pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/www/php4 Update to 4.4.3



details:   https://anonhg.NetBSD.org/pkgsrc/rev/b25a36693f07
branches:  trunk
changeset: 517442:b25a36693f07
user:      adrianp <adrianp%pkgsrc.org@localhost>
date:      Thu Aug 10 23:01:39 2006 +0000

description:
Update to 4.4.3

All PHP 4.x users are encouraged to upgrade to this release as soon as possible.

The security issues resolved include the following:

* Disallow certain characters in session names.
* Fixed a buffer overflow inside the wordwrap() function.
* Prevent jumps to parent directory via the 2nd parameter of the tempnam()
  function.
* Improved safe_mode check for the error_log() function.
* Fixed cross-site scripting inside the phpinfo() function.

The release also includes about 20 bug fixes and an upgraded PCRE library
(version 6.6).

For a full list of changes in PHP 4.4.3, see the ChangeLog:
http://www.php.net/ChangeLog-4.php#4.4.3

This also contains a fix for CVE-2006-4020 (SA21403)

diffstat:

 www/php4/Makefile         |   3 +-
 www/php4/Makefile.common  |   4 +-
 www/php4/distinfo         |  16 +++-----
 www/php4/files/pear.sh    |   2 +-
 www/php4/patches/patch-ao |  12 ++----
 www/php4/patches/patch-aq |  13 -------
 www/php4/patches/patch-ar |  55 -------------------------------
 www/php4/patches/patch-as |  43 ------------------------
 www/php4/patches/patch-au |  24 -------------
 www/php4/patches/patch-av |  15 --------
 www/php4/patches/patch-aw |  83 +++++++++++++++++++++++++++++++++++++++++++++++
 11 files changed, 97 insertions(+), 173 deletions(-)

diffs (truncated from 347 to 300 lines):

diff -r d46bece1710d -r b25a36693f07 www/php4/Makefile
--- a/www/php4/Makefile Thu Aug 10 17:58:10 2006 +0000
+++ b/www/php4/Makefile Thu Aug 10 23:01:39 2006 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.69 2006/07/18 21:26:17 adrianp Exp $
+# $NetBSD: Makefile,v 1.70 2006/08/10 23:01:40 adrianp Exp $
 
 PKGNAME=               php-${PHP_BASE_VERS}
-PKGREVISION=           3
 CATEGORIES+=           lang
 COMMENT=               HTML-embedded scripting language
 
diff -r d46bece1710d -r b25a36693f07 www/php4/Makefile.common
--- a/www/php4/Makefile.common  Thu Aug 10 17:58:10 2006 +0000
+++ b/www/php4/Makefile.common  Thu Aug 10 23:01:39 2006 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.52 2006/03/03 07:11:34 cube Exp $
+# $NetBSD: Makefile.common,v 1.53 2006/08/10 23:01:40 adrianp Exp $
 
 DISTNAME?=             php-${PHP_DIST_VERS}
 CATEGORIES+=           www php4
@@ -18,7 +18,7 @@
 # PHP_DIST_VERS                version number on the php distfile
 # PHP_BASE_VERS                pkgsrc-mangled version number (convert pl -> .)
 #
-PHP_DIST_VERS=         4.4.2
+PHP_DIST_VERS=         4.4.3
 PHP_BASE_VERS=         ${PHP_DIST_VERS}
 
 DISTFILES?=            ${PHP_DISTFILE}
diff -r d46bece1710d -r b25a36693f07 www/php4/distinfo
--- a/www/php4/distinfo Thu Aug 10 17:58:10 2006 +0000
+++ b/www/php4/distinfo Thu Aug 10 23:01:39 2006 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.55 2006/07/18 21:21:19 adrianp Exp $
+$NetBSD: distinfo,v 1.56 2006/08/10 23:01:40 adrianp Exp $
 
-SHA1 (php-4.4.2.tar.bz2) = 88f2e9efff0add8d8e3034d4ce3a948429b88756
-RMD160 (php-4.4.2.tar.bz2) = cbef0fa4e233529422bc0944dcfb79d866013f5e
-Size (php-4.4.2.tar.bz2) = 4371185 bytes
+SHA1 (php-4.4.3.tar.bz2) = 42aec56fec03c13366c0b0aac13169138814a4b5
+RMD160 (php-4.4.3.tar.bz2) = 36c91930af44e8a1ed59eb159e6131ae8f0c77f0
+Size (php-4.4.3.tar.bz2) = 4461353 bytes
 SHA1 (patch-aa) = feb064407950d0fc732b7240e65cac84420d2407
 SHA1 (patch-ab) = 38a4bcd0d65b26c5d8e54e22b552f60831188469
 SHA1 (patch-ad) = 9ca5d2f59bfeea77a98cd0e727546d11669114cd
@@ -12,11 +12,7 @@
 SHA1 (patch-aj) = cc68ce876dc5998becbe2f1f74288b5da5bbaca3
 SHA1 (patch-ak) = 1f9fbe26c7329e1d18eec053499ee2d574b5b970
 SHA1 (patch-al) = 28ad9006b387e2b9984ad49beea21c9d46e63b46
-SHA1 (patch-ao) = cd30bbff10f1d045c829f72d94304c9dcf202fc6
+SHA1 (patch-ao) = 0fd4becf023451ac8cb185df354830efc86c1344
 SHA1 (patch-ap) = 2f852abd1e9d0f089add18b2eade2831253ad00e
-SHA1 (patch-aq) = 00f410eb61624aee0c68d2fd6802a6be7adb373e
-SHA1 (patch-ar) = 5606c1ec5a7afaeda2e3cc7879cc0caa4f86ca68
-SHA1 (patch-as) = 7987c293d2290aa5e68fba87d0aa759797ace40d
 SHA1 (patch-at) = f8b3aebd61fe2d5b5a994e1d973424a1ed397f63
-SHA1 (patch-au) = b5fa682fa6b03cc91e68db7e7ed6985897a3288f
-SHA1 (patch-av) = fc105360bccbff5a5eae119f24a8aa12b4e08139
+SHA1 (patch-aw) = f8e2f36a4d9bb4a60d255127ac5984c33ea74841
diff -r d46bece1710d -r b25a36693f07 www/php4/files/pear.sh
--- a/www/php4/files/pear.sh    Thu Aug 10 17:58:10 2006 +0000
+++ b/www/php4/files/pear.sh    Thu Aug 10 23:01:39 2006 +0000
@@ -25,4 +25,4 @@
   fi
 fi
 
-exec $PHP -C -q $INCARG -d output_buffering=1 -dmemory_limit=12M $INCDIR/pearcmd.php "$@"
+exec $PHP -C -q $INCARG -d output_buffering=1 -d open_basedir="" -d safe_mode=0 -d memory_limit=12M $INCDIR/pearcmd.php "$@"
diff -r d46bece1710d -r b25a36693f07 www/php4/patches/patch-ao
--- a/www/php4/patches/patch-ao Thu Aug 10 17:58:10 2006 +0000
+++ b/www/php4/patches/patch-ao Thu Aug 10 23:01:39 2006 +0000
@@ -1,13 +1,9 @@
-$NetBSD: patch-ao,v 1.2 2006/03/06 15:57:58 cube Exp $
+$NetBSD: patch-ao,v 1.3 2006/08/10 23:01:39 adrianp Exp $
 
---- pear/Makefile.frag.orig    2005-11-05 19:19:23.000000000 +0100
+--- pear/Makefile.frag.orig    2006-05-07 17:33:41.000000000 +0100
 +++ pear/Makefile.frag
-@@ -3,10 +3,10 @@
- peardir=$(PEAR_INSTALLDIR)
- 
- # Skip all php.ini files altogether
--PEAR_INSTALL_FLAGS = -n -dshort_open_tag=0 -dsafe_mode=0
-+PEAR_INSTALL_FLAGS = -n -dshort_open_tag=0 -dsafe_mode=0 -dmemory_limit=16M
+@@ -6,7 +6,7 @@ peardir=$(PEAR_INSTALLDIR)
+ PEAR_INSTALL_FLAGS = -n -dshort_open_tag=0 -dopen_basedir= -dsafe_mode=0 -dmemory_limit=-1
  
  install-pear-packages: $(top_builddir)/sapi/cli/php
 -      @$(top_builddir)/sapi/cli/php $(PEAR_INSTALL_FLAGS) $(srcdir)/install-pear.php -d "$(peardir)" -b "$(bindir)" $(srcdir)/packages/*.tar
diff -r d46bece1710d -r b25a36693f07 www/php4/patches/patch-aq
--- a/www/php4/patches/patch-aq Thu Aug 10 17:58:10 2006 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,13 +0,0 @@
-$NetBSD: patch-aq,v 1.1 2006/04/14 13:48:33 cube Exp $
-
---- ext/standard/html.c.orig   2006-01-01 14:46:57.000000000 +0100
-+++ ext/standard/html.c
-@@ -793,7 +793,7 @@ PHPAPI char *php_unescape_html_entities(
-       enum entity_charset charset = determine_charset(hint_charset TSRMLS_CC);
-       unsigned char replacement[15];
-       
--      ret = estrdup(old);
-+      ret = estrndup(old, oldlen);
-       retlen = oldlen;
-       if (!retlen) {
-               goto empty_source;
diff -r d46bece1710d -r b25a36693f07 www/php4/patches/patch-ar
--- a/www/php4/patches/patch-ar Thu Aug 10 17:58:10 2006 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,55 +0,0 @@
-$NetBSD: patch-ar,v 1.1 2006/04/14 13:48:33 cube Exp $
-
---- ext/standard/info.c.orig   2006-01-01 14:46:57.000000000 +0100
-+++ ext/standard/info.c
-@@ -58,6 +58,23 @@ ZEND_EXTERN_MODULE_GLOBALS(iconv)
- 
- PHPAPI extern char *php_ini_opened_path;
- PHPAPI extern char *php_ini_scanned_files;
-+      
-+static int php_info_write_wrapper(const char *str, uint str_length)
-+{
-+      int new_len, written;
-+      char *elem_esc;
-+
-+      TSRMLS_FETCH();
-+
-+      elem_esc = php_escape_html_entities((char *)str, str_length, &new_len, 0, ENT_QUOTES, NULL TSRMLS_CC);
-+
-+      written = php_body_write(elem_esc, new_len TSRMLS_CC);
-+
-+      efree(elem_esc);
-+
-+      return written;
-+}
-+
- 
- /* {{{ _display_module_info
-  */
-@@ -133,23 +150,12 @@ static void php_print_gpcse_array(char *
-                               PUTS(" => ");
-                       }
-                       if (Z_TYPE_PP(tmp) == IS_ARRAY) {
--                              zval *tmp3;
--                              MAKE_STD_ZVAL(tmp3);
-                               if (!sapi_module.phpinfo_as_text) {
-                                       PUTS("<pre>");
--                              }
--                              php_start_ob_buffer(NULL, 4096, 1 TSRMLS_CC);
--                              zend_print_zval_r(*tmp, 0);
--                              php_ob_get_buffer(tmp3 TSRMLS_CC);
--                              php_end_ob_buffer(0, 0 TSRMLS_CC);
--                              
--                              elem_esc = php_info_html_esc(Z_STRVAL_P(tmp3) TSRMLS_CC);
--                              PUTS(elem_esc);
--                              efree(elem_esc);
--                              zval_ptr_dtor(&tmp3);
--
--                              if (!sapi_module.phpinfo_as_text) {
-+                                      zend_print_zval_ex((zend_write_func_t) php_info_write_wrapper, *tmp, 0);
-                                       PUTS("</pre>");
-+                              } else {
-+                                      zend_print_zval_r(*tmp, 0 TSRMLS_CC);
-                               }
-                       } else if (Z_TYPE_PP(tmp) != IS_STRING) {
-                               tmp2 = **tmp;
diff -r d46bece1710d -r b25a36693f07 www/php4/patches/patch-as
--- a/www/php4/patches/patch-as Thu Aug 10 17:58:10 2006 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,43 +0,0 @@
-$NetBSD: patch-as,v 1.1 2006/04/14 13:48:33 cube Exp $
-
---- ext/standard/file.c.orig   2006-01-01 14:46:57.000000000 +0100
-+++ ext/standard/file.c
-@@ -552,7 +552,7 @@ PHP_FUNCTION(tempnam)
-       pval **arg1, **arg2;
-       char *d;
-       char *opened_path;
--      char p[64];
-+      char *p;
-       FILE *fp;
- 
-       if (ZEND_NUM_ARGS() != 2 || zend_get_parameters_ex(2, &arg1, &arg2) == FAILURE) {
-@@ -566,7 +566,11 @@ PHP_FUNCTION(tempnam)
-       }
- 
-       d = estrndup(Z_STRVAL_PP(arg1), Z_STRLEN_PP(arg1));
--      strlcpy(p, Z_STRVAL_PP(arg2), sizeof(p));
-+
-+      p = php_basename(Z_STRVAL_PP(arg2), Z_STRLEN_PP(arg2), NULL, 0);
-+      if (strlen(p) > 64) {
-+              p[63] = '\0';
-+      }
- 
-       if ((fp = php_open_temporary_file(d, p, &opened_path TSRMLS_CC))) {
-               fclose(fp);
-@@ -574,6 +578,7 @@ PHP_FUNCTION(tempnam)
-       } else {
-               RETVAL_FALSE;
-       }
-+      efree(p);
-       efree(d);
- }
- /* }}} */
-@@ -2196,7 +2201,7 @@ no_stat:
- safe_to_copy:
- 
-       srcstream = php_stream_open_wrapper(src, "rb",
--                              STREAM_DISABLE_OPEN_BASEDIR | REPORT_ERRORS,
-+                              ENFORCE_SAFE_MODE | REPORT_ERRORS,
-                               NULL);
- 
-       if (!srcstream)
diff -r d46bece1710d -r b25a36693f07 www/php4/patches/patch-au
--- a/www/php4/patches/patch-au Thu Aug 10 17:58:10 2006 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,24 +0,0 @@
-$NetBSD: patch-au,v 1.1 2006/07/18 21:21:19 adrianp Exp $
-
-# This is CVE-2006-1990
-
---- ext/standard/string.c.orig 2006-01-01 13:46:58.000000000 +0000
-+++ ext/standard/string.c
-@@ -672,15 +672,13 @@ PHP_FUNCTION(wordwrap)
-               /* Multiple character line break or forced cut */
-               if (linelength > 0) {
-                       chk = (int)(textlen/linelength + 1);
-+                      newtext = safe_emalloc(chk, breakcharlen, textlen + 1);
-                       alloced = textlen + chk * breakcharlen + 1;
-               } else {
-                       chk = textlen;
-+                      newtext = safe_emalloc(textlen, (breakcharlen + 1), 1);
-                       alloced = textlen * (breakcharlen + 1) + 1;
-               }
--              if (alloced <= 0) {
--                      RETURN_FALSE;
--              }
--              newtext = emalloc(alloced);
- 
-               /* now keep track of the actual new text length */
-               newtextlen = 0;
diff -r d46bece1710d -r b25a36693f07 www/php4/patches/patch-av
--- a/www/php4/patches/patch-av Thu Aug 10 17:58:10 2006 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,15 +0,0 @@
-$NetBSD: patch-av,v 1.1 2006/07/18 21:21:19 adrianp Exp $
-
-# This is CVE-2006-3011
-
---- ext/standard/basic_functions.c.orig        2006-01-01 13:46:57.000000000 +0000
-+++ ext/standard/basic_functions.c
-@@ -1866,7 +1866,7 @@ PHPAPI int _php_error_log(int opt_err, c
-                       break;
- 
-               case 3:         /*save to a file */
--                      stream = php_stream_open_wrapper(opt, "a", IGNORE_URL | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL);
-+                      stream = php_stream_open_wrapper(opt, "a", IGNORE_URL_WIN | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL);
-                       if (!stream)
-                               return FAILURE;
-                       php_stream_write(stream, message, strlen(message));
diff -r d46bece1710d -r b25a36693f07 www/php4/patches/patch-aw
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/php4/patches/patch-aw Thu Aug 10 23:01:39 2006 +0000
@@ -0,0 +1,83 @@
+--- ext/standard/scanf.c.orig  2006-01-01 13:46:58.000000000 +0000
++++ ext/standard/scanf.c       2006-08-10 23:00:19.000000000 +0100
+@@ -732,7 +732,7 @@
+                 if (*end == '$') {
+                     format = end+1;
+                     ch = format++;
+-                    objIndex = varStart + value;
++                    objIndex = varStart + value - 1;
+                 }
+          }
+ 
+@@ -762,8 +762,10 @@
+         switch (*ch) {
+             case 'n':
+                 if (!(flags & SCAN_SUPPRESS)) {
+-                    if (numVars) {
+-                                              current = args[objIndex++];
++                    if (numVars && objIndex >= argCount) {
++                        break;
++                    } else if (numVars) {
++                        current = args[objIndex++];
+                         zval_dtor( *current );
+                         ZVAL_LONG( *current, (long)(string - baseString) );
+                     } else {
+@@ -883,8 +885,10 @@
+                 }
+             }
+             if (!(flags & SCAN_SUPPRESS)) {
+-                if (numVars) {
+-                    current = args[objIndex++];
++                if (numVars && objIndex >= argCount) {
++                    break;
++                } else if (numVars) {
++                                      current = args[objIndex++];
+                                       zval_dtor( *current );
+                                       ZVAL_STRINGL( *current, string, end-string, 1);



Home | Main Index | Thread Index | Old Index