Hello community, here is the log from the commit of package php5 for openSUSE:Factory checked in at 2014-07-19 08:16:23 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/php5 (Old) and /work/SRC/openSUSE:Factory/.php5.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "php5" Changes: -------- --- /work/SRC/openSUSE:Factory/php5/php5.changes 2014-07-02 15:04:10.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.php5.new/php5.changes 2014-07-19 08:16:29.000000000 +0200 @@ -1,0 +2,8 @@ +Thu Jul 17 14:32:29 UTC 2014 - pgaj...@suse.com + +- security update: + * php-CVE-2014-4670.patch [bnc#886059] + * php-CVE-2014-4698.patch [bnc#886060] +- php-5.5.10-CVE-2014-2497.patch renamed to php-CVE-2014-2497.patch + +------------------------------------------------------------------- Old: ---- php-5.5.10-CVE-2014-2497.patch New: ---- php-CVE-2014-2497.patch php-CVE-2014-4670.patch php-CVE-2014-4698.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ php5.spec ++++++ --- /var/tmp/diff_new_pack.U9UZZ2/_old 2014-07-19 08:16:31.000000000 +0200 +++ /var/tmp/diff_new_pack.U9UZZ2/_new 2014-07-19 08:16:31.000000000 +0200 @@ -176,7 +176,9 @@ Patch19: php5-big-file-upload.patch Patch20: php5-per-mod-log.patch Patch21: php5-apache24-updates.patch -Patch22: php-5.5.10-CVE-2014-2497.patch +Patch22: php-CVE-2014-2497.patch +Patch23: php-CVE-2014-4670.patch +Patch24: php-CVE-2014-4698.patch Url: http://www.php.net BuildRoot: %{_tmppath}/%{name}-%{version}-build Summary: PHP5 Core Files @@ -1328,6 +1330,8 @@ %patch20 -p1 %patch21 -p1 %patch22 +%patch23 +%patch24 # Safety check for API version change. vapi=`sed -n '/#define PHP_API_VERSION/{s/.* //;p}' main/php.h` if test "x${vapi}" != "x%{apiver}"; then ++++++ php-CVE-2014-2497.patch ++++++ Description: Patch to fix PHP bug 66901. Author: Andres Mejia <mej...@amazon.com> Forwarded: no Index: ext/gd/libgd/gdxpm.c =================================================================== --- ext/gd/libgd/gdxpm.c.orig 2014-02-05 11:00:36.000000000 +0100 +++ ext/gd/libgd/gdxpm.c 2014-04-04 14:06:15.991206709 +0200 @@ -39,6 +39,14 @@ number = image.ncolors; colors = (int *) safe_emalloc(number, sizeof(int), 0); for (i = 0; i < number; i++) { + if (!image.colorTable[i].c_color) + { + /* unsupported color key or color key not defined */ + gdImageDestroy(im); + gdFree(colors); + im = 0; + goto done; + } switch (strlen (image.colorTable[i].c_color)) { case 4: buf[1] = '\0'; ++++++ php-CVE-2014-4670.patch ++++++ X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Fspl%2Fspl_dllist.c;h=0b44d414d82378bf2741fcd568dff20f407380a6;hp=39a0733b9ac78901cc7eaf9eba080ff060517771;hb=df78c48354f376cf419d7a97f88ca07d572f00fb;hpb=131e60ce569631b5b7c61b8392f545dde936df3e --- ext/spl/spl_dllist.c +++ ext/spl/spl_dllist.c @@ -43,12 +43,10 @@ PHPAPI zend_class_entry *spl_ce_SplStack; #define SPL_LLIST_DELREF(elem) if(!--(elem)->rc) { \ efree(elem); \ - elem = NULL; \ } #define SPL_LLIST_CHECK_DELREF(elem) if((elem) && !--(elem)->rc) { \ efree(elem); \ - elem = NULL; \ } #define SPL_LLIST_ADDREF(elem) (elem)->rc++ @@ -916,6 +914,11 @@ SPL_METHOD(SplDoublyLinkedList, offsetUnset) llist->dtor(element TSRMLS_CC); } + if (intern->traverse_pointer == element) { + SPL_LLIST_DELREF(element); + intern->traverse_pointer = NULL; + } + zval_ptr_dtor((zval **)&element->data); element->data = NULL; ++++++ php-CVE-2014-4698.patch ++++++ X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Fspl%2Fspl_array.c;h=0fe47b651c13f80c35e612de5cf69ea306095fe6;hp=8392e72714b80483641b1a0d2b6e6389e3c22959;hb=22882a9d89712ff2b6ebc20a689a89452bba4dcd;hpb=df78c48354f376cf419d7a97f88ca07d572f00fb Index: ext/spl/spl_array.c =================================================================== --- ext/spl/spl_array.c.orig 2014-06-25 15:06:23.000000000 +0200 +++ ext/spl/spl_array.c 2014-07-17 17:24:01.085311011 +0200 @@ -1733,6 +1733,7 @@ const unsigned char *p, *s; php_unserialize_data_t var_hash; zval *pmembers, *pflags = NULL; + HashTable *aht; long flags; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &buf, &buf_len) == FAILURE) { @@ -1744,6 +1745,12 @@ return; } + aht = spl_array_get_hash_table(intern, 0 TSRMLS_CC); + if (aht->nApplyCount > 0) { + zend_error(E_WARNING, "Modification of ArrayObject during sorting is prohibited"); + return; + } + /* storage */ s = p = (const unsigned char*)buf; PHP_VAR_UNSERIALIZE_INIT(var_hash); -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org