Browse Source

php5: update to 5.6.9

This fixes CVE-2006-7243, a multipart/form-data remote dos vulnerability,
a heap buffer overflow in unpack and a integer overflow in ftp_genlist,
which also results in a heap overflow.
For more details, see http://php.net/ChangeLog-5.php#5.6.9

Also sync the timezone patch with latest version from Debian and
adopt this patch for the changes in this php release.

Refresh 950-Fix-dl-cross-compiling-issue.patch.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
lilik-openwrt-22.03
Michael Heimpold 10 years ago
parent
commit
78c36dfdd6
3 changed files with 96 additions and 77 deletions
  1. +3
    -3
      lang/php5/Makefile
  2. +83
    -61
      lang/php5/patches/102-debian_patches_use_embedded_timezonedb.patch
  3. +10
    -13
      lang/php5/patches/950-Fix-dl-cross-compiling-issue.patch

+ 3
- 3
lang/php5/Makefile View File

@ -8,8 +8,8 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=php PKG_NAME:=php
PKG_VERSION:=5.6.8
PKG_RELEASE:=2
PKG_VERSION:=5.6.9
PKG_RELEASE:=1
PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org> PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org>
@ -18,7 +18,7 @@ PKG_LICENSE_FILES:=LICENSE
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=http://www.php.net/distributions/ PKG_SOURCE_URL:=http://www.php.net/distributions/
PKG_MD5SUM:=a5a6df33aade0cb5425e4374e3832f0b
PKG_MD5SUM:=561f37377833772ace776143c5687884
PKG_FIXUP:=libtool autoreconf PKG_FIXUP:=libtool autoreconf
PKG_BUILD_PARALLEL:=1 PKG_BUILD_PARALLEL:=1


+ 83
- 61
lang/php5/patches/102-debian_patches_use_embedded_timezonedb.patch View File

@ -1,12 +1,13 @@
Add support for use of the system timezone database, rather Add support for use of the system timezone database, rather
than embedding a copy. Discussed upstream but was not desired. than embedding a copy. Discussed upstream but was not desired.
History: History:
r9: fix another compile error without --with-system-tzdata configured
r11: adopted to php 5.6.9
r10: make timezone case insensitive
r9: fix another compile error without --with-system-tzdata configured (Michael Heimpold)
r8: fix compile error without --with-system-tzdata configured r8: fix compile error without --with-system-tzdata configured
r7: improve check for valid timezone id to exclude directories r7: improve check for valid timezone id to exclude directories
r6: fix fd leak in r5, fix country code/BC flag use in
r6: fix fd leak in r5, fix country code/BC flag use in.
timezone_identifiers_list() using system db, timezone_identifiers_list() using system db,
fix use of PECL timezonedb to override system db, fix use of PECL timezonedb to override system db,
r5: reverts addition of "System/Localtime" fake tzname. r5: reverts addition of "System/Localtime" fake tzname.
@ -17,10 +18,17 @@ r3: fix a crash if /usr/share/zoneinfo doesn't exist (Raphael Geissert)
r2: add filesystem trawl to set up name alias index r2: add filesystem trawl to set up name alias index
r1: initial revision r1: initial revision
--- a/ext/date/lib/parse_tz.c
+++ b/ext/date/lib/parse_tz.c
@@ -20,6 +20,16 @@
diff -Naur php-5.6.9.orig/ext/date/lib/parse_tz.c php-5.6.9/ext/date/lib/parse_tz.c
--- php-5.6.9.orig/ext/date/lib/parse_tz.c 2015-05-14 01:13:33.000000000 +0200
+++ php-5.6.9/ext/date/lib/parse_tz.c 2015-05-18 22:40:55.000000000 +0200
@@ -18,8 +18,22 @@
/* $Id$ */
+#ifndef PATH_MAX
+#define PATH_MAX 4096
+#endif
+
#include "timelib.h" #include "timelib.h"
+#ifdef HAVE_SYSTEM_TZDATA +#ifdef HAVE_SYSTEM_TZDATA
@ -36,7 +44,7 @@ r1: initial revision
#include <stdio.h> #include <stdio.h>
#ifdef HAVE_LOCALE_H #ifdef HAVE_LOCALE_H
@@ -31,7 +41,12 @@
@@ -31,7 +45,12 @@
#else #else
#include <strings.h> #include <strings.h>
#endif #endif
@ -49,25 +57,19 @@ r1: initial revision
#if (defined(__APPLE__) || defined(__APPLE_CC__)) && (defined(__BIG_ENDIAN__) || defined(__LITTLE_ENDIAN__)) #if (defined(__APPLE__) || defined(__APPLE_CC__)) && (defined(__BIG_ENDIAN__) || defined(__LITTLE_ENDIAN__))
# if defined(__LITTLE_ENDIAN__) # if defined(__LITTLE_ENDIAN__)
@@ -51,9 +66,14 @@
static void read_preamble(const unsigned char **tzf, timelib_tzinfo *tz)
@@ -53,6 +72,11 @@
{ {
- /* skip ID */
- *tzf += 4;
-
+ if (memcmp(tzf, "TZif", 4) == 0) {
+ *tzf += 20;
+ return;
+ }
+
+ /* skip ID */
+ *tzf += 4;
+
/* read BC flag */
tz->bc = (**tzf == '\1');
*tzf += 1;
@@ -256,7 +276,397 @@ void timelib_dump_tzinfo(timelib_tzinfo
uint32_t version;
+ if (memcmp(tzf, "TZif", 4) == 0) {
+ *tzf += 20;
+ return -1;
+ }
+
/* read ID */
version = (*tzf)[3] - '0';
*tzf += 4;
@@ -296,7 +320,406 @@
} }
} }
@ -81,7 +83,7 @@ r1: initial revision
+#endif +#endif
+ +
+/* System timezone database pointer. */ +/* System timezone database pointer. */
+static const timelib_tzdb *timezonedb_system = NULL;
+static const timelib_tzdb *timezonedb_system;
+ +
+/* Hash table entry for the cache of the zone.tab mapping table. */ +/* Hash table entry for the cache of the zone.tab mapping table. */
+struct location_info { +struct location_info {
@ -99,13 +101,14 @@ r1: initial revision
+ * prevent too many collisions. */ + * prevent too many collisions. */
+#define LOCINFO_HASH_SIZE (1021) +#define LOCINFO_HASH_SIZE (1021)
+ +
+/* Compute a case insensitive hash of str */
+static uint32_t tz_hash(const char *str) +static uint32_t tz_hash(const char *str)
+{ +{
+ const unsigned char *p = (const unsigned char *)str; + const unsigned char *p = (const unsigned char *)str;
+ uint32_t hash = 5381; + uint32_t hash = 5381;
+ int c; + int c;
+ +
+ while ((c = *p++) != '\0') {
+ while ((c = tolower(*p++)) != '\0') {
+ hash = (hash << 5) ^ hash ^ c; + hash = (hash << 5) ^ hash ^ c;
+ } + }
+ +
@ -201,10 +204,10 @@ r1: initial revision
+ +
+ if (*p == '#' || *p == '\0' || *p == '\n') + if (*p == '#' || *p == '\0' || *p == '\n')
+ continue; + continue;
+
+
+ if (!isalpha(p[0]) || !isalpha(p[1]) || p[2] != '\t') + if (!isalpha(p[0]) || !isalpha(p[1]) || p[2] != '\t')
+ continue; + continue;
+
+
+ /* code => AA */ + /* code => AA */
+ code = p; + code = p;
+ p[2] = 0; + p[2] = 0;
@ -238,7 +241,7 @@ r1: initial revision
+ +
+ if (*p == '\n' || *p == '\t') + if (*p == '\n' || *p == '\t')
+ *p = '\0'; + *p = '\0';
+
+
+ hash = tz_hash(name); + hash = tz_hash(name);
+ i = malloc(sizeof *i); + i = malloc(sizeof *i);
+ memcpy(i->code, code, 2); + memcpy(i->code, code, 2);
@ -274,7 +277,7 @@ r1: initial revision
+ } + }
+ +
+ return NULL; + return NULL;
+}
+}
+ +
+/* Filter out some non-tzdata files and the posix/right databases, if +/* Filter out some non-tzdata files and the posix/right databases, if
+ * present. */ + * present. */
@ -443,6 +446,14 @@ r1: initial revision
+ return NULL; + return NULL;
+ } + }
+ +
+ if (system_location_table) {
+ const struct location_info *li;
+ if ((li = find_zone_info(system_location_table, timezone)) != NULL) {
+ /* Use the stored name to avoid case issue */
+ timezone = li->name;
+ }
+ }
+
+ snprintf(fname, sizeof fname, ZONEINFO_PREFIX "/%s", timezone); + snprintf(fname, sizeof fname, ZONEINFO_PREFIX "/%s", timezone);
+ +
+ fd = open(fname, O_RDONLY); + fd = open(fname, O_RDONLY);
@ -466,11 +477,11 @@ r1: initial revision
{ {
int left = 0, right = tzdb->index_size - 1; int left = 0, right = tzdb->index_size - 1;
#ifdef HAVE_SETLOCALE #ifdef HAVE_SETLOCALE
@@ -295,36 +705,128 @@ static int seek_to_tz_position(const uns
@@ -335,21 +758,90 @@
return 0; return 0;
} }
+static int seek_to_tz_position(const unsigned char **tzf, char *timezone,
+static int seek_to_tz_position(const unsigned char **tzf, char *timezone,
+ char **map, size_t *maplen, + char **map, size_t *maplen,
+ const timelib_tzdb *tzdb) + const timelib_tzdb *tzdb)
+{ +{
@ -483,14 +494,14 @@ r1: initial revision
+ return 0; + return 0;
+ } + }
+ +
+ (*tzf) = (unsigned char *)orig ;
+ (*tzf) = (unsigned char *)orig;
+ *map = orig; + *map = orig;
+
+ return 1;
+
+ return 1;
+ } + }
+ else
+ else
+#endif +#endif
+ {
+ {
+ return inmem_seek_to_tz_position(tzf, timezone, tzdb); + return inmem_seek_to_tz_position(tzf, timezone, tzdb);
+ } + }
+} +}
@ -505,7 +516,7 @@ r1: initial revision
+ tmp->data = NULL; + tmp->data = NULL;
+ create_zone_index(tmp); + create_zone_index(tmp);
+ system_location_table = create_location_table(); + system_location_table = create_location_table();
+ fake_data_segment(tmp, system_location_table);
+ fake_data_segment(tmp, system_location_table);
+ timezonedb_system = tmp; + timezonedb_system = tmp;
+ } + }
+ +
@ -533,38 +544,49 @@ r1: initial revision
- return (seek_to_tz_position(&tzf, timezone, tzdb)); - return (seek_to_tz_position(&tzf, timezone, tzdb));
+ +
+#ifdef HAVE_SYSTEM_TZDATA +#ifdef HAVE_SYSTEM_TZDATA
+ if (tzdb == timezonedb_system) {
+ char fname[PATH_MAX];
+ struct stat st;
+
+ if (timezone[0] == '\0' || strstr(timezone, "..") != NULL) {
+ return 0;
+ }
+
+ snprintf(fname, sizeof fname, ZONEINFO_PREFIX "/%s", timezone);
+
+ return stat(fname, &st) == 0 && is_valid_tzfile(&st);
+ }
+ if (tzdb == timezonedb_system) {
+ char fname[PATH_MAX];
+ struct stat st;
+
+ if (timezone[0] == '\0' || strstr(timezone, "..") != NULL) {
+ return 0;
+ }
+
+ if (system_location_table) {
+ if (find_zone_info(system_location_table, timezone) != NULL) {
+ /* found in cache */
+ return 1;
+ }
+ }
+
+ snprintf(fname, sizeof fname, ZONEINFO_PREFIX "/%s", timezone);
+
+ return stat(fname, &st) == 0 && is_valid_tzfile(&st);
+ }
+#endif +#endif
+ +
+ return (inmem_seek_to_tz_position(&tzf, timezone, tzdb)); + return (inmem_seek_to_tz_position(&tzf, timezone, tzdb));
} }
static void skip_64bit_preamble(const unsigned char **tzf, timelib_tzinfo *tz)
@@ -374,10 +866,12 @@
timelib_tzinfo *timelib_parse_tzfile(char *timezone, const timelib_tzdb *tzdb) timelib_tzinfo *timelib_parse_tzfile(char *timezone, const timelib_tzdb *tzdb)
{ {
const unsigned char *tzf; const unsigned char *tzf;
+ char *memmap = NULL; + char *memmap = NULL;
+ size_t maplen; + size_t maplen;
timelib_tzinfo *tmp; timelib_tzinfo *tmp;
int version;
- if (seek_to_tz_position(&tzf, timezone, tzdb)) { - if (seek_to_tz_position(&tzf, timezone, tzdb)) {
+ if (seek_to_tz_position(&tzf, timezone, &memmap, &maplen, tzdb)) { + if (seek_to_tz_position(&tzf, timezone, &memmap, &maplen, tzdb)) {
tmp = timelib_tzinfo_ctor(timezone); tmp = timelib_tzinfo_ctor(timezone);
read_preamble(&tzf, tmp);
read_header(&tzf, tmp);
read_transistions(&tzf, tmp);
read_types(&tzf, tmp);
version = read_preamble(&tzf, tmp);
@@ -391,7 +885,34 @@
skip_64bit_types(&tzf, tmp);
skip_posix_string(&tzf, tmp);
}
- read_location(&tzf, tmp); - read_location(&tzf, tmp);
+ +
+#ifdef HAVE_SYSTEM_TZDATA +#ifdef HAVE_SYSTEM_TZDATA
@ -576,12 +598,11 @@ r1: initial revision
+ +
+ if ((li = find_zone_info(system_location_table, timezone)) != NULL) { + if ((li = find_zone_info(system_location_table, timezone)) != NULL) {
+ tmp->location.comments = strdup(li->comment); + tmp->location.comments = strdup(li->comment);
+ strncpy(tmp->location.country_code, li->code, 2);
+ strncpy(tmp->location.country_code, li->code, 2);
+ tmp->location.longitude = li->longitude; + tmp->location.longitude = li->longitude;
+ tmp->location.latitude = li->latitude; + tmp->location.latitude = li->latitude;
+ tmp->bc = 1; + tmp->bc = 1;
+ }
+ else {
+ } else {
+ strcpy(tmp->location.country_code, "??"); + strcpy(tmp->location.country_code, "??");
+ tmp->bc = 0; + tmp->bc = 0;
+ tmp->location.comments = strdup(""); + tmp->location.comments = strdup("");
@ -598,9 +619,10 @@ r1: initial revision
} else { } else {
tmp = NULL; tmp = NULL;
} }
--- a/ext/date/lib/timelib.m4
+++ b/ext/date/lib/timelib.m4
@@ -78,3 +78,17 @@ stdlib.h
diff -Naur php-5.6.9.orig/ext/date/lib/timelib.m4 php-5.6.9/ext/date/lib/timelib.m4
--- php-5.6.9.orig/ext/date/lib/timelib.m4 2015-05-14 01:13:33.000000000 +0200
+++ php-5.6.9/ext/date/lib/timelib.m4 2015-05-18 22:31:36.000000000 +0200
@@ -78,3 +78,17 @@
dnl Check for strtoll, atoll dnl Check for strtoll, atoll
AC_CHECK_FUNCS(strtoll atoll strftime) AC_CHECK_FUNCS(strtoll atoll strftime)


+ 10
- 13
lang/php5/patches/950-Fix-dl-cross-compiling-issue.patch View File

@ -1,7 +1,6 @@
diff -u --recursive php-5.6.6-vanilla/configure.in php-5.6.6/configure.in
--- php-5.6.6-vanilla/configure.in 2015-02-26 22:10:51.865487530 -0500
+++ php-5.6.6/configure.in 2015-02-26 22:29:59.043102135 -0500
@@ -453,7 +453,10 @@
--- a/configure.in
+++ b/configure.in
@@ -453,7 +453,10 @@ PHP_CHECK_FUNC(gethostname, nsl)
PHP_CHECK_FUNC(gethostbyaddr, nsl) PHP_CHECK_FUNC(gethostbyaddr, nsl)
PHP_CHECK_FUNC(yp_get_default_domain, nsl) PHP_CHECK_FUNC(yp_get_default_domain, nsl)
@ -13,10 +12,9 @@ diff -u --recursive php-5.6.6-vanilla/configure.in php-5.6.6/configure.in
if test "$ac_cv_func_dlopen" = "yes"; then if test "$ac_cv_func_dlopen" = "yes"; then
AC_DEFINE(HAVE_LIBDL, 1, [ ]) AC_DEFINE(HAVE_LIBDL, 1, [ ])
fi fi
diff -u --recursive php-5.6.6-vanilla/ext/fileinfo/config.m4 php-5.6.6/ext/fileinfo/config.m4
--- php-5.6.6-vanilla/ext/fileinfo/config.m4 2015-02-26 22:10:51.639487135 -0500
+++ php-5.6.6/ext/fileinfo/config.m4 2015-02-26 22:22:47.645609128 -0500
@@ -46,6 +46,10 @@
--- a/ext/fileinfo/config.m4
+++ b/ext/fileinfo/config.m4
@@ -46,6 +46,10 @@ int main(void)
AC_MSG_RESULT(no) AC_MSG_RESULT(no)
AC_MSG_NOTICE(using libmagic strcasestr implementation) AC_MSG_NOTICE(using libmagic strcasestr implementation)
libmagic_sources="$libmagic_sources libmagic/strcasestr.c" libmagic_sources="$libmagic_sources libmagic/strcasestr.c"
@ -27,10 +25,9 @@ diff -u --recursive php-5.6.6-vanilla/ext/fileinfo/config.m4 php-5.6.6/ext/filei
]) ])
PHP_NEW_EXTENSION(fileinfo, fileinfo.c $libmagic_sources, $ext_shared,,-I@ext_srcdir@/libmagic) PHP_NEW_EXTENSION(fileinfo, fileinfo.c $libmagic_sources, $ext_shared,,-I@ext_srcdir@/libmagic)
diff -u --recursive php-5.6.6-vanilla/ext/opcache/config.m4 php-5.6.6/ext/opcache/config.m4
--- php-5.6.6-vanilla/ext/opcache/config.m4 2015-02-26 22:10:51.790487399 -0500
+++ php-5.6.6/ext/opcache/config.m4 2015-02-26 22:34:19.240414394 -0500
@@ -341,7 +341,14 @@
--- a/ext/opcache/config.m4
+++ b/ext/opcache/config.m4
@@ -227,7 +227,14 @@ AC_TRY_RUN([
flock_type=linux flock_type=linux
AC_DEFINE([HAVE_FLOCK_LINUX], [], [Struct flock is Linux-type]) AC_DEFINE([HAVE_FLOCK_LINUX], [], [Struct flock is Linux-type])
AC_MSG_RESULT("yes") AC_MSG_RESULT("yes")
@ -46,7 +43,7 @@ diff -u --recursive php-5.6.6-vanilla/ext/opcache/config.m4 php-5.6.6/ext/opcach
AC_MSG_CHECKING("whether flock struct is BSD ordered") AC_MSG_CHECKING("whether flock struct is BSD ordered")
AC_TRY_RUN([ AC_TRY_RUN([
@@ -357,7 +364,12 @@
@@ -243,7 +250,12 @@ AC_TRY_RUN([
flock_type=bsd flock_type=bsd
AC_DEFINE([HAVE_FLOCK_BSD], [], [Struct flock is BSD-type]) AC_DEFINE([HAVE_FLOCK_BSD], [], [Struct flock is BSD-type])
AC_MSG_RESULT("yes") AC_MSG_RESULT("yes")


Loading…
Cancel
Save