[packages/php/PHP_5_5] up to 5.5.25 - fixes for CVE-2015-4024, CVE-2015-4025, CVE-2015-4022, CVE-2015-4026, CVE-2015-4021 -
glen
glen at pld-linux.org
Thu May 21 20:33:31 CEST 2015
commit 99c34bd8b2f5ddf77550d29c920b6ebaefbde385
Author: Elan Ruusamäe <glen at delfi.ee>
Date: Thu May 21 21:12:50 2015 +0300
up to 5.5.25
- fixes for CVE-2015-4024, CVE-2015-4025, CVE-2015-4022, CVE-2015-4026, CVE-2015-4021
- disable suhosin patch (unmaintained, not needed for PHP>5.3, see e14ff99)
- x32 patch is for suhosin enabled only
- update php-systzdata.patch to r12
php-systzdata.patch | 155 ++++++++++++++++++++++++++++++----------------------
php.spec | 8 +--
2 files changed, 94 insertions(+), 69 deletions(-)
---
diff --git a/php.spec b/php.spec
index 8f88794..cb4720e 100644
--- a/php.spec
+++ b/php.spec
@@ -84,7 +84,7 @@
%bcond_without cgi # disable CGI/FCGI SAPI
%bcond_without fpm # disable FPM
%bcond_without embed # disable Embedded API
-%bcond_without suhosin # with suhosin patch
+%bcond_with suhosin # with suhosin patch
%bcond_with tests # default off; test process very often hangs on builders, approx run time 45m; perform "make test"
%bcond_with gcov # Enable Code coverage reporting
%bcond_with type_hints # experimental support for strict typing/casting
@@ -137,7 +137,7 @@ Summary(pt_BR.UTF-8): A linguagem de script PHP
Summary(ru.UTF-8): PHP Версии 5 - язык препроцессирования HTML-файлов, выполняемый на сервере
Summary(uk.UTF-8): PHP Версії 5 - мова препроцесування HTML-файлів, виконувана на сервері
Name: %{orgname}%{php_suffix}
-Version: 5.5.24
+Version: 5.5.25
Release: %{rel}%{?with_type_hints:.th}
Epoch: 4
# All files licensed under PHP version 3.01, except
@@ -146,7 +146,7 @@ Epoch: 4
License: PHP 3.01 and Zend and BSD
Group: Libraries
Source0: http://www.php.net/distributions/%{orgname}-%{version}.tar.xz
-# Source0-md5: 32e5ab1d77186142474cb65c685659bd
+# Source0-md5: f58edc4f10d63f03e425c5378f727a7c
Source2: %{orgname}-mod_%{orgname}.conf
Source3: %{orgname}-cgi-fcgi.ini
Source4: %{orgname}-apache.ini
@@ -2015,6 +2015,7 @@ cp -p php.ini-production php.ini
#%patch46 -p1 # imap myrights. fixme
%if %{with suhosin}
%patch47 -p1
+%patch68 -p1
%endif
%patch50 -p1
%patch51 -p1
@@ -2029,7 +2030,6 @@ cp -p php.ini-production php.ini
%{?with_system_libzip:%patch65 -p1}
%patch66 -p1
%patch67 -p1
-%patch68 -p1
%patch69 -p1
sed -i -e '/PHP_ADD_LIBRARY_WITH_PATH/s#xmlrpc,#xmlrpc-epi,#' ext/xmlrpc/config.m4
diff --git a/php-systzdata.patch b/php-systzdata.patch
index b262fae..aa3277c 100644
--- a/php-systzdata.patch
+++ b/php-systzdata.patch
@@ -2,11 +2,14 @@ Add support for use of the system timezone database, rather
than embedding a copy. Discussed upstream but was not desired.
History:
-r10 : make timezone case insensitive
+r12: adapt for upstream changes for new zic
+r11: use canonical names to avoid more case sensitivity issues
+ round lat/long from zone.tab towards zero per builtin db
+r10: make timezone case insensitive
r9: fix another compile error without --with-system-tzdata configured (Michael Heimpold)
r8: fix compile error without --with-system-tzdata configured
r7: improve check for valid timezone id to exclude directories
-r6: fix fd leak in r5, fix country code/BC flag use in
+r6: fix fd leak in r5, fix country code/BC flag use in
timezone_identifiers_list() using system db,
fix use of PECL timezonedb to override system db,
r5: reverts addition of "System/Localtime" fake tzname.
@@ -17,8 +20,9 @@ r3: fix a crash if /usr/share/zoneinfo doesn't exist (Raphael Geissert)
r2: add filesystem trawl to set up name alias index
r1: initial revision
---- a/ext/date/lib/parse_tz.c
-+++ b/ext/date/lib/parse_tz.c
+diff -up php-5.6.9RC1/ext/date/lib/parse_tz.c.systzdata php-5.6.9RC1/ext/date/lib/parse_tz.c
+--- php-5.6.9RC1/ext/date/lib/parse_tz.c.systzdata 2015-04-30 00:00:18.000000000 +0200
++++ php-5.6.9RC1/ext/date/lib/parse_tz.c 2015-04-30 06:36:47.019617321 +0200
@@ -20,6 +20,16 @@
#include "timelib.h"
@@ -49,25 +53,18 @@ r1: initial revision
#if (defined(__APPLE__) || defined(__APPLE_CC__)) && (defined(__BIG_ENDIAN__) || defined(__LITTLE_ENDIAN__))
# if defined(__LITTLE_ENDIAN__)
-@@ -51,9 +66,14 @@
-
- static void read_preamble(const unsigned char **tzf, timelib_tzinfo *tz)
+@@ -53,6 +68,10 @@ static int read_preamble(const unsigned
{
-- /* skip ID */
-- *tzf += 4;
--
-+ if (memcmp(tzf, "TZif", 4) == 0) {
-+ *tzf += 20;
-+ return;
-+ }
-+
-+ /* skip ID */
-+ *tzf += 4;
-+
- /* read BC flag */
- tz->bc = (**tzf == '\1');
- *tzf += 1;
-@@ -256,7 +276,405 @@
+ uint32_t version;
+
++ if (memcmp(*tzf, "TZif", 4) == 0) {
++ *tzf += 20;
++ return 0;
++ }
+ /* read ID */
+ version = (*tzf)[3] - '0';
+ *tzf += 4;
+@@ -296,7 +315,418 @@ void timelib_dump_tzinfo(timelib_tzinfo
}
}
@@ -165,7 +162,7 @@ r1: initial revision
+ /* Round to five decimal place, not because it's a good idea,
+ * but, because the builtin data uses rounded data, so, match
+ * that. */
-+ *result = round(v * sign * 100000.0) / 100000.0;
++ *result = trunc(v * sign * 100000.0) / 100000.0;
+
+ return p;
+}
@@ -293,7 +290,7 @@ r1: initial revision
+{
+ const timelib_tzdb_index_entry *alpha = first, *beta = second;
+
-+ return strcmp(alpha->id, beta->id);
++ return strcasecmp(alpha->id, beta->id);
+}
+
+
@@ -431,6 +428,26 @@ r1: initial revision
+ return S_ISREG(st->st_mode) && st->st_size > 20;
+}
+
++/* To allow timezone names to be used case-insensitively, find the
++ * canonical name for this timezone, if possible. */
++static const char *canonical_tzname(const char *timezone)
++{
++ if (timezonedb_system) {
++ timelib_tzdb_index_entry *ent, lookup;
++
++ lookup.id = (char *)timezone;
++
++ ent = bsearch(&lookup, timezonedb_system->index,
++ timezonedb_system->index_size, sizeof lookup,
++ sysdbcmp);
++ if (ent) {
++ return ent->id;
++ }
++ }
++
++ return timezone;
++}
++
+/* Return the mmap()ed tzfile if found, else NULL. On success, the
+ * length of the mapped data is placed in *length. */
+static char *map_tzfile(const char *timezone, size_t *length)
@@ -444,14 +461,7 @@ r1: initial revision
+ return NULL;
+ }
+
-+ if (system_location_table) {
-+ const struct location_info *li;
-+ if ((li = find_zone_info(system_location_table, timezone)) != NULL) {
-+ /* Use the stored name to avoid case issue */
-+ timezone = li->name;
-+ }
-+ }
-+ snprintf(fname, sizeof fname, ZONEINFO_PREFIX "/%s", timezone);
++ snprintf(fname, sizeof fname, ZONEINFO_PREFIX "/%s", canonical_tzname(timezone));
+
+ fd = open(fname, O_RDONLY);
+ if (fd == -1) {
@@ -474,11 +484,11 @@ r1: initial revision
{
int left = 0, right = tzdb->index_size - 1;
#ifdef HAVE_SETLOCALE
-@@ -295,36 +713,135 @@
+@@ -335,21 +765,87 @@ static int seek_to_tz_position(const uns
return 0;
}
-+static int seek_to_tz_position(const unsigned char **tzf, char *timezone,
++static int seek_to_tz_position(const unsigned char **tzf, char *timezone,
+ char **map, size_t *maplen,
+ const timelib_tzdb *tzdb)
+{
@@ -490,15 +500,14 @@ r1: initial revision
+ if (orig == NULL) {
+ return 0;
+ }
-+
++
+ (*tzf) = (unsigned char *)orig ;
+ *map = orig;
-+
-+ return 1;
++ return 1;
+ }
-+ else
++ else
+#endif
-+ {
++ {
+ return inmem_seek_to_tz_position(tzf, timezone, tzdb);
+ }
+}
@@ -513,11 +522,10 @@ r1: initial revision
+ tmp->data = NULL;
+ create_zone_index(tmp);
+ system_location_table = create_location_table();
-+ fake_data_segment(tmp, system_location_table);
++ fake_data_segment(tmp, system_location_table);
+ timezonedb_system = tmp;
+ }
+
-+
+ return timezonedb_system;
+#else
return &timezonedb_builtin;
@@ -541,45 +549,54 @@ r1: initial revision
- return (seek_to_tz_position(&tzf, timezone, tzdb));
+
+#ifdef HAVE_SYSTEM_TZDATA
-+ if (tzdb == timezonedb_system) {
-+ char fname[PATH_MAX];
-+ struct stat st;
-+
-+ if (timezone[0] == '\0' || strstr(timezone, "..") != NULL) {
-+ return 0;
-+ }
-+
-+ if (system_location_table) {
-+ if (find_zone_info(system_location_table, timezone) != NULL) {
-+ /* found in cache */
-+ return 1;
-+ }
-+ }
-+
-+ snprintf(fname, sizeof fname, ZONEINFO_PREFIX "/%s", timezone);
-+
-+ return stat(fname, &st) == 0 && is_valid_tzfile(&st);
-+ }
-+#endif
++ if (tzdb == timezonedb_system) {
++ char fname[PATH_MAX];
++ struct stat st;
++
++ if (timezone[0] == '\0' || strstr(timezone, "..") != NULL) {
++ return 0;
++ }
+
++ if (system_location_table) {
++ if (find_zone_info(system_location_table, timezone) != NULL) {
++ /* found in cache */
++ return 1;
++ }
++ }
++
++ snprintf(fname, sizeof fname, ZONEINFO_PREFIX "/%s", canonical_tzname(timezone));
++
++ return stat(fname, &st) == 0 && is_valid_tzfile(&st);
++ }
++#endif
+ return (inmem_seek_to_tz_position(&tzf, timezone, tzdb));
}
+ static void skip_64bit_preamble(const unsigned char **tzf, timelib_tzinfo *tz)
+@@ -374,24 +870,54 @@ static void read_64bit_header(const unsi
timelib_tzinfo *timelib_parse_tzfile(char *timezone, const timelib_tzdb *tzdb)
{
const unsigned char *tzf;
+ char *memmap = NULL;
+ size_t maplen;
timelib_tzinfo *tmp;
+ int version;
- if (seek_to_tz_position(&tzf, timezone, tzdb)) {
+ if (seek_to_tz_position(&tzf, timezone, &memmap, &maplen, tzdb)) {
tmp = timelib_tzinfo_ctor(timezone);
- read_preamble(&tzf, tmp);
+ version = read_preamble(&tzf, tmp);
read_header(&tzf, tmp);
read_transistions(&tzf, tmp);
read_types(&tzf, tmp);
+- if (version == 2) {
+- skip_64bit_preamble(&tzf, tmp);
+- read_64bit_header(&tzf, tmp);
+- skip_64bit_transistions(&tzf, tmp);
+- skip_64bit_types(&tzf, tmp);
+- skip_posix_string(&tzf, tmp);
+- }
- read_location(&tzf, tmp);
+
+#ifdef HAVE_SYSTEM_TZDATA
@@ -607,14 +624,22 @@ r1: initial revision
+ } else
+#endif
+ {
++ if (version == 2) {
++ skip_64bit_preamble(&tzf, tmp);
++ read_64bit_header(&tzf, tmp);
++ skip_64bit_transistions(&tzf, tmp);
++ skip_64bit_types(&tzf, tmp);
++ skip_posix_string(&tzf, tmp);
++ }
+ /* PHP-style - use the embedded info. */
+ read_location(&tzf, tmp);
-+ }
++ }
} else {
tmp = NULL;
}
---- a/ext/date/lib/timelib.m4
-+++ b/ext/date/lib/timelib.m4
+diff -up php-5.6.9RC1/ext/date/lib/timelib.m4.systzdata php-5.6.9RC1/ext/date/lib/timelib.m4
+--- php-5.6.9RC1/ext/date/lib/timelib.m4.systzdata 2015-04-30 00:00:18.000000000 +0200
++++ php-5.6.9RC1/ext/date/lib/timelib.m4 2015-04-30 06:32:08.549500385 +0200
@@ -78,3 +78,17 @@ stdlib.h
dnl Check for strtoll, atoll
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/php.git/commitdiff/99c34bd8b2f5ddf77550d29c920b6ebaefbde385
More information about the pld-cvs-commit
mailing list