Sat Apr 5 03:43:40 2014 UTC ()
Update php54 to 5.4.27.  CVE-2013-7345 is already fixed in 5.4.26nb2.

03 Apr 2014, PHP 5.4.27

- Core:
  . Fixed bug #60602 (proc_open() changes environment array) (Tjerk)

- Fileinfo:
  . Fixed bug #66946 (fileinfo: extensive backtracking in awk rule regular
    expression). (CVE-2013-7345) (Remi)

- FPM:
  . Added clear_env configuration directive to disable clearenv() call.
  (Github PR# 598, Paul Annesley)

- GMP
  . fixed bug#66872 (invalid argument crashes gmp_testbit) (Pierre)

- Mail:
  . Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script) (Tjerk)

- MySQLi:
  . Fixed bug #66762 (Segfault in mysqli_stmt::bind_result() when link closed)
  (Remi)

- Openssl:
  . Fixed bug #66833 (Default disgest algo is still MD5, switch to SHA1). (Remi)


(taca)
diff -r1.59 -r1.60 pkgsrc/lang/php/phpversion.mk
diff -r1.20 -r1.21 pkgsrc/lang/php54/Makefile
diff -r1.6 -r1.7 pkgsrc/lang/php54/Makefile.php
diff -r1.36 -r1.37 pkgsrc/lang/php54/distinfo
diff -r1.1 -r0 pkgsrc/lang/php54/patches/patch-ext_fileinfo_data__file.c
diff -r1.2 -r1.3 pkgsrc/lang/php54/patches/patch-php.ini-development
diff -r1.2 -r1.3 pkgsrc/lang/php54/patches/patch-php.ini-production
cvs diff -r1.59 -r1.60 pkgsrc/lang/php/phpversion.mk (expand / switch to unified diff)

--- pkgsrc/lang/php/phpversion.mk 2014/04/04 03:04:59 1.59
+++ pkgsrc/lang/php/phpversion.mk 2014/04/05 03:43:40 1.60
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1# $NetBSD: phpversion.mk,v 1.59 2014/04/04 03:04:59 taca Exp $ 1# $NetBSD: phpversion.mk,v 1.60 2014/04/05 03:43:40 taca Exp $
2# 2#
3# This file selects a PHP version, based on the user's preferences and 3# This file selects a PHP version, based on the user's preferences and
4# the installed packages. It does not add a dependency on the PHP 4# the installed packages. It does not add a dependency on the PHP
5# package. 5# package.
6# 6#
7# === User-settable variables === 7# === User-settable variables ===
8# 8#
9# PHP_VERSION_DEFAULT 9# PHP_VERSION_DEFAULT
10# The PHP version to choose when more than one is acceptable to 10# The PHP version to choose when more than one is acceptable to
11# the package. 11# the package.
12# 12#
13# Possible: 53 54 55 13# Possible: 53 54 55
14# Default: 54 14# Default: 54
@@ -72,27 +72,27 @@ @@ -72,27 +72,27 @@
72# Relative path to ${PREFIX} for PHP's extensions. It is derived from 72# Relative path to ${PREFIX} for PHP's extensions. It is derived from
73# initial release of major version. 73# initial release of major version.
74# 74#
75# Example: lib/php/20090630 75# Example: lib/php/20090630
76# 76#
77# Keywords: php 77# Keywords: php
78# 78#
79 79
80.if !defined(PHPVERSION_MK) 80.if !defined(PHPVERSION_MK)
81PHPVERSION_MK= defined 81PHPVERSION_MK= defined
82 82
83# Define each PHP's version. 83# Define each PHP's version.
84PHP53_VERSION= 5.3.28 84PHP53_VERSION= 5.3.28
85PHP54_VERSION= 5.4.26 85PHP54_VERSION= 5.4.27
86PHP55_VERSION= 5.5.11 86PHP55_VERSION= 5.5.11
87 87
88# Define initial release of major version. 88# Define initial release of major version.
89PHP53_RELDATE= 20090630 89PHP53_RELDATE= 20090630
90PHP54_RELDATE= 20120301 90PHP54_RELDATE= 20120301
91PHP55_RELDATE= 20130620 91PHP55_RELDATE= 20130620
92 92
93_VARGROUPS+= php 93_VARGROUPS+= php
94_USER_VARS.php= PHP_VERSION_DEFAULT 94_USER_VARS.php= PHP_VERSION_DEFAULT
95_PKG_VARS.php= PHP_VERSIONS_ACCEPTED PHP_VERSION_REQD 95_PKG_VARS.php= PHP_VERSIONS_ACCEPTED PHP_VERSION_REQD
96_SYS_VARS.php= PKG_PHP_VERSION PKG_PHP PHPPKGSRCDIR PHP_PKG_PREFIX \ 96_SYS_VARS.php= PKG_PHP_VERSION PKG_PHP PHPPKGSRCDIR PHP_PKG_PREFIX \
97 PKG_PHP_MAJOR_VERS 97 PKG_PHP_MAJOR_VERS
98 98
cvs diff -r1.20 -r1.21 pkgsrc/lang/php54/Attic/Makefile (expand / switch to unified diff)

--- pkgsrc/lang/php54/Attic/Makefile 2014/03/29 22:06:06 1.20
+++ pkgsrc/lang/php54/Attic/Makefile 2014/04/05 03:43:40 1.21
@@ -1,20 +1,19 @@ @@ -1,20 +1,19 @@
1# $NetBSD: Makefile,v 1.20 2014/03/29 22:06:06 he Exp $ 1# $NetBSD: Makefile,v 1.21 2014/04/05 03:43:40 taca Exp $
2 2
3# 3#
4# We can't omit PKGNAME here to handle PKG_OPTIONS. 4# We can't omit PKGNAME here to handle PKG_OPTIONS.
5# 5#
6PKGNAME= php-${PHP_BASE_VERS} 6PKGNAME= php-${PHP_BASE_VERS}
7PKGREVISION= 2 
8CATEGORIES= lang 7CATEGORIES= lang
9 8
10HOMEPAGE= http://www.php.net/ 9HOMEPAGE= http://www.php.net/
11COMMENT= PHP Hypertext Preprocessor version 5.4 10COMMENT= PHP Hypertext Preprocessor version 5.4
12LICENSE= php 11LICENSE= php
13 12
14TEST_TARGET= test 13TEST_TARGET= test
15 14
16USE_TOOLS+= gmake lex pkg-config 15USE_TOOLS+= gmake lex pkg-config
17LIBTOOL_OVERRIDE= # empty 16LIBTOOL_OVERRIDE= # empty
18PHP_CHECK_INSTALLED= No 17PHP_CHECK_INSTALLED= No
19 18
20PHP_VERSIONS_ACCEPTED= 54 19PHP_VERSIONS_ACCEPTED= 54
cvs diff -r1.6 -r1.7 pkgsrc/lang/php54/Attic/Makefile.php (expand / switch to unified diff)

--- pkgsrc/lang/php54/Attic/Makefile.php 2013/07/21 17:29:47 1.6
+++ pkgsrc/lang/php54/Attic/Makefile.php 2014/04/05 03:43:40 1.7
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1# $NetBSD: Makefile.php,v 1.6 2013/07/21 17:29:47 taca Exp $ 1# $NetBSD: Makefile.php,v 1.7 2014/04/05 03:43:40 taca Exp $
2# used by lang/php54/Makefile 2# used by lang/php54/Makefile
3# used by www/ap-php/Makefile 3# used by www/ap-php/Makefile
4# used by www/php-fpm/Makefile 4# used by www/php-fpm/Makefile
5 5
6.include "../../lang/php54/Makefile.common" 6.include "../../lang/php54/Makefile.common"
7 7
8DISTINFO_FILE= ${.CURDIR}/../../lang/php54/distinfo 8DISTINFO_FILE= ${.CURDIR}/../../lang/php54/distinfo
9PATCHDIR= ${.CURDIR}/../../lang/php54/patches 9PATCHDIR= ${.CURDIR}/../../lang/php54/patches
10 10
11USE_LIBTOOL= YES 11USE_LIBTOOL= YES
12USE_LANGUAGES= c c++ 12USE_LANGUAGES= c c++
13GNU_CONFIGURE= YES 13GNU_CONFIGURE= YES
14BUILD_DEFS+= VARBASE 14BUILD_DEFS+= VARBASE
@@ -62,27 +62,29 @@ CONFIGURE_ARGS+= --disable-ipv6 @@ -62,27 +62,29 @@ CONFIGURE_ARGS+= --disable-ipv6
62 62
63.if !empty(PKG_OPTIONS:Mssl) 63.if !empty(PKG_OPTIONS:Mssl)
64. include "../../security/openssl/buildlink3.mk" 64. include "../../security/openssl/buildlink3.mk"
65. if ${OPSYS} == "SunOS" 65. if ${OPSYS} == "SunOS"
66CONFIGURE_ARGS+= --with-openssl=yes 66CONFIGURE_ARGS+= --with-openssl=yes
67LIBS.SunOS+= -lcrypto 67LIBS.SunOS+= -lcrypto
68. else 68. else
69CONFIGURE_ARGS+= --with-openssl=${BUILDLINK_PREFIX.openssl} 69CONFIGURE_ARGS+= --with-openssl=${BUILDLINK_PREFIX.openssl}
70. endif 70. endif
71.else 71.else
72CONFIGURE_ARGS+= --without-openssl 72CONFIGURE_ARGS+= --without-openssl
73.endif 73.endif
74 74
75.if !empty(PKG_OPTIONS:Mmaintainer-zts) 75.if empty(PKG_OPTIONS:Mmaintainer-zts)
 76CONFIGURE_ARGS+= --disable-maintainer-zts
 77.else
76CONFIGURE_ARGS+= --enable-maintainer-zts 78CONFIGURE_ARGS+= --enable-maintainer-zts
77.endif 79.endif
78 80
79.if !empty(PKG_OPTIONS:Mreadline) 81.if !empty(PKG_OPTIONS:Mreadline)
80.include "../../devel/readline/buildlink3.mk" 82.include "../../devel/readline/buildlink3.mk"
81CONFIGURE_ARGS+= --with-readline=${BUILDLINK_PREFIX.readline} 83CONFIGURE_ARGS+= --with-readline=${BUILDLINK_PREFIX.readline}
82.else 84.else
83CONFIGURE_ARGS+= --without-readline 85CONFIGURE_ARGS+= --without-readline
84.endif 86.endif
85 87
86.if !empty(PKG_OPTIONS:Mdtrace) 88.if !empty(PKG_OPTIONS:Mdtrace)
87PLIST.dtrace= yes 89PLIST.dtrace= yes
88CONFIGURE_ARGS+= --enable-dtrace 90CONFIGURE_ARGS+= --enable-dtrace
cvs diff -r1.36 -r1.37 pkgsrc/lang/php54/Attic/distinfo (expand / switch to unified diff)

--- pkgsrc/lang/php54/Attic/distinfo 2014/03/29 22:06:06 1.36
+++ pkgsrc/lang/php54/Attic/distinfo 2014/04/05 03:43:40 1.37
@@ -1,23 +1,22 @@ @@ -1,23 +1,22 @@
1$NetBSD: distinfo,v 1.36 2014/03/29 22:06:06 he Exp $ 1$NetBSD: distinfo,v 1.37 2014/04/05 03:43:40 taca Exp $
2 2
3SHA1 (php-5.4.26.tar.bz2) = d8b309f4891e2a0a8061a518162fa267e0304a01 3SHA1 (php-5.4.27.tar.bz2) = 798f2a803d81b386da62e1986ac0f743ecb6c3be
4RMD160 (php-5.4.26.tar.bz2) = 5714914bd6704234b87b28faa66ded286f35e712 4RMD160 (php-5.4.27.tar.bz2) = 22daa29c54ee1cf7219d16b66f49e7aab774a52d
5Size (php-5.4.26.tar.bz2) = 12270535 bytes 5Size (php-5.4.27.tar.bz2) = 12272737 bytes
6SHA1 (patch-acinclude.m4) = 71635e5381abf99a9fc9f2537b1c2f18e8096f00 6SHA1 (patch-acinclude.m4) = 71635e5381abf99a9fc9f2537b1c2f18e8096f00
7SHA1 (patch-aclocal.m4) = eae2ed8ea2985933c4fe88ba52577c14ac88eb92 7SHA1 (patch-aclocal.m4) = eae2ed8ea2985933c4fe88ba52577c14ac88eb92
8SHA1 (patch-build_libtool.m4) = 6dfef7c07a42dc54611c104265ef43c50a4e88ca 8SHA1 (patch-build_libtool.m4) = 6dfef7c07a42dc54611c104265ef43c50a4e88ca
9SHA1 (patch-configure) = 361f943d4aa2ef18335091f3c7ebcc5c17b37810 9SHA1 (patch-configure) = 361f943d4aa2ef18335091f3c7ebcc5c17b37810
10SHA1 (patch-ext_fileinfo_data__file.c) = 2e7c20a09e028c2c0ec6be8e1c3278646058c149 
11SHA1 (patch-ext_gd_config.m4) = 2353efe6f25e1081b41d61033c3185cc643c7891 10SHA1 (patch-ext_gd_config.m4) = 2353efe6f25e1081b41d61033c3185cc643c7891
12SHA1 (patch-ext_imap_config.m4) = 01681e8b54ee586ec4db72a5da2d0aec3fa89fcc 11SHA1 (patch-ext_imap_config.m4) = 01681e8b54ee586ec4db72a5da2d0aec3fa89fcc
13SHA1 (patch-ext_mssql_php__mssql.c) = 732e48b05086180585a3087c2e9737db557dbc3b 12SHA1 (patch-ext_mssql_php__mssql.c) = 732e48b05086180585a3087c2e9737db557dbc3b
14SHA1 (patch-ext_pdo__mysql_config.m4) = 3526e737da25129710218e7141d5a05ae0a51390 13SHA1 (patch-ext_pdo__mysql_config.m4) = 3526e737da25129710218e7141d5a05ae0a51390
15SHA1 (patch-ext_pdo_config.m4) = 26a4ad02e5c6b7a54c3c54a6d026a3ccfed62c59 14SHA1 (patch-ext_pdo_config.m4) = 26a4ad02e5c6b7a54c3c54a6d026a3ccfed62c59
16SHA1 (patch-ext_phar_Makefile.frag) = 1af23d9135557bc7ba2f3627b317d4cbef37aaba 15SHA1 (patch-ext_phar_Makefile.frag) = 1af23d9135557bc7ba2f3627b317d4cbef37aaba
17SHA1 (patch-ext_phar_phar_phar.php) = 011f2d68048dbc63f5efcab4e23062daa9e8e08c 16SHA1 (patch-ext_phar_phar_phar.php) = 011f2d68048dbc63f5efcab4e23062daa9e8e08c
18SHA1 (patch-ext_standard_basic__functions.c) = 563fe67eb78b786cd46195026381ef22128e0841 17SHA1 (patch-ext_standard_basic__functions.c) = 563fe67eb78b786cd46195026381ef22128e0841
19SHA1 (patch-php.ini-development) = e6c4509378e26534d06103751d5616823492e18f 18SHA1 (patch-php.ini-development) = 056a74646cbeb0b2bcfc18463348343d817b54bc
20SHA1 (patch-php.ini-production) = a24a270e27b0163178c4f0ba4aac753794707f21 19SHA1 (patch-php.ini-production) = ac61016e18077a0870b8c8c42e89e3848c26d1f2
21SHA1 (patch-run-tests.php) = ff80b8ad52d7c0a43fa318ed9bffca9d7b3e688d 20SHA1 (patch-run-tests.php) = ff80b8ad52d7c0a43fa318ed9bffca9d7b3e688d
22SHA1 (patch-sapi_cgi_Makefile.frag) = c271096b8565e89a85b0189c6f503f3fb5cd4b27 21SHA1 (patch-sapi_cgi_Makefile.frag) = c271096b8565e89a85b0189c6f503f3fb5cd4b27
23SHA1 (patch-sapi_fpm_php-fpm.conf.in) = 2369bb6a426a7fb47dc73c88f0daa0f6fa67b593 22SHA1 (patch-sapi_fpm_php-fpm.conf.in) = 2369bb6a426a7fb47dc73c88f0daa0f6fa67b593
File Deleted: pkgsrc/lang/php54/patches/Attic/patch-ext_fileinfo_data__file.c
cvs diff -r1.2 -r1.3 pkgsrc/lang/php54/patches/Attic/patch-php.ini-development (expand / switch to unified diff)

--- pkgsrc/lang/php54/patches/Attic/patch-php.ini-development 2014/01/11 17:03:57 1.2
+++ pkgsrc/lang/php54/patches/Attic/patch-php.ini-development 2014/04/05 03:43:40 1.3
@@ -1,33 +1,33 @@ @@ -1,33 +1,33 @@
1$NetBSD: patch-php.ini-development,v 1.2 2014/01/11 17:03:57 taca Exp $ 1$NetBSD: patch-php.ini-development,v 1.3 2014/04/05 03:43:40 taca Exp $
2 2
3--- php.ini-development.orig 2014-01-08 02:57:08.000000000 +0000 3--- php.ini-development.orig 2014-04-02 05:43:49.000000000 +0000
4+++ php.ini-development 4+++ php.ini-development
5@@ -703,7 +703,7 @@ default_mimetype = "text/html" 5@@ -693,7 +693,7 @@ default_mimetype = "text/html"
6 ;;;;;;;;;;;;;;;;;;;;;;;;; 6 ;;;;;;;;;;;;;;;;;;;;;;;;;
7  7
8 ; UNIX: "/path1:/path2" 8 ; UNIX: "/path1:/path2"
9-;include_path = ".:/php/includes" 9-;include_path = ".:/php/includes"
10+include_path = ".:@PREFIX@/lib/php" 10+include_path = ".:@PREFIX@/lib/php"
11 ; 11 ;
12 ; Windows: "\path1;\path2" 12 ; Windows: "\path1;\path2"
13 ;include_path = ".;c:\php\includes" 13 ;include_path = ".;c:\php\includes"
14@@ -724,8 +724,8 @@ doc_root = 14@@ -714,8 +714,8 @@ doc_root =
15 ; http://php.net/user-dir 15 ; http://php.net/user-dir
16 user_dir = 16 user_dir =
17  17
18-; Directory in which the loadable extensions (modules) reside. 18-; Directory in which the loadable extensions (modules) reside.
19-; http://php.net/extension-dir 19-; http://php.net/extension-dir
20+; Directory in which the loadable extensions (modules) reside. If not 20+; Directory in which the loadable extensions (modules) reside. If not
21+; defined, then use the extension directory specified at compile-time. 21+; defined, then use the extension directory specified at compile-time.
22 ; extension_dir = "./" 22 ; extension_dir = "./"
23 ; On windows: 23 ; On windows:
24 ; extension_dir = "ext" 24 ; extension_dir = "ext"
25@@ -794,7 +794,7 @@ file_uploads = On 25@@ -784,7 +784,7 @@ file_uploads = On
26 ; Temporary directory for HTTP uploaded files (will use system default if not 26 ; Temporary directory for HTTP uploaded files (will use system default if not
27 ; specified). 27 ; specified).
28 ; http://php.net/upload-tmp-dir 28 ; http://php.net/upload-tmp-dir
29-;upload_tmp_dir = 29-;upload_tmp_dir =
30+upload_tmp_dir = /tmp 30+upload_tmp_dir = /tmp
31  31
32 ; Maximum allowed size for uploaded files. 32 ; Maximum allowed size for uploaded files.
33 ; http://php.net/upload-max-filesize 33 ; http://php.net/upload-max-filesize
cvs diff -r1.2 -r1.3 pkgsrc/lang/php54/patches/Attic/patch-php.ini-production (expand / switch to unified diff)

--- pkgsrc/lang/php54/patches/Attic/patch-php.ini-production 2014/01/11 17:03:57 1.2
+++ pkgsrc/lang/php54/patches/Attic/patch-php.ini-production 2014/04/05 03:43:40 1.3
@@ -1,33 +1,33 @@ @@ -1,33 +1,33 @@
1$NetBSD: patch-php.ini-production,v 1.2 2014/01/11 17:03:57 taca Exp $ 1$NetBSD: patch-php.ini-production,v 1.3 2014/04/05 03:43:40 taca Exp $
2 2
3--- php.ini-production.orig 2014-01-08 02:57:08.000000000 +0000 3--- php.ini-production.orig 2014-04-02 05:43:49.000000000 +0000
4+++ php.ini-production 4+++ php.ini-production
5@@ -703,7 +703,7 @@ default_mimetype = "text/html" 5@@ -693,7 +693,7 @@ default_mimetype = "text/html"
6 ;;;;;;;;;;;;;;;;;;;;;;;;; 6 ;;;;;;;;;;;;;;;;;;;;;;;;;
7  7
8 ; UNIX: "/path1:/path2" 8 ; UNIX: "/path1:/path2"
9-;include_path = ".:/php/includes" 9-;include_path = ".:/php/includes"
10+include_path = ".:@PREFIX@/lib/php" 10+include_path = ".:@PREFIX@/lib/php"
11 ; 11 ;
12 ; Windows: "\path1;\path2" 12 ; Windows: "\path1;\path2"
13 ;include_path = ".;c:\php\includes" 13 ;include_path = ".;c:\php\includes"
14@@ -724,8 +724,8 @@ doc_root = 14@@ -714,8 +714,8 @@ doc_root =
15 ; http://php.net/user-dir 15 ; http://php.net/user-dir
16 user_dir = 16 user_dir =
17  17
18-; Directory in which the loadable extensions (modules) reside. 18-; Directory in which the loadable extensions (modules) reside.
19-; http://php.net/extension-dir 19-; http://php.net/extension-dir
20+; Directory in which the loadable extensions (modules) reside. If not 20+; Directory in which the loadable extensions (modules) reside. If not
21+; defined, then use the extension directory specified at compile-time. 21+; defined, then use the extension directory specified at compile-time.
22 ; extension_dir = "./" 22 ; extension_dir = "./"
23 ; On windows: 23 ; On windows:
24 ; extension_dir = "ext" 24 ; extension_dir = "ext"
25@@ -794,7 +794,7 @@ file_uploads = On 25@@ -784,7 +784,7 @@ file_uploads = On
26 ; Temporary directory for HTTP uploaded files (will use system default if not 26 ; Temporary directory for HTTP uploaded files (will use system default if not
27 ; specified). 27 ; specified).
28 ; http://php.net/upload-tmp-dir 28 ; http://php.net/upload-tmp-dir
29-;upload_tmp_dir = 29-;upload_tmp_dir =
30+upload_tmp_dir = /tmp 30+upload_tmp_dir = /tmp
31  31
32 ; Maximum allowed size for uploaded files. 32 ; Maximum allowed size for uploaded files.
33 ; http://php.net/upload-max-filesize 33 ; http://php.net/upload-max-filesize