Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-current.git;a=commitdiff;h=e68865c2464652a570a3d4bca8b65cb252880b29
commit e68865c2464652a570a3d4bca8b65cb252880b29 Author: kikadf <[email protected]> Date: Thu Jul 17 14:24:57 2014 +0200 php-5.5.14-1-x86_64 * Version bump diff --git a/source/devel/php/CVE-2013-4113.patch b/source/devel/php/CVE-2013-4113.patch deleted file mode 100644 index 107e2f8..0000000 --- a/source/devel/php/CVE-2013-4113.patch +++ /dev/null @@ -1,142 +0,0 @@ -From 7d163e8a0880ae8af2dd869071393e5dc07ef271 Mon Sep 17 00:00:00 2001 -From: Rob Richards <[email protected]> -Date: Sat, 6 Jul 2013 07:53:07 -0400 -Subject: [PATCH] truncate results at depth of 255 to prevent corruption - ---- - ext/xml/xml.c | 90 +++++++++++++++++++++++++++++++++-------------------------- - 1 file changed, 50 insertions(+), 40 deletions(-) - ---- php5-squeeze.orig/ext/xml/xml.c -+++ php5-squeeze/ext/xml/xml.c -@@ -427,7 +427,7 @@ static void xml_parser_dtor(zend_rsrc_li - } - if (parser->ltags) { - int inx; -- for (inx = 0; inx < parser->level; inx++) -+ for (inx = 0; ((inx < parser->level) && (inx < XML_MAXLEVEL)); inx++) - efree(parser->ltags[ inx ]); - efree(parser->ltags); - } -@@ -905,45 +905,50 @@ void _xml_startElementHandler(void *user - } - - if (parser->data) { -- zval *tag, *atr; -- int atcnt = 0; -+ if (parser->level <= XML_MAXLEVEL) { -+ zval *tag, *atr; -+ int atcnt = 0; - -- MAKE_STD_ZVAL(tag); -- MAKE_STD_ZVAL(atr); -+ MAKE_STD_ZVAL(tag); -+ MAKE_STD_ZVAL(atr); - -- array_init(tag); -- array_init(atr); -+ array_init(tag); -+ array_init(atr); - -- _xml_add_to_info(parser,((char *) tag_name) + parser->toffset); -+ _xml_add_to_info(parser,((char *) tag_name) + parser->toffset); - -- add_assoc_string(tag,"tag",((char *) tag_name) + parser->toffset,1); /* cast to avoid gcc-warning */ -- add_assoc_string(tag,"type","open",1); -- add_assoc_long(tag,"level",parser->level); -+ add_assoc_string(tag,"tag",((char *) tag_name) + parser->toffset,1); /* cast to avoid gcc-warning */ -+ add_assoc_string(tag,"type","open",1); -+ add_assoc_long(tag,"level",parser->level); - -- parser->ltags[parser->level-1] = estrdup(tag_name); -- parser->lastwasopen = 1; -+ parser->ltags[parser->level-1] = estrdup(tag_name); -+ parser->lastwasopen = 1; - -- attributes = (const XML_Char **) attrs; -+ attributes = (const XML_Char **) attrs; - -- while (attributes && *attributes) { -- att = _xml_decode_tag(parser, attributes[0]); -- val = xml_utf8_decode(attributes[1], strlen(attributes[1]), &val_len, parser->target_encoding); -- -- add_assoc_stringl(atr,att,val,val_len,0); -+ while (attributes && *attributes) { -+ att = _xml_decode_tag(parser, attributes[0]); -+ val = xml_utf8_decode(attributes[1], strlen(attributes[1]), &val_len, parser->target_encoding); - -- atcnt++; -- attributes += 2; -+ add_assoc_stringl(atr,att,val,val_len,0); - -- efree(att); -- } -+ atcnt++; -+ attributes += 2; - -- if (atcnt) { -- zend_hash_add(Z_ARRVAL_P(tag),"attributes",sizeof("attributes"),&atr,sizeof(zval*),NULL); -- } else { -- zval_ptr_dtor(&atr); -- } -+ efree(att); -+ } -+ -+ if (atcnt) { -+ zend_hash_add(Z_ARRVAL_P(tag),"attributes",sizeof("attributes"),&atr,sizeof(zval*),NULL); -+ } else { -+ zval_ptr_dtor(&atr); -+ } - -- zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),(void *) &parser->ctag); -+ zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),(void *) &parser->ctag); -+ } else if (parser->level == (XML_MAXLEVEL + 1)) { -+ TSRMLS_FETCH(); -+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Maximum depth exceeded - Results truncated"); -+ } - } - - efree(tag_name); -@@ -995,7 +1000,7 @@ void _xml_endElementHandler(void *userDa - - efree(tag_name); - -- if (parser->ltags) { -+ if ((parser->ltags) && (parser->level <= XML_MAXLEVEL)) { - efree(parser->ltags[parser->level-1]); - } - -@@ -1079,18 +1084,23 @@ void _xml_characterDataHandler(void *use - } - } - -- MAKE_STD_ZVAL(tag); -- -- array_init(tag); -- -- _xml_add_to_info(parser,parser->ltags[parser->level-1] + parser->toffset); -+ if (parser->level <= XML_MAXLEVEL) { -+ MAKE_STD_ZVAL(tag); - -- add_assoc_string(tag,"tag",parser->ltags[parser->level-1] + parser->toffset,1); -- add_assoc_string(tag,"value",decoded_value,0); -- add_assoc_string(tag,"type","cdata",1); -- add_assoc_long(tag,"level",parser->level); -+ array_init(tag); - -- zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),NULL); -+ _xml_add_to_info(parser,parser->ltags[parser->level-1] + parser->toffset); -+ -+ add_assoc_string(tag,"tag",parser->ltags[parser->level-1] + parser->toffset,1); -+ add_assoc_string(tag,"value",decoded_value,0); -+ add_assoc_string(tag,"type","cdata",1); -+ add_assoc_long(tag,"level",parser->level); -+ -+ zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),NULL); -+ } else if (parser->level == (XML_MAXLEVEL + 1)) { -+ TSRMLS_FETCH(); -+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Maximum depth exceeded - Results truncated"); -+ } - } - } else { - efree(decoded_value); diff --git a/source/devel/php/CVE-2013-4248.patch b/source/devel/php/CVE-2013-4248.patch deleted file mode 100644 index d20d8d1..0000000 --- a/source/devel/php/CVE-2013-4248.patch +++ /dev/null @@ -1,176 +0,0 @@ -From dcea4ec698dcae39b7bba6f6aa08933cbfee6755 Mon Sep 17 00:00:00 2001 -From: Stanislav Malyshev <[email protected]> -Date: Tue, 13 Aug 2013 22:20:33 -0700 -Subject: [PATCH] Fix CVE-2013-4073 - handling of certs with null bytes - ---- - ext/openssl/openssl.c | 86 ++++++++++++++++++++++++++++++++++++- - ext/openssl/tests/cve2013_4073.pem | 28 ++++++++++++ - ext/openssl/tests/cve2013_4073.phpt | 19 ++++++++ - 4 files changed, 135 insertions(+), 2 deletions(-) - create mode 100644 ext/openssl/tests/cve2013_4073.pem - create mode 100644 ext/openssl/tests/cve2013_4073.phpt - ---- php5.orig/ext/openssl/openssl.c -+++ php5/ext/openssl/openssl.c -@@ -1325,6 +1325,74 @@ PHP_FUNCTION(openssl_x509_check_private_ - } - /* }}} */ - -+/* Special handling of subjectAltName, see CVE-2013-4073 -+ * Christian Heimes -+ */ -+ -+static int openssl_x509v3_subjectAltName(BIO *bio, X509_EXTENSION *extension) -+{ -+ GENERAL_NAMES *names; -+ const X509V3_EXT_METHOD *method = NULL; -+ long i, length, num; -+ const unsigned char *p; -+ -+ method = X509V3_EXT_get(extension); -+ if (method == NULL) { -+ return -1; -+ } -+ -+ p = extension->value->data; -+ length = extension->value->length; -+ if (method->it) { -+ names = (GENERAL_NAMES*)(ASN1_item_d2i(NULL, &p, length, -+ ASN1_ITEM_ptr(method->it))); -+ } else { -+ names = (GENERAL_NAMES*)(method->d2i(NULL, &p, length)); -+ } -+ if (names == NULL) { -+ return -1; -+ } -+ -+ num = sk_GENERAL_NAME_num(names); -+ for (i = 0; i < num; i++) { -+ GENERAL_NAME *name; -+ ASN1_STRING *as; -+ name = sk_GENERAL_NAME_value(names, i); -+ switch (name->type) { -+ case GEN_EMAIL: -+ BIO_puts(bio, "email:"); -+ as = name->d.rfc822Name; -+ BIO_write(bio, ASN1_STRING_data(as), -+ ASN1_STRING_length(as)); -+ break; -+ case GEN_DNS: -+ BIO_puts(bio, "DNS:"); -+ as = name->d.dNSName; -+ BIO_write(bio, ASN1_STRING_data(as), -+ ASN1_STRING_length(as)); -+ break; -+ case GEN_URI: -+ BIO_puts(bio, "URI:"); -+ as = name->d.uniformResourceIdentifier; -+ BIO_write(bio, ASN1_STRING_data(as), -+ ASN1_STRING_length(as)); -+ break; -+ default: -+ /* use builtin print for GEN_OTHERNAME, GEN_X400, -+ * GEN_EDIPARTY, GEN_DIRNAME, GEN_IPADD and GEN_RID -+ */ -+ GENERAL_NAME_print(bio, name); -+ } -+ /* trailing ', ' except for last element */ -+ if (i < (num - 1)) { -+ BIO_puts(bio, ", "); -+ } -+ } -+ sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free); -+ -+ return 0; -+} -+ - /* {{{ proto array openssl_x509_parse(mixed x509 [, bool shortnames=true]) - Returns an array of the fields/values of the CERT */ - PHP_FUNCTION(openssl_x509_parse) -@@ -1421,15 +1489,30 @@ PHP_FUNCTION(openssl_x509_parse) - - - for (i = 0; i < X509_get_ext_count(cert); i++) { -+ int nid; - extension = X509_get_ext(cert, i); -- if (OBJ_obj2nid(X509_EXTENSION_get_object(extension)) != NID_undef) { -+ nid = OBJ_obj2nid(X509_EXTENSION_get_object(extension)); -+ if (nid != NID_undef) { - extname = (char *)OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension))); - } else { - OBJ_obj2txt(buf, sizeof(buf)-1, X509_EXTENSION_get_object(extension), 1); - extname = buf; - } - bio_out = BIO_new(BIO_s_mem()); -- if (X509V3_EXT_print(bio_out, extension, 0, 0)) { -+ if (nid == NID_subject_alt_name) { -+ if (openssl_x509v3_subjectAltName(bio_out, extension) == 0) { -+ BIO_get_mem_ptr(bio_out, &bio_buf); -+ add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1); -+ } else { -+ zval_dtor(return_value); -+ if (certresource == -1 && cert) { -+ X509_free(cert); -+ } -+ BIO_free(bio_out); -+ RETURN_FALSE; -+ } -+ } -+ else if (X509V3_EXT_print(bio_out, extension, 0, 0)) { - BIO_get_mem_ptr(bio_out, &bio_buf); - add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1); - } else { ---- /dev/null -+++ php5/ext/openssl/tests/cve2013_4073.pem -@@ -0,0 +1,28 @@ -+-----BEGIN CERTIFICATE----- -+MIIE2DCCA8CgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBxTELMAkGA1UEBhMCVVMx -+DzANBgNVBAgMBk9yZWdvbjESMBAGA1UEBwwJQmVhdmVydG9uMSMwIQYDVQQKDBpQ -+eXRob24gU29mdHdhcmUgRm91bmRhdGlvbjEgMB4GA1UECwwXUHl0aG9uIENvcmUg -+RGV2ZWxvcG1lbnQxJDAiBgNVBAMMG251bGwucHl0aG9uLm9yZwBleGFtcGxlLm9y -+ZzEkMCIGCSqGSIb3DQEJARYVcHl0aG9uLWRldkBweXRob24ub3JnMB4XDTEzMDgw -+NzEzMTE1MloXDTEzMDgwNzEzMTI1MlowgcUxCzAJBgNVBAYTAlVTMQ8wDQYDVQQI -+DAZPcmVnb24xEjAQBgNVBAcMCUJlYXZlcnRvbjEjMCEGA1UECgwaUHl0aG9uIFNv -+ZnR3YXJlIEZvdW5kYXRpb24xIDAeBgNVBAsMF1B5dGhvbiBDb3JlIERldmVsb3Bt -+ZW50MSQwIgYDVQQDDBtudWxsLnB5dGhvbi5vcmcAZXhhbXBsZS5vcmcxJDAiBgkq -+hkiG9w0BCQEWFXB5dGhvbi1kZXZAcHl0aG9uLm9yZzCCASIwDQYJKoZIhvcNAQEB -+BQADggEPADCCAQoCggEBALXq7cn7Rn1vO3aA3TrzA5QLp6bb7B3f/yN0CJ2XFj+j -+pHs+Gw6WWSUDpybiiKnPec33BFawq3kyblnBMjBU61ioy5HwQqVkJ8vUVjGIUq3P -+vX/wBmQfzCe4o4uM89gpHyUL9UYGG8oCRa17dgqcv7u5rg0Wq2B1rgY+nHwx3JIv -+KRrgSwyRkGzpN8WQ1yrXlxWjgI9de0mPVDDUlywcWze1q2kwaEPTM3hLAmD1PESA -+oY/n8A/RXoeeRs9i/Pm/DGUS8ZPINXk/yOzsR/XvvkTVroIeLZqfmFpnZeF0cHzL -+08LODkVJJ9zjLdT7SA4vnne4FEbAxDbKAq5qkYzaL4UCAwEAAaOB0DCBzTAMBgNV -+HRMBAf8EAjAAMB0GA1UdDgQWBBSIWlXAUv9hzVKjNQ/qWpwkOCL3XDALBgNVHQ8E -+BAMCBeAwgZAGA1UdEQSBiDCBhYIeYWx0bnVsbC5weXRob24ub3JnAGV4YW1wbGUu -+Y29tgSBudWxsQHB5dGhvbi5vcmcAdXNlckBleGFtcGxlLm9yZ4YpaHR0cDovL251 -+bGwucHl0aG9uLm9yZwBodHRwOi8vZXhhbXBsZS5vcmeHBMAAAgGHECABDbgAAAAA -+AAAAAAAAAAEwDQYJKoZIhvcNAQEFBQADggEBAKxPRe99SaghcI6IWT7UNkJw9aO9 -+i9eo0Fj2MUqxpKbdb9noRDy2CnHWf7EIYZ1gznXPdwzSN4YCjV5d+Q9xtBaowT0j -+HPERs1ZuytCNNJTmhyqZ8q6uzMLoht4IqH/FBfpvgaeC5tBTnTT0rD5A/olXeimk -+kX4LxlEx5RAvpGB2zZVRGr6LobD9rVK91xuHYNIxxxfEGE8tCCWjp0+3ksri9SXx -+VHWBnbM9YaL32u3hxm8sYB/Yb8WSBavJCWJJqRStVRHM1koZlJmXNx2BX4vPo6iW -+RFEIPQsFZRLrtnCAiEhyT8bC2s/Njlu6ly9gtJZWSV46Q3ZjBL4q9sHKqZQ= -+-----END CERTIFICATE----- ---- /dev/null -+++ php5/ext/openssl/tests/cve2013_4073.phpt -@@ -0,0 +1,19 @@ -+--TEST-- -+CVE 2013-4073: Null-byte certificate handling -+--SKIPIF-- -+<?php -+if (!extension_loaded("openssl")) die("skip"); -+--FILE-- -+<?php -+$cert = file_get_contents(__DIR__ . '/cve2013_4073.pem'); -+$info = openssl_x509_parse($cert); -+var_export($info['extensions']); -+ -+--EXPECTF-- -+array ( -+ 'basicConstraints' => 'CA:FALSE', -+ 'subjectKeyIdentifier' => '88:5A:55:C0:52:FF:61:CD:52:A3:35:0F:EA:5A:9C:24:38:22:F7:5C', -+ 'keyUsage' => 'Digital Signature, Non Repudiation, Key Encipherment', -+ 'subjectAltName' => 'DNS:altnull.python.org' . "\0" . 'example.com, email:[email protected]' . "\0" . '[email protected], URI:http://null.python.org' . "\0" . 'http://example.org, IP Address:192.0.2.1, IP Address:2001:DB8:0:0:0:0:0:1 -+', -+) diff --git a/source/devel/php/CVE-2013-6420.patch b/source/devel/php/CVE-2013-6420.patch deleted file mode 100644 index 3c2f9f4..0000000 --- a/source/devel/php/CVE-2013-6420.patch +++ /dev/null @@ -1,102 +0,0 @@ -From c1224573c773b6845e83505f717fbf820fc18415 Mon Sep 17 00:00:00 2001 -From: Stanislav Malyshev <[email protected]> -Date: Sun, 8 Dec 2013 11:40:18 -0800 -Subject: [PATCH] Fix CVE-2013-6420 - memory corruption in openssl_x509_parse - ---- - NEWS | 4 +++- - ext/openssl/openssl.c | 18 ++++++++++++++---- - ext/openssl/tests/cve-2013-6420.crt | 29 +++++++++++++++++++++++++++++ - ext/openssl/tests/cve-2013-6420.phpt | 18 ++++++++++++++++++ - 4 files changed, 64 insertions(+), 5 deletions(-) - create mode 100644 ext/openssl/tests/cve-2013-6420.crt - create mode 100644 ext/openssl/tests/cve-2013-6420.phpt - ---- php5.orig/ext/openssl/openssl.c -+++ php5/ext/openssl/openssl.c -@@ -644,18 +644,28 @@ static time_t asn1_time_to_time_t(ASN1_U - char * thestr; - long gmadjust = 0; - -- if (timestr->length < 13) { -- php_error_docref(NULL TSRMLS_CC, E_WARNING, "extension author too lazy to parse %s correctly", timestr->data); -+ if (ASN1_STRING_type(timestr) != V_ASN1_UTCTIME) { -+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "illegal ASN1 data type for timestamp"); - return (time_t)-1; - } - -- strbuf = estrdup((char *)timestr->data); -+ if (ASN1_STRING_length(timestr) != strlen(ASN1_STRING_data(timestr))) { -+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "illegal length in timestamp"); -+ return (time_t)-1; -+ } -+ -+ if (ASN1_STRING_length(timestr) < 13) { -+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to parse time string %s correctly", timestr->data); -+ return (time_t)-1; -+ } -+ -+ strbuf = estrdup((char *)ASN1_STRING_data(timestr)); - - memset(&thetime, 0, sizeof(thetime)); - - /* we work backwards so that we can use atoi more easily */ - -- thestr = strbuf + timestr->length - 3; -+ thestr = strbuf + ASN1_STRING_length(timestr) - 3; - - thetime.tm_sec = atoi(thestr); - *thestr = '\0'; ---- /dev/null -+++ php5/ext/openssl/tests/cve-2013-6420.crt -@@ -0,0 +1,29 @@ -+-----BEGIN CERTIFICATE----- -+MIIEpDCCA4ygAwIBAgIJAJzu8r6u6eBcMA0GCSqGSIb3DQEBBQUAMIHDMQswCQYD -+VQQGEwJERTEcMBoGA1UECAwTTm9yZHJoZWluLVdlc3RmYWxlbjEQMA4GA1UEBwwH -+S8ODwrZsbjEUMBIGA1UECgwLU2VrdGlvbkVpbnMxHzAdBgNVBAsMFk1hbGljaW91 -+cyBDZXJ0IFNlY3Rpb24xITAfBgNVBAMMGG1hbGljaW91cy5zZWt0aW9uZWlucy5k -+ZTEqMCgGCSqGSIb3DQEJARYbc3RlZmFuLmVzc2VyQHNla3Rpb25laW5zLmRlMHUY -+ZDE5NzAwMTAxMDAwMDAwWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -+AAAAAAAXDTE0MTEyODExMzkzNVowgcMxCzAJBgNVBAYTAkRFMRwwGgYDVQQIDBNO -+b3JkcmhlaW4tV2VzdGZhbGVuMRAwDgYDVQQHDAdLw4PCtmxuMRQwEgYDVQQKDAtT -+ZWt0aW9uRWluczEfMB0GA1UECwwWTWFsaWNpb3VzIENlcnQgU2VjdGlvbjEhMB8G -+A1UEAwwYbWFsaWNpb3VzLnNla3Rpb25laW5zLmRlMSowKAYJKoZIhvcNAQkBFhtz -+dGVmYW4uZXNzZXJAc2VrdGlvbmVpbnMuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IB -+DwAwggEKAoIBAQDDAf3hl7JY0XcFniyEJpSSDqn0OqBr6QP65usJPRt/8PaDoqBu -+wEYT/Na+6fsgPjC0uK9DZgWg2tHWWoanSblAMoz5PH6Z+S4SHRZ7e2dDIjPjdhjh -+0mLg2UMO5yp0V797Ggs9lNt6JRfH81MN2obXWs4NtztLMuD6egqpr8dDbr34aOs8 -+pkdui5UawTZksy5pLPHq5cMhFGm06v65CLo0V2Pd9+KAokPrPcN5KLKebz7mLpk6 -+SMeEXOKP4idEqxyQ7O7fBuHMedsQhu+prY3si3BUyKfQtP5CZnX2bp0wKHxX12DX -+1nfFIt9DbGvHTcyOuN+nZLPBm3vWxntyIIvVAgMBAAGjQjBAMAkGA1UdEwQCMAAw -+EQYJYIZIAYb4QgEBBAQDAgeAMAsGA1UdDwQEAwIFoDATBgNVHSUEDDAKBggrBgEF -+BQcDAjANBgkqhkiG9w0BAQUFAAOCAQEAG0fZYYCTbdj1XYc+1SnoaPR+vI8C8CaD -+8+0UYhdnyU4gga0BAcDrY9e94eEAu6ZqycF6FjLqXXdAboppWocr6T6GD1x33Ckl -+VArzG/KxQohGD2JeqkhIMlDomxHO7ka39+Oa8i2vWLVyjU8AZvWMAruHa4EENyG7 -+lW2AagaFKFCr9TnXTfrdxGVEbv7KVQ6bdhg5p5SjpWH1+Mq03uR3ZXPBYdyV8319 -+o0lVj1KFI2DCL/liWisJRoof+1cR35Ctd0wYBcpB6TZslMcOPl76dwKwJgeJo2Qg -+Zsfmc2vC1/qOlNuNq/0TzzkVGv8ETT3CgaU+UXe4XOVvkccebJn2dg== -+-----END CERTIFICATE----- -+ -+ ---- /dev/null -+++ php5/ext/openssl/tests/cve-2013-6420.phpt -@@ -0,0 +1,18 @@ -+--TEST-- -+CVE-2013-6420 -+--SKIPIF-- -+<?php -+if (!extension_loaded("openssl")) die("skip"); -+?> -+--FILE-- -+<?php -+$crt = substr(__FILE__, 0, -4).'.crt'; -+$info = openssl_x509_parse("file://$crt"); -+var_dump($info['issuer']['emailAddress'], $info["validFrom_time_t"]); -+?> -+Done -+--EXPECTF-- -+%s openssl_x509_parse(): illegal ASN1 data type for timestamp in %s%ecve-2013-6420.php on line 3 -+string(27) "[email protected]" -+int(-1) -+Done diff --git a/source/devel/php/CVE-2013-6712.patch b/source/devel/php/CVE-2013-6712.patch deleted file mode 100644 index 8e316d7..0000000 --- a/source/devel/php/CVE-2013-6712.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 12fe4e90be7bfa2a763197079f68f5568a14e071 Mon Sep 17 00:00:00 2001 -From: Remi Collet <[email protected]> -Date: Wed, 27 Nov 2013 11:13:16 +0100 -Subject: [PATCH] Fixed bug #66060 (Heap buffer over-read in DateInterval) - ---- - NEWS | 3 +++ - ext/date/lib/parse_iso_intervals.c | 4 ++-- - ext/date/lib/parse_iso_intervals.re | 2 +- - 3 files changed, 6 insertions(+), 3 deletions(-) - ---- php5.orig/ext/date/lib/parse_iso_intervals.c -+++ php5/ext/date/lib/parse_iso_intervals.c -@@ -415,7 +415,7 @@ yy6: - break; - } - ptr++; -- } while (*ptr); -+ } while (!s->errors->error_count && *ptr); - s->have_period = 1; - TIMELIB_DEINIT; - return TIMELIB_PERIOD; ---- php5.orig/ext/date/lib/parse_iso_intervals.re -+++ php5/ext/date/lib/parse_iso_intervals.re -@@ -383,7 +383,7 @@ isoweek = year4 "-"? "W" weekof - break; - } - ptr++; -- } while (*ptr); -+ } while (!s->errors->error_count && *ptr); - s->have_period = 1; - TIMELIB_DEINIT; - return TIMELIB_PERIOD; diff --git a/source/devel/php/CVE-2014-0185.patch b/source/devel/php/CVE-2014-0185.patch deleted file mode 100644 index 389f62e..0000000 --- a/source/devel/php/CVE-2014-0185.patch +++ /dev/null @@ -1,26 +0,0 @@ ---- php5.orig/sapi/fpm/fpm/fpm_unix.c -+++ php5/sapi/fpm/fpm/fpm_unix.c -@@ -34,7 +34,7 @@ int fpm_unix_resolve_socket_premissions( - /* uninitialized */ - wp->socket_uid = -1; - wp->socket_gid = -1; -- wp->socket_mode = 0666; -+ wp->socket_mode = 0660; - - if (!c) { - return 0; ---- php5.orig/sapi/fpm/php-fpm.conf.in -+++ php5/sapi/fpm/php-fpm.conf.in -@@ -162,10 +162,10 @@ listen = /var/run/php5-fpm.sock - ; permissions must be set in order to allow connections from a web server. Many - ; BSD-derived systems allow connections regardless of permissions. - ; Default Values: user and group are set as the running user --; mode is set to 0666 -+; mode is set to 0660 - ;listen.owner = @php_fpm_user@ - ;listen.group = @php_fpm_group@ --;listen.mode = 0666 -+;listen.mode = 0660 - - ; List of ipv4 addresses of FastCGI clients which are allowed to connect. - ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original diff --git a/source/devel/php/CVE-2014-0237.patch b/source/devel/php/CVE-2014-0237.patch deleted file mode 100644 index ea96af0..0000000 --- a/source/devel/php/CVE-2014-0237.patch +++ /dev/null @@ -1,36 +0,0 @@ ---- php5.orig/ext/fileinfo/libmagic/cdf.c -+++ php5/ext/fileinfo/libmagic/cdf.c -@@ -942,7 +942,7 @@ int - cdf_unpack_summary_info(const cdf_stream_t *sst, const cdf_header_t *h, - cdf_summary_info_header_t *ssi, cdf_property_info_t **info, size_t *count) - { -- size_t i, maxcount; -+ size_t maxcount; - const cdf_summary_info_header_t *si = - CAST(const cdf_summary_info_header_t *, sst->sst_tab); - const cdf_section_declaration_t *sd = -@@ -957,21 +957,13 @@ cdf_unpack_summary_info(const cdf_stream - ssi->si_os = CDF_TOLE2(si->si_os); - ssi->si_class = si->si_class; - cdf_swap_class(&ssi->si_class); -- ssi->si_count = CDF_TOLE2(si->si_count); -+ ssi->si_count = CDF_TOLE4(si->si_count); - *count = 0; - maxcount = 0; - *info = NULL; -- for (i = 0; i < CDF_TOLE4(si->si_count); i++) { -- if (i >= CDF_LOOP_LIMIT) { -- DPRINTF(("Unpack summary info loop limit")); -- errno = EFTYPE; -+ if (cdf_read_property_info(sst, h, CDF_TOLE4(sd->sd_offset), info, -+ count, &maxcount) == -1) - return -1; -- } -- if (cdf_read_property_info(sst, h, CDF_TOLE4(sd->sd_offset), -- info, count, &maxcount) == -1) { -- return -1; -- } -- } - return 0; - } - diff --git a/source/devel/php/CVE-2014-0238.patch b/source/devel/php/CVE-2014-0238.patch deleted file mode 100644 index 4bb631c..0000000 --- a/source/devel/php/CVE-2014-0238.patch +++ /dev/null @@ -1,24 +0,0 @@ ---- php5.orig/ext/fileinfo/libmagic/cdf.c -+++ php5/ext/fileinfo/libmagic/cdf.c -@@ -823,6 +823,10 @@ cdf_read_property_info(const cdf_stream_ - i, inp[i].pi_id, inp[i].pi_type, q - p, offs)); - if (inp[i].pi_type & CDF_VECTOR) { - nelements = CDF_GETUINT32(q, 1); -+ if (nelements == 0) { -+ DPRINTF(("CDF_VECTOR with nelements == 0\n")); -+ goto out; -+ } - o = 2; - } else { - nelements = 1; -@@ -897,7 +901,9 @@ cdf_read_property_info(const cdf_stream_ - } - DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n", - nelements)); -- for (j = 0; j < nelements; j++, i++) { -+ for (j = 0; j < nelements && i < sh.sh_properties; -+ j++, i++) -+ { - uint32_t l = CDF_GETUINT32(q, o); - inp[i].pi_str.s_len = l; - inp[i].pi_str.s_buf = (const char *) diff --git a/source/devel/php/CVE-2014-1943.patch b/source/devel/php/CVE-2014-1943.patch deleted file mode 100644 index 794ba00..0000000 --- a/source/devel/php/CVE-2014-1943.patch +++ /dev/null @@ -1,139 +0,0 @@ -Upstream-Author: Christos Zoulas <[email protected]> -Description: - prevent infinite recursion. - count indirect recursion as recursion. - -Upstream commit IDs: - 3c081560c23f20b2985c285338b52c7aae9fdb0f - cc9e74dfeca5265ad725acc926ef0b8d2a18ee70 - -Backport for 5.11: Christoph Biedl <[email protected]> - ---- php5.orig/ext/fileinfo/libmagic/softmagic.c -+++ php5/ext/fileinfo/libmagic/softmagic.c -@@ -48,9 +48,9 @@ FILE_RCSID("@(#)$File: softmagic.c,v 1.1 - - - private int match(struct magic_set *, struct magic *, uint32_t, -- const unsigned char *, size_t, int, int); -+ const unsigned char *, size_t, int, int, int); - private int mget(struct magic_set *, const unsigned char *, -- struct magic *, size_t, unsigned int, int); -+ struct magic *, size_t, unsigned int, int, int); - private int magiccheck(struct magic_set *, struct magic *); - private int32_t mprint(struct magic_set *, struct magic *); - private int32_t moffset(struct magic_set *, struct magic *); -@@ -72,13 +72,13 @@ private void cvt_64(union VALUETYPE *, c - /*ARGSUSED1*/ /* nbytes passed for regularity, maybe need later */ - protected int - file_softmagic(struct magic_set *ms, const unsigned char *buf, size_t nbytes, -- int mode, int text) -+ size_t level, int mode, int text) - { - struct mlist *ml; - int rv; - for (ml = ms->mlist->next; ml != ms->mlist; ml = ml->next) - if ((rv = match(ms, ml->magic, ml->nmagic, buf, nbytes, mode, -- text)) != 0) -+ text, level)) != 0) - return rv; - - return 0; -@@ -113,7 +113,8 @@ file_softmagic(struct magic_set *ms, con - */ - private int - match(struct magic_set *ms, struct magic *magic, uint32_t nmagic, -- const unsigned char *s, size_t nbytes, int mode, int text) -+ const unsigned char *s, size_t nbytes, int mode, int text, -+ int recursion_level) - { - uint32_t magindex = 0; - unsigned int cont_level = 0; -@@ -145,7 +146,7 @@ match(struct magic_set *ms, struct magic - ms->line = m->lineno; - - /* if main entry matches, print it... */ -- switch (mget(ms, s, m, nbytes, cont_level, text)) { -+ switch (mget(ms, s, m, nbytes, cont_level, text, recursion_level + 1)) { - case -1: - return -1; - case 0: -@@ -227,7 +228,7 @@ match(struct magic_set *ms, struct magic - continue; - } - #endif -- switch (mget(ms, s, m, nbytes, cont_level, text)) { -+ switch (mget(ms, s, m, nbytes, cont_level, text, recursion_level + 1)) { - case -1: - return -1; - case 0: -@@ -997,12 +998,18 @@ mcopy(struct magic_set *ms, union VALUET - - private int - mget(struct magic_set *ms, const unsigned char *s, -- struct magic *m, size_t nbytes, unsigned int cont_level, int text) -+ struct magic *m, size_t nbytes, unsigned int cont_level, int text, -+ int recursion_level) - { - uint32_t offset = ms->offset; - uint32_t count = m->str_range; - union VALUETYPE *p = &ms->ms_value; - -+ if (recursion_level >= 20) { -+ file_error(ms, 0, "recursion nesting exceeded"); -+ return -1; -+ } -+ - if (mcopy(ms, p, m->type, m->flag & INDIR, s, offset, nbytes, count) == -1) - return -1; - -@@ -1550,13 +1557,15 @@ mget(struct magic_set *ms, const unsigne - break; - - case FILE_INDIRECT: -+ if (offset == 0) -+ return 0; - if ((ms->flags & (MAGIC_MIME|MAGIC_APPLE)) == 0 && - file_printf(ms, "%s", m->desc) == -1) - return -1; - if (nbytes < offset) - return 0; - return file_softmagic(ms, s + offset, nbytes - offset, -- BINTEST, text); -+ recursion_level, BINTEST, text); - - case FILE_DEFAULT: /* nothing to check */ - default: ---- php5.orig/ext/fileinfo/libmagic/ascmagic.c -+++ php5/ext/fileinfo/libmagic/ascmagic.c -@@ -145,7 +145,7 @@ file_ascmagic_with_encoding(struct magic - == NULL) - goto done; - if ((rv = file_softmagic(ms, utf8_buf, -- (size_t)(utf8_end - utf8_buf), TEXTTEST, text)) == 0) -+ (size_t)(utf8_end - utf8_buf), 0, TEXTTEST, text)) == 0) - rv = -1; - } - ---- php5.orig/ext/fileinfo/libmagic/file.h -+++ php5/ext/fileinfo/libmagic/file.h -@@ -414,7 +414,7 @@ protected int file_encoding(struct magic - unichar **, size_t *, const char **, const char **, const char **); - protected int file_is_tar(struct magic_set *, const unsigned char *, size_t); - protected int file_softmagic(struct magic_set *, const unsigned char *, size_t, -- int, int); -+ size_t, int, int); - protected struct mlist *file_apprentice(struct magic_set *, const char *, int); - protected uint64_t file_signextend(struct magic_set *, struct magic *, - uint64_t); ---- php5.orig/ext/fileinfo/libmagic/funcs.c -+++ php5/ext/fileinfo/libmagic/funcs.c -@@ -235,7 +235,7 @@ file_buffer(struct magic_set *ms, php_st - - /* try soft magic tests */ - if ((ms->flags & MAGIC_NO_CHECK_SOFT) == 0) -- if ((m = file_softmagic(ms, ubuf, nb, BINTEST, -+ if ((m = file_softmagic(ms, ubuf, nb, 0, BINTEST, - looks_text)) != 0) { - if ((ms->flags & MAGIC_DEBUG) != 0) - (void)fprintf(stderr, "softmagic %d\n", m); diff --git a/source/devel/php/CVE-2014-2270.patch b/source/devel/php/CVE-2014-2270.patch deleted file mode 100644 index 9f92bd2..0000000 --- a/source/devel/php/CVE-2014-2270.patch +++ /dev/null @@ -1,83 +0,0 @@ ---- php5.orig/ext/fileinfo/libmagic/softmagic.c -+++ php5/ext/fileinfo/libmagic/softmagic.c -@@ -65,6 +65,8 @@ private void cvt_16(union VALUETYPE *, c - private void cvt_32(union VALUETYPE *, const struct magic *); - private void cvt_64(union VALUETYPE *, const struct magic *); - -+#define OFFSET_OOB(n, o, i) ((n) < (o) || (i) > ((n) - (o))) -+ - /* - * softmagic - lookup one file in parsed, in-memory copy of database - * Passed the name and FILE * of one file to be typed. -@@ -1056,7 +1058,7 @@ mget(struct magic_set *ms, const unsigne - } - switch (m->in_type) { - case FILE_BYTE: -- if (nbytes < (offset + 1)) -+ if (OFFSET_OOB(nbytes, offset, 1)) - return 0; - if (off) { - switch (m->in_op & FILE_OPS_MASK) { -@@ -1091,7 +1093,7 @@ mget(struct magic_set *ms, const unsigne - offset = ~offset; - break; - case FILE_BESHORT: -- if (nbytes < (offset + 2)) -+ if (OFFSET_OOB(nbytes, offset, 2)) - return 0; - if (off) { - switch (m->in_op & FILE_OPS_MASK) { -@@ -1143,7 +1145,7 @@ mget(struct magic_set *ms, const unsigne - offset = ~offset; - break; - case FILE_LESHORT: -- if (nbytes < (offset + 2)) -+ if (OFFSET_OOB(nbytes, offset, 2)) - return 0; - if (off) { - switch (m->in_op & FILE_OPS_MASK) { -@@ -1195,7 +1197,7 @@ mget(struct magic_set *ms, const unsigne - offset = ~offset; - break; - case FILE_SHORT: -- if (nbytes < (offset + 2)) -+ if (OFFSET_OOB(nbytes, offset, 2)) - return 0; - if (off) { - switch (m->in_op & FILE_OPS_MASK) { -@@ -1232,7 +1234,7 @@ mget(struct magic_set *ms, const unsigne - break; - case FILE_BELONG: - case FILE_BEID3: -- if (nbytes < (offset + 4)) -+ if (OFFSET_OOB(nbytes, offset, 4)) - return 0; - if (off) { - switch (m->in_op & FILE_OPS_MASK) { -@@ -1303,7 +1305,7 @@ mget(struct magic_set *ms, const unsigne - break; - case FILE_LELONG: - case FILE_LEID3: -- if (nbytes < (offset + 4)) -+ if (OFFSET_OOB(nbytes, offset, 4)) - return 0; - if (off) { - switch (m->in_op & FILE_OPS_MASK) { -@@ -1373,7 +1375,7 @@ mget(struct magic_set *ms, const unsigne - offset = ~offset; - break; - case FILE_MELONG: -- if (nbytes < (offset + 4)) -+ if (OFFSET_OOB(nbytes, offset, 4)) - return 0; - if (off) { - switch (m->in_op & FILE_OPS_MASK) { -@@ -1443,7 +1445,7 @@ mget(struct magic_set *ms, const unsigne - offset = ~offset; - break; - case FILE_LONG: -- if (nbytes < (offset + 4)) -+ if (OFFSET_OOB(nbytes, offset, 4)) - return 0; - if (off) { - switch (m->in_op & FILE_OPS_MASK) { diff --git a/source/devel/php/CVE-2014-4049.patch b/source/devel/php/CVE-2014-4049.patch deleted file mode 100644 index 380d7cf..0000000 --- a/source/devel/php/CVE-2014-4049.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 4f73394fdd95d3165b4391e1b0dedd57fced8c3b Mon Sep 17 00:00:00 2001 -From: Sara Golemon <[email protected]> -Date: Tue, 10 Jun 2014 11:18:02 -0700 -Subject: [PATCH] Fix potential segfault in dns_get_record() - -If the remote sends us a packet with a malformed TXT record, -we could end up trying to over-consume the packet and wander -off into overruns. ---- - ext/standard/dns.c | 4 ++++ - 1 file changed, 4 insertions(+) - -Index: php5-5.3.10/ext/standard/dns.c -=================================================================== ---- php5-5.3.10.orig/ext/standard/dns.c 2014-06-19 13:42:51.333434663 -0400 -+++ php5-5.3.10/ext/standard/dns.c 2014-06-19 13:42:51.289434662 -0400 -@@ -507,6 +507,10 @@ - - while (ll < dlen) { - n = cp[ll]; -+ if ((ll + n) >= dlen) { -+ // Invalid chunk length, truncate -+ n = dlen - (ll + 1); -+ } - memcpy(tp + ll , cp + ll + 1, n); - add_next_index_stringl(entries, cp + ll + 1, n, 1); - ll = ll + n + 1; diff --git a/source/devel/php/FrugalBuild b/source/devel/php/FrugalBuild index 4ae21dc..ec7da32 100644 --- a/source/devel/php/FrugalBuild +++ b/source/devel/php/FrugalBuild @@ -3,8 +3,8 @@ # Contributor: Miklos Vajna <[email protected]> pkgname=php -pkgver=5.3.26 -pkgrel=4 +pkgver=5.5.14 +pkgrel=1 pkgdesc="A widely-used general-purpose scripting language" url="http://www.php.net"; backup=(etc/{php.ini,httpd/conf/modules.d/$pkgname.conf}) @@ -15,12 +15,10 @@ makedepends=('apache' 'imap>=2006k-2' 'bzip2' 'mta' 'tidy=1306.g4387491' 'freetd 'libxslt' 'enchant') groups=('devel') archs=('i686' 'x86_64') -up2date="lynx -dump http://www.php.net/downloads.php | grep 'Complete Source Code' -B2 | awk '/stable/ {print \$2}'" -#source=(http://www.php.net/distributions/$pkgname-$pkgver.tar.gz \ -source=(http://museum.php.net/php5/$pkgname-$pkgver.tar.gz \ - autoconf_259.patch php.ini php.conf README.Frugalware phpize.in.patch) -sha1sums=('99e8094051f94b0a03b05fa9d4cbe0794ee3ac4f' \ - 'c99534745f4dee26446c9e6f42e35a0c85ce961b' \ +up2date="lynx -dump $url | sed -n 's/.*downloads.php#v\(.*\)/\1/p' | head -1" +source=(http://www.php.net/distributions/$pkgname-$pkgver.tar.gz \ + php.ini php.conf README.Frugalware phpize.in.patch) +sha1sums=('be2e4bf894952760275fe59a0390c6976a17a82e' \ '9249ca52e57a3069befe20311fd02fc8bee7aeef' \ '0850ef23512a02e8460dc36f08f453d148dcd9df' \ '40ae88f0721e02a2c75de76be342c51c85bf734d' \ @@ -33,24 +31,9 @@ subrodepends=("$pkgname=$pkgver") subgroups=('devel-extra') subarchs=('i686 x86_64') - -# FSA fix *** -source=(${source[@]} CVE-2013-4113.patch CVE-2013-4248.patch CVE-2013-6420.patch - CVE-2013-6712.patch CVE-2014-1943.patch CVE-2014-0185.patch - CVE-2014-0237.patch CVE-2014-0238.patch CVE-2014-2270.patch - CVE-2014-4049.patch) -sha1sums=(${sha1sums[@]} '7b9f92b247bf141012b4a83d5bad1b823e4eb2d1' \ - 'b75fe24356d0e6c5d375c4d2d2315f17d5e34e31' \ - '805231398c06b27e4e1f8c18ce9d6aed7b06382d' \ - '0e2ad0691c8a4bbb128d978f21f79e36df1a0bf5' \ - 'ff4c9a129952081b9db72f5b941f6ffc53a6213d' \ - '89eb79fa23e49a3cf0ee4929233fccbbd2b9367d' \ - '9fd5280138a6a9d8bfa4c5239f9451869985de35' \ - '2c0db438c6773d5bc9d1af3b637c4d8cd93bf4e7' \ - 'e2c4c40700c1004c4924abc329fc4f75030350e0' \ - 'a3fa0995e26e03681f0ce20289587645e6a4e401') -# *********** - +replaces=('php-pecl-fileinfo') +conflicts=('php-pecl-fileinfo') +provides=('php-pecl-fileinfo') build() { @@ -166,6 +149,7 @@ build() Fln /etc/php.ini /usr/lib/php.ini Fln /usr/share/libtool/config/ltmain.sh /usr/lib/php/build/ltmain.sh Fln /usr/share/aclocal/libtool.m4 /usr/lib/php/build/libtool.m4 + Frm /usr/bin/php-cgi } # optimization OK _______________________________________________ Frugalware-git mailing list [email protected] http://frugalware.org/mailman/listinfo/frugalware-git
