diff options
Diffstat (limited to 'lang')
-rw-r--r-- | lang/php/phpversion.mk | 4 | ||||
-rw-r--r-- | lang/php56/Makefile | 3 | ||||
-rw-r--r-- | lang/php56/PLIST | 3 | ||||
-rw-r--r-- | lang/php56/distinfo | 11 | ||||
-rw-r--r-- | lang/php56/patches/patch-ext_date_php_date.c | 63 | ||||
-rw-r--r-- | lang/php56/patches/patch-ext_date_tests_bug68942.phpt | 16 | ||||
-rw-r--r-- | lang/php56/patches/patch-ext_date_tests_bug68942_2.phpt | 16 |
7 files changed, 9 insertions, 107 deletions
diff --git a/lang/php/phpversion.mk b/lang/php/phpversion.mk index 14e0dc2dbbb..1b27e35ed87 100644 --- a/lang/php/phpversion.mk +++ b/lang/php/phpversion.mk @@ -1,4 +1,4 @@ -# $NetBSD: phpversion.mk,v 1.81.2.5 2015/03/03 20:58:45 tron Exp $ +# $NetBSD: phpversion.mk,v 1.81.2.6 2015/03/04 18:52:36 tron Exp $ # # This file selects a PHP version, based on the user's preferences and # the installed packages. It does not add a dependency on the PHP @@ -84,7 +84,7 @@ PHPVERSION_MK= defined PHP53_VERSION= 5.3.29 PHP54_VERSION= 5.4.38 PHP55_VERSION= 5.5.22 -PHP56_VERSION= 5.6.5 +PHP56_VERSION= 5.6.6 # Define initial release of major version. PHP53_RELDATE= 20090630 diff --git a/lang/php56/Makefile b/lang/php56/Makefile index 55a651ccebf..c759e566a42 100644 --- a/lang/php56/Makefile +++ b/lang/php56/Makefile @@ -1,10 +1,9 @@ -# $NetBSD: Makefile,v 1.1.2.1 2015/02/19 19:18:59 tron Exp $ +# $NetBSD: Makefile,v 1.1.2.2 2015/03/04 18:52:36 tron Exp $ # # We can't omit PKGNAME here to handle PKG_OPTIONS. # PKGNAME= php-${PHP_BASE_VERS} -PKGREVISION= 1 CATEGORIES= lang HOMEPAGE= http://www.php.net/ diff --git a/lang/php56/PLIST b/lang/php56/PLIST index 74897edc836..f9697406a8b 100644 --- a/lang/php56/PLIST +++ b/lang/php56/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.1 2014/11/24 15:37:08 taca Exp $ +@comment $NetBSD: PLIST,v 1.1.2.1 2015/03/04 18:52:36 tron Exp $ bin/phar bin/phar.phar bin/php @@ -96,6 +96,7 @@ include/php/ext/hash/php_hash_tiger.h include/php/ext/hash/php_hash_whirlpool.h include/php/ext/libxml/php_libxml.h include/php/ext/mysqlnd/config-win.h +include/php/ext/mysqlnd/mysql_float_to_double.h include/php/ext/mysqlnd/mysqlnd.h include/php/ext/mysqlnd/mysqlnd_alloc.h include/php/ext/mysqlnd/mysqlnd_block_alloc.h diff --git a/lang/php56/distinfo b/lang/php56/distinfo index 57433a8045d..2808ddf3cef 100644 --- a/lang/php56/distinfo +++ b/lang/php56/distinfo @@ -1,15 +1,12 @@ -$NetBSD: distinfo,v 1.3.2.2 2015/02/19 19:18:59 tron Exp $ +$NetBSD: distinfo,v 1.3.2.3 2015/03/04 18:52:36 tron Exp $ -SHA1 (php-5.6.5.tar.bz2) = a523a13110a66f020c36f088089d2c5c7de9f6a9 -RMD160 (php-5.6.5.tar.bz2) = 9c9219b69187c2b14c9bb3b74ef30a65dbf458ed -Size (php-5.6.5.tar.bz2) = 13556146 bytes +SHA1 (php-5.6.6.tar.bz2) = 6795db456f66193634ff38cf8039636b168eda3c +RMD160 (php-5.6.6.tar.bz2) = 8d9a30c550397b9863cefbb7ea012b6a7e7e26ff +Size (php-5.6.6.tar.bz2) = 13687928 bytes SHA1 (patch-acinclude.m4) = b38fc34c3a3847dc317e8e286612b21ec8fd5ce8 SHA1 (patch-aclocal.m4) = 49117c42e03bd3ed57d967d33ba543f936013b4f SHA1 (patch-build_libtool.m4) = f459cda09cbdad9780568d271091fb17bbc5d965 SHA1 (patch-configure) = d3d44c814deb0264fd4fc41908c2ff31fde00b0d -SHA1 (patch-ext_date_php_date.c) = a5d594d5b054f170f5cd129c0a9ddec6334cce9a -SHA1 (patch-ext_date_tests_bug68942.phpt) = d3ebf7a5f78bf8b4b3f1a0c85d40480c335b491e -SHA1 (patch-ext_date_tests_bug68942_2.phpt) = af2a9ffef7c7f0ecf5425e96cfb67dd3beac6827 SHA1 (patch-ext_gd_config.m4) = 4b44853250eb4a638af4c663e618307ff25d2cbd SHA1 (patch-ext_imap_config.m4) = 9c6ed6966366c4fe1b7cfd34b5910e2ff0e68577 SHA1 (patch-ext_mssql_php__mssql.c) = c4fa9231dc539ffb027f1beb6f182f21ddb94a3c diff --git a/lang/php56/patches/patch-ext_date_php_date.c b/lang/php56/patches/patch-ext_date_php_date.c deleted file mode 100644 index 96e505bdf55..00000000000 --- a/lang/php56/patches/patch-ext_date_php_date.c +++ /dev/null @@ -1,63 +0,0 @@ -$NetBSD: patch-ext_date_php_date.c,v 1.1.2.2 2015/02/19 19:18:59 tron Exp $ - -Fix CVE-2015-0273 / bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone) - ---- ext/date/php_date.c.orig 2015-01-21 00:40:37.000000000 +0000 -+++ ext/date/php_date.c -@@ -2807,12 +2807,9 @@ static int php_date_initialize_from_hash - timelib_tzinfo *tzi; - php_timezone_obj *tzobj; - -- if (zend_hash_find(myht, "date", 5, (void**) &z_date) == SUCCESS) { -- convert_to_string(*z_date); -- if (zend_hash_find(myht, "timezone_type", 14, (void**) &z_timezone_type) == SUCCESS) { -- convert_to_long(*z_timezone_type); -- if (zend_hash_find(myht, "timezone", 9, (void**) &z_timezone) == SUCCESS) { -- convert_to_string(*z_timezone); -+ if (zend_hash_find(myht, "date", 5, (void**) &z_date) == SUCCESS && Z_TYPE_PP(z_date) == IS_STRING) { -+ if (zend_hash_find(myht, "timezone_type", 14, (void**) &z_timezone_type) == SUCCESS && Z_TYPE_PP(z_timezone_type) == IS_LONG) { -+ if (zend_hash_find(myht, "timezone", 9, (void**) &z_timezone) == SUCCESS && Z_TYPE_PP(z_timezone) == IS_STRING) { - - switch (Z_LVAL_PP(z_timezone_type)) { - case TIMELIB_ZONETYPE_OFFSET: -@@ -2827,7 +2824,6 @@ static int php_date_initialize_from_hash - - case TIMELIB_ZONETYPE_ID: { - int ret; -- convert_to_string(*z_timezone); - - tzi = php_date_parse_tzfile(Z_STRVAL_PP(z_timezone), DATE_TIMEZONEDB TSRMLS_CC); - -@@ -3744,9 +3740,8 @@ static int php_date_timezone_initialize_ - zval **z_timezone = NULL; - zval **z_timezone_type = NULL; - -- if (zend_hash_find(myht, "timezone_type", 14, (void**) &z_timezone_type) == SUCCESS) { -+ if (zend_hash_find(myht, "timezone_type", 14, (void**) &z_timezone_type) == SUCCESS && Z_TYPE_PP(z_timezone_type) == IS_LONG) { - if (zend_hash_find(myht, "timezone", 9, (void**) &z_timezone) == SUCCESS) { -- convert_to_long(*z_timezone_type); - if (SUCCESS == timezone_initialize(*tzobj, Z_STRVAL_PP(z_timezone) TSRMLS_CC)) { - return SUCCESS; - } -@@ -3771,7 +3766,9 @@ PHP_METHOD(DateTimeZone, __set_state) - - php_date_instantiate(date_ce_timezone, return_value TSRMLS_CC); - tzobj = (php_timezone_obj *) zend_object_store_get_object(return_value TSRMLS_CC); -- php_date_timezone_initialize_from_hash(&return_value, &tzobj, myht TSRMLS_CC); -+ if(php_date_timezone_initialize_from_hash(&return_value, &tzobj, myht TSRMLS_CC) != SUCCESS) { -+ php_error_docref(NULL, E_ERROR, "Timezone initialization failed"); -+ } - } - /* }}} */ - -@@ -3787,7 +3784,9 @@ PHP_METHOD(DateTimeZone, __wakeup) - - myht = Z_OBJPROP_P(object); - -- php_date_timezone_initialize_from_hash(&return_value, &tzobj, myht TSRMLS_CC); -+ if(php_date_timezone_initialize_from_hash(&return_value, &tzobj, myht TSRMLS_CC) != SUCCESS) { -+ php_error_docref(NULL, E_ERROR, "Timezone initialization failed"); -+ } - } - /* }}} */ - diff --git a/lang/php56/patches/patch-ext_date_tests_bug68942.phpt b/lang/php56/patches/patch-ext_date_tests_bug68942.phpt deleted file mode 100644 index d88b6d3b680..00000000000 --- a/lang/php56/patches/patch-ext_date_tests_bug68942.phpt +++ /dev/null @@ -1,16 +0,0 @@ -$NetBSD: patch-ext_date_tests_bug68942.phpt,v 1.1.2.2 2015/02/19 19:18:59 tron Exp $ - -Test CVE-2015-0273 / bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone) - ---- ext/date/tests/bug68942.phpt.orig 2015-02-18 23:36:15.000000000 +0000 -+++ ext/date/tests/bug68942.phpt -@@ -0,0 +1,9 @@ -+--TEST-- -+Bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone). -+--FILE-- -+<?php -+$data = unserialize('a:2:{i:0;O:12:"DateTimeZone":2:{s:13:"timezone_type";a:2:{i:0;i:1;i:1;i:2;}s:8:"timezone";s:1:"A";}i:1;R:4;}'); -+var_dump($data); -+?> -+--EXPECTF-- -+Fatal error: DateTimeZone::__wakeup(): Timezone initialization failed in %s/bug68942.php on line %d diff --git a/lang/php56/patches/patch-ext_date_tests_bug68942_2.phpt b/lang/php56/patches/patch-ext_date_tests_bug68942_2.phpt deleted file mode 100644 index 1b33e6eed6e..00000000000 --- a/lang/php56/patches/patch-ext_date_tests_bug68942_2.phpt +++ /dev/null @@ -1,16 +0,0 @@ -$NetBSD: patch-ext_date_tests_bug68942_2.phpt,v 1.1.2.2 2015/02/19 19:18:59 tron Exp $ - -Test CVE-2015-0273 / bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone) - ---- ext/date/tests/bug68942_2.phpt.orig 2015-02-18 23:37:44.000000000 +0000 -+++ ext/date/tests/bug68942_2.phpt -@@ -0,0 +1,9 @@ -+--TEST-- -+Bug #68942 (Use after free vulnerability in unserialize() with DateTime). -+--FILE-- -+<?php -+$data = unserialize('a:2:{i:0;O:8:"DateTime":3:{s:4:"date";s:26:"2000-01-01 00:00:00.000000";s:13:"timezone_type";a:2:{i:0;i:1;i:1;i:2;}s:8:"timezone";s:1:"A";}i:1;R:5;}'); -+var_dump($data); -+?> -+--EXPECTF-- -+Fatal error: Invalid serialization data for DateTime object in %s/bug68942_2.php on line %d |