# HG changeset patch # User Craig Mohrman # Date 1397085520 25200 # Node ID 61e6cd9455913cee454eaaa34b429e86998b2921 # Parent 07964fc8b4087ff7e5c8d2eaa273492659d47e38 17362112 problem in UTILITY/PHP 18083695 problem in UTILITY/PHP 18368537 problem in UTILITY/PHP 18368630 problem in UTILITY/PHP diff -r 07964fc8b408 -r 61e6cd945591 components/apache2/apache-22.p5m --- a/components/apache2/apache-22.p5m Wed Apr 09 15:50:49 2014 -0700 +++ b/components/apache2/apache-22.p5m Wed Apr 09 16:18:40 2014 -0700 @@ -634,4 +634,4 @@ fmri=web/server/apache-22/module/apache-php52@5.2.17 depend type=conditional \ predicate=web/php-53 \ - fmri=web/server/apache-22/module/apache-php53@5.3.27 + fmri=web/server/apache-22/module/apache-php53@5.3.28 diff -r 07964fc8b408 -r 61e6cd945591 components/php-5_2/php-sapi/patches/30_php_17362112.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/php-5_2/php-sapi/patches/30_php_17362112.patch Wed Apr 09 16:18:40 2014 -0700 @@ -0,0 +1,198 @@ +Fix for CVE-2013-4248 +Patch: +http://git.php.net/?p=php-src.git;a=patch;h=2874696a5a8d46639d261571f915c493cd875897 +Code: +http://git.php.net/?p=php-src.git;a=commit;h=2874696a5a8d46639d261571f915c493cd875897 +This patch is for php 5.4 code but works well enough on php 5.2 code. +Verified by hand that it patches the correct code. + + + +From 2874696a5a8d46639d261571f915c493cd875897 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Tue, 13 Aug 2013 22:20:33 -0700 +Subject: [PATCH] Fix CVE-2013-4073 - handling of certs with null bytes + +--- + NEWS | 4 ++ + ext/openssl/openssl.c | 86 ++++++++++++++++++++++++++++++++++++- + ext/openssl/tests/cve2013_4073.pem | 28 ++++++++++++ + ext/openssl/tests/cve2013_4073.phpt | 19 ++++++++ + 4 files changed, 135 insertions(+), 2 deletions(-) + create mode 100644 ext/openssl/tests/cve2013_4073.pem + create mode 100644 ext/openssl/tests/cve2013_4073.phpt + +diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c +index d7ac117..c32748c 100644 +--- a/ext/openssl/openssl.c ++++ b/ext/openssl/openssl.c +@@ -1398,6 +1398,74 @@ PHP_FUNCTION(openssl_x509_check_private_key) + } + /* }}} */ + ++/* Special handling of subjectAltName, see CVE-2013-4073 ++ * Christian Heimes ++ */ ++ ++static int openssl_x509v3_subjectAltName(BIO *bio, X509_EXTENSION *extension) ++{ ++ GENERAL_NAMES *names; ++ const X509V3_EXT_METHOD *method = NULL; ++ long i, length, num; ++ const unsigned char *p; ++ ++ method = X509V3_EXT_get(extension); ++ if (method == NULL) { ++ return -1; ++ } ++ ++ p = extension->value->data; ++ length = extension->value->length; ++ if (method->it) { ++ names = (GENERAL_NAMES*)(ASN1_item_d2i(NULL, &p, length, ++ ASN1_ITEM_ptr(method->it))); ++ } else { ++ names = (GENERAL_NAMES*)(method->d2i(NULL, &p, length)); ++ } ++ if (names == NULL) { ++ return -1; ++ } ++ ++ num = sk_GENERAL_NAME_num(names); ++ for (i = 0; i < num; i++) { ++ GENERAL_NAME *name; ++ ASN1_STRING *as; ++ name = sk_GENERAL_NAME_value(names, i); ++ switch (name->type) { ++ case GEN_EMAIL: ++ BIO_puts(bio, "email:"); ++ as = name->d.rfc822Name; ++ BIO_write(bio, ASN1_STRING_data(as), ++ ASN1_STRING_length(as)); ++ break; ++ case GEN_DNS: ++ BIO_puts(bio, "DNS:"); ++ as = name->d.dNSName; ++ BIO_write(bio, ASN1_STRING_data(as), ++ ASN1_STRING_length(as)); ++ break; ++ case GEN_URI: ++ BIO_puts(bio, "URI:"); ++ as = name->d.uniformResourceIdentifier; ++ BIO_write(bio, ASN1_STRING_data(as), ++ ASN1_STRING_length(as)); ++ break; ++ default: ++ /* use builtin print for GEN_OTHERNAME, GEN_X400, ++ * GEN_EDIPARTY, GEN_DIRNAME, GEN_IPADD and GEN_RID ++ */ ++ GENERAL_NAME_print(bio, name); ++ } ++ /* trailing ', ' except for last element */ ++ if (i < (num - 1)) { ++ BIO_puts(bio, ", "); ++ } ++ } ++ sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free); ++ ++ return 0; ++} ++ + /* {{{ proto array openssl_x509_parse(mixed x509 [, bool shortnames=true]) + Returns an array of the fields/values of the CERT */ + PHP_FUNCTION(openssl_x509_parse) +@@ -1494,15 +1562,29 @@ PHP_FUNCTION(openssl_x509_parse) + + + for (i = 0; i < X509_get_ext_count(cert); i++) { ++ int nid; + extension = X509_get_ext(cert, i); +- if (OBJ_obj2nid(X509_EXTENSION_get_object(extension)) != NID_undef) { ++ nid = OBJ_obj2nid(X509_EXTENSION_get_object(extension)); ++ if (nid != NID_undef) { + extname = (char *)OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension))); + } else { + OBJ_obj2txt(buf, sizeof(buf)-1, X509_EXTENSION_get_object(extension), 1); + extname = buf; + } + bio_out = BIO_new(BIO_s_mem()); +- if (X509V3_EXT_print(bio_out, extension, 0, 0)) { ++ if (nid == NID_subject_alt_name) { ++ if (openssl_x509v3_subjectAltName(bio_out, extension) == 0) { ++ add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1); ++ } else { ++ zval_dtor(return_value); ++ if (certresource == -1 && cert) { ++ X509_free(cert); ++ } ++ BIO_free(bio_out); ++ RETURN_FALSE; ++ } ++ } ++ else if (X509V3_EXT_print(bio_out, extension, 0, 0)) { + BIO_get_mem_ptr(bio_out, &bio_buf); + add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1); + } else { +diff --git a/ext/openssl/tests/cve2013_4073.pem b/ext/openssl/tests/cve2013_4073.pem +new file mode 100644 +index 0000000..7ebb994 +--- /dev/null ++++ b/ext/openssl/tests/cve2013_4073.pem +@@ -0,0 +1,28 @@ ++-----BEGIN CERTIFICATE----- ++MIIE2DCCA8CgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBxTELMAkGA1UEBhMCVVMx ++DzANBgNVBAgMBk9yZWdvbjESMBAGA1UEBwwJQmVhdmVydG9uMSMwIQYDVQQKDBpQ ++eXRob24gU29mdHdhcmUgRm91bmRhdGlvbjEgMB4GA1UECwwXUHl0aG9uIENvcmUg ++RGV2ZWxvcG1lbnQxJDAiBgNVBAMMG251bGwucHl0aG9uLm9yZwBleGFtcGxlLm9y ++ZzEkMCIGCSqGSIb3DQEJARYVcHl0aG9uLWRldkBweXRob24ub3JnMB4XDTEzMDgw ++NzEzMTE1MloXDTEzMDgwNzEzMTI1MlowgcUxCzAJBgNVBAYTAlVTMQ8wDQYDVQQI ++DAZPcmVnb24xEjAQBgNVBAcMCUJlYXZlcnRvbjEjMCEGA1UECgwaUHl0aG9uIFNv ++ZnR3YXJlIEZvdW5kYXRpb24xIDAeBgNVBAsMF1B5dGhvbiBDb3JlIERldmVsb3Bt ++ZW50MSQwIgYDVQQDDBtudWxsLnB5dGhvbi5vcmcAZXhhbXBsZS5vcmcxJDAiBgkq ++hkiG9w0BCQEWFXB5dGhvbi1kZXZAcHl0aG9uLm9yZzCCASIwDQYJKoZIhvcNAQEB ++BQADggEPADCCAQoCggEBALXq7cn7Rn1vO3aA3TrzA5QLp6bb7B3f/yN0CJ2XFj+j ++pHs+Gw6WWSUDpybiiKnPec33BFawq3kyblnBMjBU61ioy5HwQqVkJ8vUVjGIUq3P ++vX/wBmQfzCe4o4uM89gpHyUL9UYGG8oCRa17dgqcv7u5rg0Wq2B1rgY+nHwx3JIv ++KRrgSwyRkGzpN8WQ1yrXlxWjgI9de0mPVDDUlywcWze1q2kwaEPTM3hLAmD1PESA ++oY/n8A/RXoeeRs9i/Pm/DGUS8ZPINXk/yOzsR/XvvkTVroIeLZqfmFpnZeF0cHzL ++08LODkVJJ9zjLdT7SA4vnne4FEbAxDbKAq5qkYzaL4UCAwEAAaOB0DCBzTAMBgNV ++HRMBAf8EAjAAMB0GA1UdDgQWBBSIWlXAUv9hzVKjNQ/qWpwkOCL3XDALBgNVHQ8E ++BAMCBeAwgZAGA1UdEQSBiDCBhYIeYWx0bnVsbC5weXRob24ub3JnAGV4YW1wbGUu ++Y29tgSBudWxsQHB5dGhvbi5vcmcAdXNlckBleGFtcGxlLm9yZ4YpaHR0cDovL251 ++bGwucHl0aG9uLm9yZwBodHRwOi8vZXhhbXBsZS5vcmeHBMAAAgGHECABDbgAAAAA ++AAAAAAAAAAEwDQYJKoZIhvcNAQEFBQADggEBAKxPRe99SaghcI6IWT7UNkJw9aO9 ++i9eo0Fj2MUqxpKbdb9noRDy2CnHWf7EIYZ1gznXPdwzSN4YCjV5d+Q9xtBaowT0j ++HPERs1ZuytCNNJTmhyqZ8q6uzMLoht4IqH/FBfpvgaeC5tBTnTT0rD5A/olXeimk ++kX4LxlEx5RAvpGB2zZVRGr6LobD9rVK91xuHYNIxxxfEGE8tCCWjp0+3ksri9SXx ++VHWBnbM9YaL32u3hxm8sYB/Yb8WSBavJCWJJqRStVRHM1koZlJmXNx2BX4vPo6iW ++RFEIPQsFZRLrtnCAiEhyT8bC2s/Njlu6ly9gtJZWSV46Q3ZjBL4q9sHKqZQ= ++-----END CERTIFICATE----- +diff --git a/ext/openssl/tests/cve2013_4073.phpt b/ext/openssl/tests/cve2013_4073.phpt +new file mode 100644 +index 0000000..e676ddf +--- /dev/null ++++ b/ext/openssl/tests/cve2013_4073.phpt +@@ -0,0 +1,19 @@ ++--TEST-- ++CVE 2013-4073: Null-byte certificate handling ++--SKIPIF-- ++ 'CA:FALSE', ++ 'subjectKeyIdentifier' => '88:5A:55:C0:52:FF:61:CD:52:A3:35:0F:EA:5A:9C:24:38:22:F7:5C', ++ 'keyUsage' => 'Digital Signature, Non Repudiation, Key Encipherment', ++ 'subjectAltName' => 'DNS:altnull.python.org' . "\0" . 'example.com, email:null@python.org' . "\0" . 'user@example.org, URI:http://null.python.org' . "\0" . 'http://example.org, IP Address:192.0.2.1, IP Address:2001:DB8:0:0:0:0:0:1 ++', ++) +-- +1.8.4.3 + + diff -r 07964fc8b408 -r 61e6cd945591 components/php-5_2/php-sapi/patches/40_php_18083695.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/php-5_2/php-sapi/patches/40_php_18083695.patch Wed Apr 09 16:18:40 2014 -0700 @@ -0,0 +1,124 @@ +Fix for CVE-2013-6420 +Patch: +http://git.php.net/?p=php-src.git;a=patch;h=c1224573c773b6845e83505f717fbf820fc18415 +Code: +http://git.php.net/?p=php-src.git;a=commit;h=c1224573c773b6845e83505f717fbf820fc18415 +This patch is for php 5.3 code but works well enough on php 5.2 code. +Verified by hand that it patches the correct code. + + + +From c1224573c773b6845e83505f717fbf820fc18415 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Sun, 8 Dec 2013 11:40:18 -0800 +Subject: [PATCH] Fix CVE-2013-6420 - memory corruption in openssl_x509_parse + +--- + NEWS | 4 +++- + ext/openssl/openssl.c | 18 ++++++++++++++---- + ext/openssl/tests/cve-2013-6420.crt | 29 +++++++++++++++++++++++++++++ + ext/openssl/tests/cve-2013-6420.phpt | 18 ++++++++++++++++++ + 4 files changed, 64 insertions(+), 5 deletions(-) + create mode 100644 ext/openssl/tests/cve-2013-6420.crt + create mode 100644 ext/openssl/tests/cve-2013-6420.phpt + +diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c +index e7672e4..0d2d644 100644 +--- a/ext/openssl/openssl.c ++++ b/ext/openssl/openssl.c +@@ -644,18 +644,28 @@ static time_t asn1_time_to_time_t(ASN1_UTCTIME * timestr TSRMLS_DC) /* {{{ */ + char * thestr; + long gmadjust = 0; + +- if (timestr->length < 13) { +- php_error_docref(NULL TSRMLS_CC, E_WARNING, "extension author too lazy to parse %s correctly", timestr->data); ++ if (ASN1_STRING_type(timestr) != V_ASN1_UTCTIME) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "illegal ASN1 data type for timestamp"); + return (time_t)-1; + } + +- strbuf = estrdup((char *)timestr->data); ++ if (ASN1_STRING_length(timestr) != strlen(ASN1_STRING_data(timestr))) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "illegal length in timestamp"); ++ return (time_t)-1; ++ } ++ ++ if (ASN1_STRING_length(timestr) < 13) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to parse time string %s correctly", timestr->data); ++ return (time_t)-1; ++ } ++ ++ strbuf = estrdup((char *)ASN1_STRING_data(timestr)); + + memset(&thetime, 0, sizeof(thetime)); + + /* we work backwards so that we can use atoi more easily */ + +- thestr = strbuf + timestr->length - 3; ++ thestr = strbuf + ASN1_STRING_length(timestr) - 3; + + thetime.tm_sec = atoi(thestr); + *thestr = '\0'; +diff --git a/ext/openssl/tests/cve-2013-6420.crt b/ext/openssl/tests/cve-2013-6420.crt +new file mode 100644 +index 0000000..4543314 +--- /dev/null ++++ b/ext/openssl/tests/cve-2013-6420.crt +@@ -0,0 +1,29 @@ ++-----BEGIN CERTIFICATE----- ++MIIEpDCCA4ygAwIBAgIJAJzu8r6u6eBcMA0GCSqGSIb3DQEBBQUAMIHDMQswCQYD ++VQQGEwJERTEcMBoGA1UECAwTTm9yZHJoZWluLVdlc3RmYWxlbjEQMA4GA1UEBwwH ++S8ODwrZsbjEUMBIGA1UECgwLU2VrdGlvbkVpbnMxHzAdBgNVBAsMFk1hbGljaW91 ++cyBDZXJ0IFNlY3Rpb24xITAfBgNVBAMMGG1hbGljaW91cy5zZWt0aW9uZWlucy5k ++ZTEqMCgGCSqGSIb3DQEJARYbc3RlZmFuLmVzc2VyQHNla3Rpb25laW5zLmRlMHUY ++ZDE5NzAwMTAxMDAwMDAwWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ++AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ++AAAAAAAXDTE0MTEyODExMzkzNVowgcMxCzAJBgNVBAYTAkRFMRwwGgYDVQQIDBNO ++b3JkcmhlaW4tV2VzdGZhbGVuMRAwDgYDVQQHDAdLw4PCtmxuMRQwEgYDVQQKDAtT ++ZWt0aW9uRWluczEfMB0GA1UECwwWTWFsaWNpb3VzIENlcnQgU2VjdGlvbjEhMB8G ++A1UEAwwYbWFsaWNpb3VzLnNla3Rpb25laW5zLmRlMSowKAYJKoZIhvcNAQkBFhtz ++dGVmYW4uZXNzZXJAc2VrdGlvbmVpbnMuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IB ++DwAwggEKAoIBAQDDAf3hl7JY0XcFniyEJpSSDqn0OqBr6QP65usJPRt/8PaDoqBu ++wEYT/Na+6fsgPjC0uK9DZgWg2tHWWoanSblAMoz5PH6Z+S4SHRZ7e2dDIjPjdhjh ++0mLg2UMO5yp0V797Ggs9lNt6JRfH81MN2obXWs4NtztLMuD6egqpr8dDbr34aOs8 ++pkdui5UawTZksy5pLPHq5cMhFGm06v65CLo0V2Pd9+KAokPrPcN5KLKebz7mLpk6 ++SMeEXOKP4idEqxyQ7O7fBuHMedsQhu+prY3si3BUyKfQtP5CZnX2bp0wKHxX12DX ++1nfFIt9DbGvHTcyOuN+nZLPBm3vWxntyIIvVAgMBAAGjQjBAMAkGA1UdEwQCMAAw ++EQYJYIZIAYb4QgEBBAQDAgeAMAsGA1UdDwQEAwIFoDATBgNVHSUEDDAKBggrBgEF ++BQcDAjANBgkqhkiG9w0BAQUFAAOCAQEAG0fZYYCTbdj1XYc+1SnoaPR+vI8C8CaD ++8+0UYhdnyU4gga0BAcDrY9e94eEAu6ZqycF6FjLqXXdAboppWocr6T6GD1x33Ckl ++VArzG/KxQohGD2JeqkhIMlDomxHO7ka39+Oa8i2vWLVyjU8AZvWMAruHa4EENyG7 ++lW2AagaFKFCr9TnXTfrdxGVEbv7KVQ6bdhg5p5SjpWH1+Mq03uR3ZXPBYdyV8319 ++o0lVj1KFI2DCL/liWisJRoof+1cR35Ctd0wYBcpB6TZslMcOPl76dwKwJgeJo2Qg ++Zsfmc2vC1/qOlNuNq/0TzzkVGv8ETT3CgaU+UXe4XOVvkccebJn2dg== ++-----END CERTIFICATE----- ++ ++ +diff --git a/ext/openssl/tests/cve-2013-6420.phpt b/ext/openssl/tests/cve-2013-6420.phpt +new file mode 100644 +index 0000000..b946cf0 +--- /dev/null ++++ b/ext/openssl/tests/cve-2013-6420.phpt +@@ -0,0 +1,18 @@ ++--TEST-- ++CVE-2013-6420 ++--SKIPIF-- ++ ++--FILE-- ++ ++Done ++--EXPECTF-- ++%s openssl_x509_parse(): illegal ASN1 data type for timestamp in %s/cve-2013-6420.php on line 3 ++string(27) "stefan.esser@sektioneins.de" ++int(-1) ++Done +-- +1.8.4.3 + + diff -r 07964fc8b408 -r 61e6cd945591 components/php-5_3/Makefile --- a/components/php-5_3/Makefile Wed Apr 09 15:50:49 2014 -0700 +++ b/components/php-5_3/Makefile Wed Apr 09 16:18:40 2014 -0700 @@ -115,7 +115,7 @@ # looks like i DO NEED the pear patches COMPONENT_NAME= php -COMPONENT_VERSION= 5.3.27 +COMPONENT_VERSION= 5.3.28 COMPONENT_PROJECT_URL= http://www.php.net/ COMPONENT_BUGDB= utility/php diff -r 07964fc8b408 -r 61e6cd945591 components/php-5_3/apache-php53.p5m --- a/components/php-5_3/apache-php53.p5m Wed Apr 09 15:50:49 2014 -0700 +++ b/components/php-5_3/apache-php53.p5m Wed Apr 09 16:18:40 2014 -0700 @@ -21,10 +21,10 @@ # Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved. # -set name=pkg.fmri value=pkg:/web/server/apache-22/module/apache-php53@5.3.27,$(BUILD_VERSION) +set name=pkg.fmri value=pkg:/web/server/apache-22/module/apache-php53@$(COMPONENT_VERSION),$(BUILD_VERSION) set name=pkg.summary value="PHP Server for Apache Web Server" set name=info.classification value="org.opensolaris.category.2008:Web Services/Application and Web Servers" -set name=info.source-url value=http://us.php.net/get/php-5.3.27.tar.gz/from/this/mirror +set name=info.source-url value=http://us.php.net/get/php-$(COMPONENT_VERSION).tar.gz/from/this/mirror set name=info.upstream-url value=$(COMPONENT_PROJECT_URL) set name=org.opensolaris.arc-caseid value=PSARC/2012/067 set name=org.opensolaris.consolidation value=$(CONSOLIDATION) @@ -32,7 +32,7 @@ license apache-php53.license license='PHP, GPLv2, LGPLv2, Apache v2.0' \ com.oracle.info.description="the PHP module for the Apache web server" \ com.oracle.info.name=apache-php53 \ - com.oracle.info.version=5.3.27 \ + com.oracle.info.version=$(COMPONENT_VERSION) \ com.oracle.info.tpno=17137 file path=etc/apache2/2.2/conf.d/php/php5.3.conf mode=0644 preserve=renamenew @@ -41,7 +41,7 @@ file path=usr/apache2/2.2/libexec/mod_php5.3.so # need generic dependency on PHP itself -depend fmri=web/php-53@5.3.27 type=require +depend fmri=web/php-53@$(COMPONENT_VERSION) type=require # if php5.2 apache is present drag forward because php.conf files # move around diff -r 07964fc8b408 -r 61e6cd945591 components/php-5_3/php-53.p5m --- a/components/php-5_3/php-53.p5m Wed Apr 09 15:50:49 2014 -0700 +++ b/components/php-5_3/php-53.p5m Wed Apr 09 16:18:40 2014 -0700 @@ -26,7 +26,7 @@ default mode 0644> default preserve renamenew> -set name=pkg.fmri value=pkg:/web/php-53@5.3.27,$(BUILD_VERSION) +set name=pkg.fmri value=pkg:/web/php-53@$(COMPONENT_VERSION),$(BUILD_VERSION) set name=pkg.description \ value="A general-purpose scripting language originally designed for web development to produce dynamic web pages." set name=pkg.summary value="PHP Server" @@ -34,14 +34,14 @@ value="org.opensolaris.category.2008:Development/PHP" set name=info.upstream-url value=$(COMPONENT_PROJECT_URL) set name=info.source-url \ - value=http://us.php.net/get/php-5.3.27.tar.bz2/from/this/mirror + value=http://us.php.net/get/php-$(COMPONENT_VERSION).tar.bz2/from/this/mirror set name=org.opensolaris.arc-caseid value=PSARC/2012/067 set name=org.opensolaris.consolidation value=$(CONSOLIDATION) license php-53.license license='PHP, GPLv2, LGPLv2, Apache v2.0' \ com.oracle.info.description="the PHP scripting language" \ com.oracle.info.name=php-53 \ - com.oracle.info.version=5.3.27 \ + com.oracle.info.version=$(COMPONENT_VERSION) \ com.oracle.info.tpno=17137 dir path=var/php/5.3/sessions owner=webservd mode=0750 @@ -227,6 +227,23 @@ file path=usr/php/5.3/include/php/ext/mbstring/php_mbregex.h file path=usr/php/5.3/include/php/ext/mbstring/php_onig_compat.h file path=usr/php/5.3/include/php/ext/mysqli/php_mysqli_structs.h +file path=usr/php/5.3/include/php/ext/mysqlnd/config-win.h +file path=usr/php/5.3/include/php/ext/mysqlnd/mysqlnd.h +file path=usr/php/5.3/include/php/ext/mysqlnd/mysqlnd_block_alloc.h +file path=usr/php/5.3/include/php/ext/mysqlnd/mysqlnd_charset.h +file path=usr/php/5.3/include/php/ext/mysqlnd/mysqlnd_debug.h +file path=usr/php/5.3/include/php/ext/mysqlnd/mysqlnd_enum_n_def.h +file path=usr/php/5.3/include/php/ext/mysqlnd/mysqlnd_libmysql_compat.h +file path=usr/php/5.3/include/php/ext/mysqlnd/mysqlnd_net.h +file path=usr/php/5.3/include/php/ext/mysqlnd/mysqlnd_portability.h +file path=usr/php/5.3/include/php/ext/mysqlnd/mysqlnd_priv.h +file path=usr/php/5.3/include/php/ext/mysqlnd/mysqlnd_result.h +file path=usr/php/5.3/include/php/ext/mysqlnd/mysqlnd_result_meta.h +file path=usr/php/5.3/include/php/ext/mysqlnd/mysqlnd_statistics.h +file path=usr/php/5.3/include/php/ext/mysqlnd/mysqlnd_structs.h +file path=usr/php/5.3/include/php/ext/mysqlnd/mysqlnd_wireprotocol.h +file path=usr/php/5.3/include/php/ext/mysqlnd/php_mysqlnd.h +file path=usr/php/5.3/include/php/ext/mysqlnd/php_mysqlnd_config.h file path=usr/php/5.3/include/php/ext/pcre/pcrelib/config.h file path=usr/php/5.3/include/php/ext/pcre/pcrelib/pcre.h file path=usr/php/5.3/include/php/ext/pcre/pcrelib/pcre_internal.h diff -r 07964fc8b408 -r 61e6cd945591 components/php-5_3/php-apc.p5m --- a/components/php-5_3/php-apc.p5m Wed Apr 09 15:50:49 2014 -0700 +++ b/components/php-5_3/php-apc.p5m Wed Apr 09 16:18:40 2014 -0700 @@ -51,4 +51,4 @@ file path=usr/php/5.3/zts-modules/apc.so # need generic dependency on PHP itself -depend fmri=web/php-53@5.3.27 type=require +depend fmri=web/php-53@$(COMPONENT_VERSION) type=require diff -r 07964fc8b408 -r 61e6cd945591 components/php-5_3/php-cgi/Makefile --- a/components/php-5_3/php-cgi/Makefile Wed Apr 09 15:50:49 2014 -0700 +++ b/components/php-5_3/php-cgi/Makefile Wed Apr 09 16:18:40 2014 -0700 @@ -23,11 +23,11 @@ include ../../../make-rules/shared-macros.mk COMPONENT_NAME= php -COMPONENT_VERSION= 5.3.27 +COMPONENT_VERSION= 5.3.28 COMPONENT_SRC= $(COMPONENT_NAME)-$(COMPONENT_VERSION) COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.bz2 COMPONENT_ARCHIVE_HASH= \ - sha256:e12db21c623b82a2244c4dd9b06bb75af20868c1b748a105a6829a5acc36b287 + sha256:0cac960c651c4fbb3d21cf2f2b279a06e21948fb35a0d1439b97296cac1d8513 COMPONENT_ARCHIVE_URL= http://us.php.net/get/$(COMPONENT_ARCHIVE)/from/this/mirror PATCH_DIR = ../php-sapi/patches diff -r 07964fc8b408 -r 61e6cd945591 components/php-5_3/php-doc.p5m --- a/components/php-5_3/php-doc.p5m Wed Apr 09 15:50:49 2014 -0700 +++ b/components/php-5_3/php-doc.p5m Wed Apr 09 16:18:40 2014 -0700 @@ -21,7 +21,7 @@ # Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved. # -set name=pkg.fmri value=pkg:/web/php-53/documentation@5.3.27,$(BUILD_VERSION) +set name=pkg.fmri value=pkg:/web/php-53/documentation@$(COMPONENT_VERSION),$(BUILD_VERSION) set name=pkg.summary value="PHP Server Documentation" set name=info.classification \ value="org.opensolaris.category.2008:Development/PHP" @@ -37,7 +37,7 @@ license php-doc.license license='PHP' \ com.oracle.info.description="the PHP documentation" \ com.oracle.info.name=php-doc \ - com.oracle.info.version=5.3.27 \ + com.oracle.info.version=$(COMPONENT_VERSION) \ com.oracle.info.tpno=17137 link path=usr/php/doc target=5.3/doc mediator=php mediator-version=5.3 diff -r 07964fc8b408 -r 61e6cd945591 components/php-5_3/php-idn.p5m --- a/components/php-5_3/php-idn.p5m Wed Apr 09 15:50:49 2014 -0700 +++ b/components/php-5_3/php-idn.p5m Wed Apr 09 16:18:40 2014 -0700 @@ -46,4 +46,4 @@ file path=usr/php/5.3/zts-modules/idn.so # need generic dependency on PHP itself -depend fmri=web/php-53@5.3.27 type=require +depend fmri=web/php-53@$(COMPONENT_VERSION) type=require diff -r 07964fc8b408 -r 61e6cd945591 components/php-5_3/php-memcache.p5m --- a/components/php-5_3/php-memcache.p5m Wed Apr 09 15:50:49 2014 -0700 +++ b/components/php-5_3/php-memcache.p5m Wed Apr 09 16:18:40 2014 -0700 @@ -50,4 +50,4 @@ file path=usr/php/5.3/zts-modules/memcache.so # need generic dependency on PHP itself -depend fmri=web/php-53@5.3.27 type=require +depend fmri=web/php-53@$(COMPONENT_VERSION) type=require diff -r 07964fc8b408 -r 61e6cd945591 components/php-5_3/php-mysql.p5m --- a/components/php-5_3/php-mysql.p5m Wed Apr 09 15:50:49 2014 -0700 +++ b/components/php-5_3/php-mysql.p5m Wed Apr 09 16:18:40 2014 -0700 @@ -21,12 +21,12 @@ # Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved. # -set name=pkg.fmri value=pkg:/web/php-53/extension/php-mysql@5.3.27,$(BUILD_VERSION) +set name=pkg.fmri value=pkg:/web/php-53/extension/php-mysql@$(COMPONENT_VERSION),$(BUILD_VERSION) set name=pkg.summary value="MySQL extension module for PHP" set name=info.classification \ value="org.opensolaris.category.2008:Development/PHP" set name=info.upstream-url value=$(COMPONENT_PROJECT_URL) -set name=info.source-url value=http://us.php.net/get/php-5.3.27.tar.gz/from/this/mirror +set name=info.source-url value=http://us.php.net/get/php-$(COMPONENT_VERSION).tar.gz/from/this/mirror set name=org.opensolaris.arc-caseid value=PSARC/2012/067 set name=org.opensolaris.consolidation value=$(CONSOLIDATION) @@ -37,7 +37,7 @@ license php-mysql.license license='PHP, LGPLv2' \ com.oracle.info.description="the MySQL extension module for PHP" \ com.oracle.info.name=php-mysql \ - com.oracle.info.version=5.3.27 \ + com.oracle.info.version=$(COMPONENT_VERSION) \ com.oracle.info.tpno=17137 file path=etc/php/5.3/conf.d/mysql.ini mode=0644 preserve=renameold @@ -54,4 +54,4 @@ file path=usr/php/5.3/zts-modules/pdo_mysql.so # need generic dependency on PHP itself -depend fmri=web/php-53@5.3.27 type=require +depend fmri=web/php-53@$(COMPONENT_VERSION) type=require diff -r 07964fc8b408 -r 61e6cd945591 components/php-5_3/php-nsapi/Makefile --- a/components/php-5_3/php-nsapi/Makefile Wed Apr 09 15:50:49 2014 -0700 +++ b/components/php-5_3/php-nsapi/Makefile Wed Apr 09 16:18:40 2014 -0700 @@ -24,11 +24,11 @@ include ../../../make-rules/shared-macros.mk COMPONENT_NAME= php -COMPONENT_VERSION= 5.3.27 +COMPONENT_VERSION= 5.3.28 COMPONENT_SRC= $(COMPONENT_NAME)-$(COMPONENT_VERSION) COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.bz2 COMPONENT_ARCHIVE_HASH= \ - sha256:e12db21c623b82a2244c4dd9b06bb75af20868c1b748a105a6829a5acc36b287 + sha256:0cac960c651c4fbb3d21cf2f2b279a06e21948fb35a0d1439b97296cac1d8513 COMPONENT_ARCHIVE_URL= http://us.php.net/get/$(COMPONENT_ARCHIVE)/from/this/mirror COMPONENT_PROJECT_URL= http://www.php.net/ diff -r 07964fc8b408 -r 61e6cd945591 components/php-5_3/php-pear.p5m --- a/components/php-5_3/php-pear.p5m Wed Apr 09 15:50:49 2014 -0700 +++ b/components/php-5_3/php-pear.p5m Wed Apr 09 16:18:40 2014 -0700 @@ -26,13 +26,13 @@ default group bin> default preserve renamenew> -set name=pkg.fmri value=pkg:/web/php-53/extension/php-pear@5.3.27,$(BUILD_VERSION) +set name=pkg.fmri value=pkg:/web/php-53/extension/php-pear@$(COMPONENT_VERSION),$(BUILD_VERSION) set name=pkg.description \ value="Framework and reusable PHP components from PEAR repository for PHP" set name=pkg.summary value="PHP Extension and Application Repository" set name=info.classification \ value="org.opensolaris.category.2008:Development/PHP" -set name=info.source-url value=http://us.php.net/get/php-5.3.27.tar.gz/from/this/mirror +set name=info.source-url value=http://us.php.net/get/php-$(COMPONENT_VERSION).tar.gz/from/this/mirror set name=info.upstream-url value=http://pear.php.net/ set name=org.opensolaris.arc-caseid value=PSARC/2012/067 set name=org.opensolaris.consolidation value=$(CONSOLIDATION) @@ -44,7 +44,7 @@ license php-pear.license license='PHP, LGPLv2.1' \ com.oracle.info.description="the PEAR extension module for PHP" \ com.oracle.info.name=php-pear \ - com.oracle.info.version=5.3.27 \ + com.oracle.info.version=$(COMPONENT_VERSION) \ com.oracle.info.tpno=17137 dir path=var/php/5.3/include/php @@ -248,4 +248,4 @@ file path=var/php/5.3/pear/test/XML_Util/tests/testBug_5392.phpt # need generic dependency on PHP itself -depend fmri=web/php-53@5.3.27 type=require +depend fmri=web/php-53@$(COMPONENT_VERSION) type=require diff -r 07964fc8b408 -r 61e6cd945591 components/php-5_3/php-sapi/Makefile --- a/components/php-5_3/php-sapi/Makefile Wed Apr 09 15:50:49 2014 -0700 +++ b/components/php-5_3/php-sapi/Makefile Wed Apr 09 16:18:40 2014 -0700 @@ -29,11 +29,11 @@ # published from. COMPONENT_NAME= php -COMPONENT_VERSION= 5.3.27 +COMPONENT_VERSION= 5.3.28 COMPONENT_SRC= $(COMPONENT_NAME)-$(COMPONENT_VERSION) COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.bz2 COMPONENT_ARCHIVE_HASH= \ - sha256:e12db21c623b82a2244c4dd9b06bb75af20868c1b748a105a6829a5acc36b287 + sha256:0cac960c651c4fbb3d21cf2f2b279a06e21948fb35a0d1439b97296cac1d8513 COMPONENT_ARCHIVE_URL= http://us.php.net/get/$(COMPONENT_ARCHIVE)/from/this/mirror COMPONENT_PROJECT_URL= http://www.php.net/ diff -r 07964fc8b408 -r 61e6cd945591 components/php-5_3/php-sapi/patches/150_php_18083695.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/php-5_3/php-sapi/patches/150_php_18083695.patch Wed Apr 09 16:18:40 2014 -0700 @@ -0,0 +1,51 @@ +Fix for CVE-2013-6712 +Patch: +http://git.php.net/?p=php-src.git;a=patch;h=12fe4e90be7bfa2a763197079f68f5568a14e071 +Code: +http://git.php.net/?p=php-src.git;a=commitdiff;h=12fe4e90be7bfa2a763197079f68f5568a14e071 +This patch is for php 5.4 code but works well enough on php 5.3 code. +Verified by hand that it patches the correct code. +Slightly modified by hand to remove unnecessary parts that fail to patch. + + +From 12fe4e90be7bfa2a763197079f68f5568a14e071 Mon Sep 17 00:00:00 2001 +From: Remi Collet +Date: Wed, 27 Nov 2013 11:13:16 +0100 +Subject: [PATCH] Fixed bug #66060 (Heap buffer over-read in DateInterval) + +--- + NEWS | 3 +++ + ext/date/lib/parse_iso_intervals.c | 4 ++-- + ext/date/lib/parse_iso_intervals.re | 2 +- + 3 files changed, 6 insertions(+), 3 deletions(-) + +diff --git a/ext/date/lib/parse_iso_intervals.c b/ext/date/lib/parse_iso_intervals.c +index bd1ad05..480ea38 100644 +--- a/ext/date/lib/parse_iso_intervals.c ++++ b/ext/date/lib/parse_iso_intervals.c +@@ -415,7 +415,7 @@ yy6: + break; + } + ptr++; +- } while (*ptr); ++ } while (!s->errors->error_count && *ptr); + s->have_period = 1; + TIMELIB_DEINIT; + return TIMELIB_PERIOD; +diff --git a/ext/date/lib/parse_iso_intervals.re b/ext/date/lib/parse_iso_intervals.re +index 56aa34d..c5e9f67 100644 +--- a/ext/date/lib/parse_iso_intervals.re ++++ b/ext/date/lib/parse_iso_intervals.re +@@ -383,7 +383,7 @@ isoweek = year4 "-"? "W" weekofyear; + break; + } + ptr++; +- } while (*ptr); ++ } while (!s->errors->error_count && *ptr); + s->have_period = 1; + TIMELIB_DEINIT; + return TIMELIB_PERIOD; +-- +1.8.4.3 + + diff -r 07964fc8b408 -r 61e6cd945591 components/php-5_3/php-sapi/patches/160_php_18368537.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/php-5_3/php-sapi/patches/160_php_18368537.patch Wed Apr 09 16:18:40 2014 -0700 @@ -0,0 +1,190 @@ +Fix for CVE-2014-1943 +Modified version of this patch: +http://git.php.net/?p=php-src.git;a=patch;h=fdb9b6e5ec73d37b9734c9f7c50b3946ed85b5e3 +which is for php 5.4 code. +php 5.4 code is here: +http://git.php.net/?p=php-src.git;a=commit;h=fdb9b6e5ec73d37b9734c9f7c50b3946ed85b5e3 +Got this verson from johannes.schlueter@oracle.com who is a +PHP community member. +Comparing the 2 versions and this one looks believable. + + +php-5.3.28-CVE-2014-1943.diff + +diff -Naurp php-5.3.28/ext/fileinfo/libmagic/ascmagic.c php-5.3.28.oden/ext/fileinfo/libmagic/ascmagic.c +--- php-5.3.28/ext/fileinfo/libmagic/ascmagic.c 2013-12-10 19:04:57.000000000 +0000 ++++ php-5.3.28.oden/ext/fileinfo/libmagic/ascmagic.c 2014-02-19 15:59:40.000000000 +0000 +@@ -145,7 +145,7 @@ file_ascmagic_with_encoding(struct magic + == NULL) + goto done; + if ((rv = file_softmagic(ms, utf8_buf, +- (size_t)(utf8_end - utf8_buf), TEXTTEST, text)) == 0) ++ (size_t)(utf8_end - utf8_buf), 0, TEXTTEST, text)) == 0) + rv = -1; + } + +diff -Naurp php-5.3.28/ext/fileinfo/libmagic/file.h php-5.3.28.oden/ext/fileinfo/libmagic/file.h +--- php-5.3.28/ext/fileinfo/libmagic/file.h 2013-12-10 19:04:57.000000000 +0000 ++++ php-5.3.28.oden/ext/fileinfo/libmagic/file.h 2014-02-19 15:59:40.000000000 +0000 +@@ -414,7 +414,7 @@ protected int file_encoding(struct magic + unichar **, size_t *, const char **, const char **, const char **); + protected int file_is_tar(struct magic_set *, const unsigned char *, size_t); + protected int file_softmagic(struct magic_set *, const unsigned char *, size_t, +- int, int); ++ size_t, int, int); + protected struct mlist *file_apprentice(struct magic_set *, const char *, int); + protected uint64_t file_signextend(struct magic_set *, struct magic *, + uint64_t); +diff -Naurp php-5.3.28/ext/fileinfo/libmagic/funcs.c php-5.3.28.oden/ext/fileinfo/libmagic/funcs.c +--- php-5.3.28/ext/fileinfo/libmagic/funcs.c 2013-12-10 19:04:57.000000000 +0000 ++++ php-5.3.28.oden/ext/fileinfo/libmagic/funcs.c 2014-02-19 15:59:40.000000000 +0000 +@@ -235,7 +235,7 @@ file_buffer(struct magic_set *ms, php_st + + /* try soft magic tests */ + if ((ms->flags & MAGIC_NO_CHECK_SOFT) == 0) +- if ((m = file_softmagic(ms, ubuf, nb, BINTEST, ++ if ((m = file_softmagic(ms, ubuf, nb, 0, BINTEST, + looks_text)) != 0) { + if ((ms->flags & MAGIC_DEBUG) != 0) + (void)fprintf(stderr, "softmagic %d\n", m); +diff -Naurp php-5.3.28/ext/fileinfo/libmagic/softmagic.c php-5.3.28.oden/ext/fileinfo/libmagic/softmagic.c +--- php-5.3.28/ext/fileinfo/libmagic/softmagic.c 2013-12-10 19:04:57.000000000 +0000 ++++ php-5.3.28.oden/ext/fileinfo/libmagic/softmagic.c 2014-02-19 15:59:40.000000000 +0000 +@@ -48,9 +48,9 @@ FILE_RCSID("@(#)$File: softmagic.c,v 1.1 + + + private int match(struct magic_set *, struct magic *, uint32_t, +- const unsigned char *, size_t, int, int); ++ const unsigned char *, size_t, int, int, int); + private int mget(struct magic_set *, const unsigned char *, +- struct magic *, size_t, unsigned int, int); ++ struct magic *, size_t, unsigned int, int, int); + private int magiccheck(struct magic_set *, struct magic *); + private int32_t mprint(struct magic_set *, struct magic *); + private int32_t moffset(struct magic_set *, struct magic *); +@@ -72,13 +72,13 @@ private void cvt_64(union VALUETYPE *, c + /*ARGSUSED1*/ /* nbytes passed for regularity, maybe need later */ + protected int + file_softmagic(struct magic_set *ms, const unsigned char *buf, size_t nbytes, +- int mode, int text) ++ size_t level, int mode, int text) + { + struct mlist *ml; + int rv; + for (ml = ms->mlist->next; ml != ms->mlist; ml = ml->next) + if ((rv = match(ms, ml->magic, ml->nmagic, buf, nbytes, mode, +- text)) != 0) ++ text, level)) != 0) + return rv; + + return 0; +@@ -113,7 +113,8 @@ file_softmagic(struct magic_set *ms, con + */ + private int + match(struct magic_set *ms, struct magic *magic, uint32_t nmagic, +- const unsigned char *s, size_t nbytes, int mode, int text) ++ const unsigned char *s, size_t nbytes, int mode, int text, ++ int recursion_level) + { + uint32_t magindex = 0; + unsigned int cont_level = 0; +@@ -145,7 +146,7 @@ match(struct magic_set *ms, struct magic + ms->line = m->lineno; + + /* if main entry matches, print it... */ +- switch (mget(ms, s, m, nbytes, cont_level, text)) { ++ switch (mget(ms, s, m, nbytes, cont_level, text, recursion_level + 1)) { + case -1: + return -1; + case 0: +@@ -227,7 +228,7 @@ match(struct magic_set *ms, struct magic + continue; + } + #endif +- switch (mget(ms, s, m, nbytes, cont_level, text)) { ++ switch (mget(ms, s, m, nbytes, cont_level, text, recursion_level + 1)) { + case -1: + return -1; + case 0: +@@ -997,12 +998,18 @@ mcopy(struct magic_set *ms, union VALUET + + private int + mget(struct magic_set *ms, const unsigned char *s, +- struct magic *m, size_t nbytes, unsigned int cont_level, int text) ++ struct magic *m, size_t nbytes, unsigned int cont_level, int text, ++ int recursion_level) + { + uint32_t offset = ms->offset; + uint32_t count = m->str_range; + union VALUETYPE *p = &ms->ms_value; + ++ if (recursion_level >= 20) { ++ file_error(ms, 0, "recursion nesting exceeded"); ++ return -1; ++ } ++ + if (mcopy(ms, p, m->type, m->flag & INDIR, s, offset, nbytes, count) == -1) + return -1; + +@@ -1550,13 +1557,15 @@ mget(struct magic_set *ms, const unsigne + break; + + case FILE_INDIRECT: ++ if (offset == 0) ++ return 0; + if ((ms->flags & (MAGIC_MIME|MAGIC_APPLE)) == 0 && + file_printf(ms, "%s", m->desc) == -1) + return -1; + if (nbytes < offset) + return 0; + return file_softmagic(ms, s + offset, nbytes - offset, +- BINTEST, text); ++ recursion_level, BINTEST, text); + + case FILE_DEFAULT: /* nothing to check */ + default: +diff -Naurp php-5.3.28/ext/fileinfo/tests/cve-2014-1943.phpt php-5.3.28.oden/ext/fileinfo/tests/cve-2014-1943.phpt +--- php-5.3.28/ext/fileinfo/tests/cve-2014-1943.phpt 1970-01-01 00:00:00.000000000 +0000 ++++ php-5.3.28.oden/ext/fileinfo/tests/cve-2014-1943.phpt 2014-02-19 16:00:20.000000000 +0000 +@@ -0,0 +1,39 @@ ++--TEST-- ++Bug #66731: file: infinite recursion ++--SKIPIF-- ++(1.b) indirect x\n"; ++ ++file_put_contents($fd, $a); ++$fi = finfo_open(FILEINFO_NONE); ++var_dump(finfo_file($fi, $fd)); ++finfo_close($fi); ++ ++file_put_contents($fd, $b); ++file_put_contents($fm, $m); ++$fi = finfo_open(FILEINFO_NONE, $fm); ++var_dump(finfo_file($fi, $fd)); ++finfo_close($fi); ++?> ++Done ++--CLEAN-- ++ ++--EXPECTF-- ++string(%d) "%s" ++ ++Warning: finfo_file(): Failed identify data 0:(null) in %s on line %d ++bool(false) ++Done + + diff -r 07964fc8b408 -r 61e6cd945591 components/php-5_3/php-sapi/patches/170_php_18368630.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/php-5_3/php-sapi/patches/170_php_18368630.patch Wed Apr 09 16:18:40 2014 -0700 @@ -0,0 +1,111 @@ +Fix for CVE-2014-2270 +Patch: +http://git.php.net/?p=php-src.git;a=patch;h=a33759fd27 +Code: +http://git.php.net/?p=php-src.git;a=commitdiff;h=a33759fd27 +This patch is for php 5.5 code but works well enough on php 5.3 code. +Verified by hand that it patches the correct code. +Slightly modified by hand to remove unnecessary parts that fail to patch. + + + +From a33759fd275b32ed0bbe89796fe2953b3cb0b41f Mon Sep 17 00:00:00 2001 +From: Remi Collet +Date: Tue, 4 Mar 2014 20:32:52 +0100 +Subject: [PATCH] Fixed Bug #66820 out-of-bounds memory access in fileinfo + +Upstream fix: +https://github.com/glensc/file/commit/447558595a3650db2886cd2f416ad0beba965801 + +Notice, test changed, with upstream agreement: +-define OFFSET_OOB(n, o, i) ((n) < (o) || (i) >= ((n) - (o))) ++define OFFSET_OOB(n, o, i) ((n) < (o) || (i) > ((n) - (o))) +--- + ext/fileinfo/libmagic/softmagic.c | 34 ++++++++++++++++++---------------- + 1 file changed, 18 insertions(+), 16 deletions(-) + +diff --git a/ext/fileinfo/libmagic/softmagic.c b/ext/fileinfo/libmagic/softmagic.c +index 82a470a..21fea6b 100644 +--- a/ext/fileinfo/libmagic/softmagic.c ++++ b/ext/fileinfo/libmagic/softmagic.c +@@ -67,6 +67,8 @@ private void cvt_16(union VALUETYPE *, const struct magic *); + private void cvt_32(union VALUETYPE *, const struct magic *); + private void cvt_64(union VALUETYPE *, const struct magic *); + ++#define OFFSET_OOB(n, o, i) ((n) < (o) || (i) > ((n) - (o))) ++ + /* + * softmagic - lookup one file in parsed, in-memory copy of database + * Passed the name and FILE * of one file to be typed. +@@ -1171,7 +1173,7 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m, + } + switch (cvt_flip(m->in_type, flip)) { + case FILE_BYTE: +- if (nbytes < (offset + 1)) ++ if (OFFSET_OOB(nbytes, offset, 1)) + return 0; + if (off) { + switch (m->in_op & FILE_OPS_MASK) { +@@ -1206,7 +1208,7 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m, + offset = ~offset; + break; + case FILE_BESHORT: +- if (nbytes < (offset + 2)) ++ if (OFFSET_OOB(nbytes, offset, 2)) + return 0; + if (off) { + switch (m->in_op & FILE_OPS_MASK) { +@@ -1258,7 +1260,7 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m, + offset = ~offset; + break; + case FILE_LESHORT: +- if (nbytes < (offset + 2)) ++ if (OFFSET_OOB(nbytes, offset, 2)) + return 0; + if (off) { + switch (m->in_op & FILE_OPS_MASK) { +@@ -1310,7 +1312,7 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m, + offset = ~offset; + break; + case FILE_SHORT: +- if (nbytes < (offset + 2)) ++ if (OFFSET_OOB(nbytes, offset, 2)) + return 0; + if (off) { + switch (m->in_op & FILE_OPS_MASK) { +@@ -1347,7 +1349,7 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m, + break; + case FILE_BELONG: + case FILE_BEID3: +- if (nbytes < (offset + 4)) ++ if (OFFSET_OOB(nbytes, offset, 4)) + return 0; + if (off) { + switch (m->in_op & FILE_OPS_MASK) { +@@ -1418,7 +1420,7 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m, + break; + case FILE_LELONG: + case FILE_LEID3: +- if (nbytes < (offset + 4)) ++ if (OFFSET_OOB(nbytes, offset, 4)) + return 0; + if (off) { + switch (m->in_op & FILE_OPS_MASK) { +@@ -1488,7 +1490,7 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m, + offset = ~offset; + break; + case FILE_MELONG: +- if (nbytes < (offset + 4)) ++ if (OFFSET_OOB(nbytes, offset, 4)) + return 0; + if (off) { + switch (m->in_op & FILE_OPS_MASK) { +@@ -1558,7 +1560,7 @@ mget(struct magic_set *ms, const unsigned char *s, struct magic *m, + offset = ~offset; + break; + case FILE_LONG: +- if (nbytes < (offset + 4)) ++ if (OFFSET_OOB(nbytes, offset, 4)) + return 0; + if (off) { + switch (m->in_op & FILE_OPS_MASK) { diff -r 07964fc8b408 -r 61e6cd945591 components/php-5_3/php-sapi/patches/171_php_18368630.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/php-5_3/php-sapi/patches/171_php_18368630.patch Wed Apr 09 16:18:40 2014 -0700 @@ -0,0 +1,63 @@ +170_php_18368630.patch continued. +This corrects parts of the above patch because of context diffs. + + +--- php-5.3.28/ext/fileinfo/libmagic/softmagic.c_orig 2013-12-10 11:04:57.000000000 -0800 ++++ php-5.3.28/ext/fileinfo/libmagic/softmagic.c 2014-03-10 16:11:12.236393936 -0700 +@@ -1500,14 +1500,14 @@ + /* Verify we have enough data to match magic type */ + switch (m->type) { + case FILE_BYTE: +- if (nbytes < (offset + 1)) /* should alway be true */ ++ if (OFFSET_OOB(nbytes, offset, 1)) /* should alway be true */ + return 0; + break; + + case FILE_SHORT: + case FILE_BESHORT: + case FILE_LESHORT: +- if (nbytes < (offset + 2)) ++ if (OFFSET_OOB(nbytes, offset, 2)) + return 0; + break; + +@@ -1526,26 +1526,26 @@ + case FILE_FLOAT: + case FILE_BEFLOAT: + case FILE_LEFLOAT: +- if (nbytes < (offset + 4)) ++ if (OFFSET_OOB(nbytes, offset, 4)) + return 0; + break; + + case FILE_DOUBLE: + case FILE_BEDOUBLE: + case FILE_LEDOUBLE: +- if (nbytes < (offset + 8)) ++ if (OFFSET_OOB(nbytes, offset, 8)) + return 0; + break; + + case FILE_STRING: + case FILE_PSTRING: + case FILE_SEARCH: +- if (nbytes < (offset + m->vallen)) ++ if (OFFSET_OOB(nbytes, offset, m->vallen)) + return 0; + break; + + case FILE_REGEX: +- if (nbytes < offset) ++ if (OFFSET_OOB(nbytes, offset, 0)) + return 0; + break; + +@@ -1553,7 +1553,7 @@ + if ((ms->flags & (MAGIC_MIME|MAGIC_APPLE)) == 0 && + file_printf(ms, "%s", m->desc) == -1) + return -1; +- if (nbytes < offset) ++ if (OFFSET_OOB(nbytes, offset, 0)) + return 0; + return file_softmagic(ms, s + offset, nbytes - offset, + BINTEST, text); diff -r 07964fc8b408 -r 61e6cd945591 components/php-5_3/php-suhosin.p5m --- a/components/php-5_3/php-suhosin.p5m Wed Apr 09 15:50:49 2014 -0700 +++ b/components/php-5_3/php-suhosin.p5m Wed Apr 09 16:18:40 2014 -0700 @@ -46,4 +46,4 @@ file path=usr/php/5.3/zts-modules/suhosin.so # need generic dependency on PHP itself -depend fmri=web/php-53@5.3.27 type=require +depend fmri=web/php-53@$(COMPONENT_VERSION) type=require diff -r 07964fc8b408 -r 61e6cd945591 components/php-5_3/php-tcpwrap.p5m --- a/components/php-5_3/php-tcpwrap.p5m Wed Apr 09 15:50:49 2014 -0700 +++ b/components/php-5_3/php-tcpwrap.p5m Wed Apr 09 16:18:40 2014 -0700 @@ -46,4 +46,4 @@ file path=usr/php/5.3/zts-modules/tcpwrap.so # need generic dependency on PHP itself -depend fmri=web/php-53@5.3.27 type=require +depend fmri=web/php-53@$(COMPONENT_VERSION) type=require diff -r 07964fc8b408 -r 61e6cd945591 components/php-5_3/php-xdebug.p5m --- a/components/php-5_3/php-xdebug.p5m Wed Apr 09 15:50:49 2014 -0700 +++ b/components/php-5_3/php-xdebug.p5m Wed Apr 09 16:18:40 2014 -0700 @@ -48,4 +48,4 @@ file path=usr/php/5.3/zts-modules/xdebug.so # need generic dependency on PHP itself -depend fmri=web/php-53@5.3.27 type=require +depend fmri=web/php-53@$(COMPONENT_VERSION) type=require diff -r 07964fc8b408 -r 61e6cd945591 components/php-5_3/php-zendopcache.p5m --- a/components/php-5_3/php-zendopcache.p5m Wed Apr 09 15:50:49 2014 -0700 +++ b/components/php-5_3/php-zendopcache.p5m Wed Apr 09 16:18:40 2014 -0700 @@ -40,4 +40,4 @@ license php-zendopcache.license license=PHP # need generic dependency on PHP itself -depend type=require fmri=web/php-53@5.3.27 +depend type=require fmri=web/php-53@$(COMPONENT_VERSION) diff -r 07964fc8b408 -r 61e6cd945591 components/php-common/php-common.p5m --- a/components/php-common/php-common.p5m Wed Apr 09 15:50:49 2014 -0700 +++ b/components/php-common/php-common.p5m Wed Apr 09 16:18:40 2014 -0700 @@ -18,7 +18,7 @@ # # CDDL HEADER END # -# Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved. # # Bypassing the mangler because the ATTRIBUTES section shouldn't include @@ -44,7 +44,7 @@ file php.1.sunman path=usr/share/man/man1/php.1 # if php5.2 is present drag forward because the man page moved to here -depend fmri=pkg:/web/php-52@5.2.17,$(BUILD_VERSION) type=optional +depend fmri=pkg:/web/php-52@5.2.17 type=optional # if php5.2 apache present drag forward because of php.conf file movement depend fmri=pkg:/web/server/apache-22/module/apache-php5@5.2.17-0.175.1.0.0.18 \ type=optional