Commit 1c08414e authored by Adam Conrad's avatar Adam Conrad Committed by Mark A. Hershberger

Imported Debian patch 5.0.5-2

parent 8add4075
php5 (5.0.5-2) unstable; urgency=medium
* Remove Andres Salomon from the Uploaders field, at his request. Thanks
for all your work on the PHP packages, Andres, now fix our kernel bugs.
* Add 054-open_basedir_slash.patch, which fixes a bug where if open_basedir
is set to "/foo/", users can access files in "/foobar/", which is not the
documented behaviour; this addresses CAN-2005-3054 (see: #323585)
* Add 104-64_bit_serialize.patch from Joe Orton, resolving a segfault when
serializing objects on all 64-bit architectures (closes: #329768)
* Add 105-64_bit_imagettftext.patch, fixing a type mismatch in the GD
extension, causing memory corruption on 64-bit arches (closes: #331001)
* Add 055-gd_safe_mode_checks.patch from PHP CVS, adding missing safe_mode
checks to the _php_image_output and _php_image_output_ctx GD functions.
* Make php-pear Provide, Replace, and Conflict php-html-template-it, which
we appear to have absorbed into the main PEAR packaging (closes: #332393)
-- Adam Conrad <adconrad@0c3.net> Tue, 27 Sep 2005 16:09:29 +1000
php5 (5.0.5-1) unstable; urgency=low
* New upstream release, adjust patch offsets and fuzz, and drop patches:
......@@ -5,6 +23,7 @@ php5 (5.0.5-1) unstable; urgency=low
- Drop 051-gcc-4.0.patch, fixed differently upstream.
- Drop 102-php_streams.patch, fixed upstream.
- Drop 103-catch_segv.patch, also fixed upstream.
- Includes PEAR XML_RPC fix for CAN-2005-2498.
* Distribute the shiny new manpages for php-config and phpize.
-- Adam Conrad <adconrad@0c3.net> Mon, 12 Sep 2005 02:29:24 +1000
......@@ -41,7 +60,8 @@ php5 (5.0.4-3) unstable; urgency=low
* Make libapache2-mod-php5 the default alternate dependency for the php5
metapackage, since we really do want to encourage the apache upgrade.
* Make php5-dev stop shipping copies of files from autotools-dev, shtool,
and libtool, and instead symlink to them and depend on those packages.
and libtool, and instead symlink to them and depend on those packages,
thus avoiding the shtool issues from CAN-2005-1751 and CAN-2005-1759.
-- Adam Conrad <adconrad@0c3.net> Sun, 31 Jul 2005 03:05:08 +1000
......@@ -272,6 +292,8 @@ php4 (4:4.3.10-4) unstable; urgency=medium
php4 (4:4.3.10-3) unstable; urgency=medium
* Update to CVS, as of 200502060530 (closes: #288672)
- Fixes two vulnerabilities in exif.c, CAN-2005-1042 and CAN-2005-1043
- Fixes two vulnerabilities in image.c, CAN-2005-0524 and CAN-2005-0525
- File uploads with "'" in them aren't cut off anymore (closes: #288679)
- unserialize() is no longer ridiculously slow (closes: #291392)
- Add 000-200502060530_CVS.patch
......@@ -363,7 +385,8 @@ php4 (4:4.3.9-1) unstable; urgency=high
023-4.3.9_array_fixes.patch, 024-4.3.9_glob_fix.patch,
and 025-4.3.9_domxml_segfaults.patch
* Resolves undiscolsed vulnerabilities in GPC processing and rfc1867
handling of file uploads via the $_FILES array (closes: #274206)
handling of file uploads via the $_FILES array; these have since
been assigned CVE CAN-2004-0958 and CAN-2004-0959 (closes: #274206)
* After some fairly heavy testing from several users and developers,
finally update php4-snmp to use libsnmp5 (closes: #195929)
* Add 026-4.3.10_session_fixes.patch from CVS, which prevents PHP
......@@ -638,6 +661,7 @@ php4 (4:4.3.8-1) unstable; urgency=low
+ Added missing safe_mode checks inside ftok and itpc.
+ Fixed address allocation routine in IMAP extension.
+ Prevent open_basedir bypass via MySQL's LOAD DATA LOCAL.
+ Fixes DoS in readfile() function, see CAN-2005-0596.
- php4-pear now includes PEAR::Mail 1.1.3 (closes: #257688)
- debian/control: change libpng3-dev build-dep to libpng12-dev
- Add Turkish debconf translation, thanks to Osman Yuksel.
......
......@@ -2,7 +2,7 @@ Source: php5
Section: web
Priority: optional
Maintainer: Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
Uploaders: Adam Conrad <adconrad@0c3.net>, Steve Langasek <vorlon@debian.org>, Andres Salomon <dilinger@debian.org>, Jeroen van Wolffelaar <jeroen@wolffelaar.nl>, Ondřej Surý <ondrej@debian.org>
Uploaders: Adam Conrad <adconrad@0c3.net>, Steve Langasek <vorlon@debian.org>, Jeroen van Wolffelaar <jeroen@wolffelaar.nl>, Ondřej Surý <ondrej@debian.org>
Build-Depends: apache-dev (>= 1.3.23), apache2-prefork-dev (>= 2.0.53-3), autoconf, automake1.4, bison, chrpath, debhelper (>= 3), flex (>= 2.5.4), freetds-dev, po-debconf, libbz2-dev (>= 1.0.0), libcurl3-dev, libdb4.2-dev, libexpat1-dev (>= 1.95.2-2.1), libfreetype6-dev, libgcrypt11-dev, libgd2-xpm-dev (>= 2.0.28-3), libgdbm-dev, libjpeg62-dev, libkrb5-dev, libldap2-dev, libmhash-dev (>= 0.8.8), libmysqlclient12-dev, libncurses5-dev, libpam0g-dev, libpcre3-dev (>= 4.3-1), libpng12-dev, libpq-dev | postgresql-dev, librecode-dev, libsnmp9-dev | libsnmp-dev, libsqlite0-dev, libssl-dev (>= 0.9.6), libt1-dev, libtool (>= 1.4.2-4), libwrap0-dev, libxmltok1-dev, libxml2-dev (>= 2.4.14), libxslt1-dev (>= 1.0.18), re2c, unixodbc-dev, zlib1g-dev (>= 1.0.9)
Build-Conflicts: bind-dev
Standards-Version: 3.6.2
......@@ -147,7 +147,9 @@ Description: Files for PHP5 module development
Package: php-pear
Architecture: all
Depends: php5-cli | php4-cli, php5-common (>= ${Source-Version})
Replaces: php4-pear (<< 4:4.4.0-0)
Replaces: php4-pear (<< 4:4.4.0-0), php-html-template-it
Provides: php-html-template-it
Conflicts: php-html-template-it
Description: PEAR - PHP Extension and Application Repository
This package contains the base PEAR classes for PHP, as well as the PEAR
installer. Many PEAR classes are already packaged for Debian, and can be
......
--- php-5.0.5/main/fopen_wrappers.c 2005-07-16 12:14:44.000000000 +0000
+++ php-5.0.5/main/fopen_wrappers.c 2005-09-26 09:07:55.000000000 +0000
@@ -109,8 +109,8 @@
/* Handler for basedirs that end with a / */
resolved_basedir_len = strlen(resolved_basedir);
if (basedir[strlen(basedir) - 1] == PHP_DIR_SEPARATOR) {
- if (resolved_basedir[resolved_basedir_len - 1] == '/') {
- resolved_basedir[resolved_basedir_len - 1] = PHP_DIR_SEPARATOR;
+ if (resolved_basedir[resolved_basedir_len - 1] != PHP_DIR_SEPARATOR) {
+ resolved_basedir[resolved_basedir_len] = PHP_DIR_SEPARATOR;
resolved_basedir[++resolved_basedir_len] = '\0';
}
}
===================================================================
RCS file: /repository/php-src/ext/gd/gd.c,v
retrieving revision 1.294.2.12
retrieving revision 1.294.2.13
diff -p --unified=3 -r1.294.2.12 -r1.294.2.13
--- php-5.0.5/ext/gd/gd.c 2005/05/06 16:49:04 1.294.2.12
+++ php-5.0.5/ext/gd/gd.c 2005/10/06 20:42:56 1.294.2.13
@@ -1726,7 +1726,7 @@ static void _php_image_output(INTERNAL_F
}
if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) {
- if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC)) {
+ if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(fn, "rb+", CHECKUID_CHECK_FILE_AND_DIR))) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid filename '%s'", fn);
RETURN_FALSE;
}
===================================================================
RCS file: /repository/php-src/ext/gd/gd_ctx.c,v
retrieving revision 1.20
retrieving revision 1.20.2.1
diff -p --unified=3 -r1.20 -r1.20.2.1
--- php-5.0.5/ext/gd/gd_ctx.c 2004/01/28 16:25:12 1.20
+++ php-5.0.5/ext/gd/gd_ctx.c 2005/10/06 20:42:56 1.20.2.1
@@ -82,7 +82,7 @@ static void _php_image_output_ctx(INTERN
}
if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) {
- if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC)) {
+ if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(fn, "rb+", CHECKUID_CHECK_FILE_AND_DIR))) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid filename '%s'", fn);
RETURN_FALSE;
}
--- php-5.0.4/ext/standard/incomplete_class.c.bug34435 2004-11-25 20:28:37.000000000 +0000
+++ php-5.0.4/ext/standard/incomplete_class.c 2005-09-09 13:00:39.000000000 +0100
@@ -122,7 +122,7 @@
/* {{{ php_lookup_class_name
*/
-char *php_lookup_class_name(zval *object, size_t *nlen)
+char *php_lookup_class_name(zval *object, zend_uint *nlen)
{
zval **val;
char *retval = NULL;
@@ -144,7 +144,7 @@
/* {{{ php_store_class_name
*/
-void php_store_class_name(zval *object, const char *name, size_t len)
+void php_store_class_name(zval *object, const char *name, zend_uint len)
{
zval *val;
TSRMLS_FETCH();
--- php-5.0.4/ext/standard/php_incomplete_class.h.bug34435 2005-06-29 10:29:08.000000000 +0100
+++ php-5.0.4/ext/standard/php_incomplete_class.h 2005-09-09 13:00:31.000000000 +0100
@@ -42,7 +42,7 @@
#define PHP_CLASS_ATTRIBUTES \
char *class_name; \
- size_t name_len; \
+ zend_uint name_len; \
zend_bool free_class_name = 0; \
zend_bool incomplete_class = 0
@@ -55,8 +55,8 @@
zend_class_entry *php_create_incomplete_class(TSRMLS_D);
-char *php_lookup_class_name(zval *object, size_t *nlen);
-void php_store_class_name(zval *object, const char *name, size_t len);
+char *php_lookup_class_name(zval *object, zend_uint *nlen);
+void php_store_class_name(zval *object, const char *name, zend_uint len);
#ifdef __cplusplus
};
===================================================================
RCS file: /repository/php-src/ext/gd/gd.c,v
retrieving revision 1.307
retrieving revision 1.308
diff -p --unified=3 -r1.307 -r1.308
--- php-5.0.4/ext/gd/gd.c 2005/03/27 23:43:51 1.307
+++ php-5.0.4/ext/gd/gd.c 2005/04/10 21:37:16 1.308
@@ -3109,7 +3109,8 @@ static void php_imagettftext_common(INTE
{
zval *IM, *EXT = NULL;
gdImagePtr im=NULL;
- int col = -1, x = -1, y = -1, str_len, fontname_len, i, brect[8];
+ long col = -1, x = -1, y = -1;
+ int str_len, fontname_len, i, brect[8];
double ptsize, angle;
unsigned char *str = NULL, *fontname = NULL;
char *error = NULL;
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment