Thu May 15 09:56:31 2008 UTC ()

pullup ticket #2378 - requested by adrianp
php5: many security fixes

revisions pulled up:
- pkgsrc/lang/php5/Makefile		1.64
- pkgsrc/lang/php5/Makefile.common	1.29
- pkgsrc/lang/php5/distinfo		1.52

   Module Name:	pkgsrc
   Committed By:	adrianp
   Date:		Sun May  4 16:50:44 UTC 2008

   Modified Files:
   	pkgsrc/lang/php5: Makefile Makefile.common distinfo

   Log Message:
   Security Enhancements and Fixes in PHP 5.2.6:

   Fixed possible stack buffer overflow in the FastCGI SAPI identified by Andrei Nigmatulin.
   Fixed integer overflow in printf() identified by Maksymilian Aciemowicz.
   Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh.
   Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
   Properly address incomplete multibyte chars inside escapeshellcmd() identified by Stefan Esser.
   Upgraded bundled PCRE to version 7.6

   Key enhancements in PHP 5.2.6 include:
   * Fixed two possible crashes inside the posix extension.
   * Fixed bug 44069 (Huge memory usage with concatenation using . instead of .=)
   * Fixed bug 44141 (private parent constructor callable through static function).
   * Fixed bug 43589 (a possible infinite loop in bz2_filter.c).
   * Fixed bug 43450 (Memory leak on some functions with implicit object __toString() call).
   * Fixed bug 43201 (Crash on using uninitialized vals and __get/__set).
   * Fixed bug 42978 (mismatch between number of bound params and values causes a crash in pdo_pgsql).
   * Fixed bug 42937 (__call() method not invoked when methods are called on parent from child class).
   * Fixed bug 42736 (xmlrpc_server_call_method() crashes).
   * Fixed bug 42369 (Implicit conversion to string leaks memory).
   * Fixed bug 41562 (SimpleXML memory issue).
   * Over 120 bug fixes.


(rtr)

diff -r1.63 -r1.63.2.1 pkgsrc/lang/php5/Makefile
diff -r1.28 -r1.28.4.1 pkgsrc/lang/php5/Makefile.common
diff -r1.51 -r1.51.2.1 pkgsrc/lang/php5/distinfo

--- pkgsrc/lang/php5/Attic/Makefile 2008/01/18 05:06:44 1.63
+++ pkgsrc/lang/php5/Attic/Makefile 2008/05/15 09:56:31 1.63.2.1

 @@ -1,17 +1,16 @@
-# $NetBSD: Makefile,v 1.63 2008/01/18 05:06:44 tnn Exp $
+# $NetBSD: Makefile,v 1.63.2.1 2008/05/15 09:56:31 rtr Exp $
 PKGNAME=		php-${PHP_BASE_VERS}
 PKGREVISION=		1
 CATEGORIES=		lang
 HOMEPAGE=		http://www.php.net/
 COMMENT=		PHP Hypertext Preprocessor version 5
 TEST_TARGET=		test
 PKG_DESTDIR_SUPPORT=	user-destdir
 USE_TOOLS+=		gmake lex
 LIBTOOL_OVERRIDE=	# empty
 PKG_OPTIONS_REQUIRED_GROUPS+=	sapi
 PKG_OPTIONS_GROUP.sapi=	cgi fastcgi

--- pkgsrc/lang/php5/Attic/Makefile.common 2007/11/23 13:20:00 1.28
+++ pkgsrc/lang/php5/Attic/Makefile.common 2008/05/15 09:56:31 1.28.4.1

 @@ -1,28 +1,28 @@
-# $NetBSD: Makefile.common,v 1.28 2007/11/23 13:20:00 adrianp Exp $
+# $NetBSD: Makefile.common,v 1.28.4.1 2008/05/15 09:56:31 rtr Exp $
 .if !defined(DISTNAME)
 DISTNAME=		php-${PHP_BASE_VERS}
 DIST_SUBDIR=		${DISTNAME}
 .endif
 CATEGORIES+=		www
 .if !defined(PECL_VERSION)
 MASTER_SITES?=		http://www.php.net/distributions/ \
 			http://php3.de/distributions/
 EXTRACT_SUFX?=		.tar.bz2
 .endif
 MAINTAINER?=		jdolecek@NetBSD.org
 HOMEPAGE?=		http://www.php.net/
-PHP_BASE_VERS=		5.2.5
+PHP_BASE_VERS=		5.2.6
 PHP_EXTENSION_DIR=	lib/php/20040412
 PLIST_SUBST+=		PHP_EXTENSION_DIR=${PHP_EXTENSION_DIR:Q}
 PKG_SYSCONFVAR?=	php
 # needed due to (broken?) configure checks in php-xmlrpc and php5-dom
 CONFIGURE_ENV+=		PHP_LIBXML_SHARED="1"
 .include "../../mk/bsd.prefs.mk"

--- pkgsrc/lang/php5/Attic/distinfo 2008/03/04 18:58:52 1.51
+++ pkgsrc/lang/php5/Attic/distinfo 2008/05/15 09:56:31 1.51.2.1

 @@ -1,15 +1,15 @@
-$NetBSD: distinfo,v 1.51 2008/03/04 18:58:52 sborrill Exp $
+$NetBSD: distinfo,v 1.51.2.1 2008/05/15 09:56:31 rtr Exp $
-SHA1 (php-5.2.5/php-5.2.5.tar.bz2) = 6b46fd095891183b328163b70cdb5acd30a24b7a
+SHA1 (php-5.2.6/php-5.2.6.tar.bz2) = 2a2b1afa657a7739a23784c869d57c3e0a7ad6b4
-RMD160 (php-5.2.5/php-5.2.5.tar.bz2) = 2d5755f2ae8884e80f0a5c70e8fdfdb6deed46bc
+RMD160 (php-5.2.6/php-5.2.6.tar.bz2) = 27f730d4b1ceb1c42ff03618dbfa0dc87a00990b
-Size (php-5.2.5/php-5.2.5.tar.bz2) = 7773024 bytes
+Size (php-5.2.6/php-5.2.6.tar.bz2) = 9571312 bytes
 SHA1 (patch-aa) = 20bc3831e435182d014b11ae9f1f6c537a21af20
 SHA1 (patch-ad) = b324c33b1e70adee5b89dcecdd7690dcadcc18ec
 SHA1 (patch-ag) = 4ccb67ba6f5370b1d16b087e3e714de3e5ae604e
 SHA1 (patch-ah) = c7cbd4b9ea0796ea3b7491c2cffb6ddddc518587
 SHA1 (patch-aj) = 54812097499c81e5cb0196ab949cc86a4f24a9cc
 SHA1 (patch-ak) = e3c654de196dc4b693b2d95e3ee131fa147125bc
 SHA1 (patch-al) = 0ee37782cc0d3bf5ede1a583de0589c2c1316b50
 SHA1 (patch-an) = f07a08f8ee1a18f6371af9bd6c482d936e9220e4
 SHA1 (patch-ap) = 5eb0e0e4244a993da93e36f8fcb5553454207fce
 SHA1 (patch-aq) = 0c9d48547da2fa80aa8357d23ad8505d1c0330df