[packages/php/PHP_5_5] up to 5.5.27 - fixing CVE-2015-3152, CVE-2015-4643, CVE-2015-4642, CVE-2015-4644

Fri Jul 17 11:52:22 CEST 2015

commit ddd998b3d89c854d4e1d6e21e2a76dcf14e7c4f4
Author: Elan Ruusamäe <glen at delfi.ee>
Date:   Fri Jul 17 12:50:05 2015 +0300

    up to 5.5.27
    - fixing CVE-2015-3152, CVE-2015-4643, CVE-2015-4642, CVE-2015-4644

 libvpx2.patch | 41 -----------------------------------------
 php.spec      | 10 ++++------
 2 files changed, 4 insertions(+), 47 deletions(-)
---

diff --git a/php.spec b/php.spec
index 0f4b231..5d4ae37 100644
--- a/php.spec
+++ b/php.spec
@@ -126,7 +126,7 @@ ERROR: You need to select at least one Apache SAPI to build shared modules.
 %undefine	with_filter
 %endif
 
-%define		rel	4
+%define		rel	1
 %define		orgname	php
 %define		ver_suffix 55
 %define		php_suffix %{!?with_default_php:%{ver_suffix}}
@@ -137,7 +137,7 @@ Summary(pt_BR.UTF-8):	A linguagem de script PHP
 Summary(ru.UTF-8):	PHP Версии 5 - язык препроцессирования HTML-файлов, выполняемый на сервере
 Summary(uk.UTF-8):	PHP Версії 5 - мова препроцесування HTML-файлів, виконувана на сервері
 Name:		%{orgname}%{php_suffix}
-Version:	5.5.25
+Version:	5.5.27
 Release:	%{rel}%{?with_type_hints:.th}
 Epoch:		4
 # All files licensed under PHP version 3.01, except
@@ -146,7 +146,7 @@ Epoch:		4
 License:	PHP 3.01 and Zend and BSD
 Group:		Libraries
 Source0:	http://www.php.net/distributions/%{orgname}-%{version}.tar.xz
-# Source0-md5:	f58edc4f10d63f03e425c5378f727a7c
+# Source0-md5:	2efe7c087d7073bffa64e5d538f22711
 Source2:	%{orgname}-mod_%{orgname}.conf
 Source3:	%{orgname}-cgi-fcgi.ini
 Source4:	%{orgname}-apache.ini
@@ -209,7 +209,6 @@ Patch66:	php-db.patch
 Patch67:	mysql-lib-ver-mismatch.patch
 Patch68:	x32.patch
 Patch69:	fpm-conf-split.patch
-Patch70:	libvpx2.patch
 URL:		http://www.php.net/
 %{?with_interbase:%{!?with_interbase_inst:BuildRequires:	Firebird-devel >= 1.0.2.908-2}}
 %{?with_pspell:BuildRequires:	aspell-devel >= 2:0.50.0}
@@ -307,7 +306,7 @@ BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)
 %define		hashver		1.0
 %define		intlver		1.1.0
 %define		jsonver		1.2.1
-%define		opcachever	7.0.4-dev
+%define		opcachever	7.0.6-dev
 %define		pharver		2.0.2
 %define		sqlite3ver	0.7-dev
 %define		zipver		1.11.0
@@ -2045,7 +2044,6 @@ exit 1
 %{?with_system_libzip:%patch65 -p1}
 %patch66 -p1
 %patch67 -p1
-%patch70 -p1
 
 sed -i -e '/PHP_ADD_LIBRARY_WITH_PATH/s#xmlrpc,#xmlrpc-epi,#' ext/xmlrpc/config.m4
 
diff --git a/libvpx2.patch b/libvpx2.patch
deleted file mode 100644
index 9f0bd9f..0000000
--- a/libvpx2.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-Fix build with latest libvpx 1.4.0
-These new constants exist at least since 1.0.0
-Compatibility ones have been droped in 1.4.0
-
-https://github.com/libgd/libgd/commit/d41eb72cd4545c394578332e5c102dee69e02ee8
-
-From d242f958dfca03640356ea29f624005a895f64a0 Mon Sep 17 00:00:00 2001
-From: Ole Markus With <olemarkus at olemarkus.org>
-Date: Sun, 24 May 2015 09:19:09 +0200
-Subject: [PATCH] Fix for bug #69479: GD fails to build with newer libvpx
-
----
- ext/gd/libgd/webpimg.c | 14 +++++++-------
- 1 file changed, 7 insertions(+), 7 deletions(-)
-
-diff --git a/ext/gd/libgd/webpimg.c b/ext/gd/libgd/webpimg.c
-index 1f1c023..9d801a2 100644
---- a/ext/gd/libgd/webpimg.c
-+++ b/ext/gd/libgd/webpimg.c
-@@ -706,14 +706,14 @@ static WebPResult VPXEncode(const uint8* Y,
-     codec_ctl(&enc, VP8E_SET_STATIC_THRESHOLD, 0);
-     codec_ctl(&enc, VP8E_SET_TOKEN_PARTITIONS, 2);
- 
--    vpx_img_wrap(&img, IMG_FMT_I420,
-+    vpx_img_wrap(&img, VPX_IMG_FMT_I420,
-                  y_width, y_height, 16, (uint8*)(Y));
--    img.planes[PLANE_Y] = (uint8*)(Y);
--    img.planes[PLANE_U] = (uint8*)(U);
--    img.planes[PLANE_V] = (uint8*)(V);
--    img.stride[PLANE_Y] = y_stride;
--    img.stride[PLANE_U] = uv_stride;
--    img.stride[PLANE_V] = uv_stride;
-+    img.planes[VPX_PLANE_Y] = (uint8*)(Y);
-+    img.planes[VPX_PLANE_U] = (uint8*)(U);
-+    img.planes[VPX_PLANE_V] = (uint8*)(V);
-+    img.stride[VPX_PLANE_Y] = y_stride;
-+    img.stride[VPX_PLANE_U] = uv_stride;
-+    img.stride[VPX_PLANE_V] = uv_stride;
- 
-     res = vpx_codec_encode(&enc, &img, 0, 1, 0, VPX_DL_BEST_QUALITY);
- 
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/php.git/commitdiff/ddd998b3d89c854d4e1d6e21e2a76dcf14e7c4f4

