pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2012Q1]: pkgsrc/lang/php53 Pullup ticket #3769 - requested by ...
details: https://anonhg.NetBSD.org/pkgsrc/rev/77a58df8c612
branches: pkgsrc-2012Q1
changeset: 602077:77a58df8c612
user: spz <spz%pkgsrc.org@localhost>
date: Fri May 04 08:39:30 2012 +0000
description:
Pullup ticket #3769 - requested by taca
lang/php53: security update
Revisions pulled up:
- lang/php53/Makefile 1.25
- lang/php53/Makefile.common 1.11-1.12
- lang/php53/Makefile.php 1.14-1.15
- lang/php53/distinfo 1.37-1.38
- lang/php53/patches/patch-main_SAPI.c deleted
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu Apr 26 14:26:33 UTC 2012
Modified Files:
pkgsrc/lang/php53: Makefile Makefile.common Makefile.php distinfo
Removed Files:
pkgsrc/lang/php53/patches: patch-main_SAPI.c
Log Message:
Update php53 package to 5.3.11.
For full changes, please refer <http://www.php.net/ChangeLog-5.php#5.3.11>.
Security Enhancements:
* Fixed bug #54374 (Insufficient validating of upload name leading to
corrupted $_FILES indices). (CVE-2012-1172).
* Add open_basedir checks to readline_write_history and readline_read_history.
* Fixed bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831).
Key enhancements in these releases include:
* Added debug info handler to DOM objects.
* Fixed bug #61172 (Add Apache 2.4 support).
To generate a diff of this commit:
cvs rdiff -u -r1.24 -r1.25 pkgsrc/lang/php53/Makefile
cvs rdiff -u -r1.10 -r1.11 pkgsrc/lang/php53/Makefile.common
cvs rdiff -u -r1.13 -r1.14 pkgsrc/lang/php53/Makefile.php
cvs rdiff -u -r1.36 -r1.37 pkgsrc/lang/php53/distinfo
cvs rdiff -u -r1.1 -r0 pkgsrc/lang/php53/patches/patch-main_SAPI.c
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Fri May 4 01:48:41 UTC 2012
Modified Files:
pkgsrc/lang/php53: Makefile.common Makefile.php distinfo
Log Message:
Update php53 package to 5.3.12.
03 Mar 2012, PHP 5.3.12
- Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823. (Rasmus)
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/lang/php53/Makefile.common
cvs rdiff -u -r1.14 -r1.15 pkgsrc/lang/php53/Makefile.php
cvs rdiff -u -r1.37 -r1.38 pkgsrc/lang/php53/distinfo
diffstat:
lang/php53/Makefile | 3 +-
lang/php53/Makefile.common | 4 +-
lang/php53/Makefile.php | 4 +-
lang/php53/distinfo | 15 ++++++------
lang/php53/patches/patch-main_SAPI.c | 42 ------------------------------------
5 files changed, 12 insertions(+), 56 deletions(-)
diffs (126 lines):
diff -r c61cdfb11103 -r 77a58df8c612 lang/php53/Makefile
--- a/lang/php53/Makefile Thu May 03 19:56:36 2012 +0000
+++ b/lang/php53/Makefile Fri May 04 08:39:30 2012 +0000
@@ -1,10 +1,9 @@
-# $NetBSD: Makefile,v 1.24 2012/04/05 03:17:26 taca Exp $
+# $NetBSD: Makefile,v 1.24.2.1 2012/05/04 08:39:30 spz Exp $
#
# We can't omit PKGNAME here to handle PKG_OPTIONS.
#
PKGNAME= php-${PHP_BASE_VERS}
-PKGREVISION= 1
CATEGORIES= lang
HOMEPAGE= http://www.php.net/
diff -r c61cdfb11103 -r 77a58df8c612 lang/php53/Makefile.common
--- a/lang/php53/Makefile.common Thu May 03 19:56:36 2012 +0000
+++ b/lang/php53/Makefile.common Fri May 04 08:39:30 2012 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.10 2012/02/03 03:10:34 taca Exp $
+# $NetBSD: Makefile.common,v 1.10.2.1 2012/05/04 08:39:30 spz Exp $
# used by lang/php53/Makefile.php
# used by lang/php/ext.mk
# used by meta-pkgs/php53-extensions/Makefile
@@ -39,7 +39,7 @@
MAINTAINER?= pkgsrc-users%NetBSD.org@localhost
HOMEPAGE?= http://www.php.net/
-PHP_BASE_VERS= 5.3.10
+PHP_BASE_VERS= 5.3.12
PHP_EXTENSION_DIR= lib/php/20090630
PLIST_SUBST+= PHP_EXTENSION_DIR=${PHP_EXTENSION_DIR}
diff -r c61cdfb11103 -r 77a58df8c612 lang/php53/Makefile.php
--- a/lang/php53/Makefile.php Thu May 03 19:56:36 2012 +0000
+++ b/lang/php53/Makefile.php Fri May 04 08:39:30 2012 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.php,v 1.13 2012/02/03 03:10:34 taca Exp $
+# $NetBSD: Makefile.php,v 1.13.2.1 2012/05/04 08:39:30 spz Exp $
# used by lang/php53/Makefile
# used by www/ap-php/Makefile
@@ -61,7 +61,7 @@
.if !empty(PKG_OPTIONS:Msuhosin)
SUHOSIN_PHPVER= 5.3.9
-. if ${SUHOSIN_PHPVER} != ${PHP_BASE_VERS} && ${PHP_BASE_VERS} != 5.3.10
+. if ${SUHOSIN_PHPVER} != ${PHP_BASE_VERS} && ${PHP_BASE_VERS} != 5.3.10 && ${PHP_BASE_VERS} != 5.3.11 && ${PHP_BASE_VERS} != 5.3.12
PKG_FAIL_REASON+= "The suhosin patch is currently not available for"
PKG_FAIL_REASON+= "this version of PHP. You may have to wait until"
PKG_FAIL_REASON+= "an updated patch is released or temporarily"
diff -r c61cdfb11103 -r 77a58df8c612 lang/php53/distinfo
--- a/lang/php53/distinfo Thu May 03 19:56:36 2012 +0000
+++ b/lang/php53/distinfo Fri May 04 08:39:30 2012 +0000
@@ -1,11 +1,11 @@
-$NetBSD: distinfo,v 1.36 2012/04/05 03:17:26 taca Exp $
+$NetBSD: distinfo,v 1.36.2.1 2012/05/04 08:39:30 spz Exp $
-SHA1 (php-5.3.10/php-5.3.10.tar.bz2) = 689d8463b5d9e24b9bf297e35826f2ebdb69afda
-RMD160 (php-5.3.10/php-5.3.10.tar.bz2) = acab30a19b340f21a64e06b524906f2b064dd1c9
-Size (php-5.3.10/php-5.3.10.tar.bz2) = 11707402 bytes
-SHA1 (php-5.3.10/suhosin-patch-5.3.9-0.9.10.patch.gz) = 7b9ef5c3e0831154df0d6290aba0989ca90138ed
-RMD160 (php-5.3.10/suhosin-patch-5.3.9-0.9.10.patch.gz) = ce43921fd9b183b154713ecda98294f6c68d5f22
-Size (php-5.3.10/suhosin-patch-5.3.9-0.9.10.patch.gz) = 40967 bytes
+SHA1 (php-5.3.12/php-5.3.12.tar.bz2) = 1aef7c01207637671299e3eb2d74eb81dd6a8f83
+RMD160 (php-5.3.12/php-5.3.12.tar.bz2) = 5d91c2d16b54632aa123677f63776b312872997c
+Size (php-5.3.12/php-5.3.12.tar.bz2) = 11394871 bytes
+SHA1 (php-5.3.12/suhosin-patch-5.3.9-0.9.10.patch.gz) = 7b9ef5c3e0831154df0d6290aba0989ca90138ed
+RMD160 (php-5.3.12/suhosin-patch-5.3.9-0.9.10.patch.gz) = ce43921fd9b183b154713ecda98294f6c68d5f22
+Size (php-5.3.12/suhosin-patch-5.3.9-0.9.10.patch.gz) = 40967 bytes
SHA1 (patch-aa) = b0dc6cd0b2103d5858280202506b33322a98496e
SHA1 (patch-ab) = d08bb50cf074a6065ef0d1d67a713b7573cb2f5b
SHA1 (patch-ac) = 1720f154232241c19d0c6e08a824e33252f1b690
@@ -17,6 +17,5 @@
SHA1 (patch-ai) = d4766893a2c47a4e4a744248dda265b0a9a66a1f
SHA1 (patch-aj) = d611d13fcc28c5d2b9e9586832ce4b8ae5707b48
SHA1 (patch-al) = fbbee5502e0cd1c47c6e7c15e0d54746414ec32e
-SHA1 (patch-main_SAPI.c) = 8fd664c97cb9fa295ad8a1f42ed3e1b878554065
SHA1 (patch-main_streams_cast.c) = c169ccb73dc660e40eff9f9e168374f35eedadad
SHA1 (patch-php__mssql.c) = b46c688ff2d8da33ca2f9beb0eb9182b6edf7e23
diff -r c61cdfb11103 -r 77a58df8c612 lang/php53/patches/patch-main_SAPI.c
--- a/lang/php53/patches/patch-main_SAPI.c Thu May 03 19:56:36 2012 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,42 +0,0 @@
-$NetBSD: patch-main_SAPI.c,v 1.1 2012/04/05 03:17:26 taca Exp $
-
-* Fix possible newline injection problem of header() function from PHP 5.4.0.
-
---- main/SAPI.c.orig 2012-01-01 13:15:04.000000000 +0000
-+++ main/SAPI.c
-@@ -590,16 +590,26 @@ SAPI_API int sapi_header_op(sapi_header_
- return FAILURE;
- }
- } else {
-- /* new line safety check */
-- char *s = header_line, *e = header_line + header_line_len, *p;
-- while (s < e && (p = memchr(s, '\n', (e - s)))) {
-- if (*(p + 1) == ' ' || *(p + 1) == '\t') {
-- s = p + 1;
-- continue;
-+ /* new line/NUL character safety check */
-+ int i;
-+ for (i = 0; i < header_line_len; i++) {
-+ /* RFC 2616 allows new lines if followed by SP or HT */
-+ int illegal_break =
-+ (header_line[i+1] != ' ' && header_line[i+1] != '\t')
-+ && (
-+ header_line[i] == '\n'
-+ || (header_line[i] == '\r' && header_line[i+1] != '\n'));
-+ if (illegal_break) {
-+ efree(header_line);
-+ sapi_module.sapi_error(E_WARNING, "Header may not contain "
-+ "more than a single header, new line detected");
-+ return FAILURE;
-+ }
-+ if (header_line[i] == '\0') {
-+ efree(header_line);
-+ sapi_module.sapi_error(E_WARNING, "Header may not contain NUL bytes");
-+ return FAILURE;
- }
-- efree(header_line);
-- sapi_module.sapi_error(E_WARNING, "Header may not contain more than a single header, new line detected.");
-- return FAILURE;
- }
- }
-
Home |
Main Index |
Thread Index |
Old Index