diff options
| author | tron <tron> | 2010-07-24 22:23:37 +0000 |
|---|---|---|
| committer | tron <tron> | 2010-07-24 22:23:37 +0000 |
| commit | 813bcd77e8aea648b5c5e2a9e12f87a6f515399d (patch) | |
| tree | 6e1d4b09b6d13edf0578e4814a80ca8bb8f664c7 /lang | |
| parent | d87d078e01ecb1008dde7494ffae2ba22b0dd3c0 (diff) | |
| download | pkgsrc-813bcd77e8aea648b5c5e2a9e12f87a6f515399d.tar.gz | |
Update "php53" package to version 5.3.3. Changes since version 5.3.2:
- Rewrote var_export() to use smart_str rather than output buffering,
prevents data disclosure if a fatal error occurs (CVE-2010-2531).
(Scott)
- Fixed a NULL pointer dereference when processing invalid XML-RPC
requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert)
- Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
(Stas)
- A large number of not security related bug fixes
Diffstat (limited to 'lang')
| -rw-r--r-- | lang/php53/Makefile | 3 | ||||
| -rw-r--r-- | lang/php53/Makefile.common | 8 | ||||
| -rw-r--r-- | lang/php53/Makefile.php | 8 | ||||
| -rw-r--r-- | lang/php53/distinfo | 17 | ||||
| -rw-r--r-- | lang/php53/patches/patch-ab | 27 | ||||
| -rw-r--r-- | lang/php53/patches/patch-ak | 35 |
6 files changed, 36 insertions, 62 deletions
diff --git a/lang/php53/Makefile b/lang/php53/Makefile index 340ea919633..58f1d039ef9 100644 --- a/lang/php53/Makefile +++ b/lang/php53/Makefile @@ -1,10 +1,9 @@ -# $NetBSD: Makefile,v 1.3 2010/04/16 15:19:23 taca Exp $ +# $NetBSD: Makefile,v 1.4 2010/07/24 22:23:37 tron Exp $ # # We can't omit PKGNAME here to handle PKG_OPTIONS. # PKGNAME= php-${PHP_BASE_VERS} -PKGREVISION= 2 CATEGORIES= lang HOMEPAGE= http://www.php.net/ COMMENT= PHP Hypertext Preprocessor version 5 diff --git a/lang/php53/Makefile.common b/lang/php53/Makefile.common index 90a8fb32238..20440975e68 100644 --- a/lang/php53/Makefile.common +++ b/lang/php53/Makefile.common @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.common,v 1.1.1.1 2010/03/16 15:31:58 taca Exp $ +# $NetBSD: Makefile.common,v 1.2 2010/07/24 22:23:37 tron Exp $ # used by lang/php53/Makefile.php # used by lang/php/ext.mk # used by meta-pkgs/php53-extensions/Makefile @@ -30,14 +30,16 @@ CATEGORIES+= www .if !defined(PECL_VERSION) MASTER_SITES?= http://www.php.net/distributions/ \ - http://php3.de/distributions/ + http://uk.php.net/distributions/ \ + http://de.php.net/distributions/ \ + http://us.php.net/distributions/ EXTRACT_SUFX?= .tar.bz2 .endif MAINTAINER?= pkgsrc-users@NetBSD.org HOMEPAGE?= http://www.php.net/ -PHP_BASE_VERS= 5.3.2 +PHP_BASE_VERS= 5.3.3 PHP_EXTENSION_DIR= lib/php/20090630 PLIST_SUBST+= PHP_EXTENSION_DIR=${PHP_EXTENSION_DIR:Q} diff --git a/lang/php53/Makefile.php b/lang/php53/Makefile.php index 7a7f31ef41e..975d438b409 100644 --- a/lang/php53/Makefile.php +++ b/lang/php53/Makefile.php @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.php,v 1.2 2010/03/21 17:10:01 jdolecek Exp $ +# $NetBSD: Makefile.php,v 1.3 2010/07/24 22:23:37 tron Exp $ # used by lang/php53/Makefile # used by www/ap-php/Makefile @@ -47,7 +47,7 @@ CONFIGURE_ARGS+= --with-libxml-dir=${PREFIX:Q} # not defined yet, so we cannot use it here. PKG_OPTIONS_VAR= PKG_OPTIONS.${PKGNAME:C/-[0-9].*//} PKG_SUPPORTED_OPTIONS+= inet6 ssl maintainer-zts suhosin -PKG_SUGGESTED_OPTIONS+= ssl +PKG_SUGGESTED_OPTIONS+= inet6 ssl #SUBST_CLASSES+= ini #SUBST_STAGE.ini= post-patch @@ -59,7 +59,7 @@ PKG_SUGGESTED_OPTIONS+= ssl .include "../../mk/bsd.options.mk" .if !empty(PKG_OPTIONS:Msuhosin) -SUHOSIN_PHPVER= 5.3.2 +SUHOSIN_PHPVER= 5.3.3 . if ${SUHOSIN_PHPVER} != ${PHP_BASE_VERS} PKG_FAIL_REASON+= "The suhosin patch is currently not available for" PKG_FAIL_REASON+= "this version of PHP. You may have to wait until" @@ -67,7 +67,7 @@ PKG_FAIL_REASON+= "an updated patch is released or temporarily" PKG_FAIL_REASON+= "build this package without the suhosin option." . else PATCH_SITES= http://download.suhosin.org/ -PATCHFILES+= suhosin-patch-${SUHOSIN_PHPVER}-0.9.9.1.patch.gz +PATCHFILES+= suhosin-patch-${SUHOSIN_PHPVER}-0.9.10.patch.gz PATCH_DIST_STRIP= -p1 PLIST.suhosin= yes MESSAGE_SRC= ${.CURDIR}/../../lang/php53/MESSAGE diff --git a/lang/php53/distinfo b/lang/php53/distinfo index 8a65ef0e52a..4995e348c53 100644 --- a/lang/php53/distinfo +++ b/lang/php53/distinfo @@ -1,13 +1,13 @@ -$NetBSD: distinfo,v 1.5 2010/06/13 22:44:51 wiz Exp $ +$NetBSD: distinfo,v 1.6 2010/07/24 22:23:37 tron Exp $ -SHA1 (php-5.3.2/php-5.3.2.tar.bz2) = 79ea4ee3da3a7542d1e348ac963a5b38bcbb4b6b -RMD160 (php-5.3.2/php-5.3.2.tar.bz2) = 60a8aac0d51511ecaf8dcad9d31bdf072c0c99cf -Size (php-5.3.2/php-5.3.2.tar.bz2) = 10477662 bytes -SHA1 (php-5.3.2/suhosin-patch-5.3.2-0.9.9.1.patch.gz) = c48d3f24341d3b0214ca3e980320b23864aa93ba -RMD160 (php-5.3.2/suhosin-patch-5.3.2-0.9.9.1.patch.gz) = 64d8b7ec2ec91fd7a43b0cd95c0aa0df5b666768 -Size (php-5.3.2/suhosin-patch-5.3.2-0.9.9.1.patch.gz) = 40847 bytes +SHA1 (php-5.3.3/php-5.3.3.tar.bz2) = 9f66716b341119e4e4f8fe3d81b7d0a5daf3cbc8 +RMD160 (php-5.3.3/php-5.3.3.tar.bz2) = 9edb51663feac9b787f8382012893f1ac98fec6a +Size (php-5.3.3/php-5.3.3.tar.bz2) = 10662227 bytes +SHA1 (php-5.3.3/suhosin-patch-5.3.3-0.9.10.patch.gz) = 76675242cfdeff763767900213346af622002490 +RMD160 (php-5.3.3/suhosin-patch-5.3.3-0.9.10.patch.gz) = 8dcd8b51ea0357b6cc51e70e495e18f341c62f7c +Size (php-5.3.3/suhosin-patch-5.3.3-0.9.10.patch.gz) = 41298 bytes SHA1 (patch-aa) = f51491af7c577f36979fc07d52b5857368392e09 -SHA1 (patch-ab) = 07c1a5463a302ea155aba10da0d6b0ee0aee43a8 +SHA1 (patch-ab) = 8ac388f50afc03f3f4eacbfed42ae295a2e8d700 SHA1 (patch-ac) = a896371d3343c07a5cf46c79d9ca9e1b2164797a SHA1 (patch-ad) = 1608c58860a43b4e31df8646b5ded253ec9aa881 SHA1 (patch-ae) = e590db60a60f4e5ef2da4e5edb786335a67a3d56 @@ -16,5 +16,4 @@ SHA1 (patch-ag) = c49cdff097d1e54ebe93b5afb550e89b0cc2468e SHA1 (patch-ah) = b20c29c64b3099f77855a5ec28960dc1c4f65c83 SHA1 (patch-ai) = d4766893a2c47a4e4a744248dda265b0a9a66a1f SHA1 (patch-aj) = d611d13fcc28c5d2b9e9586832ce4b8ae5707b48 -SHA1 (patch-ak) = f80a23158ea9105be47fc90465a1fee46673cc74 SHA1 (patch-al) = fbbee5502e0cd1c47c6e7c15e0d54746414ec32e diff --git a/lang/php53/patches/patch-ab b/lang/php53/patches/patch-ab index 8a040ed4fea..ad8856baaaf 100644 --- a/lang/php53/patches/patch-ab +++ b/lang/php53/patches/patch-ab @@ -1,8 +1,8 @@ -$NetBSD: patch-ab,v 1.1.1.1 2010/03/16 15:31:58 taca Exp $ +$NetBSD: patch-ab,v 1.2 2010/07/24 22:23:37 tron Exp $ ---- configure.orig 2010-03-13 06:01:16.000000000 +0000 -+++ configure -@@ -12194,7 +12194,7 @@ EOF +--- configure.orig 2010-07-24 22:35:41.000000000 +0100 ++++ configure 2010-07-24 22:39:23.000000000 +0100 +@@ -13778,7 +13778,7 @@ PHP_VAR_SUBST="$PHP_VAR_SUBST SAPI_CGI_PATH" @@ -11,7 +11,7 @@ $NetBSD: patch-ab,v 1.1.1.1 2010/03/16 15:31:58 taca Exp $ PHP_SAPI=cgi -@@ -21515,7 +21515,7 @@ fi +@@ -23206,7 +23206,7 @@ if test "$found_openssl" = "no"; then if test "$PHP_OPENSSL_DIR" = "yes"; then @@ -20,7 +20,16 @@ $NetBSD: patch-ab,v 1.1.1.1 2010/03/16 15:31:58 taca Exp $ fi for i in $PHP_OPENSSL_DIR; do -@@ -34398,7 +34398,7 @@ fi +@@ -25179,7 +25179,7 @@ + PHP_SQLITE3_CFLAGS="-I@ext_srcdir@/libsqlite $other_flags $threadsafe_flags $debug_flags" + + +- for header_file in ext/sqlite3/libsqlite/sqlite3.h; do ++ for header_file; do + + + unique=`echo $header_file|$SED 's/[^a-zA-Z0-9]/_/g'` +@@ -36124,7 +36124,7 @@ if test "$found_openssl" = "no"; then if test "$PHP_OPENSSL_DIR" = "yes"; then @@ -29,7 +38,7 @@ $NetBSD: patch-ab,v 1.1.1.1 2010/03/16 15:31:58 taca Exp $ fi for i in $PHP_OPENSSL_DIR; do -@@ -48467,7 +48467,7 @@ fi +@@ -50201,7 +50201,7 @@ if test "$found_openssl" = "no"; then if test "$PHP_OPENSSL_DIR" = "yes"; then @@ -38,7 +47,7 @@ $NetBSD: patch-ab,v 1.1.1.1 2010/03/16 15:31:58 taca Exp $ fi for i in $PHP_OPENSSL_DIR; do -@@ -82684,7 +82684,7 @@ fi +@@ -84421,7 +84421,7 @@ if test "$found_openssl" = "no"; then if test "$PHP_OPENSSL_DIR" = "yes"; then @@ -47,7 +56,7 @@ $NetBSD: patch-ab,v 1.1.1.1 2010/03/16 15:31:58 taca Exp $ fi for i in $PHP_OPENSSL_DIR; do -@@ -104623,12 +104623,7 @@ old_CC=$CC +@@ -107682,12 +107682,7 @@ if test "$PHP_THREAD_SAFETY" = "yes" && test -n "$ac_cv_pthreads_cflags"; then CXXFLAGS="$CXXFLAGS $ac_cv_pthreads_cflags" INLINE_CFLAGS="$INLINE_CFLAGS $ac_cv_pthreads_cflags" diff --git a/lang/php53/patches/patch-ak b/lang/php53/patches/patch-ak deleted file mode 100644 index 9b347870c1a..00000000000 --- a/lang/php53/patches/patch-ak +++ /dev/null @@ -1,35 +0,0 @@ -$NetBSD: patch-ak,v 1.1 2010/03/27 06:23:13 taca Exp $ - -Fix for CVE-2010-0397: r296152, r296153 from svn from PHP. - ---- ext/xmlrpc/xmlrpc-epi-php.c.orig 2010-02-03 20:19:05.000000000 +0000 -+++ ext/xmlrpc/xmlrpc-epi-php.c -@@ -778,6 +778,7 @@ zval* decode_request_worker(char *xml_in - zval* retval = NULL; - XMLRPC_REQUEST response; - STRUCT_XMLRPC_REQUEST_INPUT_OPTIONS opts = {{0}}; -+ const char *method_name; - opts.xml_elem_opts.encoding = encoding_in ? utf8_get_encoding_id_from_string(encoding_in) : ENCODING_DEFAULT; - - /* generate XMLRPC_REQUEST from raw xml */ -@@ -788,10 +789,16 @@ zval* decode_request_worker(char *xml_in - - if (XMLRPC_RequestGetRequestType(response) == xmlrpc_request_call) { - if (method_name_out) { -- zval_dtor(method_name_out); -- Z_TYPE_P(method_name_out) = IS_STRING; -- Z_STRVAL_P(method_name_out) = estrdup(XMLRPC_RequestGetMethodName(response)); -- Z_STRLEN_P(method_name_out) = strlen(Z_STRVAL_P(method_name_out)); -+ method_name = XMLRPC_RequestGetMethodName(response); -+ if (method_name) { -+ zval_dtor(method_name_out); -+ Z_TYPE_P(method_name_out) = IS_STRING; -+ Z_STRVAL_P(method_name_out) = estrdup(method_name); -+ Z_STRLEN_P(method_name_out) = strlen(Z_STRVAL_P(method_name_out)); -+ } else if (retval) { -+ zval_ptr_dtor(&retval); -+ retval = NULL; -+ } - } - } - |