php5 5.3.3-7ubuntu1 source package in Ubuntu

Changelog

php5 (5.3.3-7ubuntu1) natty; urgency=low

  * Merge from debian unstable.  Remaining changes:
    - debian/control:
      * Dropped firebird2.1-dev, libc-client-dev, libmcrypt-dev as it is in universe.
      * Dropped libmysqlclient15-dev, build against mysql 5.1.
      * Dropped libcurl-dev not in the archive.
      * Suggest php5-suhosin rather than recommends.
      * Dropped php5-imap, php5-interbase, php5-mcrypt since we have versions
        already in universe.
      * Dropped libonig-dev and libqgdbm since its in universe. (will be re-added in lucid+1)
      * Dropped locales-all.
    - modulelist: Drop imap, interbase, sybase, and mcrypt.
    - debian/rules:
      * Dropped building of mcrypt, imap, and interbase.
      * Install apport hook for php5.
      * stop mysql instance on clean just in case we failed in tests
    - Dropped debian/patches/fix-upstream-bug53632.patch, used debian's instead.
    - Dropped debian/patches/mssql-fix-segfault.patch, use debian's instead.
    - debian/patches/configure-as-needed.patch. Work around suspicious
      configure macros to fix a build failure with --as-needed
    - debian/patches/php52389-pgsql-segfault.patch: removing, causes error
      handling to fail.

php5 (5.3.3-7) unstable; urgency=low

  * Cherry pick patches for:
    + double free vulnerability in the imap_do_open function in the IMAP
      extension (CVE-2010-4150)
    + infinite loop with x87 CPU
    + extract() to not overwrite $GLOBALS and $this when using
      EXTR_OVERWRITE
    + crash if aa steps are invalid in GD extension
    + crash with entitity declaration in simplexml.c
    + NULL dereference in Zend language scanner
    + integer overflow in SdnToJulian
    + memory leaks and possible crash introduced by NULL poisoning patch
    + leaks and crash when passing the callback as a variable
    + leak in highlight_string
    + segmentation fault in pgsql_stmt_execute when postgres is down
    + segmentation fault when extending SplFixedArray
    + segmentation fault when node is NULL in simplexml.c
    + segmentation fault when using several cloned intl objects
    + segmentation fault when using bad column_number in sqlite3 columnName
  * Add comment about cherry picked patches (and last revision) from
    upstream SVN to README.source

php5 (5.3.3-6) unstable; urgency=medium

  * Cherry-pick fix for crashes on invalid parameters in intl extension.
    (CVE-2010-4409).
  * Cherry pick fix for crash in zip extract method (possible CWE-170)
  * Cherry pick fix for unaligned memory access in ext/hash/hash_tiger.c
  * Update CVE-2010-3870 to include test case
  * Cherry pick complete fix to reject filenames with NULL (CVE requested)

php5 (5.3.3-5) unstable; urgency=high

  * Add firebird support for armhf (Closes: #604526)
  * More updates to open_basedir (Closes: #605391)

php5 (5.3.3-4) unstable; urgency=low

  * Cherry pick patches for (Closes: #603751):
    + NULL pointer dereference in ZipArchive::getArchiveComment
      (CVE-2010-3709)
    + utf8_decode xml_utf8_decode vulnerability (CVE-2010-3870)
    + mb_strcut() returns garbage with the excessive length parameter
      (CVE-2010-4156)
    + possible flaw in open_basedir (CVE-2010-3436)
    + segfault in SplFileObject::fscanf
    + memory leak in PDO::FETCH_INTO
    + crash when storing many SPLFixedArray in an array
    + possible crash in php_mssql_get_column_content_without_type()
    + cURL leaks handle and causes assertion error (CURLOPT_STDERR)
    + segfault when optional parameters are not passed in to mssql_connect
    + segfault when ssl stream option capture_peer_cert_chain used
    + crash in GC because of incorrect reference counting
    + crash when calling enchant_broker_get_dict_path before set_path
    + crash in pdo_firebird getAttribute()

php5 (5.3.3-3) unstable; urgency=high

  * Fix segfault in filter_var with FILTER_VALIDATE_EMAIL with large
    amount of data (CVE-2010-3710, Closes: #601619)

php5 (5.3.3-2) unstable; urgency=low

  * Upload 5.3.3 to unstable
    + Fixes CVE-2010-2225, CVE-2010-2094, CVE-2010-1917, CVE-2010-1866,
      CVE-2010-2531, CVE-2010-3065.
  * Don't build FPM SAPI now
  * Bump standards version to 3.9.1
  * Synchronize system crypt patch
  * Cherry pick upstream fix for format vulnerability in phar/stream.c
    + Fixes CVE-2010-2950.
  * Set explicit error level to hide warnings on systems with modified
    php.ini (Closes: #590485)
  * Apply patch to fix loading of extensions without [PHP] section
    (Closes: #595761)
  * Set session.gc_probability back to 0 (Closes: #595706)
  * Update PHP5 description to not include references to C, Java and
    Perl (Closes: #351032)
 -- Chuck Short <email address hidden>   Fri, 07 Jan 2011 22:44:56 +0000