diff options
author | sbd <sbd@pkgsrc.org> | 2010-12-23 10:10:54 +0000 |
---|---|---|
committer | sbd <sbd@pkgsrc.org> | 2010-12-23 10:10:54 +0000 |
commit | caf70e58660ae9da05ae145f50a120f40747acac (patch) | |
tree | ac04f13fe7289460f2f374b49489b7c76659ccb4 | |
parent | 9be04b8ad1aac5f80f7b4bd5f7aae75941342557 (diff) | |
download | pkgsrc-caf70e58660ae9da05ae145f50a120f40747acac.tar.gz |
Pullup ticket #3312 - requested by taca
pkgsrc/lang/{php5,php53} security fixes
Revisions pulled up:
- pkgsrc/databases/php-mysql/Makefile 1.14
- pkgsrc/databases/php-mysqli/Makefile 1.3
- pkgsrc/databases/php-pdo_mysql/Makefile 1.12
- pkgsrc/lang/php5/Makefile 1.80, 1.81
- pkgsrc/lang/php5/Makefile.common 1.43, 1.44
- pkgsrc/lang/php5/distinfo 1.80, 1.81, 1.82
- pkgsrc/lang/php5/patches/patch-ak 1.8, deleted
- pkgsrc/lang/php5/patches/patch-bf 1.1, deleted
- pkgsrc/lang/php5/patches/patch-bg 1.1, deleted
- pkgsrc/lang/php53/Makefile 1.5, 1.6
- pkgsrc/lang/php53/Makefile.common 1.3
- pkgsrc/lang/php53/distinfo 1.7, 1.8
- pkgsrc/lang/php53/patches/patch-ab 1.3
- pkgsrc/lang/php53/patches/patch-am 1.1, deleted
- pkgsrc/lang/php53/patches/patch-an 1.1, deleted
- pkgsrc/lang/php53/patches/patch-ao 1.1, deleted
- pkgsrc/lang/php53/patches/patch-ap 1.1, deleted
- pkgsrc/lang/php53/patches/patch-aq 1.1, deleted
- pkgsrc/mail/php-imap/Makefile 1.21, 1.22
- pkgsrc/www/ap-php/Makefile 1.24
- pkgsrc/www/php-eaccelerator/Makefile 1.13
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu Nov 25 03:43:50 UTC 2010
Modified Files:
pkgsrc/lang/php53: Makefile distinfo
Added Files:
pkgsrc/lang/php53/patches: patch-am patch-an patch-ao patch-ap patch-aq
Log Message:
- GC bug fix: http://svn.php.net/viewvc?view=revision&revision=303016
- CVE-2010-3710 (a part of SA41724)
http://svn.php.net/viewvc?view=revision&revision=303779
- CVE-2010-3870 (a part of SA41724)
http://svn.php.net/viewvc?view=revision&revision=304959
- CVE-2010-4150 (php-imap)
http://svn.php.net/viewvc?view=revision&revision=305032
- CVE-2010-4156 (SA42135)
http://svn.php.net/viewvc?view=revision&revision=305214
Bump PKGREVISION.
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu Nov 25 03:44:16 UTC 2010
Modified Files:
pkgsrc/lang/php5: Makefile distinfo
Added Files:
pkgsrc/lang/php5/patches: patch-ak patch-bf patch-bg
Log Message:
- CVE-2010-4150 (php-imap)
http://svn.php.net/viewvc?view=revision&revision=305032
- CVE-2010-3710 (a part of SA41724)
http://svn.php.net/viewvc?view=revision&revision=303885
- CVE-2010-3870 (a part of SA41724)
http://svn.php.net/viewvc?view=revision&revision=305055
Bump PKGREVISION.
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu Nov 25 03:45:19 UTC 2010
Modified Files:
pkgsrc/mail/php-imap: Makefile
Log Message:
Bump REVISION since CVE-2010-4150 fix was added.
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Mon Dec 13 13:15:46 UTC 2010
Modified Files:
pkgsrc/lang/php5: Makefile Makefile.common distinfo
Removed Files:
pkgsrc/lang/php5/patches: patch-ak patch-bf patch-bg
Log Message:
Update php5 package to 5.2.15 (PHP 5.2.15):
The PHP development team would like to announce the immediate
availability of PHP 5.2.15. This release marks the end of support for
PHP 5.2. All users of PHP 5.2 are encouraged to upgrade to PHP 5.3.
This release focuses on improving the security and stability of the
PHP 5.2.x branch with a small number, of predominatly security fixes.
Security Enhancements and Fixes in PHP 5.2.15:
* Fixed extract() to do not overwrite $GLOBALS and $this when using
EXTR_OVERWRITE.
* Fixed crash in zip extract method (possible CWE-170).
* Fixed a possible double free in imap extension.
* Fixed possible flaw in open_basedir (CVE-2010-3436).
* Fixed NULL pointer dereference in
ZipArchive::getArchiveComment. (CVE-2010-3709).
* Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with
large amount of data).
Key enhancements in PHP 5.2.15 include:
* Fixed bug #47643 (array_diff() takes over 3000 times longer than php
5.2.4).
* Fixed bug #44248 (RFC2616 transgression while HTTPS request through proxy
with SoapClient object).
* To prepare for upgrading to PHP 5.3, now that PHP 5.2's support ended, a
migration guide available on http://php.net/migration53, details the changes
between PHP 5.2 and PHP 5.3.
For a full list of changes in PHP 5.2.15 see the ChangeLog at
http://www.php.net/ChangeLog-5.php#5.2.15.
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Mon Dec 13 13:16:37 UTC 2010
Modified Files:
pkgsrc/lang/php53: Makefile Makefile.common distinfo
pkgsrc/lang/php53/patches: patch-ab
Removed Files:
pkgsrc/lang/php53/patches: patch-am patch-an patch-ao patch-ap patch-aq
Log Message:
Update lang/php53 package to 5.3.4 (PHP 5.3.4).
The PHP development team is proud to announce the immediate release of PHP
5.3.4. This is a maintenance release in the 5.3 series, which includes a large
number of bug fixes.
Security Enhancements and Fixes in PHP 5.3.4:
* Fixed crash in zip extract method (possible CWE-170).
* Paths with NULL in them (foo\0bar.txt) are now considered as invalid
(CVE-2006-7243).
* Fixed a possible double free in imap extension (Identified by Mateusz
Kocielski). (CVE-2010-4150).
* Fixed NULL pointer dereference in
ZipArchive::getArchiveComment. (CVE-2010-3709).
* Fixed possible flaw in open_basedir (CVE-2010-3436).
* Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950).
* Fixed symbolic resolution support when the target is a DFS share.
* Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with
large amount of data) (CVE-2010-3710).
Key Bug Fixes in PHP 5.3.4 include:
* Added stat support for zip stream.
* Added follow_location (enabled by default) option for the http stream
support.
* Added a 3rd parameter to get_html_translation_table. It now takes a charset
hint, like htmlentities et al.
* Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect zend
multibyte at runtime.
* Multiple improvements to the FPM SAPI.
* Over 100 other bug fixes.
For users upgrading from PHP 5.2 there is a migration guide available here,
detailing the changes between those releases and PHP 5.3.
For a full list of changes in PHP 5.3.4, see the ChangeLog. For source
downloads please visit our downloads page, Windows binaries can be found on
windows.php.net/download/.
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Mon Dec 13 13:18:20 UTC 2010
Modified Files:
pkgsrc/databases/php-mysql: Makefile
pkgsrc/databases/php-mysqli: Makefile
pkgsrc/databases/php-pdo_mysql: Makefile
pkgsrc/mail/php-imap: Makefile
pkgsrc/www/ap-php: Makefile
pkgsrc/www/php-eaccelerator: Makefile
Log Message:
Reset PKGREVISION by update of base PHP version.
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu Dec 16 14:20:45 UTC 2010
Modified Files:
pkgsrc/lang/php5: Makefile.common distinfo
Log Message:
Update php5 pacakge to 5.2.16:
PHP 5.2.16 Released!
The PHP development team would like to announce the immediate availability of
PHP 5.2.16. This release marks the end of support for PHP 5.2. All users of
PHP 5.2 are encouraged to upgrade to PHP 5.3.
This release focuses on addressing a regression in open_basedir implementation
introduced in 5.2.15 in addition to fixing a crash inside PDO::pgsql on data
retrieval when the server is down. All users who have upgraded to 5.2.15 and
are utilizing open_basedir are strongly encouraged to upgrade to 5.2.16 or
5.3.4.
To prepare for upgrading to PHP 5.3, now that PHP 5.2's support ended, a
migration guide available on http://php.net/migration53, details the changes
between PHP 5.2 and PHP 5.3.
For a full list of changes in PHP 5.2.16 see the ChangeLog at
http://www.php.net/ChangeLog-5.php#5.2.16.
ChangeLog:
Version 5.2.16
16-Dec-2010
* Fixed bug #53517 (segfault in pgsql_stmt_execute() when postgres is
down). (gyp at balabit dot hu)
* Fixed bug #53516 (Regression in open_basedir handling). (Ilia)
-rw-r--r-- | databases/php-mysql/Makefile | 3 | ||||
-rw-r--r-- | databases/php-mysqli/Makefile | 3 | ||||
-rw-r--r-- | databases/php-pdo_mysql/Makefile | 3 | ||||
-rw-r--r-- | lang/php5/Makefile.common | 4 | ||||
-rw-r--r-- | lang/php5/distinfo | 11 | ||||
-rw-r--r-- | lang/php53/Makefile.common | 4 | ||||
-rw-r--r-- | lang/php53/distinfo | 13 | ||||
-rw-r--r-- | lang/php53/patches/patch-ab | 24 | ||||
-rw-r--r-- | www/ap-php/Makefile | 3 | ||||
-rw-r--r-- | www/php-eaccelerator/Makefile | 3 |
10 files changed, 30 insertions, 41 deletions
diff --git a/databases/php-mysql/Makefile b/databases/php-mysql/Makefile index 3a15f364f71..7c9de40441a 100644 --- a/databases/php-mysql/Makefile +++ b/databases/php-mysql/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.13 2010/09/30 10:49:15 obache Exp $ +# $NetBSD: Makefile,v 1.13.2.1 2010/12/23 10:10:55 sbd Exp $ MODNAME= mysql -PKGREVISION= 1 CATEGORIES+= databases COMMENT= PHP extension for MySQL databases diff --git a/databases/php-mysqli/Makefile b/databases/php-mysqli/Makefile index 65b20d402ac..7072f10e28d 100644 --- a/databases/php-mysqli/Makefile +++ b/databases/php-mysqli/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.2 2010/09/30 10:49:16 obache Exp $ +# $NetBSD: Makefile,v 1.2.2.1 2010/12/23 10:10:55 sbd Exp $ MODNAME= mysqli -PKGREVISION= 1 CATEGORIES+= databases COMMENT= PHP5 extension for MySQL 4.1 and later databases diff --git a/databases/php-pdo_mysql/Makefile b/databases/php-pdo_mysql/Makefile index a04fa57a405..ad5f4754c08 100644 --- a/databases/php-pdo_mysql/Makefile +++ b/databases/php-pdo_mysql/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.11 2010/09/30 10:49:15 obache Exp $ +# $NetBSD: Makefile,v 1.11.2.1 2010/12/23 10:10:55 sbd Exp $ MODNAME= pdo_mysql -PKGREVISION= 1 CATEGORIES+= databases COMMENT= PHP extension for PHP Data Objects (MySQL) diff --git a/lang/php5/Makefile.common b/lang/php5/Makefile.common index 8b05c9261cd..dce070f0e39 100644 --- a/lang/php5/Makefile.common +++ b/lang/php5/Makefile.common @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.common,v 1.42 2010/07/24 22:23:15 tron Exp $ +# $NetBSD: Makefile.common,v 1.42.2.1 2010/12/23 10:10:54 sbd Exp $ # used by lang/php5/Makefile.php # used by lang/php/ext.mk # used by meta-pkgs/php5-extensions/Makefile @@ -41,7 +41,7 @@ EXTRACT_SUFX?= .tar.bz2 MAINTAINER?= jdolecek@NetBSD.org HOMEPAGE?= http://www.php.net/ -PHP_BASE_VERS= 5.2.14 +PHP_BASE_VERS= 5.2.16 PHP_EXTENSION_DIR= lib/php/20040412 PLIST_SUBST+= PHP_EXTENSION_DIR=${PHP_EXTENSION_DIR:Q} diff --git a/lang/php5/distinfo b/lang/php5/distinfo index 0e3ec25b6df..d5c907c3ae2 100644 --- a/lang/php5/distinfo +++ b/lang/php5/distinfo @@ -1,11 +1,8 @@ -$NetBSD: distinfo,v 1.79 2010/07/24 22:23:15 tron Exp $ +$NetBSD: distinfo,v 1.79.2.1 2010/12/23 10:10:54 sbd Exp $ -SHA1 (php-5.2.14/php-5.2.14.tar.bz2) = 311b44b2c0f2eea8ab8dab876d2a6b6e7a55632e -RMD160 (php-5.2.14/php-5.2.14.tar.bz2) = f699488f5b266a1c5e36df570c4d5896dc4e0aea -Size (php-5.2.14/php-5.2.14.tar.bz2) = 9055945 bytes -SHA1 (php-5.2.14/suhosin-patch-5.2.14-0.9.7.patch.gz) = 0a12d3589f9c26dc7d6b6452ef7987b2e6527a30 -RMD160 (php-5.2.14/suhosin-patch-5.2.14-0.9.7.patch.gz) = bc7790cd36dc4101322684b754db3ca2d4385ba6 -Size (php-5.2.14/suhosin-patch-5.2.14-0.9.7.patch.gz) = 23057 bytes +SHA1 (php-5.2.16/php-5.2.16.tar.bz2) = b4d11c6593614fa4ad8bf133f622208ee5e8e9af +RMD160 (php-5.2.16/php-5.2.16.tar.bz2) = 2ab6de444af478f3b2b3a8a074c1656e8da0a4e1 +Size (php-5.2.16/php-5.2.16.tar.bz2) = 9090930 bytes SHA1 (patch-aa) = 20bc3831e435182d014b11ae9f1f6c537a21af20 SHA1 (patch-af) = 68c5a31dccf1854ba1aff653e4c524767d6a64f6 SHA1 (patch-ag) = 5e3e822657925a77fbccaca63f283863a1cc6d94 diff --git a/lang/php53/Makefile.common b/lang/php53/Makefile.common index 20440975e68..85934e5e9df 100644 --- a/lang/php53/Makefile.common +++ b/lang/php53/Makefile.common @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.common,v 1.2 2010/07/24 22:23:37 tron Exp $ +# $NetBSD: Makefile.common,v 1.2.2.1 2010/12/23 10:10:54 sbd Exp $ # used by lang/php53/Makefile.php # used by lang/php/ext.mk # used by meta-pkgs/php53-extensions/Makefile @@ -39,7 +39,7 @@ EXTRACT_SUFX?= .tar.bz2 MAINTAINER?= pkgsrc-users@NetBSD.org HOMEPAGE?= http://www.php.net/ -PHP_BASE_VERS= 5.3.3 +PHP_BASE_VERS= 5.3.4 PHP_EXTENSION_DIR= lib/php/20090630 PLIST_SUBST+= PHP_EXTENSION_DIR=${PHP_EXTENSION_DIR:Q} diff --git a/lang/php53/distinfo b/lang/php53/distinfo index 4995e348c53..64311fce55b 100644 --- a/lang/php53/distinfo +++ b/lang/php53/distinfo @@ -1,13 +1,10 @@ -$NetBSD: distinfo,v 1.6 2010/07/24 22:23:37 tron Exp $ +$NetBSD: distinfo,v 1.6.2.1 2010/12/23 10:10:54 sbd Exp $ -SHA1 (php-5.3.3/php-5.3.3.tar.bz2) = 9f66716b341119e4e4f8fe3d81b7d0a5daf3cbc8 -RMD160 (php-5.3.3/php-5.3.3.tar.bz2) = 9edb51663feac9b787f8382012893f1ac98fec6a -Size (php-5.3.3/php-5.3.3.tar.bz2) = 10662227 bytes -SHA1 (php-5.3.3/suhosin-patch-5.3.3-0.9.10.patch.gz) = 76675242cfdeff763767900213346af622002490 -RMD160 (php-5.3.3/suhosin-patch-5.3.3-0.9.10.patch.gz) = 8dcd8b51ea0357b6cc51e70e495e18f341c62f7c -Size (php-5.3.3/suhosin-patch-5.3.3-0.9.10.patch.gz) = 41298 bytes +SHA1 (php-5.3.4/php-5.3.4.tar.bz2) = 0b33926e78e1683e3383b3b5c840ee60ba669b0b +RMD160 (php-5.3.4/php-5.3.4.tar.bz2) = dffbeced87117fd34c948de3ebdde01a25c24dae +Size (php-5.3.4/php-5.3.4.tar.bz2) = 10804376 bytes SHA1 (patch-aa) = f51491af7c577f36979fc07d52b5857368392e09 -SHA1 (patch-ab) = 8ac388f50afc03f3f4eacbfed42ae295a2e8d700 +SHA1 (patch-ab) = 7aeb5148056e7f0b150388c4cf60a139f6aeec44 SHA1 (patch-ac) = a896371d3343c07a5cf46c79d9ca9e1b2164797a SHA1 (patch-ad) = 1608c58860a43b4e31df8646b5ded253ec9aa881 SHA1 (patch-ae) = e590db60a60f4e5ef2da4e5edb786335a67a3d56 diff --git a/lang/php53/patches/patch-ab b/lang/php53/patches/patch-ab index ad8856baaaf..66735d6c9e2 100644 --- a/lang/php53/patches/patch-ab +++ b/lang/php53/patches/patch-ab @@ -1,17 +1,17 @@ -$NetBSD: patch-ab,v 1.2 2010/07/24 22:23:37 tron Exp $ +$NetBSD: patch-ab,v 1.2.2.1 2010/12/23 10:10:54 sbd Exp $ ---- configure.orig 2010-07-24 22:35:41.000000000 +0100 -+++ configure 2010-07-24 22:39:23.000000000 +0100 -@@ -13778,7 +13778,7 @@ +--- configure.orig 2010-12-08 21:46:58.000000000 +0000 ++++ configure +@@ -13699,7 +13699,7 @@ EOF PHP_VAR_SUBST="$PHP_VAR_SUBST SAPI_CGI_PATH" - INSTALL_IT="@echo \"Installing PHP CGI binary: \$(INSTALL_ROOT)\$(bindir)/\"; \$(INSTALL) -m 0755 \$(SAPI_CGI_PATH) \$(INSTALL_ROOT)\$(bindir)/\$(program_prefix)php-cgi\$(program_suffix)\$(EXEEXT)" + INSTALL_IT="@echo \"Installing PHP CGI binary: \$(INSTALL_ROOT)@CGIDIR@\"; \$(INSTALL) -m 0755 \$(SAPI_CGI_PATH) \$(INSTALL_ROOT)@CGIDIR@/php" - PHP_SAPI=cgi - -@@ -23206,7 +23206,7 @@ + if test "$PHP_SAPI" != "default"; then + { echo "configure: error: +@@ -22963,7 +22963,7 @@ fi if test "$found_openssl" = "no"; then if test "$PHP_OPENSSL_DIR" = "yes"; then @@ -20,7 +20,7 @@ $NetBSD: patch-ab,v 1.2 2010/07/24 22:23:37 tron Exp $ fi for i in $PHP_OPENSSL_DIR; do -@@ -25179,7 +25179,7 @@ +@@ -24930,7 +24930,7 @@ echo "configure:24910: checking bundled PHP_SQLITE3_CFLAGS="-I@ext_srcdir@/libsqlite $other_flags $threadsafe_flags $debug_flags" @@ -29,7 +29,7 @@ $NetBSD: patch-ab,v 1.2 2010/07/24 22:23:37 tron Exp $ unique=`echo $header_file|$SED 's/[^a-zA-Z0-9]/_/g'` -@@ -36124,7 +36124,7 @@ +@@ -35788,7 +35788,7 @@ fi if test "$found_openssl" = "no"; then if test "$PHP_OPENSSL_DIR" = "yes"; then @@ -38,7 +38,7 @@ $NetBSD: patch-ab,v 1.2 2010/07/24 22:23:37 tron Exp $ fi for i in $PHP_OPENSSL_DIR; do -@@ -50201,7 +50201,7 @@ +@@ -49814,7 +49814,7 @@ fi if test "$found_openssl" = "no"; then if test "$PHP_OPENSSL_DIR" = "yes"; then @@ -47,7 +47,7 @@ $NetBSD: patch-ab,v 1.2 2010/07/24 22:23:37 tron Exp $ fi for i in $PHP_OPENSSL_DIR; do -@@ -84421,7 +84421,7 @@ +@@ -83900,7 +83900,7 @@ fi if test "$found_openssl" = "no"; then if test "$PHP_OPENSSL_DIR" = "yes"; then @@ -56,7 +56,7 @@ $NetBSD: patch-ab,v 1.2 2010/07/24 22:23:37 tron Exp $ fi for i in $PHP_OPENSSL_DIR; do -@@ -107682,12 +107682,7 @@ +@@ -107040,12 +107040,7 @@ old_CC=$CC if test "$PHP_THREAD_SAFETY" = "yes" && test -n "$ac_cv_pthreads_cflags"; then CXXFLAGS="$CXXFLAGS $ac_cv_pthreads_cflags" INLINE_CFLAGS="$INLINE_CFLAGS $ac_cv_pthreads_cflags" diff --git a/www/ap-php/Makefile b/www/ap-php/Makefile index 7a69e24bba9..28648d5a3a5 100644 --- a/www/ap-php/Makefile +++ b/www/ap-php/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.23 2010/03/16 15:36:39 taca Exp $ +# $NetBSD: Makefile,v 1.23.6.1 2010/12/23 10:10:55 sbd Exp $ # PKGNAME= ${APACHE_PKG_PREFIX}-${PHP_PKG_PREFIX}-${PHP_BASE_VERS} -PKGREVISION= 1 COMMENT= Apache (${PKG_APACHE}) module for ${PKG_PHP} PKG_DESTDIR_SUPPORT= user-destdir diff --git a/www/php-eaccelerator/Makefile b/www/php-eaccelerator/Makefile index 8be747d6408..272dd05e290 100644 --- a/www/php-eaccelerator/Makefile +++ b/www/php-eaccelerator/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.12 2010/10/02 19:11:35 jdolecek Exp $ +# $NetBSD: Makefile,v 1.12.2.1 2010/12/23 10:10:55 sbd Exp $ MODNAME= eaccelerator PECL_VERSION= 0.9.6 -PKGREVISION= 1 CATEGORIES+= sysutils MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=eaccelerator/} \ http://bart.eaccelerator.net/source/${PECL_VERSION}/ |