From: Elan Ruusamäe Date: Wed, 18 Jan 2017 23:25:16 +0000 (+0200) Subject: backported fixes up to 2.7.2 X-Git-Tag: auto/th/php-ZendFramework-2.4.11-2 X-Git-Url: https://git.pld-linux.org/?p=packages%2Fphp-ZendFramework.git;a=commitdiff_plain;h=7aff082cacb531be8e484f294a2abf771232933b backported fixes up to 2.7.2 $ git log -p --reverse release-2.4.11..develop-2.4 src > ../2.4-fixes.patch --- diff --git a/bug-64.patch b/bug-64.patch deleted file mode 100644 index 157e3ff..0000000 --- a/bug-64.patch +++ /dev/null @@ -1,29 +0,0 @@ -https://github.com/zendframework/zend-mail/issues/64 - -diff --git a/src/Header/HeaderWrap.php b/src/Header/HeaderWrap.php -index df532ed..e0be2f5 100644 ---- a/src/Header/HeaderWrap.php -+++ b/src/Header/HeaderWrap.php -@@ -116,7 +116,21 @@ abstract class HeaderWrap - */ - public static function canBeEncoded($value) - { -- $encoded = iconv_mime_encode('x-test', $value, array('scheme' => 'Q')); -+ // avoid any wrapping by specifying line length long enough -+ // "test" -> 4 -+ // "x-test: =?ISO-8859-1?B?dGVzdA==?=" -> 33 -+ // 8 +2 +3 +3 -> 16 -+ $charset = 'UTF-8'; -+ $line_length = strlen($value) * 4 + strlen($charset) + 16; -+ -+ $preferences = array( -+ 'scheme' => 'Q', -+ 'input-charset' => $charset, -+ 'output-charset' => $charset, -+ 'line-length' => $line_length, -+ ); -+ -+ $encoded = iconv_mime_encode('x-test', $value, $preferences); - - return (false !== $encoded); - } diff --git a/php-ZendFramework.spec b/php-ZendFramework.spec index e117a70..1dbeb77 100644 --- a/php-ZendFramework.spec +++ b/php-ZendFramework.spec @@ -9,7 +9,7 @@ Summary: Zend Framework 2 Name: php-ZendFramework Version: 2.4.11 -Release: 1 +Release: 2 License: BSD Group: Development/Languages/PHP Source0: https://packages.zendframework.com/releases/ZendFramework-%{version}/ZendFramework-%{version}.tgz @@ -19,12 +19,12 @@ Source0: https://packages.zendframework.com/releases/ZendFramework-%{version}/Ze # tar czf ../ZendFramework-tests-2.4.8.tgz tests #Source1: ZendFramework-tests-%{version}.tgz Source2: autoload.php -Patch0: bug-64.patch +Patch0: zf-mail-2.4-fixes.patch URL: https://framework.zend.com/ -Requires: php(core) >= 5.3.23 %if %{with tests} BuildRequires: phpunit >= 4.0.0 %endif +Requires: php(core) >= 5.3.23 BuildArch: noarch BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) @@ -1280,7 +1280,7 @@ usage. If the XML document uses ENTITY the library throw an Exception. %prep %setup -q -n ZendFramework-%{version} %{?with_tests:-a 1} -%patch -p2 -d library/Zend/Mail +%patch0 -p2 -d library/Zend/Mail # move doc for easier install install -d doc diff --git a/zf-mail-2.4-fixes.patch b/zf-mail-2.4-fixes.patch new file mode 100644 index 0000000..b5f5935 --- /dev/null +++ b/zf-mail-2.4-fixes.patch @@ -0,0 +1,279 @@ +commit a29b8fb3146e318ba3fd9a084859f2e39553c084 +Author: Elan Ruusamäe +Date: Wed Feb 10 09:35:53 2016 +0200 + + test and fix for #64 + + backport for 2.4 + + Conflicts: + src/Header/HeaderWrap.php + +diff --git a/src/Header/HeaderWrap.php b/src/Header/HeaderWrap.php +index df532edc..e0be2f56 100644 +--- a/src/Header/HeaderWrap.php ++++ b/src/Header/HeaderWrap.php +@@ -116,7 +116,21 @@ abstract class HeaderWrap + */ + public static function canBeEncoded($value) + { +- $encoded = iconv_mime_encode('x-test', $value, array('scheme' => 'Q')); ++ // avoid any wrapping by specifying line length long enough ++ // "test" -> 4 ++ // "x-test: =?ISO-8859-1?B?dGVzdA==?=" -> 33 ++ // 8 +2 +3 +3 -> 16 ++ $charset = 'UTF-8'; ++ $line_length = strlen($value) * 4 + strlen($charset) + 16; ++ ++ $preferences = array( ++ 'scheme' => 'Q', ++ 'input-charset' => $charset, ++ 'output-charset' => $charset, ++ 'line-length' => $line_length, ++ ); ++ ++ $encoded = iconv_mime_encode('x-test', $value, $preferences); + + return (false !== $encoded); + } + +commit 755b22727a126608611b6a58c289ad6744db21a9 +Merge: 6034313f 393b43c9 +Author: Elan Ruusamäe +Date: Mon Feb 15 11:51:30 2016 +0200 + + Merge tag 'release-2.4.9' into develop-2.4 + + zend-mail 2.4.9 + + Conflicts: + composer.json + +commit 222ace2631198f7498ae7c3799caaf6fc3a7936a +Merge: 755b2272 c1c73d7f +Author: Elan Ruusamäe +Date: Fri Jan 13 17:39:32 2017 +0200 + + Merge tag 'release-2.4.11' into develop-2.4 + + zend-mail 2.4.11 + + Added + ----- + + - Nothing. + + Deprecated + ---------- + + - Nothing. + + Removed + ------- + + - Nothing. + + Fixed + ----- + + - Fixes the [ZF2016-04 advisory](https://framework.zend.com/security/advisory/ZF2016-04) + ("Potential remote code execution in zend-mail via Sendmail adapter"). + +commit 8493b2a0610c59fbeeaf0ffc44340810d4d84d93 +Author: Etienne CHAMPETIER +Date: Fri May 29 14:32:09 2015 +0200 + + Headers: fix bad sprintf call + + Signed-off-by: Etienne CHAMPETIER + +diff --git a/src/Headers.php b/src/Headers.php +index 3ceb10be..b416f52a 100644 +--- a/src/Headers.php ++++ b/src/Headers.php +@@ -220,6 +220,7 @@ class Headers implements Countable, Iterator + if (!is_string($headerFieldNameOrLine)) { + throw new Exception\InvalidArgumentException(sprintf( + '%s expects its first argument to be a string; received "%s"', ++ __METHOD__, + (is_object($headerFieldNameOrLine) + ? get_class($headerFieldNameOrLine) + : gettype($headerFieldNameOrLine)) + +commit 66eeb12567335f3a23aea7538a82e9a144464427 +Author: Denis Sokolov +Date: Wed Jun 10 16:44:27 2015 +0300 + + Handle simple comments in address lists + +diff --git a/src/Header/AbstractAddressList.php b/src/Header/AbstractAddressList.php +index e7db7240..b13f9ebd 100644 +--- a/src/Header/AbstractAddressList.php ++++ b/src/Header/AbstractAddressList.php +@@ -63,6 +63,7 @@ abstract class AbstractAddressList implements HeaderInterface + $values, + function (&$value) { + $value = trim($value); ++ $value = self::stripComments($value); + } + ); + +@@ -155,4 +156,19 @@ abstract class AbstractAddressList implements HeaderInterface + $value = $this->getFieldValue(HeaderInterface::FORMAT_ENCODED); + return (empty($value)) ? '' : sprintf('%s: %s', $name, $value); + } ++ ++ // Supposed to be private, protected as a workaround for PHP bug 68194 ++ protected static function stripComments($value) ++ { ++ return preg_replace( ++ '/\\( ++ ( ++ \\\\.| ++ [^\\\\)] ++ )+ ++ \\)/x', ++ '', ++ $value ++ ); ++ } + } + +commit 5064f95148c1d996b5b25bc556830da9a8458e6a +Author: Denis Sokolov +Date: Thu Jun 11 13:27:04 2015 +0300 + + Handle groups in address lists + +diff --git a/src/Header/AbstractAddressList.php b/src/Header/AbstractAddressList.php +index b13f9ebd..e0b4e78c 100644 +--- a/src/Header/AbstractAddressList.php ++++ b/src/Header/AbstractAddressList.php +@@ -58,6 +58,7 @@ abstract class AbstractAddressList implements HeaderInterface + } + // split value on "," + $fieldValue = str_replace(Headers::FOLDING, ' ', $fieldValue); ++ $fieldValue = preg_replace('/[^:]+:([^;]*);/', '$1,', $fieldValue); + $values = str_getcsv($fieldValue, ','); + array_walk( + $values, +@@ -66,6 +67,7 @@ abstract class AbstractAddressList implements HeaderInterface + $value = self::stripComments($value); + } + ); ++ $values = array_filter($values); + + $addressList = $header->getAddressList(); + foreach ($values as $address) { + +commit ebdc224fb6847c39e9691631eef23b3b1c3eb6a0 +Author: Stefano Torresi +Date: Wed Jun 3 17:33:40 2015 +0200 + + fixes zendframework/zf2#7555 + +diff --git a/src/Header/Sender.php b/src/Header/Sender.php +index 2efc23bf..e7bcac63 100644 +--- a/src/Header/Sender.php ++++ b/src/Header/Sender.php +@@ -39,25 +39,23 @@ class Sender implements HeaderInterface + + // check to ensure proper header type for this factory + if (strtolower($name) !== 'sender') { +- throw new Exception\InvalidArgumentException('Invalid header line for Sender string'); ++ throw new Exception\InvalidArgumentException('Invalid header name for Sender string'); + } + +- $header = new static(); +- $senderName = ''; +- $senderEmail = ''; ++ $header = new static(); ++ $hasMatches = preg_match('/^(?:(?P.+)\s)?(?(name)<|[^\s]+?)(?(name)>|>?)$/', $value, $matches); + +- // Check for address, and set if found +- if (preg_match('/^(?P.*?)<(?P[^>]+)>$/', $value, $matches)) { +- $senderName = trim($matches['name']); +- if (empty($senderName)) { +- $senderName = null; +- } +- $senderEmail = $matches['email']; +- } else { +- $senderEmail = $value; ++ if ($hasMatches !== 1) { ++ throw new Exception\InvalidArgumentException('Invalid header value for Sender string'); ++ } ++ ++ $senderName = trim($matches['name']); ++ ++ if (empty($senderName)) { ++ $senderName = null; + } + +- $header->setAddress($senderEmail, $senderName); ++ $header->setAddress($matches['email'], $senderName); + + return $header; + } + +commit c012507f8ae08eb92edb022c290d84dd9966fb46 +Author: Stefano Torresi +Date: Mon Oct 26 20:26:11 2015 +0100 + + comment the regex + +diff --git a/src/Header/Sender.php b/src/Header/Sender.php +index e7bcac63..9f532949 100644 +--- a/src/Header/Sender.php ++++ b/src/Header/Sender.php +@@ -43,6 +43,12 @@ class Sender implements HeaderInterface + } + + $header = new static(); ++ ++ /** ++ * matches the header value so that the email must be enclosed by < > when a name is present ++ * 'name' and 'email' capture groups correspond respectively to 'display-name' and 'addr-spec' in the ABNF ++ * @see https://tools.ietf.org/html/rfc5322#section-3.4 ++ */ + $hasMatches = preg_match('/^(?:(?P.+)\s)?(?(name)<|[^\s]+?)(?(name)>|>?)$/', $value, $matches); + + if ($hasMatches !== 1) { + +commit bfe40077aeed5c2cf401d23d0508d63b5c44d8c6 +Author: Elan Ruusamäe +Date: Sun Jan 31 00:03:58 2016 +0200 + + add format param to toArray + + this allows exporting headers in raw or encoded form + +diff --git a/src/Headers.php b/src/Headers.php +index b416f52a..c05cde1b 100644 +--- a/src/Headers.php ++++ b/src/Headers.php +@@ -430,10 +430,11 @@ class Headers implements Countable, Iterator + /** + * Return the headers container as an array + * +- * @todo determine how to produce single line headers, if they are supported ++ * @param bool $format Return the values in Mime::Encoded or in Raw format + * @return array ++ * @todo determine how to produce single line headers, if they are supported + */ +- public function toArray() ++ public function toArray($format = Header\HeaderInterface::FORMAT_RAW) + { + $headers = array(); + /* @var $header Header\HeaderInterface */ +@@ -443,9 +444,9 @@ class Headers implements Countable, Iterator + if (!isset($headers[$name])) { + $headers[$name] = array(); + } +- $headers[$name][] = $header->getFieldValue(); ++ $headers[$name][] = $header->getFieldValue($format); + } else { +- $headers[$header->getFieldName()] = $header->getFieldValue(); ++ $headers[$header->getFieldName()] = $header->getFieldValue($format); + } + } + return $headers;