php5 5.6.9+dfsg-1ubuntu1 source package in Ubuntu
Changelog
php5 (5.6.9+dfsg-1ubuntu1) wily; urgency=medium * Merge from Debian. Remaining changes: - d/control: drop Build-Depends that are in universe: firebird-dev, libc-client-dev, libmcrypt-dev, libonig-dev, libqdbm-dev. - d/rules: drop configuration of packages that are in universe: qdgm, onig. - d/rules: drop CONFIGURE_APACHE_ARGS settings since now we don't build interbase or firebird. - d/control: drop binary packages php5-imap, php5-interbase and php5-mcrypt since we have separate versions in universe. - d/modulelist: drop imap, interbase and mcrypt since we have separate versions in universe. - d/rules: drop configuration of imap and mcrypt since we have separate versions in universe. - d/source_php5.py, d/rules: add apport hook. - d/control: switch Build-Depends of netcat-traditional to netcat-openbsd as only the latter is in main. * Dropped changes: - patches included in new upstream version: CVE-2014-9427.patch, CVE-2014-9652.patch, CVE-2015-0231.patch, CVE-2015-0232.patch, CVE-2015-1351.patch, CVE-2015-1352.patch, remove_readelf.patch, CVE-2014-9705.patch, CVE-2015-0273.patch, CVE-2015-2301.patch, CVE-2015-2305.patch, CVE-2015-2331.patch, CVE-2015-2348.patch, CVE-2015-2787.patch, CVE-2015-2783.patch, bug69218.patch, bug69441.patch. * SECURITY UPDATE: more missing file path null byte checks - debian/patches/CVE-2015-4598.patch: add missing checks to ext/dom/document.c, ext/gd/gd.c, fix test in ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt. - CVE-2015-4598 * SECURITY UPDATE: arbitrary code execution via ftp server long reply to a LIST command - debian/patches/CVE-2015-4643.patch: prevent overflow check bypass in ext/ftp/ftp.c. - CVE-2015-4643 * SECURITY UPDATE: denial of service via php_pgsql_meta_data - debian/patches/CVE-2015-4644.patch: check return value in ext/pgsql/pgsql.c, add test to ext/pgsql/pg_insert_002.phpt. - CVE-2015-4644 php5 (5.6.9+dfsg-1) unstable; urgency=medium * New upstream version 5.6.9+dfsg - Core: . Fixed bug #69467 (Wrong checked for the interface by using Trait). . Fixed bug #69420 (Invalid read in zend_std_get_method). . Fixed bug #60022 ("use statement [...] has no effect" depends on leading backslash). . Fixed bug #67314 (Segmentation fault in gc_remove_zval_from_buffer). . Fixed bug #68652 (segmentation fault in destructor). . Fixed bug #69419 (Returning compatible sub generator produces a warning). . Fixed bug #69472 (php_sys_readlink ignores misc errors from GetFinalPathNameByHandleA). . Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability). . Fixed bug #69403 (str_repeat() sign mismatch based memory corruption). . Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). . Fixed bug #69522 (heap buffer overflow in unpack()). - FTP: . Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow). - ODBC: . Fixed bug #69354 (Incorrect use of SQLColAttributes with ODBC 3.0). . Fixed bug #69474 (ODBC: Query with same field name from two tables returns incorrect result). . Fixed bug #69381 (out of memory with sage odbc driver). - OpenSSL: . Fixed bug #69402 (Reading empty SSL stream hangs until timeout). - PCNTL: . Fixed bug #68598 (pcntl_exec() should not allow null char). - PCRE . Upgraded pcrelib to 8.37. - Phar: . Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry filename starts with null). * Rebased patches on top of 5.6.9+dfsg version php5 (5.6.8+dfsg-1) unstable; urgency=medium * New upstream version 5.6.8+dfsg - Core: . Fixed bug #66609 (php crashes with __get() and ++ operator in some cases). (Dmitry, Laruence) . Fixed bug #68021 (get_browser() browser_name_regex returns non-utf-8 characters). (Tjerk) . Fixed bug #68917 (parse_url fails on some partial urls). (Wei Dai) . Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options). (Anatol Belski) . Additional fix for bug #69152 (Type confusion vulnerability in exception::getTraceAsString). (Stas) . Fixed bug #69210 (serialize function return corrupted data when sleep has non-string values). (Juan Basso) . Fixed bug #69212 (Leaking VIA_HANDLER func when exception thrown in __call/... arg passing). (Nikita) . Fixed bug #69221 (Segmentation fault when using a generator in combination with an Iterator). (Nikita) . Fixed bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability). (Stas) . Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions). (Stas) - Apache2handler: . Fixed bug #69218 (potential remote code execution with apache 2.4 apache2handler). (Gerrit Venema) - cURL: . Implemented FR#69278 (HTTP2 support). (Masaki Kagaya) . Fixed bug #68739 (Missing break / control flow). (Laruence) . Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER). (Laruence) - Date: . Fixed bug #69336 (Issues with "last day of <monthname>"). (Derick Rethans) - Enchant: . Fixed bug #65406 (Enchant broker plugins are in the wrong place in windows builds). (Anatol) - Ereg: . Fixed bug #68740 (NULL Pointer Dereference). (Laruence) - Fileinfo: . Fixed bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault). (Anatol Belski) - Filter: . Fixed bug #69202: (FILTER_FLAG_STRIP_BACKTICK ignored unless other flags are used). (Jeff Welch) . Fixed bug #69203 (FILTER_FLAG_STRIP_HIGH doesn't strip ASCII 127). (Jeff Welch) - OPCache: . Fixed bug #69297 (function_exists strange behavior with OPCache on disabled function). (Laruence) . Fixed bug #69281 (opcache_is_script_cached no longer works). (danack) . Fixed bug #68677 (Use After Free). (CVE-2015-1351) (Laruence) - OpenSSL . Fixed bugs #68853, #65137 (Buffered crypto stream data breaks IO polling in stream_select() contexts) (Chris Wright) . Fixed bug #69197 (openssl_pkcs7_sign handles default value incorrectly) (Daniel Lowrey) . Fixed bug #69215 (Crypto servers should send client CA list) (Daniel Lowrey) . Add a check for RAND_egd to allow compiling against LibreSSL (Leigh) - Phar: . Fixed bug #64343 (PharData::extractTo fails for tarball created by BSD tar). (Mike) . Fixed bug #64931 (phar_add_file is too restrictive on filename). (Mike) . Fixed bug #65467 (Call to undefined method cli_arg_typ_string). (Mike) . Fixed bug #67761 (Phar::mapPhar fails for Phars inside a path containing ".tar"). (Mike) . Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar). (Stas) . Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode). (Stas) - Postgres: . Fixed bug #68741 (Null pointer dereference). (CVE-2015-1352) (Laruence) - SPL: . Fixed bug #69227 (Use after free in zval_scan caused by spl_object_storage_get_gc). (adam dot scarr at 99designs dot com) - SOAP: . Fixed bug #69293 (NEW segfault when using SoapClient::__setSoapHeader (bisected, regression)). (Laruence) - Sqlite3: . Fixed bug #68760 (SQLITE segfaults if custom collator throws an exception). (Dan Ackroyd) . Fixed bug #69287 (Upgrade bundled libsqlite to 3.8.8.3). (Anatol) . Fixed bug #66550 (SQLite prepared statement use-after-free). (Sean Heelan) * Update d/gbp.conf to new config style * Update patches for 5.6.8 release * Switch to gbp pq patch management php5 (5.6.7+dfsg-1) unstable; urgency=medium * New upstream version 5.6.7+dfsg - Core: . Fixed bug #69174 (leaks when unused inner class use traits precedence). . Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize). . Fixed bug #69121 (Segfault in get_current_user when script owner is not in passwd with ZTS build). . Fixed bug #65593 (Segfault when calling ob_start from output buffering callback). . Fixed bug #68986 (pointer returned by php_stream_fopen_temporary_file not validated in memory.c). . Fixed bug #68166 (Exception with invalid character causes segv). . Fixed bug #69141 (Missing arguments in reflection info for some builtin functions). . Fixed bug #68976 (Use After Free Vulnerability in unserialize()) (CVE-2015-0231). . Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options). . Fixed bug #69207 (move_uploaded_file allows nulls in path). - CGI: . Fixed bug #69015 (php-cgi's getopt does not see $argv). - CLI: . Fixed bug #67741 (auto_prepend_file messes up __LINE__). - cURL: . Fixed bug #69088 (PHP_MINIT_FUNCTION does not fully initialize cURL on Win32). . Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if supported by libcurl. - Ereg: . Fixed bug #69248 (heap overflow vulnerability in regcomp.c) (CVE-2015-2305). - FPM: . Fixed bug #68822 (request time is reset too early). - ODBC: . Fixed bug #68964 (Allowed memory size exhausted with odbc_exec). - Opcache: . Fixed bug #69159 (Opcache causes problem when passing a variable variable to a function). . Fixed bug #69125 (Array numeric string as key). . Fixed bug #69038 (switch(SOMECONSTANT) misbehaves). - OpenSSL: . Fixed bug #68912 (Segmentation fault at openssl_spki_new). . Fixed bug #61285, #68329, #68046, #41631 (encrypted streams don't observe socket timeouts). . Fixed bug #68920 (use strict peer_fingerprint input checks) . Fixed bug #68879 (IP Address fields in subjectAltNames not used) . Fixed bug #68265 (SAN match fails with trailing DNS dot) . Fixed bug #67403 (Add signatureType to openssl_x509_parse) . Fixed bug (#69195 Inconsistent stream crypto values across versions) - pgsql: . Fixed bug #68638 (pg_update() fails to store infinite values). - Readline: . Fixed bug #69054 (Null dereference in readline_(read|write)_history() without parameters). - SOAP: . Fixed bug #69085 (SoapClient's __call() type confusion through unserialize()). - SPL: . Fixed bug #69108 ("Segmentation fault" when (de)serializing SplObjectStorage). . Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after calling getChildren()). - ZIP: . Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap boundary) (CVE-2015-2331). * Refresh patches for 5.6.7 release * Pull a patch to fix SQL_DESC_OCTET_LENGTH not supported by ADS ODBC driver (PHP#68350) from Debian wheezy PHP 5.4 branch * Fix PHP segfault in zend_hash_find (PHP#68486) * Move PEAR-Builder-print-info-about-php5-dev.patch to debian/ as it's not a quilt patch php5 (5.6.6+dfsg-2) unstable; urgency=medium * Fix use after free in 'opcache' component of PHP (CVE-2015-1351) * Fix NULL Pointer Deference in pgsql (CVE-2015-1352) (Closes: #777033) php5 (5.6.6+dfsg-1) unstable; urgency=medium * New upstream version 5.6.6+dfsg * Pull patch from DragonFly BSD Project to limit the pattern space to avoid a 32-bit overflow in Henry Spencer regular expressions (regex) library (Closes: #778389) * Update patches for 5.6.6 release php5 (5.6.5+dfsg-2) unstable; urgency=high * Add patch to revert upstream commit on feof that broke Horde and others (Courtesy of Mike Gabriel) (Closes: #778374) php5 (5.6.5+dfsg-1) unstable; urgency=medium * New upstream version 5.6.5+dfsg * Security vulnerabilities fixed: + Core - Fixed bug #68710 (Use After Free Vulnerability in PHP's unserialize()). (CVE-2015-0231) + CGI: - Fixed bug #68618 (out of bounds read crashes php-cgi). (CVE-2014-9427) + EXIF: - Fixed bug #68799: Free called on unitialized pointer. (CVE-2015-0232) * Update patches for 5.6.5 release -- Marc Deslauriers <email address hidden> Mon, 06 Jul 2015 09:05:05 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Wily
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- php
- Urgency:
- Very Urgent
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
php5_5.6.9+dfsg.orig.tar.xz | 10.9 MiB | f08927dd1bd9d3cf8036dd8564346d38c2fe9e6958b30f3779317f4257e05a0c |
php5_5.6.9+dfsg-1ubuntu1.debian.tar.xz | 130.0 KiB | e036a314630294257b6356a8d287588560e83fef88b4b798a231580131773097 |
php5_5.6.9+dfsg-1ubuntu1.dsc | 4.7 KiB | 5eaf3ca8a81c20e999eb931a4c954f585ddf6ee0fb11f9c8203641a1c2644cbf |
Available diffs
Binary packages built by this source
- libapache2-mod-php5: No summary available for libapache2-mod-php5 in ubuntu wily.
No description available for libapache2-mod-php5 in ubuntu wily.
- libapache2-mod-php5-dbgsym: No summary available for libapache2-mod-php5-dbgsym in ubuntu wily.
No description available for libapache2-
mod-php5- dbgsym in ubuntu wily.
- libapache2-mod-php5filter: No summary available for libapache2-mod-php5filter in ubuntu wily.
No description available for libapache2-
mod-php5filter in ubuntu wily.
- libapache2-mod-php5filter-dbgsym: No summary available for libapache2-mod-php5filter-dbgsym in ubuntu wily.
No description available for libapache2-
mod-php5filter- dbgsym in ubuntu wily.
- libphp5-embed: No summary available for libphp5-embed in ubuntu wily.
No description available for libphp5-embed in ubuntu wily.
- libphp5-embed-dbgsym: No summary available for libphp5-embed-dbgsym in ubuntu wily.
No description available for libphp5-
embed-dbgsym in ubuntu wily.
- php-pear: No summary available for php-pear in ubuntu wily.
No description available for php-pear in ubuntu wily.
- php5: No summary available for php5 in ubuntu wily.
No description available for php5 in ubuntu wily.
- php5-cgi: No summary available for php5-cgi in ubuntu wily.
No description available for php5-cgi in ubuntu wily.
- php5-cgi-dbgsym: No summary available for php5-cgi-dbgsym in ubuntu wily.
No description available for php5-cgi-dbgsym in ubuntu wily.
- php5-cli: No summary available for php5-cli in ubuntu wily.
No description available for php5-cli in ubuntu wily.
- php5-cli-dbgsym: No summary available for php5-cli-dbgsym in ubuntu wily.
No description available for php5-cli-dbgsym in ubuntu wily.
- php5-common: No summary available for php5-common in ubuntu wily.
No description available for php5-common in ubuntu wily.
- php5-common-dbgsym: No summary available for php5-common-dbgsym in ubuntu wily.
No description available for php5-common-dbgsym in ubuntu wily.
- php5-curl: No summary available for php5-curl in ubuntu wily.
No description available for php5-curl in ubuntu wily.
- php5-curl-dbgsym: No summary available for php5-curl-dbgsym in ubuntu wily.
No description available for php5-curl-dbgsym in ubuntu wily.
- php5-dbg: No summary available for php5-dbg in ubuntu wily.
No description available for php5-dbg in ubuntu wily.
- php5-dev: No summary available for php5-dev in ubuntu wily.
No description available for php5-dev in ubuntu wily.
- php5-dev-dbgsym: No summary available for php5-dev-dbgsym in ubuntu wily.
No description available for php5-dev-dbgsym in ubuntu wily.
- php5-enchant: No summary available for php5-enchant in ubuntu wily.
No description available for php5-enchant in ubuntu wily.
- php5-enchant-dbgsym: No summary available for php5-enchant-dbgsym in ubuntu wily.
No description available for php5-enchant-dbgsym in ubuntu wily.
- php5-fpm: No summary available for php5-fpm in ubuntu wily.
No description available for php5-fpm in ubuntu wily.
- php5-fpm-dbgsym: No summary available for php5-fpm-dbgsym in ubuntu wily.
No description available for php5-fpm-dbgsym in ubuntu wily.
- php5-gd: No summary available for php5-gd in ubuntu wily.
No description available for php5-gd in ubuntu wily.
- php5-gd-dbgsym: No summary available for php5-gd-dbgsym in ubuntu wily.
No description available for php5-gd-dbgsym in ubuntu wily.
- php5-gmp: No summary available for php5-gmp in ubuntu wily.
No description available for php5-gmp in ubuntu wily.
- php5-gmp-dbgsym: No summary available for php5-gmp-dbgsym in ubuntu wily.
No description available for php5-gmp-dbgsym in ubuntu wily.
- php5-intl: No summary available for php5-intl in ubuntu wily.
No description available for php5-intl in ubuntu wily.
- php5-intl-dbgsym: No summary available for php5-intl-dbgsym in ubuntu wily.
No description available for php5-intl-dbgsym in ubuntu wily.
- php5-ldap: No summary available for php5-ldap in ubuntu wily.
No description available for php5-ldap in ubuntu wily.
- php5-ldap-dbgsym: No summary available for php5-ldap-dbgsym in ubuntu wily.
No description available for php5-ldap-dbgsym in ubuntu wily.
- php5-mysql: No summary available for php5-mysql in ubuntu wily.
No description available for php5-mysql in ubuntu wily.
- php5-mysql-dbgsym: No summary available for php5-mysql-dbgsym in ubuntu wily.
No description available for php5-mysql-dbgsym in ubuntu wily.
- php5-mysqlnd: No summary available for php5-mysqlnd in ubuntu wily.
No description available for php5-mysqlnd in ubuntu wily.
- php5-mysqlnd-dbgsym: No summary available for php5-mysqlnd-dbgsym in ubuntu wily.
No description available for php5-mysqlnd-dbgsym in ubuntu wily.
- php5-odbc: No summary available for php5-odbc in ubuntu wily.
No description available for php5-odbc in ubuntu wily.
- php5-odbc-dbgsym: No summary available for php5-odbc-dbgsym in ubuntu wily.
No description available for php5-odbc-dbgsym in ubuntu wily.
- php5-pgsql: No summary available for php5-pgsql in ubuntu wily.
No description available for php5-pgsql in ubuntu wily.
- php5-pgsql-dbgsym: No summary available for php5-pgsql-dbgsym in ubuntu wily.
No description available for php5-pgsql-dbgsym in ubuntu wily.
- php5-phpdbg: No summary available for php5-phpdbg in ubuntu wily.
No description available for php5-phpdbg in ubuntu wily.
- php5-phpdbg-dbgsym: No summary available for php5-phpdbg-dbgsym in ubuntu wily.
No description available for php5-phpdbg-dbgsym in ubuntu wily.
- php5-pspell: No summary available for php5-pspell in ubuntu wily.
No description available for php5-pspell in ubuntu wily.
- php5-pspell-dbgsym: No summary available for php5-pspell-dbgsym in ubuntu wily.
No description available for php5-pspell-dbgsym in ubuntu wily.
- php5-readline: No summary available for php5-readline in ubuntu wily.
No description available for php5-readline in ubuntu wily.
- php5-readline-dbgsym: No summary available for php5-readline-dbgsym in ubuntu wily.
No description available for php5-readline-
dbgsym in ubuntu wily.
- php5-recode: No summary available for php5-recode in ubuntu wily.
No description available for php5-recode in ubuntu wily.
- php5-recode-dbgsym: No summary available for php5-recode-dbgsym in ubuntu wily.
No description available for php5-recode-dbgsym in ubuntu wily.
- php5-snmp: No summary available for php5-snmp in ubuntu wily.
No description available for php5-snmp in ubuntu wily.
- php5-snmp-dbgsym: No summary available for php5-snmp-dbgsym in ubuntu wily.
No description available for php5-snmp-dbgsym in ubuntu wily.
- php5-sqlite: No summary available for php5-sqlite in ubuntu wily.
No description available for php5-sqlite in ubuntu wily.
- php5-sqlite-dbgsym: No summary available for php5-sqlite-dbgsym in ubuntu wily.
No description available for php5-sqlite-dbgsym in ubuntu wily.
- php5-sybase: No summary available for php5-sybase in ubuntu wily.
No description available for php5-sybase in ubuntu wily.
- php5-sybase-dbgsym: No summary available for php5-sybase-dbgsym in ubuntu wily.
No description available for php5-sybase-dbgsym in ubuntu wily.
- php5-tidy: No summary available for php5-tidy in ubuntu wily.
No description available for php5-tidy in ubuntu wily.
- php5-tidy-dbgsym: No summary available for php5-tidy-dbgsym in ubuntu wily.
No description available for php5-tidy-dbgsym in ubuntu wily.
- php5-xmlrpc: No summary available for php5-xmlrpc in ubuntu wily.
No description available for php5-xmlrpc in ubuntu wily.
- php5-xmlrpc-dbgsym: No summary available for php5-xmlrpc-dbgsym in ubuntu wily.
No description available for php5-xmlrpc-dbgsym in ubuntu wily.
- php5-xsl: No summary available for php5-xsl in ubuntu wily.
No description available for php5-xsl in ubuntu wily.
- php5-xsl-dbgsym: No summary available for php5-xsl-dbgsym in ubuntu wily.
No description available for php5-xsl-dbgsym in ubuntu wily.