pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/lang/php53 Update "php53" package to version 5.3.3. Ch...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/cf4519d1eb36
branches:  trunk
changeset: 577948:cf4519d1eb36
user:      tron <tron%pkgsrc.org@localhost>
date:      Sat Jul 24 22:23:37 2010 +0000

description:
Update "php53" package to version 5.3.3. Changes since version 5.3.2:
- Rewrote var_export() to use smart_str rather than output buffering,
  prevents data disclosure if a fatal error occurs (CVE-2010-2531).
  (Scott)
- Fixed a NULL pointer dereference when processing invalid XML-RPC
  requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert)
- Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
  (Stas)
- A large number of not security related bug fixes

diffstat:

 lang/php53/Makefile         |   3 +--
 lang/php53/Makefile.common  |   8 +++++---
 lang/php53/Makefile.php     |   8 ++++----
 lang/php53/distinfo         |  17 ++++++++---------
 lang/php53/patches/patch-ab |  27 ++++++++++++++++++---------
 lang/php53/patches/patch-ak |  35 -----------------------------------
 6 files changed, 36 insertions(+), 62 deletions(-)

diffs (219 lines):

diff -r 7c91f409be58 -r cf4519d1eb36 lang/php53/Makefile
--- a/lang/php53/Makefile       Sat Jul 24 22:23:14 2010 +0000
+++ b/lang/php53/Makefile       Sat Jul 24 22:23:37 2010 +0000
@@ -1,10 +1,9 @@
-# $NetBSD: Makefile,v 1.3 2010/04/16 15:19:23 taca Exp $
+# $NetBSD: Makefile,v 1.4 2010/07/24 22:23:37 tron Exp $
 
 #
 # We can't omit PKGNAME here to handle PKG_OPTIONS.
 #
 PKGNAME=               php-${PHP_BASE_VERS}
-PKGREVISION=           2
 CATEGORIES=            lang
 HOMEPAGE=              http://www.php.net/
 COMMENT=               PHP Hypertext Preprocessor version 5
diff -r 7c91f409be58 -r cf4519d1eb36 lang/php53/Makefile.common
--- a/lang/php53/Makefile.common        Sat Jul 24 22:23:14 2010 +0000
+++ b/lang/php53/Makefile.common        Sat Jul 24 22:23:37 2010 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.1.1.1 2010/03/16 15:31:58 taca Exp $
+# $NetBSD: Makefile.common,v 1.2 2010/07/24 22:23:37 tron Exp $
 # used by lang/php53/Makefile.php
 # used by lang/php/ext.mk
 # used by meta-pkgs/php53-extensions/Makefile
@@ -30,14 +30,16 @@
 
 .if !defined(PECL_VERSION)
 MASTER_SITES?=         http://www.php.net/distributions/ \
-                       http://php3.de/distributions/
+                       http://uk.php.net/distributions/ \
+                       http://de.php.net/distributions/ \
+                       http://us.php.net/distributions/
 EXTRACT_SUFX?=         .tar.bz2
 .endif
 
 MAINTAINER?=           pkgsrc-users%NetBSD.org@localhost
 HOMEPAGE?=             http://www.php.net/
 
-PHP_BASE_VERS=         5.3.2
+PHP_BASE_VERS=         5.3.3
 
 PHP_EXTENSION_DIR=     lib/php/20090630
 PLIST_SUBST+=          PHP_EXTENSION_DIR=${PHP_EXTENSION_DIR:Q}
diff -r 7c91f409be58 -r cf4519d1eb36 lang/php53/Makefile.php
--- a/lang/php53/Makefile.php   Sat Jul 24 22:23:14 2010 +0000
+++ b/lang/php53/Makefile.php   Sat Jul 24 22:23:37 2010 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.php,v 1.2 2010/03/21 17:10:01 jdolecek Exp $
+# $NetBSD: Makefile.php,v 1.3 2010/07/24 22:23:37 tron Exp $
 # used by lang/php53/Makefile
 # used by www/ap-php/Makefile
 
@@ -47,7 +47,7 @@
 # not defined yet, so we cannot use it here.
 PKG_OPTIONS_VAR=       PKG_OPTIONS.${PKGNAME:C/-[0-9].*//}
 PKG_SUPPORTED_OPTIONS+=        inet6 ssl maintainer-zts suhosin
-PKG_SUGGESTED_OPTIONS+=        ssl
+PKG_SUGGESTED_OPTIONS+=        inet6 ssl
 
 #SUBST_CLASSES+=               ini
 #SUBST_STAGE.ini=      post-patch
@@ -59,7 +59,7 @@
 .include "../../mk/bsd.options.mk"
 
 .if !empty(PKG_OPTIONS:Msuhosin)
-SUHOSIN_PHPVER=                5.3.2
+SUHOSIN_PHPVER=                5.3.3
 . if ${SUHOSIN_PHPVER} != ${PHP_BASE_VERS}
 PKG_FAIL_REASON+=      "The suhosin patch is currently not available for"
 PKG_FAIL_REASON+=      "this version of PHP.  You may have to wait until"
@@ -67,7 +67,7 @@
 PKG_FAIL_REASON+=      "build this package without the suhosin option."
 . else
 PATCH_SITES=           http://download.suhosin.org/
-PATCHFILES+=           suhosin-patch-${SUHOSIN_PHPVER}-0.9.9.1.patch.gz
+PATCHFILES+=           suhosin-patch-${SUHOSIN_PHPVER}-0.9.10.patch.gz
 PATCH_DIST_STRIP=      -p1
 PLIST.suhosin=         yes
 MESSAGE_SRC=           ${.CURDIR}/../../lang/php53/MESSAGE
diff -r 7c91f409be58 -r cf4519d1eb36 lang/php53/distinfo
--- a/lang/php53/distinfo       Sat Jul 24 22:23:14 2010 +0000
+++ b/lang/php53/distinfo       Sat Jul 24 22:23:37 2010 +0000
@@ -1,13 +1,13 @@
-$NetBSD: distinfo,v 1.5 2010/06/13 22:44:51 wiz Exp $
+$NetBSD: distinfo,v 1.6 2010/07/24 22:23:37 tron Exp $
 
-SHA1 (php-5.3.2/php-5.3.2.tar.bz2) = 79ea4ee3da3a7542d1e348ac963a5b38bcbb4b6b
-RMD160 (php-5.3.2/php-5.3.2.tar.bz2) = 60a8aac0d51511ecaf8dcad9d31bdf072c0c99cf
-Size (php-5.3.2/php-5.3.2.tar.bz2) = 10477662 bytes
-SHA1 (php-5.3.2/suhosin-patch-5.3.2-0.9.9.1.patch.gz) = c48d3f24341d3b0214ca3e980320b23864aa93ba
-RMD160 (php-5.3.2/suhosin-patch-5.3.2-0.9.9.1.patch.gz) = 64d8b7ec2ec91fd7a43b0cd95c0aa0df5b666768
-Size (php-5.3.2/suhosin-patch-5.3.2-0.9.9.1.patch.gz) = 40847 bytes
+SHA1 (php-5.3.3/php-5.3.3.tar.bz2) = 9f66716b341119e4e4f8fe3d81b7d0a5daf3cbc8
+RMD160 (php-5.3.3/php-5.3.3.tar.bz2) = 9edb51663feac9b787f8382012893f1ac98fec6a
+Size (php-5.3.3/php-5.3.3.tar.bz2) = 10662227 bytes
+SHA1 (php-5.3.3/suhosin-patch-5.3.3-0.9.10.patch.gz) = 76675242cfdeff763767900213346af622002490
+RMD160 (php-5.3.3/suhosin-patch-5.3.3-0.9.10.patch.gz) = 8dcd8b51ea0357b6cc51e70e495e18f341c62f7c
+Size (php-5.3.3/suhosin-patch-5.3.3-0.9.10.patch.gz) = 41298 bytes
 SHA1 (patch-aa) = f51491af7c577f36979fc07d52b5857368392e09
-SHA1 (patch-ab) = 07c1a5463a302ea155aba10da0d6b0ee0aee43a8
+SHA1 (patch-ab) = 8ac388f50afc03f3f4eacbfed42ae295a2e8d700
 SHA1 (patch-ac) = a896371d3343c07a5cf46c79d9ca9e1b2164797a
 SHA1 (patch-ad) = 1608c58860a43b4e31df8646b5ded253ec9aa881
 SHA1 (patch-ae) = e590db60a60f4e5ef2da4e5edb786335a67a3d56
@@ -16,5 +16,4 @@
 SHA1 (patch-ah) = b20c29c64b3099f77855a5ec28960dc1c4f65c83
 SHA1 (patch-ai) = d4766893a2c47a4e4a744248dda265b0a9a66a1f
 SHA1 (patch-aj) = d611d13fcc28c5d2b9e9586832ce4b8ae5707b48
-SHA1 (patch-ak) = f80a23158ea9105be47fc90465a1fee46673cc74
 SHA1 (patch-al) = fbbee5502e0cd1c47c6e7c15e0d54746414ec32e
diff -r 7c91f409be58 -r cf4519d1eb36 lang/php53/patches/patch-ab
--- a/lang/php53/patches/patch-ab       Sat Jul 24 22:23:14 2010 +0000
+++ b/lang/php53/patches/patch-ab       Sat Jul 24 22:23:37 2010 +0000
@@ -1,8 +1,8 @@
-$NetBSD: patch-ab,v 1.1.1.1 2010/03/16 15:31:58 taca Exp $
+$NetBSD: patch-ab,v 1.2 2010/07/24 22:23:37 tron Exp $
 
---- configure.orig     2010-03-13 06:01:16.000000000 +0000
-+++ configure
-@@ -12194,7 +12194,7 @@ EOF
+--- configure.orig     2010-07-24 22:35:41.000000000 +0100
++++ configure  2010-07-24 22:39:23.000000000 +0100
+@@ -13778,7 +13778,7 @@
    PHP_VAR_SUBST="$PHP_VAR_SUBST SAPI_CGI_PATH"
  
  
@@ -11,7 +11,7 @@
      
    PHP_SAPI=cgi
    
-@@ -21515,7 +21515,7 @@ fi
+@@ -23206,7 +23206,7 @@
      if test "$found_openssl" = "no"; then
    
      if test "$PHP_OPENSSL_DIR" = "yes"; then
@@ -20,7 +20,16 @@
      fi
  
      for i in $PHP_OPENSSL_DIR; do
-@@ -34398,7 +34398,7 @@ fi
+@@ -25179,7 +25179,7 @@
+     PHP_SQLITE3_CFLAGS="-I@ext_srcdir@/libsqlite $other_flags $threadsafe_flags $debug_flags"
+     
+   
+-    for header_file in ext/sqlite3/libsqlite/sqlite3.h; do
++    for header_file; do
+       
+   
+   unique=`echo $header_file|$SED 's/[^a-zA-Z0-9]/_/g'`
+@@ -36124,7 +36124,7 @@
      if test "$found_openssl" = "no"; then
    
      if test "$PHP_OPENSSL_DIR" = "yes"; then
@@ -29,7 +38,7 @@
      fi
  
      for i in $PHP_OPENSSL_DIR; do
-@@ -48467,7 +48467,7 @@ fi
+@@ -50201,7 +50201,7 @@
      if test "$found_openssl" = "no"; then
    
      if test "$PHP_OPENSSL_DIR" = "yes"; then
@@ -38,7 +47,7 @@
      fi
  
      for i in $PHP_OPENSSL_DIR; do
-@@ -82684,7 +82684,7 @@ fi
+@@ -84421,7 +84421,7 @@
      if test "$found_openssl" = "no"; then
    
      if test "$PHP_OPENSSL_DIR" = "yes"; then
@@ -47,7 +56,7 @@
      fi
  
      for i in $PHP_OPENSSL_DIR; do
-@@ -104623,12 +104623,7 @@ old_CC=$CC
+@@ -107682,12 +107682,7 @@
  if test "$PHP_THREAD_SAFETY" = "yes" && test -n "$ac_cv_pthreads_cflags"; then
    CXXFLAGS="$CXXFLAGS $ac_cv_pthreads_cflags"
    INLINE_CFLAGS="$INLINE_CFLAGS $ac_cv_pthreads_cflags"
diff -r 7c91f409be58 -r cf4519d1eb36 lang/php53/patches/patch-ak
--- a/lang/php53/patches/patch-ak       Sat Jul 24 22:23:14 2010 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,35 +0,0 @@
-$NetBSD: patch-ak,v 1.1 2010/03/27 06:23:13 taca Exp $
-
-Fix for CVE-2010-0397: r296152, r296153 from svn from PHP.
-
---- ext/xmlrpc/xmlrpc-epi-php.c.orig   2010-02-03 20:19:05.000000000 +0000
-+++ ext/xmlrpc/xmlrpc-epi-php.c
-@@ -778,6 +778,7 @@ zval* decode_request_worker(char *xml_in
-       zval* retval = NULL;
-       XMLRPC_REQUEST response;
-       STRUCT_XMLRPC_REQUEST_INPUT_OPTIONS opts = {{0}};
-+      const char *method_name;
-       opts.xml_elem_opts.encoding = encoding_in ? utf8_get_encoding_id_from_string(encoding_in) : ENCODING_DEFAULT;
- 
-       /* generate XMLRPC_REQUEST from raw xml */
-@@ -788,10 +789,16 @@ zval* decode_request_worker(char *xml_in
- 
-               if (XMLRPC_RequestGetRequestType(response) == xmlrpc_request_call) {
-                       if (method_name_out) {
--                              zval_dtor(method_name_out);
--                              Z_TYPE_P(method_name_out) = IS_STRING;
--                              Z_STRVAL_P(method_name_out) = estrdup(XMLRPC_RequestGetMethodName(response));
--                              Z_STRLEN_P(method_name_out) = strlen(Z_STRVAL_P(method_name_out));
-+                              method_name = XMLRPC_RequestGetMethodName(response);
-+                              if (method_name) {
-+                                      zval_dtor(method_name_out);
-+                                      Z_TYPE_P(method_name_out) = IS_STRING;
-+                                      Z_STRVAL_P(method_name_out) = estrdup(method_name);
-+                                      Z_STRLEN_P(method_name_out) = strlen(Z_STRVAL_P(method_name_out));
-+                              } else if (retval) {
-+                                      zval_ptr_dtor(&retval);
-+                                      retval = NULL;
-+                              }
-                       }
-               }
- 



Home | Main Index | Thread Index | Old Index