pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2009Q3]: pkgsrc Pullup ticket 2955 - requested by taca
details: https://anonhg.NetBSD.org/pkgsrc/rev/21c7b544387e
branches: pkgsrc-2009Q3
changeset: 400012:21c7b544387e
user: spz <spz%pkgsrc.org@localhost>
date: Wed Dec 23 19:09:51 2009 +0000
description:
Pullup ticket 2955 - requested by taca
security update
Revisions pulled up:
- pkgsrc/lang/php5/Makefile 1.75
- pkgsrc/lang/php5/Makefile.common 1.39
- pkgsrc/lang/php5/PLIST 1.25
- pkgsrc/lang/php5/distinfo 1.71
- pkgsrc/lang/php5/patches/patch-ag 1.4
- pkgsrc/lang/php5/patches/patch-ah 1.3
- pkgsrc/textproc/php5-xsl/Makefile 1.13
Files removed:
pkgsrc/lang/php5/patches/patch-ay
pkgsrc/lang/php5/patches/patch-az
pkgsrc/lang/php5/patches/patch-ba
pkgsrc/lang/php5/patches/patch-bb
pkgsrc/lang/php5/patches/patch-bc
pkgsrc/lang/php5/patches/patch-bd
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Dec 23 07:07:35 UTC 2009
Modified Files:
pkgsrc/lang/php5: Makefile Makefile.common PLIST distinfo
pkgsrc/lang/php5/patches: patch-ag patch-ah
Removed Files:
pkgsrc/lang/php5/patches: patch-ay patch-az patch-ba patch-bb
patch-bc patch-bd
Log Message:
Update lang/php5 to 5.2.12, security update.
Security Enhancements and Fixes in PHP 5.2.12:
* Fixed a safe_mode bypass in tempnam() identified by Grzegorz
Stachowiak. (CVE-2009-3557, Rasmus)
* Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz
Stachowiak. (CVE-2009-3558, Rasmus)
* Added "max_file_uploads" INI directive, which can be set to limit the
number of file uploads per-request to 20 by default, to prevent possible
DOS via temporary file exhaustion, identified by Bogdan
Calin. (CVE-2009-4017, Ilia)
* Added protection for $_SESSION from interrupt corruption and improved
"session.save_path" check, identified by Stefan Esser. (CVE-2009-4143,
Stas)
* Fixed bug #49785 (insufficient input string validation of
htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com)
Key enhancements in PHP 5.2.12 include:
* Fixed unnecessary invocation of setitimer when timeouts have been
disabled. (Arvind Srinivasan)
* Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre)
* Fixed crash in SQLiteDatabase::ArrayQuery() and
SQLiteDatabase::SingleQuery() when calling using Reflection. (Felipe)
* Fixed crash when instantiating PDORow and PDOStatement through
Reflection. (Felipe)
* Fixed memory leak in openssl_pkcs12_export_to_file(). (Felipe)
* Fixed bug #50207 (segmentation fault when concatenating very large strings
on 64bit linux). (Ilia)
* Fixed bug #50162 (Memory leak when fetching timestamp column from Oracle
database). (Felipe)
* Fixed bug #50006 (Segfault caused by uksort()). (Felipe)
* Fixed bug #50005 (Throwing through Reflection modified Exception object
makes segmentation fault). (Felipe)
* Fixed bug #49174 (crash when extending PDOStatement and trying to set
queryString property). (Felipe)
* Fixed bug #49098 (mysqli segfault on error). (Rasmus)
* Over 50 other bug fixes.
To generate a diff of this commit:
cvs rdiff -u -r1.74 -r1.75 pkgsrc/lang/php5/Makefile
cvs rdiff -u -r1.38 -r1.39 pkgsrc/lang/php5/Makefile.common
cvs rdiff -u -r1.24 -r1.25 pkgsrc/lang/php5/PLIST
cvs rdiff -u -r1.70 -r1.71 pkgsrc/lang/php5/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/php5/patches/patch-ag
cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/php5/patches/patch-ah
cvs rdiff -u -r1.2 -r0 pkgsrc/lang/php5/patches/patch-ay \
pkgsrc/lang/php5/patches/patch-az
cvs rdiff -u -r1.1 -r0 pkgsrc/lang/php5/patches/patch-ba \
pkgsrc/lang/php5/patches/patch-bb pkgsrc/lang/php5/patches/patch-bc \
pkgsrc/lang/php5/patches/patch-bd
--------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Dec 23 07:08:31 UTC 2009
Modified Files:
pkgsrc/textproc/php5-xsl: Makefile
Log Message:
Reset PKGREVISION by implicit update to 5.2.12.
To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 pkgsrc/textproc/php5-xsl/Makefile
diffstat:
lang/php5/Makefile | 3 +-
lang/php5/Makefile.common | 4 +-
lang/php5/PLIST | 4 +-
lang/php5/distinfo | 24 +-
lang/php5/patches/patch-ag | 14 +-
lang/php5/patches/patch-ah | 14 +-
lang/php5/patches/patch-ay | 17 --
lang/php5/patches/patch-az | 373 ---------------------------------------------
lang/php5/patches/patch-ba | 17 --
lang/php5/patches/patch-bb | 19 --
lang/php5/patches/patch-bc | 15 -
lang/php5/patches/patch-bd | 46 -----
textproc/php5-xsl/Makefile | 3 +-
13 files changed, 21 insertions(+), 532 deletions(-)
diffs (truncated from 681 to 300 lines):
diff -r 2877609bf550 -r 21c7b544387e lang/php5/Makefile
--- a/lang/php5/Makefile Sun Dec 20 21:04:35 2009 +0000
+++ b/lang/php5/Makefile Wed Dec 23 19:09:51 2009 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.72.4.1 2009/11/30 23:10:19 tron Exp $
+# $NetBSD: Makefile,v 1.72.4.2 2009/12/23 19:09:51 spz Exp $
PKGNAME= php-${PHP_BASE_VERS}
-PKGREVISION= 2
CATEGORIES= lang
HOMEPAGE= http://www.php.net/
COMMENT= PHP Hypertext Preprocessor version 5
diff -r 2877609bf550 -r 21c7b544387e lang/php5/Makefile.common
--- a/lang/php5/Makefile.common Sun Dec 20 21:04:35 2009 +0000
+++ b/lang/php5/Makefile.common Wed Dec 23 19:09:51 2009 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.38 2009/10/09 03:53:06 taca Exp $
+# $NetBSD: Makefile.common,v 1.38.2.1 2009/12/23 19:09:51 spz Exp $
# used by lang/php5/Makefile.php
# used by lang/php/ext.mk
@@ -46,7 +46,7 @@
MAINTAINER?= jdolecek%NetBSD.org@localhost
HOMEPAGE?= http://www.php.net/
-PHP_BASE_VERS= 5.2.11
+PHP_BASE_VERS= 5.2.12
PHP_EXTENSION_DIR= lib/php/20040412
PLIST_SUBST+= PHP_EXTENSION_DIR=${PHP_EXTENSION_DIR:Q}
diff -r 2877609bf550 -r 21c7b544387e lang/php5/PLIST
--- a/lang/php5/PLIST Sun Dec 20 21:04:35 2009 +0000
+++ b/lang/php5/PLIST Wed Dec 23 19:09:51 2009 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.24 2009/09/26 05:40:05 taca Exp $
+@comment $NetBSD: PLIST,v 1.24.2.1 2009/12/23 19:09:51 spz Exp $
bin/php
bin/php-config
bin/phpize
@@ -197,10 +197,10 @@
include/php/main/streams/php_stream_transport.h
include/php/main/streams/php_stream_userspace.h
include/php/main/streams/php_streams_int.h
-include/php/main/win95nt.h
${PLIST.suhosin}include/php/main/suhosin_globals.h
${PLIST.suhosin}include/php/main/suhosin_logo.h
${PLIST.suhosin}include/php/main/suhosin_patch.h
+include/php/main/win95nt.h
include/php/regex/cclass.h
include/php/regex/cname.h
include/php/regex/regex.h
diff -r 2877609bf550 -r 21c7b544387e lang/php5/distinfo
--- a/lang/php5/distinfo Sun Dec 20 21:04:35 2009 +0000
+++ b/lang/php5/distinfo Wed Dec 23 19:09:51 2009 +0000
@@ -1,14 +1,14 @@
-$NetBSD: distinfo,v 1.67.2.2 2009/11/30 23:10:20 tron Exp $
+$NetBSD: distinfo,v 1.67.2.3 2009/12/23 19:09:51 spz Exp $
-SHA1 (php-5.2.11/php-5.2.11.tar.bz2) = 819c853ce657ef260d4a73b5a21f961115b97eef
-RMD160 (php-5.2.11/php-5.2.11.tar.bz2) = 6aad53dee864ab89f794a9d3c2aa32d435ed5654
-Size (php-5.2.11/php-5.2.11.tar.bz2) = 9030787 bytes
-SHA1 (php-5.2.11/suhosin-patch-5.2.11-0.9.7.patch.gz) = 248419332131efc53f3306c2a57a4b1a9dc92cc1
-RMD160 (php-5.2.11/suhosin-patch-5.2.11-0.9.7.patch.gz) = 0f6d442aace34c221f9fbff42a63e7f3b4489f15
-Size (php-5.2.11/suhosin-patch-5.2.11-0.9.7.patch.gz) = 23050 bytes
+SHA1 (php-5.2.12/php-5.2.12.tar.bz2) = 6605f23b70e3db824047830f08d636e09ec10ff3
+RMD160 (php-5.2.12/php-5.2.12.tar.bz2) = 027f3597fd961d2a95682e2f0738415f8a911371
+Size (php-5.2.12/php-5.2.12.tar.bz2) = 9075161 bytes
+SHA1 (php-5.2.12/suhosin-patch-5.2.11-0.9.7.patch.gz) = 248419332131efc53f3306c2a57a4b1a9dc92cc1
+RMD160 (php-5.2.12/suhosin-patch-5.2.11-0.9.7.patch.gz) = 0f6d442aace34c221f9fbff42a63e7f3b4489f15
+Size (php-5.2.12/suhosin-patch-5.2.11-0.9.7.patch.gz) = 23050 bytes
SHA1 (patch-aa) = 20bc3831e435182d014b11ae9f1f6c537a21af20
-SHA1 (patch-ag) = 901552355a3d57d9b8e23b31cd0edfd28db8b2bb
-SHA1 (patch-ah) = 7702da73f3a457ee381542b454d19b1f4b421e01
+SHA1 (patch-ag) = 5e3e822657925a77fbccaca63f283863a1cc6d94
+SHA1 (patch-ah) = a25cb7fa3d1f5b9fb99493a4348fdba69d3d4728
SHA1 (patch-aj) = 54812097499c81e5cb0196ab949cc86a4f24a9cc
SHA1 (patch-al) = 0ee37782cc0d3bf5ede1a583de0589c2c1316b50
SHA1 (patch-an) = 8f4174627b8cb5f8bfbc59413c95f71e26b9e602
@@ -16,9 +16,3 @@
SHA1 (patch-aq) = 0c9d48547da2fa80aa8357d23ad8505d1c0330df
SHA1 (patch-ar) = 2d74ec926cc00bfbb67d16210af78c33ad9ac38d
SHA1 (patch-as) = f7ce5caffe2acdd1f8e9fc8ae6c7ba1d8c6a25c1
-SHA1 (patch-ay) = 7ae502db6574a91fcbb487d37c14a5de644b01b6
-SHA1 (patch-az) = 04e69038e693cc72fb0f67ce04dd1778dacb1756
-SHA1 (patch-ba) = d9483f61b19c297eced12ae3d84d5163e33327b4
-SHA1 (patch-bb) = abbc8747e520d3665d3bcccf9c87741ecc6dc210
-SHA1 (patch-bc) = 9cb2e7fcd6f91d3382a69d68a80d72fdb8fbf2a7
-SHA1 (patch-bd) = 85c891ada42c062b365051b43a3b53c33fa39a92
diff -r 2877609bf550 -r 21c7b544387e lang/php5/patches/patch-ag
--- a/lang/php5/patches/patch-ag Sun Dec 20 21:04:35 2009 +0000
+++ b/lang/php5/patches/patch-ag Wed Dec 23 19:09:51 2009 +0000
@@ -1,10 +1,8 @@
-$NetBSD: patch-ag,v 1.2.34.1 2009/11/30 23:10:20 tron Exp $
+$NetBSD: patch-ag,v 1.2.34.2 2009/12/23 19:09:51 spz Exp $
* Ajust for pkgsrc.
-* Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017:
- http://svn.php.net/viewvc?view=revision&revision=289990
---- php.ini-dist.orig 2009-02-14 01:55:18.000000000 +0900
+--- php.ini-dist.orig 2009-11-05 13:29:34.000000000 +0000
+++ php.ini-dist
@@ -471,7 +471,7 @@ default_mimetype = "text/html"
;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -27,7 +25,7 @@
; Whether or not to enable the dl() function. The dl() function does NOT work
; properly in multithreaded servers, such as IIS or Zeus, and is automatically
-@@ -546,11 +547,13 @@ file_uploads = On
+@@ -546,7 +547,7 @@ file_uploads = On
; Temporary directory for HTTP uploaded files (will use system default if not
; specified).
@@ -36,9 +34,3 @@
; Maximum allowed size for uploaded files.
upload_max_filesize = 2M
-
-+; Maximum number of files that can be uploaded via a single request
-+max_file_uploads = 100
-
- ;;;;;;;;;;;;;;;;;;
- ; Fopen wrappers ;
diff -r 2877609bf550 -r 21c7b544387e lang/php5/patches/patch-ah
--- a/lang/php5/patches/patch-ah Sun Dec 20 21:04:35 2009 +0000
+++ b/lang/php5/patches/patch-ah Wed Dec 23 19:09:51 2009 +0000
@@ -1,10 +1,8 @@
-$NetBSD: patch-ah,v 1.1.36.1 2009/11/30 23:10:20 tron Exp $
+$NetBSD: patch-ah,v 1.1.36.2 2009/12/23 19:09:51 spz Exp $
* Ajust for pkgsrc.
-* Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017:
- http://svn.php.net/viewvc?view=revision&revision=289990
---- php.ini-recommended.orig 2009-03-02 13:44:35.000000000 +0900
+--- php.ini-recommended.orig 2009-11-05 13:29:34.000000000 +0000
+++ php.ini-recommended
@@ -522,7 +522,7 @@ default_mimetype = "text/html"
;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -27,7 +25,7 @@
; Whether or not to enable the dl() function. The dl() function does NOT work
; properly in multithreaded servers, such as IIS or Zeus, and is automatically
-@@ -597,11 +598,13 @@ file_uploads = On
+@@ -597,7 +598,7 @@ file_uploads = On
; Temporary directory for HTTP uploaded files (will use system default if not
; specified).
@@ -36,9 +34,3 @@
; Maximum allowed size for uploaded files.
upload_max_filesize = 2M
-
-+; Maximum number of files that can be uploaded via a single request
-+max_file_uploads = 100
-
- ;;;;;;;;;;;;;;;;;;
- ; Fopen wrappers ;
diff -r 2877609bf550 -r 21c7b544387e lang/php5/patches/patch-ay
--- a/lang/php5/patches/patch-ay Sun Dec 20 21:04:35 2009 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,17 +0,0 @@
-$NetBSD: patch-ay,v 1.1.2.3 2009/11/30 23:10:20 tron Exp $
-
-* Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546
- http://svn.php.net/viewvc?view=revision&revision=289557
-
---- ext/gd/libgd/gd_gd.c.orig 2007-08-09 23:21:38.000000000 +0900
-+++ ext/gd/libgd/gd_gd.c
-@@ -39,6 +39,9 @@ int _gdGetColors (gdIOCtx * in, gdImageP
- if (!gdGetWord(&im->colorsTotal, in)) {
- goto fail1;
- }
-+ if (im->colorsTotal > gdMaxColors) {
-+ goto fail1;
-+ }
- }
- /* Int to accommodate truecolor single-color transparency */
- if (!gdGetInt(&im->transparent, in)) {
diff -r 2877609bf550 -r 21c7b544387e lang/php5/patches/patch-az
--- a/lang/php5/patches/patch-az Sun Dec 20 21:04:35 2009 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,373 +0,0 @@
-$NetBSD$
-
-* Fix for htmlspecialchars():
- http://svn.php.net/viewvc?view=revision&revision=289411
- http://svn.php.net/viewvc?view=revision&revision=289554
- http://svn.php.net/viewvc?view=revision&revision=289565
- http://svn.php.net/viewvc?view=revision&revision=289567
- http://svn.php.net/viewvc?view=revision&revision=289605
-
---- ext/standard/html.c.orig 2008-12-31 20:17:49.000000000 +0900
-+++ ext/standard/html.c
-@@ -484,15 +484,31 @@ struct basic_entities_dec {
- } \
- mbseq[mbpos++] = (mbchar); }
-
--#define CHECK_LEN(pos, chars_need) \
-- if((str_len - (pos)) < chars_need) { \
-- *status = FAILURE; \
-- return 0; \
-+/* skip one byte and return */
-+#define MB_FAILURE(pos) do { \
-+ *newpos = pos + 1; \
-+ *status = FAILURE; \
-+ return 0; \
-+ } while (0)
-+
-+#define CHECK_LEN(pos, chars_need) \
-+ if (chars_need < 1) { \
-+ if((str_len - (pos)) < chars_need) { \
-+ *newpos = pos; \
-+ *status = FAILURE; \
-+ return 0; \
-+ } \
-+ } else { \
-+ if((str_len - (pos)) < chars_need) { \
-+ *newpos = pos + 1; \
-+ *status = FAILURE; \
-+ return 0; \
-+ } \
- }
-
- /* {{{ get_next_char
- */
--inline static unsigned short get_next_char(enum entity_charset charset,
-+inline static unsigned int get_next_char(enum entity_charset charset,
- unsigned char * str,
- int str_len,
- int * newpos,
-@@ -503,205 +519,189 @@ inline static unsigned short get_next_ch
- int pos = *newpos;
- int mbpos = 0;
- int mbspace = *mbseqlen;
-- unsigned short this_char = str[pos++];
-+ unsigned int this_char = 0;
- unsigned char next_char;
-
- *status = SUCCESS;
--
-+
- if (mbspace <= 0) {
- *mbseqlen = 0;
-- return this_char;
-+ CHECK_LEN(pos, 1);
-+ *newpos = pos + 1;
-+ *newpos = pos + 1;
- }
--
-- MB_WRITE((unsigned char)this_char);
--
-+
- switch (charset) {
- case cs_utf_8:
- {
-- unsigned long utf = 0;
-- int stat = 0;
-- int more = 1;
--
-- /* unpack utf-8 encoding into a wide char.
-- * Code stolen from the mbstring extension */
--
-- do {
-- if (this_char < 0x80) {
-- more = 0;
-- if(stat) {
-- /* we didn't finish the UTF sequence correctly */
-- *status = FAILURE;
-- }
-- break;
-- } else if (this_char < 0xc0) {
-- switch (stat) {
-- case 0x10: /* 2, 2nd */
-- case 0x21: /* 3, 3rd */
-- case 0x32: /* 4, 4th */
-- case 0x43: /* 5, 5th */
-- case 0x54: /* 6, 6th */
-- /* last byte in sequence */
-- more = 0;
-- utf |= (this_char & 0x3f);
-- this_char = (unsigned short)utf;
-- break;
-- case 0x20: /* 3, 2nd */
-- case 0x31: /* 4, 3rd */
-- case 0x42: /* 5, 4th */
-- case 0x53: /* 6, 5th */
-- /* penultimate char */
-- utf |= ((this_char & 0x3f) << 6);
-- stat++;
-- break;
-- case 0x30: /* 4, 2nd */
-- case 0x41: /* 5, 3rd */
-- case 0x52: /* 6, 4th */
-- utf |= ((this_char & 0x3f) << 12);
-- stat++;
-- break;
-- case 0x40: /* 5, 2nd */
-- case 0x51:
-- utf |= ((this_char & 0x3f) << 18);
Home |
Main Index |
Thread Index |
Old Index