PHP 5.3.15

Sat, 21 Jul 2012 03:52:57 -0700 

too late for 5.2, but here's a diff for PHP 5.3.15, fixing a potential oerflow
in _php_stream_scandir (CVE-2012-2688), various memory corruption errors,
SHA256/512 segfaults with malformed salt, php-fpm segfaults, SQLite
open_basedir bypass (CVE-2012-3365) and a whole stack of memory leaks,

Index: Makefile
===================================================================
RCS file: /cvs/ports/lang/php/5.3/Makefile,v
retrieving revision 1.35
diff -u -p -r1.35 Makefile
--- Makefile    21 Jun 2012 06:58:51 -0000      1.35
+++ Makefile    21 Jul 2012 10:36:38 -0000
@@ -3,12 +3,9 @@
 BROKEN-hppa =  no __sync_bool_compare_and_swap support nor asm fallback
 
 PV=            5.3
-V=             ${PV}.14
+V=             ${PV}.15
 SUHOSIN_PHPV=  5.3.9
 SUHOSIN_P_V=   0.9.10
-
-REVISION=      0
-REVISION-main= 1
 
 INI_TEMPLATES= development production
 
Index: distinfo
===================================================================
RCS file: /cvs/ports/lang/php/5.3/distinfo,v
retrieving revision 1.13
diff -u -p -r1.13 distinfo
--- distinfo    16 Jun 2012 12:51:07 -0000      1.13
+++ distinfo    21 Jul 2012 10:36:38 -0000
@@ -1,15 +1,6 @@
-MD5 (php-5.3.14.tar.gz) = FIcwhlJCoDGmOO47q0qdTQ==
-MD5 (suhosin-0.9.33.tgz) = DOSYoCqCgeQnTqjjkMK0hw==
-MD5 (suhosin-patch-5.3.9-0.9.10.patch.gz) = wJmz1+rJUBirq9Qd7X8wZg==
-RMD160 (php-5.3.14.tar.gz) = PlujPHv/RAbU+fkEKpfKS3f3dgM=
-RMD160 (suhosin-0.9.33.tgz) = nGC2lbIm3cvlVisVdiKHgBI+s3I=
-RMD160 (suhosin-patch-5.3.9-0.9.10.patch.gz) = zkOSH9mxg7FUcT7NqYKU9saNXyI=
-SHA1 (php-5.3.14.tar.gz) = Soz2BW+p6e6VC1AFilULdf8ltXE=
-SHA1 (suhosin-0.9.33.tgz) = q7MMIuf+NBlVtC7HHtWXxDQ54rg=
-SHA1 (suhosin-patch-5.3.9-0.9.10.patch.gz) = e571w+CDEVTfDWKQq6CYnKkBOO0=
-SHA256 (php-5.3.14.tar.gz) = jW8foEksGOS8i8UPtbIHfJxWcvlcQ6NPfTjIVRzaYrk=
+SHA256 (php-5.3.15.tar.gz) = Ha96QRg5rOPDw+y0jO6dghkPJz3pWRm9p5UrnFTqbcg=
 SHA256 (suhosin-0.9.33.tgz) = hlsccrrppacQ/gsHoGNVVs5sg4ZT7DZNKipub1lFKcU=
 SHA256 (suhosin-patch-5.3.9-0.9.10.patch.gz) = 
RDjK6rChDGyUrun36qcD9Xmfl9TgV59DqUe7cxTjgxc=
-SIZE (php-5.3.14.tar.gz) = 14924167
+SIZE (php-5.3.15.tar.gz) = 14806681
 SIZE (suhosin-0.9.33.tgz) = 104488
 SIZE (suhosin-patch-5.3.9-0.9.10.patch.gz) = 40967
Index: patches/patch-aclocal_m4
===================================================================
RCS file: /cvs/ports/lang/php/5.3/patches/patch-aclocal_m4,v
retrieving revision 1.6
diff -u -p -r1.6 patch-aclocal_m4
--- patches/patch-aclocal_m4    16 Nov 2011 12:29:00 -0000      1.6
+++ patches/patch-aclocal_m4    21 Jul 2012 10:36:38 -0000
@@ -1,6 +1,6 @@
 $OpenBSD: patch-aclocal_m4,v 1.6 2011/11/16 12:29:00 espie Exp $
---- aclocal.m4.orig.port       Tue Aug 23 11:33:49 2011
-+++ aclocal.m4 Wed Nov 16 12:59:21 2011
+--- aclocal.m4.orig.port       Thu Jul 12 23:18:55 2012
++++ aclocal.m4 Sat Jul 21 10:36:20 2012
 @@ -194,7 +194,7 @@ dnl the path is interpreted relative to the top build-
  dnl
  dnl which array to append to?
@@ -63,7 +63,7 @@ $OpenBSD: patch-aclocal_m4,v 1.6 2011/11
        PHP_EVAL_LIBLINE($OPENSSL_LIBS, $1)
        PHP_EVAL_INCLINE($OPENSSL_INCS)
      fi
-@@ -4326,7 +4312,7 @@ bsdi[[45]]*)
+@@ -4332,7 +4318,7 @@ bsdi[[45]]*)
    need_version=no
    library_names_spec='${libname}${release}${shared_ext}$versuffix 
${libname}${release}${shared_ext}$major $libname${shared_ext}'
    soname_spec='${libname}${release}${shared_ext}$major'
@@ -72,7 +72,7 @@ $OpenBSD: patch-aclocal_m4,v 1.6 2011/11
    shlibpath_var=LD_LIBRARY_PATH
    sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib 
/lib /usr/local/lib"
    sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
-@@ -4651,7 +4637,7 @@ openbsd*)
+@@ -4657,7 +4643,7 @@ openbsd*)
      *)                         need_version=no  ;;
    esac
    library_names_spec='${libname}${release}${shared_ext}$versuffix 
${libname}${shared_ext}$versuffix'
Index: patches/patch-sapi_cgi_cgi_main_c
===================================================================
RCS file: /cvs/ports/lang/php/5.3/patches/patch-sapi_cgi_cgi_main_c,v
retrieving revision 1.5
diff -u -p -r1.5 patch-sapi_cgi_cgi_main_c
--- patches/patch-sapi_cgi_cgi_main_c   8 May 2012 21:29:16 -0000       1.5
+++ patches/patch-sapi_cgi_cgi_main_c   21 Jul 2012 10:36:38 -0000
@@ -1,7 +1,7 @@
 $OpenBSD: patch-sapi_cgi_cgi_main_c,v 1.5 2012/05/08 21:29:16 sthen Exp $
---- sapi/cgi/cgi_main.c.orig.port      Fri May  4 01:28:40 2012
-+++ sapi/cgi/cgi_main.c        Fri May  4 01:28:42 2012
-@@ -1486,6 +1486,7 @@ int main(int argc, char *argv[])
+--- sapi/cgi/cgi_main.c.orig.port      Sat Jul 21 10:36:15 2012
++++ sapi/cgi/cgi_main.c        Sat Jul 21 10:36:15 2012
+@@ -1487,6 +1487,7 @@ int main(int argc, char *argv[])
        char *orig_optarg = php_optarg;
        char *script_file = NULL;
        int ini_entries_len = 0;
@@ -9,7 +9,7 @@ $OpenBSD: patch-sapi_cgi_cgi_main_c,v 1.
        /* end of temporary locals */
  
  #ifdef ZTS
-@@ -1538,8 +1539,12 @@ int main(int argc, char *argv[])
+@@ -1539,8 +1540,12 @@ int main(int argc, char *argv[])
        tsrm_ls = ts_resource(0);
  #endif
  
Index: patches/patch-sapi_fpm_config_m4
===================================================================
RCS file: /cvs/ports/lang/php/5.3/patches/patch-sapi_fpm_config_m4,v
retrieving revision 1.3
diff -u -p -r1.3 patch-sapi_fpm_config_m4
--- patches/patch-sapi_fpm_config_m4    21 Jan 2012 23:34:35 -0000      1.3
+++ patches/patch-sapi_fpm_config_m4    21 Jul 2012 10:36:38 -0000
@@ -1,6 +1,6 @@
---- sapi/fpm/config.m4.orig.port       Sat Oct  8 22:04:10 2011
-+++ sapi/fpm/config.m4 Wed Jan 18 13:57:26 2012
-@@ -594,7 +594,9 @@ if test "$PHP_FPM" != "no"; then
+--- sapi/fpm/config.m4.orig.port       Thu Jul 12 23:17:37 2012
++++ sapi/fpm/config.m4 Sat Jul 21 10:36:15 2012
+@@ -595,7 +595,9 @@ if test "$PHP_FPM" != "no"; then
    
    PHP_FPM_CFLAGS="-I$abs_srcdir/sapi/fpm"
   
@@ -11,7 +11,7 @@
    PHP_FPM_FILES="fpm/fastcgi.c \
      fpm/fpm.c \
      fpm/fpm_children.c \
-@@ -626,7 +628,8 @@ if test "$PHP_FPM" != "no"; then
+@@ -627,7 +629,8 @@ if test "$PHP_FPM" != "no"; then
                fpm/events/port.c \
    "
  
@@ -21,7 +21,7 @@
  
    case $host_alias in
        *aix*)
-@@ -636,11 +639,19 @@ if test "$PHP_FPM" != "no"; then
+@@ -637,11 +640,19 @@ if test "$PHP_FPM" != "no"; then
          BUILD_FPM="\$(CC) \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) 
\$(EXTRA_LDFLAGS_PROGRAM) \$(LDFLAGS) \$(NATIVE_RPATHS) 
\$(PHP_GLOBAL_OBJS:.lo=.o) \$(PHP_SAPI_OBJS:.lo=.o) \$(PHP_FRAMEWORKS) 
\$(EXTRA_LIBS) \$(SAPI_EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -o \$(SAPI_FPM_PATH)"
        ;;
        *)
Index: patches/patch-sapi_fpm_php-fpm_conf_in
===================================================================
RCS file: /cvs/ports/lang/php/5.3/patches/patch-sapi_fpm_php-fpm_conf_in,v
retrieving revision 1.3
diff -u -p -r1.3 patch-sapi_fpm_php-fpm_conf_in
--- patches/patch-sapi_fpm_php-fpm_conf_in      21 Jan 2012 23:59:43 -0000      
1.3
+++ patches/patch-sapi_fpm_php-fpm_conf_in      21 Jul 2012 10:36:38 -0000
@@ -1,7 +1,7 @@
 $OpenBSD: patch-sapi_fpm_php-fpm_conf_in,v 1.3 2012/01/21 23:59:43 sthen Exp $
---- sapi/fpm/php-fpm.conf.in.orig.port Sat Oct  8 22:04:10 2011
-+++ sapi/fpm/php-fpm.conf.in   Fri Jan 20 13:55:43 2012
-@@ -437,7 +437,7 @@ pm.max_spare_servers = 3
+--- sapi/fpm/php-fpm.conf.in.orig.port Thu Jul 12 23:17:37 2012
++++ sapi/fpm/php-fpm.conf.in   Sat Jul 21 10:36:15 2012
+@@ -453,7 +453,7 @@ pm.max_spare_servers = 3
  ;       possible. However, all PHP paths will be relative to the chroot
  ;       (error_log, sessions.save_path, ...).
  ; Default Value: not set

Reply via email to