From mboxrd@z Thu Jan 1 00:00:00 1970 From: aduskett at gmail.com Date: Sat, 19 Jan 2019 16:29:34 -0500 Subject: [Buildroot] [PATCH 1/1] php: security bump to 7.3.1 Message-ID: <20190119212934.85216-1-aduskett@gmail.com> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: buildroot@busybox.net From: Adam Duskett Fixes the following security issue: - CVE-2018-19935: Allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function. https://www.cvedetails.com/cve/CVE-2018-19935/ Signed-off-by: Adam Duskett --- package/php/php.hash | 2 +- package/php/php.mk | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package/php/php.hash b/package/php/php.hash index c1c6e8c3e9..2cb89e0366 100644 --- a/package/php/php.hash +++ b/package/php/php.hash @@ -1,5 +1,5 @@ # From http://php.net/downloads.php -sha256 7d195cad55af8b288c3919c67023a14ff870a73e3acc2165a6d17a4850a560b5 php-7.3.0.tar.xz +sha256 cfe93e40be0350cd53c4a579f52fe5d8faf9c6db047f650a4566a2276bf33362 php-7.3.1.tar.xz # License file sha256 f689b8fa63bea7950ce6a21bf52ed88ea0d77673ee76e6de12f51191174d91b8 LICENSE diff --git a/package/php/php.mk b/package/php/php.mk index 7d7d78353b..be7e9b3c89 100644 --- a/package/php/php.mk +++ b/package/php/php.mk @@ -4,7 +4,7 @@ # ################################################################################ -PHP_VERSION = 7.3.0 +PHP_VERSION = 7.3.1 PHP_SITE = http://www.php.net/distributions PHP_SOURCE = php-$(PHP_VERSION).tar.xz PHP_INSTALL_STAGING = YES @@ -243,9 +243,9 @@ endef PHP_POST_CONFIGURE_HOOKS += PHP_DISABLE_VALGRIND ### Use external PCRE if it's available -ifeq ($(BR2_PACKAGE_PCRE),y) -PHP_CONF_OPTS += --with-pcre-regex -PHP_DEPENDENCIES += pcre +ifeq ($(BR2_PACKAGE_PCRE2),y) +PHP_CONF_OPTS += --with-pcre-regex=$(STAGING_DIR)/usr +PHP_DEPENDENCIES += pcre2 else # The bundled pcre library is not configurable through ./configure options, # and by default is configured to be thread-safe, so it wants pthreads. So -- 2.20.1