Bug#706848: pu: package php5/5.4.4-16
Control: tags -1 + pending On Wed, 2013-05-22 at 22:26 +0100, Adam D. Barratt wrote: On Mon, 2013-05-06 at 19:34 +0200, Ondřej Surý wrote: version number changed to -14+deb7u1 (and merged changelogs for -15 and -16 releases). Please go ahead; thanks. Flagged for acceptance. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1369348858.30828.10.ca...@jacala.jungle.funky-badger.org
Processed: Re: Bug#706848: pu: package php5/5.4.4-16
Processing control commands: tags -1 + pending Bug #706848 [release.debian.org] pu: package php5/5.4.4-14+deb7u1 Added tag(s) pending. -- 706848: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706848 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b706848.136934886514222.transcr...@bugs.debian.org
Bug#706848: pu: package php5/5.4.4-16
Control: tags -1 + confirmed On Mon, 2013-05-06 at 19:34 +0200, Ondřej Surý wrote: version number changed to -14+deb7u1 (and merged changelogs for -15 and -16 releases). Please go ahead; thanks. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1369257968.16332.18.ca...@jacala.jungle.funky-badger.org
Processed: Re: Bug#706848: pu: package php5/5.4.4-16
Processing control commands: tags -1 + confirmed Bug #706848 [release.debian.org] pu: package php5/5.4.4-14+deb7u1 Added tag(s) confirmed. -- 706848: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706848 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b706848.13692579769561.transcr...@bugs.debian.org
Bug#706848: pu: package php5/5.4.4-16
Control: tags -1 + moreinfo On 2013-05-05 14:17, Ondřej Surý wrote: $ diffstat php5_5.4.4-16.debdiff -16 doesn't work as a version number for this I'm afraid. Testing and unstable have -15, stable -14; please use -14+deb7u1. Please could we have a copy of the proposed debdiff, rather than just a diffstat? Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1c9fd4749b6f8e2cf47fc91d81845...@mail.adsl.funky-badger.org
Processed: Re: Bug#706848: pu: package php5/5.4.4-16
Processing control commands: tags -1 + moreinfo Bug #706848 [release.debian.org] pu: package php5/5.4.4-16 Added tag(s) moreinfo. -- 706848: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706848 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.b706848.13678477262934.transcr...@bugs.debian.org
Bug#706848: pu: package php5/5.4.4-16
Package: release.debian.org Followup-For: Bug #706848 User: release.debian@packages.debian.org Usertags: pu Hello Adam, version number changed to -14+deb7u1 (and merged changelogs for -15 and -16 releases). $ diffstat php5_5.4.4-14+deb7u1.debdiff debian/patches/CVE-2013-1643.patch | 135 -- debian/patches/CVE-2013-1824.patch | 142 +++ debian/patches/fix-crash-in-garbage-collection.patch | 35 debian/patches/fix-dropping-connections-in-FPM.patch | 46 ++ debian/patches/libmagic-vision-fix.patch | 11 + debian/patches/pdo_dblib.patch | 29 +++ php5-5.4.4/debian/changelog | 13 + php5-5.4.4/debian/patches/series |6 8 files changed, 281 insertions(+), 136 deletions(-) And debdiff attached, sorry for to forgotting to attach it, I had it already prepared, but somehow I didn't attach it. O. -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -u php5-5.4.4/debian/changelog php5-5.4.4/debian/changelog --- php5-5.4.4/debian/changelog +++ php5-5.4.4/debian/changelog @@ -1,3 +1,16 @@ +php5 (5.4.4-14+deb7u1) unstable; urgency=low + + * Pull upstream fix for FPM drops connection while receiving some binary +values in FastCGI requests (Closes: #703056) + * Fix crash in garbage collection (patch courtesy of Michal Cihar) +(Closes: #706082) + * Update libmagic detection of MS Office documents (Closes: #703504) + * Fix mssql connector to work with Azure SQL (Closes: #702079) + * [CVE-2013-1824]: CVE-2013-1643 was incomplete fix; this pulls full +upstream patch (5.4.4-14 already had all the relevant security parts) + + -- Ondřej Surý ond...@debian.org Mon, 06 May 2013 18:15:49 +0200 + php5 (5.4.4-14) unstable; urgency=high * [CVE-2013-1635] Fixed external entity loading diff -u php5-5.4.4/debian/patches/series php5-5.4.4/debian/patches/series --- php5-5.4.4/debian/patches/series +++ php5-5.4.4/debian/patches/series @@ -81 +81,5 @@ -CVE-2013-1643.patch +CVE-2013-1824.patch +fix-dropping-connections-in-FPM.patch +fix-crash-in-garbage-collection.patch +libmagic-vision-fix.patch +pdo_dblib.patch reverted: --- php5-5.4.4/debian/patches/CVE-2013-1643.patch +++ php5-5.4.4.orig/debian/patches/CVE-2013-1643.patch @@ -1,135 +0,0 @@ a/ext/libxml/libxml.c -+++ b/ext/libxml/libxml.c -@@ -270,6 +270,7 @@ static PHP_GINIT_FUNCTION(libxml) - libxml_globals-error_buffer.c = NULL; - libxml_globals-error_list = NULL; - libxml_globals-entity_loader.fci.size = 0; -+ libxml_globals-entity_loader_disabled = 0; - } - - static void _php_libxml_destroy_fci(zend_fcall_info *fci) -@@ -369,16 +370,15 @@ static int php_libxml_streams_IO_close(v - } - - static xmlParserInputBufferPtr --php_libxml_input_buffer_noload(const char *URI, xmlCharEncoding enc) --{ -- return NULL; --} -- --static xmlParserInputBufferPtr - php_libxml_input_buffer_create_filename(const char *URI, xmlCharEncoding enc) - { - xmlParserInputBufferPtr ret; - void *context = NULL; -+ TSRMLS_FETCH(); -+ -+ if (LIBXML(entity_loader_disabled)) { -+ return NULL; -+ } - - if (URI == NULL) - return(NULL); -@@ -1052,28 +1052,25 @@ static PHP_FUNCTION(libxml_clear_errors) - } - /* }}} */ - -+PHP_LIBXML_API zend_bool php_libxml_disable_entity_loader(zend_bool disable TSRMLS_DC) -+{ -+ zend_bool old = LIBXML(entity_loader_disabled); -+ -+ LIBXML(entity_loader_disabled) = disable; -+ return old; -+} -+ - /* {{{ proto bool libxml_disable_entity_loader([boolean disable]) -Disable/Enable ability to load external entities */ - static PHP_FUNCTION(libxml_disable_entity_loader) - { - zend_bool disable = 1; -- xmlParserInputBufferCreateFilenameFunc old; - - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, |b, disable) == FAILURE) { - return; - } - -- if (disable == 0) { -- old = xmlParserInputBufferCreateFilenameDefault(php_libxml_input_buffer_create_filename); -- } else { -- old = xmlParserInputBufferCreateFilenameDefault(php_libxml_input_buffer_noload); -- } -- -- if (old == php_libxml_input_buffer_noload) { -- RETURN_TRUE; -- } -- -- RETURN_FALSE; -+ RETURN_BOOL(php_libxml_disable_entity_loader(disable TSRMLS_CC)); - } - /* }}} */ - a/ext/libxml/php_libxml.h -+++ b/ext/libxml/php_libxml.h -@@ -47,6 +47,7 @@ ZEND_BEGIN_MODULE_GLOBALS(libxml) - zend_fcall_info fci; - zend_fcall_info_cache fcc; - } entity_loader; -+ zend_bool entity_loader_disabled; - ZEND_END_MODULE_GLOBALS(libxml) - - typedef struct _libxml_doc_props { -@@ -97,6 +98,7 @@ PHP_LIBXML_API void php_libxml_ctx_error - PHP_LIBXML_API int php_libxml_xmlCheckUTF8(const unsigned char *s); - PHP_LIBXML_API zval *php_libxml_switch_context(zval *context TSRMLS_DC); -
Bug#706848: pu: package php5/5.4.4-16
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: pu $ diffstat php5_5.4.4-16.debdiff debian/patches/CVE-2013-1643.patch | 135 -- debian/patches/CVE-2013-1824.patch | 142 +++ debian/patches/fix-crash-in-garbage-collection.patch | 35 debian/patches/fix-dropping-connections-in-FPM.patch | 46 ++ debian/patches/libmagic-vision-fix.patch | 11 + debian/patches/pdo_dblib.patch | 29 +++ php5-5.4.4/debian/changelog | 18 ++ php5-5.4.4/debian/patches/series |6 8 files changed, 286 insertions(+), 136 deletions(-) CVE-2013-1643 is almost the same patch (it was already in -15, but we didn't unblock it because the former includes the important bits of the later. The rest of the patches fixes these respective bugs (in the same order): * Pull upstream fix for FPM drops connection while receiving some binary values in FastCGI requests (Closes: #703056) * Fix crash in garbage collection (patch courtesy of Michal Cihar) (Closes: #706082) * Update libmagic detection of MS Office documents (Closes: #703504) * Fix mssql connector to work with Azure SQL (Closes: #702079) Ondrej -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130505131755.15575.14101.reportbug@localhost6.localdomain6