lp:~ephess/ubuntu/lucid/php5/fix-for-651049
- Get this branch:
- bzr branch lp:~ephess/ubuntu/lucid/php5/fix-for-651049
Branch merges
- Scott Moser: Needs Fixing
-
Diff: 62 lines (+42/-0)3 files modifieddebian/changelog (+7/-0)
debian/patches/filter_validate_url.patch (+34/-0)
debian/patches/series (+1/-0)
Related bugs
Related blueprints
Branch information
- Owner:
- Jordan Hagan
- Status:
- Development
Recent revisions
- 65. By Jordan Hagan
-
debian/
patches/ filter_ validate_ url.patch: backported bugfix
to FILTER_VALIDATE_URL (LP: #651049) - 64. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible memory corruption via
negative size in HTTP chunked encoding stream
- debian/patches/ CVE-2010- 1866.patch: prevent chunk_size from
overflowing in ext/standard/filters. c.
- CVE-2010-1866
* SECURITY UPDATE: arbitrary code execution via empty SQL query
- debian/patches/ CVE-2010- 1868.patch: use ecalloc instead of emalloc in
ext/sqlite/ sqlite. c.
- CVE-2010-1868
* SECURITY UPDATE: denial of service via fnmatch stack consumption
- debian/patches/ CVE-2010- 1917.patch: limit size of pattern in
ext/standard/ file.c.
- CVE-2010-1917
* SECURITY UPDATE: arbitrary memory disclosure and possible code
execution via phar extension
- debian/patches/ CVE-2010- 2094.patch: use correct format string in
ext/phar/dirstream. c, ext/phar/stream.c.
- CVE-2010-2094
- CVE-2010-2950
* SECURITY UPDATE: sensitive information disclosure or arbitrary code
execution via use-after-free in SplObjectStorage unserializer
- debian/patches/ CVE-2010- 2225.patch: fix logic in
ext/spl/spl_ observer. c, ext/standard/ {php_var. h,var_unseriali zer.*},
add tests to ext/spl/tests.
- CVE-2010-2225
* SECURITY UPDATE: sensitive information disclosure via error messages
- debian/patches/ CVE-2010- 2531.patch: don't display data when flushing
output buffer in ext/standard/{var.c, php_var. h}, fix tests in
ext/standard/ tests/general_ functions.
- CVE-2010-2531
* SECURITY UPDATE: arbitrary session variable modification via crafted
session variable name
- debian/patches/ CVE-2010- 3065.patch: handle PS_UNDEF_MARKER marker in
ext/session/ session. c.
- CVE-2010-3065
* debian/patches/ lp564920- fix-big- files.patch: Fix downloading of large
files (LP: #564920) - 60. By Chuck Short
-
* Merge from debian unstable:
- debian/control:
* Dropped firebird2.1-dev, libc-client-dev, libmcrypt-dev as it is in universe.
* Dropped libmysqlclient15-dev, build against mysql 5.1.
* Dropped libcurl-dev not in the archive.
* Suggest php5-suhosin rather than recommends.
* Dropped php5-imap, php5-interbase, php5-mcrypt since we have versions already in
universe.
* Dropped libonig-dev and libqgdbm since its in universe. (will be re-added in lucid+1)
* Dropped locales-all.
- modulelist: Drop imap, interbase, and mcrypt.
- debian/rules:
* Dropped building of mcrypt, imap, and interbase.
* Install apport hook for php5.
- Dropped debian/patches/ libedit_ is_editline. patch. - 58. By Chuck Short
-
* Upload to lucid:
- debian/control:
* Dropped firebird2.1-dev, libc-client-dev, libmcrypt-dev as it is in universe.
* Dropped libmysqlclient15-dev, build against mysql 5.1.
* Dropped libcurl-dev not in the archive
* Suggest php5-suhosin rather than recommends.
* Dropped php5-imap, php5-interbase, php5-mcrypt since we have versions already in
universe
* Dropped locales-all.
- modulelist: Drop imap, internabse, and mcrypt.
- debian/rules:
+ Dropped building of mycrypt, imap, and interbase.
+ Install apport hook for php5, apart of the server-lucid-apport- hooks.
- debian/patches/ libedit_ is_editline. patch: Refreshed. - 56. By Chuck Short
-
* Merge from debian testing. Remaining changes:
- debian/control, debian/rules: Disable a few build dependencies and
accompanying binary packages which we do not want to support in main:
+ firebird2-dev/php5- interbase (we have a seperate php-interbase source)
+ libc-client/php5-imap (we have a seperate php-imap source)
+ libmcrypt-dev/php5- mcrypt (seperate php-mcrypt source)
+ readline support again, now that the libedit issue is fixed.
- debian/control: Add build dependency: libedit-dev (>= 2.9.cvs.20050518-1)
CLI readline support.
- debian/rules:
+ Correctly mangle PHP5_* macros for lpia
- debian/control:
+ Rename Vcs-Browser & Vcs-Git to XS-Original-Vcs-Browser & XS-Original-Vcs-Git (LP: #323731).
- debian/control: Move php5-suhoshin to Suggests.
- debian/rules: Fix broken symlink for pear.
- main/php_version.h: updated with Ubuntu version info
- debian/patches/ series: Re-enable the 033-we_ WANT_libtool. patch patch
- debian/rules, debian/source_ php5.py: Install apport hook.
* Dropped patches: CVE-2009-3557.patch and CVE-2009-3558.patch, no longer needed.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/oneiric/php5