* [meta-oe][dizzy]PATCH] php5: update to later minor version 5.4.36
@ 2015-01-12 12:30 Armin Kuster
2015-01-12 13:23 ` Otavio Salvador
2015-01-12 14:40 ` Martin Jansa
0 siblings, 2 replies; 4+ messages in thread
From: Armin Kuster @ 2015-01-12 12:30 UTC (permalink / raw)
To: openembedded-devel; +Cc: otavio
Dizzy is missing several CVE's and upgrading to a later version within the same
series seems reasonable since most changes are bugfixes or Security releated.
if you are ok with this approach, please Ack and I will stage this with the next series of updates I am working on.
- armin
18-Dec-2014
Core:
Upgraded crypt_blowfish to version 1.3.
Fixed bug #68545 (NULL pointer dereference in unserialize.c).
Fixed bug #68594 (Use after free vulnerability in unserialize()). (CVE-2014-8142)
Mcrypt:
Fixed possible read after end of buffer and use after free.
13 Nov 2014
Core:
Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in zend_hash_copy).
Fileinfo:
Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers). (CVE-2014-3710)
GMP:
Fixed bug #63595 (GMP memory management conflicts with other libraries using GMP).
PDO_pgsql:
Fixed bug #66584 (Segmentation fault on statement deallocation).
16 Oct 2014
Fileinfo:
Fixed bug #66242 (libmagic: don't assume char is signed).
Core:
Fixed bug #67985 (Incorrect last used array index copied to new array after unset).
Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)). (CVE-2014-3669)
cURL:
Fixed bug #68089 (NULL byte injection - cURL lib).
EXIF:
Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670)
OpenSSL:
Reverted fixes for bug #41631, due to regressions.
XMLRPC:
Fixed bug #68027 (Global buffer overflow in mkgmtime() function). (CVE-2014-3668)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta-oe/recipes-devtools/php/{php_5.4.33.bb => php_5.4.36.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta-oe/recipes-devtools/php/{php_5.4.33.bb => php_5.4.36.bb} (97%)
diff --git a/meta-oe/recipes-devtools/php/php_5.4.33.bb b/meta-oe/recipes-devtools/php/php_5.4.36.bb
similarity index 97%
rename from meta-oe/recipes-devtools/php/php_5.4.33.bb
rename to meta-oe/recipes-devtools/php/php_5.4.36.bb
index 6fdfe0f..43c7736 100644
--- a/meta-oe/recipes-devtools/php/php_5.4.33.bb
+++ b/meta-oe/recipes-devtools/php/php_5.4.36.bb
@@ -30,8 +30,8 @@ SRC_URI_append_class-target += " \
file://php-fpm-apache.conf \
"
-SRC_URI[md5sum] = "c6878bb1cdb46bfc1e1a5cd67a024737"
-SRC_URI[sha256sum] = "1a75b2d0835e74b8886cd3980d9598a0e06691441bb7f91d19b74c2278e40bb5"
+SRC_URI[md5sum] = "70e223be4bb460e465b7a9d7cb5b9cac"
+SRC_URI[sha256sum] = "b0951608c3e8afb978a624c7f79a889980210f5258f666c1d997bd6491e13241"
S = "${WORKDIR}/php-${PV}"
--
1.9.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [meta-oe][dizzy]PATCH] php5: update to later minor version 5.4.36
2015-01-12 12:30 [meta-oe][dizzy]PATCH] php5: update to later minor version 5.4.36 Armin Kuster
@ 2015-01-12 13:23 ` Otavio Salvador
2015-01-12 14:40 ` Martin Jansa
1 sibling, 0 replies; 4+ messages in thread
From: Otavio Salvador @ 2015-01-12 13:23 UTC (permalink / raw)
To: Armin Kuster; +Cc: OpenEmbedded Devel List
Yes. I am fine with those changes.
Those also fix some issues people where having using the RPM backend
with the generated PHP package, it seems. So please, go ahead.
On Mon, Jan 12, 2015 at 10:30 AM, Armin Kuster <akuster808@gmail.com> wrote:
> Dizzy is missing several CVE's and upgrading to a later version within the same
> series seems reasonable since most changes are bugfixes or Security releated.
>
> if you are ok with this approach, please Ack and I will stage this with the next series of updates I am working on.
>
> - armin
>
> 18-Dec-2014
> Core:
> Upgraded crypt_blowfish to version 1.3.
> Fixed bug #68545 (NULL pointer dereference in unserialize.c).
> Fixed bug #68594 (Use after free vulnerability in unserialize()). (CVE-2014-8142)
>
> Mcrypt:
> Fixed possible read after end of buffer and use after free.
>
> 13 Nov 2014
> Core:
> Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in zend_hash_copy).
> Fileinfo:
> Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers). (CVE-2014-3710)
> GMP:
> Fixed bug #63595 (GMP memory management conflicts with other libraries using GMP).
> PDO_pgsql:
> Fixed bug #66584 (Segmentation fault on statement deallocation).
>
> 16 Oct 2014
> Fileinfo:
> Fixed bug #66242 (libmagic: don't assume char is signed).
> Core:
> Fixed bug #67985 (Incorrect last used array index copied to new array after unset).
> Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)). (CVE-2014-3669)
> cURL:
> Fixed bug #68089 (NULL byte injection - cURL lib).
> EXIF:
> Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670)
> OpenSSL:
> Reverted fixes for bug #41631, due to regressions.
> XMLRPC:
> Fixed bug #68027 (Global buffer overflow in mkgmtime() function). (CVE-2014-3668)
>
> Signed-off-by: Armin Kuster <akuster808@gmail.com>
> ---
> meta-oe/recipes-devtools/php/{php_5.4.33.bb => php_5.4.36.bb} | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
> rename meta-oe/recipes-devtools/php/{php_5.4.33.bb => php_5.4.36.bb} (97%)
>
> diff --git a/meta-oe/recipes-devtools/php/php_5.4.33.bb b/meta-oe/recipes-devtools/php/php_5.4.36.bb
> similarity index 97%
> rename from meta-oe/recipes-devtools/php/php_5.4.33.bb
> rename to meta-oe/recipes-devtools/php/php_5.4.36.bb
> index 6fdfe0f..43c7736 100644
> --- a/meta-oe/recipes-devtools/php/php_5.4.33.bb
> +++ b/meta-oe/recipes-devtools/php/php_5.4.36.bb
> @@ -30,8 +30,8 @@ SRC_URI_append_class-target += " \
> file://php-fpm-apache.conf \
> "
>
> -SRC_URI[md5sum] = "c6878bb1cdb46bfc1e1a5cd67a024737"
> -SRC_URI[sha256sum] = "1a75b2d0835e74b8886cd3980d9598a0e06691441bb7f91d19b74c2278e40bb5"
> +SRC_URI[md5sum] = "70e223be4bb460e465b7a9d7cb5b9cac"
> +SRC_URI[sha256sum] = "b0951608c3e8afb978a624c7f79a889980210f5258f666c1d997bd6491e13241"
>
> S = "${WORKDIR}/php-${PV}"
>
> --
> 1.9.1
>
--
Otavio Salvador O.S. Systems
http://www.ossystems.com.br http://code.ossystems.com.br
Mobile: +55 (53) 9981-7854 Mobile: +1 (347) 903-9750
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [meta-oe][dizzy]PATCH] php5: update to later minor version 5.4.36
2015-01-12 12:30 [meta-oe][dizzy]PATCH] php5: update to later minor version 5.4.36 Armin Kuster
2015-01-12 13:23 ` Otavio Salvador
@ 2015-01-12 14:40 ` Martin Jansa
2015-01-13 20:04 ` akuster808
1 sibling, 1 reply; 4+ messages in thread
From: Martin Jansa @ 2015-01-12 14:40 UTC (permalink / raw)
To: openembedded-devel; +Cc: otavio
[-- Attachment #1: Type: text/plain, Size: 3220 bytes --]
On Mon, Jan 12, 2015 at 04:30:34AM -0800, Armin Kuster wrote:
> Dizzy is missing several CVE's and upgrading to a later version within the same
> series seems reasonable since most changes are bugfixes or Security releated.
>
> if you are ok with this approach, please Ack and I will stage this with the next series of updates I am working on.
Looks good, except missing [ before "PATCH]" which breaks commit
subject when cherry-picking from patchwor.
>
> - armin
>
> 18-Dec-2014
> Core:
> Upgraded crypt_blowfish to version 1.3.
> Fixed bug #68545 (NULL pointer dereference in unserialize.c).
> Fixed bug #68594 (Use after free vulnerability in unserialize()). (CVE-2014-8142)
>
> Mcrypt:
> Fixed possible read after end of buffer and use after free.
>
> 13 Nov 2014
> Core:
> Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in zend_hash_copy).
> Fileinfo:
> Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers). (CVE-2014-3710)
> GMP:
> Fixed bug #63595 (GMP memory management conflicts with other libraries using GMP).
> PDO_pgsql:
> Fixed bug #66584 (Segmentation fault on statement deallocation).
>
> 16 Oct 2014
> Fileinfo:
> Fixed bug #66242 (libmagic: don't assume char is signed).
> Core:
> Fixed bug #67985 (Incorrect last used array index copied to new array after unset).
> Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)). (CVE-2014-3669)
> cURL:
> Fixed bug #68089 (NULL byte injection - cURL lib).
> EXIF:
> Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670)
> OpenSSL:
> Reverted fixes for bug #41631, due to regressions.
> XMLRPC:
> Fixed bug #68027 (Global buffer overflow in mkgmtime() function). (CVE-2014-3668)
>
> Signed-off-by: Armin Kuster <akuster808@gmail.com>
> ---
> meta-oe/recipes-devtools/php/{php_5.4.33.bb => php_5.4.36.bb} | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
> rename meta-oe/recipes-devtools/php/{php_5.4.33.bb => php_5.4.36.bb} (97%)
>
> diff --git a/meta-oe/recipes-devtools/php/php_5.4.33.bb b/meta-oe/recipes-devtools/php/php_5.4.36.bb
> similarity index 97%
> rename from meta-oe/recipes-devtools/php/php_5.4.33.bb
> rename to meta-oe/recipes-devtools/php/php_5.4.36.bb
> index 6fdfe0f..43c7736 100644
> --- a/meta-oe/recipes-devtools/php/php_5.4.33.bb
> +++ b/meta-oe/recipes-devtools/php/php_5.4.36.bb
> @@ -30,8 +30,8 @@ SRC_URI_append_class-target += " \
> file://php-fpm-apache.conf \
> "
>
> -SRC_URI[md5sum] = "c6878bb1cdb46bfc1e1a5cd67a024737"
> -SRC_URI[sha256sum] = "1a75b2d0835e74b8886cd3980d9598a0e06691441bb7f91d19b74c2278e40bb5"
> +SRC_URI[md5sum] = "70e223be4bb460e465b7a9d7cb5b9cac"
> +SRC_URI[sha256sum] = "b0951608c3e8afb978a624c7f79a889980210f5258f666c1d997bd6491e13241"
>
> S = "${WORKDIR}/php-${PV}"
>
> --
> 1.9.1
>
> --
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-devel
--
Martin 'JaMa' Jansa jabber: Martin.Jansa@gmail.com
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 188 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [meta-oe][dizzy]PATCH] php5: update to later minor version 5.4.36
2015-01-12 14:40 ` Martin Jansa
@ 2015-01-13 20:04 ` akuster808
0 siblings, 0 replies; 4+ messages in thread
From: akuster808 @ 2015-01-13 20:04 UTC (permalink / raw)
To: openembedded-devel; +Cc: otavio
On 01/12/2015 06:40 AM, Martin Jansa wrote:
> On Mon, Jan 12, 2015 at 04:30:34AM -0800, Armin Kuster wrote:
>> Dizzy is missing several CVE's and upgrading to a later version within the same
>> series seems reasonable since most changes are bugfixes or Security releated.
>>
>> if you are ok with this approach, please Ack and I will stage this with the next series of updates I am working on.
>
> Looks good, except missing [ before "PATCH]" which breaks commit
> subject when cherry-picking from patchwor.
k. thanks. I found a typo in the README, it is missing the "[" in the
patch submission example (cut&paste). I will send a fix the next time I
send patches.
kind regards,
Armin
>
>>
>> - armin
>>
>> 18-Dec-2014
>> Core:
>> Upgraded crypt_blowfish to version 1.3.
>> Fixed bug #68545 (NULL pointer dereference in unserialize.c).
>> Fixed bug #68594 (Use after free vulnerability in unserialize()). (CVE-2014-8142)
>>
>> Mcrypt:
>> Fixed possible read after end of buffer and use after free.
>>
>> 13 Nov 2014
>> Core:
>> Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in zend_hash_copy).
>> Fileinfo:
>> Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers). (CVE-2014-3710)
>> GMP:
>> Fixed bug #63595 (GMP memory management conflicts with other libraries using GMP).
>> PDO_pgsql:
>> Fixed bug #66584 (Segmentation fault on statement deallocation).
>>
>> 16 Oct 2014
>> Fileinfo:
>> Fixed bug #66242 (libmagic: don't assume char is signed).
>> Core:
>> Fixed bug #67985 (Incorrect last used array index copied to new array after unset).
>> Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)). (CVE-2014-3669)
>> cURL:
>> Fixed bug #68089 (NULL byte injection - cURL lib).
>> EXIF:
>> Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670)
>> OpenSSL:
>> Reverted fixes for bug #41631, due to regressions.
>> XMLRPC:
>> Fixed bug #68027 (Global buffer overflow in mkgmtime() function). (CVE-2014-3668)
>>
>> Signed-off-by: Armin Kuster <akuster808@gmail.com>
>> ---
>> meta-oe/recipes-devtools/php/{php_5.4.33.bb => php_5.4.36.bb} | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>> rename meta-oe/recipes-devtools/php/{php_5.4.33.bb => php_5.4.36.bb} (97%)
>>
>> diff --git a/meta-oe/recipes-devtools/php/php_5.4.33.bb b/meta-oe/recipes-devtools/php/php_5.4.36.bb
>> similarity index 97%
>> rename from meta-oe/recipes-devtools/php/php_5.4.33.bb
>> rename to meta-oe/recipes-devtools/php/php_5.4.36.bb
>> index 6fdfe0f..43c7736 100644
>> --- a/meta-oe/recipes-devtools/php/php_5.4.33.bb
>> +++ b/meta-oe/recipes-devtools/php/php_5.4.36.bb
>> @@ -30,8 +30,8 @@ SRC_URI_append_class-target += " \
>> file://php-fpm-apache.conf \
>> "
>>
>> -SRC_URI[md5sum] = "c6878bb1cdb46bfc1e1a5cd67a024737"
>> -SRC_URI[sha256sum] = "1a75b2d0835e74b8886cd3980d9598a0e06691441bb7f91d19b74c2278e40bb5"
>> +SRC_URI[md5sum] = "70e223be4bb460e465b7a9d7cb5b9cac"
>> +SRC_URI[sha256sum] = "b0951608c3e8afb978a624c7f79a889980210f5258f666c1d997bd6491e13241"
>>
>> S = "${WORKDIR}/php-${PV}"
>>
>> --
>> 1.9.1
>>
>> --
>> _______________________________________________
>> Openembedded-devel mailing list
>> Openembedded-devel@lists.openembedded.org
>> http://lists.openembedded.org/mailman/listinfo/openembedded-devel
>
>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-01-13 20:04 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-01-12 12:30 [meta-oe][dizzy]PATCH] php5: update to later minor version 5.4.36 Armin Kuster
2015-01-12 13:23 ` Otavio Salvador
2015-01-12 14:40 ` Martin Jansa
2015-01-13 20:04 ` akuster808
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.