From da7478009eb6f07f0df224411aec4b532f1fc84c Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Wed, 24 Jul 2013 18:47:51 +0200 Subject: PHP 5.5.1 --- php-5.5.0-CVE-2013-4013.patch | 181 ------------------------------------------ php55.spec | 30 +++++-- 2 files changed, 22 insertions(+), 189 deletions(-) delete mode 100644 php-5.5.0-CVE-2013-4013.patch diff --git a/php-5.5.0-CVE-2013-4013.patch b/php-5.5.0-CVE-2013-4013.patch deleted file mode 100644 index dfa2c86..0000000 --- a/php-5.5.0-CVE-2013-4013.patch +++ /dev/null @@ -1,181 +0,0 @@ -From 7d163e8a0880ae8af2dd869071393e5dc07ef271 Mon Sep 17 00:00:00 2001 -From: Rob Richards -Date: Sat, 6 Jul 2013 07:53:07 -0400 -Subject: [PATCH] truncate results at depth of 255 to prevent corruption - ---- - ext/xml/xml.c | 90 +++++++++++++++++++++++++++++++++-------------------------- - 1 file changed, 50 insertions(+), 40 deletions(-) - -diff --git a/ext/xml/xml.c b/ext/xml/xml.c -index 1f0480b..9f0bc30 100644 ---- a/ext/xml/xml.c -+++ b/ext/xml/xml.c -@@ -428,7 +428,7 @@ static void xml_parser_dtor(zend_rsrc_list_entry *rsrc TSRMLS_DC) - } - if (parser->ltags) { - int inx; -- for (inx = 0; inx < parser->level; inx++) -+ for (inx = 0; ((inx < parser->level) && (inx < XML_MAXLEVEL)); inx++) - efree(parser->ltags[ inx ]); - efree(parser->ltags); - } -@@ -805,45 +805,50 @@ void _xml_startElementHandler(void *userData, const XML_Char *name, const XML_Ch - } - - if (parser->data) { -- zval *tag, *atr; -- int atcnt = 0; -+ if (parser->level <= XML_MAXLEVEL) { -+ zval *tag, *atr; -+ int atcnt = 0; - -- MAKE_STD_ZVAL(tag); -- MAKE_STD_ZVAL(atr); -+ MAKE_STD_ZVAL(tag); -+ MAKE_STD_ZVAL(atr); - -- array_init(tag); -- array_init(atr); -+ array_init(tag); -+ array_init(atr); - -- _xml_add_to_info(parser,((char *) tag_name) + parser->toffset); -+ _xml_add_to_info(parser,((char *) tag_name) + parser->toffset); - -- add_assoc_string(tag,"tag",((char *) tag_name) + parser->toffset,1); /* cast to avoid gcc-warning */ -- add_assoc_string(tag,"type","open",1); -- add_assoc_long(tag,"level",parser->level); -+ add_assoc_string(tag,"tag",((char *) tag_name) + parser->toffset,1); /* cast to avoid gcc-warning */ -+ add_assoc_string(tag,"type","open",1); -+ add_assoc_long(tag,"level",parser->level); - -- parser->ltags[parser->level-1] = estrdup(tag_name); -- parser->lastwasopen = 1; -+ parser->ltags[parser->level-1] = estrdup(tag_name); -+ parser->lastwasopen = 1; - -- attributes = (const XML_Char **) attrs; -+ attributes = (const XML_Char **) attrs; - -- while (attributes && *attributes) { -- att = _xml_decode_tag(parser, attributes[0]); -- val = xml_utf8_decode(attributes[1], strlen(attributes[1]), &val_len, parser->target_encoding); -- -- add_assoc_stringl(atr,att,val,val_len,0); -+ while (attributes && *attributes) { -+ att = _xml_decode_tag(parser, attributes[0]); -+ val = xml_utf8_decode(attributes[1], strlen(attributes[1]), &val_len, parser->target_encoding); - -- atcnt++; -- attributes += 2; -+ add_assoc_stringl(atr,att,val,val_len,0); - -- efree(att); -- } -+ atcnt++; -+ attributes += 2; - -- if (atcnt) { -- zend_hash_add(Z_ARRVAL_P(tag),"attributes",sizeof("attributes"),&atr,sizeof(zval*),NULL); -- } else { -- zval_ptr_dtor(&atr); -- } -+ efree(att); -+ } -+ -+ if (atcnt) { -+ zend_hash_add(Z_ARRVAL_P(tag),"attributes",sizeof("attributes"),&atr,sizeof(zval*),NULL); -+ } else { -+ zval_ptr_dtor(&atr); -+ } - -- zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),(void *) &parser->ctag); -+ zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),(void *) &parser->ctag); -+ } else if (parser->level == (XML_MAXLEVEL + 1)) { -+ TSRMLS_FETCH(); -+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Maximum depth exceeded - Results truncated"); -+ } - } - - efree(tag_name); -@@ -895,7 +900,7 @@ void _xml_endElementHandler(void *userData, const XML_Char *name) - - efree(tag_name); - -- if (parser->ltags) { -+ if ((parser->ltags) && (parser->level <= XML_MAXLEVEL)) { - efree(parser->ltags[parser->level-1]); - } - -@@ -979,18 +984,23 @@ void _xml_characterDataHandler(void *userData, const XML_Char *s, int len) - } - } - -- MAKE_STD_ZVAL(tag); -- -- array_init(tag); -- -- _xml_add_to_info(parser,parser->ltags[parser->level-1] + parser->toffset); -+ if (parser->level <= XML_MAXLEVEL) { -+ MAKE_STD_ZVAL(tag); - -- add_assoc_string(tag,"tag",parser->ltags[parser->level-1] + parser->toffset,1); -- add_assoc_string(tag,"value",decoded_value,0); -- add_assoc_string(tag,"type","cdata",1); -- add_assoc_long(tag,"level",parser->level); -+ array_init(tag); - -- zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),NULL); -+ _xml_add_to_info(parser,parser->ltags[parser->level-1] + parser->toffset); -+ -+ add_assoc_string(tag,"tag",parser->ltags[parser->level-1] + parser->toffset,1); -+ add_assoc_string(tag,"value",decoded_value,0); -+ add_assoc_string(tag,"type","cdata",1); -+ add_assoc_long(tag,"level",parser->level); -+ -+ zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),NULL); -+ } else if (parser->level == (XML_MAXLEVEL + 1)) { -+ TSRMLS_FETCH(); -+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Maximum depth exceeded - Results truncated"); -+ } - } - } else { - efree(decoded_value); --- -1.7.11.5 - -From 710eee5555bc5c95692bd3c84f5d2b5d687349b6 Mon Sep 17 00:00:00 2001 -From: =?utf8?q?Johannes=20Schl=C3=BCter?= -Date: Wed, 10 Jul 2013 19:35:18 +0200 -Subject: [PATCH] add test for bug #65236 - ---- - ext/xml/tests/bug65236.phpt | 15 +++++++++++++++ - 1 file changed, 15 insertions(+) - create mode 100644 ext/xml/tests/bug65236.phpt - -diff --git a/ext/xml/tests/bug65236.phpt b/ext/xml/tests/bug65236.phpt -new file mode 100644 -index 0000000..67b26d6 ---- /dev/null -+++ b/ext/xml/tests/bug65236.phpt -@@ -0,0 +1,15 @@ -+--TEST-- -+Bug #65236 (heap corruption in xml parser) -+--SKIPIF-- -+ -+--FILE-- -+", 1000), $a); -+ -+echo "Done\n"; -+?> -+--EXPECTF-- -+Warning: xml_parse_into_struct(): Maximum depth exceeded - Results truncated in %s on line %d -+Done --- -1.7.11.5 - diff --git a/php55.spec b/php55.spec index 0143a42..eececbe 100644 --- a/php55.spec +++ b/php55.spec @@ -4,7 +4,7 @@ %global pdover 20080721 # Extension version %global opcachever 7.0.2-dev -%global oci8ver 1.4.9 +%global oci8ver 1.4.10 # Adds -z now to the linker flags %global _hardened_build 1 @@ -85,11 +85,11 @@ Summary: PHP scripting language for creating dynamic web sites Name: php -Version: 5.5.0 +Version: 5.5.1 %if 0%{?snapdate:1}%{?rcver:1} Release: 0.1.%{?snapdate}%{?rcver}%{?dist} %else -Release: 2%{?dist} +Release: 1%{?dist} %endif # All files licensed under PHP version 3.01, except # Zend is licensed under Zend @@ -147,7 +147,6 @@ Patch46: php-5.4.9-fixheader.patch Patch47: php-5.4.9-phpinfo.patch # Security fixes -Patch60: php-5.5.0-CVE-2013-4013.patch # Fixes for tests @@ -400,6 +399,7 @@ License: PHP Requires: php-common%{?_isa} = %{version}-%{release} # ABI/API check - Arch specific Provides: php-pdo-abi = %{pdover}%{isasuffix} +Provides: php(pdo-abi) = %{pdover}%{isasuffix} Provides: php-sqlite3, php-sqlite3%{?_isa} Provides: php-pdo_sqlite, php-pdo_sqlite%{?_isa} Obsoletes: php53-pdo, php53u-pdo, php54-pdo, php55-pdo @@ -804,7 +804,7 @@ The php-intl package contains a dynamic shared object that will add support for using the ICU library to PHP. %package enchant -Summary: Human Language and Character Encoding Support +Summary: Enchant spelling extension for PHP applications Group: System Environment/Libraries # All files licensed under PHP version 3.0 License: PHP @@ -813,7 +813,7 @@ BuildRequires: enchant-devel >= 1.2.4 Obsoletes: php53-enchant, php53u-enchant, php54-enchant, php55-enchant %description enchant -The php-intl package contains a dynamic shared object that will add +The php-enchant package contains a dynamic shared object that will add support for using the enchant library to PHP. @@ -850,8 +850,6 @@ httpd -V | grep -q 'threaded:.*yes' && exit 1 %patch46 -p1 -b .fixheader %patch47 -p1 -b .phpinfo -%patch60 -p1 -b .cve4113 - %patch91 -p1 -b .remi-oci8 # wip patches @@ -1559,6 +1557,9 @@ cat files.zip >> files.common # The default Zend OPcache blacklist file install -m 644 %{SOURCE51} $RPM_BUILD_ROOT%{_sysconfdir}/php.d/opcache-default.blacklist +install -m 644 %{SOURCE51} $RPM_BUILD_ROOT%{_sysconfdir}/php-zts.d/opcache-default.blacklist +sed -e '/blacklist_filename/s/php.d/php-zts.d/' \ + -i $RPM_BUILD_ROOT%{_sysconfdir}/php-zts.d/opcache.ini # Install the macros file: install -d $RPM_BUILD_ROOT%{_sysconfdir}/rpm @@ -1712,6 +1713,9 @@ fi # provides phpize here (not in -devel) for pecl command %{_bindir}/phpize %{_mandir}/man1/php.1* +%{_mandir}/man1/php-cgi.1* +%{_mandir}/man1/phar.1* +%{_mandir}/man1/phar.phar.1* %{_mandir}/man1/phpize.1* %doc sapi/cgi/README* sapi/cli/README @@ -1801,12 +1805,22 @@ fi %files mysqlnd -f files.mysqlnd %files opcache -f files.opcache %config(noreplace) %{_sysconfdir}/php.d/opcache-default.blacklist +%config(noreplace) %{_sysconfdir}/php-zts.d/opcache-default.blacklist %if %{with_oci8} %files oci8 -f files.oci8 %endif %changelog +* Mon Jul 22 2013 Remi Collet - 5.5.1-1 +- update to 5.5.1 +- add Provides: php(pdo-abi), for consistency with php(api) + and php(zend-abi) +- improved description for mod_php +- fix opcache ZTS configuration (blacklists in /etc/php-zts.d) +- add missing man pages (phar, php-cgi) +- fix php-enchant summary and description + * Fri Jul 12 2013 Remi Collet - 5.5.0-2 - add security fix for CVE-2013-4113 - add missing ASL 1.0 license -- cgit