pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2009Q3]: pkgsrc Pullup ticket 2955 - requested by taca



details:   https://anonhg.NetBSD.org/pkgsrc/rev/21c7b544387e
branches:  pkgsrc-2009Q3
changeset: 400012:21c7b544387e
user:      spz <spz%pkgsrc.org@localhost>
date:      Wed Dec 23 19:09:51 2009 +0000

description:
Pullup ticket 2955 - requested by taca
security update

Revisions pulled up:
- pkgsrc/lang/php5/Makefile                     1.75
- pkgsrc/lang/php5/Makefile.common              1.39
- pkgsrc/lang/php5/PLIST                        1.25
- pkgsrc/lang/php5/distinfo                     1.71
- pkgsrc/lang/php5/patches/patch-ag             1.4
- pkgsrc/lang/php5/patches/patch-ah             1.3
- pkgsrc/textproc/php5-xsl/Makefile             1.13

Files removed:
pkgsrc/lang/php5/patches/patch-ay
pkgsrc/lang/php5/patches/patch-az
pkgsrc/lang/php5/patches/patch-ba
pkgsrc/lang/php5/patches/patch-bb
pkgsrc/lang/php5/patches/patch-bc
pkgsrc/lang/php5/patches/patch-bd

   -------------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Wed Dec 23 07:07:35 UTC 2009

   Modified Files:
           pkgsrc/lang/php5: Makefile Makefile.common PLIST distinfo
           pkgsrc/lang/php5/patches: patch-ag patch-ah
   Removed Files:
           pkgsrc/lang/php5/patches: patch-ay patch-az patch-ba patch-bb
               patch-bc patch-bd

   Log Message:
   Update lang/php5 to 5.2.12, security update.

   Security Enhancements and Fixes in PHP 5.2.12:

   * Fixed a safe_mode bypass in tempnam() identified by Grzegorz
     Stachowiak. (CVE-2009-3557, Rasmus)
   * Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz
     Stachowiak. (CVE-2009-3558, Rasmus)
   * Added "max_file_uploads" INI directive, which can be set to limit the
     number of file uploads per-request to 20 by default, to prevent possible
     DOS via temporary file exhaustion, identified by Bogdan
     Calin. (CVE-2009-4017, Ilia)
   * Added protection for $_SESSION from interrupt corruption and improved
     "session.save_path" check, identified by Stefan Esser. (CVE-2009-4143,
     Stas)
   * Fixed bug #49785 (insufficient input string validation of
     htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com)

   Key enhancements in PHP 5.2.12 include:

   * Fixed unnecessary invocation of setitimer when timeouts have been
     disabled. (Arvind Srinivasan)
   * Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre)
   * Fixed crash in SQLiteDatabase::ArrayQuery() and
     SQLiteDatabase::SingleQuery() when calling using Reflection. (Felipe)
   * Fixed crash when instantiating PDORow and PDOStatement through
     Reflection. (Felipe)
   * Fixed memory leak in openssl_pkcs12_export_to_file(). (Felipe)
   * Fixed bug #50207 (segmentation fault when concatenating very large strings
     on 64bit linux). (Ilia)
   * Fixed bug #50162 (Memory leak when fetching timestamp column from Oracle
     database). (Felipe)
   * Fixed bug #50006 (Segfault caused by uksort()). (Felipe)
   * Fixed bug #50005 (Throwing through Reflection modified Exception object
     makes segmentation fault). (Felipe)
   * Fixed bug #49174 (crash when extending PDOStatement and trying to set
     queryString property). (Felipe)
   * Fixed bug #49098 (mysqli segfault on error). (Rasmus)
   * Over 50 other bug fixes.


   To generate a diff of this commit:
   cvs rdiff -u -r1.74 -r1.75 pkgsrc/lang/php5/Makefile
   cvs rdiff -u -r1.38 -r1.39 pkgsrc/lang/php5/Makefile.common
   cvs rdiff -u -r1.24 -r1.25 pkgsrc/lang/php5/PLIST
   cvs rdiff -u -r1.70 -r1.71 pkgsrc/lang/php5/distinfo
   cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/php5/patches/patch-ag
   cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/php5/patches/patch-ah
   cvs rdiff -u -r1.2 -r0 pkgsrc/lang/php5/patches/patch-ay \
       pkgsrc/lang/php5/patches/patch-az
   cvs rdiff -u -r1.1 -r0 pkgsrc/lang/php5/patches/patch-ba \
       pkgsrc/lang/php5/patches/patch-bb pkgsrc/lang/php5/patches/patch-bc \
       pkgsrc/lang/php5/patches/patch-bd

   --------------------------------------------------------------------------

   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Wed Dec 23 07:08:31 UTC 2009

   Modified Files:
           pkgsrc/textproc/php5-xsl: Makefile

   Log Message:
   Reset PKGREVISION by implicit update to 5.2.12.


   To generate a diff of this commit:
   cvs rdiff -u -r1.12 -r1.13 pkgsrc/textproc/php5-xsl/Makefile

diffstat:

 lang/php5/Makefile         |    3 +-
 lang/php5/Makefile.common  |    4 +-
 lang/php5/PLIST            |    4 +-
 lang/php5/distinfo         |   24 +-
 lang/php5/patches/patch-ag |   14 +-
 lang/php5/patches/patch-ah |   14 +-
 lang/php5/patches/patch-ay |   17 --
 lang/php5/patches/patch-az |  373 ---------------------------------------------
 lang/php5/patches/patch-ba |   17 --
 lang/php5/patches/patch-bb |   19 --
 lang/php5/patches/patch-bc |   15 -
 lang/php5/patches/patch-bd |   46 -----
 textproc/php5-xsl/Makefile |    3 +-
 13 files changed, 21 insertions(+), 532 deletions(-)

diffs (truncated from 681 to 300 lines):

diff -r 2877609bf550 -r 21c7b544387e lang/php5/Makefile
--- a/lang/php5/Makefile        Sun Dec 20 21:04:35 2009 +0000
+++ b/lang/php5/Makefile        Wed Dec 23 19:09:51 2009 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.72.4.1 2009/11/30 23:10:19 tron Exp $
+# $NetBSD: Makefile,v 1.72.4.2 2009/12/23 19:09:51 spz Exp $
 
 PKGNAME=               php-${PHP_BASE_VERS}
-PKGREVISION=           2
 CATEGORIES=            lang
 HOMEPAGE=              http://www.php.net/
 COMMENT=               PHP Hypertext Preprocessor version 5
diff -r 2877609bf550 -r 21c7b544387e lang/php5/Makefile.common
--- a/lang/php5/Makefile.common Sun Dec 20 21:04:35 2009 +0000
+++ b/lang/php5/Makefile.common Wed Dec 23 19:09:51 2009 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.38 2009/10/09 03:53:06 taca Exp $
+# $NetBSD: Makefile.common,v 1.38.2.1 2009/12/23 19:09:51 spz Exp $
 # used by lang/php5/Makefile.php
 # used by lang/php/ext.mk
 
@@ -46,7 +46,7 @@
 MAINTAINER?=           jdolecek%NetBSD.org@localhost
 HOMEPAGE?=             http://www.php.net/
 
-PHP_BASE_VERS=         5.2.11
+PHP_BASE_VERS=         5.2.12
 
 PHP_EXTENSION_DIR=     lib/php/20040412
 PLIST_SUBST+=          PHP_EXTENSION_DIR=${PHP_EXTENSION_DIR:Q}
diff -r 2877609bf550 -r 21c7b544387e lang/php5/PLIST
--- a/lang/php5/PLIST   Sun Dec 20 21:04:35 2009 +0000
+++ b/lang/php5/PLIST   Wed Dec 23 19:09:51 2009 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.24 2009/09/26 05:40:05 taca Exp $
+@comment $NetBSD: PLIST,v 1.24.2.1 2009/12/23 19:09:51 spz Exp $
 bin/php
 bin/php-config
 bin/phpize
@@ -197,10 +197,10 @@
 include/php/main/streams/php_stream_transport.h
 include/php/main/streams/php_stream_userspace.h
 include/php/main/streams/php_streams_int.h
-include/php/main/win95nt.h
 ${PLIST.suhosin}include/php/main/suhosin_globals.h
 ${PLIST.suhosin}include/php/main/suhosin_logo.h
 ${PLIST.suhosin}include/php/main/suhosin_patch.h
+include/php/main/win95nt.h
 include/php/regex/cclass.h
 include/php/regex/cname.h
 include/php/regex/regex.h
diff -r 2877609bf550 -r 21c7b544387e lang/php5/distinfo
--- a/lang/php5/distinfo        Sun Dec 20 21:04:35 2009 +0000
+++ b/lang/php5/distinfo        Wed Dec 23 19:09:51 2009 +0000
@@ -1,14 +1,14 @@
-$NetBSD: distinfo,v 1.67.2.2 2009/11/30 23:10:20 tron Exp $
+$NetBSD: distinfo,v 1.67.2.3 2009/12/23 19:09:51 spz Exp $
 
-SHA1 (php-5.2.11/php-5.2.11.tar.bz2) = 819c853ce657ef260d4a73b5a21f961115b97eef
-RMD160 (php-5.2.11/php-5.2.11.tar.bz2) = 6aad53dee864ab89f794a9d3c2aa32d435ed5654
-Size (php-5.2.11/php-5.2.11.tar.bz2) = 9030787 bytes
-SHA1 (php-5.2.11/suhosin-patch-5.2.11-0.9.7.patch.gz) = 248419332131efc53f3306c2a57a4b1a9dc92cc1
-RMD160 (php-5.2.11/suhosin-patch-5.2.11-0.9.7.patch.gz) = 0f6d442aace34c221f9fbff42a63e7f3b4489f15
-Size (php-5.2.11/suhosin-patch-5.2.11-0.9.7.patch.gz) = 23050 bytes
+SHA1 (php-5.2.12/php-5.2.12.tar.bz2) = 6605f23b70e3db824047830f08d636e09ec10ff3
+RMD160 (php-5.2.12/php-5.2.12.tar.bz2) = 027f3597fd961d2a95682e2f0738415f8a911371
+Size (php-5.2.12/php-5.2.12.tar.bz2) = 9075161 bytes
+SHA1 (php-5.2.12/suhosin-patch-5.2.11-0.9.7.patch.gz) = 248419332131efc53f3306c2a57a4b1a9dc92cc1
+RMD160 (php-5.2.12/suhosin-patch-5.2.11-0.9.7.patch.gz) = 0f6d442aace34c221f9fbff42a63e7f3b4489f15
+Size (php-5.2.12/suhosin-patch-5.2.11-0.9.7.patch.gz) = 23050 bytes
 SHA1 (patch-aa) = 20bc3831e435182d014b11ae9f1f6c537a21af20
-SHA1 (patch-ag) = 901552355a3d57d9b8e23b31cd0edfd28db8b2bb
-SHA1 (patch-ah) = 7702da73f3a457ee381542b454d19b1f4b421e01
+SHA1 (patch-ag) = 5e3e822657925a77fbccaca63f283863a1cc6d94
+SHA1 (patch-ah) = a25cb7fa3d1f5b9fb99493a4348fdba69d3d4728
 SHA1 (patch-aj) = 54812097499c81e5cb0196ab949cc86a4f24a9cc
 SHA1 (patch-al) = 0ee37782cc0d3bf5ede1a583de0589c2c1316b50
 SHA1 (patch-an) = 8f4174627b8cb5f8bfbc59413c95f71e26b9e602
@@ -16,9 +16,3 @@
 SHA1 (patch-aq) = 0c9d48547da2fa80aa8357d23ad8505d1c0330df
 SHA1 (patch-ar) = 2d74ec926cc00bfbb67d16210af78c33ad9ac38d
 SHA1 (patch-as) = f7ce5caffe2acdd1f8e9fc8ae6c7ba1d8c6a25c1
-SHA1 (patch-ay) = 7ae502db6574a91fcbb487d37c14a5de644b01b6
-SHA1 (patch-az) = 04e69038e693cc72fb0f67ce04dd1778dacb1756
-SHA1 (patch-ba) = d9483f61b19c297eced12ae3d84d5163e33327b4
-SHA1 (patch-bb) = abbc8747e520d3665d3bcccf9c87741ecc6dc210
-SHA1 (patch-bc) = 9cb2e7fcd6f91d3382a69d68a80d72fdb8fbf2a7
-SHA1 (patch-bd) = 85c891ada42c062b365051b43a3b53c33fa39a92
diff -r 2877609bf550 -r 21c7b544387e lang/php5/patches/patch-ag
--- a/lang/php5/patches/patch-ag        Sun Dec 20 21:04:35 2009 +0000
+++ b/lang/php5/patches/patch-ag        Wed Dec 23 19:09:51 2009 +0000
@@ -1,10 +1,8 @@
-$NetBSD: patch-ag,v 1.2.34.1 2009/11/30 23:10:20 tron Exp $
+$NetBSD: patch-ag,v 1.2.34.2 2009/12/23 19:09:51 spz Exp $
 
 * Ajust for pkgsrc.
-* Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017:
-       http://svn.php.net/viewvc?view=revision&revision=289990
 
---- php.ini-dist.orig  2009-02-14 01:55:18.000000000 +0900
+--- php.ini-dist.orig  2009-11-05 13:29:34.000000000 +0000
 +++ php.ini-dist
 @@ -471,7 +471,7 @@ default_mimetype = "text/html"
  ;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -27,7 +25,7 @@
  
  ; Whether or not to enable the dl() function.  The dl() function does NOT work
  ; properly in multithreaded servers, such as IIS or Zeus, and is automatically
-@@ -546,11 +547,13 @@ file_uploads = On
+@@ -546,7 +547,7 @@ file_uploads = On
  
  ; Temporary directory for HTTP uploaded files (will use system default if not
  ; specified).
@@ -36,9 +34,3 @@
  
  ; Maximum allowed size for uploaded files.
  upload_max_filesize = 2M
- 
-+; Maximum number of files that can be uploaded via a single request
-+max_file_uploads = 100
- 
- ;;;;;;;;;;;;;;;;;;
- ; Fopen wrappers ;
diff -r 2877609bf550 -r 21c7b544387e lang/php5/patches/patch-ah
--- a/lang/php5/patches/patch-ah        Sun Dec 20 21:04:35 2009 +0000
+++ b/lang/php5/patches/patch-ah        Wed Dec 23 19:09:51 2009 +0000
@@ -1,10 +1,8 @@
-$NetBSD: patch-ah,v 1.1.36.1 2009/11/30 23:10:20 tron Exp $
+$NetBSD: patch-ah,v 1.1.36.2 2009/12/23 19:09:51 spz Exp $
 
 * Ajust for pkgsrc.
-* Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017:
-       http://svn.php.net/viewvc?view=revision&revision=289990
 
---- php.ini-recommended.orig   2009-03-02 13:44:35.000000000 +0900
+--- php.ini-recommended.orig   2009-11-05 13:29:34.000000000 +0000
 +++ php.ini-recommended
 @@ -522,7 +522,7 @@ default_mimetype = "text/html"
  ;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -27,7 +25,7 @@
  
  ; Whether or not to enable the dl() function.  The dl() function does NOT work
  ; properly in multithreaded servers, such as IIS or Zeus, and is automatically
-@@ -597,11 +598,13 @@ file_uploads = On
+@@ -597,7 +598,7 @@ file_uploads = On
  
  ; Temporary directory for HTTP uploaded files (will use system default if not
  ; specified).
@@ -36,9 +34,3 @@
  
  ; Maximum allowed size for uploaded files.
  upload_max_filesize = 2M
- 
-+; Maximum number of files that can be uploaded via a single request
-+max_file_uploads = 100
- 
- ;;;;;;;;;;;;;;;;;;
- ; Fopen wrappers ;
diff -r 2877609bf550 -r 21c7b544387e lang/php5/patches/patch-ay
--- a/lang/php5/patches/patch-ay        Sun Dec 20 21:04:35 2009 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,17 +0,0 @@
-$NetBSD: patch-ay,v 1.1.2.3 2009/11/30 23:10:20 tron Exp $
-
-* Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546
-       http://svn.php.net/viewvc?view=revision&revision=289557
-
---- ext/gd/libgd/gd_gd.c.orig  2007-08-09 23:21:38.000000000 +0900
-+++ ext/gd/libgd/gd_gd.c
-@@ -39,6 +39,9 @@ int _gdGetColors (gdIOCtx * in, gdImageP
-                       if (!gdGetWord(&im->colorsTotal, in)) {
-                               goto fail1;
-                       }
-+                      if (im->colorsTotal > gdMaxColors) {
-+                              goto fail1;
-+                      }
-               }
-               /* Int to accommodate truecolor single-color transparency */
-               if (!gdGetInt(&im->transparent, in)) {
diff -r 2877609bf550 -r 21c7b544387e lang/php5/patches/patch-az
--- a/lang/php5/patches/patch-az        Sun Dec 20 21:04:35 2009 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,373 +0,0 @@
-$NetBSD$
-
-* Fix for htmlspecialchars():
-       http://svn.php.net/viewvc?view=revision&revision=289411
-       http://svn.php.net/viewvc?view=revision&revision=289554
-       http://svn.php.net/viewvc?view=revision&revision=289565
-       http://svn.php.net/viewvc?view=revision&revision=289567
-       http://svn.php.net/viewvc?view=revision&revision=289605
-
---- ext/standard/html.c.orig   2008-12-31 20:17:49.000000000 +0900
-+++ ext/standard/html.c
-@@ -484,15 +484,31 @@ struct basic_entities_dec {
-                       }                        \
-                       mbseq[mbpos++] = (mbchar); }
- 
--#define CHECK_LEN(pos, chars_need)                    \
--      if((str_len - (pos)) < chars_need) {    \
--              *status = FAILURE;                                      \
--              return 0;                                                       \
-+/* skip one byte and return */
-+#define MB_FAILURE(pos) do {  \
-+              *newpos = pos + 1;              \
-+              *status = FAILURE;              \
-+              return 0;                               \
-+      } while (0)
-+
-+#define CHECK_LEN(pos, chars_need)                            \
-+      if (chars_need < 1) {                                           \
-+              if((str_len - (pos)) < chars_need) {    \
-+                      *newpos = pos;                                          \
-+                      *status = FAILURE;                                      \
-+                      return 0;                                                       \
-+              }                                                                               \
-+      } else {                                                                        \
-+              if((str_len - (pos)) < chars_need) {    \
-+                      *newpos = pos + 1;                                      \
-+                      *status = FAILURE;                                      \
-+                      return 0;                                                       \
-+              }                                                                               \
-       }
- 
- /* {{{ get_next_char
-  */
--inline static unsigned short get_next_char(enum entity_charset charset,
-+inline static unsigned int get_next_char(enum entity_charset charset,
-               unsigned char * str,
-               int str_len,
-               int * newpos,
-@@ -503,205 +519,189 @@ inline static unsigned short get_next_ch
-       int pos = *newpos;
-       int mbpos = 0;
-       int mbspace = *mbseqlen;
--      unsigned short this_char = str[pos++];
-+      unsigned int this_char = 0;
-       unsigned char next_char;
- 
-       *status = SUCCESS;
--      
-+
-       if (mbspace <= 0) {
-               *mbseqlen = 0;
--              return this_char;
-+              CHECK_LEN(pos, 1);
-+              *newpos = pos + 1;
-+              *newpos = pos + 1;
-       }
--      
--      MB_WRITE((unsigned char)this_char);
--      
-+
-       switch (charset) {
-               case cs_utf_8:
-                       {
--                              unsigned long utf = 0;
--                              int stat = 0;
--                              int more = 1;
--
--                              /* unpack utf-8 encoding into a wide char.
--                               * Code stolen from the mbstring extension */
--
--                              do {
--                                      if (this_char < 0x80) {
--                                              more = 0;
--                                              if(stat) {
--                                                      /* we didn't finish the UTF sequence correctly */
--                                                      *status = FAILURE;
--                                              }
--                                              break;
--                                      } else if (this_char < 0xc0) {
--                                              switch (stat) {
--                                                      case 0x10:      /* 2, 2nd */
--                                                      case 0x21:      /* 3, 3rd */
--                                                      case 0x32:      /* 4, 4th */
--                                                      case 0x43:      /* 5, 5th */
--                                                      case 0x54:      /* 6, 6th */
--                                                              /* last byte in sequence */
--                                                              more = 0;
--                                                              utf |= (this_char & 0x3f);
--                                                              this_char = (unsigned short)utf;
--                                                              break;
--                                                      case 0x20:      /* 3, 2nd */
--                                                      case 0x31:      /* 4, 3rd */
--                                                      case 0x42:      /* 5, 4th */
--                                                      case 0x53:      /* 6, 5th */
--                                                              /* penultimate char */
--                                                              utf |= ((this_char & 0x3f) << 6);
--                                                              stat++;
--                                                              break;
--                                                      case 0x30:      /* 4, 2nd */
--                                                      case 0x41:      /* 5, 3rd */
--                                                      case 0x52:      /* 6, 4th */
--                                                              utf |= ((this_char & 0x3f) << 12);
--                                                              stat++;
--                                                              break;
--                                                      case 0x40:      /* 5, 2nd */
--                                                      case 0x51:
--                                                              utf |= ((this_char & 0x3f) << 18);



Home | Main Index | Thread Index | Old Index