Change log for php5 package in Debian
| 1 → 75 of 250 results | First • Previous • Next • Last |
| Published in jessie-release |
php5 (5.6.33+dfsg-0+deb8u1) jessie-security; urgency=high * Add support for signed upstream tarballs * Make d/copyright machine readable * Remove repack.sh script in favour of uscan repacking * Update Vcs-* links to salsa.d.o * New upstream version 5.6.33+dfsg * Rebase patches on top of new upstream releases. -- Ondřej Surý <email address hidden> Fri, 05 Jan 2018 13:31:37 +0000
| Superseded in jessie-release |
php5 (5.6.30+dfsg-0+deb8u1) jessie-security; urgency=medium * Allow relaxed ; priority=<num> parsing (Closes: #783246) * New upstream version 5.6.30+dfsg - [CVE-2016-10158] FPE when parsing a tag format. - [CVE-2016-10159] Crash while loading hostile phar archive - [CVE-2016-10160] Memory corruption when loading hostile phar - [CVE-2016-10161] Heap out of bounds read on unserialize in finish_nested_data() * Rebase patches on top of PHP 5.6.30 -- Ondřej Surý <email address hidden> Wed, 25 Jan 2017 15:19:43 +0100
| Superseded in jessie-release |
php5 (5.6.29+dfsg-0+deb8u1) jessie-security; urgency=high * Imported Upstream version 5.6.29+dfsg * Rebase patches on top of PHP 5.6.29 release * Change Build-Depend from libsystemd-daemon-dev to libsystemd-dev -- Ondřej Surý <email address hidden> Tue, 13 Dec 2016 16:11:43 +0100
| Deleted in sid-release (Reason: None provided.) |
php5 (5.6.26+dfsg-1) unstable; urgency=medium * Imported Upstream version 5.6.26+dfsg * Rebase patches on top of PHP 5.6.26+dfsg release -- Ondřej Surý <email address hidden> Sun, 18 Sep 2016 10:59:09 +0200
| Superseded in jessie-release |
php5 (5.6.24+dfsg-0+deb8u1) jessie-security; urgency=high * Imported Upstream version 5.6.24+dfsg * Rebase patches on top of 5.6.24+dfsg release -- Ondřej Surý <email address hidden> Tue, 26 Jul 2016 10:09:22 +0200
| Superseded in sid-release |
php5 (5.6.24+dfsg-1) unstable; urgency=medium * Move -ignore_session_path to be the first argument (Closes: #830792) * Imported Upstream version 5.6.24+dfsg * Rebase patches on top of 5.6.24+dfsg release -- Ondřej Surý <email address hidden> Tue, 26 Jul 2016 09:08:21 +0200
| Superseded in sid-release |
php5 (5.6.23+dfsg-1) unstable; urgency=medium * Imported Upstream version 5.6.23+dfsg * Rebase patches on top of 5.6.23+dfsg * Adjust tidy extension for tidy-html5 -- Ondřej Surý <email address hidden> Fri, 24 Jun 2016 09:53:25 +0200
php5 (5.6.22+dfsg-2) unstable; urgency=medium * Silence errors from find caused by time race (Closes: #827370) -- Ondřej Surý <email address hidden> Wed, 15 Jun 2016 18:02:46 +0200
| Superseded in jessie-release |
php5 (5.6.20+dfsg-0+deb8u1) jessie-security; urgency=medium * Imported Upstream version 5.6.20+dfsg * Rebase patches on top of 5.6.20+dfsg release -- Ondřej Surý <email address hidden> Wed, 27 Apr 2016 13:17:22 +0200
php5 (5.6.22+dfsg-1) unstable; urgency=medium * Imported Upstream version 5.6.22+dfsg * Add Provides: php5-mysql to php5-mysqlnd (Closes: #820451) -- Ondřej Surý <email address hidden> Thu, 26 May 2016 14:18:04 +0200
php5 (5.6.21+dfsg-2) unstable; urgency=medium [ Santiago Vila ] * Make src:php5 compatible with source-only uploads (Closes: #823954) -- Ondřej Surý <email address hidden> Wed, 11 May 2016 15:55:22 +0200
php5 (5.6.21+dfsg-1) unstable; urgency=medium
* Update Vcs-* to point at pkg-php/php5.git
* Imported Upstream version 5.6.21+dfsg
* Rebase patches on top of 5.6.21+dfsg release
* Add patch to make opcache lockfile path configurable
* Replace the while loop with for loop to prevent launching subshell in
the sessionclean script
-- Ondřej Surý <email address hidden> Wed, 04 May 2016 11:44:55 +0200
php5 (5.6.20+dfsg-1) unstable; urgency=medium * Allow multiple whitespace in php5-fpm init script (Closes: #818102) * Improve conffile parsing ini the init.d script * Imported Upstream version 5.6.20+dfsg * Rebase patches on top of 5.6.20+dfsg release -- Ondřej Surý <email address hidden> Thu, 31 Mar 2016 16:51:18 +0200
| Published in wheezy-release |
php5 (5.4.45-0+deb7u2) wheezy-security; urgency=high
* Merge security updates from PHP 5.5.30 into PHP 5.4.45
- Phar:
. Fixed bug #69720 (Null pointer dereference in phar_get_fp_offset()).
. Fixed bug #70433 (Uninitialized pointer in phar_make_dirstream when
zip entry filename is "/").
* Add a notice about PHP 5.4 EOL to d/NEWS
-- Ondřej Surý <email address hidden> Sun, 04 Oct 2015 17:12:28 +0200
| Superseded in jessie-release |
php5 (5.6.19+dfsg-0+deb8u1) jessie-security; urgency=medium * Imported Upstream version 5.6.19+dfsg * Rebase patches on top of 5.6.19+dfsg release * Allow multiple whitespace in php5-fpm init script (Closes: #818102) -- Ondřej Surý <email address hidden> Mon, 07 Mar 2016 20:09:14 +0100
php5 (5.6.19+dfsg-2) unstable; urgency=medium
* Return /usr/share/php to the default include_path that got dropped
when we stopped building PEAR from this source package
(Closes: #817769)
-- Ondřej Surý <email address hidden> Fri, 11 Mar 2016 09:25:59 +0100
| Superseded in sid-release |
php5 (5.6.19+dfsg-1) unstable; urgency=medium * Imported Upstream version 5.6.19+dfsg * Rebase patches on top of 5.6.19+dfsg release * Stop building php-pear from src:php5 sources -- Ondřej Surý <email address hidden> Mon, 07 Mar 2016 21:09:11 +0100
| Superseded in sid-release |
php5 (5.6.18+dfsg-1) unstable; urgency=medium
* Imported Upstream version 5.6.18+dfsg
- Core:
. Fixed bug #71039 (exec functions ignore length but look for NULL
termination).
. Fixed bug #71089 (No check to duplicate zend_extension).
. Fixed bug #71201 (round() segfault on 64-bit builds).
. Added support for new HTTP 451 code.
. Fixed bug #71273 (A wrong ext directory setup in php.ini leads to
crash).
. Fixed bug #71323 (Output of stream_get_meta_data can be falsified by
its input).
. Fixed bug #71459 (Integer overflow in iptcembed()).
- Apache2handler:
. Fix >2G Content-Length headers in apache2handler.
- FTP:
. Implemented FR #55651 (Option to ignore the returned FTP PASV
address).
- Opcache:
. Fixed bug #71127 (Define in auto_prepend_file is overwrite).
. Fixed bug #71024 (Unable to use PHP 7.0 x64 side-by-side with
PHP 5.6 x32 on the same server).
- Phar:
. Fixed bug #71354 (Heap corruption in tar/zip/phar parser).
. Fixed bug #71391 (NULL Pointer Dereference in
phar_tar_setupmetadata()).
. Fixed bug #71488 (Stack overflow when decompressing tar archives).
- Session:
. Fixed bug #69111 (Crash in SessionHandler::read()).
- SOAP:
. Fixed bug #70979 (crash with bad soap request).
- SPL:
. Fixed bug #71204 (segfault if clean spl_autoload_funcs while
autoloading).
- WDDX:
. Fixed bug #71335 (Type Confusion in WDDX Packet Deserialization).
* Rebase patches on top of 5.6.18 release
* Add support for libtool >= 2.4.6 ltmain.sh location
-- Ondřej Surý <email address hidden> Wed, 24 Feb 2016 16:30:24 +0100
| Superseded in jessie-release |
php5 (5.6.17+dfsg-0+deb8u1) jessie; urgency=high
* Imported Upstream version 5.6.17+dfsg
- Core:
. Fixed bug #66909 (configure fails utf8_to_mutf7 test).
. Fixed bug #70958 (Invalid opcode while using ::class as trait method
parameter default value).
. Fixed bug #70957 (self::class can not be resolved with reflection
for abstract class).
. Fixed bug #70944 (try{ } finally{} can create infinite chains of
exceptions).
. Fixed bug #61751 (SAPI build problem on AIX: Undefined symbol:
php_register_internal_extensions).
- FPM:
. Fixed bug #70755 (fpm_log.c memory leak and buffer overflow).
- GD:
. Fixed bug #70976 (Memory Read via gdImageRotateInterpolated Array
Index Out of Bounds).
- Mysqlnd:
. Fixed bug #68077 (LOAD DATA LOCAL INFILE / open_basedir
restriction).
- SOAP:
. Fixed bug #70900 (SoapClient systematic out of memory error).
- Standard:
. Fixed bug #70960 (ReflectionFunction for array_unique returns wrong
number of parameters).
- PDO_Firebird:
. Fixed bug #60052 (Integer returned as a 64bit integer on X64_86).
- WDDX:
. Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet
Deserialization).
. Fixed bug #70741 (Session WDDX Packet Deserialization Type Confusion
Vulnerability).
- XMLRPC:
. Fixed bug #70728 (Type Confusion Vulnerability in
PHP_to_XMLRPC_worker()).
* Rebase patches on top of 5.6.17+dfsg release
* Make phar command versioned and use update-alternatives for 'phar'
name to allow coinstallation with src:php7.0 packages
-- Ondřej Surý <email address hidden> Fri, 08 Jan 2016 09:01:13 +0100
php5 (5.6.17+dfsg-3) unstable; urgency=medium
* Fail gracefully when other PHP module is enabled in Apache2
* php5-maintscript-helper needs update for phpdbg to fix postinst
failure
-- Ondřej Surý <email address hidden> Fri, 15 Jan 2016 09:53:46 +0100
php5 (5.6.17+dfsg-1) unstable; urgency=medium * Build-Depend just on libpng-dev * Imported Upstream version 5.6.17+dfsg * Rebase patches on top of 5.6.17 release -- Ondřej Surý <email address hidden> Fri, 08 Jan 2016 08:18:37 +0100
| Superseded in sid-release |
php5 (5.6.16+dfsg-4) unstable; urgency=medium
* Make phar command versioned and use update-alternatives for 'phar'
name to allow src:php5 packages to be co-installed with src:php7.0
-- Ondřej Surý <email address hidden> Mon, 04 Jan 2016 15:21:55 +0100
| Superseded in sid-release |
php5 (5.6.16+dfsg-3) unstable; urgency=medium
* Remove invalid patch to not reset packagingroot inside
PEAR/Command/Install.php
* Revert PEAR version to last working version from PHP 5.6.14
(Closes: #805222)
-- Ondřej Surý <email address hidden> Thu, 31 Dec 2015 14:48:43 +0100
| Deleted in experimental-release (Reason: None provided.) |
php5 (7.0) experimental; urgency=low * Convert the src:php5 package to produce transitional dummy packages -- Ondřej Surý <email address hidden> Tue, 29 Dec 2015 09:27:34 +0100
php5 (5.6.16+dfsg-2) unstable; urgency=medium
[ Jan Wagner ]
* Adding 'PHP_INI_SCAN_DIR=/etc/php5/${conf_dir}/conf.d/' to session
cleanup script when calling php
[ Ondřej Surý ]
* Add patch to not reset packagingroot inside PEAR/Command/Install.php
(Closes: #805222)
-- Ondřej Surý <email address hidden> Mon, 07 Dec 2015 17:15:51 +0100
php5 (5.6.16+dfsg-1) unstable; urgency=medium
* Imported Upstream version 5.6.16+dfsg
- Core:
. Fixed bug #70828 (php-fpm 5.6 with opcache crashes when referencing
a non-existent constant).
. Fixed bug #70748 (Segfault in ini_lex () at Zend/zend_ini_scanner.l).
- Mysqlnd:
. Fixed bug #68344 (MySQLi does not provide way to disable peer
certificate validation) by introducing
MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT connection flag.
- OCI8:
. Fixed bug #68298 (OCI int overflow).
- PDO_DBlib:
. Fixed bug #69757 (Segmentation fault on nextRowset).
- SOAP:
. Fixed bug #70875 (Segmentation fault if wsdl has no targetNamespace
attribute).
- SPL:
. Fixed bug #70852 (Segfault getting NULL offset of an ArrayObject).
* Rebase patches on top of 5.6.16+dfsg release
-- Ondřej Surý <email address hidden> Tue, 01 Dec 2015 13:21:11 +0100
php5 (5.6.15+dfsg-1) unstable; urgency=medium
* Imported Upstream version 5.6.15+dfsg
- Core:
. Fixed bug #70681 (Segfault when binding $this of internal instance
method to null).
. Fixed bug #70685 (Segfault for getClosure() internal method rebind
with invalid $this).
- Date:
. Fixed bug #70619 (DateTimeImmutable segfault).
- Mcrypt:
. Fixed bug #70625 (mcrypt_encrypt() won't return data when no IV was
specified under RC4).
- Mysqlnd:
. Fixed bug #70384 (mysqli_real_query():Unknown type 245 sent by the
server).
. Fixed bug #70572 segfault in mysqlnd_connect.
- Opcache:
. Fixed bug #70632 (Third one of segfault in gc_remove_from_buffer).
. Fixed bug #70631 (Another Segfault in gc_remove_from_buffer()).
. Fixed bug #70601 (Segfault in gc_remove_from_buffer()).
. Fixed compatibility with Windows 10 (see also bug #70652).
* Rebase patches on top of 5.6.15+dfsg
-- Ondřej Surý <email address hidden> Wed, 11 Nov 2015 12:00:46 +0100
php5 (5.6.14+dfsg-1) unstable; urgency=medium
* Imported Upstream version 5.6.14+dfsg
- Core:
. Fixed bug #70370 (Bundled libtool.m4 doesn't handle FreeBSD 10 when
building extensions).
- CLI server:
. Fixed bug #68291 (404 on urls with '+').
- DOM:
. Fixed bug #70001 (Assigning to DOMNode::textContent does additional
entity encoding).
- Mysqlnd:
. Fixed bug #70456 (mysqlnd doesn't activate TCP keep-alive when
connecting to a server).
- OpenSSL:
. Fixed bug #55259 (openssl extension does not get the DH parameters
from DH key resource).
. Fixed bug #70395 (Missing ARG_INFO for openssl_seal()).
. Fixed bug #60632 (openssl_seal fails with AES).
. Fixed bug #68312 (Lookup for openssl.cnf causes a message box).
- PDO:
. Fixed bug #70389 (PDO constructor changes unrelated variables).
- Phar:
. Fixed bug #69720 (Null pointer dereference in phar_get_fp_offset()).
. Fixed bug #70433 (Uninitialized pointer in phar_make_dirstream when
zip entry filename is "/").
- Phpdbg:
. Fix phpdbg_break_next() sometimes not breaking.
- Standard:
. Fixed bug #67131 (setcookie() conditional for empty values not met).
- Streams:
. Fixed bug #70361 (HTTP stream wrapper doesn't close keep-alive
connections).
- Zip:
. Fixed bug #70322 (ZipArchive::close() doesn't indicate errors).
* Rebase patches on top of PHP 5.6.14+dfsg
-- Ondřej Surý <email address hidden> Sun, 04 Oct 2015 17:52:54 +0200
php5 (5.6.13+dfsg-2) unstable; urgency=medium [ Justin Pasher ] * Improve sessionclean script to handle tiered and symlinked directories [ Bernat Arlandis ] * Fix the bug where sessionclean doesn't touch session files -- Ondřej Surý <email address hidden> Thu, 17 Sep 2015 10:11:18 +0200
| Superseded in sid-release |
php5 (5.6.13+dfsg-1) unstable; urgency=medium * New upstream version 5.6.13+dfsg * Refresh patches on top of 5.6.13+dfsg release -- Ondřej Surý <email address hidden> Mon, 07 Sep 2015 11:54:24 +0200
| Superseded in wheezy-release |
php5 (5.4.44-0+deb7u1) wheezy-security; urgency=medium
* New upstream version 5.4.44
- Core:
. Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive
method calls).
. Fixed bug #69892 (Different arrays compare indentical due to integer key
truncation).
. Fixed bug #70121 (unserialize() could lead to unexpected methods execution
/ NULL pointer deref).
- OpenSSL:
. Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically
secure).
- Phar:
. Improved fix for bug #69441.
. Fixed bug #70019 (Files extracted from archive may be placed outside of
destination directory).
- SOAP:
. Fixed bug #70081 (SoapClient info leak / null pointer dereference via
multiple type confusions).
- SPL:
. Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject
items).
. Fixed bug #70166 (Use After Free Vulnerability in unserialize() with
SPLArrayObject).
. Fixed bug #70168 (Use After Free Vulnerability in unserialize() with
SplObjectStorage).
. Fixed bug #70169 (Use After Free Vulnerability in unserialize() with
SplDoublyLinkedList).
* New upstream version 5.4.43
- Core:
. Fixed bug #69768 (escapeshell*() doesn't cater to !).
. Fixed bug #69874 (Can't set empty additional_headers for mail()), regression
from fix to bug #68776.
- Mysqlnd:
. Fixed bug #69669 (mysqlnd is vulnerable to BACKRONYM) (CVE-2015-3152).
- Phar:
. Fixed bug #69958 (Segfault in Phar::convertToData on invalid file).
. Fixed bug #69923 (Buffer overflow and stack smashing error in
phar_fix_filepath).
* Rebase patches on top of 5.4.44 release
-- Ondřej Surý <email address hidden> Sun, 16 Aug 2015 11:44:10 +0200
php5 (5.6.12+dfsg-1) unstable; urgency=medium * Drop explicit support for upstart (Closes: #792892) * Imported Upstream version 5.6.12+dfsg * Rebase patches using gbp pq on top of PHP 5.6.12+dfsg * Silence the MySQL library mismatch warning (Closes: #794191) -- Ondřej Surý <email address hidden> Sun, 16 Aug 2015 10:34:01 +0200
php5 (5.6.11+dfsg-1) unstable; urgency=medium * New upstream version 5.6.11+dfsg * Finish the transition to libsystemd, but allow backports (Closes: #779780) * Refresh patches using gbp pq rebase/export -- Ondřej Surý <email address hidden> Wed, 15 Jul 2015 12:47:39 +0200
php5 (5.6.9+dfsg-1) unstable; urgency=medium
* New upstream version 5.6.9+dfsg
- Core:
. Fixed bug #69467 (Wrong checked for the interface by using Trait).
. Fixed bug #69420 (Invalid read in zend_std_get_method).
. Fixed bug #60022 ("use statement [...] has no effect" depends on
leading backslash).
. Fixed bug #67314 (Segmentation fault in gc_remove_zval_from_buffer).
. Fixed bug #68652 (segmentation fault in destructor).
. Fixed bug #69419 (Returning compatible sub generator produces a
warning).
. Fixed bug #69472 (php_sys_readlink ignores misc errors from
GetFinalPathNameByHandleA).
. Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability).
. Fixed bug #69403 (str_repeat() sign mismatch based memory corruption).
. Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+).
. Fixed bug #69522 (heap buffer overflow in unpack()).
- FTP:
. Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in
heap overflow).
- ODBC:
. Fixed bug #69354 (Incorrect use of SQLColAttributes with ODBC 3.0).
. Fixed bug #69474 (ODBC: Query with same field name from two tables
returns incorrect result).
. Fixed bug #69381 (out of memory with sage odbc driver).
- OpenSSL:
. Fixed bug #69402 (Reading empty SSL stream hangs until timeout).
- PCNTL:
. Fixed bug #68598 (pcntl_exec() should not allow null char).
- PCRE
. Upgraded pcrelib to 8.37.
- Phar:
. Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry
filename starts with null).
* Rebased patches on top of 5.6.9+dfsg version
-- Ondřej Surý <email address hidden> Fri, 22 May 2015 09:35:03 +0200
php5 (5.6.7+dfsg-1) unstable; urgency=medium
* New upstream version 5.6.7+dfsg
- Core:
. Fixed bug #69174 (leaks when unused inner class use traits
precedence).
. Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize).
. Fixed bug #69121 (Segfault in get_current_user when script owner is
not in passwd with ZTS build).
. Fixed bug #65593 (Segfault when calling ob_start from output
buffering callback).
. Fixed bug #68986 (pointer returned by
php_stream_fopen_temporary_file not validated in memory.c).
. Fixed bug #68166 (Exception with invalid character causes segv).
. Fixed bug #69141 (Missing arguments in reflection info for some
builtin functions).
. Fixed bug #68976 (Use After Free Vulnerability in unserialize())
(CVE-2015-0231).
. Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM
configuration options).
. Fixed bug #69207 (move_uploaded_file allows nulls in path).
- CGI:
. Fixed bug #69015 (php-cgi's getopt does not see $argv).
- CLI:
. Fixed bug #67741 (auto_prepend_file messes up __LINE__).
- cURL:
. Fixed bug #69088 (PHP_MINIT_FUNCTION does not fully initialize cURL
on Win32).
. Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if
supported by libcurl.
- Ereg:
. Fixed bug #69248 (heap overflow vulnerability in regcomp.c)
(CVE-2015-2305).
- FPM:
. Fixed bug #68822 (request time is reset too early).
- ODBC:
. Fixed bug #68964 (Allowed memory size exhausted with odbc_exec).
- Opcache:
. Fixed bug #69159 (Opcache causes problem when passing a variable
variable to a function).
. Fixed bug #69125 (Array numeric string as key).
. Fixed bug #69038 (switch(SOMECONSTANT) misbehaves).
- OpenSSL:
. Fixed bug #68912 (Segmentation fault at openssl_spki_new).
. Fixed bug #61285, #68329, #68046, #41631 (encrypted streams don't
observe socket timeouts).
. Fixed bug #68920 (use strict peer_fingerprint input checks)
. Fixed bug #68879 (IP Address fields in subjectAltNames not used)
. Fixed bug #68265 (SAN match fails with trailing DNS dot)
. Fixed bug #67403 (Add signatureType to openssl_x509_parse)
. Fixed bug (#69195 Inconsistent stream crypto values across versions)
- pgsql:
. Fixed bug #68638 (pg_update() fails to store infinite values).
- Readline:
. Fixed bug #69054 (Null dereference in
readline_(read|write)_history() without parameters).
- SOAP:
. Fixed bug #69085 (SoapClient's __call() type confusion through
unserialize()).
- SPL:
. Fixed bug #69108 ("Segmentation fault" when (de)serializing
SplObjectStorage).
. Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after
calling getChildren()).
- ZIP:
. Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap
boundary) (CVE-2015-2331).
* Refresh patches for 5.6.7 release
* Pull a patch to fix SQL_DESC_OCTET_LENGTH not supported by ADS ODBC
driver (PHP#68350) from Debian wheezy PHP 5.4 branch
* Fix PHP segfault in zend_hash_find (PHP#68486)
* Move PEAR-Builder-print-info-about-php5-dev.patch to debian/ as it's
not a quilt patch
-- Ondřej Surý <email address hidden> Tue, 24 Mar 2015 11:19:21 +0100
php5 (5.6.6+dfsg-2) unstable; urgency=medium * Fix use after free in 'opcache' component of PHP (CVE-2015-1351) * Fix NULL Pointer Deference in pgsql (CVE-2015-1352) (Closes: #777033) -- Ondřej Surý <email address hidden> Tue, 24 Feb 2015 07:54:59 +0100
| Superseded in sid-release |
php5 (5.6.6+dfsg-1) unstable; urgency=medium
* New upstream version 5.6.6+dfsg
* Pull patch from DragonFly BSD Project to limit the pattern space to
avoid a 32-bit overflow in Henry Spencer regular expressions (regex)
library (Closes: #778389)
* Update patches for 5.6.6 release
-- Ondřej Surý <email address hidden> Fri, 20 Feb 2015 10:08:13 +0100
php5 (5.6.5+dfsg-2) unstable; urgency=high
* Add patch to revert upstream commit on feof that broke Horde and
others (Courtesy of Mike Gabriel) (Closes: #778374)
-- Ondřej Surý <email address hidden> Tue, 17 Feb 2015 09:39:33 +0100
php5 (5.6.5+dfsg-1) unstable; urgency=medium
* New upstream version 5.6.5+dfsg
* Security vulnerabilities fixed:
+ Core
- Fixed bug #68710 (Use After Free Vulnerability in PHP's
unserialize()). (CVE-2015-0231)
+ CGI:
- Fixed bug #68618 (out of bounds read crashes
php-cgi). (CVE-2014-9427)
+ EXIF:
- Fixed bug #68799: Free called on unitialized
pointer. (CVE-2015-0232)
* Update patches for 5.6.5 release
-- Ondřej Surý <email address hidden> Mon, 26 Jan 2015 12:00:58 +0100
| Superseded in wheezy-release |
php5 (5.4.36-0+deb7u1) wheezy-security; urgency=high
* New upstream version 5.4.36
+ Core:
- Upgraded crypt_blowfish to version 1.3.
- Fixed bug #68545 (NULL pointer dereference in unserialize.c).
- Fixed bug #68594 (Use after free vulnerability in
unserialize()). (CVE-2014-8142)
+ Mcrypt:
- Fixed possible read after end of buffer and use after free.
* Update patches for 5.4.36 release
* Download missing install-pear-nozlib.phar and add it as a quilt patch
* Remove extra INI file patch that added duplicate lines
* Fix lo_export to check for invalid return value (Closes: #773182)
* Fix out of bounds read that crashes php-cgi
-- Ondřej Surý <email address hidden> Sun, 21 Dec 2014 20:51:11 +0100
php5 (5.6.4+dfsg-4) unstable; urgency=medium
* Disable tests on ppc64* to workaround crashing mysql-server on ppc64el
(Workaround: #774795)
-- Ondřej Surý <email address hidden> Thu, 08 Jan 2015 15:41:29 +0100
| Deleted in experimental-release (Reason: None provided.) |
php5 (5.6.4+dfsg-3+exp1) experimental; urgency=medium * Disable tests on ppc64* to workaround crashing mysql-server on ppc64el -- Ondřej Surý <email address hidden> Thu, 08 Jan 2015 15:41:29 +0100
| Superseded in sid-release |
php5 (5.6.4+dfsg-3) unstable; urgency=medium
* Use noawait variants for deb-triggers to break the dependency loop
(Closes: #774559)
-- Ondřej Surý <email address hidden> Mon, 05 Jan 2015 14:27:19 +0100
| Superseded in sid-release |
php5 (5.6.4+dfsg-2) unstable; urgency=medium
* Pull upstream fixes for severe performance issues on pathological
input in ext/fileinfo/libmagic/ copy (CVE-2014-8116, CVE-2014-8117)
* Use ${misc:Pre-Depends} instead of hardcoded pre-dependency on dpkg
-- Ondřej Surý <email address hidden> Tue, 30 Dec 2014 22:12:33 +0100
php5 (5.6.4+dfsg-1) unstable; urgency=medium * New upstream version 5.6.4+dfsg * Update patches for 5.6.4+dfsg release -- Ondřej Surý <email address hidden> Sun, 21 Dec 2014 19:11:08 +0100
| Superseded in sid-release |
php5 (5.6.3+dfsg-1) unstable; urgency=medium
* New upstream version 5.6.3+dfsg
* Update patches for 5.6.3+dfsg release
* Fix couple of PHP-FPM bugs unsuitable for release
+ Fixed bug #68420 (listen=9000 listens to ipv6 localhost instead of
all addresses).
+ Fixed bug #68421 (access.format='%R' doesn't log ipv6 address).
+ Fixed bug #68423 (PHP-FPM will no longer load all pools).
+ Fixed bug #68428 (listen.allowed_clients is IPv4 only).
+ Fixed bug #68381 (fpm_unix_init_main ignores log_level).
* Apply patch from PHP#68104 to fix segfaults in Zend OpCache
(Closes: #754432)
-- Ondřej Surý <email address hidden> Wed, 19 Nov 2014 12:11:38 +0100
| Superseded in wheezy-release |
php5 (5.4.4-14+deb7u14) wheezy-security; urgency=high
* Non-maintainer upload by the Security Team.
* Install sessionclean script into /usr/lib/php5/
Thanks to Daniel Néri (Closes: #758774)
-- Salvatore Bonaccorso <email address hidden> Thu, 21 Aug 2014 10:15:08 +0200
php5 (5.6.2+dfsg-1) unstable; urgency=medium [ Thijs Kinkhorst ] * Checked for policy 3.9.6, no changes. [ Ondřej Surý ] * New upstream version 5.6.2+dfsg * Update patches for 5.6.2+dfsg release -- Ondřej Surý <email address hidden> Fri, 17 Oct 2014 16:22:47 +0200
| Superseded in sid-release |
php5 (5.6.1+dfsg-1) unstable; urgency=medium * New upstream version 5.6.1+dfsg -- Thijs Kinkhorst <email address hidden> Wed, 15 Oct 2014 13:25:54 +0000
php5 (5.6.0+dfsg-1) unstable; urgency=medium
* New upstream version 5.6.0+dfsg
* Drop debian/patches/gdIOCtx.patch as it's no longer needed
* Use printf instead of echo to print all SAPIS
(https://wiki.ubuntu.com/DashAsBinSh#echo)
-- Ondřej Surý <email address hidden> Thu, 28 Aug 2014 14:47:48 +0200
php5 (5.6.0~rc4+dfsg-4) unstable; urgency=medium * Remove unnoticed bashism from sessionclean script -- Ondřej Surý <email address hidden> Tue, 19 Aug 2014 17:10:40 +0200
| Superseded in sid-release |
php5 (5.6.0~rc4+dfsg-3) unstable; urgency=medium * Even more fixes and improvements to session cleaning script -- Ondřej Surý <email address hidden> Tue, 19 Aug 2014 10:46:05 +0200
| Superseded in sid-release |
php5 (5.6.0~rc4+dfsg-2) unstable; urgency=medium
* Sanitize $PATH in php5-common postinst script (Closes: #758185)
* Update the sessionclean script to only check for SAPI processes
(Courtesy of Steve Kamerman)
* Other various minor improvements in the session cleanup script
-- Ondřej Surý <email address hidden> Mon, 18 Aug 2014 12:16:56 +0200
| Superseded in sid-release |
php5 (5.6.0~rc4+dfsg-1) unstable; urgency=medium
* New upstream version 5.6.0~rc4+dfsg
* Update patches for 5.6.0~rc4+dfsg release
* Don't Recommend php5-cli when Depending on it
* Update /var/lib/php5 non-standard-dir-perm lintian override
* Remove patch that reverted upstream patch that broke mod_fastcgi
as this was fixed upstream
-- Ondřej Surý <email address hidden> Thu, 14 Aug 2014 16:54:05 +0200
| Superseded in sid-release |
php5 (5.6.0~rc3+dfsg-2) unstable; urgency=medium
* Add WARNING about the need to modify the cron job if the session
handling has been modified
* Change the default session.save_path to /var/lib/php5/sessions
* Clean session files sorted into subdirectories (Closes: #719982)
* Make sessionclean script also respect session.save_path and
session.save_handler (Closes: #720381)
* Limit the session cleanup only to sess_* files to prevent accidental
deletion of other files
* Use \0 as a new line delimiter when reading the session directory list
(Thanks Goswin Brederlow for review and tips)
* Bump debhelper compat version to v9 (Closes: #696590)
-- Ondřej Surý <email address hidden> Thu, 14 Aug 2014 15:04:08 +0200
php5 (5.6.0~rc3+dfsg-1) unstable; urgency=medium * Add dependency on libpcre3-dev in php5-dev package (PHP#67658) * New upstream version 5.6.0~rc3+dfsg * Refresh patches for 5.6.0~rc3+dfsg release -- Ondřej Surý <email address hidden> Fri, 01 Aug 2014 11:18:34 +0200
php5 (5.6.0~rc2+dfsg-5) unstable; urgency=medium
* Fix null byte suffix after keys in getallheaders() result
(Closes: #755115)
-- Ondřej Surý <email address hidden> Sun, 20 Jul 2014 16:57:51 +0200
| Published in squeeze-release |
php5 (5.3.3-7+squeeze19) squeeze-security; urgency=low * [CVE-2014-1943]: Fix segmentation fault in libmagic (Closes: #739012) -- Ondřej Surý <email address hidden> Mon, 17 Feb 2014 10:52:15 +0100
php5 (5.6.0~rc2+dfsg-4) unstable; urgency=medium [ Ondřej Surý ] * Fix invalid reportbug script directory in the php5 package (Closes: #754775) * Fix missing backslash that made php.ini-production empty (Closes: #755057) [ Andreas Schwab ] * Fix double free or corruption (!prev) on m68k (Closes: #714041) -- Ondřej Surý <email address hidden> Thu, 17 Jul 2014 12:46:05 +0200
| Superseded in wheezy-release |
php5 (5.4.4-14+deb7u11) stable-security; urgency=high * [CVE-2014-4049]: Fix potential segfault in dns_get_record() -- Ondřej Surý <email address hidden> Fri, 13 Jun 2014 15:43:03 +0200
php5 (5.6.0~rc2+dfsg-3) unstable; urgency=medium * Remove Sean Finney from Uploaders; Thanks for all the hard work! * Revert upstream patch that broke mod_fastcgi (Closes: #754384) -- Ondřej Surý <email address hidden> Fri, 11 Jul 2014 09:29:36 +0200
| Superseded in sid-release |
php5 (5.6.0~rc2+dfsg-2) unstable; urgency=medium * d/rules: Remove /usr from ./configure invocation to help multiarch * Add getallheaders() function to php5-fpm (Closes: #742497) * Install phar executable and its man page (Closes: #740876) * Move some php5-maintscript-helper messages to debug severity (Closes: #752102) * Disable expose_php in standard php.ini-production (Closes: #582204) -- Ondřej Surý <email address hidden> Wed, 09 Jul 2014 15:20:18 +0200
php5 (5.6.0~rc2+dfsg-1) unstable; urgency=medium
* New upstream version 5.6.0~rc2+dfsg
* Update patches for 5.6.0~rc2+dfsg release
* Align our patches with Fedora packaging (Courtesy of Remi Collet)
* Enable the tests again (Closes: #752099)
* Use Apache 2.4 updated Allow/Deny directives (Closes: #738959)
* Strip /usr from libedit, so the libedit is correctly found
* Hack around the configure ordering that checks for phpdbg before
checking for libedit (https://github.com/krakjoe/phpdbg/issues/103)
* Add builtin extension list to phpdbg
-- Ondřej Surý <email address hidden> Wed, 02 Jul 2014 15:50:39 +0200
| Superseded in sid-release |
php5 (5.6.0~rc1+dfsg-3) unstable; urgency=medium
* Add a duplicate signal handler to php5-fpm to issue reload on SIGHUP
(Ubuntu#1242376)
-- Ondřej Surý <email address hidden> Wed, 02 Jul 2014 11:48:34 +0200
| Superseded in sid-release |
php5 (5.6.0~rc1+dfsg-2) unstable; urgency=medium
* Pull upstream fix for phpinfo() Type Confusion Information Leak
(PHP#67498)
-- Ondřej Surý <email address hidden> Mon, 30 Jun 2014 09:28:23 +0200
php5 (5.6.0~rc1+dfsg-1) unstable; urgency=medium
* New upstream version 5.6.0~rc1+dfsg
* Add new phpdbg SAPI for easier PHP debugging
* d/repack.sh: Switch the repack script to use dpt repack from
pkg-perl-tools
-- Ondřej Surý <email address hidden> Mon, 23 Jun 2014 14:16:54 +0200
php5 (5.6.0~beta4+dfsg-4) unstable; urgency=medium * Fixed regression introduced by patch for bug #67072 * Fix regression introduce in fix for bug #67118 -- Ondřej Surý <email address hidden> Wed, 18 Jun 2014 09:51:49 +0200
php5 (5.6.0~beta4+dfsg-3) unstable; urgency=high * [CVE-2014-4049]: Fix potential segfault in dns_get_record() -- Ondřej Surý <email address hidden> Fri, 13 Jun 2014 15:21:53 +0200
| Superseded in sid-release |
php5 (5.6.0~beta4+dfsg-2) unstable; urgency=medium
* Add UPGRADING document to php5-common and list backwards incompatible
changes to d/NEWS (Closes: #750890)
-- Ondřej Surý <email address hidden> Tue, 10 Jun 2014 14:08:57 +0200
| Superseded in sid-release |
php5 (5.6.0~beta4+dfsg-1) unstable; urgency=medium [ Thijs Kinkhorst ] * Drop scary "DO NOT USE IT IN PRODUCTION" news entry. (Closes: #750682) [ Ondřej Surý ] * New upstream version 5.6.0~beta4+dfsg -- Ondřej Surý <email address hidden> Sat, 07 Jun 2014 10:07:44 +0200
php5 (5.6.0~beta3+dfsg-2) unstable; urgency=low * Remove extra wrong replacement from 5.5.0 to 5.6.0 * Drop the +lfs from phpapi we don't need it for transition anymore * Upload to unstable (start the transition period) -- Ondřej Surý <email address hidden> Wed, 28 May 2014 11:59:05 +0200
| Deleted in experimental-release (Reason: None provided.) |
php5 (5.6.0~beta3+dfsg-1) experimental; urgency=medium
* Set default listen.{owner,group} to www-data:www-data
* Add more bash magick to the dfsg repack script
* Merge some minor changes from Ubuntu
+ d/rules: export DEB_HOST_MULTIARCH properly
+ d/rules: stop mysql instance on clean just in case we failed in
tests.
+ d/tests/{cgi,cli,mod-php}: dep8 tests for common use cases.
* New upstream version 5.6.0~beta3+dfsg
* Update patches for 5.6.0~beta3+dfsg release
-- Ondřej Surý <email address hidden> Tue, 27 May 2014 16:56:30 +0200
php5 (5.5.12+dfsg-2) unstable; urgency=medium
* Set default listen.{owner,group} to www-data:www-data (Closes: #747195)
-- Ondřej Surý <email address hidden> Mon, 12 May 2014 14:22:52 +0200
php5 (5.5.12+dfsg-1) unstable; urgency=medium
* New upstream version 5.5.12+dfsg
+ [CVE-2014-0185]: Fix possible privilege escalation due to insecure
default configuration in php5-fpm.
* Update patches for 5.5.12 release
* Add a patch to fix zlib extension naming in LFS builds
(Ubuntu#1315888)
-- Ondřej Surý <email address hidden> Mon, 05 May 2014 10:20:28 +0200
| Deleted in experimental-release (Reason: None provided.) |
php5 (5.6.0~beta2+dfsg-1) experimental; urgency=medium
* Update patches for 5.6.0~beta2 release
* New upstream version 5.6.0~beta2+dfsg
* Import patch to fix zlib extension naming in LFS builds
(Ubuntu#1315888)
* Pull upstream patch to fix mysqli build when building against libmysqlclient
-- Ondřej Surý <email address hidden> Mon, 05 May 2014 12:10:08 +0200
| 1 → 75 of 250 results | First • Previous • Next • Last |
