pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/lang/php53 - GC bug fix: http://svn.php.net/viewvc?vie...
details: https://anonhg.NetBSD.org/pkgsrc/rev/9b55c7c0e775
branches: trunk
changeset: 582667:9b55c7c0e775
user: taca <taca%pkgsrc.org@localhost>
date: Thu Nov 25 03:43:50 2010 +0000
description:
- GC bug fix: http://svn.php.net/viewvc?view=revision&revision=303016
- CVE-2010-3710 (a part of SA41724)
http://svn.php.net/viewvc?view=revision&revision=303779
- CVE-2010-3870 (a part of SA41724)
http://svn.php.net/viewvc?view=revision&revision=304959
- CVE-2010-4150 (php-imap)
http://svn.php.net/viewvc?view=revision&revision=305032
- CVE-2010-4156 (SA42135)
http://svn.php.net/viewvc?view=revision&revision=305214
Bump PKGREVISION.
diffstat:
lang/php53/Makefile | 3 +-
lang/php53/distinfo | 7 +-
lang/php53/patches/patch-am | 65 +++++++++++++++++
lang/php53/patches/patch-an | 20 +++++
lang/php53/patches/patch-ao | 166 ++++++++++++++++++++++++++++++++++++++++++++
lang/php53/patches/patch-ap | 20 +++++
lang/php53/patches/patch-aq | 19 +++++
7 files changed, 298 insertions(+), 2 deletions(-)
diffs (truncated from 343 to 300 lines):
diff -r 00ac59c99212 -r 9b55c7c0e775 lang/php53/Makefile
--- a/lang/php53/Makefile Thu Nov 25 01:16:39 2010 +0000
+++ b/lang/php53/Makefile Thu Nov 25 03:43:50 2010 +0000
@@ -1,9 +1,10 @@
-# $NetBSD: Makefile,v 1.4 2010/07/24 22:23:37 tron Exp $
+# $NetBSD: Makefile,v 1.5 2010/11/25 03:43:50 taca Exp $
#
# We can't omit PKGNAME here to handle PKG_OPTIONS.
#
PKGNAME= php-${PHP_BASE_VERS}
+PKGREVISION= 1
CATEGORIES= lang
HOMEPAGE= http://www.php.net/
COMMENT= PHP Hypertext Preprocessor version 5
diff -r 00ac59c99212 -r 9b55c7c0e775 lang/php53/distinfo
--- a/lang/php53/distinfo Thu Nov 25 01:16:39 2010 +0000
+++ b/lang/php53/distinfo Thu Nov 25 03:43:50 2010 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.6 2010/07/24 22:23:37 tron Exp $
+$NetBSD: distinfo,v 1.7 2010/11/25 03:43:50 taca Exp $
SHA1 (php-5.3.3/php-5.3.3.tar.bz2) = 9f66716b341119e4e4f8fe3d81b7d0a5daf3cbc8
RMD160 (php-5.3.3/php-5.3.3.tar.bz2) = 9edb51663feac9b787f8382012893f1ac98fec6a
@@ -17,3 +17,8 @@
SHA1 (patch-ai) = d4766893a2c47a4e4a744248dda265b0a9a66a1f
SHA1 (patch-aj) = d611d13fcc28c5d2b9e9586832ce4b8ae5707b48
SHA1 (patch-al) = fbbee5502e0cd1c47c6e7c15e0d54746414ec32e
+SHA1 (patch-am) = b2627295554d6e3cbe7de70e79ae0938379f8d93
+SHA1 (patch-an) = d4ac5152584450d731b4c5ccb82ee84a8eed5071
+SHA1 (patch-ao) = 6871d0a2b3bca1deec6b309e90e1c109a4758a21
+SHA1 (patch-ap) = d54c00968ab581f8442b087a7ece42c827ff47f5
+SHA1 (patch-aq) = 3f541181fcaa8bc2a20bd719a9c71b0cccd411d6
diff -r 00ac59c99212 -r 9b55c7c0e775 lang/php53/patches/patch-am
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/php53/patches/patch-am Thu Nov 25 03:43:50 2010 +0000
@@ -0,0 +1,65 @@
+$NetBSD: patch-am,v 1.1 2010/11/25 03:43:50 taca Exp $
+
+GC bug fix: http://svn.php.net/viewvc?view=revision&revision=303016
+
+--- Zend/zend_gc.c.orig 2010-04-01 22:54:03.000000000 +0000
++++ Zend/zend_gc.c
+@@ -414,19 +414,21 @@ static void gc_mark_roots(TSRMLS_D)
+ gc_root_buffer *current = GC_G(roots).next;
+
+ while (current != &GC_G(roots)) {
+- if (current->handle && EG(objects_store).object_buckets) {
+- struct _store_object *obj = &EG(objects_store).object_buckets[current->handle].bucket.obj;
++ if (current->handle) {
++ if (EG(objects_store).object_buckets) {
++ struct _store_object *obj = &EG(objects_store).object_buckets[current->handle].bucket.obj;
+
+- if (GC_GET_COLOR(obj->buffered) == GC_PURPLE) {
+- zval z;
++ if (GC_GET_COLOR(obj->buffered) == GC_PURPLE) {
++ zval z;
+
+- INIT_PZVAL(&z);
+- Z_OBJ_HANDLE(z) = current->handle;
+- Z_OBJ_HT(z) = current->u.handlers;
+- zobj_mark_grey(obj, &z TSRMLS_CC);
+- } else {
+- GC_SET_ADDRESS(obj->buffered, NULL);
+- GC_REMOVE_FROM_BUFFER(current);
++ INIT_PZVAL(&z);
++ Z_OBJ_HANDLE(z) = current->handle;
++ Z_OBJ_HT(z) = current->u.handlers;
++ zobj_mark_grey(obj, &z TSRMLS_CC);
++ } else {
++ GC_SET_ADDRESS(obj->buffered, NULL);
++ GC_REMOVE_FROM_BUFFER(current);
++ }
+ }
+ } else {
+ if (GC_ZVAL_GET_COLOR(current->u.pz) == GC_PURPLE) {
+@@ -623,15 +625,17 @@ static void gc_collect_roots(TSRMLS_D)
+ gc_root_buffer *current = GC_G(roots).next;
+
+ while (current != &GC_G(roots)) {
+- if (current->handle && EG(objects_store).object_buckets) {
+- struct _store_object *obj = &EG(objects_store).object_buckets[current->handle].bucket.obj;
+- zval z;
++ if (current->handle) {
++ if (EG(objects_store).object_buckets) {
++ struct _store_object *obj = &EG(objects_store).object_buckets[current->handle].bucket.obj;
++ zval z;
+
+- GC_SET_ADDRESS(obj->buffered, NULL);
+- INIT_PZVAL(&z);
+- Z_OBJ_HANDLE(z) = current->handle;
+- Z_OBJ_HT(z) = current->u.handlers;
+- zobj_collect_white(&z TSRMLS_CC);
++ GC_SET_ADDRESS(obj->buffered, NULL);
++ INIT_PZVAL(&z);
++ Z_OBJ_HANDLE(z) = current->handle;
++ Z_OBJ_HT(z) = current->u.handlers;
++ zobj_collect_white(&z TSRMLS_CC);
++ }
+ } else {
+ GC_ZVAL_SET_ADDRESS(current->u.pz, NULL);
+ zval_collect_white(current->u.pz TSRMLS_CC);
diff -r 00ac59c99212 -r 9b55c7c0e775 lang/php53/patches/patch-an
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/php53/patches/patch-an Thu Nov 25 03:43:50 2010 +0000
@@ -0,0 +1,20 @@
+$NetBSD: patch-an,v 1.1 2010/11/25 03:43:50 taca Exp $
+
+Fix for CVE-2010-3710 (a part of http://secunia.com/advisories/41724/):
+
+ http://svn.php.net/viewvc?view=revision&revision=303779
+
+--- ext/filter/logical_filters.c.orig 2010-04-02 18:27:48.000000000 +0000
++++ ext/filter/logical_filters.c
+@@ -531,6 +531,11 @@ void php_filter_validate_email(PHP_INPUT
+ int matches;
+
+
++ /* The maximum length of an e-mail address is 320 octets, per RFC 2821. */
++ if (Z_STRLEN_P(value) > 320) {
++ RETURN_VALIDATION_FAILED
++ }
++
+ re = pcre_get_compiled_regex((char *)regexp, &pcre_extra, &preg_options TSRMLS_CC);
+ if (!re) {
+ RETURN_VALIDATION_FAILED
diff -r 00ac59c99212 -r 9b55c7c0e775 lang/php53/patches/patch-ao
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/php53/patches/patch-ao Thu Nov 25 03:43:50 2010 +0000
@@ -0,0 +1,166 @@
+$NetBSD: patch-ao,v 1.1 2010/11/25 03:43:50 taca Exp $
+
+Fix for CVE-2010-3870 (a part of http://secunia.com/advisories/41724/):
+
+ http://svn.php.net/viewvc?view=revision&revision=304959
+
+--- ext/xml/xml.c.orig 2010-01-05 13:03:40.000000000 +0000
++++ ext/xml/xml.c
+@@ -659,10 +659,111 @@ PHPAPI char *xml_utf8_encode(const char
+ }
+ /* }}} */
+
++/* copied from trunk's implementation of get_next_char in ext/standard/html.c */
++#define MB_FAILURE(pos, advance) do { \
++ *cursor = pos + (advance); \
++ *status = FAILURE; \
++ return 0; \
++} while (0)
++
++#define CHECK_LEN(pos, chars_need) ((str_len - (pos)) >= (chars_need))
++#define utf8_lead(c) ((c) < 0x80 || ((c) >= 0xC2 && (c) <= 0xF4))
++#define utf8_trail(c) ((c) >= 0x80 && (c) <= 0xBF)
++
++/* {{{ php_next_utf8_char
++ */
++static inline unsigned int php_next_utf8_char(
++ const unsigned char *str,
++ size_t str_len,
++ size_t *cursor,
++ int *status)
++{
++ size_t pos = *cursor;
++ unsigned int this_char = 0;
++ unsigned char c;
++
++ *status = SUCCESS;
++
++ if (!CHECK_LEN(pos, 1))
++ MB_FAILURE(pos, 1);
++
++ /* We'll follow strategy 2. from section 3.6.1 of UTR #36:
++ * "In a reported illegal byte sequence, do not include any
++ * non-initial byte that encodes a valid character or is a leading
++ * byte for a valid sequence.» */
++ c = str[pos];
++ if (c < 0x80) {
++ this_char = c;
++ pos++;
++ } else if (c < 0xc2) {
++ MB_FAILURE(pos, 1);
++ } else if (c < 0xe0) {
++ if (!CHECK_LEN(pos, 2))
++ MB_FAILURE(pos, 1);
++
++ if (!utf8_trail(str[pos + 1])) {
++ MB_FAILURE(pos, utf8_lead(str[pos + 1]) ? 1 : 2);
++ }
++ this_char = ((c & 0x1f) << 6) | (str[pos + 1] & 0x3f);
++ if (this_char < 0x80) { /* non-shortest form */
++ MB_FAILURE(pos, 2);
++ }
++ pos += 2;
++ } else if (c < 0xf0) {
++ size_t avail = str_len - pos;
++
++ if (avail < 3 ||
++ !utf8_trail(str[pos + 1]) || !utf8_trail(str[pos + 2])) {
++ if (avail < 2 || utf8_lead(str[pos + 1]))
++ MB_FAILURE(pos, 1);
++ else if (avail < 3 || utf8_lead(str[pos + 2]))
++ MB_FAILURE(pos, 2);
++ else
++ MB_FAILURE(pos, 3);
++ }
++
++ this_char = ((c & 0x0f) << 12) | ((str[pos + 1] & 0x3f) << 6) | (str[pos + 2] & 0x3f);
++ if (this_char < 0x800) { /* non-shortest form */
++ MB_FAILURE(pos, 3);
++ } else if (this_char >= 0xd800 && this_char <= 0xdfff) { /* surrogate */
++ MB_FAILURE(pos, 3);
++ }
++ pos += 3;
++ } else if (c < 0xf5) {
++ size_t avail = str_len - pos;
++
++ if (avail < 4 ||
++ !utf8_trail(str[pos + 1]) || !utf8_trail(str[pos + 2]) ||
++ !utf8_trail(str[pos + 3])) {
++ if (avail < 2 || utf8_lead(str[pos + 1]))
++ MB_FAILURE(pos, 1);
++ else if (avail < 3 || utf8_lead(str[pos + 2]))
++ MB_FAILURE(pos, 2);
++ else if (avail < 4 || utf8_lead(str[pos + 3]))
++ MB_FAILURE(pos, 3);
++ else
++ MB_FAILURE(pos, 4);
++ }
++
++ this_char = ((c & 0x07) << 18) | ((str[pos + 1] & 0x3f) << 12) | ((str[pos + 2] & 0x3f) << 6) | (str[pos + 3] & 0x3f);
++ if (this_char < 0x10000 || this_char > 0x10FFFF) { /* non-shortest form or outside range */
++ MB_FAILURE(pos, 4);
++ }
++ pos += 4;
++ } else {
++ MB_FAILURE(pos, 1);
++ }
++
++ *cursor = pos;
++ return this_char;
++}
++/* }}} */
++
++
+ /* {{{ xml_utf8_decode */
+ PHPAPI char *xml_utf8_decode(const XML_Char *s, int len, int *newlen, const XML_Char *encoding)
+ {
+- int pos = len;
++ size_t pos = 0;
+ char *newbuf = emalloc(len + 1);
+ unsigned int c;
+ char (*decoder)(unsigned short) = NULL;
+@@ -681,36 +782,15 @@ PHPAPI char *xml_utf8_decode(const XML_C
+ newbuf[*newlen] = '\0';
+ return newbuf;
+ }
+- while (pos > 0) {
+- c = (unsigned char)(*s);
+- if (c >= 0xf0) { /* four bytes encoded, 21 bits */
+- if(pos-4 >= 0) {
+- c = ((s[0]&7)<<18) | ((s[1]&63)<<12) | ((s[2]&63)<<6) | (s[3]&63);
+- } else {
+- c = '?';
+- }
+- s += 4;
+- pos -= 4;
+- } else if (c >= 0xe0) { /* three bytes encoded, 16 bits */
+- if(pos-3 >= 0) {
+- c = ((s[0]&63)<<12) | ((s[1]&63)<<6) | (s[2]&63);
+- } else {
+- c = '?';
+- }
+- s += 3;
+- pos -= 3;
+- } else if (c >= 0xc0) { /* two bytes encoded, 11 bits */
+- if(pos-2 >= 0) {
+- c = ((s[0]&63)<<6) | (s[1]&63);
+- } else {
+- c = '?';
+- }
+- s += 2;
+- pos -= 2;
+- } else {
+- s++;
+- pos--;
++
++ while (pos < (size_t)len) {
++ int status = FAILURE;
++ c = php_next_utf8_char((const unsigned char*)s, (size_t) len, &pos, &status);
++
++ if (status == FAILURE || c > 0xFFU) {
++ c = '?';
+ }
++
+ newbuf[*newlen] = decoder ? decoder(c) : c;
+ ++*newlen;
+ }
diff -r 00ac59c99212 -r 9b55c7c0e775 lang/php53/patches/patch-ap
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/php53/patches/patch-ap Thu Nov 25 03:43:50 2010 +0000
@@ -0,0 +1,20 @@
Home |
Main Index |
Thread Index |
Old Index