Author: arekm Date: Fri Mar 18 09:02:27 2011 GMT
Module: packages Tag: HEAD
---- Log message:
- updated to 5.3.6 without suhoshin (fixes CVE-2011-1153, CVE-2011-1092,
CVE-2011-0708, CVE-2011-0421, misc)
---- Files affected:
packages/php:
php-config-file-scan-dir.patch (1.3 -> 1.4) , php-ini.patch (1.40 -> 1.41) ,
php-sapi-ini-file.patch (1.12 -> 1.13) , php.spec (1.925 -> 1.926)
---- Diffs:
================================================================
Index: packages/php/php-config-file-scan-dir.patch
diff -u packages/php/php-config-file-scan-dir.patch:1.3
packages/php/php-config-file-scan-dir.patch:1.4
--- packages/php/php-config-file-scan-dir.patch:1.3 Sun Dec 12 21:09:02 2010
+++ packages/php/php-config-file-scan-dir.patch Fri Mar 18 10:02:21 2011
@@ -28,14 +28,14 @@
char ini_file[MAXPATHLEN];
- char *p;
+ char *p, *last, *path_copy, *ini_path = NULL;
- zend_file_handle fh;
+ zend_file_handle fh2;
zend_llist scanned_ini_list;
zend_llist_element *element;
int l, total_l = 0;
- if ((ndir = php_scandir(php_ini_scanned_path, &namelist, 0,
php_alphasort)) > 0) {
- zend_llist_init(&scanned_ini_list, sizeof(char *),
(llist_dtor_func_t) free_estring, 1);
-- memset(&fh, 0, sizeof(fh));
+- memset(&fh2, 0, sizeof(fh2));
-
- for (i = 0; i < ndir; i++) {
-
@@ -54,11 +54,11 @@
- }
- if (VCWD_STAT(ini_file, &sb) == 0) {
- if (S_ISREG(sb.st_mode)) {
-- if ((fh.handle.fp =
VCWD_FOPEN(ini_file, "r"))) {
-- fh.filename = ini_file;
-- fh.type =
ZEND_HANDLE_FP;
+- if ((fh2.handle.fp =
VCWD_FOPEN(ini_file, "r"))) {
+- fh2.filename = ini_file;
+- fh2.type =
ZEND_HANDLE_FP;
-
-- if
(zend_parse_ini_file(&fh, 1, ZEND_INI_SCANNER_NORMAL, (zend_ini_parser_cb_t)
php_ini_parser_cb, &configuration_hash TSRMLS_CC) == SUCCESS) {
+- if
(zend_parse_ini_file(&fh2, 1, ZEND_INI_SCANNER_NORMAL, (zend_ini_parser_cb_t)
php_ini_parser_cb, &configuration_hash TSRMLS_CC) == SUCCESS) {
- /* Here, add it
to the list of ini files read */
- l =
strlen(ini_file);
- total_l += l +
2;
@@ -76,7 +76,7 @@
+ int ini_path_len = strlen(ini_path);
+
+ if ((ndir = php_scandir(ini_path, &namelist, 0,
php_alphasort)) > 0) {
-+ memset(&fh, 0, sizeof(fh));
++ memset(&fh2, 0, sizeof(fh2));
+
+ for (i = 0; i < ndir; i++) {
+ /* check for any file with .ini
extension */
@@ -94,14 +94,14 @@
+ }
+ if (VCWD_STAT(ini_file, &sb) == 0) {
+ if (S_ISREG(sb.st_mode)) {
-+ if ((fh.handle.fp =
VCWD_FOPEN(ini_file, "r"))) {
-+ fh.filename =
ini_file;
-+ fh.type =
ZEND_HANDLE_FP;
++ if ((fh2.handle.fp =
VCWD_FOPEN(ini_file, "r"))) {
++ fh2.filename =
ini_file;
++ fh2.type =
ZEND_HANDLE_FP;
+
+ /* Reset active
ini section */
+
RESET_ACTIVE_INI_HASH();
+
-+ if
(zend_parse_ini_file(&fh, 1, ZEND_INI_SCANNER_NORMAL, (zend_ini_parser_cb_t)
php_ini_parser_cb, &configuration_hash TSRMLS_CC) == SUCCESS) {
++ if
(zend_parse_ini_file(&fh2, 1, ZEND_INI_SCANNER_NORMAL, (zend_ini_parser_cb_t)
php_ini_parser_cb, &configuration_hash TSRMLS_CC) == SUCCESS) {
+ /*
Here, add it to the list of ini files read */
+ l =
strlen(ini_file);
+ total_l
+= l + 2;
================================================================
Index: packages/php/php-ini.patch
diff -u packages/php/php-ini.patch:1.40 packages/php/php-ini.patch:1.41
--- packages/php/php-ini.patch:1.40 Sun Dec 12 22:00:01 2010
+++ packages/php/php-ini.patch Fri Mar 18 10:02:21 2011
@@ -105,7 +105,7 @@
;
; extension=msql.so
;
-@@ -891,49 +887,8 @@
+@@ -887,39 +887,8 @@
; If you only provide the name of the extension, PHP will look for it in its
; default extension directory.
;
@@ -142,21 +142,11 @@
-;extension=php_pgsql.dll
-;extension=php_pspell.dll
-;extension=php_shmop.dll
--;extension=php_snmp.dll
--;extension=php_soap.dll
--;extension=php_sockets.dll
--;extension=php_sqlite.dll
--;extension=php_sqlite3.dll
--;extension=php_sybase_ct.dll
--;extension=php_tidy.dll
--;extension=php_xmlrpc.dll
--;extension=php_xsl.dll
--;extension=php_zip.dll
+; Ideally in PLD Linux you should install appropriate php-<extension> or
+; php-pecl-<extension> package.
- ;;;;;;;;;;;;;;;;;;;
- ; Module Settings ;
+ ; The MIBS data available in the PHP distribution must be installed.
+ ; See http://www.php.net/manual/en/snmp.installation.php
@@ -1235,6 +1140,9 @@
; http://php.net/mysql.connect-timeout
mysql.connect_timeout = 60
================================================================
Index: packages/php/php-sapi-ini-file.patch
diff -u packages/php/php-sapi-ini-file.patch:1.12
packages/php/php-sapi-ini-file.patch:1.13
--- packages/php/php-sapi-ini-file.patch:1.12 Wed Mar 17 17:43:54 2010
+++ packages/php/php-sapi-ini-file.patch Fri Mar 18 10:02:21 2011
@@ -74,6 +74,6 @@
- if ((ndir = php_scandir(ini_path, &namelist, 0,
php_alphasort)) > 0) {
+ if ((ndir = php_scandir(ini_path, &namelist, 0,
php_csort)) > 0) {
- memset(&fh, 0, sizeof(fh));
+ memset(&fh2, 0, sizeof(fh2));
for (i = 0; i < ndir; i++) {
================================================================
Index: packages/php/php.spec
diff -u packages/php/php.spec:1.925 packages/php/php.spec:1.926
--- packages/php/php.spec:1.925 Fri Mar 11 18:53:57 2011
+++ packages/php/php.spec Fri Mar 18 10:02:21 2011
@@ -103,7 +103,7 @@
%undefine with_filter
%endif
-%define rel 8
+%define rel 0.1
Summary: PHP: Hypertext Preprocessor
Summary(fr.UTF-8): Le langage de script embarque-HTML PHP
Summary(pl.UTF-8): Język skryptowy PHP
@@ -111,13 +111,13 @@
Summary(ru.UTF-8): PHP Версии 5 - язык препроцессирования HTML-файлов,
выполняемый на сервере
Summary(uk.UTF-8): PHP Версії 5 - мова препроцесування HTML-файлів,
виконувана на сервері
Name: php
-Version: 5.3.5
+Version: 5.3.6
Release: %{rel}%{?with_type_hints:.th}%{?with_oci8:.oci}
Epoch: 4
License: PHP
Group: Libraries
Source0: http://www.php.net/distributions/%{name}-%{version}.tar.bz2
-# Source0-md5: 8aaf20c95e91f25c5b6a591e5d6d61b9
+# Source0-md5: 2286f5a82a6e8397955a0025c1c2ad98
Source2: %{name}-mod_%{name}.conf
Source3: %{name}-cgi-fcgi.ini
Source4: %{name}-apache.ini
@@ -3166,6 +3166,9 @@
All persons listed below can be reached at <cvs_login>@pld-linux.org
$Log$
+Revision 1.926 2011/03/18 09:02:21 arekm
+- updated to 5.3.6 without suhoshin (fixes CVE-2011-1153, CVE-2011-1092,
CVE-2011-0708, CVE-2011-0421, misc)
+
Revision 1.925 2011/03/11 17:53:57 baggins
- add oci as release ext
- add leading dot to release exts
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/php/php-config-file-scan-dir.patch?r1=1.3&r2=1.4&f=u
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/php/php-ini.patch?r1=1.40&r2=1.41&f=u
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/php/php-sapi-ini-file.patch?r1=1.12&r2=1.13&f=u
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/php/php.spec?r1=1.925&r2=1.926&f=u
_______________________________________________
pld-cvs-commit mailing list
pld-cvs-commit@lists.pld-linux.org
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
