From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH 1/1] php: security bump to 7.3.1
Date: Sat, 19 Jan 2019 22:36:22 +0100 [thread overview]
Message-ID: <87imyk1ga1.fsf@dell.be.48ers.dk> (raw)
In-Reply-To: <20190119212934.85216-1-aduskett@gmail.com> (aduskett@gmail.com's message of "Sat, 19 Jan 2019 16:29:34 -0500")
>>>>> "aduskett" == aduskett <aduskett@gmail.com> writes:
> From: Adam Duskett <Aduskett@gmail.com>
> Fixes the following security issue:
> - CVE-2018-19935: Allows remote attackers to cause a denial of service
> (NULL pointer dereference and application crash) via an empty string in the
> message argument to the imap_mail function.
> https://www.cvedetails.com/cve/CVE-2018-19935/
> Signed-off-by: Adam Duskett <Aduskett@gmail.com>
> ---
> package/php/php.hash | 2 +-
> package/php/php.mk | 8 ++++----
> 2 files changed, 5 insertions(+), 5 deletions(-)
> diff --git a/package/php/php.hash b/package/php/php.hash
> index c1c6e8c3e9..2cb89e0366 100644
> --- a/package/php/php.hash
> +++ b/package/php/php.hash
> @@ -1,5 +1,5 @@
> # From http://php.net/downloads.php
> -sha256 7d195cad55af8b288c3919c67023a14ff870a73e3acc2165a6d17a4850a560b5 php-7.3.0.tar.xz
> +sha256 cfe93e40be0350cd53c4a579f52fe5d8faf9c6db047f650a4566a2276bf33362 php-7.3.1.tar.xz
> # License file
> sha256 f689b8fa63bea7950ce6a21bf52ed88ea0d77673ee76e6de12f51191174d91b8 LICENSE
> diff --git a/package/php/php.mk b/package/php/php.mk
> index 7d7d78353b..be7e9b3c89 100644
> --- a/package/php/php.mk
> +++ b/package/php/php.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
> -PHP_VERSION = 7.3.0
> +PHP_VERSION = 7.3.1
> PHP_SITE = http://www.php.net/distributions
> PHP_SOURCE = php-$(PHP_VERSION).tar.xz
> PHP_INSTALL_STAGING = YES
> @@ -243,9 +243,9 @@ endef
> PHP_POST_CONFIGURE_HOOKS += PHP_DISABLE_VALGRIND
> ### Use external PCRE if it's available
> -ifeq ($(BR2_PACKAGE_PCRE),y)
> -PHP_CONF_OPTS += --with-pcre-regex
> -PHP_DEPENDENCIES += pcre
> +ifeq ($(BR2_PACKAGE_PCRE2),y)
> +PHP_CONF_OPTS += --with-pcre-regex=$(STAGING_DIR)/usr
> +PHP_DEPENDENCIES += pcre2
The pcre2 changes should not be part of the version bump. Committed with
that dropped, thanks.
--
Bye, Peter Korsgaard
next prev parent reply other threads:[~2019-01-19 21:36 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-19 21:29 [Buildroot] [PATCH 1/1] php: security bump to 7.3.1 aduskett at gmail.com
2019-01-19 21:36 ` Peter Korsgaard [this message]
2019-01-29 16:27 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87imyk1ga1.fsf@dell.be.48ers.dk \
--to=peter@korsgaard.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox