[packages/php/PHP_5_5] up to 5.5.25 - fixes for CVE-2015-4024, CVE-2015-4025, CVE-2015-4022, CVE-2015-4026, CVE-2015-4021 -

glen glen at pld-linux.org
Thu May 21 20:33:31 CEST 2015


commit 99c34bd8b2f5ddf77550d29c920b6ebaefbde385
Author: Elan Ruusamäe <glen at delfi.ee>
Date:   Thu May 21 21:12:50 2015 +0300

    up to 5.5.25
    - fixes for CVE-2015-4024, CVE-2015-4025, CVE-2015-4022, CVE-2015-4026, CVE-2015-4021
    - disable suhosin patch (unmaintained, not needed for PHP>5.3, see e14ff99)
    - x32 patch is for suhosin enabled only
    - update php-systzdata.patch to r12

 php-systzdata.patch | 155 ++++++++++++++++++++++++++++++----------------------
 php.spec            |   8 +--
 2 files changed, 94 insertions(+), 69 deletions(-)
---
diff --git a/php.spec b/php.spec
index 8f88794..cb4720e 100644
--- a/php.spec
+++ b/php.spec
@@ -84,7 +84,7 @@
 %bcond_without	cgi		# disable CGI/FCGI SAPI
 %bcond_without	fpm		# disable FPM
 %bcond_without	embed		# disable Embedded API
-%bcond_without	suhosin		# with suhosin patch
+%bcond_with	suhosin		# with suhosin patch
 %bcond_with	tests		# default off; test process very often hangs on builders, approx run time 45m; perform "make test"
 %bcond_with	gcov		# Enable Code coverage reporting
 %bcond_with	type_hints	# experimental support for strict typing/casting
@@ -137,7 +137,7 @@ Summary(pt_BR.UTF-8):	A linguagem de script PHP
 Summary(ru.UTF-8):	PHP Версии 5 - язык препроцессирования HTML-файлов, выполняемый на сервере
 Summary(uk.UTF-8):	PHP Версії 5 - мова препроцесування HTML-файлів, виконувана на сервері
 Name:		%{orgname}%{php_suffix}
-Version:	5.5.24
+Version:	5.5.25
 Release:	%{rel}%{?with_type_hints:.th}
 Epoch:		4
 # All files licensed under PHP version 3.01, except
@@ -146,7 +146,7 @@ Epoch:		4
 License:	PHP 3.01 and Zend and BSD
 Group:		Libraries
 Source0:	http://www.php.net/distributions/%{orgname}-%{version}.tar.xz
-# Source0-md5:	32e5ab1d77186142474cb65c685659bd
+# Source0-md5:	f58edc4f10d63f03e425c5378f727a7c
 Source2:	%{orgname}-mod_%{orgname}.conf
 Source3:	%{orgname}-cgi-fcgi.ini
 Source4:	%{orgname}-apache.ini
@@ -2015,6 +2015,7 @@ cp -p php.ini-production php.ini
 #%patch46 -p1 # imap myrights. fixme
 %if %{with suhosin}
 %patch47 -p1
+%patch68 -p1
 %endif
 %patch50 -p1
 %patch51 -p1
@@ -2029,7 +2030,6 @@ cp -p php.ini-production php.ini
 %{?with_system_libzip:%patch65 -p1}
 %patch66 -p1
 %patch67 -p1
-%patch68 -p1
 %patch69 -p1
 
 sed -i -e '/PHP_ADD_LIBRARY_WITH_PATH/s#xmlrpc,#xmlrpc-epi,#' ext/xmlrpc/config.m4
diff --git a/php-systzdata.patch b/php-systzdata.patch
index b262fae..aa3277c 100644
--- a/php-systzdata.patch
+++ b/php-systzdata.patch
@@ -2,11 +2,14 @@ Add support for use of the system timezone database, rather
 than embedding a copy.  Discussed upstream but was not desired.
 
 History:
-r10 : make timezone case insensitive
+r12: adapt for upstream changes for new zic
+r11: use canonical names to avoid more case sensitivity issues
+     round lat/long from zone.tab towards zero per builtin db
+r10: make timezone case insensitive
 r9: fix another compile error without --with-system-tzdata configured (Michael Heimpold)
 r8: fix compile error without --with-system-tzdata configured
 r7: improve check for valid timezone id to exclude directories
-r6: fix fd leak in r5, fix country code/BC flag use in 
+r6: fix fd leak in r5, fix country code/BC flag use in
     timezone_identifiers_list() using system db,
     fix use of PECL timezonedb to override system db,
 r5: reverts addition of "System/Localtime" fake tzname.
@@ -17,8 +20,9 @@ r3: fix a crash if /usr/share/zoneinfo doesn't exist (Raphael Geissert)
 r2: add filesystem trawl to set up name alias index
 r1: initial revision
 
---- a/ext/date/lib/parse_tz.c
-+++ b/ext/date/lib/parse_tz.c
+diff -up php-5.6.9RC1/ext/date/lib/parse_tz.c.systzdata php-5.6.9RC1/ext/date/lib/parse_tz.c
+--- php-5.6.9RC1/ext/date/lib/parse_tz.c.systzdata	2015-04-30 00:00:18.000000000 +0200
++++ php-5.6.9RC1/ext/date/lib/parse_tz.c	2015-04-30 06:36:47.019617321 +0200
 @@ -20,6 +20,16 @@
  
  #include "timelib.h"
@@ -49,25 +53,18 @@ r1: initial revision
  
  #if (defined(__APPLE__) || defined(__APPLE_CC__)) && (defined(__BIG_ENDIAN__) || defined(__LITTLE_ENDIAN__))
  # if defined(__LITTLE_ENDIAN__)
-@@ -51,9 +66,14 @@
- 
- static void read_preamble(const unsigned char **tzf, timelib_tzinfo *tz)
+@@ -53,6 +68,10 @@ static int read_preamble(const unsigned
  {
--	/* skip ID */
--	*tzf += 4;
--	
-+        if (memcmp(tzf, "TZif", 4) == 0) {
-+                *tzf += 20;
-+                return;
-+        }
-+        
-+        /* skip ID */
-+        *tzf += 4;
-+                
- 	/* read BC flag */
- 	tz->bc = (**tzf == '\1');
- 	*tzf += 1;
-@@ -256,7 +276,405 @@
+ 	uint32_t version;
+ 
++	if (memcmp(*tzf, "TZif", 4) == 0) {
++		*tzf += 20;
++		return 0;
++	}
+ 	/* read ID */
+ 	version = (*tzf)[3] - '0';
+ 	*tzf += 4;
+@@ -296,7 +315,418 @@ void timelib_dump_tzinfo(timelib_tzinfo
  	}
  }
  
@@ -165,7 +162,7 @@ r1: initial revision
 +    /* Round to five decimal place, not because it's a good idea,
 +     * but, because the builtin data uses rounded data, so, match
 +     * that. */
-+    *result = round(v * sign * 100000.0) / 100000.0;
++    *result = trunc(v * sign * 100000.0) / 100000.0;
 +
 +    return p;
 +}
@@ -293,7 +290,7 @@ r1: initial revision
 +{
 +        const timelib_tzdb_index_entry *alpha = first, *beta = second;
 +
-+        return strcmp(alpha->id, beta->id);
++        return strcasecmp(alpha->id, beta->id);
 +}
 +
 +
@@ -431,6 +428,26 @@ r1: initial revision
 +	return S_ISREG(st->st_mode) && st->st_size > 20;
 +}
 +
++/* To allow timezone names to be used case-insensitively, find the
++ * canonical name for this timezone, if possible. */
++static const char *canonical_tzname(const char *timezone)
++{
++    if (timezonedb_system) {
++        timelib_tzdb_index_entry *ent, lookup;
++        
++        lookup.id = (char *)timezone;
++        
++        ent = bsearch(&lookup, timezonedb_system->index,
++                      timezonedb_system->index_size, sizeof lookup,
++                      sysdbcmp);
++        if (ent) {
++            return ent->id;
++        }
++    }
++
++    return timezone;
++}
++
 +/* Return the mmap()ed tzfile if found, else NULL.  On success, the
 + * length of the mapped data is placed in *length. */
 +static char *map_tzfile(const char *timezone, size_t *length)
@@ -444,14 +461,7 @@ r1: initial revision
 +		return NULL;
 +	}
 +
-+    if (system_location_table) {
-+        const struct location_info *li;
-+        if ((li = find_zone_info(system_location_table, timezone)) != NULL) {
-+            /* Use the stored name to avoid case issue */
-+            timezone = li->name;
-+        }
-+    }
-+	snprintf(fname, sizeof fname, ZONEINFO_PREFIX "/%s", timezone);
++	snprintf(fname, sizeof fname, ZONEINFO_PREFIX "/%s", canonical_tzname(timezone));
 +	
 +	fd = open(fname, O_RDONLY);
 +	if (fd == -1) {
@@ -474,11 +484,11 @@ r1: initial revision
  {
  	int left = 0, right = tzdb->index_size - 1;
  #ifdef HAVE_SETLOCALE
-@@ -295,36 +713,135 @@
+@@ -335,21 +765,87 @@ static int seek_to_tz_position(const uns
  	return 0;
  }
  
-+static int seek_to_tz_position(const unsigned char **tzf, char *timezone, 
++static int seek_to_tz_position(const unsigned char **tzf, char *timezone,
 +			       char **map, size_t *maplen,
 +			       const timelib_tzdb *tzdb)
 +{
@@ -490,15 +500,14 @@ r1: initial revision
 +		if (orig == NULL) {
 +			return 0;
 +		}
-+		
++
 +		(*tzf) = (unsigned char *)orig ;
 +		*map = orig;
-+                
-+                return 1;
++		return 1;
 +	}
-+       else
++	else
 +#endif
-+       {
++	{
 +		return inmem_seek_to_tz_position(tzf, timezone, tzdb);
 +	}
 +}
@@ -513,11 +522,10 @@ r1: initial revision
 +		tmp->data = NULL;
 +		create_zone_index(tmp);
 +		system_location_table = create_location_table();
-+                fake_data_segment(tmp, system_location_table);
++		fake_data_segment(tmp, system_location_table);
 +		timezonedb_system = tmp;
 +	}
 +
-+			
 +	return timezonedb_system;
 +#else
  	return &timezonedb_builtin;
@@ -541,45 +549,54 @@ r1: initial revision
 -	return (seek_to_tz_position(&tzf, timezone, tzdb));
 +
 +#ifdef HAVE_SYSTEM_TZDATA
-+        if (tzdb == timezonedb_system) {
-+            char fname[PATH_MAX];
-+            struct stat st;
-+
-+            if (timezone[0] == '\0' || strstr(timezone, "..") != NULL) {
-+		        return 0;
-+            }
-+
-+            if (system_location_table) {
-+                if (find_zone_info(system_location_table, timezone) != NULL) {
-+                    /* found in cache */
-+                    return 1;
-+                }
-+            }
-+            
-+            snprintf(fname, sizeof fname, ZONEINFO_PREFIX "/%s", timezone);
-+            
-+            return stat(fname, &st) == 0 && is_valid_tzfile(&st);
-+        }
-+#endif
++	if (tzdb == timezonedb_system) {
++		char fname[PATH_MAX];
++		struct stat st;
++
++		if (timezone[0] == '\0' || strstr(timezone, "..") != NULL) {
++			return 0;
++		}
 +
++		if (system_location_table) {
++			if (find_zone_info(system_location_table, timezone) != NULL) {
++				/* found in cache */
++				return 1;
++			}
++		}
++
++		snprintf(fname, sizeof fname, ZONEINFO_PREFIX "/%s", canonical_tzname(timezone));
++
++		return stat(fname, &st) == 0 && is_valid_tzfile(&st);
++	}
++#endif
 +	return (inmem_seek_to_tz_position(&tzf, timezone, tzdb));
  }
  
+ static void skip_64bit_preamble(const unsigned char **tzf, timelib_tzinfo *tz)
+@@ -374,24 +870,54 @@ static void read_64bit_header(const unsi
  timelib_tzinfo *timelib_parse_tzfile(char *timezone, const timelib_tzdb *tzdb)
  {
  	const unsigned char *tzf;
 +	char *memmap = NULL;
 +	size_t maplen;
  	timelib_tzinfo *tmp;
+ 	int version;
  
 -	if (seek_to_tz_position(&tzf, timezone, tzdb)) {
 +	if (seek_to_tz_position(&tzf, timezone, &memmap, &maplen, tzdb)) {
  		tmp = timelib_tzinfo_ctor(timezone);
  
- 		read_preamble(&tzf, tmp);
+ 		version = read_preamble(&tzf, tmp);
  		read_header(&tzf, tmp);
  		read_transistions(&tzf, tmp);
  		read_types(&tzf, tmp);
+-		if (version == 2) {
+-			skip_64bit_preamble(&tzf, tmp);
+-			read_64bit_header(&tzf, tmp);
+-			skip_64bit_transistions(&tzf, tmp);
+-			skip_64bit_types(&tzf, tmp);
+-			skip_posix_string(&tzf, tmp);
+-		}
 -		read_location(&tzf, tmp);
 +
 +#ifdef HAVE_SYSTEM_TZDATA
@@ -607,14 +624,22 @@ r1: initial revision
 +		} else
 +#endif
 +		{
++			if (version == 2) {
++				skip_64bit_preamble(&tzf, tmp);
++				read_64bit_header(&tzf, tmp);
++				skip_64bit_transistions(&tzf, tmp);
++				skip_64bit_types(&tzf, tmp);
++				skip_posix_string(&tzf, tmp);
++			}
 +			/* PHP-style - use the embedded info. */
 +			read_location(&tzf, tmp);
-+		}
++ 		}
  	} else {
  		tmp = NULL;
  	}
---- a/ext/date/lib/timelib.m4
-+++ b/ext/date/lib/timelib.m4
+diff -up php-5.6.9RC1/ext/date/lib/timelib.m4.systzdata php-5.6.9RC1/ext/date/lib/timelib.m4
+--- php-5.6.9RC1/ext/date/lib/timelib.m4.systzdata	2015-04-30 00:00:18.000000000 +0200
++++ php-5.6.9RC1/ext/date/lib/timelib.m4	2015-04-30 06:32:08.549500385 +0200
 @@ -78,3 +78,17 @@ stdlib.h
  
  dnl Check for strtoll, atoll
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/php.git/commitdiff/99c34bd8b2f5ddf77550d29c920b6ebaefbde385



More information about the pld-cvs-commit mailing list