Hello community, here is the log from the commit of package php5 for openSUSE:Factory checked in at 2013-12-03 14:27:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/php5 (Old) and /work/SRC/openSUSE:Factory/.php5.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "php5" Changes: -------- --- /work/SRC/openSUSE:Factory/php5/php5.changes 2013-10-30 15:49:21.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.php5.new/php5.changes 2013-12-03 14:27:21.000000000 +0100 @@ -1,0 +2,88 @@ +Tue Dec 3 12:24:28 UTC 2013 - [email protected] + +- security update [bnc#853045] + * added CVE-2013-6712.patch + +------------------------------------------------------------------- +Mon Nov 22 10:10:50 UTC 2013 - [email protected] + +- updated to 5.5.6: + * fixes some bugs against PHP 5.5.5, and adds some performance + improvements. + * see http://www.php.net/ChangeLog-5.php#5.5.6 for details + +------------------------------------------------------------------- +Mon Nov 22 10:10:49 UTC 2013 - [email protected] + +- updated to 5.5.5: + * This release fixes about twenty bugs against PHP 5.5.4, some + of them regarding the build system. + * added sys_temp_dir ini directive +- removed custom-tmp-dir.patch (upstreamed) + +------------------------------------------------------------------- +Mon Nov 22 10:10:48 UTC 2013 - [email protected] + +- updated to 5.5.4: + * This release fixes several bugs against PHP 5.5.3. +- crypt-tests.patch partially upstreamed +- use zend_extension instead of extension directive in opcache.ini + [bnc#840350] + +------------------------------------------------------------------- +Mon Nov 22 10:10:47 UTC 2013 - [email protected] + +- updated to 5.5.3: These release fix a bug in the patch for + CVE-2013-4248 in OpenSSL module and compile failure with ZTS enabled + in PHP 5.4. + +------------------------------------------------------------------- +Mon Nov 22 10:10:46 UTC 2013 - [email protected] + +- updated to 5.5.2: + * About 20 bugs were fixed, including security issue in OpenSSL + module (CVE-2013-4248) and session fixation problem (CVE-2011-4718). + +------------------------------------------------------------------- +Mon Nov 22 10:10:45 UTC 2013 - [email protected] + +- updated to 5.5.1 + * bugfixes incl. security fix in the XML parser + +------------------------------------------------------------------- +Mon Nov 22 10:10:44 UTC 2013 - Ralf Lang <[email protected]> + +- replace php5-64-bit-post-large-files.patch with php5-big-file-upload.patch + patch that uses def_t instead of signed long as suggested by upstream + +------------------------------------------------------------------- +Mon Nov 22 10:10:43 UTC 2013 - [email protected] + +- updated to 5.5.0: + * Added generators and coroutines. + * Added the finally keyword. + * Added a simplified password hashing API. + * Added support for constant array/string dereferencing. + * Added scalar class name resolution via ::class. + * Added support for using empty() on the result of function + calls and other expressions. + * Added support for non-scalar Iterator keys in foreach. + * Added support for list() constructs in foreach statements. + * Added the Zend OPcache extension for opcode caching. + * A lot more improvements and fixes. + * PHP logo GUIDs have been removed. + * Case insensitivity is no longer locale specific. All case + insensitive matching for function, class and constant names + is now performed in a locale independent manner according to + ASCII rules. +- buildrequire cyrus-sasl-devel explicitely +- suhosin-php54.patch renamed to suhosin-php55.patch + +------------------------------------------------------------------- +Mon Nov 18 10:10:43 UTC 2013 - [email protected] + +- update to 5.4.22: + * About 10 bugs were fixed. + * see http://www.php.net/ChangeLog-5.php#5.4.22 for details + +------------------------------------------------------------------- Old: ---- php-5.4.21.tar.bz2 php5-64-bit-post-large-files.patch php5-custom-tmp-dir.patch php5-suhosin-php54.patch New: ---- php-5.5.6-CVE-2013-6712.patch php-5.5.6.tar.bz2 php5-big-file-upload.patch php5-suhosin-php55.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ php5.spec ++++++ --- /var/tmp/diff_new_pack.c7IBy6/_old 2013-12-03 14:27:23.000000000 +0100 +++ /var/tmp/diff_new_pack.c7IBy6/_new 2013-12-03 14:27:23.000000000 +0100 @@ -17,8 +17,8 @@ Name: php5 -%global apiver 20100412 -%global zendver 20100525 +%global apiver 20121113 +%global zendver 20121212 %define suhosin_version 0.9.33 %define pkg_name php5 %define with_spell 1 @@ -100,7 +100,7 @@ %define apache2_includedir %(%{apxs2} -q INCLUDEDIR) %define apache2_serverroot %(%{apxs2} -q PREFIX) %define need_libxml2_hack %(if [ -e %{_includedir}/libxml/parser.h ]; then if grep -q XML_PARSE_OLDSAX %{_includedir}/libxml/parser.h;then echo 1; else echo 0; fi; else echo 0; fi) -Version: 5.4.21 +Version: 5.5.6 Release: 0 Provides: php Provides: php-api = %{apiver} @@ -149,8 +149,11 @@ Patch5: php5-pts.patch Patch6: php5-openssl.patch Patch7: php5-systzdata-v7.patch +Patch8: php5-systemd-unit.patch #bugs -Patch10: php5-suhosin-php54.patch +# this is from https://raw.github.com/NewEraCracker/suhosin-patches/, check for official +# one from suhosin git +Patch10: php5-suhosin-php55.patch Patch11: php5-mbstring-missing-return.patch Patch12: php5-BNC-457056.patch Patch13: php5-cloexec.patch @@ -170,12 +173,10 @@ Patch17: php5-no-reentrant-crypt.patch Patch18: php5-format-string-issues.patch # following patch connected fixes or workarounds https://bugs.php.net/bug.php?id=44522 -Patch19: php5-64-bit-post-large-files.patch +Patch19: php5-big-file-upload.patch Patch20: php5-per-mod-log.patch Patch21: php5-apache24-updates.patch -Patch22: php5-systemd-unit.patch -# added to 5.5.5 -Patch23: php5-custom-tmp-dir.patch +Patch22: php-5.5.6-CVE-2013-6712.patch Url: http://www.php.net BuildRoot: %{_tmppath}/%{name}-%{version}-build Summary: PHP5 Core Files @@ -791,6 +792,22 @@ The PHP Group See http://www.php.net/credits.php for more details +%package opcache +Provides: php-opcache +Summary: PHP5 Extension Module +Group: Development/Libraries/PHP +Requires: %{name} = %{version} + +%description opcache +The Zend OPcache provides faster PHP execution through +opcode caching and optimization. + + +Authors: +-------- + The PHP Group + See http://www.php.net/credits.php for more details + %package openssl Provides: php-openssl Summary: PHP5 Extension Module @@ -1286,6 +1303,7 @@ %patch5 %patch6 %patch7 +%patch8 %patch10 %patch11 %if %{need_libxml2_hack} @@ -1308,8 +1326,6 @@ %patch20 -p1 %patch21 -p1 %patch22 -%patch23 -p1 - # Safety check for API version change. vapi=`sed -n '/#define PHP_API_VERSION/{s/.* //;p}' main/php.h` if test "x${vapi}" != "x%{apiver}"; then @@ -1325,6 +1341,7 @@ fi %build +chmod 644 README.namespaces UPGRADING # aclocal workaround - to be improved cat `aclocal --print-ac-dir`/{libtool,ltoptions,ltsugar,ltversion,lt~obsolete}.m4 >>aclocal.m4 @@ -1545,6 +1562,11 @@ %check cd build-cli +# check if we link against system libcrypt +if [ -z "$(ldd sapi/cli/php | grep libcrypt.so)" ]; then + echo 'php do not link against system libcrypt.' + exit 1 +fi # Run tests, using the CLI SAPI export NO_INTERACTION=1 REPORT_EXIT_STATUS=1 LANG=POSIX LC_ALL=POSIX unset TZ @@ -1599,7 +1621,12 @@ ext=${f##*/} extern_modules="$extern_modules $ext" echo "; comment out next line to disable $ext extension in php" > %{buildroot}/%{php_sysconf}/conf.d/$ext.ini - echo "extension=$ext.so" >> %{buildroot}/%{php_sysconf}/conf.d/$ext.ini + zend_='' + if [ $ext == "opcache" ]; then + # http://php.net/manual/en/opcache.installation.php + zend_='zend_' + fi + echo "${zend_}extension=$ext.so" >> %{buildroot}/%{php_sysconf}/conf.d/$ext.ini done #suhosin configuration %{__install} -m 644 ext/suhosin/suhosin.ini %{buildroot}/%{php_sysconf}/conf.d/suhosin.ini @@ -1636,7 +1663,6 @@ #install fpm init script. install -d %{buildroot}%{_sysconfdir}/init.d install -m 755 -c %{S:8} %{buildroot}%{_sysconfdir}/init.d/php-fpm -chmod 644 README.namespaces UPGRADING install -D -m 0644 ./build-fpm/sapi/fpm/php-fpm.service %{buildroot}%{_unitdir}/php-fpm.service %post -n apache2-mod_php5 @@ -1871,6 +1897,11 @@ %{extension_dir}/pdo_odbc.so %config(noreplace) %{php_sysconf}/conf.d/pdo_odbc.ini +%files opcache +%defattr(644,root,root,755) +%{extension_dir}/opcache.so +%config(noreplace) %{php_sysconf}/conf.d/opcache.ini + %files openssl %defattr(644,root,root,755) %{extension_dir}/openssl.so ++++++ php-5.5.6-CVE-2013-6712.patch ++++++ From: Remi Collet <[email protected]> Date: Wed, 27 Nov 2013 10:13:16 +0000 (+0100) Subject: Fixed bug #66060 (Heap buffer over-read in DateInterval) X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=commitdiff_plain;h=12fe4e90be7bfa2a763197079f68f5568a14e071 Fixed bug #66060 (Heap buffer over-read in DateInterval) --- --- ext/date/lib/parse_iso_intervals.re +++ ext/date/lib/parse_iso_intervals.re @@ -383,7 +383,7 @@ isoweek = year4 "-"? "W" weekofyear; break; } ptr++; - } while (*ptr); + } while (!s->errors->error_count && *ptr); s->have_period = 1; TIMELIB_DEINIT; return TIMELIB_PERIOD; ++++++ php-5.4.21.tar.bz2 -> php-5.5.6.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/php5/php-5.4.21.tar.bz2 /work/SRC/openSUSE:Factory/.php5.new/php-5.5.6.tar.bz2 differ: char 11, line 1 ++++++ php5-apache_sapi_install.patch ++++++ --- /var/tmp/diff_new_pack.c7IBy6/_old 2013-12-03 14:27:23.000000000 +0100 +++ /var/tmp/diff_new_pack.c7IBy6/_new 2013-12-03 14:27:23.000000000 +0100 @@ -6,9 +6,9 @@ Index: sapi/apache2handler/config.m4 =================================================================== ---- sapi/apache2handler/config.m4.orig 2008-03-11 23:47:39.000000000 +0100 -+++ sapi/apache2handler/config.m4 2010-08-03 06:31:18.512616000 +0200 -@@ -68,18 +68,9 @@ if test "$PHP_APXS2" != "no"; then +--- sapi/apache2handler/config.m4.orig ++++ sapi/apache2handler/config.m4 +@@ -67,18 +67,9 @@ if test "$PHP_APXS2" != "no"; then fi APXS_LIBEXECDIR='$(INSTALL_ROOT)'`$APXS -q LIBEXECDIR` ++++++ php5-big-file-upload.patch ++++++ From: Ralf Lang <[email protected]> Date: 2013-07-23 10:25:22 +0200 Subject: Allow large file uploads > 2G and prevent integer overflow for php.ini values > 2G Upstream: submitted Similarly to the previous php5-64-bit-post-large-files.patch, this adresses cases where php.ini configures upload limits > 2G https://github.com/php/php-src/pull/372 https://bugs.php.net/bug.php?id=44522 This is essentially the same as the patch "uploads_larger_than_2g_HEAD_v2 (last revision 2012-03-26 03:59 UTC) byjason at infininull dot com)" but using off_t instead of signed long(originally: uint) --- main/SAPI.h | 4 ++-- main/rfc1867.c | 5 +++-- sapi/cgi/cgi_main.c | 2 +- 3 files changed, 6 insertions(+), 5 deletions(-) Index: php-5.4.16/main/SAPI.h =================================================================== --- php-5.4.16.orig/main/SAPI.h +++ php-5.4.16/main/SAPI.h @@ -82,7 +82,7 @@ typedef struct { char *post_data, *raw_post_data; char *cookie_data; long content_length; - uint post_data_length, raw_post_data_length; + off_t post_data_length, raw_post_data_length; char *path_translated; char *request_uri; @@ -119,7 +119,7 @@ typedef struct _sapi_globals_struct { void *server_context; sapi_request_info request_info; sapi_headers_struct sapi_headers; - int read_post_bytes; + off_t read_post_bytes; unsigned char headers_sent; struct stat global_stat; char *default_mimetype; Index: php-5.4.16/main/rfc1867.c =================================================================== --- php-5.4.16.orig/main/rfc1867.c +++ php-5.4.16/main/rfc1867.c @@ -676,8 +676,9 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_ { char *boundary, *s = NULL, *boundary_end = NULL, *start_arr = NULL, *array_index = NULL; char *temp_filename = NULL, *lbuf = NULL, *abuf = NULL; - int boundary_len = 0, total_bytes = 0, cancel_upload = 0, is_arr_upload = 0, array_len = 0; - int max_file_size = 0, skip_upload = 0, anonindex = 0, is_anonymous; + int boundary_len = 0, cancel_upload = 0, is_arr_upload = 0, array_len = 0; + off_t total_bytes = 0, max_file_size = 0; + int skip_upload = 0, anonindex = 0, is_anonymous; zval *http_post_files = NULL; HashTable *uploaded_files = NULL; multipart_buffer *mbuff; Index: php-5.4.16/sapi/cgi/cgi_main.c =================================================================== --- php-5.4.16.orig/sapi/cgi/cgi_main.c +++ php-5.4.16/sapi/cgi/cgi_main.c @@ -508,7 +508,7 @@ static int sapi_cgi_read_post(char *buff uint read_bytes = 0; int tmp_read_bytes; - count_bytes = MIN(count_bytes, (uint) SG(request_info).content_length - SG(read_post_bytes)); + count_bytes = MIN(count_bytes, SG(request_info).content_length - SG(read_post_bytes)); while (read_bytes < count_bytes) { tmp_read_bytes = read(STDIN_FILENO, buffer + read_bytes, count_bytes - read_bytes); if (tmp_read_bytes <= 0) { ++++++ php5-cloexec.patch ++++++ --- /var/tmp/diff_new_pack.c7IBy6/_old 2013-12-03 14:27:23.000000000 +0100 +++ /var/tmp/diff_new_pack.c7IBy6/_new 2013-12-03 14:27:23.000000000 +0100 @@ -18,7 +18,7 @@ =================================================================== --- ext/standard/file.c.orig +++ ext/standard/file.c -@@ -926,6 +926,12 @@ PHP_FUNCTION(popen) +@@ -927,6 +927,12 @@ PHP_FUNCTION(popen) } } #endif @@ -35,7 +35,7 @@ =================================================================== --- ext/standard/mail.c.orig +++ ext/standard/mail.c -@@ -321,8 +321,12 @@ PHPAPI int php_mail(char *to, char *subj +@@ -331,8 +331,12 @@ PHPAPI int php_mail(char *to, char *subj * (e.g. the shell can't be executed) we explicitly set it to 0 to be * sure we don't catch any older errno value. */ errno = 0; ++++++ php5-crypt-tests.patch ++++++ --- /var/tmp/diff_new_pack.c7IBy6/_old 2013-12-03 14:27:23.000000000 +0100 +++ /var/tmp/diff_new_pack.c7IBy6/_new 2013-12-03 14:27:23.000000000 +0100 @@ -1,8 +1,17 @@ Index: ext/standard/config.m4 =================================================================== ---- ext/standard/config.m4.orig -+++ ext/standard/config.m4 -@@ -60,7 +60,14 @@ if test "$ac_cv_func_crypt" = "no"; then +--- ext/standard/config.m4.orig 2013-09-25 13:23:43.472777745 +0200 ++++ ext/standard/config.m4 2013-09-25 13:28:29.744510495 +0200 +@@ -2,7 +2,7 @@ + + dnl + dnl Check if flush should be called explicitly after buffered io +-dnl ++ + AC_CACHE_CHECK([whether flush should be called explicitly after a buffered io], ac_cv_flush_io,[ + AC_TRY_RUN( [ + #include <stdio.h> +@@ -58,7 +58,14 @@ AC_DEFINE(HAVE_CRYPT, 1, [ ]) ]) fi @@ -18,87 +27,12 @@ AC_CACHE_CHECK(for standard DES crypt, ac_cv_crypt_des,[ AC_TRY_RUN([ #if HAVE_UNISTD_H -@@ -172,7 +179,7 @@ main() { - ac_cv_crypt_blowfish=no - ])]) - --AC_CACHE_CHECK(for SHA512 crypt, ac_cv_crypt_SHA512,[ -+AC_CACHE_CHECK(for SHA512 crypt, ac_cv_crypt_sha512,[ - AC_TRY_RUN([ - #if HAVE_UNISTD_H - #include <unistd.h> -@@ -184,24 +191,22 @@ AC_TRY_RUN([ - - main() { - #if HAVE_CRYPT -- char salt[30], answer[80]; -+ char salt[120]; - -- salt[0]='$'; salt[1]='6'; salt[2]='$'; salt[3]='$'; salt[4]='b'; salt[5]='a'; salt[6]='r'; salt[7]='\0'; -- strcpy(answer, salt); -- strcpy(&answer[29],"$6$$QMXjqd7rHQZPQ1yHsXkQqC1FBzDiVfTHXL.LaeDAeVV.IzMaV9VU4MQ8kPuZa2SOP1A0RPm772EaFYjpEJtdu."); -- exit (strcmp((char *)crypt("foo",salt),answer)); -+ strcpy(salt, "\$6\$rounds=5000\$usesomesillystri\$D4IrlXatmP7rx3P3InaxBeoomnAihCKRVQP22JZ6EY47Wc6BkroIuUUBOov1i.S5KPgErtP/EN5mcO.ChWQW21"); -+ exit (strcmp((char *)crypt("rasmuslerdorf",salt),salt)); - #else - exit(0); - #endif - }],[ -- ac_cv_crypt_SHA512=yes -+ ac_cv_crypt_sha512=yes - ],[ -- ac_cv_crypt_SHA512=no -+ ac_cv_crypt_sha512=no - ],[ -- ac_cv_crypt_SHA512=no -+ ac_cv_crypt_sha512=no - ])]) - --AC_CACHE_CHECK(for SHA256 crypt, ac_cv_crypt_SHA256,[ -+AC_CACHE_CHECK(for SHA256 crypt, ac_cv_crypt_sha256,[ - AC_TRY_RUN([ - #if HAVE_UNISTD_H - #include <unistd.h> -@@ -213,28 +218,31 @@ AC_TRY_RUN([ - - main() { - #if HAVE_CRYPT -- char salt[30], answer[80]; -- salt[0]='$'; salt[1]='5'; salt[2]='$'; salt[3]='$'; salt[4]='s'; salt[5]='a'; salt[6]='l'; salt[7]='t'; salt[8]='s'; salt[9]='t'; salt[10]='r'; salt[11]='i'; salt[12]='n'; salt[13]='g'; salt[14]='\0'; -- strcat(salt,""); -- strcpy(answer, salt); -- strcpy(&answer[29], "$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5"); -- exit (strcmp((char *)crypt("foo",salt),answer)); -+ char salt[80]; -+ strcpy(salt, "\$5\$rounds=5000\$usesomesillystri\$KqJWpanXZHKq2BOB43TSaYhEWsQ1Lr5QNyPCDH/Tp.6"); -+ exit (strcmp((char *)crypt("rasmuslerdorf",salt),salt)); - #else - exit(0); - #endif - }],[ -- ac_cv_crypt_SHA256=yes -+ ac_cv_crypt_sha256=yes - ],[ -- ac_cv_crypt_SHA256=no -+ ac_cv_crypt_sha256=no - ],[ -- ac_cv_crypt_SHA256=no -+ ac_cv_crypt_sha256=no - ])]) - - +@@ -233,7 +240,7 @@ dnl --dnl If one of them is missing, use our own implementation, portable code is then possible -+dnl If one of them or crypt_r() is missing, use our own implementation, portable code is then possible + dnl If one of them is missing, use our own implementation, portable code is then possible dnl -if test "$ac_cv_crypt_blowfish" = "no" || test "$ac_cv_crypt_des" = "no" || test "$ac_cv_crypt_ext_des" = "no" || test "x$php_crypt_r" = "x0"; then -+if test "$ac_cv_crypt_des" = "no" || -+ /* test "$ac_cv_crypt_ext_des" = "no" ||*/ -+ test "$ac_cv_crypt_md5" = "no" || -+ test "$ac_cv_crypt_blowfish" = "no" || -+ test "$ac_cv_crypt_sha512" = "no" || -+ test "$ac_cv_crypt_sha256" = "no" || -+ test "$ac_cv_lib_crypt_crypt_r" = "no"; then ++if test "$ac_cv_crypt_blowfish" = "no" || test "$ac_cv_crypt_des" = "no" || test "x$ac_cv_lib_crypt_crypt_r" = "x0"; then dnl dnl Check for __alignof__ support in the compiler ++++++ php5-format-string-issues.patch ++++++ --- /var/tmp/diff_new_pack.c7IBy6/_old 2013-12-03 14:27:23.000000000 +0100 +++ /var/tmp/diff_new_pack.c7IBy6/_new 2013-12-03 14:27:23.000000000 +0100 @@ -1,3 +1,5 @@ +Index: main/snprintf.h +=================================================================== --- main/snprintf.h.orig +++ main/snprintf.h @@ -83,7 +83,7 @@ PHPAPI int ap_php_vslprintf(char *buf, s @@ -9,9 +11,11 @@ PHPAPI int php_sprintf (char* s, const char* format, ...) PHP_ATTRIBUTE_FORMAT(printf, 2, 3); PHPAPI char * php_gcvt(double value, int ndigit, char dec_point, char exponent, char *buf); PHPAPI char * php_conv_fp(register char format, register double num, +Index: main/main.c +=================================================================== --- main/main.c.orig +++ main/main.c -@@ -898,7 +898,7 @@ PHPAPI void php_html_puts(const char *st +@@ -935,7 +935,7 @@ PHPAPI void php_html_puts(const char *st /* {{{ php_error_cb extended error handling function */ @@ -20,42 +24,23 @@ { char *buffer; int buffer_len, display; ---- Zend/zend.h.orig -+++ Zend/zend.h -@@ -146,6 +146,14 @@ char *alloca (); - # define ZEND_ATTRIBUTE_MALLOC - #endif - -+#if ZEND_GCC_VERSION >= 4003 -+#define ZEND_ATTR_ALLOC_SIZE(x) __attribute__((__alloc_size__(x))) -+#define ZEND_ATTR_ALLOC_SIZE2(x,y) __attribute__((__alloc_size__(x,y))) -+#else -+#define ZEND_ATTR_ALLOC_SIZE(x) -+#define ZEND_ATTR_ALLOC_SIZE2(x,y) -+#endif -+ - #if ZEND_GCC_VERSION >= 2007 - # define ZEND_ATTRIBUTE_FORMAT(type, idx, first) __attribute__ ((format(type, idx, first))) - #else +Index: Zend/zend_alloc.h +=================================================================== --- Zend/zend_alloc.h.orig +++ Zend/zend_alloc.h -@@ -54,14 +54,14 @@ BEGIN_EXTERN_C() - +@@ -55,13 +55,13 @@ BEGIN_EXTERN_C() ZEND_API char *zend_strndup(const char *s, unsigned int length) ZEND_ATTRIBUTE_MALLOC; --ZEND_API void *_emalloc(size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC; + ZEND_API void *_emalloc(size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC ZEND_ATTRIBUTE_ALLOC_SIZE(1); -ZEND_API void *_safe_emalloc(size_t nmemb, size_t size, size_t offset ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC; -ZEND_API void *_safe_malloc(size_t nmemb, size_t size, size_t offset) ZEND_ATTRIBUTE_MALLOC; -+ZEND_API void *_emalloc(size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC ZEND_ATTR_ALLOC_SIZE(1); +ZEND_API void *_safe_emalloc(size_t nmemb, size_t size, size_t offset ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC ZEND_ATTR_ALLOC_SIZE2(1,2); -+ZEND_API void *_safe_malloc(size_t nmemb, size_t size, size_t offset) ZEND_ATTRIBUTE_MALLOC ZEND_ATTR_ALLOC_SIZE2(1,2); ++ZEND_API void *_safe_malloc(size_t nmemb, size_t size, size_t offset) ZEND_ATTR_ALLOC_SIZE2(1,2); ZEND_API void _efree(void *ptr ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC); --ZEND_API void *_ecalloc(size_t nmemb, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC; --ZEND_API void *_erealloc(void *ptr, size_t size, int allow_failure ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC); + ZEND_API void *_ecalloc(size_t nmemb, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC ZEND_ATTRIBUTE_ALLOC_SIZE2(1,2); + ZEND_API void *_erealloc(void *ptr, size_t size, int allow_failure ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_ALLOC_SIZE(2); -ZEND_API void *_safe_erealloc(void *ptr, size_t nmemb, size_t size, size_t offset ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC); -ZEND_API void *_safe_realloc(void *ptr, size_t nmemb, size_t size, size_t offset); -+ZEND_API void *_ecalloc(size_t nmemb, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC ZEND_ATTR_ALLOC_SIZE2(1,2); -+ZEND_API void *_erealloc(void *ptr, size_t size, int allow_failure ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTR_ALLOC_SIZE(2); +ZEND_API void *_safe_erealloc(void *ptr, size_t nmemb, size_t size, size_t offset ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTR_ALLOC_SIZE2(2,3); +ZEND_API void *_safe_realloc(void *ptr, size_t nmemb, size_t size, size_t offset) ZEND_ATTR_ALLOC_SIZE2(2,3); ZEND_API char *_estrdup(const char *s ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC; @@ -87,4 +72,22 @@ { p = realloc(p, len); if (p) { - +Index: Zend/zend.h +=================================================================== +--- Zend/zend.h.orig ++++ Zend/zend.h +@@ -159,6 +159,14 @@ char *alloca (); + # define ZEND_ATTRIBUTE_ALLOC_SIZE2(X,Y) + #endif + ++#if ZEND_GCC_VERSION >= 4003 ++#define ZEND_ATTR_ALLOC_SIZE(x) __attribute__((__alloc_size__(x))) ++#define ZEND_ATTR_ALLOC_SIZE2(x,y) __attribute__((__alloc_size__(x,y))) ++#else ++#define ZEND_ATTR_ALLOC_SIZE(x) ++#define ZEND_ATTR_ALLOC_SIZE2(x,y) ++#endif ++ + #if ZEND_GCC_VERSION >= 2007 + # define ZEND_ATTRIBUTE_FORMAT(type, idx, first) __attribute__ ((format(type, idx, first))) + #else ++++++ php5-ini.patch ++++++ --- /var/tmp/diff_new_pack.c7IBy6/_old 2013-12-03 14:27:23.000000000 +0100 +++ /var/tmp/diff_new_pack.c7IBy6/_new 2013-12-03 14:27:23.000000000 +0100 @@ -1,8 +1,8 @@ Index: php.ini-production =================================================================== ---- php.ini-production.orig -+++ php.ini-production -@@ -702,7 +702,7 @@ default_mimetype = "text/html" +--- php.ini-production.orig 2013-09-18 15:08:04.000000000 +0200 ++++ php.ini-production 2013-09-25 12:25:54.774102652 +0200 +@@ -701,7 +701,7 @@ ;;;;;;;;;;;;;;;;;;;;;;;;; ; UNIX: "/path1:/path2" @@ -11,7 +11,7 @@ ; ; Windows: "\path1;\path2" ;include_path = ".;c:\php\includes" -@@ -916,7 +916,7 @@ cli_server.color = On +@@ -918,7 +918,7 @@ [Date] ; Defines the default timezone used by the date functions ; http://php.net/date.timezone @@ -20,7 +20,7 @@ ; http://php.net/date.default-latitude ;date.default_latitude = 31.7667 -@@ -1106,7 +1106,7 @@ mysql.allow_local_infile = On +@@ -1110,7 +1110,7 @@ ; Allow or prevent persistent links. ; http://php.net/mysql.allow-persistent @@ -29,7 +29,7 @@ ; If mysqlnd is used: Number of cache slots for the internal result set cache ; http://php.net/mysql.cache_size -@@ -1169,7 +1169,7 @@ mysqli.max_persistent = -1 +@@ -1173,7 +1173,7 @@ ; Allow or prevent persistent links. ; http://php.net/mysqli.allow-persistent @@ -38,16 +38,16 @@ ; Maximum number of links. -1 means no limit. ; http://php.net/mysqli.max-links -@@ -1391,7 +1391,7 @@ session.save_handler = files +@@ -1395,7 +1395,7 @@ ; where MODE is the octal representation of the mode. Note that this ; does not overwrite the process's umask. ; http://php.net/session.save-path -;session.save_path = "/tmp" +session.save_path = "/var/lib/php5" - ; Whether to use cookies. - ; http://php.net/session.use-cookies -@@ -1507,7 +1507,7 @@ session.referer_check = + ; Whether to use strict session mode. + ; Strict session mode does not accept uninitialized session ID and regenerate +@@ -1519,7 +1519,7 @@ ; How many bytes to read from the file. ; http://php.net/session.entropy-length @@ -56,7 +56,7 @@ ; Specified here to create the session id. ; http://php.net/session.entropy-file -@@ -1516,7 +1516,7 @@ session.referer_check = +@@ -1528,7 +1528,7 @@ ; If neither are found at compile time, the default is no entropy file. ; On windows, setting the entropy_length setting will activate the ; Windows random source (using the CryptoAPI) @@ -65,7 +65,7 @@ ; Set to {nocache,private,public,} to determine HTTP caching aspects ; or leave this empty to avoid sending anti-caching headers. -@@ -1547,7 +1547,7 @@ session.use_trans_sid = 0 +@@ -1559,7 +1559,7 @@ ; the hash extension. A list of available hashes is returned by the hash_algos() ; function. ; http://php.net/session.hash-function ++++++ php5-no-build-date.patch ++++++ --- /var/tmp/diff_new_pack.c7IBy6/_old 2013-12-03 14:27:23.000000000 +0100 +++ /var/tmp/diff_new_pack.c7IBy6/_new 2013-12-03 14:27:23.000000000 +0100 @@ -2,7 +2,7 @@ =================================================================== --- ext/standard/info.c.orig +++ ext/standard/info.c -@@ -697,7 +697,7 @@ PHPAPI void php_print_info(int flag TSRM +@@ -698,7 +698,7 @@ PHPAPI void php_print_info(int flag TSRM php_info_print_box_end(); php_info_print_table_start(); php_info_print_table_row(2, "System", php_uname ); @@ -11,7 +11,7 @@ #ifdef COMPILER php_info_print_table_row(2, "Compiler", COMPILER); #endif -@@ -705,7 +705,7 @@ PHPAPI void php_print_info(int flag TSRM +@@ -706,7 +706,7 @@ PHPAPI void php_print_info(int flag TSRM php_info_print_table_row(2, "Architecture", ARCHITECTURE); #endif #ifdef CONFIGURE_COMMAND @@ -24,7 +24,7 @@ =================================================================== --- sapi/fpm/fpm/fpm_main.c.orig +++ sapi/fpm/fpm/fpm_main.c -@@ -1710,7 +1710,7 @@ int main(int argc, char *argv[]) +@@ -1723,7 +1723,7 @@ int main(int argc, char *argv[]) #if ZEND_DEBUG php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2013 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); #else @@ -62,7 +62,7 @@ =================================================================== --- sapi/cli/php_cli.c.orig +++ sapi/cli/php_cli.c -@@ -687,8 +687,8 @@ static int do_cli(int argc, char **argv +@@ -692,8 +692,8 @@ static int do_cli(int argc, char **argv goto out; case 'v': /* show php version & quit */ @@ -77,7 +77,7 @@ =================================================================== --- sapi/cgi/cgi_main.c.orig +++ sapi/cgi/cgi_main.c -@@ -2218,7 +2218,7 @@ consult the installation file that came +@@ -2221,7 +2221,7 @@ consult the installation file that came #if ZEND_DEBUG php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2013 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); #else ++++++ php5-no-reentrant-crypt.patch ++++++ --- /var/tmp/diff_new_pack.c7IBy6/_old 2013-12-03 14:27:23.000000000 +0100 +++ /var/tmp/diff_new_pack.c7IBy6/_new 2013-12-03 14:27:23.000000000 +0100 @@ -1,13 +1,21 @@ Index: ext/standard/crypt.c =================================================================== ---- ext/standard/crypt.c +--- ext/standard/crypt.c.orig +++ ext/standard/crypt.c -@@ -302,6 +302,8 @@ PHP_FUNCTION(crypt) - RETURN_STRING(crypt_res, 1); +@@ -247,6 +247,16 @@ PHPAPI int php_crypt(const char *passwor + return SUCCESS; } } +# else -+ RETURN_STRING(crypt(str, salt), 1); ++ { ++ crypt_res = crypt(password, salt); ++ if (!crypt_res) { ++ return FAILURE; ++ } else { ++ *result = estrdup(crypt_res); ++ return SUCCESS; ++ } ++ } # endif #endif } ++++++ php5-php-config.patch ++++++ --- /var/tmp/diff_new_pack.c7IBy6/_old 2013-12-03 14:27:23.000000000 +0100 +++ /var/tmp/diff_new_pack.c7IBy6/_new 2013-12-03 14:27:23.000000000 +0100 @@ -4,9 +4,9 @@ Index: scripts/php-config.in =================================================================== ---- scripts/php-config.in.orig 2007-08-24 13:44:10.000000000 +0200 -+++ scripts/php-config.in 2010-08-03 06:31:18.786529000 +0200 -@@ -5,7 +5,7 @@ prefix="@prefix@" +--- scripts/php-config.in.orig ++++ scripts/php-config.in +@@ -6,7 +6,7 @@ datarootdir="@datarootdir@" exec_prefix="@exec_prefix@" version="@PHP_VERSION@" vernum="@PHP_VERSION_ID@" ++++++ php5-pts.patch ++++++ --- /var/tmp/diff_new_pack.c7IBy6/_old 2013-12-03 14:27:23.000000000 +0100 +++ /var/tmp/diff_new_pack.c7IBy6/_new 2013-12-03 14:27:23.000000000 +0100 @@ -1,6 +1,8 @@ +Index: ext/standard/proc_open.c +=================================================================== --- ext/standard/proc_open.c.orig +++ ext/standard/proc_open.c -@@ -62,7 +62,7 @@ +@@ -61,7 +61,7 @@ * */ #ifdef PHP_CAN_SUPPORT_PROC_OPEN ++++++ php5-suhosin-php54.patch -> php5-suhosin-php55.patch ++++++ ++++ 1066 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/php5/php5-suhosin-php54.patch ++++ and /work/SRC/openSUSE:Factory/.php5.new/php5-suhosin-php55.patch -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
