[CVS] OpenPKG: openpkg-src/php/ php.patch php.spec

Tue, 17 Oct 2006 00:02:40 -0700 

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Ralf S. Engelschall
  Root:   /v/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src                      Date:   17-Oct-2006 09:02:50
  Branch: HEAD                             Handle: 2006101708024700

  Added files:
    openpkg-src/php         php.patch
  Modified files:
    openpkg-src/php         php.spec

  Log:
    Security Fixes (CVE-2006-4625, CVE-2006-4812, CVE-2006-5178)

  Summary:
    Revision    Changes     Path
    1.14        +82 -0      openpkg-src/php/php.patch
    1.133       +4  -2      openpkg-src/php/php.spec
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/php/php.patch
  ============================================================================
  $ cvs diff -u -r0 -r1.14 php.patch
  --- /dev/null 2006-10-17 09:02:48 +0200
  +++ php.patch 2006-10-17 09:02:48 +0200
  @@ -0,0 +1,82 @@
  +Security Fix (CVE-2006-4625)
  +
  +Index: Zend/zend_ini.c
  +--- Zend/zend_ini.c.orig     2006-01-05 00:53:04 +0100
  ++++ Zend/zend_ini.c  2006-10-17 08:24:12 +0200
  +@@ -256,8 +256,8 @@
  +     zend_ini_entry *ini_entry;
  +     TSRMLS_FETCH();
  + 
  +-    if (zend_hash_find(EG(ini_directives), name, name_length, (void **) 
&ini_entry)==FAILURE) {
  +-            return FAILURE;
  ++    if (zend_hash_find(EG(ini_directives), name, name_length, (void **) 
&ini_entry)==FAILURE ||
  ++        (stage == ZEND_INI_STAGE_RUNTIME && (ini_entry->modifiable & 
ZEND_INI_USER) == 0)) {                return FAILURE;
  +     }
  + 
  +     zend_restore_ini_entry_cb(ini_entry, stage TSRMLS_CC);
  +
  +-----------------------------------------------------------------------------
  +
  +Security Fix (CVE-2006-4812)
  +
  +Index: Zend/zend_alloc.c
  +--- Zend/zend_alloc.c.orig   2006-08-10 19:16:24 +0200
  ++++ Zend/zend_alloc.c        2006-10-17 08:25:42 +0200
  +@@ -328,15 +328,14 @@
  + ZEND_API void *_ecalloc(size_t nmemb, size_t size ZEND_FILE_LINE_DC 
ZEND_FILE_LINE_ORIG_DC)
  + {
  +     void *p;
  +-    int final_size = size*nmemb;
  +     
  +     HANDLE_BLOCK_INTERRUPTIONS();
  +-    p = _emalloc(final_size ZEND_FILE_LINE_RELAY_CC 
ZEND_FILE_LINE_ORIG_RELAY_CC);
  ++    p = _safe_emalloc(nmemb, size, 0 ZEND_FILE_LINE_RELAY_CC 
ZEND_FILE_LINE_ORIG_RELAY_CC);
  +     if (!p) {
  +             HANDLE_UNBLOCK_INTERRUPTIONS();
  +             return (void *) p;
  +     }
  +-    memset(p, 0, final_size);
  ++    memset(p, 0, size * nmemb);
  +     HANDLE_UNBLOCK_INTERRUPTIONS();
  +     return p;
  + }
  +
  +-----------------------------------------------------------------------------
  +
  +Security Fix (CVE-2006-5178)
  +
  +Index: main/php_open_temporary_file.c
  +--- main/php_open_temporary_file.c.orig      2006-05-24 01:22:26 +0200
  ++++ main/php_open_temporary_file.c   2006-10-17 08:26:02 +0200
  +@@ -206,6 +206,7 @@
  + PHPAPI int php_open_temporary_fd(const char *dir, const char *pfx, char 
**opened_path_p TSRMLS_DC)
  + {
  +     int fd;
  ++    const char *temp_dir;
  + 
  +     if (!pfx) {
  +             pfx = "tmp.";
  +@@ -214,11 +215,22 @@
  +             *opened_path_p = NULL;
  +     }
  + 
  ++    if (!dir || *dir == '\0') {
  ++def_tmp:
  ++            temp_dir = php_get_temporary_directory();
  ++
  ++            if (temp_dir && *temp_dir != '\0' && 
!php_check_open_basedir(temp_dir TSRMLS_CC)) {
  ++                    return php_do_open_temporary_file(temp_dir, pfx, 
opened_path_p TSRMLS_CC);
  ++            } else {
  ++                    return -1;
  ++            }
  ++    }
  ++
  +     /* Try the directory given as parameter. */
  +     fd = php_do_open_temporary_file(dir, pfx, opened_path_p TSRMLS_CC);
  +     if (fd == -1) {
  +             /* Use default temporary directory. */
  +-            fd = php_do_open_temporary_file(php_get_temporary_directory(), 
pfx, opened_path_p TSRMLS_CC);
  ++            goto def_tmp;
  +     }
  +     return fd;
  + }
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/php/php.spec
  ============================================================================
  $ cvs diff -u -r1.132 -r1.133 php.spec
  --- openpkg-src/php/php.spec  13 Oct 2006 17:32:37 -0000      1.132
  +++ openpkg-src/php/php.spec  17 Oct 2006 07:02:47 -0000      1.133
  @@ -37,7 +37,7 @@
   Group:        Language
   License:      PHP
   Version:      %{V_php}
  -Release:      20061013
  +Release:      20061017
   
   #   package options
   %option       with_bc                   no
  @@ -104,6 +104,7 @@
   Source0:      
http://static.php.net/www.php.net/distributions/php-%{V_php}.tar.gz
   Source1:      php.ini
   Patch0:       
http://www.hardened-php.net/hardening-patch-%{V_php_hardened}.patch.gz
  +Patch1:       php.patch
   
   #   build information
   Prefix:       %{l_prefix}
  @@ -251,8 +252,9 @@
   %prep
       %setup -q
   %if "%{with_hardened}" == "yes"
  -    %patch -p1
  +    %patch -p1 -P 0
   %endif
  +    %patch -p0 -P 1
       %{l_shtool} subst \
           -e 's;\(/include\)/freetype2;\1;' \
           configure \
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     openpkg-cvs@openpkg.org

Reply via email to