[Buildroot] [PATCH 1/1] php: security bump to 7.3.1
aduskett at gmail.com
aduskett at gmail.com
Sat Jan 19 21:29:34 UTC 2019
From: Adam Duskett <Aduskett at gmail.com>
Fixes the following security issue:
- CVE-2018-19935: Allows remote attackers to cause a denial of service
(NULL pointer dereference and application crash) via an empty string in the
message argument to the imap_mail function.
https://www.cvedetails.com/cve/CVE-2018-19935/
Signed-off-by: Adam Duskett <Aduskett at gmail.com>
---
package/php/php.hash | 2 +-
package/php/php.mk | 8 ++++----
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/package/php/php.hash b/package/php/php.hash
index c1c6e8c3e9..2cb89e0366 100644
--- a/package/php/php.hash
+++ b/package/php/php.hash
@@ -1,5 +1,5 @@
# From http://php.net/downloads.php
-sha256 7d195cad55af8b288c3919c67023a14ff870a73e3acc2165a6d17a4850a560b5 php-7.3.0.tar.xz
+sha256 cfe93e40be0350cd53c4a579f52fe5d8faf9c6db047f650a4566a2276bf33362 php-7.3.1.tar.xz
# License file
sha256 f689b8fa63bea7950ce6a21bf52ed88ea0d77673ee76e6de12f51191174d91b8 LICENSE
diff --git a/package/php/php.mk b/package/php/php.mk
index 7d7d78353b..be7e9b3c89 100644
--- a/package/php/php.mk
+++ b/package/php/php.mk
@@ -4,7 +4,7 @@
#
################################################################################
-PHP_VERSION = 7.3.0
+PHP_VERSION = 7.3.1
PHP_SITE = http://www.php.net/distributions
PHP_SOURCE = php-$(PHP_VERSION).tar.xz
PHP_INSTALL_STAGING = YES
@@ -243,9 +243,9 @@ endef
PHP_POST_CONFIGURE_HOOKS += PHP_DISABLE_VALGRIND
### Use external PCRE if it's available
-ifeq ($(BR2_PACKAGE_PCRE),y)
-PHP_CONF_OPTS += --with-pcre-regex
-PHP_DEPENDENCIES += pcre
+ifeq ($(BR2_PACKAGE_PCRE2),y)
+PHP_CONF_OPTS += --with-pcre-regex=$(STAGING_DIR)/usr
+PHP_DEPENDENCIES += pcre2
else
# The bundled pcre library is not configurable through ./configure options,
# and by default is configured to be thread-safe, so it wants pthreads. So
--
2.20.1
More information about the buildroot
mailing list