Hello community, here is the log from the commit of package php5 for openSUSE:Factory checked in at 2015-09-08 17:38:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/php5 (Old) and /work/SRC/openSUSE:Factory/.php5.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "php5" Changes: -------- --- /work/SRC/openSUSE:Factory/php5/php5.changes 2015-08-11 08:25:11.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.php5.new/php5.changes 2015-09-08 17:38:33.000000000 +0200 @@ -1,0 +2,14 @@ +Fri Sep 4 18:27:35 UTC 2015 - [email protected] + +- updated to 5.6.13: + * 11 security-related issues were fixed in this release. + * refreshed php5-systzdata-r12.patch + +------------------------------------------------------------------- +Fri Sep 4 17:22:04 UTC 2015 - [email protected] + +- fixed segfault in odbc extension when result set is containing + NULL (php bugs #52554, #53007) [bnc#935074] (internal) + + php-odbc-cmp-int-cast.patch + +------------------------------------------------------------------- Old: ---- php-5.6.12.tar.xz php-5.6.12.tar.xz.asc New: ---- php-5.6.13.tar.xz php-5.6.13.tar.xz.asc php-odbc-cmp-int-cast.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ php5.spec ++++++ --- /var/tmp/diff_new_pack.QdbRUm/_old 2015-09-08 17:39:00.000000000 +0200 +++ /var/tmp/diff_new_pack.QdbRUm/_new 2015-09-08 17:39:00.000000000 +0200 @@ -108,7 +108,7 @@ %define php_sysconf %{_sysconfdir}/%{pkg_name} %define _x11prefix %(pkg-config --variable=prefix xft) %define need_libxml2_hack %(if [ -e %{_includedir}/libxml/parser.h ]; then if grep -q XML_PARSE_OLDSAX %{_includedir}/libxml/parser.h;then echo 1; else echo 0; fi; else echo 0; fi) -Version: 5.6.12 +Version: 5.6.13 Release: 0 Provides: php Provides: php-api = %{apiver} @@ -180,6 +180,7 @@ Patch17: php5-per-mod-log.patch Patch18: php5-apache24-updates.patch Patch19: php5-crypto-checks.patch +Patch20: php-odbc-cmp-int-cast.patch Url: http://www.php.net BuildRoot: %{_tmppath}/%{name}-%{version}-build Summary: PHP5 Core Files @@ -1312,7 +1313,7 @@ %patch4 %patch5 %patch6 -%patch7 -p1 +%patch7 %patch8 %patch10 %if %{need_libxml2_hack} @@ -1329,6 +1330,7 @@ %patch17 -p1 %patch18 -p1 %patch19 +%patch20 # Safety check for API version change. vapi=`sed -n '/#define PHP_API_VERSION/{s/.* //;p}' main/php.h` if test "x${vapi}" != "x%{apiver}"; then ++++++ php-5.6.12.tar.xz -> php-5.6.13.tar.xz ++++++ /work/SRC/openSUSE:Factory/php5/php-5.6.12.tar.xz /work/SRC/openSUSE:Factory/.php5.new/php-5.6.13.tar.xz differ: char 26, line 1 ++++++ php-odbc-cmp-int-cast.patch ++++++ https://bugs.php.net/bug.php?id=53007 Index: ext/odbc/php_odbc.c =================================================================== --- ext/odbc/php_odbc.c.orig 2015-09-02 14:55:18.156673247 +0200 +++ ext/odbc/php_odbc.c 2015-09-02 14:58:03.711981310 +0200 @@ -1749,7 +1749,7 @@ if (rc == SQL_SUCCESS_WITH_INFO) { Z_STRLEN_P(tmp) = result->longreadlen; - } else if (result->values[i].vallen == SQL_NULL_DATA) { + } else if ((int)result->values[i].vallen == (int)SQL_NULL_DATA) { ZVAL_NULL(tmp); break; } else { @@ -1759,7 +1759,7 @@ break; default: - if (result->values[i].vallen == SQL_NULL_DATA) { + if ((int)result->values[i].vallen == (int)SQL_NULL_DATA) { ZVAL_NULL(tmp); break; } @@ -1900,7 +1900,7 @@ } if (rc == SQL_SUCCESS_WITH_INFO) { Z_STRLEN_P(tmp) = result->longreadlen; - } else if (result->values[i].vallen == SQL_NULL_DATA) { + } else if ((int)result->values[i].vallen == (int)SQL_NULL_DATA) { ZVAL_NULL(tmp); break; } else { @@ -1910,7 +1910,7 @@ break; default: - if (result->values[i].vallen == SQL_NULL_DATA) { + if ((int)result->values[i].vallen == (int)SQL_NULL_DATA) { ZVAL_NULL(tmp); break; } @@ -2129,7 +2129,7 @@ RETURN_FALSE; } - if (result->values[field_ind].vallen == SQL_NULL_DATA) { + if ((int)result->values[field_ind].vallen == (int)SQL_NULL_DATA) { efree(field); RETURN_NULL(); } else if (rc == SQL_NO_DATA_FOUND) { @@ -2148,7 +2148,7 @@ break; default: - if (result->values[field_ind].vallen == SQL_NULL_DATA) { + if ((int)result->values[field_ind].vallen == (int)SQL_NULL_DATA) { RETURN_NULL(); } else { RETURN_STRINGL(result->values[field_ind].value, result->values[field_ind].vallen, 1); @@ -2172,7 +2172,7 @@ RETURN_FALSE; } - if (result->values[field_ind].vallen == SQL_NULL_DATA) { + if ((int)result->values[field_ind].vallen == (int)SQL_NULL_DATA) { efree(field); RETURN_NULL(); } @@ -2276,7 +2276,7 @@ } if (rc == SQL_SUCCESS_WITH_INFO) { PHPWRITE(buf, result->longreadlen); - } else if (result->values[i].vallen == SQL_NULL_DATA) { + } else if ((int)result->values[i].vallen == (int)SQL_NULL_DATA) { php_printf("<td>NULL</td>"); break; } else { @@ -2285,7 +2285,7 @@ php_printf("</td>"); break; default: - if (result->values[i].vallen == SQL_NULL_DATA) { + if ((int)result->values[i].vallen == (int)SQL_NULL_DATA) { php_printf("<td>NULL</td>"); } else { php_printf("<td>%s</td>", result->values[i].value); ++++++ php5-systzdata-r12.patch ++++++ --- /var/tmp/diff_new_pack.QdbRUm/_old 2015-09-08 17:39:01.000000000 +0200 +++ /var/tmp/diff_new_pack.QdbRUm/_new 2015-09-08 17:39:01.000000000 +0200 @@ -21,9 +21,10 @@ r2: add filesystem trawl to set up name alias index r1: initial revision -diff -up php-5.6.9RC1/ext/date/lib/parse_tz.c.systzdata php-5.6.9RC1/ext/date/lib/parse_tz.c ---- php-5.6.9RC1/ext/date/lib/parse_tz.c.systzdata 2015-04-30 00:00:18.000000000 +0200 -+++ php-5.6.9RC1/ext/date/lib/parse_tz.c 2015-04-30 06:36:47.019617321 +0200 +Index: ext/date/lib/parse_tz.c +=================================================================== +--- ext/date/lib/parse_tz.c.orig 2015-09-03 02:02:45.000000000 +0200 ++++ ext/date/lib/parse_tz.c 2015-09-04 20:37:49.811049275 +0200 @@ -20,6 +20,16 @@ #include "timelib.h" @@ -41,12 +42,12 @@ #include <stdio.h> #ifdef HAVE_LOCALE_H -@@ -31,7 +41,12 @@ - #else +@@ -32,8 +42,12 @@ #include <strings.h> #endif -+ + +#ifndef HAVE_SYSTEM_TZDATA + #define TIMELIB_SUPPORTS_V2DATA #include "timezonedb.h" +#endif + @@ -54,7 +55,7 @@ #if (defined(__APPLE__) || defined(__APPLE_CC__)) && (defined(__BIG_ENDIAN__) || defined(__LITTLE_ENDIAN__)) # if defined(__LITTLE_ENDIAN__) -@@ -53,6 +68,10 @@ static int read_preamble(const unsigned +@@ -55,6 +69,10 @@ { uint32_t version; @@ -65,7 +66,7 @@ /* read ID */ version = (*tzf)[3] - '0'; *tzf += 4; -@@ -296,7 +315,418 @@ void timelib_dump_tzinfo(timelib_tzinfo +@@ -298,7 +316,418 @@ } } @@ -485,7 +486,7 @@ { int left = 0, right = tzdb->index_size - 1; #ifdef HAVE_SETLOCALE -@@ -335,21 +765,87 @@ static int seek_to_tz_position(const uns +@@ -337,21 +766,87 @@ return 0; } @@ -574,7 +575,7 @@ } static void skip_64bit_preamble(const unsigned char **tzf, timelib_tzinfo *tz) -@@ -374,24 +870,54 @@ static void read_64bit_header(const unsi +@@ -376,24 +871,54 @@ timelib_tzinfo *timelib_parse_tzfile(char *timezone, const timelib_tzdb *tzdb) { const unsigned char *tzf; @@ -638,10 +639,11 @@ } else { tmp = NULL; } -diff -up php-5.6.9RC1/ext/date/lib/timelib.m4.systzdata php-5.6.9RC1/ext/date/lib/timelib.m4 ---- php-5.6.9RC1/ext/date/lib/timelib.m4.systzdata 2015-04-30 00:00:18.000000000 +0200 -+++ php-5.6.9RC1/ext/date/lib/timelib.m4 2015-04-30 06:32:08.549500385 +0200 -@@ -78,3 +78,17 @@ stdlib.h +Index: ext/date/lib/timelib.m4 +=================================================================== +--- ext/date/lib/timelib.m4.orig 2015-09-03 02:02:45.000000000 +0200 ++++ ext/date/lib/timelib.m4 2015-09-04 20:34:54.029606489 +0200 +@@ -78,3 +78,17 @@ dnl Check for strtoll, atoll AC_CHECK_FUNCS(strtoll atoll strftime) @@ -659,4 +661,3 @@ + fi +fi + -
