- update to 5.5.1

- add Provides: php(pdo-abi), for consistency with php(api) and php(zend-abi) - improved description for mod_php - fix ZTS configuration (blacklists in /etc/php-zts.d) - add missing man pages (phar, php-cgi)
2013-07-22 08:25:47 +02:00 · 2013-07-22 08:25:47 +02:00 · 44ee03564a
commit 44ee03564a
parent 599d103a3e
4 changed files with 20 additions and 187 deletions
--- a/.gitignore
+++ b/.gitignore
@ -11,3 +11,4 @@ php-5.4.*.bz2
 /php-5.5.0RC3.tar.xz
 /php-5.5.0RC3-strip.tar.xz
 /php-5.5.0-strip.tar.xz
 /php-5.5.1-strip.tar.xz
--- a/php-5.5.0-CVE-2013-4013.patch
+++ b/php-5.5.0-CVE-2013-4013.patch
@ -1,181 +0,0 @@
 From 7d163e8a0880ae8af2dd869071393e5dc07ef271 Mon Sep 17 00:00:00 2001
 From: Rob Richards <rrichards@php.net>
 Date: Sat, 6 Jul 2013 07:53:07 -0400
 Subject: [PATCH] truncate results at depth of 255 to prevent corruption
 ---
 ext/xml/xml.c | 90 +++++++++++++++++++++++++++++++++--------------------------
 1 file changed, 50 insertions(+), 40 deletions(-)
 diff --git a/ext/xml/xml.c b/ext/xml/xml.c
 index 1f0480b..9f0bc30 100644
 --- a/ext/xml/xml.c
 +++ b/ext/xml/xml.c
@@ -428,7 +428,7 @@ static void xml_parser_dtor(zend_rsrc_list_entry *rsrc TSRMLS_DC)
 	}
 	if (parser->ltags) {
 		int inx;
 -		for (inx = 0; inx < parser->level; inx++)
 +		for (inx = 0; ((inx < parser->level) && (inx < XML_MAXLEVEL)); inx++)
 			efree(parser->ltags[ inx ]);
 		efree(parser->ltags);
 	}
@@ -805,45 +805,50 @@ void _xml_startElementHandler(void *userData, const XML_Char *name, const XML_Ch
 		} 
 		if (parser->data) {
 -			zval *tag, *atr;
 -			int atcnt = 0;
 +			if (parser->level <= XML_MAXLEVEL)  {
 +				zval *tag, *atr;
 +				int atcnt = 0;
 -			MAKE_STD_ZVAL(tag);
 -			MAKE_STD_ZVAL(atr);
 +				MAKE_STD_ZVAL(tag);
 +				MAKE_STD_ZVAL(atr);
 -			array_init(tag);
 -			array_init(atr);
 +				array_init(tag);
 +				array_init(atr);
 -			_xml_add_to_info(parser,((char *) tag_name) + parser->toffset);
 +				_xml_add_to_info(parser,((char *) tag_name) + parser->toffset);
 -			add_assoc_string(tag,"tag",((char *) tag_name) + parser->toffset,1); /* cast to avoid gcc-warning */
 -			add_assoc_string(tag,"type","open",1);
 -			add_assoc_long(tag,"level",parser->level);
 +				add_assoc_string(tag,"tag",((char *) tag_name) + parser->toffset,1); /* cast to avoid gcc-warning */
 +				add_assoc_string(tag,"type","open",1);
 +				add_assoc_long(tag,"level",parser->level);
 -			parser->ltags[parser->level-1] = estrdup(tag_name);
 -			parser->lastwasopen = 1;
 +				parser->ltags[parser->level-1] = estrdup(tag_name);
 +				parser->lastwasopen = 1;
 -			attributes = (const XML_Char **) attrs;
 +				attributes = (const XML_Char **) attrs;
 -			while (attributes && *attributes) {
 -				att = _xml_decode_tag(parser, attributes[0]);
 -				val = xml_utf8_decode(attributes[1], strlen(attributes[1]), &val_len, parser->target_encoding);
 -				
 -				add_assoc_stringl(atr,att,val,val_len,0);
 +				while (attributes && *attributes) {
 +					att = _xml_decode_tag(parser, attributes[0]);
 +					val = xml_utf8_decode(attributes[1], strlen(attributes[1]), &val_len, parser->target_encoding);
 -				atcnt++;
 -				attributes += 2;
 +					add_assoc_stringl(atr,att,val,val_len,0);
 -				efree(att);
 -			}
 +					atcnt++;
 +					attributes += 2;
 -			if (atcnt) {
 -				zend_hash_add(Z_ARRVAL_P(tag),"attributes",sizeof("attributes"),&atr,sizeof(zval*),NULL);
 -			} else {
 -				zval_ptr_dtor(&atr);
 -			}
 +					efree(att);
 +				}
 +
 +				if (atcnt) {
 +					zend_hash_add(Z_ARRVAL_P(tag),"attributes",sizeof("attributes"),&atr,sizeof(zval*),NULL);
 +				} else {
 +					zval_ptr_dtor(&atr);
 +				}
 -			zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),(void *) &parser->ctag);
 +				zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),(void *) &parser->ctag);
 +			} else if (parser->level == (XML_MAXLEVEL + 1)) {
 +				TSRMLS_FETCH();
 +				php_error_docref(NULL TSRMLS_CC, E_WARNING, "Maximum depth exceeded - Results truncated");
 +			}
 		}
 		efree(tag_name);
@@ -895,7 +900,7 @@ void _xml_endElementHandler(void *userData, const XML_Char *name)
 		efree(tag_name);
 -		if (parser->ltags) {
 +		if ((parser->ltags) && (parser->level <= XML_MAXLEVEL)) {
 			efree(parser->ltags[parser->level-1]);
 		}
@@ -979,18 +984,23 @@ void _xml_characterDataHandler(void *userData, const XML_Char *s, int len)
 						}
 					}
 -					MAKE_STD_ZVAL(tag);
 -					
 -					array_init(tag);
 -					
 -					_xml_add_to_info(parser,parser->ltags[parser->level-1] + parser->toffset);
 +					if (parser->level <= XML_MAXLEVEL) {
 +						MAKE_STD_ZVAL(tag);
 -					add_assoc_string(tag,"tag",parser->ltags[parser->level-1] + parser->toffset,1);
 -					add_assoc_string(tag,"value",decoded_value,0);
 -					add_assoc_string(tag,"type","cdata",1);
 -					add_assoc_long(tag,"level",parser->level);
 +						array_init(tag);
 -					zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),NULL);
 +						_xml_add_to_info(parser,parser->ltags[parser->level-1] + parser->toffset);
 +
 +						add_assoc_string(tag,"tag",parser->ltags[parser->level-1] + parser->toffset,1);
 +						add_assoc_string(tag,"value",decoded_value,0);
 +						add_assoc_string(tag,"type","cdata",1);
 +						add_assoc_long(tag,"level",parser->level);
 +
 +						zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),NULL);
 +					} else if (parser->level == (XML_MAXLEVEL + 1)) {
 +						TSRMLS_FETCH();
 +						php_error_docref(NULL TSRMLS_CC, E_WARNING, "Maximum depth exceeded - Results truncated");
 +					}
 				}
 			} else {
 				efree(decoded_value);
 -- 
 1.7.11.5
 From 710eee5555bc5c95692bd3c84f5d2b5d687349b6 Mon Sep 17 00:00:00 2001
 From: =?utf8?q?Johannes=20Schl=C3=BCter?= <johannes@php.net>
 Date: Wed, 10 Jul 2013 19:35:18 +0200
 Subject: [PATCH] add test for bug #65236
 ---
 ext/xml/tests/bug65236.phpt | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 ext/xml/tests/bug65236.phpt
 diff --git a/ext/xml/tests/bug65236.phpt b/ext/xml/tests/bug65236.phpt
 new file mode 100644
 index 0000000..67b26d6
 --- /dev/null
 +++ b/ext/xml/tests/bug65236.phpt
@@ -0,0 +1,15 @@
 +--TEST--
 +Bug #65236 (heap corruption in xml parser)
 +--SKIPIF--
 +<?php
 +require_once("skipif.inc");
 +?>
 +--FILE--
 +<?php
 +xml_parse_into_struct(xml_parser_create_ns(), str_repeat("<blah>", 1000), $a);
 +
 +echo "Done\n";
 +?>
 +--EXPECTF--
 +Warning: xml_parse_into_struct(): Maximum depth exceeded - Results truncated in %s on line %d
 +Done
 -- 
 1.7.11.5
--- a/php.spec
+++ b/php.spec
@ -68,8 +68,8 @@
 Summary: PHP scripting language for creating dynamic web sites
 Name: php
-Version: 5.5.0
+Version: 5.5.1
-Release: 2%{?dist}
+Release: 1%{?dist}
 # All files licensed under PHP version 3.01, except
 # Zend is licensed under Zend
 # TSRM is licensed under BSD
@ -121,7 +121,6 @@ Patch46: php-5.4.9-fixheader.patch
 Patch47: php-5.4.9-phpinfo.patch
 # Security fixes
 Patch60: php-5.5.0-CVE-2013-4013.patch
 # Fixes for tests
@ -728,7 +727,6 @@ support for using the enchant library to PHP.
 %patch46 -p1 -b .fixheader
 %patch47 -p1 -b .phpinfo
 %patch60 -p1 -b .cve4113
 # Prevent %%doc confusion over LICENSE files
 cp Zend/LICENSE Zend/ZEND_LICENSE
@ -1366,6 +1364,9 @@ cat files.zip >> files.common
 # The default Zend OPcache blacklist file
 install -m 644 %{SOURCE51} $RPM_BUILD_ROOT%{_sysconfdir}/php.d/opcache-default.blacklist
 install -m 644 %{SOURCE51} $RPM_BUILD_ROOT%{_sysconfdir}/php-zts.d/opcache-default.blacklist
 sed -e '/blacklist_filename/s/php.d/php-zts.d/' \
    -i $RPM_BUILD_ROOT%{_sysconfdir}/php-zts.d/opcache.ini
 # Install the macros file:
 install -d $RPM_BUILD_ROOT%{_sysconfdir}/rpm
@ -1450,6 +1451,9 @@ exit 0
 # provides phpize here (not in -devel) for pecl command
 %{_bindir}/phpize
 %{_mandir}/man1/php.1*
 %{_mandir}/man1/php-cgi.1*
 %{_mandir}/man1/phar.1*
 %{_mandir}/man1/phar.phar.1*
 %{_mandir}/man1/phpize.1*
 %doc sapi/cgi/README* sapi/cli/README
@ -1528,9 +1532,18 @@ exit 0
 %files mysqlnd -f files.mysqlnd
 %files opcache -f files.opcache
 %config(noreplace) %{_sysconfdir}/php.d/opcache-default.blacklist
 %config(noreplace) %{_sysconfdir}/php-zts.d/opcache-default.blacklist
 %changelog
 * Mon Jul 22 2013 Remi Collet <rcollet@redhat.com> - 5.5.1-1
 - update to 5.5.1
 - add Provides: php(pdo-abi), for consistency with php(api)
  and php(zend-abi)
 - improved description for mod_php
 - fix ZTS configuration (blacklists in /etc/php-zts.d)
 - add missing man pages (phar, php-cgi)
 * Fri Jul 12 2013 Remi Collet <rcollet@redhat.com> - 5.5.0-2
 - add security fix for CVE-2013-4113
 - add missing ASL 1.0 license
@ -2062,7 +2075,7 @@ exit 0
 - rebuild for libc-client bump
 * Wed Dec 05 2007 Release Engineering <rel-eng at fedoraproject dot org> - 5.2.5-3
- - Rebuild for openssl bump
+- Rebuild for openssl bump
 * Wed Dec  5 2007 Joe Orton <jorton@redhat.com> 5.2.5-2
 - update to 5.2.5
--- a/2
+++ b/2
@ -1 +1 @@
-17afa934e4208640562096702534d5c2  php-5.5.0-strip.tar.xz
+79bcf1671bcf2c032a0aa1e5bfdda6b7  php-5.5.1-strip.tar.xz
`@ -1 +1 @@`
	`17afa934e4208640562096702534d5c2 php-5.5.0-strip.tar.xz`	`79bcf1671bcf2c032a0aa1e5bfdda6b7 php-5.5.1-strip.tar.xz`