Add fixes for http://secunia.com/advisories/37412/ from PHP's repositry. 1. CVE-2009-3292 is already fixed in 5.2.11. 2. CVE-2009-3558 http://svn.php.net/viewvc?view=revision&revision=288934 3. CVE-2009-3557 http://svn.php.net/viewvc?view=revision&revision=288945 http://svn.php.net/viewvc?view=revision&revision=288971 4. CVE-2009-4017 http://svn.php.net/viewvc?view=revision&revision=289990 http://svn.php.net/viewvc?view=revision&revision=290820 http://svn.php.net/viewvc?view=revision&revision=290885 Other pkgsrc changes: * Don't hardcord /usr/pkg in php.ini-dist and php.ini-recommended. * Add comments to some of patch files. Bump PKGREVISION.diff -r1.73 -r1.74 pkgsrc/lang/php5/Makefile
(taca)
@@ -1,17 +1,17 @@ | @@ -1,17 +1,17 @@ | |||
1 | # $NetBSD: Makefile,v 1.73 2009/10/22 14:49:06 taca Exp $ | 1 | # $NetBSD: Makefile,v 1.74 2009/11/30 06:14:08 taca Exp $ | |
2 | 2 | |||
3 | PKGNAME= php-${PHP_BASE_VERS} | 3 | PKGNAME= php-${PHP_BASE_VERS} | |
4 | PKGREVISION= 1 | 4 | PKGREVISION= 2 | |
5 | CATEGORIES= lang | 5 | CATEGORIES= lang | |
6 | HOMEPAGE= http://www.php.net/ | 6 | HOMEPAGE= http://www.php.net/ | |
7 | COMMENT= PHP Hypertext Preprocessor version 5 | 7 | COMMENT= PHP Hypertext Preprocessor version 5 | |
8 | 8 | |||
9 | TEST_TARGET= test | 9 | TEST_TARGET= test | |
10 | PKG_DESTDIR_SUPPORT= user-destdir | 10 | PKG_DESTDIR_SUPPORT= user-destdir | |
11 | 11 | |||
12 | USE_TOOLS+= gmake lex pkg-config | 12 | USE_TOOLS+= gmake lex pkg-config | |
13 | LIBTOOL_OVERRIDE= # empty | 13 | LIBTOOL_OVERRIDE= # empty | |
14 | 14 | |||
15 | PKG_OPTIONS_REQUIRED_GROUPS+= sapi | 15 | PKG_OPTIONS_REQUIRED_GROUPS+= sapi | |
16 | PKG_OPTIONS_GROUP.sapi= cgi fastcgi | 16 | PKG_OPTIONS_GROUP.sapi= cgi fastcgi | |
17 | PKG_SUGGESTED_OPTIONS+= cgi | 17 | PKG_SUGGESTED_OPTIONS+= cgi | |
@@ -27,40 +27,40 @@ CONFIGURE_ARGS+= --enable-force-cgi-redi | @@ -27,40 +27,40 @@ CONFIGURE_ARGS+= --enable-force-cgi-redi | |||
27 | CONFIGURE_ARGS+= --enable-fastcgi | 27 | CONFIGURE_ARGS+= --enable-fastcgi | |
28 | .endif | 28 | .endif | |
29 | 29 | |||
30 | CGIDIR= ${PREFIX}/libexec/cgi-bin | 30 | CGIDIR= ${PREFIX}/libexec/cgi-bin | |
31 | EGDIR= ${PREFIX}/share/examples/php | 31 | EGDIR= ${PREFIX}/share/examples/php | |
32 | MESSAGE_SUBST+= CGIDIR=${CGIDIR:Q} | 32 | MESSAGE_SUBST+= CGIDIR=${CGIDIR:Q} | |
33 | 33 | |||
34 | CONFIGURE_ENV+= lt_cv_path_SED=${SED:Q} | 34 | CONFIGURE_ENV+= lt_cv_path_SED=${SED:Q} | |
35 | MAKE_ENV+= INSTALL_ROOT=${DESTDIR:Q} | 35 | MAKE_ENV+= INSTALL_ROOT=${DESTDIR:Q} | |
36 | 36 | |||
37 | CONF_FILES= ${EGDIR}/php.ini-recommended ${PKG_SYSCONFDIR}/php.ini | 37 | CONF_FILES= ${EGDIR}/php.ini-recommended ${PKG_SYSCONFDIR}/php.ini | |
38 | OWN_DIRS= ${PREFIX}/${PHP_EXTENSION_DIR} | 38 | OWN_DIRS= ${PREFIX}/${PHP_EXTENSION_DIR} | |
39 | 39 | |||
40 | SUBST_CLASSES+= cgi | 40 | SUBST_CLASSES+= path | |
41 | SUBST_MESSAGE.cgi= Fixing CGI path. | 41 | SUBST_MESSAGE.path= Fixing common paths. | |
42 | SUBST_STAGE.cgi= pre-configure | 42 | SUBST_STAGE.path= pre-configure | |
43 | SUBST_FILES.cgi= configure | 43 | SUBST_FILES.path= configure php.ini-dist php.ini-recommended | |
44 | SUBST_SED.cgi= -e 's,@CGIDIR@,${CGIDIR},g' | 44 | SUBST_SED.path= -e 's,@CGIDIR@,${CGIDIR},g' | |
45 | SUBST_SED.path+= -e 's,@PREFIX@,${PREFIX},g' | |||
46 | ||||
47 | INSTALLATION_DIRS+= ${CGIDIR} | |||
45 | 48 | |||
46 | # Make sure modules can link correctly | 49 | # Make sure modules can link correctly | |
47 | .if ${OPSYS} == "Darwin" | 50 | .if ${OPSYS} == "Darwin" | |
48 | INSTALL_UNSTRIPPED= yes | 51 | INSTALL_UNSTRIPPED= yes | |
49 | .endif | 52 | .endif | |
50 | 53 | |||
51 | pre-install: | |||
52 | ${INSTALL_DATA_DIR} ${DESTDIR:Q}${CGIDIR:Q} | |||
53 | ||||
54 | post-install: | 54 | post-install: | |
55 | ${INSTALL_PROGRAM} ${WRKSRC}/sapi/cli/php \ | 55 | ${INSTALL_PROGRAM} ${WRKSRC}/sapi/cli/php \ | |
56 | ${DESTDIR:Q}${PREFIX:Q}/bin/php | 56 | ${DESTDIR:Q}${PREFIX:Q}/bin/php | |
57 | ${INSTALL_DATA} ${WRKSRC}/sapi/cli/php.1 \ | 57 | ${INSTALL_DATA} ${WRKSRC}/sapi/cli/php.1 \ | |
58 | ${DESTDIR:Q}${PREFIX:Q}/${PKGMANDIR}/man1/php.1 | 58 | ${DESTDIR:Q}${PREFIX:Q}/${PKGMANDIR}/man1/php.1 | |
59 | ${INSTALL_PROGRAM} ${WRKSRC}/sapi/cgi/php-cgi \ | 59 | ${INSTALL_PROGRAM} ${WRKSRC}/sapi/cgi/php-cgi \ | |
60 | ${DESTDIR:Q}${CGIDIR:Q}/php | 60 | ${DESTDIR:Q}${CGIDIR:Q}/php | |
61 | ${INSTALL_DATA_DIR} ${DESTDIR:Q}${EGDIR:Q} | 61 | ${INSTALL_DATA_DIR} ${DESTDIR:Q}${EGDIR:Q} | |
62 | cd ${WRKSRC}; ${INSTALL_DATA} php.ini-dist php.ini-recommended \ | 62 | cd ${WRKSRC}; ${INSTALL_DATA} php.ini-dist php.ini-recommended \ | |
63 | ${DESTDIR:Q}${EGDIR:Q} | 63 | ${DESTDIR:Q}${EGDIR:Q} | |
64 | ${INSTALL_DATA_DIR} ${DESTDIR:Q}${PREFIX:Q}/share/php | 64 | ${INSTALL_DATA_DIR} ${DESTDIR:Q}${PREFIX:Q}/share/php | |
65 | ${INSTALL_DATA} ${WRKSRC}/php.gif ${DESTDIR:Q}${PREFIX:Q}/share/php | 65 | ${INSTALL_DATA} ${WRKSRC}/php.gif ${DESTDIR:Q}${PREFIX:Q}/share/php | |
66 | 66 |
@@ -1,20 +1,24 @@ | @@ -1,20 +1,24 @@ | |||
1 | $NetBSD: distinfo,v 1.69 2009/10/22 14:49:06 taca Exp $ | 1 | $NetBSD: distinfo,v 1.70 2009/11/30 06:14:08 taca Exp $ | |
2 | 2 | |||
3 | SHA1 (php-5.2.11/php-5.2.11.tar.bz2) = 819c853ce657ef260d4a73b5a21f961115b97eef | 3 | SHA1 (php-5.2.11/php-5.2.11.tar.bz2) = 819c853ce657ef260d4a73b5a21f961115b97eef | |
4 | RMD160 (php-5.2.11/php-5.2.11.tar.bz2) = 6aad53dee864ab89f794a9d3c2aa32d435ed5654 | 4 | RMD160 (php-5.2.11/php-5.2.11.tar.bz2) = 6aad53dee864ab89f794a9d3c2aa32d435ed5654 | |
5 | Size (php-5.2.11/php-5.2.11.tar.bz2) = 9030787 bytes | 5 | Size (php-5.2.11/php-5.2.11.tar.bz2) = 9030787 bytes | |
6 | SHA1 (php-5.2.11/suhosin-patch-5.2.11-0.9.7.patch.gz) = 248419332131efc53f3306c2a57a4b1a9dc92cc1 | 6 | SHA1 (php-5.2.11/suhosin-patch-5.2.11-0.9.7.patch.gz) = 248419332131efc53f3306c2a57a4b1a9dc92cc1 | |
7 | RMD160 (php-5.2.11/suhosin-patch-5.2.11-0.9.7.patch.gz) = 0f6d442aace34c221f9fbff42a63e7f3b4489f15 | 7 | RMD160 (php-5.2.11/suhosin-patch-5.2.11-0.9.7.patch.gz) = 0f6d442aace34c221f9fbff42a63e7f3b4489f15 | |
8 | Size (php-5.2.11/suhosin-patch-5.2.11-0.9.7.patch.gz) = 23050 bytes | 8 | Size (php-5.2.11/suhosin-patch-5.2.11-0.9.7.patch.gz) = 23050 bytes | |
9 | SHA1 (patch-aa) = 20bc3831e435182d014b11ae9f1f6c537a21af20 | 9 | SHA1 (patch-aa) = 20bc3831e435182d014b11ae9f1f6c537a21af20 | |
10 | SHA1 (patch-ag) = 4ccb67ba6f5370b1d16b087e3e714de3e5ae604e | 10 | SHA1 (patch-ag) = 901552355a3d57d9b8e23b31cd0edfd28db8b2bb | |
11 | SHA1 (patch-ah) = c7cbd4b9ea0796ea3b7491c2cffb6ddddc518587 | 11 | SHA1 (patch-ah) = 7702da73f3a457ee381542b454d19b1f4b421e01 | |
12 | SHA1 (patch-aj) = 54812097499c81e5cb0196ab949cc86a4f24a9cc | 12 | SHA1 (patch-aj) = 54812097499c81e5cb0196ab949cc86a4f24a9cc | |
13 | SHA1 (patch-al) = 0ee37782cc0d3bf5ede1a583de0589c2c1316b50 | 13 | SHA1 (patch-al) = 0ee37782cc0d3bf5ede1a583de0589c2c1316b50 | |
14 | SHA1 (patch-an) = 8f4174627b8cb5f8bfbc59413c95f71e26b9e602 | 14 | SHA1 (patch-an) = 8f4174627b8cb5f8bfbc59413c95f71e26b9e602 | |
15 | SHA1 (patch-ap) = 5eb0e0e4244a993da93e36f8fcb5553454207fce | 15 | SHA1 (patch-ap) = 5eb0e0e4244a993da93e36f8fcb5553454207fce | |
16 | SHA1 (patch-aq) = 0c9d48547da2fa80aa8357d23ad8505d1c0330df | 16 | SHA1 (patch-aq) = 0c9d48547da2fa80aa8357d23ad8505d1c0330df | |
17 | SHA1 (patch-ar) = 2d74ec926cc00bfbb67d16210af78c33ad9ac38d | 17 | SHA1 (patch-ar) = 2d74ec926cc00bfbb67d16210af78c33ad9ac38d | |
18 | SHA1 (patch-as) = f7ce5caffe2acdd1f8e9fc8ae6c7ba1d8c6a25c1 | 18 | SHA1 (patch-as) = f7ce5caffe2acdd1f8e9fc8ae6c7ba1d8c6a25c1 | |
19 | SHA1 (patch-ay) = c2667dd398c1c58e55f459f2df02613dc028e9cc | 19 | SHA1 (patch-ay) = 7ae502db6574a91fcbb487d37c14a5de644b01b6 | |
20 | SHA1 (patch-az) = ebdd76b8a5e6cf853b467a67fc6c8948a91d822a | 20 | SHA1 (patch-az) = 04e69038e693cc72fb0f67ce04dd1778dacb1756 | |
21 | SHA1 (patch-ba) = d9483f61b19c297eced12ae3d84d5163e33327b4 | |||
22 | SHA1 (patch-bb) = abbc8747e520d3665d3bcccf9c87741ecc6dc210 | |||
23 | SHA1 (patch-bc) = 9cb2e7fcd6f91d3382a69d68a80d72fdb8fbf2a7 | |||
24 | SHA1 (patch-bd) = 85c891ada42c062b365051b43a3b53c33fa39a92 |
@@ -1,25 +1,44 @@ | @@ -1,25 +1,44 @@ | |||
1 | $NetBSD: patch-ag,v 1.2 2006/02/06 06:39:59 martti Exp $ | 1 | $NetBSD: patch-ag,v 1.3 2009/11/30 06:14:08 taca Exp $ | |
2 | 2 | |||
3 | --- php.ini-dist.orig 2005-12-30 19:15:55.000000000 +0200 | 3 | * Ajust for pkgsrc. | |
4 | +++ php.ini-dist 2006-02-05 15:36:13.000000000 +0200 | 4 | * Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017: | |
5 | @@ -457,8 +457,9 @@ | 5 | http://svn.php.net/viewvc?view=revision&revision=289990 | |
6 | ||||
7 | --- php.ini-dist.orig 2009-02-14 01:55:18.000000000 +0900 | |||
8 | +++ php.ini-dist | |||
9 | @@ -471,7 +471,7 @@ default_mimetype = "text/html" | |||
10 | ;;;;;;;;;;;;;;;;;;;;;;;;; | |||
11 | ||||
12 | ; UNIX: "/path1:/path2" | |||
13 | -;include_path = ".:/php/includes" | |||
14 | +include_path = ".:@PREFIX@/lib/php" | |||
15 | ; | |||
16 | ; Windows: "\path1;\path2" | |||
17 | ;include_path = ".;c:\php\includes" | |||
18 | @@ -487,8 +487,9 @@ doc_root = | |||
6 | ; if nonempty. | 19 | ; if nonempty. | |
7 | user_dir = | 20 | user_dir = | |
8 | 21 | |||
9 | -; Directory in which the loadable extensions (modules) reside. | 22 | -; Directory in which the loadable extensions (modules) reside. | |
10 | -extension_dir = "./" | 23 | -extension_dir = "./" | |
11 | +; Directory in which the loadable extensions (modules) reside. If not | 24 | +; Directory in which the loadable extensions (modules) reside. If not | |
12 | +; defined, then use the extension directory specified at compile-time. | 25 | +; defined, then use the extension directory specified at compile-time. | |
13 | +; extension_dir = "./" | 26 | +; extension_dir = "./" | |
14 | 27 | |||
15 | ; Whether or not to enable the dl() function. The dl() function does NOT work | 28 | ; Whether or not to enable the dl() function. The dl() function does NOT work | |
16 | ; properly in multithreaded servers, such as IIS or Zeus, and is automatically | 29 | ; properly in multithreaded servers, such as IIS or Zeus, and is automatically | |
17 | @@ -508,7 +509,7 @@ | 30 | @@ -546,11 +547,13 @@ file_uploads = On | |
18 | 31 | |||
19 | ; Temporary directory for HTTP uploaded files (will use system default if not | 32 | ; Temporary directory for HTTP uploaded files (will use system default if not | |
20 | ; specified). | 33 | ; specified). | |
21 | -;upload_tmp_dir = | 34 | -;upload_tmp_dir = | |
22 | +upload_tmp_dir = /tmp | 35 | +upload_tmp_dir = /tmp | |
23 | 36 | |||
24 | ; Maximum allowed size for uploaded files. | 37 | ; Maximum allowed size for uploaded files. | |
25 | upload_max_filesize = 2M | 38 | upload_max_filesize = 2M | |
39 | ||||
40 | +; Maximum number of files that can be uploaded via a single request | |||
41 | +max_file_uploads = 100 | |||
42 | ||||
43 | ;;;;;;;;;;;;;;;;;; | |||
44 | ; Fopen wrappers ; |
@@ -1,25 +1,44 @@ | @@ -1,25 +1,44 @@ | |||
1 | $NetBSD: patch-ah,v 1.1 2005/12/06 08:32:22 jdolecek Exp $ | 1 | $NetBSD: patch-ah,v 1.2 2009/11/30 06:14:08 taca Exp $ | |
2 | 2 | |||
3 | --- php.ini-recommended.orig 2005-11-15 00:14:23.000000000 +0100 | 3 | * Ajust for pkgsrc. | |
4 | * Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017: | |||
5 | http://svn.php.net/viewvc?view=revision&revision=289990 | |||
6 | ||||
7 | --- php.ini-recommended.orig 2009-03-02 13:44:35.000000000 +0900 | |||
4 | +++ php.ini-recommended | 8 | +++ php.ini-recommended | |
5 | @@ -515,8 +515,9 @@ doc_root = | 9 | @@ -522,7 +522,7 @@ default_mimetype = "text/html" | |
10 | ;;;;;;;;;;;;;;;;;;;;;;;;; | |||
11 | ||||
12 | ; UNIX: "/path1:/path2" | |||
13 | -;include_path = ".:/php/includes" | |||
14 | +include_path = ".:@PREFIX@/lib/php" | |||
15 | ; | |||
16 | ; Windows: "\path1;\path2" | |||
17 | ;include_path = ".;c:\php\includes" | |||
18 | @@ -538,8 +538,9 @@ doc_root = | |||
6 | ; if nonempty. | 19 | ; if nonempty. | |
7 | user_dir = | 20 | user_dir = | |
8 | 21 | |||
9 | -; Directory in which the loadable extensions (modules) reside. | 22 | -; Directory in which the loadable extensions (modules) reside. | |
10 | -extension_dir = "./" | 23 | -extension_dir = "./" | |
11 | +; Directory in which the loadable extensions (modules) reside. If not | 24 | +; Directory in which the loadable extensions (modules) reside. If not | |
12 | +; defined, then use the extension directory specified at compile-time. | 25 | +; defined, then use the extension directory specified at compile-time. | |
13 | +; extension_dir = "./" | 26 | +; extension_dir = "./" | |
14 | 27 | |||
15 | ; Whether or not to enable the dl() function. The dl() function does NOT work | 28 | ; Whether or not to enable the dl() function. The dl() function does NOT work | |
16 | ; properly in multithreaded servers, such as IIS or Zeus, and is automatically | 29 | ; properly in multithreaded servers, such as IIS or Zeus, and is automatically | |
17 | @@ -566,7 +567,7 @@ file_uploads = On | 30 | @@ -597,11 +598,13 @@ file_uploads = On | |
18 | 31 | |||
19 | ; Temporary directory for HTTP uploaded files (will use system default if not | 32 | ; Temporary directory for HTTP uploaded files (will use system default if not | |
20 | ; specified). | 33 | ; specified). | |
21 | -;upload_tmp_dir = | 34 | -;upload_tmp_dir = | |
22 | +upload_tmp_dir = /tmp | 35 | +upload_tmp_dir = /tmp | |
23 | 36 | |||
24 | ; Maximum allowed size for uploaded files. | 37 | ; Maximum allowed size for uploaded files. | |
25 | upload_max_filesize = 2M | 38 | upload_max_filesize = 2M | |
39 | ||||
40 | +; Maximum number of files that can be uploaded via a single request | |||
41 | +max_file_uploads = 100 | |||
42 | ||||
43 | ;;;;;;;;;;;;;;;;;; | |||
44 | ; Fopen wrappers ; |
@@ -1,17 +1,17 @@ | @@ -1,17 +1,17 @@ | |||
1 | $NetBSD: patch-ay,v 1.1 2009/10/22 14:37:47 taca Exp $ | 1 | $NetBSD: patch-ay,v 1.2 2009/11/30 06:14:08 taca Exp $ | |
2 | 2 | |||
3 | * Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546 | 3 | * Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546 | |
4 | from PHP's SVN repositry r289557. | 4 | http://svn.php.net/viewvc?view=revision&revision=289557 | |
5 | 5 | |||
6 | --- ext/gd/libgd/gd_gd.c.orig 2007-08-09 23:21:38.000000000 +0900 | 6 | --- ext/gd/libgd/gd_gd.c.orig 2007-08-09 23:21:38.000000000 +0900 | |
7 | +++ ext/gd/libgd/gd_gd.c | 7 | +++ ext/gd/libgd/gd_gd.c | |
8 | @@ -39,6 +39,9 @@ int _gdGetColors (gdIOCtx * in, gdImageP | 8 | @@ -39,6 +39,9 @@ int _gdGetColors (gdIOCtx * in, gdImageP | |
9 | if (!gdGetWord(&im->colorsTotal, in)) { | 9 | if (!gdGetWord(&im->colorsTotal, in)) { | |
10 | goto fail1; | 10 | goto fail1; | |
11 | } | 11 | } | |
12 | + if (im->colorsTotal > gdMaxColors) { | 12 | + if (im->colorsTotal > gdMaxColors) { | |
13 | + goto fail1; | 13 | + goto fail1; | |
14 | + } | 14 | + } | |
15 | } | 15 | } | |
16 | /* Int to accommodate truecolor single-color transparency */ | 16 | /* Int to accommodate truecolor single-color transparency */ | |
17 | if (!gdGetInt(&im->transparent, in)) { | 17 | if (!gdGetInt(&im->transparent, in)) { |
@@ -1,16 +1,21 @@ | @@ -1,16 +1,21 @@ | |||
1 | $NetBSD$ | 1 | $NetBSD$ | |
2 | 2 | |||
3 | * Fix for htmlspecialchars(): r289411, r289554, r289565, r289567, r289605. | 3 | * Fix for htmlspecialchars(): | |
4 | http://svn.php.net/viewvc?view=revision&revision=289411 | |||
5 | http://svn.php.net/viewvc?view=revision&revision=289554 | |||
6 | http://svn.php.net/viewvc?view=revision&revision=289565 | |||
7 | http://svn.php.net/viewvc?view=revision&revision=289567 | |||
8 | http://svn.php.net/viewvc?view=revision&revision=289605 | |||
4 | 9 | |||
5 | --- ext/standard/html.c.orig 2008-12-31 20:17:49.000000000 +0900 | 10 | --- ext/standard/html.c.orig 2008-12-31 20:17:49.000000000 +0900 | |
6 | +++ ext/standard/html.c | 11 | +++ ext/standard/html.c | |
7 | @@ -484,15 +484,31 @@ struct basic_entities_dec { | 12 | @@ -484,15 +484,31 @@ struct basic_entities_dec { | |
8 | } \ | 13 | } \ | |
9 | mbseq[mbpos++] = (mbchar); } | 14 | mbseq[mbpos++] = (mbchar); } | |
10 | 15 | |||
11 | -#define CHECK_LEN(pos, chars_need) \ | 16 | -#define CHECK_LEN(pos, chars_need) \ | |
12 | - if((str_len - (pos)) < chars_need) { \ | 17 | - if((str_len - (pos)) < chars_need) { \ | |
13 | - *status = FAILURE; \ | 18 | - *status = FAILURE; \ | |
14 | - return 0; \ | 19 | - return 0; \ | |
15 | +/* skip one byte and return */ | 20 | +/* skip one byte and return */ | |
16 | +#define MB_FAILURE(pos) do { \ | 21 | +#define MB_FAILURE(pos) do { \ |
$NetBSD: patch-ba,v 1.1 2009/11/30 06:14:08 taca Exp $
Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3558:
http://svn.php.net/viewvc?view=revision&revision=288934
--- ext/posix/posix.c.orig 2009-08-06 20:11:15.000000000 +0900
+++ ext/posix/posix.c
@@ -679,7 +679,8 @@ PHP_FUNCTION(posix_mkfifo)
RETURN_FALSE;
}
- if (PG(safe_mode) && (!php_checkuid(path, NULL, CHECKUID_ALLOW_ONLY_DIR))) {
+ if (php_check_open_basedir_ex(path, 0 TSRMLS_CC) ||
+ (PG(safe_mode) && (!php_checkuid(path, NULL, CHECKUID_ALLOW_ONLY_DIR))) {
RETURN_FALSE;
}
$NetBSD: patch-bb,v 1.1 2009/11/30 06:14:08 taca Exp $
Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3557:
http://svn.php.net/viewvc?view=revision&revision=288945
http://svn.php.net/viewvc?view=revision&revision=288971
--- ext/standard/file.c.orig 2009-11-30 10:04:51.000000000 +0900
+++ ext/standard/file.c
@@ -838,6 +838,10 @@ PHP_FUNCTION(tempnam)
convert_to_string_ex(arg1);
convert_to_string_ex(arg2);
+ if (PG(safe_mode) &&(!php_checkuid(Z_STRVAL_PP(arg1), NULL, CHECKUID_ALLOW_ONLY_DIR))) {
+ RETURN_FALSE;
+ }
+
if (php_check_open_basedir(Z_STRVAL_PP(arg1) TSRMLS_CC)) {
RETURN_FALSE;
}
$NetBSD: patch-bc,v 1.1 2009/11/30 06:14:08 taca Exp $
Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017:
http://svn.php.net/viewvc?view=revision&revision=289990
--- main/main.c.orig 2009-11-30 10:04:51.000000000 +0900
+++ main/main.c
@@ -455,6 +455,7 @@ PHP_INI_BEGIN()
PHP_INI_ENTRY("mail.force_extra_parameters",NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnChangeMailForceExtra)
PHP_INI_ENTRY("disable_functions", "", PHP_INI_SYSTEM, NULL)
PHP_INI_ENTRY("disable_classes", "", PHP_INI_SYSTEM, NULL)
+ PHP_INI_ENTRY("max_file_uploads", "100", PHP_INI_SYSTEM, NULL)
STD_PHP_INI_BOOLEAN("allow_url_fopen", "1", PHP_INI_SYSTEM, OnUpdateBool, allow_url_fopen, php_core_globals, core_globals)
STD_PHP_INI_BOOLEAN("allow_url_include", "0", PHP_INI_SYSTEM, OnUpdateBool, allow_url_include, php_core_globals, core_globals)
$NetBSD: patch-bd,v 1.1 2009/11/30 06:14:08 taca Exp $
Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017:
http://svn.php.net/viewvc?view=revision&revision=289990
http://svn.php.net/viewvc?view=revision&revision=290820
http://svn.php.net/viewvc?view=revision&revision=290885
--- main/rfc1867.c.orig 2008-12-31 20:17:49.000000000 +0900
+++ main/rfc1867.c
@@ -32,6 +32,7 @@
#include "php_globals.h"
#include "php_variables.h"
#include "rfc1867.h"
+#include "php_ini.h"
#define DEBUG_FILE_UPLOAD ZEND_DEBUG
@@ -794,8 +795,9 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_
zend_llist header;
void *event_extra_data = NULL;
int llen = 0;
+ int upload_cnt = INI_INT("max_file_uploads");
- if (SG(request_info).content_length > SG(post_max_size)) {
+ if (SG(post_max_size) > 0 && SG(request_info).content_length > SG(post_max_size)) {
sapi_module.sapi_error(E_WARNING, "POST Content-Length of %ld bytes exceeds the limit of %ld bytes", SG(request_info).content_length, SG(post_max_size));
return;
}
@@ -972,6 +974,9 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_
/* If file_uploads=off, skip the file part */
if (!PG(file_uploads)) {
skip_upload = 1;
+ } else if (upload_cnt <= 0) {
+ skip_upload = 1;
+ sapi_module.sapi_error(E_WARNING, "Maximum number of allowable file uploads has been exceeded");
}
/* Return with an error if the posted data is garbled */
@@ -1016,6 +1021,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_
if (!skip_upload) {
/* Handle file */
fd = php_open_temporary_fd_ex(PG(upload_tmp_dir), "php", &temp_filename, 1 TSRMLS_CC);
+ upload_cnt--;
if (fd==-1) {
sapi_module.sapi_error(E_WARNING, "File upload error - unable to create a temporary file");
cancel_upload = UPLOAD_ERROR_E;