diff options
| author | taca <taca@pkgsrc.org> | 2014-08-23 16:07:24 +0000 |
|---|---|---|
| committer | taca <taca@pkgsrc.org> | 2014-08-23 16:07:24 +0000 |
| commit | 2294a182ba1d0b023807403ef7e23509e39a904b (patch) | |
| tree | a3403eaec8262d9e2429f6cc70bc6d322dade54d /lang | |
| parent | 819330c30c7e6301b8df38eb94611b1c1bcbf0f7 (diff) | |
| download | pkgsrc-2294a182ba1d0b023807403ef7e23509e39a904b.tar.gz | |
Update php54 to 5.4.32 (PHP 5.4.32).
07 Aug 2014, PHP 5.4.32
- Core:
. Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597) (Remi)
- COM:
. Fixed missing type checks in com_event_sink. (Yussuf Khalil, Stas)
- Fileinfo:
. Fixed bug #67705 (extensive backtracking in rule regular expression).
(CVE-2014-3538) (Remi)
. Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587) (Remi)
- GD:
. Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference).
(CVE-2014-2497) (Remi)
. Fixed bug #67730 (Null byte injection possible with imagexxx functions).
(CVE-2014-5120) (Ryan Mauger)
- Milter:
. Fixed bug #67715 (php-milter does not build and crashes randomly). (Mike)
- OpenSSL:
. Fixed missing type checks in OpenSSL options (Yussuf Khalil, Stas).
- Readline:
. Fixed bug #55496 (Interactive mode doesn't force a newline before the
prompt). (Bob, Johannes)
. Fixed bug #67496 (Save command history when exiting interactive shell
with control-c). (Dmitry Saprykin, Johannes)
- Sessions:
. Fixed missing type checks in php_session_create_id (Yussuf Khalil, Stas).
- SPL:
. Fixed bug #67539 (ArrayIterator use-after-free due to object change during
sorting). (research at insighti dot org, Laruence)
. Fixed bug #67538 (SPL Iterators use-after-free). (CVE-2014-4670) (Laruence)
- Core:
. Fixed bug #67693 (incorrect push to the empty array) (Tjerk)
- ODBC:
. Fixed bug #60616 (odbc_fetch_into returns junk data at end of multi-byte
char fields). (Keyur)
- Zlib:
. Fixed bug #67724 (chained zlib filters silently fail with large amounts of
data). (Mike)
Diffstat (limited to 'lang')
| -rw-r--r-- | lang/php/phpversion.mk | 4 | ||||
| -rw-r--r-- | lang/php54/distinfo | 11 | ||||
| -rw-r--r-- | lang/php54/patches/patch-ext_gd_libgd_gdxpm.c | 31 | ||||
| -rw-r--r-- | lang/php54/patches/patch-ext_spl_spl__array.c | 27 | ||||
| -rw-r--r-- | lang/php54/patches/patch-ext_spl_spl__dllist.c | 18 |
5 files changed, 6 insertions, 85 deletions
diff --git a/lang/php/phpversion.mk b/lang/php/phpversion.mk index af17420d3da..d682bb64915 100644 --- a/lang/php/phpversion.mk +++ b/lang/php/phpversion.mk @@ -1,4 +1,4 @@ -# $NetBSD: phpversion.mk,v 1.69 2014/08/15 16:09:16 taca Exp $ +# $NetBSD: phpversion.mk,v 1.70 2014/08/23 16:07:24 taca Exp $ # # This file selects a PHP version, based on the user's preferences and # the installed packages. It does not add a dependency on the PHP @@ -82,7 +82,7 @@ PHPVERSION_MK= defined # Define each PHP's version. PHP53_VERSION= 5.3.29 -PHP54_VERSION= 5.4.31 +PHP54_VERSION= 5.4.32 PHP55_VERSION= 5.5.15 # Define initial release of major version. diff --git a/lang/php54/distinfo b/lang/php54/distinfo index 99be7cbd7e4..f040e09bab3 100644 --- a/lang/php54/distinfo +++ b/lang/php54/distinfo @@ -1,22 +1,19 @@ -$NetBSD: distinfo,v 1.45 2014/07/26 00:12:54 taca Exp $ +$NetBSD: distinfo,v 1.46 2014/08/23 16:07:24 taca Exp $ -SHA1 (php-5.4.31.tar.bz2) = 46cb2a7827fa3af4980462f62190b96cc283ec99 -RMD160 (php-5.4.31.tar.bz2) = 92bf8dca7dc5211070e83d20c181e442107b9a2a -Size (php-5.4.31.tar.bz2) = 12273437 bytes +SHA1 (php-5.4.32.tar.bz2) = cc43f47f522d59c200ce542485d2a1652802f459 +RMD160 (php-5.4.32.tar.bz2) = d7b3d882101f440404b59978abd2e9893692bc14 +Size (php-5.4.32.tar.bz2) = 12277458 bytes SHA1 (patch-acinclude.m4) = 71635e5381abf99a9fc9f2537b1c2f18e8096f00 SHA1 (patch-aclocal.m4) = 699086785fcd3d3834cc6016479dbdae6518e522 SHA1 (patch-build_libtool.m4) = d81527abea3bd97e220f00a5d5296d8b1bfe2659 SHA1 (patch-configure) = df6209127b1e23d17bc7128da3a44f3e44bbfd48 SHA1 (patch-ext_gd_config.m4) = 2353efe6f25e1081b41d61033c3185cc643c7891 -SHA1 (patch-ext_gd_libgd_gdxpm.c) = 9a175417fad9ac23037a24122f8d1258b9eebbcb SHA1 (patch-ext_imap_config.m4) = 01681e8b54ee586ec4db72a5da2d0aec3fa89fcc SHA1 (patch-ext_mssql_php__mssql.c) = 732e48b05086180585a3087c2e9737db557dbc3b SHA1 (patch-ext_pdo__mysql_config.m4) = 3526e737da25129710218e7141d5a05ae0a51390 SHA1 (patch-ext_pdo_config.m4) = 26a4ad02e5c6b7a54c3c54a6d026a3ccfed62c59 SHA1 (patch-ext_phar_Makefile.frag) = 1af23d9135557bc7ba2f3627b317d4cbef37aaba SHA1 (patch-ext_phar_phar_phar.php) = 011f2d68048dbc63f5efcab4e23062daa9e8e08c -SHA1 (patch-ext_spl_spl__array.c) = 9d14bcc39cfcc2eca70eff4a558709bcb5a867ea -SHA1 (patch-ext_spl_spl__dllist.c) = 5c22fd58c04d9580a97e924554611aa9fb795f24 SHA1 (patch-ext_standard_basic__functions.c) = 563fe67eb78b786cd46195026381ef22128e0841 SHA1 (patch-php.ini-development) = 056a74646cbeb0b2bcfc18463348343d817b54bc SHA1 (patch-php.ini-production) = ac61016e18077a0870b8c8c42e89e3848c26d1f2 diff --git a/lang/php54/patches/patch-ext_gd_libgd_gdxpm.c b/lang/php54/patches/patch-ext_gd_libgd_gdxpm.c deleted file mode 100644 index 69500e3e012..00000000000 --- a/lang/php54/patches/patch-ext_gd_libgd_gdxpm.c +++ /dev/null @@ -1,31 +0,0 @@ -$NetBSD: patch-ext_gd_libgd_gdxpm.c,v 1.1 2014/05/11 11:20:47 he Exp $ - -Patch to fix CVE-2014-2497, taken from -https://bugs.php.net/patch-display.php?bug_id=66901 - ---- ext/gd/libgd/gdxpm.c.orig 2014-04-29 08:04:30.000000000 +0000 -+++ ext/gd/libgd/gdxpm.c -@@ -39,6 +39,13 @@ gdImagePtr gdImageCreateFromXpm (char *f - number = image.ncolors; - colors = (int *) safe_emalloc(number, sizeof(int), 0); - for (i = 0; i < number; i++) { -+ if (!image.colorTable[i].c_color) -+ { -+ /* unsupported color key or color key not defined */ -+ gdImageDestroy(im); -+ im = 0; -+ goto done; -+ } - switch (strlen (image.colorTable[i].c_color)) { - case 4: - buf[1] = '\0'; -@@ -125,8 +132,8 @@ gdImagePtr gdImageCreateFromXpm (char *f - } - } - -- gdFree(colors); - done: -+ gdFree(colors); - XpmFreeXpmImage(&image); - XpmFreeXpmInfo(&info); - return im; diff --git a/lang/php54/patches/patch-ext_spl_spl__array.c b/lang/php54/patches/patch-ext_spl_spl__array.c deleted file mode 100644 index 367426e5b46..00000000000 --- a/lang/php54/patches/patch-ext_spl_spl__array.c +++ /dev/null @@ -1,27 +0,0 @@ -$NetBSD: patch-ext_spl_spl__array.c,v 1.1 2014/07/13 15:25:03 taca Exp $ - -Fix for CVE-2014-4698. - ---- ext/spl/spl_array.c.orig 2014-06-25 22:53:57.000000000 +0000 -+++ ext/spl/spl_array.c -@@ -1745,6 +1745,7 @@ SPL_METHOD(Array, unserialize) - const unsigned char *p, *s; - php_unserialize_data_t var_hash; - zval *pmembers, *pflags = NULL; -+ HashTable *aht; - long flags; - - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &buf, &buf_len) == FAILURE) { -@@ -1756,6 +1757,12 @@ SPL_METHOD(Array, unserialize) - return; - } - -+ aht = spl_array_get_hash_table(intern, 0 TSRMLS_CC); -+ if (aht->nApplyCount > 0) { -+ zend_error(E_WARNING, "Modification of ArrayObject during sorting is prohibited"); -+ return; -+ } -+ - /* storage */ - s = p = (const unsigned char*)buf; - PHP_VAR_UNSERIALIZE_INIT(var_hash); diff --git a/lang/php54/patches/patch-ext_spl_spl__dllist.c b/lang/php54/patches/patch-ext_spl_spl__dllist.c deleted file mode 100644 index 331c1954d5b..00000000000 --- a/lang/php54/patches/patch-ext_spl_spl__dllist.c +++ /dev/null @@ -1,18 +0,0 @@ -$NetBSD: patch-ext_spl_spl__dllist.c,v 1.1 2014/07/13 15:25:03 taca Exp $ - -Fix for CVE-2014-4670. - ---- ext/spl/spl_dllist.c.orig 2014-06-25 22:53:57.000000000 +0000 -+++ ext/spl/spl_dllist.c -@@ -916,6 +916,11 @@ SPL_METHOD(SplDoublyLinkedList, offsetUn - llist->dtor(element TSRMLS_CC); - } - -+ if (intern->traverse_pointer == element) { -+ SPL_LLIST_DELREF(element); -+ intern->traverse_pointer = NULL; -+ } -+ - zval_ptr_dtor((zval **)&element->data); - element->data = NULL; - |