diff options
author | adrianp <adrianp@pkgsrc.org> | 2006-08-10 23:01:39 +0000 |
---|---|---|
committer | adrianp <adrianp@pkgsrc.org> | 2006-08-10 23:01:39 +0000 |
commit | c6db99b6c07a261d28c54b7a72701b42335de558 (patch) | |
tree | d59b7364e4fe6b71d8762f640ac123b6edfb58ab | |
parent | dd2923d1565489029d8f5d001e2178783e163c97 (diff) | |
download | pkgsrc-c6db99b6c07a261d28c54b7a72701b42335de558.tar.gz |
Update to 4.4.3
All PHP 4.x users are encouraged to upgrade to this release as soon as possible.
The security issues resolved include the following:
* Disallow certain characters in session names.
* Fixed a buffer overflow inside the wordwrap() function.
* Prevent jumps to parent directory via the 2nd parameter of the tempnam()
function.
* Improved safe_mode check for the error_log() function.
* Fixed cross-site scripting inside the phpinfo() function.
The release also includes about 20 bug fixes and an upgraded PCRE library
(version 6.6).
For a full list of changes in PHP 4.4.3, see the ChangeLog:
http://www.php.net/ChangeLog-4.php#4.4.3
This also contains a fix for CVE-2006-4020 (SA21403)
-rw-r--r-- | www/php4/Makefile | 3 | ||||
-rw-r--r-- | www/php4/Makefile.common | 4 | ||||
-rw-r--r-- | www/php4/distinfo | 16 | ||||
-rw-r--r-- | www/php4/files/pear.sh | 2 | ||||
-rw-r--r-- | www/php4/patches/patch-ao | 12 | ||||
-rw-r--r-- | www/php4/patches/patch-aq | 13 | ||||
-rw-r--r-- | www/php4/patches/patch-ar | 55 | ||||
-rw-r--r-- | www/php4/patches/patch-as | 43 | ||||
-rw-r--r-- | www/php4/patches/patch-au | 24 | ||||
-rw-r--r-- | www/php4/patches/patch-av | 15 | ||||
-rw-r--r-- | www/php4/patches/patch-aw | 83 |
11 files changed, 97 insertions, 173 deletions
diff --git a/www/php4/Makefile b/www/php4/Makefile index 37d5339479c..9577f98ddc7 100644 --- a/www/php4/Makefile +++ b/www/php4/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.69 2006/07/18 21:26:17 adrianp Exp $ +# $NetBSD: Makefile,v 1.70 2006/08/10 23:01:40 adrianp Exp $ PKGNAME= php-${PHP_BASE_VERS} -PKGREVISION= 3 CATEGORIES+= lang COMMENT= HTML-embedded scripting language diff --git a/www/php4/Makefile.common b/www/php4/Makefile.common index f777b0b817f..cc2c400fb69 100644 --- a/www/php4/Makefile.common +++ b/www/php4/Makefile.common @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.common,v 1.52 2006/03/03 07:11:34 cube Exp $ +# $NetBSD: Makefile.common,v 1.53 2006/08/10 23:01:40 adrianp Exp $ DISTNAME?= php-${PHP_DIST_VERS} CATEGORIES+= www php4 @@ -18,7 +18,7 @@ HOMEPAGE?= http://www.php.net/ # PHP_DIST_VERS version number on the php distfile # PHP_BASE_VERS pkgsrc-mangled version number (convert pl -> .) # -PHP_DIST_VERS= 4.4.2 +PHP_DIST_VERS= 4.4.3 PHP_BASE_VERS= ${PHP_DIST_VERS} DISTFILES?= ${PHP_DISTFILE} diff --git a/www/php4/distinfo b/www/php4/distinfo index 44e4265ee46..e6eb2a43a11 100644 --- a/www/php4/distinfo +++ b/www/php4/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.55 2006/07/18 21:21:19 adrianp Exp $ +$NetBSD: distinfo,v 1.56 2006/08/10 23:01:40 adrianp Exp $ -SHA1 (php-4.4.2.tar.bz2) = 88f2e9efff0add8d8e3034d4ce3a948429b88756 -RMD160 (php-4.4.2.tar.bz2) = cbef0fa4e233529422bc0944dcfb79d866013f5e -Size (php-4.4.2.tar.bz2) = 4371185 bytes +SHA1 (php-4.4.3.tar.bz2) = 42aec56fec03c13366c0b0aac13169138814a4b5 +RMD160 (php-4.4.3.tar.bz2) = 36c91930af44e8a1ed59eb159e6131ae8f0c77f0 +Size (php-4.4.3.tar.bz2) = 4461353 bytes SHA1 (patch-aa) = feb064407950d0fc732b7240e65cac84420d2407 SHA1 (patch-ab) = 38a4bcd0d65b26c5d8e54e22b552f60831188469 SHA1 (patch-ad) = 9ca5d2f59bfeea77a98cd0e727546d11669114cd @@ -12,11 +12,7 @@ SHA1 (patch-ai) = 0b9c1c9fb75a64026f2fb3cbd44cc19e0a1f186c SHA1 (patch-aj) = cc68ce876dc5998becbe2f1f74288b5da5bbaca3 SHA1 (patch-ak) = 1f9fbe26c7329e1d18eec053499ee2d574b5b970 SHA1 (patch-al) = 28ad9006b387e2b9984ad49beea21c9d46e63b46 -SHA1 (patch-ao) = cd30bbff10f1d045c829f72d94304c9dcf202fc6 +SHA1 (patch-ao) = 0fd4becf023451ac8cb185df354830efc86c1344 SHA1 (patch-ap) = 2f852abd1e9d0f089add18b2eade2831253ad00e -SHA1 (patch-aq) = 00f410eb61624aee0c68d2fd6802a6be7adb373e -SHA1 (patch-ar) = 5606c1ec5a7afaeda2e3cc7879cc0caa4f86ca68 -SHA1 (patch-as) = 7987c293d2290aa5e68fba87d0aa759797ace40d SHA1 (patch-at) = f8b3aebd61fe2d5b5a994e1d973424a1ed397f63 -SHA1 (patch-au) = b5fa682fa6b03cc91e68db7e7ed6985897a3288f -SHA1 (patch-av) = fc105360bccbff5a5eae119f24a8aa12b4e08139 +SHA1 (patch-aw) = f8e2f36a4d9bb4a60d255127ac5984c33ea74841 diff --git a/www/php4/files/pear.sh b/www/php4/files/pear.sh index 935673a3e87..1c49ab1df01 100644 --- a/www/php4/files/pear.sh +++ b/www/php4/files/pear.sh @@ -25,4 +25,4 @@ else fi fi -exec $PHP -C -q $INCARG -d output_buffering=1 -dmemory_limit=12M $INCDIR/pearcmd.php "$@" +exec $PHP -C -q $INCARG -d output_buffering=1 -d open_basedir="" -d safe_mode=0 -d memory_limit=12M $INCDIR/pearcmd.php "$@" diff --git a/www/php4/patches/patch-ao b/www/php4/patches/patch-ao index c1b4524a89e..f65f1fca145 100644 --- a/www/php4/patches/patch-ao +++ b/www/php4/patches/patch-ao @@ -1,13 +1,9 @@ -$NetBSD: patch-ao,v 1.2 2006/03/06 15:57:58 cube Exp $ +$NetBSD: patch-ao,v 1.3 2006/08/10 23:01:39 adrianp Exp $ ---- pear/Makefile.frag.orig 2005-11-05 19:19:23.000000000 +0100 +--- pear/Makefile.frag.orig 2006-05-07 17:33:41.000000000 +0100 +++ pear/Makefile.frag -@@ -3,10 +3,10 @@ - peardir=$(PEAR_INSTALLDIR) - - # Skip all php.ini files altogether --PEAR_INSTALL_FLAGS = -n -dshort_open_tag=0 -dsafe_mode=0 -+PEAR_INSTALL_FLAGS = -n -dshort_open_tag=0 -dsafe_mode=0 -dmemory_limit=16M +@@ -6,7 +6,7 @@ peardir=$(PEAR_INSTALLDIR) + PEAR_INSTALL_FLAGS = -n -dshort_open_tag=0 -dopen_basedir= -dsafe_mode=0 -dmemory_limit=-1 install-pear-packages: $(top_builddir)/sapi/cli/php - @$(top_builddir)/sapi/cli/php $(PEAR_INSTALL_FLAGS) $(srcdir)/install-pear.php -d "$(peardir)" -b "$(bindir)" $(srcdir)/packages/*.tar diff --git a/www/php4/patches/patch-aq b/www/php4/patches/patch-aq deleted file mode 100644 index f173fc82dc2..00000000000 --- a/www/php4/patches/patch-aq +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-aq,v 1.1 2006/04/14 13:48:33 cube Exp $ - ---- ext/standard/html.c.orig 2006-01-01 14:46:57.000000000 +0100 -+++ ext/standard/html.c -@@ -793,7 +793,7 @@ PHPAPI char *php_unescape_html_entities( - enum entity_charset charset = determine_charset(hint_charset TSRMLS_CC); - unsigned char replacement[15]; - -- ret = estrdup(old); -+ ret = estrndup(old, oldlen); - retlen = oldlen; - if (!retlen) { - goto empty_source; diff --git a/www/php4/patches/patch-ar b/www/php4/patches/patch-ar deleted file mode 100644 index bfdc845b1b0..00000000000 --- a/www/php4/patches/patch-ar +++ /dev/null @@ -1,55 +0,0 @@ -$NetBSD: patch-ar,v 1.1 2006/04/14 13:48:33 cube Exp $ - ---- ext/standard/info.c.orig 2006-01-01 14:46:57.000000000 +0100 -+++ ext/standard/info.c -@@ -58,6 +58,23 @@ ZEND_EXTERN_MODULE_GLOBALS(iconv) - - PHPAPI extern char *php_ini_opened_path; - PHPAPI extern char *php_ini_scanned_files; -+ -+static int php_info_write_wrapper(const char *str, uint str_length) -+{ -+ int new_len, written; -+ char *elem_esc; -+ -+ TSRMLS_FETCH(); -+ -+ elem_esc = php_escape_html_entities((char *)str, str_length, &new_len, 0, ENT_QUOTES, NULL TSRMLS_CC); -+ -+ written = php_body_write(elem_esc, new_len TSRMLS_CC); -+ -+ efree(elem_esc); -+ -+ return written; -+} -+ - - /* {{{ _display_module_info - */ -@@ -133,23 +150,12 @@ static void php_print_gpcse_array(char * - PUTS(" => "); - } - if (Z_TYPE_PP(tmp) == IS_ARRAY) { -- zval *tmp3; -- MAKE_STD_ZVAL(tmp3); - if (!sapi_module.phpinfo_as_text) { - PUTS("<pre>"); -- } -- php_start_ob_buffer(NULL, 4096, 1 TSRMLS_CC); -- zend_print_zval_r(*tmp, 0); -- php_ob_get_buffer(tmp3 TSRMLS_CC); -- php_end_ob_buffer(0, 0 TSRMLS_CC); -- -- elem_esc = php_info_html_esc(Z_STRVAL_P(tmp3) TSRMLS_CC); -- PUTS(elem_esc); -- efree(elem_esc); -- zval_ptr_dtor(&tmp3); -- -- if (!sapi_module.phpinfo_as_text) { -+ zend_print_zval_ex((zend_write_func_t) php_info_write_wrapper, *tmp, 0); - PUTS("</pre>"); -+ } else { -+ zend_print_zval_r(*tmp, 0 TSRMLS_CC); - } - } else if (Z_TYPE_PP(tmp) != IS_STRING) { - tmp2 = **tmp; diff --git a/www/php4/patches/patch-as b/www/php4/patches/patch-as deleted file mode 100644 index 984a8a3b7aa..00000000000 --- a/www/php4/patches/patch-as +++ /dev/null @@ -1,43 +0,0 @@ -$NetBSD: patch-as,v 1.1 2006/04/14 13:48:33 cube Exp $ - ---- ext/standard/file.c.orig 2006-01-01 14:46:57.000000000 +0100 -+++ ext/standard/file.c -@@ -552,7 +552,7 @@ PHP_FUNCTION(tempnam) - pval **arg1, **arg2; - char *d; - char *opened_path; -- char p[64]; -+ char *p; - FILE *fp; - - if (ZEND_NUM_ARGS() != 2 || zend_get_parameters_ex(2, &arg1, &arg2) == FAILURE) { -@@ -566,7 +566,11 @@ PHP_FUNCTION(tempnam) - } - - d = estrndup(Z_STRVAL_PP(arg1), Z_STRLEN_PP(arg1)); -- strlcpy(p, Z_STRVAL_PP(arg2), sizeof(p)); -+ -+ p = php_basename(Z_STRVAL_PP(arg2), Z_STRLEN_PP(arg2), NULL, 0); -+ if (strlen(p) > 64) { -+ p[63] = '\0'; -+ } - - if ((fp = php_open_temporary_file(d, p, &opened_path TSRMLS_CC))) { - fclose(fp); -@@ -574,6 +578,7 @@ PHP_FUNCTION(tempnam) - } else { - RETVAL_FALSE; - } -+ efree(p); - efree(d); - } - /* }}} */ -@@ -2196,7 +2201,7 @@ no_stat: - safe_to_copy: - - srcstream = php_stream_open_wrapper(src, "rb", -- STREAM_DISABLE_OPEN_BASEDIR | REPORT_ERRORS, -+ ENFORCE_SAFE_MODE | REPORT_ERRORS, - NULL); - - if (!srcstream) diff --git a/www/php4/patches/patch-au b/www/php4/patches/patch-au deleted file mode 100644 index 8f7483c3602..00000000000 --- a/www/php4/patches/patch-au +++ /dev/null @@ -1,24 +0,0 @@ -$NetBSD: patch-au,v 1.1 2006/07/18 21:21:19 adrianp Exp $ - -# This is CVE-2006-1990 - ---- ext/standard/string.c.orig 2006-01-01 13:46:58.000000000 +0000 -+++ ext/standard/string.c -@@ -672,15 +672,13 @@ PHP_FUNCTION(wordwrap) - /* Multiple character line break or forced cut */ - if (linelength > 0) { - chk = (int)(textlen/linelength + 1); -+ newtext = safe_emalloc(chk, breakcharlen, textlen + 1); - alloced = textlen + chk * breakcharlen + 1; - } else { - chk = textlen; -+ newtext = safe_emalloc(textlen, (breakcharlen + 1), 1); - alloced = textlen * (breakcharlen + 1) + 1; - } -- if (alloced <= 0) { -- RETURN_FALSE; -- } -- newtext = emalloc(alloced); - - /* now keep track of the actual new text length */ - newtextlen = 0; diff --git a/www/php4/patches/patch-av b/www/php4/patches/patch-av deleted file mode 100644 index 52040a157ef..00000000000 --- a/www/php4/patches/patch-av +++ /dev/null @@ -1,15 +0,0 @@ -$NetBSD: patch-av,v 1.1 2006/07/18 21:21:19 adrianp Exp $ - -# This is CVE-2006-3011 - ---- ext/standard/basic_functions.c.orig 2006-01-01 13:46:57.000000000 +0000 -+++ ext/standard/basic_functions.c -@@ -1866,7 +1866,7 @@ PHPAPI int _php_error_log(int opt_err, c - break; - - case 3: /*save to a file */ -- stream = php_stream_open_wrapper(opt, "a", IGNORE_URL | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL); -+ stream = php_stream_open_wrapper(opt, "a", IGNORE_URL_WIN | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL); - if (!stream) - return FAILURE; - php_stream_write(stream, message, strlen(message)); diff --git a/www/php4/patches/patch-aw b/www/php4/patches/patch-aw new file mode 100644 index 00000000000..10ea46cce89 --- /dev/null +++ b/www/php4/patches/patch-aw @@ -0,0 +1,83 @@ +--- ext/standard/scanf.c.orig 2006-01-01 13:46:58.000000000 +0000 ++++ ext/standard/scanf.c 2006-08-10 23:00:19.000000000 +0100 +@@ -732,7 +732,7 @@ + if (*end == '$') { + format = end+1; + ch = format++; +- objIndex = varStart + value; ++ objIndex = varStart + value - 1; + } + } + +@@ -762,8 +762,10 @@ + switch (*ch) { + case 'n': + if (!(flags & SCAN_SUPPRESS)) { +- if (numVars) { +- current = args[objIndex++]; ++ if (numVars && objIndex >= argCount) { ++ break; ++ } else if (numVars) { ++ current = args[objIndex++]; + zval_dtor( *current ); + ZVAL_LONG( *current, (long)(string - baseString) ); + } else { +@@ -883,8 +885,10 @@ + } + } + if (!(flags & SCAN_SUPPRESS)) { +- if (numVars) { +- current = args[objIndex++]; ++ if (numVars && objIndex >= argCount) { ++ break; ++ } else if (numVars) { ++ current = args[objIndex++]; + zval_dtor( *current ); + ZVAL_STRINGL( *current, string, end-string, 1); + } else { +@@ -922,7 +926,9 @@ + goto done; + } + if (!(flags & SCAN_SUPPRESS)) { +- if (numVars) { ++ if (numVars && objIndex >= argCount) { ++ break; ++ } else if (numVars) { + current = args[objIndex++]; + zval_dtor( *current ); + ZVAL_STRINGL( *current, string, end-string, 1); +@@ -1079,8 +1085,10 @@ + value = (int) (*fn)(buf, NULL, base); + if ((flags & SCAN_UNSIGNED) && (value < 0)) { + sprintf(buf, "%u", value); /* INTL: ISO digit */ +- if (numVars) { +- /* change passed value type to string */ ++ if (numVars && objIndex >= argCount) { ++ break; ++ } else if (numVars) { ++ /* change passed value type to string */ + current = args[objIndex++]; + convert_to_string( *current ); + ZVAL_STRING( *current, buf, 1 ); +@@ -1088,7 +1096,9 @@ + add_index_string(*return_value, objIndex++, buf, 1); + } + } else { +- if (numVars) { ++ if (numVars && objIndex >= argCount) { ++ break; ++ } else if (numVars) { + current = args[objIndex++]; + convert_to_long( *current ); + Z_LVAL(**current) = value; +@@ -1196,7 +1206,9 @@ + double dvalue; + *end = '\0'; + dvalue = zend_strtod(buf, NULL); +- if (numVars) { ++ if (numVars && objIndex >= argCount) { ++ break; ++ } else if (numVars) { + current = args[objIndex++]; + convert_to_double( *current ); + Z_DVAL_PP( current ) = dvalue; |