cubixle/packages
1
0
Fork 0
mirror of https://github.com/novatiq/packages.git synced 2026-04-30 15:38:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

php5: update to 5.6.9

Browse Source 
This fixes CVE-2006-7243, a multipart/form-data remote dos vulnerability,
a heap buffer overflow in unpack and a integer overflow in ftp_genlist,
which also results in a heap overflow.
For more details, see http://php.net/ChangeLog-5.php#5.6.9

Also sync the timezone patch with latest version from Debian and
adopt this patch for the changes in this php release.

Refresh 950-Fix-dl-cross-compiling-issue.patch.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This commit is contained in:
Michael Heimpold
2015-05-20 20:46:29 +02:00
committed by W. Michael Petullo
parent f0a0448857
commit 559df398ff
3 changed files with 95 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lang/php5/patches/102-debian_patches_use_embedded_timezonedb.patch
+82 -60
View File
@@ -1,12 +1,13 @@
Add support for use of the system timezone database, rather
than embedding a copy. Discussed upstream but was not desired.
History:
r9: fix another compile error without --with-system-tzdata configured
r11: adopted to php 5.6.9
r10: make timezone case insensitive
r9: fix another compile error without --with-system-tzdata configured (Michael Heimpold)
r8: fix compile error without --with-system-tzdata configured
r7: improve check for valid timezone id to exclude directories
r6: fix fd leak in r5, fix country code/BC flag use in
r6: fix fd leak in r5, fix country code/BC flag use in.
timezone_identifiers_list() using system db,
fix use of PECL timezonedb to override system db,
r5: reverts addition of "System/Localtime" fake tzname.
@@ -17,10 +18,17 @@ r3: fix a crash if /usr/share/zoneinfo doesn't exist (Raphael Geissert)
r2: add filesystem trawl to set up name alias index
r1: initial revision
--- a/ext/date/lib/parse_tz.c
+++ b/ext/date/lib/parse_tz.c
@@ -20,6 +20,16 @@
diff -Naur php-5.6.9.orig/ext/date/lib/parse_tz.c php-5.6.9/ext/date/lib/parse_tz.c
--- php-5.6.9.orig/ext/date/lib/parse_tz.c 2015-05-14 01:13:33.000000000 +0200
+++ php-5.6.9/ext/date/lib/parse_tz.c 2015-05-18 22:40:55.000000000 +0200
@@ -18,8 +18,22 @@
/* $Id$ */
+#ifndef PATH_MAX
+#define PATH_MAX 4096
+#endif
+
#include "timelib.h"
+#ifdef HAVE_SYSTEM_TZDATA
@@ -36,7 +44,7 @@ r1: initial revision
#include <stdio.h>
#ifdef HAVE_LOCALE_H
@@ -31,7 +41,12 @@
@@ -31,7 +45,12 @@
#else
#include <strings.h>
#endif
@@ -49,25 +57,19 @@ r1: initial revision
#if (defined(__APPLE__) || defined(__APPLE_CC__)) && (defined(__BIG_ENDIAN__) || defined(__LITTLE_ENDIAN__))
# if defined(__LITTLE_ENDIAN__)
@@ -51,9 +66,14 @@
static void read_preamble(const unsigned char **tzf, timelib_tzinfo *tz)
@@ -53,6 +72,11 @@
{
- /* skip ID */
- *tzf += 4;
-
+ if (memcmp(tzf, "TZif", 4) == 0) {
+ *tzf += 20;
+ return;
+ }
+
+ /* skip ID */
+ *tzf += 4;
+
/* read BC flag */
tz->bc = (**tzf == '\1');
*tzf += 1;
@@ -256,7 +276,397 @@ void timelib_dump_tzinfo(timelib_tzinfo
uint32_t version;
+ if (memcmp(tzf, "TZif", 4) == 0) {
+ *tzf += 20;
+ return -1;
+ }
+
/* read ID */
version = (*tzf)[3] - '0';
*tzf += 4;
@@ -296,7 +320,406 @@
}
}
@@ -81,7 +83,7 @@ r1: initial revision
+#endif
+
+/* System timezone database pointer. */
+static const timelib_tzdb *timezonedb_system = NULL;
+static const timelib_tzdb *timezonedb_system;
+
+/* Hash table entry for the cache of the zone.tab mapping table. */
+struct location_info {
@@ -99,13 +101,14 @@ r1: initial revision
+ * prevent too many collisions. */
+#define LOCINFO_HASH_SIZE (1021)
+
+/* Compute a case insensitive hash of str */
+static uint32_t tz_hash(const char *str)
+{
+ const unsigned char *p = (const unsigned char *)str;
+ uint32_t hash = 5381;
+ int c;
+
+ while ((c = *p++) != '\0') {
+ while ((c = tolower(*p++)) != '\0') {
+ hash = (hash << 5) ^ hash ^ c;
+ }
+
@@ -201,10 +204,10 @@ r1: initial revision
+
+ if (*p == '#' || *p == '\0' || *p == '\n')
+ continue;
+
+
+ if (!isalpha(p[0]) || !isalpha(p[1]) || p[2] != '\t')
+ continue;
+
+
+ /* code => AA */
+ code = p;
+ p[2] = 0;
@@ -238,7 +241,7 @@ r1: initial revision
+
+ if (*p == '\n' || *p == '\t')
+ *p = '\0';
+
+
+ hash = tz_hash(name);
+ i = malloc(sizeof *i);
+ memcpy(i->code, code, 2);
@@ -274,7 +277,7 @@ r1: initial revision
+ }
+
+ return NULL;
+}
+}
+
+/* Filter out some non-tzdata files and the posix/right databases, if
+ * present. */
@@ -443,6 +446,14 @@ r1: initial revision
+ return NULL;
+ }
+
+ if (system_location_table) {
+ const struct location_info *li;
+ if ((li = find_zone_info(system_location_table, timezone)) != NULL) {
+ /* Use the stored name to avoid case issue */
+ timezone = li->name;
+ }
+ }
+
+ snprintf(fname, sizeof fname, ZONEINFO_PREFIX "/%s", timezone);
+
+ fd = open(fname, O_RDONLY);
@@ -466,11 +477,11 @@ r1: initial revision
{
int left = 0, right = tzdb->index_size - 1;
#ifdef HAVE_SETLOCALE
@@ -295,36 +705,128 @@ static int seek_to_tz_position(const uns
@@ -335,21 +758,90 @@
return 0;
}
+static int seek_to_tz_position(const unsigned char **tzf, char *timezone,
+static int seek_to_tz_position(const unsigned char **tzf, char *timezone,
+ char **map, size_t *maplen,
+ const timelib_tzdb *tzdb)
+{
@@ -483,14 +494,14 @@ r1: initial revision
+ return 0;
+ }
+
+ (*tzf) = (unsigned char *)orig ;
+ (*tzf) = (unsigned char *)orig;
+ *map = orig;
+
+ return 1;
+
+ return 1;
+ }
+ else
+ else
+#endif
+ {
+ {
+ return inmem_seek_to_tz_position(tzf, timezone, tzdb);
+ }
+}
@@ -505,7 +516,7 @@ r1: initial revision
+ tmp->data = NULL;
+ create_zone_index(tmp);
+ system_location_table = create_location_table();
+ fake_data_segment(tmp, system_location_table);
+ fake_data_segment(tmp, system_location_table);
+ timezonedb_system = tmp;
+ }
+
@@ -533,38 +544,49 @@ r1: initial revision
- return (seek_to_tz_position(&tzf, timezone, tzdb));
+
+#ifdef HAVE_SYSTEM_TZDATA
+ if (tzdb == timezonedb_system) {
+ char fname[PATH_MAX];
+ struct stat st;
+ if (tzdb == timezonedb_system) {
+ char fname[PATH_MAX];
+ struct stat st;
+
+ if (timezone[0] == '\0' || strstr(timezone, "..") != NULL) {
+ return 0;
+ }
+
+ snprintf(fname, sizeof fname, ZONEINFO_PREFIX "/%s", timezone);
+
+ return stat(fname, &st) == 0 && is_valid_tzfile(&st);
+ }
+ if (timezone[0] == '\0' || strstr(timezone, "..") != NULL) {
+ return 0;
+ }
+
+ if (system_location_table) {
+ if (find_zone_info(system_location_table, timezone) != NULL) {
+ /* found in cache */
+ return 1;
+ }
+ }
+
+ snprintf(fname, sizeof fname, ZONEINFO_PREFIX "/%s", timezone);
+
+ return stat(fname, &st) == 0 && is_valid_tzfile(&st);
+ }
+#endif
+
+ return (inmem_seek_to_tz_position(&tzf, timezone, tzdb));
}
static void skip_64bit_preamble(const unsigned char **tzf, timelib_tzinfo *tz)
@@ -374,10 +866,12 @@
timelib_tzinfo *timelib_parse_tzfile(char *timezone, const timelib_tzdb *tzdb)
{
const unsigned char *tzf;
+ char *memmap = NULL;
+ size_t maplen;
timelib_tzinfo *tmp;
int version;
- if (seek_to_tz_position(&tzf, timezone, tzdb)) {
+ if (seek_to_tz_position(&tzf, timezone, &memmap, &maplen, tzdb)) {
tmp = timelib_tzinfo_ctor(timezone);
read_preamble(&tzf, tmp);
read_header(&tzf, tmp);
read_transistions(&tzf, tmp);
read_types(&tzf, tmp);
version = read_preamble(&tzf, tmp);
@@ -391,7 +885,34 @@
skip_64bit_types(&tzf, tmp);
skip_posix_string(&tzf, tmp);
}
- read_location(&tzf, tmp);
+
+#ifdef HAVE_SYSTEM_TZDATA
@@ -576,12 +598,11 @@ r1: initial revision
+
+ if ((li = find_zone_info(system_location_table, timezone)) != NULL) {
+ tmp->location.comments = strdup(li->comment);
+ strncpy(tmp->location.country_code, li->code, 2);
+ strncpy(tmp->location.country_code, li->code, 2);
+ tmp->location.longitude = li->longitude;
+ tmp->location.latitude = li->latitude;
+ tmp->bc = 1;
+ }
+ else {
+ } else {
+ strcpy(tmp->location.country_code, "??");
+ tmp->bc = 0;
+ tmp->location.comments = strdup("");
@@ -598,9 +619,10 @@ r1: initial revision
} else {
tmp = NULL;
}
--- a/ext/date/lib/timelib.m4
+++ b/ext/date/lib/timelib.m4
@@ -78,3 +78,17 @@ stdlib.h
diff -Naur php-5.6.9.orig/ext/date/lib/timelib.m4 php-5.6.9/ext/date/lib/timelib.m4
--- php-5.6.9.orig/ext/date/lib/timelib.m4 2015-05-14 01:13:33.000000000 +0200
+++ php-5.6.9/ext/date/lib/timelib.m4 2015-05-18 22:31:36.000000000 +0200
@@ -78,3 +78,17 @@
dnl Check for strtoll, atoll
AC_CHECK_FUNCS(strtoll atoll strftime)