diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2014-09-01 12:48:51 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2014-09-01 12:50:18 +0000 |
commit | 2e58e09c6e604c7ccd8cb440f3d4648c74ff1e78 (patch) | |
tree | f2b28f27a6af4ab5adde057be6dbd08826404c9d | |
parent | d6b832ad06f32deb66ec4fa0a9c658e7b1628ef5 (diff) | |
download | aports-2e58e09c6e604c7ccd8cb440f3d4648c74ff1e78.tar.bz2 aports-2e58e09c6e604c7ccd8cb440f3d4648c74ff1e78.tar.xz |
main/php: security upgrade to php-5.3.29
fixes #3340
-rw-r--r-- | main/php/APKBUILD | 18 | ||||
-rw-r--r-- | main/php/CVE-2014-0185.patch | 44 | ||||
-rw-r--r-- | main/php/CVE-2014-0237.patch | 53 | ||||
-rw-r--r-- | main/php/CVE-2014-0238.patch | 40 | ||||
-rw-r--r-- | main/php/CVE-2014-4049.patch | 30 | ||||
-rw-r--r-- | main/php/CVE-2014-4721.patch | 61 |
6 files changed, 4 insertions, 242 deletions
diff --git a/main/php/APKBUILD b/main/php/APKBUILD index 0f549196fb..438bcf5de7 100644 --- a/main/php/APKBUILD +++ b/main/php/APKBUILD @@ -1,9 +1,9 @@ # Contributor: Carlo Landmeter <clandmeter@gmail.com> # Maintainer: Matt Smith <mcs@darkregion.net> pkgname=php -pkgver=5.3.28 +pkgver=5.3.29 _suhosinver=5.3.9-0.9.10 -pkgrel=6 +pkgrel=0 pkgdesc="The PHP language runtime engine" url="http://www.php.net/" arch="all" @@ -79,11 +79,6 @@ source="http://www.php.net/distributions/${pkgname}-${pkgver}.tar.bz2 php5-module.conf CVE-2013-6712.patch CVE-2013-7345.patch - CVE-2014-0185.patch - CVE-2014-0237.patch - CVE-2014-0238.patch - CVE-2014-4049.patch - CVE-2014-4721.patch " _apiver="20090626" @@ -450,15 +445,10 @@ mssql() { _mv_ext mssql; } pdo_dblib() { _mv_ext pdo_dblib "php-pdo freetds"; } wddx() { _mv_ext wddx; } -md5sums="56ff88934e068d142d6c0deefd1f396b php-5.3.28.tar.bz2 +md5sums="9469e240cbe6ac865aeaec89b253dd30 php-5.3.29.tar.bz2 c099b3d7eac95018ababd41ded7f3066 suhosin-patch-5.3.9-0.9.10.patch.gz 5111e3be06d391f8772587c675240fab php-install-pear-xml.patch 9ab162ff3428511a68aa9801c746e0d5 php-fpm.initd 67719f428f44ec004da18705cbabe2ee php5-module.conf 91934e87e24ff0551fc8fdc0ebb97699 CVE-2013-6712.patch -f2836636790a78ec058d3fe84045997a CVE-2013-7345.patch -66333db458742a20dda0b8a9be1900e5 CVE-2014-0185.patch -77a99e602cc93ec04b7c6995bba7748b CVE-2014-0237.patch -a038c00930d7021e1f485043deec65fc CVE-2014-0238.patch -bd763609e1a4cd15ba0142cb7e5bc7a4 CVE-2014-4049.patch -11f0c6e5db9416a1f8bbba8be8fd1c89 CVE-2014-4721.patch" +f2836636790a78ec058d3fe84045997a CVE-2013-7345.patch" diff --git a/main/php/CVE-2014-0185.patch b/main/php/CVE-2014-0185.patch deleted file mode 100644 index eb695388e6..0000000000 --- a/main/php/CVE-2014-0185.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 35ceea928b12373a3b1e3eecdc32ed323223a40d Mon Sep 17 00:00:00 2001 -From: Stanislav Malyshev <stas@php.net> -Date: Tue, 15 Apr 2014 10:43:24 -0700 -Subject: [PATCH] Fix bug #67060: use default mode of 660 - ---- - NEWS | 4 +++- - sapi/fpm/fpm/fpm_unix.c | 2 +- - sapi/fpm/php-fpm.conf.in | 4 ++-- - 3 files changed, 6 insertions(+), 4 deletions(-) - -diff --git a/sapi/fpm/fpm/fpm_unix.c b/sapi/fpm/fpm/fpm_unix.c -index 48249e8..ea0e673 100644 ---- a/sapi/fpm/fpm/fpm_unix.c -+++ b/sapi/fpm/fpm/fpm_unix.c -@@ -35,7 +35,7 @@ int fpm_unix_resolve_socket_premissions(struct fpm_worker_pool_s *wp) /* {{{ */ - /* uninitialized */ - wp->socket_uid = -1; - wp->socket_gid = -1; -- wp->socket_mode = 0666; -+ wp->socket_mode = 0660; - - if (!c) { - return 0; -diff --git a/sapi/fpm/php-fpm.conf.in b/sapi/fpm/php-fpm.conf.in -index 1e70f2c..9205d42 100644 ---- a/sapi/fpm/php-fpm.conf.in -+++ b/sapi/fpm/php-fpm.conf.in -@@ -166,10 +166,10 @@ listen = 127.0.0.1:9000 - ; permissions must be set in order to allow connections from a web server. Many - ; BSD-derived systems allow connections regardless of permissions. - ; Default Values: user and group are set as the running user --; mode is set to 0666 -+; mode is set to 0660 - ;listen.owner = @php_fpm_user@ - ;listen.group = @php_fpm_group@ --;listen.mode = 0666 -+;listen.mode = 0660 - - ; List of ipv4 addresses of FastCGI clients which are allowed to connect. - ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original --- -1.9.3 - diff --git a/main/php/CVE-2014-0237.patch b/main/php/CVE-2014-0237.patch deleted file mode 100644 index 61cae29c80..0000000000 --- a/main/php/CVE-2014-0237.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 4005f06df6a0f81f38f02a7afaf0760279a3cd6f Mon Sep 17 00:00:00 2001 -From: Stanislav Malyshev <stas@php.net> -Date: Mon, 26 May 2014 17:50:14 -0700 -Subject: [PATCH] Fix bug #67328 (fileinfo: numerous file_printf calls - resulting in performance degradation) - -Upstream patch: https://github.com/file/file/commit/b8acc83781d5a24cc5101e525d15efe0482c280d ---- - NEWS | 3 ++- - ext/fileinfo/libmagic/cdf.c | 16 ++++------------ - 2 files changed, 6 insertions(+), 13 deletions(-) - -diff --git a/ext/fileinfo/libmagic/cdf.c b/ext/fileinfo/libmagic/cdf.c -index 99b6889..4712e84 100644 ---- a/ext/fileinfo/libmagic/cdf.c -+++ b/ext/fileinfo/libmagic/cdf.c -@@ -948,7 +948,7 @@ int - cdf_unpack_summary_info(const cdf_stream_t *sst, const cdf_header_t *h, - cdf_summary_info_header_t *ssi, cdf_property_info_t **info, size_t *count) - { -- size_t i, maxcount; -+ size_t maxcount; - const cdf_summary_info_header_t *si = - CAST(const cdf_summary_info_header_t *, sst->sst_tab); - const cdf_section_declaration_t *sd = -@@ -963,21 +963,13 @@ cdf_unpack_summary_info(const cdf_stream_t *sst, const cdf_header_t *h, - ssi->si_os = CDF_TOLE2(si->si_os); - ssi->si_class = si->si_class; - cdf_swap_class(&ssi->si_class); -- ssi->si_count = CDF_TOLE2(si->si_count); -+ ssi->si_count = CDF_TOLE4(si->si_count); - *count = 0; - maxcount = 0; - *info = NULL; -- for (i = 0; i < CDF_TOLE4(si->si_count); i++) { -- if (i >= CDF_LOOP_LIMIT) { -- DPRINTF(("Unpack summary info loop limit")); -- errno = EFTYPE; -- return -1; -- } -- if (cdf_read_property_info(sst, h, CDF_TOLE4(sd->sd_offset), -- info, count, &maxcount) == -1) { -+ if (cdf_read_property_info(sst, h, CDF_TOLE4(sd->sd_offset), info, -+ count, &maxcount) == -1) - return -1; -- } -- } - return 0; - } - --- -1.9.2 - diff --git a/main/php/CVE-2014-0238.patch b/main/php/CVE-2014-0238.patch deleted file mode 100644 index 0ec85bafd7..0000000000 --- a/main/php/CVE-2014-0238.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 57225f09edd671db50137194cb83530884cb6030 Mon Sep 17 00:00:00 2001 -From: Stanislav Malyshev <stas@php.net> -Date: Mon, 26 May 2014 17:42:18 -0700 -Subject: [PATCH] Fix bug #67327: fileinfo: CDF infinite loop in nelements DoS - -Upstream fix: https://github.com/file/file/commit/f97486ef5dc3e8735440edc4fc8808c63e1a3ef0 ---- - NEWS | 4 ++++ - ext/fileinfo/libmagic/cdf.c | 8 +++++++- - 2 files changed, 11 insertions(+), 1 deletion(-) - -diff --git a/ext/fileinfo/libmagic/cdf.c b/ext/fileinfo/libmagic/cdf.c -index dd7177e..99b6889 100644 ---- a/ext/fileinfo/libmagic/cdf.c -+++ b/ext/fileinfo/libmagic/cdf.c -@@ -823,6 +823,10 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h, - i, inp[i].pi_id, inp[i].pi_type, q - p, offs)); - if (inp[i].pi_type & CDF_VECTOR) { - nelements = CDF_GETUINT32(q, 1); -+ if (nelements == 0) { -+ DPRINTF(("CDF_VECTOR with nelements == 0\n")); -+ goto out; -+ } - o = 2; - } else { - nelements = 1; -@@ -897,7 +901,9 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h, - } - DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n", - nelements)); -- for (j = 0; j < nelements; j++, i++) { -+ for (j = 0; j < nelements && i < sh.sh_properties; -+ j++, i++) -+ { - uint32_t l = CDF_GETUINT32(q, o); - inp[i].pi_str.s_len = l; - inp[i].pi_str.s_buf = (const char *) --- -1.9.2 - diff --git a/main/php/CVE-2014-4049.patch b/main/php/CVE-2014-4049.patch deleted file mode 100644 index c614d432c9..0000000000 --- a/main/php/CVE-2014-4049.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 4f73394fdd95d3165b4391e1b0dedd57fced8c3b Mon Sep 17 00:00:00 2001 -From: Sara Golemon <pollita@php.net> -Date: Tue, 10 Jun 2014 11:18:02 -0700 -Subject: [PATCH] Fix potential segfault in dns_get_record() - -If the remote sends us a packet with a malformed TXT record, -we could end up trying to over-consume the packet and wander -off into overruns. ---- - ext/standard/dns.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/ext/standard/dns.c b/ext/standard/dns.c -index 6a89446..214a7dc 100644 ---- a/ext/standard/dns.c -+++ b/ext/standard/dns.c -@@ -517,6 +517,10 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int - - while (ll < dlen) { - n = cp[ll]; -+ if ((ll + n) >= dlen) { -+ // Invalid chunk length, truncate -+ n = dlen - (ll + 1); -+ } - memcpy(tp + ll , cp + ll + 1, n); - add_next_index_stringl(entries, cp + ll + 1, n, 1); - ll = ll + n + 1; --- -1.9.3 - diff --git a/main/php/CVE-2014-4721.patch b/main/php/CVE-2014-4721.patch deleted file mode 100644 index 47fd4d0423..0000000000 --- a/main/php/CVE-2014-4721.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 84f9fe0fdcc660d7f2b479b4cd5dd4216e3bc5ff Mon Sep 17 00:00:00 2001 -From: Stanislav Malyshev <stas@php.net> -Date: Mon, 23 Jun 2014 00:19:37 -0700 -Subject: [PATCH] Fix bug #67498 - phpinfo() Type Confusion Information Leak - Vulnerability - ---- - ext/standard/info.c | 8 ++++---- - ext/standard/tests/general_functions/bug67498.phpt | 15 +++++++++++++++ - 2 files changed, 19 insertions(+), 4 deletions(-) - create mode 100644 ext/standard/tests/general_functions/bug67498.phpt - -diff --git a/ext/standard/info.c b/ext/standard/info.c -index 03ced35..0626a70 100644 ---- a/ext/standard/info.c -+++ b/ext/standard/info.c -@@ -866,16 +866,16 @@ PHPAPI void php_print_info(int flag TSRMLS_DC) - - php_info_print_table_start(); - php_info_print_table_header(2, "Variable", "Value"); -- if (zend_hash_find(&EG(symbol_table), "PHP_SELF", sizeof("PHP_SELF"), (void **) &data) != FAILURE) { -+ if (zend_hash_find(&EG(symbol_table), "PHP_SELF", sizeof("PHP_SELF"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) { - php_info_print_table_row(2, "PHP_SELF", Z_STRVAL_PP(data)); - } -- if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_TYPE", sizeof("PHP_AUTH_TYPE"), (void **) &data) != FAILURE) { -+ if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_TYPE", sizeof("PHP_AUTH_TYPE"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) { - php_info_print_table_row(2, "PHP_AUTH_TYPE", Z_STRVAL_PP(data)); - } -- if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_USER", sizeof("PHP_AUTH_USER"), (void **) &data) != FAILURE) { -+ if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_USER", sizeof("PHP_AUTH_USER"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) { - php_info_print_table_row(2, "PHP_AUTH_USER", Z_STRVAL_PP(data)); - } -- if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_PW", sizeof("PHP_AUTH_PW"), (void **) &data) != FAILURE) { -+ if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_PW", sizeof("PHP_AUTH_PW"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) { - php_info_print_table_row(2, "PHP_AUTH_PW", Z_STRVAL_PP(data)); - } - php_print_gpcse_array(ZEND_STRL("_REQUEST") TSRMLS_CC); -diff --git a/ext/standard/tests/general_functions/bug67498.phpt b/ext/standard/tests/general_functions/bug67498.phpt -new file mode 100644 -index 0000000..5b5951b ---- /dev/null -+++ b/ext/standard/tests/general_functions/bug67498.phpt -@@ -0,0 +1,15 @@ -+--TEST-- -+phpinfo() Type Confusion Information Leak Vulnerability -+--FILE-- -+<?php -+$PHP_SELF = 1; -+phpinfo(INFO_VARIABLES); -+ -+?> -+==DONE== -+--EXPECTF-- -+phpinfo() -+ -+PHP Variables -+%A -+==DONE== --- -1.9.2 - |