Package: php4 Version: 4:4.4.2-1 Severity: normal Tags: patch Hi,
Attached is the diff for my php4 4:4.4.2-1.1 NMU.
diff -Nru /tmp/lqhcFBVQep/php4-4.4.2/debian/changelog /tmp/965ba9IQOe/php4-4.4.2/debian/changelog --- /tmp/lqhcFBVQep/php4-4.4.2/debian/changelog 2006-06-13 22:05:28.000000000 +0200 +++ /tmp/965ba9IQOe/php4-4.4.2/debian/changelog 2006-06-13 22:05:29.000000000 +0200 @@ -1,3 +1,15 @@ +php4 (4:4.4.2-1.1) unstable; urgency=high + + * Non-maintainer upload. + * Backport patches from upstream CVS to fix security issues: + * 058-html_entity_decode_fix.patch: Fix information leak in + html_entity_decode() (CVE-2006-1490). (Closes: #359904) + * 059-wordwrap_fix.patch: Fix possible heap overflow in wordwrap() + (CVE-2006-1990). (Closes: #365311) + * Make sure patches are applied in correct order; patch from Sven Mueller. + + -- Steinar H. Gunderson <[EMAIL PROTECTED]> Tue, 13 Jun 2006 21:09:20 +0200 + php4 (4:4.4.2-1) unstable; urgency=low * New upstream bugfix release, skipping the problematic 4.4.1 release: diff -Nru /tmp/lqhcFBVQep/php4-4.4.2/debian/patches/058-html_entity_decode_fix.patch /tmp/965ba9IQOe/php4-4.4.2/debian/patches/058-html_entity_decode_fix.patch --- /tmp/lqhcFBVQep/php4-4.4.2/debian/patches/058-html_entity_decode_fix.patch 1970-01-01 01:00:00.000000000 +0100 +++ /tmp/965ba9IQOe/php4-4.4.2/debian/patches/058-html_entity_decode_fix.patch 2006-06-13 22:05:29.000000000 +0200 @@ -0,0 +1,18 @@ +Fetched from upstream CVS, at + + http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?r1=1.63.2.23.2.1&r2=1.63.2.23.2.2&view=patch + +Fixes CVE-2006-1490. + +diff -ur php4-4.3.10-orig/ext/standard/html.c php4-4.3.10/ext/standard/html.c +--- php4-4.3.10-orig/ext/standard/html.c 2004-07-13 19:15:13.000000000 +0200 ++++ php4-4.3.10/ext/standard/html.c 2006-03-31 17:15:33.000000000 +0200 +@@ -791,7 +791,7 @@ + enum entity_charset charset = determine_charset(hint_charset TSRMLS_CC); + unsigned char replacement[15]; + +- ret = estrdup(old); ++ ret = estrndup(old,oldlen); + retlen = oldlen; + if (!retlen) { + goto empty_source; diff -Nru /tmp/lqhcFBVQep/php4-4.4.2/debian/patches/059-wordwrap_fix.patch /tmp/965ba9IQOe/php4-4.4.2/debian/patches/059-wordwrap_fix.patch --- /tmp/lqhcFBVQep/php4-4.4.2/debian/patches/059-wordwrap_fix.patch 1970-01-01 01:00:00.000000000 +0100 +++ /tmp/965ba9IQOe/php4-4.4.2/debian/patches/059-wordwrap_fix.patch 2006-06-13 22:05:29.000000000 +0200 @@ -0,0 +1,35 @@ +Fetched from upstream CVS, at + + http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.333.2.52.2.3&r2=1.333.2.52.2.4&view=patch + +Fixes CVE-2006-1990. + +--- php4-4.3.10.orig/ext/standard/string.c 2006/01/01 13:46:58 1.333.2.52.2.3 ++++ php4-4.3.10/ext/standard/string.c 2006/03/13 14:41:27 1.333.2.52.2.4 +@@ -18,7 +18,7 @@ + +----------------------------------------------------------------------+ + */ + +-/* $Id: string.c,v 1.333.2.52.2.3 2006/01/01 13:46:58 sniper Exp $ */ ++/* $Id: string.c,v 1.333.2.52.2.4 2006/03/13 14:41:27 iliaa Exp $ */ + + /* Synced with php 3.0 revision 1.193 1999-06-16 [ssb] */ + +@@ -672,15 +672,13 @@ + /* Multiple character line break or forced cut */ + if (linelength > 0) { + chk = (int)(textlen/linelength + 1); ++ newtext = safe_emalloc(chk, breakcharlen, textlen + 1); + alloced = textlen + chk * breakcharlen + 1; + } else { + chk = textlen; ++ newtext = safe_emalloc(textlen, (breakcharlen + 1), 1); + alloced = textlen * (breakcharlen + 1) + 1; + } +- if (alloced <= 0) { +- RETURN_FALSE; +- } +- newtext = emalloc(alloced); + + /* now keep track of the actual new text length */ + newtextlen = 0; diff -Nru /tmp/lqhcFBVQep/php4-4.4.2/debian/rules /tmp/965ba9IQOe/php4-4.4.2/debian/rules --- /tmp/lqhcFBVQep/php4-4.4.2/debian/rules 2006-06-13 22:05:28.000000000 +0200 +++ /tmp/965ba9IQOe/php4-4.4.2/debian/rules 2006-06-13 22:05:29.000000000 +0200 @@ -101,7 +101,7 @@ patch: patch-stamp patch-stamp: dh_testdir - for patch in debian/patches/*.patch; do \ + for patch in `ls debian/patches/*.patch | sort`; do \ echo '->'`basename $$patch`:; \ if ! patch -p1 --ignore-whitespace --dry-run < $$patch; \ then \