This bug was fixed in the package php5 - 5.2.4-2ubuntu1 --------------- php5 (5.2.4-2ubuntu1) hardy; urgency=low * Merge from Debian unstable (LP: #176011). Remaining Ubuntu changes: - debian/control, debian/rules: Disable a few build dependencies and accompanying binary packages which we do not want to support in main: + firebird2-dev/php5-interbase (we have a separate php-interbase source) + libc-client-dev/php5-imap (we have a separate php-imap source) + libmcrypt-dev/php5-mcrypt (separate php-mcrypt source) - debian/rules: Correctly mangle PHP5_* macros for lpia - debian/control: DebianMaintainerField * Builds php5-gmp (LP: #176013) * Fixes sybase_ct for MS SQL (LP: #21995) * New Ubuntu changes: - debian/rules: use 32M memory_limit for CLI and 16M for cgi/libapache (LP: #148871) - debian/control, debian/rules: Configure CLI with --with-libedit for readline support again, now that the libedit issue is fixed. Extended debian/patches/027-readline_is_editline.patch (LP: #124846) - Force build against db4.4 (by ignoring db4.5 if it is installed), debian/patches/use-specific-libdb-version.patch (LP: #165247) php5 (5.2.4-2) unstable; urgency=low [ sean finney ] * for posterity revised previous changelog to reference the CVE id's of security issues resolved by the latest upstream release. * lintian: use debian/compat instead of DH_COMPAT in debian/rules. * lintian: use source:Version and binary:Version where appropriate, instead of Source-Version * lintian: remove a couple pieces of cruft in the changelog that were causing false-postive wrong-bug-number-in-closes, but were generally useless anyway. [ Raphael Geissert ] * Using test-results.txt as a target * cronjob now checks for existance of /usr/lib/php5/maxlifetime (Closes: #439286) * Fixed memory limit of 1232M in php.ini for cli (Closes: #440624) * Build the interbase extension using firebird2.0-dev (Closes: #433736) * Unapply patches with debian/rules clean [ Steve Langasek ] * Don't patch configure or php_config.h.in in suhosin.patch, as these are auto-generated and including them in the patch results in a race condition for the necessary build-time regeneration. Thanks to Daniel Schepler for reporting, and to Damyan Ivanov for helping to sort out the fix. Closes: #443637. * Also remove the modified auto-generated files in the clean target, which triggers a warning about disappearing files when building the source package but avoids carrying irrelevant diffs to these files in the Debian diff. * Now that the testsuite is being run at build time, test failures cause a bunch of junk files to be left around in the Debian diff. So clean up several false-positive failures: - 052-phpinfo_no_configure.patch: we're patching the output of phpinfo(), so patch the test as well - fix_broken_upstream_tests.patch: use a local directory for tests that use sessions, skip the phpinfo test after all because it doesn't appear to be compatible with current testsuite behavior, and disable the moneyformat test if en_US locale is not available. There are still several other failing tests, but these are not false positives and remain enabled pending investigation. php5 (5.2.4-1) unstable; urgency=low * New upstream release. * Security issues resolved in the latest release: - CVE-2007-2519 - Directory traversal vulnerability in PEAR [ sean finney ] * patch from Jan Wagner to be able to conditionally disable any patches that break binary-compatibility with official php binary-only extensions. see debian/rules for more information. * now incorporate the php unit tests into the build process. for those interested the output is stored in the file /usr/share/doc/php5-common/test-results.txt . * by default we now ship with enable_dl = Off, as there are some fairly significant ramifications security-wise to having it on. * we shipping with the suhosin patch enabled by default. special thanks to Blars Blarson for providing a sparc machine for testing purposes with 5.2.3 (closes: #397179). * new binary package php5-gmp, with the newly enabled gmp extension, since whatever reason for not doing so either never existed or no no longer exists (closes: #344137). Build-Depends added for libgmp3-dev. [ Steve Langasek ] * php5-module.postinst: don't assume that the postinst is only relevant when called with 'configure' as an argument, some future debhelper code could apply in the case of other methods of invocation. * Clean up build dependencies for recent library transitions: - libsnmp-dev is now the real package name, and is supported as a virtual package for backports. - re-add firebird2-dev as an alternative to firebird1.5-dev, to support backports. - the curl -dev package name has changed from libcurl3-openssl-dev to libcurl4-openssl-dev; update to the proper name, with libcurl-dev as an alternative. * Switch php5-sybase to use the mssql extension instead of the sybase_ct extension. Closes: #418734, #329065. -- dAniel hAhler