Hello community,
here is the log from the commit of package php5 for openSUSE:Factory checked in at 2014-06-25 06:57:27
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/php5 (Old)
and /work/SRC/openSUSE:Factory/.php5.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "php5"
Changes:
--------
--- /work/SRC/openSUSE:Factory/php5/php5.changes 2014-05-10 08:32:06.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.php5.new/php5.changes 2014-06-25 06:57:32.000000000 +0200
@@ -1,0 +2,25 @@
+Tue Jun 17 15:56:53 UTC 2014 - pgajdos@suse.com
+
+- security update
+ * php-5.5.13-CVE-2014-4049.patch [bnc#882992]
+
+-------------------------------------------------------------------
+Tue Jun 17 07:17:37 UTC 2014 - pgajdos@suse.com
+
+- php5-5.5.10-CVE-2014-2497.patch renamed to
+ php-5.5.10-CVE-2014-2497.patch to be consistent with other
+ product php patches names
+
+-------------------------------------------------------------------
+Tue Jun 3 12:03:33 UTC 2014 - pgajdos@suse.com
+
+- do not package latest_test_results.txt; instead, run build-test.sh
+ twice: before and after source changes
+
+-------------------------------------------------------------------
+Mon Jun 2 09:37:59 UTC 2014 - pgajdos@suse.com
+
+- updated to 5.5.13: This release fixes several bugs in PHP 5.5.12,
+ and addresses two CVEs in Fileinfo (CVE-2014-0238 and CVE-2014-0237).
+
+-------------------------------------------------------------------
Old:
----
latest_test_results.txt
php-5.5.12.tar.bz2
php5-5.5.10-CVE-2014-2497.patch
New:
----
php-5.5.10-CVE-2014-2497.patch
php-5.5.13-CVE-2014-4049.patch
php-5.5.13.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ php5.spec ++++++
--- /var/tmp/diff_new_pack.7LgcaL/_old 2014-06-25 06:57:33.000000000 +0200
+++ /var/tmp/diff_new_pack.7LgcaL/_new 2014-06-25 06:57:33.000000000 +0200
@@ -104,7 +104,7 @@
%define apache2_includedir %(%{apxs2} -q INCLUDEDIR)
%define apache2_serverroot %(%{apxs2} -q PREFIX)
%define need_libxml2_hack %(if [ -e %{_includedir}/libxml/parser.h ]; then if grep -q XML_PARSE_OLDSAX %{_includedir}/libxml/parser.h;then echo 1; else echo 0; fi; else echo 0; fi)
-Version: 5.5.12
+Version: 5.5.13
Release: 0
Provides: php
Provides: php-api = %{apiver}
@@ -144,6 +144,7 @@
Source6: macros.php
Source7: install-pear-nozlib.phar
Source8: php-fpm.init
+Source100: build-test.sh
#SUSE specific stuff
Patch0: php5-phpize.patch
Patch1: php5-apache_sapi_install.patch
@@ -175,7 +176,8 @@
Patch19: php5-big-file-upload.patch
Patch20: php5-per-mod-log.patch
Patch21: php5-apache24-updates.patch
-Patch22: php5-5.5.10-CVE-2014-2497.patch
+Patch22: php-5.5.10-CVE-2014-2497.patch
+Patch23: php-5.5.13-CVE-2014-4049.patch
Url: http://www.php.net
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Summary: PHP5 Core Files
@@ -1327,6 +1329,7 @@
%patch20 -p1
%patch21 -p1
%patch22
+%patch23
# Safety check for API version change.
vapi=`sed -n '/#define PHP_API_VERSION/{s/.* //;p}' main/php.h`
if test "x${vapi}" != "x%{apiver}"; then
++++++ build-test.sh ++++++
--- /var/tmp/diff_new_pack.7LgcaL/_old 2014-06-25 06:57:33.000000000 +0200
+++ /var/tmp/diff_new_pack.7LgcaL/_new 2014-06-25 06:57:33.000000000 +0200
@@ -1,10 +1,14 @@
#!/bin/bash
-TEST_RESULT_FILE='latest_test_results.txt'
+TEST_RESULT_FILE_BEFORE='test_results.before'
+TEST_RESULT_FILE_AFTER='test_results.after'
+
function usage
{
echo "usage: $0 buildroot [osc ARGUMENTS]"
- echo ' builds php in buildroot and checks test result for regressions'
- echo " against $TEST_RESULT_FILE"
+ echo " 1. Run first time to create ${TEST_RESULT_FILE_BEFORE}."
+ echo " 2. Make source changes."
+ echo " 3. Run second time to create ${TEST_RESULT_FILE_AFTER}"
+ echo " and see changes in test results."
}
if [ -z $1 ]; then
@@ -34,19 +38,18 @@
| egrep 'TEST [0-9]+\/[0-9]+|SKIP.*reason' \
| sed 's:.*\r::' \
| sort \
- > ${TEST_RESULT_FILE}.new
-
-if [ ! -e ${TEST_RESULT_FILE} ]; then
- echo "WARNING: ${TEST_RESULT_FILE} doesnt exist, creating"
- echo "from ${TEST_RESULT_FILE}.new"
- mv ${TEST_RESULT_FILE}.new ${TEST_RESULT_FILE}
+ > ${TEST_RESULT_FILE_AFTER}
+if [ ! -e ${TEST_RESULT_FILE_BEFORE} ]; then
+ echo "Creating ${TEST_RESULT_FILE_BEFORE}"
+ echo "Run $0 again AFTER source changes, to create ${TEST_RESULT_FILE_AFTER}."
+ echo "Differences will be checked then."
+ mv ${TEST_RESULT_FILE_AFTER} ${TEST_RESULT_FILE_BEFORE}
else
echo --- DIFFERENCES -------------------------------------------
- diff -up $TEST_RESULT_FILE ${TEST_RESULT_FILE}.new
+ diff -up $TEST_RESULT_FILE_BEFORE ${TEST_RESULT_FILE_AFTER}
echo -----------------------------------------------------------
echo "Do not forgot to "
- echo "mv ${TEST_RESULT_FILE}.new ${TEST_RESULT_FILE}"
- echo "when regressions are not relevant."
+ echo "rm ${TEST_RESULT_FILE_BEFORE} ${TEST_RESULT_FILE_AFTER}"
echo
fi
++++++ php-5.5.10-CVE-2014-2497.patch ++++++
Description: Patch to fix PHP bug 66901.
Author: Andres Mejia
From 4f73394fdd95d3165b4391e1b0dedd57fced8c3b Mon Sep 17 00:00:00 2001 From: Sara Golemon
Date: Tue, 10 Jun 2014 11:18:02 -0700 Subject: [PATCH] Fix potential segfault in dns_get_record()
If the remote sends us a packet with a malformed TXT record, we could end up trying to over-consume the packet and wander off into overruns. --- ext/standard/dns.c | 4 ++++ 1 file changed, 4 insertions(+) --- ext/standard/dns.c +++ ext/standard/dns.c @@ -517,6 +517,10 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int while (ll < dlen) { n = cp[ll]; + if ((ll + n) >= dlen) { + // Invalid chunk length, truncate + n = dlen - (ll + 1); + } memcpy(tp + ll , cp + ll + 1, n); add_next_index_stringl(entries, cp + ll + 1, n, 1); ll = ll + n + 1; -- 1.9.3 ++++++ php-5.5.12.tar.bz2 -> php-5.5.13.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/php5/php-5.5.12.tar.bz2 /work/SRC/openSUSE:Factory/.php5.new/php-5.5.13.tar.bz2 differ: char 11, line 1 -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org