Debian Bug report logs - #546164
pear download directory is inherited from the build

version graph

Package: php-pear; Maintainer for php-pear is Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>; Source for php-pear is src:php5.

Reported by: Federico Gimenez Nieto <fgimenez@coit.es>

Date: Fri, 11 Sep 2009 10:48:01 UTC

Severity: important

Tags: security, sid, squeeze, wheezy

Merged with 574671

Found in versions 5.2.10.dfsg.1-2.2, 5.2.11.dsfg.1-1

Fixed in version php5/5.3.6-1

Done: Ondřej Surý <ondrej@debian.org>

Bug is archived. No further changes may be made.

Forwarded to http://pear.php.net/bugs/18056

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#546164; Package php-pear. (Fri, 11 Sep 2009 10:48:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Federico Gimenez Nieto <fgimenez@coit.es>:
New Bug report received and forwarded. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Fri, 11 Sep 2009 10:48:06 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Federico Gimenez Nieto <fgimenez@coit.es>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: php-pear: refuses to install anything
Date: Fri, 11 Sep 2009 12:35:38 +0200
Package: php-pear
Version: 5.2.10.dfsg.1-2.2
Severity: normal

Hi,

Having a package like [1] unpacked at /home/fgimenez/php-net-sieve, the command

  pear install -O /home/fgimenez/php-net-sieve/NET_Sieve-1.1.7/package.xml

gives:

  download directory "/home/aba/php5-5.2.10.dfsg.1/pear-build-download" is not writeable.  Change download_dir config variable to a writeable dir
  Cannot download non-local package "/home/fgimenez/php-net-sieve/NET_Sieve-1.1.7/package.xml"
  install failed

This prevents also the building of pear packages (tested with cdbs and dh-make-php, probably with debhelper).

Cheers,
Federico

[1] http://download.pear.php.net/package/Net_Sieve-1.1.7.tgz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.30-1-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages php-pear depends on:
ii  php5-cli               5.2.10.dfsg.1-2.2 command-line interpreter for the p
ii  php5-common            5.2.10.dfsg.1-2.2 Common files for packages built fr

Versions of packages php-pear recommends:
ii  gnupg                         1.4.10-1   GNU privacy guard - a free PGP rep

Versions of packages php-pear suggests:
pn  php5-dev | php4-dev           <none>     (no description available)

-- no debconf information




Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#546164; Package php-pear. (Fri, 11 Sep 2009 12:45:11 GMT) Full text and rfc822 format available.

Acknowledgement sent to Federico Gimenez Nieto <fgimenez@coit.es>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Fri, 11 Sep 2009 12:45:11 GMT) Full text and rfc822 format available.

Message #10 received at 546164@bugs.debian.org (full text, mbox):

From: Federico Gimenez Nieto <fgimenez@coit.es>
To: 546164@bugs.debian.org
Subject: User related comments
Date: Fri, 11 Sep 2009 14:36:06 +0200
To be more precise, the command issued to install as a common user is:

  pear -d include_path=/usr/share/php -d php_dir=/home/fgimenez/php-net-sieve -d data_dir=/home/fgimenez/php-net-sieve -d doc_dir=/home/fgimenez/php-net-sieve -d test_dir=/home/fgimenez/php-net-sieve install -O -P /home/fgimenez/php-net-sieve /home/fgimenez/php-net-sieve/Net_Sieve-1.1.7/package.xml

and it gives the same result:

  download directory "/home/aba/php5-5.2.10.dfsg.1/pear-build-download" is not writeable.  Change download_dir config variable to a writeable dir

  Cannot download non-local package "Net_Sieve-1.1.7/package.xml"

  install failed

If the command is executed by root, a /home/aba/php5-5.2.10.dfsg.1/pear-build-download is created.


Cheers,

Federico





Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#546164; Package php-pear. (Sat, 12 Sep 2009 09:33:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Federico Gimenez Nieto <fgimenez@coit.es>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Sat, 12 Sep 2009 09:33:04 GMT) Full text and rfc822 format available.

Message #15 received at 546164@bugs.debian.org (full text, mbox):

From: Federico Gimenez Nieto <fgimenez@coit.es>
To: control@bugs.debian.org
Cc: 546164@bugs.debian.org
Subject: Patch?
Date: Sat, 12 Sep 2009 11:25:51 +0200
[Message part 1 (text/plain, inline)]
tags 546164 patch
thanks

Hi,

This seems to be related to the definition of the PHP_PEAR_DOWNLOAD_DIR
constant at the build-pear-stamp rule in the debian/rules file,
moreover, the definition seems to be somehow misplaced (but it is taken
into account anyway!). I've attached a patch that removes that
definition (and the creation of the related directory), don't know if
this could have any negative side effects.

Hope this helps. Cheers,
Federico
[546164.patch (text/x-patch, attachment)]

Added tag(s) patch. Request was from Federico Gimenez Nieto <fgimenez@coit.es> to control@bugs.debian.org. (Sat, 12 Sep 2009 09:33:08 GMT) Full text and rfc822 format available.

Changed Bug title to 'php-pear: fails to install packages as normal user' from 'php-pear: refuses to install anything' Request was from Federico Gimenez Nieto <fgimenez@coit.es> to control@bugs.debian.org. (Sun, 13 Sep 2009 07:51:50 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#546164; Package php-pear. (Tue, 15 Sep 2009 19:09:07 GMT) Full text and rfc822 format available.

Message #22 received at 546164@bugs.debian.org (full text, mbox):

From: Raphael Geissert <geissert@debian.org>
To: Federico Gimenez Nieto <fgimenez@coit.es>
Cc: control@bugs.debian.org, 546164@bugs.debian.org
Subject: Re: Patch?
Date: Tue, 15 Sep 2009 14:06:16 -0500
tag 546164 - patch
severity 546164 grave
retitle 546164 pear download directory is inherited from the build
thanks

Hi Federico,

On Saturday 12 September 2009 04:25:51 Federico Gimenez Nieto wrote:
>
> Hi,
>
> This seems to be related to the definition of the PHP_PEAR_DOWNLOAD_DIR
> constant at the build-pear-stamp rule in the debian/rules file,

That's right. It was needed so that multiple users could build the package on 
the same machine, but it was never meant to be propagated to the config file 
(until recently the config file was never read).

> moreover, the definition seems to be somehow misplaced (but it is taken
> into account anyway!). 

It isn't, that's the way to set env vars.

> I've attached a patch that removes that 
> definition (and the creation of the related directory), don't know if
> this could have any negative side effects.
>

That would reintroduce the bug that originally lead us to change the download 
directory.

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net




Removed tag(s) patch. Request was from Raphael Geissert <geissert@debian.org> to control@bugs.debian.org. (Tue, 15 Sep 2009 19:09:08 GMT) Full text and rfc822 format available.

Severity set to 'grave' from 'normal' Request was from Raphael Geissert <geissert@debian.org> to control@bugs.debian.org. (Tue, 15 Sep 2009 19:09:09 GMT) Full text and rfc822 format available.

Changed Bug title to 'pear download directory is inherited from the build' from 'php-pear: fails to install packages as normal user' Request was from Raphael Geissert <geissert@debian.org> to control@bugs.debian.org. (Tue, 15 Sep 2009 19:09:10 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#546164; Package php-pear. (Wed, 16 Sep 2009 15:51:05 GMT) Full text and rfc822 format available.

Message #31 received at 546164@bugs.debian.org (full text, mbox):

From: Raphael Geissert <geissert@debian.org>
To: Federico Giménez Nieto <fgimenez@coit.es>
Cc: 546164@bugs.debian.org
Subject: Re: Patch?
Date: Wed, 16 Sep 2009 10:19:47 -0500
Hi,

[Please keep the bug CCed]

On Wednesday 16 September 2009 01:56:02 Federico Giménez Nieto wrote:
> Hi Raphael,
>
> 2009/9/15 Raphael Geissert <geissert@debian.org>
>
> > tag 546164 - patch
> > severity 546164 grave
> > retitle 546164 pear download directory is inherited from the build
> > thanks
> >
> > Hi Federico,
> >
> > On Saturday 12 September 2009 04:25:51 Federico Gimenez Nieto wrote:
[...]
> > That would reintroduce the bug that originally lead us to change the
> > download
> > directory.
>
> Ok, thanks. I didn't know that you were aware of all this, i'll ask you
> before fillling another php-related bug report.

The report was ok, the patch wasn't, and as you may guess the work for the 
maintainer is more or less the same whether it is a private mail or not.
You should always file the bug reports :)

>
> It seems that this is causing also [1], should these two bugs be merged?

No, not merged. This bug should be marked as affecting (see the 'affects' BTS 
keyword) the other package.

I guess I'll be uploading a fixed package tonight, although I don't like the 
sort of changes we have to make to workaround pear's brokenness.

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net




Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#546164; Package php-pear. (Wed, 23 Sep 2009 07:12:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Federico Gimenez Nieto <fgimenez@coit.es>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>. (Wed, 23 Sep 2009 07:12:03 GMT) Full text and rfc822 format available.

Message #36 received at 546164@bugs.debian.org (full text, mbox):

From: Federico Gimenez Nieto <fgimenez@coit.es>
To: 546164@bugs.debian.org
Subject: Already fixed
Date: Wed, 23 Sep 2009 08:58:29 +0200
Hi,

This seems to be fixed after the upload of 5.2.11.dsfg.1-1.

Thanks,
Federico




Reply sent to sean finney <seanius@debian.org>:
You have taken responsibility. (Wed, 23 Sep 2009 07:42:42 GMT) Full text and rfc822 format available.

Notification sent to Federico Gimenez Nieto <fgimenez@coit.es>:
Bug acknowledged by developer. (Wed, 23 Sep 2009 07:42:42 GMT) Full text and rfc822 format available.

Message #41 received at 546164-done@bugs.debian.org (full text, mbox):

From: sean finney <seanius@debian.org>
To: Federico Gimenez Nieto <fgimenez@coit.es>, 546164-done@bugs.debian.org
Subject: Re: [php-maint] Bug#546164: Already fixed
Date: Wed, 23 Sep 2009 09:22:45 +0200
[Message part 1 (text/plain, inline)]
Version: 5.2.11.dsfg.1-1

hi federico,

On Wed, Sep 23, 2009 at 08:58:29AM +0200, Federico Gimenez Nieto wrote:
> This seems to be fixed after the upload of 5.2.11.dsfg.1-1.

great, thanks for letting us know.  it's a bit odd since i don't think
we did anything explicitly for this, nor was there anything in the
upstream changelog mentioning the problem/fix... but hey, i'll take a
free fix :)


	sean
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#546164; Package php-pear. (Sat, 03 Oct 2009 20:24:03 GMT) Full text and rfc822 format available.

Message #44 received at 546164@bugs.debian.org (full text, mbox):

From: Raphael Geissert <geissert@debian.org>
To: Federico Gimenez Nieto <fgimenez@coit.es>
Cc: 546164@bugs.debian.org, control@bugs.debian.org
Subject: Re: [php-maint] Bug#546164: Already fixed
Date: Sat, 3 Oct 2009 15:23:46 -0500
found 546164 5.2.11.dsfg.1-1
severity 546164 important
tag 546164 security
thanks

On Wednesday 23 September 2009 02:22:45 sean finney wrote:
> Version: 5.2.11.dsfg.1-1
>
> hi federico,
>
> On Wed, Sep 23, 2009 at 08:58:29AM +0200, Federico Gimenez Nieto wrote:
> > This seems to be fixed after the upload of 5.2.11.dsfg.1-1.
>
> great, thanks for letting us know.  it's a bit odd since i don't think
> we did anything explicitly for this, nor was there anything in the
> upstream changelog mentioning the problem/fix... but hey, i'll take a
> free fix :)
>

Nah, it was not fixed. It stopped being an RC issue because the tmpdir path is 
now set to something under /tmp, which an unprivileged user can create. I 
have a patch to workaround it by restoring the value originally set by 
PEAR::Config, but this still doesn't solve the real issue (and it is also 
open to symlink attacks[1]).

[1] I don't remember the exact test conditions I used to test the symlink 
attack, though, as I did it in a rush.

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net




Bug Marked as found in versions 5.2.11.dsfg.1-1; no longer marked as fixed in versions 5.2.11.dsfg.1-1 and reopened. Request was from Raphael Geissert <geissert@debian.org> to control@bugs.debian.org. (Sat, 03 Oct 2009 20:24:06 GMT) Full text and rfc822 format available.

Severity set to 'important' from 'grave' Request was from Raphael Geissert <geissert@debian.org> to control@bugs.debian.org. (Sat, 03 Oct 2009 20:24:07 GMT) Full text and rfc822 format available.

Added tag(s) security. Request was from Raphael Geissert <geissert@debian.org> to control@bugs.debian.org. (Sat, 03 Oct 2009 20:24:07 GMT) Full text and rfc822 format available.

Merged 546164 574671. Request was from Guillaume Delacour <gui@iroqwa.org> to control@bugs.debian.org. (Thu, 03 Jun 2010 19:42:08 GMT) Full text and rfc822 format available.

Set Bug forwarded-to-address to 'http://pear.php.net/bugs/18056'. Request was from Ondřej Surý <ondrej@sury.org> to control@bugs.debian.org. (Sun, 14 Nov 2010 14:30:03 GMT) Full text and rfc822 format available.

Added tag(s) wheezy. Request was from Kurt Roeckx <kurt@roeckx.be> to control@bugs.debian.org. (Wed, 16 Feb 2011 19:03:29 GMT) Full text and rfc822 format available.

Reply sent to Ondřej Surý <ondrej@debian.org>:
You have taken responsibility. (Fri, 18 Mar 2011 22:06:03 GMT) Full text and rfc822 format available.

Notification sent to Federico Gimenez Nieto <fgimenez@coit.es>:
Bug acknowledged by developer. (Fri, 18 Mar 2011 22:06:03 GMT) Full text and rfc822 format available.

Message #61 received at 546164-close@bugs.debian.org (full text, mbox):

From: Ondřej Surý <ondrej@debian.org>
To: 546164-close@bugs.debian.org
Subject: Bug#546164: fixed in php5 5.3.6-1
Date: Fri, 18 Mar 2011 22:03:08 +0000
Source: php5
Source-Version: 5.3.6-1

We believe that the bug you reported is fixed in the latest version of
php5, which is due to be installed in the Debian FTP archive:

libapache2-mod-php5_5.3.6-1_amd64.deb
  to main/p/php5/libapache2-mod-php5_5.3.6-1_amd64.deb
libapache2-mod-php5filter_5.3.6-1_amd64.deb
  to main/p/php5/libapache2-mod-php5filter_5.3.6-1_amd64.deb
php-pear_5.3.6-1_all.deb
  to main/p/php5/php-pear_5.3.6-1_all.deb
php5-cgi_5.3.6-1_amd64.deb
  to main/p/php5/php5-cgi_5.3.6-1_amd64.deb
php5-cli_5.3.6-1_amd64.deb
  to main/p/php5/php5-cli_5.3.6-1_amd64.deb
php5-common_5.3.6-1_amd64.deb
  to main/p/php5/php5-common_5.3.6-1_amd64.deb
php5-curl_5.3.6-1_amd64.deb
  to main/p/php5/php5-curl_5.3.6-1_amd64.deb
php5-dbg_5.3.6-1_amd64.deb
  to main/p/php5/php5-dbg_5.3.6-1_amd64.deb
php5-dev_5.3.6-1_amd64.deb
  to main/p/php5/php5-dev_5.3.6-1_amd64.deb
php5-enchant_5.3.6-1_amd64.deb
  to main/p/php5/php5-enchant_5.3.6-1_amd64.deb
php5-fpm_5.3.6-1_amd64.deb
  to main/p/php5/php5-fpm_5.3.6-1_amd64.deb
php5-gd_5.3.6-1_amd64.deb
  to main/p/php5/php5-gd_5.3.6-1_amd64.deb
php5-gmp_5.3.6-1_amd64.deb
  to main/p/php5/php5-gmp_5.3.6-1_amd64.deb
php5-imap_5.3.6-1_amd64.deb
  to main/p/php5/php5-imap_5.3.6-1_amd64.deb
php5-interbase_5.3.6-1_amd64.deb
  to main/p/php5/php5-interbase_5.3.6-1_amd64.deb
php5-intl_5.3.6-1_amd64.deb
  to main/p/php5/php5-intl_5.3.6-1_amd64.deb
php5-ldap_5.3.6-1_amd64.deb
  to main/p/php5/php5-ldap_5.3.6-1_amd64.deb
php5-mcrypt_5.3.6-1_amd64.deb
  to main/p/php5/php5-mcrypt_5.3.6-1_amd64.deb
php5-mysql_5.3.6-1_amd64.deb
  to main/p/php5/php5-mysql_5.3.6-1_amd64.deb
php5-odbc_5.3.6-1_amd64.deb
  to main/p/php5/php5-odbc_5.3.6-1_amd64.deb
php5-pgsql_5.3.6-1_amd64.deb
  to main/p/php5/php5-pgsql_5.3.6-1_amd64.deb
php5-pspell_5.3.6-1_amd64.deb
  to main/p/php5/php5-pspell_5.3.6-1_amd64.deb
php5-recode_5.3.6-1_amd64.deb
  to main/p/php5/php5-recode_5.3.6-1_amd64.deb
php5-snmp_5.3.6-1_amd64.deb
  to main/p/php5/php5-snmp_5.3.6-1_amd64.deb
php5-sqlite_5.3.6-1_amd64.deb
  to main/p/php5/php5-sqlite_5.3.6-1_amd64.deb
php5-sybase_5.3.6-1_amd64.deb
  to main/p/php5/php5-sybase_5.3.6-1_amd64.deb
php5-tidy_5.3.6-1_amd64.deb
  to main/p/php5/php5-tidy_5.3.6-1_amd64.deb
php5-xmlrpc_5.3.6-1_amd64.deb
  to main/p/php5/php5-xmlrpc_5.3.6-1_amd64.deb
php5-xsl_5.3.6-1_amd64.deb
  to main/p/php5/php5-xsl_5.3.6-1_amd64.deb
php5_5.3.6-1.diff.gz
  to main/p/php5/php5_5.3.6-1.diff.gz
php5_5.3.6-1.dsc
  to main/p/php5/php5_5.3.6-1.dsc
php5_5.3.6-1_all.deb
  to main/p/php5/php5_5.3.6-1_all.deb
php5_5.3.6.orig.tar.gz
  to main/p/php5/php5_5.3.6.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 546164@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ondřej Surý <ondrej@debian.org> (supplier of updated php5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 18 Mar 2011 15:51:50 +0100
Source: php5
Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-fpm php5-dev php5-dbg php-pear php5-curl php5-enchant php5-gd php5-gmp php5-imap php5-interbase php5-intl php5-ldap php5-mcrypt php5-mysql php5-odbc php5-pgsql php5-pspell php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl
Architecture: source amd64 all
Version: 5.3.6-1
Distribution: unstable
Urgency: low
Maintainer: Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
Changed-By: Ondřej Surý <ondrej@debian.org>
Description: 
 libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 module)
 libapache2-mod-php5filter - server-side, HTML-embedded scripting language (apache 2 filter mo
 php-pear   - PEAR - PHP Extension and Application Repository
 php5       - server-side, HTML-embedded scripting language (metapackage)
 php5-cgi   - server-side, HTML-embedded scripting language (CGI binary)
 php5-cli   - command-line interpreter for the php5 scripting language
 php5-common - Common files for packages built from the php5 source
 php5-curl  - CURL module for php5
 php5-dbg   - Debug symbols for PHP5
 php5-dev   - Files for PHP5 module development
 php5-enchant - Enchant module for php5
 php5-fpm   - server-side, HTML-embedded scripting language (FPM-CGI binary)
 php5-gd    - GD module for php5
 php5-gmp   - GMP module for php5
 php5-imap  - IMAP module for php5
 php5-interbase - interbase/firebird module for php5
 php5-intl  - internationalisation module for php5
 php5-ldap  - LDAP module for php5
 php5-mcrypt - MCrypt module for php5
 php5-mysql - MySQL module for php5
 php5-odbc  - ODBC module for php5
 php5-pgsql - PostgreSQL module for php5
 php5-pspell - pspell module for php5
 php5-recode - recode module for php5
 php5-snmp  - SNMP module for php5
 php5-sqlite - SQLite module for php5
 php5-sybase - Sybase / MS SQL Server module for php5
 php5-tidy  - tidy module for php5
 php5-xmlrpc - XML-RPC module for php5
 php5-xsl   - XSL module for php5
Closes: 546164 581170 601243 603012 615770 618489
Changes: 
 php5 (5.3.6-1) unstable; urgency=low
 .
   * Imported Upstream version 5.3.6
     + PEAR updated to 1.9.2 (CVE-2011-1072)
   * Cherry-pick CVE-2011-1144 from PEAR 1.9.3 (Closes: #546164)
   * Debian packaging:
     + Start using pristine-tar
     + Remove patches merged upstream or otherwise deprecated
     + Move php5-fpm.postrm extras to debian/rules
   * FPM SAPI changes:
     + Set initial chdir to /tmp in www pool (Closes: #601243)
     + Rename main configuration file to php-fpm.conf to match upstream
     + Enable error reporting in init.d file
     + Patch FPM SAPI to use Debian php-fpm.conf as default
   * Fix regression with missing CRYPT_SALT_LENGTH (Closes: #603012)
   * Generate SHA512 salt string when provided salt is null (Closes: #581170)
   * Fix FTBFS with gold or ld --no-add-needed (Closes: #615770)
   * Don't mmap large >4GB files
   * CVE-2011-0441: Be more careful when removing session files
     (Closes: #618489)
Checksums-Sha1: 
 ac0fec3613e3ccf55a10334e4f2fcb07dde379a9 2768 php5_5.3.6-1.dsc
 9abcdea458c096c789504727e90706d7085e9755 14368718 php5_5.3.6.orig.tar.gz
 122c49cd624c0ed4554da5dbe61c514d73bc22d9 188922 php5_5.3.6-1.diff.gz
 459ac30531ad372156ccaea59b5143aeaf3e041b 555076 php5-common_5.3.6-1_amd64.deb
 4144a0432e135d02933cbfe70b022404c3e9ca17 3089428 libapache2-mod-php5_5.3.6-1_amd64.deb
 8df9c39a583dce12b66348aadec15ca85be5074b 3088008 libapache2-mod-php5filter_5.3.6-1_amd64.deb
 eee8b39edfbdbc6e356452a4378022771c8a20b4 5995188 php5-cgi_5.3.6-1_amd64.deb
 0f21b3db69b153e395bf9f6d420800d8e76d258a 2994576 php5-cli_5.3.6-1_amd64.deb
 185994bb9286ad19a9cbda6c60f07b0faf0165ef 3032582 php5-fpm_5.3.6-1_amd64.deb
 0409de1157c4b97e20a63ffbeed91db3c5c6a024 411614 php5-dev_5.3.6-1_amd64.deb
 f7c913a3d85b4ee6e1f031914e9ee12e40dadbd7 12784592 php5-dbg_5.3.6-1_amd64.deb
 df9b0dbd9e0f1dc49e5306a2742507039b8e78b2 27382 php5-curl_5.3.6-1_amd64.deb
 a2297efe73b82d2bea6d83605a360b4d94b8d61f 9124 php5-enchant_5.3.6-1_amd64.deb
 06a12c0fa09a620bb8a572e5b7ec3dd0e43bdc9c 39660 php5-gd_5.3.6-1_amd64.deb
 fb1a81c1c8436827a50ebbb2ae18a290553f37ff 16582 php5-gmp_5.3.6-1_amd64.deb
 503aecbbe24937a909061a5136c3df6ed478eed7 35768 php5-imap_5.3.6-1_amd64.deb
 f2bdcda89d96346ef4b9a73cc38f7d8b2efc30aa 50082 php5-interbase_5.3.6-1_amd64.deb
 c769e4d21ef7e29cff671c223dc7f1db07ad97f3 61368 php5-intl_5.3.6-1_amd64.deb
 a3de9a6a2367b54d5b64ef0b378157bd0e42e294 19970 php5-ldap_5.3.6-1_amd64.deb
 cbabd15f7a5b2efa654faf98f0d44bdd128b5e10 15362 php5-mcrypt_5.3.6-1_amd64.deb
 1f79244cd11108fa44ce9d28b6d0815fcba0ad5c 77768 php5-mysql_5.3.6-1_amd64.deb
 9d5afe996673e41fd7c12e9b2ecd5f64b71d53e3 36820 php5-odbc_5.3.6-1_amd64.deb
 accd1f2e568f9333945f20acbd7f17c798d458f8 61138 php5-pgsql_5.3.6-1_amd64.deb
 0afef8f1669dbde0ce874d4e51081c1710707241 8410 php5-pspell_5.3.6-1_amd64.deb
 a1c7c003a9232086c8bd6df9c94f9fe9c9381605 4348 php5-recode_5.3.6-1_amd64.deb
 94f6530606b61d3343bd6efff66431c6c5810e94 11158 php5-snmp_5.3.6-1_amd64.deb
 e658bbfb305086398ddf594fe9da66cf1325591a 57182 php5-sqlite_5.3.6-1_amd64.deb
 495560bb6efb4285e2846f69ab4934a63ef14c69 26918 php5-sybase_5.3.6-1_amd64.deb
 2d90327dfa639088b80f1f1ac437d643e22e93da 18468 php5-tidy_5.3.6-1_amd64.deb
 3fafa791fce56dd59f66d7ad81eb5406b2824073 35720 php5-xmlrpc_5.3.6-1_amd64.deb
 523d6de4c385471eddccf4d7aaaac72413130446 13662 php5-xsl_5.3.6-1_amd64.deb
 349d3f37c0f7c3b80379135458d9ac5a5a6133d5 1058 php5_5.3.6-1_all.deb
 463a4d9154894bd596f9ab21b640b5effa58859a 366050 php-pear_5.3.6-1_all.deb
Checksums-Sha256: 
 541da803c491e1b1f130795726da0eca6f385dd09423ec226fa0929a9739999c 2768 php5_5.3.6-1.dsc
 521a9d140b4cab324aeceed31409a797de20680842071016d60cc5ae3cc9462e 14368718 php5_5.3.6.orig.tar.gz
 0d1102f5c6f0c38d0e9f8a17fe6cc040c2cfbac132ccdfa7ab7852fe21e08bab 188922 php5_5.3.6-1.diff.gz
 3434953ca189a4ec00e57fde3500d3fc340bd648163c43bdea9559bf0756363b 555076 php5-common_5.3.6-1_amd64.deb
 80a52be523cad7c919f4c460d4b7a4f9dfa066f19d76e59ae9b45fe5dea80c77 3089428 libapache2-mod-php5_5.3.6-1_amd64.deb
 460b829b0b6ab4eef283b464805b82a93bac612add7e86ed12d65dc1d72ade02 3088008 libapache2-mod-php5filter_5.3.6-1_amd64.deb
 b03339908d984460cd2912d7825924c640ef614f33fc605d38a413f688d30e8d 5995188 php5-cgi_5.3.6-1_amd64.deb
 8ecbabfedd188144d0aa882340a97165c40987f2e8d7af44cb75912369f50cb4 2994576 php5-cli_5.3.6-1_amd64.deb
 ceaccaeb6b70718793c23c85f884dd61daae5cf3ccf873dba0bdbcb3267e04ca 3032582 php5-fpm_5.3.6-1_amd64.deb
 9a6ca1c3de6cba96b15135b21c902945ac70e6cd9223899991c3859729dce082 411614 php5-dev_5.3.6-1_amd64.deb
 4bfcd094eac19db64dd16eedc22a4dc4092ae2875795403e4820c6c3c786fa5e 12784592 php5-dbg_5.3.6-1_amd64.deb
 a7889e55262179a51c7f054608a44acf9f9914c3af8a86cbffba5eb173d27e30 27382 php5-curl_5.3.6-1_amd64.deb
 1803fb312f9d22d66d5b42dde5c299e079a392f519c5f5d6178f2e7c0cb7e53e 9124 php5-enchant_5.3.6-1_amd64.deb
 dd4f93487031468d449c3f95a5a6c6b679941224539a7e1f0122972a346bc3f0 39660 php5-gd_5.3.6-1_amd64.deb
 9ae892b6a11a12cbcb61630d41bafb1a0f389da74f383b80bc392f2934477d4d 16582 php5-gmp_5.3.6-1_amd64.deb
 55a3f4bc0157632d3d1d26a8dfa696647806504ab3548dea8b450cb7bc95f3a1 35768 php5-imap_5.3.6-1_amd64.deb
 cfec79678acaa7d4c44cf8bffd2095f95dc5822cb87cc16280e6401e88dc0dac 50082 php5-interbase_5.3.6-1_amd64.deb
 de00b2edafaf3550a823677beb63db331c2f8c081db8eae8a966f41065f11511 61368 php5-intl_5.3.6-1_amd64.deb
 a4ebae57000f491969103d8165989024b04f808cbd01902c5dc9fc1786b00ea3 19970 php5-ldap_5.3.6-1_amd64.deb
 e4e3494bd865b25763a49d223f75c0f2babf25b9bad8df3d0155a14812c6f560 15362 php5-mcrypt_5.3.6-1_amd64.deb
 7fb2036f68ccfdc3bd62e4a81f4f9efbb6c37d5ef7a6a6fea902cbcac701e44d 77768 php5-mysql_5.3.6-1_amd64.deb
 b282913d65b3dd263863f0fe0c4e5aa81a6424d59cc73ad45f24c63e2165f9cd 36820 php5-odbc_5.3.6-1_amd64.deb
 3cf841fe7d3ad6b0a2ec31bc0f4cd1c26d1f363b157e12b7bb1eb0bdbe2e52bb 61138 php5-pgsql_5.3.6-1_amd64.deb
 036c512a03083bd7554b9d71a014de8d09bd2f0958890df26e82d8f72a744be9 8410 php5-pspell_5.3.6-1_amd64.deb
 386c035aff336861f7699eed00a97c792a5f63445a2f7213cd81644ea777b067 4348 php5-recode_5.3.6-1_amd64.deb
 78f6947e5aac2d55c145c05f428a4ee877a80621fb09b3f807e5d0d389ef01f2 11158 php5-snmp_5.3.6-1_amd64.deb
 13c6ff3085cf013759c8cde501ac18e12569e2f890ec88f7a3b846e795e40eb4 57182 php5-sqlite_5.3.6-1_amd64.deb
 7752553a02cbe76cf59473bd2fe3060369362d7c2884ff9f256fda9ecc71d91c 26918 php5-sybase_5.3.6-1_amd64.deb
 c56972ee80e216459c0b2fa3346615d475b0c29187c88134b334d4c8e68b678c 18468 php5-tidy_5.3.6-1_amd64.deb
 5da23e07f73c0a96d4f60057a225b4f2c2b66651a5e53656519e2ce8c9146156 35720 php5-xmlrpc_5.3.6-1_amd64.deb
 91256dfe493a7467dcee1b4fc96ac985997e840d1313226e17b7d0bb42c0b9a9 13662 php5-xsl_5.3.6-1_amd64.deb
 ddcd29fae4f3ede7bb78404bcc0a33bcd44bfe41f0be627c8bd9a64e6603c5f6 1058 php5_5.3.6-1_all.deb
 22f42b16a74aa206193bd97e8a48b973907bbcfc4e4e883cac3f5a3a23427724 366050 php-pear_5.3.6-1_all.deb
Files: 
 c5caae5a6ea1b44e6616198994e51841 2768 php optional php5_5.3.6-1.dsc
 88a2b00047bc53afbbbdf10ebe28a57e 14368718 php optional php5_5.3.6.orig.tar.gz
 d9f6365a2e1f3849a4ddfea61d9f92c1 188922 php optional php5_5.3.6-1.diff.gz
 9c21d652b09e32d090b077c071c01bb1 555076 php optional php5-common_5.3.6-1_amd64.deb
 24ea20c13e6a780acd5aa3dd358104a7 3089428 httpd optional libapache2-mod-php5_5.3.6-1_amd64.deb
 1c99432aaa3f391f060f1547715034cd 3088008 httpd optional libapache2-mod-php5filter_5.3.6-1_amd64.deb
 1391c85b75ea78229691546bd68c6204 5995188 php optional php5-cgi_5.3.6-1_amd64.deb
 d8c4ba74d3d0d37e21e0150ace2d29ba 2994576 php optional php5-cli_5.3.6-1_amd64.deb
 aff106de467354cf7bc4f7d85553f4a7 3032582 php optional php5-fpm_5.3.6-1_amd64.deb
 3584ff0dd9f2a5f6b9bac8b31b322978 411614 php optional php5-dev_5.3.6-1_amd64.deb
 e4e73d556e2917f2edff95224986209b 12784592 debug extra php5-dbg_5.3.6-1_amd64.deb
 ea4e5485183b8fa6b5b39ecd338787aa 27382 php optional php5-curl_5.3.6-1_amd64.deb
 93c578e055301e376cb98e37e63cefbf 9124 php optional php5-enchant_5.3.6-1_amd64.deb
 eaf69c32a867ec44f7fde9870b0014fe 39660 php optional php5-gd_5.3.6-1_amd64.deb
 87c0fd21b859ea728575e3805d611539 16582 php optional php5-gmp_5.3.6-1_amd64.deb
 e99575af4d000adb1b62766c1035a2e7 35768 php optional php5-imap_5.3.6-1_amd64.deb
 c61aa8f686d4dfefcc770f6b25a7c45f 50082 php optional php5-interbase_5.3.6-1_amd64.deb
 9e9b0d5fa8dbc426589ffed2980ddc11 61368 php optional php5-intl_5.3.6-1_amd64.deb
 6a54b54ecc94da5457f37c9bc5604f13 19970 php optional php5-ldap_5.3.6-1_amd64.deb
 9319f1f34cb626b81f3011ed05cfec76 15362 php optional php5-mcrypt_5.3.6-1_amd64.deb
 6f0d186a91e15498dca983c8dd67355a 77768 php optional php5-mysql_5.3.6-1_amd64.deb
 8f2cf7d7a2c3e0abb46749ee7f48c46d 36820 php optional php5-odbc_5.3.6-1_amd64.deb
 fe131ab767a611efcd41264134a5edb3 61138 php optional php5-pgsql_5.3.6-1_amd64.deb
 657943a76100576f4a02035e16189fe8 8410 php optional php5-pspell_5.3.6-1_amd64.deb
 216ef42422fdcc83ad84c066925ded87 4348 php optional php5-recode_5.3.6-1_amd64.deb
 6d35834b5f69770e40cb9ee2fff50cf6 11158 php optional php5-snmp_5.3.6-1_amd64.deb
 fb48a361614c9f5fc4d3ce721ee67414 57182 php optional php5-sqlite_5.3.6-1_amd64.deb
 a0a7c60f80b84c42cbdd6383f4be18eb 26918 php optional php5-sybase_5.3.6-1_amd64.deb
 42131f7103c4a9673f3b4c88d59eaad0 18468 php optional php5-tidy_5.3.6-1_amd64.deb
 7fd9764f79e614bf177b88735e48e7af 35720 php optional php5-xmlrpc_5.3.6-1_amd64.deb
 348dde8ed31748aa01039c4944733ba5 13662 php optional php5-xsl_5.3.6-1_amd64.deb
 9fb0eb4d3403ee665c8931f6c04b1f8c 1058 php optional php5_5.3.6-1_all.deb
 9741061e11b96b6ae2684771d4cca54f 366050 php optional php-pear_5.3.6-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk2Dx1oACgkQ9OZqfMIN8nNQ9wCeO60H+mYjSuh3pdRex3D5dlmo
EKQAnAjcR9UIqpuJ0hkDT77i4pSG7i9S
=i7ya
-----END PGP SIGNATURE-----





Reply sent to Ondřej Surý <ondrej@debian.org>:
You have taken responsibility. (Fri, 18 Mar 2011 22:06:03 GMT) Full text and rfc822 format available.

Notification sent to gregor herrmann <gregoa@debian.org>:
Bug acknowledged by developer. (Fri, 18 Mar 2011 22:06:04 GMT) Full text and rfc822 format available.

Message #67 received at 546164-done@bugs.debian.org (full text, mbox):

From: Ondřej Surý <ondrej@sury.org>
To: 548015-done@bugs.debian.org, 546164-done@bugs.debian.org, 599078-done@bugs.debian.org, 509652-done@bugs.debian.org, 614413-done@bugs.debian.org
Subject: php5: BTS cleanup
Date: Mon, 11 Apr 2011 00:19:16 +0200
Hi,

I am just closing couple of old bugs for version no longer present in
the stable or unstable release.

O.
-- 
Ondřej Surý <ondrej@sury.org>




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 19 Jun 2011 07:34:46 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 00:21:52 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.