From e14dc96df9998f35879854c60e61bcb898423900 Mon Sep 17 00:00:00 2001 From: Bernd Kuhls Date: Sat, 28 Apr 2018 11:57:35 +0200 Subject: [PATCH] package/php: security bump to version 7.2.5 Changelog: http://www.php.net/ChangeLog-7.php#7.2.5 This release fixes several security-related bugs for which no CVE id's are assigned at the time of writing: https://bugs.php.net/bug.php?id=76129 https://bugs.php.net/bug.php?id=76130 https://bugs.php.net/bug.php?id=76248 https://bugs.php.net/bug.php?id=76249 Removed patch 0007, applied upstream: https://github.com/php/php-src/commit/2842aa2a078eb1cad55540b61e7edf111395150d Re-numbered patch 0009 -> 0007. Signed-off-by: Bernd Kuhls Signed-off-by: Thomas Petazzoni --- ..._compat.h-add-missing-php.h-include.patch} | 0 ...uild-empty-php_load_zend_extension_c.patch | 62 ------------------- package/php/php.hash | 2 +- package/php/php.mk | 2 +- 4 files changed, 2 insertions(+), 64 deletions(-) rename package/php/{0009-ext-xml-expat_compat.h-add-missing-php.h-include.patch => 0007-ext-xml-expat_compat.h-add-missing-php.h-include.patch} (100%) delete mode 100644 package/php/0007-main-php_ini.c-build-empty-php_load_zend_extension_c.patch diff --git a/package/php/0009-ext-xml-expat_compat.h-add-missing-php.h-include.patch b/package/php/0007-ext-xml-expat_compat.h-add-missing-php.h-include.patch similarity index 100% rename from package/php/0009-ext-xml-expat_compat.h-add-missing-php.h-include.patch rename to package/php/0007-ext-xml-expat_compat.h-add-missing-php.h-include.patch diff --git a/package/php/0007-main-php_ini.c-build-empty-php_load_zend_extension_c.patch b/package/php/0007-main-php_ini.c-build-empty-php_load_zend_extension_c.patch deleted file mode 100644 index bc5149d1d6..0000000000 --- a/package/php/0007-main-php_ini.c-build-empty-php_load_zend_extension_c.patch +++ /dev/null @@ -1,62 +0,0 @@ -From b7bbdfbcb0869b5c068143d4e27bab9eac4ae72b Mon Sep 17 00:00:00 2001 -From: Thomas Petazzoni -Date: Mon, 26 Feb 2018 19:30:55 +0100 -Subject: [PATCH] main/php_ini.c: build empty php_load_zend_extension_cb() when - !HAVE_LIBDL - -Commit 0782a7fc6314c8bd3cbfd57f12d0479bf9cc8dc7 ("Fixed bug #74866 -extension_dir = "./ext" now use current directory for base") modified -the php_load_zend_extension_cb() function to use php_load_shlib(), and -pass a handle to the newly introduced zend_load_extension_handle() -function instead of passing the extension path to -zend_load_extension(). - -While doing so, it introduced a call to php_load_shlib() from code -that is built even when HAVE_LIBDL is not defined. However, -php_load_shlib() is not implemented when HAVE_LIBDL is not defined, -for obvious reasons. - -It turns out that zend_load_extension_handle() anyway doesn't do -anything when ZEND_EXTENSIONS_SUPPORT is defined to 0, and -ZEND_EXTENSIONS_SUPPORT is not defined when HAVE_LIBDL is not defined -(Zend/zend_portability.h). - -Fixes the following build failure when building on a system that -doesn't have libdl: - -main/php_ini.o: In function `php_load_zend_extension_cb': -php_ini.c:(.text+0x478): undefined reference to `php_load_shlib' -php_ini.c:(.text+0x4b0): undefined reference to `php_load_shlib' -collect2: error: ld returned 1 exit status - -Signed-off-by: Thomas Petazzoni -Upstream-status: https://github.com/php/php-src/pull/3161 ---- - main/php_ini.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/main/php_ini.c b/main/php_ini.c -index ba58eb1180..fca263e5f0 100644 ---- a/main/php_ini.c -+++ b/main/php_ini.c -@@ -350,6 +350,7 @@ static void php_load_php_extension_cb(void *arg) - - /* {{{ php_load_zend_extension_cb - */ -+#ifdef HAVE_LIBDL - static void php_load_zend_extension_cb(void *arg) - { - char *filename = *((char **) arg); -@@ -409,6 +410,9 @@ static void php_load_zend_extension_cb(void *arg) - efree(libpath); - } - } -+#else -+static void php_load_zend_extension_cb(void *arg) { } -+#endif - /* }}} */ - - /* {{{ php_init_config --- -2.14.3 - diff --git a/package/php/php.hash b/package/php/php.hash index 4cd5acaef9..4ddef44274 100644 --- a/package/php/php.hash +++ b/package/php/php.hash @@ -1,5 +1,5 @@ # From http://php.net/downloads.php -sha256 7916b1bd148ddfd46d7f8f9a517d4b09cd8a8ad9248734e7c8dd91ef17057a88 php-7.2.4.tar.xz +sha256 af70a33b3f7a51510467199b39af151333fbbe4cc21923bad9c7cf64268cddb2 php-7.2.5.tar.xz # License file sha256 00e567a8d50359d93ee1f9afdd9511277660c1e70a0cbf3229f84403aa9aebb1 LICENSE diff --git a/package/php/php.mk b/package/php/php.mk index 91756794ee..4c3a87118e 100644 --- a/package/php/php.mk +++ b/package/php/php.mk @@ -4,7 +4,7 @@ # ################################################################################ -PHP_VERSION = 7.2.4 +PHP_VERSION = 7.2.5 PHP_SITE = http://www.php.net/distributions PHP_SOURCE = php-$(PHP_VERSION).tar.xz PHP_INSTALL_STAGING = YES -- 2.39.2