[packages/php] up to 7.0.3. marked as security release, but all CVE's relate to pcre update

Tue Feb 23 18:08:42 CET 2016

commit 4eeb059ba19b46eda62349ef906a0a47ff341f02
Author: Elan Ruusamäe <glen at delfi.ee>
Date:   Tue Feb 23 15:25:52 2016 +0200

    up to 7.0.3. marked as security release, but all CVE's relate to pcre update

 php-bug-71475.patch | 50 --------------------------------------------------
 php.spec            | 10 +++++-----
 2 files changed, 5 insertions(+), 55 deletions(-)
---

diff --git a/php.spec b/php.spec
index b3557ce..bcc6e5b 100644
--- a/php.spec
+++ b/php.spec
@@ -144,8 +144,8 @@ Summary(pt_BR.UTF-8):	A linguagem de script PHP
 Summary(ru.UTF-8):	PHP Версии 7 - язык препроцессирования HTML-файлов, выполняемый на сервере
 Summary(uk.UTF-8):	PHP Версії 7 - мова препроцесування HTML-файлів, виконувана на сервері
 Name:		%{orgname}%{php_suffix}
-Version:	7.0.2
-Release:	2
+Version:	7.0.3
+Release:	1
 Epoch:		4
 # All files licensed under PHP version 3.01, except
 # Zend is licensed under Zend
@@ -153,7 +153,7 @@ Epoch:		4
 License:	PHP 3.01 and Zend and BSD
 Group:		Libraries
 Source0:	http://www.php.net/distributions/%{orgname}-%{version}.tar.xz
-# Source0-md5:	ce5964672e4ec0b66ff088a6bafde8c7
+# Source0-md5:	3c5d2b5b392b78fa92c48822e25ccb56
 Source2:	%{orgname}-mod_php.conf
 Source3:	%{orgname}-cgi-fcgi.ini
 Source4:	%{orgname}-apache.ini
@@ -167,7 +167,7 @@ Patch0:		%{orgname}-shared.patch
 Patch1:		%{orgname}-pldlogo.patch
 Patch2:		%{orgname}-mail.patch
 Patch3:		%{orgname}-link-libs.patch
-Patch4:		php-bug-71475.patch
+
 Patch5:		%{orgname}-filter-shared.patch
 Patch6:		%{orgname}-build_modules.patch
 Patch7:		%{orgname}-sapi-ini-file.patch
@@ -1929,7 +1929,7 @@ cp -p php.ini-production php.ini
 %patch1 -p1
 #%patch2 -p1 NEEDS PORTING
 %patch3 -p1
-%patch4 -p1
+
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
diff --git a/php-bug-71475.patch b/php-bug-71475.patch
deleted file mode 100644
index 30f8bb2..0000000
--- a/php-bug-71475.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-commit 33b1fbbb5c0459a623ab91b492f1a37c5262329c
-Author: Stanislav Malyshev <stas at php.net>
-Date:   Sun Jan 31 20:18:46 2016 -0800
-
-    Fixed bug #71475: openssl_seal() uninitialized memory usage
-
-diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
-index a8ecbb2..75c44a3 100644
---- a/ext/openssl/openssl.c
-+++ b/ext/openssl/openssl.c
-@@ -4938,6 +4938,7 @@ PHP_FUNCTION(openssl_seal)
- 	memset(eks, 0, sizeof(*eks) * nkeys);
- 	key_resources = safe_emalloc(nkeys, sizeof(zend_resource*), 0);
- 	memset(key_resources, 0, sizeof(zend_resource*) * nkeys);
-+	memset(pkeys, 0, sizeof(*pkeys) * nkeys);
- 
- 	/* get the public keys we are using to seal this data */
- 	i = 0;
-@@ -4999,7 +5000,7 @@ PHP_FUNCTION(openssl_seal)
- 
- clean_exit:
- 	for (i=0; i<nkeys; i++) {
--		if (key_resources[i] == NULL) {
-+		if (key_resources[i] == NULL && pkeys[i] != NULL) {
- 			EVP_PKEY_free(pkeys[i]);
- 		}
- 		if (eks[i]) {
-diff --git a/ext/openssl/tests/bug71475.phpt b/ext/openssl/tests/bug71475.phpt
-new file mode 100644
-index 0000000..680753d
---- /dev/null
-+++ b/ext/openssl/tests/bug71475.phpt
-@@ -0,0 +1,16 @@
-+--TEST--
-+Bug #71475: openssl_seal() uninitialized memory usage
-+--SKIPIF--
-+<?php 
-+if (!extension_loaded("openssl")) die("skip openssl not loaded");
-+?>
-+--FILE--
-+<?php
-+$_ = str_repeat("A", 512);
-+openssl_seal($_, $_, $_, array_fill(0,64,0));
-+?>
-+DONE
-+--EXPECTF--
-+
-+Warning: openssl_seal(): not a public key (1th member of pubkeys) in %s/bug71475.php on line %d
-+DONE
-\ No newline at end of file
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/php.git/commitdiff/4eeb059ba19b46eda62349ef906a0a47ff341f02

