diff options
| author | taca <taca> | 2012-02-03 03:10:33 +0000 |
|---|---|---|
| committer | taca <taca> | 2012-02-03 03:10:33 +0000 |
| commit | 3e1c3d88690b002cb8bb9d9e522bd92e59a37b6b (patch) | |
| tree | 31c737f32656631cdafefea0094ea28f769957ef /lang | |
| parent | d5e9d31a43121004310a5d421863d7cf274487fa (diff) | |
| download | pkgsrc-3e1c3d88690b002cb8bb9d9e522bd92e59a37b6b.tar.gz | |
Update php53 package to 5.3.10. Below security fix is already included
in php-5.3.9nb2 package.
02 Feb 2012, PHP 5.3.10
- Core:
. Fixed arbitrary remote code execution vulnerability reported by Stefan
Esser, CVE-2012-0830. (Stas, Dmitry)
Diffstat (limited to 'lang')
| -rw-r--r-- | lang/php53/Makefile | 3 | ||||
| -rw-r--r-- | lang/php53/Makefile.common | 4 | ||||
| -rw-r--r-- | lang/php53/Makefile.php | 4 | ||||
| -rw-r--r-- | lang/php53/distinfo | 15 | ||||
| -rw-r--r-- | lang/php53/patches/patch-main_php__variables.c | 50 |
5 files changed, 12 insertions, 64 deletions
diff --git a/lang/php53/Makefile b/lang/php53/Makefile index c98845b546f..7276fd97bd9 100644 --- a/lang/php53/Makefile +++ b/lang/php53/Makefile @@ -1,10 +1,9 @@ -# $NetBSD: Makefile,v 1.22 2012/02/02 16:00:40 taca Exp $ +# $NetBSD: Makefile,v 1.23 2012/02/03 03:10:33 taca Exp $ # # We can't omit PKGNAME here to handle PKG_OPTIONS. # PKGNAME= php-${PHP_BASE_VERS} -PKGREVISION= 2 CATEGORIES= lang HOMEPAGE= http://www.php.net/ diff --git a/lang/php53/Makefile.common b/lang/php53/Makefile.common index c301b3438d9..15f4d833797 100644 --- a/lang/php53/Makefile.common +++ b/lang/php53/Makefile.common @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.common,v 1.9 2012/01/11 14:53:35 taca Exp $ +# $NetBSD: Makefile.common,v 1.10 2012/02/03 03:10:34 taca Exp $ # used by lang/php53/Makefile.php # used by lang/php/ext.mk # used by meta-pkgs/php53-extensions/Makefile @@ -39,7 +39,7 @@ EXTRACT_SUFX?= .tar.bz2 MAINTAINER?= pkgsrc-users@NetBSD.org HOMEPAGE?= http://www.php.net/ -PHP_BASE_VERS= 5.3.9 +PHP_BASE_VERS= 5.3.10 PHP_EXTENSION_DIR= lib/php/20090630 PLIST_SUBST+= PHP_EXTENSION_DIR=${PHP_EXTENSION_DIR} diff --git a/lang/php53/Makefile.php b/lang/php53/Makefile.php index 7657cd9947e..90bf8e80a57 100644 --- a/lang/php53/Makefile.php +++ b/lang/php53/Makefile.php @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.php,v 1.12 2012/01/20 03:22:08 taca Exp $ +# $NetBSD: Makefile.php,v 1.13 2012/02/03 03:10:34 taca Exp $ # used by lang/php53/Makefile # used by www/ap-php/Makefile @@ -61,7 +61,7 @@ PKG_SUGGESTED_OPTIONS+= inet6 ssl .if !empty(PKG_OPTIONS:Msuhosin) SUHOSIN_PHPVER= 5.3.9 -. if ${SUHOSIN_PHPVER} != ${PHP_BASE_VERS} +. if ${SUHOSIN_PHPVER} != ${PHP_BASE_VERS} && ${PHP_BASE_VERS} != 5.3.10 PKG_FAIL_REASON+= "The suhosin patch is currently not available for" PKG_FAIL_REASON+= "this version of PHP. You may have to wait until" PKG_FAIL_REASON+= "an updated patch is released or temporarily" diff --git a/lang/php53/distinfo b/lang/php53/distinfo index c196d28dbeb..efb78ec6a97 100644 --- a/lang/php53/distinfo +++ b/lang/php53/distinfo @@ -1,11 +1,11 @@ -$NetBSD: distinfo,v 1.34 2012/02/02 16:19:44 taca Exp $ +$NetBSD: distinfo,v 1.35 2012/02/03 03:10:34 taca Exp $ -SHA1 (php-5.3.9/php-5.3.9.tar.bz2) = fe0626735c3d9dd370cef9bdcfe9506629449f51 -RMD160 (php-5.3.9/php-5.3.9.tar.bz2) = 428ed51982637f092c43369cf5cfb284d58da3f6 -Size (php-5.3.9/php-5.3.9.tar.bz2) = 11704944 bytes -SHA1 (php-5.3.9/suhosin-patch-5.3.9-0.9.10.patch.gz) = 7b9ef5c3e0831154df0d6290aba0989ca90138ed -RMD160 (php-5.3.9/suhosin-patch-5.3.9-0.9.10.patch.gz) = ce43921fd9b183b154713ecda98294f6c68d5f22 -Size (php-5.3.9/suhosin-patch-5.3.9-0.9.10.patch.gz) = 40967 bytes +SHA1 (php-5.3.10/php-5.3.10.tar.bz2) = 689d8463b5d9e24b9bf297e35826f2ebdb69afda +RMD160 (php-5.3.10/php-5.3.10.tar.bz2) = acab30a19b340f21a64e06b524906f2b064dd1c9 +Size (php-5.3.10/php-5.3.10.tar.bz2) = 11707402 bytes +SHA1 (php-5.3.10/suhosin-patch-5.3.9-0.9.10.patch.gz) = 7b9ef5c3e0831154df0d6290aba0989ca90138ed +RMD160 (php-5.3.10/suhosin-patch-5.3.9-0.9.10.patch.gz) = ce43921fd9b183b154713ecda98294f6c68d5f22 +Size (php-5.3.10/suhosin-patch-5.3.9-0.9.10.patch.gz) = 40967 bytes SHA1 (patch-aa) = b0dc6cd0b2103d5858280202506b33322a98496e SHA1 (patch-ab) = d08bb50cf074a6065ef0d1d67a713b7573cb2f5b SHA1 (patch-ac) = 1720f154232241c19d0c6e08a824e33252f1b690 @@ -17,6 +17,5 @@ SHA1 (patch-ah) = b20c29c64b3099f77855a5ec28960dc1c4f65c83 SHA1 (patch-ai) = d4766893a2c47a4e4a744248dda265b0a9a66a1f SHA1 (patch-aj) = d611d13fcc28c5d2b9e9586832ce4b8ae5707b48 SHA1 (patch-al) = fbbee5502e0cd1c47c6e7c15e0d54746414ec32e -SHA1 (patch-main_php__variables.c) = 94a3fe7d0c52bf98bf91666448bd5a629f25802d SHA1 (patch-main_streams_cast.c) = c169ccb73dc660e40eff9f9e168374f35eedadad SHA1 (patch-php__mssql.c) = b46c688ff2d8da33ca2f9beb0eb9182b6edf7e23 diff --git a/lang/php53/patches/patch-main_php__variables.c b/lang/php53/patches/patch-main_php__variables.c deleted file mode 100644 index 3640a7cfc5f..00000000000 --- a/lang/php53/patches/patch-main_php__variables.c +++ /dev/null @@ -1,50 +0,0 @@ -$NetBSD: patch-main_php__variables.c,v 1.4 2012/02/02 16:19:44 taca Exp $ - -* Fix for "Critical PHP Remote Vulnerability Introduced in Fix for PHP Hashtable - Collision DOS" by revision 323007 from PHP's repository. - -http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/ - -* And more fix for memory leaks by revision 323013 from PHP's repository. - ---- main/php_variables.c.orig 2012-01-01 13:15:04.000000000 +0000 -+++ main/php_variables.c -@@ -182,7 +182,12 @@ PHPAPI void php_register_variable_ex(cha - if (!index) { - MAKE_STD_ZVAL(gpc_element); - array_init(gpc_element); -- zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); -+ if (zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p) == FAILURE) { -+ zval_ptr_dtor(&gpc_element); -+ zval_dtor(val); -+ efree(var_orig); -+ return; -+ } - } else { - if (PG(magic_quotes_gpc)) { - escaped_index = php_addslashes(index, index_len, &index_len, 0 TSRMLS_CC); -@@ -198,6 +203,13 @@ PHPAPI void php_register_variable_ex(cha - MAKE_STD_ZVAL(gpc_element); - array_init(gpc_element); - zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); -+ } else { -+ if (index != escaped_index) { -+ efree(escaped_index); -+ } -+ zval_dtor(val); -+ efree(var_orig); -+ return; - } - } - if (index != escaped_index) { -@@ -223,7 +235,9 @@ plain_var: - gpc_element->value = val->value; - Z_TYPE_P(gpc_element) = Z_TYPE_P(val); - if (!index) { -- zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); -+ if (zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p) == FAILURE) { -+ zval_ptr_dtor(&gpc_element); -+ } - } else { - if (PG(magic_quotes_gpc)) { - escaped_index = php_addslashes(index, index_len, &index_len, 0 TSRMLS_CC); |