Your message dated Sun, 18 Dec 2016 00:50:07 +0000
with message-id <e1cipfz-0001si...@fasolo.debian.org>
and subject line Bug#825077: fixed in hhvm 3.12.11+dfsg-1
has caused the Debian Bug report #825077,
regarding Package links against libmysqlclient_r
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
825077: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825077
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: hhvm
Version: 3.12.1+dfsg-1
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu yakkety ubuntu-patch
Dear Maintainer,
Please stop linking against libmysqlclient_r and link directly against
libmysqlclient instead.
Your package currently links against libmysqlclient_r. libmysqlclient_r
was the thread-safe version of libmysqlclient in previous MySQL
releases. However, libmysqlclient has been itself been made thread-safe
since before the current libmysqlclient18. Thus libmysqlclient_r is
currently deprecated and provided as a compatibility symlink only, and
will disappear in MySQL 5.7. This change can be made now, in advance of
a possible future transition to libmysqlclient20, which does not provide
the _r variant.
For hhvm, we have done this in Ubuntu with the attached quilt
patch, which I believe is also applicable to Debian.
Thanks,
Robie Basak
Debian MySQL maintainers team
Ubuntu developer
Author: Robie Basak <robie.ba...@canonical.com>
Bug-Ubuntu: https://launchpad.net/bugs/1564871
Forwarded: no
Last-Update: 2016-04-01
--- a/CMake/FindMySQL.cmake
+++ b/CMake/FindMySQL.cmake
@@ -66,7 +66,7 @@
$ENV{ProgramFiles}/MySQL/*/lib/${libsuffixDist}
$ENV{SystemDrive}/MySQL/*/lib/${libsuffixDist})
ELSE (WIN32)
- FIND_LIBRARY(MYSQL_LIB NAMES mysqlclient_r
+ FIND_LIBRARY(MYSQL_LIB NAMES mysqlclient
PATHS
/usr/lib/mysql
/usr/local/lib/mysql
@@ -90,7 +90,7 @@
FIND_LIBRARY(MYSQL_ZLIB zlib PATHS ${MYSQL_LIB_DIR})
FIND_LIBRARY(MYSQL_TAOCRYPT taocrypt PATHS ${MYSQL_LIB_DIR})
- SET(MYSQL_CLIENT_LIBS mysqlclient_r)
+ SET(MYSQL_CLIENT_LIBS mysqlclient)
IF (MYSQL_ZLIB)
SET(MYSQL_CLIENT_LIBS ${MYSQL_CLIENT_LIBS} zlib)
ENDIF (MYSQL_ZLIB)
--- End Message ---
--- Begin Message ---
Source: hhvm
Source-Version: 3.12.11+dfsg-1
We believe that the bug you reported is fixed in the latest version of
hhvm, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 825...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Faidon Liambotis <parav...@debian.org> (supplier of updated hhvm package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 18 Dec 2016 02:13:55 +0200
Source: hhvm
Binary: hhvm hhvm-dbg hhvm-dev
Architecture: source
Version: 3.12.11+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian HHVM packaging team <pkg-hhvm-t...@lists.alioth.debian.org>
Changed-By: Faidon Liambotis <parav...@debian.org>
Description:
hhvm - HipHop Virtual Machine, a JIT replacement for PHP - main runtime
hhvm-dbg - HipHop Virtual Machine, a JIT replacement for PHP - debugging sym
hhvm-dev - HipHop Virtual Machine, a JIT replacement for PHP - development f
Closes: 812023 825077 828340 835032 839303 843281 843439 845852
Changes:
hhvm (3.12.11+dfsg-1) unstable; urgency=medium
.
[ Moritz Muehlenhoff ]
* New upstream LTS releases, addressing multiple security issues.
(Closes: #835032)
From 3.12.2:
- CVE-2015-8865 - Buffer overwrite in finfo_open with malformed magic
- Integer overflow in iptcembed
- CVE-2016-3074 - Fix signedness issue in libgd
- CVE-2014-9709 - Fix a possible buffer read overflow in gd_gif_in.cpp
- Prevent a potential nullptr dereference in ext_xsl
- Don't segfault if you try to remove the last autoloader while
adding a new one
- CVE-2016-1903 - imagerotate information leak
- FILTER_FLAG_STRIP_BACKTICK` was being ignored unless other flags
are set
- CVE-2016-4539 - Fix a segfault in xml_parse_into_struct
- Fix a potential null dereference in ZipArchive::extractTo
- CVE-2016-4070 - Integer Overflow in php_raw_url_encode
From 3.12.3:
- CVE-2016-1000004 - Type safety in simplexml import routines
- CVE-2016-1000004 - Fix param types for mcrypt_get_block_size()
to match PHP
- CVE-2016-1000006 - Fix use-after-free in
serialize_memoize_param() and ResourceBundle::__construct()
- CVE-2016-6870 - Use req::strndup in php_mb_parse_encoding_list to
prevent oob memory write.
- HHVM-2016-11781481 - Fix nullptr dereference in
f_mysqli_stmt_bind{param,result}
- HHVM-2016-11791940 - Avoid invalid array access in JSON_decode()
- PHP-2016-0072337 - Fix a segfault with invalid dimensions and
imagescale out of bounds read in ext_gd
From 3.12.5:
- CVE-2016-1000109: Ignore Proxy HTTP header from fastcgi requests
From 3.12.6:
- CVE-2016-6871 - Fix buffer overrun due to integer overflow in bcmath
- CVE-2016-6872 - Fix integer overflow in StringUtil::implode
- CVE-2016-6873 - Fix self recursion in compact
- CVE-2016-6874 - Fix recursion checks in array_*_recursive
- CVE-2016-6875 - Fix infinite recursion in wddx
- PHP-2015-0070345 - [HHVM][Security] 0003 pcre preg bug 70345
From 3.12.8:
- ext_gd: exif_process_IFD_TAG: Use the right offset if reading from
stream
- Fix some color related crashes in libgd
- Don't allow smart_str to overflow int
- Integer overflow in _gd2GetHeader
- Fix objprof refcounting
- Fix buffer overruns in mb_send_mail
- Integer overflow in gdImagePaletteToTrueColor
- Null pointer dereference in _gdScaleVert
- pass2_no_dither out-of-bounds access
From 3.12.9:
- Fix off-by-one index check in ThreadSafeLocaleHandler::actuallySetLocale
- Prevent an integer overflow in _gdContributionsAlloc
- Fix a potential overflow in tsrm_virtual_file_ex
- Invalid transparent index can result in OOB read or write
- Do not treat negative return values from bz2 as size_t
- Fix OOB read in exif_process_IFD_in_MAKERNOTE
- Prevent an OOB access in locale_accept_from_http
- Avoid possible OOB using imagegif
- Disable bad zend test
- Add an option to explicitly disable NUMA support.
From 3.12.10:
- Fix a bug in StringUtil::Explode
- Fix a couple of bugs in libgd
From 3.12.11:
- Prevent integer overflow in gdImageWebpCtx
- Check depth values in json_decode
- Prevent negative gamma values being passed to imagegammacorrect
- Fix crypt with over-long salts
- Memory leak in exif_process_IFD_in_TIFF
- 9da Fix getimagesize returning FALSE on valid jpg
.
[ Faidon Liambotis ]
* Build against libmysqlclient, not libmysqlclient_r. Thanks to Robie Basak
for the bug report and patch. (Closes: #825077)
* Build-Depend on default-libmysqlclient-dev instead of libmysqlclient-dev.
(Closes: #845852)
* Add /bin/sh shebangs on maintainer scripts. (Closes: #843281)
* Remove update-alternatives --remove from postrm, already included in prerm
(and also causes a lintian warning).
* Remove David MartÃnez Moreno from the Uploaders, at the request of the MIA
team. (Closes: #843439)
* Fix FTBFS with GCC 6, by backporting an upstream fix. (Closes: #812023)
* Pass -fno-PIE/-no-pie to gcc to prevent a linking error with GCC 6's new
configuration (--enable-default-pie) in combination with HHVM's
hand-crafted assembly (translator-asm-helpers.S).
* Build-Depend on libssl1.0-dev, as HHVM is not ready for OpenSSL 1.1.0 yet.
(Closes: #828340)
* Remove Build-Depends on libc-client2007e-dev and thus disable the IMAP
extension. libc-client2007e-dev depends on libssl-dev 1.1.0, which
conflicts with libssl1.0-dev and is thus impossible to satisfy.
* Disable Folly's Fibers, as the current version is incompatible with Boost
1.61 and thus FTBFS. The incompatibility has been fixed upstream but is
too intrusive to backport, thus disable the functionality entirely.
(Closes: #839303)
* Temporarily disable the mcrouter extension as it requires Folly Fibers,
that were disabled in this version (see above).
* Backport an upstream fix to address an ICU Collation sort key
incompatibility with PHP.
* Backport an upstream fix to address a segfault when bzip2 and XMLReader
are being used together.
* Backport an upstream fix to address inconsistent regexp results when
running with a newer PCRE version (8.38 instead of 8.32).
* Disable test pcre_limit.php which now fails for unknown reasons;
upstream seemingly has disabled the test as well for a while with no ill
effects.
* Add a Documentation line to the systemd service file.
* Bump Standards-Version to 3.9.8, no changes needed.
Checksums-Sha1:
748ed1098f7f990bad37b5e7a2b48e9e3a12ef06 2927 hhvm_3.12.11+dfsg-1.dsc
21b4b84d038a866bd2f8cea8aca095778aa77fb2 19565736 hhvm_3.12.11+dfsg.orig.tar.xz
e098c335c7bd718afda4d39df94223eb273a8745 33224
hhvm_3.12.11+dfsg-1.debian.tar.xz
Checksums-Sha256:
8c7a9cecd3eb1f02330d104ae1c201509a4bbca90d73164d0fb125136633bb88 2927
hhvm_3.12.11+dfsg-1.dsc
984f8f90ca31b87bbbf3808d5668e931e312c010adc0c989b3c18510206083c4 19565736
hhvm_3.12.11+dfsg.orig.tar.xz
d096e5e6e7ebae32634c2a5c28c4dc447c8c605253ef83e45aebddc3daf46611 33224
hhvm_3.12.11+dfsg-1.debian.tar.xz
Files:
2a88009ef274daf38a9d94b2095cb559 2927 php optional hhvm_3.12.11+dfsg-1.dsc
4afb0cc4ce02240985b8f37110f9fd0a 19565736 php optional
hhvm_3.12.11+dfsg.orig.tar.xz
172ed92db912629c3e26b66a05ca20fa 33224 php optional
hhvm_3.12.11+dfsg-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEqVksUhy5BAd9ZZgAnQteWx7sjw4FAlhV1hsACgkQnQteWx7s
jw6jkBAA1et6qJxexBetxAQfBQp+h+zbMPbfB3YWBgcfPLRgqr9tuWdk7K2pONfv
kvo7h4rHklVAVuq5U+mGz07qHnpfhAoW9CdoryfTMLc0TQHhAY0PANTHi1R3qGlg
ewFQv5z5ZDEn1RF3YvzW3j7cbhbkZlu3FHSuG4Jlr8K+SDUa7RkftRkEMYHt5PF0
LK1k2zCixQgiugSR2UAGcs1FV0eTl4KqH8lRlZujKJn8aAuMi9RE+6SarD+WN9BM
p3ttJ9/rvWhGsvAIiTd3UB454qOMbgchaF0nskpseTy+WrRkT2F/McC4La+woJC5
YU8vVW4vkNRp+mRhKNaeAhY0hCQr+SKYBi17AK3KHq9GBfRyMZ/ngGdHR8UR1ehA
SeuBMHCpfrHhSuD9xut1UwbYg3NWlVrI9BI6IxP1LoCue9uugVhiTifgt/vnuy36
HvPLljiEie6kcj0g32MZOvUzVWTa1S/5TouSthAVHm/m4xJfnKpo3jJPOn+Moj5H
zrsoZG+3gOUZZluoiFJn1BfihAKtcsXm86A87jETe8ps/Tg4OqV81Wzktu2doN1S
N/g/7Rx/e/PllFWlJrB3qFEAqHy1sj1fmgJHqviB++1eSmVRYTzlvS4oH3R8F62d
jZ/XRcJRRJG8WTLTS0W/Xx+6Chs6TP15xrUpO0FOCJhi43EEOKk=
=zLaQ
-----END PGP SIGNATURE-----
--- End Message ---
