php5 5.6.9+dfsg-1ubuntu1 source package in Ubuntu
Changelog
php5 (5.6.9+dfsg-1ubuntu1) wily; urgency=medium
* Merge from Debian. Remaining changes:
- d/control: drop Build-Depends that are in universe: firebird-dev,
libc-client-dev, libmcrypt-dev, libonig-dev, libqdbm-dev.
- d/rules: drop configuration of packages that are in universe: qdgm, onig.
- d/rules: drop CONFIGURE_APACHE_ARGS settings since now we don't build
interbase or firebird.
- d/control: drop binary packages php5-imap, php5-interbase and php5-mcrypt
since we have separate versions in universe.
- d/modulelist: drop imap, interbase and mcrypt since we have separate
versions in universe.
- d/rules: drop configuration of imap and mcrypt since we have separate
versions in universe.
- d/source_php5.py, d/rules: add apport hook.
- d/control: switch Build-Depends of netcat-traditional to netcat-openbsd
as only the latter is in main.
* Dropped changes:
- patches included in new upstream version: CVE-2014-9427.patch,
CVE-2014-9652.patch, CVE-2015-0231.patch, CVE-2015-0232.patch,
CVE-2015-1351.patch, CVE-2015-1352.patch, remove_readelf.patch,
CVE-2014-9705.patch, CVE-2015-0273.patch, CVE-2015-2301.patch,
CVE-2015-2305.patch, CVE-2015-2331.patch, CVE-2015-2348.patch,
CVE-2015-2787.patch, CVE-2015-2783.patch, bug69218.patch,
bug69441.patch.
* SECURITY UPDATE: more missing file path null byte checks
- debian/patches/CVE-2015-4598.patch: add missing checks to
ext/dom/document.c, ext/gd/gd.c, fix test in
ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt.
- CVE-2015-4598
* SECURITY UPDATE: arbitrary code execution via ftp server long reply to
a LIST command
- debian/patches/CVE-2015-4643.patch: prevent overflow check bypass in
ext/ftp/ftp.c.
- CVE-2015-4643
* SECURITY UPDATE: denial of service via php_pgsql_meta_data
- debian/patches/CVE-2015-4644.patch: check return value in
ext/pgsql/pgsql.c, add test to ext/pgsql/pg_insert_002.phpt.
- CVE-2015-4644
php5 (5.6.9+dfsg-1) unstable; urgency=medium
* New upstream version 5.6.9+dfsg
- Core:
. Fixed bug #69467 (Wrong checked for the interface by using Trait).
. Fixed bug #69420 (Invalid read in zend_std_get_method).
. Fixed bug #60022 ("use statement [...] has no effect" depends on
leading backslash).
. Fixed bug #67314 (Segmentation fault in gc_remove_zval_from_buffer).
. Fixed bug #68652 (segmentation fault in destructor).
. Fixed bug #69419 (Returning compatible sub generator produces a
warning).
. Fixed bug #69472 (php_sys_readlink ignores misc errors from
GetFinalPathNameByHandleA).
. Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability).
. Fixed bug #69403 (str_repeat() sign mismatch based memory corruption).
. Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+).
. Fixed bug #69522 (heap buffer overflow in unpack()).
- FTP:
. Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in
heap overflow).
- ODBC:
. Fixed bug #69354 (Incorrect use of SQLColAttributes with ODBC 3.0).
. Fixed bug #69474 (ODBC: Query with same field name from two tables
returns incorrect result).
. Fixed bug #69381 (out of memory with sage odbc driver).
- OpenSSL:
. Fixed bug #69402 (Reading empty SSL stream hangs until timeout).
- PCNTL:
. Fixed bug #68598 (pcntl_exec() should not allow null char).
- PCRE
. Upgraded pcrelib to 8.37.
- Phar:
. Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry
filename starts with null).
* Rebased patches on top of 5.6.9+dfsg version
php5 (5.6.8+dfsg-1) unstable; urgency=medium
* New upstream version 5.6.8+dfsg
- Core:
. Fixed bug #66609 (php crashes with __get() and ++ operator in some cases).
(Dmitry, Laruence)
. Fixed bug #68021 (get_browser() browser_name_regex returns non-utf-8
characters). (Tjerk)
. Fixed bug #68917 (parse_url fails on some partial urls). (Wei Dai)
. Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM
configuration options). (Anatol Belski)
. Additional fix for bug #69152 (Type confusion vulnerability in
exception::getTraceAsString). (Stas)
. Fixed bug #69210 (serialize function return corrupted data when sleep has
non-string values). (Juan Basso)
. Fixed bug #69212 (Leaking VIA_HANDLER func when exception thrown in
__call/... arg passing). (Nikita)
. Fixed bug #69221 (Segmentation fault when using a generator in combination
with an Iterator). (Nikita)
. Fixed bug #69337 (php_stream_url_wrap_http_ex() type-confusion
vulnerability). (Stas)
. Fixed bug #69353 (Missing null byte checks for paths in various PHP
extensions). (Stas)
- Apache2handler:
. Fixed bug #69218 (potential remote code execution with apache 2.4
apache2handler). (Gerrit Venema)
- cURL:
. Implemented FR#69278 (HTTP2 support). (Masaki Kagaya)
. Fixed bug #68739 (Missing break / control flow). (Laruence)
. Fixed bug #69316 (Use-after-free in php_curl related to
CURLOPT_FILE/_INFILE/_WRITEHEADER). (Laruence)
- Date:
. Fixed bug #69336 (Issues with "last day of <monthname>"). (Derick Rethans)
- Enchant:
. Fixed bug #65406 (Enchant broker plugins are in the wrong place in windows
builds). (Anatol)
- Ereg:
. Fixed bug #68740 (NULL Pointer Dereference). (Laruence)
- Fileinfo:
. Fixed bug #68819 (Fileinfo on specific file causes spurious OOM and/or
segfault). (Anatol Belski)
- Filter:
. Fixed bug #69202: (FILTER_FLAG_STRIP_BACKTICK ignored unless other
flags are used). (Jeff Welch)
. Fixed bug #69203 (FILTER_FLAG_STRIP_HIGH doesn't strip ASCII 127). (Jeff
Welch)
- OPCache:
. Fixed bug #69297 (function_exists strange behavior with OPCache on
disabled function). (Laruence)
. Fixed bug #69281 (opcache_is_script_cached no longer works). (danack)
. Fixed bug #68677 (Use After Free). (CVE-2015-1351) (Laruence)
- OpenSSL
. Fixed bugs #68853, #65137 (Buffered crypto stream data breaks IO polling
in stream_select() contexts) (Chris Wright)
. Fixed bug #69197 (openssl_pkcs7_sign handles default value incorrectly)
(Daniel Lowrey)
. Fixed bug #69215 (Crypto servers should send client CA list)
(Daniel Lowrey)
. Add a check for RAND_egd to allow compiling against LibreSSL (Leigh)
- Phar:
. Fixed bug #64343 (PharData::extractTo fails for tarball created by BSD tar).
(Mike)
. Fixed bug #64931 (phar_add_file is too restrictive on filename). (Mike)
. Fixed bug #65467 (Call to undefined method cli_arg_typ_string). (Mike)
. Fixed bug #67761 (Phar::mapPhar fails for Phars inside a path containing
".tar"). (Mike)
. Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar). (Stas)
. Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in
phar_set_inode). (Stas)
- Postgres:
. Fixed bug #68741 (Null pointer dereference). (CVE-2015-1352) (Laruence)
- SPL:
. Fixed bug #69227 (Use after free in zval_scan caused by
spl_object_storage_get_gc). (adam dot scarr at 99designs dot com)
- SOAP:
. Fixed bug #69293 (NEW segfault when using SoapClient::__setSoapHeader
(bisected, regression)). (Laruence)
- Sqlite3:
. Fixed bug #68760 (SQLITE segfaults if custom collator throws an exception).
(Dan Ackroyd)
. Fixed bug #69287 (Upgrade bundled libsqlite to 3.8.8.3). (Anatol)
. Fixed bug #66550 (SQLite prepared statement use-after-free). (Sean Heelan)
* Update d/gbp.conf to new config style
* Update patches for 5.6.8 release
* Switch to gbp pq patch management
php5 (5.6.7+dfsg-1) unstable; urgency=medium
* New upstream version 5.6.7+dfsg
- Core:
. Fixed bug #69174 (leaks when unused inner class use traits
precedence).
. Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize).
. Fixed bug #69121 (Segfault in get_current_user when script owner is
not in passwd with ZTS build).
. Fixed bug #65593 (Segfault when calling ob_start from output
buffering callback).
. Fixed bug #68986 (pointer returned by
php_stream_fopen_temporary_file not validated in memory.c).
. Fixed bug #68166 (Exception with invalid character causes segv).
. Fixed bug #69141 (Missing arguments in reflection info for some
builtin functions).
. Fixed bug #68976 (Use After Free Vulnerability in unserialize())
(CVE-2015-0231).
. Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM
configuration options).
. Fixed bug #69207 (move_uploaded_file allows nulls in path).
- CGI:
. Fixed bug #69015 (php-cgi's getopt does not see $argv).
- CLI:
. Fixed bug #67741 (auto_prepend_file messes up __LINE__).
- cURL:
. Fixed bug #69088 (PHP_MINIT_FUNCTION does not fully initialize cURL
on Win32).
. Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if
supported by libcurl.
- Ereg:
. Fixed bug #69248 (heap overflow vulnerability in regcomp.c)
(CVE-2015-2305).
- FPM:
. Fixed bug #68822 (request time is reset too early).
- ODBC:
. Fixed bug #68964 (Allowed memory size exhausted with odbc_exec).
- Opcache:
. Fixed bug #69159 (Opcache causes problem when passing a variable
variable to a function).
. Fixed bug #69125 (Array numeric string as key).
. Fixed bug #69038 (switch(SOMECONSTANT) misbehaves).
- OpenSSL:
. Fixed bug #68912 (Segmentation fault at openssl_spki_new).
. Fixed bug #61285, #68329, #68046, #41631 (encrypted streams don't
observe socket timeouts).
. Fixed bug #68920 (use strict peer_fingerprint input checks)
. Fixed bug #68879 (IP Address fields in subjectAltNames not used)
. Fixed bug #68265 (SAN match fails with trailing DNS dot)
. Fixed bug #67403 (Add signatureType to openssl_x509_parse)
. Fixed bug (#69195 Inconsistent stream crypto values across versions)
- pgsql:
. Fixed bug #68638 (pg_update() fails to store infinite values).
- Readline:
. Fixed bug #69054 (Null dereference in
readline_(read|write)_history() without parameters).
- SOAP:
. Fixed bug #69085 (SoapClient's __call() type confusion through
unserialize()).
- SPL:
. Fixed bug #69108 ("Segmentation fault" when (de)serializing
SplObjectStorage).
. Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after
calling getChildren()).
- ZIP:
. Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap
boundary) (CVE-2015-2331).
* Refresh patches for 5.6.7 release
* Pull a patch to fix SQL_DESC_OCTET_LENGTH not supported by ADS ODBC
driver (PHP#68350) from Debian wheezy PHP 5.4 branch
* Fix PHP segfault in zend_hash_find (PHP#68486)
* Move PEAR-Builder-print-info-about-php5-dev.patch to debian/ as it's
not a quilt patch
php5 (5.6.6+dfsg-2) unstable; urgency=medium
* Fix use after free in 'opcache' component of PHP (CVE-2015-1351)
* Fix NULL Pointer Deference in pgsql (CVE-2015-1352) (Closes: #777033)
php5 (5.6.6+dfsg-1) unstable; urgency=medium
* New upstream version 5.6.6+dfsg
* Pull patch from DragonFly BSD Project to limit the pattern space to
avoid a 32-bit overflow in Henry Spencer regular expressions (regex)
library (Closes: #778389)
* Update patches for 5.6.6 release
php5 (5.6.5+dfsg-2) unstable; urgency=high
* Add patch to revert upstream commit on feof that broke Horde and
others (Courtesy of Mike Gabriel) (Closes: #778374)
php5 (5.6.5+dfsg-1) unstable; urgency=medium
* New upstream version 5.6.5+dfsg
* Security vulnerabilities fixed:
+ Core
- Fixed bug #68710 (Use After Free Vulnerability in PHP's
unserialize()). (CVE-2015-0231)
+ CGI:
- Fixed bug #68618 (out of bounds read crashes
php-cgi). (CVE-2014-9427)
+ EXIF:
- Fixed bug #68799: Free called on unitialized
pointer. (CVE-2015-0232)
* Update patches for 5.6.5 release
-- Marc Deslauriers <email address hidden> Mon, 06 Jul 2015 09:05:05 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Wily
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- php
- Urgency:
- Very Urgent
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| php5_5.6.9+dfsg.orig.tar.xz | 10.9 MiB | f08927dd1bd9d3cf8036dd8564346d38c2fe9e6958b30f3779317f4257e05a0c |
| php5_5.6.9+dfsg-1ubuntu1.debian.tar.xz | 130.0 KiB | e036a314630294257b6356a8d287588560e83fef88b4b798a231580131773097 |
| php5_5.6.9+dfsg-1ubuntu1.dsc | 4.7 KiB | 5eaf3ca8a81c20e999eb931a4c954f585ddf6ee0fb11f9c8203641a1c2644cbf |
Available diffs
Binary packages built by this source
- libapache2-mod-php5: No summary available for libapache2-mod-php5 in ubuntu wily.
No description available for libapache2-mod-php5 in ubuntu wily.
- libapache2-mod-php5-dbgsym: No summary available for libapache2-mod-php5-dbgsym in ubuntu wily.
No description available for libapache2-
mod-php5- dbgsym in ubuntu wily.
- libapache2-mod-php5filter: No summary available for libapache2-mod-php5filter in ubuntu wily.
No description available for libapache2-
mod-php5filter in ubuntu wily.
- libapache2-mod-php5filter-dbgsym: No summary available for libapache2-mod-php5filter-dbgsym in ubuntu wily.
No description available for libapache2-
mod-php5filter- dbgsym in ubuntu wily.
- libphp5-embed: No summary available for libphp5-embed in ubuntu wily.
No description available for libphp5-embed in ubuntu wily.
- libphp5-embed-dbgsym: No summary available for libphp5-embed-dbgsym in ubuntu wily.
No description available for libphp5-
embed-dbgsym in ubuntu wily.
- php-pear: No summary available for php-pear in ubuntu wily.
No description available for php-pear in ubuntu wily.
- php5: No summary available for php5 in ubuntu wily.
No description available for php5 in ubuntu wily.
- php5-cgi: No summary available for php5-cgi in ubuntu wily.
No description available for php5-cgi in ubuntu wily.
- php5-cgi-dbgsym: No summary available for php5-cgi-dbgsym in ubuntu wily.
No description available for php5-cgi-dbgsym in ubuntu wily.
- php5-cli: No summary available for php5-cli in ubuntu wily.
No description available for php5-cli in ubuntu wily.
- php5-cli-dbgsym: No summary available for php5-cli-dbgsym in ubuntu wily.
No description available for php5-cli-dbgsym in ubuntu wily.
- php5-common: No summary available for php5-common in ubuntu wily.
No description available for php5-common in ubuntu wily.
- php5-common-dbgsym: No summary available for php5-common-dbgsym in ubuntu wily.
No description available for php5-common-dbgsym in ubuntu wily.
- php5-curl: No summary available for php5-curl in ubuntu wily.
No description available for php5-curl in ubuntu wily.
- php5-curl-dbgsym: No summary available for php5-curl-dbgsym in ubuntu wily.
No description available for php5-curl-dbgsym in ubuntu wily.
- php5-dbg: No summary available for php5-dbg in ubuntu wily.
No description available for php5-dbg in ubuntu wily.
- php5-dev: No summary available for php5-dev in ubuntu wily.
No description available for php5-dev in ubuntu wily.
- php5-dev-dbgsym: No summary available for php5-dev-dbgsym in ubuntu wily.
No description available for php5-dev-dbgsym in ubuntu wily.
- php5-enchant: No summary available for php5-enchant in ubuntu wily.
No description available for php5-enchant in ubuntu wily.
- php5-enchant-dbgsym: No summary available for php5-enchant-dbgsym in ubuntu wily.
No description available for php5-enchant-dbgsym in ubuntu wily.
- php5-fpm: No summary available for php5-fpm in ubuntu wily.
No description available for php5-fpm in ubuntu wily.
- php5-fpm-dbgsym: No summary available for php5-fpm-dbgsym in ubuntu wily.
No description available for php5-fpm-dbgsym in ubuntu wily.
- php5-gd: No summary available for php5-gd in ubuntu wily.
No description available for php5-gd in ubuntu wily.
- php5-gd-dbgsym: No summary available for php5-gd-dbgsym in ubuntu wily.
No description available for php5-gd-dbgsym in ubuntu wily.
- php5-gmp: No summary available for php5-gmp in ubuntu wily.
No description available for php5-gmp in ubuntu wily.
- php5-gmp-dbgsym: No summary available for php5-gmp-dbgsym in ubuntu wily.
No description available for php5-gmp-dbgsym in ubuntu wily.
- php5-intl: No summary available for php5-intl in ubuntu wily.
No description available for php5-intl in ubuntu wily.
- php5-intl-dbgsym: No summary available for php5-intl-dbgsym in ubuntu wily.
No description available for php5-intl-dbgsym in ubuntu wily.
- php5-ldap: No summary available for php5-ldap in ubuntu wily.
No description available for php5-ldap in ubuntu wily.
- php5-ldap-dbgsym: No summary available for php5-ldap-dbgsym in ubuntu wily.
No description available for php5-ldap-dbgsym in ubuntu wily.
- php5-mysql: No summary available for php5-mysql in ubuntu wily.
No description available for php5-mysql in ubuntu wily.
- php5-mysql-dbgsym: No summary available for php5-mysql-dbgsym in ubuntu wily.
No description available for php5-mysql-dbgsym in ubuntu wily.
- php5-mysqlnd: No summary available for php5-mysqlnd in ubuntu wily.
No description available for php5-mysqlnd in ubuntu wily.
- php5-mysqlnd-dbgsym: No summary available for php5-mysqlnd-dbgsym in ubuntu wily.
No description available for php5-mysqlnd-dbgsym in ubuntu wily.
- php5-odbc: No summary available for php5-odbc in ubuntu wily.
No description available for php5-odbc in ubuntu wily.
- php5-odbc-dbgsym: No summary available for php5-odbc-dbgsym in ubuntu wily.
No description available for php5-odbc-dbgsym in ubuntu wily.
- php5-pgsql: No summary available for php5-pgsql in ubuntu wily.
No description available for php5-pgsql in ubuntu wily.
- php5-pgsql-dbgsym: No summary available for php5-pgsql-dbgsym in ubuntu wily.
No description available for php5-pgsql-dbgsym in ubuntu wily.
- php5-phpdbg: No summary available for php5-phpdbg in ubuntu wily.
No description available for php5-phpdbg in ubuntu wily.
- php5-phpdbg-dbgsym: No summary available for php5-phpdbg-dbgsym in ubuntu wily.
No description available for php5-phpdbg-dbgsym in ubuntu wily.
- php5-pspell: No summary available for php5-pspell in ubuntu wily.
No description available for php5-pspell in ubuntu wily.
- php5-pspell-dbgsym: No summary available for php5-pspell-dbgsym in ubuntu wily.
No description available for php5-pspell-dbgsym in ubuntu wily.
- php5-readline: No summary available for php5-readline in ubuntu wily.
No description available for php5-readline in ubuntu wily.
- php5-readline-dbgsym: No summary available for php5-readline-dbgsym in ubuntu wily.
No description available for php5-readline-
dbgsym in ubuntu wily.
- php5-recode: No summary available for php5-recode in ubuntu wily.
No description available for php5-recode in ubuntu wily.
- php5-recode-dbgsym: No summary available for php5-recode-dbgsym in ubuntu wily.
No description available for php5-recode-dbgsym in ubuntu wily.
- php5-snmp: No summary available for php5-snmp in ubuntu wily.
No description available for php5-snmp in ubuntu wily.
- php5-snmp-dbgsym: No summary available for php5-snmp-dbgsym in ubuntu wily.
No description available for php5-snmp-dbgsym in ubuntu wily.
- php5-sqlite: No summary available for php5-sqlite in ubuntu wily.
No description available for php5-sqlite in ubuntu wily.
- php5-sqlite-dbgsym: No summary available for php5-sqlite-dbgsym in ubuntu wily.
No description available for php5-sqlite-dbgsym in ubuntu wily.
- php5-sybase: No summary available for php5-sybase in ubuntu wily.
No description available for php5-sybase in ubuntu wily.
- php5-sybase-dbgsym: No summary available for php5-sybase-dbgsym in ubuntu wily.
No description available for php5-sybase-dbgsym in ubuntu wily.
- php5-tidy: No summary available for php5-tidy in ubuntu wily.
No description available for php5-tidy in ubuntu wily.
- php5-tidy-dbgsym: No summary available for php5-tidy-dbgsym in ubuntu wily.
No description available for php5-tidy-dbgsym in ubuntu wily.
- php5-xmlrpc: No summary available for php5-xmlrpc in ubuntu wily.
No description available for php5-xmlrpc in ubuntu wily.
- php5-xmlrpc-dbgsym: No summary available for php5-xmlrpc-dbgsym in ubuntu wily.
No description available for php5-xmlrpc-dbgsym in ubuntu wily.
- php5-xsl: No summary available for php5-xsl in ubuntu wily.
No description available for php5-xsl in ubuntu wily.
- php5-xsl-dbgsym: No summary available for php5-xsl-dbgsym in ubuntu wily.
No description available for php5-xsl-dbgsym in ubuntu wily.
