head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.8 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.6 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.2.0.4 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q2:1.2.0.2 pkgsrc-2011Q2-base:1.2 pkgsrc-2011Q1:1.1.0.2; locks; strict; comment @# @; 1.2 date 2011.06.19.15.40.21; author taca; state dead; branches; next 1.1; 1.1 date 2011.05.16.13.05.01; author taca; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2011.05.16.13.05.01; author sbd; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2011.05.17.08.18.06; author sbd; state Exp; branches; next ; desc @@ 1.2 log @Update pear pacakge to 1.9.3. * Include XML_Util 1.2.1 which should be included from 1.9.0. Release date: 2011-06-04 23:46 UTC Release state: stable Changelog: * Fixed Bug #17744: Empty changelog causes fatal error in setChangelogentry [dufuz] * Fixed Bug #18340: raiseErro typo [doconnor] * Fixed Bug #18349: package.xml version not recognized when single quoted [dufuz] * Fixed Bug #18364: date.timezone errors for sh/bat files when TZ is not set in php.ini [dufuz] * Fixed Bug #18388: Parenteses error in REST.php line 232 [dufuz] * Fixed Bug #18428: invalid preg_match patterns [glen] * Fixed Bug #18486: REST/10.php does not check error condition [dufuz] * Fixed a problem in RunTest and code coverage. Correctly register the code coverage shutdown function in case we are inside a namespace. [sebastian] * Fixed a bug with extensions not providing their config.m4 and co in the root directory of their pecl package but rather in a sub directory, such as xhprof. [dufuz] @ text @$NetBSD: patch-PEAR_REST.php,v 1.1 2011/05/16 13:05:01 taca Exp $ * Update to r309592 in PEAR's repository, fixing CVE-2011-1144. --- PEAR/REST.php.orig 2011-02-28 17:48:36.000000000 +0000 +++ PEAR/REST.php @@@@ -102,7 +102,7 @@@@ class PEAR_REST // reset the age of the cache if the server says it was unmodified $result = $this->saveCache($url, $ret, null, true, $cacheId); if (PEAR::isError($result)) { - return PEAR::raiseErro($result->getMessage()); + return PEAR::raiseError($result->getMessage()); } } @@@@ -122,7 +122,7 @@@@ class PEAR_REST if ($forcestring) { $result = $this->saveCache($url, $content, $lastmodified, false, $cacheId); if (PEAR::isError($result)) { - return PEAR::raiseErro($result->getMessage()); + return PEAR::raiseError($result->getMessage()); } return $content; @@@@ -162,7 +162,7 @@@@ class PEAR_REST $result = $this->saveCache($url, $content, $lastmodified, false, $cacheId); if (PEAR::isError($result)) { - return PEAR::raiseErro($result->getMessage()); + return PEAR::raiseError($result->getMessage()); } return $content; @@@@ -228,59 +228,75 @@@@ class PEAR_REST $cacheidfile = $d . 'rest.cacheid'; $cachefile = $d . 'rest.cachefile'; + if (!is_dir($cache_dir)) { + if (System::mkdir(array('-p', $cache_dir)) === false) { + return PEAR::raiseError("The value of config option cache_dir ($cache_dir) is not a directory and attempts to create the directory failed."); + } + } + if ($cacheid === null && $nochange) { $cacheid = unserialize(implode('', file($cacheidfile))); } - if (is_link($cacheidfile)) { - return PEAR::raiseError('SECURITY ERROR: Will not write to ' . $cacheidfile . ' as it is symlinked to ' . readlink($cacheidfile) . ' - Possible symlink attack'); - } + $idData = serialize(array( + 'age' => time(), + 'lastChange' => ($nochange ? $cacheid['lastChange'] : $lastmodified), + )); - if (is_link($cachefile)) { - return PEAR::raiseError('SECURITY ERROR: Will not write to ' . $cacheidfile . ' as it is symlinked to ' . readlink($cacheidfile) . ' - Possible symlink attack'); + $result = $this->saveCacheFile($cacheidfile, $idData); + if (PEAR::isError($result)) { + return $result; + } elseif ($nochange) { + return true; } - $cacheidfile_fp = @@fopen($cacheidfile, 'wb'); - if (!$cacheidfile_fp) { - if (is_dir($cache_dir)) { - return PEAR::raiseError("The value of config option cache_dir ($cache_dir) is not a directory. "); + $result = $this->saveCacheFile($cachefile, serialize($contents)); + if (PEAR::isError($result)) { + if (file_exists($cacheidfile)) { + @@unlink($cacheidfile); } - System::mkdir(array('-p', $cache_dir)); - $cacheidfile_fp = @@fopen($cacheidfile, 'wb'); - if (!$cacheidfile_fp) { - return PEAR::raiseError("Could not open $cacheidfile for writing."); - } + return $result; } - if ($nochange) { - fwrite($cacheidfile_fp, serialize(array( - 'age' => time(), - 'lastChange' => $cacheid['lastChange'], - )) - ); - - fclose($cacheidfile_fp); - return true; - } + return true; + } - fwrite($cacheidfile_fp, serialize(array( - 'age' => time(), - 'lastChange' => $lastmodified, - )) - ); - fclose($cacheidfile_fp); + function saveCacheFile($file, $contents) + { + $len = strlen($contents); - $cachefile_fp = @@fopen($cachefile, 'wb'); - if (!$cachefile_fp) { - if (file_exists($cacheidfile)) { - @@unlink($cacheidfile); + $cachefile_fp = @@fopen($file, 'xb'); // x is the O_CREAT|O_EXCL mode + if ($cachefile_fp !== false) { // create file + if (fwrite($cachefile_fp, $contents, $len) < $len) { + fclose($cachefile_fp); + return PEAR::raiseError("Could not write $file."); + } + } else { // update file + $cachefile_lstat = lstat($file); + $cachefile_fp = @@fopen($file, 'wb'); + if (!$cachefile_fp) { + return PEAR::raiseError("Could not open $file for writing."); + } + + $cachefile_fstat = fstat($cachefile_fp); + if ( + $cachefile_lstat['mode'] == $cachefile_fstat['mode'] && + $cachefile_lstat['ino'] == $cachefile_fstat['ino'] && + $cachefile_lstat['dev'] == $cachefile_fstat['dev'] && + $cachefile_fstat['nlink'] === 1 + ) { + if (fwrite($cachefile_fp, $contents, $len) < $len) { + fclose($cachefile_fp); + return PEAR::raiseError("Could not write $file."); + } + } else { + fclose($cachefile_fp); + $link = function_exists('readlink') ? readlink($file) : $file; + return PEAR::raiseError('SECURITY ERROR: Will not write to ' . $file . ' as it is symlinked to ' . $link . ' - Possible symlink attack'); } - - return PEAR::raiseError("Could not open $cacheidfile for writing."); } - fwrite($cachefile_fp, serialize($contents)); fclose($cachefile_fp); return true; } @ 1.1 log @Add a patch to fix CVE-2011-1144 (and a few bug fixes). Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-PEAR_REST.php was added on branch pkgsrc-2011Q1 on 2011-05-17 08:18:06 +0000 @ text @d1 146 @ 1.1.2.2 log @Pullup ticket #3433 - requested by taca lang/pear security update Revisions pulled up: - lang/pear/Makefile 1.17 - lang/pear/distinfo 1.9 - lang/pear/patches/patch-PEAR_REST.php 1.1 --- Module Name: pkgsrc Committed By: taca Date: Mon May 16 13:05:01 UTC 2011 Modified Files: pkgsrc/lang/pear: Makefile distinfo Added Files: pkgsrc/lang/pear/patches: patch-PEAR_REST.php Log Message: Add a patch to fix CVE-2011-1144 (and a few bug fixes). Bump PKGREVISION. @ text @a0 146 $NetBSD$ * Update to r309592 in PEAR's repository, fixing CVE-2011-1144. --- PEAR/REST.php.orig 2011-02-28 17:48:36.000000000 +0000 +++ PEAR/REST.php @@@@ -102,7 +102,7 @@@@ class PEAR_REST // reset the age of the cache if the server says it was unmodified $result = $this->saveCache($url, $ret, null, true, $cacheId); if (PEAR::isError($result)) { - return PEAR::raiseErro($result->getMessage()); + return PEAR::raiseError($result->getMessage()); } } @@@@ -122,7 +122,7 @@@@ class PEAR_REST if ($forcestring) { $result = $this->saveCache($url, $content, $lastmodified, false, $cacheId); if (PEAR::isError($result)) { - return PEAR::raiseErro($result->getMessage()); + return PEAR::raiseError($result->getMessage()); } return $content; @@@@ -162,7 +162,7 @@@@ class PEAR_REST $result = $this->saveCache($url, $content, $lastmodified, false, $cacheId); if (PEAR::isError($result)) { - return PEAR::raiseErro($result->getMessage()); + return PEAR::raiseError($result->getMessage()); } return $content; @@@@ -228,59 +228,75 @@@@ class PEAR_REST $cacheidfile = $d . 'rest.cacheid'; $cachefile = $d . 'rest.cachefile'; + if (!is_dir($cache_dir)) { + if (System::mkdir(array('-p', $cache_dir)) === false) { + return PEAR::raiseError("The value of config option cache_dir ($cache_dir) is not a directory and attempts to create the directory failed."); + } + } + if ($cacheid === null && $nochange) { $cacheid = unserialize(implode('', file($cacheidfile))); } - if (is_link($cacheidfile)) { - return PEAR::raiseError('SECURITY ERROR: Will not write to ' . $cacheidfile . ' as it is symlinked to ' . readlink($cacheidfile) . ' - Possible symlink attack'); - } + $idData = serialize(array( + 'age' => time(), + 'lastChange' => ($nochange ? $cacheid['lastChange'] : $lastmodified), + )); - if (is_link($cachefile)) { - return PEAR::raiseError('SECURITY ERROR: Will not write to ' . $cacheidfile . ' as it is symlinked to ' . readlink($cacheidfile) . ' - Possible symlink attack'); + $result = $this->saveCacheFile($cacheidfile, $idData); + if (PEAR::isError($result)) { + return $result; + } elseif ($nochange) { + return true; } - $cacheidfile_fp = @@fopen($cacheidfile, 'wb'); - if (!$cacheidfile_fp) { - if (is_dir($cache_dir)) { - return PEAR::raiseError("The value of config option cache_dir ($cache_dir) is not a directory. "); + $result = $this->saveCacheFile($cachefile, serialize($contents)); + if (PEAR::isError($result)) { + if (file_exists($cacheidfile)) { + @@unlink($cacheidfile); } - System::mkdir(array('-p', $cache_dir)); - $cacheidfile_fp = @@fopen($cacheidfile, 'wb'); - if (!$cacheidfile_fp) { - return PEAR::raiseError("Could not open $cacheidfile for writing."); - } + return $result; } - if ($nochange) { - fwrite($cacheidfile_fp, serialize(array( - 'age' => time(), - 'lastChange' => $cacheid['lastChange'], - )) - ); - - fclose($cacheidfile_fp); - return true; - } + return true; + } - fwrite($cacheidfile_fp, serialize(array( - 'age' => time(), - 'lastChange' => $lastmodified, - )) - ); - fclose($cacheidfile_fp); + function saveCacheFile($file, $contents) + { + $len = strlen($contents); - $cachefile_fp = @@fopen($cachefile, 'wb'); - if (!$cachefile_fp) { - if (file_exists($cacheidfile)) { - @@unlink($cacheidfile); + $cachefile_fp = @@fopen($file, 'xb'); // x is the O_CREAT|O_EXCL mode + if ($cachefile_fp !== false) { // create file + if (fwrite($cachefile_fp, $contents, $len) < $len) { + fclose($cachefile_fp); + return PEAR::raiseError("Could not write $file."); + } + } else { // update file + $cachefile_lstat = lstat($file); + $cachefile_fp = @@fopen($file, 'wb'); + if (!$cachefile_fp) { + return PEAR::raiseError("Could not open $file for writing."); + } + + $cachefile_fstat = fstat($cachefile_fp); + if ( + $cachefile_lstat['mode'] == $cachefile_fstat['mode'] && + $cachefile_lstat['ino'] == $cachefile_fstat['ino'] && + $cachefile_lstat['dev'] == $cachefile_fstat['dev'] && + $cachefile_fstat['nlink'] === 1 + ) { + if (fwrite($cachefile_fp, $contents, $len) < $len) { + fclose($cachefile_fp); + return PEAR::raiseError("Could not write $file."); + } + } else { + fclose($cachefile_fp); + $link = function_exists('readlink') ? readlink($file) : $file; + return PEAR::raiseError('SECURITY ERROR: Will not write to ' . $file . ' as it is symlinked to ' . $link . ' - Possible symlink attack'); } - - return PEAR::raiseError("Could not open $cacheidfile for writing."); } - fwrite($cachefile_fp, serialize($contents)); fclose($cachefile_fp); return true; } @