Hello community,
here is the log from the commit of package php5 for openSUSE:Factory checked in at 2014-07-19 08:16:23
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/php5 (Old)
and /work/SRC/openSUSE:Factory/.php5.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "php5"
Changes:
--------
--- /work/SRC/openSUSE:Factory/php5/php5.changes 2014-07-02 15:04:10.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.php5.new/php5.changes 2014-07-19 08:16:29.000000000 +0200
@@ -1,0 +2,8 @@
+Thu Jul 17 14:32:29 UTC 2014 - pgajdos@suse.com
+
+- security update:
+ * php-CVE-2014-4670.patch [bnc#886059]
+ * php-CVE-2014-4698.patch [bnc#886060]
+- php-5.5.10-CVE-2014-2497.patch renamed to php-CVE-2014-2497.patch
+
+-------------------------------------------------------------------
Old:
----
php-5.5.10-CVE-2014-2497.patch
New:
----
php-CVE-2014-2497.patch
php-CVE-2014-4670.patch
php-CVE-2014-4698.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ php5.spec ++++++
--- /var/tmp/diff_new_pack.U9UZZ2/_old 2014-07-19 08:16:31.000000000 +0200
+++ /var/tmp/diff_new_pack.U9UZZ2/_new 2014-07-19 08:16:31.000000000 +0200
@@ -176,7 +176,9 @@
Patch19: php5-big-file-upload.patch
Patch20: php5-per-mod-log.patch
Patch21: php5-apache24-updates.patch
-Patch22: php-5.5.10-CVE-2014-2497.patch
+Patch22: php-CVE-2014-2497.patch
+Patch23: php-CVE-2014-4670.patch
+Patch24: php-CVE-2014-4698.patch
Url: http://www.php.net
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Summary: PHP5 Core Files
@@ -1328,6 +1330,8 @@
%patch20 -p1
%patch21 -p1
%patch22
+%patch23
+%patch24
# Safety check for API version change.
vapi=`sed -n '/#define PHP_API_VERSION/{s/.* //;p}' main/php.h`
if test "x${vapi}" != "x%{apiver}"; then
++++++ php-CVE-2014-2497.patch ++++++
Description: Patch to fix PHP bug 66901.
Author: Andres Mejia
Forwarded: no
Index: ext/gd/libgd/gdxpm.c
===================================================================
--- ext/gd/libgd/gdxpm.c.orig 2014-02-05 11:00:36.000000000 +0100
+++ ext/gd/libgd/gdxpm.c 2014-04-04 14:06:15.991206709 +0200
@@ -39,6 +39,14 @@
number = image.ncolors;
colors = (int *) safe_emalloc(number, sizeof(int), 0);
for (i = 0; i < number; i++) {
+ if (!image.colorTable[i].c_color)
+ {
+ /* unsupported color key or color key not defined */
+ gdImageDestroy(im);
+ gdFree(colors);
+ im = 0;
+ goto done;
+ }
switch (strlen (image.colorTable[i].c_color)) {
case 4:
buf[1] = '\0';
++++++ php-CVE-2014-4670.patch ++++++
X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Fspl%2Fspl_dl...
--- ext/spl/spl_dllist.c
+++ ext/spl/spl_dllist.c
@@ -43,12 +43,10 @@ PHPAPI zend_class_entry *spl_ce_SplStack;
#define SPL_LLIST_DELREF(elem) if(!--(elem)->rc) { \
efree(elem); \
- elem = NULL; \
}
#define SPL_LLIST_CHECK_DELREF(elem) if((elem) && !--(elem)->rc) { \
efree(elem); \
- elem = NULL; \
}
#define SPL_LLIST_ADDREF(elem) (elem)->rc++
@@ -916,6 +914,11 @@ SPL_METHOD(SplDoublyLinkedList, offsetUnset)
llist->dtor(element TSRMLS_CC);
}
+ if (intern->traverse_pointer == element) {
+ SPL_LLIST_DELREF(element);
+ intern->traverse_pointer = NULL;
+ }
+
zval_ptr_dtor((zval **)&element->data);
element->data = NULL;
++++++ php-CVE-2014-4698.patch ++++++
X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Fspl%2Fspl_ar...
Index: ext/spl/spl_array.c
===================================================================
--- ext/spl/spl_array.c.orig 2014-06-25 15:06:23.000000000 +0200
+++ ext/spl/spl_array.c 2014-07-17 17:24:01.085311011 +0200
@@ -1733,6 +1733,7 @@
const unsigned char *p, *s;
php_unserialize_data_t var_hash;
zval *pmembers, *pflags = NULL;
+ HashTable *aht;
long flags;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &buf, &buf_len) == FAILURE) {
@@ -1744,6 +1745,12 @@
return;
}
+ aht = spl_array_get_hash_table(intern, 0 TSRMLS_CC);
+ if (aht->nApplyCount > 0) {
+ zend_error(E_WARNING, "Modification of ArrayObject during sorting is prohibited");
+ return;
+ }
+
/* storage */
s = p = (const unsigned char*)buf;
PHP_VAR_UNSERIALIZE_INIT(var_hash);
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org