diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2014-07-18 06:22:38 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2014-07-18 06:22:38 +0000 |
| commit | 8532bf89eef0b45719c695ca28fb3d1edf74dfc3 (patch) | |
| tree | 46bc3b5f4c530cadbbaa9312fc164b5deb9a5710 | |
| parent | 561ba4a7d8002837f3b1eed6237aa38f4e855d29 (diff) | |
| download | aports-8532bf89eef0b45719c695ca28fb3d1edf74dfc3.tar.bz2 aports-8532bf89eef0b45719c695ca28fb3d1edf74dfc3.tar.xz | |
main/php: security upgrade to 5.4.30 (CVE-2014-4721)
fixes #3166
| -rw-r--r-- | main/php/APKBUILD | 20 | ||||
| -rw-r--r-- | main/php/CVE-2014-4049.patch | 30 |
2 files changed, 8 insertions, 42 deletions
diff --git a/main/php/APKBUILD b/main/php/APKBUILD index 988d7fdf2c..d8dfff6671 100644 --- a/main/php/APKBUILD +++ b/main/php/APKBUILD @@ -1,8 +1,8 @@ # Contributor: Carlo Landmeter <clandmeter@gmail.com> # Maintainer: Matt Smith <mcs@darkregion.net> pkgname=php -pkgver=5.4.29 -pkgrel=1 +pkgver=5.4.30 +pkgrel=0 pkgdesc="The PHP language runtime engine" url="http://www.php.net/" arch="all" @@ -106,7 +106,6 @@ source="http://php.net/distributions/${pkgname}-${pkgver}.tar.bz2 php5-module.conf php-install-pear-xml.patch gd-iconv.patch - CVE-2014-4049.patch " _apiver="20100412" @@ -474,21 +473,18 @@ mssql() { _mv_ext mssql; } pdo_dblib() { _mv_ext pdo_dblib "php-pdo freetds"; } wddx() { _mv_ext wddx; } -md5sums="64326cef257e5af17c366fefab136e53 php-5.4.29.tar.bz2 +md5sums="a8a27fdc1d9e1020c9f8922b608326de php-5.4.30.tar.bz2 9ab162ff3428511a68aa9801c746e0d5 php-fpm.initd 67719f428f44ec004da18705cbabe2ee php5-module.conf 483bc0a85c50a9a9aedbe14a19ed4526 php-install-pear-xml.patch -3e0faaaf0abd573300d54f92325e4dba gd-iconv.patch -bd763609e1a4cd15ba0142cb7e5bc7a4 CVE-2014-4049.patch" -sha256sums="62ce3ca063cf04f6065eeac82117e43b44e20487bc0a0a8d05436e17a0b1e2a7 php-5.4.29.tar.bz2 +3e0faaaf0abd573300d54f92325e4dba gd-iconv.patch" +sha256sums="32b83644e42d57388d6e5ec700c3502cde5f5e1207395b1e361e4cb2ce496ce6 php-5.4.30.tar.bz2 96e68f7c545adcac56ed1f5824b33041e270680ca884a9cfe27e7f4ac8abfd3b php-fpm.initd ceec4d5b2a128c6a97e49830af604f0bb555bca1a86a9cd0366b828ba392257f php5-module.conf f739ca427a1dd53a388bad0823565299c5d4a5796b1171b892884e4d7d099bab php-install-pear-xml.patch -acbbc559063e04f69b3c481af007c00541846750c7d47a6daeb72b22c1b793fe gd-iconv.patch -fc2275931dee760718a935d7247e57b36879ae6adba4ecdc2e5b824f3834db05 CVE-2014-4049.patch" -sha512sums="bfde669baba0cba50e0986cb6b819abf2a3c33ff5fd5b0c508565bdf9491ada6496681bb2551174415336696556bb61ff1258579beddd4583bcc7df551545ecf php-5.4.29.tar.bz2 +acbbc559063e04f69b3c481af007c00541846750c7d47a6daeb72b22c1b793fe gd-iconv.patch" +sha512sums="02e1fdc49420cdf3611503e3f65ad7272fe069f9a3be4edad8ad142bed42658cef25e97dbdab4e99a3f85874505e47dafd15bfe008663e31ad5fcb78e0929a17 php-5.4.30.tar.bz2 33247a1c9188eba893bb0be13456eeeec9b971c7f482a4e2bd0f318fb63d8c67d379a021840768bef8e4d630be859c5bdb424c1e90b9b816ec691c078147e915 php-fpm.initd 895e94c791bd82060ad820fef049d366a09c932097faa6b7b9a2c2e9e00a18cb7c0f9b128679c7659b404379266fd0f95dba5c0333f626194cf60f7bf6044102 php5-module.conf f1177cbf6b1f44402f421c3d317aab1a2a40d0b1209c11519c1158df337c8945f3a313d689c939768584f3e4edbe52e8bd6103fb6777462326a9d94e8ab1f505 php-install-pear-xml.patch -18836154d589fd105e220ad12557789bf4f253f91fb11292c27a96f8ab4ba1619bc21a2f8e5e9df296fb9914c0d94394baad79ffbf9a459d56f7e0a6558094f4 gd-iconv.patch -d852e632b145d6157469bea7f76128ddec8a0634739c302d5888d6a135246ecb44ff7d65e9557049b0e655845b79c9f6ebed2afca8402d34b2ee5cae9ad71220 CVE-2014-4049.patch" +18836154d589fd105e220ad12557789bf4f253f91fb11292c27a96f8ab4ba1619bc21a2f8e5e9df296fb9914c0d94394baad79ffbf9a459d56f7e0a6558094f4 gd-iconv.patch" diff --git a/main/php/CVE-2014-4049.patch b/main/php/CVE-2014-4049.patch deleted file mode 100644 index c614d432c9..0000000000 --- a/main/php/CVE-2014-4049.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 4f73394fdd95d3165b4391e1b0dedd57fced8c3b Mon Sep 17 00:00:00 2001 -From: Sara Golemon <pollita@php.net> -Date: Tue, 10 Jun 2014 11:18:02 -0700 -Subject: [PATCH] Fix potential segfault in dns_get_record() - -If the remote sends us a packet with a malformed TXT record, -we could end up trying to over-consume the packet and wander -off into overruns. ---- - ext/standard/dns.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/ext/standard/dns.c b/ext/standard/dns.c -index 6a89446..214a7dc 100644 ---- a/ext/standard/dns.c -+++ b/ext/standard/dns.c -@@ -517,6 +517,10 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int - - while (ll < dlen) { - n = cp[ll]; -+ if ((ll + n) >= dlen) { -+ // Invalid chunk length, truncate -+ n = dlen - (ll + 1); -+ } - memcpy(tp + ll , cp + ll + 1, n); - add_next_index_stringl(entries, cp + ll + 1, n, 1); - ll = ll + n + 1; --- -1.9.3 - |