Pullup ticket #4427 - requested by taca lang/php55: security update Revisions pulled up: - lang/php/phpversion.mk 1.63 - lang/php55/Makefile.php 1.3 - lang/php55/distinfo 1.22 --- Module Name: pkgsrc Committed By: taca Date: Sat May 31 04:26:40 UTC 2014 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php55: Makefile.php distinfo Log Message: Update php55 to 5.5.13, contains fix for CVE-2014-0237 and CVE-2014-0238. 29 May 2014, PHP 5.5.13 - CLI server: . Fixed bug #67079 (Missing MIME types for XML/XSL files). (Anatol) - COM: . Fixed bug #66431 (Special Character via COM Interface (CP_UTF8)). (Anatol) - Core: . Fixed bug #65701 (copy() doesn't work when destination filename is created by tempnam()). (Boro Sitnikovski) . Fixed bug #67072 (Echoing unserialized "SplFileObject" crash). (Anatol) . Fixed bug #67245 (usage of memcpy() with overlapping src and dst in zend_exceptions.c). (Bob) . Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas) . Fixed bug #67249 (printf out-of-bounds read). (Stas) . Fixed bug #67250 (iptcparse out-of-bounds read). (Stas) . Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas) - Curl: . Fixed bug #64247 (CURLOPT_INFILE doesn't allow reset). (Mike) - Date: . Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol) . Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas) . Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas) - DOM: . Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag, not only the subset). (Anatol) - Fileinfo: . Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol) . Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS) (CVE-2014-0238). . Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in performance degradation) (CVE-2014-0237). - FPM: . Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor). (Julio Pintos) - GD: . Fixed bug #67248 (imageaffinematrixget missing check of parameters). (Stas) - PCRE: . Fixed bug #67238 (Ungreedy and min/max quantifier bug, applied patch from the upstream). (Anatol) - Phar: . Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent in its name). (PR #588)diff -r1.58.2.1 -r1.58.2.2 pkgsrc/lang/php/phpversion.mk
(tron)
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | # $NetBSD: phpversion.mk,v 1.58.2.1 2014/06/01 13:20:22 spz Exp $ | 1 | # $NetBSD: phpversion.mk,v 1.58.2.2 2014/06/02 15:33:45 tron Exp $ | |
2 | # | 2 | # | |
3 | # This file selects a PHP version, based on the user's preferences and | 3 | # This file selects a PHP version, based on the user's preferences and | |
4 | # the installed packages. It does not add a dependency on the PHP | 4 | # the installed packages. It does not add a dependency on the PHP | |
5 | # package. | 5 | # package. | |
6 | # | 6 | # | |
7 | # === User-settable variables === | 7 | # === User-settable variables === | |
8 | # | 8 | # | |
9 | # PHP_VERSION_DEFAULT | 9 | # PHP_VERSION_DEFAULT | |
10 | # The PHP version to choose when more than one is acceptable to | 10 | # The PHP version to choose when more than one is acceptable to | |
11 | # the package. | 11 | # the package. | |
12 | # | 12 | # | |
13 | # Possible: 53 54 55 | 13 | # Possible: 53 54 55 | |
14 | # Default: 54 | 14 | # Default: 54 | |
@@ -73,27 +73,27 @@ | @@ -73,27 +73,27 @@ | |||
73 | # initial release of major version. | 73 | # initial release of major version. | |
74 | # | 74 | # | |
75 | # Example: lib/php/20090630 | 75 | # Example: lib/php/20090630 | |
76 | # | 76 | # | |
77 | # Keywords: php | 77 | # Keywords: php | |
78 | # | 78 | # | |
79 | 79 | |||
80 | .if !defined(PHPVERSION_MK) | 80 | .if !defined(PHPVERSION_MK) | |
81 | PHPVERSION_MK= defined | 81 | PHPVERSION_MK= defined | |
82 | 82 | |||
83 | # Define each PHP's version. | 83 | # Define each PHP's version. | |
84 | PHP53_VERSION= 5.3.28 | 84 | PHP53_VERSION= 5.3.28 | |
85 | PHP54_VERSION= 5.4.28 | 85 | PHP54_VERSION= 5.4.28 | |
86 | PHP55_VERSION= 5.5.12 | 86 | PHP55_VERSION= 5.5.13 | |
87 | 87 | |||
88 | # Define initial release of major version. | 88 | # Define initial release of major version. | |
89 | PHP53_RELDATE= 20090630 | 89 | PHP53_RELDATE= 20090630 | |
90 | PHP54_RELDATE= 20120301 | 90 | PHP54_RELDATE= 20120301 | |
91 | PHP55_RELDATE= 20130620 | 91 | PHP55_RELDATE= 20130620 | |
92 | 92 | |||
93 | _VARGROUPS+= php | 93 | _VARGROUPS+= php | |
94 | _USER_VARS.php= PHP_VERSION_DEFAULT | 94 | _USER_VARS.php= PHP_VERSION_DEFAULT | |
95 | _PKG_VARS.php= PHP_VERSIONS_ACCEPTED PHP_VERSION_REQD | 95 | _PKG_VARS.php= PHP_VERSIONS_ACCEPTED PHP_VERSION_REQD | |
96 | _SYS_VARS.php= PKG_PHP_VERSION PKG_PHP PHPPKGSRCDIR PHP_PKG_PREFIX \ | 96 | _SYS_VARS.php= PKG_PHP_VERSION PKG_PHP PHPPKGSRCDIR PHP_PKG_PREFIX \ | |
97 | PKG_PHP_MAJOR_VERS | 97 | PKG_PHP_MAJOR_VERS | |
98 | 98 | |||
99 | .include "../../mk/bsd.prefs.mk" | 99 | .include "../../mk/bsd.prefs.mk" |
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | # $NetBSD: Makefile.php,v 1.2 2013/08/31 12:31:10 adam Exp $ | 1 | # $NetBSD: Makefile.php,v 1.2.6.1 2014/06/02 15:33:45 tron Exp $ | |
2 | # used by lang/php55/Makefile | 2 | # used by lang/php55/Makefile | |
3 | # used by www/ap-php/Makefile | 3 | # used by www/ap-php/Makefile | |
4 | # used by www/php-fpm/Makefile | 4 | # used by www/php-fpm/Makefile | |
5 | 5 | |||
6 | .include "../../lang/php55/Makefile.common" | 6 | .include "../../lang/php55/Makefile.common" | |
7 | 7 | |||
8 | DISTINFO_FILE= ${.CURDIR}/../../lang/php55/distinfo | 8 | DISTINFO_FILE= ${.CURDIR}/../../lang/php55/distinfo | |
9 | PATCHDIR= ${.CURDIR}/../../lang/php55/patches | 9 | PATCHDIR= ${.CURDIR}/../../lang/php55/patches | |
10 | 10 | |||
11 | USE_LIBTOOL= YES | 11 | USE_LIBTOOL= YES | |
12 | USE_LANGUAGES= c c++ | 12 | USE_LANGUAGES= c c++ | |
13 | GNU_CONFIGURE= YES | 13 | GNU_CONFIGURE= YES | |
14 | BUILD_DEFS+= VARBASE | 14 | BUILD_DEFS+= VARBASE | |
@@ -31,29 +31,27 @@ CONFIGURE_ARGS+= --without-pear | @@ -31,29 +31,27 @@ CONFIGURE_ARGS+= --without-pear | |||
31 | #CONFIGURE_ARGS+= --without-intl | 31 | #CONFIGURE_ARGS+= --without-intl | |
32 | 32 | |||
33 | CONFIGURE_ARGS+= --disable-posix | 33 | CONFIGURE_ARGS+= --disable-posix | |
34 | CONFIGURE_ARGS+= --disable-dom | 34 | CONFIGURE_ARGS+= --disable-dom | |
35 | CONFIGURE_ARGS+= --disable-opcache | 35 | CONFIGURE_ARGS+= --disable-opcache | |
36 | CONFIGURE_ARGS+= --disable-pdo | 36 | CONFIGURE_ARGS+= --disable-pdo | |
37 | CONFIGURE_ARGS+= --disable-json | 37 | CONFIGURE_ARGS+= --disable-json | |
38 | 38 | |||
39 | CONFIGURE_ARGS+= --enable-cgi | 39 | CONFIGURE_ARGS+= --enable-cgi | |
40 | CONFIGURE_ARGS+= --enable-xml | 40 | CONFIGURE_ARGS+= --enable-xml | |
41 | CONFIGURE_ARGS+= --with-libxml-dir=${PREFIX} | 41 | CONFIGURE_ARGS+= --with-libxml-dir=${PREFIX} | |
42 | .include "../../textproc/libxml2/buildlink3.mk" | 42 | .include "../../textproc/libxml2/buildlink3.mk" | |
43 | 43 | |||
44 | # Note: This expression is the same as ${PKGBASE}, but the latter is | 44 | PKG_OPTIONS_VAR= PKG_OPTIONS.${PHP_PKG_PREFIX} | |
45 | # not defined yet, so we cannot use it here. | |||
46 | PKG_OPTIONS_VAR= PKG_OPTIONS.${PKGNAME:C/-[0-9].*//} | |||
47 | PKG_SUPPORTED_OPTIONS+= inet6 ssl maintainer-zts readline | 45 | PKG_SUPPORTED_OPTIONS+= inet6 ssl maintainer-zts readline | |
48 | PKG_SUGGESTED_OPTIONS+= inet6 ssl | 46 | PKG_SUGGESTED_OPTIONS+= inet6 ssl | |
49 | 47 | |||
50 | .if ${OPSYS} == "SunOS" || ${OPSYS} == "Darwin" || ${OPSYS} == "FreeBSD" | 48 | .if ${OPSYS} == "SunOS" || ${OPSYS} == "Darwin" || ${OPSYS} == "FreeBSD" | |
51 | PKG_SUPPORTED_OPTIONS+= dtrace | 49 | PKG_SUPPORTED_OPTIONS+= dtrace | |
52 | .endif | 50 | .endif | |
53 | 51 | |||
54 | .include "../../mk/bsd.options.mk" | 52 | .include "../../mk/bsd.options.mk" | |
55 | 53 | |||
56 | .if !empty(PKG_OPTIONS:Minet6) | 54 | .if !empty(PKG_OPTIONS:Minet6) | |
57 | CONFIGURE_ARGS+= --enable-ipv6 | 55 | CONFIGURE_ARGS+= --enable-ipv6 | |
58 | .else | 56 | .else | |
59 | CONFIGURE_ARGS+= --disable-ipv6 | 57 | CONFIGURE_ARGS+= --disable-ipv6 |
@@ -1,18 +1,18 @@ | @@ -1,18 +1,18 @@ | |||
1 | $NetBSD: distinfo,v 1.17.2.1 2014/06/01 13:20:22 spz Exp $ | 1 | $NetBSD: distinfo,v 1.17.2.2 2014/06/02 15:33:45 tron Exp $ | |
2 | 2 | |||
3 | SHA1 (php-5.5.12.tar.bz2) = eaa0b27368f98af2fa9aa6f08d7ea23bdb53c748 | 3 | SHA1 (php-5.5.13.tar.bz2) = b16ff3218d2cc79a5acac577f7560dbb80f205d1 | |
4 | RMD160 (php-5.5.12.tar.bz2) = c09c98e85c503cf030b0f215fcab0986945ce7ba | 4 | RMD160 (php-5.5.13.tar.bz2) = 806623a7d78ad1c7efcdd953bfea58075e559aae | |
5 | Size (php-5.5.12.tar.bz2) = 13251734 bytes | 5 | Size (php-5.5.13.tar.bz2) = 13274145 bytes | |
6 | SHA1 (patch-acinclude.m4) = 9e9c433e4cb96e469f7cf14b2064a0f41fc4568a | 6 | SHA1 (patch-acinclude.m4) = 9e9c433e4cb96e469f7cf14b2064a0f41fc4568a | |
7 | SHA1 (patch-aclocal.m4) = 14ae2898e1d68b552e76a7e4ee7006f1aee1f932 | 7 | SHA1 (patch-aclocal.m4) = 14ae2898e1d68b552e76a7e4ee7006f1aee1f932 | |
8 | SHA1 (patch-build_libtool.m4) = 6ee935c55cc01704c6e9edb4e383b2ddb7c746e7 | 8 | SHA1 (patch-build_libtool.m4) = 6ee935c55cc01704c6e9edb4e383b2ddb7c746e7 | |
9 | SHA1 (patch-configure) = 7b4bef368e6709c26c0db31a4c7ebc04e4d55e9c | 9 | SHA1 (patch-configure) = 7b4bef368e6709c26c0db31a4c7ebc04e4d55e9c | |
10 | SHA1 (patch-ext_gd_config.m4) = 91c9798333d4776856a0a9e20196986856b758b2 | 10 | SHA1 (patch-ext_gd_config.m4) = 91c9798333d4776856a0a9e20196986856b758b2 | |
11 | SHA1 (patch-ext_gd_libgd_gdxpm.c) = 9a175417fad9ac23037a24122f8d1258b9eebbcb | 11 | SHA1 (patch-ext_gd_libgd_gdxpm.c) = 9a175417fad9ac23037a24122f8d1258b9eebbcb | |
12 | SHA1 (patch-ext_imap_config.m4) = 01681e8b54ee586ec4db72a5da2d0aec3fa89fcc | 12 | SHA1 (patch-ext_imap_config.m4) = 01681e8b54ee586ec4db72a5da2d0aec3fa89fcc | |
13 | SHA1 (patch-ext_mssql_php__mssql.c) = 4ef1837850443e9db2e71620a3ddaed5ab5c435b | 13 | SHA1 (patch-ext_mssql_php__mssql.c) = 4ef1837850443e9db2e71620a3ddaed5ab5c435b | |
14 | SHA1 (patch-ext_opcache_config.m4) = 7c0d98feaeec8a0ca61f6f77a1906aa2d601be3f | 14 | SHA1 (patch-ext_opcache_config.m4) = 7c0d98feaeec8a0ca61f6f77a1906aa2d601be3f | |
15 | SHA1 (patch-ext_pdo__mysql_config.m4) = 3526e737da25129710218e7141d5a05ae0a51390 | 15 | SHA1 (patch-ext_pdo__mysql_config.m4) = 3526e737da25129710218e7141d5a05ae0a51390 | |
16 | SHA1 (patch-ext_pdo_config.m4) = 26a4ad02e5c6b7a54c3c54a6d026a3ccfed62c59 | 16 | SHA1 (patch-ext_pdo_config.m4) = 26a4ad02e5c6b7a54c3c54a6d026a3ccfed62c59 | |
17 | SHA1 (patch-ext_phar_Makefile.frag) = 1af23d9135557bc7ba2f3627b317d4cbef37aaba | 17 | SHA1 (patch-ext_phar_Makefile.frag) = 1af23d9135557bc7ba2f3627b317d4cbef37aaba | |
18 | SHA1 (patch-ext_phar_phar_phar.php) = 011f2d68048dbc63f5efcab4e23062daa9e8e08c | 18 | SHA1 (patch-ext_phar_phar_phar.php) = 011f2d68048dbc63f5efcab4e23062daa9e8e08c |