commit php5

29 May 2006

Hello community,

here is the log from the commit of package php5
checked in at Mon May 29 12:55:56 CEST 2006.

--------

--- php5/php5.changes	2006-05-03 15:19:00.000000000 +0200
+++ php5/php5.changes	2006-05-26 17:16:47.000000000 +0200
@@ -1,0 +2,11 @@
+Thu May 11 12:55:32 CEST 2006 - postadal@suse.cz
+
+- fixed memory leak in imagecreatefromgif() 
+  [#173451] (phpbug-37346.patch)
+- fixed possibility of a wrong element being deleted by zend_hash_del() 
+  [#175976] (zend_hash_del.patch)
+- fixed substr_compare() when offset equals string length 
+  [#169038, php#37394] (CVE-2006-1991, phpbug-37394.patch)
+- fixed _emalloc() on 64bit archs [#169038] (emalloc.patch)
+
+-------------------------------------------------------------------

New:
----
  php-5.1.2-emalloc.patch
  php-5.1.2-phpbug-37346.patch
  php-5.1.2-phpbug-37394.patch
  php-5.1.2-zend_hash_del.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ php5.spec ++++++
--- /var/tmp/diff_new_pack.wx6GFq/_old	2006-05-29 12:55:15.000000000 +0200
+++ /var/tmp/diff_new_pack.wx6GFq/_new	2006-05-29 12:55:15.000000000 +0200
@@ -30,7 +30,7 @@
 ###
 ###
 Version:        5.1.2
-Release:        28
+Release:        29
 License:        Other uncritical OpenSource License, Other License(s), see package
 Group:          Productivity/Networking/Web/Servers
 Provides:       php zend  php-xml php-spl php-simplexml php-session php-pcre
@@ -88,6 +88,10 @@
 Patch49:        php-%{version}-CVE-2006-1017.patch
 Patch50:        php-%{version}-phpbug-37257.patch
 Patch51:        php-%{version}-phpbug-37276.patch
+Patch52:        php-%{version}-phpbug-37346.patch
+Patch53:        php-%{version}-zend_hash_del.patch
+Patch54:        php-%{version}-phpbug-37394.patch
+Patch55:        php-%{version}-emalloc.patch
 URL:            http://www.php.net
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Icon:         php5.xpm
@@ -1469,6 +1473,10 @@
 %patch49
 %patch50
 %patch51
+%patch52
+%patch53
+%patch54
+%patch55
 # we build three SAPI
 mkdir -p build-apache2
 mkdir -p build-fastcgi/sapi/cgi/libfcgi
@@ -2007,6 +2015,14 @@
 %config(noreplace) %{php_sysconf}/conf.d/zlib.ini
 
 %changelog -n php5
+* Thu May 11 2006 - postadal@suse.cz
+- fixed memory leak in imagecreatefromgif()
+  [#173451] (phpbug-37346.patch)
+- fixed possibility of a wrong element being deleted by zend_hash_del()
+  [#175976] (zend_hash_del.patch)
+- fixed substr_compare() when offset equals string length
+  [#169038, php#37394] (CVE-2006-1991, phpbug-37394.patch)
+- fixed _emalloc() on 64bit archs [#169038] (emalloc.patch)
 * Wed May 03 2006 - postadal@suse.cz
 - fixed completely broken SplTempFileObject [php#37257]
   (phpbug-37257.patch)

++++++ php-5.1.2-emalloc.patch ++++++
--- Zend/zend_alloc.c
+++ Zend/zend_alloc.c
@@ -126,8 +126,8 @@
 #endif
 
 #define DECLARE_CACHE_VARS()	\
-	unsigned int real_size;		\
-	unsigned int cache_index
+	size_t real_size;		\
+	size_t cache_index
 
 #define REAL_SIZE(size) ((size+7) & ~0x7)
 
++++++ php-5.1.2-phpbug-37276.patch ++++++
--- /var/tmp/diff_new_pack.wx6GFq/_old	2006-05-29 12:55:16.000000000 +0200
+++ /var/tmp/diff_new_pack.wx6GFq/_new	2006-05-29 12:55:16.000000000 +0200
@@ -1,6 +1,6 @@
---- main/php_variables.c	2006/04/18 06:58:54	1.126
-+++ main/php_variables.c	2006/05/03 11:24:51	1.127
-@@ -177,7 +177,7 @@
+--- main/php_variables.c	2006/04/18 06:58:43	1.104.2.9
++++ main/php_variables.c	2006/05/03 11:24:29	1.104.2.10
+@@ -178,7 +178,7 @@
  				is_array = 1;
  				*ip = 0;
  			} else {

++++++ php-5.1.2-phpbug-37346.patch ++++++
--- ext/gd/libgd/gd_gif_in.c	2005/09/24 14:39:16	1.5.4.2
+++ ext/gd/libgd/gd_gif_in.c	2006/05/08 11:56:14	1.5.4.4
@@ -44,7 +44,7 @@
 #define LOCALCOLORMAP  0x80
 #define BitSet(byte, bit)      (((byte) & (bit)) == (bit))
 
-#define        ReadOK(file,buffer,len) (gdGetBuf(buffer, len, file) != 0)
+#define        ReadOK(file,buffer,len) (gdGetBuf(buffer, len, file) > 0)
 
 #define LM_to_uint(a,b)                        (((b)<<8)|(a))
 
@@ -147,6 +147,9 @@
        Background      = buf[5];
        AspectRatio     = buf[6];
 
+		imw = LM_to_uint(buf[0],buf[1]);
+		imh = LM_to_uint(buf[2],buf[3]);
+
        if (BitSet(buf[4], LOCALCOLORMAP)) {    /* Global Colormap */
                if (ReadColorMap(fd, BitPixel, ColorMap)) {
 			return 0;
@@ -182,16 +185,18 @@
 
                bitPixel = 1<<((buf[8]&0x07)+1);
 
-               imw = LM_to_uint(buf[4],buf[5]);
-               imh = LM_to_uint(buf[6],buf[7]);
-	       if (!(im = gdImageCreate(imw, imh))) {
-			 return 0;
-	       }
-               im->interlace = BitSet(buf[8], INTERLACE);
+
                if (! useGlobalColormap) {
                        if (ReadColorMap(fd, bitPixel, localColorMap)) {
                                  return 0;
                        }
+			   }
+
+			   if (!(im = gdImageCreate(imw, imh))) {
+				   return 0;
+			   }
+               im->interlace = BitSet(buf[8], INTERLACE);
+               if (! useGlobalColormap) {
                        ReadImage(im, fd, imw, imh, localColorMap,
                                  BitSet(buf[8], INTERLACE));
                                  /*1.4//imageCount != imageNumber); */
++++++ php-5.1.2-phpbug-37394.patch ++++++
--- ext/standard/string.c	2006/03/13 14:37:10	1.445.2.10
+++ ext/standard/string.c	2006/05/10 13:07:15	1.445.2.14.2.1
@@ -18,7 +18,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: string.c,v 1.445.2.10 2006/03/13 14:37:10 iliaa Exp $ */
+/* $Id: string.c,v 1.445.2.14.2.1 2006/05/10 13:07:15 iliaa Exp $ */
 
 /* Synced with php 3.0 revision 1.193 1999-06-16 [ssb] */
 
@@ -4474,7 +4474,7 @@
 	if (ac > 2) {
 		convert_to_long_ex(offset);
 		if (Z_LVAL_PP(offset) < 0) {
-			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Offset should be greater then or equal to 0.");
+			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Offset should be greater than or equal to 0.");
 			RETURN_FALSE;		
 		}
 		p += Z_LVAL_PP(offset);
@@ -4884,13 +4884,19 @@
 		RETURN_FALSE;
 	}
 
-	if (len && offset >= s1_len) {
-		php_error_docref(NULL TSRMLS_CC, E_WARNING, "The start position cannot exceed initial string length.");
+	if (ZEND_NUM_ARGS() >= 4 && len <= 0) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "The length must be greater than zero");
 		RETURN_FALSE;
 	}
 
 	if (offset < 0) {
 		offset = s1_len + offset;
+		offset = (offset < 0) ? 0 : offset;
+	}
+
+	if ((offset + len) > s1_len) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "The start position cannot exceed initial string length");
+		RETURN_FALSE;
 	}
 
 	cmp_len = (uint) (len ? len : MAX(s2_len, (s1_len - offset)));
++++++ php-5.1.2-zend_hash_del.patch ++++++
--- Zend/zend_hash.c	2006/01/04 23:53:04	1.121.2.1
+++ Zend/zend_hash.c	2006/02/06 20:37:11	1.121.2.3
@@ -17,7 +17,7 @@
    +----------------------------------------------------------------------+
 */
 
-/* $Id: zend_hash.c,v 1.121.2.1 2006/01/04 23:53:04 andi Exp $ */
+/* $Id: zend_hash.c,v 1.121.2.3 2006/02/06 20:37:11 tony2001 Exp $ */
 
 #include "zend.h"
 
@@ -461,8 +461,10 @@
 
 	p = ht->arBuckets[nIndex];
 	while (p != NULL) {
-		if ((p->h == h) && ((p->nKeyLength == 0) || /* Numeric index */
-			((p->nKeyLength == nKeyLength) && (!memcmp(p->arKey, arKey, nKeyLength))))) {
+		if ((p->h == h) 
+			 && (p->nKeyLength == nKeyLength)
+			 && ((p->nKeyLength == 0) /* Numeric index (short circuits the memcmp() check) */
+				 || !memcmp(p->arKey, arKey, nKeyLength))) { /* String index */
 			HANDLE_BLOCK_INTERRUPTIONS();
 			if (p == ht->arBuckets[nIndex]) {
 				ht->arBuckets[nIndex] = p->pNext;
@@ -1259,7 +1261,7 @@
 
 ZEND_API int zend_hash_compare(HashTable *ht1, HashTable *ht2, compare_func_t compar, zend_bool ordered TSRMLS_DC)
 {
-	Bucket *p1, *p2;
+	Bucket *p1, *p2 = NULL;
 	int result;
 	void *pData2;
 


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Remember to have fun...

    

root＠suse.de

tags

participants (1)