Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
Please unblock package php5
The previous fix was CVE-2013-1643 was incomplete and it had been
issued an additional CVE-2013-1824 which should be complete now.
$ diffstat php5_5.4.4-15.debdiff
debian/patches/CVE-2013-1643.patch | 135 -----------------------------------
debian/patches/CVE-2013-1824.patch | 142 +++++++++++++++++++++++++++++++++++++
php5-5.4.4/debian/changelog | 7 +
php5-5.4.4/debian/patches/series | 2
4 files changed, 150 insertions(+), 136 deletions(-)
unblock php5/5.4.4-15
-- System Information:
Debian Release: 7.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -u php5-5.4.4/debian/changelog php5-5.4.4/debian/changelog
--- php5-5.4.4/debian/changelog
+++ php5-5.4.4/debian/changelog
@@ -1,3 +1,10 @@
+php5 (5.4.4-15) unstable; urgency=high
+
+ * [CVE-2013-1824]: CVE-2013-1643 had incomplete fix for external entity
+ loading
+
+ -- Ondřej Surý <ond...@debian.org> Fri, 22 Mar 2013 13:51:47 +0100
+
php5 (5.4.4-14) unstable; urgency=high
* [CVE-2013-1635] Fixed external entity loading
diff -u php5-5.4.4/debian/patches/series php5-5.4.4/debian/patches/series
--- php5-5.4.4/debian/patches/series
+++ php5-5.4.4/debian/patches/series
@@ -81 +81 @@
-CVE-2013-1643.patch
+CVE-2013-1824.patch
reverted:
--- php5-5.4.4/debian/patches/CVE-2013-1643.patch
+++ php5-5.4.4.orig/debian/patches/CVE-2013-1643.patch
@@ -1,135 +0,0 @@
---- a/ext/libxml/libxml.c
-+++ b/ext/libxml/libxml.c
-@@ -270,6 +270,7 @@ static PHP_GINIT_FUNCTION(libxml)
- libxml_globals->error_buffer.c = NULL;
- libxml_globals->error_list = NULL;
- libxml_globals->entity_loader.fci.size = 0;
-+ libxml_globals->entity_loader_disabled = 0;
- }
-
- static void _php_libxml_destroy_fci(zend_fcall_info *fci)
-@@ -369,16 +370,15 @@ static int php_libxml_streams_IO_close(v
- }
-
- static xmlParserInputBufferPtr
--php_libxml_input_buffer_noload(const char *URI, xmlCharEncoding enc)
--{
-- return NULL;
--}
--
--static xmlParserInputBufferPtr
- php_libxml_input_buffer_create_filename(const char *URI, xmlCharEncoding enc)
- {
- xmlParserInputBufferPtr ret;
- void *context = NULL;
-+ TSRMLS_FETCH();
-+
-+ if (LIBXML(entity_loader_disabled)) {
-+ return NULL;
-+ }
-
- if (URI == NULL)
- return(NULL);
-@@ -1052,28 +1052,25 @@ static PHP_FUNCTION(libxml_clear_errors)
- }
- /* }}} */
-
-+PHP_LIBXML_API zend_bool php_libxml_disable_entity_loader(zend_bool disable TSRMLS_DC)
-+{
-+ zend_bool old = LIBXML(entity_loader_disabled);
-+
-+ LIBXML(entity_loader_disabled) = disable;
-+ return old;
-+}
-+
- /* {{{ proto bool libxml_disable_entity_loader([boolean disable])
- Disable/Enable ability to load external entities */
- static PHP_FUNCTION(libxml_disable_entity_loader)
- {
- zend_bool disable = 1;
-- xmlParserInputBufferCreateFilenameFunc old;
-
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|b", &disable) == FAILURE) {
- return;
- }
-
-- if (disable == 0) {
-- old = xmlParserInputBufferCreateFilenameDefault(php_libxml_input_buffer_create_filename);
-- } else {
-- old = xmlParserInputBufferCreateFilenameDefault(php_libxml_input_buffer_noload);
-- }
--
-- if (old == php_libxml_input_buffer_noload) {
-- RETURN_TRUE;
-- }
--
-- RETURN_FALSE;
-+ RETURN_BOOL(php_libxml_disable_entity_loader(disable TSRMLS_CC));
- }
- /* }}} */
-
---- a/ext/libxml/php_libxml.h
-+++ b/ext/libxml/php_libxml.h
-@@ -47,6 +47,7 @@ ZEND_BEGIN_MODULE_GLOBALS(libxml)
- zend_fcall_info fci;
- zend_fcall_info_cache fcc;
- } entity_loader;
-+ zend_bool entity_loader_disabled;
- ZEND_END_MODULE_GLOBALS(libxml)
-
- typedef struct _libxml_doc_props {
-@@ -97,6 +98,7 @@ PHP_LIBXML_API void php_libxml_ctx_error
- PHP_LIBXML_API int php_libxml_xmlCheckUTF8(const unsigned char *s);
- PHP_LIBXML_API zval *php_libxml_switch_context(zval *context TSRMLS_DC);
- PHP_LIBXML_API void php_libxml_issue_error(int level, const char *msg TSRMLS_DC);
-+PHP_LIBXML_API zend_bool php_libxml_disable_entity_loader(zend_bool disable TSRMLS_DC);
-
- /* Init/shutdown functions*/
- PHP_LIBXML_API void php_libxml_initialize(void);
---- a/ext/soap/php_xml.c
-+++ b/ext/soap/php_xml.c
-@@ -20,6 +20,7 @@
- /* $Id$ */
-
- #include "php_soap.h"
-+#include "ext/libxml/php_libxml.h"
- #include "libxml/parser.h"
- #include "libxml/parserInternals.h"
-
-@@ -91,13 +92,17 @@ xmlDocPtr soap_xmlParseFile(const char *
- ctxt = xmlCreateFileParserCtxt(filename);
- PG(allow_url_fopen) = old_allow_url_fopen;
- if (ctxt) {
-+ zend_bool old;
-+
- ctxt->keepBlanks = 0;
- ctxt->sax->ignorableWhitespace = soap_ignorableWhitespace;
- ctxt->sax->comment = soap_Comment;
- ctxt->sax->warning = NULL;
- ctxt->sax->error = NULL;
- /*ctxt->sax->fatalError = NULL;*/
-+ old = php_libxml_disable_entity_loader(1);
- xmlParseDocument(ctxt);
-+ php_libxml_disable_entity_loader(old);
- if (ctxt->wellFormed) {
- ret = ctxt->myDoc;
- if (ret->URL == NULL && ctxt->directory != NULL) {
-@@ -133,6 +138,8 @@ xmlDocPtr soap_xmlParseMemory(const void
- */
- ctxt = xmlCreateMemoryParserCtxt(buf, buf_size);
- if (ctxt) {
-+ zend_bool old;
-+
- ctxt->sax->ignorableWhitespace = soap_ignorableWhitespace;
- ctxt->sax->comment = soap_Comment;
- ctxt->sax->warning = NULL;
-@@ -141,7 +148,9 @@ xmlDocPtr soap_xmlParseMemory(const void
- #if LIBXML_VERSION >= 20703
- ctxt->options |= XML_PARSE_HUGE;
- #endif
-+ old = php_libxml_disable_entity_loader(1);
- xmlParseDocument(ctxt);
-+ php_libxml_disable_entity_loader(old);
- if (ctxt->wellFormed) {
- ret = ctxt->myDoc;
- if (ret->URL == NULL && ctxt->directory != NULL) {
only in patch2:
unchanged:
--- php5-5.4.4.orig/debian/patches/CVE-2013-1824.patch
+++ php5-5.4.4/debian/patches/CVE-2013-1824.patch
@@ -0,0 +1,142 @@
+--- a/ext/soap/php_xml.c
++++ b/ext/soap/php_xml.c
+@@ -20,6 +20,7 @@
+ /* $Id$ */
+
+ #include "php_soap.h"
++#include "ext/libxml/php_libxml.h"
+ #include "libxml/parser.h"
+ #include "libxml/parserInternals.h"
+
+@@ -91,13 +92,17 @@ xmlDocPtr soap_xmlParseFile(const char *
+ ctxt = xmlCreateFileParserCtxt(filename);
+ PG(allow_url_fopen) = old_allow_url_fopen;
+ if (ctxt) {
++ zend_bool old;
++
+ ctxt->keepBlanks = 0;
+ ctxt->sax->ignorableWhitespace = soap_ignorableWhitespace;
+ ctxt->sax->comment = soap_Comment;
+ ctxt->sax->warning = NULL;
+ ctxt->sax->error = NULL;
+ /*ctxt->sax->fatalError = NULL;*/
++ old = php_libxml_disable_entity_loader(1 TSRMLS_CC);
+ xmlParseDocument(ctxt);
++ php_libxml_disable_entity_loader(old TSRMLS_CC);
+ if (ctxt->wellFormed) {
+ ret = ctxt->myDoc;
+ if (ret->URL == NULL && ctxt->directory != NULL) {
+@@ -128,11 +133,15 @@ xmlDocPtr soap_xmlParseMemory(const void
+ xmlParserCtxtPtr ctxt = NULL;
+ xmlDocPtr ret;
+
++ TSRMLS_FETCH();
++
+ /*
+ xmlInitParser();
+ */
+ ctxt = xmlCreateMemoryParserCtxt(buf, buf_size);
+ if (ctxt) {
++ zend_bool old;
++
+ ctxt->sax->ignorableWhitespace = soap_ignorableWhitespace;
+ ctxt->sax->comment = soap_Comment;
+ ctxt->sax->warning = NULL;
+@@ -141,7 +150,9 @@ xmlDocPtr soap_xmlParseMemory(const void
+ #if LIBXML_VERSION >= 20703
+ ctxt->options |= XML_PARSE_HUGE;
+ #endif
++ old = php_libxml_disable_entity_loader(1 TSRMLS_CC);
+ xmlParseDocument(ctxt);
++ php_libxml_disable_entity_loader(old TSRMLS_CC);
+ if (ctxt->wellFormed) {
+ ret = ctxt->myDoc;
+ if (ret->URL == NULL && ctxt->directory != NULL) {
+--- a/ext/libxml/libxml.c
++++ b/ext/libxml/libxml.c
+@@ -270,6 +270,7 @@ static PHP_GINIT_FUNCTION(libxml)
+ libxml_globals->error_buffer.c = NULL;
+ libxml_globals->error_list = NULL;
+ libxml_globals->entity_loader.fci.size = 0;
++ libxml_globals->entity_loader_disabled = 0;
+ }
+
+ static void _php_libxml_destroy_fci(zend_fcall_info *fci)
+@@ -369,16 +370,15 @@ static int php_libxml_streams_IO_close(v
+ }
+
+ static xmlParserInputBufferPtr
+-php_libxml_input_buffer_noload(const char *URI, xmlCharEncoding enc)
+-{
+- return NULL;
+-}
+-
+-static xmlParserInputBufferPtr
+ php_libxml_input_buffer_create_filename(const char *URI, xmlCharEncoding enc)
+ {
+ xmlParserInputBufferPtr ret;
+ void *context = NULL;
++ TSRMLS_FETCH();
++
++ if (LIBXML(entity_loader_disabled)) {
++ return NULL;
++ }
+
+ if (URI == NULL)
+ return(NULL);
+@@ -1052,28 +1052,25 @@ static PHP_FUNCTION(libxml_clear_errors)
+ }
+ /* }}} */
+
++PHP_LIBXML_API zend_bool php_libxml_disable_entity_loader(zend_bool disable TSRMLS_DC)
++{
++ zend_bool old = LIBXML(entity_loader_disabled);
++
++ LIBXML(entity_loader_disabled) = disable;
++ return old;
++}
++
+ /* {{{ proto bool libxml_disable_entity_loader([boolean disable])
+ Disable/Enable ability to load external entities */
+ static PHP_FUNCTION(libxml_disable_entity_loader)
+ {
+ zend_bool disable = 1;
+- xmlParserInputBufferCreateFilenameFunc old;
+
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|b", &disable) == FAILURE) {
+ return;
+ }
+
+- if (disable == 0) {
+- old = xmlParserInputBufferCreateFilenameDefault(php_libxml_input_buffer_create_filename);
+- } else {
+- old = xmlParserInputBufferCreateFilenameDefault(php_libxml_input_buffer_noload);
+- }
+-
+- if (old == php_libxml_input_buffer_noload) {
+- RETURN_TRUE;
+- }
+-
+- RETURN_FALSE;
++ RETURN_BOOL(php_libxml_disable_entity_loader(disable TSRMLS_CC));
+ }
+ /* }}} */
+
+--- a/ext/libxml/php_libxml.h
++++ b/ext/libxml/php_libxml.h
+@@ -47,6 +47,7 @@ ZEND_BEGIN_MODULE_GLOBALS(libxml)
+ zend_fcall_info fci;
+ zend_fcall_info_cache fcc;
+ } entity_loader;
++ zend_bool entity_loader_disabled;
+ ZEND_END_MODULE_GLOBALS(libxml)
+
+ typedef struct _libxml_doc_props {
+@@ -97,6 +98,7 @@ PHP_LIBXML_API void php_libxml_ctx_error
+ PHP_LIBXML_API int php_libxml_xmlCheckUTF8(const unsigned char *s);
+ PHP_LIBXML_API zval *php_libxml_switch_context(zval *context TSRMLS_DC);
+ PHP_LIBXML_API void php_libxml_issue_error(int level, const char *msg TSRMLS_DC);
++PHP_LIBXML_API zend_bool php_libxml_disable_entity_loader(zend_bool disable TSRMLS_DC);
+
+ /* Init/shutdown functions*/
+ PHP_LIBXML_API void php_libxml_initialize(void);
