packages (PHP_5_2): php/php.spec, php/php-5.2.17-bug-319457.patch (NEW), ph...

glen glen at pld-linux.org
Mon Feb 27 13:43:23 CET 2012 

Author: glen                         Date: Mon Feb 27 12:43:23 2012 GMT
Module: packages                      Tag: PHP_5_2
---- Log message:
- CentALT patches to address CVE-2011-4153, CVE-2012-0788, and CVE-2012-0831

---- Files affected:
packages/php:
   php.spec (1.805.2.99 -> 1.805.2.100) , php-5.2.17-bug-319457.patch (NONE -> 1.1.2.1)  (NEW), php-5.2.17-bug-323016.patch (NONE -> 1.1.2.1)  (NEW), php-5.2.17-bug-55776.patch (NONE -> 1.1.2.1)  (NEW)

---- Diffs:

================================================================
Index: packages/php/php.spec
diff -u packages/php/php.spec:1.805.2.99 packages/php/php.spec:1.805.2.100
--- packages/php/php.spec:1.805.2.99	Sat Feb 11 21:00:41 2012
+++ packages/php/php.spec	Mon Feb 27 13:43:17 2012
@@ -278,10 +278,16 @@
 Patch372: php-5.2.17-bug-60455.patch
 Patch373: php-5.2.17-bug-60183.patch
 Patch374: php-5.2.17-bug-55478.patch
+# Bug-319457 CVE-2011-4153
+Patch375: php-5.2.17-bug-319457.patch
+# Bug-55776 CVE-2012-0788
+Patch376: php-5.2.17-bug-55776.patch
 
 #php-5.2-max-input-vars patch
 Patch400: php-5.2.17-max-input-vars.patch
 Patch401: php-5.2.17-bug-323007-2.patch
+# Bug-323016 CVE-2012-0831
+Patch402: php-5.2.17-bug-323016.patch
 URL:		http://www.php.net/
 %{?with_interbase:%{!?with_interbase_inst:BuildRequires:	Firebird-devel >= 1.0.2.908-2}}
 %{?with_pspell:BuildRequires:	aspell-devel >= 2:0.50.0}
@@ -2044,9 +2050,12 @@
 %patch372 -p1 -b .bug-60455
 %patch373 -p1 -b .bug-60183
 %patch374 -p1 -b .bug-55478
+%patch375 -p1 -b .bug-319457
+%patch376 -p1 -b .bug-55776
 
 %patch400 -p1 -b .php-5.2-max-input-vars
 %patch401 -p1 -b .bug-323007
+%patch402 -p1 -b .bug-323016
 
 # conflict seems to be resolved by recode patches
 rm -f ext/recode/config9.m4
@@ -3369,6 +3378,9 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
+Revision 1.805.2.100  2012/02/27 12:43:17  glen
+- CentALT patches to address CVE-2011-4153, CVE-2012-0788, and CVE-2012-0831
+
 Revision 1.805.2.99  2012/02/11 20:00:41  zbyniu
 - rmdir $RPM_BUILD_ROOT/var/run/php
 

================================================================
Index: packages/php/php-5.2.17-bug-319457.patch
diff -u /dev/null packages/php/php-5.2.17-bug-319457.patch:1.1.2.1
--- /dev/null	Mon Feb 27 13:43:23 2012
+++ packages/php/php-5.2.17-bug-319457.patch	Mon Feb 27 13:43:17 2012
@@ -0,0 +1,18 @@
+diff -up php-5.2.17/ext/oci8/oci8.c.bug-319457 php-5.2.17/ext/oci8/oci8.c
+--- php-5.2.17/ext/oci8/oci8.c.bug-319457	2012-02-16 08:25:41.000000000 +0700
++++ php-5.2.17/ext/oci8/oci8.c	2012-02-16 08:26:55.000000000 +0700
+@@ -1187,7 +1187,14 @@ open:
+ 			connection->is_persistent = 0;
+ 		} else {
+ 			connection = (php_oci_connection *) calloc(1, sizeof(php_oci_connection));
++			if (connection == NULL) {
++				return NULL;
++			}
+ 			connection->hash_key = zend_strndup(hashed_details.c, hashed_details.len);
++			if (connection->hash_key == NULL) {
++				free(connection);
++				return NULL;
++			}
+ 			connection->is_persistent = 1;
+ 		}
+ 	} else {

================================================================
Index: packages/php/php-5.2.17-bug-323016.patch
diff -u /dev/null packages/php/php-5.2.17-bug-323016.patch:1.1.2.1
--- /dev/null	Mon Feb 27 13:43:23 2012
+++ packages/php/php-5.2.17-bug-323016.patch	Mon Feb 27 13:43:17 2012
@@ -0,0 +1,48 @@
+diff -up php-5.2.17/main/php_variables.c.bug-323016 php-5.2.17/main/php_variables.c
+--- php-5.2.17/main/php_variables.c.bug-323016	2012-02-16 09:26:09.000000000 +0700
++++ php-5.2.17/main/php_variables.c	2012-02-16 09:29:47.000000000 +0700
+@@ -29,6 +29,7 @@
+ #include "SAPI.h"
+ #include "php_logos.h"
+ #include "zend_globals.h"
++#include "php_ini.h"
+ 
+ /* for systems that need to override reading of environment variables */
+ void _php_import_environment_variables(zval *array_ptr TSRMLS_DC);
+@@ -438,7 +439,10 @@ void _php_import_environment_variables(z
+ 
+ 	/* turn off magic_quotes while importing environment variables */
+ 	int magic_quotes_gpc = PG(magic_quotes_gpc);
+-	PG(magic_quotes_gpc) = 0;
++
++	if (PG(magic_quotes_gpc)) {
++		zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "0", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1);
++	}
+ 
+ 	for (env = environ; env != NULL && *env != NULL; env++) {
+ 		p = strchr(*env, '=');
+@@ -581,7 +585,9 @@ static inline void php_register_server_v
+ 		zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_SERVER]);
+ 	}
+ 	PG(http_globals)[TRACK_VARS_SERVER] = array_ptr;
+-	PG(magic_quotes_gpc) = 0;
++	if (PG(magic_quotes_gpc)) {
++		zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "0", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1);
++	}
+ 
+ 	/* Server variables */
+ 	if (sapi_module.register_server_variables) {
+diff -up php-5.2.17/sapi/cgi/cgi_main.c.bug-323016 php-5.2.17/sapi/cgi/cgi_main.c
+--- php-5.2.17/sapi/cgi/cgi_main.c.bug-323016	2010-01-03 15:23:27.000000000 +0600
++++ php-5.2.17/sapi/cgi/cgi_main.c	2012-02-16 09:26:09.000000000 +0700
+@@ -609,7 +609,9 @@ void cgi_php_import_environment_variable
+ 		int filter_arg = (array_ptr == PG(http_globals)[TRACK_VARS_ENV])?PARSE_ENV:PARSE_SERVER;
+ 
+ 		/* turn off magic_quotes while importing environment variables */
+-		PG(magic_quotes_gpc) = 0;
++		if (PG(magic_quotes_gpc)) {
++			zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "0", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1);
++		}
+ 		for (zend_hash_internal_pointer_reset_ex(&request->env, &pos);
+ 		     zend_hash_get_current_key_ex(&request->env, &var, &var_len, &idx, 0, &pos) == HASH_KEY_IS_STRING &&
+ 		     zend_hash_get_current_data_ex(&request->env, (void **) &val, &pos) == SUCCESS;

================================================================
Index: packages/php/php-5.2.17-bug-55776.patch
diff -u /dev/null packages/php/php-5.2.17-bug-55776.patch:1.1.2.1
--- /dev/null	Mon Feb 27 13:43:23 2012
+++ packages/php/php-5.2.17-bug-55776.patch	Mon Feb 27 13:43:17 2012
@@ -0,0 +1,32 @@
+diff -up php-5.2.17/ext/pdo/pdo_stmt.c.bug-55776 php-5.2.17/ext/pdo/pdo_stmt.c
+--- php-5.2.17/ext/pdo/pdo_stmt.c.bug-55776	2012-02-16 08:41:58.000000000 +0700
++++ php-5.2.17/ext/pdo/pdo_stmt.c	2012-02-16 08:43:19.000000000 +0700
+@@ -2353,6 +2353,7 @@ static zend_object_value dbstmt_clone_ob
+ }
+ 
+ zend_object_handlers pdo_dbstmt_object_handlers;
++static int pdo_row_serialize(zval *object, unsigned char **buffer, zend_uint *buf_len, zend_serialize_data *data TSRMLS_DC);
+ 
+ void pdo_stmt_init(TSRMLS_D)
+ {
+@@ -2376,6 +2377,7 @@ void pdo_stmt_init(TSRMLS_D)
+ 	pdo_row_ce = zend_register_internal_class(&ce TSRMLS_CC);
+ 	pdo_row_ce->ce_flags |= ZEND_ACC_FINAL_CLASS; /* when removing this a lot of handlers need to be redone */
+ 	pdo_row_ce->create_object = pdo_row_new;
++	pdo_row_ce->serialize = pdo_row_serialize;
+ }
+ 
+ static void free_statement(pdo_stmt_t *stmt TSRMLS_DC)
+@@ -2795,6 +2797,12 @@ zend_object_value pdo_row_new(zend_class
+ 
+ 	return retval;
+ }
++
++static int pdo_row_serialize(zval *object, unsigned char **buffer, zend_uint *buf_len, zend_serialize_data *data TSRMLS_DC)
++{
++	php_error_docref(NULL TSRMLS_CC, E_WARNING, "PDORow instances may not be serialized");
++	return FAILURE;
++}
+ /* }}} */
+ 
+ /*
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/php/php.spec?r1=1.805.2.99&r2=1.805.2.100&f=u

More information about the pld-cvs-commit mailing list