From: aduskett at gmail.com <aduskett@gmail.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH 1/1] php: security bump to 7.3.1
Date: Sat, 19 Jan 2019 16:29:34 -0500 [thread overview]
Message-ID: <20190119212934.85216-1-aduskett@gmail.com> (raw)
From: Adam Duskett <Aduskett@gmail.com>
Fixes the following security issue:
- CVE-2018-19935: Allows remote attackers to cause a denial of service
(NULL pointer dereference and application crash) via an empty string in the
message argument to the imap_mail function.
https://www.cvedetails.com/cve/CVE-2018-19935/
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
---
package/php/php.hash | 2 +-
package/php/php.mk | 8 ++++----
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/package/php/php.hash b/package/php/php.hash
index c1c6e8c3e9..2cb89e0366 100644
--- a/package/php/php.hash
+++ b/package/php/php.hash
@@ -1,5 +1,5 @@
# From http://php.net/downloads.php
-sha256 7d195cad55af8b288c3919c67023a14ff870a73e3acc2165a6d17a4850a560b5 php-7.3.0.tar.xz
+sha256 cfe93e40be0350cd53c4a579f52fe5d8faf9c6db047f650a4566a2276bf33362 php-7.3.1.tar.xz
# License file
sha256 f689b8fa63bea7950ce6a21bf52ed88ea0d77673ee76e6de12f51191174d91b8 LICENSE
diff --git a/package/php/php.mk b/package/php/php.mk
index 7d7d78353b..be7e9b3c89 100644
--- a/package/php/php.mk
+++ b/package/php/php.mk
@@ -4,7 +4,7 @@
#
################################################################################
-PHP_VERSION = 7.3.0
+PHP_VERSION = 7.3.1
PHP_SITE = http://www.php.net/distributions
PHP_SOURCE = php-$(PHP_VERSION).tar.xz
PHP_INSTALL_STAGING = YES
@@ -243,9 +243,9 @@ endef
PHP_POST_CONFIGURE_HOOKS += PHP_DISABLE_VALGRIND
### Use external PCRE if it's available
-ifeq ($(BR2_PACKAGE_PCRE),y)
-PHP_CONF_OPTS += --with-pcre-regex
-PHP_DEPENDENCIES += pcre
+ifeq ($(BR2_PACKAGE_PCRE2),y)
+PHP_CONF_OPTS += --with-pcre-regex=$(STAGING_DIR)/usr
+PHP_DEPENDENCIES += pcre2
else
# The bundled pcre library is not configurable through ./configure options,
# and by default is configured to be thread-safe, so it wants pthreads. So
--
2.20.1
next reply other threads:[~2019-01-19 21:29 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-19 21:29 aduskett at gmail.com [this message]
2019-01-19 21:36 ` [Buildroot] [PATCH 1/1] php: security bump to 7.3.1 Peter Korsgaard
2019-01-29 16:27 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190119212934.85216-1-aduskett@gmail.com \
--to=aduskett@gmail.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox