diff options
| -rw-r--r-- | debian/changelog | 23 | ||||
| -rw-r--r-- | debian/control | 4 | ||||
| -rw-r--r-- | debian/patches/001-libtool_fixes.patch | 2 | ||||
| -rw-r--r-- | debian/patches/002-static_openssl.patch | 2 | ||||
| -rw-r--r-- | debian/patches/004-ldap_fix.patch | 4 | ||||
| -rw-r--r-- | debian/patches/006-debian_quirks.patch | 14 | ||||
| -rw-r--r-- | debian/patches/013-force_getaddrinfo.patch | 2 | ||||
| -rw-r--r-- | debian/patches/017-pread_pwrite_disable.patch | 4 | ||||
| -rw-r--r-- | debian/patches/027-readline_is_editline.patch | 10 | ||||
| -rw-r--r-- | debian/patches/033-we_WANT_libtool.patch | 2 | ||||
| -rw-r--r-- | debian/patches/053-extension_api.patch | 4 | ||||
| -rw-r--r-- | debian/patches/106-strptime_xopen.patch | 15 | ||||
| -rw-r--r-- | debian/patches/107-reflection_is_ext.patch | 11 | ||||
| -rwxr-xr-x | debian/rules | 13 |
14 files changed, 83 insertions, 27 deletions
diff --git a/debian/changelog b/debian/changelog index d997d36dc..be44a0166 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,26 @@ +php5 (5.1.2-1) unstable; urgency=low + + * New upstream bugfix and security update release (closes: #347894) + - Fixes multiple cross-site-scripting vulnerabilities; CVE-2006-0208 + - Resolves multiple HTTP response splitting vulnerabilities, allowing + arbitrary header injection via Set-Cookie headers; see CVE-2006-0207 + - While we don't currently build it, this release also fixes a format + string vulnerability in the mysqli extension; see CVE-2006-0200 + - Includes a new version of the PEAR installer that seems to have a + slightly better clue about the difference between INSTALL_ROOT and + PHP_PEAR_INSTALL_DIR, fixing pear.conf (closes: #346479, #346501) + * While the above is partially true, the PEAR installer is still a bit + broken (it won't install correctly under fakeroot anymore, YAY), so + shuffle debian/rules to have a build-pear-stamp target, as a stopgap. + * Add 106-strptime_xopen.patch, moving the _XOPEN_SOURCE definition down + in ext/standard/datetime.c, below the php.h include (closes: #346550) + * Add 107-reflection_is_ext.patch, munging ext/reflection/config.m4 to + properly call the PHP_ARG_ENABLE macro for an extension, not built-in. + * Stop php-pear from Replacing and Conflicting with php-html-template-it, + as we only now ship the bare essential to make the pear installer go. + + -- Adam Conrad <adconrad@0c3.net> Mon, 16 Jan 2006 16:12:31 +1100 + php5 (5.1.1-1) unstable; urgency=low * New upstream bugfix release, skipping the problematic 5.1.0 release: diff --git a/debian/control b/debian/control index 928bfbfb4..e05ebe23b 100644 --- a/debian/control +++ b/debian/control @@ -136,9 +136,7 @@ Package: php-pear Architecture: all Depends: php5-cli | php4-cli, php5-common (>= ${Source-Version}) Recommends: gnupg -Replaces: php4-pear (<< 4:4.4.0-0), php-html-template-it -Provides: php-html-template-it -Conflicts: php-html-template-it +Replaces: php4-pear (<< 4:4.4.0-0) Description: PEAR - PHP Extension and Application Repository This package contains the base PEAR classes for PHP, as well as the PEAR installer. Many PEAR classes are already packaged for Debian, and can be diff --git a/debian/patches/001-libtool_fixes.patch b/debian/patches/001-libtool_fixes.patch index 3f1bc8f4a..1c714fc11 100644 --- a/debian/patches/001-libtool_fixes.patch +++ b/debian/patches/001-libtool_fixes.patch @@ -14,7 +14,7 @@ diff -urN php4-4.3.4.orig/TSRM/configure.in php4-4.3.4/TSRM/configure.in diff -urN php4-4.3.4.orig/configure.in php4-4.3.4/configure.in --- php4-4.3.4.orig/configure.in 2003-11-02 17:15:05.000000000 -0500 +++ php4-4.3.4/configure.in 2004-02-16 01:00:52.000000000 -0500 -@@ -1159,9 +1159,6 @@ +@@ -1226,9 +1226,6 @@ LDFLAGS="$LDFLAGS $PHP_AIX_LDFLAGS" AC_PROG_LIBTOOL diff --git a/debian/patches/002-static_openssl.patch b/debian/patches/002-static_openssl.patch index 2ef7cb2cb..347882f36 100644 --- a/debian/patches/002-static_openssl.patch +++ b/debian/patches/002-static_openssl.patch @@ -1,7 +1,7 @@ diff -urN php4-4.3.4.orig/acinclude.m4 php4-4.3.4/acinclude.m4 --- php4-4.3.4.orig/acinclude.m4 2004-02-16 01:01:22.000000000 -0500 +++ php4-4.3.4/acinclude.m4 2004-02-16 01:03:12.000000000 -0500 -@@ -2199,9 +2199,7 @@ +@@ -2221,9 +2221,7 @@ PHP_ADD_INCLUDE($OPENSSL_INCDIR) diff --git a/debian/patches/004-ldap_fix.patch b/debian/patches/004-ldap_fix.patch index 75794adc3..c210f60a7 100644 --- a/debian/patches/004-ldap_fix.patch +++ b/debian/patches/004-ldap_fix.patch @@ -1,6 +1,6 @@ --- php4-4.3.4.orig/ext/ldap/ldap.c +++ php4-4.3.4/ext/ldap/ldap.c -@@ -1353,7 +1353,7 @@ +@@ -1356,7 +1356,7 @@ } i=0; @@ -9,7 +9,7 @@ count = i; array_init(return_value); -@@ -1363,7 +1363,8 @@ +@@ -1366,7 +1366,8 @@ add_index_string(return_value, i, ldap_value[i], 1); } diff --git a/debian/patches/006-debian_quirks.patch b/debian/patches/006-debian_quirks.patch index b0f5c36f0..68c1e2bd7 100644 --- a/debian/patches/006-debian_quirks.patch +++ b/debian/patches/006-debian_quirks.patch @@ -1,7 +1,7 @@ diff -uNr php-5.0.4.orig/configure.in php-5.0.4/configure.in --- php-5.0.4.orig/configure.in 2005-03-30 23:43:12.000000000 +0200 +++ php-5.0.4/configure.in 2005-04-27 11:15:29.276399240 +0200 -@@ -858,7 +858,7 @@ +@@ -925,7 +925,7 @@ fi PHP_ARG_WITH(pear, [whether to install PEAR], @@ -10,7 +10,7 @@ diff -uNr php-5.0.4.orig/configure.in php-5.0.4/configure.in --without-pear Do not install PEAR], DEFAULT, yes) if test "$PHP_PEAR" != "no"; then -@@ -892,7 +892,7 @@ +@@ -959,7 +959,7 @@ if test "$PHP_PEAR" = "DEFAULT" || test "$PHP_PEAR" = "yes"; then case $PHP_LAYOUT in GNU) PEAR_INSTALLDIR=$datadir/pear;; @@ -19,7 +19,7 @@ diff -uNr php-5.0.4.orig/configure.in php-5.0.4/configure.in esac fi -@@ -947,12 +947,12 @@ +@@ -1014,12 +1014,12 @@ case $libdir in '${exec_prefix}/lib') @@ -34,7 +34,7 @@ diff -uNr php-5.0.4.orig/configure.in php-5.0.4/configure.in ;; *) ;; esac -@@ -1009,7 +1009,7 @@ +@@ -1076,7 +1076,7 @@ EXPANDED_DATADIR=$datadir EXPANDED_PHP_CONFIG_FILE_PATH=`eval echo "$PHP_CONFIG_FILE_PATH"` EXPANDED_PHP_CONFIG_FILE_SCAN_DIR=`eval echo "$PHP_CONFIG_FILE_SCAN_DIR"` @@ -268,7 +268,7 @@ diff -uNr php-5.0.4.orig/sapi/caudium/config.m4 php-5.0.4/sapi/caudium/config.m4 - PIKE_INCLUDE_DIR=`echo $PIKE_MODULE_DIR | sed -e 's,lib/pike/modules,include/pike,' -e 's,lib/modules,include/pike,' ` + PIKE_MODULE_DIR=`$PIKE --show-paths 2>&1| grep '^Master file' | sed -e 's/.*: //' -e 's/master.pike/modules/'` + PIKE_INCLUDE_DIR=`echo $PIKE_MODULE_DIR | sed -e 's,lib/modules,,' -e 's,modules,include,' ` - if test -z "$PIKE_INCLUDE_DIR" -o -z "$PIKE_MODULE_DIR"; then + if test -z "$PIKE_INCLUDE_DIR" || test -z "$PIKE_MODULE_DIR"; then AC_MSG_ERROR(Failed to figure out Pike module and include directories) fi @@ -82,7 +82,9 @@ @@ -285,8 +285,8 @@ diff -uNr php-5.0.4.orig/sapi/caudium/config.m4 php-5.0.4/sapi/caudium/config.m4 diff -uNr php-5.0.4.orig/sapi/cli/php.1.in php-5.0.4/sapi/cli/php.1.in --- php-5.0.4.orig/sapi/cli/php.1.in 2004-05-02 11:14:02.000000000 +0200 +++ php-5.0.4/sapi/cli/php.1.in 2005-04-27 11:14:32.936964136 +0200 -@@ -285,13 +285,17 @@ - or script is read from stdin +@@ -296,13 +296,17 @@ + .B name .SH FILES .TP 15 -.B php\-cli.ini diff --git a/debian/patches/013-force_getaddrinfo.patch b/debian/patches/013-force_getaddrinfo.patch index 6e3842d19..782527fd7 100644 --- a/debian/patches/013-force_getaddrinfo.patch +++ b/debian/patches/013-force_getaddrinfo.patch @@ -1,6 +1,6 @@ --- php4-4.3.10/configure.in 2004-12-15 17:00:57.000000000 -0700 +++ php4-4.3.10/configure.in 2004-12-15 17:03:30.000000000 -0700 -@@ -532,50 +532,50 @@ +@@ -533,50 +533,50 @@ dnl Check for getaddrinfo, should be a better way, but... dnl Also check for working getaddrinfo diff --git a/debian/patches/017-pread_pwrite_disable.patch b/debian/patches/017-pread_pwrite_disable.patch index 250f3e13b..f81bf17e6 100644 --- a/debian/patches/017-pread_pwrite_disable.patch +++ b/debian/patches/017-pread_pwrite_disable.patch @@ -1,6 +1,6 @@ --- php4-4.3.8/acinclude.m4.orig 2004-08-09 07:41:27.000000000 -0600 +++ php4-4.3.8/acinclude.m4 2004-08-09 07:42:19.000000000 -0600 -@@ -1112,7 +1112,7 @@ +@@ -1134,7 +1134,7 @@ } ],[ @@ -9,7 +9,7 @@ ],[ ac_cv_pwrite=no ],[ -@@ -1141,7 +1141,7 @@ +@@ -1163,7 +1163,7 @@ exit(0); } ],[ diff --git a/debian/patches/027-readline_is_editline.patch b/debian/patches/027-readline_is_editline.patch index 8c5ed9036..a07e52b1c 100644 --- a/debian/patches/027-readline_is_editline.patch +++ b/debian/patches/027-readline_is_editline.patch @@ -2,14 +2,14 @@ +++ php4-4.3.9/ext/readline/config.m4 2004-10-04 21:40:38.000000000 -0600 @@ -12,7 +12,7 @@ - if test "$PHP_READLINE" != "no"; then + if test "$PHP_READLINE" && test "$PHP_READLINE" != "no"; then for i in $PHP_READLINE /usr/local /usr; do - test -f $i/include/readline/readline.h && READLINE_DIR=$i && break + test -f $i/include/editline/readline.h && READLINE_DIR=$i && break done if test -z "$READLINE_DIR"; then -@@ -66,7 +66,7 @@ +@@ -64,7 +64,7 @@ elif test "$PHP_LIBEDIT" != "no"; then for i in $PHP_LIBEDIT /usr/local /usr; do @@ -20,9 +20,9 @@ if test -z "$LIBEDIT_DIR"; then --- php4-4.3.9/ext/readline/readline.c 2002-12-31 09:35:15.000000000 -0700 +++ php4-4.3.9/ext/readline/readline.c 2004-10-04 21:42:15.000000000 -0600 -@@ -29,9 +29,9 @@ - - #if HAVE_LIBREADLINE || HAVE_LIBEDIT +@@ -33,9 +33,9 @@ + #define rl_completion_matches completion_matches + #endif -#include <readline/readline.h> +#include <editline/readline.h> diff --git a/debian/patches/033-we_WANT_libtool.patch b/debian/patches/033-we_WANT_libtool.patch index 9d74869bc..d5e79c029 100644 --- a/debian/patches/033-we_WANT_libtool.patch +++ b/debian/patches/033-we_WANT_libtool.patch @@ -1,6 +1,6 @@ --- php4-4.3.10/build/build2.mk.orig 2005-02-06 00:49:53.000000000 -0700 +++ php4-4.3.10/build/build2.mk 2005-02-06 00:51:58.000000000 -0700 -@@ -55,6 +55,11 @@ +@@ -52,6 +52,11 @@ aclocal.m4: configure.in acinclude.m4 @echo rebuilding $@ diff --git a/debian/patches/053-extension_api.patch b/debian/patches/053-extension_api.patch index 77123b209..8ecec8d98 100644 --- a/debian/patches/053-extension_api.patch +++ b/debian/patches/053-extension_api.patch @@ -1,7 +1,7 @@ diff -ur php-5.0.4/configure.in php5-5.0.4/configure.in --- php-5.0.4/configure.in 2005-03-31 07:43:12.000000000 +1000 +++ php5-5.0.4/configure.in 2005-07-31 02:35:46.000000000 +1000 -@@ -972,8 +972,10 @@ +@@ -1039,8 +1039,10 @@ ZEND_MODULE_API_NO=`$EGREP '#define ZEND_MODULE_API_NO ' $srcdir/Zend/zend_modules.h|$SED 's/#define ZEND_MODULE_API_NO //'` @@ -13,7 +13,7 @@ diff -ur php-5.0.4/configure.in php5-5.0.4/configure.in if test "$oldstyleextdir" = "yes"; then if test "$PHP_DEBUG" = "1"; then part1=debug -@@ -1102,6 +1104,7 @@ +@@ -1169,6 +1171,7 @@ PHP_SUBST(CXXFLAGS) PHP_SUBST(CXXFLAGS_CLEAN) PHP_SUBST_OLD(DEBUG_CFLAGS) diff --git a/debian/patches/106-strptime_xopen.patch b/debian/patches/106-strptime_xopen.patch new file mode 100644 index 000000000..9723141c0 --- /dev/null +++ b/debian/patches/106-strptime_xopen.patch @@ -0,0 +1,15 @@ +--- php5-5.1.1.0/ext/standard/datetime.c.orig 2005-08-04 00:07:57.000000000 +1000 ++++ php5-5.1.1.0/ext/standard/datetime.c 2006-01-11 18:43:28.000000000 +1100 +@@ -20,11 +20,11 @@ + + /* $Id: datetime.c,v 1.134.2.2 2006/01/01 12:50:14 sniper Exp $ */ + ++#include "php.h" + #if HAVE_STRPTIME + #define _XOPEN_SOURCE + #endif + +-#include "php.h" + #include "zend_operators.h" + #include "datetime.h" + #include "php_globals.h" diff --git a/debian/patches/107-reflection_is_ext.patch b/debian/patches/107-reflection_is_ext.patch new file mode 100644 index 000000000..cc8b3418a --- /dev/null +++ b/debian/patches/107-reflection_is_ext.patch @@ -0,0 +1,11 @@ +--- php5-5.1.2/ext/reflection/config.m4.orig 2005-12-03 12:12:45.000000000 +1100 ++++ php5-5.1.2/ext/reflection/config.m4 2006-01-16 16:04:28.000000000 +1100 +@@ -2,7 +2,7 @@ + dnl config.m4 for extension reflection + + PHP_ARG_ENABLE(reflection, whether to enable reflection support, +-[ --disable-reflection Disable reflection support], yes, no) ++[ --disable-reflection Disable reflection support], yes) + + if test "$PHP_REFLECTION" != "no"; then + if test "$ext_shared" = "yes"; then diff --git a/debian/rules b/debian/rules index f34986527..7f413264c 100755 --- a/debian/rules +++ b/debian/rules @@ -126,7 +126,7 @@ unpatch: fi rm -f patch-stamp -build: build-apache-stamp build-apache2-stamp build-cgi-stamp build-cli-stamp +build: build-apache-stamp build-apache2-stamp build-cgi-stamp build-cli-stamp build-pear-stamp build-apache-stamp: configure-apache-stamp dh_testdir # Add here commands to compile the package. @@ -163,6 +163,12 @@ build-cgi-stamp: configure-cgi-stamp touch build-cgi-stamp +build-pear-stamp: build-cgi-stamp + dh_testdir + -mkdir pear-build + cd cgi-build && make install-pear PHP_PEAR_PHP_BIN=/usr/bin/php PHP_PEAR_INSTALL_DIR=/usr/share/php PHP_PEAR_SYSCONF_DIR=/etc/pear PHP_PEAR_SIG_BIN=/usr/bin/gpg INSTALL_ROOT=$(CURDIR)/pear-build + touch build-pear-stamp + configure: configure-apache-stamp configure-apache2-stamp configure-cli-stamp configure-cgi-stamp configure-apache-stamp: patch-stamp dh_testdir @@ -265,6 +271,7 @@ clean: unpatch rm -f configure-apache2-stamp build-apache2-stamp rm -f configure-cgi-stamp build-cgi-stamp rm -f configure-cli-stamp build-cli-stamp + rm -f build-pear-stamp rm -f install-stamp # Add here commands to clean up after the build process. @@ -273,6 +280,7 @@ clean: unpatch rm -rf apache2-build rm -rf cgi-build rm -rf cli-build + rm -rf pear-build rm -f debian/copyright dh_clean @@ -324,8 +332,9 @@ install: build Zend/zend_config.{nw,w32}.h \ main/config.{nw,w32}.h \ main/win95nt.h + # install PEAR - cd cgi-build && make install-pear PHP_PEAR_PHP_BIN=/usr/bin/php PHP_PEAR_INSTALL_DIR=/usr/share/php PHP_PEAR_SYSCONF_DIR=/etc/pear PHP_PEAR_SIG_BIN=/usr/bin/gpg INSTALL_ROOT=$(CURDIR)/debian/php-pear + cp -r pear-build/* debian/php-pear/ # install extensions ext=`./debian/libapache2-mod-php5/usr/bin/php-config --extension-dir`;\ |