up to 5.6.5, fixes for CVE-2015-0231, CVE-2014-9427 and CVE-2015-0232

diff --git a/fpm-conf-split.patch b/fpm-conf-split.patch
index bae2ef79d9cbbc7c6c5334fb11a07c8a4f4ffea8..3d4bd92a238d65fc4d263c9e1e3f1014df9b1005 100644 (file)
--- a/fpm-conf-split.patch
+++ b/fpm-conf-split.patch
@@ -1,5 +1,5 @@
---- php-5.6.4/sapi/fpm/php-fpm.conf.in~        2015-01-01 17:18:30.000000000 +0200
-+++ php-5.6.4/sapi/fpm/php-fpm.conf.in 2015-01-01 17:20:31.203799290 +0200
+--- php-5.6.5/sapi/fpm/php-fpm.conf.in~        2015-02-04 19:22:00.000000000 +0200
++++ php-5.6.5/sapi/fpm/php-fpm.conf.in 2015-02-04 19:23:22.109298245 +0200
 @@ -6,14 +6,6 @@
  ; prefix (@prefix@). This prefix can be dynamically changed by using the
  ; '-p' argument from the command line.
@@ -15,7 +15,7 @@
  ;;;;;;;;;;;;;;;;;;
  ; Global Options ;
  ;;;;;;;;;;;;;;;;;;
-@@ -115,410 +115,3 @@
+@@ -115,415 +115,3 @@
  ; ports and different management options.  The name of the pool will be
  ; used in logs and stats. There is no limitation on the number of pools which
  ; FPM can handle. Your system will tell you anyway :)
@@ -71,6 +71,11 @@
 -;listen.owner = @php_fpm_user@
 -;listen.group = @php_fpm_group@
 -;listen.mode = 0660
+-; When POSIX Access Control Lists are supported you can set them using
+-; these options, value is a comma separated list of user/group names.
+-; When set, listen.owner and listen.group are ignored
+-;listen.acl_users =
+-;listen.acl_groups =
 - 
 -; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
 -; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
@@ -427,8 +432,8 @@
 -;php_admin_flag[log_errors] = on
 -;php_admin_value[memory_limit] = 32M
 --- /dev/null  2007-02-13 18:29:53.000000000 +0200
-+++ php-5.6.4/sapi/fpm/php-fpm.conf-d.in       2015-01-01 17:19:55.621958470 +0200
-@@ -0,0 +1,406 @@
++++ php-5.6.5/sapi/fpm/php-fpm.conf-d.in       2015-02-04 19:23:20.709225773 +0200
+@@ -0,0 +1,411 @@
 +; Start a new pool named 'www'.
 +; the variable $pool can we used in any directive and will be replaced by the
 +; pool name ('www' here)
@@ -480,6 +485,11 @@
 +;listen.owner = @php_fpm_user@
 +;listen.group = @php_fpm_group@
 +;listen.mode = 0660
++; When POSIX Access Control Lists are supported you can set them using
++; these options, value is a comma separated list of user/group names.
++; When set, listen.owner and listen.group are ignored
++;listen.acl_users =
++;listen.acl_groups =
 + 
 +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
 +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original

diff --git a/php-fpm-config.patch b/php-fpm-config.patch
index cb2b91d853abf8d54a949a632d60fe3b88f1cc00..69a93713d08d6570a8311bc479cb20fc460808e1 100644 (file)
--- a/php-fpm-config.patch
+++ b/php-fpm-config.patch
@@ -29,8 +29,8 @@
 +;  - the global prefix if it's been set (-p argument)
 +;  - @prefix@ otherwise
 +include=/etc/php/fpm.d/*.conf
---- php-5.6.2.old/sapi/fpm/php-fpm.conf-d.in   2014-10-27 08:07:47.762117299 +0200
-+++ php-5.6.2/sapi/fpm/php-fpm.conf-d.in       2014-10-27 08:23:41.232196777 +0200
+--- php-5.6.5/sapi/fpm/php-fpm.conf-d.in~      2015-02-04 19:26:16.000000000 +0200
++++ php-5.6.5/sapi/fpm/php-fpm.conf-d.in       2015-02-04 19:27:25.275218535 +0200
 @@ -32,7 +32,7 @@
  ;                            specific port;
  ;   '/path/to/unix/socket' - to listen on a unix socket.
@@ -40,7 +40,7 @@
  
  ; Set listen(2) backlog.
  ; Default Value: 65535 (-1 on FreeBSD and OpenBSD)
-@@ -41,9 +41,9 @@
+@@ -46,9 +46,9 @@
  ; BSD-derived systems allow connections regardless of permissions. 
  ; Default Values: user and group are set as the running user
  ;                 mode is set to 0660
@@ -50,9 +50,9 @@
 +listen.owner = root
 +listen.group = @php_fpm_group@
 +listen.mode = 0660
-  
- ; List of ipv4 addresses of FastCGI clients which are allowed to connect.
- ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
+ ; When POSIX Access Control Lists are supported you can set them using
+ ; these options, value is a comma separated list of user/group names.
+ ; When set, listen.owner and listen.group are ignored
 @@ -53,7 +53,7 @@
  ; must be separated by a comma. If this value is left blank, connections will be
  ; accepted from any ip address.

diff --git a/php.spec b/php.spec
index cc05a977182b9296083fbcd4a5f4584490069285..40977d81e7432fc17182c079d09801f2635855e9 100644 (file)
--- a/php.spec
+++ b/php.spec
@@ -134,7 +134,7 @@ ERROR: You need to select at least one Apache SAPI to build shared modules.
 %undefine      with_filter
 %endif
 
-%define                rel     2
+%define                rel     1
 %define                orgname php
 %define                ver_suffix 56
 %define                php_suffix %{!?with_default_php:%{ver_suffix}}
@@ -145,13 +145,13 @@ Summary(pt_BR.UTF-8):     A linguagem de script PHP
 Summary(ru.UTF-8):     PHP Версии 5 - язык препроцессирования HTML-файлов, выполняемый на сервере
 Summary(uk.UTF-8):     PHP Версії 5 - мова препроцесування HTML-файлів, виконувана на сервері
 Name:          %{orgname}%{php_suffix}
-Version:       5.6.4
+Version:       5.6.5
 Release:       %{rel}%{?with_type_hints:.th}
 Epoch:         4
 License:       PHP
 Group:         Libraries
 Source0:       http://www.php.net/distributions/%{orgname}-%{version}.tar.xz
-# Source0-md5: bf824c5e5c7f49ca5f7350d72cba4881
+# Source0-md5: 541a480e1f8747219074c99f3e9edbcc
 Source2:       %{orgname}-mod_%{orgname}.conf
 Source3:       %{orgname}-cgi-fcgi.ini
 Source4:       %{orgname}-apache.ini