[packages/php/PHP_5_3] - up to 5.3.28 (fixes CVE-2013-4073, CVE-2013-6420)

Fri Dec 20 12:06:32 CET 2013

commit 08488a04e1f726f6bbd59fe8cab90d7524afb0fa
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date:   Fri Dec 20 12:06:23 2013 +0100

    - up to 5.3.28 (fixes CVE-2013-4073, CVE-2013-6420)

 php-mail.patch | 10 +++++-----
 php.spec       |  6 +++---
 2 files changed, 8 insertions(+), 8 deletions(-)
---

diff --git a/php.spec b/php.spec
index 3d6f56b..4936cf9 100644
--- a/php.spec
+++ b/php.spec
@@ -128,7 +128,7 @@ Obsoletes: %{!?-n:php-%1}%{?-n:%(echo %{-n*} | sed -e 's,%{php_suffix}$,,')} < %
 %endif
 %endif
 
-%define		rel	5
+%define		rel	1
 %define		orgname	php
 %define		ver_suffix 53
 %define		php_suffix %{!?with_default_php:%{ver_suffix}}
@@ -139,13 +139,13 @@ Summary(pt_BR.UTF-8):	A linguagem de script PHP
 Summary(ru.UTF-8):	PHP Версии 5 - язык препроцессирования HTML-файлов, выполняемый на сервере
 Summary(uk.UTF-8):	PHP Версії 5 - мова препроцесування HTML-файлів, виконувана на сервері
 Name:		%{orgname}%{php_suffix}
-Version:	5.3.27
+Version:	5.3.28
 Release:	%{rel}%{?with_type_hints:.th}%{?with_oci8:.oci}
 Epoch:		4
 License:	PHP
 Group:		Libraries
 Source0:	http://www.php.net/distributions/%{orgname}-%{version}.tar.bz2
-# Source0-md5:	25ae23a5b9615fe8d33de5b63e1bb788
+# Source0-md5:	56ff88934e068d142d6c0deefd1f396b
 Source2:	%{orgname}-mod_%{orgname}.conf
 Source3:	%{orgname}-cgi-fcgi.ini
 Source4:	%{orgname}-apache.ini
diff --git a/php-mail.patch b/php-mail.patch
index 272b2f9..9825abf 100644
--- a/php-mail.patch
+++ b/php-mail.patch
@@ -56,24 +56,24 @@
 +			zval **remote_addr, **server_name, **server_port,
 +				**script_name, **http_user_agent;
 +			
-+			if (zend_hash_find(PG(http_globals)[TRACK_VARS_SERVER]->value.ht, "REMOTE_ADDR", sizeof("REMOTE_ADDR"), (void **) &remote_addr)==SUCCESS) {
++			if (zend_hash_find(HASH_OF(PG(http_globals)[TRACK_VARS_SERVER]), "REMOTE_ADDR", sizeof("REMOTE_ADDR"), (void **) &remote_addr)==SUCCESS) {
 +				convert_to_string_ex(remote_addr);
 +				fprintf(sendmail, "HTTP-Posting-Client: %s\n", Z_STRVAL_PP(remote_addr));
 +			}
-+			if (zend_hash_find(PG(http_globals)[TRACK_VARS_SERVER]->value.ht, "SERVER_NAME", sizeof("SERVER_NAME"), (void **) &server_name)==SUCCESS) {
++			if (zend_hash_find(HASH_OF(PG(http_globals)[TRACK_VARS_SERVER]), "SERVER_NAME", sizeof("SERVER_NAME"), (void **) &server_name)==SUCCESS) {
 +				convert_to_string_ex(server_name);
 +				fprintf(sendmail, "HTTP-Posting-URI: %s", Z_STRVAL_PP(server_name));
-+				if (zend_hash_find(PG(http_globals)[TRACK_VARS_SERVER]->value.ht, "SERVER_PORT", sizeof("SERVER_PORT"), (void **) &server_port)==SUCCESS) {
++				if (zend_hash_find(HASH_OF(PG(http_globals)[TRACK_VARS_SERVER]), "SERVER_PORT", sizeof("SERVER_PORT"), (void **) &server_port)==SUCCESS) {
 +					convert_to_string_ex(server_port);
 +					fprintf(sendmail, ":%s", Z_STRVAL_PP(server_port));
 +				}	
-+				if (zend_hash_find(PG(http_globals)[TRACK_VARS_SERVER]->value.ht, "SCRIPT_NAME", sizeof("SCRIPT_NAME"), (void **) &script_name)==SUCCESS) {
++				if (zend_hash_find(HASH_OF(PG(http_globals)[TRACK_VARS_SERVER]), "SCRIPT_NAME", sizeof("SCRIPT_NAME"), (void **) &script_name)==SUCCESS) {
 +					convert_to_string_ex(script_name);
 +					fprintf(sendmail, "%s", Z_STRVAL_PP(script_name));
 +				}
 +				fprintf(sendmail, "\n");
 +			}
-+			if (zend_hash_find(PG(http_globals)[TRACK_VARS_SERVER]->value.ht, "HTTP_USER_AGENT", sizeof("HTTP_USER_AGENT"), (void **) &http_user_agent)==SUCCESS) {
++			if (zend_hash_find(HASH_OF(PG(http_globals)[TRACK_VARS_SERVER]), "HTTP_USER_AGENT", sizeof("HTTP_USER_AGENT"), (void **) &http_user_agent)==SUCCESS) {
 +				convert_to_string_ex(http_user_agent);
 +					fprintf(sendmail, "HTTP-Posting-User-Agent: %s\n", Z_STRVAL_PP(http_user_agent));
 +			}
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/php.git/commitdiff/08488a04e1f726f6bbd59fe8cab90d7524afb0fa

