Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: pu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi,
trying to keep the s-p-u smaller here's another batch of upstream
fixes as reported by our users.
This update includes 5 upstream fixes to issues reported to our BTS
and one backport of debian sessionclean script that has been plaguing
heavily used sites. (Several people has reported that the backported
scripts has helped them.)
php5 (5.4.4-14+deb7u13) stable-security; urgency=medium
.
* upstream fix: Cookies disabled when setting CURLOPT_COOKIEFILE to
empty string or NULL (Closes: #680260)
* upstream fix: Autoloader isn't called if two method definitions
don't match (Closes: #751738)
* upstream fix: OO API, walk: $suffix_as_key is not working correctly
(Closes: #731539)
* upstream fix: memory leak in FTPS functions results in denial of
service (Closes: #752366)
* upstream fix: Assigning to ArrayObject[null][something] overrides all
undefined variables (Closes: #726439)
* Backport sessionclean script from testing/unstable (Closes: #741254)
* d/changelog: Add CVE for phpinfo() Type Confusion Information Leak
Vulnerability
* d/NEWS: Adjust file name of default pool configuration
$ diffstat php5_5.4.4-14+deb7u13.debdiff
debian/patches/0001-Bug-65228-FTPs-memory-leak-patch-by-marco-dot-beiere.patch | 70 +++
debian/patches/0001-Fix-bug-61981.patch | 60 +++
debian/patches/0001-Fixed-bug-62987-Assigning-to-ArrayObject-null-someth.patch | 183 ++++++++++
debian/patches/CURLOPT_COOKIEFILE.patch | 22 +
debian/patches/fix-autoloader-if-two-method-definitions-doesnt-match.patch | 122 ++++++
debian/sessionclean | 7
php5-5.4.4/debian/NEWS | 10
php5-5.4.4/debian/changelog | 20 -
php5-5.4.4/debian/control | 2
php5-5.4.4/debian/patches/series | 5
php5-5.4.4/debian/php5-common.php5.cron.d | 2
11 files changed, 494 insertions(+), 9 deletions(-)
Please diregard the d/changelog in the debdiff - the correct one is in
this bugreport (the stable-security vs stable and missing one entry).
The package is rebuilding right now with the updated changelog.
Cheers,
Ondrej
- -- System Information:
Debian Release: 7.5
APT prefers stable
APT policy: (900, 'stable'), (800, 'testing'), (700, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJTvSBsAAoJEAyZtw70/LsH61QQAL0UVsRgWTyoIPq8taYHrq2M
D0acMKzNyzNEcn3YPsdM66I6XWlPTQ6SBmUfZ12rYVJ7dGRwR0gaoRMKPEvmkY9Z
FlwNMreZ0b7fkcW3RT5EyP3ajzAAXk2k3cmxNUIfpKENMLsbpEGw0Mrv4Rdd3tqx
plUabhrnoSeLg2SyY0W4h4lxLtWlWWhInYy4G8Cws947It92ghXcqSykPsO2PNgr
ZW+HduuKD+eRjmkUaKACIDcFv7YZwFEyZcRP40tMbc7ieOAkH3U3YHjf1tCQ0Z7m
KNDEvAYeEaFJzyIEG5XsbRbml6n8QPzDuyAlgNehbzV7gCNVvc6sVuQQFJ0g5KYi
zAl7YOz0dK/mbNmUMMtM47SsRaJJQnkkb4SvKN22sce4TJGPzX8pVZaxF+rJQZmt
N8ftvWW2tpokft7sgxQF3lE6lmLkDs25tVvm0a2iejPrYE1wTo/RSX33J3Ul3qj3
gDg2nNFJGhYqtbCy4eO8v1oKvps4vDBLvHO+Lr+ZHWvwL3+1dYff+HuEqa2jcOlo
Xks7YMhC7BhDqBmXAjKLppolGZMXckDVrXYis1qOD/bhlQ1zlEBP4Xjr27bmc7AE
DBW7Itiz+OMnF7gDJ4t2CTvZj0LsfRm1KwoGYyPzb1mWxJOvIIqumFUBRqsmNmhN
jsWNUp86VuKzqUNreP9f
=WxS2
-----END PGP SIGNATURE-----
diff -u php5-5.4.4/debian/php5-common.php5.cron.d php5-5.4.4/debian/php5-common.php5.cron.d
--- php5-5.4.4/debian/php5-common.php5.cron.d
+++ php5-5.4.4/debian/php5-common.php5.cron.d
@@ -7 +7 @@
-09,39 * * * * root [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -depth -mindepth 1 -maxdepth 1 -type f -ignore_readdir_race -cmin +$(/usr/lib/php5/maxlifetime) ! -execdir fuser -s {} 2>/dev/null \; -delete
+09,39 * * * * root [ -x /usr/lib/php5/maxlifetime ] && [ -x /usr/lib/php5/sessionclean ] && [ -d /var/lib/php5 ] && /usr/lib/php5/sessionclean /var/lib/php5 $(/usr/lib/php5/maxlifetime)
diff -u php5-5.4.4/debian/changelog php5-5.4.4/debian/changelog
--- php5-5.4.4/debian/changelog
+++ php5-5.4.4/debian/changelog
@@ -1,3 +1,20 @@
+php5 (5.4.4-14+deb7u13) stable-security; urgency=medium
+
+ * upstream fix: Autoloader isn't called if two method definitions
+ don't match (Closes: #751738)
+ * upstream fix: OO API, walk: $suffix_as_key is not working correctly
+ (Closes: #731539)
+ * upstream fix: memory leak in FTPS functions results in denial of
+ service (Closes: #752366)
+ * upstream fix: Assigning to ArrayObject[null][something] overrides all
+ undefined variables (Closes: #726439)
+ * Backport sessionclean script from testing/unstable (Closes: #741254)
+ * d/changelog: Add CVE for phpinfo() Type Confusion Information Leak
+ Vulnerability
+ * d/NEWS: Adjust file name of default pool configuration
+
+ -- Ondřej Surý <ondrej@debian.org> Wed, 09 Jul 2014 11:15:36 +0200
+
php5 (5.4.4-14+deb7u12) stable-security; urgency=high
[ William Dauchy ]
@@ -13,8 +30,7 @@
* upstream fix: Segmentation fault after memory_limit
[ Ondřej Surý ]
- * Pull upstream fix for phpinfo() Type Confusion Information Leak
- (PHP#67498)
+ * [CVE-2014-4721]: Pull upstream fix for phpinfo() Type Confusion Information Leak
* [CVE-2014-3515]: fix unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion
* [CVE-2014-0207]: fileinfo: cdf_read_short_sector insufficient boundary check
* [CVE-2014-3478]: fileinfo: mconvert incorrect handling of truncated pascal string size
diff -u php5-5.4.4/debian/control php5-5.4.4/debian/control
--- php5-5.4.4/debian/control
+++ php5-5.4.4/debian/control
@@ -86,7 +86,7 @@
Package: php5-common
Architecture: any
-Depends: ${misc:Depends}, sed (>= 4.1.1-1), psmisc (>= 22.15-1~), ${shlibs:Depends}, ucf
+Depends: ${misc:Depends}, sed (>= 4.1.1-1), psmisc (>= 22.15-1~), lsof [!kfreebsd-any !hurd-any], ${shlibs:Depends}, ucf
Pre-Depends: dpkg (>= 1.15.7.2~)
Provides: php5-json, php5-mhash
Conflicts: php5-json, php5-mhash
diff -u php5-5.4.4/debian/NEWS php5-5.4.4/debian/NEWS
--- php5-5.4.4/debian/NEWS
+++ php5-5.4.4/debian/NEWS
@@ -6,11 +6,11 @@
user of FPM process via crafted FastCGI client.
The default Debian setup now correctly sets the listen.owner and
- listen.group to www-data:www-data in default php-fpm.conf. If you
- have more FPM instances or a webserver not running under www-data
- user you need to adjust the configuration of FPM pools in
- /etc/php5/fpm/pool.d/ so the accessing process has rights to
- access the socket.
+ listen.group to www-data:www-data in default www pool configuration
+ (/etc/php5/fpm/pool.d/www.conf). If you have more FPM instances or
+ a webserver not running under www-data user you need to adjust the
+ configuration of FPM pools in /etc/php5/fpm/pool.d/ so the accessing
+ process has rights to access the socket.
-- Ondřej Surý <ondrej@debian.org> Mon, 12 May 2014 14:23:05 +0200
diff -u php5-5.4.4/debian/patches/series php5-5.4.4/debian/patches/series
--- php5-5.4.4/debian/patches/series
+++ php5-5.4.4/debian/patches/series
@@ -163,0 +164,5 @@
+CURLOPT_COOKIEFILE.patch
+fix-autoloader-if-two-method-definitions-doesnt-match.patch
+0001-Fix-bug-61981.patch
+0001-Bug-65228-FTPs-memory-leak-patch-by-marco-dot-beiere.patch
+0001-Fixed-bug-62987-Assigning-to-ArrayObject-null-someth.patch
only in patch2:
unchanged:
--- php5-5.4.4.orig/debian/sessionclean
+++ php5-5.4.4/debian/sessionclean
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+# first find all used files and touch them (hope it's not massive amount of files)
+[ -x /usr/bin/lsof ] && /usr/bin/lsof -w -l +d "${1}" | awk -- '{ if (NR > 1) { print $9; } }' | xargs -i touch -c {}
+
+# find all files older then maxlifetime
+find "${1}" -depth -mindepth 1 -maxdepth 1 -ignore_readdir_race -type f -cmin "+${2}" -delete
only in patch2:
unchanged:
--- php5-5.4.4.orig/debian/patches/fix-autoloader-if-two-method-definitions-doesnt-match.patch
+++ php5-5.4.4/debian/patches/fix-autoloader-if-two-method-definitions-doesnt-match.patch
@@ -0,0 +1,122 @@
+From ca29063da5599f463454578abe629bc21ab33b3b Mon Sep 17 00:00:00 2001
+From: Bob Weinand <bobwei9@hotmail.com>
+Date: Sun, 15 Jun 2014 22:18:25 +0200
+Subject: [PATCH 1/6] Fix bug #67436
+
+---
+ Zend/zend_compile.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+--- php5.orig/Zend/zend_compile.c
++++ php5/Zend/zend_compile.c
+@@ -3142,8 +3142,11 @@ static char * zend_get_function_declarat
+ *zv = *precv->op2.zv;
+ zval_copy_ctor(zv);
+ INIT_PZVAL(zv);
+- zval_update_constant_ex(&zv, (void*)1, fptr->common.scope TSRMLS_CC);
+- if (Z_TYPE_P(zv) == IS_BOOL) {
++ if ((Z_TYPE_P(zv) & IS_CONSTANT_TYPE_MASK) == IS_CONSTANT) {
++ REALLOC_BUF_IF_EXCEED(buf, offset, length, Z_STRLEN_P(zv));
++ memcpy(offset, Z_STRVAL_P(zv), Z_STRLEN_P(zv));
++ offset += Z_STRLEN_P(zv);
++ } else if (Z_TYPE_P(zv) == IS_BOOL) {
+ if (Z_LVAL_P(zv)) {
+ memcpy(offset, "true", 4);
+ offset += 4;
+@@ -3165,7 +3168,7 @@ static char * zend_get_function_declarat
+ *(offset++) = '.';
+ }
+ *(offset++) = '\'';
+- } else if (Z_TYPE_P(zv) == IS_ARRAY) {
++ } else if (Z_TYPE_P(zv) == IS_ARRAY || (Z_TYPE_P(zv) & IS_CONSTANT_TYPE_MASK) == IS_CONSTANT_ARRAY) {
+ memcpy(offset, "Array", 5);
+ offset += 5;
+ } else {
+--- /dev/null
++++ php5/Zend/tests/bug67436/a.php
+@@ -0,0 +1,10 @@
++<?php
++
++class a {
++ public function test($arg = c::TESTCONSTANT) {
++ echo __METHOD__ . "($arg)\n";
++ }
++
++ static public function staticTest() {
++ }
++}
+--- /dev/null
++++ php5/Zend/tests/bug67436/b.php
+@@ -0,0 +1,8 @@
++<?php
++
++class b extends a {
++ public function test() {
++ echo __METHOD__ . "()\n";
++ parent::test();
++ }
++}
+--- /dev/null
++++ php5/Zend/tests/bug67436/bug67436.phpt
+@@ -0,0 +1,26 @@
++--TEST--
++bug67436: Autoloader isn't called if user defined error handler is present
++
++--INI--
++error_reporting=
++
++--FILE--
++<?php
++
++spl_autoload_register(function($classname) {
++ if (in_array($classname, array('a','b','c'))) {
++ require_once ($classname . '.php');
++ }
++});
++
++set_error_handler(function ($errno, $errstr, $errfile, $errline) {
++}, error_reporting());
++
++a::staticTest();
++
++$b = new b();
++$b->test();
++
++--EXPECT--
++b::test()
++a::test(c::TESTCONSTANT)
+--- /dev/null
++++ php5/Zend/tests/bug67436/bug67436_nohandler.phpt
+@@ -0,0 +1,24 @@
++--TEST--
++bug67436: E_STRICT instead of custom error handler
++
++--INI--
++error_reporting=-1
++
++--FILE--
++<?php
++
++spl_autoload_register(function($classname) {
++ if (in_array($classname, array('a','b','c'))) {
++ require_once ($classname . '.php');
++ }
++});
++
++a::staticTest();
++
++$b = new b();
++$b->test();
++
++--EXPECTF--
++Strict Standards: Declaration of b::test() should be compatible with a::test($arg = c::TESTCONSTANT) in %s/bug67436/b.php on line %d
++b::test()
++a::test(c::TESTCONSTANT)
+--- /dev/null
++++ php5/Zend/tests/bug67436/c.php
+@@ -0,0 +1,5 @@
++<?php
++
++class c {
++ const TESTCONSTANT = "c::TESTCONSTANT";
++}
only in patch2:
unchanged:
--- php5-5.4.4.orig/debian/patches/0001-Fix-bug-61981.patch
+++ php5-5.4.4/debian/patches/0001-Fix-bug-61981.patch
@@ -0,0 +1,60 @@
+From b32405053f5a32d8c4d83f7566f5b414afd3aedb Mon Sep 17 00:00:00 2001
+From: Boris Lytochkin <lytboris@php.net>
+Date: Sun, 17 Mar 2013 20:00:37 +0400
+Subject: [PATCH 1/2] Fix bug #61981
+
+---
+ ext/snmp/snmp.c | 4 ++--
+ ext/snmp/tests/snmp-object.phpt | 20 ++++++++++++++++++++
+ 2 files changed, 22 insertions(+), 2 deletions(-)
+
+--- php5.orig/ext/snmp/snmp.c
++++ php5/ext/snmp/snmp.c
+@@ -832,9 +832,9 @@ retry:
+ }
+ } else if (st & SNMP_USE_SUFFIX_AS_KEYS && st & SNMP_CMD_WALK) {
+ snprint_objid(buf2, sizeof(buf2), vars->name, vars->name_length);
+- if (objid_query->vars[0].name_length <= vars->name_length && snmp_oid_compare(objid_query->vars[0].name, objid_query->vars[0].name_length, vars->name, objid_query->vars[0].name_length) == 0) {
++ if (rootlen <= vars->name_length && snmp_oid_compare(root, rootlen, vars->name, rootlen) == 0) {
+ buf2[0] = '\0';
+- count = objid_query->vars[0].name_length;
++ count = rootlen;
+ while(count < vars->name_length){
+ sprintf(buf, "%lu.", vars->name[count]);
+ strcat(buf2, buf);
+--- php5.orig/ext/snmp/tests/snmp-object.phpt
++++ php5/ext/snmp/tests/snmp-object.phpt
+@@ -83,6 +83,19 @@ var_dump(gettype($z));
+ var_dump(count($z));
+ var_dump(key($z));
+ var_dump(array_shift($z));
++var_dump(key($z));
++array_shift($z);
++var_dump(key($z));
++array_shift($z);
++var_dump(key($z));
++array_shift($z);
++var_dump(key($z));
++array_shift($z);
++var_dump(key($z));
++array_shift($z);
++var_dump(key($z));
++array_shift($z);
++var_dump(key($z));
+ var_dump($session->close());
+
+ echo "SNMPv3 (default security settings)\n";
+@@ -194,6 +207,13 @@ string(5) "array"
+ int(%d)
+ string(3) "1.0"
+ string(%d) "%s"
++string(3) "2.0"
++string(3) "3.0"
++string(3) "4.0"
++string(3) "5.0"
++string(3) "6.0"
++string(3) "7.0"
++string(3) "8.0"
+ bool(true)
+ SNMPv3 (default security settings)
+ string(%d) "%S"
only in patch2:
unchanged:
--- php5-5.4.4.orig/debian/patches/0001-Fixed-bug-62987-Assigning-to-ArrayObject-null-someth.patch
+++ php5-5.4.4/debian/patches/0001-Fixed-bug-62987-Assigning-to-ArrayObject-null-someth.patch
@@ -0,0 +1,183 @@
+From 67d7d03f00cb3185a4d5958ab7a4b063fc33405c Mon Sep 17 00:00:00 2001
+From: Xinchen Hui <laruence@php.net>
+Date: Sat, 1 Sep 2012 14:17:39 +0800
+Subject: [PATCH] Fixed bug #62987 (Assigning to ArrayObject[null][something]
+ overrides all undefined variables)
+
+The get_zval_ptr_ptr of spl_array handler should act as same as the vm's
+---
+ NEWS | 2 ++
+ ext/spl/spl_array.c | 70 ++++++++++++++++++++++++---------------------
+ ext/spl/tests/bug62978.phpt | 50 ++++++++++++++++++++++++++++++++
+ 3 files changed, 90 insertions(+), 32 deletions(-)
+ create mode 100644 ext/spl/tests/bug62978.phpt
+
+--- php5.orig/ext/spl/spl_array.c
++++ php5/ext/spl/spl_array.c
+@@ -302,41 +302,41 @@ static zval **spl_array_get_dimension_pt
+ long index;
+ HashTable *ht = spl_array_get_hash_table(intern, 0 TSRMLS_CC);
+
+-/* We cannot get the pointer pointer so we don't allow it here for now
+- if (check_inherited && intern->fptr_offset_get) {
+- return zend_call_method_with_1_params(&object, Z_OBJCE_P(object), &intern->fptr_offset_get, "offsetGet", NULL, offset);
+- }*/
+-
+ if (!offset) {
+ return &EG(uninitialized_zval_ptr);
+ }
+
+ if ((type == BP_VAR_W || type == BP_VAR_RW) && (ht->nApplyCount > 0)) {
+ zend_error(E_WARNING, "Modification of ArrayObject during sorting is prohibited");
+- return &EG(uninitialized_zval_ptr);;
++ return &EG(error_zval_ptr);;
+ }
+
+ switch(Z_TYPE_P(offset)) {
++ case IS_NULL:
++ Z_STRVAL_P(offset) = "";
++ Z_STRLEN_P(offset) = 0;
+ case IS_STRING:
+ if (zend_symtable_find(ht, Z_STRVAL_P(offset), Z_STRLEN_P(offset)+1, (void **) &retval) == FAILURE) {
+- if (type == BP_VAR_W || type == BP_VAR_RW) {
+- zval *value;
+- ALLOC_INIT_ZVAL(value);
+- zend_symtable_update(ht, Z_STRVAL_P(offset), Z_STRLEN_P(offset)+1, (void**)&value, sizeof(void*), NULL);
+- if (zend_symtable_find(ht, Z_STRVAL_P(offset), Z_STRLEN_P(offset)+1, (void **) &retval) != FAILURE) {
+- return retval;
+- } else {
+- return &EG(uninitialized_zval_ptr);
++ switch (type) {
++ case BP_VAR_R:
++ zend_error(E_NOTICE, "Undefined index: %s", Z_STRVAL_P(offset));
++ case BP_VAR_UNSET:
++ case BP_VAR_IS:
++ retval = &EG(uninitialized_zval_ptr);
++ break;
++ case BP_VAR_RW:
++ zend_error(E_NOTICE,"Undefined index: %s", Z_STRVAL_P(offset));
++ case BP_VAR_W: {
++ zval *value;
++ ALLOC_INIT_ZVAL(value);
++ zend_symtable_update(ht, Z_STRVAL_P(offset), Z_STRLEN_P(offset)+1, (void**)&value, sizeof(void*), (void **)&retval);
+ }
+- } else {
+- zend_error(E_NOTICE, "Undefined index: %s", Z_STRVAL_P(offset));
+- return &EG(uninitialized_zval_ptr);
+ }
+- } else {
+- return retval;
+ }
+- case IS_DOUBLE:
++ return retval;
+ case IS_RESOURCE:
++ zend_error(E_STRICT, "Resource ID#%ld used as offset, casting to integer (%ld)", Z_LVAL_P(offset), Z_LVAL_P(offset));
++ case IS_DOUBLE:
+ case IS_BOOL:
+ case IS_LONG:
+ if (offset->type == IS_DOUBLE) {
+@@ -345,26 +345,27 @@ static zval **spl_array_get_dimension_pt
+ index = Z_LVAL_P(offset);
+ }
+ if (zend_hash_index_find(ht, index, (void **) &retval) == FAILURE) {
+- if (type == BP_VAR_W || type == BP_VAR_RW) {
+- zval *value;
+- ALLOC_INIT_ZVAL(value);
+- zend_hash_index_update(ht, index, (void**)&value, sizeof(void*), NULL);
+- if (zend_hash_index_find(ht, index, (void **) &retval) != FAILURE) {
+- return retval;
+- } else {
+- return &EG(uninitialized_zval_ptr);
++ switch (type) {
++ case BP_VAR_R:
++ zend_error(E_NOTICE, "Undefined offset: %ld", index);
++ case BP_VAR_UNSET:
++ case BP_VAR_IS:
++ retval = &EG(uninitialized_zval_ptr);
++ break;
++ case BP_VAR_RW:
++ zend_error(E_NOTICE, "Undefined offset: %ld", index);
++ case BP_VAR_W: {
++ zval *value;
++ ALLOC_INIT_ZVAL(value);
++ zend_hash_index_update(ht, index, (void**)&value, sizeof(void*), (void **)&retval);
+ }
+- } else {
+- zend_error(E_NOTICE, "Undefined offset: %ld", index);
+- return &EG(uninitialized_zval_ptr);
+- }
+- } else {
+- return retval;
++ }
+ }
+- break;
++ return retval;
+ default:
+ zend_error(E_WARNING, "Illegal offset type");
+- return &EG(uninitialized_zval_ptr);
++ return (type == BP_VAR_W || type == BP_VAR_RW) ?
++ &EG(error_zval_ptr) : &EG(uninitialized_zval_ptr);
+ }
+ } /* }}} */
+
+@@ -687,7 +688,6 @@ SPL_METHOD(Array, offsetSet)
+ spl_array_write_dimension_ex(0, getThis(), index, value TSRMLS_CC);
+ } /* }}} */
+
+-
+ void spl_array_iterator_append(zval *object, zval *append_value TSRMLS_DC) /* {{{ */
+ {
+ spl_array_object *intern = (spl_array_object*)zend_object_store_get_object(object TSRMLS_CC);
+--- /dev/null
++++ php5/ext/spl/tests/bug62978.phpt
+@@ -0,0 +1,50 @@
++--TEST--
++Bug #62987 (Assigning to ArrayObject[null][something] overrides all undefined variables)
++--FILE--
++<?php
++$a = new ArrayObject();
++
++$b = array();
++
++$a[null]['hurr'] = 'durr';
++
++var_dump($a['epic_magic']);
++var_dump($b['epic_magic']);
++var_dump($c['epic_magic']); // Undefined var!!
++
++$d = array();
++var_dump($a['epic_magic']); // more magic!
++var_dump($d['epic_magic']);
++
++$e = 'srsly?';
++var_dump($a['epic_magic']); // srsly.
++var_dump(isset($a['epic_magic']));
++
++$fp = fopen(__FILE__, 'r');
++var_dump($a[$fp]);
++
++fclose($fp);
++--EXPECTF--
++Notice: Undefined index: epic_magic in %sbug62978.php on line %d
++NULL
++
++Notice: Undefined index: epic_magic in %sbug62978.php on line %d
++NULL
++
++Notice: Undefined variable: c in %sbug62978.php on line %d
++NULL
++
++Notice: Undefined index: epic_magic in %sbug62978.php on line %d
++NULL
++
++Notice: Undefined index: epic_magic in %sbug62978.php on line %d
++NULL
++
++Notice: Undefined index: epic_magic in %sbug62978.php on line %d
++NULL
++bool(false)
++
++Strict Standards: Resource ID#%d used as offset, casting to integer (%d) in %sbug62978.php on line %d
++
++Notice: Undefined offset: %d in %sbug62978.php on line %d
++NULL
only in patch2:
unchanged:
--- php5-5.4.4.orig/debian/patches/CURLOPT_COOKIEFILE.patch
+++ php5-5.4.4/debian/patches/CURLOPT_COOKIEFILE.patch
@@ -0,0 +1,22 @@
+--- php5.orig/ext/curl/interface.c
++++ php5/ext/curl/interface.c
+@@ -2183,7 +2183,7 @@ string_copy:
+
+ convert_to_string_ex(zvalue);
+
+- if (!Z_STRLEN_PP(zvalue) || php_check_open_basedir(Z_STRVAL_PP(zvalue) TSRMLS_CC)) {
++ if (Z_STRLEN_PP(zvalue) && php_check_open_basedir(Z_STRVAL_PP(zvalue) TSRMLS_CC)) {
+ RETVAL_FALSE;
+ return 1;
+ }
+--- php5.orig/ext/curl/tests/bug61948.phpt
++++ php5/ext/curl/tests/bug61948.phpt
+@@ -13,7 +13,7 @@ open_basedir="/tmp"
+ curl_close($ch);
+ ?>
+ --EXPECTF--
+-bool(false)
++bool(true)
+ bool(true)
+
+ Warning: curl_setopt(): open_basedir restriction in effect. File(/xxx/bar) is not within the allowed path(s): (/tmp) in %sbug61948.php on line %d
only in patch2:
unchanged:
--- php5-5.4.4.orig/debian/patches/0001-Bug-65228-FTPs-memory-leak-patch-by-marco-dot-beiere.patch
+++ php5-5.4.4/debian/patches/0001-Bug-65228-FTPs-memory-leak-patch-by-marco-dot-beiere.patch
@@ -0,0 +1,70 @@
+From 0863a0d6a0f740874b4ef8dc732a4ec94949470c Mon Sep 17 00:00:00 2001
+From: Felipe Pena <felipensp@gmail.com>
+Date: Sat, 13 Jul 2013 17:54:31 -0300
+Subject: [PATCH] - Bug #65228 (FTPs memory leak) patch by: marco dot beierer
+ at mbsecurity dot ch
+
+---
+ ext/ftp/ftp.c | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+--- php5.orig/ext/ftp/ftp.c
++++ php5/ext/ftp/ftp.c
+@@ -182,6 +182,7 @@ ftp_close(ftpbuf_t *ftp)
+ #if HAVE_OPENSSL_EXT
+ if (ftp->ssl_active) {
+ SSL_shutdown(ftp->ssl_handle);
++ SSL_free(ftp->ssl_handle);
+ }
+ #endif
+ closesocket(ftp->fd);
+@@ -297,6 +298,7 @@ ftp_login(ftpbuf_t *ftp, const char *use
+ if (SSL_connect(ftp->ssl_handle) <= 0) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSL/TLS handshake failed");
+ SSL_shutdown(ftp->ssl_handle);
++ SSL_free(ftp->ssl_handle);
+ return 0;
+ }
+
+@@ -1548,6 +1550,7 @@ data_accepted:
+ if (SSL_connect(data->ssl_handle) <= 0) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "data_accept: SSL/TLS handshake failed");
+ SSL_shutdown(data->ssl_handle);
++ SSL_free(data->ssl_handle);
+ return 0;
+ }
+
+@@ -1565,13 +1568,21 @@ data_accepted:
+ databuf_t*
+ data_close(ftpbuf_t *ftp, databuf_t *data)
+ {
++#if HAVE_OPENSSL_EXT
++ SSL_CTX *ctx;
++#endif
+ if (data == NULL) {
+ return NULL;
+ }
+ if (data->listener != -1) {
+ #if HAVE_OPENSSL_EXT
+ if (data->ssl_active) {
++
++ ctx = SSL_get_SSL_CTX(data->ssl_handle);
++ SSL_CTX_free(ctx);
++
+ SSL_shutdown(data->ssl_handle);
++ SSL_free(data->ssl_handle);
+ data->ssl_active = 0;
+ }
+ #endif
+@@ -1580,7 +1591,11 @@ data_close(ftpbuf_t *ftp, databuf_t *dat
+ if (data->fd != -1) {
+ #if HAVE_OPENSSL_EXT
+ if (data->ssl_active) {
++ ctx = SSL_get_SSL_CTX(data->ssl_handle);
++ SSL_CTX_free(ctx);
++
+ SSL_shutdown(data->ssl_handle);
++ SSL_free(data->ssl_handle);
+ data->ssl_active = 0;
+ }
+ #endif
Format: 1.0 Source: php5 Binary: php5, php5-common, libapache2-mod-php5, libapache2-mod-php5filter, php5-cgi, php5-cli, php5-fpm, libphp5-embed, php5-dev, php5-dbg, php-pear, php5-curl, php5-enchant, php5-gd, php5-gmp, php5-imap, php5-interbase, php5-intl, php5-ldap, php5-mcrypt, php5-mysql, php5-mysqlnd, php5-odbc, php5-pgsql, php5-pspell, php5-recode, php5-snmp, php5-sqlite, php5-sybase, php5-tidy, php5-xmlrpc, php5-xsl Architecture: any all Version: 5.4.4-14+deb7u13 Maintainer: Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org> Uploaders: Ondřej Surý <ondrej@debian.org>, Sean Finney <seanius@debian.org>, Thijs Kinkhorst <thijs@debian.org>, Lior Kaplan <kaplan@debian.org>, William Dauchy <wdauchy@gmail.com> Homepage: http://www.php.net/ Standards-Version: 3.9.3 Vcs-Browser: http://git.debian.org/?p=pkg-php/php.git Vcs-Git: git://git.debian.org/pkg-php/php.git Build-Depends: apache2-prefork-dev, autoconf (>= 2.63), automake (>= 1.11) | automake1.11, bison, chrpath, debhelper (>= 5), firebird-dev [!hurd-any !m68k !hppa !ppc64] | firebird2.5-dev [!hurd-any !m68k !hppa !ppc64] | firebird2.1-dev [!hurd-any !m68k !hppa !ppc64], flex, freetds-dev, hardening-wrapper, libapr1-dev (>= 1.2.7-8), libbz2-dev, libc-client-dev, libcurl4-openssl-dev | libcurl-dev, libdb-dev, libenchant-dev, libevent-dev (>= 1.4.11), libexpat1-dev (>= 1.95.2-2.1), libfreetype6-dev, libgcrypt11-dev, libgd2-xpm-dev, libglib2.0-dev, libgmp3-dev, libicu-dev, libjpeg-dev | libjpeg62-dev, libkrb5-dev, libldap2-dev, libmagic-dev, libmcrypt-dev, libmhash-dev (>= 0.8.8), libmysqlclient-dev | libmysqlclient15-dev, libonig-dev, libpam0g-dev, libpcre3-dev (>= 6.6), libpng-dev | libpng12-dev, libpq-dev, libpspell-dev, libqdbm-dev, librecode-dev, libsasl2-dev, libsnmp-dev, libsqlite3-dev, libssl-dev, libtidy-dev, libtool (>= 2.2), libwrap0-dev, libxmltok1-dev, libxml2-dev, libx slt1-dev (>= 1.0.18), locales-all | language-pack-de, mysql-server, netbase, netcat-traditional, quilt, re2c, unixodbc-dev, zlib1g-dev, tzdata Build-Conflicts: bind-dev Package-List: libapache2-mod-php5 deb httpd optional libapache2-mod-php5filter deb httpd extra libphp5-embed deb php optional php-pear deb php optional php5 deb php optional php5-cgi deb php optional php5-cli deb php optional php5-common deb php optional php5-curl deb php optional php5-dbg deb debug extra php5-dev deb php optional php5-enchant deb php optional php5-fpm deb php optional php5-gd deb php optional php5-gmp deb php optional php5-imap deb php optional php5-interbase deb php optional php5-intl deb php optional php5-ldap deb php optional php5-mcrypt deb php optional php5-mysql deb php optional php5-mysqlnd deb php extra php5-odbc deb php optional php5-pgsql deb php optional php5-pspell deb php optional php5-recode deb php optional php5-snmp deb php optional php5-sqlite deb php optional php5-sybase deb php optional php5-tidy deb php optional php5-xmlrpc deb php optional php5-xsl deb php optional Checksums-Sha1: 5b218c805078dca5925bef26bb3fb7a9cf98a940 14060505 php5_5.4.4.orig.tar.gz 0787ebf1f48a400b0726c42f74bd4450f2291a20 274950 php5_5.4.4-14+deb7u13.diff.gz Checksums-Sha256: 0404b517ff938aca2c445fd61d10467e275acb031607cb09bf678241ba205edf 14060505 php5_5.4.4.orig.tar.gz 5b94772c303b93534ac915f09697b9d8f58cf4ef4266404a818ce38ccf7c408b 274950 php5_5.4.4-14+deb7u13.diff.gz Files: 8366c3626f2275ab8c7ef5e2d6bc5bd7 14060505 php5_5.4.4.orig.tar.gz 1e496097e778da8b193b42f1dc3313fe 274950 php5_5.4.4-14+deb7u13.diff.gz
Attachment:
php5_5.4.4-14+deb7u13.diff.gz
Description: application/gzip