Migrated to git!

- Added git guide for ZF1
- Updated README, INSTALL, and DEVELOPMENT_README to reflect move to git
  - README indicates origins in subversion
  - README includes directions for both git and subversion, and subversion
    points to old SVN server as well as GitHub URIs
- Updated composer.json to reflect branches available

DEVELOPMENT_README.txt

@@ -10,7 +10,7 @@ development following these simple instructions.
    - Vagrant (http://vagrantup.com/)
 
 2. Checkout repository to any location
-   > svn checkout http://framework.zend.com/svn/framework/standard/trunk zf1-dev
+   > git clone git://github.com:zendframework/zf1.git zf1-dev
    > cd zf1-dev
    
 3. Start the process by running Vagrant.

INSTALL.txt

@@ -23,37 +23,43 @@ If you would like to preview enhancements or bug fixes that have not yet been
 released, you can obtain the current development version of Zend Framework using one
 of the following methods:
 
-* Download the latest nightly snapshot. For those who care to brave the cutting
-  (often bleeding) edge, the nightly snapshots represent the latest single-
-  download development version of Zend Framework development. Snapshots are bundled
-  with documentation in English only or in all available languages. If you anticipate
-  updating to the latest development version of Zend Framework often, consider using
-  Subversion as described below.
-
-  http://framework.zend.com/download/snapshot
-
-* Using a Subversion (SVN) client. Zend Framework is open source software, and
-  the Subversion repository used for its development is publicly available. Consider
-  using SVN to get Zend Framework if you already use SVN for your application
+* Using a git client. Zend Framework is open source software, and
+  the git repository used for its development is publicly available. Consider
+  using git to get Zend Framework if you already use git for your application
   development, want to contribute back to the framework, or need to upgrade your
   framework version very often.
 
-  Exporting is useful if you want to get a particular framework revision without the
-  .svn  directories as created in a working copy.
-
   Checking out a working copy is necessary if you would like to directly contribute
-  to Zend Framework; a working copy can be updated any time with svn update.
+  to Zend Framework; a working copy can be updated any time with `git fetch &&
+  git rebase origin/master`.
+
+  A git submodules definition is highly convenient for developers already using
+  git to manage their application working copies.
+
+  The URL for the the Zend Framework 1.X git repository is:
+
+  https://github.com/zendframework/zf1
+
+  For more information about git, please see the official website:
+
+  http://git-scm.com
+
+* Using Subversion. You may pin an svn:externals definition to our repository.
+  For versions prior to 1.12.0, use the following URLs:
 
-  An externals definition is highly convenient for developers already using SVN to
-  manage their application working copies.
+  http://framework.zend.com/svn/framework/standard/branches/release-1.{minor version}
+  http://framework.zend.com/svn/framework/standard/tags/release-1.{minor version}.{maintenance version}
+  http://framework.zend.com/svn/framework/extras/branches/release-1.{minor version}
 
-  The URL for the trunk of the Zend Framework SVN repository is:
+  For versions 1.12.0 and on, use the following URLs:
 
-  http://framework.zend.com/svn/framework/trunk
+  https://github.com/zendframework/zf1/trunk (development version)
+  https://github.com/zendframework/zf1/tags/release-1.12.{maintenance version}
+  https://github.com/zendframework/zf1-extras/trunk
 
-  For more information about Subversion, please see the official website:
+  For more information on subversion, please visit the official website:
 
-  http://subversion.tigris.org
+  http://subversion.apache.org/
 
 CONFIGURING THE INCLUDE PATH
 ----------------------------

README-GIT.md

@@ -0,0 +1,219 @@
+# USING THE GIT REPOSITORY
+
+## Setup your own public repository
+
+Your first step is to establish a public repository from which we can
+pull your work into the master repository. You have two options: use
+GitHub or other public site, or setup/use your own repository.
+
+While you can use a private repository and utilize ``git format-patch`` to
+submit patches, this is discouraged as it does not facilitate public peer
+review.
+
+### Option 1: GitHub
+
+ 1. Setup a GitHub account (http://github.com/), if you haven't yet
+ 2. Fork the ZF1 repository (http://github.com/zendframework/zf1)
+ 3. Clone your fork locally and enter it (use your own GitHub username
+    in the statement below)
+
+    ```sh
+    % git clone git@github.com:<username>/zf1.git
+    % cd zf2
+    ```
+
+ 4. Add a remote to the canonical ZF repository, so you can keep your fork
+    up-to-date:
+
+    ```sh
+    % git remote add zf1 https://github.com/zendframework/zf1.git
+    % git fetch zf1
+    ```
+
+### Option 2: Personal Repository
+
+We assume you will use gitosis (http://git-scm.com/book/en/Git-on-the-Server-Gitosis)
+or gitolite (http://git-scm.com/book/en/Git-on-the-Server-Gitolite) to host your
+own repository.  If you go this route, we will assume you have the knowledge to
+do so, or know where to obtain it. We will not assist you in setting up such a
+repository.
+
+ 1.  Create a new repository
+
+    ```sh
+    % git init
+    ```
+
+ 2. Add an "origin" remote pointing to your gitosis/gitolite repo:
+
+    ```sh
+    % git remote add origin git://yourdomain/yourrepo.git
+    ```
+
+ 3. Add a remote for the ZF repository and fetch it
+
+    ```sh
+    % git remote add zf1 https://github.com/zendframework/zf1.git
+    % git fetch zf1
+    ```
+
+ 4. Create a new branch for the ZF repository (named "zf/master" here)
+
+    ```sh
+    % git checkout -b zf/master zf1/master
+    ```
+
+ 5. Create your master branch off the ZF branch, and push to your
+    repository
+
+    ```sh
+    % git checkout -b master
+    % git push origin HEAD:master
+    ```
+
+## Contributor License Agreement and your git configuration
+
+In order for us to accept your changes to Zend Framework 1.X, you must sign and
+return a Contributors License Agreement (http://framework.zend.com/cla or
+http://framework.zend.com/ccla). For us to verify that you have a CLA on file,
+we need you to do one of the following:
+
+* If your github username matches the username with which you registered on the
+  former Zend Framework issue tracker (our old JIRA instance), we should be able
+  to look you up fine.
+* Otherwise, please ensure that you set your user email in your working
+  directory to match the email we have on file with your CLA. This can be done
+  with the following
+
+  ```sh
+  % git config user.email "your-email@example.org"
+  ```
+
+  We can then look up your CLA status based on your commits.
+
+If we cannot determine your CLA status, we will ask in a comment on the pull
+request for either your username or email.
+
+## Keeping Up-to-Date
+
+Periodically, you should update your fork or personal repository to
+match the canonical ZF repository. In each of the above setups, we have
+added a remote to the Zend Framework repository, which allows you to do
+the following:
+
+
+```sh
+% git checkout master
+% git pull zf1 master
+- OPTIONALLY, to keep your remote up-to-date -
+% git push origin
+```
+
+## Working on Zend Framework
+
+When working on Zend Framework, we recommend you do each new feature or
+bugfix in a new branch. This simplifies the task of code review as well
+as of merging your changes into the canonical repository.
+
+A typical work flow will then consist of the following:
+
+ 1. Create a new local branch based off your master branch.
+ 2. Switch to your new local branch. (This step can be combined with the
+    previous step with the use of `git checkout -b`.)
+ 3. Do some work, commit, repeat as necessary.
+ 4. Push the local branch to your remote repository.
+ 5. Send a pull request.
+
+The mechanics of this process are actually quite trivial. Below, we will
+create a branch for fixing an issue in the tracker.
+
+```sh
+% git checkout -b zf9295
+Switched to a new branch 'zf9295'
+```
+... do some work ...
+
+```sh
+% git commit
+```
+... write your log message ...
+
+```sh
+% git push origin HEAD:zf9295
+Counting objects: 38, done.
+Delta compression using up to 2 threads.
+Compression objects: 100% (18/18), done.
+Writing objects: 100% (20/20), 8.19KiB, done.
+Total 20 (delta 12), reused 0 (delta 0)
+To ssh://git@github.com/weierophinney/zf1.git
+   b5583aa..4f51698  HEAD -> master
+```
+
+
+To send a pull request, you have two options.
+
+If using GitHub, you can do the pull request from there. Navigate to
+your repository, select the branch you just created, and then select the
+"Pull Request" button in the upper right. Select the user
+"zendframework" as the recipient.
+
+If using your own repository - or even if using GitHub - you can send an
+email indicating you have changes to pull:
+
+ -  Send to <zf-devteam@zend.com>
+
+ -  In your message, specify:
+     -  The URL to your repository (e.g., `git://mwop.net/zf1.git`)
+     -  The branch containing the changes you want pulled (e.g., `zf9295`)
+     -  The nature of the changes (e.g., `implements
+        Zend_Service_Twitter`, `fixes ZF-9295`, etc.)
+
+### What branch to issue the pull request against?
+
+Which branch should you issue a pull request against?
+
+- For fixes against the stable release, issue the pull request against the
+  "master" branch.
+- For new features, or fixes that introduce new elements to the public API (such
+  as new public methods or properties), issue the pull request against the
+  "develop" branch.
+
+## Branch Cleanup
+
+As you might imagine, if you are a frequent contributor, you'll start to
+get a ton of branches both locally and on your remote.
+
+Once you know that your changes have been accepted to the master
+repository, we suggest doing some cleanup of these branches.
+
+ -  Local branch cleanup
+
+    ```sh
+    % git branch -d <branchname>
+    ```
+
+ -  Remote branch removal
+
+    ```sh
+    % git push origin :<branchname>
+    ```
+
+
+## FEEDS AND EMAILS
+
+RSS feeds may be found at:
+
+`https://github.com/zendframework/zf1/commits/<branch>.atom`
+
+where &lt;branch&gt; is a branch in the repository.
+
+To subscribe to git email notifications, simply watch or fork the zf1 repository
+on GitHub.
+
+## CONTRIBUTORS AND COMMITTERS
+
+Both Zend's internal Zend Framework team and the members of the Community Review
+team have push privileges to the ZF1 repository. Additionally, a number of
+members of the community have been vetted to merge pull requests. When in doubt,
+hop into Freenode IRC, and ask in the #zftalk.dev channel for somebody to review
+and/or merge your change.

README.txt

@@ -1,19 +1,114 @@
 Welcome to the Zend Framework 1.12 Release! 
 
 RELEASE INFORMATION
----------------
+===================
+
 Zend Framework 1.12.4dev Release ([INSERT REV NUM HERE]).
-Released on MMMMM DD, YYYY
+Released on <Month> <Day>, <Year>.
+
+IMPORTANT FIXES FOR 1.12.3
+--------------------------
+
+This release incorporates is primarily aimed to update
+Zend_Service_Twitter to the Twitter v1.1 API:
+
+ - http://framework.zend.com/issues/browse/ZF-12530
 
-IMPORTANT FIXES FOR 1.12.4
+Because the Twitter v1.1 API is not backwards compatible with v1.0, the
+API for Zend_Service_Twitter has been changed; if you have been using it
+previously, you will need to update your code accordingly. Both the
+end-user and API documentation have been updated to reflect the changes.
+
+IMPORTANT FIXES FOR 1.12.2
 --------------------------
 
+This release incorporates over 40 bugfixes. In particular, the following
+issue has been resolved in Zend_Service_Twitter:
+
+ - http://framework.zend.com/issues/browse/ZF-9253
+
+This fix ensures that Zend_Service_Twitter uses the new versioned API 
+endpoint required by Twitter.
+
+SECURITY FIXES FOR 1.12.1
+-------------------------
+
+This release incorporates fixes for:
+
+ - http://framework.zend.com/security/advisory/ZF2012-05
+
+Zend_Feed_Rss and Zend_Feed_Atom were found to contain XML eXternal
+Entity (XXE) Injection vectors due to insecure usage of the DOM
+extension.  External entities could be specified by adding a specific
+DOCTYPE element to XML-RPC requests; exploiting this vulnerability could
+coerce opening arbitrary files and/or TCP connections.
+
+A similar issue was fixed for 1.12.0, in the Zend_Feed::import() method;
+however, the reporter of the issue discovered that the individual
+classes contained similar functionality in their constructors which
+remained vulnerable.
+
+The patch applied removes the XXE vector by calling
+libxml_disable_entity_loader() before attempting to parse the feed via
+DOMDocument::loadXML().
+
+The above patches are also available in the 1.11 series of releases.
+
+Thanks goes to Yury Dyachenko at Positive Research Center for for
+reporting the XXE vulnerability and reviewing the patches created to fix
+the issue.
+
+SECURITY FIXES FOR 1.12.0
+-------------------------
+
+This release incorporates fixes for each of:
+
+ - http://framework.zend.com/security/advisory/ZF2012-01
+ - http://framework.zend.com/security/advisory/ZF2012-02
+
+Several components were found to be vulnerable to XML eXternal Entity
+(XXE) Injection attacks due to insecure usage of the SimpleXMLElement
+class (SimpleXML PHP extension).  External entities could be specified
+by adding a specific DOCTYPE element to XML-RPC requests; exploiting
+this vulnerability could coerce opening arbitrary files and/or TCP
+connections.
+
+Additionally, these same components were found to be vulnerable to XML
+Entity Expansion (XEE) vectors. XEE attacks define custom entities
+within the DOCTYPE that refer to themselves, leading to recursion; the
+end result is excessive consumption of CPU and RAM, making Denial of
+Service (DoS) attacks easier to implement.
+
+Vulnerable components included:
+
+ - Zend_Dom
+ - Zend_Feed
+ - Zend_Soap
+ - Zend_XmlRpc
+
+The patches applied do the following:
+
+ - To remove XXE vectors, libxml_disable_entity_loader() is called
+   before any SimpleXML calls are executed.
+
+ - To remove XEE vectors, we loop through the DOMDocument child nodes,
+   ensuring none are of type XML_DOCUMENT_TYPE_NODE, and raising an
+   exception if any are. If SimpleXML is used, a DOMDocument is created
+   first, processed as above, and then passed to simplexml_import_dom.
+
+The above patches are also available in the 1.11 series of releases.
+
+Thanks goes to Johannes Greil and Kestutis Gudinavicius of SEC-Consult
+for reporting the original XXE vulnerability against Zend_XmlRpc and
+working with us to provide a working solution. Thanks goes to Pádraic
+Brady for helping us identify other XXE vectors, as well as identifying
+and patching the XEE vectors.
 
 NEW FEATURES
 ============
 
 Zend_Loader changes
-----
+-------------------
 
 A number of autoloaders and autoloader facilities were back ported from
 ZF2 to provide performant alternatives to those already available in the
@@ -30,7 +125,7 @@ The Zend_Loader changes were back ported from ZF2 by Matthew Weier
 O’Phinney
 
 Zend_EventManager
-----
+-----------------
 
 Zend_EventManager is a component that allows you to attach and detach
 listeners to named events, both on a per-instance basis as well as via
@@ -40,7 +135,7 @@ listeners.
 Zend_EventManager was back ported from ZF2 by Matthew Weier O’Phinney
 
 Zend_Http_UserAgent_Features_Adapter_Browscap
-----
+---------------------------------------------
 
 This class provides a features adapter that calls get_browser() in order
 to discover mobile device capabilities to inject into UserAgent device
@@ -57,7 +152,7 @@ Zend_Http_UserAgent_Features_Adapter_Browscap was created by Matthew
 Weier O’Phinney
 
 Zend_Mobile_Push
-----
+----------------
 
 Zend_Mobile_Push is a component for implementing push notifications for
 the 3 major push notification platforms (Apple (Apns), Google (C2dm) and
@@ -66,7 +161,7 @@ Microsoft (Mpns).
 Zend_Mobile_Push was contributed by Mike Willbanks.
 
 Zend_Gdata_Analytics
-----
+--------------------
 
 Zend_Gdata_Analytics is an extension to Zend_Gdata to allow interaction
 with Google’s Analytics Data Export API. This extension does not
@@ -79,7 +174,7 @@ Removed features
 ================
 
 Zend_Http_UserAgent_Features_Adapter_WurflApi
-----
+---------------------------------------------
 
 Due to the changes in licensing of WURFL, we have removed the WurflApi
 adapter. We will be providing the WurflApi adapter to ScientiaMobile so
@@ -99,14 +194,14 @@ For a complete list, visit:
  * http://framework.zend.com/changelog/
 
 MIGRATION NOTES
----------------
+===============
 
 A detailed list of migration notes may be found at:
 
 http://framework.zend.com/manual/en/migration.html
 
 SYSTEM REQUIREMENTS
--------------------
+===================
 
 Zend Framework requires PHP 5.2.11 or later. Please see our reference
 guide for more detailed system requirements:
@@ -114,12 +209,22 @@ guide for more detailed system requirements:
 http://framework.zend.com/manual/en/requirements.html
 
 INSTALLATION
-------------
+============
+
+Please see [INSTALL.txt](INSTALL.txt).
 
-Please see INSTALL.txt.
+REPOSITORY HISTORY
+==================
+
+This repository was created based on the release-1.12 branch of a Subversion
+repository, http://framework.zend.com/svn/framework/standard/. It contains a
+subset of the project history, dating from between the 1.5.0 and 1.6.0 releases,
+and only contains the tags for the 1.12 series. If you would like an older
+version, you may access the subversion repository linked above, or download an
+older version from http://framework.zend.com/downloads/archives.
 
 QUESTIONS AND FEEDBACK
-----------------------
+======================
 
 Online documentation can be found at http://framework.zend.com/manual.
 Questions that are not addressed in the manual should be directed to the
@@ -134,17 +239,18 @@ Framework issue tracker at:
 http://framework.zend.com/issues
 
 If you would like to be notified of new releases, you can subscribe to
-the fw-announce mailing list by sending a blank message to
+the fw-announce mailing list by sending a blank message to:
+
 fw-announce-subscribe@lists.zend.com.
 
 LICENSE
--------
+=======
 
 The files in this archive are released under the Zend Framework license.
-You can find a copy of this license in LICENSE.txt.
+You can find a copy of this license in [LICENSE.txt](LICENSE.txt).
 
 ACKNOWLEDGEMENTS
-----------------
+================
 
 The Zend Framework team would like to thank all the contributors to the Zend
 Framework project, our corporate sponsor, and you, the Zend Framework user.

composer.json

@@ -24,15 +24,7 @@
     },
     "extra": {
         "branch-alias": {
-            "dev-trunk": "1.12.x-dev",
-            "dev-release-1.0": "1.0.x-dev",
-            "dev-release-1.5": "1.5.x-dev",
-            "dev-release-1.6": "1.6.x-dev",
-            "dev-release-1.7": "1.7.x-dev",
-            "dev-release-1.8": "1.8.x-dev",
-            "dev-release-1.9": "1.9.x-dev",
-            "dev-release-1.10": "1.10.x-dev",
-            "dev-release-1.11": "1.11.x-dev"
+            "dev-master": "1.12.x-dev",
         }
     }
 }