[oe] [meta-oe][dizzy]PATCH] php5: update to later minor version 5.4.36
Otavio Salvador
otavio at ossystems.com.br
Mon Jan 12 13:23:11 UTC 2015
Yes. I am fine with those changes.
Those also fix some issues people where having using the RPM backend
with the generated PHP package, it seems. So please, go ahead.
On Mon, Jan 12, 2015 at 10:30 AM, Armin Kuster <akuster808 at gmail.com> wrote:
> Dizzy is missing several CVE's and upgrading to a later version within the same
> series seems reasonable since most changes are bugfixes or Security releated.
>
> if you are ok with this approach, please Ack and I will stage this with the next series of updates I am working on.
>
> - armin
>
> 18-Dec-2014
> Core:
> Upgraded crypt_blowfish to version 1.3.
> Fixed bug #68545 (NULL pointer dereference in unserialize.c).
> Fixed bug #68594 (Use after free vulnerability in unserialize()). (CVE-2014-8142)
>
> Mcrypt:
> Fixed possible read after end of buffer and use after free.
>
> 13 Nov 2014
> Core:
> Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in zend_hash_copy).
> Fileinfo:
> Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers). (CVE-2014-3710)
> GMP:
> Fixed bug #63595 (GMP memory management conflicts with other libraries using GMP).
> PDO_pgsql:
> Fixed bug #66584 (Segmentation fault on statement deallocation).
>
> 16 Oct 2014
> Fileinfo:
> Fixed bug #66242 (libmagic: don't assume char is signed).
> Core:
> Fixed bug #67985 (Incorrect last used array index copied to new array after unset).
> Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)). (CVE-2014-3669)
> cURL:
> Fixed bug #68089 (NULL byte injection - cURL lib).
> EXIF:
> Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670)
> OpenSSL:
> Reverted fixes for bug #41631, due to regressions.
> XMLRPC:
> Fixed bug #68027 (Global buffer overflow in mkgmtime() function). (CVE-2014-3668)
>
> Signed-off-by: Armin Kuster <akuster808 at gmail.com>
> ---
> meta-oe/recipes-devtools/php/{php_5.4.33.bb => php_5.4.36.bb} | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
> rename meta-oe/recipes-devtools/php/{php_5.4.33.bb => php_5.4.36.bb} (97%)
>
> diff --git a/meta-oe/recipes-devtools/php/php_5.4.33.bb b/meta-oe/recipes-devtools/php/php_5.4.36.bb
> similarity index 97%
> rename from meta-oe/recipes-devtools/php/php_5.4.33.bb
> rename to meta-oe/recipes-devtools/php/php_5.4.36.bb
> index 6fdfe0f..43c7736 100644
> --- a/meta-oe/recipes-devtools/php/php_5.4.33.bb
> +++ b/meta-oe/recipes-devtools/php/php_5.4.36.bb
> @@ -30,8 +30,8 @@ SRC_URI_append_class-target += " \
> file://php-fpm-apache.conf \
> "
>
> -SRC_URI[md5sum] = "c6878bb1cdb46bfc1e1a5cd67a024737"
> -SRC_URI[sha256sum] = "1a75b2d0835e74b8886cd3980d9598a0e06691441bb7f91d19b74c2278e40bb5"
> +SRC_URI[md5sum] = "70e223be4bb460e465b7a9d7cb5b9cac"
> +SRC_URI[sha256sum] = "b0951608c3e8afb978a624c7f79a889980210f5258f666c1d997bd6491e13241"
>
> S = "${WORKDIR}/php-${PV}"
>
> --
> 1.9.1
>
--
Otavio Salvador O.S. Systems
http://www.ossystems.com.br http://code.ossystems.com.br
Mobile: +55 (53) 9981-7854 Mobile: +1 (347) 903-9750
More information about the Openembedded-devel
mailing list