diff options
author | tron <tron> | 2015-03-01 16:19:23 +0000 |
---|---|---|
committer | tron <tron> | 2015-03-01 16:19:23 +0000 |
commit | 4dd29d83c9102f2d6050620d682fefbfcf663592 (patch) | |
tree | 45d7e62ca7863729b60048d766bfa6f712c82b1a | |
parent | 70acae8e0abd6f6948504812b98d953b7b3306ee (diff) | |
download | pkgsrc-4dd29d83c9102f2d6050620d682fefbfcf663592.tar.gz |
Pullup ticket #4631 - requested by taca
lang/php54: security update
Revisions pulled up:
- lang/php/phpversion.mk 1.86
- lang/php54/Makefile 1.27
- lang/php54/distinfo 1.53
- lang/php54/patches/patch-ext_date_php_date.c deleted
- lang/php54/patches/patch-ext_date_tests_bug68942_2.phpt deleted
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Feb 19 09:37:36 UTC 2015
Modified Files:
pkgsrc/lang/php54: Makefile distinfo
Removed Files:
pkgsrc/lang/php54/patches: patch-ext_date_php_date.c
patch-ext_date_tests_bug68942_2.phpt
Log Message:
Update php54 to 5.4.38 (PHP 5.4.38).
19 Feb 2015 PHP 5.4.38
- Core:
. Removed support for multi-line headers, as the are deprecated by RFC 7230.
(Stas)
. Added NULL byte protection to exec, system and passthru. (Yasuo)
. Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname
buffer overflow). (Stas)
. Fixed bug #67827 (broken detection of system crypt sha256/sha512 support).
(ncopa at alpinelinux dot org)
. Fixed bug #68942 (Use after free vulnerability in unserialize() with
DateTimeZone). (Stas)
- Enchant:
. Fixed bug #6855 (heap buffer overflow in enchant_broker_request_dict()).
(Antony)
- SOAP:
. Fixed bug #67427 (SoapServer cannot handle large messages)
(brandt at docoloc dot de)
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Feb 19 13:15:00 UTC 2015
Modified Files:
pkgsrc/lang/php: phpversion.mk
Log Message:
Forgot to commit with php54 update.
-rw-r--r-- | lang/php/phpversion.mk | 4 | ||||
-rw-r--r-- | lang/php54/Makefile | 3 | ||||
-rw-r--r-- | lang/php54/distinfo | 10 | ||||
-rw-r--r-- | lang/php54/patches/patch-ext_date_php_date.c | 30 | ||||
-rw-r--r-- | lang/php54/patches/patch-ext_date_tests_bug68942_2.phpt | 16 |
5 files changed, 7 insertions, 56 deletions
diff --git a/lang/php/phpversion.mk b/lang/php/phpversion.mk index 0f068e723d6..f935f7fe4fd 100644 --- a/lang/php/phpversion.mk +++ b/lang/php/phpversion.mk @@ -1,4 +1,4 @@ -# $NetBSD: phpversion.mk,v 1.81.2.3 2015/01/27 19:48:35 tron Exp $ +# $NetBSD: phpversion.mk,v 1.81.2.4 2015/03/01 16:19:23 tron Exp $ # # This file selects a PHP version, based on the user's preferences and # the installed packages. It does not add a dependency on the PHP @@ -82,7 +82,7 @@ PHPVERSION_MK= defined # Define each PHP's version. PHP53_VERSION= 5.3.29 -PHP54_VERSION= 5.4.37 +PHP54_VERSION= 5.4.38 PHP55_VERSION= 5.5.21 PHP56_VERSION= 5.6.5 diff --git a/lang/php54/Makefile b/lang/php54/Makefile index ad6e82dba5d..afbfe52fc7a 100644 --- a/lang/php54/Makefile +++ b/lang/php54/Makefile @@ -1,10 +1,9 @@ -# $NetBSD: Makefile,v 1.25.4.1 2015/02/18 18:41:36 tron Exp $ +# $NetBSD: Makefile,v 1.25.4.2 2015/03/01 16:19:23 tron Exp $ # # We can't omit PKGNAME here to handle PKG_OPTIONS. # PKGNAME= php-${PHP_BASE_VERS} -PKGREVISION= 1 CATEGORIES= lang HOMEPAGE= http://www.php.net/ diff --git a/lang/php54/distinfo b/lang/php54/distinfo index b86b4880875..7ba6d7bf025 100644 --- a/lang/php54/distinfo +++ b/lang/php54/distinfo @@ -1,14 +1,12 @@ -$NetBSD: distinfo,v 1.50.2.2 2015/02/18 18:41:36 tron Exp $ +$NetBSD: distinfo,v 1.50.2.3 2015/03/01 16:19:23 tron Exp $ -SHA1 (php-5.4.37.tar.bz2) = 608e00a730e9674e1a2e2627175e7a27f4add18f -RMD160 (php-5.4.37.tar.bz2) = 9aa559cd4c4c63701133194b59ccff0f241a2241 -Size (php-5.4.37.tar.bz2) = 12275113 bytes +SHA1 (php-5.4.38.tar.bz2) = 863fcb872fe20d054d1a3444c27ec7f8be9f4317 +RMD160 (php-5.4.38.tar.bz2) = 5cd4d7c80badd19aa7e1081e3fd190607e46e1af +Size (php-5.4.38.tar.bz2) = 12273298 bytes SHA1 (patch-acinclude.m4) = 71635e5381abf99a9fc9f2537b1c2f18e8096f00 SHA1 (patch-aclocal.m4) = 699086785fcd3d3834cc6016479dbdae6518e522 SHA1 (patch-build_libtool.m4) = d81527abea3bd97e220f00a5d5296d8b1bfe2659 SHA1 (patch-configure) = df6209127b1e23d17bc7128da3a44f3e44bbfd48 -SHA1 (patch-ext_date_php_date.c) = e1c6551a422c54c7be7ec16e6d10821f47cb924c -SHA1 (patch-ext_date_tests_bug68942_2.phpt) = 385ed2c3077b5384bff117b97867463c6bdac15e SHA1 (patch-ext_gd_config.m4) = 2353efe6f25e1081b41d61033c3185cc643c7891 SHA1 (patch-ext_imap_config.m4) = 01681e8b54ee586ec4db72a5da2d0aec3fa89fcc SHA1 (patch-ext_mssql_php__mssql.c) = 732e48b05086180585a3087c2e9737db557dbc3b diff --git a/lang/php54/patches/patch-ext_date_php_date.c b/lang/php54/patches/patch-ext_date_php_date.c deleted file mode 100644 index 7d3797061bb..00000000000 --- a/lang/php54/patches/patch-ext_date_php_date.c +++ /dev/null @@ -1,30 +0,0 @@ -$NetBSD: patch-ext_date_php_date.c,v 1.1.2.2 2015/02/18 18:41:36 tron Exp $ - -Fix bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone) - ---- ext/date/php_date.c.orig 2015-01-20 20:06:02.000000000 +0000 -+++ ext/date/php_date.c -@@ -2575,12 +2575,9 @@ static int php_date_initialize_from_hash - timelib_tzinfo *tzi; - php_timezone_obj *tzobj; - -- if (zend_hash_find(myht, "date", 5, (void**) &z_date) == SUCCESS) { -- convert_to_string(*z_date); -- if (zend_hash_find(myht, "timezone_type", 14, (void**) &z_timezone_type) == SUCCESS) { -- convert_to_long(*z_timezone_type); -- if (zend_hash_find(myht, "timezone", 9, (void**) &z_timezone) == SUCCESS) { -- convert_to_string(*z_timezone); -+ if (zend_hash_find(myht, "date", 5, (void**) &z_date) == SUCCESS && Z_TYPE_PP(z_date) == IS_STRING) { -+ if (zend_hash_find(myht, "timezone_type", 14, (void**) &z_timezone_type) == SUCCESS && Z_TYPE_PP(z_timezone_type) == IS_LONG) { -+ if (zend_hash_find(myht, "timezone", 9, (void**) &z_timezone) == SUCCESS && Z_TYPE_PP(z_timezone) == IS_STRING) { - - switch (Z_LVAL_PP(z_timezone_type)) { - case TIMELIB_ZONETYPE_OFFSET: -@@ -2595,7 +2592,6 @@ static int php_date_initialize_from_hash - - case TIMELIB_ZONETYPE_ID: { - int ret; -- convert_to_string(*z_timezone); - - tzi = php_date_parse_tzfile(Z_STRVAL_PP(z_timezone), DATE_TIMEZONEDB TSRMLS_CC); - diff --git a/lang/php54/patches/patch-ext_date_tests_bug68942_2.phpt b/lang/php54/patches/patch-ext_date_tests_bug68942_2.phpt deleted file mode 100644 index 29dea1ea32e..00000000000 --- a/lang/php54/patches/patch-ext_date_tests_bug68942_2.phpt +++ /dev/null @@ -1,16 +0,0 @@ -$NetBSD: patch-ext_date_tests_bug68942_2.phpt,v 1.1.2.2 2015/02/18 18:41:36 tron Exp $ - -Test for bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone) - ---- ext/date/tests/bug68942_2.phpt.orig 2015-02-18 01:43:49.000000000 +0000 -+++ ext/date/tests/bug68942_2.phpt -@@ -0,0 +1,9 @@ -+--TEST-- -+Bug #68942 (Use after free vulnerability in unserialize() with DateTime). -+--FILE-- -+<?php -+$data = unserialize('a:2:{i:0;O:8:"DateTime":3:{s:4:"date";s:26:"2000-01-01 00:00:00.000000";s:13:"timezone_type";a:2:{i:0;i:1;i:1;i:2;}s:8:"timezone";s:1:"A";}i:1;R:5;}'); -+var_dump($data); -+?> -+--EXPECTF-- -+Fatal error: Invalid serialization data for DateTime object in %s/bug68942_2.php on line %d |