diff options
author | salo <salo> | 2006-04-19 00:12:27 +0000 |
---|---|---|
committer | salo <salo> | 2006-04-19 00:12:27 +0000 |
commit | bb3e6e3d2c00d3015d510d3f93d24819582325ef (patch) | |
tree | bc68caf5f70e14e8d13a810fc19117efba86f9cd /www | |
parent | 1fe40d2b1902e9c7f7afee00a71af224f889d98b (diff) | |
download | pkgsrc-bb3e6e3d2c00d3015d510d3f93d24819582325ef.tar.gz |
Pullup ticket 1406 - requested by cube
security fixes for php
Revisions pulled up:
- pkgsrc/lang/php5/Makefile 1.29
- pkgsrc/lang/php5/Makefile.php 1.18
- pkgsrc/lang/php5/distinfo 1.15
- pkgsrc/lang/php5/patches/patch-ap 1.1
- pkgsrc/lang/php5/patches/patch-aq 1.1
- pkgsrc/lang/php5/patches/patch-ar 1.1
- pkgsrc/www/php4/Makefile 1.63
- pkgsrc/www/php4/distinfo 1.52
- pkgsrc/www/php4/patches/patch-aq 1.1
- pkgsrc/www/php4/patches/patch-ar 1.1
- pkgsrc/www/php4/patches/patch-as 1.1
- pkgsrc/www/ap-php/Makefile 1.9
Module Name: pkgsrc
Committed By: cube
Date: Fri Apr 14 13:47:30 UTC 2006
Modified Files:
pkgsrc/lang/php5: Makefile Makefile.php distinfo
pkgsrc/www/ap-php: Makefile
pkgsrc/www/php4: Makefile distinfo
Log Message:
PHP4/5 security changes... They're not critical issues; secunia classes
them between "not critical" and "less critical".
Fix CVE-2006-0996, CVE-2006-1494, CVE-2006-1608, CVE-2006-1490.
See:
http://secunia.com/advisories/19383/
http://secunia.com/advisories/19599/
Patches were extracted from CVS. I had to translate the one for
CVE-2006-1608 on php4 because it has not made its way to the php4.4 branch
(I don't know why; I can confirm it fixes the issue).
While here, add PATCHDIR to the list of variables php5's Makefile.php
defines. That way, ap-php gets patched too...
---
Module Name: pkgsrc
Committed By: cube
Date: Fri Apr 14 13:48:33 UTC 2006
Added Files:
pkgsrc/lang/php5/patches: patch-ap patch-aq patch-ar
pkgsrc/www/php4/patches: patch-aq patch-ar patch-as
Log Message:
The actual patches for PHP4/5.
Diffstat (limited to 'www')
-rw-r--r-- | www/ap-php/Makefile | 4 | ||||
-rw-r--r-- | www/php4/Makefile | 3 | ||||
-rw-r--r-- | www/php4/distinfo | 5 | ||||
-rw-r--r-- | www/php4/patches/patch-aq | 13 | ||||
-rw-r--r-- | www/php4/patches/patch-ar | 55 | ||||
-rw-r--r-- | www/php4/patches/patch-as | 43 |
6 files changed, 119 insertions, 4 deletions
diff --git a/www/ap-php/Makefile b/www/ap-php/Makefile index 04183cc3912..178b75e1b23 100644 --- a/www/ap-php/Makefile +++ b/www/ap-php/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.8 2006/02/05 23:11:17 joerg Exp $ +# $NetBSD: Makefile,v 1.8.2.1 2006/04/19 00:12:27 salo Exp $ # PKGNAME= ap-php-${PHP_BASE_VERS} -PKGREVISION= 5 +PKGREVISION= 6 COMMENT= Apache (${PKG_APACHE}) module for ${PKG_PHP} APACHE_MODULE= YES diff --git a/www/php4/Makefile b/www/php4/Makefile index 43b27618645..807ee218df9 100644 --- a/www/php4/Makefile +++ b/www/php4/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.62 2006/03/03 07:11:34 cube Exp $ +# $NetBSD: Makefile,v 1.62.2.1 2006/04/19 00:12:27 salo Exp $ PKGNAME= php-${PHP_BASE_VERS} +PKGREVISION= 1 CATEGORIES+= lang COMMENT= HTML-embedded scripting language diff --git a/www/php4/distinfo b/www/php4/distinfo index cc1e599a835..10c33b0eb96 100644 --- a/www/php4/distinfo +++ b/www/php4/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.51 2006/03/06 15:57:58 cube Exp $ +$NetBSD: distinfo,v 1.51.2.1 2006/04/19 00:12:27 salo Exp $ SHA1 (php-4.4.2.tar.bz2) = 88f2e9efff0add8d8e3034d4ce3a948429b88756 RMD160 (php-4.4.2.tar.bz2) = cbef0fa4e233529422bc0944dcfb79d866013f5e @@ -13,3 +13,6 @@ SHA1 (patch-ak) = 1f9fbe26c7329e1d18eec053499ee2d574b5b970 SHA1 (patch-al) = 28ad9006b387e2b9984ad49beea21c9d46e63b46 SHA1 (patch-ao) = cd30bbff10f1d045c829f72d94304c9dcf202fc6 SHA1 (patch-ap) = 2f852abd1e9d0f089add18b2eade2831253ad00e +SHA1 (patch-aq) = 00f410eb61624aee0c68d2fd6802a6be7adb373e +SHA1 (patch-ar) = 5606c1ec5a7afaeda2e3cc7879cc0caa4f86ca68 +SHA1 (patch-as) = 7987c293d2290aa5e68fba87d0aa759797ace40d diff --git a/www/php4/patches/patch-aq b/www/php4/patches/patch-aq new file mode 100644 index 00000000000..abdf60871a5 --- /dev/null +++ b/www/php4/patches/patch-aq @@ -0,0 +1,13 @@ +$NetBSD: patch-aq,v 1.1.2.2 2006/04/19 00:12:27 salo Exp $ + +--- ext/standard/html.c.orig 2006-01-01 14:46:57.000000000 +0100 ++++ ext/standard/html.c +@@ -793,7 +793,7 @@ PHPAPI char *php_unescape_html_entities( + enum entity_charset charset = determine_charset(hint_charset TSRMLS_CC); + unsigned char replacement[15]; + +- ret = estrdup(old); ++ ret = estrndup(old, oldlen); + retlen = oldlen; + if (!retlen) { + goto empty_source; diff --git a/www/php4/patches/patch-ar b/www/php4/patches/patch-ar new file mode 100644 index 00000000000..0f0c4012088 --- /dev/null +++ b/www/php4/patches/patch-ar @@ -0,0 +1,55 @@ +$NetBSD: patch-ar,v 1.1.2.2 2006/04/19 00:12:27 salo Exp $ + +--- ext/standard/info.c.orig 2006-01-01 14:46:57.000000000 +0100 ++++ ext/standard/info.c +@@ -58,6 +58,23 @@ ZEND_EXTERN_MODULE_GLOBALS(iconv) + + PHPAPI extern char *php_ini_opened_path; + PHPAPI extern char *php_ini_scanned_files; ++ ++static int php_info_write_wrapper(const char *str, uint str_length) ++{ ++ int new_len, written; ++ char *elem_esc; ++ ++ TSRMLS_FETCH(); ++ ++ elem_esc = php_escape_html_entities((char *)str, str_length, &new_len, 0, ENT_QUOTES, NULL TSRMLS_CC); ++ ++ written = php_body_write(elem_esc, new_len TSRMLS_CC); ++ ++ efree(elem_esc); ++ ++ return written; ++} ++ + + /* {{{ _display_module_info + */ +@@ -133,23 +150,12 @@ static void php_print_gpcse_array(char * + PUTS(" => "); + } + if (Z_TYPE_PP(tmp) == IS_ARRAY) { +- zval *tmp3; +- MAKE_STD_ZVAL(tmp3); + if (!sapi_module.phpinfo_as_text) { + PUTS("<pre>"); +- } +- php_start_ob_buffer(NULL, 4096, 1 TSRMLS_CC); +- zend_print_zval_r(*tmp, 0); +- php_ob_get_buffer(tmp3 TSRMLS_CC); +- php_end_ob_buffer(0, 0 TSRMLS_CC); +- +- elem_esc = php_info_html_esc(Z_STRVAL_P(tmp3) TSRMLS_CC); +- PUTS(elem_esc); +- efree(elem_esc); +- zval_ptr_dtor(&tmp3); +- +- if (!sapi_module.phpinfo_as_text) { ++ zend_print_zval_ex((zend_write_func_t) php_info_write_wrapper, *tmp, 0); + PUTS("</pre>"); ++ } else { ++ zend_print_zval_r(*tmp, 0 TSRMLS_CC); + } + } else if (Z_TYPE_PP(tmp) != IS_STRING) { + tmp2 = **tmp; diff --git a/www/php4/patches/patch-as b/www/php4/patches/patch-as new file mode 100644 index 00000000000..812d8619704 --- /dev/null +++ b/www/php4/patches/patch-as @@ -0,0 +1,43 @@ +$NetBSD: patch-as,v 1.1.2.2 2006/04/19 00:12:27 salo Exp $ + +--- ext/standard/file.c.orig 2006-01-01 14:46:57.000000000 +0100 ++++ ext/standard/file.c +@@ -552,7 +552,7 @@ PHP_FUNCTION(tempnam) + pval **arg1, **arg2; + char *d; + char *opened_path; +- char p[64]; ++ char *p; + FILE *fp; + + if (ZEND_NUM_ARGS() != 2 || zend_get_parameters_ex(2, &arg1, &arg2) == FAILURE) { +@@ -566,7 +566,11 @@ PHP_FUNCTION(tempnam) + } + + d = estrndup(Z_STRVAL_PP(arg1), Z_STRLEN_PP(arg1)); +- strlcpy(p, Z_STRVAL_PP(arg2), sizeof(p)); ++ ++ p = php_basename(Z_STRVAL_PP(arg2), Z_STRLEN_PP(arg2), NULL, 0); ++ if (strlen(p) > 64) { ++ p[63] = '\0'; ++ } + + if ((fp = php_open_temporary_file(d, p, &opened_path TSRMLS_CC))) { + fclose(fp); +@@ -574,6 +578,7 @@ PHP_FUNCTION(tempnam) + } else { + RETVAL_FALSE; + } ++ efree(p); + efree(d); + } + /* }}} */ +@@ -2196,7 +2201,7 @@ no_stat: + safe_to_copy: + + srcstream = php_stream_open_wrapper(src, "rb", +- STREAM_DISABLE_OPEN_BASEDIR | REPORT_ERRORS, ++ ENFORCE_SAFE_MODE | REPORT_ERRORS, + NULL); + + if (!srcstream) |