Update php54 to 5.4.29, contains fix for CVE-2014-0237 and CVE-2014-0238.

29 May 2014, PHP 5.4.29 - COM: . Fixed bug #66431 (Special Character via COM Interface (CP_UTF8)). (Anatol) - Core: . Fixed bug #65701 (copy() doesn't work when destination filename is created by tempnam()). (Boro Sitnikovski) . Fixed bug #67072 (Echoing unserialized "SplFileObject" crash). (Anatol) . Fixed bug #67245 (usage of memcpy() with overlapping src and dst in zend_exceptions.c). (Bob) . Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas) . Fixed bug #67249 (printf out-of-bounds read). (Stas) . Fixed bug #67250 (iptcparse out-of-bounds read). (Stas) . Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas) - Date: . Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol) . Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas) . Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas) - DOM: . Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag, not only the subset). (Anatol) - Fileinfo: . Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol) . Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS). (CVE-2014-0238) . Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in performance degradation). (CVE-2014-0237) - FPM: . Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor). (Julio Pintos) - Phar: . Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent in its name). (PR #588)
2014-05-31 04:28:56 +00:00 · 2014-05-31 04:28:56 +00:00 · bbde72a409
commit bbde72a409
parent 7ceae32963
3 changed files with 8 additions and 10 deletions
--- a/lang/php/phpversion.mk
+++ b/lang/php/phpversion.mk
@ -1,4 +1,4 @@
-# $NetBSD: phpversion.mk,v 1.63 2014/05/31 04:26:39 taca Exp $
+# $NetBSD: phpversion.mk,v 1.64 2014/05/31 04:28:56 taca Exp $
 #
 # This file selects a PHP version, based on the user's preferences and
 # the installed packages. It does not add a dependency on the PHP
@ -82,7 +82,7 @@ PHPVERSION_MK=	defined

 # Define each PHP's version.
 PHP53_VERSION=	5.3.28
-PHP54_VERSION=	5.4.28
+PHP54_VERSION=	5.4.29
 PHP55_VERSION=	5.5.13

 # Define initial release of major version.
--- a/lang/php54/Makefile.php
+++ b/lang/php54/Makefile.php
@ -1,4 +1,4 @@
-# $NetBSD: Makefile.php,v 1.7 2014/04/05 03:43:40 taca Exp $
+# $NetBSD: Makefile.php,v 1.8 2014/05/31 04:28:57 taca Exp $
 # used by lang/php54/Makefile
 # used by www/ap-php/Makefile
 # used by www/php-fpm/Makefile
@ -42,9 +42,7 @@ CONFIGURE_ARGS+=	--with-libxml-dir=${PREFIX}

 .include "../../textproc/libxml2/buildlink3.mk"

-# Note: This expression is the same as ${PKGBASE}, but the latter is
-# not defined yet, so we cannot use it here.
-PKG_OPTIONS_VAR=	PKG_OPTIONS.${PKGNAME:C/-[0-9].*//}
+PKG_OPTIONS_VAR=	PKG_OPTIONS.${PHP_PKG_PREFIX}
 PKG_SUPPORTED_OPTIONS+=	inet6 ssl maintainer-zts readline
 PKG_SUGGESTED_OPTIONS+=	inet6 ssl

--- a/lang/php54/distinfo
+++ b/lang/php54/distinfo
@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.39 2014/05/11 11:20:47 he Exp $
+$NetBSD: distinfo,v 1.40 2014/05/31 04:28:57 taca Exp $

-SHA1 (php-5.4.28.tar.bz2) = 857d458b0daf89f36f8d652c5d8bd5fe509bc691
-RMD160 (php-5.4.28.tar.bz2) = 22f3ac1c56b104a9fa615a26aa90b5591dea29ef
-Size (php-5.4.28.tar.bz2) = 12266216 bytes
+SHA1 (php-5.4.29.tar.bz2) = 199cfe6ba44732d737e03e5321ea9399823759d7
+RMD160 (php-5.4.29.tar.bz2) = 38e3d70fe04cf458f4615355857ded9a90df67e4
+Size (php-5.4.29.tar.bz2) = 12293765 bytes
 SHA1 (patch-acinclude.m4) = 71635e5381abf99a9fc9f2537b1c2f18e8096f00
 SHA1 (patch-aclocal.m4) = eae2ed8ea2985933c4fe88ba52577c14ac88eb92
 SHA1 (patch-build_libtool.m4) = 6dfef7c07a42dc54611c104265ef43c50a4e88ca