Pullup ticket 1406 - requested by cube

security fixes for php Revisions pulled up: - pkgsrc/lang/php5/Makefile 1.29 - pkgsrc/lang/php5/Makefile.php 1.18 - pkgsrc/lang/php5/distinfo 1.15 - pkgsrc/lang/php5/patches/patch-ap 1.1 - pkgsrc/lang/php5/patches/patch-aq 1.1 - pkgsrc/lang/php5/patches/patch-ar 1.1 - pkgsrc/www/php4/Makefile 1.63 - pkgsrc/www/php4/distinfo 1.52 - pkgsrc/www/php4/patches/patch-aq 1.1 - pkgsrc/www/php4/patches/patch-ar 1.1 - pkgsrc/www/php4/patches/patch-as 1.1 - pkgsrc/www/ap-php/Makefile 1.9 Module Name: pkgsrc Committed By: cube Date: Fri Apr 14 13:47:30 UTC 2006 Modified Files: pkgsrc/lang/php5: Makefile Makefile.php distinfo pkgsrc/www/ap-php: Makefile pkgsrc/www/php4: Makefile distinfo Log Message: PHP4/5 security changes... They're not critical issues; secunia classes them between "not critical" and "less critical". Fix CVE-2006-0996, CVE-2006-1494, CVE-2006-1608, CVE-2006-1490. See: http://secunia.com/advisories/19383/ http://secunia.com/advisories/19599/ Patches were extracted from CVS. I had to translate the one for CVE-2006-1608 on php4 because it has not made its way to the php4.4 branch (I don't know why; I can confirm it fixes the issue). While here, add PATCHDIR to the list of variables php5's Makefile.php defines. That way, ap-php gets patched too... --- Module Name: pkgsrc Committed By: cube Date: Fri Apr 14 13:48:33 UTC 2006 Added Files: pkgsrc/lang/php5/patches: patch-ap patch-aq patch-ar pkgsrc/www/php4/patches: patch-aq patch-ar patch-as Log Message: The actual patches for PHP4/5.
author: salo <salo> 2006-04-19 00:12:27 +0000
committer: salo <salo> 2006-04-19 00:12:27 +0000
commit: bb3e6e3d2c00d3015d510d3f93d24819582325ef (patch)
tree: bc68caf5f70e14e8d13a810fc19117efba86f9cd /www
parent: 1fe40d2b1902e9c7f7afee00a71af224f889d98b (diff)
download: pkgsrc-bb3e6e3d2c00d3015d510d3f93d24819582325ef.tar.gz
6 files changed, 119 insertions, 4 deletions
diff --git a/www/ap-php/Makefile b/www/ap-php/Makefile
index 04183cc3912..178b75e1b23 100644
--- a/www/ap-php/Makefile
+++ b/www/ap-php/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.8 2006/02/05 23:11:17 joerg Exp $
+# $NetBSD: Makefile,v 1.8.2.1 2006/04/19 00:12:27 salo Exp $
 #
 
 PKGNAME=		ap-php-${PHP_BASE_VERS}
-PKGREVISION=		5
+PKGREVISION=		6
 COMMENT=		Apache (${PKG_APACHE}) module for ${PKG_PHP}
 
 APACHE_MODULE=		YES
diff --git a/www/php4/Makefile b/www/php4/Makefile
index 43b27618645..807ee218df9 100644
--- a/www/php4/Makefile
+++ b/www/php4/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.62 2006/03/03 07:11:34 cube Exp $
+# $NetBSD: Makefile,v 1.62.2.1 2006/04/19 00:12:27 salo Exp $
 
 PKGNAME=		php-${PHP_BASE_VERS}
+PKGREVISION=		1
 CATEGORIES+=		lang
 COMMENT=		HTML-embedded scripting language
 
diff --git a/www/php4/distinfo b/www/php4/distinfo
index cc1e599a835..10c33b0eb96 100644
--- a/www/php4/distinfo
+++ b/www/php4/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.51 2006/03/06 15:57:58 cube Exp $
+$NetBSD: distinfo,v 1.51.2.1 2006/04/19 00:12:27 salo Exp $
 
 SHA1 (php-4.4.2.tar.bz2) = 88f2e9efff0add8d8e3034d4ce3a948429b88756
 RMD160 (php-4.4.2.tar.bz2) = cbef0fa4e233529422bc0944dcfb79d866013f5e
@@ -13,3 +13,6 @@ SHA1 (patch-ak) = 1f9fbe26c7329e1d18eec053499ee2d574b5b970
 SHA1 (patch-al) = 28ad9006b387e2b9984ad49beea21c9d46e63b46
 SHA1 (patch-ao) = cd30bbff10f1d045c829f72d94304c9dcf202fc6
 SHA1 (patch-ap) = 2f852abd1e9d0f089add18b2eade2831253ad00e
+SHA1 (patch-aq) = 00f410eb61624aee0c68d2fd6802a6be7adb373e
+SHA1 (patch-ar) = 5606c1ec5a7afaeda2e3cc7879cc0caa4f86ca68
+SHA1 (patch-as) = 7987c293d2290aa5e68fba87d0aa759797ace40d
diff --git a/www/php4/patches/patch-aq b/www/php4/patches/patch-aq
new file mode 100644
index 00000000000..abdf60871a5
--- /dev/null
+++ b/www/php4/patches/patch-aq
@@ -0,0 +1,13 @@
+$NetBSD: patch-aq,v 1.1.2.2 2006/04/19 00:12:27 salo Exp $
+
+--- ext/standard/html.c.orig	2006-01-01 14:46:57.000000000 +0100
++++ ext/standard/html.c
+@@ -793,7 +793,7 @@ PHPAPI char *php_unescape_html_entities(
+ 	enum entity_charset charset = determine_charset(hint_charset TSRMLS_CC);
+ 	unsigned char replacement[15];
+ 	
+-	ret = estrdup(old);
++	ret = estrndup(old, oldlen);
+ 	retlen = oldlen;
+ 	if (!retlen) {
+ 		goto empty_source;
diff --git a/www/php4/patches/patch-ar b/www/php4/patches/patch-ar
new file mode 100644
index 00000000000..0f0c4012088
--- /dev/null
+++ b/www/php4/patches/patch-ar
@@ -0,0 +1,55 @@
+$NetBSD: patch-ar,v 1.1.2.2 2006/04/19 00:12:27 salo Exp $
+
+--- ext/standard/info.c.orig	2006-01-01 14:46:57.000000000 +0100
++++ ext/standard/info.c
+@@ -58,6 +58,23 @@ ZEND_EXTERN_MODULE_GLOBALS(iconv)
+ 
+ PHPAPI extern char *php_ini_opened_path;
+ PHPAPI extern char *php_ini_scanned_files;
++	
++static int php_info_write_wrapper(const char *str, uint str_length)
++{
++	int new_len, written;
++	char *elem_esc;
++
++	TSRMLS_FETCH();
++
++	elem_esc = php_escape_html_entities((char *)str, str_length, &new_len, 0, ENT_QUOTES, NULL TSRMLS_CC);
++
++	written = php_body_write(elem_esc, new_len TSRMLS_CC);
++
++	efree(elem_esc);
++
++	return written;
++}
++
+ 
+ /* {{{ _display_module_info
+  */
+@@ -133,23 +150,12 @@ static void php_print_gpcse_array(char *
+ 				PUTS(" => ");
+ 			}
+ 			if (Z_TYPE_PP(tmp) == IS_ARRAY) {
+-				zval *tmp3;
+-				MAKE_STD_ZVAL(tmp3);
+ 				if (!sapi_module.phpinfo_as_text) {
+ 					PUTS("<pre>");
+-				}
+-				php_start_ob_buffer(NULL, 4096, 1 TSRMLS_CC);
+-				zend_print_zval_r(*tmp, 0);
+-				php_ob_get_buffer(tmp3 TSRMLS_CC);
+-				php_end_ob_buffer(0, 0 TSRMLS_CC);
+-				
+-				elem_esc = php_info_html_esc(Z_STRVAL_P(tmp3) TSRMLS_CC);
+-				PUTS(elem_esc);
+-				efree(elem_esc);
+-				zval_ptr_dtor(&tmp3);
+-
+-				if (!sapi_module.phpinfo_as_text) {
++ 					zend_print_zval_ex((zend_write_func_t) php_info_write_wrapper, *tmp, 0);
+ 					PUTS("</pre>");
++				} else {
++ 					zend_print_zval_r(*tmp, 0 TSRMLS_CC);
+ 				}
+ 			} else if (Z_TYPE_PP(tmp) != IS_STRING) {
+ 				tmp2 = **tmp;
diff --git a/www/php4/patches/patch-as b/www/php4/patches/patch-as
new file mode 100644
index 00000000000..812d8619704
--- /dev/null
+++ b/www/php4/patches/patch-as
@@ -0,0 +1,43 @@
+$NetBSD: patch-as,v 1.1.2.2 2006/04/19 00:12:27 salo Exp $
+
+--- ext/standard/file.c.orig	2006-01-01 14:46:57.000000000 +0100
++++ ext/standard/file.c
+@@ -552,7 +552,7 @@ PHP_FUNCTION(tempnam)
+ 	pval **arg1, **arg2;
+ 	char *d;
+ 	char *opened_path;
+-	char p[64];
++	char *p;
+ 	FILE *fp;
+ 
+ 	if (ZEND_NUM_ARGS() != 2 || zend_get_parameters_ex(2, &arg1, &arg2) == FAILURE) {
+@@ -566,7 +566,11 @@ PHP_FUNCTION(tempnam)
+ 	}
+ 
+ 	d = estrndup(Z_STRVAL_PP(arg1), Z_STRLEN_PP(arg1));
+-	strlcpy(p, Z_STRVAL_PP(arg2), sizeof(p));
++
++	p = php_basename(Z_STRVAL_PP(arg2), Z_STRLEN_PP(arg2), NULL, 0);
++	if (strlen(p) > 64) {
++		p[63] = '\0';
++	}
+ 
+ 	if ((fp = php_open_temporary_file(d, p, &opened_path TSRMLS_CC))) {
+ 		fclose(fp);
+@@ -574,6 +578,7 @@ PHP_FUNCTION(tempnam)
+ 	} else {
+ 		RETVAL_FALSE;
+ 	}
++	efree(p);
+ 	efree(d);
+ }
+ /* }}} */
+@@ -2196,7 +2201,7 @@ no_stat:
+ safe_to_copy:
+ 
+ 	srcstream = php_stream_open_wrapper(src, "rb",
+-				STREAM_DISABLE_OPEN_BASEDIR | REPORT_ERRORS,
++				ENFORCE_SAFE_MODE | REPORT_ERRORS,
+ 				NULL);
+ 
+ 	if (!srcstream)
author	salo <salo>	2006-04-19 00:12:27 +0000
committer	salo <salo>	2006-04-19 00:12:27 +0000
commit	bb3e6e3d2c00d3015d510d3f93d24819582325ef (patch)
tree	bc68caf5f70e14e8d13a810fc19117efba86f9cd /www
parent	1fe40d2b1902e9c7f7afee00a71af224f889d98b (diff)
download	pkgsrc-bb3e6e3d2c00d3015d510d3f93d24819582325ef.tar.gz