Pullup ticket #4427 - requested by taca
lang/php55: security update
Revisions pulled up:
- lang/php/phpversion.mk 1.63
- lang/php55/Makefile.php 1.3
- lang/php55/distinfo 1.22
---
Module Name: pkgsrc
Committed By: taca
Date: Sat May 31 04:26:40 UTC 2014
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php55: Makefile.php distinfo
Log Message:
Update php55 to 5.5.13, contains fix for CVE-2014-0237 and CVE-2014-0238.
29 May 2014, PHP 5.5.13
- CLI server:
. Fixed bug #67079 (Missing MIME types for XML/XSL files). (Anatol)
- COM:
. Fixed bug #66431 (Special Character via COM Interface (CP_UTF8)). (Anatol)
- Core:
. Fixed bug #65701 (copy() doesn't work when destination filename is created
by tempnam()). (Boro Sitnikovski)
. Fixed bug #67072 (Echoing unserialized "SplFileObject" crash). (Anatol)
. Fixed bug #67245 (usage of memcpy() with overlapping src and dst in
zend_exceptions.c). (Bob)
. Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas)
. Fixed bug #67249 (printf out-of-bounds read). (Stas)
. Fixed bug #67250 (iptcparse out-of-bounds read). (Stas)
. Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas)
- Curl:
. Fixed bug #64247 (CURLOPT_INFILE doesn't allow reset). (Mike)
- Date:
. Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol)
. Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas)
. Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas)
- DOM:
. Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag,
not only the subset). (Anatol)
- Fileinfo:
. Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol)
. Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS) (CVE-2014-0238).
. Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in
performance degradation) (CVE-2014-0237).
- FPM:
. Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor).
(Julio Pintos)
- GD:
. Fixed bug #67248 (imageaffinematrixget missing check of parameters). (Stas)
- PCRE:
. Fixed bug #67238 (Ungreedy and min/max quantifier bug, applied patch
from the upstream). (Anatol)
- Phar:
. Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent
in its name). (PR #588)
(tron)
diff -r1.58.2.1 -r1.58.2.2 pkgsrc/lang/php/phpversion.mk| @@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
| 1 | # $NetBSD: phpversion.mk,v 1.58.2.1 2014/06/01 13:20:22 spz Exp $ | 1 | # $NetBSD: phpversion.mk,v 1.58.2.2 2014/06/02 15:33:45 tron Exp $ | |
| 2 | # | 2 | # | |
| 3 | # This file selects a PHP version, based on the user's preferences and | 3 | # This file selects a PHP version, based on the user's preferences and | |
| 4 | # the installed packages. It does not add a dependency on the PHP | 4 | # the installed packages. It does not add a dependency on the PHP | |
| 5 | # package. | 5 | # package. | |
| 6 | # | 6 | # | |
| 7 | # === User-settable variables === | 7 | # === User-settable variables === | |
| 8 | # | 8 | # | |
| 9 | # PHP_VERSION_DEFAULT | 9 | # PHP_VERSION_DEFAULT | |
| 10 | # The PHP version to choose when more than one is acceptable to | 10 | # The PHP version to choose when more than one is acceptable to | |
| 11 | # the package. | 11 | # the package. | |
| 12 | # | 12 | # | |
| 13 | # Possible: 53 54 55 | 13 | # Possible: 53 54 55 | |
| 14 | # Default: 54 | 14 | # Default: 54 | |
| @@ -73,27 +73,27 @@ | @@ -73,27 +73,27 @@ | |||
| 73 | # initial release of major version. | 73 | # initial release of major version. | |
| 74 | # | 74 | # | |
| 75 | # Example: lib/php/20090630 | 75 | # Example: lib/php/20090630 | |
| 76 | # | 76 | # | |
| 77 | # Keywords: php | 77 | # Keywords: php | |
| 78 | # | 78 | # | |
| 79 | 79 | |||
| 80 | .if !defined(PHPVERSION_MK) | 80 | .if !defined(PHPVERSION_MK) | |
| 81 | PHPVERSION_MK= defined | 81 | PHPVERSION_MK= defined | |
| 82 | 82 | |||
| 83 | # Define each PHP's version. | 83 | # Define each PHP's version. | |
| 84 | PHP53_VERSION= 5.3.28 | 84 | PHP53_VERSION= 5.3.28 | |
| 85 | PHP54_VERSION= 5.4.28 | 85 | PHP54_VERSION= 5.4.28 | |
| 86 | PHP55_VERSION= 5.5.12 | 86 | PHP55_VERSION= 5.5.13 | |
| 87 | 87 | |||
| 88 | # Define initial release of major version. | 88 | # Define initial release of major version. | |
| 89 | PHP53_RELDATE= 20090630 | 89 | PHP53_RELDATE= 20090630 | |
| 90 | PHP54_RELDATE= 20120301 | 90 | PHP54_RELDATE= 20120301 | |
| 91 | PHP55_RELDATE= 20130620 | 91 | PHP55_RELDATE= 20130620 | |
| 92 | 92 | |||
| 93 | _VARGROUPS+= php | 93 | _VARGROUPS+= php | |
| 94 | _USER_VARS.php= PHP_VERSION_DEFAULT | 94 | _USER_VARS.php= PHP_VERSION_DEFAULT | |
| 95 | _PKG_VARS.php= PHP_VERSIONS_ACCEPTED PHP_VERSION_REQD | 95 | _PKG_VARS.php= PHP_VERSIONS_ACCEPTED PHP_VERSION_REQD | |
| 96 | _SYS_VARS.php= PKG_PHP_VERSION PKG_PHP PHPPKGSRCDIR PHP_PKG_PREFIX \ | 96 | _SYS_VARS.php= PKG_PHP_VERSION PKG_PHP PHPPKGSRCDIR PHP_PKG_PREFIX \ | |
| 97 | PKG_PHP_MAJOR_VERS | 97 | PKG_PHP_MAJOR_VERS | |
| 98 | 98 | |||
| 99 | .include "../../mk/bsd.prefs.mk" | 99 | .include "../../mk/bsd.prefs.mk" |
| @@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
| 1 | # $NetBSD: Makefile.php,v 1.2 2013/08/31 12:31:10 adam Exp $ | 1 | # $NetBSD: Makefile.php,v 1.2.6.1 2014/06/02 15:33:45 tron Exp $ | |
| 2 | # used by lang/php55/Makefile | 2 | # used by lang/php55/Makefile | |
| 3 | # used by www/ap-php/Makefile | 3 | # used by www/ap-php/Makefile | |
| 4 | # used by www/php-fpm/Makefile | 4 | # used by www/php-fpm/Makefile | |
| 5 | 5 | |||
| 6 | .include "../../lang/php55/Makefile.common" | 6 | .include "../../lang/php55/Makefile.common" | |
| 7 | 7 | |||
| 8 | DISTINFO_FILE= ${.CURDIR}/../../lang/php55/distinfo | 8 | DISTINFO_FILE= ${.CURDIR}/../../lang/php55/distinfo | |
| 9 | PATCHDIR= ${.CURDIR}/../../lang/php55/patches | 9 | PATCHDIR= ${.CURDIR}/../../lang/php55/patches | |
| 10 | 10 | |||
| 11 | USE_LIBTOOL= YES | 11 | USE_LIBTOOL= YES | |
| 12 | USE_LANGUAGES= c c++ | 12 | USE_LANGUAGES= c c++ | |
| 13 | GNU_CONFIGURE= YES | 13 | GNU_CONFIGURE= YES | |
| 14 | BUILD_DEFS+= VARBASE | 14 | BUILD_DEFS+= VARBASE | |
| @@ -31,29 +31,27 @@ CONFIGURE_ARGS+= --without-pear | @@ -31,29 +31,27 @@ CONFIGURE_ARGS+= --without-pear | |||
| 31 | #CONFIGURE_ARGS+= --without-intl | 31 | #CONFIGURE_ARGS+= --without-intl | |
| 32 | 32 | |||
| 33 | CONFIGURE_ARGS+= --disable-posix | 33 | CONFIGURE_ARGS+= --disable-posix | |
| 34 | CONFIGURE_ARGS+= --disable-dom | 34 | CONFIGURE_ARGS+= --disable-dom | |
| 35 | CONFIGURE_ARGS+= --disable-opcache | 35 | CONFIGURE_ARGS+= --disable-opcache | |
| 36 | CONFIGURE_ARGS+= --disable-pdo | 36 | CONFIGURE_ARGS+= --disable-pdo | |
| 37 | CONFIGURE_ARGS+= --disable-json | 37 | CONFIGURE_ARGS+= --disable-json | |
| 38 | 38 | |||
| 39 | CONFIGURE_ARGS+= --enable-cgi | 39 | CONFIGURE_ARGS+= --enable-cgi | |
| 40 | CONFIGURE_ARGS+= --enable-xml | 40 | CONFIGURE_ARGS+= --enable-xml | |
| 41 | CONFIGURE_ARGS+= --with-libxml-dir=${PREFIX} | 41 | CONFIGURE_ARGS+= --with-libxml-dir=${PREFIX} | |
| 42 | .include "../../textproc/libxml2/buildlink3.mk" | 42 | .include "../../textproc/libxml2/buildlink3.mk" | |
| 43 | 43 | |||
| 44 | # Note: This expression is the same as ${PKGBASE}, but the latter is | 44 | PKG_OPTIONS_VAR= PKG_OPTIONS.${PHP_PKG_PREFIX} | |
| 45 | # not defined yet, so we cannot use it here. | |||
| 46 | PKG_OPTIONS_VAR= PKG_OPTIONS.${PKGNAME:C/-[0-9].*//} | |||
| 47 | PKG_SUPPORTED_OPTIONS+= inet6 ssl maintainer-zts readline | 45 | PKG_SUPPORTED_OPTIONS+= inet6 ssl maintainer-zts readline | |
| 48 | PKG_SUGGESTED_OPTIONS+= inet6 ssl | 46 | PKG_SUGGESTED_OPTIONS+= inet6 ssl | |
| 49 | 47 | |||
| 50 | .if ${OPSYS} == "SunOS" || ${OPSYS} == "Darwin" || ${OPSYS} == "FreeBSD" | 48 | .if ${OPSYS} == "SunOS" || ${OPSYS} == "Darwin" || ${OPSYS} == "FreeBSD" | |
| 51 | PKG_SUPPORTED_OPTIONS+= dtrace | 49 | PKG_SUPPORTED_OPTIONS+= dtrace | |
| 52 | .endif | 50 | .endif | |
| 53 | 51 | |||
| 54 | .include "../../mk/bsd.options.mk" | 52 | .include "../../mk/bsd.options.mk" | |
| 55 | 53 | |||
| 56 | .if !empty(PKG_OPTIONS:Minet6) | 54 | .if !empty(PKG_OPTIONS:Minet6) | |
| 57 | CONFIGURE_ARGS+= --enable-ipv6 | 55 | CONFIGURE_ARGS+= --enable-ipv6 | |
| 58 | .else | 56 | .else | |
| 59 | CONFIGURE_ARGS+= --disable-ipv6 | 57 | CONFIGURE_ARGS+= --disable-ipv6 |
| @@ -1,18 +1,18 @@ | @@ -1,18 +1,18 @@ | |||
| 1 | $NetBSD: distinfo,v 1.17.2.1 2014/06/01 13:20:22 spz Exp $ | 1 | $NetBSD: distinfo,v 1.17.2.2 2014/06/02 15:33:45 tron Exp $ | |
| 2 | 2 | |||
| 3 | SHA1 (php-5.5.12.tar.bz2) = eaa0b27368f98af2fa9aa6f08d7ea23bdb53c748 | 3 | SHA1 (php-5.5.13.tar.bz2) = b16ff3218d2cc79a5acac577f7560dbb80f205d1 | |
| 4 | RMD160 (php-5.5.12.tar.bz2) = c09c98e85c503cf030b0f215fcab0986945ce7ba | 4 | RMD160 (php-5.5.13.tar.bz2) = 806623a7d78ad1c7efcdd953bfea58075e559aae | |
| 5 | Size (php-5.5.12.tar.bz2) = 13251734 bytes | 5 | Size (php-5.5.13.tar.bz2) = 13274145 bytes | |
| 6 | SHA1 (patch-acinclude.m4) = 9e9c433e4cb96e469f7cf14b2064a0f41fc4568a | 6 | SHA1 (patch-acinclude.m4) = 9e9c433e4cb96e469f7cf14b2064a0f41fc4568a | |
| 7 | SHA1 (patch-aclocal.m4) = 14ae2898e1d68b552e76a7e4ee7006f1aee1f932 | 7 | SHA1 (patch-aclocal.m4) = 14ae2898e1d68b552e76a7e4ee7006f1aee1f932 | |
| 8 | SHA1 (patch-build_libtool.m4) = 6ee935c55cc01704c6e9edb4e383b2ddb7c746e7 | 8 | SHA1 (patch-build_libtool.m4) = 6ee935c55cc01704c6e9edb4e383b2ddb7c746e7 | |
| 9 | SHA1 (patch-configure) = 7b4bef368e6709c26c0db31a4c7ebc04e4d55e9c | 9 | SHA1 (patch-configure) = 7b4bef368e6709c26c0db31a4c7ebc04e4d55e9c | |
| 10 | SHA1 (patch-ext_gd_config.m4) = 91c9798333d4776856a0a9e20196986856b758b2 | 10 | SHA1 (patch-ext_gd_config.m4) = 91c9798333d4776856a0a9e20196986856b758b2 | |
| 11 | SHA1 (patch-ext_gd_libgd_gdxpm.c) = 9a175417fad9ac23037a24122f8d1258b9eebbcb | 11 | SHA1 (patch-ext_gd_libgd_gdxpm.c) = 9a175417fad9ac23037a24122f8d1258b9eebbcb | |
| 12 | SHA1 (patch-ext_imap_config.m4) = 01681e8b54ee586ec4db72a5da2d0aec3fa89fcc | 12 | SHA1 (patch-ext_imap_config.m4) = 01681e8b54ee586ec4db72a5da2d0aec3fa89fcc | |
| 13 | SHA1 (patch-ext_mssql_php__mssql.c) = 4ef1837850443e9db2e71620a3ddaed5ab5c435b | 13 | SHA1 (patch-ext_mssql_php__mssql.c) = 4ef1837850443e9db2e71620a3ddaed5ab5c435b | |
| 14 | SHA1 (patch-ext_opcache_config.m4) = 7c0d98feaeec8a0ca61f6f77a1906aa2d601be3f | 14 | SHA1 (patch-ext_opcache_config.m4) = 7c0d98feaeec8a0ca61f6f77a1906aa2d601be3f | |
| 15 | SHA1 (patch-ext_pdo__mysql_config.m4) = 3526e737da25129710218e7141d5a05ae0a51390 | 15 | SHA1 (patch-ext_pdo__mysql_config.m4) = 3526e737da25129710218e7141d5a05ae0a51390 | |
| 16 | SHA1 (patch-ext_pdo_config.m4) = 26a4ad02e5c6b7a54c3c54a6d026a3ccfed62c59 | 16 | SHA1 (patch-ext_pdo_config.m4) = 26a4ad02e5c6b7a54c3c54a6d026a3ccfed62c59 | |
| 17 | SHA1 (patch-ext_phar_Makefile.frag) = 1af23d9135557bc7ba2f3627b317d4cbef37aaba | 17 | SHA1 (patch-ext_phar_Makefile.frag) = 1af23d9135557bc7ba2f3627b317d4cbef37aaba | |
| 18 | SHA1 (patch-ext_phar_phar_phar.php) = 011f2d68048dbc63f5efcab4e23062daa9e8e08c | 18 | SHA1 (patch-ext_phar_phar_phar.php) = 011f2d68048dbc63f5efcab4e23062daa9e8e08c |