From f94488369ddb9f783b24276b868bc9d41f37105b Mon Sep 17 00:00:00 2001 From: taca Date: Fri, 27 Jun 2014 11:34:19 +0000 Subject: [PATCH] Update php55 to 5.5.14 which includes several security fixes. 26 Jun 2014, PHP 5.5.14 - Core: . Fixed BC break introduced by patch for bug #67072. (Anatol, Stas) . Fixed bug #66622 (Closures do not correctly capture the late bound class (static::) in some cases). (Levi Morrison) . Fixed bug #67390 (insecure temporary file use in the configure script). (CVE-2014-3981) (Remi) . Fixed bug #67399 (putenv with empty variable may lead to crash). (Stas) . Fixed bug #67498 (phpinfo() Type Confusion Information Leak Vulnerability). (Stefan Esser) - CLI server: . Fixed Bug #67406 (built-in web-server segfaults on startup). (Remi) - Date: . Fixed bug #67308 (Serialize of DateTime truncates fractions of second). (Adam) . Fixed regression in fix for bug #67118 (constructor can't be called twice). (Remi) - Fileinfo: . Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check). (CVE-2014-0207) . Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal string size). (CVE-2014-3478) (Francisco Alonso, Jan Kaluza, Remi) . Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary check). (CVE-2014-3479) (Francisco Alonso, Jan Kaluza, Remi) . Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check). (CVE-2014-3480) (Francisco Alonso, Jan Kaluza, Remi) . Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary check). (CVE-2014-3487) (Francisco Alonso, Jan Kaluza, Remi) - Intl: . Fixed bug #67349 (Locale::parseLocale Double Free). (Stas) . Fixed bug #67397 (Buffer overflow in locale_get_display_name and uloc_getDisplayName (libicu 4.8.1)). (Stas) - Network: . Fixed bug #67432 (Fix potential segfault in dns_get_record()). (CVE-2014-4049). (Sara) - OPCache: . Fixed issue #183 (TMP_VAR is not only used once). (Dmitry, Laruence) - OpenSSL: . Fixed bug #65698 (certificates validity parsing does not work past 2050). (Paul Oehler) . Fixed bug #66636 (openssl_x509_parse warning with V_ASN1_GENERALIZEDTIME). (Paul Oehler) - PDO-ODBC: . Fixed bug #50444 (PDO-ODBC changes for 64-bit). - SOAP: . Implemented FR #49898 (Add SoapClient::__getCookies()). (Boro Sitnikovski) - SPL: . Fixed bug #66127 (Segmentation fault with ArrayObject unset). (Stas) . Fixed bug #67359 (Segfault in recursiveDirectoryIterator). (Laruence) . Fixed bug #67360 (Missing element after ArrayObject::getIterator). (Adam) . Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion). (CVE-2014-3515) (Stefan Esser) . Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol) . Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas) . Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas) - DOM: . Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag, not only the subset). (Anatol) - Fileinfo: . Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol) . Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS) (CVE-2014-0238). . Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in performance degradation) (CVE-2014-0237). - FPM: . Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor). (Julio Pintos) - GD: . Fixed bug #67248 (imageaffinematrixget missing check of parameters). (Stas) - PCRE: . Fixed bug #67238 (Ungreedy and min/max quantifier bug, applied patch from the upstream). (Anatol) - Phar: . Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent in its name). (PR #588) --- lang/php/phpversion.mk | 4 ++-- lang/php55/Makefile | 3 +-- lang/php55/distinfo | 8 ++++---- 3 files changed, 7 insertions(+), 8 deletions(-) diff --git a/lang/php/phpversion.mk b/lang/php/phpversion.mk index 4c05081930f9..8565704591dc 100644 --- a/lang/php/phpversion.mk +++ b/lang/php/phpversion.mk @@ -1,4 +1,4 @@ -# $NetBSD: phpversion.mk,v 1.65 2014/06/27 11:31:20 taca Exp $ +# $NetBSD: phpversion.mk,v 1.66 2014/06/27 11:34:19 taca Exp $ # # This file selects a PHP version, based on the user's preferences and # the installed packages. It does not add a dependency on the PHP @@ -83,7 +83,7 @@ PHPVERSION_MK= defined # Define each PHP's version. PHP53_VERSION= 5.3.28 PHP54_VERSION= 5.4.30 -PHP55_VERSION= 5.5.13 +PHP55_VERSION= 5.5.14 # Define initial release of major version. PHP53_RELDATE= 20090630 diff --git a/lang/php55/Makefile b/lang/php55/Makefile index 52f7d7f12dcb..c9d6c385cdb5 100644 --- a/lang/php55/Makefile +++ b/lang/php55/Makefile @@ -1,10 +1,9 @@ -# $NetBSD: Makefile,v 1.13 2014/06/13 14:13:20 fhajny Exp $ +# $NetBSD: Makefile,v 1.14 2014/06/27 11:34:19 taca Exp $ # # We can't omit PKGNAME here to handle PKG_OPTIONS. # PKGNAME= php-${PHP_BASE_VERS} -PKGREVISION= 1 CATEGORIES= lang HOMEPAGE= http://www.php.net/ diff --git a/lang/php55/distinfo b/lang/php55/distinfo index 749fe8466760..683199454c4d 100644 --- a/lang/php55/distinfo +++ b/lang/php55/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.24 2014/06/13 14:31:19 fhajny Exp $ +$NetBSD: distinfo,v 1.25 2014/06/27 11:34:19 taca Exp $ -SHA1 (php-5.5.13.tar.bz2) = b16ff3218d2cc79a5acac577f7560dbb80f205d1 -RMD160 (php-5.5.13.tar.bz2) = 806623a7d78ad1c7efcdd953bfea58075e559aae -Size (php-5.5.13.tar.bz2) = 13274145 bytes +SHA1 (php-5.5.14.tar.bz2) = 062d351da165aa0568e4d8cbc53a18d73b99f49a +RMD160 (php-5.5.14.tar.bz2) = d3f87693d3118cfdc64a7b77e9b765ce4eb7ae60 +Size (php-5.5.14.tar.bz2) = 13282773 bytes SHA1 (patch-acinclude.m4) = 9e9c433e4cb96e469f7cf14b2064a0f41fc4568a SHA1 (patch-aclocal.m4) = 14ae2898e1d68b552e76a7e4ee7006f1aee1f932 SHA1 (patch-build_libtool.m4) = 6ee935c55cc01704c6e9edb4e383b2ddb7c746e7