diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2014-05-28 13:59:43 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2014-05-28 14:00:50 +0000 |
| commit | fb15cd2379b37116902c0373cf5064c8ca562e68 (patch) | |
| tree | c9c0c66040a0ee80e3b527b864970340852c2324 /main | |
| parent | f1580d6711239cfce6bf1a09e1b0251f1fc95ea1 (diff) | |
| download | aports-fb15cd2379b37116902c0373cf5064c8ca562e68.tar.bz2 aports-fb15cd2379b37116902c0373cf5064c8ca562e68.tar.xz | |
main/php: security fix for CVE-2014-0185
fixes #2937
Diffstat (limited to 'main')
| -rw-r--r-- | main/php/APKBUILD | 6 | ||||
| -rw-r--r-- | main/php/CVE-2014-0185.patch | 44 |
2 files changed, 48 insertions, 2 deletions
diff --git a/main/php/APKBUILD b/main/php/APKBUILD index aaa6911061..b382f27f6c 100644 --- a/main/php/APKBUILD +++ b/main/php/APKBUILD @@ -3,7 +3,7 @@ pkgname=php pkgver=5.3.28 _suhosinver=5.3.9-0.9.10 -pkgrel=2 +pkgrel=3 pkgdesc="The PHP language runtime engine" url="http://www.php.net/" arch="all" @@ -79,6 +79,7 @@ source="http://www.php.net/distributions/${pkgname}-${pkgver}.tar.bz2 php5-module.conf CVE-2013-6712.patch CVE-2013-7345.patch + CVE-2014-0185.patch " _apiver="20090626" @@ -451,4 +452,5 @@ c099b3d7eac95018ababd41ded7f3066 suhosin-patch-5.3.9-0.9.10.patch.gz 9ab162ff3428511a68aa9801c746e0d5 php-fpm.initd 67719f428f44ec004da18705cbabe2ee php5-module.conf 91934e87e24ff0551fc8fdc0ebb97699 CVE-2013-6712.patch -f2836636790a78ec058d3fe84045997a CVE-2013-7345.patch" +f2836636790a78ec058d3fe84045997a CVE-2013-7345.patch +66333db458742a20dda0b8a9be1900e5 CVE-2014-0185.patch" diff --git a/main/php/CVE-2014-0185.patch b/main/php/CVE-2014-0185.patch new file mode 100644 index 0000000000..eb695388e6 --- /dev/null +++ b/main/php/CVE-2014-0185.patch @@ -0,0 +1,44 @@ +From 35ceea928b12373a3b1e3eecdc32ed323223a40d Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev <stas@php.net> +Date: Tue, 15 Apr 2014 10:43:24 -0700 +Subject: [PATCH] Fix bug #67060: use default mode of 660 + +--- + NEWS | 4 +++- + sapi/fpm/fpm/fpm_unix.c | 2 +- + sapi/fpm/php-fpm.conf.in | 4 ++-- + 3 files changed, 6 insertions(+), 4 deletions(-) + +diff --git a/sapi/fpm/fpm/fpm_unix.c b/sapi/fpm/fpm/fpm_unix.c +index 48249e8..ea0e673 100644 +--- a/sapi/fpm/fpm/fpm_unix.c ++++ b/sapi/fpm/fpm/fpm_unix.c +@@ -35,7 +35,7 @@ int fpm_unix_resolve_socket_premissions(struct fpm_worker_pool_s *wp) /* {{{ */ + /* uninitialized */ + wp->socket_uid = -1; + wp->socket_gid = -1; +- wp->socket_mode = 0666; ++ wp->socket_mode = 0660; + + if (!c) { + return 0; +diff --git a/sapi/fpm/php-fpm.conf.in b/sapi/fpm/php-fpm.conf.in +index 1e70f2c..9205d42 100644 +--- a/sapi/fpm/php-fpm.conf.in ++++ b/sapi/fpm/php-fpm.conf.in +@@ -166,10 +166,10 @@ listen = 127.0.0.1:9000 + ; permissions must be set in order to allow connections from a web server. Many + ; BSD-derived systems allow connections regardless of permissions. + ; Default Values: user and group are set as the running user +-; mode is set to 0666 ++; mode is set to 0660 + ;listen.owner = @php_fpm_user@ + ;listen.group = @php_fpm_group@ +-;listen.mode = 0666 ++;listen.mode = 0660 + + ; List of ipv4 addresses of FastCGI clients which are allowed to connect. + ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +-- +1.9.3 + |