Bug#703707: marked as done (unblock: php5/5.4.4-15)

Subject: Bug#703707: marked as done (unblock: php5/5.4.4-15)

From: owner@bugs.debian.org (Debian Bug Tracking System)

Date: Fri, 22 Mar 2013 15:09:19 +0000

Message-id: <[🔎] handler.703707.D703707.136396488219398.ackdone@bugs.debian.org>

References: <CALjhHG9p0CsuhyO5L++z3RBLvSGy9+r8U35NSgp7oSqrsLUZgQ@mail.gmail.com> <[🔎] 20130322143918.15488.63603.reportbug@localhost6.localdomain6>

Your message dated Fri, 22 Mar 2013 16:07:32 +0100 with message-id <CALjhHG9p0CsuhyO5L++z3RBLvSGy9+r8U35NSgp7oSqrsLUZgQ@mail.gmail.com> and subject line Re: Bug#703707: Acknowledgement (unblock: php5/5.4.4-15) has caused the Debian Bug report #703707, regarding unblock: php5/5.4.4-15 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 703707: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703707 Debian Bug Tracking System Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unblock: php5/5.4.4-15
From: Ondřej Surý <ondrej@debian.org>
Date: Fri, 22 Mar 2013 15:39:18 +0100
Message-id: <[🔎] 20130322143918.15488.63603.reportbug@localhost6.localdomain6>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package php5

The previous fix was CVE-2013-1643 was incomplete and it had been
issued an additional CVE-2013-1824 which should be complete now.

$ diffstat php5_5.4.4-15.debdiff
 debian/patches/CVE-2013-1643.patch |  135 -----------------------------------
 debian/patches/CVE-2013-1824.patch |  142 +++++++++++++++++++++++++++++++++++++
 php5-5.4.4/debian/changelog        |    7 +
 php5-5.4.4/debian/patches/series   |    2 
 4 files changed, 150 insertions(+), 136 deletions(-)

unblock php5/5.4.4-15

-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -u php5-5.4.4/debian/changelog php5-5.4.4/debian/changelog
--- php5-5.4.4/debian/changelog
+++ php5-5.4.4/debian/changelog
@@ -1,3 +1,10 @@
+php5 (5.4.4-15) unstable; urgency=high
+
+  * [CVE-2013-1824]: CVE-2013-1643 had incomplete fix for external entity
+    loading
+
+ -- Ondřej Surý <ondrej@debian.org>  Fri, 22 Mar 2013 13:51:47 +0100
+
 php5 (5.4.4-14) unstable; urgency=high
 
   * [CVE-2013-1635] Fixed external entity loading
diff -u php5-5.4.4/debian/patches/series php5-5.4.4/debian/patches/series
--- php5-5.4.4/debian/patches/series
+++ php5-5.4.4/debian/patches/series
@@ -81 +81 @@
-CVE-2013-1643.patch
+CVE-2013-1824.patch
reverted:
--- php5-5.4.4/debian/patches/CVE-2013-1643.patch
+++ php5-5.4.4.orig/debian/patches/CVE-2013-1643.patch
@@ -1,135 +0,0 @@
---- a/ext/libxml/libxml.c
-+++ b/ext/libxml/libxml.c
-@@ -270,6 +270,7 @@ static PHP_GINIT_FUNCTION(libxml)
- 	libxml_globals->error_buffer.c = NULL;
- 	libxml_globals->error_list = NULL;
- 	libxml_globals->entity_loader.fci.size = 0;
-+	libxml_globals->entity_loader_disabled = 0;
- }
- 
- static void _php_libxml_destroy_fci(zend_fcall_info *fci)
-@@ -369,16 +370,15 @@ static int php_libxml_streams_IO_close(v
- }
- 
- static xmlParserInputBufferPtr
--php_libxml_input_buffer_noload(const char *URI, xmlCharEncoding enc)
--{
--	return NULL;
--}
--
--static xmlParserInputBufferPtr
- php_libxml_input_buffer_create_filename(const char *URI, xmlCharEncoding enc)
- {
- 	xmlParserInputBufferPtr ret;
- 	void *context = NULL;
-+	TSRMLS_FETCH();
-+
-+	if (LIBXML(entity_loader_disabled)) {
-+		return NULL;
-+	}
- 
- 	if (URI == NULL)
- 		return(NULL);
-@@ -1052,28 +1052,25 @@ static PHP_FUNCTION(libxml_clear_errors)
- }
- /* }}} */
- 
-+PHP_LIBXML_API zend_bool php_libxml_disable_entity_loader(zend_bool disable TSRMLS_DC)
-+{
-+	zend_bool old = LIBXML(entity_loader_disabled);
-+
-+	LIBXML(entity_loader_disabled) = disable;
-+	return old;
-+}
-+
- /* {{{ proto bool libxml_disable_entity_loader([boolean disable]) 
-    Disable/Enable ability to load external entities */
- static PHP_FUNCTION(libxml_disable_entity_loader)
- {
- 	zend_bool disable = 1;
--	xmlParserInputBufferCreateFilenameFunc old;
- 
- 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|b", &disable) == FAILURE) {
- 		return;
- 	}
- 
--	if (disable == 0) {
--		old = xmlParserInputBufferCreateFilenameDefault(php_libxml_input_buffer_create_filename);
--	} else {
--		old = xmlParserInputBufferCreateFilenameDefault(php_libxml_input_buffer_noload);
--	}
--
--	if (old == php_libxml_input_buffer_noload) {
--		RETURN_TRUE;
--	}
--
--	RETURN_FALSE;
-+	RETURN_BOOL(php_libxml_disable_entity_loader(disable TSRMLS_CC));
- }
- /* }}} */
- 
---- a/ext/libxml/php_libxml.h
-+++ b/ext/libxml/php_libxml.h
-@@ -47,6 +47,7 @@ ZEND_BEGIN_MODULE_GLOBALS(libxml)
- 		zend_fcall_info			fci;
- 		zend_fcall_info_cache	fcc;
- 	} entity_loader;
-+	zend_bool entity_loader_disabled;
- ZEND_END_MODULE_GLOBALS(libxml)
- 
- typedef struct _libxml_doc_props {
-@@ -97,6 +98,7 @@ PHP_LIBXML_API void php_libxml_ctx_error
- PHP_LIBXML_API int php_libxml_xmlCheckUTF8(const unsigned char *s);
- PHP_LIBXML_API zval *php_libxml_switch_context(zval *context TSRMLS_DC);
- PHP_LIBXML_API void php_libxml_issue_error(int level, const char *msg TSRMLS_DC);
-+PHP_LIBXML_API zend_bool php_libxml_disable_entity_loader(zend_bool disable TSRMLS_DC);
- 
- /* Init/shutdown functions*/
- PHP_LIBXML_API void php_libxml_initialize(void);
---- a/ext/soap/php_xml.c
-+++ b/ext/soap/php_xml.c
-@@ -20,6 +20,7 @@
- /* $Id$ */
- 
- #include "php_soap.h"
-+#include "ext/libxml/php_libxml.h"
- #include "libxml/parser.h"
- #include "libxml/parserInternals.h"
- 
-@@ -91,13 +92,17 @@ xmlDocPtr soap_xmlParseFile(const char *
- 	ctxt = xmlCreateFileParserCtxt(filename);
- 	PG(allow_url_fopen) = old_allow_url_fopen;
- 	if (ctxt) {
-+		zend_bool old;
-+
- 		ctxt->keepBlanks = 0;
- 		ctxt->sax->ignorableWhitespace = soap_ignorableWhitespace;
- 		ctxt->sax->comment = soap_Comment;
- 		ctxt->sax->warning = NULL;
- 		ctxt->sax->error = NULL;
- 		/*ctxt->sax->fatalError = NULL;*/
-+		old = php_libxml_disable_entity_loader(1);
- 		xmlParseDocument(ctxt);
-+		php_libxml_disable_entity_loader(old);
- 		if (ctxt->wellFormed) {
- 			ret = ctxt->myDoc;
- 			if (ret->URL == NULL && ctxt->directory != NULL) {
-@@ -133,6 +138,8 @@ xmlDocPtr soap_xmlParseMemory(const void
- */
- 	ctxt = xmlCreateMemoryParserCtxt(buf, buf_size);
- 	if (ctxt) {
-+		zend_bool old;
-+
- 		ctxt->sax->ignorableWhitespace = soap_ignorableWhitespace;
- 		ctxt->sax->comment = soap_Comment;
- 		ctxt->sax->warning = NULL;
-@@ -141,7 +148,9 @@ xmlDocPtr soap_xmlParseMemory(const void
- #if LIBXML_VERSION >= 20703
- 		ctxt->options |= XML_PARSE_HUGE;
- #endif
-+		old = php_libxml_disable_entity_loader(1);
- 		xmlParseDocument(ctxt);
-+		php_libxml_disable_entity_loader(old);
- 		if (ctxt->wellFormed) {
- 			ret = ctxt->myDoc;
- 			if (ret->URL == NULL && ctxt->directory != NULL) {
only in patch2:
unchanged:
--- php5-5.4.4.orig/debian/patches/CVE-2013-1824.patch
+++ php5-5.4.4/debian/patches/CVE-2013-1824.patch
@@ -0,0 +1,142 @@
+--- a/ext/soap/php_xml.c
++++ b/ext/soap/php_xml.c
+@@ -20,6 +20,7 @@
+ /* $Id$ */
+ 
+ #include "php_soap.h"
++#include "ext/libxml/php_libxml.h"
+ #include "libxml/parser.h"
+ #include "libxml/parserInternals.h"
+ 
+@@ -91,13 +92,17 @@ xmlDocPtr soap_xmlParseFile(const char *
+ 	ctxt = xmlCreateFileParserCtxt(filename);
+ 	PG(allow_url_fopen) = old_allow_url_fopen;
+ 	if (ctxt) {
++		zend_bool old;
++
+ 		ctxt->keepBlanks = 0;
+ 		ctxt->sax->ignorableWhitespace = soap_ignorableWhitespace;
+ 		ctxt->sax->comment = soap_Comment;
+ 		ctxt->sax->warning = NULL;
+ 		ctxt->sax->error = NULL;
+ 		/*ctxt->sax->fatalError = NULL;*/
++		old = php_libxml_disable_entity_loader(1 TSRMLS_CC);
+ 		xmlParseDocument(ctxt);
++		php_libxml_disable_entity_loader(old TSRMLS_CC);
+ 		if (ctxt->wellFormed) {
+ 			ret = ctxt->myDoc;
+ 			if (ret->URL == NULL && ctxt->directory != NULL) {
+@@ -128,11 +133,15 @@ xmlDocPtr soap_xmlParseMemory(const void
+ 	xmlParserCtxtPtr ctxt = NULL;
+ 	xmlDocPtr ret;
+ 
++	TSRMLS_FETCH();
++
+ /*
+ 	xmlInitParser();
+ */
+ 	ctxt = xmlCreateMemoryParserCtxt(buf, buf_size);
+ 	if (ctxt) {
++		zend_bool old;
++
+ 		ctxt->sax->ignorableWhitespace = soap_ignorableWhitespace;
+ 		ctxt->sax->comment = soap_Comment;
+ 		ctxt->sax->warning = NULL;
+@@ -141,7 +150,9 @@ xmlDocPtr soap_xmlParseMemory(const void
+ #if LIBXML_VERSION >= 20703
+ 		ctxt->options |= XML_PARSE_HUGE;
+ #endif
++		old = php_libxml_disable_entity_loader(1 TSRMLS_CC);
+ 		xmlParseDocument(ctxt);
++		php_libxml_disable_entity_loader(old TSRMLS_CC);
+ 		if (ctxt->wellFormed) {
+ 			ret = ctxt->myDoc;
+ 			if (ret->URL == NULL && ctxt->directory != NULL) {
+--- a/ext/libxml/libxml.c
++++ b/ext/libxml/libxml.c
+@@ -270,6 +270,7 @@ static PHP_GINIT_FUNCTION(libxml)
+ 	libxml_globals->error_buffer.c = NULL;
+ 	libxml_globals->error_list = NULL;
+ 	libxml_globals->entity_loader.fci.size = 0;
++	libxml_globals->entity_loader_disabled = 0;
+ }
+ 
+ static void _php_libxml_destroy_fci(zend_fcall_info *fci)
+@@ -369,16 +370,15 @@ static int php_libxml_streams_IO_close(v
+ }
+ 
+ static xmlParserInputBufferPtr
+-php_libxml_input_buffer_noload(const char *URI, xmlCharEncoding enc)
+-{
+-	return NULL;
+-}
+-
+-static xmlParserInputBufferPtr
+ php_libxml_input_buffer_create_filename(const char *URI, xmlCharEncoding enc)
+ {
+ 	xmlParserInputBufferPtr ret;
+ 	void *context = NULL;
++	TSRMLS_FETCH();
++
++	if (LIBXML(entity_loader_disabled)) {
++		return NULL;
++	}
+ 
+ 	if (URI == NULL)
+ 		return(NULL);
+@@ -1052,28 +1052,25 @@ static PHP_FUNCTION(libxml_clear_errors)
+ }
+ /* }}} */
+ 
++PHP_LIBXML_API zend_bool php_libxml_disable_entity_loader(zend_bool disable TSRMLS_DC)
++{
++	zend_bool old = LIBXML(entity_loader_disabled);
++
++	LIBXML(entity_loader_disabled) = disable;
++	return old;
++}
++
+ /* {{{ proto bool libxml_disable_entity_loader([boolean disable]) 
+    Disable/Enable ability to load external entities */
+ static PHP_FUNCTION(libxml_disable_entity_loader)
+ {
+ 	zend_bool disable = 1;
+-	xmlParserInputBufferCreateFilenameFunc old;
+ 
+ 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|b", &disable) == FAILURE) {
+ 		return;
+ 	}
+ 
+-	if (disable == 0) {
+-		old = xmlParserInputBufferCreateFilenameDefault(php_libxml_input_buffer_create_filename);
+-	} else {
+-		old = xmlParserInputBufferCreateFilenameDefault(php_libxml_input_buffer_noload);
+-	}
+-
+-	if (old == php_libxml_input_buffer_noload) {
+-		RETURN_TRUE;
+-	}
+-
+-	RETURN_FALSE;
++	RETURN_BOOL(php_libxml_disable_entity_loader(disable TSRMLS_CC));
+ }
+ /* }}} */
+ 
+--- a/ext/libxml/php_libxml.h
++++ b/ext/libxml/php_libxml.h
+@@ -47,6 +47,7 @@ ZEND_BEGIN_MODULE_GLOBALS(libxml)
+ 		zend_fcall_info			fci;
+ 		zend_fcall_info_cache	fcc;
+ 	} entity_loader;
++	zend_bool entity_loader_disabled;
+ ZEND_END_MODULE_GLOBALS(libxml)
+ 
+ typedef struct _libxml_doc_props {
+@@ -97,6 +98,7 @@ PHP_LIBXML_API void php_libxml_ctx_error
+ PHP_LIBXML_API int php_libxml_xmlCheckUTF8(const unsigned char *s);
+ PHP_LIBXML_API zval *php_libxml_switch_context(zval *context TSRMLS_DC);
+ PHP_LIBXML_API void php_libxml_issue_error(int level, const char *msg TSRMLS_DC);
++PHP_LIBXML_API zend_bool php_libxml_disable_entity_loader(zend_bool disable TSRMLS_DC);
+ 
+ /* Init/shutdown functions*/
+ PHP_LIBXML_API void php_libxml_initialize(void);

--- End Message ---

--- Begin Message ---

To: 703707-done@bugs.debian.org
Subject: Re: Bug#703707: Acknowledgement (unblock: php5/5.4.4-15)
From: Ondřej Surý <ondrej@debian.org>
Date: Fri, 22 Mar 2013 16:07:32 +0100
Message-id: <CALjhHG9p0CsuhyO5L++z3RBLvSGy9+r8U35NSgp7oSqrsLUZgQ@mail.gmail.com>
In-reply-to: <handler.703707.B.13639631636070.ack@bugs.debian.org>
References: <[🔎] 20130322143918.15488.63603.reportbug@localhost6.localdomain6> <handler.703707.B.13639631636070.ack@bugs.debian.org>

I have discovered after some patch mangling, that only thing missing is the ZTS compatibility which we don't use in Debian.

So I think it's not worth the trouble.

On Fri, Mar 22, 2013 at 3:42 PM, Debian Bug Tracking System <owner@bugs.debian.org> wrote:

Thank you for filing a new Bug report with Debian.

This is an automatically generated reply to let you know your message
has been received.

Your message is being forwarded to the package maintainers and other
interested parties for their attention; they will reply in due course.

Your message has been sent to the package maintainer(s):
Debian Release Team <debian-release@lists.debian.org>

If you wish to submit further information on this problem, please
send it to 703707@bugs.debian.org.

Please do not send mail to owner@bugs.debian.org unless you wish
to report a problem with the Bug-tracking system.

--
703707: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703707
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--
Ondřej Surý <ondrej@sury.org>

Attachment: CVE-2013-1643-CVE-2013-1824.diff
Description: Binary data

--- End Message ---

Reply to:

References:

Bug#703707: unblock: php5/5.4.4-15
- From: Ondřej Surý <ondrej@debian.org>