Pullup ticket #4631 - requested by taca

lang/php54: security update Revisions pulled up: - lang/php/phpversion.mk 1.86 - lang/php54/Makefile 1.27 - lang/php54/distinfo 1.53 - lang/php54/patches/patch-ext_date_php_date.c deleted - lang/php54/patches/patch-ext_date_tests_bug68942_2.phpt deleted --- Module Name: pkgsrc Committed By: taca Date: Thu Feb 19 09:37:36 UTC 2015 Modified Files: pkgsrc/lang/php54: Makefile distinfo Removed Files: pkgsrc/lang/php54/patches: patch-ext_date_php_date.c patch-ext_date_tests_bug68942_2.phpt Log Message: Update php54 to 5.4.38 (PHP 5.4.38). 19 Feb 2015 PHP 5.4.38 - Core: . Removed support for multi-line headers, as the are deprecated by RFC 7230. (Stas) . Added NULL byte protection to exec, system and passthru. (Yasuo) . Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname buffer overflow). (Stas) . Fixed bug #67827 (broken detection of system crypt sha256/sha512 support). (ncopa at alpinelinux dot org) . Fixed bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone). (Stas) - Enchant: . Fixed bug #6855 (heap buffer overflow in enchant_broker_request_dict()). (Antony) - SOAP: . Fixed bug #67427 (SoapServer cannot handle large messages) (brandt at docoloc dot de) --- Module Name: pkgsrc Committed By: taca Date: Thu Feb 19 13:15:00 UTC 2015 Modified Files: pkgsrc/lang/php: phpversion.mk Log Message: Forgot to commit with php54 update.
author: tron <tron> 2015-03-01 16:19:23 +0000
committer: tron <tron> 2015-03-01 16:19:23 +0000
commit: 4dd29d83c9102f2d6050620d682fefbfcf663592 (patch)
tree: 45d7e62ca7863729b60048d766bfa6f712c82b1a
parent: 70acae8e0abd6f6948504812b98d953b7b3306ee (diff)
download: pkgsrc-4dd29d83c9102f2d6050620d682fefbfcf663592.tar.gz
5 files changed, 7 insertions, 56 deletions
diff --git a/lang/php/phpversion.mk b/lang/php/phpversion.mk
index 0f068e723d6..f935f7fe4fd 100644
--- a/lang/php/phpversion.mk
+++ b/lang/php/phpversion.mk
@@ -1,4 +1,4 @@
-# $NetBSD: phpversion.mk,v 1.81.2.3 2015/01/27 19:48:35 tron Exp $
+# $NetBSD: phpversion.mk,v 1.81.2.4 2015/03/01 16:19:23 tron Exp $
 #
 # This file selects a PHP version, based on the user's preferences and
 # the installed packages. It does not add a dependency on the PHP
@@ -82,7 +82,7 @@ PHPVERSION_MK=	defined
 
 # Define each PHP's version.
 PHP53_VERSION=	5.3.29
-PHP54_VERSION=	5.4.37
+PHP54_VERSION=	5.4.38
 PHP55_VERSION=	5.5.21
 PHP56_VERSION=	5.6.5
 
diff --git a/lang/php54/Makefile b/lang/php54/Makefile
index ad6e82dba5d..afbfe52fc7a 100644
--- a/lang/php54/Makefile
+++ b/lang/php54/Makefile
@@ -1,10 +1,9 @@
-# $NetBSD: Makefile,v 1.25.4.1 2015/02/18 18:41:36 tron Exp $
+# $NetBSD: Makefile,v 1.25.4.2 2015/03/01 16:19:23 tron Exp $
 
 #
 # We can't omit PKGNAME here to handle PKG_OPTIONS.
 #
 PKGNAME=		php-${PHP_BASE_VERS}
-PKGREVISION=		1
 CATEGORIES=		lang
 
 HOMEPAGE=		http://www.php.net/
diff --git a/lang/php54/distinfo b/lang/php54/distinfo
index b86b4880875..7ba6d7bf025 100644
--- a/lang/php54/distinfo
+++ b/lang/php54/distinfo
@@ -1,14 +1,12 @@
-$NetBSD: distinfo,v 1.50.2.2 2015/02/18 18:41:36 tron Exp $
+$NetBSD: distinfo,v 1.50.2.3 2015/03/01 16:19:23 tron Exp $
 
-SHA1 (php-5.4.37.tar.bz2) = 608e00a730e9674e1a2e2627175e7a27f4add18f
-RMD160 (php-5.4.37.tar.bz2) = 9aa559cd4c4c63701133194b59ccff0f241a2241
-Size (php-5.4.37.tar.bz2) = 12275113 bytes
+SHA1 (php-5.4.38.tar.bz2) = 863fcb872fe20d054d1a3444c27ec7f8be9f4317
+RMD160 (php-5.4.38.tar.bz2) = 5cd4d7c80badd19aa7e1081e3fd190607e46e1af
+Size (php-5.4.38.tar.bz2) = 12273298 bytes
 SHA1 (patch-acinclude.m4) = 71635e5381abf99a9fc9f2537b1c2f18e8096f00
 SHA1 (patch-aclocal.m4) = 699086785fcd3d3834cc6016479dbdae6518e522
 SHA1 (patch-build_libtool.m4) = d81527abea3bd97e220f00a5d5296d8b1bfe2659
 SHA1 (patch-configure) = df6209127b1e23d17bc7128da3a44f3e44bbfd48
-SHA1 (patch-ext_date_php_date.c) = e1c6551a422c54c7be7ec16e6d10821f47cb924c
-SHA1 (patch-ext_date_tests_bug68942_2.phpt) = 385ed2c3077b5384bff117b97867463c6bdac15e
 SHA1 (patch-ext_gd_config.m4) = 2353efe6f25e1081b41d61033c3185cc643c7891
 SHA1 (patch-ext_imap_config.m4) = 01681e8b54ee586ec4db72a5da2d0aec3fa89fcc
 SHA1 (patch-ext_mssql_php__mssql.c) = 732e48b05086180585a3087c2e9737db557dbc3b
diff --git a/lang/php54/patches/patch-ext_date_php_date.c b/lang/php54/patches/patch-ext_date_php_date.c
deleted file mode 100644
index 7d3797061bb..00000000000
--- a/lang/php54/patches/patch-ext_date_php_date.c
+++ /dev/null
@@ -1,30 +0,0 @@
-$NetBSD: patch-ext_date_php_date.c,v 1.1.2.2 2015/02/18 18:41:36 tron Exp $
-
-Fix bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone)
-
---- ext/date/php_date.c.orig	2015-01-20 20:06:02.000000000 +0000
-+++ ext/date/php_date.c
-@@ -2575,12 +2575,9 @@ static int php_date_initialize_from_hash
- 	timelib_tzinfo   *tzi;
- 	php_timezone_obj *tzobj;
- 
--	if (zend_hash_find(myht, "date", 5, (void**) &z_date) == SUCCESS) {
--		convert_to_string(*z_date);
--		if (zend_hash_find(myht, "timezone_type", 14, (void**) &z_timezone_type) == SUCCESS) {
--			convert_to_long(*z_timezone_type);
--			if (zend_hash_find(myht, "timezone", 9, (void**) &z_timezone) == SUCCESS) {
--				convert_to_string(*z_timezone);
-+	if (zend_hash_find(myht, "date", 5, (void**) &z_date) == SUCCESS && Z_TYPE_PP(z_date) == IS_STRING) {
-+		if (zend_hash_find(myht, "timezone_type", 14, (void**) &z_timezone_type) == SUCCESS && Z_TYPE_PP(z_timezone_type) == IS_LONG) {
-+			if (zend_hash_find(myht, "timezone", 9, (void**) &z_timezone) == SUCCESS && Z_TYPE_PP(z_timezone) == IS_STRING) {
- 
- 				switch (Z_LVAL_PP(z_timezone_type)) {
- 					case TIMELIB_ZONETYPE_OFFSET:
-@@ -2595,7 +2592,6 @@ static int php_date_initialize_from_hash
- 
- 					case TIMELIB_ZONETYPE_ID: {
- 						int ret;
--						convert_to_string(*z_timezone);
- 
- 						tzi = php_date_parse_tzfile(Z_STRVAL_PP(z_timezone), DATE_TIMEZONEDB TSRMLS_CC);
- 
diff --git a/lang/php54/patches/patch-ext_date_tests_bug68942_2.phpt b/lang/php54/patches/patch-ext_date_tests_bug68942_2.phpt
deleted file mode 100644
index 29dea1ea32e..00000000000
--- a/lang/php54/patches/patch-ext_date_tests_bug68942_2.phpt
+++ /dev/null
@@ -1,16 +0,0 @@
-$NetBSD: patch-ext_date_tests_bug68942_2.phpt,v 1.1.2.2 2015/02/18 18:41:36 tron Exp $
-
-Test for bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone)
-
---- ext/date/tests/bug68942_2.phpt.orig	2015-02-18 01:43:49.000000000 +0000
-+++ ext/date/tests/bug68942_2.phpt
-@@ -0,0 +1,9 @@
-+--TEST--
-+Bug #68942 (Use after free vulnerability in unserialize() with DateTime).
-+--FILE--
-+<?php
-+$data = unserialize('a:2:{i:0;O:8:"DateTime":3:{s:4:"date";s:26:"2000-01-01 00:00:00.000000";s:13:"timezone_type";a:2:{i:0;i:1;i:1;i:2;}s:8:"timezone";s:1:"A";}i:1;R:5;}');
-+var_dump($data);
-+?>
-+--EXPECTF--
-+Fatal error: Invalid serialization data for DateTime object in %s/bug68942_2.php on line %d
author	tron <tron>	2015-03-01 16:19:23 +0000
committer	tron <tron>	2015-03-01 16:19:23 +0000
commit	4dd29d83c9102f2d6050620d682fefbfcf663592 (patch)
tree	45d7e62ca7863729b60048d766bfa6f712c82b1a
parent	70acae8e0abd6f6948504812b98d953b7b3306ee (diff)
download	pkgsrc-4dd29d83c9102f2d6050620d682fefbfcf663592.tar.gz