[packages/php] up to 5.6.6, fixes for CVE-2015-0235 and CVE-2015-0273

[glen]

commit 55766199e8fc4d32f1523a586d34714da317e050
Author: Elan Ruusamäe <g...@delfi.ee>
Date:   Fri Feb 27 18:12:25 2015 +0200

    up to 5.6.6, fixes for CVE-2015-0235 and CVE-2015-0273

 php-fcgi-error_log-no-newlines.patch | 22 +++++++++++-----------
 php.spec                             |  6 +++---
 2 files changed, 14 insertions(+), 14 deletions(-)
---
diff --git a/php.spec b/php.spec
index cdd2d8a..41b553c 100644
--- a/php.spec
+++ b/php.spec
@@ -134,7 +134,7 @@ ERROR: You need to select at least one Apache SAPI to build 
shared modules.
 %undefine      with_filter
 %endif
 
-%define                rel     4
+%define                rel     1
 %define                orgname php
 %define                ver_suffix 56
 %define                php_suffix %{!?with_default_php:%{ver_suffix}}
@@ -145,13 +145,13 @@ Summary(pt_BR.UTF-8):     A linguagem de script PHP
 Summary(ru.UTF-8):     PHP Версии 5 - язык препроцессирования HTML-файлов, 
выполняемый на сервере
 Summary(uk.UTF-8):     PHP Версії 5 - мова препроцесування HTML-файлів, 
виконувана на сервері
 Name:          %{orgname}%{php_suffix}
-Version:       5.6.5
+Version:       5.6.6
 Release:       %{rel}%{?with_type_hints:.th}
 Epoch:         4
 License:       PHP
 Group:         Libraries
 Source0:       http://www.php.net/distributions/%{orgname}-%{version}.tar.xz
-# Source0-md5: 541a480e1f8747219074c99f3e9edbcc
+# Source0-md5: ed0c9ad2419fffde1d8c03a2d8164179
 Source2:       %{orgname}-mod_%{orgname}.conf
 Source3:       %{orgname}-cgi-fcgi.ini
 Source4:       %{orgname}-apache.ini
diff --git a/php-fcgi-error_log-no-newlines.patch 
b/php-fcgi-error_log-no-newlines.patch
index e35648e..cedf82c 100644
--- a/php-fcgi-error_log-no-newlines.patch
+++ b/php-fcgi-error_log-no-newlines.patch
@@ -1,16 +1,16 @@
---- ./sapi/cgi/cgi_main.c~     2007-08-09 02:51:57.000000000 +0300
-+++ ./sapi/cgi/cgi_main.c      2007-09-05 20:54:19.390089070 +0300
-@@ -558,12 +558,7 @@
+--- php-5.6.6/sapi/cgi/cgi_main.c~     2015-02-27 18:09:34.000000000 +0200
++++ php-5.6.6/sapi/cgi/cgi_main.c      2015-02-27 18:11:26.296171361 +0200
+@@ -737,12 +737,8 @@
                request = (fcgi_request*) SG(server_context);
-               if (request) {                  
-                       int len = strlen(message);
+               if (request) {
+                       int ret, len = strlen(message);
 -                      char *buf = malloc(len+2);
--
+ 
 -                      memcpy(buf, message, len);
 -                      memcpy(buf + len, "\n", sizeof("\n"));
--                      fcgi_write(request, FCGI_STDERR, buf, len+1);
+-                      ret = fcgi_write(request, FCGI_STDERR, buf, len + 1);
 -                      free(buf);
-+                      fcgi_write(request, FCGI_STDERR, message, len);
-               } else {
-                       fprintf(stderr, "%s\n", message);
-               }
++                      ret = fcgi_write(request, FCGI_STDERR, message, len);
+                       if (ret < 0) {
+                               php_handle_aborted_connection();
+                       }
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/php.git/commitdiff/55766199e8fc4d32f1523a586d34714da317e050

_______________________________________________
pld-cvs-commit mailing list
pld-cvs-commit@lists.pld-linux.org
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit