
+ * depend on fixed apache 1.3.14-2
+
+ -- Petr Cech Thu, 7 Dec 2000 00:49:14 +0100
+
+php4 (4.0.4-0RC3.1) unstable; urgency=low
+
+ * New upstream beta release.
+ * Add libxml2-dev to build-depends (closes: #78479).
+ * implement DEB_BUILD_OPTIONS
+ * fix apache build wrt. apxs
+ * fix typo in description of curl modules (closes: #78828)
+
+ -- Petr Cech Tue, 5 Dec 2000 14:22:30 +0100
+
+php4 (4.0.3pl1-7) unstable; urgency=low
+
+ * Rebuild with apache 1.3.14-1
+
+ -- Petr Cech Fri, 1 Dec 2000 01:41:41 +0100
+
+php4 (4.0.3pl1-6) unstable; urgency=low
+
+ * add --enable-memory-limit
+ * add --enable-exif per request from William Ono.
+ * Add Suggests: phpdoc (yes. it's here).
+ * ext/standard/crypt.c - fix from CVS.
+ * ext/ftp/ftp.{c,h} - fix mkdir() and RETR, STOR
+ * ext/gd/gd.c - add format string
+ - add XBM to phpinfo()
+ * ext/imap/php_imap.{c,h} - CVS fixes
+ * main/main.c - fix CGI crash
+ - add HTTP_SERVER_VARS in CGI mode
+ * and many more. Taken from php4.srpm (thanks :))
+ * recompile with apache 1.3.12-2.2
+ * and hack large files support into DSO module. php4 doesn't use it now :((
+
+ -- Petr Cech Thu, 30 Nov 2000 00:01:39 +0100
+
+php4 (4.0.3pl1-5) unstable; urgency=low
+
+ * Back out changes about --enable-versioning
+ * ext/domxml/php_domxml.c : fix compilation with recent libxml2 (>=2.2.7)
+
+ -- Petr Cech Tue, 21 Nov 2000 18:03:56 +0100
+
+php4 (4.0.3pl1-4) unstable; urgency=low
+
+ * Clarify README.Debian about the DB change a bit (dbm_ -> dba_*)
+ * Remove aliasing hack - deprecated upstream. (closes: #76558)
+ * Compile with libgd-dev again (Write 100x always reinstall libgd-dev).
+ * --enable-versioning and tweak debian/control a bit, let's see, what breaks
+
+ -- Petr Cech Tue, 14 Nov 2000 10:00:54 +0100
+
+php4 (4.0.3pl1-3) unstable; urgency=low
+
+ * Activate curl module.
+ * Really enable shmop module.
+ * Fix include paths in phpize. Now everyone should be able to easilly build
+ php4 extension modules (php4-dbase anyone?).
+
+ -- Petr Cech Mon, 6 Nov 2000 23:17:41 +0100
+
+php4 (4.0.3pl1-2) unstable; urgency=low
+
+ * Build with libgd-dev installed (NOT libgd-gif).
+
+ -- Petr Cech Tue, 17 Oct 2000 02:08:36 +0200
+
+php4 (4.0.3pl1-1) unstable; urgency=medium
+
+ * New upstream bugfix release.
+ * Depend on libopenldap1 as with the newer ldap module crashes php&apache.
+
+ -- Petr Cech Mon, 16 Oct 2000 15:30:55 +0200
+
+php4 (4.0.3-2) unstable; urgency=high
+
+ * Urgency=high because last upload didn't have it ad it fixes some
+ security holes.
+ * ext/domxml/config.m4: don't try to build then --without-domxml
+
+ -- Petr Cech Thu, 12 Oct 2000 12:50:17 +0200
+
+php4 (4.0.3-1) unstable; urgency=low
+
+ * New upstream release.
+ - fixes also some string format bugs
+ * Build with fixed libmysqlclient10-dev.
+
+ -- Petr Cech Thu, 12 Oct 2000 00:00:07 +0200
+
+php4 (4.0.2-7) unstable; urgency=low
+
+ * Really, really install libldap2-dev.
+ * Workaround broken libmysqlclient9-dev. It has broken (again) .so symlink.
+
+ -- Petr Cech Tue, 10 Oct 2000 22:28:48 +0200
+
+php4 (4.0.2-6) unstable; urgency=low
+
+ * Again fix description a little bit.
+ * Correct build-depends.
+ * Sic. Recompile, because I've busted (libopenldap-dev instead of
+ libldap2-dev was installed).
+ * While at it install also new apache glibc NMU and recompile with it.
+ * Move PEAR from php4-dev to php4 and install ALL of PEAR.
+ * add --prefix=/usr
+ * debhelper v2
+ * prepare for CURL module
+ * Updated README.Debian
+ * updated XML module from php4 CVS to close: #72360
+
+ -- Petr Cech Mon, 2 Oct 2000 14:36:35 +0200
+
+php4 (4.0.2-5) unstable; urgency=low
+
+ * Correct build-depends (libgd1-dev -> libgd-dev). Where is Roman? :)
+ * Add libdb2-dev (>= 2:2.7.7-2.1) to build-depends for glibc 2.1.94.
+ * and recompile with glibc 2.1.94 to fix it.
+
+ -- Petr Cech Wed, 27 Sep 2000 09:00:27 +0200
+
+php4 (4.0.2-4) unstable; urgency=low
+
+ * Tweak description a little bit more.
+
+ -- Petr Cech Sun, 24 Sep 2000 23:58:15 +0200
+
+php4 (4.0.2-3) unstable; urgency=low
+
+ * Add info about what modules and why are enabled/disabled
+ into README.Debian.
+ * Install not so many docs (only in -dev now).
+ * Enable calendar and sockets modules.
+ * Rearange package descriptions so module-specific comments
+ go first.
+ * Create domxml module aka xmlv2.
+ * Fix spelling wan't -> want (closes: #70544).
+ * Add libraries for gd module only when linking this one
+ and not globaly (closes: #71623).
+ * Say that we wait for ENTER (closes: #71769).
+ * Fix logic in prerm script (closes: #71770).
+
+ -- Petr Cech Sun, 24 Sep 2000 17:54:52 +0000
+
+php4 (4.0.2-2) unstable; urgency=low
+
+ * Add info about what modules and why are enabled/disabled
+ into README.Debian.
+ * Install not so many docs (only in -dev now).
+ * Enable calendar and sockets modules.
+ * Rearange package descriptions so module-specific comments
+ go first.
+ * Create domxml module aka xmlv2.
+ * Fix building (small typo).
+ * Compile with libmysqlclient9-dev installed.
+
+ -- Petr Cech Mon, 18 Sep 2000 23:46:40 +0200
+
+php4 (4.0.2-1) unstable; urgency=low
+
+ * The "Back from vacation" release.
+ * New upstream fixed (and bugs).
+ * Correct postm script (only cosmetic) closes: #67350, #68541
+ * build with libpcre3, libldap2
+ * Use modified patch from -3 (remove #define XML_... php_XML_...)
+
+ -- Petr Cech Thu, 7 Sep 2000 23:17:59 +0200
+
+php4 (4.0.1pl2-3) unstable; urgency=low
+
+ * UNRELEASED
+ * Fixed the XML packages.
+
+ -- Norman Jordan Thu, 10 Aug 2000 21:45:15 +0000
+
+php4 (4.0.1pl2-2) unstable; urgency=low
+
+ * Fix source archive.
+
+ -- Petr Cech Tue, 11 Jul 2000 11:04:48 +0000
+
+php4 (4.0.1pl2-1) unstable; urgency=low
+
+ * New upstream bug fix release (variation of the patches in -2)
+ * Build with new libgd1 library (maybe still in Incoming)
+ * Move PEAR stuff to php4 package (closes: #66897).
+
+ -- Petr Cech Sun, 9 Jul 2000 09:01:06 +0000
+
+php4 (4.0.1-2) unstable; urgency=low
+
+ * Apply some CVS diffs in an attempt to fix opendir() problems.
+
+ -- Petr Cech Fri, 30 Jun 2000 09:04:24 +0000
+
+php4 (4.0.1-1) unstable; urgency=low
+
+ * New upstream release (taken from CVS tag php_4_0_1).
+ * --with-regex=system else it plays havoc. Dunno why ...
+ * remove autoconf,automake,aclocal from configure rules.
+ * Fix description of XML --help message (no, it's not MySQL).
+
+ -- Petr Cech Wed, 28 Jun 2000 22:55:16 +0200
+
+php4 (4.0.0-4) unstable; urgency=low
+
+ * Add -dev package (closes: #65907).
+ * Add -cgi and -cgi-* packages (closes: #51097, #52855).
+ * --enable-filepro
+ * Tweak copyright file a bit.
+ * Generate mhash module (closes part of 63186).
+ * Ask to remove libphp4 from httpd.conf upon remove/purge.
+ * Fixed build-depends, thanks to Roman Hodek (closes: #65938).
+ (I told you the first time it won't work :))
+ * Mark /etc/php4/cgi/php.ini as conffile.
+ * Every module now ask if it should be enabled on install
+ (if it's not already) and disabled on remove/purge.
+
+ -- Petr Cech Tue, 20 Jun 2000 14:29:01 +0200
+
+php4 (4.0.0-3) unstable; urgency=low
+
+ * Ship correct php.ini (extension_dir=/usr/lib/php4/apache).
+ * Don't use included libmysqlclient and use system one (fixes
+ wrong location of mysqld.sock)
+ * link XML module dynamicly with system xmlparse and xmltok.
+
+ -- Petr Cech