- update to 5.5.1
- add Provides: php(pdo-abi), for consistency with php(api) and php(zend-abi) - improved description for mod_php - fix ZTS configuration (blacklists in /etc/php-zts.d) - add missing man pages (phar, php-cgi)
This commit is contained in:
parent
599d103a3e
commit
44ee03564a
1
.gitignore
vendored
1
.gitignore
vendored
@ -11,3 +11,4 @@ php-5.4.*.bz2
|
||||
/php-5.5.0RC3.tar.xz
|
||||
/php-5.5.0RC3-strip.tar.xz
|
||||
/php-5.5.0-strip.tar.xz
|
||||
/php-5.5.1-strip.tar.xz
|
||||
|
@ -1,181 +0,0 @@
|
||||
From 7d163e8a0880ae8af2dd869071393e5dc07ef271 Mon Sep 17 00:00:00 2001
|
||||
From: Rob Richards <rrichards@php.net>
|
||||
Date: Sat, 6 Jul 2013 07:53:07 -0400
|
||||
Subject: [PATCH] truncate results at depth of 255 to prevent corruption
|
||||
|
||||
---
|
||||
ext/xml/xml.c | 90 +++++++++++++++++++++++++++++++++--------------------------
|
||||
1 file changed, 50 insertions(+), 40 deletions(-)
|
||||
|
||||
diff --git a/ext/xml/xml.c b/ext/xml/xml.c
|
||||
index 1f0480b..9f0bc30 100644
|
||||
--- a/ext/xml/xml.c
|
||||
+++ b/ext/xml/xml.c
|
||||
@@ -428,7 +428,7 @@ static void xml_parser_dtor(zend_rsrc_list_entry *rsrc TSRMLS_DC)
|
||||
}
|
||||
if (parser->ltags) {
|
||||
int inx;
|
||||
- for (inx = 0; inx < parser->level; inx++)
|
||||
+ for (inx = 0; ((inx < parser->level) && (inx < XML_MAXLEVEL)); inx++)
|
||||
efree(parser->ltags[ inx ]);
|
||||
efree(parser->ltags);
|
||||
}
|
||||
@@ -805,45 +805,50 @@ void _xml_startElementHandler(void *userData, const XML_Char *name, const XML_Ch
|
||||
}
|
||||
|
||||
if (parser->data) {
|
||||
- zval *tag, *atr;
|
||||
- int atcnt = 0;
|
||||
+ if (parser->level <= XML_MAXLEVEL) {
|
||||
+ zval *tag, *atr;
|
||||
+ int atcnt = 0;
|
||||
|
||||
- MAKE_STD_ZVAL(tag);
|
||||
- MAKE_STD_ZVAL(atr);
|
||||
+ MAKE_STD_ZVAL(tag);
|
||||
+ MAKE_STD_ZVAL(atr);
|
||||
|
||||
- array_init(tag);
|
||||
- array_init(atr);
|
||||
+ array_init(tag);
|
||||
+ array_init(atr);
|
||||
|
||||
- _xml_add_to_info(parser,((char *) tag_name) + parser->toffset);
|
||||
+ _xml_add_to_info(parser,((char *) tag_name) + parser->toffset);
|
||||
|
||||
- add_assoc_string(tag,"tag",((char *) tag_name) + parser->toffset,1); /* cast to avoid gcc-warning */
|
||||
- add_assoc_string(tag,"type","open",1);
|
||||
- add_assoc_long(tag,"level",parser->level);
|
||||
+ add_assoc_string(tag,"tag",((char *) tag_name) + parser->toffset,1); /* cast to avoid gcc-warning */
|
||||
+ add_assoc_string(tag,"type","open",1);
|
||||
+ add_assoc_long(tag,"level",parser->level);
|
||||
|
||||
- parser->ltags[parser->level-1] = estrdup(tag_name);
|
||||
- parser->lastwasopen = 1;
|
||||
+ parser->ltags[parser->level-1] = estrdup(tag_name);
|
||||
+ parser->lastwasopen = 1;
|
||||
|
||||
- attributes = (const XML_Char **) attrs;
|
||||
+ attributes = (const XML_Char **) attrs;
|
||||
|
||||
- while (attributes && *attributes) {
|
||||
- att = _xml_decode_tag(parser, attributes[0]);
|
||||
- val = xml_utf8_decode(attributes[1], strlen(attributes[1]), &val_len, parser->target_encoding);
|
||||
-
|
||||
- add_assoc_stringl(atr,att,val,val_len,0);
|
||||
+ while (attributes && *attributes) {
|
||||
+ att = _xml_decode_tag(parser, attributes[0]);
|
||||
+ val = xml_utf8_decode(attributes[1], strlen(attributes[1]), &val_len, parser->target_encoding);
|
||||
|
||||
- atcnt++;
|
||||
- attributes += 2;
|
||||
+ add_assoc_stringl(atr,att,val,val_len,0);
|
||||
|
||||
- efree(att);
|
||||
- }
|
||||
+ atcnt++;
|
||||
+ attributes += 2;
|
||||
|
||||
- if (atcnt) {
|
||||
- zend_hash_add(Z_ARRVAL_P(tag),"attributes",sizeof("attributes"),&atr,sizeof(zval*),NULL);
|
||||
- } else {
|
||||
- zval_ptr_dtor(&atr);
|
||||
- }
|
||||
+ efree(att);
|
||||
+ }
|
||||
+
|
||||
+ if (atcnt) {
|
||||
+ zend_hash_add(Z_ARRVAL_P(tag),"attributes",sizeof("attributes"),&atr,sizeof(zval*),NULL);
|
||||
+ } else {
|
||||
+ zval_ptr_dtor(&atr);
|
||||
+ }
|
||||
|
||||
- zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),(void *) &parser->ctag);
|
||||
+ zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),(void *) &parser->ctag);
|
||||
+ } else if (parser->level == (XML_MAXLEVEL + 1)) {
|
||||
+ TSRMLS_FETCH();
|
||||
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Maximum depth exceeded - Results truncated");
|
||||
+ }
|
||||
}
|
||||
|
||||
efree(tag_name);
|
||||
@@ -895,7 +900,7 @@ void _xml_endElementHandler(void *userData, const XML_Char *name)
|
||||
|
||||
efree(tag_name);
|
||||
|
||||
- if (parser->ltags) {
|
||||
+ if ((parser->ltags) && (parser->level <= XML_MAXLEVEL)) {
|
||||
efree(parser->ltags[parser->level-1]);
|
||||
}
|
||||
|
||||
@@ -979,18 +984,23 @@ void _xml_characterDataHandler(void *userData, const XML_Char *s, int len)
|
||||
}
|
||||
}
|
||||
|
||||
- MAKE_STD_ZVAL(tag);
|
||||
-
|
||||
- array_init(tag);
|
||||
-
|
||||
- _xml_add_to_info(parser,parser->ltags[parser->level-1] + parser->toffset);
|
||||
+ if (parser->level <= XML_MAXLEVEL) {
|
||||
+ MAKE_STD_ZVAL(tag);
|
||||
|
||||
- add_assoc_string(tag,"tag",parser->ltags[parser->level-1] + parser->toffset,1);
|
||||
- add_assoc_string(tag,"value",decoded_value,0);
|
||||
- add_assoc_string(tag,"type","cdata",1);
|
||||
- add_assoc_long(tag,"level",parser->level);
|
||||
+ array_init(tag);
|
||||
|
||||
- zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),NULL);
|
||||
+ _xml_add_to_info(parser,parser->ltags[parser->level-1] + parser->toffset);
|
||||
+
|
||||
+ add_assoc_string(tag,"tag",parser->ltags[parser->level-1] + parser->toffset,1);
|
||||
+ add_assoc_string(tag,"value",decoded_value,0);
|
||||
+ add_assoc_string(tag,"type","cdata",1);
|
||||
+ add_assoc_long(tag,"level",parser->level);
|
||||
+
|
||||
+ zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),NULL);
|
||||
+ } else if (parser->level == (XML_MAXLEVEL + 1)) {
|
||||
+ TSRMLS_FETCH();
|
||||
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Maximum depth exceeded - Results truncated");
|
||||
+ }
|
||||
}
|
||||
} else {
|
||||
efree(decoded_value);
|
||||
--
|
||||
1.7.11.5
|
||||
|
||||
From 710eee5555bc5c95692bd3c84f5d2b5d687349b6 Mon Sep 17 00:00:00 2001
|
||||
From: =?utf8?q?Johannes=20Schl=C3=BCter?= <johannes@php.net>
|
||||
Date: Wed, 10 Jul 2013 19:35:18 +0200
|
||||
Subject: [PATCH] add test for bug #65236
|
||||
|
||||
---
|
||||
ext/xml/tests/bug65236.phpt | 15 +++++++++++++++
|
||||
1 file changed, 15 insertions(+)
|
||||
create mode 100644 ext/xml/tests/bug65236.phpt
|
||||
|
||||
diff --git a/ext/xml/tests/bug65236.phpt b/ext/xml/tests/bug65236.phpt
|
||||
new file mode 100644
|
||||
index 0000000..67b26d6
|
||||
--- /dev/null
|
||||
+++ b/ext/xml/tests/bug65236.phpt
|
||||
@@ -0,0 +1,15 @@
|
||||
+--TEST--
|
||||
+Bug #65236 (heap corruption in xml parser)
|
||||
+--SKIPIF--
|
||||
+<?php
|
||||
+require_once("skipif.inc");
|
||||
+?>
|
||||
+--FILE--
|
||||
+<?php
|
||||
+xml_parse_into_struct(xml_parser_create_ns(), str_repeat("<blah>", 1000), $a);
|
||||
+
|
||||
+echo "Done\n";
|
||||
+?>
|
||||
+--EXPECTF--
|
||||
+Warning: xml_parse_into_struct(): Maximum depth exceeded - Results truncated in %s on line %d
|
||||
+Done
|
||||
--
|
||||
1.7.11.5
|
||||
|
23
php.spec
23
php.spec
@ -68,8 +68,8 @@
|
||||
|
||||
Summary: PHP scripting language for creating dynamic web sites
|
||||
Name: php
|
||||
Version: 5.5.0
|
||||
Release: 2%{?dist}
|
||||
Version: 5.5.1
|
||||
Release: 1%{?dist}
|
||||
# All files licensed under PHP version 3.01, except
|
||||
# Zend is licensed under Zend
|
||||
# TSRM is licensed under BSD
|
||||
@ -121,7 +121,6 @@ Patch46: php-5.4.9-fixheader.patch
|
||||
Patch47: php-5.4.9-phpinfo.patch
|
||||
|
||||
# Security fixes
|
||||
Patch60: php-5.5.0-CVE-2013-4013.patch
|
||||
|
||||
# Fixes for tests
|
||||
|
||||
@ -728,7 +727,6 @@ support for using the enchant library to PHP.
|
||||
%patch46 -p1 -b .fixheader
|
||||
%patch47 -p1 -b .phpinfo
|
||||
|
||||
%patch60 -p1 -b .cve4113
|
||||
|
||||
# Prevent %%doc confusion over LICENSE files
|
||||
cp Zend/LICENSE Zend/ZEND_LICENSE
|
||||
@ -1366,6 +1364,9 @@ cat files.zip >> files.common
|
||||
|
||||
# The default Zend OPcache blacklist file
|
||||
install -m 644 %{SOURCE51} $RPM_BUILD_ROOT%{_sysconfdir}/php.d/opcache-default.blacklist
|
||||
install -m 644 %{SOURCE51} $RPM_BUILD_ROOT%{_sysconfdir}/php-zts.d/opcache-default.blacklist
|
||||
sed -e '/blacklist_filename/s/php.d/php-zts.d/' \
|
||||
-i $RPM_BUILD_ROOT%{_sysconfdir}/php-zts.d/opcache.ini
|
||||
|
||||
# Install the macros file:
|
||||
install -d $RPM_BUILD_ROOT%{_sysconfdir}/rpm
|
||||
@ -1450,6 +1451,9 @@ exit 0
|
||||
# provides phpize here (not in -devel) for pecl command
|
||||
%{_bindir}/phpize
|
||||
%{_mandir}/man1/php.1*
|
||||
%{_mandir}/man1/php-cgi.1*
|
||||
%{_mandir}/man1/phar.1*
|
||||
%{_mandir}/man1/phar.phar.1*
|
||||
%{_mandir}/man1/phpize.1*
|
||||
%doc sapi/cgi/README* sapi/cli/README
|
||||
|
||||
@ -1528,9 +1532,18 @@ exit 0
|
||||
%files mysqlnd -f files.mysqlnd
|
||||
%files opcache -f files.opcache
|
||||
%config(noreplace) %{_sysconfdir}/php.d/opcache-default.blacklist
|
||||
%config(noreplace) %{_sysconfdir}/php-zts.d/opcache-default.blacklist
|
||||
|
||||
|
||||
%changelog
|
||||
* Mon Jul 22 2013 Remi Collet <rcollet@redhat.com> - 5.5.1-1
|
||||
- update to 5.5.1
|
||||
- add Provides: php(pdo-abi), for consistency with php(api)
|
||||
and php(zend-abi)
|
||||
- improved description for mod_php
|
||||
- fix ZTS configuration (blacklists in /etc/php-zts.d)
|
||||
- add missing man pages (phar, php-cgi)
|
||||
|
||||
* Fri Jul 12 2013 Remi Collet <rcollet@redhat.com> - 5.5.0-2
|
||||
- add security fix for CVE-2013-4113
|
||||
- add missing ASL 1.0 license
|
||||
@ -2062,7 +2075,7 @@ exit 0
|
||||
- rebuild for libc-client bump
|
||||
|
||||
* Wed Dec 05 2007 Release Engineering <rel-eng at fedoraproject dot org> - 5.2.5-3
|
||||
- Rebuild for openssl bump
|
||||
- Rebuild for openssl bump
|
||||
|
||||
* Wed Dec 5 2007 Joe Orton <jorton@redhat.com> 5.2.5-2
|
||||
- update to 5.2.5
|
||||
|
Loading…
Reference in New Issue
Block a user