diff options
| author | tron <tron> | 2014-08-25 15:59:27 +0000 |
|---|---|---|
| committer | tron <tron> | 2014-08-25 15:59:27 +0000 |
| commit | 9322dfca3e7f97f8cfeb19369615b9419b1745d2 (patch) | |
| tree | 4c6533e4b5d77ae1238f0e97ca6c443fadd59398 | |
| parent | b870f87f5079659beda3fdd6f53ce655945b4f50 (diff) | |
| download | pkgsrc-9322dfca3e7f97f8cfeb19369615b9419b1745d2.tar.gz | |
Pullup ticket #4486 - requested by taca
lang/php54: security update
Revisions pulled up:
- lang/php/phpversion.mk patch
- lang/php54/Makefile 1.25
- lang/php54/distinfo 1.45-1.46
- lang/php54/patches/patch-aclocal.m4 1.2
- lang/php54/patches/patch-build_libtool.m4 1.2
- lang/php54/patches/patch-configure 1.9
- lang/php54/patches/patch-ext_gd_libgd_gdxpm.c deleted
- lang/php54/patches/patch-ext_spl_spl__array.c deleted
- lang/php54/patches/patch-ext_spl_spl__dllist.c deleted
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Jul 26 00:12:54 UTC 2014
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php54: Makefile distinfo
pkgsrc/lang/php54/patches: patch-aclocal.m4 patch-build_libtool.m4
patch-configure
Log Message:
Update php54 to 5.4.31.
24 Jul 2014, PHP 5.4.31
- Core:
. Fixed bug #67428 (header('Location: foo') will override a 308-399 response
code). (Adam)
. Fixed bug #67436 (Autoloader isn't called if two method definitions don't
match). (Bob)
. Fixed bug #67091 (make install fails to install libphp5.so on FreeBSD 10.0).
(Ferenc)
. Fixed bug #67151 (strtr with empty array crashes). (Nikita)
. Fixed bug #67407 (Windows 8.1/Server 2012 R2 reported as Windows 8/Server
2012). (Christian Wenz)
- CLI server:
. Implemented FR #67429 (CLI server is missing some new HTTP response codes).
(Adam)
. Fixed bug #66830 (Empty header causes PHP built-in web server to hang).
(Adam)
- FPM:
. Fixed bug #67530 (error_log=syslog ignored). (Remi)
. Fixed bug #67531 (syslog cannot be set in pool configuration). (Remi)
- Intl:
. Fixed bug #67052 (NumberFormatter::parse() resets LC_NUMERIC setting).
(Stas)
- pgsql:
. Fixed bug #67550 (Error in code "form" instead of "from", pgsql.c, line 756),
which affected builds against libpq < 7.3. (Adam)
- Phar:
. Fixed bug #67587 (Redirection loop on nginx with FPM). (Christian Weiske)
- Streams:
. Fixed bug #67430 (http:// wrapper doesn't follow 308 redirects). (Adam)
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Aug 23 16:07:24 UTC 2014
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php54: distinfo
Removed Files:
pkgsrc/lang/php54/patches: patch-ext_gd_libgd_gdxpm.c
patch-ext_spl_spl__array.c patch-ext_spl_spl__dllist.c
Log Message:
Update php54 to 5.4.32 (PHP 5.4.32).
07 Aug 2014, PHP 5.4.32
- Core:
. Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597) (Remi)
- COM:
. Fixed missing type checks in com_event_sink. (Yussuf Khalil, Stas)
- Fileinfo:
. Fixed bug #67705 (extensive backtracking in rule regular expression).
(CVE-2014-3538) (Remi)
. Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587) (Remi)
- GD:
. Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference).
(CVE-2014-2497) (Remi)
. Fixed bug #67730 (Null byte injection possible with imagexxx functions).
(CVE-2014-5120) (Ryan Mauger)
- Milter:
. Fixed bug #67715 (php-milter does not build and crashes randomly). (Mike)
- OpenSSL:
. Fixed missing type checks in OpenSSL options (Yussuf Khalil, Stas).
- Readline:
. Fixed bug #55496 (Interactive mode doesn't force a newline before the
prompt). (Bob, Johannes)
. Fixed bug #67496 (Save command history when exiting interactive shell
with control-c). (Dmitry Saprykin, Johannes)
- Sessions:
. Fixed missing type checks in php_session_create_id (Yussuf Khalil, Stas).
- SPL:
. Fixed bug #67539 (ArrayIterator use-after-free due to object change during
sorting). (research at insighti dot org, Laruence)
. Fixed bug #67538 (SPL Iterators use-after-free). (CVE-2014-4670) (Laruence)
- Core:
. Fixed bug #67693 (incorrect push to the empty array) (Tjerk)
- ODBC:
. Fixed bug #60616 (odbc_fetch_into returns junk data at end of multi-byte
char fields). (Keyur)
- Zlib:
. Fixed bug #67724 (chained zlib filters silently fail with large amounts of
data). (Mike)
| -rw-r--r-- | lang/php/phpversion.mk | 4 | ||||
| -rw-r--r-- | lang/php54/Makefile | 3 | ||||
| -rw-r--r-- | lang/php54/distinfo | 17 | ||||
| -rw-r--r-- | lang/php54/patches/patch-aclocal.m4 | 26 | ||||
| -rw-r--r-- | lang/php54/patches/patch-build_libtool.m4 | 26 | ||||
| -rw-r--r-- | lang/php54/patches/patch-configure | 37 | ||||
| -rw-r--r-- | lang/php54/patches/patch-ext_gd_libgd_gdxpm.c | 31 | ||||
| -rw-r--r-- | lang/php54/patches/patch-ext_spl_spl__array.c | 27 | ||||
| -rw-r--r-- | lang/php54/patches/patch-ext_spl_spl__dllist.c | 18 |
9 files changed, 23 insertions, 166 deletions
diff --git a/lang/php/phpversion.mk b/lang/php/phpversion.mk index 760ce9ffcb7..50d00633b8f 100644 --- a/lang/php/phpversion.mk +++ b/lang/php/phpversion.mk @@ -1,4 +1,4 @@ -# $NetBSD: phpversion.mk,v 1.66.2.1 2014/08/18 12:48:05 tron Exp $ +# $NetBSD: phpversion.mk,v 1.66.2.2 2014/08/25 15:59:27 tron Exp $ # # This file selects a PHP version, based on the user's preferences and # the installed packages. It does not add a dependency on the PHP @@ -82,7 +82,7 @@ PHPVERSION_MK= defined # Define each PHP's version. PHP53_VERSION= 5.3.29 -PHP54_VERSION= 5.4.30 +PHP54_VERSION= 5.4.32 PHP55_VERSION= 5.5.14 # Define initial release of major version. diff --git a/lang/php54/Makefile b/lang/php54/Makefile index 9bd79fbbd07..677e68fea3c 100644 --- a/lang/php54/Makefile +++ b/lang/php54/Makefile @@ -1,10 +1,9 @@ -# $NetBSD: Makefile,v 1.23.2.1 2014/07/17 18:46:37 tron Exp $ +# $NetBSD: Makefile,v 1.23.2.2 2014/08/25 15:59:27 tron Exp $ # # We can't omit PKGNAME here to handle PKG_OPTIONS. # PKGNAME= php-${PHP_BASE_VERS} -PKGREVISION= 1 CATEGORIES= lang HOMEPAGE= http://www.php.net/ diff --git a/lang/php54/distinfo b/lang/php54/distinfo index f4553a5b330..ebc62502ddc 100644 --- a/lang/php54/distinfo +++ b/lang/php54/distinfo @@ -1,22 +1,19 @@ -$NetBSD: distinfo,v 1.43.2.1 2014/07/17 18:46:37 tron Exp $ +$NetBSD: distinfo,v 1.43.2.2 2014/08/25 15:59:27 tron Exp $ -SHA1 (php-5.4.30.tar.bz2) = 1dbc68dfb696d0c776a1bcf9566a96b6bae5e1c7 -RMD160 (php-5.4.30.tar.bz2) = 9c85983d7f170070ed162d85aef828f5c3c0a577 -Size (php-5.4.30.tar.bz2) = 12315772 bytes +SHA1 (php-5.4.32.tar.bz2) = cc43f47f522d59c200ce542485d2a1652802f459 +RMD160 (php-5.4.32.tar.bz2) = d7b3d882101f440404b59978abd2e9893692bc14 +Size (php-5.4.32.tar.bz2) = 12277458 bytes SHA1 (patch-acinclude.m4) = 71635e5381abf99a9fc9f2537b1c2f18e8096f00 -SHA1 (patch-aclocal.m4) = eae2ed8ea2985933c4fe88ba52577c14ac88eb92 -SHA1 (patch-build_libtool.m4) = 6dfef7c07a42dc54611c104265ef43c50a4e88ca -SHA1 (patch-configure) = a7b2e15625d6005ed3ce16280b0e26a378e0b5f2 +SHA1 (patch-aclocal.m4) = 699086785fcd3d3834cc6016479dbdae6518e522 +SHA1 (patch-build_libtool.m4) = d81527abea3bd97e220f00a5d5296d8b1bfe2659 +SHA1 (patch-configure) = df6209127b1e23d17bc7128da3a44f3e44bbfd48 SHA1 (patch-ext_gd_config.m4) = 2353efe6f25e1081b41d61033c3185cc643c7891 -SHA1 (patch-ext_gd_libgd_gdxpm.c) = 9a175417fad9ac23037a24122f8d1258b9eebbcb SHA1 (patch-ext_imap_config.m4) = 01681e8b54ee586ec4db72a5da2d0aec3fa89fcc SHA1 (patch-ext_mssql_php__mssql.c) = 732e48b05086180585a3087c2e9737db557dbc3b SHA1 (patch-ext_pdo__mysql_config.m4) = 3526e737da25129710218e7141d5a05ae0a51390 SHA1 (patch-ext_pdo_config.m4) = 26a4ad02e5c6b7a54c3c54a6d026a3ccfed62c59 SHA1 (patch-ext_phar_Makefile.frag) = 1af23d9135557bc7ba2f3627b317d4cbef37aaba SHA1 (patch-ext_phar_phar_phar.php) = 011f2d68048dbc63f5efcab4e23062daa9e8e08c -SHA1 (patch-ext_spl_spl__array.c) = 9d14bcc39cfcc2eca70eff4a558709bcb5a867ea -SHA1 (patch-ext_spl_spl__dllist.c) = 5c22fd58c04d9580a97e924554611aa9fb795f24 SHA1 (patch-ext_standard_basic__functions.c) = 563fe67eb78b786cd46195026381ef22128e0841 SHA1 (patch-php.ini-development) = 056a74646cbeb0b2bcfc18463348343d817b54bc SHA1 (patch-php.ini-production) = ac61016e18077a0870b8c8c42e89e3848c26d1f2 diff --git a/lang/php54/patches/patch-aclocal.m4 b/lang/php54/patches/patch-aclocal.m4 index 05c6a47d5a0..0ea1490ebfe 100644 --- a/lang/php54/patches/patch-aclocal.m4 +++ b/lang/php54/patches/patch-aclocal.m4 @@ -1,17 +1,8 @@ -$NetBSD: patch-aclocal.m4,v 1.1 2014/03/19 21:50:23 asau Exp $ +$NetBSD: patch-aclocal.m4,v 1.1.4.1 2014/08/25 15:59:27 tron Exp $ ---- aclocal.m4.orig 2014-03-05 08:26:32.000000000 +0000 +--- aclocal.m4.orig 2014-07-23 01:10:06.000000000 +0000 +++ aclocal.m4 -@@ -4546,7 +4546,7 @@ dgux*) - shlibpath_var=LD_LIBRARY_PATH - ;; - --freebsd1*) -+freebsd1|freebsd1.*) - dynamic_linker=no - ;; - -@@ -4557,7 +4557,7 @@ freebsd* | dragonfly*) +@@ -4553,7 +4553,7 @@ freebsd* | dragonfly*) objformat=`/usr/bin/objformat` else case $host_os in @@ -20,7 +11,7 @@ $NetBSD: patch-aclocal.m4,v 1.1 2014/03/19 21:50:23 asau Exp $ *) objformat=elf ;; esac fi -@@ -6173,7 +6173,7 @@ case $host_os in +@@ -6169,7 +6169,7 @@ case $host_os in ;; esac ;; @@ -29,12 +20,3 @@ $NetBSD: patch-aclocal.m4,v 1.1 2014/03/19 21:50:23 asau Exp $ # C++ shared libraries reported to be fairly broken before switch to ELF _LT_AC_TAGVAR(ld_shlibs, $1)=no ;; -@@ -8856,7 +8856,7 @@ _LT_EOF - _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no - ;; - -- freebsd1*) -+ freebsd1|freebsd1.*) - _LT_AC_TAGVAR(ld_shlibs, $1)=no - ;; - diff --git a/lang/php54/patches/patch-build_libtool.m4 b/lang/php54/patches/patch-build_libtool.m4 index 79a55b75731..ea55ab958ce 100644 --- a/lang/php54/patches/patch-build_libtool.m4 +++ b/lang/php54/patches/patch-build_libtool.m4 @@ -1,17 +1,8 @@ -$NetBSD: patch-build_libtool.m4,v 1.1 2014/03/19 21:50:23 asau Exp $ +$NetBSD: patch-build_libtool.m4,v 1.1.4.1 2014/08/25 15:59:27 tron Exp $ ---- build/libtool.m4.orig 2014-03-05 08:07:14.000000000 +0000 +--- build/libtool.m4.orig 2014-07-23 00:59:30.000000000 +0000 +++ build/libtool.m4 -@@ -1532,7 +1532,7 @@ dgux*) - shlibpath_var=LD_LIBRARY_PATH - ;; - --freebsd1*) -+freebsd1|freebsd1.*) - dynamic_linker=no - ;; - -@@ -1543,7 +1543,7 @@ freebsd* | dragonfly*) +@@ -1539,7 +1539,7 @@ freebsd* | dragonfly*) objformat=`/usr/bin/objformat` else case $host_os in @@ -20,7 +11,7 @@ $NetBSD: patch-build_libtool.m4,v 1.1 2014/03/19 21:50:23 asau Exp $ *) objformat=elf ;; esac fi -@@ -3159,7 +3159,7 @@ case $host_os in +@@ -3155,7 +3155,7 @@ case $host_os in ;; esac ;; @@ -29,12 +20,3 @@ $NetBSD: patch-build_libtool.m4,v 1.1 2014/03/19 21:50:23 asau Exp $ # C++ shared libraries reported to be fairly broken before switch to ELF _LT_AC_TAGVAR(ld_shlibs, $1)=no ;; -@@ -5842,7 +5842,7 @@ _LT_EOF - _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no - ;; - -- freebsd1*) -+ freebsd1|freebsd1.*) - _LT_AC_TAGVAR(ld_shlibs, $1)=no - ;; - diff --git a/lang/php54/patches/patch-configure b/lang/php54/patches/patch-configure index 38e0efec4db..fd3a25e6570 100644 --- a/lang/php54/patches/patch-configure +++ b/lang/php54/patches/patch-configure @@ -1,6 +1,6 @@ -$NetBSD: patch-configure,v 1.8 2014/06/13 14:31:19 fhajny Exp $ +$NetBSD: patch-configure,v 1.8.2.1 2014/08/25 15:59:27 tron Exp $ ---- configure.orig 2014-05-27 21:41:03.000000000 +0000 +--- configure.orig 2014-07-23 01:10:11.000000000 +0000 +++ configure @@ -8319,27 +8319,6 @@ EOF ;; @@ -108,25 +108,7 @@ $NetBSD: patch-configure,v 1.8 2014/06/13 14:31:19 fhajny Exp $ fi if test "$PHP_THREAD_SAFETY" = "yes" && test "$PHP_MYSQL" = "yes"; then -@@ -108733,7 +108686,7 @@ if test -z "$aix_libpath"; then aix_libp - hardcode_shlibpath_var=no - ;; - -- freebsd1*) -+ freebsd1|freebsd1.*) - ld_shlibs=no - ;; - -@@ -109382,7 +109335,7 @@ dgux*) - shlibpath_var=LD_LIBRARY_PATH - ;; - --freebsd1*) -+freebsd1|freebsd1.*) - dynamic_linker=no - ;; - -@@ -109393,7 +109346,7 @@ freebsd* | dragonfly*) +@@ -109385,7 +109338,7 @@ freebsd* | dragonfly*) objformat=`/usr/bin/objformat` else case $host_os in @@ -135,7 +117,7 @@ $NetBSD: patch-configure,v 1.8 2014/06/13 14:31:19 fhajny Exp $ *) objformat=elf ;; esac fi -@@ -111473,7 +111426,7 @@ if test -z "$aix_libpath"; then aix_libp +@@ -111465,7 +111418,7 @@ if test -z "$aix_libpath"; then aix_libp ;; esac ;; @@ -144,16 +126,7 @@ $NetBSD: patch-configure,v 1.8 2014/06/13 14:31:19 fhajny Exp $ # C++ shared libraries reported to be fairly broken before switch to ELF ld_shlibs_CXX=no ;; -@@ -113019,7 +112972,7 @@ dgux*) - shlibpath_var=LD_LIBRARY_PATH - ;; - --freebsd1*) -+freebsd1|freebsd1.*) - dynamic_linker=no - ;; - -@@ -113030,7 +112983,7 @@ freebsd* | dragonfly*) +@@ -113018,7 +112971,7 @@ freebsd* | dragonfly*) objformat=`/usr/bin/objformat` else case $host_os in diff --git a/lang/php54/patches/patch-ext_gd_libgd_gdxpm.c b/lang/php54/patches/patch-ext_gd_libgd_gdxpm.c deleted file mode 100644 index 69500e3e012..00000000000 --- a/lang/php54/patches/patch-ext_gd_libgd_gdxpm.c +++ /dev/null @@ -1,31 +0,0 @@ -$NetBSD: patch-ext_gd_libgd_gdxpm.c,v 1.1 2014/05/11 11:20:47 he Exp $ - -Patch to fix CVE-2014-2497, taken from -https://bugs.php.net/patch-display.php?bug_id=66901 - ---- ext/gd/libgd/gdxpm.c.orig 2014-04-29 08:04:30.000000000 +0000 -+++ ext/gd/libgd/gdxpm.c -@@ -39,6 +39,13 @@ gdImagePtr gdImageCreateFromXpm (char *f - number = image.ncolors; - colors = (int *) safe_emalloc(number, sizeof(int), 0); - for (i = 0; i < number; i++) { -+ if (!image.colorTable[i].c_color) -+ { -+ /* unsupported color key or color key not defined */ -+ gdImageDestroy(im); -+ im = 0; -+ goto done; -+ } - switch (strlen (image.colorTable[i].c_color)) { - case 4: - buf[1] = '\0'; -@@ -125,8 +132,8 @@ gdImagePtr gdImageCreateFromXpm (char *f - } - } - -- gdFree(colors); - done: -+ gdFree(colors); - XpmFreeXpmImage(&image); - XpmFreeXpmInfo(&info); - return im; diff --git a/lang/php54/patches/patch-ext_spl_spl__array.c b/lang/php54/patches/patch-ext_spl_spl__array.c deleted file mode 100644 index efc9ab909e5..00000000000 --- a/lang/php54/patches/patch-ext_spl_spl__array.c +++ /dev/null @@ -1,27 +0,0 @@ -$NetBSD: patch-ext_spl_spl__array.c,v 1.1.2.2 2014/07/17 18:46:37 tron Exp $ - -Fix for CVE-2014-4698. - ---- ext/spl/spl_array.c.orig 2014-06-25 22:53:57.000000000 +0000 -+++ ext/spl/spl_array.c -@@ -1745,6 +1745,7 @@ SPL_METHOD(Array, unserialize) - const unsigned char *p, *s; - php_unserialize_data_t var_hash; - zval *pmembers, *pflags = NULL; -+ HashTable *aht; - long flags; - - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &buf, &buf_len) == FAILURE) { -@@ -1756,6 +1757,12 @@ SPL_METHOD(Array, unserialize) - return; - } - -+ aht = spl_array_get_hash_table(intern, 0 TSRMLS_CC); -+ if (aht->nApplyCount > 0) { -+ zend_error(E_WARNING, "Modification of ArrayObject during sorting is prohibited"); -+ return; -+ } -+ - /* storage */ - s = p = (const unsigned char*)buf; - PHP_VAR_UNSERIALIZE_INIT(var_hash); diff --git a/lang/php54/patches/patch-ext_spl_spl__dllist.c b/lang/php54/patches/patch-ext_spl_spl__dllist.c deleted file mode 100644 index f51fb09c273..00000000000 --- a/lang/php54/patches/patch-ext_spl_spl__dllist.c +++ /dev/null @@ -1,18 +0,0 @@ -$NetBSD: patch-ext_spl_spl__dllist.c,v 1.1.2.2 2014/07/17 18:46:37 tron Exp $ - -Fix for CVE-2014-4670. - ---- ext/spl/spl_dllist.c.orig 2014-06-25 22:53:57.000000000 +0000 -+++ ext/spl/spl_dllist.c -@@ -916,6 +916,11 @@ SPL_METHOD(SplDoublyLinkedList, offsetUn - llist->dtor(element TSRMLS_CC); - } - -+ if (intern->traverse_pointer == element) { -+ SPL_LLIST_DELREF(element); -+ intern->traverse_pointer = NULL; -+ } -+ - zval_ptr_dtor((zval **)&element->data); - element->data = NULL; - |