Hello community, here is the log from the commit of package php5 for openSUSE:11.4 checked in at Thu Mar 8 18:32:12 CET 2012.
-------- --- old-versions/11.4/UPDATES/all/php5/php5.changes 2012-02-16 17:36:48.000000000 +0100 +++ 11.4/php5/php5.changes 2012-03-08 18:09:02.000000000 +0100 @@ -1,0 +2,5 @@ +Thu Mar 8 17:08:24 UTC 2012 - [email protected] + +- fixed regressions after fix for CVE-2012-0830 [bnc#749111] + +------------------------------------------------------------------- calling whatdependson for 11.4-i586 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ php5.spec ++++++ --- /var/tmp/diff_new_pack.hHV7ey/_old 2012-03-08 18:28:28.000000000 +0100 +++ /var/tmp/diff_new_pack.hHV7ey/_new 2012-03-08 18:28:28.000000000 +0100 @@ -103,7 +103,7 @@ ### ### Version: 5.3.5 -Release: 5.<RELEASE22> +Release: 5.<RELEASE24> Provides: php zend php-xml php-spl php-simplexml php-session php-pcre php-date php-reflection php-filter Provides: php-api = %{apiver}, php-zend-abi = %{zendver} Provides: php(api) = %{apiver}, php(zend-abi) = %{zendver} ++++++ php-5.3.5-CVE-2011-4885.patch ++++++ --- /var/tmp/diff_new_pack.hHV7ey/_old 2012-03-08 18:28:29.000000000 +0100 +++ /var/tmp/diff_new_pack.hHV7ey/_new 2012-03-08 18:28:29.000000000 +0100 @@ -1,5 +1,6 @@ http://svn.php.net/viewvc?view=revision&revision=321038 http://svn.php.net/viewvc?view=revision&revision=321040 +http://svn.php.net/viewvc?view=revision&revision=321335 Index: php.ini-development =================================================================== --- php.ini-development.orig @@ -57,23 +58,37 @@ =================================================================== --- main/php_variables.c.orig +++ main/php_variables.c -@@ -191,6 +191,9 @@ PHPAPI void php_register_variable_ex(cha +@@ -191,9 +191,14 @@ PHPAPI void php_register_variable_ex(cha } if (zend_symtable_find(symtable1, escaped_index, index_len + 1, (void **) &gpc_element_p) == FAILURE || Z_TYPE_PP(gpc_element_p) != IS_ARRAY) { -+ if (zend_hash_num_elements(symtable1) >= PG(max_input_vars)) { -+ php_error_docref(NULL TSRMLS_CC, E_ERROR, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars)); +- MAKE_STD_ZVAL(gpc_element); +- array_init(gpc_element); +- zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); ++ if (zend_hash_num_elements(symtable1) <= PG(max_input_vars)) { ++ if (zend_hash_num_elements(symtable1) == PG(max_input_vars)) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars)); ++ } ++ MAKE_STD_ZVAL(gpc_element); ++ array_init(gpc_element); ++ zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); + } - MAKE_STD_ZVAL(gpc_element); - array_init(gpc_element); - zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); -@@ -236,6 +239,9 @@ plain_var: + } + if (index != escaped_index) { + efree(escaped_index); +@@ -236,7 +241,14 @@ plain_var: zend_symtable_exists(symtable1, escaped_index, index_len + 1)) { zval_ptr_dtor(&gpc_element); } else { -+ if (zend_hash_num_elements(symtable1) >= PG(max_input_vars)) { -+ php_error_docref(NULL TSRMLS_CC, E_ERROR, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars)); +- zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); ++ if (zend_hash_num_elements(symtable1) <= PG(max_input_vars)) { ++ if (zend_hash_num_elements(symtable1) == PG(max_input_vars)) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars)); ++ } ++ zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); ++ } else { ++ zval_ptr_dtor(&gpc_element); + } - zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); } if (escaped_index != index) { + efree(escaped_index); ++++++ php-5.3.5-CVE-2012-0830.patch ++++++ --- /var/tmp/diff_new_pack.hHV7ey/_old 2012-03-08 18:28:29.000000000 +0100 +++ /var/tmp/diff_new_pack.hHV7ey/_new 2012-03-08 18:28:29.000000000 +0100 @@ -1,44 +1,43 @@ -Index: php-5.3.8/main/php_variables.c -=================================================================== ---- php-5.3.8.orig/main/php_variables.c -+++ php-5.3.8/main/php_variables.c -@@ -182,7 +182,13 @@ PHPAPI void php_register_variable_ex(cha +http://svn.php.net/viewvc?view=revision&revision=323007 +http://svn.php.net/viewvc?view=revision&revision=323013 +--- a/main/php_variables.c ++++ b/main/php_variables.c +@@ -182,7 +182,12 @@ PHPAPI void php_register_variable_ex(cha if (!index) { MAKE_STD_ZVAL(gpc_element); array_init(gpc_element); - zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); -+ if (zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p) == FAILURE) { -+ zval_ptr_dtor(&gpc_element); -+ zval_dtor(val); -+ efree(var_orig); -+ return; -+ } -+ ++ if (zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p) == FAILURE) { ++ zval_ptr_dtor(&gpc_element); ++ zval_dtor(val); ++ efree(var_orig); ++ return; ++ } } else { if (PG(magic_quotes_gpc)) { escaped_index = php_addslashes(index, index_len, &index_len, 0 TSRMLS_CC); -@@ -197,6 +203,13 @@ PHPAPI void php_register_variable_ex(cha - MAKE_STD_ZVAL(gpc_element); - array_init(gpc_element); - zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); -+ } else { -+ if (index != escaped_index) { -+ efree(escaped_index); -+ } -+ zval_dtor(val); -+ efree(var_orig); -+ return; +@@ -198,6 +203,13 @@ PHPAPI void php_register_variable_ex(cha + MAKE_STD_ZVAL(gpc_element); + array_init(gpc_element); + zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); ++ } else { ++ if (index != escaped_index) { ++ efree(escaped_index); ++ } ++ zval_dtor(val); ++ efree(var_orig); ++ return; + } } if (index != escaped_index) { - efree(escaped_index); -@@ -221,7 +234,9 @@ plain_var: +@@ -223,7 +235,9 @@ plain_var: gpc_element->value = val->value; Z_TYPE_P(gpc_element) = Z_TYPE_P(val); if (!index) { - zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); -+ if (zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p) == FAILURE) { -+ zval_ptr_dtor(&gpc_element); -+ } ++ if (zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p) == FAILURE) { ++ zval_ptr_dtor(&gpc_element); ++ } } else { if (PG(magic_quotes_gpc)) { escaped_index = php_addslashes(index, index_len, &index_len, 0 TSRMLS_CC); continue with "q"... Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
