pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/lang/php53 Update php53 package to 5.3.10. Below secu...
details: https://anonhg.NetBSD.org/pkgsrc/rev/5559cff55c5a
branches: trunk
changeset: 598990:5559cff55c5a
user: taca <taca%pkgsrc.org@localhost>
date: Fri Feb 03 03:10:33 2012 +0000
description:
Update php53 package to 5.3.10. Below security fix is already included
in php-5.3.9nb2 package.
02 Feb 2012, PHP 5.3.10
- Core:
. Fixed arbitrary remote code execution vulnerability reported by Stefan
Esser, CVE-2012-0830. (Stas, Dmitry)
diffstat:
lang/php53/Makefile | 3 +-
lang/php53/Makefile.common | 4 +-
lang/php53/Makefile.php | 4 +-
lang/php53/distinfo | 15 +++----
lang/php53/patches/patch-main_php__variables.c | 50 --------------------------
5 files changed, 12 insertions(+), 64 deletions(-)
diffs (134 lines):
diff -r 4101b55f3453 -r 5559cff55c5a lang/php53/Makefile
--- a/lang/php53/Makefile Fri Feb 03 02:46:39 2012 +0000
+++ b/lang/php53/Makefile Fri Feb 03 03:10:33 2012 +0000
@@ -1,10 +1,9 @@
-# $NetBSD: Makefile,v 1.22 2012/02/02 16:00:40 taca Exp $
+# $NetBSD: Makefile,v 1.23 2012/02/03 03:10:33 taca Exp $
#
# We can't omit PKGNAME here to handle PKG_OPTIONS.
#
PKGNAME= php-${PHP_BASE_VERS}
-PKGREVISION= 2
CATEGORIES= lang
HOMEPAGE= http://www.php.net/
diff -r 4101b55f3453 -r 5559cff55c5a lang/php53/Makefile.common
--- a/lang/php53/Makefile.common Fri Feb 03 02:46:39 2012 +0000
+++ b/lang/php53/Makefile.common Fri Feb 03 03:10:33 2012 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.9 2012/01/11 14:53:35 taca Exp $
+# $NetBSD: Makefile.common,v 1.10 2012/02/03 03:10:34 taca Exp $
# used by lang/php53/Makefile.php
# used by lang/php/ext.mk
# used by meta-pkgs/php53-extensions/Makefile
@@ -39,7 +39,7 @@
MAINTAINER?= pkgsrc-users%NetBSD.org@localhost
HOMEPAGE?= http://www.php.net/
-PHP_BASE_VERS= 5.3.9
+PHP_BASE_VERS= 5.3.10
PHP_EXTENSION_DIR= lib/php/20090630
PLIST_SUBST+= PHP_EXTENSION_DIR=${PHP_EXTENSION_DIR}
diff -r 4101b55f3453 -r 5559cff55c5a lang/php53/Makefile.php
--- a/lang/php53/Makefile.php Fri Feb 03 02:46:39 2012 +0000
+++ b/lang/php53/Makefile.php Fri Feb 03 03:10:33 2012 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.php,v 1.12 2012/01/20 03:22:08 taca Exp $
+# $NetBSD: Makefile.php,v 1.13 2012/02/03 03:10:34 taca Exp $
# used by lang/php53/Makefile
# used by www/ap-php/Makefile
@@ -61,7 +61,7 @@
.if !empty(PKG_OPTIONS:Msuhosin)
SUHOSIN_PHPVER= 5.3.9
-. if ${SUHOSIN_PHPVER} != ${PHP_BASE_VERS}
+. if ${SUHOSIN_PHPVER} != ${PHP_BASE_VERS} && ${PHP_BASE_VERS} != 5.3.10
PKG_FAIL_REASON+= "The suhosin patch is currently not available for"
PKG_FAIL_REASON+= "this version of PHP. You may have to wait until"
PKG_FAIL_REASON+= "an updated patch is released or temporarily"
diff -r 4101b55f3453 -r 5559cff55c5a lang/php53/distinfo
--- a/lang/php53/distinfo Fri Feb 03 02:46:39 2012 +0000
+++ b/lang/php53/distinfo Fri Feb 03 03:10:33 2012 +0000
@@ -1,11 +1,11 @@
-$NetBSD: distinfo,v 1.34 2012/02/02 16:19:44 taca Exp $
+$NetBSD: distinfo,v 1.35 2012/02/03 03:10:34 taca Exp $
-SHA1 (php-5.3.9/php-5.3.9.tar.bz2) = fe0626735c3d9dd370cef9bdcfe9506629449f51
-RMD160 (php-5.3.9/php-5.3.9.tar.bz2) = 428ed51982637f092c43369cf5cfb284d58da3f6
-Size (php-5.3.9/php-5.3.9.tar.bz2) = 11704944 bytes
-SHA1 (php-5.3.9/suhosin-patch-5.3.9-0.9.10.patch.gz) = 7b9ef5c3e0831154df0d6290aba0989ca90138ed
-RMD160 (php-5.3.9/suhosin-patch-5.3.9-0.9.10.patch.gz) = ce43921fd9b183b154713ecda98294f6c68d5f22
-Size (php-5.3.9/suhosin-patch-5.3.9-0.9.10.patch.gz) = 40967 bytes
+SHA1 (php-5.3.10/php-5.3.10.tar.bz2) = 689d8463b5d9e24b9bf297e35826f2ebdb69afda
+RMD160 (php-5.3.10/php-5.3.10.tar.bz2) = acab30a19b340f21a64e06b524906f2b064dd1c9
+Size (php-5.3.10/php-5.3.10.tar.bz2) = 11707402 bytes
+SHA1 (php-5.3.10/suhosin-patch-5.3.9-0.9.10.patch.gz) = 7b9ef5c3e0831154df0d6290aba0989ca90138ed
+RMD160 (php-5.3.10/suhosin-patch-5.3.9-0.9.10.patch.gz) = ce43921fd9b183b154713ecda98294f6c68d5f22
+Size (php-5.3.10/suhosin-patch-5.3.9-0.9.10.patch.gz) = 40967 bytes
SHA1 (patch-aa) = b0dc6cd0b2103d5858280202506b33322a98496e
SHA1 (patch-ab) = d08bb50cf074a6065ef0d1d67a713b7573cb2f5b
SHA1 (patch-ac) = 1720f154232241c19d0c6e08a824e33252f1b690
@@ -17,6 +17,5 @@
SHA1 (patch-ai) = d4766893a2c47a4e4a744248dda265b0a9a66a1f
SHA1 (patch-aj) = d611d13fcc28c5d2b9e9586832ce4b8ae5707b48
SHA1 (patch-al) = fbbee5502e0cd1c47c6e7c15e0d54746414ec32e
-SHA1 (patch-main_php__variables.c) = 94a3fe7d0c52bf98bf91666448bd5a629f25802d
SHA1 (patch-main_streams_cast.c) = c169ccb73dc660e40eff9f9e168374f35eedadad
SHA1 (patch-php__mssql.c) = b46c688ff2d8da33ca2f9beb0eb9182b6edf7e23
diff -r 4101b55f3453 -r 5559cff55c5a lang/php53/patches/patch-main_php__variables.c
--- a/lang/php53/patches/patch-main_php__variables.c Fri Feb 03 02:46:39 2012 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,50 +0,0 @@
-$NetBSD: patch-main_php__variables.c,v 1.4 2012/02/02 16:19:44 taca Exp $
-
-* Fix for "Critical PHP Remote Vulnerability Introduced in Fix for PHP Hashtable
- Collision DOS" by revision 323007 from PHP's repository.
-
-http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/
-
-* And more fix for memory leaks by revision 323013 from PHP's repository.
-
---- main/php_variables.c.orig 2012-01-01 13:15:04.000000000 +0000
-+++ main/php_variables.c
-@@ -182,7 +182,12 @@ PHPAPI void php_register_variable_ex(cha
- if (!index) {
- MAKE_STD_ZVAL(gpc_element);
- array_init(gpc_element);
-- zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
-+ if (zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p) == FAILURE) {
-+ zval_ptr_dtor(&gpc_element);
-+ zval_dtor(val);
-+ efree(var_orig);
-+ return;
-+ }
- } else {
- if (PG(magic_quotes_gpc)) {
- escaped_index = php_addslashes(index, index_len, &index_len, 0 TSRMLS_CC);
-@@ -198,6 +203,13 @@ PHPAPI void php_register_variable_ex(cha
- MAKE_STD_ZVAL(gpc_element);
- array_init(gpc_element);
- zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
-+ } else {
-+ if (index != escaped_index) {
-+ efree(escaped_index);
-+ }
-+ zval_dtor(val);
-+ efree(var_orig);
-+ return;
- }
- }
- if (index != escaped_index) {
-@@ -223,7 +235,9 @@ plain_var:
- gpc_element->value = val->value;
- Z_TYPE_P(gpc_element) = Z_TYPE_P(val);
- if (!index) {
-- zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
-+ if (zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p) == FAILURE) {
-+ zval_ptr_dtor(&gpc_element);
-+ }
- } else {
- if (PG(magic_quotes_gpc)) {
- escaped_index = php_addslashes(index, index_len, &index_len, 0 TSRMLS_CC);
Home |
Main Index |
Thread Index |
Old Index