~bryce/ubuntu/+source/php7.2:fix-lp1865218-mod-php-upgrade-bionic

Last commit made on 2020-05-14
Get this branch:
git clone -b fix-lp1865218-mod-php-upgrade-bionic https://git.launchpad.net/~bryce/ubuntu/+source/php7.2
Only Bryce Harrington can upload to this branch. If you are Bryce Harrington please log in for upload directions.

Branch merges

Branch information

Name:
fix-lp1865218-mod-php-upgrade-bionic
Repository:
lp:~bryce/ubuntu/+source/php7.2

Recent commits

99f02c8... by Bryce Harrington

changelog

9b41476... by Bryce Harrington

* libapache2-mod-php.postinst.extra: Disable other mod-php
  versions. Fixes failure when upgrading from previous versions of
  mod-php.
  (LP: #1865218)

5189087... by Leonidas S. Barbosa

Import patches-unapplied version 7.2.24-0ubuntu0.18.04.4 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: c4cc3f02b3a90f8362936be184267912e2a9ebb2

New changelog entries:
  * SECURITY UDPATE: Null dereference pointer
    - debian/patches/CVE-2020-7062.patch: avoid null dereference in
      ext/session/session.c.
    - CVE-2020-7062
  * SECURITY UPDATE: Lax permissions on files added to tar with Phar
    - debian/patches/CVE-2020-7063.patch: enforce correct permissions
      for files add to tar with Phar in ext/phar/phar_object.c,
      ext/phar/tests/bug79082.phpt, ext/phar/tests/test79082*.
    - CVE-2020-7063
  * SECURITY UPDATE: Read one byte of uninitialized memory
    - debian/patches/CVE-2020-7064.patch: check length in
      exif_process_TIFF_in_JPEG to avoid read uninitialized memory
      ext/exif/exif.c, ext/exif/tests/bug79282.phpt.
    - debian/patches/Fix_test_bug79282.patch: fix test in
      ext/exif/tests/bug79282.phpt.
    - CVE-2020-7064
  * SECURITY UPDATE: Truncated url due \0
    - debian/patches/CVE-2020-7066.patch: check for get_headers
      not accepting \0 in ext/standard/url.c.
    - CVE-2020-7066

c4cc3f0... by Leonidas S. Barbosa

Import patches-unapplied version 7.2.24-0ubuntu0.18.04.3 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: bf435258d5092f07b57d1d46fc04ce9d90a3764d

New changelog entries:
  * SECURITY UPDATE: Out of bounds read
    - debian/patches/CVE-2020-7059.patch: fix OOB read in
      php_strip_tags_ex in ext/standard/string.c and added test
      ext/standard/tests/file/bug79099.phpt.
    - CVE-2020-7059
  * SECURITY UPDATE: Buffer-overflow
    - debian/patches/CVE-2020-7060.patch: fix adding a check function
      is_in_cp950_pua in ext/mbstring/libmbfl/filters/mbfilter_big5.c
      and added test ext/mbstring/tests/bug79037.phpt.
    - CVE-2020-7060

bf43525... by Leonidas S. Barbosa

Import patches-unapplied version 7.2.24-0ubuntu0.18.04.2 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 79dcb27c1b9f5b236539476b6751e2199a8d7250

New changelog entries:
  * SECURITY UPDATE: silently truncates
    a class after a null byte
    - debian/patches/CVE-2019-11045.patch: not accept
      arbitrary strings in ext/spl/spl_directory.c,
      ext/spl/tests/bug78863.phpt.
    - CVE-2019-11045
  * SECURITY UPDATE: Buffer underflow
    - debian/patches/CVE-2019-11046.patch: not rely on `isdigit()`
      to detect digits in ext/bcmath/libbcmath/src/str2num.c,
      ext/bcmath/tests/bug78878.phpt.
    - CVE-2019-11046
  * SECURITY UPDATE: Heap-buffer-overflow
    - debian/patches/CVE-2019-11047.patch: fix in ext/exif/exif.c,
      ext/exif/tests/bug78910.phpt.
    - CVE-2019-11047
  * SECURITY UPDATE: Use-after-free
    - debian/patches/CVE-2019-11050.patch: fix in
      ext/exif/exif.c, ext/exif/tests/bug78793.phpt.
    - CVE-2019-11050

79dcb27... by Marc Deslauriers

Import patches-unapplied version 7.2.24-0ubuntu0.18.04.1 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 9e849f3b6b28f63ba48539f99a3647cdbe6ad8fb

New changelog entries:
  * SECURITY UPDATE: updated to 7.2.24 to fix security issue
    - CVE-2019-11043
  * Rebased patches:
    - debian/patches/0022-lp564920-fix-big-files.patch
  * Removed patches no longer required:
    - debian/patches/CVE-2019-11041.patch
    - debian/patches/CVE-2019-11042.patch

9e849f3... by Leonidas S. Barbosa

Import patches-unapplied version 7.2.19-0ubuntu0.18.04.2 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 29aefbcb327a117d01029f989a45e15b7af3e3c5

New changelog entries:
  * SECURITY UPDATE: Heap-buffer-overflow
    - debian/patches/CVE-2019-11041.patch: check Thumbnail.size in order
      to avoid an overflow in ext/exif.exif.c and adding test to
      ext/exif/tests/bug78222.phpt.
    - CVE-2019-11041
  * SECURITY UPDATE: Heap-buffer-overflow
    - debian/patches/CVE-2019-11042.patch: check ByteCount in order to
      avoid an overflow in ext/exif/exif.c and adding tests to
      ext/exif/tests/bug78256.phpt.
    - CVE-2019-11042

29aefbc... by Marc Deslauriers

Import patches-unapplied version 7.2.19-0ubuntu0.18.04.1 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 83f74dca3a394765fa17da8c33a7c17f68f4087d

New changelog entries:
  * Updated to 7.2.19 to fix multiple security issues.
    - CVE-2019-11036
    - CVE-2019-11039
    - CVE-2019-11040
  * Refreshed patches:
    - debian/patches/0039-hack-phpdbg-to-explicitly-link-with-libedit.patch

83f74dc... by Marc Deslauriers

Import patches-unapplied version 7.2.17-0ubuntu0.18.04.1 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 61e4462ecdd88c9cdbdc1e9141f5090755330dc1

New changelog entries:
  * Updated to 7.2.17 to fix multiple security issues.
    - CVE-2019-11034
    - CVE-2019-11035
  * Refreshed patches:
    - debian/patches/0013-Add-support-for-use-of-the-system-timezone-database.patch
  * Removed patches included in new version:
    - debian/patches/CVE-2019-9637.patch
    - debian/patches/CVE-2019-9638-and-CVE-2019-9639-1.patch
    - debian/patches/CVE-2019-9638-and-CVE-2019-9639-2.patch
    - debian/patches/CVE-2019-9640.patch
    - debian/patches/CVE-2019-9641.patch
    - debian/patches/CVE-2019-9675.patch

61e4462... by Leonidas S. Barbosa

Import patches-unapplied version 7.2.15-0ubuntu0.18.04.2 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 245fbc888a5b14279aae8fe7bcd9bcfbdd41976c

New changelog entries:
  * SECURITY UPDATE: Unauthorized users access
    - debian/patches/CVE-2019-9637.patch: fix in
      main/streams/plain_wrapper.c.
    - CVE-2019-9637
  * SECURITY UPDATE: Invalid read in exif_process_IFD_MAKERNOTE
    - debian/patches/CVE-2019-9638-and-CVE-2019-9639-*.patch: fix in
      ext/exif/exif.c, added tests in ext/exif/tests/bug77563.jpg,
      ext/exif/tests/bug77563.phpt.
    - CVE-2019-9638
    - CVE-2019-9639
  * SECURITY UPDATE: Invalid read
    - debian/patches/CVE-2019-9640.patch: fix in
      ext/exif/exif.c, added tests in ext/exif/tests/bug77540.jpg,
      ext/exif/tests/bug77540.phpt.
    - CVE-2019-9640
  * SECURITY UPDATE: Unitialized read
    - debian/patches/CVE-2019-9641.patch: fix in ext/exif/exif.c.
    - CVE-2019-9641
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2019-9675.patch: fix in
      ext/phar/tar.c, added tests in ext/phar/tests/bug71488.phpt,
      ext/phar/tests/bug77586,phpt, ext/phar/tests/bug77586/files/*.