/[smeserver]/rpms/php/sme8/php-5.3.3-CVE-2013-1643.patch
ViewVC logotype

Annotation of /rpms/php/sme8/php-5.3.3-CVE-2013-1643.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph

Revision 1.1 - (hide annotations) (download)
Mon Dec 16 10:46:47 2013 UTC (10 years, 10 months ago) by vip-ire
Branch: MAIN
CVS Tags: php-5_3_3-14_el5_sme, php-5_3_3-17_el5_sme, php-5_3_3-15_el5_sme, php-5_3_3-16_el5_sme, HEAD 
* Mon Dec 16 2013 Daniel Berteaud <daniel@firewall-services.com> - 5.3.3-14.sme
- Resync with upstream php53, which include:
- add security fix for CVE-2013-6420
- add security fix for CVE-2013-4248
- add upstream reproducer for error_handler (#951075)
- add security fixes for CVE-2006-7243
- add security fixes for CVE-2012-2688, CVE-2012-0831,
  CVE-2011-1398, CVE-2013-1643
- fix segfault in error_handler with
  allow_call_time_pass_reference = Off (#951075)
- fix double free when destroy_zend_class fails (#951076)
- fix possible buffer overflow in pdo_odbc (#869694)
- php script hangs when it exceeds max_execution_time
  when inside an ODBC call (#864954)
- fix zend garbage collector (#892695)
- fix transposed memset arguments in libzip (#953818)
- fix possible segfault in pdo_mysql (#869693)
- fix imap_open DISABLE_AUTHENTICATOR param ignores array (#859369)
- fix stream support in fileinfo (#869697)
- fix setDate when DateTime created from timestamp (#869691)
- fix permission on source files (#869688)
- add php(language) and missing provides (#837044)
-
- fix copy doesn't report failure on partial copy (#951413)
1 vip-ire 1.1
2     http://git.php.net/?p=php-src.git;a=commitdiff;h=afe98b7829d50806559acac9b530acb8283c3bf4
3     http://git.php.net/?p=php-src.git;a=commitdiff;h=188c196d4da60bdde9190d2fc532650d17f7af2d
4     http://git.php.net/?p=php-src.git;a=commitdiff;h=8e76d0404b7f664ee6719fd98f0483f0ac4669d6
5     http://git.php.net/?p=php-src.git;a=commitdiff;h=fcd4b5335a6df4e0676ee32e2267ca71d70fe623
6    
7     diff -up php-5.3.3/ext/libxml/libxml.c.cve1643 php-5.3.3/ext/libxml/libxml.c
8     --- php-5.3.3/ext/libxml/libxml.c.cve1643 2013-05-03 09:59:23.911857231 +0200
9     +++ php-5.3.3/ext/libxml/libxml.c 2013-05-03 10:00:12.590084029 +0200
10     @@ -261,6 +261,7 @@ static PHP_GINIT_FUNCTION(libxml)
11     libxml_globals->stream_context = NULL;
12     libxml_globals->error_buffer.c = NULL;
13     libxml_globals->error_list = NULL;
14     + libxml_globals->entity_loader_disabled = 0;
15     }
16    
17     /* Channel libxml file io layer through the PHP streams subsystem.
18     @@ -350,16 +351,15 @@ static int php_libxml_streams_IO_close(v
19     }
20    
21     static xmlParserInputBufferPtr
22     -php_libxml_input_buffer_noload(const char *URI, xmlCharEncoding enc)
23     -{
24     - return NULL;
25     -}
26     -
27     -static xmlParserInputBufferPtr
28     php_libxml_input_buffer_create_filename(const char *URI, xmlCharEncoding enc)
29     {
30     xmlParserInputBufferPtr ret;
31     void *context = NULL;
32     + TSRMLS_FETCH();
33     +
34     + if (LIBXML(entity_loader_disabled)) {
35     + return NULL;
36     + }
37    
38     if (URI == NULL)
39     return(NULL);
40     @@ -835,28 +835,25 @@ static PHP_FUNCTION(libxml_clear_errors)
41     }
42     /* }}} */
43    
44     +PHP_LIBXML_API zend_bool php_libxml_disable_entity_loader(zend_bool disable TSRMLS_DC)
45     +{
46     + zend_bool old = LIBXML(entity_loader_disabled);
47     +
48     + LIBXML(entity_loader_disabled) = disable;
49     + return old;
50     +}
51     +
52     /* {{{ proto bool libxml_disable_entity_loader([boolean disable])
53     Disable/Enable ability to load external entities */
54     static PHP_FUNCTION(libxml_disable_entity_loader)
55     {
56     zend_bool disable = 1;
57     - xmlParserInputBufferCreateFilenameFunc old;
58    
59     if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|b", &disable) == FAILURE) {
60     return;
61     }
62    
63     - if (disable == 0) {
64     - old = xmlParserInputBufferCreateFilenameDefault(php_libxml_input_buffer_create_filename);
65     - } else {
66     - old = xmlParserInputBufferCreateFilenameDefault(php_libxml_input_buffer_noload);
67     - }
68     -
69     - if (old == php_libxml_input_buffer_noload) {
70     - RETURN_TRUE;
71     - }
72     -
73     - RETURN_FALSE;
74     + RETURN_BOOL(php_libxml_disable_entity_loader(disable TSRMLS_CC));
75     }
76     /* }}} */
77    
78     diff -up php-5.3.3/ext/libxml/php_libxml.h.cve1643 php-5.3.3/ext/libxml/php_libxml.h
79     --- php-5.3.3/ext/libxml/php_libxml.h.cve1643 2013-05-03 09:59:37.253919660 +0200
80     +++ php-5.3.3/ext/libxml/php_libxml.h 2013-05-03 10:00:12.590084029 +0200
81     @@ -43,6 +43,7 @@ ZEND_BEGIN_MODULE_GLOBALS(libxml)
82     zval *stream_context;
83     smart_str error_buffer;
84     zend_llist *error_list;
85     + zend_bool entity_loader_disabled;
86     ZEND_END_MODULE_GLOBALS(libxml)
87    
88     typedef struct _libxml_doc_props {
89     @@ -93,6 +94,7 @@ PHP_LIBXML_API void php_libxml_ctx_error
90     PHP_LIBXML_API int php_libxml_xmlCheckUTF8(const unsigned char *s);
91     PHP_LIBXML_API zval *php_libxml_switch_context(zval *context TSRMLS_DC);
92     PHP_LIBXML_API void php_libxml_issue_error(int level, const char *msg TSRMLS_DC);
93     +PHP_LIBXML_API zend_bool php_libxml_disable_entity_loader(zend_bool disable TSRMLS_DC);
94    
95     /* Init/shutdown functions*/
96     PHP_LIBXML_API void php_libxml_initialize(void);
97     diff -up php-5.3.3/ext/soap/php_xml.c.cve1643 php-5.3.3/ext/soap/php_xml.c
98     --- php-5.3.3/ext/soap/php_xml.c.cve1643 2013-05-03 09:59:13.706809313 +0200
99     +++ php-5.3.3/ext/soap/php_xml.c 2013-05-03 10:00:15.483097420 +0200
100     @@ -20,6 +20,7 @@
101     /* $Id: php_xml.c 293036 2010-01-03 09:23:27Z sebastian $ */
102    
103     #include "php_soap.h"
104     +#include "ext/libxml/php_libxml.h"
105     #include "libxml/parser.h"
106     #include "libxml/parserInternals.h"
107    
108     @@ -91,13 +92,17 @@ xmlDocPtr soap_xmlParseFile(const char *
109     ctxt = xmlCreateFileParserCtxt(filename);
110     PG(allow_url_fopen) = old_allow_url_fopen;
111     if (ctxt) {
112     + zend_bool old;
113     +
114     ctxt->keepBlanks = 0;
115     ctxt->sax->ignorableWhitespace = soap_ignorableWhitespace;
116     ctxt->sax->comment = soap_Comment;
117     ctxt->sax->warning = NULL;
118     ctxt->sax->error = NULL;
119     /*ctxt->sax->fatalError = NULL;*/
120     + old = php_libxml_disable_entity_loader(1 TSRMLS_CC);
121     xmlParseDocument(ctxt);
122     + php_libxml_disable_entity_loader(old TSRMLS_CC);
123     if (ctxt->wellFormed) {
124     ret = ctxt->myDoc;
125     if (ret->URL == NULL && ctxt->directory != NULL) {
126     @@ -128,11 +133,15 @@ xmlDocPtr soap_xmlParseMemory(const void
127     xmlParserCtxtPtr ctxt = NULL;
128     xmlDocPtr ret;
129    
130     + TSRMLS_FETCH();
131     +
132     /*
133     xmlInitParser();
134     */
135     ctxt = xmlCreateMemoryParserCtxt(buf, buf_size);
136     if (ctxt) {
137     + zend_bool old;
138     +
139     ctxt->sax->ignorableWhitespace = soap_ignorableWhitespace;
140     ctxt->sax->comment = soap_Comment;
141     ctxt->sax->warning = NULL;
142     @@ -141,7 +150,9 @@ xmlDocPtr soap_xmlParseMemory(const void
143     #if LIBXML_VERSION >= 20703
144     ctxt->options |= XML_PARSE_HUGE;
145     #endif
146     + old = php_libxml_disable_entity_loader(1 TSRMLS_CC);
147     xmlParseDocument(ctxt);
148     + php_libxml_disable_entity_loader(old TSRMLS_CC);
149     if (ctxt->wellFormed) {
150     ret = ctxt->myDoc;
151     if (ret->URL == NULL && ctxt->directory != NULL) {
admin@koozali.org
 ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed