Author: glen Date: Mon Feb 27 12:43:23 2012 GMT Module: packages Tag: PHP_5_2 ---- Log message: - CentALT patches to address CVE-2011-4153, CVE-2012-0788, and CVE-2012-0831
---- Files affected: packages/php: php.spec (1.805.2.99 -> 1.805.2.100) , php-5.2.17-bug-319457.patch (NONE -> 1.1.2.1) (NEW), php-5.2.17-bug-323016.patch (NONE -> 1.1.2.1) (NEW), php-5.2.17-bug-55776.patch (NONE -> 1.1.2.1) (NEW) ---- Diffs: ================================================================ Index: packages/php/php.spec diff -u packages/php/php.spec:1.805.2.99 packages/php/php.spec:1.805.2.100 --- packages/php/php.spec:1.805.2.99 Sat Feb 11 21:00:41 2012 +++ packages/php/php.spec Mon Feb 27 13:43:17 2012 @@ -278,10 +278,16 @@ Patch372: php-5.2.17-bug-60455.patch Patch373: php-5.2.17-bug-60183.patch Patch374: php-5.2.17-bug-55478.patch +# Bug-319457 CVE-2011-4153 +Patch375: php-5.2.17-bug-319457.patch +# Bug-55776 CVE-2012-0788 +Patch376: php-5.2.17-bug-55776.patch #php-5.2-max-input-vars patch Patch400: php-5.2.17-max-input-vars.patch Patch401: php-5.2.17-bug-323007-2.patch +# Bug-323016 CVE-2012-0831 +Patch402: php-5.2.17-bug-323016.patch URL: http://www.php.net/ %{?with_interbase:%{!?with_interbase_inst:BuildRequires: Firebird-devel >= 1.0.2.908-2}} %{?with_pspell:BuildRequires: aspell-devel >= 2:0.50.0} @@ -2044,9 +2050,12 @@ %patch372 -p1 -b .bug-60455 %patch373 -p1 -b .bug-60183 %patch374 -p1 -b .bug-55478 +%patch375 -p1 -b .bug-319457 +%patch376 -p1 -b .bug-55776 %patch400 -p1 -b .php-5.2-max-input-vars %patch401 -p1 -b .bug-323007 +%patch402 -p1 -b .bug-323016 # conflict seems to be resolved by recode patches rm -f ext/recode/config9.m4 @@ -3369,6 +3378,9 @@ All persons listed below can be reached at <cvs_login>@pld-linux.org $Log$ +Revision 1.805.2.100 2012/02/27 12:43:17 glen +- CentALT patches to address CVE-2011-4153, CVE-2012-0788, and CVE-2012-0831 + Revision 1.805.2.99 2012/02/11 20:00:41 zbyniu - rmdir $RPM_BUILD_ROOT/var/run/php ================================================================ Index: packages/php/php-5.2.17-bug-319457.patch diff -u /dev/null packages/php/php-5.2.17-bug-319457.patch:1.1.2.1 --- /dev/null Mon Feb 27 13:43:23 2012 +++ packages/php/php-5.2.17-bug-319457.patch Mon Feb 27 13:43:17 2012 @@ -0,0 +1,18 @@ +diff -up php-5.2.17/ext/oci8/oci8.c.bug-319457 php-5.2.17/ext/oci8/oci8.c +--- php-5.2.17/ext/oci8/oci8.c.bug-319457 2012-02-16 08:25:41.000000000 +0700 ++++ php-5.2.17/ext/oci8/oci8.c 2012-02-16 08:26:55.000000000 +0700 +@@ -1187,7 +1187,14 @@ open: + connection->is_persistent = 0; + } else { + connection = (php_oci_connection *) calloc(1, sizeof(php_oci_connection)); ++ if (connection == NULL) { ++ return NULL; ++ } + connection->hash_key = zend_strndup(hashed_details.c, hashed_details.len); ++ if (connection->hash_key == NULL) { ++ free(connection); ++ return NULL; ++ } + connection->is_persistent = 1; + } + } else { ================================================================ Index: packages/php/php-5.2.17-bug-323016.patch diff -u /dev/null packages/php/php-5.2.17-bug-323016.patch:1.1.2.1 --- /dev/null Mon Feb 27 13:43:23 2012 +++ packages/php/php-5.2.17-bug-323016.patch Mon Feb 27 13:43:17 2012 @@ -0,0 +1,48 @@ +diff -up php-5.2.17/main/php_variables.c.bug-323016 php-5.2.17/main/php_variables.c +--- php-5.2.17/main/php_variables.c.bug-323016 2012-02-16 09:26:09.000000000 +0700 ++++ php-5.2.17/main/php_variables.c 2012-02-16 09:29:47.000000000 +0700 +@@ -29,6 +29,7 @@ + #include "SAPI.h" + #include "php_logos.h" + #include "zend_globals.h" ++#include "php_ini.h" + + /* for systems that need to override reading of environment variables */ + void _php_import_environment_variables(zval *array_ptr TSRMLS_DC); +@@ -438,7 +439,10 @@ void _php_import_environment_variables(z + + /* turn off magic_quotes while importing environment variables */ + int magic_quotes_gpc = PG(magic_quotes_gpc); +- PG(magic_quotes_gpc) = 0; ++ ++ if (PG(magic_quotes_gpc)) { ++ zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "0", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1); ++ } + + for (env = environ; env != NULL && *env != NULL; env++) { + p = strchr(*env, '='); +@@ -581,7 +585,9 @@ static inline void php_register_server_v + zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_SERVER]); + } + PG(http_globals)[TRACK_VARS_SERVER] = array_ptr; +- PG(magic_quotes_gpc) = 0; ++ if (PG(magic_quotes_gpc)) { ++ zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "0", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1); ++ } + + /* Server variables */ + if (sapi_module.register_server_variables) { +diff -up php-5.2.17/sapi/cgi/cgi_main.c.bug-323016 php-5.2.17/sapi/cgi/cgi_main.c +--- php-5.2.17/sapi/cgi/cgi_main.c.bug-323016 2010-01-03 15:23:27.000000000 +0600 ++++ php-5.2.17/sapi/cgi/cgi_main.c 2012-02-16 09:26:09.000000000 +0700 +@@ -609,7 +609,9 @@ void cgi_php_import_environment_variable + int filter_arg = (array_ptr == PG(http_globals)[TRACK_VARS_ENV])?PARSE_ENV:PARSE_SERVER; + + /* turn off magic_quotes while importing environment variables */ +- PG(magic_quotes_gpc) = 0; ++ if (PG(magic_quotes_gpc)) { ++ zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "0", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1); ++ } + for (zend_hash_internal_pointer_reset_ex(&request->env, &pos); + zend_hash_get_current_key_ex(&request->env, &var, &var_len, &idx, 0, &pos) == HASH_KEY_IS_STRING && + zend_hash_get_current_data_ex(&request->env, (void **) &val, &pos) == SUCCESS; ================================================================ Index: packages/php/php-5.2.17-bug-55776.patch diff -u /dev/null packages/php/php-5.2.17-bug-55776.patch:1.1.2.1 --- /dev/null Mon Feb 27 13:43:23 2012 +++ packages/php/php-5.2.17-bug-55776.patch Mon Feb 27 13:43:17 2012 @@ -0,0 +1,32 @@ +diff -up php-5.2.17/ext/pdo/pdo_stmt.c.bug-55776 php-5.2.17/ext/pdo/pdo_stmt.c +--- php-5.2.17/ext/pdo/pdo_stmt.c.bug-55776 2012-02-16 08:41:58.000000000 +0700 ++++ php-5.2.17/ext/pdo/pdo_stmt.c 2012-02-16 08:43:19.000000000 +0700 +@@ -2353,6 +2353,7 @@ static zend_object_value dbstmt_clone_ob + } + + zend_object_handlers pdo_dbstmt_object_handlers; ++static int pdo_row_serialize(zval *object, unsigned char **buffer, zend_uint *buf_len, zend_serialize_data *data TSRMLS_DC); + + void pdo_stmt_init(TSRMLS_D) + { +@@ -2376,6 +2377,7 @@ void pdo_stmt_init(TSRMLS_D) + pdo_row_ce = zend_register_internal_class(&ce TSRMLS_CC); + pdo_row_ce->ce_flags |= ZEND_ACC_FINAL_CLASS; /* when removing this a lot of handlers need to be redone */ + pdo_row_ce->create_object = pdo_row_new; ++ pdo_row_ce->serialize = pdo_row_serialize; + } + + static void free_statement(pdo_stmt_t *stmt TSRMLS_DC) +@@ -2795,6 +2797,12 @@ zend_object_value pdo_row_new(zend_class + + return retval; + } ++ ++static int pdo_row_serialize(zval *object, unsigned char **buffer, zend_uint *buf_len, zend_serialize_data *data TSRMLS_DC) ++{ ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "PDORow instances may not be serialized"); ++ return FAILURE; ++} + /* }}} */ + + /* ================================================================ ---- CVS-web: http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/php/php.spec?r1=1.805.2.99&r2=1.805.2.100&f=u _______________________________________________ pld-cvs-commit mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
