diff options
-rw-r--r-- | php-5.5.10-leak.patch | 25 | ||||
-rw-r--r-- | php-5.5.10-pcre834.patch | 55 | ||||
-rw-r--r-- | php55.spec | 43 |
3 files changed, 113 insertions, 10 deletions
diff --git a/php-5.5.10-leak.patch b/php-5.5.10-leak.patch new file mode 100644 index 0000000..5c8e9dc --- /dev/null +++ b/php-5.5.10-leak.patch @@ -0,0 +1,25 @@ +From 10eb0070700382f966bf260e44135e1f724a15d2 Mon Sep 17 00:00:00 2001 +From: Anatol Belski <ab@php.net> +Date: Thu, 20 Feb 2014 18:53:53 +0100 +Subject: [PATCH] fixed leak introduced after CVE/upgrade + +--- + ext/fileinfo/libmagic/softmagic.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/ext/fileinfo/libmagic/softmagic.c b/ext/fileinfo/libmagic/softmagic.c +index 7c5f628..33970e5 100644 +--- a/ext/fileinfo/libmagic/softmagic.c ++++ b/ext/fileinfo/libmagic/softmagic.c +@@ -1701,6 +1701,8 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m, + return -1; + if (file_printf(ms, "%s", rbuf) == -1) + return -1; ++ } ++ if (rbuf) { + efree(rbuf); + } + return rv; +-- +1.8.4.3 + diff --git a/php-5.5.10-pcre834.patch b/php-5.5.10-pcre834.patch new file mode 100644 index 0000000..636d60b --- /dev/null +++ b/php-5.5.10-pcre834.patch @@ -0,0 +1,55 @@ +From ab32d36ec65c17b3f890d488d30eb3a8ba012812 Mon Sep 17 00:00:00 2001 +From: Anatol Belski <ab@php.net> +Date: Tue, 4 Feb 2014 10:34:11 +0100 +Subject: [PATCH] pcre tests go with 8.34 upgrade + +--- + ext/pcre/tests/bug37911.phpt | 2 +- + ext/pcre/tests/grep2.phpt | 10 ++++++++-- + ext/pcre/tests/match_flags3.phpt | 2 +- + 3 files changed, 10 insertions(+), 4 deletions(-) + +diff --git a/ext/pcre/tests/bug37911.phpt b/ext/pcre/tests/bug37911.phpt +index f788119..2b7481a 100644 +--- a/ext/pcre/tests/bug37911.phpt ++++ b/ext/pcre/tests/bug37911.phpt +@@ -37,5 +37,5 @@ array(3) { + string(4) "blub" + } + +-Warning: preg_replace_callback(): Numeric named subpatterns are not allowed in %sbug37911.php on line 14 ++Warning: preg_replace_callback(): Compilation failed: group name must start with a non-digit at offset %d in %sbug37911.php on line %d + NULL +diff --git a/ext/pcre/tests/grep2.phpt b/ext/pcre/tests/grep2.phpt +index 0cf8d4a..1a8476c 100644 +--- a/ext/pcre/tests/grep2.phpt ++++ b/ext/pcre/tests/grep2.phpt +@@ -40,6 +40,12 @@ array(1) { + string(1) "1" + } + bool(true) +-array(0) { ++array(3) { ++ [5]=> ++ string(1) "a" ++ ["xyz"]=> ++ string(2) "q6" ++ [6]=> ++ string(3) "h20" + } +-bool(true) ++bool(false) +diff --git a/ext/pcre/tests/match_flags3.phpt b/ext/pcre/tests/match_flags3.phpt +index f22205e..84deb0b 100644 +--- a/ext/pcre/tests/match_flags3.phpt ++++ b/ext/pcre/tests/match_flags3.phpt +@@ -42,5 +42,5 @@ array(1) { + } + } + +-Warning: preg_match(): Numeric named subpatterns are not allowed in %smatch_flags3.php on line 14 ++Warning: preg_match(): Compilation failed: group name must start with a non-digit at offset %d in %smatch_flags3.php on line %d + bool(false) +-- +1.8.4.3 + @@ -36,6 +36,12 @@ # Build mysql/mysqli/pdo extensions using libmysqlclient or only mysqlnd %global with_libmysql 0 +%if 0%{?fedora} >= 17 || 0%{?rhel} >= 7 +%global with_libpcre 1 +%else +%global with_libpcre 0 +%endif + # Build ZTS extension or only NTS %global with_zts 1 @@ -108,7 +114,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: php Version: 5.5.10 %if 0%{?snapdate:1}%{?rcver:1} -Release: 0.1.%{?snapdate}%{?rcver}%{?dist} +Release: 0.2.%{?snapdate}%{?rcver}%{?dist} %else Release: 1%{?dist} %endif @@ -170,11 +176,14 @@ Patch47: php-5.4.9-phpinfo.patch # RC Patch Patch91: php-5.3.7-oci8conf.patch -# Upstream fixes +# Upstream fixes (100+) +Patch101: php-5.5.10-leak.patch -# Security fixes +# Security fixes (200+) -# Fixes for tests +# Fixes for tests (300+) +# Revert change for pcre 8.34 +Patch301: php-5.5.10-pcre834.patch # WIP @@ -190,8 +199,8 @@ BuildRequires: sqlite-devel >= 3.6.0 BuildRequires: sqlite-devel >= 3.0.0 %endif BuildRequires: zlib-devel, smtpdaemon, libedit-devel -%if 0%{?fedora} >= 14 || 0%{?rhel} >= 7 -BuildRequires: pcre-devel >= 8.10 +%if %{with_libpcre} +BuildRequires: pcre-devel >= 8.20 %endif BuildRequires: bzip2, perl, libtool >= 1.4.3, gcc-c++ BuildRequires: libtool-ltdl-devel @@ -352,7 +361,7 @@ package and the php-cli package. Group: Development/Libraries Summary: Files needed for building PHP extensions Requires: php-cli%{?_isa} = %{version}-%{release}, autoconf, automake -%if 0%{?fedora} >= 14 || 0%{?rhel} >= 7 +%if %{with_libpcre} Requires: pcre-devel%{?_isa} %endif Obsoletes: php-pecl-pdo-devel @@ -866,7 +875,7 @@ rm -rf ext/json %patch21 -p1 -b .odbctimer %patch40 -p1 -b .dlopen -%if 0%{?fedora} >= 18 || 0%{?rhel} >= 5 +%if 0%{?fedora} >= 19 || 0%{?rhel} >= 5 %patch42 -p1 -b .systzdata %endif %patch43 -p1 -b .headers @@ -882,9 +891,18 @@ rm -rf ext/json %patch91 -p1 -b .remi-oci8 # upstream patches +%patch101 -p1 -b .memleak # security patches +# Fixes for tests +%if %{with_libpcre} +%if 0%{?fedora} < 21 +# Only apply when system libpcre < 8.34 +%patch301 -p1 -R -b .pcre84 +%endif +%endif + # WIP patch # Prevent %%doc confusion over LICENSE files @@ -1060,14 +1078,14 @@ ln -sf ../configure --without-gdbm \ --with-jpeg-dir=%{_prefix} \ --with-openssl \ -%if 0%{?fedora} >= 14 || 0%{?rhel} >= 7 +%if %{with_libpcre} --with-pcre-regex=%{_prefix} \ %endif --with-zlib \ --with-layout=GNU \ --with-kerberos \ --with-libxml-dir=%{_prefix} \ -%if 0%{?fedora} >= 18 || 0%{?rhel} >= 5 +%if 0%{?fedora} >= 19 || 0%{?rhel} >= 5 --with-system-tzdata \ %endif --with-mhash \ @@ -1859,6 +1877,11 @@ fi %changelog +* Fri Feb 21 2014 Remi Collet <rcollet@redhat.com> 5.5.10-0.2.RC1 +- another test build of 5.5.10RC1 +- fix memleak in fileinfo ext +- revert test changes for pcre 8.34 + * Thu Feb 20 2014 Remi Collet <rcollet@redhat.com> 5.5.10-0.1.RC1 - test build of 5.5.10RC1 |