Hello community,

here is the log from the commit of package php5 for openSUSE:Factory checked in at 2014-08-30 18:55:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/php5 (Old) and /work/SRC/openSUSE:Factory/.php5.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "php5"

Changes: -------- --- /work/SRC/openSUSE:Factory/php5/php5.changes 2014-08-27 22:18:14.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.php5.new/php5.changes 2014-08-30 18:55:54.000000000 +0200 @@ -1,0 +2,33 @@ +Fri Aug 29 09:32:42 UTC 2014 - pgajdos@suse.com + +- fix CVE-2014-5459 [bnc#893849] + +------------------------------------------------------------------- +Fri Aug 29 06:06:20 UTC 2014 - pgajdos@suse.com + +- actually, there's no point to install pear from other source + than from php tarball + * remove source install-pear-nozlib.phar + +------------------------------------------------------------------- +Thu Aug 28 14:57:42 UTC 2014 - pgajdos@suse.com + +- updated PEAR to 1.9.5, bugfix release + see http://pear.php.net/package/PEAR/download + for details + +------------------------------------------------------------------- +Thu Aug 28 12:49:25 UTC 2014 - pgajdos@suse.com + +- updated to 5.6.0: + * Most improvements in PHP 5.6.x have no impact on existing code. + There are a few incompatibilities and new features that should + be considered: + http://php.net/manual/en/migration56.php +- removed patches: + * php5-big-file-upload.patch (upstreamed) + * php5-suhosin-php55.patch (upstreamed) +- modified patches: + * php5-openssl.patch (refreshed) + +-------------------------------------------------------------------

Old: ---- install-pear-nozlib.phar php-5.5.16.tar.bz2 php5-big-file-upload.patch php5-suhosin-php55.patch suhosin-0.9.33.tgz

New: ---- php-5.6.0.tar.xz suhosin-0.9.36.tgz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences: ------------------ ++++++ php5.spec ++++++ --- /var/tmp/diff_new_pack.kMLUYs/_old 2014-08-30 18:55:56.000000000 +0200 +++ /var/tmp/diff_new_pack.kMLUYs/_new 2014-08-30 18:55:56.000000000 +0200 @@ -21,9 +21,9 @@ %bcond_with make_test

Name: php5 -%global apiver 20121113 -%global zendver 20121212 -%define suhosin_version 0.9.33 +%global apiver 20131106 +%global zendver 20131226 +%define suhosin_version 0.9.36 %define pkg_name php5 %define with_spell 1

@@ -104,7 +104,7 @@ %define apache2_includedir %(%{apxs2} -q INCLUDEDIR) %define apache2_serverroot %(%{apxs2} -q PREFIX) %define need_libxml2_hack %(if [ -e %{_includedir}/libxml/parser.h ]; then if grep -q XML_PARSE_OLDSAX %{_includedir}/libxml/parser.h;then echo 1; else echo 0; fi; else echo 0; fi) -Version: 5.5.16 +Version: 5.6.0 Release: 0 Provides: php Provides: php-api = %{apiver} @@ -136,14 +136,13 @@ Obsoletes: php5-mhash #Don't mix these packages with php53-* from SLES 11 SP2 Conflicts: php53 -Source0: http://www.php.net/distributions/php-%%7Bversion%7D.tar.bz2 +Source0: http://downloads.php.net/tyrael/php-%%7Bversion%7D.tar.xz Source1: php-suse-addons.tar.bz2 -Source2: suhosin-%{suhosin_version}.tgz +Source2: http://download.suhosin.org/suhosin-%%7Bsuhosin_version%7D.tgz Source4: README.SUSE-pear Source5: README.macros Source6: macros.php -Source7: install-pear-nozlib.phar -Source8: php-fpm.init +Source7: php-fpm.init Source100: build-test.sh #SUSE specific stuff Patch0: php5-phpize.patch @@ -158,24 +157,21 @@ #bugs # this is from https://raw.github.com/NewEraCracker/suhosin-patches/, check for official # one from suhosin git -Patch10: php5-suhosin-php55.patch -Patch11: php5-mbstring-missing-return.patch -Patch12: php5-BNC-457056.patch -Patch13: php5-cloexec.patch -Patch14: php5-missing-extdeps.patch +Patch10: php5-mbstring-missing-return.patch +Patch11: php5-BNC-457056.patch +Patch12: php5-cloexec.patch +Patch13: php5-missing-extdeps.patch # following patch is to fix configure tests for crypt; the aim is to have php # built against glibc's crypt; problem is, that our glibc doesn't support extended # DES, so as soon as upstream fixes this, don't forgot to remove extended DES # from their checking as I indicated in crypt-tests.patch yet, or php will # silently use his own implementation again -Patch16: php5-crypt-tests.patch +Patch14: php5-crypt-tests.patch # related to previous patch; !(defined(_REENTRANT) || defined(_THREAD_SAFE)) -Patch17: php5-no-reentrant-crypt.patch -Patch18: php5-format-string-issues.patch -# following patch connected fixes or workarounds https://bugs.php.net/bug.php?id=44522 -Patch19: php5-big-file-upload.patch -Patch20: php5-per-mod-log.patch -Patch21: php5-apache24-updates.patch +Patch15: php5-no-reentrant-crypt.patch +Patch16: php5-format-string-issues.patch +Patch17: php5-per-mod-log.patch +Patch18: php5-apache24-updates.patch Url: http://www.php.net BuildRoot: %{_tmppath}/%{name}-%{version}-build Summary: PHP5 Core Files @@ -1300,7 +1296,6 @@ %{__mv} ext/suhosin-%{suhosin_version} ext/suhosin %{__cp} %{S:4} pear/README.SUSE %{__cp} %{S:5} . -%{__cp} %{S:7} pear/ %patch0 %patch1 %patch2 @@ -1311,21 +1306,19 @@ %patch7 %patch8 %patch10 -%patch11 %if %{need_libxml2_hack} echo "*** APPLY LIBXML2.7 FIX ***" -%patch12 +%patch11 %else echo "*** SKIPPING LIBMXL2.7 FIX ***" %endif +%patch12 %patch13 %patch14 +%patch15 %patch16 -%patch17 -%patch18 -%patch19 -p1 -%patch20 -p1 -%patch21 -p1 +%patch17 -p1 +%patch18 -p1 # Safety check for API version change. vapi=`sed -n '/#define PHP_API_VERSION/{s/.* //;p}' main/php.h` if test "x${vapi}" != "x%{apiver}"; then @@ -1657,6 +1650,11 @@ sed -i -e "s@$RPM_BUILD_DIR/php-%{version}/build-cli/sapi/cli/php@php@g" %{buildroot}%{_bindir}/phar.phar rm %{buildroot}%{_bindir}/phar %{__ln_s} -f %{_bindir}/phar.phar %{buildroot}%{_bindir}/phar +# CVE-2014-5459, bnc#893849; couldn't find a way to use PHP_PEAR_CACHE_DIR +# (install-pear is checking if the directory is writable by current user?; +# unfortunately ENOTIME to figure out) +%{__sed} -i 's@15:"/tmp/pear/cache"@19:"/var/cache/php-pear"@' %{buildroot}%{php_sysconf}/cli/pear.conf +grep -c '/var/cache/php-pear' %{buildroot}%{php_sysconf}/cli/pear.conf || exit 1 # Install the macros file: install -d $RPM_BUILD_ROOT%{_sysconfdir}/rpm sed -e "s/@PHP_APIVER@/%{apiver}/;s/@PHP_ZENDVER@/%{zendver}/" \ @@ -1666,7 +1664,7 @@

#install fpm init script. install -d %{buildroot}%{_sysconfdir}/init.d -install -m 755 -c %{S:8} %{buildroot}%{_sysconfdir}/init.d/php-fpm +install -m 755 -c %{S:7} %{buildroot}%{_sysconfdir}/init.d/php-fpm %if %{with_systemd} install -D -m 0644 ./build-fpm/sapi/fpm/php-fpm.service %{buildroot}%{_unitdir}/php-fpm.service %if 0%{suse_version} > 1220

++++++ php5-openssl.patch ++++++ --- /var/tmp/diff_new_pack.kMLUYs/_old 2014-08-30 18:55:56.000000000 +0200 +++ /var/tmp/diff_new_pack.kMLUYs/_new 2014-08-30 18:55:56.000000000 +0200 @@ -1,6 +1,8 @@ ---- ext/openssl/openssl.c.orig -+++ ext/openssl/openssl.c -@@ -1031,6 +1031,7 @@ PHP_MINIT_FUNCTION(openssl) +Index: ext/openssl/openssl.c +=================================================================== +--- ext/openssl/openssl.c.orig 2014-07-02 02:23:22.000000000 +0200 ++++ ext/openssl/openssl.c 2014-07-30 09:49:25.216474921 +0200 +@@ -1124,6 +1124,7 @@ OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); OpenSSL_add_all_algorithms(); @@ -8,16 +10,18 @@

SSL_load_error_strings();

---- ext/openssl/xp_ssl.c.orig -+++ ext/openssl/xp_ssl.c -@@ -378,6 +378,10 @@ static inline int php_openssl_setup_cryp - return -1; +Index: ext/openssl/xp_ssl.c +=================================================================== +--- ext/openssl/xp_ssl.c.orig 2014-07-02 02:23:22.000000000 +0200 ++++ ext/openssl/xp_ssl.c 2014-07-30 09:57:41.116465493 +0200 +@@ -1383,6 +1383,10 @@ + return FAILURE; }

+#ifdef SSL_MODE_RELEASE_BUFFERS -+ SSL_CTX_set_mode(sslsock->ctx, SSL_MODE_RELEASE_BUFFERS); ++ SSL_CTX_set_mode(sslsock->ctx, SSL_MODE_RELEASE_BUFFERS); +#endif + - #if OPENSSL_VERSION_NUMBER >= 0x0090605fL - ssl_ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; - #endif + #if OPENSSL_VERSION_NUMBER >= 0x0090806fL + if (GET_VER_OPT("no_ticket") && zend_is_true(*val)) { + ssl_ctx_options |= SSL_OP_NO_TICKET;

++++++ suhosin-0.9.33.tgz -> suhosin-0.9.36.tgz ++++++ ++++ 9003 lines of diff (skipped)