[packages/php/PHP_5_5] up to 5.5.22, fixes for CVE-2015-0235 and CVE-2015-0273
glen
glen at pld-linux.org
Fri Feb 27 17:41:51 CET 2015
commit 8e6e394917159eb5e90ea9dee248a93d69c5e187
Author: Elan Ruusamäe <glen at delfi.ee>
Date: Fri Feb 27 18:24:30 2015 +0200
up to 5.5.22, fixes for CVE-2015-0235 and CVE-2015-0273
php-fcgi-error_log-no-newlines.patch | 22 +++++++++++-----------
php.spec | 6 +++---
suhosin.patch | 28 ++++++++++++++--------------
3 files changed, 28 insertions(+), 28 deletions(-)
---
diff --git a/php.spec b/php.spec
index 714710d..d5f6bab 100644
--- a/php.spec
+++ b/php.spec
@@ -126,7 +126,7 @@ ERROR: You need to select at least one Apache SAPI to build shared modules.
%undefine with_filter
%endif
-%define rel 4
+%define rel 1
%define orgname php
%define ver_suffix 55
%define php_suffix %{!?with_default_php:%{ver_suffix}}
@@ -137,13 +137,13 @@ Summary(pt_BR.UTF-8): A linguagem de script PHP
Summary(ru.UTF-8): PHP Версии 5 - язык препроцессирования HTML-файлов, выполняемый на сервере
Summary(uk.UTF-8): PHP Версії 5 - мова препроцесування HTML-файлів, виконувана на сервері
Name: %{orgname}%{php_suffix}
-Version: 5.5.21
+Version: 5.5.22
Release: %{rel}%{?with_type_hints:.th}
Epoch: 4
License: PHP
Group: Libraries
Source0: http://www.php.net/distributions/%{orgname}-%{version}.tar.xz
-# Source0-md5: 79664ce44f7c93f355a25a3fe3dcc91b
+# Source0-md5: fb1704131d495f5b3e6ab3b087a8dbe6
Source2: %{orgname}-mod_%{orgname}.conf
Source3: %{orgname}-cgi-fcgi.ini
Source4: %{orgname}-apache.ini
diff --git a/php-fcgi-error_log-no-newlines.patch b/php-fcgi-error_log-no-newlines.patch
index e35648e..cedf82c 100644
--- a/php-fcgi-error_log-no-newlines.patch
+++ b/php-fcgi-error_log-no-newlines.patch
@@ -1,16 +1,16 @@
---- ./sapi/cgi/cgi_main.c~ 2007-08-09 02:51:57.000000000 +0300
-+++ ./sapi/cgi/cgi_main.c 2007-09-05 20:54:19.390089070 +0300
-@@ -558,12 +558,7 @@
+--- php-5.6.6/sapi/cgi/cgi_main.c~ 2015-02-27 18:09:34.000000000 +0200
++++ php-5.6.6/sapi/cgi/cgi_main.c 2015-02-27 18:11:26.296171361 +0200
+@@ -737,12 +737,8 @@
request = (fcgi_request*) SG(server_context);
- if (request) {
- int len = strlen(message);
+ if (request) {
+ int ret, len = strlen(message);
- char *buf = malloc(len+2);
--
+
- memcpy(buf, message, len);
- memcpy(buf + len, "\n", sizeof("\n"));
-- fcgi_write(request, FCGI_STDERR, buf, len+1);
+- ret = fcgi_write(request, FCGI_STDERR, buf, len + 1);
- free(buf);
-+ fcgi_write(request, FCGI_STDERR, message, len);
- } else {
- fprintf(stderr, "%s\n", message);
- }
++ ret = fcgi_write(request, FCGI_STDERR, message, len);
+ if (ret < 0) {
+ php_handle_aborted_connection();
+ }
diff --git a/suhosin.patch b/suhosin.patch
index 378a4e4..932385e 100644
--- a/suhosin.patch
+++ b/suhosin.patch
@@ -5587,17 +5587,17 @@ the following modifications have been made:
}
+#if SUHOSIN_PATCH
#if ZEND_DEBUG
-- php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
-+ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+- php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2015 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
++ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2015 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
#else
-- php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
-+ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+- php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2015 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
++ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s)\nCopyright (c) 1997-2015 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+#endif
+#else
+ #if ZEND_DEBUG
-+ php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
++ php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2015 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+ #else
-+ php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
++ php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2015 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+ #endif
#endif
php_request_shutdown((void *) 0);
@@ -5609,9 +5609,9 @@ the following modifications have been made:
case 'v': /* show php version & quit */
+#if SUHOSIN_PATCH
-+ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s) %s\nCopyright (c) 1997-2014 The PHP Group\n%s",
++ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s) %s\nCopyright (c) 1997-2015 The PHP Group\n%s",
+#else
- php_printf("PHP %s (%s) (built: %s %s) %s\nCopyright (c) 1997-2014 The PHP Group\n%s",
+ php_printf("PHP %s (%s) (built: %s %s) %s\nCopyright (c) 1997-2015 The PHP Group\n%s",
+#endif
PHP_VERSION, cli_sapi_module.name, __DATE__, __TIME__,
#if ZEND_DEBUG && defined(HAVE_GCOV)
@@ -5623,15 +5623,15 @@ the following modifications have been made:
if (php_request_startup(TSRMLS_C) != FAILURE) {
+#if SUHOSIN_PATCH
+#if ZEND_DEBUG
-+ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
++ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2015 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+#else
-+ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
++ php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s)\nCopyright (c) 1997-2015 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+#endif
+#else
#if ZEND_DEBUG
- php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+ php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2015 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
#else
- php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+ php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2015 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
#endif
+#endif
#ifdef PHP_OUTPUT_NEWAPI
@@ -5645,9 +5645,9 @@ the following modifications have been made:
SG(headers_sent) = 1;
SG(request_info).no_headers = 1;
+#if SUHOSIN_PATCH
-+ php_printf("PHP with Suhosin-Patch %s (%s) (built: %s %s)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
++ php_printf("PHP with Suhosin-Patch %s (%s) (built: %s %s)\nCopyright (c) 1997-2015 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+#else
- php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+ php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2015 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+#endif
php_output_teardown();
exit(1);
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/php.git/commitdiff/8e6e394917159eb5e90ea9dee248a93d69c5e187
More information about the pld-cvs-commit
mailing list