Hello community, here is the log from the commit of package php5 for openSUSE:11.3 checked in at Wed Sep 7 15:54:06 CEST 2011. -------- --- old-versions/11.3/UPDATES/all/php5/php5.changes 2011-05-26 16:46:50.000000000 +0200 +++ 11.3/php5/php5.changes 2011-09-05 17:23:21.000000000 +0200 @@ -1,0 +2,16 @@ +Mon Sep 5 11:05:50 UTC 2011 - pgajdos@suse.com + +- security update: + CVE-2011-3268 [bnc#715646] +- allow uploading files bigger than 2GB for 64bit systems + [bnc#709549] + * 64-bit-post-large-files.patch + +------------------------------------------------------------------- +Thu Jun 30 14:08:37 UTC 2011 - pgajdos@novell.com + +- security update: + * CVE-2011-2483 [bnc#701491] + * CVE-2011-2202 [bnc#699711] + +------------------------------------------------------------------- calling whatdependson for 11.3-i586 New: ---- php-5.3.3-64-bit-post-large-files.patch php-5.3.3-CVE-2011-2202.patch php-5.3.3-CVE-2011-2483-standard.patch php-5.3.3-CVE-2011-2483-suhosin.patch php-5.3.3-CVE-2011-3268.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ php5.spec ++++++ --- /var/tmp/diff_new_pack.RXGKPa/_old 2011-09-07 15:53:04.000000000 +0200 +++ /var/tmp/diff_new_pack.RXGKPa/_new 2011-09-07 15:53:04.000000000 +0200 @@ -77,7 +77,7 @@ ### ### Version: 5.3.3 -Release: 0.<RELEASE19> +Release: 0.<RELEASE21> License: The PHP License, version 3.01 Group: Development/Languages/Other Provides: php zend php-xml php-spl php-simplexml php-session php-pcre php-date php-reflection php-filter @@ -140,6 +140,11 @@ Patch49: php-5.3.3-CVE-2011-1469.patch Patch50: php-5.3.3-CVE-2011-1148.patch Patch51: php5-5.3.3-CVE-2011-1938.patch +Patch52: php-5.3.3-CVE-2011-2483-standard.patch +Patch53: php-5.3.3-CVE-2011-2483-suhosin.patch +Patch54: php-5.3.3-CVE-2011-2202.patch +Patch55: php-5.3.3-CVE-2011-3268.patch +Patch56: php-5.3.3-64-bit-post-large-files.patch Url: http://www.php.net BuildRoot: %{_tmppath}/%{name}-%{version}-build Summary: PHP5 Core Files @@ -1249,6 +1254,11 @@ %patch49 %patch50 %patch51 +%patch52 +%patch53 +%patch54 +%patch55 +%patch56 -p1 # we build three SAPI %{__mkdir_p} build-apache2 %{__mkdir_p} build-fastcgi/sapi/cgi/libfcgi ++++++ php-5.3.3-64-bit-post-large-files.patch ++++++ Index: php-5.3.5/main/rfc1867.c =================================================================== --- php-5.3.5.orig/main/rfc1867.c +++ php-5.3.5/main/rfc1867.c @@ -764,7 +764,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_ { char *boundary, *s = NULL, *boundary_end = NULL, *start_arr = NULL, *array_index = NULL; char *temp_filename = NULL, *lbuf = NULL, *abuf = NULL; - int boundary_len = 0, total_bytes = 0, cancel_upload = 0, is_arr_upload = 0, array_len = 0; + long total_bytes = 0; int boundary_len = 0, cancel_upload = 0, is_arr_upload = 0, array_len = 0; int max_file_size = 0, skip_upload = 0, anonindex = 0, is_anonymous; zval *http_post_files = NULL; HashTable *uploaded_files = NULL; Index: php-5.3.5/main/SAPI.h =================================================================== --- php-5.3.5.orig/main/SAPI.h +++ php-5.3.5/main/SAPI.h @@ -82,7 +82,7 @@ typedef struct { char *post_data, *raw_post_data; char *cookie_data; long content_length; - uint post_data_length, raw_post_data_length; + uint IGNORE_post_data_length, IGNORE_raw_post_data_length; char *path_translated; char *request_uri; @@ -113,6 +113,7 @@ typedef struct { int argc; char **argv; int proto_num; + long post_data_length, raw_post_data_length; } sapi_request_info; @@ -120,7 +121,7 @@ typedef struct _sapi_globals_struct { void *server_context; sapi_request_info request_info; sapi_headers_struct sapi_headers; - int read_post_bytes; + long read_post_bytes; unsigned char headers_sent; struct stat global_stat; char *default_mimetype; Index: php-5.3.5/sapi/apache/mod_php5.c =================================================================== --- php-5.3.5.orig/sapi/apache/mod_php5.c +++ php-5.3.5/sapi/apache/mod_php5.c @@ -533,7 +533,7 @@ static void init_request_info(TSRMLS_D) SG(request_info).request_uri = r->uri; SG(request_info).request_method = (char *)r->method; SG(request_info).content_type = (char *) table_get(r->subprocess_env, "CONTENT_TYPE"); - SG(request_info).content_length = (content_length ? atoi(content_length) : 0); + SG(request_info).content_length = (content_length ? atol(content_length) : 0); SG(sapi_headers).http_response_code = r->status; SG(request_info).proto_num = r->proto_num; Index: php-5.3.5/sapi/apache2filter/sapi_apache2.c =================================================================== --- php-5.3.5.orig/sapi/apache2filter/sapi_apache2.c +++ php-5.3.5/sapi/apache2filter/sapi_apache2.c @@ -420,7 +420,7 @@ static void php_apache_request_ctor(ap_f efree(content_type); content_length = (char *) apr_table_get(f->r->headers_in, "Content-Length"); - SG(request_info).content_length = (content_length ? atoi(content_length) : 0); + SG(request_info).content_length = (content_length ? atol(content_length) : 0); apr_table_unset(f->r->headers_out, "Content-Length"); apr_table_unset(f->r->headers_out, "Last-Modified"); Index: php-5.3.5/sapi/apache2handler/sapi_apache2.c =================================================================== --- php-5.3.5.orig/sapi/apache2handler/sapi_apache2.c +++ php-5.3.5/sapi/apache2handler/sapi_apache2.c @@ -484,7 +484,7 @@ static int php_apache_request_ctor(reque r->no_local_copy = 1; content_length = (char *) apr_table_get(r->headers_in, "Content-Length"); - SG(request_info).content_length = (content_length ? atoi(content_length) : 0); + SG(request_info).content_length = (content_length ? atol(content_length) : 0); apr_table_unset(r->headers_out, "Content-Length"); apr_table_unset(r->headers_out, "Last-Modified"); Index: php-5.3.5/sapi/apache_hooks/mod_php5.c =================================================================== --- php-5.3.5.orig/sapi/apache_hooks/mod_php5.c +++ php-5.3.5/sapi/apache_hooks/mod_php5.c @@ -587,7 +587,7 @@ static void init_request_info(TSRMLS_D) SG(request_info).request_method = (char *)r->method; SG(request_info).proto_num = r->proto_num; SG(request_info).content_type = (char *) table_get(r->subprocess_env, "CONTENT_TYPE"); - SG(request_info).content_length = (content_length ? atoi(content_length) : 0); + SG(request_info).content_length = (content_length ? atol(content_length) : 0); SG(sapi_headers).http_response_code = r->status; if (r->headers_in) { Index: php-5.3.5/sapi/cgi/cgi_main.c =================================================================== --- php-5.3.5.orig/sapi/cgi/cgi_main.c +++ php-5.3.5/sapi/cgi/cgi_main.c @@ -491,7 +491,7 @@ static int sapi_cgi_read_post(char *buff uint read_bytes = 0; int tmp_read_bytes; - count_bytes = MIN(count_bytes, (uint) SG(request_info).content_length - SG(read_post_bytes)); + count_bytes = MIN(count_bytes, SG(request_info).content_length - SG(read_post_bytes)); while (read_bytes < count_bytes) { if (fcgi_is_fastcgi()) { fcgi_request *request = (fcgi_request*) SG(server_context); @@ -1350,7 +1350,7 @@ static void init_request_info(TSRMLS_D) /* FIXME - Work out proto_num here */ SG(request_info).query_string = sapi_cgibin_getenv("QUERY_STRING", sizeof("QUERY_STRING")-1 TSRMLS_CC); SG(request_info).content_type = (content_type ? content_type : "" ); - SG(request_info).content_length = (content_length ? atoi(content_length) : 0); + SG(request_info).content_length = (content_length ? atol(content_length) : 0); /* The CGI RFC allows servers to pass on unvalidated Authorization data */ auth = sapi_cgibin_getenv("HTTP_AUTHORIZATION", sizeof("HTTP_AUTHORIZATION")-1 TSRMLS_CC); Index: php-5.3.5/ext/suhosin/rfc1867.c =================================================================== --- php-5.3.5.orig/ext/suhosin/rfc1867.c +++ php-5.3.5/ext/suhosin/rfc1867.c @@ -771,7 +771,7 @@ SAPI_POST_HANDLER_FUNC(suhosin_rfc1867_p { char *boundary, *s=NULL, *boundary_end = NULL, *start_arr=NULL, *array_index=NULL; char *temp_filename=NULL, *lbuf=NULL, *abuf=NULL; - int boundary_len=0, total_bytes=0, cancel_upload=0, is_arr_upload=0, array_len=0; + long total_bytes=0; int boundary_len=0, cancel_upload=0, is_arr_upload=0, array_len=0; int max_file_size=0, skip_upload=0, anonindex=0, is_anonymous; zval *http_post_files=NULL; HashTable *uploaded_files=NULL; #if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING) ++++++ php-5.3.3-CVE-2011-2202.patch ++++++ http://svn.php.net/viewvc?view=revision&revision=312103 --- main/rfc1867.c 2011/06/12 15:03:18 312102 +++ main/rfc1867.c 2011/06/12 15:14:18 312103 @@ -1223,7 +1223,7 @@ #endif if (!is_anonymous) { - if (s && s > filename) { + if (s && s >= filename) { safe_php_register_variable(lbuf, s+1, strlen(s+1), NULL, 0 TSRMLS_CC); } else { safe_php_register_variable(lbuf, filename, strlen(filename), NULL, 0 TSRMLS_CC); @@ -1236,7 +1236,7 @@ } else { snprintf(lbuf, llen, "%s[name]", param); } - if (s && s > filename) { + if (s && s >= filename) { register_http_post_files_variable(lbuf, s+1, http_post_files, 0 TSRMLS_CC); } else { register_http_post_files_variable(lbuf, filename, http_post_files, 0 TSRMLS_CC); ++++++ php-5.3.3-CVE-2011-2483-standard.patch ++++++ ++++ 750 lines (skipped) ++++++ php-5.3.3-CVE-2011-2483-suhosin.patch ++++++ ++++ 612 lines (skipped) ++++++ php-5.3.3-CVE-2011-3268.patch ++++++ http://svn.php.net/viewvc?view=revision&revision=312919 --- ext/standard/crypt.c 2011/01/01 02:19:59 306939 +++ ext/standard/crypt.c 2011/07/04 23:38:09 312919 @@ -179,6 +179,8 @@ salt[2] = '\0'; #endif salt_in_len = strlen(salt); + } else { + salt_in_len = MIN(PHP_MAX_SALT_LEN, salt_in_len); } /* Windows (win32/crypt) has a stripped down version of libxcrypt and ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org