[packages/php] - up to 5.5.16 - resolves CVE-2014-3538, CVE-2014-3587, CVE-2014-2497, CVE-2014-5120 and CVE-2014-35

Mon Aug 25 21:42:02 CEST 2014

commit 59665b6aa12aba9e7daca723a90e3c9dbf2af31e
Author: Elan Ruusamäe <glen at delfi.ee>
Date:   Mon Aug 25 11:50:46 2014 +0300

    - up to 5.5.16
    - resolves CVE-2014-3538, CVE-2014-3587, CVE-2014-2497, CVE-2014-5120 and CVE-2014-3597
    - LiteSpeed updated to V6.6

 php.spec      |  4 ++--
 suhosin.patch | 16 ++++++++--------
 2 files changed, 10 insertions(+), 10 deletions(-)
---

diff --git a/php.spec b/php.spec
index b8fe818..73d2fb8 100644
--- a/php.spec
+++ b/php.spec
@@ -137,13 +137,13 @@ Summary(pt_BR.UTF-8):	A linguagem de script PHP
 Summary(ru.UTF-8):	PHP Версии 5 - язык препроцессирования HTML-файлов, выполняемый на сервере
 Summary(uk.UTF-8):	PHP Версії 5 - мова препроцесування HTML-файлів, виконувана на сервері
 Name:		%{orgname}%{php_suffix}
-Version:	5.5.15
+Version:	5.5.16
 Release:	%{rel}%{?with_type_hints:.th}
 Epoch:		4
 License:	PHP
 Group:		Libraries
 Source0:	http://www.php.net/distributions/%{orgname}-%{version}.tar.xz
-# Source0-md5:	d64c85f95fb767f16ee3ca281a20b5f7
+# Source0-md5:	243f641c58b7d58b94b5431e0b730a5e
 Source2:	%{orgname}-mod_%{orgname}.conf
 Source3:	%{orgname}-cgi-fcgi.ini
 Source4:	%{orgname}-apache.ini
diff --git a/suhosin.patch b/suhosin.patch
index e5e3ed4..378a4e4 100644
--- a/suhosin.patch
+++ b/suhosin.patch
@@ -5616,12 +5616,11 @@ the following modifications have been made:
  					PHP_VERSION, cli_sapi_module.name, __DATE__, __TIME__,
  #if ZEND_DEBUG && defined(HAVE_GCOV)
  					"(DEBUG GCOV)",
---- php-5.5.0alpha1/sapi/litespeed/lsapi_main.c~	2012-11-13 22:00:16.000000000 +0200
-+++ php-5.5.0alpha1/sapi/litespeed/lsapi_main.c	2012-11-17 13:47:51.979828334 +0200
-@@ -546,11 +546,19 @@
- 				break;
- 			case 'v':
- 				if (php_request_startup(TSRMLS_C) != FAILURE) {
+--- php-5.5.15/sapi/litespeed/lsapi_main.c	2014-08-21 11:45:02.000000000 +0300
++++ php-5.5.15/sapi/litespeed/lsapi_main.c	2014-08-25 11:50:36.603155796 +0300
+@@ -734,11 +546,19 @@
+             case 'v':
+                 if (php_request_startup(TSRMLS_C) != FAILURE) {
 +#if SUHOSIN_PATCH
 +#if ZEND_DEBUG
 +					php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
@@ -5630,14 +5629,15 @@ the following modifications have been made:
 +#endif
 +#else
  #if ZEND_DEBUG
- 					php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+                     php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
  #else
- 					php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+                     php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
  #endif
 +#endif
  #ifdef PHP_OUTPUT_NEWAPI
                      php_output_end_all(TSRMLS_C);
  #else
+                     php_end_ob_buffers(1 TSRMLS_CC);
 --- a/sapi/milter/php_milter.c
 +++ b/sapi/milter/php_milter.c
 @@ -1109,7 +1109,11 @@ int main(int argc, char *argv[])
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/php.git/commitdiff/59665b6aa12aba9e7daca723a90e3c9dbf2af31e

