-
php5 (5.6.33+dfsg-0+deb8u1) jessie-security; urgency=high
* Add support for signed upstream tarballs
* Make d/copyright machine readable
* Remove repack.sh script in favour of uscan repacking
* Update Vcs-* links to salsa.d.o
* New upstream version 5.6.33+dfsg
* Rebase patches on top of new upstream releases.
-- Ondřej Surý <email address hidden> Fri, 05 Jan 2018 13:31:37 +0000
-
php5 (5.6.30+dfsg-0+deb8u1) jessie-security; urgency=medium
* Allow relaxed ; priority=<num> parsing (Closes: #783246)
* New upstream version 5.6.30+dfsg
- [CVE-2016-10158] FPE when parsing a tag format.
- [CVE-2016-10159] Crash while loading hostile phar archive
- [CVE-2016-10160] Memory corruption when loading hostile phar
- [CVE-2016-10161] Heap out of bounds read on unserialize in finish_nested_data()
* Rebase patches on top of PHP 5.6.30
-- Ondřej Surý <email address hidden> Wed, 25 Jan 2017 15:19:43 +0100
-
php5 (5.6.29+dfsg-0+deb8u1) jessie-security; urgency=high
* Imported Upstream version 5.6.29+dfsg
* Rebase patches on top of PHP 5.6.29 release
* Change Build-Depend from libsystemd-daemon-dev to libsystemd-dev
-- Ondřej Surý <email address hidden> Tue, 13 Dec 2016 16:11:43 +0100
-
php5 (5.6.24+dfsg-0+deb8u1) jessie-security; urgency=high
* Imported Upstream version 5.6.24+dfsg
* Rebase patches on top of 5.6.24+dfsg release
-- Ondřej Surý <email address hidden> Tue, 26 Jul 2016 10:09:22 +0200
-
php5 (5.6.20+dfsg-0+deb8u1) jessie-security; urgency=medium
* Imported Upstream version 5.6.20+dfsg
* Rebase patches on top of 5.6.20+dfsg release
-- Ondřej Surý <email address hidden> Wed, 27 Apr 2016 13:17:22 +0200
-
php5 (5.6.19+dfsg-0+deb8u1) jessie-security; urgency=medium
* Imported Upstream version 5.6.19+dfsg
* Rebase patches on top of 5.6.19+dfsg release
* Allow multiple whitespace in php5-fpm init script (Closes: #818102)
-- Ondřej Surý <email address hidden> Mon, 07 Mar 2016 20:09:14 +0100
-
php5 (5.6.17+dfsg-0+deb8u1) jessie; urgency=high
* Imported Upstream version 5.6.17+dfsg
- Core:
. Fixed bug #66909 (configure fails utf8_to_mutf7 test).
. Fixed bug #70958 (Invalid opcode while using ::class as trait method
parameter default value).
. Fixed bug #70957 (self::class can not be resolved with reflection
for abstract class).
. Fixed bug #70944 (try{ } finally{} can create infinite chains of
exceptions).
. Fixed bug #61751 (SAPI build problem on AIX: Undefined symbol:
php_register_internal_extensions).
- FPM:
. Fixed bug #70755 (fpm_log.c memory leak and buffer overflow).
- GD:
. Fixed bug #70976 (Memory Read via gdImageRotateInterpolated Array
Index Out of Bounds).
- Mysqlnd:
. Fixed bug #68077 (LOAD DATA LOCAL INFILE / open_basedir
restriction).
- SOAP:
. Fixed bug #70900 (SoapClient systematic out of memory error).
- Standard:
. Fixed bug #70960 (ReflectionFunction for array_unique returns wrong
number of parameters).
- PDO_Firebird:
. Fixed bug #60052 (Integer returned as a 64bit integer on X64_86).
- WDDX:
. Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet
Deserialization).
. Fixed bug #70741 (Session WDDX Packet Deserialization Type Confusion
Vulnerability).
- XMLRPC:
. Fixed bug #70728 (Type Confusion Vulnerability in
PHP_to_XMLRPC_worker()).
* Rebase patches on top of 5.6.17+dfsg release
* Make phar command versioned and use update-alternatives for 'phar'
name to allow coinstallation with src:php7.0 packages
-- Ondřej Surý <email address hidden> Fri, 08 Jan 2016 09:01:13 +0100
-
php5 (5.6.7+dfsg-1) unstable; urgency=medium
* New upstream version 5.6.7+dfsg
- Core:
. Fixed bug #69174 (leaks when unused inner class use traits
precedence).
. Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize).
. Fixed bug #69121 (Segfault in get_current_user when script owner is
not in passwd with ZTS build).
. Fixed bug #65593 (Segfault when calling ob_start from output
buffering callback).
. Fixed bug #68986 (pointer returned by
php_stream_fopen_temporary_file not validated in memory.c).
. Fixed bug #68166 (Exception with invalid character causes segv).
. Fixed bug #69141 (Missing arguments in reflection info for some
builtin functions).
. Fixed bug #68976 (Use After Free Vulnerability in unserialize())
(CVE-2015-0231).
. Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM
configuration options).
. Fixed bug #69207 (move_uploaded_file allows nulls in path).
- CGI:
. Fixed bug #69015 (php-cgi's getopt does not see $argv).
- CLI:
. Fixed bug #67741 (auto_prepend_file messes up __LINE__).
- cURL:
. Fixed bug #69088 (PHP_MINIT_FUNCTION does not fully initialize cURL
on Win32).
. Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if
supported by libcurl.
- Ereg:
. Fixed bug #69248 (heap overflow vulnerability in regcomp.c)
(CVE-2015-2305).
- FPM:
. Fixed bug #68822 (request time is reset too early).
- ODBC:
. Fixed bug #68964 (Allowed memory size exhausted with odbc_exec).
- Opcache:
. Fixed bug #69159 (Opcache causes problem when passing a variable
variable to a function).
. Fixed bug #69125 (Array numeric string as key).
. Fixed bug #69038 (switch(SOMECONSTANT) misbehaves).
- OpenSSL:
. Fixed bug #68912 (Segmentation fault at openssl_spki_new).
. Fixed bug #61285, #68329, #68046, #41631 (encrypted streams don't
observe socket timeouts).
. Fixed bug #68920 (use strict peer_fingerprint input checks)
. Fixed bug #68879 (IP Address fields in subjectAltNames not used)
. Fixed bug #68265 (SAN match fails with trailing DNS dot)
. Fixed bug #67403 (Add signatureType to openssl_x509_parse)
. Fixed bug (#69195 Inconsistent stream crypto values across versions)
- pgsql:
. Fixed bug #68638 (pg_update() fails to store infinite values).
- Readline:
. Fixed bug #69054 (Null dereference in
readline_(read|write)_history() without parameters).
- SOAP:
. Fixed bug #69085 (SoapClient's __call() type confusion through
unserialize()).
- SPL:
. Fixed bug #69108 ("Segmentation fault" when (de)serializing
SplObjectStorage).
. Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after
calling getChildren()).
- ZIP:
. Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap
boundary) (CVE-2015-2331).
* Refresh patches for 5.6.7 release
* Pull a patch to fix SQL_DESC_OCTET_LENGTH not supported by ADS ODBC
driver (PHP#68350) from Debian wheezy PHP 5.4 branch
* Fix PHP segfault in zend_hash_find (PHP#68486)
* Move PEAR-Builder-print-info-about-php5-dev.patch to debian/ as it's
not a quilt patch
-- Ondřej Surý <email address hidden> Tue, 24 Mar 2015 11:19:21 +0100
-
php5 (5.6.6+dfsg-2) unstable; urgency=medium
* Fix use after free in 'opcache' component of PHP (CVE-2015-1351)
* Fix NULL Pointer Deference in pgsql (CVE-2015-1352) (Closes: #777033)
-- Ondřej Surý <email address hidden> Tue, 24 Feb 2015 07:54:59 +0100
-
php5 (5.6.5+dfsg-2) unstable; urgency=high
* Add patch to revert upstream commit on feof that broke Horde and
others (Courtesy of Mike Gabriel) (Closes: #778374)
-- Ondřej Surý <email address hidden> Tue, 17 Feb 2015 09:39:33 +0100
-
php5 (5.6.5+dfsg-1) unstable; urgency=medium
* New upstream version 5.6.5+dfsg
* Security vulnerabilities fixed:
+ Core
- Fixed bug #68710 (Use After Free Vulnerability in PHP's
unserialize()). (CVE-2015-0231)
+ CGI:
- Fixed bug #68618 (out of bounds read crashes
php-cgi). (CVE-2014-9427)
+ EXIF:
- Fixed bug #68799: Free called on unitialized
pointer. (CVE-2015-0232)
* Update patches for 5.6.5 release
-- Ondřej Surý <email address hidden> Mon, 26 Jan 2015 12:00:58 +0100
-
php5 (5.6.4+dfsg-4) unstable; urgency=medium
* Disable tests on ppc64* to workaround crashing mysql-server on ppc64el
(Workaround: #774795)
-- Ondřej Surý <email address hidden> Thu, 08 Jan 2015 15:41:29 +0100
-
php5 (5.6.4+dfsg-1) unstable; urgency=medium
* New upstream version 5.6.4+dfsg
* Update patches for 5.6.4+dfsg release
-- Ondřej Surý <email address hidden> Sun, 21 Dec 2014 19:11:08 +0100
-
php5 (5.6.2+dfsg-1) unstable; urgency=medium
[ Thijs Kinkhorst ]
* Checked for policy 3.9.6, no changes.
[ Ondřej Surý ]
* New upstream version 5.6.2+dfsg
* Update patches for 5.6.2+dfsg release
-- Ondřej Surý <email address hidden> Fri, 17 Oct 2014 16:22:47 +0200
-
php5 (5.6.0+dfsg-1) unstable; urgency=medium
* New upstream version 5.6.0+dfsg
* Drop debian/patches/gdIOCtx.patch as it's no longer needed
* Use printf instead of echo to print all SAPIS
(https://wiki.ubuntu.com/DashAsBinSh#echo)
-- Ondřej Surý <email address hidden> Thu, 28 Aug 2014 14:47:48 +0200
-
php5 (5.6.0~rc4+dfsg-4) unstable; urgency=medium
* Remove unnoticed bashism from sessionclean script
-- Ondřej Surý <email address hidden> Tue, 19 Aug 2014 17:10:40 +0200
-
php5 (5.6.0~rc3+dfsg-1) unstable; urgency=medium
* Add dependency on libpcre3-dev in php5-dev package (PHP#67658)
* New upstream version 5.6.0~rc3+dfsg
* Refresh patches for 5.6.0~rc3+dfsg release
-- Ondřej Surý <email address hidden> Fri, 01 Aug 2014 11:18:34 +0200
-
php5 (5.6.0~rc2+dfsg-5) unstable; urgency=medium
* Fix null byte suffix after keys in getallheaders() result
(Closes: #755115)
-- Ondřej Surý <email address hidden> Sun, 20 Jul 2014 16:57:51 +0200
-
php5 (5.6.0~rc2+dfsg-4) unstable; urgency=medium
[ Ondřej Surý ]
* Fix invalid reportbug script directory in the php5 package (Closes: #754775)
* Fix missing backslash that made php.ini-production empty (Closes: #755057)
[ Andreas Schwab ]
* Fix double free or corruption (!prev) on m68k (Closes: #714041)
-- Ondřej Surý <email address hidden> Thu, 17 Jul 2014 12:46:05 +0200
-
php5 (5.6.0~rc2+dfsg-3) unstable; urgency=medium
* Remove Sean Finney from Uploaders; Thanks for all the hard work!
* Revert upstream patch that broke mod_fastcgi (Closes: #754384)
-- Ondřej Surý <email address hidden> Fri, 11 Jul 2014 09:29:36 +0200
-
php5 (5.6.0~rc2+dfsg-1) unstable; urgency=medium
* New upstream version 5.6.0~rc2+dfsg
* Update patches for 5.6.0~rc2+dfsg release
* Align our patches with Fedora packaging (Courtesy of Remi Collet)
* Enable the tests again (Closes: #752099)
* Use Apache 2.4 updated Allow/Deny directives (Closes: #738959)
* Strip /usr from libedit, so the libedit is correctly found
* Hack around the configure ordering that checks for phpdbg before
checking for libedit (https://github.com/krakjoe/phpdbg/issues/103)
* Add builtin extension list to phpdbg
-- Ondřej Surý <email address hidden> Wed, 02 Jul 2014 15:50:39 +0200
-
php5 (5.6.0~rc1+dfsg-1) unstable; urgency=medium
* New upstream version 5.6.0~rc1+dfsg
* Add new phpdbg SAPI for easier PHP debugging
* d/repack.sh: Switch the repack script to use dpt repack from
pkg-perl-tools
-- Ondřej Surý <email address hidden> Mon, 23 Jun 2014 14:16:54 +0200
-
php5 (5.6.0~beta4+dfsg-4) unstable; urgency=medium
* Fixed regression introduced by patch for bug #67072
* Fix regression introduce in fix for bug #67118
-- Ondřej Surý <email address hidden> Wed, 18 Jun 2014 09:51:49 +0200
-
php5 (5.6.0~beta4+dfsg-3) unstable; urgency=high
* [CVE-2014-4049]: Fix potential segfault in dns_get_record()
-- Ondřej Surý <email address hidden> Fri, 13 Jun 2014 15:21:53 +0200
-
php5 (5.6.0~beta3+dfsg-2) unstable; urgency=low
* Remove extra wrong replacement from 5.5.0 to 5.6.0
* Drop the +lfs from phpapi we don't need it for transition anymore
* Upload to unstable (start the transition period)
-- Ondřej Surý <email address hidden> Wed, 28 May 2014 11:59:05 +0200
-
php5 (5.5.12+dfsg-2) unstable; urgency=medium
* Set default listen.{owner,group} to www-data:www-data (Closes: #747195)
-- Ondřej Surý <email address hidden> Mon, 12 May 2014 14:22:52 +0200
-
php5 (5.5.12+dfsg-1) unstable; urgency=medium
* New upstream version 5.5.12+dfsg
+ [CVE-2014-0185]: Fix possible privilege escalation due to insecure
default configuration in php5-fpm.
* Update patches for 5.5.12 release
* Add a patch to fix zlib extension naming in LFS builds
(Ubuntu#1315888)
-- Ondřej Surý <email address hidden> Mon, 05 May 2014 10:20:28 +0200
-
php5 (5.5.11+dfsg-3) unstable; urgency=medium
* Add ~ to ${source:Version} everywhere, so backports don't break
* Resolve the dependency hell between php5-common and php5-json by
moving the php5-json dependecy to SAPIs (except libphp5-embed)
(Closes: #743890, #719942)
-- Ondřej Surý <email address hidden> Sat, 19 Apr 2014 15:19:27 +0200
-
php5 (5.5.11+dfsg-2) unstable; urgency=medium
* Revert "Reenable LARGEFILE support" (Closes: #743842)
-- Lior Kaplan <email address hidden> Tue, 08 Apr 2014 11:02:48 +0300
-
php5 (5.5.10+dfsg-1) unstable; urgency=low
[ Ondřej Surý ]
* Run dh_systemd_{enable,start} without arguments (Closes: #737282)
* Split dh-php5 into a separate package
* Don't use reopen-logs in logrotate script, but send USR1 directly to
main pid of php5-fpm; #compat-non-sysv-rc
* Move PIDFILE to /run
* Implement more robust way of handling php5-fpm reopen logs from
logrotate
[ Thijs Kinkhorst ]
* Add virtual-mysql-server to mysql-server B-D.
* Checked for policy 3.9.5, no changes.
[ Ondřej Surý ]
* New upstream version 5.5.10+dfsg
* Update dfsg-repack.sh script to remove upstream .gitignore from
repacked tarball
* Update patches for 5.5.10 release
-- Ondřej Surý <email address hidden> Thu, 27 Mar 2014 14:07:57 +0100
-
php5 (5.5.9+dfsg-1) unstable; urgency=medium
* New upstream version 5.5.9+dfsg
* Install CLI specific ini file with PCNTL enabled (Closes: #720434)
* Use php_admin_flag in Apache settings (Closes: #690964)
-- Lior Kaplan <email address hidden> Fri, 07 Feb 2014 16:21:04 +0200
-
php5 (5.5.8+dfsg-3) unstable; urgency=low
* Fix regression in system fallback for date_default_timezone_get()
(Closes: #730771)
-- Ondřej Surý <email address hidden> Fri, 24 Jan 2014 09:59:36 +0100
-
php5 (5.5.8+dfsg-2) unstable; urgency=medium
* Re-enable dtrace only on architectures that support it
-- Lior Kaplan <email address hidden> Sun, 12 Jan 2014 00:56:04 +0200
-
php5 (5.5.7+dfsg-2) unstable; urgency=low
* Enable dtrace only on architectures that support it
-- Ondřej Surý <email address hidden> Thu, 12 Dec 2013 23:54:26 +0100
-
php5 (5.5.6+dfsg-1) unstable; urgency=low
[ Lior Kaplan ]
* Fix lintian systemd-service-file-refers-to-obsolete-target
[ Ondřej Surý ]
* Add support for reload signal in upstart init job
* New upstream version 5.5.6+dfsg
* Update patches for 5.5.6+dfsg release
-- Ondřej Surý <email address hidden> Thu, 21 Nov 2013 09:59:57 +0100
-
php5 (5.5.5+dfsg-1) unstable; urgency=low
* New upstream version 5.5.5+dfsg
- Remove merged patches: shtool_mkdir_-p_-race-condition,
0001-Add-information-about-which-INI-file-is-which-inside,
Zend_OpCache_GNUHurd_fix and mssql-null-exception
* Delete 116-posixness_fix patch, Hurd builds successfully without it
-- Lior Kaplan <email address hidden> Sat, 19 Oct 2013 15:49:21 +0300
-
php5 (5.5.4+dfsg-1) unstable; urgency=low
[ Thijs Kinkhorst ]
* In maintscripts not emit 'no action required' messages to
console (closes: #724001).
[ Lior Kaplan ]
* Remove obsolete patches: 004-ldap_fix, 036-fd_setsize_fix,
043-recode_size_t, 045-exif_nesting_level, 047-zts_with_dl and
108-64_bit_datetime.
* Add patch info (description, author and bug number)
* Delete patches we don't apply during build
* Add a reference to GNU/Hurd porting guidelines
[ Ondřej Surý ]
* New upstream version 5.5.4+dfsg
* Remove SHA2 broken test patch; merged upstream
* Refresh patches for 5.5.4 release
-- Ondřej Surý <email address hidden> Fri, 27 Sep 2013 11:32:38 +0200
-
php5 (5.5.3+dfsg-1) unstable; urgency=low
* New upstream version 5.5.3+dfs
* Update patches for 5.5.3 release
-- Ondřej Surý <email address hidden> Fri, 23 Aug 2013 14:49:34 +0200
-
php5 (5.5.1+dfsg-2) unstable; urgency=low
* Move apache2 (>= 2.4) from Pre-Depend to Depends (Closes: #711454)
* Install the headers from CGI build to get mysqlnd headers into
php5-dev package (Closes: #690395)
* Use small helper script instead of shell blog to check FPM
configuration (Closes: #718627)
-- Ondřej Surý <email address hidden> Mon, 05 Aug 2013 15:58:01 +0200
-
php5 (5.5.1+dfsg-1) unstable; urgency=low
* New upstream version 5.5.1+dfsg
* Update patches for 5.5.1 release
-- Ondřej Surý <email address hidden> Mon, 22 Jul 2013 08:25:19 +0200
-
php5 (5.4.4-15.1) jessie; urgency=low
* Non-maintainer upload.
* Disable tests on mips* to work around mysql b0rkedness.
-- Julien Cristau <email address hidden> Thu, 20 Jun 2013 21:17:24 +0200
-
php5 (5.4.4-15) unstable; urgency=high
* [CVE-2013-1824]: CVE-2013-1643 had incomplete fix for external entity
loading
-- Ondřej Surý <email address hidden> Fri, 22 Mar 2013 13:51:47 +0100
