Re: [meta-oe][dizzy]PATCH] php5: update to later minor version 5.4.36

From: Martin Jansa <martin.jansa@gmail.com>
To: openembedded-devel@lists.openembedded.org
Cc: otavio@ossystems.com.br
Subject: Re: [meta-oe][dizzy]PATCH] php5: update to later minor version 5.4.36
Date: Mon, 12 Jan 2015 15:40:28 +0100	[thread overview]
Message-ID: <20150112144028.GC2513@jama> (raw)
In-Reply-To: <1421065834-29221-1-git-send-email-akuster808@gmail.com>

[-- Attachment #1: Type: text/plain, Size: 3220 bytes --]

On Mon, Jan 12, 2015 at 04:30:34AM -0800, Armin Kuster wrote:
> Dizzy is missing several CVE's and upgrading to a later version within the same
> series seems reasonable since most changes are bugfixes or Security releated.
> 
> if you are ok with this approach, please Ack and I will stage this with the next series of updates I am working on.

Looks good, except missing [ before "PATCH]" which breaks commit
subject when cherry-picking from patchwor.

> 
> - armin
> 
> 18-Dec-2014
> Core:
>     Upgraded crypt_blowfish to version 1.3.
>     Fixed bug #68545 (NULL pointer dereference in unserialize.c).
>     Fixed bug #68594 (Use after free vulnerability in unserialize()). (CVE-2014-8142)
> 
> Mcrypt:
>     Fixed possible read after end of buffer and use after free.
> 
> 13 Nov 2014
> Core:
>     Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in zend_hash_copy).
> Fileinfo:
>     Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers). (CVE-2014-3710)
> GMP:
>     Fixed bug #63595 (GMP memory management conflicts with other libraries using GMP).
> PDO_pgsql:
>     Fixed bug #66584 (Segmentation fault on statement deallocation).
> 
> 16 Oct 2014
> Fileinfo:
>     Fixed bug #66242 (libmagic: don't assume char is signed).
> Core:
>     Fixed bug #67985 (Incorrect last used array index copied to new array after unset).
>     Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)). (CVE-2014-3669)
> cURL:
>     Fixed bug #68089 (NULL byte injection - cURL lib).
> EXIF:
>     Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670)
> OpenSSL:
>     Reverted fixes for bug #41631, due to regressions.
> XMLRPC:
>     Fixed bug #68027 (Global buffer overflow in mkgmtime() function). (CVE-2014-3668)
> 
> Signed-off-by: Armin Kuster <akuster808@gmail.com>
> ---
>  meta-oe/recipes-devtools/php/{php_5.4.33.bb => php_5.4.36.bb} | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>  rename meta-oe/recipes-devtools/php/{php_5.4.33.bb => php_5.4.36.bb} (97%)
> 
> diff --git a/meta-oe/recipes-devtools/php/php_5.4.33.bb b/meta-oe/recipes-devtools/php/php_5.4.36.bb
> similarity index 97%
> rename from meta-oe/recipes-devtools/php/php_5.4.33.bb
> rename to meta-oe/recipes-devtools/php/php_5.4.36.bb
> index 6fdfe0f..43c7736 100644
> --- a/meta-oe/recipes-devtools/php/php_5.4.33.bb
> +++ b/meta-oe/recipes-devtools/php/php_5.4.36.bb
> @@ -30,8 +30,8 @@ SRC_URI_append_class-target += " \
>              file://php-fpm-apache.conf \
>            "
>  
> -SRC_URI[md5sum] = "c6878bb1cdb46bfc1e1a5cd67a024737"
> -SRC_URI[sha256sum] = "1a75b2d0835e74b8886cd3980d9598a0e06691441bb7f91d19b74c2278e40bb5"
> +SRC_URI[md5sum] = "70e223be4bb460e465b7a9d7cb5b9cac"
> +SRC_URI[sha256sum] = "b0951608c3e8afb978a624c7f79a889980210f5258f666c1d997bd6491e13241"
>  
>  S = "${WORKDIR}/php-${PV}"
>  
> -- 
> 1.9.1
> 
> -- 
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-devel

-- 
Martin 'JaMa' Jansa     jabber: Martin.Jansa@gmail.com

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 188 bytes --]