[packages/php/PHP_5_6] up to 5.6.5, fixes for CVE-2015-0231, CVE-2014-9427 and CVE-2015-0232

glen glen at pld-linux.org
Wed Feb 4 18:29:22 CET 2015 

commit f7b1685115256dac3f38411dd81e3340cf0b42f5
Author: Elan Ruusamäe <glen at delfi.ee>
Date:   Wed Feb 4 19:28:58 2015 +0200

    up to 5.6.5, fixes for CVE-2015-0231, CVE-2014-9427 and CVE-2015-0232

 fpm-conf-split.patch | 20 +++++++++++++++-----
 php-fpm-config.patch | 12 ++++++------
 php.spec             |  6 +++---
 3 files changed, 24 insertions(+), 14 deletions(-)
---
diff --git a/php.spec b/php.spec
index cc05a97..40977d8 100644
--- a/php.spec
+++ b/php.spec
@@ -134,7 +134,7 @@ ERROR: You need to select at least one Apache SAPI to build shared modules.
 %undefine	with_filter
 %endif
 
-%define		rel	2
+%define		rel	1
 %define		orgname	php
 %define		ver_suffix 56
 %define		php_suffix %{!?with_default_php:%{ver_suffix}}
@@ -145,13 +145,13 @@ Summary(pt_BR.UTF-8):	A linguagem de script PHP
 Summary(ru.UTF-8):	PHP Версии 5 - язык препроцессирования HTML-файлов, выполняемый на сервере
 Summary(uk.UTF-8):	PHP Версії 5 - мова препроцесування HTML-файлів, виконувана на сервері
 Name:		%{orgname}%{php_suffix}
-Version:	5.6.4
+Version:	5.6.5
 Release:	%{rel}%{?with_type_hints:.th}
 Epoch:		4
 License:	PHP
 Group:		Libraries
 Source0:	http://www.php.net/distributions/%{orgname}-%{version}.tar.xz
-# Source0-md5:	bf824c5e5c7f49ca5f7350d72cba4881
+# Source0-md5:	541a480e1f8747219074c99f3e9edbcc
 Source2:	%{orgname}-mod_%{orgname}.conf
 Source3:	%{orgname}-cgi-fcgi.ini
 Source4:	%{orgname}-apache.ini
diff --git a/fpm-conf-split.patch b/fpm-conf-split.patch
index bae2ef7..3d4bd92 100644
--- a/fpm-conf-split.patch
+++ b/fpm-conf-split.patch
@@ -1,5 +1,5 @@
---- php-5.6.4/sapi/fpm/php-fpm.conf.in~	2015-01-01 17:18:30.000000000 +0200
-+++ php-5.6.4/sapi/fpm/php-fpm.conf.in	2015-01-01 17:20:31.203799290 +0200
+--- php-5.6.5/sapi/fpm/php-fpm.conf.in~	2015-02-04 19:22:00.000000000 +0200
++++ php-5.6.5/sapi/fpm/php-fpm.conf.in	2015-02-04 19:23:22.109298245 +0200
 @@ -6,14 +6,6 @@
  ; prefix (@prefix@). This prefix can be dynamically changed by using the
  ; '-p' argument from the command line.
@@ -15,7 +15,7 @@
  ;;;;;;;;;;;;;;;;;;
  ; Global Options ;
  ;;;;;;;;;;;;;;;;;;
-@@ -115,410 +115,3 @@
+@@ -115,415 +115,3 @@
  ; ports and different management options.  The name of the pool will be
  ; used in logs and stats. There is no limitation on the number of pools which
  ; FPM can handle. Your system will tell you anyway :)
@@ -71,6 +71,11 @@
 -;listen.owner = @php_fpm_user@
 -;listen.group = @php_fpm_group@
 -;listen.mode = 0660
+-; When POSIX Access Control Lists are supported you can set them using
+-; these options, value is a comma separated list of user/group names.
+-; When set, listen.owner and listen.group are ignored
+-;listen.acl_users =
+-;listen.acl_groups =
 - 
 -; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
 -; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
@@ -427,8 +432,8 @@
 -;php_admin_flag[log_errors] = on
 -;php_admin_value[memory_limit] = 32M
 --- /dev/null	2007-02-13 18:29:53.000000000 +0200
-+++ php-5.6.4/sapi/fpm/php-fpm.conf-d.in	2015-01-01 17:19:55.621958470 +0200
-@@ -0,0 +1,406 @@
++++ php-5.6.5/sapi/fpm/php-fpm.conf-d.in	2015-02-04 19:23:20.709225773 +0200
+@@ -0,0 +1,411 @@
 +; Start a new pool named 'www'.
 +; the variable $pool can we used in any directive and will be replaced by the
 +; pool name ('www' here)
@@ -480,6 +485,11 @@
 +;listen.owner = @php_fpm_user@
 +;listen.group = @php_fpm_group@
 +;listen.mode = 0660
++; When POSIX Access Control Lists are supported you can set them using
++; these options, value is a comma separated list of user/group names.
++; When set, listen.owner and listen.group are ignored
++;listen.acl_users =
++;listen.acl_groups =
 + 
 +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
 +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
diff --git a/php-fpm-config.patch b/php-fpm-config.patch
index cb2b91d..69a9371 100644
--- a/php-fpm-config.patch
+++ b/php-fpm-config.patch
@@ -29,8 +29,8 @@
 +;  - the global prefix if it's been set (-p argument)
 +;  - @prefix@ otherwise
 +include=/etc/php/fpm.d/*.conf
---- php-5.6.2.old/sapi/fpm/php-fpm.conf-d.in	2014-10-27 08:07:47.762117299 +0200
-+++ php-5.6.2/sapi/fpm/php-fpm.conf-d.in	2014-10-27 08:23:41.232196777 +0200
+--- php-5.6.5/sapi/fpm/php-fpm.conf-d.in~	2015-02-04 19:26:16.000000000 +0200
++++ php-5.6.5/sapi/fpm/php-fpm.conf-d.in	2015-02-04 19:27:25.275218535 +0200
 @@ -32,7 +32,7 @@
  ;                            specific port;
  ;   '/path/to/unix/socket' - to listen on a unix socket.
@@ -40,7 +40,7 @@
  
  ; Set listen(2) backlog.
  ; Default Value: 65535 (-1 on FreeBSD and OpenBSD)
-@@ -41,9 +41,9 @@
+@@ -46,9 +46,9 @@
  ; BSD-derived systems allow connections regardless of permissions. 
  ; Default Values: user and group are set as the running user
  ;                 mode is set to 0660
@@ -50,9 +50,9 @@
 +listen.owner = root
 +listen.group = @php_fpm_group@
 +listen.mode = 0660
-  
- ; List of ipv4 addresses of FastCGI clients which are allowed to connect.
- ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
+ ; When POSIX Access Control Lists are supported you can set them using
+ ; these options, value is a comma separated list of user/group names.
+ ; When set, listen.owner and listen.group are ignored
 @@ -53,7 +53,7 @@
  ; must be separated by a comma. If this value is left blank, connections will be
  ; accepted from any ip address.
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/php.git/commitdiff/f7b1685115256dac3f38411dd81e3340cf0b42f5

More information about the pld-cvs-commit mailing list