- php-fpm: change default unix socket permission CVE-2014-0185
This commit is contained in:
Remi Collet 2014-05-03 08:15:48 +02:00
parent dc4f1dc1a0
commit f0d343bd83
4 changed files with 11 additions and 5 deletions

1
.gitignore vendored
View File

@ -23,3 +23,4 @@ php-5.4.*.bz2
/php-5.5.9-strip.tar.xz /php-5.5.9-strip.tar.xz
/php-5.5.10-strip.tar.xz /php-5.5.10-strip.tar.xz
/php-5.5.11-strip.tar.xz /php-5.5.11-strip.tar.xz
/php-5.5.12-strip.tar.xz

View File

@ -27,10 +27,10 @@ listen.allowed_clients = 127.0.0.1
; permissions must be set in order to allow connections from a web server. Many ; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions. ; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user ; Default Values: user and group are set as the running user
; mode is set to 0666 ; mode is set to 0660
;listen.owner = nobody ;listen.owner = nobody
;listen.group = nobody ;listen.group = nobody
;listen.mode = 0666 ;listen.mode = 0660
; Unix user/group of processes ; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group ; Note: The user is mandatory. If the group is not set, the default user's group

View File

@ -68,8 +68,8 @@
Summary: PHP scripting language for creating dynamic web sites Summary: PHP scripting language for creating dynamic web sites
Name: php Name: php
Version: 5.5.11 Version: 5.5.12
Release: 2%{?dist} Release: 1%{?dist}
# All files licensed under PHP version 3.01, except # All files licensed under PHP version 3.01, except
# Zend is licensed under Zend # Zend is licensed under Zend
# TSRM is licensed under BSD # TSRM is licensed under BSD
@ -1550,6 +1550,11 @@ exit 0
%changelog %changelog
* Sat May 3 2014 Remi Collet <rcollet@redhat.com> 5.5.12-1
- Update to 5.5.12
http://www.php.net/releases/5_5_12.php
- php-fpm: change default unix socket permission CVE-2014-0185
* Wed Apr 23 2014 Remi Collet <rcollet@redhat.com> 5.5.11-2 * Wed Apr 23 2014 Remi Collet <rcollet@redhat.com> 5.5.11-2
- add numerical prefix to extension configuration files - add numerical prefix to extension configuration files
- prevent .user.ini files from being viewed by Web clients - prevent .user.ini files from being viewed by Web clients

View File

@ -1 +1 @@
3bb5a5ed7a7ec43b2db2370d87cc9588 php-5.5.11-strip.tar.xz 660472b56f21ea37805b46c4508693f6 php-5.5.12-strip.tar.xz