php5 5.4.4-1ubuntu1 source package in Ubuntu

Changelog

php5 (5.4.4-1ubuntu1) quantal; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - d/rules: Simplify apache config settings since we never build
      interbase or firebird.
    - debian/rules: export DEB_HOST_MULTIARCH properly.
    - Add build-dependency on lemon, which we now need.
    - Dropped firebird2.1-dev, libc-client-dev, libmcrypt-dev as it is in universe.
    - Dropped libcurl-dev not in the archive.
    - debian/control: replace build-depends on mysql-server with
      mysql-server-core-5.5 and mysql-client-5.5 to avoid upstart and
      mysql-server-5.5 postinst confusion with starting up multiple
      mysqlds listening on the same port.
    - Dropped php5-imap, php5-interbase, php5-mcrypt since we have versions
      already in universe.
    - Dropped libonig-dev and libqgdbm since its in universe. (libonig MIR
      has been declined due to an inactive upstream. So this is probably
      a permanent change).
    - modulelist: Drop imap, interbase, sybase, and mcrypt.
    - debian/rules:
      * Dropped building of mcrypt, imap, and interbase.
      * Install apport hook for php5.
      * stop mysql instance on clean just in case we failed in tests
  * Dropped Changes:
    * d/rules: enable Suhosin patch with PHP5_SUHOSIN=yes -- Upstream suhosin
      has been slow to adopt PHP 5.4, and is showing signs of disengagement.
      Therefore, we will follow Debian's lead and drop Suhosin for now.
    - d/control: build-depend on mysql 5.5 instead of 5.1 for running tests.
      -- Debian just deps on mysql-server
    - Suggest php5-suhosin rather than recommends. -- Dropping suhosin
    - d/setup-mysql.sh: modify to work with mysql 5.5 differences -- superseded
      in Debian.
    - Only build php5-sqlite for sqlite3, dropping the obsolete sqlite2. --
      superseded in Debian
    - d/maxlifetime: Improve maxlifetime script to scan for more SAPIs and
      scan all *.ini in conf.d directory. -- Change came from Debian
    - d/libapache2-mod-php5.postinst,libapache2-mod-php5filter.postinst:
      Restart apache on first install to ensure module is fully enabled.
      -- Change came from Debian
    - debian/patches/php5-CVE-2012-1823.patch: filter query strings that
      are prefixed with '-' -- Fixed upstream
    - debian/control: Recommend php5-dev for php-pear. -- This was a poorly
      conceived idea anyway.
    - Pre-Depend on a new enough version of dpkg for dpkg-maintscript-helper
      rather than checking whether it exists at run-time, leading to more
      predictable behaviour on upgrades. -- Applied in Debian
    - d/p/gd-multiarch-fix.patch: superseded
  * d/NEWS: add note explaining that SUHOSIN is no longer enabled in the
    Ubuntu packages.

php5 (5.4.4-1) unstable; urgency=low

  * Imported Upstream version 5.4.4
  * Generate 16 char salt instead of 12 char salt for SHA-512

php5 (5.4.4~rc2-1) unstable; urgency=low

  * Imported Upstream version 5.4.4~rc2

php5 (5.4.4~rc1-1) unstable; urgency=low

  * Imported Upstream version 5.4.4~rc1
   + CVE-2012-2386: Fix integer overflow leading to heap-buffer overflow
     in the Phar extension
  * Remove some READMEs removed by upstream
   + README.SVN-RULES - upstream has moved to git
   + README.Zeus - Zeus Web Server is dead
  * CVE-2012-2386: one additional, similar vulnerable code construct in
    the Phar extension

php5 (5.4.3-6) unstable; urgency=low

  [ Ondřej Surý ]
  * Merge 5.3.10-1 and 5.3.10-2 changelog
  * Remove *.patch from .gitignore, it broke adding quilt patches
  * Revert "Use system libzip (Pulled from Fedora)" (Closes: #674151)
  * Add patch to fix tt-rss backend php crash (Closes: #666200)

  [ Thorsten Glaser ]
  * Add support for Linux/m68k atomics needed by the FPM SAPI
    (Closes: #672277)

  [ Gedalya ]
  * Add logrotate script for php5-fpm (Closes: #673558)

php5 (5.4.3-5) unstable; urgency=low

  * Pull patches from Fedora:
    + Update use_embedded_timezonedb.patch to r8: fix compile error
      without --with-system-tzdata configured
    + Add ldconfig post/postun for -embedded (Hans de Goede)
    + Use RTLD_NOW instead of RTLD_LAZY (pulled from Fedora)
    + Use system libzip (pulled from Fedora)
  * Disable undefined ZIP_OVERWRITE to allow compile with system libzip

php5 (5.4.3-4) unstable; urgency=low

  * Fix tests ([ERROR] Can't start server: bind-address refers to
    multiple interfaces!) (Closes: #672588)

php5 (5.4.3-3) unstable; urgency=low

  * Disable log redirection in debian/setup-mysql.sh to help diagnose
    the setup-mysql.sh failure (still not fixed, but not reproduceable
    on my local box)

php5 (5.4.3-2) unstable; urgency=low

  * Add --no-defaults to rest of the mysql commands in setup-mysql.sh
    script (Closes: #672588)
  * Add debugging info to debian/setup-mysql.sh to help diagnose any
    further problems

php5 (5.4.3-1) unstable; urgency=low

  * Imported Upstream version 5.4.3
    + CVE-2012-2311: Complete fix for PHP-CGI query string parameter
      vulnerability
    + CVE-2012-2329: Fix a buffer overflow vulnerability in the
      apache_request_headers() (PHP 5.3 is not vulnerable)

php5 (5.4.2-1) unstable; urgency=low

  * Imported Upstream version 5.4.2
    + CVE-2012-1823: Fix PHP-CGI query string parameter vulnerability.

php5 (5.4.1-1) unstable; urgency=low

  * Imported Upstream version 5.4.1
    + Fixed insufficient validating of upload name leading to corrupted
      $_FILES indices). (CVE-2012-1172).
    + Add open_basedir checks to readline_write_history and
      readline_read_history.
    + Add Apache 2.4 support (.deb package in experimental comming soon)
    + Added debug info handler to DOM objects.
  * Remove Breaks: on php applications on maintainer requests:
    + simplesamlphp
    + php-horde-auth
  * Add better configuration snippet for CGI (Closes: #571795)
  * Update a description of PHP language based on the text from upstream
    web page (http://www.php.net/manual/en/intro-whatis.php)
  * Enable embed SAPI (Closes: #380731)
  * Add lintian override for libphp5-embed: embedded-library
    usr/lib/libphp5.so: file
  * Add ldconfig to libphp5-embed.{postinst,postrm}
  * Fix #EXTRA# processing for SAPIs (extra ; at the end of sed cmd)

php5 (5.4.1~rc1-1) unstable; urgency=low

  * Add information about flavor of INI file inside the INI file,
    install php.ini-development INI to /usr/share/php5 (Closes: #667711)
  * Imported Upstream version 5.4.1~rc1
  * Update patches for the 5.4.1RC1 release

php5 (5.4.0-4) unstable; urgency=low

  * Change id -u+getent combo to whoami (Courtesy of Michiel van
    Leening)
  * Fix missing FOUND declaration (pulled from dotdeb)
  * Add Breaks for all known broken packages not working with PHP 5.4
    (Closes: #666411)

php5 (5.4.0-3) unstable; urgency=high

  [ Thijs Kinkhorst ]
  * Correct version number; 5.4.0~rc7-3 never existed
  * Add placeholder build-arch, build-indep targets
  * Each module needs to depend on ucf, as it's used in postinst
  * Newer version of roundcube available that isn't broken anymore
  * Checked for policy 3.9.3

  [ Ondřej Surý ]
  * Remove Pre-Depends on dpkg-maintscript-helper
  * Remove obsolete configure options
  * Add support for *.extra.{post,pre}{inst,rm} files
  * Add support for MultiArch libgd2-xpm-dev
  * Add support for MultiArch libmysqlclient-dev
  * Add Lior to maintainers
  * setup-mysql.sh changed to:
    + never run as root (fix needed for MySQL 5.5 in pbuilder)
    + drop and create database test which may or may not exist
  * Restart apache2 instead of reloading on first install
    (Closes: #589386)

  [ Julien Cristau ]
  * Fix postinst scripts to not use 'local' outside functions (Closes:
    #664853, #664849)

php5 (5.4.0-2) unstable; urgency=low

  * Build depend on libpng-dev | libpng12-dev (Closes: #662466)

php5 (5.4.0-1) unstable; urgency=low

  * PHP 5.4 has landed in unstable
  * Imported Upstream version 5.4.0
  * Use $(filter pattern...,text) instead of $(findstring find,in) in
    debian/rules to match against space separated list of words and not
    substrings (Closes: #660647)

php5 (5.4.0~rc8-2) experimental; urgency=low

  * Use $(filter pattern...,text) instead of $(findstring find,in) in
    debian/rules to match against space separated list of words and not
    just substrings (i386 != hurd-i386) (Closes: #660647)

php5 (5.4.0~rc8-1) experimental; urgency=low

  * Imported Upstream version 5.4.0~rc8
  * Improve maxlifetime script to scan for more SAPIs and scan all *.ini
    in conf.d directory
  * Move php5-mysqlnd to Priority: extra to make debcheck happy
  * Check for dpkg-maintscript-helper existence in php5-fpm maintainer
    scripts
  * Add Pre-Depends: dpkg (>= 1.15.7.2~) | dpkg-maintscript-helper to
    allow single upgrade path (dpkg-maintscript-helper package will be
    provided for Ubuntu Lucid PPA)

php5 (5.4.0~rc7-2) experimental; urgency=low

  * Use corrected module PHPAPI (20100525) and not (220100525)
  * Use $ZEND_MODULE_API_NO for $DEBIAN_PHP_API. Check for PHPAPI
    changes, so we don't become binary incompatible without knowing it.
  * Update debian/README.Debian.security:
    + register_globals was removed from PHP 5.4
    + Remove safe_mode (removed upstream) and update and reformat text
      slightly
    + Reviewed by english l10n team (thanks a lot)
  * php5-fpm now listen on socket instead of localhost by default
    (Closes: #650204)
  * Add NEWS about change of default location of php5-fpm socket
  * Stop php5-fpm on runlevels 0 1 6 (Closes: #650203)
  * Add -ignore_readdir_race to find call in session cleanup (#634864)
  * Don't prefix extension list automatically, it's done by subsvars now
    (Closes: #633491)
  * Depends on non-forking fuser in psmisc (Closes: #633100)
  * php5-common.README.Debian additions and cleanup:
    + Add a paragraph about PHP_INI_SCAN_DIR (Closes: #659123)
    + Reformat README.Debian to common formatting
    + Mention php5-fpm where appropriate
    + Use 'PHP 5' and 'Apache HTTP Server' instead of php5 and apache2

php5 (5.4.0~rc7-1) experimental; urgency=low

  [ Thijs Kinkhorst ]
  * Textual improvements to README.Debian.security, NEWS
    (closes: #632675,#643015,#658208).

  [ Ondřej Surý ]
  * Imported Upstream version 5.4.0~rc7
    + CVE-2012-0830: Fix PHP remote vulnerability (code injection) in the
      implementation of the max_input_vars configuration variable
    + CVE-2011-3389: Fix possible attack in SSL sockets with SSL 3.0/TLS 1.0.

php5 (5.4.0~rc6-3) experimental; urgency=low

  * ucfize php5-module.* and store priority in module .ini file
  * Store dsonames in maintainer scripts to make postrm work
  * Make php5enmod idempotent

php5 (5.4.0~rc6-2) experimental; urgency=low

  * Merge all changes from Debian unstable branch (up to 5.3.9-6)
  * Fix -Wformat-security error in mysqlnd
  * Add php5{en,dis}mod to enable/disable modules from maintainer
    scripts (Closes: #447826, #582320, #627145)
    (Initial work courtesy of Clint Byrum)
  * Modify comments in php.inis to match compiled default session
  * Adjust new 5.3 patches for 5.4 branch
  * Ensure pdo.so is loaded before all other modules
  * Add trigger to restart php5-fpm when module is installed/removed
  * Remove --with-ttf and --with-t1lib (Closes: #658248, #638755)
  * Add debian/NEWS item about missing t1lib functions

php5 (5.4.0~rc6-1) experimental; urgency=low

  * Imported Upstream version 5.4.0~rc6

php5 (5.4.0~rc5-1) experimental; urgency=low

  * Imported Upstream version 5.4.0~rc5
  * Update patches for new release
  * Disable suhosin patch

php5 (5.4.0~beta2-1) experimental; urgency=low

  * Remove obsolete sqlite(2) module from php5-sqlite
  * Use correct signals in php5-fpm init script (Closes: #645934)
  * Update gbp.conf for experimental branch
  * Imported Upstream version 5.4.0~beta2
  * Refresh patches for the 5.4.0beta2 release
  * Remove php.ini-paranoid, it's almost useless now
  * Remove safe_mode setting from suhosin, it has been removed upstream
  * Remove the php_stream stuff to allow compiling with system-wide
    libgd
  * php5-common.docs: Don't install non-existant TODO file

php5 (5.3.10-2) unstable; urgency=low

  * Use $(filter pattern...,text) instead of $(findstring find,in) in
    debian/rules to match against space separated list of words and not
    substrings (Closes: #660647)
  * CVE-2012-0831: magic_quotes_gpc remote disable vulnerability (NOTE:
    magic_quotes_gpc is DEPRECATED and will be removed from PHP 5.4,
    e.g. you should not use them!), also fix regression in CVE-2012-0831
    (LP#930115)
  * Depends on non-forking fuser in psmisc (Closes: #633100)
  * Add Pre-Depends: dpkg (>= 1.15.7.2~) | dpkg-maintscript-helper to
    allow single upgrade path (dpkg-maintscript-helper package will be
    provided for Ubuntu Lucid PPA)
 -- Clint Byrum <email address hidden>   Mon, 18 Jun 2012 16:10:26 -0700