Bug#706848: pu: package php5/5.4.4-16
Control: tags -1 + pending On Wed, 2013-05-22 at 22:26 +0100, Adam D. Barratt wrote: On Mon, 2013-05-06 at 19:34 +0200, Ondřej Surý wrote: version number changed to -14+deb7u1 (and merged changelogs for -15 and -16 releases). Please go ahead; thanks. Flagged for acceptance. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1369348858.30828.10.ca...@jacala.jungle.funky-badger.org
Processed: Re: Bug#706848: pu: package php5/5.4.4-16
Processing control commands: tags -1 + pending Bug #706848 [release.debian.org] pu: package php5/5.4.4-14+deb7u1 Added tag(s) pending. -- 706848: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706848 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b706848.136934886514222.transcr...@bugs.debian.org
Bug#706848: pu: package php5/5.4.4-16
Control: tags -1 + confirmed On Mon, 2013-05-06 at 19:34 +0200, Ondřej Surý wrote: version number changed to -14+deb7u1 (and merged changelogs for -15 and -16 releases). Please go ahead; thanks. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1369257968.16332.18.ca...@jacala.jungle.funky-badger.org
Processed: Re: Bug#706848: pu: package php5/5.4.4-16
Processing control commands: tags -1 + confirmed Bug #706848 [release.debian.org] pu: package php5/5.4.4-14+deb7u1 Added tag(s) confirmed. -- 706848: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706848 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b706848.13692579769561.transcr...@bugs.debian.org
Bug#706848: pu: package php5/5.4.4-16
Control: tags -1 + moreinfo On 2013-05-05 14:17, Ondřej Surý wrote: $ diffstat php5_5.4.4-16.debdiff -16 doesn't work as a version number for this I'm afraid. Testing and unstable have -15, stable -14; please use -14+deb7u1. Please could we have a copy of the proposed debdiff, rather than just a diffstat? Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1c9fd4749b6f8e2cf47fc91d81845...@mail.adsl.funky-badger.org
Processed: Re: Bug#706848: pu: package php5/5.4.4-16
Processing control commands: tags -1 + moreinfo Bug #706848 [release.debian.org] pu: package php5/5.4.4-16 Added tag(s) moreinfo. -- 706848: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706848 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b706848.13678477262934.transcr...@bugs.debian.org
Bug#706848: pu: package php5/5.4.4-16
Package: release.debian.org
Followup-For: Bug #706848
User: release.debian@packages.debian.org
Usertags: pu
Hello Adam,
version number changed to -14+deb7u1 (and merged changelogs for -15
and -16 releases).
$ diffstat php5_5.4.4-14+deb7u1.debdiff
debian/patches/CVE-2013-1643.patch | 135 --
debian/patches/CVE-2013-1824.patch | 142 +++
debian/patches/fix-crash-in-garbage-collection.patch | 35
debian/patches/fix-dropping-connections-in-FPM.patch | 46 ++
debian/patches/libmagic-vision-fix.patch | 11 +
debian/patches/pdo_dblib.patch | 29 +++
php5-5.4.4/debian/changelog | 13 +
php5-5.4.4/debian/patches/series |6
8 files changed, 281 insertions(+), 136 deletions(-)
And debdiff attached, sorry for to forgotting to attach it, I had it
already prepared, but somehow I didn't attach it.
O.
-- System Information:
Debian Release: 7.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -u php5-5.4.4/debian/changelog php5-5.4.4/debian/changelog
--- php5-5.4.4/debian/changelog
+++ php5-5.4.4/debian/changelog
@@ -1,3 +1,16 @@
+php5 (5.4.4-14+deb7u1) unstable; urgency=low
+
+ * Pull upstream fix for FPM drops connection while receiving some binary
+values in FastCGI requests (Closes: #703056)
+ * Fix crash in garbage collection (patch courtesy of Michal Cihar)
+(Closes: #706082)
+ * Update libmagic detection of MS Office documents (Closes: #703504)
+ * Fix mssql connector to work with Azure SQL (Closes: #702079)
+ * [CVE-2013-1824]: CVE-2013-1643 was incomplete fix; this pulls full
+upstream patch (5.4.4-14 already had all the relevant security parts)
+
+ -- Ondřej Surý ond...@debian.org Mon, 06 May 2013 18:15:49 +0200
+
php5 (5.4.4-14) unstable; urgency=high
* [CVE-2013-1635] Fixed external entity loading
diff -u php5-5.4.4/debian/patches/series php5-5.4.4/debian/patches/series
--- php5-5.4.4/debian/patches/series
+++ php5-5.4.4/debian/patches/series
@@ -81 +81,5 @@
-CVE-2013-1643.patch
+CVE-2013-1824.patch
+fix-dropping-connections-in-FPM.patch
+fix-crash-in-garbage-collection.patch
+libmagic-vision-fix.patch
+pdo_dblib.patch
reverted:
--- php5-5.4.4/debian/patches/CVE-2013-1643.patch
+++ php5-5.4.4.orig/debian/patches/CVE-2013-1643.patch
@@ -1,135 +0,0 @@
a/ext/libxml/libxml.c
-+++ b/ext/libxml/libxml.c
-@@ -270,6 +270,7 @@ static PHP_GINIT_FUNCTION(libxml)
- libxml_globals-error_buffer.c = NULL;
- libxml_globals-error_list = NULL;
- libxml_globals-entity_loader.fci.size = 0;
-+ libxml_globals-entity_loader_disabled = 0;
- }
-
- static void _php_libxml_destroy_fci(zend_fcall_info *fci)
-@@ -369,16 +370,15 @@ static int php_libxml_streams_IO_close(v
- }
-
- static xmlParserInputBufferPtr
--php_libxml_input_buffer_noload(const char *URI, xmlCharEncoding enc)
--{
-- return NULL;
--}
--
--static xmlParserInputBufferPtr
- php_libxml_input_buffer_create_filename(const char *URI, xmlCharEncoding enc)
- {
- xmlParserInputBufferPtr ret;
- void *context = NULL;
-+ TSRMLS_FETCH();
-+
-+ if (LIBXML(entity_loader_disabled)) {
-+ return NULL;
-+ }
-
- if (URI == NULL)
- return(NULL);
-@@ -1052,28 +1052,25 @@ static PHP_FUNCTION(libxml_clear_errors)
- }
- /* }}} */
-
-+PHP_LIBXML_API zend_bool php_libxml_disable_entity_loader(zend_bool disable TSRMLS_DC)
-+{
-+ zend_bool old = LIBXML(entity_loader_disabled);
-+
-+ LIBXML(entity_loader_disabled) = disable;
-+ return old;
-+}
-+
- /* {{{ proto bool libxml_disable_entity_loader([boolean disable])
-Disable/Enable ability to load external entities */
- static PHP_FUNCTION(libxml_disable_entity_loader)
- {
- zend_bool disable = 1;
-- xmlParserInputBufferCreateFilenameFunc old;
-
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, |b, disable) == FAILURE) {
- return;
- }
-
-- if (disable == 0) {
-- old = xmlParserInputBufferCreateFilenameDefault(php_libxml_input_buffer_create_filename);
-- } else {
-- old = xmlParserInputBufferCreateFilenameDefault(php_libxml_input_buffer_noload);
-- }
--
-- if (old == php_libxml_input_buffer_noload) {
-- RETURN_TRUE;
-- }
--
-- RETURN_FALSE;
-+ RETURN_BOOL(php_libxml_disable_entity_loader(disable TSRMLS_CC));
- }
- /* }}} */
-
a/ext/libxml/php_libxml.h
-+++ b/ext/libxml/php_libxml.h
-@@ -47,6 +47,7 @@ ZEND_BEGIN_MODULE_GLOBALS(libxml)
- zend_fcall_info fci;
- zend_fcall_info_cache fcc;
- } entity_loader;
-+ zend_bool entity_loader_disabled;
- ZEND_END_MODULE_GLOBALS(libxml)
-
- typedef struct _libxml_doc_props {
-@@ -97,6 +98,7 @@ PHP_LIBXML_API void php_libxml_ctx_error
- PHP_LIBXML_API int php_libxml_xmlCheckUTF8(const unsigned char *s);
- PHP_LIBXML_API zval *php_libxml_switch_context(zval *context TSRMLS_DC);
-
Bug#706848: pu: package php5/5.4.4-16
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: pu $ diffstat php5_5.4.4-16.debdiff debian/patches/CVE-2013-1643.patch | 135 -- debian/patches/CVE-2013-1824.patch | 142 +++ debian/patches/fix-crash-in-garbage-collection.patch | 35 debian/patches/fix-dropping-connections-in-FPM.patch | 46 ++ debian/patches/libmagic-vision-fix.patch | 11 + debian/patches/pdo_dblib.patch | 29 +++ php5-5.4.4/debian/changelog | 18 ++ php5-5.4.4/debian/patches/series |6 8 files changed, 286 insertions(+), 136 deletions(-) CVE-2013-1643 is almost the same patch (it was already in -15, but we didn't unblock it because the former includes the important bits of the later. The rest of the patches fixes these respective bugs (in the same order): * Pull upstream fix for FPM drops connection while receiving some binary values in FastCGI requests (Closes: #703056) * Fix crash in garbage collection (patch courtesy of Michal Cihar) (Closes: #706082) * Update libmagic detection of MS Office documents (Closes: #703504) * Fix mssql connector to work with Azure SQL (Closes: #702079) Ondrej -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130505131755.15575.14101.reportbug@localhost6.localdomain6
