Unblacklist and sync zendframework 1.12.18+dfsg-1 (universe) from Debian unstable (main), delete src:zend-framework from 17.04

Bug #1593024 reported by Nish Aravamudan
24
This bug affects 2 people
Affects Status Importance Assigned to Milestone
icingaweb2 (Ubuntu)
Fix Released
Wishlist
Unassigned
zend-framework (Ubuntu)
Fix Released
Wishlist
Unassigned
zendframework (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Please sync zendframework 1.12.18+dfsg-1 (universe) from Debian unstable (main)

This will eventually be used to replace zend-framework in Ubuntu, which
seems to have been packaged before zendframework was packaged in Debian.

All changelog entries:

zendframework (1.12.18+dfsg-1) unstable; urgency=medium

  [ Matthew Weier O'Phinney ]
  * 1.12.18 preparations

  [ Enrico Zimuel ]
  * Fixed the rand usage

  [ Frank Brückner ]
  * Removes Zend_Gdata_YouTube which is based on Data API v2

  [ David Prévot ]
  * Update Standards-Version to 3.9.8

 -- David Prévot <email address hidden> Wed, 13 Apr 2016 16:57:00 -0400

zendframework (1.12.17+dfsg-2) unstable; urgency=medium

  * PHP 7.0 transition:
    - Update php5-* dependencies to php-*
    - Suggest other php- extensions no longer builtin
    - Rebuild with latest pkg-php-tools
  * Drop ownCloud for Debian maintainers from uploaders
  * Update Standards-Version to 3.9.7

 -- David Prévot <email address hidden> Sat, 05 Mar 2016 10:32:52 -0400

zendframework (1.12.17+dfsg-1) unstable; urgency=medium

  [ Martin Hujer ]
  * Zend_Validate_Hostname - updated TLD list to the version 2015102801

  [ Enrico Zimuel ]
  * Fixed the null byte test for Zend_Db_Adapter_Pdo
  * ZF2015-09: Fixed entropy issue in word CAPTCHA

 -- David Prévot <email address hidden> Mon, 23 Nov 2015 21:57:00 -0400

zendframework (1.12.16+dfsg-1) unstable; urgency=medium

  [ Matthew Weier O'Phinney ]
  * [ZF2015-07] Use umask of 0002 [CVE-2015-5723]
  * [1.12.16] release readiness

  [ Enrico Zimuel ]
  * [ZF2015-08] Fix null byte injection for PDO MsSql [CVE-2014-8089]

 -- David Prévot <email address hidden> Wed, 16 Sep 2015 08:08:40 -0400

zendframework (1.12.15+dfsg-1) unstable; urgency=medium

  [ Matthew Weier O'Phinney ]
  * [1.12.15] Release readinesss

 -- David Prévot <email address hidden> Sat, 29 Aug 2015 15:58:10 -0400

zendframework (1.12.14+dfsg-1) unstable; urgency=medium

  [ Frank Brückner ]
  * Classes for Technorati removed

  [ Matthew Weier O'Phinney ]
  * [ZF2015-06] Fix potential XXE vector via BOM detection [CVE-2015-5161]

  [ Martin Hujer ]
  * Drop DeveloperGarden API implementation as it shuts down on 30th June 2015

 -- David Prévot <email address hidden> Tue, 11 Aug 2015 09:34:58 +0200

zendframework (1.12.13+dfsg-1) unstable; urgency=medium

  [ Matthew Weier O'Phinney ]
  * Cast int and float to string when creating headers
  * [1.12.13] Release readiness

 -- David Prévot <email address hidden> Wed, 20 May 2015 12:09:09 -0400

zendframework (1.12.12+dfsg-1) unstable; urgency=high

  * Upload to unstable, with high urgency because of the security fix

  [ Matthew Weier O'Phinney ]
  * [ZF2015-04] Fix CRLF injections in HTTP and Mail [CVE-2015-3154]
  * [1.12.12] Release readiness

 -- David Prévot <email address hidden> Tue, 19 May 2015 14:56:04 -0400

zendframework (1.12.11+dfsg-1) experimental; urgency=medium

  [ Matthew Weier O'Phinney ]
  * Promoted to stable version 1.12.11

  [ Frank Brückner ]
  * Adds condition in ViewRenderer action helper

 -- David Prévot <email address hidden> Tue, 17 Feb 2015 19:53:26 -0400

zendframework (1.12.10+dfsg-1) experimental; urgency=medium

  [ Matthew Weier O'Phinney ]
  * [1.12.10] release preparation

  [ Rob Allen ]
  * Update copyright to 2015.

  [ David Prévot ]
  * Update copyright
  * Simplify rules
  * Add upstream changelog
  * Upload to experimental to respect the freeze

 -- David Prévot <email address hidden> Fri, 23 Jan 2015 15:18:20 -0400

zendframework (1.12.9+dfsg-2) unstable; urgency=medium

  * Revert tests during package build (Closes: #765155)
  * Use repacksuffix feature of uscan

 -- David Prévot <email address hidden> Mon, 13 Oct 2014 22:40:34 -0400

zendframework (1.12.9+dfsg-1) unstable; urgency=medium

  [ Matthew Weier O'Phinney ]
  * [ZF2014-05] Fix for null-byte binding
  * [#372] Quote null byte characters
  * [1.12.9] Release readiness

  [ David Prévot ]
  * Bump standards version to 3.9.6

 -- David Prévot <email address hidden> Thu, 18 Sep 2014 20:28:35 -0400

zendframework (1.12.8+dfsg-1) unstable; urgency=medium

  * Imported Upstream version 1.12.8+dfsg (Closes: #759575)
  * Exclude sourceless and non-free files from source
  * Add watch file and get-orig-source target
  * debian/patches:
    - Handle with gbp pq
    - Add patches to run tests
  * debian/rules:
    - Use php for section
    - Maintain package in the PHP PEAR Maintainers team
    - Declare Vcs-* entries
    - Bump standards version to 3.9.5
  * Use format 3.0 (quilt) instead of quilt
  * Update copyright in format 1.0
  * Use pkg-php-tools Composer helper
  * Run tests during package build
  * Use fonts from ttf-bitstream-vera for tests

 -- David Prévot <email address hidden> Wed, 03 Sep 2014 17:02:50 -0400

zendframework (1.12.7-0.1) unstable; urgency=medium

  * Non-maintainer upload
  * New upstream release, fixes a security issue (Closes: #754201):
    - ZF2014-04: Potential SQL injection in the ORDER implementation of
      Zend_Db_Select
      http://framework.zend.com/security/advisory/ZF2014-04

 -- David Prévot <email address hidden> Tue, 08 Jul 2014 12:33:40 -0400

zendframework (1.12.5-0.1) unstable; urgency=medium

  * Non-maintainer upload
  * New upstream release, fixes several security issues (Closes: #743175):
    - ZF2014-01: Potential XXE/XEE attacks using PHP functions:
      simplexml_load_*, DOMDocument::loadXML, and xml_parse
      http://framework.zend.com/security/advisory/ZF2014-01
      [CVE-2014-2681] [CVE-2014-2682] [CVE-2014-2683]
    - F2014-02: Potential security issue in login mechanism of ZendOpenId and
      Zend_OpenId consumer
      http://framework.zend.com/security/advisory/ZF2014-02
      [CVE-2014-2684] [CVE-2014-2685]
  * Update copyright years

 -- David Prévot <email address hidden> Mon, 14 Apr 2014 14:48:35 -0400

zendframework (1.12.3-1) unstable; urgency=low

  * new upstream release
  * removed windows azure stuff for windows platform from library path

 -- Frank Habermann <email address hidden> Wed, 24 May 2013 22:17:00 +0200

zendframework (1.11.12-1) unstable; urgency=high

  * new upstream release
    - fixes Local file disclosure via XXE injection (Closes: #679215)
  * changed Standards-Version to 3.9.3
  * added DM-Upload-Allowed to control

 -- Frank Habermann <email address hidden> Wed, 27 Jun 2012 21:36:00 +0200

zendframework (1.11.11-1) unstable; urgency=low

  * new upstream release
  * changed Standards-Version to 3.9.2

 -- Frank Habermann <email address hidden> Sat, 11 Feb 2012 21:53:00 +0200

zendframework (1.11.10-1) unstable; urgency=low

  * new upstream release

 -- Frank Habermann <email address hidden> Sun, 07 Aug 2011 20:24:00 +0200

zendframework (1.11.9-1) unstable; urgency=low

  * new upstream release

 -- Frank Habermann <email address hidden> Fri, 15 Jul 2011 19:15:00 +0200

zendframework (1.11.8-1) unstable; urgency=low

  * new upstream release

 -- Frank Habermann <email address hidden> Sat, 9 Jul 2011 22:28:00 +0200

zendframework (1.11.6-1) unstable; urgency=low

  * new upstream release

 -- Frank Habermann <email address hidden> Sat, 21 May 2011 21:04:00 +0200

zendframework (1.11.4-1) unstable; urgency=low

  * new upstream release

 -- Frank Habermann <email address hidden> Sun, 06 Mar 2011 22:38:00 +0200

zendframework (1.11.3-1) unstable; urgency=low

  * new upstream release

 -- Frank Habermann <email address hidden> Tue, 08 Feb 2011 22:10:00 +0200

zendframework (1.11.2-2) experimental; urgency=low

  * Remove Suggests on php5-sqlite3 for debcheck since the package
    is php5-sqlite and is no longer built by php5 under that name
    (Closes: #603515)

 -- Frank Habermann <email address hidden> Wed, 19 Jan 2011 21:20:00 +0200

zendframework (1.11.2-1) experimental; urgency=low

  * new upstream release

 -- Frank Habermann <email address hidden> Thu, 30 Dec 2010 20:59:00 +0200

zendframework (1.11.0-1) experimental; urgency=low

  * new upstream release
  * fixing wrong rights on resources/languages/pt_BR/Zend_Validate.php
  * using php5 or php5-cli for zendframework dependencies (Closes: #598378)

 -- Frank Habermann <email address hidden> Thu, 18 Nov 2010 23:29:00 +0200

zendframework (1.10.8-1) experimental; urgency=low

  * new upstream release
  * created new package zendframework-resources that contains pre-translated
    error messages (Closes: #592385)

 -- Frank Habermann <email address hidden> Fri, 27 Aug 2010 20:54:00 +0200

zendframework (1.10.7-1) unstable; urgency=low

  * new upstream release
  * changed Standards-Version to 3.9.1

 -- Frank Habermann <email address hidden> Sun, 08 Aug 2010 22:01:00 +0200

zendframework (1.10.6-1) unstable; urgency=low

  * new upstream release

 -- Frank Habermann <email address hidden> Tue, 22 Jun 2010 20:42:00 +0200

zendframework (1.10.5-1) unstable; urgency=low

  * new upstream release

 -- Frank Habermann <email address hidden> Mon, 31 May 2010 21:21:00 +0200

zendframework (1.10.4-1) unstable; urgency=low

  * new upstream release

 -- Frank Habermann <email address hidden> Wed, 28 Apr 2010 20:10:00 +0200

zendframework (1.10.3-1) unstable; urgency=low

  * new upstream release
  * set debian source format

 -- Frank Habermann <email address hidden> Mon, 5 Apr 2010 18:55:00 +0200

zendframework (1.10.2-1) unstable; urgency=low

  * new upstream release

 -- Frank Habermann <email address hidden> Sun, 28 Feb 2010 20:00:00 +0200

zendframework (1.10.1-2) unstable; urgency=low

  * added manpage for zf command
  * changed Standards-Version to 3.8.4

 -- Frank Habermann <email address hidden> Tue, 16 Feb 2010 21:00:00 +0200

zendframework (1.10.1-1) unstable; urgency=low

  * new upstream release

 -- Frank Habermann <email address hidden> Fri, 12 Feb 2010 21:40:00 +0200

zendframework (1.10.0-1) unstable; urgency=low

  * new upstream release

 -- Frank Habermann <email address hidden> Wed, 27 Jan 2010 20:50:00 +0200

zendframework (1.9.7-1) unstable; urgency=low

  * new upstream release

 -- Frank Habermann <email address hidden> Tue, 12 Jan 2010 22:00:00 +0200

zendframework (1.9.6-2) unstable; urgency=low

  * use quillt to set paths for shell scripts

 -- Frank Habermann <email address hidden> Mon, 28 Dec 2009 22:00:00 +0200

zendframework (1.9.6-1) unstable; urgency=low

  * new upstream release

 -- Frank Habermann <email address hidden> Sun, 06 Dec 2009 20:40:00 +0200

zendframework (1.9.5-1) unstable; urgency=low

  * new upstream release

 -- Frank Habermann <email address hidden> Sun, 28 Oct 2009 10:02:00 +0200

zendframework (1.9.4-1) unstable; urgency=low

  * new upstream release

 -- Frank Habermann <email address hidden> Sun, 17 Oct 2009 14:40:00 +0200

zendframework (1.9.3pl1-1) unstable; urgency=low

  * new upstream release
    - corrects a BC break found in the 1.9.3 release

 -- Frank Habermann <email address hidden> Sun, 27 Sep 2009 20:20:00 +0200

zendframework (1.9.3-1) unstable; urgency=low

  * new upstream release
    - fixed more than 100 bugs in over 40 components

 -- Frank Habermann <email address hidden> Tue, 22 Sep 2009 21:10:00 +0200

zendframework (1.9.2-2) unstable; urgency=low

  * Fixed spelling (Closes: #547125)
  * Created bin package with that you can creat a default
    MVC environment (Closes: #544793)

 -- Frank Habermann <email address hidden> Sun, 20 Sep 2009 13:45:00 +0200

zendframework (1.9.2-1) unstable; urgency=low

  * Initial release.

 -- Frank Habermann <email address hidden> Wed, 26 Aug 2009 21:15:00 +0200

Nish Aravamudan (nacc)
Changed in ubuntu:
importance: Undecided → Wishlist
Revision history for this message
Logan Rosen (logan) wrote :

zendframework is on the sync blacklist due to Bug 580507, so it needs to be removed from it for this to go through. Subscribing ~ubuntu-archive accordingly.

summary: - Sync zendframework 1.12.18+dfsg-1 (universe) from Debian unstable (main)
+ Unblacklist and sync zendframework 1.12.18+dfsg-1 (universe) from Debian
+ unstable (main)
Revision history for this message
Nish Aravamudan (nacc) wrote : Re: [Bug 1593024] Re: Sync zendframework 1.12.18+dfsg-1 (universe) from Debian unstable (main)

On Jun 15, 2016 21:50, "Logan Rosen" <email address hidden> wrote:
>
> zendframework is on the sync blacklist due to Bug 580507, so it needs to
> be removed from it for this to go through. Subscribing ~ubuntu-archive
> accordingly.

Ah ok, I will do my best to sort this out tomorrow!

-Nish

Revision history for this message
Nish Aravamudan (nacc) wrote : Re: Unblacklist and sync zendframework 1.12.18+dfsg-1 (universe) from Debian unstable (main)

Also, note that zend-frameworks only revdep is php-icinga which in Debian depends on zendframework.

Nish Aravamudan (nacc)
affects: ubuntu → zend-framework (Ubuntu)
Revision history for this message
Nish Aravamudan (nacc) wrote :

In my testing, we can also sync icingaweb2 from Debian unstable and then remove zend-framework from yakkety altogether.

Revision history for this message
Jeremy Bícha (jbicha) wrote :

The new zendframework source will need transitional packages so that users who have zend-framework(-bin) installed in Ubuntu 16.04 LTS will get zendframework(-bin) installed when they upgrade. (The transitional packages need to remain until after the next LTS release.)

https://wiki.debian.org/Renaming_a_Package

Therefore, this is not ready for sponsoring yet. I'm guessing the un-blacklisting should be on hold too until this gets fixed.

Revision history for this message
Nish Aravamudan (nacc) wrote :
Revision history for this message
Nish Aravamudan (nacc) wrote : Re: Unblacklist and sync zendframework 1.12.18+dfsg-1 (universe) from Debian unstable (main)

Hi Jeremy!

Thank you very much for bringing this to my attention! I am attaching the debdiff I have now which seems to work for 16.04 -> 16.10 (ensuring zend-framework gets replaced by zendframework). Note that zend-framework itself is *also* a transitional package, which refers to libzend-framework-php, which is replaced by zendframework as well. Any feedback is greatly appreciated! I especially am not sure if we should try to provide compatibility symlinks for any directories from zend-framework.

Finally, there is libzend-framework-zendx-php, which does not have a corresponding package in Debian. I am not sure what to do with this package, as since Ubuntu and Debian have been using different upstream tarball sources, there are no ZendX files in the Debian tarballs.

I have reviewed the following bugs as well, my comments follow:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688033
  - Debian stating they are not going to take the Ubuntu version, and they view the Ubuntu version to be unmaintained (and full of potential security issues), as 1.11.11 was released in 2011 with 23 (!!) upstream releases in ZF1 (ZendFramework v1) since that version.

https://bugs.launchpad.net/ubuntu/+source/zend-framework/+bug/1066406
  - The path used by zend-framework is non-standard. zendframework uses the expected path(s).

https://bugs.launchpad.net/ubuntu/+source/zend-framework/+bug/1450308
  - We probably can fix this in zend-framework with backports for Trusty/Precise, but indicates another problem with having this differing packaging and lack of maintainership.

https://bugs.launchpad.net/ubuntu/+source/zendframework/+bug/580507
  - The original blacklist bug. While it mentions "more goodies" in the bug description, no comment is made as to what they are and why they are necessary, better, etc. From what I can tell, the primary benefit of zend-framework is the inclusion of the "extras" library from upstream. But these are unsupported upstream, and seem like they should not be actually depended on.

https://bugs.launchpad.net/ubuntu/+source/zend-framework/+bug/1052423
  - A prior request to sync. The discussion didn't seem to go anywhere, beyond there having been at some time an active Ubuntu maintainer. But now there is not and I believe those arguments are no longer valid.

Note also that the debian/watch file for zend-framework leads `uscan` to want to update to ZF2, while the zendframework debian/watch file stays on ZF1.

-Nish

Revision history for this message
Jeremy Bícha (jbicha) wrote :

If you can convince Debian to take your changes, Ubuntu can be in sync.

The Debian bug 688033 you mentioned says that are already separate packages for the core parts of ZF 2, so the watch file is correct.

I'm guessing on a few things now:
* Since zend-framework's only reverse dependency in Ubuntu is php-icinga (which is also being updated), maybe the changing directories are unimportant.

* Maybe we should B/R the zendx package too since there's no good reason to have that installed going forward (unless someone else provides a higher versioned compatible packages).

Revision history for this message
Nish Aravamudan (nacc) wrote : Re: [Bug 1593024] Re: Unblacklist and sync zendframework 1.12.18+dfsg-1 (universe) from Debian unstable (main)

On 19.06.2016 [18:42:32 -0000], Jeremy Bicha wrote:
> If you can convince Debian to take your changes, Ubuntu can be in sync.

Good point. I'll try a submittodebian and see what they say.

> The Debian bug 688033 you mentioned says that are already separate
> packages for the core parts of ZF 2, so the watch file is correct.

Yes, sorry, I think the debian/watch file is correct. I think the Ubuntu
watch file is not, as it doesn't distinguish between ZF 1 and ZF 2. Just
another example of lack of maintenance of the Ubuntu package, afaict (as
`uscan` will incorrectly try to update all the way to ZF 2).

> I'm guessing on a few things now:
> * Since zend-framework's only reverse dependency in Ubuntu is
> php-icinga (which is also being updated), maybe the changing
> directories are unimportant.

Agreed. The question becomes if anyone has installed just zend-framework
on its own (or any of the related binary packages) -- would the
resulting upgrade break any tools/code they might have written that
relies on the zend-framework layout?

I agree that from an Ubuntu packages perspective, we can be consistent
if we also update php-icinga.

> * Maybe we should B/R the zendx package too since there's no good
> reason to have that installed going forward (unless someone else
> provides a higher versioned compatible packages).

Yep, this was my (less than well-stated question). I think we want to
Breaks: zendx, because the newer zendframework is incompatible with the
zendx pacakge; but do want to Replaces: it? Because semantically, it
does not replace it, as there is no zendx code in zendframework's
packages. We could probably ask Debian to package the extras library, if
that is necessary to complete the transition, or package it ourselves as
a distinct library in the meanwhile, which would have the Breaks: and
Replaces: correctly.

I don't see any Debian RFP for the zendx extras, and I wonder if
possibly the extras don't follow DFSG. I'll ask in my Debian bug.

Revision history for this message
Nish Aravamudan (nacc) wrote : Re: Unblacklist and sync zendframework 1.12.18+dfsg-1 (universe) from Debian unstable (main)

Well, Debian doesn't want to take a patch for what they perceive as an Ubuntu-specific issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827695.

But that did result in a more interesting result, that zendframework is going away in Stretch. So perhaps the right solution to this bug is to resolve the rdeps in Debian, sync those versions down to Yakkety, and then remove zend-framework.

Revision history for this message
Nish Aravamudan (nacc) wrote :
Revision history for this message
Jeremy Bícha (jbicha) wrote :

Unsubscribing ubuntu-sponsors since there's nothing to be sponsored now.

Mathew Hodson (mhodson)
Changed in icingaweb2 (Ubuntu):
importance: Undecided → Wishlist
Revision history for this message
Nish Aravamudan (nacc) wrote : Re: Unblacklist and sync zendframework 1.12.18+dfsg-1 (universe) from Debian unstable (main)

I believe I need an AA to assist here, but I believe the following steps are now possible.

1) Apply the forthcoming debdiff to src:zendframework 1.12.20+dfsg-1 from Debian unstable.
2) Sync icingaweb2 from Debian unstable (the delta is currently composed of three parts:
  a) PHP7.0 dependencies (fixed in Debian)
  b) source patches related to PHP7.0 (fixed upstream)
  c) Depend on zend-framework instead of zendframework (no longer needed due to 1)
  - Fixes LP: #1574250
3) Delete src:zend-framework from zesty (virtual packages superseding the binaries from src:zend-framework result from 1)
4) Drop the blacklist for zendframework.

Revision history for this message
Nish Aravamudan (nacc) wrote :
Revision history for this message
Nish Aravamudan (nacc) wrote : Re: Unblacklist and sync zendframework 1.12.18+dfsg-1 (universe) from Debian unstable (main)

I have updated the debdiff to include an updated changelog message (about the removed binary package) and indicate another zend-framework bug is closed.

Nish Aravamudan (nacc)
Changed in icingaweb2 (Ubuntu):
status: New → Fix Committed
Changed in zendframework (Ubuntu):
status: New → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package zendframework - 1.12.20+dfsg-1ubuntu1

---------------
zendframework (1.12.20+dfsg-1ubuntu1) zesty; urgency=medium

  * zend-framework -> zendframework transition (LP: #1593024,
    LP: #1066406):
    - Modify the definitions of zendframework and zendframework-bin to
      Replace & Break zend-framework and zend-framework-bin versions
      before this one.
    - Define transitional dummy packages for zend-framework,
      zend-framework-bin and libzend-framework-php. They can be dropped
      after 18.04 releases.
      + zend-framework also shipped a libzend-framework-zendx-php binary
        package, which is not present in zendframework.
        - zend-framework used a different upstream source that included
          ZendX. Per LP #1052423, the ZendX addons are "are experimental
          or not ready for production" and if there is anyone
          depending on this leaf package, it should be resolved in
          Debian via a new bug.
    - d/libzend-framework-php.maintscript: remove zend-framework.ini, as
      it is only used by libzend-framework-php.
    - d/libzend-framework-php.preinst: call phpdismod to remove
      zend-framework.ini symlinks for all PHP SAPIs.
      + As no PHP module is actually shipped by libzend-framework-php,
        it is safe to remove and disable this conffile, as it should
        only have been used to modify the include_path. That is, unlike
        other .ini files, no runtime behavior is intended to be
        controlled by this file.

 -- Nishanth Aravamudan <email address hidden> Tue, 06 Dec 2016 13:38:26 +0100

Changed in zendframework (Ubuntu):
status: Fix Committed → Fix Released
Nish Aravamudan (nacc)
Changed in icingaweb2 (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in zend-framework (Ubuntu):
status: New → Confirmed
Revision history for this message
Nish Aravamudan (nacc) wrote :

Thanks to AA help, zendframework and icingaweb2 are now current in zesty. At this point, I need an AA to help delete src:zend-framework manually from zesty, as it has one binary package (libzend-framework-zendx-php) that is still built from the old source package (zend-framework) and not replaced in the new source package (zendframework). As documented in the zendframework changelog in zesty, this package contained experimental and possibly unstable extensions to ZF and, as it was a leaf package, it does not seem like a sufficient reason to keep old, broken source package around. If a user does come forward with a need, we can work with Debian on packaging those extra extensions, I think. Finally, I'll be sure this gets documented in the release notes.

Revision history for this message
Nish Aravamudan (nacc) wrote :

To be clear, zend-framework is a source package not from Debian.

summary: Unblacklist and sync zendframework 1.12.18+dfsg-1 (universe) from Debian
- unstable (main)
+ unstable (main), delete src:zend-framework from 17.04
Revision history for this message
Steve Langasek (vorlon) wrote :

Removing packages from zesty:
 zend-framework 1.11.11-0ubuntu3 in zesty
Comment: Superseded by zendframework; LP: #1593024
Remove [y|N]? y
1 package successfully removed.

Changed in zend-framework (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Quinn Balazs (qbalazs) wrote : Re: [Bug 1593024] Re: Unblacklist and sync zendframework 1.12.18+dfsg-1 (universe) from Debian unstable (main), delete src:zend-framework from 17.04
Download full text (13.6 KiB)

That is correct. Point taken.

On Dec 14, 2016 4:39 PM, "Nish Aravamudan" <email address hidden>
wrote:

> To be clear, zend-framework is a source package not from Debian.
>
> ** Summary changed:
>
> - Unblacklist and sync zendframework 1.12.18+dfsg-1 (universe) from Debian
> unstable (main)
> + Unblacklist and sync zendframework 1.12.18+dfsg-1 (universe) from Debian
> unstable (main), delete src:zend-framework from 17.04
>
> --
> You received this bug notification because you are subscribed to a
> duplicate bug report (1052423).
> https://bugs.launchpad.net/bugs/1593024
>
> Title:
> Unblacklist and sync zendframework 1.12.18+dfsg-1 (universe) from
> Debian unstable (main), delete src:zend-framework from 17.04
>
> Status in icingaweb2 package in Ubuntu:
> Fix Released
> Status in zend-framework package in Ubuntu:
> Fix Released
> Status in zendframework package in Ubuntu:
> Fix Released
>
> Bug description:
> Please sync zendframework 1.12.18+dfsg-1 (universe) from Debian
> unstable (main)
>
> This will eventually be used to replace zend-framework in Ubuntu, which
> seems to have been packaged before zendframework was packaged in Debian.
>
> All changelog entries:
>
> zendframework (1.12.18+dfsg-1) unstable; urgency=medium
>
> [ Matthew Weier O'Phinney ]
> * 1.12.18 preparations
>
> [ Enrico Zimuel ]
> * Fixed the rand usage
>
> [ Frank Brückner ]
> * Removes Zend_Gdata_YouTube which is based on Data API v2
>
> [ David Prévot ]
> * Update Standards-Version to 3.9.8
>
> -- David Prévot <email address hidden> Wed, 13 Apr 2016 16:57:00 -0400
>
> zendframework (1.12.17+dfsg-2) unstable; urgency=medium
>
> * PHP 7.0 transition:
> - Update php5-* dependencies to php-*
> - Suggest other php- extensions no longer builtin
> - Rebuild with latest pkg-php-tools
> * Drop ownCloud for Debian maintainers from uploaders
> * Update Standards-Version to 3.9.7
>
> -- David Prévot <email address hidden> Sat, 05 Mar 2016 10:32:52 -0400
>
> zendframework (1.12.17+dfsg-1) unstable; urgency=medium
>
> [ Martin Hujer ]
> * Zend_Validate_Hostname - updated TLD list to the version 2015102801
>
> [ Enrico Zimuel ]
> * Fixed the null byte test for Zend_Db_Adapter_Pdo
> * ZF2015-09: Fixed entropy issue in word CAPTCHA
>
> -- David Prévot <email address hidden> Mon, 23 Nov 2015 21:57:00 -0400
>
> zendframework (1.12.16+dfsg-1) unstable; urgency=medium
>
> [ Matthew Weier O'Phinney ]
> * [ZF2015-07] Use umask of 0002 [CVE-2015-5723]
> * [1.12.16] release readiness
>
> [ Enrico Zimuel ]
> * [ZF2015-08] Fix null byte injection for PDO MsSql [CVE-2014-8089]
>
> -- David Prévot <email address hidden> Wed, 16 Sep 2015 08:08:40 -0400
>
> zendframework (1.12.15+dfsg-1) unstable; urgency=medium
>
> [ Matthew Weier O'Phinney ]
> * [1.12.15] Release readinesss
>
> -- David Prévot <email address hidden> Sat, 29 Aug 2015 15:58:10 -0400
>
> zendframework (1.12.14+dfsg-1) unstable; urgency=medium
>
> [ Frank Brückner ]
> * Classes for Technorati removed
>
> [ Matthew Weier O'Phinney ]
> * [ZF2015-06] Fix potential X...

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.