December 2013 - openSUSE Commits - openSUSE Mailing Lists

commit xorg-x11-server for openSUSE:12.2:Update
by root＠hilbert.suse.de 27 Dec '13

27 Dec '13

Hello community, here is the log from the commit of package xorg-x11-server for openSUSE:12.2:Update checked in at 2013-12-27 11:17:38 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.2:Update/xorg-x11-server (Old) and /work/SRC/openSUSE:12.2:Update/.xorg-x11-server.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "xorg-x11-server" Changes: -------- New Changes file: NO CHANGES FILE!!! ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _link ++++++ --- /var/tmp/diff_new_pack.MknmuE/_old 2013-12-27 11:17:39.000000000 +0100 +++ /var/tmp/diff_new_pack.MknmuE/_new 2013-12-27 11:17:39.000000000 +0100 @@ -1 +1 @@ -<link package='xorg-x11-server.2115' cicount='copy' /> +<link package='xorg-x11-server.2418' cicount='copy' /> -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit patchinfo.2404 for openSUSE:12.2:Update
by root＠hilbert.suse.de 27 Dec '13

27 Dec '13

Hello community, here is the log from the commit of package patchinfo.2404 for openSUSE:12.2:Update checked in at 2013-12-27 09:20:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.2:Update/patchinfo.2404 (Old) and /work/SRC/openSUSE:12.2:Update/.patchinfo.2404.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "patchinfo.2404" Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo> <issue id="837746" tracker="bnc">CVE-2013-4248: php5: attackers can perform man-in-the-middle attacks by specially crafting certificates</issue> <issue id="853045" tracker="bnc">CVE-2013-6712: php5/php52: overflow in dateinterval parser</issue> <issue id="854880" tracker="bnc">CVE-2013-6420: php: memory corrpution in openssl_parse_x509</issue> <issue id="CVE-2013-4248" tracker="cve" /> <issue id="CVE-2013-6712" tracker="cve" /> <issue id="CVE-2013-6420" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>pgajdos</packager> <description> - security update * CVE-2013-6420.patch [bnc#854880] * CVE-2013-6712.patch [bnc#853045] * CVE-2013-4248.patch [bnc#837746] </description> <summary>update for php5</summary> </patchinfo> -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit php5 for openSUSE:13.1:Update
by root＠hilbert.suse.de 27 Dec '13

27 Dec '13

Hello community, here is the log from the commit of package php5 for openSUSE:13.1:Update checked in at 2013-12-27 09:20:17 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1:Update/php5 (Old) and /work/SRC/openSUSE:13.1:Update/.php5.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "php5" Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _link ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _link ++++++ <link package='php5.2404' cicount='copy' /> -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit php5.2404 for openSUSE:13.1:Update
by root＠hilbert.suse.de 27 Dec '13

27 Dec '13

Hello community, here is the log from the commit of package php5.2404 for openSUSE:13.1:Update checked in at 2013-12-27 09:20:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1:Update/php5.2404 (Old) and /work/SRC/openSUSE:13.1:Update/.php5.2404.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "php5.2404" Changes: -------- New Changes file: --- /dev/null 2013-11-25 01:44:08.036031256 +0100 +++ /work/SRC/openSUSE:13.1:Update/.php5.2404.new/php5.changes 2013-12-27 09:20:17.000000000 +0100 @@ -0,0 +1,3000 @@ +------------------------------------------------------------------- +Fri Dec 13 10:32:11 UTC 2013 - pgajdos(a)suse.com + +- security update + * CVE-2013-6420.patch [bnc#854880] + * CVE-2013-6712.patch [bnc#853045] + +------------------------------------------------------------------- +Wed Sep 25 09:30:23 UTC 2013 - pgajdos(a)suse.com + +- updated to 5.4.20: + * About 30 bugs were fixed. + +------------------------------------------------------------------- +Thu Sep 5 12:44:11 UTC 2013 - pgajdos(a)suse.com + +- updated to 5.4.19: + * These releases fix a bug in the patch for CVE-2013-4248 in + OpenSSL module and compile failure with ZTS enabled in PHP 5.4. + +------------------------------------------------------------------- +Tue Aug 20 10:44:04 UTC 2013 - pgajdos(a)suse.com + +- updated to 5.4.18: + * About 30 bugs were fixed, including security issues CVE-2013-4113 + and CVE-2013-4248. + +------------------------------------------------------------------- +Thu Aug 1 21:28:15 UTC 2013 - crrodriguez(a)opensuse.org + +- php5-per-mod-log.patch: It turns out that requesting per-module + logging support in 2.4 will not do a thing if the expansion + of APLOG_USE_MODULE is not visible to all files of the module + so place it in the header instead. + +------------------------------------------------------------------- +Wed Jul 31 01:21:24 UTC 2013 - crrodriguez(a)opensuse.org + +- php5-per-mod-log.patch Support apache 2.4 per module logging +- php5-apache24-updates.patch Use proper API in apache 2.4 + to determine when the module has to be loaded. + I made this patches at least a year ago, but for some reason + they went out of my radar and were not applied to upstream + Will be submitted again soon. + +------------------------------------------------------------------- +Mon Jul 15 14:49:21 UTC 2013 - pgajdos(a)suse.com + +- updated to 5.4.17: + Core: + Fixed bug #64988 (Class loading order affects E_STRICT warning). + Fixed bug #64966 (segfault in zend_do_fcall_common_helper_SPEC). + Fixed bug #64960 (Segfault in gc_zval_possible_root). + Fixed bug #64936 (doc comments picked up from previous scanner run). + Fixed bug #64934 (Apache2 TS crash with get_browser()). + Fixed bug #64166 (quoted-printable-encode stream filter incorrectly + discarding whitespace). + DateTime: + Fixed bug #53437 (Crash when using unserialized DatePeriod instance). + FPM: + Fixed bug #64915 (error_log ignored when daemonize=0). + Implemented FR #64764 (add support for FPM init.d script). + PDO: + Fixed bug #63176 (Segmentation fault when instantiate 2 persistent + PDO to the same db server). + PDO_DBlib: + Fixed bug #63638 (Cannot connect to SQL Server 2008 with PDO dblib). + Fixed bug #64338 (pdo_dblib can't connect to Azure SQL). + Fixed bug #64808 (FreeTDS PDO getColumnMeta on a prepared but not + executed statement crashes). + PDO_firebird: + Fixed bug #64037 (Firebird return wrong value for numeric field). + Fixed bug #62024 (Cannot insert second row with null using + parametrized query). + PDO_mysql: + Fixed bug #48724 (getColumnMeta() doesn't return native_type for BIT, + TINYINT and YEAR). + PDO_pgsql: + Fixed bug #64949 (Buffer overflow in _pdo_pgsql_error). + pgsql: + Fixed bug #64609 (pg_convert enum type support). + Readline: + Implement FR #55694 (Expose additional readline variable to prevent + default filename completion). + SPL: + Fixed bug #64997 (Segfault while using RecursiveIteratorIterator + on 64-bits systems). + +------------------------------------------------------------------- +Tue Jun 18 10:32:25 UTC 2013 - jengelh(a)inai.de + +- Explicitly specify cyrus-sasl build dependency + +------------------------------------------------------------------- +Thu Jun 13 09:38:54 UTC 2013 - pgajdos(a)suse.com + +- updated to 5.4.16 +- Core: + . Fixed bug #64879 (Heap based buffer overflow in quoted_printable_encode, + CVE 2013-2110). (Stas) + . Fixed bug #64853 (Use of no longer available ini directives causes crash on + TS build). (Anatol) + . Fixed bug #64729 (compilation failure on x32). (Gustavo) + . Fixed bug #64720 (SegFault on zend_deactivate). (Dmitry) + . Fixed bug #64660 (Segfault on memory exhaustion within function definition). + (Stas, reported by Juha Kylmänen) + +- Calendar: + . Fixed bug #64895 (Integer overflow in SndToJewish). (Remi) + +- Fileinfo: + . Fixed bug #64830 (mimetype detection segfaults on mp3 file). (Anatol) + +- FPM: + . Ignore QUERY_STRING when sent in SCRIPT_FILENAME. (Remi) + . Fixed some possible memory or resource leaks and possible null dereference + detected by code coverity scan. (Remi) + . Log a warning when a syscall fails. (Remi) + . Add --with-fpm-systemd option to report health to systemd, and + systemd_interval option to configure this. The service can now use + Type=notify in the systemd unit file. (Remi) + +- MySQLi + . Fixed bug #64726 (Segfault when calling fetch_object on a use_result and DB + pointer has closed). (Laruence) + +- Phar + . Fixed bug #64214 (PHAR PHPTs intermittently crash when run on DFS, SMB or + with non std tmp dir). (Pierre) + +- SNMP: + . Fixed bug #64765 (Some IPv6 addresses get interpreted wrong). + (Boris Lytochkin) + . Fixed bug #64159 (Truncated snmpget). (Boris Lytochkin) + +- Streams: + . Fixed bug #64770 (stream_select() fails with pipes returned by proc_open() + on Windows x64). (Anatol) + +- Zend Engine: + . Fixed bug #64821 (Custom Exceptions crash when internal properties + overridden). (Anatol) + +------------------------------------------------------------------- +Fri May 10 06:58:11 UTC 2013 - pgajdos(a)suse.com + +- updated to 5.4.15: + Core: + Fixed bug #64578 (debug_backtrace in set_error_handler + corrupts zend heap: segfault). + Fixed bug #64458 (dns_get_record result with string of + length -1). + Fixed bug #64433 (follow_location parameter of context + is ignored for most response codes). + Fixed bug #47675 (fd leak on Solaris). + Fixed bug #64577 (fd leak on Solaris). + Fileinfo: + Upgraded libmagic to 5.14. + Streams: + Fixed Windows x64 version of stream_socket_pair() and + improved error handling. + Zip: + Fixed bug #64342 (ZipArchive::addFile() has to check + for file existence). + +------------------------------------------------------------------- +Fri Apr 26 19:45:03 UTC 2013 - adaugherity(a)tamu.edu + +- Conflict with php53 packages so zypper doesn't suggest installing a + mix of php53-* (from SLES 11) and php5-* (these 5.4 packages). + +------------------------------------------------------------------- +Fri Apr 26 19:20:28 UTC 2013 - adaugherity(a)tamu.edu + +- Fix build on SLES 11 (no firebird) and openSUSE <= 12.1 (no separate + libfbclient2-devel pkg). + +------------------------------------------------------------------- +Mon Apr 22 13:33:25 UTC 2013 - pgajdos(a)suse.com + +- use current install-pear-nozlib.phar from + http://pear.php.net/install-pear-nozlib.phar +- php5-pear package provides/obsoletes php5-pear-Archive_Tar, + see explanation in the spec + +------------------------------------------------------------------- +Wed Apr 17 17:35:33 UTC 2013 - slavb18(a)gmail.com + +- add php5-firebird providing php5-interbase and php5-pdo_firebird + +------------------------------------------------------------------- +Mon Apr 15 09:38:23 UTC 2013 - pgajdos(a)suse.com + +- updated to 5.4.14: + Core: + Fixed bug #64529 (Ran out of opcode space). + Fixed bug #64515 (Memoryleak when using the same variablename ++++ 2803 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:13.1:Update/.php5.2404.new/php5.changes New: ---- README.SUSE-pear README.macros install-pear-nozlib.phar macros.php php-5.4.20-CVE-2013-6420.patch php-5.4.20-CVE-2013-6712.patch php-5.4.20.tar.bz2 php-fpm.init php-suse-addons.tar.bz2 php5-64-bit-post-large-files.patch php5-BNC-457056.patch php5-apache24-updates.patch php5-apache_sapi_install.patch php5-cloexec.patch php5-crypt-tests.patch php5-format-string-issues.patch php5-gcc_builtins.patch php5-ini.patch php5-mbstring-missing-return.patch php5-missing-extdeps.patch php5-no-build-date.patch php5-no-reentrant-crypt.patch php5-openssl.patch php5-per-mod-log.patch php5-php-config.patch php5-phpize.patch php5-pts.patch php5-suhosin-php54.patch php5-systzdata-v7.patch php5.changes php5.spec suhosin-0.9.33.tgz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ php5.spec ++++++ ++++ 2001 lines (skipped) ++++++ README.SUSE-pear ++++++ Package php5-pear does not include Pear DB support ================================================== Php5-pear package comes without Pear DB database support, which was obsoleted by MDB2. If you need Pear DB, please install it with: #pear install --onlyreqdeps DB This is the case of Squirrelmail which requires Pear DB support. More information can be found at bugzilla.novell.com, bug #178982. ++++++ README.macros ++++++ README for php-macros Author: Christian Wittmer <chris(a)computersalat.de> %php_gen_filelist generates an rpmlint happy filelist of your installed files In most cases you only need to check the %doc part sometimes there is a "Changes" or "ChangeLog",.... Requirements for %php_gen_filelist You have to define following parts inside your spec file Example: Name: php5-pear-Date %define pear_name Date %define pear_sname date BuildRequires: php-macros Provides: php-pear-%{pear_name} pear-%{pear_name} # Fix for renaming (package convention) Provides: php5-pear-%{pear_sname} = %{version} Provides: php-pear-%{pear_sname} = %{version} Provides: pear-%{pear_sname} = %{version} Obsoletes: php5-pear-%{pear_sname} < %{version} Obsoletes: php-pear-%{pear_sname} < %{version} Obsoletes: pear-%{pear_sname} < %{version} %install %{__mv} package*.xml %{pear_name}-%{version} cd %{pear_name}-%{version} PHP_PEAR_PHP_BIN="$(which php) -d memory_limit=50m" %{__pear} -v \ -d doc_dir=/doc \ -d bin_dir=%{_bindir} \ -d data_dir=%{peardir}/data \ install --offline --nodeps -R "$RPM_BUILD_ROOT" package.xml %{__install} -D -m 0644 package.xml $RPM_BUILD_ROOT%{php_pearxmldir}/%{pear_name}.xml %{__rm} -rf $RPM_BUILD_ROOT/{doc,tmp} %{__rm} -rf "$RPM_BUILD_ROOT"/%{peardir}/.{filemap,lock,registry,channels,depdb,depdblock} %php_gen_filelist %post # on `rpm -ivh` PARAM is 1 # on `rpm -Uvh` PARAM is 2 if [ "$1" = "1" ]; then %{__pear} install --nodeps --soft --force --register-only %{php_pearxmldir}/%{pear_name}.xml fi if [ "$1" = "2" ]; then %{__pear} upgrade --offline --register-only %{php_pearxmldir}/%{pear_name}.xml fi %postun # on `rpm -e` PARAM is 0 if [ "$1" = "0" ]; then %{__pear} uninstall --nodeps --ignore-errors --register-only pear.php.net/%{pear_name} fi %clean %{__rm} -rf %{buildroot} %files -f %{name}.files %defattr(-,root,root) %doc Changes README %changelog ############################################################################# And here an Example of the generated filelist: /usr/share/php5/PEAR/Date.php %dir /usr/share/php5/PEAR/Date /usr/share/php5/PEAR/Date/Calc.php /usr/share/php5/PEAR/Date/Human.php /usr/share/php5/PEAR/Date/Span.php /usr/share/php5/PEAR/Date/TimeZone.php %dir /usr/share/php5/PEAR/test %dir /usr/share/php5/PEAR/test/Date %dir /usr/share/php5/PEAR/test/Date/tests /usr/share/php5/PEAR/test/Date/tests/test_date_methods_span.php /usr/share/php5/PEAR/test/Date/tests/testunit_date_span.php /usr/share/php5/PEAR/test/Date/tests/test_calc.php /usr/share/php5/PEAR/test/Date/tests/calc.php /usr/share/php5/PEAR/test/Date/tests/testunit_date.php /usr/share/php5/PEAR/test/Date/tests/testunit.php %dir /usr/share/php5/PEAR/test/Date/tests/bugs /usr/share/php5/PEAR/test/Date/tests/bugs/bug-727-1.phpt /usr/share/php5/PEAR/test/Date/tests/bugs/bug-727-2.phpt /usr/share/php5/PEAR/test/Date/tests/bugs/bug-727-3.phpt /usr/share/php5/PEAR/test/Date/tests/bugs/bug-727-4.phpt /usr/share/php5/PEAR/test/Date/tests/bugs/bug-674.phpt /usr/share/php5/PEAR/test/Date/tests/bugs/bug-9213.phpt /usr/share/php5/PEAR/test/Date/tests/bugs/bug-9414.phpt /usr/share/php5/PEAR/test/Date/tests/bugs/bug-8912.phpt /usr/share/php5/PEAR/test/Date/tests/bugs/bug-967.phpt /var/lib/pear/Date.xml ++++++ macros.php ++++++ # macros.php file # macros for module building. handle with care. # # Interface versions exposed by PHP: # %php_core_api @PHP_APIVER@ %php_zend_api @PHP_ZENDVER@ # Useful php macros (from Christian Wittmer <chris(a)computersalat.de>) # %__php /usr/bin/php %__phpize /usr/bin/phpize %__php_config /usr/bin/php-config %php_version %(%{__php_config} --version) # %__pear /usr/bin/pear %php_peardir %(%{__pear} config-get php_dir) %php_pearxmldir /var/lib/pear # macro: php_pear_gen_filelist # do the rpmlint happy filelist generation # with %dir in front of directories %php_pear_gen_filelist(n)\ FILES=%{name}.files\ # fgen_dir func\ # IN: dir\ fgen_dir(){\ %{__cat} >> $FILES << EOF\ %dir ${1}\ EOF\ }\ # fgen_file func\ # IN: file\ fgen_file(){\ %{__cat} >> $FILES << EOF\ ${1}\ EOF\ }\ # check for files in %{php_peardir}\ RES=`find ${RPM_BUILD_ROOT}%{php_peardir} -maxdepth 1 -type f`\ if [ -n "$RES" ]; then\ for file in $RES; do\ fgen_file "%{php_peardir}/$(basename ${file})"\ done\ fi\ \ # get all dirs into array\ base_dir="${RPM_BUILD_ROOT}%{php_peardir}/"\ for dir in `find ${base_dir} -type d | sort`; do\ if [ "$dir" = "${base_dir}" ]; then\ continue\ else\ el=`echo $dir | %{__awk} -F"${base_dir}" '{print $2}'`\ all_dir=(${all_dir[@]} $el)\ fi\ done\ \ # build filelist\ for i in ${all_dir[@]}; do\ if [ -d ${base_dir}/${i} ]; then\ RES=`find "${base_dir}/${i}" -maxdepth 1 -type f`\ if [ -n "$RES" ]; then\ fgen_dir "%{php_peardir}/${i}"\ for file in $RES; do\ fgen_file "%{php_peardir}/${i}/$(basename ${file})"\ done\ else\ fgen_dir "%{php_peardir}/${i}"\ fi\ fi\ done\ # add xml file\ fgen_file "%php_pearxmldir/%{pear_name}.xml"\ # ++++++ php-5.4.20-CVE-2013-6420.patch ++++++ https://bugzilla.redhat.com/attachment.cgi?id=831933&action=diff&context=pa… --- ext/openssl/openssl.c 2013-11-28 13:03:15.000000000 +0100 +++ ext/openssl/openssl.c 2013-11-28 12:57:36.000000000 +0100 @@ -688,18 +688,28 @@ char * thestr; long gmadjust = 0; - if (timestr->length < 13) { + if (ASN1_STRING_type(timestr) != V_ASN1_UTCTIME) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "illegal ASN1 data type for timestamp"); + return (time_t)-1; + } + + if (ASN1_STRING_length(timestr) != strlen(ASN1_STRING_data(timestr))) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "illegal length in timestamp"); + return (time_t)-1; + } + + if (ASN1_STRING_length(timestr) < 13) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "extension author too lazy to parse %s correctly", timestr->data); return (time_t)-1; } - strbuf = estrdup((char *)timestr->data); + strbuf = estrdup((char *)ASN1_STRING_data(timestr)); memset(&thetime, 0, sizeof(thetime)); /* we work backwards so that we can use atoi more easily */ - thestr = strbuf + timestr->length - 3; + thestr = strbuf + ASN1_STRING_length(timestr) - 3; thetime.tm_sec = atoi(thestr); *thestr = '\0'; ++++++ php-5.4.20-CVE-2013-6712.patch ++++++ From: Remi Collet <remi(a)php.net> Date: Wed, 27 Nov 2013 10:13:16 +0000 (+0100) Subject: Fixed bug #66060 (Heap buffer over-read in DateInterval) X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=commitdiff_plain;h=12fe4e90be7bfa2… Fixed bug #66060 (Heap buffer over-read in DateInterval) --- --- ext/date/lib/parse_iso_intervals.re +++ ext/date/lib/parse_iso_intervals.re @@ -383,7 +383,7 @@ isoweek = year4 "-"? "W" weekofyear; break; } ptr++; - } while (*ptr); + } while (!s->errors->error_count && *ptr); s->have_period = 1; TIMELIB_DEINIT; return TIMELIB_PERIOD; ++++++ php-fpm.init ++++++ #!/bin/sh # # Template SUSE system startup script for example service/daemon php-fpm # Copyright (C) 1995--2005 Kurt Garloff, SUSE / Novell Inc. # # This library is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as published by # the Free Software Foundation; either version 2.1 of the License, or (at # your option) any later version. # # This library is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, # USA. # # /etc/init.d/php-fpm # and its symbolic link # /(usr/)sbin/rcphp-fpm # # Template system startup script for some example service/daemon php-fpm # # LSB compatible service control script; see http://www.linuxbase.org/spec/ # # Note: This template uses functions rc_XXX defined in /etc/rc.status on # UnitedLinux/SUSE/Novell based Linux distributions. If you want to base your # script on this template and ensure that it works on non UL based LSB # compliant Linux distributions, you either have to provide the rc.status # functions from UL or change the script to work without them. # See skeleton.compat for a template that works with other distros as well. # ### BEGIN INIT INFO # Provides: php-fpm # Required-Start: $remote_fs $network # Should-Start: nginx lighttpd httpd # Required-Stop: $network $remote_fs # Should-Stop: nginx lighttpd httpd # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: php-fpm daemon # Description: Start php-fpm to # continued on second line by '#<TAB>' # should contain enough info for the runlevel editor # to give admin some idea what this service does and # what it's needed for ... # (The Short-Description should already be a good hint.) ### END INIT INFO # # Any extensions to the keywords given above should be preceeded by # X-VendorTag- (X-UnitedLinux- X-SuSE- for us) according to LSB. # # Notes on Required-Start/Should-Start: # * There are two different issues that are solved by Required-Start # and Should-Start # (a) Hard dependencies: This is used by the runlevel editor to determine # which services absolutely need to be started to make the start of # this service make sense. Example: nfsserver should have # Required-Start: $portmap # Also, required services are started before the dependent ones. # The runlevel editor will warn about such missing hard dependencies # and suggest enabling. During system startup, you may expect an error, # if the dependency is not fulfilled. # (b) Specifying the init script ordering, not real (hard) dependencies. # This is needed by insserv to determine which service should be # started first (and at a later stage what services can be started # in parallel). The tag Should-Start: is used for this. # It tells, that if a service is available, it should be started # before. If not, never mind. # * When specifying hard dependencies or ordering requirements, you can # use names of services (contents of their Provides: section) # or pseudo names starting with a $. The following ones are available # according to LSB (1.1): # $local_fs all local file systems are mounted # (most services should need this!) # $remote_fs all remote file systems are mounted # (note that /usr may be remote, so # many services should Require this!) # $syslog system logging facility up # $network low level networking (eth card, ...) # $named hostname resolution available # $netdaemons all network daemons are running # The $netdaemons pseudo service has been removed in LSB 1.2. # For now, we still offer it for backward compatibility. # These are new (LSB 1.2): # $time the system time has been set correctly # $portmap SunRPC portmapping service available # UnitedLinux extensions: # $ALL indicates that a script should be inserted # at the end # * The services specified in the stop tags # (Required-Stop/Should-Stop) # specify which services need to be still running when this service # is shut down. Often the entries there are just copies or a subset # from the respective start tag. # * Should-Start/Stop are now part of LSB as of 2.0, # formerly SUSE/Unitedlinux used X-UnitedLinux-Should-Start/-Stop. # insserv does support both variants. # * X-UnitedLinux-Default-Enabled: yes/no is used at installation time # (%fillup_and_insserv macro in %post of many RPMs) to specify whether # a startup script should default to be enabled after installation. # It's not used by insserv. # # Note on runlevels: # 0 - halt/poweroff 6 - reboot # 1 - single user 2 - multiuser without network exported # 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm) # # Note on script names: # http://www.linuxbase.org/spec/refspecs/LSB_1.3.0/gLSB/gLSB/scrptnames.html # A registry has been set up to manage the init script namespace. # http://www.lanana.org/ # Please use the names already registered or register one or use a # vendor prefix. # Check for missing binaries (stale symlinks should not happen) # Note: Special treatment of stop for LSB conformance PHPFPM_BIN=/usr/sbin/php-fpm test -x $PHPFPM_BIN || { echo "$PHPFPM_BIN not installed"; if [ "$1" = "stop" ]; then exit 0; else exit 5; fi; } FPM_CONFIG="--fpm-config /etc/php5/fpm/php-fpm.conf" # Source LSB init functions # providing start_daemon, killproc, pidofproc, # log_success_msg, log_failure_msg and log_warning_msg. # This is currently not used by UnitedLinux based distributions and # not needed for init scripts for UnitedLinux only. If it is used, # the functions from rc.status should not be sourced or used. #. /lib/lsb/init-functions # Shell functions sourced from /etc/rc.status: # rc_check check and set local and overall rc status # rc_status check and set local and overall rc status # rc_status -v be verbose in local rc status and clear it afterwards # rc_status -v -r ditto and clear both the local and overall rc status # rc_status -s display "skipped" and exit with status 3 # rc_status -u display "unused" and exit with status 3 # rc_failed set local and overall rc status to failed # rc_failed <num> set local and overall rc status to <num> # rc_reset clear both the local and overall rc status # rc_exit exit appropriate to overall rc status # rc_active checks whether a service is activated by symlinks . /etc/rc.status # Reset status of this service rc_reset # Return values acc. to LSB for all commands but status: # 0 - success # 1 - generic or unspecified error # 2 - invalid or excess argument(s) # 3 - unimplemented feature (e.g. "reload") # 4 - user had insufficient privileges # 5 - program is not installed # 6 - program is not configured # 7 - program is not running # 8--199 - reserved (8--99 LSB, 100--149 distrib, 150--199 appl) # # Note that starting an already running service, stopping # or restarting a not-running service as well as the restart # with force-reload (in case signaling is not supported) are # considered a success. case "$1" in start) echo -n "Starting php-fpm" ## Start daemon with startproc(8). If this fails ## the return value is set appropriately by startproc. /sbin/startproc $PHPFPM_BIN $FPM_CONFIG # Remember status and be verbose rc_status -v ;; stop) echo -n "Shutting down php-fpm " ## Stop daemon with killproc(8) and if this fails ## killproc sets the return value according to LSB. /sbin/killproc -QUIT $PHPFPM_BIN # Remember status and be verbose rc_status -v ;; try-restart|condrestart) ## Do a restart only if the service was active before. ## Note: try-restart is now part of LSB (as of 1.9). ## RH has a similar command named condrestart. if test "$1" = "condrestart"; then echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}" fi $0 status if test $? = 0; then $0 restart else rc_reset # Not running is not a failure. fi # Remember status and be quiet rc_status ;; restart) ## Stop the service and regardless of whether it was ## running or not, start it again. $0 stop $0 start # Remember status and be quiet rc_status ;; force-reload) ## Signal the daemon to reload its config. Most daemons ## do this on signal 1 (SIGHUP). ## If it does not support it, restart the service if it ## is running. echo -n "Reload service php-fpm" ## if it supports it: /sbin/killproc -USR2 $PHPFPM_BIN rc_status -v ## Otherwise: #$0 try-restart #rc_status ;; reload) ## Like force-reload, but if daemon does not support ## signaling, do nothing (!) # If it supports signaling: echo -n "Reload service php-fpm " /sbin/killproc -USR2 $PHPFPM_BIN rc_status -v ## Otherwise if it does not support reload: #rc_failed 3 #rc_status -v ;; status) echo -n "Checking for service php-fpm " ## Check status with checkproc(8), if process is running ## checkproc will return with exit status 0. # Return value is slightly different for the status command: # 0 - service up and running # 1 - service dead, but /var/run/ pid file exists # 2 - service dead, but /var/lock/ lock file exists # 3 - service not running (unused) # 4 - service status unknown :-( # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.) # NOTE: checkproc returns LSB compliant status values. /sbin/checkproc $PHPFPM_BIN # NOTE: rc_status knows that we called this init script with # "status" option and adapts its messages accordingly. rc_status -v ;; *) echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload}" exit 1 ;; esac rc_exit ++++++ php5-64-bit-post-large-files.patch ++++++ https://bugs.php.net/bug.php?id=44522 Index: php-5.4.13/main/rfc1867.c =================================================================== --- php-5.4.13.orig/main/rfc1867.c +++ php-5.4.13/main/rfc1867.c @@ -676,7 +676,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_ { char *boundary, *s = NULL, *boundary_end = NULL, *start_arr = NULL, *array_index = NULL; char *temp_filename = NULL, *lbuf = NULL, *abuf = NULL; - int boundary_len = 0, total_bytes = 0, cancel_upload = 0, is_arr_upload = 0, array_len = 0; + long total_bytes = 0; int boundary_len = 0, cancel_upload = 0, is_arr_upload = 0, array_len = 0; int max_file_size = 0, skip_upload = 0, anonindex = 0, is_anonymous; zval *http_post_files = NULL; HashTable *uploaded_files = NULL; Index: php-5.4.13/main/SAPI.h =================================================================== --- php-5.4.13.orig/main/SAPI.h +++ php-5.4.13/main/SAPI.h @@ -82,7 +82,7 @@ typedef struct { char *post_data, *raw_post_data; char *cookie_data; long content_length; - uint post_data_length, raw_post_data_length; + uint IGNORE_post_data_length, IGNORE_raw_post_data_length; char *path_translated; char *request_uri; @@ -112,6 +112,7 @@ typedef struct { int argc; char **argv; int proto_num; + long post_data_length, raw_post_data_length; } sapi_request_info; @@ -119,7 +120,7 @@ typedef struct _sapi_globals_struct { void *server_context; sapi_request_info request_info; sapi_headers_struct sapi_headers; - int read_post_bytes; + long read_post_bytes; unsigned char headers_sent; struct stat global_stat; char *default_mimetype; Index: php-5.4.13/sapi/cgi/cgi_main.c =================================================================== --- php-5.4.13.orig/sapi/cgi/cgi_main.c +++ php-5.4.13/sapi/cgi/cgi_main.c @@ -508,7 +508,7 @@ static int sapi_cgi_read_post(char *buff uint read_bytes = 0; int tmp_read_bytes; - count_bytes = MIN(count_bytes, (uint) SG(request_info).content_length - SG(read_post_bytes)); + count_bytes = MIN(count_bytes, SG(request_info).content_length - SG(read_post_bytes)); while (read_bytes < count_bytes) { tmp_read_bytes = read(STDIN_FILENO, buffer + read_bytes, count_bytes - read_bytes); if (tmp_read_bytes <= 0) { Index: php-5.4.13/ext/suhosin/rfc1867.c =================================================================== --- php-5.4.13.orig/ext/suhosin/rfc1867.c +++ php-5.4.13/ext/suhosin/rfc1867.c @@ -779,7 +779,7 @@ SAPI_POST_HANDLER_FUNC(suhosin_rfc1867_p { char *boundary, *s=NULL, *boundary_end = NULL, *start_arr=NULL, *array_index=NULL; char *temp_filename=NULL, *lbuf=NULL, *abuf=NULL; - int boundary_len=0, total_bytes=0, cancel_upload=0, is_arr_upload=0, array_len=0; + long boundary_len=0, total_bytes=0, cancel_upload=0, is_arr_upload=0, array_len=0; int max_file_size=0, skip_upload=0, anonindex=0, is_anonymous; zval *http_post_files=NULL; HashTable *uploaded_files=NULL; #if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING) ++++++ php5-BNC-457056.patch ++++++ Index: ext/xml/compat.c =================================================================== --- ext/xml/compat.c.orig 2009-01-12 15:30:21.000000000 +0100 +++ ext/xml/compat.c 2009-03-14 18:32:40.000000000 +0100 @@ -482,9 +482,7 @@ XML_ParserCreate_MM(const XML_Char *enco parser->parser->charset = XML_CHAR_ENCODING_NONE; #endif -#if LIBXML_VERSION >= 20703 xmlCtxtUseOptions(parser->parser, XML_PARSE_OLDSAX); -#endif parser->parser->replaceEntities = 1; parser->parser->wellFormed = 0; ++++++ php5-apache24-updates.patch ++++++ commit 918a01f55b5e0a82c1a2e886143a56eddffe6649 Author: Cristian Rodríguez <crrodriguez(a)opensuse.org> Date: Wed Aug 8 19:30:04 2012 +0200 sapi/apache2*: Use ap_state_query where possible instead of old method of creating a pool userdata entry. diff --git a/sapi/apache2filter/sapi_apache2.c b/sapi/apache2filter/sapi_apache2.c index a8fec5c..21f2fa3 100644 --- a/sapi/apache2filter/sapi_apache2.c +++ b/sapi/apache2filter/sapi_apache2.c @@ -606,11 +606,17 @@ static int php_apache_server_startup(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s) { + +#if AP_MODULE_MAGIC_AT_LEAST(20110203,1) + /* Apache will load, unload and then reload a DSO module. This + * prevents us from starting PHP until the second load. */ + if (ap_state_query(AP_SQ_MAIN_STATE) == AP_SQ_MS_CREATE_PRE_CONFIG) { + return OK; + } +#else void *data = NULL; const char *userdata_key = "apache2filter_post_config"; - /* Apache will load, unload and then reload a DSO module. This - * prevents us from starting PHP until the second load. */ apr_pool_userdata_get(&data, userdata_key, s->process->pool); if (data == NULL) { /* We must use set() here and *not* setn(), otherwise the @@ -622,6 +628,7 @@ php_apache_server_startup(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_cleanup_null, s->process->pool); return OK; } +#endif /* Set up our overridden path. */ if (apache2_php_ini_path_override) { diff --git a/sapi/apache2handler/sapi_apache2.c b/sapi/apache2handler/sapi_apache2.c index 900a3a4..a578740 100644 --- a/sapi/apache2handler/sapi_apache2.c +++ b/sapi/apache2handler/sapi_apache2.c @@ -430,12 +430,19 @@ static int php_pre_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp static int php_apache_server_startup(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s) { - void *data = NULL; - const char *userdata_key = "apache2hook_post_config"; +#if AP_MODULE_MAGIC_AT_LEAST(20110203,1) /* Apache will load, unload and then reload a DSO module. This * prevents us from starting PHP until the second load. */ + if (ap_state_query(AP_SQ_MAIN_STATE) == AP_SQ_MS_CREATE_PRE_CONFIG) { + return OK; + } +#else + void *data = NULL; + const char *userdata_key = "apache2hook_post_config"; + apr_pool_userdata_get(&data, userdata_key, s->process->pool); + if (data == NULL) { /* We must use set() here and *not* setn(), otherwise the * static string pointed to by userdata_key will be mapped @@ -445,6 +452,7 @@ php_apache_server_startup(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp apr_pool_userdata_set((const void *)1, userdata_key, apr_pool_cleanup_null, s->process->pool); return OK; } +#endif /* Set up our overridden path. */ if (apache2_php_ini_path_override) { ++++++ php5-apache_sapi_install.patch ++++++ # Do not attempt to modify apache configuration on module install ================================================================================ --- sapi/apache2handler/config.m4 | 9 --------- 1 file changed, 9 deletions(-) Index: sapi/apache2handler/config.m4 =================================================================== --- sapi/apache2handler/config.m4.orig 2008-03-11 23:47:39.000000000 +0100 +++ sapi/apache2handler/config.m4 2010-08-03 06:31:18.512616000 +0200 @@ -68,18 +68,9 @@ if test "$PHP_APXS2" != "no"; then fi APXS_LIBEXECDIR='$(INSTALL_ROOT)'`$APXS -q LIBEXECDIR` - if test -z `$APXS -q SYSCONFDIR`; then INSTALL_IT="\$(mkinstalldirs) '$APXS_LIBEXECDIR' && \ $APXS -S LIBEXECDIR='$APXS_LIBEXECDIR' \ -i -n php5" - else - APXS_SYSCONFDIR='$(INSTALL_ROOT)'`$APXS -q SYSCONFDIR` - INSTALL_IT="\$(mkinstalldirs) '$APXS_LIBEXECDIR' && \ - \$(mkinstalldirs) '$APXS_SYSCONFDIR' && \ - $APXS -S LIBEXECDIR='$APXS_LIBEXECDIR' \ - -S SYSCONFDIR='$APXS_SYSCONFDIR' \ - -i -a -n php5" - fi case $host_alias in *aix*) ++++++ php5-cloexec.patch ++++++ Index: ext/standard/exec.c =================================================================== --- ext/standard/exec.c.orig +++ ext/standard/exec.c @@ -76,7 +76,11 @@ PHPAPI int php_exec(int type, char *cmd, #ifdef PHP_WIN32 fp = VCWD_POPEN(cmd, "rb"); #else + #if defined(__linux__) && __GLIBC_PREREQ(2, 9) + fp = VCWD_POPEN(cmd, "re"); + #else fp = VCWD_POPEN(cmd, "r"); + #endif #endif if (!fp) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to fork [%s]", cmd); Index: ext/standard/file.c =================================================================== --- ext/standard/file.c.orig +++ ext/standard/file.c @@ -926,6 +926,12 @@ PHP_FUNCTION(popen) } } #endif +#if defined(__linux__) && __GLIBC_PREREQ(2, 9) + char *e = memchr(posix_mode, 'e', mode_len); + if (e) { + memmove(e, e + 1, mode_len - (e - posix_mode)); + } +#endif fp = VCWD_POPEN(command, posix_mode); if (!fp) { Index: ext/standard/mail.c =================================================================== --- ext/standard/mail.c.orig +++ ext/standard/mail.c @@ -321,8 +321,12 @@ PHPAPI int php_mail(char *to, char *subj * (e.g. the shell can't be executed) we explicitly set it to 0 to be * sure we don't catch any older errno value. */ errno = 0; +#if defined(__linux__) && __GLIBC_PREREQ(2, 9) + sendmail = popen(sendmail_cmd, "we"); +#else sendmail = popen(sendmail_cmd, "w"); #endif +#endif if (extra_cmd != NULL) { efree (sendmail_cmd); } ++++++ php5-crypt-tests.patch ++++++ Index: ext/standard/config.m4 =================================================================== --- ext/standard/config.m4.orig +++ ext/standard/config.m4 @@ -60,7 +60,14 @@ if test "$ac_cv_func_crypt" = "no"; then AC_DEFINE(HAVE_CRYPT, 1, [ ]) ]) fi - + +if test "$ac_cv_func_crypt" = "no"; then + AC_CHECK_LIB(crypt, crypt_r, [ + LIBS="-lcrypt $LIBS -lcrypt" + AC_DEFINE(HAVE_CRYPT_R, 1, [ ]) + ]) +fi + AC_CACHE_CHECK(for standard DES crypt, ac_cv_crypt_des,[ AC_TRY_RUN([ #if HAVE_UNISTD_H @@ -172,7 +179,7 @@ main() { ac_cv_crypt_blowfish=no ])]) -AC_CACHE_CHECK(for SHA512 crypt, ac_cv_crypt_SHA512,[ +AC_CACHE_CHECK(for SHA512 crypt, ac_cv_crypt_sha512,[ AC_TRY_RUN([ #if HAVE_UNISTD_H #include <unistd.h> @@ -184,24 +191,22 @@ AC_TRY_RUN([ main() { #if HAVE_CRYPT - char salt[30], answer[80]; + char salt[120]; - salt[0]='$'; salt[1]='6'; salt[2]='$'; salt[3]='$'; salt[4]='b'; salt[5]='a'; salt[6]='r'; salt[7]='\0'; - strcpy(answer, salt); - strcpy(&answer[29],"$6$$QMXjqd7rHQZPQ1yHsXkQqC1FBzDiVfTHXL.LaeDAeVV.IzMaV9VU4MQ8kPuZa2SOP1A0RPm772EaFYjpEJtdu."); - exit (strcmp((char *)crypt("foo",salt),answer)); + strcpy(salt, "\$6\$rounds=5000\$usesomesillystri\$D4IrlXatmP7rx3P3InaxBeoomnAihCKRVQP22JZ6EY47Wc6BkroIuUUBOov1i.S5KPgErtP/EN5mcO.ChWQW21"); + exit (strcmp((char *)crypt("rasmuslerdorf",salt),salt)); #else exit(0); #endif }],[ - ac_cv_crypt_SHA512=yes + ac_cv_crypt_sha512=yes ],[ - ac_cv_crypt_SHA512=no + ac_cv_crypt_sha512=no ],[ - ac_cv_crypt_SHA512=no + ac_cv_crypt_sha512=no ])]) -AC_CACHE_CHECK(for SHA256 crypt, ac_cv_crypt_SHA256,[ +AC_CACHE_CHECK(for SHA256 crypt, ac_cv_crypt_sha256,[ AC_TRY_RUN([ #if HAVE_UNISTD_H #include <unistd.h> @@ -213,28 +218,31 @@ AC_TRY_RUN([ main() { #if HAVE_CRYPT - char salt[30], answer[80]; - salt[0]='$'; salt[1]='5'; salt[2]='$'; salt[3]='$'; salt[4]='s'; salt[5]='a'; salt[6]='l'; salt[7]='t'; salt[8]='s'; salt[9]='t'; salt[10]='r'; salt[11]='i'; salt[12]='n'; salt[13]='g'; salt[14]='\0'; - strcat(salt,""); - strcpy(answer, salt); - strcpy(&answer[29], "$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5"); - exit (strcmp((char *)crypt("foo",salt),answer)); + char salt[80]; + strcpy(salt, "\$5\$rounds=5000\$usesomesillystri\$KqJWpanXZHKq2BOB43TSaYhEWsQ1Lr5QNyPCDH/Tp.6"); + exit (strcmp((char *)crypt("rasmuslerdorf",salt),salt)); #else exit(0); #endif }],[ - ac_cv_crypt_SHA256=yes + ac_cv_crypt_sha256=yes ],[ - ac_cv_crypt_SHA256=no + ac_cv_crypt_sha256=no ],[ - ac_cv_crypt_SHA256=no + ac_cv_crypt_sha256=no ])]) dnl -dnl If one of them is missing, use our own implementation, portable code is then possible +dnl If one of them or crypt_r() is missing, use our own implementation, portable code is then possible dnl -if test "$ac_cv_crypt_blowfish" = "no" || test "$ac_cv_crypt_des" = "no" || test "$ac_cv_crypt_ext_des" = "no" || test "x$php_crypt_r" = "x0"; then +if test "$ac_cv_crypt_des" = "no" || + /* test "$ac_cv_crypt_ext_des" = "no" ||*/ + test "$ac_cv_crypt_md5" = "no" || + test "$ac_cv_crypt_blowfish" = "no" || + test "$ac_cv_crypt_sha512" = "no" || + test "$ac_cv_crypt_sha256" = "no" || + test "$ac_cv_lib_crypt_crypt_r" = "no"; then dnl dnl Check for __alignof__ support in the compiler ++++++ php5-format-string-issues.patch ++++++ --- main/snprintf.h.orig +++ main/snprintf.h @@ -83,7 +83,7 @@ PHPAPI int ap_php_vslprintf(char *buf, s PHPAPI int ap_php_snprintf(char *, size_t, const char *, ...); PHPAPI int ap_php_vsnprintf(char *, size_t, const char *, va_list ap); PHPAPI int ap_php_vasprintf(char **buf, const char *format, va_list ap); -PHPAPI int ap_php_asprintf(char **buf, const char *format, ...); +PHPAPI int ap_php_asprintf(char **buf, const char *format, ...) PHP_ATTRIBUTE_FORMAT(printf, 2, 3); PHPAPI int php_sprintf (char* s, const char* format, ...) PHP_ATTRIBUTE_FORMAT(printf, 2, 3); PHPAPI char * php_gcvt(double value, int ndigit, char dec_point, char exponent, char *buf); PHPAPI char * php_conv_fp(register char format, register double num, --- main/main.c.orig +++ main/main.c @@ -898,7 +898,7 @@ PHPAPI void php_html_puts(const char *st /* {{{ php_error_cb extended error handling function */ -static void php_error_cb(int type, const char *error_filename, const uint error_lineno, const char *format, va_list args) +static PHP_ATTRIBUTE_FORMAT(printf, 4, 0) void php_error_cb(int type, const char *error_filename, const uint error_lineno, const char *format, va_list args) { char *buffer; int buffer_len, display; --- Zend/zend.h.orig +++ Zend/zend.h @@ -146,6 +146,14 @@ char *alloca (); # define ZEND_ATTRIBUTE_MALLOC #endif +#if ZEND_GCC_VERSION >= 4003 +#define ZEND_ATTR_ALLOC_SIZE(x) __attribute__((__alloc_size__(x))) +#define ZEND_ATTR_ALLOC_SIZE2(x,y) __attribute__((__alloc_size__(x,y))) +#else +#define ZEND_ATTR_ALLOC_SIZE(x) +#define ZEND_ATTR_ALLOC_SIZE2(x,y) +#endif + #if ZEND_GCC_VERSION >= 2007 # define ZEND_ATTRIBUTE_FORMAT(type, idx, first) __attribute__ ((format(type, idx, first))) #else --- Zend/zend_alloc.h.orig +++ Zend/zend_alloc.h @@ -54,14 +54,14 @@ BEGIN_EXTERN_C() ZEND_API char *zend_strndup(const char *s, unsigned int length) ZEND_ATTRIBUTE_MALLOC; -ZEND_API void *_emalloc(size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC; -ZEND_API void *_safe_emalloc(size_t nmemb, size_t size, size_t offset ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC; -ZEND_API void *_safe_malloc(size_t nmemb, size_t size, size_t offset) ZEND_ATTRIBUTE_MALLOC; +ZEND_API void *_emalloc(size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC ZEND_ATTR_ALLOC_SIZE(1); +ZEND_API void *_safe_emalloc(size_t nmemb, size_t size, size_t offset ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC ZEND_ATTR_ALLOC_SIZE2(1,2); +ZEND_API void *_safe_malloc(size_t nmemb, size_t size, size_t offset) ZEND_ATTRIBUTE_MALLOC ZEND_ATTR_ALLOC_SIZE2(1,2); ZEND_API void _efree(void *ptr ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC); -ZEND_API void *_ecalloc(size_t nmemb, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC; -ZEND_API void *_erealloc(void *ptr, size_t size, int allow_failure ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC); -ZEND_API void *_safe_erealloc(void *ptr, size_t nmemb, size_t size, size_t offset ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC); -ZEND_API void *_safe_realloc(void *ptr, size_t nmemb, size_t size, size_t offset); +ZEND_API void *_ecalloc(size_t nmemb, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC ZEND_ATTR_ALLOC_SIZE2(1,2); +ZEND_API void *_erealloc(void *ptr, size_t size, int allow_failure ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTR_ALLOC_SIZE(2); +ZEND_API void *_safe_erealloc(void *ptr, size_t nmemb, size_t size, size_t offset ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTR_ALLOC_SIZE2(2,3); +ZEND_API void *_safe_realloc(void *ptr, size_t nmemb, size_t size, size_t offset) ZEND_ATTR_ALLOC_SIZE2(2,3); ZEND_API char *_estrdup(const char *s ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC; ZEND_API char *_estrndup(const char *s, unsigned int length ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC; ZEND_API size_t _zend_mem_block_size(void *ptr TSRMLS_DC ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC); @@ -90,7 +90,7 @@ ZEND_API size_t _zend_mem_block_size(voi #define estrndup_rel(s, length) _estrndup((s), (length) ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_CC) #define zend_mem_block_size_rel(ptr) _zend_mem_block_size((ptr) TSRMLS_CC ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_CC) -inline static void * __zend_malloc(size_t len) +inline static ZEND_ATTR_ALLOC_SIZE(1) void * __zend_malloc(size_t len) { void *tmp = malloc(len); if (tmp) { @@ -100,14 +100,14 @@ inline static void * __zend_malloc(size_ exit(1); } -inline static void * __zend_calloc(size_t nmemb, size_t len) +inline static ZEND_ATTR_ALLOC_SIZE2(1,2) void * __zend_calloc(size_t nmemb, size_t len) { void *tmp = _safe_malloc(nmemb, len, 0); memset(tmp, 0, nmemb * len); return tmp; } -inline static void * __zend_realloc(void *p, size_t len) +inline static ZEND_ATTR_ALLOC_SIZE(2) void * __zend_realloc(void *p, size_t len) { p = realloc(p, len); if (p) { ++++++ php5-gcc_builtins.patch ++++++ --- Zend/zend_alloc.c.orig +++ Zend/zend_alloc.c @@ -36,7 +36,7 @@ # include <wincrypt.h> # include <process.h> #endif - +#include <x86intrin.h> #ifndef ZEND_MM_HEAP_PROTECTION # define ZEND_MM_HEAP_PROTECTION ZEND_DEBUG #endif @@ -665,10 +665,7 @@ static inline unsigned int zend_mm_high_ __asm__("bsrl %1,%0\n\t" : "=r" (n) : "rm" (_size)); return n; #elif defined(__GNUC__) && defined(__x86_64__) - unsigned long n; - - __asm__("bsrq %1,%0\n\t" : "=r" (n) : "rm" (_size)); - return (unsigned int)n; + return __bsrq(_size); #elif defined(_MSC_VER) && defined(_M_IX86) __asm { bsr eax, _size @@ -691,10 +688,7 @@ static inline unsigned int zend_mm_low_b __asm__("bsfl %1,%0\n\t" : "=r" (n) : "rm" (_size)); return n; #elif defined(__GNUC__) && defined(__x86_64__) - unsigned long n; - - __asm__("bsfq %1,%0\n\t" : "=r" (n) : "rm" (_size)); - return (unsigned int)n; + return __bsfq(_size); #elif defined(_MSC_VER) && defined(_M_IX86) __asm { bsf eax, _size ++++++ php5-ini.patch ++++++ Index: php.ini-production =================================================================== --- php.ini-production.orig +++ php.ini-production @@ -702,7 +702,7 @@ default_mimetype = "text/html" ;;;;;;;;;;;;;;;;;;;;;;;;; ; UNIX: "/path1:/path2" -;include_path = ".:/php/includes" +include_path = ".:/usr/share/php5:/usr/share/php5/PEAR" ; ; Windows: "\path1;\path2" ;include_path = ".;c:\php\includes" @@ -916,7 +916,7 @@ cli_server.color = On [Date] ; Defines the default timezone used by the date functions ; http://php.net/date.timezone -;date.timezone = +date.timezone = 'UTC' ; http://php.net/date.default-latitude ;date.default_latitude = 31.7667 @@ -1106,7 +1106,7 @@ mysql.allow_local_infile = On ; Allow or prevent persistent links. ; http://php.net/mysql.allow-persistent -mysql.allow_persistent = On +mysql.allow_persistent = Off ; If mysqlnd is used: Number of cache slots for the internal result set cache ; http://php.net/mysql.cache_size @@ -1169,7 +1169,7 @@ mysqli.max_persistent = -1 ; Allow or prevent persistent links. ; http://php.net/mysqli.allow-persistent -mysqli.allow_persistent = On +mysqli.allow_persistent = Off ; Maximum number of links. -1 means no limit. ; http://php.net/mysqli.max-links @@ -1391,7 +1391,7 @@ session.save_handler = files ; where MODE is the octal representation of the mode. Note that this ; does not overwrite the process's umask. ; http://php.net/session.save-path -;session.save_path = "/tmp" +session.save_path = "/var/lib/php5" ; Whether to use cookies. ; http://php.net/session.use-cookies @@ -1507,7 +1507,7 @@ session.referer_check = ; How many bytes to read from the file. ; http://php.net/session.entropy-length -;session.entropy_length = 32 +session.entropy_length = 32 ; Specified here to create the session id. ; http://php.net/session.entropy-file @@ -1516,7 +1516,7 @@ session.referer_check = ; If neither are found at compile time, the default is no entropy file. ; On windows, setting the entropy_length setting will activate the ; Windows random source (using the CryptoAPI) -;session.entropy_file = /dev/urandom +session.entropy_file = /dev/urandom ; Set to {nocache,private,public,} to determine HTTP caching aspects ; or leave this empty to avoid sending anti-caching headers. @@ -1547,7 +1547,7 @@ session.use_trans_sid = 0 ; the hash extension. A list of available hashes is returned by the hash_algos() ; function. ; http://php.net/session.hash-function -session.hash_function = 0 +session.hash_function = sha256 ; Define how many bits are stored in each character when converting ; the binary hash data to something readable. ++++++ php5-mbstring-missing-return.patch ++++++ Index: ext/mbstring/libmbfl/filters/mbfilter_sjis_2004.c =================================================================== --- ext/mbstring/libmbfl/filters/mbfilter_sjis_2004.c.orig 2013-09-18 07:48:57.000000000 +0200 +++ ext/mbstring/libmbfl/filters/mbfilter_sjis_2004.c 2013-09-25 11:59:19.925758346 +0200 @@ -672,6 +672,8 @@ CK(mbfl_filt_conv_illegal_output(c, filter)); } } + + return c; } int Index: ext/mbstring/libmbfl/filters/mbfilter_utf8.c =================================================================== --- ext/mbstring/libmbfl/filters/mbfilter_utf8.c.orig 2013-09-18 07:48:57.000000000 +0200 +++ ext/mbstring/libmbfl/filters/mbfilter_utf8.c 2013-09-25 12:22:04.061030824 +0200 @@ -101,6 +101,7 @@ filter->status = 0; filter->cache = 0; CK((*filter->output_function)(w, filter->data)); + return 0; } ++++++ php5-missing-extdeps.patch ++++++ Index: ext/soap/soap.c =================================================================== --- ext/soap/soap.c.orig +++ ext/soap/soap.c @@ -442,10 +442,18 @@ static const zend_function_entry soap_he PHP_FE_END }; -zend_module_entry soap_module_entry = { -#ifdef STANDARD_MODULE_HEADER - STANDARD_MODULE_HEADER, +/* {{{ soap dependencies */ +static const zend_module_dep soap_module_deps[] = { + ZEND_MOD_REQUIRED("standard") +#if HAVE_PHP_SESSION && !defined(COMPILE_DL_SESSION) + ZEND_MOD_REQUIRED("session") #endif + {NULL, NULL, NULL} +}; + +zend_module_entry soap_module_entry = { + STANDARD_MODULE_HEADER_EX, NULL, + soap_module_deps, "soap", soap_functions, PHP_MINIT(soap), Index: ext/wddx/wddx.c =================================================================== --- ext/wddx/wddx.c.orig +++ ext/wddx/wddx.c @@ -154,10 +154,21 @@ ZEND_GET_MODULE(wddx) #endif /* COMPILE_DL_WDDX */ /* }}} */ +/* {{{ wddx dependencies */ +static const zend_module_dep wddx_module_deps[] = { + ZEND_MOD_REQUIRED("standard") + ZEND_MOD_REQUIRED("xml") + ZEND_MOD_REQUIRED("date") +#if HAVE_PHP_SESSION && !defined(COMPILE_DL_SESSION) + ZEND_MOD_REQUIRED("session") +#endif + {NULL, NULL, NULL} +}; /* {{{ wddx_module_entry */ zend_module_entry wddx_module_entry = { - STANDARD_MODULE_HEADER, + STANDARD_MODULE_HEADER_EX, NULL, + wddx_module_deps, "wddx", wddx_functions, PHP_MINIT(wddx), Index: ext/filter/filter.c =================================================================== --- ext/filter/filter.c.orig +++ ext/filter/filter.c @@ -132,12 +132,17 @@ static const zend_function_entry filter_ }; /* }}} */ +/* {{{ filter dependencies */ +static const zend_module_dep filter_module_deps[] = { + ZEND_MOD_REQUIRED("standard") + ZEND_MOD_REQUIRED("pcre") + {NULL, NULL, NULL} +}; /* {{{ filter_module_entry */ zend_module_entry filter_module_entry = { -#if ZEND_MODULE_API_NO >= 20010901 - STANDARD_MODULE_HEADER, -#endif + STANDARD_MODULE_HEADER_EX, NULL, + filter_module_deps, "filter", filter_functions, PHP_MINIT(filter), Index: ext/mbstring/mbstring.c =================================================================== --- ext/mbstring/mbstring.c.orig +++ ext/mbstring/mbstring.c @@ -570,9 +570,19 @@ const zend_function_entry mbstring_funct }; /* }}} */ +/* {{{ mbstring dependencies */ +static const zend_module_dep mbstring_module_deps[] = { + ZEND_MOD_REQUIRED("standard") +#if (HAVE_PCRE || HAVE_BUNDLED_PCRE) && !HAVE_ONIG + ZEND_MOD_REQUIRED("pcre") +#endif + {NULL, NULL, NULL} +}; + /* {{{ zend_module_entry mbstring_module_entry */ zend_module_entry mbstring_module_entry = { - STANDARD_MODULE_HEADER, + STANDARD_MODULE_HEADER_EX, NULL, + mbstring_module_deps, "mbstring", mbstring_functions, PHP_MINIT(mbstring), ++++++ php5-no-build-date.patch ++++++ Index: ext/standard/info.c =================================================================== --- ext/standard/info.c.orig +++ ext/standard/info.c @@ -697,7 +697,7 @@ PHPAPI void php_print_info(int flag TSRM php_info_print_box_end(); php_info_print_table_start(); php_info_print_table_row(2, "System", php_uname ); - php_info_print_table_row(2, "Build Date", __DATE__ " " __TIME__ ); + /* php_info_print_table_row(2, "Build Date", __DATE__ " " __TIME__ ); */ #ifdef COMPILER php_info_print_table_row(2, "Compiler", COMPILER); #endif @@ -705,7 +705,7 @@ PHPAPI void php_print_info(int flag TSRM php_info_print_table_row(2, "Architecture", ARCHITECTURE); #endif #ifdef CONFIGURE_COMMAND - php_info_print_table_row(2, "Configure Command", CONFIGURE_COMMAND ); + /* php_info_print_table_row(2, "Configure Command", CONFIGURE_COMMAND ); */ #endif if (sapi_module.pretty_name) { Index: sapi/fpm/fpm/fpm_main.c =================================================================== --- sapi/fpm/fpm/fpm_main.c.orig +++ sapi/fpm/fpm/fpm_main.c @@ -1710,7 +1710,7 @@ int main(int argc, char *argv[]) #if ZEND_DEBUG php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2013 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); #else - php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2013 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); + php_printf("PHP %s (%s)\nCopyright (c) 1997-2013 The PHP Group\n%s", PHP_VERSION, sapi_module.name, get_zend_version()); #endif php_request_shutdown((void *) 0); fcgi_shutdown(); Index: configure.in =================================================================== --- configure.in.orig +++ configure.in @@ -1257,8 +1257,8 @@ fi EXTRA_LDFLAGS="$EXTRA_LDFLAGS $PHP_LDFLAGS" EXTRA_LDFLAGS_PROGRAM="$EXTRA_LDFLAGS_PROGRAM $PHP_LDFLAGS" - -PHP_BUILD_DATE=`date '+%Y-%m-%d'` +#totally fake, not used anywhere in userspace +PHP_BUILD_DATE="1970-01-01" AC_DEFINE_UNQUOTED(PHP_BUILD_DATE,"$PHP_BUILD_DATE",[PHP build date]) case $host_alias in @@ -1269,7 +1269,8 @@ case $host_alias in AC_DEFINE_UNQUOTED(PHP_UNAME,"$PHP_UNAME",[hardcode for each of the cross compiler host]) ;; *) - PHP_UNAME=`uname -a | xargs` +dnl Totally fake, it wasnt and will never be reliable anyway. + PHP_UNAME="Linux suse 2.6.36 #1 SMP 2011-02-21 10:34:10 +0100 x86_64 x86_64 x86_64 GNU/Linux" AC_DEFINE_UNQUOTED(PHP_UNAME,"$PHP_UNAME",[uname -a output]) PHP_OS=`uname | xargs` AC_DEFINE_UNQUOTED(PHP_OS,"$PHP_OS",[uname output]) Index: sapi/cli/php_cli.c =================================================================== --- sapi/cli/php_cli.c.orig +++ sapi/cli/php_cli.c @@ -687,8 +687,8 @@ static int do_cli(int argc, char **argv goto out; case 'v': /* show php version & quit */ - php_printf("PHP %s (%s) (built: %s %s) %s\nCopyright (c) 1997-2013 The PHP Group\n%s", - PHP_VERSION, cli_sapi_module.name, __DATE__, __TIME__, + php_printf("PHP %s (%s) %s\nCopyright (c) 1997-2013 The PHP Group\n%s", + PHP_VERSION, cli_sapi_module.name, #if ZEND_DEBUG && defined(HAVE_GCOV) "(DEBUG GCOV)", #elif ZEND_DEBUG Index: sapi/cgi/cgi_main.c =================================================================== --- sapi/cgi/cgi_main.c.orig +++ sapi/cgi/cgi_main.c @@ -2218,7 +2218,7 @@ consult the installation file that came #if ZEND_DEBUG php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2013 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); #else - php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2013 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); + php_printf("PHP %s (%s)\nCopyright (c) 1997-2013 The PHP Group\n%s", PHP_VERSION, sapi_module.name, get_zend_version()); #endif php_request_shutdown((void *) 0); fcgi_shutdown(); ++++++ php5-no-reentrant-crypt.patch ++++++ Index: ext/standard/crypt.c =================================================================== --- ext/standard/crypt.c +++ ext/standard/crypt.c @@ -302,6 +302,8 @@ PHP_FUNCTION(crypt) RETURN_STRING(crypt_res, 1); } } +# else + RETURN_STRING(crypt(str, salt), 1); # endif #endif } ++++++ php5-openssl.patch ++++++ Index: ext/openssl/openssl.c =================================================================== --- ext/openssl/openssl.c.orig +++ ext/openssl/openssl.c @@ -51,6 +51,7 @@ #include <openssl/rand.h> #include <openssl/ssl.h> #include <openssl/pkcs12.h> +#include <openssl/engine.h> /* Common */ #include <time.h> @@ -1015,10 +1016,16 @@ PHP_MINIT_FUNCTION(openssl) le_x509 = zend_register_list_destructors_ex(php_x509_free, NULL, "OpenSSL X.509", module_number); le_csr = zend_register_list_destructors_ex(php_csr_free, NULL, "OpenSSL X.509 CSR", module_number); + OPENSSL_config(NULL); SSL_library_init(); OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); OpenSSL_add_all_algorithms(); +/* Load all bundled ENGINEs into memory and make them visible */ + ENGINE_load_builtin_engines(); + /* Register all of them for every algorithm they collectively implement */ + ENGINE_register_all_complete(); + SSL_load_error_strings(); Index: ext/openssl/xp_ssl.c =================================================================== --- ext/openssl/xp_ssl.c.orig +++ ext/openssl/xp_ssl.c @@ -378,6 +378,10 @@ static inline int php_openssl_setup_cryp return -1; } +#ifdef SSL_MODE_RELEASE_BUFFERS + SSL_CTX_set_mode(sslsock->ctx, SSL_MODE_RELEASE_BUFFERS); +#endif + #if OPENSSL_VERSION_NUMBER >= 0x0090605fL ssl_ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; #endif ++++++ php5-per-mod-log.patch ++++++ commit 59dfd98677886d418bda90ac5291ba8dea638dc7 Author: Cristian Rodríguez <crrodriguez(a)opensuse.org> Date: Wed Aug 8 21:12:57 2012 +0200 Fix per-module logging in apache 2.4 --- php-5.4.17.orig/sapi/apache2handler/php_apache.h +++ php-5.4.17/sapi/apache2handler/php_apache.h @@ -24,7 +24,11 @@ #include "httpd.h" #include "http_config.h" #include "http_core.h" +#include "http_log.h" +#ifdef APLOG_USE_MODULE +APLOG_USE_MODULE(php5); +#endif /* Declare this so we can get to it from outside the sapi_apache2.c file */ extern module AP_MODULE_DECLARE_DATA php5_module; ++++++ php5-php-config.patch ++++++ --- scripts/php-config.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: scripts/php-config.in =================================================================== --- scripts/php-config.in.orig 2007-08-24 13:44:10.000000000 +0200 +++ scripts/php-config.in 2010-08-03 06:31:18.786529000 +0200 @@ -5,7 +5,7 @@ prefix="@prefix@" exec_prefix="@exec_prefix@" version="@PHP_VERSION@" vernum="@PHP_VERSION_ID@" -include_dir="@includedir@/php" +include_dir="@includedir@/php5" includes="-I$include_dir -I$include_dir/main -I$include_dir/TSRM -I$include_dir/Zend -I$include_dir/ext -I$include_dir/ext/date/lib" ldflags="@PHP_LDFLAGS@" libs="@EXTRA_LIBS@" ++++++ php5-phpize.patch ++++++ --- scripts/Makefile.frag | 4 ++-- scripts/phpize.in | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) Index: scripts/Makefile.frag =================================================================== --- scripts/Makefile.frag.orig +++ scripts/Makefile.frag @@ -3,8 +3,8 @@ # Build environment install # -phpincludedir = $(includedir)/php -phpbuilddir = $(libdir)/build +phpincludedir = $(includedir)/php5 +phpbuilddir = $(datadir)/build BUILD_FILES = \ scripts/phpize.m4 \ Index: scripts/phpize.in =================================================================== --- scripts/phpize.in.orig +++ scripts/phpize.in @@ -4,8 +4,8 @@ prefix='@prefix@' datarootdir='@datarootdir@' exec_prefix="`eval echo @exec_prefix@`" -phpdir="`eval echo @libdir@`/build" -includedir="`eval echo @includedir@`/php" +phpdir="`eval echo @datadir@`/build" +includedir="`eval echo @includedir@`/php5" builddir="`pwd`" SED="@SED@" ++++++ php5-pts.patch ++++++ --- ext/standard/proc_open.c.orig +++ ext/standard/proc_open.c @@ -62,7 +62,7 @@ * */ #ifdef PHP_CAN_SUPPORT_PROC_OPEN -#if 0 && HAVE_PTSNAME && HAVE_GRANTPT && HAVE_UNLOCKPT && HAVE_SYS_IOCTL_H && HAVE_TERMIOS_H +#if HAVE_PTSNAME && HAVE_GRANTPT && HAVE_UNLOCKPT && HAVE_SYS_IOCTL_H && HAVE_TERMIOS_H # include <sys/ioctl.h> # include <termios.h> # define PHP_CAN_DO_PTS 1 ++++++ php5-suhosin-php54.patch ++++++ ++++ 714 lines (skipped) ++++++ php5-systzdata-v7.patch ++++++ ++++ 619 lines (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit php5.2404 for openSUSE:12.3:Update
by root＠hilbert.suse.de 27 Dec '13

27 Dec '13

Hello community, here is the log from the commit of package php5.2404 for openSUSE:12.3:Update checked in at 2013-12-27 09:20:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.3:Update/php5.2404 (Old) and /work/SRC/openSUSE:12.3:Update/.php5.2404.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "php5.2404" Changes: -------- New Changes file: --- /dev/null 2013-11-25 01:44:08.036031256 +0100 +++ /work/SRC/openSUSE:12.3:Update/.php5.2404.new/php5.changes 2013-12-27 09:20:14.000000000 +0100 @@ -0,0 +1,2687 @@ +------------------------------------------------------------------- +Fri Dec 13 10:34:36 UTC 2013 - pgajdos(a)suse.com + +- security update + * CVE-2013-6420.patch [bnc#854880] + * CVE-2013-6712.patch [bnc#853045] + * CVE-2013-4248.patch [bnc#837746] + +------------------------------------------------------------------- +Thu Jul 4 09:45:33 UTC 2013 - pgajdos(a)suse.com + +- security update: + * CVE-2013-4635.patch [bnc#828020] + * CVE-2013-1635.patch [bnc#807707] + * CVE-2013-1643.patch [bnc#807707] + * CVE-2013-4113.patch [bnc#829207] + +------------------------------------------------------------------- +Thu Oct 18 10:18:41 UTC 2012 - pgajdos(a)suse.com + +- fix CVE-2011-4153 CVE-2011-4153 [bnc#741859] + +------------------------------------------------------------------- +Tue Oct 16 12:37:36 UTC 2012 - coolo(a)suse.com + +- add explicit buildrequire on libbz2-devel + (having to patch old .changes file to avoid "double entry") + +------------------------------------------------------------------- +Thu Oct 11 09:16:27 UTC 2012 - pgajdos(a)suse.com + +- updated to 5.3.17: + * Fixed bug (segfault while build with zts and GOTO vm-kind) + * Fixed bug #62844 (parse_url() does not recognize // + * etc. see NEWS for details + +------------------------------------------------------------------- +Mon Aug 27 14:47:48 UTC 2012 - pgajdos(a)suse.com + +- use FilesMatch with 'SetHandler' rather than 'AddHandler' + [bnc#775852] + +------------------------------------------------------------------- +Mon Aug 27 14:44:27 UTC 2012 - pgajdos(a)suse.com + +- updated to 5.3.16: + * fixes over 20 bugs, see NEWS for more details + +------------------------------------------------------------------- +Wed Jul 25 12:48:08 UTC 2012 - pgajdos(a)suse.com + +- updated to 5.3.15: + * fixes over 30 bugs and includes a fix for a security related + overflow issue in the stream implementation (CVE-2012-2688) + [bnc#772582] and open_basedir bypass, CVE-2012-3365 [bnc#772580] + +------------------------------------------------------------------- +Mon Jun 18 17:08:57 UTC 2012 - pgajdos(a)suse.com + +- updated to 5.3.14: + * bug-fix release, see NEWS for details + +------------------------------------------------------------------- +Fri May 25 15:10:26 UTC 2012 - pgajdos(a)suse.com + +- updated to 5.3.13: various security fixes, + CVE-2012-1823, CVE-2012-2311, CVE-2012-2335, CVE-2012-2336 + * removed php-5.3.10-pcre_fullinfo.patch + * refreshed php-5.3.2-aconf26x.patch + +------------------------------------------------------------------- +Thu Mar 8 19:40:22 UTC 2012 - coolo(a)suse.com + +- fix license to spdx.org format + +------------------------------------------------------------------- +Tue Feb 28 09:08:30 UTC 2012 - pgajdos(a)suse.com + +- fixed build with new pcre (php bug 60986) + +------------------------------------------------------------------- +Sat Feb 4 16:35:07 UTC 2012 - crrodriguez(a)opensuse.org + +- Build with -fpie + +------------------------------------------------------------------- +Thu Feb 2 21:31:00 UTC 2012 - crrodriguez(a)opensuse.org + +- PHP 5.3.10, fixes CVE-2012-0830. + +------------------------------------------------------------------- +Sat Jan 28 18:52:35 UTC 2012 - crrodriguez(a)opensuse.org + +- remove unapplied patches + +------------------------------------------------------------------- +Wed Jan 18 15:17:02 UTC 2012 - pgajdos(a)suse.com + +- buildrequire libjpeg-devel + +------------------------------------------------------------------- +Tue Jan 17 08:35:44 UTC 2012 - pgajdos(a)suse.com + +- remove apache module conflict with apache2-worker [bnc#728671] +- amended README.SUSE instead + +------------------------------------------------------------------- +Wed Jan 11 01:46:14 UTC 2012 - crrodriguez(a)opensuse.org + +- Update to version 5.3.9 + * Drop already applied patches + * This update only contain minor bug fixes, it is a stop over + php 5.4.0 that should be out very soon. + +------------------------------------------------------------------- +Mon Jan 2 16:52:43 UTC 2012 - pgajdos(a)suse.com + +- security update: + * CVE-2011-4885 [bnc#738221] -- added max_input_vars directive + to prevent attacks based on hash collisions + +------------------------------------------------------------------- +Wed Dec 21 10:40:03 UTC 2011 - coolo(a)suse.com + +- add autoconf as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Tue Dec 20 12:06:57 UTC 2011 - pgajdos(a)suse.com + +- apache module conflicts with apache2-worker [bnc#728671] + +------------------------------------------------------------------- +Fri Dec 16 13:31:56 UTC 2011 - pgajdos(a)suse.com + +- security update: + * CVE-2011-4566 [bnc#733590] + * CVE-2011-1466 [bnc#736169] + +------------------------------------------------------------------- +Tue Dec 6 12:24:39 UTC 2011 - coolo(a)suse.com + +- fix license - there is no 3.1 version of php license + +------------------------------------------------------------------- +Tue Nov 29 15:32:57 UTC 2011 - pgajdos(a)suse.com + +- build php against system's libcrypt, which drops + extended DES support + * crypt-tests.patch + * no-reentrant-crypt.patch + +------------------------------------------------------------------- +Mon Nov 7 13:36:25 UTC 2011 - pgajdos(a)suse.com + +- security update: + CVE-2011-3379 [bnc#728350] + +------------------------------------------------------------------- +Sun Sep 18 22:08:00 UTC 2011 - crrodriguez(a)opensuse.org + +- Fix wrong PAGE_SIZE assumption, must use sysconf() instead +- Fix integer overflow when attempting to use more than 2 Gb + of memory. + +------------------------------------------------------------------- +Mon Sep 5 01:20:22 UTC 2011 - crrodriguez(a)opensuse.org + +- call openssl_config too in order to load user-provided + engine configuration. + +------------------------------------------------------------------- +Sat Sep 3 05:18:44 UTC 2011 - crrodriguez(a)opensuse.org + +- Cleanup patches for upcoming release. + +------------------------------------------------------------------- +Sun Aug 28 20:59:36 UTC 2011 - andrea.turrini(a)gmail.com + +- Fixed typos in php5.spec + +------------------------------------------------------------------- +Tue Aug 23 03:35:25 UTC 2011 - crrodriguez(a)opensuse.org + +- Fix very publicized critical bug in crypt() implementation + +------------------------------------------------------------------- +Fri Aug 12 02:27:08 UTC 2011 - crrodriguez(a)opensuse.org + +- Add mssql support with freetds +- Update PHP snapshot. + +------------------------------------------------------------------- +Tue Aug 9 22:11:30 UTC 2011 - crrodriguez(a)opensuse.org + +- Update snapshot, more static analyzer fixes. + +------------------------------------------------------------------- ++++ 2490 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.3:Update/.php5.2404.new/php5.changes New: ---- README.SUSE-pear README.macros install-pear-nozlib.phar macros.php php-5.2.9-BNC-457056.patch php-5.3.0-bnc513080.patch php-5.3.1-systzdata-v7.patch php-5.3.17-CVE-2013-1635.patch php-5.3.17-CVE-2013-1643.patch php-5.3.17-CVE-2013-4113.patch php-5.3.17-CVE-2013-4248.patch php-5.3.17-CVE-2013-4635.patch php-5.3.17-CVE-2013-6420.patch php-5.3.17-CVE-2013-6712.patch php-5.3.17.tar.bz2 php-5.3.2-aconf26x.patch php-5.3.2-ini.patch php-5.3.2-no-build-date.patch php-5.3.4-format-string-issues.patch php-5.3.4-pts.patch php-5.3.6-gcc_builtins.patch php-5.3.6-ini-date.timezone.patch php-5.3.8-CVE-2011-4153.patch php-5.3.8-crypt-tests.patch php-5.3.8-no-reentrant-crypt.patch php-cloexec.patch php-fpm.init php-suse-addons.tar.bz2 php5-apache_sapi_install.patch php5-missing-extdeps.patch php5-openssl.patch php5-php-config.patch php5-phpize.patch php5.changes php5.spec suhosin-0.9.33.tgz suhosin-patch-5.3.3-0.9.10.patch.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ php5.spec ++++++ ++++ 1987 lines (skipped) ++++++ README.SUSE-pear ++++++ Package php5-pear does not include Pear DB support ================================================== Php5-pear package comes without Pear DB database support, which was obsoleted by MDB2. If you need Pear DB, please install it with: #pear install --onlyreqdeps DB This is the case of Squirrelmail which requires Pear DB support. More information can be found at bugzilla.novell.com, bug #178982. ++++++ README.macros ++++++ README for php-macros Author: Christian Wittmer <chris(a)computersalat.de> %php_gen_filelist generates an rpmlint happy filelist of your installed files In most cases you only need to check the %doc part sometimes there is a "Changes" or "ChangeLog",.... Requirements for %php_gen_filelist You have to define following parts inside your spec file Example: Name: php5-pear-Date %define pear_name Date %define pear_sname date BuildRequires: php-macros Provides: php-pear-%{pear_name} pear-%{pear_name} # Fix for renaming (package convention) Provides: php5-pear-%{pear_sname} = %{version} Provides: php-pear-%{pear_sname} = %{version} Provides: pear-%{pear_sname} = %{version} Obsoletes: php5-pear-%{pear_sname} < %{version} Obsoletes: php-pear-%{pear_sname} < %{version} Obsoletes: pear-%{pear_sname} < %{version} %install %{__mv} package*.xml %{pear_name}-%{version} cd %{pear_name}-%{version} PHP_PEAR_PHP_BIN="$(which php) -d memory_limit=50m" %{__pear} -v \ -d doc_dir=/doc \ -d bin_dir=%{_bindir} \ -d data_dir=%{peardir}/data \ install --offline --nodeps -R "$RPM_BUILD_ROOT" package.xml %{__install} -D -m 0644 package.xml $RPM_BUILD_ROOT%{php_pearxmldir}/%{pear_name}.xml %{__rm} -rf $RPM_BUILD_ROOT/{doc,tmp} %{__rm} -rf "$RPM_BUILD_ROOT"/%{peardir}/.{filemap,lock,registry,channels,depdb,depdblock} %php_gen_filelist %post # on `rpm -ivh` PARAM is 1 # on `rpm -Uvh` PARAM is 2 if [ "$1" = "1" ]; then %{__pear} install --nodeps --soft --force --register-only %{php_pearxmldir}/%{pear_name}.xml fi if [ "$1" = "2" ]; then %{__pear} upgrade --offline --register-only %{php_pearxmldir}/%{pear_name}.xml fi %postun # on `rpm -e` PARAM is 0 if [ "$1" = "0" ]; then %{__pear} uninstall --nodeps --ignore-errors --register-only pear.php.net/%{pear_name} fi %clean %{__rm} -rf %{buildroot} %files -f %{name}.files %defattr(-,root,root) %doc Changes README %changelog ############################################################################# And here an Example of the generated filelist: /usr/share/php5/PEAR/Date.php %dir /usr/share/php5/PEAR/Date /usr/share/php5/PEAR/Date/Calc.php /usr/share/php5/PEAR/Date/Human.php /usr/share/php5/PEAR/Date/Span.php /usr/share/php5/PEAR/Date/TimeZone.php %dir /usr/share/php5/PEAR/test %dir /usr/share/php5/PEAR/test/Date %dir /usr/share/php5/PEAR/test/Date/tests /usr/share/php5/PEAR/test/Date/tests/test_date_methods_span.php /usr/share/php5/PEAR/test/Date/tests/testunit_date_span.php /usr/share/php5/PEAR/test/Date/tests/test_calc.php /usr/share/php5/PEAR/test/Date/tests/calc.php /usr/share/php5/PEAR/test/Date/tests/testunit_date.php /usr/share/php5/PEAR/test/Date/tests/testunit.php %dir /usr/share/php5/PEAR/test/Date/tests/bugs /usr/share/php5/PEAR/test/Date/tests/bugs/bug-727-1.phpt /usr/share/php5/PEAR/test/Date/tests/bugs/bug-727-2.phpt /usr/share/php5/PEAR/test/Date/tests/bugs/bug-727-3.phpt /usr/share/php5/PEAR/test/Date/tests/bugs/bug-727-4.phpt /usr/share/php5/PEAR/test/Date/tests/bugs/bug-674.phpt /usr/share/php5/PEAR/test/Date/tests/bugs/bug-9213.phpt /usr/share/php5/PEAR/test/Date/tests/bugs/bug-9414.phpt /usr/share/php5/PEAR/test/Date/tests/bugs/bug-8912.phpt /usr/share/php5/PEAR/test/Date/tests/bugs/bug-967.phpt /var/lib/pear/Date.xml ++++++ macros.php ++++++ # macros.php file # macros for module building. handle with care. # # Interface versions exposed by PHP: # %php_core_api @PHP_APIVER@ %php_zend_api @PHP_ZENDVER@ # Useful php macros (from Christian Wittmer <chris(a)computersalat.de>) # %__php /usr/bin/php %__phpize /usr/bin/phpize %__php_config /usr/bin/php-config %php_version %(%{__php_config} --version) # %__pear /usr/bin/pear %php_peardir %(%{__pear} config-get php_dir) %php_pearxmldir /var/lib/pear # macro: php_pear_gen_filelist # do the rpmlint happy filelist generation # with %dir in front of directories %php_pear_gen_filelist(n)\ FILES=%{name}.files\ # fgen_dir func\ # IN: dir\ fgen_dir(){\ %{__cat} >> $FILES << EOF\ %dir ${1}\ EOF\ }\ # fgen_file func\ # IN: file\ fgen_file(){\ %{__cat} >> $FILES << EOF\ ${1}\ EOF\ }\ # check for files in %{php_peardir}\ RES=`find ${RPM_BUILD_ROOT}%{php_peardir} -maxdepth 1 -type f`\ if [ -n "$RES" ]; then\ for file in $RES; do\ fgen_file "%{php_peardir}/$(basename ${file})"\ done\ fi\ \ # get all dirs into array\ base_dir="${RPM_BUILD_ROOT}%{php_peardir}/"\ for dir in `find ${base_dir} -type d | sort`; do\ if [ "$dir" = "${base_dir}" ]; then\ continue\ else\ el=`echo $dir | %{__awk} -F"${base_dir}" '{print $2}'`\ all_dir=(${all_dir[@]} $el)\ fi\ done\ \ # build filelist\ for i in ${all_dir[@]}; do\ if [ -d ${base_dir}/${i} ]; then\ RES=`find "${base_dir}/${i}" -maxdepth 1 -type f`\ if [ -n "$RES" ]; then\ fgen_dir "%{php_peardir}/${i}"\ for file in $RES; do\ fgen_file "%{php_peardir}/${i}/$(basename ${file})"\ done\ else\ fgen_dir "%{php_peardir}/${i}"\ fi\ fi\ done\ # add xml file\ fgen_file "%php_pearxmldir/%{pear_name}.xml"\ # ++++++ php-5.2.9-BNC-457056.patch ++++++ Index: ext/xml/compat.c =================================================================== --- ext/xml/compat.c.orig 2009-01-12 15:30:21.000000000 +0100 +++ ext/xml/compat.c 2009-03-14 18:32:40.000000000 +0100 @@ -482,9 +482,7 @@ XML_ParserCreate_MM(const XML_Char *enco parser->parser->charset = XML_CHAR_ENCODING_NONE; #endif -#if LIBXML_VERSION >= 20703 xmlCtxtUseOptions(parser->parser, XML_PARSE_OLDSAX); -#endif parser->parser->replaceEntities = 1; parser->parser->wellFormed = 0; ++++++ php-5.3.0-bnc513080.patch ++++++ Index: ext/exif/exif.c =================================================================== --- ext/exif/exif.c.orig 2010-01-03 10:23:27.000000000 +0100 +++ ext/exif/exif.c 2010-08-03 06:31:20.024482000 +0200 @@ -66,7 +66,7 @@ #include "ext/standard/php_image.h" #include "ext/standard/info.h" -#if defined(PHP_WIN32) || (HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING)) +#if defined(PHP_WIN32) || (HAVE_MBSTRING) #define EXIF_USE_MBSTRING 1 #else #define EXIF_USE_MBSTRING 0 ++++++ php-5.3.1-systzdata-v7.patch ++++++ ++++ 619 lines (skipped) ++++++ php-5.3.17-CVE-2013-1635.patch ++++++ X-Git-Url: http://git.php.net/?p=php-src.git;a=blobdiff_plain;f=ext%2Fsoap%2Fsoap.c;h=… Index: ext/soap/soap.c =================================================================== --- ext/soap/soap.c +++ ext/soap/soap.c @@ -594,10 +594,40 @@ ZEND_INI_MH(OnUpdateCacheMode) return SUCCESS; } +static PHP_INI_MH(OnUpdateCacheDir) +{ + /* Only do the open_basedir check at runtime */ + if (stage == PHP_INI_STAGE_RUNTIME || stage == PHP_INI_STAGE_HTACCESS) { + char *p; + + if (memchr(new_value, '\0', new_value_length) != NULL) { + return FAILURE; + } + + /* we do not use zend_memrchr() since path can contain ; itself */ + if ((p = strchr(new_value, ';'))) { + char *p2; + p++; + if ((p2 = strchr(p, ';'))) { + p = p2 + 1; + } + } else { + p = new_value; + } + + if (PG(open_basedir) && *p && php_check_open_basedir(p TSRMLS_CC)) { + return FAILURE; + } + } + + OnUpdateString(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC); + return SUCCESS; +} + PHP_INI_BEGIN() STD_PHP_INI_ENTRY("soap.wsdl_cache_enabled", "1", PHP_INI_ALL, OnUpdateCacheEnabled, cache_enabled, zend_soap_globals, soap_globals) -STD_PHP_INI_ENTRY("soap.wsdl_cache_dir", "/tmp", PHP_INI_ALL, OnUpdateString, +STD_PHP_INI_ENTRY("soap.wsdl_cache_dir", "/tmp", PHP_INI_ALL, OnUpdateCacheDir, cache_dir, zend_soap_globals, soap_globals) STD_PHP_INI_ENTRY("soap.wsdl_cache_ttl", "86400", PHP_INI_ALL, OnUpdateLong, cache_ttl, zend_soap_globals, soap_globals) ++++++ php-5.3.17-CVE-2013-1643.patch ++++++ Index: ext/libxml/libxml.c =================================================================== --- ext/libxml/libxml.c +++ ext/libxml/libxml.c @@ -261,6 +261,7 @@ static PHP_GINIT_FUNCTION(libxml) libxml_globals->stream_context = NULL; libxml_globals->error_buffer.c = NULL; libxml_globals->error_list = NULL; + libxml_globals->entity_loader_disabled = 0; } /* Channel libxml file io layer through the PHP streams subsystem. @@ -348,16 +349,15 @@ static int php_libxml_streams_IO_close(v } static xmlParserInputBufferPtr -php_libxml_input_buffer_noload(const char *URI, xmlCharEncoding enc) -{ - return NULL; -} - -static xmlParserInputBufferPtr php_libxml_input_buffer_create_filename(const char *URI, xmlCharEncoding enc) { xmlParserInputBufferPtr ret; void *context = NULL; + TSRMLS_FETCH(); + + if (LIBXML(entity_loader_disabled)) { + return NULL; + } if (URI == NULL) return(NULL); @@ -834,28 +834,25 @@ static PHP_FUNCTION(libxml_clear_errors) } /* }}} */ +PHP_LIBXML_API zend_bool php_libxml_disable_entity_loader(zend_bool disable TSRMLS_DC) +{ + zend_bool old = LIBXML(entity_loader_disabled); + + LIBXML(entity_loader_disabled) = disable; + return old; +} + /* {{{ proto bool libxml_disable_entity_loader([boolean disable]) Disable/Enable ability to load external entities */ static PHP_FUNCTION(libxml_disable_entity_loader) { zend_bool disable = 1; - xmlParserInputBufferCreateFilenameFunc old; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|b", &disable) == FAILURE) { return; } - if (disable == 0) { - old = xmlParserInputBufferCreateFilenameDefault(php_libxml_input_buffer_create_filename); - } else { - old = xmlParserInputBufferCreateFilenameDefault(php_libxml_input_buffer_noload); - } - - if (old == php_libxml_input_buffer_noload) { - RETURN_TRUE; - } - - RETURN_FALSE; + RETURN_BOOL(php_libxml_disable_entity_loader(disable TSRMLS_CC)); } /* }}} */ Index: ext/libxml/php_libxml.h =================================================================== --- ext/libxml/php_libxml.h +++ ext/libxml/php_libxml.h @@ -43,6 +43,7 @@ ZEND_BEGIN_MODULE_GLOBALS(libxml) zval *stream_context; smart_str error_buffer; zend_llist *error_list; + zend_bool entity_loader_disabled; ZEND_END_MODULE_GLOBALS(libxml) typedef struct _libxml_doc_props { @@ -93,6 +94,7 @@ PHP_LIBXML_API void php_libxml_ctx_error PHP_LIBXML_API int php_libxml_xmlCheckUTF8(const unsigned char *s); PHP_LIBXML_API zval *php_libxml_switch_context(zval *context TSRMLS_DC); PHP_LIBXML_API void php_libxml_issue_error(int level, const char *msg TSRMLS_DC); +PHP_LIBXML_API zend_bool php_libxml_disable_entity_loader(zend_bool disable TSRMLS_DC); /* Init/shutdown functions*/ PHP_LIBXML_API void php_libxml_initialize(void); Index: ext/soap/php_xml.c =================================================================== --- ext/soap/php_xml.c +++ ext/soap/php_xml.c @@ -20,6 +20,7 @@ /* $Id$ */ #include "php_soap.h" +#include "ext/libxml/php_libxml.h" #include "libxml/parser.h" #include "libxml/parserInternals.h" @@ -91,13 +92,17 @@ xmlDocPtr soap_xmlParseFile(const char * ctxt = xmlCreateFileParserCtxt(filename); PG(allow_url_fopen) = old_allow_url_fopen; if (ctxt) { + zend_bool old; + ctxt->keepBlanks = 0; ctxt->sax->ignorableWhitespace = soap_ignorableWhitespace; ctxt->sax->comment = soap_Comment; ctxt->sax->warning = NULL; ctxt->sax->error = NULL; /*ctxt->sax->fatalError = NULL;*/ + old = php_libxml_disable_entity_loader(1 TSRMLS_CC); xmlParseDocument(ctxt); + php_libxml_disable_entity_loader(old TSRMLS_CC); if (ctxt->wellFormed) { ret = ctxt->myDoc; if (ret->URL == NULL && ctxt->directory != NULL) { @@ -128,11 +133,15 @@ xmlDocPtr soap_xmlParseMemory(const void xmlParserCtxtPtr ctxt = NULL; xmlDocPtr ret; + TSRMLS_FETCH(); + /* xmlInitParser(); */ ctxt = xmlCreateMemoryParserCtxt(buf, buf_size); if (ctxt) { + zend_bool old; + ctxt->sax->ignorableWhitespace = soap_ignorableWhitespace; ctxt->sax->comment = soap_Comment; ctxt->sax->warning = NULL; @@ -141,7 +150,9 @@ xmlDocPtr soap_xmlParseMemory(const void #if LIBXML_VERSION >= 20703 ctxt->options |= XML_PARSE_HUGE; #endif + old = php_libxml_disable_entity_loader(1 TSRMLS_CC); xmlParseDocument(ctxt); + php_libxml_disable_entity_loader(old TSRMLS_CC); if (ctxt->wellFormed) { ret = ctxt->myDoc; if (ret->URL == NULL && ctxt->directory != NULL) { ++++++ php-5.3.17-CVE-2013-4113.patch ++++++ http://git.php.net/?p=php-src.git;a=commit;h=7d163e8a0880ae8af2dd869071393e… --- ext/xml/xml.c +++ ext/xml/xml.c @@ -427,7 +427,7 @@ static void xml_parser_dtor(zend_rsrc_list_entry *rsrc TSRMLS_DC) } if (parser->ltags) { int inx; - for (inx = 0; inx < parser->level; inx++) + for (inx = 0; ((inx < parser->level) && (inx < XML_MAXLEVEL)); inx++) efree(parser->ltags[ inx ]); efree(parser->ltags); } @@ -905,45 +905,50 @@ void _xml_startElementHandler(void *userData, const XML_Char *name, const XML_Ch } if (parser->data) { - zval *tag, *atr; - int atcnt = 0; + if (parser->level <= XML_MAXLEVEL) { + zval *tag, *atr; + int atcnt = 0; - MAKE_STD_ZVAL(tag); - MAKE_STD_ZVAL(atr); + MAKE_STD_ZVAL(tag); + MAKE_STD_ZVAL(atr); - array_init(tag); - array_init(atr); + array_init(tag); + array_init(atr); - _xml_add_to_info(parser,((char *) tag_name) + parser->toffset); + _xml_add_to_info(parser,((char *) tag_name) + parser->toffset); - add_assoc_string(tag,"tag",((char *) tag_name) + parser->toffset,1); /* cast to avoid gcc-warning */ - add_assoc_string(tag,"type","open",1); - add_assoc_long(tag,"level",parser->level); + add_assoc_string(tag,"tag",((char *) tag_name) + parser->toffset,1); /* cast to avoid gcc-warning */ + add_assoc_string(tag,"type","open",1); + add_assoc_long(tag,"level",parser->level); - parser->ltags[parser->level-1] = estrdup(tag_name); - parser->lastwasopen = 1; + parser->ltags[parser->level-1] = estrdup(tag_name); + parser->lastwasopen = 1; - attributes = (const XML_Char **) attrs; + attributes = (const XML_Char **) attrs; - while (attributes && *attributes) { - att = _xml_decode_tag(parser, attributes[0]); - val = xml_utf8_decode(attributes[1], strlen(attributes[1]), &val_len, parser->target_encoding); - - add_assoc_stringl(atr,att,val,val_len,0); + while (attributes && *attributes) { + att = _xml_decode_tag(parser, attributes[0]); + val = xml_utf8_decode(attributes[1], strlen(attributes[1]), &val_len, parser->target_encoding); - atcnt++; - attributes += 2; + add_assoc_stringl(atr,att,val,val_len,0); - efree(att); - } + atcnt++; + attributes += 2; - if (atcnt) { - zend_hash_add(Z_ARRVAL_P(tag),"attributes",sizeof("attributes"),&atr,sizeof(zval*),NULL); - } else { - zval_ptr_dtor(&atr); - } + efree(att); + } + + if (atcnt) { + zend_hash_add(Z_ARRVAL_P(tag),"attributes",sizeof("attributes"),&atr,sizeof(zval*),NULL); + } else { + zval_ptr_dtor(&atr); + } - zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),(void *) &parser->ctag); + zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),(void *) &parser->ctag); + } else if (parser->level == (XML_MAXLEVEL + 1)) { + TSRMLS_FETCH(); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Maximum depth exceeded - Results truncated"); + } } efree(tag_name); @@ -995,7 +1000,7 @@ void _xml_endElementHandler(void *userData, const XML_Char *name) efree(tag_name); - if (parser->ltags) { + if ((parser->ltags) && (parser->level <= XML_MAXLEVEL)) { efree(parser->ltags[parser->level-1]); } @@ -1079,18 +1084,23 @@ void _xml_characterDataHandler(void *userData, const XML_Char *s, int len) } } - MAKE_STD_ZVAL(tag); - - array_init(tag); - - _xml_add_to_info(parser,parser->ltags[parser->level-1] + parser->toffset); + if (parser->level <= XML_MAXLEVEL) { + MAKE_STD_ZVAL(tag); - add_assoc_string(tag,"tag",parser->ltags[parser->level-1] + parser->toffset,1); - add_assoc_string(tag,"value",decoded_value,0); - add_assoc_string(tag,"type","cdata",1); - add_assoc_long(tag,"level",parser->level); + array_init(tag); - zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),NULL); + _xml_add_to_info(parser,parser->ltags[parser->level-1] + parser->toffset); + + add_assoc_string(tag,"tag",parser->ltags[parser->level-1] + parser->toffset,1); + add_assoc_string(tag,"value",decoded_value,0); + add_assoc_string(tag,"type","cdata",1); + add_assoc_long(tag,"level",parser->level); + + zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),NULL); + } else if (parser->level == (XML_MAXLEVEL + 1)) { + TSRMLS_FETCH(); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Maximum depth exceeded - Results truncated"); + } } } else { efree(decoded_value); ++++++ php-5.3.17-CVE-2013-4248.patch ++++++ http://git.php.net/?p=php-src.git;a=commitdiff;h=dcea4ec698dcae39b7bba6f6aa… http://git.php.net/?p=php-src.git;a=commitdiff;h=c1c49d6e3983c9ce0b43ffe7bf… Index: ext/openssl/openssl.c =================================================================== --- ext/openssl/openssl.c.orig 2013-12-13 10:20:13.246036355 +0100 +++ ext/openssl/openssl.c 2013-12-13 10:20:57.912572160 +0100 @@ -1343,6 +1343,74 @@ } /* }}} */ +/* Special handling of subjectAltName, see CVE-2013-4073 + * Christian Heimes + */ + +static int openssl_x509v3_subjectAltName(BIO *bio, X509_EXTENSION *extension) +{ + GENERAL_NAMES *names; + const X509V3_EXT_METHOD *method = NULL; + long i, length, num; + const unsigned char *p; + + method = X509V3_EXT_get(extension); + if (method == NULL) { + return -1; + } + + p = extension->value->data; + length = extension->value->length; + if (method->it) { + names = (GENERAL_NAMES*)(ASN1_item_d2i(NULL, &p, length, + ASN1_ITEM_ptr(method->it))); + } else { + names = (GENERAL_NAMES*)(method->d2i(NULL, &p, length)); + } + if (names == NULL) { + return -1; + } + + num = sk_GENERAL_NAME_num(names); + for (i = 0; i < num; i++) { + GENERAL_NAME *name; + ASN1_STRING *as; + name = sk_GENERAL_NAME_value(names, i); + switch (name->type) { + case GEN_EMAIL: + BIO_puts(bio, "email:"); + as = name->d.rfc822Name; + BIO_write(bio, ASN1_STRING_data(as), + ASN1_STRING_length(as)); + break; + case GEN_DNS: + BIO_puts(bio, "DNS:"); + as = name->d.dNSName; + BIO_write(bio, ASN1_STRING_data(as), + ASN1_STRING_length(as)); + break; + case GEN_URI: + BIO_puts(bio, "URI:"); + as = name->d.uniformResourceIdentifier; + BIO_write(bio, ASN1_STRING_data(as), + ASN1_STRING_length(as)); + break; + default: + /* use builtin print for GEN_OTHERNAME, GEN_X400, + * GEN_EDIPARTY, GEN_DIRNAME, GEN_IPADD and GEN_RID + */ + GENERAL_NAME_print(bio, name); + } + /* trailing ', ' except for last element */ + if (i < (num - 1)) { + BIO_puts(bio, ", "); + } + } + sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free); + + return 0; +} + /* {{{ proto array openssl_x509_parse(mixed x509 [, bool shortnames=true]) Returns an array of the fields/values of the CERT */ PHP_FUNCTION(openssl_x509_parse) @@ -1439,15 +1507,30 @@ for (i = 0; i < X509_get_ext_count(cert); i++) { + int nid; extension = X509_get_ext(cert, i); - if (OBJ_obj2nid(X509_EXTENSION_get_object(extension)) != NID_undef) { + nid = OBJ_obj2nid(X509_EXTENSION_get_object(extension)); + if (nid != NID_undef) { extname = (char *)OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension))); } else { OBJ_obj2txt(buf, sizeof(buf)-1, X509_EXTENSION_get_object(extension), 1); extname = buf; } bio_out = BIO_new(BIO_s_mem()); - if (X509V3_EXT_print(bio_out, extension, 0, 0)) { + if (nid == NID_subject_alt_name) { + if (openssl_x509v3_subjectAltName(bio_out, extension) == 0) { + BIO_get_mem_ptr(bio_out, &bio_buf); + add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1); + } else { + zval_dtor(return_value); + if (certresource == -1 && cert) { + X509_free(cert); + } + BIO_free(bio_out); + RETURN_FALSE; + } + } + else if (X509V3_EXT_print(bio_out, extension, 0, 0)) { BIO_get_mem_ptr(bio_out, &bio_buf); add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1); } else { ++++++ php-5.3.17-CVE-2013-4635.patch ++++++ http://git.php.net/?p=php-src.git;a=commit;h=4828f7343b3f31d914f4d4a5545865… http://git.php.net/?p=php-src.git;a=commit;h=fc2a9d6e47ae23adb28122539b56df… diff --git a/ext/calendar/jewish.c b/ext/calendar/jewish.c index f4dc7c3..1e7a06c 100644 --- ext/calendar/jewish.c +++ ext/calendar/jewish.c @@ -272,6 +272,7 @@ #define HALAKIM_PER_METONIC_CYCLE (HALAKIM_PER_LUNAR_CYCLE * (12 * 19 + 7)) #define JEWISH_SDN_OFFSET 347997 +#define JEWISH_SDN_MAX 324542846L /* 12/13/887605, greater value raises interger overflow */ #define NEW_MOON_OF_CREATION 31524 #define SUNDAY 0 @@ -519,7 +520,7 @@ void SdnToJewish( int tishri1After; int yearLength; - if (sdn <= JEWISH_SDN_OFFSET) { + if (sdn <= JEWISH_SDN_OFFSET || sdn > JEWISH_SDN_MAX) { *pYear = 0; *pMonth = 0; *pDay = 0; ++++++ php-5.3.17-CVE-2013-6420.patch ++++++ https://bugzilla.redhat.com/attachment.cgi?id=831933&action=diff&context=pa… --- ext/openssl/openssl.c 2013-11-28 13:03:15.000000000 +0100 +++ ext/openssl/openssl.c 2013-11-28 12:57:36.000000000 +0100 @@ -688,18 +688,28 @@ char * thestr; long gmadjust = 0; - if (timestr->length < 13) { + if (ASN1_STRING_type(timestr) != V_ASN1_UTCTIME) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "illegal ASN1 data type for timestamp"); + return (time_t)-1; + } + + if (ASN1_STRING_length(timestr) != strlen(ASN1_STRING_data(timestr))) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "illegal length in timestamp"); + return (time_t)-1; + } + + if (ASN1_STRING_length(timestr) < 13) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "extension author too lazy to parse %s correctly", timestr->data); return (time_t)-1; } - strbuf = estrdup((char *)timestr->data); + strbuf = estrdup((char *)ASN1_STRING_data(timestr)); memset(&thetime, 0, sizeof(thetime)); /* we work backwards so that we can use atoi more easily */ - thestr = strbuf + timestr->length - 3; + thestr = strbuf + ASN1_STRING_length(timestr) - 3; thetime.tm_sec = atoi(thestr); *thestr = '\0'; ++++++ php-5.3.17-CVE-2013-6712.patch ++++++ From: Remi Collet <remi(a)php.net> Date: Wed, 27 Nov 2013 10:13:16 +0000 (+0100) Subject: Fixed bug #66060 (Heap buffer over-read in DateInterval) X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=commitdiff_plain;h=12fe4e90be7bfa2… Fixed bug #66060 (Heap buffer over-read in DateInterval) --- --- ext/date/lib/parse_iso_intervals.re +++ ext/date/lib/parse_iso_intervals.re @@ -383,7 +383,7 @@ isoweek = year4 "-"? "W" weekofyear; break; } ptr++; - } while (*ptr); + } while (!s->errors->error_count && *ptr); s->have_period = 1; TIMELIB_DEINIT; return TIMELIB_PERIOD; ++++++ php-5.3.2-aconf26x.patch ++++++ Index: scripts/phpize.m4 =================================================================== --- scripts/phpize.m4.orig +++ scripts/phpize.m4 @@ -1,6 +1,6 @@ dnl This file becomes configure.in for self-contained extensions. -divert(1) +divert(1001) AC_PREREQ(2.13) AC_INIT(config.m4) @@ -23,7 +23,8 @@ test -z "$CFLAGS" && auto_cflags=1 abs_srcdir=`(cd $srcdir && pwd)` abs_builddir=`pwd` -AC_PROG_CC([cc gcc]) +AC_PROG_CC_STDC +AC_USE_SYSTEM_EXTENSIONS PHP_DETECT_ICC PHP_DETECT_SUNCC AC_PROG_CC_C_O Index: ext/standard/config.m4 =================================================================== --- ext/standard/config.m4.orig +++ ext/standard/config.m4 @@ -1,6 +1,6 @@ dnl $Id$ -*- autoconf -*- -divert(3)dnl +divert(1003)dnl dnl dnl Check if flush should be called explicitly after buffered io @@ -342,7 +342,7 @@ dnl AC_CHECK_FUNCS(getcwd getwd asinh acosh atanh log1p hypot glob strfmon nice fpclass isinf isnan mempcpy strpncpy) AC_FUNC_FNMATCH -divert(5)dnl +divert(1005)dnl dnl dnl Check if there is a support means of creating a new process Index: configure.in =================================================================== --- configure.in.orig +++ configure.in @@ -1,7 +1,7 @@ ## $Id$ -*- autoconf -*- dnl ## Process this file with autoconf to produce a configure script. -divert(1) +divert(1001) dnl ## Diversion 1 is the autoconf + automake setup phase. We also dnl ## set the PHP version, deal with platform-specific compile @@ -125,12 +125,12 @@ rm -f libs/* dnl Checks for programs. dnl ------------------------------------------------------------------------- -AC_PROG_CC([cc gcc]) +AC_USE_SYSTEM_EXTENSIONS PHP_DETECT_ICC PHP_DETECT_SUNCC AC_PROG_CC_C_O dnl Change to AC_PROG_CC_STDC when we start requiring a post-2.13 autoconf -dnl AC_PROG_CC_STDC +AC_PROG_CC_STDC AC_PROG_CPP AC_AIX AC_PROG_LN_S @@ -290,7 +290,7 @@ sinclude(TSRM/threads.m4) sinclude(TSRM/tsrm.m4) -divert(2) +divert(1002) dnl ## Diversion 2 is where we set PHP-specific options and come up dnl ## with reasonable default values for them. We check for pthreads here @@ -329,7 +329,7 @@ if test "$enable_maintainer_zts" = "yes" PTHREADS_FLAGS fi -divert(3) +divert(1003) dnl ## In diversion 3 we check for compile-time options to the PHP dnl ## core and how to deal with different system dependencies. @@ -683,7 +683,7 @@ if test "x$php_crypt_r" = "x1"; then PHP_CRYPT_R_STYLE fi -divert(4) +divert(1004) dnl ## In diversion 4 we check user-configurable general settings. @@ -924,7 +924,7 @@ else AC_MSG_RESULT([using system default]) fi -divert(5) +divert(1005) dnl ## In diversion 5 we check which extensions should be compiled. dnl ## All of these are normally in the extension directories. @@ -1351,7 +1351,8 @@ AC_PROVIDE_IFELSE([PHP_REQUIRE_CXX], [], undefine([AC_PROG_CXXCPP]) AC_DEFUN([AC_PROG_CXXCPP], [php_prog_cxxcpp=disabled]) ]) -AC_PROG_LIBTOOL +LT_INIT([disable-static pic-only dlopen]) +#AC_PROG_LIBTOOL if test "$enable_debug" != "yes"; then PHP_SET_LIBTOOL_VARIABLE([--silent]) Index: build/buildcheck.sh =================================================================== --- build/buildcheck.sh.orig +++ build/buildcheck.sh @@ -51,7 +51,7 @@ if test "$1" = "2" -a "$2" -gt "59"; the echo " On Debian/Ubuntu both autoconf2.13 and autoconf2.59 packages exist." echo " Install autoconf2.13 and set the PHP_AUTOCONF env var to " echo " autoconf2.13 and try again." - exit 1 +# exit 1 else echo "buildconf: autoconf version $ac_version (ok)" fi ++++++ php-5.3.2-ini.patch ++++++ Index: php.ini-production =================================================================== --- php.ini-production.orig 2010-06-24 02:15:12.000000000 +0200 +++ php.ini-production 2010-08-03 06:31:20.319461000 +0200 @@ -781,7 +781,7 @@ default_mimetype = "text/html" ;;;;;;;;;;;;;;;;;;;;;;;;; ; UNIX: "/path1:/path2" -;include_path = ".:/php/includes" +include_path = ".:/usr/share/php5:/usr/share/php5/PEAR" ; ; Windows: "\path1;\path2" ;include_path = ".;c:\php\includes" @@ -1189,7 +1189,7 @@ mysql.allow_local_infile = On ; Allow or prevent persistent links. ; http://php.net/mysql.allow-persistent -mysql.allow_persistent = On +mysql.allow_persistent = Off ; If mysqlnd is used: Number of cache slots for the internal result set cache ; http://php.net/mysql.cache_size @@ -1252,7 +1252,7 @@ mysqli.max_persistent = -1 ; Allow or prevent persistent links. ; http://php.net/mysqli.allow-persistent -mysqli.allow_persistent = On +mysqli.allow_persistent = Off ; Maximum number of links. -1 means no limit. ; http://php.net/mysqli.max-links @@ -1474,7 +1474,7 @@ session.save_handler = files ; where MODE is the octal representation of the mode. Note that this ; does not overwrite the process's umask. ; http://php.net/session.save-path -;session.save_path = "/tmp" +session.save_path = "/var/lib/php5" ; Whether to use cookies. ; http://php.net/session.use-cookies @@ -1590,14 +1590,14 @@ session.referer_check = ; How many bytes to read from the file. ; http://php.net/session.entropy-length -session.entropy_length = 0 +session.entropy_length = 32 ; Specified here to create the session id. ; http://php.net/session.entropy-file ; On systems that don't have /dev/urandom /dev/arandom can be used ; On windows, setting the entropy_length setting will activate the ; Windows random source (using the CryptoAPI) -;session.entropy_file = /dev/urandom +session.entropy_file = /dev/urandom ; Set to {nocache,private,public,} to determine HTTP caching aspects ; or leave this empty to avoid sending anti-caching headers. @@ -1628,7 +1628,7 @@ session.use_trans_sid = 0 ; the hash extension. A list of available hashes is returned by the hash_algos() ; function. ; http://php.net/session.hash-function -session.hash_function = 0 +session.hash_function = sha256 ; Define how many bits are stored in each character when converting ; the binary hash data to something readable. ++++++ php-5.3.2-no-build-date.patch ++++++ --- ext/standard/info.c.orig +++ ext/standard/info.c @@ -697,7 +697,7 @@ PHPAPI void php_print_info(int flag TSRM php_info_print_box_end(); php_info_print_table_start(); php_info_print_table_row(2, "System", php_uname ); - php_info_print_table_row(2, "Build Date", __DATE__ " " __TIME__ ); + /* php_info_print_table_row(2, "Build Date", __DATE__ " " __TIME__ ); */ #ifdef COMPILER php_info_print_table_row(2, "Compiler", COMPILER); #endif @@ -705,7 +705,7 @@ PHPAPI void php_print_info(int flag TSRM php_info_print_table_row(2, "Architecture", ARCHITECTURE); #endif #ifdef CONFIGURE_COMMAND - php_info_print_table_row(2, "Configure Command", CONFIGURE_COMMAND ); + /* php_info_print_table_row(2, "Configure Command", CONFIGURE_COMMAND ); */ #endif if (sapi_module.pretty_name) { --- sapi/fpm/fpm/fpm_main.c.orig +++ sapi/fpm/fpm/fpm_main.c @@ -1700,7 +1700,7 @@ int main(int argc, char *argv[]) #if ZEND_DEBUG php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2009 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); #else - php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2009 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); + php_printf("PHP %s (%s)\nCopyright (c) 1997-2009 The PHP Group\n%s", PHP_VERSION, sapi_module.name, get_zend_version()); #endif php_request_shutdown((void *) 0); fcgi_shutdown(); --- configure.in.orig +++ configure.in @@ -1192,8 +1192,8 @@ fi EXTRA_LDFLAGS="$EXTRA_LDFLAGS $PHP_LDFLAGS" EXTRA_LDFLAGS_PROGRAM="$EXTRA_LDFLAGS_PROGRAM $PHP_LDFLAGS" - -PHP_BUILD_DATE=`date '+%Y-%m-%d'` +#totally fake, not used anywhere in userspace +PHP_BUILD_DATE="1970-01-01" AC_DEFINE_UNQUOTED(PHP_BUILD_DATE,"$PHP_BUILD_DATE",[PHP build date]) case $host_alias in @@ -1204,7 +1204,8 @@ case $host_alias in AC_DEFINE_UNQUOTED(PHP_UNAME,"$PHP_UNAME",[hardcode for each of the cross compiler host]) ;; *) - PHP_UNAME=`uname -a | xargs` +dnl Totally fake, it wasnt and will never be reliable anyway. + PHP_UNAME="Linux suse 2.6.36 #1 SMP 2011-02-21 10:34:10 +0100 x86_64 x86_64 x86_64 GNU/Linux" AC_DEFINE_UNQUOTED(PHP_UNAME,"$PHP_UNAME",[uname -a output]) PHP_OS=`uname | xargs` AC_DEFINE_UNQUOTED(PHP_OS,"$PHP_OS",[uname output]) ++++++ php-5.3.4-format-string-issues.patch ++++++ --- main/snprintf.h.orig +++ main/snprintf.h @@ -83,7 +83,7 @@ PHPAPI int ap_php_vslprintf(char *buf, s PHPAPI int ap_php_snprintf(char *, size_t, const char *, ...); PHPAPI int ap_php_vsnprintf(char *, size_t, const char *, va_list ap); PHPAPI int ap_php_vasprintf(char **buf, const char *format, va_list ap); -PHPAPI int ap_php_asprintf(char **buf, const char *format, ...); +PHPAPI int ap_php_asprintf(char **buf, const char *format, ...) PHP_ATTRIBUTE_FORMAT(printf, 2, 3); PHPAPI int php_sprintf (char* s, const char* format, ...) PHP_ATTRIBUTE_FORMAT(printf, 2, 3); PHPAPI char * php_gcvt(double value, int ndigit, char dec_point, char exponent, char *buf); PHPAPI char * php_conv_fp(register char format, register double num, --- main/main.c.orig +++ main/main.c @@ -898,7 +898,7 @@ PHPAPI void php_html_puts(const char *st /* {{{ php_error_cb extended error handling function */ -static void php_error_cb(int type, const char *error_filename, const uint error_lineno, const char *format, va_list args) +static PHP_ATTRIBUTE_FORMAT(printf, 4, 0) void php_error_cb(int type, const char *error_filename, const uint error_lineno, const char *format, va_list args) { char *buffer; int buffer_len, display; --- Zend/zend.h.orig +++ Zend/zend.h @@ -146,6 +146,14 @@ char *alloca (); # define ZEND_ATTRIBUTE_MALLOC #endif +#if ZEND_GCC_VERSION >= 4003 +#define ZEND_ATTR_ALLOC_SIZE(x) __attribute__((__alloc_size__(x))) +#define ZEND_ATTR_ALLOC_SIZE2(x,y) __attribute__((__alloc_size__(x,y))) +#else +#define ZEND_ATTR_ALLOC_SIZE(x) +#define ZEND_ATTR_ALLOC_SIZE2(x,y) +#endif + #if ZEND_GCC_VERSION >= 2007 # define ZEND_ATTRIBUTE_FORMAT(type, idx, first) __attribute__ ((format(type, idx, first))) #else --- Zend/zend_alloc.h.orig +++ Zend/zend_alloc.h @@ -54,14 +54,14 @@ BEGIN_EXTERN_C() ZEND_API char *zend_strndup(const char *s, unsigned int length) ZEND_ATTRIBUTE_MALLOC; -ZEND_API void *_emalloc(size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC; -ZEND_API void *_safe_emalloc(size_t nmemb, size_t size, size_t offset ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC; -ZEND_API void *_safe_malloc(size_t nmemb, size_t size, size_t offset) ZEND_ATTRIBUTE_MALLOC; +ZEND_API void *_emalloc(size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC ZEND_ATTR_ALLOC_SIZE(1); +ZEND_API void *_safe_emalloc(size_t nmemb, size_t size, size_t offset ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC ZEND_ATTR_ALLOC_SIZE2(1,2); +ZEND_API void *_safe_malloc(size_t nmemb, size_t size, size_t offset) ZEND_ATTRIBUTE_MALLOC ZEND_ATTR_ALLOC_SIZE2(1,2); ZEND_API void _efree(void *ptr ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC); -ZEND_API void *_ecalloc(size_t nmemb, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC; -ZEND_API void *_erealloc(void *ptr, size_t size, int allow_failure ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC); -ZEND_API void *_safe_erealloc(void *ptr, size_t nmemb, size_t size, size_t offset ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC); -ZEND_API void *_safe_realloc(void *ptr, size_t nmemb, size_t size, size_t offset); +ZEND_API void *_ecalloc(size_t nmemb, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC ZEND_ATTR_ALLOC_SIZE2(1,2); +ZEND_API void *_erealloc(void *ptr, size_t size, int allow_failure ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTR_ALLOC_SIZE(2); +ZEND_API void *_safe_erealloc(void *ptr, size_t nmemb, size_t size, size_t offset ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTR_ALLOC_SIZE2(2,3); +ZEND_API void *_safe_realloc(void *ptr, size_t nmemb, size_t size, size_t offset) ZEND_ATTR_ALLOC_SIZE2(2,3); ZEND_API char *_estrdup(const char *s ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC; ZEND_API char *_estrndup(const char *s, unsigned int length ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC; ZEND_API size_t _zend_mem_block_size(void *ptr TSRMLS_DC ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC); @@ -90,7 +90,7 @@ ZEND_API size_t _zend_mem_block_size(voi #define estrndup_rel(s, length) _estrndup((s), (length) ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_CC) #define zend_mem_block_size_rel(ptr) _zend_mem_block_size((ptr) TSRMLS_CC ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_CC) -inline static void * __zend_malloc(size_t len) +inline static ZEND_ATTR_ALLOC_SIZE(1) void * __zend_malloc(size_t len) { void *tmp = malloc(len); if (tmp) { @@ -100,14 +100,14 @@ inline static void * __zend_malloc(size_ exit(1); } -inline static void * __zend_calloc(size_t nmemb, size_t len) +inline static ZEND_ATTR_ALLOC_SIZE2(1,2) void * __zend_calloc(size_t nmemb, size_t len) { void *tmp = _safe_malloc(nmemb, len, 0); memset(tmp, 0, nmemb * len); return tmp; } -inline static void * __zend_realloc(void *p, size_t len) +inline static ZEND_ATTR_ALLOC_SIZE(2) void * __zend_realloc(void *p, size_t len) { p = realloc(p, len); if (p) { --- sapi/cli/php_cli.c.orig +++ sapi/cli/php_cli.c @@ -826,8 +826,8 @@ int main(int argc, char *argv[]) } request_started = 1; - php_printf("PHP %s (%s) (built: %s %s) %s\nCopyright (c) 1997-2012 The PHP Group\n%s", - PHP_VERSION, sapi_module.name, __DATE__, __TIME__, + php_printf("PHP %s (%s) %s\nCopyright (c) 1997-2012 The PHP Group\n%s", + PHP_VERSION, sapi_module.name, #if ZEND_DEBUG && defined(HAVE_GCOV) "(DEBUG GCOV)", #elif ZEND_DEBUG --- sapi/cgi/cgi_main.c.orig +++ sapi/cgi/cgi_main.c @@ -1935,7 +1935,7 @@ consult the installation file that came #if ZEND_DEBUG php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2012 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); #else - php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2012 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); + php_printf("PHP %s (%s)\nCopyright (c) 1997-2012 The PHP Group\n%s", PHP_VERSION, sapi_module.name, get_zend_version()); #endif php_request_shutdown((void *) 0); fcgi_shutdown(); ++++++ php-5.3.4-pts.patch ++++++ --- ext/standard/proc_open.c.orig +++ ext/standard/proc_open.c @@ -62,7 +62,7 @@ * */ #ifdef PHP_CAN_SUPPORT_PROC_OPEN -#if 0 && HAVE_PTSNAME && HAVE_GRANTPT && HAVE_UNLOCKPT && HAVE_SYS_IOCTL_H && HAVE_TERMIOS_H +#if HAVE_PTSNAME && HAVE_GRANTPT && HAVE_UNLOCKPT && HAVE_SYS_IOCTL_H && HAVE_TERMIOS_H # include <sys/ioctl.h> # include <termios.h> # define PHP_CAN_DO_PTS 1 ++++++ php-5.3.6-gcc_builtins.patch ++++++ --- Zend/zend_alloc.c.orig +++ Zend/zend_alloc.c @@ -36,7 +36,7 @@ # include <wincrypt.h> # include <process.h> #endif - +#include <x86intrin.h> #ifndef ZEND_MM_HEAP_PROTECTION # define ZEND_MM_HEAP_PROTECTION ZEND_DEBUG #endif @@ -665,10 +665,7 @@ static inline unsigned int zend_mm_high_ __asm__("bsrl %1,%0\n\t" : "=r" (n) : "rm" (_size)); return n; #elif defined(__GNUC__) && defined(__x86_64__) - unsigned long n; - - __asm__("bsrq %1,%0\n\t" : "=r" (n) : "rm" (_size)); - return (unsigned int)n; + return __bsrq(_size); #elif defined(_MSC_VER) && defined(_M_IX86) __asm { bsr eax, _size @@ -691,10 +688,7 @@ static inline unsigned int zend_mm_low_b __asm__("bsfl %1,%0\n\t" : "=r" (n) : "rm" (_size)); return n; #elif defined(__GNUC__) && defined(__x86_64__) - unsigned long n; - - __asm__("bsfq %1,%0\n\t" : "=r" (n) : "rm" (_size)); - return (unsigned int)n; + return __bsfq(_size); #elif defined(_MSC_VER) && defined(_M_IX86) __asm { bsf eax, _size ++++++ php-5.3.6-ini-date.timezone.patch ++++++ Index: php.ini-production =================================================================== --- php.ini-production.orig +++ php.ini-production @@ -993,7 +993,7 @@ default_socket_timeout = 60 [Date] ; Defines the default timezone used by the date functions ; http://php.net/date.timezone -;date.timezone = +date.timezone = 'UTC' ; http://php.net/date.default-latitude ;date.default_latitude = 31.7667 ++++++ php-5.3.8-CVE-2011-4153.patch ++++++ http://svn.php.net/viewvc?view=revision&revision=319442 http://svn.php.net/viewvc?view=revision&revision=319453 #-0- Zend/zend_builtin_functions.c #-1- ext/soap/php_sdl.c #-2- ext/standard/syslog.c #-3- N/A for 5.3.8 #-4- N/A #-5- N/A #-6- ext/session/mod_files.c ext/standard/file.c Index: Zend/zend_builtin_functions.c =================================================================== --- Zend/zend_builtin_functions.c.orig +++ Zend/zend_builtin_functions.c @@ -683,6 +683,9 @@ repeat: } c.flags = case_sensitive; /* non persistent */ c.name = zend_strndup(name, name_len); + if(c.name == NULL) { + RETURN_FALSE; + } c.name_len = name_len+1; c.module_number = PHP_USER_CONSTANT; if (zend_register_constant(&c TSRMLS_CC) == SUCCESS) { Index: ext/standard/syslog.c =================================================================== --- ext/standard/syslog.c.orig +++ ext/standard/syslog.c @@ -234,6 +234,9 @@ PHP_FUNCTION(openlog) free(BG(syslog_device)); } BG(syslog_device) = zend_strndup(ident, ident_len); + if(BG(syslog_device) == NULL) { + RETURN_FALSE; + } openlog(BG(syslog_device), option, facility); RETURN_TRUE; } Index: ext/soap/php_sdl.c =================================================================== --- ext/soap/php_sdl.c.orig +++ ext/soap/php_sdl.c @@ -147,6 +147,10 @@ encodePtr get_encoder(sdlPtr sdl, const memcpy(new_enc, enc, sizeof(encode)); if (sdl->is_persistent) { new_enc->details.ns = zend_strndup(ns, ns_len); + if (new_enc->details.ns == NULL) { + efree(nscat); + return NULL; + } new_enc->details.type_str = strdup(new_enc->details.type_str); } else { new_enc->details.ns = estrndup(ns, ns_len); Index: ext/standard/file.c =================================================================== --- ext/standard/file.c.orig +++ ext/standard/file.c @@ -2612,10 +2612,15 @@ PHP_FUNCTION(fnmatch) Returns directory path used for temporary files */ PHP_FUNCTION(sys_get_temp_dir) { + char *tmp_dir; if (zend_parse_parameters_none() == FAILURE) { return; } - RETURN_STRING((char *)php_get_temporary_directory(), 1); + tmp_dir = (char *)php_get_temporary_directory(); + if (tmp_dir == NULL) { + return; + } + RETURN_STRING(tmp_dir, 1); } /* }}} */ Index: ext/session/mod_files.c =================================================================== --- ext/session/mod_files.c.orig +++ ext/session/mod_files.c @@ -273,6 +273,9 @@ PS_OPEN_FUNC(files) if (*save_path == '\0') { /* if save path is an empty string, determine the temporary dir */ save_path = php_get_temporary_directory(); + if (save_path == NULL) { + return FAILURE; + } if (PG(safe_mode) && (!php_checkuid(save_path, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { return FAILURE; ++++++ php-5.3.8-crypt-tests.patch ++++++ Index: ext/standard/config.m4 =================================================================== --- ext/standard/config.m4.orig +++ ext/standard/config.m4 @@ -60,7 +60,14 @@ if test "$ac_cv_func_crypt" = "no"; then AC_DEFINE(HAVE_CRYPT, 1, [ ]) ]) fi - + +if test "$ac_cv_func_crypt" = "no"; then + AC_CHECK_LIB(crypt, crypt_r, [ + LIBS="-lcrypt $LIBS -lcrypt" + AC_DEFINE(HAVE_CRYPT_R, 1, [ ]) + ]) +fi + AC_CACHE_CHECK(for standard DES crypt, ac_cv_crypt_des,[ AC_TRY_RUN([ #if HAVE_UNISTD_H @@ -172,7 +179,7 @@ main() { ac_cv_crypt_blowfish=no ])]) -AC_CACHE_CHECK(for SHA512 crypt, ac_cv_crypt_SHA512,[ +AC_CACHE_CHECK(for SHA512 crypt, ac_cv_crypt_sha512,[ AC_TRY_RUN([ #if HAVE_UNISTD_H #include <unistd.h> @@ -184,24 +191,22 @@ AC_TRY_RUN([ main() { #if HAVE_CRYPT - char salt[30], answer[80]; + char salt[120]; - salt[0]='$'; salt[1]='6'; salt[2]='$'; salt[3]='$'; salt[4]='b'; salt[5]='a'; salt[6]='r'; salt[7]='\0'; - strcpy(answer, salt); - strcpy(&answer[29],"$6$$QMXjqd7rHQZPQ1yHsXkQqC1FBzDiVfTHXL.LaeDAeVV.IzMaV9VU4MQ8kPuZa2SOP1A0RPm772EaFYjpEJtdu."); - exit (strcmp((char *)crypt("foo",salt),answer)); + strcpy(salt, "\$6\$rounds=5000\$usesomesillystri\$D4IrlXatmP7rx3P3InaxBeoomnAihCKRVQP22JZ6EY47Wc6BkroIuUUBOov1i.S5KPgErtP/EN5mcO.ChWQW21"); + exit (strcmp((char *)crypt("rasmuslerdorf",salt),salt)); #else exit(0); #endif }],[ - ac_cv_crypt_SHA512=yes + ac_cv_crypt_sha512=yes ],[ - ac_cv_crypt_SHA512=no + ac_cv_crypt_sha512=no ],[ - ac_cv_crypt_SHA512=no + ac_cv_crypt_sha512=no ])]) -AC_CACHE_CHECK(for SHA256 crypt, ac_cv_crypt_SHA256,[ +AC_CACHE_CHECK(for SHA256 crypt, ac_cv_crypt_sha256,[ AC_TRY_RUN([ #if HAVE_UNISTD_H #include <unistd.h> @@ -213,28 +218,31 @@ AC_TRY_RUN([ main() { #if HAVE_CRYPT - char salt[30], answer[80]; - salt[0]='$'; salt[1]='5'; salt[2]='$'; salt[3]='$'; salt[4]='s'; salt[5]='a'; salt[6]='l'; salt[7]='t'; salt[8]='s'; salt[9]='t'; salt[10]='r'; salt[11]='i'; salt[12]='n'; salt[13]='g'; salt[14]='\0'; - strcat(salt,""); - strcpy(answer, salt); - strcpy(&answer[29], "$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5"); - exit (strcmp((char *)crypt("foo",salt),answer)); + char salt[80]; + strcpy(salt, "\$5\$rounds=5000\$usesomesillystri\$KqJWpanXZHKq2BOB43TSaYhEWsQ1Lr5QNyPCDH/Tp.6"); + exit (strcmp((char *)crypt("rasmuslerdorf",salt),salt)); #else exit(0); #endif }],[ - ac_cv_crypt_SHA256=yes + ac_cv_crypt_sha256=yes ],[ - ac_cv_crypt_SHA256=no + ac_cv_crypt_sha256=no ],[ - ac_cv_crypt_SHA256=no + ac_cv_crypt_sha256=no ])]) dnl -dnl If one of them is missing, use our own implementation, portable code is then possible +dnl If one of them or crypt_r() is missing, use our own implementation, portable code is then possible dnl -if test "$ac_cv_crypt_blowfish" = "no" || test "$ac_cv_crypt_des" = "no" || test "$ac_cv_crypt_ext_des" = "no" || test "x$php_crypt_r" = "x0"; then +if test "$ac_cv_crypt_des" = "no" || + /* test "$ac_cv_crypt_ext_des" = "no" ||*/ + test "$ac_cv_crypt_md5" = "no" || + test "$ac_cv_crypt_blowfish" = "no" || + test "$ac_cv_crypt_sha512" = "no" || + test "$ac_cv_crypt_sha256" = "no" || + test "$ac_cv_lib_crypt_crypt_r" = "no"; then dnl dnl Check for __alignof__ support in the compiler ++++++ php-5.3.8-no-reentrant-crypt.patch ++++++ Index: ext/standard/crypt.c =================================================================== --- ext/standard/crypt.c +++ ext/standard/crypt.c @@ -302,6 +302,8 @@ PHP_FUNCTION(crypt) RETURN_STRING(crypt_res, 1); } } +# else + RETURN_STRING(crypt(str, salt), 1); # endif #endif } ++++++ php-cloexec.patch ++++++ Index: ext/standard/exec.c =================================================================== --- ext/standard/exec.c.orig 2010-03-12 11:28:59.000000000 +0100 +++ ext/standard/exec.c 2010-08-03 06:31:21.692327000 +0200 @@ -107,8 +107,12 @@ PHPAPI int php_exec(int type, char *cmd, #ifdef PHP_WIN32 fp = VCWD_POPEN(cmd_p, "rb"); #else +#if defined(__linux__) && __GLIBC_PREREQ(2, 9) + fp = VCWD_POPEN(cmd_p, "re"); +#else fp = VCWD_POPEN(cmd_p, "r"); #endif +#endif if (!fp) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to fork [%s]", cmd); goto err; Index: ext/standard/file.c =================================================================== --- ext/standard/file.c.orig 2010-05-02 22:11:22.000000000 +0200 +++ ext/standard/file.c 2010-08-03 06:31:21.701320000 +0200 @@ -957,6 +957,13 @@ PHP_FUNCTION(popen) } } #endif +#if defined(__linux__) && __GLIBC_PREREQ(2, 9) + char *e = memchr(posix_mode, 'e', mode_len); + if (e) { + memmove(e, e + 1, mode_len - (e - posix_mode)); + } +#endif + if (PG(safe_mode)){ b = strchr(command, ' '); if (!b) { Index: ext/standard/mail.c =================================================================== --- ext/standard/mail.c.orig 2010-07-19 15:38:53.000000000 +0200 +++ ext/standard/mail.c 2010-08-03 06:31:21.709286000 +0200 @@ -294,8 +294,12 @@ PHPAPI int php_mail(char *to, char *subj * (e.g. the shell can't be executed) we explicitely set it to 0 to be * sure we don't catch any older errno value. */ errno = 0; +#if defined(__linux__) && __GLIBC_PREREQ(2, 9) + sendmail = popen(sendmail_cmd, "we"); +#else sendmail = popen(sendmail_cmd, "w"); #endif +#endif if (extra_cmd != NULL) { efree (sendmail_cmd); } ++++++ php-fpm.init ++++++ #!/bin/sh # # Template SUSE system startup script for example service/daemon php-fpm # Copyright (C) 1995--2005 Kurt Garloff, SUSE / Novell Inc. # # This library is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as published by # the Free Software Foundation; either version 2.1 of the License, or (at # your option) any later version. # # This library is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, # USA. # # /etc/init.d/php-fpm # and its symbolic link # /(usr/)sbin/rcphp-fpm # # Template system startup script for some example service/daemon php-fpm # # LSB compatible service control script; see http://www.linuxbase.org/spec/ # # Note: This template uses functions rc_XXX defined in /etc/rc.status on # UnitedLinux/SUSE/Novell based Linux distributions. If you want to base your # script on this template and ensure that it works on non UL based LSB # compliant Linux distributions, you either have to provide the rc.status # functions from UL or change the script to work without them. # See skeleton.compat for a template that works with other distros as well. # ### BEGIN INIT INFO # Provides: php-fpm # Required-Start: $remote_fs $network # Should-Start: nginx lighttpd httpd # Required-Stop: $network $remote_fs # Should-Stop: nginx lighttpd httpd # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: php-fpm daemon # Description: Start php-fpm to # continued on second line by '#<TAB>' # should contain enough info for the runlevel editor # to give admin some idea what this service does and # what it's needed for ... # (The Short-Description should already be a good hint.) ### END INIT INFO # # Any extensions to the keywords given above should be preceeded by # X-VendorTag- (X-UnitedLinux- X-SuSE- for us) according to LSB. # # Notes on Required-Start/Should-Start: # * There are two different issues that are solved by Required-Start # and Should-Start # (a) Hard dependencies: This is used by the runlevel editor to determine # which services absolutely need to be started to make the start of # this service make sense. Example: nfsserver should have # Required-Start: $portmap # Also, required services are started before the dependent ones. # The runlevel editor will warn about such missing hard dependencies # and suggest enabling. During system startup, you may expect an error, # if the dependency is not fulfilled. # (b) Specifying the init script ordering, not real (hard) dependencies. # This is needed by insserv to determine which service should be # started first (and at a later stage what services can be started # in parallel). The tag Should-Start: is used for this. # It tells, that if a service is available, it should be started # before. If not, never mind. # * When specifying hard dependencies or ordering requirements, you can # use names of services (contents of their Provides: section) # or pseudo names starting with a $. The following ones are available # according to LSB (1.1): # $local_fs all local file systems are mounted # (most services should need this!) # $remote_fs all remote file systems are mounted # (note that /usr may be remote, so # many services should Require this!) # $syslog system logging facility up # $network low level networking (eth card, ...) # $named hostname resolution available # $netdaemons all network daemons are running # The $netdaemons pseudo service has been removed in LSB 1.2. # For now, we still offer it for backward compatibility. # These are new (LSB 1.2): # $time the system time has been set correctly # $portmap SunRPC portmapping service available # UnitedLinux extensions: # $ALL indicates that a script should be inserted # at the end # * The services specified in the stop tags # (Required-Stop/Should-Stop) # specify which services need to be still running when this service # is shut down. Often the entries there are just copies or a subset # from the respective start tag. # * Should-Start/Stop are now part of LSB as of 2.0, # formerly SUSE/Unitedlinux used X-UnitedLinux-Should-Start/-Stop. # insserv does support both variants. # * X-UnitedLinux-Default-Enabled: yes/no is used at installation time # (%fillup_and_insserv macro in %post of many RPMs) to specify whether # a startup script should default to be enabled after installation. # It's not used by insserv. # # Note on runlevels: # 0 - halt/poweroff 6 - reboot # 1 - single user 2 - multiuser without network exported # 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm) # # Note on script names: # http://www.linuxbase.org/spec/refspecs/LSB_1.3.0/gLSB/gLSB/scrptnames.html # A registry has been set up to manage the init script namespace. # http://www.lanana.org/ # Please use the names already registered or register one or use a # vendor prefix. # Check for missing binaries (stale symlinks should not happen) # Note: Special treatment of stop for LSB conformance PHPFPM_BIN=/usr/sbin/php-fpm test -x $PHPFPM_BIN || { echo "$PHPFPM_BIN not installed"; if [ "$1" = "stop" ]; then exit 0; else exit 5; fi; } FPM_CONFIG="--fpm-config /etc/php5/fpm/php-fpm.conf" # Source LSB init functions # providing start_daemon, killproc, pidofproc, # log_success_msg, log_failure_msg and log_warning_msg. # This is currently not used by UnitedLinux based distributions and # not needed for init scripts for UnitedLinux only. If it is used, # the functions from rc.status should not be sourced or used. #. /lib/lsb/init-functions # Shell functions sourced from /etc/rc.status: # rc_check check and set local and overall rc status # rc_status check and set local and overall rc status # rc_status -v be verbose in local rc status and clear it afterwards # rc_status -v -r ditto and clear both the local and overall rc status # rc_status -s display "skipped" and exit with status 3 # rc_status -u display "unused" and exit with status 3 # rc_failed set local and overall rc status to failed # rc_failed <num> set local and overall rc status to <num> # rc_reset clear both the local and overall rc status # rc_exit exit appropriate to overall rc status # rc_active checks whether a service is activated by symlinks . /etc/rc.status # Reset status of this service rc_reset # Return values acc. to LSB for all commands but status: # 0 - success # 1 - generic or unspecified error # 2 - invalid or excess argument(s) # 3 - unimplemented feature (e.g. "reload") # 4 - user had insufficient privileges # 5 - program is not installed # 6 - program is not configured # 7 - program is not running # 8--199 - reserved (8--99 LSB, 100--149 distrib, 150--199 appl) # # Note that starting an already running service, stopping # or restarting a not-running service as well as the restart # with force-reload (in case signaling is not supported) are # considered a success. case "$1" in start) echo -n "Starting php-fpm" ## Start daemon with startproc(8). If this fails ## the return value is set appropriately by startproc. /sbin/startproc $PHPFPM_BIN $FPM_CONFIG # Remember status and be verbose rc_status -v ;; stop) echo -n "Shutting down php-fpm " ## Stop daemon with killproc(8) and if this fails ## killproc sets the return value according to LSB. /sbin/killproc -QUIT $PHPFPM_BIN # Remember status and be verbose rc_status -v ;; try-restart|condrestart) ## Do a restart only if the service was active before. ## Note: try-restart is now part of LSB (as of 1.9). ## RH has a similar command named condrestart. if test "$1" = "condrestart"; then echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}" fi $0 status if test $? = 0; then $0 restart else rc_reset # Not running is not a failure. fi # Remember status and be quiet rc_status ;; restart) ## Stop the service and regardless of whether it was ## running or not, start it again. $0 stop $0 start # Remember status and be quiet rc_status ;; force-reload) ## Signal the daemon to reload its config. Most daemons ## do this on signal 1 (SIGHUP). ## If it does not support it, restart the service if it ## is running. echo -n "Reload service php-fpm" ## if it supports it: /sbin/killproc -USR2 $PHPFPM_BIN rc_status -v ## Otherwise: #$0 try-restart #rc_status ;; reload) ## Like force-reload, but if daemon does not support ## signaling, do nothing (!) # If it supports signaling: echo -n "Reload service php-fpm " /sbin/killproc -USR2 $PHPFPM_BIN rc_status -v ## Otherwise if it does not support reload: #rc_failed 3 #rc_status -v ;; status) echo -n "Checking for service php-fpm " ## Check status with checkproc(8), if process is running ## checkproc will return with exit status 0. # Return value is slightly different for the status command: # 0 - service up and running # 1 - service dead, but /var/run/ pid file exists # 2 - service dead, but /var/lock/ lock file exists # 3 - service not running (unused) # 4 - service status unknown :-( # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.) # NOTE: checkproc returns LSB compliant status values. /sbin/checkproc $PHPFPM_BIN # NOTE: rc_status knows that we called this init script with # "status" option and adapts its messages accordingly. rc_status -v ;; *) echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload}" exit 1 ;; esac rc_exit ++++++ php5-apache_sapi_install.patch ++++++ # Do not attempt to modify apache configuration on module install ================================================================================ --- sapi/apache2handler/config.m4 | 9 --------- 1 file changed, 9 deletions(-) Index: sapi/apache2handler/config.m4 =================================================================== --- sapi/apache2handler/config.m4.orig 2008-03-11 23:47:39.000000000 +0100 +++ sapi/apache2handler/config.m4 2010-08-03 06:31:18.512616000 +0200 @@ -68,18 +68,9 @@ if test "$PHP_APXS2" != "no"; then fi APXS_LIBEXECDIR='$(INSTALL_ROOT)'`$APXS -q LIBEXECDIR` - if test -z `$APXS -q SYSCONFDIR`; then INSTALL_IT="\$(mkinstalldirs) '$APXS_LIBEXECDIR' && \ $APXS -S LIBEXECDIR='$APXS_LIBEXECDIR' \ -i -n php5" - else - APXS_SYSCONFDIR='$(INSTALL_ROOT)'`$APXS -q SYSCONFDIR` - INSTALL_IT="\$(mkinstalldirs) '$APXS_LIBEXECDIR' && \ - \$(mkinstalldirs) '$APXS_SYSCONFDIR' && \ - $APXS -S LIBEXECDIR='$APXS_LIBEXECDIR' \ - -S SYSCONFDIR='$APXS_SYSCONFDIR' \ - -i -a -n php5" - fi case $host_alias in *aix*) ++++++ php5-missing-extdeps.patch ++++++ --- ext/soap/soap.c.orig +++ ext/soap/soap.c @@ -439,7 +439,7 @@ unsigned char arginfo_soapclient___soapc # define arginfo_soapserver_setobject NULL # define arginfo_soapserver_addfunction NULL # define arginfo_soapserver_getfunctions NULL -# defina arginfo_soapserver_handle NULL +# define arginfo_soapserver_handle NULL # define arginfo_soapserver_fault NULL # define arginfo_soapserver_addsoapheader NULL @@ -516,10 +516,18 @@ static const zend_function_entry soap_he PHP_FE_END }; -zend_module_entry soap_module_entry = { -#ifdef STANDARD_MODULE_HEADER - STANDARD_MODULE_HEADER, +/* {{{ soap dependencies */ +static const zend_module_dep soap_module_deps[] = { + ZEND_MOD_REQUIRED("standard") +#if HAVE_PHP_SESSION && !defined(COMPILE_DL_SESSION) + ZEND_MOD_REQUIRED("session") #endif + {NULL, NULL, NULL} +}; + +zend_module_entry soap_module_entry = { + STANDARD_MODULE_HEADER_EX, NULL, + soap_module_deps, "soap", soap_functions, PHP_MINIT(soap), --- ext/wddx/wddx.c.orig +++ ext/wddx/wddx.c @@ -154,10 +154,21 @@ ZEND_GET_MODULE(wddx) #endif /* COMPILE_DL_WDDX */ /* }}} */ +/* {{{ wddx dependencies */ +static const zend_module_dep wddx_module_deps[] = { + ZEND_MOD_REQUIRED("standard") + ZEND_MOD_REQUIRED("xml") + ZEND_MOD_REQUIRED("date") +#if HAVE_PHP_SESSION && !defined(COMPILE_DL_SESSION) + ZEND_MOD_REQUIRED("session") +#endif + {NULL, NULL, NULL} +}; /* {{{ wddx_module_entry */ zend_module_entry wddx_module_entry = { - STANDARD_MODULE_HEADER, + STANDARD_MODULE_HEADER_EX, NULL, + wddx_module_deps, "wddx", wddx_functions, PHP_MINIT(wddx), --- ext/filter/filter.c.orig +++ ext/filter/filter.c @@ -132,12 +132,17 @@ static const zend_function_entry filter_ }; /* }}} */ +/* {{{ filter dependencies */ +static const zend_module_dep filter_module_deps[] = { + ZEND_MOD_REQUIRED("standard") + ZEND_MOD_REQUIRED("pcre") + {NULL, NULL, NULL} +}; /* {{{ filter_module_entry */ zend_module_entry filter_module_entry = { -#if ZEND_MODULE_API_NO >= 20010901 - STANDARD_MODULE_HEADER, -#endif + STANDARD_MODULE_HEADER_EX, NULL, + filter_module_deps, "filter", filter_functions, PHP_MINIT(filter), --- ext/mbstring/mbstring.c.orig +++ ext/mbstring/mbstring.c @@ -561,9 +561,19 @@ const zend_function_entry mbstring_funct }; /* }}} */ +/* {{{ mbstring dependencies */ +static const zend_module_dep mbstring_module_deps[] = { + ZEND_MOD_REQUIRED("standard") +#if (HAVE_PCRE || HAVE_BUNDLED_PCRE) && !HAVE_ONIG + ZEND_MOD_REQUIRED("pcre") +#endif + {NULL, NULL, NULL} +}; + /* {{{ zend_module_entry mbstring_module_entry */ zend_module_entry mbstring_module_entry = { - STANDARD_MODULE_HEADER, + STANDARD_MODULE_HEADER_EX, NULL, + mbstring_module_deps, "mbstring", mbstring_functions, PHP_MINIT(mbstring), ++++++ php5-openssl.patch ++++++ --- ext/openssl/openssl.c.orig +++ ext/openssl/openssl.c @@ -47,6 +47,7 @@ #include <openssl/rand.h> #include <openssl/ssl.h> #include <openssl/pkcs12.h> +#include <openssl/engine.h> /* Common */ #include <time.h> @@ -979,10 +980,16 @@ PHP_MINIT_FUNCTION(openssl) le_x509 = zend_register_list_destructors_ex(php_x509_free, NULL, "OpenSSL X.509", module_number); le_csr = zend_register_list_destructors_ex(php_csr_free, NULL, "OpenSSL X.509 CSR", module_number); + OPENSSL_config(NULL); SSL_library_init(); OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); OpenSSL_add_all_algorithms(); +/* Load all bundled ENGINEs into memory and make them visible */ + ENGINE_load_builtin_engines(); + /* Register all of them for every algorithm they collectively implement */ + ENGINE_register_all_complete(); + ERR_load_ERR_strings(); ERR_load_crypto_strings(); --- ext/openssl/xp_ssl.c.orig +++ ext/openssl/xp_ssl.c @@ -376,7 +376,9 @@ static inline int php_openssl_setup_cryp php_error_docref(NULL TSRMLS_CC, E_WARNING, "failed to create an SSL context"); return -1; } - +#ifdef SSL_MODE_RELEASE_BUFFERS + SSL_CTX_set_mode(sslsock->ctx, SSL_MODE_RELEASE_BUFFERS); +#endif SSL_CTX_set_options(sslsock->ctx, SSL_OP_ALL); #if OPENSSL_VERSION_NUMBER >= 0x0090806fL ++++++ php5-php-config.patch ++++++ --- scripts/php-config.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: scripts/php-config.in =================================================================== --- scripts/php-config.in.orig 2007-08-24 13:44:10.000000000 +0200 +++ scripts/php-config.in 2010-08-03 06:31:18.786529000 +0200 @@ -5,7 +5,7 @@ prefix="@prefix@" exec_prefix="@exec_prefix@" version="@PHP_VERSION@" vernum="@PHP_VERSION_ID@" -include_dir="@includedir@/php" +include_dir="@includedir@/php5" includes="-I$include_dir -I$include_dir/main -I$include_dir/TSRM -I$include_dir/Zend -I$include_dir/ext -I$include_dir/ext/date/lib" ldflags="@PHP_LDFLAGS@" libs="@EXTRA_LIBS@" ++++++ php5-phpize.patch ++++++ --- scripts/Makefile.frag | 4 ++-- scripts/phpize.in | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) Index: scripts/Makefile.frag =================================================================== --- scripts/Makefile.frag.orig 2010-07-13 19:24:13.000000000 +0200 +++ scripts/Makefile.frag 2010-08-03 06:31:18.109614000 +0200 @@ -3,8 +3,8 @@ # Build environment install # -phpincludedir = $(includedir)/php -phpbuilddir = $(libdir)/build +phpincludedir = $(includedir)/php5 +phpbuilddir = $(datadir)/build BUILD_FILES = \ scripts/phpize.m4 \ Index: scripts/phpize.in =================================================================== --- scripts/phpize.in.orig 2009-06-24 09:42:33.000000000 +0200 +++ scripts/phpize.in 2010-08-03 06:31:18.115618000 +0200 @@ -3,8 +3,8 @@ # Variable declaration prefix='@prefix@' exec_prefix="`eval echo @exec_prefix@`" -phpdir="`eval echo @libdir@`/build" -includedir="`eval echo @includedir@`/php" +phpdir="`eval echo @datadir@`/build" +includedir="`eval echo @includedir@`/php5" builddir="`pwd`" SED="@SED@" ++++++ suhosin-patch-5.3.3-0.9.10.patch.gz ++++++ ++++ 5803 lines (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit php5 for openSUSE:12.3:Update
by root＠hilbert.suse.de 27 Dec '13

27 Dec '13

Hello community, here is the log from the commit of package php5 for openSUSE:12.3:Update checked in at 2013-12-27 09:20:13 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.3:Update/php5 (Old) and /work/SRC/openSUSE:12.3:Update/.php5.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "php5" Changes: -------- New Changes file: NO CHANGES FILE!!! ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _link ++++++ --- /var/tmp/diff_new_pack.5ijGY1/_old 2013-12-27 09:20:14.000000000 +0100 +++ /var/tmp/diff_new_pack.5ijGY1/_new 2013-12-27 09:20:14.000000000 +0100 @@ -1 +1 @@ -<link package='php5.1867' cicount='copy' /> +<link package='php5.2404' cicount='copy' /> -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit php5.2404 for openSUSE:12.2:Update
by root＠hilbert.suse.de 27 Dec '13

27 Dec '13

Hello community, here is the log from the commit of package php5.2404 for openSUSE:12.2:Update checked in at 2013-12-27 09:20:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.2:Update/php5.2404 (Old) and /work/SRC/openSUSE:12.2:Update/.php5.2404.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "php5.2404" Changes: -------- New Changes file: --- /dev/null 2013-11-25 01:44:08.036031256 +0100 +++ /work/SRC/openSUSE:12.2:Update/.php5.2404.new/php5.changes 2013-12-27 09:20:11.000000000 +0100 @@ -0,0 +1,2667 @@ +------------------------------------------------------------------- +Fri Dec 13 10:40:00 UTC 2013 - pgajdos(a)suse.com + +- security update + * CVE-2013-6420.patch [bnc#854880] + * CVE-2013-6712.patch [bnc#853045] + * CVE-2013-4248.patch [bnc#837746] + +------------------------------------------------------------------- +Thu Jul 4 09:48:16 UTC 2013 - pgajdos(a)suse.com + +- security update: + * CVE-2013-4635.patch [bnc#828020] + * CVE-2013-1635.patch [bnc#807707] + * CVE-2013-1643.patch [bnc#807707] + * CVE-2013-4113.patch [bnc#829207] + +------------------------------------------------------------------- +Tue Aug 28 08:28:57 UTC 2012 - pgajdos(a)suse.com + +- use FilesMatch with 'SetHandler' rather than 'AddHandler' + [bnc#775852] + +------------------------------------------------------------------- +Tue Jul 31 14:38:00 UTC 2012 - pgajdos(a)suse.com + +- fix CVE-2012-3365 [bnc#772582] (only sqlite extension) + +------------------------------------------------------------------- +Wed Jul 25 12:48:08 UTC 2012 - pgajdos(a)suse.com + +- updated to 5.3.15: + * fixes over 30 bugs and includes a fix for a security related + overflow issue in the stream implementation (CVE-2012-2688) + [bnc#772582] and open_basedir bypass, CVE-2012-3365 [bnc#772580] + +------------------------------------------------------------------- +Mon Jun 18 17:08:57 UTC 2012 - pgajdos(a)suse.com + +- updated to 5.3.14: + * bug-fix release, see NEWS for details + +------------------------------------------------------------------- +Fri May 25 15:10:26 UTC 2012 - pgajdos(a)suse.com + +- updated to 5.3.13: various security fixes, + CVE-2012-1823, CVE-2012-2311, CVE-2012-2335, CVE-2012-2336 + * removed php-5.3.10-pcre_fullinfo.patch + * refreshed php-5.3.2-aconf26x.patch + +------------------------------------------------------------------- +Thu Mar 8 19:40:22 UTC 2012 - coolo(a)suse.com + +- fix license to spdx.org format + +------------------------------------------------------------------- +Tue Feb 28 09:08:30 UTC 2012 - pgajdos(a)suse.com + +- fixed build with new pcre (php bug 60986) + +------------------------------------------------------------------- +Sat Feb 4 16:35:07 UTC 2012 - crrodriguez(a)opensuse.org + +- Build with -fpie + +------------------------------------------------------------------- +Thu Feb 2 21:31:00 UTC 2012 - crrodriguez(a)opensuse.org + +- PHP 5.3.10, fixes CVE-2012-0830. + +------------------------------------------------------------------- +Sat Jan 28 18:52:35 UTC 2012 - crrodriguez(a)opensuse.org + +- remove unapplied patches + +------------------------------------------------------------------- +Wed Jan 18 15:17:02 UTC 2012 - pgajdos(a)suse.com + +- buildrequire libjpeg-devel + +------------------------------------------------------------------- +Tue Jan 17 08:35:44 UTC 2012 - pgajdos(a)suse.com + +- remove apache module conflict with apache2-worker [bnc#728671] +- amended README.SUSE instead + +------------------------------------------------------------------- +Wed Jan 11 01:46:14 UTC 2012 - crrodriguez(a)opensuse.org + +- Update to version 5.3.9 + * Drop already applied patches + * This update only contain minor bug fixes, it is a stop over + php 5.4.0 that should be out very soon. + +------------------------------------------------------------------- +Mon Jan 2 16:52:43 UTC 2012 - pgajdos(a)suse.com + +- security update: + * CVE-2011-4885 [bnc#738221] -- added max_input_vars directive + to prevent attacks based on hash collisions + +------------------------------------------------------------------- +Wed Dec 21 10:40:03 UTC 2011 - coolo(a)suse.com + +- add autoconf as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Tue Dec 20 12:06:57 UTC 2011 - pgajdos(a)suse.com + +- apache module conflicts with apache2-worker [bnc#728671] + +------------------------------------------------------------------- +Fri Dec 16 13:31:56 UTC 2011 - pgajdos(a)suse.com + +- security update: + * CVE-2011-4566 [bnc#733590] + * CVE-2011-1466 [bnc#736169] + +------------------------------------------------------------------- +Tue Dec 6 12:24:39 UTC 2011 - coolo(a)suse.com + +- fix license - there is no 3.1 version of php license + +------------------------------------------------------------------- +Tue Nov 29 15:32:57 UTC 2011 - pgajdos(a)suse.com + +- build php against system's libcrypt, which drops + extended DES support + * crypt-tests.patch + * no-reentrant-crypt.patch + +------------------------------------------------------------------- +Mon Nov 7 13:36:25 UTC 2011 - pgajdos(a)suse.com + +- security update: + CVE-2011-3379 [bnc#728350] + +------------------------------------------------------------------- +Sun Sep 18 22:08:00 UTC 2011 - crrodriguez(a)opensuse.org + +- Fix wrong PAGE_SIZE assumption, must use sysconf() instead +- Fix integer overflow when attempting to use more than 2 Gb + of memory. + +------------------------------------------------------------------- +Mon Sep 5 01:20:22 UTC 2011 - crrodriguez(a)opensuse.org + +- call openssl_config too in order to load user-provided + engine configuration. + +------------------------------------------------------------------- +Sat Sep 3 05:18:44 UTC 2011 - crrodriguez(a)opensuse.org + +- Cleanup patches for upcoming release. + +------------------------------------------------------------------- +Sun Aug 28 20:59:36 UTC 2011 - andrea.turrini(a)gmail.com + +- Fixed typos in php5.spec + +------------------------------------------------------------------- +Tue Aug 23 03:35:25 UTC 2011 - crrodriguez(a)opensuse.org + +- Fix very publicized critical bug in crypt() implementation + +------------------------------------------------------------------- +Fri Aug 12 02:27:08 UTC 2011 - crrodriguez(a)opensuse.org + +- Add mssql support with freetds +- Update PHP snapshot. + +------------------------------------------------------------------- +Tue Aug 9 22:11:30 UTC 2011 - crrodriguez(a)opensuse.org + +- Update snapshot, more static analyzer fixes. + +------------------------------------------------------------------- +Sun Aug 7 20:32:28 UTC 2011 - crrodriguez(a)opensuse.org + +- Update snapshot, fix converity warnings + +------------------------------------------------------------------- +Fri Aug 5 03:00:45 UTC 2011 - crrodriguez(a)opensuse.org + +- Update snapshot, several check if malloc() succeeded. + +------------------------------------------------------------------- +Wed Aug 3 17:51:56 UTC 2011 - crrodriguez(a)opensuse.org + +- Fix build in Factory +- Fix Segfault with allow_call_time_pass_reference = Off +- Using class constants in array definition fails + +------------------------------------------------------------------- +Mon Aug 1 16:38:57 UTC 2011 - crrodriguez(a)opensuse.org + +- Add sqlite3 session storage, this is no more than ++++ 2470 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.2:Update/.php5.2404.new/php5.changes New: ---- README.SUSE-pear README.macros install-pear-nozlib.phar macros.php php-5.2.9-BNC-457056.patch php-5.3.0-bnc513080.patch php-5.3.1-systzdata-v7.patch php-5.3.15-CVE-2012-3365.patch php-5.3.15-CVE-2013-1635.patch php-5.3.15-CVE-2013-1643.patch php-5.3.15-CVE-2013-4113.patch php-5.3.15-CVE-2013-4248.patch php-5.3.15-CVE-2013-4635.patch php-5.3.15-CVE-2013-6420.patch php-5.3.15-CVE-2013-6712.patch php-5.3.15.tar.bz2 php-5.3.2-aconf26x.patch php-5.3.2-ini.patch php-5.3.2-no-build-date.patch php-5.3.4-format-string-issues.patch php-5.3.4-pts.patch php-5.3.6-gcc_builtins.patch php-5.3.6-ini-date.timezone.patch php-5.3.8-crypt-tests.patch php-5.3.8-no-reentrant-crypt.patch php-cloexec.patch php-fpm.init php-suse-addons.tar.bz2 php5-apache_sapi_install.patch php5-missing-extdeps.patch php5-openssl.patch php5-php-config.patch php5-phpize.patch php5.changes php5.spec suhosin-0.9.33.tgz suhosin-patch-5.3.3-0.9.10.patch.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ php5.spec ++++++ ++++ 1985 lines (skipped) ++++++ README.SUSE-pear ++++++ Package php5-pear does not include Pear DB support ================================================== Php5-pear package comes without Pear DB database support, which was obsoleted by MDB2. If you need Pear DB, please install it with: #pear install --onlyreqdeps DB This is the case of Squirrelmail which requires Pear DB support. More information can be found at bugzilla.novell.com, bug #178982. ++++++ README.macros ++++++ README for php-macros Author: Christian Wittmer <chris(a)computersalat.de> %php_gen_filelist generates an rpmlint happy filelist of your installed files In most cases you only need to check the %doc part sometimes there is a "Changes" or "ChangeLog",.... Requirements for %php_gen_filelist You have to define following parts inside your spec file Example: Name: php5-pear-Date %define pear_name Date %define pear_sname date BuildRequires: php-macros Provides: php-pear-%{pear_name} pear-%{pear_name} # Fix for renaming (package convention) Provides: php5-pear-%{pear_sname} = %{version} Provides: php-pear-%{pear_sname} = %{version} Provides: pear-%{pear_sname} = %{version} Obsoletes: php5-pear-%{pear_sname} < %{version} Obsoletes: php-pear-%{pear_sname} < %{version} Obsoletes: pear-%{pear_sname} < %{version} %install %{__mv} package*.xml %{pear_name}-%{version} cd %{pear_name}-%{version} PHP_PEAR_PHP_BIN="$(which php) -d memory_limit=50m" %{__pear} -v \ -d doc_dir=/doc \ -d bin_dir=%{_bindir} \ -d data_dir=%{peardir}/data \ install --offline --nodeps -R "$RPM_BUILD_ROOT" package.xml %{__install} -D -m 0644 package.xml $RPM_BUILD_ROOT%{php_pearxmldir}/%{pear_name}.xml %{__rm} -rf $RPM_BUILD_ROOT/{doc,tmp} %{__rm} -rf "$RPM_BUILD_ROOT"/%{peardir}/.{filemap,lock,registry,channels,depdb,depdblock} %php_gen_filelist %post # on `rpm -ivh` PARAM is 1 # on `rpm -Uvh` PARAM is 2 if [ "$1" = "1" ]; then %{__pear} install --nodeps --soft --force --register-only %{php_pearxmldir}/%{pear_name}.xml fi if [ "$1" = "2" ]; then %{__pear} upgrade --offline --register-only %{php_pearxmldir}/%{pear_name}.xml fi %postun # on `rpm -e` PARAM is 0 if [ "$1" = "0" ]; then %{__pear} uninstall --nodeps --ignore-errors --register-only pear.php.net/%{pear_name} fi %clean %{__rm} -rf %{buildroot} %files -f %{name}.files %defattr(-,root,root) %doc Changes README %changelog ############################################################################# And here an Example of the generated filelist: /usr/share/php5/PEAR/Date.php %dir /usr/share/php5/PEAR/Date /usr/share/php5/PEAR/Date/Calc.php /usr/share/php5/PEAR/Date/Human.php /usr/share/php5/PEAR/Date/Span.php /usr/share/php5/PEAR/Date/TimeZone.php %dir /usr/share/php5/PEAR/test %dir /usr/share/php5/PEAR/test/Date %dir /usr/share/php5/PEAR/test/Date/tests /usr/share/php5/PEAR/test/Date/tests/test_date_methods_span.php /usr/share/php5/PEAR/test/Date/tests/testunit_date_span.php /usr/share/php5/PEAR/test/Date/tests/test_calc.php /usr/share/php5/PEAR/test/Date/tests/calc.php /usr/share/php5/PEAR/test/Date/tests/testunit_date.php /usr/share/php5/PEAR/test/Date/tests/testunit.php %dir /usr/share/php5/PEAR/test/Date/tests/bugs /usr/share/php5/PEAR/test/Date/tests/bugs/bug-727-1.phpt /usr/share/php5/PEAR/test/Date/tests/bugs/bug-727-2.phpt /usr/share/php5/PEAR/test/Date/tests/bugs/bug-727-3.phpt /usr/share/php5/PEAR/test/Date/tests/bugs/bug-727-4.phpt /usr/share/php5/PEAR/test/Date/tests/bugs/bug-674.phpt /usr/share/php5/PEAR/test/Date/tests/bugs/bug-9213.phpt /usr/share/php5/PEAR/test/Date/tests/bugs/bug-9414.phpt /usr/share/php5/PEAR/test/Date/tests/bugs/bug-8912.phpt /usr/share/php5/PEAR/test/Date/tests/bugs/bug-967.phpt /var/lib/pear/Date.xml ++++++ macros.php ++++++ # macros.php file # macros for module building. handle with care. # # Interface versions exposed by PHP: # %php_core_api @PHP_APIVER@ %php_zend_api @PHP_ZENDVER@ # Useful php macros (from Christian Wittmer <chris(a)computersalat.de>) # %__php /usr/bin/php %__phpize /usr/bin/phpize %__php_config /usr/bin/php-config %php_version %(%{__php_config} --version) # %__pear /usr/bin/pear %php_peardir %(%{__pear} config-get php_dir) %php_pearxmldir /var/lib/pear # macro: php_pear_gen_filelist # do the rpmlint happy filelist generation # with %dir in front of directories %php_pear_gen_filelist(n)\ FILES=%{name}.files\ # fgen_dir func\ # IN: dir\ fgen_dir(){\ %{__cat} >> $FILES << EOF\ %dir ${1}\ EOF\ }\ # fgen_file func\ # IN: file\ fgen_file(){\ %{__cat} >> $FILES << EOF\ ${1}\ EOF\ }\ # check for files in %{php_peardir}\ RES=`find ${RPM_BUILD_ROOT}%{php_peardir} -maxdepth 1 -type f`\ if [ -n "$RES" ]; then\ for file in $RES; do\ fgen_file "%{php_peardir}/$(basename ${file})"\ done\ fi\ \ # get all dirs into array\ base_dir="${RPM_BUILD_ROOT}%{php_peardir}/"\ for dir in `find ${base_dir} -type d | sort`; do\ if [ "$dir" = "${base_dir}" ]; then\ continue\ else\ el=`echo $dir | %{__awk} -F"${base_dir}" '{print $2}'`\ all_dir=(${all_dir[@]} $el)\ fi\ done\ \ # build filelist\ for i in ${all_dir[@]}; do\ if [ -d ${base_dir}/${i} ]; then\ RES=`find "${base_dir}/${i}" -maxdepth 1 -type f`\ if [ -n "$RES" ]; then\ fgen_dir "%{php_peardir}/${i}"\ for file in $RES; do\ fgen_file "%{php_peardir}/${i}/$(basename ${file})"\ done\ else\ fgen_dir "%{php_peardir}/${i}"\ fi\ fi\ done\ # add xml file\ fgen_file "%php_pearxmldir/%{pear_name}.xml"\ # ++++++ php-5.2.9-BNC-457056.patch ++++++ Index: ext/xml/compat.c =================================================================== --- ext/xml/compat.c.orig 2009-01-12 15:30:21.000000000 +0100 +++ ext/xml/compat.c 2009-03-14 18:32:40.000000000 +0100 @@ -482,9 +482,7 @@ XML_ParserCreate_MM(const XML_Char *enco parser->parser->charset = XML_CHAR_ENCODING_NONE; #endif -#if LIBXML_VERSION >= 20703 xmlCtxtUseOptions(parser->parser, XML_PARSE_OLDSAX); -#endif parser->parser->replaceEntities = 1; parser->parser->wellFormed = 0; ++++++ php-5.3.0-bnc513080.patch ++++++ Index: ext/exif/exif.c =================================================================== --- ext/exif/exif.c.orig 2010-01-03 10:23:27.000000000 +0100 +++ ext/exif/exif.c 2010-08-03 06:31:20.024482000 +0200 @@ -66,7 +66,7 @@ #include "ext/standard/php_image.h" #include "ext/standard/info.h" -#if defined(PHP_WIN32) || (HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING)) +#if defined(PHP_WIN32) || (HAVE_MBSTRING) #define EXIF_USE_MBSTRING 1 #else #define EXIF_USE_MBSTRING 0 ++++++ php-5.3.1-systzdata-v7.patch ++++++ ++++ 619 lines (skipped) ++++++ php-5.3.15-CVE-2012-3365.patch ++++++ http://git.php.net/?p=php-src.git;a=commit;h=055ecbc62878e86287d742c7246c21… Index: ext/sqlite/pdo_sqlite2.c =================================================================== --- ext/sqlite/pdo_sqlite2.c.orig +++ ext/sqlite/pdo_sqlite2.c @@ -515,7 +515,7 @@ static struct pdo_dbh_methods sqlite2_me static char *make_filename_safe(const char *filename TSRMLS_DC) { - if (*filename && strncmp(filename, ":memory:", sizeof(":memory:")-1)) { + if (*filename && memcmp(filename, ":memory:", sizeof(":memory:"))) { char *fullpath = expand_filepath(filename, NULL TSRMLS_CC); if (!fullpath) { Index: ext/sqlite/sqlite.c =================================================================== --- ext/sqlite/sqlite.c.orig +++ ext/sqlite/sqlite.c @@ -1064,7 +1064,7 @@ static int php_sqlite_authorizer(void *a { switch (access_type) { case SQLITE_COPY: - if (strncmp(arg4, ":memory:", sizeof(":memory:") - 1)) { + if (memcmp(arg4, ":memory:", sizeof(":memory:"))) { TSRMLS_FETCH(); if (PG(safe_mode) && (!php_checkuid(arg4, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { return SQLITE_DENY; @@ -1077,7 +1077,7 @@ static int php_sqlite_authorizer(void *a return SQLITE_OK; #ifdef SQLITE_ATTACH case SQLITE_ATTACH: - if (strncmp(arg3, ":memory:", sizeof(":memory:") - 1)) { + if (memcmp(arg3, ":memory:", sizeof(":memory:"))) { TSRMLS_FETCH(); if (PG(safe_mode) && (!php_checkuid(arg3, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { return SQLITE_DENY; @@ -1563,7 +1563,7 @@ PHP_FUNCTION(sqlite_popen) if (strlen(filename) != filename_len) { RETURN_FALSE; } - if (strncmp(filename, ":memory:", sizeof(":memory:") - 1)) { + if (memcmp(filename, ":memory:", sizeof(":memory:"))) { /* resolve the fully-qualified path name to use as the hash key */ if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) { RETURN_FALSE; @@ -1645,7 +1645,7 @@ PHP_FUNCTION(sqlite_open) RETURN_FALSE; } - if (strncmp(filename, ":memory:", sizeof(":memory:") - 1)) { + if (memcmp(filename, ":memory:", sizeof(":memory:"))) { /* resolve the fully-qualified path name to use as the hash key */ if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) { zend_restore_error_handling(&error_handling TSRMLS_CC); @@ -1703,7 +1703,7 @@ PHP_FUNCTION(sqlite_factory) RETURN_FALSE; } - if (strncmp(filename, ":memory:", sizeof(":memory:") - 1)) { + if (memcmp(filename, ":memory:", sizeof(":memory:"))) { /* resolve the fully-qualified path name to use as the hash key */ if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) { zend_restore_error_handling(&error_handling TSRMLS_CC); ++++++ php-5.3.15-CVE-2013-1635.patch ++++++ X-Git-Url: http://git.php.net/?p=php-src.git;a=blobdiff_plain;f=ext%2Fsoap%2Fsoap.c;h=… Index: ext/soap/soap.c =================================================================== --- ext/soap/soap.c +++ ext/soap/soap.c @@ -594,10 +594,40 @@ ZEND_INI_MH(OnUpdateCacheMode) return SUCCESS; } +static PHP_INI_MH(OnUpdateCacheDir) +{ + /* Only do the open_basedir check at runtime */ + if (stage == PHP_INI_STAGE_RUNTIME || stage == PHP_INI_STAGE_HTACCESS) { + char *p; + + if (memchr(new_value, '\0', new_value_length) != NULL) { + return FAILURE; + } + + /* we do not use zend_memrchr() since path can contain ; itself */ + if ((p = strchr(new_value, ';'))) { + char *p2; + p++; + if ((p2 = strchr(p, ';'))) { + p = p2 + 1; + } + } else { + p = new_value; + } + + if (PG(open_basedir) && *p && php_check_open_basedir(p TSRMLS_CC)) { + return FAILURE; + } + } + + OnUpdateString(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC); + return SUCCESS; +} + PHP_INI_BEGIN() STD_PHP_INI_ENTRY("soap.wsdl_cache_enabled", "1", PHP_INI_ALL, OnUpdateCacheEnabled, cache_enabled, zend_soap_globals, soap_globals) -STD_PHP_INI_ENTRY("soap.wsdl_cache_dir", "/tmp", PHP_INI_ALL, OnUpdateString, +STD_PHP_INI_ENTRY("soap.wsdl_cache_dir", "/tmp", PHP_INI_ALL, OnUpdateCacheDir, cache_dir, zend_soap_globals, soap_globals) STD_PHP_INI_ENTRY("soap.wsdl_cache_ttl", "86400", PHP_INI_ALL, OnUpdateLong, cache_ttl, zend_soap_globals, soap_globals) ++++++ php-5.3.15-CVE-2013-1643.patch ++++++ Index: ext/libxml/libxml.c =================================================================== --- ext/libxml/libxml.c +++ ext/libxml/libxml.c @@ -261,6 +261,7 @@ static PHP_GINIT_FUNCTION(libxml) libxml_globals->stream_context = NULL; libxml_globals->error_buffer.c = NULL; libxml_globals->error_list = NULL; + libxml_globals->entity_loader_disabled = 0; } /* Channel libxml file io layer through the PHP streams subsystem. @@ -348,16 +349,15 @@ static int php_libxml_streams_IO_close(v } static xmlParserInputBufferPtr -php_libxml_input_buffer_noload(const char *URI, xmlCharEncoding enc) -{ - return NULL; -} - -static xmlParserInputBufferPtr php_libxml_input_buffer_create_filename(const char *URI, xmlCharEncoding enc) { xmlParserInputBufferPtr ret; void *context = NULL; + TSRMLS_FETCH(); + + if (LIBXML(entity_loader_disabled)) { + return NULL; + } if (URI == NULL) return(NULL); @@ -834,28 +834,25 @@ static PHP_FUNCTION(libxml_clear_errors) } /* }}} */ +PHP_LIBXML_API zend_bool php_libxml_disable_entity_loader(zend_bool disable TSRMLS_DC) +{ + zend_bool old = LIBXML(entity_loader_disabled); + + LIBXML(entity_loader_disabled) = disable; + return old; +} + /* {{{ proto bool libxml_disable_entity_loader([boolean disable]) Disable/Enable ability to load external entities */ static PHP_FUNCTION(libxml_disable_entity_loader) { zend_bool disable = 1; - xmlParserInputBufferCreateFilenameFunc old; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|b", &disable) == FAILURE) { return; } - if (disable == 0) { - old = xmlParserInputBufferCreateFilenameDefault(php_libxml_input_buffer_create_filename); - } else { - old = xmlParserInputBufferCreateFilenameDefault(php_libxml_input_buffer_noload); - } - - if (old == php_libxml_input_buffer_noload) { - RETURN_TRUE; - } - - RETURN_FALSE; + RETURN_BOOL(php_libxml_disable_entity_loader(disable TSRMLS_CC)); } /* }}} */ Index: ext/libxml/php_libxml.h =================================================================== --- ext/libxml/php_libxml.h +++ ext/libxml/php_libxml.h @@ -43,6 +43,7 @@ ZEND_BEGIN_MODULE_GLOBALS(libxml) zval *stream_context; smart_str error_buffer; zend_llist *error_list; + zend_bool entity_loader_disabled; ZEND_END_MODULE_GLOBALS(libxml) typedef struct _libxml_doc_props { @@ -93,6 +94,7 @@ PHP_LIBXML_API void php_libxml_ctx_error PHP_LIBXML_API int php_libxml_xmlCheckUTF8(const unsigned char *s); PHP_LIBXML_API zval *php_libxml_switch_context(zval *context TSRMLS_DC); PHP_LIBXML_API void php_libxml_issue_error(int level, const char *msg TSRMLS_DC); +PHP_LIBXML_API zend_bool php_libxml_disable_entity_loader(zend_bool disable TSRMLS_DC); /* Init/shutdown functions*/ PHP_LIBXML_API void php_libxml_initialize(void); Index: ext/soap/php_xml.c =================================================================== --- ext/soap/php_xml.c +++ ext/soap/php_xml.c @@ -20,6 +20,7 @@ /* $Id$ */ #include "php_soap.h" +#include "ext/libxml/php_libxml.h" #include "libxml/parser.h" #include "libxml/parserInternals.h" @@ -91,13 +92,17 @@ xmlDocPtr soap_xmlParseFile(const char * ctxt = xmlCreateFileParserCtxt(filename); PG(allow_url_fopen) = old_allow_url_fopen; if (ctxt) { + zend_bool old; + ctxt->keepBlanks = 0; ctxt->sax->ignorableWhitespace = soap_ignorableWhitespace; ctxt->sax->comment = soap_Comment; ctxt->sax->warning = NULL; ctxt->sax->error = NULL; /*ctxt->sax->fatalError = NULL;*/ + old = php_libxml_disable_entity_loader(1 TSRMLS_CC); xmlParseDocument(ctxt); + php_libxml_disable_entity_loader(old TSRMLS_CC); if (ctxt->wellFormed) { ret = ctxt->myDoc; if (ret->URL == NULL && ctxt->directory != NULL) { @@ -128,11 +133,15 @@ xmlDocPtr soap_xmlParseMemory(const void xmlParserCtxtPtr ctxt = NULL; xmlDocPtr ret; + TSRMLS_FETCH(); + /* xmlInitParser(); */ ctxt = xmlCreateMemoryParserCtxt(buf, buf_size); if (ctxt) { + zend_bool old; + ctxt->sax->ignorableWhitespace = soap_ignorableWhitespace; ctxt->sax->comment = soap_Comment; ctxt->sax->warning = NULL; @@ -141,7 +150,9 @@ xmlDocPtr soap_xmlParseMemory(const void #if LIBXML_VERSION >= 20703 ctxt->options |= XML_PARSE_HUGE; #endif + old = php_libxml_disable_entity_loader(1 TSRMLS_CC); xmlParseDocument(ctxt); + php_libxml_disable_entity_loader(old TSRMLS_CC); if (ctxt->wellFormed) { ret = ctxt->myDoc; if (ret->URL == NULL && ctxt->directory != NULL) { ++++++ php-5.3.15-CVE-2013-4113.patch ++++++ http://git.php.net/?p=php-src.git;a=commit;h=7d163e8a0880ae8af2dd869071393e… --- ext/xml/xml.c +++ ext/xml/xml.c @@ -427,7 +427,7 @@ static void xml_parser_dtor(zend_rsrc_list_entry *rsrc TSRMLS_DC) } if (parser->ltags) { int inx; - for (inx = 0; inx < parser->level; inx++) + for (inx = 0; ((inx < parser->level) && (inx < XML_MAXLEVEL)); inx++) efree(parser->ltags[ inx ]); efree(parser->ltags); } @@ -905,45 +905,50 @@ void _xml_startElementHandler(void *userData, const XML_Char *name, const XML_Ch } if (parser->data) { - zval *tag, *atr; - int atcnt = 0; + if (parser->level <= XML_MAXLEVEL) { + zval *tag, *atr; + int atcnt = 0; - MAKE_STD_ZVAL(tag); - MAKE_STD_ZVAL(atr); + MAKE_STD_ZVAL(tag); + MAKE_STD_ZVAL(atr); - array_init(tag); - array_init(atr); + array_init(tag); + array_init(atr); - _xml_add_to_info(parser,((char *) tag_name) + parser->toffset); + _xml_add_to_info(parser,((char *) tag_name) + parser->toffset); - add_assoc_string(tag,"tag",((char *) tag_name) + parser->toffset,1); /* cast to avoid gcc-warning */ - add_assoc_string(tag,"type","open",1); - add_assoc_long(tag,"level",parser->level); + add_assoc_string(tag,"tag",((char *) tag_name) + parser->toffset,1); /* cast to avoid gcc-warning */ + add_assoc_string(tag,"type","open",1); + add_assoc_long(tag,"level",parser->level); - parser->ltags[parser->level-1] = estrdup(tag_name); - parser->lastwasopen = 1; + parser->ltags[parser->level-1] = estrdup(tag_name); + parser->lastwasopen = 1; - attributes = (const XML_Char **) attrs; + attributes = (const XML_Char **) attrs; - while (attributes && *attributes) { - att = _xml_decode_tag(parser, attributes[0]); - val = xml_utf8_decode(attributes[1], strlen(attributes[1]), &val_len, parser->target_encoding); - - add_assoc_stringl(atr,att,val,val_len,0); + while (attributes && *attributes) { + att = _xml_decode_tag(parser, attributes[0]); + val = xml_utf8_decode(attributes[1], strlen(attributes[1]), &val_len, parser->target_encoding); - atcnt++; - attributes += 2; + add_assoc_stringl(atr,att,val,val_len,0); - efree(att); - } + atcnt++; + attributes += 2; - if (atcnt) { - zend_hash_add(Z_ARRVAL_P(tag),"attributes",sizeof("attributes"),&atr,sizeof(zval*),NULL); - } else { - zval_ptr_dtor(&atr); - } + efree(att); + } + + if (atcnt) { + zend_hash_add(Z_ARRVAL_P(tag),"attributes",sizeof("attributes"),&atr,sizeof(zval*),NULL); + } else { + zval_ptr_dtor(&atr); + } - zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),(void *) &parser->ctag); + zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),(void *) &parser->ctag); + } else if (parser->level == (XML_MAXLEVEL + 1)) { + TSRMLS_FETCH(); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Maximum depth exceeded - Results truncated"); + } } efree(tag_name); @@ -995,7 +1000,7 @@ void _xml_endElementHandler(void *userData, const XML_Char *name) efree(tag_name); - if (parser->ltags) { + if ((parser->ltags) && (parser->level <= XML_MAXLEVEL)) { efree(parser->ltags[parser->level-1]); } @@ -1079,18 +1084,23 @@ void _xml_characterDataHandler(void *userData, const XML_Char *s, int len) } } - MAKE_STD_ZVAL(tag); - - array_init(tag); - - _xml_add_to_info(parser,parser->ltags[parser->level-1] + parser->toffset); + if (parser->level <= XML_MAXLEVEL) { + MAKE_STD_ZVAL(tag); - add_assoc_string(tag,"tag",parser->ltags[parser->level-1] + parser->toffset,1); - add_assoc_string(tag,"value",decoded_value,0); - add_assoc_string(tag,"type","cdata",1); - add_assoc_long(tag,"level",parser->level); + array_init(tag); - zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),NULL); + _xml_add_to_info(parser,parser->ltags[parser->level-1] + parser->toffset); + + add_assoc_string(tag,"tag",parser->ltags[parser->level-1] + parser->toffset,1); + add_assoc_string(tag,"value",decoded_value,0); + add_assoc_string(tag,"type","cdata",1); + add_assoc_long(tag,"level",parser->level); + + zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),NULL); + } else if (parser->level == (XML_MAXLEVEL + 1)) { + TSRMLS_FETCH(); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Maximum depth exceeded - Results truncated"); + } } } else { efree(decoded_value); ++++++ php-5.3.15-CVE-2013-4248.patch ++++++ http://git.php.net/?p=php-src.git;a=commitdiff;h=dcea4ec698dcae39b7bba6f6aa… http://git.php.net/?p=php-src.git;a=commitdiff;h=c1c49d6e3983c9ce0b43ffe7bf… Index: ext/openssl/openssl.c =================================================================== --- ext/openssl/openssl.c.orig 2013-12-13 10:20:13.246036355 +0100 +++ ext/openssl/openssl.c 2013-12-13 10:20:57.912572160 +0100 @@ -1343,6 +1343,74 @@ } /* }}} */ +/* Special handling of subjectAltName, see CVE-2013-4073 + * Christian Heimes + */ + +static int openssl_x509v3_subjectAltName(BIO *bio, X509_EXTENSION *extension) +{ + GENERAL_NAMES *names; + const X509V3_EXT_METHOD *method = NULL; + long i, length, num; + const unsigned char *p; + + method = X509V3_EXT_get(extension); + if (method == NULL) { + return -1; + } + + p = extension->value->data; + length = extension->value->length; + if (method->it) { + names = (GENERAL_NAMES*)(ASN1_item_d2i(NULL, &p, length, + ASN1_ITEM_ptr(method->it))); + } else { + names = (GENERAL_NAMES*)(method->d2i(NULL, &p, length)); + } + if (names == NULL) { + return -1; + } + + num = sk_GENERAL_NAME_num(names); + for (i = 0; i < num; i++) { + GENERAL_NAME *name; + ASN1_STRING *as; + name = sk_GENERAL_NAME_value(names, i); + switch (name->type) { + case GEN_EMAIL: + BIO_puts(bio, "email:"); + as = name->d.rfc822Name; + BIO_write(bio, ASN1_STRING_data(as), + ASN1_STRING_length(as)); + break; + case GEN_DNS: + BIO_puts(bio, "DNS:"); + as = name->d.dNSName; + BIO_write(bio, ASN1_STRING_data(as), + ASN1_STRING_length(as)); + break; + case GEN_URI: + BIO_puts(bio, "URI:"); + as = name->d.uniformResourceIdentifier; + BIO_write(bio, ASN1_STRING_data(as), + ASN1_STRING_length(as)); + break; + default: + /* use builtin print for GEN_OTHERNAME, GEN_X400, + * GEN_EDIPARTY, GEN_DIRNAME, GEN_IPADD and GEN_RID + */ + GENERAL_NAME_print(bio, name); + } + /* trailing ', ' except for last element */ + if (i < (num - 1)) { + BIO_puts(bio, ", "); + } + } + sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free); + + return 0; +} + /* {{{ proto array openssl_x509_parse(mixed x509 [, bool shortnames=true]) Returns an array of the fields/values of the CERT */ PHP_FUNCTION(openssl_x509_parse) @@ -1439,15 +1507,30 @@ for (i = 0; i < X509_get_ext_count(cert); i++) { + int nid; extension = X509_get_ext(cert, i); - if (OBJ_obj2nid(X509_EXTENSION_get_object(extension)) != NID_undef) { + nid = OBJ_obj2nid(X509_EXTENSION_get_object(extension)); + if (nid != NID_undef) { extname = (char *)OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension))); } else { OBJ_obj2txt(buf, sizeof(buf)-1, X509_EXTENSION_get_object(extension), 1); extname = buf; } bio_out = BIO_new(BIO_s_mem()); - if (X509V3_EXT_print(bio_out, extension, 0, 0)) { + if (nid == NID_subject_alt_name) { + if (openssl_x509v3_subjectAltName(bio_out, extension) == 0) { + BIO_get_mem_ptr(bio_out, &bio_buf); + add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1); + } else { + zval_dtor(return_value); + if (certresource == -1 && cert) { + X509_free(cert); + } + BIO_free(bio_out); + RETURN_FALSE; + } + } + else if (X509V3_EXT_print(bio_out, extension, 0, 0)) { BIO_get_mem_ptr(bio_out, &bio_buf); add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1); } else { ++++++ php-5.3.15-CVE-2013-4635.patch ++++++ http://git.php.net/?p=php-src.git;a=commit;h=4828f7343b3f31d914f4d4a5545865… http://git.php.net/?p=php-src.git;a=commit;h=fc2a9d6e47ae23adb28122539b56df… diff --git a/ext/calendar/jewish.c b/ext/calendar/jewish.c index f4dc7c3..1e7a06c 100644 --- ext/calendar/jewish.c +++ ext/calendar/jewish.c @@ -272,6 +272,7 @@ #define HALAKIM_PER_METONIC_CYCLE (HALAKIM_PER_LUNAR_CYCLE * (12 * 19 + 7)) #define JEWISH_SDN_OFFSET 347997 +#define JEWISH_SDN_MAX 324542846L /* 12/13/887605, greater value raises interger overflow */ #define NEW_MOON_OF_CREATION 31524 #define SUNDAY 0 @@ -519,7 +520,7 @@ void SdnToJewish( int tishri1After; int yearLength; - if (sdn <= JEWISH_SDN_OFFSET) { + if (sdn <= JEWISH_SDN_OFFSET || sdn > JEWISH_SDN_MAX) { *pYear = 0; *pMonth = 0; *pDay = 0; ++++++ php-5.3.15-CVE-2013-6420.patch ++++++ https://bugzilla.redhat.com/attachment.cgi?id=831933&action=diff&context=pa… --- ext/openssl/openssl.c 2013-11-28 13:03:15.000000000 +0100 +++ ext/openssl/openssl.c 2013-11-28 12:57:36.000000000 +0100 @@ -688,18 +688,28 @@ char * thestr; long gmadjust = 0; - if (timestr->length < 13) { + if (ASN1_STRING_type(timestr) != V_ASN1_UTCTIME) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "illegal ASN1 data type for timestamp"); + return (time_t)-1; + } + + if (ASN1_STRING_length(timestr) != strlen(ASN1_STRING_data(timestr))) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "illegal length in timestamp"); + return (time_t)-1; + } + + if (ASN1_STRING_length(timestr) < 13) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "extension author too lazy to parse %s correctly", timestr->data); return (time_t)-1; } - strbuf = estrdup((char *)timestr->data); + strbuf = estrdup((char *)ASN1_STRING_data(timestr)); memset(&thetime, 0, sizeof(thetime)); /* we work backwards so that we can use atoi more easily */ - thestr = strbuf + timestr->length - 3; + thestr = strbuf + ASN1_STRING_length(timestr) - 3; thetime.tm_sec = atoi(thestr); *thestr = '\0'; ++++++ php-5.3.15-CVE-2013-6712.patch ++++++ From: Remi Collet <remi(a)php.net> Date: Wed, 27 Nov 2013 10:13:16 +0000 (+0100) Subject: Fixed bug #66060 (Heap buffer over-read in DateInterval) X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=commitdiff_plain;h=12fe4e90be7bfa2… Fixed bug #66060 (Heap buffer over-read in DateInterval) --- --- ext/date/lib/parse_iso_intervals.re +++ ext/date/lib/parse_iso_intervals.re @@ -383,7 +383,7 @@ isoweek = year4 "-"? "W" weekofyear; break; } ptr++; - } while (*ptr); + } while (!s->errors->error_count && *ptr); s->have_period = 1; TIMELIB_DEINIT; return TIMELIB_PERIOD; ++++++ php-5.3.2-aconf26x.patch ++++++ Index: scripts/phpize.m4 =================================================================== --- scripts/phpize.m4.orig +++ scripts/phpize.m4 @@ -1,6 +1,6 @@ dnl This file becomes configure.in for self-contained extensions. -divert(1) +divert(1001) AC_PREREQ(2.13) AC_INIT(config.m4) @@ -23,7 +23,8 @@ test -z "$CFLAGS" && auto_cflags=1 abs_srcdir=`(cd $srcdir && pwd)` abs_builddir=`pwd` -AC_PROG_CC([cc gcc]) +AC_PROG_CC_STDC +AC_USE_SYSTEM_EXTENSIONS PHP_DETECT_ICC PHP_DETECT_SUNCC AC_PROG_CC_C_O Index: ext/standard/config.m4 =================================================================== --- ext/standard/config.m4.orig +++ ext/standard/config.m4 @@ -1,6 +1,6 @@ dnl $Id$ -*- autoconf -*- -divert(3)dnl +divert(1003)dnl dnl dnl Check if flush should be called explicitly after buffered io @@ -342,7 +342,7 @@ dnl AC_CHECK_FUNCS(getcwd getwd asinh acosh atanh log1p hypot glob strfmon nice fpclass isinf isnan mempcpy strpncpy) AC_FUNC_FNMATCH -divert(5)dnl +divert(1005)dnl dnl dnl Check if there is a support means of creating a new process Index: configure.in =================================================================== --- configure.in.orig +++ configure.in @@ -1,7 +1,7 @@ ## $Id$ -*- autoconf -*- dnl ## Process this file with autoconf to produce a configure script. -divert(1) +divert(1001) dnl ## Diversion 1 is the autoconf + automake setup phase. We also dnl ## set the PHP version, deal with platform-specific compile @@ -125,12 +125,12 @@ rm -f libs/* dnl Checks for programs. dnl ------------------------------------------------------------------------- -AC_PROG_CC([cc gcc]) +AC_USE_SYSTEM_EXTENSIONS PHP_DETECT_ICC PHP_DETECT_SUNCC AC_PROG_CC_C_O dnl Change to AC_PROG_CC_STDC when we start requiring a post-2.13 autoconf -dnl AC_PROG_CC_STDC +AC_PROG_CC_STDC AC_PROG_CPP AC_AIX AC_PROG_LN_S @@ -290,7 +290,7 @@ sinclude(TSRM/threads.m4) sinclude(TSRM/tsrm.m4) -divert(2) +divert(1002) dnl ## Diversion 2 is where we set PHP-specific options and come up dnl ## with reasonable default values for them. We check for pthreads here @@ -329,7 +329,7 @@ if test "$enable_maintainer_zts" = "yes" PTHREADS_FLAGS fi -divert(3) +divert(1003) dnl ## In diversion 3 we check for compile-time options to the PHP dnl ## core and how to deal with different system dependencies. @@ -683,7 +683,7 @@ if test "x$php_crypt_r" = "x1"; then PHP_CRYPT_R_STYLE fi -divert(4) +divert(1004) dnl ## In diversion 4 we check user-configurable general settings. @@ -924,7 +924,7 @@ else AC_MSG_RESULT([using system default]) fi -divert(5) +divert(1005) dnl ## In diversion 5 we check which extensions should be compiled. dnl ## All of these are normally in the extension directories. @@ -1351,7 +1351,8 @@ AC_PROVIDE_IFELSE([PHP_REQUIRE_CXX], [], undefine([AC_PROG_CXXCPP]) AC_DEFUN([AC_PROG_CXXCPP], [php_prog_cxxcpp=disabled]) ]) -AC_PROG_LIBTOOL +LT_INIT([disable-static pic-only dlopen]) +#AC_PROG_LIBTOOL if test "$enable_debug" != "yes"; then PHP_SET_LIBTOOL_VARIABLE([--silent]) Index: build/buildcheck.sh =================================================================== --- build/buildcheck.sh.orig +++ build/buildcheck.sh @@ -51,7 +51,7 @@ if test "$1" = "2" -a "$2" -gt "59"; the echo " On Debian/Ubuntu both autoconf2.13 and autoconf2.59 packages exist." echo " Install autoconf2.13 and set the PHP_AUTOCONF env var to " echo " autoconf2.13 and try again." - exit 1 +# exit 1 else echo "buildconf: autoconf version $ac_version (ok)" fi ++++++ php-5.3.2-ini.patch ++++++ Index: php.ini-production =================================================================== --- php.ini-production.orig 2010-06-24 02:15:12.000000000 +0200 +++ php.ini-production 2010-08-03 06:31:20.319461000 +0200 @@ -781,7 +781,7 @@ default_mimetype = "text/html" ;;;;;;;;;;;;;;;;;;;;;;;;; ; UNIX: "/path1:/path2" -;include_path = ".:/php/includes" +include_path = ".:/usr/share/php5:/usr/share/php5/PEAR" ; ; Windows: "\path1;\path2" ;include_path = ".;c:\php\includes" @@ -1189,7 +1189,7 @@ mysql.allow_local_infile = On ; Allow or prevent persistent links. ; http://php.net/mysql.allow-persistent -mysql.allow_persistent = On +mysql.allow_persistent = Off ; If mysqlnd is used: Number of cache slots for the internal result set cache ; http://php.net/mysql.cache_size @@ -1252,7 +1252,7 @@ mysqli.max_persistent = -1 ; Allow or prevent persistent links. ; http://php.net/mysqli.allow-persistent -mysqli.allow_persistent = On +mysqli.allow_persistent = Off ; Maximum number of links. -1 means no limit. ; http://php.net/mysqli.max-links @@ -1474,7 +1474,7 @@ session.save_handler = files ; where MODE is the octal representation of the mode. Note that this ; does not overwrite the process's umask. ; http://php.net/session.save-path -;session.save_path = "/tmp" +session.save_path = "/var/lib/php5" ; Whether to use cookies. ; http://php.net/session.use-cookies @@ -1590,14 +1590,14 @@ session.referer_check = ; How many bytes to read from the file. ; http://php.net/session.entropy-length -session.entropy_length = 0 +session.entropy_length = 32 ; Specified here to create the session id. ; http://php.net/session.entropy-file ; On systems that don't have /dev/urandom /dev/arandom can be used ; On windows, setting the entropy_length setting will activate the ; Windows random source (using the CryptoAPI) -;session.entropy_file = /dev/urandom +session.entropy_file = /dev/urandom ; Set to {nocache,private,public,} to determine HTTP caching aspects ; or leave this empty to avoid sending anti-caching headers. @@ -1628,7 +1628,7 @@ session.use_trans_sid = 0 ; the hash extension. A list of available hashes is returned by the hash_algos() ; function. ; http://php.net/session.hash-function -session.hash_function = 0 +session.hash_function = sha256 ; Define how many bits are stored in each character when converting ; the binary hash data to something readable. ++++++ php-5.3.2-no-build-date.patch ++++++ --- ext/standard/info.c.orig +++ ext/standard/info.c @@ -697,7 +697,7 @@ PHPAPI void php_print_info(int flag TSRM php_info_print_box_end(); php_info_print_table_start(); php_info_print_table_row(2, "System", php_uname ); - php_info_print_table_row(2, "Build Date", __DATE__ " " __TIME__ ); + /* php_info_print_table_row(2, "Build Date", __DATE__ " " __TIME__ ); */ #ifdef COMPILER php_info_print_table_row(2, "Compiler", COMPILER); #endif @@ -705,7 +705,7 @@ PHPAPI void php_print_info(int flag TSRM php_info_print_table_row(2, "Architecture", ARCHITECTURE); #endif #ifdef CONFIGURE_COMMAND - php_info_print_table_row(2, "Configure Command", CONFIGURE_COMMAND ); + /* php_info_print_table_row(2, "Configure Command", CONFIGURE_COMMAND ); */ #endif if (sapi_module.pretty_name) { --- sapi/fpm/fpm/fpm_main.c.orig +++ sapi/fpm/fpm/fpm_main.c @@ -1700,7 +1700,7 @@ int main(int argc, char *argv[]) #if ZEND_DEBUG php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2009 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); #else - php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2009 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); + php_printf("PHP %s (%s)\nCopyright (c) 1997-2009 The PHP Group\n%s", PHP_VERSION, sapi_module.name, get_zend_version()); #endif php_request_shutdown((void *) 0); fcgi_shutdown(); --- configure.in.orig +++ configure.in @@ -1192,8 +1192,8 @@ fi EXTRA_LDFLAGS="$EXTRA_LDFLAGS $PHP_LDFLAGS" EXTRA_LDFLAGS_PROGRAM="$EXTRA_LDFLAGS_PROGRAM $PHP_LDFLAGS" - -PHP_BUILD_DATE=`date '+%Y-%m-%d'` +#totally fake, not used anywhere in userspace +PHP_BUILD_DATE="1970-01-01" AC_DEFINE_UNQUOTED(PHP_BUILD_DATE,"$PHP_BUILD_DATE",[PHP build date]) case $host_alias in @@ -1204,7 +1204,8 @@ case $host_alias in AC_DEFINE_UNQUOTED(PHP_UNAME,"$PHP_UNAME",[hardcode for each of the cross compiler host]) ;; *) - PHP_UNAME=`uname -a | xargs` +dnl Totally fake, it wasnt and will never be reliable anyway. + PHP_UNAME="Linux suse 2.6.36 #1 SMP 2011-02-21 10:34:10 +0100 x86_64 x86_64 x86_64 GNU/Linux" AC_DEFINE_UNQUOTED(PHP_UNAME,"$PHP_UNAME",[uname -a output]) PHP_OS=`uname | xargs` AC_DEFINE_UNQUOTED(PHP_OS,"$PHP_OS",[uname output]) ++++++ php-5.3.4-format-string-issues.patch ++++++ --- main/snprintf.h.orig +++ main/snprintf.h @@ -83,7 +83,7 @@ PHPAPI int ap_php_vslprintf(char *buf, s PHPAPI int ap_php_snprintf(char *, size_t, const char *, ...); PHPAPI int ap_php_vsnprintf(char *, size_t, const char *, va_list ap); PHPAPI int ap_php_vasprintf(char **buf, const char *format, va_list ap); -PHPAPI int ap_php_asprintf(char **buf, const char *format, ...); +PHPAPI int ap_php_asprintf(char **buf, const char *format, ...) PHP_ATTRIBUTE_FORMAT(printf, 2, 3); PHPAPI int php_sprintf (char* s, const char* format, ...) PHP_ATTRIBUTE_FORMAT(printf, 2, 3); PHPAPI char * php_gcvt(double value, int ndigit, char dec_point, char exponent, char *buf); PHPAPI char * php_conv_fp(register char format, register double num, --- main/main.c.orig +++ main/main.c @@ -898,7 +898,7 @@ PHPAPI void php_html_puts(const char *st /* {{{ php_error_cb extended error handling function */ -static void php_error_cb(int type, const char *error_filename, const uint error_lineno, const char *format, va_list args) +static PHP_ATTRIBUTE_FORMAT(printf, 4, 0) void php_error_cb(int type, const char *error_filename, const uint error_lineno, const char *format, va_list args) { char *buffer; int buffer_len, display; --- Zend/zend.h.orig +++ Zend/zend.h @@ -146,6 +146,14 @@ char *alloca (); # define ZEND_ATTRIBUTE_MALLOC #endif +#if ZEND_GCC_VERSION >= 4003 +#define ZEND_ATTR_ALLOC_SIZE(x) __attribute__((__alloc_size__(x))) +#define ZEND_ATTR_ALLOC_SIZE2(x,y) __attribute__((__alloc_size__(x,y))) +#else +#define ZEND_ATTR_ALLOC_SIZE(x) +#define ZEND_ATTR_ALLOC_SIZE2(x,y) +#endif + #if ZEND_GCC_VERSION >= 2007 # define ZEND_ATTRIBUTE_FORMAT(type, idx, first) __attribute__ ((format(type, idx, first))) #else --- Zend/zend_alloc.h.orig +++ Zend/zend_alloc.h @@ -54,14 +54,14 @@ BEGIN_EXTERN_C() ZEND_API char *zend_strndup(const char *s, unsigned int length) ZEND_ATTRIBUTE_MALLOC; -ZEND_API void *_emalloc(size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC; -ZEND_API void *_safe_emalloc(size_t nmemb, size_t size, size_t offset ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC; -ZEND_API void *_safe_malloc(size_t nmemb, size_t size, size_t offset) ZEND_ATTRIBUTE_MALLOC; +ZEND_API void *_emalloc(size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC ZEND_ATTR_ALLOC_SIZE(1); +ZEND_API void *_safe_emalloc(size_t nmemb, size_t size, size_t offset ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC ZEND_ATTR_ALLOC_SIZE2(1,2); +ZEND_API void *_safe_malloc(size_t nmemb, size_t size, size_t offset) ZEND_ATTRIBUTE_MALLOC ZEND_ATTR_ALLOC_SIZE2(1,2); ZEND_API void _efree(void *ptr ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC); -ZEND_API void *_ecalloc(size_t nmemb, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC; -ZEND_API void *_erealloc(void *ptr, size_t size, int allow_failure ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC); -ZEND_API void *_safe_erealloc(void *ptr, size_t nmemb, size_t size, size_t offset ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC); -ZEND_API void *_safe_realloc(void *ptr, size_t nmemb, size_t size, size_t offset); +ZEND_API void *_ecalloc(size_t nmemb, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC ZEND_ATTR_ALLOC_SIZE2(1,2); +ZEND_API void *_erealloc(void *ptr, size_t size, int allow_failure ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTR_ALLOC_SIZE(2); +ZEND_API void *_safe_erealloc(void *ptr, size_t nmemb, size_t size, size_t offset ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTR_ALLOC_SIZE2(2,3); +ZEND_API void *_safe_realloc(void *ptr, size_t nmemb, size_t size, size_t offset) ZEND_ATTR_ALLOC_SIZE2(2,3); ZEND_API char *_estrdup(const char *s ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC; ZEND_API char *_estrndup(const char *s, unsigned int length ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC; ZEND_API size_t _zend_mem_block_size(void *ptr TSRMLS_DC ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC); @@ -90,7 +90,7 @@ ZEND_API size_t _zend_mem_block_size(voi #define estrndup_rel(s, length) _estrndup((s), (length) ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_CC) #define zend_mem_block_size_rel(ptr) _zend_mem_block_size((ptr) TSRMLS_CC ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_CC) -inline static void * __zend_malloc(size_t len) +inline static ZEND_ATTR_ALLOC_SIZE(1) void * __zend_malloc(size_t len) { void *tmp = malloc(len); if (tmp) { @@ -100,14 +100,14 @@ inline static void * __zend_malloc(size_ exit(1); } -inline static void * __zend_calloc(size_t nmemb, size_t len) +inline static ZEND_ATTR_ALLOC_SIZE2(1,2) void * __zend_calloc(size_t nmemb, size_t len) { void *tmp = _safe_malloc(nmemb, len, 0); memset(tmp, 0, nmemb * len); return tmp; } -inline static void * __zend_realloc(void *p, size_t len) +inline static ZEND_ATTR_ALLOC_SIZE(2) void * __zend_realloc(void *p, size_t len) { p = realloc(p, len); if (p) { --- sapi/cli/php_cli.c.orig +++ sapi/cli/php_cli.c @@ -826,8 +826,8 @@ int main(int argc, char *argv[]) } request_started = 1; - php_printf("PHP %s (%s) (built: %s %s) %s\nCopyright (c) 1997-2012 The PHP Group\n%s", - PHP_VERSION, sapi_module.name, __DATE__, __TIME__, + php_printf("PHP %s (%s) %s\nCopyright (c) 1997-2012 The PHP Group\n%s", + PHP_VERSION, sapi_module.name, #if ZEND_DEBUG && defined(HAVE_GCOV) "(DEBUG GCOV)", #elif ZEND_DEBUG --- sapi/cgi/cgi_main.c.orig +++ sapi/cgi/cgi_main.c @@ -1935,7 +1935,7 @@ consult the installation file that came #if ZEND_DEBUG php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2012 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); #else - php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2012 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); + php_printf("PHP %s (%s)\nCopyright (c) 1997-2012 The PHP Group\n%s", PHP_VERSION, sapi_module.name, get_zend_version()); #endif php_request_shutdown((void *) 0); fcgi_shutdown(); ++++++ php-5.3.4-pts.patch ++++++ --- ext/standard/proc_open.c.orig +++ ext/standard/proc_open.c @@ -62,7 +62,7 @@ * */ #ifdef PHP_CAN_SUPPORT_PROC_OPEN -#if 0 && HAVE_PTSNAME && HAVE_GRANTPT && HAVE_UNLOCKPT && HAVE_SYS_IOCTL_H && HAVE_TERMIOS_H +#if HAVE_PTSNAME && HAVE_GRANTPT && HAVE_UNLOCKPT && HAVE_SYS_IOCTL_H && HAVE_TERMIOS_H # include <sys/ioctl.h> # include <termios.h> # define PHP_CAN_DO_PTS 1 ++++++ php-5.3.6-gcc_builtins.patch ++++++ --- Zend/zend_alloc.c.orig +++ Zend/zend_alloc.c @@ -36,7 +36,7 @@ # include <wincrypt.h> # include <process.h> #endif - +#include <x86intrin.h> #ifndef ZEND_MM_HEAP_PROTECTION # define ZEND_MM_HEAP_PROTECTION ZEND_DEBUG #endif @@ -665,10 +665,7 @@ static inline unsigned int zend_mm_high_ __asm__("bsrl %1,%0\n\t" : "=r" (n) : "rm" (_size)); return n; #elif defined(__GNUC__) && defined(__x86_64__) - unsigned long n; - - __asm__("bsrq %1,%0\n\t" : "=r" (n) : "rm" (_size)); - return (unsigned int)n; + return __bsrq(_size); #elif defined(_MSC_VER) && defined(_M_IX86) __asm { bsr eax, _size @@ -691,10 +688,7 @@ static inline unsigned int zend_mm_low_b __asm__("bsfl %1,%0\n\t" : "=r" (n) : "rm" (_size)); return n; #elif defined(__GNUC__) && defined(__x86_64__) - unsigned long n; - - __asm__("bsfq %1,%0\n\t" : "=r" (n) : "rm" (_size)); - return (unsigned int)n; + return __bsfq(_size); #elif defined(_MSC_VER) && defined(_M_IX86) __asm { bsf eax, _size ++++++ php-5.3.6-ini-date.timezone.patch ++++++ Index: php.ini-production =================================================================== --- php.ini-production.orig +++ php.ini-production @@ -993,7 +993,7 @@ default_socket_timeout = 60 [Date] ; Defines the default timezone used by the date functions ; http://php.net/date.timezone -;date.timezone = +date.timezone = 'UTC' ; http://php.net/date.default-latitude ;date.default_latitude = 31.7667 ++++++ php-5.3.8-crypt-tests.patch ++++++ Index: ext/standard/config.m4 =================================================================== --- ext/standard/config.m4.orig +++ ext/standard/config.m4 @@ -60,7 +60,14 @@ if test "$ac_cv_func_crypt" = "no"; then AC_DEFINE(HAVE_CRYPT, 1, [ ]) ]) fi - + +if test "$ac_cv_func_crypt" = "no"; then + AC_CHECK_LIB(crypt, crypt_r, [ + LIBS="-lcrypt $LIBS -lcrypt" + AC_DEFINE(HAVE_CRYPT_R, 1, [ ]) + ]) +fi + AC_CACHE_CHECK(for standard DES crypt, ac_cv_crypt_des,[ AC_TRY_RUN([ #if HAVE_UNISTD_H @@ -172,7 +179,7 @@ main() { ac_cv_crypt_blowfish=no ])]) -AC_CACHE_CHECK(for SHA512 crypt, ac_cv_crypt_SHA512,[ +AC_CACHE_CHECK(for SHA512 crypt, ac_cv_crypt_sha512,[ AC_TRY_RUN([ #if HAVE_UNISTD_H #include <unistd.h> @@ -184,24 +191,22 @@ AC_TRY_RUN([ main() { #if HAVE_CRYPT - char salt[30], answer[80]; + char salt[120]; - salt[0]='$'; salt[1]='6'; salt[2]='$'; salt[3]='$'; salt[4]='b'; salt[5]='a'; salt[6]='r'; salt[7]='\0'; - strcpy(answer, salt); - strcpy(&answer[29],"$6$$QMXjqd7rHQZPQ1yHsXkQqC1FBzDiVfTHXL.LaeDAeVV.IzMaV9VU4MQ8kPuZa2SOP1A0RPm772EaFYjpEJtdu."); - exit (strcmp((char *)crypt("foo",salt),answer)); + strcpy(salt, "\$6\$rounds=5000\$usesomesillystri\$D4IrlXatmP7rx3P3InaxBeoomnAihCKRVQP22JZ6EY47Wc6BkroIuUUBOov1i.S5KPgErtP/EN5mcO.ChWQW21"); + exit (strcmp((char *)crypt("rasmuslerdorf",salt),salt)); #else exit(0); #endif }],[ - ac_cv_crypt_SHA512=yes + ac_cv_crypt_sha512=yes ],[ - ac_cv_crypt_SHA512=no + ac_cv_crypt_sha512=no ],[ - ac_cv_crypt_SHA512=no + ac_cv_crypt_sha512=no ])]) -AC_CACHE_CHECK(for SHA256 crypt, ac_cv_crypt_SHA256,[ +AC_CACHE_CHECK(for SHA256 crypt, ac_cv_crypt_sha256,[ AC_TRY_RUN([ #if HAVE_UNISTD_H #include <unistd.h> @@ -213,28 +218,31 @@ AC_TRY_RUN([ main() { #if HAVE_CRYPT - char salt[30], answer[80]; - salt[0]='$'; salt[1]='5'; salt[2]='$'; salt[3]='$'; salt[4]='s'; salt[5]='a'; salt[6]='l'; salt[7]='t'; salt[8]='s'; salt[9]='t'; salt[10]='r'; salt[11]='i'; salt[12]='n'; salt[13]='g'; salt[14]='\0'; - strcat(salt,""); - strcpy(answer, salt); - strcpy(&answer[29], "$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5"); - exit (strcmp((char *)crypt("foo",salt),answer)); + char salt[80]; + strcpy(salt, "\$5\$rounds=5000\$usesomesillystri\$KqJWpanXZHKq2BOB43TSaYhEWsQ1Lr5QNyPCDH/Tp.6"); + exit (strcmp((char *)crypt("rasmuslerdorf",salt),salt)); #else exit(0); #endif }],[ - ac_cv_crypt_SHA256=yes + ac_cv_crypt_sha256=yes ],[ - ac_cv_crypt_SHA256=no + ac_cv_crypt_sha256=no ],[ - ac_cv_crypt_SHA256=no + ac_cv_crypt_sha256=no ])]) dnl -dnl If one of them is missing, use our own implementation, portable code is then possible +dnl If one of them or crypt_r() is missing, use our own implementation, portable code is then possible dnl -if test "$ac_cv_crypt_blowfish" = "no" || test "$ac_cv_crypt_des" = "no" || test "$ac_cv_crypt_ext_des" = "no" || test "x$php_crypt_r" = "x0"; then +if test "$ac_cv_crypt_des" = "no" || + /* test "$ac_cv_crypt_ext_des" = "no" ||*/ + test "$ac_cv_crypt_md5" = "no" || + test "$ac_cv_crypt_blowfish" = "no" || + test "$ac_cv_crypt_sha512" = "no" || + test "$ac_cv_crypt_sha256" = "no" || + test "$ac_cv_lib_crypt_crypt_r" = "no"; then dnl dnl Check for __alignof__ support in the compiler ++++++ php-5.3.8-no-reentrant-crypt.patch ++++++ Index: ext/standard/crypt.c =================================================================== --- ext/standard/crypt.c +++ ext/standard/crypt.c @@ -302,6 +302,8 @@ PHP_FUNCTION(crypt) RETURN_STRING(crypt_res, 1); } } +# else + RETURN_STRING(crypt(str, salt), 1); # endif #endif } ++++++ php-cloexec.patch ++++++ Index: ext/standard/exec.c =================================================================== --- ext/standard/exec.c.orig 2010-03-12 11:28:59.000000000 +0100 +++ ext/standard/exec.c 2010-08-03 06:31:21.692327000 +0200 @@ -107,8 +107,12 @@ PHPAPI int php_exec(int type, char *cmd, #ifdef PHP_WIN32 fp = VCWD_POPEN(cmd_p, "rb"); #else +#if defined(__linux__) && __GLIBC_PREREQ(2, 9) + fp = VCWD_POPEN(cmd_p, "re"); +#else fp = VCWD_POPEN(cmd_p, "r"); #endif +#endif if (!fp) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to fork [%s]", cmd); goto err; Index: ext/standard/file.c =================================================================== --- ext/standard/file.c.orig 2010-05-02 22:11:22.000000000 +0200 +++ ext/standard/file.c 2010-08-03 06:31:21.701320000 +0200 @@ -957,6 +957,13 @@ PHP_FUNCTION(popen) } } #endif +#if defined(__linux__) && __GLIBC_PREREQ(2, 9) + char *e = memchr(posix_mode, 'e', mode_len); + if (e) { + memmove(e, e + 1, mode_len - (e - posix_mode)); + } +#endif + if (PG(safe_mode)){ b = strchr(command, ' '); if (!b) { Index: ext/standard/mail.c =================================================================== --- ext/standard/mail.c.orig 2010-07-19 15:38:53.000000000 +0200 +++ ext/standard/mail.c 2010-08-03 06:31:21.709286000 +0200 @@ -294,8 +294,12 @@ PHPAPI int php_mail(char *to, char *subj * (e.g. the shell can't be executed) we explicitely set it to 0 to be * sure we don't catch any older errno value. */ errno = 0; +#if defined(__linux__) && __GLIBC_PREREQ(2, 9) + sendmail = popen(sendmail_cmd, "we"); +#else sendmail = popen(sendmail_cmd, "w"); #endif +#endif if (extra_cmd != NULL) { efree (sendmail_cmd); } ++++++ php-fpm.init ++++++ #!/bin/sh # # Template SUSE system startup script for example service/daemon php-fpm # Copyright (C) 1995--2005 Kurt Garloff, SUSE / Novell Inc. # # This library is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as published by # the Free Software Foundation; either version 2.1 of the License, or (at # your option) any later version. # # This library is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, # USA. # # /etc/init.d/php-fpm # and its symbolic link # /(usr/)sbin/rcphp-fpm # # Template system startup script for some example service/daemon php-fpm # # LSB compatible service control script; see http://www.linuxbase.org/spec/ # # Note: This template uses functions rc_XXX defined in /etc/rc.status on # UnitedLinux/SUSE/Novell based Linux distributions. If you want to base your # script on this template and ensure that it works on non UL based LSB # compliant Linux distributions, you either have to provide the rc.status # functions from UL or change the script to work without them. # See skeleton.compat for a template that works with other distros as well. # ### BEGIN INIT INFO # Provides: php-fpm # Required-Start: $remote_fs $network # Should-Start: nginx lighttpd httpd # Required-Stop: $network $remote_fs # Should-Stop: nginx lighttpd httpd # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: php-fpm daemon # Description: Start php-fpm to # continued on second line by '#<TAB>' # should contain enough info for the runlevel editor # to give admin some idea what this service does and # what it's needed for ... # (The Short-Description should already be a good hint.) ### END INIT INFO # # Any extensions to the keywords given above should be preceeded by # X-VendorTag- (X-UnitedLinux- X-SuSE- for us) according to LSB. # # Notes on Required-Start/Should-Start: # * There are two different issues that are solved by Required-Start # and Should-Start # (a) Hard dependencies: This is used by the runlevel editor to determine # which services absolutely need to be started to make the start of # this service make sense. Example: nfsserver should have # Required-Start: $portmap # Also, required services are started before the dependent ones. # The runlevel editor will warn about such missing hard dependencies # and suggest enabling. During system startup, you may expect an error, # if the dependency is not fulfilled. # (b) Specifying the init script ordering, not real (hard) dependencies. # This is needed by insserv to determine which service should be # started first (and at a later stage what services can be started # in parallel). The tag Should-Start: is used for this. # It tells, that if a service is available, it should be started # before. If not, never mind. # * When specifying hard dependencies or ordering requirements, you can # use names of services (contents of their Provides: section) # or pseudo names starting with a $. The following ones are available # according to LSB (1.1): # $local_fs all local file systems are mounted # (most services should need this!) # $remote_fs all remote file systems are mounted # (note that /usr may be remote, so # many services should Require this!) # $syslog system logging facility up # $network low level networking (eth card, ...) # $named hostname resolution available # $netdaemons all network daemons are running # The $netdaemons pseudo service has been removed in LSB 1.2. # For now, we still offer it for backward compatibility. # These are new (LSB 1.2): # $time the system time has been set correctly # $portmap SunRPC portmapping service available # UnitedLinux extensions: # $ALL indicates that a script should be inserted # at the end # * The services specified in the stop tags # (Required-Stop/Should-Stop) # specify which services need to be still running when this service # is shut down. Often the entries there are just copies or a subset # from the respective start tag. # * Should-Start/Stop are now part of LSB as of 2.0, # formerly SUSE/Unitedlinux used X-UnitedLinux-Should-Start/-Stop. # insserv does support both variants. # * X-UnitedLinux-Default-Enabled: yes/no is used at installation time # (%fillup_and_insserv macro in %post of many RPMs) to specify whether # a startup script should default to be enabled after installation. # It's not used by insserv. # # Note on runlevels: # 0 - halt/poweroff 6 - reboot # 1 - single user 2 - multiuser without network exported # 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm) # # Note on script names: # http://www.linuxbase.org/spec/refspecs/LSB_1.3.0/gLSB/gLSB/scrptnames.html # A registry has been set up to manage the init script namespace. # http://www.lanana.org/ # Please use the names already registered or register one or use a # vendor prefix. # Check for missing binaries (stale symlinks should not happen) # Note: Special treatment of stop for LSB conformance PHPFPM_BIN=/usr/sbin/php-fpm test -x $PHPFPM_BIN || { echo "$PHPFPM_BIN not installed"; if [ "$1" = "stop" ]; then exit 0; else exit 5; fi; } FPM_CONFIG="--fpm-config /etc/php5/fpm/php-fpm.conf" # Source LSB init functions # providing start_daemon, killproc, pidofproc, # log_success_msg, log_failure_msg and log_warning_msg. # This is currently not used by UnitedLinux based distributions and # not needed for init scripts for UnitedLinux only. If it is used, # the functions from rc.status should not be sourced or used. #. /lib/lsb/init-functions # Shell functions sourced from /etc/rc.status: # rc_check check and set local and overall rc status # rc_status check and set local and overall rc status # rc_status -v be verbose in local rc status and clear it afterwards # rc_status -v -r ditto and clear both the local and overall rc status # rc_status -s display "skipped" and exit with status 3 # rc_status -u display "unused" and exit with status 3 # rc_failed set local and overall rc status to failed # rc_failed <num> set local and overall rc status to <num> # rc_reset clear both the local and overall rc status # rc_exit exit appropriate to overall rc status # rc_active checks whether a service is activated by symlinks . /etc/rc.status # Reset status of this service rc_reset # Return values acc. to LSB for all commands but status: # 0 - success # 1 - generic or unspecified error # 2 - invalid or excess argument(s) # 3 - unimplemented feature (e.g. "reload") # 4 - user had insufficient privileges # 5 - program is not installed # 6 - program is not configured # 7 - program is not running # 8--199 - reserved (8--99 LSB, 100--149 distrib, 150--199 appl) # # Note that starting an already running service, stopping # or restarting a not-running service as well as the restart # with force-reload (in case signaling is not supported) are # considered a success. case "$1" in start) echo -n "Starting php-fpm" ## Start daemon with startproc(8). If this fails ## the return value is set appropriately by startproc. /sbin/startproc $PHPFPM_BIN $FPM_CONFIG # Remember status and be verbose rc_status -v ;; stop) echo -n "Shutting down php-fpm " ## Stop daemon with killproc(8) and if this fails ## killproc sets the return value according to LSB. /sbin/killproc -QUIT $PHPFPM_BIN # Remember status and be verbose rc_status -v ;; try-restart|condrestart) ## Do a restart only if the service was active before. ## Note: try-restart is now part of LSB (as of 1.9). ## RH has a similar command named condrestart. if test "$1" = "condrestart"; then echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}" fi $0 status if test $? = 0; then $0 restart else rc_reset # Not running is not a failure. fi # Remember status and be quiet rc_status ;; restart) ## Stop the service and regardless of whether it was ## running or not, start it again. $0 stop $0 start # Remember status and be quiet rc_status ;; force-reload) ## Signal the daemon to reload its config. Most daemons ## do this on signal 1 (SIGHUP). ## If it does not support it, restart the service if it ## is running. echo -n "Reload service php-fpm" ## if it supports it: /sbin/killproc -USR2 $PHPFPM_BIN rc_status -v ## Otherwise: #$0 try-restart #rc_status ;; reload) ## Like force-reload, but if daemon does not support ## signaling, do nothing (!) # If it supports signaling: echo -n "Reload service php-fpm " /sbin/killproc -USR2 $PHPFPM_BIN rc_status -v ## Otherwise if it does not support reload: #rc_failed 3 #rc_status -v ;; status) echo -n "Checking for service php-fpm " ## Check status with checkproc(8), if process is running ## checkproc will return with exit status 0. # Return value is slightly different for the status command: # 0 - service up and running # 1 - service dead, but /var/run/ pid file exists # 2 - service dead, but /var/lock/ lock file exists # 3 - service not running (unused) # 4 - service status unknown :-( # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.) # NOTE: checkproc returns LSB compliant status values. /sbin/checkproc $PHPFPM_BIN # NOTE: rc_status knows that we called this init script with # "status" option and adapts its messages accordingly. rc_status -v ;; *) echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload}" exit 1 ;; esac rc_exit ++++++ php5-apache_sapi_install.patch ++++++ # Do not attempt to modify apache configuration on module install ================================================================================ --- sapi/apache2handler/config.m4 | 9 --------- 1 file changed, 9 deletions(-) Index: sapi/apache2handler/config.m4 =================================================================== --- sapi/apache2handler/config.m4.orig 2008-03-11 23:47:39.000000000 +0100 +++ sapi/apache2handler/config.m4 2010-08-03 06:31:18.512616000 +0200 @@ -68,18 +68,9 @@ if test "$PHP_APXS2" != "no"; then fi APXS_LIBEXECDIR='$(INSTALL_ROOT)'`$APXS -q LIBEXECDIR` - if test -z `$APXS -q SYSCONFDIR`; then INSTALL_IT="\$(mkinstalldirs) '$APXS_LIBEXECDIR' && \ $APXS -S LIBEXECDIR='$APXS_LIBEXECDIR' \ -i -n php5" - else - APXS_SYSCONFDIR='$(INSTALL_ROOT)'`$APXS -q SYSCONFDIR` - INSTALL_IT="\$(mkinstalldirs) '$APXS_LIBEXECDIR' && \ - \$(mkinstalldirs) '$APXS_SYSCONFDIR' && \ - $APXS -S LIBEXECDIR='$APXS_LIBEXECDIR' \ - -S SYSCONFDIR='$APXS_SYSCONFDIR' \ - -i -a -n php5" - fi case $host_alias in *aix*) ++++++ php5-missing-extdeps.patch ++++++ --- ext/soap/soap.c.orig +++ ext/soap/soap.c @@ -439,7 +439,7 @@ unsigned char arginfo_soapclient___soapc # define arginfo_soapserver_setobject NULL # define arginfo_soapserver_addfunction NULL # define arginfo_soapserver_getfunctions NULL -# defina arginfo_soapserver_handle NULL +# define arginfo_soapserver_handle NULL # define arginfo_soapserver_fault NULL # define arginfo_soapserver_addsoapheader NULL @@ -516,10 +516,18 @@ static const zend_function_entry soap_he PHP_FE_END }; -zend_module_entry soap_module_entry = { -#ifdef STANDARD_MODULE_HEADER - STANDARD_MODULE_HEADER, +/* {{{ soap dependencies */ +static const zend_module_dep soap_module_deps[] = { + ZEND_MOD_REQUIRED("standard") +#if HAVE_PHP_SESSION && !defined(COMPILE_DL_SESSION) + ZEND_MOD_REQUIRED("session") #endif + {NULL, NULL, NULL} +}; + +zend_module_entry soap_module_entry = { + STANDARD_MODULE_HEADER_EX, NULL, + soap_module_deps, "soap", soap_functions, PHP_MINIT(soap), --- ext/wddx/wddx.c.orig +++ ext/wddx/wddx.c @@ -154,10 +154,21 @@ ZEND_GET_MODULE(wddx) #endif /* COMPILE_DL_WDDX */ /* }}} */ +/* {{{ wddx dependencies */ +static const zend_module_dep wddx_module_deps[] = { + ZEND_MOD_REQUIRED("standard") + ZEND_MOD_REQUIRED("xml") + ZEND_MOD_REQUIRED("date") +#if HAVE_PHP_SESSION && !defined(COMPILE_DL_SESSION) + ZEND_MOD_REQUIRED("session") +#endif + {NULL, NULL, NULL} +}; /* {{{ wddx_module_entry */ zend_module_entry wddx_module_entry = { - STANDARD_MODULE_HEADER, + STANDARD_MODULE_HEADER_EX, NULL, + wddx_module_deps, "wddx", wddx_functions, PHP_MINIT(wddx), --- ext/filter/filter.c.orig +++ ext/filter/filter.c @@ -132,12 +132,17 @@ static const zend_function_entry filter_ }; /* }}} */ +/* {{{ filter dependencies */ +static const zend_module_dep filter_module_deps[] = { + ZEND_MOD_REQUIRED("standard") + ZEND_MOD_REQUIRED("pcre") + {NULL, NULL, NULL} +}; /* {{{ filter_module_entry */ zend_module_entry filter_module_entry = { -#if ZEND_MODULE_API_NO >= 20010901 - STANDARD_MODULE_HEADER, -#endif + STANDARD_MODULE_HEADER_EX, NULL, + filter_module_deps, "filter", filter_functions, PHP_MINIT(filter), --- ext/mbstring/mbstring.c.orig +++ ext/mbstring/mbstring.c @@ -561,9 +561,19 @@ const zend_function_entry mbstring_funct }; /* }}} */ +/* {{{ mbstring dependencies */ +static const zend_module_dep mbstring_module_deps[] = { + ZEND_MOD_REQUIRED("standard") +#if (HAVE_PCRE || HAVE_BUNDLED_PCRE) && !HAVE_ONIG + ZEND_MOD_REQUIRED("pcre") +#endif + {NULL, NULL, NULL} +}; + /* {{{ zend_module_entry mbstring_module_entry */ zend_module_entry mbstring_module_entry = { - STANDARD_MODULE_HEADER, + STANDARD_MODULE_HEADER_EX, NULL, + mbstring_module_deps, "mbstring", mbstring_functions, PHP_MINIT(mbstring), ++++++ php5-openssl.patch ++++++ --- ext/openssl/openssl.c.orig +++ ext/openssl/openssl.c @@ -47,6 +47,7 @@ #include <openssl/rand.h> #include <openssl/ssl.h> #include <openssl/pkcs12.h> +#include <openssl/engine.h> /* Common */ #include <time.h> @@ -979,10 +980,16 @@ PHP_MINIT_FUNCTION(openssl) le_x509 = zend_register_list_destructors_ex(php_x509_free, NULL, "OpenSSL X.509", module_number); le_csr = zend_register_list_destructors_ex(php_csr_free, NULL, "OpenSSL X.509 CSR", module_number); + OPENSSL_config(NULL); SSL_library_init(); OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); OpenSSL_add_all_algorithms(); +/* Load all bundled ENGINEs into memory and make them visible */ + ENGINE_load_builtin_engines(); + /* Register all of them for every algorithm they collectively implement */ + ENGINE_register_all_complete(); + ERR_load_ERR_strings(); ERR_load_crypto_strings(); --- ext/openssl/xp_ssl.c.orig +++ ext/openssl/xp_ssl.c @@ -376,7 +376,9 @@ static inline int php_openssl_setup_cryp php_error_docref(NULL TSRMLS_CC, E_WARNING, "failed to create an SSL context"); return -1; } - +#ifdef SSL_MODE_RELEASE_BUFFERS + SSL_CTX_set_mode(sslsock->ctx, SSL_MODE_RELEASE_BUFFERS); +#endif SSL_CTX_set_options(sslsock->ctx, SSL_OP_ALL); #if OPENSSL_VERSION_NUMBER >= 0x0090806fL ++++++ php5-php-config.patch ++++++ --- scripts/php-config.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: scripts/php-config.in =================================================================== --- scripts/php-config.in.orig 2007-08-24 13:44:10.000000000 +0200 +++ scripts/php-config.in 2010-08-03 06:31:18.786529000 +0200 @@ -5,7 +5,7 @@ prefix="@prefix@" exec_prefix="@exec_prefix@" version="@PHP_VERSION@" vernum="@PHP_VERSION_ID@" -include_dir="@includedir@/php" +include_dir="@includedir@/php5" includes="-I$include_dir -I$include_dir/main -I$include_dir/TSRM -I$include_dir/Zend -I$include_dir/ext -I$include_dir/ext/date/lib" ldflags="@PHP_LDFLAGS@" libs="@EXTRA_LIBS@" ++++++ php5-phpize.patch ++++++ --- scripts/Makefile.frag | 4 ++-- scripts/phpize.in | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) Index: scripts/Makefile.frag =================================================================== --- scripts/Makefile.frag.orig 2010-07-13 19:24:13.000000000 +0200 +++ scripts/Makefile.frag 2010-08-03 06:31:18.109614000 +0200 @@ -3,8 +3,8 @@ # Build environment install # -phpincludedir = $(includedir)/php -phpbuilddir = $(libdir)/build +phpincludedir = $(includedir)/php5 +phpbuilddir = $(datadir)/build BUILD_FILES = \ scripts/phpize.m4 \ Index: scripts/phpize.in =================================================================== --- scripts/phpize.in.orig 2009-06-24 09:42:33.000000000 +0200 +++ scripts/phpize.in 2010-08-03 06:31:18.115618000 +0200 @@ -3,8 +3,8 @@ # Variable declaration prefix='@prefix@' exec_prefix="`eval echo @exec_prefix@`" -phpdir="`eval echo @libdir@`/build" -includedir="`eval echo @includedir@`/php" +phpdir="`eval echo @datadir@`/build" +includedir="`eval echo @includedir@`/php5" builddir="`pwd`" SED="@SED@" ++++++ suhosin-patch-5.3.3-0.9.10.patch.gz ++++++ ++++ 5803 lines (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit php5 for openSUSE:12.2:Update
by root＠hilbert.suse.de 27 Dec '13

27 Dec '13

Hello community, here is the log from the commit of package php5 for openSUSE:12.2:Update checked in at 2013-12-27 09:20:11 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.2:Update/php5 (Old) and /work/SRC/openSUSE:12.2:Update/.php5.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "php5" Changes: -------- New Changes file: NO CHANGES FILE!!! ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _link ++++++ --- /var/tmp/diff_new_pack.350VXU/_old 2013-12-27 09:20:11.000000000 +0100 +++ /var/tmp/diff_new_pack.350VXU/_new 2013-12-27 09:20:11.000000000 +0100 @@ -1 +1 @@ -<link package='php5.1867' cicount='copy' /> +<link package='php5.2404' cicount='copy' /> -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit zsh for openSUSE:Factory
by root＠hilbert.suse.de 26 Dec '13

26 Dec '13

Hello community, here is the log from the commit of package zsh for openSUSE:Factory checked in at 2013-12-26 17:42:43 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/zsh (Old) and /work/SRC/openSUSE:Factory/.zsh.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "zsh" Changes: -------- --- /work/SRC/openSUSE:Factory/zsh/zsh.changes 2013-04-22 14:33:20.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.zsh.new/zsh.changes 2013-12-26 17:42:45.000000000 +0100 @@ -1,0 +2,10 @@ +Wed Dec 25 12:25:03 UTC 2013 - idonmez(a)suse.com + +- Update to version 5.0.4 + * Small bugfix release +- Add zsh-pipefix.patch to import pipe fixes from zsh.git +- Remove upstream patches + * zsh-osc-suseversion.patch + * zsh-zypper-completion.patch + +------------------------------------------------------------------- Old: ---- zsh-5.0.2.tar.bz2 zsh-osc-suseversion.patch zsh-zypper-completion.patch New: ---- zsh-5.0.4.tar.bz2 zsh-pipefix.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ zsh.spec ++++++ --- /var/tmp/diff_new_pack.SY2wAX/_old 2013-12-26 17:42:46.000000000 +0100 +++ /var/tmp/diff_new_pack.SY2wAX/_new 2013-12-26 17:42:46.000000000 +0100 @@ -17,7 +17,7 @@ Name: zsh -Version: 5.0.2 +Version: 5.0.4 Release: 0 Summary: Shell with comprehensive completion License: MIT @@ -36,9 +36,8 @@ Source16: dotzshrc.rh Source17: zshprompt.pl %endif -Patch1: zsh-zypper-completion.patch -Patch2: zsh-osc-suseversion.patch -Patch3: trim-unneeded-completions.patch +Patch1: trim-unneeded-completions.patch +Patch2: zsh-pipefix.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %if 0%{?suse_version} Requires(pre): %{install_info_prereq} @@ -94,11 +93,10 @@ %prep %setup -q -n %{name}-%{version} -%patch1 -p1 -%patch2 -p1 %if 0%{?suse_version} -%patch3 -p1 +%patch1 -p1 %endif +%patch2 -p1 # Remove executable bit chmod 0644 Etc/changelog2html.pl @@ -129,15 +127,6 @@ make all info html -# make help text files -install -d Help -pushd Help/ -troff -Tlatin1 -t -mandoc ../Doc/zshbuiltins.1 | \ - grotty -cbou | \ - sed -e 's/±/{+|-}/' | \ - ../Util/helpfiles -popd - # generate intro.ps groff -Tps -ms Doc/intro.ms > intro.ps @@ -179,7 +168,7 @@ # install help files install -m 0755 -Dd %{buildroot}%{_datadir}/%{name}/%{version}/help -install -m 0644 Help/* %{buildroot}%{_datadir}/%{name}/%{version}/help/ +install -m 0644 Doc/help/* %{buildroot}%{_datadir}/%{name}/%{version}/help/ # link zsh binary ln -sf %{_bindir}/zsh %{buildroot}/bin/zsh ++++++ zsh-5.0.2.tar.bz2 -> zsh-5.0.4.tar.bz2 ++++++ ++++ 22175 lines of diff (skipped) ++++++ zsh-pipefix.patch ++++++ diff --git a/Src/exec.c b/Src/exec.c index dccdc2b..4480033 100644 --- a/Src/exec.c +++ b/Src/exec.c @@ -1691,6 +1691,7 @@ execpline2(Estate state, wordcode pcode, execcmd(state, input, output, how, last1 ? 1 : 2); else { int old_list_pipe = list_pipe; + int subsh_close = -1; Wordcode next = state->pc + (*state->pc), pc; wordcode code; @@ -1738,6 +1739,7 @@ execpline2(Estate state, wordcode pcode, } else { /* otherwise just do the pipeline normally. */ addfilelist(NULL, pipes[0]); + subsh_close = pipes[0]; execcmd(state, input, pipes[1], how, 0); } zclose(pipes[1]); @@ -1750,6 +1752,8 @@ execpline2(Estate state, wordcode pcode, execpline2(state, *state->pc++, how, pipes[0], output, last1); list_pipe = old_list_pipe; cmdpop(); + if (subsh_close != pipes[0]) + zclose(pipes[0]); } } diff --git a/Test/A05execution.ztst b/Test/A05execution.ztst index c8320a1..61d24fe 100644 --- a/Test/A05execution.ztst +++ b/Test/A05execution.ztst @@ -202,3 +202,15 @@ F:the bug is still there or it reappeared. See workers-29973 for details. 0:Check $pipestatus with a known difficult case >1 0 1 0 0 F:This similar test was triggering a reproducible failure with pipestatus. + + { unsetopt MONITOR } 2>/dev/null + coproc { read -Et 5 || kill -INT $$ } + print -u $ZTST_fd 'This test takes 5 seconds to fail...' + { printf "%d\n" {1..20000} } | ( read -E ) + print -p done + read -Ep +0:Bug regression: piping a shell construct to an external process may hang +>1 +>done +F:This test checks for a file descriptor leak that could cause the left +F:side of a pipe to block on write after the right side has exited diff --git a/Src/exec.c b/Src/exec.c index 4480033..f16cfd3 100644 --- a/Src/exec.c +++ b/Src/exec.c @@ -2389,7 +2389,7 @@ static void execcmd(Estate state, int input, int output, int how, int last1) { HashNode hn = NULL; - LinkList args; + LinkList args, filelist = NULL; LinkNode node; Redir fn; struct multio *mfds[10]; @@ -2911,6 +2911,7 @@ execcmd(Estate state, int input, int output, int how, int last1) flags |= ESUB_KEEPTRAP; if (type == WC_SUBSH && !(how & Z_ASYNC)) flags |= ESUB_JOB_CONTROL; + filelist = jobtab[thisjob].filelist; entersubsh(flags); close(synch[1]); forked = 1; @@ -3264,6 +3265,7 @@ execcmd(Estate state, int input, int output, int how, int last1) if (is_shfunc) { /* It's a shell function */ + pipecleanfilelist(filelist); execshfunc((Shfunc) hn, args); } else { /* It's a builtin */ @@ -3342,6 +3344,7 @@ execcmd(Estate state, int input, int output, int how, int last1) DPUTS(varspc, "BUG: assignment before complex command"); list_pipe = 0; + pipecleanfilelist(filelist); /* If we're forked (and we should be), no need to return */ DPUTS(last1 != 1 && !forked, "BUG: not exiting?"); DPUTS(type != WC_SUBSH, "Not sure what we're doing."); diff --git a/Src/jobs.c b/Src/jobs.c index 371b8eb..a321172 100644 --- a/Src/jobs.c +++ b/Src/jobs.c @@ -1173,6 +1173,30 @@ addfilelist(const char *name, int fd) zaddlinknode(ll, jf); } +/* Clean up pipes no longer needed associated with a job */ + +/**/ +void +pipecleanfilelist(LinkList filelist) +{ + LinkNode node; + + if (!filelist) + return; + node = firstnode(filelist); + while (node) { + Jobfile jf = (Jobfile)getdata(node); + if (jf->is_fd) { + LinkNode next = nextnode(node); + zclose(jf->u.fd); + (void)remnode(filelist, node); + zfree(jf, sizeof(*jf)); + node = next; + } else + incnode(node); + } +} + /* Finished with list of files for a job */ /**/ @@ -1415,19 +1439,7 @@ zwaitjob(int job, int wait_cmd) * we can't deadlock on the fact that those still exist, so * that's not a problem. */ - LinkNode node = firstnode(jn->filelist); - while (node) { - Jobfile jf = (Jobfile)getdata(node); - if (jf->is_fd) { - LinkNode next = nextnode(node); - (void)remnode(jn->filelist, node); - zclose(jf->u.fd); - zfree(jf, sizeof(*jf)); - node = next; - } else { - incnode(node); - } - } + pipecleanfilelist(jn->filelist); } while (!errflag && jn->stat && !(jn->stat & STAT_DONE) && diff --git a/Test/A05execution.ztst b/Test/A05execution.ztst index 61d24fe..6abfd8b 100644 --- a/Test/A05execution.ztst +++ b/Test/A05execution.ztst @@ -207,10 +207,12 @@ F:This similar test was triggering a reproducible failure with pipestatus. coproc { read -Et 5 || kill -INT $$ } print -u $ZTST_fd 'This test takes 5 seconds to fail...' { printf "%d\n" {1..20000} } | ( read -E ) + hang(){ printf "%d\n" {2..20000} | cat }; hang | ( read -E ) print -p done read -Ep 0:Bug regression: piping a shell construct to an external process may hang >1 +>2 >done F:This test checks for a file descriptor leak that could cause the left F:side of a pipe to block on write after the right side has exited -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit sendmail for openSUSE:Factory
by root＠hilbert.suse.de 26 Dec '13

26 Dec '13

Hello community, here is the log from the commit of package sendmail for openSUSE:Factory checked in at 2013-12-26 17:39:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/sendmail (Old) and /work/SRC/openSUSE:Factory/.sendmail.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "sendmail" Changes: -------- --- /work/SRC/openSUSE:Factory/sendmail/sendmail.changes 2013-10-20 10:53:45.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.sendmail.new/sendmail.changes 2013-12-26 17:39:40.000000000 +0100 @@ -1,0 +2,6 @@ +Wed Dec 18 08:03:28 UTC 2013 - werner(a)suse.de + +- Do not use remote-fs.target but local-fs.target to make sure that + failing remote/cifs shares let sendmail fail (bnc#855688) + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ uucp.spec: same change ++++++ sendmail.service ++++++ --- /var/tmp/diff_new_pack.fDhcJX/_old 2013-12-26 17:39:42.000000000 +0100 +++ /var/tmp/diff_new_pack.fDhcJX/_new 2013-12-26 17:39:42.000000000 +0100 @@ -14,8 +14,8 @@ [Unit] Description=Sendmail Mail Transport Agent -Requires=var-run.mount nss-lookup.target network.target remote-fs.target time-sync.target -After=var-run.mount nss-lookup.target network.target remote-fs.target time-sync.target +Requires=var-run.mount nss-lookup.target network.target local-fs.target time-sync.target +After=var-run.mount nss-lookup.target network.target local-fs.target time-sync.target Wants=amavis.service cyrus.service ldap.service nscd.service ypbind.service sendmail-client.service saslauthd.service After=amavis.service cyrus.service ldap.service nscd.service ypbind.service saslauthd.service Before=sendmail-client.service mail-transfer-agent.target -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0