packages (PHP_5_2): php/php.spec, php/system-libzip.patch - use system libz...
glen
glen at pld-linux.org
Mon Oct 10 20:54:44 CEST 2011
Author: glen Date: Mon Oct 10 18:54:44 2011 GMT
Module: packages Tag: PHP_5_2
---- Log message:
- use system libzip 0.10, resolves CVE-2011-0421
---- Files affected:
packages/php:
php.spec (1.805.2.89 -> 1.805.2.90) , system-libzip.patch (1.2 -> 1.2.2.1)
---- Diffs:
================================================================
Index: packages/php/php.spec
diff -u packages/php/php.spec:1.805.2.89 packages/php/php.spec:1.805.2.90
--- packages/php/php.spec:1.805.2.89 Mon Oct 10 20:10:36 2011
+++ packages/php/php.spec Mon Oct 10 20:54:38 2011
@@ -191,6 +191,8 @@
Patch55: bug-52078-fileinode.patch
Patch56: %{name}-krb5.patch
Patch57: php-php_dl.patch
+# http://spot.fedorapeople.org/php-5.3.6-libzip.patch
+Patch65: system-libzip.patch
URL: http://www.php.net/
%{?with_interbase:%{!?with_interbase_inst:BuildRequires: Firebird-devel >= 1.0.2.908-2}}
%{?with_pspell:BuildRequires: aspell-devel >= 2:0.50.0}
@@ -210,6 +212,7 @@
BuildRequires: flex
%if %{with mssql} || %{with sybase} || %{with sybase_ct}
BuildRequires: freetds-devel
+BuildRequires: libzip-devel >= 0.10-3
%endif
BuildRequires: freetype-devel >= 2.0
%if %{with system_gd}
@@ -1754,6 +1757,7 @@
Requires: %{name}-common = %{epoch}:%{version}-%{release}
Provides: php(zip)
Obsoletes: php-pecl-zip
+Requires: libzip >= 0.10-3
%description zip
Zip is an extension to create, modify and read zip files.
@@ -1867,6 +1871,7 @@
%patch55 -p1
%patch56 -p1
%patch57 -p1
+%patch65 -p1
# conflict seems to be resolved by recode patches
rm -f ext/recode/config9.m4
@@ -2092,6 +2097,7 @@
--with-xsl=shared \
--with-zlib=shared \
--with-zlib-dir=shared,/usr \
+ --with-libzip \
--enable-zip=shared,/usr \
cp -f Makefile Makefile.$sapi
@@ -3172,6 +3178,9 @@
All persons listed below can be reached at <cvs_login>@pld-linux.org
$Log$
+Revision 1.805.2.90 2011/10/10 18:54:38 glen
+- use system libzip 0.10, resolves CVE-2011-0421
+
Revision 1.805.2.89 2011/10/10 18:10:36 glen
- recover lost patch bug-52078-fileinode.patch
================================================================
Index: packages/php/system-libzip.patch
diff -u packages/php/system-libzip.patch:1.2 packages/php/system-libzip.patch:1.2.2.1
--- packages/php/system-libzip.patch:1.2 Tue Sep 27 00:30:51 2011
+++ packages/php/system-libzip.patch Mon Oct 10 20:54:39 2011
@@ -4,40 +4,16 @@
http://spot.fedorapeople.org/php-5.3.6-libzip.patch
pld fixes: link with -lzip when using system lib, -lz otherwise
---- php-5.3.8/ext/zip/config.m4~ 2008-08-08 12:47:15.000000000 +0300
-+++ php-5.3.8/ext/zip/config.m4 2011-09-27 01:18:53.258197363 +0300
-@@ -13,8 +13,72 @@
- PHP_ARG_WITH(pcre-dir, pcre install prefix,
- [ --with-pcre-dir ZIP: pcre install prefix], no, no)
+--- php-5.2.17/ext/zip/config.m4 2011-10-10 21:33:09.589608203 +0300
++++ php-5.3.8/ext/zip/config.m4 2011-09-27 01:24:57.614837494 +0300
+@@ -10,8 +10,48 @@
+ [ --with-zlib-dir[=DIR] ZIP: Set the path to libz install prefix], no, no)
+ fi
+PHP_ARG_WITH(libzip, libzip,
+[ --with-libzip[=DIR] ZIP: use libzip], no, no)
+
if test "$PHP_ZIP" != "no"; then
-+ dnl This is PECL build, check if bundled PCRE library is used
-+ old_CPPFLAGS=$CPPFLAGS
-+ CPPFLAGS=$INCLUDES
-+ AC_EGREP_CPP(yes,[
-+#include <main/php_config.h>
-+#if defined(HAVE_BUNDLED_PCRE) && !defined(COMPILE_DL_PCRE)
-+yes
-+#endif
-+ ],[
-+ PHP_PCRE_REGEX=yes
-+ ],[
-+ AC_EGREP_CPP(yes,[
-+#include <main/php_config.h>
-+#if defined(HAVE_PCRE) && !defined(COMPILE_DL_PCRE)
-+yes
-+#endif
-+ ],[
-+ PHP_PCRE_REGEX=pecl
-+ ],[
-+ PHP_PCRE_REGEX=no
-+ ])
-+ ])
-+ CPPFLAGS=$old_CPPFLAGS
-+
+ if test "$PHP_LIBZIP" != "no"; then
+ dnl system libzip, depends on libzip
+ if test -r $PHP_LIBZIP/include/zip.h; then
@@ -52,12 +28,12 @@
+ fi
+ done
+ fi
-+
+
+ if test -z "$LIBZIP_DIR"; then
+ AC_MSG_RESULT(not found)
+ AC_MSG_ERROR(Please reinstall the libzip distribution)
+ fi
-
++
+ dnl Could not think of a simple way to check libzip for overwrite support
+ PHP_CHECK_LIBRARY(zip, zip_open,
+ [
@@ -76,55 +52,12 @@
+ else
+
+ dnl bundled libzip, depends on zlib
- if test "$PHP_ZLIB_DIR" != "no" && test "$PHP_ZLIB_DIR" != "yes"; then
- if test -f "$PHP_ZLIB_DIR/include/zlib/zlib.h"; then
- PHP_ZLIB_DIR="$PHP_ZLIB_DIR"
-@@ -47,31 +111,7 @@
- PHP_ADD_INCLUDE($PHP_ZLIB_INCDIR)
- fi
-
-- dnl This is PECL build, check if bundled PCRE library is used
-- old_CPPFLAGS=$CPPFLAGS
-- CPPFLAGS=$INCLUDES
-- AC_EGREP_CPP(yes,[
--#include <main/php_config.h>
--#if defined(HAVE_BUNDLED_PCRE) && !defined(COMPILE_DL_PCRE)
--yes
--#endif
-- ],[
-- PHP_PCRE_REGEX=yes
-- ],[
-- AC_EGREP_CPP(yes,[
--#include <main/php_config.h>
--#if defined(HAVE_PCRE) && !defined(COMPILE_DL_PCRE)
--yes
--#endif
-- ],[
-- PHP_PCRE_REGEX=pecl
-- ],[
-- PHP_PCRE_REGEX=no
-- ])
-- ])
-- CPPFLAGS=$old_CPPFLAGS
--
-- PHP_ZIP_SOURCES="$PHP_ZIP_SOURCES lib/zip_add.c lib/zip_error.c lib/zip_fclose.c \
-+ PHP_ZIP_SOURCES="$PHP_ZIP_SOURCES lib/zip_add.c lib/zip_error.c lib/zip_fclose.c \
- lib/zip_fread.c lib/zip_open.c lib/zip_source_filep.c \
- lib/zip_strerror.c lib/zip_close.c lib/zip_error_get.c \
- lib/zip_file_error_get.c lib/zip_free.c lib/zip_rename.c \
-@@ -91,10 +131,11 @@
- lib/zip_unchange_archive.c lib/zip_memdup.c lib/zip_stat_init.c lib/zip_add_dir.c \
- lib/zip_error_clear.c lib/zip_file_error_clear.c"
-
-- AC_DEFINE(HAVE_ZIP,1,[ ])
-- PHP_NEW_EXTENSION(zip, php_zip.c zip_stream.c $PHP_ZIP_SOURCES, $ext_shared)
-- PHP_ADD_BUILD_DIR($ext_builddir/lib, 1)
-- PHP_SUBST(ZIP_SHARED_LIBADD)
-+ AC_DEFINE(HAVE_ZIP,1,[ ])
-+ PHP_NEW_EXTENSION(zip, php_zip.c zip_stream.c $PHP_ZIP_SOURCES, $ext_shared)
-+ PHP_ADD_BUILD_DIR($ext_builddir/lib, 1)
-+ PHP_SUBST(ZIP_SHARED_LIBADD)
+ if test "$PHP_ZLIB_DIR" != "no" && test "$PHP_ZLIB_DIR" != "yes"; then
+ if test -f "$PHP_ZLIB_DIR/include/zlib/zlib.h"; then
+ PHP_ZLIB_DIR="$PHP_ZLIB_DIR"
+@@ -68,4 +108,5 @@
+ PHP_NEW_EXTENSION(zip, php_zip.c zip_stream.c $PHP_ZIP_SOURCES, $ext_shared)
+ PHP_ADD_BUILD_DIR($ext_builddir/lib, 1)
+ PHP_SUBST(ZIP_SHARED_LIBADD)
+ fi
-
- dnl so we always include the known-good working hack.
- PHP_ADD_MAKEFILE_FRAGMENT
+
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/php/php.spec?r1=1.805.2.89&r2=1.805.2.90&f=u
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/php/system-libzip.patch?r1=1.2&r2=1.2.2.1&f=u
More information about the pld-cvs-commit
mailing list