[Lunar-commits] <moonbase> php5: updated to 5.2.17 critical security fix This release resolves a critical issue, reported as PHP bug #53632 and CVE-2010-4645, where conversions from string to double might cause the PHP interpreter to hang on systems using x87 FPU registers.

Zbigniew Luszpinski zbiggy at lunar-linux.org
Thu Jan 13 13:06:14 CET 2011 

commit e34f2503e685865bc09541b8e62ac7349cd9b73d
Author: Zbigniew Luszpinski <zbiggy at lunar-linux.org>
Date:   Thu Jan 13 12:06:14 2011 +0000

    php5: updated to 5.2.17 critical security fix
    This release resolves a critical issue,
    reported as PHP bug #53632 and CVE-2010-4645,
    where conversions from string to double might cause the PHP interpreter to hang on systems using x87 FPU registers.
    
    The problem is known to only affect x86 32-bit PHP processes, regardless of whether the system hosting PHP is 32-bit or 64-bit.
    All users of PHP are strongly advised to update to these versions immediately.
---
 compilers/php5/BUILD   |    1 +
 compilers/php5/DETAILS |    6 +++---
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/compilers/php5/BUILD b/compilers/php5/BUILD
index dd3e6e5..10c997e 100644
--- a/compilers/php5/BUILD
+++ b/compilers/php5/BUILD
@@ -19,6 +19,7 @@
   fi
 
   # sedit "s:^:#include <errno.h>\n:" ext/mysql/libmysql/mysys_err.h &&
+  sedit 's/__GMP_BITS_PER_MP_LIMB/GMP_LIMB_BITS/' ext/gmp/gmp.c &&
 
   verbose_msg "OPTS=$OPTS" &&
 
diff --git a/compilers/php5/DETAILS b/compilers/php5/DETAILS
index 457853a..ae906e9 100644
--- a/compilers/php5/DETAILS
+++ b/compilers/php5/DETAILS
@@ -1,5 +1,5 @@
           MODULE=php5
-         VERSION=5.2.13
+         VERSION=5.2.17
           SOURCE=php-$VERSION.tar.bz2
 SOURCE_DIRECTORY=$BUILD_DIRECTORY/php-$VERSION
    SOURCE_URL[0]=http://www.php.net/distributions
@@ -9,10 +9,10 @@ SOURCE_DIRECTORY=$BUILD_DIRECTORY/php-$VERSION
    SOURCE_URL[4]=http://nl.php.net/distributions
    SOURCE_URL[5]=http://de.php.net/distributions
    SOURCE_URL[6]=http://fr.php.net/distributions
-      SOURCE_VFY=sha1:7127a21f1b493e3cd43f45cadecdb46b623eb1fb
+      SOURCE_VFY=sha1:d68f3b09f766990d815a3c4c63c157db8dab8095
         WEB_SITE=http://www.php.net
          ENTERED=20040919
-         UPDATED=20100304
+         UPDATED=20110113
            SHORT="PHP: Hypertext Processor scripting language"
 
 cat << EOF

More information about the Lunar-commits mailing list