packages: php/php-config-file-scan-dir.patch, php/php-ini.patch, php/php-sa...

arekm arekm at pld-linux.org
Fri Mar 18 10:02:27 CET 2011 

Author: arekm                        Date: Fri Mar 18 09:02:27 2011 GMT
Module: packages                      Tag: HEAD
---- Log message:
- updated to 5.3.6 without suhoshin (fixes CVE-2011-1153, CVE-2011-1092, CVE-2011-0708, CVE-2011-0421, misc)

---- Files affected:
packages/php:
   php-config-file-scan-dir.patch (1.3 -> 1.4) , php-ini.patch (1.40 -> 1.41) , php-sapi-ini-file.patch (1.12 -> 1.13) , php.spec (1.925 -> 1.926) 

---- Diffs:

================================================================
Index: packages/php/php-config-file-scan-dir.patch
diff -u packages/php/php-config-file-scan-dir.patch:1.3 packages/php/php-config-file-scan-dir.patch:1.4
--- packages/php/php-config-file-scan-dir.patch:1.3	Sun Dec 12 21:09:02 2010
+++ packages/php/php-config-file-scan-dir.patch	Fri Mar 18 10:02:21 2011
@@ -28,14 +28,14 @@
  		char ini_file[MAXPATHLEN];
 -		char *p;
 +		char *p, *last, *path_copy, *ini_path = NULL;
- 		zend_file_handle fh;
+ 		zend_file_handle fh2;
  		zend_llist scanned_ini_list;
  		zend_llist_element *element;
  		int l, total_l = 0;
  
 -		if ((ndir = php_scandir(php_ini_scanned_path, &namelist, 0, php_alphasort)) > 0) {
 -			zend_llist_init(&scanned_ini_list, sizeof(char *), (llist_dtor_func_t) free_estring, 1);
--			memset(&fh, 0, sizeof(fh));
+-			memset(&fh2, 0, sizeof(fh2));
 -
 -			for (i = 0; i < ndir; i++) {
 -
@@ -54,11 +54,11 @@
 -				}
 -				if (VCWD_STAT(ini_file, &sb) == 0) {
 -					if (S_ISREG(sb.st_mode)) {
--						if ((fh.handle.fp = VCWD_FOPEN(ini_file, "r"))) {
--							fh.filename = ini_file;
--							fh.type = ZEND_HANDLE_FP;
+-						if ((fh2.handle.fp = VCWD_FOPEN(ini_file, "r"))) {
+-							fh2.filename = ini_file;
+-							fh2.type = ZEND_HANDLE_FP;
 -
--							if (zend_parse_ini_file(&fh, 1, ZEND_INI_SCANNER_NORMAL, (zend_ini_parser_cb_t) php_ini_parser_cb, &configuration_hash TSRMLS_CC) == SUCCESS) {
+-							if (zend_parse_ini_file(&fh2, 1, ZEND_INI_SCANNER_NORMAL, (zend_ini_parser_cb_t) php_ini_parser_cb, &configuration_hash TSRMLS_CC) == SUCCESS) {
 -								/* Here, add it to the list of ini files read */
 -								l = strlen(ini_file);
 -								total_l += l + 2;
@@ -76,7 +76,7 @@
 +			int ini_path_len = strlen(ini_path);
 +
 +			if ((ndir = php_scandir(ini_path, &namelist, 0, php_alphasort)) > 0) {
-+				memset(&fh, 0, sizeof(fh));
++				memset(&fh2, 0, sizeof(fh2));
 +
 +				for (i = 0; i < ndir; i++) {
 +					/* check for any file with .ini extension */
@@ -94,14 +94,14 @@
 +					}			
 +					if (VCWD_STAT(ini_file, &sb) == 0) {
 +						if (S_ISREG(sb.st_mode)) {
-+							if ((fh.handle.fp = VCWD_FOPEN(ini_file, "r"))) {
-+								fh.filename = ini_file;
-+								fh.type = ZEND_HANDLE_FP;
++							if ((fh2.handle.fp = VCWD_FOPEN(ini_file, "r"))) {
++								fh2.filename = ini_file;
++								fh2.type = ZEND_HANDLE_FP;
 +								
 +								/* Reset active ini section */
 +								RESET_ACTIVE_INI_HASH();
 +
-+								if (zend_parse_ini_file(&fh, 1, ZEND_INI_SCANNER_NORMAL, (zend_ini_parser_cb_t) php_ini_parser_cb, &configuration_hash TSRMLS_CC) == SUCCESS) {
++								if (zend_parse_ini_file(&fh2, 1, ZEND_INI_SCANNER_NORMAL, (zend_ini_parser_cb_t) php_ini_parser_cb, &configuration_hash TSRMLS_CC) == SUCCESS) {
 +									/* Here, add it to the list of ini files read */
 +									l = strlen(ini_file);
 +									total_l += l + 2;

================================================================
Index: packages/php/php-ini.patch
diff -u packages/php/php-ini.patch:1.40 packages/php/php-ini.patch:1.41
--- packages/php/php-ini.patch:1.40	Sun Dec 12 22:00:01 2010
+++ packages/php/php-ini.patch	Fri Mar 18 10:02:21 2011
@@ -105,7 +105,7 @@
  ;
  ;   extension=msql.so
  ;
-@@ -891,49 +887,8 @@
+@@ -887,39 +887,8 @@
  ; If you only provide the name of the extension, PHP will look for it in its
  ; default extension directory.
  ;
@@ -142,21 +142,11 @@
 -;extension=php_pgsql.dll
 -;extension=php_pspell.dll
 -;extension=php_shmop.dll
--;extension=php_snmp.dll
--;extension=php_soap.dll
--;extension=php_sockets.dll
--;extension=php_sqlite.dll
--;extension=php_sqlite3.dll
--;extension=php_sybase_ct.dll
--;extension=php_tidy.dll
--;extension=php_xmlrpc.dll
--;extension=php_xsl.dll
--;extension=php_zip.dll
 +; Ideally in PLD Linux you should install appropriate php-<extension> or
 +; php-pecl-<extension> package.
  
- ;;;;;;;;;;;;;;;;;;;
- ; Module Settings ;
+ ; The MIBS data available in the PHP distribution must be installed. 
+ ; See http://www.php.net/manual/en/snmp.installation.php 
 @@ -1235,6 +1140,9 @@
  ; http://php.net/mysql.connect-timeout
  mysql.connect_timeout = 60

================================================================
Index: packages/php/php-sapi-ini-file.patch
diff -u packages/php/php-sapi-ini-file.patch:1.12 packages/php/php-sapi-ini-file.patch:1.13
--- packages/php/php-sapi-ini-file.patch:1.12	Wed Mar 17 17:43:54 2010
+++ packages/php/php-sapi-ini-file.patch	Fri Mar 18 10:02:21 2011
@@ -74,6 +74,6 @@
  
 -			if ((ndir = php_scandir(ini_path, &namelist, 0, php_alphasort)) > 0) {
 +			if ((ndir = php_scandir(ini_path, &namelist, 0, php_csort)) > 0) {
- 				memset(&fh, 0, sizeof(fh));
+ 				memset(&fh2, 0, sizeof(fh2));
  
  				for (i = 0; i < ndir; i++) {

================================================================
Index: packages/php/php.spec
diff -u packages/php/php.spec:1.925 packages/php/php.spec:1.926
--- packages/php/php.spec:1.925	Fri Mar 11 18:53:57 2011
+++ packages/php/php.spec	Fri Mar 18 10:02:21 2011
@@ -103,7 +103,7 @@
 %undefine	with_filter
 %endif
 
-%define		rel	8
+%define		rel	0.1
 Summary:	PHP: Hypertext Preprocessor
 Summary(fr.UTF-8):	Le langage de script embarque-HTML PHP
 Summary(pl.UTF-8):	Język skryptowy PHP
@@ -111,13 +111,13 @@
 Summary(ru.UTF-8):	PHP Версии 5 - язык препроцессирования HTML-файлов, выполняемый на сервере
 Summary(uk.UTF-8):	PHP Версії 5 - мова препроцесування HTML-файлів, виконувана на сервері
 Name:		php
-Version:	5.3.5
+Version:	5.3.6
 Release:	%{rel}%{?with_type_hints:.th}%{?with_oci8:.oci}
 Epoch:		4
 License:	PHP
 Group:		Libraries
 Source0:	http://www.php.net/distributions/%{name}-%{version}.tar.bz2
-# Source0-md5:	8aaf20c95e91f25c5b6a591e5d6d61b9
+# Source0-md5:	2286f5a82a6e8397955a0025c1c2ad98
 Source2:	%{name}-mod_%{name}.conf
 Source3:	%{name}-cgi-fcgi.ini
 Source4:	%{name}-apache.ini
@@ -3166,6 +3166,9 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
+Revision 1.926  2011/03/18 09:02:21  arekm
+- updated to 5.3.6 without suhoshin (fixes CVE-2011-1153, CVE-2011-1092, CVE-2011-0708, CVE-2011-0421, misc)
+
 Revision 1.925  2011/03/11 17:53:57  baggins
 - add oci as release ext
 - add leading dot to release exts
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/php/php-config-file-scan-dir.patch?r1=1.3&r2=1.4&f=u
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/php/php-ini.patch?r1=1.40&r2=1.41&f=u
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/php/php-sapi-ini-file.patch?r1=1.12&r2=1.13&f=u
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/php/php.spec?r1=1.925&r2=1.926&f=u

More information about the pld-cvs-commit mailing list