rpms/php/FC-5 php-5.1.2-CVE-2006-0996.patch, NONE, 1.1 php.spec, 1.108, 1.109
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Apr 19 15:09:56 UTC 2006
Author: jorton
Update of /cvs/dist/rpms/php/FC-5
In directory cvs.devel.redhat.com:/tmp/cvs-serv6154
Modified Files:
php.spec
Added Files:
php-5.1.2-CVE-2006-0996.patch
Log Message:
* Wed Apr 19 2006 Joe Orton <jorton at redhat.com> 5.1.2-5.2
- add security fixes from upstream:
* phpinfo() XSS with long input (CVE-2006-0996)
* binary safeness in html_decode (CVE-2006-1490)
php-5.1.2-CVE-2006-0996.patch:
info.c | 36 +++++++++++++++++-------------------
1 files changed, 17 insertions(+), 19 deletions(-)
--- NEW FILE php-5.1.2-CVE-2006-0996.patch ---
Revision 1.249.2.8
Thu Mar 30 19:16:12 2006 UTC (2 weeks, 5 days ago) by iliaa
Branch: PHP_5_1
Changes since 1.249.2.7: +18 -20 lines
Fixed XSS inside phpinfo() with long inputs.
--- php-5.1.2/ext/standard/info.c.cve0996
+++ php-5.1.2/ext/standard/info.c
@@ -58,6 +58,21 @@
PHPAPI extern char *php_ini_opened_path;
PHPAPI extern char *php_ini_scanned_files;
+
+static int php_info_write_wrapper(const char *str, uint str_length)
+{
+ TSRMLS_FETCH();
+
+ int new_len, written;
+ char *elem_esc = php_escape_html_entities((char *)str, str_length, &new_len, 0, ENT_QUOTES, NULL TSRMLS_CC);
+
+ written = php_body_write(elem_esc, new_len TSRMLS_CC);
+
+ efree(elem_esc);
+
+ return written;
+}
+
/* {{{ _display_module_info
*/
@@ -135,30 +150,13 @@
PUTS(" => ");
}
if (Z_TYPE_PP(tmp) == IS_ARRAY) {
- zval *tmp3;
-
- MAKE_STD_ZVAL(tmp3);
-
if (!sapi_module.phpinfo_as_text) {
PUTS("<pre>");
- }
- php_start_ob_buffer(NULL, 4096, 1 TSRMLS_CC);
-
- zend_print_zval_r(*tmp, 0 TSRMLS_CC);
-
- php_ob_get_buffer(tmp3 TSRMLS_CC);
- php_end_ob_buffer(0, 0 TSRMLS_CC);
-
- if (!sapi_module.phpinfo_as_text) {
- elem_esc = php_info_html_esc(Z_STRVAL_P(tmp3) TSRMLS_CC);
- PUTS(elem_esc);
- efree(elem_esc);
+ zend_print_zval_ex((zend_write_func_t) php_info_write_wrapper, *tmp, 0 TSRMLS_CC);
PUTS("</pre>");
} else {
- PUTS(Z_STRVAL_P(tmp3));
+ zend_print_zval_r(*tmp, 0 TSRMLS_CC);
}
- zval_ptr_dtor(&tmp3);
-
} else if (Z_TYPE_PP(tmp) != IS_STRING) {
tmp2 = **tmp;
zval_copy_ctor(&tmp2);
Index: php.spec
===================================================================
RCS file: /cvs/dist/rpms/php/FC-5/php.spec,v
retrieving revision 1.108
retrieving revision 1.109
diff -u -r1.108 -r1.109
--- php.spec 7 Apr 2006 10:09:33 -0000 1.108
+++ php.spec 19 Apr 2006 15:09:52 -0000 1.109
@@ -4,7 +4,7 @@
Summary: The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor)
Name: php
Version: 5.1.2
-Release: 5.1
+Release: 5.2
License: The PHP License
Group: Development/Languages
URL: http://www.php.net/
@@ -31,6 +31,10 @@
Patch50: php-5.0.4-tests-dashn.patch
Patch51: php-5.0.4-tests-wddx.patch
+# Security fixes
+Patch70: php-5.1.2-CVE-2006-0996.patch
+Patch71: php-5.1.2-CVE-2006-1490.patch
+
BuildRoot: %{_tmppath}/%{name}-root
BuildRequires: bzip2-devel, curl-devel >= 7.9, db4-devel, expat-devel
@@ -274,6 +278,9 @@
%patch50 -p1 -b .tests-dashn
%patch51 -p1 -b .tests-wddx
+%patch70 -p1 -b .cve0996
+%patch71 -p1 -b .cve1490
+
# Prevent %%doc confusion over LICENSE files
cp Zend/LICENSE Zend/ZEND_LICENSE
cp TSRM/LICENSE TSRM_LICENSE
@@ -561,6 +568,11 @@
%files pdo -f files.pdo
%changelog
+* Wed Apr 19 2006 Joe Orton <jorton at redhat.com> 5.1.2-5.2
+- add security fixes from upstream:
+ * phpinfo() XSS with long input (CVE-2006-0996)
+ * binary safeness in html_decode (CVE-2006-1490)
+
* Fri Apr 7 2006 Joe Orton <jorton at redhat.com> 5.1.2-5.1
- fix use of LDAP on 64-bit platforms (#181518)
More information about the fedora-cvs-commits
mailing list