Author: glen Date: Wed Feb 8 12:42:05 2012 GMT Module: packages Tag: PHP_5_2 ---- Log message: - update php 5.2 backports from http://centos.alt.ru/repository/centos/5/SRPMS/php-5.2.17-10.el5.src.rpm this includes CVE-2011-0421 CVE-2011-4566 CVE-2012-0830
---- Files affected: packages/php: php.spec (1.805.2.97 -> 1.805.2.98) , php-5.2.17-CVE-2011-0421.patch (NONE -> 1.1.2.1) (NEW), php-5.2.17-CVE-2011-4566.patch (NONE -> 1.1.2.1) (NEW), php-5.2.17-bug-323007-2.patch (NONE -> 1.1.2.1) (NEW), php-5.2.17-bug-43200.patch (NONE -> 1.1.2.1) (NEW), php-5.2.17-bug-52461.patch (NONE -> 1.1.2.1) (NEW), php-5.2.17-bug-52624.patch (NONE -> 1.1.2.1) (NEW), php-5.2.17-bug-54682.patch (NONE -> 1.1.2.1) (NEW), php-5.2.17-bug-55273.patch (NONE -> 1.1.2.1) (NEW), php-5.2.17-bug-55366.patch (NONE -> 1.1.2.1) (NEW), php-5.2.17-bug-55478.patch (NONE -> 1.1.2.1) (NEW), php-5.2.17-bug-55504.patch (NONE -> 1.1.2.1) (NEW), php-5.2.17-bug-55509.patch (NONE -> 1.1.2.1) (NEW), php-5.2.17-bug-55674.patch (NONE -> 1.1.2.1) (NEW), php-5.2.17-bug-60120.patch (NONE -> 1.1.2.1) (NEW), php-5.2.17-bug-60138.patch (NONE -> 1.1.2.1) (NEW), php-5.2.17-bug-60183.patch (NONE -> 1.1.2.1) (NEW), php-5.2.17-bug-60206.patch (NONE -> 1.1.2.1) (NEW), php-5.2.17-bug-60455.patch (NONE -> 1.1.2.1) (NEW), php-5.2.17-max-input-vars.patch (NONE -> 1.1.2.1) (NEW) ---- Diffs: ================================================================ Index: packages/php/php.spec diff -u packages/php/php.spec:1.805.2.97 packages/php/php.spec:1.805.2.98 --- packages/php/php.spec:1.805.2.97 Fri Nov 18 10:13:43 2011 +++ packages/php/php.spec Wed Feb 8 13:41:59 2012 @@ -114,7 +114,7 @@ Summary(uk.UTF-8): PHP Версії 5 - мова препроцесування HTML-файлів, виконувана на сервері Name: php Version: 5.2.17 -Release: 9 +Release: 10 Epoch: 4 License: PHP Group: Libraries @@ -203,6 +203,8 @@ Patch203: php-5.2.17-CVE-2011-1148.patch Patch204: php-5.2.17-CVE-2011-0708.patch Patch205: php-5.2.17-CVE-2011-1092.patch +Patch206: php-5.2.17-CVE-2011-0421.patch + # Backport from 5.3.6 Patch301: php-5.3.6-bug-54055.patch Patch302: php-5.3.6-bug-53577.patch @@ -259,6 +261,27 @@ Patch356: php-5.3.7-bug-54312.patch Patch357: php-5.3.7-bug-51958.patch Patch358: php-5.3.7-bug-54946.patch +# 5.3.9 backport +Patch359: php-5.2.17-CVE-2011-4566.patch +Patch360: php-5.2.17-bug-60206.patch +Patch361: php-5.2.17-bug-60138.patch +Patch362: php-5.2.17-bug-60120.patch +Patch363: php-5.2.17-bug-55674.patch +Patch364: php-5.2.17-bug-55509.patch +Patch365: php-5.2.17-bug-55504.patch +Patch366: php-5.2.17-bug-52461.patch +Patch367: php-5.2.17-bug-55366.patch +Patch368: php-5.2.17-bug-55273.patch +Patch369: php-5.2.17-bug-52624.patch +Patch370: php-5.2.17-bug-43200.patch +Patch371: php-5.2.17-bug-54682.patch +Patch372: php-5.2.17-bug-60455.patch +Patch373: php-5.2.17-bug-60183.patch +Patch374: php-5.2.17-bug-55478.patch + +#php-5.2-max-input-vars patch +Patch400: php-5.2.17-max-input-vars.patch +Patch401: php-5.2.17-bug-323007-2.patch URL: http://www.php.net/ %{?with_interbase:%{!?with_interbase_inst:BuildRequires: Firebird-devel >= 1.0.2.908-2}} %{?with_pspell:BuildRequires: aspell-devel >= 2:0.50.0} @@ -1947,6 +1970,7 @@ %patch203 -p1 -b .CVE-2011-1148 %patch204 -p1 -b .CVE-2011-0708 %patch205 -p1 -b .CVE-2011-1092 +%patch206 -p1 -b .CVE-2011-0421 # Bugfix backport from 5.3.6 %patch301 -p1 -b .bug-54055 @@ -2004,6 +2028,25 @@ %patch356 -p1 -b .bug-54312 %patch357 -p1 -b .bug-51958 %patch358 -p1 -b .bug-54946 +%patch359 -p1 -b .CVE-2011-4566 +%patch360 -p1 -b .bug-60206 +%patch361 -p1 -b .bug-60138 +%patch362 -p1 -b .bug-60120 +%patch363 -p1 -b .bug-55674 +%patch364 -p1 -b .bug-55509 +%patch365 -p1 -b .bug-55504 +%patch366 -p1 -b .bug-52461 +%patch367 -p1 -b .bug-55366 +%patch368 -p1 -b .bug-55273 +%patch369 -p1 -b .bug-52624 +%patch370 -p1 -b .bug-43200 +%patch371 -p1 -b .bug-54682 +%patch372 -p1 -b .bug-60455 +%patch373 -p1 -b .bug-60183 +%patch374 -p1 -b .bug-55478 + +%patch400 -p1 -b .php-5.2-max-input-vars +%patch401 -p1 -b .bug-323007 # conflict seems to be resolved by recode patches rm -f ext/recode/config9.m4 @@ -3252,6 +3295,15 @@ %{php_data_dir}/tests/php/quicktester.inc %attr(755,root,root) %{php_data_dir}/tests/php/run-tests.php +# random junk, didn't check, maybe can be just removed +%{php_data_dir}/tests/php/bin-info.inc +%{php_data_dir}/tests/php/foo* +%{php_data_dir}/tests/php/odbc*.php +%{php_data_dir}/tests/php/recurse +%{php_data_dir}/tests/php/run.* +%{php_data_dir}/tests/php/scan_cases +%{php_data_dir}/tests/php/test* + %if %{with tidy} %files tidy %defattr(644,root,root,755) @@ -3314,6 +3366,10 @@ All persons listed below can be reached at <cvs_login>@pld-linux.org $Log$ +Revision 1.805.2.98 2012/02/08 12:41:59 glen +- update php 5.2 backports from http://centos.alt.ru/repository/centos/5/SRPMS/php-5.2.17-10.el5.src.rpm + this includes CVE-2011-0421 CVE-2011-4566 CVE-2012-0830 + Revision 1.805.2.97 2011/11/18 09:13:43 arekm - rel 9; disable external libzip as it causes segfaults (follow php 5.3 from HEAD) ================================================================ Index: packages/php/php-5.2.17-CVE-2011-0421.patch diff -u /dev/null packages/php/php-5.2.17-CVE-2011-0421.patch:1.1.2.1 --- /dev/null Wed Feb 8 13:42:05 2012 +++ packages/php/php-5.2.17-CVE-2011-0421.patch Wed Feb 8 13:41:59 2012 @@ -0,0 +1,13 @@ +--- PHP_5_3/ext/zip/lib/zip_name_locate.c 2011/01/30 22:16:39 307866 ++++ PHP_5_3/ext/zip/lib/zip_name_locate.c 2011/01/30 22:28:57 307867 +@@ -60,6 +60,10 @@ + return -1; + } + ++ if((flags & ZIP_FL_UNCHANGED) && !za->cdir) { ++ return -1; ++ } ++ + cmp = (flags & ZIP_FL_NOCASE) ? strcmpi : strcmp; + + n = (flags & ZIP_FL_UNCHANGED) ? za->cdir->nentry : za->nentry; ================================================================ Index: packages/php/php-5.2.17-CVE-2011-4566.patch diff -u /dev/null packages/php/php-5.2.17-CVE-2011-4566.patch:1.1.2.1 --- /dev/null Wed Feb 8 13:42:05 2012 +++ packages/php/php-5.2.17-CVE-2011-4566.patch Wed Feb 8 13:41:59 2012 @@ -0,0 +1,17 @@ +diff -up php-5.2.17/ext/exif/exif.c.CVE-2011-4566 php-5.2.17/ext/exif/exif.c +--- php-5.2.17/ext/exif/exif.c.CVE-2011-4566 2012-01-11 15:00:23.000000000 +0700 ++++ php-5.2.17/ext/exif/exif.c 2012-01-11 15:02:25.000000000 +0700 +@@ -2873,11 +2873,11 @@ static int exif_process_IFD_TAG(image_in + offset_val = php_ifd_get32u(dir_entry+8, ImageInfo->motorola_intel); + /* If its bigger than 4 bytes, the dir entry contains an offset. */ + value_ptr = offset_base+offset_val; +- if (offset_val+byte_count > IFDlength || value_ptr < dir_entry) { ++ if (byte_count > IFDlength || offset_val > IFDlength-byte_count || value_ptr < dir_entry) { + /* It is important to check for IMAGE_FILETYPE_TIFF + * JPEG does not use absolute pointers instead its pointers are + * relative to the start of the TIFF header in APP1 section. */ +- if (offset_val+byte_count>ImageInfo->FileSize || (ImageInfo->FileType!=IMAGE_FILETYPE_TIFF_II && ImageInfo->FileType!=IMAGE_FILETYPE_TIFF_MM && ImageInfo->FileType!=IMAGE_FILETYPE_JPEG)) { ++ if (byte_count > ImageInfo->FileSize || offset_val>ImageInfo->FileSize-byte_count || (ImageInfo->FileType!=IMAGE_FILETYPE_TIFF_II && ImageInfo->FileType!=IMAGE_FILETYPE_TIFF_MM && ImageInfo->FileType!=IMAGE_FILETYPE_JPEG)) { + if (value_ptr < dir_entry) { + /* we can read this if offset_val > 0 */ + /* some files have their values in other parts of the file */ ================================================================ Index: packages/php/php-5.2.17-bug-323007-2.patch diff -u /dev/null packages/php/php-5.2.17-bug-323007-2.patch:1.1.2.1 --- /dev/null Wed Feb 8 13:42:05 2012 +++ packages/php/php-5.2.17-bug-323007-2.patch Wed Feb 8 13:41:59 2012 @@ -0,0 +1,24 @@ +diff -up php-5.2.17/main/php_variables.c.bug-323007 php-5.2.17/main/php_variables.c +--- php-5.2.17/main/php_variables.c.bug-323007 2012-02-03 12:12:09.000000000 +0700 ++++ php-5.2.17/main/php_variables.c 2012-02-03 13:17:16.000000000 +0700 +@@ -187,12 +187,17 @@ PHPAPI void php_register_variable_ex(cha + } + if (zend_symtable_find(symtable1, escaped_index, index_len + 1, (void **) &gpc_element_p) == FAILURE + || Z_TYPE_PP(gpc_element_p) != IS_ARRAY) { +- if (zend_hash_num_elements(symtable1) >= PG(max_input_vars)) { +- php_error_docref(NULL TSRMLS_CC, E_ERROR, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars)); +- } ++ if (zend_hash_num_elements(symtable1) <= PG(max_input_vars)) { ++ if (zend_hash_num_elements(symtable1) == PG(max_input_vars)) { ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars)); ++ } + MAKE_STD_ZVAL(gpc_element); + array_init(gpc_element); + zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); ++ } else { ++ efree(var_orig); ++ return; ++ } + } + if (index != escaped_index) { + efree(escaped_index); ================================================================ Index: packages/php/php-5.2.17-bug-43200.patch diff -u /dev/null packages/php/php-5.2.17-bug-43200.patch:1.1.2.1 --- /dev/null Wed Feb 8 13:42:05 2012 +++ packages/php/php-5.2.17-bug-43200.patch Wed Feb 8 13:41:59 2012 @@ -0,0 +1,13 @@ +diff -up php-5.2.17/Zend/zend_compile.c.bug-43200 php-5.2.17/Zend/zend_compile.c +--- php-5.2.17/Zend/zend_compile.c.bug-43200 2012-01-12 11:26:42.000000000 +0700 ++++ php-5.2.17/Zend/zend_compile.c 2012-01-12 11:26:51.000000000 +0700 +@@ -2080,7 +2080,8 @@ static zend_bool do_inherit_method_check + return 1; /* method doesn't exist in child, copy from parent */ + } + +- if (parent->common.fn_flags & ZEND_ACC_ABSTRACT ++ if ((parent->common.scope->ce_flags & ZEND_ACC_INTERFACE) == 0 ++ && parent->common.fn_flags & ZEND_ACC_ABSTRACT + && parent->common.scope != (child->common.prototype ? child->common.prototype->common.scope : child->common.scope) + && child->common.fn_flags & (ZEND_ACC_ABSTRACT|ZEND_ACC_IMPLEMENTED_ABSTRACT)) { + zend_error(E_COMPILE_ERROR, "Can't inherit abstract function %s::%s() (previously declared abstract in %s)", ================================================================ Index: packages/php/php-5.2.17-bug-52461.patch diff -u /dev/null packages/php/php-5.2.17-bug-52461.patch:1.1.2.1 --- /dev/null Wed Feb 8 13:42:05 2012 +++ packages/php/php-5.2.17-bug-52461.patch Wed Feb 8 13:41:59 2012 @@ -0,0 +1,12 @@ +diff -up php-5.2.17/ext/standard/info.c.bug-52461 php-5.2.17/ext/standard/info.c +--- php-5.2.17/ext/standard/info.c.bug-52461 2012-01-12 10:23:00.000000000 +0700 ++++ php-5.2.17/ext/standard/info.c 2012-01-12 10:23:27.000000000 +0700 +@@ -415,7 +415,7 @@ PHPAPI void php_print_info_htmlhead(TSRM + + + PUTS("<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"DTD/xhtml1-transitional.dtd\">\n"); +- PUTS("<html>"); ++ PUTS("<html xmlns=\"http://www.w3.org/1999/xhtml\";>>"); + PUTS("<head>\n"); + php_info_print_style(TSRMLS_C); + PUTS("<title>phpinfo()</title>"); ================================================================ Index: packages/php/php-5.2.17-bug-52624.patch diff -u /dev/null packages/php/php-5.2.17-bug-52624.patch:1.1.2.1 --- /dev/null Wed Feb 8 13:42:05 2012 +++ packages/php/php-5.2.17-bug-52624.patch Wed Feb 8 13:41:59 2012 @@ -0,0 +1,12 @@ +diff -up php-5.2.17/ext/standard/file.c.bug-52624 php-5.2.17/ext/standard/file.c +--- php-5.2.17/ext/standard/file.c.bug-52624 2012-01-12 11:20:05.000000000 +0700 ++++ php-5.2.17/ext/standard/file.c 2012-01-12 11:21:32.000000000 +0700 +@@ -842,7 +842,7 @@ PHP_FUNCTION(tempnam) + p[63] = '\0'; + } + +- if ((fd = php_open_temporary_fd(d, p, &opened_path TSRMLS_CC)) >= 0) { ++ if ((fd = php_open_temporary_fd_ex(d, p, &opened_path,1 TSRMLS_CC)) >= 0) { + close(fd); + RETVAL_STRING(opened_path, 0); + } else { ================================================================ Index: packages/php/php-5.2.17-bug-54682.patch diff -u /dev/null packages/php/php-5.2.17-bug-54682.patch:1.1.2.1 --- /dev/null Wed Feb 8 13:42:05 2012 +++ packages/php/php-5.2.17-bug-54682.patch Wed Feb 8 13:41:59 2012 @@ -0,0 +1,12 @@ +diff -up php-5.2.17/ext/tidy/tidy.c.bug-54682 php-5.2.17/ext/tidy/tidy.c +--- php-5.2.17/ext/tidy/tidy.c.bug-54682 2012-01-12 11:42:01.000000000 +0700 ++++ php-5.2.17/ext/tidy/tidy.c 2012-01-12 11:42:17.000000000 +0700 +@@ -1178,7 +1178,7 @@ static PHP_FUNCTION(tidy_diagnose) + { + TIDY_FETCH_OBJECT; + +- if (tidyRunDiagnostics(obj->ptdoc->doc) >= 0) { ++ if (tidyStatus(obj->ptdoc->doc) != 0 && tidyRunDiagnostics(obj->ptdoc->doc) >= 0) { + tidy_doc_update_properties(obj TSRMLS_CC); + RETURN_TRUE; + } ================================================================ Index: packages/php/php-5.2.17-bug-55273.patch diff -u /dev/null packages/php/php-5.2.17-bug-55273.patch:1.1.2.1 --- /dev/null Wed Feb 8 13:42:05 2012 +++ packages/php/php-5.2.17-bug-55273.patch Wed Feb 8 13:41:59 2012 @@ -0,0 +1,20 @@ +diff -up php-5.2.17/ext/standard/base64.c.bug-55273 php-5.2.17/ext/standard/base64.c +--- php-5.2.17/ext/standard/base64.c.bug-55273 2012-01-12 10:45:40.000000000 +0700 ++++ php-5.2.17/ext/standard/base64.c 2012-01-12 10:47:32.000000000 +0700 +@@ -154,7 +154,15 @@ PHPAPI unsigned char *php_base64_decode_ + /* run through the whole string, converting as we go */ + while ((ch = *current++) != '\0' && length-- > 0) { + if (ch == base64_pad) { +- if (*current != '=' && (i % 4) == 1) { ++ if (*current != '=' && ((i % 4) == 1 || (strict && length > 0))) { ++ if ((i % 4) != 1) { ++ while (isspace(*(++current))) { ++ continue; ++ } ++ if (*current == '\0') { ++ continue; ++ } ++ } + efree(result); + return NULL; + } ================================================================ Index: packages/php/php-5.2.17-bug-55366.patch diff -u /dev/null packages/php/php-5.2.17-bug-55366.patch:1.1.2.1 --- /dev/null Wed Feb 8 13:42:05 2012 +++ packages/php/php-5.2.17-bug-55366.patch Wed Feb 8 13:41:59 2012 @@ -0,0 +1,29 @@ +diff -up php-5.2.17/ext/standard/string.c.bug-55366 php-5.2.17/ext/standard/string.c +--- php-5.2.17/ext/standard/string.c.bug-55366 2012-01-12 10:35:09.000000000 +0700 ++++ php-5.2.17/ext/standard/string.c 2012-01-12 10:36:38.000000000 +0700 +@@ -2462,6 +2462,10 @@ PHP_FUNCTION(substr_replace) + RETURN_STRINGL(Z_STRVAL_PP(str), Z_STRLEN_PP(str), 1); + } + } else { /* str is array of strings */ ++ char *str_index = NULL; ++ uint str_index_len; ++ ulong num_index; ++ + array_init(return_value); + + if (Z_TYPE_PP(from) == IS_ARRAY) { +@@ -2599,7 +2603,13 @@ PHP_FUNCTION(substr_replace) + } + + result[result_len] = '\0'; +- add_next_index_stringl(return_value, result, result_len, 0); ++ ++ if (zend_hash_get_current_key_ex(Z_ARRVAL_PP(str), &str_index, &str_index_len, &num_index, 0, &pos_str) == HASH_KEY_IS_STRING) { ++ add_assoc_stringl_ex(return_value, str_index, str_index_len, result, result_len, 0); ++ } else { ++ add_index_stringl(return_value, num_index, result, result_len, 0); ++ } ++ + if(Z_TYPE_PP(tmp_str) != IS_STRING) { + zval_dtor(orig_str); + } ================================================================ Index: packages/php/php-5.2.17-bug-55478.patch diff -u /dev/null packages/php/php-5.2.17-bug-55478.patch:1.1.2.1 --- /dev/null Wed Feb 8 13:42:05 2012 +++ packages/php/php-5.2.17-bug-55478.patch Wed Feb 8 13:41:59 2012 @@ -0,0 +1,12 @@ +diff -up php-5.2.17/ext/filter/logical_filters.c.bug-55478 php-5.2.17/ext/filter/logical_filters.c +--- php-5.2.17/ext/filter/logical_filters.c.bug-55478 2012-01-12 12:35:32.000000000 +0700 ++++ php-5.2.17/ext/filter/logical_filters.c 2012-01-12 12:36:11.000000000 +0700 +@@ -522,7 +522,7 @@ void php_filter_validate_email(PHP_INPUT + * Feel free to use and redistribute this code. But please keep this copyright notice. + * + */ +- const char regexp[] = "/^(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){255,})(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){65,}@)(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22))(?:\\.(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22)))*@(?:(?:(?!.*[^.]{64,})(?:(?:(?:xn--)?[a-z0-9]+(?:-[a-z0-9]+)*\\.){1,126}){1,}(?:(?:[a-z][a-z0-9]*)|(?:(?:xn--)[a-z0-9]+))(?:-[a-z0-9]+)*)|(?:\\[(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){7})|(?:(?!(?:.*[a-f0-9][:\\]]){7,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?)))|(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){5}:)|(?:(?!(?:.*[a-f0-9]:){5,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3}:)?)))?(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))(?:\\.(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))){3}))\\]))$/iD"; ++ const char regexp[] = "/^(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){255,})(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){65,}@)(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22))(?:\\.(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22)))*@(?:(?:(?!.*[^.]{64,})(?:(?:(?:xn--)?[a-z0-9]+(?:-+[a-z0-9]+)*\\.){1,126}){1,}(?:(?:[a-z][a-z0-9]*)|(?:(?:xn--)[a-z0-9]+))(?:-+[a-z0-9]+)*)|(?:\\[(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){7})|(?:(?!(?:.*[a-f0-9][:\\]]){7,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?)))|(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){5}:)|(?:(?!(?:.*[a-f0-9]:){5,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3}:)?)))?(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))(?:\\.(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))){3}))\\]))$/iD"; + + pcre *re = NULL; + pcre_extra *pcre_extra = NULL; ================================================================ Index: packages/php/php-5.2.17-bug-55504.patch diff -u /dev/null packages/php/php-5.2.17-bug-55504.patch:1.1.2.1 --- /dev/null Wed Feb 8 13:42:05 2012 +++ packages/php/php-5.2.17-bug-55504.patch Wed Feb 8 13:41:59 2012 @@ -0,0 +1,12 @@ +diff -up php-5.2.17/main/rfc1867.c.bug-55504 php-5.2.17/main/rfc1867.c +--- php-5.2.17/main/rfc1867.c.bug-55504 2012-01-12 10:13:38.000000000 +0700 ++++ php-5.2.17/main/rfc1867.c 2012-01-12 10:14:14.000000000 +0700 +@@ -817,7 +817,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_ + } + } else { + /* search for the end of the boundary */ +- boundary_end = strchr(boundary, ','); ++ boundary_end = strpbrk(boundary, ",;"); + } + if (boundary_end) { + boundary_end[0] = '\0'; ================================================================ Index: packages/php/php-5.2.17-bug-55509.patch diff -u /dev/null packages/php/php-5.2.17-bug-55509.patch:1.1.2.1 --- /dev/null Wed Feb 8 13:42:05 2012 +++ packages/php/php-5.2.17-bug-55509.patch Wed Feb 8 13:41:59 2012 @@ -0,0 +1,12 @@ +diff -up php-5.2.17/Zend/zend_alloc.c.bug-55509 php-5.2.17/Zend/zend_alloc.c +--- php-5.2.17/Zend/zend_alloc.c.bug-55509 2012-01-12 09:58:25.000000000 +0700 ++++ php-5.2.17/Zend/zend_alloc.c 2012-01-12 09:59:26.000000000 +0700 +@@ -491,7 +491,7 @@ static unsigned int _zend_mm_cookie = 0; + #define ZEND_MM_IS_GUARD_BLOCK(b) (((b)->info._size & ZEND_MM_TYPE_MASK) == ZEND_MM_GUARD_BLOCK) + + #define ZEND_MM_NEXT_BLOCK(b) ZEND_MM_BLOCK_AT(b, ZEND_MM_BLOCK_SIZE(b)) +-#define ZEND_MM_PREV_BLOCK(b) ZEND_MM_BLOCK_AT(b, -(int)((b)->info._prev & ~ZEND_MM_TYPE_MASK)) ++#define ZEND_MM_PREV_BLOCK(b) ZEND_MM_BLOCK_AT(b, -(ssize_t)((b)->info._prev & ~ZEND_MM_TYPE_MASK)) + + #define ZEND_MM_PREV_BLOCK_IS_FREE(b) (!((b)->info._prev & ZEND_MM_USED_BLOCK)) + ================================================================ Index: packages/php/php-5.2.17-bug-55674.patch diff -u /dev/null packages/php/php-5.2.17-bug-55674.patch:1.1.2.1 --- /dev/null Wed Feb 8 13:42:05 2012 +++ packages/php/php-5.2.17-bug-55674.patch Wed Feb 8 13:41:59 2012 @@ -0,0 +1,12 @@ +diff -up php-5.2.17/ext/standard/file.c.bug-55674 php-5.2.17/ext/standard/file.c +--- php-5.2.17/ext/standard/file.c.bug-55674 2012-01-12 09:39:13.000000000 +0700 ++++ php-5.2.17/ext/standard/file.c 2012-01-12 09:39:28.000000000 +0700 +@@ -2156,7 +2156,7 @@ PHPAPI void php_fgetcsv(php_stream *stre + inc_len = (bptr < limit ? (*bptr == '\0' ? 1: php_mblen(bptr, limit - bptr)): 0); + if (inc_len == 1) { + char *tmp = bptr; +- while (isspace((int)*(unsigned char *)tmp)) { ++ while ((*tmp != delimiter) && isspace((int)*(unsigned char *)tmp)) { + tmp++; + } + if (*tmp == enclosure) { ================================================================ Index: packages/php/php-5.2.17-bug-60120.patch diff -u /dev/null packages/php/php-5.2.17-bug-60120.patch:1.1.2.1 --- /dev/null Wed Feb 8 13:42:05 2012 +++ packages/php/php-5.2.17-bug-60120.patch Wed Feb 8 13:41:59 2012 @@ -0,0 +1,12 @@ +diff -up php-5.2.17/ext/standard/proc_open.c.bug-60120 php-5.2.17/ext/standard/proc_open.c +--- php-5.2.17/ext/standard/proc_open.c.bug-60120 2012-01-12 09:22:27.000000000 +0700 ++++ php-5.2.17/ext/standard/proc_open.c 2012-01-12 09:22:47.000000000 +0700 +@@ -453,7 +453,7 @@ PHP_FUNCTION(proc_get_status) + + /* {{{ handy definitions for portability/readability */ + #ifdef PHP_WIN32 +-# define pipe(pair) (CreatePipe(&pair[0], &pair[1], &security, 2048L) ? 0 : -1) ++# define pipe(pair) (CreatePipe(&pair[0], &pair[1], &security, 0) ? 0 : -1) + + # define COMSPEC_NT "cmd.exe" + # define COMSPEC_9X "command.com" ================================================================ Index: packages/php/php-5.2.17-bug-60138.patch diff -u /dev/null packages/php/php-5.2.17-bug-60138.patch:1.1.2.1 --- /dev/null Wed Feb 8 13:42:05 2012 +++ packages/php/php-5.2.17-bug-60138.patch Wed Feb 8 13:41:59 2012 @@ -0,0 +1,19 @@ +diff -up php-5.2.17/Zend/zend_execute_API.c.bug-60138 php-5.2.17/Zend/zend_execute_API.c +--- php-5.2.17/Zend/zend_execute_API.c.bug-60138 2012-01-12 09:18:41.000000000 +0700 ++++ php-5.2.17/Zend/zend_execute_API.c 2012-01-12 09:19:13.000000000 +0700 +@@ -935,10 +935,11 @@ int zend_call_function(zend_fcall_info * + && (EX(function_state).function->common.fn_flags & ZEND_ACC_CALL_VIA_HANDLER) == 0 + && !ARG_SHOULD_BE_SENT_BY_REF(EX(function_state).function, i + 1) + && PZVAL_IS_REF(*fci->params[i])) { +- SEPARATE_ZVAL(fci->params[i]); +- } +- +- if (ARG_SHOULD_BE_SENT_BY_REF(EX(function_state).function, i+1) ++ ALLOC_ZVAL(param); ++ *param = **(fci->params[i]); ++ INIT_PZVAL(param); ++ zval_copy_ctor(param); ++ } else if (ARG_SHOULD_BE_SENT_BY_REF(EX(function_state).function, i + 1) + && !PZVAL_IS_REF(*fci->params[i])) { + if ((*fci->params[i])->refcount>1) { + zval *new_zval; ================================================================ Index: packages/php/php-5.2.17-bug-60183.patch diff -u /dev/null packages/php/php-5.2.17-bug-60183.patch:1.1.2.1 --- /dev/null Wed Feb 8 13:42:06 2012 +++ packages/php/php-5.2.17-bug-60183.patch Wed Feb 8 13:41:59 2012 @@ -0,0 +1,13 @@ +diff -up php-5.2.17/ext/ftp/ftp.c.bug-60183 php-5.2.17/ext/ftp/ftp.c +--- php-5.2.17/ext/ftp/ftp.c.bug-60183 2012-01-12 12:04:18.000000000 +0700 ++++ php-5.2.17/ext/ftp/ftp.c 2012-01-12 12:04:40.000000000 +0700 +@@ -1122,6 +1122,9 @@ ftp_putcmd(ftpbuf_t *ftp, const char *cm + + data = ftp->outbuf; + ++ /* Clear the extra-lines buffer */ ++ ftp->extra = NULL; ++ + if (my_send(ftp, ftp->fd, data, size) != size) { + return 0; + } ================================================================ Index: packages/php/php-5.2.17-bug-60206.patch diff -u /dev/null packages/php/php-5.2.17-bug-60206.patch:1.1.2.1 --- /dev/null Wed Feb 8 13:42:06 2012 +++ packages/php/php-5.2.17-bug-60206.patch Wed Feb 8 13:41:59 2012 @@ -0,0 +1,48 @@ +diff -up php-5.2.17/sapi/apache2filter/sapi_apache2.c.bug-60206 php-5.2.17/sapi/apache2filter/sapi_apache2.c +--- php-5.2.17/sapi/apache2filter/sapi_apache2.c.bug-60206 2012-01-12 09:06:47.000000000 +0700 ++++ php-5.2.17/sapi/apache2filter/sapi_apache2.c 2012-01-12 09:06:59.000000000 +0700 +@@ -404,7 +404,7 @@ static void php_apache_request_ctor(ap_f + efree(content_type); + + content_length = (char *) apr_table_get(f->r->headers_in, "Content-Length"); +- SG(request_info).content_length = (content_length ? atoi(content_length) : 0); ++ SG(request_info).content_length = (content_length ? atol(content_length) : 0); + + apr_table_unset(f->r->headers_out, "Content-Length"); + apr_table_unset(f->r->headers_out, "Last-Modified"); +diff -up php-5.2.17/sapi/apache2handler/sapi_apache2.c.bug-60206 php-5.2.17/sapi/apache2handler/sapi_apache2.c +--- php-5.2.17/sapi/apache2handler/sapi_apache2.c.bug-60206 2012-01-12 09:07:37.000000000 +0700 ++++ php-5.2.17/sapi/apache2handler/sapi_apache2.c 2012-01-12 09:07:46.000000000 +0700 +@@ -454,7 +454,7 @@ static int php_apache_request_ctor(reque + r->no_local_copy = 1; + + content_length = (char *) apr_table_get(r->headers_in, "Content-Length"); +- SG(request_info).content_length = (content_length ? atoi(content_length) : 0); ++ SG(request_info).content_length = (content_length ? atol(content_length) : 0); + + apr_table_unset(r->headers_out, "Content-Length"); + apr_table_unset(r->headers_out, "Last-Modified"); +diff -up php-5.2.17/sapi/apache_hooks/mod_php5.c.bug-60206 php-5.2.17/sapi/apache_hooks/mod_php5.c +--- php-5.2.17/sapi/apache_hooks/mod_php5.c.bug-60206 2012-01-12 09:08:19.000000000 +0700 ++++ php-5.2.17/sapi/apache_hooks/mod_php5.c 2012-01-12 09:08:26.000000000 +0700 +@@ -571,7 +571,7 @@ static void init_request_info(TSRMLS_D) + SG(request_info).request_method = (char *)r->method; + SG(request_info).proto_num = r->proto_num; + SG(request_info).content_type = (char *) table_get(r->subprocess_env, "CONTENT_TYPE"); +- SG(request_info).content_length = (content_length ? atoi(content_length) : 0); ++ SG(request_info).content_length = (content_length ? atol(content_length) : 0); + SG(sapi_headers).http_response_code = r->status; + + if (r->headers_in) { +diff -up php-5.2.17/sapi/apache/mod_php5.c.bug-60206 php-5.2.17/sapi/apache/mod_php5.c +--- php-5.2.17/sapi/apache/mod_php5.c.bug-60206 2012-01-12 09:05:59.000000000 +0700 ++++ php-5.2.17/sapi/apache/mod_php5.c 2012-01-12 09:06:19.000000000 +0700 +@@ -513,7 +513,7 @@ static void init_request_info(TSRMLS_D) + SG(request_info).request_uri = r->uri; + SG(request_info).request_method = (char *)r->method; + SG(request_info).content_type = (char *) table_get(r->subprocess_env, "CONTENT_TYPE"); +- SG(request_info).content_length = (content_length ? atoi(content_length) : 0); ++ SG(request_info).content_length = (content_length ? atol(content_length) : 0); + SG(sapi_headers).http_response_code = r->status; + SG(request_info).proto_num = r->proto_num; + ================================================================ Index: packages/php/php-5.2.17-bug-60455.patch diff -u /dev/null packages/php/php-5.2.17-bug-60455.patch:1.1.2.1 --- /dev/null Wed Feb 8 13:42:06 2012 +++ packages/php/php-5.2.17-bug-60455.patch Wed Feb 8 13:41:59 2012 @@ -0,0 +1,12 @@ +diff -up php-5.2.17/main/streams/streams.c.bug-60455 php-5.2.17/main/streams/streams.c +--- php-5.2.17/main/streams/streams.c.bug-60455 2012-01-12 11:50:11.000000000 +0700 ++++ php-5.2.17/main/streams/streams.c 2012-01-12 11:50:55.000000000 +0700 +@@ -879,7 +879,7 @@ PHPAPI char *php_stream_get_record(php_s + just_read = (stream->writepos - stream->readpos) - len; + len += just_read; + +- if (just_read < toread) { ++ if (just_read == 0) { + break; + } + } ================================================================ Index: packages/php/php-5.2.17-max-input-vars.patch diff -u /dev/null packages/php/php-5.2.17-max-input-vars.patch:1.1.2.1 --- /dev/null Wed Feb 8 13:42:06 2012 +++ packages/php/php-5.2.17-max-input-vars.patch Wed Feb 8 13:41:59 2012 @@ -0,0 +1,45 @@ +diff -u -r php-5.2.17/main/main.c php-5.2.17-patched/main/main.c +--- php-5.2.17/main/main.c 2010-06-20 04:47:24.000000000 +0800 ++++ php-5.2.17-patched/main/main.c 2011-12-31 09:59:05.000000000 +0800 +@@ -457,6 +457,7 @@ + + STD_PHP_INI_BOOLEAN("allow_url_fopen", "1", PHP_INI_SYSTEM, OnUpdateBool, allow_url_fopen, php_core_globals, core_globals) + STD_PHP_INI_BOOLEAN("allow_url_include", "0", PHP_INI_SYSTEM, OnUpdateBool, allow_url_include, php_core_globals, core_globals) ++ STD_PHP_INI_ENTRY("max_input_vars", "1000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLongGEZero, max_input_vars, php_core_globals, core_globals) + STD_PHP_INI_BOOLEAN("always_populate_raw_post_data", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, always_populate_raw_post_data, php_core_globals, core_globals) + + STD_PHP_INI_ENTRY("realpath_cache_size", "16K", PHP_INI_SYSTEM, OnUpdateLong, realpath_cache_size_limit, virtual_cwd_globals, cwd_globals) +diff -u -r php-5.2.17/main/php_globals.h php-5.2.17-patched/main/php_globals.h +--- php-5.2.17/main/php_globals.h 2010-01-03 17:23:27.000000000 +0800 ++++ php-5.2.17-patched/main/php_globals.h 2011-12-31 09:59:05.000000000 +0800 +@@ -160,6 +160,7 @@ + zend_bool com_initialized; + #endif + long max_input_nesting_level; ++ long max_input_vars; + zend_bool in_user_include; + zend_bool in_error_log; + }; +diff -u -r php-5.2.17/main/php_variables.c php-5.2.17-patched/main/php_variables.c +--- php-5.2.17/main/php_variables.c 2010-01-03 17:23:27.000000000 +0800 ++++ php-5.2.17-patched/main/php_variables.c 2011-12-31 09:59:05.000000000 +0800 +@@ -187,6 +187,9 @@ + } + if (zend_symtable_find(symtable1, escaped_index, index_len + 1, (void **) &gpc_element_p) == FAILURE + || Z_TYPE_PP(gpc_element_p) != IS_ARRAY) { ++ if (zend_hash_num_elements(symtable1) >= PG(max_input_vars)) { ++ php_error_docref(NULL TSRMLS_CC, E_ERROR, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars)); ++ } + MAKE_STD_ZVAL(gpc_element); + array_init(gpc_element); + zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); +@@ -232,6 +235,9 @@ + zend_symtable_exists(symtable1, escaped_index, index_len + 1)) { + zval_ptr_dtor(&gpc_element); + } else { ++ if (zend_hash_num_elements(symtable1) >= PG(max_input_vars)) { ++ php_error_docref(NULL TSRMLS_CC, E_ERROR, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars)); ++ } + zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); + } + if (escaped_index != index) { ================================================================ ---- CVS-web: http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/php/php.spec?r1=1.805.2.97&r2=1.805.2.98&f=u _______________________________________________ pld-cvs-commit mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
