Pullup ticket #4633 - requested by taca

lang/php56: security update Revisions pulled up: - lang/php/phpversion.mk 1.88 - lang/php56/Makefile 1.4 - lang/php56/PLIST 1.2 - lang/php56/distinfo 1.6 - lang/php56/patches/patch-ext_date_php_date.c deleted - lang/php56/patches/patch-ext_date_tests_bug68942.phpt deleted - lang/php56/patches/patch-ext_date_tests_bug68942_2.phpt deleted --- Module Name: pkgsrc Committed By: taca Date: Fri Feb 20 01:17:50 UTC 2015 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php56: Makefile PLIST distinfo Removed Files: pkgsrc/lang/php56/patches: patch-ext_date_php_date.c patch-ext_date_tests_bug68942.phpt patch-ext_date_tests_bug68942_2.phpt Log Message: Update php56 to 5.6.6 (PHP 5.6.6). 19 Feb 2015, PHP 5.6.6 - Core: . Removed support for multi-line headers, as the are deprecated by RFC 7230. (Stas) . Fixed bug #67068 (getClosure returns somethings that's not a closure). (Danack at basereality dot com) . Fixed bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone). (CVE-2015-0273) (Stas) . Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname buffer overflow). (Stas) . Fixed Bug #67988 (htmlspecialchars() does not respect default_charset specified by ini_set) (Yasuo) . Added NULL byte protection to exec, system and passthru. (Yasuo) - Dba: . Fixed bug #68711 (useless comparisons). (bugreports at internot dot info) - Enchant: . Fixed bug #68552 (heap buffer overflow in enchant_broker_request_dict()). (Antony) - Fileinfo: . Fixed bug #68827 (Double free with disabled ZMM). (Joshua Rogers) . Fixed bug #67647 (Bundled libmagic 5.17 does not detect quicktime files correctly). (Anatol) . Fixed bug #68731 (finfo_buffer doesn't extract the correct mime with some gifs). (Anatol) - FPM: . Fixed bug #66479 (Wrong response to FCGI_GET_VALUES). (Frank Stolle) . Fixed bug #68571 (core dump when webserver close the socket). (redfoxli069 at gmail dot com, Laruence) - JSON: . Fixed bug #50224 (json_encode() does not always encode a float as a float) by adding JSON_PRESERVE_ZERO_FRACTION. (Juan Basso) - LIBXML: . Fixed bug #64938 (libxml_disable_entity_loader setting is shared between threads). (Martin Jansen) - Mysqli: . Fixed bug #68114 (linker error on some OS X machines with fixed width decimal support) (Keyur Govande) . Fixed bug #68657 (Reading 4 byte floats with Mysqli and libmysqlclient has rounding errors) (Keyur Govande) - Opcache: . Fixed bug with try blocks being removed when extended_info opcode generation is turned on. (Laruence) - PDO_mysql: . Fixed bug #68750 (PDOMysql with mysqlnd does not allow the usage of named pipes). (steffenb198 at aol dot com) - Phar: . Fixed bug #68901 (use after free). (bugreports at internot dot info) - Pgsql: . Fixed Bug #65199 (pg_copy_from() modifies input array variable) (Yasuo) - Session: . Fixed bug #68941 (mod_files.sh is a bash-script) (bugzilla at ii.nl, Yasuo) . Fixed Bug #66623 (no EINTR check on flock) (Yasuo) . Fixed bug #68063 (Empty session IDs do still start sessions) (Yasuo) - Sqlite3: . Fixed bug #68260 (SQLite3Result::fetchArray declares wrong required_num_args). (Julien) - Standard: . Fixed bug #65272 (flock() out parameter not set correctly in windows). (Daniel Lowrey) . Fixed bug #69033 (Request may get env. variables from previous requests if PHP works as FastCGI). (Anatol) - Streams: . Fixed bug which caused call after final close on streams filter. (Bob)
author: tron <tron> 2015-03-04 18:52:36 +0000
committer: tron <tron> 2015-03-04 18:52:36 +0000
commit: b2d3cc614a8e95ce7c9499213acf70605e52e950 (patch)
tree: 7324e22dea2849d96c8f8d64b30b4700d71edb83
parent: a3677b8501dfb9afeec859a4492b79f8d9ae89a3 (diff)
download: pkgsrc-b2d3cc614a8e95ce7c9499213acf70605e52e950.tar.gz
7 files changed, 9 insertions, 107 deletions
diff --git a/lang/php/phpversion.mk b/lang/php/phpversion.mk
index 14e0dc2dbbb..1b27e35ed87 100644
--- a/lang/php/phpversion.mk
+++ b/lang/php/phpversion.mk
@@ -1,4 +1,4 @@
-# $NetBSD: phpversion.mk,v 1.81.2.5 2015/03/03 20:58:45 tron Exp $
+# $NetBSD: phpversion.mk,v 1.81.2.6 2015/03/04 18:52:36 tron Exp $
 #
 # This file selects a PHP version, based on the user's preferences and
 # the installed packages. It does not add a dependency on the PHP
@@ -84,7 +84,7 @@ PHPVERSION_MK=	defined
 PHP53_VERSION=	5.3.29
 PHP54_VERSION=	5.4.38
 PHP55_VERSION=	5.5.22
-PHP56_VERSION=	5.6.5
+PHP56_VERSION=	5.6.6
 
 # Define initial release of major version.
 PHP53_RELDATE=	20090630
diff --git a/lang/php56/Makefile b/lang/php56/Makefile
index 55a651ccebf..c759e566a42 100644
--- a/lang/php56/Makefile
+++ b/lang/php56/Makefile
@@ -1,10 +1,9 @@
-# $NetBSD: Makefile,v 1.1.2.1 2015/02/19 19:18:59 tron Exp $
+# $NetBSD: Makefile,v 1.1.2.2 2015/03/04 18:52:36 tron Exp $
 
 #
 # We can't omit PKGNAME here to handle PKG_OPTIONS.
 #
 PKGNAME=		php-${PHP_BASE_VERS}
-PKGREVISION=		1
 CATEGORIES=		lang
 
 HOMEPAGE=		http://www.php.net/
diff --git a/lang/php56/PLIST b/lang/php56/PLIST
index 74897edc836..f9697406a8b 100644
--- a/lang/php56/PLIST
+++ b/lang/php56/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.1 2014/11/24 15:37:08 taca Exp $
+@comment $NetBSD: PLIST,v 1.1.2.1 2015/03/04 18:52:36 tron Exp $
 bin/phar
 bin/phar.phar
 bin/php
@@ -96,6 +96,7 @@ include/php/ext/hash/php_hash_tiger.h
 include/php/ext/hash/php_hash_whirlpool.h
 include/php/ext/libxml/php_libxml.h
 include/php/ext/mysqlnd/config-win.h
+include/php/ext/mysqlnd/mysql_float_to_double.h
 include/php/ext/mysqlnd/mysqlnd.h
 include/php/ext/mysqlnd/mysqlnd_alloc.h
 include/php/ext/mysqlnd/mysqlnd_block_alloc.h
diff --git a/lang/php56/distinfo b/lang/php56/distinfo
index 57433a8045d..2808ddf3cef 100644
--- a/lang/php56/distinfo
+++ b/lang/php56/distinfo
@@ -1,15 +1,12 @@
-$NetBSD: distinfo,v 1.3.2.2 2015/02/19 19:18:59 tron Exp $
+$NetBSD: distinfo,v 1.3.2.3 2015/03/04 18:52:36 tron Exp $
 
-SHA1 (php-5.6.5.tar.bz2) = a523a13110a66f020c36f088089d2c5c7de9f6a9
-RMD160 (php-5.6.5.tar.bz2) = 9c9219b69187c2b14c9bb3b74ef30a65dbf458ed
-Size (php-5.6.5.tar.bz2) = 13556146 bytes
+SHA1 (php-5.6.6.tar.bz2) = 6795db456f66193634ff38cf8039636b168eda3c
+RMD160 (php-5.6.6.tar.bz2) = 8d9a30c550397b9863cefbb7ea012b6a7e7e26ff
+Size (php-5.6.6.tar.bz2) = 13687928 bytes
 SHA1 (patch-acinclude.m4) = b38fc34c3a3847dc317e8e286612b21ec8fd5ce8
 SHA1 (patch-aclocal.m4) = 49117c42e03bd3ed57d967d33ba543f936013b4f
 SHA1 (patch-build_libtool.m4) = f459cda09cbdad9780568d271091fb17bbc5d965
 SHA1 (patch-configure) = d3d44c814deb0264fd4fc41908c2ff31fde00b0d
-SHA1 (patch-ext_date_php_date.c) = a5d594d5b054f170f5cd129c0a9ddec6334cce9a
-SHA1 (patch-ext_date_tests_bug68942.phpt) = d3ebf7a5f78bf8b4b3f1a0c85d40480c335b491e
-SHA1 (patch-ext_date_tests_bug68942_2.phpt) = af2a9ffef7c7f0ecf5425e96cfb67dd3beac6827
 SHA1 (patch-ext_gd_config.m4) = 4b44853250eb4a638af4c663e618307ff25d2cbd
 SHA1 (patch-ext_imap_config.m4) = 9c6ed6966366c4fe1b7cfd34b5910e2ff0e68577
 SHA1 (patch-ext_mssql_php__mssql.c) = c4fa9231dc539ffb027f1beb6f182f21ddb94a3c
diff --git a/lang/php56/patches/patch-ext_date_php_date.c b/lang/php56/patches/patch-ext_date_php_date.c
deleted file mode 100644
index 96e505bdf55..00000000000
--- a/lang/php56/patches/patch-ext_date_php_date.c
+++ /dev/null
@@ -1,63 +0,0 @@
-$NetBSD: patch-ext_date_php_date.c,v 1.1.2.2 2015/02/19 19:18:59 tron Exp $
-
-Fix CVE-2015-0273 / bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone)
-
---- ext/date/php_date.c.orig	2015-01-21 00:40:37.000000000 +0000
-+++ ext/date/php_date.c
-@@ -2807,12 +2807,9 @@ static int php_date_initialize_from_hash
- 	timelib_tzinfo   *tzi;
- 	php_timezone_obj *tzobj;
- 
--	if (zend_hash_find(myht, "date", 5, (void**) &z_date) == SUCCESS) {
--		convert_to_string(*z_date);
--		if (zend_hash_find(myht, "timezone_type", 14, (void**) &z_timezone_type) == SUCCESS) {
--			convert_to_long(*z_timezone_type);
--			if (zend_hash_find(myht, "timezone", 9, (void**) &z_timezone) == SUCCESS) {
--				convert_to_string(*z_timezone);
-+	if (zend_hash_find(myht, "date", 5, (void**) &z_date) == SUCCESS && Z_TYPE_PP(z_date) == IS_STRING) {
-+		if (zend_hash_find(myht, "timezone_type", 14, (void**) &z_timezone_type) == SUCCESS && Z_TYPE_PP(z_timezone_type) == IS_LONG) {
-+			if (zend_hash_find(myht, "timezone", 9, (void**) &z_timezone) == SUCCESS && Z_TYPE_PP(z_timezone) == IS_STRING) {
- 
- 				switch (Z_LVAL_PP(z_timezone_type)) {
- 					case TIMELIB_ZONETYPE_OFFSET:
-@@ -2827,7 +2824,6 @@ static int php_date_initialize_from_hash
- 
- 					case TIMELIB_ZONETYPE_ID: {
- 						int ret;
--						convert_to_string(*z_timezone);
- 
- 						tzi = php_date_parse_tzfile(Z_STRVAL_PP(z_timezone), DATE_TIMEZONEDB TSRMLS_CC);
- 
-@@ -3744,9 +3740,8 @@ static int php_date_timezone_initialize_
- 	zval            **z_timezone = NULL;
- 	zval            **z_timezone_type = NULL;
- 
--	if (zend_hash_find(myht, "timezone_type", 14, (void**) &z_timezone_type) == SUCCESS) {
-+	if (zend_hash_find(myht, "timezone_type", 14, (void**) &z_timezone_type) == SUCCESS && Z_TYPE_PP(z_timezone_type) == IS_LONG) {
- 		if (zend_hash_find(myht, "timezone", 9, (void**) &z_timezone) == SUCCESS) {
--			convert_to_long(*z_timezone_type);
- 			if (SUCCESS == timezone_initialize(*tzobj, Z_STRVAL_PP(z_timezone) TSRMLS_CC)) {
- 				return SUCCESS;
- 			}
-@@ -3771,7 +3766,9 @@ PHP_METHOD(DateTimeZone, __set_state)
- 
- 	php_date_instantiate(date_ce_timezone, return_value TSRMLS_CC);
- 	tzobj = (php_timezone_obj *) zend_object_store_get_object(return_value TSRMLS_CC);
--	php_date_timezone_initialize_from_hash(&return_value, &tzobj, myht TSRMLS_CC);
-+	if(php_date_timezone_initialize_from_hash(&return_value, &tzobj, myht TSRMLS_CC) != SUCCESS) {
-+		php_error_docref(NULL, E_ERROR, "Timezone initialization failed");
-+	}
- }
- /* }}} */
- 
-@@ -3787,7 +3784,9 @@ PHP_METHOD(DateTimeZone, __wakeup)
- 
- 	myht = Z_OBJPROP_P(object);
- 	
--	php_date_timezone_initialize_from_hash(&return_value, &tzobj, myht TSRMLS_CC);
-+	if(php_date_timezone_initialize_from_hash(&return_value, &tzobj, myht TSRMLS_CC) != SUCCESS) {
-+		php_error_docref(NULL, E_ERROR, "Timezone initialization failed");
-+	}
- }
- /* }}} */
- 
diff --git a/lang/php56/patches/patch-ext_date_tests_bug68942.phpt b/lang/php56/patches/patch-ext_date_tests_bug68942.phpt
deleted file mode 100644
index d88b6d3b680..00000000000
--- a/lang/php56/patches/patch-ext_date_tests_bug68942.phpt
+++ /dev/null
@@ -1,16 +0,0 @@
-$NetBSD: patch-ext_date_tests_bug68942.phpt,v 1.1.2.2 2015/02/19 19:18:59 tron Exp $
-
-Test CVE-2015-0273 / bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone)
-
---- ext/date/tests/bug68942.phpt.orig	2015-02-18 23:36:15.000000000 +0000
-+++ ext/date/tests/bug68942.phpt
-@@ -0,0 +1,9 @@
-+--TEST--
-+Bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone).
-+--FILE--
-+<?php
-+$data = unserialize('a:2:{i:0;O:12:"DateTimeZone":2:{s:13:"timezone_type";a:2:{i:0;i:1;i:1;i:2;}s:8:"timezone";s:1:"A";}i:1;R:4;}');
-+var_dump($data);
-+?>
-+--EXPECTF--
-+Fatal error: DateTimeZone::__wakeup(): Timezone initialization failed in %s/bug68942.php on line %d
diff --git a/lang/php56/patches/patch-ext_date_tests_bug68942_2.phpt b/lang/php56/patches/patch-ext_date_tests_bug68942_2.phpt
deleted file mode 100644
index 1b33e6eed6e..00000000000
--- a/lang/php56/patches/patch-ext_date_tests_bug68942_2.phpt
+++ /dev/null
@@ -1,16 +0,0 @@
-$NetBSD: patch-ext_date_tests_bug68942_2.phpt,v 1.1.2.2 2015/02/19 19:18:59 tron Exp $
-
-Test CVE-2015-0273 / bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone)
-
---- ext/date/tests/bug68942_2.phpt.orig	2015-02-18 23:37:44.000000000 +0000
-+++ ext/date/tests/bug68942_2.phpt
-@@ -0,0 +1,9 @@
-+--TEST--
-+Bug #68942 (Use after free vulnerability in unserialize() with DateTime).
-+--FILE--
-+<?php
-+$data = unserialize('a:2:{i:0;O:8:"DateTime":3:{s:4:"date";s:26:"2000-01-01 00:00:00.000000";s:13:"timezone_type";a:2:{i:0;i:1;i:1;i:2;}s:8:"timezone";s:1:"A";}i:1;R:5;}');
-+var_dump($data);
-+?>
-+--EXPECTF--
-+Fatal error: Invalid serialization data for DateTime object in %s/bug68942_2.php on line %d
author	tron <tron>	2015-03-04 18:52:36 +0000
committer	tron <tron>	2015-03-04 18:52:36 +0000
commit	b2d3cc614a8e95ce7c9499213acf70605e52e950 (patch)
tree	7324e22dea2849d96c8f8d64b30b4700d71edb83
parent	a3677b8501dfb9afeec859a4492b79f8d9ae89a3 (diff)
download	pkgsrc-b2d3cc614a8e95ce7c9499213acf70605e52e950.tar.gz