commit php5 for openSUSE:Factory
Hello community, here is the log from the commit of package php5 for openSUSE:Factory checked in at 2014-06-25 06:57:27 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/php5 (Old) and /work/SRC/openSUSE:Factory/.php5.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "php5" Changes: -------- --- /work/SRC/openSUSE:Factory/php5/php5.changes 2014-05-10 08:32:06.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.php5.new/php5.changes 2014-06-25 06:57:32.000000000 +0200 @@ -1,0 +2,25 @@ +Tue Jun 17 15:56:53 UTC 2014 - pgajdos@suse.com + +- security update + * php-5.5.13-CVE-2014-4049.patch [bnc#882992] + +------------------------------------------------------------------- +Tue Jun 17 07:17:37 UTC 2014 - pgajdos@suse.com + +- php5-5.5.10-CVE-2014-2497.patch renamed to + php-5.5.10-CVE-2014-2497.patch to be consistent with other + product php patches names + +------------------------------------------------------------------- +Tue Jun 3 12:03:33 UTC 2014 - pgajdos@suse.com + +- do not package latest_test_results.txt; instead, run build-test.sh + twice: before and after source changes + +------------------------------------------------------------------- +Mon Jun 2 09:37:59 UTC 2014 - pgajdos@suse.com + +- updated to 5.5.13: This release fixes several bugs in PHP 5.5.12, + and addresses two CVEs in Fileinfo (CVE-2014-0238 and CVE-2014-0237). + +------------------------------------------------------------------- Old: ---- latest_test_results.txt php-5.5.12.tar.bz2 php5-5.5.10-CVE-2014-2497.patch New: ---- php-5.5.10-CVE-2014-2497.patch php-5.5.13-CVE-2014-4049.patch php-5.5.13.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ php5.spec ++++++ --- /var/tmp/diff_new_pack.7LgcaL/_old 2014-06-25 06:57:33.000000000 +0200 +++ /var/tmp/diff_new_pack.7LgcaL/_new 2014-06-25 06:57:33.000000000 +0200 @@ -104,7 +104,7 @@ %define apache2_includedir %(%{apxs2} -q INCLUDEDIR) %define apache2_serverroot %(%{apxs2} -q PREFIX) %define need_libxml2_hack %(if [ -e %{_includedir}/libxml/parser.h ]; then if grep -q XML_PARSE_OLDSAX %{_includedir}/libxml/parser.h;then echo 1; else echo 0; fi; else echo 0; fi) -Version: 5.5.12 +Version: 5.5.13 Release: 0 Provides: php Provides: php-api = %{apiver} @@ -144,6 +144,7 @@ Source6: macros.php Source7: install-pear-nozlib.phar Source8: php-fpm.init +Source100: build-test.sh #SUSE specific stuff Patch0: php5-phpize.patch Patch1: php5-apache_sapi_install.patch @@ -175,7 +176,8 @@ Patch19: php5-big-file-upload.patch Patch20: php5-per-mod-log.patch Patch21: php5-apache24-updates.patch -Patch22: php5-5.5.10-CVE-2014-2497.patch +Patch22: php-5.5.10-CVE-2014-2497.patch +Patch23: php-5.5.13-CVE-2014-4049.patch Url: http://www.php.net BuildRoot: %{_tmppath}/%{name}-%{version}-build Summary: PHP5 Core Files @@ -1327,6 +1329,7 @@ %patch20 -p1 %patch21 -p1 %patch22 +%patch23 # Safety check for API version change. vapi=`sed -n '/#define PHP_API_VERSION/{s/.* //;p}' main/php.h` if test "x${vapi}" != "x%{apiver}"; then ++++++ build-test.sh ++++++ --- /var/tmp/diff_new_pack.7LgcaL/_old 2014-06-25 06:57:33.000000000 +0200 +++ /var/tmp/diff_new_pack.7LgcaL/_new 2014-06-25 06:57:33.000000000 +0200 @@ -1,10 +1,14 @@ #!/bin/bash -TEST_RESULT_FILE='latest_test_results.txt' +TEST_RESULT_FILE_BEFORE='test_results.before' +TEST_RESULT_FILE_AFTER='test_results.after' + function usage { echo "usage: $0 buildroot [osc ARGUMENTS]" - echo ' builds php in buildroot and checks test result for regressions' - echo " against $TEST_RESULT_FILE" + echo " 1. Run first time to create ${TEST_RESULT_FILE_BEFORE}." + echo " 2. Make source changes." + echo " 3. Run second time to create ${TEST_RESULT_FILE_AFTER}" + echo " and see changes in test results." } if [ -z $1 ]; then @@ -34,19 +38,18 @@ | egrep 'TEST [0-9]+\/[0-9]+|SKIP.*reason' \ | sed 's:.*\r::' \ | sort \ - > ${TEST_RESULT_FILE}.new - -if [ ! -e ${TEST_RESULT_FILE} ]; then - echo "WARNING: ${TEST_RESULT_FILE} doesnt exist, creating" - echo "from ${TEST_RESULT_FILE}.new" - mv ${TEST_RESULT_FILE}.new ${TEST_RESULT_FILE} + > ${TEST_RESULT_FILE_AFTER} +if [ ! -e ${TEST_RESULT_FILE_BEFORE} ]; then + echo "Creating ${TEST_RESULT_FILE_BEFORE}" + echo "Run $0 again AFTER source changes, to create ${TEST_RESULT_FILE_AFTER}." + echo "Differences will be checked then." + mv ${TEST_RESULT_FILE_AFTER} ${TEST_RESULT_FILE_BEFORE} else echo --- DIFFERENCES ------------------------------------------- - diff -up $TEST_RESULT_FILE ${TEST_RESULT_FILE}.new + diff -up $TEST_RESULT_FILE_BEFORE ${TEST_RESULT_FILE_AFTER} echo ----------------------------------------------------------- echo "Do not forgot to " - echo "mv ${TEST_RESULT_FILE}.new ${TEST_RESULT_FILE}" - echo "when regressions are not relevant." + echo "rm ${TEST_RESULT_FILE_BEFORE} ${TEST_RESULT_FILE_AFTER}" echo fi ++++++ php-5.5.10-CVE-2014-2497.patch ++++++ Description: Patch to fix PHP bug 66901. Author: Andres Mejia <mejiaa@amazon.com> Forwarded: no Index: ext/gd/libgd/gdxpm.c =================================================================== --- ext/gd/libgd/gdxpm.c.orig 2014-02-05 11:00:36.000000000 +0100 +++ ext/gd/libgd/gdxpm.c 2014-04-04 14:06:15.991206709 +0200 @@ -39,6 +39,14 @@ number = image.ncolors; colors = (int *) safe_emalloc(number, sizeof(int), 0); for (i = 0; i < number; i++) { + if (!image.colorTable[i].c_color) + { + /* unsupported color key or color key not defined */ + gdImageDestroy(im); + gdFree(colors); + im = 0; + goto done; + } switch (strlen (image.colorTable[i].c_color)) { case 4: buf[1] = '\0'; ++++++ php-5.5.13-CVE-2014-4049.patch ++++++
From 4f73394fdd95d3165b4391e1b0dedd57fced8c3b Mon Sep 17 00:00:00 2001 From: Sara Golemon <pollita@php.net> Date: Tue, 10 Jun 2014 11:18:02 -0700 Subject: [PATCH] Fix potential segfault in dns_get_record()
If the remote sends us a packet with a malformed TXT record, we could end up trying to over-consume the packet and wander off into overruns. --- ext/standard/dns.c | 4 ++++ 1 file changed, 4 insertions(+) --- ext/standard/dns.c +++ ext/standard/dns.c @@ -517,6 +517,10 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int while (ll < dlen) { n = cp[ll]; + if ((ll + n) >= dlen) { + // Invalid chunk length, truncate + n = dlen - (ll + 1); + } memcpy(tp + ll , cp + ll + 1, n); add_next_index_stringl(entries, cp + ll + 1, n, 1); ll = ll + n + 1; -- 1.9.3 ++++++ php-5.5.12.tar.bz2 -> php-5.5.13.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/php5/php-5.5.12.tar.bz2 /work/SRC/openSUSE:Factory/.php5.new/php-5.5.13.tar.bz2 differ: char 11, line 1 -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@hilbert.suse.de