* [Buildroot] [PATCH 1/1] package/php: security bump to version 7.2.5
@ 2018-04-28 9:57 Bernd Kuhls
2018-04-28 10:33 ` Thomas Petazzoni
2018-05-01 7:30 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Bernd Kuhls @ 2018-04-28 9:57 UTC (permalink / raw)
To: buildroot
Changelog: http://www.php.net/ChangeLog-7.php#7.2.5
This release fixes several security-related bugs for which no CVE id's
are assigned at the time of writing:
https://bugs.php.net/bug.php?id=76129
https://bugs.php.net/bug.php?id=76130
https://bugs.php.net/bug.php?id=76248
https://bugs.php.net/bug.php?id=76249
Removed patch 0007, applied upstream:
https://github.com/php/php-src/commit/2842aa2a078eb1cad55540b61e7edf111395150d
Re-numbered patch 0009 -> 0007.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
...expat_compat.h-add-missing-php.h-include.patch} | 0
...i.c-build-empty-php_load_zend_extension_c.patch | 62 ----------------------
package/php/php.hash | 2 +-
package/php/php.mk | 2 +-
4 files changed, 2 insertions(+), 64 deletions(-)
rename package/php/{0009-ext-xml-expat_compat.h-add-missing-php.h-include.patch => 0007-ext-xml-expat_compat.h-add-missing-php.h-include.patch} (100%)
delete mode 100644 package/php/0007-main-php_ini.c-build-empty-php_load_zend_extension_c.patch
diff --git a/package/php/0009-ext-xml-expat_compat.h-add-missing-php.h-include.patch b/package/php/0007-ext-xml-expat_compat.h-add-missing-php.h-include.patch
similarity index 100%
rename from package/php/0009-ext-xml-expat_compat.h-add-missing-php.h-include.patch
rename to package/php/0007-ext-xml-expat_compat.h-add-missing-php.h-include.patch
diff --git a/package/php/0007-main-php_ini.c-build-empty-php_load_zend_extension_c.patch b/package/php/0007-main-php_ini.c-build-empty-php_load_zend_extension_c.patch
deleted file mode 100644
index bc5149d1d6..0000000000
--- a/package/php/0007-main-php_ini.c-build-empty-php_load_zend_extension_c.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From b7bbdfbcb0869b5c068143d4e27bab9eac4ae72b Mon Sep 17 00:00:00 2001
-From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
-Date: Mon, 26 Feb 2018 19:30:55 +0100
-Subject: [PATCH] main/php_ini.c: build empty php_load_zend_extension_cb() when
- !HAVE_LIBDL
-
-Commit 0782a7fc6314c8bd3cbfd57f12d0479bf9cc8dc7 ("Fixed bug #74866
-extension_dir = "./ext" now use current directory for base") modified
-the php_load_zend_extension_cb() function to use php_load_shlib(), and
-pass a handle to the newly introduced zend_load_extension_handle()
-function instead of passing the extension path to
-zend_load_extension().
-
-While doing so, it introduced a call to php_load_shlib() from code
-that is built even when HAVE_LIBDL is not defined. However,
-php_load_shlib() is not implemented when HAVE_LIBDL is not defined,
-for obvious reasons.
-
-It turns out that zend_load_extension_handle() anyway doesn't do
-anything when ZEND_EXTENSIONS_SUPPORT is defined to 0, and
-ZEND_EXTENSIONS_SUPPORT is not defined when HAVE_LIBDL is not defined
-(Zend/zend_portability.h).
-
-Fixes the following build failure when building on a system that
-doesn't have libdl:
-
-main/php_ini.o: In function `php_load_zend_extension_cb':
-php_ini.c:(.text+0x478): undefined reference to `php_load_shlib'
-php_ini.c:(.text+0x4b0): undefined reference to `php_load_shlib'
-collect2: error: ld returned 1 exit status
-
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
-Upstream-status: https://github.com/php/php-src/pull/3161
----
- main/php_ini.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/main/php_ini.c b/main/php_ini.c
-index ba58eb1180..fca263e5f0 100644
---- a/main/php_ini.c
-+++ b/main/php_ini.c
-@@ -350,6 +350,7 @@ static void php_load_php_extension_cb(void *arg)
-
- /* {{{ php_load_zend_extension_cb
- */
-+#ifdef HAVE_LIBDL
- static void php_load_zend_extension_cb(void *arg)
- {
- char *filename = *((char **) arg);
-@@ -409,6 +410,9 @@ static void php_load_zend_extension_cb(void *arg)
- efree(libpath);
- }
- }
-+#else
-+static void php_load_zend_extension_cb(void *arg) { }
-+#endif
- /* }}} */
-
- /* {{{ php_init_config
---
-2.14.3
-
diff --git a/package/php/php.hash b/package/php/php.hash
index 4cd5acaef9..4ddef44274 100644
--- a/package/php/php.hash
+++ b/package/php/php.hash
@@ -1,5 +1,5 @@
# From http://php.net/downloads.php
-sha256 7916b1bd148ddfd46d7f8f9a517d4b09cd8a8ad9248734e7c8dd91ef17057a88 php-7.2.4.tar.xz
+sha256 af70a33b3f7a51510467199b39af151333fbbe4cc21923bad9c7cf64268cddb2 php-7.2.5.tar.xz
# License file
sha256 00e567a8d50359d93ee1f9afdd9511277660c1e70a0cbf3229f84403aa9aebb1 LICENSE
diff --git a/package/php/php.mk b/package/php/php.mk
index 91756794ee..4c3a87118e 100644
--- a/package/php/php.mk
+++ b/package/php/php.mk
@@ -4,7 +4,7 @@
#
################################################################################
-PHP_VERSION = 7.2.4
+PHP_VERSION = 7.2.5
PHP_SITE = http://www.php.net/distributions
PHP_SOURCE = php-$(PHP_VERSION).tar.xz
PHP_INSTALL_STAGING = YES
--
2.14.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 1/1] package/php: security bump to version 7.2.5
2018-04-28 9:57 [Buildroot] [PATCH 1/1] package/php: security bump to version 7.2.5 Bernd Kuhls
@ 2018-04-28 10:33 ` Thomas Petazzoni
2018-05-01 7:30 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Thomas Petazzoni @ 2018-04-28 10:33 UTC (permalink / raw)
To: buildroot
Hello,
On Sat, 28 Apr 2018 11:57:35 +0200, Bernd Kuhls wrote:
> Changelog: http://www.php.net/ChangeLog-7.php#7.2.5
>
> This release fixes several security-related bugs for which no CVE id's
> are assigned at the time of writing:
>
> https://bugs.php.net/bug.php?id=76129
> https://bugs.php.net/bug.php?id=76130
> https://bugs.php.net/bug.php?id=76248
> https://bugs.php.net/bug.php?id=76249
>
> Removed patch 0007, applied upstream:
> https://github.com/php/php-src/commit/2842aa2a078eb1cad55540b61e7edf111395150d
>
> Re-numbered patch 0009 -> 0007.
>
> Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
> ---
> ...expat_compat.h-add-missing-php.h-include.patch} | 0
> ...i.c-build-empty-php_load_zend_extension_c.patch | 62 ----------------------
> package/php/php.hash | 2 +-
> package/php/php.mk | 2 +-
> 4 files changed, 2 insertions(+), 64 deletions(-)
> rename package/php/{0009-ext-xml-expat_compat.h-add-missing-php.h-include.patch => 0007-ext-xml-expat_compat.h-add-missing-php.h-include.patch} (100%)
> delete mode 100644 package/php/0007-main-php_ini.c-build-empty-php_load_zend_extension_c.patch
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin (formerly Free Electrons)
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 1/1] package/php: security bump to version 7.2.5
2018-04-28 9:57 [Buildroot] [PATCH 1/1] package/php: security bump to version 7.2.5 Bernd Kuhls
2018-04-28 10:33 ` Thomas Petazzoni
@ 2018-05-01 7:30 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2018-05-01 7:30 UTC (permalink / raw)
To: buildroot
>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls@t-online.de> writes:
> Changelog: http://www.php.net/ChangeLog-7.php#7.2.5
> This release fixes several security-related bugs for which no CVE id's
> are assigned at the time of writing:
> https://bugs.php.net/bug.php?id=76129
> https://bugs.php.net/bug.php?id=76130
> https://bugs.php.net/bug.php?id=76248
> https://bugs.php.net/bug.php?id=76249
> Removed patch 0007, applied upstream:
> https://github.com/php/php-src/commit/2842aa2a078eb1cad55540b61e7edf111395150d
> Re-numbered patch 0009 -> 0007.
> Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Committed to 2018.02.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-05-01 7:30 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-04-28 9:57 [Buildroot] [PATCH 1/1] package/php: security bump to version 7.2.5 Bernd Kuhls
2018-04-28 10:33 ` Thomas Petazzoni
2018-05-01 7:30 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.