Update php53 to 5.3.29, final PHP 5.3 release.
14 Aug 2014, PHP 5.3.29
- Core:
. Fixed bug #66127 (Segmentation fault with ArrayObject unset). (Stas)
. Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas)
. Fixed bug #67249 (printf out-of-bounds read). (Stas)
. Fixed bug #67250 (iptcparse out-of-bounds read). (Stas)
. Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas)
. Fixed bug #67359 (Segfault in recursiveDirectoryIterator). (Laruence)
. Fixed bug #67390 (insecure temporary file use in the configure script).
(Remi) (CVE-2014-3981)
. Fixed bug #67399 (putenv with empty variable may lead to crash). (Stas)
. Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type
Confusion) (CVE-2014-3515). (Stefan Esser)
. Fixed bug #67498 (phpinfo() Type Confusion Information Leak Vulnerability).
(Stefan Esser)
- COM:
. Fixed missing type checks in com_event_sink (Yussuf Khalil, Stas).
- Date:
. Fixed bug #66060 (Heap buffer over-read in DateInterval). (CVE-2013-6712)
(Remi)
. Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas)
. Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas)
- Exif:
. Fixed bug #65873 (Integer overflow in exif_read_data()). (Stas)
- Fileinfo:
. Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol)
. Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary
check). (CVE-2014-0207)
. Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS).
(CVE-2014-0238)
. Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting
in performance degradation). (CVE-2014-0237)
. Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal
string size). (Francisco Alonso, Jan Kaluza, Remi)
. Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary
check). (Francisco Alonso, Jan Kaluza, Remi)
. Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check).
(Francisco Alonso, Jan Kaluza, Remi)
. Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary
check). (Francisco Alonso, Jan Kaluza, Remi)
- Intl:
. Fixed bug #67349 (Locale::parseLocale Double Free). (Stas)
. Fixed bug #67397 (Buffer overflow in locale_get_display_name and
uloc_getDisplayName (libicu 4.8.1)). (Stas)
- Network:
. Fixed bug #67432 (Fix potential segfault in dns_check_record()).
(CVE-2014-4049). (Sara)
- OpenSSL:
. Fixed missing type checks in OpenSSL options (Yussuf Khalil, Stas).
- Session:
. Fixed missing type checks in php_session_create_id (Yussuf Khalil, Stas).
(taca)
diff -r1.68 -r1.69 pkgsrc/lang/php/phpversion.mk| @@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
| 1 | # $NetBSD: phpversion.mk,v 1.68 2014/07/26 00:12:53 taca Exp $ | 1 | # $NetBSD: phpversion.mk,v 1.69 2014/08/15 16:09:16 taca Exp $ | |
| 2 | # | 2 | # | |
| 3 | # This file selects a PHP version, based on the user's preferences and | 3 | # This file selects a PHP version, based on the user's preferences and | |
| 4 | # the installed packages. It does not add a dependency on the PHP | 4 | # the installed packages. It does not add a dependency on the PHP | |
| 5 | # package. | 5 | # package. | |
| 6 | # | 6 | # | |
| 7 | # === User-settable variables === | 7 | # === User-settable variables === | |
| 8 | # | 8 | # | |
| 9 | # PHP_VERSION_DEFAULT | 9 | # PHP_VERSION_DEFAULT | |
| 10 | # The PHP version to choose when more than one is acceptable to | 10 | # The PHP version to choose when more than one is acceptable to | |
| 11 | # the package. | 11 | # the package. | |
| 12 | # | 12 | # | |
| 13 | # Possible: 53 54 55 | 13 | # Possible: 53 54 55 | |
| 14 | # Default: 54 | 14 | # Default: 54 | |
| @@ -71,27 +71,27 @@ | @@ -71,27 +71,27 @@ | |||
| 71 | # PHP_EXTENSION_DIR | 71 | # PHP_EXTENSION_DIR | |
| 72 | # Relative path to ${PREFIX} for PHP's extensions. It is derived from | 72 | # Relative path to ${PREFIX} for PHP's extensions. It is derived from | |
| 73 | # initial release of major version. | 73 | # initial release of major version. | |
| 74 | # | 74 | # | |
| 75 | # Example: lib/php/20090630 | 75 | # Example: lib/php/20090630 | |
| 76 | # | 76 | # | |
| 77 | # Keywords: php | 77 | # Keywords: php | |
| 78 | # | 78 | # | |
| 79 | 79 | |||
| 80 | .if !defined(PHPVERSION_MK) | 80 | .if !defined(PHPVERSION_MK) | |
| 81 | PHPVERSION_MK= defined | 81 | PHPVERSION_MK= defined | |
| 82 | 82 | |||
| 83 | # Define each PHP's version. | 83 | # Define each PHP's version. | |
| 84 | PHP53_VERSION= 5.3.28 | 84 | PHP53_VERSION= 5.3.29 | |
| 85 | PHP54_VERSION= 5.4.31 | 85 | PHP54_VERSION= 5.4.31 | |
| 86 | PHP55_VERSION= 5.5.15 | 86 | PHP55_VERSION= 5.5.15 | |
| 87 | 87 | |||
| 88 | # Define initial release of major version. | 88 | # Define initial release of major version. | |
| 89 | PHP53_RELDATE= 20090630 | 89 | PHP53_RELDATE= 20090630 | |
| 90 | PHP54_RELDATE= 20120301 | 90 | PHP54_RELDATE= 20120301 | |
| 91 | PHP55_RELDATE= 20130620 | 91 | PHP55_RELDATE= 20130620 | |
| 92 | 92 | |||
| 93 | _VARGROUPS+= php | 93 | _VARGROUPS+= php | |
| 94 | _USER_VARS.php= PHP_VERSION_DEFAULT | 94 | _USER_VARS.php= PHP_VERSION_DEFAULT | |
| 95 | _PKG_VARS.php= PHP_VERSIONS_ACCEPTED PHP_VERSION_REQD | 95 | _PKG_VARS.php= PHP_VERSIONS_ACCEPTED PHP_VERSION_REQD | |
| 96 | _SYS_VARS.php= PKG_PHP_VERSION PKG_PHP PHPPKGSRCDIR PHP_PKG_PREFIX \ | 96 | _SYS_VARS.php= PKG_PHP_VERSION PKG_PHP PHPPKGSRCDIR PHP_PKG_PREFIX \ | |
| 97 | PKG_PHP_MAJOR_VERS | 97 | PKG_PHP_MAJOR_VERS |
| @@ -1,20 +1,19 @@ | @@ -1,20 +1,19 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.48 2014/06/13 14:13:20 fhajny Exp $ | 1 | # $NetBSD: Makefile,v 1.49 2014/08/15 16:09:16 taca Exp $ | |
| 2 | 2 | |||
| 3 | # | 3 | # | |
| 4 | # We can't omit PKGNAME here to handle PKG_OPTIONS. | 4 | # We can't omit PKGNAME here to handle PKG_OPTIONS. | |
| 5 | # | 5 | # | |
| 6 | PKGNAME= php-${PHP_BASE_VERS} | 6 | PKGNAME= php-${PHP_BASE_VERS} | |
| 7 | PKGREVISION= 3 | |||
| 8 | CATEGORIES= lang | 7 | CATEGORIES= lang | |
| 9 | 8 | |||
| 10 | HOMEPAGE= http://www.php.net/ | 9 | HOMEPAGE= http://www.php.net/ | |
| 11 | COMMENT= PHP Hypertext Preprocessor version 5.3 | 10 | COMMENT= PHP Hypertext Preprocessor version 5.3 | |
| 12 | LICENSE= php | 11 | LICENSE= php | |
| 13 | 12 | |||
| 14 | TEST_TARGET= test | 13 | TEST_TARGET= test | |
| 15 | 14 | |||
| 16 | USE_TOOLS+= gmake lex pkg-config | 15 | USE_TOOLS+= gmake lex pkg-config | |
| 17 | LIBTOOL_OVERRIDE= # empty | 16 | LIBTOOL_OVERRIDE= # empty | |
| 18 | PHP_CHECK_INSTALLED= No | 17 | PHP_CHECK_INSTALLED= No | |
| 19 | 18 | |||
| 20 | PHP_VERSIONS_ACCEPTED?= 53 | 19 | PHP_VERSIONS_ACCEPTED?= 53 |
| @@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
| 1 | # $NetBSD: Makefile.php,v 1.40 2014/06/13 14:13:20 fhajny Exp $ | 1 | # $NetBSD: Makefile.php,v 1.41 2014/08/15 16:09:16 taca Exp $ | |
| 2 | # used by lang/php53/Makefile | 2 | # used by lang/php53/Makefile | |
| 3 | # used by www/ap-php/Makefile | 3 | # used by www/ap-php/Makefile | |
| 4 | # used by www/php-fpm/Makefile | 4 | # used by www/php-fpm/Makefile | |
| 5 | 5 | |||
| 6 | .include "../../lang/php53/Makefile.common" | 6 | .include "../../lang/php53/Makefile.common" | |
| 7 | 7 | |||
| 8 | DISTINFO_FILE= ${.CURDIR}/../../lang/php53/distinfo | 8 | DISTINFO_FILE= ${.CURDIR}/../../lang/php53/distinfo | |
| 9 | PATCHDIR= ${.CURDIR}/../../lang/php53/patches | 9 | PATCHDIR= ${.CURDIR}/../../lang/php53/patches | |
| 10 | 10 | |||
| 11 | USE_LIBTOOL= YES | 11 | USE_LIBTOOL= YES | |
| 12 | USE_LANGUAGES= c c++ | 12 | USE_LANGUAGES= c c++ | |
| 13 | GNU_CONFIGURE= YES | 13 | GNU_CONFIGURE= YES | |
| 14 | BUILD_DEFS+= VARBASE | 14 | BUILD_DEFS+= VARBASE | |
| @@ -43,28 +43,28 @@ CONFIGURE_ARGS+= --enable-xml | @@ -43,28 +43,28 @@ CONFIGURE_ARGS+= --enable-xml | |||
| 43 | CONFIGURE_ARGS+= --with-libxml-dir=${PREFIX} | 43 | CONFIGURE_ARGS+= --with-libxml-dir=${PREFIX} | |
| 44 | 44 | |||
| 45 | .include "../../textproc/libxml2/buildlink3.mk" | 45 | .include "../../textproc/libxml2/buildlink3.mk" | |
| 46 | 46 | |||
| 47 | # Note: This expression is the same as ${PKGBASE}, but the latter is | 47 | # Note: This expression is the same as ${PKGBASE}, but the latter is | |
| 48 | # not defined yet, so we cannot use it here. | 48 | # not defined yet, so we cannot use it here. | |
| 49 | PKG_OPTIONS_VAR= PKG_OPTIONS.${PHP_PKG_PREFIX} | 49 | PKG_OPTIONS_VAR= PKG_OPTIONS.${PHP_PKG_PREFIX} | |
| 50 | PKG_SUPPORTED_OPTIONS+= inet6 ssl maintainer-zts suhosin readline | 50 | PKG_SUPPORTED_OPTIONS+= inet6 ssl maintainer-zts suhosin readline | |
| 51 | PKG_SUGGESTED_OPTIONS+= inet6 ssl | 51 | PKG_SUGGESTED_OPTIONS+= inet6 ssl | |
| 52 | 52 | |||
| 53 | .include "../../mk/bsd.options.mk" | 53 | .include "../../mk/bsd.options.mk" | |
| 54 | 54 | |||
| 55 | .if !empty(PKG_OPTIONS:Msuhosin) | 55 | .if !empty(PKG_OPTIONS:Msuhosin) | |
| 56 | SUHOSIN_PHPVER= 5.3.25 | 56 | SUHOSIN_PHPVER= 5.3.29 | |
| 57 | . if ${SUHOSIN_PHPVER} != ${PHP_BASE_VERS} && ${PHP_BASE_VERS} != "5.3.28" | 57 | . if ${SUHOSIN_PHPVER} != ${PHP_BASE_VERS} | |
| 58 | PKG_FAIL_REASON+= "The suhosin patch is currently not available for" | 58 | PKG_FAIL_REASON+= "The suhosin patch is currently not available for" | |
| 59 | PKG_FAIL_REASON+= "this version of PHP. You may have to wait until" | 59 | PKG_FAIL_REASON+= "this version of PHP. You may have to wait until" | |
| 60 | PKG_FAIL_REASON+= "an updated patch is released or temporarily" | 60 | PKG_FAIL_REASON+= "an updated patch is released or temporarily" | |
| 61 | PKG_FAIL_REASON+= "build this package without the suhosin option." | 61 | PKG_FAIL_REASON+= "build this package without the suhosin option." | |
| 62 | . else | 62 | . else | |
| 63 | PATCH_SITES= ${MASTER_SITE_LOCAL} | 63 | PATCH_SITES= ${MASTER_SITE_LOCAL} | |
| 64 | PATCHFILES+= suhosin-patch-${SUHOSIN_PHPVER}-0.9.10.patch.bz2 | 64 | PATCHFILES+= suhosin-patch-${SUHOSIN_PHPVER}-0.9.10.patch.bz2 | |
| 65 | PLIST.suhosin= yes | 65 | PLIST.suhosin= yes | |
| 66 | MESSAGE_SRC= ${.CURDIR}/../../lang/php53/MESSAGE | 66 | MESSAGE_SRC= ${.CURDIR}/../../lang/php53/MESSAGE | |
| 67 | MESSAGE_SRC+= ${.CURDIR}/../../lang/php53/MESSAGE.suhosin | 67 | MESSAGE_SRC+= ${.CURDIR}/../../lang/php53/MESSAGE.suhosin | |
| 68 | 68 | |||
| 69 | . endif | 69 | . endif | |
| 70 | .endif | 70 | .endif |
| @@ -1,30 +1,27 @@ | @@ -1,30 +1,27 @@ | |||
| 1 | $NetBSD: distinfo,v 1.75 2014/07/28 16:12:57 prlw1 Exp $ | 1 | $NetBSD: distinfo,v 1.76 2014/08/15 16:09:16 taca Exp $ | |
| 2 | 2 | |||
| 3 | SHA1 (php-5.3.28.tar.bz2) = f985ca1f6a5f49ebfb25a08f1837a44c563b31f8 | 3 | SHA1 (php-5.3.29.tar.bz2) = 6e9e492c6d5853d063ddb9a4dbef60b8e5d87444 | |
| 4 | RMD160 (php-5.3.28.tar.bz2) = e4910c0c365f39a5009807801bd5ee6e25be020d | 4 | RMD160 (php-5.3.29.tar.bz2) = e57beb4fdda41bca81b5856161bc97f3c5e3e9da | |
| 5 | Size (php-5.3.28.tar.bz2) = 11051714 bytes | 5 | Size (php-5.3.29.tar.bz2) = 11396771 bytes | |
| 6 | SHA1 (suhosin-patch-5.3.25-0.9.10.patch.bz2) = ce5883b05daf91e8a44fffbfa4d3989ac3311dd1 | 6 | SHA1 (suhosin-patch-5.3.29-0.9.10.patch.bz2) = b81a9b24f758cef4319759e09d011c7a350232a7 | |
| 7 | RMD160 (suhosin-patch-5.3.25-0.9.10.patch.bz2) = 6c4d0cfe070802481121be465b66d3cefe44da83 | 7 | RMD160 (suhosin-patch-5.3.29-0.9.10.patch.bz2) = 7685501fd40426068c58dfbe844d12f1af299d80 | |
| 8 | Size (suhosin-patch-5.3.25-0.9.10.patch.bz2) = 32447 bytes | 8 | Size (suhosin-patch-5.3.29-0.9.10.patch.bz2) = 32437 bytes | |
| 9 | SHA1 (patch-Zend_zend_language_parser.h) = b2bcf33a44d39baa2caf00b7907b5b69a3af4ad6 | |||
| 10 | SHA1 (patch-aa) = fd930d0d9b1c60e8c7c514cfb6864b61ce4d158d | 9 | SHA1 (patch-aa) = fd930d0d9b1c60e8c7c514cfb6864b61ce4d158d | |
| 11 | SHA1 (patch-ab) = 36789fea71e316d5c4358e597df1928d94f8ea6a | 10 | SHA1 (patch-ab) = 36789fea71e316d5c4358e597df1928d94f8ea6a | |
| 12 | SHA1 (patch-ac) = b194eaed2d81877166b13db58b37c5ddff0210a6 | 11 | SHA1 (patch-ac) = b194eaed2d81877166b13db58b37c5ddff0210a6 | |
| 13 | SHA1 (patch-aclocal.m4) = 473b76c8575331604d30e24a08c527e15b166778 | 12 | SHA1 (patch-aclocal.m4) = 473b76c8575331604d30e24a08c527e15b166778 | |
| 14 | SHA1 (patch-ad) = 6b42868f41335ddfa5a8c1e982819166b05e4ad2 | 13 | SHA1 (patch-ad) = 6b42868f41335ddfa5a8c1e982819166b05e4ad2 | |
| 15 | SHA1 (patch-ae) = 3a354cb5c1253eb375041d8ee8549c2f663e6c74 | 14 | SHA1 (patch-ae) = 3a354cb5c1253eb375041d8ee8549c2f663e6c74 | |
| 16 | SHA1 (patch-af) = 4f5aac4c52ce576f4489cb1f06fdb672745a8fdb | 15 | SHA1 (patch-af) = 4f5aac4c52ce576f4489cb1f06fdb672745a8fdb | |
| 17 | SHA1 (patch-ag) = 84af84bc1144ac8a1fce931edcedd4a3ad0f2fda | 16 | SHA1 (patch-ag) = 84af84bc1144ac8a1fce931edcedd4a3ad0f2fda | |
| 18 | SHA1 (patch-ah) = 697156508da2d837a1ea1a41f036eab4fb87e94b | 17 | SHA1 (patch-ah) = 697156508da2d837a1ea1a41f036eab4fb87e94b | |
| 19 | SHA1 (patch-ai) = 9659f73eef1b4fcca9b844bdaa785ac6d5e582a1 | 18 | SHA1 (patch-ai) = 9659f73eef1b4fcca9b844bdaa785ac6d5e582a1 | |
| 20 | SHA1 (patch-aj) = 181658ae523bd60f67750566711fc078b49191b7 | 19 | SHA1 (patch-aj) = 181658ae523bd60f67750566711fc078b49191b7 | |
| 21 | SHA1 (patch-al) = fe534d7d50a529e3c7d0ffed76afdb70bb55a521 | 20 | SHA1 (patch-al) = fe534d7d50a529e3c7d0ffed76afdb70bb55a521 | |
| 22 | SHA1 (patch-build_libtool.m4) = 6835b90ebd34739440c8eb94ed19ebacdf2ba6a5 | 21 | SHA1 (patch-build_libtool.m4) = 6835b90ebd34739440c8eb94ed19ebacdf2ba6a5 | |
| 23 | SHA1 (patch-ext_date_lib_parse__iso__intervals.c) = 1243e4cda1d6446ee4f8b6cab61556fa07837139 | |||
| 24 | SHA1 (patch-ext_date_lib_parse__iso__intervals.re) = 75d4abd666c17d7d5f8a4ee9e489bf2565f83524 | |||
| 25 | SHA1 (patch-ext_gd_libgd_gdxpm.c) = 9a175417fad9ac23037a24122f8d1258b9eebbcb | 22 | SHA1 (patch-ext_gd_libgd_gdxpm.c) = 9a175417fad9ac23037a24122f8d1258b9eebbcb | |
| 26 | SHA1 (patch-ext_standard_basic__functions.c) = 017fd25e646af4d7eb2a0bd13b3c8da34eaee8c5 | 23 | SHA1 (patch-ext_standard_basic__functions.c) = 017fd25e646af4d7eb2a0bd13b3c8da34eaee8c5 | |
| 27 | SHA1 (patch-main_streams_cast.c) = d68b69c9418a8780b1610b8755487771f7c46a5a | 24 | SHA1 (patch-main_streams_cast.c) = d68b69c9418a8780b1610b8755487771f7c46a5a | |
| 28 | SHA1 (patch-php__mssql.c) = 524c4e5d7ede0e503049bf1febec58e0c4a29aa4 | 25 | SHA1 (patch-php__mssql.c) = 524c4e5d7ede0e503049bf1febec58e0c4a29aa4 | |
| 29 | SHA1 (patch-sapi_fpm_fpm_events_port.c) = ad45bcebadf923ee8cb3f2ad4d78d21dd178a8e3 | 26 | SHA1 (patch-sapi_fpm_fpm_events_port.c) = ad45bcebadf923ee8cb3f2ad4d78d21dd178a8e3 | |
| 30 | SHA1 (patch-sapi_fpm_php-fpm.conf.in) = 86137a37e74badf99c46d1ba7ca5d85f42bedfce | 27 | SHA1 (patch-sapi_fpm_php-fpm.conf.in) = 86137a37e74badf99c46d1ba7ca5d85f42bedfce |