From f8cc363841ecd126c0c43f2773e4d85a54b8484c Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Tue, 12 Jun 2012 11:18:43 -0700 Subject: add CVE --- NEWS | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index b91b5d7..4950763 100644 --- a/NEWS +++ b/NEWS @@ -7,8 +7,8 @@ PHP NEWS crash during execution). (Dmitry) . Fixed bug #51094 (parse_ini_file() with INI_SCANNER_RAW cuts a value that includes a semi-colon). (Pierrick) - . Fixed potential overflow in _php_stream_scandir. (Jason Powell, - Stas) + . Fixed potential overflow in _php_stream_scandir (CVE-2012-2688). + (Jason Powell, Stas) - EXIF: . Fixed information leak in ext exif (discovered by Martin Noga, -- cgit v0.12 From a2bfad051df022058f19afc5f09fd835cbbcf145 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Tue, 12 Jun 2012 11:21:54 -0700 Subject: Revert "Rename openssl_pkcs5_pbkdf2_hmac() to something that doesn't sound like a spell." This reverts commit bccd1e672fabc3c788e93075221d47d9f077b167. Looks like we don't have agreement yet on this for 5.4. Let's keep it in 5.5 for now. --- ext/openssl/CREDITS | 2 +- ext/openssl/openssl.c | 8 ++++---- ext/openssl/php_openssl.h | 2 +- ext/openssl/tests/openssl_pbkdf2.phpt | 26 ------------------------ ext/openssl/tests/openssl_pkcs5_pbkdf2_hmac.phpt | 26 ++++++++++++++++++++++++ 5 files changed, 32 insertions(+), 32 deletions(-) delete mode 100644 ext/openssl/tests/openssl_pbkdf2.phpt create mode 100644 ext/openssl/tests/openssl_pkcs5_pbkdf2_hmac.phpt diff --git a/ext/openssl/CREDITS b/ext/openssl/CREDITS index b685ce1..c2f50d6 100644 --- a/ext/openssl/CREDITS +++ b/ext/openssl/CREDITS @@ -1,2 +1,2 @@ OpenSSL -Stig Venaas, Wez Furlong, Sascha Kettler, Scott MacVicar +Stig Venaas, Wez Furlong, Sascha Kettler diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 4d482e8..28f7618 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -243,7 +243,7 @@ ZEND_BEGIN_ARG_INFO(arginfo_openssl_pkey_get_details, 0) ZEND_END_ARG_INFO() #if OPENSSL_VERSION_NUMBER >= 0x10000000L -ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_pbkdf2, 0, 0, 4) +ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_pkcs5_pbkdf2_hmac, 0, 0, 4) ZEND_ARG_INFO(0, password) ZEND_ARG_INFO(0, salt) ZEND_ARG_INFO(0, key_length) @@ -439,7 +439,7 @@ const zend_function_entry openssl_functions[] = { PHP_FE(openssl_open, arginfo_openssl_open) #if OPENSSL_VERSION_NUMBER >= 0x10000000L - PHP_FE(openssl_pbkdf2, arginfo_openssl_pbkdf2) + PHP_FE(openssl_pkcs5_pbkdf2_hmac, arginfo_openssl_pkcs5_pbkdf2_hmac) #endif /* for S/MIME handling */ @@ -3333,9 +3333,9 @@ PHP_FUNCTION(openssl_pkey_get_details) #if OPENSSL_VERSION_NUMBER >= 0x10000000L -/* {{{ proto string openssl_pbkdf2(string password, string salt, long key_length, long iterations [, string digest_method = "sha1"]) +/* {{{ proto string openssl_pkcs5_pbkdf2_hmac(string password, string salt, long key_length, long iterations [, string digest_method = "sha1"]) Generates a PKCS5 v2 PBKDF2 string, defaults to sha1 */ -PHP_FUNCTION(openssl_pbkdf2) +PHP_FUNCTION(openssl_pkcs5_pbkdf2_hmac) { long key_length = 0, iterations = 0; char *password; int password_len; diff --git a/ext/openssl/php_openssl.h b/ext/openssl/php_openssl.h index 2de211a..0dbe7d2 100644 --- a/ext/openssl/php_openssl.h +++ b/ext/openssl/php_openssl.h @@ -52,7 +52,7 @@ PHP_FUNCTION(openssl_private_decrypt); PHP_FUNCTION(openssl_public_encrypt); PHP_FUNCTION(openssl_public_decrypt); -PHP_FUNCTION(openssl_pbkdf2); +PHP_FUNCTION(openssl_pkcs5_pbkdf2_hmac); PHP_FUNCTION(openssl_pkcs7_verify); PHP_FUNCTION(openssl_pkcs7_decrypt); diff --git a/ext/openssl/tests/openssl_pbkdf2.phpt b/ext/openssl/tests/openssl_pbkdf2.phpt deleted file mode 100644 index 3ec4dce..0000000 --- a/ext/openssl/tests/openssl_pbkdf2.phpt +++ /dev/null @@ -1,26 +0,0 @@ ---TEST-- -openssl_pbkdf2() tests ---SKIPIF-- - ---FILE-- - ---EXPECTF-- -string(40) "0c60c80f961f0e71f3a9b524af6012062fe037a6" -string(40) "ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957" -string(40) "4b007901b765489abead49d926f721d065a429c1" -string(50) "3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038" -string(32) "56fa6aa75548099dcc37d7f03425e0c3" diff --git a/ext/openssl/tests/openssl_pkcs5_pbkdf2_hmac.phpt b/ext/openssl/tests/openssl_pkcs5_pbkdf2_hmac.phpt new file mode 100644 index 0000000..af1fcb1 --- /dev/null +++ b/ext/openssl/tests/openssl_pkcs5_pbkdf2_hmac.phpt @@ -0,0 +1,26 @@ +--TEST-- +openssl_pkcs5_pbkdf2_hmac() tests +--SKIPIF-- + +--FILE-- + +--EXPECTF-- +string(40) "0c60c80f961f0e71f3a9b524af6012062fe037a6" +string(40) "ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957" +string(40) "4b007901b765489abead49d926f721d065a429c1" +string(50) "3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038" +string(32) "56fa6aa75548099dcc37d7f03425e0c3" -- cgit v0.12 From c7be96b08fb457f8a2b4e2a64f59437b230886c1 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Tue, 12 Jun 2012 11:22:49 -0700 Subject: Revert "Add PBKDF2 support via openssl()" This reverts commit b5b8ea1050837fba5a6cee55e41b4574ed64158e. Looks like we don't have agreement yet on this for 5.4. Let's keep it in 5.5 for now. --- ext/openssl/openssl.c | 65 ------------------------ ext/openssl/php_openssl.h | 2 - ext/openssl/tests/openssl_pkcs5_pbkdf2_hmac.phpt | 26 ---------- 3 files changed, 93 deletions(-) delete mode 100644 ext/openssl/tests/openssl_pkcs5_pbkdf2_hmac.phpt diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 28f7618..7187a96 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -242,16 +242,6 @@ ZEND_BEGIN_ARG_INFO(arginfo_openssl_pkey_get_details, 0) ZEND_ARG_INFO(0, key) ZEND_END_ARG_INFO() -#if OPENSSL_VERSION_NUMBER >= 0x10000000L -ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_pkcs5_pbkdf2_hmac, 0, 0, 4) - ZEND_ARG_INFO(0, password) - ZEND_ARG_INFO(0, salt) - ZEND_ARG_INFO(0, key_length) - ZEND_ARG_INFO(0, iterations) - ZEND_ARG_INFO(0, digest_algorithm) -ZEND_END_ARG_INFO() -#endif - ZEND_BEGIN_ARG_INFO_EX(arginfo_openssl_pkcs7_verify, 0, 0, 2) ZEND_ARG_INFO(0, filename) ZEND_ARG_INFO(0, flags) @@ -438,10 +428,6 @@ const zend_function_entry openssl_functions[] = { PHP_FE(openssl_seal, arginfo_openssl_seal) PHP_FE(openssl_open, arginfo_openssl_open) -#if OPENSSL_VERSION_NUMBER >= 0x10000000L - PHP_FE(openssl_pkcs5_pbkdf2_hmac, arginfo_openssl_pkcs5_pbkdf2_hmac) -#endif - /* for S/MIME handling */ PHP_FE(openssl_pkcs7_verify, arginfo_openssl_pkcs7_verify) PHP_FE(openssl_pkcs7_decrypt, arginfo_openssl_pkcs7_decrypt) @@ -3331,57 +3317,6 @@ PHP_FUNCTION(openssl_pkey_get_details) /* }}} */ -#if OPENSSL_VERSION_NUMBER >= 0x10000000L - -/* {{{ proto string openssl_pkcs5_pbkdf2_hmac(string password, string salt, long key_length, long iterations [, string digest_method = "sha1"]) - Generates a PKCS5 v2 PBKDF2 string, defaults to sha1 */ -PHP_FUNCTION(openssl_pkcs5_pbkdf2_hmac) -{ - long key_length = 0, iterations = 0; - char *password; int password_len; - char *salt; int salt_len; - char *method; int method_len = 0; - unsigned char *out_buffer; - - const EVP_MD *digest; - - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ssll|s", - &password, &password_len, - &salt, &salt_len, - &key_length, &iterations, - &method, &method_len) == FAILURE) { - return; - } - - if (key_length <= 0) { - RETURN_FALSE; - } - - if (method_len) { - digest = EVP_get_digestbyname(method); - } else { - digest = EVP_sha1(); - } - - if (!digest) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown signature algorithm"); - RETURN_FALSE; - } - - out_buffer = emalloc(key_length + 1); - out_buffer[key_length] = '\0'; - - if (PKCS5_PBKDF2_HMAC(password, password_len, (unsigned char *)salt, salt_len, iterations, digest, key_length, out_buffer) == 1) { - RETVAL_STRINGL((char *)out_buffer, key_length, 0); - } else { - efree(out_buffer); - RETURN_FALSE; - } -} -/* }}} */ - -#endif - /* {{{ PKCS7 S/MIME functions */ /* {{{ proto bool openssl_pkcs7_verify(string filename, long flags [, string signerscerts [, array cainfo [, string extracerts [, string content]]]]) diff --git a/ext/openssl/php_openssl.h b/ext/openssl/php_openssl.h index 0dbe7d2..fc118db 100644 --- a/ext/openssl/php_openssl.h +++ b/ext/openssl/php_openssl.h @@ -52,8 +52,6 @@ PHP_FUNCTION(openssl_private_decrypt); PHP_FUNCTION(openssl_public_encrypt); PHP_FUNCTION(openssl_public_decrypt); -PHP_FUNCTION(openssl_pkcs5_pbkdf2_hmac); - PHP_FUNCTION(openssl_pkcs7_verify); PHP_FUNCTION(openssl_pkcs7_decrypt); PHP_FUNCTION(openssl_pkcs7_sign); diff --git a/ext/openssl/tests/openssl_pkcs5_pbkdf2_hmac.phpt b/ext/openssl/tests/openssl_pkcs5_pbkdf2_hmac.phpt deleted file mode 100644 index af1fcb1..0000000 --- a/ext/openssl/tests/openssl_pkcs5_pbkdf2_hmac.phpt +++ /dev/null @@ -1,26 +0,0 @@ ---TEST-- -openssl_pkcs5_pbkdf2_hmac() tests ---SKIPIF-- - ---FILE-- - ---EXPECTF-- -string(40) "0c60c80f961f0e71f3a9b524af6012062fe037a6" -string(40) "ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957" -string(40) "4b007901b765489abead49d926f721d065a429c1" -string(50) "3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038" -string(32) "56fa6aa75548099dcc37d7f03425e0c3" -- cgit v0.12 From f0d6059389c0d00e6fa4a890b69d422aab8c3b0d Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Tue, 12 Jun 2012 11:49:35 -0700 Subject: re-add 61755 to NEWS --- NEWS | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/NEWS b/NEWS index 380979b..0541499 100644 --- a/NEWS +++ b/NEWS @@ -42,6 +42,10 @@ PHP NEWS pattern). (Gustavo) . Fixed bug #60785 (memory leak in IntlDateFormatter constructor). (Gustavo) +- PDO: + . Fixed bug #61755 (A parsing bug in the prepared statements can lead to + access violations). (Johannes) + - Phar: . Fixed bug #62227 (Invalid phar stream path causes crash). (Felipe) -- cgit v0.12 From 79e44c394fe34c4c902b8a25ffac27a178ab5211 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Tue, 12 Jun 2012 11:53:24 -0700 Subject: re-add 61755 to NEWS --- NEWS | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/NEWS b/NEWS index 4950763..dfad253 100644 --- a/NEWS +++ b/NEWS @@ -112,6 +112,10 @@ PHP NEWS set to null). (Anatoliy) . Changed php://fd to be available only for CLI. +- PDO: + . Fixed bug #61755 (A parsing bug in the prepared statements can lead to + access violations). (Johannes) + - Phar: . Fix bug #61065 (Secunia SA44335, CVE-2012-2386). (Rasmus) -- cgit v0.12 From 26cb5706155347815cec5b2fb5af968e31fd55e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Johannes=20Schl=C3=BCter?= Date: Wed, 13 Jun 2012 10:35:58 +0200 Subject: Merge PHP 5.3.14 NEWS --- NEWS | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 55 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index 0541499..0f2dc7e 100644 --- a/NEWS +++ b/NEWS @@ -59,9 +59,62 @@ PHP NEWS - Zip: . Upgraded libzip to 0.10.1 (Anatoliy) -?? ??? 2012, PHP 5.3.14 +14 Jun 2012, PHP 5.3.14 -(merge after release) +- CLI SAPI: + . Fixed bug #61546 (functions related to current script failed when chdir() + in cli sapi). (Laruence, reeze.xia@gmail.com) + +- CURL: + . Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction). + (Laruence) + +- COM: + . Fixed bug #62146 com_dotnet cannot be built shared. (Johannes) + +- Core: + . Fixed CVE-2012-2143. (Solar Designer) + . Fixed bug #62005 (unexpected behavior when incrementally assigning to a + member of a null object). (Laruence) + . Fixed bug #61730 (Segfault from array_walk modifying an array passed by + reference). (Laruence) + . Fixed missing bound check in iptcparse(). (chris at chiappa.net) + . Fixed bug #61764 ('I' unpacks n as signed if n > 2^31-1 on LP64). (Gustavo) + . Fixed bug #54197 ([PATH=] sections incompatibility with user_ini.filename + set to null). (Anatoliy) + . Fixed bug #61713 (Logic error in charset detection for htmlentities). + (Anatoliy) + . Fixed bug #61991 (long overflow in realpath_cache_get()). (Anatoliy) + . Changed php://fd to be available only for CLI. + +- Fileinfo: + . Fixed bug #61812 (Uninitialised value used in libmagic). + (Laruence, Gustavo) + +- Iconv extension: + . Fixed a bug that iconv extension fails to link to the correct library + when another extension makes use of a library that links to the iconv + library. See https://bugs.gentoo.org/show_bug.cgi?id=364139 for detail. + (Moriyoshi) + +- Intl: + . Fixed bug #62082 (Memory corruption in internal function + get_icu_disp_value_src_php()). (Gustavo) + +- JSON + . Fixed bug #61537 (json_encode() incorrectly truncates/discards + information). (Adam) + +- PDO: + . Fixed bug #61755 (A parsing bug in the prepared statements can lead to + access violations). (Johannes) + +- Phar: + . Fix bug #61065 (Secunia SA44335). (Rasmus) + +- Streams: + . Fixed bug #61961 (file_get_contents leaks when access empty file with + maxlen set). (Reeze) 08 May 2012, PHP 5.3.13 - CGI -- cgit v0.12