php5 5.6.9+dfsg-1ubuntu1 source package in Ubuntu

Changelog

php5 (5.6.9+dfsg-1ubuntu1) wily; urgency=medium

  * Merge from Debian. Remaining changes:
    - d/control: drop Build-Depends that are in universe: firebird-dev,
      libc-client-dev, libmcrypt-dev, libonig-dev, libqdbm-dev.
    - d/rules: drop configuration of packages that are in universe: qdgm, onig.
    - d/rules: drop CONFIGURE_APACHE_ARGS settings since now we don't build
      interbase or firebird.
    - d/control: drop binary packages php5-imap, php5-interbase and php5-mcrypt
      since we have separate versions in universe.
    - d/modulelist: drop imap, interbase and mcrypt since we have separate
      versions in universe.
    - d/rules: drop configuration of imap and mcrypt since we have separate
      versions in universe.
    - d/source_php5.py, d/rules: add apport hook.
    - d/control: switch Build-Depends of netcat-traditional to netcat-openbsd
      as only the latter is in main.
  * Dropped changes:
    - patches included in new upstream version: CVE-2014-9427.patch,
      CVE-2014-9652.patch, CVE-2015-0231.patch, CVE-2015-0232.patch,
      CVE-2015-1351.patch, CVE-2015-1352.patch, remove_readelf.patch,
      CVE-2014-9705.patch, CVE-2015-0273.patch, CVE-2015-2301.patch,
      CVE-2015-2305.patch, CVE-2015-2331.patch, CVE-2015-2348.patch,
      CVE-2015-2787.patch, CVE-2015-2783.patch, bug69218.patch,
      bug69441.patch.
  * SECURITY UPDATE: more missing file path null byte checks
    - debian/patches/CVE-2015-4598.patch: add missing checks to
      ext/dom/document.c, ext/gd/gd.c, fix test in
      ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt.
    - CVE-2015-4598
  * SECURITY UPDATE: arbitrary code execution via ftp server long reply to
    a LIST command
    - debian/patches/CVE-2015-4643.patch: prevent overflow check bypass in
      ext/ftp/ftp.c.
    - CVE-2015-4643
  * SECURITY UPDATE: denial of service via php_pgsql_meta_data
    - debian/patches/CVE-2015-4644.patch: check return value in
      ext/pgsql/pgsql.c, add test to ext/pgsql/pg_insert_002.phpt.
    - CVE-2015-4644

php5 (5.6.9+dfsg-1) unstable; urgency=medium

  * New upstream version 5.6.9+dfsg
   - Core:
    . Fixed bug #69467 (Wrong checked for the interface by using Trait).
    . Fixed bug #69420 (Invalid read in zend_std_get_method).
    . Fixed bug #60022 ("use statement [...] has no effect" depends on
      leading backslash).
    . Fixed bug #67314 (Segmentation fault in gc_remove_zval_from_buffer).
    . Fixed bug #68652 (segmentation fault in destructor).
    . Fixed bug #69419 (Returning compatible sub generator produces a
      warning).
    . Fixed bug #69472 (php_sys_readlink ignores misc errors from
      GetFinalPathNameByHandleA).
    . Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability).
    . Fixed bug #69403 (str_repeat() sign mismatch based memory corruption).
    . Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+).
    . Fixed bug #69522 (heap buffer overflow in unpack()).
   - FTP:
    . Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in
      heap overflow).
   - ODBC:
    . Fixed bug #69354 (Incorrect use of SQLColAttributes with ODBC 3.0).
    . Fixed bug #69474 (ODBC: Query with same field name from two tables
      returns incorrect result).
    . Fixed bug #69381 (out of memory with sage odbc driver).
   - OpenSSL:
    . Fixed bug #69402 (Reading empty SSL stream hangs until timeout).
   - PCNTL:
    . Fixed bug #68598 (pcntl_exec() should not allow null char).
   - PCRE
    . Upgraded pcrelib to 8.37.
   - Phar:
    . Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry
      filename starts with null).
  * Rebased patches on top of 5.6.9+dfsg version

php5 (5.6.8+dfsg-1) unstable; urgency=medium

  * New upstream version 5.6.8+dfsg
   - Core:
     . Fixed bug #66609 (php crashes with __get() and ++ operator in some cases).
       (Dmitry, Laruence)
     . Fixed bug #68021 (get_browser() browser_name_regex returns non-utf-8
       characters). (Tjerk)
     . Fixed bug #68917 (parse_url fails on some partial urls). (Wei Dai)
     . Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM
       configuration options). (Anatol Belski)
     . Additional fix for bug #69152 (Type confusion vulnerability in
       exception::getTraceAsString). (Stas)
     . Fixed bug #69210 (serialize function return corrupted data when sleep has
       non-string values). (Juan Basso)
     . Fixed bug #69212 (Leaking VIA_HANDLER func when exception thrown in
       __call/... arg passing). (Nikita)
     . Fixed bug #69221 (Segmentation fault when using a generator in combination
       with an Iterator). (Nikita)
     . Fixed bug #69337 (php_stream_url_wrap_http_ex() type-confusion
       vulnerability). (Stas)
     . Fixed bug #69353 (Missing null byte checks for paths in various PHP
       extensions). (Stas)
   - Apache2handler:
     . Fixed bug #69218 (potential remote code execution with apache 2.4
       apache2handler). (Gerrit Venema)
   - cURL:
     . Implemented FR#69278 (HTTP2 support). (Masaki Kagaya)
     . Fixed bug #68739 (Missing break / control flow). (Laruence)
     . Fixed bug #69316 (Use-after-free in php_curl related to
       CURLOPT_FILE/_INFILE/_WRITEHEADER). (Laruence)
   - Date:
     . Fixed bug #69336 (Issues with "last day of <monthname>"). (Derick Rethans)
   - Enchant:
     . Fixed bug #65406 (Enchant broker plugins are in the wrong place in windows
       builds). (Anatol)
   - Ereg:
     . Fixed bug #68740 (NULL Pointer Dereference). (Laruence)
   - Fileinfo:
     . Fixed bug #68819 (Fileinfo on specific file causes spurious OOM and/or
       segfault). (Anatol Belski)
   - Filter:
     . Fixed bug #69202: (FILTER_FLAG_STRIP_BACKTICK ignored unless other
       flags are used). (Jeff Welch)
     . Fixed bug #69203 (FILTER_FLAG_STRIP_HIGH doesn't strip ASCII 127). (Jeff
       Welch)
   - OPCache:
     . Fixed bug #69297 (function_exists strange behavior with OPCache on
       disabled function). (Laruence)
     . Fixed bug #69281 (opcache_is_script_cached no longer works). (danack)
     . Fixed bug #68677 (Use After Free). (CVE-2015-1351) (Laruence)
   - OpenSSL
     . Fixed bugs #68853, #65137 (Buffered crypto stream data breaks IO polling
       in stream_select() contexts) (Chris Wright)
     . Fixed bug #69197 (openssl_pkcs7_sign handles default value incorrectly)
       (Daniel Lowrey)
     . Fixed bug #69215 (Crypto servers should send client CA list)
       (Daniel Lowrey)
     . Add a check for RAND_egd to allow compiling against LibreSSL (Leigh)
   - Phar:
     . Fixed bug #64343 (PharData::extractTo fails for tarball created by BSD tar).
       (Mike)
     . Fixed bug #64931 (phar_add_file is too restrictive on filename). (Mike)
     . Fixed bug #65467 (Call to undefined method cli_arg_typ_string). (Mike)
     . Fixed bug #67761 (Phar::mapPhar fails for Phars inside a path containing
       ".tar"). (Mike)
     . Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar). (Stas)
     . Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in
       phar_set_inode). (Stas)
   - Postgres:
     . Fixed bug #68741 (Null pointer dereference). (CVE-2015-1352) (Laruence)
   - SPL:
     . Fixed bug #69227 (Use after free in zval_scan caused by
        spl_object_storage_get_gc). (adam dot scarr at 99designs dot com)
   - SOAP:
     . Fixed bug #69293 (NEW segfault when using SoapClient::__setSoapHeader
        (bisected, regression)). (Laruence)
   - Sqlite3:
     . Fixed bug #68760 (SQLITE segfaults if custom collator throws an exception).
        (Dan Ackroyd)
     . Fixed bug #69287 (Upgrade bundled libsqlite to 3.8.8.3). (Anatol)
     . Fixed bug #66550 (SQLite prepared statement use-after-free). (Sean Heelan)
  * Update d/gbp.conf to new config style
  * Update patches for 5.6.8 release
  * Switch to gbp pq patch management

php5 (5.6.7+dfsg-1) unstable; urgency=medium

  * New upstream version 5.6.7+dfsg
   - Core:
    . Fixed bug #69174 (leaks when unused inner class use traits
      precedence).
    . Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize).
    . Fixed bug #69121 (Segfault in get_current_user when script owner is
      not in passwd with ZTS build).
    . Fixed bug #65593 (Segfault when calling ob_start from output
      buffering callback).
    . Fixed bug #68986 (pointer returned by
      php_stream_fopen_temporary_file not validated in memory.c).
    . Fixed bug #68166 (Exception with invalid character causes segv).
    . Fixed bug #69141 (Missing arguments in reflection info for some
      builtin functions).
    . Fixed bug #68976 (Use After Free Vulnerability in unserialize())
      (CVE-2015-0231).
    . Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM
      configuration options).
    . Fixed bug #69207 (move_uploaded_file allows nulls in path).
   - CGI:
    . Fixed bug #69015 (php-cgi's getopt does not see $argv).
   - CLI:
    . Fixed bug #67741 (auto_prepend_file messes up __LINE__).
   - cURL:
    . Fixed bug #69088 (PHP_MINIT_FUNCTION does not fully initialize cURL
      on Win32).
    . Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if
      supported by libcurl.
   - Ereg:
    . Fixed bug #69248 (heap overflow vulnerability in regcomp.c)
      (CVE-2015-2305).
   - FPM:
    . Fixed bug #68822 (request time is reset too early).
   - ODBC:
    . Fixed bug #68964 (Allowed memory size exhausted with odbc_exec).
   - Opcache:
    . Fixed bug #69159 (Opcache causes problem when passing a variable
      variable to a function).
    . Fixed bug #69125 (Array numeric string as key).
    . Fixed bug #69038 (switch(SOMECONSTANT) misbehaves).
   - OpenSSL:
    . Fixed bug #68912 (Segmentation fault at openssl_spki_new).
    . Fixed bug #61285, #68329, #68046, #41631 (encrypted streams don't
      observe socket timeouts).
    . Fixed bug #68920 (use strict peer_fingerprint input checks)
    . Fixed bug #68879 (IP Address fields in subjectAltNames not used)
    . Fixed bug #68265 (SAN match fails with trailing DNS dot)
    . Fixed bug #67403 (Add signatureType to openssl_x509_parse)
    . Fixed bug (#69195 Inconsistent stream crypto values across versions)
   - pgsql:
    . Fixed bug #68638 (pg_update() fails to store infinite values).
   - Readline:
    . Fixed bug #69054 (Null dereference in
      readline_(read|write)_history() without parameters).
   - SOAP:
    . Fixed bug #69085 (SoapClient's __call() type confusion through
      unserialize()).
   - SPL:
    . Fixed bug #69108 ("Segmentation fault" when (de)serializing
      SplObjectStorage).
    . Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after
      calling getChildren()).
   - ZIP:
    . Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap
      boundary) (CVE-2015-2331).
  * Refresh patches for 5.6.7 release
  * Pull a patch to fix SQL_DESC_OCTET_LENGTH not supported by ADS ODBC
    driver (PHP#68350) from Debian wheezy PHP 5.4 branch
  * Fix PHP segfault in zend_hash_find (PHP#68486)
  * Move PEAR-Builder-print-info-about-php5-dev.patch to debian/ as it's
    not a quilt patch

php5 (5.6.6+dfsg-2) unstable; urgency=medium

  * Fix use after free in 'opcache' component of PHP (CVE-2015-1351)
  * Fix NULL Pointer Deference in pgsql (CVE-2015-1352) (Closes: #777033)

php5 (5.6.6+dfsg-1) unstable; urgency=medium

  * New upstream version 5.6.6+dfsg
  * Pull patch from DragonFly BSD Project to limit the pattern space to
    avoid a 32-bit overflow in Henry Spencer regular expressions (regex)
    library (Closes: #778389)
  * Update patches for 5.6.6 release

php5 (5.6.5+dfsg-2) unstable; urgency=high

  * Add patch to revert upstream commit on feof that broke Horde and
    others (Courtesy of Mike Gabriel) (Closes: #778374)

php5 (5.6.5+dfsg-1) unstable; urgency=medium

  * New upstream version 5.6.5+dfsg
  * Security vulnerabilities fixed:
   + Core
    - Fixed bug #68710 (Use After Free Vulnerability in PHP's
      unserialize()). (CVE-2015-0231)
   + CGI:
    - Fixed bug #68618 (out of bounds read crashes
      php-cgi). (CVE-2014-9427)
   + EXIF:
    - Fixed bug #68799: Free called on unitialized
      pointer. (CVE-2015-0232)
  * Update patches for 5.6.5 release

 -- Marc Deslauriers <email address hidden>  Mon, 06 Jul 2015 09:05:05 -0400

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Wily
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
php
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
php5_5.6.9+dfsg.orig.tar.xz 10.9 MiB f08927dd1bd9d3cf8036dd8564346d38c2fe9e6958b30f3779317f4257e05a0c
php5_5.6.9+dfsg-1ubuntu1.debian.tar.xz 130.0 KiB e036a314630294257b6356a8d287588560e83fef88b4b798a231580131773097
php5_5.6.9+dfsg-1ubuntu1.dsc 4.7 KiB 5eaf3ca8a81c20e999eb931a4c954f585ddf6ee0fb11f9c8203641a1c2644cbf

View changes file

Binary packages built by this source

libapache2-mod-php5: No summary available for libapache2-mod-php5 in ubuntu wily.

No description available for libapache2-mod-php5 in ubuntu wily.

libapache2-mod-php5-dbgsym: No summary available for libapache2-mod-php5-dbgsym in ubuntu wily.

No description available for libapache2-mod-php5-dbgsym in ubuntu wily.

libapache2-mod-php5filter: No summary available for libapache2-mod-php5filter in ubuntu wily.

No description available for libapache2-mod-php5filter in ubuntu wily.

libapache2-mod-php5filter-dbgsym: No summary available for libapache2-mod-php5filter-dbgsym in ubuntu wily.

No description available for libapache2-mod-php5filter-dbgsym in ubuntu wily.

libphp5-embed: No summary available for libphp5-embed in ubuntu wily.

No description available for libphp5-embed in ubuntu wily.

libphp5-embed-dbgsym: No summary available for libphp5-embed-dbgsym in ubuntu wily.

No description available for libphp5-embed-dbgsym in ubuntu wily.

php-pear: No summary available for php-pear in ubuntu wily.

No description available for php-pear in ubuntu wily.

php5: No summary available for php5 in ubuntu wily.

No description available for php5 in ubuntu wily.

php5-cgi: No summary available for php5-cgi in ubuntu wily.

No description available for php5-cgi in ubuntu wily.

php5-cgi-dbgsym: No summary available for php5-cgi-dbgsym in ubuntu wily.

No description available for php5-cgi-dbgsym in ubuntu wily.

php5-cli: No summary available for php5-cli in ubuntu wily.

No description available for php5-cli in ubuntu wily.

php5-cli-dbgsym: No summary available for php5-cli-dbgsym in ubuntu wily.

No description available for php5-cli-dbgsym in ubuntu wily.

php5-common: No summary available for php5-common in ubuntu wily.

No description available for php5-common in ubuntu wily.

php5-common-dbgsym: No summary available for php5-common-dbgsym in ubuntu wily.

No description available for php5-common-dbgsym in ubuntu wily.

php5-curl: No summary available for php5-curl in ubuntu wily.

No description available for php5-curl in ubuntu wily.

php5-curl-dbgsym: No summary available for php5-curl-dbgsym in ubuntu wily.

No description available for php5-curl-dbgsym in ubuntu wily.

php5-dbg: No summary available for php5-dbg in ubuntu wily.

No description available for php5-dbg in ubuntu wily.

php5-dev: No summary available for php5-dev in ubuntu wily.

No description available for php5-dev in ubuntu wily.

php5-dev-dbgsym: No summary available for php5-dev-dbgsym in ubuntu wily.

No description available for php5-dev-dbgsym in ubuntu wily.

php5-enchant: No summary available for php5-enchant in ubuntu wily.

No description available for php5-enchant in ubuntu wily.

php5-enchant-dbgsym: No summary available for php5-enchant-dbgsym in ubuntu wily.

No description available for php5-enchant-dbgsym in ubuntu wily.

php5-fpm: No summary available for php5-fpm in ubuntu wily.

No description available for php5-fpm in ubuntu wily.

php5-fpm-dbgsym: No summary available for php5-fpm-dbgsym in ubuntu wily.

No description available for php5-fpm-dbgsym in ubuntu wily.

php5-gd: No summary available for php5-gd in ubuntu wily.

No description available for php5-gd in ubuntu wily.

php5-gd-dbgsym: No summary available for php5-gd-dbgsym in ubuntu wily.

No description available for php5-gd-dbgsym in ubuntu wily.

php5-gmp: No summary available for php5-gmp in ubuntu wily.

No description available for php5-gmp in ubuntu wily.

php5-gmp-dbgsym: No summary available for php5-gmp-dbgsym in ubuntu wily.

No description available for php5-gmp-dbgsym in ubuntu wily.

php5-intl: No summary available for php5-intl in ubuntu wily.

No description available for php5-intl in ubuntu wily.

php5-intl-dbgsym: No summary available for php5-intl-dbgsym in ubuntu wily.

No description available for php5-intl-dbgsym in ubuntu wily.

php5-ldap: No summary available for php5-ldap in ubuntu wily.

No description available for php5-ldap in ubuntu wily.

php5-ldap-dbgsym: No summary available for php5-ldap-dbgsym in ubuntu wily.

No description available for php5-ldap-dbgsym in ubuntu wily.

php5-mysql: No summary available for php5-mysql in ubuntu wily.

No description available for php5-mysql in ubuntu wily.

php5-mysql-dbgsym: No summary available for php5-mysql-dbgsym in ubuntu wily.

No description available for php5-mysql-dbgsym in ubuntu wily.

php5-mysqlnd: No summary available for php5-mysqlnd in ubuntu wily.

No description available for php5-mysqlnd in ubuntu wily.

php5-mysqlnd-dbgsym: No summary available for php5-mysqlnd-dbgsym in ubuntu wily.

No description available for php5-mysqlnd-dbgsym in ubuntu wily.

php5-odbc: No summary available for php5-odbc in ubuntu wily.

No description available for php5-odbc in ubuntu wily.

php5-odbc-dbgsym: No summary available for php5-odbc-dbgsym in ubuntu wily.

No description available for php5-odbc-dbgsym in ubuntu wily.

php5-pgsql: No summary available for php5-pgsql in ubuntu wily.

No description available for php5-pgsql in ubuntu wily.

php5-pgsql-dbgsym: No summary available for php5-pgsql-dbgsym in ubuntu wily.

No description available for php5-pgsql-dbgsym in ubuntu wily.

php5-phpdbg: No summary available for php5-phpdbg in ubuntu wily.

No description available for php5-phpdbg in ubuntu wily.

php5-phpdbg-dbgsym: No summary available for php5-phpdbg-dbgsym in ubuntu wily.

No description available for php5-phpdbg-dbgsym in ubuntu wily.

php5-pspell: No summary available for php5-pspell in ubuntu wily.

No description available for php5-pspell in ubuntu wily.

php5-pspell-dbgsym: No summary available for php5-pspell-dbgsym in ubuntu wily.

No description available for php5-pspell-dbgsym in ubuntu wily.

php5-readline: No summary available for php5-readline in ubuntu wily.

No description available for php5-readline in ubuntu wily.

php5-readline-dbgsym: No summary available for php5-readline-dbgsym in ubuntu wily.

No description available for php5-readline-dbgsym in ubuntu wily.

php5-recode: No summary available for php5-recode in ubuntu wily.

No description available for php5-recode in ubuntu wily.

php5-recode-dbgsym: No summary available for php5-recode-dbgsym in ubuntu wily.

No description available for php5-recode-dbgsym in ubuntu wily.

php5-snmp: No summary available for php5-snmp in ubuntu wily.

No description available for php5-snmp in ubuntu wily.

php5-snmp-dbgsym: No summary available for php5-snmp-dbgsym in ubuntu wily.

No description available for php5-snmp-dbgsym in ubuntu wily.

php5-sqlite: No summary available for php5-sqlite in ubuntu wily.

No description available for php5-sqlite in ubuntu wily.

php5-sqlite-dbgsym: No summary available for php5-sqlite-dbgsym in ubuntu wily.

No description available for php5-sqlite-dbgsym in ubuntu wily.

php5-sybase: No summary available for php5-sybase in ubuntu wily.

No description available for php5-sybase in ubuntu wily.

php5-sybase-dbgsym: No summary available for php5-sybase-dbgsym in ubuntu wily.

No description available for php5-sybase-dbgsym in ubuntu wily.

php5-tidy: No summary available for php5-tidy in ubuntu wily.

No description available for php5-tidy in ubuntu wily.

php5-tidy-dbgsym: No summary available for php5-tidy-dbgsym in ubuntu wily.

No description available for php5-tidy-dbgsym in ubuntu wily.

php5-xmlrpc: No summary available for php5-xmlrpc in ubuntu wily.

No description available for php5-xmlrpc in ubuntu wily.

php5-xmlrpc-dbgsym: No summary available for php5-xmlrpc-dbgsym in ubuntu wily.

No description available for php5-xmlrpc-dbgsym in ubuntu wily.

php5-xsl: No summary available for php5-xsl in ubuntu wily.

No description available for php5-xsl in ubuntu wily.

php5-xsl-dbgsym: No summary available for php5-xsl-dbgsym in ubuntu wily.

No description available for php5-xsl-dbgsym in ubuntu wily.