diff options
| author | tron <tron> | 2015-03-03 20:58:45 +0000 |
|---|---|---|
| committer | tron <tron> | 2015-03-03 20:58:45 +0000 |
| commit | c06ee7b01dad627a16540bf4962c2d98bbda16d0 (patch) | |
| tree | 83cd85ab2798ccca03e995a3e6d99c1adf4cc6a6 | |
| parent | c1bc56c073a4cfdac6f67ad4458a6616971ff0b1 (diff) | |
| download | pkgsrc-c06ee7b01dad627a16540bf4962c2d98bbda16d0.tar.gz | |
Pullup ticket #4632 - requested by taca
lang/php55: security update
Revisions pulled up:
- lang/php/phpversion.mk 1.87
- lang/php55/Makefile 1.19
- lang/php55/PLIST 1.5
- lang/php55/distinfo 1.35
- lang/php55/patches/patch-ext_date_php_date.c deleted
- lang/php55/patches/patch-ext_date_tests_bug68942.phpt deleted
- lang/php55/patches/patch-ext_date_tests_bug68942_2.phpt deleted
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Feb 19 13:35:24 UTC 2015
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php55: Makefile PLIST distinfo
Removed Files:
pkgsrc/lang/php55/patches: patch-ext_date_php_date.c
patch-ext_date_tests_bug68942.phpt
patch-ext_date_tests_bug68942_2.phpt
Log Message:
Update php55 to 5.5.22 (PHP 5.5.22).
19 Feb 2015, PHP 5.5.22
- Core:
. Fixed bug #67068 (getClosure returns somethings that's not a closure).
(Danack at basereality dot com)
. Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname
buffer overflow). (Stas)
. Fixed bug #68942 (Use after free vulnerability in unserialize() with
DateTimeZone). (CVE-2015-0273) (Stas)
. Added NULL byte protection to exec, system and passthru. (Yasuo)
. Removed support for multi-line headers, as the are deprecated by RFC 7230.
(Stas)
- Date:
. Fixed bug #45081 (strtotime incorrectly interprets SGT time zone). (Derick)
- Dba:
. Fixed bug #68711 (useless comparisons). (bugreports at internot dot info)
- Enchant:
. Fixed bug #6855 (heap buffer overflow in enchant_broker_request_dict()).
(Antony)
- Fileinfo:
. Fixed bug #68827 (Double free with disabled ZMM). (Joshua Rogers)
- FPM:
. Fixed bug #66479 (Wrong response to FCGI_GET_VALUES). (Frank Stolle)
. Fixed bug #68571 (core dump when webserver close the socket).
(redfoxli069 at gmail dot com, Laruence)
- Libxml:
. Fixed bug #64938 (libxml_disable_entity_loader setting is shared
between threads). (Martin Jansen)
- OpenSSL:
. Fixed bug #55618 (use case-insensitive cert name matching).
(Daniel Lowrey)
- PDO_mysql:
. Fixed bug #68750 (PDOMysql with mysqlnd does not allow the usage of
named pipes). (steffenb198@aol.com)
- Phar:
. Fixed bug #68901 (use after free). (bugreports at internot dot info)
- Pgsql:
. Fixed Bug #65199 'pg_copy_from() modifies input array variable). (Yasuo)
- Sqlite3:
. Fixed bug #68260 (SQLite3Result::fetchArray declares wrong
required_num_args). (Julien)
- Mysqli:
. Fixed bug #68114 (linker error on some OS X machines with fixed
width decimal support) (Keyur Govande)
. Fixed bug #68657 (Reading 4 byte floats with Mysqli and libmysqlclient
has rounding errors) (Keyur Govande)
- Session:
. Fixed bug #68941 (mod_files.sh is a bash-script) (bugzilla at ii.nl, Yasuo)
. Fixed Bug #66623 (no EINTR check on flock) (Yasuo)
. Fixed bug #68063 (Empty session IDs do still start sessions) (Yasuo)
- Standard:
. Fixed bug #65272 (flock() out parameter not set correctly in windows).
(Daniel Lowrey)
. Fixed bug #69033 (Request may get env. variables from previous requests
if PHP works as FastCGI)
- Streams:
. Fixed bug which caused call after final close on streams filter. (Bob)
| -rw-r--r-- | lang/php/phpversion.mk | 4 | ||||
| -rw-r--r-- | lang/php55/Makefile | 3 | ||||
| -rw-r--r-- | lang/php55/PLIST | 3 | ||||
| -rw-r--r-- | lang/php55/distinfo | 11 | ||||
| -rw-r--r-- | lang/php55/patches/patch-ext_date_php_date.c | 63 | ||||
| -rw-r--r-- | lang/php55/patches/patch-ext_date_tests_bug68942.phpt | 16 | ||||
| -rw-r--r-- | lang/php55/patches/patch-ext_date_tests_bug68942_2.phpt | 16 |
7 files changed, 9 insertions, 107 deletions
diff --git a/lang/php/phpversion.mk b/lang/php/phpversion.mk index f935f7fe4fd..14e0dc2dbbb 100644 --- a/lang/php/phpversion.mk +++ b/lang/php/phpversion.mk @@ -1,4 +1,4 @@ -# $NetBSD: phpversion.mk,v 1.81.2.4 2015/03/01 16:19:23 tron Exp $ +# $NetBSD: phpversion.mk,v 1.81.2.5 2015/03/03 20:58:45 tron Exp $ # # This file selects a PHP version, based on the user's preferences and # the installed packages. It does not add a dependency on the PHP @@ -83,7 +83,7 @@ PHPVERSION_MK= defined # Define each PHP's version. PHP53_VERSION= 5.3.29 PHP54_VERSION= 5.4.38 -PHP55_VERSION= 5.5.21 +PHP55_VERSION= 5.5.22 PHP56_VERSION= 5.6.5 # Define initial release of major version. diff --git a/lang/php55/Makefile b/lang/php55/Makefile index 073e2dfd34e..e960c2b0177 100644 --- a/lang/php55/Makefile +++ b/lang/php55/Makefile @@ -1,10 +1,9 @@ -# $NetBSD: Makefile,v 1.16.4.1 2015/02/18 18:54:20 tron Exp $ +# $NetBSD: Makefile,v 1.16.4.2 2015/03/03 20:58:45 tron Exp $ # # We can't omit PKGNAME here to handle PKG_OPTIONS. # PKGNAME= php-${PHP_BASE_VERS} -PKGREVISION= 1 CATEGORIES= lang HOMEPAGE= http://www.php.net/ diff --git a/lang/php55/PLIST b/lang/php55/PLIST index f080d0e9b93..549e81ecb95 100644 --- a/lang/php55/PLIST +++ b/lang/php55/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.4 2014/11/15 14:53:12 taca Exp $ +@comment $NetBSD: PLIST,v 1.4.2.1 2015/03/03 20:58:45 tron Exp $ bin/phar bin/phar.phar bin/php @@ -96,6 +96,7 @@ include/php/ext/hash/php_hash_types.h include/php/ext/hash/php_hash_whirlpool.h include/php/ext/libxml/php_libxml.h include/php/ext/mysqlnd/config-win.h +include/php/ext/mysqlnd/mysql_float_to_double.h include/php/ext/mysqlnd/mysqlnd.h include/php/ext/mysqlnd/mysqlnd_alloc.h include/php/ext/mysqlnd/mysqlnd_block_alloc.h diff --git a/lang/php55/distinfo b/lang/php55/distinfo index 6bc66a5fdf0..b00ae98b776 100644 --- a/lang/php55/distinfo +++ b/lang/php55/distinfo @@ -1,15 +1,12 @@ -$NetBSD: distinfo,v 1.32.2.2 2015/02/18 18:54:20 tron Exp $ +$NetBSD: distinfo,v 1.32.2.3 2015/03/03 20:58:45 tron Exp $ -SHA1 (php-5.5.21.tar.bz2) = a6251bb3565f144593df4329fd15bedd70ae13a8 -RMD160 (php-5.5.21.tar.bz2) = eaea30ff8b5facbb03197ab81101f5b0e34463f5 -Size (php-5.5.21.tar.bz2) = 13306064 bytes +SHA1 (php-5.5.22.tar.bz2) = 76fcfc157855100e2bb09b22209e78e3088a4b11 +RMD160 (php-5.5.22.tar.bz2) = 8849bc779dbb8687d83e2d50dd476d43900713d6 +Size (php-5.5.22.tar.bz2) = 13305486 bytes SHA1 (patch-acinclude.m4) = 9e9c433e4cb96e469f7cf14b2064a0f41fc4568a SHA1 (patch-aclocal.m4) = 46f192351e541453b1e32299acd1b4cfefc93cb2 SHA1 (patch-build_libtool.m4) = 3811edd697fd21eadc4f65cba35c6297141e8ff2 SHA1 (patch-configure) = e81731b426b31656de72a4e4b3ad341b5ac34f82 -SHA1 (patch-ext_date_php_date.c) = 7a70c71942db9ff2d5622bd4b946f8229159f703 -SHA1 (patch-ext_date_tests_bug68942.phpt) = c73486a8023d27c2a5a0a2656ba4a8d8dbc990a5 -SHA1 (patch-ext_date_tests_bug68942_2.phpt) = 420530f386c80f975d7ba3d8a3c61d44766a7633 SHA1 (patch-ext_gd_config.m4) = 91c9798333d4776856a0a9e20196986856b758b2 SHA1 (patch-ext_imap_config.m4) = 01681e8b54ee586ec4db72a5da2d0aec3fa89fcc SHA1 (patch-ext_mssql_php__mssql.c) = 4ef1837850443e9db2e71620a3ddaed5ab5c435b diff --git a/lang/php55/patches/patch-ext_date_php_date.c b/lang/php55/patches/patch-ext_date_php_date.c deleted file mode 100644 index 50e73e356e3..00000000000 --- a/lang/php55/patches/patch-ext_date_php_date.c +++ /dev/null @@ -1,63 +0,0 @@ -$NetBSD: patch-ext_date_php_date.c,v 1.1.2.2 2015/02/18 18:54:20 tron Exp $ - -Fix bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone) - ---- ext/date/php_date.c.orig 2015-01-21 10:23:27.000000000 +0000 -+++ ext/date/php_date.c -@@ -2779,12 +2779,9 @@ static int php_date_initialize_from_hash - timelib_tzinfo *tzi; - php_timezone_obj *tzobj; - -- if (zend_hash_find(myht, "date", 5, (void**) &z_date) == SUCCESS) { -- convert_to_string(*z_date); -- if (zend_hash_find(myht, "timezone_type", 14, (void**) &z_timezone_type) == SUCCESS) { -- convert_to_long(*z_timezone_type); -- if (zend_hash_find(myht, "timezone", 9, (void**) &z_timezone) == SUCCESS) { -- convert_to_string(*z_timezone); -+ if (zend_hash_find(myht, "date", 5, (void**) &z_date) == SUCCESS && Z_TYPE_PP(z_date) == IS_STRING) { -+ if (zend_hash_find(myht, "timezone_type", 14, (void**) &z_timezone_type) == SUCCESS && Z_TYPE_PP(z_timezone_type) == IS_LONG) { -+ if (zend_hash_find(myht, "timezone", 9, (void**) &z_timezone) == SUCCESS && Z_TYPE_PP(z_timezone) == IS_STRING) { - - switch (Z_LVAL_PP(z_timezone_type)) { - case TIMELIB_ZONETYPE_OFFSET: -@@ -2799,7 +2796,6 @@ static int php_date_initialize_from_hash - - case TIMELIB_ZONETYPE_ID: { - int ret; -- convert_to_string(*z_timezone); - - tzi = php_date_parse_tzfile(Z_STRVAL_PP(z_timezone), DATE_TIMEZONEDB TSRMLS_CC); - -@@ -3716,9 +3712,8 @@ static int php_date_timezone_initialize_ - zval **z_timezone = NULL; - zval **z_timezone_type = NULL; - -- if (zend_hash_find(myht, "timezone_type", 14, (void**) &z_timezone_type) == SUCCESS) { -+ if (zend_hash_find(myht, "timezone_type", 14, (void**) &z_timezone_type) == SUCCESS && Z_TYPE_PP(z_timezone_type) == IS_LONG) { - if (zend_hash_find(myht, "timezone", 9, (void**) &z_timezone) == SUCCESS) { -- convert_to_long(*z_timezone_type); - if (SUCCESS == timezone_initialize(*tzobj, Z_STRVAL_PP(z_timezone) TSRMLS_CC)) { - return SUCCESS; - } -@@ -3743,7 +3738,9 @@ PHP_METHOD(DateTimeZone, __set_state) - - php_date_instantiate(date_ce_timezone, return_value TSRMLS_CC); - tzobj = (php_timezone_obj *) zend_object_store_get_object(return_value TSRMLS_CC); -- php_date_timezone_initialize_from_hash(&return_value, &tzobj, myht TSRMLS_CC); -+ if(php_date_timezone_initialize_from_hash(&return_value, &tzobj, myht TSRMLS_CC) != SUCCESS) { -+ php_error_docref(NULL, E_ERROR, "Timezone initialization failed"); -+ } - } - /* }}} */ - -@@ -3759,7 +3756,9 @@ PHP_METHOD(DateTimeZone, __wakeup) - - myht = Z_OBJPROP_P(object); - -- php_date_timezone_initialize_from_hash(&return_value, &tzobj, myht TSRMLS_CC); -+ if(php_date_timezone_initialize_from_hash(&return_value, &tzobj, myht TSRMLS_CC) != SUCCESS) { -+ php_error_docref(NULL, E_ERROR, "Timezone initialization failed"); -+ } - } - /* }}} */ - diff --git a/lang/php55/patches/patch-ext_date_tests_bug68942.phpt b/lang/php55/patches/patch-ext_date_tests_bug68942.phpt deleted file mode 100644 index 5273720775c..00000000000 --- a/lang/php55/patches/patch-ext_date_tests_bug68942.phpt +++ /dev/null @@ -1,16 +0,0 @@ -$NetBSD: patch-ext_date_tests_bug68942.phpt,v 1.1.2.2 2015/02/18 18:54:20 tron Exp $ - -Test bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone) - ---- ext/date/tests/bug68942.phpt.orig 2015-02-18 02:20:29.000000000 +0000 -+++ ext/date/tests/bug68942.phpt -@@ -0,0 +1,9 @@ -+--TEST-- -+Bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone). -+--FILE-- -+<?php -+$data = unserialize('a:2:{i:0;O:12:"DateTimeZone":2:{s:13:"timezone_type";a:2:{i:0;i:1;i:1;i:2;}s:8:"timezone";s:1:"A";}i:1;R:4;}'); -+var_dump($data); -+?> -+--EXPECTF-- -+Fatal error: DateTimeZone::__wakeup(): Timezone initialization failed in %s/bug68942.php on line %d diff --git a/lang/php55/patches/patch-ext_date_tests_bug68942_2.phpt b/lang/php55/patches/patch-ext_date_tests_bug68942_2.phpt deleted file mode 100644 index f872a48c6d1..00000000000 --- a/lang/php55/patches/patch-ext_date_tests_bug68942_2.phpt +++ /dev/null @@ -1,16 +0,0 @@ -$NetBSD: patch-ext_date_tests_bug68942_2.phpt,v 1.1.2.2 2015/02/18 18:54:20 tron Exp $ - -Test bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone) - ---- ext/date/tests/bug68942_2.phpt.orig 2015-02-18 02:20:29.000000000 +0000 -+++ ext/date/tests/bug68942_2.phpt -@@ -0,0 +1,9 @@ -+--TEST-- -+Bug #68942 (Use after free vulnerability in unserialize() with DateTime). -+--FILE-- -+<?php -+$data = unserialize('a:2:{i:0;O:8:"DateTime":3:{s:4:"date";s:26:"2000-01-01 00:00:00.000000";s:13:"timezone_type";a:2:{i:0;i:1;i:1;i:2;}s:8:"timezone";s:1:"A";}i:1;R:5;}'); -+var_dump($data); -+?> -+--EXPECTF-- -+Fatal error: Invalid serialization data for DateTime object in %s/bug68942_2.php on line %d |