Change logs for php7.2 source package in Disco

  • php7.2 (7.2.19-0ubuntu0.19.04.1) disco-security; urgency=medium
    
      * Updated to 7.2.19 to fix multiple security issues.
        - CVE-2019-11036
        - CVE-2019-11039
        - CVE-2019-11040
      * Refreshed patches:
        - debian/patches/0039-hack-phpdbg-to-explicitly-link-with-libedit.patch
    
     -- Marc Deslauriers <email address hidden>  Tue, 04 Jun 2019 10:44:42 -0400
  • php7.2 (7.2.17-0ubuntu0.19.04.1) disco-security; urgency=medium
    
      * Updated to 7.2.17 to fix multiple security issues.
        - CVE-2019-11034
        - CVE-2019-11035
      * Refreshed patches:
        - debian/patches/0013-Add-support-for-use-of-the-system-timezone-database.patch
      * Removed patches included in new version:
        - debian/patches/0049-ext-intl-Use-pkg-config-to-detect-icu.patch
        - debian/patches/CVE-2019-9637.patch
        - debian/patches/CVE-2019-9638-and-CVE-2019-9639-1.patch
        - debian/patches/CVE-2019-9638-and-CVE-2019-9639-2.patch
        - debian/patches/CVE-2019-9640.patch
        - debian/patches/CVE-2019-9641.patch
        - debian/patches/CVE-2019-9675.patch
    
     -- Marc Deslauriers <email address hidden>  Thu, 18 Apr 2019 14:01:25 -0400
  • php7.2 (7.2.15-0ubuntu3) disco; urgency=medium
    
      * SECURITY UPDATE: Unauthorized users access
        - debian/patches/CVE-2019-9637.patch: fix in
          main/streams/plain_wrapper.c.
        - CVE-2019-9637
      * SECURITY UPDATE: Invalid read in exif_process_IFD_MAKERNOTE
        - debian/patches/CVE-2019-9638-and-CVE-2019-9639-*.patch: fix in
          ext/exif/exif.c, added tests in ext/exif/tests/bug77563.jpg,
          ext/exif/tests/bug77563.phpt.
        - CVE-2019-9638
        - CVE-2019-9639
      * SECURITY UPDATE: Invalid read
        - debian/patches/CVE-2019-9640.patch: fix in
          ext/exif/exif.c, added tests in ext/exif/tests/bug77540.jpg,
          ext/exif/tests/bug77540.phpt.
        - CVE-2019-9640
      * SECURITY UPDATE: Unitialized read
        - debian/patches/CVE-2019-9641.patch: fix in ext/exif/exif.c.
        - CVE-2019-9641
      * SECURITY UPDATE: Buffer overflow
        - debian/patches/CVE-2019-9675.patch: fix in
          ext/phar/tar.c, added tests in ext/phar/tests/bug71488.phpt,
          ext/phar/tests/bug77586,phpt, ext/phar/tests/bug77586/files/*.
    
     -- <email address hidden> (Leonidas S. Barbosa)  Wed, 27 Mar 2019 08:36:37 -0300
  • php7.2 (7.2.15-0ubuntu2) disco; urgency=medium
    
      * Fixup ICU handling
        - d/p/0050-intl-namespacing.patch: Reverted (removed)
        - d/p/0050-recommended-way-for-icu-namespace.patch: Use recommended way to
          handle the icu namespace
        - d/p/0051-Simplify-namespace-access.patch: Simplify ICU namespace access
        - d/p/0052-recommended-opts-for-unicodestring-ctor.patch: Use recommended
          options for explicit UnicodeString constructors
        - d/p/0053-use-non-deprecated-icu-api.patch: Move to non deprecated API on
          suitable ICU versions
        - d/p/0054-recommended-way-for-headers-symbols.patch: Use recommended way
          to handle utf*.h headers and obsolete symbols
        - d/p/0055-use-newer-icu-api.patch: Replace the deprecated API by the newer
          one available with ICU 56+
      * d/p/0056-disable-ext-curl-tests-bug48203_multi.patch: Temporarily
        disable ext/curl/tests/bug48203_multi.phpt to get tests reliably
        passing in disco.
    
    php7.2 (7.2.15-0ubuntu1) disco; urgency=medium
    
      * Import 7.2.15 from upstream (LP: #1815464)
        - d/p/0001-0047 copied from cosmic-security 7.2.15-0ubuntu0.18.10.1.
          The changes are trivial, except that upstream cleared trailing
          whitespace in the source, which caused the patches to no longer apply.
        - d/p/0048 has been kept because it was present in existing disco 7.2.11
          release (bionic and cosmic changes were based off 7.2.10).
        - d/p/0049-ext-intl-Use-pkg-config-to-detect-icu.patch: Add patch to use
          pkg-config instead of icu-config to detect icu libraries (From debian
          patch to 7.3.1-2, closing 916110)
        - d/p/0050-intl-namespacing.patch: Update intl code to use c++ namespaces
          required by API of the latest libicu in disco. Upstream changes were
          spread over too many interspersed commits, so this was gleaned from a
          snapshot of 7.3.
    
     -- Karl Stenerud <email address hidden>  Thu, 19 Mar 2019 17:28:20 +0100
  • php7.2 (7.2.15-0ubuntu1) disco; urgency=medium
    
      * Import 7.2.15 from upstream (LP: #1815464)
        - d/p/0001-0047 copied from cosmic-security 7.2.15-0ubuntu0.18.10.1.
          The changes are trivial, except that upstream cleared trailing
          whitespace in the source, which caused the patches to no longer apply.
        - d/p/0048 has been kept because it was present in existing disco 7.2.11
          release (bionic and cosmic changes were based off 7.2.10).
        - d/p/0049-ext-intl-Use-pkg-config-to-detect-icu.patch: Add patch to use
          pkg-config instead of icu-config to detect icu libraries (From debian
          patch to 7.3.1-2, closing 916110)
        - d/p/0050-intl-namespacing.patch: Update intl code to use c++ namespaces
          required by API of the latest libicu in disco. Upstream changes were
          spread over too many interspersed commits, so this was gleaned from a
          snapshot of 7.3.
    
     -- Karl Stenerud <email address hidden>  Tue, 26 Feb 2019 16:21:30 +0100
  • php7.2 (7.2.11-3build2) disco; urgency=medium
    
      * No-change rebuild against latest libzip
    
     -- Jeremy Bicha <email address hidden>  Mon, 26 Nov 2018 08:08:29 -0500
  • php7.2 (7.2.11-3build1) disco; urgency=medium
    
      * No-change rebuild for icu soname change.
    
     -- Matthias Klose <email address hidden>  Tue, 13 Nov 2018 09:18:38 +0100
  • php7.2 (7.2.11-3) unstable; urgency=medium
    
      * Remove libmcrypt-dev from Build-Depends
      * Add patch to use pkg-config for FreeType2 detection (Closes: #911459)
    
     -- Ondřej Surý <email address hidden>  Thu, 25 Oct 2018 06:40:02 +0000
  • php7.2 (7.2.10-0ubuntu1) cosmic; urgency=medium
    
      * SECURITY UPDATE: Update to 7.2.10 to fix security issues
        - CVE-2015-9253
        - CVE-2018-14851
        - CVE-2018-14883
    
     -- Marc Deslauriers <email address hidden>  Thu, 13 Sep 2018 09:38:55 -0400