commit php5 for openSUSE:Factory

Tue, 24 Jun 2014 21:58:25 -0700 

Hello community,

here is the log from the commit of package php5 for openSUSE:Factory checked in 
at 2014-06-25 06:57:27
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/php5 (Old)
 and      /work/SRC/openSUSE:Factory/.php5.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "php5"

Changes:
--------
--- /work/SRC/openSUSE:Factory/php5/php5.changes        2014-05-10 
08:32:06.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.php5.new/php5.changes   2014-06-25 
06:57:32.000000000 +0200
@@ -1,0 +2,25 @@
+Tue Jun 17 15:56:53 UTC 2014 - [email protected]
+
+- security update
+  * php-5.5.13-CVE-2014-4049.patch [bnc#882992]
+
+-------------------------------------------------------------------
+Tue Jun 17 07:17:37 UTC 2014 - [email protected]
+
+- php5-5.5.10-CVE-2014-2497.patch renamed to
+  php-5.5.10-CVE-2014-2497.patch to be consistent with other 
+  product php patches names
+
+-------------------------------------------------------------------
+Tue Jun  3 12:03:33 UTC 2014 - [email protected]
+
+- do not package latest_test_results.txt; instead, run build-test.sh
+  twice: before and after source changes
+
+-------------------------------------------------------------------
+Mon Jun  2 09:37:59 UTC 2014 - [email protected]
+
+- updated to 5.5.13: This release fixes several bugs in PHP 5.5.12, 
+  and addresses two CVEs in Fileinfo (CVE-2014-0238 and CVE-2014-0237).
+
+-------------------------------------------------------------------

Old:
----
  latest_test_results.txt
  php-5.5.12.tar.bz2
  php5-5.5.10-CVE-2014-2497.patch

New:
----
  php-5.5.10-CVE-2014-2497.patch
  php-5.5.13-CVE-2014-4049.patch
  php-5.5.13.tar.bz2

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ php5.spec ++++++
--- /var/tmp/diff_new_pack.7LgcaL/_old  2014-06-25 06:57:33.000000000 +0200
+++ /var/tmp/diff_new_pack.7LgcaL/_new  2014-06-25 06:57:33.000000000 +0200
@@ -104,7 +104,7 @@
 %define apache2_includedir %(%{apxs2} -q INCLUDEDIR)
 %define apache2_serverroot %(%{apxs2} -q PREFIX)
 %define need_libxml2_hack  %(if [ -e %{_includedir}/libxml/parser.h ]; then if 
grep -q XML_PARSE_OLDSAX %{_includedir}/libxml/parser.h;then echo 1; else echo 
0; fi; else echo 0; fi)
-Version:        5.5.12
+Version:        5.5.13
 Release:        0
 Provides:       php
 Provides:       php-api = %{apiver}
@@ -144,6 +144,7 @@
 Source6:        macros.php
 Source7:        install-pear-nozlib.phar
 Source8:        php-fpm.init
+Source100:      build-test.sh
 #SUSE specific stuff
 Patch0:         php5-phpize.patch
 Patch1:         php5-apache_sapi_install.patch
@@ -175,7 +176,8 @@
 Patch19:        php5-big-file-upload.patch
 Patch20:        php5-per-mod-log.patch
 Patch21:        php5-apache24-updates.patch
-Patch22:        php5-5.5.10-CVE-2014-2497.patch
+Patch22:        php-5.5.10-CVE-2014-2497.patch
+Patch23:        php-5.5.13-CVE-2014-4049.patch
 Url:            http://www.php.net
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Summary:        PHP5 Core Files
@@ -1327,6 +1329,7 @@
 %patch20 -p1
 %patch21 -p1
 %patch22
+%patch23
 # Safety check for API version change.
 vapi=`sed -n '/#define PHP_API_VERSION/{s/.* //;p}' main/php.h`
 if test "x${vapi}" != "x%{apiver}"; then

++++++ build-test.sh ++++++
--- /var/tmp/diff_new_pack.7LgcaL/_old  2014-06-25 06:57:33.000000000 +0200
+++ /var/tmp/diff_new_pack.7LgcaL/_new  2014-06-25 06:57:33.000000000 +0200
@@ -1,10 +1,14 @@
 #!/bin/bash
-TEST_RESULT_FILE='latest_test_results.txt'
+TEST_RESULT_FILE_BEFORE='test_results.before'
+TEST_RESULT_FILE_AFTER='test_results.after'
+
 function usage
 {
   echo "usage: $0 buildroot [osc ARGUMENTS]"
-  echo '       builds php in buildroot and checks test result for regressions'
-  echo "       against $TEST_RESULT_FILE"
+  echo "       1. Run first time to create ${TEST_RESULT_FILE_BEFORE}."
+  echo "       2. Make source changes."
+  echo "       3. Run second time to create ${TEST_RESULT_FILE_AFTER}"
+  echo "          and see changes in test results."
 }
 
 if [ -z $1 ]; then
@@ -34,19 +38,18 @@
       | egrep 'TEST [0-9]+\/[0-9]+|SKIP.*reason' \
       | sed 's:.*\r::' \
       | sort \
-    > ${TEST_RESULT_FILE}.new
-
-if [ ! -e ${TEST_RESULT_FILE} ]; then
-  echo "WARNING: ${TEST_RESULT_FILE} doesnt exist, creating"
-  echo "from ${TEST_RESULT_FILE}.new"
-  mv ${TEST_RESULT_FILE}.new ${TEST_RESULT_FILE}
+    > ${TEST_RESULT_FILE_AFTER}
+if [ ! -e ${TEST_RESULT_FILE_BEFORE} ]; then
+  echo "Creating ${TEST_RESULT_FILE_BEFORE}"
+  echo "Run $0 again AFTER source changes, to create 
${TEST_RESULT_FILE_AFTER}."
+  echo "Differences will be checked then."
+  mv ${TEST_RESULT_FILE_AFTER} ${TEST_RESULT_FILE_BEFORE}
 else
   echo --- DIFFERENCES -------------------------------------------
-  diff -up $TEST_RESULT_FILE ${TEST_RESULT_FILE}.new
+  diff -up $TEST_RESULT_FILE_BEFORE ${TEST_RESULT_FILE_AFTER}
   echo -----------------------------------------------------------
   echo "Do not forgot to "
-  echo "mv ${TEST_RESULT_FILE}.new ${TEST_RESULT_FILE}"
-  echo "when regressions are not relevant."
+  echo "rm ${TEST_RESULT_FILE_BEFORE} ${TEST_RESULT_FILE_AFTER}"
   echo
 fi
 


++++++ php-5.5.10-CVE-2014-2497.patch ++++++
Description: Patch to fix PHP bug 66901.
Author: Andres Mejia <[email protected]>
Forwarded: no

Index: ext/gd/libgd/gdxpm.c
===================================================================
--- ext/gd/libgd/gdxpm.c.orig   2014-02-05 11:00:36.000000000 +0100
+++ ext/gd/libgd/gdxpm.c        2014-04-04 14:06:15.991206709 +0200
@@ -39,6 +39,14 @@
        number = image.ncolors;
        colors = (int *) safe_emalloc(number, sizeof(int), 0);
        for (i = 0; i < number; i++) {
+               if (!image.colorTable[i].c_color)
+               {
+                       /* unsupported color key or color key not defined */
+                       gdImageDestroy(im);
+                       gdFree(colors);
+                       im = 0;
+                       goto done;
+               }
                switch (strlen (image.colorTable[i].c_color)) {
                        case 4:
                                buf[1] = '\0';
++++++ php-5.5.13-CVE-2014-4049.patch ++++++
>From 4f73394fdd95d3165b4391e1b0dedd57fced8c3b Mon Sep 17 00:00:00 2001
From: Sara Golemon <[email protected]>
Date: Tue, 10 Jun 2014 11:18:02 -0700
Subject: [PATCH] Fix potential segfault in dns_get_record()

If the remote sends us a packet with a malformed TXT record,
we could end up trying to over-consume the packet and wander
off into overruns.
---
 ext/standard/dns.c | 4 ++++
 1 file changed, 4 insertions(+)

--- ext/standard/dns.c
+++ ext/standard/dns.c
@@ -517,6 +517,10 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, 
int type_to_fetch, int
                                
                                while (ll < dlen) {
                                        n = cp[ll];
+                                       if ((ll + n) >= dlen) {
+                                               // Invalid chunk length, 
truncate
+                                               n = dlen - (ll + 1);
+                                       }
                                        memcpy(tp + ll , cp + ll + 1, n);
                                        add_next_index_stringl(entries, cp + ll 
+ 1, n, 1);
                                        ll = ll + n + 1;
-- 
1.9.3

++++++ php-5.5.12.tar.bz2 -> php-5.5.13.tar.bz2 ++++++
/work/SRC/openSUSE:Factory/php5/php-5.5.12.tar.bz2 
/work/SRC/openSUSE:Factory/.php5.new/php-5.5.13.tar.bz2 differ: char 11, line 1

-- 
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to