packages (PHP_5_2): php/php.spec, php/system-libzip.patch - use system libz...

glen glen at pld-linux.org
Mon Oct 10 20:54:44 CEST 2011 

Author: glen                         Date: Mon Oct 10 18:54:44 2011 GMT
Module: packages                      Tag: PHP_5_2
---- Log message:
- use system libzip 0.10, resolves CVE-2011-0421

---- Files affected:
packages/php:
   php.spec (1.805.2.89 -> 1.805.2.90) , system-libzip.patch (1.2 -> 1.2.2.1) 

---- Diffs:

================================================================
Index: packages/php/php.spec
diff -u packages/php/php.spec:1.805.2.89 packages/php/php.spec:1.805.2.90
--- packages/php/php.spec:1.805.2.89	Mon Oct 10 20:10:36 2011
+++ packages/php/php.spec	Mon Oct 10 20:54:38 2011
@@ -191,6 +191,8 @@
 Patch55:	bug-52078-fileinode.patch
 Patch56:	%{name}-krb5.patch
 Patch57:	php-php_dl.patch
+# http://spot.fedorapeople.org/php-5.3.6-libzip.patch
+Patch65:	system-libzip.patch
 URL:		http://www.php.net/
 %{?with_interbase:%{!?with_interbase_inst:BuildRequires:	Firebird-devel >= 1.0.2.908-2}}
 %{?with_pspell:BuildRequires:	aspell-devel >= 2:0.50.0}
@@ -210,6 +212,7 @@
 BuildRequires:	flex
 %if %{with mssql} || %{with sybase} || %{with sybase_ct}
 BuildRequires:	freetds-devel
+BuildRequires:	libzip-devel >= 0.10-3
 %endif
 BuildRequires:	freetype-devel >= 2.0
 %if %{with system_gd}
@@ -1754,6 +1757,7 @@
 Requires:	%{name}-common = %{epoch}:%{version}-%{release}
 Provides:	php(zip)
 Obsoletes:	php-pecl-zip
+Requires:	libzip >= 0.10-3
 
 %description zip
 Zip is an extension to create, modify and read zip files.
@@ -1867,6 +1871,7 @@
 %patch55 -p1
 %patch56 -p1
 %patch57 -p1
+%patch65 -p1
 
 # conflict seems to be resolved by recode patches
 rm -f ext/recode/config9.m4
@@ -2092,6 +2097,7 @@
 	--with-xsl=shared \
 	--with-zlib=shared \
 	--with-zlib-dir=shared,/usr \
+	--with-libzip \
 	--enable-zip=shared,/usr \
 
 	cp -f Makefile Makefile.$sapi
@@ -3172,6 +3178,9 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
+Revision 1.805.2.90  2011/10/10 18:54:38  glen
+- use system libzip 0.10, resolves CVE-2011-0421
+
 Revision 1.805.2.89  2011/10/10 18:10:36  glen
 - recover lost patch bug-52078-fileinode.patch
 

================================================================
Index: packages/php/system-libzip.patch
diff -u packages/php/system-libzip.patch:1.2 packages/php/system-libzip.patch:1.2.2.1
--- packages/php/system-libzip.patch:1.2	Tue Sep 27 00:30:51 2011
+++ packages/php/system-libzip.patch	Mon Oct 10 20:54:39 2011
@@ -4,40 +4,16 @@
 http://spot.fedorapeople.org/php-5.3.6-libzip.patch
 pld fixes: link with -lzip when using system lib, -lz otherwise
 
---- php-5.3.8/ext/zip/config.m4~	2008-08-08 12:47:15.000000000 +0300
-+++ php-5.3.8/ext/zip/config.m4	2011-09-27 01:18:53.258197363 +0300
-@@ -13,8 +13,72 @@
- PHP_ARG_WITH(pcre-dir, pcre install prefix,
- [  --with-pcre-dir           ZIP: pcre install prefix], no, no)
+--- php-5.2.17/ext/zip/config.m4	2011-10-10 21:33:09.589608203 +0300
++++ php-5.3.8/ext/zip/config.m4	2011-09-27 01:24:57.614837494 +0300
+@@ -10,8 +10,48 @@
+ [  --with-zlib-dir[=DIR]     ZIP: Set the path to libz install prefix], no, no)
+ fi
  
 +PHP_ARG_WITH(libzip, libzip,
 +[  --with-libzip[=DIR]       ZIP: use libzip], no, no)
 +
  if test "$PHP_ZIP" != "no"; then
-+  dnl This is PECL build, check if bundled PCRE library is used
-+  old_CPPFLAGS=$CPPFLAGS
-+  CPPFLAGS=$INCLUDES
-+  AC_EGREP_CPP(yes,[
-+#include <main/php_config.h>
-+#if defined(HAVE_BUNDLED_PCRE) && !defined(COMPILE_DL_PCRE)
-+yes
-+#endif
-+  ],[
-+    PHP_PCRE_REGEX=yes
-+  ],[
-+    AC_EGREP_CPP(yes,[
-+#include <main/php_config.h>
-+#if defined(HAVE_PCRE) && !defined(COMPILE_DL_PCRE)
-+yes
-+#endif
-+    ],[
-+      PHP_PCRE_REGEX=pecl
-+    ],[
-+      PHP_PCRE_REGEX=no
-+    ])
-+  ])
-+  CPPFLAGS=$old_CPPFLAGS
-+
 +  if test "$PHP_LIBZIP" != "no"; then
 +    dnl system libzip, depends on libzip
 +    if test -r $PHP_LIBZIP/include/zip.h; then
@@ -52,12 +28,12 @@
 +        fi
 +      done
 +    fi
-+
+ 
 +    if test -z "$LIBZIP_DIR"; then
 +      AC_MSG_RESULT(not found)
 +      AC_MSG_ERROR(Please reinstall the libzip distribution)
 +    fi
- 
++
 +    dnl Could not think of a simple way to check libzip for overwrite support
 +    PHP_CHECK_LIBRARY(zip, zip_open,
 +    [
@@ -76,55 +52,12 @@
 +  else
 +
 +  dnl bundled libzip, depends on zlib
-   if test "$PHP_ZLIB_DIR" != "no" && test "$PHP_ZLIB_DIR" != "yes"; then
-     if test -f "$PHP_ZLIB_DIR/include/zlib/zlib.h"; then
-       PHP_ZLIB_DIR="$PHP_ZLIB_DIR"
-@@ -47,31 +111,7 @@
-     PHP_ADD_INCLUDE($PHP_ZLIB_INCDIR)
-   fi
- 
--  dnl This is PECL build, check if bundled PCRE library is used
--  old_CPPFLAGS=$CPPFLAGS
--  CPPFLAGS=$INCLUDES
--  AC_EGREP_CPP(yes,[
--#include <main/php_config.h>
--#if defined(HAVE_BUNDLED_PCRE) && !defined(COMPILE_DL_PCRE)
--yes
--#endif
--  ],[
--    PHP_PCRE_REGEX=yes
--  ],[
--    AC_EGREP_CPP(yes,[
--#include <main/php_config.h>
--#if defined(HAVE_PCRE) && !defined(COMPILE_DL_PCRE)
--yes
--#endif
--    ],[
--      PHP_PCRE_REGEX=pecl
--    ],[
--      PHP_PCRE_REGEX=no
--    ])
--  ])
--  CPPFLAGS=$old_CPPFLAGS
--
--  PHP_ZIP_SOURCES="$PHP_ZIP_SOURCES lib/zip_add.c lib/zip_error.c lib/zip_fclose.c \
-+    PHP_ZIP_SOURCES="$PHP_ZIP_SOURCES lib/zip_add.c lib/zip_error.c lib/zip_fclose.c \
-                          lib/zip_fread.c lib/zip_open.c lib/zip_source_filep.c  \
-                          lib/zip_strerror.c lib/zip_close.c lib/zip_error_get.c \
-                          lib/zip_file_error_get.c lib/zip_free.c lib/zip_rename.c \
-@@ -91,10 +131,11 @@
-                          lib/zip_unchange_archive.c lib/zip_memdup.c lib/zip_stat_init.c lib/zip_add_dir.c \
-                          lib/zip_error_clear.c lib/zip_file_error_clear.c"
- 
--  AC_DEFINE(HAVE_ZIP,1,[ ])
--  PHP_NEW_EXTENSION(zip, php_zip.c zip_stream.c $PHP_ZIP_SOURCES, $ext_shared)
--  PHP_ADD_BUILD_DIR($ext_builddir/lib, 1)
--  PHP_SUBST(ZIP_SHARED_LIBADD)
-+    AC_DEFINE(HAVE_ZIP,1,[ ])
-+    PHP_NEW_EXTENSION(zip, php_zip.c zip_stream.c $PHP_ZIP_SOURCES, $ext_shared)
-+    PHP_ADD_BUILD_DIR($ext_builddir/lib, 1)
-+    PHP_SUBST(ZIP_SHARED_LIBADD)
+ 	if test "$PHP_ZLIB_DIR" != "no" && test "$PHP_ZLIB_DIR" != "yes"; then
+ 		if test -f "$PHP_ZLIB_DIR/include/zlib/zlib.h"; then
+ 			PHP_ZLIB_DIR="$PHP_ZLIB_DIR"
+@@ -68,4 +108,5 @@
+ 	PHP_NEW_EXTENSION(zip, php_zip.c zip_stream.c $PHP_ZIP_SOURCES, $ext_shared)
+ 	PHP_ADD_BUILD_DIR($ext_builddir/lib, 1)
+ 	PHP_SUBST(ZIP_SHARED_LIBADD)
 +  fi
- 
-   dnl so we always include the known-good working hack.
-   PHP_ADD_MAKEFILE_FRAGMENT
+ 	
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/php/php.spec?r1=1.805.2.89&r2=1.805.2.90&f=u
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/php/system-libzip.patch?r1=1.2&r2=1.2.2.1&f=u

More information about the pld-cvs-commit mailing list