[packages/php/PHP_5_4] - rel 2; SECURITY; fixes http://akat1.pl/?id=1

glen glen at pld-linux.org
Wed Feb 3 09:25:45 CET 2016 

commit 28fe5d224d6115df4c1552c98fdf0c7bb951c05f
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date:   Tue Feb 2 18:30:34 2016 +0100

    - rel 2; SECURITY; fixes http://akat1.pl/?id=1

 php-bug-71475.patch | 42 ++++++++++++++++++++++++++++++++++++++++++
 php.spec            |  4 +++-
 2 files changed, 45 insertions(+), 1 deletion(-)
---
diff --git a/php.spec b/php.spec
index d7877d8..7f42fc6 100644
--- a/php.spec
+++ b/php.spec
@@ -124,7 +124,7 @@ ERROR: You need to select at least one Apache SAPI to build shared modules.
 %undefine	with_filter
 %endif
 
-%define		rel	3
+%define		rel	4
 %define		orgname	php
 %define		ver_suffix 54
 %define		php_suffix %{!?with_default_php:%{ver_suffix}}
@@ -163,6 +163,7 @@ Patch5:		%{orgname}-filter-shared.patch
 Patch6:		%{orgname}-build_modules.patch
 Patch7:		%{orgname}-sapi-ini-file.patch
 Patch8:		%{orgname}-config-file-scan-dir.patch
+Patch9:		php-bug-71475.patch
 Patch10:	%{orgname}-ini.patch
 Patch11:	embed.patch
 %if %{with type_hints}
@@ -1888,6 +1889,7 @@ Moduł PHP umożliwiający używanie kompresji zlib.
 %patch5 -p1
 %patch6 -p1
 %patch8 -p1
+%patch9 -p1
 %patch7 -p1
 cp -p php.ini-production php.ini
 %patch10 -p1
diff --git a/php-bug-71475.patch b/php-bug-71475.patch
new file mode 100644
index 0000000..0a9ed6f
--- /dev/null
+++ b/php-bug-71475.patch
@@ -0,0 +1,42 @@
+--- php-5.6.17/ext/openssl/openssl.c~	2016-01-06 16:14:47.000000000 +0100
++++ php-5.6.17/ext/openssl/openssl.c	2016-02-02 18:15:39.118449615 +0100
+@@ -4886,6 +4886,7 @@ PHP_FUNCTION(openssl_seal)
+ 	memset(eks, 0, sizeof(*eks) * nkeys);
+ 	key_resources = safe_emalloc(nkeys, sizeof(long), 0);
+ 	memset(key_resources, 0, sizeof(*key_resources) * nkeys);
++	memset(pkeys, 0, sizeof(*pkeys) * nkeys);
+ 
+ 	/* get the public keys we are using to seal this data */
+ 	zend_hash_internal_pointer_reset_ex(pubkeysht, &pos);
+@@ -4958,7 +4959,7 @@ PHP_FUNCTION(openssl_seal)
+ 
+ clean_exit:
+ 	for (i=0; i<nkeys; i++) {
+-		if (key_resources[i] == -1) {
++		if (key_resources[i] == -1 && pkeys[i] != NULL) {
+ 			EVP_PKEY_free(pkeys[i]);
+ 		}
+ 		if (eks[i]) { 
+diff --git a/ext/openssl/tests/bug71475.phpt b/ext/openssl/tests/bug71475.phpt
+new file mode 100644
+index 0000000..680753d
+--- /dev/null
++++ b/ext/openssl/tests/bug71475.phpt
+@@ -0,0 +1,16 @@
++--TEST--
++Bug #71475: openssl_seal() uninitialized memory usage
++--SKIPIF--
++<?php 
++if (!extension_loaded("openssl")) die("skip openssl not loaded");
++?>
++--FILE--
++<?php
++$_ = str_repeat("A", 512);
++openssl_seal($_, $_, $_, array_fill(0,64,0));
++?>
++DONE
++--EXPECTF--
++
++Warning: openssl_seal(): not a public key (1th member of pubkeys) in %s/bug71475.php on line %d
++DONE
+\ No newline at end of file
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/php.git/commitdiff/28fe5d224d6115df4c1552c98fdf0c7bb951c05f

More information about the pld-cvs-commit mailing list