Commit c3ecce54 authored by Natanael Copa's avatar Natanael Copa

main/php: security upgrade to 5.3.9 (CVE-2011-4566)

fixes #931

(cherry picked from commit 56856330)
parent 56e48968
# Contributor: Carlo Landmeter <clandmeter at gmail>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=php
pkgver=5.3.8
_suhosinver=5.3.7-0.9.10
pkgrel=1
pkgver=5.3.9
_suhosinver=$pkgver-0.9.10
pkgrel=0
pkgdesc="The PHP language runtime engine"
url="http://www.php.net/"
license="PHP-3"
......@@ -63,9 +63,9 @@ subpackages="$pkgname-dev $pkgname-doc $pkgname-cli $pkgname-pear
"
source="http://www.php.net/distributions/${pkgname}-${pkgver}.tar.bz2
suhosin-patch-${_suhosinver}.patch
http://download.suhosin.org/suhosin-patch-${_suhosinver}.patch.gz
php-install-pear-xml.patch
max_input_vars.patch
php5-module.conf
"
_extdir="/usr/lib/php/20090626"
......@@ -363,7 +363,7 @@ dev() {
mv "$pkgdir"/usr/bin/phpize "$subpkgdir"/usr/bin/
}
md5sums="704cd414a0565d905e1074ffdc1fadfb php-5.3.8.tar.bz2
8bd8840465d6bcd8e1e5d2cec80a1bfc suhosin-patch-5.3.7-0.9.10.patch
md5sums="dd3288ed5c08cd61ac5bf619cb357521 php-5.3.9.tar.bz2
c099b3d7eac95018ababd41ded7f3066 suhosin-patch-5.3.9-0.9.10.patch.gz
5111e3be06d391f8772587c675240fab php-install-pear-xml.patch
031c6fdcfbd45366fea32b697893d511 max_input_vars.patch"
67719f428f44ec004da18705cbabe2ee php5-module.conf"
Index: PHP_5_3/NEWS
===================================================================
--- PHP_5_3/NEWS (revision 321037)
+++ PHP_5_3/NEWS (revision 321038)
@@ -2,6 +2,10 @@
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? 2011, PHP 5.3.9
+- Core:
+ . Added max_input_vars directive to prevent attacks based on hash collisions
+ (Dmitry).
+
- Streams:
. Fixed bug #60455 (stream_get_line misbehaves if EOF is not detected together
with the last read). (Gustavo)
Index: PHP_5_3/main/php_variables.c
===================================================================
--- PHP_5_3/main/php_variables.c (revision 321037)
+++ PHP_5_3/main/php_variables.c (revision 321038)
@@ -191,6 +191,9 @@
}
if (zend_symtable_find(symtable1, escaped_index, index_len + 1, (void **) &gpc_element_p) == FAILURE
|| Z_TYPE_PP(gpc_element_p) != IS_ARRAY) {
+ if (zend_hash_num_elements(symtable1) >= PG(max_input_vars)) {
+ php_error_docref(NULL TSRMLS_CC, E_ERROR, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
+ }
MAKE_STD_ZVAL(gpc_element);
array_init(gpc_element);
zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
@@ -236,6 +239,9 @@
zend_symtable_exists(symtable1, escaped_index, index_len + 1)) {
zval_ptr_dtor(&gpc_element);
} else {
+ if (zend_hash_num_elements(symtable1) >= PG(max_input_vars)) {
+ php_error_docref(NULL TSRMLS_CC, E_ERROR, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
+ }
zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
}
if (escaped_index != index) {
Index: PHP_5_3/main/main.c
===================================================================
--- PHP_5_3/main/main.c (revision 321037)
+++ PHP_5_3/main/main.c (revision 321038)
@@ -512,6 +512,7 @@
STD_PHP_INI_ENTRY("post_max_size", "8M", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLong, post_max_size, sapi_globals_struct,sapi_globals)
STD_PHP_INI_ENTRY("upload_tmp_dir", NULL, PHP_INI_SYSTEM, OnUpdateStringUnempty, upload_tmp_dir, php_core_globals, core_globals)
STD_PHP_INI_ENTRY("max_input_nesting_level", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLongGEZero, max_input_nesting_level, php_core_globals, core_globals)
+ STD_PHP_INI_ENTRY("max_input_vars", "1000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLongGEZero, max_input_vars, php_core_globals, core_globals)
STD_PHP_INI_ENTRY("user_dir", NULL, PHP_INI_SYSTEM, OnUpdateString, user_dir, php_core_globals, core_globals)
STD_PHP_INI_ENTRY("variables_order", "EGPCS", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateStringUnempty, variables_order, php_core_globals, core_globals)
--- ./main/php_globals.h.orig
+++ ./main/php_globals.h
@@ -170,6 +170,9 @@
char *mail_log;
zend_bool in_error_log;
+
+ long max_input_vars;
+
};
This diff is collapsed.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment