--- php5-5.3.3.orig/debian/php5-cgi.dirs
+++ php5-5.3.3/debian/php5-cgi.dirs
@@ -0,0 +1,4 @@
+/etc/php5/cgi
+/usr/lib/cgi-bin
+/usr/bin
+/usr/share/man/man1
--- php5-5.3.3.orig/debian/libapache2-mod-php5filter.conf
+++ php5-5.3.3/debian/libapache2-mod-php5filter.conf
@@ -0,0 +1,6 @@
+
+
+ SetInputFilter PHP
+ SetOutputFilter PHP
+
+
--- php5-5.3.3.orig/debian/libapache2-mod-php5.postinst
+++ php5-5.3.3/debian/libapache2-mod-php5.postinst
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+#DEBHELPER#
+
+reload_apache()
+{
+ if apache2ctl configtest 2>/dev/null; then
+ invoke-rc.d apache2 force-reload || true
+ else
+ echo "Your apache2 configuration is broken, so we're not restarting it for you."
+ fi
+}
+
+# we've registered a trigger to handle extension updates.
+if [ "$1" = "triggered" ] && [ "$2" = "/etc/php5/conf.d" ]; then
+ reload_apache
+ exit 0
+elif [ "$1" != "configure" ]; then
+ exit 0
+fi
+
+phpini="/etc/php5/apache2/php.ini"
+
+ucf /usr/share/php5/php.ini-production $phpini
+
+if [ -n "$2" ]; then
+ # recover the previous state
+ if [ -e /etc/php5/apache2/.start ]; then
+ a2enmod php5 >/dev/null || true
+ rm -f /etc/php5/apache2/.start
+ fi
+# we're upgrading. test if we're enabled, and if so, restart to reload the module.
+ if [ -e /etc/apache2/mods-enabled/php5.load ]; then
+ reload_apache
+ fi
+ exit 0
+fi
+
+if [ -e /etc/apache2/apache2.conf ]; then
+# Enable the module, but hide a2enmod's misleading message about apachectl
+# and force-reload the thing ourselves.
+ a2enmod php5 >/dev/null || true
+ reload_apache
+fi
+
+exit 0
--- php5-5.3.3.orig/debian/php5-fpm.postinst
+++ php5-5.3.3/debian/php5-fpm.postinst
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+set -e
+
+#DEBHELPER#
+
+if [ "$1" != "configure" ]; then
+ exit 0
+fi
+
+phpini="/etc/php5/fpm/php.ini"
+
+ucf /usr/share/php5/php.ini-production $phpini
+
+exit 0
--- php5-5.3.3.orig/debian/libapache2-mod-php5filter.postinst
+++ php5-5.3.3/debian/libapache2-mod-php5filter.postinst
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -e
+
+#DEBHELPER#
+
+reload_apache()
+{
+ if apache2ctl configtest 2>/dev/null; then
+ invoke-rc.d apache2 force-reload || true
+ else
+ echo "Your apache2 configuration is broken, so we're not restarting it for you."
+ fi
+}
+
+# we've registered a trigger to handle extension updates.
+if [ "$1" = "triggered" ] && [ "$2" = "/etc/php5/conf.d" ]; then
+ reload_apache
+ exit 0
+elif [ "$1" != "configure" ]; then
+ exit 0
+fi
+
+phpini="/etc/php5/apache2filter/php.ini"
+
+ucf /usr/share/php5/php.ini-production $phpini
+
+if [ -n "$2" ]; then
+ # recover the previous state
+ if [ -e /etc/php5/apache2filter/.start ]; then
+ a2enmod php5filter >/dev/null || true
+ fi
+# we're upgrading. test if we're enabled, and if so, restart to reload the module.
+ if [ -e /etc/apache2/mods-enabled/php5filter.load ]; then
+ reload_apache
+ fi
+ exit 0
+fi
+
+if [ -e /etc/apache2/apache2.conf ]; then
+# Enable the module, but hide a2enmod's misleading message about apachectl
+# and force-reload the thing ourselves.
+ a2enmod php5filter >/dev/null || true
+ reload_apache
+fi
+
+exit 0
--- php5-5.3.3.orig/debian/php5-sapi.lintian-overrides
+++ php5-5.3.3/debian/php5-sapi.lintian-overrides
@@ -0,0 +1,6 @@
+# The extensions directory must exist, even if empty
+@sapi@: package-contains-empty-directory @extdir@/
+# Not a spelling mistake, just a compilation curiosity
+@sapi@: spelling-error-in-binary * ment meant
+# Not a spelling mistake, tz code for Tahiti
+@sapi@: spelling-error-in-binary * taht that
--- php5-5.3.3.orig/debian/php-pear.doc-base.php-structures-graph
+++ php5-5.3.3/debian/php-pear.doc-base.php-structures-graph
@@ -0,0 +1,8 @@
+Document: php-structures-graph
+Title: PEAR Structures_Graph
+Abstract: API documentation of the Structures_Graph module.
+Section: Programming
+
+Format: HTML
+Index: /usr/share/doc/php-pear/PEAR/Structures_Graph/docs/html/index.html
+Files: /usr/share/doc/php-pear/PEAR/Structures_Graph/docs/html/Structures_Graph/*.html
--- php5-5.3.3.orig/debian/php5-module.ini
+++ php5-5.3.3/debian/php5-module.ini
@@ -0,0 +1,2 @@
+; configuration for php @extname@ module
+extension=@dsoname@.so
--- php5-5.3.3.orig/debian/rules
+++ php5-5.3.3/debian/rules
@@ -0,0 +1,700 @@
+#!/usr/bin/make -f
+# Sample debian/rules that uses debhelper.
+# GNU copyright 1997 by Joey Hess.
+#
+# This version is for a hypothetical package that builds an
+# architecture-dependant package, as well as an architecture-independent
+# package.
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+# This has to be exported to make some magic below work.
+export DH_OPTIONS
+
+# Set this flag to 'yes' if you want to disable all modifications breaking abi
+# compatibility to upstream
+PHP5_COMPAT=no
+
+DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
+DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
+DEB_HOST_ARCH ?= $(shell dpkg-architecture -qDEB_HOST_ARCH)
+
+PHP5_HOST_GNU_TYPE = $(subst gnulp,gnu,$(DEB_HOST_GNU_TYPE))
+PHP5_BUILD_GNU_TYPE = $(subst gnulp,gnu,$(DEB_BUILD_GNU_TYPE))
+
+PHP5_HOST_GNU_TYPE := $(shell echo $(PHP5_HOST_GNU_TYPE) | sed 's/-gnu$$//')
+PHP5_BUILD_GNU_TYPE := $(shell echo $(PHP5_BUILD_GNU_TYPE) | sed 's/-gnu$$//')
+
+PHP5_SOURCE_VERSION = $(shell dpkg-parsechangelog | grep ^Version | sed "s/Version: //")
+PHP5_UPSTREAM_VERSION = $(shell echo $(PHP5_SOURCE_VERSION) | sed -e "s/-.*//" -e "s/.*://")
+PHP5_DEBIAN_REVISION = $(shell echo $(PHP5_SOURCE_VERSION) | sed "s/.*-//")
+
+MYSQL_PORT := $(shell for i in $$(seq 1025 3600); do nc -z localhost $$i || { echo $$i; exit; } ; done)
+MYSQL_DATA_DIR ?= $(shell readlink -f mysql_db)
+ifeq (,$(MYSQL_PORT))
+ $(error Could not find available port for mysql server)
+endif
+MYSQL_SOCKET = $(MYSQL_DATA_DIR)/mysql.sock
+
+# specify some options to our patch system
+QUILT_DIFF_OPTS=-p
+QUILT_NO_DIFF_TIMESTAMPS=1
+export QUILT_DIFF_OPTS QUILT_NO_DIFF_TIMESTAMPS
+
+PROG_SENDMAIL = /usr/sbin/sendmail
+ifeq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
+ CFLAGS += -O2
+else
+ CFLAGS += -O0
+endif
+CFLAGS += -Wall -fsigned-char -fno-strict-aliasing
+# LFS support
+ifneq (yes,$(PHP5_COMPAT))
+ CFLAGS += $(shell getconf LFS_CFLAGS)
+endif
+
+# Enable IEEE-conformant floating point math on alphas (not the default)
+ifeq (alpha-linux-gnu,$(DEB_HOST_GNU_TYPE))
+ CFLAGS += -mieee
+endif
+
+ifeq ($(DEB_HOST_GNU_TYPE), $(findstring $(DEB_HOST_GNU_TYPE), ia64-linux-gnu powerpc64-linux-gnu avr32-linux-gnu))
+ CFLAGS += -g
+else
+ CFLAGS += -gstabs
+endif
+
+# some other helpful (for readability at least) shorthand variables
+PHPIZE_BUILDDIR = debian/php5-dev/usr/lib/php5/build
+
+# support new (>= 2.2) and older versions of libtool for backporting ease
+LIBTOOL_DIRS = /usr/share/libtool/config /usr/share/libtool
+LTMAIN = $(firstword $(wildcard $(foreach d,$(LIBTOOL_DIRS),$d/ltmain.sh)))
+LTMAIN_DIR = $(dir $(LTMAIN))
+
+ifeq ($(LTMAIN_DIR), /usr/share/libtool/)
+LIBTOOL_CONFLICTS:=libtool (>= 2.2)
+else ifeq ($(LTMAIN_DIR), /usr/share/libtool/config/)
+LIBTOOL_CONFLICTS:=libtool (<< 2.2)
+else
+LIBTOOL_CONFLICTS:=$(error "could not resolve path to ltmain.sh")
+endif
+
+ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
+ NUMJOBS = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
+ MAKEFLAGS += -j$(NUMJOBS)
+endif
+
+# enable the hardening wrapper
+DEB_BUILD_HARDENING = 1
+# but disable PIE
+DEB_BUILD_HARDENING_PIE = 0
+export DEB_BUILD_HARDENING DEB_BUILD_HARDENING_PIE
+
+COMMON_CONFIG=--build=$(DEB_BUILD_GNU_TYPE) \
+ --host=$(DEB_HOST_GNU_TYPE) \
+ --sysconfdir=/etc \
+ --localstatedir=/var \
+ --mandir=/usr/share/man \
+ --disable-debug \
+ --with-regex=php \
+ --disable-rpath \
+ --disable-static \
+ --with-pic \
+ --with-layout=GNU \
+ --with-pear=/usr/share/php \
+ --enable-calendar \
+ --enable-sysvsem \
+ --enable-sysvshm \
+ --enable-sysvmsg \
+ --enable-bcmath \
+ --with-bz2 \
+ --enable-ctype \
+ --with-db4 \
+ --without-gdbm \
+ --with-iconv \
+ --enable-exif \
+ --enable-ftp \
+ --with-gettext \
+ --enable-mbstring \
+ --with-pcre-regex=/usr \
+ --enable-shmop \
+ --enable-sockets \
+ --enable-wddx \
+ --with-libxml-dir=/usr \
+ --with-zlib \
+ --with-kerberos=/usr \
+ --with-openssl=/usr \
+ --enable-soap \
+ --enable-zip \
+ --with-mhash=yes \
+ --with-exec-dir=/usr/lib/php5/libexec \
+ --with-system-tzdata
+
+BUILTIN_EXTENSION_CHECK=$$e=get_loaded_extensions(); natcasesort($$e); \
+ $$s="The following extensions are built in:"; \
+ foreach($$e as $$i) { $$s .= " $$i"; } \
+ echo("php:Extensions=" . wordwrap($$s . ".\n", 75, "\$${Newline} "));
+
+# include the patch/unpatch rules from quilt
+include /usr/share/quilt/quilt.make
+
+prepared: prepared-stamp
+prepared-stamp: $(QUILT_STAMPFN)
+ dh_testdir
+ sed -i -e 's/EXTRA_VERSION=""/EXTRA_VERSION="-$(PHP5_DEBIAN_REVISION)"/' configure.in
+ ./buildconf --force
+ touch prepared-stamp
+
+unprepared:
+ dh_testdir
+ sed -i -e 's/EXTRA_VERSION="-$(PHP5_DEBIAN_REVISION)"/EXTRA_VERSION=""/' configure.in
+ rm -f prepared-stamp
+
+test-results.txt: build-apache2-stamp build-cli-stamp build-cgi-stamp
+ifeq (,$(findstring nocheck,$(DEB_BUILD_OPTIONS)))
+ mkdir -p temp_session_store
+ # start our own mysql server for the tests
+ $(SHELL) debian/setup-mysql.sh $(MYSQL_PORT) $(MYSQL_DATA_DIR)
+ extensions=""; \
+ for f in $(CURDIR)/apache2-build/modules/*.so; do \
+ ext=`basename "$$f"`; \
+ test -d "$(CURDIR)/ext/$${ext%.so}/tests" || continue; \
+ test "$$ext" != "imap.so" || continue; \
+ test "$$ext" != "interbase.so" || continue; \
+ test "$$ext" != "ldap.so" || continue; \
+ test "$$ext" != "odbc.so" || continue; \
+ test "$$ext" != "pgsql.so" || continue; \
+ test "$$ext" != "pdo_dblib.so" || continue; \
+ test "$$ext" != "pdo_firebird.so" || continue; \
+ test "$$ext" != "pdo_odbc.so" || continue; \
+ test "$$ext" != "pdo_pgsql.so" || continue; \
+ test "$$ext" != "snmp.so" || continue; \
+ extensions="$$extensions -d extension=$$ext"; \
+ done; \
+ [ "$$extensions" ] || { echo "extensions list is empty"; exit 1; }; \
+ env MYSQL_TEST_PORT=$(MYSQL_PORT) MYSQL_TEST_SOCKET=$(MYSQL_SOCKET) PDO_MYSQL_TEST_PORT=$(MYSQL_PORT) PDO_MYSQL_TEST_SOCKET=$(MYSQL_SOCKET) NO_INTERACTION=1 TEST_PHP_CGI_EXECUTABLE=$(CURDIR)/cgi-build/sapi/cgi/cgi-bin.php5 TEST_PHP_EXECUTABLE=$(CURDIR)/cli-build/sapi/cli/php \
+ $(CURDIR)/cli-build/sapi/cli/php run-tests.php -d mysql.default_socket=$(MYSQL_SOCKET) -d mysqli.default_socket=$(MYSQL_SOCKET) -d extension_dir=$(CURDIR)/apache2-build/modules/ $$extensions| tee test-results.txt
+ rm -rf temp_session_store
+ @for test in `find . -name '*.log' -a '!' -name 'config.log' -a '!' -name 'bootstrap.log' -a '!' -name 'run.log'`; do \
+ echo; \
+ echo -n "$${test#./}:"; \
+ cat $$test; \
+ echo; \
+ done | tee -a test-results.txt
+ $(SHELL) debian/setup-mysql.sh $(MYSQL_PORT) $(MYSQL_DATA_DIR) stop
+else
+ echo 'nocheck found in DEB_BUILD_OPTIONS' | tee test-results.txt
+endif
+
+build: build-apache2-stamp build-apache2filter-stamp build-cgi-stamp build-cli-stamp build-fpm-stamp build-pear-stamp test-results.txt
+
+build-apache2-stamp: configure-apache2-stamp
+ dh_testdir
+ cd apache2-build && $(MAKE)
+
+ touch build-apache2-stamp
+
+build-apache2filter-stamp: configure-apache2filter-stamp
+ dh_testdir
+ cd apache2filter-build && $(MAKE)
+
+ touch build-apache2filter-stamp
+
+build-cli-stamp: configure-cli-stamp
+ dh_testdir
+ cd cli-build && $(MAKE)
+
+ touch build-cli-stamp
+
+build-fpm-stamp: configure-fpm-stamp
+ dh_testdir
+ cd fpm-build && $(MAKE)
+
+ touch build-fpm-stamp
+
+
+build-cgi-stamp: configure-cgi-stamp
+ dh_testdir
+ cd cgi-build && $(MAKE) && mv sapi/cgi/php-cgi sapi/cgi/cgi-bin.php5
+
+ # Dirty hack to not rebuild everything twice
+ cd cgi-build/main && \
+ sed -i -e 's/FORCE_CGI_REDIRECT 1/FORCE_CGI_REDIRECT 0/' \
+ -e 's/DISCARD_PATH 0/DISCARD_PATH 1/' php_config.h && \
+ sed -i -e 's/--enable-force-cgi-redirect/--enable-discard-path/' build-defs.h && \
+ touch ../../ext/standard/info.c && \
+ touch ../../sapi/cgi/cgi_main.c
+
+ cd cgi-build && $(MAKE) && mv sapi/cgi/php-cgi sapi/cgi/usr.bin.php5-cgi
+
+ touch build-cgi-stamp
+
+build-pear-stamp: build-cgi-stamp
+ dh_testdir
+ -mkdir pear-build
+ -mkdir pear-build-download
+ cd cgi-build && PHP_PEAR_DOWNLOAD_DIR=$(CURDIR)/pear-build-download $(MAKE) install-pear PHP_PEAR_PHP_BIN=/usr/bin/php PHP_PEAR_INSTALL_DIR=/usr/share/php PHP_PEAR_SYSCONF_DIR=/etc/pear PHP_PEAR_SIG_BIN=/usr/bin/gpg INSTALL_ROOT=$(CURDIR)/pear-build
+ sed -i -e 's/-d output_buffering=1 -d open_basedir="" -d safe_mode=0/-d output_buffering=1 -d open_basedir="" -d safe_mode=0 -d memory_limit="-1"/' \
+ $(CURDIR)/pear-build/usr/bin/pear && \
+ sed -i -e 's/-d output_buffering=1 -d safe_mode=0/-d output_buffering=1 -d open_basedir="" -d safe_mode=0 -d memory_limit="-1"/' \
+ $(CURDIR)/pear-build/usr/bin/pecl && \
+ sed -i -e 's/-d memory_limit="-1"//' \
+ -e 's/-d output_buffering=1 -d open_basedir="" -d safe_mode=0/-d output_buffering=1 -d open_basedir="" -d safe_mode=0 -d memory_limit="-1"/' \
+ $(CURDIR)/pear-build/usr/bin/peardev
+ sed -i -re "s#('PEAR_CONFIG_SYSCONFDIR', PHP_SYSCONFDIR)#\1 . '/pear'#" $(CURDIR)/pear-build/usr/share/php/PEAR/Config.php
+ touch build-pear-stamp
+
+configure: configure-apache2-stamp configure-apache2filter-stamp configure-cli-stamp configure-fpm-stamp configure-cgi-stamp
+
+configure-apache2-stamp: prepared-stamp
+ dh_testdir
+ if [ -d apache2-build ]; then rm -rf apache2-build; fi
+ -mkdir apache2-build
+ cd apache2-build && \
+ CFLAGS="$(CFLAGS)" PROG_SENDMAIL="$(PROG_SENDMAIL)" ../configure \
+ --prefix=/usr --with-apxs2=/usr/bin/apxs2 \
+ --with-config-file-path=/etc/php5/apache2 \
+ --with-config-file-scan-dir=/etc/php5/apache2/conf.d \
+ $(COMMON_CONFIG) \
+ --without-mm \
+ --with-curl=shared,/usr \
+ --with-enchant=shared,/usr \
+ --with-zlib-dir=/usr \
+ --with-gd=shared,/usr --enable-gd-native-ttf \
+ --with-gmp=shared,/usr \
+ --with-jpeg-dir=shared,/usr \
+ --with-xpm-dir=shared,/usr/X11R6 \
+ --with-png-dir=shared,/usr \
+ --with-freetype-dir=shared,/usr \
+ --enable-intl=shared \
+ --with-ttf=shared,/usr \
+ --with-t1lib=shared,/usr \
+ --with-ldap=shared,/usr \
+ --with-ldap-sasl=/usr \
+ --with-mysql=shared,/usr \
+ --with-mysqli=shared,/usr/bin/mysql_config \
+ --with-pspell=shared,/usr \
+ --with-unixODBC=shared,/usr \
+ --with-recode=shared,/usr \
+ --with-xsl=shared,/usr \
+ --with-snmp=shared,/usr \
+ --with-sqlite=shared,/usr \
+ --with-sqlite3=shared,/usr \
+ --with-mssql=shared,/usr \
+ --with-tidy=shared,/usr \
+ --with-xmlrpc=shared \
+ --with-pgsql=shared,/usr PGSQL_INCLUDE=`pg_config --includedir` \
+ --enable-pdo=shared \
+ --without-pdo-dblib \
+ --with-pdo-mysql=shared,/usr \
+ --with-pdo-odbc=shared,unixODBC,/usr \
+ --with-pdo-pgsql=shared,/usr/bin/pg_config \
+ --with-pdo-sqlite=shared,/usr \
+ --with-pdo-dblib=shared,/usr
+ cd apache2-build && \
+ cp ../Zend/zend_ini_scanner.c ../Zend/zend_language_scanner.c \
+ ../Zend/zend_ini_parser.h ../Zend/zend_language_parser.h \
+ ../Zend/zend_ini_parser.c ../Zend/zend_language_parser.c \
+ Zend/
+ touch configure-apache2-stamp
+
+configure-apache2filter-stamp: prepared-stamp
+ dh_testdir
+ if [ -d apache2filter-build ]; then rm -rf apache2filter-build; fi
+ -mkdir apache2filter-build
+ cd apache2filter-build && \
+ CFLAGS="$(CFLAGS)" PROG_SENDMAIL="$(PROG_SENDMAIL)" ../configure \
+ --prefix=/usr --with-apxs2filter=/usr/bin/apxs2 \
+ --with-config-file-path=/etc/php5/apache2filter \
+ --with-config-file-scan-dir=/etc/php5/apache2filter/conf.d \
+ $(COMMON_CONFIG) \
+ --without-mm \
+ --disable-pdo \
+ --without-mysql --without-sybase-ct --without-mssql \
+ --without-sqlite --without-sqlite3
+ cd apache2filter-build && \
+ cp ../Zend/zend_ini_scanner.c ../Zend/zend_language_scanner.c \
+ ../Zend/zend_ini_parser.h ../Zend/zend_language_parser.h \
+ ../Zend/zend_ini_parser.c ../Zend/zend_language_parser.c \
+ Zend/
+ touch configure-apache2filter-stamp
+
+configure-cgi-stamp: prepared-stamp
+ dh_testdir
+ if [ -d cgi-build ]; then rm -rf cgi-build; fi
+ -mkdir cgi-build
+ cd cgi-build && \
+ CFLAGS="$(CFLAGS)" PROG_SENDMAIL="$(PROG_SENDMAIL)" ../configure \
+ --prefix=/usr --enable-force-cgi-redirect --enable-fastcgi \
+ --with-config-file-path=/etc/php5/cgi \
+ --with-config-file-scan-dir=/etc/php5/cgi/conf.d \
+ $(COMMON_CONFIG) \
+ --without-mm \
+ --disable-pdo \
+ --without-mysql --without-sybase-ct --without-mssql \
+ --without-sqlite --without-sqlite3
+ cd cgi-build && \
+ cp ../Zend/zend_ini_scanner.c ../Zend/zend_language_scanner.c \
+ ../Zend/zend_ini_parser.h ../Zend/zend_language_parser.h \
+ ../Zend/zend_ini_parser.c ../Zend/zend_language_parser.c \
+ Zend/
+ touch configure-cgi-stamp
+
+configure-cli-stamp: prepared-stamp
+ dh_testdir
+ if [ -d cli-build ]; then rm -rf cli-build; fi
+ -mkdir cli-build
+ cd cli-build && \
+ CFLAGS="$(CFLAGS)" PROG_SENDMAIL="$(PROG_SENDMAIL)" ../configure \
+ --prefix=/usr --disable-cgi \
+ --with-config-file-path=/etc/php5/cli \
+ --with-config-file-scan-dir=/etc/php5/cli/conf.d \
+ $(COMMON_CONFIG) \
+ --with-libedit \
+ --without-mm \
+ --disable-pdo \
+ --without-mysql --without-sybase-ct --without-sqlite \
+ --without-mssql --without-sqlite3 --enable-pcntl
+ cd cli-build && \
+ cp ../Zend/zend_ini_scanner.c ../Zend/zend_language_scanner.c \
+ ../Zend/zend_ini_parser.h ../Zend/zend_language_parser.h \
+ ../Zend/zend_ini_parser.c ../Zend/zend_language_parser.c \
+ Zend/
+ touch configure-cli-stamp
+
+configure-fpm-stamp: prepared-stamp
+ dh_testdir
+ if [ -d fpm-build ]; then rm -rf fpm-build; fi
+ -mkdir fpm-build
+ cd fpm-build && \
+ CFLAGS="$(CFLAGS)" PROG_SENDMAIL="$(PROG_SENDMAIL)" ../configure \
+ --prefix=/usr --enable-fpm --disable-cgi \
+ --with-fpm-user=www-data --with-fpm-group=www-data \
+ --with-config-file-path=/etc/php5/fpm \
+ --with-config-file-scan-dir=/etc/php5/fpm/conf.d \
+ $(COMMON_CONFIG) \
+ --with-libevent-dir=/usr \
+ --without-mm \
+ --disable-pdo \
+ --without-mysql --without-sybase-ct --without-sqlite \
+ --without-mssql --without-sqlite3
+ cd fpm-build && \
+ cp ../Zend/zend_ini_scanner.c ../Zend/zend_language_scanner.c \
+ ../Zend/zend_ini_parser.h ../Zend/zend_language_parser.h \
+ ../Zend/zend_ini_parser.c ../Zend/zend_language_parser.c \
+ Zend/
+ touch configure-fpm-stamp
+
+clean: unprepared unpatch
+ dh_testdir
+ dh_testroot
+
+
+ rm -f configure-apache2-stamp build-apache2-stamp
+ rm -f configure-apache2filter-stamp build-apache2filter-stamp
+ rm -f configure-cgi-stamp build-cgi-stamp
+ rm -f configure-cli-stamp build-cli-stamp
+ rm -f configure-fpm-stamp build-fpm-stamp
+ rm -f build-pear-stamp
+ rm -f install-stamp
+ rm -rf apache2-build
+ rm -rf apache2filter-build
+ rm -rf cgi-build
+ rm -rf cli-build
+ rm -rf fpm-build
+ rm -rf pear-build pear-build-download
+ rm -f debian/copyright
+ # just in case the build tests failed, kill the running mysqld
+ $(SHELL) debian/setup-mysql.sh $(MYSQL_PORT) $(MYSQL_DATA_DIR) stop > /dev/null 2>&1 || exit 0
+ rm -rf test-results.txt $(MYSQL_DATA_DIR)
+ dh_clean -Xorig
+
+ # clean up autogenerated cruft
+ cat debian/modulelist | while read package extname dsoname; do \
+ rm -f debian/php5-$$package.postinst; \
+ done
+ for sapi in libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-fpm; do \
+ for cruft in postrm links; do \
+ rm -f debian/$${sapi}.$${cruft}; \
+ done; \
+ done
+
+install: DH_OPTIONS=
+install: build
+ dh_testdir
+ dh_testroot
+ dh_clean -k
+ dh_installdirs
+
+ chmod 01733 debian/php5-common/var/lib/php5
+
+ # Add here commands to install the package into debian/php5.
+ # install apache2 DSO module
+ cp apache2-build/.libs/libphp5.so \
+ debian/libapache2-mod-php5/`apxs2 -q LIBEXECDIR`/
+ cp debian/libapache2-mod-php5.load \
+ debian/libapache2-mod-php5/etc/apache2/mods-available/php5.load
+ cp debian/libapache2-mod-php5.conf \
+ debian/libapache2-mod-php5/etc/apache2/mods-available/php5.conf
+
+ # Add here commands to install the package into debian/php5.
+ # install apache2 DSO filter module
+ cp apache2filter-build/.libs/libphp5.so \
+ debian/libapache2-mod-php5filter/`apxs2 -q LIBEXECDIR`/libphp5filter.so
+ cp debian/libapache2-mod-php5filter.load \
+ debian/libapache2-mod-php5filter/etc/apache2/mods-available/php5filter.load
+ cp debian/libapache2-mod-php5filter.conf \
+ debian/libapache2-mod-php5filter/etc/apache2/mods-available/php5filter.conf
+
+ # sanitize php.ini file
+ cat php.ini-production | tr "\t" " " | sed -e'/short_open_tag =/ s/Off/On/g' > debian/php5-common/usr/share/php5/php.ini-production
+ # memory_limit: 16M for cgi/apache; 32M for cli
+ cat php.ini-production | tr "\t" " " | sed -e'/memory_limit =/ s/128M/32M/g' > debian/php5-common/usr/share/php5/php.ini-production-dist
+ cat php.ini-production | tr "\t" " " | sed -e'/memory_limit =/ s/128M/-1/g;/short_open_tag =/ s/Off/On/g' > debian/php5-common/usr/share/php5/php.ini-production.cli
+ cat php.ini-development | tr "\t" " " > debian/php5-common/usr/share/doc/php5-common/examples/php.ini-development
+ cp test-results.txt debian/php5-common/usr/share/doc/php5-common/
+
+ # install the apache modules' files
+ cd apache2-build && $(MAKE) install-headers install-build install-modules install-programs INSTALL_ROOT=$(CURDIR)/debian/libapache2-mod-php5
+ # remove netware and win32 headers that we don't want
+ cd debian/libapache2-mod-php5/usr/include/php5/ && \
+ $(RM) TSRM/readdir.h \
+ TSRM/tsrm_config.nw.h TSRM/tsrm_config.w32.h\
+ TSRM/tsrm_nw.h TSRM/tsrm_win32.h\
+ Zend/zend_config.nw.h Zend/zend_config.w32.h\
+ main/config.nw.h main/config.w32.h\
+ main/win95nt.h
+
+ # install PEAR
+ cp -a pear-build/* debian/php-pear/
+
+ # everything under usr/share/php/data except 'PEAR' is b0rken
+ # and actually needs to be fixed
+ [ ! -f debian/php-pear/usr/share/php/data/Structures_Graph/LICENSE ] || \
+ $(RM) debian/php-pear/usr/share/php/data/Structures_Graph/LICENSE
+ [ ! -f debian/php-pear/usr/share/php/doc/PEAR/INSTALL ] || \
+ $(RM) debian/php-pear/usr/share/php/doc/PEAR/INSTALL
+ [ ! -f debian/php-pear/usr/share/php/doc/Structures_Graph/docs/generate.sh ] || \
+ $(RM) debian/php-pear/usr/share/php/doc/Structures_Graph/docs/generate.sh
+ for f in Structures_Graph/publish.sh Structures_Graph/package.sh \
+ Structures_Graph/genpackage.xml.pl; do \
+ $(RM) debian/php-pear/usr/share/php/data/$$f; \
+ done
+ # we don't want test suites
+ $(RM) -r debian/php-pear/usr/share/php/test/
+ [ -d debian/php-pear/usr/share/php/doc ] && { \
+ mkdir -p debian/php-pear/usr/share/doc/php5-common/PEAR; \
+ mv debian/php-pear/usr/share/php/doc/* \
+ debian/php-pear/usr/share/doc/php5-common/PEAR/; \
+ $(RM) -r debian/php-pear/usr/share/php/doc; \
+ ln -s ../doc/php-pear/PEAR debian/php-pear/usr/share/php/doc; \
+ echo "Dummy placeholder to prevent the directory's deletion" > \
+ debian/php-pear/usr/share/doc/php5-common/PEAR/.placeholder; \
+ }
+
+ # install extensions
+ ext=`./debian/libapache2-mod-php5/usr/bin/php-config --extension-dir`;\
+ for i in libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-fpm php5-cli; do \
+ mkdir -p debian/$$i/$${ext}; \
+ done; \
+ cat debian/modulelist debian/extramodulelist | while read package extname dsoname; do \
+ if [ -z "$$dsoname" ]; then dsoname=$$package; fi; \
+ mkdir -p debian/php5-$$package$${ext}; \
+ chrpath debian/libapache2-mod-php5/$${ext}/$$dsoname.so; \
+ chrpath -d debian/libapache2-mod-php5/$${ext}/$$dsoname.so; \
+ install -m 644 -o root -g root \
+ debian/libapache2-mod-php5/$${ext}/$$dsoname.so \
+ debian/php5-$$package$${ext}/$$dsoname.so; \
+ rm debian/libapache2-mod-php5/$${ext}/$$dsoname.so; \
+ done
+
+ # install CGI
+ cp cgi-build/sapi/cgi/cgi-bin.php5 debian/php5-cgi/usr/lib/cgi-bin/php5
+ cp cgi-build/sapi/cgi/usr.bin.php5-cgi debian/php5-cgi/usr/bin/php5-cgi
+ cp cli-build/sapi/cli/php.1 debian/php5-cgi/usr/share/man/man1/php5-cgi.1
+
+ # install CLI
+ cp cli-build/sapi/cli/php debian/php5-cli/usr/bin/php5
+ cp cli-build/sapi/cli/php.1 debian/php5-cli/usr/share/man/man1/php5.1
+
+ # install FPM
+ mkdir -p debian/php5-fpm/usr/sbin debian/php5-fpm/usr/share/man/man8/ debian/php5-fpm/etc/php5/fpm/pool.d
+ cp fpm-build/sapi/fpm/php-fpm debian/php5-fpm/usr/sbin/php5-fpm
+ cp fpm-build/sapi/fpm/php-fpm.1 debian/php5-fpm/usr/share/man/man8/php5-fpm.8
+ # we don't want the pool definitions on the main file itself:
+ sed -r '/('"'"'|\[)www('"'"'|\])/Q' < fpm-build/sapi/fpm/php-fpm.conf > \
+ debian/php5-fpm/etc/php5/fpm/main.conf
+ # extract the first pool, called "www," from the config file:
+ sed -nr '/('"'"'|\[)www('"'"'|\])/{h;p;d};x;/www/{x;p}' < fpm-build/sapi/fpm/php-fpm.conf \
+ > debian/php5-fpm/etc/php5/fpm/pool.d/www.conf
+
+ # move and install -dev files
+ dh_movefiles --sourcedir=debian/libapache2-mod-php5
+ rm -rf debian/libapache2-mod-php5/usr/lib/php5/build/ \
+ debian/libapache2-mod-php5/usr/include/ \
+ debian/libapache2-mod-php5/usr/bin/
+ rm -rf debian/libapache2-mod-php5filter/usr/lib/php5/build/ \
+ debian/libapache2-mod-php5filter/usr/include/ \
+ debian/libapache2-mod-php5filter/usr/bin/
+ for i in Makefile.global acinclude.m4 mkdep.awk phpize.m4 scan_makefile_in.awk; do \
+ chmod 644 debian/php5-dev/usr/lib/php5/build/$$i; \
+ done
+ mkdir -p debian/php5-dev/usr/share/php5
+ cp -a ext/skeleton ext/ext_skel debian/php5-dev/usr/share/php5
+ sed -i 's/skel_dir="skeleton"/skel_dir="\/usr\/share\/php5\/skeleton"/' \
+ debian/php5-dev/usr/share/php5/ext_skel
+ # shipping duplicate files from other packages is hell for security audits
+ ln -sf /usr/share/misc/config.guess $(PHPIZE_BUILDDIR)/config.guess
+ ln -sf /usr/share/misc/config.sub $(PHPIZE_BUILDDIR)/config.sub
+ ln -sf /usr/share/aclocal/libtool.m4 $(PHPIZE_BUILDDIR)/libtool.m4
+ ln -sf $(LTMAIN_DIR)ltmain.sh $(PHPIZE_BUILDDIR)/ltmain.sh
+ ln -sf /usr/bin/shtool $(PHPIZE_BUILDDIR)/shtool
+ # make php-dev stuff versioned
+ for i in php-config phpize; do \
+ mv debian/php5-dev/usr/bin/$$i debian/php5-dev/usr/bin/"$$i"5; \
+ mv debian/php5-dev/usr/share/man/man1/"$$i".1 debian/php5-dev/usr/share/man/man1/"$$i"5.1; \
+ done
+
+ # install common files
+ install -m755 debian/maxlifetime debian/php5-common/usr/lib/php5
+
+ # install lintian overrides
+ cp debian/php5.lintian-overrides $(CURDIR)/debian/php5-common/usr/share/lintian/overrides/php5-common
+ cp debian/php5-dev.lintian-overrides $(CURDIR)/debian/php5-dev/usr/share/lintian/overrides/php5-dev
+
+ # install the apport hook
+ install -D -m 644 debian/source_php5.py debian/php5-common/usr/share/apport/package-hooks/source_php5.py
+
+ # install some generic lintian overrides
+ ext=`debian/php5-dev/usr/bin/php-config5 --extension-dir | cut -b2- `; \
+ for sapi in php5-cli php5-fpm php5-cgi libapache2-mod-php5 libapache2-mod-php5filter; do \
+ mkdir -p $(CURDIR)/debian/"$$sapi"/usr/share/lintian/overrides/; \
+ sed "s/@sapi@/$$sapi/g;s,@extdir@,$$ext,g" \
+ < $(CURDIR)/debian/php5-sapi.lintian-overrides \
+ >> $(CURDIR)/debian/"$$sapi"/usr/share/lintian/overrides/"$$sapi"; \
+ done
+
+ # directories cleanup:
+ -rmdir -p debian/libapache2-mod-php5/usr/share/man/man1
+ -find debian/php-pear -type d -exec rmdir --ignore-fail-on-non-empty -p '{}' \; >/dev/null 2>&1
+
+ touch install-stamp
+
+# Build architecture-independent files here.
+# Pass -i to all debhelper commands in this target to reduce clutter.
+binary-indep: DH_OPTIONS=-i
+binary-indep: build install
+ # Need this version of debhelper for DH_OPTIONS to work.
+ dh_testdir
+ dh_testroot
+ cat debian/copyright.header LICENSE Zend/LICENSE > debian/copyright
+
+ dh_installdocs
+
+ for package in php5 php-pear; do \
+ rm -rf debian/$$package/usr/share/doc/$$package; \
+ ln -s php5-common debian/$$package/usr/share/doc/$$package; \
+ done
+
+ dh_link
+ dh_compress -Xphp.ini
+ dh_fixperms
+ dh_installdeb
+ dh_gencontrol
+ dh_md5sums
+ dh_builddeb
+
+# Build architecture-dependent files here.
+binary-arch: build install
+ # Need this version of debhelper for DH_OPTIONS to work.
+ dh_testdir
+ dh_testroot
+ # Do this first so we don't overwrite any debhelper-generated files
+ #
+ # generate the maintscripts for various php
+ # modules from the templates.
+ cat debian/modulelist | while read package extname dsoname; do \
+ if [ -z "$$dsoname" ]; then dsoname=$$package; fi; \
+ sed -e"s/@extname@/$$extname/g; s/@dsoname@/$$dsoname/g; \
+ /#EXTRA#/ r debian/php5-$${package}.postinst.extra" \
+ < debian/php5-module.postinst \
+ | sed -e'/#EXTRA#/ d' \
+ > debian/php5-$${package}.postinst; \
+ c=`grep -vE '^(#|set|$$)' < debian/php5-$${package}.postinst | wc -l`; \
+ [ "$$c" != "0" ] || $(RM) debian/php5-$${package}.postinst; \
+ done
+
+ # generate the config snippets for various php
+ # modules from the templates.
+ cat debian/modulelist debian/extramodulelist | while read package extname dsoname; do \
+ if [ -z "$$dsoname" ]; then dsoname=$$package; fi; \
+ mkdir -p debian/php5-$$package/etc/php5/conf.d; \
+ sed -e"s/@extname@/$$extname/g; s/@dsoname@/$$dsoname/g" \
+ < debian/php5-module.ini \
+ > debian/php5-$${package}/etc/php5/conf.d/$${dsoname}.ini; \
+ done
+
+ # likewise, for the different sapi implementations
+ for tmpl in postrm links; do \
+ for sapi in apache2 apache2filter cgi cli fpm; do \
+ sed -e "s/@sapi@/$$sapi/g" \
+ < debian/php5-sapi.$$tmpl \
+ > debian/php5-$${sapi}.$$tmpl; \
+ done; \
+ mv debian/php5-apache2.$$tmpl debian/libapache2-mod-php5.$$tmpl; \
+ mv debian/php5-apache2filter.$$tmpl debian/libapache2-mod-php5filter.$$tmpl; \
+ done
+
+ cat debian/copyright.header LICENSE Zend/LICENSE > debian/copyright
+ dh_installdocs -s
+
+ cat debian/modulelist | while read package extname dsoname; do \
+ rm -rf debian/php5-$$package/usr/share/doc/php5-$$package; \
+ ln -s php5-common debian/php5-$$package/usr/share/doc/php5-$$package; \
+ done
+
+ for package in php5-dbg php5-dev php5-cgi php5-cli php5-fpm libapache2-mod-php5 libapache2-mod-php5filter; do \
+ rm -rf debian/$$package/usr/share/doc/$$package; \
+ ln -s php5-common debian/$$package/usr/share/doc/$$package; \
+ done
+ dh_installcron -pphp5-common --name=php5
+ dh_installchangelogs -pphp5-common NEWS
+ dh_installinit
+ dh_strip -s --dbg-package=php5-dbg
+ dh_link -s
+ dh_compress -s -Xphp.ini
+ dh_fixperms -s -X /var/lib/php5
+ dh_installdeb -s
+ dh_shlibdeps -s
+
+ phpapi=`./debian/php5-dev/usr/bin/php-config5 --phpapi`; \
+ for i in libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-fpm; do \
+ echo "php:Provides=phpapi-$${phpapi}" >> debian/$$i.substvars; \
+ done; \
+ cat debian/modulelist | while read package extname dsoname; do \
+ echo "php:Depends=phpapi-$${phpapi}" >> debian/php5-$$package.substvars; \
+ done
+
+ for i in cgi cli fpm; do \
+ "$$i"-build/sapi/cli/php -n -r '$(BUILTIN_EXTENSION_CHECK)' \
+ >> debian/php5-"$$i".substvars; \
+ done
+ for i in apache2; do \
+ "$$i"-build/sapi/cli/php -n -r '$(BUILTIN_EXTENSION_CHECK)' \
+ >> debian/lib"$$i"-mod-php5.substvars; \
+ "$$i"filter-build/sapi/cli/php -n -r '$(BUILTIN_EXTENSION_CHECK)' \
+ >> debian/lib"$$i"-mod-php5filter.substvars; \
+ done
+
+ echo "apache2:Depends=apache2-mpm-prefork (>> 2.0.52) | apache2-mpm-itk, apache2.2-common" >>debian/libapache2-mod-php5.substvars
+ echo "apache2:Depends=apache2-mpm-prefork (>> 2.0.52) | apache2-mpm-itk, apache2.2-common" >>debian/libapache2-mod-php5filter.substvars
+
+ echo "libtool:Conflicts=$(LIBTOOL_CONFLICTS)" >>debian/php5-dev.substvars
+ dh_gencontrol -s
+ dh_md5sums -s
+ dh_builddeb -s
+
+binary: binary-arch binary-indep
+.PHONY: build clean binary-indep binary-arch binary install configure
--- php5-5.3.3.orig/debian/suhosin_patch.watch
+++ php5-5.3.3/debian/suhosin_patch.watch
@@ -0,0 +1,8 @@
+# Check for new versions with:
+# uscan --watchfile debian/suhosin_patch.watch --package suhosin-patch
+# don't forget to update the version in this file when updating the patch!
+version=3
+
+opts=uversionmangle=s/RC/~RC/ \
+http://www.hardened-php.net/suhosin/download.html \
+ http://download.suhosin.org/suhosin-patch-(.*)\.patch\.gz 5.3.1-0.9.8
--- php5-5.3.3.orig/debian/README.Debian.security
+++ php5-5.3.3/debian/README.Debian.security
@@ -0,0 +1,25 @@
+the Debian stable security team does not provide security support
+for certain configurations known to be inherently insecure. This
+includes the interpreter itself, extensions, and code written in the
+PHP language. Most specifically, the security team will not provide
+support for flaws in:
+
+- problems which are not flaws in the design of php but can be problematic
+ when used by sloppy developers (for example: not checking the contents
+ of a tar file before extracting it, using unserialize() on
+ untrusted data, or relying on a specific value of short_open_tag).
+
+- vulnerabilities involving register_globals being activated, unless
+ specifically the vulnerability activates this setting when it was
+ configured as deactivated.
+
+- vulnerabilities involving any kind of safe_mode or open_basedir
+ violation, as these are security models flawed by design and no longer
+ have upstream support either.
+
+- any "works as expected" vulnerabilities, such as "user can cause php
+ to crash by writing a malcious php script", unless such vulnerabilities
+ involve some kind of higher-level DoS or privilege escalation that would
+ not otherwise be available.
+
+ -- sean finney Tue, 10 Oct 2006 12:42:06 +0200
--- php5-5.3.3.orig/debian/modulelist
+++ php5-5.3.3/debian/modulelist
@@ -0,0 +1,17 @@
+curl CURL
+enchant Enchant
+gd GD
+gmp GMP
+intl Internationalisation
+ldap LDAP
+mysql MySQL
+odbc ODBC
+pgsql PostgreSQL
+pspell pspell
+recode recode
+snmp SNMP
+sqlite SQLite
+sybase Sybase mssql
+tidy tidy
+xmlrpc XML-RPC
+xsl XSL
--- php5-5.3.3.orig/debian/libapache2-mod-php5filter.dirs
+++ php5-5.3.3/debian/libapache2-mod-php5filter.dirs
@@ -0,0 +1,3 @@
+/etc/apache2/mods-available
+/etc/php5/apache2filter
+/usr/lib/apache2/modules
--- php5-5.3.3.orig/debian/php5-cgi.postinst
+++ php5-5.3.3/debian/php5-cgi.postinst
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+set -e
+
+#DEBHELPER#
+
+if [ "$1" != "configure" ]; then
+ exit 0
+fi
+
+phpini="/etc/php5/cgi/php.ini"
+
+ucf /usr/share/php5/php.ini-production $phpini
+
+update-alternatives \
+ --install /usr/bin/php-cgi php-cgi /usr/bin/php5-cgi 50 \
+ --slave /usr/share/man/man1/php-cgi.1.gz php-cgi.1.gz /usr/share/man/man1/php5-cgi.1.gz
+
+update-alternatives \
+ --install /usr/lib/cgi-bin/php php-cgi-bin /usr/lib/cgi-bin/php5 50
+
+exit 0
--- php5-5.3.3.orig/debian/php5-sapi.links
+++ php5-5.3.3/debian/php5-sapi.links
@@ -0,0 +1 @@
+etc/php5/conf.d etc/php5/@sapi@/conf.d
--- php5-5.3.3.orig/debian/copyright.header
+++ php5-5.3.3/debian/copyright.header
@@ -0,0 +1,42 @@
+This package was debianized by Gergely Madarasz on
+Tue, 16 Nov 1999 19:33:42 +0100.
+
+Previous maintainers of the package also include:
+ Petr Cech , who did a LOT of work on these packages.
+ Adam Conrad , who got a significant chunk of input and
+ help from Steve Langasek and
+ Andres Salomon .
+
+The current maintainers can be contacted via the debian php packaging list:
+ pkg-php-maint@lists.alioth.debian.org
+
+It was downloaded from www.php.net/version5/downloads
+Changes: removed ext/dbase dir (non-free)
+
+Noteworthy/non-trivial patches:
+ patch: suhosin.patch
+ contributor: http://www.hardened-php.net/
+ copyright © 2006-2007 Stefan Esser
+ may be used/modified/redistributed under the terms of PHP itself
+
+ patch: use_embedded_timezonedb.patch
+ contributor: Joe Orton
+ copyright © 2008 Red Hat, Inc.
+ may be used/modified/redistributed under the terms of PHP itself
+
+Upstream Authors: The PHP group for PHP5, Andi Gutmans and Zeev Suraski
+for libzend
+
+The file ext/standard/rand.c contains the following clause with a statement
+that isn't compatible with the DFSG:
+ "The code as Shawn received it included the following notice:
+
+ Copyright (C) 1997 Makoto Matsumoto and Takuji Nishimura. When
+ you use this, send an e-mail to with
+ an appropriate reference to your work."
+However, this requirement has been rescinded by the copyright holder in
+message <48E334A2.6050301@math.sci.hiroshima-u.ac.jp> to bug #498621.
+
+Two different licences apply to this package, one for PHP5, the other for
+libzend. Both licences are shown here below.
+
--- php5-5.3.3.orig/debian/php5-dev.prerm
+++ php5-5.3.3/debian/php5-dev.prerm
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+set -e
+
+#DEBHELPER#
+
+if [ "$1" != "remove" -a "$1" != "purge" ]; then
+ exit 0
+fi
+
+for i in php-config phpize; do
+ update-alternatives --remove $i /usr/bin/"$i"5
+done
+
+exit 0
--- php5-5.3.3.orig/debian/php5-module.postinst
+++ php5-5.3.3/debian/php5-module.postinst
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+set -e
+
+#EXTRA#
+#DEBHELPER#
--- php5-5.3.3.orig/debian/libapache2-mod-php5.conf
+++ php5-5.3.3/debian/libapache2-mod-php5.conf
@@ -0,0 +1,16 @@
+
+
+ SetHandler application/x-httpd-php
+
+
+ SetHandler application/x-httpd-php-source
+
+ # To re-enable php in user directories comment the following lines
+ # (from to .) Do NOT set it to On as it
+ # prevents .htaccess files from disabling it.
+
+
+ php_admin_value engine Off
+
+
+
--- php5-5.3.3.orig/debian/php5-cgi.prerm
+++ php5-5.3.3/debian/php5-cgi.prerm
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+set -e
+
+#DEBHELPER#
+
+if [ "$1" != "remove" -a "$1" != "purge" ]; then
+ exit 0
+fi
+
+update-alternatives --remove php-cgi /usr/bin/php5-cgi
+update-alternatives --remove php-cgi-bin /usr/lib/cgi-bin/php5
+
+exit 0
--- php5-5.3.3.orig/debian/libapache2-mod-php5filter.prerm
+++ php5-5.3.3/debian/libapache2-mod-php5filter.prerm
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+set -e
+
+#DEBHELPER#
+
+if [ "$1" != "remove" -a "$1" != "purge" ]; then
+ exit 0
+fi
+
+if [ -e /etc/apache2/apache2.conf ]; then
+ if [ -e /etc/apache2/mods-enabled/php5.load ] && [ "$1" != "purge" ]; then
+ # set a flag to remember the original state
+ # useful when reinstalling the same version.
+ touch /etc/php5/apache2filter/.start
+ fi
+ a2dismod php5filter || true
+fi
+
+exit 0
--- php5-5.3.3.orig/debian/maxlifetime
+++ php5-5.3.3/debian/maxlifetime
@@ -0,0 +1,19 @@
+#!/bin/sh -e
+
+max=1440
+
+if which php5 >/dev/null 2>&1 && [ -e /etc/php5/apache2/php.ini ]; then
+ cur=$(php5 -c /etc/php5/apache2/php.ini -r 'print ini_get("session.gc_maxlifetime");')
+ [ -z "$cur" ] && cur=0
+ [ "$cur" -gt "$max" ] && max=$cur
+else
+ for ini in /etc/php5/*/php.ini; do
+ cur=$(sed -n -e 's/^[[:space:]]*session.gc_maxlifetime[[:space:]]*=[[:space:]]*\([0-9]\+\).*$/\1/p' $ini 2>/dev/null || true);
+ [ -z "$cur" ] && cur=0
+ [ "$cur" -gt "$max" ] && max=$cur
+ done
+fi
+
+echo $(($max/60))
+
+exit 0
--- php5-5.3.3.orig/debian/libapache2-mod-php5.prerm
+++ php5-5.3.3/debian/libapache2-mod-php5.prerm
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+set -e
+
+#DEBHELPER#
+
+if [ "$1" != "remove" -a "$1" != "purge" ]; then
+ exit 0
+fi
+
+if [ -e /etc/apache2/apache2.conf ]; then
+ if [ -e /etc/apache2/mods-enabled/php5.load ] && [ "$1" != "purge" ]; then
+ # set a flag to remember the original state
+ # useful when reinstalling the same version.
+ touch /etc/php5/apache2/.start
+ fi
+ a2dismod php5 || true
+fi
+
+exit 0
--- php5-5.3.3.orig/debian/php5-sapi.postrm
+++ php5-5.3.3/debian/php5-sapi.postrm
@@ -0,0 +1,18 @@
+#! /bin/sh
+
+set -e
+
+phpini=/etc/php5/@sapi@/php.ini
+
+case "$1" in
+purge)
+ if which ucf >/dev/null 2>&1; then
+ ucf --purge $phpini
+ fi
+ rm -f $phpini
+ ;;
+esac
+
+#DEBHELPER#
+
+exit 0
--- php5-5.3.3.orig/debian/README.source
+++ php5-5.3.3/debian/README.source
@@ -0,0 +1,51 @@
+ == Generation of the php5-dbg package Depends ==
+
+The following command can be used to generate a heuristic list of
+packages the php5-dbg package probably needs to Depend on:
+
+dh_testdir && egrep '^Package' debian/control | cut '-d ' -f2 | \
+ egrep -v '(^php5|dbg|dev|common|pear)$' | tr "\n" "|" | sed 's/|$//' |\
+ sed -r 's/([^|]+)(\||$)/ \1 (= ${binary:Version}) \2/g'; echo
+
+ == Used patch system ==
+
+This package uses quilt to manage all modifications to the upstream
+source. Changes are stored in the source package as diffs in
+debian/patches and applied during the build.
+
+See /usr/share/doc/quilt/README.source for a detailed explanation.
+
+ == Making some sense out of the configure options ==
+
+The COMMON_CONFIG variable contains the configure options that are to
+be used on all the SAPIs. Built-in extensions and other general options
+should be set here.
+The shared extensions are built when building the apache2 SAPI and as
+such they need to be specified there.
+The calls to configure for the other SAPIs usually only need
+--without-foo when the extension or feature is otherwise enabled by
+default.
+
+ == The *modulelist files ==
+
+When building a new module (or extension) on an individual binary
+package, it must be added to the debian/modulelist file. However, if
+the extension is to be included in an existing binary package, it
+must be added to the debian/extramodulelist file.
+
+The format of these files is:
+" "
+
+E.g. for, if we want the mysql extension to be shipped in the
+php5-mysql package we use:
+"mysql MySQL mysql"
+But we also want mysqli and the PDO in the same package, so we add the
+following lines to extramoduleslist:
+"mysql MySQLi mysqli
+mysql MySQL_PDO pdo_mysql"
+
+ == More debian/rules foo ==
+
+* The shared extensions are built under the apache2 target (see above).
+* The CLI SAPI is built on the build-cli-stamp AND build-cgi-stamp, with
+ different configure options.
--- php5-5.3.3.orig/debian/php5-common.postrm
+++ php5-5.3.3/debian/php5-common.postrm
@@ -0,0 +1,12 @@
+#! /bin/bash
+
+set -e
+
+if [ "$1" = "purge" ]
+then
+ rm -rf /var/lib/php5
+fi
+
+#DEBHELPER#
+
+exit 0
--- php5-5.3.3.orig/debian/watch
+++ php5-5.3.3/debian/watch
@@ -0,0 +1,5 @@
+version=3
+opts=downloadurlmangle=s#/a/#/this/#,\
+filenamemangle=s#/get/(php-(5\.[0-9\.]*)\.tar\.gz)/.*#$1#,\
+dversionmangle=s/\.dfsg\.\d+// \
+http://www.php.net/downloads.php /get/php-(5\.[0-9\.]*)\.tar\.gz/from/a/mirror debian
--- php5-5.3.3.orig/debian/php5-common.docs
+++ php5-5.3.3/debian/php5-common.docs
@@ -0,0 +1,10 @@
+CREDITS
+EXTENSIONS
+TODO
+CODING_STANDARDS
+README.SVN-RULES
+README.EXT_SKEL
+README.SELF-CONTAINED-EXTENSIONS
+README.Zeus
+README.PHP4-TO-PHP5-THIN-CHANGES
+debian/README.Debian.security
--- php5-5.3.3.orig/debian/php-pear.dirs
+++ php5-5.3.3/debian/php-pear.dirs
@@ -0,0 +1 @@
+/usr/share/doc/php-pear/PEAR
--- php5-5.3.3.orig/debian/setup-mysql.sh
+++ php5-5.3.3/debian/setup-mysql.sh
@@ -0,0 +1,78 @@
+#!/bin/sh
+
+set -eu
+
+[ $# -ge 2 ] || {
+ echo "Usage: debian/setup-mysql.sh port data-dir" >&2
+ exit 1
+}
+
+# CLI arguments #
+port=$1
+datadir=$2
+action=${3:-start}
+
+localbase=`dirname $datadir`/mysql_base
+
+# Some vars #
+
+socket=$datadir/mysql.sock
+# Commands:
+mysqladmin="mysqladmin -u root -P $port -h localhost --socket=$socket"
+mysqld="$localbase/bin/mysqld --no-defaults --bind-address=localhost --port=$port --socket=$socket --datadir=$datadir"
+
+# Main code #
+
+if [ "$action" = "stop" ]; then
+ $mysqladmin shutdown
+ rm -rf $localbase
+ exit
+fi
+
+# Copy the necessary pieces of mysql to a local dir to avoid apparmor restrictions
+rm -rf $localbase
+mkdir -p $localbase/bin
+mkdir -p $localbase/share
+cp /usr/sbin/mysqld $localbase/bin
+cp /usr/bin/my_print_defaults $localbase/bin
+cp -r /usr/share/mysql $localbase/share
+
+rm -rf $datadir
+mkdir -p $datadir
+chmod go-rx $datadir
+
+mysql_install_db --basedir=$localbase --datadir=$datadir --rpm --force --tmpdir=/tmp >> $datadir/bootstrap.log 2>&1
+
+tmpf=$(mktemp)
+cat > "$tmpf" <> $datadir/bootstrap.log 2>&1
+
+unlink "$tmpf"
+
+# Start the daemon
+$mysqld > $datadir/run.log 2>&1 &
+
+pid=$!
+
+# wait for the server to be actually available
+c=0;
+while ! nc -z localhost $port; do
+ c=$(($c+1));
+ sleep 3;
+ if [ $c -gt 20 ]; then
+ echo "Timed out waiting for mysql server to be available" >&2
+ if [ "$pid" ]; then
+ kill $pid || :
+ sleep 2
+ kill -s KILL $pid || :
+ fi
+ exit 1
+ fi
+done
+
+$mysqladmin create test
--- php5-5.3.3.orig/debian/libapache2-mod-php5filter.triggers
+++ php5-5.3.3/debian/libapache2-mod-php5filter.triggers
@@ -0,0 +1 @@
+interest /etc/php5/conf.d
--- php5-5.3.3.orig/debian/php5-dev.lintian-overrides
+++ php5-5.3.3/debian/php5-dev.lintian-overrides
@@ -0,0 +1 @@
+php5-dev: script-not-executable ./usr/lib/php5/build/run-tests.php
--- php5-5.3.3.orig/debian/php5.lintian-overrides
+++ php5-5.3.3/debian/php5.lintian-overrides
@@ -0,0 +1,2 @@
+php5-common: non-standard-dir-perm var/lib/php5/ 1733 != 0755
+php5-common: package-contains-empty-directory usr/lib/php5/libexec/
--- php5-5.3.3.orig/debian/libapache2-mod-php5.triggers
+++ php5-5.3.3/debian/libapache2-mod-php5.triggers
@@ -0,0 +1 @@
+interest /etc/php5/conf.d
--- php5-5.3.3.orig/debian/php5-common.README.Debian
+++ php5-5.3.3/debian/php5-common.README.Debian
@@ -0,0 +1,148 @@
+Table of Contents:
+---------------------------------------------------------------------
+* Using php5 with threaded webservers (eg. apache2-mpm-worker, caudium)
+* Problems starting apache2 with php5
+* Session storage
+* Other caveats
+* php5-cgi and apache2
+* Restarting your web server after installing modules
+* Configuration layout
+* Timezone data from system timezone database
+* Further documentation, errata, etc
+
+
+Using php5 with threaded webservers (eg. apache2-mpm-worker, caudium)
+---------------------------------------------------------------------
+
+ After much back-and-forth with upstream (and even building our
+ packages thread-safe for a while), we're currently admitting defeat
+ on that front, and are NOT building any thread-safe versions of
+ PHP for any webservers. Our recommendation is that, if you need
+ to use a threaded webserver, you should use php5-cgi in either
+ 'normal' CGI mode, or in FastCGI mode.
+
+Adam Conrad Sun, 06 Feb 2005 08:24:56 -0700
+
+
+Problems starting apache2 with php5
+----------------------------------
+
+ At the time of writing, there are no *known* incompatibilities
+ between any of the php5 modules we ship. However, there have been
+ many bug reports in the past due to dynamically-loaded extensions,
+ and it's possible there are still bugs in the released packages. If
+ Apache fails to start after you install php5, check your list of
+ enabled extensions at the bottom of /etc/php5/apache2/php.ini (and in
+ the per-sapi configuration directory), and try commenting out or
+ reordering the extensions until you find a combination that works.
+
+ For example, in the past the mhash extension was incompatible with
+ some other common extensions. To work around this, you could list
+ the mhash extension first in php.ini.
+
+ If you find an extension-related bug in the Debian packages, and you
+ are willing to help debug the problem, please send us a bug report
+ that lists all enabled PHP5 extensions (extension=), in the order
+ in which they appear in php.ini, as well as all enabled Apache modules
+ (LoadModule), with version numbers where possible.
+
+Steve Langasek Fri, 26 Apr 2002 13:39:00 -0500
+
+
+Session storage
+---------------
+
+ Session files are stored in /var/lib/php5. For security purposes, this
+ directory is unreadable by non-root users. This means that php5 running
+ from apache2, for example, will not be able to clean up stale session
+ files. Instead, we have a cron job run every 30 mins that cleans up
+ stale session files; /etc/cron.d/php5. You may need to modify how
+ often this runs, if you've modified session.gc_maxlifetime in your
+ php.ini; otherwise, it may be too lax or overly aggressive in cleaning
+ out stale session files.
+
+Andres Salomon Fri, 03 Sep 2004 03:12:54 -0400
+
+
+Other caveats
+-------------
+
+ * extension_dir and include_path should be commented out, if you don't need
+ special settings for them so php will look in compiled-in paths. If you set
+ them, you should also add appropriate php install directories there.
+
+php5-cgi and apache2
+---------------------------
+
+In 99% of cases, what you probably want isn't php5-cgi at all, but rather
+the libapache2-mod-php5 package, which will configure itself on
+installation and Just Work(tm). If, however, you have a need to use
+the CGI version of php5 with apache2, the following should help
+get you going, though there are dozens of different ways to do this.
+
+Please note that this process will never be made automatic, as php5-cgi
+is meant to be a webserver-agnostic package that can be used with any
+httpd, and we don't want it to conflict with the httpd-specific packages
+such as libapache2-mod-php5. If both were installed side-by-side and both
+were automatically enabled, the results would be a bit confusing, obviously.
+
+To use php5-cgi with apache2
+ 1) activate CGI (it's on by default in default debian setups)
+ a) If using the prefork MPM, use 'a2enmod cgi'
+ b) If using a threaded MPM, use 'a2enmod cgid'
+ 2) activate mod_actions (a2enmod actions)
+ 3) Add the following to a config snippet in /etc/apache2/conf.d
+
+ Action application/x-httpd-php /cgi-bin/php5
+
+
+Adam Conrad Sat, 04 Sep 2004 23:04:26 -0600
+
+Configuration Layout
+---------------------------------------------------------------------
+
+Each of the 3 SAPI's (apache2/cgi/cli) have a different
+central configuration file /etc/php5/$SAPI/php.ini.
+
+Additionally, each SAPI is configured with the compile-time option
+
+ --with-config-file-scan-dir=/etc/php5/$SAPI/conf.d
+
+which for all SAPI's is actually a symlink pointing to a central
+directory /etc/php5/conf.d. Any file found in this directory ending
+in .ini will be treated as a configuration file by the php SAPI.
+
+The rationale with this method is that each SAPI can thus be
+identically configured with a minimal amount of conffile handling,
+but at the same time if you want to have SAPI-specific configuration,
+you can just remove the symlink.
+
+sean finney Thu, 19 Oct 2006 23:33:05 +0200
+
+Timezone data from system timezone database
+---------------------------------------------------------------------
+
+Debian PHP has been patched to use of the system wide timezone database
+from the tzdata package, making sure any updates there are automatically
+used by PHP aswell.
+
+Note that this requires that the PHP process has access to /etc/localtime
+and /usr/share/zoneinfo. For any regular installation this should be the
+case, but in specific secured environments when reading the timezone
+database is impossible PHP will give a "Timezone database is corrupt -
+this should *never* happen!" error.
+
+Thijs Kinkhorst Wed, 23 Jul 2008 17:42:06 +0200
+
+Further documentation, errata, etc
+---------------------------------------------------------------------
+
+Errata and other general information about PHP in Debian can be found
+in the debian wiki at:
+
+ http://wiki.debian.org/PHP
+
+If after reading the documentation in this file you still have unanswered
+questions, that's a good next place to go.
+
+sean finney Thu, 19 Oct 2006 22:57:52 +0200
--- php5-5.3.3.orig/debian/php5-cli.dirs
+++ php5-5.3.3/debian/php5-cli.dirs
@@ -0,0 +1,3 @@
+/etc/php5/cli
+/usr/bin
+/usr/share/man/man1
--- php5-5.3.3.orig/debian/php5-cli.postinst
+++ php5-5.3.3/debian/php5-cli.postinst
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+set -e
+
+#DEBHELPER#
+
+if [ "$1" != "configure" ]; then
+ exit 0
+fi
+
+phpini="/etc/php5/cli/php.ini"
+
+ucf /usr/share/php5/php.ini-production.cli $phpini
+
+update-alternatives \
+ --install /usr/bin/php php /usr/bin/php5 50 \
+ --slave /usr/share/man/man1/php.1.gz php.1.gz /usr/share/man/man1/php5.1.gz
+
+exit 0
--- php5-5.3.3.orig/debian/php5-common.php5.cron.d
+++ php5-5.3.3/debian/php5-common.php5.cron.d
@@ -0,0 +1,7 @@
+# /etc/cron.d/php5: crontab fragment for php5
+# This purges session files older than X, where X is defined in seconds
+# as the largest value of session.gc_maxlifetime from all your php.ini
+# files, or 24 minutes if not defined. See /usr/lib/php5/maxlifetime
+
+# Look for and purge old sessions every 30 minutes
+09,39 * * * * root [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -n 200 -r -0 rm
--- php5-5.3.3.orig/debian/compat
+++ php5-5.3.3/debian/compat
@@ -0,0 +1 @@
+5
--- php5-5.3.3.orig/debian/php5-fpm.init
+++ php5-5.3.3/debian/php5-fpm.init
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+### BEGIN INIT INFO
+# Provides: php-fpm php5-fpm
+# Required-Start: $remote_fs $network
+# Required-Stop: $remote_fs $network
+# Default-Start: 2 3 4 5
+# Default-Stop:
+# Short-Description: starts php-fpm
+### END INIT INFO
+
+set -u
+
+DAEMON="PHP5 FPM"
+FPM_CMD=/usr/sbin/php5-fpm
+FPM_CONF=/etc/php5/fpm/main.conf
+FPM_PID=/var/run/php5-fpm.pid
+TIMEOUT=30
+
+FPM_OPTIONS="--fpm-config $FPM_CONF"
+SSD_OPTIONS="--oknodo --quiet --pidfile $FPM_PID --exec $FPM_CMD"
+
+. /lib/lsb/init-functions
+
+case "$1" in
+ start)
+ log_begin_msg "Starting $DAEMON..."
+
+ /sbin/start-stop-daemon --start $SSD_OPTIONS -- $FPM_OPTIONS
+ log_end_msg $?
+ ;;
+ stop)
+ log_begin_msg "Stopping $DAEMON..."
+
+ /sbin/start-stop-daemon --stop $SSD_OPTIONS
+ log_end_msg $?
+ ;;
+ graceful-stop)
+ log_begin_msg "Gracefully stopping $DAEMON..."
+
+ /sbin/start-stop-daemon --stop --retry QUIT/$TIMEOUT/TERM $SSD_OPTIONS
+ log_end_msg $?
+ ;;
+ restart)
+ $0 stop
+ $0 start
+ ;;
+ reload|force-reload)
+ log_begin_msg "Reloading $DAEMON..."
+
+ /sbin/start-stop-daemon --stop --signal USR2 $SSD_OPTIONS
+ log_end_msg $?
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|graceful-stop|restart|reload|force-reload}"
+ exit 1
+ ;;
+esac
--- php5-5.3.3.orig/debian/php5-dev.files
+++ php5-5.3.3/debian/php5-dev.files
@@ -0,0 +1,6 @@
+usr/bin/php-config
+usr/bin/phpize
+usr/share/man/man1/php-config.1
+usr/share/man/man1/phpize.1
+usr/include
+usr/lib/php5/build
--- php5-5.3.3.orig/debian/changelog
+++ php5-5.3.3/debian/changelog
@@ -0,0 +1,3446 @@
+php5 (5.3.3-1ubuntu8) maverick; urgency=low
+
+ * Build-depend on netcat-openbsd | netcat, instead of just netcat (only
+ in universe).
+
+ -- Matthias Klose Fri, 17 Sep 2010 14:33:13 +0200
+
+php5 (5.3.3-1ubuntu7) maverick; urgency=low
+
+ * debian/setup-mysql.sh: Copy mysqld to local dir during build to avoid
+ apparmor restrictions (LP: #638401)
+ * debian/rules: stop mysql instance on clean just in case we failed in tests
+
+ -- Clint Byrum Wed, 15 Sep 2010 10:48:32 -0700
+
+php5 (5.3.3-1ubuntu6) maverick; urgency=low
+
+ * Undo sybase debugging libraries split: keeping a smaller delta with Debian
+ is more important than demoting sybase to universe.
+
+ -- Mathias Gug Wed, 25 Aug 2010 14:04:57 -0400
+
+php5 (5.3.3-1ubuntu5) maverick; urgency=low
+
+ * Drop sybase libraries to universe:
+ Move debugging libraries to php5-sybase-dbg:
+ - debian/control:
+ + create php5-sybase-dbg package.
+ + drop php5-sybase as php5-dbg dependency.
+ - debian/rules: move sybase debugging libraries to php5-sybase-dbg.
+
+ -- Mathias Gug Fri, 20 Aug 2010 19:13:55 -0400
+
+php5 (5.3.3-1ubuntu4) maverick; urgency=low
+
+ * debian/php5-module.ini: # replaced with ; (LP: #591286)
+ * debian/patches/php52389-pgsql-segfault.patch (LP: #607646)
+ - Applying patch for upstream bug that causes segfaults in pgsql
+
+ -- Clint Byrum Fri, 13 Aug 2010 00:07:15 -0700
+
+php5 (5.3.3-1ubuntu3) maverick; urgency=low
+
+ * debian/patches/lp564920-fix-big-files.patch: Fix downloading of large
+ files (LP: #564920)
+
+ -- Clint Byrum Fri, 06 Aug 2010 13:10:17 -0700
+
+php5 (5.3.3-1ubuntu2) maverick; urgency=low
+
+ * debian/control: Use netcat rather than netcat-traditional.
+
+ -- Chuck Short Thu, 05 Aug 2010 20:00:34 -0500
+
+php5 (5.3.3-1ubuntu1) maverick; urgency=low
+
+ * Merge from debian experimental:
+ - debian/control:
+ * Dropped firebird2.1-dev, libc-client-dev, libmcrypt-dev as it is in universe.
+ * Dropped libmysqlclient15-dev, build against mysql 5.1.
+ * Dropped libcurl-dev not in the archive.
+ * Suggest php5-suhosin rather than recommends.
+ * Dropped php5-imap, php5-interbase, php5-mcrypt since we have versions already in
+ universe.
+ * Dropped libonig-dev and libqgdbm since its in universe. (will be re-added in lucid+1)
+ * Dropped locales-all.
+ - modulelist: Drop imap, interbase, and mcrypt.
+ - debian/rules:
+ * Dropped building of mcrypt, imap, and interbase.
+ * Install apport hook for php5.
+
+ -- Chuck Short Sun, 01 Aug 2010 14:28:03 -0500
+
+php5 (5.3.3-1) experimental; urgency=low
+
+ * Upload PHP 5.3.3 to experimental for further testing
+ + Fixes odbc_autocommit (Closes: #586570)
+ + Adds support for sqlite3_busy_timout (Closes: #589473)
+ + Fixes CVE-2010-2225, CVE-2010-2094, CVE-2010-1917, CVE-2010-1866
+ and other CVEs that do not apply to the Debian packages or are
+ irrelevant as per the pre-5.3.2-2 security policy.
+ * Changes pending update from unstable:
+ + Use system crypt
+ * Build the FPM SAPI.
+
+ -- Raphael Geissert Sat, 31 Jul 2010 15:53:12 -0400
+
+php5 (5.3.2-2) unstable; urgency=low
+
+ [ Ondřej Surý ]
+ * Fix unittest about failing crypt() calls with invalid salt
+
+ [ Raphael Geissert ]
+ * Cherry pick upstream fix for mysqli_ssl_set (Closes: #572122)
+ * Cherry pick patch to reset error status on beginTransaction()
+ * Cherry pick patch to add missing definition of JSON_ERROR_UTF8
+ * Cherry pick patch to fix SplFileInfo::getPathName()
+ * Cherry pick patch to fix a memory leak in the cyclical gc
+ * Cherry pick fix for memory leak in date when gc is enabled
+ * Cherry pick patch to fix an unaligned mem access in the dba ext
+ * Cherry pick fix for memory issues in mysqli_options (Closes: #577784)
+ * Set default session.save_path to /var/lib/php5 (Closes: #576593)
+ * Don't install an extra copy of php.ini-production
+ * Remove obsolete TODO list
+ * Add debian/source/format and set it to 1.0
+ * Add doc-base registration for Structuctures_Graph documentation
+ * Cherry pick patch to fix multiple typos
+ * Synchronize enchant patch with changes committed upstream
+ * Cherry pick patch to workaround BDB 4.8 bc changes (Closes: #570149)
+ * Cherry pick patch to allow the timeout on mssql to be effective p/query
+ * Cherry pick patch to correctly determine length of doc_root
+ * Cherry pick patch to fix a memory leak in SoapServer::handle
+ * Cherry pick patch to fix SplFileInf::fscanf()'s prototype
+ * Test the mysql extensions too
+ * Update the security policy for Squeeze and greater
+ * Include ext_skel script (Closes: #530757)
+
+ [ Sean Finney ]
+ * Fix for parallel FTBFS in (Closes: #584348)
+ * Import upstream fix for pdo_mysql segfaults (Closes: #581911)
+ - thanks to Richard van den Berg
+ * Dynamically determine maxlifetime if possible. (Closes: #504053)
+ - thanks to Chris Butler
+
+ -- Raphael Geissert Sun, 18 Jul 2010 15:35:06 -0500
+
+php5 (5.3.2-1ubuntu5) maverick; urgency=low
+
+ * debian/php5-module.ini: Comment should be "#" not ";". (LP: #573436)
+ * debian/patches/cherrypick-upstream-51740.diff: Fix acinclude.ac macro check. (LP: #576910)
+ * debian/patches/cherrypick-upstream-48361.diff: Fix regression with getPathInfo()
+ doesn't return parent info (LP: #576910)
+ * debian/patches/session_save_path.patch: ave PHP sessions to
+ /var/lib/php rather than /tmp. (LP: #573222)
+
+ -- Chuck Short Tue, 25 May 2010 10:17:00 -0400
+
+php5 (5.3.2-1ubuntu4.1) lucid-proposed; urgency=low
+
+ * debian/patches/fix-mysql-badmem.patch: Fix mysql crash when using php5-cgi. (LP: #567043)
+
+ -- Chuck Short Mon, 03 May 2010 11:23:43 -0400
+
+php5 (5.3.2-1ubuntu4) lucid; urgency=low
+
+ * debian/control, debian/rules: Re-enable libedit-dev. (LP: #548823)
+
+ -- Chuck Short Mon, 05 Apr 2010 15:33:21 -0400
+
+php5 (5.3.2-1ubuntu3) lucid; urgency=low
+
+ * debian/control: Fix upgrade of php5-ldap from 5.3.1. (LP: #)
+
+ -- Chuck Short Sun, 28 Mar 2010 15:41:34 -0400
+
+php5 (5.3.2-1ubuntu2) lucid; urgency=low
+
+ * debian/control: Dont build with libmcrypt-dev.
+
+ -- Chuck Short Fri, 26 Mar 2010 14:39:36 -0400
+
+php5 (5.3.2-1ubuntu1) lucid; urgency=low
+
+ * Merge from debian unstable:
+ - debian/control:
+ * Dropped firebird2.1-dev, libc-client-dev, libmcrypt-dev as it is in universe.
+ * Dropped libmysqlclient15-dev, build against mysql 5.1.
+ * Dropped libcurl-dev not in the archive.
+ * Suggest php5-suhosin rather than recommends.
+ * Dropped php5-imap, php5-interbase, php5-mcrypt since we have versions already in
+ universe.
+ * Dropped libonig-dev and libqgdbm since its in universe. (will be re-added in lucid+1)
+ * Dropped locales-all.
+ - modulelist: Drop imap, interbase, and mcrypt.
+ - debian/rules:
+ * Dropped building of mcrypt, imap, and interbase.
+ * Install apport hook for php5.
+ - Dropped debian/patches/libedit_is_editline.patch.
+
+ -- Chuck Short Tue, 16 Mar 2010 09:09:50 -0400
+
+php5 (5.3.2-1) unstable; urgency=high
+
+ [ Sean Finney ]
+ * Fix improper signed overflow detection in filter extension
+ (Closes: #570287)
+ * Another integer overflow/underflow logic fix. (Closes: #570144)
+ * new debian patch fix_filter_var_email_test.patch (Closes: #571764)
+ * New debian patch fix_var_dump_64bit.phpt.patch (Closes: #571772)
+ * New debian patch use_embedded_timezonedb_fixes.patch (Closes: #571762)
+
+ [ Raphael Geissert ]
+ * Build with qdbm support
+ * Really run extensions' tests
+ * Add a note about user_dirs in apache conf file (Closes: #571714)
+ * Fix typo in debian/NEWS
+ * Don't install a(nother) useless Structures_Graph sh script
+ * Re-enable short_open_tag for CLI too (Closes: #573367)
+ * Disable memory limit in CLI, letting ulimit do its job (Closes: #407425)
+ * Fix the locale name in some tests (Closes: #573511)
+ * Fix some gd tests that need the bundled library
+ * Fix a null pointer dereference when processing invalid XML-RPC
+ requests (CVE-2010-0397, Closes: #573573)
+ * Fix an unaligned memory access in enchant_dict_suggest()
+ * Fix another unaligned memory access in enchant
+ * Test that the list of extensions to test is never empty
+ * Update the list of alternative dependencies of php5-dbg
+ * debian/rules cleanup
+ * debian/control cleanup
+ * Build against the system oniguruma library
+ * Add libjpeg-dev as an alternative to libjpeg62-dev for future
+ transitions
+
+ [ Ondřej Surý ]
+ * Imported Upstream version 5.3.2
+ * Updated suhosin patch to 0.9.9.1 version.
+ * Removed debian/patches/suhosin_page_size_fixes.patch. (Closes: #571974)
+ * Refreshed debian/patches/001-libtool_fixes.patch
+ * Refreshed debian/patches/006-debian_quirks.patch
+ * Adapt debian patches to 5.3.2.
+ * Remove "binary" contents from
+ debian/patches/fix_var_dump_64bit.phpt.patch
+ * New debian patch fix_broken_sha2_test.patch
+ * New debian patch always_use_system_crypt.patch (Closes: #572601)
+ * New debian patch php_crypt_revamped.patch (Closes: #572601)
+
+ -- Raphael Geissert Sat, 13 Mar 2010 15:11:48 -0600
+
+php5 (5.3.1-5) unstable; urgency=low
+
+ [ Sean Finney ]
+ * Pass full path to php cli executable for unit tests
+ * dont-gitclean-in-build.patch: Don't run git-clean via buildconf
+ * update debian patch page_size_fixes.patch with upstream bug ref
+ * new debian patch broken_5.3_test-posix_uname.patch (Closes: #570286)
+
+ [ Raphael Geissert ]
+ * Add build-dependency on netbase to fix a test (Closes: #570291)
+ * Suhosin PAGE_SIZE fixes have been already forwarded
+ * Fix a race condition on shtool's mkdir -p (Closes: #570111)
+ * Actually test the binary that is to be shipped in the -cli package
+ * Add some more documentation about the build system
+ * Documentation updates
+ * Update the suhosin patch version information
+ * Build-dep on locales-all to enable multiple tests
+ * Don't ship empty maintainer scripts
+ * Add patch to allow building with qdbm
+ * Test the extensions that don't require a special setup
+ * Get the correct list of built-in extensions of apache2filter
+
+ -- Raphael Geissert Mon, 22 Feb 2010 10:41:51 -0600
+
+php5 (5.3.1-4) unstable; urgency=low
+
+ [ Raphael Geissert ]
+ * Pass -O0 when using 'noopt' to actually disable any optimization
+ * Add patch to use sysconf() to determine the page size
+ * Add patch to remove PAGE_SIZE assumptions in suhosin code
+ * Fix an unaligned memory access in the phar extension
+ * Fix another unaligned memory access
+ * Print the expected/actual output of failed test
+ * Add missing PEAR directory (Closes: #542483)
+ * Build sqlite3 as shared (Closes: #568956)
+ * Add some more documentation about the source package
+
+ [ Sean Finney ]
+ * New debian patch fix_broken_5.3_tests.patch
+
+ -- Raphael Geissert Thu, 11 Feb 2010 02:22:47 -0600
+
+php5 (5.3.1-3) unstable; urgency=low
+
+ [ Ondřej Surý ]
+ * get rid of php4 dependencies
+ * Enable short_open_tag again (Closes: #537099)
+ * fix dependency on automake1.4 in php5-dev package
+ * fix typo s/firefox/firebird/ in changelog
+ * Removed long inactive Adam Conrad and Jeroen van Wolffelaar from uploaders
+
+ [ Raphael Geissert ]
+ * Fix maintainer scripts to use php.ini-production (Closes: #565130)
+ * Revert b22a350: Turn the phpapi dependencies into php5 | phpapi
+ * Allow parallel building via parallel=n
+ * Build with the hardening wrapper
+ * Remove no-longer-needed dfsg-repack script
+ * Add DEP-3-format metadata to some of the patches
+ * Build the intl extension
+ * Drop exif_read_data-segfault patch, merged upstream
+ * Build the enchant extension
+ * Add ${misc:Depends} where missing
+ * Disable mod_php in user directories (Closes: #555606)
+ * Add missing comment character to php.ini-paranoid (Closes: #564622)
+ * Build the interbase extension on all the supported architectures
+
+ [ Sean Finney ]
+ * 5.3 upload for unstable.
+ - Includes backported fix for "ref converted to value" (Closes: #556237).
+
+ -- Raphael Geissert Sun, 07 Feb 2010 23:31:51 -0600
+
+php5 (5.3.1-2) experimental; urgency=low
+
+ * Merged changes from 5.2.x sid branch.
+ * Adapt mssql-null-exception.patch and sybase-alias.patch to 5.3.1
+ * Update strcmp_null-OnUpdateErrorLog.patch; merged upstream, leave a
+ patch with a test case
+ * Removed check_ini_on_modify_status.patch and gentoo/117-
+ 4_digit_year_big_endian.patch; merged upstream
+ * Removed max_file_uploads.patch; no need for backwards compatibility
+ between major releases
+ * Refreshed 112-proc_open.patch,exif_read_data-segfault.patch
+ * Fix duplicate Provides: in debian/control introduced by cherry-
+ picking 94f0ec3
+ * Update sybase aliases to include correct arguments, needed for 5.3.x
+ * Update Build-Depends: to include firebird2.1-dev as preferred
+ alternative (Closes: #564691)
+ * Reformat Build-Depends: to one-dependency-per-line
+ * Reduce number of libdb*-dev to include only version in
+ stable/testing/unstable
+ * Switch to automake (>= 1.11) | automake1.11, depend on autoconf >=
+ 2.63 (Closes: #549148)
+
+ -- Ondřej Surý Mon, 11 Jan 2010 16:56:01 +0100
+
+php5 (5.3.1-1) experimental; urgency=low
+
+ * Imported Upstream version 5.3.1
+ * Change dependcy to libdb-dev instead on arbitrary version of
+ libdb4.x-dev
+ * Refreshed 006-debian_quirks patch to apply cleanly.
+ * Removed 114-php_gd_segfault.patch, merged upstream.
+ * Refreshed 115-autoconf_ftbfs.patch to apply cleanly
+ * Updated suhosin.patch to 0.9.8 version for php-5.3.1
+ * Refreshed 001-libtool_fixes.patch
+ * Refreshed 004-ldap_fix.patch
+ * Refreshed 013-force_getaddrinfo.patch
+ * Refreshed 036-fd_setsize_fix.patch
+ * Refreshed 052-phpinfo_no_configure.patch
+ * Refreshed 053-extension_api.patch
+ * Refreshed 108-64_bit_datetime.patch
+ * Refreshed 113-php.ini_securitynotes.patch
+ * Refreshed 116-posixness_fix.patch
+ * Refreshed gentoo/006_ext-curl-set_opt-crash.patch
+ * Refreshed gentoo/009_ob-memory-leaks.patch
+ * Refreshed libedit_is_editline.patch
+ * Refreshed suhosin.patch
+ * Add .gitignore file to ignore .pc/ directory
+ * Removed README.CVS-RULES from debian/php5-common.docs, file is no
+ longer shipped by upstream.
+
+ -- Ondřej Surý Thu, 07 Jan 2010 17:21:47 +0100
+
+php5 (5.3.0-3) experimental; urgency=low
+
+ * Fix segmentation fault in php-gd (Closes: #543496)
+ * Update suhosin patch to 0.9.8 *BETA* and enable it again
+ * Fix FTBFS with current autoconf/automake (Closes: #542906, #542088)
+ * Add avr32-linux-gnu to no -gstabs toolchains (Closes: #543278)
+ * Fix FTBFS on Debian Hurd (Closes: #530281)
+ * Use updated (v7) version of use_embedded_timezonedb.patch (Closes: #535770)
+
+ -- Ondřej Surý Tue, 25 Aug 2009 16:12:13 +0200
+
+php5 (5.2.12.dfsg.1-2) unstable; urgency=low
+
+ * Update Build-Depends: to include firebird2.1-dev as preferred
+ alternative (Closes: #564691)
+ * Reformat Build-Depends: to one-dependency-per-line
+ * Reduce number of firebird*-dev to include only version in
+ stable/testing/unstable
+ * Reduce number of libdb*-dev to include only version in
+ stable/testing/unstable
+ * Switch to automake (>= 1.11) | automake1.11, depend on autoconf
+ (>= 2.63) (Closes: #549148)
+
+ -- Ondřej Surý Mon, 11 Jan 2010 17:31:33 +0100
+
+php5 (5.2.12.dfsg.1-1) unstable; urgency=low
+
+ [ Thijs Kinkhorst ]
+ * Change comment in module .ini snippets from # to ; to avoid deprecation
+ warnings with PHP 5.3.0.
+
+ [ Ondřej Surý ]
+ * Imported Upstream version 5.2.12.dfsg.1
+ * Removed manpage_spelling.patch, merged upstream.
+ * Removed libedit_is_editline.patch, merged upstream.
+ * Refreshed max_file_uploads.patch, patch can be removed, it's kept to
+ raise max_file_uploads to 50.
+ * Refreshed and updated suhosin.patch
+ * Refreshed 001-libtool_fixes.patch, 004-ldap_fix.patch,
+ 006-debian_quirks.patch, 013-force_getaddrinfo.patch,
+ 034-apache2_umask_fix.patch, 053-extension_api.patch,
+ 056-mime_magic_liberal.patch, 115-autoconf_ftbfs.patch,
+ gentoo/009_ob-memory-leaks.patch, mssql-null-exception.patch,
+ use_embedded_timezonedb.patch
+ * Removed autogenerated main/php_config.h.in from suhosin.patch
+ (Ubuntu: #493761)
+ * Short open tags are On again in php.ini-dist (Closes: #537099)
+ * Don't leave .start if we are purging (Closes: #561739)
+ * Add README.Debian file to /usr/share/doc/php-pear/PEAR, so the
+ directory is not deleted (Closes: #563437, #542483)
+
+ [ Upstream ]
+ * Fix default pear.php.net channel definitions (Closes: #559029)
+
+ -- Ondřej Surý Fri, 08 Jan 2010 18:18:43 +0100
+
+php5 (5.2.11.dfsg.1-2) unstable; urgency=high
+
+ * max_file_uploads: limit the maximum number of file uploads to 50
+ + Reduces the chances of a temporary file exhaustion DoS
+ * Add libdb4.8-dev as an alternative dependency (Closes: #555945)
+ * Add libdb-dev as another alternative, hopefully the last one
+ (Closes: #548486)
+ * Add a versioned dependency on libtool 2.2 (Closes: #548015)
+ * Use FilesMatch and SetHandler on apache setups (Closes: #491928)
+ * Gentoo patch ext-curl-set_opt-crash has already been merged upstream
+ * Drop unused lintian override
+
+ -- Raphael Geissert Sat, 21 Nov 2009 13:37:51 -0600
+
+php5 (5.2.11.dfsg.1-1) unstable; urgency=low
+
+ * New upstream release
+
+ [ Fixes incorporated upstream ]
+ * Fix 4-year digit year on big-endian platforms (Closes: #542301)
+ * patch curl_streams_sleep.patch
+ * patch strcmp_null-OnUpdateErrorLog.patch (partially addresses #540605)
+ * patch check_ini_on_modify_status.patch
+
+ [ Raphael Geissert ]
+ * Add aliases to the mssql functions on the sybase extension (Closes: #523073)
+ * Fix the rows_affected alias, it should be affected_rows
+ * Avoid possible memory dumps via PG on restored ini values (Closes: #540605)
+
+ [ Ondrej Sury ]
+ * Fix FTBFS with current autoconf/automake (Closes: #542906, #542088)
+ * Add avr32-linux-gnu to no -gstabs toolchains (Closes: #543278)
+ * Fix FTBFS on Debian Hurd (Closes: #530281)
+ * fix whitespace in libapache2-mod-php5.postinst
+
+ [ Sean Finney ]
+ * incorporate/ack previous NMU's, thanks Andreas.
+ * update debian patch 115-autoconf_ftbfs.patch for new upstream version
+ * update debian patch fix_broken_upstream_tests.patch
+ * update debian patch mssql-null-exception.patch
+ * refresh various quilt patches against new upstream version
+ * remove no longer needed "legacy" support for conffile migration
+ * add dpkg trigger in the apache2 and apache2filter sapis for reloading
+ apache2 on extension updates (Closes: #490023, #524206)
+ * let libmysqlclient15-dev be a fallback alternative for libmysqlclient-dev
+ in case someone wants to backport the package.
+ * update list of installed documentation
+
+ -- Sean Finney Sun, 20 Sep 2009 11:05:35 +0200
+
+php5 (5.2.10.dfsg.1-2.2) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Drop hand-crafted dependency on libmysqlclient15.
+
+ -- Andreas Barth Mon, 31 Aug 2009 09:22:16 +0200
+
+php5 (5.2.10.dfsg.1-2.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix FTBFS with new autoconf. Thanks to Russ Allbery for the patch.
+ Closes: #542906
+
+ -- Andreas Barth Sun, 30 Aug 2009 13:49:40 +0200
+
+php5 (5.2.10.dfsg.1-2) unstable; urgency=low
+
+ * Declare that PEAR replaces XML_UTIL (Closes: #534621)
+ * Bump standards-version, no change needed
+ * Fix an unconditional limit on dblib_driver.c (Closes: #534881)
+ * Fix a segfault on exif_data_read with corrupted jpg files (Closes: #535888)
+ * Recommend php5-suhosin, as suggested by Thijs (Closes: #529760)
+ * Set sysconfig to /etc, to avoid getting /usr/etc in PHP_SYSCONFDIR
+ * Add myself to uploaders
+ * Fix the path to PEAR's config, directly in rules (Closes: #507762)
+
+ -- Raphael Geissert Thu, 09 Jul 2009 18:25:48 -0500
+
+php5 (5.3.0-2) experimental; urgency=low
+
+ * update configuration file names to new upstream naming convention
+
+ -- Sean Finney Wed, 01 Jul 2009 09:12:10 +0200
+
+php5 (5.3.0-1) experimental; urgency=low
+
+ * New Upstream Version
+
+ [ Sean Finney ]
+ * use ';' instead of '#' as comments in module ini files
+ * remove binary package for php5-mhash which is now built-in
+ * update removed windows modules in 006-debian_quirks.patch
+ * quilt refresh for new upstream release
+
+ -- Sean Finney Tue, 30 Jun 2009 20:09:07 +0200
+
+php5 (5.3.0~RC4-1) UNRELEASED; urgency=low
+
+ * New Upstream Version
+
+ [ Sean Finney ]
+ * (temporarily) disable suhosin patch while it does not apply to 5.3
+ * refresh various debian patches, fixing whitespace and offsets
+ * copy the gbp.conf from debian-sid and adapt it for experimental
+ * cherry-pick relevant gentoo patches from unstable
+ * cherry-pick debian fixes in libtool2.2.patch from unstable
+ * Update package sections to match override.
+
+ [ Raphael Geissert ]
+ * Detect the path to ltmain.sh at build time and set conflicts
+ appropriately
+ * Add libdb4.7-dev as an ORed build dependency to fix FTBFS
+ * Update the Vcs-* fields to reflect the move from svn to git
+ * Turn the phpapi dependencies into php5 | phpapi to fix
+ installability issues
+ * Bump Standards-Version to 3.8.1, no change needed
+ * Add a set of lintian overrides for some FP spelling-error-in-binary
+
+ [ Thijs Kinkhorst ]
+ * Update php5-cli package description to make it more neutral
+
+ -- Sean Finney Mon, 29 Jun 2009 07:54:51 +0200
+
+php5 (5.3.0~RC1-1) unstable; urgency=low
+
+ * New Upstream Version
+
+ -- Mark A. Hershberger Wed, 25 Mar 2009 19:39:48 -0400
+
+php5 (5.2.9.dfsg.1-1) unstable; urgency=low
+
+ * New upstream release (closes: #520538).
+ - fixes regressions with parsing via libxml2 (closes: #520246, #520423).
+
+ [ Sean Finney ]
+ * Refresh all patches.
+ * Update suhosin patch to 5.2.9, remove autotools-generated files (configure,
+ php_config.h.in) and .dsp files from patch.
+ * remove obsolete configure options from ./configure: --enable-memory-limit,
+ --enable-track-vars, --enable-trans-sid, --enable-filepro and --enable-dbx.
+ * Remove obsoleted patches which have been incorporated upstream:
+ - snmp_leaks.patch
+ - BG-initializing-fix.patch
+ - CVE-2008-2829.patch
+ - CVE-2008-3658.patch
+ - CVE-2008-3659.patch
+ - CVE-2008-3660.patch
+ - CVE-2008-5557.patch
+ - CVE-2008-5658.patch
+ - pdo-fetchobject-prototype-error.patch
+ - zend_object_handlers-invalid-write.patch
+ - dba-inifile-truncation.patch
+ - gentoo/freetds-compat.patch
+ - gentoo/010_ticks-zts-crashes.patch
+ - gentoo/019_new-memory-corruption.patch
+ - gentoo/009_array-function-crashes.patch
+ - gentoo/015_CVE-2008-2665-wrapper-safemode-bypass.patch
+ - gentoo/017_xmlrpc-invalid-callback-crash.patch
+ - gentoo/007_dom-setAttributeNode-crash.patch
+ - gentoo/006_PDORow-crash.patch
+ - gentoo/005_stream_context_set_params-crash.patch
+ * Update fix_broken_upstream_tests.patch, one of the tests is fixed.
+
+ -- Sean Finney Tue, 24 Mar 2009 19:05:09 +0100
+
+php5 (5.2.6.dfsg.1-3) unstable; urgency=low
+
+ [ Sean Finney ]
+ * Do not add -O2 to CFLAGS if DEB_BUILD_OPTIONS contains noopt.
+ * Security related fixes:
+ - php: inifile handler for the dba functions can be used to truncate a file
+ Patch: dba-inifile-truncation.patch (closes: #507101).
+ - CVE-2008-5658.patch: ZipArchive::extractTo directory traversal
+ Patch: CVE-2008-5658.patch (closes: #507857).
+ Thanks to Pierre Joye for help with the patch.
+
+ [ Raphael Geissert ]
+ * Picked up some patches from Gentoo (most included in PHP 5.2.7 and later):
+ + patches/gentoo/005_stream_context_set_params-crash.patch
+ + patches/gentoo/006_PDORow-crash.patch
+ + patches/gentoo/007_dom-setAttributeNode-crash.patch
+ + patches/gentoo/009_array-function-crashes.patch
+ + patches/gentoo/010_ticks-zts-crashes.patch
+ + patches/gentoo/015_CVE-2008-2665-wrapper-safemode-bypass.patch
+ + patches/gentoo/017_xmlrpc-invalid-callback-crash.patch
+ + patches/gentoo/019_new-memory-corruption.patch
+ + patches/gentoo/freetds-compat.patch
+ - was deprecated_freetds_check.patch
+
+ -- Sean Finney Sat, 24 Jan 2009 21:17:13 +0100
+
+php5 (5.2.6.dfsg.1-2) unstable; urgency=low
+
+ [ Sean Finney ]
+ * Make sure a file used to track state is properly removed in the
+ postinst, thanks Raphael (closes: #511049).
+
+ [ Thijs Kinkhorst ]
+ * Fix watch file to mangle version.
+
+ [ Raphael Geissert ]
+ * Ship script used to take an upstream tarball and remove the non
+ DFSG-free stuff, update watch file accordingly.
+
+ -- Sean Finney Tue, 13 Jan 2009 08:24:36 +0100
+
+php5 (5.2.6.dfsg.1-1) unstable; urgency=high
+
+ [ Sean Finney ]
+ * Incorporate previous NMU.
+ * Updated system tzdata patch from Joe Orton.
+ * Removed tzdb-nofree_ents_ifnotzdata.patch, which is now incorporated
+ into Joe's patch.
+ * Two backported fixes from 5.2.8, thanks to Olivier Bonvalet for looking
+ them up.
+ - Upstream bug #46157 (PDOStatement::fetchObject prototype error)
+ Patch: pdo-fetchobject-prototype-error.patch
+ - Upstream bug #46308 (Invalid write in zend object handler / getter)
+ Patch: zend_object_handlers-invalid-write.patch
+ * Security related fixes:
+ - CVE-2008-5624: Incorporate fix from 5.3 for proper initialization of
+ uid/gid for apache2 sapi.
+ Patch: BG-initializing-fix.patch
+ - CVE-2008-5557: heap overflows in the mbstring extension.
+ Patch: CVE-2008-5557.patch (closes: #511493).
+
+ [ Thijs Kinkhorst ]
+ * Correct description typo, thanks Mathias Brodala (Closes: #508989).
+
+ -- Sean Finney Mon, 12 Jan 2009 12:12:36 +0100
+
+php5 (5.2.6.dfsg.1-0.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Remove exts/dbase from orig tarball (Closes: #341420)
+
+ -- Ben Hutchings Sat, 29 Nov 2008 19:19:28 +0000
+
+php5 (5.2.6-5) unstable; urgency=high
+
+ * Update debian/copyright to document that the DFSG-unfree email
+ requirement in ext/standard/rand.c has been rescinded by the
+ copyrightholder (Closes: #498621).
+
+ -- Thijs Kinkhorst Sun, 05 Oct 2008 11:32:35 +0200
+
+php5 (5.2.6-4) unstable; urgency=high
+
+ [ Sean Finney ]
+ * Take three unreleased fixes from upstream CVS:
+ - CVE-2008-3658: Buffer overflow in the imageloadfont function.
+ Patch: CVE-2008-3658.patch (closes: #499989)
+ - CVE-2008-3659: Buffer overflow in the memnstr function.
+ Patch: CVE-2008-3659.patch (closes: #499988)
+ - CVE-2008-3660: Remote DoS in fastcgi module
+ Patch: CVE-2008-3660.patch (closes: #499987)
+
+ [ Raphael Geissert ]
+ * snmp_leaks.patch: fixes memory leaks in the snmp extension (Closes: #423296)
+ - Thanks to Rodrigo Campos for the follow up
+ - Thanks to Federico Cuello for the original patch
+ * php5-dev.lintian-override: fix it so it actually works
+
+ -- Sean Finney Sun, 14 Sep 2008 14:25:11 +0200
+
+php5 (5.2.6-3) unstable; urgency=high
+
+ [ Thijs Kinkhorst ]
+ * Drop unneeded php5-timezonedb Suggests and obsolete php3 Conflicts.
+ * Add documentation about the timezonedb change (Closes: #492025).
+
+ [ Adam Conrad ]
+ * Modify 033-we_WANT_libtool.patch to cope with newer versions of
+ libtool that only copy auxilliary files when --install is used,
+ while still working with older versions that DTRT without.
+
+ [ Raphael Geissert ]
+ * debian/rules:
+ + Avoid installing useless test suites in php-pear (Closes: #478995)
+ + Remove any empty directory in php-pear
+ + Also get rid of usr/share/php/data/Structures_Graph/*
+ - Those were meant to be used by upstream maintainer
+ * debian/php5-dev.lintian-overrides:
+ - usr/lib/php5/build/run-tests.php is not meant to be used directly
+ * debian/control: bumped Standards Version to 3.8.0, no changes needed
+ * bad_whatis_entries.patch: fixes the whatis entries of all the manpages
+ * deprecated_freetds_check.patch: fixes the freetds detection routine
+ + Closes: #494230
+ - Thanks to jklowden@freetds.org and the Gentoo folks for the patch
+ (RC bugfix, upload urgency bumped)
+ * debian/libapache2-mod-php5*-{prerm,postinst}:
+ - Create a status file when removing the package (but not purging)
+ while having the mod enabled so reinstallation of the package
+ does not end up disabling the module (Closes: #471548)
+
+ [ Sean Finney ]
+ * Bump dependency on libmysqlclient15off to require the version from
+ lenny or later, in order to avoid subtle problems not previously detected
+ with libmysqlclient_r on mixed etch/lenny/sid systems (closes: #495575).
+
+ -- Sean Finney Wed, 20 Aug 2008 19:32:02 +0200
+
+php5 (5.2.6-2) unstable; urgency=high
+
+ [ Raphael Geissert ]
+ * Lintian-based changes:
+ - also install a lintian override for libapache2-mod-php5filter
+ - fixed the generic lintian overrides so they are meaningful
+ - dropping linda overrides, linda is gone now
+ - s/meta-package/metapackage
+ * debian/control:
+ - Updated php5's description so it mentions three instead of
+ only two server-side SAPIs
+ - Depend on php5-cli in php-pear (Closes: #482517)
+ + Previous change reverted because of PEAR packages FTBFS
+ - {B-,}Depend on tzdata to avoid crashes caused by the tz ext patch
+ - Dropped some versioned {b-,}dependencies that are satisified
+ even on sarge
+ * php.ini-*: state that when using a custom save_path,
+ gc_probability should also be set (Closes: #388808, #321460)
+ * tzdb-nofree_ents_ifnotzdata.patch: avoid free'ing ents when the tz dir does
+ not exist (Closes: #483461)
+
+ [ Sean Finney ]
+ * Fix for CVE-2008-2829: unsafe usage of deprecated imap functions
+ Patch: CVE-2008-2829.patch
+ * Modifications to suhosin.patch due to alignment problems on some
+ architectures. Thanks to Stefan Esser for the initial suggestion.
+ (Closes: #481737).
+ * Rename the apache2 filter module to libphp5filter.so, to prevent
+ conflicting filenames for symbols in the debug package.
+
+ -- Sean Finney Thu, 03 Jul 2008 08:14:45 +0200
+
+php5 (5.2.6-1) unstable; urgency=medium
+
+ * New upstream release. Fixes several security issues of unknown impact:
+ + possible stack buffer overflow in the FastCGI SAPI
+ + integer overflow in printf()
+ + unknown issue CVE-2008-0599
+ + a safe_mode bypass in cURL
+ + incomplete multibyte chars inside escapeshellcmd()
+
+ [ Sean Finney ]
+ * New patch (use_embedded_timezonedb.patch) allows us to default to
+ using the system provided timezone database instead of the one bundled
+ with PHP. Many thanks to Joe Orten from Red Hat for the patch!
+ (closes: #447174, #471104).
+ * Updated the Suhosin patch to v0.9.6 (5.2.6).
+ * New patch: force_libmysqlclient_r.patch, forcing the build system
+ to link against the threadsafe libmysqlclient without having to enable
+ the other zts features in php. This is required since the apr libraries
+ are now linking against this as well and mysql exports the same symbols
+ from both libraries. Thanks to Stefan Fritsch (closes: #469081).
+ * Massaged/updated various other patches in debian/patches
+ * Update copyright information to have information about non-trivial
+ patches worthy of copyright attributions, and update information about
+ current debian maintainers.
+ * Add some useful quilt settings in debian/rules to lower the amount of
+ noise in future quilt updates.
+ * Now building a php5 apache2 module with filter-module support in a new
+ libapache2-mod-php5filter package (closes: #438120).
+
+ [ Thijs Kinkhorst ]
+ * Checked for policy 3.7.3, no changes.
+
+ [ Raphael Geissert ]
+ * Build a php5-dbg package with the debug symbols of the SAPIs & extensions
+ + Bump debhelper dependency to >= 5 as dh_strip behaves differently.
+ * debian/watch: refactored so it can actually be used to download the tarball
+ * debian/rules: removed bashisms (Closes: #478613)
+ * debian/control: add a notice about Suhosin being applied (Closes: #471324)
+ + Additionally make sure the PHP boilerplate is the same for each package
+ * debian/patches/manpage_spelling.patch:
+ - fix spelling mistakes in man page (Closes: #413712)
+ * debian/NEWS: s/suhosin/Suhosin (Closes: #434351)
+ * debian/control: removed ORed postgresql-dev build-dep (Closes: #429981)
+ + postgresql-dev is a transitional package since etch
+ * Override the following lintian messages:
+ + SAPI packages package-contains-empty-directory usr/lib/php5/20060613+lfs/
+ + php5-common package-contains-empty-directory usr/lib/php5/libexec/
+ * Set our custom PHP_PEAR_DOWNLOAD_DIR when building the pear stuff
+ + Avoids the creation of /tmp/pear (Closes: #463979)
+ * Replaced all 'make' with '$(MAKE)' so any extra flag is preserved
+ * debian/rules: s/DEB_BUILD_ARCH/DEB_HOST_ARCH
+ + HOST is the machine the package is built for.
+ * Recommend php5-cli instead of depending on it in php-pear (Closes: #243214)
+ + php5-cli is only needed by the, rearely used, pear installer
+ * debian/README.source: inform how to generate php5-dbg's Depends
+ * debian/patches/029-php.ini_paranoid.patch: updated (Closes: #459814)
+ + Thanks to Javier Fernández-Sanguino Peña
+ Changes:
+ - includes some variables which were no present in the first version and
+ removes modules not available in PHP5. Also fixes typos in comments which
+ have since been fixed in php.ini-dist
+ - adds notes (Debian-specific) of which security features applications
+ should not rely on
+ - add more information of why some variables were enabled
+ - reorder the description of changes to suit the location in the config file
+ - add notes of deprecated features in PHP6
+ - add more (suggested) changes to the session module to make a more secure
+ use and storage of session IDs.
+ - remove the 'include' function from the list of disabled functions as it
+ is quite common for most applications
+ - modify the valid 'include_path' to make it really paranoid ('.' is not
+ allowed anymore)
+ - adjust locations of directories, including the upload dir and session dir
+ - proper definition for sql.safe_mode and description (missing in
+ php.ini-dist of what it is really for)
+ - added session configuration variables which are not available in
+ php.ini-dist together with recommended paranoid values
+ (session.referer_check, session.entropy_file, session.entropy_length)
+ - added more information to session configuration (not available in php.ini)
+ based on the information at php.net
+ * Lintian-based changes:
+ - debian/php5-common.dirs: do NOT create usr/share/doc/php5-common/PEAR/
+ - fixed a hyphen-used-as-minus-sign in php5(1):319
+ - get rid of usr/share/php/data/Structures_Graph/LICENSE in php-pear
+ * Move /usr/share/php/docs to /usr/share/doc/pear-php/PEAR (Closes: #331034)
+
+ [ Steve Langasek ]
+ * Step down from the PHP maintenance team, removing myself from uploaders.
+ So long, and thanks for all the fish!
+
+ -- Sean Finney Sun, 04 May 2008 21:15:47 +0200
+
+php5 (5.2.5-3) unstable; urgency=high
+
+ * zend_parse_parameters does not handle size_t's, causing issues with
+ 043-recode_size_t.patch and segmentation faults for recode-using pages.
+ changed problematic parameters back to "int" and added an overflow check.
+ thanks to Thomas Stegbauer, Tim Dijkstra, Bart Cortooms, Sebastian Göbel,
+ and Vincent Tondellier for their reports. closes: #459020.
+
+ -- Sean Finney Thu, 21 Feb 2008 00:59:21 +0100
+
+php5 (5.2.5-2) unstable; urgency=low
+
+ * debian/patches/libdb_is_-ldb: reorder the search for db4 instances to
+ give precedence to -ldb, so that we always get the version that matches
+ the installed -dev package instead of whichever most recent version php
+ upstream currently knows about. Closes: #463397.
+ * Update suhosin patch to not patch .dsp files (and config.w32), which
+ are irrelevant to Unix builds and seem to cause problems for clean
+ patching/unpatching.
+
+ -- Steve Langasek Fri, 01 Feb 2008 18:46:15 +0000
+
+php5 (5.2.5-1) unstable; urgency=low
+
+ [ Sean Finney ]
+ * New upstream release
+ * Updated suhosin patch for 5.2.5 minus ./configure as before.
+ * Workaround for xargs not handling extra long cmdlines in session
+ cleanup script (Closes: #461755).
+ * Remove unneccesary DEB_BUILD_GNU_TYPE fudging (Closes: #429066). Thanks
+ to Riku Voipio for the report/patch.
+
+ [ Raphael Geissert ]
+ * debian/rules: now DEB_BUILD_OPTIONS=nocheck aware
+ * Updated description of the php5 meta-package to reflect removal of apache
+ (Closes: #418038)
+ * Capitalise apache where needed (Closes: #439575)
+ * Homepage is now a control entry (moved from Description), Closes: #439578
+ * Fixed test-results.txt target so parallel package building doesn't fail
+ * Added Suggests: php5-timezonedb to all the SAPIs
+
+ [ Steve Langasek ]
+ * Add ${shlibs:Depends} to php5-common, since it does build ELF objects now
+ (pdo.so)
+ * Update build-deps to libdb4.6-dev now that libaprutil1-dev has switched.
+ Closes: #461192.
+
+ -- Steve Langasek Thu, 17 Jan 2008 13:39:17 -0800
+
+php5 (5.2.4-2) unstable; urgency=low
+
+ [ sean finney ]
+ * for posterity revised previous changelog to reference the CVE id's
+ of security issues resolved by the latest upstream release.
+ * lintian: use debian/compat instead of DH_COMPAT in debian/rules.
+ * lintian: use source:Version and binary:Version where appropriate,
+ instead of Source-Version
+ * lintian: remove a couple pieces of cruft in the changelog that were causing
+ false-postive wrong-bug-number-in-closes, but were generally useless
+ anyway.
+
+ [ Raphael Geissert ]
+ * Using test-results.txt as a target
+ * cronjob now checks for existance of /usr/lib/php5/maxlifetime (Closes: #439286)
+ * Fixed memory limit of 1232M in php.ini for cli (Closes: #440624)
+ * Build the interbase extension using firebird2.0-dev (Closes: #433736)
+ * Unapply patches with debian/rules clean
+
+ [ Steve Langasek ]
+ * Don't patch configure or php_config.h.in in suhosin.patch, as these are
+ auto-generated and including them in the patch results in a race
+ condition for the necessary build-time regeneration. Thanks to Daniel
+ Schepler for reporting, and to Damyan Ivanov for helping to sort out the
+ fix. Closes: #443637.
+ * Also remove the modified auto-generated files in the clean target,
+ which triggers a warning about disappearing files when building the
+ source package but avoids carrying irrelevant diffs to these files
+ in the Debian diff.
+ * Now that the testsuite is being run at build time, test failures cause
+ a bunch of junk files to be left around in the Debian diff. So clean up
+ several false-positive failures:
+ - 052-phpinfo_no_configure.patch: we're patching the output of phpinfo(),
+ so patch the test as well
+ - fix_broken_upstream_tests.patch: use a local directory for tests that
+ use sessions, skip the phpinfo test after all because it doesn't appear
+ to be compatible with current testsuite behavior, and disable the
+ moneyformat test if en_US locale is not available.
+ There are still several other failing tests, but these are not false
+ positives and remain enabled pending investigation.
+
+ -- sean finney Wed, 24 Oct 2007 21:51:14 +0200
+
+php5 (5.2.4-1) unstable; urgency=low
+
+ * New upstream release.
+ * Security issues resolved in the latest release:
+ - CVE-2007-2519 - Directory traversal vulnerability in PEAR
+
+
+ [ sean finney ]
+ * patch from Jan Wagner to be able to conditionally disable any
+ patches that break binary-compatibility with official php
+ binary-only extensions. see debian/rules for more information.
+ * now incorporate the php unit tests into the build process. for
+ those interested the output is stored in the file
+ /usr/share/doc/php5-common/test-results.txt .
+ * by default we now ship with enable_dl = Off, as there are some
+ fairly significant ramifications security-wise to having it on.
+ * we shipping with the suhosin patch enabled by default.
+ special thanks to Blars Blarson for providing a sparc machine for
+ testing purposes with 5.2.3 (closes: #397179).
+ * new binary package php5-gmp, with the newly enabled gmp extension,
+ since whatever reason for not doing so either never existed or no
+ no longer exists (closes: #344137). Build-Depends added for libgmp3-dev.
+
+ [ Steve Langasek ]
+ * php5-module.postinst: don't assume that the postinst is only relevant
+ when called with 'configure' as an argument, some future debhelper code
+ could apply in the case of other methods of invocation.
+ * Clean up build dependencies for recent library transitions:
+ - libsnmp-dev is now the real package name, and is supported as a virtual
+ package for backports.
+ - re-add firebird2-dev as an alternative to firebird1.5-dev, to support
+ backports.
+ - the curl -dev package name has changed from libcurl3-openssl-dev to
+ libcurl4-openssl-dev; update to the proper name, with libcurl-dev as
+ an alternative.
+ * Switch php5-sybase to use the mssql extension instead of the sybase_ct
+ extension. Closes: #418734, #329065.
+
+ -- sean finney Sun, 16 Sep 2007 14:46:06 +0200
+
+php5 (5.2.3-1) unstable; urgency=low
+
+ * new upstream release.
+ * upstream has incorporated the last of the recent CVE fixes, so
+ the patches have been removed.
+ * change build dependencies for firebird2-dev -> firebird1.5-dev,
+ as the firebird maintainer has changed names in order to provide
+ more clarity since there's also a firebird2.0 now (closes: #427181).
+ * now include, but do not apply by default, the suhosin patch. see
+ NEWS.Debian for more information.
+
+ -- sean finney Mon, 04 Jun 2007 22:02:10 +0200
+
+php5 (5.2.2-2) unstable; urgency=low
+
+ [sean finney]
+ - build with --with-ldap-sasl and modify build-depends to include
+ libsasl2-dev in order to get the ldap_sasl_bind function (closes: #422490).
+ - the json extension is now on by default in php builds, so there's
+ no need for the php5-json package. added a Provides/Conflicts to
+ help set an upgrade path.
+ - apache 1.x support is soon disappearing. as a consequence we are
+ no longer building the libapache-mod-php5 module. the php5 metapackage
+ should as a result bring in libapache2-mod-php5 by default for those who
+ already have it installed.
+
+ -- sean finney Sun, 20 May 2007 21:59:56 +0200
+
+php5 (5.2.2-1) unstable; urgency=low
+
+ [ sean finney ]
+ * new upstream release (closes: #422405).
+ * /most/ of the previous CVE patches have been committed upstream, though:
+ - the patch for MOPB-41 was fixed in a different way and we'll be keeping
+ our fix for the time being.
+ - it doesn't seem like MOPB-45 has been fixed yet.
+ * remove build-dependency option on libmysqlclient12-dev, since the mysqli
+ option requires it, and 15 is in stable now anyway. thanks to
+ Henk van de kamer for finding this (closes: #422224).
+ * now includes requested fix for mysql row counts (closes: #418471).
+ * needle/haystack issues are reported fixed (closes: #399924).
+ * oh yeah, because we're using quilt now: (closes: #338315).
+ * update build-deps to libdb4.5-dev | libdb4.4-dev (closes: #421929).
+ note that the resulting php packages won't actually build against
+ libdb4.5 until all of our build-dependant packages do too.
+
+ -- sean finney Sat, 05 May 2007 19:56:30 +0200
+
+php5 (5.2.0-12) unstable; urgency=high
+
+ [ sean finney ]
+ * modify the build-depends to play more nicely when the net-snmp
+ maintainers decide to change their package names (closes: #421061).
+
+ -- sean finney Tue, 01 May 2007 14:24:01 +0200
+
+php5 (5.2.0-11) unstable; urgency=high
+
+ [ sean finney ]
+ * The following security issues are addressed with this update:
+ - CVE-2007-0910/MOPB-32 session_decode() Double Free Vulnerability
+ * note that this is an update to the previous version of the upstream
+ fix for CVE-2007-0910, which introduced a seperate exploit path.
+ - CVE-2007-1286/MOPB-04 unserialize() ZVAL Reference Counter Overflow
+ - CVE-2007-1380/MOPB-10 php_binary Session Deserialization Information Leak
+ - CVE-2007-1375/MOPB-14 substr_compare() Information Leak Vulnerability
+ - CVE-2007-1376/MOPB-15 shmop Functions Resource Verification Vulnerability
+ - CVE-2007-1453/MOPB-18 ext/filter HTML Tag Stripping Bypass Vulnerability
+ - CVE-2007-1453/MOPB-19 ext/filter Space Trimming Buffer Underflow Vuln.
+ - CVE-2007-1521/MOPB-22 session_regenerate_id() Double Free Vulnerability
+ - CVE-2007-1583/MOPB-26 mb_parse_str() register_globals Activation Vuln.
+ - CVE-2007-1700/MOPB-30 _SESSION unset() Vulnerability
+ - CVE-2007-1718/MOPB-34 mail() Header Injection
+ - CVE-2007-1777/MOPB-35 zip_entry_read() Integer Overflow Vulnerability
+ - CVE-2007-1887-1888/MOPB-41 sqlite_udf_decode_binary() Buffer Overflow
+ - CVE-2007-1824/MOPB-42 php_stream_filter_create() Off By One Vulnerablity
+ - CVE-2007-1889/MOPB-44 Memory Manager Signed Comparision Vulnerability
+ - CVE-2007-1900/MOPB-45 ext/filter Email Validation Vulnerability
+ * The other security issues resulting from the "Month of PHP bugs" either
+ did not affect the version of php5 shipped in unstable, or did not merit
+ a security update according to the established security policy for php
+ in debian. You are encouraged to verify that your configuration is not
+ affected by any of the other vulnerabilities by visiting:
+ http://www.php-security.org/
+ * other, less interesting changes:
+ - now use quilt for managing local patches.
+ - massage all of the patches, eliminating fuzz and offsets.
+
+ -- sean finney Mon, 23 Apr 2007 19:02:51 +0200
+
+php5 (5.2.0-10) unstable; urgency=high
+
+ [ sean finney ]
+ * The php security update contained a regression in the streams
+ module. this version contains an updated version of the patch
+ for CVE-2007-0906 (116-CVE-2007-0906_streams.patch), which should
+ fix the regression. Thanks to Martin Pitt for noticing this.
+ * Fix the patch names in the previous changelog entry, and fix a factual
+ inaccuracy that was accidentally pasted from the php4 changelog.
+ * The previous update was missing two fixes from CVE-2007-0906:
+ * interbase: (116-CVE-2007-0906_interbase.patch)
+ * zip: (116-CVE-2007-0906_zip.patch)
+
+ -- sean finney Wed, 07 Mar 2007 23:11:29 +0100
+
+php5 (5.2.0-9) unstable; urgency=high
+
+ [ sean finney ]
+ * The following security issues are addressed with this update:
+ - CVE-2007-0906: Multiple buffer overflows in various code:
+ * session (116-CVE-2007-0906_session.patch)
+ * imap (116-CVE-2007-0906_imap.patch)
+ * str_replace: (116-CVE-2007-0906_string.patch)
+ * the sqlite and mail related vulnerabilities in this CVE do not
+ affect the php5 source packages.
+ - CVE-2007-0907: sapi_header_op buffer underflow (116-CVE-2007-0907.patch)
+ - CVE-2007-0908: wddx information disclosure (116-CVE-2007-0908.patch)
+ - CVE-2007-0909: More buffer overflows:
+ * the odbc_result_all function (116-CVE-2007-0909_odbc.patch)
+ * various formatted print functions (116-CVE-2007-0909_print.patch)
+ - CVE-2007-0910: Clobbering of super-globals (116-CVE-2007-0910.patch)
+ - CVE-2007-0988: 64bit unserialize DoS (116-CVE-2007-0988.patch)
+ Closes: #410995.
+ * The package maintainers would like to thank Joe Orton from redhat and
+ Martin Pitt from ubuntu for their help in preparation of this update.
+ * backport upstream fix for AUTH PLAIN support in imap extension
+ Closes: #401712.
+
+ -- sean finney Sat, 03 Mar 2007 11:13:33 +0100
+
+php5 (5.2.0-8) unstable; urgency=high
+
+ [ sean finney ]
+ * Update package information to say simply "Apache 2" instead
+ of "Apache 2.0" (ref: #400306).
+ * Update package description for php-pear to mention needing
+ phpN-dev for building PECL extensions (closes: #401825).
+ * Add mention of Freetype fonts to php5-gd package description,
+ thanks to Ole Laursen for the suggestion (closes: #387881).
+ * Include a backported version of upstream's fix for
+ alignment calculatations which cause FTBFS problems for
+ some arches. Thanks to Roman Zippel for finding this (closes: #401129).
+ patch: 114-zend_alloc.c_m68k_alignment.patch
+ * Remove --enable-yp, as it's no longer used and seperately
+ packaged. Thanks to Martijn Grendelman for mentioning this
+ (closes: #402161).
+ * Add mention to README.Debian of needing to restart apache when
+ installing modules (closes: #392249).
+ * Don't strip the DSO modules if building with DEB_BUILD_OPTIONS
+ containing nostrip
+ * Backported a patch from upstream CVS to fix a rather nasty
+ memory leak in zend_alloc (closes: #402506).
+ patch: 115-zend_alloc.c_memleak.patch
+ * The memleak and FTBFS are targeted at etch, and there aren't
+ any other significant changes, so priority=high.
+
+ -- sean finney Sun, 17 Dec 2006 16:49:35 +0100
+
+php5 (5.2.0-7) unstable; urgency=high
+
+ [ Steve Langasek ]
+ * Also disable firebird in the PDO config for archs other than
+ i386/amd64.
+
+ -- sean finney Fri, 24 Nov 2006 15:20:53 +0100
+
+php5 (5.2.0-6) unstable; urgency=high
+
+ [ sean finney ]
+ * firebird2-dev (and thus php5-interbase) is only available on
+ i386/amd64, so update the control/rules information accordingly.
+ thanks to Bastian Blank for reporting this (closes: #399558).
+
+ -- sean finney Wed, 22 Nov 2006 19:04:04 +0100
+
+php5 (5.2.0-5) unstable; urgency=high
+
+ [ sean finney ]
+ * bring some of the mainline php4 modules back into the php source
+ package instead of distributing them in independant source packages:
+ - php5-imap
+ - php5-interbase
+ - php5-mcrypt
+ - php5-pspell
+ - php5-tidy
+ these modules are still provided in the same binary packages as
+ before, but will now be built in tandem with the core php packages.
+ * fix for pdo.so duplicate loading warnings, thanks to Jan Wagner
+ (closes: #398367, #399248).
+
+ -- sean finney Mon, 20 Nov 2006 12:41:37 +0100
+
+php5 (5.2.0-4) unstable; urgency=high
+
+ * Re-re-enable LFS support, forward-porting vorlon's fixes in
+ the php4 tree.
+ * Add a bit of support in upgrade scripts to avoid unnecessary
+ ucf prompting during upgrades (closes: #398363).
+ * Update build-dependencies to reflect that libpcre3-dev >= 6.6
+ is required. Thanks to Jan Wagner for pointing this out.
+ * loosen dependencys for libapache2-mod-php5 to allow usage with
+ apache2-mpm-itk as an alternative to prefork.
+ Closes: #398580, #398481.
+
+ -- sean finney Wed, 15 Nov 2006 08:33:28 +0100
+
+php5 (5.2.0-3) unstable; urgency=high
+
+ * Unify PHP options for pear binaries to:
+ -d output_buffering=1 -d open_basedir="" -d safe_mode=0 -d memory_limit="-1"
+ (Closes: #397625)
+ * [debian/rules]: Enable PDO building only in apache2 build.
+
+ -- Ondřej Surý Fri, 10 Nov 2006 14:09:00 +0100
+
+php5 (5.2.0-2) unstable; urgency=high
+
+ [ Ondřej Surý ]
+ * Revert Large File Support for this moment. We will try to found
+ root of the problem for etch, but we do not promise anything.
+ (Closes: #397465)
+
+ -- Ondřej Surý Wed, 8 Nov 2006 01:13:48 +0100
+
+php5 (5.2.0-1) unstable; urgency=high
+
+ [ sean finney ]
+ * new upstream release. since this means the 5.1 series is deadware
+ in the eyes of its developers, we better get on this train before
+ it's too late. Note: this also fixes the htmlentities() exploit.
+ Reference: CVE-2006-5465.
+ Closes: #396766.
+ * s/postinst/postrm/ on one critical line in debian/rules. whoops.
+ Thanks to Bart Martens for finding this (closes: #396873).
+ * as a pennance i've enabled LFS support (closes: #359686).
+ * new version now includes all mbstring headers (closes: #391368).
+ * enable new built-in zip support.
+ * enable pdo support for currently supported db types, and place the
+ extensions in the respective extension packages. future db
+ types will be added, but probably post-etch as they will probably
+ introduce new packages/dependencies (closes: #348882).
+ * move the mysqli module into the mysql module's package, and remove
+ the no longer necessary mysqli package.
+ * massaging/removal of various patches to upstream changes:
+ D patches/106-strptime_xopen.patch
+ D patches/110-CVE-2006-4812_zend_alloc.patch
+ M patches/006-debian_quirks.patch
+ D patches/111-mbstring-headers.patch
+ M patches/053-extension_api.patch
+
+ [ Ondřej Surý ]
+ * Package checked, upload to unstable.
+
+ -- Ondřej Surý Tue, 7 Nov 2006 09:26:51 +0100
+
+php5 (5.1.6-6) unstable; urgency=high
+
+ [ sean finney ]
+ * add notes to php.ini(-dist) about "unsupported" security features.
+ patch: 113-php.ini_securitynotes.patch
+
+ [ Ondřej Surý ]
+ * SECURITY: include patch for html buffer overflows in ext/standard/html.c
+ Reference: CVE-2006-5465
+ Patch: 114-CVE-2006-5465_htmlentities.patch
+ Closes: #396766
+
+ -- Ondřej Surý Fri, 3 Nov 2006 12:32:50 +0100
+
+php5 (5.1.6-5) unstable; urgency=high
+
+ [sean finney]
+ * add a README.Debian.security to clarify how we handle/respond
+ to security problems in stable releases.
+ * SECURITY: include patch for integer overflow in zend_alloc.c.
+ Reference: CVE-2006-04812 (closes: #391586).
+ patch: 110-CVE-2006-4812_zend_alloc.patch
+ * bump the debhelper compatibility level to 4.
+ * remove cyclic depends for mysql/mysqli.
+ * the long overdue rework of configuration file handling. this also
+ removes the need for debconf and template translations
+ (closes: #361211, #393788, #388697).
+ * start using ucf to manage the the various SAPI php.ini files.
+ * cleanup and consolidation of a few things in the ./debian dir
+ * bump the memory limit to 32M for the cli API (closes: #375070, #340586).
+ * include a fix for missing mbstring headers reported by Jan Wagner
+ (closes: #391368).
+ patch: 111-mbstring-headers.patch.
+ * include support for PTY's in proc_open, as reported by Eike Dehling.
+ according to php's BTS (http://bugs.php.net/bug.php?id=39224) the
+ feature was disabled only because the configure script couldn't
+ accurately determine whether the feature was available, and we know
+ it is :) (closes: #381438).
+ patch: 112-proc_open.patch.
+ * update standards-version to 3.7.2
+
+ -- sean finney Sat, 28 Oct 2006 14:29:44 +0200
+
+php5 (5.1.6-4) unstable; urgency=high
+
+ [sean finney]
+ * no longer build against GPL'd gdbm library (closes: #390452).
+ * updated apache2 module dependencies to build against and coexist
+ with apache2.2 (closes: #390455).
+
+ -- sean finney Sat, 07 Oct 2006 12:06:09 +0200
+
+php5 (5.1.6-3) unstable; urgency=low
+
+ [ sean finney ]
+ * php5 was building against db4.3 even though db4.4 headers were
+ installed. fix applied to ./ext/dba/config.m4 while we wait
+ for a real fix from upstream (closes: #388601).
+
+ -- sean finney Mon, 02 Oct 2006 17:42:50 +0200
+
+php5 (5.1.6-2) unstable; urgency=low
+
+ [ sean finney ]
+ * enable the mysqli extension (closes: #320835).
+
+ -- sean finney Tue, 19 Sep 2006 19:31:27 +0200
+
+php5 (5.1.6-1) unstable; urgency=high
+
+ [ Adam Conrad ]
+ * Drop 041-shut_up_snmp.patch, which was no longer needed as of 5.1.0.
+
+ [ Ondřej Surý ]
+ * Acknowledge NMU.
+ * New upstream release (Closes: #383596)
+ - Added missing safe_mode/open_basedir checks inside the error_log(),
+ file_exists(), imap_open() and imap_reopen() functions.
+ - Fixed overflows inside str_repeat() and wordwrap() functions on 64bit
+ systems.
+ - Fixed possible open_basedir/safe_mode bypass in cURL extension and
+ with realpath cache. (CVE-2006-2563) (Closes: #370165)
+ - Fixed overflow in GD extension on invalid GIF images.
+ - Fixed a buffer overflow inside sscanf() function. (CVE-2006-4020)
+ (Closes: #382256)
+ - Fixed an out of bounds read inside stripos() function.
+ - Fixed memory_limit restriction on 64 bit system (really with 5.1.6).
+ * Bump libdb build-dep from libdb4.3 to libdb4.4, to match with apache.
+
+ -- Ondřej Surý Sat, 19 Aug 2006 14:41:43 +0200
+
+php5 (5.1.4-0.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * New upstream release. (Closes: #366109)
+ * Fixes information leak in html_entity_decode() (CVE-2006-1490).
+ (Closes: #359907)
+ * Fixes phpinfo() XSS (CVE-2006-0996). (Closes: #361914)
+ * Fixes copy() safe mode bypass (CVE-2006-1608). (Closes: #361915)
+ * Fixes tempnam() open_basedir bypass (CVE-2006-1494). (Closes: #361916)
+ * Fixes wordwrap() buffer overflow (CVE-2006-1990). (Closes: #365312)
+ * Fixes substr_compare() DoS condition (CVE-2006-1991).
+ * Fixes crash during too deep recursion (CVE-2006-1549). (Closes: #361917)
+ * Fixes injection in mb_send_mail() (CVE-2006-1014, CVE-2006-1015); not
+ mentioned in upstream changelog. (Closes: #368595)
+ * 044-strtod_arm_fix.patch: Adapted for new upstream; pulled in from
+ Piotr Roszatycki's packages.
+ * 108-64bit_datetime.patch: Patch to fix possible segfault on systems where
+ sizeof(void*) > sizeof(int); patch from David Mosberger-Tang.
+
+ -- Steinar H. Gunderson Tue, 13 Jun 2006 22:38:33 +0200
+
+php5 (5.1.2-1) unstable; urgency=low
+
+ * New upstream bugfix and security update release (closes: #347894)
+ - Fixes multiple cross-site-scripting vulnerabilities; CVE-2006-0208
+ - Resolves multiple HTTP response splitting vulnerabilities, allowing
+ arbitrary header injection via Set-Cookie headers; see CVE-2006-0207
+ - While we don't currently build it, this release also fixes a format
+ string vulnerability in the mysqli extension; see CVE-2006-0200
+ - Includes a new version of the PEAR installer that seems to have a
+ slightly better clue about the difference between INSTALL_ROOT and
+ PHP_PEAR_INSTALL_DIR, fixing pear.conf (closes: #346479, #346501)
+ * While the above is partially true, the PEAR installer is still a bit
+ broken (it won't install correctly under fakeroot anymore, YAY), so
+ shuffle debian/rules to have a build-pear-stamp target, as a stopgap.
+ * Add 106-strptime_xopen.patch, moving the _XOPEN_SOURCE definition down
+ in ext/standard/datetime.c, below the php.h include (closes: #346550)
+ * Add 107-reflection_is_ext.patch, munging ext/reflection/config.m4 to
+ properly call the PHP_ARG_ENABLE macro for an extension, not built-in.
+ * Stop php-pear from Replacing and Conflicting with php-html-template-it,
+ as we only now ship the bare essential to make the pear installer go.
+
+ -- Adam Conrad Mon, 16 Jan 2006 16:12:31 +1100
+
+php5 (5.1.1-1) unstable; urgency=low
+
+ * New upstream bugfix release, skipping the problematic 5.1.0 release:
+ - Fixes a zend.ze1_compatibility_mode segfault (closes: #333374)
+ - Remove libtool patch from acinclude.m4, now integrated upstream.
+ - Remove 038-round_test_fix.patch, now integrated upstream.
+ - Remove 049-exported-headers.patch, as upstream's build system has
+ gotten more clever about what they should and shouldn't export.
+ - Remove 054-open_basedir_slash.patch, now integrated upstream.
+ - Remove 055-gd_safe_mode_checks.patch, fixed differently upstream.
+ - Mangle 101-sqlite_is_shared.patch, to deal with upstream changes.
+ - Remove 104-64_bit_serialize.patch, now integrated upstream.
+ - Remove 105-64_bit_imagettftext.patch, now integrated upstream.
+ * Many security vulnerabilities fixed (closes: #341368, #336005, #336654):
+ - Resolves a local denial of service in the apache2 SAPI, which can
+ be triggered by using session.save_path in .htaccess; CVE-2005-3319
+ - Resolves an infinite loop in the exif_read_data function which can
+ be triggered with a specially-crafted JPEG image; CVE-2005-3353
+ - Resolves a vulnerability in the parse_str function whereby a remote
+ attacker can fool PHP into turning on register_globals, thus making
+ applications vulnerable to global variable injections; CVE-2005-3389
+ - Resolves a vulnerability in the RFC1867 file upload feature where, if
+ register_globals is enabled, a remote attacker can modify the GLOBALS
+ array with a multipart/form-data POST request; see CVE-2005-3390
+ - Resolves numerous safe_mode and open_basedir bypasses; CVE-2005-3391
+ - Resolves INI settings leaks in the apache2 SAPI, leading to safe_mode
+ and open_basedir bypasses between virtual hosts; CVE-2005-3392
+ - Resolves a CRLF injection vulnerability in the mb_send_mail function,
+ allowing injection of arbitrary mail headers; see CVE-2005-3883
+ - Includes PEAR 1.4.5, resolving a vulnerability in the pear installer
+ which could lead to arbitrary code execution; see CVE-2005-4154
+ * Bump libdb build-dep from libdb4.2 to libdb4.3, to match with apache.
+ * Bump our MySQL build-dep to 5.0's libmysqlclient15-dev (closes: #343793)
+ * Automate the process of getting the list of built-in modules into the
+ package descriptions, so it stays fresh in the future (closes: #341867)
+ * Intentionally disable PDO support until I've sorted out the best way to
+ deal with shipping this shiny new feature that won't break the world.
+ * The new PEAR happens to fix the Command.php greedy match bug filed in
+ Debian as part of the fix for the wider security issue (closes: #334969)
+ * Create 056-mime_magic_strings.patch, making the mime_magic extension
+ more liberal about what mime-types is accepts, as well as making it skip
+ over ones it dislikes, rather than disabling itself (closes: #335674)
+ * Add 057-no_apache_installed.patch, to stop spewing a mess of errors in
+ configure because we don't have the apache binaries in the build chroot.
+ * Fix small typo in the php5-xsl package description (closes: #344816)
+
+ -- Adam Conrad Thu, 15 Dec 2005 14:46:56 +1100
+
+php5 (5.0.5-3) unstable; urgency=low
+
+ * Build-Depend on libcurl3-openssl-dev, since libcurl3-dev is going away
+ soon. Keep libcurl3-dev as an alternate for backporting (see: #334367)
+ * Switch from libmysqlclient12 to libmysqlclient14; this puts us on the
+ *other* side of the line regarding which combinations of DSOs cause
+ segfaults, so hopefully the others catch up with us soon (closes: #332453)
+ * Look for magic.mime in /usr/share/file now instead of /usr/share/misc/file,
+ as the path has been changed to comply with the FHS (see: #334510)
+ * Make the above backportable as well, by searching for both files, and
+ picking the one that's currently installed on the user's system.
+ * Include swedish debconf translation from Daniel Nylander (closes: #330763)
+ * Make pear use '/usr/bin/php' instead of just 'php' to make sure we don't
+ get some random binary on $PATH that won't work right (closes: #329415)
+ * Set PHP_PEAR_SIG_BIN to /usr/bin/gpg, and have php-pear Recommends: gnupg
+
+ -- Adam Conrad Fri, 21 Oct 2005 02:30:19 +1000
+
+php5 (5.0.5-2) unstable; urgency=medium
+
+ * Remove Andres Salomon from the Uploaders field, at his request. Thanks
+ for all your work on the PHP packages, Andres, now fix our kernel bugs.
+ * Add 054-open_basedir_slash.patch, which fixes a bug where if open_basedir
+ is set to "/foo/", users can access files in "/foobar/", which is not the
+ documented behaviour; this addresses CAN-2005-3054 (see: #323585)
+ * Add 104-64_bit_serialize.patch from Joe Orton, resolving a segfault when
+ serializing objects on all 64-bit architectures (closes: #329768)
+ * Add 105-64_bit_imagettftext.patch, fixing a type mismatch in the GD
+ extension, causing memory corruption on 64-bit arches (closes: #331001)
+ * Add 055-gd_safe_mode_checks.patch from PHP CVS, adding missing safe_mode
+ checks to the _php_image_output and _php_image_output_ctx GD functions.
+ * Make php-pear Provide, Replace, and Conflict php-html-template-it, which
+ we appear to have absorbed into the main PEAR packaging (closes: #332393)
+
+ -- Adam Conrad Tue, 27 Sep 2005 16:09:29 +1000
+
+php5 (5.0.5-1) unstable; urgency=low
+
+ * New upstream release, adjust patch offsets and fuzz, and drop patches:
+ - Drop 009-snmp-int-sizes.patch, finally fixed upstream.
+ - Drop 051-gcc-4.0.patch, fixed differently upstream.
+ - Drop 102-php_streams.patch, fixed upstream.
+ - Drop 103-catch_segv.patch, also fixed upstream.
+ - Includes PEAR XML_RPC fix for CAN-2005-2498.
+ - Includes phpinfo() XSS fix for CVE-2005-3388.
+ * Distribute the shiny new manpages for php-config and phpize.
+
+ -- Adam Conrad Mon, 12 Sep 2005 02:29:24 +1000
+
+php5 (5.0.4-4) unstable; urgency=low
+
+ * Ondřej Surý :
+ - Add patch from CVS to fix regression in PHP 5.0.4, where file related
+ functions all stop reading at 2,000,000 bytes (closes: #321930)
+ * Adam Conrad :
+ - Enable support for gdbm files in the dba handler; half the base system
+ already appears to depend on libgdm, so we can't make things worse.
+ - Add another patch from CVS to fix a segfault in the catch/throw
+ handler under interesting nesting cases (closes: #322507)
+ - Rebuild against libsnmp9-dev for new libsnmp SOVER (closes: #327107)
+
+ -- Adam Conrad Thu, 8 Sep 2005 00:36:36 +1000
+
+php5 (5.0.4-3) unstable; urgency=low
+
+ * And fix the module/extension API situation one last time, this time
+ we read ZEND_EXTENSION_API_NO, ZEND_MODULE_API_NO, and PHP_API_VERSION,
+ pick the most recent of the three, assume things broke in ways we're
+ not willing to cope with, and both change the extension directory to
+ use that value, as well as setting it to the provides/depends for the
+ various SAPI and extension packages.
+ * Add a new option to php-config, 'php-config --phpapi', which extension
+ packagers should now be using to get the current phpapi they're building
+ against and set their dependencies accordingly.
+ * Strip the -gnu off the end of the DEB_*_* variables and drop the
+ versioned dpkg-dev build-dep to ease backporting to sarge and hoary;
+ doing so in such a way as to still allow for easy cross-compiling.
+ * Add postgresql-dev build-dep alternate for easy hoary/sarge backports.
+ * Make libapache2-mod-php5 the default alternate dependency for the php5
+ metapackage, since we really do want to encourage the apache upgrade.
+ * Make php5-dev stop shipping copies of files from autotools-dev, shtool,
+ and libtool, and instead symlink to them and depend on those packages,
+ thus avoiding the shtool issues from CAN-2005-1751 and CAN-2005-1759.
+
+ -- Adam Conrad Sun, 31 Jul 2005 03:05:08 +1000
+
+php5 (5.0.4-2) unstable; urgency=low
+
+ * We now have a mailing list. Set the maintainer to the list, and move
+ myself to Uploaders where, apparently, I belong.
+ * Use ZEND_MODULE_API_NO rather than PHP_API_VERSION for extension deps,
+ as recent upstream ABI breakage in 4.4.0 leads me to believe this is
+ the only constant they actually bother to update on ABI changes.
+ * Bring back some concflicts that went missing (libapache-mod-php5 needs
+ to conflict with libapache-mod-php4 and older versions of php4, while
+ the two libapache2-mod-php[45] modules also need to conflict).
+ * Adjust debian/watch to not match on upstream's alpha/beta/rc releases.
+
+ -- Adam Conrad Wed, 27 Jul 2005 22:30:42 +1000
+
+php5 (5.0.4-1) unstable; urgency=low
+
+ * Initial PHP5 release; packaging forked from php4 4:4.3.11-1.
+ - Closes: #262977, #293832
+ * Ondrej Sury :
+ - Removed some obsolete cruft, since there wasn't any previous php5
+ packages there is no need, to check /usr/share/doc/*, etc.
+ - Removed apache2 IfModule hack, it's been fixed in php5.
+ - Updated patches to php5, removing those which are obsolete.
+ - Changes xslt extension to xsl (using libxslt).
+ - Updated debian/* including changelog.
+ - Raised update-alternatives priority to 50.
+ * Adam Conrad :
+ - Merged with php4 4:4.4.0-1 packaging.
+ - Re-roll upstream tarball to include PEAR::XML_RPC 1.3.3, which
+ includes a security fix for CVE CAN-2005-1921.
+ - Bump to Standards-Version 3.6.2, with no source changes.
+ - Stop distributing the phpextdist binary, as upstream has stopped.
+ - Drop the ext_skel binary and skeleton dir from php5-dev, as it has
+ been deemed obsolete upstream and the version in the tarball is not
+ considered useful anymore. PEAR::PECL_Gen upstream will replace it.
+ - Fix longstanding broken shebang lines in debconf config scripts.
+ - Remove lintian overrides for modules; lintian no longer complains
+ about missing shlibs for libraries outside the linker path.
+ - Add a linda override for the non-standard directory permissions on
+ /var/lib/php5 in php5-common.
+ - Rename php5-pear to php-pear, have it replace php4-pear, and depend
+ on php5-cli OR php4-cli; make sure it works with both.
+ - Compile in SOAP extension (closes: #307580)
+ - Enable SQLite extension as shared, make the xmlrpc extension shared.
+ - Enabled the pgsql extension, and disabled the imap extension (which
+ will be moving to another source package and become the example
+ package for out-of-tree builds).
+
+ -- Adam Conrad Sat, 16 Jul 2005 23:42:36 +1000
+
+php4 (4:4.3.11-1) unstable; urgency=low
+
+ * New upstream release (closes: #304052)
+ - Drop CVS patches, we're back in step with upstream versions.
+ - Remove 048-x509_multiple_orgUnits.patch, incorporated in 4.3.11.
+ - Remove 050-4.3.11_file_copy_fix.patch, incorporated in 4.3.11.
+ - Remove 040-curl_open_basedir.patch, as upstream has solved this
+ in a different fashion.
+ - Adjust patches for offset and fuzz.
+ - Remove bits from debian/rules dealing with the DB PEAR extension,
+ since it's no longer shipped in the php4-pear package.
+ * Rebuild against newer version of freetds library (closes: #317369)
+ * Add 052-phpinfo_no_configure.patch, which disables the display of our
+ "Configure Command" in phpinfo(), which was the source of many bogus
+ bug reports over the years, due to people misinterpreting its meaning.
+ * New translations to Vietnamese and Russian (closes: #316821, #310199)
+ - vi.po contributed by Clytie Siddall
+ - ru.po contributed by Yuriy Talakan'
+ * Mention FastCGI in the description of php4-cgi (closes: #310810)
+
+ -- Adam Conrad Mon, 4 Jul 2005 17:47:32 +1000
+
+php4 (4:4.3.10-15) unstable; urgency=low
+
+ * Bring back the shipping of /usr/share/doc symlinks in our packages,
+ as this, in concert with moving the migration detection from preinst
+ to postinst (which was done in the last upload), seems to give us the
+ sanest upgrade path. Thanks to Steve Langasek for smacking me around
+ with unpack/upgrade scenarios for a while to convince me of this.
+
+ -- Adam Conrad Mon, 9 May 2005 02:13:19 -0600
+
+php4 (4:4.3.10-14) unstable; urgency=high
+
+ * Revert the directory->symlink magic to work how it used to, since the
+ new behaviour broke hideously on upgrades from Woody, causing certain
+ files (like the changelog) to mysteriously go missing (closes: #307591)
+ * Move our template php.ini to /usr/share/php4, so we stop violating
+ policy by using files from /usr/share/doc (as seen in #307591)
+ * Remove 'readline' from the php4-cli package description, since we don't
+ actually build with readline support enabled anymore (closes: #306571)
+
+ -- Adam Conrad Wed, 4 May 2005 01:48:19 -0600
+
+php4 (4:4.3.10-13) unstable; urgency=low
+
+ * Update email address for Andres Salomon
+ * Add Portuguese translation from Miguel Figueiredo (closes: #305038)
+ * Include 051-gcc-4.0.patch, which resolves a build failure in
+ libxmlrpc (from the xmlrpc extension) with gcc-4.0 (closes: #287956)
+
+ -- Adam Conrad Mon, 18 Apr 2005 00:29:54 -0600
+
+php4 (4:4.3.10-12) unstable; urgency=low
+
+ * Add 050-4.3.11_file_copy_fix.patch, which reverts a broken 'fix'
+ made to the copy() function, causing it to fail in particularly
+ spectacular ways when used on remote files (closes: #304601)
+ * Use -g instead of -gstabs on powerpc64-linux (closes: #301571)
+
+ -- Adam Conrad Thu, 14 Apr 2005 03:53:27 -0600
+
+php4 (4:4.3.10-11) unstable; urgency=medium
+
+ * Address an FTBFS waiting to happen in the php4-dev package:
+ - Remove Win32 and Netware specific headers.
+ - Stop shipping php4-pgsql headers.
+ - Stop shipping the expat headers, since we don't even
+ use the bundled expat library.
+ - Make php4-dev depend on libssl-dev, since it wants to include
+ ssl.h when you use it to build network-using extensions.
+ * Stop building extensions twice; we don't need two copies.
+
+ -- Adam Conrad Tue, 12 Apr 2005 03:14:03 -0600
+
+php4 (4:4.3.10-10) unstable; urgency=low
+
+ * Update to 200503131325 CVS (AKA: 4.3.11RC1), fixing several bugs
+ including a segfault in mysql_fetch_field() (closes: #299608)
+ * Remove 042-remove_windows_paths.patch, incorporated upstream.
+ * Add 048-x509_multiple_orgUnits.patch to bring the openssl extension
+ in line with the upcoming 4.3.11 behaviour of listing multiple
+ Organisational Units in an x509 cert as an array, rather than only
+ listing the last in the list.
+ * After much talk with upstream, revert the ZTS changes. We are no
+ longer building a thread-safe PHP. (closes: #299820, #297223, #297679)
+ * ZTS was breaking file search paths, leading to errors loading files
+ from the cwd (closes: #298282, #298518, #299089, #299356)
+ * Stop building caudium-php4 (closes: #294718, #297702, #295100)
+ - We can't link against the GPL pike7.2, which we've been doing. Oops.
+ - Even if the above weren't true, upstream has insisted that ZTS is a
+ horribly broken solution, slated for eventual removal, and should
+ never, ever be used. In light of that, caudium users should instead
+ use php4-cgi, either as a plain CGI, or as a FastCGI backend.
+ - Not even attempting to provide an upgrade path, as it would be
+ needlessly complex, and caudium-php4 in previous stable releases
+ was nothing more than a useless toy, given that it had nearly no
+ useful extensions built-in or supported.
+ * Rewrite 041-shut_up_snmp.patch to take a different approach, this time
+ regrettably reverting a fix for a memory leak, in the name of making
+ things work properly, including squashing the putenv() intecaction
+ bug between PHP and other apache modules (closes: #298511, #300628)
+ * On sidegrades from distributions where different modules may be built
+ from their own source, and thus have their own doc directories, bad
+ things happen when we try to replace those with symlinks, so now we
+ check for this in preinst, and fix stuff up magically to Just Work.
+ * Add Jeroen van Wolffelaar to Uploaders.
+ * Fix up modules regexes to use "\.so" instead of ".so" (cf: #300998)
+
+ -- Adam Conrad Wed, 16 Mar 2005 22:46:05 -0700
+
+php4 (4:4.3.10-9) unstable; urgency=low
+
+ * Update 040-curl_open_basedir.patch once more to make sure it doesn't
+ segfault when fed a null or uninitialised URL (closes: #295447)
+ * Add 047-zts_with_dl.patch, courtesy of Steve Langasek to re-enable the
+ dl() function in our builds, despite upstream's claim that it "might
+ not be threadsafe on all platforms"; it is on ours (closes: #297839)
+ * Make the php4-dev binaries versioned with alternatives (closes: #295903)
+ * Update build-deps to libmysqlclient12-dev (closes: #290989, #227549)
+
+ -- Adam Conrad Sun, 6 Mar 2005 07:30:35 -0700
+
+php4 (4:4.3.10-8) unstable; urgency=high
+
+ * Add 046-zend_plist_buggery.patch which unrolls the changes made to
+ zend.c in CVS post-4.3.10. The memory leaks fixed by these changes
+ seem to not have been hurting us terribly so far, while the "fix"
+ (breaking persistent lists) was, uhm, bad (closes: #295998, #296694)
+ * Revise 041-shut_up_snmp.patch to call init_snmp with 'snmpapp' as the
+ appname, rather than 'php', to maintain backward compatibility, and to
+ wrap our setenv/unsetenv magic only around snmp_shutdown, which seems to
+ solve a segfault when php4-snmp is loaded with mod_perl (closes: #296282)
+ * Fix 042-remove_windows_paths.patch to catch both cases where windows
+ path stripping should occur (closes: #296406)
+
+ -- Adam Conrad Tue, 22 Feb 2005 07:49:32 -0700
+
+php4 (4:4.3.10-7) unstable; urgency=high
+
+ * Rewrite 040-curl_open_basedir.patch, so it now does what it's supposed
+ to (addressing CAN-2004-1392) and no longer segfaults (closes: #295447)
+
+ -- Adam Conrad Thu, 17 Feb 2005 00:06:36 -0700
+
+php4 (4:4.3.10-6) unstable; urgency=high
+
+ * Add 044-strtod_arm_fix.patch to fix the FPU confusion FTBFS on arm.
+ * Add 045-exif_nesting_level.patch to bump the exif header parsing max
+ nesting level to something that actually works with most JPEG images.
+
+ -- Adam Conrad Mon, 14 Feb 2005 16:04:28 -0700
+
+php4 (4:4.3.10-5) unstable; urgency=low
+
+ * Add 043-recode_size_t.patch to fix 32/64-bit issues causing the recode
+ extension to segfault on alpha/amd64/ia64 (closes: #294986)
+ * Move the ./buildconf stuff in the unpatch target inside the test
+ for patch-stamp, as it's uselss unless we're unpatching.
+
+ -- Adam Conrad Sun, 13 Feb 2005 19:09:39 -0700
+
+php4 (4:4.3.10-4) unstable; urgency=medium
+
+ * Make php4-dev arch:any, as it contains some arch-specific defines.
+ * Add 042-remove_windows_paths.patch, a patch to rfc1867.c to strip Windows
+ paths from uploaded filenames, like it used to. (closes: #294305)
+ * Fix up caudium description to reflect the fact that caudium it is no
+ longer restricted from sharing extensions with other SAPIs.
+ * Build-dep on apache2-threaded-dev (>= 2.0.53-3) to make sure we
+ get a version with non-broken headers.
+
+ -- Adam Conrad Wed, 9 Feb 2005 11:52:10 -0700
+
+php4 (4:4.3.10-3) unstable; urgency=medium
+
+ * Update to CVS, as of 200502060530 (closes: #288672)
+ - Fixes two vulnerabilities in exif.c, CAN-2005-1042 and CAN-2005-1043
+ - Fixes two vulnerabilities in image.c, CAN-2005-0524 and CAN-2005-0525
+ - File uploads with "'" in them aren't cut off anymore (closes: #288679)
+ - unserialize() is no longer ridiculously slow (closes: #291392)
+ - Add 000-200502060530_CVS.patch
+ - Adapt debian/rules to the realities of upstream's new buildconf
+ - Add 033-we_WANT_libtool.patch, to force relibtoolizing with Debian's
+ libtool, rather than using upstream's broken bundled libtool
+ - Drop 031_zend_strtod_1.1.2.10.patch and 032_zend_strtod_debian.patch
+ - Adjust patches for offsets and fuzz
+ - Force --with-pic, as policy demands it, and the build system doesn't
+ * Added several patches, yanked from the Fedora PHP sources:
+ - 034-apache2_umask_fix.patch, fixes umask not being properly reset
+ after each request (closes: #286225)
+ - 036-fd_setsize_fix.patch, fixes misuse of FD_SET()
+ - 038-round_test_fix.patch, makes the rounding test work on gcc-3.3
+ * Removed --with-libedit, as being able to background php is more useful,
+ in my opinion, than using readline functions (see #286356)
+ * Include zip support in all SAPIs (closes: #288534, #288909)
+ * Enable Zend Thread Safety for all SAPIs, meaning that our modules
+ are now compiled for ZTS APIs as well. (closes: #278212, #264015)
+ - Make sure caudium-php4 now provides phpapi-$(ver), and modules can
+ be configured with the caudium SAPI.
+ - Add 039-reentrant_libs.patch to link to the reentrant versions of
+ libldap and libmysqlclient
+ * Stop suggesting phpdoc, as it's undistributable anyway.
+ * Add 040-curl_open_basedir.patch, to make php4-curl respect the value
+ of open_basedir, thanks to Martin Pitt (closes: #291410)
+ * Add 041-shut_up_snmp.patch, to prevent libsnmp5 from attempting (and
+ failing) to write persistent data every time it shuts down. Ugh.
+
+ -- Adam Conrad Sun, 6 Feb 2005 05:32:11 -0700
+
+php4 (4:4.3.10-2) unstable; urgency=high
+
+ * Patch Zend/zend_strtod.c twice:
+ - Patch from upstream CVS to fix FTBFS on Sparc/Linux systems
+ - Patch from me to fix FTBFS on __mc68000__, __ia64__, and __s390__
+
+ -- Adam Conrad Sat, 18 Dec 2004 19:35:30 -0700
+
+php4 (4:4.3.10-1) unstable; urgency=high
+
+ * New upstream release, including the following security fixes:
+ - CAN-2004-1018 - shmop_write() out of bounds memory write access.
+ - CAN-2004-1018 - integer overflow/underflow in pack() and unpack()
+ functions.
+ - CAN-2004-1019 - possible information disclosure, double free and
+ negative reference index array underflow in deserialization code.
+ - CAN-2004-1020 - addslashes() not escaping \0 correctly.
+ - CAN-2004-1063 - safe_mode execution directory bypass.
+ - CAN-2004-1064 - arbitrary file access through path truncation.
+ - CAN-2004-1065 - exif_read_data() overflow on long sectionname.
+ - magic_quotes_gpc could lead to one level directory traversal with
+ file uploads.
+ * Adjust patch offsets for new upstream, fix 013-force_getaddrinfo.patch
+ to match with new configure.in and drop 026-4.3.10_session_fixes.patch
+ which is included in 4.3.10.
+
+ -- Adam Conrad Wed, 15 Dec 2004 17:17:40 -0700
+
+php4 (4:4.3.9-2) unstable; urgency=low
+
+ * Adam Conrad :
+ - Add -fno-strict-aliasing to CFLAGS, as the (several thousand)
+ warnings I'm getting from GCC are frightening me a tad.
+ - Remove the php-cgi alternative in php4-cgi's prerm, to avoid
+ leaving dangling symlinks (closes: #275962, #282315)
+ - Include 030-imap_getacl.patch, adding the imap_getacl() function
+ required by the GOsa project (closes: #282484)
+ - Include php.ini-paranoid in doc/examples, provided and maintained
+ by Javier Fernández-Sanguino Peña (closes: #274374)
+ - Make /cgi-bin/php4 an alternative for /cgi-bin/php (closes: #282464)
+ - Remove obsolete info from README.Debian relating to session_mm,
+ since we stopped building with libmm a while back.
+ - Reintroduce /usr/lib/php4/libexec that went missing in a previous
+ upload, since the build uses it as the default safe_mode exec dir.
+ * Andres Salomon :
+ - Add patch to include gd headers in php4-dev, as some PECL modules
+ (notably, pdflib) expect it; 028-export_gd_headers.patch.
+ - Lintian fix: Add missing #DEBHELPER# token to php4-common.postrm.
+
+ -- Adam Conrad Wed, 01 Dec 2004 18:48:13 -0700
+
+php4 (4:4.3.9-1) unstable; urgency=high
+
+ * New upstream release, removed the following patches fixed upstream:
+ 014-apache2handler_CVS_fixes.patch, 015-gdNewDynamicCtx_Add_Ex.patch,
+ 018-unix_socket_fd_leak.patch, 020-4.3.9_overflow_fixes.patch,
+ 021-4.3.9_sybase_ct_fixes.patch, 022-4.3.9_sprintf_fixes.patch,
+ 023-4.3.9_array_fixes.patch, 024-4.3.9_glob_fix.patch,
+ and 025-4.3.9_domxml_segfaults.patch
+ * Resolves undiscolsed vulnerabilities in GPC processing and rfc1867
+ handling of file uploads via the $_FILES array; these have since
+ been assigned CVE CAN-2004-0958 and CAN-2004-0959 (closes: #274206)
+ * After some fairly heavy testing from several users and developers,
+ finally update php4-snmp to use libsnmp5 (closes: #195929)
+ * Add 026-4.3.10_session_fixes.patch from CVS, which prevents PHP
+ from segfaulting when a nonexistant or unsupported save_handler or
+ serialize_handler is specified in php.ini.
+ * Add /etc/apache/conf.d/php4.conf, setting up our mime-types, on the
+ off chance that the user's /etc/mime.types is broken (closes: #271171)
+ * Reintroduce a CGI binary at /usr/bin/php4-cgi, so people who can't
+ make use of the --force-cgi-redirect CGI binary in /usr/lib/cgi-bin
+ can instead use #!/usr/bin/php4-cgi scripts (closes: #273143)
+ * Enable FastCGI for both CGI binaries, now that it no longer conflicts
+ with, but rather complements, the CGI SAPI (closes: #233849)
+ * Bump libgd2 build-dep a notch to make sure we build against a version
+ that actually has XPM support built in (closes: #270435)
+ * Finally drop the bogus libapache-mod-ssl dependency from the apache1.3
+ php4 module, as glibc (>= 2.3.2.ds1-17) has fixed the dlopen refcount
+ bug that we were hacking around (closes: #205553, #230956, #271000)
+ * Remove the mm session handler from the apache1.3 build. Since the
+ files handler now works on all arches, and is configured to be secure
+ by default, mm seems to have outlived its usefulness.
+ (closes: #119902, #149430, #166811, #272463, #232840)
+ * Rename sapi/apache2handler/sapi_apache2.c to mod_php4.c so that
+ directives aren't ambiguous between php4 and php5.
+ * Add Czech translation, thanks to Miroslav Kure (closes: #274038)
+ * Configure CLI with --with-libedit for readline support, and add
+ 027-readline_is_editline.patch, since Debian's libedit headers are
+ not installed in /usr/include/readline (closes: #274031)
+ * libcurl grew a new SONAME somewhere along the way, and upgrading
+ doesn't seem to cause regressions in php4-curl, so upgrade we shall,
+ changing build-deps accordingly (closes: #260389)
+
+ -- Adam Conrad Mon, 4 Oct 2004 22:57:37 -0600
+
+php4 (4:4.3.8-12) unstable; urgency=high
+
+ * On new php4-cli installations, if php4-cgi is installed, we copy its
+ php.ini as a starting reference, so that command line scripts that
+ used to work don't start mysteriously failing (closes: #270153)
+ * php4-common has grown a postrm script to make sure we completely
+ clean out and remove /var/lib/php4 during the purge phase.
+ * Optimize garbage collection cronjob to use 'xargs -r -0 rm', so we
+ aren't forking for every session file we delete (closes: #268918)
+
+ -- Adam Conrad Sun, 5 Sep 2004 19:17:42 -0600
+
+php4 (4:4.3.8-11) unstable; urgency=high
+
+ * Andres Salomon :
+ - Fix bashism in maxlifetime script (closes: #270015)
+ * Adam Conrad :
+ - Clarify setup instructions in README.Debian for using php4-cgi
+ with the apache and apache2 packages (closes: #228342, #228343)
+
+ -- Adam Conrad Sat, 04 Sep 2004 23:21:21 -0600
+
+php4 (4:4.3.8-10) unstable; urgency=high
+
+ * Andres Salomon :
+ - Change frequency of session file cleansing, based on the maximum value
+ of session.gc_maxlifetime from all php.ini files (closes: #269688).
+ - Update README.Debian to mention session cleaning cron job.
+ * Adam Conrad :
+ - Drop php4-cgi from the list of alternate dependencies for the php4
+ metpackage to smooth upgrades for woody users who have both php4 and
+ php4-cgi installed (closes: #269628, #269348, #269377)
+ - Fix cut-n-paste issue in php4-cli postinst (closes: #269466)
+ - Add 023-4.3.9_array_fixes.patch, which fixes problems with the
+ extract() function misbehaving with multiple element references.
+ - Add 024-4.3.9_glob_fix.patch to fix broken return values from glob()
+ when it succeeds with no matches (closes: #269287)
+ - Add 025-4.3.9_domxml_segfaults.patch, fixing segfaults in the domxml
+ extension when it shares memory space with other libxml2-using libs.
+ - Update the comments in php.ini to point out that, due to dilinger's
+ changes above, session.gc_maxlifetime is honoured by the gc cronjob.
+
+ -- Adam Conrad Fri, 03 Sep 2004 20:42:56 -0600
+
+php4 (4:4.3.8-9) unstable; urgency=high
+
+ * Re-introduce the changelog.Debian that went missing in the last
+ upload due to the php4-common move from arch:all to arch:any
+ * Clean up lintian warnings regarding scripts that weren't executable
+ and executables that weren't scripts.
+ * Add a lintian override for the non-standard-dir-perm of /var/lib/php4
+ * Update to Standards-Version 3.6.1 (no changes, other than the above)
+
+ -- Adam Conrad Thu, 26 Aug 2004 21:53:27 -0600
+
+php4 (4:4.3.8-8) unstable; urgency=low
+
+ * Default session.save_path is now compiled in to php4, allowing
+ us to, again, comment out the value in php.ini.
+ * Comment out session.gc_probability in the default php.ini, as we've
+ now compiled in a default of 0, allowing the cronjob to do the
+ garbage collection for us instead. (closes: #267720)
+ * Make the 5 SAPI postinsts smarter, allowing them to poke around in
+ people's configs and make sure that sessions won't be broken
+ after we upgraded them from a perfectly functional system.
+ * Add 022-4.3.9_sprintf_fixes.patch, fixing incorrect formatting of
+ floats with padding by sprintf().
+ * Make php4-common arch:any, and loosen up some of the other any->all
+ package dependencies to make sure binNMUs won't break.
+
+ -- Adam Conrad Tue, 24 Aug 2004 03:09:43 -0600
+
+php4 (4:4.3.8-7) unstable; urgency=high
+
+ * Back out LFS support AGAIN, as we're disabling LFS in apache2 for
+ the Sarge release. (closes: #266869)
+ * Add 021-4.3.9_sybase_ct_fixes.patch, backporting several fixes
+ for the sybase_ct extension from 4.3.9rc1.
+ * Tidy up descriptions a fair bit:
+ - Disambiguate short descriptions of SAPIs. (closes: #244571)
+ - Refresh the (now much longer) lists of built-in modules for each SAPI.
+ - Explain why caudium-php4 can't use any loadable extensions.
+ - Remove silly advertising blurb for Zend, since very few people are
+ still using php3, and those who are can't be convinced to upgrade
+ just by telling them "Hey, it's faster!".
+ - Add Homepage URI to each SAPI description.
+ - Fix typo in php4-domxml description. (closes: #146124)
+ * Make caudium-php4 provide php4-mysql and php4-pgsql, so it can be used
+ with packages that depend on something like "php4, php4-mysql".
+ * Enable --with-mime-magic and make sure all SAPIs depend on libmagic1
+ to pull in /usr/share/misc/file/magic.mime (closes: #175136)
+
+ -- Adam Conrad Thu, 19 Aug 2004 18:27:17 -0600
+
+php4 (4:4.3.8-6) unstable; urgency=high
+
+ * Add libgcrypt11-dev to the build-depends, as something seems to be
+ pulling it in and causing an FTBFS (closes: #265952)
+ * Add 020-4.3.9_overflow_fixes, backporting fix for integer overflows
+ in array_slice(), array_splice(), substr(), substr_replace(),
+ strspn() and strcspn().
+ * Bump the apache2 build-dep to (>= 2.0.50-9) to ensure we're building
+ against the new ABI-incompatble libapr0, which brings in proper
+ large file support. Bump the apache2 binary dependency as well.
+ (closes: #266210, #266192)
+ * Enable large file support on all SAPIs except for caudium, as I'm not
+ sure how caudium will react to the change, and I don't want to
+ destabilise anything just before release. This change has been
+ heavily tested with apache2/apache/cgi/cli, and all is well there.
+ * Re-enable 019-z_off_t_as_long.patch, which is needed to make sure
+ that LFS-enabled SAPIs can still use zlib file functions correctly.
+ * Rework the apache2 restarting logic to only restart apache2 if
+ apache2ctl configtest succeeds, otherwise kick out a warning to
+ the user. Even then, we run force-reload with ||true, in case
+ apache2 fails to start for other reasons (closes: #264958)
+ * Make php4-gd Provide php4-gd2, so packages which still depend on
+ php4-gd2 are installable (and so packaging frontends can take the
+ provides/conflicts/replaces hint and DTRT with it)
+ * Split php4-cgi to php4-cgi and php4-cli (closes: #227915)
+ - Add php4-cli to debian/control, replaces older php4-cgi versions
+ - php4-cgi depends on php4-cli for smooth transitions
+ - php4-pear now depends on php4-cli (closes: #243214, #221434)
+ - Add php4-cli to list of SAPIs configurable for modules
+ - Munge php.1 manpage to include -cli info
+ - Enable pcntl and ncurses in -cli (closes: #135861, #190947, #241806)
+ * Move all of php4's files to libapache-mod-php4, and make php4 a
+ metapackage that depends on libapache-mod-php4 | libapache2-mod-php4 |
+ php4-cgi | caudium-php4 (closes: #244573, #246654, #244571, #266517)
+ * Include skeleton directory in php4-dev (closes: #95832, #211338)
+ * Include php.ini-recommended in php4-common's examples (closes: #181396)
+ * Move /var/lib/php4 to php4-common and install a cronjob that cleans
+ out old sessions every 30 minutes (closes: #256831, #257111)
+ * Move the libapache-mod-ssl dependency from php4-imap to
+ libapache-mod-php4 to stop irritating users of other SAPIs
+ (closes: #240003, #246887, #263381)
+ * Compile pgsql and mysql support into the caudium SAPI, so it's
+ slightly less useless (closes: #181175)
+
+ -- Adam Conrad Sun, 15 Aug 2004 19:56:14 -0600
+
+php4 (4:4.3.8-5) unstable; urgency=low
+
+ * Build-depend on chrpath and use it to nuke rpath from modules
+ during the install target of debian/rules.
+ * Add 018-unix_socket_fd_leak.patch to get rid of UNIX socket file
+ descriptor leak on failed fsockopen() calls. (closes: #257269)
+ * It would seem that if we want LFS support, all SAPIs and all extensions
+ that do file access need to be built with LFS support, and since
+ apache2 currently doesn't have LFS, this presents a problem. As
+ such, I'm disabling LFS accross the board until apache2 supports it.
+ (closes: #263962)
+ * Add 019-z_off_t_as_long.patch, including local headers for zlib,
+ forcing off_t = long for gzip file functions, however disable it
+ for now, as we'll only need it if we reenable LFS (closes: #208608)
+ * Add the Debian package revision as EXTRAVERSION to PHP, so one can
+ more easily tell what version is currently running (for instance,
+ if a user fails to restart Apache after an upgrade of php4, this
+ would become obvious to them in the version banner and in phpinfo()
+ * Fixed up debian/patches, adjusting offsets and adding newlines,
+ so patch stops complaining and applies them cleanly.
+ * libapache2-mod-php4 postinst now forces a reload of apache2, which
+ should get the module properly working in all cases where people
+ previously thought 'apachectl graceful' would cut it.
+ (closes: #241352, #263424, #228343)
+ * debian/rules explicitly sets PROG_SENDMAIL during configure so
+ that builds on buildds with no sendmail installed don't get the
+ mail() function disabled. (closes: #180734)
+ * Enable XMLRPC-EPI support for all SAPIs (closes: #228825, #249368)
+ * Enable sysvmsg support for all SAPIs (closes: #236190)
+ * Enable dbx support for all SAPIs (closes: #229508, #249797)
+ * Nuke aclocal.m4 before we run ./buildconf to ensure we get it
+ regenerated correctly, and we get an up-to-date libtoolization.
+
+ -- Adam Conrad Mon, 9 Aug 2004 07:47:46 -0600
+
+php4 (4:4.3.8-4) unstable; urgency=low
+
+ * Drop 016-pread_pwrite_XOPEN_SOURCE_500.patch, as it didn't seem to
+ solve anything, really, and add 017-pread_pwrite_disable.patch,
+ wich completely disables pread/pwrite usage, fixing session support
+ on sparc, and pread/pwrite usage on amd64. (closes: #261311)
+
+ -- Adam Conrad Mon, 26 Jul 2004 06:15:59 -0600
+
+php4 (4:4.3.8-3) unstable; urgency=low
+
+ * Steve Langasek :
+ - Give php4-pear a versioned dependency on php4-cgi, due to
+ backwards-compatibility issues (closes: #260924).
+
+ * Adam Conrad :
+ - Added a debian/watch file for the curious, or people running
+ automated uscan scripts over the entire archive.
+ - Bump libgd2 build-dep to 2.0.28 to buy us guaranteed GIF
+ support in php4-gd (closes: #66293)
+ - Add 015-gdNewDynamicCtx_Add_Ex.patch, which fixes three double-free
+ errors in php4-gd. This, in concert with the librrd0 update
+ (see #261323) should clear up all known segfaults in php4-gd
+ (closes: #220196, #234571, #241270, #246833, #251220, #260790)
+ Thanks to Klaus Reimer for the tip.
+ - Add 016-pread_pwrite_XOPEN_SOURCE_500.patch, which fixes use of
+ pread/pwrite in conjunction with LFS64. This should fix the files
+ session handler on sparc, as well as the amd64 build failure.
+ (closes: #234766, #239420, #261311, #248765)
+ - Clean up debian/rules to remove a bunch of obsolete cruft, as well
+ as introducing an LFSFLAGS, allowing us to easily turn LFS support
+ on and off for each SAPI.
+ - Re-enable LFS for apache 1.3, as it was enable in Woody and we should
+ remain backward compatible.
+
+ -- Adam Conrad Sun, 25 Jul 2004 18:49:31 -0600
+
+php4 (4:4.3.8-2) unstable; urgency=high
+
+ * Urgency "high" to make up for the last upload which contained
+ security fixes but was uploaded urgency "low".
+
+ * Adam Conrad :
+ - Bump debhelper build-dep to >= 3, as we were using DH_COMPAT=3
+ in debian/rules. Not sure how this was missed for so long.
+ - Add 014-apache2handler_CVS_fixes.patch, which fixes a memory
+ leak in the apache2handler SAPI, as well as a logical mishandling
+ of fatal errors during activation.
+
+ * Steve Langasek :
+ - Revert large file support, which appears to cause
+ ABI-incompatibilities (and therefore segfaults) for apache2
+ (closes: #259659).
+
+ -- Adam Conrad Mon, 19 Jul 2004 20:44:00 -0600
+
+php4 (4:4.3.8-1) unstable; urgency=low
+
+ * Adam Conrad :
+ - New upstream release (4.3.8). Fixes several security issues:
+ + Fixed strip_tags() to correctly handle '\0' characters.
+ + Improved stability during startup when memory_limit is used.
+ + Replace alloca() with emalloc() for better stack protection.
+ + Added missing safe_mode checks inside ftok and itpc.
+ + Fixed address allocation routine in IMAP extension.
+ + Prevent open_basedir bypass via MySQL's LOAD DATA LOCAL.
+ + Fixes DoS in readfile() function, see CAN-2005-0596.
+ - php4-pear now includes PEAR::Mail 1.1.3 (closes: #257688)
+ - debian/control: change libpng3-dev build-dep to libpng12-dev
+ - Add Turkish debconf translation, thanks to Osman Yuksel.
+ (closes: #252940)
+
+ * Andres Salomon :
+ - New upstream release (4.3.7). The following patches are dropped:
+ 007-dba_fix.patch
+ 008-xbithack.patch
+ 011-curl_api_update.patch
+ 012-curl_deprecated_opts.patch.
+ - Add 013-force_getaddrinfo.patch, so that getaddrinfo support is
+ always enabled (instead of doing check during build).
+
+ * Steve Langasek :
+ - Enumerate supported SAPIs in both the module postinst and the module
+ config script, to avoid "question not found" errors from debconf.
+ This doesn't give us automatic support for new SAPIs as they're
+ added, but it avoids trying to configure SAPIs that we don't support
+ (e.g., caudium), and it also sidesteps shell syntax errors caused by
+ strangely-named subdirectories.
+ - Remove apache2 from the TODO list, because it's done
+ (closes: #243793).
+ - Add /var/lib/php4 to the list of directories for the apache2 module,
+ so we don't end up with a missing session dir (closes: #240962).
+ - s/modules-config/apache-modconf/, now that the canonical name of the
+ apache-common tool has changed
+ - Drop references to php3 in README.Debian, and document the
+ simplified process for enabling php4 in apache 1.3 (closes: #244564).
+ - Enable large files support for all SAPIs (closes: #249500).
+ - Fix commented-out default include path in php.ini (closes: #250274).
+
+ -- Adam Conrad Wed, 14 Jul 2004 18:06:42 -0600
+
+php4 (4:4.3.4-4) unstable; urgency=low
+
+ * Drop apache2 work-around patch and add build-dep on apache2 2.0.48-8,
+ now that #228840 is fixed.
+ * Fix FTBFS problem caused by curl api changes, adding patches 011 and
+ 012 (closes: #239159).
+ * Add phpapi Provides for libapache2-mod-php4 (closes: #240386).
+ * Add versioned build-dep for pcre, as apache2 has proven that pcre-3.9
+ and older won't work (closes: #215069).
+ * Tighten build-dep versions to match upstream's autoconf version checks
+ (closes: #214060).
+
+ -- Andres Salomon Fri, 26 Mar 2004 23:27:27 -0500
+
+php4 (4:4.3.4-3) unstable; urgency=low
+
+ * Andres Salomon :
+ - Fix incorrect php.ini path in CLI manpage (closes: #233757).
+ - Add libapache2-mod-php4 module (closes: #214611).
+ * Updated Japanese debconf translation; thanks to Kenshi Muto
+ (closes: #222424).
+ * Build php4-gd against libgd2-xpm, removing the need for a separate
+ php4-gd2 package (closes: #235390, #206045, #135664).
+ * Add new Catalan debconf translation; thanks to Aleix Badia i Bosch
+ (closes: #236630).
+ * Add new Spanish debconf translation; thanks to Carlos Valdivia
+ Yagüe (closes: #235052).
+
+ -- Steve Langasek Sat, 28 Feb 2004 12:11:57 -0600
+
+php4 (4:4.3.4-2) unstable; urgency=low
+
+ * Add build-depends on autoconf, missed earlier (closes: #235012).
+ * Minor updates to README.Debian list of supported extensions.
+ * Fix integer size mismatch in snmp extension affecting 64-bit
+ platforms
+
+ -- Steve Langasek Thu, 26 Feb 2004 22:25:27 -0600
+
+php4 (4:4.3.4-1) unstable; urgency=low
+
+ * New upstream version. Update local patch set accordingly, with help
+ from Andres Salomon .
+ - includes fix for snmpget() not closing its socket
+ (closes: #207363).
+ * Update build-depends to libdb4.2-dev, to match apache-dev
+ (closes: #231692).
+ * Drop translations of stale templates, and add new German debconf
+ translation; thanks to Alwin Meschede
+ (closes: #232270).
+ * Add new Danish debconf translation; thanks to Claus Hindsgaul
+ (closes: #233887).
+ * Move local patches into debian/patches/ for easier management, and
+ add debian/rules targets for build-time application of patches.
+ * Fix a problem with PHP "xbithack" causing ini scope leakage
+ (closes: #230047).
+ * Re-enable the openssl extension statically, since we now know for
+ sure that the php4-imap problems are a glibc bug (closes: #197450).
+ * Fix pear to set /usr/bin/php4 instead of /usr/bin/php for the value
+ of php_bin, so PEAR-managed scripts work correctly
+ (closes: #228381). In addition, use alternatives for /usr/bin/php
+ for the benefit of user scripts (closes: #185283).
+ * Set the default session save_path to /var/lib/php4 instead of to
+ /tmp, and create this directory such that all users (for php4-cgi)
+ can create files there and access their own files once created, but
+ not see the names of other files in the directory (closes: #139810).
+ * Drop our override of upstream's register_globals default
+ (closes: #230878).
+
+ -- Steve Langasek Sat, 14 Feb 2004 10:23:24 -0600
+
+php4 (4:4.3.3-5) unstable; urgency=low
+
+ * Have php4-pear Suggest: php4-dev, for PECL extensions
+ (closes: #225969).
+ * Recompiled against the new version of libxslt, to get rid of the
+ dependency on libxsltbreakpoint (closes: #224806).
+ * Also recompiled against the new version of libc-client (closes: #227347).
+ * Fix pear to not expect to be able to twiddle locks when running as
+ non-root, which also seems to fix a memory utilization problem
+ (closes: #225026).
+ * Make php4-imap depend on libapache-mod-ssl, since this seems to be
+ the only reliable way of getting apache to stop segfaulting.
+ * Build-depend on libt1-dev, which replaces t1lib-dev.
+
+ -- Steve Langasek Mon, 5 Jan 2004 22:53:18 -0600
+
+php4 (4:4.3.3-4) unstable; urgency=low
+
+ * Fix prerm script to remove mod_php4, *not* mod_perl, from the
+ config (Closes: #216889).
+ * Use /etc/$i/httpd.conf instead of /etc/$i to decide whether to
+ call modules-config.
+ * Don't invoke debconf unless we have to in the postinst, to reduce
+ the risk of interactions between modules-config and our questions.
+ * Add Dutch debconf translation; thanks to Tim Dijkstra
+ (closes: #221439).
+ * Sync dba lock handling against upstream CVS HEAD, to fix a bug with
+ truncating db4 files when opening with 'c' (create).
+ (Closes: #221559).
+
+ -- Steve Langasek Tue, 21 Oct 2003 16:49:03 -0500
+
+php4 (4:4.3.3-3) unstable; urgency=low
+
+ * Disable -gstabs on ia64, since this debugging symbol type is
+ apparently unknown there; we should now have clean builds (with
+ appropriate debugging symbols) on all archs.
+
+ -- Steve Langasek Mon, 20 Oct 2003 19:07:40 -0500
+
+php4 (4:4.3.3-2) unstable; urgency=low
+
+ * Don't call db_stop in the postinst, as this seems to cause problems
+ for modules-config (closes: #215663, #215584).
+ * Remove duplicate -prefer-pic flag on caudium build, in hope of
+ making libtool do something sensible on ia64,hppa (closes: #216020).
+ * Always build with debugging symbols, per current policy.
+ * Unconditionally call dh_strip, which knows about DEB_BUILD_OPTIONS;
+ and call install -s when installing shared extensions by hand.
+ * Fix upstream build rules to not call libtool --silent.
+
+ -- Steve Langasek Wed, 15 Oct 2003 23:19:55 -0500
+
+php4 (4:4.3.3-1) unstable; urgency=low
+
+ * New upstream release.
+ * Add Japanese debconf translation; thanks to Kenshi Muto
+ (closes: #211961).
+ * Fix caudium handling to always grab the current pike version from
+ dpkg when constructing include paths (closes: #212585).
+ * Bump the c-client build dependencies to use the new -dev package
+ name.
+ * Convert php4 postinst/prerm scripts to use the new apache
+ modules-config interface.
+
+ -- Steve Langasek Sun, 21 Sep 2003 17:26:31 -0500
+
+php4 (4:4.3.2+rc3-6) unstable; urgency=low
+
+ * Add Brazilian Portuguese debconf translation; thanks to André Luís
+ Lopes (closes: #207078).
+ * Catch debian/control up with debian/rules for the zendapi -> phpapi
+ transition.
+
+ -- Steve Langasek Sun, 31 Aug 2003 20:35:57 -0500
+
+php4 (4:4.3.2+rc3-5) unstable; urgency=low
+
+ * Kill the lintian warning on the grammar in the copyright file.
+ * Redirect apacheconfig I/O to /dev/tty, to work around debconf
+ behavior (for real this time). Closes: #207468, #206404.
+ * Replace 'zendapi' with 'phpapi', since the former does not
+ accurately describe the ABI changes that affect modules and can
+ leave some packages installable but broken (closes: #208020). Also,
+ remove the versioned conflicts with php4-{mysql,pgsql}, since this
+ now supersedes.
+ * Add French debconf translation; thanks to Michel Grentzinger
+ (closes: #207662).
+
+ -- Steve Langasek Sat, 23 Aug 2003 21:43:24 -0500
+
+php4 (4:4.3.2+rc3-4) unstable; urgency=low
+
+ * Have all php extensions automatically detect and configure for any
+ installed SAPIs (closes: #143436).
+ * Remove spurious dependencies from php4-dev, and replace autoconf2.13
+ with autoconf (closes: #180497).
+ * Conflict with old php4-pgsql as we do with php4-mysql, as it
+ manifests the same bug.
+ * Add preliminary rules for building apache2 SAPI, but don't enable.
+ * Call db_stop before trying to run apacheconfig (closes: #206404).
+ * Check for the existence of /etc/php4 before trying to rmdir it,
+ since there are apparently those who remove such directories
+ prematurely (closes: #206120).
+
+ -- Steve Langasek Sun, 17 Aug 2003 00:19:38 -0500
+
+php4 (4:4.3.2+rc3-3) unstable; urgency=low
+
+ * Fixes for spurious package dependencies
+ * Fix the paths emitted by php-config, so we can build php4-pgsql et al.
+
+ -- Steve Langasek Fri, 15 Aug 2003 23:44:55 -0500
+
+php4 (4:4.3.2+rc3-2) unstable; urgency=low
+
+ * Make sure pear.conf is properly marked as a conffile, by bumping
+ DH_COMPAT to 3.
+ * Generate all per-extension postinsts/prerms at build time, instead
+ of managing them by hand.
+ * Get rid of bogus, non-FHS directories from the caudium build.
+ * Install the upstream php manpage in the php4-cgi package
+ (closes: #175836).
+ * Prevent null dereferencing in ldap_explode_dn() (closes: #205405).
+ * Hard-code /usr/share/pear at the end of the include path, for
+ backwards compatibility.
+ * Debconf support for PHP extension registration, including
+ po-debconf support (closes: #122353).
+ * Fix interpreter path in /usr/bin/pear.
+ * Make php4-pear depends: php4-cgi (closes: #182393).
+
+ -- Steve Langasek Wed, 13 Aug 2003 22:39:08 -0500
+
+php4 (4:4.3.2+rc3-1) unstable; urgency=low
+
+ * New upstream version.
+ - includes fix for buffer overflow crashes in imap module
+ (closes: #191640)
+ - includes fix for dysfunctional open_basedir directive
+ (closes: #197803)
+ - include fix for various XSS vulnerabilities (closes: #200736)
+ * Recompile against newest libc-client libs, following another soname
+ change (closes: #199049)
+ * Replace db2 with db4.
+ * Trim down the cgi sapi rules, since it will now build both cli and
+ cgi for us by default.
+ * Kludge the caudium sapi, by hard-coding the include path we need for
+ pike headers.
+ * Copy the lex/yacc-generated .c and .h files into the build
+ directories, since generating them at build time gives wildly
+ different, and undisputably broken, results.
+ * Update the install rules so they're compatible with current upstream
+ handling of pear and the various SAPIs.
+ * Add '=shared' to the --enable-xslt option, to get the right results
+ for that extension.
+ * Move PEAR extensions from /usr/share/pear to /usr/share/php.
+ * Conflict with php4-mysql=4:4.2.3-14, due to bizarre Zend errors.
+
+ -- Steve Langasek Wed, 6 Aug 2003 22:43:28 -0500
+
+php4 (4:4.2.3-14) unstable; urgency=low
+
+ * Disable openssl extensions AGAIN. It appears that this double-linking mess
+ is still causing nasty segfaults.
+ (closes: #188014, #188025, #188058, #189202, #189653)
+
+ -- Adam Conrad Sun, 20 Apr 2003 17:31:59 -0600
+
+php4 (4:4.2.3-13) unstable; urgency=low
+
+ * Revert NET-SNMP patch and build php4-snmp against UCD-SNMP again
+ (closes: #185534)
+ * Build against libmm13, as libmm12 no longer exists (closes: #187401)
+ * Rebuild caudium-php4 against latest caudium-dev
+ * Re-enable openssl linking and functions, now that our glibc 2.3
+ problems appear to be ironed out.
+ * Enable xslt and exslt support in php4-domxml (closes: #172881)
+
+ -- Adam Conrad Thu, 3 Apr 2003 05:53:24 -0700
+
+php4 (4:4.2.3-12) unstable; urgency=low
+
+ * Rebuild php4-sybase against libct1 (closes: #184461)
+
+ -- Steve Langasek Sat, 8 Mar 2003 20:03:33 -0600
+
+php4 (4:4.2.3-11) unstable; urgency=low
+
+ * Remove pike header location detection from debian/rules and do it
+ properly in sapi/caudium/config.m4, using pike7.2-config --version
+
+ -- Adam Conrad Mon, 3 Mar 2003 23:33:26 -0700
+
+php4 (4:4.2.3-10) unstable; urgency=low
+
+ * Added patch to build with NET-SNMP 5.x
+ * Updated build-dep for libc-client to 2003debian
+ (closes: #181565, #182854, #169886)
+ * Updated build-dep for libcurl to libcurl2-dev (closes: #179722)
+ * Added -mieee to alpha build to solve FPE errors (closes: #180656)
+ * Removed arch-specific logic to build with gcc-3.2 on arm, since gcc-3.2
+ is now the default compiler on all architectures.
+ * Add libwrap0-dev to the end of the build-depends to work around #183041.
+ Someone remember to remove this later when the bug is fixed. :)
+ * Build against newer libsablot0-dev (closes: #179886, #181550)
+ * Introduce ugly hack in debian/rules to get the pike includes
+ directory right for the caudium SAPI.
+
+ -- Adam Conrad Sun, 2 Mar 2003 12:49:07 -0700
+
+php4 (4:4.2.3-9) unstable; urgency=low
+
+ * Fix caudium-php4 to not conflict with php4-pear (closes: #175415).
+
+ -- Steve Langasek Sun, 5 Jan 2003 16:40:20 -0600
+
+php4 (4:4.2.3-8) unstable; urgency=low
+
+ * Fix typo in debian/rules
+ * Rebuild to bring in sync with latest caudium packages
+
+ -- Adam Conrad Wed, 25 Dec 2002 20:00:59 -0700
+
+php4 (4:4.2.3-7) unstable; urgency=low
+
+ * Set a sane default for safe_mode_exec_dir (closes: #122920).
+ * Rebuild against libmm-dev on i386, instead of against the
+ no-longer-available libmm11-dev which Provides: the same
+ (closes: #173509).
+
+ -- Steve Langasek Mon, 16 Dec 2002 22:48:40 -0600
+
+php4 (4:4.2.3-6) unstable; urgency=low
+
+ * Build with PEAR for all SAPIs, so that the built-in include_path is
+ set correctly (overkill?). Closes: #169786, #172321
+ * Change section of php4-dev package to devel.
+ * Add libkrb5-dev to build-depends, since libc-client2002-dev doesn't
+ pull it in (closes: #173313).
+ * Depend on coreutils instead of fileutils, since the latter is now an
+ empty package (closes: #171265).
+
+ -- Steve Langasek Sun, 15 Dec 2002 23:20:30 -0600
+
+php4 (4:4.2.3-5) unstable; urgency=low
+
+ * Fix (snip, snip) the upstream build scripts, so that libphp4.so
+ isn't worthlessly linked against the problematic openssl libs
+ (closes: #165699, #165718, #165719, #166414).
+ * Update config.{sub,guess} so that the package builds on mips
+ platforms (closes #173218)
+ * Replace libc-client-ssl2001-dev with libc-client2002-dev in build
+ dependencies, fixing various php4-imap segfaults (closes: #169610,
+ #169769).
+
+ -- Steve Langasek Sun, 15 Dec 2002 19:42:43 -0600
+
+php4 (4:4.2.3-4) unstable; urgency=low
+
+ * Remove build dependency on non-extant libmagick5-dev, which is no
+ longer used anyway (closes: #169829, #172402).
+ * Add myself to the Uploaders: field of the control file.
+
+ -- Steve Langasek Sat, 14 Dec 2002 12:52:06 -0600
+
+php4 (4:4.2.3-3) unstable; urgency=low
+
+ * Backport a patch from CVS to sanitize control characters in php_url_parse()
+ to prevent ASCII control injection in fopen() calls.
+
+ -- Adam Conrad Thu, 12 Sep 2002 16:29:46 -0600
+
+php4 (4:4.2.3-2) unstable; urgency=low
+
+ * I'm a moron (thanks to James Troup for pointing this out).
+ * Change gcc-3.1 references in debian/rules to gcc-3.2.
+ * Change GD build-dep to libgd-xpm-dev until GD package mess is worked out.
+
+ -- Adam Conrad Tue, 10 Sep 2002 12:18:21 -0600
+
+php4 (4:4.2.3-1) unstable; urgency=low
+
+ * New upstream version
+ * Added a patch from Ginger Alliance to eliminate warnings in xslt compile
+ * Messed with the php4-imap build:
+ - compiling with SSL support (closes: #122700)
+ - commented out the static-on-i386 hack, libc-client is now linked dynamically
+ * Sessions should finally be fixed, however I won't tag the bugs "woody"
+ until I know for sure. (if you were affected, please test and send
+ followups to me)
+ * Updated arm build-dep to use gcc-3.2 since gcc-3.1 is gone now.
+
+ -- Adam Conrad Tue, 10 Sep 2002 09:02:51 -0600
+
+php4 (4:4.2.2-3) unstable; urgency=low
+
+ * Fix typo resulting in php4-odbc not having a postinst
+ (closes: #157116, #157927)
+ * Build against latest caudium-dev to made caudium-php4 installable
+ again. (closes: #158247)
+ * Update build-deps to swap libpng3 for libpng2. (closes: #158908)
+
+ -- Adam Conrad Sat, 7 Sep 2002 01:22:57 -0600
+
+php4 (4:4.2.2-2) unstable; urgency=low
+
+ * Pulled --with-ndbm out of ./configure, as libc6 no longer ships with
+ headers or the library for db1 (closes: #156141, #155889)
+ * Update build deps to build against libmm12 (closes: #155042)
+ * php4-curl no longer depends on libcurl2-ssl (closes: #155015)
+
+ -- Adam Conrad Sat, 10 Aug 2002 01:12:47 -0600
+
+php4 (4:4.2.2-1) unstable; urgency=medium
+
+ * New upstream
+ * Fixes input validation vulnerability in rfc1867.c (closes: #153850)
+ * Added missing prerm/postinst for php4-xslt (oops)
+
+ -- Adam Conrad Mon, 22 Jul 2002 11:58:53 -0600
+
+php4 (4:4.2.1-3) unstable; urgency=low
+
+ * Yet more build fixes. This time, bump the arm build-dep from gcc-3.0 to
+ gcc-3.1 to avoid compiler errors. I love the arm toolchain. No, really.
+
+ -- Adam Conrad Wed, 29 May 2002 17:40:30 -0600
+
+php4 (4:4.2.1-2) unstable; urgency=low
+
+ * Applied small patch to fix building on non-32-bit architectures
+ (closes: #148231)
+ * Added still /more/ documentation about the unserializer, sessions,
+ and the session.save_handler php.ini option.
+
+ -- Adam Conrad Sun, 26 May 2002 14:43:55 -0600
+
+php4 (4:4.2.1-1) unstable; urgency=low
+
+ * The "When is Debian going to have new software like XF^H^HPHP 4.2?" release.
+ * Probably the last update (barring huge packaging bugs or plain broken
+ binaries) before starting on a complete reorg of the PHP packages.
+ * Deserializer now works on big-endian architectures (addresses bug #121391
+ and probably others)
+ * This release probably fixes a whole bunch of bugs. Will be going through
+ the bug list and playing the reproducibility game after the upload.
+ * Default include_path in php.ini now set to include pear.
+ * Upstream default for register_globals HAS CHANGED. In the Debian php.ini
+ we are still using "register_globals = On" for compatibility reasons,
+ however our packages will change too. This is a warning for anyone
+ packaging PHP scripts and applications to make sure you'll be compatible
+ with the new default once it's set.
+
+ -- Adam Conrad Sun, 26 May 2002 06:24:21 -0600
+
+php4 (4:4.1.2-4) unstable; urgency=high
+
+ * No binaries were harmed in the making up this upload.
+ * Updated README.Debian and changelog. All other files untouched,
+ as the binaries were merely unpacked and repacked.
+ - Added a note to README.Debian about how to properly set up
+ Apache for use with php4, if the installation didn't (and it usually
+ doesn't ) get it right.
+ - Added a note to README.Debian about the unserializer (and sessions)
+ being messed up on big endian architectures. It's too late to try
+ to get a proper fix in for this, so we're just going to have to cope.
+
+ -- Adam Conrad Fri, 26 Apr 2002 12:27:40 -0600
+
+php4 (4:4.1.2-3.1) unstable; urgency=low
+
+ * The 'I broke it, I have to take credit for it' release.
+ * Rebuild the package to get proper binary dependencies on alpha.
+
+ -- Steve Langasek Sun, 31 Mar 2002 17:13:09 -0600
+
+php4 (4:4.1.2-3) unstable; urgency=low
+
+ * Switched to --with-regex=php (from =system). This fixes all the
+ problems with eregi/parse_url/fopen/etc on Alpha.
+ * Cleaned up long descriptions (closes: #130977, #130954)
+
+ -- Adam Conrad Wed, 27 Mar 2002 15:11:43 -0700
+
+php4 (4:4.1.2-2) unstable; urgency=low
+
+ * New maintainer (closes: #132980)
+ * Enabling unixodbc support (closes: #107201)
+ * Changed the install-modules target in build/rules_pear.mk so that
+ it will error out in the case of an empty modules directory or
+ failure to install modules (closes: #135304)
+
+ -- Adam Conrad Tue, 12 Mar 2002 00:25:41 -0700
+
+php4 (4:4.1.2-1) unstable; urgency=high
+
+ * New upstream version with a security fix. This
+ supercedes 4.1.1-2.2 from Steve Langasek:
+ * Fix an error in the handling of MIME file upload headers, which left
+ open a potential security hole. (Closes: #136063)
+ * Fixed gcc-3.0 fix :-)
+ * Thanks for fixing apache-common fix
+ * This version should fix session bugs with upstream fix (closes: #133877)
+ * With a brutal change to main/SAPI.c try to fix(?) authorize bugs
+
+ -- Petr Cech Thu, 28 Feb 2002 11:14:26 +0100
+
+php4 (4:4.1.1-2.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * loosen apache-common dependency to make us forwards-compatible, as
+ recommended by the apache maintainer.
+ * use gcc-3.0 when building on arm, because the default toolchain on
+ that arch has Issues (closes: #135906, #135913).
+
+ -- Steve Langasek Tue, 26 Feb 2002 09:59:49 -0600
+
+php4 (4:4.1.1-2) unstable; urgency=medium
+
+ * Rebuild with apache 1.3.23.
+ * This package is in maintainer change mode. Though I orphaned it I'm not
+ going to change maintainer to QA, because we already have fresh blood.
+ * ext/gd/gd.c: s/HAVE_GD_GIF/HAVE_GD_GIF_CREATE/ to build correctly with
+ libgd which has GIF support (fixed included upstream)
+ * debian/control:
+ - Build-Depends: s/libgd1g-dev/libgd-dev/
+ also libc-client at least version 4:2001adebian-6 to fix some segfaults
+ * ext/standard/head.c: make the setcookie() thingie test more simple
+
+ -- Petr Cech Mon, 11 Feb 2002 20:07:22 +0100
+
+php4 (4:4.1.1-1) unstable; urgency=high
+
+ * New upstream bugfix release.
+ * debian/control: php4-gd - Conflicts/Replaces: php4-gd2 if I ever get
+ to upload it
+ * debian/rules: Correctly supply modified CFLAGS to build process
+
+ -- Petr Cech Fri, 28 Dec 2001 23:23:47 +0100
+
+php4 (4:4.1.0-2) unstable; urgency=low
+
+ * debian/php4-cgi.README.Debian: fix typo (closes: #123866)
+ * debian/rules: remove --enable-mbstr-enc-trans as it breaks parametr
+ parsing (closes: #121403)
+ * debian/README.Debian: document shmmax increase (closes: #119688)
+
+ -- Petr Cech Fri, 14 Dec 2001 09:59:59 +0100
+
+php4 (4:4.1.0-1) unstable; urgency=high
+
+ * Finally final 4.1.0
+ * Urgency to reflect previous version
+ * debian/control: php4-pear depends on php4-cgi
+
+ -- Petr Cech Thu, 13 Dec 2001 23:09:54 +0100
+
+php4 (3:4.1-2) unstable; urgency=high
+
+ * FIxes from CSV 4.1.0RC5. Looks like it was not the release after all.
+ * ext/exif/exif.c: MFH
+ * ext/ldap/ldap.c: small crash fix from HEAD
+ * and misc tiny changes. Really :-)
+ * ext/imap/php_imap.c: HIGH. fix from CVS (imap_rfc822_parse_adrlist) changing
+ the argument
+
+ -- Petr Cech Sun, 9 Dec 2001 00:01:37 +0100
+
+php4 (3:4.1-1) unstable; urgency=medium
+
+ * Final 4.1.0 (not released)
+ * NEWS: s/4.0/4.1/
+ * Build with GD1. It should fix some GD bugs, as gd 2.0.1 is supposed to be
+ a beta version with known bugs. How should I know.
+ * sablot extension removed upstream. So use XSLT (C/R in place)
+ * Apply fix for file_exists() from tilo (closes: #114409)
+ * "Cannot redeclare" were fixed in previous RCs (closes: #112341)
+ * previous version is build in hppa and ia64, so I assume it
+ (closes: #115391)
+ * Add note to sybase_ct, that it conflicts with mod_gzip folowing a user
+ report.
+ * This should fix the "final HTML> stripped" bug that was introduced
+ in 4.0.6-3. (closes: #110415).
+ * add --enable-ucd-snmp-hack to try to fix segfaults with ucd-snmp
+
+ -- Petr Cech Mon, 26 Nov 2001 14:56:50 +0100
+
+php4 (3:4.0.100-1) unstable; urgency=low
+
+ * Really a 4.1.0RC2
+ * Remove hack for apache 1.3.14, as we build-depends on 1.3.22 anyway
+ * Build-depends: libexpat1 (>= 1.95.2-2.1) for the .1
+ * Added Provides: zendapi-$version to php4 and php4-cgi
+ * Made modules depend on zendapi-$version instead of php4|php4-cgi.
+ Please use this in your php4-$module packages
+ * Apply c-client hack only to i386 most architectures don't support linking
+ both PIC and non-PIC code. I'm still affrai to do this on i386, as it
+ crashes a lot more :(
+ * Apply some CVS patches
+
+ -- Petr Cech Wed, 14 Nov 2001 20:50:19 +0100
+
+php4 (3:4.0.99-4) unstable; urgency=medium
+
+ * Recompile because of new version of caudium.
+ (I really hope this gets into testing soon as php in testing
+ now doesn't do apache 1.3.22)
+
+ -- Petr Cech Fri, 9 Nov 2001 11:11:46 +0100
+
+php4 (3:4.0.99-3) unstable; urgency=medium
+
+ * Recompile for new libexpat1 (closes: #116623 and others)
+ * upstream: ext/gd/gd.c, ext/iconv/iconv.c
+ * crypt(): defalt to using DES crypt() (closes: #117092)
+ * debian/rules: disable libmm in -cgi build. Will lesser the impact
+ of the infamous /tmp/session_mm.reg
+ * apply patch to Zend, which should fix the "cannot redeclare" error.
+ It's still a bug in your code though (use include_once). More changes
+ to this are comming (upstream).
+ * Add some documentation to sybase
+
+ -- Petr Cech Mon, 22 Oct 2001 11:20:46 +0200
+
+php4 (3:4.0.99-2) unstable; urgency=low
+
+ * "Some days are just no good" release.
+ * Recompile with apache 1.3.22 from Incoming
+ * Deal with automake going to 1:1.4 and automake1.5
+
+ -- Petr Cech Fri, 19 Oct 2001 15:02:00 +0200
+
+php4 (3:4.0.99-1) unstable; urgency=low
+
+ * This is really 4.1.0RC1, but ...
+ * Applied setcookie(), which is not in upstream yet
+
+ -- Petr Cech Fri, 19 Oct 2001 12:05:20 +0200
+
+php4 (3:4.0.6.7rc3-3) unstable; urgency=medium
+
+ * Fix dependency in caudium-php4. Sorry for this
+
+ -- Petr Cech Fri, 19 Oct 2001 11:28:07 +0200
+
+php4 (3:4.0.6.7rc3-2) unstable; urgency=medium
+
+ * Recompile with recent caudium/pike. Please, no new version so it can get
+ into testing :)
+ * debian/control: move php4-pear to suggests
+ * Fix setcookie() again. I really hate this bug
+ * Build-Depends: re2c - it's usually not needed, but if you make some
+ strange changes to the parser ...
+ * FIx automake 1.5 build problems (I hope)
+
+ -- Petr Cech Thu, 18 Oct 2001 12:03:39 +0200
+
+php4 (3:4.0.6.7rc3-1) unstable; urgency=low
+
+ * New upstream test release.
+
+ -- Petr Cech Fri, 5 Oct 2001 09:23:35 +0000
+
+php4 (3:4.0.6.7rc2-3) unstable; urgency=low
+
+ * "Let's try to fix some bugs" release.
+ * Add some patches: ldap (does this fix things?), pgsql,
+ domxml
+ * Build-Conflicts: automake (>= 1.5) for now
+
+ -- Petr Cech Tue, 2 Oct 2001 10:55:23 +0200
+
+php4 (3:4.0.6.7rc2-2) unstable; urgency=low
+
+ * Enable recode extension (the library is LGPL) - shared
+ * Enable iconv extension - in main php4. Experimental
+ * Build-Depends: s/libgd-dev/libgd2-dev/
+ * Build-Depends: libxml2-dev (>= 2.4.2) (Closes: #112304)
+ and fix autoconf macros (Closes: #113980)
+ * Improve?? description of PEAR (Closes: #112432)
+
+ -- Petr Cech Sat, 22 Sep 2001 10:37:42 +0200
+
+php4 (3:4.0.6.7rc2-1) unstable; urgency=medium
+
+ * 2nd release candidate
+ * ext/mbstring: fix compile (cp1252)
+ * ext/standard/url_scanner_ex: off by one
+ * WARNING: caudium builds with Zend Threading enabled, but other
+ modules don't. So you cannot safely use DSO with caudium
+ * Added some Build-Conflicts - with broken libmysqlclient
+ - with libtool 1.4b
+
+ -- Petr Cech Mon, 10 Sep 2001 18:04:27 +0200
+
+php4 (3:4.0.6-6) unstable; urgency=medium
+
+ * The "Paul Hampson fixes release".
+ * Closed those atexit() bugs. Now to find out, how to make libtool link with
+ gcc instead of ld :((
+ * ext/standard/head.c: Fix setcookie("bla) (closes: #109524, #109697)
+ Thanks to Paul Hampson for finding the cause, though I've used another
+ fix - fixed changes in CVS made in -3 I think. Silly me to think, that
+ all "small" changes are fixes.
+ * libc-client2001 was fixed in -5, so add a (closes: #109202) here
+ * Conflicts: only with libtool 1.4b-{1,2,3}. libtool 1.4.1 is OK
+
+ -- Petr Cech Sat, 1 Sep 2001 20:59:40 +0200
+
+php4 (3:4.0.6-5) unstable; urgency=low
+
+ * Recompile for libc-client2001 (I hope it doesn't break anything else)
+ And many other libraries.
+ * ATTENTION. php4 still doesn't work with autoconf 2.52 and thus libtool 1.4b!!
+ You have to get libtool 1.4 to be able to use phpize.
+
+ -- Petr Cech Wed, 22 Aug 2001 23:26:08 +0200
+
+php4 (3:4.0.6-4) unstable; urgency=high
+
+ * Add pear/CODING_STANDARDS into php4-pear (fixes 105574. closed too early. sorry)
+ * Fix the nasty segfaults with mail(). That'll teach me taking upstream
+ changes without looking. Thanks Cvetan Ivanov for the correct fix (also upstream now)
+ (closes: #105686, #105878).
+
+ -- Petr Cech Fri, 20 Jul 2001 23:07:30 +0200
+
+php4 (3:4.0.6-3) unstable; urgency=high
+
+ * ext/standard/mail.c: security fix
+ * debian/control: Build-Depends: libtool (>= 1.4)
+ * ext/curl/curl.c: fix typo
+ * ext/gd/config.m4: fix typo
+ * ext/mcrypt/mcrypt.c: upstream buffer overflow fix
+ * ext/mhash/mhash.c: upstream buffer overflow fix
+ * ext/pgsql/pgsql.c: fix
+ * ext/posix/config.m4: check for getpgid
+ * ext/sablot/sablot.c: fix leaks
+ * ext/standard/url* : fixes
+ * ext/sysvshm/sysvshm.c: fixes
+ * Zend/*: small fixes
+
+ -- Petr Cech Fri, 13 Jul 2001 16:21:04 +0200
+
+php4 (3:4.0.6-2) unstable; urgency=low
+
+ * pear/Makefile.in: add IT_Error.php to installed files (closes: #103087)
+ * debian/control: - allow also libcurl-ssl-dev as Build-Depends (closes: #103618)
+ - libfreetype6-dev to Build-Depends
+ - add auto* suite to php4-dev depends (closes: #104199)
+ * debian/rules: - build gd module with freetype2 support
+ - move common ./configure flags to COMMON_CONFIG
+ - build with mbstring support
+
+ -- Petr Cech Fri, 13 Jul 2001 08:22:02 +0200
+
+php4 (3:4.0.6-1) unstable; urgency=medium
+
+ * New upstream release.
+ * NOTE: new extension will probably be in another upload, to get this
+ into testing ...
+
+ -- Petr Cech Mon, 25 Jun 2001 20:43:24 +0200
+
+php4 (3:4.0.5.6rc3-3) unstable; urgency=low
+
+ * The "I hate sablot release". Recompile with 0.60
+ * debian/php4-domxml.postrm: also fix the :: (closes: #101306)
+ * debian/rules: --enable-ctype - still EXPERIMENTAL!!! Bug upstream
+
+ -- Petr Cech Mon, 18 Jun 2001 09:46:17 +0200
+
+php4 (3:4.0.5.6rc3-2) unstable; urgency=low
+
+ * ext/sablot/config.m4: link sablot.so with -lsablot, not main php4
+ * build/ ... : upstream fix for building with automake 1.4-pX
+ * don't fail, when libssl-dev is not installed. sigh
+
+ -- Petr Cech Thu, 14 Jun 2001 23:36:34 +0200
+
+php4 (3:4.0.5.6rc3-1) unstable; urgency=low
+
+ * New upstream test release.
+ * Recompile with apache 1.3.20
+ * debian/control:
+ - php4-dev: Depends: bison, flex (closes: #100634)
+ - Build-Depends: libcurl-dev (>=7.8)
+ * debian/rules:
+ - add --enable-bcmath to all rules (closes: #100491)
+ * Zend/zend.c: apply upstream fix to allow building of caudium
+
+ -- Petr Cech Tue, 12 Jun 2001 22:27:26 +0200
+
+php4 (3:4.0.5.6rc2-1) unstable; urgency=low
+
+ * New upstream test release.
+ * FIx regex/regex.h (int regoff_t)
+ * fix php4-cgi build with pcre - don't use supplied pcre
+ * Fix wddx support (closes: #99468)
+ * Add missing $(INSTALL_ROOT) to sapi/caudium/config.m4
+
+ -- Petr Cech Fri, 8 Jun 2001 11:37:07 +0200
+
+php4 (3:4.0.5.6rc1-1) unstable; urgency=low
+
+ * New upstream test release with new bugs :))
+ * moved pear from /usr/lib/php4 to /usr/share/php4
+ * Whups. Sorry about the epoch 3: . It somehow slipped in, so I'll
+ have to live with it
+
+ -- Petr Cech Wed, 16 May 2001 14:14:04 +0200
+
+php4 (3:4.0.5-2) unstable; urgency=low
+
+ * Build-Depend on newer libmhash-dev, as it supposedly doesn't
+ compile on current woody (closes: #96555)
+ * Build-Depends: s/freetype2/libttf-dev/
+ * Stop building php4-pgsql - move to non-US
+ * Build-Deps on new libsablot0
+
+ -- Petr Cech Thu, 10 May 2001 10:43:02 +0200
+
+php4 (3:4.0.5-1) unstable; urgency=medium
+
+ * New upstream release.
+ * recompile with new sablot - how I hate this (closes: #95401)
+ * Merge XML into main php4
+ * Reword README.Debian (closes: #89667)
+ * Enable wddx
+ * debian/*.postinst: * only ask upon first install, not upgrade (closes: #93452)
+ * fix typos (closes: #94118)
+ * Added support for Sybase/MS SQL Server (using FreeTDS)
+ using patch from:
+ http://rpms.arvin.dk/php/source/patches/php-sybase_ct.patch
+ thanks to Bradley Bell for the patch
+ * ext/pcre : two upstream fixes
+ * ext/sablot/sablot.c: small upstream fix
+ * build/buildcheck.sh : fixes to allow compile with libtool 1.4
+ * ext/standard/exec.c: upstream fixes
+ * sapi/apache/mod_php4.c: off by one fix
+ * sapi/cgi/cgi_main.c: fix POST bug
+ * main/snprintf.c: upstream fix
+
+ -- Petr Cech Wed, 3 May 2001 22:17:10 +0200
+
+php4 (4.0.4.5rc6-2) unstable; urgency=low
+
+ * Build-depends: libcurl-dev will pull libcurl2 (closes: #92994)
+ * TSRM/TSRM.c: upstream fix
+ * ext/pgsql: upstream fix
+
+ -- Petr Cech Thu, 5 Apr 2001 17:51:09 +0200
+
+php4 (4.0.4.5rc6-1) unstable; urgency=low
+
+ * New upstream test release.
+ * Don't mention CGI support, as it's not so for a long time.
+
+ -- Petr Cech Wed, 4 Apr 2001 13:47:45 +0200
+
+php4 (4.0.4.5rc5-1) unstable; urgency=low
+
+ * New upstream test release.
+ * ask about /etc/php4/cgi/php.ini also
+ * It's really recompiled for 1.3.19 (closes: #91901, #91822)
+ * problems with modules documented (closes: #81141, #82611)
+
+ -- Petr Cech Mon, 2 Apr 2001 09:38:16 +0200
+
+php4 (4.0.4.5rc3-1) unstable; urgency=low
+
+ * New upstream RC release
+ * debian/rules: s/with-yp/enable-yp/ to really enable YP support. Discovered
+ on broken potato upload. -0potato2 is fixed
+ * Looks like there was a bug in latest build, this should fix it (closes: #92018)
+ * remove libmcal0 workaround
+
+ -- Petr Cech Wed, 28 Mar 2001 21:15:36 +0200
+
+php4 (4.0.4.5rc2-1) unstable; urgency=low
+
+ * New upstream release test release 4.0.5RC2.
+ * debian/rules: Add lintian overrides
+ * debian/control: * add libexpat1-dev to Build-Depends
+ * add libmcal0 to Build-Depends since libmcal0-dev is
+ missing this dependancy :(( Bug filled
+ * ext/socket/socket.c: minor upstream patch
+
+ -- Petr Cech Mon, 26 Mar 2001 20:43:49 +0200
+
+php4 (4.0.4pl1-6) unstable; urgency=low
+
+ * NEVER RELEASED
+ * Build-depends on libcurl1-dev (>= 7.6.1-5), which fixes the libcurl1 or
+ libcurl1-ssl problem.
+ * remove dh_testversion and use versioned Build-depends instead
+
+ -- Petr Cech Tue, 13 Mar 2001 23:20:58 +0100
+
+php4 (4.0.4pl1-5) unstable; urgency=low
+
+ * Add lintian overrides
+ * Rebuild with correct libgd-dev installed. Sorry
+ (closes: #88490, #88255, #88371, #88619, #88635)
+ * Closed by fixed libjpeg (closes: #85865, #88141)
+
+ -- Petr Cech Tue, 6 Mar 2001 17:26:41 +0100
+
+php4 (4.0.4pl1-4) unstable; urgency=low
+
+ * The "Enable what you can" release.
+ * Enable sablot extension (many files) (closes: #84073)
+ * Enable mcal extension (finaly closes: #65688, #85925)
+ * Build-Conflicts: bind-dev - this supposedly causes unresolved symbols.
+ Why?
+ * ext/pgsql/pgsql.c: apply tiny patch, which should fix postgres
+ problems. There is a better patch in CVS, but it needs changes to Zend
+ * pear/pear.in: binary is php4 no php (closes: #87848)
+ * ext/domxml/config.m4: link with -lxml2 (closes: #87457)
+ * debian/README.Debian: add notes about ldap, imap and mhash extensions
+ * debian/{control,rules}: activate bz2 extension
+ * php4.ini-dist: comment out include_path so php will use compiled in
+ path (closes 2nd part of 87848)
+
+ -- Petr Cech Wed, 28 Feb 2001 10:18:11 +0100
+
+php4 (4.0.4pl1-3) unstable; urgency=medium
+
+ * Fixed postrm issues. Sorry
+
+ -- Petr Cech Sun, 4 Feb 2001 06:13:00 +0100
+
+php4 (4.0.4pl1-2) unstable; urgency=medium
+
+ * debian/control: Build-depends: xlibs-dev (seems it's missing and causes
+ failed builds for arm, m68k and powerpc)
+ s/libsnmp4.1/libsnmp4.2/ (closes: #84139)
+ * debian/php4.*: make LoadModule matching case insensitive (fixes 83641
+ for unstable)
+
+ -- Petr Cech Wed, 31 Jan 2001 10:14:29 +0100
+
+php4 (4.0.4pl1-1) unstable; urgency=high
+
+ * New upstream version.
+ * This release fixes some security problems.
+ * Some patches from previous versions are not here.
+ * debian/control: Build-depends on newer libcurl1-dev, remove librecode-dev
+ * debian/control: add libjpeg62-dev to build-depends from powerpc buildlog
+ (hmm. Where ir Roman?)
+ * debian/php4{,-cgi}.postinst: don't mark php.ini as conffile and install it
+ when it doesn't already exist. I should find a way to check, that the default
+ php.ini changed and user should update it.
+ * debian/php4{,-cgi}.postrm: cleanup the /etc/php4 dir after purge
+ * fix xml.so not working with php4-cgi
+
+ -- Petr Cech Thu, 23 Jan 2001 11:12:59 +0100
+
+php4 (4.0.4final-6) unstable; urgency=medium
+
+ * OK. Now also fix the prerm issues (closes: #81418) and to ease
+ that thanks for submiting bugs (closes: #81818, #81819)
+ * some upstream updates: browsercap, php-config
+
+ -- Petr Cech Wed, 10 Jan 2001 14:04:19 +0100
+
+php4 (4.0.4final-5) unstable; urgency=medium
+
+ * OK. Take a deep breath and fix those bloody postinst
+ bugs - fix it and rewrite from ed -> sed, because ed is not essential :(
+ closes: #80801.
+ * apply some upstream fixes.
+ * disable ctype extension - not yet ready
+
+ -- Petr Cech Tue, 2 Jan 2001 13:40:35 +0100
+
+php4 (4.0.4final-4) unstable; urgency=low
+
+ * debian/libc-client.la: add -lpam -ldl -lcrypt
+ * fix php4-cgi.postinst bugs (closes: #80817, #80805, #80801)
+
+ -- Petr Cech