Hello dear PHP PEAR Maintainers, the Debian LTS team would like to fix the security issues which are currently open in the Squeeze version of zendframework: https://security-tracker.debian.org/tracker/source-package/zendframework I've already prepared the attached patch and I'm ready to upload it, unless you want to do it by yourselves. If that case, please follow the workflow we have defined here: http://wiki.debian.org/LTS/Development Otherwise, I'll upload the updated package at the end of this week. Thank you very much. Santiago Ruano Rincón, on behalf of the Debian LTS team.
diff -u zendframework-1.10.6/debian/changelog zendframework-1.10.6/debian/changelog
--- zendframework-1.10.6/debian/changelog
+++ zendframework-1.10.6/debian/changelog
@@ -1,3 +1,39 @@
+zendframework (1.10.6-1squeeze3) squeeze-lts; urgency=medium
+
+ * Non-maintainer upload by the Squeeze LTS team.
+ * Fix ZF2012-02: Denial of Service vector via XEE injection
+ http://framework.zend.com/security/advisory/ZF2012-02
+ [CVE-2012-6531].
+ * Backport security fixes from wheezy:
+ * Handle patches with gbp pq
+ * Fix ZF2014-01: Potential XXE/XEE attacks.
+ Numerous components utilizing PHP's DOMDocument, SimpleXML, and
+ xml_parse functionality were vulnerable.
+ http://framework.zend.com/security/advisory/ZF2014-01
+ [CVE-2014-2681] [CVE-2014-2682] [CVE-2014-2683]
+ * Fix ZF2014-02: Security fix for OpenID.
+ Potential security issue in login mechanism of ZendOpenId and
+ Zend_OpenId consumer.
+ http://framework.zend.com/security/advisory/ZF2014-02
+ [CVE-2014-2684] [CVE-2014-2685]
+ * Fix ZF2014-04: Potential SQL injection.
+ The implementation of the ORDER BY SQL statement in Zend_Db_Select of
+ Zend Framework 1 contains a potential SQL injection when the query
+ string passed contains parentheses.
+ http://framework.zend.com/security/advisory/ZF2014-04
+ [CVE-2014-4914]
+ * Fix ZF2014-05: Potential XML eXternal Entity injection vectors
+ http://framework.zend.com/security/advisory/ZF2012-05
+ [CVE-2014-8088]
+ * Fix ZF2014-06: SQL injection vector when manually quoting values
+ http://framework.zend.com/security/advisory/ZF2014-06
+ [CVE-2014-8089]
+ * Fix ZF2015-04: CRLF injections in HTTP and Mail
+ http://framework.zend.com/security/advisory/ZF2015-04
+ [CVE-2015-3154]
+
+ -- Santiago Ruano Rincón <santiagorr@riseup.net> Mon, 15 Jun 2015 22:36:44 +0200
+
zendframework (1.10.6-1squeeze2) squeeze-security; urgency=high
* Fix for CVE-2012-5657: remove the XXE vector by calling
reverted:
--- zendframework-1.10.6/debian/patches/01-zf-shell.patch
+++ zendframework-1.10.6.orig/debian/patches/01-zf-shell.patch
@@ -1,21 +0,0 @@
-Author: Frank Habermann <habermann@2im.de>
-Description: add shebang and set absolut path to php file
-
-diff -Naurp zendframework-1.9.6.orig/bin/zf.php zendframework-1.9.6/bin/zf.php
---- zendframework-1.9.6.orig/bin/zf.php 2009-09-07 21:48:34.000000000 +0000
-+++ zendframework-1.9.6/bin/zf.php 2009-12-06 19:40:47.000000000 +0000
-@@ -1,3 +1,4 @@
-+#!/usr/bin/php5
- <?php
- /**
- * Zend Framework
-diff -Naurp zendframework-1.9.6.orig/bin/zf.sh zendframework-1.9.6/bin/zf.sh
---- zendframework-1.9.6.orig/bin/zf.sh 2009-07-16 13:01:27.000000000 +0000
-+++ zendframework-1.9.6/bin/zf.sh 2009-12-06 19:41:26.000000000 +0000
-@@ -41,5 +41,5 @@ else
- PHP_DIR="$(dirname "$SELF_LINK")"
- fi
-
--"$PHP_BIN" -d safe_mode=Off -f "$PHP_DIR/zf.php" -- "$@"
-+"$PHP_BIN" -d safe_mode=Off -f "/usr/share/zendframework/bin/zf.php" -- "$@"
-
diff -u zendframework-1.10.6/debian/patches/series zendframework-1.10.6/debian/patches/series
--- zendframework-1.10.6/debian/patches/series
+++ zendframework-1.10.6/debian/patches/series
@@ -1,2 +1,12 @@
-01-zf-shell.patch
-02-ZF2012-05
+0001-Add-shebang-and-set-absolut-path-to-php-file.patch
+0002-ZF-12486-Fix-XXE-vulnerability-in-legacy-Zend_Feed-c.patch
+0003-Fix-for-XML-XXE-XEE-potential-attacks.patch
+0004-Added-heuristic-check-for-XXE-XEE-attacks-with-PHP-F.patch
+0005-Anonymous-function-rewritten-as-static-one-to-mainta.patch
+0006-Security-fix-for-OpenID.patch
+0007-Patch-for-potential-Sql-injection-in-ORDER.patch
+0008-ZF2014-05-Fix-for-null-byte-binding.patch
+0009-372-Quote-null-byte-characters.patch
+0010-ZF2015-04-Fix-CRLF-injections-in-HTTP-and-Mail.patch
+0011-Cast-int-and-float-to-string-when-creating-headers.patch
+0020-CVE-2012-6531-6532.patch
reverted:
--- zendframework-1.10.6/debian/patches/02-ZF2012-05
+++ zendframework-1.10.6.orig/debian/patches/02-ZF2012-05
@@ -1,171 +0,0 @@
-diff -ur zendframework-1.10.6/library//Zend/Feed/Abstract.php zendframework-1.10.6-fixed/library//Zend/Feed/Abstract.php
---- zendframework-1.10.6/library//Zend/Feed/Abstract.php 2010-01-06 02:05:09.000000000 +0000
-+++ zendframework-1.10.6-fixed/library//Zend/Feed/Abstract.php 2013-01-07 19:44:54.000000000 +0000
-@@ -81,9 +81,9 @@
- * @see Zend_Feed_Exception
- */
- require_once 'Zend/Feed/Exception.php';
-- throw new Zend_Feed_Exception('Feed failed to load, got response code ' . $response->getStatus());
-+ throw new Zend_Feed_Exception('Feed failed to load, got response code ' . $response->getStatus() . '; request: ' . $client->getLastRequest() . "\nresponse: " . $response->asString());
- }
-- $this->_element = $response->getBody();
-+ $this->_element = $this->_importFeedFromString($response->getBody());
- $this->__wakeup();
- } elseif ($string !== null) {
- // Retrieve the feed from $string
-@@ -256,4 +256,49 @@
- * @return void
- */
- abstract public function send();
-+
-+ /**
-+ * Import a feed from a string
-+ *
-+ * Protects against XXE attack vectors.
-+ *
-+ * @param string $feed
-+ * @return string
-+ * @throws Zend_Feed_Exception on detection of an XXE vector
-+ */
-+ protected function _importFeedFromString($feed)
-+ {
-+ // Load the feed as an XML DOMDocument object
-+ $libxml_errflag = libxml_use_internal_errors(true);
-+ $libxml_entity_loader = libxml_disable_entity_loader(true);
-+ $doc = new DOMDocument;
-+ if (trim($feed) == '') {
-+ require_once 'Zend/Feed/Exception.php';
-+ throw new Zend_Feed_Exception('Remote feed being imported'
-+ . ' is an Empty string or comes from an empty HTTP response');
-+ }
-+ $status = $doc->loadXML($feed);
-+ libxml_disable_entity_loader($libxml_entity_loader);
-+ libxml_use_internal_errors($libxml_errflag);
-+
-+ if (!$status) {
-+ // prevent the class to generate an undefined variable notice (ZF-2590)
-+ // Build error message
-+ $error = libxml_get_last_error();
-+ if ($error && $error->message) {
-+ $errormsg = "DOMDocument cannot parse XML: {$error->message}";
-+ } else {
-+ $errormsg = "DOMDocument cannot parse XML";
-+ }
-+
-+
-+ /**
-+ * @see Zend_Feed_Exception
-+ */
-+ require_once 'Zend/Feed/Exception.php';
-+ throw new Zend_Feed_Exception($errormsg);
-+ }
-+
-+ return $doc->saveXML($doc->documentElement);
-+ }
- }
-diff -ur zendframework-1.10.6/library//Zend/Feed/Writer/Deleted.php zendframework-1.10.6-fixed/library//Zend/Feed/Writer/Deleted.php
---- zendframework-1.10.6/library//Zend/Feed/Writer/Deleted.php 2010-01-22 14:06:24.000000000 +0000
-+++ zendframework-1.10.6-fixed/library//Zend/Feed/Writer/Deleted.php 2013-01-07 19:47:29.000000000 +0000
-@@ -128,10 +128,10 @@
- $zdate = null;
- if (is_null($date)) {
- $zdate = new Zend_Date;
-- } elseif (ctype_digit($date) && strlen($date) == 10) {
-- $zdate = new Zend_Date($date, Zend_Date::TIMESTAMP);
- } elseif ($date instanceof Zend_Date) {
- $zdate = $date;
-+ } elseif (ctype_digit((string)$date)) {
-+ $zdate = new Zend_Date($date, Zend_Date::TIMESTAMP);
- } else {
- require_once 'Zend/Feed/Exception.php';
- throw new Zend_Feed_Exception('Invalid Zend_Date object or UNIX Timestamp passed as parameter');
-diff -ur zendframework-1.10.6/library//Zend/Feed/Writer/Entry.php zendframework-1.10.6-fixed/library//Zend/Feed/Writer/Entry.php
---- zendframework-1.10.6/library//Zend/Feed/Writer/Entry.php 2010-04-30 14:04:57.000000000 +0000
-+++ zendframework-1.10.6-fixed/library//Zend/Feed/Writer/Entry.php 2013-01-07 19:48:39.000000000 +0000
-@@ -214,10 +214,10 @@
- $zdate = null;
- if (is_null($date)) {
- $zdate = new Zend_Date;
-- } elseif (ctype_digit($date) && strlen($date) == 10) {
-- $zdate = new Zend_Date($date, Zend_Date::TIMESTAMP);
- } elseif ($date instanceof Zend_Date) {
- $zdate = $date;
-+ } elseif (ctype_digit((string)$date)) {
-+ $zdate = new Zend_Date($date, Zend_Date::TIMESTAMP);
- } else {
- require_once 'Zend/Feed/Exception.php';
- throw new Zend_Feed_Exception('Invalid Zend_Date object or UNIX Timestamp passed as parameter');
-@@ -235,10 +235,10 @@
- $zdate = null;
- if (is_null($date)) {
- $zdate = new Zend_Date;
-- } elseif (ctype_digit($date) && strlen($date) == 10) {
-- $zdate = new Zend_Date($date, Zend_Date::TIMESTAMP);
- } elseif ($date instanceof Zend_Date) {
- $zdate = $date;
-+ } elseif (ctype_digit((string)$date)) {
-+ $zdate = new Zend_Date($date, Zend_Date::TIMESTAMP);
- } else {
- require_once 'Zend/Feed/Exception.php';
- throw new Zend_Feed_Exception('Invalid Zend_Date object or UNIX Timestamp passed as parameter');
-diff -ur zendframework-1.10.6/library//Zend/Feed/Writer/Feed/FeedAbstract.php zendframework-1.10.6-fixed/library//Zend/Feed/Writer/Feed/FeedAbstract.php
---- zendframework-1.10.6/library//Zend/Feed/Writer/Feed/FeedAbstract.php 2010-05-05 13:44:11.000000000 +0000
-+++ zendframework-1.10.6-fixed/library//Zend/Feed/Writer/Feed/FeedAbstract.php 2013-01-07 19:50:19.000000000 +0000
-@@ -173,10 +173,10 @@
- $zdate = null;
- if (is_null($date)) {
- $zdate = new Zend_Date;
-- } elseif (ctype_digit($date) && strlen($date) == 10) {
-- $zdate = new Zend_Date($date, Zend_Date::TIMESTAMP);
- } elseif ($date instanceof Zend_Date) {
- $zdate = $date;
-+ } elseif (ctype_digit((string)$date)) {
-+ $zdate = new Zend_Date($date, Zend_Date::TIMESTAMP);
- } else {
- require_once 'Zend/Feed/Exception.php';
- throw new Zend_Feed_Exception('Invalid Zend_Date object or UNIX Timestamp passed as parameter');
-@@ -194,10 +194,10 @@
- $zdate = null;
- if (is_null($date)) {
- $zdate = new Zend_Date;
-- } elseif (ctype_digit($date) && strlen($date) == 10) {
-- $zdate = new Zend_Date($date, Zend_Date::TIMESTAMP);
- } elseif ($date instanceof Zend_Date) {
- $zdate = $date;
-+ } elseif (ctype_digit((string)$date)) {
-+ $zdate = new Zend_Date($date, Zend_Date::TIMESTAMP);
- } else {
- require_once 'Zend/Feed/Exception.php';
- throw new Zend_Feed_Exception('Invalid Zend_Date object or UNIX Timestamp passed as parameter');
-@@ -215,10 +215,10 @@
- $zdate = null;
- if (is_null($date)) {
- $zdate = new Zend_Date;
-- } elseif (ctype_digit($date) && strlen($date) == 10) {
-- $zdate = new Zend_Date($date, Zend_Date::TIMESTAMP);
- } elseif ($date instanceof Zend_Date) {
- $zdate = $date;
-+ } elseif (ctype_digit((string)$date)) {
-+ $zdate = new Zend_Date($date, Zend_Date::TIMESTAMP);
- } else {
- require_once 'Zend/Feed/Exception.php';
- throw new Zend_Feed_Exception('Invalid Zend_Date object or UNIX Timestamp passed as parameter');
-diff -ur zendframework-1.10.6/library//Zend/Feed.php zendframework-1.10.6-fixed/library//Zend/Feed.php
---- zendframework-1.10.6/library//Zend/Feed.php 2010-01-06 02:05:09.000000000 +0000
-+++ zendframework-1.10.6-fixed/library//Zend/Feed.php 2013-01-07 19:41:55.000000000 +0000
-@@ -192,6 +192,7 @@
- {
- // Load the feed as an XML DOMDocument object
- $libxml_errflag = libxml_use_internal_errors(true);
-+ $libxml_entity_loader = libxml_disable_entity_loader(true);
- $doc = new DOMDocument;
- if (trim($string) == '') {
- require_once 'Zend/Feed/Exception.php';
-@@ -199,6 +200,7 @@
- . ' is an Empty string or comes from an empty HTTP response');
- }
- $status = $doc->loadXML($string);
-+ libxml_disable_entity_loader($libxml_entity_loader);
- libxml_use_internal_errors($libxml_errflag);
-
-
only in patch2:
unchanged:
--- zendframework-1.10.6.orig/debian/patches/0001-Add-shebang-and-set-absolut-path-to-php-file.patch
+++ zendframework-1.10.6/debian/patches/0001-Add-shebang-and-set-absolut-path-to-php-file.patch
@@ -0,0 +1,25 @@
+From: Frank Habermann <habermann@2im.de>
+Date: Mon, 28 Dec 2009 22:00:00 +0200
+Subject: Add shebang and set absolut path to php file
+
+---
+ bin/zf.php | 1 +
+ bin/zf.sh | 2 +-
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+--- a/bin/zf.php
++++ b/bin/zf.php
+@@ -1,3 +1,4 @@
++#!/usr/bin/php5
+ <?php
+ /**
+ * Zend Framework
+--- a/bin/zf.sh
++++ b/bin/zf.sh
+@@ -41,5 +41,5 @@
+ PHP_DIR="$(dirname "$SELF_LINK")"
+ fi
+
+-"$PHP_BIN" -d safe_mode=Off -f "$PHP_DIR/zf.php" -- "$@"
++"$PHP_BIN" -d safe_mode=Off -f "/usr/share/zendframework/bin/zf.php" -- "$@"
+
only in patch2:
unchanged:
--- zendframework-1.10.6.orig/debian/patches/0002-ZF-12486-Fix-XXE-vulnerability-in-legacy-Zend_Feed-c.patch
+++ zendframework-1.10.6/debian/patches/0002-ZF-12486-Fix-XXE-vulnerability-in-legacy-Zend_Feed-c.patch
@@ -0,0 +1,188 @@
+From: matthew <matthew@44c647ce-9c0f-0410-b52a-842ac1e357ba>
+Date: Tue, 18 Dec 2012 15:17:16 +0000
+Subject: [ZF-12486] Fix XXE vulnerability in legacy Zend_Feed classes
+
+Merges r25158 from trunk.
+
+- Fixes an XXE vulnerability in Zend_Feed_Abstract whereby feeds
+ imported by URI could load external XML entities.
+
+- cherry-picked from wheezy.
+ Removed all changes on tests/ directory
+
+git-svn-id: http://framework.zend.com/svn/framework/standard/branches/release-1.12@25160 44c647ce-9c0f-0410-b52a-842ac1e357ba
+Bug-Debian: https://bugs.debian.org/696483
+Origin: upstream, https://github.com/zendframework/zf1/commit/a802c81c3b4ca680c3eabf4bae7536d6c3e36765
+Origin: debian, http://anonscm.debian.org/cgit/pkg-php/zendframework.git/commit/?h=wheezy&id=f38da6759ae2b79fed7530e5b988a9febb3bcb7e
+---
+--- a/library/Zend/Feed.php
++++ b/library/Zend/Feed.php
+@@ -191,7 +191,8 @@
+ public static function importString($string)
+ {
+ // Load the feed as an XML DOMDocument object
+- $libxml_errflag = libxml_use_internal_errors(true);
++ $libxml_errflag = libxml_use_internal_errors(true);
++ $libxml_entity_loader = libxml_disable_entity_loader(true);
+ $doc = new DOMDocument;
+ if (trim($string) == '') {
+ require_once 'Zend/Feed/Exception.php';
+@@ -199,9 +200,9 @@
+ . ' is an Empty string or comes from an empty HTTP response');
+ }
+ $status = $doc->loadXML($string);
++ libxml_disable_entity_loader($libxml_entity_loader);
+ libxml_use_internal_errors($libxml_errflag);
+
+-
+ if (!$status) {
+ // prevent the class to generate an undefined variable notice (ZF-2590)
+ // Build error message
+--- a/library/Zend/Feed/Abstract.php
++++ b/library/Zend/Feed/Abstract.php
+@@ -81,9 +81,9 @@
+ * @see Zend_Feed_Exception
+ */
+ require_once 'Zend/Feed/Exception.php';
+- throw new Zend_Feed_Exception('Feed failed to load, got response code ' . $response->getStatus());
++ throw new Zend_Feed_Exception('Feed failed to load, got response code ' . $response->getStatus() . '; request: ' . $client->getLastRequest() . "\nresponse: " . $response->asString());
+ }
+- $this->_element = $response->getBody();
++ $this->_element = $this->_importFeedFromString($response->getBody());
+ $this->__wakeup();
+ } elseif ($string !== null) {
+ // Retrieve the feed from $string
+@@ -256,4 +256,49 @@
+ * @return void
+ */
+ abstract public function send();
++
++ /**
++ * Import a feed from a string
++ *
++ * Protects against XXE attack vectors.
++ *
++ * @param string $feed
++ * @return string
++ * @throws Zend_Feed_Exception on detection of an XXE vector
++ */
++ protected function _importFeedFromString($feed)
++ {
++ // Load the feed as an XML DOMDocument object
++ $libxml_errflag = libxml_use_internal_errors(true);
++ $libxml_entity_loader = libxml_disable_entity_loader(true);
++ $doc = new DOMDocument;
++ if (trim($feed) == '') {
++ require_once 'Zend/Feed/Exception.php';
++ throw new Zend_Feed_Exception('Remote feed being imported'
++ . ' is an Empty string or comes from an empty HTTP response');
++ }
++ $status = $doc->loadXML($feed);
++ libxml_disable_entity_loader($libxml_entity_loader);
++ libxml_use_internal_errors($libxml_errflag);
++
++ if (!$status) {
++ // prevent the class to generate an undefined variable notice (ZF-2590)
++ // Build error message
++ $error = libxml_get_last_error();
++ if ($error && $error->message) {
++ $errormsg = "DOMDocument cannot parse XML: {$error->message}";
++ } else {
++ $errormsg = "DOMDocument cannot parse XML";
++ }
++
++
++ /**
++ * @see Zend_Feed_Exception
++ */
++ require_once 'Zend/Feed/Exception.php';
++ throw new Zend_Feed_Exception($errormsg);
++ }
++
++ return $doc->saveXML($doc->documentElement);
++ }
+ }
+--- a/library/Zend/Feed/Writer/Deleted.php
++++ b/library/Zend/Feed/Writer/Deleted.php
+@@ -128,10 +128,10 @@
+ $zdate = null;
+ if (is_null($date)) {
+ $zdate = new Zend_Date;
+- } elseif (ctype_digit($date) && strlen($date) == 10) {
+- $zdate = new Zend_Date($date, Zend_Date::TIMESTAMP);
+ } elseif ($date instanceof Zend_Date) {
+ $zdate = $date;
++ } elseif (ctype_digit((string)$date)) {
++ $zdate = new Zend_Date($date, Zend_Date::TIMESTAMP);
+ } else {
+ require_once 'Zend/Feed/Exception.php';
+ throw new Zend_Feed_Exception('Invalid Zend_Date object or UNIX Timestamp passed as parameter');
+--- a/library/Zend/Feed/Writer/Entry.php
++++ b/library/Zend/Feed/Writer/Entry.php
+@@ -214,10 +214,10 @@
+ $zdate = null;
+ if (is_null($date)) {
+ $zdate = new Zend_Date;
+- } elseif (ctype_digit($date) && strlen($date) == 10) {
+- $zdate = new Zend_Date($date, Zend_Date::TIMESTAMP);
+ } elseif ($date instanceof Zend_Date) {
+ $zdate = $date;
++ } elseif (ctype_digit((string)$date)) {
++ $zdate = new Zend_Date($date, Zend_Date::TIMESTAMP);
+ } else {
+ require_once 'Zend/Feed/Exception.php';
+ throw new Zend_Feed_Exception('Invalid Zend_Date object or UNIX Timestamp passed as parameter');
+@@ -235,10 +235,10 @@
+ $zdate = null;
+ if (is_null($date)) {
+ $zdate = new Zend_Date;
+- } elseif (ctype_digit($date) && strlen($date) == 10) {
+- $zdate = new Zend_Date($date, Zend_Date::TIMESTAMP);
+ } elseif ($date instanceof Zend_Date) {
+ $zdate = $date;
++ } elseif (ctype_digit((string)$date)) {
++ $zdate = new Zend_Date($date, Zend_Date::TIMESTAMP);
+ } else {
+ require_once 'Zend/Feed/Exception.php';
+ throw new Zend_Feed_Exception('Invalid Zend_Date object or UNIX Timestamp passed as parameter');
+--- a/library/Zend/Feed/Writer/Feed/FeedAbstract.php
++++ b/library/Zend/Feed/Writer/Feed/FeedAbstract.php
+@@ -173,10 +173,10 @@
+ $zdate = null;
+ if (is_null($date)) {
+ $zdate = new Zend_Date;
+- } elseif (ctype_digit($date) && strlen($date) == 10) {
+- $zdate = new Zend_Date($date, Zend_Date::TIMESTAMP);
+ } elseif ($date instanceof Zend_Date) {
+ $zdate = $date;
++ } elseif (ctype_digit((string)$date)) {
++ $zdate = new Zend_Date($date, Zend_Date::TIMESTAMP);
+ } else {
+ require_once 'Zend/Feed/Exception.php';
+ throw new Zend_Feed_Exception('Invalid Zend_Date object or UNIX Timestamp passed as parameter');
+@@ -194,10 +194,10 @@
+ $zdate = null;
+ if (is_null($date)) {
+ $zdate = new Zend_Date;
+- } elseif (ctype_digit($date) && strlen($date) == 10) {
+- $zdate = new Zend_Date($date, Zend_Date::TIMESTAMP);
+ } elseif ($date instanceof Zend_Date) {
+ $zdate = $date;
++ } elseif (ctype_digit((string)$date)) {
++ $zdate = new Zend_Date($date, Zend_Date::TIMESTAMP);
+ } else {
+ require_once 'Zend/Feed/Exception.php';
+ throw new Zend_Feed_Exception('Invalid Zend_Date object or UNIX Timestamp passed as parameter');
+@@ -215,10 +215,10 @@
+ $zdate = null;
+ if (is_null($date)) {
+ $zdate = new Zend_Date;
+- } elseif (ctype_digit($date) && strlen($date) == 10) {
+- $zdate = new Zend_Date($date, Zend_Date::TIMESTAMP);
+ } elseif ($date instanceof Zend_Date) {
+ $zdate = $date;
++ } elseif (ctype_digit((string)$date)) {
++ $zdate = new Zend_Date($date, Zend_Date::TIMESTAMP);
+ } else {
+ require_once 'Zend/Feed/Exception.php';
+ throw new Zend_Feed_Exception('Invalid Zend_Date object or UNIX Timestamp passed as parameter');
only in patch2:
unchanged:
--- zendframework-1.10.6.orig/debian/patches/0003-Fix-for-XML-XXE-XEE-potential-attacks.patch
+++ zendframework-1.10.6/debian/patches/0003-Fix-for-XML-XXE-XEE-potential-attacks.patch
@@ -0,0 +1,1372 @@
+From: Enrico Zimuel <e.zimuel@gmail.com>
+Date: Tue, 25 Feb 2014 20:26:00 +0100
+Subject: Fix for XML XXE/XEE potential attacks
+
+Conflicts:
+ library/Zend/Mobile/Push/Message/Mpns/Raw.php
+ library/Zend/Service/SqlAzure/Management/Client.php
+ library/Zend/Service/WindowsAzure/CommandLine/Package.php
+ library/Zend/Service/WindowsAzure/Management/Client.php
+ library/Zend/Service/WindowsAzure/Storage.php
+ tests/Zend/Mobile/Push/Message/Mpns/RawTest.php
+
+Bug-Debian: https://bugs.debian.org/743175
+Origin: upstream, https://github.com/zendframework/zf1/commit/ff7edddf1410b44b5ead857c02698aad9f748d1b
+Origin: debian, http://anonscm.debian.org/cgit/pkg-php/zendframework.git/commit/?h=wheezy&id=dc147b41ab01a59956695bcdf3396f2b7135d939
+---
+ library/Zend/Amf/Adobe/Auth.php | 5 +-
+ library/Zend/Amf/Parse/Amf0/Deserializer.php | 5 +-
+ library/Zend/Amf/Parse/Amf3/Deserializer.php | 5 +-
+ library/Zend/Config.php | 2 +-
+ library/Zend/Config/Xml.php | 22 ++-
+ library/Zend/Dom/Query.php | 26 ++--
+ library/Zend/Feed.php | 15 +-
+ library/Zend/Feed/Abstract.php | 17 +--
+ library/Zend/Feed/Entry/Abstract.php | 6 +-
+ library/Zend/Feed/Entry/Atom.php | 6 +-
+ library/Zend/Feed/Reader.php | 51 +++----
+ library/Zend/Feed/Writer/Renderer/Entry/Atom.php | 8 +-
+ library/Zend/Gdata/App.php | 7 +-
+ library/Zend/Gdata/App/Base.php | 7 +-
+ library/Zend/Gdata/Gapps/ServiceException.php | 7 +-
+ library/Zend/Gdata/YouTube.php | 6 +-
+ library/Zend/Json.php | 4 +-
+ library/Zend/Locale/Data.php | 5 +-
+ library/Zend/Rest/Client/Result.php | 4 +-
+ library/Zend/Search/Lucene/Document/Docx.php | 7 +-
+ library/Zend/Search/Lucene/Document/OpenXml.php | 6 +-
+ library/Zend/Search/Lucene/Document/Pptx.php | 12 +-
+ library/Zend/Search/Lucene/Document/Xlsx.php | 11 +-
+ library/Zend/Serializer/Adapter/Wddx.php | 22 +--
+ library/Zend/Service/Amazon.php | 7 +-
+ library/Zend/Service/Amazon/Ec2/Response.php | 7 +-
+ library/Zend/Service/Amazon/SimpleDb/Response.php | 10 +-
+ library/Zend/Service/Audioscrobbler.php | 6 +-
+ library/Zend/Service/Delicious.php | 6 +-
+ library/Zend/Service/Ebay/Finding.php | 5 +-
+ library/Zend/Service/Flickr.php | 17 +--
+ library/Zend/Service/SlideShare.php | 9 +-
+ library/Zend/Service/Technorati.php | 4 +-
+ .../Diagnostics/ConfigurationInstance.php | 5 +-
+ library/Zend/Service/WindowsAzure/Storage.php | 7 +-
+ library/Zend/Service/Yahoo.php | 23 ++-
+ library/Zend/Soap/Server.php | 25 +--
+ library/Zend/Soap/Wsdl.php | 24 +--
+ library/Zend/Translate/Adapter/Qt.php | 14 ++
+ library/Zend/Translate/Adapter/Tbx.php | 14 ++
+ library/Zend/Translate/Adapter/Tmx.php | 14 ++
+ library/Zend/Translate/Adapter/Xliff.php | 14 ++
+ library/Zend/Translate/Adapter/XmlTm.php | 14 ++
+ library/Zend/Xml/Exception.php | 36 +++++
+ library/Zend/Xml/Security.php | 101 ++++++++++++
+ library/Zend/XmlRpc/Request.php | 24 +--
+ library/Zend/XmlRpc/Response.php | 29 +---
+ tests/Zend/Config/XmlTest.php | 4 +-
+ .../Feed/Reader/Integration/PodcastRss2Test.php | 4 +
+ tests/Zend/Serializer/Adapter/WddxTest.php | 2 +-
+ tests/Zend/Xml/AllTests.php | 56 +++++++
+ tests/Zend/Xml/SecurityTest.php | 170 +++++++++++++++++++++
+ tests/Zend/XmlRpc/Server/FaultTest.php | 1 +
+ 53 files changed, 699 insertions(+), 219 deletions(-)
+ create mode 100644 library/Zend/Xml/Exception.php
+ create mode 100644 library/Zend/Xml/Security.php
+ create mode 100644 tests/Zend/Xml/AllTests.php
+ create mode 100644 tests/Zend/Xml/SecurityTest.php
+
+--- a/library/Zend/Amf/Adobe/Auth.php
++++ b/library/Zend/Amf/Adobe/Auth.php
+@@ -28,6 +28,9 @@
+ /** @see Zend_Auth_Result */
+ require_once 'Zend/Auth/Result.php';
+
++/** @see Zend_Xml_Security */
++require_once 'Zend/Xml/Security.php';
++
+ /**
+ * This class implements authentication against XML file with roles for Flex Builder.
+ *
+@@ -61,7 +64,7 @@
+ public function __construct($rolefile)
+ {
+ $this->_acl = new Zend_Acl();
+- $xml = simplexml_load_file($rolefile);
++ $xml = Zend_Xml_Security::scanFile($rolefile);
+ /*
+ Roles file format:
+ <roles>
+--- a/library/Zend/Amf/Parse/Amf0/Deserializer.php
++++ b/library/Zend/Amf/Parse/Amf0/Deserializer.php
+@@ -23,6 +23,9 @@
+ /** Zend_Amf_Constants */
+ require_once 'Zend/Amf/Constants.php';
+
++/** Zend_Xml_Security */
++require_once 'Zend/Xml/Security.php';
++
+ /** @see Zend_Amf_Parse_Deserializer */
+ require_once 'Zend/Amf/Parse/Deserializer.php';
+
+@@ -248,7 +251,7 @@
+ public function readXmlString()
+ {
+ $string = $this->_stream->readLongUTF();
+- return simplexml_load_string($string);
++ return Zend_Xml_Security::scan($string); //simplexml_load_string($string);
+ }
+
+ /**
+--- a/library/Zend/Amf/Parse/Amf3/Deserializer.php
++++ b/library/Zend/Amf/Parse/Amf3/Deserializer.php
+@@ -23,6 +23,9 @@
+ /** Zend_Amf_Parse_Deserializer */
+ require_once 'Zend/Amf/Parse/Deserializer.php';
+
++/** Zend_Xml_Security */
++require_once 'Zend/Xml/Security.php';
++
+ /** Zend_Amf_Parse_TypeLoader */
+ require_once 'Zend/Amf/Parse/TypeLoader.php';
+
+@@ -416,6 +419,6 @@
+ $xmlReference = $this->readInteger();
+ $length = $xmlReference >> 1;
+ $string = $this->_stream->readBytes($length);
+- return simplexml_load_string($string);
++ return Zend_Xml_Security::scan($string);
+ }
+ }
+--- a/library/Zend/Config.php
++++ b/library/Zend/Config.php
+@@ -444,7 +444,7 @@
+ * @param string $errfile
+ * @param integer $errline
+ */
+- protected function _loadFileErrorHandler($errno, $errstr, $errfile, $errline)
++ public function _loadFileErrorHandler($errno, $errstr, $errfile, $errline)
+ {
+ if ($this->_loadFileErrorStr === null) {
+ $this->_loadFileErrorStr = $errstr;
+--- a/library/Zend/Config/Xml.php
++++ b/library/Zend/Config/Xml.php
+@@ -24,6 +24,12 @@
+ */
+ require_once 'Zend/Config.php';
+
++/** @see Zend_Xml_Security */
++require_once 'Zend/Xml/Security.php';
++
++/** @see Zend_Xml_Exception */
++require_once 'Zend/Xml/Exception.php';
++
+ /**
+ * XML Adapter for Zend_Config
+ *
+@@ -86,9 +92,21 @@
+
+ set_error_handler(array($this, '_loadFileErrorHandler')); // Warnings and errors are suppressed
+ if (strstr($xml, '<?xml')) {
+- $config = simplexml_load_string($xml);
++ $config = Zend_Xml_Security::scan($xml);
+ } else {
+- $config = simplexml_load_file($xml);
++ try {
++ if (!$config = Zend_Xml_Security::scanFile($xml)) {
++ require_once 'Zend/Config/Exception.php';
++ throw new Zend_Config_Exception(
++ "Error failed to load $xml file"
++ );
++ }
++ } catch (Zend_Xml_Exception $e) {
++ require_once 'Zend/Config/Exception.php';
++ throw new Zend_Config_Exception(
++ $e->getMessage()
++ );
++ }
+ }
+
+ restore_error_handler();
+--- a/library/Zend/Dom/Query.php
++++ b/library/Zend/Dom/Query.php
+@@ -29,6 +29,12 @@
+ */
+ require_once 'Zend/Dom/Query/Result.php';
+
++/** @see Zend_Xml_Security */
++require_once 'Zend/Xml/Security.php';
++
++/** @see Zend_Xml_Exception */
++require_once 'Zend/Xml/Exception.php';
++
+ /**
+ * Query DOM structures based on CSS selectors and/or XPath
+ *
+@@ -216,7 +222,7 @@
+ throw new Zend_Dom_Exception(sprintf('Error parsing document (type == %s)', $type));
+ }
+
+- $nodeList = $this->_getNodeList($domDoc, $xpathQuery);
++ $nodeList = $this->_getNodeList($domDoc, $xpathQuery);
+ return new Zend_Dom_Query_Result($query, $xpathQuery, $domDoc, $nodeList);
+ }
+
+--- a/library/Zend/Feed.php
++++ b/library/Zend/Feed.php
+@@ -20,6 +20,8 @@
+ * @version $Id: Feed.php 20096 2010-01-06 02:05:09Z bkarwin $
+ */
+
++/** @see Zend_Xml_Security */
++require_once 'Zend/Xml/Security.php';
+
+ /**
+ * Feed utility class
+@@ -190,20 +192,15 @@
+ */
+ public static function importString($string)
+ {
+- // Load the feed as an XML DOMDocument object
+- $libxml_errflag = libxml_use_internal_errors(true);
+- $libxml_entity_loader = libxml_disable_entity_loader(true);
+- $doc = new DOMDocument;
+ if (trim($string) == '') {
+ require_once 'Zend/Feed/Exception.php';
+ throw new Zend_Feed_Exception('Document/string being imported'
+ . ' is an Empty string or comes from an empty HTTP response');
+ }
+- $status = $doc->loadXML($string);
+- libxml_disable_entity_loader($libxml_entity_loader);
+- libxml_use_internal_errors($libxml_errflag);
++ $doc = new DOMDocument;
++ $doc = Zend_Xml_Security::scan($string, $doc);
+
+- if (!$status) {
++ if (!$doc) {
+ // prevent the class to generate an undefined variable notice (ZF-2590)
+ // Build error message
+ $error = libxml_get_last_error();
+@@ -320,7 +317,7 @@
+ if (!mb_check_encoding($link, 'UTF-8')) {
+ $link = mb_convert_encoding($link, 'UTF-8');
+ }
+- $xml = @simplexml_load_string(rtrim($link, ' /') . ' />');
++ $xml = @Zend_Xml_Security::scan(rtrim($link, ' /') . ' />');
+ if ($xml === false) {
+ continue;
+ }
+--- a/library/Zend/Feed/Abstract.php
++++ b/library/Zend/Feed/Abstract.php
+@@ -26,6 +26,8 @@
+ */
+ require_once 'Zend/Feed/Element.php';
+
++/** @see Zend_Xml_Security */
++require_once 'Zend/Xml/Security.php';
+
+ /**
+ * The Zend_Feed_Abstract class is an abstract class representing feeds.
+@@ -111,10 +113,10 @@
+ {
+ @ini_set('track_errors', 1);
+ $doc = new DOMDocument;
+- $status = @$doc->loadXML($this->_element);
++ $doc = @Zend_Xml_Security::scan($this->_element, $doc);
+ @ini_restore('track_errors');
+
+- if (!$status) {
++ if (!$doc) {
+ // prevent the class to generate an undefined variable notice (ZF-2590)
+ if (!isset($php_errormsg)) {
+ if (function_exists('xdebug_is_enabled')) {
+@@ -268,20 +270,15 @@
+ */
+ protected function _importFeedFromString($feed)
+ {
+- // Load the feed as an XML DOMDocument object
+- $libxml_errflag = libxml_use_internal_errors(true);
+- $libxml_entity_loader = libxml_disable_entity_loader(true);
+- $doc = new DOMDocument;
+ if (trim($feed) == '') {
+ require_once 'Zend/Feed/Exception.php';
+ throw new Zend_Feed_Exception('Remote feed being imported'
+ . ' is an Empty string or comes from an empty HTTP response');
+ }
+- $status = $doc->loadXML($feed);
+- libxml_disable_entity_loader($libxml_entity_loader);
+- libxml_use_internal_errors($libxml_errflag);
++ $doc = new DOMDocument;
++ $doc = Zend_Xml_Security::scan($feed, $doc);
+
+- if (!$status) {
++ if (!$doc) {
+ // prevent the class to generate an undefined variable notice (ZF-2590)
+ // Build error message
+ $error = libxml_get_last_error();
+--- a/library/Zend/Feed/Entry/Abstract.php
++++ b/library/Zend/Feed/Entry/Abstract.php
+@@ -31,6 +31,8 @@
+ */
+ require_once 'Zend/Feed/Element.php';
+
++/** @see Zend_Xml_Security */
++require_once 'Zend/Xml/Security.php';
+
+ /**
+ * Zend_Feed_Entry_Abstract represents a single entry in an Atom or RSS
+@@ -80,10 +82,10 @@
+ // Load the feed as an XML DOMDocument object
+ @ini_set('track_errors', 1);
+ $doc = new DOMDocument();
+- $status = @$doc->loadXML($element);
++ $doc = @Zend_Xml_Security::scan($element, $doc);
+ @ini_restore('track_errors');
+
+- if (!$status) {
++ if (!$doc) {
+ // prevent the class to generate an undefined variable notice (ZF-2590)
+ if (!isset($php_errormsg)) {
+ if (function_exists('xdebug_is_enabled')) {
+--- a/library/Zend/Feed/Entry/Atom.php
++++ b/library/Zend/Feed/Entry/Atom.php
+@@ -26,6 +26,8 @@
+ */
+ require_once 'Zend/Feed/Entry/Abstract.php';
+
++/** @see Zend_Xml_Security */
++require_once 'Zend/Xml/Security.php';
+
+ /**
+ * Concrete class for working with Atom entries.
+@@ -194,10 +196,10 @@
+ // Update internal properties using $client->responseBody;
+ @ini_set('track_errors', 1);
+ $newEntry = new DOMDocument;
+- $status = @$newEntry->loadXML($response->getBody());
++ $newEntry = @Zend_Xml_Security::scan($response->getBody(), $newEntry);
+ @ini_restore('track_errors');
+
+- if (!$status) {
++ if (!$newEntry) {
+ // prevent the class to generate an undefined variable notice (ZF-2590)
+ if (!isset($php_errormsg)) {
+ if (function_exists('xdebug_is_enabled')) {
+--- a/library/Zend/Feed/Reader.php
++++ b/library/Zend/Feed/Reader.php
+@@ -39,6 +39,12 @@
+ */
+ require_once 'Zend/Feed/Reader/FeedSet.php';
+
++/** @see Zend_Xml_Security */
++require_once 'Zend/Xml/Security.php';
++
++/** @see Zend_Xml_Exception */
++require_once 'Zend/Xml/Exception.php';
++
+ /**
+ * @category Zend
+ * @package Zend_Feed_Reader
+--- a/library/Zend/Feed/Writer/Renderer/Entry/Atom.php
++++ b/library/Zend/Feed/Writer/Renderer/Entry/Atom.php
+@@ -26,6 +26,9 @@
+
+ require_once 'Zend/Feed/Writer/Renderer/Feed/Atom/Source.php';
+
++/** @see Zend_Xml_Security */
++require_once 'Zend/Xml/Security.php';
++
+ /**
+ * @category Zend
+ * @package Zend_Feed_Writer
+@@ -355,8 +358,9 @@
+ "/(<[\/]?)([a-zA-Z]+)/"
+ ), '$1xhtml:$2', $xhtml);
+ $dom = new DOMDocument('1.0', $this->getEncoding());
+- $dom->loadXML('<xhtml:div xmlns:xhtml="http://www.w3.org/1999/xhtml";>'
+- . $xhtml . '</xhtml:div>');
++
++ $dom = Zend_Xml_Security::scan('<xhtml:div xmlns:xhtml="http://www.w3.org/1999/xhtml";>'
++ . $xhtml . '</xhtml:div>', $dom);
+ return $dom->documentElement;
+ }
+
+--- a/library/Zend/Gdata/App.php
++++ b/library/Zend/Gdata/App.php
+@@ -41,6 +41,9 @@
+ */
+ require_once 'Zend/Gdata/App/MediaSource.php';
+
++/** @see Zend_Xml_Security */
++require_once 'Zend/Xml/Security.php';
++
+ /**
+ * Provides Atom Publishing Protocol (APP) functionality. This class and all
+ * other components of Zend_Gdata_App are designed to work independently from
+@@ -803,10 +806,10 @@
+ // Load the feed as an XML DOMDocument object
+ @ini_set('track_errors', 1);
+ $doc = new DOMDocument();
+- $success = @$doc->loadXML($string);
++ $doc = @Zend_Xml_Security::scan($string, $doc);
+ @ini_restore('track_errors');
+
+- if (!$success) {
++ if (!$doc) {
+ require_once 'Zend/Gdata/App/Exception.php';
+ throw new Zend_Gdata_App_Exception(
+ "DOMDocument cannot parse XML: $php_errormsg");
+--- a/library/Zend/Gdata/App/Base.php
++++ b/library/Zend/Gdata/App/Base.php
+@@ -26,6 +26,9 @@
+ */
+ require_once 'Zend/Gdata/App/Util.php';
+
++/** @see Zend_Xml_Security */
++require_once 'Zend/Xml/Security.php';
++
+ /**
+ * Abstract class for all XML elements
+ *
+@@ -301,9 +304,9 @@
+ // Load the feed as an XML DOMDocument object
+ @ini_set('track_errors', 1);
+ $doc = new DOMDocument();
+- $success = @$doc->loadXML($xml);
++ $doc = @Zend_Xml_Security::scan($xml, $doc);
+ @ini_restore('track_errors');
+- if (!$success) {
++ if (!$doc) {
+ require_once 'Zend/Gdata/App/Exception.php';
+ throw new Zend_Gdata_App_Exception("DOMDocument cannot parse XML: $php_errormsg");
+ }
+--- a/library/Zend/Gdata/Gapps/ServiceException.php
++++ b/library/Zend/Gdata/Gapps/ServiceException.php
+@@ -32,6 +32,9 @@
+ */
+ require_once 'Zend/Gdata/Gapps/Error.php';
+
++/** @see Zend_Xml_Security */
++require_once 'Zend/Xml/Security.php';
++
+ /**
+ * Gdata Gapps Exception class. This is thrown when an
+ * AppsForYourDomainErrors message is received from the Google Apps
+@@ -160,10 +163,10 @@
+ // exception by referencing $php_errormsg
+ @ini_set('track_errors', 1);
+ $doc = new DOMDocument();
+- $success = @$doc->loadXML($string);
++ $doc = @Zend_Xml_Security::scan($string, $doc);
+ @ini_restore('track_errors');
+
+- if (!$success) {
++ if (!$doc) {
+ require_once 'Zend/Gdata/App/Exception.php';
+ // $php_errormsg is automatically generated by PHP if
+ // an error occurs while calling loadXML(), above.
+--- a/library/Zend/Gdata/YouTube.php
++++ b/library/Zend/Gdata/YouTube.php
+@@ -71,6 +71,8 @@
+ */
+ require_once 'Zend/Gdata/YouTube/InboxFeed.php';
+
++/** @see Zend_Xml_Security */
++require_once 'Zend/Xml/Security.php';
+
+ /**
+ * Service class for interacting with the YouTube Data API.
+@@ -652,10 +654,10 @@
+ // Load the feed as an XML DOMDocument object
+ @ini_set('track_errors', 1);
+ $doc = new DOMDocument();
+- $success = @$doc->loadXML($response);
++ $doc = @Zend_Xml_Security::scan($response, $doc);
+ @ini_restore('track_errors');
+
+- if (!$success) {
++ if (!$doc) {
+ require_once 'Zend/Gdata/App/Exception.php';
+ throw new Zend_Gdata_App_Exception(
+ "Zend_Gdata_YouTube::parseFormUploadTokenResponse - " .
+--- a/library/Zend/Json.php
++++ b/library/Zend/Json.php
+@@ -26,6 +26,8 @@
+ */
+ require_once 'Zend/Json/Expr.php';
+
++/** @see Zend_Xml_Security */
++require_once 'Zend/Xml/Security.php';
+
+ /**
+ * Class for encoding to and decoding from JSON.
+@@ -235,7 +237,7 @@
+ */
+ public static function fromXml ($xmlStringContents, $ignoreXmlAttributes=true) {
+ // Load the XML formatted string into a Simple XML Element object.
+- $simpleXmlElementObject = simplexml_load_string($xmlStringContents);
++ $simpleXmlElementObject = Zend_Xml_Security::scan($xmlStringContents);
+
+ // If it is not a valid XML content, throw an exception.
+ if ($simpleXmlElementObject == null) {
+--- a/library/Zend/Locale/Data.php
++++ b/library/Zend/Locale/Data.php
+@@ -25,6 +25,9 @@
+ */
+ require_once 'Zend/Locale.php';
+
++/** @see Zend_Xml_Security */
++require_once 'Zend/Xml/Security.php';
++
+ /**
+ * Locale data reader, handles the CLDR
+ *
+@@ -151,7 +154,7 @@
+ throw new Zend_Locale_Exception("Missing locale file '$filename' for '$locale' locale.");
+ }
+
+- self::$_ldml[(string) $locale] = simplexml_load_file($filename);
++ self::$_ldml[(string) $locale] = Zend_Xml_Security::scanFile($filename);
+ }
+
+ // search for 'alias' tag in the search path for redirection
+--- a/library/Zend/Rest/Client/Result.php
++++ b/library/Zend/Rest/Client/Result.php
+@@ -20,6 +20,8 @@
+ * @version $Id: Result.php 20096 2010-01-06 02:05:09Z bkarwin $
+ */
+
++require_once 'Zend/Xml/Security.php';
++
+ /**
+ * @category Zend
+ * @package Zend_Rest
+@@ -48,7 +50,7 @@
+ public function __construct($data)
+ {
+ set_error_handler(array($this, 'handleXmlErrors'));
+- $this->_sxml = simplexml_load_string($data);
++ $this->_sxml = Zend_Xml_Security::scan($data);
+ restore_error_handler();
+ if($this->_sxml === false) {
+ if ($this->_errstr === null) {
+--- a/library/Zend/Search/Lucene/Document/Docx.php
++++ b/library/Zend/Search/Lucene/Document/Docx.php
+@@ -23,6 +23,9 @@
+ /** Zend_Search_Lucene_Document_OpenXml */
+ require_once 'Zend/Search/Lucene/Document/OpenXml.php';
+
++/** Zend_Xml_Security */
++require_once 'Zend/Xml/Security.php';
++
+ /**
+ * Docx document.
+ *
+@@ -67,11 +70,11 @@
+ require_once 'Zend/Search/Lucene/Exception.php';
+ throw new Zend_Search_Lucene_Exception('Invalid archive or corrupted .docx file.');
+ }
+- $relations = simplexml_load_string($relationsXml);
++ $relations = Zend_Xml_Security::scan($relationsXml);
+ foreach($relations->Relationship as $rel) {
+ if ($rel ["Type"] == Zend_Search_Lucene_Document_OpenXml::SCHEMA_OFFICEDOCUMENT) {
+ // Found office document! Read in contents...
+- $contents = simplexml_load_string($package->getFromName(
++ $contents = Zend_Xml_Security::scan($package->getFromName(
+ $this->absoluteZipPath(dirname($rel['Target'])
+ . '/'
+ . basename($rel['Target']))
+--- a/library/Zend/Search/Lucene/Document/OpenXml.php
++++ b/library/Zend/Search/Lucene/Document/OpenXml.php
+@@ -24,6 +24,8 @@
+ /** Zend_Search_Lucene_Document */
+ require_once 'Zend/Search/Lucene/Document.php';
+
++/** Zend_Xml_Security */
++require_once 'Zend/Xml/Security.php';
+
+ /**
+ * OpenXML document.
+@@ -83,11 +85,11 @@
+ $coreProperties = array();
+
+ // Read relations and search for core properties
+- $relations = simplexml_load_string($package->getFromName("_rels/.rels"));
++ $relations = Zend_Xml_Security::scan($package->getFromName("_rels/.rels"));
+ foreach ($relations->Relationship as $rel) {
+ if ($rel["Type"] == Zend_Search_Lucene_Document_OpenXml::SCHEMA_COREPROPERTIES) {
+ // Found core properties! Read in contents...
+- $contents = simplexml_load_string(
++ $contents = Zend_Xml_Security::scan(
+ $package->getFromName(dirname($rel["Target"]) . "/" . basename($rel["Target"]))
+ );
+
+--- a/library/Zend/Search/Lucene/Document/Pptx.php
++++ b/library/Zend/Search/Lucene/Document/Pptx.php
+@@ -20,6 +20,8 @@
+ * @version $Id: Pptx.php 20096 2010-01-06 02:05:09Z bkarwin $
+ */
+
++/** Zend_Xml_Security */
++require_once 'Zend/Xml/Security.php';
+
+ /** Zend_Search_Lucene_Document_OpenXml */
+ require_once 'Zend/Search/Lucene/Document/OpenXml.php';
+@@ -93,24 +95,24 @@
+ require_once 'Zend/Search/Lucene/Exception.php';
+ throw new Zend_Search_Lucene_Exception('Invalid archive or corrupted .pptx file.');
+ }
+- $relations = simplexml_load_string($relationsXml);
++ $relations = Zend_Xml_Security::scan($relationsXml);
+ foreach ($relations->Relationship as $rel) {
+ if ($rel["Type"] == Zend_Search_Lucene_Document_OpenXml::SCHEMA_OFFICEDOCUMENT) {
+ // Found office document! Search for slides...
+- $slideRelations = simplexml_load_string($package->getFromName( $this->absoluteZipPath(dirname($rel["Target"]) . "/_rels/" . basename($rel["Target"]) . ".rels")) );
++ $slideRelations = Zend_Xml_Security::scan($package->getFromName( $this->absoluteZipPath(dirname($rel["Target"]) . "/_rels/" . basename($rel["Target"]) . ".rels")) );
+ foreach ($slideRelations->Relationship as $slideRel) {
+ if ($slideRel["Type"] == Zend_Search_Lucene_Document_Pptx::SCHEMA_SLIDERELATION) {
+ // Found slide!
+- $slides[ str_replace( 'rId', '', (string)$slideRel["Id"] ) ] = simplexml_load_string(
++ $slides[ str_replace( 'rId', '', (string)$slideRel["Id"] ) ] = Zend_Xml_Security::scan(
+ $package->getFromName( $this->absoluteZipPath(dirname($rel["Target"]) . "/" . dirname($slideRel["Target"]) . "/" . basename($slideRel["Target"])) )
+ );
+
+ // Search for slide notes
+- $slideNotesRelations = simplexml_load_string($package->getFromName( $this->absoluteZipPath(dirname($rel["Target"]) . "/" . dirname($slideRel["Target"]) . "/_rels/" . basename($slideRel["Target"]) . ".rels")) );
++ $slideNotesRelations = Zend_Xml_Security::scan($package->getFromName( $this->absoluteZipPath(dirname($rel["Target"]) . "/" . dirname($slideRel["Target"]) . "/_rels/" . basename($slideRel["Target"]) . ".rels")) );
+ foreach ($slideNotesRelations->Relationship as $slideNoteRel) {
+ if ($slideNoteRel["Type"] == Zend_Search_Lucene_Document_Pptx::SCHEMA_SLIDENOTESRELATION) {
+ // Found slide notes!
+- $slideNotes[ str_replace( 'rId', '', (string)$slideRel["Id"] ) ] = simplexml_load_string(
++ $slideNotes[ str_replace( 'rId', '', (string)$slideRel["Id"] ) ] = Zend_Xml_Security::scan(
+ $package->getFromName( $this->absoluteZipPath(dirname($rel["Target"]) . "/" . dirname($slideRel["Target"]) . "/" . dirname($slideNoteRel["Target"]) . "/" . basename($slideNoteRel["Target"])) )
+ );
+
+--- a/library/Zend/Search/Lucene/Document/Xlsx.php
++++ b/library/Zend/Search/Lucene/Document/Xlsx.php
+@@ -24,6 +24,9 @@
+ /** Zend_Search_Lucene_Document_OpenXml */
+ require_once 'Zend/Search/Lucene/Document/OpenXml.php';
+
++/** Zend_Xml_Security */
++require_once 'Zend/Xml/Security.php';
++
+ /**
+ * Xlsx document.
+ *
+@@ -100,17 +103,17 @@
+ require_once 'Zend/Search/Lucene/Exception.php';
+ throw new Zend_Search_Lucene_Exception('Invalid archive or corrupted .xlsx file.');
+ }
+- $relations = simplexml_load_string($relationsXml);
++ $relations = Zend_Xml_Security::scan($relationsXml);
+ foreach ($relations->Relationship as $rel) {
+ if ($rel["Type"] == Zend_Search_Lucene_Document_OpenXml::SCHEMA_OFFICEDOCUMENT) {
+ // Found office document! Read relations for workbook...
+- $workbookRelations = simplexml_load_string($package->getFromName( $this->absoluteZipPath(dirname($rel["Target"]) . "/_rels/" . basename($rel["Target"]) . ".rels")) );
++ $workbookRelations = Zend_Xml_Security::scan($package->getFromName( $this->absoluteZipPath(dirname($rel["Target"]) . "/_rels/" . basename($rel["Target"]) . ".rels")) );
+ $workbookRelations->registerXPathNamespace("rel", Zend_Search_Lucene_Document_OpenXml::SCHEMA_RELATIONSHIP);
+
+ // Read shared strings
+ $sharedStringsPath = $workbookRelations->xpath("rel:Relationship[@Type='" . Zend_Search_Lucene_Document_Xlsx::SCHEMA_SHAREDSTRINGS . "']");
+ $sharedStringsPath = (string)$sharedStringsPath[0]['Target'];
+- $xmlStrings = simplexml_load_string($package->getFromName( $this->absoluteZipPath(dirname($rel["Target"]) . "/" . $sharedStringsPath)) );
++ $xmlStrings = Zend_Xml_Security::scan($package->getFromName( $this->absoluteZipPath(dirname($rel["Target"]) . "/" . $sharedStringsPath)) );
+ if (isset($xmlStrings) && isset($xmlStrings->si)) {
+ foreach ($xmlStrings->si as $val) {
+ if (isset($val->t)) {
+@@ -124,7 +127,7 @@
+ // Loop relations for workbook and extract worksheets...
+ foreach ($workbookRelations->Relationship as $workbookRelation) {
+ if ($workbookRelation["Type"] == Zend_Search_Lucene_Document_Xlsx::SCHEMA_WORKSHEETRELATION) {
+- $worksheets[ str_replace( 'rId', '', (string)$workbookRelation["Id"]) ] = simplexml_load_string(
++ $worksheets[ str_replace( 'rId', '', (string)$workbookRelation["Id"]) ] = Zend_Xml_Security::scan(
+ $package->getFromName( $this->absoluteZipPath(dirname($rel["Target"]) . "/" . dirname($workbookRelation["Target"]) . "/" . basename($workbookRelation["Target"])) )
+ );
+ }
+--- a/library/Zend/Serializer/Adapter/Wddx.php
++++ b/library/Zend/Serializer/Adapter/Wddx.php
+@@ -23,6 +23,12 @@
+ /** @see Zend_Serializer_Adapter_AdapterAbstract */
+ require_once 'Zend/Serializer/Adapter/AdapterAbstract.php';
+
++/** @see Zend_Xml_Security */
++require_once 'Zend/Xml/Security.php';
++
++/** @see Zend_Xml_Exception */
++require_once 'Zend/Xml/Exception.php';
++
+ /**
+ * @link http://www.infoloom.com/gcaconfs/WEB/chicago98/simeonov.HTM
+ * @link http://en.wikipedia.org/wiki/WDDX
+--- a/library/Zend/Service/Amazon.php
++++ b/library/Zend/Service/Amazon.php
+@@ -26,6 +26,9 @@
+ */
+ require_once 'Zend/Rest/Client.php';
+
++/** @see Zend_Xml_Security */
++require_once 'Zend/Xml/Security.php';
++
+ /**
+ * @category Zend
+ * @package Zend_Service
+@@ -126,7 +129,7 @@
+ }
+
+ $dom = new DOMDocument();
+- $dom->loadXML($response->getBody());
++ $dom = Zend_Xml_Security::scan($response->getBody(), $dom);
+ self::_checkErrors($dom);
+
+ /**
+@@ -168,7 +171,7 @@
+ }
+
+ $dom = new DOMDocument();
+- $dom->loadXML($response->getBody());
++ $dom = Zend_Xml_Security::scan($response->getBody(), $dom);
+ self::_checkErrors($dom);
+ $xpath = new DOMXPath($dom);
+ $xpath->registerNamespace('az', 'http://webservices.amazon.com/AWSECommerceService/2005-10-05');
+--- a/library/Zend/Service/Amazon/Ec2/Response.php
++++ b/library/Zend/Service/Amazon/Ec2/Response.php
+@@ -25,6 +25,9 @@
+ */
+ require_once 'Zend/Http/Response.php';
+
++/** @see Zend_Xml_Security */
++require_once 'Zend/Xml/Security.php';
++
+ /**
+ * @category Zend
+ * @package Zend_Service_Amazon
+@@ -125,9 +128,7 @@
+ $errors = libxml_use_internal_errors();
+
+ $this->_document = new DOMDocument();
+- if (!$this->_document->loadXML($body)) {
+- $this->_document = false;
+- }
++ $this->_document = Zend_Xml_Security::scan($body, $this->_document);
+
+ // reset libxml error handling
+ libxml_clear_errors();
+--- a/library/Zend/Service/Audioscrobbler.php
++++ b/library/Zend/Service/Audioscrobbler.php
+@@ -27,6 +27,8 @@
+ */
+ require_once 'Zend/Http/Client.php';
+
++/** @see Zend_Xml_Security */
++require_once 'Zend/Xml/Security.php';
+
+ /**
+ * @category Zend
+@@ -182,7 +184,7 @@
+
+ set_error_handler(array($this, '_errorHandler'));
+
+- if (!$simpleXmlElementResponse = simplexml_load_string($responseBody)) {
++ if (!$simpleXmlElementResponse = Zend_Xml_Security::scan($responseBody)) {
+ restore_error_handler();
+ /**
+ * @see Zend_Service_Exception
+@@ -640,7 +642,7 @@
+ * @param array $errcontext
+ * @return void
+ */
+- protected function _errorHandler($errno, $errstr, $errfile, $errline, array $errcontext)
++ public function _errorHandler($errno, $errstr, $errfile, $errline, array $errcontext)
+ {
+ $this->_error = array(
+ 'errno' => $errno,
+--- a/library/Zend/Service/Delicious.php
++++ b/library/Zend/Service/Delicious.php
+@@ -47,6 +47,8 @@
+ */
+ require_once 'Zend/Service/Delicious/PostList.php';
+
++/** @see Zend_Xml_Security */
++require_once 'Zend/Xml/Security.php';
+
+ /**
+ * Zend_Service_Delicious is a concrete implementation of the del.icio.us web service
+@@ -506,8 +508,8 @@
+ switch ($type) {
+ case 'xml':
+ $dom = new DOMDocument() ;
+-
+- if (!@$dom->loadXML($responseBody)) {
++
++ if (!$dom = @Zend_Xml_Security::scan($responseBody, $dom)) {
+ /**
+ * @see Zend_Service_Delicious_Exception
+ */
+--- a/library/Zend/Service/Flickr.php
++++ b/library/Zend/Service/Flickr.php
+@@ -21,6 +21,8 @@
+ * @version $Id: Flickr.php 21948 2010-04-19 12:12:32Z alexander $
+ */
+
++/** @see Zend_Xml_Security */
++require_once 'Zend/Xml/Security.php';
+
+ /**
+ * @category Zend
+@@ -118,8 +120,7 @@
+ }
+
+ $dom = new DOMDocument();
+- $dom->loadXML($response->getBody());
+-
++ $dom = Zend_Xml_Security::scan($response->getBody(), $dom);
+ self::_checkErrors($dom);
+
+ /**
+@@ -182,8 +183,7 @@
+ }
+
+ $dom = new DOMDocument();
+- $dom->loadXML($response->getBody());
+-
++ $dom = Zend_Xml_Security::scan($response->getBody(), $dom);
+ self::_checkErrors($dom);
+
+ /**
+@@ -237,8 +237,7 @@
+ }
+
+ $dom = new DOMDocument();
+- $dom->loadXML($response->getBody());
+-
++ $dom = Zend_Xml_Security::scan($response->getBody(), $dom);
+ self::_checkErrors($dom);
+
+ /**
+@@ -287,7 +286,7 @@
+ }
+
+ $dom = new DOMDocument();
+- $dom->loadXML($response->getBody());
++ $dom = Zend_Xml_Security::scan($response->getBody(), $dom);
+ self::_checkErrors($dom);
+ $xpath = new DOMXPath($dom);
+ return (string) $xpath->query('//user')->item(0)->getAttribute('id');
+@@ -331,7 +330,7 @@
+ }
+
+ $dom = new DOMDocument();
+- $dom->loadXML($response->getBody());
++ $dom = Zend_Xml_Security::scan($response->getBody(), $dom);
+ self::_checkErrors($dom);
+ $xpath = new DOMXPath($dom);
+ return (string) $xpath->query('//user')->item(0)->getAttribute('id');
+@@ -364,7 +363,7 @@
+ $response = $restClient->restGet('/services/rest/', $options);
+
+ $dom = new DOMDocument();
+- $dom->loadXML($response->getBody());
++ $dom = Zend_Xml_Security::scan($response->getBody(), $dom);
+ $xpath = new DOMXPath($dom);
+ self::_checkErrors($dom);
+ $retval = array();
+--- a/library/Zend/Service/SlideShare.php
++++ b/library/Zend/Service/SlideShare.php
+@@ -35,6 +35,9 @@
+ */
+ require_once 'Zend/Service/SlideShare/SlideShow.php';
+
++/** Zend_Xml_Security */
++require_once 'Zend/Xml/Security.php';
++
+ /**
+ * The Zend_Service_SlideShare component is used to interface with the
+ * slideshare.net web server to retrieve slide shows hosted on the web site for
+@@ -357,7 +360,7 @@
+ throw new Zend_Service_SlideShare_Exception("Service Request Failed: {$e->getMessage()}", 0, $e);
+ }
+
+- $sxe = simplexml_load_string($response->getBody());
++ $sxe = Zend_Xml_Security::scan($response->getBody());
+
+ if($sxe->getName() == "SlideShareServiceError") {
+ $message = (string)$sxe->Message[0];
+@@ -409,7 +412,7 @@
+ throw new Zend_Service_SlideShare_Exception("Service Request Failed: {$e->getMessage()}", 0, $e);
+ }
+
+- $sxe = simplexml_load_string($response->getBody());
++ $sxe = Zend_Xml_Security::scan($response->getBody());
+
+ if($sxe->getName() == "SlideShareServiceError") {
+ $message = (string)$sxe->Message[0];
+@@ -547,7 +550,7 @@
+ throw new Zend_Service_SlideShare_Exception("Service Request Failed: {$e->getMessage()}", 0, $e);
+ }
+
+- $sxe = simplexml_load_string($response->getBody());
++ $sxe = Zend_Xml_Security::scan($response->getBody());
+
+ if($sxe->getName() == "SlideShareServiceError") {
+ $message = (string)$sxe->Message[0];
+--- a/library/Zend/Service/Technorati.php
++++ b/library/Zend/Service/Technorati.php
+@@ -21,6 +21,8 @@
+ * @version $Id: Technorati.php 20096 2010-01-06 02:05:09Z bkarwin $
+ */
+
++/** @see Zend_Xml_Security */
++require_once 'Zend/Xml/Security.php';
+
+ /**
+ * Zend_Service_Technorati provides an easy, intuitive and object-oriented interface
+@@ -961,7 +963,7 @@
+ protected function _convertResponseAndCheckContent(Zend_Http_Response $response)
+ {
+ $dom = new DOMDocument();
+- $dom->loadXML($response->getBody());
++ $dom = Zend_Xml_Security::scan($response->getBody(), $dom);
+ self::_checkErrors($dom);
+ return $dom;
+ }
+--- a/library/Zend/Service/WindowsAzure/Storage.php
++++ b/library/Zend/Service/WindowsAzure/Storage.php
+@@ -50,6 +50,9 @@
+ */
+ require_once 'Zend/Http/Response.php';
+
++/** @see Zend_Xml_Security */
++require_once 'Zend/Xml/Security.php';
++
+ /**
+ * @category Zend
+ * @package Zend_Service_WindowsAzure
+--- a/library/Zend/Service/Yahoo.php
++++ b/library/Zend/Service/Yahoo.php
+@@ -21,6 +21,8 @@
+ * @version $Id: Yahoo.php 20096 2010-01-06 02:05:09Z bkarwin $
+ */
+
++/** @see Zend_Xml_Security */
++require_once 'Zend/Xml/Security.php';
+
+ /**
+ * @category Zend
+@@ -99,8 +101,7 @@
+ }
+
+ $dom = new DOMDocument();
+- $dom->loadXML($response->getBody());
+-
++ $dom = Zend_Xml_Security::scan($response->getBody(), $dom);
+ self::_checkErrors($dom);
+
+ /**
+@@ -155,8 +156,7 @@
+ }
+
+ $dom = new DOMDocument();
+- $dom->loadXML($response->getBody());
+-
++ $dom = Zend_Xml_Security::scan($response->getBody(), $dom);
+ self::_checkErrors($dom);
+
+ /**
+@@ -219,8 +219,7 @@
+ }
+
+ $dom = new DOMDocument();
+- $dom->loadXML($response->getBody());
+-
++ $dom = Zend_Xml_Security::scan($response->getBody(), $dom);
+ self::_checkErrors($dom);
+
+ /**
+@@ -273,8 +272,7 @@
+ }
+
+ $dom = new DOMDocument();
+- $dom->loadXML($response->getBody());
+-
++ $dom = Zend_Xml_Security::scan($response->getBody(), $dom);
+ self::_checkErrors($dom);
+
+ /**
+@@ -320,8 +318,7 @@
+ }
+
+ $dom = new DOMDocument();
+- $dom->loadXML($response->getBody());
+-
++ $dom = Zend_Xml_Security::scan($response->getBody(), $dom);
+ self::_checkErrors($dom);
+
+ /**
+@@ -374,8 +371,7 @@
+ }
+
+ $dom = new DOMDocument();
+- $dom->loadXML($response->getBody());
+-
++ $dom = Zend_Xml_Security::scan($response->getBody(), $dom);
+ self::_checkErrors($dom);
+
+ /**
+@@ -431,8 +427,7 @@
+ }
+
+ $dom = new DOMDocument();
+- $dom->loadXML($response->getBody());
+-
++ $dom = Zend_Xml_Security::scan($response->getBody(), $dom);
+ self::_checkErrors($dom);
+
+ /**
+--- a/library/Zend/Soap/Server.php
++++ b/library/Zend/Soap/Server.php
+@@ -24,6 +24,12 @@
+ */
+ require_once 'Zend/Server/Interface.php';
+
++/** @see Zend_Xml_Security */
++require_once 'Zend/Xml/Security.php';
++
++/** @see Zend_Xml_Exception */
++require_once 'Zend/Xml/Exception.php';
++
+ /**
+ * Zend_Soap_Server
+ *
+--- a/library/Zend/Soap/Wsdl.php
++++ b/library/Zend/Soap/Wsdl.php
+@@ -29,6 +29,9 @@
+ */
+ require_once "Zend/Soap/Wsdl/Strategy/Abstract.php";
+
++/** @see Zend_Xml_Security */
++require_once "Zend/Xml/Security.php";
++
+ /**
+ * Zend_Soap_Wsdl
+ *
+--- a/library/Zend/Translate/Adapter/Qt.php
++++ b/library/Zend/Translate/Adapter/Qt.php
+@@ -26,6 +26,11 @@
+ /** Zend_Translate_Adapter */
+ require_once 'Zend/Translate/Adapter.php';
+
++/** @see Zend_Xml_Security */
++require_once 'Zend/Xml/Security.php';
++
++/** @See Zend_Xml_Exception */
++require_once 'Zend/Xml/Exception.php';
+
+ /**
+ * @category Zend
+@@ -72,6 +77,15 @@
+ xml_parser_set_option($this->_file, XML_OPTION_CASE_FOLDING, 0);
+ xml_set_element_handler($this->_file, "_startElement", "_endElement");
+ xml_set_character_data_handler($this->_file, "_contentElement");
++
++ try {
++ Zend_Xml_Security::scanFile($filename);
++ } catch (Zend_Xml_Exception $e) {
++ require_once 'Zend/Translate/Exception.php';
++ throw new Zend_Translate_Exception(
++ $e->getMessage()
++ );
++ }
+
+ if (!xml_parse($this->_file, file_get_contents($filename))) {
+ $ex = sprintf('XML error: %s at line %d',
+--- a/library/Zend/Translate/Adapter/Tbx.php
++++ b/library/Zend/Translate/Adapter/Tbx.php
+@@ -26,6 +26,11 @@
+ /** Zend_Translate_Adapter */
+ require_once 'Zend/Translate/Adapter.php';
+
++/** @see Zend_Xml_Security */
++require_once 'Zend/Xml/Security.php';
++
++/** @see Zend_Xml_Exception */
++require_once 'Zend/Xml/Exception.php';
+
+ /**
+ * @category Zend
+@@ -68,6 +73,15 @@
+ xml_set_element_handler($this->_file, "_startElement", "_endElement");
+ xml_set_character_data_handler($this->_file, "_contentElement");
+
++ try {
++ Zend_Xml_Security::scanFile($filename);
++ } catch (Zend_Xml_Exception $e) {
++ require_once 'Zend/Translate/Exception.php';
++ throw new Zend_Translate_Exception(
++ $e->getMessage()
++ );
++ }
++
+ if (!xml_parse($this->_file, file_get_contents($filename))) {
+ $ex = sprintf('XML error: %s at line %d',
+ xml_error_string(xml_get_error_code($this->_file)),
+--- a/library/Zend/Translate/Adapter/Tmx.php
++++ b/library/Zend/Translate/Adapter/Tmx.php
+@@ -26,6 +26,11 @@
+ /** Zend_Translate_Adapter */
+ require_once 'Zend/Translate/Adapter.php';
+
++/** @see Zend_Xml_Security */
++require_once 'Zend/Xml/Security.php';
++
++/** @See Zend_Xml_Exception */
++require_once 'Zend/Xml/Exception.php';
+
+ /**
+ * @category Zend
+@@ -73,6 +78,15 @@
+ xml_set_element_handler($this->_file, "_startElement", "_endElement");
+ xml_set_character_data_handler($this->_file, "_contentElement");
+
++ try {
++ Zend_Xml_Security::scanFile($filename);
++ } catch (Zend_Xml_Exception $e) {
++ require_once 'Zend/Translate/Exception.php';
++ throw new Zend_Translate_Exception(
++ $e->getMessage()
++ );
++ }
++
+ if (!xml_parse($this->_file, file_get_contents($filename))) {
+ $ex = sprintf('XML error: %s at line %d',
+ xml_error_string(xml_get_error_code($this->_file)),
+--- a/library/Zend/Translate/Adapter/Xliff.php
++++ b/library/Zend/Translate/Adapter/Xliff.php
+@@ -26,6 +26,11 @@
+ /** Zend_Translate_Adapter */
+ require_once 'Zend/Translate/Adapter.php';
+
++/** @see Zend_Xml_Security */
++require_once 'Zend/Xml/Security.php';
++
++/** @See Zend_Xml_Exception */
++require_once 'Zend/Xml/Exception.php';
+
+ /**
+ * @category Zend
+@@ -80,6 +85,15 @@
+ xml_set_element_handler($this->_file, "_startElement", "_endElement");
+ xml_set_character_data_handler($this->_file, "_contentElement");
+
++ try {
++ Zend_Xml_Security::scanFile($filename);
++ } catch (Zend_Xml_Exception $e) {
++ require_once 'Zend/Translate/Exception.php';
++ throw new Zend_Translate_Exception(
++ $e->getMessage()
++ );
++ }
++
+ if (!xml_parse($this->_file, file_get_contents($filename))) {
+ $ex = sprintf('XML error: %s at line %d',
+ xml_error_string(xml_get_error_code($this->_file)),
+--- a/library/Zend/Translate/Adapter/XmlTm.php
++++ b/library/Zend/Translate/Adapter/XmlTm.php
+@@ -26,6 +26,11 @@
+ /** Zend_Translate_Adapter */
+ require_once 'Zend/Translate/Adapter.php';
+
++/** @see Zend_Xml_Security */
++require_once 'Zend/Xml/Security.php';
++
++/** @See Zend_Xml_Exception */
++require_once 'Zend/Xml/Exception.php';
+
+ /**
+ * @category Zend
+@@ -68,6 +73,15 @@
+ xml_set_element_handler($this->_file, "_startElement", "_endElement");
+ xml_set_character_data_handler($this->_file, "_contentElement");
+
++ try {
++ Zend_Xml_Security::scanFile($filename);
++ } catch (Zend_Xml_Exception $e) {
++ require_once 'Zend/Translate/Exception.php';
++ throw new Zend_Translate_Exception(
++ $e->getMessage()
++ );
++ }
++
+ if (!xml_parse($this->_file, file_get_contents($filename))) {
+ $ex = sprintf('XML error: %s at line %d',
+ xml_error_string(xml_get_error_code($this->_file)),
+--- /dev/null
++++ b/library/Zend/Xml/Exception.php
+@@ -0,0 +1,36 @@
++<?php
++/**
++ * Zend Framework
++ *
++ * LICENSE
++ *
++ * This source file is subject to the new BSD license that is bundled
++ * with this package in the file LICENSE.txt.
++ * It is also available through the world-wide-web at this URL:
++ * http://framework.zend.com/license/new-bsd
++ * If you did not receive a copy of the license and are unable to
++ * obtain it through the world-wide-web, please send an email
++ * to license@zend.com so we can send you a copy immediately.
++ *
++ * @category Zend
++ * @package Zend_Xml
++ * @copyright Copyright (c) 2005-2014 Zend Technologies USA Inc. (http://www.zend.com)
++ * @license http://framework.zend.com/license/new-bsd New BSD License
++ * @version $Id$
++ */
++
++
++/**
++ * @see Zend_Exception
++ */
++require_once 'Zend/Exception.php';
++
++
++/**
++ * @category Zend
++ * @package Zend_Xml
++ * @copyright Copyright (c) 2005-2014 Zend Technologies USA Inc. (http://www.zend.com)
++ * @license http://framework.zend.com/license/new-bsd New BSD License
++ */
++class Zend_Xml_Exception extends Zend_Exception
++{}
+--- /dev/null
++++ b/library/Zend/Xml/Security.php
+@@ -0,0 +1,101 @@
++<?php
++/**
++ * Zend Framework
++ *
++ * LICENSE
++ *
++ * This source file is subject to the new BSD license that is bundled
++ * with this package in the file LICENSE.txt.
++ * It is also available through the world-wide-web at this URL:
++ * http://framework.zend.com/license/new-bsd
++ * If you did not receive a copy of the license and are unable to
++ * obtain it through the world-wide-web, please send an email
++ * to license@zend.com so we can send you a copy immediately.
++ *
++ * @category Zend
++ * @package Zend_Xml
++ * @copyright Copyright (c) 2005-2014 Zend Technologies USA Inc. (http://www.zend.com)
++ * @license http://framework.zend.com/license/new-bsd New BSD License
++ * @version $Id$
++ */
++
++
++/**
++ * @category Zend
++ * @package Zend_Xml_SecurityScan
++ * @copyright Copyright (c) 2005-2014 Zend Technologies USA Inc. (http://www.zend.com)
++ * @license http://framework.zend.com/license/new-bsd New BSD License
++ */
++class Zend_Xml_Security
++{
++ /**
++ * Scan XML string for potential XXE and XEE attacks
++ *
++ * @param string $xml
++ * @param DomDocument $dom
++ * @throws Zend_Xml_Exception
++ * @return SimpleXMLElement|DomDocument|boolean
++ */
++ public static function scan($xml, DOMDocument $dom = null)
++ {
++ if (null === $dom) {
++ $simpleXml = true;
++ $dom = new DOMDocument();
++ }
++
++ // Disable entity load
++ $loadEntities = libxml_disable_entity_loader(true);
++ $useInternalXmlErrors = libxml_use_internal_errors(true);
++
++ if (!$dom->loadXml($xml)) {
++ // Entity load to previous setting
++ libxml_disable_entity_loader($loadEntities);
++ libxml_use_internal_errors($useInternalXmlErrors);
++ return false;
++ }
++
++ // Scan for potential XEE attacks using Entity
++ foreach ($dom->childNodes as $child) {
++ if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) {
++ if ($child->entities->length > 0) {
++ require_once 'Exception.php';
++ throw new Zend_Xml_Exception(
++ 'Detected use of ENTITY_NODE in XML, disabled to prevent XEE attacks'
++ );
++ }
++ }
++ }
++
++ // Entity load to previous setting
++ libxml_disable_entity_loader($loadEntities);
++ libxml_use_internal_errors($useInternalXmlErrors);
++
++ if (isset($simpleXml)) {
++ $result = simplexml_import_dom($dom);
++ if (!$result instanceof SimpleXMLElement) {
++ return false;
++ }
++ return $result;
++ }
++ return $dom;
++ }
++
++ /**
++ * Scan XML file for potential XXE/XEE attacks
++ *
++ * @param string $file
++ * @param DOMDocument $dom
++ * @throws Zend_Xml_Exception
++ * @return SimpleXMLElement|DomDocument
++ */
++ public static function scanFile($file, DOMDocument $dom = null)
++ {
++ if (!file_exists($file)) {
++ require_once 'Exception.php';
++ throw new Zend_Xml_Exception(
++ "The file $file specified doesn't exist"
++ );
++ }
++ return self::scan(file_get_contents($file), $dom);
++ }
++}
+--- a/library/Zend/XmlRpc/Request.php
++++ b/library/Zend/XmlRpc/Request.php
+@@ -28,6 +28,12 @@
+ */
+ require_once 'Zend/XmlRpc/Fault.php';
+
++/** @see Zend_Xml_Security */
++require_once 'Zend/Xml/Security.php';
++
++/** @see Zend_Xml_Exception */
++require_once 'Zend/Xml/Exception.php';
++
+ /**
+ * XmlRpc Request object
+ *
+--- a/library/Zend/XmlRpc/Response.php
++++ b/library/Zend/XmlRpc/Response.php
+@@ -28,6 +28,12 @@
+ */
+ require_once 'Zend/XmlRpc/Fault.php';
+
++/** @see Zend_Xml_Security */
++require_once 'Zend/Xml/Security.php';
++
++/** @see Zend_Xml_Exception */
++require_once 'Zend/Xml/Exception.php';
++
+ /**
+ * XmlRpc Response
+ *
only in patch2:
unchanged:
--- zendframework-1.10.6.orig/debian/patches/0004-Added-heuristic-check-for-XXE-XEE-attacks-with-PHP-F.patch
+++ zendframework-1.10.6/debian/patches/0004-Added-heuristic-check-for-XXE-XEE-attacks-with-PHP-F.patch
@@ -0,0 +1,138 @@
+From: Enrico Zimuel <e.zimuel@gmail.com>
+Date: Thu, 6 Mar 2014 16:22:05 +0100
+Subject: Added heuristic check for XXE/XEE attacks with PHP-FPM
+
+Bug-Debian: https://bugs.debian.org/743175
+Origin: upstream, https://github.com/zendframework/zf1/commit/49ba9641e6f00aae44471a845df09c105f878311
+---
+ library/Zend/Xml/Security.php | 90 ++++++++++++++++++++++++++++++++++---------
+ 1 file changed, 71 insertions(+), 19 deletions(-)
+
+--- a/library/Zend/Xml/Security.php
++++ b/library/Zend/Xml/Security.php
+@@ -28,8 +28,24 @@
+ */
+ class Zend_Xml_Security
+ {
++ const ENTITY_DETECT = 'Detected use of ENTITY in XML, disabled to prevent XXE/XEE attacks';
++
+ /**
+- * Scan XML string for potential XXE and XEE attacks
++ * Heuristic scan to detect entity in XML
++ *
++ * @param string $xml
++ * @throws Zend_Xml_Exception
++ */
++ protected static function heuristicScan($xml)
++ {
++ if (strpos($xml, '<!ENTITY') !== false) {
++ require_once 'Exception.php';
++ throw new Zend_Xml_Exception(self::ENTITY_DETECT);
++ }
++ }
++
++ /**
++ * Scan XML string for potential XXE and XEE attacks
+ *
+ * @param string $xml
+ * @param DomDocument $dom
+@@ -38,40 +54,63 @@
+ */
+ public static function scan($xml, DOMDocument $dom = null)
+ {
++ // If running with PHP-FPM we perform an heuristic scan
++ // We cannot use libxml_disable_entity_loader because of this bug
++ // @see https://bugs.php.net/bug.php?id=64938
++ if (self::isPhpFpm()) {
++ self::heuristicScan($xml);
++ }
++
+ if (null === $dom) {
+ $simpleXml = true;
+ $dom = new DOMDocument();
+- }
++ }
++
++ if (!self::isPhpFpm()) {
++ $loadEntities = libxml_disable_entity_loader(true);
++ $useInternalXmlErrors = libxml_use_internal_errors(true);
++ }
+
+- // Disable entity load
+- $loadEntities = libxml_disable_entity_loader(true);
+- $useInternalXmlErrors = libxml_use_internal_errors(true);
++ // Load XML with network access disabled (LIBXML_NONET)
++ // error disabled with @ for PHP-FPM scenario
++ set_error_handler(function ($errno, $errstr) {
++ if (substr_count($errstr, 'DOMDocument::loadXML()') > 0) {
++ return true;
++ }
++ return false;
++ }, E_WARNING);
++ $result = $dom->loadXml($xml, LIBXML_NONET);
++ restore_error_handler();
+
+- if (!$dom->loadXml($xml)) {
++ if (!$result) {
+ // Entity load to previous setting
+- libxml_disable_entity_loader($loadEntities);
+- libxml_use_internal_errors($useInternalXmlErrors);
++ if (!self::isPhpFpm()) {
++ libxml_disable_entity_loader($loadEntities);
++ libxml_use_internal_errors($useInternalXmlErrors);
++ }
+ return false;
+ }
+
+- // Scan for potential XEE attacks using Entity
+- foreach ($dom->childNodes as $child) {
+- if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) {
+- if ($child->entities->length > 0) {
+- require_once 'Exception.php';
+- throw new Zend_Xml_Exception(
+- 'Detected use of ENTITY_NODE in XML, disabled to prevent XEE attacks'
+- );
++ // Scan for potential XEE attacks using ENTITY, if not PHP-FPM
++ if (!self::isPhpFpm()) {
++ foreach ($dom->childNodes as $child) {
++ if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) {
++ if ($child->entities->length > 0) {
++ require_once 'Exception.php';
++ throw new Zend_Xml_Exception(self::ENTITY_DETECT);
++ }
+ }
+ }
+ }
+
+ // Entity load to previous setting
+- libxml_disable_entity_loader($loadEntities);
+- libxml_use_internal_errors($useInternalXmlErrors);
++ if (!self::isPhpFpm()) {
++ libxml_disable_entity_loader($loadEntities);
++ libxml_use_internal_errors($useInternalXmlErrors);
++ }
+
+ if (isset($simpleXml)) {
+- $result = simplexml_import_dom($dom);
++ $result = simplexml_import_dom($dom);
+ if (!$result instanceof SimpleXMLElement) {
+ return false;
+ }
+@@ -98,4 +137,17 @@
+ }
+ return self::scan(file_get_contents($file), $dom);
+ }
++
++ /**
++ * Return true if PHP is running with PHP-FPM
++ *
++ * @return boolean
++ */
++ public static function isPhpFpm()
++ {
++ if (substr(php_sapi_name(), 0, 3) === 'fpm') {
++ return true;
++ }
++ return false;
++ }
+ }
only in patch2:
unchanged:
--- zendframework-1.10.6.orig/debian/patches/0005-Anonymous-function-rewritten-as-static-one-to-mainta.patch
+++ zendframework-1.10.6/debian/patches/0005-Anonymous-function-rewritten-as-static-one-to-mainta.patch
@@ -0,0 +1,54 @@
+From: Martin Hujer <mhujer@gmail.com>
+Date: Fri, 7 Mar 2014 08:10:17 +0100
+Subject: Anonymous function rewritten as static one to maintain compatibility
+ with PHP 5.2
+
+[#293] Make new method public:
+- Since it's being invoked as a static callback, the method needs to be
+ public. Renamed to remove the underscore prefix, and marked as public.
+
+Origin: upstream, https://github.com/zendframework/zf1/commit/ffa87ac6a3a6fbf9a277b64aab9bc7211e9d61d7
+Origin: upstream, https://github.com/zendframework/zf1/commit/c675b9d742264d6e93d55fc280db797111cbc5c9
+---
+ library/Zend/Xml/Security.php | 23 +++++++++++++++++------
+ 1 file changed, 17 insertions(+), 6 deletions(-)
+
+--- a/library/Zend/Xml/Security.php
++++ b/library/Zend/Xml/Security.php
+@@ -45,6 +45,21 @@
+ }
+
+ /**
++ * @param integer $errno
++ * @param string $errstr
++ * @param string $errfile
++ * @param integer $errline
++ * @return bool
++ */
++ public static function loadXmlErrorHandler($errno, $errstr, $errfile, $errline)
++ {
++ if (substr_count($errstr, 'DOMDocument::loadXML()') > 0) {
++ return true;
++ }
++ return false;
++ }
++
++ /**
+ * Scan XML string for potential XXE and XEE attacks
+ *
+ * @param string $xml
+@@ -73,12 +88,8 @@
+
+ // Load XML with network access disabled (LIBXML_NONET)
+ // error disabled with @ for PHP-FPM scenario
+- set_error_handler(function ($errno, $errstr) {
+- if (substr_count($errstr, 'DOMDocument::loadXML()') > 0) {
+- return true;
+- }
+- return false;
+- }, E_WARNING);
++ set_error_handler(array('Zend_Xml_Security', 'loadXmlErrorHandler'), E_WARNING);
++
+ $result = $dom->loadXml($xml, LIBXML_NONET);
+ restore_error_handler();
+
only in patch2:
unchanged:
--- zendframework-1.10.6.orig/debian/patches/0006-Security-fix-for-OpenID.patch
+++ zendframework-1.10.6/debian/patches/0006-Security-fix-for-OpenID.patch
@@ -0,0 +1,68 @@
+From: Enrico Zimuel <e.zimuel@gmail.com>
+Date: Mon, 17 Feb 2014 15:37:54 +0100
+Subject: Security fix for OpenID
+
+Bug-Debian: https://bugs.debian.org/743175
+Origin: upstream, https://github.com/zendframework/zf1/commit/f6606ffee8109954bac4c6e739caeeae32dc71c5
+Origin: upstream, https://github.com/zendframework/zf1/commit/76a792f8d378f1a9411db504d4eb016ddeef9cf0
+---
+ library/Zend/OpenId/Consumer.php | 25 ++++++++++++++++--
+ tests/Zend/OpenId/ConsumerTest.php | 52 +++++++++++++++++++++++++++++++++-----
+ 2 files changed, 68 insertions(+), 9 deletions(-)
+
+--- a/library/Zend/OpenId/Consumer.php
++++ b/library/Zend/OpenId/Consumer.php
+@@ -54,6 +54,11 @@
+ {
+
+ /**
++ * Parameters required for signature
++ */
++ protected $_signParams = array('op_endpoint', 'return_to', 'response_nonce', 'assoc_handle');
++
++ /**
+ * Reference to an implementation of storage object
+ *
+ * @var Zend_OpenId_Consumer_Storage $_storage
+@@ -259,7 +264,6 @@
+ return false;
+ }
+ }
+-
+ if ($version >= 2.0) {
+ if (empty($params['openid_response_nonce'])) {
+ $this->_setError("Missing openid.response_nonce");
+@@ -275,7 +279,6 @@
+ }
+ }
+
+-
+ if (!empty($params['openid_invalidate_handle'])) {
+ if ($this->_storage->getAssociationByHandle(
+ $params['openid_invalidate_handle'],
+@@ -293,7 +296,25 @@
+ $macFunc,
+ $secret,
+ $expires)) {
++ // Security fix - check the association bewteen op_endpoint and assoc_handle
++ if (isset($params['openid_op_endpoint']) && $url !== $params['openid_op_endpoint']) {
++ $this->_setError("The op_endpoint URI is not the same of URI associated with the assoc_handle");
++ return false;
++ }
+ $signed = explode(',', $params['openid_signed']);
++ // Check the parameters for the signature
++ // @see https://openid.net/specs/openid-authentication-2_0.html#positive_assertions
++ $toCheck = $this->_signParams;
++ if (isset($params['openid_claimed_id']) && isset($params['openid_identity'])) {
++ $toCheck = array_merge($toCheck, array('claimed_id', 'identity'));
++ }
++ foreach ($toCheck as $param) {
++ if (!in_array($param, $signed, true)) {
++ $this->_setError("The required parameter $param is missing in the signed");
++ return false;
++ }
++ }
++
+ $data = '';
+ foreach ($signed as $key) {
+ $data .= $key . ':' . $params['openid_' . strtr($key,'.','_')] . "\n";
only in patch2:
unchanged:
--- zendframework-1.10.6.orig/debian/patches/0007-Patch-for-potential-Sql-injection-in-ORDER.patch
+++ zendframework-1.10.6/debian/patches/0007-Patch-for-potential-Sql-injection-in-ORDER.patch
@@ -0,0 +1,25 @@
+From: Enrico Zimuel <e.zimuel@gmail.com>
+Date: Wed, 11 Jun 2014 18:46:21 +0200
+Subject: Patch for potential Sql injection in ORDER()
+
+Conflicts:
+ tests/Zend/Db/Select/TestCommon.php
+
+Bug-Debian: https://bugs.debian.org/754201
+Origin: upstream, https://github.com/zendframework/zf1/commit/da09186c60b9168520e994af4253fba9c19c2b3d
+---
+ library/Zend/Db/Select.php | 2 +-
+ tests/Zend/Db/Select/TestCommon.php | 10 ++++++++++
+ 2 files changed, 11 insertions(+), 1 deletion(-)
+
+--- a/library/Zend/Db/Select.php
++++ b/library/Zend/Db/Select.php
+@@ -601,7 +601,7 @@
+ $val = trim($matches[1]);
+ $direction = $matches[2];
+ }
+- if (preg_match('/\(.*\)/', $val)) {
++ if (preg_match('/^[\w]*\(.*\)$/', $val)) {
+ $val = new Zend_Db_Expr($val);
+ }
+ $this->_parts[self::ORDER][] = array($val, $direction);
only in patch2:
unchanged:
--- zendframework-1.10.6.orig/debian/patches/0008-ZF2014-05-Fix-for-null-byte-binding.patch
+++ zendframework-1.10.6/debian/patches/0008-ZF2014-05-Fix-for-null-byte-binding.patch
@@ -0,0 +1,25 @@
+From: Matthew Weier O'Phinney <matthew@zend.com>
+Date: Tue, 16 Sep 2014 12:14:16 -0500
+Subject: [ZF2014-05] Fix for null-byte binding
+
+- Disables ability to provide a null byte in a password when binding.
+
+Origin: upstream, https://github.com/zendframework/zf1/commit/516a6f84429165df47a29a2cd608b61b34cb978d
+---
+ library/Zend/Ldap.php | 4 ++++
+ tests/Zend/Ldap/BindTest.php | 10 ++++++++++
+ 2 files changed, 14 insertions(+)
+
+--- a/library/Zend/Ldap.php
++++ b/library/Zend/Ldap.php
+@@ -814,6 +814,10 @@
+ {
+ $moreCreds = true;
+
++ // Security check: remove null bytes in password
++ // @see https://net.educause.edu/ir/library/pdf/csd4875.pdf
++ $password = str_replace("\0", '', $password);
++
+ if ($username === null) {
+ $username = $this->_getUsername();
+ $password = $this->_getPassword();
only in patch2:
unchanged:
--- zendframework-1.10.6.orig/debian/patches/0009-372-Quote-null-byte-characters.patch
+++ zendframework-1.10.6/debian/patches/0009-372-Quote-null-byte-characters.patch
@@ -0,0 +1,23 @@
+From: Matthew Weier O'Phinney <matthew@zend.com>
+Date: Tue, 16 Sep 2014 14:38:29 -0500
+Subject: [#372] Quote null byte characters
+
+- Implements a patch that ensures that null byte characters are properly quoted
+ in the SQL Server adapter.
+
+Origin: upstream, https://github.com/zendframework/zf1/commit/c65e97957315ff2d85b0f197a824d845352c4e80
+---
+ library/Zend/Db/Adapter/Sqlsrv.php | 1 +
+ tests/Zend/Db/Adapter/SqlsrvTest.php | 11 +++++++++++
+ 2 files changed, 12 insertions(+)
+
+--- a/library/Zend/Db/Adapter/Sqlsrv.php
++++ b/library/Zend/Db/Adapter/Sqlsrv.php
+@@ -314,6 +314,7 @@
+ return sprintf('%F', $value);
+ }
+
++ $value = addcslashes($value, "\000\032");
+ return "'" . str_replace("'", "''", $value) . "'";
+ }
+
only in patch2:
unchanged:
--- zendframework-1.10.6.orig/debian/patches/0010-ZF2015-04-Fix-CRLF-injections-in-HTTP-and-Mail.patch
+++ zendframework-1.10.6/debian/patches/0010-ZF2015-04-Fix-CRLF-injections-in-HTTP-and-Mail.patch
@@ -0,0 +1,694 @@
+From: Matthew Weier O'Phinney <matthew@zend.com>
+Date: Wed, 13 May 2015 10:53:06 -0500
+Subject: [ZF2015-04] Fix CRLF injections in HTTP and Mail
+
+Origin: debian, http://anonscm.debian.org/cgit/pkg-php/zendframework.git/commit/?h=wheezy&id=7e48b57b799e517aab66d6f99656e0daf0e14ed9
+
+This patch mirrors that made in ZF2 to address ZF2015-04. It adds the following
+classes:
+
+- `Zend_Http_Header_HeaderValue`, which provides functionality for validating,
+ filtering, and asserting that header values follow RFC 2822.
+- `Zend_Mail_Header_HeaderName`, which provides functionality for validating,
+ filtering, and asserting that header names follow RFC 2822.
+- `Zend_Mail_Header_HeaderValue`, which provides functionality for validating,
+ filtering, and asserting that header values follow RFC 7230.
+
+The following specific changes were made to existing functionality:
+
+- `Zend_Mail_Part::__construct()` was modified in order to validate mail headers
+ provided to it.
+- `Zend_Http_Header_SetCookie`'s `setName()`, `setValue()`, `setDomain()`, and
+ `setPath()` methods were modified to validate incoming values.
+- `Zend_Http_Response::extractHeaders()` was modified to follow RFC 7230 and
+ only split on `\r\n` sequences when splitting header lines. Each value
+ extracted is tested for validity.
+- `Zend_Http_Response::extractBody()` was modified to follow RFC 7230 and
+ only split on `\r\n` sequences when splitting the message from the headers.
+- `Zend_Http_Client::setHeaders()` was modified to validate incoming header
+ values.
+
+Origin: upstream, https://github.com/zendframework/zf1/commit/b0490b41a3d1c9600f92bc14520b9596294b3eeb
+
+Conflicts:
+ library/Zend/Http/Header/SetCookie.php
+ tests/Zend/Http/Header/AllTests.php
+ tests/Zend/Http/Header/SetCookieTest.php
+---
+ library/Zend/Http/Client.php | 81 +++++++++++------
+ library/Zend/Http/Header/HeaderValue.php | 127 +++++++++++++++++++++++++++
+ library/Zend/Http/Response.php | 72 +++++++++++----
+ library/Zend/Mail/Header/HeaderName.php | 92 +++++++++++++++++++
+ library/Zend/Mail/Header/HeaderValue.php | 136 +++++++++++++++++++++++++++++
+ library/Zend/Mail/Message.php | 1 +
+ library/Zend/Mail/Part.php | 40 ++++++++-
+ tests/Zend/Http/Client/AllTests.php | 2 +
+ tests/Zend/Http/Client/ClientTest.php | 71 +++++++++++++++
+ tests/Zend/Http/Client/CommonHttpTests.php | 1 -
+ tests/Zend/Http/Header/HeaderValueTest.php | 116 ++++++++++++++++++++++++
+ tests/Zend/Http/ResponseTest.php | 66 ++++++++++----
+ tests/Zend/Mail/AllTests.php | 2 +
+ tests/Zend/Mail/Header/AllTests.php | 58 ++++++++++++
+ tests/Zend/Mail/Header/HeaderNameTest.php | 96 ++++++++++++++++++++
+ tests/Zend/Mail/Header/HeaderValueTest.php | 110 +++++++++++++++++++++++
+ tests/Zend/Mail/MessageTest.php | 33 ++++++-
+ 17 files changed, 1037 insertions(+), 67 deletions(-)
+ create mode 100644 library/Zend/Http/Header/HeaderValue.php
+ create mode 100644 library/Zend/Mail/Header/HeaderName.php
+ create mode 100644 library/Zend/Mail/Header/HeaderValue.php
+ create mode 100644 tests/Zend/Http/Client/ClientTest.php
+ create mode 100644 tests/Zend/Http/Header/HeaderValueTest.php
+ create mode 100644 tests/Zend/Mail/Header/AllTests.php
+ create mode 100644 tests/Zend/Mail/Header/HeaderNameTest.php
+ create mode 100644 tests/Zend/Mail/Header/HeaderValueTest.php
+
+--- a/library/Zend/Http/Client.php
++++ b/library/Zend/Http/Client.php
+@@ -40,6 +40,12 @@
+
+
+ /**
++ * @see Zend_Http_Header_HeaderValue
++ */
++require_once 'Zend/Http/Header/HeaderValue.php';
++
++
++/**
+ * @see Zend_Http_Response
+ */
+ require_once 'Zend/Http/Response.php';
+@@ -389,38 +395,40 @@
+ foreach ($name as $k => $v) {
+ if (is_string($k)) {
+ $this->setHeaders($k, $v);
+- } else {
+- $this->setHeaders($v, null);
++ continue;
+ }
++ $this->setHeaders($v, null);
+ }
+- } else {
+- // Check if $name needs to be split
+- if ($value === null && (strpos($name, ':') > 0)) {
+- list($name, $value) = explode(':', $name, 2);
+- }
++ return $this;
++ }
+
+- // Make sure the name is valid if we are in strict mode
+- if ($this->config['strict'] && (! preg_match('/^[a-zA-Z0-9-]+$/', $name))) {
+- /** @see Zend_Http_Client_Exception */
+- require_once 'Zend/Http/Client/Exception.php';
+- throw new Zend_Http_Client_Exception("{$name} is not a valid HTTP header name");
+- }
++ // Check if $name needs to be split
++ if ($value === null && (strpos($name, ':') > 0)) {
++ list($name, $value) = explode(':', $name, 2);
++ }
+
+- $normalized_name = strtolower($name);
++ // Make sure the name is valid if we are in strict mode
++ if ($this->config['strict'] && (! preg_match('/^[a-zA-Z0-9-]+$/', $name))) {
++ require_once 'Zend/Http/Client/Exception.php';
++ throw new Zend_Http_Client_Exception("{$name} is not a valid HTTP header name");
++ }
+
+- // If $value is null or false, unset the header
+- if ($value === null || $value === false) {
+- unset($this->headers[$normalized_name]);
++ $normalized_name = strtolower($name);
+
+- // Else, set the header
+- } else {
+- // Header names are stored lowercase internally.
+- if (is_string($value)) {
+- $value = trim($value);
+- }
+- $this->headers[$normalized_name] = array($name, $value);
+- }
++ // If $value is null or false, unset the header
++ if ($value === null || $value === false) {
++ unset($this->headers[$normalized_name]);
++ return $this;
++ }
++
++ // Validate value
++ $this->_validateHeaderValue($value);
++
++ // Header names are stored lowercase internally.
++ if (is_string($value)) {
++ $value = trim($value);
+ }
++ $this->headers[$normalized_name] = array($name, $value);
+
+ return $this;
+ }
+@@ -1457,4 +1465,27 @@
+ return $parameters;
+ }
+
++ /**
++ * Ensure a header value is valid per RFC 7230.
++ *
++ * @see http://tools.ietf.org/html/rfc7230#section-3.2
++ * @param string|object|array $value
++ * @param bool $recurse
++ */
++ protected function _validateHeaderValue($value, $recurse = true)
++ {
++ if (is_array($value) && $recurse) {
++ foreach ($value as $v) {
++ $this->_validateHeaderValue($v, false);
++ }
++ return;
++ }
++
++ if (! is_string($value) && (! is_object($value) || ! method_exists($value, '__toString'))) {
++ require_once 'Zend/Http/Exception.php';
++ throw new Zend_Http_Exception('Invalid header value detected');
++ }
++
++ Zend_Http_Header_HeaderValue::assertValid($value);
++ }
+ }
+--- /dev/null
++++ b/library/Zend/Http/Header/HeaderValue.php
+@@ -0,0 +1,127 @@
++<?php
++/**
++ * Zend Framework
++ *
++ * LICENSE
++ *
++ * This source file is subject to the new BSD license that is bundled
++ * with this package in the file LICENSE.txt.
++ * It is also available through the world-wide-web at this URL:
++ * http://framework.zend.com/license/new-bsd
++ * If you did not receive a copy of the license and are unable to
++ * obtain it through the world-wide-web, please send an email
++ * to license@zend.com so we can send you a copy immediately.
++ *
++ * @category Zend
++ * @package Zend_Http
++ * @subpackage Header
++ * @version $Id$
++ * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
++ * @license http://framework.zend.com/license/new-bsd New BSD License
++ */
++
++
++/**
++ * @category Zend
++ * @package Zend_Http
++ * @subpackage Header
++ * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
++ * @license http://framework.zend.com/license/new-bsd New BSD License
++ */
++final class Zend_Http_Header_HeaderValue
++{
++ /**
++ * Private constructor; non-instantiable.
++ */
++ private function __construct()
++ {
++ }
++
++ /**
++ * Filter a header value
++ *
++ * Ensures CRLF header injection vectors are filtered.
++ *
++ * Per RFC 7230, only VISIBLE ASCII characters, spaces, and horizontal
++ * tabs are allowed in values; only one whitespace character is allowed
++ * between visible characters.
++ *
++ * @see http://en.wikipedia.org/wiki/HTTP_response_splitting
++ * @param string $value
++ * @return string
++ */
++ public static function filter($value)
++ {
++ $value = (string) $value;
++ $length = strlen($value);
++ $string = '';
++ for ($i = 0; $i < $length; $i += 1) {
++ $ascii = ord($value[$i]);
++
++ // Non-visible, non-whitespace characters
++ // 9 === horizontal tab
++ // 32-126, 128-254 === visible
++ // 127 === DEL
++ // 255 === null byte
++ if (($ascii < 32 && $ascii !== 9)
++ || $ascii === 127
++ || $ascii > 254
++ ) {
++ continue;
++ }
++
++ $string .= $value[$i];
++ }
++
++ return $string;
++ }
++
++ /**
++ * Validate a header value.
++ *
++ * Per RFC 7230, only VISIBLE ASCII characters, spaces, and horizontal
++ * tabs are allowed in values; only one whitespace character is allowed
++ * between visible characters.
++ *
++ * @see http://en.wikipedia.org/wiki/HTTP_response_splitting
++ * @param string $value
++ * @return bool
++ */
++ public static function isValid($value)
++ {
++ $value = (string) $value;
++ $length = strlen($value);
++ for ($i = 0; $i < $length; $i += 1) {
++ $ascii = ord($value[$i]);
++
++ // Non-visible, non-whitespace characters
++ // 9 === horizontal tab
++ // 32-126, 128-254 === visible
++ // 127 === DEL
++ // 255 === null byte
++ if (($ascii < 32 && $ascii !== 9)
++ || $ascii === 127
++ || $ascii > 254
++ ) {
++ return false;
++ }
++ }
++
++ return true;
++ }
++
++ /**
++ * Assert a header value is valid.
++ *
++ * @param string $value
++ * @throws Exception\RuntimeException for invalid values
++ * @return void
++ */
++ public static function assertValid($value)
++ {
++ if (! self::isValid($value)) {
++ require_once 'Zend/Http/Header/Exception/InvalidArgumentException.php';
++ throw new Zend_Http_Header_Exception_InvalidArgumentException('Invalid header value');
++ }
++ }
++}
+--- a/library/Zend/Http/Response.php
++++ b/library/Zend/Http/Response.php
+@@ -22,6 +22,11 @@
+ */
+
+ /**
++ * @see Zend_Http_Header_HeaderValue
++ */
++require_once 'Zend/Http/Header/HeaderValue.php';
++
++/**
+ * Zend_Http_Response represents an HTTP 1.0 / 1.1 response message. It
+ * includes easy access to all the response's different elemts, as well as some
+ * convenience methods for parsing and validating HTTP responses.
+@@ -392,7 +397,7 @@
+ * @param string $br Line breaks (eg. "\n", "\r\n", "<br />")
+ * @return string
+ */
+- public function asString($br = "\n")
++ public function asString($br = "\r\n")
+ {
+ return $this->getHeadersAsString(true, $br) . $br . $this->getRawBody();
+ }
+@@ -518,19 +523,39 @@
+ }
+
+ $headers[$h_name][] = $h_value;
+- } else {
+- $headers[$h_name] = $h_value;
++ $last_header = $h_name;
++ continue;
+ }
++
++ $headers[$h_name] = $h_value;
+ $last_header = $h_name;
+- } elseif (preg_match("|^\s+(.+)$|", $line, $m) && $last_header !== null) {
++ continue;
++ }
++
++ // Identify header continuations
++ if (preg_match("|^[ \t](.+)$|s", $line, $m) && $last_header !== null) {
++ $h_value = trim($m[1]);
+ if (is_array($headers[$last_header])) {
+ end($headers[$last_header]);
+ $last_header_key = key($headers[$last_header]);
+- $headers[$last_header][$last_header_key] .= $m[1];
+- } else {
+- $headers[$last_header] .= $m[1];
++
++ $h_value = $headers[$last_header][$last_header_key] . $h_value;
++ Zend_Http_Header_HeaderValue::assertValid($h_value);
++
++ $headers[$last_header][$last_header_key] = $h_value;
++ continue;
+ }
++
++ $h_value = $headers[$last_header] . $h_value;
++ Zend_Http_Header_HeaderValue::assertValid($h_value);
++
++ $headers[$last_header] = $h_value;
++ continue;
+ }
++
++ // Anything else is an error condition
++ require_once 'Zend/Http/Exception.php';
++ throw new Zend_Http_Exception('Invalid header line detected');
+ }
+
+ return $headers;
+@@ -544,7 +569,7 @@
+ */
+ public static function extractBody($response_str)
+ {
+- $parts = preg_split('|(?:\r?\n){2}|m', $response_str, 2);
++ $parts = preg_split('|(?:\r\n){2}|m', $response_str, 2);
+ if (isset($parts[1])) {
+ return $parts[1];
+ }
+--- /dev/null
++++ b/library/Zend/Mail/Header/HeaderName.php
+@@ -0,0 +1,92 @@
++<?php
++/**
++ * Zend Framework
++ *
++ * LICENSE
++ *
++ * This source file is subject to the new BSD license that is bundled
++ * with this package in the file LICENSE.txt.
++ * It is also available through the world-wide-web at this URL:
++ * http://framework.zend.com/license/new-bsd
++ * If you did not receive a copy of the license and are unable to
++ * obtain it through the world-wide-web, please send an email
++ * to license@zend.com so we can send you a copy immediately.
++ *
++ * @category Zend
++ * @package Zend_Mail
++ * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
++ * @license http://framework.zend.com/license/new-bsd New BSD License
++ * @version $Id$
++ */
++
++
++/**
++ * @category Zend
++ * @package Zend_Mail
++ * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
++ * @license http://framework.zend.com/license/new-bsd New BSD License
++ */
++final class Zend_Mail_Header_HeaderName
++{
++ /**
++ * No public constructor.
++ */
++ private function __construct()
++ {
++ }
++
++ /**
++ * Filter the header name according to RFC 2822
++ *
++ * @see http://www.rfc-base.org/txt/rfc-2822.txt (section 2.2)
++ * @param string $name
++ * @return string
++ */
++ public static function filter($name)
++ {
++ $result = '';
++ $tot = strlen($name);
++ for ($i = 0; $i < $tot; $i += 1) {
++ $ord = ord($name[$i]);
++ if ($ord > 32 && $ord < 127 && $ord !== 58) {
++ $result .= $name[$i];
++ }
++ }
++ return $result;
++ }
++
++ /**
++ * Determine if the header name contains any invalid characters.
++ *
++ * @param string $name
++ * @return bool
++ */
++ public static function isValid($name)
++ {
++ $tot = strlen($name);
++ for ($i = 0; $i < $tot; $i += 1) {
++ $ord = ord($name[$i]);
++ if ($ord < 33 || $ord > 126 || $ord === 58) {
++ return false;
++ }
++ }
++ return true;
++ }
++
++ /**
++ * Assert that the header name is valid.
++ *
++ * Raises an exception if invalid.
++ *
++ * @param string $name
++ * @throws Exception\RuntimeException
++ * @return void
++ */
++ public static function assertValid($name)
++ {
++ if (! self::isValid($name)) {
++ require_once 'Zend/Mail/Exception.php';
++ throw new Zend_Mail_Exception('Invalid header name detected');
++ }
++ }
++}
+--- /dev/null
++++ b/library/Zend/Mail/Header/HeaderValue.php
+@@ -0,0 +1,136 @@
++<?php
++/**
++ * Zend Framework
++ *
++ * LICENSE
++ *
++ * This source file is subject to the new BSD license that is bundled
++ * with this package in the file LICENSE.txt.
++ * It is also available through the world-wide-web at this URL:
++ * http://framework.zend.com/license/new-bsd
++ * If you did not receive a copy of the license and are unable to
++ * obtain it through the world-wide-web, please send an email
++ * to license@zend.com so we can send you a copy immediately.
++ *
++ * @category Zend
++ * @package Zend_Mail
++ * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
++ * @license http://framework.zend.com/license/new-bsd New BSD License
++ * @version $Id$
++ */
++
++
++/**
++ * @category Zend
++ * @package Zend_Mail
++ * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
++ * @license http://framework.zend.com/license/new-bsd New BSD License
++ */
++final class Zend_Mail_Header_HeaderValue
++{
++ /**
++ * No public constructor.
++ */
++ private function __construct()
++ {
++ }
++
++ /**
++ * Filter the header value according to RFC 2822
++ *
++ * @see http://www.rfc-base.org/txt/rfc-2822.txt (section 2.2)
++ * @param string $value
++ * @return string
++ */
++ public static function filter($value)
++ {
++ $result = '';
++ $tot = strlen($value);
++
++ // Filter for CR and LF characters, leaving CRLF + WSP sequences for
++ // Long Header Fields (section 2.2.3 of RFC 2822)
++ for ($i = 0; $i < $tot; $i += 1) {
++ $ord = ord($value[$i]);
++ if (($ord < 32 || $ord > 126)
++ && $ord !== 13
++ ) {
++ continue;
++ }
++
++ if ($ord === 13) {
++ if ($i + 2 >= $tot) {
++ continue;
++ }
++
++ $lf = ord($value[$i + 1]);
++ $sp = ord($value[$i + 2]);
++
++ if ($lf !== 10 || $sp !== 32) {
++ continue;
++ }
++
++ $result .= "\r\n ";
++ $i += 2;
++ continue;
++ }
++
++ $result .= $value[$i];
++ }
++
++ return $result;
++ }
++
++ /**
++ * Determine if the header value contains any invalid characters.
++ *
++ * @see http://www.rfc-base.org/txt/rfc-2822.txt (section 2.2)
++ * @param string $value
++ * @return bool
++ */
++ public static function isValid($value)
++ {
++ $tot = strlen($value);
++ for ($i = 0; $i < $tot; $i += 1) {
++ $ord = ord($value[$i]);
++ if (($ord < 32 || $ord > 126)
++ && $ord !== 13
++ ) {
++ return false;
++ }
++
++ if ($ord === 13) {
++ if ($i + 2 >= $tot) {
++ return false;
++ }
++
++ $lf = ord($value[$i + 1]);
++ $sp = ord($value[$i + 2]);
++
++ if ($lf !== 10 || $sp !== 32) {
++ return false;
++ }
++
++ $i += 2;
++ }
++ }
++
++ return true;
++ }
++
++ /**
++ * Assert that the header value is valid.
++ *
++ * Raises an exception if invalid.
++ *
++ * @param string $value
++ * @throws Exception\RuntimeException
++ * @return void
++ */
++ public static function assertValid($value)
++ {
++ if (! self::isValid($value)) {
++ require_once 'Zend/Mail/Exception.php';
++ throw new Zend_Mail_Exception('Invalid header value detected');
++ }
++ }
++}
+--- a/library/Zend/Mail/Message.php
++++ b/library/Zend/Mail/Message.php
+@@ -69,6 +69,7 @@
+ } else {
+ $params['raw'] = stream_get_contents($params['file']);
+ }
++ $params['raw'] = preg_replace("/(?<!\r)\n/", "\r\n", $params['raw']);
+ }
+
+ if (!empty($params['flags'])) {
+--- a/library/Zend/Mail/Part.php
++++ b/library/Zend/Mail/Part.php
+@@ -26,6 +26,16 @@
+ require_once 'Zend/Mime/Decode.php';
+
+ /**
++ * @see Zend_Mail_Header_HeaderName
++ */
++require_once 'Zend/Mail/Header/HeaderName.php';
++
++/**
++ * @see Zend_Mail_Header_HeaderValue
++ */
++require_once 'Zend/Mail/Header/HeaderValue.php';
++
++/**
+ * @see Zend_Mail_Part_Interface
+ */
+ require_once 'Zend/Mail/Part/Interface.php';
+@@ -124,17 +134,19 @@
+ }
+
+ if (isset($params['raw'])) {
+- Zend_Mime_Decode::splitMessage($params['raw'], $this->_headers, $this->_content);
++ Zend_Mime_Decode::splitMessage($params['raw'], $this->_headers, $this->_content, "\r\n");
+ } else if (isset($params['headers'])) {
+ if (is_array($params['headers'])) {
+ $this->_headers = $params['headers'];
++ $this->_validateHeaders($this->_headers);
+ } else {
+ if (!empty($params['noToplines'])) {
+- Zend_Mime_Decode::splitMessage($params['headers'], $this->_headers, $null);
++ Zend_Mime_Decode::splitMessage($params['headers'], $this->_headers, $null, "\r\n");
+ } else {
+- Zend_Mime_Decode::splitMessage($params['headers'], $this->_headers, $this->_topLines);
++ Zend_Mime_Decode::splitMessage($params['headers'], $this->_headers, $this->_topLines, "\r\n");
+ }
+ }
++
+ if (isset($params['content'])) {
+ $this->_content = $params['content'];
+ }
+@@ -517,4 +529,26 @@
+ $this->countParts();
+ $this->_iterationPos = 1;
+ }
++
++ /**
++ * Ensure headers do not contain invalid characters
++ *
++ * @param array $headers
++ * @param bool $assertNames
++ */
++ protected function _validateHeaders(array $headers, $assertNames = true)
++ {
++ foreach ($headers as $name => $value) {
++ if ($assertNames) {
++ Zend_Mail_Header_HeaderName::assertValid($name);
++ }
++
++ if (is_array($value)) {
++ $this->_validateHeaders($value, false);
++ continue;
++ }
++
++ Zend_Mail_Header_HeaderValue::assertValid($value);
++ }
++ }
+ }
only in patch2:
unchanged:
--- zendframework-1.10.6.orig/debian/patches/0011-Cast-int-and-float-to-string-when-creating-headers.patch
+++ zendframework-1.10.6/debian/patches/0011-Cast-int-and-float-to-string-when-creating-headers.patch
@@ -0,0 +1,29 @@
+From: Matthew Weier O'Phinney <matthew@zend.com>
+Date: Tue, 19 May 2015 16:24:00 -0500
+Subject: Cast int and float to string when creating headers
+
+With the ZF2015-04 patch, we were no longer allowing non-string, non-stringable
+objects as header values. This broke a number of other classes, however, which
+required integer and/or float values (e.g., to set a Content-Length header).
+This patch casts those types to strings before attempting to set them as header
+values.
+
+Origin: upstream, https://github.com/zendframework/zf1/commit/7d8e6c6cf59ea0b5004960b8402a39f89a9e512a
+---
+ library/Zend/Http/Client.php | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/library/Zend/Http/Client.php
++++ b/library/Zend/Http/Client.php
+@@ -1481,6 +1481,11 @@
+ return;
+ }
+
++ // Cast integers and floats to strings for purposes of header representation.
++ if (is_int($value) || is_float($value)) {
++ $value = (string) $value;
++ }
++
+ if (! is_string($value) && (! is_object($value) || ! method_exists($value, '__toString'))) {
+ require_once 'Zend/Http/Exception.php';
+ throw new Zend_Http_Exception('Invalid header value detected');
only in patch2:
unchanged:
--- zendframework-1.10.6.orig/debian/patches/0020-CVE-2012-6531-6532.patch
+++ zendframework-1.10.6/debian/patches/0020-CVE-2012-6531-6532.patch
@@ -0,0 +1,273 @@
+Description:
+ Several components were found to contain additional XML eXternal Entity
+ (XXE) injection vulnerabilities (in addition to the XML-RPC component
+ patched in 1.11.12). Additionally, we identified several potential XML
+ Entity Expansion (XEE) vectors. XEE attacks occur when the XML doctype
+ declaration contains XML entity definitions; these attacks usually result
+ in recursion, which consumes CPU and memory resources, making Denial of
+ Service (DoS) attacks easier to implement.
+
+ The patches in 1.11.13 close both XXE and XEE vulnerabilities found in
+ the framework. The former are mitigated by ensuring
+ libxml_disable_entity_loader is called before any SimpleXML calls are
+ executed; the latter are mitigated by looping through the DOMDocument
+ instance and checking for XML_DOCUMENT_TYPE_NODE children, raising an
+ exception if any are found (in cases where SimpleXML is used, loading
+ the XML via DOMDocument first, and then passing the object to
+ simplexml_import_dom).
+
+ The following components were patched:
+
+ - Zend_Dom
+ - Zend_Feed
+ - Zend_Soap
+ - Zend_XmlRpc
+
+ Thanks goes to Pádraic Brady for identifying and patching these vectors.
+Origin: upstream, svn diff --git --patch-compatible -r 25031:25037 http://framework.zend.com/svn/framework/standard/tags/release-1.11.13/
+
+--- a/library/Zend/Dom/Query.php
++++ b/library/Zend/Dom/Query.php
+@@ -203,6 +203,14 @@
+ switch ($type) {
+ case self::DOC_XML:
+ $success = $domDoc->loadXML($document);
++ foreach ($domDoc->childNodes as $child) {
++ if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) {
++ require_once 'Zend/Dom/Exception.php';
++ throw new Zend_Dom_Exception(
++ 'Invalid XML: Detected use of illegal DOCTYPE'
++ );
++ }
++ }
+ break;
+ case self::DOC_HTML:
+ case self::DOC_XHTML:
+@@ -215,6 +223,7 @@
+ $this->_documentErrors = $errors;
+ libxml_clear_errors();
+ }
++ libxml_disable_entity_loader(false);
+ libxml_use_internal_errors(false);
+
+ if (!$success) {
+--- a/library/Zend/Soap/Wsdl.php
++++ b/library/Zend/Soap/Wsdl.php
+@@ -99,13 +99,23 @@
+ xmlns:xsd='http://www.w3.org/2001/XMLSchema'
+ xmlns:soap-enc='http://schemas.xmlsoap.org/soap/encoding/'
+ xmlns:wsdl='http://schemas.xmlsoap.org/wsdl/'></definitions>";
++ libxml_disable_entity_loader(true);
+ $this->_dom = new DOMDocument();
+ if (!$this->_dom->loadXML($wsdl)) {
+ require_once 'Zend/Server/Exception.php';
+ throw new Zend_Server_Exception('Unable to create DomDocument');
+ } else {
++ foreach ($this->_dom->childNodes as $child) {
++ if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) {
++ require_once 'Zend/Server/Exception.php';
++ throw new Zend_Server_Exception(
++ 'Invalid XML: Detected use of illegal DOCTYPE'
++ );
++ }
++ }
+ $this->_wsdl = $this->_dom->documentElement;
+ }
++ libxml_disable_entity_loader(false);
+
+ $this->setComplexTypeStrategy($strategy);
+ }
+@@ -128,8 +138,10 @@
+ // @todo: This is the worst hack ever, but its needed due to design and non BC issues of WSDL generation
+ $xml = $this->_dom->saveXML();
+ $xml = str_replace($oldUri, $uri, $xml);
++ libxml_disable_entity_loader(true);
+ $this->_dom = new DOMDocument();
+ $this->_dom->loadXML($xml);
++ libxml_disable_entity_loader(false);
+ }
+
+ return $this;
+--- a/library/Zend/Soap/Server.php
++++ b/library/Zend/Soap/Server.php
+@@ -694,11 +694,21 @@
+ $xml = $request;
+ }
+
++ libxml_disable_entity_loader(true);
+ $dom = new DOMDocument();
+ if(strlen($xml) == 0 || !$dom->loadXML($xml)) {
+ require_once 'Zend/Soap/Server/Exception.php';
+ throw new Zend_Soap_Server_Exception('Invalid XML');
+ }
++ foreach ($dom->childNodes as $child) {
++ if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) {
++ require_once 'Zend/Soap/Server/Exception.php';
++ throw new Zend_Soap_Server_Exception(
++ 'Invalid XML: Detected use of illegal DOCTYPE'
++ );
++ }
++ }
++ libxml_disable_entity_loader(false);
+ }
+ $this->_request = $xml;
+ return $this;
+@@ -827,10 +837,11 @@
+
+ $soap = $this->_getSoap();
+
++ $fault = false;
+ ob_start();
+- if($setRequestException instanceof Exception) {
+- // Send SOAP fault message if we've catched exception
+- $soap->fault("Sender", $setRequestException->getMessage());
++ if ($setRequestException instanceof Exception) {
++ // Create SOAP fault message if we've caught a request exception
++ $fault = $this->fault($setRequestException->getMessage(), 'Sender');
+ } else {
+ try {
+ $soap->handle($request);
+@@ -845,6 +856,11 @@
+ restore_error_handler();
+ ini_set('display_errors', $displayErrorsOriginalState);
+
++ // Send a fault, if we have one
++ if ($fault) {
++ $this->_response = $fault;
++ }
++
+ if (!$this->_returnResponse) {
+ echo $this->_response;
+ return;
+--- a/library/Zend/Soap/Client/Local.php
++++ b/library/Zend/Soap/Client/Local.php
+@@ -85,6 +85,13 @@
+ $this->_server->handle($request);
+ $response = ob_get_contents();
+ ob_end_clean();
++
++ if ($response === null || $response === '') {
++ $serverResponse = $this->server->getResponse();
++ if ($serverResponse !== null) {
++ $response = $serverResponse;
++ }
++ }
+
+ return $response;
+ }
+--- a/library/Zend/Feed/Reader.php
++++ b/library/Zend/Feed/Reader.php
+@@ -327,8 +327,18 @@
+ public static function importString($string)
+ {
+ $libxml_errflag = libxml_use_internal_errors(true);
++ $oldValue = libxml_disable_entity_loader(true);
+ $dom = new DOMDocument;
+ $status = $dom->loadXML($string);
++ foreach ($dom->childNodes as $child) {
++ if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) {
++ require_once 'Zend/Feed/Exception.php';
++ throw new Zend_Feed_Exception(
++ 'Invalid XML: Detected use of illegal DOCTYPE'
++ );
++ }
++ }
++ libxml_disable_entity_loader($oldValue);
+ libxml_use_internal_errors($libxml_errflag);
+
+ if (!$status) {
+@@ -399,8 +409,10 @@
+ }
+ $responseHtml = $response->getBody();
+ $libxml_errflag = libxml_use_internal_errors(true);
++ $oldValue = libxml_disable_entity_loader(true);
+ $dom = new DOMDocument;
+ $status = $dom->loadHTML($responseHtml);
++ libxml_disable_entity_loader($oldValue);
+ libxml_use_internal_errors($libxml_errflag);
+ if (!$status) {
+ // Build error message
+@@ -434,8 +446,18 @@
+ $dom = $feed;
+ } elseif(is_string($feed) && !empty($feed)) {
+ @ini_set('track_errors', 1);
++ $oldValue = libxml_disable_entity_loader(true);
+ $dom = new DOMDocument;
+ $status = @$dom->loadXML($feed);
++ foreach ($dom->childNodes as $child) {
++ if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) {
++ require_once 'Zend/Feed/Exception.php';
++ throw new Zend_Feed_Exception(
++ 'Invalid XML: Detected use of illegal DOCTYPE'
++ );
++ }
++ }
++ libxml_disable_entity_loader($oldValue);
+ @ini_restore('track_errors');
+ if (!$status) {
+ if (!isset($php_errormsg)) {
+--- a/library/Zend/Serializer/Adapter/Wddx.php
++++ b/library/Zend/Serializer/Adapter/Wddx.php
+@@ -106,7 +106,19 @@
+ // check if the returned NULL is valid
+ // or based on an invalid wddx string
+ try {
+- $simpleXml = new SimpleXMLElement($wddx);
++ $oldLibxmlDisableEntityLoader = libxml_disable_entity_loader(true);
++ $dom = new DOMDocument;
++ $dom->loadXML($wddx);
++ foreach ($dom->childNodes as $child) {
++ if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) {
++ require_once 'Zend/Serializer/Exception.php';
++ throw new Zend_Serializer_Exception(
++ 'Invalid XML: Detected use of illegal DOCTYPE'
++ );
++ }
++ }
++ $simpleXml = simplexml_import_dom($dom);
++ libxml_disable_entity_loader($oldLibxmlDisableEntityLoader);
+ if (isset($simpleXml->data[0]->null[0])) {
+ return null; // valid null
+ }
+--- a/library/Zend/XmlRpc/Response.php
++++ b/library/Zend/XmlRpc/Response.php
+@@ -186,6 +186,18 @@
+ $loadEntities = libxml_disable_entity_loader(true);
+ $useInternalXmlErrors = libxml_use_internal_errors(true);
+ try {
++ $dom = new DOMDocument;
++ $dom->loadXML($response);
++ foreach ($dom->childNodes as $child) {
++ if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) {
++ require_once 'Zend/XmlRpc/Exception.php';
++ throw new Zend_XmlRpc_Exception(
++ 'Invalid XML: Detected use of illegal DOCTYPE'
++ );
++ }
++ }
++ // TODO: Locate why this passes tests but a simplexml import doesn't
++ // $xml = simplexml_import_dom($dom);
+ $xml = new SimpleXMLElement($response);
+ libxml_disable_entity_loader($loadEntities);
+ libxml_use_internal_errors($useInternalXmlErrors);
+--- a/library/Zend/XmlRpc/Request.php
++++ b/library/Zend/XmlRpc/Request.php
+@@ -312,7 +312,17 @@
+ // @see ZF-12293 - disable external entities for security purposes
+ $loadEntities = libxml_disable_entity_loader(true);
+ try {
+- $xml = new SimpleXMLElement($request);
++ $dom = new DOMDocument;
++ $dom->loadXML($request);
++ foreach ($dom->childNodes as $child) {
++ if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) {
++ require_once 'Zend/XmlRpc/Exception.php';
++ throw new Zend_XmlRpc_Exception(
++ 'Invalid XML: Detected use of illegal DOCTYPE'
++ );
++ }
++ }
++ $xml = simplexml_import_dom($dom);
+ libxml_disable_entity_loader($loadEntities);
+ } catch (Exception $e) {
+ // Not valid XML
Attachment:
signature.asc
Description: Digital signature