Commit e9d65cad authored by Ondrej Sury's avatar Ondrej Sury Committed by Mark A. Hershberger

Imported Debian patch 5.1.5-1

parent 17663d16
php5 (5.1.5-1) unstable; urgency=high
* Acknowledge NMU.
* New upstream release (Closes: #383596)
- Added missing safe_mode/open_basedir checks inside the error_log(),
file_exists(), imap_open() and imap_reopen() functions.
- Fixed overflows inside str_repeat() and wordwrap() functions on 64bit
systems.
- Fixed possible open_basedir/safe_mode bypass in cURL extension and
with realpath cache. (CVE-2006-2563) (Closes: #370165)
- Fixed overflow in GD extension on invalid GIF images.
- Fixed a buffer overflow inside sscanf() function. (CVE-2006-4020)
(Closes: #382256)
- Fixed an out of bounds read inside stripos() function.
- Fixed memory_limit restriction on 64 bit system.
-- Ondřej Surý <ondrej@debian.org> Sat, 19 Aug 2006 14:41:43 +0200
php5 (5.1.4-0.1) unstable; urgency=high
* Non-maintainer upload.
* New upstream release. (Closes: #366109)
* Fixes information leak in html_entity_decode() (CVE-2006-1490).
(Closes: #359907)
* Fixes phpinfo() XSS (CVE-2006-0996). (Closes: #361914)
* Fixes copy() safe mode bypass (CVE-2006-1608). (Closes: #361915)
* Fixes tempnam() open_basedir bypass (CVE-2006-1494). (Closes: #361916)
* Fixes wordwrap() buffer overflow (CVE-2006-1990). (Closes: #365312)
* Fixes substr_compare() DoS condition (CVE-2006-1991).
* Fixes crash during too deep recursion (CVE-2006-1549). (Closes: #361917)
* Fixes injection in mb_send_mail() (CVE-2006-1014, CVE-2006-1015); not
mentioned in upstream changelog. (Closes: #368595)
* 044-strtod_arm_fix.patch: Adapted for new upstream; pulled in from
Piotr Roszatycki's packages.
* 108-64bit_datetime.patch: Patch to fix possible segfault on systems where
sizeof(void*) > sizeof(int); patch from David Mosberger-Tang.
-- Steinar H. Gunderson <sesse@debian.org> Tue, 13 Jun 2006 22:38:33 +0200
php5 (5.1.2-1) unstable; urgency=low
* New upstream bugfix and security update release (closes: #347894)
......
--- php4-4.3.10/Zend/zend_strtod.c 2005-02-14 17:17:51.000000000 -0700
+++ php4-4.3.10/Zend/zend_strtod.c 2005-02-14 17:18:31.000000000 -0700
diff -urN php-5.1.5.orig/Zend/zend_strtod.c php-5.1.5/Zend/zend_strtod.c
--- php-5.1.5.orig/Zend/zend_strtod.c 2006-02-14 23:10:55.000000000 +0100
+++ php-5.1.5/Zend/zend_strtod.c 2006-08-19 15:00:44.000000000 +0200
@@ -123,13 +123,25 @@
#define IEEE_LITTLE_ENDIAN
#endif
......@@ -33,7 +34,7 @@
#endif
#ifdef __vax__
@@ -237,8 +245,7 @@
@@ -237,8 +249,7 @@
#if defined(IEEE_LITTLE_ENDIAN) + defined(IEEE_BIG_ENDIAN) + defined(VAX) + \
defined(IBM) != 1
......@@ -43,7 +44,7 @@
#endif
typedef union {
@@ -258,7 +265,7 @@
@@ -258,7 +269,7 @@
* An alternative that might be better on some machines is
* #define Storeinc(a,b,c) (*a++ = b << 16 | c & 0xffff)
*/
......
--- php5-5.1.4.orig/ext/standard/datetime.c-orig 2006-03-20 08:20:54.000000000 -0800
+++ php5-5.1.4/ext/standard/datetime.c 2006-03-20 08:13:05.000000000 -0800
@@ -20,6 +20,9 @@
/* $Id: datetime.c,v 1.134.2.2 2006/01/01 12:50:14 sniper Exp $ */
+#define _XOPEN_SOURCE /* needed to get strptime() declared */
+#define _BSD_SOURCE /* needed to get ulong declared */
+
#include "php.h"
#include "zend_operators.h"
#include "datetime.h"
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment