All of lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH 1/1] package/php: security bump to version 7.2.5
@ 2018-04-28  9:57 Bernd Kuhls
  2018-04-28 10:33 ` Thomas Petazzoni
  2018-05-01  7:30 ` Peter Korsgaard
  0 siblings, 2 replies; 3+ messages in thread
From: Bernd Kuhls @ 2018-04-28  9:57 UTC (permalink / raw)
  To: buildroot

Changelog: http://www.php.net/ChangeLog-7.php#7.2.5

This release fixes several security-related bugs for which no CVE id's
are assigned at the time of writing:

https://bugs.php.net/bug.php?id=76129
https://bugs.php.net/bug.php?id=76130
https://bugs.php.net/bug.php?id=76248
https://bugs.php.net/bug.php?id=76249

Removed patch 0007, applied upstream:
https://github.com/php/php-src/commit/2842aa2a078eb1cad55540b61e7edf111395150d

Re-numbered patch 0009 -> 0007.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
 ...expat_compat.h-add-missing-php.h-include.patch} |  0
 ...i.c-build-empty-php_load_zend_extension_c.patch | 62 ----------------------
 package/php/php.hash                               |  2 +-
 package/php/php.mk                                 |  2 +-
 4 files changed, 2 insertions(+), 64 deletions(-)
 rename package/php/{0009-ext-xml-expat_compat.h-add-missing-php.h-include.patch => 0007-ext-xml-expat_compat.h-add-missing-php.h-include.patch} (100%)
 delete mode 100644 package/php/0007-main-php_ini.c-build-empty-php_load_zend_extension_c.patch

diff --git a/package/php/0009-ext-xml-expat_compat.h-add-missing-php.h-include.patch b/package/php/0007-ext-xml-expat_compat.h-add-missing-php.h-include.patch
similarity index 100%
rename from package/php/0009-ext-xml-expat_compat.h-add-missing-php.h-include.patch
rename to package/php/0007-ext-xml-expat_compat.h-add-missing-php.h-include.patch
diff --git a/package/php/0007-main-php_ini.c-build-empty-php_load_zend_extension_c.patch b/package/php/0007-main-php_ini.c-build-empty-php_load_zend_extension_c.patch
deleted file mode 100644
index bc5149d1d6..0000000000
--- a/package/php/0007-main-php_ini.c-build-empty-php_load_zend_extension_c.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From b7bbdfbcb0869b5c068143d4e27bab9eac4ae72b Mon Sep 17 00:00:00 2001
-From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
-Date: Mon, 26 Feb 2018 19:30:55 +0100
-Subject: [PATCH] main/php_ini.c: build empty php_load_zend_extension_cb() when
- !HAVE_LIBDL
-
-Commit 0782a7fc6314c8bd3cbfd57f12d0479bf9cc8dc7 ("Fixed bug #74866
-extension_dir = "./ext" now use current directory for base") modified
-the php_load_zend_extension_cb() function to use php_load_shlib(), and
-pass a handle to the newly introduced zend_load_extension_handle()
-function instead of passing the extension path to
-zend_load_extension().
-
-While doing so, it introduced a call to php_load_shlib() from code
-that is built even when HAVE_LIBDL is not defined. However,
-php_load_shlib() is not implemented when HAVE_LIBDL is not defined,
-for obvious reasons.
-
-It turns out that zend_load_extension_handle() anyway doesn't do
-anything when ZEND_EXTENSIONS_SUPPORT is defined to 0, and
-ZEND_EXTENSIONS_SUPPORT is not defined when HAVE_LIBDL is not defined
-(Zend/zend_portability.h).
-
-Fixes the following build failure when building on a system that
-doesn't have libdl:
-
-main/php_ini.o: In function `php_load_zend_extension_cb':
-php_ini.c:(.text+0x478): undefined reference to `php_load_shlib'
-php_ini.c:(.text+0x4b0): undefined reference to `php_load_shlib'
-collect2: error: ld returned 1 exit status
-
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
-Upstream-status: https://github.com/php/php-src/pull/3161
----
- main/php_ini.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/main/php_ini.c b/main/php_ini.c
-index ba58eb1180..fca263e5f0 100644
---- a/main/php_ini.c
-+++ b/main/php_ini.c
-@@ -350,6 +350,7 @@ static void php_load_php_extension_cb(void *arg)
- 
- /* {{{ php_load_zend_extension_cb
-  */
-+#ifdef HAVE_LIBDL
- static void php_load_zend_extension_cb(void *arg)
- {
- 	char *filename = *((char **) arg);
-@@ -409,6 +410,9 @@ static void php_load_zend_extension_cb(void *arg)
- 		efree(libpath);
- 	}
- }
-+#else
-+static void php_load_zend_extension_cb(void *arg) { }
-+#endif
- /* }}} */
- 
- /* {{{ php_init_config
--- 
-2.14.3
-
diff --git a/package/php/php.hash b/package/php/php.hash
index 4cd5acaef9..4ddef44274 100644
--- a/package/php/php.hash
+++ b/package/php/php.hash
@@ -1,5 +1,5 @@
 # From http://php.net/downloads.php
-sha256 7916b1bd148ddfd46d7f8f9a517d4b09cd8a8ad9248734e7c8dd91ef17057a88  php-7.2.4.tar.xz
+sha256 af70a33b3f7a51510467199b39af151333fbbe4cc21923bad9c7cf64268cddb2  php-7.2.5.tar.xz
 
 # License file
 sha256 00e567a8d50359d93ee1f9afdd9511277660c1e70a0cbf3229f84403aa9aebb1  LICENSE
diff --git a/package/php/php.mk b/package/php/php.mk
index 91756794ee..4c3a87118e 100644
--- a/package/php/php.mk
+++ b/package/php/php.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-PHP_VERSION = 7.2.4
+PHP_VERSION = 7.2.5
 PHP_SITE = http://www.php.net/distributions
 PHP_SOURCE = php-$(PHP_VERSION).tar.xz
 PHP_INSTALL_STAGING = YES
-- 
2.14.2

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 1/1] package/php: security bump to version 7.2.5
  2018-04-28  9:57 [Buildroot] [PATCH 1/1] package/php: security bump to version 7.2.5 Bernd Kuhls
@ 2018-04-28 10:33 ` Thomas Petazzoni
  2018-05-01  7:30 ` Peter Korsgaard
  1 sibling, 0 replies; 3+ messages in thread
From: Thomas Petazzoni @ 2018-04-28 10:33 UTC (permalink / raw)
  To: buildroot

Hello,

On Sat, 28 Apr 2018 11:57:35 +0200, Bernd Kuhls wrote:
> Changelog: http://www.php.net/ChangeLog-7.php#7.2.5
> 
> This release fixes several security-related bugs for which no CVE id's
> are assigned at the time of writing:
> 
> https://bugs.php.net/bug.php?id=76129
> https://bugs.php.net/bug.php?id=76130
> https://bugs.php.net/bug.php?id=76248
> https://bugs.php.net/bug.php?id=76249
> 
> Removed patch 0007, applied upstream:
> https://github.com/php/php-src/commit/2842aa2a078eb1cad55540b61e7edf111395150d
> 
> Re-numbered patch 0009 -> 0007.
> 
> Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
> ---
>  ...expat_compat.h-add-missing-php.h-include.patch} |  0
>  ...i.c-build-empty-php_load_zend_extension_c.patch | 62 ----------------------
>  package/php/php.hash                               |  2 +-
>  package/php/php.mk                                 |  2 +-
>  4 files changed, 2 insertions(+), 64 deletions(-)
>  rename package/php/{0009-ext-xml-expat_compat.h-add-missing-php.h-include.patch => 0007-ext-xml-expat_compat.h-add-missing-php.h-include.patch} (100%)
>  delete mode 100644 package/php/0007-main-php_ini.c-build-empty-php_load_zend_extension_c.patch

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin (formerly Free Electrons)
Embedded Linux and Kernel engineering
https://bootlin.com

^ permalink raw reply	[flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 1/1] package/php: security bump to version 7.2.5
  2018-04-28  9:57 [Buildroot] [PATCH 1/1] package/php: security bump to version 7.2.5 Bernd Kuhls
  2018-04-28 10:33 ` Thomas Petazzoni
@ 2018-05-01  7:30 ` Peter Korsgaard
  1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2018-05-01  7:30 UTC (permalink / raw)
  To: buildroot

>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls@t-online.de> writes:

 > Changelog: http://www.php.net/ChangeLog-7.php#7.2.5
 > This release fixes several security-related bugs for which no CVE id's
 > are assigned at the time of writing:

 > https://bugs.php.net/bug.php?id=76129
 > https://bugs.php.net/bug.php?id=76130
 > https://bugs.php.net/bug.php?id=76248
 > https://bugs.php.net/bug.php?id=76249

 > Removed patch 0007, applied upstream:
 > https://github.com/php/php-src/commit/2842aa2a078eb1cad55540b61e7edf111395150d

 > Re-numbered patch 0009 -> 0007.

 > Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>

Committed to 2018.02.x, thanks.

-- 
Bye, Peter Korsgaard

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-05-01  7:30 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-04-28  9:57 [Buildroot] [PATCH 1/1] package/php: security bump to version 7.2.5 Bernd Kuhls
2018-04-28 10:33 ` Thomas Petazzoni
2018-05-01  7:30 ` Peter Korsgaard

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.