Re: [oe] [meta-oe][dizzy]PATCH] php5: update to later minor version 5.4.36
On 01/12/2015 06:40 AM, Martin Jansa wrote:
On Mon, Jan 12, 2015 at 04:30:34AM -0800, Armin Kuster wrote:
Dizzy is missing several CVE's and upgrading to a later version within the same
series seems reasonable since most changes are bugfixes or Security releated.
if you are ok with this approach, please Ack and I will stage this with the
next series of updates I am working on.
Looks good, except missing [ before PATCH] which breaks commit
subject when cherry-picking from patchwor.
k. thanks. I found a typo in the README, it is missing the [ in the
patch submission example (cutpaste). I will send a fix the next time I
send patches.
kind regards,
Armin
- armin
18-Dec-2014
Core:
Upgraded crypt_blowfish to version 1.3.
Fixed bug #68545 (NULL pointer dereference in unserialize.c).
Fixed bug #68594 (Use after free vulnerability in unserialize()).
(CVE-2014-8142)
Mcrypt:
Fixed possible read after end of buffer and use after free.
13 Nov 2014
Core:
Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in
zend_hash_copy).
Fileinfo:
Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers).
(CVE-2014-3710)
GMP:
Fixed bug #63595 (GMP memory management conflicts with other libraries
using GMP).
PDO_pgsql:
Fixed bug #66584 (Segmentation fault on statement deallocation).
16 Oct 2014
Fileinfo:
Fixed bug #66242 (libmagic: don't assume char is signed).
Core:
Fixed bug #67985 (Incorrect last used array index copied to new array
after unset).
Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)).
(CVE-2014-3669)
cURL:
Fixed bug #68089 (NULL byte injection - cURL lib).
EXIF:
Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670)
OpenSSL:
Reverted fixes for bug #41631, due to regressions.
XMLRPC:
Fixed bug #68027 (Global buffer overflow in mkgmtime() function).
(CVE-2014-3668)
Signed-off-by: Armin Kuster akuster...@gmail.com
---
meta-oe/recipes-devtools/php/{php_5.4.33.bb = php_5.4.36.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta-oe/recipes-devtools/php/{php_5.4.33.bb = php_5.4.36.bb} (97%)
diff --git a/meta-oe/recipes-devtools/php/php_5.4.33.bb
b/meta-oe/recipes-devtools/php/php_5.4.36.bb
similarity index 97%
rename from meta-oe/recipes-devtools/php/php_5.4.33.bb
rename to meta-oe/recipes-devtools/php/php_5.4.36.bb
index 6fdfe0f..43c7736 100644
--- a/meta-oe/recipes-devtools/php/php_5.4.33.bb
+++ b/meta-oe/recipes-devtools/php/php_5.4.36.bb
@@ -30,8 +30,8 @@ SRC_URI_append_class-target += \
file://php-fpm-apache.conf \
-SRC_URI[md5sum] = c6878bb1cdb46bfc1e1a5cd67a024737
-SRC_URI[sha256sum] =
1a75b2d0835e74b8886cd3980d9598a0e06691441bb7f91d19b74c2278e40bb5
+SRC_URI[md5sum] = 70e223be4bb460e465b7a9d7cb5b9cac
+SRC_URI[sha256sum] =
b0951608c3e8afb978a624c7f79a889980210f5258f666c1d997bd6491e13241
S = ${WORKDIR}/php-${PV}
--
1.9.1
--
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel
--
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel
Re: [oe] [meta-oe][dizzy]PATCH] php5: update to later minor version 5.4.36
Yes. I am fine with those changes.
Those also fix some issues people where having using the RPM backend
with the generated PHP package, it seems. So please, go ahead.
On Mon, Jan 12, 2015 at 10:30 AM, Armin Kuster akuster...@gmail.com wrote:
Dizzy is missing several CVE's and upgrading to a later version within the
same
series seems reasonable since most changes are bugfixes or Security releated.
if you are ok with this approach, please Ack and I will stage this with the
next series of updates I am working on.
- armin
18-Dec-2014
Core:
Upgraded crypt_blowfish to version 1.3.
Fixed bug #68545 (NULL pointer dereference in unserialize.c).
Fixed bug #68594 (Use after free vulnerability in unserialize()).
(CVE-2014-8142)
Mcrypt:
Fixed possible read after end of buffer and use after free.
13 Nov 2014
Core:
Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in
zend_hash_copy).
Fileinfo:
Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers).
(CVE-2014-3710)
GMP:
Fixed bug #63595 (GMP memory management conflicts with other libraries
using GMP).
PDO_pgsql:
Fixed bug #66584 (Segmentation fault on statement deallocation).
16 Oct 2014
Fileinfo:
Fixed bug #66242 (libmagic: don't assume char is signed).
Core:
Fixed bug #67985 (Incorrect last used array index copied to new array
after unset).
Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)).
(CVE-2014-3669)
cURL:
Fixed bug #68089 (NULL byte injection - cURL lib).
EXIF:
Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670)
OpenSSL:
Reverted fixes for bug #41631, due to regressions.
XMLRPC:
Fixed bug #68027 (Global buffer overflow in mkgmtime() function).
(CVE-2014-3668)
Signed-off-by: Armin Kuster akuster...@gmail.com
---
meta-oe/recipes-devtools/php/{php_5.4.33.bb = php_5.4.36.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta-oe/recipes-devtools/php/{php_5.4.33.bb = php_5.4.36.bb} (97%)
diff --git a/meta-oe/recipes-devtools/php/php_5.4.33.bb
b/meta-oe/recipes-devtools/php/php_5.4.36.bb
similarity index 97%
rename from meta-oe/recipes-devtools/php/php_5.4.33.bb
rename to meta-oe/recipes-devtools/php/php_5.4.36.bb
index 6fdfe0f..43c7736 100644
--- a/meta-oe/recipes-devtools/php/php_5.4.33.bb
+++ b/meta-oe/recipes-devtools/php/php_5.4.36.bb
@@ -30,8 +30,8 @@ SRC_URI_append_class-target += \
file://php-fpm-apache.conf \
-SRC_URI[md5sum] = c6878bb1cdb46bfc1e1a5cd67a024737
-SRC_URI[sha256sum] =
1a75b2d0835e74b8886cd3980d9598a0e06691441bb7f91d19b74c2278e40bb5
+SRC_URI[md5sum] = 70e223be4bb460e465b7a9d7cb5b9cac
+SRC_URI[sha256sum] =
b0951608c3e8afb978a624c7f79a889980210f5258f666c1d997bd6491e13241
S = ${WORKDIR}/php-${PV}
--
1.9.1
--
Otavio Salvador O.S. Systems
http://www.ossystems.com.brhttp://code.ossystems.com.br
Mobile: +55 (53) 9981-7854Mobile: +1 (347) 903-9750
--
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel
Re: [oe] [meta-oe][dizzy]PATCH] php5: update to later minor version 5.4.36
On Mon, Jan 12, 2015 at 04:30:34AM -0800, Armin Kuster wrote:
Dizzy is missing several CVE's and upgrading to a later version within the
same
series seems reasonable since most changes are bugfixes or Security releated.
if you are ok with this approach, please Ack and I will stage this with the
next series of updates I am working on.
Looks good, except missing [ before PATCH] which breaks commit
subject when cherry-picking from patchwor.
- armin
18-Dec-2014
Core:
Upgraded crypt_blowfish to version 1.3.
Fixed bug #68545 (NULL pointer dereference in unserialize.c).
Fixed bug #68594 (Use after free vulnerability in unserialize()).
(CVE-2014-8142)
Mcrypt:
Fixed possible read after end of buffer and use after free.
13 Nov 2014
Core:
Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in
zend_hash_copy).
Fileinfo:
Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers).
(CVE-2014-3710)
GMP:
Fixed bug #63595 (GMP memory management conflicts with other libraries
using GMP).
PDO_pgsql:
Fixed bug #66584 (Segmentation fault on statement deallocation).
16 Oct 2014
Fileinfo:
Fixed bug #66242 (libmagic: don't assume char is signed).
Core:
Fixed bug #67985 (Incorrect last used array index copied to new array
after unset).
Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)).
(CVE-2014-3669)
cURL:
Fixed bug #68089 (NULL byte injection - cURL lib).
EXIF:
Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670)
OpenSSL:
Reverted fixes for bug #41631, due to regressions.
XMLRPC:
Fixed bug #68027 (Global buffer overflow in mkgmtime() function).
(CVE-2014-3668)
Signed-off-by: Armin Kuster akuster...@gmail.com
---
meta-oe/recipes-devtools/php/{php_5.4.33.bb = php_5.4.36.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta-oe/recipes-devtools/php/{php_5.4.33.bb = php_5.4.36.bb} (97%)
diff --git a/meta-oe/recipes-devtools/php/php_5.4.33.bb
b/meta-oe/recipes-devtools/php/php_5.4.36.bb
similarity index 97%
rename from meta-oe/recipes-devtools/php/php_5.4.33.bb
rename to meta-oe/recipes-devtools/php/php_5.4.36.bb
index 6fdfe0f..43c7736 100644
--- a/meta-oe/recipes-devtools/php/php_5.4.33.bb
+++ b/meta-oe/recipes-devtools/php/php_5.4.36.bb
@@ -30,8 +30,8 @@ SRC_URI_append_class-target += \
file://php-fpm-apache.conf \
-SRC_URI[md5sum] = c6878bb1cdb46bfc1e1a5cd67a024737
-SRC_URI[sha256sum] =
1a75b2d0835e74b8886cd3980d9598a0e06691441bb7f91d19b74c2278e40bb5
+SRC_URI[md5sum] = 70e223be4bb460e465b7a9d7cb5b9cac
+SRC_URI[sha256sum] =
b0951608c3e8afb978a624c7f79a889980210f5258f666c1d997bd6491e13241
S = ${WORKDIR}/php-${PV}
--
1.9.1
--
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel
--
Martin 'JaMa' Jansa jabber: martin.ja...@gmail.com
signature.asc
Description: Digital signature
--
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel
