[Lunar-commits] <moonbase> php5: updated to 5.2.17 critical security fix This release resolves a critical issue, reported as PHP bug #53632 and CVE-2010-4645, where conversions from string to double might cause the PHP interpreter to hang on systems using x87 FPU registers.
Zbigniew Luszpinski
zbiggy at lunar-linux.org
Thu Jan 13 13:06:14 CET 2011
commit e34f2503e685865bc09541b8e62ac7349cd9b73d
Author: Zbigniew Luszpinski <zbiggy at lunar-linux.org>
Date: Thu Jan 13 12:06:14 2011 +0000
php5: updated to 5.2.17 critical security fix
This release resolves a critical issue,
reported as PHP bug #53632 and CVE-2010-4645,
where conversions from string to double might cause the PHP interpreter to hang on systems using x87 FPU registers.
The problem is known to only affect x86 32-bit PHP processes, regardless of whether the system hosting PHP is 32-bit or 64-bit.
All users of PHP are strongly advised to update to these versions immediately.
---
compilers/php5/BUILD | 1 +
compilers/php5/DETAILS | 6 +++---
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/compilers/php5/BUILD b/compilers/php5/BUILD
index dd3e6e5..10c997e 100644
--- a/compilers/php5/BUILD
+++ b/compilers/php5/BUILD
@@ -19,6 +19,7 @@
fi
# sedit "s:^:#include <errno.h>\n:" ext/mysql/libmysql/mysys_err.h &&
+ sedit 's/__GMP_BITS_PER_MP_LIMB/GMP_LIMB_BITS/' ext/gmp/gmp.c &&
verbose_msg "OPTS=$OPTS" &&
diff --git a/compilers/php5/DETAILS b/compilers/php5/DETAILS
index 457853a..ae906e9 100644
--- a/compilers/php5/DETAILS
+++ b/compilers/php5/DETAILS
@@ -1,5 +1,5 @@
MODULE=php5
- VERSION=5.2.13
+ VERSION=5.2.17
SOURCE=php-$VERSION.tar.bz2
SOURCE_DIRECTORY=$BUILD_DIRECTORY/php-$VERSION
SOURCE_URL[0]=http://www.php.net/distributions
@@ -9,10 +9,10 @@ SOURCE_DIRECTORY=$BUILD_DIRECTORY/php-$VERSION
SOURCE_URL[4]=http://nl.php.net/distributions
SOURCE_URL[5]=http://de.php.net/distributions
SOURCE_URL[6]=http://fr.php.net/distributions
- SOURCE_VFY=sha1:7127a21f1b493e3cd43f45cadecdb46b623eb1fb
+ SOURCE_VFY=sha1:d68f3b09f766990d815a3c4c63c157db8dab8095
WEB_SITE=http://www.php.net
ENTERED=20040919
- UPDATED=20100304
+ UPDATED=20110113
SHORT="PHP: Hypertext Processor scripting language"
cat << EOF
More information about the Lunar-commits
mailing list