PHP CGI configuration fundamentally changed
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Release Notes for Ubuntu |
Invalid
|
Undecided
|
Unassigned | ||
| php5 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
This discussion is ongoing in Debian, and the fixes have not even landed, but I wanted to make sure this does not get forgotten.
http://
Basically quantal has a changed mime-types package that will affect some PHP users. The proposed release note that will be included in Debian wheezy should probably also be quoted in Quantal's release notes.
Default PHP extension configuration
-------
The mime-types package has dropped non-standard definitions of
PHP MIME-Types as a security measure. Default PHP configuration
for libapache2-
which have .php, .php[345] and .phtml extensions on a most right
place as opposed to previous state where <filename>
would have been interpreted. Please read NEWS file in the PHP
SAPI of your choice for further information.
Related branches
| Launchpad Janitor (janitor) wrote | #1 |
| Changed in php5 (Ubuntu): | |
| status: | New → Fix Released |
| Changed in ubuntu-release-notes: | |
| status: | New → Invalid |
This bug was fixed in the package php5 - 5.4.6-1ubuntu1
---------------
php5 (5.4.6-1ubuntu1) quantal; urgency=low
* Merge from Debian experimental (LP: #1006738 , LP: #1040212)
Remaining changes:
- d/rules: Simplify apache config settings since we never build
interbase or firebird.
- debian/rules: export DEB_HOST_MULTIARCH properly.
- Add build-dependency on lemon, which we now need.
- Dropped firebird2.1-dev, libc-client-dev, libmcrypt-dev as it is
in universe.
- Dropped libcurl-dev not in the archive.
- debian/control: replace build-depends on mysql-server with
mysql-
mysql-
mysqlds listening on the same port.
- Dropped php5-imap, php5-interbase, php5-mcrypt since we have
versions already in universe.
- Dropped libonig-dev and libqgdbm since its in universe. (libonig
MIR has been declined due to an inactive upstream. So this is
probably a permanent change).
- modulelist: Drop imap, interbase, sybase, and mcrypt.
- debian/rules:
- Dropped building of mcrypt, imap, and interbase.
- Install apport hook for php5.
- stop mysql instance on clean just in case we failed in tests
- debian/control, debian/rules: Re-enable libedit-dev.
* Dropped Changes:
- debian/rules: change memory limits on example .ini files.
php5 (5.4.6-1) experimental; urgency=low
* Imported Upstream version 5.4.6
* Apply another fix to compile --without-
(Courtesy of Michael Heimpold)
* Get rid of empty examples directory (Closes: #684108), but
keep parent directory to store test-results.txt among others
* Provide sensible default configuration for PHP-CGI files
(Closes: #685340)
* Add NEWS text about default extension configuration
* Update NEWS and README.Debian based on debian-l10n-english review
(Courtesy of Justing B Rye)
php5 (5.4.5-1) experimental; urgency=low
* Imported Upstream version 5.4.5
* Update patches for PHP 5.4.5 release
* Compile with system libzip (upstream has added support for that)
php5 (5.4.4-4) unstable; urgency=low
* Fix php5-fpm segfault (PHP#62205)
* CVE-2012-2688: potential overflow in _php_stream_scandir
(Closes: #683274)
* Improve security in CGI section in README.Debian (Closes: #674205)
-- Clint Byrum <email address hidden> Wed, 22 Aug 2012 13:40:18 -0700