Author: arekm Date: Fri Mar 18 09:02:27 2011 GMT Module: packages Tag: HEAD ---- Log message: - updated to 5.3.6 without suhoshin (fixes CVE-2011-1153, CVE-2011-1092, CVE-2011-0708, CVE-2011-0421, misc)
---- Files affected: packages/php: php-config-file-scan-dir.patch (1.3 -> 1.4) , php-ini.patch (1.40 -> 1.41) , php-sapi-ini-file.patch (1.12 -> 1.13) , php.spec (1.925 -> 1.926) ---- Diffs: ================================================================ Index: packages/php/php-config-file-scan-dir.patch diff -u packages/php/php-config-file-scan-dir.patch:1.3 packages/php/php-config-file-scan-dir.patch:1.4 --- packages/php/php-config-file-scan-dir.patch:1.3 Sun Dec 12 21:09:02 2010 +++ packages/php/php-config-file-scan-dir.patch Fri Mar 18 10:02:21 2011 @@ -28,14 +28,14 @@ char ini_file[MAXPATHLEN]; - char *p; + char *p, *last, *path_copy, *ini_path = NULL; - zend_file_handle fh; + zend_file_handle fh2; zend_llist scanned_ini_list; zend_llist_element *element; int l, total_l = 0; - if ((ndir = php_scandir(php_ini_scanned_path, &namelist, 0, php_alphasort)) > 0) { - zend_llist_init(&scanned_ini_list, sizeof(char *), (llist_dtor_func_t) free_estring, 1); -- memset(&fh, 0, sizeof(fh)); +- memset(&fh2, 0, sizeof(fh2)); - - for (i = 0; i < ndir; i++) { - @@ -54,11 +54,11 @@ - } - if (VCWD_STAT(ini_file, &sb) == 0) { - if (S_ISREG(sb.st_mode)) { -- if ((fh.handle.fp = VCWD_FOPEN(ini_file, "r"))) { -- fh.filename = ini_file; -- fh.type = ZEND_HANDLE_FP; +- if ((fh2.handle.fp = VCWD_FOPEN(ini_file, "r"))) { +- fh2.filename = ini_file; +- fh2.type = ZEND_HANDLE_FP; - -- if (zend_parse_ini_file(&fh, 1, ZEND_INI_SCANNER_NORMAL, (zend_ini_parser_cb_t) php_ini_parser_cb, &configuration_hash TSRMLS_CC) == SUCCESS) { +- if (zend_parse_ini_file(&fh2, 1, ZEND_INI_SCANNER_NORMAL, (zend_ini_parser_cb_t) php_ini_parser_cb, &configuration_hash TSRMLS_CC) == SUCCESS) { - /* Here, add it to the list of ini files read */ - l = strlen(ini_file); - total_l += l + 2; @@ -76,7 +76,7 @@ + int ini_path_len = strlen(ini_path); + + if ((ndir = php_scandir(ini_path, &namelist, 0, php_alphasort)) > 0) { -+ memset(&fh, 0, sizeof(fh)); ++ memset(&fh2, 0, sizeof(fh2)); + + for (i = 0; i < ndir; i++) { + /* check for any file with .ini extension */ @@ -94,14 +94,14 @@ + } + if (VCWD_STAT(ini_file, &sb) == 0) { + if (S_ISREG(sb.st_mode)) { -+ if ((fh.handle.fp = VCWD_FOPEN(ini_file, "r"))) { -+ fh.filename = ini_file; -+ fh.type = ZEND_HANDLE_FP; ++ if ((fh2.handle.fp = VCWD_FOPEN(ini_file, "r"))) { ++ fh2.filename = ini_file; ++ fh2.type = ZEND_HANDLE_FP; + + /* Reset active ini section */ + RESET_ACTIVE_INI_HASH(); + -+ if (zend_parse_ini_file(&fh, 1, ZEND_INI_SCANNER_NORMAL, (zend_ini_parser_cb_t) php_ini_parser_cb, &configuration_hash TSRMLS_CC) == SUCCESS) { ++ if (zend_parse_ini_file(&fh2, 1, ZEND_INI_SCANNER_NORMAL, (zend_ini_parser_cb_t) php_ini_parser_cb, &configuration_hash TSRMLS_CC) == SUCCESS) { + /* Here, add it to the list of ini files read */ + l = strlen(ini_file); + total_l += l + 2; ================================================================ Index: packages/php/php-ini.patch diff -u packages/php/php-ini.patch:1.40 packages/php/php-ini.patch:1.41 --- packages/php/php-ini.patch:1.40 Sun Dec 12 22:00:01 2010 +++ packages/php/php-ini.patch Fri Mar 18 10:02:21 2011 @@ -105,7 +105,7 @@ ; ; extension=msql.so ; -@@ -891,49 +887,8 @@ +@@ -887,39 +887,8 @@ ; If you only provide the name of the extension, PHP will look for it in its ; default extension directory. ; @@ -142,21 +142,11 @@ -;extension=php_pgsql.dll -;extension=php_pspell.dll -;extension=php_shmop.dll --;extension=php_snmp.dll --;extension=php_soap.dll --;extension=php_sockets.dll --;extension=php_sqlite.dll --;extension=php_sqlite3.dll --;extension=php_sybase_ct.dll --;extension=php_tidy.dll --;extension=php_xmlrpc.dll --;extension=php_xsl.dll --;extension=php_zip.dll +; Ideally in PLD Linux you should install appropriate php-<extension> or +; php-pecl-<extension> package. - ;;;;;;;;;;;;;;;;;;; - ; Module Settings ; + ; The MIBS data available in the PHP distribution must be installed. + ; See http://www.php.net/manual/en/snmp.installation.php @@ -1235,6 +1140,9 @@ ; http://php.net/mysql.connect-timeout mysql.connect_timeout = 60 ================================================================ Index: packages/php/php-sapi-ini-file.patch diff -u packages/php/php-sapi-ini-file.patch:1.12 packages/php/php-sapi-ini-file.patch:1.13 --- packages/php/php-sapi-ini-file.patch:1.12 Wed Mar 17 17:43:54 2010 +++ packages/php/php-sapi-ini-file.patch Fri Mar 18 10:02:21 2011 @@ -74,6 +74,6 @@ - if ((ndir = php_scandir(ini_path, &namelist, 0, php_alphasort)) > 0) { + if ((ndir = php_scandir(ini_path, &namelist, 0, php_csort)) > 0) { - memset(&fh, 0, sizeof(fh)); + memset(&fh2, 0, sizeof(fh2)); for (i = 0; i < ndir; i++) { ================================================================ Index: packages/php/php.spec diff -u packages/php/php.spec:1.925 packages/php/php.spec:1.926 --- packages/php/php.spec:1.925 Fri Mar 11 18:53:57 2011 +++ packages/php/php.spec Fri Mar 18 10:02:21 2011 @@ -103,7 +103,7 @@ %undefine with_filter %endif -%define rel 8 +%define rel 0.1 Summary: PHP: Hypertext Preprocessor Summary(fr.UTF-8): Le langage de script embarque-HTML PHP Summary(pl.UTF-8): Język skryptowy PHP @@ -111,13 +111,13 @@ Summary(ru.UTF-8): PHP Версии 5 - язык препроцессирования HTML-файлов, выполняемый на сервере Summary(uk.UTF-8): PHP Версії 5 - мова препроцесування HTML-файлів, виконувана на сервері Name: php -Version: 5.3.5 +Version: 5.3.6 Release: %{rel}%{?with_type_hints:.th}%{?with_oci8:.oci} Epoch: 4 License: PHP Group: Libraries Source0: http://www.php.net/distributions/%{name}-%{version}.tar.bz2 -# Source0-md5: 8aaf20c95e91f25c5b6a591e5d6d61b9 +# Source0-md5: 2286f5a82a6e8397955a0025c1c2ad98 Source2: %{name}-mod_%{name}.conf Source3: %{name}-cgi-fcgi.ini Source4: %{name}-apache.ini @@ -3166,6 +3166,9 @@ All persons listed below can be reached at <cvs_login>@pld-linux.org $Log$ +Revision 1.926 2011/03/18 09:02:21 arekm +- updated to 5.3.6 without suhoshin (fixes CVE-2011-1153, CVE-2011-1092, CVE-2011-0708, CVE-2011-0421, misc) + Revision 1.925 2011/03/11 17:53:57 baggins - add oci as release ext - add leading dot to release exts ================================================================ ---- CVS-web: http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/php/php-config-file-scan-dir.patch?r1=1.3&r2=1.4&f=u http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/php/php-ini.patch?r1=1.40&r2=1.41&f=u http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/php/php-sapi-ini-file.patch?r1=1.12&r2=1.13&f=u http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/php/php.spec?r1=1.925&r2=1.926&f=u _______________________________________________ pld-cvs-commit mailing list pld-cvs-commit@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit