diff options
| author | tron <tron> | 2010-07-24 22:23:37 +0000 |
|---|---|---|
| committer | tron <tron> | 2010-07-24 22:23:37 +0000 |
| commit | 813bcd77e8aea648b5c5e2a9e12f87a6f515399d (patch) | |
| tree | 6e1d4b09b6d13edf0578e4814a80ca8bb8f664c7 /lang/php53/patches | |
| parent | d87d078e01ecb1008dde7494ffae2ba22b0dd3c0 (diff) | |
| download | pkgsrc-813bcd77e8aea648b5c5e2a9e12f87a6f515399d.tar.gz | |
Update "php53" package to version 5.3.3. Changes since version 5.3.2:
- Rewrote var_export() to use smart_str rather than output buffering,
prevents data disclosure if a fatal error occurs (CVE-2010-2531).
(Scott)
- Fixed a NULL pointer dereference when processing invalid XML-RPC
requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert)
- Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
(Stas)
- A large number of not security related bug fixes
Diffstat (limited to 'lang/php53/patches')
| -rw-r--r-- | lang/php53/patches/patch-ab | 27 | ||||
| -rw-r--r-- | lang/php53/patches/patch-ak | 35 |
2 files changed, 18 insertions, 44 deletions
diff --git a/lang/php53/patches/patch-ab b/lang/php53/patches/patch-ab index 8a040ed4fea..ad8856baaaf 100644 --- a/lang/php53/patches/patch-ab +++ b/lang/php53/patches/patch-ab @@ -1,8 +1,8 @@ -$NetBSD: patch-ab,v 1.1.1.1 2010/03/16 15:31:58 taca Exp $ +$NetBSD: patch-ab,v 1.2 2010/07/24 22:23:37 tron Exp $ ---- configure.orig 2010-03-13 06:01:16.000000000 +0000 -+++ configure -@@ -12194,7 +12194,7 @@ EOF +--- configure.orig 2010-07-24 22:35:41.000000000 +0100 ++++ configure 2010-07-24 22:39:23.000000000 +0100 +@@ -13778,7 +13778,7 @@ PHP_VAR_SUBST="$PHP_VAR_SUBST SAPI_CGI_PATH" @@ -11,7 +11,7 @@ $NetBSD: patch-ab,v 1.1.1.1 2010/03/16 15:31:58 taca Exp $ PHP_SAPI=cgi -@@ -21515,7 +21515,7 @@ fi +@@ -23206,7 +23206,7 @@ if test "$found_openssl" = "no"; then if test "$PHP_OPENSSL_DIR" = "yes"; then @@ -20,7 +20,16 @@ $NetBSD: patch-ab,v 1.1.1.1 2010/03/16 15:31:58 taca Exp $ fi for i in $PHP_OPENSSL_DIR; do -@@ -34398,7 +34398,7 @@ fi +@@ -25179,7 +25179,7 @@ + PHP_SQLITE3_CFLAGS="-I@ext_srcdir@/libsqlite $other_flags $threadsafe_flags $debug_flags" + + +- for header_file in ext/sqlite3/libsqlite/sqlite3.h; do ++ for header_file; do + + + unique=`echo $header_file|$SED 's/[^a-zA-Z0-9]/_/g'` +@@ -36124,7 +36124,7 @@ if test "$found_openssl" = "no"; then if test "$PHP_OPENSSL_DIR" = "yes"; then @@ -29,7 +38,7 @@ $NetBSD: patch-ab,v 1.1.1.1 2010/03/16 15:31:58 taca Exp $ fi for i in $PHP_OPENSSL_DIR; do -@@ -48467,7 +48467,7 @@ fi +@@ -50201,7 +50201,7 @@ if test "$found_openssl" = "no"; then if test "$PHP_OPENSSL_DIR" = "yes"; then @@ -38,7 +47,7 @@ $NetBSD: patch-ab,v 1.1.1.1 2010/03/16 15:31:58 taca Exp $ fi for i in $PHP_OPENSSL_DIR; do -@@ -82684,7 +82684,7 @@ fi +@@ -84421,7 +84421,7 @@ if test "$found_openssl" = "no"; then if test "$PHP_OPENSSL_DIR" = "yes"; then @@ -47,7 +56,7 @@ $NetBSD: patch-ab,v 1.1.1.1 2010/03/16 15:31:58 taca Exp $ fi for i in $PHP_OPENSSL_DIR; do -@@ -104623,12 +104623,7 @@ old_CC=$CC +@@ -107682,12 +107682,7 @@ if test "$PHP_THREAD_SAFETY" = "yes" && test -n "$ac_cv_pthreads_cflags"; then CXXFLAGS="$CXXFLAGS $ac_cv_pthreads_cflags" INLINE_CFLAGS="$INLINE_CFLAGS $ac_cv_pthreads_cflags" diff --git a/lang/php53/patches/patch-ak b/lang/php53/patches/patch-ak deleted file mode 100644 index 9b347870c1a..00000000000 --- a/lang/php53/patches/patch-ak +++ /dev/null @@ -1,35 +0,0 @@ -$NetBSD: patch-ak,v 1.1 2010/03/27 06:23:13 taca Exp $ - -Fix for CVE-2010-0397: r296152, r296153 from svn from PHP. - ---- ext/xmlrpc/xmlrpc-epi-php.c.orig 2010-02-03 20:19:05.000000000 +0000 -+++ ext/xmlrpc/xmlrpc-epi-php.c -@@ -778,6 +778,7 @@ zval* decode_request_worker(char *xml_in - zval* retval = NULL; - XMLRPC_REQUEST response; - STRUCT_XMLRPC_REQUEST_INPUT_OPTIONS opts = {{0}}; -+ const char *method_name; - opts.xml_elem_opts.encoding = encoding_in ? utf8_get_encoding_id_from_string(encoding_in) : ENCODING_DEFAULT; - - /* generate XMLRPC_REQUEST from raw xml */ -@@ -788,10 +789,16 @@ zval* decode_request_worker(char *xml_in - - if (XMLRPC_RequestGetRequestType(response) == xmlrpc_request_call) { - if (method_name_out) { -- zval_dtor(method_name_out); -- Z_TYPE_P(method_name_out) = IS_STRING; -- Z_STRVAL_P(method_name_out) = estrdup(XMLRPC_RequestGetMethodName(response)); -- Z_STRLEN_P(method_name_out) = strlen(Z_STRVAL_P(method_name_out)); -+ method_name = XMLRPC_RequestGetMethodName(response); -+ if (method_name) { -+ zval_dtor(method_name_out); -+ Z_TYPE_P(method_name_out) = IS_STRING; -+ Z_STRVAL_P(method_name_out) = estrdup(method_name); -+ Z_STRLEN_P(method_name_out) = strlen(Z_STRVAL_P(method_name_out)); -+ } else if (retval) { -+ zval_ptr_dtor(&retval); -+ retval = NULL; -+ } - } - } - |