Re: [oe] [meta-oe][dizzy]PATCH] php5: update to later minor version 5.4.36
On 01/12/2015 06:40 AM, Martin Jansa wrote: On Mon, Jan 12, 2015 at 04:30:34AM -0800, Armin Kuster wrote: Dizzy is missing several CVE's and upgrading to a later version within the same series seems reasonable since most changes are bugfixes or Security releated. if you are ok with this approach, please Ack and I will stage this with the next series of updates I am working on. Looks good, except missing [ before PATCH] which breaks commit subject when cherry-picking from patchwor. k. thanks. I found a typo in the README, it is missing the [ in the patch submission example (cutpaste). I will send a fix the next time I send patches. kind regards, Armin - armin 18-Dec-2014 Core: Upgraded crypt_blowfish to version 1.3. Fixed bug #68545 (NULL pointer dereference in unserialize.c). Fixed bug #68594 (Use after free vulnerability in unserialize()). (CVE-2014-8142) Mcrypt: Fixed possible read after end of buffer and use after free. 13 Nov 2014 Core: Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in zend_hash_copy). Fileinfo: Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers). (CVE-2014-3710) GMP: Fixed bug #63595 (GMP memory management conflicts with other libraries using GMP). PDO_pgsql: Fixed bug #66584 (Segmentation fault on statement deallocation). 16 Oct 2014 Fileinfo: Fixed bug #66242 (libmagic: don't assume char is signed). Core: Fixed bug #67985 (Incorrect last used array index copied to new array after unset). Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)). (CVE-2014-3669) cURL: Fixed bug #68089 (NULL byte injection - cURL lib). EXIF: Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670) OpenSSL: Reverted fixes for bug #41631, due to regressions. XMLRPC: Fixed bug #68027 (Global buffer overflow in mkgmtime() function). (CVE-2014-3668) Signed-off-by: Armin Kuster akuster...@gmail.com --- meta-oe/recipes-devtools/php/{php_5.4.33.bb = php_5.4.36.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta-oe/recipes-devtools/php/{php_5.4.33.bb = php_5.4.36.bb} (97%) diff --git a/meta-oe/recipes-devtools/php/php_5.4.33.bb b/meta-oe/recipes-devtools/php/php_5.4.36.bb similarity index 97% rename from meta-oe/recipes-devtools/php/php_5.4.33.bb rename to meta-oe/recipes-devtools/php/php_5.4.36.bb index 6fdfe0f..43c7736 100644 --- a/meta-oe/recipes-devtools/php/php_5.4.33.bb +++ b/meta-oe/recipes-devtools/php/php_5.4.36.bb @@ -30,8 +30,8 @@ SRC_URI_append_class-target += \ file://php-fpm-apache.conf \ -SRC_URI[md5sum] = c6878bb1cdb46bfc1e1a5cd67a024737 -SRC_URI[sha256sum] = 1a75b2d0835e74b8886cd3980d9598a0e06691441bb7f91d19b74c2278e40bb5 +SRC_URI[md5sum] = 70e223be4bb460e465b7a9d7cb5b9cac +SRC_URI[sha256sum] = b0951608c3e8afb978a624c7f79a889980210f5258f666c1d997bd6491e13241 S = ${WORKDIR}/php-${PV} -- 1.9.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
Re: [oe] [meta-oe][dizzy]PATCH] php5: update to later minor version 5.4.36
Yes. I am fine with those changes. Those also fix some issues people where having using the RPM backend with the generated PHP package, it seems. So please, go ahead. On Mon, Jan 12, 2015 at 10:30 AM, Armin Kuster akuster...@gmail.com wrote: Dizzy is missing several CVE's and upgrading to a later version within the same series seems reasonable since most changes are bugfixes or Security releated. if you are ok with this approach, please Ack and I will stage this with the next series of updates I am working on. - armin 18-Dec-2014 Core: Upgraded crypt_blowfish to version 1.3. Fixed bug #68545 (NULL pointer dereference in unserialize.c). Fixed bug #68594 (Use after free vulnerability in unserialize()). (CVE-2014-8142) Mcrypt: Fixed possible read after end of buffer and use after free. 13 Nov 2014 Core: Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in zend_hash_copy). Fileinfo: Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers). (CVE-2014-3710) GMP: Fixed bug #63595 (GMP memory management conflicts with other libraries using GMP). PDO_pgsql: Fixed bug #66584 (Segmentation fault on statement deallocation). 16 Oct 2014 Fileinfo: Fixed bug #66242 (libmagic: don't assume char is signed). Core: Fixed bug #67985 (Incorrect last used array index copied to new array after unset). Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)). (CVE-2014-3669) cURL: Fixed bug #68089 (NULL byte injection - cURL lib). EXIF: Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670) OpenSSL: Reverted fixes for bug #41631, due to regressions. XMLRPC: Fixed bug #68027 (Global buffer overflow in mkgmtime() function). (CVE-2014-3668) Signed-off-by: Armin Kuster akuster...@gmail.com --- meta-oe/recipes-devtools/php/{php_5.4.33.bb = php_5.4.36.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta-oe/recipes-devtools/php/{php_5.4.33.bb = php_5.4.36.bb} (97%) diff --git a/meta-oe/recipes-devtools/php/php_5.4.33.bb b/meta-oe/recipes-devtools/php/php_5.4.36.bb similarity index 97% rename from meta-oe/recipes-devtools/php/php_5.4.33.bb rename to meta-oe/recipes-devtools/php/php_5.4.36.bb index 6fdfe0f..43c7736 100644 --- a/meta-oe/recipes-devtools/php/php_5.4.33.bb +++ b/meta-oe/recipes-devtools/php/php_5.4.36.bb @@ -30,8 +30,8 @@ SRC_URI_append_class-target += \ file://php-fpm-apache.conf \ -SRC_URI[md5sum] = c6878bb1cdb46bfc1e1a5cd67a024737 -SRC_URI[sha256sum] = 1a75b2d0835e74b8886cd3980d9598a0e06691441bb7f91d19b74c2278e40bb5 +SRC_URI[md5sum] = 70e223be4bb460e465b7a9d7cb5b9cac +SRC_URI[sha256sum] = b0951608c3e8afb978a624c7f79a889980210f5258f666c1d997bd6491e13241 S = ${WORKDIR}/php-${PV} -- 1.9.1 -- Otavio Salvador O.S. Systems http://www.ossystems.com.brhttp://code.ossystems.com.br Mobile: +55 (53) 9981-7854Mobile: +1 (347) 903-9750 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
Re: [oe] [meta-oe][dizzy]PATCH] php5: update to later minor version 5.4.36
On Mon, Jan 12, 2015 at 04:30:34AM -0800, Armin Kuster wrote: Dizzy is missing several CVE's and upgrading to a later version within the same series seems reasonable since most changes are bugfixes or Security releated. if you are ok with this approach, please Ack and I will stage this with the next series of updates I am working on. Looks good, except missing [ before PATCH] which breaks commit subject when cherry-picking from patchwor. - armin 18-Dec-2014 Core: Upgraded crypt_blowfish to version 1.3. Fixed bug #68545 (NULL pointer dereference in unserialize.c). Fixed bug #68594 (Use after free vulnerability in unserialize()). (CVE-2014-8142) Mcrypt: Fixed possible read after end of buffer and use after free. 13 Nov 2014 Core: Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in zend_hash_copy). Fileinfo: Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers). (CVE-2014-3710) GMP: Fixed bug #63595 (GMP memory management conflicts with other libraries using GMP). PDO_pgsql: Fixed bug #66584 (Segmentation fault on statement deallocation). 16 Oct 2014 Fileinfo: Fixed bug #66242 (libmagic: don't assume char is signed). Core: Fixed bug #67985 (Incorrect last used array index copied to new array after unset). Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)). (CVE-2014-3669) cURL: Fixed bug #68089 (NULL byte injection - cURL lib). EXIF: Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670) OpenSSL: Reverted fixes for bug #41631, due to regressions. XMLRPC: Fixed bug #68027 (Global buffer overflow in mkgmtime() function). (CVE-2014-3668) Signed-off-by: Armin Kuster akuster...@gmail.com --- meta-oe/recipes-devtools/php/{php_5.4.33.bb = php_5.4.36.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta-oe/recipes-devtools/php/{php_5.4.33.bb = php_5.4.36.bb} (97%) diff --git a/meta-oe/recipes-devtools/php/php_5.4.33.bb b/meta-oe/recipes-devtools/php/php_5.4.36.bb similarity index 97% rename from meta-oe/recipes-devtools/php/php_5.4.33.bb rename to meta-oe/recipes-devtools/php/php_5.4.36.bb index 6fdfe0f..43c7736 100644 --- a/meta-oe/recipes-devtools/php/php_5.4.33.bb +++ b/meta-oe/recipes-devtools/php/php_5.4.36.bb @@ -30,8 +30,8 @@ SRC_URI_append_class-target += \ file://php-fpm-apache.conf \ -SRC_URI[md5sum] = c6878bb1cdb46bfc1e1a5cd67a024737 -SRC_URI[sha256sum] = 1a75b2d0835e74b8886cd3980d9598a0e06691441bb7f91d19b74c2278e40bb5 +SRC_URI[md5sum] = 70e223be4bb460e465b7a9d7cb5b9cac +SRC_URI[sha256sum] = b0951608c3e8afb978a624c7f79a889980210f5258f666c1d997bd6491e13241 S = ${WORKDIR}/php-${PV} -- 1.9.1 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel -- Martin 'JaMa' Jansa jabber: martin.ja...@gmail.com signature.asc Description: Digital signature -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel